1/*
2 * Copyright (c) 1999-2012 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28/*
29 * Copyright (c) 1989, 1993
30 *	The Regents of the University of California.  All rights reserved.
31 * (c) UNIX System Laboratories, Inc.
32 * All or some portions of this file are derived from material licensed
33 * to the University of California by American Telephone and Telegraph
34 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
35 * the permission of UNIX System Laboratories, Inc.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 *	  notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 *	  notice, this list of conditions and the following disclaimer in the
44 *	  documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 *	  must display the following acknowledgement:
47 *	This product includes software developed by the University of
48 *	California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 *	  may be used to endorse or promote products derived from this software
51 *	  without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED.	IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 *	@(#)hfs_lookup.c	1.0
66 *	derived from @(#)ufs_lookup.c	8.15 (Berkeley) 6/16/95
67 *
68 *	(c) 1998-1999   Apple Computer, Inc.	 All Rights Reserved
69 *	(c) 1990, 1992 	NeXT Computer, Inc.	All Rights Reserved
70 *
71 *
72 *	hfs_lookup.c -- code to handle directory traversal on HFS/HFS+ volume
73 */
74
75#include <sys/param.h>
76#include <sys/file.h>
77#include <sys/mount.h>
78#include <sys/vnode.h>
79#include <sys/malloc.h>
80#include <sys/kdebug.h>
81#include <sys/kauth.h>
82#include <sys/namei.h>
83#include <sys/user.h>
84
85#include "hfs.h"
86#include "hfs_catalog.h"
87#include "hfs_cnode.h"
88
89
90/*
91 * FROM FREEBSD 3.1
92 * Convert a component of a pathname into a pointer to a locked cnode.
93 * This is a very central and rather complicated routine.
94 * If the file system is not maintained in a strict tree hierarchy,
95 * this can result in a deadlock situation (see comments in code below).
96 *
97 * The cnp->cn_nameiop argument is LOOKUP, CREATE, RENAME, or DELETE depending
98 * on whether the name is to be looked up, created, renamed, or deleted.
99 * When CREATE, RENAME, or DELETE is specified, information usable in
100 * creating, renaming, or deleting a directory entry may be calculated.
101 * Notice that these are the only operations that can affect the directory of the target.
102 *
103 * LOCKPARENT and WANTPARENT actually refer to the parent of the last item,
104 * so if ISLASTCN is not set, they should be ignored. Also they are mutually exclusive, or
105 * WANTPARENT really implies DONTLOCKPARENT. Either of them set means that the calling
106 * routine wants to access the parent of the target, locked or unlocked.
107 *
108 * Keeping the parent locked as long as possible protects from other processes
109 * looking up the same item, so it has to be locked until the cnode is totally finished
110 *
111 * hfs_cache_lookup() performs the following for us:
112 *	check that it is a directory
113 *	check accessibility of directory
114 *	check for modification attempts on read-only mounts
115 *	if name found in cache
116 *		if at end of path and deleting or creating
117 *		drop it
118 *		 else
119 *		return name.
120 *	return hfs_lookup()
121 *
122 * Overall outline of hfs_lookup:
123 *
124 *	handle simple cases of . and ..
125 *	search for name in directory, to found or notfound
126 * notfound:
127 *	if creating, return locked directory, leaving info on available slots
128 *	else return error
129 * found:
130 *	if at end of path and deleting, return information to allow delete
131 *	if at end of path and rewriting (RENAME and LOCKPARENT), lock target
132 *	  cnode and return info to allow rewrite
133 *	if not at end, add name to cache; if at end and neither creating
134 *	  nor deleting, add name to cache
135 */
136
137
138/*
139 *	Lookup *cnp in directory *dvp, return it in *vpp.
140 *	**vpp is held on exit.
141 *	We create a cnode for the file, but we do NOT open the file here.
142
143#% lookup	dvp L ? ?
144#% lookup	vpp - L -
145
146	IN struct vnode *dvp - Parent node of file;
147	INOUT struct vnode **vpp - node of target file, its a new node if
148		the target vnode did not exist;
149	IN struct componentname *cnp - Name of file;
150
151 *	When should we lock parent_hp in here ??
152 */
153static int
154hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int *cnode_locked, int force_casesensitive_lookup)
155{
156	struct cnode *dcp;	/* cnode for directory being searched */
157	struct vnode *tvp;	/* target vnode */
158	struct hfsmount *hfsmp;
159	int flags;
160	int nameiop;
161	int retval = 0;
162	int isDot;
163	struct cat_desc desc;
164	struct cat_desc cndesc;
165	struct cat_attr attr;
166	struct cat_fork fork;
167	int lockflags;
168	int newvnode_flags;
169
170  retry:
171	newvnode_flags = 0;
172	dcp = NULL;
173	hfsmp = VTOHFS(dvp);
174	*vpp = NULL;
175	*cnode_locked = 0;
176	isDot = FALSE;
177	tvp = NULL;
178	nameiop = cnp->cn_nameiop;
179	flags = cnp->cn_flags;
180	bzero(&desc, sizeof(desc));
181
182	/*
183	 * First check to see if it is a . or .., else look it up.
184	 */
185	if (flags & ISDOTDOT) {		/* Wanting the parent */
186		cnp->cn_flags &= ~MAKEENTRY;
187		goto found;	/* .. is always defined */
188	} else if ((cnp->cn_nameptr[0] == '.') && (cnp->cn_namelen == 1)) {
189		isDot = TRUE;
190		cnp->cn_flags &= ~MAKEENTRY;
191		goto found;	/* We always know who we are */
192	} else {
193		if (hfs_lock(VTOC(dvp), HFS_EXCLUSIVE_LOCK, HFS_LOCK_DEFAULT) != 0) {
194			retval = ENOENT;  /* The parent no longer exists ? */
195			goto exit;
196		}
197		dcp = VTOC(dvp);
198
199		if (dcp->c_flag & C_DIR_MODIFICATION) {
200		    // XXXdbg - if we could msleep on a lck_rw_t then we would do that
201		    //          but since we can't we have to unlock, delay for a bit
202		    //          and then retry...
203		    // msleep((caddr_t)&dcp->c_flag, &dcp->c_rwlock, PINOD, "hfs_vnop_lookup", 0);
204		    hfs_unlock(dcp);
205		    tsleep((caddr_t)dvp, PRIBIO, "hfs_lookup", 1);
206
207		    goto retry;
208		}
209
210
211		/*
212		 * We shouldn't need to go to the catalog if there are no children.
213		 * However, in the face of a minor disk corruption where the valence of
214		 * the directory is off, we could infinite loop here if we return ENOENT
215		 * even though there are actually items in the directory.  (create will
216		 * see the ENOENT, try to create something, which will return with
217		 * EEXIST over and over again).  As a result, always check the catalog.
218		 */
219
220		bzero(&cndesc, sizeof(cndesc));
221		cndesc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr;
222		cndesc.cd_namelen = cnp->cn_namelen;
223		cndesc.cd_parentcnid = dcp->c_fileid;
224		cndesc.cd_hint = dcp->c_childhint;
225
226		lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG, HFS_SHARED_LOCK);
227
228		retval = cat_lookup(hfsmp, &cndesc, 0, force_casesensitive_lookup, &desc, &attr, &fork, NULL);
229
230		hfs_systemfile_unlock(hfsmp, lockflags);
231
232		if (retval == 0) {
233			dcp->c_childhint = desc.cd_hint;
234			/*
235			 * Note: We must drop the parent lock here before calling
236			 * hfs_getnewvnode (which takes the child lock).
237			 */
238			hfs_unlock(dcp);
239			dcp = NULL;
240
241			/* Verify that the item just looked up isn't one of the hidden directories. */
242			if (desc.cd_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid ||
243				desc.cd_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) {
244				retval = ENOENT;
245				goto exit;
246			}
247
248			goto found;
249		}
250
251		/*
252		 * ENAMETOOLONG supersedes other errors
253		 *
254		 * For a CREATE or RENAME operation on the last component
255		 * the ENAMETOOLONG will be handled in the next VNOP.
256		 */
257		if ((retval != ENAMETOOLONG) &&
258		    (cnp->cn_namelen > kHFSPlusMaxFileNameChars) &&
259		    (((flags & ISLASTCN) == 0) || ((nameiop != CREATE) && (nameiop != RENAME)))) {
260			retval = ENAMETOOLONG;
261		} else if (retval == 0) {
262			retval = ENOENT;
263		} else if (retval == ERESERVEDNAME) {
264			/*
265			 * We found the name in the catalog, but it is unavailable
266			 * to us. The exact error to return to our caller depends
267			 * on the operation, and whether we've already reached the
268			 * last path component. In all cases, avoid a negative
269			 * cache entry, since someone else may be able to access
270			 * the name if their lookup is configured differently.
271			 */
272
273			cnp->cn_flags &= ~MAKEENTRY;
274
275			if (((flags & ISLASTCN) == 0) || ((nameiop == LOOKUP) || (nameiop == DELETE))) {
276				/* A reserved name for a pure lookup is the same as the path not being present */
277				retval = ENOENT;
278			} else {
279				/* A reserved name with intent to create must be rejected as impossible */
280				retval = EEXIST;
281			}
282		}
283		if (retval != ENOENT)
284			goto exit;
285		/*
286		 * This is a non-existing entry
287		 *
288		 * If creating, and at end of pathname and current
289		 * directory has not been removed, then can consider
290		 * allowing file to be created.
291		 */
292		if ((nameiop == CREATE || nameiop == RENAME) &&
293		    (flags & ISLASTCN) &&
294		    !(ISSET(dcp->c_flag, C_DELETED | C_NOEXISTS))) {
295			retval = EJUSTRETURN;
296			goto exit;
297		}
298		/*
299		 * Insert name into the name cache (as non-existent).
300		 */
301		if ((hfsmp->hfs_flags & HFS_STANDARD) == 0 &&
302		    (cnp->cn_flags & MAKEENTRY) &&
303		    (nameiop != CREATE)) {
304			cache_enter(dvp, NULL, cnp);
305			dcp->c_flag |= C_NEG_ENTRIES;
306		}
307		goto exit;
308	}
309
310found:
311	if (flags & ISLASTCN) {
312		switch(nameiop) {
313		case DELETE:
314			cnp->cn_flags &= ~MAKEENTRY;
315			break;
316
317		case RENAME:
318			cnp->cn_flags &= ~MAKEENTRY;
319			if (isDot) {
320				retval = EISDIR;
321				goto exit;
322			}
323			break;
324		}
325	}
326
327	if (isDot) {
328		if ((retval = vnode_get(dvp)))
329			goto exit;
330		*vpp = dvp;
331	} else if (flags & ISDOTDOT) {
332		/*
333		 * Directory hard links can have multiple parents so
334		 * find the appropriate parent for the current thread.
335		 */
336		if ((retval = hfs_vget(hfsmp, hfs_currentparent(VTOC(dvp)), &tvp, 0, 0))) {
337			goto exit;
338		}
339		*cnode_locked = 1;
340		*vpp = tvp;
341	} else {
342		int type = (attr.ca_mode & S_IFMT);
343
344		if (!(flags & ISLASTCN) && (type != S_IFDIR) && (type != S_IFLNK)) {
345			retval = ENOTDIR;
346			goto exit;
347		}
348		/* Don't cache directory hardlink names. */
349		if (attr.ca_recflags & kHFSHasLinkChainMask) {
350			cnp->cn_flags &= ~MAKEENTRY;
351		}
352		/* Names with composed chars are not cached. */
353		if (cnp->cn_namelen != desc.cd_namelen)
354			cnp->cn_flags &= ~MAKEENTRY;
355
356		retval = hfs_getnewvnode(hfsmp, dvp, cnp, &desc, 0, &attr, &fork, &tvp, &newvnode_flags);
357
358		if (retval) {
359			/*
360			 * If this was a create/rename operation lookup, then by this point
361			 * we expected to see the item returned from hfs_getnewvnode above.
362			 * In the create case, it would probably eventually bubble out an EEXIST
363			 * because the item existed when we were trying to create it.  In the
364			 * rename case, it would let us know that we need to go ahead and
365			 * delete it as part of the rename.  However, if we hit the condition below
366			 * then it means that we found the element during cat_lookup above, but
367			 * it is now no longer there.  We simply behave as though we never found
368			 * the element at all and return EJUSTRETURN.
369			 */
370			if ((retval == ENOENT) &&
371					((cnp->cn_nameiop == CREATE) || (cnp->cn_nameiop == RENAME)) &&
372					(flags & ISLASTCN)) {
373				retval = EJUSTRETURN;
374			}
375
376			/*
377			 * If this was a straight lookup operation, we may need to redrive the entire
378			 * lookup starting from cat_lookup if the element was deleted as the result of
379			 * a rename operation.  Since rename is supposed to guarantee atomicity, then
380			 * lookups cannot fail because the underlying element is deleted as a result of
381			 * the rename call -- either they returned the looked up element prior to rename
382			 * or return the newer element.  If we are in this region, then all we can do is add
383			 * workarounds to guarantee the latter case. The element has already been deleted, so
384			 * we just re-try the lookup to ensure the caller gets the most recent element.
385			 */
386			if ((retval == ENOENT) && (cnp->cn_nameiop == LOOKUP) &&
387				(newvnode_flags & (GNV_CHASH_RENAMED | GNV_CAT_DELETED))) {
388				if (dcp) {
389					hfs_unlock (dcp);
390				}
391				/* get rid of any name buffers that may have lingered from the cat_lookup call */
392				cat_releasedesc (&desc);
393				goto retry;
394			}
395
396			/* Also, re-drive the lookup if the item we looked up was a hardlink, and the number
397			 * or name of hardlinks has changed in the interim between the cat_lookup above, and
398			 * our call to hfs_getnewvnode.  hfs_getnewvnode will validate the cattr we passed it
399			 * against what is actually in the catalog after the cnode is created.  If there were
400			 * any issues, it will bubble out ERECYCLE, which we need to swallow and use as the
401			 * key to redrive as well.  We need to special case this below because in this case,
402			 * it needs to occur regardless of the type of lookup we're doing here.
403			 */
404			if ((retval == ERECYCLE) && (newvnode_flags & GNV_CAT_ATTRCHANGED)) {
405				if (dcp) {
406					hfs_unlock (dcp);
407				}
408				/* get rid of any name buffers that may have lingered from the cat_lookup call */
409				cat_releasedesc (&desc);
410				retval = 0;
411				goto retry;
412			}
413
414			/* skip to the error-handling code if we can't retry */
415			goto exit;
416		}
417
418		/*
419		 * Save the origin info for file and directory hardlinks.  Directory hardlinks
420		 * need the origin for '..' lookups, and file hardlinks need it to ensure that
421		 * competing lookups do not cause us to vend different hardlinks than the ones requested.
422		 * We want to restrict saving the cache entries to LOOKUP namei operations, since
423		 * we're really doing this to protect getattr.
424		 */
425		if ((nameiop == LOOKUP) && (VTOC(tvp)->c_flag & C_HARDLINK)) {
426			hfs_savelinkorigin(VTOC(tvp), VTOC(dvp)->c_fileid);
427		}
428		*cnode_locked = 1;
429		*vpp = tvp;
430	}
431exit:
432	if (dcp) {
433		hfs_unlock(dcp);
434	}
435	cat_releasedesc(&desc);
436	return (retval);
437}
438
439
440
441/*
442 * Name caching works as follows:
443 *
444 * Names found by directory scans are retained in a cache
445 * for future reference.  It is managed LRU, so frequently
446 * used names will hang around.	 Cache is indexed by hash value
447 * obtained from (vp, name) where vp refers to the directory
448 * containing name.
449 *
450 * If it is a "negative" entry, (i.e. for a name that is known NOT to
451 * exist) the vnode pointer will be NULL.
452 *
453 * Upon reaching the last segment of a path, if the reference
454 * is for DELETE, or NOCACHE is set (rewrite), and the
455 * name is located in the cache, it will be dropped.
456 *
457 */
458
459#define	S_IXALL	0000111
460
461int
462hfs_vnop_lookup(struct vnop_lookup_args *ap)
463{
464	struct vnode *dvp = ap->a_dvp;
465	struct vnode *vp;
466	struct cnode *cp;
467	struct cnode *dcp;
468	struct hfsmount *hfsmp;
469	int error;
470	struct vnode **vpp = ap->a_vpp;
471	struct componentname *cnp = ap->a_cnp;
472	struct proc *p = vfs_context_proc(ap->a_context);
473	int flags = cnp->cn_flags;
474	int force_casesensitive_lookup = proc_is_forcing_hfs_case_sensitivity(p);
475	int cnode_locked;
476
477	*vpp = NULL;
478	dcp = VTOC(dvp);
479
480	hfsmp = VTOHFS(dvp);
481
482	/*
483	 * Lookup an entry in the cache
484	 *
485	 * If the lookup succeeds, the vnode is returned in *vpp,
486	 * and a status of -1 is returned.
487	 *
488	 * If the lookup determines that the name does not exist
489	 * (negative cacheing), a status of ENOENT is returned.
490	 *
491	 * If the lookup fails, a status of zero is returned.
492	 */
493	error = cache_lookup(dvp, vpp, cnp);
494	if (error != -1) {
495		if ((error == ENOENT) && (cnp->cn_nameiop != CREATE))
496			goto exit;	/* found a negative cache entry */
497		goto lookup;		/* did not find it in the cache */
498	}
499	/*
500	 * We have a name that matched
501	 * cache_lookup returns the vp with an iocount reference already taken
502	 */
503	error = 0;
504	vp = *vpp;
505	cp = VTOC(vp);
506
507	/* We aren't allowed to vend out vp's via lookup to the hidden directory */
508	if (cp->c_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid ||
509		cp->c_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) {
510		/* Drop the iocount from cache_lookup */
511		vnode_put (vp);
512		error = ENOENT;
513		goto exit;
514	}
515
516
517	/*
518	 * If this is a hard-link vnode then we need to update
519	 * the name (of the link), the parent ID, the cnid, the
520	 * text encoding and the catalog hint.  This enables
521	 * getattrlist calls to return the correct link info.
522	 */
523
524	/*
525	 * Alternatively, if we are forcing a case-sensitive lookup
526	 * on a case-insensitive volume, the namecache entry
527	 * may have been for an incorrect case. Since we cannot
528	 * determine case vs. normalization, redrive the catalog
529	 * lookup based on any byte mismatch.
530	 */
531	if (((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK))
532		|| (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE))) {
533		int stale_link = 0;
534
535		hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
536		if ((cp->c_parentcnid != dcp->c_cnid) ||
537		    (cnp->cn_namelen != cp->c_desc.cd_namelen) ||
538		    (bcmp(cnp->cn_nameptr, cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0)) {
539			struct cat_desc desc;
540			struct cat_attr lookup_attr;
541			int lockflags;
542
543			if (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE)) {
544				/*
545				 * Since the name in the cnode doesn't match our lookup
546				 * string exactly, do a full lookup.
547				 */
548				hfs_unlock (cp);
549
550				vnode_put(vp);
551				goto lookup;
552			}
553
554			/*
555			 * Get an updated descriptor
556			 */
557			desc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr;
558			desc.cd_namelen = cnp->cn_namelen;
559			desc.cd_parentcnid = dcp->c_fileid;
560			desc.cd_hint = dcp->c_childhint;
561			desc.cd_encoding = 0;
562			desc.cd_cnid = 0;
563			desc.cd_flags = S_ISDIR(cp->c_mode) ? CD_ISDIR : 0;
564
565			/*
566			 * Because lookups call replace_desc to put a new descriptor in
567			 * the cnode we are modifying it is possible that this cnode's
568			 * descriptor is out of date for the parent ID / name that
569			 * we are trying to look up. (It may point to a different hardlink).
570			 *
571			 * We need to be cautious that when re-supplying the
572			 * descriptor below that the results of the catalog lookup
573			 * still point to the same raw inode for the hardlink.  This would
574			 * not be the case if we found something in the cache above but
575			 * the vnode it returned no longer has a valid hardlink for the
576			 * parent ID/filename combo we are requesting.  (This is because
577			 * hfs_unlink does not directly trigger namecache removal).
578			 *
579			 * As a result, before vending out the vnode (and replacing
580			 * its descriptor) verify that the fileID is the same by comparing
581			 * the in-cnode attributes vs. the one returned from the lookup call
582			 * below.  If they do not match, treat this lookup as if we never hit
583			 * in the cache at all.
584			 */
585
586			lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK);
587
588			error = cat_lookup(VTOHFS(vp), &desc, 0, 0, &desc, &lookup_attr, NULL, NULL);
589
590			hfs_systemfile_unlock(VTOHFS(dvp), lockflags);
591
592			/*
593			 * Note that cat_lookup may fail to find something with the name provided in the
594			 * stack-based descriptor above. In that case, an ENOENT is a legitimate errno
595			 * to be placed in error, which will get returned in the fastpath below.
596			 */
597			if (error == 0) {
598				if (lookup_attr.ca_fileid == cp->c_attr.ca_fileid) {
599					/* It still points to the right raw inode.  Replacing the descriptor is fine */
600					replace_desc (cp, &desc);
601
602					/*
603					 * Save the origin info for file and directory hardlinks.  Directory hardlinks
604					 * need the origin for '..' lookups, and file hardlinks need it to ensure that
605					 * competing lookups do not cause us to vend different hardlinks than the ones requested.
606					 * We want to restrict saving the cache entries to LOOKUP namei operations, since
607					 * we're really doing this to protect getattr.
608					 */
609					if (cnp->cn_nameiop == LOOKUP) {
610						hfs_savelinkorigin(cp, dcp->c_fileid);
611					}
612				}
613				else {
614					/* If the fileID does not match then do NOT replace the descriptor! */
615					stale_link = 1;
616				}
617			}
618		}
619		hfs_unlock (cp);
620
621		if (stale_link) {
622			/*
623			 * If we had a stale_link, then we need to pretend as though
624			 * we never found this vnode and force a lookup through the
625			 * traditional path.  Drop the iocount acquired through
626			 * cache_lookup above and force a cat lookup / getnewvnode
627			 */
628			vnode_put(vp);
629			goto lookup;
630		}
631
632		if (error) {
633			/*
634			 * If the cat_lookup failed then the caller will not expect
635			 * a vnode with an iocount on it.
636			 */
637			vnode_put(vp);
638		}
639
640	}
641	goto exit;
642
643lookup:
644	/*
645	 * The vnode was not in the name cache or it was stale.
646	 *
647	 * So we need to do a real lookup.
648	 */
649	cnode_locked = 0;
650
651	error = hfs_lookup(dvp, vpp, cnp, &cnode_locked, force_casesensitive_lookup);
652
653	if (cnode_locked)
654		hfs_unlock(VTOC(*vpp));
655exit:
656	{
657	uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread());
658
659	/*
660	 * check to see if we issued any I/O while completing this lookup and
661	 * this thread/task is throttleable... if so, throttle now
662	 *
663	 * this allows us to throttle in between multiple meta data reads that
664	 * might result due to looking up a long pathname (since we'll have to
665	 * re-enter hfs_vnop_lookup for each component of the pathnam not in
666	 * the VFS cache), instead of waiting until the entire path lookup has
667	 * completed and throttling at the systemcall return
668	 */
669	if (__improbable(ut->uu_lowpri_window)) {
670		throttle_lowpri_io(1);
671	}
672	}
673
674	return (error);
675}
676
677
678