2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from software contributed to Berkeley by
8 * Poul-Henning Kamp of the FreeBSD Project.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)vfs_cache.c 8.5 (Berkeley) 3/22/95
37 #include <sys/cdefs.h>
39 #include "opt_ktrace.h"
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/capsicum.h>
44 #include <sys/counter.h>
45 #include <sys/filedesc.h>
46 #include <sys/fnv_hash.h>
47 #include <sys/kernel.h>
50 #include <sys/malloc.h>
51 #include <sys/fcntl.h>
53 #include <sys/mount.h>
54 #include <sys/namei.h>
60 #include <sys/syscallsubr.h>
61 #include <sys/sysctl.h>
62 #include <sys/sysproto.h>
63 #include <sys/vnode.h>
66 #include <sys/ktrace.h>
69 #include <machine/_inttypes.h>
72 #include <security/audit/audit.h>
73 #include <security/mac/mac_framework.h>
82 * High level overview of name caching in the VFS layer.
84 * Originally caching was implemented as part of UFS, later extracted to allow
85 * use by other filesystems. A decision was made to make it optional and
86 * completely detached from the rest of the kernel, which comes with limitations
87 * outlined near the end of this comment block.
89 * This fundamental choice needs to be revisited. In the meantime, the current
90 * state is described below. Significance of all notable routines is explained
91 * in comments placed above their implementation. Scattered thoroughout the
92 * file are TODO comments indicating shortcomings which can be fixed without
93 * reworking everything (most of the fixes will likely be reusable). Various
94 * details are omitted from this explanation to not clutter the overview, they
95 * have to be checked by reading the code and associated commentary.
97 * Keep in mind that it's individual path components which are cached, not full
98 * paths. That is, for a fully cached path "foo/bar/baz" there are 3 entries,
101 * I. Data organization
103 * Entries are described by "struct namecache" objects and stored in a hash
104 * table. See cache_get_hash for more information.
106 * "struct vnode" contains pointers to source entries (names which can be found
107 * when traversing through said vnode), destination entries (names of that
108 * vnode (see "Limitations" for a breakdown on the subject) and a pointer to
111 * The (directory vnode; name) tuple reliably determines the target entry if
114 * Since there are no small locks at this time (all are 32 bytes in size on
115 * LP64), the code works around the problem by introducing lock arrays to
116 * protect hash buckets and vnode lists.
118 * II. Filesystem integration
120 * Filesystems participating in name caching do the following:
121 * - set vop_lookup routine to vfs_cache_lookup
122 * - set vop_cachedlookup to whatever can perform the lookup if the above fails
123 * - if they support lockless lookup (see below), vop_fplookup_vexec and
124 * vop_fplookup_symlink are set along with the MNTK_FPLOOKUP flag on the
126 * - call cache_purge or cache_vop_* routines to eliminate stale entries as
128 * - call cache_enter to add entries depending on the MAKEENTRY flag
130 * With the above in mind, there are 2 entry points when doing lookups:
131 * - ... -> namei -> cache_fplookup -- this is the default
132 * - ... -> VOP_LOOKUP -> vfs_cache_lookup -- normally only called by namei
133 * should the above fail
135 * Example code flow how an entry is added:
136 * ... -> namei -> cache_fplookup -> cache_fplookup_noentry -> VOP_LOOKUP ->
137 * vfs_cache_lookup -> VOP_CACHEDLOOKUP -> ufs_lookup_ino -> cache_enter
139 * III. Performance considerations
141 * For lockless case forward lookup avoids any writes to shared areas apart
142 * from the terminal path component. In other words non-modifying lookups of
143 * different files don't suffer any scalability problems in the namecache.
144 * Looking up the same file is limited by VFS and goes beyond the scope of this
147 * At least on amd64 the single-threaded bottleneck for long paths is hashing
148 * (see cache_get_hash). There are cases where the code issues acquire fence
149 * multiple times, they can be combined on architectures which suffer from it.
151 * For locked case each encountered vnode has to be referenced and locked in
152 * order to be handed out to the caller (normally that's namei). This
153 * introduces significant hit single-threaded and serialization multi-threaded.
155 * Reverse lookup (e.g., "getcwd") fully scales provided it is fully cached --
156 * avoids any writes to shared areas to any components.
158 * Unrelated insertions are partially serialized on updating the global entry
159 * counter and possibly serialized on colliding bucket or vnode locks.
163 * Note not everything has an explicit dtrace probe nor it should have, thus
164 * some of the one-liners below depend on implementation details.
168 * # Check what lookups failed to be handled in a lockless manner. Column 1 is
169 * # line number, column 2 is status code (see cache_fpl_status)
170 * dtrace -n 'vfs:fplookup:lookup:done { @[arg1, arg2] = count(); }'
172 * # Lengths of names added by binary name
173 * dtrace -n 'fbt::cache_enter_time:entry { @[execname] = quantize(args[2]->cn_namelen); }'
175 * # Same as above but only those which exceed 64 characters
176 * dtrace -n 'fbt::cache_enter_time:entry /args[2]->cn_namelen > 64/ { @[execname] = quantize(args[2]->cn_namelen); }'
178 * # Who is performing lookups with spurious slashes (e.g., "foo//bar") and what
180 * dtrace -n 'fbt::cache_fplookup_skip_slashes:entry { @[execname, stringof(args[0]->cnp->cn_pnbuf)] = count(); }'
182 * V. Limitations and implementation defects
184 * - since it is possible there is no entry for an open file, tools like
185 * "procstat" may fail to resolve fd -> vnode -> path to anything
186 * - even if a filesystem adds an entry, it may get purged (e.g., due to memory
187 * shortage) in which case the above problem applies
188 * - hardlinks are not tracked, thus if a vnode is reachable in more than one
189 * way, resolving a name may return a different path than the one used to
190 * open it (even if said path is still valid)
191 * - by default entries are not added for newly created files
192 * - adding an entry may need to evict negative entry first, which happens in 2
193 * distinct places (evicting on lookup, adding in a later VOP) making it
194 * impossible to simply reuse it
195 * - there is a simple scheme to evict negative entries as the cache is approaching
196 * its capacity, but it is very unclear if doing so is a good idea to begin with
197 * - vnodes are subject to being recycled even if target inode is left in memory,
198 * which loses the name cache entries when it perhaps should not. in case of tmpfs
199 * names get duplicated -- kept by filesystem itself and namecache separately
200 * - struct namecache has a fixed size and comes in 2 variants, often wasting space.
201 * now hard to replace with malloc due to dependence on SMR.
202 * - lack of better integration with the kernel also turns nullfs into a layered
203 * filesystem instead of something which can take advantage of caching
206 static SYSCTL_NODE(_vfs, OID_AUTO, cache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
209 SDT_PROVIDER_DECLARE(vfs);
210 SDT_PROBE_DEFINE3(vfs, namecache, enter, done, "struct vnode *", "char *",
212 SDT_PROBE_DEFINE3(vfs, namecache, enter, duplicate, "struct vnode *", "char *",
214 SDT_PROBE_DEFINE2(vfs, namecache, enter_negative, done, "struct vnode *",
216 SDT_PROBE_DEFINE2(vfs, namecache, fullpath_smr, hit, "struct vnode *",
218 SDT_PROBE_DEFINE4(vfs, namecache, fullpath_smr, miss, "struct vnode *",
219 "struct namecache *", "int", "int");
220 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, entry, "struct vnode *");
221 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, hit, "struct vnode *",
222 "char *", "struct vnode *");
223 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, miss, "struct vnode *");
224 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, return, "int",
225 "struct vnode *", "char *");
226 SDT_PROBE_DEFINE3(vfs, namecache, lookup, hit, "struct vnode *", "char *",
228 SDT_PROBE_DEFINE2(vfs, namecache, lookup, hit__negative,
229 "struct vnode *", "char *");
230 SDT_PROBE_DEFINE2(vfs, namecache, lookup, miss, "struct vnode *",
232 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, hit, "struct vnode *",
233 "struct componentname *");
234 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, miss, "struct vnode *",
235 "struct componentname *");
236 SDT_PROBE_DEFINE3(vfs, namecache, purge, done, "struct vnode *", "size_t", "size_t");
237 SDT_PROBE_DEFINE1(vfs, namecache, purge, batch, "int");
238 SDT_PROBE_DEFINE1(vfs, namecache, purge_negative, done, "struct vnode *");
239 SDT_PROBE_DEFINE1(vfs, namecache, purgevfs, done, "struct mount *");
240 SDT_PROBE_DEFINE3(vfs, namecache, zap, done, "struct vnode *", "char *",
242 SDT_PROBE_DEFINE2(vfs, namecache, zap_negative, done, "struct vnode *",
244 SDT_PROBE_DEFINE2(vfs, namecache, evict_negative, done, "struct vnode *",
246 SDT_PROBE_DEFINE1(vfs, namecache, symlink, alloc__fail, "size_t");
248 SDT_PROBE_DEFINE3(vfs, fplookup, lookup, done, "struct nameidata", "int", "bool");
249 SDT_PROBE_DECLARE(vfs, namei, lookup, entry);
250 SDT_PROBE_DECLARE(vfs, namei, lookup, return);
252 static char __read_frequently cache_fast_lookup_enabled = true;
255 * This structure describes the elements in the cache of recent
256 * names looked up by namei.
262 _Static_assert(sizeof(struct negstate) <= sizeof(struct vnode *),
263 "the state must fit in a union with a pointer without growing it");
266 LIST_ENTRY(namecache) nc_src; /* source vnode list */
267 TAILQ_ENTRY(namecache) nc_dst; /* destination vnode list */
268 CK_SLIST_ENTRY(namecache) nc_hash;/* hash chain */
269 struct vnode *nc_dvp; /* vnode of parent of name */
271 struct vnode *nu_vp; /* vnode the name refers to */
272 struct negstate nu_neg;/* negative entry state */
274 u_char nc_flag; /* flag bits */
275 u_char nc_nlen; /* length of name */
276 char nc_name[]; /* segment name + nul */
280 * struct namecache_ts repeats struct namecache layout up to the
282 * struct namecache_ts is used in place of struct namecache when time(s) need
283 * to be stored. The nc_dotdottime field is used when a cache entry is mapping
284 * both a non-dotdot directory name plus dotdot for the directory's
287 * See below for alignment requirement.
289 struct namecache_ts {
290 struct timespec nc_time; /* timespec provided by fs */
291 struct timespec nc_dotdottime; /* dotdot timespec provided by fs */
292 int nc_ticks; /* ticks value when entry was added */
294 struct namecache nc_nc;
297 TAILQ_HEAD(cache_freebatch, namecache);
300 * At least mips n32 performs 64-bit accesses to timespec as found
301 * in namecache_ts and requires them to be aligned. Since others
302 * may be in the same spot suffer a little bit and enforce the
303 * alignment for everyone. Note this is a nop for 64-bit platforms.
305 #define CACHE_ZONE_ALIGNMENT UMA_ALIGNOF(time_t)
308 * TODO: the initial value of CACHE_PATH_CUTOFF was inherited from the
309 * 4.4 BSD codebase. Later on struct namecache was tweaked to become
310 * smaller and the value was bumped to retain the total size, but it
311 * was never re-evaluated for suitability. A simple test counting
312 * lengths during package building shows that the value of 45 covers
313 * about 86% of all added entries, reaching 99% at 65.
315 * Regardless of the above, use of dedicated zones instead of malloc may be
316 * inducing additional waste. This may be hard to address as said zones are
317 * tied to VFS SMR. Even if retaining them, the current split should be
321 #define CACHE_PATH_CUTOFF 45
322 #define CACHE_LARGE_PAD 6
324 #define CACHE_PATH_CUTOFF 41
325 #define CACHE_LARGE_PAD 2
328 #define CACHE_ZONE_SMALL_SIZE (offsetof(struct namecache, nc_name) + CACHE_PATH_CUTOFF + 1)
329 #define CACHE_ZONE_SMALL_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_SMALL_SIZE)
330 #define CACHE_ZONE_LARGE_SIZE (offsetof(struct namecache, nc_name) + NAME_MAX + 1 + CACHE_LARGE_PAD)
331 #define CACHE_ZONE_LARGE_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_LARGE_SIZE)
333 _Static_assert((CACHE_ZONE_SMALL_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size");
334 _Static_assert((CACHE_ZONE_SMALL_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size");
335 _Static_assert((CACHE_ZONE_LARGE_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size");
336 _Static_assert((CACHE_ZONE_LARGE_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size");
338 #define nc_vp n_un.nu_vp
339 #define nc_neg n_un.nu_neg
342 * Flags in namecache.nc_flag
344 #define NCF_WHITE 0x01
345 #define NCF_ISDOTDOT 0x02
348 #define NCF_DVDROP 0x10
349 #define NCF_NEGATIVE 0x20
350 #define NCF_INVALID 0x40
354 * Flags in negstate.neg_flag
358 static bool cache_neg_evict_cond(u_long lnumcache);
361 * Mark an entry as invalid.
363 * This is called before it starts getting deconstructed.
366 cache_ncp_invalidate(struct namecache *ncp)
369 KASSERT((ncp->nc_flag & NCF_INVALID) == 0,
370 ("%s: entry %p already invalid", __func__, ncp));
371 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_INVALID);
372 atomic_thread_fence_rel();
376 * Check whether the entry can be safely used.
378 * All places which elide locks are supposed to call this after they are
379 * done with reading from an entry.
381 #define cache_ncp_canuse(ncp) ({ \
382 struct namecache *_ncp = (ncp); \
385 atomic_thread_fence_acq(); \
386 _nc_flag = atomic_load_char(&_ncp->nc_flag); \
387 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP)) == 0); \
391 * Like the above but also checks NCF_WHITE.
393 #define cache_fpl_neg_ncp_canuse(ncp) ({ \
394 struct namecache *_ncp = (ncp); \
397 atomic_thread_fence_acq(); \
398 _nc_flag = atomic_load_char(&_ncp->nc_flag); \
399 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP | NCF_WHITE)) == 0); \
404 static SYSCTL_NODE(_vfs_cache, OID_AUTO, param, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
405 "Name cache parameters");
407 static u_int __read_mostly ncsize; /* the size as computed on creation or resizing */
408 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, size, CTLFLAG_RD, &ncsize, 0,
409 "Total namecache capacity");
411 u_int ncsizefactor = 2;
412 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, sizefactor, CTLFLAG_RW, &ncsizefactor, 0,
413 "Size factor for namecache");
415 static u_long __read_mostly ncnegfactor = 5; /* ratio of negative entries */
416 SYSCTL_ULONG(_vfs_cache_param, OID_AUTO, negfactor, CTLFLAG_RW, &ncnegfactor, 0,
417 "Ratio of negative namecache entries");
420 * Negative entry % of namecache capacity above which automatic eviction is allowed.
422 * Check cache_neg_evict_cond for details.
424 static u_int ncnegminpct = 3;
426 static u_int __read_mostly neg_min; /* the above recomputed against ncsize */
427 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, negmin, CTLFLAG_RD, &neg_min, 0,
428 "Negative entry count above which automatic eviction is allowed");
431 * Structures associated with name caching.
433 #define NCHHASH(hash) \
434 (&nchashtbl[(hash) & nchash])
435 static __read_mostly CK_SLIST_HEAD(nchashhead, namecache) *nchashtbl;/* Hash Table */
436 static u_long __read_mostly nchash; /* size of hash table */
437 SYSCTL_ULONG(_debug, OID_AUTO, nchash, CTLFLAG_RD, &nchash, 0,
438 "Size of namecache hash table");
439 static u_long __exclusive_cache_line numneg; /* number of negative entries allocated */
440 static u_long __exclusive_cache_line numcache;/* number of cache entries allocated */
442 struct nchstats nchstats; /* cache effectiveness statistics */
444 static u_int __exclusive_cache_line neg_cycle;
447 #define numneglists (ncneghash + 1)
450 struct mtx nl_evict_lock;
451 struct mtx nl_lock __aligned(CACHE_LINE_SIZE);
452 TAILQ_HEAD(, namecache) nl_list;
453 TAILQ_HEAD(, namecache) nl_hotlist;
455 } __aligned(CACHE_LINE_SIZE);
457 static struct neglist neglists[numneglists];
459 static inline struct neglist *
460 NCP2NEGLIST(struct namecache *ncp)
463 return (&neglists[(((uintptr_t)(ncp) >> 8) & ncneghash)]);
466 static inline struct negstate *
467 NCP2NEGSTATE(struct namecache *ncp)
470 MPASS(atomic_load_char(&ncp->nc_flag) & NCF_NEGATIVE);
471 return (&ncp->nc_neg);
474 #define numbucketlocks (ncbuckethash + 1)
475 static u_int __read_mostly ncbuckethash;
476 static struct mtx_padalign __read_mostly *bucketlocks;
477 #define HASH2BUCKETLOCK(hash) \
478 ((struct mtx *)(&bucketlocks[((hash) & ncbuckethash)]))
480 #define numvnodelocks (ncvnodehash + 1)
481 static u_int __read_mostly ncvnodehash;
482 static struct mtx __read_mostly *vnodelocks;
483 static inline struct mtx *
484 VP2VNODELOCK(struct vnode *vp)
487 return (&vnodelocks[(((uintptr_t)(vp) >> 8) & ncvnodehash)]);
491 cache_out_ts(struct namecache *ncp, struct timespec *tsp, int *ticksp)
493 struct namecache_ts *ncp_ts;
495 KASSERT((ncp->nc_flag & NCF_TS) != 0 ||
496 (tsp == NULL && ticksp == NULL),
502 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc);
503 *tsp = ncp_ts->nc_time;
504 *ticksp = ncp_ts->nc_ticks;
508 static int __read_mostly doingcache = 1; /* 1 => enable the cache */
509 SYSCTL_INT(_debug, OID_AUTO, vfscache, CTLFLAG_RW, &doingcache, 0,
510 "VFS namecache enabled");
513 /* Export size information to userland */
514 SYSCTL_INT(_debug_sizeof, OID_AUTO, namecache, CTLFLAG_RD, SYSCTL_NULL_INT_PTR,
515 sizeof(struct namecache), "sizeof(struct namecache)");
518 * The new name cache statistics
520 static SYSCTL_NODE(_vfs_cache, OID_AUTO, stats, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
521 "Name cache statistics");
523 #define STATNODE_ULONG(name, varname, descr) \
524 SYSCTL_ULONG(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr);
525 #define STATNODE_COUNTER(name, varname, descr) \
526 static COUNTER_U64_DEFINE_EARLY(varname); \
527 SYSCTL_COUNTER_U64(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, \
529 STATNODE_ULONG(neg, numneg, "Number of negative cache entries");
530 STATNODE_ULONG(count, numcache, "Number of cache entries");
531 STATNODE_COUNTER(heldvnodes, numcachehv, "Number of namecache entries with vnodes held");
532 STATNODE_COUNTER(drops, numdrops, "Number of dropped entries due to reaching the limit");
533 STATNODE_COUNTER(miss, nummiss, "Number of cache misses");
534 STATNODE_COUNTER(misszap, nummisszap, "Number of cache misses we do not want to cache");
535 STATNODE_COUNTER(poszaps, numposzaps,
536 "Number of cache hits (positive) we do not want to cache");
537 STATNODE_COUNTER(poshits, numposhits, "Number of cache hits (positive)");
538 STATNODE_COUNTER(negzaps, numnegzaps,
539 "Number of cache hits (negative) we do not want to cache");
540 STATNODE_COUNTER(neghits, numneghits, "Number of cache hits (negative)");
541 /* These count for vn_getcwd(), too. */
542 STATNODE_COUNTER(fullpathcalls, numfullpathcalls, "Number of fullpath search calls");
543 STATNODE_COUNTER(fullpathfail2, numfullpathfail2,
544 "Number of fullpath search errors (VOP_VPTOCNP failures)");
545 STATNODE_COUNTER(fullpathfail4, numfullpathfail4, "Number of fullpath search errors (ENOMEM)");
546 STATNODE_COUNTER(fullpathfound, numfullpathfound, "Number of successful fullpath calls");
547 STATNODE_COUNTER(symlinktoobig, symlinktoobig, "Number of times symlink did not fit the cache");
550 * Debug or developer statistics.
552 static SYSCTL_NODE(_vfs_cache, OID_AUTO, debug, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
553 "Name cache debugging");
554 #define DEBUGNODE_ULONG(name, varname, descr) \
555 SYSCTL_ULONG(_vfs_cache_debug, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr);
556 #define DEBUGNODE_COUNTER(name, varname, descr) \
557 static COUNTER_U64_DEFINE_EARLY(varname); \
558 SYSCTL_COUNTER_U64(_vfs_cache_debug, OID_AUTO, name, CTLFLAG_RD, &varname, \
560 DEBUGNODE_COUNTER(zap_bucket_relock_success, zap_bucket_relock_success,
561 "Number of successful removals after relocking");
562 static long zap_bucket_fail;
563 DEBUGNODE_ULONG(zap_bucket_fail, zap_bucket_fail, "");
564 static long zap_bucket_fail2;
565 DEBUGNODE_ULONG(zap_bucket_fail2, zap_bucket_fail2, "");
566 static long cache_lock_vnodes_cel_3_failures;
567 DEBUGNODE_ULONG(vnodes_cel_3_failures, cache_lock_vnodes_cel_3_failures,
568 "Number of times 3-way vnode locking failed");
570 static void cache_zap_locked(struct namecache *ncp);
571 static int vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf,
572 char **retbuf, size_t *buflen, size_t addend);
573 static int vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf,
574 char **retbuf, size_t *buflen);
575 static int vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf,
576 char **retbuf, size_t *len, size_t addend);
578 static MALLOC_DEFINE(M_VFSCACHE, "vfscache", "VFS name cache entries");
581 cache_assert_vlp_locked(struct mtx *vlp)
585 mtx_assert(vlp, MA_OWNED);
589 cache_assert_vnode_locked(struct vnode *vp)
593 vlp = VP2VNODELOCK(vp);
594 cache_assert_vlp_locked(vlp);
598 * Directory vnodes with entries are held for two reasons:
599 * 1. make them less of a target for reclamation in vnlru
600 * 2. suffer smaller performance penalty in locked lookup as requeieing is avoided
602 * It will be feasible to stop doing it altogether if all filesystems start
603 * supporting lockless lookup.
606 cache_hold_vnode(struct vnode *vp)
609 cache_assert_vnode_locked(vp);
610 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp);
612 counter_u64_add(numcachehv, 1);
616 cache_drop_vnode(struct vnode *vp)
620 * Called after all locks are dropped, meaning we can't assert
621 * on the state of v_cache_src.
624 counter_u64_add(numcachehv, -1);
630 static uma_zone_t __read_mostly cache_zone_small;
631 static uma_zone_t __read_mostly cache_zone_small_ts;
632 static uma_zone_t __read_mostly cache_zone_large;
633 static uma_zone_t __read_mostly cache_zone_large_ts;
636 cache_symlink_alloc(size_t size, int flags)
639 if (size < CACHE_ZONE_SMALL_SIZE) {
640 return (uma_zalloc_smr(cache_zone_small, flags));
642 if (size < CACHE_ZONE_LARGE_SIZE) {
643 return (uma_zalloc_smr(cache_zone_large, flags));
645 counter_u64_add(symlinktoobig, 1);
646 SDT_PROBE1(vfs, namecache, symlink, alloc__fail, size);
651 cache_symlink_free(char *string, size_t size)
654 MPASS(string != NULL);
655 KASSERT(size < CACHE_ZONE_LARGE_SIZE,
656 ("%s: size %zu too big", __func__, size));
658 if (size < CACHE_ZONE_SMALL_SIZE) {
659 uma_zfree_smr(cache_zone_small, string);
662 if (size < CACHE_ZONE_LARGE_SIZE) {
663 uma_zfree_smr(cache_zone_large, string);
666 __assert_unreachable();
669 static struct namecache *
670 cache_alloc_uma(int len, bool ts)
672 struct namecache_ts *ncp_ts;
673 struct namecache *ncp;
675 if (__predict_false(ts)) {
676 if (len <= CACHE_PATH_CUTOFF)
677 ncp_ts = uma_zalloc_smr(cache_zone_small_ts, M_WAITOK);
679 ncp_ts = uma_zalloc_smr(cache_zone_large_ts, M_WAITOK);
680 ncp = &ncp_ts->nc_nc;
682 if (len <= CACHE_PATH_CUTOFF)
683 ncp = uma_zalloc_smr(cache_zone_small, M_WAITOK);
685 ncp = uma_zalloc_smr(cache_zone_large, M_WAITOK);
691 cache_free_uma(struct namecache *ncp)
693 struct namecache_ts *ncp_ts;
695 if (__predict_false(ncp->nc_flag & NCF_TS)) {
696 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc);
697 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF)
698 uma_zfree_smr(cache_zone_small_ts, ncp_ts);
700 uma_zfree_smr(cache_zone_large_ts, ncp_ts);
702 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF)
703 uma_zfree_smr(cache_zone_small, ncp);
705 uma_zfree_smr(cache_zone_large, ncp);
709 static struct namecache *
710 cache_alloc(int len, bool ts)
715 * Avoid blowout in namecache entries.
718 * 1. filesystems may end up trying to add an already existing entry
719 * (for example this can happen after a cache miss during concurrent
720 * lookup), in which case we will call cache_neg_evict despite not
722 * 2. the routine may fail to free anything and no provisions are made
723 * to make it try harder (see the inside for failure modes)
724 * 3. it only ever looks at negative entries.
726 lnumcache = atomic_fetchadd_long(&numcache, 1) + 1;
727 if (cache_neg_evict_cond(lnumcache)) {
728 lnumcache = atomic_load_long(&numcache);
730 if (__predict_false(lnumcache >= ncsize)) {
731 atomic_subtract_long(&numcache, 1);
732 counter_u64_add(numdrops, 1);
735 return (cache_alloc_uma(len, ts));
739 cache_free(struct namecache *ncp)
743 if ((ncp->nc_flag & NCF_DVDROP) != 0) {
744 cache_drop_vnode(ncp->nc_dvp);
747 atomic_subtract_long(&numcache, 1);
751 cache_free_batch(struct cache_freebatch *batch)
753 struct namecache *ncp, *nnp;
757 if (TAILQ_EMPTY(batch))
759 TAILQ_FOREACH_SAFE(ncp, batch, nc_dst, nnp) {
760 if ((ncp->nc_flag & NCF_DVDROP) != 0) {
761 cache_drop_vnode(ncp->nc_dvp);
766 atomic_subtract_long(&numcache, i);
768 SDT_PROBE1(vfs, namecache, purge, batch, i);
774 * The code was made to use FNV in 2001 and this choice needs to be revisited.
776 * Short summary of the difficulty:
777 * The longest name which can be inserted is NAME_MAX characters in length (or
778 * 255 at the time of writing this comment), while majority of names used in
779 * practice are significantly shorter (mostly below 10). More importantly
780 * majority of lookups performed find names are even shorter than that.
782 * This poses a problem where hashes which do better than FNV past word size
783 * (or so) tend to come with additional overhead when finalizing the result,
784 * making them noticeably slower for the most commonly used range.
786 * Consider a path like: /usr/obj/usr/src/sys/amd64/GENERIC/vnode_if.c
788 * When looking it up the most time consuming part by a large margin (at least
789 * on amd64) is hashing. Replacing FNV with something which pessimizes short
790 * input would make the slowest part stand out even more.
794 * TODO: With the value stored we can do better than computing the hash based
798 cache_prehash(struct vnode *vp)
801 vp->v_nchash = fnv_32_buf(&vp, sizeof(vp), FNV1_32_INIT);
805 cache_get_hash(char *name, u_char len, struct vnode *dvp)
808 return (fnv_32_buf(name, len, dvp->v_nchash));
812 cache_get_hash_iter_start(struct vnode *dvp)
815 return (dvp->v_nchash);
819 cache_get_hash_iter(char c, uint32_t hash)
822 return (fnv_32_buf(&c, 1, hash));
826 cache_get_hash_iter_finish(uint32_t hash)
832 static inline struct nchashhead *
833 NCP2BUCKET(struct namecache *ncp)
837 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp);
838 return (NCHHASH(hash));
841 static inline struct mtx *
842 NCP2BUCKETLOCK(struct namecache *ncp)
846 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp);
847 return (HASH2BUCKETLOCK(hash));
852 cache_assert_bucket_locked(struct namecache *ncp)
856 blp = NCP2BUCKETLOCK(ncp);
857 mtx_assert(blp, MA_OWNED);
861 cache_assert_bucket_unlocked(struct namecache *ncp)
865 blp = NCP2BUCKETLOCK(ncp);
866 mtx_assert(blp, MA_NOTOWNED);
869 #define cache_assert_bucket_locked(x) do { } while (0)
870 #define cache_assert_bucket_unlocked(x) do { } while (0)
873 #define cache_sort_vnodes(x, y) _cache_sort_vnodes((void **)(x), (void **)(y))
875 _cache_sort_vnodes(void **p1, void **p2)
879 MPASS(*p1 != NULL || *p2 != NULL);
889 cache_lock_all_buckets(void)
893 for (i = 0; i < numbucketlocks; i++)
894 mtx_lock(&bucketlocks[i]);
898 cache_unlock_all_buckets(void)
902 for (i = 0; i < numbucketlocks; i++)
903 mtx_unlock(&bucketlocks[i]);
907 cache_lock_all_vnodes(void)
911 for (i = 0; i < numvnodelocks; i++)
912 mtx_lock(&vnodelocks[i]);
916 cache_unlock_all_vnodes(void)
920 for (i = 0; i < numvnodelocks; i++)
921 mtx_unlock(&vnodelocks[i]);
925 cache_trylock_vnodes(struct mtx *vlp1, struct mtx *vlp2)
928 cache_sort_vnodes(&vlp1, &vlp2);
931 if (!mtx_trylock(vlp1))
934 if (!mtx_trylock(vlp2)) {
944 cache_lock_vnodes(struct mtx *vlp1, struct mtx *vlp2)
947 MPASS(vlp1 != NULL || vlp2 != NULL);
957 cache_unlock_vnodes(struct mtx *vlp1, struct mtx *vlp2)
960 MPASS(vlp1 != NULL || vlp2 != NULL);
969 sysctl_nchstats(SYSCTL_HANDLER_ARGS)
971 struct nchstats snap;
973 if (req->oldptr == NULL)
974 return (SYSCTL_OUT(req, 0, sizeof(snap)));
977 snap.ncs_goodhits = counter_u64_fetch(numposhits);
978 snap.ncs_neghits = counter_u64_fetch(numneghits);
979 snap.ncs_badhits = counter_u64_fetch(numposzaps) +
980 counter_u64_fetch(numnegzaps);
981 snap.ncs_miss = counter_u64_fetch(nummisszap) +
982 counter_u64_fetch(nummiss);
984 return (SYSCTL_OUT(req, &snap, sizeof(snap)));
986 SYSCTL_PROC(_vfs_cache, OID_AUTO, nchstats, CTLTYPE_OPAQUE | CTLFLAG_RD |
987 CTLFLAG_MPSAFE, 0, 0, sysctl_nchstats, "LU",
988 "VFS cache effectiveness statistics");
991 cache_recalc_neg_min(void)
994 neg_min = (ncsize * ncnegminpct) / 100;
998 sysctl_negminpct(SYSCTL_HANDLER_ARGS)
1004 error = sysctl_handle_int(oidp, &val, 0, req);
1005 if (error != 0 || req->newptr == NULL)
1008 if (val == ncnegminpct)
1010 if (val < 0 || val > 99)
1013 cache_recalc_neg_min();
1017 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, negminpct,
1018 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, NULL, 0, sysctl_negminpct,
1019 "I", "Negative entry \% of namecache capacity above which automatic eviction is allowed");
1023 * Grab an atomic snapshot of the name cache hash chain lengths
1025 static SYSCTL_NODE(_debug, OID_AUTO, hashstat,
1026 CTLFLAG_RW | CTLFLAG_MPSAFE, NULL,
1027 "hash table stats");
1030 sysctl_debug_hashstat_rawnchash(SYSCTL_HANDLER_ARGS)
1032 struct nchashhead *ncpp;
1033 struct namecache *ncp;
1034 int i, error, n_nchash, *cntbuf;
1037 n_nchash = nchash + 1; /* nchash is max index, not count */
1038 if (req->oldptr == NULL)
1039 return SYSCTL_OUT(req, 0, n_nchash * sizeof(int));
1040 cntbuf = malloc(n_nchash * sizeof(int), M_TEMP, M_ZERO | M_WAITOK);
1041 cache_lock_all_buckets();
1042 if (n_nchash != nchash + 1) {
1043 cache_unlock_all_buckets();
1044 free(cntbuf, M_TEMP);
1047 /* Scan hash tables counting entries */
1048 for (ncpp = nchashtbl, i = 0; i < n_nchash; ncpp++, i++)
1049 CK_SLIST_FOREACH(ncp, ncpp, nc_hash)
1051 cache_unlock_all_buckets();
1052 for (error = 0, i = 0; i < n_nchash; i++)
1053 if ((error = SYSCTL_OUT(req, &cntbuf[i], sizeof(int))) != 0)
1055 free(cntbuf, M_TEMP);
1058 SYSCTL_PROC(_debug_hashstat, OID_AUTO, rawnchash, CTLTYPE_INT|CTLFLAG_RD|
1059 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_rawnchash, "S,int",
1060 "nchash chain lengths");
1063 sysctl_debug_hashstat_nchash(SYSCTL_HANDLER_ARGS)
1066 struct nchashhead *ncpp;
1067 struct namecache *ncp;
1069 int count, maxlength, used, pct;
1072 return SYSCTL_OUT(req, 0, 4 * sizeof(int));
1074 cache_lock_all_buckets();
1075 n_nchash = nchash + 1; /* nchash is max index, not count */
1079 /* Scan hash tables for applicable entries */
1080 for (ncpp = nchashtbl; n_nchash > 0; n_nchash--, ncpp++) {
1082 CK_SLIST_FOREACH(ncp, ncpp, nc_hash) {
1087 if (maxlength < count)
1090 n_nchash = nchash + 1;
1091 cache_unlock_all_buckets();
1092 pct = (used * 100) / (n_nchash / 100);
1093 error = SYSCTL_OUT(req, &n_nchash, sizeof(n_nchash));
1096 error = SYSCTL_OUT(req, &used, sizeof(used));
1099 error = SYSCTL_OUT(req, &maxlength, sizeof(maxlength));
1102 error = SYSCTL_OUT(req, &pct, sizeof(pct));
1107 SYSCTL_PROC(_debug_hashstat, OID_AUTO, nchash, CTLTYPE_INT|CTLFLAG_RD|
1108 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_nchash, "I",
1109 "nchash statistics (number of total/used buckets, maximum chain length, usage percentage)");
1113 * Negative entries management
1115 * Various workloads create plenty of negative entries and barely use them
1116 * afterwards. Moreover malicious users can keep performing bogus lookups
1117 * adding even more entries. For example "make tinderbox" as of writing this
1118 * comment ends up with 2.6M namecache entries in total, 1.2M of which are
1121 * As such, a rather aggressive eviction method is needed. The currently
1122 * employed method is a placeholder.
1124 * Entries are split over numneglists separate lists, each of which is further
1125 * split into hot and cold entries. Entries get promoted after getting a hit.
1126 * Eviction happens on addition of new entry.
1128 static SYSCTL_NODE(_vfs_cache, OID_AUTO, neg, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
1129 "Name cache negative entry statistics");
1131 SYSCTL_ULONG(_vfs_cache_neg, OID_AUTO, count, CTLFLAG_RD, &numneg, 0,
1132 "Number of negative cache entries");
1134 static COUNTER_U64_DEFINE_EARLY(neg_created);
1135 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, created, CTLFLAG_RD, &neg_created,
1136 "Number of created negative entries");
1138 static COUNTER_U64_DEFINE_EARLY(neg_evicted);
1139 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evicted, CTLFLAG_RD, &neg_evicted,
1140 "Number of evicted negative entries");
1142 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_empty);
1143 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_empty, CTLFLAG_RD,
1144 &neg_evict_skipped_empty,
1145 "Number of times evicting failed due to lack of entries");
1147 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_missed);
1148 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_missed, CTLFLAG_RD,
1149 &neg_evict_skipped_missed,
1150 "Number of times evicting failed due to target entry disappearing");
1152 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_contended);
1153 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_contended, CTLFLAG_RD,
1154 &neg_evict_skipped_contended,
1155 "Number of times evicting failed due to contention");
1157 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, hits, CTLFLAG_RD, &numneghits,
1158 "Number of cache hits (negative)");
1161 sysctl_neg_hot(SYSCTL_HANDLER_ARGS)
1166 for (i = 0; i < numneglists; i++)
1167 out += neglists[i].nl_hotnum;
1169 return (SYSCTL_OUT(req, &out, sizeof(out)));
1171 SYSCTL_PROC(_vfs_cache_neg, OID_AUTO, hot, CTLTYPE_INT | CTLFLAG_RD |
1172 CTLFLAG_MPSAFE, 0, 0, sysctl_neg_hot, "I",
1173 "Number of hot negative entries");
1176 cache_neg_init(struct namecache *ncp)
1178 struct negstate *ns;
1180 ncp->nc_flag |= NCF_NEGATIVE;
1181 ns = NCP2NEGSTATE(ncp);
1184 counter_u64_add(neg_created, 1);
1187 #define CACHE_NEG_PROMOTION_THRESH 2
1190 cache_neg_hit_prep(struct namecache *ncp)
1192 struct negstate *ns;
1195 ns = NCP2NEGSTATE(ncp);
1196 n = atomic_load_char(&ns->neg_hit);
1198 if (n >= CACHE_NEG_PROMOTION_THRESH)
1200 if (atomic_fcmpset_8(&ns->neg_hit, &n, n + 1))
1203 return (n + 1 == CACHE_NEG_PROMOTION_THRESH);
1207 * Nothing to do here but it is provided for completeness as some
1208 * cache_neg_hit_prep callers may end up returning without even
1209 * trying to promote.
1211 #define cache_neg_hit_abort(ncp) do { } while (0)
1214 cache_neg_hit_finish(struct namecache *ncp)
1217 SDT_PROBE2(vfs, namecache, lookup, hit__negative, ncp->nc_dvp, ncp->nc_name);
1218 counter_u64_add(numneghits, 1);
1222 * Move a negative entry to the hot list.
1225 cache_neg_promote_locked(struct namecache *ncp)
1228 struct negstate *ns;
1230 ns = NCP2NEGSTATE(ncp);
1231 nl = NCP2NEGLIST(ncp);
1232 mtx_assert(&nl->nl_lock, MA_OWNED);
1233 if ((ns->neg_flag & NEG_HOT) == 0) {
1234 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst);
1235 TAILQ_INSERT_TAIL(&nl->nl_hotlist, ncp, nc_dst);
1237 ns->neg_flag |= NEG_HOT;
1242 * Move a hot negative entry to the cold list.
1245 cache_neg_demote_locked(struct namecache *ncp)
1248 struct negstate *ns;
1250 ns = NCP2NEGSTATE(ncp);
1251 nl = NCP2NEGLIST(ncp);
1252 mtx_assert(&nl->nl_lock, MA_OWNED);
1253 MPASS(ns->neg_flag & NEG_HOT);
1254 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst);
1255 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst);
1257 ns->neg_flag &= ~NEG_HOT;
1258 atomic_store_char(&ns->neg_hit, 0);
1262 * Move a negative entry to the hot list if it matches the lookup.
1264 * We have to take locks, but they may be contended and in the worst
1265 * case we may need to go off CPU. We don't want to spin within the
1266 * smr section and we can't block with it. Exiting the section means
1267 * the found entry could have been evicted. We are going to look it
1271 cache_neg_promote_cond(struct vnode *dvp, struct componentname *cnp,
1272 struct namecache *oncp, uint32_t hash)
1274 struct namecache *ncp;
1278 nl = NCP2NEGLIST(oncp);
1280 mtx_lock(&nl->nl_lock);
1282 * For hash iteration.
1287 * Avoid all surprises by only succeeding if we got the same entry and
1288 * bailing completely otherwise.
1289 * XXX There are no provisions to keep the vnode around, meaning we may
1290 * end up promoting a negative entry for a *new* vnode and returning
1291 * ENOENT on its account. This is the error we want to return anyway
1292 * and promotion is harmless.
1294 * In particular at this point there can be a new ncp which matches the
1295 * search but hashes to a different neglist.
1297 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) {
1303 * No match to begin with.
1305 if (__predict_false(ncp == NULL)) {
1310 * The newly found entry may be something different...
1312 if (!(ncp->nc_dvp == dvp && ncp->nc_nlen == cnp->cn_namelen &&
1313 !bcmp(ncp->nc_name, cnp->cn_nameptr, ncp->nc_nlen))) {
1318 * ... and not even negative.
1320 nc_flag = atomic_load_char(&ncp->nc_flag);
1321 if ((nc_flag & NCF_NEGATIVE) == 0) {
1325 if (!cache_ncp_canuse(ncp)) {
1329 cache_neg_promote_locked(ncp);
1330 cache_neg_hit_finish(ncp);
1332 mtx_unlock(&nl->nl_lock);
1336 mtx_unlock(&nl->nl_lock);
1341 cache_neg_promote(struct namecache *ncp)
1345 nl = NCP2NEGLIST(ncp);
1346 mtx_lock(&nl->nl_lock);
1347 cache_neg_promote_locked(ncp);
1348 mtx_unlock(&nl->nl_lock);
1352 cache_neg_insert(struct namecache *ncp)
1356 MPASS(ncp->nc_flag & NCF_NEGATIVE);
1357 cache_assert_bucket_locked(ncp);
1358 nl = NCP2NEGLIST(ncp);
1359 mtx_lock(&nl->nl_lock);
1360 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst);
1361 mtx_unlock(&nl->nl_lock);
1362 atomic_add_long(&numneg, 1);
1366 cache_neg_remove(struct namecache *ncp)
1369 struct negstate *ns;
1371 cache_assert_bucket_locked(ncp);
1372 nl = NCP2NEGLIST(ncp);
1373 ns = NCP2NEGSTATE(ncp);
1374 mtx_lock(&nl->nl_lock);
1375 if ((ns->neg_flag & NEG_HOT) != 0) {
1376 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst);
1379 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst);
1381 mtx_unlock(&nl->nl_lock);
1382 atomic_subtract_long(&numneg, 1);
1385 static struct neglist *
1386 cache_neg_evict_select_list(void)
1391 c = atomic_fetchadd_int(&neg_cycle, 1) + 1;
1392 nl = &neglists[c % numneglists];
1393 if (!mtx_trylock(&nl->nl_evict_lock)) {
1394 counter_u64_add(neg_evict_skipped_contended, 1);
1400 static struct namecache *
1401 cache_neg_evict_select_entry(struct neglist *nl)
1403 struct namecache *ncp, *lncp;
1404 struct negstate *ns, *lns;
1407 mtx_assert(&nl->nl_evict_lock, MA_OWNED);
1408 mtx_assert(&nl->nl_lock, MA_OWNED);
1409 ncp = TAILQ_FIRST(&nl->nl_list);
1413 lns = NCP2NEGSTATE(lncp);
1414 for (i = 1; i < 4; i++) {
1415 ncp = TAILQ_NEXT(ncp, nc_dst);
1418 ns = NCP2NEGSTATE(ncp);
1419 if (ns->neg_hit < lns->neg_hit) {
1428 cache_neg_evict(void)
1430 struct namecache *ncp, *ncp2;
1439 nl = cache_neg_evict_select_list();
1444 mtx_lock(&nl->nl_lock);
1445 ncp = TAILQ_FIRST(&nl->nl_hotlist);
1447 cache_neg_demote_locked(ncp);
1449 ncp = cache_neg_evict_select_entry(nl);
1451 counter_u64_add(neg_evict_skipped_empty, 1);
1452 mtx_unlock(&nl->nl_lock);
1453 mtx_unlock(&nl->nl_evict_lock);
1456 nlen = ncp->nc_nlen;
1458 hash = cache_get_hash(ncp->nc_name, nlen, dvp);
1459 dvlp = VP2VNODELOCK(dvp);
1460 blp = HASH2BUCKETLOCK(hash);
1461 mtx_unlock(&nl->nl_lock);
1462 mtx_unlock(&nl->nl_evict_lock);
1466 * Note that since all locks were dropped above, the entry may be
1467 * gone or reallocated to be something else.
1469 CK_SLIST_FOREACH(ncp2, (NCHHASH(hash)), nc_hash) {
1470 if (ncp2 == ncp && ncp2->nc_dvp == dvp &&
1471 ncp2->nc_nlen == nlen && (ncp2->nc_flag & NCF_NEGATIVE) != 0)
1475 counter_u64_add(neg_evict_skipped_missed, 1);
1479 MPASS(dvlp == VP2VNODELOCK(ncp->nc_dvp));
1480 MPASS(blp == NCP2BUCKETLOCK(ncp));
1481 SDT_PROBE2(vfs, namecache, evict_negative, done, ncp->nc_dvp,
1483 cache_zap_locked(ncp);
1484 counter_u64_add(neg_evicted, 1);
1495 * Maybe evict a negative entry to create more room.
1497 * The ncnegfactor parameter limits what fraction of the total count
1498 * can comprise of negative entries. However, if the cache is just
1499 * warming up this leads to excessive evictions. As such, ncnegminpct
1500 * (recomputed to neg_min) dictates whether the above should be
1503 * Try evicting if the cache is close to full capacity regardless of
1504 * other considerations.
1507 cache_neg_evict_cond(u_long lnumcache)
1511 if (ncsize - 1000 < lnumcache)
1513 lnumneg = atomic_load_long(&numneg);
1514 if (lnumneg < neg_min)
1516 if (lnumneg * ncnegfactor < lnumcache)
1519 return (cache_neg_evict());
1523 * cache_zap_locked():
1525 * Removes a namecache entry from cache, whether it contains an actual
1526 * pointer to a vnode or if it is just a negative cache entry.
1529 cache_zap_locked(struct namecache *ncp)
1531 struct nchashhead *ncpp;
1532 struct vnode *dvp, *vp;
1537 if (!(ncp->nc_flag & NCF_NEGATIVE))
1538 cache_assert_vnode_locked(vp);
1539 cache_assert_vnode_locked(dvp);
1540 cache_assert_bucket_locked(ncp);
1542 cache_ncp_invalidate(ncp);
1544 ncpp = NCP2BUCKET(ncp);
1545 CK_SLIST_REMOVE(ncpp, ncp, namecache, nc_hash);
1546 if (!(ncp->nc_flag & NCF_NEGATIVE)) {
1547 SDT_PROBE3(vfs, namecache, zap, done, dvp, ncp->nc_name, vp);
1548 TAILQ_REMOVE(&vp->v_cache_dst, ncp, nc_dst);
1549 if (ncp == vp->v_cache_dd) {
1550 atomic_store_ptr(&vp->v_cache_dd, NULL);
1553 SDT_PROBE2(vfs, namecache, zap_negative, done, dvp, ncp->nc_name);
1554 cache_neg_remove(ncp);
1556 if (ncp->nc_flag & NCF_ISDOTDOT) {
1557 if (ncp == dvp->v_cache_dd) {
1558 atomic_store_ptr(&dvp->v_cache_dd, NULL);
1561 LIST_REMOVE(ncp, nc_src);
1562 if (LIST_EMPTY(&dvp->v_cache_src)) {
1563 ncp->nc_flag |= NCF_DVDROP;
1569 cache_zap_negative_locked_vnode_kl(struct namecache *ncp, struct vnode *vp)
1573 MPASS(ncp->nc_dvp == vp);
1574 MPASS(ncp->nc_flag & NCF_NEGATIVE);
1575 cache_assert_vnode_locked(vp);
1577 blp = NCP2BUCKETLOCK(ncp);
1579 cache_zap_locked(ncp);
1584 cache_zap_locked_vnode_kl2(struct namecache *ncp, struct vnode *vp,
1587 struct mtx *pvlp, *vlp1, *vlp2, *to_unlock;
1590 MPASS(vp == ncp->nc_dvp || vp == ncp->nc_vp);
1591 cache_assert_vnode_locked(vp);
1593 if (ncp->nc_flag & NCF_NEGATIVE) {
1594 if (*vlpp != NULL) {
1598 cache_zap_negative_locked_vnode_kl(ncp, vp);
1602 pvlp = VP2VNODELOCK(vp);
1603 blp = NCP2BUCKETLOCK(ncp);
1604 vlp1 = VP2VNODELOCK(ncp->nc_dvp);
1605 vlp2 = VP2VNODELOCK(ncp->nc_vp);
1607 if (*vlpp == vlp1 || *vlpp == vlp2) {
1611 if (*vlpp != NULL) {
1615 cache_sort_vnodes(&vlp1, &vlp2);
1620 if (!mtx_trylock(vlp1))
1626 cache_zap_locked(ncp);
1628 if (to_unlock != NULL)
1629 mtx_unlock(to_unlock);
1636 MPASS(*vlpp == NULL);
1642 * If trylocking failed we can get here. We know enough to take all needed locks
1643 * in the right order and re-lookup the entry.
1646 cache_zap_unlocked_bucket(struct namecache *ncp, struct componentname *cnp,
1647 struct vnode *dvp, struct mtx *dvlp, struct mtx *vlp, uint32_t hash,
1650 struct namecache *rncp;
1652 cache_assert_bucket_unlocked(ncp);
1654 cache_sort_vnodes(&dvlp, &vlp);
1655 cache_lock_vnodes(dvlp, vlp);
1657 CK_SLIST_FOREACH(rncp, (NCHHASH(hash)), nc_hash) {
1658 if (rncp == ncp && rncp->nc_dvp == dvp &&
1659 rncp->nc_nlen == cnp->cn_namelen &&
1660 !bcmp(rncp->nc_name, cnp->cn_nameptr, rncp->nc_nlen))
1664 cache_zap_locked(rncp);
1666 cache_unlock_vnodes(dvlp, vlp);
1667 counter_u64_add(zap_bucket_relock_success, 1);
1672 cache_unlock_vnodes(dvlp, vlp);
1676 static int __noinline
1677 cache_zap_locked_bucket(struct namecache *ncp, struct componentname *cnp,
1678 uint32_t hash, struct mtx *blp)
1680 struct mtx *dvlp, *vlp;
1683 cache_assert_bucket_locked(ncp);
1685 dvlp = VP2VNODELOCK(ncp->nc_dvp);
1687 if (!(ncp->nc_flag & NCF_NEGATIVE))
1688 vlp = VP2VNODELOCK(ncp->nc_vp);
1689 if (cache_trylock_vnodes(dvlp, vlp) == 0) {
1690 cache_zap_locked(ncp);
1692 cache_unlock_vnodes(dvlp, vlp);
1698 return (cache_zap_unlocked_bucket(ncp, cnp, dvp, dvlp, vlp, hash, blp));
1701 static __noinline int
1702 cache_remove_cnp(struct vnode *dvp, struct componentname *cnp)
1704 struct namecache *ncp;
1706 struct mtx *dvlp, *dvlp2;
1710 if (cnp->cn_namelen == 2 &&
1711 cnp->cn_nameptr[0] == '.' && cnp->cn_nameptr[1] == '.') {
1712 dvlp = VP2VNODELOCK(dvp);
1716 ncp = dvp->v_cache_dd;
1721 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp);
1724 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) {
1725 if (!cache_zap_locked_vnode_kl2(ncp, dvp, &dvlp2))
1727 MPASS(dvp->v_cache_dd == NULL);
1733 atomic_store_ptr(&dvp->v_cache_dd, NULL);
1738 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp);
1742 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp);
1743 blp = HASH2BUCKETLOCK(hash);
1745 if (CK_SLIST_EMPTY(NCHHASH(hash)))
1750 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) {
1751 if (ncp->nc_dvp == dvp && ncp->nc_nlen == cnp->cn_namelen &&
1752 !bcmp(ncp->nc_name, cnp->cn_nameptr, ncp->nc_nlen))
1761 error = cache_zap_locked_bucket(ncp, cnp, hash, blp);
1762 if (__predict_false(error != 0)) {
1766 counter_u64_add(numposzaps, 1);
1767 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp);
1771 counter_u64_add(nummisszap, 1);
1772 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp);
1776 static int __noinline
1777 cache_lookup_dot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp,
1778 struct timespec *tsp, int *ticksp)
1783 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ".", *vpp);
1790 * When we lookup "." we still can be asked to lock it
1793 ltype = cnp->cn_lkflags & LK_TYPE_MASK;
1794 if (ltype != VOP_ISLOCKED(*vpp)) {
1795 if (ltype == LK_EXCLUSIVE) {
1796 vn_lock(*vpp, LK_UPGRADE | LK_RETRY);
1797 if (VN_IS_DOOMED((*vpp))) {
1798 /* forced unmount */
1804 vn_lock(*vpp, LK_DOWNGRADE | LK_RETRY);
1809 static int __noinline
1810 cache_lookup_dotdot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp,
1811 struct timespec *tsp, int *ticksp)
1813 struct namecache_ts *ncp_ts;
1814 struct namecache *ncp;
1820 MPASS((cnp->cn_flags & ISDOTDOT) != 0);
1822 if ((cnp->cn_flags & MAKEENTRY) == 0) {
1823 cache_remove_cnp(dvp, cnp);
1828 dvlp = VP2VNODELOCK(dvp);
1830 ncp = dvp->v_cache_dd;
1832 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, "..");
1836 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) {
1837 if (ncp->nc_flag & NCF_NEGATIVE)
1844 goto negative_success;
1845 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, "..", *vpp);
1846 cache_out_ts(ncp, tsp, ticksp);
1847 if ((ncp->nc_flag & (NCF_ISDOTDOT | NCF_DTS)) ==
1848 NCF_DTS && tsp != NULL) {
1849 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc);
1850 *tsp = ncp_ts->nc_dotdottime;
1854 ltype = VOP_ISLOCKED(dvp);
1856 vs = vget_prep(*vpp);
1858 error = vget_finish(*vpp, cnp->cn_lkflags, vs);
1859 vn_lock(dvp, ltype | LK_RETRY);
1860 if (VN_IS_DOOMED(dvp)) {
1872 if (__predict_false(cnp->cn_nameiop == CREATE)) {
1873 if (cnp->cn_flags & ISLASTCN) {
1874 counter_u64_add(numnegzaps, 1);
1875 cache_zap_negative_locked_vnode_kl(ncp, dvp);
1882 whiteout = (ncp->nc_flag & NCF_WHITE);
1883 cache_out_ts(ncp, tsp, ticksp);
1884 if (cache_neg_hit_prep(ncp))
1885 cache_neg_promote(ncp);
1887 cache_neg_hit_finish(ncp);
1890 cnp->cn_flags |= ISWHITEOUT;
1895 * Lookup a name in the name cache
1899 * - dvp: Parent directory in which to search.
1900 * - vpp: Return argument. Will contain desired vnode on cache hit.
1901 * - cnp: Parameters of the name search. The most interesting bits of
1902 * the cn_flags field have the following meanings:
1903 * - MAKEENTRY: If clear, free an entry from the cache rather than look
1905 * - ISDOTDOT: Must be set if and only if cn_nameptr == ".."
1906 * - tsp: Return storage for cache timestamp. On a successful (positive
1907 * or negative) lookup, tsp will be filled with any timespec that
1908 * was stored when this cache entry was created. However, it will
1909 * be clear for "." entries.
1910 * - ticks: Return storage for alternate cache timestamp. On a successful
1911 * (positive or negative) lookup, it will contain the ticks value
1912 * that was current when the cache entry was created, unless cnp
1915 * Either both tsp and ticks have to be provided or neither of them.
1919 * - -1: A positive cache hit. vpp will contain the desired vnode.
1920 * - ENOENT: A negative cache hit, or dvp was recycled out from under us due
1921 * to a forced unmount. vpp will not be modified. If the entry
1922 * is a whiteout, then the ISWHITEOUT flag will be set in
1924 * - 0: A cache miss. vpp will not be modified.
1928 * On a cache hit, vpp will be returned locked and ref'd. If we're looking up
1929 * .., dvp is unlocked. If we're looking up . an extra ref is taken, but the
1930 * lock is not recursively acquired.
1932 static int __noinline
1933 cache_lookup_fallback(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp,
1934 struct timespec *tsp, int *ticksp)
1936 struct namecache *ncp;
1943 MPASS((cnp->cn_flags & ISDOTDOT) == 0);
1944 MPASS((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) != 0);
1947 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp);
1948 blp = HASH2BUCKETLOCK(hash);
1951 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) {
1952 if (ncp->nc_dvp == dvp && ncp->nc_nlen == cnp->cn_namelen &&
1953 !bcmp(ncp->nc_name, cnp->cn_nameptr, ncp->nc_nlen))
1957 if (__predict_false(ncp == NULL)) {
1959 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr);
1960 counter_u64_add(nummiss, 1);
1964 if (ncp->nc_flag & NCF_NEGATIVE)
1965 goto negative_success;
1967 counter_u64_add(numposhits, 1);
1969 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp);
1970 cache_out_ts(ncp, tsp, ticksp);
1972 vs = vget_prep(*vpp);
1974 error = vget_finish(*vpp, cnp->cn_lkflags, vs);
1982 * We don't get here with regular lookup apart from corner cases.
1984 if (__predict_true(cnp->cn_nameiop == CREATE)) {
1985 if (cnp->cn_flags & ISLASTCN) {
1986 counter_u64_add(numnegzaps, 1);
1987 error = cache_zap_locked_bucket(ncp, cnp, hash, blp);
1988 if (__predict_false(error != 0)) {
1997 whiteout = (ncp->nc_flag & NCF_WHITE);
1998 cache_out_ts(ncp, tsp, ticksp);
1999 if (cache_neg_hit_prep(ncp))
2000 cache_neg_promote(ncp);
2002 cache_neg_hit_finish(ncp);
2005 cnp->cn_flags |= ISWHITEOUT;
2010 cache_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp,
2011 struct timespec *tsp, int *ticksp)
2013 struct namecache *ncp;
2017 bool whiteout, neg_promote;
2020 MPASS((tsp == NULL && ticksp == NULL) || (tsp != NULL && ticksp != NULL));
2023 if (__predict_false(!doingcache)) {
2024 cnp->cn_flags &= ~MAKEENTRY;
2029 if (__predict_false(cnp->cn_nameptr[0] == '.')) {
2030 if (cnp->cn_namelen == 1)
2031 return (cache_lookup_dot(dvp, vpp, cnp, tsp, ticksp));
2032 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.')
2033 return (cache_lookup_dotdot(dvp, vpp, cnp, tsp, ticksp));
2036 MPASS((cnp->cn_flags & ISDOTDOT) == 0);
2038 if ((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) == 0) {
2039 cache_remove_cnp(dvp, cnp);
2043 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp);
2046 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) {
2047 if (ncp->nc_dvp == dvp && ncp->nc_nlen == cnp->cn_namelen &&
2048 !bcmp(ncp->nc_name, cnp->cn_nameptr, ncp->nc_nlen))
2052 if (__predict_false(ncp == NULL)) {
2054 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr);
2055 counter_u64_add(nummiss, 1);
2059 nc_flag = atomic_load_char(&ncp->nc_flag);
2060 if (nc_flag & NCF_NEGATIVE)
2061 goto negative_success;
2063 counter_u64_add(numposhits, 1);
2065 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp);
2066 cache_out_ts(ncp, tsp, ticksp);
2068 if (!cache_ncp_canuse(ncp)) {
2073 vs = vget_prep_smr(*vpp);
2075 if (__predict_false(vs == VGET_NONE)) {
2079 error = vget_finish(*vpp, cnp->cn_lkflags, vs);
2086 if (cnp->cn_nameiop == CREATE) {
2087 if (cnp->cn_flags & ISLASTCN) {
2093 cache_out_ts(ncp, tsp, ticksp);
2094 whiteout = (atomic_load_char(&ncp->nc_flag) & NCF_WHITE);
2095 neg_promote = cache_neg_hit_prep(ncp);
2096 if (!cache_ncp_canuse(ncp)) {
2097 cache_neg_hit_abort(ncp);
2103 if (!cache_neg_promote_cond(dvp, cnp, ncp, hash))
2106 cache_neg_hit_finish(ncp);
2110 cnp->cn_flags |= ISWHITEOUT;
2113 return (cache_lookup_fallback(dvp, vpp, cnp, tsp, ticksp));
2116 struct celockstate {
2120 CTASSERT((nitems(((struct celockstate *)0)->vlp) == 3));
2121 CTASSERT((nitems(((struct celockstate *)0)->blp) == 2));
2124 cache_celockstate_init(struct celockstate *cel)
2127 bzero(cel, sizeof(*cel));
2131 cache_lock_vnodes_cel(struct celockstate *cel, struct vnode *vp,
2134 struct mtx *vlp1, *vlp2;
2136 MPASS(cel->vlp[0] == NULL);
2137 MPASS(cel->vlp[1] == NULL);
2138 MPASS(cel->vlp[2] == NULL);
2140 MPASS(vp != NULL || dvp != NULL);
2142 vlp1 = VP2VNODELOCK(vp);
2143 vlp2 = VP2VNODELOCK(dvp);
2144 cache_sort_vnodes(&vlp1, &vlp2);
2155 cache_unlock_vnodes_cel(struct celockstate *cel)
2158 MPASS(cel->vlp[0] != NULL || cel->vlp[1] != NULL);
2160 if (cel->vlp[0] != NULL)
2161 mtx_unlock(cel->vlp[0]);
2162 if (cel->vlp[1] != NULL)
2163 mtx_unlock(cel->vlp[1]);
2164 if (cel->vlp[2] != NULL)
2165 mtx_unlock(cel->vlp[2]);
2169 cache_lock_vnodes_cel_3(struct celockstate *cel, struct vnode *vp)
2174 cache_assert_vlp_locked(cel->vlp[0]);
2175 cache_assert_vlp_locked(cel->vlp[1]);
2176 MPASS(cel->vlp[2] == NULL);
2179 vlp = VP2VNODELOCK(vp);
2182 if (vlp >= cel->vlp[1]) {
2185 if (mtx_trylock(vlp))
2187 cache_lock_vnodes_cel_3_failures++;
2188 cache_unlock_vnodes_cel(cel);
2189 if (vlp < cel->vlp[0]) {
2191 mtx_lock(cel->vlp[0]);
2192 mtx_lock(cel->vlp[1]);
2194 if (cel->vlp[0] != NULL)
2195 mtx_lock(cel->vlp[0]);
2197 mtx_lock(cel->vlp[1]);
2207 cache_lock_buckets_cel(struct celockstate *cel, struct mtx *blp1,
2211 MPASS(cel->blp[0] == NULL);
2212 MPASS(cel->blp[1] == NULL);
2214 cache_sort_vnodes(&blp1, &blp2);
2225 cache_unlock_buckets_cel(struct celockstate *cel)
2228 if (cel->blp[0] != NULL)
2229 mtx_unlock(cel->blp[0]);
2230 mtx_unlock(cel->blp[1]);
2234 * Lock part of the cache affected by the insertion.
2236 * This means vnodelocks for dvp, vp and the relevant bucketlock.
2237 * However, insertion can result in removal of an old entry. In this
2238 * case we have an additional vnode and bucketlock pair to lock.
2240 * That is, in the worst case we have to lock 3 vnodes and 2 bucketlocks, while
2241 * preserving the locking order (smaller address first).
2244 cache_enter_lock(struct celockstate *cel, struct vnode *dvp, struct vnode *vp,
2247 struct namecache *ncp;
2248 struct mtx *blps[2];
2251 blps[0] = HASH2BUCKETLOCK(hash);
2254 cache_lock_vnodes_cel(cel, dvp, vp);
2255 if (vp == NULL || vp->v_type != VDIR)
2257 ncp = atomic_load_consume_ptr(&vp->v_cache_dd);
2260 nc_flag = atomic_load_char(&ncp->nc_flag);
2261 if ((nc_flag & NCF_ISDOTDOT) == 0)
2263 MPASS(ncp->nc_dvp == vp);
2264 blps[1] = NCP2BUCKETLOCK(ncp);
2265 if ((nc_flag & NCF_NEGATIVE) != 0)
2267 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp))
2270 * All vnodes got re-locked. Re-validate the state and if
2271 * nothing changed we are done. Otherwise restart.
2273 if (ncp == vp->v_cache_dd &&
2274 (ncp->nc_flag & NCF_ISDOTDOT) != 0 &&
2275 blps[1] == NCP2BUCKETLOCK(ncp) &&
2276 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2])
2278 cache_unlock_vnodes_cel(cel);
2283 cache_lock_buckets_cel(cel, blps[0], blps[1]);
2287 cache_enter_lock_dd(struct celockstate *cel, struct vnode *dvp, struct vnode *vp,
2290 struct namecache *ncp;
2291 struct mtx *blps[2];
2294 blps[0] = HASH2BUCKETLOCK(hash);
2297 cache_lock_vnodes_cel(cel, dvp, vp);
2298 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd);
2301 nc_flag = atomic_load_char(&ncp->nc_flag);
2302 if ((nc_flag & NCF_ISDOTDOT) == 0)
2304 MPASS(ncp->nc_dvp == dvp);
2305 blps[1] = NCP2BUCKETLOCK(ncp);
2306 if ((nc_flag & NCF_NEGATIVE) != 0)
2308 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp))
2310 if (ncp == dvp->v_cache_dd &&
2311 (ncp->nc_flag & NCF_ISDOTDOT) != 0 &&
2312 blps[1] == NCP2BUCKETLOCK(ncp) &&
2313 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2])
2315 cache_unlock_vnodes_cel(cel);
2320 cache_lock_buckets_cel(cel, blps[0], blps[1]);
2324 cache_enter_unlock(struct celockstate *cel)
2327 cache_unlock_buckets_cel(cel);
2328 cache_unlock_vnodes_cel(cel);
2331 static void __noinline
2332 cache_enter_dotdot_prep(struct vnode *dvp, struct vnode *vp,
2333 struct componentname *cnp)
2335 struct celockstate cel;
2336 struct namecache *ncp;
2340 if (atomic_load_ptr(&dvp->v_cache_dd) == NULL)
2342 len = cnp->cn_namelen;
2343 cache_celockstate_init(&cel);
2344 hash = cache_get_hash(cnp->cn_nameptr, len, dvp);
2345 cache_enter_lock_dd(&cel, dvp, vp, hash);
2346 ncp = dvp->v_cache_dd;
2347 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT)) {
2348 KASSERT(ncp->nc_dvp == dvp, ("wrong isdotdot parent"));
2349 cache_zap_locked(ncp);
2353 atomic_store_ptr(&dvp->v_cache_dd, NULL);
2354 cache_enter_unlock(&cel);
2360 * Add an entry to the cache.
2363 cache_enter_time(struct vnode *dvp, struct vnode *vp, struct componentname *cnp,
2364 struct timespec *tsp, struct timespec *dtsp)
2366 struct celockstate cel;
2367 struct namecache *ncp, *n2, *ndd;
2368 struct namecache_ts *ncp_ts;
2369 struct nchashhead *ncpp;
2374 KASSERT(cnp->cn_namelen <= NAME_MAX,
2375 ("%s: passed len %ld exceeds NAME_MAX (%d)", __func__, cnp->cn_namelen,
2377 VNPASS(!VN_IS_DOOMED(dvp), dvp);
2378 VNPASS(dvp->v_type != VNON, dvp);
2380 VNPASS(!VN_IS_DOOMED(vp), vp);
2381 VNPASS(vp->v_type != VNON, vp);
2383 if (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') {
2385 ("%s: different vnodes for dot entry (%p; %p)\n", __func__,
2389 ("%s: same vnode for non-dot entry [%s] (%p)\n", __func__,
2390 cnp->cn_nameptr, dvp));
2394 if (__predict_false(!doingcache))
2399 if (__predict_false(cnp->cn_nameptr[0] == '.')) {
2400 if (cnp->cn_namelen == 1)
2402 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') {
2403 cache_enter_dotdot_prep(dvp, vp, cnp);
2404 flag = NCF_ISDOTDOT;
2408 ncp = cache_alloc(cnp->cn_namelen, tsp != NULL);
2412 cache_celockstate_init(&cel);
2417 * Calculate the hash key and setup as much of the new
2418 * namecache entry as possible before acquiring the lock.
2420 ncp->nc_flag = flag | NCF_WIP;
2423 cache_neg_init(ncp);
2426 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc);
2427 ncp_ts->nc_time = *tsp;
2428 ncp_ts->nc_ticks = ticks;
2429 ncp_ts->nc_nc.nc_flag |= NCF_TS;
2431 ncp_ts->nc_dotdottime = *dtsp;
2432 ncp_ts->nc_nc.nc_flag |= NCF_DTS;
2435 len = ncp->nc_nlen = cnp->cn_namelen;
2436 hash = cache_get_hash(cnp->cn_nameptr, len, dvp);
2437 memcpy(ncp->nc_name, cnp->cn_nameptr, len);
2438 ncp->nc_name[len] = '\0';
2439 cache_enter_lock(&cel, dvp, vp, hash);
2442 * See if this vnode or negative entry is already in the cache
2443 * with this name. This can happen with concurrent lookups of
2444 * the same path name.
2446 ncpp = NCHHASH(hash);
2447 CK_SLIST_FOREACH(n2, ncpp, nc_hash) {
2448 if (n2->nc_dvp == dvp &&
2449 n2->nc_nlen == cnp->cn_namelen &&
2450 !bcmp(n2->nc_name, cnp->cn_nameptr, n2->nc_nlen)) {
2451 MPASS(cache_ncp_canuse(n2));
2452 if ((n2->nc_flag & NCF_NEGATIVE) != 0)
2454 ("%s: found entry pointing to a different vnode (%p != %p) ; name [%s]",
2455 __func__, NULL, vp, cnp->cn_nameptr));
2457 KASSERT(n2->nc_vp == vp,
2458 ("%s: found entry pointing to a different vnode (%p != %p) ; name [%s]",
2459 __func__, n2->nc_vp, vp, cnp->cn_nameptr));
2461 * Entries are supposed to be immutable unless in the
2462 * process of getting destroyed. Accommodating for
2463 * changing timestamps is possible but not worth it.
2464 * This should be harmless in terms of correctness, in
2465 * the worst case resulting in an earlier expiration.
2466 * Alternatively, the found entry can be replaced
2469 MPASS((n2->nc_flag & (NCF_TS | NCF_DTS)) == (ncp->nc_flag & (NCF_TS | NCF_DTS)));
2472 KASSERT((n2->nc_flag & NCF_TS) != 0,
2474 n2_ts = __containerof(n2, struct namecache_ts, nc_nc);
2475 n2_ts->nc_time = ncp_ts->nc_time;
2476 n2_ts->nc_ticks = ncp_ts->nc_ticks;
2478 n2_ts->nc_dotdottime = ncp_ts->nc_dotdottime;
2479 n2_ts->nc_nc.nc_flag |= NCF_DTS;
2483 SDT_PROBE3(vfs, namecache, enter, duplicate, dvp, ncp->nc_name,
2485 goto out_unlock_free;
2489 if (flag == NCF_ISDOTDOT) {
2491 * See if we are trying to add .. entry, but some other lookup
2492 * has populated v_cache_dd pointer already.
2494 if (dvp->v_cache_dd != NULL)
2495 goto out_unlock_free;
2496 KASSERT(vp == NULL || vp->v_type == VDIR,
2497 ("wrong vnode type %p", vp));
2498 atomic_thread_fence_rel();
2499 atomic_store_ptr(&dvp->v_cache_dd, ncp);
2503 if (flag != NCF_ISDOTDOT) {
2505 * For this case, the cache entry maps both the
2506 * directory name in it and the name ".." for the
2507 * directory's parent.
2509 if ((ndd = vp->v_cache_dd) != NULL) {
2510 if ((ndd->nc_flag & NCF_ISDOTDOT) != 0)
2511 cache_zap_locked(ndd);
2515 atomic_thread_fence_rel();
2516 atomic_store_ptr(&vp->v_cache_dd, ncp);
2517 } else if (vp->v_type != VDIR) {
2518 if (vp->v_cache_dd != NULL) {
2519 atomic_store_ptr(&vp->v_cache_dd, NULL);
2524 if (flag != NCF_ISDOTDOT) {
2525 if (LIST_EMPTY(&dvp->v_cache_src)) {
2526 cache_hold_vnode(dvp);
2528 LIST_INSERT_HEAD(&dvp->v_cache_src, ncp, nc_src);
2532 * If the entry is "negative", we place it into the
2533 * "negative" cache queue, otherwise, we place it into the
2534 * destination vnode's cache entries queue.
2537 TAILQ_INSERT_HEAD(&vp->v_cache_dst, ncp, nc_dst);
2538 SDT_PROBE3(vfs, namecache, enter, done, dvp, ncp->nc_name,
2541 if (cnp->cn_flags & ISWHITEOUT)
2542 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_WHITE);
2543 cache_neg_insert(ncp);
2544 SDT_PROBE2(vfs, namecache, enter_negative, done, dvp,
2549 * Insert the new namecache entry into the appropriate chain
2550 * within the cache entries table.
2552 CK_SLIST_INSERT_HEAD(ncpp, ncp, nc_hash);
2554 atomic_thread_fence_rel();
2556 * Mark the entry as fully constructed.
2557 * It is immutable past this point until its removal.
2559 atomic_store_char(&ncp->nc_flag, ncp->nc_flag & ~NCF_WIP);
2561 cache_enter_unlock(&cel);
2566 cache_enter_unlock(&cel);
2572 * A variant of the above accepting flags.
2574 * - VFS_CACHE_DROPOLD -- if a conflicting entry is found, drop it.
2576 * TODO: this routine is a hack. It blindly removes the old entry, even if it
2577 * happens to match and it is doing it in an inefficient manner. It was added
2578 * to accommodate NFS which runs into a case where the target for a given name
2579 * may change from under it. Note this does nothing to solve the following
2580 * race: 2 callers of cache_enter_time_flags pass a different target vnode for
2581 * the same [dvp, cnp]. It may be argued that code doing this is broken.
2584 cache_enter_time_flags(struct vnode *dvp, struct vnode *vp, struct componentname *cnp,
2585 struct timespec *tsp, struct timespec *dtsp, int flags)
2588 MPASS((flags & ~(VFS_CACHE_DROPOLD)) == 0);
2590 if (flags & VFS_CACHE_DROPOLD)
2591 cache_remove_cnp(dvp, cnp);
2592 cache_enter_time(dvp, vp, cnp, tsp, dtsp);
2596 cache_roundup_2(u_long val)
2600 for (res = 1; res <= val; res <<= 1)
2606 static struct nchashhead *
2607 nchinittbl(u_long elements, u_long *hashmask)
2609 struct nchashhead *hashtbl;
2612 hashsize = cache_roundup_2(elements) / 2;
2614 hashtbl = malloc(hashsize * sizeof(*hashtbl), M_VFSCACHE, M_WAITOK);
2615 for (i = 0; i < hashsize; i++)
2616 CK_SLIST_INIT(&hashtbl[i]);
2617 *hashmask = hashsize - 1;
2622 ncfreetbl(struct nchashhead *hashtbl)
2625 free(hashtbl, M_VFSCACHE);
2629 * Name cache initialization, from vfs_init() when we are booting
2632 nchinit(void *dummy __unused)
2636 cache_zone_small = uma_zcreate("S VFS Cache", CACHE_ZONE_SMALL_SIZE,
2637 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT);
2638 cache_zone_small_ts = uma_zcreate("STS VFS Cache", CACHE_ZONE_SMALL_TS_SIZE,
2639 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT);
2640 cache_zone_large = uma_zcreate("L VFS Cache", CACHE_ZONE_LARGE_SIZE,
2641 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT);
2642 cache_zone_large_ts = uma_zcreate("LTS VFS Cache", CACHE_ZONE_LARGE_TS_SIZE,
2643 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT);
2645 VFS_SMR_ZONE_SET(cache_zone_small);
2646 VFS_SMR_ZONE_SET(cache_zone_small_ts);
2647 VFS_SMR_ZONE_SET(cache_zone_large);
2648 VFS_SMR_ZONE_SET(cache_zone_large_ts);
2650 ncsize = desiredvnodes * ncsizefactor;
2651 cache_recalc_neg_min();
2652 nchashtbl = nchinittbl(desiredvnodes * 2, &nchash);
2653 ncbuckethash = cache_roundup_2(mp_ncpus * mp_ncpus) - 1;
2654 if (ncbuckethash < 7) /* arbitrarily chosen to avoid having one lock */
2656 if (ncbuckethash > nchash)
2657 ncbuckethash = nchash;
2658 bucketlocks = malloc(sizeof(*bucketlocks) * numbucketlocks, M_VFSCACHE,
2660 for (i = 0; i < numbucketlocks; i++)
2661 mtx_init(&bucketlocks[i], "ncbuc", NULL, MTX_DUPOK | MTX_RECURSE);
2662 ncvnodehash = ncbuckethash;
2663 vnodelocks = malloc(sizeof(*vnodelocks) * numvnodelocks, M_VFSCACHE,
2665 for (i = 0; i < numvnodelocks; i++)
2666 mtx_init(&vnodelocks[i], "ncvn", NULL, MTX_DUPOK | MTX_RECURSE);
2668 for (i = 0; i < numneglists; i++) {
2669 mtx_init(&neglists[i].nl_evict_lock, "ncnege", NULL, MTX_DEF);
2670 mtx_init(&neglists[i].nl_lock, "ncnegl", NULL, MTX_DEF);
2671 TAILQ_INIT(&neglists[i].nl_list);
2672 TAILQ_INIT(&neglists[i].nl_hotlist);
2675 SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nchinit, NULL);
2678 cache_vnode_init(struct vnode *vp)
2681 LIST_INIT(&vp->v_cache_src);
2682 TAILQ_INIT(&vp->v_cache_dst);
2683 vp->v_cache_dd = NULL;
2688 * Induce transient cache misses for lockless operation in cache_lookup() by
2689 * using a temporary hash table.
2691 * This will force a fs lookup.
2693 * Synchronisation is done in 2 steps, calling vfs_smr_synchronize each time
2694 * to observe all CPUs not performing the lookup.
2697 cache_changesize_set_temp(struct nchashhead *temptbl, u_long temphash)
2700 MPASS(temphash < nchash);
2702 * Change the size. The new size is smaller and can safely be used
2703 * against the existing table. All lookups which now hash wrong will
2704 * result in a cache miss, which all callers are supposed to know how
2707 atomic_store_long(&nchash, temphash);
2708 atomic_thread_fence_rel();
2709 vfs_smr_synchronize();
2711 * At this point everyone sees the updated hash value, but they still
2712 * see the old table.
2714 atomic_store_ptr(&nchashtbl, temptbl);
2715 atomic_thread_fence_rel();
2716 vfs_smr_synchronize();
2718 * At this point everyone sees the updated table pointer and size pair.
2723 * Set the new hash table.
2725 * Similarly to cache_changesize_set_temp(), this has to synchronize against
2726 * lockless operation in cache_lookup().
2729 cache_changesize_set_new(struct nchashhead *new_tbl, u_long new_hash)
2732 MPASS(nchash < new_hash);
2734 * Change the pointer first. This wont result in out of bounds access
2735 * since the temporary table is guaranteed to be smaller.
2737 atomic_store_ptr(&nchashtbl, new_tbl);
2738 atomic_thread_fence_rel();
2739 vfs_smr_synchronize();
2741 * At this point everyone sees the updated pointer value, but they
2742 * still see the old size.
2744 atomic_store_long(&nchash, new_hash);
2745 atomic_thread_fence_rel();
2746 vfs_smr_synchronize();
2748 * At this point everyone sees the updated table pointer and size pair.
2753 cache_changesize(u_long newmaxvnodes)
2755 struct nchashhead *new_nchashtbl, *old_nchashtbl, *temptbl;
2756 u_long new_nchash, old_nchash, temphash;
2757 struct namecache *ncp;
2762 newncsize = newmaxvnodes * ncsizefactor;
2763 newmaxvnodes = cache_roundup_2(newmaxvnodes * 2);
2764 if (newmaxvnodes < numbucketlocks)
2765 newmaxvnodes = numbucketlocks;
2767 new_nchashtbl = nchinittbl(newmaxvnodes, &new_nchash);
2768 /* If same hash table size, nothing to do */
2769 if (nchash == new_nchash) {
2770 ncfreetbl(new_nchashtbl);
2774 temptbl = nchinittbl(1, &temphash);
2777 * Move everything from the old hash table to the new table.
2778 * None of the namecache entries in the table can be removed
2779 * because to do so, they have to be removed from the hash table.
2781 cache_lock_all_vnodes();
2782 cache_lock_all_buckets();
2783 old_nchashtbl = nchashtbl;
2784 old_nchash = nchash;
2785 cache_changesize_set_temp(temptbl, temphash);
2786 for (i = 0; i <= old_nchash; i++) {
2787 while ((ncp = CK_SLIST_FIRST(&old_nchashtbl[i])) != NULL) {
2788 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen,
2790 CK_SLIST_REMOVE(&old_nchashtbl[i], ncp, namecache, nc_hash);
2791 CK_SLIST_INSERT_HEAD(&new_nchashtbl[hash & new_nchash], ncp, nc_hash);
2795 cache_recalc_neg_min();
2796 cache_changesize_set_new(new_nchashtbl, new_nchash);
2797 cache_unlock_all_buckets();
2798 cache_unlock_all_vnodes();
2799 ncfreetbl(old_nchashtbl);
2804 * Remove all entries from and to a particular vnode.
2807 cache_purge_impl(struct vnode *vp)
2809 struct cache_freebatch batch;
2810 struct namecache *ncp;
2811 struct mtx *vlp, *vlp2;
2814 vlp = VP2VNODELOCK(vp);
2818 while (!LIST_EMPTY(&vp->v_cache_src)) {
2819 ncp = LIST_FIRST(&vp->v_cache_src);
2820 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2))
2822 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst);
2824 while (!TAILQ_EMPTY(&vp->v_cache_dst)) {
2825 ncp = TAILQ_FIRST(&vp->v_cache_dst);
2826 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2))
2828 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst);
2830 ncp = vp->v_cache_dd;
2832 KASSERT(ncp->nc_flag & NCF_ISDOTDOT,
2833 ("lost dotdot link"));
2834 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2))
2836 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst);
2838 KASSERT(vp->v_cache_dd == NULL, ("incomplete purge"));
2842 cache_free_batch(&batch);
2846 * Opportunistic check to see if there is anything to do.
2849 cache_has_entries(struct vnode *vp)
2852 if (LIST_EMPTY(&vp->v_cache_src) && TAILQ_EMPTY(&vp->v_cache_dst) &&
2853 atomic_load_ptr(&vp->v_cache_dd) == NULL)
2859 cache_purge(struct vnode *vp)
2862 SDT_PROBE1(vfs, namecache, purge, done, vp);
2863 if (!cache_has_entries(vp))
2865 cache_purge_impl(vp);
2869 * Only to be used by vgone.
2872 cache_purge_vgone(struct vnode *vp)
2876 VNPASS(VN_IS_DOOMED(vp), vp);
2877 if (cache_has_entries(vp)) {
2878 cache_purge_impl(vp);
2883 * Serialize against a potential thread doing cache_purge.
2885 vlp = VP2VNODELOCK(vp);
2886 mtx_wait_unlocked(vlp);
2887 if (cache_has_entries(vp)) {
2888 cache_purge_impl(vp);
2895 * Remove all negative entries for a particular directory vnode.
2898 cache_purge_negative(struct vnode *vp)
2900 struct cache_freebatch batch;
2901 struct namecache *ncp, *nnp;
2904 SDT_PROBE1(vfs, namecache, purge_negative, done, vp);
2905 if (LIST_EMPTY(&vp->v_cache_src))
2908 vlp = VP2VNODELOCK(vp);
2910 LIST_FOREACH_SAFE(ncp, &vp->v_cache_src, nc_src, nnp) {
2911 if (!(ncp->nc_flag & NCF_NEGATIVE))
2913 cache_zap_negative_locked_vnode_kl(ncp, vp);
2914 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst);
2917 cache_free_batch(&batch);
2921 * Entry points for modifying VOP operations.
2924 cache_vop_rename(struct vnode *fdvp, struct vnode *fvp, struct vnode *tdvp,
2925 struct vnode *tvp, struct componentname *fcnp, struct componentname *tcnp)
2928 ASSERT_VOP_IN_SEQC(fdvp);
2929 ASSERT_VOP_IN_SEQC(fvp);
2930 ASSERT_VOP_IN_SEQC(tdvp);
2932 ASSERT_VOP_IN_SEQC(tvp);
2937 KASSERT(!cache_remove_cnp(tdvp, tcnp),
2938 ("%s: lingering negative entry", __func__));
2940 cache_remove_cnp(tdvp, tcnp);
2946 * Historically renaming was always purging all revelang entries,
2947 * but that's quite wasteful. In particular turns out that in many cases
2948 * the target file is immediately accessed after rename, inducing a cache
2951 * Recode this to reduce relocking and reuse the existing entry (if any)
2952 * instead of just removing it above and allocating a new one here.
2954 cache_enter(tdvp, fvp, tcnp);
2958 cache_vop_rmdir(struct vnode *dvp, struct vnode *vp)
2961 ASSERT_VOP_IN_SEQC(dvp);
2962 ASSERT_VOP_IN_SEQC(vp);
2968 * Validate that if an entry exists it matches.
2971 cache_validate(struct vnode *dvp, struct vnode *vp, struct componentname *cnp)
2973 struct namecache *ncp;
2977 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp);
2978 if (CK_SLIST_EMPTY(NCHHASH(hash)))
2980 blp = HASH2BUCKETLOCK(hash);
2982 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) {
2983 if (ncp->nc_dvp == dvp && ncp->nc_nlen == cnp->cn_namelen &&
2984 !bcmp(ncp->nc_name, cnp->cn_nameptr, ncp->nc_nlen)) {
2985 if (ncp->nc_vp != vp)
2986 panic("%s: mismatch (%p != %p); ncp %p [%s] dvp %p\n",
2987 __func__, vp, ncp->nc_vp, ncp, ncp->nc_name, ncp->nc_dvp);
2994 cache_assert_no_entries(struct vnode *vp)
2997 VNPASS(TAILQ_EMPTY(&vp->v_cache_dst), vp);
2998 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp);
2999 VNPASS(vp->v_cache_dd == NULL, vp);
3004 * Flush all entries referencing a particular filesystem.
3007 cache_purgevfs(struct mount *mp)
3009 struct vnode *vp, *mvp;
3010 size_t visited __sdt_used, purged __sdt_used;
3012 visited = purged = 0;
3014 * Somewhat wasteful iteration over all vnodes. Would be better to
3015 * support filtering and avoid the interlock to begin with.
3017 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
3019 if (!cache_has_entries(vp)) {
3030 SDT_PROBE3(vfs, namecache, purgevfs, done, mp, visited, purged);
3034 * Perform canonical checks and cache lookup and pass on to filesystem
3035 * through the vop_cachedlookup only if needed.
3039 vfs_cache_lookup(struct vop_lookup_args *ap)
3043 struct vnode **vpp = ap->a_vpp;
3044 struct componentname *cnp = ap->a_cnp;
3045 int flags = cnp->cn_flags;
3050 if (dvp->v_type != VDIR)
3053 if ((flags & ISLASTCN) && (dvp->v_mount->mnt_flag & MNT_RDONLY) &&
3054 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME))
3057 error = vn_dir_check_exec(dvp, cnp);
3061 error = cache_lookup(dvp, vpp, cnp, NULL, NULL);
3063 return (VOP_CACHEDLOOKUP(dvp, vpp, cnp));
3069 /* Implementation of the getcwd syscall. */
3071 sys___getcwd(struct thread *td, struct __getcwd_args *uap)
3077 buflen = uap->buflen;
3078 if (__predict_false(buflen < 2))
3080 if (buflen > MAXPATHLEN)
3081 buflen = MAXPATHLEN;
3083 buf = uma_zalloc(namei_zone, M_WAITOK);
3084 error = vn_getcwd(buf, &retbuf, &buflen);
3086 error = copyout(retbuf, uap->buf, buflen);
3087 uma_zfree(namei_zone, buf);
3092 vn_getcwd(char *buf, char **retbuf, size_t *buflen)
3098 pwd = pwd_get_smr();
3099 error = vn_fullpath_any_smr(pwd->pwd_cdir, pwd->pwd_rdir, buf, retbuf,
3101 VFS_SMR_ASSERT_NOT_ENTERED();
3103 pwd = pwd_hold(curthread);
3104 error = vn_fullpath_any(pwd->pwd_cdir, pwd->pwd_rdir, buf,
3110 if (KTRPOINT(curthread, KTR_NAMEI) && error == 0)
3117 * Canonicalize a path by walking it forward and back.
3120 * - Nothing guarantees the integrity of the entire chain. Consider the case
3121 * where the path "foo/bar/baz/qux" is passed, but "bar" is moved out of
3122 * "foo" into "quux" during the backwards walk. The result will be
3123 * "quux/bar/baz/qux", which could not have been obtained by an incremental
3124 * walk in userspace. Moreover, the path we return is inaccessible if the
3125 * calling thread lacks permission to traverse "quux".
3128 kern___realpathat(struct thread *td, int fd, const char *path, char *buf,
3129 size_t size, int flags, enum uio_seg pathseg)
3131 struct nameidata nd;
3132 char *retbuf, *freebuf;
3137 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | WANTPARENT | AUDITVNODE1,
3138 pathseg, path, fd, &cap_fstat_rights);
3139 if ((error = namei(&nd)) != 0)
3142 if (nd.ni_vp->v_type == VREG && nd.ni_dvp->v_type != VDIR &&
3143 (nd.ni_vp->v_vflag & VV_ROOT) != 0) {
3145 * This happens if vp is a file mount. The call to
3146 * vn_fullpath_hardlink can panic if path resolution can't be
3147 * handled without the directory.
3149 * To resolve this, we find the vnode which was mounted on -
3150 * this should have a unique global path since we disallow
3151 * mounting on linked files.
3153 struct vnode *covered_vp;
3154 error = vn_lock(nd.ni_vp, LK_SHARED);
3157 covered_vp = nd.ni_vp->v_mount->mnt_vnodecovered;
3159 VOP_UNLOCK(nd.ni_vp);
3160 error = vn_fullpath(covered_vp, &retbuf, &freebuf);
3163 error = vn_fullpath_hardlink(nd.ni_vp, nd.ni_dvp, nd.ni_cnd.cn_nameptr,
3164 nd.ni_cnd.cn_namelen, &retbuf, &freebuf, &size);
3167 error = copyout(retbuf, buf, size);
3168 free(freebuf, M_TEMP);
3178 sys___realpathat(struct thread *td, struct __realpathat_args *uap)
3181 return (kern___realpathat(td, uap->fd, uap->path, uap->buf, uap->size,
3182 uap->flags, UIO_USERSPACE));
3186 * Retrieve the full filesystem path that correspond to a vnode from the name
3187 * cache (if available)
3190 vn_fullpath(struct vnode *vp, char **retbuf, char **freebuf)
3197 if (__predict_false(vp == NULL))
3200 buflen = MAXPATHLEN;
3201 buf = malloc(buflen, M_TEMP, M_WAITOK);
3203 pwd = pwd_get_smr();
3204 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, &buflen, 0);
3205 VFS_SMR_ASSERT_NOT_ENTERED();
3207 pwd = pwd_hold(curthread);
3208 error = vn_fullpath_any(vp, pwd->pwd_rdir, buf, retbuf, &buflen);
3219 * This function is similar to vn_fullpath, but it attempts to lookup the
3220 * pathname relative to the global root mount point. This is required for the
3221 * auditing sub-system, as audited pathnames must be absolute, relative to the
3222 * global root mount point.
3225 vn_fullpath_global(struct vnode *vp, char **retbuf, char **freebuf)
3231 if (__predict_false(vp == NULL))
3233 buflen = MAXPATHLEN;
3234 buf = malloc(buflen, M_TEMP, M_WAITOK);
3236 error = vn_fullpath_any_smr(vp, rootvnode, buf, retbuf, &buflen, 0);
3237 VFS_SMR_ASSERT_NOT_ENTERED();
3239 error = vn_fullpath_any(vp, rootvnode, buf, retbuf, &buflen);
3248 static struct namecache *
3249 vn_dd_from_dst(struct vnode *vp)
3251 struct namecache *ncp;
3253 cache_assert_vnode_locked(vp);
3254 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) {
3255 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0)
3262 vn_vptocnp(struct vnode **vp, char *buf, size_t *buflen)
3265 struct namecache *ncp;
3269 vlp = VP2VNODELOCK(*vp);
3271 ncp = (*vp)->v_cache_dd;
3272 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT) == 0) {
3273 KASSERT(ncp == vn_dd_from_dst(*vp),
3274 ("%s: mismatch for dd entry (%p != %p)", __func__,
3275 ncp, vn_dd_from_dst(*vp)));
3277 ncp = vn_dd_from_dst(*vp);
3280 if (*buflen < ncp->nc_nlen) {
3283 counter_u64_add(numfullpathfail4, 1);
3285 SDT_PROBE3(vfs, namecache, fullpath, return, error,
3289 *buflen -= ncp->nc_nlen;
3290 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen);
3291 SDT_PROBE3(vfs, namecache, fullpath, hit, ncp->nc_dvp,
3300 SDT_PROBE1(vfs, namecache, fullpath, miss, vp);
3303 vn_lock(*vp, LK_SHARED | LK_RETRY);
3304 error = VOP_VPTOCNP(*vp, &dvp, buf, buflen);
3307 counter_u64_add(numfullpathfail2, 1);
3308 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL);
3313 if (VN_IS_DOOMED(dvp)) {
3314 /* forced unmount */
3317 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL);
3321 * *vp has its use count incremented still.
3328 * Resolve a directory to a pathname.
3330 * The name of the directory can always be found in the namecache or fetched
3331 * from the filesystem. There is also guaranteed to be only one parent, meaning
3332 * we can just follow vnodes up until we find the root.
3334 * The vnode must be referenced.
3337 vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf,
3338 size_t *len, size_t addend)
3340 #ifdef KDTRACE_HOOKS
3341 struct vnode *startvp = vp;
3346 bool slash_prefixed;
3348 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp);
3349 VNPASS(vp->v_usecount > 0, vp);
3353 slash_prefixed = true;
3358 slash_prefixed = false;
3363 SDT_PROBE1(vfs, namecache, fullpath, entry, vp);
3364 counter_u64_add(numfullpathcalls, 1);
3365 while (vp != rdir && vp != rootvnode) {
3367 * The vp vnode must be already fully constructed,
3368 * since it is either found in namecache or obtained
3369 * from VOP_VPTOCNP(). We may test for VV_ROOT safely
3370 * without obtaining the vnode lock.
3372 if ((vp->v_vflag & VV_ROOT) != 0) {
3373 vn_lock(vp, LK_RETRY | LK_SHARED);
3376 * With the vnode locked, check for races with
3377 * unmount, forced or not. Note that we
3378 * already verified that vp is not equal to
3379 * the root vnode, which means that
3380 * mnt_vnodecovered can be NULL only for the
3383 if (VN_IS_DOOMED(vp) ||
3384 (vp1 = vp->v_mount->mnt_vnodecovered) == NULL ||
3385 vp1->v_mountedhere != vp->v_mount) {
3388 SDT_PROBE3(vfs, namecache, fullpath, return,
3398 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp);
3399 error = vn_vptocnp(&vp, buf, &buflen);
3405 SDT_PROBE3(vfs, namecache, fullpath, return, error,
3409 buf[--buflen] = '/';
3410 slash_prefixed = true;
3414 if (!slash_prefixed) {
3417 counter_u64_add(numfullpathfail4, 1);
3418 SDT_PROBE3(vfs, namecache, fullpath, return, ENOMEM,
3422 buf[--buflen] = '/';
3424 counter_u64_add(numfullpathfound, 1);
3427 *retbuf = buf + buflen;
3428 SDT_PROBE3(vfs, namecache, fullpath, return, 0, startvp, *retbuf);
3435 * Resolve an arbitrary vnode to a pathname.
3438 * - hardlinks are not tracked, thus if the vnode is not a directory this can
3439 * resolve to a different path than the one used to find it
3440 * - namecache is not mandatory, meaning names are not guaranteed to be added
3441 * (in which case resolving fails)
3443 static void __inline
3444 cache_rev_failed_impl(int *reason, int line)
3449 #define cache_rev_failed(var) cache_rev_failed_impl((var), __LINE__)
3452 vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf,
3453 char **retbuf, size_t *buflen, size_t addend)
3455 #ifdef KDTRACE_HOOKS
3456 struct vnode *startvp = vp;
3460 struct namecache *ncp;
3464 #ifdef KDTRACE_HOOKS
3467 seqc_t vp_seqc, tvp_seqc;
3470 VFS_SMR_ASSERT_ENTERED();
3472 if (!atomic_load_char(&cache_fast_lookup_enabled)) {
3477 orig_buflen = *buflen;
3480 MPASS(*buflen >= 2);
3482 buf[*buflen] = '\0';
3485 if (vp == rdir || vp == rootvnode) {
3493 #ifdef KDTRACE_HOOKS
3497 ncp = NULL; /* for sdt probe down below */
3498 vp_seqc = vn_seqc_read_any(vp);
3499 if (seqc_in_modify(vp_seqc)) {
3500 cache_rev_failed(&reason);
3505 #ifdef KDTRACE_HOOKS
3508 if ((vp->v_vflag & VV_ROOT) != 0) {
3509 mp = atomic_load_ptr(&vp->v_mount);
3511 cache_rev_failed(&reason);
3514 tvp = atomic_load_ptr(&mp->mnt_vnodecovered);
3515 tvp_seqc = vn_seqc_read_any(tvp);
3516 if (seqc_in_modify(tvp_seqc)) {
3517 cache_rev_failed(&reason);
3520 if (!vn_seqc_consistent(vp, vp_seqc)) {
3521 cache_rev_failed(&reason);
3528 ncp = atomic_load_consume_ptr(&vp->v_cache_dd);
3530 cache_rev_failed(&reason);
3533 nc_flag = atomic_load_char(&ncp->nc_flag);
3534 if ((nc_flag & NCF_ISDOTDOT) != 0) {
3535 cache_rev_failed(&reason);
3538 if (ncp->nc_nlen >= *buflen) {
3539 cache_rev_failed(&reason);
3543 *buflen -= ncp->nc_nlen;
3544 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen);
3548 tvp_seqc = vn_seqc_read_any(tvp);
3549 if (seqc_in_modify(tvp_seqc)) {
3550 cache_rev_failed(&reason);
3553 if (!vn_seqc_consistent(vp, vp_seqc)) {
3554 cache_rev_failed(&reason);
3558 * Acquire fence provided by vn_seqc_read_any above.
3560 if (__predict_false(atomic_load_ptr(&vp->v_cache_dd) != ncp)) {
3561 cache_rev_failed(&reason);
3564 if (!cache_ncp_canuse(ncp)) {
3565 cache_rev_failed(&reason);
3570 if (vp == rdir || vp == rootvnode)
3575 *retbuf = buf + *buflen;
3576 *buflen = orig_buflen - *buflen + addend;
3577 SDT_PROBE2(vfs, namecache, fullpath_smr, hit, startvp, *retbuf);
3581 *buflen = orig_buflen;
3582 SDT_PROBE4(vfs, namecache, fullpath_smr, miss, startvp, ncp, reason, i);
3588 vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf,
3591 size_t orig_buflen, addend;
3597 orig_buflen = *buflen;
3601 if (vp->v_type != VDIR) {
3603 buf[*buflen] = '\0';
3604 error = vn_vptocnp(&vp, buf, buflen);
3613 addend = orig_buflen - *buflen;
3616 return (vn_fullpath_dir(vp, rdir, buf, retbuf, buflen, addend));
3620 * Resolve an arbitrary vnode to a pathname (taking care of hardlinks).
3622 * Since the namecache does not track hardlinks, the caller is expected to
3623 * first look up the target vnode with WANTPARENT flag passed to namei to get
3626 * Then we have 2 cases:
3627 * - if the found vnode is a directory, the path can be constructed just by
3628 * following names up the chain
3629 * - otherwise we populate the buffer with the saved name and start resolving
3633 vn_fullpath_hardlink(struct vnode *vp, struct vnode *dvp,
3634 const char *hrdl_name, size_t hrdl_name_length,
3635 char **retbuf, char **freebuf, size_t *buflen)
3641 __enum_uint8(vtype) type;
3645 if (*buflen > MAXPATHLEN)
3646 *buflen = MAXPATHLEN;
3648 buf = malloc(*buflen, M_TEMP, M_WAITOK);
3653 * Check for VBAD to work around the vp_crossmp bug in lookup().
3655 * For example consider tmpfs on /tmp and realpath /tmp. ni_vp will be
3656 * set to mount point's root vnode while ni_dvp will be vp_crossmp.
3657 * If the type is VDIR (like in this very case) we can skip looking
3658 * at ni_dvp in the first place. However, since vnodes get passed here
3659 * unlocked the target may transition to doomed state (type == VBAD)
3660 * before we get to evaluate the condition. If this happens, we will
3661 * populate part of the buffer and descend to vn_fullpath_dir with
3662 * vp == vp_crossmp. Prevent the problem by checking for VBAD.
3664 type = atomic_load_8(&vp->v_type);
3670 addend = hrdl_name_length + 2;
3671 if (*buflen < addend) {
3676 tmpbuf = buf + *buflen;
3678 memcpy(&tmpbuf[1], hrdl_name, hrdl_name_length);
3679 tmpbuf[addend - 1] = '\0';
3684 pwd = pwd_get_smr();
3685 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, buflen,
3687 VFS_SMR_ASSERT_NOT_ENTERED();
3689 pwd = pwd_hold(curthread);
3691 error = vn_fullpath_dir(vp, pwd->pwd_rdir, buf, retbuf, buflen,
3707 vn_dir_dd_ino(struct vnode *vp)
3709 struct namecache *ncp;
3714 ASSERT_VOP_LOCKED(vp, "vn_dir_dd_ino");
3715 vlp = VP2VNODELOCK(vp);
3717 TAILQ_FOREACH(ncp, &(vp->v_cache_dst), nc_dst) {
3718 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0)
3721 vs = vget_prep(ddvp);
3723 if (vget_finish(ddvp, LK_SHARED | LK_NOWAIT, vs))
3732 vn_commname(struct vnode *vp, char *buf, u_int buflen)
3734 struct namecache *ncp;
3738 vlp = VP2VNODELOCK(vp);
3740 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst)
3741 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0)
3747 l = min(ncp->nc_nlen, buflen - 1);
3748 memcpy(buf, ncp->nc_name, l);
3755 * This function updates path string to vnode's full global path
3756 * and checks the size of the new path string against the pathlen argument.
3758 * Requires a locked, referenced vnode.
3759 * Vnode is re-locked on success or ENODEV, otherwise unlocked.
3761 * If vp is a directory, the call to vn_fullpath_global() always succeeds
3762 * because it falls back to the ".." lookup if the namecache lookup fails.
3765 vn_path_to_global_path(struct thread *td, struct vnode *vp, char *path,
3768 struct nameidata nd;
3773 ASSERT_VOP_ELOCKED(vp, __func__);
3775 /* Construct global filesystem path from vp. */
3777 error = vn_fullpath_global(vp, &rpath, &fbuf);
3784 if (strlen(rpath) >= pathlen) {
3786 error = ENAMETOOLONG;
3791 * Re-lookup the vnode by path to detect a possible rename.
3792 * As a side effect, the vnode is relocked.
3793 * If vnode was renamed, return ENOENT.
3795 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path);
3805 strcpy(path, rpath);
3817 * This is similar to vn_path_to_global_path but allows for regular
3818 * files which may not be present in the cache.
3820 * Requires a locked, referenced vnode.
3821 * Vnode is re-locked on success or ENODEV, otherwise unlocked.
3824 vn_path_to_global_path_hardlink(struct thread *td, struct vnode *vp,
3825 struct vnode *dvp, char *path, u_int pathlen, const char *leaf_name,
3828 struct nameidata nd;
3834 ASSERT_VOP_ELOCKED(vp, __func__);
3837 * Construct global filesystem path from dvp, vp and leaf
3842 error = vn_fullpath_hardlink(vp, dvp, leaf_name, leaf_length,
3843 &rpath, &fbuf, &len);
3850 if (strlen(rpath) >= pathlen) {
3852 error = ENAMETOOLONG;
3857 * Re-lookup the vnode by path to detect a possible rename.
3858 * As a side effect, the vnode is relocked.
3859 * If vnode was renamed, return ENOENT.
3861 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path);
3871 strcpy(path, rpath);
3884 db_print_vpath(struct vnode *vp)
3887 while (vp != NULL) {
3888 db_printf("%p: ", vp);
3889 if (vp == rootvnode) {
3893 if (vp->v_vflag & VV_ROOT) {
3894 db_printf("<mount point>");
3895 vp = vp->v_mount->mnt_vnodecovered;
3897 struct namecache *ncp;
3901 ncp = TAILQ_FIRST(&vp->v_cache_dst);
3904 for (i = 0; i < ncp->nc_nlen; i++)
3905 db_printf("%c", *ncn++);
3918 DB_SHOW_COMMAND(vpath, db_show_vpath)
3923 db_printf("usage: show vpath <struct vnode *>\n");
3927 vp = (struct vnode *)addr;
3933 static int cache_fast_lookup = 1;
3935 #define CACHE_FPL_FAILED -2020
3938 cache_vop_bad_vexec(struct vop_fplookup_vexec_args *v)
3940 vn_printf(v->a_vp, "no proper vop_fplookup_vexec\n");
3941 panic("no proper vop_fplookup_vexec");
3945 cache_vop_bad_symlink(struct vop_fplookup_symlink_args *v)
3947 vn_printf(v->a_vp, "no proper vop_fplookup_symlink\n");
3948 panic("no proper vop_fplookup_symlink");
3952 cache_vop_vector_register(struct vop_vector *v)
3957 if (v->vop_fplookup_vexec != NULL) {
3960 if (v->vop_fplookup_symlink != NULL) {
3969 v->vop_fplookup_vexec = cache_vop_bad_vexec;
3970 v->vop_fplookup_symlink = cache_vop_bad_symlink;
3974 printf("%s: invalid vop vector %p -- either all or none fplookup vops "
3975 "need to be provided", __func__, v);
3976 if (v->vop_fplookup_vexec == NULL) {
3977 printf("%s: missing vop_fplookup_vexec\n", __func__);
3979 if (v->vop_fplookup_symlink == NULL) {
3980 printf("%s: missing vop_fplookup_symlink\n", __func__);
3982 panic("bad vop vector %p", v);
3987 cache_validate_vop_vector(struct mount *mp, struct vop_vector *vops)
3992 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0)
3995 if (vops->vop_fplookup_vexec == NULL ||
3996 vops->vop_fplookup_vexec == cache_vop_bad_vexec)
3997 panic("bad vop_fplookup_vexec on vector %p for filesystem %s",
3998 vops, mp->mnt_vfc->vfc_name);
4000 if (vops->vop_fplookup_symlink == NULL ||
4001 vops->vop_fplookup_symlink == cache_vop_bad_symlink)
4002 panic("bad vop_fplookup_symlink on vector %p for filesystem %s",
4003 vops, mp->mnt_vfc->vfc_name);
4008 cache_fast_lookup_enabled_recalc(void)
4014 mac_on = mac_vnode_check_lookup_enabled();
4015 mac_on |= mac_vnode_check_readlink_enabled();
4020 lookup_flag = atomic_load_int(&cache_fast_lookup);
4021 if (lookup_flag && !mac_on) {
4022 atomic_store_char(&cache_fast_lookup_enabled, true);
4024 atomic_store_char(&cache_fast_lookup_enabled, false);
4029 syscal_vfs_cache_fast_lookup(SYSCTL_HANDLER_ARGS)
4033 old = atomic_load_int(&cache_fast_lookup);
4034 error = sysctl_handle_int(oidp, arg1, arg2, req);
4035 if (error == 0 && req->newptr && old != atomic_load_int(&cache_fast_lookup))
4036 cache_fast_lookup_enabled_recalc();
4039 SYSCTL_PROC(_vfs, OID_AUTO, cache_fast_lookup, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE,
4040 &cache_fast_lookup, 0, syscal_vfs_cache_fast_lookup, "IU", "");
4043 * Components of nameidata (or objects it can point to) which may
4044 * need restoring in case fast path lookup fails.
4046 struct nameidata_outer {
4051 struct nameidata_saved {
4059 struct cache_fpl_debug {
4065 struct nameidata *ndp;
4066 struct componentname *cnp;
4073 struct nameidata_saved snd;
4074 struct nameidata_outer snd_outer;
4076 enum cache_fpl_status status:8;
4081 struct cache_fpl_debug debug;
4085 static bool cache_fplookup_mp_supported(struct mount *mp);
4086 static bool cache_fplookup_is_mp(struct cache_fpl *fpl);
4087 static int cache_fplookup_cross_mount(struct cache_fpl *fpl);
4088 static int cache_fplookup_partial_setup(struct cache_fpl *fpl);
4089 static int cache_fplookup_skip_slashes(struct cache_fpl *fpl);
4090 static int cache_fplookup_trailingslash(struct cache_fpl *fpl);
4091 static void cache_fpl_pathlen_dec(struct cache_fpl *fpl);
4092 static void cache_fpl_pathlen_inc(struct cache_fpl *fpl);
4093 static void cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n);
4094 static void cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n);
4097 cache_fpl_cleanup_cnp(struct componentname *cnp)
4100 uma_zfree(namei_zone, cnp->cn_pnbuf);
4101 cnp->cn_pnbuf = NULL;
4102 cnp->cn_nameptr = NULL;
4105 static struct vnode *
4106 cache_fpl_handle_root(struct cache_fpl *fpl)
4108 struct nameidata *ndp;
4109 struct componentname *cnp;
4114 MPASS(*(cnp->cn_nameptr) == '/');
4116 cache_fpl_pathlen_dec(fpl);
4118 if (__predict_false(*(cnp->cn_nameptr) == '/')) {
4121 cache_fpl_pathlen_dec(fpl);
4122 } while (*(cnp->cn_nameptr) == '/');
4125 return (ndp->ni_rootdir);
4129 cache_fpl_checkpoint_outer(struct cache_fpl *fpl)
4132 fpl->snd_outer.ni_pathlen = fpl->ndp->ni_pathlen;
4133 fpl->snd_outer.cn_flags = fpl->ndp->ni_cnd.cn_flags;
4137 cache_fpl_checkpoint(struct cache_fpl *fpl)
4141 fpl->snd.cn_nameptr = fpl->ndp->ni_cnd.cn_nameptr;
4142 fpl->snd.ni_pathlen = fpl->debug.ni_pathlen;
4147 cache_fpl_restore_partial(struct cache_fpl *fpl)
4150 fpl->ndp->ni_cnd.cn_flags = fpl->snd_outer.cn_flags;
4152 fpl->debug.ni_pathlen = fpl->snd.ni_pathlen;
4157 cache_fpl_restore_abort(struct cache_fpl *fpl)
4160 cache_fpl_restore_partial(fpl);
4162 * It is 0 on entry by API contract.
4164 fpl->ndp->ni_resflags = 0;
4165 fpl->ndp->ni_cnd.cn_nameptr = fpl->ndp->ni_cnd.cn_pnbuf;
4166 fpl->ndp->ni_pathlen = fpl->snd_outer.ni_pathlen;
4170 #define cache_fpl_smr_assert_entered(fpl) ({ \
4171 struct cache_fpl *_fpl = (fpl); \
4172 MPASS(_fpl->in_smr == true); \
4173 VFS_SMR_ASSERT_ENTERED(); \
4175 #define cache_fpl_smr_assert_not_entered(fpl) ({ \
4176 struct cache_fpl *_fpl = (fpl); \
4177 MPASS(_fpl->in_smr == false); \
4178 VFS_SMR_ASSERT_NOT_ENTERED(); \
4181 cache_fpl_assert_status(struct cache_fpl *fpl)
4184 switch (fpl->status) {
4185 case CACHE_FPL_STATUS_UNSET:
4186 __assert_unreachable();
4188 case CACHE_FPL_STATUS_DESTROYED:
4189 case CACHE_FPL_STATUS_ABORTED:
4190 case CACHE_FPL_STATUS_PARTIAL:
4191 case CACHE_FPL_STATUS_HANDLED:
4196 #define cache_fpl_smr_assert_entered(fpl) do { } while (0)
4197 #define cache_fpl_smr_assert_not_entered(fpl) do { } while (0)
4198 #define cache_fpl_assert_status(fpl) do { } while (0)
4201 #define cache_fpl_smr_enter_initial(fpl) ({ \
4202 struct cache_fpl *_fpl = (fpl); \
4204 _fpl->in_smr = true; \
4207 #define cache_fpl_smr_enter(fpl) ({ \
4208 struct cache_fpl *_fpl = (fpl); \
4209 MPASS(_fpl->in_smr == false); \
4211 _fpl->in_smr = true; \
4214 #define cache_fpl_smr_exit(fpl) ({ \
4215 struct cache_fpl *_fpl = (fpl); \
4216 MPASS(_fpl->in_smr == true); \
4218 _fpl->in_smr = false; \
4222 cache_fpl_aborted_early_impl(struct cache_fpl *fpl, int line)
4225 if (fpl->status != CACHE_FPL_STATUS_UNSET) {
4226 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL,
4227 ("%s: converting to abort from %d at %d, set at %d\n",
4228 __func__, fpl->status, line, fpl->line));
4230 cache_fpl_smr_assert_not_entered(fpl);
4231 fpl->status = CACHE_FPL_STATUS_ABORTED;
4233 return (CACHE_FPL_FAILED);
4236 #define cache_fpl_aborted_early(x) cache_fpl_aborted_early_impl((x), __LINE__)
4238 static int __noinline
4239 cache_fpl_aborted_impl(struct cache_fpl *fpl, int line)
4241 struct nameidata *ndp;
4242 struct componentname *cnp;
4247 if (fpl->status != CACHE_FPL_STATUS_UNSET) {
4248 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL,
4249 ("%s: converting to abort from %d at %d, set at %d\n",
4250 __func__, fpl->status, line, fpl->line));
4252 fpl->status = CACHE_FPL_STATUS_ABORTED;
4255 cache_fpl_smr_exit(fpl);
4256 cache_fpl_restore_abort(fpl);
4258 * Resolving symlinks overwrites data passed by the caller.
4261 if (ndp->ni_loopcnt > 0) {
4262 fpl->status = CACHE_FPL_STATUS_DESTROYED;
4263 cache_fpl_cleanup_cnp(cnp);
4265 return (CACHE_FPL_FAILED);
4268 #define cache_fpl_aborted(x) cache_fpl_aborted_impl((x), __LINE__)
4270 static int __noinline
4271 cache_fpl_partial_impl(struct cache_fpl *fpl, int line)
4274 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET,
4275 ("%s: setting to partial at %d, but already set to %d at %d\n",
4276 __func__, line, fpl->status, fpl->line));
4277 cache_fpl_smr_assert_entered(fpl);
4278 fpl->status = CACHE_FPL_STATUS_PARTIAL;
4280 return (cache_fplookup_partial_setup(fpl));
4283 #define cache_fpl_partial(x) cache_fpl_partial_impl((x), __LINE__)
4286 cache_fpl_handled_impl(struct cache_fpl *fpl, int line)
4289 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET,
4290 ("%s: setting to handled at %d, but already set to %d at %d\n",
4291 __func__, line, fpl->status, fpl->line));
4292 cache_fpl_smr_assert_not_entered(fpl);
4293 fpl->status = CACHE_FPL_STATUS_HANDLED;
4298 #define cache_fpl_handled(x) cache_fpl_handled_impl((x), __LINE__)
4301 cache_fpl_handled_error_impl(struct cache_fpl *fpl, int error, int line)
4304 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET,
4305 ("%s: setting to handled at %d, but already set to %d at %d\n",
4306 __func__, line, fpl->status, fpl->line));
4308 MPASS(error != CACHE_FPL_FAILED);
4309 cache_fpl_smr_assert_not_entered(fpl);
4310 fpl->status = CACHE_FPL_STATUS_HANDLED;
4317 #define cache_fpl_handled_error(x, e) cache_fpl_handled_error_impl((x), (e), __LINE__)
4320 cache_fpl_terminated(struct cache_fpl *fpl)
4323 return (fpl->status != CACHE_FPL_STATUS_UNSET);
4326 #define CACHE_FPL_SUPPORTED_CN_FLAGS \
4327 (NC_NOMAKEENTRY | NC_KEEPPOSENTRY | LOCKLEAF | LOCKPARENT | WANTPARENT | \
4328 FAILIFEXISTS | FOLLOW | EMPTYPATH | LOCKSHARED | ISRESTARTED | WILLBEDIR | \
4329 ISOPEN | NOMACCHECK | AUDITVNODE1 | AUDITVNODE2 | NOCAPCHECK | OPENREAD | \
4330 OPENWRITE | WANTIOCTLCAPS)
4332 #define CACHE_FPL_INTERNAL_CN_FLAGS \
4333 (ISDOTDOT | MAKEENTRY | ISLASTCN)
4335 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & CACHE_FPL_INTERNAL_CN_FLAGS) == 0,
4336 "supported and internal flags overlap");
4339 cache_fpl_islastcn(struct nameidata *ndp)
4342 return (*ndp->ni_next == 0);
4346 cache_fpl_istrailingslash(struct cache_fpl *fpl)
4349 MPASS(fpl->nulchar > fpl->cnp->cn_pnbuf);
4350 return (*(fpl->nulchar - 1) == '/');
4354 cache_fpl_isdotdot(struct componentname *cnp)
4357 if (cnp->cn_namelen == 2 &&
4358 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.')
4364 cache_can_fplookup(struct cache_fpl *fpl)
4366 struct nameidata *ndp;
4367 struct componentname *cnp;
4374 if (!atomic_load_char(&cache_fast_lookup_enabled)) {
4375 cache_fpl_aborted_early(fpl);
4378 if ((cnp->cn_flags & ~CACHE_FPL_SUPPORTED_CN_FLAGS) != 0) {
4379 cache_fpl_aborted_early(fpl);
4382 if (IN_CAPABILITY_MODE(td)) {
4383 cache_fpl_aborted_early(fpl);
4386 if (AUDITING_TD(td)) {
4387 cache_fpl_aborted_early(fpl);
4390 if (ndp->ni_startdir != NULL) {
4391 cache_fpl_aborted_early(fpl);
4397 static int __noinline
4398 cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp)
4400 struct nameidata *ndp;
4401 struct componentname *cnp;
4408 error = fgetvp_lookup_smr(ndp->ni_dirfd, ndp, vpp, &fsearch);
4409 if (__predict_false(error != 0)) {
4410 return (cache_fpl_aborted(fpl));
4412 fpl->fsearch = fsearch;
4413 if ((*vpp)->v_type != VDIR) {
4414 if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) {
4415 cache_fpl_smr_exit(fpl);
4416 return (cache_fpl_handled_error(fpl, ENOTDIR));
4422 static int __noinline
4423 cache_fplookup_negative_promote(struct cache_fpl *fpl, struct namecache *oncp,
4426 struct componentname *cnp;
4432 cache_fpl_smr_exit(fpl);
4433 if (cache_neg_promote_cond(dvp, cnp, oncp, hash))
4434 return (cache_fpl_handled_error(fpl, ENOENT));
4436 return (cache_fpl_aborted(fpl));
4440 * The target vnode is not supported, prepare for the slow path to take over.
4442 static int __noinline
4443 cache_fplookup_partial_setup(struct cache_fpl *fpl)
4445 struct nameidata *ndp;
4446 struct componentname *cnp;
4456 dvp_seqc = fpl->dvp_seqc;
4458 if (!pwd_hold_smr(pwd)) {
4459 return (cache_fpl_aborted(fpl));
4463 * Note that seqc is checked before the vnode is locked, so by
4464 * the time regular lookup gets to it it may have moved.
4466 * Ultimately this does not affect correctness, any lookup errors
4467 * are userspace racing with itself. It is guaranteed that any
4468 * path which ultimately gets found could also have been found
4469 * by regular lookup going all the way in absence of concurrent
4472 dvs = vget_prep_smr(dvp);
4473 cache_fpl_smr_exit(fpl);
4474 if (__predict_false(dvs == VGET_NONE)) {
4476 return (cache_fpl_aborted(fpl));
4479 vget_finish_ref(dvp, dvs);
4480 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
4483 return (cache_fpl_aborted(fpl));
4486 cache_fpl_restore_partial(fpl);
4488 if (cnp->cn_nameptr != fpl->snd.cn_nameptr) {
4489 panic("%s: cn_nameptr mismatch (%p != %p) full [%s]\n", __func__,
4490 cnp->cn_nameptr, fpl->snd.cn_nameptr, cnp->cn_pnbuf);
4494 ndp->ni_startdir = dvp;
4495 cnp->cn_flags |= MAKEENTRY;
4496 if (cache_fpl_islastcn(ndp))
4497 cnp->cn_flags |= ISLASTCN;
4498 if (cache_fpl_isdotdot(cnp))
4499 cnp->cn_flags |= ISDOTDOT;
4502 * Skip potential extra slashes parsing did not take care of.
4503 * cache_fplookup_skip_slashes explains the mechanism.
4505 if (__predict_false(*(cnp->cn_nameptr) == '/')) {
4508 cache_fpl_pathlen_dec(fpl);
4509 } while (*(cnp->cn_nameptr) == '/');
4512 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1;
4514 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) {
4515 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n",
4516 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar,
4517 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf);
4524 cache_fplookup_final_child(struct cache_fpl *fpl, enum vgetstate tvs)
4526 struct componentname *cnp;
4533 tvp_seqc = fpl->tvp_seqc;
4535 if ((cnp->cn_flags & LOCKLEAF) != 0) {
4536 lkflags = LK_SHARED;
4537 if ((cnp->cn_flags & LOCKSHARED) == 0)
4538 lkflags = LK_EXCLUSIVE;
4539 error = vget_finish(tvp, lkflags, tvs);
4540 if (__predict_false(error != 0)) {
4541 return (cache_fpl_aborted(fpl));
4544 vget_finish_ref(tvp, tvs);
4547 if (!vn_seqc_consistent(tvp, tvp_seqc)) {
4548 if ((cnp->cn_flags & LOCKLEAF) != 0)
4552 return (cache_fpl_aborted(fpl));
4555 return (cache_fpl_handled(fpl));
4559 * They want to possibly modify the state of the namecache.
4561 static int __noinline
4562 cache_fplookup_final_modifying(struct cache_fpl *fpl)
4564 struct nameidata *ndp __diagused;
4565 struct componentname *cnp;
4567 struct vnode *dvp, *tvp;
4576 dvp_seqc = fpl->dvp_seqc;
4578 MPASS(*(cnp->cn_nameptr) != '/');
4579 MPASS(cache_fpl_islastcn(ndp));
4580 if ((cnp->cn_flags & LOCKPARENT) == 0)
4581 MPASS((cnp->cn_flags & WANTPARENT) != 0);
4582 MPASS((cnp->cn_flags & TRAILINGSLASH) == 0);
4583 MPASS(cnp->cn_nameiop == CREATE || cnp->cn_nameiop == DELETE ||
4584 cnp->cn_nameiop == RENAME);
4585 MPASS((cnp->cn_flags & MAKEENTRY) == 0);
4586 MPASS((cnp->cn_flags & ISDOTDOT) == 0);
4588 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE;
4589 if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)
4593 * Regular lookup nulifies the slash, which we don't do here.
4594 * Don't take chances with filesystem routines seeing it for
4597 if (cache_fpl_istrailingslash(fpl)) {
4598 return (cache_fpl_partial(fpl));
4601 mp = atomic_load_ptr(&dvp->v_mount);
4602 if (__predict_false(mp == NULL)) {
4603 return (cache_fpl_aborted(fpl));
4606 if (__predict_false(mp->mnt_flag & MNT_RDONLY)) {
4607 cache_fpl_smr_exit(fpl);
4609 * Original code keeps not checking for CREATE which
4610 * might be a bug. For now let the old lookup decide.
4612 if (cnp->cn_nameiop == CREATE) {
4613 return (cache_fpl_aborted(fpl));
4615 return (cache_fpl_handled_error(fpl, EROFS));
4618 if (fpl->tvp != NULL && (cnp->cn_flags & FAILIFEXISTS) != 0) {
4619 cache_fpl_smr_exit(fpl);
4620 return (cache_fpl_handled_error(fpl, EEXIST));
4624 * Secure access to dvp; check cache_fplookup_partial_setup for
4627 * XXX At least UFS requires its lookup routine to be called for
4628 * the last path component, which leads to some level of complication
4630 * - the target routine always locks the target vnode, but our caller
4631 * may not need it locked
4632 * - some of the VOP machinery asserts that the parent is locked, which
4633 * once more may be not required
4635 * TODO: add a flag for filesystems which don't need this.
4637 dvs = vget_prep_smr(dvp);
4638 cache_fpl_smr_exit(fpl);
4639 if (__predict_false(dvs == VGET_NONE)) {
4640 return (cache_fpl_aborted(fpl));
4643 vget_finish_ref(dvp, dvs);
4644 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
4646 return (cache_fpl_aborted(fpl));
4649 error = vn_lock(dvp, LK_EXCLUSIVE);
4650 if (__predict_false(error != 0)) {
4652 return (cache_fpl_aborted(fpl));
4656 cnp->cn_flags |= ISLASTCN;
4658 cnp->cn_flags |= MAKEENTRY;
4659 if (cache_fpl_isdotdot(cnp))
4660 cnp->cn_flags |= ISDOTDOT;
4661 cnp->cn_lkflags = LK_EXCLUSIVE;
4662 error = VOP_LOOKUP(dvp, &tvp, cnp);
4670 return (cache_fpl_handled_error(fpl, error));
4673 return (cache_fpl_aborted(fpl));
4679 MPASS(error == EJUSTRETURN);
4680 if ((cnp->cn_flags & LOCKPARENT) == 0) {
4683 return (cache_fpl_handled(fpl));
4687 * There are very hairy corner cases concerning various flag combinations
4688 * and locking state. In particular here we only hold one lock instead of
4691 * Skip the complexity as it is of no significance for normal workloads.
4693 if (__predict_false(tvp == dvp)) {
4696 return (cache_fpl_aborted(fpl));
4700 * If they want the symlink itself we are fine, but if they want to
4701 * follow it regular lookup has to be engaged.
4703 if (tvp->v_type == VLNK) {
4704 if ((cnp->cn_flags & FOLLOW) != 0) {
4707 return (cache_fpl_aborted(fpl));
4712 * Since we expect this to be the terminal vnode it should almost never
4715 if (__predict_false(cache_fplookup_is_mp(fpl))) {
4718 return (cache_fpl_aborted(fpl));
4721 if ((cnp->cn_flags & FAILIFEXISTS) != 0) {
4724 return (cache_fpl_handled_error(fpl, EEXIST));
4727 if ((cnp->cn_flags & LOCKLEAF) == 0) {
4731 if ((cnp->cn_flags & LOCKPARENT) == 0) {
4735 return (cache_fpl_handled(fpl));
4738 static int __noinline
4739 cache_fplookup_modifying(struct cache_fpl *fpl)
4741 struct nameidata *ndp;
4745 if (!cache_fpl_islastcn(ndp)) {
4746 return (cache_fpl_partial(fpl));
4748 return (cache_fplookup_final_modifying(fpl));
4751 static int __noinline
4752 cache_fplookup_final_withparent(struct cache_fpl *fpl)
4754 struct componentname *cnp;
4755 enum vgetstate dvs, tvs;
4756 struct vnode *dvp, *tvp;
4762 dvp_seqc = fpl->dvp_seqc;
4765 MPASS((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0);
4768 * This is less efficient than it can be for simplicity.
4770 dvs = vget_prep_smr(dvp);
4771 if (__predict_false(dvs == VGET_NONE)) {
4772 return (cache_fpl_aborted(fpl));
4774 tvs = vget_prep_smr(tvp);
4775 if (__predict_false(tvs == VGET_NONE)) {
4776 cache_fpl_smr_exit(fpl);
4777 vget_abort(dvp, dvs);
4778 return (cache_fpl_aborted(fpl));
4781 cache_fpl_smr_exit(fpl);
4783 if ((cnp->cn_flags & LOCKPARENT) != 0) {
4784 error = vget_finish(dvp, LK_EXCLUSIVE, dvs);
4785 if (__predict_false(error != 0)) {
4786 vget_abort(tvp, tvs);
4787 return (cache_fpl_aborted(fpl));
4790 vget_finish_ref(dvp, dvs);
4793 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
4794 vget_abort(tvp, tvs);
4795 if ((cnp->cn_flags & LOCKPARENT) != 0)
4799 return (cache_fpl_aborted(fpl));
4802 error = cache_fplookup_final_child(fpl, tvs);
4803 if (__predict_false(error != 0)) {
4804 MPASS(fpl->status == CACHE_FPL_STATUS_ABORTED ||
4805 fpl->status == CACHE_FPL_STATUS_DESTROYED);
4806 if ((cnp->cn_flags & LOCKPARENT) != 0)
4813 MPASS(fpl->status == CACHE_FPL_STATUS_HANDLED);
4818 cache_fplookup_final(struct cache_fpl *fpl)
4820 struct componentname *cnp;
4822 struct vnode *dvp, *tvp;
4827 dvp_seqc = fpl->dvp_seqc;
4830 MPASS(*(cnp->cn_nameptr) != '/');
4832 if (cnp->cn_nameiop != LOOKUP) {
4833 return (cache_fplookup_final_modifying(fpl));
4836 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0)
4837 return (cache_fplookup_final_withparent(fpl));
4839 tvs = vget_prep_smr(tvp);
4840 if (__predict_false(tvs == VGET_NONE)) {
4841 return (cache_fpl_partial(fpl));
4844 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
4845 cache_fpl_smr_exit(fpl);
4846 vget_abort(tvp, tvs);
4847 return (cache_fpl_aborted(fpl));
4850 cache_fpl_smr_exit(fpl);
4851 return (cache_fplookup_final_child(fpl, tvs));
4855 * Comment from locked lookup:
4856 * Check for degenerate name (e.g. / or "") which is a way of talking about a
4857 * directory, e.g. like "/." or ".".
4859 static int __noinline
4860 cache_fplookup_degenerate(struct cache_fpl *fpl)
4862 struct componentname *cnp;
4870 fpl->tvp = fpl->dvp;
4871 fpl->tvp_seqc = fpl->dvp_seqc;
4877 for (cp = cnp->cn_pnbuf; *cp != '\0'; cp++) {
4879 ("%s: encountered non-slash; string [%s]\n", __func__,
4884 if (__predict_false(cnp->cn_nameiop != LOOKUP)) {
4885 cache_fpl_smr_exit(fpl);
4886 return (cache_fpl_handled_error(fpl, EISDIR));
4889 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0) {
4890 return (cache_fplookup_final_withparent(fpl));
4893 dvs = vget_prep_smr(dvp);
4894 cache_fpl_smr_exit(fpl);
4895 if (__predict_false(dvs == VGET_NONE)) {
4896 return (cache_fpl_aborted(fpl));
4899 if ((cnp->cn_flags & LOCKLEAF) != 0) {
4900 lkflags = LK_SHARED;
4901 if ((cnp->cn_flags & LOCKSHARED) == 0)
4902 lkflags = LK_EXCLUSIVE;
4903 error = vget_finish(dvp, lkflags, dvs);
4904 if (__predict_false(error != 0)) {
4905 return (cache_fpl_aborted(fpl));
4908 vget_finish_ref(dvp, dvs);
4910 return (cache_fpl_handled(fpl));
4913 static int __noinline
4914 cache_fplookup_emptypath(struct cache_fpl *fpl)
4916 struct nameidata *ndp;
4917 struct componentname *cnp;
4922 fpl->tvp = fpl->dvp;
4923 fpl->tvp_seqc = fpl->dvp_seqc;
4929 MPASS(*cnp->cn_pnbuf == '\0');
4931 if (__predict_false((cnp->cn_flags & EMPTYPATH) == 0)) {
4932 cache_fpl_smr_exit(fpl);
4933 return (cache_fpl_handled_error(fpl, ENOENT));
4936 MPASS((cnp->cn_flags & (LOCKPARENT | WANTPARENT)) == 0);
4938 tvs = vget_prep_smr(tvp);
4939 cache_fpl_smr_exit(fpl);
4940 if (__predict_false(tvs == VGET_NONE)) {
4941 return (cache_fpl_aborted(fpl));
4944 if ((cnp->cn_flags & LOCKLEAF) != 0) {
4945 lkflags = LK_SHARED;
4946 if ((cnp->cn_flags & LOCKSHARED) == 0)
4947 lkflags = LK_EXCLUSIVE;
4948 error = vget_finish(tvp, lkflags, tvs);
4949 if (__predict_false(error != 0)) {
4950 return (cache_fpl_aborted(fpl));
4953 vget_finish_ref(tvp, tvs);
4956 ndp->ni_resflags |= NIRES_EMPTYPATH;
4957 return (cache_fpl_handled(fpl));
4960 static int __noinline
4961 cache_fplookup_noentry(struct cache_fpl *fpl)
4963 struct nameidata *ndp;
4964 struct componentname *cnp;
4966 struct vnode *dvp, *tvp;
4973 dvp_seqc = fpl->dvp_seqc;
4975 MPASS((cnp->cn_flags & MAKEENTRY) == 0);
4976 MPASS((cnp->cn_flags & ISDOTDOT) == 0);
4977 if (cnp->cn_nameiop == LOOKUP)
4978 MPASS((cnp->cn_flags & NOCACHE) == 0);
4979 MPASS(!cache_fpl_isdotdot(cnp));
4982 * Hack: delayed name len checking.
4984 if (__predict_false(cnp->cn_namelen > NAME_MAX)) {
4985 cache_fpl_smr_exit(fpl);
4986 return (cache_fpl_handled_error(fpl, ENAMETOOLONG));
4989 if (cnp->cn_nameptr[0] == '/') {
4990 return (cache_fplookup_skip_slashes(fpl));
4993 if (cnp->cn_pnbuf[0] == '\0') {
4994 return (cache_fplookup_emptypath(fpl));
4997 if (cnp->cn_nameptr[0] == '\0') {
4998 if (fpl->tvp == NULL) {
4999 return (cache_fplookup_degenerate(fpl));
5001 return (cache_fplookup_trailingslash(fpl));
5004 if (cnp->cn_nameiop != LOOKUP) {
5006 return (cache_fplookup_modifying(fpl));
5010 * Only try to fill in the component if it is the last one,
5011 * otherwise not only there may be several to handle but the
5012 * walk may be complicated.
5014 if (!cache_fpl_islastcn(ndp)) {
5015 return (cache_fpl_partial(fpl));
5019 * Regular lookup nulifies the slash, which we don't do here.
5020 * Don't take chances with filesystem routines seeing it for
5023 if (cache_fpl_istrailingslash(fpl)) {
5024 return (cache_fpl_partial(fpl));
5028 * Secure access to dvp; check cache_fplookup_partial_setup for
5031 dvs = vget_prep_smr(dvp);
5032 cache_fpl_smr_exit(fpl);
5033 if (__predict_false(dvs == VGET_NONE)) {
5034 return (cache_fpl_aborted(fpl));
5037 vget_finish_ref(dvp, dvs);
5038 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
5040 return (cache_fpl_aborted(fpl));
5043 error = vn_lock(dvp, LK_SHARED);
5044 if (__predict_false(error != 0)) {
5046 return (cache_fpl_aborted(fpl));
5051 * TODO: provide variants which don't require locking either vnode.
5053 cnp->cn_flags |= ISLASTCN | MAKEENTRY;
5054 cnp->cn_lkflags = LK_SHARED;
5055 if ((cnp->cn_flags & LOCKSHARED) == 0) {
5056 cnp->cn_lkflags = LK_EXCLUSIVE;
5058 error = VOP_LOOKUP(dvp, &tvp, cnp);
5066 return (cache_fpl_handled_error(fpl, error));
5069 return (cache_fpl_aborted(fpl));
5075 MPASS(error == EJUSTRETURN);
5076 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) {
5078 } else if ((cnp->cn_flags & LOCKPARENT) == 0) {
5081 return (cache_fpl_handled(fpl));
5084 if (tvp->v_type == VLNK) {
5085 if ((cnp->cn_flags & FOLLOW) != 0) {
5088 return (cache_fpl_aborted(fpl));
5092 if (__predict_false(cache_fplookup_is_mp(fpl))) {
5095 return (cache_fpl_aborted(fpl));
5098 if ((cnp->cn_flags & LOCKLEAF) == 0) {
5102 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) {
5104 } else if ((cnp->cn_flags & LOCKPARENT) == 0) {
5107 return (cache_fpl_handled(fpl));
5110 static int __noinline
5111 cache_fplookup_dot(struct cache_fpl *fpl)
5115 MPASS(!seqc_in_modify(fpl->dvp_seqc));
5117 if (__predict_false(fpl->dvp->v_type != VDIR)) {
5118 cache_fpl_smr_exit(fpl);
5119 return (cache_fpl_handled_error(fpl, ENOTDIR));
5123 * Just re-assign the value. seqc will be checked later for the first
5124 * non-dot path component in line and/or before deciding to return the
5127 fpl->tvp = fpl->dvp;
5128 fpl->tvp_seqc = fpl->dvp_seqc;
5130 SDT_PROBE3(vfs, namecache, lookup, hit, fpl->dvp, ".", fpl->dvp);
5133 if (cache_fplookup_is_mp(fpl)) {
5134 error = cache_fplookup_cross_mount(fpl);
5139 static int __noinline
5140 cache_fplookup_dotdot(struct cache_fpl *fpl)
5142 struct nameidata *ndp;
5143 struct componentname *cnp;
5144 struct namecache *ncp;
5153 MPASS(cache_fpl_isdotdot(cnp));
5156 * XXX this is racy the same way regular lookup is
5158 for (pr = cnp->cn_cred->cr_prison; pr != NULL;
5160 if (dvp == pr->pr_root)
5163 if (dvp == ndp->ni_rootdir ||
5164 dvp == ndp->ni_topdir ||
5168 fpl->tvp_seqc = vn_seqc_read_any(dvp);
5169 if (seqc_in_modify(fpl->tvp_seqc)) {
5170 return (cache_fpl_aborted(fpl));
5175 if ((dvp->v_vflag & VV_ROOT) != 0) {
5178 * The opposite of climb mount is needed here.
5180 return (cache_fpl_partial(fpl));
5183 if (__predict_false(dvp->v_type != VDIR)) {
5184 cache_fpl_smr_exit(fpl);
5185 return (cache_fpl_handled_error(fpl, ENOTDIR));
5188 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd);
5190 return (cache_fpl_aborted(fpl));
5193 nc_flag = atomic_load_char(&ncp->nc_flag);
5194 if ((nc_flag & NCF_ISDOTDOT) != 0) {
5195 if ((nc_flag & NCF_NEGATIVE) != 0)
5196 return (cache_fpl_aborted(fpl));
5197 fpl->tvp = ncp->nc_vp;
5199 fpl->tvp = ncp->nc_dvp;
5202 fpl->tvp_seqc = vn_seqc_read_any(fpl->tvp);
5203 if (seqc_in_modify(fpl->tvp_seqc)) {
5204 return (cache_fpl_partial(fpl));
5208 * Acquire fence provided by vn_seqc_read_any above.
5210 if (__predict_false(atomic_load_ptr(&dvp->v_cache_dd) != ncp)) {
5211 return (cache_fpl_aborted(fpl));
5214 if (!cache_ncp_canuse(ncp)) {
5215 return (cache_fpl_aborted(fpl));
5221 static int __noinline
5222 cache_fplookup_neg(struct cache_fpl *fpl, struct namecache *ncp, uint32_t hash)
5224 u_char nc_flag __diagused;
5228 nc_flag = atomic_load_char(&ncp->nc_flag);
5229 MPASS((nc_flag & NCF_NEGATIVE) != 0);
5232 * If they want to create an entry we need to replace this one.
5234 if (__predict_false(fpl->cnp->cn_nameiop != LOOKUP)) {
5236 return (cache_fplookup_modifying(fpl));
5238 neg_promote = cache_neg_hit_prep(ncp);
5239 if (!cache_fpl_neg_ncp_canuse(ncp)) {
5240 cache_neg_hit_abort(ncp);
5241 return (cache_fpl_partial(fpl));
5244 return (cache_fplookup_negative_promote(fpl, ncp, hash));
5246 cache_neg_hit_finish(ncp);
5247 cache_fpl_smr_exit(fpl);
5248 return (cache_fpl_handled_error(fpl, ENOENT));
5252 * Resolve a symlink. Called by filesystem-specific routines.
5255 * ... -> cache_fplookup_symlink -> VOP_FPLOOKUP_SYMLINK -> cache_symlink_resolve
5258 cache_symlink_resolve(struct cache_fpl *fpl, const char *string, size_t len)
5260 struct nameidata *ndp;
5261 struct componentname *cnp;
5267 if (__predict_false(len == 0)) {
5271 if (__predict_false(len > MAXPATHLEN - 2)) {
5272 if (cache_fpl_istrailingslash(fpl)) {
5277 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr - cnp->cn_namelen + 1;
5279 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) {
5280 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n",
5281 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar,
5282 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf);
5286 if (__predict_false(len + ndp->ni_pathlen > MAXPATHLEN)) {
5287 return (ENAMETOOLONG);
5290 if (__predict_false(ndp->ni_loopcnt++ >= MAXSYMLINKS)) {
5295 if (ndp->ni_pathlen > 1) {
5296 bcopy(ndp->ni_next, cnp->cn_pnbuf + len, ndp->ni_pathlen);
5298 if (cache_fpl_istrailingslash(fpl)) {
5300 cnp->cn_pnbuf[len] = '/';
5301 cnp->cn_pnbuf[len + 1] = '\0';
5303 cnp->cn_pnbuf[len] = '\0';
5306 bcopy(string, cnp->cn_pnbuf, len);
5308 ndp->ni_pathlen += adjust;
5309 cache_fpl_pathlen_add(fpl, adjust);
5310 cnp->cn_nameptr = cnp->cn_pnbuf;
5311 fpl->nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1];
5316 static int __noinline
5317 cache_fplookup_symlink(struct cache_fpl *fpl)
5320 struct nameidata *ndp;
5321 struct componentname *cnp;
5322 struct vnode *dvp, *tvp;
5330 if (cache_fpl_islastcn(ndp)) {
5331 if ((cnp->cn_flags & FOLLOW) == 0) {
5332 return (cache_fplookup_final(fpl));
5336 mp = atomic_load_ptr(&dvp->v_mount);
5337 if (__predict_false(mp == NULL)) {
5338 return (cache_fpl_aborted(fpl));
5342 * Note this check races against setting the flag just like regular
5345 if (__predict_false((mp->mnt_flag & MNT_NOSYMFOLLOW) != 0)) {
5346 cache_fpl_smr_exit(fpl);
5347 return (cache_fpl_handled_error(fpl, EACCES));
5350 error = VOP_FPLOOKUP_SYMLINK(tvp, fpl);
5351 if (__predict_false(error != 0)) {
5354 return (cache_fpl_partial(fpl));
5358 cache_fpl_smr_exit(fpl);
5359 return (cache_fpl_handled_error(fpl, error));
5361 return (cache_fpl_aborted(fpl));
5365 if (*(cnp->cn_nameptr) == '/') {
5366 fpl->dvp = cache_fpl_handle_root(fpl);
5367 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp);
5368 if (seqc_in_modify(fpl->dvp_seqc)) {
5369 return (cache_fpl_aborted(fpl));
5372 * The main loop assumes that ->dvp points to a vnode belonging
5373 * to a filesystem which can do lockless lookup, but the absolute
5374 * symlink can be wandering off to one which does not.
5376 mp = atomic_load_ptr(&fpl->dvp->v_mount);
5377 if (__predict_false(mp == NULL)) {
5378 return (cache_fpl_aborted(fpl));
5380 if (!cache_fplookup_mp_supported(mp)) {
5381 cache_fpl_checkpoint(fpl);
5382 return (cache_fpl_partial(fpl));
5389 cache_fplookup_next(struct cache_fpl *fpl)
5391 struct componentname *cnp;
5392 struct namecache *ncp;
5393 struct vnode *dvp, *tvp;
5402 if (__predict_false(cnp->cn_nameptr[0] == '.')) {
5403 if (cnp->cn_namelen == 1) {
5404 return (cache_fplookup_dot(fpl));
5406 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') {
5407 return (cache_fplookup_dotdot(fpl));
5411 MPASS(!cache_fpl_isdotdot(cnp));
5413 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) {
5414 if (ncp->nc_dvp == dvp && ncp->nc_nlen == cnp->cn_namelen &&
5415 !bcmp(ncp->nc_name, cnp->cn_nameptr, ncp->nc_nlen))
5419 if (__predict_false(ncp == NULL)) {
5420 return (cache_fplookup_noentry(fpl));
5423 tvp = atomic_load_ptr(&ncp->nc_vp);
5424 nc_flag = atomic_load_char(&ncp->nc_flag);
5425 if ((nc_flag & NCF_NEGATIVE) != 0) {
5426 return (cache_fplookup_neg(fpl, ncp, hash));
5429 if (!cache_ncp_canuse(ncp)) {
5430 return (cache_fpl_partial(fpl));
5434 fpl->tvp_seqc = vn_seqc_read_any(tvp);
5435 if (seqc_in_modify(fpl->tvp_seqc)) {
5436 return (cache_fpl_partial(fpl));
5439 counter_u64_add(numposhits, 1);
5440 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, tvp);
5443 if (cache_fplookup_is_mp(fpl)) {
5444 error = cache_fplookup_cross_mount(fpl);
5450 cache_fplookup_mp_supported(struct mount *mp)
5454 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0)
5460 * Walk up the mount stack (if any).
5462 * Correctness is provided in the following ways:
5463 * - all vnodes are protected from freeing with SMR
5464 * - struct mount objects are type stable making them always safe to access
5465 * - stability of the particular mount is provided by busying it
5466 * - relationship between the vnode which is mounted on and the mount is
5467 * verified with the vnode sequence counter after busying
5468 * - association between root vnode of the mount and the mount is protected
5471 * From that point on we can read the sequence counter of the root vnode
5472 * and get the next mount on the stack (if any) using the same protection.
5474 * By the end of successful walk we are guaranteed the reached state was
5475 * indeed present at least at some point which matches the regular lookup.
5477 static int __noinline
5478 cache_fplookup_climb_mount(struct cache_fpl *fpl)
5480 struct mount *mp, *prev_mp;
5481 struct mount_pcpu *mpcpu, *prev_mpcpu;
5486 vp_seqc = fpl->tvp_seqc;
5488 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp);
5489 mp = atomic_load_ptr(&vp->v_mountedhere);
5490 if (__predict_false(mp == NULL)) {
5496 if (!vfs_op_thread_enter_crit(mp, mpcpu)) {
5497 if (prev_mp != NULL)
5498 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu);
5499 return (cache_fpl_partial(fpl));
5501 if (prev_mp != NULL)
5502 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu);
5503 if (!vn_seqc_consistent(vp, vp_seqc)) {
5504 vfs_op_thread_exit_crit(mp, mpcpu);
5505 return (cache_fpl_partial(fpl));
5507 if (!cache_fplookup_mp_supported(mp)) {
5508 vfs_op_thread_exit_crit(mp, mpcpu);
5509 return (cache_fpl_partial(fpl));
5511 vp = atomic_load_ptr(&mp->mnt_rootvnode);
5513 vfs_op_thread_exit_crit(mp, mpcpu);
5514 return (cache_fpl_partial(fpl));
5516 vp_seqc = vn_seqc_read_any(vp);
5517 if (seqc_in_modify(vp_seqc)) {
5518 vfs_op_thread_exit_crit(mp, mpcpu);
5519 return (cache_fpl_partial(fpl));
5523 mp = atomic_load_ptr(&vp->v_mountedhere);
5528 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu);
5530 fpl->tvp_seqc = vp_seqc;
5534 static int __noinline
5535 cache_fplookup_cross_mount(struct cache_fpl *fpl)
5538 struct mount_pcpu *mpcpu;
5543 vp_seqc = fpl->tvp_seqc;
5545 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp);
5546 mp = atomic_load_ptr(&vp->v_mountedhere);
5547 if (__predict_false(mp == NULL)) {
5551 if (!vfs_op_thread_enter_crit(mp, mpcpu)) {
5552 return (cache_fpl_partial(fpl));
5554 if (!vn_seqc_consistent(vp, vp_seqc)) {
5555 vfs_op_thread_exit_crit(mp, mpcpu);
5556 return (cache_fpl_partial(fpl));
5558 if (!cache_fplookup_mp_supported(mp)) {
5559 vfs_op_thread_exit_crit(mp, mpcpu);
5560 return (cache_fpl_partial(fpl));
5562 vp = atomic_load_ptr(&mp->mnt_rootvnode);
5563 if (__predict_false(vp == NULL)) {
5564 vfs_op_thread_exit_crit(mp, mpcpu);
5565 return (cache_fpl_partial(fpl));
5567 vp_seqc = vn_seqc_read_any(vp);
5568 vfs_op_thread_exit_crit(mp, mpcpu);
5569 if (seqc_in_modify(vp_seqc)) {
5570 return (cache_fpl_partial(fpl));
5572 mp = atomic_load_ptr(&vp->v_mountedhere);
5573 if (__predict_false(mp != NULL)) {
5575 * There are possibly more mount points on top.
5576 * Normally this does not happen so for simplicity just start
5579 return (cache_fplookup_climb_mount(fpl));
5583 fpl->tvp_seqc = vp_seqc;
5588 * Check if a vnode is mounted on.
5591 cache_fplookup_is_mp(struct cache_fpl *fpl)
5596 return ((vn_irflag_read(vp) & VIRF_MOUNTPOINT) != 0);
5602 * The code was originally copy-pasted from regular lookup and despite
5603 * clean ups leaves performance on the table. Any modifications here
5604 * must take into account that in case off fallback the resulting
5605 * nameidata state has to be compatible with the original.
5609 * Debug ni_pathlen tracking.
5613 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n)
5616 fpl->debug.ni_pathlen += n;
5617 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX,
5618 ("%s: pathlen overflow to %zd\n", __func__, fpl->debug.ni_pathlen));
5622 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n)
5625 fpl->debug.ni_pathlen -= n;
5626 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX,
5627 ("%s: pathlen underflow to %zd\n", __func__, fpl->debug.ni_pathlen));
5631 cache_fpl_pathlen_inc(struct cache_fpl *fpl)
5634 cache_fpl_pathlen_add(fpl, 1);
5638 cache_fpl_pathlen_dec(struct cache_fpl *fpl)
5641 cache_fpl_pathlen_sub(fpl, 1);
5645 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n)
5650 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n)
5655 cache_fpl_pathlen_inc(struct cache_fpl *fpl)
5660 cache_fpl_pathlen_dec(struct cache_fpl *fpl)
5666 cache_fplookup_parse(struct cache_fpl *fpl)
5668 struct nameidata *ndp;
5669 struct componentname *cnp;
5679 * Find the end of this path component, it is either / or nul.
5681 * Store / as a temporary sentinel so that we only have one character
5682 * to test for. Pathnames tend to be short so this should not be
5683 * resulting in cache misses.
5685 * TODO: fix this to be word-sized.
5687 MPASS(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] >= cnp->cn_pnbuf);
5688 KASSERT(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] == fpl->nulchar,
5689 ("%s: mismatch between pathlen (%zu) and nulchar (%p != %p), string [%s]\n",
5690 __func__, fpl->debug.ni_pathlen, &cnp->cn_nameptr[fpl->debug.ni_pathlen - 1],
5691 fpl->nulchar, cnp->cn_pnbuf));
5692 KASSERT(*fpl->nulchar == '\0',
5693 ("%s: expected nul at %p; string [%s]\n", __func__, fpl->nulchar,
5695 hash = cache_get_hash_iter_start(dvp);
5696 *fpl->nulchar = '/';
5697 for (cp = cnp->cn_nameptr; *cp != '/'; cp++) {
5698 KASSERT(*cp != '\0',
5699 ("%s: encountered unexpected nul; string [%s]\n", __func__,
5701 hash = cache_get_hash_iter(*cp, hash);
5704 *fpl->nulchar = '\0';
5705 fpl->hash = cache_get_hash_iter_finish(hash);
5707 cnp->cn_namelen = cp - cnp->cn_nameptr;
5708 cache_fpl_pathlen_sub(fpl, cnp->cn_namelen);
5712 * cache_get_hash only accepts lengths up to NAME_MAX. This is fine since
5713 * we are going to fail this lookup with ENAMETOOLONG (see below).
5715 if (cnp->cn_namelen <= NAME_MAX) {
5716 if (fpl->hash != cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp)) {
5717 panic("%s: mismatched hash for [%s] len %ld", __func__,
5718 cnp->cn_nameptr, cnp->cn_namelen);
5724 * Hack: we have to check if the found path component's length exceeds
5725 * NAME_MAX. However, the condition is very rarely true and check can
5726 * be elided in the common case -- if an entry was found in the cache,
5727 * then it could not have been too long to begin with.
5733 cache_fplookup_parse_advance(struct cache_fpl *fpl)
5735 struct nameidata *ndp;
5736 struct componentname *cnp;
5741 cnp->cn_nameptr = ndp->ni_next;
5742 KASSERT(*(cnp->cn_nameptr) == '/',
5743 ("%s: should have seen slash at %p ; buf %p [%s]\n", __func__,
5744 cnp->cn_nameptr, cnp->cn_pnbuf, cnp->cn_pnbuf));
5746 cache_fpl_pathlen_dec(fpl);
5750 * Skip spurious slashes in a pathname (e.g., "foo///bar") and retry.
5752 * Lockless lookup tries to elide checking for spurious slashes and should they
5753 * be present is guaranteed to fail to find an entry. In this case the caller
5754 * must check if the name starts with a slash and call this routine. It is
5755 * going to fast forward across the spurious slashes and set the state up for
5758 static int __noinline
5759 cache_fplookup_skip_slashes(struct cache_fpl *fpl)
5761 struct nameidata *ndp;
5762 struct componentname *cnp;
5767 MPASS(*(cnp->cn_nameptr) == '/');
5770 cache_fpl_pathlen_dec(fpl);
5771 } while (*(cnp->cn_nameptr) == '/');
5774 * Go back to one slash so that cache_fplookup_parse_advance has
5775 * something to skip.
5778 cache_fpl_pathlen_inc(fpl);
5781 * cache_fplookup_parse_advance starts from ndp->ni_next
5783 ndp->ni_next = cnp->cn_nameptr;
5786 * See cache_fplookup_dot.
5788 fpl->tvp = fpl->dvp;
5789 fpl->tvp_seqc = fpl->dvp_seqc;
5795 * Handle trailing slashes (e.g., "foo/").
5797 * If a trailing slash is found the terminal vnode must be a directory.
5798 * Regular lookup shortens the path by nulifying the first trailing slash and
5799 * sets the TRAILINGSLASH flag to denote this took place. There are several
5800 * checks on it performed later.
5802 * Similarly to spurious slashes, lockless lookup handles this in a speculative
5803 * manner relying on an invariant that a non-directory vnode will get a miss.
5804 * In this case cn_nameptr[0] == '\0' and cn_namelen == 0.
5806 * Thus for a path like "foo/bar/" the code unwinds the state back to "bar/"
5807 * and denotes this is the last path component, which avoids looping back.
5809 * Only plain lookups are supported for now to restrict corner cases to handle.
5811 static int __noinline
5812 cache_fplookup_trailingslash(struct cache_fpl *fpl)
5817 struct nameidata *ndp;
5818 struct componentname *cnp;
5819 struct namecache *ncp;
5821 char *cn_nameptr_orig, *cn_nameptr_slash;
5828 tvp_seqc = fpl->tvp_seqc;
5830 MPASS(fpl->dvp == fpl->tvp);
5831 KASSERT(cache_fpl_istrailingslash(fpl),
5832 ("%s: expected trailing slash at %p; string [%s]\n", __func__, fpl->nulchar - 1,
5834 KASSERT(cnp->cn_nameptr[0] == '\0',
5835 ("%s: expected nul char at %p; string [%s]\n", __func__, &cnp->cn_nameptr[0],
5837 KASSERT(cnp->cn_namelen == 0,
5838 ("%s: namelen 0 but got %ld; string [%s]\n", __func__, cnp->cn_namelen,
5840 MPASS(cnp->cn_nameptr > cnp->cn_pnbuf);
5842 if (cnp->cn_nameiop != LOOKUP) {
5843 return (cache_fpl_aborted(fpl));
5846 if (__predict_false(tvp->v_type != VDIR)) {
5847 if (!vn_seqc_consistent(tvp, tvp_seqc)) {
5848 return (cache_fpl_aborted(fpl));
5850 cache_fpl_smr_exit(fpl);
5851 return (cache_fpl_handled_error(fpl, ENOTDIR));
5855 * Denote the last component.
5857 ndp->ni_next = &cnp->cn_nameptr[0];
5858 MPASS(cache_fpl_islastcn(ndp));
5861 * Unwind trailing slashes.
5863 cn_nameptr_orig = cnp->cn_nameptr;
5864 while (cnp->cn_nameptr >= cnp->cn_pnbuf) {
5866 if (cnp->cn_nameptr[0] != '/') {
5872 * Unwind to the beginning of the path component.
5874 * Note the path may or may not have started with a slash.
5876 cn_nameptr_slash = cnp->cn_nameptr;
5877 while (cnp->cn_nameptr > cnp->cn_pnbuf) {
5879 if (cnp->cn_nameptr[0] == '/') {
5883 if (cnp->cn_nameptr[0] == '/') {
5887 cnp->cn_namelen = cn_nameptr_slash - cnp->cn_nameptr + 1;
5888 cache_fpl_pathlen_add(fpl, cn_nameptr_orig - cnp->cn_nameptr);
5889 cache_fpl_checkpoint(fpl);
5892 ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1;
5893 if (ni_pathlen != fpl->debug.ni_pathlen) {
5894 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n",
5895 __func__, ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar,
5896 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf);
5901 * If this was a "./" lookup the parent directory is already correct.
5903 if (cnp->cn_nameptr[0] == '.' && cnp->cn_namelen == 1) {
5908 * Otherwise we need to look it up.
5911 ncp = atomic_load_consume_ptr(&tvp->v_cache_dd);
5912 if (__predict_false(ncp == NULL)) {
5913 return (cache_fpl_aborted(fpl));
5915 nc_flag = atomic_load_char(&ncp->nc_flag);
5916 if ((nc_flag & NCF_ISDOTDOT) != 0) {
5917 return (cache_fpl_aborted(fpl));
5919 fpl->dvp = ncp->nc_dvp;
5920 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp);
5921 if (seqc_in_modify(fpl->dvp_seqc)) {
5922 return (cache_fpl_aborted(fpl));
5928 * See the API contract for VOP_FPLOOKUP_VEXEC.
5930 static int __noinline
5931 cache_fplookup_failed_vexec(struct cache_fpl *fpl, int error)
5933 struct componentname *cnp;
5939 dvp_seqc = fpl->dvp_seqc;
5942 * Hack: delayed empty path checking.
5944 if (cnp->cn_pnbuf[0] == '\0') {
5945 return (cache_fplookup_emptypath(fpl));
5949 * TODO: Due to ignoring trailing slashes lookup will perform a
5950 * permission check on the last dir when it should not be doing it. It
5951 * may fail, but said failure should be ignored. It is possible to fix
5952 * it up fully without resorting to regular lookup, but for now just
5955 if (cache_fpl_istrailingslash(fpl)) {
5956 return (cache_fpl_aborted(fpl));
5960 * Hack: delayed degenerate path checking.
5962 if (cnp->cn_nameptr[0] == '\0' && fpl->tvp == NULL) {
5963 return (cache_fplookup_degenerate(fpl));
5967 * Hack: delayed name len checking.
5969 if (__predict_false(cnp->cn_namelen > NAME_MAX)) {
5970 cache_fpl_smr_exit(fpl);
5971 return (cache_fpl_handled_error(fpl, ENAMETOOLONG));
5975 * Hack: they may be looking up foo/bar, where foo is not a directory.
5976 * In such a case we need to return ENOTDIR, but we may happen to get
5977 * here with a different error.
5979 if (dvp->v_type != VDIR) {
5984 * Hack: handle O_SEARCH.
5986 * Open Group Base Specifications Issue 7, 2018 edition states:
5988 * If the access mode of the open file description associated with the
5989 * file descriptor is not O_SEARCH, the function shall check whether
5990 * directory searches are permitted using the current permissions of
5991 * the directory underlying the file descriptor. If the access mode is
5992 * O_SEARCH, the function shall not perform the check.
5995 * Regular lookup tests for the NOEXECCHECK flag for every path
5996 * component to decide whether to do the permission check. However,
5997 * since most lookups never have the flag (and when they do it is only
5998 * present for the first path component), lockless lookup only acts on
5999 * it if there is a permission problem. Here the flag is represented
6000 * with a boolean so that we don't have to clear it on the way out.
6002 * For simplicity this always aborts.
6003 * TODO: check if this is the first lookup and ignore the permission
6004 * problem. Note the flag has to survive fallback (if it happens to be
6008 return (cache_fpl_aborted(fpl));
6013 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
6014 error = cache_fpl_aborted(fpl);
6016 cache_fpl_partial(fpl);
6020 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
6021 error = cache_fpl_aborted(fpl);
6023 cache_fpl_smr_exit(fpl);
6024 cache_fpl_handled_error(fpl, error);
6032 cache_fplookup_impl(struct vnode *dvp, struct cache_fpl *fpl)
6034 struct nameidata *ndp;
6035 struct componentname *cnp;
6042 cache_fpl_checkpoint(fpl);
6045 * The vnode at hand is almost always stable, skip checking for it.
6046 * Worst case this postpones the check towards the end of the iteration
6050 fpl->dvp_seqc = vn_seqc_read_notmodify(fpl->dvp);
6052 mp = atomic_load_ptr(&dvp->v_mount);
6053 if (__predict_false(mp == NULL || !cache_fplookup_mp_supported(mp))) {
6054 return (cache_fpl_aborted(fpl));
6057 MPASS(fpl->tvp == NULL);
6060 cache_fplookup_parse(fpl);
6062 error = VOP_FPLOOKUP_VEXEC(fpl->dvp, cnp->cn_cred);
6063 if (__predict_false(error != 0)) {
6064 error = cache_fplookup_failed_vexec(fpl, error);
6068 error = cache_fplookup_next(fpl);
6069 if (__predict_false(cache_fpl_terminated(fpl))) {
6073 VNPASS(!seqc_in_modify(fpl->tvp_seqc), fpl->tvp);
6075 if (fpl->tvp->v_type == VLNK) {
6076 error = cache_fplookup_symlink(fpl);
6077 if (cache_fpl_terminated(fpl)) {
6081 if (cache_fpl_islastcn(ndp)) {
6082 error = cache_fplookup_final(fpl);
6086 if (!vn_seqc_consistent(fpl->dvp, fpl->dvp_seqc)) {
6087 error = cache_fpl_aborted(fpl);
6091 fpl->dvp = fpl->tvp;
6092 fpl->dvp_seqc = fpl->tvp_seqc;
6093 cache_fplookup_parse_advance(fpl);
6096 cache_fpl_checkpoint(fpl);
6103 * Fast path lookup protected with SMR and sequence counters.
6105 * Note: all VOP_FPLOOKUP_VEXEC routines have a comment referencing this one.
6107 * Filesystems can opt in by setting the MNTK_FPLOOKUP flag and meeting criteria
6110 * Traditional vnode lookup conceptually looks like this:
6116 * vn_unlock(current);
6123 * Each jump to the next vnode is safe memory-wise and atomic with respect to
6124 * any modifications thanks to holding respective locks.
6126 * The same guarantee can be provided with a combination of safe memory
6127 * reclamation and sequence counters instead. If all operations which affect
6128 * the relationship between the current vnode and the one we are looking for
6129 * also modify the counter, we can verify whether all the conditions held as
6130 * we made the jump. This includes things like permissions, mount points etc.
6131 * Counter modification is provided by enclosing relevant places in
6132 * vn_seqc_write_begin()/end() calls.
6134 * Thus this translates to:
6137 * dvp_seqc = seqc_read_any(dvp);
6138 * if (seqc_in_modify(dvp_seqc)) // someone is altering the vnode
6142 * tvp_seqc = seqc_read_any(tvp);
6143 * if (seqc_in_modify(tvp_seqc)) // someone is altering the target vnode
6145 * if (!seqc_consistent(dvp, dvp_seqc) // someone is altering the vnode
6147 * dvp = tvp; // we know nothing of importance has changed
6148 * dvp_seqc = tvp_seqc; // store the counter for the tvp iteration
6152 * vget(); // secure the vnode
6153 * if (!seqc_consistent(tvp, tvp_seqc) // final check
6155 * // at this point we know nothing has changed for any parent<->child pair
6156 * // as they were crossed during the lookup, meaning we matched the guarantee
6157 * // of the locked variant
6160 * The API contract for VOP_FPLOOKUP_VEXEC routines is as follows:
6161 * - they are called while within vfs_smr protection which they must never exit
6162 * - EAGAIN can be returned to denote checking could not be performed, it is
6163 * always valid to return it
6164 * - if the sequence counter has not changed the result must be valid
6165 * - if the sequence counter has changed both false positives and false negatives
6166 * are permitted (since the result will be rejected later)
6167 * - for simple cases of unix permission checks vaccess_vexec_smr can be used
6169 * Caveats to watch out for:
6170 * - vnodes are passed unlocked and unreferenced with nothing stopping
6171 * VOP_RECLAIM, in turn meaning that ->v_data can become NULL. It is advised
6172 * to use atomic_load_ptr to fetch it.
6173 * - the aforementioned object can also get freed, meaning absent other means it
6174 * should be protected with vfs_smr
6175 * - either safely checking permissions as they are modified or guaranteeing
6176 * their stability is left to the routine
6179 cache_fplookup(struct nameidata *ndp, enum cache_fpl_status *status,
6182 struct cache_fpl fpl;
6185 struct componentname *cnp;
6188 fpl.status = CACHE_FPL_STATUS_UNSET;
6191 fpl.cnp = cnp = &ndp->ni_cnd;
6192 MPASS(ndp->ni_lcf == 0);
6193 KASSERT ((cnp->cn_flags & CACHE_FPL_INTERNAL_CN_FLAGS) == 0,
6194 ("%s: internal flags found in cn_flags %" PRIx64, __func__,
6196 MPASS(cnp->cn_nameptr == cnp->cn_pnbuf);
6197 MPASS(ndp->ni_resflags == 0);
6199 if (__predict_false(!cache_can_fplookup(&fpl))) {
6200 *status = fpl.status;
6201 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status);
6202 return (EOPNOTSUPP);
6205 cache_fpl_checkpoint_outer(&fpl);
6207 cache_fpl_smr_enter_initial(&fpl);
6209 fpl.debug.ni_pathlen = ndp->ni_pathlen;
6211 fpl.nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1];
6212 fpl.fsearch = false;
6213 fpl.tvp = NULL; /* for degenerate path handling */
6215 pwd = pwd_get_smr();
6217 namei_setup_rootdir(ndp, cnp, pwd);
6218 ndp->ni_topdir = pwd->pwd_jdir;
6220 if (cnp->cn_pnbuf[0] == '/') {
6221 dvp = cache_fpl_handle_root(&fpl);
6222 ndp->ni_resflags = NIRES_ABS;
6224 if (ndp->ni_dirfd == AT_FDCWD) {
6225 dvp = pwd->pwd_cdir;
6227 error = cache_fplookup_dirfd(&fpl, &dvp);
6228 if (__predict_false(error != 0)) {
6234 SDT_PROBE4(vfs, namei, lookup, entry, dvp, cnp->cn_pnbuf, cnp->cn_flags, true);
6235 error = cache_fplookup_impl(dvp, &fpl);
6237 cache_fpl_smr_assert_not_entered(&fpl);
6238 cache_fpl_assert_status(&fpl);
6239 *status = fpl.status;
6240 if (SDT_PROBES_ENABLED()) {
6241 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status);
6242 if (fpl.status == CACHE_FPL_STATUS_HANDLED)
6243 SDT_PROBE4(vfs, namei, lookup, return, error, ndp->ni_vp, true,
6247 if (__predict_true(fpl.status == CACHE_FPL_STATUS_HANDLED)) {
6248 MPASS(error != CACHE_FPL_FAILED);
6250 cache_fpl_cleanup_cnp(fpl.cnp);
6251 MPASS(fpl.dvp == NULL);
6252 MPASS(fpl.tvp == NULL);
6254 ndp->ni_dvp = fpl.dvp;
6255 ndp->ni_vp = fpl.tvp;
projects / FreeBSD / FreeBSD.git / blob