1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2013, 2014 by Delphix. All rights reserved.
24 * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27/* Portions Copyright 2007 Jeremy Teo */
28/* Portions Copyright 2010 Robert Milkowski */
29
30#include <sys/types.h>
31#include <sys/param.h>
32#include <sys/time.h>
33#include <sys/systm.h>
34#include <sys/sysmacros.h>
35#include <sys/resource.h>
36#include <sys/vfs.h>
37#include <sys/vfs_opreg.h>
38#include <sys/vnode.h>
39#include <sys/file.h>
40#include <sys/stat.h>
41#include <sys/kmem.h>
42#include <sys/taskq.h>
43#include <sys/uio.h>
44#include <sys/vmsystm.h>
45#include <sys/atomic.h>
46#include <sys/vm.h>
47#include <vm/seg_vn.h>
48#include <vm/pvn.h>
49#include <vm/as.h>
50#include <vm/kpm.h>
51#include <vm/seg_kpm.h>
52#include <sys/mman.h>
53#include <sys/pathname.h>
54#include <sys/cmn_err.h>
55#include <sys/errno.h>
56#include <sys/unistd.h>
57#include <sys/zfs_dir.h>
58#include <sys/zfs_acl.h>
59#include <sys/zfs_ioctl.h>
60#include <sys/fs/zfs.h>
61#include <sys/dmu.h>
62#include <sys/dmu_objset.h>
63#include <sys/spa.h>
64#include <sys/txg.h>
65#include <sys/dbuf.h>
66#include <sys/zap.h>
67#include <sys/sa.h>
68#include <sys/dirent.h>
69#include <sys/policy.h>
70#include <sys/sunddi.h>
71#include <sys/filio.h>
72#include <sys/sid.h>
73#include "fs/fs_subr.h"
74#include <sys/zfs_ctldir.h>
75#include <sys/zfs_fuid.h>
76#include <sys/zfs_sa.h>
77#include <sys/dnlc.h>
78#include <sys/zfs_rlock.h>
79#include <sys/extdirent.h>
80#include <sys/kidmap.h>
81#include <sys/cred.h>
82#include <sys/attr.h>
83
84/*
85 * Programming rules.
86 *
87 * Each vnode op performs some logical unit of work.  To do this, the ZPL must
88 * properly lock its in-core state, create a DMU transaction, do the work,
89 * record this work in the intent log (ZIL), commit the DMU transaction,
90 * and wait for the intent log to commit if it is a synchronous operation.
91 * Moreover, the vnode ops must work in both normal and log replay context.
92 * The ordering of events is important to avoid deadlocks and references
93 * to freed memory.  The example below illustrates the following Big Rules:
94 *
95 *  (1)	A check must be made in each zfs thread for a mounted file system.
96 *	This is done avoiding races using ZFS_ENTER(zfsvfs).
97 *	A ZFS_EXIT(zfsvfs) is needed before all returns.  Any znodes
98 *	must be checked with ZFS_VERIFY_ZP(zp).  Both of these macros
99 *	can return EIO from the calling function.
100 *
101 *  (2)	VN_RELE() should always be the last thing except for zil_commit()
102 *	(if necessary) and ZFS_EXIT(). This is for 3 reasons:
103 *	First, if it's the last reference, the vnode/znode
104 *	can be freed, so the zp may point to freed memory.  Second, the last
105 *	reference will call zfs_zinactive(), which may induce a lot of work --
106 *	pushing cached pages (which acquires range locks) and syncing out
107 *	cached atime changes.  Third, zfs_zinactive() may require a new tx,
108 *	which could deadlock the system if you were already holding one.
109 *	If you must call VN_RELE() within a tx then use VN_RELE_ASYNC().
110 *
111 *  (3)	All range locks must be grabbed before calling dmu_tx_assign(),
112 *	as they can span dmu_tx_assign() calls.
113 *
114 *  (4) If ZPL locks are held, pass TXG_NOWAIT as the second argument to
115 *      dmu_tx_assign().  This is critical because we don't want to block
116 *      while holding locks.
117 *
118 *	If no ZPL locks are held (aside from ZFS_ENTER()), use TXG_WAIT.  This
119 *	reduces lock contention and CPU usage when we must wait (note that if
120 *	throughput is constrained by the storage, nearly every transaction
121 *	must wait).
122 *
123 *      Note, in particular, that if a lock is sometimes acquired before
124 *      the tx assigns, and sometimes after (e.g. z_lock), then failing
125 *      to use a non-blocking assign can deadlock the system.  The scenario:
126 *
127 *	Thread A has grabbed a lock before calling dmu_tx_assign().
128 *	Thread B is in an already-assigned tx, and blocks for this lock.
129 *	Thread A calls dmu_tx_assign(TXG_WAIT) and blocks in txg_wait_open()
130 *	forever, because the previous txg can't quiesce until B's tx commits.
131 *
132 *	If dmu_tx_assign() returns ERESTART and zfsvfs->z_assign is TXG_NOWAIT,
133 *	then drop all locks, call dmu_tx_wait(), and try again.  On subsequent
134 *	calls to dmu_tx_assign(), pass TXG_WAITED rather than TXG_NOWAIT,
135 *	to indicate that this operation has already called dmu_tx_wait().
136 *	This will ensure that we don't retry forever, waiting a short bit
137 *	each time.
138 *
139 *  (5)	If the operation succeeded, generate the intent log entry for it
140 *	before dropping locks.  This ensures that the ordering of events
141 *	in the intent log matches the order in which they actually occurred.
142 *	During ZIL replay the zfs_log_* functions will update the sequence
143 *	number to indicate the zil transaction has replayed.
144 *
145 *  (6)	At the end of each vnode op, the DMU tx must always commit,
146 *	regardless of whether there were any errors.
147 *
148 *  (7)	After dropping all locks, invoke zil_commit(zilog, foid)
149 *	to ensure that synchronous semantics are provided when necessary.
150 *
151 * In general, this is how things should be ordered in each vnode op:
152 *
153 *	ZFS_ENTER(zfsvfs);		// exit if unmounted
154 * top:
155 *	zfs_dirent_lock(&dl, ...)	// lock directory entry (may VN_HOLD())
156 *	rw_enter(...);			// grab any other locks you need
157 *	tx = dmu_tx_create(...);	// get DMU tx
158 *	dmu_tx_hold_*();		// hold each object you might modify
159 *	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
160 *	if (error) {
161 *		rw_exit(...);		// drop locks
162 *		zfs_dirent_unlock(dl);	// unlock directory entry
163 *		VN_RELE(...);		// release held vnodes
164 *		if (error == ERESTART) {
165 *			waited = B_TRUE;
166 *			dmu_tx_wait(tx);
167 *			dmu_tx_abort(tx);
168 *			goto top;
169 *		}
170 *		dmu_tx_abort(tx);	// abort DMU tx
171 *		ZFS_EXIT(zfsvfs);	// finished in zfs
172 *		return (error);		// really out of space
173 *	}
174 *	error = do_real_work();		// do whatever this VOP does
175 *	if (error == 0)
176 *		zfs_log_*(...);		// on success, make ZIL entry
177 *	dmu_tx_commit(tx);		// commit DMU tx -- error or not
178 *	rw_exit(...);			// drop locks
179 *	zfs_dirent_unlock(dl);		// unlock directory entry
180 *	VN_RELE(...);			// release held vnodes
181 *	zil_commit(zilog, foid);	// synchronous when necessary
182 *	ZFS_EXIT(zfsvfs);		// finished in zfs
183 *	return (error);			// done, report error
184 */
185
186/* ARGSUSED */
187static int
188zfs_open(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *ct)
189{
190	znode_t	*zp = VTOZ(*vpp);
191	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
192
193	ZFS_ENTER(zfsvfs);
194	ZFS_VERIFY_ZP(zp);
195
196	if ((flag & FWRITE) && (zp->z_pflags & ZFS_APPENDONLY) &&
197	    ((flag & FAPPEND) == 0)) {
198		ZFS_EXIT(zfsvfs);
199		return (SET_ERROR(EPERM));
200	}
201
202	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
203	    ZTOV(zp)->v_type == VREG &&
204	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) {
205		if (fs_vscan(*vpp, cr, 0) != 0) {
206			ZFS_EXIT(zfsvfs);
207			return (SET_ERROR(EACCES));
208		}
209	}
210
211	/* Keep a count of the synchronous opens in the znode */
212	if (flag & (FSYNC | FDSYNC))
213		atomic_inc_32(&zp->z_sync_cnt);
214
215	ZFS_EXIT(zfsvfs);
216	return (0);
217}
218
219/* ARGSUSED */
220static int
221zfs_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
222    caller_context_t *ct)
223{
224	znode_t	*zp = VTOZ(vp);
225	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
226
227	/*
228	 * Clean up any locks held by this process on the vp.
229	 */
230	cleanlocks(vp, ddi_get_pid(), 0);
231	cleanshares(vp, ddi_get_pid());
232
233	ZFS_ENTER(zfsvfs);
234	ZFS_VERIFY_ZP(zp);
235
236	/* Decrement the synchronous opens in the znode */
237	if ((flag & (FSYNC | FDSYNC)) && (count == 1))
238		atomic_dec_32(&zp->z_sync_cnt);
239
240	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
241	    ZTOV(zp)->v_type == VREG &&
242	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0)
243		VERIFY(fs_vscan(vp, cr, 1) == 0);
244
245	ZFS_EXIT(zfsvfs);
246	return (0);
247}
248
249/*
250 * Lseek support for finding holes (cmd == _FIO_SEEK_HOLE) and
251 * data (cmd == _FIO_SEEK_DATA). "off" is an in/out parameter.
252 */
253static int
254zfs_holey(vnode_t *vp, int cmd, offset_t *off)
255{
256	znode_t	*zp = VTOZ(vp);
257	uint64_t noff = (uint64_t)*off; /* new offset */
258	uint64_t file_sz;
259	int error;
260	boolean_t hole;
261
262	file_sz = zp->z_size;
263	if (noff >= file_sz)  {
264		return (SET_ERROR(ENXIO));
265	}
266
267	if (cmd == _FIO_SEEK_HOLE)
268		hole = B_TRUE;
269	else
270		hole = B_FALSE;
271
272	error = dmu_offset_next(zp->z_zfsvfs->z_os, zp->z_id, hole, &noff);
273
274	/* end of file? */
275	if ((error == ESRCH) || (noff > file_sz)) {
276		/*
277		 * Handle the virtual hole at the end of file.
278		 */
279		if (hole) {
280			*off = file_sz;
281			return (0);
282		}
283		return (SET_ERROR(ENXIO));
284	}
285
286	if (noff < *off)
287		return (error);
288	*off = noff;
289	return (error);
290}
291
292/* ARGSUSED */
293static int
294zfs_ioctl(vnode_t *vp, int com, intptr_t data, int flag, cred_t *cred,
295    int *rvalp, caller_context_t *ct)
296{
297	offset_t off;
298	int error;
299	zfsvfs_t *zfsvfs;
300	znode_t *zp;
301
302	switch (com) {
303	case _FIOFFS:
304		return (zfs_sync(vp->v_vfsp, 0, cred));
305
306		/*
307		 * The following two ioctls are used by bfu.  Faking out,
308		 * necessary to avoid bfu errors.
309		 */
310	case _FIOGDIO:
311	case _FIOSDIO:
312		return (0);
313
314	case _FIO_SEEK_DATA:
315	case _FIO_SEEK_HOLE:
316		if (ddi_copyin((void *)data, &off, sizeof (off), flag))
317			return (SET_ERROR(EFAULT));
318
319		zp = VTOZ(vp);
320		zfsvfs = zp->z_zfsvfs;
321		ZFS_ENTER(zfsvfs);
322		ZFS_VERIFY_ZP(zp);
323
324		/* offset parameter is in/out */
325		error = zfs_holey(vp, com, &off);
326		ZFS_EXIT(zfsvfs);
327		if (error)
328			return (error);
329		if (ddi_copyout(&off, (void *)data, sizeof (off), flag))
330			return (SET_ERROR(EFAULT));
331		return (0);
332	}
333	return (SET_ERROR(ENOTTY));
334}
335
336/*
337 * Utility functions to map and unmap a single physical page.  These
338 * are used to manage the mappable copies of ZFS file data, and therefore
339 * do not update ref/mod bits.
340 */
341caddr_t
342zfs_map_page(page_t *pp, enum seg_rw rw)
343{
344	if (kpm_enable)
345		return (hat_kpm_mapin(pp, 0));
346	ASSERT(rw == S_READ || rw == S_WRITE);
347	return (ppmapin(pp, PROT_READ | ((rw == S_WRITE) ? PROT_WRITE : 0),
348	    (caddr_t)-1));
349}
350
351void
352zfs_unmap_page(page_t *pp, caddr_t addr)
353{
354	if (kpm_enable) {
355		hat_kpm_mapout(pp, 0, addr);
356	} else {
357		ppmapout(addr);
358	}
359}
360
361/*
362 * When a file is memory mapped, we must keep the IO data synchronized
363 * between the DMU cache and the memory mapped pages.  What this means:
364 *
365 * On Write:	If we find a memory mapped page, we write to *both*
366 *		the page and the dmu buffer.
367 */
368static void
369update_pages(vnode_t *vp, int64_t start, int len, objset_t *os, uint64_t oid)
370{
371	int64_t	off;
372
373	off = start & PAGEOFFSET;
374	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
375		page_t *pp;
376		uint64_t nbytes = MIN(PAGESIZE - off, len);
377
378		if (pp = page_lookup(vp, start, SE_SHARED)) {
379			caddr_t va;
380
381			va = zfs_map_page(pp, S_WRITE);
382			(void) dmu_read(os, oid, start+off, nbytes, va+off,
383			    DMU_READ_PREFETCH);
384			zfs_unmap_page(pp, va);
385			page_unlock(pp);
386		}
387		len -= nbytes;
388		off = 0;
389	}
390}
391
392/*
393 * When a file is memory mapped, we must keep the IO data synchronized
394 * between the DMU cache and the memory mapped pages.  What this means:
395 *
396 * On Read:	We "read" preferentially from memory mapped pages,
397 *		else we default from the dmu buffer.
398 *
399 * NOTE: We will always "break up" the IO into PAGESIZE uiomoves when
400 *	 the file is memory mapped.
401 */
402static int
403mappedread(vnode_t *vp, int nbytes, uio_t *uio)
404{
405	znode_t *zp = VTOZ(vp);
406	objset_t *os = zp->z_zfsvfs->z_os;
407	int64_t	start, off;
408	int len = nbytes;
409	int error = 0;
410
411	start = uio->uio_loffset;
412	off = start & PAGEOFFSET;
413	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
414		page_t *pp;
415		uint64_t bytes = MIN(PAGESIZE - off, len);
416
417		if (pp = page_lookup(vp, start, SE_SHARED)) {
418			caddr_t va;
419
420			va = zfs_map_page(pp, S_READ);
421			error = uiomove(va + off, bytes, UIO_READ, uio);
422			zfs_unmap_page(pp, va);
423			page_unlock(pp);
424		} else {
425			error = dmu_read_uio(os, zp->z_id, uio, bytes);
426		}
427		len -= bytes;
428		off = 0;
429		if (error)
430			break;
431	}
432	return (error);
433}
434
435offset_t zfs_read_chunk_size = 1024 * 1024; /* Tunable */
436
437/*
438 * Read bytes from specified file into supplied buffer.
439 *
440 *	IN:	vp	- vnode of file to be read from.
441 *		uio	- structure supplying read location, range info,
442 *			  and return buffer.
443 *		ioflag	- SYNC flags; used to provide FRSYNC semantics.
444 *		cr	- credentials of caller.
445 *		ct	- caller context
446 *
447 *	OUT:	uio	- updated offset and range, buffer filled.
448 *
449 *	RETURN:	0 on success, error code on failure.
450 *
451 * Side Effects:
452 *	vp - atime updated if byte count > 0
453 */
454/* ARGSUSED */
455static int
456zfs_read(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
457{
458	znode_t		*zp = VTOZ(vp);
459	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
460	objset_t	*os;
461	ssize_t		n, nbytes;
462	int		error = 0;
463	rl_t		*rl;
464	xuio_t		*xuio = NULL;
465
466	ZFS_ENTER(zfsvfs);
467	ZFS_VERIFY_ZP(zp);
468	os = zfsvfs->z_os;
469
470	if (zp->z_pflags & ZFS_AV_QUARANTINED) {
471		ZFS_EXIT(zfsvfs);
472		return (SET_ERROR(EACCES));
473	}
474
475	/*
476	 * Validate file offset
477	 */
478	if (uio->uio_loffset < (offset_t)0) {
479		ZFS_EXIT(zfsvfs);
480		return (SET_ERROR(EINVAL));
481	}
482
483	/*
484	 * Fasttrack empty reads
485	 */
486	if (uio->uio_resid == 0) {
487		ZFS_EXIT(zfsvfs);
488		return (0);
489	}
490
491	/*
492	 * Check for mandatory locks
493	 */
494	if (MANDMODE(zp->z_mode)) {
495		if (error = chklock(vp, FREAD,
496		    uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct)) {
497			ZFS_EXIT(zfsvfs);
498			return (error);
499		}
500	}
501
502	/*
503	 * If we're in FRSYNC mode, sync out this znode before reading it.
504	 */
505	if (ioflag & FRSYNC || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
506		zil_commit(zfsvfs->z_log, zp->z_id);
507
508	/*
509	 * Lock the range against changes.
510	 */
511	rl = zfs_range_lock(zp, uio->uio_loffset, uio->uio_resid, RL_READER);
512
513	/*
514	 * If we are reading past end-of-file we can skip
515	 * to the end; but we might still need to set atime.
516	 */
517	if (uio->uio_loffset >= zp->z_size) {
518		error = 0;
519		goto out;
520	}
521
522	ASSERT(uio->uio_loffset < zp->z_size);
523	n = MIN(uio->uio_resid, zp->z_size - uio->uio_loffset);
524
525	if ((uio->uio_extflg == UIO_XUIO) &&
526	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY)) {
527		int nblk;
528		int blksz = zp->z_blksz;
529		uint64_t offset = uio->uio_loffset;
530
531		xuio = (xuio_t *)uio;
532		if ((ISP2(blksz))) {
533			nblk = (P2ROUNDUP(offset + n, blksz) - P2ALIGN(offset,
534			    blksz)) / blksz;
535		} else {
536			ASSERT(offset + n <= blksz);
537			nblk = 1;
538		}
539		(void) dmu_xuio_init(xuio, nblk);
540
541		if (vn_has_cached_data(vp)) {
542			/*
543			 * For simplicity, we always allocate a full buffer
544			 * even if we only expect to read a portion of a block.
545			 */
546			while (--nblk >= 0) {
547				(void) dmu_xuio_add(xuio,
548				    dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
549				    blksz), 0, blksz);
550			}
551		}
552	}
553
554	while (n > 0) {
555		nbytes = MIN(n, zfs_read_chunk_size -
556		    P2PHASE(uio->uio_loffset, zfs_read_chunk_size));
557
558		if (vn_has_cached_data(vp))
559			error = mappedread(vp, nbytes, uio);
560		else
561			error = dmu_read_uio(os, zp->z_id, uio, nbytes);
562		if (error) {
563			/* convert checksum errors into IO errors */
564			if (error == ECKSUM)
565				error = SET_ERROR(EIO);
566			break;
567		}
568
569		n -= nbytes;
570	}
571out:
572	zfs_range_unlock(rl);
573
574	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
575	ZFS_EXIT(zfsvfs);
576	return (error);
577}
578
579/*
580 * Write the bytes to a file.
581 *
582 *	IN:	vp	- vnode of file to be written to.
583 *		uio	- structure supplying write location, range info,
584 *			  and data buffer.
585 *		ioflag	- FAPPEND, FSYNC, and/or FDSYNC.  FAPPEND is
586 *			  set if in append mode.
587 *		cr	- credentials of caller.
588 *		ct	- caller context (NFS/CIFS fem monitor only)
589 *
590 *	OUT:	uio	- updated offset and range.
591 *
592 *	RETURN:	0 on success, error code on failure.
593 *
594 * Timestamps:
595 *	vp - ctime|mtime updated if byte count > 0
596 */
597
598/* ARGSUSED */
599static int
600zfs_write(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
601{
602	znode_t		*zp = VTOZ(vp);
603	rlim64_t	limit = uio->uio_llimit;
604	ssize_t		start_resid = uio->uio_resid;
605	ssize_t		tx_bytes;
606	uint64_t	end_size;
607	dmu_tx_t	*tx;
608	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
609	zilog_t		*zilog;
610	offset_t	woff;
611	ssize_t		n, nbytes;
612	rl_t		*rl;
613	int		max_blksz = zfsvfs->z_max_blksz;
614	int		error = 0;
615	arc_buf_t	*abuf;
616	iovec_t		*aiov = NULL;
617	xuio_t		*xuio = NULL;
618	int		i_iov = 0;
619	int		iovcnt = uio->uio_iovcnt;
620	iovec_t		*iovp = uio->uio_iov;
621	int		write_eof;
622	int		count = 0;
623	sa_bulk_attr_t	bulk[4];
624	uint64_t	mtime[2], ctime[2];
625
626	/*
627	 * Fasttrack empty write
628	 */
629	n = start_resid;
630	if (n == 0)
631		return (0);
632
633	if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
634		limit = MAXOFFSET_T;
635
636	ZFS_ENTER(zfsvfs);
637	ZFS_VERIFY_ZP(zp);
638
639	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
640	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
641	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,
642	    &zp->z_size, 8);
643	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
644	    &zp->z_pflags, 8);
645
646	/*
647	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
648	 * callers might not be able to detect properly that we are read-only,
649	 * so check it explicitly here.
650	 */
651	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
652		ZFS_EXIT(zfsvfs);
653		return (SET_ERROR(EROFS));
654	}
655
656	/*
657	 * If immutable or not appending then return EPERM
658	 */
659	if ((zp->z_pflags & (ZFS_IMMUTABLE | ZFS_READONLY)) ||
660	    ((zp->z_pflags & ZFS_APPENDONLY) && !(ioflag & FAPPEND) &&
661	    (uio->uio_loffset < zp->z_size))) {
662		ZFS_EXIT(zfsvfs);
663		return (SET_ERROR(EPERM));
664	}
665
666	zilog = zfsvfs->z_log;
667
668	/*
669	 * Validate file offset
670	 */
671	woff = ioflag & FAPPEND ? zp->z_size : uio->uio_loffset;
672	if (woff < 0) {
673		ZFS_EXIT(zfsvfs);
674		return (SET_ERROR(EINVAL));
675	}
676
677	/*
678	 * Check for mandatory locks before calling zfs_range_lock()
679	 * in order to prevent a deadlock with locks set via fcntl().
680	 */
681	if (MANDMODE((mode_t)zp->z_mode) &&
682	    (error = chklock(vp, FWRITE, woff, n, uio->uio_fmode, ct)) != 0) {
683		ZFS_EXIT(zfsvfs);
684		return (error);
685	}
686
687	/*
688	 * Pre-fault the pages to ensure slow (eg NFS) pages
689	 * don't hold up txg.
690	 * Skip this if uio contains loaned arc_buf.
691	 */
692	if ((uio->uio_extflg == UIO_XUIO) &&
693	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY))
694		xuio = (xuio_t *)uio;
695	else
696		uio_prefaultpages(MIN(n, max_blksz), uio);
697
698	/*
699	 * If in append mode, set the io offset pointer to eof.
700	 */
701	if (ioflag & FAPPEND) {
702		/*
703		 * Obtain an appending range lock to guarantee file append
704		 * semantics.  We reset the write offset once we have the lock.
705		 */
706		rl = zfs_range_lock(zp, 0, n, RL_APPEND);
707		woff = rl->r_off;
708		if (rl->r_len == UINT64_MAX) {
709			/*
710			 * We overlocked the file because this write will cause
711			 * the file block size to increase.
712			 * Note that zp_size cannot change with this lock held.
713			 */
714			woff = zp->z_size;
715		}
716		uio->uio_loffset = woff;
717	} else {
718		/*
719		 * Note that if the file block size will change as a result of
720		 * this write, then this range lock will lock the entire file
721		 * so that we can re-write the block safely.
722		 */
723		rl = zfs_range_lock(zp, woff, n, RL_WRITER);
724	}
725
726	if (woff >= limit) {
727		zfs_range_unlock(rl);
728		ZFS_EXIT(zfsvfs);
729		return (SET_ERROR(EFBIG));
730	}
731
732	if ((woff + n) > limit || woff > (limit - n))
733		n = limit - woff;
734
735	/* Will this write extend the file length? */
736	write_eof = (woff + n > zp->z_size);
737
738	end_size = MAX(zp->z_size, woff + n);
739
740	/*
741	 * Write the file in reasonable size chunks.  Each chunk is written
742	 * in a separate transaction; this keeps the intent log records small
743	 * and allows us to do more fine-grained space accounting.
744	 */
745	while (n > 0) {
746		abuf = NULL;
747		woff = uio->uio_loffset;
748		if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
749		    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
750			if (abuf != NULL)
751				dmu_return_arcbuf(abuf);
752			error = SET_ERROR(EDQUOT);
753			break;
754		}
755
756		if (xuio && abuf == NULL) {
757			ASSERT(i_iov < iovcnt);
758			aiov = &iovp[i_iov];
759			abuf = dmu_xuio_arcbuf(xuio, i_iov);
760			dmu_xuio_clear(xuio, i_iov);
761			DTRACE_PROBE3(zfs_cp_write, int, i_iov,
762			    iovec_t *, aiov, arc_buf_t *, abuf);
763			ASSERT((aiov->iov_base == abuf->b_data) ||
764			    ((char *)aiov->iov_base - (char *)abuf->b_data +
765			    aiov->iov_len == arc_buf_size(abuf)));
766			i_iov++;
767		} else if (abuf == NULL && n >= max_blksz &&
768		    woff >= zp->z_size &&
769		    P2PHASE(woff, max_blksz) == 0 &&
770		    zp->z_blksz == max_blksz) {
771			/*
772			 * This write covers a full block.  "Borrow" a buffer
773			 * from the dmu so that we can fill it before we enter
774			 * a transaction.  This avoids the possibility of
775			 * holding up the transaction if the data copy hangs
776			 * up on a pagefault (e.g., from an NFS server mapping).
777			 */
778			size_t cbytes;
779
780			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
781			    max_blksz);
782			ASSERT(abuf != NULL);
783			ASSERT(arc_buf_size(abuf) == max_blksz);
784			if (error = uiocopy(abuf->b_data, max_blksz,
785			    UIO_WRITE, uio, &cbytes)) {
786				dmu_return_arcbuf(abuf);
787				break;
788			}
789			ASSERT(cbytes == max_blksz);
790		}
791
792		/*
793		 * Start a transaction.
794		 */
795		tx = dmu_tx_create(zfsvfs->z_os);
796		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
797		dmu_tx_hold_write(tx, zp->z_id, woff, MIN(n, max_blksz));
798		zfs_sa_upgrade_txholds(tx, zp);
799		error = dmu_tx_assign(tx, TXG_WAIT);
800		if (error) {
801			dmu_tx_abort(tx);
802			if (abuf != NULL)
803				dmu_return_arcbuf(abuf);
804			break;
805		}
806
807		/*
808		 * If zfs_range_lock() over-locked we grow the blocksize
809		 * and then reduce the lock range.  This will only happen
810		 * on the first iteration since zfs_range_reduce() will
811		 * shrink down r_len to the appropriate size.
812		 */
813		if (rl->r_len == UINT64_MAX) {
814			uint64_t new_blksz;
815
816			if (zp->z_blksz > max_blksz) {
817				ASSERT(!ISP2(zp->z_blksz));
818				new_blksz = MIN(end_size, SPA_MAXBLOCKSIZE);
819			} else {
820				new_blksz = MIN(end_size, max_blksz);
821			}
822			zfs_grow_blocksize(zp, new_blksz, tx);
823			zfs_range_reduce(rl, woff, n);
824		}
825
826		/*
827		 * XXX - should we really limit each write to z_max_blksz?
828		 * Perhaps we should use SPA_MAXBLOCKSIZE chunks?
829		 */
830		nbytes = MIN(n, max_blksz - P2PHASE(woff, max_blksz));
831
832		if (abuf == NULL) {
833			tx_bytes = uio->uio_resid;
834			error = dmu_write_uio_dbuf(sa_get_db(zp->z_sa_hdl),
835			    uio, nbytes, tx);
836			tx_bytes -= uio->uio_resid;
837		} else {
838			tx_bytes = nbytes;
839			ASSERT(xuio == NULL || tx_bytes == aiov->iov_len);
840			/*
841			 * If this is not a full block write, but we are
842			 * extending the file past EOF and this data starts
843			 * block-aligned, use assign_arcbuf().  Otherwise,
844			 * write via dmu_write().
845			 */
846			if (tx_bytes < max_blksz && (!write_eof ||
847			    aiov->iov_base != abuf->b_data)) {
848				ASSERT(xuio);
849				dmu_write(zfsvfs->z_os, zp->z_id, woff,
850				    aiov->iov_len, aiov->iov_base, tx);
851				dmu_return_arcbuf(abuf);
852				xuio_stat_wbuf_copied();
853			} else {
854				ASSERT(xuio || tx_bytes == max_blksz);
855				dmu_assign_arcbuf(sa_get_db(zp->z_sa_hdl),
856				    woff, abuf, tx);
857			}
858			ASSERT(tx_bytes <= uio->uio_resid);
859			uioskip(uio, tx_bytes);
860		}
861		if (tx_bytes && vn_has_cached_data(vp)) {
862			update_pages(vp, woff,
863			    tx_bytes, zfsvfs->z_os, zp->z_id);
864		}
865
866		/*
867		 * If we made no progress, we're done.  If we made even
868		 * partial progress, update the znode and ZIL accordingly.
869		 */
870		if (tx_bytes == 0) {
871			(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
872			    (void *)&zp->z_size, sizeof (uint64_t), tx);
873			dmu_tx_commit(tx);
874			ASSERT(error != 0);
875			break;
876		}
877
878		/*
879		 * Clear Set-UID/Set-GID bits on successful write if not
880		 * privileged and at least one of the excute bits is set.
881		 *
882		 * It would be nice to to this after all writes have
883		 * been done, but that would still expose the ISUID/ISGID
884		 * to another app after the partial write is committed.
885		 *
886		 * Note: we don't call zfs_fuid_map_id() here because
887		 * user 0 is not an ephemeral uid.
888		 */
889		mutex_enter(&zp->z_acl_lock);
890		if ((zp->z_mode & (S_IXUSR | (S_IXUSR >> 3) |
891		    (S_IXUSR >> 6))) != 0 &&
892		    (zp->z_mode & (S_ISUID | S_ISGID)) != 0 &&
893		    secpolicy_vnode_setid_retain(cr,
894		    (zp->z_mode & S_ISUID) != 0 && zp->z_uid == 0) != 0) {
895			uint64_t newmode;
896			zp->z_mode &= ~(S_ISUID | S_ISGID);
897			newmode = zp->z_mode;
898			(void) sa_update(zp->z_sa_hdl, SA_ZPL_MODE(zfsvfs),
899			    (void *)&newmode, sizeof (uint64_t), tx);
900		}
901		mutex_exit(&zp->z_acl_lock);
902
903		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
904		    B_TRUE);
905
906		/*
907		 * Update the file size (zp_size) if it has changed;
908		 * account for possible concurrent updates.
909		 */
910		while ((end_size = zp->z_size) < uio->uio_loffset) {
911			(void) atomic_cas_64(&zp->z_size, end_size,
912			    uio->uio_loffset);
913			ASSERT(error == 0);
914		}
915		/*
916		 * If we are replaying and eof is non zero then force
917		 * the file size to the specified eof. Note, there's no
918		 * concurrency during replay.
919		 */
920		if (zfsvfs->z_replay && zfsvfs->z_replay_eof != 0)
921			zp->z_size = zfsvfs->z_replay_eof;
922
923		error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
924
925		zfs_log_write(zilog, tx, TX_WRITE, zp, woff, tx_bytes, ioflag);
926		dmu_tx_commit(tx);
927
928		if (error != 0)
929			break;
930		ASSERT(tx_bytes == nbytes);
931		n -= nbytes;
932
933		if (!xuio && n > 0)
934			uio_prefaultpages(MIN(n, max_blksz), uio);
935	}
936
937	zfs_range_unlock(rl);
938
939	/*
940	 * If we're in replay mode, or we made no progress, return error.
941	 * Otherwise, it's at least a partial write, so it's successful.
942	 */
943	if (zfsvfs->z_replay || uio->uio_resid == start_resid) {
944		ZFS_EXIT(zfsvfs);
945		return (error);
946	}
947
948	if (ioflag & (FSYNC | FDSYNC) ||
949	    zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
950		zil_commit(zilog, zp->z_id);
951
952	ZFS_EXIT(zfsvfs);
953	return (0);
954}
955
956void
957zfs_get_done(zgd_t *zgd, int error)
958{
959	znode_t *zp = zgd->zgd_private;
960	objset_t *os = zp->z_zfsvfs->z_os;
961
962	if (zgd->zgd_db)
963		dmu_buf_rele(zgd->zgd_db, zgd);
964
965	zfs_range_unlock(zgd->zgd_rl);
966
967	/*
968	 * Release the vnode asynchronously as we currently have the
969	 * txg stopped from syncing.
970	 */
971	VN_RELE_ASYNC(ZTOV(zp), dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
972
973	if (error == 0 && zgd->zgd_bp)
974		zil_add_block(zgd->zgd_zilog, zgd->zgd_bp);
975
976	kmem_free(zgd, sizeof (zgd_t));
977}
978
979#ifdef DEBUG
980static int zil_fault_io = 0;
981#endif
982
983/*
984 * Get data to generate a TX_WRITE intent log record.
985 */
986int
987zfs_get_data(void *arg, lr_write_t *lr, char *buf, zio_t *zio)
988{
989	zfsvfs_t *zfsvfs = arg;
990	objset_t *os = zfsvfs->z_os;
991	znode_t *zp;
992	uint64_t object = lr->lr_foid;
993	uint64_t offset = lr->lr_offset;
994	uint64_t size = lr->lr_length;
995	blkptr_t *bp = &lr->lr_blkptr;
996	dmu_buf_t *db;
997	zgd_t *zgd;
998	int error = 0;
999
1000	ASSERT(zio != NULL);
1001	ASSERT(size != 0);
1002
1003	/*
1004	 * Nothing to do if the file has been removed
1005	 */
1006	if (zfs_zget(zfsvfs, object, &zp) != 0)
1007		return (SET_ERROR(ENOENT));
1008	if (zp->z_unlinked) {
1009		/*
1010		 * Release the vnode asynchronously as we currently have the
1011		 * txg stopped from syncing.
1012		 */
1013		VN_RELE_ASYNC(ZTOV(zp),
1014		    dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
1015		return (SET_ERROR(ENOENT));
1016	}
1017
1018	zgd = (zgd_t *)kmem_zalloc(sizeof (zgd_t), KM_SLEEP);
1019	zgd->zgd_zilog = zfsvfs->z_log;
1020	zgd->zgd_private = zp;
1021
1022	/*
1023	 * Write records come in two flavors: immediate and indirect.
1024	 * For small writes it's cheaper to store the data with the
1025	 * log record (immediate); for large writes it's cheaper to
1026	 * sync the data and get a pointer to it (indirect) so that
1027	 * we don't have to write the data twice.
1028	 */
1029	if (buf != NULL) { /* immediate write */
1030		zgd->zgd_rl = zfs_range_lock(zp, offset, size, RL_READER);
1031		/* test for truncation needs to be done while range locked */
1032		if (offset >= zp->z_size) {
1033			error = SET_ERROR(ENOENT);
1034		} else {
1035			error = dmu_read(os, object, offset, size, buf,
1036			    DMU_READ_NO_PREFETCH);
1037		}
1038		ASSERT(error == 0 || error == ENOENT);
1039	} else { /* indirect write */
1040		/*
1041		 * Have to lock the whole block to ensure when it's
1042		 * written out and it's checksum is being calculated
1043		 * that no one can change the data. We need to re-check
1044		 * blocksize after we get the lock in case it's changed!
1045		 */
1046		for (;;) {
1047			uint64_t blkoff;
1048			size = zp->z_blksz;
1049			blkoff = ISP2(size) ? P2PHASE(offset, size) : offset;
1050			offset -= blkoff;
1051			zgd->zgd_rl = zfs_range_lock(zp, offset, size,
1052			    RL_READER);
1053			if (zp->z_blksz == size)
1054				break;
1055			offset += blkoff;
1056			zfs_range_unlock(zgd->zgd_rl);
1057		}
1058		/* test for truncation needs to be done while range locked */
1059		if (lr->lr_offset >= zp->z_size)
1060			error = SET_ERROR(ENOENT);
1061#ifdef DEBUG
1062		if (zil_fault_io) {
1063			error = SET_ERROR(EIO);
1064			zil_fault_io = 0;
1065		}
1066#endif
1067		if (error == 0)
1068			error = dmu_buf_hold(os, object, offset, zgd, &db,
1069			    DMU_READ_NO_PREFETCH);
1070
1071		if (error == 0) {
1072			blkptr_t *obp = dmu_buf_get_blkptr(db);
1073			if (obp) {
1074				ASSERT(BP_IS_HOLE(bp));
1075				*bp = *obp;
1076			}
1077
1078			zgd->zgd_db = db;
1079			zgd->zgd_bp = bp;
1080
1081			ASSERT(db->db_offset == offset);
1082			ASSERT(db->db_size == size);
1083
1084			error = dmu_sync(zio, lr->lr_common.lrc_txg,
1085			    zfs_get_done, zgd);
1086			ASSERT(error || lr->lr_length <= zp->z_blksz);
1087
1088			/*
1089			 * On success, we need to wait for the write I/O
1090			 * initiated by dmu_sync() to complete before we can
1091			 * release this dbuf.  We will finish everything up
1092			 * in the zfs_get_done() callback.
1093			 */
1094			if (error == 0)
1095				return (0);
1096
1097			if (error == EALREADY) {
1098				lr->lr_common.lrc_txtype = TX_WRITE2;
1099				error = 0;
1100			}
1101		}
1102	}
1103
1104	zfs_get_done(zgd, error);
1105
1106	return (error);
1107}
1108
1109/*ARGSUSED*/
1110static int
1111zfs_access(vnode_t *vp, int mode, int flag, cred_t *cr,
1112    caller_context_t *ct)
1113{
1114	znode_t *zp = VTOZ(vp);
1115	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1116	int error;
1117
1118	ZFS_ENTER(zfsvfs);
1119	ZFS_VERIFY_ZP(zp);
1120
1121	if (flag & V_ACE_MASK)
1122		error = zfs_zaccess(zp, mode, flag, B_FALSE, cr);
1123	else
1124		error = zfs_zaccess_rwx(zp, mode, flag, cr);
1125
1126	ZFS_EXIT(zfsvfs);
1127	return (error);
1128}
1129
1130/*
1131 * If vnode is for a device return a specfs vnode instead.
1132 */
1133static int
1134specvp_check(vnode_t **vpp, cred_t *cr)
1135{
1136	int error = 0;
1137
1138	if (IS_DEVVP(*vpp)) {
1139		struct vnode *svp;
1140
1141		svp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type, cr);
1142		VN_RELE(*vpp);
1143		if (svp == NULL)
1144			error = SET_ERROR(ENOSYS);
1145		*vpp = svp;
1146	}
1147	return (error);
1148}
1149
1150
1151/*
1152 * Lookup an entry in a directory, or an extended attribute directory.
1153 * If it exists, return a held vnode reference for it.
1154 *
1155 *	IN:	dvp	- vnode of directory to search.
1156 *		nm	- name of entry to lookup.
1157 *		pnp	- full pathname to lookup [UNUSED].
1158 *		flags	- LOOKUP_XATTR set if looking for an attribute.
1159 *		rdir	- root directory vnode [UNUSED].
1160 *		cr	- credentials of caller.
1161 *		ct	- caller context
1162 *		direntflags - directory lookup flags
1163 *		realpnp - returned pathname.
1164 *
1165 *	OUT:	vpp	- vnode of located entry, NULL if not found.
1166 *
1167 *	RETURN:	0 on success, error code on failure.
1168 *
1169 * Timestamps:
1170 *	NA
1171 */
1172/* ARGSUSED */
1173static int
1174zfs_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1175    int flags, vnode_t *rdir, cred_t *cr,  caller_context_t *ct,
1176    int *direntflags, pathname_t *realpnp)
1177{
1178	znode_t *zdp = VTOZ(dvp);
1179	zfsvfs_t *zfsvfs = zdp->z_zfsvfs;
1180	int	error = 0;
1181
1182	/* fast path */
1183	if (!(flags & (LOOKUP_XATTR | FIGNORECASE))) {
1184
1185		if (dvp->v_type != VDIR) {
1186			return (SET_ERROR(ENOTDIR));
1187		} else if (zdp->z_sa_hdl == NULL) {
1188			return (SET_ERROR(EIO));
1189		}
1190
1191		if (nm[0] == 0 || (nm[0] == '.' && nm[1] == '\0')) {
1192			error = zfs_fastaccesschk_execute(zdp, cr);
1193			if (!error) {
1194				*vpp = dvp;
1195				VN_HOLD(*vpp);
1196				return (0);
1197			}
1198			return (error);
1199		} else {
1200			vnode_t *tvp = dnlc_lookup(dvp, nm);
1201
1202			if (tvp) {
1203				error = zfs_fastaccesschk_execute(zdp, cr);
1204				if (error) {
1205					VN_RELE(tvp);
1206					return (error);
1207				}
1208				if (tvp == DNLC_NO_VNODE) {
1209					VN_RELE(tvp);
1210					return (SET_ERROR(ENOENT));
1211				} else {
1212					*vpp = tvp;
1213					return (specvp_check(vpp, cr));
1214				}
1215			}
1216		}
1217	}
1218
1219	DTRACE_PROBE2(zfs__fastpath__lookup__miss, vnode_t *, dvp, char *, nm);
1220
1221	ZFS_ENTER(zfsvfs);
1222	ZFS_VERIFY_ZP(zdp);
1223
1224	*vpp = NULL;
1225
1226	if (flags & LOOKUP_XATTR) {
1227		/*
1228		 * If the xattr property is off, refuse the lookup request.
1229		 */
1230		if (!(zfsvfs->z_vfs->vfs_flag & VFS_XATTR)) {
1231			ZFS_EXIT(zfsvfs);
1232			return (SET_ERROR(EINVAL));
1233		}
1234
1235		/*
1236		 * We don't allow recursive attributes..
1237		 * Maybe someday we will.
1238		 */
1239		if (zdp->z_pflags & ZFS_XATTR) {
1240			ZFS_EXIT(zfsvfs);
1241			return (SET_ERROR(EINVAL));
1242		}
1243
1244		if (error = zfs_get_xattrdir(VTOZ(dvp), vpp, cr, flags)) {
1245			ZFS_EXIT(zfsvfs);
1246			return (error);
1247		}
1248
1249		/*
1250		 * Do we have permission to get into attribute directory?
1251		 */
1252
1253		if (error = zfs_zaccess(VTOZ(*vpp), ACE_EXECUTE, 0,
1254		    B_FALSE, cr)) {
1255			VN_RELE(*vpp);
1256			*vpp = NULL;
1257		}
1258
1259		ZFS_EXIT(zfsvfs);
1260		return (error);
1261	}
1262
1263	if (dvp->v_type != VDIR) {
1264		ZFS_EXIT(zfsvfs);
1265		return (SET_ERROR(ENOTDIR));
1266	}
1267
1268	/*
1269	 * Check accessibility of directory.
1270	 */
1271
1272	if (error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr)) {
1273		ZFS_EXIT(zfsvfs);
1274		return (error);
1275	}
1276
1277	if (zfsvfs->z_utf8 && u8_validate(nm, strlen(nm),
1278	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1279		ZFS_EXIT(zfsvfs);
1280		return (SET_ERROR(EILSEQ));
1281	}
1282
1283	error = zfs_dirlook(zdp, nm, vpp, flags, direntflags, realpnp);
1284	if (error == 0)
1285		error = specvp_check(vpp, cr);
1286
1287	ZFS_EXIT(zfsvfs);
1288	return (error);
1289}
1290
1291/*
1292 * Attempt to create a new entry in a directory.  If the entry
1293 * already exists, truncate the file if permissible, else return
1294 * an error.  Return the vp of the created or trunc'd file.
1295 *
1296 *	IN:	dvp	- vnode of directory to put new file entry in.
1297 *		name	- name of new file entry.
1298 *		vap	- attributes of new file.
1299 *		excl	- flag indicating exclusive or non-exclusive mode.
1300 *		mode	- mode to open file with.
1301 *		cr	- credentials of caller.
1302 *		flag	- large file flag [UNUSED].
1303 *		ct	- caller context
1304 *		vsecp	- ACL to be set
1305 *
1306 *	OUT:	vpp	- vnode of created or trunc'd entry.
1307 *
1308 *	RETURN:	0 on success, error code on failure.
1309 *
1310 * Timestamps:
1311 *	dvp - ctime|mtime updated if new entry created
1312 *	 vp - ctime|mtime always, atime if new
1313 */
1314
1315/* ARGSUSED */
1316static int
1317zfs_create(vnode_t *dvp, char *name, vattr_t *vap, vcexcl_t excl,
1318    int mode, vnode_t **vpp, cred_t *cr, int flag, caller_context_t *ct,
1319    vsecattr_t *vsecp)
1320{
1321	znode_t		*zp, *dzp = VTOZ(dvp);
1322	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1323	zilog_t		*zilog;
1324	objset_t	*os;
1325	zfs_dirlock_t	*dl;
1326	dmu_tx_t	*tx;
1327	int		error;
1328	ksid_t		*ksid;
1329	uid_t		uid;
1330	gid_t		gid = crgetgid(cr);
1331	zfs_acl_ids_t   acl_ids;
1332	boolean_t	fuid_dirtied;
1333	boolean_t	have_acl = B_FALSE;
1334	boolean_t	waited = B_FALSE;
1335
1336	/*
1337	 * If we have an ephemeral id, ACL, or XVATTR then
1338	 * make sure file system is at proper version
1339	 */
1340
1341	ksid = crgetsid(cr, KSID_OWNER);
1342	if (ksid)
1343		uid = ksid_getid(ksid);
1344	else
1345		uid = crgetuid(cr);
1346
1347	if (zfsvfs->z_use_fuids == B_FALSE &&
1348	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1349	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1350		return (SET_ERROR(EINVAL));
1351
1352	ZFS_ENTER(zfsvfs);
1353	ZFS_VERIFY_ZP(dzp);
1354	os = zfsvfs->z_os;
1355	zilog = zfsvfs->z_log;
1356
1357	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
1358	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1359		ZFS_EXIT(zfsvfs);
1360		return (SET_ERROR(EILSEQ));
1361	}
1362
1363	if (vap->va_mask & AT_XVATTR) {
1364		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1365		    crgetuid(cr), cr, vap->va_type)) != 0) {
1366			ZFS_EXIT(zfsvfs);
1367			return (error);
1368		}
1369	}
1370top:
1371	*vpp = NULL;
1372
1373	if ((vap->va_mode & VSVTX) && secpolicy_vnode_stky_modify(cr))
1374		vap->va_mode &= ~VSVTX;
1375
1376	if (*name == '\0') {
1377		/*
1378		 * Null component name refers to the directory itself.
1379		 */
1380		VN_HOLD(dvp);
1381		zp = dzp;
1382		dl = NULL;
1383		error = 0;
1384	} else {
1385		/* possible VN_HOLD(zp) */
1386		int zflg = 0;
1387
1388		if (flag & FIGNORECASE)
1389			zflg |= ZCILOOK;
1390
1391		error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1392		    NULL, NULL);
1393		if (error) {
1394			if (have_acl)
1395				zfs_acl_ids_free(&acl_ids);
1396			if (strcmp(name, "..") == 0)
1397				error = SET_ERROR(EISDIR);
1398			ZFS_EXIT(zfsvfs);
1399			return (error);
1400		}
1401	}
1402
1403	if (zp == NULL) {
1404		uint64_t txtype;
1405
1406		/*
1407		 * Create a new file object and update the directory
1408		 * to reference it.
1409		 */
1410		if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
1411			if (have_acl)
1412				zfs_acl_ids_free(&acl_ids);
1413			goto out;
1414		}
1415
1416		/*
1417		 * We only support the creation of regular files in
1418		 * extended attribute directories.
1419		 */
1420
1421		if ((dzp->z_pflags & ZFS_XATTR) &&
1422		    (vap->va_type != VREG)) {
1423			if (have_acl)
1424				zfs_acl_ids_free(&acl_ids);
1425			error = SET_ERROR(EINVAL);
1426			goto out;
1427		}
1428
1429		if (!have_acl && (error = zfs_acl_ids_create(dzp, 0, vap,
1430		    cr, vsecp, &acl_ids)) != 0)
1431			goto out;
1432		have_acl = B_TRUE;
1433
1434		if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1435			zfs_acl_ids_free(&acl_ids);
1436			error = SET_ERROR(EDQUOT);
1437			goto out;
1438		}
1439
1440		tx = dmu_tx_create(os);
1441
1442		dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1443		    ZFS_SA_BASE_ATTR_SIZE);
1444
1445		fuid_dirtied = zfsvfs->z_fuid_dirty;
1446		if (fuid_dirtied)
1447			zfs_fuid_txhold(zfsvfs, tx);
1448		dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
1449		dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
1450		if (!zfsvfs->z_use_sa &&
1451		    acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1452			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
1453			    0, acl_ids.z_aclp->z_acl_bytes);
1454		}
1455		error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1456		if (error) {
1457			zfs_dirent_unlock(dl);
1458			if (error == ERESTART) {
1459				waited = B_TRUE;
1460				dmu_tx_wait(tx);
1461				dmu_tx_abort(tx);
1462				goto top;
1463			}
1464			zfs_acl_ids_free(&acl_ids);
1465			dmu_tx_abort(tx);
1466			ZFS_EXIT(zfsvfs);
1467			return (error);
1468		}
1469		zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1470
1471		if (fuid_dirtied)
1472			zfs_fuid_sync(zfsvfs, tx);
1473
1474		(void) zfs_link_create(dl, zp, tx, ZNEW);
1475		txtype = zfs_log_create_txtype(Z_FILE, vsecp, vap);
1476		if (flag & FIGNORECASE)
1477			txtype |= TX_CI;
1478		zfs_log_create(zilog, tx, txtype, dzp, zp, name,
1479		    vsecp, acl_ids.z_fuidp, vap);
1480		zfs_acl_ids_free(&acl_ids);
1481		dmu_tx_commit(tx);
1482	} else {
1483		int aflags = (flag & FAPPEND) ? V_APPEND : 0;
1484
1485		if (have_acl)
1486			zfs_acl_ids_free(&acl_ids);
1487		have_acl = B_FALSE;
1488
1489		/*
1490		 * A directory entry already exists for this name.
1491		 */
1492		/*
1493		 * Can't truncate an existing file if in exclusive mode.
1494		 */
1495		if (excl == EXCL) {
1496			error = SET_ERROR(EEXIST);
1497			goto out;
1498		}
1499		/*
1500		 * Can't open a directory for writing.
1501		 */
1502		if ((ZTOV(zp)->v_type == VDIR) && (mode & S_IWRITE)) {
1503			error = SET_ERROR(EISDIR);
1504			goto out;
1505		}
1506		/*
1507		 * Verify requested access to file.
1508		 */
1509		if (mode && (error = zfs_zaccess_rwx(zp, mode, aflags, cr))) {
1510			goto out;
1511		}
1512
1513		mutex_enter(&dzp->z_lock);
1514		dzp->z_seq++;
1515		mutex_exit(&dzp->z_lock);
1516
1517		/*
1518		 * Truncate regular files if requested.
1519		 */
1520		if ((ZTOV(zp)->v_type == VREG) &&
1521		    (vap->va_mask & AT_SIZE) && (vap->va_size == 0)) {
1522			/* we can't hold any locks when calling zfs_freesp() */
1523			zfs_dirent_unlock(dl);
1524			dl = NULL;
1525			error = zfs_freesp(zp, 0, 0, mode, TRUE);
1526			if (error == 0) {
1527				vnevent_create(ZTOV(zp), ct);
1528			}
1529		}
1530	}
1531out:
1532
1533	if (dl)
1534		zfs_dirent_unlock(dl);
1535
1536	if (error) {
1537		if (zp)
1538			VN_RELE(ZTOV(zp));
1539	} else {
1540		*vpp = ZTOV(zp);
1541		error = specvp_check(vpp, cr);
1542	}
1543
1544	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1545		zil_commit(zilog, 0);
1546
1547	ZFS_EXIT(zfsvfs);
1548	return (error);
1549}
1550
1551/*
1552 * Remove an entry from a directory.
1553 *
1554 *	IN:	dvp	- vnode of directory to remove entry from.
1555 *		name	- name of entry to remove.
1556 *		cr	- credentials of caller.
1557 *		ct	- caller context
1558 *		flags	- case flags
1559 *
1560 *	RETURN:	0 on success, error code on failure.
1561 *
1562 * Timestamps:
1563 *	dvp - ctime|mtime
1564 *	 vp - ctime (if nlink > 0)
1565 */
1566
1567uint64_t null_xattr = 0;
1568
1569/*ARGSUSED*/
1570static int
1571zfs_remove(vnode_t *dvp, char *name, cred_t *cr, caller_context_t *ct,
1572    int flags)
1573{
1574	znode_t		*zp, *dzp = VTOZ(dvp);
1575	znode_t		*xzp;
1576	vnode_t		*vp;
1577	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1578	zilog_t		*zilog;
1579	uint64_t	acl_obj, xattr_obj;
1580	uint64_t	xattr_obj_unlinked = 0;
1581	uint64_t	obj = 0;
1582	zfs_dirlock_t	*dl;
1583	dmu_tx_t	*tx;
1584	boolean_t	may_delete_now, delete_now = FALSE;
1585	boolean_t	unlinked, toobig = FALSE;
1586	uint64_t	txtype;
1587	pathname_t	*realnmp = NULL;
1588	pathname_t	realnm;
1589	int		error;
1590	int		zflg = ZEXISTS;
1591	boolean_t	waited = B_FALSE;
1592
1593	ZFS_ENTER(zfsvfs);
1594	ZFS_VERIFY_ZP(dzp);
1595	zilog = zfsvfs->z_log;
1596
1597	if (flags & FIGNORECASE) {
1598		zflg |= ZCILOOK;
1599		pn_alloc(&realnm);
1600		realnmp = &realnm;
1601	}
1602
1603top:
1604	xattr_obj = 0;
1605	xzp = NULL;
1606	/*
1607	 * Attempt to lock directory; fail if entry doesn't exist.
1608	 */
1609	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1610	    NULL, realnmp)) {
1611		if (realnmp)
1612			pn_free(realnmp);
1613		ZFS_EXIT(zfsvfs);
1614		return (error);
1615	}
1616
1617	vp = ZTOV(zp);
1618
1619	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
1620		goto out;
1621	}
1622
1623	/*
1624	 * Need to use rmdir for removing directories.
1625	 */
1626	if (vp->v_type == VDIR) {
1627		error = SET_ERROR(EPERM);
1628		goto out;
1629	}
1630
1631	vnevent_remove(vp, dvp, name, ct);
1632
1633	if (realnmp)
1634		dnlc_remove(dvp, realnmp->pn_buf);
1635	else
1636		dnlc_remove(dvp, name);
1637
1638	mutex_enter(&vp->v_lock);
1639	may_delete_now = vp->v_count == 1 && !vn_has_cached_data(vp);
1640	mutex_exit(&vp->v_lock);
1641
1642	/*
1643	 * We may delete the znode now, or we may put it in the unlinked set;
1644	 * it depends on whether we're the last link, and on whether there are
1645	 * other holds on the vnode.  So we dmu_tx_hold() the right things to
1646	 * allow for either case.
1647	 */
1648	obj = zp->z_id;
1649	tx = dmu_tx_create(zfsvfs->z_os);
1650	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
1651	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
1652	zfs_sa_upgrade_txholds(tx, zp);
1653	zfs_sa_upgrade_txholds(tx, dzp);
1654	if (may_delete_now) {
1655		toobig =
1656		    zp->z_size > zp->z_blksz * DMU_MAX_DELETEBLKCNT;
1657		/* if the file is too big, only hold_free a token amount */
1658		dmu_tx_hold_free(tx, zp->z_id, 0,
1659		    (toobig ? DMU_MAX_ACCESS : DMU_OBJECT_END));
1660	}
1661
1662	/* are there any extended attributes? */
1663	error = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1664	    &xattr_obj, sizeof (xattr_obj));
1665	if (error == 0 && xattr_obj) {
1666		error = zfs_zget(zfsvfs, xattr_obj, &xzp);
1667		ASSERT0(error);
1668		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
1669		dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);
1670	}
1671
1672	mutex_enter(&zp->z_lock);
1673	if ((acl_obj = zfs_external_acl(zp)) != 0 && may_delete_now)
1674		dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END);
1675	mutex_exit(&zp->z_lock);
1676
1677	/* charge as an update -- would be nice not to charge at all */
1678	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
1679
1680	/*
1681	 * Mark this transaction as typically resulting in a net free of
1682	 * space, unless object removal will be delayed indefinitely
1683	 * (due to active holds on the vnode due to the file being open).
1684	 */
1685	if (may_delete_now)
1686		dmu_tx_mark_netfree(tx);
1687
1688	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1689	if (error) {
1690		zfs_dirent_unlock(dl);
1691		VN_RELE(vp);
1692		if (xzp)
1693			VN_RELE(ZTOV(xzp));
1694		if (error == ERESTART) {
1695			waited = B_TRUE;
1696			dmu_tx_wait(tx);
1697			dmu_tx_abort(tx);
1698			goto top;
1699		}
1700		if (realnmp)
1701			pn_free(realnmp);
1702		dmu_tx_abort(tx);
1703		ZFS_EXIT(zfsvfs);
1704		return (error);
1705	}
1706
1707	/*
1708	 * Remove the directory entry.
1709	 */
1710	error = zfs_link_destroy(dl, zp, tx, zflg, &unlinked);
1711
1712	if (error) {
1713		dmu_tx_commit(tx);
1714		goto out;
1715	}
1716
1717	if (unlinked) {
1718		/*
1719		 * Hold z_lock so that we can make sure that the ACL obj
1720		 * hasn't changed.  Could have been deleted due to
1721		 * zfs_sa_upgrade().
1722		 */
1723		mutex_enter(&zp->z_lock);
1724		mutex_enter(&vp->v_lock);
1725		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1726		    &xattr_obj_unlinked, sizeof (xattr_obj_unlinked));
1727		delete_now = may_delete_now && !toobig &&
1728		    vp->v_count == 1 && !vn_has_cached_data(vp) &&
1729		    xattr_obj == xattr_obj_unlinked && zfs_external_acl(zp) ==
1730		    acl_obj;
1731		mutex_exit(&vp->v_lock);
1732	}
1733
1734	if (delete_now) {
1735		if (xattr_obj_unlinked) {
1736			ASSERT3U(xzp->z_links, ==, 2);
1737			mutex_enter(&xzp->z_lock);
1738			xzp->z_unlinked = 1;
1739			xzp->z_links = 0;
1740			error = sa_update(xzp->z_sa_hdl, SA_ZPL_LINKS(zfsvfs),
1741			    &xzp->z_links, sizeof (xzp->z_links), tx);
1742			ASSERT3U(error,  ==,  0);
1743			mutex_exit(&xzp->z_lock);
1744			zfs_unlinked_add(xzp, tx);
1745
1746			if (zp->z_is_sa)
1747				error = sa_remove(zp->z_sa_hdl,
1748				    SA_ZPL_XATTR(zfsvfs), tx);
1749			else
1750				error = sa_update(zp->z_sa_hdl,
1751				    SA_ZPL_XATTR(zfsvfs), &null_xattr,
1752				    sizeof (uint64_t), tx);
1753			ASSERT0(error);
1754		}
1755		mutex_enter(&vp->v_lock);
1756		vp->v_count--;
1757		ASSERT0(vp->v_count);
1758		mutex_exit(&vp->v_lock);
1759		mutex_exit(&zp->z_lock);
1760		zfs_znode_delete(zp, tx);
1761	} else if (unlinked) {
1762		mutex_exit(&zp->z_lock);
1763		zfs_unlinked_add(zp, tx);
1764	}
1765
1766	txtype = TX_REMOVE;
1767	if (flags & FIGNORECASE)
1768		txtype |= TX_CI;
1769	zfs_log_remove(zilog, tx, txtype, dzp, name, obj);
1770
1771	dmu_tx_commit(tx);
1772out:
1773	if (realnmp)
1774		pn_free(realnmp);
1775
1776	zfs_dirent_unlock(dl);
1777
1778	if (!delete_now)
1779		VN_RELE(vp);
1780	if (xzp)
1781		VN_RELE(ZTOV(xzp));
1782
1783	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1784		zil_commit(zilog, 0);
1785
1786	ZFS_EXIT(zfsvfs);
1787	return (error);
1788}
1789
1790/*
1791 * Create a new directory and insert it into dvp using the name
1792 * provided.  Return a pointer to the inserted directory.
1793 *
1794 *	IN:	dvp	- vnode of directory to add subdir to.
1795 *		dirname	- name of new directory.
1796 *		vap	- attributes of new directory.
1797 *		cr	- credentials of caller.
1798 *		ct	- caller context
1799 *		flags	- case flags
1800 *		vsecp	- ACL to be set
1801 *
1802 *	OUT:	vpp	- vnode of created directory.
1803 *
1804 *	RETURN:	0 on success, error code on failure.
1805 *
1806 * Timestamps:
1807 *	dvp - ctime|mtime updated
1808 *	 vp - ctime|mtime|atime updated
1809 */
1810/*ARGSUSED*/
1811static int
1812zfs_mkdir(vnode_t *dvp, char *dirname, vattr_t *vap, vnode_t **vpp, cred_t *cr,
1813    caller_context_t *ct, int flags, vsecattr_t *vsecp)
1814{
1815	znode_t		*zp, *dzp = VTOZ(dvp);
1816	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1817	zilog_t		*zilog;
1818	zfs_dirlock_t	*dl;
1819	uint64_t	txtype;
1820	dmu_tx_t	*tx;
1821	int		error;
1822	int		zf = ZNEW;
1823	ksid_t		*ksid;
1824	uid_t		uid;
1825	gid_t		gid = crgetgid(cr);
1826	zfs_acl_ids_t   acl_ids;
1827	boolean_t	fuid_dirtied;
1828	boolean_t	waited = B_FALSE;
1829
1830	ASSERT(vap->va_type == VDIR);
1831
1832	/*
1833	 * If we have an ephemeral id, ACL, or XVATTR then
1834	 * make sure file system is at proper version
1835	 */
1836
1837	ksid = crgetsid(cr, KSID_OWNER);
1838	if (ksid)
1839		uid = ksid_getid(ksid);
1840	else
1841		uid = crgetuid(cr);
1842	if (zfsvfs->z_use_fuids == B_FALSE &&
1843	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1844	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1845		return (SET_ERROR(EINVAL));
1846
1847	ZFS_ENTER(zfsvfs);
1848	ZFS_VERIFY_ZP(dzp);
1849	zilog = zfsvfs->z_log;
1850
1851	if (dzp->z_pflags & ZFS_XATTR) {
1852		ZFS_EXIT(zfsvfs);
1853		return (SET_ERROR(EINVAL));
1854	}
1855
1856	if (zfsvfs->z_utf8 && u8_validate(dirname,
1857	    strlen(dirname), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1858		ZFS_EXIT(zfsvfs);
1859		return (SET_ERROR(EILSEQ));
1860	}
1861	if (flags & FIGNORECASE)
1862		zf |= ZCILOOK;
1863
1864	if (vap->va_mask & AT_XVATTR) {
1865		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1866		    crgetuid(cr), cr, vap->va_type)) != 0) {
1867			ZFS_EXIT(zfsvfs);
1868			return (error);
1869		}
1870	}
1871
1872	if ((error = zfs_acl_ids_create(dzp, 0, vap, cr,
1873	    vsecp, &acl_ids)) != 0) {
1874		ZFS_EXIT(zfsvfs);
1875		return (error);
1876	}
1877	/*
1878	 * First make sure the new directory doesn't exist.
1879	 *
1880	 * Existence is checked first to make sure we don't return
1881	 * EACCES instead of EEXIST which can cause some applications
1882	 * to fail.
1883	 */
1884top:
1885	*vpp = NULL;
1886
1887	if (error = zfs_dirent_lock(&dl, dzp, dirname, &zp, zf,
1888	    NULL, NULL)) {
1889		zfs_acl_ids_free(&acl_ids);
1890		ZFS_EXIT(zfsvfs);
1891		return (error);
1892	}
1893
1894	if (error = zfs_zaccess(dzp, ACE_ADD_SUBDIRECTORY, 0, B_FALSE, cr)) {
1895		zfs_acl_ids_free(&acl_ids);
1896		zfs_dirent_unlock(dl);
1897		ZFS_EXIT(zfsvfs);
1898		return (error);
1899	}
1900
1901	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1902		zfs_acl_ids_free(&acl_ids);
1903		zfs_dirent_unlock(dl);
1904		ZFS_EXIT(zfsvfs);
1905		return (SET_ERROR(EDQUOT));
1906	}
1907
1908	/*
1909	 * Add a new entry to the directory.
1910	 */
1911	tx = dmu_tx_create(zfsvfs->z_os);
1912	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, dirname);
1913	dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
1914	fuid_dirtied = zfsvfs->z_fuid_dirty;
1915	if (fuid_dirtied)
1916		zfs_fuid_txhold(zfsvfs, tx);
1917	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1918		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
1919		    acl_ids.z_aclp->z_acl_bytes);
1920	}
1921
1922	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1923	    ZFS_SA_BASE_ATTR_SIZE);
1924
1925	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1926	if (error) {
1927		zfs_dirent_unlock(dl);
1928		if (error == ERESTART) {
1929			waited = B_TRUE;
1930			dmu_tx_wait(tx);
1931			dmu_tx_abort(tx);
1932			goto top;
1933		}
1934		zfs_acl_ids_free(&acl_ids);
1935		dmu_tx_abort(tx);
1936		ZFS_EXIT(zfsvfs);
1937		return (error);
1938	}
1939
1940	/*
1941	 * Create new node.
1942	 */
1943	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1944
1945	if (fuid_dirtied)
1946		zfs_fuid_sync(zfsvfs, tx);
1947
1948	/*
1949	 * Now put new name in parent dir.
1950	 */
1951	(void) zfs_link_create(dl, zp, tx, ZNEW);
1952
1953	*vpp = ZTOV(zp);
1954
1955	txtype = zfs_log_create_txtype(Z_DIR, vsecp, vap);
1956	if (flags & FIGNORECASE)
1957		txtype |= TX_CI;
1958	zfs_log_create(zilog, tx, txtype, dzp, zp, dirname, vsecp,
1959	    acl_ids.z_fuidp, vap);
1960
1961	zfs_acl_ids_free(&acl_ids);
1962
1963	dmu_tx_commit(tx);
1964
1965	zfs_dirent_unlock(dl);
1966
1967	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1968		zil_commit(zilog, 0);
1969
1970	ZFS_EXIT(zfsvfs);
1971	return (0);
1972}
1973
1974/*
1975 * Remove a directory subdir entry.  If the current working
1976 * directory is the same as the subdir to be removed, the
1977 * remove will fail.
1978 *
1979 *	IN:	dvp	- vnode of directory to remove from.
1980 *		name	- name of directory to be removed.
1981 *		cwd	- vnode of current working directory.
1982 *		cr	- credentials of caller.
1983 *		ct	- caller context
1984 *		flags	- case flags
1985 *
1986 *	RETURN:	0 on success, error code on failure.
1987 *
1988 * Timestamps:
1989 *	dvp - ctime|mtime updated
1990 */
1991/*ARGSUSED*/
1992static int
1993zfs_rmdir(vnode_t *dvp, char *name, vnode_t *cwd, cred_t *cr,
1994    caller_context_t *ct, int flags)
1995{
1996	znode_t		*dzp = VTOZ(dvp);
1997	znode_t		*zp;
1998	vnode_t		*vp;
1999	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
2000	zilog_t		*zilog;
2001	zfs_dirlock_t	*dl;
2002	dmu_tx_t	*tx;
2003	int		error;
2004	int		zflg = ZEXISTS;
2005	boolean_t	waited = B_FALSE;
2006
2007	ZFS_ENTER(zfsvfs);
2008	ZFS_VERIFY_ZP(dzp);
2009	zilog = zfsvfs->z_log;
2010
2011	if (flags & FIGNORECASE)
2012		zflg |= ZCILOOK;
2013top:
2014	zp = NULL;
2015
2016	/*
2017	 * Attempt to lock directory; fail if entry doesn't exist.
2018	 */
2019	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
2020	    NULL, NULL)) {
2021		ZFS_EXIT(zfsvfs);
2022		return (error);
2023	}
2024
2025	vp = ZTOV(zp);
2026
2027	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
2028		goto out;
2029	}
2030
2031	if (vp->v_type != VDIR) {
2032		error = SET_ERROR(ENOTDIR);
2033		goto out;
2034	}
2035
2036	if (vp == cwd) {
2037		error = SET_ERROR(EINVAL);
2038		goto out;
2039	}
2040
2041	vnevent_rmdir(vp, dvp, name, ct);
2042
2043	/*
2044	 * Grab a lock on the directory to make sure that noone is
2045	 * trying to add (or lookup) entries while we are removing it.
2046	 */
2047	rw_enter(&zp->z_name_lock, RW_WRITER);
2048
2049	/*
2050	 * Grab a lock on the parent pointer to make sure we play well
2051	 * with the treewalk and directory rename code.
2052	 */
2053	rw_enter(&zp->z_parent_lock, RW_WRITER);
2054
2055	tx = dmu_tx_create(zfsvfs->z_os);
2056	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
2057	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
2058	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
2059	zfs_sa_upgrade_txholds(tx, zp);
2060	zfs_sa_upgrade_txholds(tx, dzp);
2061	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
2062	if (error) {
2063		rw_exit(&zp->z_parent_lock);
2064		rw_exit(&zp->z_name_lock);
2065		zfs_dirent_unlock(dl);
2066		VN_RELE(vp);
2067		if (error == ERESTART) {
2068			waited = B_TRUE;
2069			dmu_tx_wait(tx);
2070			dmu_tx_abort(tx);
2071			goto top;
2072		}
2073		dmu_tx_abort(tx);
2074		ZFS_EXIT(zfsvfs);
2075		return (error);
2076	}
2077
2078	error = zfs_link_destroy(dl, zp, tx, zflg, NULL);
2079
2080	if (error == 0) {
2081		uint64_t txtype = TX_RMDIR;
2082		if (flags & FIGNORECASE)
2083			txtype |= TX_CI;
2084		zfs_log_remove(zilog, tx, txtype, dzp, name, ZFS_NO_OBJECT);
2085	}
2086
2087	dmu_tx_commit(tx);
2088
2089	rw_exit(&zp->z_parent_lock);
2090	rw_exit(&zp->z_name_lock);
2091out:
2092	zfs_dirent_unlock(dl);
2093
2094	VN_RELE(vp);
2095
2096	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
2097		zil_commit(zilog, 0);
2098
2099	ZFS_EXIT(zfsvfs);
2100	return (error);
2101}
2102
2103/*
2104 * Read as many directory entries as will fit into the provided
2105 * buffer from the given directory cursor position (specified in
2106 * the uio structure).
2107 *
2108 *	IN:	vp	- vnode of directory to read.
2109 *		uio	- structure supplying read location, range info,
2110 *			  and return buffer.
2111 *		cr	- credentials of caller.
2112 *		ct	- caller context
2113 *		flags	- case flags
2114 *
2115 *	OUT:	uio	- updated offset and range, buffer filled.
2116 *		eofp	- set to true if end-of-file detected.
2117 *
2118 *	RETURN:	0 on success, error code on failure.
2119 *
2120 * Timestamps:
2121 *	vp - atime updated
2122 *
2123 * Note that the low 4 bits of the cookie returned by zap is always zero.
2124 * This allows us to use the low range for "special" directory entries:
2125 * We use 0 for '.', and 1 for '..'.  If this is the root of the filesystem,
2126 * we use the offset 2 for the '.zfs' directory.
2127 */
2128/* ARGSUSED */
2129static int
2130zfs_readdir(vnode_t *vp, uio_t *uio, cred_t *cr, int *eofp,
2131    caller_context_t *ct, int flags)
2132{
2133	znode_t		*zp = VTOZ(vp);
2134	iovec_t		*iovp;
2135	edirent_t	*eodp;
2136	dirent64_t	*odp;
2137	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2138	objset_t	*os;
2139	caddr_t		outbuf;
2140	size_t		bufsize;
2141	zap_cursor_t	zc;
2142	zap_attribute_t	zap;
2143	uint_t		bytes_wanted;
2144	uint64_t	offset; /* must be unsigned; checks for < 1 */
2145	uint64_t	parent;
2146	int		local_eof;
2147	int		outcount;
2148	int		error;
2149	uint8_t		prefetch;
2150	boolean_t	check_sysattrs;
2151
2152	ZFS_ENTER(zfsvfs);
2153	ZFS_VERIFY_ZP(zp);
2154
2155	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
2156	    &parent, sizeof (parent))) != 0) {
2157		ZFS_EXIT(zfsvfs);
2158		return (error);
2159	}
2160
2161	/*
2162	 * If we are not given an eof variable,
2163	 * use a local one.
2164	 */
2165	if (eofp == NULL)
2166		eofp = &local_eof;
2167
2168	/*
2169	 * Check for valid iov_len.
2170	 */
2171	if (uio->uio_iov->iov_len <= 0) {
2172		ZFS_EXIT(zfsvfs);
2173		return (SET_ERROR(EINVAL));
2174	}
2175
2176	/*
2177	 * Quit if directory has been removed (posix)
2178	 */
2179	if ((*eofp = zp->z_unlinked) != 0) {
2180		ZFS_EXIT(zfsvfs);
2181		return (0);
2182	}
2183
2184	error = 0;
2185	os = zfsvfs->z_os;
2186	offset = uio->uio_loffset;
2187	prefetch = zp->z_zn_prefetch;
2188
2189	/*
2190	 * Initialize the iterator cursor.
2191	 */
2192	if (offset <= 3) {
2193		/*
2194		 * Start iteration from the beginning of the directory.
2195		 */
2196		zap_cursor_init(&zc, os, zp->z_id);
2197	} else {
2198		/*
2199		 * The offset is a serialized cursor.
2200		 */
2201		zap_cursor_init_serialized(&zc, os, zp->z_id, offset);
2202	}
2203
2204	/*
2205	 * Get space to change directory entries into fs independent format.
2206	 */
2207	iovp = uio->uio_iov;
2208	bytes_wanted = iovp->iov_len;
2209	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) {
2210		bufsize = bytes_wanted;
2211		outbuf = kmem_alloc(bufsize, KM_SLEEP);
2212		odp = (struct dirent64 *)outbuf;
2213	} else {
2214		bufsize = bytes_wanted;
2215		outbuf = NULL;
2216		odp = (struct dirent64 *)iovp->iov_base;
2217	}
2218	eodp = (struct edirent *)odp;
2219
2220	/*
2221	 * If this VFS supports the system attribute view interface; and
2222	 * we're looking at an extended attribute directory; and we care
2223	 * about normalization conflicts on this vfs; then we must check
2224	 * for normalization conflicts with the sysattr name space.
2225	 */
2226	check_sysattrs = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
2227	    (vp->v_flag & V_XATTRDIR) && zfsvfs->z_norm &&
2228	    (flags & V_RDDIR_ENTFLAGS);
2229
2230	/*
2231	 * Transform to file-system independent format
2232	 */
2233	outcount = 0;
2234	while (outcount < bytes_wanted) {
2235		ino64_t objnum;
2236		ushort_t reclen;
2237		off64_t *next = NULL;
2238
2239		/*
2240		 * Special case `.', `..', and `.zfs'.
2241		 */
2242		if (offset == 0) {
2243			(void) strcpy(zap.za_name, ".");
2244			zap.za_normalization_conflict = 0;
2245			objnum = zp->z_id;
2246		} else if (offset == 1) {
2247			(void) strcpy(zap.za_name, "..");
2248			zap.za_normalization_conflict = 0;
2249			objnum = parent;
2250		} else if (offset == 2 && zfs_show_ctldir(zp)) {
2251			(void) strcpy(zap.za_name, ZFS_CTLDIR_NAME);
2252			zap.za_normalization_conflict = 0;
2253			objnum = ZFSCTL_INO_ROOT;
2254		} else {
2255			/*
2256			 * Grab next entry.
2257			 */
2258			if (error = zap_cursor_retrieve(&zc, &zap)) {
2259				if ((*eofp = (error == ENOENT)) != 0)
2260					break;
2261				else
2262					goto update;
2263			}
2264
2265			if (zap.za_integer_length != 8 ||
2266			    zap.za_num_integers != 1) {
2267				cmn_err(CE_WARN, "zap_readdir: bad directory "
2268				    "entry, obj = %lld, offset = %lld\n",
2269				    (u_longlong_t)zp->z_id,
2270				    (u_longlong_t)offset);
2271				error = SET_ERROR(ENXIO);
2272				goto update;
2273			}
2274
2275			objnum = ZFS_DIRENT_OBJ(zap.za_first_integer);
2276			/*
2277			 * MacOS X can extract the object type here such as:
2278			 * uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);
2279			 */
2280
2281			if (check_sysattrs && !zap.za_normalization_conflict) {
2282				zap.za_normalization_conflict =
2283				    xattr_sysattr_casechk(zap.za_name);
2284			}
2285		}
2286
2287		if (flags & V_RDDIR_ACCFILTER) {
2288			/*
2289			 * If we have no access at all, don't include
2290			 * this entry in the returned information
2291			 */
2292			znode_t	*ezp;
2293			if (zfs_zget(zp->z_zfsvfs, objnum, &ezp) != 0)
2294				goto skip_entry;
2295			if (!zfs_has_access(ezp, cr)) {
2296				VN_RELE(ZTOV(ezp));
2297				goto skip_entry;
2298			}
2299			VN_RELE(ZTOV(ezp));
2300		}
2301
2302		if (flags & V_RDDIR_ENTFLAGS)
2303			reclen = EDIRENT_RECLEN(strlen(zap.za_name));
2304		else
2305			reclen = DIRENT64_RECLEN(strlen(zap.za_name));
2306
2307		/*
2308		 * Will this entry fit in the buffer?
2309		 */
2310		if (outcount + reclen > bufsize) {
2311			/*
2312			 * Did we manage to fit anything in the buffer?
2313			 */
2314			if (!outcount) {
2315				error = SET_ERROR(EINVAL);
2316				goto update;
2317			}
2318			break;
2319		}
2320		if (flags & V_RDDIR_ENTFLAGS) {
2321			/*
2322			 * Add extended flag entry:
2323			 */
2324			eodp->ed_ino = objnum;
2325			eodp->ed_reclen = reclen;
2326			/* NOTE: ed_off is the offset for the *next* entry */
2327			next = &(eodp->ed_off);
2328			eodp->ed_eflags = zap.za_normalization_conflict ?
2329			    ED_CASE_CONFLICT : 0;
2330			(void) strncpy(eodp->ed_name, zap.za_name,
2331			    EDIRENT_NAMELEN(reclen));
2332			eodp = (edirent_t *)((intptr_t)eodp + reclen);
2333		} else {
2334			/*
2335			 * Add normal entry:
2336			 */
2337			odp->d_ino = objnum;
2338			odp->d_reclen = reclen;
2339			/* NOTE: d_off is the offset for the *next* entry */
2340			next = &(odp->d_off);
2341			(void) strncpy(odp->d_name, zap.za_name,
2342			    DIRENT64_NAMELEN(reclen));
2343			odp = (dirent64_t *)((intptr_t)odp + reclen);
2344		}
2345		outcount += reclen;
2346
2347		ASSERT(outcount <= bufsize);
2348
2349		/* Prefetch znode */
2350		if (prefetch)
2351			dmu_prefetch(os, objnum, 0, 0);
2352
2353	skip_entry:
2354		/*
2355		 * Move to the next entry, fill in the previous offset.
2356		 */
2357		if (offset > 2 || (offset == 2 && !zfs_show_ctldir(zp))) {
2358			zap_cursor_advance(&zc);
2359			offset = zap_cursor_serialize(&zc);
2360		} else {
2361			offset += 1;
2362		}
2363		if (next)
2364			*next = offset;
2365	}
2366	zp->z_zn_prefetch = B_FALSE; /* a lookup will re-enable pre-fetching */
2367
2368	if (uio->uio_segflg == UIO_SYSSPACE && uio->uio_iovcnt == 1) {
2369		iovp->iov_base += outcount;
2370		iovp->iov_len -= outcount;
2371		uio->uio_resid -= outcount;
2372	} else if (error = uiomove(outbuf, (long)outcount, UIO_READ, uio)) {
2373		/*
2374		 * Reset the pointer.
2375		 */
2376		offset = uio->uio_loffset;
2377	}
2378
2379update:
2380	zap_cursor_fini(&zc);
2381	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
2382		kmem_free(outbuf, bufsize);
2383
2384	if (error == ENOENT)
2385		error = 0;
2386
2387	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
2388
2389	uio->uio_loffset = offset;
2390	ZFS_EXIT(zfsvfs);
2391	return (error);
2392}
2393
2394ulong_t zfs_fsync_sync_cnt = 4;
2395
2396static int
2397zfs_fsync(vnode_t *vp, int syncflag, cred_t *cr, caller_context_t *ct)
2398{
2399	znode_t	*zp = VTOZ(vp);
2400	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2401
2402	/*
2403	 * Regardless of whether this is required for standards conformance,
2404	 * this is the logical behavior when fsync() is called on a file with
2405	 * dirty pages.  We use B_ASYNC since the ZIL transactions are already
2406	 * going to be pushed out as part of the zil_commit().
2407	 */
2408	if (vn_has_cached_data(vp) && !(syncflag & FNODSYNC) &&
2409	    (vp->v_type == VREG) && !(IS_SWAPVP(vp)))
2410		(void) VOP_PUTPAGE(vp, (offset_t)0, (size_t)0, B_ASYNC, cr, ct);
2411
2412	(void) tsd_set(zfs_fsyncer_key, (void *)zfs_fsync_sync_cnt);
2413
2414	if (zfsvfs->z_os->os_sync != ZFS_SYNC_DISABLED) {
2415		ZFS_ENTER(zfsvfs);
2416		ZFS_VERIFY_ZP(zp);
2417		zil_commit(zfsvfs->z_log, zp->z_id);
2418		ZFS_EXIT(zfsvfs);
2419	}
2420	return (0);
2421}
2422
2423
2424/*
2425 * Get the requested file attributes and place them in the provided
2426 * vattr structure.
2427 *
2428 *	IN:	vp	- vnode of file.
2429 *		vap	- va_mask identifies requested attributes.
2430 *			  If AT_XVATTR set, then optional attrs are requested
2431 *		flags	- ATTR_NOACLCHECK (CIFS server context)
2432 *		cr	- credentials of caller.
2433 *		ct	- caller context
2434 *
2435 *	OUT:	vap	- attribute values.
2436 *
2437 *	RETURN:	0 (always succeeds).
2438 */
2439/* ARGSUSED */
2440static int
2441zfs_getattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2442    caller_context_t *ct)
2443{
2444	znode_t *zp = VTOZ(vp);
2445	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2446	int	error = 0;
2447	uint64_t links;
2448	uint64_t mtime[2], ctime[2];
2449	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2450	xoptattr_t *xoap = NULL;
2451	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2452	sa_bulk_attr_t bulk[2];
2453	int count = 0;
2454
2455	ZFS_ENTER(zfsvfs);
2456	ZFS_VERIFY_ZP(zp);
2457
2458	zfs_fuid_map_ids(zp, cr, &vap->va_uid, &vap->va_gid);
2459
2460	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
2461	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
2462
2463	if ((error = sa_bulk_lookup(zp->z_sa_hdl, bulk, count)) != 0) {
2464		ZFS_EXIT(zfsvfs);
2465		return (error);
2466	}
2467
2468	/*
2469	 * If ACL is trivial don't bother looking for ACE_READ_ATTRIBUTES.
2470	 * Also, if we are the owner don't bother, since owner should
2471	 * always be allowed to read basic attributes of file.
2472	 */
2473	if (!(zp->z_pflags & ZFS_ACL_TRIVIAL) &&
2474	    (vap->va_uid != crgetuid(cr))) {
2475		if (error = zfs_zaccess(zp, ACE_READ_ATTRIBUTES, 0,
2476		    skipaclchk, cr)) {
2477			ZFS_EXIT(zfsvfs);
2478			return (error);
2479		}
2480	}
2481
2482	/*
2483	 * Return all attributes.  It's cheaper to provide the answer
2484	 * than to determine whether we were asked the question.
2485	 */
2486
2487	mutex_enter(&zp->z_lock);
2488	vap->va_type = vp->v_type;
2489	vap->va_mode = zp->z_mode & MODEMASK;
2490	vap->va_fsid = zp->z_zfsvfs->z_vfs->vfs_dev;
2491	vap->va_nodeid = zp->z_id;
2492	if ((vp->v_flag & VROOT) && zfs_show_ctldir(zp))
2493		links = zp->z_links + 1;
2494	else
2495		links = zp->z_links;
2496	vap->va_nlink = MIN(links, UINT32_MAX);	/* nlink_t limit! */
2497	vap->va_size = zp->z_size;
2498	vap->va_rdev = vp->v_rdev;
2499	vap->va_seq = zp->z_seq;
2500
2501	/*
2502	 * Add in any requested optional attributes and the create time.
2503	 * Also set the corresponding bits in the returned attribute bitmap.
2504	 */
2505	if ((xoap = xva_getxoptattr(xvap)) != NULL && zfsvfs->z_use_fuids) {
2506		if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE)) {
2507			xoap->xoa_archive =
2508			    ((zp->z_pflags & ZFS_ARCHIVE) != 0);
2509			XVA_SET_RTN(xvap, XAT_ARCHIVE);
2510		}
2511
2512		if (XVA_ISSET_REQ(xvap, XAT_READONLY)) {
2513			xoap->xoa_readonly =
2514			    ((zp->z_pflags & ZFS_READONLY) != 0);
2515			XVA_SET_RTN(xvap, XAT_READONLY);
2516		}
2517
2518		if (XVA_ISSET_REQ(xvap, XAT_SYSTEM)) {
2519			xoap->xoa_system =
2520			    ((zp->z_pflags & ZFS_SYSTEM) != 0);
2521			XVA_SET_RTN(xvap, XAT_SYSTEM);
2522		}
2523
2524		if (XVA_ISSET_REQ(xvap, XAT_HIDDEN)) {
2525			xoap->xoa_hidden =
2526			    ((zp->z_pflags & ZFS_HIDDEN) != 0);
2527			XVA_SET_RTN(xvap, XAT_HIDDEN);
2528		}
2529
2530		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2531			xoap->xoa_nounlink =
2532			    ((zp->z_pflags & ZFS_NOUNLINK) != 0);
2533			XVA_SET_RTN(xvap, XAT_NOUNLINK);
2534		}
2535
2536		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2537			xoap->xoa_immutable =
2538			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0);
2539			XVA_SET_RTN(xvap, XAT_IMMUTABLE);
2540		}
2541
2542		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2543			xoap->xoa_appendonly =
2544			    ((zp->z_pflags & ZFS_APPENDONLY) != 0);
2545			XVA_SET_RTN(xvap, XAT_APPENDONLY);
2546		}
2547
2548		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2549			xoap->xoa_nodump =
2550			    ((zp->z_pflags & ZFS_NODUMP) != 0);
2551			XVA_SET_RTN(xvap, XAT_NODUMP);
2552		}
2553
2554		if (XVA_ISSET_REQ(xvap, XAT_OPAQUE)) {
2555			xoap->xoa_opaque =
2556			    ((zp->z_pflags & ZFS_OPAQUE) != 0);
2557			XVA_SET_RTN(xvap, XAT_OPAQUE);
2558		}
2559
2560		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2561			xoap->xoa_av_quarantined =
2562			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0);
2563			XVA_SET_RTN(xvap, XAT_AV_QUARANTINED);
2564		}
2565
2566		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2567			xoap->xoa_av_modified =
2568			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0);
2569			XVA_SET_RTN(xvap, XAT_AV_MODIFIED);
2570		}
2571
2572		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) &&
2573		    vp->v_type == VREG) {
2574			zfs_sa_get_scanstamp(zp, xvap);
2575		}
2576
2577		if (XVA_ISSET_REQ(xvap, XAT_CREATETIME)) {
2578			uint64_t times[2];
2579
2580			(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_CRTIME(zfsvfs),
2581			    times, sizeof (times));
2582			ZFS_TIME_DECODE(&xoap->xoa_createtime, times);
2583			XVA_SET_RTN(xvap, XAT_CREATETIME);
2584		}
2585
2586		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2587			xoap->xoa_reparse = ((zp->z_pflags & ZFS_REPARSE) != 0);
2588			XVA_SET_RTN(xvap, XAT_REPARSE);
2589		}
2590		if (XVA_ISSET_REQ(xvap, XAT_GEN)) {
2591			xoap->xoa_generation = zp->z_gen;
2592			XVA_SET_RTN(xvap, XAT_GEN);
2593		}
2594
2595		if (XVA_ISSET_REQ(xvap, XAT_OFFLINE)) {
2596			xoap->xoa_offline =
2597			    ((zp->z_pflags & ZFS_OFFLINE) != 0);
2598			XVA_SET_RTN(xvap, XAT_OFFLINE);
2599		}
2600
2601		if (XVA_ISSET_REQ(xvap, XAT_SPARSE)) {
2602			xoap->xoa_sparse =
2603			    ((zp->z_pflags & ZFS_SPARSE) != 0);
2604			XVA_SET_RTN(xvap, XAT_SPARSE);
2605		}
2606	}
2607
2608	ZFS_TIME_DECODE(&vap->va_atime, zp->z_atime);
2609	ZFS_TIME_DECODE(&vap->va_mtime, mtime);
2610	ZFS_TIME_DECODE(&vap->va_ctime, ctime);
2611
2612	mutex_exit(&zp->z_lock);
2613
2614	sa_object_size(zp->z_sa_hdl, &vap->va_blksize, &vap->va_nblocks);
2615
2616	if (zp->z_blksz == 0) {
2617		/*
2618		 * Block size hasn't been set; suggest maximal I/O transfers.
2619		 */
2620		vap->va_blksize = zfsvfs->z_max_blksz;
2621	}
2622
2623	ZFS_EXIT(zfsvfs);
2624	return (0);
2625}
2626
2627/*
2628 * Set the file attributes to the values contained in the
2629 * vattr structure.
2630 *
2631 *	IN:	vp	- vnode of file to be modified.
2632 *		vap	- new attribute values.
2633 *			  If AT_XVATTR set, then optional attrs are being set
2634 *		flags	- ATTR_UTIME set if non-default time values provided.
2635 *			- ATTR_NOACLCHECK (CIFS context only).
2636 *		cr	- credentials of caller.
2637 *		ct	- caller context
2638 *
2639 *	RETURN:	0 on success, error code on failure.
2640 *
2641 * Timestamps:
2642 *	vp - ctime updated, mtime updated if size changed.
2643 */
2644/* ARGSUSED */
2645static int
2646zfs_setattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2647    caller_context_t *ct)
2648{
2649	znode_t		*zp = VTOZ(vp);
2650	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2651	zilog_t		*zilog;
2652	dmu_tx_t	*tx;
2653	vattr_t		oldva;
2654	xvattr_t	tmpxvattr;
2655	uint_t		mask = vap->va_mask;
2656	uint_t		saved_mask = 0;
2657	int		trim_mask = 0;
2658	uint64_t	new_mode;
2659	uint64_t	new_uid, new_gid;
2660	uint64_t	xattr_obj;
2661	uint64_t	mtime[2], ctime[2];
2662	znode_t		*attrzp;
2663	int		need_policy = FALSE;
2664	int		err, err2;
2665	zfs_fuid_info_t *fuidp = NULL;
2666	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2667	xoptattr_t	*xoap;
2668	zfs_acl_t	*aclp;
2669	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2670	boolean_t	fuid_dirtied = B_FALSE;
2671	sa_bulk_attr_t	bulk[7], xattr_bulk[7];
2672	int		count = 0, xattr_count = 0;
2673
2674	if (mask == 0)
2675		return (0);
2676
2677	if (mask & AT_NOSET)
2678		return (SET_ERROR(EINVAL));
2679
2680	ZFS_ENTER(zfsvfs);
2681	ZFS_VERIFY_ZP(zp);
2682
2683	zilog = zfsvfs->z_log;
2684
2685	/*
2686	 * Make sure that if we have ephemeral uid/gid or xvattr specified
2687	 * that file system is at proper version level
2688	 */
2689
2690	if (zfsvfs->z_use_fuids == B_FALSE &&
2691	    (((mask & AT_UID) && IS_EPHEMERAL(vap->va_uid)) ||
2692	    ((mask & AT_GID) && IS_EPHEMERAL(vap->va_gid)) ||
2693	    (mask & AT_XVATTR))) {
2694		ZFS_EXIT(zfsvfs);
2695		return (SET_ERROR(EINVAL));
2696	}
2697
2698	if (mask & AT_SIZE && vp->v_type == VDIR) {
2699		ZFS_EXIT(zfsvfs);
2700		return (SET_ERROR(EISDIR));
2701	}
2702
2703	if (mask & AT_SIZE && vp->v_type != VREG && vp->v_type != VFIFO) {
2704		ZFS_EXIT(zfsvfs);
2705		return (SET_ERROR(EINVAL));
2706	}
2707
2708	/*
2709	 * If this is an xvattr_t, then get a pointer to the structure of
2710	 * optional attributes.  If this is NULL, then we have a vattr_t.
2711	 */
2712	xoap = xva_getxoptattr(xvap);
2713
2714	xva_init(&tmpxvattr);
2715
2716	/*
2717	 * Immutable files can only alter immutable bit and atime
2718	 */
2719	if ((zp->z_pflags & ZFS_IMMUTABLE) &&
2720	    ((mask & (AT_SIZE|AT_UID|AT_GID|AT_MTIME|AT_MODE)) ||
2721	    ((mask & AT_XVATTR) && XVA_ISSET_REQ(xvap, XAT_CREATETIME)))) {
2722		ZFS_EXIT(zfsvfs);
2723		return (SET_ERROR(EPERM));
2724	}
2725
2726	if ((mask & AT_SIZE) && (zp->z_pflags & ZFS_READONLY)) {
2727		ZFS_EXIT(zfsvfs);
2728		return (SET_ERROR(EPERM));
2729	}
2730
2731	/*
2732	 * Verify timestamps doesn't overflow 32 bits.
2733	 * ZFS can handle large timestamps, but 32bit syscalls can't
2734	 * handle times greater than 2039.  This check should be removed
2735	 * once large timestamps are fully supported.
2736	 */
2737	if (mask & (AT_ATIME | AT_MTIME)) {
2738		if (((mask & AT_ATIME) && TIMESPEC_OVERFLOW(&vap->va_atime)) ||
2739		    ((mask & AT_MTIME) && TIMESPEC_OVERFLOW(&vap->va_mtime))) {
2740			ZFS_EXIT(zfsvfs);
2741			return (SET_ERROR(EOVERFLOW));
2742		}
2743	}
2744
2745top:
2746	attrzp = NULL;
2747	aclp = NULL;
2748
2749	/* Can this be moved to before the top label? */
2750	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
2751		ZFS_EXIT(zfsvfs);
2752		return (SET_ERROR(EROFS));
2753	}
2754
2755	/*
2756	 * First validate permissions
2757	 */
2758
2759	if (mask & AT_SIZE) {
2760		err = zfs_zaccess(zp, ACE_WRITE_DATA, 0, skipaclchk, cr);
2761		if (err) {
2762			ZFS_EXIT(zfsvfs);
2763			return (err);
2764		}
2765		/*
2766		 * XXX - Note, we are not providing any open
2767		 * mode flags here (like FNDELAY), so we may
2768		 * block if there are locks present... this
2769		 * should be addressed in openat().
2770		 */
2771		/* XXX - would it be OK to generate a log record here? */
2772		err = zfs_freesp(zp, vap->va_size, 0, 0, FALSE);
2773		if (err) {
2774			ZFS_EXIT(zfsvfs);
2775			return (err);
2776		}
2777
2778		if (vap->va_size == 0)
2779			vnevent_truncate(ZTOV(zp), ct);
2780	}
2781
2782	if (mask & (AT_ATIME|AT_MTIME) ||
2783	    ((mask & AT_XVATTR) && (XVA_ISSET_REQ(xvap, XAT_HIDDEN) ||
2784	    XVA_ISSET_REQ(xvap, XAT_READONLY) ||
2785	    XVA_ISSET_REQ(xvap, XAT_ARCHIVE) ||
2786	    XVA_ISSET_REQ(xvap, XAT_OFFLINE) ||
2787	    XVA_ISSET_REQ(xvap, XAT_SPARSE) ||
2788	    XVA_ISSET_REQ(xvap, XAT_CREATETIME) ||
2789	    XVA_ISSET_REQ(xvap, XAT_SYSTEM)))) {
2790		need_policy = zfs_zaccess(zp, ACE_WRITE_ATTRIBUTES, 0,
2791		    skipaclchk, cr);
2792	}
2793
2794	if (mask & (AT_UID|AT_GID)) {
2795		int	idmask = (mask & (AT_UID|AT_GID));
2796		int	take_owner;
2797		int	take_group;
2798
2799		/*
2800		 * NOTE: even if a new mode is being set,
2801		 * we may clear S_ISUID/S_ISGID bits.
2802		 */
2803
2804		if (!(mask & AT_MODE))
2805			vap->va_mode = zp->z_mode;
2806
2807		/*
2808		 * Take ownership or chgrp to group we are a member of
2809		 */
2810
2811		take_owner = (mask & AT_UID) && (vap->va_uid == crgetuid(cr));
2812		take_group = (mask & AT_GID) &&
2813		    zfs_groupmember(zfsvfs, vap->va_gid, cr);
2814
2815		/*
2816		 * If both AT_UID and AT_GID are set then take_owner and
2817		 * take_group must both be set in order to allow taking
2818		 * ownership.
2819		 *
2820		 * Otherwise, send the check through secpolicy_vnode_setattr()
2821		 *
2822		 */
2823
2824		if (((idmask == (AT_UID|AT_GID)) && take_owner && take_group) ||
2825		    ((idmask == AT_UID) && take_owner) ||
2826		    ((idmask == AT_GID) && take_group)) {
2827			if (zfs_zaccess(zp, ACE_WRITE_OWNER, 0,
2828			    skipaclchk, cr) == 0) {
2829				/*
2830				 * Remove setuid/setgid for non-privileged users
2831				 */
2832				secpolicy_setid_clear(vap, cr);
2833				trim_mask = (mask & (AT_UID|AT_GID));
2834			} else {
2835				need_policy =  TRUE;
2836			}
2837		} else {
2838			need_policy =  TRUE;
2839		}
2840	}
2841
2842	mutex_enter(&zp->z_lock);
2843	oldva.va_mode = zp->z_mode;
2844	zfs_fuid_map_ids(zp, cr, &oldva.va_uid, &oldva.va_gid);
2845	if (mask & AT_XVATTR) {
2846		/*
2847		 * Update xvattr mask to include only those attributes
2848		 * that are actually changing.
2849		 *
2850		 * the bits will be restored prior to actually setting
2851		 * the attributes so the caller thinks they were set.
2852		 */
2853		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2854			if (xoap->xoa_appendonly !=
2855			    ((zp->z_pflags & ZFS_APPENDONLY) != 0)) {
2856				need_policy = TRUE;
2857			} else {
2858				XVA_CLR_REQ(xvap, XAT_APPENDONLY);
2859				XVA_SET_REQ(&tmpxvattr, XAT_APPENDONLY);
2860			}
2861		}
2862
2863		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2864			if (xoap->xoa_nounlink !=
2865			    ((zp->z_pflags & ZFS_NOUNLINK) != 0)) {
2866				need_policy = TRUE;
2867			} else {
2868				XVA_CLR_REQ(xvap, XAT_NOUNLINK);
2869				XVA_SET_REQ(&tmpxvattr, XAT_NOUNLINK);
2870			}
2871		}
2872
2873		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2874			if (xoap->xoa_immutable !=
2875			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0)) {
2876				need_policy = TRUE;
2877			} else {
2878				XVA_CLR_REQ(xvap, XAT_IMMUTABLE);
2879				XVA_SET_REQ(&tmpxvattr, XAT_IMMUTABLE);
2880			}
2881		}
2882
2883		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2884			if (xoap->xoa_nodump !=
2885			    ((zp->z_pflags & ZFS_NODUMP) != 0)) {
2886				need_policy = TRUE;
2887			} else {
2888				XVA_CLR_REQ(xvap, XAT_NODUMP);
2889				XVA_SET_REQ(&tmpxvattr, XAT_NODUMP);
2890			}
2891		}
2892
2893		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2894			if (xoap->xoa_av_modified !=
2895			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0)) {
2896				need_policy = TRUE;
2897			} else {
2898				XVA_CLR_REQ(xvap, XAT_AV_MODIFIED);
2899				XVA_SET_REQ(&tmpxvattr, XAT_AV_MODIFIED);
2900			}
2901		}
2902
2903		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2904			if ((vp->v_type != VREG &&
2905			    xoap->xoa_av_quarantined) ||
2906			    xoap->xoa_av_quarantined !=
2907			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0)) {
2908				need_policy = TRUE;
2909			} else {
2910				XVA_CLR_REQ(xvap, XAT_AV_QUARANTINED);
2911				XVA_SET_REQ(&tmpxvattr, XAT_AV_QUARANTINED);
2912			}
2913		}
2914
2915		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2916			mutex_exit(&zp->z_lock);
2917			ZFS_EXIT(zfsvfs);
2918			return (SET_ERROR(EPERM));
2919		}
2920
2921		if (need_policy == FALSE &&
2922		    (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) ||
2923		    XVA_ISSET_REQ(xvap, XAT_OPAQUE))) {
2924			need_policy = TRUE;
2925		}
2926	}
2927
2928	mutex_exit(&zp->z_lock);
2929
2930	if (mask & AT_MODE) {
2931		if (zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr) == 0) {
2932			err = secpolicy_setid_setsticky_clear(vp, vap,
2933			    &oldva, cr);
2934			if (err) {
2935				ZFS_EXIT(zfsvfs);
2936				return (err);
2937			}
2938			trim_mask |= AT_MODE;
2939		} else {
2940			need_policy = TRUE;
2941		}
2942	}
2943
2944	if (need_policy) {
2945		/*
2946		 * If trim_mask is set then take ownership
2947		 * has been granted or write_acl is present and user
2948		 * has the ability to modify mode.  In that case remove
2949		 * UID|GID and or MODE from mask so that
2950		 * secpolicy_vnode_setattr() doesn't revoke it.
2951		 */
2952
2953		if (trim_mask) {
2954			saved_mask = vap->va_mask;
2955			vap->va_mask &= ~trim_mask;
2956		}
2957		err = secpolicy_vnode_setattr(cr, vp, vap, &oldva, flags,
2958		    (int (*)(void *, int, cred_t *))zfs_zaccess_unix, zp);
2959		if (err) {
2960			ZFS_EXIT(zfsvfs);
2961			return (err);
2962		}
2963
2964		if (trim_mask)
2965			vap->va_mask |= saved_mask;
2966	}
2967
2968	/*
2969	 * secpolicy_vnode_setattr, or take ownership may have
2970	 * changed va_mask
2971	 */
2972	mask = vap->va_mask;
2973
2974	if ((mask & (AT_UID | AT_GID))) {
2975		err = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
2976		    &xattr_obj, sizeof (xattr_obj));
2977
2978		if (err == 0 && xattr_obj) {
2979			err = zfs_zget(zp->z_zfsvfs, xattr_obj, &attrzp);
2980			if (err)
2981				goto out2;
2982		}
2983		if (mask & AT_UID) {
2984			new_uid = zfs_fuid_create(zfsvfs,
2985			    (uint64_t)vap->va_uid, cr, ZFS_OWNER, &fuidp);
2986			if (new_uid != zp->z_uid &&
2987			    zfs_fuid_overquota(zfsvfs, B_FALSE, new_uid)) {
2988				if (attrzp)
2989					VN_RELE(ZTOV(attrzp));
2990				err = SET_ERROR(EDQUOT);
2991				goto out2;
2992			}
2993		}
2994
2995		if (mask & AT_GID) {
2996			new_gid = zfs_fuid_create(zfsvfs, (uint64_t)vap->va_gid,
2997			    cr, ZFS_GROUP, &fuidp);
2998			if (new_gid != zp->z_gid &&
2999			    zfs_fuid_overquota(zfsvfs, B_TRUE, new_gid)) {
3000				if (attrzp)
3001					VN_RELE(ZTOV(attrzp));
3002				err = SET_ERROR(EDQUOT);
3003				goto out2;
3004			}
3005		}
3006	}
3007	tx = dmu_tx_create(zfsvfs->z_os);
3008
3009	if (mask & AT_MODE) {
3010		uint64_t pmode = zp->z_mode;
3011		uint64_t acl_obj;
3012		new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT);
3013
3014		if (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_RESTRICTED &&
3015		    !(zp->z_pflags & ZFS_ACL_TRIVIAL)) {
3016			err = SET_ERROR(EPERM);
3017			goto out;
3018		}
3019
3020		if (err = zfs_acl_chmod_setattr(zp, &aclp, new_mode))
3021			goto out;
3022
3023		mutex_enter(&zp->z_lock);
3024		if (!zp->z_is_sa && ((acl_obj = zfs_external_acl(zp)) != 0)) {
3025			/*
3026			 * Are we upgrading ACL from old V0 format
3027			 * to V1 format?
3028			 */
3029			if (zfsvfs->z_version >= ZPL_VERSION_FUID &&
3030			    zfs_znode_acl_version(zp) ==
3031			    ZFS_ACL_VERSION_INITIAL) {
3032				dmu_tx_hold_free(tx, acl_obj, 0,
3033				    DMU_OBJECT_END);
3034				dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3035				    0, aclp->z_acl_bytes);
3036			} else {
3037				dmu_tx_hold_write(tx, acl_obj, 0,
3038				    aclp->z_acl_bytes);
3039			}
3040		} else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3041			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3042			    0, aclp->z_acl_bytes);
3043		}
3044		mutex_exit(&zp->z_lock);
3045		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3046	} else {
3047		if ((mask & AT_XVATTR) &&
3048		    XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3049			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3050		else
3051			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
3052	}
3053
3054	if (attrzp) {
3055		dmu_tx_hold_sa(tx, attrzp->z_sa_hdl, B_FALSE);
3056	}
3057
3058	fuid_dirtied = zfsvfs->z_fuid_dirty;
3059	if (fuid_dirtied)
3060		zfs_fuid_txhold(zfsvfs, tx);
3061
3062	zfs_sa_upgrade_txholds(tx, zp);
3063
3064	err = dmu_tx_assign(tx, TXG_WAIT);
3065	if (err)
3066		goto out;
3067
3068	count = 0;
3069	/*
3070	 * Set each attribute requested.
3071	 * We group settings according to the locks they need to acquire.
3072	 *
3073	 * Note: you cannot set ctime directly, although it will be
3074	 * updated as a side-effect of calling this function.
3075	 */
3076
3077
3078	if (mask & (AT_UID|AT_GID|AT_MODE))
3079		mutex_enter(&zp->z_acl_lock);
3080	mutex_enter(&zp->z_lock);
3081
3082	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
3083	    &zp->z_pflags, sizeof (zp->z_pflags));
3084
3085	if (attrzp) {
3086		if (mask & (AT_UID|AT_GID|AT_MODE))
3087			mutex_enter(&attrzp->z_acl_lock);
3088		mutex_enter(&attrzp->z_lock);
3089		SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3090		    SA_ZPL_FLAGS(zfsvfs), NULL, &attrzp->z_pflags,
3091		    sizeof (attrzp->z_pflags));
3092	}
3093
3094	if (mask & (AT_UID|AT_GID)) {
3095
3096		if (mask & AT_UID) {
3097			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_UID(zfsvfs), NULL,
3098			    &new_uid, sizeof (new_uid));
3099			zp->z_uid = new_uid;
3100			if (attrzp) {
3101				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3102				    SA_ZPL_UID(zfsvfs), NULL, &new_uid,
3103				    sizeof (new_uid));
3104				attrzp->z_uid = new_uid;
3105			}
3106		}
3107
3108		if (mask & AT_GID) {
3109			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_GID(zfsvfs),
3110			    NULL, &new_gid, sizeof (new_gid));
3111			zp->z_gid = new_gid;
3112			if (attrzp) {
3113				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3114				    SA_ZPL_GID(zfsvfs), NULL, &new_gid,
3115				    sizeof (new_gid));
3116				attrzp->z_gid = new_gid;
3117			}
3118		}
3119		if (!(mask & AT_MODE)) {
3120			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs),
3121			    NULL, &new_mode, sizeof (new_mode));
3122			new_mode = zp->z_mode;
3123		}
3124		err = zfs_acl_chown_setattr(zp);
3125		ASSERT(err == 0);
3126		if (attrzp) {
3127			err = zfs_acl_chown_setattr(attrzp);
3128			ASSERT(err == 0);
3129		}
3130	}
3131
3132	if (mask & AT_MODE) {
3133		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs), NULL,
3134		    &new_mode, sizeof (new_mode));
3135		zp->z_mode = new_mode;
3136		ASSERT3U((uintptr_t)aclp, !=, NULL);
3137		err = zfs_aclset_common(zp, aclp, cr, tx);
3138		ASSERT0(err);
3139		if (zp->z_acl_cached)
3140			zfs_acl_free(zp->z_acl_cached);
3141		zp->z_acl_cached = aclp;
3142		aclp = NULL;
3143	}
3144
3145
3146	if (mask & AT_ATIME) {
3147		ZFS_TIME_ENCODE(&vap->va_atime, zp->z_atime);
3148		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ATIME(zfsvfs), NULL,
3149		    &zp->z_atime, sizeof (zp->z_atime));
3150	}
3151
3152	if (mask & AT_MTIME) {
3153		ZFS_TIME_ENCODE(&vap->va_mtime, mtime);
3154		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
3155		    mtime, sizeof (mtime));
3156	}
3157
3158	/* XXX - shouldn't this be done *before* the ATIME/MTIME checks? */
3159	if (mask & AT_SIZE && !(mask & AT_MTIME)) {
3160		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs),
3161		    NULL, mtime, sizeof (mtime));
3162		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3163		    &ctime, sizeof (ctime));
3164		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
3165		    B_TRUE);
3166	} else if (mask != 0) {
3167		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3168		    &ctime, sizeof (ctime));
3169		zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime, ctime,
3170		    B_TRUE);
3171		if (attrzp) {
3172			SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3173			    SA_ZPL_CTIME(zfsvfs), NULL,
3174			    &ctime, sizeof (ctime));
3175			zfs_tstamp_update_setup(attrzp, STATE_CHANGED,
3176			    mtime, ctime, B_TRUE);
3177		}
3178	}
3179	/*
3180	 * Do this after setting timestamps to prevent timestamp
3181	 * update from toggling bit
3182	 */
3183
3184	if (xoap && (mask & AT_XVATTR)) {
3185
3186		/*
3187		 * restore trimmed off masks
3188		 * so that return masks can be set for caller.
3189		 */
3190
3191		if (XVA_ISSET_REQ(&tmpxvattr, XAT_APPENDONLY)) {
3192			XVA_SET_REQ(xvap, XAT_APPENDONLY);
3193		}
3194		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NOUNLINK)) {
3195			XVA_SET_REQ(xvap, XAT_NOUNLINK);
3196		}
3197		if (XVA_ISSET_REQ(&tmpxvattr, XAT_IMMUTABLE)) {
3198			XVA_SET_REQ(xvap, XAT_IMMUTABLE);
3199		}
3200		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NODUMP)) {
3201			XVA_SET_REQ(xvap, XAT_NODUMP);
3202		}
3203		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_MODIFIED)) {
3204			XVA_SET_REQ(xvap, XAT_AV_MODIFIED);
3205		}
3206		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_QUARANTINED)) {
3207			XVA_SET_REQ(xvap, XAT_AV_QUARANTINED);
3208		}
3209
3210		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3211			ASSERT(vp->v_type == VREG);
3212
3213		zfs_xvattr_set(zp, xvap, tx);
3214	}
3215
3216	if (fuid_dirtied)
3217		zfs_fuid_sync(zfsvfs, tx);
3218
3219	if (mask != 0)
3220		zfs_log_setattr(zilog, tx, TX_SETATTR, zp, vap, mask, fuidp);
3221
3222	mutex_exit(&zp->z_lock);
3223	if (mask & (AT_UID|AT_GID|AT_MODE))
3224		mutex_exit(&zp->z_acl_lock);
3225
3226	if (attrzp) {
3227		if (mask & (AT_UID|AT_GID|AT_MODE))
3228			mutex_exit(&attrzp->z_acl_lock);
3229		mutex_exit(&attrzp->z_lock);
3230	}
3231out:
3232	if (err == 0 && attrzp) {
3233		err2 = sa_bulk_update(attrzp->z_sa_hdl, xattr_bulk,
3234		    xattr_count, tx);
3235		ASSERT(err2 == 0);
3236	}
3237
3238	if (attrzp)
3239		VN_RELE(ZTOV(attrzp));
3240
3241	if (aclp)
3242		zfs_acl_free(aclp);
3243
3244	if (fuidp) {
3245		zfs_fuid_info_free(fuidp);
3246		fuidp = NULL;
3247	}
3248
3249	if (err) {
3250		dmu_tx_abort(tx);
3251		if (err == ERESTART)
3252			goto top;
3253	} else {
3254		err2 = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
3255		dmu_tx_commit(tx);
3256	}
3257
3258out2:
3259	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3260		zil_commit(zilog, 0);
3261
3262	ZFS_EXIT(zfsvfs);
3263	return (err);
3264}
3265
3266typedef struct zfs_zlock {
3267	krwlock_t	*zl_rwlock;	/* lock we acquired */
3268	znode_t		*zl_znode;	/* znode we held */
3269	struct zfs_zlock *zl_next;	/* next in list */
3270} zfs_zlock_t;
3271
3272/*
3273 * Drop locks and release vnodes that were held by zfs_rename_lock().
3274 */
3275static void
3276zfs_rename_unlock(zfs_zlock_t **zlpp)
3277{
3278	zfs_zlock_t *zl;
3279
3280	while ((zl = *zlpp) != NULL) {
3281		if (zl->zl_znode != NULL)
3282			VN_RELE(ZTOV(zl->zl_znode));
3283		rw_exit(zl->zl_rwlock);
3284		*zlpp = zl->zl_next;
3285		kmem_free(zl, sizeof (*zl));
3286	}
3287}
3288
3289/*
3290 * Search back through the directory tree, using the ".." entries.
3291 * Lock each directory in the chain to prevent concurrent renames.
3292 * Fail any attempt to move a directory into one of its own descendants.
3293 * XXX - z_parent_lock can overlap with map or grow locks
3294 */
3295static int
3296zfs_rename_lock(znode_t *szp, znode_t *tdzp, znode_t *sdzp, zfs_zlock_t **zlpp)
3297{
3298	zfs_zlock_t	*zl;
3299	znode_t		*zp = tdzp;
3300	uint64_t	rootid = zp->z_zfsvfs->z_root;
3301	uint64_t	oidp = zp->z_id;
3302	krwlock_t	*rwlp = &szp->z_parent_lock;
3303	krw_t		rw = RW_WRITER;
3304
3305	/*
3306	 * First pass write-locks szp and compares to zp->z_id.
3307	 * Later passes read-lock zp and compare to zp->z_parent.
3308	 */
3309	do {
3310		if (!rw_tryenter(rwlp, rw)) {
3311			/*
3312			 * Another thread is renaming in this path.
3313			 * Note that if we are a WRITER, we don't have any
3314			 * parent_locks held yet.
3315			 */
3316			if (rw == RW_READER && zp->z_id > szp->z_id) {
3317				/*
3318				 * Drop our locks and restart
3319				 */
3320				zfs_rename_unlock(&zl);
3321				*zlpp = NULL;
3322				zp = tdzp;
3323				oidp = zp->z_id;
3324				rwlp = &szp->z_parent_lock;
3325				rw = RW_WRITER;
3326				continue;
3327			} else {
3328				/*
3329				 * Wait for other thread to drop its locks
3330				 */
3331				rw_enter(rwlp, rw);
3332			}
3333		}
3334
3335		zl = kmem_alloc(sizeof (*zl), KM_SLEEP);
3336		zl->zl_rwlock = rwlp;
3337		zl->zl_znode = NULL;
3338		zl->zl_next = *zlpp;
3339		*zlpp = zl;
3340
3341		if (oidp == szp->z_id)		/* We're a descendant of szp */
3342			return (SET_ERROR(EINVAL));
3343
3344		if (oidp == rootid)		/* We've hit the top */
3345			return (0);
3346
3347		if (rw == RW_READER) {		/* i.e. not the first pass */
3348			int error = zfs_zget(zp->z_zfsvfs, oidp, &zp);
3349			if (error)
3350				return (error);
3351			zl->zl_znode = zp;
3352		}
3353		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zp->z_zfsvfs),
3354		    &oidp, sizeof (oidp));
3355		rwlp = &zp->z_parent_lock;
3356		rw = RW_READER;
3357
3358	} while (zp->z_id != sdzp->z_id);
3359
3360	return (0);
3361}
3362
3363/*
3364 * Move an entry from the provided source directory to the target
3365 * directory.  Change the entry name as indicated.
3366 *
3367 *	IN:	sdvp	- Source directory containing the "old entry".
3368 *		snm	- Old entry name.
3369 *		tdvp	- Target directory to contain the "new entry".
3370 *		tnm	- New entry name.
3371 *		cr	- credentials of caller.
3372 *		ct	- caller context
3373 *		flags	- case flags
3374 *
3375 *	RETURN:	0 on success, error code on failure.
3376 *
3377 * Timestamps:
3378 *	sdvp,tdvp - ctime|mtime updated
3379 */
3380/*ARGSUSED*/
3381static int
3382zfs_rename(vnode_t *sdvp, char *snm, vnode_t *tdvp, char *tnm, cred_t *cr,
3383    caller_context_t *ct, int flags)
3384{
3385	znode_t		*tdzp, *szp, *tzp;
3386	znode_t		*sdzp = VTOZ(sdvp);
3387	zfsvfs_t	*zfsvfs = sdzp->z_zfsvfs;
3388	zilog_t		*zilog;
3389	vnode_t		*realvp;
3390	zfs_dirlock_t	*sdl, *tdl;
3391	dmu_tx_t	*tx;
3392	zfs_zlock_t	*zl;
3393	int		cmp, serr, terr;
3394	int		error = 0;
3395	int		zflg = 0;
3396	boolean_t	waited = B_FALSE;
3397
3398	ZFS_ENTER(zfsvfs);
3399	ZFS_VERIFY_ZP(sdzp);
3400	zilog = zfsvfs->z_log;
3401
3402	/*
3403	 * Make sure we have the real vp for the target directory.
3404	 */
3405	if (VOP_REALVP(tdvp, &realvp, ct) == 0)
3406		tdvp = realvp;
3407
3408	tdzp = VTOZ(tdvp);
3409	ZFS_VERIFY_ZP(tdzp);
3410
3411	/*
3412	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
3413	 * ctldir appear to have the same v_vfsp.
3414	 */
3415	if (tdzp->z_zfsvfs != zfsvfs || zfsctl_is_node(tdvp)) {
3416		ZFS_EXIT(zfsvfs);
3417		return (SET_ERROR(EXDEV));
3418	}
3419
3420	if (zfsvfs->z_utf8 && u8_validate(tnm,
3421	    strlen(tnm), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3422		ZFS_EXIT(zfsvfs);
3423		return (SET_ERROR(EILSEQ));
3424	}
3425
3426	if (flags & FIGNORECASE)
3427		zflg |= ZCILOOK;
3428
3429top:
3430	szp = NULL;
3431	tzp = NULL;
3432	zl = NULL;
3433
3434	/*
3435	 * This is to prevent the creation of links into attribute space
3436	 * by renaming a linked file into/outof an attribute directory.
3437	 * See the comment in zfs_link() for why this is considered bad.
3438	 */
3439	if ((tdzp->z_pflags & ZFS_XATTR) != (sdzp->z_pflags & ZFS_XATTR)) {
3440		ZFS_EXIT(zfsvfs);
3441		return (SET_ERROR(EINVAL));
3442	}
3443
3444	/*
3445	 * Lock source and target directory entries.  To prevent deadlock,
3446	 * a lock ordering must be defined.  We lock the directory with
3447	 * the smallest object id first, or if it's a tie, the one with
3448	 * the lexically first name.
3449	 */
3450	if (sdzp->z_id < tdzp->z_id) {
3451		cmp = -1;
3452	} else if (sdzp->z_id > tdzp->z_id) {
3453		cmp = 1;
3454	} else {
3455		/*
3456		 * First compare the two name arguments without
3457		 * considering any case folding.
3458		 */
3459		int nofold = (zfsvfs->z_norm & ~U8_TEXTPREP_TOUPPER);
3460
3461		cmp = u8_strcmp(snm, tnm, 0, nofold, U8_UNICODE_LATEST, &error);
3462		ASSERT(error == 0 || !zfsvfs->z_utf8);
3463		if (cmp == 0) {
3464			/*
3465			 * POSIX: "If the old argument and the new argument
3466			 * both refer to links to the same existing file,
3467			 * the rename() function shall return successfully
3468			 * and perform no other action."
3469			 */
3470			ZFS_EXIT(zfsvfs);
3471			return (0);
3472		}
3473		/*
3474		 * If the file system is case-folding, then we may
3475		 * have some more checking to do.  A case-folding file
3476		 * system is either supporting mixed case sensitivity
3477		 * access or is completely case-insensitive.  Note
3478		 * that the file system is always case preserving.
3479		 *
3480		 * In mixed sensitivity mode case sensitive behavior
3481		 * is the default.  FIGNORECASE must be used to
3482		 * explicitly request case insensitive behavior.
3483		 *
3484		 * If the source and target names provided differ only
3485		 * by case (e.g., a request to rename 'tim' to 'Tim'),
3486		 * we will treat this as a special case in the
3487		 * case-insensitive mode: as long as the source name
3488		 * is an exact match, we will allow this to proceed as
3489		 * a name-change request.
3490		 */
3491		if ((zfsvfs->z_case == ZFS_CASE_INSENSITIVE ||
3492		    (zfsvfs->z_case == ZFS_CASE_MIXED &&
3493		    flags & FIGNORECASE)) &&
3494		    u8_strcmp(snm, tnm, 0, zfsvfs->z_norm, U8_UNICODE_LATEST,
3495		    &error) == 0) {
3496			/*
3497			 * case preserving rename request, require exact
3498			 * name matches
3499			 */
3500			zflg |= ZCIEXACT;
3501			zflg &= ~ZCILOOK;
3502		}
3503	}
3504
3505	/*
3506	 * If the source and destination directories are the same, we should
3507	 * grab the z_name_lock of that directory only once.
3508	 */
3509	if (sdzp == tdzp) {
3510		zflg |= ZHAVELOCK;
3511		rw_enter(&sdzp->z_name_lock, RW_READER);
3512	}
3513
3514	if (cmp < 0) {
3515		serr = zfs_dirent_lock(&sdl, sdzp, snm, &szp,
3516		    ZEXISTS | zflg, NULL, NULL);
3517		terr = zfs_dirent_lock(&tdl,
3518		    tdzp, tnm, &tzp, ZRENAMING | zflg, NULL, NULL);
3519	} else {
3520		terr = zfs_dirent_lock(&tdl,
3521		    tdzp, tnm, &tzp, zflg, NULL, NULL);
3522		serr = zfs_dirent_lock(&sdl,
3523		    sdzp, snm, &szp, ZEXISTS | ZRENAMING | zflg,
3524		    NULL, NULL);
3525	}
3526
3527	if (serr) {
3528		/*
3529		 * Source entry invalid or not there.
3530		 */
3531		if (!terr) {
3532			zfs_dirent_unlock(tdl);
3533			if (tzp)
3534				VN_RELE(ZTOV(tzp));
3535		}
3536
3537		if (sdzp == tdzp)
3538			rw_exit(&sdzp->z_name_lock);
3539
3540		if (strcmp(snm, "..") == 0)
3541			serr = SET_ERROR(EINVAL);
3542		ZFS_EXIT(zfsvfs);
3543		return (serr);
3544	}
3545	if (terr) {
3546		zfs_dirent_unlock(sdl);
3547		VN_RELE(ZTOV(szp));
3548
3549		if (sdzp == tdzp)
3550			rw_exit(&sdzp->z_name_lock);
3551
3552		if (strcmp(tnm, "..") == 0)
3553			terr = SET_ERROR(EINVAL);
3554		ZFS_EXIT(zfsvfs);
3555		return (terr);
3556	}
3557
3558	/*
3559	 * Must have write access at the source to remove the old entry
3560	 * and write access at the target to create the new entry.
3561	 * Note that if target and source are the same, this can be
3562	 * done in a single check.
3563	 */
3564
3565	if (error = zfs_zaccess_rename(sdzp, szp, tdzp, tzp, cr))
3566		goto out;
3567
3568	if (ZTOV(szp)->v_type == VDIR) {
3569		/*
3570		 * Check to make sure rename is valid.
3571		 * Can't do a move like this: /usr/a/b to /usr/a/b/c/d
3572		 */
3573		if (error = zfs_rename_lock(szp, tdzp, sdzp, &zl))
3574			goto out;
3575	}
3576
3577	/*
3578	 * Does target exist?
3579	 */
3580	if (tzp) {
3581		/*
3582		 * Source and target must be the same type.
3583		 */
3584		if (ZTOV(szp)->v_type == VDIR) {
3585			if (ZTOV(tzp)->v_type != VDIR) {
3586				error = SET_ERROR(ENOTDIR);
3587				goto out;
3588			}
3589		} else {
3590			if (ZTOV(tzp)->v_type == VDIR) {
3591				error = SET_ERROR(EISDIR);
3592				goto out;
3593			}
3594		}
3595		/*
3596		 * POSIX dictates that when the source and target
3597		 * entries refer to the same file object, rename
3598		 * must do nothing and exit without error.
3599		 */
3600		if (szp->z_id == tzp->z_id) {
3601			error = 0;
3602			goto out;
3603		}
3604	}
3605
3606	vnevent_rename_src(ZTOV(szp), sdvp, snm, ct);
3607	if (tzp)
3608		vnevent_rename_dest(ZTOV(tzp), tdvp, tnm, ct);
3609
3610	/*
3611	 * notify the target directory if it is not the same
3612	 * as source directory.
3613	 */
3614	if (tdvp != sdvp) {
3615		vnevent_rename_dest_dir(tdvp, ct);
3616	}
3617
3618	tx = dmu_tx_create(zfsvfs->z_os);
3619	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
3620	dmu_tx_hold_sa(tx, sdzp->z_sa_hdl, B_FALSE);
3621	dmu_tx_hold_zap(tx, sdzp->z_id, FALSE, snm);
3622	dmu_tx_hold_zap(tx, tdzp->z_id, TRUE, tnm);
3623	if (sdzp != tdzp) {
3624		dmu_tx_hold_sa(tx, tdzp->z_sa_hdl, B_FALSE);
3625		zfs_sa_upgrade_txholds(tx, tdzp);
3626	}
3627	if (tzp) {
3628		dmu_tx_hold_sa(tx, tzp->z_sa_hdl, B_FALSE);
3629		zfs_sa_upgrade_txholds(tx, tzp);
3630	}
3631
3632	zfs_sa_upgrade_txholds(tx, szp);
3633	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
3634	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3635	if (error) {
3636		if (zl != NULL)
3637			zfs_rename_unlock(&zl);
3638		zfs_dirent_unlock(sdl);
3639		zfs_dirent_unlock(tdl);
3640
3641		if (sdzp == tdzp)
3642			rw_exit(&sdzp->z_name_lock);
3643
3644		VN_RELE(ZTOV(szp));
3645		if (tzp)
3646			VN_RELE(ZTOV(tzp));
3647		if (error == ERESTART) {
3648			waited = B_TRUE;
3649			dmu_tx_wait(tx);
3650			dmu_tx_abort(tx);
3651			goto top;
3652		}
3653		dmu_tx_abort(tx);
3654		ZFS_EXIT(zfsvfs);
3655		return (error);
3656	}
3657
3658	if (tzp)	/* Attempt to remove the existing target */
3659		error = zfs_link_destroy(tdl, tzp, tx, zflg, NULL);
3660
3661	if (error == 0) {
3662		error = zfs_link_create(tdl, szp, tx, ZRENAMING);
3663		if (error == 0) {
3664			szp->z_pflags |= ZFS_AV_MODIFIED;
3665
3666			error = sa_update(szp->z_sa_hdl, SA_ZPL_FLAGS(zfsvfs),
3667			    (void *)&szp->z_pflags, sizeof (uint64_t), tx);
3668			ASSERT0(error);
3669
3670			error = zfs_link_destroy(sdl, szp, tx, ZRENAMING, NULL);
3671			if (error == 0) {
3672				zfs_log_rename(zilog, tx, TX_RENAME |
3673				    (flags & FIGNORECASE ? TX_CI : 0), sdzp,
3674				    sdl->dl_name, tdzp, tdl->dl_name, szp);
3675
3676				/*
3677				 * Update path information for the target vnode
3678				 */
3679				vn_renamepath(tdvp, ZTOV(szp), tnm,
3680				    strlen(tnm));
3681			} else {
3682				/*
3683				 * At this point, we have successfully created
3684				 * the target name, but have failed to remove
3685				 * the source name.  Since the create was done
3686				 * with the ZRENAMING flag, there are
3687				 * complications; for one, the link count is
3688				 * wrong.  The easiest way to deal with this
3689				 * is to remove the newly created target, and
3690				 * return the original error.  This must
3691				 * succeed; fortunately, it is very unlikely to
3692				 * fail, since we just created it.
3693				 */
3694				VERIFY3U(zfs_link_destroy(tdl, szp, tx,
3695				    ZRENAMING, NULL), ==, 0);
3696			}
3697		}
3698	}
3699
3700	dmu_tx_commit(tx);
3701out:
3702	if (zl != NULL)
3703		zfs_rename_unlock(&zl);
3704
3705	zfs_dirent_unlock(sdl);
3706	zfs_dirent_unlock(tdl);
3707
3708	if (sdzp == tdzp)
3709		rw_exit(&sdzp->z_name_lock);
3710
3711
3712	VN_RELE(ZTOV(szp));
3713	if (tzp)
3714		VN_RELE(ZTOV(tzp));
3715
3716	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3717		zil_commit(zilog, 0);
3718
3719	ZFS_EXIT(zfsvfs);
3720	return (error);
3721}
3722
3723/*
3724 * Insert the indicated symbolic reference entry into the directory.
3725 *
3726 *	IN:	dvp	- Directory to contain new symbolic link.
3727 *		link	- Name for new symlink entry.
3728 *		vap	- Attributes of new entry.
3729 *		cr	- credentials of caller.
3730 *		ct	- caller context
3731 *		flags	- case flags
3732 *
3733 *	RETURN:	0 on success, error code on failure.
3734 *
3735 * Timestamps:
3736 *	dvp - ctime|mtime updated
3737 */
3738/*ARGSUSED*/
3739static int
3740zfs_symlink(vnode_t *dvp, char *name, vattr_t *vap, char *link, cred_t *cr,
3741    caller_context_t *ct, int flags)
3742{
3743	znode_t		*zp, *dzp = VTOZ(dvp);
3744	zfs_dirlock_t	*dl;
3745	dmu_tx_t	*tx;
3746	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3747	zilog_t		*zilog;
3748	uint64_t	len = strlen(link);
3749	int		error;
3750	int		zflg = ZNEW;
3751	zfs_acl_ids_t	acl_ids;
3752	boolean_t	fuid_dirtied;
3753	uint64_t	txtype = TX_SYMLINK;
3754	boolean_t	waited = B_FALSE;
3755
3756	ASSERT(vap->va_type == VLNK);
3757
3758	ZFS_ENTER(zfsvfs);
3759	ZFS_VERIFY_ZP(dzp);
3760	zilog = zfsvfs->z_log;
3761
3762	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
3763	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3764		ZFS_EXIT(zfsvfs);
3765		return (SET_ERROR(EILSEQ));
3766	}
3767	if (flags & FIGNORECASE)
3768		zflg |= ZCILOOK;
3769
3770	if (len > MAXPATHLEN) {
3771		ZFS_EXIT(zfsvfs);
3772		return (SET_ERROR(ENAMETOOLONG));
3773	}
3774
3775	if ((error = zfs_acl_ids_create(dzp, 0,
3776	    vap, cr, NULL, &acl_ids)) != 0) {
3777		ZFS_EXIT(zfsvfs);
3778		return (error);
3779	}
3780top:
3781	/*
3782	 * Attempt to lock directory; fail if entry already exists.
3783	 */
3784	error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg, NULL, NULL);
3785	if (error) {
3786		zfs_acl_ids_free(&acl_ids);
3787		ZFS_EXIT(zfsvfs);
3788		return (error);
3789	}
3790
3791	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
3792		zfs_acl_ids_free(&acl_ids);
3793		zfs_dirent_unlock(dl);
3794		ZFS_EXIT(zfsvfs);
3795		return (error);
3796	}
3797
3798	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
3799		zfs_acl_ids_free(&acl_ids);
3800		zfs_dirent_unlock(dl);
3801		ZFS_EXIT(zfsvfs);
3802		return (SET_ERROR(EDQUOT));
3803	}
3804	tx = dmu_tx_create(zfsvfs->z_os);
3805	fuid_dirtied = zfsvfs->z_fuid_dirty;
3806	dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, MAX(1, len));
3807	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
3808	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
3809	    ZFS_SA_BASE_ATTR_SIZE + len);
3810	dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
3811	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3812		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
3813		    acl_ids.z_aclp->z_acl_bytes);
3814	}
3815	if (fuid_dirtied)
3816		zfs_fuid_txhold(zfsvfs, tx);
3817	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3818	if (error) {
3819		zfs_dirent_unlock(dl);
3820		if (error == ERESTART) {
3821			waited = B_TRUE;
3822			dmu_tx_wait(tx);
3823			dmu_tx_abort(tx);
3824			goto top;
3825		}
3826		zfs_acl_ids_free(&acl_ids);
3827		dmu_tx_abort(tx);
3828		ZFS_EXIT(zfsvfs);
3829		return (error);
3830	}
3831
3832	/*
3833	 * Create a new object for the symlink.
3834	 * for version 4 ZPL datsets the symlink will be an SA attribute
3835	 */
3836	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
3837
3838	if (fuid_dirtied)
3839		zfs_fuid_sync(zfsvfs, tx);
3840
3841	mutex_enter(&zp->z_lock);
3842	if (zp->z_is_sa)
3843		error = sa_update(zp->z_sa_hdl, SA_ZPL_SYMLINK(zfsvfs),
3844		    link, len, tx);
3845	else
3846		zfs_sa_symlink(zp, link, len, tx);
3847	mutex_exit(&zp->z_lock);
3848
3849	zp->z_size = len;
3850	(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
3851	    &zp->z_size, sizeof (zp->z_size), tx);
3852	/*
3853	 * Insert the new object into the directory.
3854	 */
3855	(void) zfs_link_create(dl, zp, tx, ZNEW);
3856
3857	if (flags & FIGNORECASE)
3858		txtype |= TX_CI;
3859	zfs_log_symlink(zilog, tx, txtype, dzp, zp, name, link);
3860
3861	zfs_acl_ids_free(&acl_ids);
3862
3863	dmu_tx_commit(tx);
3864
3865	zfs_dirent_unlock(dl);
3866
3867	VN_RELE(ZTOV(zp));
3868
3869	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3870		zil_commit(zilog, 0);
3871
3872	ZFS_EXIT(zfsvfs);
3873	return (error);
3874}
3875
3876/*
3877 * Return, in the buffer contained in the provided uio structure,
3878 * the symbolic path referred to by vp.
3879 *
3880 *	IN:	vp	- vnode of symbolic link.
3881 *		uio	- structure to contain the link path.
3882 *		cr	- credentials of caller.
3883 *		ct	- caller context
3884 *
3885 *	OUT:	uio	- structure containing the link path.
3886 *
3887 *	RETURN:	0 on success, error code on failure.
3888 *
3889 * Timestamps:
3890 *	vp - atime updated
3891 */
3892/* ARGSUSED */
3893static int
3894zfs_readlink(vnode_t *vp, uio_t *uio, cred_t *cr, caller_context_t *ct)
3895{
3896	znode_t		*zp = VTOZ(vp);
3897	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
3898	int		error;
3899
3900	ZFS_ENTER(zfsvfs);
3901	ZFS_VERIFY_ZP(zp);
3902
3903	mutex_enter(&zp->z_lock);
3904	if (zp->z_is_sa)
3905		error = sa_lookup_uio(zp->z_sa_hdl,
3906		    SA_ZPL_SYMLINK(zfsvfs), uio);
3907	else
3908		error = zfs_sa_readlink(zp, uio);
3909	mutex_exit(&zp->z_lock);
3910
3911	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
3912
3913	ZFS_EXIT(zfsvfs);
3914	return (error);
3915}
3916
3917/*
3918 * Insert a new entry into directory tdvp referencing svp.
3919 *
3920 *	IN:	tdvp	- Directory to contain new entry.
3921 *		svp	- vnode of new entry.
3922 *		name	- name of new entry.
3923 *		cr	- credentials of caller.
3924 *		ct	- caller context
3925 *
3926 *	RETURN:	0 on success, error code on failure.
3927 *
3928 * Timestamps:
3929 *	tdvp - ctime|mtime updated
3930 *	 svp - ctime updated
3931 */
3932/* ARGSUSED */
3933static int
3934zfs_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr,
3935    caller_context_t *ct, int flags)
3936{
3937	znode_t		*dzp = VTOZ(tdvp);
3938	znode_t		*tzp, *szp;
3939	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3940	zilog_t		*zilog;
3941	zfs_dirlock_t	*dl;
3942	dmu_tx_t	*tx;
3943	vnode_t		*realvp;
3944	int		error;
3945	int		zf = ZNEW;
3946	uint64_t	parent;
3947	uid_t		owner;
3948	boolean_t	waited = B_FALSE;
3949
3950	ASSERT(tdvp->v_type == VDIR);
3951
3952	ZFS_ENTER(zfsvfs);
3953	ZFS_VERIFY_ZP(dzp);
3954	zilog = zfsvfs->z_log;
3955
3956	if (VOP_REALVP(svp, &realvp, ct) == 0)
3957		svp = realvp;
3958
3959	/*
3960	 * POSIX dictates that we return EPERM here.
3961	 * Better choices include ENOTSUP or EISDIR.
3962	 */
3963	if (svp->v_type == VDIR) {
3964		ZFS_EXIT(zfsvfs);
3965		return (SET_ERROR(EPERM));
3966	}
3967
3968	szp = VTOZ(svp);
3969	ZFS_VERIFY_ZP(szp);
3970
3971	/*
3972	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
3973	 * ctldir appear to have the same v_vfsp.
3974	 */
3975	if (szp->z_zfsvfs != zfsvfs || zfsctl_is_node(svp)) {
3976		ZFS_EXIT(zfsvfs);
3977		return (SET_ERROR(EXDEV));
3978	}
3979
3980	/* Prevent links to .zfs/shares files */
3981
3982	if ((error = sa_lookup(szp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
3983	    &parent, sizeof (uint64_t))) != 0) {
3984		ZFS_EXIT(zfsvfs);
3985		return (error);
3986	}
3987	if (parent == zfsvfs->z_shares_dir) {
3988		ZFS_EXIT(zfsvfs);
3989		return (SET_ERROR(EPERM));
3990	}
3991
3992	if (zfsvfs->z_utf8 && u8_validate(name,
3993	    strlen(name), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3994		ZFS_EXIT(zfsvfs);
3995		return (SET_ERROR(EILSEQ));
3996	}
3997	if (flags & FIGNORECASE)
3998		zf |= ZCILOOK;
3999
4000	/*
4001	 * We do not support links between attributes and non-attributes
4002	 * because of the potential security risk of creating links
4003	 * into "normal" file space in order to circumvent restrictions
4004	 * imposed in attribute space.
4005	 */
4006	if ((szp->z_pflags & ZFS_XATTR) != (dzp->z_pflags & ZFS_XATTR)) {
4007		ZFS_EXIT(zfsvfs);
4008		return (SET_ERROR(EINVAL));
4009	}
4010
4011
4012	owner = zfs_fuid_map_id(zfsvfs, szp->z_uid, cr, ZFS_OWNER);
4013	if (owner != crgetuid(cr) && secpolicy_basic_link(cr) != 0) {
4014		ZFS_EXIT(zfsvfs);
4015		return (SET_ERROR(EPERM));
4016	}
4017
4018	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
4019		ZFS_EXIT(zfsvfs);
4020		return (error);
4021	}
4022
4023top:
4024	/*
4025	 * Attempt to lock directory; fail if entry already exists.
4026	 */
4027	error = zfs_dirent_lock(&dl, dzp, name, &tzp, zf, NULL, NULL);
4028	if (error) {
4029		ZFS_EXIT(zfsvfs);
4030		return (error);
4031	}
4032
4033	tx = dmu_tx_create(zfsvfs->z_os);
4034	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
4035	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
4036	zfs_sa_upgrade_txholds(tx, szp);
4037	zfs_sa_upgrade_txholds(tx, dzp);
4038	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
4039	if (error) {
4040		zfs_dirent_unlock(dl);
4041		if (error == ERESTART) {
4042			waited = B_TRUE;
4043			dmu_tx_wait(tx);
4044			dmu_tx_abort(tx);
4045			goto top;
4046		}
4047		dmu_tx_abort(tx);
4048		ZFS_EXIT(zfsvfs);
4049		return (error);
4050	}
4051
4052	error = zfs_link_create(dl, szp, tx, 0);
4053
4054	if (error == 0) {
4055		uint64_t txtype = TX_LINK;
4056		if (flags & FIGNORECASE)
4057			txtype |= TX_CI;
4058		zfs_log_link(zilog, tx, txtype, dzp, szp, name);
4059	}
4060
4061	dmu_tx_commit(tx);
4062
4063	zfs_dirent_unlock(dl);
4064
4065	if (error == 0) {
4066		vnevent_link(svp, ct);
4067	}
4068
4069	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4070		zil_commit(zilog, 0);
4071
4072	ZFS_EXIT(zfsvfs);
4073	return (error);
4074}
4075
4076/*
4077 * zfs_null_putapage() is used when the file system has been force
4078 * unmounted. It just drops the pages.
4079 */
4080/* ARGSUSED */
4081static int
4082zfs_null_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4083		size_t *lenp, int flags, cred_t *cr)
4084{
4085	pvn_write_done(pp, B_INVAL|B_FORCE|B_ERROR);
4086	return (0);
4087}
4088
4089/*
4090 * Push a page out to disk, klustering if possible.
4091 *
4092 *	IN:	vp	- file to push page to.
4093 *		pp	- page to push.
4094 *		flags	- additional flags.
4095 *		cr	- credentials of caller.
4096 *
4097 *	OUT:	offp	- start of range pushed.
4098 *		lenp	- len of range pushed.
4099 *
4100 *	RETURN:	0 on success, error code on failure.
4101 *
4102 * NOTE: callers must have locked the page to be pushed.  On
4103 * exit, the page (and all other pages in the kluster) must be
4104 * unlocked.
4105 */
4106/* ARGSUSED */
4107static int
4108zfs_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4109		size_t *lenp, int flags, cred_t *cr)
4110{
4111	znode_t		*zp = VTOZ(vp);
4112	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4113	dmu_tx_t	*tx;
4114	u_offset_t	off, koff;
4115	size_t		len, klen;
4116	int		err;
4117
4118	off = pp->p_offset;
4119	len = PAGESIZE;
4120	/*
4121	 * If our blocksize is bigger than the page size, try to kluster
4122	 * multiple pages so that we write a full block (thus avoiding
4123	 * a read-modify-write).
4124	 */
4125	if (off < zp->z_size && zp->z_blksz > PAGESIZE) {
4126		klen = P2ROUNDUP((ulong_t)zp->z_blksz, PAGESIZE);
4127		koff = ISP2(klen) ? P2ALIGN(off, (u_offset_t)klen) : 0;
4128		ASSERT(koff <= zp->z_size);
4129		if (koff + klen > zp->z_size)
4130			klen = P2ROUNDUP(zp->z_size - koff, (uint64_t)PAGESIZE);
4131		pp = pvn_write_kluster(vp, pp, &off, &len, koff, klen, flags);
4132	}
4133	ASSERT3U(btop(len), ==, btopr(len));
4134
4135	/*
4136	 * Can't push pages past end-of-file.
4137	 */
4138	if (off >= zp->z_size) {
4139		/* ignore all pages */
4140		err = 0;
4141		goto out;
4142	} else if (off + len > zp->z_size) {
4143		int npages = btopr(zp->z_size - off);
4144		page_t *trunc;
4145
4146		page_list_break(&pp, &trunc, npages);
4147		/* ignore pages past end of file */
4148		if (trunc)
4149			pvn_write_done(trunc, flags);
4150		len = zp->z_size - off;
4151	}
4152
4153	if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
4154	    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
4155		err = SET_ERROR(EDQUOT);
4156		goto out;
4157	}
4158	tx = dmu_tx_create(zfsvfs->z_os);
4159	dmu_tx_hold_write(tx, zp->z_id, off, len);
4160
4161	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4162	zfs_sa_upgrade_txholds(tx, zp);
4163	err = dmu_tx_assign(tx, TXG_WAIT);
4164	if (err != 0) {
4165		dmu_tx_abort(tx);
4166		goto out;
4167	}
4168
4169	if (zp->z_blksz <= PAGESIZE) {
4170		caddr_t va = zfs_map_page(pp, S_READ);
4171		ASSERT3U(len, <=, PAGESIZE);
4172		dmu_write(zfsvfs->z_os, zp->z_id, off, len, va, tx);
4173		zfs_unmap_page(pp, va);
4174	} else {
4175		err = dmu_write_pages(zfsvfs->z_os, zp->z_id, off, len, pp, tx);
4176	}
4177
4178	if (err == 0) {
4179		uint64_t mtime[2], ctime[2];
4180		sa_bulk_attr_t bulk[3];
4181		int count = 0;
4182
4183		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
4184		    &mtime, 16);
4185		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
4186		    &ctime, 16);
4187		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
4188		    &zp->z_pflags, 8);
4189		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
4190		    B_TRUE);
4191		zfs_log_write(zfsvfs->z_log, tx, TX_WRITE, zp, off, len, 0);
4192	}
4193	dmu_tx_commit(tx);
4194
4195out:
4196	pvn_write_done(pp, (err ? B_ERROR : 0) | flags);
4197	if (offp)
4198		*offp = off;
4199	if (lenp)
4200		*lenp = len;
4201
4202	return (err);
4203}
4204
4205/*
4206 * Copy the portion of the file indicated from pages into the file.
4207 * The pages are stored in a page list attached to the files vnode.
4208 *
4209 *	IN:	vp	- vnode of file to push page data to.
4210 *		off	- position in file to put data.
4211 *		len	- amount of data to write.
4212 *		flags	- flags to control the operation.
4213 *		cr	- credentials of caller.
4214 *		ct	- caller context.
4215 *
4216 *	RETURN:	0 on success, error code on failure.
4217 *
4218 * Timestamps:
4219 *	vp - ctime|mtime updated
4220 */
4221/*ARGSUSED*/
4222static int
4223zfs_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr,
4224    caller_context_t *ct)
4225{
4226	znode_t		*zp = VTOZ(vp);
4227	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4228	page_t		*pp;
4229	size_t		io_len;
4230	u_offset_t	io_off;
4231	uint_t		blksz;
4232	rl_t		*rl;
4233	int		error = 0;
4234
4235	ZFS_ENTER(zfsvfs);
4236	ZFS_VERIFY_ZP(zp);
4237
4238	/*
4239	 * There's nothing to do if no data is cached.
4240	 */
4241	if (!vn_has_cached_data(vp)) {
4242		ZFS_EXIT(zfsvfs);
4243		return (0);
4244	}
4245
4246	/*
4247	 * Align this request to the file block size in case we kluster.
4248	 * XXX - this can result in pretty aggresive locking, which can
4249	 * impact simultanious read/write access.  One option might be
4250	 * to break up long requests (len == 0) into block-by-block
4251	 * operations to get narrower locking.
4252	 */
4253	blksz = zp->z_blksz;
4254	if (ISP2(blksz))
4255		io_off = P2ALIGN_TYPED(off, blksz, u_offset_t);
4256	else
4257		io_off = 0;
4258	if (len > 0 && ISP2(blksz))
4259		io_len = P2ROUNDUP_TYPED(len + (off - io_off), blksz, size_t);
4260	else
4261		io_len = 0;
4262
4263	if (io_len == 0) {
4264		/*
4265		 * Search the entire vp list for pages >= io_off.
4266		 */
4267		rl = zfs_range_lock(zp, io_off, UINT64_MAX, RL_WRITER);
4268		error = pvn_vplist_dirty(vp, io_off, zfs_putapage, flags, cr);
4269		goto out;
4270	}
4271	rl = zfs_range_lock(zp, io_off, io_len, RL_WRITER);
4272
4273	if (off > zp->z_size) {
4274		/* past end of file */
4275		zfs_range_unlock(rl);
4276		ZFS_EXIT(zfsvfs);
4277		return (0);
4278	}
4279
4280	len = MIN(io_len, P2ROUNDUP(zp->z_size, PAGESIZE) - io_off);
4281
4282	for (off = io_off; io_off < off + len; io_off += io_len) {
4283		if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
4284			pp = page_lookup(vp, io_off,
4285			    (flags & (B_INVAL | B_FREE)) ? SE_EXCL : SE_SHARED);
4286		} else {
4287			pp = page_lookup_nowait(vp, io_off,
4288			    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
4289		}
4290
4291		if (pp != NULL && pvn_getdirty(pp, flags)) {
4292			int err;
4293
4294			/*
4295			 * Found a dirty page to push
4296			 */
4297			err = zfs_putapage(vp, pp, &io_off, &io_len, flags, cr);
4298			if (err)
4299				error = err;
4300		} else {
4301			io_len = PAGESIZE;
4302		}
4303	}
4304out:
4305	zfs_range_unlock(rl);
4306	if ((flags & B_ASYNC) == 0 || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4307		zil_commit(zfsvfs->z_log, zp->z_id);
4308	ZFS_EXIT(zfsvfs);
4309	return (error);
4310}
4311
4312/*ARGSUSED*/
4313void
4314zfs_inactive(vnode_t *vp, cred_t *cr, caller_context_t *ct)
4315{
4316	znode_t	*zp = VTOZ(vp);
4317	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4318	int error;
4319
4320	rw_enter(&zfsvfs->z_teardown_inactive_lock, RW_READER);
4321	if (zp->z_sa_hdl == NULL) {
4322		/*
4323		 * The fs has been unmounted, or we did a
4324		 * suspend/resume and this file no longer exists.
4325		 */
4326		if (vn_has_cached_data(vp)) {
4327			(void) pvn_vplist_dirty(vp, 0, zfs_null_putapage,
4328			    B_INVAL, cr);
4329		}
4330
4331		mutex_enter(&zp->z_lock);
4332		mutex_enter(&vp->v_lock);
4333		ASSERT(vp->v_count == 1);
4334		vp->v_count = 0;
4335		mutex_exit(&vp->v_lock);
4336		mutex_exit(&zp->z_lock);
4337		rw_exit(&zfsvfs->z_teardown_inactive_lock);
4338		zfs_znode_free(zp);
4339		return;
4340	}
4341
4342	/*
4343	 * Attempt to push any data in the page cache.  If this fails
4344	 * we will get kicked out later in zfs_zinactive().
4345	 */
4346	if (vn_has_cached_data(vp)) {
4347		(void) pvn_vplist_dirty(vp, 0, zfs_putapage, B_INVAL|B_ASYNC,
4348		    cr);
4349	}
4350
4351	if (zp->z_atime_dirty && zp->z_unlinked == 0) {
4352		dmu_tx_t *tx = dmu_tx_create(zfsvfs->z_os);
4353
4354		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4355		zfs_sa_upgrade_txholds(tx, zp);
4356		error = dmu_tx_assign(tx, TXG_WAIT);
4357		if (error) {
4358			dmu_tx_abort(tx);
4359		} else {
4360			mutex_enter(&zp->z_lock);
4361			(void) sa_update(zp->z_sa_hdl, SA_ZPL_ATIME(zfsvfs),
4362			    (void *)&zp->z_atime, sizeof (zp->z_atime), tx);
4363			zp->z_atime_dirty = 0;
4364			mutex_exit(&zp->z_lock);
4365			dmu_tx_commit(tx);
4366		}
4367	}
4368
4369	zfs_zinactive(zp);
4370	rw_exit(&zfsvfs->z_teardown_inactive_lock);
4371}
4372
4373/*
4374 * Bounds-check the seek operation.
4375 *
4376 *	IN:	vp	- vnode seeking within
4377 *		ooff	- old file offset
4378 *		noffp	- pointer to new file offset
4379 *		ct	- caller context
4380 *
4381 *	RETURN:	0 on success, EINVAL if new offset invalid.
4382 */
4383/* ARGSUSED */
4384static int
4385zfs_seek(vnode_t *vp, offset_t ooff, offset_t *noffp,
4386    caller_context_t *ct)
4387{
4388	if (vp->v_type == VDIR)
4389		return (0);
4390	return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
4391}
4392
4393/*
4394 * Pre-filter the generic locking function to trap attempts to place
4395 * a mandatory lock on a memory mapped file.
4396 */
4397static int
4398zfs_frlock(vnode_t *vp, int cmd, flock64_t *bfp, int flag, offset_t offset,
4399    flk_callback_t *flk_cbp, cred_t *cr, caller_context_t *ct)
4400{
4401	znode_t *zp = VTOZ(vp);
4402	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4403
4404	ZFS_ENTER(zfsvfs);
4405	ZFS_VERIFY_ZP(zp);
4406
4407	/*
4408	 * We are following the UFS semantics with respect to mapcnt
4409	 * here: If we see that the file is mapped already, then we will
4410	 * return an error, but we don't worry about races between this
4411	 * function and zfs_map().
4412	 */
4413	if (zp->z_mapcnt > 0 && MANDMODE(zp->z_mode)) {
4414		ZFS_EXIT(zfsvfs);
4415		return (SET_ERROR(EAGAIN));
4416	}
4417	ZFS_EXIT(zfsvfs);
4418	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr, ct));
4419}
4420
4421/*
4422 * If we can't find a page in the cache, we will create a new page
4423 * and fill it with file data.  For efficiency, we may try to fill
4424 * multiple pages at once (klustering) to fill up the supplied page
4425 * list.  Note that the pages to be filled are held with an exclusive
4426 * lock to prevent access by other threads while they are being filled.
4427 */
4428static int
4429zfs_fillpage(vnode_t *vp, u_offset_t off, struct seg *seg,
4430    caddr_t addr, page_t *pl[], size_t plsz, enum seg_rw rw)
4431{
4432	znode_t *zp = VTOZ(vp);
4433	page_t *pp, *cur_pp;
4434	objset_t *os = zp->z_zfsvfs->z_os;
4435	u_offset_t io_off, total;
4436	size_t io_len;
4437	int err;
4438
4439	if (plsz == PAGESIZE || zp->z_blksz <= PAGESIZE) {
4440		/*
4441		 * We only have a single page, don't bother klustering
4442		 */
4443		io_off = off;
4444		io_len = PAGESIZE;
4445		pp = page_create_va(vp, io_off, io_len,
4446		    PG_EXCL | PG_WAIT, seg, addr);
4447	} else {
4448		/*
4449		 * Try to find enough pages to fill the page list
4450		 */
4451		pp = pvn_read_kluster(vp, off, seg, addr, &io_off,
4452		    &io_len, off, plsz, 0);
4453	}
4454	if (pp == NULL) {
4455		/*
4456		 * The page already exists, nothing to do here.
4457		 */
4458		*pl = NULL;
4459		return (0);
4460	}
4461
4462	/*
4463	 * Fill the pages in the kluster.
4464	 */
4465	cur_pp = pp;
4466	for (total = io_off + io_len; io_off < total; io_off += PAGESIZE) {
4467		caddr_t va;
4468
4469		ASSERT3U(io_off, ==, cur_pp->p_offset);
4470		va = zfs_map_page(cur_pp, S_WRITE);
4471		err = dmu_read(os, zp->z_id, io_off, PAGESIZE, va,
4472		    DMU_READ_PREFETCH);
4473		zfs_unmap_page(cur_pp, va);
4474		if (err) {
4475			/* On error, toss the entire kluster */
4476			pvn_read_done(pp, B_ERROR);
4477			/* convert checksum errors into IO errors */
4478			if (err == ECKSUM)
4479				err = SET_ERROR(EIO);
4480			return (err);
4481		}
4482		cur_pp = cur_pp->p_next;
4483	}
4484
4485	/*
4486	 * Fill in the page list array from the kluster starting
4487	 * from the desired offset `off'.
4488	 * NOTE: the page list will always be null terminated.
4489	 */
4490	pvn_plist_init(pp, pl, plsz, off, io_len, rw);
4491	ASSERT(pl == NULL || (*pl)->p_offset == off);
4492
4493	return (0);
4494}
4495
4496/*
4497 * Return pointers to the pages for the file region [off, off + len]
4498 * in the pl array.  If plsz is greater than len, this function may
4499 * also return page pointers from after the specified region
4500 * (i.e. the region [off, off + plsz]).  These additional pages are
4501 * only returned if they are already in the cache, or were created as
4502 * part of a klustered read.
4503 *
4504 *	IN:	vp	- vnode of file to get data from.
4505 *		off	- position in file to get data from.
4506 *		len	- amount of data to retrieve.
4507 *		plsz	- length of provided page list.
4508 *		seg	- segment to obtain pages for.
4509 *		addr	- virtual address of fault.
4510 *		rw	- mode of created pages.
4511 *		cr	- credentials of caller.
4512 *		ct	- caller context.
4513 *
4514 *	OUT:	protp	- protection mode of created pages.
4515 *		pl	- list of pages created.
4516 *
4517 *	RETURN:	0 on success, error code on failure.
4518 *
4519 * Timestamps:
4520 *	vp - atime updated
4521 */
4522/* ARGSUSED */
4523static int
4524zfs_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
4525    page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4526    enum seg_rw rw, cred_t *cr, caller_context_t *ct)
4527{
4528	znode_t		*zp = VTOZ(vp);
4529	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4530	page_t		**pl0 = pl;
4531	int		err = 0;
4532
4533	/* we do our own caching, faultahead is unnecessary */
4534	if (pl == NULL)
4535		return (0);
4536	else if (len > plsz)
4537		len = plsz;
4538	else
4539		len = P2ROUNDUP(len, PAGESIZE);
4540	ASSERT(plsz >= len);
4541
4542	ZFS_ENTER(zfsvfs);
4543	ZFS_VERIFY_ZP(zp);
4544
4545	if (protp)
4546		*protp = PROT_ALL;
4547
4548	/*
4549	 * Loop through the requested range [off, off + len) looking
4550	 * for pages.  If we don't find a page, we will need to create
4551	 * a new page and fill it with data from the file.
4552	 */
4553	while (len > 0) {
4554		if (*pl = page_lookup(vp, off, SE_SHARED))
4555			*(pl+1) = NULL;
4556		else if (err = zfs_fillpage(vp, off, seg, addr, pl, plsz, rw))
4557			goto out;
4558		while (*pl) {
4559			ASSERT3U((*pl)->p_offset, ==, off);
4560			off += PAGESIZE;
4561			addr += PAGESIZE;
4562			if (len > 0) {
4563				ASSERT3U(len, >=, PAGESIZE);
4564				len -= PAGESIZE;
4565			}
4566			ASSERT3U(plsz, >=, PAGESIZE);
4567			plsz -= PAGESIZE;
4568			pl++;
4569		}
4570	}
4571
4572	/*
4573	 * Fill out the page array with any pages already in the cache.
4574	 */
4575	while (plsz > 0 &&
4576	    (*pl++ = page_lookup_nowait(vp, off, SE_SHARED))) {
4577			off += PAGESIZE;
4578			plsz -= PAGESIZE;
4579	}
4580out:
4581	if (err) {
4582		/*
4583		 * Release any pages we have previously locked.
4584		 */
4585		while (pl > pl0)
4586			page_unlock(*--pl);
4587	} else {
4588		ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
4589	}
4590
4591	*pl = NULL;
4592
4593	ZFS_EXIT(zfsvfs);
4594	return (err);
4595}
4596
4597/*
4598 * Request a memory map for a section of a file.  This code interacts
4599 * with common code and the VM system as follows:
4600 *
4601 * - common code calls mmap(), which ends up in smmap_common()
4602 * - this calls VOP_MAP(), which takes you into (say) zfs
4603 * - zfs_map() calls as_map(), passing segvn_create() as the callback
4604 * - segvn_create() creates the new segment and calls VOP_ADDMAP()
4605 * - zfs_addmap() updates z_mapcnt
4606 */
4607/*ARGSUSED*/
4608static int
4609zfs_map(vnode_t *vp, offset_t off, struct as *as, caddr_t *addrp,
4610    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4611    caller_context_t *ct)
4612{
4613	znode_t *zp = VTOZ(vp);
4614	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4615	segvn_crargs_t	vn_a;
4616	int		error;
4617
4618	ZFS_ENTER(zfsvfs);
4619	ZFS_VERIFY_ZP(zp);
4620
4621	if ((prot & PROT_WRITE) && (zp->z_pflags &
4622	    (ZFS_IMMUTABLE | ZFS_READONLY | ZFS_APPENDONLY))) {
4623		ZFS_EXIT(zfsvfs);
4624		return (SET_ERROR(EPERM));
4625	}
4626
4627	if ((prot & (PROT_READ | PROT_EXEC)) &&
4628	    (zp->z_pflags & ZFS_AV_QUARANTINED)) {
4629		ZFS_EXIT(zfsvfs);
4630		return (SET_ERROR(EACCES));
4631	}
4632
4633	if (vp->v_flag & VNOMAP) {
4634		ZFS_EXIT(zfsvfs);
4635		return (SET_ERROR(ENOSYS));
4636	}
4637
4638	if (off < 0 || len > MAXOFFSET_T - off) {
4639		ZFS_EXIT(zfsvfs);
4640		return (SET_ERROR(ENXIO));
4641	}
4642
4643	if (vp->v_type != VREG) {
4644		ZFS_EXIT(zfsvfs);
4645		return (SET_ERROR(ENODEV));
4646	}
4647
4648	/*
4649	 * If file is locked, disallow mapping.
4650	 */
4651	if (MANDMODE(zp->z_mode) && vn_has_flocks(vp)) {
4652		ZFS_EXIT(zfsvfs);
4653		return (SET_ERROR(EAGAIN));
4654	}
4655
4656	as_rangelock(as);
4657	error = choose_addr(as, addrp, len, off, ADDR_VACALIGN, flags);
4658	if (error != 0) {
4659		as_rangeunlock(as);
4660		ZFS_EXIT(zfsvfs);
4661		return (error);
4662	}
4663
4664	vn_a.vp = vp;
4665	vn_a.offset = (u_offset_t)off;
4666	vn_a.type = flags & MAP_TYPE;
4667	vn_a.prot = prot;
4668	vn_a.maxprot = maxprot;
4669	vn_a.cred = cr;
4670	vn_a.amp = NULL;
4671	vn_a.flags = flags & ~MAP_TYPE;
4672	vn_a.szc = 0;
4673	vn_a.lgrp_mem_policy_flags = 0;
4674
4675	error = as_map(as, *addrp, len, segvn_create, &vn_a);
4676
4677	as_rangeunlock(as);
4678	ZFS_EXIT(zfsvfs);
4679	return (error);
4680}
4681
4682/* ARGSUSED */
4683static int
4684zfs_addmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4685    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4686    caller_context_t *ct)
4687{
4688	uint64_t pages = btopr(len);
4689
4690	atomic_add_64(&VTOZ(vp)->z_mapcnt, pages);
4691	return (0);
4692}
4693
4694/*
4695 * The reason we push dirty pages as part of zfs_delmap() is so that we get a
4696 * more accurate mtime for the associated file.  Since we don't have a way of
4697 * detecting when the data was actually modified, we have to resort to
4698 * heuristics.  If an explicit msync() is done, then we mark the mtime when the
4699 * last page is pushed.  The problem occurs when the msync() call is omitted,
4700 * which by far the most common case:
4701 *
4702 *	open()
4703 *	mmap()
4704 *	<modify memory>
4705 *	munmap()
4706 *	close()
4707 *	<time lapse>
4708 *	putpage() via fsflush
4709 *
4710 * If we wait until fsflush to come along, we can have a modification time that
4711 * is some arbitrary point in the future.  In order to prevent this in the
4712 * common case, we flush pages whenever a (MAP_SHARED, PROT_WRITE) mapping is
4713 * torn down.
4714 */
4715/* ARGSUSED */
4716static int
4717zfs_delmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4718    size_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cr,
4719    caller_context_t *ct)
4720{
4721	uint64_t pages = btopr(len);
4722
4723	ASSERT3U(VTOZ(vp)->z_mapcnt, >=, pages);
4724	atomic_add_64(&VTOZ(vp)->z_mapcnt, -pages);
4725
4726	if ((flags & MAP_SHARED) && (prot & PROT_WRITE) &&
4727	    vn_has_cached_data(vp))
4728		(void) VOP_PUTPAGE(vp, off, len, B_ASYNC, cr, ct);
4729
4730	return (0);
4731}
4732
4733/*
4734 * Free or allocate space in a file.  Currently, this function only
4735 * supports the `F_FREESP' command.  However, this command is somewhat
4736 * misnamed, as its functionality includes the ability to allocate as
4737 * well as free space.
4738 *
4739 *	IN:	vp	- vnode of file to free data in.
4740 *		cmd	- action to take (only F_FREESP supported).
4741 *		bfp	- section of file to free/alloc.
4742 *		flag	- current file open mode flags.
4743 *		offset	- current file offset.
4744 *		cr	- credentials of caller [UNUSED].
4745 *		ct	- caller context.
4746 *
4747 *	RETURN:	0 on success, error code on failure.
4748 *
4749 * Timestamps:
4750 *	vp - ctime|mtime updated
4751 */
4752/* ARGSUSED */
4753static int
4754zfs_space(vnode_t *vp, int cmd, flock64_t *bfp, int flag,
4755    offset_t offset, cred_t *cr, caller_context_t *ct)
4756{
4757	znode_t		*zp = VTOZ(vp);
4758	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4759	uint64_t	off, len;
4760	int		error;
4761
4762	ZFS_ENTER(zfsvfs);
4763	ZFS_VERIFY_ZP(zp);
4764
4765	if (cmd != F_FREESP) {
4766		ZFS_EXIT(zfsvfs);
4767		return (SET_ERROR(EINVAL));
4768	}
4769
4770	/*
4771	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
4772	 * callers might not be able to detect properly that we are read-only,
4773	 * so check it explicitly here.
4774	 */
4775	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
4776		ZFS_EXIT(zfsvfs);
4777		return (SET_ERROR(EROFS));
4778	}
4779
4780	if (error = convoff(vp, bfp, 0, offset)) {
4781		ZFS_EXIT(zfsvfs);
4782		return (error);
4783	}
4784
4785	if (bfp->l_len < 0) {
4786		ZFS_EXIT(zfsvfs);
4787		return (SET_ERROR(EINVAL));
4788	}
4789
4790	off = bfp->l_start;
4791	len = bfp->l_len; /* 0 means from off to end of file */
4792
4793	error = zfs_freesp(zp, off, len, flag, TRUE);
4794
4795	if (error == 0 && off == 0 && len == 0)
4796		vnevent_truncate(ZTOV(zp), ct);
4797
4798	ZFS_EXIT(zfsvfs);
4799	return (error);
4800}
4801
4802/*ARGSUSED*/
4803static int
4804zfs_fid(vnode_t *vp, fid_t *fidp, caller_context_t *ct)
4805{
4806	znode_t		*zp = VTOZ(vp);
4807	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4808	uint32_t	gen;
4809	uint64_t	gen64;
4810	uint64_t	object = zp->z_id;
4811	zfid_short_t	*zfid;
4812	int		size, i, error;
4813
4814	ZFS_ENTER(zfsvfs);
4815	ZFS_VERIFY_ZP(zp);
4816
4817	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zfsvfs),
4818	    &gen64, sizeof (uint64_t))) != 0) {
4819		ZFS_EXIT(zfsvfs);
4820		return (error);
4821	}
4822
4823	gen = (uint32_t)gen64;
4824
4825	size = (zfsvfs->z_parent != zfsvfs) ? LONG_FID_LEN : SHORT_FID_LEN;
4826	if (fidp->fid_len < size) {
4827		fidp->fid_len = size;
4828		ZFS_EXIT(zfsvfs);
4829		return (SET_ERROR(ENOSPC));
4830	}
4831
4832	zfid = (zfid_short_t *)fidp;
4833
4834	zfid->zf_len = size;
4835
4836	for (i = 0; i < sizeof (zfid->zf_object); i++)
4837		zfid->zf_object[i] = (uint8_t)(object >> (8 * i));
4838
4839	/* Must have a non-zero generation number to distinguish from .zfs */
4840	if (gen == 0)
4841		gen = 1;
4842	for (i = 0; i < sizeof (zfid->zf_gen); i++)
4843		zfid->zf_gen[i] = (uint8_t)(gen >> (8 * i));
4844
4845	if (size == LONG_FID_LEN) {
4846		uint64_t	objsetid = dmu_objset_id(zfsvfs->z_os);
4847		zfid_long_t	*zlfid;
4848
4849		zlfid = (zfid_long_t *)fidp;
4850
4851		for (i = 0; i < sizeof (zlfid->zf_setid); i++)
4852			zlfid->zf_setid[i] = (uint8_t)(objsetid >> (8 * i));
4853
4854		/* XXX - this should be the generation number for the objset */
4855		for (i = 0; i < sizeof (zlfid->zf_setgen); i++)
4856			zlfid->zf_setgen[i] = 0;
4857	}
4858
4859	ZFS_EXIT(zfsvfs);
4860	return (0);
4861}
4862
4863static int
4864zfs_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr,
4865    caller_context_t *ct)
4866{
4867	znode_t		*zp, *xzp;
4868	zfsvfs_t	*zfsvfs;
4869	zfs_dirlock_t	*dl;
4870	int		error;
4871
4872	switch (cmd) {
4873	case _PC_LINK_MAX:
4874		*valp = ULONG_MAX;
4875		return (0);
4876
4877	case _PC_FILESIZEBITS:
4878		*valp = 64;
4879		return (0);
4880
4881	case _PC_XATTR_EXISTS:
4882		zp = VTOZ(vp);
4883		zfsvfs = zp->z_zfsvfs;
4884		ZFS_ENTER(zfsvfs);
4885		ZFS_VERIFY_ZP(zp);
4886		*valp = 0;
4887		error = zfs_dirent_lock(&dl, zp, "", &xzp,
4888		    ZXATTR | ZEXISTS | ZSHARED, NULL, NULL);
4889		if (error == 0) {
4890			zfs_dirent_unlock(dl);
4891			if (!zfs_dirempty(xzp))
4892				*valp = 1;
4893			VN_RELE(ZTOV(xzp));
4894		} else if (error == ENOENT) {
4895			/*
4896			 * If there aren't extended attributes, it's the
4897			 * same as having zero of them.
4898			 */
4899			error = 0;
4900		}
4901		ZFS_EXIT(zfsvfs);
4902		return (error);
4903
4904	case _PC_SATTR_ENABLED:
4905	case _PC_SATTR_EXISTS:
4906		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
4907		    (vp->v_type == VREG || vp->v_type == VDIR);
4908		return (0);
4909
4910	case _PC_ACCESS_FILTERING:
4911		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_ACCESS_FILTER) &&
4912		    vp->v_type == VDIR;
4913		return (0);
4914
4915	case _PC_ACL_ENABLED:
4916		*valp = _ACL_ACE_ENABLED;
4917		return (0);
4918
4919	case _PC_MIN_HOLE_SIZE:
4920		*valp = (ulong_t)SPA_MINBLOCKSIZE;
4921		return (0);
4922
4923	case _PC_TIMESTAMP_RESOLUTION:
4924		/* nanosecond timestamp resolution */
4925		*valp = 1L;
4926		return (0);
4927
4928	default:
4929		return (fs_pathconf(vp, cmd, valp, cr, ct));
4930	}
4931}
4932
4933/*ARGSUSED*/
4934static int
4935zfs_getsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
4936    caller_context_t *ct)
4937{
4938	znode_t *zp = VTOZ(vp);
4939	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4940	int error;
4941	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
4942
4943	ZFS_ENTER(zfsvfs);
4944	ZFS_VERIFY_ZP(zp);
4945	error = zfs_getacl(zp, vsecp, skipaclchk, cr);
4946	ZFS_EXIT(zfsvfs);
4947
4948	return (error);
4949}
4950
4951/*ARGSUSED*/
4952static int
4953zfs_setsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
4954    caller_context_t *ct)
4955{
4956	znode_t *zp = VTOZ(vp);
4957	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4958	int error;
4959	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
4960	zilog_t	*zilog = zfsvfs->z_log;
4961
4962	ZFS_ENTER(zfsvfs);
4963	ZFS_VERIFY_ZP(zp);
4964
4965	error = zfs_setacl(zp, vsecp, skipaclchk, cr);
4966
4967	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4968		zil_commit(zilog, 0);
4969
4970	ZFS_EXIT(zfsvfs);
4971	return (error);
4972}
4973
4974/*
4975 * The smallest read we may consider to loan out an arcbuf.
4976 * This must be a power of 2.
4977 */
4978int zcr_blksz_min = (1 << 10);	/* 1K */
4979/*
4980 * If set to less than the file block size, allow loaning out of an
4981 * arcbuf for a partial block read.  This must be a power of 2.
4982 */
4983int zcr_blksz_max = (1 << 17);	/* 128K */
4984
4985/*ARGSUSED*/
4986static int
4987zfs_reqzcbuf(vnode_t *vp, enum uio_rw ioflag, xuio_t *xuio, cred_t *cr,
4988    caller_context_t *ct)
4989{
4990	znode_t	*zp = VTOZ(vp);
4991	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4992	int max_blksz = zfsvfs->z_max_blksz;
4993	uio_t *uio = &xuio->xu_uio;
4994	ssize_t size = uio->uio_resid;
4995	offset_t offset = uio->uio_loffset;
4996	int blksz;
4997	int fullblk, i;
4998	arc_buf_t *abuf;
4999	ssize_t maxsize;
5000	int preamble, postamble;
5001
5002	if (xuio->xu_type != UIOTYPE_ZEROCOPY)
5003		return (SET_ERROR(EINVAL));
5004
5005	ZFS_ENTER(zfsvfs);
5006	ZFS_VERIFY_ZP(zp);
5007	switch (ioflag) {
5008	case UIO_WRITE:
5009		/*
5010		 * Loan out an arc_buf for write if write size is bigger than
5011		 * max_blksz, and the file's block size is also max_blksz.
5012		 */
5013		blksz = max_blksz;
5014		if (size < blksz || zp->z_blksz != blksz) {
5015			ZFS_EXIT(zfsvfs);
5016			return (SET_ERROR(EINVAL));
5017		}
5018		/*
5019		 * Caller requests buffers for write before knowing where the
5020		 * write offset might be (e.g. NFS TCP write).
5021		 */
5022		if (offset == -1) {
5023			preamble = 0;
5024		} else {
5025			preamble = P2PHASE(offset, blksz);
5026			if (preamble) {
5027				preamble = blksz - preamble;
5028				size -= preamble;
5029			}
5030		}
5031
5032		postamble = P2PHASE(size, blksz);
5033		size -= postamble;
5034
5035		fullblk = size / blksz;
5036		(void) dmu_xuio_init(xuio,
5037		    (preamble != 0) + fullblk + (postamble != 0));
5038		DTRACE_PROBE3(zfs_reqzcbuf_align, int, preamble,
5039		    int, postamble, int,
5040		    (preamble != 0) + fullblk + (postamble != 0));
5041
5042		/*
5043		 * Have to fix iov base/len for partial buffers.  They
5044		 * currently represent full arc_buf's.
5045		 */
5046		if (preamble) {
5047			/* data begins in the middle of the arc_buf */
5048			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5049			    blksz);
5050			ASSERT(abuf);
5051			(void) dmu_xuio_add(xuio, abuf,
5052			    blksz - preamble, preamble);
5053		}
5054
5055		for (i = 0; i < fullblk; i++) {
5056			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5057			    blksz);
5058			ASSERT(abuf);
5059			(void) dmu_xuio_add(xuio, abuf, 0, blksz);
5060		}
5061
5062		if (postamble) {
5063			/* data ends in the middle of the arc_buf */
5064			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5065			    blksz);
5066			ASSERT(abuf);
5067			(void) dmu_xuio_add(xuio, abuf, 0, postamble);
5068		}
5069		break;
5070	case UIO_READ:
5071		/*
5072		 * Loan out an arc_buf for read if the read size is larger than
5073		 * the current file block size.  Block alignment is not
5074		 * considered.  Partial arc_buf will be loaned out for read.
5075		 */
5076		blksz = zp->z_blksz;
5077		if (blksz < zcr_blksz_min)
5078			blksz = zcr_blksz_min;
5079		if (blksz > zcr_blksz_max)
5080			blksz = zcr_blksz_max;
5081		/* avoid potential complexity of dealing with it */
5082		if (blksz > max_blksz) {
5083			ZFS_EXIT(zfsvfs);
5084			return (SET_ERROR(EINVAL));
5085		}
5086
5087		maxsize = zp->z_size - uio->uio_loffset;
5088		if (size > maxsize)
5089			size = maxsize;
5090
5091		if (size < blksz || vn_has_cached_data(vp)) {
5092			ZFS_EXIT(zfsvfs);
5093			return (SET_ERROR(EINVAL));
5094		}
5095		break;
5096	default:
5097		ZFS_EXIT(zfsvfs);
5098		return (SET_ERROR(EINVAL));
5099	}
5100
5101	uio->uio_extflg = UIO_XUIO;
5102	XUIO_XUZC_RW(xuio) = ioflag;
5103	ZFS_EXIT(zfsvfs);
5104	return (0);
5105}
5106
5107/*ARGSUSED*/
5108static int
5109zfs_retzcbuf(vnode_t *vp, xuio_t *xuio, cred_t *cr, caller_context_t *ct)
5110{
5111	int i;
5112	arc_buf_t *abuf;
5113	int ioflag = XUIO_XUZC_RW(xuio);
5114
5115	ASSERT(xuio->xu_type == UIOTYPE_ZEROCOPY);
5116
5117	i = dmu_xuio_cnt(xuio);
5118	while (i-- > 0) {
5119		abuf = dmu_xuio_arcbuf(xuio, i);
5120		/*
5121		 * if abuf == NULL, it must be a write buffer
5122		 * that has been returned in zfs_write().
5123		 */
5124		if (abuf)
5125			dmu_return_arcbuf(abuf);
5126		ASSERT(abuf || ioflag == UIO_WRITE);
5127	}
5128
5129	dmu_xuio_fini(xuio);
5130	return (0);
5131}
5132
5133/*
5134 * Predeclare these here so that the compiler assumes that
5135 * this is an "old style" function declaration that does
5136 * not include arguments => we won't get type mismatch errors
5137 * in the initializations that follow.
5138 */
5139static int zfs_inval();
5140static int zfs_isdir();
5141
5142static int
5143zfs_inval()
5144{
5145	return (SET_ERROR(EINVAL));
5146}
5147
5148static int
5149zfs_isdir()
5150{
5151	return (SET_ERROR(EISDIR));
5152}
5153/*
5154 * Directory vnode operations template
5155 */
5156vnodeops_t *zfs_dvnodeops;
5157const fs_operation_def_t zfs_dvnodeops_template[] = {
5158	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5159	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5160	VOPNAME_READ,		{ .error = zfs_isdir },
5161	VOPNAME_WRITE,		{ .error = zfs_isdir },
5162	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5163	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5164	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5165	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5166	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5167	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5168	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5169	VOPNAME_LINK,		{ .vop_link = zfs_link },
5170	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5171	VOPNAME_MKDIR,		{ .vop_mkdir = zfs_mkdir },
5172	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5173	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5174	VOPNAME_SYMLINK,	{ .vop_symlink = zfs_symlink },
5175	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5176	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5177	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5178	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5179	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5180	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5181	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5182	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5183	NULL,			NULL
5184};
5185
5186/*
5187 * Regular file vnode operations template
5188 */
5189vnodeops_t *zfs_fvnodeops;
5190const fs_operation_def_t zfs_fvnodeops_template[] = {
5191	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5192	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5193	VOPNAME_READ,		{ .vop_read = zfs_read },
5194	VOPNAME_WRITE,		{ .vop_write = zfs_write },
5195	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5196	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5197	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5198	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5199	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5200	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5201	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5202	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5203	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5204	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5205	VOPNAME_FRLOCK,		{ .vop_frlock = zfs_frlock },
5206	VOPNAME_SPACE,		{ .vop_space = zfs_space },
5207	VOPNAME_GETPAGE,	{ .vop_getpage = zfs_getpage },
5208	VOPNAME_PUTPAGE,	{ .vop_putpage = zfs_putpage },
5209	VOPNAME_MAP,		{ .vop_map = zfs_map },
5210	VOPNAME_ADDMAP,		{ .vop_addmap = zfs_addmap },
5211	VOPNAME_DELMAP,		{ .vop_delmap = zfs_delmap },
5212	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5213	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5214	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5215	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5216	VOPNAME_REQZCBUF,	{ .vop_reqzcbuf = zfs_reqzcbuf },
5217	VOPNAME_RETZCBUF,	{ .vop_retzcbuf = zfs_retzcbuf },
5218	NULL,			NULL
5219};
5220
5221/*
5222 * Symbolic link vnode operations template
5223 */
5224vnodeops_t *zfs_symvnodeops;
5225const fs_operation_def_t zfs_symvnodeops_template[] = {
5226	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5227	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5228	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5229	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5230	VOPNAME_READLINK,	{ .vop_readlink = zfs_readlink },
5231	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5232	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5233	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5234	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5235	NULL,			NULL
5236};
5237
5238/*
5239 * special share hidden files vnode operations template
5240 */
5241vnodeops_t *zfs_sharevnodeops;
5242const fs_operation_def_t zfs_sharevnodeops_template[] = {
5243	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5244	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5245	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5246	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5247	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5248	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5249	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5250	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5251	NULL,			NULL
5252};
5253
5254/*
5255 * Extended attribute directory vnode operations template
5256 *
5257 * This template is identical to the directory vnodes
5258 * operation template except for restricted operations:
5259 *	VOP_MKDIR()
5260 *	VOP_SYMLINK()
5261 *
5262 * Note that there are other restrictions embedded in:
5263 *	zfs_create()	- restrict type to VREG
5264 *	zfs_link()	- no links into/out of attribute space
5265 *	zfs_rename()	- no moves into/out of attribute space
5266 */
5267vnodeops_t *zfs_xdvnodeops;
5268const fs_operation_def_t zfs_xdvnodeops_template[] = {
5269	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5270	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5271	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5272	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5273	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5274	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5275	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5276	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5277	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5278	VOPNAME_LINK,		{ .vop_link = zfs_link },
5279	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5280	VOPNAME_MKDIR,		{ .error = zfs_inval },
5281	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5282	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5283	VOPNAME_SYMLINK,	{ .error = zfs_inval },
5284	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5285	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5286	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5287	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5288	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5289	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5290	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5291	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5292	NULL,			NULL
5293};
5294
5295/*
5296 * Error vnode operations template
5297 */
5298vnodeops_t *zfs_evnodeops;
5299const fs_operation_def_t zfs_evnodeops_template[] = {
5300	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5301	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5302	NULL,			NULL
5303};
5304