1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Poul-Henning Kamp of the FreeBSD Project. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #include "opt_ddb.h" 36 #include "opt_ktrace.h" 37 38 #include <sys/param.h> 39 #include <sys/systm.h> 40 #include <sys/capsicum.h> 41 #include <sys/counter.h> 42 #include <sys/filedesc.h> 43 #include <sys/fnv_hash.h> 44 #include <sys/inotify.h> 45 #include <sys/kernel.h> 46 #include <sys/ktr.h> 47 #include <sys/lock.h> 48 #include <sys/malloc.h> 49 #include <sys/fcntl.h> 50 #include <sys/jail.h> 51 #include <sys/mount.h> 52 #include <sys/namei.h> 53 #include <sys/proc.h> 54 #include <sys/seqc.h> 55 #include <sys/sdt.h> 56 #include <sys/smr.h> 57 #include <sys/smp.h> 58 #include <sys/syscallsubr.h> 59 #include <sys/sysctl.h> 60 #include <sys/sysproto.h> 61 #include <sys/vnode.h> 62 #include <ck_queue.h> 63 #ifdef KTRACE 64 #include <sys/ktrace.h> 65 #endif 66 #ifdef INVARIANTS 67 #include <machine/_inttypes.h> 68 #endif 69 70 #include <security/audit/audit.h> 71 #include <security/mac/mac_framework.h> 72 73 #ifdef DDB 74 #include <ddb/ddb.h> 75 #endif 76 77 #include <vm/uma.h> 78 79 /* 80 * High level overview of name caching in the VFS layer. 81 * 82 * Originally caching was implemented as part of UFS, later extracted to allow 83 * use by other filesystems. A decision was made to make it optional and 84 * completely detached from the rest of the kernel, which comes with limitations 85 * outlined near the end of this comment block. 86 * 87 * This fundamental choice needs to be revisited. In the meantime, the current 88 * state is described below. Significance of all notable routines is explained 89 * in comments placed above their implementation. Scattered throughout the 90 * file are TODO comments indicating shortcomings which can be fixed without 91 * reworking everything (most of the fixes will likely be reusable). Various 92 * details are omitted from this explanation to not clutter the overview, they 93 * have to be checked by reading the code and associated commentary. 94 * 95 * Keep in mind that it's individual path components which are cached, not full 96 * paths. That is, for a fully cached path "foo/bar/baz" there are 3 entries, 97 * one for each name. 98 * 99 * I. Data organization 100 * 101 * Entries are described by "struct namecache" objects and stored in a hash 102 * table. See cache_get_hash for more information. 103 * 104 * "struct vnode" contains pointers to source entries (names which can be found 105 * when traversing through said vnode), destination entries (names of that 106 * vnode (see "Limitations" for a breakdown on the subject) and a pointer to 107 * the parent vnode. 108 * 109 * The (directory vnode; name) tuple reliably determines the target entry if 110 * it exists. 111 * 112 * Since there were no small locks at the time of writing this comment (all are 113 * 32 bytes in size on LP64), the code works around the problem by introducing 114 * lock arrays to protect hash buckets and vnode lists. 115 * 116 * II. Filesystem integration 117 * 118 * Filesystems participating in name caching do the following: 119 * - set vop_lookup routine to vfs_cache_lookup 120 * - set vop_cachedlookup to a routine which can perform the lookup if the 121 * above fails 122 * - if they support lockless lookup (see below), they set vop_fplookup_vexec 123 * and vop_fplookup_symlink along with the MNTK_FPLOOKUP flag on the mount 124 * point 125 * - call cache_purge or cache_vop_* routines to eliminate stale entries as 126 * applicable 127 * - call cache_enter to add entries depending on the MAKEENTRY flag 128 * 129 * With the above in mind, there are 2 entry points when doing lookups: 130 * - ... -> namei -> cache_fplookup -- this is the default 131 * - ... -> VOP_LOOKUP -> vfs_cache_lookup -- normally only called by namei 132 * should the above fail 133 * 134 * Example code flow how an entry is added: 135 * ... -> namei -> cache_fplookup -> cache_fplookup_noentry -> VOP_LOOKUP -> 136 * vfs_cache_lookup -> VOP_CACHEDLOOKUP -> ufs_lookup_ino -> cache_enter 137 * 138 * You may notice a degree of CPU waste in this callchain. 139 * 140 * III. Performance considerations 141 * 142 * For lockless case forward lookup avoids any writes to shared areas apart 143 * from the terminal path component. In other words non-modifying lookups of 144 * different files don't suffer any scalability problems in the namecache 145 * itself. 146 * 147 * Looking up the same file is limited by VFS and goes beyond the scope of this 148 * file. 149 * 150 * At least on amd64 the single-threaded bottleneck for long paths is hashing 151 * (see cache_get_hash). There are cases where the code issues acquire fence 152 * multiple times, they can be combined on architectures which suffer from it. 153 * 154 * For locked case each encountered vnode has to be referenced and locked in 155 * order to be handed out to the caller (normally that's namei). This 156 * introduces significant hit single-threaded and serialization multi-threaded. 157 * 158 * Reverse lookup (e.g., "getcwd") fully scales provided it is fully cached -- 159 * avoids any writes to shared areas to any components. 160 * 161 * Unrelated insertions are partially serialized on updating the global entry 162 * counter and possibly serialized on colliding bucket or vnode locks. 163 * 164 * IV. Observability 165 * 166 * Several statistics are collected in the vfs.cache sysctl tree. 167 * 168 * Some of the state can be checked for with explicit dtrace probes, must of it 169 * depends on implementation details. 170 * 171 * Examples: 172 * 173 * # Check what lookups failed to be handled in a lockless manner. Column 1 is 174 * # line number, column 2 is status code (see cache_fpl_status) 175 * dtrace -n 'vfs:fplookup:lookup:done { @[arg1, arg2] = count(); }' 176 * 177 * # Histogram of lengths of names added, aggregated by which programs are doing it 178 * dtrace -n 'fbt::cache_enter_time:entry { @[execname] = quantize(args[2]->cn_namelen); }' 179 * 180 * # Same as above but only those which exceed 64 characters 181 * dtrace -n 'fbt::cache_enter_time:entry /args[2]->cn_namelen > 64/ { @[execname] = quantize(args[2]->cn_namelen); }' 182 * 183 * # Who is performing lookups with spurious slashes (e.g., "foo//bar") and what 184 * # path is it 185 * dtrace -n 'fbt::cache_fplookup_skip_slashes:entry { @[execname, stringof(args[0]->cnp->cn_pnbuf)] = count(); }' 186 * 187 * V. Limitations and implementation defects 188 * 189 * - since it is possible there is no entry for an open file, tools like 190 * "procstat" may fail to resolve fd -> vnode -> path to anything 191 * - even if a filesystem adds an entry, it may get purged (e.g., due to memory 192 * shortage) in which case the above problem applies 193 * - hardlinks are not tracked, thus if a vnode is reachable in more than one 194 * way, resolving a name may return a different path than the one used to 195 * open it (even if said path is still valid) 196 * - by default entries are not added for newly created files 197 * - adding an entry may need to evict negative entry first, which happens in 2 198 * distinct places (evicting on lookup, adding in a later VOP) making it 199 * impossible to simply reuse it 200 * - there is a simple scheme to evict negative entries as the cache is approaching 201 * its capacity, but it is very unclear if doing so is a good idea to begin with 202 * - vnodes are subject to being recycled even if target inode is left in memory, 203 * which loses the name cache entries when it perhaps should not. in case of tmpfs 204 * names get duplicated -- kept by filesystem itself and namecache separately 205 * - vnode reclamation (see vnlru in kern/vfs_subr.c) defaults to skipping 206 * directories for this very reason, which arguably further reducing quality 207 * of vnode LRU. Per the above this is done to avoid breaking vnode -> path 208 * resolution (it becomes expensive for directories and impossible for the rest) 209 * This would not be a factor if namecache entries could persist without vnodes. 210 * - struct namecache has a fixed size and comes in 2 variants, often wasting 211 * space. now hard to replace with malloc due to dependence on SMR, which 212 * requires UMA zones to opt in 213 * - lack of better integration with the kernel also turns nullfs into a layered 214 * filesystem instead of something which can take advantage of caching 215 * 216 * Appendix A: where is the time lost, expanding on paragraph III 217 * 218 * While some care went into optimizing lookups, there is still plenty of 219 * performance left on the table, most notably from single-threaded standpoint. 220 * Below is a woefully incomplete list of changes which can help. Ideas are 221 * mostly sketched out, no claim is made all kinks or prerequisites are laid 222 * out. The name of the game is eliding branches altogether and hopefully some 223 * of memory accesses. 224 * 225 * Note there is performance lost all over VFS. 226 * 227 * === SMR-only lookup 228 * 229 * For commonly used ops like stat(2), when the terminal vnode *is* cached, 230 * lockless lookup could refrain from refing/locking the found vnode and 231 * instead return while within the SMR section. Then a call to, say, 232 * vop_stat_smr could do the work (or fail with EAGAIN), finally the result 233 * would be validated with seqc not changing. This would be faster 234 * single-threaded as it dodges atomics and would provide full scalability for 235 * multicore uses. This would *not* work for open(2) or other calls which need 236 * the vnode to hang around for the long haul, but would work for aforementioned 237 * stat(2) but also access(2), readlink(2), realpathat(2) and probably more. 238 * 239 * === copyinstr 240 * 241 * On all architectures it operates one byte at a time, while it could be 242 * word-sized instead thanks to the Mycroft trick. 243 * 244 * API itself is rather pessimal for path lookup, accepting arbitrary sizes and 245 * *optionally* filling in the length parameter. 246 * 247 * Instead a new routine (copyinpath?) could be introduced, demanding a buffer 248 * size which is a multiply of the word (and never zero), with the length 249 * always returned. On top of it the routine could be allowed to transform the 250 * buffer in arbitrary ways, most notably writing past the found length (not to 251 * be confused with writing past buffer size) -- this would allow word-sized 252 * movs while checking for '\0' later. 253 * 254 * === detour through namei 255 * 256 * Currently one suffers being called from namei, which then has to check if 257 * things worked out locklessly. Instead the lockless lookup could be the 258 * actual entry point which calls what is currently namei as a fallback. 259 * 260 * It could be hotpatched if lockless lookup is disabled. 261 * 262 * === avoidable branches in cache_can_fplookup 263 * 264 * The cache_fast_lookup_enabled flag check could be hotpatchable (in fact if 265 * this is off, none of fplookup code should execute, see above). 266 * 267 * Both audit and capsicum branches can be combined into one, but it requires 268 * paying off a lot of tech debt first. 269 * 270 * ni_startdir could be indicated with a flag in cn_flags, eliminating the 271 * branch. 272 * 273 * === mount stacks 274 * 275 * Crossing a mount requires checking if perhaps something is mounted on top. 276 * Instead, an additional entry could be added to struct mount with a pointer 277 * to the final mount on the stack. This would be recalculated on each 278 * mount/unmount. 279 * 280 * === root vnodes 281 * 282 * It could become part of the API contract to *always* have a rootvnode set in 283 * mnt_rootvnode. Such vnodes are annotated with VV_ROOT and vnlru would have 284 * to be modified to always skip them. 285 * 286 * === inactive on v_usecount reaching 0 287 * 288 * VOP_NEED_INACTIVE should not exist. Filesystems can indicate need for such 289 * processing with a bit in usecount and adding a hold count. Then vput fast path 290 * would become as simple as (ACHTUNG: locking ignored): 291 * 292 * ref = atomic_fetchadd_int(&vp->v_count, -1) - 1; 293 * if ((ref & MAGIC_BIT) == 0) // common case 294 * return; 295 * if (ref != 0) // the bit is set but this was not the last user 296 * return; 297 * // do inactive here 298 * 299 * Also see below. 300 * 301 * === v_holdcnt 302 * 303 * Hold count should probably get eliminated, but one can argue it is a useful 304 * feature. Even if so, handling of v_usecount could be decoupled from it -- 305 * vnlru et al would consider the vnode not-freeable if has either hold or 306 * usecount on it. 307 * 308 * This would eliminate 2 atomics in the common case of securing a vnode and 309 * undoing it. 310 */ 311 312 static SYSCTL_NODE(_vfs, OID_AUTO, cache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 313 "Name cache"); 314 315 SDT_PROVIDER_DECLARE(vfs); 316 SDT_PROBE_DEFINE3(vfs, namecache, enter, done, "struct vnode *", "char *", 317 "struct vnode *"); 318 SDT_PROBE_DEFINE3(vfs, namecache, enter, duplicate, "struct vnode *", "char *", 319 "struct vnode *"); 320 SDT_PROBE_DEFINE2(vfs, namecache, enter_negative, done, "struct vnode *", 321 "char *"); 322 SDT_PROBE_DEFINE2(vfs, namecache, fullpath_smr, hit, "struct vnode *", 323 "const char *"); 324 SDT_PROBE_DEFINE4(vfs, namecache, fullpath_smr, miss, "struct vnode *", 325 "struct namecache *", "int", "int"); 326 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, entry, "struct vnode *"); 327 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, hit, "struct vnode *", 328 "char *", "struct vnode *"); 329 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, miss, "struct vnode *"); 330 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, return, "int", 331 "struct vnode *", "char *"); 332 SDT_PROBE_DEFINE3(vfs, namecache, lookup, hit, "struct vnode *", "char *", 333 "struct vnode *"); 334 SDT_PROBE_DEFINE2(vfs, namecache, lookup, hit__negative, 335 "struct vnode *", "char *"); 336 SDT_PROBE_DEFINE2(vfs, namecache, lookup, miss, "struct vnode *", 337 "char *"); 338 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, hit, "struct vnode *", 339 "struct componentname *"); 340 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, miss, "struct vnode *", 341 "struct componentname *"); 342 SDT_PROBE_DEFINE3(vfs, namecache, purge, done, "struct vnode *", "size_t", "size_t"); 343 SDT_PROBE_DEFINE1(vfs, namecache, purge, batch, "int"); 344 SDT_PROBE_DEFINE1(vfs, namecache, purge_negative, done, "struct vnode *"); 345 SDT_PROBE_DEFINE1(vfs, namecache, purgevfs, done, "struct mount *"); 346 SDT_PROBE_DEFINE3(vfs, namecache, zap, done, "struct vnode *", "char *", 347 "struct vnode *"); 348 SDT_PROBE_DEFINE2(vfs, namecache, zap_negative, done, "struct vnode *", 349 "char *"); 350 SDT_PROBE_DEFINE2(vfs, namecache, evict_negative, done, "struct vnode *", 351 "char *"); 352 SDT_PROBE_DEFINE1(vfs, namecache, symlink, alloc__fail, "size_t"); 353 354 SDT_PROBE_DEFINE3(vfs, fplookup, lookup, done, "struct nameidata *", "int", 355 "enum cache_fpl_status"); 356 SDT_PROBE_DECLARE(vfs, namei, lookup, entry); 357 SDT_PROBE_DECLARE(vfs, namei, lookup, return); 358 359 static char __read_frequently cache_fast_lookup_enabled = true; 360 361 /* 362 * This structure describes the elements in the cache of recent 363 * names looked up by namei. 364 */ 365 struct negstate { 366 u_char neg_flag; 367 u_char neg_hit; 368 }; 369 _Static_assert(sizeof(struct negstate) <= sizeof(struct vnode *), 370 "the state must fit in a union with a pointer without growing it"); 371 372 struct namecache { 373 LIST_ENTRY(namecache) nc_src; /* source vnode list */ 374 TAILQ_ENTRY(namecache) nc_dst; /* destination vnode list */ 375 CK_SLIST_ENTRY(namecache) nc_hash;/* hash chain */ 376 struct vnode *nc_dvp; /* vnode of parent of name */ 377 union { 378 struct vnode *nu_vp; /* vnode the name refers to */ 379 struct negstate nu_neg;/* negative entry state */ 380 } n_un; 381 u_char nc_flag; /* flag bits */ 382 u_char nc_nlen; /* length of name */ 383 char nc_name[]; /* segment name + nul */ 384 }; 385 386 /* 387 * struct namecache_ts repeats struct namecache layout up to the 388 * nc_nlen member. 389 * struct namecache_ts is used in place of struct namecache when time(s) need 390 * to be stored. The nc_dotdottime field is used when a cache entry is mapping 391 * both a non-dotdot directory name plus dotdot for the directory's 392 * parent. 393 * 394 * See below for alignment requirement. 395 */ 396 struct namecache_ts { 397 struct timespec nc_time; /* timespec provided by fs */ 398 struct timespec nc_dotdottime; /* dotdot timespec provided by fs */ 399 int nc_ticks; /* ticks value when entry was added */ 400 int nc_pad; 401 struct namecache nc_nc; 402 }; 403 404 TAILQ_HEAD(cache_freebatch, namecache); 405 406 /* 407 * At least mips n32 performs 64-bit accesses to timespec as found 408 * in namecache_ts and requires them to be aligned. Since others 409 * may be in the same spot suffer a little bit and enforce the 410 * alignment for everyone. Note this is a nop for 64-bit platforms. 411 */ 412 #define CACHE_ZONE_ALIGNMENT UMA_ALIGNOF(time_t) 413 414 /* 415 * TODO: the initial value of CACHE_PATH_CUTOFF was inherited from the 416 * 4.4 BSD codebase. Later on struct namecache was tweaked to become 417 * smaller and the value was bumped to retain the total size, but it 418 * was never re-evaluated for suitability. A simple test counting 419 * lengths during package building shows that the value of 45 covers 420 * about 86% of all added entries, reaching 99% at 65. 421 * 422 * Regardless of the above, use of dedicated zones instead of malloc may be 423 * inducing additional waste. This may be hard to address as said zones are 424 * tied to VFS SMR. Even if retaining them, the current split should be 425 * re-evaluated. 426 */ 427 #ifdef __LP64__ 428 #define CACHE_PATH_CUTOFF 45 429 #define CACHE_LARGE_PAD 6 430 #else 431 #define CACHE_PATH_CUTOFF 41 432 #define CACHE_LARGE_PAD 2 433 #endif 434 435 #define CACHE_ZONE_SMALL_SIZE (offsetof(struct namecache, nc_name) + CACHE_PATH_CUTOFF + 1) 436 #define CACHE_ZONE_SMALL_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_SMALL_SIZE) 437 #define CACHE_ZONE_LARGE_SIZE (offsetof(struct namecache, nc_name) + NAME_MAX + 1 + CACHE_LARGE_PAD) 438 #define CACHE_ZONE_LARGE_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_LARGE_SIZE) 439 440 _Static_assert((CACHE_ZONE_SMALL_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 441 _Static_assert((CACHE_ZONE_SMALL_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 442 _Static_assert((CACHE_ZONE_LARGE_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 443 _Static_assert((CACHE_ZONE_LARGE_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 444 445 #define nc_vp n_un.nu_vp 446 #define nc_neg n_un.nu_neg 447 448 /* 449 * Flags in namecache.nc_flag 450 */ 451 #define NCF_WHITE 0x01 452 #define NCF_ISDOTDOT 0x02 453 #define NCF_TS 0x04 454 #define NCF_DTS 0x08 455 #define NCF_DVDROP 0x10 456 #define NCF_NEGATIVE 0x20 457 #define NCF_INVALID 0x40 458 #define NCF_WIP 0x80 459 460 /* 461 * Flags in negstate.neg_flag 462 */ 463 #define NEG_HOT 0x01 464 465 static bool cache_neg_evict_cond(u_long lnumcache); 466 467 /* 468 * Mark an entry as invalid. 469 * 470 * This is called before it starts getting deconstructed. 471 */ 472 static void 473 cache_ncp_invalidate(struct namecache *ncp) 474 { 475 476 KASSERT((ncp->nc_flag & NCF_INVALID) == 0, 477 ("%s: entry %p already invalid", __func__, ncp)); 478 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_INVALID); 479 atomic_thread_fence_rel(); 480 } 481 482 /* 483 * Does this entry match the given directory and name? 484 */ 485 static bool 486 cache_ncp_match(struct namecache *ncp, struct vnode *dvp, 487 struct componentname *cnp) 488 { 489 return (ncp->nc_dvp == dvp && 490 ncp->nc_nlen == cnp->cn_namelen && 491 bcmp(ncp->nc_name, cnp->cn_nameptr, cnp->cn_namelen) == 0); 492 } 493 494 /* 495 * Check whether the entry can be safely used. 496 * 497 * All places which elide locks are supposed to call this after they are 498 * done with reading from an entry. 499 */ 500 #define cache_ncp_canuse(ncp) ({ \ 501 struct namecache *_ncp = (ncp); \ 502 u_char _nc_flag; \ 503 \ 504 atomic_thread_fence_acq(); \ 505 _nc_flag = atomic_load_char(&_ncp->nc_flag); \ 506 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP)) == 0); \ 507 }) 508 509 /* 510 * Like the above but also checks NCF_WHITE. 511 */ 512 #define cache_fpl_neg_ncp_canuse(ncp) ({ \ 513 struct namecache *_ncp = (ncp); \ 514 u_char _nc_flag; \ 515 \ 516 atomic_thread_fence_acq(); \ 517 _nc_flag = atomic_load_char(&_ncp->nc_flag); \ 518 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP | NCF_WHITE)) == 0); \ 519 }) 520 521 VFS_SMR_DECLARE; 522 523 static SYSCTL_NODE(_vfs_cache, OID_AUTO, param, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 524 "Name cache parameters"); 525 526 static u_int __read_mostly ncsize; /* the size as computed on creation or resizing */ 527 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, size, CTLFLAG_RD, &ncsize, 0, 528 "Total namecache capacity"); 529 530 u_int ncsizefactor = 2; 531 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, sizefactor, CTLFLAG_RW, &ncsizefactor, 0, 532 "Size factor for namecache"); 533 534 static u_long __read_mostly ncnegfactor = 5; /* ratio of negative entries */ 535 SYSCTL_ULONG(_vfs_cache_param, OID_AUTO, negfactor, CTLFLAG_RW, &ncnegfactor, 0, 536 "Ratio of negative namecache entries"); 537 538 /* 539 * Negative entry % of namecache capacity above which automatic eviction is allowed. 540 * 541 * Check cache_neg_evict_cond for details. 542 */ 543 static u_int ncnegminpct = 3; 544 545 static u_int __read_mostly neg_min; /* the above recomputed against ncsize */ 546 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, negmin, CTLFLAG_RD, &neg_min, 0, 547 "Negative entry count above which automatic eviction is allowed"); 548 549 /* 550 * Structures associated with name caching. 551 */ 552 #define NCHHASH(hash) \ 553 (&nchashtbl[(hash) & nchash]) 554 static __read_mostly CK_SLIST_HEAD(nchashhead, namecache) *nchashtbl;/* Hash Table */ 555 static u_long __read_mostly nchash; /* size of hash table */ 556 SYSCTL_ULONG(_debug, OID_AUTO, nchash, CTLFLAG_RD, &nchash, 0, 557 "Size of namecache hash table"); 558 static u_long __exclusive_cache_line numneg; /* number of negative entries allocated */ 559 static u_long __exclusive_cache_line numcache;/* number of cache entries allocated */ 560 561 struct nchstats nchstats; /* cache effectiveness statistics */ 562 563 static u_int __exclusive_cache_line neg_cycle; 564 565 #define ncneghash 3 566 #define numneglists (ncneghash + 1) 567 568 struct neglist { 569 struct mtx nl_evict_lock; 570 struct mtx nl_lock __aligned(CACHE_LINE_SIZE); 571 TAILQ_HEAD(, namecache) nl_list; 572 TAILQ_HEAD(, namecache) nl_hotlist; 573 u_long nl_hotnum; 574 } __aligned(CACHE_LINE_SIZE); 575 576 static struct neglist neglists[numneglists]; 577 578 static inline struct neglist * 579 NCP2NEGLIST(struct namecache *ncp) 580 { 581 582 return (&neglists[(((uintptr_t)(ncp) >> 8) & ncneghash)]); 583 } 584 585 static inline struct negstate * 586 NCP2NEGSTATE(struct namecache *ncp) 587 { 588 589 MPASS(atomic_load_char(&ncp->nc_flag) & NCF_NEGATIVE); 590 return (&ncp->nc_neg); 591 } 592 593 #define numbucketlocks (ncbuckethash + 1) 594 static u_int __read_mostly ncbuckethash; 595 static struct mtx_padalign __read_mostly *bucketlocks; 596 #define HASH2BUCKETLOCK(hash) \ 597 ((struct mtx *)(&bucketlocks[((hash) & ncbuckethash)])) 598 599 #define numvnodelocks (ncvnodehash + 1) 600 static u_int __read_mostly ncvnodehash; 601 static struct mtx __read_mostly *vnodelocks; 602 static inline struct mtx * 603 VP2VNODELOCK(struct vnode *vp) 604 { 605 606 return (&vnodelocks[(((uintptr_t)(vp) >> 8) & ncvnodehash)]); 607 } 608 609 /* 610 * Search the hash table for a namecache entry. Either the corresponding bucket 611 * must be locked, or the caller must be in an SMR read section. 612 */ 613 static struct namecache * 614 cache_ncp_find(struct vnode *dvp, struct componentname *cnp, uint32_t hash) 615 { 616 struct namecache *ncp; 617 618 KASSERT(mtx_owned(HASH2BUCKETLOCK(hash)) || VFS_SMR_ENTERED(), 619 ("%s: hash %u not locked", __func__, hash)); 620 CK_SLIST_FOREACH(ncp, NCHHASH(hash), nc_hash) { 621 if (cache_ncp_match(ncp, dvp, cnp)) 622 break; 623 } 624 return (ncp); 625 } 626 627 static void 628 cache_out_ts(struct namecache *ncp, struct timespec *tsp, int *ticksp) 629 { 630 struct namecache_ts *ncp_ts; 631 632 KASSERT((ncp->nc_flag & NCF_TS) != 0 || 633 (tsp == NULL && ticksp == NULL), 634 ("No NCF_TS")); 635 636 if (tsp == NULL) 637 return; 638 639 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 640 *tsp = ncp_ts->nc_time; 641 *ticksp = ncp_ts->nc_ticks; 642 } 643 644 #ifdef DEBUG_CACHE 645 static int __read_mostly doingcache = 1; /* 1 => enable the cache */ 646 SYSCTL_INT(_debug, OID_AUTO, vfscache, CTLFLAG_RW, &doingcache, 0, 647 "VFS namecache enabled"); 648 #endif 649 650 /* Export size information to userland */ 651 SYSCTL_SIZEOF_STRUCT(namecache); 652 653 /* 654 * The new name cache statistics 655 */ 656 static SYSCTL_NODE(_vfs_cache, OID_AUTO, stats, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 657 "Name cache statistics"); 658 659 #define STATNODE_ULONG(name, varname, descr) \ 660 SYSCTL_ULONG(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr); 661 #define STATNODE_COUNTER(name, varname, descr) \ 662 static COUNTER_U64_DEFINE_EARLY(varname); \ 663 SYSCTL_COUNTER_U64(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, \ 664 descr); 665 STATNODE_ULONG(neg, numneg, "Number of negative cache entries"); 666 STATNODE_ULONG(count, numcache, "Number of cache entries"); 667 STATNODE_COUNTER(heldvnodes, numcachehv, "Number of namecache entries with vnodes held"); 668 STATNODE_COUNTER(drops, numdrops, "Number of dropped entries due to reaching the limit"); 669 STATNODE_COUNTER(miss, nummiss, "Number of cache misses"); 670 STATNODE_COUNTER(misszap, nummisszap, "Number of cache misses we do not want to cache"); 671 STATNODE_COUNTER(poszaps, numposzaps, 672 "Number of cache hits (positive) we do not want to cache"); 673 STATNODE_COUNTER(poshits, numposhits, "Number of cache hits (positive)"); 674 STATNODE_COUNTER(negzaps, numnegzaps, 675 "Number of cache hits (negative) we do not want to cache"); 676 STATNODE_COUNTER(neghits, numneghits, "Number of cache hits (negative)"); 677 /* These count for vn_getcwd(), too. */ 678 STATNODE_COUNTER(fullpathcalls, numfullpathcalls, "Number of fullpath search calls"); 679 STATNODE_COUNTER(fullpathfail2, numfullpathfail2, 680 "Number of fullpath search errors (VOP_VPTOCNP failures)"); 681 STATNODE_COUNTER(fullpathfail4, numfullpathfail4, "Number of fullpath search errors (ENOMEM)"); 682 STATNODE_COUNTER(fullpathfound, numfullpathfound, "Number of successful fullpath calls"); 683 STATNODE_COUNTER(symlinktoobig, symlinktoobig, "Number of times symlink did not fit the cache"); 684 685 /* 686 * Debug or developer statistics. 687 */ 688 static SYSCTL_NODE(_vfs_cache, OID_AUTO, debug, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 689 "Name cache debugging"); 690 #define DEBUGNODE_ULONG(name, varname, descr) \ 691 SYSCTL_ULONG(_vfs_cache_debug, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr); 692 static u_long zap_bucket_relock_success; 693 DEBUGNODE_ULONG(zap_bucket_relock_success, zap_bucket_relock_success, 694 "Number of successful removals after relocking"); 695 static u_long zap_bucket_fail; 696 DEBUGNODE_ULONG(zap_bucket_fail, zap_bucket_fail, ""); 697 static u_long zap_bucket_fail2; 698 DEBUGNODE_ULONG(zap_bucket_fail2, zap_bucket_fail2, ""); 699 static u_long cache_lock_vnodes_cel_3_failures; 700 DEBUGNODE_ULONG(vnodes_cel_3_failures, cache_lock_vnodes_cel_3_failures, 701 "Number of times 3-way vnode locking failed"); 702 703 static void cache_zap_locked(struct namecache *ncp); 704 static int vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf, 705 char **retbuf, size_t *buflen, size_t addend); 706 static int vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf, 707 char **retbuf, size_t *buflen); 708 static int vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf, 709 char **retbuf, size_t *len, size_t addend); 710 711 static MALLOC_DEFINE(M_VFSCACHE, "vfscache", "VFS name cache entries"); 712 713 static inline void 714 cache_assert_vlp_locked(struct mtx *vlp) 715 { 716 717 if (vlp != NULL) 718 mtx_assert(vlp, MA_OWNED); 719 } 720 721 static inline void 722 cache_assert_vnode_locked(struct vnode *vp) 723 { 724 struct mtx *vlp; 725 726 vlp = VP2VNODELOCK(vp); 727 cache_assert_vlp_locked(vlp); 728 } 729 730 /* 731 * Directory vnodes with entries are held for two reasons: 732 * 1. make them less of a target for reclamation in vnlru 733 * 2. suffer smaller performance penalty in locked lookup as requeieing is avoided 734 * 735 * It will be feasible to stop doing it altogether if all filesystems start 736 * supporting lockless lookup. 737 */ 738 static void 739 cache_hold_vnode(struct vnode *vp) 740 { 741 742 cache_assert_vnode_locked(vp); 743 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp); 744 vhold(vp); 745 counter_u64_add(numcachehv, 1); 746 } 747 748 static void 749 cache_drop_vnode(struct vnode *vp) 750 { 751 752 /* 753 * Called after all locks are dropped, meaning we can't assert 754 * on the state of v_cache_src. 755 */ 756 vdrop(vp); 757 counter_u64_add(numcachehv, -1); 758 } 759 760 /* 761 * UMA zones. 762 */ 763 static uma_zone_t __read_mostly cache_zone_small; 764 static uma_zone_t __read_mostly cache_zone_small_ts; 765 static uma_zone_t __read_mostly cache_zone_large; 766 static uma_zone_t __read_mostly cache_zone_large_ts; 767 768 char * 769 cache_symlink_alloc(size_t size, int flags) 770 { 771 772 if (size < CACHE_ZONE_SMALL_SIZE) { 773 return (uma_zalloc_smr(cache_zone_small, flags)); 774 } 775 if (size < CACHE_ZONE_LARGE_SIZE) { 776 return (uma_zalloc_smr(cache_zone_large, flags)); 777 } 778 counter_u64_add(symlinktoobig, 1); 779 SDT_PROBE1(vfs, namecache, symlink, alloc__fail, size); 780 return (NULL); 781 } 782 783 void 784 cache_symlink_free(char *string, size_t size) 785 { 786 787 MPASS(string != NULL); 788 KASSERT(size < CACHE_ZONE_LARGE_SIZE, 789 ("%s: size %zu too big", __func__, size)); 790 791 if (size < CACHE_ZONE_SMALL_SIZE) { 792 uma_zfree_smr(cache_zone_small, string); 793 return; 794 } 795 if (size < CACHE_ZONE_LARGE_SIZE) { 796 uma_zfree_smr(cache_zone_large, string); 797 return; 798 } 799 __assert_unreachable(); 800 } 801 802 static struct namecache * 803 cache_alloc_uma(int len, bool ts) 804 { 805 struct namecache_ts *ncp_ts; 806 struct namecache *ncp; 807 808 if (__predict_false(ts)) { 809 if (len <= CACHE_PATH_CUTOFF) 810 ncp_ts = uma_zalloc_smr(cache_zone_small_ts, M_WAITOK); 811 else 812 ncp_ts = uma_zalloc_smr(cache_zone_large_ts, M_WAITOK); 813 ncp = &ncp_ts->nc_nc; 814 } else { 815 if (len <= CACHE_PATH_CUTOFF) 816 ncp = uma_zalloc_smr(cache_zone_small, M_WAITOK); 817 else 818 ncp = uma_zalloc_smr(cache_zone_large, M_WAITOK); 819 } 820 return (ncp); 821 } 822 823 static void 824 cache_free_uma(struct namecache *ncp) 825 { 826 struct namecache_ts *ncp_ts; 827 828 if (__predict_false(ncp->nc_flag & NCF_TS)) { 829 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 830 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF) 831 uma_zfree_smr(cache_zone_small_ts, ncp_ts); 832 else 833 uma_zfree_smr(cache_zone_large_ts, ncp_ts); 834 } else { 835 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF) 836 uma_zfree_smr(cache_zone_small, ncp); 837 else 838 uma_zfree_smr(cache_zone_large, ncp); 839 } 840 } 841 842 static struct namecache * 843 cache_alloc(int len, bool ts) 844 { 845 u_long lnumcache; 846 847 /* 848 * Avoid blowout in namecache entries. 849 * 850 * Bugs: 851 * 1. filesystems may end up trying to add an already existing entry 852 * (for example this can happen after a cache miss during concurrent 853 * lookup), in which case we will call cache_neg_evict despite not 854 * adding anything. 855 * 2. the routine may fail to free anything and no provisions are made 856 * to make it try harder (see the inside for failure modes) 857 * 3. it only ever looks at negative entries. 858 */ 859 lnumcache = atomic_fetchadd_long(&numcache, 1) + 1; 860 if (cache_neg_evict_cond(lnumcache)) { 861 lnumcache = atomic_load_long(&numcache); 862 } 863 if (__predict_false(lnumcache >= ncsize)) { 864 atomic_subtract_long(&numcache, 1); 865 counter_u64_add(numdrops, 1); 866 return (NULL); 867 } 868 return (cache_alloc_uma(len, ts)); 869 } 870 871 static void 872 cache_free(struct namecache *ncp) 873 { 874 875 MPASS(ncp != NULL); 876 if ((ncp->nc_flag & NCF_DVDROP) != 0) { 877 cache_drop_vnode(ncp->nc_dvp); 878 } 879 cache_free_uma(ncp); 880 atomic_subtract_long(&numcache, 1); 881 } 882 883 static void 884 cache_free_batch(struct cache_freebatch *batch) 885 { 886 struct namecache *ncp, *nnp; 887 int i; 888 889 i = 0; 890 if (TAILQ_EMPTY(batch)) 891 goto out; 892 TAILQ_FOREACH_SAFE(ncp, batch, nc_dst, nnp) { 893 if ((ncp->nc_flag & NCF_DVDROP) != 0) { 894 cache_drop_vnode(ncp->nc_dvp); 895 } 896 cache_free_uma(ncp); 897 i++; 898 } 899 atomic_subtract_long(&numcache, i); 900 out: 901 SDT_PROBE1(vfs, namecache, purge, batch, i); 902 } 903 904 /* 905 * Hashing. 906 * 907 * The code was made to use FNV in 2001 and this choice needs to be revisited. 908 * 909 * Short summary of the difficulty: 910 * The longest name which can be inserted is NAME_MAX characters in length (or 911 * 255 at the time of writing this comment), while majority of names used in 912 * practice are significantly shorter (mostly below 10). More importantly 913 * majority of lookups performed find names are even shorter than that. 914 * 915 * This poses a problem where hashes which do better than FNV past word size 916 * (or so) tend to come with additional overhead when finalizing the result, 917 * making them noticeably slower for the most commonly used range. 918 * 919 * Consider a path like: /usr/obj/usr/src/sys/amd64/GENERIC/vnode_if.c 920 * 921 * When looking it up the most time consuming part by a large margin (at least 922 * on amd64) is hashing. Replacing FNV with something which pessimizes short 923 * input would make the slowest part stand out even more. 924 */ 925 926 /* 927 * TODO: With the value stored we can do better than computing the hash based 928 * on the address. 929 */ 930 static void 931 cache_prehash(struct vnode *vp) 932 { 933 934 vp->v_nchash = fnv_32_buf(&vp, sizeof(vp), FNV1_32_INIT); 935 } 936 937 static uint32_t 938 cache_get_hash(char *name, u_char len, struct vnode *dvp) 939 { 940 941 return (fnv_32_buf(name, len, dvp->v_nchash)); 942 } 943 944 static uint32_t 945 cache_get_hash_iter_start(struct vnode *dvp) 946 { 947 948 return (dvp->v_nchash); 949 } 950 951 static uint32_t 952 cache_get_hash_iter(char c, uint32_t hash) 953 { 954 955 return (fnv_32_buf(&c, 1, hash)); 956 } 957 958 static uint32_t 959 cache_get_hash_iter_finish(uint32_t hash) 960 { 961 962 return (hash); 963 } 964 965 static inline struct nchashhead * 966 NCP2BUCKET(struct namecache *ncp) 967 { 968 uint32_t hash; 969 970 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp); 971 return (NCHHASH(hash)); 972 } 973 974 static inline struct mtx * 975 NCP2BUCKETLOCK(struct namecache *ncp) 976 { 977 uint32_t hash; 978 979 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp); 980 return (HASH2BUCKETLOCK(hash)); 981 } 982 983 #ifdef INVARIANTS 984 static void 985 cache_assert_bucket_locked(struct namecache *ncp) 986 { 987 struct mtx *blp; 988 989 blp = NCP2BUCKETLOCK(ncp); 990 mtx_assert(blp, MA_OWNED); 991 } 992 993 static void 994 cache_assert_bucket_unlocked(struct namecache *ncp) 995 { 996 struct mtx *blp; 997 998 blp = NCP2BUCKETLOCK(ncp); 999 mtx_assert(blp, MA_NOTOWNED); 1000 } 1001 #else 1002 #define cache_assert_bucket_locked(x) do { } while (0) 1003 #define cache_assert_bucket_unlocked(x) do { } while (0) 1004 #endif 1005 1006 #define cache_sort_vnodes(x, y) _cache_sort_vnodes((void **)(x), (void **)(y)) 1007 static void 1008 _cache_sort_vnodes(void **p1, void **p2) 1009 { 1010 void *tmp; 1011 1012 MPASS(*p1 != NULL || *p2 != NULL); 1013 1014 if (*p1 > *p2) { 1015 tmp = *p2; 1016 *p2 = *p1; 1017 *p1 = tmp; 1018 } 1019 } 1020 1021 static void 1022 cache_lock_all_buckets(void) 1023 { 1024 u_int i; 1025 1026 for (i = 0; i < numbucketlocks; i++) 1027 mtx_lock(&bucketlocks[i]); 1028 } 1029 1030 static void 1031 cache_unlock_all_buckets(void) 1032 { 1033 u_int i; 1034 1035 for (i = 0; i < numbucketlocks; i++) 1036 mtx_unlock(&bucketlocks[i]); 1037 } 1038 1039 static void 1040 cache_lock_all_vnodes(void) 1041 { 1042 u_int i; 1043 1044 for (i = 0; i < numvnodelocks; i++) 1045 mtx_lock(&vnodelocks[i]); 1046 } 1047 1048 static void 1049 cache_unlock_all_vnodes(void) 1050 { 1051 u_int i; 1052 1053 for (i = 0; i < numvnodelocks; i++) 1054 mtx_unlock(&vnodelocks[i]); 1055 } 1056 1057 static int 1058 cache_trylock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1059 { 1060 1061 cache_sort_vnodes(&vlp1, &vlp2); 1062 1063 if (vlp1 != NULL) { 1064 if (!mtx_trylock(vlp1)) 1065 return (EAGAIN); 1066 } 1067 if (!mtx_trylock(vlp2)) { 1068 if (vlp1 != NULL) 1069 mtx_unlock(vlp1); 1070 return (EAGAIN); 1071 } 1072 1073 return (0); 1074 } 1075 1076 static void 1077 cache_lock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1078 { 1079 1080 MPASS(vlp1 != NULL || vlp2 != NULL); 1081 MPASS(vlp1 <= vlp2); 1082 1083 if (vlp1 != NULL) 1084 mtx_lock(vlp1); 1085 if (vlp2 != NULL) 1086 mtx_lock(vlp2); 1087 } 1088 1089 static void 1090 cache_unlock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1091 { 1092 1093 MPASS(vlp1 != NULL || vlp2 != NULL); 1094 1095 if (vlp1 != NULL) 1096 mtx_unlock(vlp1); 1097 if (vlp2 != NULL) 1098 mtx_unlock(vlp2); 1099 } 1100 1101 static int 1102 sysctl_nchstats(SYSCTL_HANDLER_ARGS) 1103 { 1104 struct nchstats snap; 1105 1106 if (req->oldptr == NULL) 1107 return (SYSCTL_OUT(req, 0, sizeof(snap))); 1108 1109 snap = nchstats; 1110 snap.ncs_goodhits = counter_u64_fetch(numposhits); 1111 snap.ncs_neghits = counter_u64_fetch(numneghits); 1112 snap.ncs_badhits = counter_u64_fetch(numposzaps) + 1113 counter_u64_fetch(numnegzaps); 1114 snap.ncs_miss = counter_u64_fetch(nummisszap) + 1115 counter_u64_fetch(nummiss); 1116 1117 return (SYSCTL_OUT(req, &snap, sizeof(snap))); 1118 } 1119 SYSCTL_PROC(_vfs_cache, OID_AUTO, nchstats, CTLTYPE_OPAQUE | CTLFLAG_RD | 1120 CTLFLAG_MPSAFE, 0, 0, sysctl_nchstats, "LU", 1121 "VFS cache effectiveness statistics"); 1122 1123 static int 1124 sysctl_hitpct(SYSCTL_HANDLER_ARGS) 1125 { 1126 long poshits, neghits, miss, total; 1127 long pct; 1128 1129 poshits = counter_u64_fetch(numposhits); 1130 neghits = counter_u64_fetch(numneghits); 1131 miss = counter_u64_fetch(nummiss); 1132 total = poshits + neghits + miss; 1133 1134 pct = 0; 1135 if (total != 0) 1136 pct = ((poshits + neghits) * 100) / total; 1137 return (sysctl_handle_int(oidp, 0, pct, req)); 1138 } 1139 SYSCTL_PROC(_vfs_cache_stats, OID_AUTO, hitpct, 1140 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RD, NULL, 0, sysctl_hitpct, 1141 "I", "Percentage of hits"); 1142 1143 static void 1144 cache_recalc_neg_min(void) 1145 { 1146 1147 neg_min = (ncsize * ncnegminpct) / 100; 1148 } 1149 1150 static int 1151 sysctl_negminpct(SYSCTL_HANDLER_ARGS) 1152 { 1153 u_int val; 1154 int error; 1155 1156 val = ncnegminpct; 1157 error = sysctl_handle_int(oidp, &val, 0, req); 1158 if (error != 0 || req->newptr == NULL) 1159 return (error); 1160 1161 if (val == ncnegminpct) 1162 return (0); 1163 if (val < 0 || val > 99) 1164 return (EINVAL); 1165 ncnegminpct = val; 1166 cache_recalc_neg_min(); 1167 return (0); 1168 } 1169 1170 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, negminpct, 1171 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, NULL, 0, sysctl_negminpct, 1172 "I", "Negative entry \% of namecache capacity above which automatic eviction is allowed"); 1173 1174 #ifdef DEBUG_CACHE 1175 /* 1176 * Grab an atomic snapshot of the name cache hash chain lengths 1177 */ 1178 static SYSCTL_NODE(_debug, OID_AUTO, hashstat, 1179 CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 1180 "hash table stats"); 1181 1182 static int 1183 sysctl_debug_hashstat_rawnchash(SYSCTL_HANDLER_ARGS) 1184 { 1185 struct nchashhead *ncpp; 1186 struct namecache *ncp; 1187 int i, error, n_nchash, *cntbuf; 1188 1189 retry: 1190 n_nchash = nchash + 1; /* nchash is max index, not count */ 1191 if (req->oldptr == NULL) 1192 return SYSCTL_OUT(req, 0, n_nchash * sizeof(int)); 1193 cntbuf = malloc(n_nchash * sizeof(int), M_TEMP, M_ZERO | M_WAITOK); 1194 cache_lock_all_buckets(); 1195 if (n_nchash != nchash + 1) { 1196 cache_unlock_all_buckets(); 1197 free(cntbuf, M_TEMP); 1198 goto retry; 1199 } 1200 /* Scan hash tables counting entries */ 1201 for (ncpp = nchashtbl, i = 0; i < n_nchash; ncpp++, i++) 1202 CK_SLIST_FOREACH(ncp, ncpp, nc_hash) 1203 cntbuf[i]++; 1204 cache_unlock_all_buckets(); 1205 for (error = 0, i = 0; i < n_nchash; i++) 1206 if ((error = SYSCTL_OUT(req, &cntbuf[i], sizeof(int))) != 0) 1207 break; 1208 free(cntbuf, M_TEMP); 1209 return (error); 1210 } 1211 SYSCTL_PROC(_debug_hashstat, OID_AUTO, rawnchash, CTLTYPE_INT|CTLFLAG_RD| 1212 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_rawnchash, "S,int", 1213 "nchash chain lengths"); 1214 1215 static int 1216 sysctl_debug_hashstat_nchash(SYSCTL_HANDLER_ARGS) 1217 { 1218 int error; 1219 struct nchashhead *ncpp; 1220 struct namecache *ncp; 1221 int n_nchash; 1222 int count, maxlength, used, pct; 1223 1224 if (!req->oldptr) 1225 return SYSCTL_OUT(req, 0, 4 * sizeof(int)); 1226 1227 cache_lock_all_buckets(); 1228 n_nchash = nchash + 1; /* nchash is max index, not count */ 1229 used = 0; 1230 maxlength = 0; 1231 1232 /* Scan hash tables for applicable entries */ 1233 for (ncpp = nchashtbl; n_nchash > 0; n_nchash--, ncpp++) { 1234 count = 0; 1235 CK_SLIST_FOREACH(ncp, ncpp, nc_hash) { 1236 count++; 1237 } 1238 if (count) 1239 used++; 1240 if (maxlength < count) 1241 maxlength = count; 1242 } 1243 n_nchash = nchash + 1; 1244 cache_unlock_all_buckets(); 1245 pct = (used * 100) / (n_nchash / 100); 1246 error = SYSCTL_OUT(req, &n_nchash, sizeof(n_nchash)); 1247 if (error) 1248 return (error); 1249 error = SYSCTL_OUT(req, &used, sizeof(used)); 1250 if (error) 1251 return (error); 1252 error = SYSCTL_OUT(req, &maxlength, sizeof(maxlength)); 1253 if (error) 1254 return (error); 1255 error = SYSCTL_OUT(req, &pct, sizeof(pct)); 1256 if (error) 1257 return (error); 1258 return (0); 1259 } 1260 SYSCTL_PROC(_debug_hashstat, OID_AUTO, nchash, CTLTYPE_INT|CTLFLAG_RD| 1261 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_nchash, "I", 1262 "nchash statistics (number of total/used buckets, maximum chain length, usage percentage)"); 1263 #endif 1264 1265 /* 1266 * Negative entries management 1267 * 1268 * Various workloads create plenty of negative entries and barely use them 1269 * afterwards. Moreover malicious users can keep performing bogus lookups 1270 * adding even more entries. For example "make tinderbox" as of writing this 1271 * comment ends up with 2.6M namecache entries in total, 1.2M of which are 1272 * negative. 1273 * 1274 * As such, a rather aggressive eviction method is needed. The currently 1275 * employed method is a placeholder. 1276 * 1277 * Entries are split over numneglists separate lists, each of which is further 1278 * split into hot and cold entries. Entries get promoted after getting a hit. 1279 * Eviction happens on addition of new entry. 1280 */ 1281 static SYSCTL_NODE(_vfs_cache, OID_AUTO, neg, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 1282 "Name cache negative entry statistics"); 1283 1284 SYSCTL_ULONG(_vfs_cache_neg, OID_AUTO, count, CTLFLAG_RD, &numneg, 0, 1285 "Number of negative cache entries"); 1286 1287 static COUNTER_U64_DEFINE_EARLY(neg_created); 1288 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, created, CTLFLAG_RD, &neg_created, 1289 "Number of created negative entries"); 1290 1291 static COUNTER_U64_DEFINE_EARLY(neg_evicted); 1292 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evicted, CTLFLAG_RD, &neg_evicted, 1293 "Number of evicted negative entries"); 1294 1295 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_empty); 1296 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_empty, CTLFLAG_RD, 1297 &neg_evict_skipped_empty, 1298 "Number of times evicting failed due to lack of entries"); 1299 1300 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_missed); 1301 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_missed, CTLFLAG_RD, 1302 &neg_evict_skipped_missed, 1303 "Number of times evicting failed due to target entry disappearing"); 1304 1305 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_contended); 1306 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_contended, CTLFLAG_RD, 1307 &neg_evict_skipped_contended, 1308 "Number of times evicting failed due to contention"); 1309 1310 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, hits, CTLFLAG_RD, &numneghits, 1311 "Number of cache hits (negative)"); 1312 1313 static int 1314 sysctl_neg_hot(SYSCTL_HANDLER_ARGS) 1315 { 1316 int i, out; 1317 1318 out = 0; 1319 for (i = 0; i < numneglists; i++) 1320 out += neglists[i].nl_hotnum; 1321 1322 return (SYSCTL_OUT(req, &out, sizeof(out))); 1323 } 1324 SYSCTL_PROC(_vfs_cache_neg, OID_AUTO, hot, CTLTYPE_INT | CTLFLAG_RD | 1325 CTLFLAG_MPSAFE, 0, 0, sysctl_neg_hot, "I", 1326 "Number of hot negative entries"); 1327 1328 static void 1329 cache_neg_init(struct namecache *ncp) 1330 { 1331 struct negstate *ns; 1332 1333 ncp->nc_flag |= NCF_NEGATIVE; 1334 ns = NCP2NEGSTATE(ncp); 1335 ns->neg_flag = 0; 1336 ns->neg_hit = 0; 1337 counter_u64_add(neg_created, 1); 1338 } 1339 1340 #define CACHE_NEG_PROMOTION_THRESH 2 1341 1342 static bool 1343 cache_neg_hit_prep(struct namecache *ncp) 1344 { 1345 struct negstate *ns; 1346 u_char n; 1347 1348 ns = NCP2NEGSTATE(ncp); 1349 n = atomic_load_char(&ns->neg_hit); 1350 for (;;) { 1351 if (n >= CACHE_NEG_PROMOTION_THRESH) 1352 return (false); 1353 if (atomic_fcmpset_8(&ns->neg_hit, &n, n + 1)) 1354 break; 1355 } 1356 return (n + 1 == CACHE_NEG_PROMOTION_THRESH); 1357 } 1358 1359 /* 1360 * Nothing to do here but it is provided for completeness as some 1361 * cache_neg_hit_prep callers may end up returning without even 1362 * trying to promote. 1363 */ 1364 #define cache_neg_hit_abort(ncp) do { } while (0) 1365 1366 static void 1367 cache_neg_hit_finish(struct namecache *ncp) 1368 { 1369 1370 SDT_PROBE2(vfs, namecache, lookup, hit__negative, ncp->nc_dvp, ncp->nc_name); 1371 counter_u64_add(numneghits, 1); 1372 } 1373 1374 /* 1375 * Move a negative entry to the hot list. 1376 */ 1377 static void 1378 cache_neg_promote_locked(struct namecache *ncp) 1379 { 1380 struct neglist *nl; 1381 struct negstate *ns; 1382 1383 ns = NCP2NEGSTATE(ncp); 1384 nl = NCP2NEGLIST(ncp); 1385 mtx_assert(&nl->nl_lock, MA_OWNED); 1386 if ((ns->neg_flag & NEG_HOT) == 0) { 1387 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst); 1388 TAILQ_INSERT_TAIL(&nl->nl_hotlist, ncp, nc_dst); 1389 nl->nl_hotnum++; 1390 ns->neg_flag |= NEG_HOT; 1391 } 1392 } 1393 1394 /* 1395 * Move a hot negative entry to the cold list. 1396 */ 1397 static void 1398 cache_neg_demote_locked(struct namecache *ncp) 1399 { 1400 struct neglist *nl; 1401 struct negstate *ns; 1402 1403 ns = NCP2NEGSTATE(ncp); 1404 nl = NCP2NEGLIST(ncp); 1405 mtx_assert(&nl->nl_lock, MA_OWNED); 1406 MPASS(ns->neg_flag & NEG_HOT); 1407 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst); 1408 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst); 1409 nl->nl_hotnum--; 1410 ns->neg_flag &= ~NEG_HOT; 1411 atomic_store_char(&ns->neg_hit, 0); 1412 } 1413 1414 /* 1415 * Move a negative entry to the hot list if it matches the lookup. 1416 * 1417 * We have to take locks, but they may be contended and in the worst 1418 * case we may need to go off CPU. We don't want to spin within the 1419 * smr section and we can't block with it. Exiting the section means 1420 * the found entry could have been evicted. We are going to look it 1421 * up again. 1422 */ 1423 static bool 1424 cache_neg_promote_cond(struct vnode *dvp, struct componentname *cnp, 1425 struct namecache *oncp, uint32_t hash) 1426 { 1427 struct namecache *ncp; 1428 struct neglist *nl; 1429 u_char nc_flag; 1430 1431 nl = NCP2NEGLIST(oncp); 1432 1433 mtx_lock(&nl->nl_lock); 1434 /* 1435 * For hash iteration. 1436 */ 1437 vfs_smr_enter(); 1438 1439 /* 1440 * Avoid all surprises by only succeeding if we got the same entry and 1441 * bailing completely otherwise. 1442 * XXX There are no provisions to keep the vnode around, meaning we may 1443 * end up promoting a negative entry for a *new* vnode and returning 1444 * ENOENT on its account. This is the error we want to return anyway 1445 * and promotion is harmless. 1446 * 1447 * In particular at this point there can be a new ncp which matches the 1448 * search but hashes to a different neglist. 1449 */ 1450 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) { 1451 if (ncp == oncp) 1452 break; 1453 } 1454 1455 /* 1456 * No match to begin with. 1457 */ 1458 if (__predict_false(ncp == NULL)) { 1459 goto out_abort; 1460 } 1461 1462 /* 1463 * The newly found entry may be something different... 1464 */ 1465 if (!cache_ncp_match(ncp, dvp, cnp)) { 1466 goto out_abort; 1467 } 1468 1469 /* 1470 * ... and not even negative. 1471 */ 1472 nc_flag = atomic_load_char(&ncp->nc_flag); 1473 if ((nc_flag & NCF_NEGATIVE) == 0) { 1474 goto out_abort; 1475 } 1476 1477 if (!cache_ncp_canuse(ncp)) { 1478 goto out_abort; 1479 } 1480 1481 cache_neg_promote_locked(ncp); 1482 cache_neg_hit_finish(ncp); 1483 vfs_smr_exit(); 1484 mtx_unlock(&nl->nl_lock); 1485 return (true); 1486 out_abort: 1487 vfs_smr_exit(); 1488 mtx_unlock(&nl->nl_lock); 1489 return (false); 1490 } 1491 1492 static void 1493 cache_neg_promote(struct namecache *ncp) 1494 { 1495 struct neglist *nl; 1496 1497 nl = NCP2NEGLIST(ncp); 1498 mtx_lock(&nl->nl_lock); 1499 cache_neg_promote_locked(ncp); 1500 mtx_unlock(&nl->nl_lock); 1501 } 1502 1503 static void 1504 cache_neg_insert(struct namecache *ncp) 1505 { 1506 struct neglist *nl; 1507 1508 MPASS(ncp->nc_flag & NCF_NEGATIVE); 1509 cache_assert_bucket_locked(ncp); 1510 nl = NCP2NEGLIST(ncp); 1511 mtx_lock(&nl->nl_lock); 1512 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst); 1513 mtx_unlock(&nl->nl_lock); 1514 atomic_add_long(&numneg, 1); 1515 } 1516 1517 static void 1518 cache_neg_remove(struct namecache *ncp) 1519 { 1520 struct neglist *nl; 1521 struct negstate *ns; 1522 1523 cache_assert_bucket_locked(ncp); 1524 nl = NCP2NEGLIST(ncp); 1525 ns = NCP2NEGSTATE(ncp); 1526 mtx_lock(&nl->nl_lock); 1527 if ((ns->neg_flag & NEG_HOT) != 0) { 1528 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst); 1529 nl->nl_hotnum--; 1530 } else { 1531 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst); 1532 } 1533 mtx_unlock(&nl->nl_lock); 1534 atomic_subtract_long(&numneg, 1); 1535 } 1536 1537 static struct neglist * 1538 cache_neg_evict_select_list(void) 1539 { 1540 struct neglist *nl; 1541 u_int c; 1542 1543 c = atomic_fetchadd_int(&neg_cycle, 1) + 1; 1544 nl = &neglists[c % numneglists]; 1545 if (!mtx_trylock(&nl->nl_evict_lock)) { 1546 counter_u64_add(neg_evict_skipped_contended, 1); 1547 return (NULL); 1548 } 1549 return (nl); 1550 } 1551 1552 static struct namecache * 1553 cache_neg_evict_select_entry(struct neglist *nl) 1554 { 1555 struct namecache *ncp, *lncp; 1556 struct negstate *ns, *lns; 1557 int i; 1558 1559 mtx_assert(&nl->nl_evict_lock, MA_OWNED); 1560 mtx_assert(&nl->nl_lock, MA_OWNED); 1561 ncp = TAILQ_FIRST(&nl->nl_list); 1562 if (ncp == NULL) 1563 return (NULL); 1564 lncp = ncp; 1565 lns = NCP2NEGSTATE(lncp); 1566 for (i = 1; i < 4; i++) { 1567 ncp = TAILQ_NEXT(ncp, nc_dst); 1568 if (ncp == NULL) 1569 break; 1570 ns = NCP2NEGSTATE(ncp); 1571 if (ns->neg_hit < lns->neg_hit) { 1572 lncp = ncp; 1573 lns = ns; 1574 } 1575 } 1576 return (lncp); 1577 } 1578 1579 static bool 1580 cache_neg_evict(void) 1581 { 1582 struct namecache *ncp, *ncp2; 1583 struct neglist *nl; 1584 struct vnode *dvp; 1585 struct mtx *dvlp; 1586 struct mtx *blp; 1587 uint32_t hash; 1588 u_char nlen; 1589 bool evicted; 1590 1591 nl = cache_neg_evict_select_list(); 1592 if (nl == NULL) { 1593 return (false); 1594 } 1595 1596 mtx_lock(&nl->nl_lock); 1597 ncp = TAILQ_FIRST(&nl->nl_hotlist); 1598 if (ncp != NULL) { 1599 cache_neg_demote_locked(ncp); 1600 } 1601 ncp = cache_neg_evict_select_entry(nl); 1602 if (ncp == NULL) { 1603 counter_u64_add(neg_evict_skipped_empty, 1); 1604 mtx_unlock(&nl->nl_lock); 1605 mtx_unlock(&nl->nl_evict_lock); 1606 return (false); 1607 } 1608 nlen = ncp->nc_nlen; 1609 dvp = ncp->nc_dvp; 1610 hash = cache_get_hash(ncp->nc_name, nlen, dvp); 1611 dvlp = VP2VNODELOCK(dvp); 1612 blp = HASH2BUCKETLOCK(hash); 1613 mtx_unlock(&nl->nl_lock); 1614 mtx_unlock(&nl->nl_evict_lock); 1615 mtx_lock(dvlp); 1616 mtx_lock(blp); 1617 /* 1618 * Note that since all locks were dropped above, the entry may be 1619 * gone or reallocated to be something else. 1620 */ 1621 CK_SLIST_FOREACH(ncp2, (NCHHASH(hash)), nc_hash) { 1622 if (ncp2 == ncp && ncp2->nc_dvp == dvp && 1623 ncp2->nc_nlen == nlen && (ncp2->nc_flag & NCF_NEGATIVE) != 0) 1624 break; 1625 } 1626 if (ncp2 == NULL) { 1627 counter_u64_add(neg_evict_skipped_missed, 1); 1628 ncp = NULL; 1629 evicted = false; 1630 } else { 1631 MPASS(dvlp == VP2VNODELOCK(ncp->nc_dvp)); 1632 MPASS(blp == NCP2BUCKETLOCK(ncp)); 1633 SDT_PROBE2(vfs, namecache, evict_negative, done, ncp->nc_dvp, 1634 ncp->nc_name); 1635 cache_zap_locked(ncp); 1636 counter_u64_add(neg_evicted, 1); 1637 evicted = true; 1638 } 1639 mtx_unlock(blp); 1640 mtx_unlock(dvlp); 1641 if (ncp != NULL) 1642 cache_free(ncp); 1643 return (evicted); 1644 } 1645 1646 /* 1647 * Maybe evict a negative entry to create more room. 1648 * 1649 * The ncnegfactor parameter limits what fraction of the total count 1650 * can comprise of negative entries. However, if the cache is just 1651 * warming up this leads to excessive evictions. As such, ncnegminpct 1652 * (recomputed to neg_min) dictates whether the above should be 1653 * applied. 1654 * 1655 * Try evicting if the cache is close to full capacity regardless of 1656 * other considerations. 1657 */ 1658 static bool 1659 cache_neg_evict_cond(u_long lnumcache) 1660 { 1661 u_long lnumneg; 1662 1663 if (ncsize - 1000 < lnumcache) 1664 goto out_evict; 1665 lnumneg = atomic_load_long(&numneg); 1666 if (lnumneg < neg_min) 1667 return (false); 1668 if (lnumneg * ncnegfactor < lnumcache) 1669 return (false); 1670 out_evict: 1671 return (cache_neg_evict()); 1672 } 1673 1674 /* 1675 * cache_zap_locked(): 1676 * 1677 * Removes a namecache entry from cache, whether it contains an actual 1678 * pointer to a vnode or if it is just a negative cache entry. 1679 */ 1680 static void 1681 cache_zap_locked(struct namecache *ncp) 1682 { 1683 struct nchashhead *ncpp; 1684 struct vnode *dvp, *vp; 1685 1686 dvp = ncp->nc_dvp; 1687 vp = ncp->nc_vp; 1688 1689 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1690 cache_assert_vnode_locked(vp); 1691 cache_assert_vnode_locked(dvp); 1692 cache_assert_bucket_locked(ncp); 1693 1694 cache_ncp_invalidate(ncp); 1695 1696 ncpp = NCP2BUCKET(ncp); 1697 CK_SLIST_REMOVE(ncpp, ncp, namecache, nc_hash); 1698 if (!(ncp->nc_flag & NCF_NEGATIVE)) { 1699 SDT_PROBE3(vfs, namecache, zap, done, dvp, ncp->nc_name, vp); 1700 TAILQ_REMOVE(&vp->v_cache_dst, ncp, nc_dst); 1701 if (ncp == vp->v_cache_dd) { 1702 atomic_store_ptr(&vp->v_cache_dd, NULL); 1703 } 1704 } else { 1705 SDT_PROBE2(vfs, namecache, zap_negative, done, dvp, ncp->nc_name); 1706 cache_neg_remove(ncp); 1707 } 1708 if (ncp->nc_flag & NCF_ISDOTDOT) { 1709 if (ncp == dvp->v_cache_dd) { 1710 atomic_store_ptr(&dvp->v_cache_dd, NULL); 1711 } 1712 } else { 1713 LIST_REMOVE(ncp, nc_src); 1714 if (LIST_EMPTY(&dvp->v_cache_src)) { 1715 ncp->nc_flag |= NCF_DVDROP; 1716 } 1717 } 1718 } 1719 1720 static void 1721 cache_zap_negative_locked_vnode_kl(struct namecache *ncp, struct vnode *vp) 1722 { 1723 struct mtx *blp; 1724 1725 MPASS(ncp->nc_dvp == vp); 1726 MPASS(ncp->nc_flag & NCF_NEGATIVE); 1727 cache_assert_vnode_locked(vp); 1728 1729 blp = NCP2BUCKETLOCK(ncp); 1730 mtx_lock(blp); 1731 cache_zap_locked(ncp); 1732 mtx_unlock(blp); 1733 } 1734 1735 static bool 1736 cache_zap_locked_vnode_kl2(struct namecache *ncp, struct vnode *vp, 1737 struct mtx **vlpp) 1738 { 1739 struct mtx *pvlp, *vlp1, *vlp2, *to_unlock; 1740 struct mtx *blp; 1741 1742 MPASS(vp == ncp->nc_dvp || vp == ncp->nc_vp); 1743 cache_assert_vnode_locked(vp); 1744 1745 if (ncp->nc_flag & NCF_NEGATIVE) { 1746 if (*vlpp != NULL) { 1747 mtx_unlock(*vlpp); 1748 *vlpp = NULL; 1749 } 1750 cache_zap_negative_locked_vnode_kl(ncp, vp); 1751 return (true); 1752 } 1753 1754 pvlp = VP2VNODELOCK(vp); 1755 blp = NCP2BUCKETLOCK(ncp); 1756 vlp1 = VP2VNODELOCK(ncp->nc_dvp); 1757 vlp2 = VP2VNODELOCK(ncp->nc_vp); 1758 1759 if (*vlpp == vlp1 || *vlpp == vlp2) { 1760 to_unlock = *vlpp; 1761 *vlpp = NULL; 1762 } else { 1763 if (*vlpp != NULL) { 1764 mtx_unlock(*vlpp); 1765 *vlpp = NULL; 1766 } 1767 cache_sort_vnodes(&vlp1, &vlp2); 1768 if (vlp1 == pvlp) { 1769 mtx_lock(vlp2); 1770 to_unlock = vlp2; 1771 } else { 1772 if (!mtx_trylock(vlp1)) 1773 goto out_relock; 1774 to_unlock = vlp1; 1775 } 1776 } 1777 mtx_lock(blp); 1778 cache_zap_locked(ncp); 1779 mtx_unlock(blp); 1780 if (to_unlock != NULL) 1781 mtx_unlock(to_unlock); 1782 return (true); 1783 1784 out_relock: 1785 mtx_unlock(vlp2); 1786 mtx_lock(vlp1); 1787 mtx_lock(vlp2); 1788 MPASS(*vlpp == NULL); 1789 *vlpp = vlp1; 1790 return (false); 1791 } 1792 1793 /* 1794 * If trylocking failed we can get here. We know enough to take all needed locks 1795 * in the right order and re-lookup the entry. 1796 */ 1797 static int 1798 cache_zap_unlocked_bucket(struct namecache *ncp, struct componentname *cnp, 1799 struct vnode *dvp, struct mtx *dvlp, struct mtx *vlp, uint32_t hash, 1800 struct mtx *blp) 1801 { 1802 struct namecache *rncp; 1803 struct mtx *rvlp; 1804 1805 cache_assert_bucket_unlocked(ncp); 1806 1807 cache_sort_vnodes(&dvlp, &vlp); 1808 cache_lock_vnodes(dvlp, vlp); 1809 mtx_lock(blp); 1810 CK_SLIST_FOREACH(rncp, (NCHHASH(hash)), nc_hash) { 1811 if (rncp == ncp && cache_ncp_match(rncp, dvp, cnp)) 1812 break; 1813 } 1814 if (rncp == NULL) 1815 goto out_mismatch; 1816 1817 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1818 rvlp = VP2VNODELOCK(rncp->nc_vp); 1819 else 1820 rvlp = NULL; 1821 if (rvlp != vlp) 1822 goto out_mismatch; 1823 1824 cache_zap_locked(rncp); 1825 mtx_unlock(blp); 1826 cache_unlock_vnodes(dvlp, vlp); 1827 atomic_add_long(&zap_bucket_relock_success, 1); 1828 return (0); 1829 1830 out_mismatch: 1831 mtx_unlock(blp); 1832 cache_unlock_vnodes(dvlp, vlp); 1833 return (EAGAIN); 1834 } 1835 1836 static int __noinline 1837 cache_zap_locked_bucket(struct namecache *ncp, struct componentname *cnp, 1838 uint32_t hash, struct mtx *blp) 1839 { 1840 struct mtx *dvlp, *vlp; 1841 struct vnode *dvp; 1842 1843 cache_assert_bucket_locked(ncp); 1844 1845 dvlp = VP2VNODELOCK(ncp->nc_dvp); 1846 vlp = NULL; 1847 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1848 vlp = VP2VNODELOCK(ncp->nc_vp); 1849 if (cache_trylock_vnodes(dvlp, vlp) == 0) { 1850 cache_zap_locked(ncp); 1851 mtx_unlock(blp); 1852 cache_unlock_vnodes(dvlp, vlp); 1853 return (0); 1854 } 1855 1856 dvp = ncp->nc_dvp; 1857 mtx_unlock(blp); 1858 return (cache_zap_unlocked_bucket(ncp, cnp, dvp, dvlp, vlp, hash, blp)); 1859 } 1860 1861 static __noinline int 1862 cache_remove_cnp(struct vnode *dvp, struct componentname *cnp) 1863 { 1864 struct namecache *ncp; 1865 struct mtx *blp; 1866 struct mtx *dvlp, *dvlp2; 1867 uint32_t hash; 1868 int error; 1869 1870 if (cnp->cn_namelen == 2 && 1871 cnp->cn_nameptr[0] == '.' && cnp->cn_nameptr[1] == '.') { 1872 dvlp = VP2VNODELOCK(dvp); 1873 dvlp2 = NULL; 1874 mtx_lock(dvlp); 1875 retry_dotdot: 1876 ncp = dvp->v_cache_dd; 1877 if (ncp == NULL) { 1878 mtx_unlock(dvlp); 1879 if (dvlp2 != NULL) 1880 mtx_unlock(dvlp2); 1881 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp); 1882 return (0); 1883 } 1884 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) { 1885 if (!cache_zap_locked_vnode_kl2(ncp, dvp, &dvlp2)) 1886 goto retry_dotdot; 1887 MPASS(dvp->v_cache_dd == NULL); 1888 mtx_unlock(dvlp); 1889 if (dvlp2 != NULL) 1890 mtx_unlock(dvlp2); 1891 cache_free(ncp); 1892 } else { 1893 atomic_store_ptr(&dvp->v_cache_dd, NULL); 1894 mtx_unlock(dvlp); 1895 if (dvlp2 != NULL) 1896 mtx_unlock(dvlp2); 1897 } 1898 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp); 1899 return (1); 1900 } 1901 1902 /* 1903 * XXX note that access here is completely unlocked with no provisions 1904 * to keep the hash allocated. If one is sufficiently unlucky a 1905 * parallel cache resize can reallocate the hash, unmap backing pages 1906 * and cause the empty check below to fault. 1907 * 1908 * Fixing this has epsilon priority, but can be done with no overhead 1909 * for this codepath with sufficient effort. 1910 */ 1911 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 1912 blp = HASH2BUCKETLOCK(hash); 1913 retry: 1914 if (CK_SLIST_EMPTY(NCHHASH(hash))) 1915 goto out_no_entry; 1916 1917 mtx_lock(blp); 1918 ncp = cache_ncp_find(dvp, cnp, hash); 1919 if (ncp == NULL) { 1920 mtx_unlock(blp); 1921 goto out_no_entry; 1922 } 1923 1924 error = cache_zap_locked_bucket(ncp, cnp, hash, blp); 1925 if (__predict_false(error != 0)) { 1926 atomic_add_long(&zap_bucket_fail, 1); 1927 goto retry; 1928 } 1929 counter_u64_add(numposzaps, 1); 1930 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp); 1931 cache_free(ncp); 1932 return (1); 1933 out_no_entry: 1934 counter_u64_add(nummisszap, 1); 1935 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp); 1936 return (0); 1937 } 1938 1939 static int __noinline 1940 cache_lookup_dot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 1941 struct timespec *tsp, int *ticksp) 1942 { 1943 int ltype; 1944 1945 *vpp = dvp; 1946 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ".", *vpp); 1947 if (tsp != NULL) 1948 timespecclear(tsp); 1949 if (ticksp != NULL) 1950 *ticksp = ticks; 1951 vrefact(*vpp); 1952 /* 1953 * When we lookup "." we still can be asked to lock it 1954 * differently... 1955 */ 1956 ltype = cnp->cn_lkflags & LK_TYPE_MASK; 1957 if (ltype != VOP_ISLOCKED(*vpp)) { 1958 if (ltype == LK_EXCLUSIVE) { 1959 vn_lock(*vpp, LK_UPGRADE | LK_RETRY); 1960 if (VN_IS_DOOMED((*vpp))) { 1961 /* forced unmount */ 1962 vrele(*vpp); 1963 *vpp = NULL; 1964 return (ENOENT); 1965 } 1966 } else 1967 vn_lock(*vpp, LK_DOWNGRADE | LK_RETRY); 1968 } 1969 return (-1); 1970 } 1971 1972 static int __noinline 1973 cache_lookup_dotdot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 1974 struct timespec *tsp, int *ticksp) 1975 { 1976 struct namecache_ts *ncp_ts; 1977 struct namecache *ncp; 1978 struct mtx *dvlp; 1979 enum vgetstate vs; 1980 int error, ltype; 1981 bool whiteout; 1982 1983 MPASS((cnp->cn_flags & ISDOTDOT) != 0); 1984 1985 if ((cnp->cn_flags & MAKEENTRY) == 0) { 1986 cache_remove_cnp(dvp, cnp); 1987 return (0); 1988 } 1989 1990 retry: 1991 dvlp = VP2VNODELOCK(dvp); 1992 mtx_lock(dvlp); 1993 ncp = dvp->v_cache_dd; 1994 if (ncp == NULL) { 1995 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, ".."); 1996 mtx_unlock(dvlp); 1997 return (0); 1998 } 1999 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) { 2000 if (ncp->nc_flag & NCF_NEGATIVE) 2001 *vpp = NULL; 2002 else 2003 *vpp = ncp->nc_vp; 2004 } else 2005 *vpp = ncp->nc_dvp; 2006 if (*vpp == NULL) 2007 goto negative_success; 2008 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, "..", *vpp); 2009 cache_out_ts(ncp, tsp, ticksp); 2010 if ((ncp->nc_flag & (NCF_ISDOTDOT | NCF_DTS)) == 2011 NCF_DTS && tsp != NULL) { 2012 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 2013 *tsp = ncp_ts->nc_dotdottime; 2014 } 2015 2016 MPASS(dvp != *vpp); 2017 ltype = VOP_ISLOCKED(dvp); 2018 VOP_UNLOCK(dvp); 2019 vs = vget_prep(*vpp); 2020 mtx_unlock(dvlp); 2021 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2022 vn_lock(dvp, ltype | LK_RETRY); 2023 if (VN_IS_DOOMED(dvp)) { 2024 if (error == 0) 2025 vput(*vpp); 2026 *vpp = NULL; 2027 return (ENOENT); 2028 } 2029 if (error) { 2030 *vpp = NULL; 2031 goto retry; 2032 } 2033 return (-1); 2034 negative_success: 2035 if (__predict_false(cnp->cn_nameiop == CREATE)) { 2036 if (cnp->cn_flags & ISLASTCN) { 2037 counter_u64_add(numnegzaps, 1); 2038 cache_zap_negative_locked_vnode_kl(ncp, dvp); 2039 mtx_unlock(dvlp); 2040 cache_free(ncp); 2041 return (0); 2042 } 2043 } 2044 2045 whiteout = (ncp->nc_flag & NCF_WHITE); 2046 cache_out_ts(ncp, tsp, ticksp); 2047 if (cache_neg_hit_prep(ncp)) 2048 cache_neg_promote(ncp); 2049 else 2050 cache_neg_hit_finish(ncp); 2051 mtx_unlock(dvlp); 2052 if (whiteout) 2053 cnp->cn_flags |= ISWHITEOUT; 2054 return (ENOENT); 2055 } 2056 2057 /** 2058 * Lookup a name in the name cache 2059 * 2060 * # Arguments 2061 * 2062 * - dvp: Parent directory in which to search. 2063 * - vpp: Return argument. Will contain desired vnode on cache hit. 2064 * - cnp: Parameters of the name search. The most interesting bits of 2065 * the cn_flags field have the following meanings: 2066 * - MAKEENTRY: If clear, free an entry from the cache rather than look 2067 * it up. 2068 * - ISDOTDOT: Must be set if and only if cn_nameptr == ".." 2069 * - tsp: Return storage for cache timestamp. On a successful (positive 2070 * or negative) lookup, tsp will be filled with any timespec that 2071 * was stored when this cache entry was created. However, it will 2072 * be clear for "." entries. 2073 * - ticks: Return storage for alternate cache timestamp. On a successful 2074 * (positive or negative) lookup, it will contain the ticks value 2075 * that was current when the cache entry was created, unless cnp 2076 * was ".". 2077 * 2078 * Either both tsp and ticks have to be provided or neither of them. 2079 * 2080 * # Returns 2081 * 2082 * - -1: A positive cache hit. vpp will contain the desired vnode. 2083 * - ENOENT: A negative cache hit, or dvp was recycled out from under us due 2084 * to a forced unmount. vpp will not be modified. If the entry 2085 * is a whiteout, then the ISWHITEOUT flag will be set in 2086 * cnp->cn_flags. 2087 * - 0: A cache miss. vpp will not be modified. 2088 * 2089 * # Locking 2090 * 2091 * On a cache hit, vpp will be returned locked and ref'd. If we're looking up 2092 * .., dvp is unlocked. If we're looking up . an extra ref is taken, but the 2093 * lock is not recursively acquired. 2094 */ 2095 static int __noinline 2096 cache_lookup_fallback(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 2097 struct timespec *tsp, int *ticksp) 2098 { 2099 struct namecache *ncp; 2100 struct mtx *blp; 2101 uint32_t hash; 2102 enum vgetstate vs; 2103 int error; 2104 bool whiteout; 2105 2106 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 2107 MPASS((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) != 0); 2108 2109 retry: 2110 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 2111 blp = HASH2BUCKETLOCK(hash); 2112 mtx_lock(blp); 2113 2114 ncp = cache_ncp_find(dvp, cnp, hash); 2115 if (__predict_false(ncp == NULL)) { 2116 mtx_unlock(blp); 2117 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr); 2118 counter_u64_add(nummiss, 1); 2119 return (0); 2120 } 2121 2122 if (ncp->nc_flag & NCF_NEGATIVE) 2123 goto negative_success; 2124 2125 counter_u64_add(numposhits, 1); 2126 *vpp = ncp->nc_vp; 2127 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp); 2128 cache_out_ts(ncp, tsp, ticksp); 2129 MPASS(dvp != *vpp); 2130 vs = vget_prep(*vpp); 2131 mtx_unlock(blp); 2132 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2133 if (error) { 2134 *vpp = NULL; 2135 goto retry; 2136 } 2137 return (-1); 2138 negative_success: 2139 /* 2140 * We don't get here with regular lookup apart from corner cases. 2141 */ 2142 if (__predict_true(cnp->cn_nameiop == CREATE)) { 2143 if (cnp->cn_flags & ISLASTCN) { 2144 counter_u64_add(numnegzaps, 1); 2145 error = cache_zap_locked_bucket(ncp, cnp, hash, blp); 2146 if (__predict_false(error != 0)) { 2147 atomic_add_long(&zap_bucket_fail2, 1); 2148 goto retry; 2149 } 2150 cache_free(ncp); 2151 return (0); 2152 } 2153 } 2154 2155 whiteout = (ncp->nc_flag & NCF_WHITE); 2156 cache_out_ts(ncp, tsp, ticksp); 2157 if (cache_neg_hit_prep(ncp)) 2158 cache_neg_promote(ncp); 2159 else 2160 cache_neg_hit_finish(ncp); 2161 mtx_unlock(blp); 2162 if (whiteout) 2163 cnp->cn_flags |= ISWHITEOUT; 2164 return (ENOENT); 2165 } 2166 2167 int 2168 cache_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 2169 struct timespec *tsp, int *ticksp) 2170 { 2171 struct namecache *ncp; 2172 uint32_t hash; 2173 enum vgetstate vs; 2174 int error; 2175 bool whiteout, neg_promote; 2176 u_short nc_flag; 2177 2178 MPASS((tsp == NULL && ticksp == NULL) || (tsp != NULL && ticksp != NULL)); 2179 2180 #ifdef DEBUG_CACHE 2181 if (__predict_false(!doingcache)) { 2182 cnp->cn_flags &= ~MAKEENTRY; 2183 return (0); 2184 } 2185 #endif 2186 2187 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 2188 if (cnp->cn_namelen == 1) 2189 return (cache_lookup_dot(dvp, vpp, cnp, tsp, ticksp)); 2190 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') 2191 return (cache_lookup_dotdot(dvp, vpp, cnp, tsp, ticksp)); 2192 } 2193 2194 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 2195 2196 if ((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) == 0) { 2197 cache_remove_cnp(dvp, cnp); 2198 return (0); 2199 } 2200 2201 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 2202 vfs_smr_enter(); 2203 2204 ncp = cache_ncp_find(dvp, cnp, hash); 2205 if (__predict_false(ncp == NULL)) { 2206 vfs_smr_exit(); 2207 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr); 2208 counter_u64_add(nummiss, 1); 2209 return (0); 2210 } 2211 2212 nc_flag = atomic_load_char(&ncp->nc_flag); 2213 if (nc_flag & NCF_NEGATIVE) 2214 goto negative_success; 2215 2216 counter_u64_add(numposhits, 1); 2217 *vpp = ncp->nc_vp; 2218 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp); 2219 cache_out_ts(ncp, tsp, ticksp); 2220 MPASS(dvp != *vpp); 2221 if (!cache_ncp_canuse(ncp)) { 2222 vfs_smr_exit(); 2223 *vpp = NULL; 2224 goto out_fallback; 2225 } 2226 vs = vget_prep_smr(*vpp); 2227 vfs_smr_exit(); 2228 if (__predict_false(vs == VGET_NONE)) { 2229 *vpp = NULL; 2230 goto out_fallback; 2231 } 2232 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2233 if (error) { 2234 *vpp = NULL; 2235 goto out_fallback; 2236 } 2237 return (-1); 2238 negative_success: 2239 if (cnp->cn_nameiop == CREATE) { 2240 if (cnp->cn_flags & ISLASTCN) { 2241 vfs_smr_exit(); 2242 goto out_fallback; 2243 } 2244 } 2245 2246 cache_out_ts(ncp, tsp, ticksp); 2247 whiteout = (atomic_load_char(&ncp->nc_flag) & NCF_WHITE); 2248 neg_promote = cache_neg_hit_prep(ncp); 2249 if (!cache_ncp_canuse(ncp)) { 2250 cache_neg_hit_abort(ncp); 2251 vfs_smr_exit(); 2252 goto out_fallback; 2253 } 2254 if (neg_promote) { 2255 vfs_smr_exit(); 2256 if (!cache_neg_promote_cond(dvp, cnp, ncp, hash)) 2257 goto out_fallback; 2258 } else { 2259 cache_neg_hit_finish(ncp); 2260 vfs_smr_exit(); 2261 } 2262 if (whiteout) 2263 cnp->cn_flags |= ISWHITEOUT; 2264 return (ENOENT); 2265 out_fallback: 2266 return (cache_lookup_fallback(dvp, vpp, cnp, tsp, ticksp)); 2267 } 2268 2269 struct celockstate { 2270 struct mtx *vlp[3]; 2271 struct mtx *blp[2]; 2272 }; 2273 CTASSERT((nitems(((struct celockstate *)0)->vlp) == 3)); 2274 CTASSERT((nitems(((struct celockstate *)0)->blp) == 2)); 2275 2276 static inline void 2277 cache_celockstate_init(struct celockstate *cel) 2278 { 2279 2280 bzero(cel, sizeof(*cel)); 2281 } 2282 2283 static void 2284 cache_lock_vnodes_cel(struct celockstate *cel, struct vnode *vp, 2285 struct vnode *dvp) 2286 { 2287 struct mtx *vlp1, *vlp2; 2288 2289 MPASS(cel->vlp[0] == NULL); 2290 MPASS(cel->vlp[1] == NULL); 2291 MPASS(cel->vlp[2] == NULL); 2292 2293 MPASS(vp != NULL || dvp != NULL); 2294 2295 vlp1 = VP2VNODELOCK(vp); 2296 vlp2 = VP2VNODELOCK(dvp); 2297 cache_sort_vnodes(&vlp1, &vlp2); 2298 2299 if (vlp1 != NULL) { 2300 mtx_lock(vlp1); 2301 cel->vlp[0] = vlp1; 2302 } 2303 mtx_lock(vlp2); 2304 cel->vlp[1] = vlp2; 2305 } 2306 2307 static void 2308 cache_unlock_vnodes_cel(struct celockstate *cel) 2309 { 2310 2311 MPASS(cel->vlp[0] != NULL || cel->vlp[1] != NULL); 2312 2313 if (cel->vlp[0] != NULL) 2314 mtx_unlock(cel->vlp[0]); 2315 if (cel->vlp[1] != NULL) 2316 mtx_unlock(cel->vlp[1]); 2317 if (cel->vlp[2] != NULL) 2318 mtx_unlock(cel->vlp[2]); 2319 } 2320 2321 static bool 2322 cache_lock_vnodes_cel_3(struct celockstate *cel, struct vnode *vp) 2323 { 2324 struct mtx *vlp; 2325 bool ret; 2326 2327 cache_assert_vlp_locked(cel->vlp[0]); 2328 cache_assert_vlp_locked(cel->vlp[1]); 2329 MPASS(cel->vlp[2] == NULL); 2330 2331 MPASS(vp != NULL); 2332 vlp = VP2VNODELOCK(vp); 2333 2334 ret = true; 2335 if (vlp >= cel->vlp[1]) { 2336 mtx_lock(vlp); 2337 } else { 2338 if (mtx_trylock(vlp)) 2339 goto out; 2340 cache_unlock_vnodes_cel(cel); 2341 atomic_add_long(&cache_lock_vnodes_cel_3_failures, 1); 2342 if (vlp < cel->vlp[0]) { 2343 mtx_lock(vlp); 2344 mtx_lock(cel->vlp[0]); 2345 mtx_lock(cel->vlp[1]); 2346 } else { 2347 if (cel->vlp[0] != NULL) 2348 mtx_lock(cel->vlp[0]); 2349 mtx_lock(vlp); 2350 mtx_lock(cel->vlp[1]); 2351 } 2352 ret = false; 2353 } 2354 out: 2355 cel->vlp[2] = vlp; 2356 return (ret); 2357 } 2358 2359 static void 2360 cache_lock_buckets_cel(struct celockstate *cel, struct mtx *blp1, 2361 struct mtx *blp2) 2362 { 2363 2364 MPASS(cel->blp[0] == NULL); 2365 MPASS(cel->blp[1] == NULL); 2366 2367 cache_sort_vnodes(&blp1, &blp2); 2368 2369 if (blp1 != NULL) { 2370 mtx_lock(blp1); 2371 cel->blp[0] = blp1; 2372 } 2373 mtx_lock(blp2); 2374 cel->blp[1] = blp2; 2375 } 2376 2377 static void 2378 cache_unlock_buckets_cel(struct celockstate *cel) 2379 { 2380 2381 if (cel->blp[0] != NULL) 2382 mtx_unlock(cel->blp[0]); 2383 mtx_unlock(cel->blp[1]); 2384 } 2385 2386 /* 2387 * Lock part of the cache affected by the insertion. 2388 * 2389 * This means vnodelocks for dvp, vp and the relevant bucketlock. 2390 * However, insertion can result in removal of an old entry. In this 2391 * case we have an additional vnode and bucketlock pair to lock. 2392 * 2393 * That is, in the worst case we have to lock 3 vnodes and 2 bucketlocks, while 2394 * preserving the locking order (smaller address first). 2395 */ 2396 static void 2397 cache_enter_lock(struct celockstate *cel, struct vnode *dvp, struct vnode *vp, 2398 uint32_t hash) 2399 { 2400 struct namecache *ncp; 2401 struct mtx *blps[2]; 2402 u_char nc_flag; 2403 2404 blps[0] = HASH2BUCKETLOCK(hash); 2405 for (;;) { 2406 blps[1] = NULL; 2407 cache_lock_vnodes_cel(cel, dvp, vp); 2408 if (vp == NULL || vp->v_type != VDIR) 2409 break; 2410 ncp = atomic_load_consume_ptr(&vp->v_cache_dd); 2411 if (ncp == NULL) 2412 break; 2413 nc_flag = atomic_load_char(&ncp->nc_flag); 2414 if ((nc_flag & NCF_ISDOTDOT) == 0) 2415 break; 2416 MPASS(ncp->nc_dvp == vp); 2417 blps[1] = NCP2BUCKETLOCK(ncp); 2418 if ((nc_flag & NCF_NEGATIVE) != 0) 2419 break; 2420 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp)) 2421 break; 2422 /* 2423 * All vnodes got re-locked. Re-validate the state and if 2424 * nothing changed we are done. Otherwise restart. 2425 */ 2426 if (ncp == vp->v_cache_dd && 2427 (ncp->nc_flag & NCF_ISDOTDOT) != 0 && 2428 blps[1] == NCP2BUCKETLOCK(ncp) && 2429 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2]) 2430 break; 2431 cache_unlock_vnodes_cel(cel); 2432 cel->vlp[0] = NULL; 2433 cel->vlp[1] = NULL; 2434 cel->vlp[2] = NULL; 2435 } 2436 cache_lock_buckets_cel(cel, blps[0], blps[1]); 2437 } 2438 2439 static void 2440 cache_enter_lock_dd(struct celockstate *cel, struct vnode *dvp, struct vnode *vp, 2441 uint32_t hash) 2442 { 2443 struct namecache *ncp; 2444 struct mtx *blps[2]; 2445 u_char nc_flag; 2446 2447 blps[0] = HASH2BUCKETLOCK(hash); 2448 for (;;) { 2449 blps[1] = NULL; 2450 cache_lock_vnodes_cel(cel, dvp, vp); 2451 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd); 2452 if (ncp == NULL) 2453 break; 2454 nc_flag = atomic_load_char(&ncp->nc_flag); 2455 if ((nc_flag & NCF_ISDOTDOT) == 0) 2456 break; 2457 MPASS(ncp->nc_dvp == dvp); 2458 blps[1] = NCP2BUCKETLOCK(ncp); 2459 if ((nc_flag & NCF_NEGATIVE) != 0) 2460 break; 2461 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp)) 2462 break; 2463 if (ncp == dvp->v_cache_dd && 2464 (ncp->nc_flag & NCF_ISDOTDOT) != 0 && 2465 blps[1] == NCP2BUCKETLOCK(ncp) && 2466 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2]) 2467 break; 2468 cache_unlock_vnodes_cel(cel); 2469 cel->vlp[0] = NULL; 2470 cel->vlp[1] = NULL; 2471 cel->vlp[2] = NULL; 2472 } 2473 cache_lock_buckets_cel(cel, blps[0], blps[1]); 2474 } 2475 2476 static void 2477 cache_enter_unlock(struct celockstate *cel) 2478 { 2479 2480 cache_unlock_buckets_cel(cel); 2481 cache_unlock_vnodes_cel(cel); 2482 } 2483 2484 static void __noinline 2485 cache_enter_dotdot_prep(struct vnode *dvp, struct vnode *vp, 2486 struct componentname *cnp) 2487 { 2488 struct celockstate cel; 2489 struct namecache *ncp; 2490 uint32_t hash; 2491 int len; 2492 2493 if (atomic_load_ptr(&dvp->v_cache_dd) == NULL) 2494 return; 2495 len = cnp->cn_namelen; 2496 cache_celockstate_init(&cel); 2497 hash = cache_get_hash(cnp->cn_nameptr, len, dvp); 2498 cache_enter_lock_dd(&cel, dvp, vp, hash); 2499 ncp = dvp->v_cache_dd; 2500 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT)) { 2501 KASSERT(ncp->nc_dvp == dvp, ("wrong isdotdot parent")); 2502 cache_zap_locked(ncp); 2503 } else { 2504 ncp = NULL; 2505 } 2506 atomic_store_ptr(&dvp->v_cache_dd, NULL); 2507 cache_enter_unlock(&cel); 2508 if (ncp != NULL) 2509 cache_free(ncp); 2510 } 2511 2512 /* 2513 * Add an entry to the cache. 2514 */ 2515 void 2516 cache_enter_time(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, 2517 struct timespec *tsp, struct timespec *dtsp) 2518 { 2519 struct celockstate cel; 2520 struct namecache *ncp, *n2, *ndd; 2521 struct namecache_ts *ncp_ts; 2522 uint32_t hash; 2523 int flag; 2524 int len; 2525 2526 KASSERT(cnp->cn_namelen <= NAME_MAX, 2527 ("%s: passed len %ld exceeds NAME_MAX (%d)", __func__, cnp->cn_namelen, 2528 NAME_MAX)); 2529 VNPASS(!VN_IS_DOOMED(dvp), dvp); 2530 VNPASS(dvp->v_type != VNON, dvp); 2531 if (vp != NULL) { 2532 VNPASS(!VN_IS_DOOMED(vp), vp); 2533 VNPASS(vp->v_type != VNON, vp); 2534 } 2535 if (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') { 2536 KASSERT(dvp == vp, 2537 ("%s: different vnodes for dot entry (%p; %p)\n", __func__, 2538 dvp, vp)); 2539 } else { 2540 KASSERT(dvp != vp, 2541 ("%s: same vnode for non-dot entry [%s] (%p)\n", __func__, 2542 cnp->cn_nameptr, dvp)); 2543 } 2544 2545 #ifdef DEBUG_CACHE 2546 if (__predict_false(!doingcache)) 2547 return; 2548 #endif 2549 2550 flag = 0; 2551 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 2552 if (cnp->cn_namelen == 1) 2553 return; 2554 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') { 2555 cache_enter_dotdot_prep(dvp, vp, cnp); 2556 flag = NCF_ISDOTDOT; 2557 } 2558 } 2559 2560 ncp = cache_alloc(cnp->cn_namelen, tsp != NULL); 2561 if (ncp == NULL) 2562 return; 2563 2564 cache_celockstate_init(&cel); 2565 ndd = NULL; 2566 ncp_ts = NULL; 2567 2568 /* 2569 * Calculate the hash key and setup as much of the new 2570 * namecache entry as possible before acquiring the lock. 2571 */ 2572 ncp->nc_flag = flag | NCF_WIP; 2573 ncp->nc_vp = vp; 2574 if (vp == NULL) 2575 cache_neg_init(ncp); 2576 ncp->nc_dvp = dvp; 2577 if (tsp != NULL) { 2578 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 2579 ncp_ts->nc_time = *tsp; 2580 ncp_ts->nc_ticks = ticks; 2581 ncp_ts->nc_nc.nc_flag |= NCF_TS; 2582 if (dtsp != NULL) { 2583 ncp_ts->nc_dotdottime = *dtsp; 2584 ncp_ts->nc_nc.nc_flag |= NCF_DTS; 2585 } 2586 } 2587 len = ncp->nc_nlen = cnp->cn_namelen; 2588 hash = cache_get_hash(cnp->cn_nameptr, len, dvp); 2589 memcpy(ncp->nc_name, cnp->cn_nameptr, len); 2590 ncp->nc_name[len] = '\0'; 2591 cache_enter_lock(&cel, dvp, vp, hash); 2592 2593 /* 2594 * See if this vnode or negative entry is already in the cache 2595 * with this name. This can happen with concurrent lookups of 2596 * the same path name. 2597 */ 2598 n2 = cache_ncp_find(dvp, cnp, hash); 2599 if (n2 != NULL) { 2600 MPASS(cache_ncp_canuse(n2)); 2601 if ((n2->nc_flag & NCF_NEGATIVE) != 0) 2602 KASSERT(vp == NULL, 2603 ("%s: found entry pointing to a different vnode " 2604 "(%p != %p); name [%s]", 2605 __func__, NULL, vp, cnp->cn_nameptr)); 2606 else 2607 KASSERT(n2->nc_vp == vp, 2608 ("%s: found entry pointing to a different vnode " 2609 "(%p != %p); name [%s]", 2610 __func__, n2->nc_vp, vp, cnp->cn_nameptr)); 2611 /* 2612 * Entries are supposed to be immutable unless in the 2613 * process of getting destroyed. Accommodating for 2614 * changing timestamps is possible but not worth it. 2615 * This should be harmless in terms of correctness, in 2616 * the worst case resulting in an earlier expiration. 2617 * Alternatively, the found entry can be replaced 2618 * altogether. 2619 */ 2620 MPASS((n2->nc_flag & (NCF_TS | NCF_DTS)) == 2621 (ncp->nc_flag & (NCF_TS | NCF_DTS))); 2622 #if 0 2623 if (tsp != NULL) { 2624 KASSERT((n2->nc_flag & NCF_TS) != 0, 2625 ("no NCF_TS")); 2626 n2_ts = __containerof(n2, struct namecache_ts, nc_nc); 2627 n2_ts->nc_time = ncp_ts->nc_time; 2628 n2_ts->nc_ticks = ncp_ts->nc_ticks; 2629 if (dtsp != NULL) { 2630 n2_ts->nc_dotdottime = ncp_ts->nc_dotdottime; 2631 n2_ts->nc_nc.nc_flag |= NCF_DTS; 2632 } 2633 } 2634 #endif 2635 SDT_PROBE3(vfs, namecache, enter, duplicate, dvp, ncp->nc_name, 2636 vp); 2637 goto out_unlock_free; 2638 } 2639 2640 if (flag == NCF_ISDOTDOT) { 2641 /* 2642 * See if we are trying to add .. entry, but some other lookup 2643 * has populated v_cache_dd pointer already. 2644 */ 2645 if (dvp->v_cache_dd != NULL) 2646 goto out_unlock_free; 2647 KASSERT(vp == NULL || vp->v_type == VDIR, 2648 ("wrong vnode type %p", vp)); 2649 atomic_thread_fence_rel(); 2650 atomic_store_ptr(&dvp->v_cache_dd, ncp); 2651 } else if (vp != NULL) { 2652 /* 2653 * Take the slow path in INOTIFY(). This flag will be lazily 2654 * cleared by cache_vop_inotify() once all directories referring 2655 * to vp are unwatched. 2656 */ 2657 if (__predict_false((vn_irflag_read(dvp) & VIRF_INOTIFY) != 0)) 2658 vn_irflag_set_cond(vp, VIRF_INOTIFY_PARENT); 2659 2660 /* 2661 * For this case, the cache entry maps both the 2662 * directory name in it and the name ".." for the 2663 * directory's parent. 2664 */ 2665 if ((ndd = vp->v_cache_dd) != NULL) { 2666 if ((ndd->nc_flag & NCF_ISDOTDOT) != 0) 2667 cache_zap_locked(ndd); 2668 else 2669 ndd = NULL; 2670 } 2671 atomic_thread_fence_rel(); 2672 atomic_store_ptr(&vp->v_cache_dd, ncp); 2673 } 2674 2675 if (flag != NCF_ISDOTDOT) { 2676 if (LIST_EMPTY(&dvp->v_cache_src)) { 2677 cache_hold_vnode(dvp); 2678 } 2679 LIST_INSERT_HEAD(&dvp->v_cache_src, ncp, nc_src); 2680 } 2681 2682 /* 2683 * If the entry is "negative", we place it into the 2684 * "negative" cache queue, otherwise, we place it into the 2685 * destination vnode's cache entries queue. 2686 */ 2687 if (vp != NULL) { 2688 TAILQ_INSERT_HEAD(&vp->v_cache_dst, ncp, nc_dst); 2689 SDT_PROBE3(vfs, namecache, enter, done, dvp, ncp->nc_name, 2690 vp); 2691 } else { 2692 if (cnp->cn_flags & ISWHITEOUT) 2693 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_WHITE); 2694 cache_neg_insert(ncp); 2695 SDT_PROBE2(vfs, namecache, enter_negative, done, dvp, 2696 ncp->nc_name); 2697 } 2698 2699 /* 2700 * Insert the new namecache entry into the appropriate chain 2701 * within the cache entries table. 2702 */ 2703 CK_SLIST_INSERT_HEAD(NCHHASH(hash), ncp, nc_hash); 2704 2705 atomic_thread_fence_rel(); 2706 /* 2707 * Mark the entry as fully constructed. 2708 * It is immutable past this point until its removal. 2709 */ 2710 atomic_store_char(&ncp->nc_flag, ncp->nc_flag & ~NCF_WIP); 2711 2712 cache_enter_unlock(&cel); 2713 if (ndd != NULL) 2714 cache_free(ndd); 2715 return; 2716 out_unlock_free: 2717 cache_enter_unlock(&cel); 2718 cache_free(ncp); 2719 return; 2720 } 2721 2722 /* 2723 * A variant of the above accepting flags. 2724 * 2725 * - VFS_CACHE_DROPOLD -- if a conflicting entry is found, drop it. 2726 * 2727 * TODO: this routine is a hack. It blindly removes the old entry, even if it 2728 * happens to match and it is doing it in an inefficient manner. It was added 2729 * to accommodate NFS which runs into a case where the target for a given name 2730 * may change from under it. Note this does nothing to solve the following 2731 * race: 2 callers of cache_enter_time_flags pass a different target vnode for 2732 * the same [dvp, cnp]. It may be argued that code doing this is broken. 2733 */ 2734 void 2735 cache_enter_time_flags(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, 2736 struct timespec *tsp, struct timespec *dtsp, int flags) 2737 { 2738 2739 MPASS((flags & ~(VFS_CACHE_DROPOLD)) == 0); 2740 2741 if (flags & VFS_CACHE_DROPOLD) 2742 cache_remove_cnp(dvp, cnp); 2743 cache_enter_time(dvp, vp, cnp, tsp, dtsp); 2744 } 2745 2746 static u_long 2747 cache_roundup_2(u_long val) 2748 { 2749 u_long res; 2750 2751 for (res = 1; res <= val; res <<= 1) 2752 continue; 2753 2754 return (res); 2755 } 2756 2757 static struct nchashhead * 2758 nchinittbl(u_long elements, u_long *hashmask) 2759 { 2760 struct nchashhead *hashtbl; 2761 u_long hashsize, i; 2762 2763 hashsize = cache_roundup_2(elements) / 2; 2764 2765 hashtbl = malloc(hashsize * sizeof(*hashtbl), M_VFSCACHE, M_WAITOK); 2766 for (i = 0; i < hashsize; i++) 2767 CK_SLIST_INIT(&hashtbl[i]); 2768 *hashmask = hashsize - 1; 2769 return (hashtbl); 2770 } 2771 2772 static void 2773 ncfreetbl(struct nchashhead *hashtbl) 2774 { 2775 2776 free(hashtbl, M_VFSCACHE); 2777 } 2778 2779 /* 2780 * Name cache initialization, from vfs_init() when we are booting 2781 */ 2782 static void 2783 nchinit(void *dummy __unused) 2784 { 2785 u_int i; 2786 2787 cache_zone_small = uma_zcreate("S VFS Cache", CACHE_ZONE_SMALL_SIZE, 2788 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2789 cache_zone_small_ts = uma_zcreate("STS VFS Cache", CACHE_ZONE_SMALL_TS_SIZE, 2790 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2791 cache_zone_large = uma_zcreate("L VFS Cache", CACHE_ZONE_LARGE_SIZE, 2792 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2793 cache_zone_large_ts = uma_zcreate("LTS VFS Cache", CACHE_ZONE_LARGE_TS_SIZE, 2794 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2795 2796 VFS_SMR_ZONE_SET(cache_zone_small); 2797 VFS_SMR_ZONE_SET(cache_zone_small_ts); 2798 VFS_SMR_ZONE_SET(cache_zone_large); 2799 VFS_SMR_ZONE_SET(cache_zone_large_ts); 2800 2801 ncsize = desiredvnodes * ncsizefactor; 2802 cache_recalc_neg_min(); 2803 nchashtbl = nchinittbl(ncsize, &nchash); 2804 ncbuckethash = cache_roundup_2(mp_ncpus * mp_ncpus) - 1; 2805 if (ncbuckethash < 7) /* arbitrarily chosen to avoid having one lock */ 2806 ncbuckethash = 7; 2807 if (ncbuckethash > nchash) 2808 ncbuckethash = nchash; 2809 bucketlocks = malloc(sizeof(*bucketlocks) * numbucketlocks, M_VFSCACHE, 2810 M_WAITOK | M_ZERO); 2811 for (i = 0; i < numbucketlocks; i++) 2812 mtx_init(&bucketlocks[i], "ncbuc", NULL, MTX_DUPOK | MTX_RECURSE); 2813 ncvnodehash = ncbuckethash; 2814 vnodelocks = malloc(sizeof(*vnodelocks) * numvnodelocks, M_VFSCACHE, 2815 M_WAITOK | M_ZERO); 2816 for (i = 0; i < numvnodelocks; i++) 2817 mtx_init(&vnodelocks[i], "ncvn", NULL, MTX_DUPOK | MTX_RECURSE); 2818 2819 for (i = 0; i < numneglists; i++) { 2820 mtx_init(&neglists[i].nl_evict_lock, "ncnege", NULL, MTX_DEF); 2821 mtx_init(&neglists[i].nl_lock, "ncnegl", NULL, MTX_DEF); 2822 TAILQ_INIT(&neglists[i].nl_list); 2823 TAILQ_INIT(&neglists[i].nl_hotlist); 2824 } 2825 } 2826 SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nchinit, NULL); 2827 2828 void 2829 cache_vnode_init(struct vnode *vp) 2830 { 2831 2832 LIST_INIT(&vp->v_cache_src); 2833 TAILQ_INIT(&vp->v_cache_dst); 2834 vp->v_cache_dd = NULL; 2835 cache_prehash(vp); 2836 } 2837 2838 /* 2839 * Induce transient cache misses for lockless operation in cache_lookup() by 2840 * using a temporary hash table. 2841 * 2842 * This will force a fs lookup. 2843 * 2844 * Synchronisation is done in 2 steps, calling vfs_smr_synchronize each time 2845 * to observe all CPUs not performing the lookup. 2846 */ 2847 static void 2848 cache_changesize_set_temp(struct nchashhead *temptbl, u_long temphash) 2849 { 2850 2851 MPASS(temphash < nchash); 2852 /* 2853 * Change the size. The new size is smaller and can safely be used 2854 * against the existing table. All lookups which now hash wrong will 2855 * result in a cache miss, which all callers are supposed to know how 2856 * to handle. 2857 */ 2858 atomic_store_long(&nchash, temphash); 2859 atomic_thread_fence_rel(); 2860 vfs_smr_synchronize(); 2861 /* 2862 * At this point everyone sees the updated hash value, but they still 2863 * see the old table. 2864 */ 2865 atomic_store_ptr(&nchashtbl, temptbl); 2866 atomic_thread_fence_rel(); 2867 vfs_smr_synchronize(); 2868 /* 2869 * At this point everyone sees the updated table pointer and size pair. 2870 */ 2871 } 2872 2873 /* 2874 * Set the new hash table. 2875 * 2876 * Similarly to cache_changesize_set_temp(), this has to synchronize against 2877 * lockless operation in cache_lookup(). 2878 */ 2879 static void 2880 cache_changesize_set_new(struct nchashhead *new_tbl, u_long new_hash) 2881 { 2882 2883 MPASS(nchash < new_hash); 2884 /* 2885 * Change the pointer first. This wont result in out of bounds access 2886 * since the temporary table is guaranteed to be smaller. 2887 */ 2888 atomic_store_ptr(&nchashtbl, new_tbl); 2889 atomic_thread_fence_rel(); 2890 vfs_smr_synchronize(); 2891 /* 2892 * At this point everyone sees the updated pointer value, but they 2893 * still see the old size. 2894 */ 2895 atomic_store_long(&nchash, new_hash); 2896 atomic_thread_fence_rel(); 2897 vfs_smr_synchronize(); 2898 /* 2899 * At this point everyone sees the updated table pointer and size pair. 2900 */ 2901 } 2902 2903 void 2904 cache_changesize(u_long newmaxvnodes) 2905 { 2906 struct nchashhead *new_nchashtbl, *old_nchashtbl, *temptbl; 2907 u_long new_nchash, old_nchash, temphash; 2908 struct namecache *ncp; 2909 uint32_t hash; 2910 u_long newncsize; 2911 u_long i; 2912 2913 newncsize = newmaxvnodes * ncsizefactor; 2914 newmaxvnodes = cache_roundup_2(newmaxvnodes * 2); 2915 if (newmaxvnodes < numbucketlocks) 2916 newmaxvnodes = numbucketlocks; 2917 2918 new_nchashtbl = nchinittbl(newmaxvnodes, &new_nchash); 2919 /* If same hash table size, nothing to do */ 2920 if (nchash == new_nchash) { 2921 ncfreetbl(new_nchashtbl); 2922 return; 2923 } 2924 2925 temptbl = nchinittbl(1, &temphash); 2926 2927 /* 2928 * Move everything from the old hash table to the new table. 2929 * None of the namecache entries in the table can be removed 2930 * because to do so, they have to be removed from the hash table. 2931 */ 2932 cache_lock_all_vnodes(); 2933 cache_lock_all_buckets(); 2934 old_nchashtbl = nchashtbl; 2935 old_nchash = nchash; 2936 cache_changesize_set_temp(temptbl, temphash); 2937 for (i = 0; i <= old_nchash; i++) { 2938 while ((ncp = CK_SLIST_FIRST(&old_nchashtbl[i])) != NULL) { 2939 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, 2940 ncp->nc_dvp); 2941 CK_SLIST_REMOVE(&old_nchashtbl[i], ncp, namecache, nc_hash); 2942 CK_SLIST_INSERT_HEAD(&new_nchashtbl[hash & new_nchash], ncp, nc_hash); 2943 } 2944 } 2945 ncsize = newncsize; 2946 cache_recalc_neg_min(); 2947 cache_changesize_set_new(new_nchashtbl, new_nchash); 2948 cache_unlock_all_buckets(); 2949 cache_unlock_all_vnodes(); 2950 ncfreetbl(old_nchashtbl); 2951 ncfreetbl(temptbl); 2952 } 2953 2954 /* 2955 * Remove all entries from and to a particular vnode. 2956 */ 2957 static void 2958 cache_purge_impl(struct vnode *vp) 2959 { 2960 struct cache_freebatch batch; 2961 struct namecache *ncp; 2962 struct mtx *vlp, *vlp2; 2963 2964 TAILQ_INIT(&batch); 2965 vlp = VP2VNODELOCK(vp); 2966 vlp2 = NULL; 2967 mtx_lock(vlp); 2968 retry: 2969 while (!LIST_EMPTY(&vp->v_cache_src)) { 2970 ncp = LIST_FIRST(&vp->v_cache_src); 2971 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2972 goto retry; 2973 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2974 } 2975 while (!TAILQ_EMPTY(&vp->v_cache_dst)) { 2976 ncp = TAILQ_FIRST(&vp->v_cache_dst); 2977 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2978 goto retry; 2979 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2980 } 2981 ncp = vp->v_cache_dd; 2982 if (ncp != NULL) { 2983 KASSERT(ncp->nc_flag & NCF_ISDOTDOT, 2984 ("lost dotdot link")); 2985 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2986 goto retry; 2987 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2988 } 2989 KASSERT(vp->v_cache_dd == NULL, ("incomplete purge")); 2990 mtx_unlock(vlp); 2991 if (vlp2 != NULL) 2992 mtx_unlock(vlp2); 2993 cache_free_batch(&batch); 2994 } 2995 2996 /* 2997 * Opportunistic check to see if there is anything to do. 2998 */ 2999 static bool 3000 cache_has_entries(struct vnode *vp) 3001 { 3002 3003 if (LIST_EMPTY(&vp->v_cache_src) && TAILQ_EMPTY(&vp->v_cache_dst) && 3004 atomic_load_ptr(&vp->v_cache_dd) == NULL) 3005 return (false); 3006 return (true); 3007 } 3008 3009 void 3010 cache_purge(struct vnode *vp) 3011 { 3012 3013 SDT_PROBE1(vfs, namecache, purge, done, vp); 3014 if (!cache_has_entries(vp)) 3015 return; 3016 cache_purge_impl(vp); 3017 } 3018 3019 /* 3020 * Only to be used by vgone. 3021 */ 3022 void 3023 cache_purge_vgone(struct vnode *vp) 3024 { 3025 struct mtx *vlp; 3026 3027 VNPASS(VN_IS_DOOMED(vp), vp); 3028 if (cache_has_entries(vp)) { 3029 cache_purge_impl(vp); 3030 return; 3031 } 3032 3033 /* 3034 * Serialize against a potential thread doing cache_purge. 3035 */ 3036 vlp = VP2VNODELOCK(vp); 3037 mtx_wait_unlocked(vlp); 3038 if (cache_has_entries(vp)) { 3039 cache_purge_impl(vp); 3040 return; 3041 } 3042 return; 3043 } 3044 3045 /* 3046 * Remove all negative entries for a particular directory vnode. 3047 */ 3048 void 3049 cache_purge_negative(struct vnode *vp) 3050 { 3051 struct cache_freebatch batch; 3052 struct namecache *ncp, *nnp; 3053 struct mtx *vlp; 3054 3055 SDT_PROBE1(vfs, namecache, purge_negative, done, vp); 3056 if (LIST_EMPTY(&vp->v_cache_src)) 3057 return; 3058 TAILQ_INIT(&batch); 3059 vlp = VP2VNODELOCK(vp); 3060 mtx_lock(vlp); 3061 LIST_FOREACH_SAFE(ncp, &vp->v_cache_src, nc_src, nnp) { 3062 if (!(ncp->nc_flag & NCF_NEGATIVE)) 3063 continue; 3064 cache_zap_negative_locked_vnode_kl(ncp, vp); 3065 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 3066 } 3067 mtx_unlock(vlp); 3068 cache_free_batch(&batch); 3069 } 3070 3071 /* 3072 * Entry points for modifying VOP operations. 3073 */ 3074 void 3075 cache_vop_rename(struct vnode *fdvp, struct vnode *fvp, struct vnode *tdvp, 3076 struct vnode *tvp, struct componentname *fcnp, struct componentname *tcnp) 3077 { 3078 3079 ASSERT_VOP_IN_SEQC(fdvp); 3080 ASSERT_VOP_IN_SEQC(fvp); 3081 ASSERT_VOP_IN_SEQC(tdvp); 3082 if (tvp != NULL) 3083 ASSERT_VOP_IN_SEQC(tvp); 3084 3085 cache_purge(fvp); 3086 if (tvp != NULL) { 3087 cache_purge(tvp); 3088 KASSERT(!cache_remove_cnp(tdvp, tcnp), 3089 ("%s: lingering negative entry", __func__)); 3090 } else { 3091 cache_remove_cnp(tdvp, tcnp); 3092 } 3093 3094 /* 3095 * TODO 3096 * 3097 * Historically renaming was always purging all revelang entries, 3098 * but that's quite wasteful. In particular turns out that in many cases 3099 * the target file is immediately accessed after rename, inducing a cache 3100 * miss. 3101 * 3102 * Recode this to reduce relocking and reuse the existing entry (if any) 3103 * instead of just removing it above and allocating a new one here. 3104 */ 3105 cache_enter(tdvp, fvp, tcnp); 3106 } 3107 3108 void 3109 cache_vop_rmdir(struct vnode *dvp, struct vnode *vp) 3110 { 3111 3112 ASSERT_VOP_IN_SEQC(dvp); 3113 ASSERT_VOP_IN_SEQC(vp); 3114 cache_purge(vp); 3115 } 3116 3117 #ifdef INVARIANTS 3118 /* 3119 * Validate that if an entry exists it matches. 3120 */ 3121 void 3122 cache_validate(struct vnode *dvp, struct vnode *vp, struct componentname *cnp) 3123 { 3124 struct namecache *ncp; 3125 struct mtx *blp; 3126 uint32_t hash; 3127 3128 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 3129 if (CK_SLIST_EMPTY(NCHHASH(hash))) 3130 return; 3131 blp = HASH2BUCKETLOCK(hash); 3132 mtx_lock(blp); 3133 ncp = cache_ncp_find(dvp, cnp, hash); 3134 if (ncp != NULL && ncp->nc_vp != vp) { 3135 panic("%s: mismatch (%p != %p); ncp %p [%s] dvp %p\n", 3136 __func__, vp, ncp->nc_vp, ncp, ncp->nc_name, ncp->nc_dvp); 3137 } 3138 mtx_unlock(blp); 3139 } 3140 3141 void 3142 cache_assert_no_entries(struct vnode *vp) 3143 { 3144 3145 VNPASS(TAILQ_EMPTY(&vp->v_cache_dst), vp); 3146 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp); 3147 VNPASS(vp->v_cache_dd == NULL, vp); 3148 } 3149 #endif 3150 3151 /* 3152 * Flush all entries referencing a particular filesystem. 3153 */ 3154 void 3155 cache_purgevfs(struct mount *mp) 3156 { 3157 struct vnode *vp, *mvp; 3158 size_t visited __sdt_used, purged __sdt_used; 3159 3160 visited = purged = 0; 3161 /* 3162 * Somewhat wasteful iteration over all vnodes. Would be better to 3163 * support filtering and avoid the interlock to begin with. 3164 */ 3165 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 3166 visited++; 3167 if (!cache_has_entries(vp)) { 3168 VI_UNLOCK(vp); 3169 continue; 3170 } 3171 vholdl(vp); 3172 VI_UNLOCK(vp); 3173 cache_purge(vp); 3174 purged++; 3175 vdrop(vp); 3176 } 3177 3178 SDT_PROBE3(vfs, namecache, purgevfs, done, mp, visited, purged); 3179 } 3180 3181 /* 3182 * Perform canonical checks and cache lookup and pass on to filesystem 3183 * through the vop_cachedlookup only if needed. 3184 */ 3185 3186 int 3187 vfs_cache_lookup(struct vop_lookup_args *ap) 3188 { 3189 struct vnode *dvp; 3190 int error; 3191 struct vnode **vpp = ap->a_vpp; 3192 struct componentname *cnp = ap->a_cnp; 3193 int flags = cnp->cn_flags; 3194 3195 *vpp = NULL; 3196 dvp = ap->a_dvp; 3197 3198 if (dvp->v_type != VDIR) 3199 return (ENOTDIR); 3200 3201 if ((flags & ISLASTCN) && (dvp->v_mount->mnt_flag & MNT_RDONLY) && 3202 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) 3203 return (EROFS); 3204 3205 error = vn_dir_check_exec(dvp, cnp); 3206 if (error != 0) 3207 return (error); 3208 3209 error = cache_lookup(dvp, vpp, cnp, NULL, NULL); 3210 if (error == 0) 3211 return (VOP_CACHEDLOOKUP(dvp, vpp, cnp)); 3212 if (error == -1) 3213 return (0); 3214 return (error); 3215 } 3216 3217 /* Implementation of the getcwd syscall. */ 3218 int 3219 sys___getcwd(struct thread *td, struct __getcwd_args *uap) 3220 { 3221 char *buf, *retbuf; 3222 size_t buflen; 3223 int error; 3224 3225 buflen = uap->buflen; 3226 if (__predict_false(buflen < 2)) 3227 return (EINVAL); 3228 if (buflen > MAXPATHLEN) 3229 buflen = MAXPATHLEN; 3230 3231 buf = uma_zalloc(namei_zone, M_WAITOK); 3232 error = vn_getcwd(buf, &retbuf, &buflen); 3233 if (error == 0) 3234 error = copyout(retbuf, uap->buf, buflen); 3235 uma_zfree(namei_zone, buf); 3236 return (error); 3237 } 3238 3239 int 3240 vn_getcwd(char *buf, char **retbuf, size_t *buflen) 3241 { 3242 struct pwd *pwd; 3243 int error; 3244 3245 vfs_smr_enter(); 3246 pwd = pwd_get_smr(); 3247 error = vn_fullpath_any_smr(pwd->pwd_cdir, pwd->pwd_rdir, buf, retbuf, 3248 buflen, 0); 3249 VFS_SMR_ASSERT_NOT_ENTERED(); 3250 if (error < 0) { 3251 pwd = pwd_hold(curthread); 3252 error = vn_fullpath_any(pwd->pwd_cdir, pwd->pwd_rdir, buf, 3253 retbuf, buflen); 3254 pwd_drop(pwd); 3255 } 3256 3257 #ifdef KTRACE 3258 if (KTRPOINT(curthread, KTR_NAMEI) && error == 0) 3259 ktrnamei(*retbuf); 3260 #endif 3261 return (error); 3262 } 3263 3264 /* 3265 * Canonicalize a path by walking it forward and back. 3266 * 3267 * BUGS: 3268 * - Nothing guarantees the integrity of the entire chain. Consider the case 3269 * where the path "foo/bar/baz/qux" is passed, but "bar" is moved out of 3270 * "foo" into "quux" during the backwards walk. The result will be 3271 * "quux/bar/baz/qux", which could not have been obtained by an incremental 3272 * walk in userspace. Moreover, the path we return is inaccessible if the 3273 * calling thread lacks permission to traverse "quux". 3274 */ 3275 static int 3276 kern___realpathat(struct thread *td, int fd, const char *path, char *buf, 3277 size_t size, int flags, enum uio_seg pathseg) 3278 { 3279 struct nameidata nd; 3280 char *retbuf, *freebuf; 3281 int error; 3282 3283 if (flags != 0) 3284 return (EINVAL); 3285 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | WANTPARENT | AUDITVNODE1, 3286 pathseg, path, fd, &cap_fstat_rights); 3287 if ((error = namei(&nd)) != 0) 3288 return (error); 3289 3290 if (nd.ni_vp->v_type == VREG && nd.ni_dvp->v_type != VDIR && 3291 (nd.ni_vp->v_vflag & VV_ROOT) != 0) { 3292 struct vnode *covered_vp; 3293 3294 /* 3295 * This happens if vp is a file mount. The call to 3296 * vn_fullpath_hardlink can panic if path resolution can't be 3297 * handled without the directory. 3298 * 3299 * To resolve this, we find the vnode which was mounted on - 3300 * this should have a unique global path since we disallow 3301 * mounting on linked files. 3302 */ 3303 error = vn_lock(nd.ni_vp, LK_SHARED); 3304 if (error != 0) 3305 goto out; 3306 covered_vp = nd.ni_vp->v_mount->mnt_vnodecovered; 3307 vref(covered_vp); 3308 VOP_UNLOCK(nd.ni_vp); 3309 error = vn_fullpath(covered_vp, &retbuf, &freebuf); 3310 vrele(covered_vp); 3311 } else { 3312 error = vn_fullpath_hardlink(nd.ni_vp, nd.ni_dvp, 3313 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, &retbuf, 3314 &freebuf, &size); 3315 } 3316 if (error == 0) { 3317 size_t len; 3318 3319 len = strlen(retbuf) + 1; 3320 if (size < len) 3321 error = ENAMETOOLONG; 3322 else if (pathseg == UIO_USERSPACE) 3323 error = copyout(retbuf, buf, len); 3324 else 3325 memcpy(buf, retbuf, len); 3326 free(freebuf, M_TEMP); 3327 } 3328 out: 3329 vrele(nd.ni_vp); 3330 vrele(nd.ni_dvp); 3331 NDFREE_PNBUF(&nd); 3332 return (error); 3333 } 3334 3335 int 3336 sys___realpathat(struct thread *td, struct __realpathat_args *uap) 3337 { 3338 3339 return (kern___realpathat(td, uap->fd, uap->path, uap->buf, uap->size, 3340 uap->flags, UIO_USERSPACE)); 3341 } 3342 3343 /* 3344 * Retrieve the full filesystem path that correspond to a vnode from the name 3345 * cache (if available) 3346 */ 3347 int 3348 vn_fullpath(struct vnode *vp, char **retbuf, char **freebuf) 3349 { 3350 struct pwd *pwd; 3351 char *buf; 3352 size_t buflen; 3353 int error; 3354 3355 if (__predict_false(vp == NULL)) 3356 return (EINVAL); 3357 3358 buflen = MAXPATHLEN; 3359 buf = malloc(buflen, M_TEMP, M_WAITOK); 3360 vfs_smr_enter(); 3361 pwd = pwd_get_smr(); 3362 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, &buflen, 0); 3363 VFS_SMR_ASSERT_NOT_ENTERED(); 3364 if (error < 0) { 3365 pwd = pwd_hold(curthread); 3366 error = vn_fullpath_any(vp, pwd->pwd_rdir, buf, retbuf, &buflen); 3367 pwd_drop(pwd); 3368 } 3369 if (error == 0) 3370 *freebuf = buf; 3371 else 3372 free(buf, M_TEMP); 3373 return (error); 3374 } 3375 3376 /* 3377 * This function is similar to vn_fullpath, but it attempts to lookup the 3378 * pathname relative to the global root mount point. This is required for the 3379 * auditing sub-system, as audited pathnames must be absolute, relative to the 3380 * global root mount point. 3381 */ 3382 int 3383 vn_fullpath_global(struct vnode *vp, char **retbuf, char **freebuf) 3384 { 3385 char *buf; 3386 size_t buflen; 3387 int error; 3388 3389 if (__predict_false(vp == NULL)) 3390 return (EINVAL); 3391 buflen = MAXPATHLEN; 3392 buf = malloc(buflen, M_TEMP, M_WAITOK); 3393 vfs_smr_enter(); 3394 error = vn_fullpath_any_smr(vp, rootvnode, buf, retbuf, &buflen, 0); 3395 VFS_SMR_ASSERT_NOT_ENTERED(); 3396 if (error < 0) { 3397 error = vn_fullpath_any(vp, rootvnode, buf, retbuf, &buflen); 3398 } 3399 if (error == 0) 3400 *freebuf = buf; 3401 else 3402 free(buf, M_TEMP); 3403 return (error); 3404 } 3405 3406 static struct namecache * 3407 vn_dd_from_dst(struct vnode *vp) 3408 { 3409 struct namecache *ncp; 3410 3411 cache_assert_vnode_locked(vp); 3412 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) { 3413 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0) 3414 return (ncp); 3415 } 3416 return (NULL); 3417 } 3418 3419 int 3420 vn_vptocnp(struct vnode **vp, char *buf, size_t *buflen) 3421 { 3422 struct vnode *dvp; 3423 struct namecache *ncp; 3424 struct mtx *vlp; 3425 int error; 3426 3427 vlp = VP2VNODELOCK(*vp); 3428 mtx_lock(vlp); 3429 ncp = (*vp)->v_cache_dd; 3430 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT) == 0) { 3431 KASSERT(ncp == vn_dd_from_dst(*vp), 3432 ("%s: mismatch for dd entry (%p != %p)", __func__, 3433 ncp, vn_dd_from_dst(*vp))); 3434 } else { 3435 ncp = vn_dd_from_dst(*vp); 3436 } 3437 if (ncp != NULL) { 3438 if (*buflen < ncp->nc_nlen) { 3439 mtx_unlock(vlp); 3440 vrele(*vp); 3441 counter_u64_add(numfullpathfail4, 1); 3442 error = ENOMEM; 3443 SDT_PROBE3(vfs, namecache, fullpath, return, error, 3444 vp, NULL); 3445 return (error); 3446 } 3447 *buflen -= ncp->nc_nlen; 3448 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen); 3449 SDT_PROBE3(vfs, namecache, fullpath, hit, ncp->nc_dvp, 3450 ncp->nc_name, vp); 3451 dvp = *vp; 3452 *vp = ncp->nc_dvp; 3453 vref(*vp); 3454 mtx_unlock(vlp); 3455 vrele(dvp); 3456 return (0); 3457 } 3458 SDT_PROBE1(vfs, namecache, fullpath, miss, vp); 3459 3460 mtx_unlock(vlp); 3461 vn_lock(*vp, LK_SHARED | LK_RETRY); 3462 error = VOP_VPTOCNP(*vp, &dvp, buf, buflen); 3463 vput(*vp); 3464 if (error) { 3465 counter_u64_add(numfullpathfail2, 1); 3466 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL); 3467 return (error); 3468 } 3469 3470 *vp = dvp; 3471 if (VN_IS_DOOMED(dvp)) { 3472 /* forced unmount */ 3473 vrele(dvp); 3474 error = ENOENT; 3475 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL); 3476 return (error); 3477 } 3478 /* 3479 * *vp has its use count incremented still. 3480 */ 3481 3482 return (0); 3483 } 3484 3485 /* 3486 * Resolve a directory to a pathname. 3487 * 3488 * The name of the directory can always be found in the namecache or fetched 3489 * from the filesystem. There is also guaranteed to be only one parent, meaning 3490 * we can just follow vnodes up until we find the root. 3491 * 3492 * The vnode must be referenced. 3493 */ 3494 static int 3495 vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf, 3496 size_t *len, size_t addend) 3497 { 3498 #ifdef KDTRACE_HOOKS 3499 struct vnode *startvp = vp; 3500 #endif 3501 struct vnode *vp1; 3502 size_t buflen; 3503 int error; 3504 bool slash_prefixed; 3505 3506 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp); 3507 VNPASS(vp->v_usecount > 0, vp); 3508 3509 buflen = *len; 3510 3511 slash_prefixed = true; 3512 if (addend == 0) { 3513 MPASS(*len >= 2); 3514 buflen--; 3515 buf[buflen] = '\0'; 3516 slash_prefixed = false; 3517 } 3518 3519 error = 0; 3520 3521 SDT_PROBE1(vfs, namecache, fullpath, entry, vp); 3522 counter_u64_add(numfullpathcalls, 1); 3523 while (vp != rdir && vp != rootvnode) { 3524 /* 3525 * The vp vnode must be already fully constructed, 3526 * since it is either found in namecache or obtained 3527 * from VOP_VPTOCNP(). We may test for VV_ROOT safely 3528 * without obtaining the vnode lock. 3529 */ 3530 if ((vp->v_vflag & VV_ROOT) != 0) { 3531 vn_lock(vp, LK_RETRY | LK_SHARED); 3532 3533 /* 3534 * With the vnode locked, check for races with 3535 * unmount, forced or not. Note that we 3536 * already verified that vp is not equal to 3537 * the root vnode, which means that 3538 * mnt_vnodecovered can be NULL only for the 3539 * case of unmount. 3540 */ 3541 if (VN_IS_DOOMED(vp) || 3542 (vp1 = vp->v_mount->mnt_vnodecovered) == NULL || 3543 vp1->v_mountedhere != vp->v_mount) { 3544 vput(vp); 3545 error = ENOENT; 3546 SDT_PROBE3(vfs, namecache, fullpath, return, 3547 error, vp, NULL); 3548 break; 3549 } 3550 3551 vref(vp1); 3552 vput(vp); 3553 vp = vp1; 3554 continue; 3555 } 3556 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp); 3557 error = vn_vptocnp(&vp, buf, &buflen); 3558 if (error) 3559 break; 3560 if (buflen == 0) { 3561 vrele(vp); 3562 error = ENOMEM; 3563 SDT_PROBE3(vfs, namecache, fullpath, return, error, 3564 startvp, NULL); 3565 break; 3566 } 3567 buf[--buflen] = '/'; 3568 slash_prefixed = true; 3569 } 3570 if (error) 3571 return (error); 3572 if (!slash_prefixed) { 3573 if (buflen == 0) { 3574 vrele(vp); 3575 counter_u64_add(numfullpathfail4, 1); 3576 SDT_PROBE3(vfs, namecache, fullpath, return, ENOMEM, 3577 startvp, NULL); 3578 return (ENOMEM); 3579 } 3580 buf[--buflen] = '/'; 3581 } 3582 counter_u64_add(numfullpathfound, 1); 3583 vrele(vp); 3584 3585 *retbuf = buf + buflen; 3586 SDT_PROBE3(vfs, namecache, fullpath, return, 0, startvp, *retbuf); 3587 *len -= buflen; 3588 *len += addend; 3589 return (0); 3590 } 3591 3592 /* 3593 * Resolve an arbitrary vnode to a pathname. 3594 * 3595 * Note 2 caveats: 3596 * - hardlinks are not tracked, thus if the vnode is not a directory this can 3597 * resolve to a different path than the one used to find it 3598 * - namecache is not mandatory, meaning names are not guaranteed to be added 3599 * (in which case resolving fails) 3600 */ 3601 static void __inline 3602 cache_rev_failed_impl(int *reason, int line) 3603 { 3604 3605 *reason = line; 3606 } 3607 #define cache_rev_failed(var) cache_rev_failed_impl((var), __LINE__) 3608 3609 static int 3610 vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf, 3611 char **retbuf, size_t *buflen, size_t addend) 3612 { 3613 #ifdef KDTRACE_HOOKS 3614 struct vnode *startvp = vp; 3615 #endif 3616 struct vnode *tvp; 3617 struct mount *mp; 3618 struct namecache *ncp; 3619 size_t orig_buflen; 3620 int reason; 3621 int error; 3622 #ifdef KDTRACE_HOOKS 3623 int i; 3624 #endif 3625 seqc_t vp_seqc, tvp_seqc; 3626 u_char nc_flag; 3627 3628 VFS_SMR_ASSERT_ENTERED(); 3629 3630 if (!atomic_load_char(&cache_fast_lookup_enabled)) { 3631 vfs_smr_exit(); 3632 return (-1); 3633 } 3634 3635 orig_buflen = *buflen; 3636 3637 if (addend == 0) { 3638 MPASS(*buflen >= 2); 3639 *buflen -= 1; 3640 buf[*buflen] = '\0'; 3641 } 3642 3643 if (vp == rdir || vp == rootvnode) { 3644 if (addend == 0) { 3645 *buflen -= 1; 3646 buf[*buflen] = '/'; 3647 } 3648 goto out_ok; 3649 } 3650 3651 #ifdef KDTRACE_HOOKS 3652 i = 0; 3653 #endif 3654 error = -1; 3655 ncp = NULL; /* for sdt probe down below */ 3656 vp_seqc = vn_seqc_read_any(vp); 3657 if (seqc_in_modify(vp_seqc)) { 3658 cache_rev_failed(&reason); 3659 goto out_abort; 3660 } 3661 3662 for (;;) { 3663 #ifdef KDTRACE_HOOKS 3664 i++; 3665 #endif 3666 if ((vp->v_vflag & VV_ROOT) != 0) { 3667 mp = atomic_load_ptr(&vp->v_mount); 3668 if (mp == NULL) { 3669 cache_rev_failed(&reason); 3670 goto out_abort; 3671 } 3672 tvp = atomic_load_ptr(&mp->mnt_vnodecovered); 3673 tvp_seqc = vn_seqc_read_any(tvp); 3674 if (seqc_in_modify(tvp_seqc)) { 3675 cache_rev_failed(&reason); 3676 goto out_abort; 3677 } 3678 if (!vn_seqc_consistent(vp, vp_seqc)) { 3679 cache_rev_failed(&reason); 3680 goto out_abort; 3681 } 3682 vp = tvp; 3683 vp_seqc = tvp_seqc; 3684 continue; 3685 } 3686 ncp = atomic_load_consume_ptr(&vp->v_cache_dd); 3687 if (ncp == NULL) { 3688 cache_rev_failed(&reason); 3689 goto out_abort; 3690 } 3691 nc_flag = atomic_load_char(&ncp->nc_flag); 3692 if ((nc_flag & NCF_ISDOTDOT) != 0) { 3693 cache_rev_failed(&reason); 3694 goto out_abort; 3695 } 3696 if (ncp->nc_nlen >= *buflen) { 3697 cache_rev_failed(&reason); 3698 error = ENOMEM; 3699 goto out_abort; 3700 } 3701 *buflen -= ncp->nc_nlen; 3702 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen); 3703 *buflen -= 1; 3704 buf[*buflen] = '/'; 3705 tvp = ncp->nc_dvp; 3706 tvp_seqc = vn_seqc_read_any(tvp); 3707 if (seqc_in_modify(tvp_seqc)) { 3708 cache_rev_failed(&reason); 3709 goto out_abort; 3710 } 3711 if (!vn_seqc_consistent(vp, vp_seqc)) { 3712 cache_rev_failed(&reason); 3713 goto out_abort; 3714 } 3715 /* 3716 * Acquire fence provided by vn_seqc_read_any above. 3717 */ 3718 if (__predict_false(atomic_load_ptr(&vp->v_cache_dd) != ncp)) { 3719 cache_rev_failed(&reason); 3720 goto out_abort; 3721 } 3722 if (!cache_ncp_canuse(ncp)) { 3723 cache_rev_failed(&reason); 3724 goto out_abort; 3725 } 3726 vp = tvp; 3727 vp_seqc = tvp_seqc; 3728 if (vp == rdir || vp == rootvnode) 3729 break; 3730 } 3731 out_ok: 3732 vfs_smr_exit(); 3733 *retbuf = buf + *buflen; 3734 *buflen = orig_buflen - *buflen + addend; 3735 SDT_PROBE2(vfs, namecache, fullpath_smr, hit, startvp, *retbuf); 3736 return (0); 3737 3738 out_abort: 3739 *buflen = orig_buflen; 3740 SDT_PROBE4(vfs, namecache, fullpath_smr, miss, startvp, ncp, reason, i); 3741 vfs_smr_exit(); 3742 return (error); 3743 } 3744 3745 static int 3746 vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf, 3747 size_t *buflen) 3748 { 3749 size_t orig_buflen, addend; 3750 int error; 3751 3752 if (*buflen < 2) 3753 return (EINVAL); 3754 3755 orig_buflen = *buflen; 3756 3757 vref(vp); 3758 addend = 0; 3759 if (vp->v_type != VDIR) { 3760 *buflen -= 1; 3761 buf[*buflen] = '\0'; 3762 error = vn_vptocnp(&vp, buf, buflen); 3763 if (error) 3764 return (error); 3765 if (*buflen == 0) { 3766 vrele(vp); 3767 return (ENOMEM); 3768 } 3769 *buflen -= 1; 3770 buf[*buflen] = '/'; 3771 addend = orig_buflen - *buflen; 3772 } 3773 3774 return (vn_fullpath_dir(vp, rdir, buf, retbuf, buflen, addend)); 3775 } 3776 3777 /* 3778 * Resolve an arbitrary vnode to a pathname (taking care of hardlinks). 3779 * 3780 * Since the namecache does not track hardlinks, the caller is expected to 3781 * first look up the target vnode with WANTPARENT flag passed to namei to get 3782 * dvp and vp. 3783 * 3784 * Then we have 2 cases: 3785 * - if the found vnode is a directory, the path can be constructed just by 3786 * following names up the chain 3787 * - otherwise we populate the buffer with the saved name and start resolving 3788 * from the parent 3789 */ 3790 int 3791 vn_fullpath_hardlink(struct vnode *vp, struct vnode *dvp, 3792 const char *hrdl_name, size_t hrdl_name_length, 3793 char **retbuf, char **freebuf, size_t *buflen) 3794 { 3795 char *buf, *tmpbuf; 3796 struct pwd *pwd; 3797 size_t addend; 3798 int error; 3799 __enum_uint8(vtype) type; 3800 3801 if (*buflen < 2) 3802 return (EINVAL); 3803 if (*buflen > MAXPATHLEN) 3804 *buflen = MAXPATHLEN; 3805 3806 buf = malloc(*buflen, M_TEMP, M_WAITOK); 3807 3808 addend = 0; 3809 3810 /* 3811 * Check for VBAD to work around the vp_crossmp bug in lookup(). 3812 * 3813 * For example consider tmpfs on /tmp and realpath /tmp. ni_vp will be 3814 * set to mount point's root vnode while ni_dvp will be vp_crossmp. 3815 * If the type is VDIR (like in this very case) we can skip looking 3816 * at ni_dvp in the first place. However, since vnodes get passed here 3817 * unlocked the target may transition to doomed state (type == VBAD) 3818 * before we get to evaluate the condition. If this happens, we will 3819 * populate part of the buffer and descend to vn_fullpath_dir with 3820 * vp == vp_crossmp. Prevent the problem by checking for VBAD. 3821 */ 3822 type = atomic_load_8(&vp->v_type); 3823 if (type == VBAD) { 3824 error = ENOENT; 3825 goto out_bad; 3826 } 3827 if (type != VDIR) { 3828 addend = hrdl_name_length + 2; 3829 if (*buflen < addend) { 3830 error = ENOMEM; 3831 goto out_bad; 3832 } 3833 *buflen -= addend; 3834 tmpbuf = buf + *buflen; 3835 tmpbuf[0] = '/'; 3836 memcpy(&tmpbuf[1], hrdl_name, hrdl_name_length); 3837 tmpbuf[addend - 1] = '\0'; 3838 vp = dvp; 3839 } 3840 3841 vfs_smr_enter(); 3842 pwd = pwd_get_smr(); 3843 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, buflen, 3844 addend); 3845 VFS_SMR_ASSERT_NOT_ENTERED(); 3846 if (error < 0) { 3847 pwd = pwd_hold(curthread); 3848 vref(vp); 3849 error = vn_fullpath_dir(vp, pwd->pwd_rdir, buf, retbuf, buflen, 3850 addend); 3851 pwd_drop(pwd); 3852 } 3853 if (error != 0) 3854 goto out_bad; 3855 3856 *freebuf = buf; 3857 3858 return (0); 3859 out_bad: 3860 free(buf, M_TEMP); 3861 return (error); 3862 } 3863 3864 struct vnode * 3865 vn_dir_dd_ino(struct vnode *vp) 3866 { 3867 struct namecache *ncp; 3868 struct vnode *ddvp; 3869 struct mtx *vlp; 3870 enum vgetstate vs; 3871 3872 ASSERT_VOP_LOCKED(vp, "vn_dir_dd_ino"); 3873 vlp = VP2VNODELOCK(vp); 3874 mtx_lock(vlp); 3875 TAILQ_FOREACH(ncp, &(vp->v_cache_dst), nc_dst) { 3876 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) 3877 continue; 3878 ddvp = ncp->nc_dvp; 3879 vs = vget_prep(ddvp); 3880 mtx_unlock(vlp); 3881 if (vget_finish(ddvp, LK_SHARED | LK_NOWAIT, vs)) 3882 return (NULL); 3883 return (ddvp); 3884 } 3885 mtx_unlock(vlp); 3886 return (NULL); 3887 } 3888 3889 int 3890 vn_commname(struct vnode *vp, char *buf, u_int buflen) 3891 { 3892 struct namecache *ncp; 3893 struct mtx *vlp; 3894 int l; 3895 3896 vlp = VP2VNODELOCK(vp); 3897 mtx_lock(vlp); 3898 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) 3899 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0) 3900 break; 3901 if (ncp == NULL) { 3902 mtx_unlock(vlp); 3903 return (ENOENT); 3904 } 3905 l = min(ncp->nc_nlen, buflen - 1); 3906 memcpy(buf, ncp->nc_name, l); 3907 mtx_unlock(vlp); 3908 buf[l] = '\0'; 3909 return (0); 3910 } 3911 3912 /* 3913 * This function updates path string to vnode's full global path 3914 * and checks the size of the new path string against the pathlen argument. 3915 * 3916 * Requires a locked, referenced vnode. 3917 * Vnode is re-locked on success or ENODEV, otherwise unlocked. 3918 * 3919 * If vp is a directory, the call to vn_fullpath_global() always succeeds 3920 * because it falls back to the ".." lookup if the namecache lookup fails. 3921 */ 3922 int 3923 vn_path_to_global_path(struct thread *td, struct vnode *vp, char *path, 3924 u_int pathlen) 3925 { 3926 struct nameidata nd; 3927 struct vnode *vp1; 3928 char *rpath, *fbuf; 3929 int error; 3930 3931 ASSERT_VOP_ELOCKED(vp, __func__); 3932 3933 /* Construct global filesystem path from vp. */ 3934 VOP_UNLOCK(vp); 3935 error = vn_fullpath_global(vp, &rpath, &fbuf); 3936 3937 if (error != 0) { 3938 vrele(vp); 3939 return (error); 3940 } 3941 3942 if (strlen(rpath) >= pathlen) { 3943 vrele(vp); 3944 error = ENAMETOOLONG; 3945 goto out; 3946 } 3947 3948 /* 3949 * Re-lookup the vnode by path to detect a possible rename. 3950 * As a side effect, the vnode is relocked. 3951 * If vnode was renamed, return ENOENT. 3952 */ 3953 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path); 3954 error = namei(&nd); 3955 if (error != 0) { 3956 vrele(vp); 3957 goto out; 3958 } 3959 NDFREE_PNBUF(&nd); 3960 vp1 = nd.ni_vp; 3961 vrele(vp); 3962 if (vp1 == vp) 3963 strcpy(path, rpath); 3964 else { 3965 vput(vp1); 3966 error = ENOENT; 3967 } 3968 3969 out: 3970 free(fbuf, M_TEMP); 3971 return (error); 3972 } 3973 3974 /* 3975 * This is similar to vn_path_to_global_path but allows for regular 3976 * files which may not be present in the cache. 3977 * 3978 * Requires a locked, referenced vnode. 3979 * Vnode is re-locked on success or ENODEV, otherwise unlocked. 3980 */ 3981 int 3982 vn_path_to_global_path_hardlink(struct thread *td, struct vnode *vp, 3983 struct vnode *dvp, char *path, u_int pathlen, const char *leaf_name, 3984 size_t leaf_length) 3985 { 3986 struct nameidata nd; 3987 struct vnode *vp1; 3988 char *rpath, *fbuf; 3989 size_t len; 3990 int error; 3991 3992 ASSERT_VOP_ELOCKED(vp, __func__); 3993 3994 /* 3995 * Construct global filesystem path from dvp, vp and leaf 3996 * name. 3997 */ 3998 VOP_UNLOCK(vp); 3999 len = pathlen; 4000 error = vn_fullpath_hardlink(vp, dvp, leaf_name, leaf_length, 4001 &rpath, &fbuf, &len); 4002 4003 if (error != 0) { 4004 vrele(vp); 4005 return (error); 4006 } 4007 4008 if (strlen(rpath) >= pathlen) { 4009 vrele(vp); 4010 error = ENAMETOOLONG; 4011 goto out; 4012 } 4013 4014 /* 4015 * Re-lookup the vnode by path to detect a possible rename. 4016 * As a side effect, the vnode is relocked. 4017 * If vnode was renamed, return ENOENT. 4018 */ 4019 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path); 4020 error = namei(&nd); 4021 if (error != 0) { 4022 vrele(vp); 4023 goto out; 4024 } 4025 NDFREE_PNBUF(&nd); 4026 vp1 = nd.ni_vp; 4027 vrele(vp); 4028 if (vp1 == vp) 4029 strcpy(path, rpath); 4030 else { 4031 vput(vp1); 4032 error = ENOENT; 4033 } 4034 4035 out: 4036 free(fbuf, M_TEMP); 4037 return (error); 4038 } 4039 4040 void 4041 cache_vop_inotify(struct vnode *vp, int event, uint32_t cookie) 4042 { 4043 struct mtx *vlp; 4044 struct namecache *ncp; 4045 int isdir; 4046 bool logged, self; 4047 4048 isdir = vp->v_type == VDIR ? IN_ISDIR : 0; 4049 self = (vn_irflag_read(vp) & VIRF_INOTIFY) != 0 && 4050 (vp->v_type != VDIR || (event & ~_IN_DIR_EVENTS) != 0); 4051 4052 if (self) { 4053 int selfevent; 4054 4055 if (event == _IN_ATTRIB_LINKCOUNT) 4056 selfevent = IN_ATTRIB; 4057 else 4058 selfevent = event; 4059 inotify_log(vp, NULL, 0, selfevent | isdir, cookie); 4060 } 4061 if ((event & IN_ALL_EVENTS) == 0) 4062 return; 4063 4064 logged = false; 4065 vlp = VP2VNODELOCK(vp); 4066 mtx_lock(vlp); 4067 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) { 4068 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) 4069 continue; 4070 if ((vn_irflag_read(ncp->nc_dvp) & VIRF_INOTIFY) != 0) { 4071 /* 4072 * XXX-MJ if the vnode has two links in the same 4073 * dir, we'll log the same event twice. 4074 */ 4075 inotify_log(ncp->nc_dvp, ncp->nc_name, ncp->nc_nlen, 4076 event | isdir, cookie); 4077 logged = true; 4078 } 4079 } 4080 if (!logged && (vn_irflag_read(vp) & VIRF_INOTIFY_PARENT) != 0) { 4081 /* 4082 * We didn't find a watched directory that contains this vnode, 4083 * so stop calling VOP_INOTIFY for operations on the vnode. 4084 */ 4085 vn_irflag_unset(vp, VIRF_INOTIFY_PARENT); 4086 } 4087 mtx_unlock(vlp); 4088 } 4089 4090 #ifdef DDB 4091 static void 4092 db_print_vpath(struct vnode *vp) 4093 { 4094 4095 while (vp != NULL) { 4096 db_printf("%p: ", vp); 4097 if (vp == rootvnode) { 4098 db_printf("/"); 4099 vp = NULL; 4100 } else { 4101 if (vp->v_vflag & VV_ROOT) { 4102 db_printf("<mount point>"); 4103 vp = vp->v_mount->mnt_vnodecovered; 4104 } else { 4105 struct namecache *ncp; 4106 char *ncn; 4107 int i; 4108 4109 ncp = TAILQ_FIRST(&vp->v_cache_dst); 4110 if (ncp != NULL) { 4111 ncn = ncp->nc_name; 4112 for (i = 0; i < ncp->nc_nlen; i++) 4113 db_printf("%c", *ncn++); 4114 vp = ncp->nc_dvp; 4115 } else { 4116 vp = NULL; 4117 } 4118 } 4119 } 4120 db_printf("\n"); 4121 } 4122 4123 return; 4124 } 4125 4126 DB_SHOW_COMMAND(vpath, db_show_vpath) 4127 { 4128 struct vnode *vp; 4129 4130 if (!have_addr) { 4131 db_printf("usage: show vpath <struct vnode *>\n"); 4132 return; 4133 } 4134 4135 vp = (struct vnode *)addr; 4136 db_print_vpath(vp); 4137 } 4138 4139 #endif 4140 4141 static int cache_fast_lookup = 1; 4142 4143 #define CACHE_FPL_FAILED -2020 4144 4145 static int 4146 cache_vop_bad_vexec(struct vop_fplookup_vexec_args *v) 4147 { 4148 vn_printf(v->a_vp, "no proper vop_fplookup_vexec\n"); 4149 panic("no proper vop_fplookup_vexec"); 4150 } 4151 4152 static int 4153 cache_vop_bad_symlink(struct vop_fplookup_symlink_args *v) 4154 { 4155 vn_printf(v->a_vp, "no proper vop_fplookup_symlink\n"); 4156 panic("no proper vop_fplookup_symlink"); 4157 } 4158 4159 void 4160 cache_vop_vector_register(struct vop_vector *v) 4161 { 4162 size_t ops; 4163 4164 ops = 0; 4165 if (v->vop_fplookup_vexec != NULL) { 4166 ops++; 4167 } 4168 if (v->vop_fplookup_symlink != NULL) { 4169 ops++; 4170 } 4171 4172 if (ops == 2) { 4173 return; 4174 } 4175 4176 if (ops == 0) { 4177 v->vop_fplookup_vexec = cache_vop_bad_vexec; 4178 v->vop_fplookup_symlink = cache_vop_bad_symlink; 4179 return; 4180 } 4181 4182 printf("%s: invalid vop vector %p -- either all or none fplookup vops " 4183 "need to be provided", __func__, v); 4184 if (v->vop_fplookup_vexec == NULL) { 4185 printf("%s: missing vop_fplookup_vexec\n", __func__); 4186 } 4187 if (v->vop_fplookup_symlink == NULL) { 4188 printf("%s: missing vop_fplookup_symlink\n", __func__); 4189 } 4190 panic("bad vop vector %p", v); 4191 } 4192 4193 #ifdef INVARIANTS 4194 void 4195 cache_validate_vop_vector(struct mount *mp, struct vop_vector *vops) 4196 { 4197 if (mp == NULL) 4198 return; 4199 4200 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0) 4201 return; 4202 4203 if (vops->vop_fplookup_vexec == NULL || 4204 vops->vop_fplookup_vexec == cache_vop_bad_vexec) 4205 panic("bad vop_fplookup_vexec on vector %p for filesystem %s", 4206 vops, mp->mnt_vfc->vfc_name); 4207 4208 if (vops->vop_fplookup_symlink == NULL || 4209 vops->vop_fplookup_symlink == cache_vop_bad_symlink) 4210 panic("bad vop_fplookup_symlink on vector %p for filesystem %s", 4211 vops, mp->mnt_vfc->vfc_name); 4212 } 4213 #endif 4214 4215 void 4216 cache_fast_lookup_enabled_recalc(void) 4217 { 4218 int lookup_flag; 4219 int mac_on; 4220 4221 #ifdef MAC 4222 mac_on = mac_vnode_check_lookup_enabled(); 4223 mac_on |= mac_vnode_check_readlink_enabled(); 4224 #else 4225 mac_on = 0; 4226 #endif 4227 4228 lookup_flag = atomic_load_int(&cache_fast_lookup); 4229 if (lookup_flag && !mac_on) { 4230 atomic_store_char(&cache_fast_lookup_enabled, true); 4231 } else { 4232 atomic_store_char(&cache_fast_lookup_enabled, false); 4233 } 4234 } 4235 4236 static int 4237 syscal_vfs_cache_fast_lookup(SYSCTL_HANDLER_ARGS) 4238 { 4239 int error, old; 4240 4241 old = atomic_load_int(&cache_fast_lookup); 4242 error = sysctl_handle_int(oidp, arg1, arg2, req); 4243 if (error == 0 && req->newptr && old != atomic_load_int(&cache_fast_lookup)) 4244 cache_fast_lookup_enabled_recalc(); 4245 return (error); 4246 } 4247 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, fast_lookup, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, 4248 &cache_fast_lookup, 0, syscal_vfs_cache_fast_lookup, "IU", ""); 4249 4250 /* 4251 * Components of nameidata (or objects it can point to) which may 4252 * need restoring in case fast path lookup fails. 4253 */ 4254 struct nameidata_outer { 4255 size_t ni_pathlen; 4256 uint64_t cn_flags; 4257 }; 4258 4259 struct nameidata_saved { 4260 #ifdef INVARIANTS 4261 char *cn_nameptr; 4262 size_t ni_pathlen; 4263 #endif 4264 }; 4265 4266 #ifdef INVARIANTS 4267 struct cache_fpl_debug { 4268 size_t ni_pathlen; 4269 }; 4270 #endif 4271 4272 struct cache_fpl { 4273 struct nameidata *ndp; 4274 struct componentname *cnp; 4275 char *nulchar; 4276 struct vnode *dvp; 4277 struct vnode *tvp; 4278 seqc_t dvp_seqc; 4279 seqc_t tvp_seqc; 4280 uint32_t hash; 4281 struct nameidata_saved snd; 4282 struct nameidata_outer snd_outer; 4283 int line; 4284 enum cache_fpl_status status:8; 4285 bool in_smr; 4286 bool fsearch; 4287 struct pwd **pwd; 4288 #ifdef INVARIANTS 4289 struct cache_fpl_debug debug; 4290 #endif 4291 }; 4292 4293 static bool cache_fplookup_mp_supported(struct mount *mp); 4294 static bool cache_fplookup_is_mp(struct cache_fpl *fpl); 4295 static int cache_fplookup_cross_mount(struct cache_fpl *fpl); 4296 static int cache_fplookup_partial_setup(struct cache_fpl *fpl); 4297 static int cache_fplookup_skip_slashes(struct cache_fpl *fpl); 4298 static int cache_fplookup_trailingslash(struct cache_fpl *fpl); 4299 static void cache_fpl_pathlen_dec(struct cache_fpl *fpl); 4300 static void cache_fpl_pathlen_inc(struct cache_fpl *fpl); 4301 static void cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n); 4302 static void cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n); 4303 4304 static void 4305 cache_fpl_cleanup_cnp(struct componentname *cnp) 4306 { 4307 4308 uma_zfree(namei_zone, cnp->cn_pnbuf); 4309 cnp->cn_pnbuf = NULL; 4310 cnp->cn_nameptr = NULL; 4311 } 4312 4313 static struct vnode * 4314 cache_fpl_handle_root(struct cache_fpl *fpl) 4315 { 4316 struct nameidata *ndp; 4317 struct componentname *cnp; 4318 4319 ndp = fpl->ndp; 4320 cnp = fpl->cnp; 4321 4322 MPASS(*(cnp->cn_nameptr) == '/'); 4323 cnp->cn_nameptr++; 4324 cache_fpl_pathlen_dec(fpl); 4325 4326 if (__predict_false(*(cnp->cn_nameptr) == '/')) { 4327 do { 4328 cnp->cn_nameptr++; 4329 cache_fpl_pathlen_dec(fpl); 4330 } while (*(cnp->cn_nameptr) == '/'); 4331 } 4332 4333 return (ndp->ni_rootdir); 4334 } 4335 4336 static void 4337 cache_fpl_checkpoint_outer(struct cache_fpl *fpl) 4338 { 4339 4340 fpl->snd_outer.ni_pathlen = fpl->ndp->ni_pathlen; 4341 fpl->snd_outer.cn_flags = fpl->ndp->ni_cnd.cn_flags; 4342 } 4343 4344 static void 4345 cache_fpl_checkpoint(struct cache_fpl *fpl) 4346 { 4347 4348 #ifdef INVARIANTS 4349 fpl->snd.cn_nameptr = fpl->ndp->ni_cnd.cn_nameptr; 4350 fpl->snd.ni_pathlen = fpl->debug.ni_pathlen; 4351 #endif 4352 } 4353 4354 static void 4355 cache_fpl_restore_partial(struct cache_fpl *fpl) 4356 { 4357 4358 fpl->ndp->ni_cnd.cn_flags = fpl->snd_outer.cn_flags; 4359 #ifdef INVARIANTS 4360 fpl->debug.ni_pathlen = fpl->snd.ni_pathlen; 4361 #endif 4362 } 4363 4364 static void 4365 cache_fpl_restore_abort(struct cache_fpl *fpl) 4366 { 4367 4368 cache_fpl_restore_partial(fpl); 4369 /* 4370 * It is 0 on entry by API contract. 4371 */ 4372 fpl->ndp->ni_resflags = 0; 4373 fpl->ndp->ni_cnd.cn_nameptr = fpl->ndp->ni_cnd.cn_pnbuf; 4374 fpl->ndp->ni_pathlen = fpl->snd_outer.ni_pathlen; 4375 } 4376 4377 #ifdef INVARIANTS 4378 #define cache_fpl_smr_assert_entered(fpl) ({ \ 4379 struct cache_fpl *_fpl = (fpl); \ 4380 MPASS(_fpl->in_smr == true); \ 4381 VFS_SMR_ASSERT_ENTERED(); \ 4382 }) 4383 #define cache_fpl_smr_assert_not_entered(fpl) ({ \ 4384 struct cache_fpl *_fpl = (fpl); \ 4385 MPASS(_fpl->in_smr == false); \ 4386 VFS_SMR_ASSERT_NOT_ENTERED(); \ 4387 }) 4388 static void 4389 cache_fpl_assert_status(struct cache_fpl *fpl) 4390 { 4391 4392 switch (fpl->status) { 4393 case CACHE_FPL_STATUS_UNSET: 4394 __assert_unreachable(); 4395 break; 4396 case CACHE_FPL_STATUS_DESTROYED: 4397 case CACHE_FPL_STATUS_ABORTED: 4398 case CACHE_FPL_STATUS_PARTIAL: 4399 case CACHE_FPL_STATUS_HANDLED: 4400 break; 4401 } 4402 } 4403 #else 4404 #define cache_fpl_smr_assert_entered(fpl) do { } while (0) 4405 #define cache_fpl_smr_assert_not_entered(fpl) do { } while (0) 4406 #define cache_fpl_assert_status(fpl) do { } while (0) 4407 #endif 4408 4409 #define cache_fpl_smr_enter_initial(fpl) ({ \ 4410 struct cache_fpl *_fpl = (fpl); \ 4411 vfs_smr_enter(); \ 4412 _fpl->in_smr = true; \ 4413 }) 4414 4415 #define cache_fpl_smr_enter(fpl) ({ \ 4416 struct cache_fpl *_fpl = (fpl); \ 4417 MPASS(_fpl->in_smr == false); \ 4418 vfs_smr_enter(); \ 4419 _fpl->in_smr = true; \ 4420 }) 4421 4422 #define cache_fpl_smr_exit(fpl) ({ \ 4423 struct cache_fpl *_fpl = (fpl); \ 4424 MPASS(_fpl->in_smr == true); \ 4425 vfs_smr_exit(); \ 4426 _fpl->in_smr = false; \ 4427 }) 4428 4429 static int 4430 cache_fpl_aborted_early_impl(struct cache_fpl *fpl, int line) 4431 { 4432 4433 if (fpl->status != CACHE_FPL_STATUS_UNSET) { 4434 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL, 4435 ("%s: converting to abort from %d at %d, set at %d\n", 4436 __func__, fpl->status, line, fpl->line)); 4437 } 4438 cache_fpl_smr_assert_not_entered(fpl); 4439 fpl->status = CACHE_FPL_STATUS_ABORTED; 4440 fpl->line = line; 4441 return (CACHE_FPL_FAILED); 4442 } 4443 4444 #define cache_fpl_aborted_early(x) cache_fpl_aborted_early_impl((x), __LINE__) 4445 4446 static int __noinline 4447 cache_fpl_aborted_impl(struct cache_fpl *fpl, int line) 4448 { 4449 struct nameidata *ndp; 4450 struct componentname *cnp; 4451 4452 ndp = fpl->ndp; 4453 cnp = fpl->cnp; 4454 4455 if (fpl->status != CACHE_FPL_STATUS_UNSET) { 4456 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL, 4457 ("%s: converting to abort from %d at %d, set at %d\n", 4458 __func__, fpl->status, line, fpl->line)); 4459 } 4460 fpl->status = CACHE_FPL_STATUS_ABORTED; 4461 fpl->line = line; 4462 if (fpl->in_smr) 4463 cache_fpl_smr_exit(fpl); 4464 cache_fpl_restore_abort(fpl); 4465 /* 4466 * Resolving symlinks overwrites data passed by the caller. 4467 * Let namei know. 4468 */ 4469 if (ndp->ni_loopcnt > 0) { 4470 fpl->status = CACHE_FPL_STATUS_DESTROYED; 4471 cache_fpl_cleanup_cnp(cnp); 4472 } 4473 return (CACHE_FPL_FAILED); 4474 } 4475 4476 #define cache_fpl_aborted(x) cache_fpl_aborted_impl((x), __LINE__) 4477 4478 static int __noinline 4479 cache_fpl_partial_impl(struct cache_fpl *fpl, int line) 4480 { 4481 4482 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4483 ("%s: setting to partial at %d, but already set to %d at %d\n", 4484 __func__, line, fpl->status, fpl->line)); 4485 cache_fpl_smr_assert_entered(fpl); 4486 fpl->status = CACHE_FPL_STATUS_PARTIAL; 4487 fpl->line = line; 4488 return (cache_fplookup_partial_setup(fpl)); 4489 } 4490 4491 #define cache_fpl_partial(x) cache_fpl_partial_impl((x), __LINE__) 4492 4493 static int 4494 cache_fpl_handled_impl(struct cache_fpl *fpl, int line) 4495 { 4496 4497 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4498 ("%s: setting to handled at %d, but already set to %d at %d\n", 4499 __func__, line, fpl->status, fpl->line)); 4500 cache_fpl_smr_assert_not_entered(fpl); 4501 fpl->status = CACHE_FPL_STATUS_HANDLED; 4502 fpl->line = line; 4503 return (0); 4504 } 4505 4506 #define cache_fpl_handled(x) cache_fpl_handled_impl((x), __LINE__) 4507 4508 static int 4509 cache_fpl_handled_error_impl(struct cache_fpl *fpl, int error, int line) 4510 { 4511 4512 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4513 ("%s: setting to handled at %d, but already set to %d at %d\n", 4514 __func__, line, fpl->status, fpl->line)); 4515 MPASS(error != 0); 4516 MPASS(error != CACHE_FPL_FAILED); 4517 cache_fpl_smr_assert_not_entered(fpl); 4518 fpl->status = CACHE_FPL_STATUS_HANDLED; 4519 fpl->line = line; 4520 fpl->dvp = NULL; 4521 fpl->tvp = NULL; 4522 return (error); 4523 } 4524 4525 #define cache_fpl_handled_error(x, e) cache_fpl_handled_error_impl((x), (e), __LINE__) 4526 4527 static bool 4528 cache_fpl_terminated(struct cache_fpl *fpl) 4529 { 4530 4531 return (fpl->status != CACHE_FPL_STATUS_UNSET); 4532 } 4533 4534 #define CACHE_FPL_SUPPORTED_CN_FLAGS \ 4535 (NC_NOMAKEENTRY | NC_KEEPPOSENTRY | LOCKLEAF | LOCKPARENT | WANTPARENT | \ 4536 FAILIFEXISTS | FOLLOW | EMPTYPATH | LOCKSHARED | ISRESTARTED | WILLBEDIR | \ 4537 ISOPEN | NOMACCHECK | AUDITVNODE1 | AUDITVNODE2 | NOCAPCHECK | OPENREAD | \ 4538 OPENWRITE | WANTIOCTLCAPS | NAMEILOOKUP) 4539 4540 #define CACHE_FPL_INTERNAL_CN_FLAGS \ 4541 (ISDOTDOT | MAKEENTRY | ISLASTCN) 4542 4543 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & CACHE_FPL_INTERNAL_CN_FLAGS) == 0, 4544 "supported and internal flags overlap"); 4545 4546 static bool 4547 cache_fpl_islastcn(struct nameidata *ndp) 4548 { 4549 4550 return (*ndp->ni_next == 0); 4551 } 4552 4553 static bool 4554 cache_fpl_istrailingslash(struct cache_fpl *fpl) 4555 { 4556 4557 MPASS(fpl->nulchar > fpl->cnp->cn_pnbuf); 4558 return (*(fpl->nulchar - 1) == '/'); 4559 } 4560 4561 static bool 4562 cache_fpl_isdotdot(struct componentname *cnp) 4563 { 4564 4565 if (cnp->cn_namelen == 2 && 4566 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 4567 return (true); 4568 return (false); 4569 } 4570 4571 static bool 4572 cache_can_fplookup(struct cache_fpl *fpl) 4573 { 4574 struct nameidata *ndp; 4575 struct componentname *cnp; 4576 struct thread *td; 4577 4578 ndp = fpl->ndp; 4579 cnp = fpl->cnp; 4580 td = curthread; 4581 4582 if (!atomic_load_char(&cache_fast_lookup_enabled)) { 4583 cache_fpl_aborted_early(fpl); 4584 return (false); 4585 } 4586 if ((cnp->cn_flags & ~CACHE_FPL_SUPPORTED_CN_FLAGS) != 0) { 4587 cache_fpl_aborted_early(fpl); 4588 return (false); 4589 } 4590 if (IN_CAPABILITY_MODE(td) || CAP_TRACING(td)) { 4591 cache_fpl_aborted_early(fpl); 4592 return (false); 4593 } 4594 if (AUDITING_TD(td)) { 4595 cache_fpl_aborted_early(fpl); 4596 return (false); 4597 } 4598 if (ndp->ni_startdir != NULL) { 4599 cache_fpl_aborted_early(fpl); 4600 return (false); 4601 } 4602 return (true); 4603 } 4604 4605 static int __noinline 4606 cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp) 4607 { 4608 struct nameidata *ndp; 4609 struct componentname *cnp; 4610 int error, flags; 4611 4612 ndp = fpl->ndp; 4613 cnp = fpl->cnp; 4614 4615 error = fgetvp_lookup_smr(ndp, vpp, &flags); 4616 if (__predict_false(error != 0)) { 4617 return (cache_fpl_aborted(fpl)); 4618 } 4619 if (__predict_false((flags & O_RESOLVE_BENEATH) != 0)) { 4620 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & RBENEATH) == 0, 4621 "RBENEATH supported by fplookup"); 4622 cache_fpl_smr_exit(fpl); 4623 cache_fpl_aborted(fpl); 4624 return (EOPNOTSUPP); 4625 } 4626 fpl->fsearch = (flags & FSEARCH) != 0; 4627 if ((*vpp)->v_type != VDIR) { 4628 if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) { 4629 cache_fpl_smr_exit(fpl); 4630 return (cache_fpl_handled_error(fpl, ENOTDIR)); 4631 } 4632 } 4633 return (0); 4634 } 4635 4636 static int __noinline 4637 cache_fplookup_negative_promote(struct cache_fpl *fpl, struct namecache *oncp, 4638 uint32_t hash) 4639 { 4640 struct componentname *cnp; 4641 struct vnode *dvp; 4642 4643 cnp = fpl->cnp; 4644 dvp = fpl->dvp; 4645 4646 cache_fpl_smr_exit(fpl); 4647 if (cache_neg_promote_cond(dvp, cnp, oncp, hash)) 4648 return (cache_fpl_handled_error(fpl, ENOENT)); 4649 else 4650 return (cache_fpl_aborted(fpl)); 4651 } 4652 4653 /* 4654 * Prepare fallback to the locked lookup while trying to retain the progress. 4655 */ 4656 static int __noinline 4657 cache_fplookup_partial_setup(struct cache_fpl *fpl) 4658 { 4659 struct nameidata *ndp; 4660 struct componentname *cnp; 4661 enum vgetstate dvs; 4662 struct vnode *dvp; 4663 struct pwd *pwd; 4664 seqc_t dvp_seqc; 4665 4666 ndp = fpl->ndp; 4667 cnp = fpl->cnp; 4668 pwd = *(fpl->pwd); 4669 dvp = fpl->dvp; 4670 dvp_seqc = fpl->dvp_seqc; 4671 4672 if (!pwd_hold_smr(pwd)) { 4673 return (cache_fpl_aborted(fpl)); 4674 } 4675 4676 /* 4677 * Note that seqc is checked before the vnode is locked, so by 4678 * the time regular lookup gets to it it may have moved. 4679 * 4680 * Ultimately this does not affect correctness, any lookup errors 4681 * are userspace racing with itself. It is guaranteed that any 4682 * path which ultimately gets found could also have been found 4683 * by regular lookup going all the way in absence of concurrent 4684 * modifications. 4685 */ 4686 dvs = vget_prep_smr(dvp); 4687 cache_fpl_smr_exit(fpl); 4688 if (__predict_false(dvs == VGET_NONE)) { 4689 pwd_drop(pwd); 4690 return (cache_fpl_aborted(fpl)); 4691 } 4692 4693 vget_finish_ref(dvp, dvs); 4694 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 4695 vrele(dvp); 4696 pwd_drop(pwd); 4697 return (cache_fpl_aborted(fpl)); 4698 } 4699 4700 cache_fpl_restore_partial(fpl); 4701 #ifdef INVARIANTS 4702 if (cnp->cn_nameptr != fpl->snd.cn_nameptr) { 4703 panic("%s: cn_nameptr mismatch (%p != %p) full [%s]\n", __func__, 4704 cnp->cn_nameptr, fpl->snd.cn_nameptr, cnp->cn_pnbuf); 4705 } 4706 #endif 4707 4708 ndp->ni_startdir = dvp; 4709 cnp->cn_flags |= MAKEENTRY; 4710 if (cache_fpl_islastcn(ndp)) 4711 cnp->cn_flags |= ISLASTCN; 4712 if (cache_fpl_isdotdot(cnp)) 4713 cnp->cn_flags |= ISDOTDOT; 4714 4715 /* 4716 * Skip potential extra slashes parsing did not take care of. 4717 * cache_fplookup_skip_slashes explains the mechanism. 4718 */ 4719 if (__predict_false(*(cnp->cn_nameptr) == '/')) { 4720 do { 4721 cnp->cn_nameptr++; 4722 cache_fpl_pathlen_dec(fpl); 4723 } while (*(cnp->cn_nameptr) == '/'); 4724 } 4725 4726 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1; 4727 #ifdef INVARIANTS 4728 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) { 4729 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 4730 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 4731 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 4732 } 4733 #endif 4734 return (0); 4735 } 4736 4737 static int 4738 cache_fplookup_final_child(struct cache_fpl *fpl, enum vgetstate tvs) 4739 { 4740 struct componentname *cnp; 4741 struct vnode *tvp; 4742 seqc_t tvp_seqc; 4743 int error, lkflags; 4744 4745 cnp = fpl->cnp; 4746 tvp = fpl->tvp; 4747 tvp_seqc = fpl->tvp_seqc; 4748 4749 if ((cnp->cn_flags & LOCKLEAF) != 0) { 4750 lkflags = LK_SHARED; 4751 if ((cnp->cn_flags & LOCKSHARED) == 0) 4752 lkflags = LK_EXCLUSIVE; 4753 error = vget_finish(tvp, lkflags, tvs); 4754 if (__predict_false(error != 0)) { 4755 return (cache_fpl_aborted(fpl)); 4756 } 4757 } else { 4758 vget_finish_ref(tvp, tvs); 4759 } 4760 4761 if (!vn_seqc_consistent(tvp, tvp_seqc)) { 4762 if ((cnp->cn_flags & LOCKLEAF) != 0) 4763 vput(tvp); 4764 else 4765 vrele(tvp); 4766 return (cache_fpl_aborted(fpl)); 4767 } 4768 4769 return (cache_fpl_handled(fpl)); 4770 } 4771 4772 /* 4773 * They want to possibly modify the state of the namecache. 4774 */ 4775 static int __noinline 4776 cache_fplookup_final_modifying(struct cache_fpl *fpl) 4777 { 4778 struct nameidata *ndp __diagused; 4779 struct componentname *cnp; 4780 enum vgetstate dvs; 4781 struct vnode *dvp, *tvp; 4782 struct mount *mp; 4783 seqc_t dvp_seqc; 4784 int error; 4785 bool docache; 4786 4787 ndp = fpl->ndp; 4788 cnp = fpl->cnp; 4789 dvp = fpl->dvp; 4790 dvp_seqc = fpl->dvp_seqc; 4791 4792 MPASS(*(cnp->cn_nameptr) != '/'); 4793 MPASS(cache_fpl_islastcn(ndp)); 4794 if ((cnp->cn_flags & LOCKPARENT) == 0) 4795 MPASS((cnp->cn_flags & WANTPARENT) != 0); 4796 MPASS((cnp->cn_flags & TRAILINGSLASH) == 0); 4797 MPASS(cnp->cn_nameiop == CREATE || cnp->cn_nameiop == DELETE || 4798 cnp->cn_nameiop == RENAME); 4799 MPASS((cnp->cn_flags & MAKEENTRY) == 0); 4800 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 4801 4802 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 4803 if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME) 4804 docache = false; 4805 4806 /* 4807 * Regular lookup nulifies the slash, which we don't do here. 4808 * Don't take chances with filesystem routines seeing it for 4809 * the last entry. 4810 */ 4811 if (cache_fpl_istrailingslash(fpl)) { 4812 return (cache_fpl_partial(fpl)); 4813 } 4814 4815 mp = atomic_load_ptr(&dvp->v_mount); 4816 if (__predict_false(mp == NULL)) { 4817 return (cache_fpl_aborted(fpl)); 4818 } 4819 4820 if (__predict_false(mp->mnt_flag & MNT_RDONLY)) { 4821 cache_fpl_smr_exit(fpl); 4822 /* 4823 * Original code keeps not checking for CREATE which 4824 * might be a bug. For now let the old lookup decide. 4825 */ 4826 if (cnp->cn_nameiop == CREATE) { 4827 return (cache_fpl_aborted(fpl)); 4828 } 4829 return (cache_fpl_handled_error(fpl, EROFS)); 4830 } 4831 4832 if (fpl->tvp != NULL && (cnp->cn_flags & FAILIFEXISTS) != 0) { 4833 cache_fpl_smr_exit(fpl); 4834 return (cache_fpl_handled_error(fpl, EEXIST)); 4835 } 4836 4837 /* 4838 * Secure access to dvp; check cache_fplookup_partial_setup for 4839 * reasoning. 4840 * 4841 * XXX At least UFS requires its lookup routine to be called for 4842 * the last path component, which leads to some level of complication 4843 * and inefficiency: 4844 * - the target routine always locks the target vnode, but our caller 4845 * may not need it locked 4846 * - some of the VOP machinery asserts that the parent is locked, which 4847 * once more may be not required 4848 * 4849 * TODO: add a flag for filesystems which don't need this. 4850 */ 4851 dvs = vget_prep_smr(dvp); 4852 cache_fpl_smr_exit(fpl); 4853 if (__predict_false(dvs == VGET_NONE)) { 4854 return (cache_fpl_aborted(fpl)); 4855 } 4856 4857 vget_finish_ref(dvp, dvs); 4858 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 4859 vrele(dvp); 4860 return (cache_fpl_aborted(fpl)); 4861 } 4862 4863 error = vn_lock(dvp, LK_EXCLUSIVE); 4864 if (__predict_false(error != 0)) { 4865 vrele(dvp); 4866 return (cache_fpl_aborted(fpl)); 4867 } 4868 4869 tvp = NULL; 4870 cnp->cn_flags |= ISLASTCN; 4871 if (docache) 4872 cnp->cn_flags |= MAKEENTRY; 4873 if (cache_fpl_isdotdot(cnp)) 4874 cnp->cn_flags |= ISDOTDOT; 4875 cnp->cn_lkflags = LK_EXCLUSIVE; 4876 error = VOP_LOOKUP(dvp, &tvp, cnp); 4877 switch (error) { 4878 case EJUSTRETURN: 4879 case 0: 4880 break; 4881 case ENOTDIR: 4882 case ENOENT: 4883 vput(dvp); 4884 return (cache_fpl_handled_error(fpl, error)); 4885 default: 4886 vput(dvp); 4887 return (cache_fpl_aborted(fpl)); 4888 } 4889 4890 fpl->tvp = tvp; 4891 4892 if (tvp == NULL) { 4893 MPASS(error == EJUSTRETURN); 4894 if ((cnp->cn_flags & LOCKPARENT) == 0) { 4895 VOP_UNLOCK(dvp); 4896 } 4897 return (cache_fpl_handled(fpl)); 4898 } 4899 4900 /* 4901 * There are very hairy corner cases concerning various flag combinations 4902 * and locking state. In particular here we only hold one lock instead of 4903 * two. 4904 * 4905 * Skip the complexity as it is of no significance for normal workloads. 4906 */ 4907 if (__predict_false(tvp == dvp)) { 4908 vput(dvp); 4909 vrele(tvp); 4910 return (cache_fpl_aborted(fpl)); 4911 } 4912 4913 /* 4914 * If they want the symlink itself we are fine, but if they want to 4915 * follow it regular lookup has to be engaged. 4916 */ 4917 if (tvp->v_type == VLNK) { 4918 if ((cnp->cn_flags & FOLLOW) != 0) { 4919 vput(dvp); 4920 vput(tvp); 4921 return (cache_fpl_aborted(fpl)); 4922 } 4923 } 4924 4925 /* 4926 * Since we expect this to be the terminal vnode it should almost never 4927 * be a mount point. 4928 */ 4929 if (__predict_false(cache_fplookup_is_mp(fpl))) { 4930 vput(dvp); 4931 vput(tvp); 4932 return (cache_fpl_aborted(fpl)); 4933 } 4934 4935 if ((cnp->cn_flags & FAILIFEXISTS) != 0) { 4936 vput(dvp); 4937 vput(tvp); 4938 return (cache_fpl_handled_error(fpl, EEXIST)); 4939 } 4940 4941 if ((cnp->cn_flags & LOCKLEAF) == 0) { 4942 VOP_UNLOCK(tvp); 4943 } 4944 4945 if ((cnp->cn_flags & LOCKPARENT) == 0) { 4946 VOP_UNLOCK(dvp); 4947 } 4948 4949 return (cache_fpl_handled(fpl)); 4950 } 4951 4952 static int __noinline 4953 cache_fplookup_modifying(struct cache_fpl *fpl) 4954 { 4955 struct nameidata *ndp; 4956 4957 ndp = fpl->ndp; 4958 4959 if (!cache_fpl_islastcn(ndp)) { 4960 return (cache_fpl_partial(fpl)); 4961 } 4962 return (cache_fplookup_final_modifying(fpl)); 4963 } 4964 4965 static int __noinline 4966 cache_fplookup_final_withparent(struct cache_fpl *fpl) 4967 { 4968 struct componentname *cnp; 4969 enum vgetstate dvs, tvs; 4970 struct vnode *dvp, *tvp; 4971 seqc_t dvp_seqc; 4972 int error; 4973 4974 cnp = fpl->cnp; 4975 dvp = fpl->dvp; 4976 dvp_seqc = fpl->dvp_seqc; 4977 tvp = fpl->tvp; 4978 4979 MPASS((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0); 4980 4981 /* 4982 * This is less efficient than it can be for simplicity. 4983 */ 4984 dvs = vget_prep_smr(dvp); 4985 if (__predict_false(dvs == VGET_NONE)) { 4986 return (cache_fpl_aborted(fpl)); 4987 } 4988 tvs = vget_prep_smr(tvp); 4989 if (__predict_false(tvs == VGET_NONE)) { 4990 cache_fpl_smr_exit(fpl); 4991 vget_abort(dvp, dvs); 4992 return (cache_fpl_aborted(fpl)); 4993 } 4994 4995 cache_fpl_smr_exit(fpl); 4996 4997 if ((cnp->cn_flags & LOCKPARENT) != 0) { 4998 error = vget_finish(dvp, LK_EXCLUSIVE, dvs); 4999 if (__predict_false(error != 0)) { 5000 vget_abort(tvp, tvs); 5001 return (cache_fpl_aborted(fpl)); 5002 } 5003 } else { 5004 vget_finish_ref(dvp, dvs); 5005 } 5006 5007 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 5008 vget_abort(tvp, tvs); 5009 if ((cnp->cn_flags & LOCKPARENT) != 0) 5010 vput(dvp); 5011 else 5012 vrele(dvp); 5013 return (cache_fpl_aborted(fpl)); 5014 } 5015 5016 error = cache_fplookup_final_child(fpl, tvs); 5017 if (__predict_false(error != 0)) { 5018 MPASS(fpl->status == CACHE_FPL_STATUS_ABORTED || 5019 fpl->status == CACHE_FPL_STATUS_DESTROYED); 5020 if ((cnp->cn_flags & LOCKPARENT) != 0) 5021 vput(dvp); 5022 else 5023 vrele(dvp); 5024 return (error); 5025 } 5026 5027 MPASS(fpl->status == CACHE_FPL_STATUS_HANDLED); 5028 return (0); 5029 } 5030 5031 static int 5032 cache_fplookup_final(struct cache_fpl *fpl) 5033 { 5034 struct componentname *cnp; 5035 enum vgetstate tvs; 5036 struct vnode *dvp, *tvp; 5037 seqc_t dvp_seqc; 5038 5039 cnp = fpl->cnp; 5040 dvp = fpl->dvp; 5041 dvp_seqc = fpl->dvp_seqc; 5042 tvp = fpl->tvp; 5043 5044 MPASS(*(cnp->cn_nameptr) != '/'); 5045 5046 if (cnp->cn_nameiop != LOOKUP) { 5047 return (cache_fplookup_final_modifying(fpl)); 5048 } 5049 5050 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0) 5051 return (cache_fplookup_final_withparent(fpl)); 5052 5053 tvs = vget_prep_smr(tvp); 5054 if (__predict_false(tvs == VGET_NONE)) { 5055 return (cache_fpl_partial(fpl)); 5056 } 5057 5058 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 5059 cache_fpl_smr_exit(fpl); 5060 vget_abort(tvp, tvs); 5061 return (cache_fpl_aborted(fpl)); 5062 } 5063 5064 cache_fpl_smr_exit(fpl); 5065 return (cache_fplookup_final_child(fpl, tvs)); 5066 } 5067 5068 /* 5069 * Comment from locked lookup: 5070 * Check for degenerate name (e.g. / or "") which is a way of talking about a 5071 * directory, e.g. like "/." or ".". 5072 */ 5073 static int __noinline 5074 cache_fplookup_degenerate(struct cache_fpl *fpl) 5075 { 5076 struct componentname *cnp; 5077 struct vnode *dvp; 5078 enum vgetstate dvs; 5079 int error, lkflags; 5080 #ifdef INVARIANTS 5081 char *cp; 5082 #endif 5083 5084 fpl->tvp = fpl->dvp; 5085 fpl->tvp_seqc = fpl->dvp_seqc; 5086 5087 cnp = fpl->cnp; 5088 dvp = fpl->dvp; 5089 5090 #ifdef INVARIANTS 5091 for (cp = cnp->cn_pnbuf; *cp != '\0'; cp++) { 5092 KASSERT(*cp == '/', 5093 ("%s: encountered non-slash; string [%s]\n", __func__, 5094 cnp->cn_pnbuf)); 5095 } 5096 #endif 5097 5098 if (__predict_false(cnp->cn_nameiop != LOOKUP)) { 5099 cache_fpl_smr_exit(fpl); 5100 return (cache_fpl_handled_error(fpl, EISDIR)); 5101 } 5102 5103 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0) { 5104 return (cache_fplookup_final_withparent(fpl)); 5105 } 5106 5107 dvs = vget_prep_smr(dvp); 5108 cache_fpl_smr_exit(fpl); 5109 if (__predict_false(dvs == VGET_NONE)) { 5110 return (cache_fpl_aborted(fpl)); 5111 } 5112 5113 if ((cnp->cn_flags & LOCKLEAF) != 0) { 5114 lkflags = LK_SHARED; 5115 if ((cnp->cn_flags & LOCKSHARED) == 0) 5116 lkflags = LK_EXCLUSIVE; 5117 error = vget_finish(dvp, lkflags, dvs); 5118 if (__predict_false(error != 0)) { 5119 return (cache_fpl_aborted(fpl)); 5120 } 5121 } else { 5122 vget_finish_ref(dvp, dvs); 5123 } 5124 return (cache_fpl_handled(fpl)); 5125 } 5126 5127 static int __noinline 5128 cache_fplookup_emptypath(struct cache_fpl *fpl) 5129 { 5130 struct nameidata *ndp; 5131 struct componentname *cnp; 5132 enum vgetstate tvs; 5133 struct vnode *tvp; 5134 int error, lkflags; 5135 5136 fpl->tvp = fpl->dvp; 5137 fpl->tvp_seqc = fpl->dvp_seqc; 5138 5139 ndp = fpl->ndp; 5140 cnp = fpl->cnp; 5141 tvp = fpl->tvp; 5142 5143 MPASS(*cnp->cn_pnbuf == '\0'); 5144 5145 if (__predict_false((cnp->cn_flags & EMPTYPATH) == 0)) { 5146 cache_fpl_smr_exit(fpl); 5147 return (cache_fpl_handled_error(fpl, ENOENT)); 5148 } 5149 5150 MPASS((cnp->cn_flags & (LOCKPARENT | WANTPARENT)) == 0); 5151 5152 tvs = vget_prep_smr(tvp); 5153 cache_fpl_smr_exit(fpl); 5154 if (__predict_false(tvs == VGET_NONE)) { 5155 return (cache_fpl_aborted(fpl)); 5156 } 5157 5158 if ((cnp->cn_flags & LOCKLEAF) != 0) { 5159 lkflags = LK_SHARED; 5160 if ((cnp->cn_flags & LOCKSHARED) == 0) 5161 lkflags = LK_EXCLUSIVE; 5162 error = vget_finish(tvp, lkflags, tvs); 5163 if (__predict_false(error != 0)) { 5164 return (cache_fpl_aborted(fpl)); 5165 } 5166 } else { 5167 vget_finish_ref(tvp, tvs); 5168 } 5169 5170 ndp->ni_resflags |= NIRES_EMPTYPATH; 5171 return (cache_fpl_handled(fpl)); 5172 } 5173 5174 static int __noinline 5175 cache_fplookup_noentry(struct cache_fpl *fpl) 5176 { 5177 struct nameidata *ndp; 5178 struct componentname *cnp; 5179 enum vgetstate dvs; 5180 struct vnode *dvp, *tvp; 5181 seqc_t dvp_seqc; 5182 int error; 5183 5184 ndp = fpl->ndp; 5185 cnp = fpl->cnp; 5186 dvp = fpl->dvp; 5187 dvp_seqc = fpl->dvp_seqc; 5188 5189 MPASS((cnp->cn_flags & MAKEENTRY) == 0); 5190 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 5191 if (cnp->cn_nameiop == LOOKUP) 5192 MPASS((cnp->cn_flags & NOCACHE) == 0); 5193 MPASS(!cache_fpl_isdotdot(cnp)); 5194 5195 /* 5196 * Hack: delayed name len checking. 5197 */ 5198 if (__predict_false(cnp->cn_namelen > NAME_MAX)) { 5199 cache_fpl_smr_exit(fpl); 5200 return (cache_fpl_handled_error(fpl, ENAMETOOLONG)); 5201 } 5202 5203 if (cnp->cn_nameptr[0] == '/') { 5204 return (cache_fplookup_skip_slashes(fpl)); 5205 } 5206 5207 if (cnp->cn_pnbuf[0] == '\0') { 5208 return (cache_fplookup_emptypath(fpl)); 5209 } 5210 5211 if (cnp->cn_nameptr[0] == '\0') { 5212 if (fpl->tvp == NULL) { 5213 return (cache_fplookup_degenerate(fpl)); 5214 } 5215 return (cache_fplookup_trailingslash(fpl)); 5216 } 5217 5218 if (cnp->cn_nameiop != LOOKUP) { 5219 fpl->tvp = NULL; 5220 return (cache_fplookup_modifying(fpl)); 5221 } 5222 5223 /* 5224 * Only try to fill in the component if it is the last one, 5225 * otherwise not only there may be several to handle but the 5226 * walk may be complicated. 5227 */ 5228 if (!cache_fpl_islastcn(ndp)) { 5229 return (cache_fpl_partial(fpl)); 5230 } 5231 5232 /* 5233 * Regular lookup nulifies the slash, which we don't do here. 5234 * Don't take chances with filesystem routines seeing it for 5235 * the last entry. 5236 */ 5237 if (cache_fpl_istrailingslash(fpl)) { 5238 return (cache_fpl_partial(fpl)); 5239 } 5240 5241 /* 5242 * Secure access to dvp; check cache_fplookup_partial_setup for 5243 * reasoning. 5244 */ 5245 dvs = vget_prep_smr(dvp); 5246 cache_fpl_smr_exit(fpl); 5247 if (__predict_false(dvs == VGET_NONE)) { 5248 return (cache_fpl_aborted(fpl)); 5249 } 5250 5251 vget_finish_ref(dvp, dvs); 5252 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 5253 vrele(dvp); 5254 return (cache_fpl_aborted(fpl)); 5255 } 5256 5257 error = vn_lock(dvp, LK_SHARED); 5258 if (__predict_false(error != 0)) { 5259 vrele(dvp); 5260 return (cache_fpl_aborted(fpl)); 5261 } 5262 5263 tvp = NULL; 5264 /* 5265 * TODO: provide variants which don't require locking either vnode. 5266 */ 5267 cnp->cn_flags |= ISLASTCN | MAKEENTRY; 5268 cnp->cn_lkflags = LK_SHARED; 5269 if ((cnp->cn_flags & LOCKSHARED) == 0) { 5270 cnp->cn_lkflags = LK_EXCLUSIVE; 5271 } 5272 error = VOP_LOOKUP(dvp, &tvp, cnp); 5273 switch (error) { 5274 case EJUSTRETURN: 5275 case 0: 5276 break; 5277 case ENOTDIR: 5278 case ENOENT: 5279 vput(dvp); 5280 return (cache_fpl_handled_error(fpl, error)); 5281 default: 5282 vput(dvp); 5283 return (cache_fpl_aborted(fpl)); 5284 } 5285 5286 fpl->tvp = tvp; 5287 5288 if (tvp == NULL) { 5289 MPASS(error == EJUSTRETURN); 5290 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) { 5291 vput(dvp); 5292 } else if ((cnp->cn_flags & LOCKPARENT) == 0) { 5293 VOP_UNLOCK(dvp); 5294 } 5295 return (cache_fpl_handled(fpl)); 5296 } 5297 5298 if (tvp->v_type == VLNK) { 5299 if ((cnp->cn_flags & FOLLOW) != 0) { 5300 vput(dvp); 5301 vput(tvp); 5302 return (cache_fpl_aborted(fpl)); 5303 } 5304 } 5305 5306 if (__predict_false(cache_fplookup_is_mp(fpl))) { 5307 vput(dvp); 5308 vput(tvp); 5309 return (cache_fpl_aborted(fpl)); 5310 } 5311 5312 if ((cnp->cn_flags & LOCKLEAF) == 0) { 5313 VOP_UNLOCK(tvp); 5314 } 5315 5316 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) { 5317 vput(dvp); 5318 } else if ((cnp->cn_flags & LOCKPARENT) == 0) { 5319 VOP_UNLOCK(dvp); 5320 } 5321 return (cache_fpl_handled(fpl)); 5322 } 5323 5324 static int __noinline 5325 cache_fplookup_dot(struct cache_fpl *fpl) 5326 { 5327 int error; 5328 5329 MPASS(!seqc_in_modify(fpl->dvp_seqc)); 5330 5331 if (__predict_false(fpl->dvp->v_type != VDIR)) { 5332 cache_fpl_smr_exit(fpl); 5333 return (cache_fpl_handled_error(fpl, ENOTDIR)); 5334 } 5335 5336 /* 5337 * Just re-assign the value. seqc will be checked later for the first 5338 * non-dot path component in line and/or before deciding to return the 5339 * vnode. 5340 */ 5341 fpl->tvp = fpl->dvp; 5342 fpl->tvp_seqc = fpl->dvp_seqc; 5343 5344 SDT_PROBE3(vfs, namecache, lookup, hit, fpl->dvp, ".", fpl->dvp); 5345 5346 error = 0; 5347 if (cache_fplookup_is_mp(fpl)) { 5348 error = cache_fplookup_cross_mount(fpl); 5349 } 5350 return (error); 5351 } 5352 5353 static int __noinline 5354 cache_fplookup_dotdot(struct cache_fpl *fpl) 5355 { 5356 struct nameidata *ndp; 5357 struct namecache *ncp; 5358 struct vnode *dvp; 5359 u_char nc_flag; 5360 5361 ndp = fpl->ndp; 5362 dvp = fpl->dvp; 5363 5364 MPASS(cache_fpl_isdotdot(fpl->cnp)); 5365 5366 /* 5367 * XXX this is racy the same way regular lookup is 5368 */ 5369 if (vfs_lookup_isroot(ndp, dvp)) { 5370 fpl->tvp = dvp; 5371 fpl->tvp_seqc = vn_seqc_read_any(dvp); 5372 if (seqc_in_modify(fpl->tvp_seqc)) { 5373 return (cache_fpl_aborted(fpl)); 5374 } 5375 return (0); 5376 } 5377 5378 if ((dvp->v_vflag & VV_ROOT) != 0) { 5379 /* 5380 * TODO 5381 * The opposite of climb mount is needed here. 5382 */ 5383 return (cache_fpl_partial(fpl)); 5384 } 5385 5386 if (__predict_false(dvp->v_type != VDIR)) { 5387 cache_fpl_smr_exit(fpl); 5388 return (cache_fpl_handled_error(fpl, ENOTDIR)); 5389 } 5390 5391 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd); 5392 if (ncp == NULL) { 5393 return (cache_fpl_aborted(fpl)); 5394 } 5395 5396 nc_flag = atomic_load_char(&ncp->nc_flag); 5397 if ((nc_flag & NCF_ISDOTDOT) != 0) { 5398 if ((nc_flag & NCF_NEGATIVE) != 0) 5399 return (cache_fpl_aborted(fpl)); 5400 fpl->tvp = ncp->nc_vp; 5401 } else { 5402 fpl->tvp = ncp->nc_dvp; 5403 } 5404 5405 fpl->tvp_seqc = vn_seqc_read_any(fpl->tvp); 5406 if (seqc_in_modify(fpl->tvp_seqc)) { 5407 return (cache_fpl_partial(fpl)); 5408 } 5409 5410 /* 5411 * Acquire fence provided by vn_seqc_read_any above. 5412 */ 5413 if (__predict_false(atomic_load_ptr(&dvp->v_cache_dd) != ncp)) { 5414 return (cache_fpl_aborted(fpl)); 5415 } 5416 5417 if (!cache_ncp_canuse(ncp)) { 5418 return (cache_fpl_aborted(fpl)); 5419 } 5420 5421 return (0); 5422 } 5423 5424 static int __noinline 5425 cache_fplookup_neg(struct cache_fpl *fpl, struct namecache *ncp, uint32_t hash) 5426 { 5427 u_char nc_flag __diagused; 5428 bool neg_promote; 5429 5430 #ifdef INVARIANTS 5431 nc_flag = atomic_load_char(&ncp->nc_flag); 5432 MPASS((nc_flag & NCF_NEGATIVE) != 0); 5433 #endif 5434 /* 5435 * If they want to create an entry we need to replace this one. 5436 */ 5437 if (__predict_false(fpl->cnp->cn_nameiop != LOOKUP)) { 5438 fpl->tvp = NULL; 5439 return (cache_fplookup_modifying(fpl)); 5440 } 5441 neg_promote = cache_neg_hit_prep(ncp); 5442 if (!cache_fpl_neg_ncp_canuse(ncp)) { 5443 cache_neg_hit_abort(ncp); 5444 return (cache_fpl_partial(fpl)); 5445 } 5446 if (neg_promote) { 5447 return (cache_fplookup_negative_promote(fpl, ncp, hash)); 5448 } 5449 cache_neg_hit_finish(ncp); 5450 cache_fpl_smr_exit(fpl); 5451 return (cache_fpl_handled_error(fpl, ENOENT)); 5452 } 5453 5454 /* 5455 * Resolve a symlink. Called by filesystem-specific routines. 5456 * 5457 * Code flow is: 5458 * ... -> cache_fplookup_symlink -> VOP_FPLOOKUP_SYMLINK -> cache_symlink_resolve 5459 */ 5460 int 5461 cache_symlink_resolve(struct cache_fpl *fpl, const char *string, size_t len) 5462 { 5463 struct nameidata *ndp; 5464 struct componentname *cnp; 5465 size_t adjust; 5466 5467 ndp = fpl->ndp; 5468 cnp = fpl->cnp; 5469 5470 if (__predict_false(len == 0)) { 5471 return (ENOENT); 5472 } 5473 5474 if (__predict_false(len > MAXPATHLEN - 2)) { 5475 if (cache_fpl_istrailingslash(fpl)) { 5476 return (EAGAIN); 5477 } 5478 } 5479 5480 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr - cnp->cn_namelen + 1; 5481 #ifdef INVARIANTS 5482 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) { 5483 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 5484 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 5485 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 5486 } 5487 #endif 5488 5489 if (__predict_false(len + ndp->ni_pathlen > MAXPATHLEN)) { 5490 return (ENAMETOOLONG); 5491 } 5492 5493 if (__predict_false(ndp->ni_loopcnt++ >= MAXSYMLINKS)) { 5494 return (ELOOP); 5495 } 5496 5497 adjust = len; 5498 if (ndp->ni_pathlen > 1) { 5499 bcopy(ndp->ni_next, cnp->cn_pnbuf + len, ndp->ni_pathlen); 5500 } else { 5501 if (cache_fpl_istrailingslash(fpl)) { 5502 adjust = len + 1; 5503 cnp->cn_pnbuf[len] = '/'; 5504 cnp->cn_pnbuf[len + 1] = '\0'; 5505 } else { 5506 cnp->cn_pnbuf[len] = '\0'; 5507 } 5508 } 5509 bcopy(string, cnp->cn_pnbuf, len); 5510 5511 ndp->ni_pathlen += adjust; 5512 cache_fpl_pathlen_add(fpl, adjust); 5513 cnp->cn_nameptr = cnp->cn_pnbuf; 5514 fpl->nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1]; 5515 fpl->tvp = NULL; 5516 return (0); 5517 } 5518 5519 static int __noinline 5520 cache_fplookup_symlink(struct cache_fpl *fpl) 5521 { 5522 struct mount *mp; 5523 struct nameidata *ndp; 5524 struct componentname *cnp; 5525 struct vnode *dvp, *tvp; 5526 struct pwd *pwd; 5527 int error; 5528 5529 ndp = fpl->ndp; 5530 cnp = fpl->cnp; 5531 dvp = fpl->dvp; 5532 tvp = fpl->tvp; 5533 pwd = *(fpl->pwd); 5534 5535 if (cache_fpl_islastcn(ndp)) { 5536 if ((cnp->cn_flags & FOLLOW) == 0) { 5537 return (cache_fplookup_final(fpl)); 5538 } 5539 } 5540 5541 mp = atomic_load_ptr(&dvp->v_mount); 5542 if (__predict_false(mp == NULL)) { 5543 return (cache_fpl_aborted(fpl)); 5544 } 5545 5546 /* 5547 * Note this check races against setting the flag just like regular 5548 * lookup. 5549 */ 5550 if (__predict_false((mp->mnt_flag & MNT_NOSYMFOLLOW) != 0)) { 5551 cache_fpl_smr_exit(fpl); 5552 return (cache_fpl_handled_error(fpl, EACCES)); 5553 } 5554 5555 error = VOP_FPLOOKUP_SYMLINK(tvp, fpl); 5556 if (__predict_false(error != 0)) { 5557 switch (error) { 5558 case EAGAIN: 5559 return (cache_fpl_partial(fpl)); 5560 case ENOENT: 5561 case ENAMETOOLONG: 5562 case ELOOP: 5563 cache_fpl_smr_exit(fpl); 5564 return (cache_fpl_handled_error(fpl, error)); 5565 default: 5566 return (cache_fpl_aborted(fpl)); 5567 } 5568 } 5569 5570 if (*(cnp->cn_nameptr) == '/') { 5571 fpl->dvp = cache_fpl_handle_root(fpl); 5572 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp); 5573 if (seqc_in_modify(fpl->dvp_seqc)) { 5574 return (cache_fpl_aborted(fpl)); 5575 } 5576 /* 5577 * The main loop assumes that ->dvp points to a vnode belonging 5578 * to a filesystem which can do lockless lookup, but the absolute 5579 * symlink can be wandering off to one which does not. 5580 */ 5581 mp = atomic_load_ptr(&fpl->dvp->v_mount); 5582 if (__predict_false(mp == NULL)) { 5583 return (cache_fpl_aborted(fpl)); 5584 } 5585 if (!cache_fplookup_mp_supported(mp)) { 5586 cache_fpl_checkpoint(fpl); 5587 return (cache_fpl_partial(fpl)); 5588 } 5589 if (__predict_false(pwd->pwd_adir != pwd->pwd_rdir)) { 5590 return (cache_fpl_aborted(fpl)); 5591 } 5592 } 5593 return (0); 5594 } 5595 5596 static int 5597 cache_fplookup_next(struct cache_fpl *fpl) 5598 { 5599 struct componentname *cnp; 5600 struct namecache *ncp; 5601 struct vnode *dvp, *tvp; 5602 u_char nc_flag; 5603 uint32_t hash; 5604 int error; 5605 5606 cnp = fpl->cnp; 5607 dvp = fpl->dvp; 5608 hash = fpl->hash; 5609 5610 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 5611 if (cnp->cn_namelen == 1) { 5612 return (cache_fplookup_dot(fpl)); 5613 } 5614 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') { 5615 return (cache_fplookup_dotdot(fpl)); 5616 } 5617 } 5618 5619 MPASS(!cache_fpl_isdotdot(cnp)); 5620 5621 ncp = cache_ncp_find(dvp, cnp, hash); 5622 if (__predict_false(ncp == NULL)) { 5623 return (cache_fplookup_noentry(fpl)); 5624 } 5625 5626 tvp = atomic_load_ptr(&ncp->nc_vp); 5627 nc_flag = atomic_load_char(&ncp->nc_flag); 5628 if ((nc_flag & NCF_NEGATIVE) != 0) { 5629 return (cache_fplookup_neg(fpl, ncp, hash)); 5630 } 5631 5632 if (!cache_ncp_canuse(ncp)) { 5633 return (cache_fpl_partial(fpl)); 5634 } 5635 5636 fpl->tvp = tvp; 5637 fpl->tvp_seqc = vn_seqc_read_any(tvp); 5638 if (seqc_in_modify(fpl->tvp_seqc)) { 5639 return (cache_fpl_partial(fpl)); 5640 } 5641 5642 counter_u64_add(numposhits, 1); 5643 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, tvp); 5644 5645 error = 0; 5646 if (cache_fplookup_is_mp(fpl)) { 5647 error = cache_fplookup_cross_mount(fpl); 5648 } 5649 return (error); 5650 } 5651 5652 static bool 5653 cache_fplookup_mp_supported(struct mount *mp) 5654 { 5655 5656 MPASS(mp != NULL); 5657 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0) 5658 return (false); 5659 return (true); 5660 } 5661 5662 /* 5663 * Walk up the mount stack (if any). 5664 * 5665 * Correctness is provided in the following ways: 5666 * - all vnodes are protected from freeing with SMR 5667 * - struct mount objects are type stable making them always safe to access 5668 * - stability of the particular mount is provided by busying it 5669 * - relationship between the vnode which is mounted on and the mount is 5670 * verified with the vnode sequence counter after busying 5671 * - association between root vnode of the mount and the mount is protected 5672 * by busy 5673 * 5674 * From that point on we can read the sequence counter of the root vnode 5675 * and get the next mount on the stack (if any) using the same protection. 5676 * 5677 * By the end of successful walk we are guaranteed the reached state was 5678 * indeed present at least at some point which matches the regular lookup. 5679 */ 5680 static int __noinline 5681 cache_fplookup_climb_mount(struct cache_fpl *fpl) 5682 { 5683 struct mount *mp, *prev_mp; 5684 struct mount_pcpu *mpcpu, *prev_mpcpu; 5685 struct vnode *vp; 5686 seqc_t vp_seqc; 5687 5688 vp = fpl->tvp; 5689 vp_seqc = fpl->tvp_seqc; 5690 5691 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp); 5692 mp = atomic_load_ptr(&vp->v_mountedhere); 5693 if (__predict_false(mp == NULL)) { 5694 return (0); 5695 } 5696 5697 prev_mp = NULL; 5698 for (;;) { 5699 if (!vfs_op_thread_enter_crit(mp, mpcpu)) { 5700 if (prev_mp != NULL) 5701 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5702 return (cache_fpl_partial(fpl)); 5703 } 5704 if (prev_mp != NULL) 5705 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5706 if (!vn_seqc_consistent(vp, vp_seqc)) { 5707 vfs_op_thread_exit_crit(mp, mpcpu); 5708 return (cache_fpl_partial(fpl)); 5709 } 5710 if (!cache_fplookup_mp_supported(mp)) { 5711 vfs_op_thread_exit_crit(mp, mpcpu); 5712 return (cache_fpl_partial(fpl)); 5713 } 5714 vp = atomic_load_ptr(&mp->mnt_rootvnode); 5715 if (vp == NULL) { 5716 vfs_op_thread_exit_crit(mp, mpcpu); 5717 return (cache_fpl_partial(fpl)); 5718 } 5719 vp_seqc = vn_seqc_read_any(vp); 5720 if (seqc_in_modify(vp_seqc)) { 5721 vfs_op_thread_exit_crit(mp, mpcpu); 5722 return (cache_fpl_partial(fpl)); 5723 } 5724 prev_mp = mp; 5725 prev_mpcpu = mpcpu; 5726 mp = atomic_load_ptr(&vp->v_mountedhere); 5727 if (mp == NULL) 5728 break; 5729 } 5730 5731 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5732 fpl->tvp = vp; 5733 fpl->tvp_seqc = vp_seqc; 5734 return (0); 5735 } 5736 5737 static int __noinline 5738 cache_fplookup_cross_mount(struct cache_fpl *fpl) 5739 { 5740 struct mount *mp; 5741 struct mount_pcpu *mpcpu; 5742 struct vnode *vp; 5743 seqc_t vp_seqc; 5744 5745 vp = fpl->tvp; 5746 vp_seqc = fpl->tvp_seqc; 5747 5748 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp); 5749 mp = atomic_load_ptr(&vp->v_mountedhere); 5750 if (__predict_false(mp == NULL)) { 5751 return (0); 5752 } 5753 5754 if (!vfs_op_thread_enter_crit(mp, mpcpu)) { 5755 return (cache_fpl_partial(fpl)); 5756 } 5757 if (!vn_seqc_consistent(vp, vp_seqc)) { 5758 vfs_op_thread_exit_crit(mp, mpcpu); 5759 return (cache_fpl_partial(fpl)); 5760 } 5761 if (!cache_fplookup_mp_supported(mp)) { 5762 vfs_op_thread_exit_crit(mp, mpcpu); 5763 return (cache_fpl_partial(fpl)); 5764 } 5765 vp = atomic_load_ptr(&mp->mnt_rootvnode); 5766 if (__predict_false(vp == NULL)) { 5767 vfs_op_thread_exit_crit(mp, mpcpu); 5768 return (cache_fpl_partial(fpl)); 5769 } 5770 vp_seqc = vn_seqc_read_any(vp); 5771 vfs_op_thread_exit_crit(mp, mpcpu); 5772 if (seqc_in_modify(vp_seqc)) { 5773 return (cache_fpl_partial(fpl)); 5774 } 5775 mp = atomic_load_ptr(&vp->v_mountedhere); 5776 if (__predict_false(mp != NULL)) { 5777 /* 5778 * There are possibly more mount points on top. 5779 * Normally this does not happen so for simplicity just start 5780 * over. 5781 */ 5782 return (cache_fplookup_climb_mount(fpl)); 5783 } 5784 5785 fpl->tvp = vp; 5786 fpl->tvp_seqc = vp_seqc; 5787 return (0); 5788 } 5789 5790 /* 5791 * Check if a vnode is mounted on. 5792 */ 5793 static bool 5794 cache_fplookup_is_mp(struct cache_fpl *fpl) 5795 { 5796 struct vnode *vp; 5797 5798 vp = fpl->tvp; 5799 return ((vn_irflag_read(vp) & VIRF_MOUNTPOINT) != 0); 5800 } 5801 5802 /* 5803 * Parse the path. 5804 * 5805 * The code was originally copy-pasted from regular lookup and despite 5806 * clean ups leaves performance on the table. Any modifications here 5807 * must take into account that in case off fallback the resulting 5808 * nameidata state has to be compatible with the original. 5809 */ 5810 5811 /* 5812 * Debug ni_pathlen tracking. 5813 */ 5814 #ifdef INVARIANTS 5815 static void 5816 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n) 5817 { 5818 5819 fpl->debug.ni_pathlen += n; 5820 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX, 5821 ("%s: pathlen overflow to %zd\n", __func__, fpl->debug.ni_pathlen)); 5822 } 5823 5824 static void 5825 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n) 5826 { 5827 5828 fpl->debug.ni_pathlen -= n; 5829 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX, 5830 ("%s: pathlen underflow to %zd\n", __func__, fpl->debug.ni_pathlen)); 5831 } 5832 5833 static void 5834 cache_fpl_pathlen_inc(struct cache_fpl *fpl) 5835 { 5836 5837 cache_fpl_pathlen_add(fpl, 1); 5838 } 5839 5840 static void 5841 cache_fpl_pathlen_dec(struct cache_fpl *fpl) 5842 { 5843 5844 cache_fpl_pathlen_sub(fpl, 1); 5845 } 5846 #else 5847 static void 5848 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n) 5849 { 5850 } 5851 5852 static void 5853 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n) 5854 { 5855 } 5856 5857 static void 5858 cache_fpl_pathlen_inc(struct cache_fpl *fpl) 5859 { 5860 } 5861 5862 static void 5863 cache_fpl_pathlen_dec(struct cache_fpl *fpl) 5864 { 5865 } 5866 #endif 5867 5868 static void 5869 cache_fplookup_parse(struct cache_fpl *fpl) 5870 { 5871 struct nameidata *ndp; 5872 struct componentname *cnp; 5873 struct vnode *dvp; 5874 char *cp; 5875 uint32_t hash; 5876 5877 ndp = fpl->ndp; 5878 cnp = fpl->cnp; 5879 dvp = fpl->dvp; 5880 5881 /* 5882 * Find the end of this path component, it is either / or nul. 5883 * 5884 * Store / as a temporary sentinel so that we only have one character 5885 * to test for. Pathnames tend to be short so this should not be 5886 * resulting in cache misses. 5887 * 5888 * TODO: fix this to be word-sized. 5889 */ 5890 MPASS(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] >= cnp->cn_pnbuf); 5891 KASSERT(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] == fpl->nulchar, 5892 ("%s: mismatch between pathlen (%zu) and nulchar (%p != %p), string [%s]\n", 5893 __func__, fpl->debug.ni_pathlen, &cnp->cn_nameptr[fpl->debug.ni_pathlen - 1], 5894 fpl->nulchar, cnp->cn_pnbuf)); 5895 KASSERT(*fpl->nulchar == '\0', 5896 ("%s: expected nul at %p; string [%s]\n", __func__, fpl->nulchar, 5897 cnp->cn_pnbuf)); 5898 hash = cache_get_hash_iter_start(dvp); 5899 *fpl->nulchar = '/'; 5900 for (cp = cnp->cn_nameptr; *cp != '/'; cp++) { 5901 KASSERT(*cp != '\0', 5902 ("%s: encountered unexpected nul; string [%s]\n", __func__, 5903 cnp->cn_nameptr)); 5904 hash = cache_get_hash_iter(*cp, hash); 5905 continue; 5906 } 5907 *fpl->nulchar = '\0'; 5908 fpl->hash = cache_get_hash_iter_finish(hash); 5909 5910 cnp->cn_namelen = cp - cnp->cn_nameptr; 5911 cache_fpl_pathlen_sub(fpl, cnp->cn_namelen); 5912 5913 #ifdef INVARIANTS 5914 /* 5915 * cache_get_hash only accepts lengths up to NAME_MAX. This is fine since 5916 * we are going to fail this lookup with ENAMETOOLONG (see below). 5917 */ 5918 if (cnp->cn_namelen <= NAME_MAX) { 5919 if (fpl->hash != cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp)) { 5920 panic("%s: mismatched hash for [%s] len %ld", __func__, 5921 cnp->cn_nameptr, cnp->cn_namelen); 5922 } 5923 } 5924 #endif 5925 5926 /* 5927 * Hack: we have to check if the found path component's length exceeds 5928 * NAME_MAX. However, the condition is very rarely true and check can 5929 * be elided in the common case -- if an entry was found in the cache, 5930 * then it could not have been too long to begin with. 5931 */ 5932 ndp->ni_next = cp; 5933 } 5934 5935 static void 5936 cache_fplookup_parse_advance(struct cache_fpl *fpl) 5937 { 5938 struct nameidata *ndp; 5939 struct componentname *cnp; 5940 5941 ndp = fpl->ndp; 5942 cnp = fpl->cnp; 5943 5944 cnp->cn_nameptr = ndp->ni_next; 5945 KASSERT(*(cnp->cn_nameptr) == '/', 5946 ("%s: should have seen slash at %p ; buf %p [%s]\n", __func__, 5947 cnp->cn_nameptr, cnp->cn_pnbuf, cnp->cn_pnbuf)); 5948 cnp->cn_nameptr++; 5949 cache_fpl_pathlen_dec(fpl); 5950 } 5951 5952 /* 5953 * Skip spurious slashes in a pathname (e.g., "foo///bar") and retry. 5954 * 5955 * Lockless lookup tries to elide checking for spurious slashes and should they 5956 * be present is guaranteed to fail to find an entry. In this case the caller 5957 * must check if the name starts with a slash and call this routine. It is 5958 * going to fast forward across the spurious slashes and set the state up for 5959 * retry. 5960 */ 5961 static int __noinline 5962 cache_fplookup_skip_slashes(struct cache_fpl *fpl) 5963 { 5964 struct nameidata *ndp; 5965 struct componentname *cnp; 5966 5967 ndp = fpl->ndp; 5968 cnp = fpl->cnp; 5969 5970 MPASS(*(cnp->cn_nameptr) == '/'); 5971 do { 5972 cnp->cn_nameptr++; 5973 cache_fpl_pathlen_dec(fpl); 5974 } while (*(cnp->cn_nameptr) == '/'); 5975 5976 /* 5977 * Go back to one slash so that cache_fplookup_parse_advance has 5978 * something to skip. 5979 */ 5980 cnp->cn_nameptr--; 5981 cache_fpl_pathlen_inc(fpl); 5982 5983 /* 5984 * cache_fplookup_parse_advance starts from ndp->ni_next 5985 */ 5986 ndp->ni_next = cnp->cn_nameptr; 5987 5988 /* 5989 * See cache_fplookup_dot. 5990 */ 5991 fpl->tvp = fpl->dvp; 5992 fpl->tvp_seqc = fpl->dvp_seqc; 5993 5994 return (0); 5995 } 5996 5997 /* 5998 * Handle trailing slashes (e.g., "foo/"). 5999 * 6000 * If a trailing slash is found the terminal vnode must be a directory. 6001 * Regular lookup shortens the path by nulifying the first trailing slash and 6002 * sets the TRAILINGSLASH flag to denote this took place. There are several 6003 * checks on it performed later. 6004 * 6005 * Similarly to spurious slashes, lockless lookup handles this in a speculative 6006 * manner relying on an invariant that a non-directory vnode will get a miss. 6007 * In this case cn_nameptr[0] == '\0' and cn_namelen == 0. 6008 * 6009 * Thus for a path like "foo/bar/" the code unwinds the state back to "bar/" 6010 * and denotes this is the last path component, which avoids looping back. 6011 * 6012 * Only plain lookups are supported for now to restrict corner cases to handle. 6013 */ 6014 static int __noinline 6015 cache_fplookup_trailingslash(struct cache_fpl *fpl) 6016 { 6017 #ifdef INVARIANTS 6018 size_t ni_pathlen; 6019 #endif 6020 struct nameidata *ndp; 6021 struct componentname *cnp; 6022 struct namecache *ncp; 6023 struct vnode *tvp; 6024 char *cn_nameptr_orig, *cn_nameptr_slash; 6025 seqc_t tvp_seqc; 6026 u_char nc_flag; 6027 6028 ndp = fpl->ndp; 6029 cnp = fpl->cnp; 6030 tvp = fpl->tvp; 6031 tvp_seqc = fpl->tvp_seqc; 6032 6033 MPASS(fpl->dvp == fpl->tvp); 6034 KASSERT(cache_fpl_istrailingslash(fpl), 6035 ("%s: expected trailing slash at %p; string [%s]\n", __func__, fpl->nulchar - 1, 6036 cnp->cn_pnbuf)); 6037 KASSERT(cnp->cn_nameptr[0] == '\0', 6038 ("%s: expected nul char at %p; string [%s]\n", __func__, &cnp->cn_nameptr[0], 6039 cnp->cn_pnbuf)); 6040 KASSERT(cnp->cn_namelen == 0, 6041 ("%s: namelen 0 but got %ld; string [%s]\n", __func__, cnp->cn_namelen, 6042 cnp->cn_pnbuf)); 6043 MPASS(cnp->cn_nameptr > cnp->cn_pnbuf); 6044 6045 if (cnp->cn_nameiop != LOOKUP) { 6046 return (cache_fpl_aborted(fpl)); 6047 } 6048 6049 if (__predict_false(tvp->v_type != VDIR)) { 6050 if (!vn_seqc_consistent(tvp, tvp_seqc)) { 6051 return (cache_fpl_aborted(fpl)); 6052 } 6053 cache_fpl_smr_exit(fpl); 6054 return (cache_fpl_handled_error(fpl, ENOTDIR)); 6055 } 6056 6057 /* 6058 * Denote the last component. 6059 */ 6060 ndp->ni_next = &cnp->cn_nameptr[0]; 6061 MPASS(cache_fpl_islastcn(ndp)); 6062 6063 /* 6064 * Unwind trailing slashes. 6065 */ 6066 cn_nameptr_orig = cnp->cn_nameptr; 6067 while (cnp->cn_nameptr >= cnp->cn_pnbuf) { 6068 cnp->cn_nameptr--; 6069 if (cnp->cn_nameptr[0] != '/') { 6070 break; 6071 } 6072 } 6073 6074 /* 6075 * Unwind to the beginning of the path component. 6076 * 6077 * Note the path may or may not have started with a slash. 6078 */ 6079 cn_nameptr_slash = cnp->cn_nameptr; 6080 while (cnp->cn_nameptr > cnp->cn_pnbuf) { 6081 cnp->cn_nameptr--; 6082 if (cnp->cn_nameptr[0] == '/') { 6083 break; 6084 } 6085 } 6086 if (cnp->cn_nameptr[0] == '/') { 6087 cnp->cn_nameptr++; 6088 } 6089 6090 cnp->cn_namelen = cn_nameptr_slash - cnp->cn_nameptr + 1; 6091 cache_fpl_pathlen_add(fpl, cn_nameptr_orig - cnp->cn_nameptr); 6092 cache_fpl_checkpoint(fpl); 6093 6094 #ifdef INVARIANTS 6095 ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1; 6096 if (ni_pathlen != fpl->debug.ni_pathlen) { 6097 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 6098 __func__, ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 6099 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 6100 } 6101 #endif 6102 6103 /* 6104 * If this was a "./" lookup the parent directory is already correct. 6105 */ 6106 if (cnp->cn_nameptr[0] == '.' && cnp->cn_namelen == 1) { 6107 return (0); 6108 } 6109 6110 /* 6111 * Otherwise we need to look it up. 6112 */ 6113 tvp = fpl->tvp; 6114 ncp = atomic_load_consume_ptr(&tvp->v_cache_dd); 6115 if (__predict_false(ncp == NULL)) { 6116 return (cache_fpl_aborted(fpl)); 6117 } 6118 nc_flag = atomic_load_char(&ncp->nc_flag); 6119 if ((nc_flag & NCF_ISDOTDOT) != 0) { 6120 return (cache_fpl_aborted(fpl)); 6121 } 6122 fpl->dvp = ncp->nc_dvp; 6123 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp); 6124 if (seqc_in_modify(fpl->dvp_seqc)) { 6125 return (cache_fpl_aborted(fpl)); 6126 } 6127 return (0); 6128 } 6129 6130 /* 6131 * See the API contract for VOP_FPLOOKUP_VEXEC. 6132 */ 6133 static int __noinline 6134 cache_fplookup_failed_vexec(struct cache_fpl *fpl, int error) 6135 { 6136 struct componentname *cnp; 6137 struct vnode *dvp; 6138 seqc_t dvp_seqc; 6139 6140 cnp = fpl->cnp; 6141 dvp = fpl->dvp; 6142 dvp_seqc = fpl->dvp_seqc; 6143 6144 /* 6145 * Hack: delayed empty path checking. 6146 */ 6147 if (cnp->cn_pnbuf[0] == '\0') { 6148 return (cache_fplookup_emptypath(fpl)); 6149 } 6150 6151 /* 6152 * TODO: Due to ignoring trailing slashes lookup will perform a 6153 * permission check on the last dir when it should not be doing it. It 6154 * may fail, but said failure should be ignored. It is possible to fix 6155 * it up fully without resorting to regular lookup, but for now just 6156 * abort. 6157 */ 6158 if (cache_fpl_istrailingslash(fpl)) { 6159 return (cache_fpl_aborted(fpl)); 6160 } 6161 6162 /* 6163 * Hack: delayed degenerate path checking. 6164 */ 6165 if (cnp->cn_nameptr[0] == '\0' && fpl->tvp == NULL) { 6166 return (cache_fplookup_degenerate(fpl)); 6167 } 6168 6169 /* 6170 * Hack: delayed name len checking. 6171 */ 6172 if (__predict_false(cnp->cn_namelen > NAME_MAX)) { 6173 cache_fpl_smr_exit(fpl); 6174 return (cache_fpl_handled_error(fpl, ENAMETOOLONG)); 6175 } 6176 6177 /* 6178 * Hack: they may be looking up foo/bar, where foo is not a directory. 6179 * In such a case we need to return ENOTDIR, but we may happen to get 6180 * here with a different error. 6181 */ 6182 if (dvp->v_type != VDIR) { 6183 error = ENOTDIR; 6184 } 6185 6186 /* 6187 * Hack: handle O_SEARCH. 6188 * 6189 * Open Group Base Specifications Issue 7, 2018 edition states: 6190 * <quote> 6191 * If the access mode of the open file description associated with the 6192 * file descriptor is not O_SEARCH, the function shall check whether 6193 * directory searches are permitted using the current permissions of 6194 * the directory underlying the file descriptor. If the access mode is 6195 * O_SEARCH, the function shall not perform the check. 6196 * </quote> 6197 * 6198 * Regular lookup tests for the NOEXECCHECK flag for every path 6199 * component to decide whether to do the permission check. However, 6200 * since most lookups never have the flag (and when they do it is only 6201 * present for the first path component), lockless lookup only acts on 6202 * it if there is a permission problem. Here the flag is represented 6203 * with a boolean so that we don't have to clear it on the way out. 6204 * 6205 * For simplicity this always aborts. 6206 * TODO: check if this is the first lookup and ignore the permission 6207 * problem. Note the flag has to survive fallback (if it happens to be 6208 * performed). 6209 */ 6210 if (fpl->fsearch) { 6211 return (cache_fpl_aborted(fpl)); 6212 } 6213 6214 switch (error) { 6215 case EAGAIN: 6216 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 6217 error = cache_fpl_aborted(fpl); 6218 } else { 6219 cache_fpl_partial(fpl); 6220 } 6221 break; 6222 default: 6223 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 6224 error = cache_fpl_aborted(fpl); 6225 } else { 6226 cache_fpl_smr_exit(fpl); 6227 cache_fpl_handled_error(fpl, error); 6228 } 6229 break; 6230 } 6231 return (error); 6232 } 6233 6234 static int 6235 cache_fplookup_impl(struct vnode *dvp, struct cache_fpl *fpl) 6236 { 6237 struct nameidata *ndp; 6238 struct componentname *cnp; 6239 struct mount *mp; 6240 int error; 6241 6242 ndp = fpl->ndp; 6243 cnp = fpl->cnp; 6244 6245 cache_fpl_checkpoint(fpl); 6246 6247 /* 6248 * The vnode at hand is almost always stable, skip checking for it. 6249 * Worst case this postpones the check towards the end of the iteration 6250 * of the main loop. 6251 */ 6252 fpl->dvp = dvp; 6253 fpl->dvp_seqc = vn_seqc_read_notmodify(fpl->dvp); 6254 6255 mp = atomic_load_ptr(&dvp->v_mount); 6256 if (__predict_false(mp == NULL || !cache_fplookup_mp_supported(mp))) { 6257 return (cache_fpl_aborted(fpl)); 6258 } 6259 6260 MPASS(fpl->tvp == NULL); 6261 6262 for (;;) { 6263 cache_fplookup_parse(fpl); 6264 6265 error = VOP_FPLOOKUP_VEXEC(fpl->dvp, cnp->cn_cred); 6266 if (__predict_false(error != 0)) { 6267 error = cache_fplookup_failed_vexec(fpl, error); 6268 break; 6269 } 6270 6271 error = cache_fplookup_next(fpl); 6272 if (__predict_false(cache_fpl_terminated(fpl))) { 6273 break; 6274 } 6275 6276 VNPASS(!seqc_in_modify(fpl->tvp_seqc), fpl->tvp); 6277 6278 if (fpl->tvp->v_type == VLNK) { 6279 error = cache_fplookup_symlink(fpl); 6280 if (cache_fpl_terminated(fpl)) { 6281 break; 6282 } 6283 } else { 6284 if (cache_fpl_islastcn(ndp)) { 6285 error = cache_fplookup_final(fpl); 6286 break; 6287 } 6288 6289 if (!vn_seqc_consistent(fpl->dvp, fpl->dvp_seqc)) { 6290 error = cache_fpl_aborted(fpl); 6291 break; 6292 } 6293 6294 fpl->dvp = fpl->tvp; 6295 fpl->dvp_seqc = fpl->tvp_seqc; 6296 cache_fplookup_parse_advance(fpl); 6297 } 6298 6299 cache_fpl_checkpoint(fpl); 6300 } 6301 6302 return (error); 6303 } 6304 6305 /* 6306 * Fast path lookup protected with SMR and sequence counters. 6307 * 6308 * Note: all VOP_FPLOOKUP_VEXEC routines have a comment referencing this one. 6309 * 6310 * Filesystems can opt in by setting the MNTK_FPLOOKUP flag and meeting criteria 6311 * outlined at the end. 6312 * 6313 * Traversing from one vnode to another requires atomicity with regard to 6314 * permissions, mount points and of course their relative placement (if you are 6315 * looking up "bar" in "foo" and you found it, it better be in that directory 6316 * at the time). 6317 * 6318 * Normally this is accomplished with locking, but it comes with a significant 6319 * performance hit and is untenable as a fast path even in a moderate core 6320 * count environment (at the time of writing this comment this would be a 6321 * little south of 100). 6322 * 6323 * The same guarantee can be provided with a combination of safe memory 6324 * reclamation and sequence counters instead. If all operations which affect 6325 * the relationship between the current vnode and the one we are looking for 6326 * also modify the counter, we can verify whether all the conditions held as 6327 * we made the jump. 6328 * 6329 * See places which issue vn_seqc_write_begin()/vn_seqc_write_end() for 6330 * operations affected. 6331 * 6332 * Suppose the variable "cnp" contains lookup metadata (the path etc.), then 6333 * locked lookup conceptually looks like this: 6334 * 6335 * // lock the current directory 6336 * vn_lock(dvp); 6337 * for (;;) { 6338 * // permission check 6339 * if (!canlookup(dvp, cnp)) 6340 * abort(); 6341 * // look for the target name inside dvp 6342 * tvp = findnext(dvp, cnp); 6343 * vn_lock(tvp); 6344 * // tvp is still guaranteed to be inside of dvp because of the lock on dvp 6345 * vn_unlock(dvp); 6346 * // dvp is unlocked. its state is now arbitrary, but that's fine as we 6347 * // made the jump while everything relevant was correct, continue with tvp 6348 * // as the directory to look up names in 6349 * tvp = dvp; 6350 * if (last) 6351 * break; 6352 * // if not last loop back and continue until done 6353 * } 6354 * vget(tvp); 6355 * return (tvp); 6356 * 6357 * Lockless lookup replaces locking with sequence counter checks: 6358 * 6359 * vfs_smr_enter(); 6360 * dvp_seqc = seqc_read_any(dvp); 6361 * // fail if someone is altering the directory vnode 6362 * if (seqc_in_modify(dvp_seqc)) 6363 * abort(); 6364 * for (;;) { 6365 * // permission check. note it can race, but we will validate the outcome 6366 * // with a seqc 6367 * if (!canlookup_smr(dvp, cnp)) { 6368 * // has dvp changed from under us? if so, the denial may be invalid 6369 * if (!seqc_consistent(dvp, dvp_seqc) 6370 * fallback_to_locked(); 6371 * // nothing changed, lookup denial is valid 6372 * fail(); 6373 * } 6374 * // look for the target name inside dvp 6375 * tvp = findnext(dvp, cnp); 6376 * tvp_seqc = seqc_read_any(tvp); 6377 * // bail if someone is altering the target vnode 6378 * if (seqc_in_modify(tvp_seqc)) 6379 * fallback_to_locked(); 6380 * // bail if someone is altering the directory vnode 6381 * if (!seqc_consistent(dvp, dvp_seqc) 6382 * fallback_to_locked(); 6383 * // we confirmed neither dvp nor tvp changed while we were making the 6384 * // jump to the next component, thus the result is the same as if we 6385 * // held the lock on dvp and tvp the entire time, continue with tvp 6386 * // as the directory to look up names in 6387 * dvp = tvp; 6388 * dvp_seqc = tvp_seqc; 6389 * if (last) 6390 * break; 6391 * } 6392 * vget(); // secure the vnode 6393 * if (!seqc_consistent(tvp, tvp_seqc) // final check 6394 * fallback_to_locked(); 6395 * // at this point we know nothing has changed for any parent<->child pair 6396 * // as they were crossed during the lookup, meaning we matched the guarantee 6397 * // of the locked variant 6398 * return (tvp); 6399 * 6400 * The API contract for VOP_FPLOOKUP_VEXEC routines is as follows: 6401 * - they are called while within vfs_smr protection which they must never exit 6402 * - EAGAIN can be returned to denote checking could not be performed, it is 6403 * always valid to return it 6404 * - if the sequence counter has not changed the result must be valid 6405 * - if the sequence counter has changed both false positives and false negatives 6406 * are permitted (since the result will be rejected later) 6407 * - for simple cases of unix permission checks vaccess_vexec_smr can be used 6408 * 6409 * Caveats to watch out for: 6410 * - vnodes are passed unlocked and unreferenced with nothing stopping 6411 * VOP_RECLAIM, in turn meaning that ->v_data can become NULL. It is advised 6412 * to use atomic_load_ptr to fetch it. 6413 * - the aforementioned object can also get freed, meaning absent other means it 6414 * should be protected with vfs_smr 6415 * - either safely checking permissions as they are modified or guaranteeing 6416 * their stability is left to the routine 6417 */ 6418 int 6419 cache_fplookup(struct nameidata *ndp, enum cache_fpl_status *status, 6420 struct pwd **pwdp) 6421 { 6422 struct cache_fpl fpl; 6423 struct pwd *pwd; 6424 struct vnode *dvp; 6425 struct componentname *cnp; 6426 int error; 6427 6428 fpl.status = CACHE_FPL_STATUS_UNSET; 6429 fpl.in_smr = false; 6430 fpl.ndp = ndp; 6431 fpl.cnp = cnp = &ndp->ni_cnd; 6432 MPASS(ndp->ni_lcf == 0); 6433 KASSERT ((cnp->cn_flags & CACHE_FPL_INTERNAL_CN_FLAGS) == 0, 6434 ("%s: internal flags found in cn_flags %" PRIx64, __func__, 6435 cnp->cn_flags)); 6436 MPASS(cnp->cn_nameptr == cnp->cn_pnbuf); 6437 MPASS(ndp->ni_resflags == 0); 6438 6439 if (__predict_false(!cache_can_fplookup(&fpl))) { 6440 *status = fpl.status; 6441 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status); 6442 return (EOPNOTSUPP); 6443 } 6444 6445 cache_fpl_checkpoint_outer(&fpl); 6446 6447 cache_fpl_smr_enter_initial(&fpl); 6448 #ifdef INVARIANTS 6449 fpl.debug.ni_pathlen = ndp->ni_pathlen; 6450 #endif 6451 fpl.nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1]; 6452 fpl.fsearch = false; 6453 fpl.tvp = NULL; /* for degenerate path handling */ 6454 fpl.pwd = pwdp; 6455 pwd = pwd_get_smr(); 6456 *(fpl.pwd) = pwd; 6457 namei_setup_rootdir(ndp, cnp, pwd); 6458 ndp->ni_topdir = pwd->pwd_jdir; 6459 6460 if (cnp->cn_pnbuf[0] == '/') { 6461 dvp = cache_fpl_handle_root(&fpl); 6462 ndp->ni_resflags = NIRES_ABS; 6463 } else { 6464 if (ndp->ni_dirfd == AT_FDCWD) { 6465 dvp = pwd->pwd_cdir; 6466 } else { 6467 error = cache_fplookup_dirfd(&fpl, &dvp); 6468 if (__predict_false(error != 0)) { 6469 goto out; 6470 } 6471 } 6472 } 6473 6474 SDT_PROBE4(vfs, namei, lookup, entry, dvp, cnp->cn_pnbuf, cnp->cn_flags, true); 6475 error = cache_fplookup_impl(dvp, &fpl); 6476 out: 6477 cache_fpl_smr_assert_not_entered(&fpl); 6478 cache_fpl_assert_status(&fpl); 6479 *status = fpl.status; 6480 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status); 6481 if (__predict_true(fpl.status == CACHE_FPL_STATUS_HANDLED)) { 6482 MPASS(error != CACHE_FPL_FAILED); 6483 SDT_PROBE4(vfs, namei, lookup, return, error, ndp->ni_vp, true, 6484 ndp); 6485 if (error != 0) { 6486 cache_fpl_cleanup_cnp(fpl.cnp); 6487 MPASS(fpl.dvp == NULL); 6488 MPASS(fpl.tvp == NULL); 6489 } 6490 ndp->ni_dvp = fpl.dvp; 6491 ndp->ni_vp = fpl.tvp; 6492 } 6493 return (error); 6494 } 6495