1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2012, 2014 by Delphix. All rights reserved.
24 * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27/* Portions Copyright 2007 Jeremy Teo */
28/* Portions Copyright 2010 Robert Milkowski */
29
30#include <sys/types.h>
31#include <sys/param.h>
32#include <sys/time.h>
33#include <sys/systm.h>
34#include <sys/sysmacros.h>
35#include <sys/resource.h>
36#include <sys/vfs.h>
37#include <sys/vfs_opreg.h>
38#include <sys/vnode.h>
39#include <sys/file.h>
40#include <sys/stat.h>
41#include <sys/kmem.h>
42#include <sys/taskq.h>
43#include <sys/uio.h>
44#include <sys/vmsystm.h>
45#include <sys/atomic.h>
46#include <sys/vm.h>
47#include <vm/seg_vn.h>
48#include <vm/pvn.h>
49#include <vm/as.h>
50#include <vm/kpm.h>
51#include <vm/seg_kpm.h>
52#include <sys/mman.h>
53#include <sys/pathname.h>
54#include <sys/cmn_err.h>
55#include <sys/errno.h>
56#include <sys/unistd.h>
57#include <sys/zfs_dir.h>
58#include <sys/zfs_acl.h>
59#include <sys/zfs_ioctl.h>
60#include <sys/fs/zfs.h>
61#include <sys/dmu.h>
62#include <sys/dmu_objset.h>
63#include <sys/spa.h>
64#include <sys/txg.h>
65#include <sys/dbuf.h>
66#include <sys/zap.h>
67#include <sys/sa.h>
68#include <sys/dirent.h>
69#include <sys/policy.h>
70#include <sys/sunddi.h>
71#include <sys/filio.h>
72#include <sys/sid.h>
73#include "fs/fs_subr.h"
74#include <sys/zfs_ctldir.h>
75#include <sys/zfs_fuid.h>
76#include <sys/zfs_sa.h>
77#include <sys/dnlc.h>
78#include <sys/zfs_rlock.h>
79#include <sys/extdirent.h>
80#include <sys/kidmap.h>
81#include <sys/cred.h>
82#include <sys/attr.h>
83
84/*
85 * Programming rules.
86 *
87 * Each vnode op performs some logical unit of work.  To do this, the ZPL must
88 * properly lock its in-core state, create a DMU transaction, do the work,
89 * record this work in the intent log (ZIL), commit the DMU transaction,
90 * and wait for the intent log to commit if it is a synchronous operation.
91 * Moreover, the vnode ops must work in both normal and log replay context.
92 * The ordering of events is important to avoid deadlocks and references
93 * to freed memory.  The example below illustrates the following Big Rules:
94 *
95 *  (1)	A check must be made in each zfs thread for a mounted file system.
96 *	This is done avoiding races using ZFS_ENTER(zfsvfs).
97 *	A ZFS_EXIT(zfsvfs) is needed before all returns.  Any znodes
98 *	must be checked with ZFS_VERIFY_ZP(zp).  Both of these macros
99 *	can return EIO from the calling function.
100 *
101 *  (2)	VN_RELE() should always be the last thing except for zil_commit()
102 *	(if necessary) and ZFS_EXIT(). This is for 3 reasons:
103 *	First, if it's the last reference, the vnode/znode
104 *	can be freed, so the zp may point to freed memory.  Second, the last
105 *	reference will call zfs_zinactive(), which may induce a lot of work --
106 *	pushing cached pages (which acquires range locks) and syncing out
107 *	cached atime changes.  Third, zfs_zinactive() may require a new tx,
108 *	which could deadlock the system if you were already holding one.
109 *	If you must call VN_RELE() within a tx then use VN_RELE_ASYNC().
110 *
111 *  (3)	All range locks must be grabbed before calling dmu_tx_assign(),
112 *	as they can span dmu_tx_assign() calls.
113 *
114 *  (4) If ZPL locks are held, pass TXG_NOWAIT as the second argument to
115 *      dmu_tx_assign().  This is critical because we don't want to block
116 *      while holding locks.
117 *
118 *	If no ZPL locks are held (aside from ZFS_ENTER()), use TXG_WAIT.  This
119 *	reduces lock contention and CPU usage when we must wait (note that if
120 *	throughput is constrained by the storage, nearly every transaction
121 *	must wait).
122 *
123 *      Note, in particular, that if a lock is sometimes acquired before
124 *      the tx assigns, and sometimes after (e.g. z_lock), then failing
125 *      to use a non-blocking assign can deadlock the system.  The scenario:
126 *
127 *	Thread A has grabbed a lock before calling dmu_tx_assign().
128 *	Thread B is in an already-assigned tx, and blocks for this lock.
129 *	Thread A calls dmu_tx_assign(TXG_WAIT) and blocks in txg_wait_open()
130 *	forever, because the previous txg can't quiesce until B's tx commits.
131 *
132 *	If dmu_tx_assign() returns ERESTART and zfsvfs->z_assign is TXG_NOWAIT,
133 *	then drop all locks, call dmu_tx_wait(), and try again.  On subsequent
134 *	calls to dmu_tx_assign(), pass TXG_WAITED rather than TXG_NOWAIT,
135 *	to indicate that this operation has already called dmu_tx_wait().
136 *	This will ensure that we don't retry forever, waiting a short bit
137 *	each time.
138 *
139 *  (5)	If the operation succeeded, generate the intent log entry for it
140 *	before dropping locks.  This ensures that the ordering of events
141 *	in the intent log matches the order in which they actually occurred.
142 *	During ZIL replay the zfs_log_* functions will update the sequence
143 *	number to indicate the zil transaction has replayed.
144 *
145 *  (6)	At the end of each vnode op, the DMU tx must always commit,
146 *	regardless of whether there were any errors.
147 *
148 *  (7)	After dropping all locks, invoke zil_commit(zilog, foid)
149 *	to ensure that synchronous semantics are provided when necessary.
150 *
151 * In general, this is how things should be ordered in each vnode op:
152 *
153 *	ZFS_ENTER(zfsvfs);		// exit if unmounted
154 * top:
155 *	zfs_dirent_lock(&dl, ...)	// lock directory entry (may VN_HOLD())
156 *	rw_enter(...);			// grab any other locks you need
157 *	tx = dmu_tx_create(...);	// get DMU tx
158 *	dmu_tx_hold_*();		// hold each object you might modify
159 *	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
160 *	if (error) {
161 *		rw_exit(...);		// drop locks
162 *		zfs_dirent_unlock(dl);	// unlock directory entry
163 *		VN_RELE(...);		// release held vnodes
164 *		if (error == ERESTART) {
165 *			waited = B_TRUE;
166 *			dmu_tx_wait(tx);
167 *			dmu_tx_abort(tx);
168 *			goto top;
169 *		}
170 *		dmu_tx_abort(tx);	// abort DMU tx
171 *		ZFS_EXIT(zfsvfs);	// finished in zfs
172 *		return (error);		// really out of space
173 *	}
174 *	error = do_real_work();		// do whatever this VOP does
175 *	if (error == 0)
176 *		zfs_log_*(...);		// on success, make ZIL entry
177 *	dmu_tx_commit(tx);		// commit DMU tx -- error or not
178 *	rw_exit(...);			// drop locks
179 *	zfs_dirent_unlock(dl);		// unlock directory entry
180 *	VN_RELE(...);			// release held vnodes
181 *	zil_commit(zilog, foid);	// synchronous when necessary
182 *	ZFS_EXIT(zfsvfs);		// finished in zfs
183 *	return (error);			// done, report error
184 */
185
186/* ARGSUSED */
187static int
188zfs_open(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *ct)
189{
190	znode_t	*zp = VTOZ(*vpp);
191	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
192
193	ZFS_ENTER(zfsvfs);
194	ZFS_VERIFY_ZP(zp);
195
196	if ((flag & FWRITE) && (zp->z_pflags & ZFS_APPENDONLY) &&
197	    ((flag & FAPPEND) == 0)) {
198		ZFS_EXIT(zfsvfs);
199		return (SET_ERROR(EPERM));
200	}
201
202	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
203	    ZTOV(zp)->v_type == VREG &&
204	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) {
205		if (fs_vscan(*vpp, cr, 0) != 0) {
206			ZFS_EXIT(zfsvfs);
207			return (SET_ERROR(EACCES));
208		}
209	}
210
211	/* Keep a count of the synchronous opens in the znode */
212	if (flag & (FSYNC | FDSYNC))
213		atomic_inc_32(&zp->z_sync_cnt);
214
215	ZFS_EXIT(zfsvfs);
216	return (0);
217}
218
219/* ARGSUSED */
220static int
221zfs_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
222    caller_context_t *ct)
223{
224	znode_t	*zp = VTOZ(vp);
225	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
226
227	/*
228	 * Clean up any locks held by this process on the vp.
229	 */
230	cleanlocks(vp, ddi_get_pid(), 0);
231	cleanshares(vp, ddi_get_pid());
232
233	ZFS_ENTER(zfsvfs);
234	ZFS_VERIFY_ZP(zp);
235
236	/* Decrement the synchronous opens in the znode */
237	if ((flag & (FSYNC | FDSYNC)) && (count == 1))
238		atomic_dec_32(&zp->z_sync_cnt);
239
240	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
241	    ZTOV(zp)->v_type == VREG &&
242	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0)
243		VERIFY(fs_vscan(vp, cr, 1) == 0);
244
245	ZFS_EXIT(zfsvfs);
246	return (0);
247}
248
249/*
250 * Lseek support for finding holes (cmd == _FIO_SEEK_HOLE) and
251 * data (cmd == _FIO_SEEK_DATA). "off" is an in/out parameter.
252 */
253static int
254zfs_holey(vnode_t *vp, int cmd, offset_t *off)
255{
256	znode_t	*zp = VTOZ(vp);
257	uint64_t noff = (uint64_t)*off; /* new offset */
258	uint64_t file_sz;
259	int error;
260	boolean_t hole;
261
262	file_sz = zp->z_size;
263	if (noff >= file_sz)  {
264		return (SET_ERROR(ENXIO));
265	}
266
267	if (cmd == _FIO_SEEK_HOLE)
268		hole = B_TRUE;
269	else
270		hole = B_FALSE;
271
272	error = dmu_offset_next(zp->z_zfsvfs->z_os, zp->z_id, hole, &noff);
273
274	if (error == ESRCH)
275		return (SET_ERROR(ENXIO));
276
277	/*
278	 * We could find a hole that begins after the logical end-of-file,
279	 * because dmu_offset_next() only works on whole blocks.  If the
280	 * EOF falls mid-block, then indicate that the "virtual hole"
281	 * at the end of the file begins at the logical EOF, rather than
282	 * at the end of the last block.
283	 */
284	if (noff > file_sz) {
285		ASSERT(hole);
286		noff = file_sz;
287	}
288
289	if (noff < *off)
290		return (error);
291	*off = noff;
292	return (error);
293}
294
295/* ARGSUSED */
296static int
297zfs_ioctl(vnode_t *vp, int com, intptr_t data, int flag, cred_t *cred,
298    int *rvalp, caller_context_t *ct)
299{
300	offset_t off;
301	int error;
302	zfsvfs_t *zfsvfs;
303	znode_t *zp;
304
305	switch (com) {
306	case _FIOFFS:
307		return (zfs_sync(vp->v_vfsp, 0, cred));
308
309		/*
310		 * The following two ioctls are used by bfu.  Faking out,
311		 * necessary to avoid bfu errors.
312		 */
313	case _FIOGDIO:
314	case _FIOSDIO:
315		return (0);
316
317	case _FIO_SEEK_DATA:
318	case _FIO_SEEK_HOLE:
319		if (ddi_copyin((void *)data, &off, sizeof (off), flag))
320			return (SET_ERROR(EFAULT));
321
322		zp = VTOZ(vp);
323		zfsvfs = zp->z_zfsvfs;
324		ZFS_ENTER(zfsvfs);
325		ZFS_VERIFY_ZP(zp);
326
327		/* offset parameter is in/out */
328		error = zfs_holey(vp, com, &off);
329		ZFS_EXIT(zfsvfs);
330		if (error)
331			return (error);
332		if (ddi_copyout(&off, (void *)data, sizeof (off), flag))
333			return (SET_ERROR(EFAULT));
334		return (0);
335	}
336	return (SET_ERROR(ENOTTY));
337}
338
339/*
340 * Utility functions to map and unmap a single physical page.  These
341 * are used to manage the mappable copies of ZFS file data, and therefore
342 * do not update ref/mod bits.
343 */
344caddr_t
345zfs_map_page(page_t *pp, enum seg_rw rw)
346{
347	if (kpm_enable)
348		return (hat_kpm_mapin(pp, 0));
349	ASSERT(rw == S_READ || rw == S_WRITE);
350	return (ppmapin(pp, PROT_READ | ((rw == S_WRITE) ? PROT_WRITE : 0),
351	    (caddr_t)-1));
352}
353
354void
355zfs_unmap_page(page_t *pp, caddr_t addr)
356{
357	if (kpm_enable) {
358		hat_kpm_mapout(pp, 0, addr);
359	} else {
360		ppmapout(addr);
361	}
362}
363
364/*
365 * When a file is memory mapped, we must keep the IO data synchronized
366 * between the DMU cache and the memory mapped pages.  What this means:
367 *
368 * On Write:	If we find a memory mapped page, we write to *both*
369 *		the page and the dmu buffer.
370 */
371static void
372update_pages(vnode_t *vp, int64_t start, int len, objset_t *os, uint64_t oid)
373{
374	int64_t	off;
375
376	off = start & PAGEOFFSET;
377	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
378		page_t *pp;
379		uint64_t nbytes = MIN(PAGESIZE - off, len);
380
381		if (pp = page_lookup(vp, start, SE_SHARED)) {
382			caddr_t va;
383
384			va = zfs_map_page(pp, S_WRITE);
385			(void) dmu_read(os, oid, start+off, nbytes, va+off,
386			    DMU_READ_PREFETCH);
387			zfs_unmap_page(pp, va);
388			page_unlock(pp);
389		}
390		len -= nbytes;
391		off = 0;
392	}
393}
394
395/*
396 * When a file is memory mapped, we must keep the IO data synchronized
397 * between the DMU cache and the memory mapped pages.  What this means:
398 *
399 * On Read:	We "read" preferentially from memory mapped pages,
400 *		else we default from the dmu buffer.
401 *
402 * NOTE: We will always "break up" the IO into PAGESIZE uiomoves when
403 *	 the file is memory mapped.
404 */
405static int
406mappedread(vnode_t *vp, int nbytes, uio_t *uio)
407{
408	znode_t *zp = VTOZ(vp);
409	int64_t	start, off;
410	int len = nbytes;
411	int error = 0;
412
413	start = uio->uio_loffset;
414	off = start & PAGEOFFSET;
415	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
416		page_t *pp;
417		uint64_t bytes = MIN(PAGESIZE - off, len);
418
419		if (pp = page_lookup(vp, start, SE_SHARED)) {
420			caddr_t va;
421
422			va = zfs_map_page(pp, S_READ);
423			error = uiomove(va + off, bytes, UIO_READ, uio);
424			zfs_unmap_page(pp, va);
425			page_unlock(pp);
426		} else {
427			error = dmu_read_uio_dbuf(sa_get_db(zp->z_sa_hdl),
428			    uio, bytes);
429		}
430		len -= bytes;
431		off = 0;
432		if (error)
433			break;
434	}
435	return (error);
436}
437
438offset_t zfs_read_chunk_size = 1024 * 1024; /* Tunable */
439
440/*
441 * Read bytes from specified file into supplied buffer.
442 *
443 *	IN:	vp	- vnode of file to be read from.
444 *		uio	- structure supplying read location, range info,
445 *			  and return buffer.
446 *		ioflag	- SYNC flags; used to provide FRSYNC semantics.
447 *		cr	- credentials of caller.
448 *		ct	- caller context
449 *
450 *	OUT:	uio	- updated offset and range, buffer filled.
451 *
452 *	RETURN:	0 on success, error code on failure.
453 *
454 * Side Effects:
455 *	vp - atime updated if byte count > 0
456 */
457/* ARGSUSED */
458static int
459zfs_read(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
460{
461	znode_t		*zp = VTOZ(vp);
462	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
463	ssize_t		n, nbytes;
464	int		error = 0;
465	rl_t		*rl;
466	xuio_t		*xuio = NULL;
467
468	ZFS_ENTER(zfsvfs);
469	ZFS_VERIFY_ZP(zp);
470
471	if (zp->z_pflags & ZFS_AV_QUARANTINED) {
472		ZFS_EXIT(zfsvfs);
473		return (SET_ERROR(EACCES));
474	}
475
476	/*
477	 * Validate file offset
478	 */
479	if (uio->uio_loffset < (offset_t)0) {
480		ZFS_EXIT(zfsvfs);
481		return (SET_ERROR(EINVAL));
482	}
483
484	/*
485	 * Fasttrack empty reads
486	 */
487	if (uio->uio_resid == 0) {
488		ZFS_EXIT(zfsvfs);
489		return (0);
490	}
491
492	/*
493	 * Check for mandatory locks
494	 */
495	if (MANDMODE(zp->z_mode)) {
496		if (error = chklock(vp, FREAD,
497		    uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct)) {
498			ZFS_EXIT(zfsvfs);
499			return (error);
500		}
501	}
502
503	/*
504	 * If we're in FRSYNC mode, sync out this znode before reading it.
505	 */
506	if (ioflag & FRSYNC || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
507		zil_commit(zfsvfs->z_log, zp->z_id);
508
509	/*
510	 * Lock the range against changes.
511	 */
512	rl = zfs_range_lock(zp, uio->uio_loffset, uio->uio_resid, RL_READER);
513
514	/*
515	 * If we are reading past end-of-file we can skip
516	 * to the end; but we might still need to set atime.
517	 */
518	if (uio->uio_loffset >= zp->z_size) {
519		error = 0;
520		goto out;
521	}
522
523	ASSERT(uio->uio_loffset < zp->z_size);
524	n = MIN(uio->uio_resid, zp->z_size - uio->uio_loffset);
525
526	if ((uio->uio_extflg == UIO_XUIO) &&
527	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY)) {
528		int nblk;
529		int blksz = zp->z_blksz;
530		uint64_t offset = uio->uio_loffset;
531
532		xuio = (xuio_t *)uio;
533		if ((ISP2(blksz))) {
534			nblk = (P2ROUNDUP(offset + n, blksz) - P2ALIGN(offset,
535			    blksz)) / blksz;
536		} else {
537			ASSERT(offset + n <= blksz);
538			nblk = 1;
539		}
540		(void) dmu_xuio_init(xuio, nblk);
541
542		if (vn_has_cached_data(vp)) {
543			/*
544			 * For simplicity, we always allocate a full buffer
545			 * even if we only expect to read a portion of a block.
546			 */
547			while (--nblk >= 0) {
548				(void) dmu_xuio_add(xuio,
549				    dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
550				    blksz), 0, blksz);
551			}
552		}
553	}
554
555	while (n > 0) {
556		nbytes = MIN(n, zfs_read_chunk_size -
557		    P2PHASE(uio->uio_loffset, zfs_read_chunk_size));
558
559		if (vn_has_cached_data(vp)) {
560			error = mappedread(vp, nbytes, uio);
561		} else {
562			error = dmu_read_uio_dbuf(sa_get_db(zp->z_sa_hdl),
563			    uio, nbytes);
564		}
565		if (error) {
566			/* convert checksum errors into IO errors */
567			if (error == ECKSUM)
568				error = SET_ERROR(EIO);
569			break;
570		}
571
572		n -= nbytes;
573	}
574out:
575	zfs_range_unlock(rl);
576
577	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
578	ZFS_EXIT(zfsvfs);
579	return (error);
580}
581
582/*
583 * Write the bytes to a file.
584 *
585 *	IN:	vp	- vnode of file to be written to.
586 *		uio	- structure supplying write location, range info,
587 *			  and data buffer.
588 *		ioflag	- FAPPEND, FSYNC, and/or FDSYNC.  FAPPEND is
589 *			  set if in append mode.
590 *		cr	- credentials of caller.
591 *		ct	- caller context (NFS/CIFS fem monitor only)
592 *
593 *	OUT:	uio	- updated offset and range.
594 *
595 *	RETURN:	0 on success, error code on failure.
596 *
597 * Timestamps:
598 *	vp - ctime|mtime updated if byte count > 0
599 */
600
601/* ARGSUSED */
602static int
603zfs_write(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
604{
605	znode_t		*zp = VTOZ(vp);
606	rlim64_t	limit = uio->uio_llimit;
607	ssize_t		start_resid = uio->uio_resid;
608	ssize_t		tx_bytes;
609	uint64_t	end_size;
610	dmu_tx_t	*tx;
611	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
612	zilog_t		*zilog;
613	offset_t	woff;
614	ssize_t		n, nbytes;
615	rl_t		*rl;
616	int		max_blksz = zfsvfs->z_max_blksz;
617	int		error = 0;
618	arc_buf_t	*abuf;
619	iovec_t		*aiov = NULL;
620	xuio_t		*xuio = NULL;
621	int		i_iov = 0;
622	int		iovcnt = uio->uio_iovcnt;
623	iovec_t		*iovp = uio->uio_iov;
624	int		write_eof;
625	int		count = 0;
626	sa_bulk_attr_t	bulk[4];
627	uint64_t	mtime[2], ctime[2];
628
629	/*
630	 * Fasttrack empty write
631	 */
632	n = start_resid;
633	if (n == 0)
634		return (0);
635
636	if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
637		limit = MAXOFFSET_T;
638
639	ZFS_ENTER(zfsvfs);
640	ZFS_VERIFY_ZP(zp);
641
642	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
643	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
644	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,
645	    &zp->z_size, 8);
646	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
647	    &zp->z_pflags, 8);
648
649	/*
650	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
651	 * callers might not be able to detect properly that we are read-only,
652	 * so check it explicitly here.
653	 */
654	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
655		ZFS_EXIT(zfsvfs);
656		return (SET_ERROR(EROFS));
657	}
658
659	/*
660	 * If immutable or not appending then return EPERM
661	 */
662	if ((zp->z_pflags & (ZFS_IMMUTABLE | ZFS_READONLY)) ||
663	    ((zp->z_pflags & ZFS_APPENDONLY) && !(ioflag & FAPPEND) &&
664	    (uio->uio_loffset < zp->z_size))) {
665		ZFS_EXIT(zfsvfs);
666		return (SET_ERROR(EPERM));
667	}
668
669	zilog = zfsvfs->z_log;
670
671	/*
672	 * Validate file offset
673	 */
674	woff = ioflag & FAPPEND ? zp->z_size : uio->uio_loffset;
675	if (woff < 0) {
676		ZFS_EXIT(zfsvfs);
677		return (SET_ERROR(EINVAL));
678	}
679
680	/*
681	 * Check for mandatory locks before calling zfs_range_lock()
682	 * in order to prevent a deadlock with locks set via fcntl().
683	 */
684	if (MANDMODE((mode_t)zp->z_mode) &&
685	    (error = chklock(vp, FWRITE, woff, n, uio->uio_fmode, ct)) != 0) {
686		ZFS_EXIT(zfsvfs);
687		return (error);
688	}
689
690	/*
691	 * Pre-fault the pages to ensure slow (eg NFS) pages
692	 * don't hold up txg.
693	 * Skip this if uio contains loaned arc_buf.
694	 */
695	if ((uio->uio_extflg == UIO_XUIO) &&
696	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY))
697		xuio = (xuio_t *)uio;
698	else
699		uio_prefaultpages(MIN(n, max_blksz), uio);
700
701	/*
702	 * If in append mode, set the io offset pointer to eof.
703	 */
704	if (ioflag & FAPPEND) {
705		/*
706		 * Obtain an appending range lock to guarantee file append
707		 * semantics.  We reset the write offset once we have the lock.
708		 */
709		rl = zfs_range_lock(zp, 0, n, RL_APPEND);
710		woff = rl->r_off;
711		if (rl->r_len == UINT64_MAX) {
712			/*
713			 * We overlocked the file because this write will cause
714			 * the file block size to increase.
715			 * Note that zp_size cannot change with this lock held.
716			 */
717			woff = zp->z_size;
718		}
719		uio->uio_loffset = woff;
720	} else {
721		/*
722		 * Note that if the file block size will change as a result of
723		 * this write, then this range lock will lock the entire file
724		 * so that we can re-write the block safely.
725		 */
726		rl = zfs_range_lock(zp, woff, n, RL_WRITER);
727	}
728
729	if (woff >= limit) {
730		zfs_range_unlock(rl);
731		ZFS_EXIT(zfsvfs);
732		return (SET_ERROR(EFBIG));
733	}
734
735	if ((woff + n) > limit || woff > (limit - n))
736		n = limit - woff;
737
738	/* Will this write extend the file length? */
739	write_eof = (woff + n > zp->z_size);
740
741	end_size = MAX(zp->z_size, woff + n);
742
743	/*
744	 * Write the file in reasonable size chunks.  Each chunk is written
745	 * in a separate transaction; this keeps the intent log records small
746	 * and allows us to do more fine-grained space accounting.
747	 */
748	while (n > 0) {
749		abuf = NULL;
750		woff = uio->uio_loffset;
751		if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
752		    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
753			if (abuf != NULL)
754				dmu_return_arcbuf(abuf);
755			error = SET_ERROR(EDQUOT);
756			break;
757		}
758
759		if (xuio && abuf == NULL) {
760			ASSERT(i_iov < iovcnt);
761			aiov = &iovp[i_iov];
762			abuf = dmu_xuio_arcbuf(xuio, i_iov);
763			dmu_xuio_clear(xuio, i_iov);
764			DTRACE_PROBE3(zfs_cp_write, int, i_iov,
765			    iovec_t *, aiov, arc_buf_t *, abuf);
766			ASSERT((aiov->iov_base == abuf->b_data) ||
767			    ((char *)aiov->iov_base - (char *)abuf->b_data +
768			    aiov->iov_len == arc_buf_size(abuf)));
769			i_iov++;
770		} else if (abuf == NULL && n >= max_blksz &&
771		    woff >= zp->z_size &&
772		    P2PHASE(woff, max_blksz) == 0 &&
773		    zp->z_blksz == max_blksz) {
774			/*
775			 * This write covers a full block.  "Borrow" a buffer
776			 * from the dmu so that we can fill it before we enter
777			 * a transaction.  This avoids the possibility of
778			 * holding up the transaction if the data copy hangs
779			 * up on a pagefault (e.g., from an NFS server mapping).
780			 */
781			size_t cbytes;
782
783			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
784			    max_blksz);
785			ASSERT(abuf != NULL);
786			ASSERT(arc_buf_size(abuf) == max_blksz);
787			if (error = uiocopy(abuf->b_data, max_blksz,
788			    UIO_WRITE, uio, &cbytes)) {
789				dmu_return_arcbuf(abuf);
790				break;
791			}
792			ASSERT(cbytes == max_blksz);
793		}
794
795		/*
796		 * Start a transaction.
797		 */
798		tx = dmu_tx_create(zfsvfs->z_os);
799		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
800		dmu_tx_hold_write(tx, zp->z_id, woff, MIN(n, max_blksz));
801		zfs_sa_upgrade_txholds(tx, zp);
802		error = dmu_tx_assign(tx, TXG_WAIT);
803		if (error) {
804			dmu_tx_abort(tx);
805			if (abuf != NULL)
806				dmu_return_arcbuf(abuf);
807			break;
808		}
809
810		/*
811		 * If zfs_range_lock() over-locked we grow the blocksize
812		 * and then reduce the lock range.  This will only happen
813		 * on the first iteration since zfs_range_reduce() will
814		 * shrink down r_len to the appropriate size.
815		 */
816		if (rl->r_len == UINT64_MAX) {
817			uint64_t new_blksz;
818
819			if (zp->z_blksz > max_blksz) {
820				/*
821				 * File's blocksize is already larger than the
822				 * "recordsize" property.  Only let it grow to
823				 * the next power of 2.
824				 */
825				ASSERT(!ISP2(zp->z_blksz));
826				new_blksz = MIN(end_size,
827				    1 << highbit64(zp->z_blksz));
828			} else {
829				new_blksz = MIN(end_size, max_blksz);
830			}
831			zfs_grow_blocksize(zp, new_blksz, tx);
832			zfs_range_reduce(rl, woff, n);
833		}
834
835		/*
836		 * XXX - should we really limit each write to z_max_blksz?
837		 * Perhaps we should use SPA_MAXBLOCKSIZE chunks?
838		 */
839		nbytes = MIN(n, max_blksz - P2PHASE(woff, max_blksz));
840
841		if (abuf == NULL) {
842			tx_bytes = uio->uio_resid;
843			error = dmu_write_uio_dbuf(sa_get_db(zp->z_sa_hdl),
844			    uio, nbytes, tx);
845			tx_bytes -= uio->uio_resid;
846		} else {
847			tx_bytes = nbytes;
848			ASSERT(xuio == NULL || tx_bytes == aiov->iov_len);
849			/*
850			 * If this is not a full block write, but we are
851			 * extending the file past EOF and this data starts
852			 * block-aligned, use assign_arcbuf().  Otherwise,
853			 * write via dmu_write().
854			 */
855			if (tx_bytes < max_blksz && (!write_eof ||
856			    aiov->iov_base != abuf->b_data)) {
857				ASSERT(xuio);
858				dmu_write(zfsvfs->z_os, zp->z_id, woff,
859				    aiov->iov_len, aiov->iov_base, tx);
860				dmu_return_arcbuf(abuf);
861				xuio_stat_wbuf_copied();
862			} else {
863				ASSERT(xuio || tx_bytes == max_blksz);
864				dmu_assign_arcbuf(sa_get_db(zp->z_sa_hdl),
865				    woff, abuf, tx);
866			}
867			ASSERT(tx_bytes <= uio->uio_resid);
868			uioskip(uio, tx_bytes);
869		}
870		if (tx_bytes && vn_has_cached_data(vp)) {
871			update_pages(vp, woff,
872			    tx_bytes, zfsvfs->z_os, zp->z_id);
873		}
874
875		/*
876		 * If we made no progress, we're done.  If we made even
877		 * partial progress, update the znode and ZIL accordingly.
878		 */
879		if (tx_bytes == 0) {
880			(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
881			    (void *)&zp->z_size, sizeof (uint64_t), tx);
882			dmu_tx_commit(tx);
883			ASSERT(error != 0);
884			break;
885		}
886
887		/*
888		 * Clear Set-UID/Set-GID bits on successful write if not
889		 * privileged and at least one of the excute bits is set.
890		 *
891		 * It would be nice to to this after all writes have
892		 * been done, but that would still expose the ISUID/ISGID
893		 * to another app after the partial write is committed.
894		 *
895		 * Note: we don't call zfs_fuid_map_id() here because
896		 * user 0 is not an ephemeral uid.
897		 */
898		mutex_enter(&zp->z_acl_lock);
899		if ((zp->z_mode & (S_IXUSR | (S_IXUSR >> 3) |
900		    (S_IXUSR >> 6))) != 0 &&
901		    (zp->z_mode & (S_ISUID | S_ISGID)) != 0 &&
902		    secpolicy_vnode_setid_retain(cr,
903		    (zp->z_mode & S_ISUID) != 0 && zp->z_uid == 0) != 0) {
904			uint64_t newmode;
905			zp->z_mode &= ~(S_ISUID | S_ISGID);
906			newmode = zp->z_mode;
907			(void) sa_update(zp->z_sa_hdl, SA_ZPL_MODE(zfsvfs),
908			    (void *)&newmode, sizeof (uint64_t), tx);
909		}
910		mutex_exit(&zp->z_acl_lock);
911
912		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
913		    B_TRUE);
914
915		/*
916		 * Update the file size (zp_size) if it has changed;
917		 * account for possible concurrent updates.
918		 */
919		while ((end_size = zp->z_size) < uio->uio_loffset) {
920			(void) atomic_cas_64(&zp->z_size, end_size,
921			    uio->uio_loffset);
922			ASSERT(error == 0);
923		}
924		/*
925		 * If we are replaying and eof is non zero then force
926		 * the file size to the specified eof. Note, there's no
927		 * concurrency during replay.
928		 */
929		if (zfsvfs->z_replay && zfsvfs->z_replay_eof != 0)
930			zp->z_size = zfsvfs->z_replay_eof;
931
932		error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
933
934		zfs_log_write(zilog, tx, TX_WRITE, zp, woff, tx_bytes, ioflag);
935		dmu_tx_commit(tx);
936
937		if (error != 0)
938			break;
939		ASSERT(tx_bytes == nbytes);
940		n -= nbytes;
941
942		if (!xuio && n > 0)
943			uio_prefaultpages(MIN(n, max_blksz), uio);
944	}
945
946	zfs_range_unlock(rl);
947
948	/*
949	 * If we're in replay mode, or we made no progress, return error.
950	 * Otherwise, it's at least a partial write, so it's successful.
951	 */
952	if (zfsvfs->z_replay || uio->uio_resid == start_resid) {
953		ZFS_EXIT(zfsvfs);
954		return (error);
955	}
956
957	if (ioflag & (FSYNC | FDSYNC) ||
958	    zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
959		zil_commit(zilog, zp->z_id);
960
961	ZFS_EXIT(zfsvfs);
962	return (0);
963}
964
965void
966zfs_get_done(zgd_t *zgd, int error)
967{
968	znode_t *zp = zgd->zgd_private;
969	objset_t *os = zp->z_zfsvfs->z_os;
970
971	if (zgd->zgd_db)
972		dmu_buf_rele(zgd->zgd_db, zgd);
973
974	zfs_range_unlock(zgd->zgd_rl);
975
976	/*
977	 * Release the vnode asynchronously as we currently have the
978	 * txg stopped from syncing.
979	 */
980	VN_RELE_ASYNC(ZTOV(zp), dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
981
982	if (error == 0 && zgd->zgd_bp)
983		zil_add_block(zgd->zgd_zilog, zgd->zgd_bp);
984
985	kmem_free(zgd, sizeof (zgd_t));
986}
987
988#ifdef DEBUG
989static int zil_fault_io = 0;
990#endif
991
992/*
993 * Get data to generate a TX_WRITE intent log record.
994 */
995int
996zfs_get_data(void *arg, lr_write_t *lr, char *buf, zio_t *zio)
997{
998	zfsvfs_t *zfsvfs = arg;
999	objset_t *os = zfsvfs->z_os;
1000	znode_t *zp;
1001	uint64_t object = lr->lr_foid;
1002	uint64_t offset = lr->lr_offset;
1003	uint64_t size = lr->lr_length;
1004	blkptr_t *bp = &lr->lr_blkptr;
1005	dmu_buf_t *db;
1006	zgd_t *zgd;
1007	int error = 0;
1008
1009	ASSERT(zio != NULL);
1010	ASSERT(size != 0);
1011
1012	/*
1013	 * Nothing to do if the file has been removed
1014	 */
1015	if (zfs_zget(zfsvfs, object, &zp) != 0)
1016		return (SET_ERROR(ENOENT));
1017	if (zp->z_unlinked) {
1018		/*
1019		 * Release the vnode asynchronously as we currently have the
1020		 * txg stopped from syncing.
1021		 */
1022		VN_RELE_ASYNC(ZTOV(zp),
1023		    dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
1024		return (SET_ERROR(ENOENT));
1025	}
1026
1027	zgd = (zgd_t *)kmem_zalloc(sizeof (zgd_t), KM_SLEEP);
1028	zgd->zgd_zilog = zfsvfs->z_log;
1029	zgd->zgd_private = zp;
1030
1031	/*
1032	 * Write records come in two flavors: immediate and indirect.
1033	 * For small writes it's cheaper to store the data with the
1034	 * log record (immediate); for large writes it's cheaper to
1035	 * sync the data and get a pointer to it (indirect) so that
1036	 * we don't have to write the data twice.
1037	 */
1038	if (buf != NULL) { /* immediate write */
1039		zgd->zgd_rl = zfs_range_lock(zp, offset, size, RL_READER);
1040		/* test for truncation needs to be done while range locked */
1041		if (offset >= zp->z_size) {
1042			error = SET_ERROR(ENOENT);
1043		} else {
1044			error = dmu_read(os, object, offset, size, buf,
1045			    DMU_READ_NO_PREFETCH);
1046		}
1047		ASSERT(error == 0 || error == ENOENT);
1048	} else { /* indirect write */
1049		/*
1050		 * Have to lock the whole block to ensure when it's
1051		 * written out and it's checksum is being calculated
1052		 * that no one can change the data. We need to re-check
1053		 * blocksize after we get the lock in case it's changed!
1054		 */
1055		for (;;) {
1056			uint64_t blkoff;
1057			size = zp->z_blksz;
1058			blkoff = ISP2(size) ? P2PHASE(offset, size) : offset;
1059			offset -= blkoff;
1060			zgd->zgd_rl = zfs_range_lock(zp, offset, size,
1061			    RL_READER);
1062			if (zp->z_blksz == size)
1063				break;
1064			offset += blkoff;
1065			zfs_range_unlock(zgd->zgd_rl);
1066		}
1067		/* test for truncation needs to be done while range locked */
1068		if (lr->lr_offset >= zp->z_size)
1069			error = SET_ERROR(ENOENT);
1070#ifdef DEBUG
1071		if (zil_fault_io) {
1072			error = SET_ERROR(EIO);
1073			zil_fault_io = 0;
1074		}
1075#endif
1076		if (error == 0)
1077			error = dmu_buf_hold(os, object, offset, zgd, &db,
1078			    DMU_READ_NO_PREFETCH);
1079
1080		if (error == 0) {
1081			blkptr_t *obp = dmu_buf_get_blkptr(db);
1082			if (obp) {
1083				ASSERT(BP_IS_HOLE(bp));
1084				*bp = *obp;
1085			}
1086
1087			zgd->zgd_db = db;
1088			zgd->zgd_bp = bp;
1089
1090			ASSERT(db->db_offset == offset);
1091			ASSERT(db->db_size == size);
1092
1093			error = dmu_sync(zio, lr->lr_common.lrc_txg,
1094			    zfs_get_done, zgd);
1095			ASSERT(error || lr->lr_length <= zp->z_blksz);
1096
1097			/*
1098			 * On success, we need to wait for the write I/O
1099			 * initiated by dmu_sync() to complete before we can
1100			 * release this dbuf.  We will finish everything up
1101			 * in the zfs_get_done() callback.
1102			 */
1103			if (error == 0)
1104				return (0);
1105
1106			if (error == EALREADY) {
1107				lr->lr_common.lrc_txtype = TX_WRITE2;
1108				error = 0;
1109			}
1110		}
1111	}
1112
1113	zfs_get_done(zgd, error);
1114
1115	return (error);
1116}
1117
1118/*ARGSUSED*/
1119static int
1120zfs_access(vnode_t *vp, int mode, int flag, cred_t *cr,
1121    caller_context_t *ct)
1122{
1123	znode_t *zp = VTOZ(vp);
1124	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1125	int error;
1126
1127	ZFS_ENTER(zfsvfs);
1128	ZFS_VERIFY_ZP(zp);
1129
1130	if (flag & V_ACE_MASK)
1131		error = zfs_zaccess(zp, mode, flag, B_FALSE, cr);
1132	else
1133		error = zfs_zaccess_rwx(zp, mode, flag, cr);
1134
1135	ZFS_EXIT(zfsvfs);
1136	return (error);
1137}
1138
1139/*
1140 * If vnode is for a device return a specfs vnode instead.
1141 */
1142static int
1143specvp_check(vnode_t **vpp, cred_t *cr)
1144{
1145	int error = 0;
1146
1147	if (IS_DEVVP(*vpp)) {
1148		struct vnode *svp;
1149
1150		svp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type, cr);
1151		VN_RELE(*vpp);
1152		if (svp == NULL)
1153			error = SET_ERROR(ENOSYS);
1154		*vpp = svp;
1155	}
1156	return (error);
1157}
1158
1159
1160/*
1161 * Lookup an entry in a directory, or an extended attribute directory.
1162 * If it exists, return a held vnode reference for it.
1163 *
1164 *	IN:	dvp	- vnode of directory to search.
1165 *		nm	- name of entry to lookup.
1166 *		pnp	- full pathname to lookup [UNUSED].
1167 *		flags	- LOOKUP_XATTR set if looking for an attribute.
1168 *		rdir	- root directory vnode [UNUSED].
1169 *		cr	- credentials of caller.
1170 *		ct	- caller context
1171 *		direntflags - directory lookup flags
1172 *		realpnp - returned pathname.
1173 *
1174 *	OUT:	vpp	- vnode of located entry, NULL if not found.
1175 *
1176 *	RETURN:	0 on success, error code on failure.
1177 *
1178 * Timestamps:
1179 *	NA
1180 */
1181/* ARGSUSED */
1182static int
1183zfs_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1184    int flags, vnode_t *rdir, cred_t *cr,  caller_context_t *ct,
1185    int *direntflags, pathname_t *realpnp)
1186{
1187	znode_t *zdp = VTOZ(dvp);
1188	zfsvfs_t *zfsvfs = zdp->z_zfsvfs;
1189	int	error = 0;
1190
1191	/* fast path */
1192	if (!(flags & (LOOKUP_XATTR | FIGNORECASE))) {
1193
1194		if (dvp->v_type != VDIR) {
1195			return (SET_ERROR(ENOTDIR));
1196		} else if (zdp->z_sa_hdl == NULL) {
1197			return (SET_ERROR(EIO));
1198		}
1199
1200		if (nm[0] == 0 || (nm[0] == '.' && nm[1] == '\0')) {
1201			error = zfs_fastaccesschk_execute(zdp, cr);
1202			if (!error) {
1203				*vpp = dvp;
1204				VN_HOLD(*vpp);
1205				return (0);
1206			}
1207			return (error);
1208		} else {
1209			vnode_t *tvp = dnlc_lookup(dvp, nm);
1210
1211			if (tvp) {
1212				error = zfs_fastaccesschk_execute(zdp, cr);
1213				if (error) {
1214					VN_RELE(tvp);
1215					return (error);
1216				}
1217				if (tvp == DNLC_NO_VNODE) {
1218					VN_RELE(tvp);
1219					return (SET_ERROR(ENOENT));
1220				} else {
1221					*vpp = tvp;
1222					return (specvp_check(vpp, cr));
1223				}
1224			}
1225		}
1226	}
1227
1228	DTRACE_PROBE2(zfs__fastpath__lookup__miss, vnode_t *, dvp, char *, nm);
1229
1230	ZFS_ENTER(zfsvfs);
1231	ZFS_VERIFY_ZP(zdp);
1232
1233	*vpp = NULL;
1234
1235	if (flags & LOOKUP_XATTR) {
1236		/*
1237		 * If the xattr property is off, refuse the lookup request.
1238		 */
1239		if (!(zfsvfs->z_vfs->vfs_flag & VFS_XATTR)) {
1240			ZFS_EXIT(zfsvfs);
1241			return (SET_ERROR(EINVAL));
1242		}
1243
1244		/*
1245		 * We don't allow recursive attributes..
1246		 * Maybe someday we will.
1247		 */
1248		if (zdp->z_pflags & ZFS_XATTR) {
1249			ZFS_EXIT(zfsvfs);
1250			return (SET_ERROR(EINVAL));
1251		}
1252
1253		if (error = zfs_get_xattrdir(VTOZ(dvp), vpp, cr, flags)) {
1254			ZFS_EXIT(zfsvfs);
1255			return (error);
1256		}
1257
1258		/*
1259		 * Do we have permission to get into attribute directory?
1260		 */
1261
1262		if (error = zfs_zaccess(VTOZ(*vpp), ACE_EXECUTE, 0,
1263		    B_FALSE, cr)) {
1264			VN_RELE(*vpp);
1265			*vpp = NULL;
1266		}
1267
1268		ZFS_EXIT(zfsvfs);
1269		return (error);
1270	}
1271
1272	if (dvp->v_type != VDIR) {
1273		ZFS_EXIT(zfsvfs);
1274		return (SET_ERROR(ENOTDIR));
1275	}
1276
1277	/*
1278	 * Check accessibility of directory.
1279	 */
1280
1281	if (error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr)) {
1282		ZFS_EXIT(zfsvfs);
1283		return (error);
1284	}
1285
1286	if (zfsvfs->z_utf8 && u8_validate(nm, strlen(nm),
1287	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1288		ZFS_EXIT(zfsvfs);
1289		return (SET_ERROR(EILSEQ));
1290	}
1291
1292	error = zfs_dirlook(zdp, nm, vpp, flags, direntflags, realpnp);
1293	if (error == 0)
1294		error = specvp_check(vpp, cr);
1295
1296	ZFS_EXIT(zfsvfs);
1297	return (error);
1298}
1299
1300/*
1301 * Attempt to create a new entry in a directory.  If the entry
1302 * already exists, truncate the file if permissible, else return
1303 * an error.  Return the vp of the created or trunc'd file.
1304 *
1305 *	IN:	dvp	- vnode of directory to put new file entry in.
1306 *		name	- name of new file entry.
1307 *		vap	- attributes of new file.
1308 *		excl	- flag indicating exclusive or non-exclusive mode.
1309 *		mode	- mode to open file with.
1310 *		cr	- credentials of caller.
1311 *		flag	- large file flag [UNUSED].
1312 *		ct	- caller context
1313 *		vsecp	- ACL to be set
1314 *
1315 *	OUT:	vpp	- vnode of created or trunc'd entry.
1316 *
1317 *	RETURN:	0 on success, error code on failure.
1318 *
1319 * Timestamps:
1320 *	dvp - ctime|mtime updated if new entry created
1321 *	 vp - ctime|mtime always, atime if new
1322 */
1323
1324/* ARGSUSED */
1325static int
1326zfs_create(vnode_t *dvp, char *name, vattr_t *vap, vcexcl_t excl,
1327    int mode, vnode_t **vpp, cred_t *cr, int flag, caller_context_t *ct,
1328    vsecattr_t *vsecp)
1329{
1330	znode_t		*zp, *dzp = VTOZ(dvp);
1331	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1332	zilog_t		*zilog;
1333	objset_t	*os;
1334	zfs_dirlock_t	*dl;
1335	dmu_tx_t	*tx;
1336	int		error;
1337	ksid_t		*ksid;
1338	uid_t		uid;
1339	gid_t		gid = crgetgid(cr);
1340	zfs_acl_ids_t   acl_ids;
1341	boolean_t	fuid_dirtied;
1342	boolean_t	have_acl = B_FALSE;
1343	boolean_t	waited = B_FALSE;
1344
1345	/*
1346	 * If we have an ephemeral id, ACL, or XVATTR then
1347	 * make sure file system is at proper version
1348	 */
1349
1350	ksid = crgetsid(cr, KSID_OWNER);
1351	if (ksid)
1352		uid = ksid_getid(ksid);
1353	else
1354		uid = crgetuid(cr);
1355
1356	if (zfsvfs->z_use_fuids == B_FALSE &&
1357	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1358	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1359		return (SET_ERROR(EINVAL));
1360
1361	ZFS_ENTER(zfsvfs);
1362	ZFS_VERIFY_ZP(dzp);
1363	os = zfsvfs->z_os;
1364	zilog = zfsvfs->z_log;
1365
1366	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
1367	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1368		ZFS_EXIT(zfsvfs);
1369		return (SET_ERROR(EILSEQ));
1370	}
1371
1372	if (vap->va_mask & AT_XVATTR) {
1373		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1374		    crgetuid(cr), cr, vap->va_type)) != 0) {
1375			ZFS_EXIT(zfsvfs);
1376			return (error);
1377		}
1378	}
1379top:
1380	*vpp = NULL;
1381
1382	if ((vap->va_mode & VSVTX) && secpolicy_vnode_stky_modify(cr))
1383		vap->va_mode &= ~VSVTX;
1384
1385	if (*name == '\0') {
1386		/*
1387		 * Null component name refers to the directory itself.
1388		 */
1389		VN_HOLD(dvp);
1390		zp = dzp;
1391		dl = NULL;
1392		error = 0;
1393	} else {
1394		/* possible VN_HOLD(zp) */
1395		int zflg = 0;
1396
1397		if (flag & FIGNORECASE)
1398			zflg |= ZCILOOK;
1399
1400		error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1401		    NULL, NULL);
1402		if (error) {
1403			if (have_acl)
1404				zfs_acl_ids_free(&acl_ids);
1405			if (strcmp(name, "..") == 0)
1406				error = SET_ERROR(EISDIR);
1407			ZFS_EXIT(zfsvfs);
1408			return (error);
1409		}
1410	}
1411
1412	if (zp == NULL) {
1413		uint64_t txtype;
1414
1415		/*
1416		 * Create a new file object and update the directory
1417		 * to reference it.
1418		 */
1419		if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
1420			if (have_acl)
1421				zfs_acl_ids_free(&acl_ids);
1422			goto out;
1423		}
1424
1425		/*
1426		 * We only support the creation of regular files in
1427		 * extended attribute directories.
1428		 */
1429
1430		if ((dzp->z_pflags & ZFS_XATTR) &&
1431		    (vap->va_type != VREG)) {
1432			if (have_acl)
1433				zfs_acl_ids_free(&acl_ids);
1434			error = SET_ERROR(EINVAL);
1435			goto out;
1436		}
1437
1438		if (!have_acl && (error = zfs_acl_ids_create(dzp, 0, vap,
1439		    cr, vsecp, &acl_ids)) != 0)
1440			goto out;
1441		have_acl = B_TRUE;
1442
1443		if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1444			zfs_acl_ids_free(&acl_ids);
1445			error = SET_ERROR(EDQUOT);
1446			goto out;
1447		}
1448
1449		tx = dmu_tx_create(os);
1450
1451		dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1452		    ZFS_SA_BASE_ATTR_SIZE);
1453
1454		fuid_dirtied = zfsvfs->z_fuid_dirty;
1455		if (fuid_dirtied)
1456			zfs_fuid_txhold(zfsvfs, tx);
1457		dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
1458		dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
1459		if (!zfsvfs->z_use_sa &&
1460		    acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1461			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
1462			    0, acl_ids.z_aclp->z_acl_bytes);
1463		}
1464		error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1465		if (error) {
1466			zfs_dirent_unlock(dl);
1467			if (error == ERESTART) {
1468				waited = B_TRUE;
1469				dmu_tx_wait(tx);
1470				dmu_tx_abort(tx);
1471				goto top;
1472			}
1473			zfs_acl_ids_free(&acl_ids);
1474			dmu_tx_abort(tx);
1475			ZFS_EXIT(zfsvfs);
1476			return (error);
1477		}
1478		zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1479
1480		if (fuid_dirtied)
1481			zfs_fuid_sync(zfsvfs, tx);
1482
1483		(void) zfs_link_create(dl, zp, tx, ZNEW);
1484		txtype = zfs_log_create_txtype(Z_FILE, vsecp, vap);
1485		if (flag & FIGNORECASE)
1486			txtype |= TX_CI;
1487		zfs_log_create(zilog, tx, txtype, dzp, zp, name,
1488		    vsecp, acl_ids.z_fuidp, vap);
1489		zfs_acl_ids_free(&acl_ids);
1490		dmu_tx_commit(tx);
1491	} else {
1492		int aflags = (flag & FAPPEND) ? V_APPEND : 0;
1493
1494		if (have_acl)
1495			zfs_acl_ids_free(&acl_ids);
1496		have_acl = B_FALSE;
1497
1498		/*
1499		 * A directory entry already exists for this name.
1500		 */
1501		/*
1502		 * Can't truncate an existing file if in exclusive mode.
1503		 */
1504		if (excl == EXCL) {
1505			error = SET_ERROR(EEXIST);
1506			goto out;
1507		}
1508		/*
1509		 * Can't open a directory for writing.
1510		 */
1511		if ((ZTOV(zp)->v_type == VDIR) && (mode & S_IWRITE)) {
1512			error = SET_ERROR(EISDIR);
1513			goto out;
1514		}
1515		/*
1516		 * Verify requested access to file.
1517		 */
1518		if (mode && (error = zfs_zaccess_rwx(zp, mode, aflags, cr))) {
1519			goto out;
1520		}
1521
1522		mutex_enter(&dzp->z_lock);
1523		dzp->z_seq++;
1524		mutex_exit(&dzp->z_lock);
1525
1526		/*
1527		 * Truncate regular files if requested.
1528		 */
1529		if ((ZTOV(zp)->v_type == VREG) &&
1530		    (vap->va_mask & AT_SIZE) && (vap->va_size == 0)) {
1531			/* we can't hold any locks when calling zfs_freesp() */
1532			zfs_dirent_unlock(dl);
1533			dl = NULL;
1534			error = zfs_freesp(zp, 0, 0, mode, TRUE);
1535			if (error == 0) {
1536				vnevent_create(ZTOV(zp), ct);
1537			}
1538		}
1539	}
1540out:
1541
1542	if (dl)
1543		zfs_dirent_unlock(dl);
1544
1545	if (error) {
1546		if (zp)
1547			VN_RELE(ZTOV(zp));
1548	} else {
1549		*vpp = ZTOV(zp);
1550		error = specvp_check(vpp, cr);
1551	}
1552
1553	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1554		zil_commit(zilog, 0);
1555
1556	ZFS_EXIT(zfsvfs);
1557	return (error);
1558}
1559
1560/*
1561 * Remove an entry from a directory.
1562 *
1563 *	IN:	dvp	- vnode of directory to remove entry from.
1564 *		name	- name of entry to remove.
1565 *		cr	- credentials of caller.
1566 *		ct	- caller context
1567 *		flags	- case flags
1568 *
1569 *	RETURN:	0 on success, error code on failure.
1570 *
1571 * Timestamps:
1572 *	dvp - ctime|mtime
1573 *	 vp - ctime (if nlink > 0)
1574 */
1575
1576uint64_t null_xattr = 0;
1577
1578/*ARGSUSED*/
1579static int
1580zfs_remove(vnode_t *dvp, char *name, cred_t *cr, caller_context_t *ct,
1581    int flags)
1582{
1583	znode_t		*zp, *dzp = VTOZ(dvp);
1584	znode_t		*xzp;
1585	vnode_t		*vp;
1586	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1587	zilog_t		*zilog;
1588	uint64_t	acl_obj, xattr_obj;
1589	uint64_t	xattr_obj_unlinked = 0;
1590	uint64_t	obj = 0;
1591	zfs_dirlock_t	*dl;
1592	dmu_tx_t	*tx;
1593	boolean_t	may_delete_now, delete_now = FALSE;
1594	boolean_t	unlinked, toobig = FALSE;
1595	uint64_t	txtype;
1596	pathname_t	*realnmp = NULL;
1597	pathname_t	realnm;
1598	int		error;
1599	int		zflg = ZEXISTS;
1600	boolean_t	waited = B_FALSE;
1601
1602	ZFS_ENTER(zfsvfs);
1603	ZFS_VERIFY_ZP(dzp);
1604	zilog = zfsvfs->z_log;
1605
1606	if (flags & FIGNORECASE) {
1607		zflg |= ZCILOOK;
1608		pn_alloc(&realnm);
1609		realnmp = &realnm;
1610	}
1611
1612top:
1613	xattr_obj = 0;
1614	xzp = NULL;
1615	/*
1616	 * Attempt to lock directory; fail if entry doesn't exist.
1617	 */
1618	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1619	    NULL, realnmp)) {
1620		if (realnmp)
1621			pn_free(realnmp);
1622		ZFS_EXIT(zfsvfs);
1623		return (error);
1624	}
1625
1626	vp = ZTOV(zp);
1627
1628	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
1629		goto out;
1630	}
1631
1632	/*
1633	 * Need to use rmdir for removing directories.
1634	 */
1635	if (vp->v_type == VDIR) {
1636		error = SET_ERROR(EPERM);
1637		goto out;
1638	}
1639
1640	vnevent_remove(vp, dvp, name, ct);
1641
1642	if (realnmp)
1643		dnlc_remove(dvp, realnmp->pn_buf);
1644	else
1645		dnlc_remove(dvp, name);
1646
1647	mutex_enter(&vp->v_lock);
1648	may_delete_now = vp->v_count == 1 && !vn_has_cached_data(vp);
1649	mutex_exit(&vp->v_lock);
1650
1651	/*
1652	 * We may delete the znode now, or we may put it in the unlinked set;
1653	 * it depends on whether we're the last link, and on whether there are
1654	 * other holds on the vnode.  So we dmu_tx_hold() the right things to
1655	 * allow for either case.
1656	 */
1657	obj = zp->z_id;
1658	tx = dmu_tx_create(zfsvfs->z_os);
1659	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
1660	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
1661	zfs_sa_upgrade_txholds(tx, zp);
1662	zfs_sa_upgrade_txholds(tx, dzp);
1663	if (may_delete_now) {
1664		toobig =
1665		    zp->z_size > zp->z_blksz * DMU_MAX_DELETEBLKCNT;
1666		/* if the file is too big, only hold_free a token amount */
1667		dmu_tx_hold_free(tx, zp->z_id, 0,
1668		    (toobig ? DMU_MAX_ACCESS : DMU_OBJECT_END));
1669	}
1670
1671	/* are there any extended attributes? */
1672	error = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1673	    &xattr_obj, sizeof (xattr_obj));
1674	if (error == 0 && xattr_obj) {
1675		error = zfs_zget(zfsvfs, xattr_obj, &xzp);
1676		ASSERT0(error);
1677		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
1678		dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);
1679	}
1680
1681	mutex_enter(&zp->z_lock);
1682	if ((acl_obj = zfs_external_acl(zp)) != 0 && may_delete_now)
1683		dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END);
1684	mutex_exit(&zp->z_lock);
1685
1686	/* charge as an update -- would be nice not to charge at all */
1687	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
1688
1689	/*
1690	 * Mark this transaction as typically resulting in a net free of
1691	 * space, unless object removal will be delayed indefinitely
1692	 * (due to active holds on the vnode due to the file being open).
1693	 */
1694	if (may_delete_now)
1695		dmu_tx_mark_netfree(tx);
1696
1697	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1698	if (error) {
1699		zfs_dirent_unlock(dl);
1700		VN_RELE(vp);
1701		if (xzp)
1702			VN_RELE(ZTOV(xzp));
1703		if (error == ERESTART) {
1704			waited = B_TRUE;
1705			dmu_tx_wait(tx);
1706			dmu_tx_abort(tx);
1707			goto top;
1708		}
1709		if (realnmp)
1710			pn_free(realnmp);
1711		dmu_tx_abort(tx);
1712		ZFS_EXIT(zfsvfs);
1713		return (error);
1714	}
1715
1716	/*
1717	 * Remove the directory entry.
1718	 */
1719	error = zfs_link_destroy(dl, zp, tx, zflg, &unlinked);
1720
1721	if (error) {
1722		dmu_tx_commit(tx);
1723		goto out;
1724	}
1725
1726	if (unlinked) {
1727		/*
1728		 * Hold z_lock so that we can make sure that the ACL obj
1729		 * hasn't changed.  Could have been deleted due to
1730		 * zfs_sa_upgrade().
1731		 */
1732		mutex_enter(&zp->z_lock);
1733		mutex_enter(&vp->v_lock);
1734		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1735		    &xattr_obj_unlinked, sizeof (xattr_obj_unlinked));
1736		delete_now = may_delete_now && !toobig &&
1737		    vp->v_count == 1 && !vn_has_cached_data(vp) &&
1738		    xattr_obj == xattr_obj_unlinked && zfs_external_acl(zp) ==
1739		    acl_obj;
1740		mutex_exit(&vp->v_lock);
1741	}
1742
1743	if (delete_now) {
1744		if (xattr_obj_unlinked) {
1745			ASSERT3U(xzp->z_links, ==, 2);
1746			mutex_enter(&xzp->z_lock);
1747			xzp->z_unlinked = 1;
1748			xzp->z_links = 0;
1749			error = sa_update(xzp->z_sa_hdl, SA_ZPL_LINKS(zfsvfs),
1750			    &xzp->z_links, sizeof (xzp->z_links), tx);
1751			ASSERT3U(error,  ==,  0);
1752			mutex_exit(&xzp->z_lock);
1753			zfs_unlinked_add(xzp, tx);
1754
1755			if (zp->z_is_sa)
1756				error = sa_remove(zp->z_sa_hdl,
1757				    SA_ZPL_XATTR(zfsvfs), tx);
1758			else
1759				error = sa_update(zp->z_sa_hdl,
1760				    SA_ZPL_XATTR(zfsvfs), &null_xattr,
1761				    sizeof (uint64_t), tx);
1762			ASSERT0(error);
1763		}
1764		mutex_enter(&vp->v_lock);
1765		vp->v_count--;
1766		ASSERT0(vp->v_count);
1767		mutex_exit(&vp->v_lock);
1768		mutex_exit(&zp->z_lock);
1769		zfs_znode_delete(zp, tx);
1770	} else if (unlinked) {
1771		mutex_exit(&zp->z_lock);
1772		zfs_unlinked_add(zp, tx);
1773	}
1774
1775	txtype = TX_REMOVE;
1776	if (flags & FIGNORECASE)
1777		txtype |= TX_CI;
1778	zfs_log_remove(zilog, tx, txtype, dzp, name, obj);
1779
1780	dmu_tx_commit(tx);
1781out:
1782	if (realnmp)
1783		pn_free(realnmp);
1784
1785	zfs_dirent_unlock(dl);
1786
1787	if (!delete_now)
1788		VN_RELE(vp);
1789	if (xzp)
1790		VN_RELE(ZTOV(xzp));
1791
1792	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1793		zil_commit(zilog, 0);
1794
1795	ZFS_EXIT(zfsvfs);
1796	return (error);
1797}
1798
1799/*
1800 * Create a new directory and insert it into dvp using the name
1801 * provided.  Return a pointer to the inserted directory.
1802 *
1803 *	IN:	dvp	- vnode of directory to add subdir to.
1804 *		dirname	- name of new directory.
1805 *		vap	- attributes of new directory.
1806 *		cr	- credentials of caller.
1807 *		ct	- caller context
1808 *		flags	- case flags
1809 *		vsecp	- ACL to be set
1810 *
1811 *	OUT:	vpp	- vnode of created directory.
1812 *
1813 *	RETURN:	0 on success, error code on failure.
1814 *
1815 * Timestamps:
1816 *	dvp - ctime|mtime updated
1817 *	 vp - ctime|mtime|atime updated
1818 */
1819/*ARGSUSED*/
1820static int
1821zfs_mkdir(vnode_t *dvp, char *dirname, vattr_t *vap, vnode_t **vpp, cred_t *cr,
1822    caller_context_t *ct, int flags, vsecattr_t *vsecp)
1823{
1824	znode_t		*zp, *dzp = VTOZ(dvp);
1825	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1826	zilog_t		*zilog;
1827	zfs_dirlock_t	*dl;
1828	uint64_t	txtype;
1829	dmu_tx_t	*tx;
1830	int		error;
1831	int		zf = ZNEW;
1832	ksid_t		*ksid;
1833	uid_t		uid;
1834	gid_t		gid = crgetgid(cr);
1835	zfs_acl_ids_t   acl_ids;
1836	boolean_t	fuid_dirtied;
1837	boolean_t	waited = B_FALSE;
1838
1839	ASSERT(vap->va_type == VDIR);
1840
1841	/*
1842	 * If we have an ephemeral id, ACL, or XVATTR then
1843	 * make sure file system is at proper version
1844	 */
1845
1846	ksid = crgetsid(cr, KSID_OWNER);
1847	if (ksid)
1848		uid = ksid_getid(ksid);
1849	else
1850		uid = crgetuid(cr);
1851	if (zfsvfs->z_use_fuids == B_FALSE &&
1852	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1853	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1854		return (SET_ERROR(EINVAL));
1855
1856	ZFS_ENTER(zfsvfs);
1857	ZFS_VERIFY_ZP(dzp);
1858	zilog = zfsvfs->z_log;
1859
1860	if (dzp->z_pflags & ZFS_XATTR) {
1861		ZFS_EXIT(zfsvfs);
1862		return (SET_ERROR(EINVAL));
1863	}
1864
1865	if (zfsvfs->z_utf8 && u8_validate(dirname,
1866	    strlen(dirname), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1867		ZFS_EXIT(zfsvfs);
1868		return (SET_ERROR(EILSEQ));
1869	}
1870	if (flags & FIGNORECASE)
1871		zf |= ZCILOOK;
1872
1873	if (vap->va_mask & AT_XVATTR) {
1874		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1875		    crgetuid(cr), cr, vap->va_type)) != 0) {
1876			ZFS_EXIT(zfsvfs);
1877			return (error);
1878		}
1879	}
1880
1881	if ((error = zfs_acl_ids_create(dzp, 0, vap, cr,
1882	    vsecp, &acl_ids)) != 0) {
1883		ZFS_EXIT(zfsvfs);
1884		return (error);
1885	}
1886	/*
1887	 * First make sure the new directory doesn't exist.
1888	 *
1889	 * Existence is checked first to make sure we don't return
1890	 * EACCES instead of EEXIST which can cause some applications
1891	 * to fail.
1892	 */
1893top:
1894	*vpp = NULL;
1895
1896	if (error = zfs_dirent_lock(&dl, dzp, dirname, &zp, zf,
1897	    NULL, NULL)) {
1898		zfs_acl_ids_free(&acl_ids);
1899		ZFS_EXIT(zfsvfs);
1900		return (error);
1901	}
1902
1903	if (error = zfs_zaccess(dzp, ACE_ADD_SUBDIRECTORY, 0, B_FALSE, cr)) {
1904		zfs_acl_ids_free(&acl_ids);
1905		zfs_dirent_unlock(dl);
1906		ZFS_EXIT(zfsvfs);
1907		return (error);
1908	}
1909
1910	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1911		zfs_acl_ids_free(&acl_ids);
1912		zfs_dirent_unlock(dl);
1913		ZFS_EXIT(zfsvfs);
1914		return (SET_ERROR(EDQUOT));
1915	}
1916
1917	/*
1918	 * Add a new entry to the directory.
1919	 */
1920	tx = dmu_tx_create(zfsvfs->z_os);
1921	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, dirname);
1922	dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
1923	fuid_dirtied = zfsvfs->z_fuid_dirty;
1924	if (fuid_dirtied)
1925		zfs_fuid_txhold(zfsvfs, tx);
1926	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1927		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
1928		    acl_ids.z_aclp->z_acl_bytes);
1929	}
1930
1931	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1932	    ZFS_SA_BASE_ATTR_SIZE);
1933
1934	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1935	if (error) {
1936		zfs_dirent_unlock(dl);
1937		if (error == ERESTART) {
1938			waited = B_TRUE;
1939			dmu_tx_wait(tx);
1940			dmu_tx_abort(tx);
1941			goto top;
1942		}
1943		zfs_acl_ids_free(&acl_ids);
1944		dmu_tx_abort(tx);
1945		ZFS_EXIT(zfsvfs);
1946		return (error);
1947	}
1948
1949	/*
1950	 * Create new node.
1951	 */
1952	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1953
1954	if (fuid_dirtied)
1955		zfs_fuid_sync(zfsvfs, tx);
1956
1957	/*
1958	 * Now put new name in parent dir.
1959	 */
1960	(void) zfs_link_create(dl, zp, tx, ZNEW);
1961
1962	*vpp = ZTOV(zp);
1963
1964	txtype = zfs_log_create_txtype(Z_DIR, vsecp, vap);
1965	if (flags & FIGNORECASE)
1966		txtype |= TX_CI;
1967	zfs_log_create(zilog, tx, txtype, dzp, zp, dirname, vsecp,
1968	    acl_ids.z_fuidp, vap);
1969
1970	zfs_acl_ids_free(&acl_ids);
1971
1972	dmu_tx_commit(tx);
1973
1974	zfs_dirent_unlock(dl);
1975
1976	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1977		zil_commit(zilog, 0);
1978
1979	ZFS_EXIT(zfsvfs);
1980	return (0);
1981}
1982
1983/*
1984 * Remove a directory subdir entry.  If the current working
1985 * directory is the same as the subdir to be removed, the
1986 * remove will fail.
1987 *
1988 *	IN:	dvp	- vnode of directory to remove from.
1989 *		name	- name of directory to be removed.
1990 *		cwd	- vnode of current working directory.
1991 *		cr	- credentials of caller.
1992 *		ct	- caller context
1993 *		flags	- case flags
1994 *
1995 *	RETURN:	0 on success, error code on failure.
1996 *
1997 * Timestamps:
1998 *	dvp - ctime|mtime updated
1999 */
2000/*ARGSUSED*/
2001static int
2002zfs_rmdir(vnode_t *dvp, char *name, vnode_t *cwd, cred_t *cr,
2003    caller_context_t *ct, int flags)
2004{
2005	znode_t		*dzp = VTOZ(dvp);
2006	znode_t		*zp;
2007	vnode_t		*vp;
2008	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
2009	zilog_t		*zilog;
2010	zfs_dirlock_t	*dl;
2011	dmu_tx_t	*tx;
2012	int		error;
2013	int		zflg = ZEXISTS;
2014	boolean_t	waited = B_FALSE;
2015
2016	ZFS_ENTER(zfsvfs);
2017	ZFS_VERIFY_ZP(dzp);
2018	zilog = zfsvfs->z_log;
2019
2020	if (flags & FIGNORECASE)
2021		zflg |= ZCILOOK;
2022top:
2023	zp = NULL;
2024
2025	/*
2026	 * Attempt to lock directory; fail if entry doesn't exist.
2027	 */
2028	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
2029	    NULL, NULL)) {
2030		ZFS_EXIT(zfsvfs);
2031		return (error);
2032	}
2033
2034	vp = ZTOV(zp);
2035
2036	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
2037		goto out;
2038	}
2039
2040	if (vp->v_type != VDIR) {
2041		error = SET_ERROR(ENOTDIR);
2042		goto out;
2043	}
2044
2045	if (vp == cwd) {
2046		error = SET_ERROR(EINVAL);
2047		goto out;
2048	}
2049
2050	vnevent_rmdir(vp, dvp, name, ct);
2051
2052	/*
2053	 * Grab a lock on the directory to make sure that noone is
2054	 * trying to add (or lookup) entries while we are removing it.
2055	 */
2056	rw_enter(&zp->z_name_lock, RW_WRITER);
2057
2058	/*
2059	 * Grab a lock on the parent pointer to make sure we play well
2060	 * with the treewalk and directory rename code.
2061	 */
2062	rw_enter(&zp->z_parent_lock, RW_WRITER);
2063
2064	tx = dmu_tx_create(zfsvfs->z_os);
2065	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
2066	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
2067	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
2068	zfs_sa_upgrade_txholds(tx, zp);
2069	zfs_sa_upgrade_txholds(tx, dzp);
2070	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
2071	if (error) {
2072		rw_exit(&zp->z_parent_lock);
2073		rw_exit(&zp->z_name_lock);
2074		zfs_dirent_unlock(dl);
2075		VN_RELE(vp);
2076		if (error == ERESTART) {
2077			waited = B_TRUE;
2078			dmu_tx_wait(tx);
2079			dmu_tx_abort(tx);
2080			goto top;
2081		}
2082		dmu_tx_abort(tx);
2083		ZFS_EXIT(zfsvfs);
2084		return (error);
2085	}
2086
2087	error = zfs_link_destroy(dl, zp, tx, zflg, NULL);
2088
2089	if (error == 0) {
2090		uint64_t txtype = TX_RMDIR;
2091		if (flags & FIGNORECASE)
2092			txtype |= TX_CI;
2093		zfs_log_remove(zilog, tx, txtype, dzp, name, ZFS_NO_OBJECT);
2094	}
2095
2096	dmu_tx_commit(tx);
2097
2098	rw_exit(&zp->z_parent_lock);
2099	rw_exit(&zp->z_name_lock);
2100out:
2101	zfs_dirent_unlock(dl);
2102
2103	VN_RELE(vp);
2104
2105	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
2106		zil_commit(zilog, 0);
2107
2108	ZFS_EXIT(zfsvfs);
2109	return (error);
2110}
2111
2112/*
2113 * Read as many directory entries as will fit into the provided
2114 * buffer from the given directory cursor position (specified in
2115 * the uio structure).
2116 *
2117 *	IN:	vp	- vnode of directory to read.
2118 *		uio	- structure supplying read location, range info,
2119 *			  and return buffer.
2120 *		cr	- credentials of caller.
2121 *		ct	- caller context
2122 *		flags	- case flags
2123 *
2124 *	OUT:	uio	- updated offset and range, buffer filled.
2125 *		eofp	- set to true if end-of-file detected.
2126 *
2127 *	RETURN:	0 on success, error code on failure.
2128 *
2129 * Timestamps:
2130 *	vp - atime updated
2131 *
2132 * Note that the low 4 bits of the cookie returned by zap is always zero.
2133 * This allows us to use the low range for "special" directory entries:
2134 * We use 0 for '.', and 1 for '..'.  If this is the root of the filesystem,
2135 * we use the offset 2 for the '.zfs' directory.
2136 */
2137/* ARGSUSED */
2138static int
2139zfs_readdir(vnode_t *vp, uio_t *uio, cred_t *cr, int *eofp,
2140    caller_context_t *ct, int flags)
2141{
2142	znode_t		*zp = VTOZ(vp);
2143	iovec_t		*iovp;
2144	edirent_t	*eodp;
2145	dirent64_t	*odp;
2146	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2147	objset_t	*os;
2148	caddr_t		outbuf;
2149	size_t		bufsize;
2150	zap_cursor_t	zc;
2151	zap_attribute_t	zap;
2152	uint_t		bytes_wanted;
2153	uint64_t	offset; /* must be unsigned; checks for < 1 */
2154	uint64_t	parent;
2155	int		local_eof;
2156	int		outcount;
2157	int		error;
2158	uint8_t		prefetch;
2159	boolean_t	check_sysattrs;
2160
2161	ZFS_ENTER(zfsvfs);
2162	ZFS_VERIFY_ZP(zp);
2163
2164	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
2165	    &parent, sizeof (parent))) != 0) {
2166		ZFS_EXIT(zfsvfs);
2167		return (error);
2168	}
2169
2170	/*
2171	 * If we are not given an eof variable,
2172	 * use a local one.
2173	 */
2174	if (eofp == NULL)
2175		eofp = &local_eof;
2176
2177	/*
2178	 * Check for valid iov_len.
2179	 */
2180	if (uio->uio_iov->iov_len <= 0) {
2181		ZFS_EXIT(zfsvfs);
2182		return (SET_ERROR(EINVAL));
2183	}
2184
2185	/*
2186	 * Quit if directory has been removed (posix)
2187	 */
2188	if ((*eofp = zp->z_unlinked) != 0) {
2189		ZFS_EXIT(zfsvfs);
2190		return (0);
2191	}
2192
2193	error = 0;
2194	os = zfsvfs->z_os;
2195	offset = uio->uio_loffset;
2196	prefetch = zp->z_zn_prefetch;
2197
2198	/*
2199	 * Initialize the iterator cursor.
2200	 */
2201	if (offset <= 3) {
2202		/*
2203		 * Start iteration from the beginning of the directory.
2204		 */
2205		zap_cursor_init(&zc, os, zp->z_id);
2206	} else {
2207		/*
2208		 * The offset is a serialized cursor.
2209		 */
2210		zap_cursor_init_serialized(&zc, os, zp->z_id, offset);
2211	}
2212
2213	/*
2214	 * Get space to change directory entries into fs independent format.
2215	 */
2216	iovp = uio->uio_iov;
2217	bytes_wanted = iovp->iov_len;
2218	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) {
2219		bufsize = bytes_wanted;
2220		outbuf = kmem_alloc(bufsize, KM_SLEEP);
2221		odp = (struct dirent64 *)outbuf;
2222	} else {
2223		bufsize = bytes_wanted;
2224		outbuf = NULL;
2225		odp = (struct dirent64 *)iovp->iov_base;
2226	}
2227	eodp = (struct edirent *)odp;
2228
2229	/*
2230	 * If this VFS supports the system attribute view interface; and
2231	 * we're looking at an extended attribute directory; and we care
2232	 * about normalization conflicts on this vfs; then we must check
2233	 * for normalization conflicts with the sysattr name space.
2234	 */
2235	check_sysattrs = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
2236	    (vp->v_flag & V_XATTRDIR) && zfsvfs->z_norm &&
2237	    (flags & V_RDDIR_ENTFLAGS);
2238
2239	/*
2240	 * Transform to file-system independent format
2241	 */
2242	outcount = 0;
2243	while (outcount < bytes_wanted) {
2244		ino64_t objnum;
2245		ushort_t reclen;
2246		off64_t *next = NULL;
2247
2248		/*
2249		 * Special case `.', `..', and `.zfs'.
2250		 */
2251		if (offset == 0) {
2252			(void) strcpy(zap.za_name, ".");
2253			zap.za_normalization_conflict = 0;
2254			objnum = zp->z_id;
2255		} else if (offset == 1) {
2256			(void) strcpy(zap.za_name, "..");
2257			zap.za_normalization_conflict = 0;
2258			objnum = parent;
2259		} else if (offset == 2 && zfs_show_ctldir(zp)) {
2260			(void) strcpy(zap.za_name, ZFS_CTLDIR_NAME);
2261			zap.za_normalization_conflict = 0;
2262			objnum = ZFSCTL_INO_ROOT;
2263		} else {
2264			/*
2265			 * Grab next entry.
2266			 */
2267			if (error = zap_cursor_retrieve(&zc, &zap)) {
2268				if ((*eofp = (error == ENOENT)) != 0)
2269					break;
2270				else
2271					goto update;
2272			}
2273
2274			if (zap.za_integer_length != 8 ||
2275			    zap.za_num_integers != 1) {
2276				cmn_err(CE_WARN, "zap_readdir: bad directory "
2277				    "entry, obj = %lld, offset = %lld\n",
2278				    (u_longlong_t)zp->z_id,
2279				    (u_longlong_t)offset);
2280				error = SET_ERROR(ENXIO);
2281				goto update;
2282			}
2283
2284			objnum = ZFS_DIRENT_OBJ(zap.za_first_integer);
2285			/*
2286			 * MacOS X can extract the object type here such as:
2287			 * uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);
2288			 */
2289
2290			if (check_sysattrs && !zap.za_normalization_conflict) {
2291				zap.za_normalization_conflict =
2292				    xattr_sysattr_casechk(zap.za_name);
2293			}
2294		}
2295
2296		if (flags & V_RDDIR_ACCFILTER) {
2297			/*
2298			 * If we have no access at all, don't include
2299			 * this entry in the returned information
2300			 */
2301			znode_t	*ezp;
2302			if (zfs_zget(zp->z_zfsvfs, objnum, &ezp) != 0)
2303				goto skip_entry;
2304			if (!zfs_has_access(ezp, cr)) {
2305				VN_RELE(ZTOV(ezp));
2306				goto skip_entry;
2307			}
2308			VN_RELE(ZTOV(ezp));
2309		}
2310
2311		if (flags & V_RDDIR_ENTFLAGS)
2312			reclen = EDIRENT_RECLEN(strlen(zap.za_name));
2313		else
2314			reclen = DIRENT64_RECLEN(strlen(zap.za_name));
2315
2316		/*
2317		 * Will this entry fit in the buffer?
2318		 */
2319		if (outcount + reclen > bufsize) {
2320			/*
2321			 * Did we manage to fit anything in the buffer?
2322			 */
2323			if (!outcount) {
2324				error = SET_ERROR(EINVAL);
2325				goto update;
2326			}
2327			break;
2328		}
2329		if (flags & V_RDDIR_ENTFLAGS) {
2330			/*
2331			 * Add extended flag entry:
2332			 */
2333			eodp->ed_ino = objnum;
2334			eodp->ed_reclen = reclen;
2335			/* NOTE: ed_off is the offset for the *next* entry */
2336			next = &(eodp->ed_off);
2337			eodp->ed_eflags = zap.za_normalization_conflict ?
2338			    ED_CASE_CONFLICT : 0;
2339			(void) strncpy(eodp->ed_name, zap.za_name,
2340			    EDIRENT_NAMELEN(reclen));
2341			eodp = (edirent_t *)((intptr_t)eodp + reclen);
2342		} else {
2343			/*
2344			 * Add normal entry:
2345			 */
2346			odp->d_ino = objnum;
2347			odp->d_reclen = reclen;
2348			/* NOTE: d_off is the offset for the *next* entry */
2349			next = &(odp->d_off);
2350			(void) strncpy(odp->d_name, zap.za_name,
2351			    DIRENT64_NAMELEN(reclen));
2352			odp = (dirent64_t *)((intptr_t)odp + reclen);
2353		}
2354		outcount += reclen;
2355
2356		ASSERT(outcount <= bufsize);
2357
2358		/* Prefetch znode */
2359		if (prefetch)
2360			dmu_prefetch(os, objnum, 0, 0);
2361
2362	skip_entry:
2363		/*
2364		 * Move to the next entry, fill in the previous offset.
2365		 */
2366		if (offset > 2 || (offset == 2 && !zfs_show_ctldir(zp))) {
2367			zap_cursor_advance(&zc);
2368			offset = zap_cursor_serialize(&zc);
2369		} else {
2370			offset += 1;
2371		}
2372		if (next)
2373			*next = offset;
2374	}
2375	zp->z_zn_prefetch = B_FALSE; /* a lookup will re-enable pre-fetching */
2376
2377	if (uio->uio_segflg == UIO_SYSSPACE && uio->uio_iovcnt == 1) {
2378		iovp->iov_base += outcount;
2379		iovp->iov_len -= outcount;
2380		uio->uio_resid -= outcount;
2381	} else if (error = uiomove(outbuf, (long)outcount, UIO_READ, uio)) {
2382		/*
2383		 * Reset the pointer.
2384		 */
2385		offset = uio->uio_loffset;
2386	}
2387
2388update:
2389	zap_cursor_fini(&zc);
2390	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
2391		kmem_free(outbuf, bufsize);
2392
2393	if (error == ENOENT)
2394		error = 0;
2395
2396	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
2397
2398	uio->uio_loffset = offset;
2399	ZFS_EXIT(zfsvfs);
2400	return (error);
2401}
2402
2403ulong_t zfs_fsync_sync_cnt = 4;
2404
2405static int
2406zfs_fsync(vnode_t *vp, int syncflag, cred_t *cr, caller_context_t *ct)
2407{
2408	znode_t	*zp = VTOZ(vp);
2409	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2410
2411	/*
2412	 * Regardless of whether this is required for standards conformance,
2413	 * this is the logical behavior when fsync() is called on a file with
2414	 * dirty pages.  We use B_ASYNC since the ZIL transactions are already
2415	 * going to be pushed out as part of the zil_commit().
2416	 */
2417	if (vn_has_cached_data(vp) && !(syncflag & FNODSYNC) &&
2418	    (vp->v_type == VREG) && !(IS_SWAPVP(vp)))
2419		(void) VOP_PUTPAGE(vp, (offset_t)0, (size_t)0, B_ASYNC, cr, ct);
2420
2421	(void) tsd_set(zfs_fsyncer_key, (void *)zfs_fsync_sync_cnt);
2422
2423	if (zfsvfs->z_os->os_sync != ZFS_SYNC_DISABLED) {
2424		ZFS_ENTER(zfsvfs);
2425		ZFS_VERIFY_ZP(zp);
2426		zil_commit(zfsvfs->z_log, zp->z_id);
2427		ZFS_EXIT(zfsvfs);
2428	}
2429	return (0);
2430}
2431
2432
2433/*
2434 * Get the requested file attributes and place them in the provided
2435 * vattr structure.
2436 *
2437 *	IN:	vp	- vnode of file.
2438 *		vap	- va_mask identifies requested attributes.
2439 *			  If AT_XVATTR set, then optional attrs are requested
2440 *		flags	- ATTR_NOACLCHECK (CIFS server context)
2441 *		cr	- credentials of caller.
2442 *		ct	- caller context
2443 *
2444 *	OUT:	vap	- attribute values.
2445 *
2446 *	RETURN:	0 (always succeeds).
2447 */
2448/* ARGSUSED */
2449static int
2450zfs_getattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2451    caller_context_t *ct)
2452{
2453	znode_t *zp = VTOZ(vp);
2454	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2455	int	error = 0;
2456	uint64_t links;
2457	uint64_t mtime[2], ctime[2];
2458	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2459	xoptattr_t *xoap = NULL;
2460	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2461	sa_bulk_attr_t bulk[2];
2462	int count = 0;
2463
2464	ZFS_ENTER(zfsvfs);
2465	ZFS_VERIFY_ZP(zp);
2466
2467	zfs_fuid_map_ids(zp, cr, &vap->va_uid, &vap->va_gid);
2468
2469	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
2470	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
2471
2472	if ((error = sa_bulk_lookup(zp->z_sa_hdl, bulk, count)) != 0) {
2473		ZFS_EXIT(zfsvfs);
2474		return (error);
2475	}
2476
2477	/*
2478	 * If ACL is trivial don't bother looking for ACE_READ_ATTRIBUTES.
2479	 * Also, if we are the owner don't bother, since owner should
2480	 * always be allowed to read basic attributes of file.
2481	 */
2482	if (!(zp->z_pflags & ZFS_ACL_TRIVIAL) &&
2483	    (vap->va_uid != crgetuid(cr))) {
2484		if (error = zfs_zaccess(zp, ACE_READ_ATTRIBUTES, 0,
2485		    skipaclchk, cr)) {
2486			ZFS_EXIT(zfsvfs);
2487			return (error);
2488		}
2489	}
2490
2491	/*
2492	 * Return all attributes.  It's cheaper to provide the answer
2493	 * than to determine whether we were asked the question.
2494	 */
2495
2496	mutex_enter(&zp->z_lock);
2497	vap->va_type = vp->v_type;
2498	vap->va_mode = zp->z_mode & MODEMASK;
2499	vap->va_fsid = zp->z_zfsvfs->z_vfs->vfs_dev;
2500	vap->va_nodeid = zp->z_id;
2501	if ((vp->v_flag & VROOT) && zfs_show_ctldir(zp))
2502		links = zp->z_links + 1;
2503	else
2504		links = zp->z_links;
2505	vap->va_nlink = MIN(links, UINT32_MAX);	/* nlink_t limit! */
2506	vap->va_size = zp->z_size;
2507	vap->va_rdev = vp->v_rdev;
2508	vap->va_seq = zp->z_seq;
2509
2510	/*
2511	 * Add in any requested optional attributes and the create time.
2512	 * Also set the corresponding bits in the returned attribute bitmap.
2513	 */
2514	if ((xoap = xva_getxoptattr(xvap)) != NULL && zfsvfs->z_use_fuids) {
2515		if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE)) {
2516			xoap->xoa_archive =
2517			    ((zp->z_pflags & ZFS_ARCHIVE) != 0);
2518			XVA_SET_RTN(xvap, XAT_ARCHIVE);
2519		}
2520
2521		if (XVA_ISSET_REQ(xvap, XAT_READONLY)) {
2522			xoap->xoa_readonly =
2523			    ((zp->z_pflags & ZFS_READONLY) != 0);
2524			XVA_SET_RTN(xvap, XAT_READONLY);
2525		}
2526
2527		if (XVA_ISSET_REQ(xvap, XAT_SYSTEM)) {
2528			xoap->xoa_system =
2529			    ((zp->z_pflags & ZFS_SYSTEM) != 0);
2530			XVA_SET_RTN(xvap, XAT_SYSTEM);
2531		}
2532
2533		if (XVA_ISSET_REQ(xvap, XAT_HIDDEN)) {
2534			xoap->xoa_hidden =
2535			    ((zp->z_pflags & ZFS_HIDDEN) != 0);
2536			XVA_SET_RTN(xvap, XAT_HIDDEN);
2537		}
2538
2539		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2540			xoap->xoa_nounlink =
2541			    ((zp->z_pflags & ZFS_NOUNLINK) != 0);
2542			XVA_SET_RTN(xvap, XAT_NOUNLINK);
2543		}
2544
2545		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2546			xoap->xoa_immutable =
2547			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0);
2548			XVA_SET_RTN(xvap, XAT_IMMUTABLE);
2549		}
2550
2551		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2552			xoap->xoa_appendonly =
2553			    ((zp->z_pflags & ZFS_APPENDONLY) != 0);
2554			XVA_SET_RTN(xvap, XAT_APPENDONLY);
2555		}
2556
2557		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2558			xoap->xoa_nodump =
2559			    ((zp->z_pflags & ZFS_NODUMP) != 0);
2560			XVA_SET_RTN(xvap, XAT_NODUMP);
2561		}
2562
2563		if (XVA_ISSET_REQ(xvap, XAT_OPAQUE)) {
2564			xoap->xoa_opaque =
2565			    ((zp->z_pflags & ZFS_OPAQUE) != 0);
2566			XVA_SET_RTN(xvap, XAT_OPAQUE);
2567		}
2568
2569		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2570			xoap->xoa_av_quarantined =
2571			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0);
2572			XVA_SET_RTN(xvap, XAT_AV_QUARANTINED);
2573		}
2574
2575		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2576			xoap->xoa_av_modified =
2577			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0);
2578			XVA_SET_RTN(xvap, XAT_AV_MODIFIED);
2579		}
2580
2581		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) &&
2582		    vp->v_type == VREG) {
2583			zfs_sa_get_scanstamp(zp, xvap);
2584		}
2585
2586		if (XVA_ISSET_REQ(xvap, XAT_CREATETIME)) {
2587			uint64_t times[2];
2588
2589			(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_CRTIME(zfsvfs),
2590			    times, sizeof (times));
2591			ZFS_TIME_DECODE(&xoap->xoa_createtime, times);
2592			XVA_SET_RTN(xvap, XAT_CREATETIME);
2593		}
2594
2595		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2596			xoap->xoa_reparse = ((zp->z_pflags & ZFS_REPARSE) != 0);
2597			XVA_SET_RTN(xvap, XAT_REPARSE);
2598		}
2599		if (XVA_ISSET_REQ(xvap, XAT_GEN)) {
2600			xoap->xoa_generation = zp->z_gen;
2601			XVA_SET_RTN(xvap, XAT_GEN);
2602		}
2603
2604		if (XVA_ISSET_REQ(xvap, XAT_OFFLINE)) {
2605			xoap->xoa_offline =
2606			    ((zp->z_pflags & ZFS_OFFLINE) != 0);
2607			XVA_SET_RTN(xvap, XAT_OFFLINE);
2608		}
2609
2610		if (XVA_ISSET_REQ(xvap, XAT_SPARSE)) {
2611			xoap->xoa_sparse =
2612			    ((zp->z_pflags & ZFS_SPARSE) != 0);
2613			XVA_SET_RTN(xvap, XAT_SPARSE);
2614		}
2615	}
2616
2617	ZFS_TIME_DECODE(&vap->va_atime, zp->z_atime);
2618	ZFS_TIME_DECODE(&vap->va_mtime, mtime);
2619	ZFS_TIME_DECODE(&vap->va_ctime, ctime);
2620
2621	mutex_exit(&zp->z_lock);
2622
2623	sa_object_size(zp->z_sa_hdl, &vap->va_blksize, &vap->va_nblocks);
2624
2625	if (zp->z_blksz == 0) {
2626		/*
2627		 * Block size hasn't been set; suggest maximal I/O transfers.
2628		 */
2629		vap->va_blksize = zfsvfs->z_max_blksz;
2630	}
2631
2632	ZFS_EXIT(zfsvfs);
2633	return (0);
2634}
2635
2636/*
2637 * Set the file attributes to the values contained in the
2638 * vattr structure.
2639 *
2640 *	IN:	vp	- vnode of file to be modified.
2641 *		vap	- new attribute values.
2642 *			  If AT_XVATTR set, then optional attrs are being set
2643 *		flags	- ATTR_UTIME set if non-default time values provided.
2644 *			- ATTR_NOACLCHECK (CIFS context only).
2645 *		cr	- credentials of caller.
2646 *		ct	- caller context
2647 *
2648 *	RETURN:	0 on success, error code on failure.
2649 *
2650 * Timestamps:
2651 *	vp - ctime updated, mtime updated if size changed.
2652 */
2653/* ARGSUSED */
2654static int
2655zfs_setattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2656    caller_context_t *ct)
2657{
2658	znode_t		*zp = VTOZ(vp);
2659	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2660	zilog_t		*zilog;
2661	dmu_tx_t	*tx;
2662	vattr_t		oldva;
2663	xvattr_t	tmpxvattr;
2664	uint_t		mask = vap->va_mask;
2665	uint_t		saved_mask = 0;
2666	int		trim_mask = 0;
2667	uint64_t	new_mode;
2668	uint64_t	new_uid, new_gid;
2669	uint64_t	xattr_obj;
2670	uint64_t	mtime[2], ctime[2];
2671	znode_t		*attrzp;
2672	int		need_policy = FALSE;
2673	int		err, err2;
2674	zfs_fuid_info_t *fuidp = NULL;
2675	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2676	xoptattr_t	*xoap;
2677	zfs_acl_t	*aclp;
2678	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2679	boolean_t	fuid_dirtied = B_FALSE;
2680	sa_bulk_attr_t	bulk[7], xattr_bulk[7];
2681	int		count = 0, xattr_count = 0;
2682
2683	if (mask == 0)
2684		return (0);
2685
2686	if (mask & AT_NOSET)
2687		return (SET_ERROR(EINVAL));
2688
2689	ZFS_ENTER(zfsvfs);
2690	ZFS_VERIFY_ZP(zp);
2691
2692	zilog = zfsvfs->z_log;
2693
2694	/*
2695	 * Make sure that if we have ephemeral uid/gid or xvattr specified
2696	 * that file system is at proper version level
2697	 */
2698
2699	if (zfsvfs->z_use_fuids == B_FALSE &&
2700	    (((mask & AT_UID) && IS_EPHEMERAL(vap->va_uid)) ||
2701	    ((mask & AT_GID) && IS_EPHEMERAL(vap->va_gid)) ||
2702	    (mask & AT_XVATTR))) {
2703		ZFS_EXIT(zfsvfs);
2704		return (SET_ERROR(EINVAL));
2705	}
2706
2707	if (mask & AT_SIZE && vp->v_type == VDIR) {
2708		ZFS_EXIT(zfsvfs);
2709		return (SET_ERROR(EISDIR));
2710	}
2711
2712	if (mask & AT_SIZE && vp->v_type != VREG && vp->v_type != VFIFO) {
2713		ZFS_EXIT(zfsvfs);
2714		return (SET_ERROR(EINVAL));
2715	}
2716
2717	/*
2718	 * If this is an xvattr_t, then get a pointer to the structure of
2719	 * optional attributes.  If this is NULL, then we have a vattr_t.
2720	 */
2721	xoap = xva_getxoptattr(xvap);
2722
2723	xva_init(&tmpxvattr);
2724
2725	/*
2726	 * Immutable files can only alter immutable bit and atime
2727	 */
2728	if ((zp->z_pflags & ZFS_IMMUTABLE) &&
2729	    ((mask & (AT_SIZE|AT_UID|AT_GID|AT_MTIME|AT_MODE)) ||
2730	    ((mask & AT_XVATTR) && XVA_ISSET_REQ(xvap, XAT_CREATETIME)))) {
2731		ZFS_EXIT(zfsvfs);
2732		return (SET_ERROR(EPERM));
2733	}
2734
2735	if ((mask & AT_SIZE) && (zp->z_pflags & ZFS_READONLY)) {
2736		ZFS_EXIT(zfsvfs);
2737		return (SET_ERROR(EPERM));
2738	}
2739
2740	/*
2741	 * Verify timestamps doesn't overflow 32 bits.
2742	 * ZFS can handle large timestamps, but 32bit syscalls can't
2743	 * handle times greater than 2039.  This check should be removed
2744	 * once large timestamps are fully supported.
2745	 */
2746	if (mask & (AT_ATIME | AT_MTIME)) {
2747		if (((mask & AT_ATIME) && TIMESPEC_OVERFLOW(&vap->va_atime)) ||
2748		    ((mask & AT_MTIME) && TIMESPEC_OVERFLOW(&vap->va_mtime))) {
2749			ZFS_EXIT(zfsvfs);
2750			return (SET_ERROR(EOVERFLOW));
2751		}
2752	}
2753
2754top:
2755	attrzp = NULL;
2756	aclp = NULL;
2757
2758	/* Can this be moved to before the top label? */
2759	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
2760		ZFS_EXIT(zfsvfs);
2761		return (SET_ERROR(EROFS));
2762	}
2763
2764	/*
2765	 * First validate permissions
2766	 */
2767
2768	if (mask & AT_SIZE) {
2769		err = zfs_zaccess(zp, ACE_WRITE_DATA, 0, skipaclchk, cr);
2770		if (err) {
2771			ZFS_EXIT(zfsvfs);
2772			return (err);
2773		}
2774		/*
2775		 * XXX - Note, we are not providing any open
2776		 * mode flags here (like FNDELAY), so we may
2777		 * block if there are locks present... this
2778		 * should be addressed in openat().
2779		 */
2780		/* XXX - would it be OK to generate a log record here? */
2781		err = zfs_freesp(zp, vap->va_size, 0, 0, FALSE);
2782		if (err) {
2783			ZFS_EXIT(zfsvfs);
2784			return (err);
2785		}
2786
2787		if (vap->va_size == 0)
2788			vnevent_truncate(ZTOV(zp), ct);
2789	}
2790
2791	if (mask & (AT_ATIME|AT_MTIME) ||
2792	    ((mask & AT_XVATTR) && (XVA_ISSET_REQ(xvap, XAT_HIDDEN) ||
2793	    XVA_ISSET_REQ(xvap, XAT_READONLY) ||
2794	    XVA_ISSET_REQ(xvap, XAT_ARCHIVE) ||
2795	    XVA_ISSET_REQ(xvap, XAT_OFFLINE) ||
2796	    XVA_ISSET_REQ(xvap, XAT_SPARSE) ||
2797	    XVA_ISSET_REQ(xvap, XAT_CREATETIME) ||
2798	    XVA_ISSET_REQ(xvap, XAT_SYSTEM)))) {
2799		need_policy = zfs_zaccess(zp, ACE_WRITE_ATTRIBUTES, 0,
2800		    skipaclchk, cr);
2801	}
2802
2803	if (mask & (AT_UID|AT_GID)) {
2804		int	idmask = (mask & (AT_UID|AT_GID));
2805		int	take_owner;
2806		int	take_group;
2807
2808		/*
2809		 * NOTE: even if a new mode is being set,
2810		 * we may clear S_ISUID/S_ISGID bits.
2811		 */
2812
2813		if (!(mask & AT_MODE))
2814			vap->va_mode = zp->z_mode;
2815
2816		/*
2817		 * Take ownership or chgrp to group we are a member of
2818		 */
2819
2820		take_owner = (mask & AT_UID) && (vap->va_uid == crgetuid(cr));
2821		take_group = (mask & AT_GID) &&
2822		    zfs_groupmember(zfsvfs, vap->va_gid, cr);
2823
2824		/*
2825		 * If both AT_UID and AT_GID are set then take_owner and
2826		 * take_group must both be set in order to allow taking
2827		 * ownership.
2828		 *
2829		 * Otherwise, send the check through secpolicy_vnode_setattr()
2830		 *
2831		 */
2832
2833		if (((idmask == (AT_UID|AT_GID)) && take_owner && take_group) ||
2834		    ((idmask == AT_UID) && take_owner) ||
2835		    ((idmask == AT_GID) && take_group)) {
2836			if (zfs_zaccess(zp, ACE_WRITE_OWNER, 0,
2837			    skipaclchk, cr) == 0) {
2838				/*
2839				 * Remove setuid/setgid for non-privileged users
2840				 */
2841				secpolicy_setid_clear(vap, cr);
2842				trim_mask = (mask & (AT_UID|AT_GID));
2843			} else {
2844				need_policy =  TRUE;
2845			}
2846		} else {
2847			need_policy =  TRUE;
2848		}
2849	}
2850
2851	mutex_enter(&zp->z_lock);
2852	oldva.va_mode = zp->z_mode;
2853	zfs_fuid_map_ids(zp, cr, &oldva.va_uid, &oldva.va_gid);
2854	if (mask & AT_XVATTR) {
2855		/*
2856		 * Update xvattr mask to include only those attributes
2857		 * that are actually changing.
2858		 *
2859		 * the bits will be restored prior to actually setting
2860		 * the attributes so the caller thinks they were set.
2861		 */
2862		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2863			if (xoap->xoa_appendonly !=
2864			    ((zp->z_pflags & ZFS_APPENDONLY) != 0)) {
2865				need_policy = TRUE;
2866			} else {
2867				XVA_CLR_REQ(xvap, XAT_APPENDONLY);
2868				XVA_SET_REQ(&tmpxvattr, XAT_APPENDONLY);
2869			}
2870		}
2871
2872		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2873			if (xoap->xoa_nounlink !=
2874			    ((zp->z_pflags & ZFS_NOUNLINK) != 0)) {
2875				need_policy = TRUE;
2876			} else {
2877				XVA_CLR_REQ(xvap, XAT_NOUNLINK);
2878				XVA_SET_REQ(&tmpxvattr, XAT_NOUNLINK);
2879			}
2880		}
2881
2882		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2883			if (xoap->xoa_immutable !=
2884			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0)) {
2885				need_policy = TRUE;
2886			} else {
2887				XVA_CLR_REQ(xvap, XAT_IMMUTABLE);
2888				XVA_SET_REQ(&tmpxvattr, XAT_IMMUTABLE);
2889			}
2890		}
2891
2892		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2893			if (xoap->xoa_nodump !=
2894			    ((zp->z_pflags & ZFS_NODUMP) != 0)) {
2895				need_policy = TRUE;
2896			} else {
2897				XVA_CLR_REQ(xvap, XAT_NODUMP);
2898				XVA_SET_REQ(&tmpxvattr, XAT_NODUMP);
2899			}
2900		}
2901
2902		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2903			if (xoap->xoa_av_modified !=
2904			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0)) {
2905				need_policy = TRUE;
2906			} else {
2907				XVA_CLR_REQ(xvap, XAT_AV_MODIFIED);
2908				XVA_SET_REQ(&tmpxvattr, XAT_AV_MODIFIED);
2909			}
2910		}
2911
2912		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2913			if ((vp->v_type != VREG &&
2914			    xoap->xoa_av_quarantined) ||
2915			    xoap->xoa_av_quarantined !=
2916			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0)) {
2917				need_policy = TRUE;
2918			} else {
2919				XVA_CLR_REQ(xvap, XAT_AV_QUARANTINED);
2920				XVA_SET_REQ(&tmpxvattr, XAT_AV_QUARANTINED);
2921			}
2922		}
2923
2924		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2925			mutex_exit(&zp->z_lock);
2926			ZFS_EXIT(zfsvfs);
2927			return (SET_ERROR(EPERM));
2928		}
2929
2930		if (need_policy == FALSE &&
2931		    (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) ||
2932		    XVA_ISSET_REQ(xvap, XAT_OPAQUE))) {
2933			need_policy = TRUE;
2934		}
2935	}
2936
2937	mutex_exit(&zp->z_lock);
2938
2939	if (mask & AT_MODE) {
2940		if (zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr) == 0) {
2941			err = secpolicy_setid_setsticky_clear(vp, vap,
2942			    &oldva, cr);
2943			if (err) {
2944				ZFS_EXIT(zfsvfs);
2945				return (err);
2946			}
2947			trim_mask |= AT_MODE;
2948		} else {
2949			need_policy = TRUE;
2950		}
2951	}
2952
2953	if (need_policy) {
2954		/*
2955		 * If trim_mask is set then take ownership
2956		 * has been granted or write_acl is present and user
2957		 * has the ability to modify mode.  In that case remove
2958		 * UID|GID and or MODE from mask so that
2959		 * secpolicy_vnode_setattr() doesn't revoke it.
2960		 */
2961
2962		if (trim_mask) {
2963			saved_mask = vap->va_mask;
2964			vap->va_mask &= ~trim_mask;
2965		}
2966		err = secpolicy_vnode_setattr(cr, vp, vap, &oldva, flags,
2967		    (int (*)(void *, int, cred_t *))zfs_zaccess_unix, zp);
2968		if (err) {
2969			ZFS_EXIT(zfsvfs);
2970			return (err);
2971		}
2972
2973		if (trim_mask)
2974			vap->va_mask |= saved_mask;
2975	}
2976
2977	/*
2978	 * secpolicy_vnode_setattr, or take ownership may have
2979	 * changed va_mask
2980	 */
2981	mask = vap->va_mask;
2982
2983	if ((mask & (AT_UID | AT_GID))) {
2984		err = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
2985		    &xattr_obj, sizeof (xattr_obj));
2986
2987		if (err == 0 && xattr_obj) {
2988			err = zfs_zget(zp->z_zfsvfs, xattr_obj, &attrzp);
2989			if (err)
2990				goto out2;
2991		}
2992		if (mask & AT_UID) {
2993			new_uid = zfs_fuid_create(zfsvfs,
2994			    (uint64_t)vap->va_uid, cr, ZFS_OWNER, &fuidp);
2995			if (new_uid != zp->z_uid &&
2996			    zfs_fuid_overquota(zfsvfs, B_FALSE, new_uid)) {
2997				if (attrzp)
2998					VN_RELE(ZTOV(attrzp));
2999				err = SET_ERROR(EDQUOT);
3000				goto out2;
3001			}
3002		}
3003
3004		if (mask & AT_GID) {
3005			new_gid = zfs_fuid_create(zfsvfs, (uint64_t)vap->va_gid,
3006			    cr, ZFS_GROUP, &fuidp);
3007			if (new_gid != zp->z_gid &&
3008			    zfs_fuid_overquota(zfsvfs, B_TRUE, new_gid)) {
3009				if (attrzp)
3010					VN_RELE(ZTOV(attrzp));
3011				err = SET_ERROR(EDQUOT);
3012				goto out2;
3013			}
3014		}
3015	}
3016	tx = dmu_tx_create(zfsvfs->z_os);
3017
3018	if (mask & AT_MODE) {
3019		uint64_t pmode = zp->z_mode;
3020		uint64_t acl_obj;
3021		new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT);
3022
3023		if (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_RESTRICTED &&
3024		    !(zp->z_pflags & ZFS_ACL_TRIVIAL)) {
3025			err = SET_ERROR(EPERM);
3026			goto out;
3027		}
3028
3029		if (err = zfs_acl_chmod_setattr(zp, &aclp, new_mode))
3030			goto out;
3031
3032		mutex_enter(&zp->z_lock);
3033		if (!zp->z_is_sa && ((acl_obj = zfs_external_acl(zp)) != 0)) {
3034			/*
3035			 * Are we upgrading ACL from old V0 format
3036			 * to V1 format?
3037			 */
3038			if (zfsvfs->z_version >= ZPL_VERSION_FUID &&
3039			    zfs_znode_acl_version(zp) ==
3040			    ZFS_ACL_VERSION_INITIAL) {
3041				dmu_tx_hold_free(tx, acl_obj, 0,
3042				    DMU_OBJECT_END);
3043				dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3044				    0, aclp->z_acl_bytes);
3045			} else {
3046				dmu_tx_hold_write(tx, acl_obj, 0,
3047				    aclp->z_acl_bytes);
3048			}
3049		} else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3050			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3051			    0, aclp->z_acl_bytes);
3052		}
3053		mutex_exit(&zp->z_lock);
3054		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3055	} else {
3056		if ((mask & AT_XVATTR) &&
3057		    XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3058			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3059		else
3060			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
3061	}
3062
3063	if (attrzp) {
3064		dmu_tx_hold_sa(tx, attrzp->z_sa_hdl, B_FALSE);
3065	}
3066
3067	fuid_dirtied = zfsvfs->z_fuid_dirty;
3068	if (fuid_dirtied)
3069		zfs_fuid_txhold(zfsvfs, tx);
3070
3071	zfs_sa_upgrade_txholds(tx, zp);
3072
3073	err = dmu_tx_assign(tx, TXG_WAIT);
3074	if (err)
3075		goto out;
3076
3077	count = 0;
3078	/*
3079	 * Set each attribute requested.
3080	 * We group settings according to the locks they need to acquire.
3081	 *
3082	 * Note: you cannot set ctime directly, although it will be
3083	 * updated as a side-effect of calling this function.
3084	 */
3085
3086
3087	if (mask & (AT_UID|AT_GID|AT_MODE))
3088		mutex_enter(&zp->z_acl_lock);
3089	mutex_enter(&zp->z_lock);
3090
3091	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
3092	    &zp->z_pflags, sizeof (zp->z_pflags));
3093
3094	if (attrzp) {
3095		if (mask & (AT_UID|AT_GID|AT_MODE))
3096			mutex_enter(&attrzp->z_acl_lock);
3097		mutex_enter(&attrzp->z_lock);
3098		SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3099		    SA_ZPL_FLAGS(zfsvfs), NULL, &attrzp->z_pflags,
3100		    sizeof (attrzp->z_pflags));
3101	}
3102
3103	if (mask & (AT_UID|AT_GID)) {
3104
3105		if (mask & AT_UID) {
3106			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_UID(zfsvfs), NULL,
3107			    &new_uid, sizeof (new_uid));
3108			zp->z_uid = new_uid;
3109			if (attrzp) {
3110				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3111				    SA_ZPL_UID(zfsvfs), NULL, &new_uid,
3112				    sizeof (new_uid));
3113				attrzp->z_uid = new_uid;
3114			}
3115		}
3116
3117		if (mask & AT_GID) {
3118			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_GID(zfsvfs),
3119			    NULL, &new_gid, sizeof (new_gid));
3120			zp->z_gid = new_gid;
3121			if (attrzp) {
3122				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3123				    SA_ZPL_GID(zfsvfs), NULL, &new_gid,
3124				    sizeof (new_gid));
3125				attrzp->z_gid = new_gid;
3126			}
3127		}
3128		if (!(mask & AT_MODE)) {
3129			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs),
3130			    NULL, &new_mode, sizeof (new_mode));
3131			new_mode = zp->z_mode;
3132		}
3133		err = zfs_acl_chown_setattr(zp);
3134		ASSERT(err == 0);
3135		if (attrzp) {
3136			err = zfs_acl_chown_setattr(attrzp);
3137			ASSERT(err == 0);
3138		}
3139	}
3140
3141	if (mask & AT_MODE) {
3142		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs), NULL,
3143		    &new_mode, sizeof (new_mode));
3144		zp->z_mode = new_mode;
3145		ASSERT3U((uintptr_t)aclp, !=, NULL);
3146		err = zfs_aclset_common(zp, aclp, cr, tx);
3147		ASSERT0(err);
3148		if (zp->z_acl_cached)
3149			zfs_acl_free(zp->z_acl_cached);
3150		zp->z_acl_cached = aclp;
3151		aclp = NULL;
3152	}
3153
3154
3155	if (mask & AT_ATIME) {
3156		ZFS_TIME_ENCODE(&vap->va_atime, zp->z_atime);
3157		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ATIME(zfsvfs), NULL,
3158		    &zp->z_atime, sizeof (zp->z_atime));
3159	}
3160
3161	if (mask & AT_MTIME) {
3162		ZFS_TIME_ENCODE(&vap->va_mtime, mtime);
3163		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
3164		    mtime, sizeof (mtime));
3165	}
3166
3167	/* XXX - shouldn't this be done *before* the ATIME/MTIME checks? */
3168	if (mask & AT_SIZE && !(mask & AT_MTIME)) {
3169		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs),
3170		    NULL, mtime, sizeof (mtime));
3171		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3172		    &ctime, sizeof (ctime));
3173		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
3174		    B_TRUE);
3175	} else if (mask != 0) {
3176		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3177		    &ctime, sizeof (ctime));
3178		zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime, ctime,
3179		    B_TRUE);
3180		if (attrzp) {
3181			SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3182			    SA_ZPL_CTIME(zfsvfs), NULL,
3183			    &ctime, sizeof (ctime));
3184			zfs_tstamp_update_setup(attrzp, STATE_CHANGED,
3185			    mtime, ctime, B_TRUE);
3186		}
3187	}
3188	/*
3189	 * Do this after setting timestamps to prevent timestamp
3190	 * update from toggling bit
3191	 */
3192
3193	if (xoap && (mask & AT_XVATTR)) {
3194
3195		/*
3196		 * restore trimmed off masks
3197		 * so that return masks can be set for caller.
3198		 */
3199
3200		if (XVA_ISSET_REQ(&tmpxvattr, XAT_APPENDONLY)) {
3201			XVA_SET_REQ(xvap, XAT_APPENDONLY);
3202		}
3203		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NOUNLINK)) {
3204			XVA_SET_REQ(xvap, XAT_NOUNLINK);
3205		}
3206		if (XVA_ISSET_REQ(&tmpxvattr, XAT_IMMUTABLE)) {
3207			XVA_SET_REQ(xvap, XAT_IMMUTABLE);
3208		}
3209		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NODUMP)) {
3210			XVA_SET_REQ(xvap, XAT_NODUMP);
3211		}
3212		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_MODIFIED)) {
3213			XVA_SET_REQ(xvap, XAT_AV_MODIFIED);
3214		}
3215		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_QUARANTINED)) {
3216			XVA_SET_REQ(xvap, XAT_AV_QUARANTINED);
3217		}
3218
3219		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3220			ASSERT(vp->v_type == VREG);
3221
3222		zfs_xvattr_set(zp, xvap, tx);
3223	}
3224
3225	if (fuid_dirtied)
3226		zfs_fuid_sync(zfsvfs, tx);
3227
3228	if (mask != 0)
3229		zfs_log_setattr(zilog, tx, TX_SETATTR, zp, vap, mask, fuidp);
3230
3231	mutex_exit(&zp->z_lock);
3232	if (mask & (AT_UID|AT_GID|AT_MODE))
3233		mutex_exit(&zp->z_acl_lock);
3234
3235	if (attrzp) {
3236		if (mask & (AT_UID|AT_GID|AT_MODE))
3237			mutex_exit(&attrzp->z_acl_lock);
3238		mutex_exit(&attrzp->z_lock);
3239	}
3240out:
3241	if (err == 0 && attrzp) {
3242		err2 = sa_bulk_update(attrzp->z_sa_hdl, xattr_bulk,
3243		    xattr_count, tx);
3244		ASSERT(err2 == 0);
3245	}
3246
3247	if (attrzp)
3248		VN_RELE(ZTOV(attrzp));
3249
3250	if (aclp)
3251		zfs_acl_free(aclp);
3252
3253	if (fuidp) {
3254		zfs_fuid_info_free(fuidp);
3255		fuidp = NULL;
3256	}
3257
3258	if (err) {
3259		dmu_tx_abort(tx);
3260		if (err == ERESTART)
3261			goto top;
3262	} else {
3263		err2 = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
3264		dmu_tx_commit(tx);
3265	}
3266
3267out2:
3268	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3269		zil_commit(zilog, 0);
3270
3271	ZFS_EXIT(zfsvfs);
3272	return (err);
3273}
3274
3275typedef struct zfs_zlock {
3276	krwlock_t	*zl_rwlock;	/* lock we acquired */
3277	znode_t		*zl_znode;	/* znode we held */
3278	struct zfs_zlock *zl_next;	/* next in list */
3279} zfs_zlock_t;
3280
3281/*
3282 * Drop locks and release vnodes that were held by zfs_rename_lock().
3283 */
3284static void
3285zfs_rename_unlock(zfs_zlock_t **zlpp)
3286{
3287	zfs_zlock_t *zl;
3288
3289	while ((zl = *zlpp) != NULL) {
3290		if (zl->zl_znode != NULL)
3291			VN_RELE(ZTOV(zl->zl_znode));
3292		rw_exit(zl->zl_rwlock);
3293		*zlpp = zl->zl_next;
3294		kmem_free(zl, sizeof (*zl));
3295	}
3296}
3297
3298/*
3299 * Search back through the directory tree, using the ".." entries.
3300 * Lock each directory in the chain to prevent concurrent renames.
3301 * Fail any attempt to move a directory into one of its own descendants.
3302 * XXX - z_parent_lock can overlap with map or grow locks
3303 */
3304static int
3305zfs_rename_lock(znode_t *szp, znode_t *tdzp, znode_t *sdzp, zfs_zlock_t **zlpp)
3306{
3307	zfs_zlock_t	*zl;
3308	znode_t		*zp = tdzp;
3309	uint64_t	rootid = zp->z_zfsvfs->z_root;
3310	uint64_t	oidp = zp->z_id;
3311	krwlock_t	*rwlp = &szp->z_parent_lock;
3312	krw_t		rw = RW_WRITER;
3313
3314	/*
3315	 * First pass write-locks szp and compares to zp->z_id.
3316	 * Later passes read-lock zp and compare to zp->z_parent.
3317	 */
3318	do {
3319		if (!rw_tryenter(rwlp, rw)) {
3320			/*
3321			 * Another thread is renaming in this path.
3322			 * Note that if we are a WRITER, we don't have any
3323			 * parent_locks held yet.
3324			 */
3325			if (rw == RW_READER && zp->z_id > szp->z_id) {
3326				/*
3327				 * Drop our locks and restart
3328				 */
3329				zfs_rename_unlock(&zl);
3330				*zlpp = NULL;
3331				zp = tdzp;
3332				oidp = zp->z_id;
3333				rwlp = &szp->z_parent_lock;
3334				rw = RW_WRITER;
3335				continue;
3336			} else {
3337				/*
3338				 * Wait for other thread to drop its locks
3339				 */
3340				rw_enter(rwlp, rw);
3341			}
3342		}
3343
3344		zl = kmem_alloc(sizeof (*zl), KM_SLEEP);
3345		zl->zl_rwlock = rwlp;
3346		zl->zl_znode = NULL;
3347		zl->zl_next = *zlpp;
3348		*zlpp = zl;
3349
3350		if (oidp == szp->z_id)		/* We're a descendant of szp */
3351			return (SET_ERROR(EINVAL));
3352
3353		if (oidp == rootid)		/* We've hit the top */
3354			return (0);
3355
3356		if (rw == RW_READER) {		/* i.e. not the first pass */
3357			int error = zfs_zget(zp->z_zfsvfs, oidp, &zp);
3358			if (error)
3359				return (error);
3360			zl->zl_znode = zp;
3361		}
3362		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zp->z_zfsvfs),
3363		    &oidp, sizeof (oidp));
3364		rwlp = &zp->z_parent_lock;
3365		rw = RW_READER;
3366
3367	} while (zp->z_id != sdzp->z_id);
3368
3369	return (0);
3370}
3371
3372/*
3373 * Move an entry from the provided source directory to the target
3374 * directory.  Change the entry name as indicated.
3375 *
3376 *	IN:	sdvp	- Source directory containing the "old entry".
3377 *		snm	- Old entry name.
3378 *		tdvp	- Target directory to contain the "new entry".
3379 *		tnm	- New entry name.
3380 *		cr	- credentials of caller.
3381 *		ct	- caller context
3382 *		flags	- case flags
3383 *
3384 *	RETURN:	0 on success, error code on failure.
3385 *
3386 * Timestamps:
3387 *	sdvp,tdvp - ctime|mtime updated
3388 */
3389/*ARGSUSED*/
3390static int
3391zfs_rename(vnode_t *sdvp, char *snm, vnode_t *tdvp, char *tnm, cred_t *cr,
3392    caller_context_t *ct, int flags)
3393{
3394	znode_t		*tdzp, *szp, *tzp;
3395	znode_t		*sdzp = VTOZ(sdvp);
3396	zfsvfs_t	*zfsvfs = sdzp->z_zfsvfs;
3397	zilog_t		*zilog;
3398	vnode_t		*realvp;
3399	zfs_dirlock_t	*sdl, *tdl;
3400	dmu_tx_t	*tx;
3401	zfs_zlock_t	*zl;
3402	int		cmp, serr, terr;
3403	int		error = 0;
3404	int		zflg = 0;
3405	boolean_t	waited = B_FALSE;
3406
3407	ZFS_ENTER(zfsvfs);
3408	ZFS_VERIFY_ZP(sdzp);
3409	zilog = zfsvfs->z_log;
3410
3411	/*
3412	 * Make sure we have the real vp for the target directory.
3413	 */
3414	if (VOP_REALVP(tdvp, &realvp, ct) == 0)
3415		tdvp = realvp;
3416
3417	tdzp = VTOZ(tdvp);
3418	ZFS_VERIFY_ZP(tdzp);
3419
3420	/*
3421	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
3422	 * ctldir appear to have the same v_vfsp.
3423	 */
3424	if (tdzp->z_zfsvfs != zfsvfs || zfsctl_is_node(tdvp)) {
3425		ZFS_EXIT(zfsvfs);
3426		return (SET_ERROR(EXDEV));
3427	}
3428
3429	if (zfsvfs->z_utf8 && u8_validate(tnm,
3430	    strlen(tnm), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3431		ZFS_EXIT(zfsvfs);
3432		return (SET_ERROR(EILSEQ));
3433	}
3434
3435	if (flags & FIGNORECASE)
3436		zflg |= ZCILOOK;
3437
3438top:
3439	szp = NULL;
3440	tzp = NULL;
3441	zl = NULL;
3442
3443	/*
3444	 * This is to prevent the creation of links into attribute space
3445	 * by renaming a linked file into/outof an attribute directory.
3446	 * See the comment in zfs_link() for why this is considered bad.
3447	 */
3448	if ((tdzp->z_pflags & ZFS_XATTR) != (sdzp->z_pflags & ZFS_XATTR)) {
3449		ZFS_EXIT(zfsvfs);
3450		return (SET_ERROR(EINVAL));
3451	}
3452
3453	/*
3454	 * Lock source and target directory entries.  To prevent deadlock,
3455	 * a lock ordering must be defined.  We lock the directory with
3456	 * the smallest object id first, or if it's a tie, the one with
3457	 * the lexically first name.
3458	 */
3459	if (sdzp->z_id < tdzp->z_id) {
3460		cmp = -1;
3461	} else if (sdzp->z_id > tdzp->z_id) {
3462		cmp = 1;
3463	} else {
3464		/*
3465		 * First compare the two name arguments without
3466		 * considering any case folding.
3467		 */
3468		int nofold = (zfsvfs->z_norm & ~U8_TEXTPREP_TOUPPER);
3469
3470		cmp = u8_strcmp(snm, tnm, 0, nofold, U8_UNICODE_LATEST, &error);
3471		ASSERT(error == 0 || !zfsvfs->z_utf8);
3472		if (cmp == 0) {
3473			/*
3474			 * POSIX: "If the old argument and the new argument
3475			 * both refer to links to the same existing file,
3476			 * the rename() function shall return successfully
3477			 * and perform no other action."
3478			 */
3479			ZFS_EXIT(zfsvfs);
3480			return (0);
3481		}
3482		/*
3483		 * If the file system is case-folding, then we may
3484		 * have some more checking to do.  A case-folding file
3485		 * system is either supporting mixed case sensitivity
3486		 * access or is completely case-insensitive.  Note
3487		 * that the file system is always case preserving.
3488		 *
3489		 * In mixed sensitivity mode case sensitive behavior
3490		 * is the default.  FIGNORECASE must be used to
3491		 * explicitly request case insensitive behavior.
3492		 *
3493		 * If the source and target names provided differ only
3494		 * by case (e.g., a request to rename 'tim' to 'Tim'),
3495		 * we will treat this as a special case in the
3496		 * case-insensitive mode: as long as the source name
3497		 * is an exact match, we will allow this to proceed as
3498		 * a name-change request.
3499		 */
3500		if ((zfsvfs->z_case == ZFS_CASE_INSENSITIVE ||
3501		    (zfsvfs->z_case == ZFS_CASE_MIXED &&
3502		    flags & FIGNORECASE)) &&
3503		    u8_strcmp(snm, tnm, 0, zfsvfs->z_norm, U8_UNICODE_LATEST,
3504		    &error) == 0) {
3505			/*
3506			 * case preserving rename request, require exact
3507			 * name matches
3508			 */
3509			zflg |= ZCIEXACT;
3510			zflg &= ~ZCILOOK;
3511		}
3512	}
3513
3514	/*
3515	 * If the source and destination directories are the same, we should
3516	 * grab the z_name_lock of that directory only once.
3517	 */
3518	if (sdzp == tdzp) {
3519		zflg |= ZHAVELOCK;
3520		rw_enter(&sdzp->z_name_lock, RW_READER);
3521	}
3522
3523	if (cmp < 0) {
3524		serr = zfs_dirent_lock(&sdl, sdzp, snm, &szp,
3525		    ZEXISTS | zflg, NULL, NULL);
3526		terr = zfs_dirent_lock(&tdl,
3527		    tdzp, tnm, &tzp, ZRENAMING | zflg, NULL, NULL);
3528	} else {
3529		terr = zfs_dirent_lock(&tdl,
3530		    tdzp, tnm, &tzp, zflg, NULL, NULL);
3531		serr = zfs_dirent_lock(&sdl,
3532		    sdzp, snm, &szp, ZEXISTS | ZRENAMING | zflg,
3533		    NULL, NULL);
3534	}
3535
3536	if (serr) {
3537		/*
3538		 * Source entry invalid or not there.
3539		 */
3540		if (!terr) {
3541			zfs_dirent_unlock(tdl);
3542			if (tzp)
3543				VN_RELE(ZTOV(tzp));
3544		}
3545
3546		if (sdzp == tdzp)
3547			rw_exit(&sdzp->z_name_lock);
3548
3549		if (strcmp(snm, "..") == 0)
3550			serr = SET_ERROR(EINVAL);
3551		ZFS_EXIT(zfsvfs);
3552		return (serr);
3553	}
3554	if (terr) {
3555		zfs_dirent_unlock(sdl);
3556		VN_RELE(ZTOV(szp));
3557
3558		if (sdzp == tdzp)
3559			rw_exit(&sdzp->z_name_lock);
3560
3561		if (strcmp(tnm, "..") == 0)
3562			terr = SET_ERROR(EINVAL);
3563		ZFS_EXIT(zfsvfs);
3564		return (terr);
3565	}
3566
3567	/*
3568	 * Must have write access at the source to remove the old entry
3569	 * and write access at the target to create the new entry.
3570	 * Note that if target and source are the same, this can be
3571	 * done in a single check.
3572	 */
3573
3574	if (error = zfs_zaccess_rename(sdzp, szp, tdzp, tzp, cr))
3575		goto out;
3576
3577	if (ZTOV(szp)->v_type == VDIR) {
3578		/*
3579		 * Check to make sure rename is valid.
3580		 * Can't do a move like this: /usr/a/b to /usr/a/b/c/d
3581		 */
3582		if (error = zfs_rename_lock(szp, tdzp, sdzp, &zl))
3583			goto out;
3584	}
3585
3586	/*
3587	 * Does target exist?
3588	 */
3589	if (tzp) {
3590		/*
3591		 * Source and target must be the same type.
3592		 */
3593		if (ZTOV(szp)->v_type == VDIR) {
3594			if (ZTOV(tzp)->v_type != VDIR) {
3595				error = SET_ERROR(ENOTDIR);
3596				goto out;
3597			}
3598		} else {
3599			if (ZTOV(tzp)->v_type == VDIR) {
3600				error = SET_ERROR(EISDIR);
3601				goto out;
3602			}
3603		}
3604		/*
3605		 * POSIX dictates that when the source and target
3606		 * entries refer to the same file object, rename
3607		 * must do nothing and exit without error.
3608		 */
3609		if (szp->z_id == tzp->z_id) {
3610			error = 0;
3611			goto out;
3612		}
3613	}
3614
3615	vnevent_rename_src(ZTOV(szp), sdvp, snm, ct);
3616	if (tzp)
3617		vnevent_rename_dest(ZTOV(tzp), tdvp, tnm, ct);
3618
3619	/*
3620	 * notify the target directory if it is not the same
3621	 * as source directory.
3622	 */
3623	if (tdvp != sdvp) {
3624		vnevent_rename_dest_dir(tdvp, ct);
3625	}
3626
3627	tx = dmu_tx_create(zfsvfs->z_os);
3628	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
3629	dmu_tx_hold_sa(tx, sdzp->z_sa_hdl, B_FALSE);
3630	dmu_tx_hold_zap(tx, sdzp->z_id, FALSE, snm);
3631	dmu_tx_hold_zap(tx, tdzp->z_id, TRUE, tnm);
3632	if (sdzp != tdzp) {
3633		dmu_tx_hold_sa(tx, tdzp->z_sa_hdl, B_FALSE);
3634		zfs_sa_upgrade_txholds(tx, tdzp);
3635	}
3636	if (tzp) {
3637		dmu_tx_hold_sa(tx, tzp->z_sa_hdl, B_FALSE);
3638		zfs_sa_upgrade_txholds(tx, tzp);
3639	}
3640
3641	zfs_sa_upgrade_txholds(tx, szp);
3642	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
3643	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3644	if (error) {
3645		if (zl != NULL)
3646			zfs_rename_unlock(&zl);
3647		zfs_dirent_unlock(sdl);
3648		zfs_dirent_unlock(tdl);
3649
3650		if (sdzp == tdzp)
3651			rw_exit(&sdzp->z_name_lock);
3652
3653		VN_RELE(ZTOV(szp));
3654		if (tzp)
3655			VN_RELE(ZTOV(tzp));
3656		if (error == ERESTART) {
3657			waited = B_TRUE;
3658			dmu_tx_wait(tx);
3659			dmu_tx_abort(tx);
3660			goto top;
3661		}
3662		dmu_tx_abort(tx);
3663		ZFS_EXIT(zfsvfs);
3664		return (error);
3665	}
3666
3667	if (tzp)	/* Attempt to remove the existing target */
3668		error = zfs_link_destroy(tdl, tzp, tx, zflg, NULL);
3669
3670	if (error == 0) {
3671		error = zfs_link_create(tdl, szp, tx, ZRENAMING);
3672		if (error == 0) {
3673			szp->z_pflags |= ZFS_AV_MODIFIED;
3674
3675			error = sa_update(szp->z_sa_hdl, SA_ZPL_FLAGS(zfsvfs),
3676			    (void *)&szp->z_pflags, sizeof (uint64_t), tx);
3677			ASSERT0(error);
3678
3679			error = zfs_link_destroy(sdl, szp, tx, ZRENAMING, NULL);
3680			if (error == 0) {
3681				zfs_log_rename(zilog, tx, TX_RENAME |
3682				    (flags & FIGNORECASE ? TX_CI : 0), sdzp,
3683				    sdl->dl_name, tdzp, tdl->dl_name, szp);
3684
3685				/*
3686				 * Update path information for the target vnode
3687				 */
3688				vn_renamepath(tdvp, ZTOV(szp), tnm,
3689				    strlen(tnm));
3690			} else {
3691				/*
3692				 * At this point, we have successfully created
3693				 * the target name, but have failed to remove
3694				 * the source name.  Since the create was done
3695				 * with the ZRENAMING flag, there are
3696				 * complications; for one, the link count is
3697				 * wrong.  The easiest way to deal with this
3698				 * is to remove the newly created target, and
3699				 * return the original error.  This must
3700				 * succeed; fortunately, it is very unlikely to
3701				 * fail, since we just created it.
3702				 */
3703				VERIFY3U(zfs_link_destroy(tdl, szp, tx,
3704				    ZRENAMING, NULL), ==, 0);
3705			}
3706		}
3707	}
3708
3709	dmu_tx_commit(tx);
3710out:
3711	if (zl != NULL)
3712		zfs_rename_unlock(&zl);
3713
3714	zfs_dirent_unlock(sdl);
3715	zfs_dirent_unlock(tdl);
3716
3717	if (sdzp == tdzp)
3718		rw_exit(&sdzp->z_name_lock);
3719
3720
3721	VN_RELE(ZTOV(szp));
3722	if (tzp)
3723		VN_RELE(ZTOV(tzp));
3724
3725	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3726		zil_commit(zilog, 0);
3727
3728	ZFS_EXIT(zfsvfs);
3729	return (error);
3730}
3731
3732/*
3733 * Insert the indicated symbolic reference entry into the directory.
3734 *
3735 *	IN:	dvp	- Directory to contain new symbolic link.
3736 *		link	- Name for new symlink entry.
3737 *		vap	- Attributes of new entry.
3738 *		cr	- credentials of caller.
3739 *		ct	- caller context
3740 *		flags	- case flags
3741 *
3742 *	RETURN:	0 on success, error code on failure.
3743 *
3744 * Timestamps:
3745 *	dvp - ctime|mtime updated
3746 */
3747/*ARGSUSED*/
3748static int
3749zfs_symlink(vnode_t *dvp, char *name, vattr_t *vap, char *link, cred_t *cr,
3750    caller_context_t *ct, int flags)
3751{
3752	znode_t		*zp, *dzp = VTOZ(dvp);
3753	zfs_dirlock_t	*dl;
3754	dmu_tx_t	*tx;
3755	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3756	zilog_t		*zilog;
3757	uint64_t	len = strlen(link);
3758	int		error;
3759	int		zflg = ZNEW;
3760	zfs_acl_ids_t	acl_ids;
3761	boolean_t	fuid_dirtied;
3762	uint64_t	txtype = TX_SYMLINK;
3763	boolean_t	waited = B_FALSE;
3764
3765	ASSERT(vap->va_type == VLNK);
3766
3767	ZFS_ENTER(zfsvfs);
3768	ZFS_VERIFY_ZP(dzp);
3769	zilog = zfsvfs->z_log;
3770
3771	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
3772	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3773		ZFS_EXIT(zfsvfs);
3774		return (SET_ERROR(EILSEQ));
3775	}
3776	if (flags & FIGNORECASE)
3777		zflg |= ZCILOOK;
3778
3779	if (len > MAXPATHLEN) {
3780		ZFS_EXIT(zfsvfs);
3781		return (SET_ERROR(ENAMETOOLONG));
3782	}
3783
3784	if ((error = zfs_acl_ids_create(dzp, 0,
3785	    vap, cr, NULL, &acl_ids)) != 0) {
3786		ZFS_EXIT(zfsvfs);
3787		return (error);
3788	}
3789top:
3790	/*
3791	 * Attempt to lock directory; fail if entry already exists.
3792	 */
3793	error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg, NULL, NULL);
3794	if (error) {
3795		zfs_acl_ids_free(&acl_ids);
3796		ZFS_EXIT(zfsvfs);
3797		return (error);
3798	}
3799
3800	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
3801		zfs_acl_ids_free(&acl_ids);
3802		zfs_dirent_unlock(dl);
3803		ZFS_EXIT(zfsvfs);
3804		return (error);
3805	}
3806
3807	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
3808		zfs_acl_ids_free(&acl_ids);
3809		zfs_dirent_unlock(dl);
3810		ZFS_EXIT(zfsvfs);
3811		return (SET_ERROR(EDQUOT));
3812	}
3813	tx = dmu_tx_create(zfsvfs->z_os);
3814	fuid_dirtied = zfsvfs->z_fuid_dirty;
3815	dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, MAX(1, len));
3816	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
3817	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
3818	    ZFS_SA_BASE_ATTR_SIZE + len);
3819	dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
3820	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3821		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
3822		    acl_ids.z_aclp->z_acl_bytes);
3823	}
3824	if (fuid_dirtied)
3825		zfs_fuid_txhold(zfsvfs, tx);
3826	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3827	if (error) {
3828		zfs_dirent_unlock(dl);
3829		if (error == ERESTART) {
3830			waited = B_TRUE;
3831			dmu_tx_wait(tx);
3832			dmu_tx_abort(tx);
3833			goto top;
3834		}
3835		zfs_acl_ids_free(&acl_ids);
3836		dmu_tx_abort(tx);
3837		ZFS_EXIT(zfsvfs);
3838		return (error);
3839	}
3840
3841	/*
3842	 * Create a new object for the symlink.
3843	 * for version 4 ZPL datsets the symlink will be an SA attribute
3844	 */
3845	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
3846
3847	if (fuid_dirtied)
3848		zfs_fuid_sync(zfsvfs, tx);
3849
3850	mutex_enter(&zp->z_lock);
3851	if (zp->z_is_sa)
3852		error = sa_update(zp->z_sa_hdl, SA_ZPL_SYMLINK(zfsvfs),
3853		    link, len, tx);
3854	else
3855		zfs_sa_symlink(zp, link, len, tx);
3856	mutex_exit(&zp->z_lock);
3857
3858	zp->z_size = len;
3859	(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
3860	    &zp->z_size, sizeof (zp->z_size), tx);
3861	/*
3862	 * Insert the new object into the directory.
3863	 */
3864	(void) zfs_link_create(dl, zp, tx, ZNEW);
3865
3866	if (flags & FIGNORECASE)
3867		txtype |= TX_CI;
3868	zfs_log_symlink(zilog, tx, txtype, dzp, zp, name, link);
3869
3870	zfs_acl_ids_free(&acl_ids);
3871
3872	dmu_tx_commit(tx);
3873
3874	zfs_dirent_unlock(dl);
3875
3876	VN_RELE(ZTOV(zp));
3877
3878	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3879		zil_commit(zilog, 0);
3880
3881	ZFS_EXIT(zfsvfs);
3882	return (error);
3883}
3884
3885/*
3886 * Return, in the buffer contained in the provided uio structure,
3887 * the symbolic path referred to by vp.
3888 *
3889 *	IN:	vp	- vnode of symbolic link.
3890 *		uio	- structure to contain the link path.
3891 *		cr	- credentials of caller.
3892 *		ct	- caller context
3893 *
3894 *	OUT:	uio	- structure containing the link path.
3895 *
3896 *	RETURN:	0 on success, error code on failure.
3897 *
3898 * Timestamps:
3899 *	vp - atime updated
3900 */
3901/* ARGSUSED */
3902static int
3903zfs_readlink(vnode_t *vp, uio_t *uio, cred_t *cr, caller_context_t *ct)
3904{
3905	znode_t		*zp = VTOZ(vp);
3906	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
3907	int		error;
3908
3909	ZFS_ENTER(zfsvfs);
3910	ZFS_VERIFY_ZP(zp);
3911
3912	mutex_enter(&zp->z_lock);
3913	if (zp->z_is_sa)
3914		error = sa_lookup_uio(zp->z_sa_hdl,
3915		    SA_ZPL_SYMLINK(zfsvfs), uio);
3916	else
3917		error = zfs_sa_readlink(zp, uio);
3918	mutex_exit(&zp->z_lock);
3919
3920	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
3921
3922	ZFS_EXIT(zfsvfs);
3923	return (error);
3924}
3925
3926/*
3927 * Insert a new entry into directory tdvp referencing svp.
3928 *
3929 *	IN:	tdvp	- Directory to contain new entry.
3930 *		svp	- vnode of new entry.
3931 *		name	- name of new entry.
3932 *		cr	- credentials of caller.
3933 *		ct	- caller context
3934 *
3935 *	RETURN:	0 on success, error code on failure.
3936 *
3937 * Timestamps:
3938 *	tdvp - ctime|mtime updated
3939 *	 svp - ctime updated
3940 */
3941/* ARGSUSED */
3942static int
3943zfs_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr,
3944    caller_context_t *ct, int flags)
3945{
3946	znode_t		*dzp = VTOZ(tdvp);
3947	znode_t		*tzp, *szp;
3948	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3949	zilog_t		*zilog;
3950	zfs_dirlock_t	*dl;
3951	dmu_tx_t	*tx;
3952	vnode_t		*realvp;
3953	int		error;
3954	int		zf = ZNEW;
3955	uint64_t	parent;
3956	uid_t		owner;
3957	boolean_t	waited = B_FALSE;
3958
3959	ASSERT(tdvp->v_type == VDIR);
3960
3961	ZFS_ENTER(zfsvfs);
3962	ZFS_VERIFY_ZP(dzp);
3963	zilog = zfsvfs->z_log;
3964
3965	if (VOP_REALVP(svp, &realvp, ct) == 0)
3966		svp = realvp;
3967
3968	/*
3969	 * POSIX dictates that we return EPERM here.
3970	 * Better choices include ENOTSUP or EISDIR.
3971	 */
3972	if (svp->v_type == VDIR) {
3973		ZFS_EXIT(zfsvfs);
3974		return (SET_ERROR(EPERM));
3975	}
3976
3977	szp = VTOZ(svp);
3978	ZFS_VERIFY_ZP(szp);
3979
3980	/*
3981	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
3982	 * ctldir appear to have the same v_vfsp.
3983	 */
3984	if (szp->z_zfsvfs != zfsvfs || zfsctl_is_node(svp)) {
3985		ZFS_EXIT(zfsvfs);
3986		return (SET_ERROR(EXDEV));
3987	}
3988
3989	/* Prevent links to .zfs/shares files */
3990
3991	if ((error = sa_lookup(szp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
3992	    &parent, sizeof (uint64_t))) != 0) {
3993		ZFS_EXIT(zfsvfs);
3994		return (error);
3995	}
3996	if (parent == zfsvfs->z_shares_dir) {
3997		ZFS_EXIT(zfsvfs);
3998		return (SET_ERROR(EPERM));
3999	}
4000
4001	if (zfsvfs->z_utf8 && u8_validate(name,
4002	    strlen(name), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
4003		ZFS_EXIT(zfsvfs);
4004		return (SET_ERROR(EILSEQ));
4005	}
4006	if (flags & FIGNORECASE)
4007		zf |= ZCILOOK;
4008
4009	/*
4010	 * We do not support links between attributes and non-attributes
4011	 * because of the potential security risk of creating links
4012	 * into "normal" file space in order to circumvent restrictions
4013	 * imposed in attribute space.
4014	 */
4015	if ((szp->z_pflags & ZFS_XATTR) != (dzp->z_pflags & ZFS_XATTR)) {
4016		ZFS_EXIT(zfsvfs);
4017		return (SET_ERROR(EINVAL));
4018	}
4019
4020
4021	owner = zfs_fuid_map_id(zfsvfs, szp->z_uid, cr, ZFS_OWNER);
4022	if (owner != crgetuid(cr) && secpolicy_basic_link(cr) != 0) {
4023		ZFS_EXIT(zfsvfs);
4024		return (SET_ERROR(EPERM));
4025	}
4026
4027	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
4028		ZFS_EXIT(zfsvfs);
4029		return (error);
4030	}
4031
4032top:
4033	/*
4034	 * Attempt to lock directory; fail if entry already exists.
4035	 */
4036	error = zfs_dirent_lock(&dl, dzp, name, &tzp, zf, NULL, NULL);
4037	if (error) {
4038		ZFS_EXIT(zfsvfs);
4039		return (error);
4040	}
4041
4042	tx = dmu_tx_create(zfsvfs->z_os);
4043	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
4044	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
4045	zfs_sa_upgrade_txholds(tx, szp);
4046	zfs_sa_upgrade_txholds(tx, dzp);
4047	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
4048	if (error) {
4049		zfs_dirent_unlock(dl);
4050		if (error == ERESTART) {
4051			waited = B_TRUE;
4052			dmu_tx_wait(tx);
4053			dmu_tx_abort(tx);
4054			goto top;
4055		}
4056		dmu_tx_abort(tx);
4057		ZFS_EXIT(zfsvfs);
4058		return (error);
4059	}
4060
4061	error = zfs_link_create(dl, szp, tx, 0);
4062
4063	if (error == 0) {
4064		uint64_t txtype = TX_LINK;
4065		if (flags & FIGNORECASE)
4066			txtype |= TX_CI;
4067		zfs_log_link(zilog, tx, txtype, dzp, szp, name);
4068	}
4069
4070	dmu_tx_commit(tx);
4071
4072	zfs_dirent_unlock(dl);
4073
4074	if (error == 0) {
4075		vnevent_link(svp, ct);
4076	}
4077
4078	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4079		zil_commit(zilog, 0);
4080
4081	ZFS_EXIT(zfsvfs);
4082	return (error);
4083}
4084
4085/*
4086 * zfs_null_putapage() is used when the file system has been force
4087 * unmounted. It just drops the pages.
4088 */
4089/* ARGSUSED */
4090static int
4091zfs_null_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4092		size_t *lenp, int flags, cred_t *cr)
4093{
4094	pvn_write_done(pp, B_INVAL|B_FORCE|B_ERROR);
4095	return (0);
4096}
4097
4098/*
4099 * Push a page out to disk, klustering if possible.
4100 *
4101 *	IN:	vp	- file to push page to.
4102 *		pp	- page to push.
4103 *		flags	- additional flags.
4104 *		cr	- credentials of caller.
4105 *
4106 *	OUT:	offp	- start of range pushed.
4107 *		lenp	- len of range pushed.
4108 *
4109 *	RETURN:	0 on success, error code on failure.
4110 *
4111 * NOTE: callers must have locked the page to be pushed.  On
4112 * exit, the page (and all other pages in the kluster) must be
4113 * unlocked.
4114 */
4115/* ARGSUSED */
4116static int
4117zfs_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4118		size_t *lenp, int flags, cred_t *cr)
4119{
4120	znode_t		*zp = VTOZ(vp);
4121	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4122	dmu_tx_t	*tx;
4123	u_offset_t	off, koff;
4124	size_t		len, klen;
4125	int		err;
4126
4127	off = pp->p_offset;
4128	len = PAGESIZE;
4129	/*
4130	 * If our blocksize is bigger than the page size, try to kluster
4131	 * multiple pages so that we write a full block (thus avoiding
4132	 * a read-modify-write).
4133	 */
4134	if (off < zp->z_size && zp->z_blksz > PAGESIZE) {
4135		klen = P2ROUNDUP((ulong_t)zp->z_blksz, PAGESIZE);
4136		koff = ISP2(klen) ? P2ALIGN(off, (u_offset_t)klen) : 0;
4137		ASSERT(koff <= zp->z_size);
4138		if (koff + klen > zp->z_size)
4139			klen = P2ROUNDUP(zp->z_size - koff, (uint64_t)PAGESIZE);
4140		pp = pvn_write_kluster(vp, pp, &off, &len, koff, klen, flags);
4141	}
4142	ASSERT3U(btop(len), ==, btopr(len));
4143
4144	/*
4145	 * Can't push pages past end-of-file.
4146	 */
4147	if (off >= zp->z_size) {
4148		/* ignore all pages */
4149		err = 0;
4150		goto out;
4151	} else if (off + len > zp->z_size) {
4152		int npages = btopr(zp->z_size - off);
4153		page_t *trunc;
4154
4155		page_list_break(&pp, &trunc, npages);
4156		/* ignore pages past end of file */
4157		if (trunc)
4158			pvn_write_done(trunc, flags);
4159		len = zp->z_size - off;
4160	}
4161
4162	if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
4163	    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
4164		err = SET_ERROR(EDQUOT);
4165		goto out;
4166	}
4167	tx = dmu_tx_create(zfsvfs->z_os);
4168	dmu_tx_hold_write(tx, zp->z_id, off, len);
4169
4170	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4171	zfs_sa_upgrade_txholds(tx, zp);
4172	err = dmu_tx_assign(tx, TXG_WAIT);
4173	if (err != 0) {
4174		dmu_tx_abort(tx);
4175		goto out;
4176	}
4177
4178	if (zp->z_blksz <= PAGESIZE) {
4179		caddr_t va = zfs_map_page(pp, S_READ);
4180		ASSERT3U(len, <=, PAGESIZE);
4181		dmu_write(zfsvfs->z_os, zp->z_id, off, len, va, tx);
4182		zfs_unmap_page(pp, va);
4183	} else {
4184		err = dmu_write_pages(zfsvfs->z_os, zp->z_id, off, len, pp, tx);
4185	}
4186
4187	if (err == 0) {
4188		uint64_t mtime[2], ctime[2];
4189		sa_bulk_attr_t bulk[3];
4190		int count = 0;
4191
4192		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
4193		    &mtime, 16);
4194		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
4195		    &ctime, 16);
4196		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
4197		    &zp->z_pflags, 8);
4198		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
4199		    B_TRUE);
4200		zfs_log_write(zfsvfs->z_log, tx, TX_WRITE, zp, off, len, 0);
4201	}
4202	dmu_tx_commit(tx);
4203
4204out:
4205	pvn_write_done(pp, (err ? B_ERROR : 0) | flags);
4206	if (offp)
4207		*offp = off;
4208	if (lenp)
4209		*lenp = len;
4210
4211	return (err);
4212}
4213
4214/*
4215 * Copy the portion of the file indicated from pages into the file.
4216 * The pages are stored in a page list attached to the files vnode.
4217 *
4218 *	IN:	vp	- vnode of file to push page data to.
4219 *		off	- position in file to put data.
4220 *		len	- amount of data to write.
4221 *		flags	- flags to control the operation.
4222 *		cr	- credentials of caller.
4223 *		ct	- caller context.
4224 *
4225 *	RETURN:	0 on success, error code on failure.
4226 *
4227 * Timestamps:
4228 *	vp - ctime|mtime updated
4229 */
4230/*ARGSUSED*/
4231static int
4232zfs_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr,
4233    caller_context_t *ct)
4234{
4235	znode_t		*zp = VTOZ(vp);
4236	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4237	page_t		*pp;
4238	size_t		io_len;
4239	u_offset_t	io_off;
4240	uint_t		blksz;
4241	rl_t		*rl;
4242	int		error = 0;
4243
4244	ZFS_ENTER(zfsvfs);
4245	ZFS_VERIFY_ZP(zp);
4246
4247	/*
4248	 * There's nothing to do if no data is cached.
4249	 */
4250	if (!vn_has_cached_data(vp)) {
4251		ZFS_EXIT(zfsvfs);
4252		return (0);
4253	}
4254
4255	/*
4256	 * Align this request to the file block size in case we kluster.
4257	 * XXX - this can result in pretty aggresive locking, which can
4258	 * impact simultanious read/write access.  One option might be
4259	 * to break up long requests (len == 0) into block-by-block
4260	 * operations to get narrower locking.
4261	 */
4262	blksz = zp->z_blksz;
4263	if (ISP2(blksz))
4264		io_off = P2ALIGN_TYPED(off, blksz, u_offset_t);
4265	else
4266		io_off = 0;
4267	if (len > 0 && ISP2(blksz))
4268		io_len = P2ROUNDUP_TYPED(len + (off - io_off), blksz, size_t);
4269	else
4270		io_len = 0;
4271
4272	if (io_len == 0) {
4273		/*
4274		 * Search the entire vp list for pages >= io_off.
4275		 */
4276		rl = zfs_range_lock(zp, io_off, UINT64_MAX, RL_WRITER);
4277		error = pvn_vplist_dirty(vp, io_off, zfs_putapage, flags, cr);
4278		goto out;
4279	}
4280	rl = zfs_range_lock(zp, io_off, io_len, RL_WRITER);
4281
4282	if (off > zp->z_size) {
4283		/* past end of file */
4284		zfs_range_unlock(rl);
4285		ZFS_EXIT(zfsvfs);
4286		return (0);
4287	}
4288
4289	len = MIN(io_len, P2ROUNDUP(zp->z_size, PAGESIZE) - io_off);
4290
4291	for (off = io_off; io_off < off + len; io_off += io_len) {
4292		if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
4293			pp = page_lookup(vp, io_off,
4294			    (flags & (B_INVAL | B_FREE)) ? SE_EXCL : SE_SHARED);
4295		} else {
4296			pp = page_lookup_nowait(vp, io_off,
4297			    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
4298		}
4299
4300		if (pp != NULL && pvn_getdirty(pp, flags)) {
4301			int err;
4302
4303			/*
4304			 * Found a dirty page to push
4305			 */
4306			err = zfs_putapage(vp, pp, &io_off, &io_len, flags, cr);
4307			if (err)
4308				error = err;
4309		} else {
4310			io_len = PAGESIZE;
4311		}
4312	}
4313out:
4314	zfs_range_unlock(rl);
4315	if ((flags & B_ASYNC) == 0 || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4316		zil_commit(zfsvfs->z_log, zp->z_id);
4317	ZFS_EXIT(zfsvfs);
4318	return (error);
4319}
4320
4321/*ARGSUSED*/
4322void
4323zfs_inactive(vnode_t *vp, cred_t *cr, caller_context_t *ct)
4324{
4325	znode_t	*zp = VTOZ(vp);
4326	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4327	int error;
4328
4329	rw_enter(&zfsvfs->z_teardown_inactive_lock, RW_READER);
4330	if (zp->z_sa_hdl == NULL) {
4331		/*
4332		 * The fs has been unmounted, or we did a
4333		 * suspend/resume and this file no longer exists.
4334		 */
4335		if (vn_has_cached_data(vp)) {
4336			(void) pvn_vplist_dirty(vp, 0, zfs_null_putapage,
4337			    B_INVAL, cr);
4338		}
4339
4340		mutex_enter(&zp->z_lock);
4341		mutex_enter(&vp->v_lock);
4342		ASSERT(vp->v_count == 1);
4343		vp->v_count = 0;
4344		mutex_exit(&vp->v_lock);
4345		mutex_exit(&zp->z_lock);
4346		rw_exit(&zfsvfs->z_teardown_inactive_lock);
4347		zfs_znode_free(zp);
4348		return;
4349	}
4350
4351	/*
4352	 * Attempt to push any data in the page cache.  If this fails
4353	 * we will get kicked out later in zfs_zinactive().
4354	 */
4355	if (vn_has_cached_data(vp)) {
4356		(void) pvn_vplist_dirty(vp, 0, zfs_putapage, B_INVAL|B_ASYNC,
4357		    cr);
4358	}
4359
4360	if (zp->z_atime_dirty && zp->z_unlinked == 0) {
4361		dmu_tx_t *tx = dmu_tx_create(zfsvfs->z_os);
4362
4363		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4364		zfs_sa_upgrade_txholds(tx, zp);
4365		error = dmu_tx_assign(tx, TXG_WAIT);
4366		if (error) {
4367			dmu_tx_abort(tx);
4368		} else {
4369			mutex_enter(&zp->z_lock);
4370			(void) sa_update(zp->z_sa_hdl, SA_ZPL_ATIME(zfsvfs),
4371			    (void *)&zp->z_atime, sizeof (zp->z_atime), tx);
4372			zp->z_atime_dirty = 0;
4373			mutex_exit(&zp->z_lock);
4374			dmu_tx_commit(tx);
4375		}
4376	}
4377
4378	zfs_zinactive(zp);
4379	rw_exit(&zfsvfs->z_teardown_inactive_lock);
4380}
4381
4382/*
4383 * Bounds-check the seek operation.
4384 *
4385 *	IN:	vp	- vnode seeking within
4386 *		ooff	- old file offset
4387 *		noffp	- pointer to new file offset
4388 *		ct	- caller context
4389 *
4390 *	RETURN:	0 on success, EINVAL if new offset invalid.
4391 */
4392/* ARGSUSED */
4393static int
4394zfs_seek(vnode_t *vp, offset_t ooff, offset_t *noffp,
4395    caller_context_t *ct)
4396{
4397	if (vp->v_type == VDIR)
4398		return (0);
4399	return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
4400}
4401
4402/*
4403 * Pre-filter the generic locking function to trap attempts to place
4404 * a mandatory lock on a memory mapped file.
4405 */
4406static int
4407zfs_frlock(vnode_t *vp, int cmd, flock64_t *bfp, int flag, offset_t offset,
4408    flk_callback_t *flk_cbp, cred_t *cr, caller_context_t *ct)
4409{
4410	znode_t *zp = VTOZ(vp);
4411	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4412
4413	ZFS_ENTER(zfsvfs);
4414	ZFS_VERIFY_ZP(zp);
4415
4416	/*
4417	 * We are following the UFS semantics with respect to mapcnt
4418	 * here: If we see that the file is mapped already, then we will
4419	 * return an error, but we don't worry about races between this
4420	 * function and zfs_map().
4421	 */
4422	if (zp->z_mapcnt > 0 && MANDMODE(zp->z_mode)) {
4423		ZFS_EXIT(zfsvfs);
4424		return (SET_ERROR(EAGAIN));
4425	}
4426	ZFS_EXIT(zfsvfs);
4427	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr, ct));
4428}
4429
4430/*
4431 * If we can't find a page in the cache, we will create a new page
4432 * and fill it with file data.  For efficiency, we may try to fill
4433 * multiple pages at once (klustering) to fill up the supplied page
4434 * list.  Note that the pages to be filled are held with an exclusive
4435 * lock to prevent access by other threads while they are being filled.
4436 */
4437static int
4438zfs_fillpage(vnode_t *vp, u_offset_t off, struct seg *seg,
4439    caddr_t addr, page_t *pl[], size_t plsz, enum seg_rw rw)
4440{
4441	znode_t *zp = VTOZ(vp);
4442	page_t *pp, *cur_pp;
4443	objset_t *os = zp->z_zfsvfs->z_os;
4444	u_offset_t io_off, total;
4445	size_t io_len;
4446	int err;
4447
4448	if (plsz == PAGESIZE || zp->z_blksz <= PAGESIZE) {
4449		/*
4450		 * We only have a single page, don't bother klustering
4451		 */
4452		io_off = off;
4453		io_len = PAGESIZE;
4454		pp = page_create_va(vp, io_off, io_len,
4455		    PG_EXCL | PG_WAIT, seg, addr);
4456	} else {
4457		/*
4458		 * Try to find enough pages to fill the page list
4459		 */
4460		pp = pvn_read_kluster(vp, off, seg, addr, &io_off,
4461		    &io_len, off, plsz, 0);
4462	}
4463	if (pp == NULL) {
4464		/*
4465		 * The page already exists, nothing to do here.
4466		 */
4467		*pl = NULL;
4468		return (0);
4469	}
4470
4471	/*
4472	 * Fill the pages in the kluster.
4473	 */
4474	cur_pp = pp;
4475	for (total = io_off + io_len; io_off < total; io_off += PAGESIZE) {
4476		caddr_t va;
4477
4478		ASSERT3U(io_off, ==, cur_pp->p_offset);
4479		va = zfs_map_page(cur_pp, S_WRITE);
4480		err = dmu_read(os, zp->z_id, io_off, PAGESIZE, va,
4481		    DMU_READ_PREFETCH);
4482		zfs_unmap_page(cur_pp, va);
4483		if (err) {
4484			/* On error, toss the entire kluster */
4485			pvn_read_done(pp, B_ERROR);
4486			/* convert checksum errors into IO errors */
4487			if (err == ECKSUM)
4488				err = SET_ERROR(EIO);
4489			return (err);
4490		}
4491		cur_pp = cur_pp->p_next;
4492	}
4493
4494	/*
4495	 * Fill in the page list array from the kluster starting
4496	 * from the desired offset `off'.
4497	 * NOTE: the page list will always be null terminated.
4498	 */
4499	pvn_plist_init(pp, pl, plsz, off, io_len, rw);
4500	ASSERT(pl == NULL || (*pl)->p_offset == off);
4501
4502	return (0);
4503}
4504
4505/*
4506 * Return pointers to the pages for the file region [off, off + len]
4507 * in the pl array.  If plsz is greater than len, this function may
4508 * also return page pointers from after the specified region
4509 * (i.e. the region [off, off + plsz]).  These additional pages are
4510 * only returned if they are already in the cache, or were created as
4511 * part of a klustered read.
4512 *
4513 *	IN:	vp	- vnode of file to get data from.
4514 *		off	- position in file to get data from.
4515 *		len	- amount of data to retrieve.
4516 *		plsz	- length of provided page list.
4517 *		seg	- segment to obtain pages for.
4518 *		addr	- virtual address of fault.
4519 *		rw	- mode of created pages.
4520 *		cr	- credentials of caller.
4521 *		ct	- caller context.
4522 *
4523 *	OUT:	protp	- protection mode of created pages.
4524 *		pl	- list of pages created.
4525 *
4526 *	RETURN:	0 on success, error code on failure.
4527 *
4528 * Timestamps:
4529 *	vp - atime updated
4530 */
4531/* ARGSUSED */
4532static int
4533zfs_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
4534    page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4535    enum seg_rw rw, cred_t *cr, caller_context_t *ct)
4536{
4537	znode_t		*zp = VTOZ(vp);
4538	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4539	page_t		**pl0 = pl;
4540	int		err = 0;
4541
4542	/* we do our own caching, faultahead is unnecessary */
4543	if (pl == NULL)
4544		return (0);
4545	else if (len > plsz)
4546		len = plsz;
4547	else
4548		len = P2ROUNDUP(len, PAGESIZE);
4549	ASSERT(plsz >= len);
4550
4551	ZFS_ENTER(zfsvfs);
4552	ZFS_VERIFY_ZP(zp);
4553
4554	if (protp)
4555		*protp = PROT_ALL;
4556
4557	/*
4558	 * Loop through the requested range [off, off + len) looking
4559	 * for pages.  If we don't find a page, we will need to create
4560	 * a new page and fill it with data from the file.
4561	 */
4562	while (len > 0) {
4563		if (*pl = page_lookup(vp, off, SE_SHARED))
4564			*(pl+1) = NULL;
4565		else if (err = zfs_fillpage(vp, off, seg, addr, pl, plsz, rw))
4566			goto out;
4567		while (*pl) {
4568			ASSERT3U((*pl)->p_offset, ==, off);
4569			off += PAGESIZE;
4570			addr += PAGESIZE;
4571			if (len > 0) {
4572				ASSERT3U(len, >=, PAGESIZE);
4573				len -= PAGESIZE;
4574			}
4575			ASSERT3U(plsz, >=, PAGESIZE);
4576			plsz -= PAGESIZE;
4577			pl++;
4578		}
4579	}
4580
4581	/*
4582	 * Fill out the page array with any pages already in the cache.
4583	 */
4584	while (plsz > 0 &&
4585	    (*pl++ = page_lookup_nowait(vp, off, SE_SHARED))) {
4586			off += PAGESIZE;
4587			plsz -= PAGESIZE;
4588	}
4589out:
4590	if (err) {
4591		/*
4592		 * Release any pages we have previously locked.
4593		 */
4594		while (pl > pl0)
4595			page_unlock(*--pl);
4596	} else {
4597		ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
4598	}
4599
4600	*pl = NULL;
4601
4602	ZFS_EXIT(zfsvfs);
4603	return (err);
4604}
4605
4606/*
4607 * Request a memory map for a section of a file.  This code interacts
4608 * with common code and the VM system as follows:
4609 *
4610 * - common code calls mmap(), which ends up in smmap_common()
4611 * - this calls VOP_MAP(), which takes you into (say) zfs
4612 * - zfs_map() calls as_map(), passing segvn_create() as the callback
4613 * - segvn_create() creates the new segment and calls VOP_ADDMAP()
4614 * - zfs_addmap() updates z_mapcnt
4615 */
4616/*ARGSUSED*/
4617static int
4618zfs_map(vnode_t *vp, offset_t off, struct as *as, caddr_t *addrp,
4619    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4620    caller_context_t *ct)
4621{
4622	znode_t *zp = VTOZ(vp);
4623	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4624	segvn_crargs_t	vn_a;
4625	int		error;
4626
4627	ZFS_ENTER(zfsvfs);
4628	ZFS_VERIFY_ZP(zp);
4629
4630	if ((prot & PROT_WRITE) && (zp->z_pflags &
4631	    (ZFS_IMMUTABLE | ZFS_READONLY | ZFS_APPENDONLY))) {
4632		ZFS_EXIT(zfsvfs);
4633		return (SET_ERROR(EPERM));
4634	}
4635
4636	if ((prot & (PROT_READ | PROT_EXEC)) &&
4637	    (zp->z_pflags & ZFS_AV_QUARANTINED)) {
4638		ZFS_EXIT(zfsvfs);
4639		return (SET_ERROR(EACCES));
4640	}
4641
4642	if (vp->v_flag & VNOMAP) {
4643		ZFS_EXIT(zfsvfs);
4644		return (SET_ERROR(ENOSYS));
4645	}
4646
4647	if (off < 0 || len > MAXOFFSET_T - off) {
4648		ZFS_EXIT(zfsvfs);
4649		return (SET_ERROR(ENXIO));
4650	}
4651
4652	if (vp->v_type != VREG) {
4653		ZFS_EXIT(zfsvfs);
4654		return (SET_ERROR(ENODEV));
4655	}
4656
4657	/*
4658	 * If file is locked, disallow mapping.
4659	 */
4660	if (MANDMODE(zp->z_mode) && vn_has_flocks(vp)) {
4661		ZFS_EXIT(zfsvfs);
4662		return (SET_ERROR(EAGAIN));
4663	}
4664
4665	as_rangelock(as);
4666	error = choose_addr(as, addrp, len, off, ADDR_VACALIGN, flags);
4667	if (error != 0) {
4668		as_rangeunlock(as);
4669		ZFS_EXIT(zfsvfs);
4670		return (error);
4671	}
4672
4673	vn_a.vp = vp;
4674	vn_a.offset = (u_offset_t)off;
4675	vn_a.type = flags & MAP_TYPE;
4676	vn_a.prot = prot;
4677	vn_a.maxprot = maxprot;
4678	vn_a.cred = cr;
4679	vn_a.amp = NULL;
4680	vn_a.flags = flags & ~MAP_TYPE;
4681	vn_a.szc = 0;
4682	vn_a.lgrp_mem_policy_flags = 0;
4683
4684	error = as_map(as, *addrp, len, segvn_create, &vn_a);
4685
4686	as_rangeunlock(as);
4687	ZFS_EXIT(zfsvfs);
4688	return (error);
4689}
4690
4691/* ARGSUSED */
4692static int
4693zfs_addmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4694    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4695    caller_context_t *ct)
4696{
4697	uint64_t pages = btopr(len);
4698
4699	atomic_add_64(&VTOZ(vp)->z_mapcnt, pages);
4700	return (0);
4701}
4702
4703/*
4704 * The reason we push dirty pages as part of zfs_delmap() is so that we get a
4705 * more accurate mtime for the associated file.  Since we don't have a way of
4706 * detecting when the data was actually modified, we have to resort to
4707 * heuristics.  If an explicit msync() is done, then we mark the mtime when the
4708 * last page is pushed.  The problem occurs when the msync() call is omitted,
4709 * which by far the most common case:
4710 *
4711 *	open()
4712 *	mmap()
4713 *	<modify memory>
4714 *	munmap()
4715 *	close()
4716 *	<time lapse>
4717 *	putpage() via fsflush
4718 *
4719 * If we wait until fsflush to come along, we can have a modification time that
4720 * is some arbitrary point in the future.  In order to prevent this in the
4721 * common case, we flush pages whenever a (MAP_SHARED, PROT_WRITE) mapping is
4722 * torn down.
4723 */
4724/* ARGSUSED */
4725static int
4726zfs_delmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4727    size_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cr,
4728    caller_context_t *ct)
4729{
4730	uint64_t pages = btopr(len);
4731
4732	ASSERT3U(VTOZ(vp)->z_mapcnt, >=, pages);
4733	atomic_add_64(&VTOZ(vp)->z_mapcnt, -pages);
4734
4735	if ((flags & MAP_SHARED) && (prot & PROT_WRITE) &&
4736	    vn_has_cached_data(vp))
4737		(void) VOP_PUTPAGE(vp, off, len, B_ASYNC, cr, ct);
4738
4739	return (0);
4740}
4741
4742/*
4743 * Free or allocate space in a file.  Currently, this function only
4744 * supports the `F_FREESP' command.  However, this command is somewhat
4745 * misnamed, as its functionality includes the ability to allocate as
4746 * well as free space.
4747 *
4748 *	IN:	vp	- vnode of file to free data in.
4749 *		cmd	- action to take (only F_FREESP supported).
4750 *		bfp	- section of file to free/alloc.
4751 *		flag	- current file open mode flags.
4752 *		offset	- current file offset.
4753 *		cr	- credentials of caller [UNUSED].
4754 *		ct	- caller context.
4755 *
4756 *	RETURN:	0 on success, error code on failure.
4757 *
4758 * Timestamps:
4759 *	vp - ctime|mtime updated
4760 */
4761/* ARGSUSED */
4762static int
4763zfs_space(vnode_t *vp, int cmd, flock64_t *bfp, int flag,
4764    offset_t offset, cred_t *cr, caller_context_t *ct)
4765{
4766	znode_t		*zp = VTOZ(vp);
4767	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4768	uint64_t	off, len;
4769	int		error;
4770
4771	ZFS_ENTER(zfsvfs);
4772	ZFS_VERIFY_ZP(zp);
4773
4774	if (cmd != F_FREESP) {
4775		ZFS_EXIT(zfsvfs);
4776		return (SET_ERROR(EINVAL));
4777	}
4778
4779	/*
4780	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
4781	 * callers might not be able to detect properly that we are read-only,
4782	 * so check it explicitly here.
4783	 */
4784	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
4785		ZFS_EXIT(zfsvfs);
4786		return (SET_ERROR(EROFS));
4787	}
4788
4789	if (error = convoff(vp, bfp, 0, offset)) {
4790		ZFS_EXIT(zfsvfs);
4791		return (error);
4792	}
4793
4794	if (bfp->l_len < 0) {
4795		ZFS_EXIT(zfsvfs);
4796		return (SET_ERROR(EINVAL));
4797	}
4798
4799	off = bfp->l_start;
4800	len = bfp->l_len; /* 0 means from off to end of file */
4801
4802	error = zfs_freesp(zp, off, len, flag, TRUE);
4803
4804	if (error == 0 && off == 0 && len == 0)
4805		vnevent_truncate(ZTOV(zp), ct);
4806
4807	ZFS_EXIT(zfsvfs);
4808	return (error);
4809}
4810
4811/*ARGSUSED*/
4812static int
4813zfs_fid(vnode_t *vp, fid_t *fidp, caller_context_t *ct)
4814{
4815	znode_t		*zp = VTOZ(vp);
4816	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4817	uint32_t	gen;
4818	uint64_t	gen64;
4819	uint64_t	object = zp->z_id;
4820	zfid_short_t	*zfid;
4821	int		size, i, error;
4822
4823	ZFS_ENTER(zfsvfs);
4824	ZFS_VERIFY_ZP(zp);
4825
4826	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zfsvfs),
4827	    &gen64, sizeof (uint64_t))) != 0) {
4828		ZFS_EXIT(zfsvfs);
4829		return (error);
4830	}
4831
4832	gen = (uint32_t)gen64;
4833
4834	size = (zfsvfs->z_parent != zfsvfs) ? LONG_FID_LEN : SHORT_FID_LEN;
4835	if (fidp->fid_len < size) {
4836		fidp->fid_len = size;
4837		ZFS_EXIT(zfsvfs);
4838		return (SET_ERROR(ENOSPC));
4839	}
4840
4841	zfid = (zfid_short_t *)fidp;
4842
4843	zfid->zf_len = size;
4844
4845	for (i = 0; i < sizeof (zfid->zf_object); i++)
4846		zfid->zf_object[i] = (uint8_t)(object >> (8 * i));
4847
4848	/* Must have a non-zero generation number to distinguish from .zfs */
4849	if (gen == 0)
4850		gen = 1;
4851	for (i = 0; i < sizeof (zfid->zf_gen); i++)
4852		zfid->zf_gen[i] = (uint8_t)(gen >> (8 * i));
4853
4854	if (size == LONG_FID_LEN) {
4855		uint64_t	objsetid = dmu_objset_id(zfsvfs->z_os);
4856		zfid_long_t	*zlfid;
4857
4858		zlfid = (zfid_long_t *)fidp;
4859
4860		for (i = 0; i < sizeof (zlfid->zf_setid); i++)
4861			zlfid->zf_setid[i] = (uint8_t)(objsetid >> (8 * i));
4862
4863		/* XXX - this should be the generation number for the objset */
4864		for (i = 0; i < sizeof (zlfid->zf_setgen); i++)
4865			zlfid->zf_setgen[i] = 0;
4866	}
4867
4868	ZFS_EXIT(zfsvfs);
4869	return (0);
4870}
4871
4872static int
4873zfs_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr,
4874    caller_context_t *ct)
4875{
4876	znode_t		*zp, *xzp;
4877	zfsvfs_t	*zfsvfs;
4878	zfs_dirlock_t	*dl;
4879	int		error;
4880
4881	switch (cmd) {
4882	case _PC_LINK_MAX:
4883		*valp = ULONG_MAX;
4884		return (0);
4885
4886	case _PC_FILESIZEBITS:
4887		*valp = 64;
4888		return (0);
4889
4890	case _PC_XATTR_EXISTS:
4891		zp = VTOZ(vp);
4892		zfsvfs = zp->z_zfsvfs;
4893		ZFS_ENTER(zfsvfs);
4894		ZFS_VERIFY_ZP(zp);
4895		*valp = 0;
4896		error = zfs_dirent_lock(&dl, zp, "", &xzp,
4897		    ZXATTR | ZEXISTS | ZSHARED, NULL, NULL);
4898		if (error == 0) {
4899			zfs_dirent_unlock(dl);
4900			if (!zfs_dirempty(xzp))
4901				*valp = 1;
4902			VN_RELE(ZTOV(xzp));
4903		} else if (error == ENOENT) {
4904			/*
4905			 * If there aren't extended attributes, it's the
4906			 * same as having zero of them.
4907			 */
4908			error = 0;
4909		}
4910		ZFS_EXIT(zfsvfs);
4911		return (error);
4912
4913	case _PC_SATTR_ENABLED:
4914	case _PC_SATTR_EXISTS:
4915		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
4916		    (vp->v_type == VREG || vp->v_type == VDIR);
4917		return (0);
4918
4919	case _PC_ACCESS_FILTERING:
4920		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_ACCESS_FILTER) &&
4921		    vp->v_type == VDIR;
4922		return (0);
4923
4924	case _PC_ACL_ENABLED:
4925		*valp = _ACL_ACE_ENABLED;
4926		return (0);
4927
4928	case _PC_MIN_HOLE_SIZE:
4929		*valp = (ulong_t)SPA_MINBLOCKSIZE;
4930		return (0);
4931
4932	case _PC_TIMESTAMP_RESOLUTION:
4933		/* nanosecond timestamp resolution */
4934		*valp = 1L;
4935		return (0);
4936
4937	default:
4938		return (fs_pathconf(vp, cmd, valp, cr, ct));
4939	}
4940}
4941
4942/*ARGSUSED*/
4943static int
4944zfs_getsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
4945    caller_context_t *ct)
4946{
4947	znode_t *zp = VTOZ(vp);
4948	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4949	int error;
4950	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
4951
4952	ZFS_ENTER(zfsvfs);
4953	ZFS_VERIFY_ZP(zp);
4954	error = zfs_getacl(zp, vsecp, skipaclchk, cr);
4955	ZFS_EXIT(zfsvfs);
4956
4957	return (error);
4958}
4959
4960/*ARGSUSED*/
4961static int
4962zfs_setsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
4963    caller_context_t *ct)
4964{
4965	znode_t *zp = VTOZ(vp);
4966	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4967	int error;
4968	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
4969	zilog_t	*zilog = zfsvfs->z_log;
4970
4971	ZFS_ENTER(zfsvfs);
4972	ZFS_VERIFY_ZP(zp);
4973
4974	error = zfs_setacl(zp, vsecp, skipaclchk, cr);
4975
4976	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4977		zil_commit(zilog, 0);
4978
4979	ZFS_EXIT(zfsvfs);
4980	return (error);
4981}
4982
4983/*
4984 * The smallest read we may consider to loan out an arcbuf.
4985 * This must be a power of 2.
4986 */
4987int zcr_blksz_min = (1 << 10);	/* 1K */
4988/*
4989 * If set to less than the file block size, allow loaning out of an
4990 * arcbuf for a partial block read.  This must be a power of 2.
4991 */
4992int zcr_blksz_max = (1 << 17);	/* 128K */
4993
4994/*ARGSUSED*/
4995static int
4996zfs_reqzcbuf(vnode_t *vp, enum uio_rw ioflag, xuio_t *xuio, cred_t *cr,
4997    caller_context_t *ct)
4998{
4999	znode_t	*zp = VTOZ(vp);
5000	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
5001	int max_blksz = zfsvfs->z_max_blksz;
5002	uio_t *uio = &xuio->xu_uio;
5003	ssize_t size = uio->uio_resid;
5004	offset_t offset = uio->uio_loffset;
5005	int blksz;
5006	int fullblk, i;
5007	arc_buf_t *abuf;
5008	ssize_t maxsize;
5009	int preamble, postamble;
5010
5011	if (xuio->xu_type != UIOTYPE_ZEROCOPY)
5012		return (SET_ERROR(EINVAL));
5013
5014	ZFS_ENTER(zfsvfs);
5015	ZFS_VERIFY_ZP(zp);
5016	switch (ioflag) {
5017	case UIO_WRITE:
5018		/*
5019		 * Loan out an arc_buf for write if write size is bigger than
5020		 * max_blksz, and the file's block size is also max_blksz.
5021		 */
5022		blksz = max_blksz;
5023		if (size < blksz || zp->z_blksz != blksz) {
5024			ZFS_EXIT(zfsvfs);
5025			return (SET_ERROR(EINVAL));
5026		}
5027		/*
5028		 * Caller requests buffers for write before knowing where the
5029		 * write offset might be (e.g. NFS TCP write).
5030		 */
5031		if (offset == -1) {
5032			preamble = 0;
5033		} else {
5034			preamble = P2PHASE(offset, blksz);
5035			if (preamble) {
5036				preamble = blksz - preamble;
5037				size -= preamble;
5038			}
5039		}
5040
5041		postamble = P2PHASE(size, blksz);
5042		size -= postamble;
5043
5044		fullblk = size / blksz;
5045		(void) dmu_xuio_init(xuio,
5046		    (preamble != 0) + fullblk + (postamble != 0));
5047		DTRACE_PROBE3(zfs_reqzcbuf_align, int, preamble,
5048		    int, postamble, int,
5049		    (preamble != 0) + fullblk + (postamble != 0));
5050
5051		/*
5052		 * Have to fix iov base/len for partial buffers.  They
5053		 * currently represent full arc_buf's.
5054		 */
5055		if (preamble) {
5056			/* data begins in the middle of the arc_buf */
5057			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5058			    blksz);
5059			ASSERT(abuf);
5060			(void) dmu_xuio_add(xuio, abuf,
5061			    blksz - preamble, preamble);
5062		}
5063
5064		for (i = 0; i < fullblk; i++) {
5065			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5066			    blksz);
5067			ASSERT(abuf);
5068			(void) dmu_xuio_add(xuio, abuf, 0, blksz);
5069		}
5070
5071		if (postamble) {
5072			/* data ends in the middle of the arc_buf */
5073			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5074			    blksz);
5075			ASSERT(abuf);
5076			(void) dmu_xuio_add(xuio, abuf, 0, postamble);
5077		}
5078		break;
5079	case UIO_READ:
5080		/*
5081		 * Loan out an arc_buf for read if the read size is larger than
5082		 * the current file block size.  Block alignment is not
5083		 * considered.  Partial arc_buf will be loaned out for read.
5084		 */
5085		blksz = zp->z_blksz;
5086		if (blksz < zcr_blksz_min)
5087			blksz = zcr_blksz_min;
5088		if (blksz > zcr_blksz_max)
5089			blksz = zcr_blksz_max;
5090		/* avoid potential complexity of dealing with it */
5091		if (blksz > max_blksz) {
5092			ZFS_EXIT(zfsvfs);
5093			return (SET_ERROR(EINVAL));
5094		}
5095
5096		maxsize = zp->z_size - uio->uio_loffset;
5097		if (size > maxsize)
5098			size = maxsize;
5099
5100		if (size < blksz || vn_has_cached_data(vp)) {
5101			ZFS_EXIT(zfsvfs);
5102			return (SET_ERROR(EINVAL));
5103		}
5104		break;
5105	default:
5106		ZFS_EXIT(zfsvfs);
5107		return (SET_ERROR(EINVAL));
5108	}
5109
5110	uio->uio_extflg = UIO_XUIO;
5111	XUIO_XUZC_RW(xuio) = ioflag;
5112	ZFS_EXIT(zfsvfs);
5113	return (0);
5114}
5115
5116/*ARGSUSED*/
5117static int
5118zfs_retzcbuf(vnode_t *vp, xuio_t *xuio, cred_t *cr, caller_context_t *ct)
5119{
5120	int i;
5121	arc_buf_t *abuf;
5122	int ioflag = XUIO_XUZC_RW(xuio);
5123
5124	ASSERT(xuio->xu_type == UIOTYPE_ZEROCOPY);
5125
5126	i = dmu_xuio_cnt(xuio);
5127	while (i-- > 0) {
5128		abuf = dmu_xuio_arcbuf(xuio, i);
5129		/*
5130		 * if abuf == NULL, it must be a write buffer
5131		 * that has been returned in zfs_write().
5132		 */
5133		if (abuf)
5134			dmu_return_arcbuf(abuf);
5135		ASSERT(abuf || ioflag == UIO_WRITE);
5136	}
5137
5138	dmu_xuio_fini(xuio);
5139	return (0);
5140}
5141
5142/*
5143 * Predeclare these here so that the compiler assumes that
5144 * this is an "old style" function declaration that does
5145 * not include arguments => we won't get type mismatch errors
5146 * in the initializations that follow.
5147 */
5148static int zfs_inval();
5149static int zfs_isdir();
5150
5151static int
5152zfs_inval()
5153{
5154	return (SET_ERROR(EINVAL));
5155}
5156
5157static int
5158zfs_isdir()
5159{
5160	return (SET_ERROR(EISDIR));
5161}
5162/*
5163 * Directory vnode operations template
5164 */
5165vnodeops_t *zfs_dvnodeops;
5166const fs_operation_def_t zfs_dvnodeops_template[] = {
5167	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5168	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5169	VOPNAME_READ,		{ .error = zfs_isdir },
5170	VOPNAME_WRITE,		{ .error = zfs_isdir },
5171	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5172	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5173	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5174	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5175	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5176	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5177	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5178	VOPNAME_LINK,		{ .vop_link = zfs_link },
5179	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5180	VOPNAME_MKDIR,		{ .vop_mkdir = zfs_mkdir },
5181	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5182	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5183	VOPNAME_SYMLINK,	{ .vop_symlink = zfs_symlink },
5184	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5185	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5186	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5187	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5188	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5189	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5190	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5191	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5192	NULL,			NULL
5193};
5194
5195/*
5196 * Regular file vnode operations template
5197 */
5198vnodeops_t *zfs_fvnodeops;
5199const fs_operation_def_t zfs_fvnodeops_template[] = {
5200	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5201	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5202	VOPNAME_READ,		{ .vop_read = zfs_read },
5203	VOPNAME_WRITE,		{ .vop_write = zfs_write },
5204	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5205	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5206	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5207	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5208	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5209	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5210	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5211	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5212	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5213	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5214	VOPNAME_FRLOCK,		{ .vop_frlock = zfs_frlock },
5215	VOPNAME_SPACE,		{ .vop_space = zfs_space },
5216	VOPNAME_GETPAGE,	{ .vop_getpage = zfs_getpage },
5217	VOPNAME_PUTPAGE,	{ .vop_putpage = zfs_putpage },
5218	VOPNAME_MAP,		{ .vop_map = zfs_map },
5219	VOPNAME_ADDMAP,		{ .vop_addmap = zfs_addmap },
5220	VOPNAME_DELMAP,		{ .vop_delmap = zfs_delmap },
5221	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5222	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5223	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5224	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5225	VOPNAME_REQZCBUF,	{ .vop_reqzcbuf = zfs_reqzcbuf },
5226	VOPNAME_RETZCBUF,	{ .vop_retzcbuf = zfs_retzcbuf },
5227	NULL,			NULL
5228};
5229
5230/*
5231 * Symbolic link vnode operations template
5232 */
5233vnodeops_t *zfs_symvnodeops;
5234const fs_operation_def_t zfs_symvnodeops_template[] = {
5235	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5236	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5237	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5238	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5239	VOPNAME_READLINK,	{ .vop_readlink = zfs_readlink },
5240	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5241	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5242	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5243	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5244	NULL,			NULL
5245};
5246
5247/*
5248 * special share hidden files vnode operations template
5249 */
5250vnodeops_t *zfs_sharevnodeops;
5251const fs_operation_def_t zfs_sharevnodeops_template[] = {
5252	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5253	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5254	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5255	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5256	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5257	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5258	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5259	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5260	NULL,			NULL
5261};
5262
5263/*
5264 * Extended attribute directory vnode operations template
5265 *
5266 * This template is identical to the directory vnodes
5267 * operation template except for restricted operations:
5268 *	VOP_MKDIR()
5269 *	VOP_SYMLINK()
5270 *
5271 * Note that there are other restrictions embedded in:
5272 *	zfs_create()	- restrict type to VREG
5273 *	zfs_link()	- no links into/out of attribute space
5274 *	zfs_rename()	- no moves into/out of attribute space
5275 */
5276vnodeops_t *zfs_xdvnodeops;
5277const fs_operation_def_t zfs_xdvnodeops_template[] = {
5278	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5279	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5280	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5281	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5282	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5283	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5284	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5285	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5286	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5287	VOPNAME_LINK,		{ .vop_link = zfs_link },
5288	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5289	VOPNAME_MKDIR,		{ .error = zfs_inval },
5290	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5291	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5292	VOPNAME_SYMLINK,	{ .error = zfs_inval },
5293	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5294	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5295	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5296	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5297	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5298	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5299	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5300	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5301	NULL,			NULL
5302};
5303
5304/*
5305 * Error vnode operations template
5306 */
5307vnodeops_t *zfs_evnodeops;
5308const fs_operation_def_t zfs_evnodeops_template[] = {
5309	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5310	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5311	NULL,			NULL
5312};
5313