1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2013 by Delphix. All rights reserved.
24 * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27/* Portions Copyright 2007 Jeremy Teo */
28/* Portions Copyright 2010 Robert Milkowski */
29
30#include <sys/types.h>
31#include <sys/param.h>
32#include <sys/time.h>
33#include <sys/systm.h>
34#include <sys/sysmacros.h>
35#include <sys/resource.h>
36#include <sys/vfs.h>
37#include <sys/vfs_opreg.h>
38#include <sys/vnode.h>
39#include <sys/file.h>
40#include <sys/stat.h>
41#include <sys/kmem.h>
42#include <sys/taskq.h>
43#include <sys/uio.h>
44#include <sys/vmsystm.h>
45#include <sys/atomic.h>
46#include <sys/vm.h>
47#include <vm/seg_vn.h>
48#include <vm/pvn.h>
49#include <vm/as.h>
50#include <vm/kpm.h>
51#include <vm/seg_kpm.h>
52#include <sys/mman.h>
53#include <sys/pathname.h>
54#include <sys/cmn_err.h>
55#include <sys/errno.h>
56#include <sys/unistd.h>
57#include <sys/zfs_dir.h>
58#include <sys/zfs_acl.h>
59#include <sys/zfs_ioctl.h>
60#include <sys/fs/zfs.h>
61#include <sys/dmu.h>
62#include <sys/dmu_objset.h>
63#include <sys/spa.h>
64#include <sys/txg.h>
65#include <sys/dbuf.h>
66#include <sys/zap.h>
67#include <sys/sa.h>
68#include <sys/dirent.h>
69#include <sys/policy.h>
70#include <sys/sunddi.h>
71#include <sys/filio.h>
72#include <sys/sid.h>
73#include "fs/fs_subr.h"
74#include <sys/zfs_ctldir.h>
75#include <sys/zfs_fuid.h>
76#include <sys/zfs_sa.h>
77#include <sys/dnlc.h>
78#include <sys/zfs_rlock.h>
79#include <sys/extdirent.h>
80#include <sys/kidmap.h>
81#include <sys/cred.h>
82#include <sys/attr.h>
83
84/*
85 * Programming rules.
86 *
87 * Each vnode op performs some logical unit of work.  To do this, the ZPL must
88 * properly lock its in-core state, create a DMU transaction, do the work,
89 * record this work in the intent log (ZIL), commit the DMU transaction,
90 * and wait for the intent log to commit if it is a synchronous operation.
91 * Moreover, the vnode ops must work in both normal and log replay context.
92 * The ordering of events is important to avoid deadlocks and references
93 * to freed memory.  The example below illustrates the following Big Rules:
94 *
95 *  (1)	A check must be made in each zfs thread for a mounted file system.
96 *	This is done avoiding races using ZFS_ENTER(zfsvfs).
97 *	A ZFS_EXIT(zfsvfs) is needed before all returns.  Any znodes
98 *	must be checked with ZFS_VERIFY_ZP(zp).  Both of these macros
99 *	can return EIO from the calling function.
100 *
101 *  (2)	VN_RELE() should always be the last thing except for zil_commit()
102 *	(if necessary) and ZFS_EXIT(). This is for 3 reasons:
103 *	First, if it's the last reference, the vnode/znode
104 *	can be freed, so the zp may point to freed memory.  Second, the last
105 *	reference will call zfs_zinactive(), which may induce a lot of work --
106 *	pushing cached pages (which acquires range locks) and syncing out
107 *	cached atime changes.  Third, zfs_zinactive() may require a new tx,
108 *	which could deadlock the system if you were already holding one.
109 *	If you must call VN_RELE() within a tx then use VN_RELE_ASYNC().
110 *
111 *  (3)	All range locks must be grabbed before calling dmu_tx_assign(),
112 *	as they can span dmu_tx_assign() calls.
113 *
114 *  (4) If ZPL locks are held, pass TXG_NOWAIT as the second argument to
115 *      dmu_tx_assign().  This is critical because we don't want to block
116 *      while holding locks.
117 *
118 *	If no ZPL locks are held (aside from ZFS_ENTER()), use TXG_WAIT.  This
119 *	reduces lock contention and CPU usage when we must wait (note that if
120 *	throughput is constrained by the storage, nearly every transaction
121 *	must wait).
122 *
123 *      Note, in particular, that if a lock is sometimes acquired before
124 *      the tx assigns, and sometimes after (e.g. z_lock), then failing
125 *      to use a non-blocking assign can deadlock the system.  The scenario:
126 *
127 *	Thread A has grabbed a lock before calling dmu_tx_assign().
128 *	Thread B is in an already-assigned tx, and blocks for this lock.
129 *	Thread A calls dmu_tx_assign(TXG_WAIT) and blocks in txg_wait_open()
130 *	forever, because the previous txg can't quiesce until B's tx commits.
131 *
132 *	If dmu_tx_assign() returns ERESTART and zfsvfs->z_assign is TXG_NOWAIT,
133 *	then drop all locks, call dmu_tx_wait(), and try again.  On subsequent
134 *	calls to dmu_tx_assign(), pass TXG_WAITED rather than TXG_NOWAIT,
135 *	to indicate that this operation has already called dmu_tx_wait().
136 *	This will ensure that we don't retry forever, waiting a short bit
137 *	each time.
138 *
139 *  (5)	If the operation succeeded, generate the intent log entry for it
140 *	before dropping locks.  This ensures that the ordering of events
141 *	in the intent log matches the order in which they actually occurred.
142 *	During ZIL replay the zfs_log_* functions will update the sequence
143 *	number to indicate the zil transaction has replayed.
144 *
145 *  (6)	At the end of each vnode op, the DMU tx must always commit,
146 *	regardless of whether there were any errors.
147 *
148 *  (7)	After dropping all locks, invoke zil_commit(zilog, foid)
149 *	to ensure that synchronous semantics are provided when necessary.
150 *
151 * In general, this is how things should be ordered in each vnode op:
152 *
153 *	ZFS_ENTER(zfsvfs);		// exit if unmounted
154 * top:
155 *	zfs_dirent_lock(&dl, ...)	// lock directory entry (may VN_HOLD())
156 *	rw_enter(...);			// grab any other locks you need
157 *	tx = dmu_tx_create(...);	// get DMU tx
158 *	dmu_tx_hold_*();		// hold each object you might modify
159 *	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
160 *	if (error) {
161 *		rw_exit(...);		// drop locks
162 *		zfs_dirent_unlock(dl);	// unlock directory entry
163 *		VN_RELE(...);		// release held vnodes
164 *		if (error == ERESTART) {
165 *			waited = B_TRUE;
166 *			dmu_tx_wait(tx);
167 *			dmu_tx_abort(tx);
168 *			goto top;
169 *		}
170 *		dmu_tx_abort(tx);	// abort DMU tx
171 *		ZFS_EXIT(zfsvfs);	// finished in zfs
172 *		return (error);		// really out of space
173 *	}
174 *	error = do_real_work();		// do whatever this VOP does
175 *	if (error == 0)
176 *		zfs_log_*(...);		// on success, make ZIL entry
177 *	dmu_tx_commit(tx);		// commit DMU tx -- error or not
178 *	rw_exit(...);			// drop locks
179 *	zfs_dirent_unlock(dl);		// unlock directory entry
180 *	VN_RELE(...);			// release held vnodes
181 *	zil_commit(zilog, foid);	// synchronous when necessary
182 *	ZFS_EXIT(zfsvfs);		// finished in zfs
183 *	return (error);			// done, report error
184 */
185
186/* ARGSUSED */
187static int
188zfs_open(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *ct)
189{
190	znode_t	*zp = VTOZ(*vpp);
191	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
192
193	ZFS_ENTER(zfsvfs);
194	ZFS_VERIFY_ZP(zp);
195
196	if ((flag & FWRITE) && (zp->z_pflags & ZFS_APPENDONLY) &&
197	    ((flag & FAPPEND) == 0)) {
198		ZFS_EXIT(zfsvfs);
199		return (SET_ERROR(EPERM));
200	}
201
202	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
203	    ZTOV(zp)->v_type == VREG &&
204	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) {
205		if (fs_vscan(*vpp, cr, 0) != 0) {
206			ZFS_EXIT(zfsvfs);
207			return (SET_ERROR(EACCES));
208		}
209	}
210
211	/* Keep a count of the synchronous opens in the znode */
212	if (flag & (FSYNC | FDSYNC))
213		atomic_inc_32(&zp->z_sync_cnt);
214
215	ZFS_EXIT(zfsvfs);
216	return (0);
217}
218
219/* ARGSUSED */
220static int
221zfs_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
222    caller_context_t *ct)
223{
224	znode_t	*zp = VTOZ(vp);
225	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
226
227	/*
228	 * Clean up any locks held by this process on the vp.
229	 */
230	cleanlocks(vp, ddi_get_pid(), 0);
231	cleanshares(vp, ddi_get_pid());
232
233	ZFS_ENTER(zfsvfs);
234	ZFS_VERIFY_ZP(zp);
235
236	/* Decrement the synchronous opens in the znode */
237	if ((flag & (FSYNC | FDSYNC)) && (count == 1))
238		atomic_dec_32(&zp->z_sync_cnt);
239
240	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
241	    ZTOV(zp)->v_type == VREG &&
242	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0)
243		VERIFY(fs_vscan(vp, cr, 1) == 0);
244
245	ZFS_EXIT(zfsvfs);
246	return (0);
247}
248
249/*
250 * Lseek support for finding holes (cmd == _FIO_SEEK_HOLE) and
251 * data (cmd == _FIO_SEEK_DATA). "off" is an in/out parameter.
252 */
253static int
254zfs_holey(vnode_t *vp, int cmd, offset_t *off)
255{
256	znode_t	*zp = VTOZ(vp);
257	uint64_t noff = (uint64_t)*off; /* new offset */
258	uint64_t file_sz;
259	int error;
260	boolean_t hole;
261
262	file_sz = zp->z_size;
263	if (noff >= file_sz)  {
264		return (SET_ERROR(ENXIO));
265	}
266
267	if (cmd == _FIO_SEEK_HOLE)
268		hole = B_TRUE;
269	else
270		hole = B_FALSE;
271
272	error = dmu_offset_next(zp->z_zfsvfs->z_os, zp->z_id, hole, &noff);
273
274	/* end of file? */
275	if ((error == ESRCH) || (noff > file_sz)) {
276		/*
277		 * Handle the virtual hole at the end of file.
278		 */
279		if (hole) {
280			*off = file_sz;
281			return (0);
282		}
283		return (SET_ERROR(ENXIO));
284	}
285
286	if (noff < *off)
287		return (error);
288	*off = noff;
289	return (error);
290}
291
292/* ARGSUSED */
293static int
294zfs_ioctl(vnode_t *vp, int com, intptr_t data, int flag, cred_t *cred,
295    int *rvalp, caller_context_t *ct)
296{
297	offset_t off;
298	int error;
299	zfsvfs_t *zfsvfs;
300	znode_t *zp;
301
302	switch (com) {
303	case _FIOFFS:
304		return (zfs_sync(vp->v_vfsp, 0, cred));
305
306		/*
307		 * The following two ioctls are used by bfu.  Faking out,
308		 * necessary to avoid bfu errors.
309		 */
310	case _FIOGDIO:
311	case _FIOSDIO:
312		return (0);
313
314	case _FIO_SEEK_DATA:
315	case _FIO_SEEK_HOLE:
316		if (ddi_copyin((void *)data, &off, sizeof (off), flag))
317			return (SET_ERROR(EFAULT));
318
319		zp = VTOZ(vp);
320		zfsvfs = zp->z_zfsvfs;
321		ZFS_ENTER(zfsvfs);
322		ZFS_VERIFY_ZP(zp);
323
324		/* offset parameter is in/out */
325		error = zfs_holey(vp, com, &off);
326		ZFS_EXIT(zfsvfs);
327		if (error)
328			return (error);
329		if (ddi_copyout(&off, (void *)data, sizeof (off), flag))
330			return (SET_ERROR(EFAULT));
331		return (0);
332	}
333	return (SET_ERROR(ENOTTY));
334}
335
336/*
337 * Utility functions to map and unmap a single physical page.  These
338 * are used to manage the mappable copies of ZFS file data, and therefore
339 * do not update ref/mod bits.
340 */
341caddr_t
342zfs_map_page(page_t *pp, enum seg_rw rw)
343{
344	if (kpm_enable)
345		return (hat_kpm_mapin(pp, 0));
346	ASSERT(rw == S_READ || rw == S_WRITE);
347	return (ppmapin(pp, PROT_READ | ((rw == S_WRITE) ? PROT_WRITE : 0),
348	    (caddr_t)-1));
349}
350
351void
352zfs_unmap_page(page_t *pp, caddr_t addr)
353{
354	if (kpm_enable) {
355		hat_kpm_mapout(pp, 0, addr);
356	} else {
357		ppmapout(addr);
358	}
359}
360
361/*
362 * When a file is memory mapped, we must keep the IO data synchronized
363 * between the DMU cache and the memory mapped pages.  What this means:
364 *
365 * On Write:	If we find a memory mapped page, we write to *both*
366 *		the page and the dmu buffer.
367 */
368static void
369update_pages(vnode_t *vp, int64_t start, int len, objset_t *os, uint64_t oid)
370{
371	int64_t	off;
372
373	off = start & PAGEOFFSET;
374	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
375		page_t *pp;
376		uint64_t nbytes = MIN(PAGESIZE - off, len);
377
378		if (pp = page_lookup(vp, start, SE_SHARED)) {
379			caddr_t va;
380
381			va = zfs_map_page(pp, S_WRITE);
382			(void) dmu_read(os, oid, start+off, nbytes, va+off,
383			    DMU_READ_PREFETCH);
384			zfs_unmap_page(pp, va);
385			page_unlock(pp);
386		}
387		len -= nbytes;
388		off = 0;
389	}
390}
391
392/*
393 * When a file is memory mapped, we must keep the IO data synchronized
394 * between the DMU cache and the memory mapped pages.  What this means:
395 *
396 * On Read:	We "read" preferentially from memory mapped pages,
397 *		else we default from the dmu buffer.
398 *
399 * NOTE: We will always "break up" the IO into PAGESIZE uiomoves when
400 *	 the file is memory mapped.
401 */
402static int
403mappedread(vnode_t *vp, int nbytes, uio_t *uio)
404{
405	znode_t *zp = VTOZ(vp);
406	objset_t *os = zp->z_zfsvfs->z_os;
407	int64_t	start, off;
408	int len = nbytes;
409	int error = 0;
410
411	start = uio->uio_loffset;
412	off = start & PAGEOFFSET;
413	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
414		page_t *pp;
415		uint64_t bytes = MIN(PAGESIZE - off, len);
416
417		if (pp = page_lookup(vp, start, SE_SHARED)) {
418			caddr_t va;
419
420			va = zfs_map_page(pp, S_READ);
421			error = uiomove(va + off, bytes, UIO_READ, uio);
422			zfs_unmap_page(pp, va);
423			page_unlock(pp);
424		} else {
425			error = dmu_read_uio(os, zp->z_id, uio, bytes);
426		}
427		len -= bytes;
428		off = 0;
429		if (error)
430			break;
431	}
432	return (error);
433}
434
435offset_t zfs_read_chunk_size = 1024 * 1024; /* Tunable */
436
437/*
438 * Read bytes from specified file into supplied buffer.
439 *
440 *	IN:	vp	- vnode of file to be read from.
441 *		uio	- structure supplying read location, range info,
442 *			  and return buffer.
443 *		ioflag	- SYNC flags; used to provide FRSYNC semantics.
444 *		cr	- credentials of caller.
445 *		ct	- caller context
446 *
447 *	OUT:	uio	- updated offset and range, buffer filled.
448 *
449 *	RETURN:	0 on success, error code on failure.
450 *
451 * Side Effects:
452 *	vp - atime updated if byte count > 0
453 */
454/* ARGSUSED */
455static int
456zfs_read(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
457{
458	znode_t		*zp = VTOZ(vp);
459	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
460	objset_t	*os;
461	ssize_t		n, nbytes;
462	int		error = 0;
463	rl_t		*rl;
464	xuio_t		*xuio = NULL;
465
466	ZFS_ENTER(zfsvfs);
467	ZFS_VERIFY_ZP(zp);
468	os = zfsvfs->z_os;
469
470	if (zp->z_pflags & ZFS_AV_QUARANTINED) {
471		ZFS_EXIT(zfsvfs);
472		return (SET_ERROR(EACCES));
473	}
474
475	/*
476	 * Validate file offset
477	 */
478	if (uio->uio_loffset < (offset_t)0) {
479		ZFS_EXIT(zfsvfs);
480		return (SET_ERROR(EINVAL));
481	}
482
483	/*
484	 * Fasttrack empty reads
485	 */
486	if (uio->uio_resid == 0) {
487		ZFS_EXIT(zfsvfs);
488		return (0);
489	}
490
491	/*
492	 * Check for mandatory locks
493	 */
494	if (MANDMODE(zp->z_mode)) {
495		if (error = chklock(vp, FREAD,
496		    uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct)) {
497			ZFS_EXIT(zfsvfs);
498			return (error);
499		}
500	}
501
502	/*
503	 * If we're in FRSYNC mode, sync out this znode before reading it.
504	 */
505	if (ioflag & FRSYNC || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
506		zil_commit(zfsvfs->z_log, zp->z_id);
507
508	/*
509	 * Lock the range against changes.
510	 */
511	rl = zfs_range_lock(zp, uio->uio_loffset, uio->uio_resid, RL_READER);
512
513	/*
514	 * If we are reading past end-of-file we can skip
515	 * to the end; but we might still need to set atime.
516	 */
517	if (uio->uio_loffset >= zp->z_size) {
518		error = 0;
519		goto out;
520	}
521
522	ASSERT(uio->uio_loffset < zp->z_size);
523	n = MIN(uio->uio_resid, zp->z_size - uio->uio_loffset);
524
525	if ((uio->uio_extflg == UIO_XUIO) &&
526	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY)) {
527		int nblk;
528		int blksz = zp->z_blksz;
529		uint64_t offset = uio->uio_loffset;
530
531		xuio = (xuio_t *)uio;
532		if ((ISP2(blksz))) {
533			nblk = (P2ROUNDUP(offset + n, blksz) - P2ALIGN(offset,
534			    blksz)) / blksz;
535		} else {
536			ASSERT(offset + n <= blksz);
537			nblk = 1;
538		}
539		(void) dmu_xuio_init(xuio, nblk);
540
541		if (vn_has_cached_data(vp)) {
542			/*
543			 * For simplicity, we always allocate a full buffer
544			 * even if we only expect to read a portion of a block.
545			 */
546			while (--nblk >= 0) {
547				(void) dmu_xuio_add(xuio,
548				    dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
549				    blksz), 0, blksz);
550			}
551		}
552	}
553
554	while (n > 0) {
555		nbytes = MIN(n, zfs_read_chunk_size -
556		    P2PHASE(uio->uio_loffset, zfs_read_chunk_size));
557
558		if (vn_has_cached_data(vp))
559			error = mappedread(vp, nbytes, uio);
560		else
561			error = dmu_read_uio(os, zp->z_id, uio, nbytes);
562		if (error) {
563			/* convert checksum errors into IO errors */
564			if (error == ECKSUM)
565				error = SET_ERROR(EIO);
566			break;
567		}
568
569		n -= nbytes;
570	}
571out:
572	zfs_range_unlock(rl);
573
574	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
575	ZFS_EXIT(zfsvfs);
576	return (error);
577}
578
579/*
580 * Write the bytes to a file.
581 *
582 *	IN:	vp	- vnode of file to be written to.
583 *		uio	- structure supplying write location, range info,
584 *			  and data buffer.
585 *		ioflag	- FAPPEND, FSYNC, and/or FDSYNC.  FAPPEND is
586 *			  set if in append mode.
587 *		cr	- credentials of caller.
588 *		ct	- caller context (NFS/CIFS fem monitor only)
589 *
590 *	OUT:	uio	- updated offset and range.
591 *
592 *	RETURN:	0 on success, error code on failure.
593 *
594 * Timestamps:
595 *	vp - ctime|mtime updated if byte count > 0
596 */
597
598/* ARGSUSED */
599static int
600zfs_write(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
601{
602	znode_t		*zp = VTOZ(vp);
603	rlim64_t	limit = uio->uio_llimit;
604	ssize_t		start_resid = uio->uio_resid;
605	ssize_t		tx_bytes;
606	uint64_t	end_size;
607	dmu_tx_t	*tx;
608	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
609	zilog_t		*zilog;
610	offset_t	woff;
611	ssize_t		n, nbytes;
612	rl_t		*rl;
613	int		max_blksz = zfsvfs->z_max_blksz;
614	int		error = 0;
615	arc_buf_t	*abuf;
616	iovec_t		*aiov = NULL;
617	xuio_t		*xuio = NULL;
618	int		i_iov = 0;
619	int		iovcnt = uio->uio_iovcnt;
620	iovec_t		*iovp = uio->uio_iov;
621	int		write_eof;
622	int		count = 0;
623	sa_bulk_attr_t	bulk[4];
624	uint64_t	mtime[2], ctime[2];
625
626	/*
627	 * Fasttrack empty write
628	 */
629	n = start_resid;
630	if (n == 0)
631		return (0);
632
633	if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
634		limit = MAXOFFSET_T;
635
636	ZFS_ENTER(zfsvfs);
637	ZFS_VERIFY_ZP(zp);
638
639	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
640	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
641	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,
642	    &zp->z_size, 8);
643	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
644	    &zp->z_pflags, 8);
645
646	/*
647	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
648	 * callers might not be able to detect properly that we are read-only,
649	 * so check it explicitly here.
650	 */
651	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
652		ZFS_EXIT(zfsvfs);
653		return (SET_ERROR(EROFS));
654	}
655
656	/*
657	 * If immutable or not appending then return EPERM
658	 */
659	if ((zp->z_pflags & (ZFS_IMMUTABLE | ZFS_READONLY)) ||
660	    ((zp->z_pflags & ZFS_APPENDONLY) && !(ioflag & FAPPEND) &&
661	    (uio->uio_loffset < zp->z_size))) {
662		ZFS_EXIT(zfsvfs);
663		return (SET_ERROR(EPERM));
664	}
665
666	zilog = zfsvfs->z_log;
667
668	/*
669	 * Validate file offset
670	 */
671	woff = ioflag & FAPPEND ? zp->z_size : uio->uio_loffset;
672	if (woff < 0) {
673		ZFS_EXIT(zfsvfs);
674		return (SET_ERROR(EINVAL));
675	}
676
677	/*
678	 * Check for mandatory locks before calling zfs_range_lock()
679	 * in order to prevent a deadlock with locks set via fcntl().
680	 */
681	if (MANDMODE((mode_t)zp->z_mode) &&
682	    (error = chklock(vp, FWRITE, woff, n, uio->uio_fmode, ct)) != 0) {
683		ZFS_EXIT(zfsvfs);
684		return (error);
685	}
686
687	/*
688	 * Pre-fault the pages to ensure slow (eg NFS) pages
689	 * don't hold up txg.
690	 * Skip this if uio contains loaned arc_buf.
691	 */
692	if ((uio->uio_extflg == UIO_XUIO) &&
693	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY))
694		xuio = (xuio_t *)uio;
695	else
696		uio_prefaultpages(MIN(n, max_blksz), uio);
697
698	/*
699	 * If in append mode, set the io offset pointer to eof.
700	 */
701	if (ioflag & FAPPEND) {
702		/*
703		 * Obtain an appending range lock to guarantee file append
704		 * semantics.  We reset the write offset once we have the lock.
705		 */
706		rl = zfs_range_lock(zp, 0, n, RL_APPEND);
707		woff = rl->r_off;
708		if (rl->r_len == UINT64_MAX) {
709			/*
710			 * We overlocked the file because this write will cause
711			 * the file block size to increase.
712			 * Note that zp_size cannot change with this lock held.
713			 */
714			woff = zp->z_size;
715		}
716		uio->uio_loffset = woff;
717	} else {
718		/*
719		 * Note that if the file block size will change as a result of
720		 * this write, then this range lock will lock the entire file
721		 * so that we can re-write the block safely.
722		 */
723		rl = zfs_range_lock(zp, woff, n, RL_WRITER);
724	}
725
726	if (woff >= limit) {
727		zfs_range_unlock(rl);
728		ZFS_EXIT(zfsvfs);
729		return (SET_ERROR(EFBIG));
730	}
731
732	if ((woff + n) > limit || woff > (limit - n))
733		n = limit - woff;
734
735	/* Will this write extend the file length? */
736	write_eof = (woff + n > zp->z_size);
737
738	end_size = MAX(zp->z_size, woff + n);
739
740	/*
741	 * Write the file in reasonable size chunks.  Each chunk is written
742	 * in a separate transaction; this keeps the intent log records small
743	 * and allows us to do more fine-grained space accounting.
744	 */
745	while (n > 0) {
746		abuf = NULL;
747		woff = uio->uio_loffset;
748		if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
749		    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
750			if (abuf != NULL)
751				dmu_return_arcbuf(abuf);
752			error = SET_ERROR(EDQUOT);
753			break;
754		}
755
756		if (xuio && abuf == NULL) {
757			ASSERT(i_iov < iovcnt);
758			aiov = &iovp[i_iov];
759			abuf = dmu_xuio_arcbuf(xuio, i_iov);
760			dmu_xuio_clear(xuio, i_iov);
761			DTRACE_PROBE3(zfs_cp_write, int, i_iov,
762			    iovec_t *, aiov, arc_buf_t *, abuf);
763			ASSERT((aiov->iov_base == abuf->b_data) ||
764			    ((char *)aiov->iov_base - (char *)abuf->b_data +
765			    aiov->iov_len == arc_buf_size(abuf)));
766			i_iov++;
767		} else if (abuf == NULL && n >= max_blksz &&
768		    woff >= zp->z_size &&
769		    P2PHASE(woff, max_blksz) == 0 &&
770		    zp->z_blksz == max_blksz) {
771			/*
772			 * This write covers a full block.  "Borrow" a buffer
773			 * from the dmu so that we can fill it before we enter
774			 * a transaction.  This avoids the possibility of
775			 * holding up the transaction if the data copy hangs
776			 * up on a pagefault (e.g., from an NFS server mapping).
777			 */
778			size_t cbytes;
779
780			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
781			    max_blksz);
782			ASSERT(abuf != NULL);
783			ASSERT(arc_buf_size(abuf) == max_blksz);
784			if (error = uiocopy(abuf->b_data, max_blksz,
785			    UIO_WRITE, uio, &cbytes)) {
786				dmu_return_arcbuf(abuf);
787				break;
788			}
789			ASSERT(cbytes == max_blksz);
790		}
791
792		/*
793		 * Start a transaction.
794		 */
795		tx = dmu_tx_create(zfsvfs->z_os);
796		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
797		dmu_tx_hold_write(tx, zp->z_id, woff, MIN(n, max_blksz));
798		zfs_sa_upgrade_txholds(tx, zp);
799		error = dmu_tx_assign(tx, TXG_WAIT);
800		if (error) {
801			dmu_tx_abort(tx);
802			if (abuf != NULL)
803				dmu_return_arcbuf(abuf);
804			break;
805		}
806
807		/*
808		 * If zfs_range_lock() over-locked we grow the blocksize
809		 * and then reduce the lock range.  This will only happen
810		 * on the first iteration since zfs_range_reduce() will
811		 * shrink down r_len to the appropriate size.
812		 */
813		if (rl->r_len == UINT64_MAX) {
814			uint64_t new_blksz;
815
816			if (zp->z_blksz > max_blksz) {
817				ASSERT(!ISP2(zp->z_blksz));
818				new_blksz = MIN(end_size, SPA_MAXBLOCKSIZE);
819			} else {
820				new_blksz = MIN(end_size, max_blksz);
821			}
822			zfs_grow_blocksize(zp, new_blksz, tx);
823			zfs_range_reduce(rl, woff, n);
824		}
825
826		/*
827		 * XXX - should we really limit each write to z_max_blksz?
828		 * Perhaps we should use SPA_MAXBLOCKSIZE chunks?
829		 */
830		nbytes = MIN(n, max_blksz - P2PHASE(woff, max_blksz));
831
832		if (abuf == NULL) {
833			tx_bytes = uio->uio_resid;
834			error = dmu_write_uio_dbuf(sa_get_db(zp->z_sa_hdl),
835			    uio, nbytes, tx);
836			tx_bytes -= uio->uio_resid;
837		} else {
838			tx_bytes = nbytes;
839			ASSERT(xuio == NULL || tx_bytes == aiov->iov_len);
840			/*
841			 * If this is not a full block write, but we are
842			 * extending the file past EOF and this data starts
843			 * block-aligned, use assign_arcbuf().  Otherwise,
844			 * write via dmu_write().
845			 */
846			if (tx_bytes < max_blksz && (!write_eof ||
847			    aiov->iov_base != abuf->b_data)) {
848				ASSERT(xuio);
849				dmu_write(zfsvfs->z_os, zp->z_id, woff,
850				    aiov->iov_len, aiov->iov_base, tx);
851				dmu_return_arcbuf(abuf);
852				xuio_stat_wbuf_copied();
853			} else {
854				ASSERT(xuio || tx_bytes == max_blksz);
855				dmu_assign_arcbuf(sa_get_db(zp->z_sa_hdl),
856				    woff, abuf, tx);
857			}
858			ASSERT(tx_bytes <= uio->uio_resid);
859			uioskip(uio, tx_bytes);
860		}
861		if (tx_bytes && vn_has_cached_data(vp)) {
862			update_pages(vp, woff,
863			    tx_bytes, zfsvfs->z_os, zp->z_id);
864		}
865
866		/*
867		 * If we made no progress, we're done.  If we made even
868		 * partial progress, update the znode and ZIL accordingly.
869		 */
870		if (tx_bytes == 0) {
871			(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
872			    (void *)&zp->z_size, sizeof (uint64_t), tx);
873			dmu_tx_commit(tx);
874			ASSERT(error != 0);
875			break;
876		}
877
878		/*
879		 * Clear Set-UID/Set-GID bits on successful write if not
880		 * privileged and at least one of the excute bits is set.
881		 *
882		 * It would be nice to to this after all writes have
883		 * been done, but that would still expose the ISUID/ISGID
884		 * to another app after the partial write is committed.
885		 *
886		 * Note: we don't call zfs_fuid_map_id() here because
887		 * user 0 is not an ephemeral uid.
888		 */
889		mutex_enter(&zp->z_acl_lock);
890		if ((zp->z_mode & (S_IXUSR | (S_IXUSR >> 3) |
891		    (S_IXUSR >> 6))) != 0 &&
892		    (zp->z_mode & (S_ISUID | S_ISGID)) != 0 &&
893		    secpolicy_vnode_setid_retain(cr,
894		    (zp->z_mode & S_ISUID) != 0 && zp->z_uid == 0) != 0) {
895			uint64_t newmode;
896			zp->z_mode &= ~(S_ISUID | S_ISGID);
897			newmode = zp->z_mode;
898			(void) sa_update(zp->z_sa_hdl, SA_ZPL_MODE(zfsvfs),
899			    (void *)&newmode, sizeof (uint64_t), tx);
900		}
901		mutex_exit(&zp->z_acl_lock);
902
903		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
904		    B_TRUE);
905
906		/*
907		 * Update the file size (zp_size) if it has changed;
908		 * account for possible concurrent updates.
909		 */
910		while ((end_size = zp->z_size) < uio->uio_loffset) {
911			(void) atomic_cas_64(&zp->z_size, end_size,
912			    uio->uio_loffset);
913			ASSERT(error == 0);
914		}
915		/*
916		 * If we are replaying and eof is non zero then force
917		 * the file size to the specified eof. Note, there's no
918		 * concurrency during replay.
919		 */
920		if (zfsvfs->z_replay && zfsvfs->z_replay_eof != 0)
921			zp->z_size = zfsvfs->z_replay_eof;
922
923		error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
924
925		zfs_log_write(zilog, tx, TX_WRITE, zp, woff, tx_bytes, ioflag);
926		dmu_tx_commit(tx);
927
928		if (error != 0)
929			break;
930		ASSERT(tx_bytes == nbytes);
931		n -= nbytes;
932
933		if (!xuio && n > 0)
934			uio_prefaultpages(MIN(n, max_blksz), uio);
935	}
936
937	zfs_range_unlock(rl);
938
939	/*
940	 * If we're in replay mode, or we made no progress, return error.
941	 * Otherwise, it's at least a partial write, so it's successful.
942	 */
943	if (zfsvfs->z_replay || uio->uio_resid == start_resid) {
944		ZFS_EXIT(zfsvfs);
945		return (error);
946	}
947
948	if (ioflag & (FSYNC | FDSYNC) ||
949	    zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
950		zil_commit(zilog, zp->z_id);
951
952	ZFS_EXIT(zfsvfs);
953	return (0);
954}
955
956void
957zfs_get_done(zgd_t *zgd, int error)
958{
959	znode_t *zp = zgd->zgd_private;
960	objset_t *os = zp->z_zfsvfs->z_os;
961
962	if (zgd->zgd_db)
963		dmu_buf_rele(zgd->zgd_db, zgd);
964
965	zfs_range_unlock(zgd->zgd_rl);
966
967	/*
968	 * Release the vnode asynchronously as we currently have the
969	 * txg stopped from syncing.
970	 */
971	VN_RELE_ASYNC(ZTOV(zp), dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
972
973	if (error == 0 && zgd->zgd_bp)
974		zil_add_block(zgd->zgd_zilog, zgd->zgd_bp);
975
976	kmem_free(zgd, sizeof (zgd_t));
977}
978
979#ifdef DEBUG
980static int zil_fault_io = 0;
981#endif
982
983/*
984 * Get data to generate a TX_WRITE intent log record.
985 */
986int
987zfs_get_data(void *arg, lr_write_t *lr, char *buf, zio_t *zio)
988{
989	zfsvfs_t *zfsvfs = arg;
990	objset_t *os = zfsvfs->z_os;
991	znode_t *zp;
992	uint64_t object = lr->lr_foid;
993	uint64_t offset = lr->lr_offset;
994	uint64_t size = lr->lr_length;
995	blkptr_t *bp = &lr->lr_blkptr;
996	dmu_buf_t *db;
997	zgd_t *zgd;
998	int error = 0;
999
1000	ASSERT(zio != NULL);
1001	ASSERT(size != 0);
1002
1003	/*
1004	 * Nothing to do if the file has been removed
1005	 */
1006	if (zfs_zget(zfsvfs, object, &zp) != 0)
1007		return (SET_ERROR(ENOENT));
1008	if (zp->z_unlinked) {
1009		/*
1010		 * Release the vnode asynchronously as we currently have the
1011		 * txg stopped from syncing.
1012		 */
1013		VN_RELE_ASYNC(ZTOV(zp),
1014		    dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
1015		return (SET_ERROR(ENOENT));
1016	}
1017
1018	zgd = (zgd_t *)kmem_zalloc(sizeof (zgd_t), KM_SLEEP);
1019	zgd->zgd_zilog = zfsvfs->z_log;
1020	zgd->zgd_private = zp;
1021
1022	/*
1023	 * Write records come in two flavors: immediate and indirect.
1024	 * For small writes it's cheaper to store the data with the
1025	 * log record (immediate); for large writes it's cheaper to
1026	 * sync the data and get a pointer to it (indirect) so that
1027	 * we don't have to write the data twice.
1028	 */
1029	if (buf != NULL) { /* immediate write */
1030		zgd->zgd_rl = zfs_range_lock(zp, offset, size, RL_READER);
1031		/* test for truncation needs to be done while range locked */
1032		if (offset >= zp->z_size) {
1033			error = SET_ERROR(ENOENT);
1034		} else {
1035			error = dmu_read(os, object, offset, size, buf,
1036			    DMU_READ_NO_PREFETCH);
1037		}
1038		ASSERT(error == 0 || error == ENOENT);
1039	} else { /* indirect write */
1040		/*
1041		 * Have to lock the whole block to ensure when it's
1042		 * written out and it's checksum is being calculated
1043		 * that no one can change the data. We need to re-check
1044		 * blocksize after we get the lock in case it's changed!
1045		 */
1046		for (;;) {
1047			uint64_t blkoff;
1048			size = zp->z_blksz;
1049			blkoff = ISP2(size) ? P2PHASE(offset, size) : offset;
1050			offset -= blkoff;
1051			zgd->zgd_rl = zfs_range_lock(zp, offset, size,
1052			    RL_READER);
1053			if (zp->z_blksz == size)
1054				break;
1055			offset += blkoff;
1056			zfs_range_unlock(zgd->zgd_rl);
1057		}
1058		/* test for truncation needs to be done while range locked */
1059		if (lr->lr_offset >= zp->z_size)
1060			error = SET_ERROR(ENOENT);
1061#ifdef DEBUG
1062		if (zil_fault_io) {
1063			error = SET_ERROR(EIO);
1064			zil_fault_io = 0;
1065		}
1066#endif
1067		if (error == 0)
1068			error = dmu_buf_hold(os, object, offset, zgd, &db,
1069			    DMU_READ_NO_PREFETCH);
1070
1071		if (error == 0) {
1072			blkptr_t *obp = dmu_buf_get_blkptr(db);
1073			if (obp) {
1074				ASSERT(BP_IS_HOLE(bp));
1075				*bp = *obp;
1076			}
1077
1078			zgd->zgd_db = db;
1079			zgd->zgd_bp = bp;
1080
1081			ASSERT(db->db_offset == offset);
1082			ASSERT(db->db_size == size);
1083
1084			error = dmu_sync(zio, lr->lr_common.lrc_txg,
1085			    zfs_get_done, zgd);
1086			ASSERT(error || lr->lr_length <= zp->z_blksz);
1087
1088			/*
1089			 * On success, we need to wait for the write I/O
1090			 * initiated by dmu_sync() to complete before we can
1091			 * release this dbuf.  We will finish everything up
1092			 * in the zfs_get_done() callback.
1093			 */
1094			if (error == 0)
1095				return (0);
1096
1097			if (error == EALREADY) {
1098				lr->lr_common.lrc_txtype = TX_WRITE2;
1099				error = 0;
1100			}
1101		}
1102	}
1103
1104	zfs_get_done(zgd, error);
1105
1106	return (error);
1107}
1108
1109/*ARGSUSED*/
1110static int
1111zfs_access(vnode_t *vp, int mode, int flag, cred_t *cr,
1112    caller_context_t *ct)
1113{
1114	znode_t *zp = VTOZ(vp);
1115	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1116	int error;
1117
1118	ZFS_ENTER(zfsvfs);
1119	ZFS_VERIFY_ZP(zp);
1120
1121	if (flag & V_ACE_MASK)
1122		error = zfs_zaccess(zp, mode, flag, B_FALSE, cr);
1123	else
1124		error = zfs_zaccess_rwx(zp, mode, flag, cr);
1125
1126	ZFS_EXIT(zfsvfs);
1127	return (error);
1128}
1129
1130/*
1131 * If vnode is for a device return a specfs vnode instead.
1132 */
1133static int
1134specvp_check(vnode_t **vpp, cred_t *cr)
1135{
1136	int error = 0;
1137
1138	if (IS_DEVVP(*vpp)) {
1139		struct vnode *svp;
1140
1141		svp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type, cr);
1142		VN_RELE(*vpp);
1143		if (svp == NULL)
1144			error = SET_ERROR(ENOSYS);
1145		*vpp = svp;
1146	}
1147	return (error);
1148}
1149
1150
1151/*
1152 * Lookup an entry in a directory, or an extended attribute directory.
1153 * If it exists, return a held vnode reference for it.
1154 *
1155 *	IN:	dvp	- vnode of directory to search.
1156 *		nm	- name of entry to lookup.
1157 *		pnp	- full pathname to lookup [UNUSED].
1158 *		flags	- LOOKUP_XATTR set if looking for an attribute.
1159 *		rdir	- root directory vnode [UNUSED].
1160 *		cr	- credentials of caller.
1161 *		ct	- caller context
1162 *		direntflags - directory lookup flags
1163 *		realpnp - returned pathname.
1164 *
1165 *	OUT:	vpp	- vnode of located entry, NULL if not found.
1166 *
1167 *	RETURN:	0 on success, error code on failure.
1168 *
1169 * Timestamps:
1170 *	NA
1171 */
1172/* ARGSUSED */
1173static int
1174zfs_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1175    int flags, vnode_t *rdir, cred_t *cr,  caller_context_t *ct,
1176    int *direntflags, pathname_t *realpnp)
1177{
1178	znode_t *zdp = VTOZ(dvp);
1179	zfsvfs_t *zfsvfs = zdp->z_zfsvfs;
1180	int	error = 0;
1181
1182	/* fast path */
1183	if (!(flags & (LOOKUP_XATTR | FIGNORECASE))) {
1184
1185		if (dvp->v_type != VDIR) {
1186			return (SET_ERROR(ENOTDIR));
1187		} else if (zdp->z_sa_hdl == NULL) {
1188			return (SET_ERROR(EIO));
1189		}
1190
1191		if (nm[0] == 0 || (nm[0] == '.' && nm[1] == '\0')) {
1192			error = zfs_fastaccesschk_execute(zdp, cr);
1193			if (!error) {
1194				*vpp = dvp;
1195				VN_HOLD(*vpp);
1196				return (0);
1197			}
1198			return (error);
1199		} else {
1200			vnode_t *tvp = dnlc_lookup(dvp, nm);
1201
1202			if (tvp) {
1203				error = zfs_fastaccesschk_execute(zdp, cr);
1204				if (error) {
1205					VN_RELE(tvp);
1206					return (error);
1207				}
1208				if (tvp == DNLC_NO_VNODE) {
1209					VN_RELE(tvp);
1210					return (SET_ERROR(ENOENT));
1211				} else {
1212					*vpp = tvp;
1213					return (specvp_check(vpp, cr));
1214				}
1215			}
1216		}
1217	}
1218
1219	DTRACE_PROBE2(zfs__fastpath__lookup__miss, vnode_t *, dvp, char *, nm);
1220
1221	ZFS_ENTER(zfsvfs);
1222	ZFS_VERIFY_ZP(zdp);
1223
1224	*vpp = NULL;
1225
1226	if (flags & LOOKUP_XATTR) {
1227		/*
1228		 * If the xattr property is off, refuse the lookup request.
1229		 */
1230		if (!(zfsvfs->z_vfs->vfs_flag & VFS_XATTR)) {
1231			ZFS_EXIT(zfsvfs);
1232			return (SET_ERROR(EINVAL));
1233		}
1234
1235		/*
1236		 * We don't allow recursive attributes..
1237		 * Maybe someday we will.
1238		 */
1239		if (zdp->z_pflags & ZFS_XATTR) {
1240			ZFS_EXIT(zfsvfs);
1241			return (SET_ERROR(EINVAL));
1242		}
1243
1244		if (error = zfs_get_xattrdir(VTOZ(dvp), vpp, cr, flags)) {
1245			ZFS_EXIT(zfsvfs);
1246			return (error);
1247		}
1248
1249		/*
1250		 * Do we have permission to get into attribute directory?
1251		 */
1252
1253		if (error = zfs_zaccess(VTOZ(*vpp), ACE_EXECUTE, 0,
1254		    B_FALSE, cr)) {
1255			VN_RELE(*vpp);
1256			*vpp = NULL;
1257		}
1258
1259		ZFS_EXIT(zfsvfs);
1260		return (error);
1261	}
1262
1263	if (dvp->v_type != VDIR) {
1264		ZFS_EXIT(zfsvfs);
1265		return (SET_ERROR(ENOTDIR));
1266	}
1267
1268	/*
1269	 * Check accessibility of directory.
1270	 */
1271
1272	if (error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr)) {
1273		ZFS_EXIT(zfsvfs);
1274		return (error);
1275	}
1276
1277	if (zfsvfs->z_utf8 && u8_validate(nm, strlen(nm),
1278	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1279		ZFS_EXIT(zfsvfs);
1280		return (SET_ERROR(EILSEQ));
1281	}
1282
1283	error = zfs_dirlook(zdp, nm, vpp, flags, direntflags, realpnp);
1284	if (error == 0)
1285		error = specvp_check(vpp, cr);
1286
1287	ZFS_EXIT(zfsvfs);
1288	return (error);
1289}
1290
1291/*
1292 * Attempt to create a new entry in a directory.  If the entry
1293 * already exists, truncate the file if permissible, else return
1294 * an error.  Return the vp of the created or trunc'd file.
1295 *
1296 *	IN:	dvp	- vnode of directory to put new file entry in.
1297 *		name	- name of new file entry.
1298 *		vap	- attributes of new file.
1299 *		excl	- flag indicating exclusive or non-exclusive mode.
1300 *		mode	- mode to open file with.
1301 *		cr	- credentials of caller.
1302 *		flag	- large file flag [UNUSED].
1303 *		ct	- caller context
1304 *		vsecp 	- ACL to be set
1305 *
1306 *	OUT:	vpp	- vnode of created or trunc'd entry.
1307 *
1308 *	RETURN:	0 on success, error code on failure.
1309 *
1310 * Timestamps:
1311 *	dvp - ctime|mtime updated if new entry created
1312 *	 vp - ctime|mtime always, atime if new
1313 */
1314
1315/* ARGSUSED */
1316static int
1317zfs_create(vnode_t *dvp, char *name, vattr_t *vap, vcexcl_t excl,
1318    int mode, vnode_t **vpp, cred_t *cr, int flag, caller_context_t *ct,
1319    vsecattr_t *vsecp)
1320{
1321	znode_t		*zp, *dzp = VTOZ(dvp);
1322	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1323	zilog_t		*zilog;
1324	objset_t	*os;
1325	zfs_dirlock_t	*dl;
1326	dmu_tx_t	*tx;
1327	int		error;
1328	ksid_t		*ksid;
1329	uid_t		uid;
1330	gid_t		gid = crgetgid(cr);
1331	zfs_acl_ids_t   acl_ids;
1332	boolean_t	fuid_dirtied;
1333	boolean_t	have_acl = B_FALSE;
1334	boolean_t	waited = B_FALSE;
1335
1336	/*
1337	 * If we have an ephemeral id, ACL, or XVATTR then
1338	 * make sure file system is at proper version
1339	 */
1340
1341	ksid = crgetsid(cr, KSID_OWNER);
1342	if (ksid)
1343		uid = ksid_getid(ksid);
1344	else
1345		uid = crgetuid(cr);
1346
1347	if (zfsvfs->z_use_fuids == B_FALSE &&
1348	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1349	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1350		return (SET_ERROR(EINVAL));
1351
1352	ZFS_ENTER(zfsvfs);
1353	ZFS_VERIFY_ZP(dzp);
1354	os = zfsvfs->z_os;
1355	zilog = zfsvfs->z_log;
1356
1357	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
1358	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1359		ZFS_EXIT(zfsvfs);
1360		return (SET_ERROR(EILSEQ));
1361	}
1362
1363	if (vap->va_mask & AT_XVATTR) {
1364		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1365		    crgetuid(cr), cr, vap->va_type)) != 0) {
1366			ZFS_EXIT(zfsvfs);
1367			return (error);
1368		}
1369	}
1370top:
1371	*vpp = NULL;
1372
1373	if ((vap->va_mode & VSVTX) && secpolicy_vnode_stky_modify(cr))
1374		vap->va_mode &= ~VSVTX;
1375
1376	if (*name == '\0') {
1377		/*
1378		 * Null component name refers to the directory itself.
1379		 */
1380		VN_HOLD(dvp);
1381		zp = dzp;
1382		dl = NULL;
1383		error = 0;
1384	} else {
1385		/* possible VN_HOLD(zp) */
1386		int zflg = 0;
1387
1388		if (flag & FIGNORECASE)
1389			zflg |= ZCILOOK;
1390
1391		error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1392		    NULL, NULL);
1393		if (error) {
1394			if (have_acl)
1395				zfs_acl_ids_free(&acl_ids);
1396			if (strcmp(name, "..") == 0)
1397				error = SET_ERROR(EISDIR);
1398			ZFS_EXIT(zfsvfs);
1399			return (error);
1400		}
1401	}
1402
1403	if (zp == NULL) {
1404		uint64_t txtype;
1405
1406		/*
1407		 * Create a new file object and update the directory
1408		 * to reference it.
1409		 */
1410		if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
1411			if (have_acl)
1412				zfs_acl_ids_free(&acl_ids);
1413			goto out;
1414		}
1415
1416		/*
1417		 * We only support the creation of regular files in
1418		 * extended attribute directories.
1419		 */
1420
1421		if ((dzp->z_pflags & ZFS_XATTR) &&
1422		    (vap->va_type != VREG)) {
1423			if (have_acl)
1424				zfs_acl_ids_free(&acl_ids);
1425			error = SET_ERROR(EINVAL);
1426			goto out;
1427		}
1428
1429		if (!have_acl && (error = zfs_acl_ids_create(dzp, 0, vap,
1430		    cr, vsecp, &acl_ids)) != 0)
1431			goto out;
1432		have_acl = B_TRUE;
1433
1434		if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1435			zfs_acl_ids_free(&acl_ids);
1436			error = SET_ERROR(EDQUOT);
1437			goto out;
1438		}
1439
1440		tx = dmu_tx_create(os);
1441
1442		dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1443		    ZFS_SA_BASE_ATTR_SIZE);
1444
1445		fuid_dirtied = zfsvfs->z_fuid_dirty;
1446		if (fuid_dirtied)
1447			zfs_fuid_txhold(zfsvfs, tx);
1448		dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
1449		dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
1450		if (!zfsvfs->z_use_sa &&
1451		    acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1452			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
1453			    0, acl_ids.z_aclp->z_acl_bytes);
1454		}
1455		error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1456		if (error) {
1457			zfs_dirent_unlock(dl);
1458			if (error == ERESTART) {
1459				waited = B_TRUE;
1460				dmu_tx_wait(tx);
1461				dmu_tx_abort(tx);
1462				goto top;
1463			}
1464			zfs_acl_ids_free(&acl_ids);
1465			dmu_tx_abort(tx);
1466			ZFS_EXIT(zfsvfs);
1467			return (error);
1468		}
1469		zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1470
1471		if (fuid_dirtied)
1472			zfs_fuid_sync(zfsvfs, tx);
1473
1474		(void) zfs_link_create(dl, zp, tx, ZNEW);
1475		txtype = zfs_log_create_txtype(Z_FILE, vsecp, vap);
1476		if (flag & FIGNORECASE)
1477			txtype |= TX_CI;
1478		zfs_log_create(zilog, tx, txtype, dzp, zp, name,
1479		    vsecp, acl_ids.z_fuidp, vap);
1480		zfs_acl_ids_free(&acl_ids);
1481		dmu_tx_commit(tx);
1482	} else {
1483		int aflags = (flag & FAPPEND) ? V_APPEND : 0;
1484
1485		if (have_acl)
1486			zfs_acl_ids_free(&acl_ids);
1487		have_acl = B_FALSE;
1488
1489		/*
1490		 * A directory entry already exists for this name.
1491		 */
1492		/*
1493		 * Can't truncate an existing file if in exclusive mode.
1494		 */
1495		if (excl == EXCL) {
1496			error = SET_ERROR(EEXIST);
1497			goto out;
1498		}
1499		/*
1500		 * Can't open a directory for writing.
1501		 */
1502		if ((ZTOV(zp)->v_type == VDIR) && (mode & S_IWRITE)) {
1503			error = SET_ERROR(EISDIR);
1504			goto out;
1505		}
1506		/*
1507		 * Verify requested access to file.
1508		 */
1509		if (mode && (error = zfs_zaccess_rwx(zp, mode, aflags, cr))) {
1510			goto out;
1511		}
1512
1513		mutex_enter(&dzp->z_lock);
1514		dzp->z_seq++;
1515		mutex_exit(&dzp->z_lock);
1516
1517		/*
1518		 * Truncate regular files if requested.
1519		 */
1520		if ((ZTOV(zp)->v_type == VREG) &&
1521		    (vap->va_mask & AT_SIZE) && (vap->va_size == 0)) {
1522			/* we can't hold any locks when calling zfs_freesp() */
1523			zfs_dirent_unlock(dl);
1524			dl = NULL;
1525			error = zfs_freesp(zp, 0, 0, mode, TRUE);
1526			if (error == 0) {
1527				vnevent_create(ZTOV(zp), ct);
1528			}
1529		}
1530	}
1531out:
1532
1533	if (dl)
1534		zfs_dirent_unlock(dl);
1535
1536	if (error) {
1537		if (zp)
1538			VN_RELE(ZTOV(zp));
1539	} else {
1540		*vpp = ZTOV(zp);
1541		error = specvp_check(vpp, cr);
1542	}
1543
1544	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1545		zil_commit(zilog, 0);
1546
1547	ZFS_EXIT(zfsvfs);
1548	return (error);
1549}
1550
1551/*
1552 * Remove an entry from a directory.
1553 *
1554 *	IN:	dvp	- vnode of directory to remove entry from.
1555 *		name	- name of entry to remove.
1556 *		cr	- credentials of caller.
1557 *		ct	- caller context
1558 *		flags	- case flags
1559 *
1560 *	RETURN:	0 on success, error code on failure.
1561 *
1562 * Timestamps:
1563 *	dvp - ctime|mtime
1564 *	 vp - ctime (if nlink > 0)
1565 */
1566
1567uint64_t null_xattr = 0;
1568
1569/*ARGSUSED*/
1570static int
1571zfs_remove(vnode_t *dvp, char *name, cred_t *cr, caller_context_t *ct,
1572    int flags)
1573{
1574	znode_t		*zp, *dzp = VTOZ(dvp);
1575	znode_t		*xzp;
1576	vnode_t		*vp;
1577	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1578	zilog_t		*zilog;
1579	uint64_t	acl_obj, xattr_obj;
1580	uint64_t 	xattr_obj_unlinked = 0;
1581	uint64_t	obj = 0;
1582	zfs_dirlock_t	*dl;
1583	dmu_tx_t	*tx;
1584	boolean_t	may_delete_now, delete_now = FALSE;
1585	boolean_t	unlinked, toobig = FALSE;
1586	uint64_t	txtype;
1587	pathname_t	*realnmp = NULL;
1588	pathname_t	realnm;
1589	int		error;
1590	int		zflg = ZEXISTS;
1591	boolean_t	waited = B_FALSE;
1592
1593	ZFS_ENTER(zfsvfs);
1594	ZFS_VERIFY_ZP(dzp);
1595	zilog = zfsvfs->z_log;
1596
1597	if (flags & FIGNORECASE) {
1598		zflg |= ZCILOOK;
1599		pn_alloc(&realnm);
1600		realnmp = &realnm;
1601	}
1602
1603top:
1604	xattr_obj = 0;
1605	xzp = NULL;
1606	/*
1607	 * Attempt to lock directory; fail if entry doesn't exist.
1608	 */
1609	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1610	    NULL, realnmp)) {
1611		if (realnmp)
1612			pn_free(realnmp);
1613		ZFS_EXIT(zfsvfs);
1614		return (error);
1615	}
1616
1617	vp = ZTOV(zp);
1618
1619	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
1620		goto out;
1621	}
1622
1623	/*
1624	 * Need to use rmdir for removing directories.
1625	 */
1626	if (vp->v_type == VDIR) {
1627		error = SET_ERROR(EPERM);
1628		goto out;
1629	}
1630
1631	vnevent_remove(vp, dvp, name, ct);
1632
1633	if (realnmp)
1634		dnlc_remove(dvp, realnmp->pn_buf);
1635	else
1636		dnlc_remove(dvp, name);
1637
1638	mutex_enter(&vp->v_lock);
1639	may_delete_now = vp->v_count == 1 && !vn_has_cached_data(vp);
1640	mutex_exit(&vp->v_lock);
1641
1642	/*
1643	 * We may delete the znode now, or we may put it in the unlinked set;
1644	 * it depends on whether we're the last link, and on whether there are
1645	 * other holds on the vnode.  So we dmu_tx_hold() the right things to
1646	 * allow for either case.
1647	 */
1648	obj = zp->z_id;
1649	tx = dmu_tx_create(zfsvfs->z_os);
1650	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
1651	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
1652	zfs_sa_upgrade_txholds(tx, zp);
1653	zfs_sa_upgrade_txholds(tx, dzp);
1654	if (may_delete_now) {
1655		toobig =
1656		    zp->z_size > zp->z_blksz * DMU_MAX_DELETEBLKCNT;
1657		/* if the file is too big, only hold_free a token amount */
1658		dmu_tx_hold_free(tx, zp->z_id, 0,
1659		    (toobig ? DMU_MAX_ACCESS : DMU_OBJECT_END));
1660	}
1661
1662	/* are there any extended attributes? */
1663	error = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1664	    &xattr_obj, sizeof (xattr_obj));
1665	if (error == 0 && xattr_obj) {
1666		error = zfs_zget(zfsvfs, xattr_obj, &xzp);
1667		ASSERT0(error);
1668		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
1669		dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);
1670	}
1671
1672	mutex_enter(&zp->z_lock);
1673	if ((acl_obj = zfs_external_acl(zp)) != 0 && may_delete_now)
1674		dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END);
1675	mutex_exit(&zp->z_lock);
1676
1677	/* charge as an update -- would be nice not to charge at all */
1678	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
1679
1680	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1681	if (error) {
1682		zfs_dirent_unlock(dl);
1683		VN_RELE(vp);
1684		if (xzp)
1685			VN_RELE(ZTOV(xzp));
1686		if (error == ERESTART) {
1687			waited = B_TRUE;
1688			dmu_tx_wait(tx);
1689			dmu_tx_abort(tx);
1690			goto top;
1691		}
1692		if (realnmp)
1693			pn_free(realnmp);
1694		dmu_tx_abort(tx);
1695		ZFS_EXIT(zfsvfs);
1696		return (error);
1697	}
1698
1699	/*
1700	 * Remove the directory entry.
1701	 */
1702	error = zfs_link_destroy(dl, zp, tx, zflg, &unlinked);
1703
1704	if (error) {
1705		dmu_tx_commit(tx);
1706		goto out;
1707	}
1708
1709	if (unlinked) {
1710
1711		/*
1712		 * Hold z_lock so that we can make sure that the ACL obj
1713		 * hasn't changed.  Could have been deleted due to
1714		 * zfs_sa_upgrade().
1715		 */
1716		mutex_enter(&zp->z_lock);
1717		mutex_enter(&vp->v_lock);
1718		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1719		    &xattr_obj_unlinked, sizeof (xattr_obj_unlinked));
1720		delete_now = may_delete_now && !toobig &&
1721		    vp->v_count == 1 && !vn_has_cached_data(vp) &&
1722		    xattr_obj == xattr_obj_unlinked && zfs_external_acl(zp) ==
1723		    acl_obj;
1724		mutex_exit(&vp->v_lock);
1725	}
1726
1727	if (delete_now) {
1728		if (xattr_obj_unlinked) {
1729			ASSERT3U(xzp->z_links, ==, 2);
1730			mutex_enter(&xzp->z_lock);
1731			xzp->z_unlinked = 1;
1732			xzp->z_links = 0;
1733			error = sa_update(xzp->z_sa_hdl, SA_ZPL_LINKS(zfsvfs),
1734			    &xzp->z_links, sizeof (xzp->z_links), tx);
1735			ASSERT3U(error,  ==,  0);
1736			mutex_exit(&xzp->z_lock);
1737			zfs_unlinked_add(xzp, tx);
1738
1739			if (zp->z_is_sa)
1740				error = sa_remove(zp->z_sa_hdl,
1741				    SA_ZPL_XATTR(zfsvfs), tx);
1742			else
1743				error = sa_update(zp->z_sa_hdl,
1744				    SA_ZPL_XATTR(zfsvfs), &null_xattr,
1745				    sizeof (uint64_t), tx);
1746			ASSERT0(error);
1747		}
1748		mutex_enter(&vp->v_lock);
1749		vp->v_count--;
1750		ASSERT0(vp->v_count);
1751		mutex_exit(&vp->v_lock);
1752		mutex_exit(&zp->z_lock);
1753		zfs_znode_delete(zp, tx);
1754	} else if (unlinked) {
1755		mutex_exit(&zp->z_lock);
1756		zfs_unlinked_add(zp, tx);
1757	}
1758
1759	txtype = TX_REMOVE;
1760	if (flags & FIGNORECASE)
1761		txtype |= TX_CI;
1762	zfs_log_remove(zilog, tx, txtype, dzp, name, obj);
1763
1764	dmu_tx_commit(tx);
1765out:
1766	if (realnmp)
1767		pn_free(realnmp);
1768
1769	zfs_dirent_unlock(dl);
1770
1771	if (!delete_now)
1772		VN_RELE(vp);
1773	if (xzp)
1774		VN_RELE(ZTOV(xzp));
1775
1776	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1777		zil_commit(zilog, 0);
1778
1779	ZFS_EXIT(zfsvfs);
1780	return (error);
1781}
1782
1783/*
1784 * Create a new directory and insert it into dvp using the name
1785 * provided.  Return a pointer to the inserted directory.
1786 *
1787 *	IN:	dvp	- vnode of directory to add subdir to.
1788 *		dirname	- name of new directory.
1789 *		vap	- attributes of new directory.
1790 *		cr	- credentials of caller.
1791 *		ct	- caller context
1792 *		flags	- case flags
1793 *		vsecp	- ACL to be set
1794 *
1795 *	OUT:	vpp	- vnode of created directory.
1796 *
1797 *	RETURN:	0 on success, error code on failure.
1798 *
1799 * Timestamps:
1800 *	dvp - ctime|mtime updated
1801 *	 vp - ctime|mtime|atime updated
1802 */
1803/*ARGSUSED*/
1804static int
1805zfs_mkdir(vnode_t *dvp, char *dirname, vattr_t *vap, vnode_t **vpp, cred_t *cr,
1806    caller_context_t *ct, int flags, vsecattr_t *vsecp)
1807{
1808	znode_t		*zp, *dzp = VTOZ(dvp);
1809	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1810	zilog_t		*zilog;
1811	zfs_dirlock_t	*dl;
1812	uint64_t	txtype;
1813	dmu_tx_t	*tx;
1814	int		error;
1815	int		zf = ZNEW;
1816	ksid_t		*ksid;
1817	uid_t		uid;
1818	gid_t		gid = crgetgid(cr);
1819	zfs_acl_ids_t   acl_ids;
1820	boolean_t	fuid_dirtied;
1821	boolean_t	waited = B_FALSE;
1822
1823	ASSERT(vap->va_type == VDIR);
1824
1825	/*
1826	 * If we have an ephemeral id, ACL, or XVATTR then
1827	 * make sure file system is at proper version
1828	 */
1829
1830	ksid = crgetsid(cr, KSID_OWNER);
1831	if (ksid)
1832		uid = ksid_getid(ksid);
1833	else
1834		uid = crgetuid(cr);
1835	if (zfsvfs->z_use_fuids == B_FALSE &&
1836	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1837	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1838		return (SET_ERROR(EINVAL));
1839
1840	ZFS_ENTER(zfsvfs);
1841	ZFS_VERIFY_ZP(dzp);
1842	zilog = zfsvfs->z_log;
1843
1844	if (dzp->z_pflags & ZFS_XATTR) {
1845		ZFS_EXIT(zfsvfs);
1846		return (SET_ERROR(EINVAL));
1847	}
1848
1849	if (zfsvfs->z_utf8 && u8_validate(dirname,
1850	    strlen(dirname), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1851		ZFS_EXIT(zfsvfs);
1852		return (SET_ERROR(EILSEQ));
1853	}
1854	if (flags & FIGNORECASE)
1855		zf |= ZCILOOK;
1856
1857	if (vap->va_mask & AT_XVATTR) {
1858		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1859		    crgetuid(cr), cr, vap->va_type)) != 0) {
1860			ZFS_EXIT(zfsvfs);
1861			return (error);
1862		}
1863	}
1864
1865	if ((error = zfs_acl_ids_create(dzp, 0, vap, cr,
1866	    vsecp, &acl_ids)) != 0) {
1867		ZFS_EXIT(zfsvfs);
1868		return (error);
1869	}
1870	/*
1871	 * First make sure the new directory doesn't exist.
1872	 *
1873	 * Existence is checked first to make sure we don't return
1874	 * EACCES instead of EEXIST which can cause some applications
1875	 * to fail.
1876	 */
1877top:
1878	*vpp = NULL;
1879
1880	if (error = zfs_dirent_lock(&dl, dzp, dirname, &zp, zf,
1881	    NULL, NULL)) {
1882		zfs_acl_ids_free(&acl_ids);
1883		ZFS_EXIT(zfsvfs);
1884		return (error);
1885	}
1886
1887	if (error = zfs_zaccess(dzp, ACE_ADD_SUBDIRECTORY, 0, B_FALSE, cr)) {
1888		zfs_acl_ids_free(&acl_ids);
1889		zfs_dirent_unlock(dl);
1890		ZFS_EXIT(zfsvfs);
1891		return (error);
1892	}
1893
1894	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1895		zfs_acl_ids_free(&acl_ids);
1896		zfs_dirent_unlock(dl);
1897		ZFS_EXIT(zfsvfs);
1898		return (SET_ERROR(EDQUOT));
1899	}
1900
1901	/*
1902	 * Add a new entry to the directory.
1903	 */
1904	tx = dmu_tx_create(zfsvfs->z_os);
1905	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, dirname);
1906	dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
1907	fuid_dirtied = zfsvfs->z_fuid_dirty;
1908	if (fuid_dirtied)
1909		zfs_fuid_txhold(zfsvfs, tx);
1910	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1911		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
1912		    acl_ids.z_aclp->z_acl_bytes);
1913	}
1914
1915	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1916	    ZFS_SA_BASE_ATTR_SIZE);
1917
1918	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1919	if (error) {
1920		zfs_dirent_unlock(dl);
1921		if (error == ERESTART) {
1922			waited = B_TRUE;
1923			dmu_tx_wait(tx);
1924			dmu_tx_abort(tx);
1925			goto top;
1926		}
1927		zfs_acl_ids_free(&acl_ids);
1928		dmu_tx_abort(tx);
1929		ZFS_EXIT(zfsvfs);
1930		return (error);
1931	}
1932
1933	/*
1934	 * Create new node.
1935	 */
1936	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1937
1938	if (fuid_dirtied)
1939		zfs_fuid_sync(zfsvfs, tx);
1940
1941	/*
1942	 * Now put new name in parent dir.
1943	 */
1944	(void) zfs_link_create(dl, zp, tx, ZNEW);
1945
1946	*vpp = ZTOV(zp);
1947
1948	txtype = zfs_log_create_txtype(Z_DIR, vsecp, vap);
1949	if (flags & FIGNORECASE)
1950		txtype |= TX_CI;
1951	zfs_log_create(zilog, tx, txtype, dzp, zp, dirname, vsecp,
1952	    acl_ids.z_fuidp, vap);
1953
1954	zfs_acl_ids_free(&acl_ids);
1955
1956	dmu_tx_commit(tx);
1957
1958	zfs_dirent_unlock(dl);
1959
1960	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1961		zil_commit(zilog, 0);
1962
1963	ZFS_EXIT(zfsvfs);
1964	return (0);
1965}
1966
1967/*
1968 * Remove a directory subdir entry.  If the current working
1969 * directory is the same as the subdir to be removed, the
1970 * remove will fail.
1971 *
1972 *	IN:	dvp	- vnode of directory to remove from.
1973 *		name	- name of directory to be removed.
1974 *		cwd	- vnode of current working directory.
1975 *		cr	- credentials of caller.
1976 *		ct	- caller context
1977 *		flags	- case flags
1978 *
1979 *	RETURN:	0 on success, error code on failure.
1980 *
1981 * Timestamps:
1982 *	dvp - ctime|mtime updated
1983 */
1984/*ARGSUSED*/
1985static int
1986zfs_rmdir(vnode_t *dvp, char *name, vnode_t *cwd, cred_t *cr,
1987    caller_context_t *ct, int flags)
1988{
1989	znode_t		*dzp = VTOZ(dvp);
1990	znode_t		*zp;
1991	vnode_t		*vp;
1992	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1993	zilog_t		*zilog;
1994	zfs_dirlock_t	*dl;
1995	dmu_tx_t	*tx;
1996	int		error;
1997	int		zflg = ZEXISTS;
1998	boolean_t	waited = B_FALSE;
1999
2000	ZFS_ENTER(zfsvfs);
2001	ZFS_VERIFY_ZP(dzp);
2002	zilog = zfsvfs->z_log;
2003
2004	if (flags & FIGNORECASE)
2005		zflg |= ZCILOOK;
2006top:
2007	zp = NULL;
2008
2009	/*
2010	 * Attempt to lock directory; fail if entry doesn't exist.
2011	 */
2012	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
2013	    NULL, NULL)) {
2014		ZFS_EXIT(zfsvfs);
2015		return (error);
2016	}
2017
2018	vp = ZTOV(zp);
2019
2020	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
2021		goto out;
2022	}
2023
2024	if (vp->v_type != VDIR) {
2025		error = SET_ERROR(ENOTDIR);
2026		goto out;
2027	}
2028
2029	if (vp == cwd) {
2030		error = SET_ERROR(EINVAL);
2031		goto out;
2032	}
2033
2034	vnevent_rmdir(vp, dvp, name, ct);
2035
2036	/*
2037	 * Grab a lock on the directory to make sure that noone is
2038	 * trying to add (or lookup) entries while we are removing it.
2039	 */
2040	rw_enter(&zp->z_name_lock, RW_WRITER);
2041
2042	/*
2043	 * Grab a lock on the parent pointer to make sure we play well
2044	 * with the treewalk and directory rename code.
2045	 */
2046	rw_enter(&zp->z_parent_lock, RW_WRITER);
2047
2048	tx = dmu_tx_create(zfsvfs->z_os);
2049	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
2050	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
2051	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
2052	zfs_sa_upgrade_txholds(tx, zp);
2053	zfs_sa_upgrade_txholds(tx, dzp);
2054	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
2055	if (error) {
2056		rw_exit(&zp->z_parent_lock);
2057		rw_exit(&zp->z_name_lock);
2058		zfs_dirent_unlock(dl);
2059		VN_RELE(vp);
2060		if (error == ERESTART) {
2061			waited = B_TRUE;
2062			dmu_tx_wait(tx);
2063			dmu_tx_abort(tx);
2064			goto top;
2065		}
2066		dmu_tx_abort(tx);
2067		ZFS_EXIT(zfsvfs);
2068		return (error);
2069	}
2070
2071	error = zfs_link_destroy(dl, zp, tx, zflg, NULL);
2072
2073	if (error == 0) {
2074		uint64_t txtype = TX_RMDIR;
2075		if (flags & FIGNORECASE)
2076			txtype |= TX_CI;
2077		zfs_log_remove(zilog, tx, txtype, dzp, name, ZFS_NO_OBJECT);
2078	}
2079
2080	dmu_tx_commit(tx);
2081
2082	rw_exit(&zp->z_parent_lock);
2083	rw_exit(&zp->z_name_lock);
2084out:
2085	zfs_dirent_unlock(dl);
2086
2087	VN_RELE(vp);
2088
2089	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
2090		zil_commit(zilog, 0);
2091
2092	ZFS_EXIT(zfsvfs);
2093	return (error);
2094}
2095
2096/*
2097 * Read as many directory entries as will fit into the provided
2098 * buffer from the given directory cursor position (specified in
2099 * the uio structure).
2100 *
2101 *	IN:	vp	- vnode of directory to read.
2102 *		uio	- structure supplying read location, range info,
2103 *			  and return buffer.
2104 *		cr	- credentials of caller.
2105 *		ct	- caller context
2106 *		flags	- case flags
2107 *
2108 *	OUT:	uio	- updated offset and range, buffer filled.
2109 *		eofp	- set to true if end-of-file detected.
2110 *
2111 *	RETURN:	0 on success, error code on failure.
2112 *
2113 * Timestamps:
2114 *	vp - atime updated
2115 *
2116 * Note that the low 4 bits of the cookie returned by zap is always zero.
2117 * This allows us to use the low range for "special" directory entries:
2118 * We use 0 for '.', and 1 for '..'.  If this is the root of the filesystem,
2119 * we use the offset 2 for the '.zfs' directory.
2120 */
2121/* ARGSUSED */
2122static int
2123zfs_readdir(vnode_t *vp, uio_t *uio, cred_t *cr, int *eofp,
2124    caller_context_t *ct, int flags)
2125{
2126	znode_t		*zp = VTOZ(vp);
2127	iovec_t		*iovp;
2128	edirent_t	*eodp;
2129	dirent64_t	*odp;
2130	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2131	objset_t	*os;
2132	caddr_t		outbuf;
2133	size_t		bufsize;
2134	zap_cursor_t	zc;
2135	zap_attribute_t	zap;
2136	uint_t		bytes_wanted;
2137	uint64_t	offset; /* must be unsigned; checks for < 1 */
2138	uint64_t	parent;
2139	int		local_eof;
2140	int		outcount;
2141	int		error;
2142	uint8_t		prefetch;
2143	boolean_t	check_sysattrs;
2144
2145	ZFS_ENTER(zfsvfs);
2146	ZFS_VERIFY_ZP(zp);
2147
2148	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
2149	    &parent, sizeof (parent))) != 0) {
2150		ZFS_EXIT(zfsvfs);
2151		return (error);
2152	}
2153
2154	/*
2155	 * If we are not given an eof variable,
2156	 * use a local one.
2157	 */
2158	if (eofp == NULL)
2159		eofp = &local_eof;
2160
2161	/*
2162	 * Check for valid iov_len.
2163	 */
2164	if (uio->uio_iov->iov_len <= 0) {
2165		ZFS_EXIT(zfsvfs);
2166		return (SET_ERROR(EINVAL));
2167	}
2168
2169	/*
2170	 * Quit if directory has been removed (posix)
2171	 */
2172	if ((*eofp = zp->z_unlinked) != 0) {
2173		ZFS_EXIT(zfsvfs);
2174		return (0);
2175	}
2176
2177	error = 0;
2178	os = zfsvfs->z_os;
2179	offset = uio->uio_loffset;
2180	prefetch = zp->z_zn_prefetch;
2181
2182	/*
2183	 * Initialize the iterator cursor.
2184	 */
2185	if (offset <= 3) {
2186		/*
2187		 * Start iteration from the beginning of the directory.
2188		 */
2189		zap_cursor_init(&zc, os, zp->z_id);
2190	} else {
2191		/*
2192		 * The offset is a serialized cursor.
2193		 */
2194		zap_cursor_init_serialized(&zc, os, zp->z_id, offset);
2195	}
2196
2197	/*
2198	 * Get space to change directory entries into fs independent format.
2199	 */
2200	iovp = uio->uio_iov;
2201	bytes_wanted = iovp->iov_len;
2202	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) {
2203		bufsize = bytes_wanted;
2204		outbuf = kmem_alloc(bufsize, KM_SLEEP);
2205		odp = (struct dirent64 *)outbuf;
2206	} else {
2207		bufsize = bytes_wanted;
2208		outbuf = NULL;
2209		odp = (struct dirent64 *)iovp->iov_base;
2210	}
2211	eodp = (struct edirent *)odp;
2212
2213	/*
2214	 * If this VFS supports the system attribute view interface; and
2215	 * we're looking at an extended attribute directory; and we care
2216	 * about normalization conflicts on this vfs; then we must check
2217	 * for normalization conflicts with the sysattr name space.
2218	 */
2219	check_sysattrs = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
2220	    (vp->v_flag & V_XATTRDIR) && zfsvfs->z_norm &&
2221	    (flags & V_RDDIR_ENTFLAGS);
2222
2223	/*
2224	 * Transform to file-system independent format
2225	 */
2226	outcount = 0;
2227	while (outcount < bytes_wanted) {
2228		ino64_t objnum;
2229		ushort_t reclen;
2230		off64_t *next = NULL;
2231
2232		/*
2233		 * Special case `.', `..', and `.zfs'.
2234		 */
2235		if (offset == 0) {
2236			(void) strcpy(zap.za_name, ".");
2237			zap.za_normalization_conflict = 0;
2238			objnum = zp->z_id;
2239		} else if (offset == 1) {
2240			(void) strcpy(zap.za_name, "..");
2241			zap.za_normalization_conflict = 0;
2242			objnum = parent;
2243		} else if (offset == 2 && zfs_show_ctldir(zp)) {
2244			(void) strcpy(zap.za_name, ZFS_CTLDIR_NAME);
2245			zap.za_normalization_conflict = 0;
2246			objnum = ZFSCTL_INO_ROOT;
2247		} else {
2248			/*
2249			 * Grab next entry.
2250			 */
2251			if (error = zap_cursor_retrieve(&zc, &zap)) {
2252				if ((*eofp = (error == ENOENT)) != 0)
2253					break;
2254				else
2255					goto update;
2256			}
2257
2258			if (zap.za_integer_length != 8 ||
2259			    zap.za_num_integers != 1) {
2260				cmn_err(CE_WARN, "zap_readdir: bad directory "
2261				    "entry, obj = %lld, offset = %lld\n",
2262				    (u_longlong_t)zp->z_id,
2263				    (u_longlong_t)offset);
2264				error = SET_ERROR(ENXIO);
2265				goto update;
2266			}
2267
2268			objnum = ZFS_DIRENT_OBJ(zap.za_first_integer);
2269			/*
2270			 * MacOS X can extract the object type here such as:
2271			 * uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);
2272			 */
2273
2274			if (check_sysattrs && !zap.za_normalization_conflict) {
2275				zap.za_normalization_conflict =
2276				    xattr_sysattr_casechk(zap.za_name);
2277			}
2278		}
2279
2280		if (flags & V_RDDIR_ACCFILTER) {
2281			/*
2282			 * If we have no access at all, don't include
2283			 * this entry in the returned information
2284			 */
2285			znode_t	*ezp;
2286			if (zfs_zget(zp->z_zfsvfs, objnum, &ezp) != 0)
2287				goto skip_entry;
2288			if (!zfs_has_access(ezp, cr)) {
2289				VN_RELE(ZTOV(ezp));
2290				goto skip_entry;
2291			}
2292			VN_RELE(ZTOV(ezp));
2293		}
2294
2295		if (flags & V_RDDIR_ENTFLAGS)
2296			reclen = EDIRENT_RECLEN(strlen(zap.za_name));
2297		else
2298			reclen = DIRENT64_RECLEN(strlen(zap.za_name));
2299
2300		/*
2301		 * Will this entry fit in the buffer?
2302		 */
2303		if (outcount + reclen > bufsize) {
2304			/*
2305			 * Did we manage to fit anything in the buffer?
2306			 */
2307			if (!outcount) {
2308				error = SET_ERROR(EINVAL);
2309				goto update;
2310			}
2311			break;
2312		}
2313		if (flags & V_RDDIR_ENTFLAGS) {
2314			/*
2315			 * Add extended flag entry:
2316			 */
2317			eodp->ed_ino = objnum;
2318			eodp->ed_reclen = reclen;
2319			/* NOTE: ed_off is the offset for the *next* entry */
2320			next = &(eodp->ed_off);
2321			eodp->ed_eflags = zap.za_normalization_conflict ?
2322			    ED_CASE_CONFLICT : 0;
2323			(void) strncpy(eodp->ed_name, zap.za_name,
2324			    EDIRENT_NAMELEN(reclen));
2325			eodp = (edirent_t *)((intptr_t)eodp + reclen);
2326		} else {
2327			/*
2328			 * Add normal entry:
2329			 */
2330			odp->d_ino = objnum;
2331			odp->d_reclen = reclen;
2332			/* NOTE: d_off is the offset for the *next* entry */
2333			next = &(odp->d_off);
2334			(void) strncpy(odp->d_name, zap.za_name,
2335			    DIRENT64_NAMELEN(reclen));
2336			odp = (dirent64_t *)((intptr_t)odp + reclen);
2337		}
2338		outcount += reclen;
2339
2340		ASSERT(outcount <= bufsize);
2341
2342		/* Prefetch znode */
2343		if (prefetch)
2344			dmu_prefetch(os, objnum, 0, 0);
2345
2346	skip_entry:
2347		/*
2348		 * Move to the next entry, fill in the previous offset.
2349		 */
2350		if (offset > 2 || (offset == 2 && !zfs_show_ctldir(zp))) {
2351			zap_cursor_advance(&zc);
2352			offset = zap_cursor_serialize(&zc);
2353		} else {
2354			offset += 1;
2355		}
2356		if (next)
2357			*next = offset;
2358	}
2359	zp->z_zn_prefetch = B_FALSE; /* a lookup will re-enable pre-fetching */
2360
2361	if (uio->uio_segflg == UIO_SYSSPACE && uio->uio_iovcnt == 1) {
2362		iovp->iov_base += outcount;
2363		iovp->iov_len -= outcount;
2364		uio->uio_resid -= outcount;
2365	} else if (error = uiomove(outbuf, (long)outcount, UIO_READ, uio)) {
2366		/*
2367		 * Reset the pointer.
2368		 */
2369		offset = uio->uio_loffset;
2370	}
2371
2372update:
2373	zap_cursor_fini(&zc);
2374	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
2375		kmem_free(outbuf, bufsize);
2376
2377	if (error == ENOENT)
2378		error = 0;
2379
2380	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
2381
2382	uio->uio_loffset = offset;
2383	ZFS_EXIT(zfsvfs);
2384	return (error);
2385}
2386
2387ulong_t zfs_fsync_sync_cnt = 4;
2388
2389static int
2390zfs_fsync(vnode_t *vp, int syncflag, cred_t *cr, caller_context_t *ct)
2391{
2392	znode_t	*zp = VTOZ(vp);
2393	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2394
2395	/*
2396	 * Regardless of whether this is required for standards conformance,
2397	 * this is the logical behavior when fsync() is called on a file with
2398	 * dirty pages.  We use B_ASYNC since the ZIL transactions are already
2399	 * going to be pushed out as part of the zil_commit().
2400	 */
2401	if (vn_has_cached_data(vp) && !(syncflag & FNODSYNC) &&
2402	    (vp->v_type == VREG) && !(IS_SWAPVP(vp)))
2403		(void) VOP_PUTPAGE(vp, (offset_t)0, (size_t)0, B_ASYNC, cr, ct);
2404
2405	(void) tsd_set(zfs_fsyncer_key, (void *)zfs_fsync_sync_cnt);
2406
2407	if (zfsvfs->z_os->os_sync != ZFS_SYNC_DISABLED) {
2408		ZFS_ENTER(zfsvfs);
2409		ZFS_VERIFY_ZP(zp);
2410		zil_commit(zfsvfs->z_log, zp->z_id);
2411		ZFS_EXIT(zfsvfs);
2412	}
2413	return (0);
2414}
2415
2416
2417/*
2418 * Get the requested file attributes and place them in the provided
2419 * vattr structure.
2420 *
2421 *	IN:	vp	- vnode of file.
2422 *		vap	- va_mask identifies requested attributes.
2423 *			  If AT_XVATTR set, then optional attrs are requested
2424 *		flags	- ATTR_NOACLCHECK (CIFS server context)
2425 *		cr	- credentials of caller.
2426 *		ct	- caller context
2427 *
2428 *	OUT:	vap	- attribute values.
2429 *
2430 *	RETURN:	0 (always succeeds).
2431 */
2432/* ARGSUSED */
2433static int
2434zfs_getattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2435    caller_context_t *ct)
2436{
2437	znode_t *zp = VTOZ(vp);
2438	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2439	int	error = 0;
2440	uint64_t links;
2441	uint64_t mtime[2], ctime[2];
2442	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2443	xoptattr_t *xoap = NULL;
2444	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2445	sa_bulk_attr_t bulk[2];
2446	int count = 0;
2447
2448	ZFS_ENTER(zfsvfs);
2449	ZFS_VERIFY_ZP(zp);
2450
2451	zfs_fuid_map_ids(zp, cr, &vap->va_uid, &vap->va_gid);
2452
2453	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
2454	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
2455
2456	if ((error = sa_bulk_lookup(zp->z_sa_hdl, bulk, count)) != 0) {
2457		ZFS_EXIT(zfsvfs);
2458		return (error);
2459	}
2460
2461	/*
2462	 * If ACL is trivial don't bother looking for ACE_READ_ATTRIBUTES.
2463	 * Also, if we are the owner don't bother, since owner should
2464	 * always be allowed to read basic attributes of file.
2465	 */
2466	if (!(zp->z_pflags & ZFS_ACL_TRIVIAL) &&
2467	    (vap->va_uid != crgetuid(cr))) {
2468		if (error = zfs_zaccess(zp, ACE_READ_ATTRIBUTES, 0,
2469		    skipaclchk, cr)) {
2470			ZFS_EXIT(zfsvfs);
2471			return (error);
2472		}
2473	}
2474
2475	/*
2476	 * Return all attributes.  It's cheaper to provide the answer
2477	 * than to determine whether we were asked the question.
2478	 */
2479
2480	mutex_enter(&zp->z_lock);
2481	vap->va_type = vp->v_type;
2482	vap->va_mode = zp->z_mode & MODEMASK;
2483	vap->va_fsid = zp->z_zfsvfs->z_vfs->vfs_dev;
2484	vap->va_nodeid = zp->z_id;
2485	if ((vp->v_flag & VROOT) && zfs_show_ctldir(zp))
2486		links = zp->z_links + 1;
2487	else
2488		links = zp->z_links;
2489	vap->va_nlink = MIN(links, UINT32_MAX);	/* nlink_t limit! */
2490	vap->va_size = zp->z_size;
2491	vap->va_rdev = vp->v_rdev;
2492	vap->va_seq = zp->z_seq;
2493
2494	/*
2495	 * Add in any requested optional attributes and the create time.
2496	 * Also set the corresponding bits in the returned attribute bitmap.
2497	 */
2498	if ((xoap = xva_getxoptattr(xvap)) != NULL && zfsvfs->z_use_fuids) {
2499		if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE)) {
2500			xoap->xoa_archive =
2501			    ((zp->z_pflags & ZFS_ARCHIVE) != 0);
2502			XVA_SET_RTN(xvap, XAT_ARCHIVE);
2503		}
2504
2505		if (XVA_ISSET_REQ(xvap, XAT_READONLY)) {
2506			xoap->xoa_readonly =
2507			    ((zp->z_pflags & ZFS_READONLY) != 0);
2508			XVA_SET_RTN(xvap, XAT_READONLY);
2509		}
2510
2511		if (XVA_ISSET_REQ(xvap, XAT_SYSTEM)) {
2512			xoap->xoa_system =
2513			    ((zp->z_pflags & ZFS_SYSTEM) != 0);
2514			XVA_SET_RTN(xvap, XAT_SYSTEM);
2515		}
2516
2517		if (XVA_ISSET_REQ(xvap, XAT_HIDDEN)) {
2518			xoap->xoa_hidden =
2519			    ((zp->z_pflags & ZFS_HIDDEN) != 0);
2520			XVA_SET_RTN(xvap, XAT_HIDDEN);
2521		}
2522
2523		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2524			xoap->xoa_nounlink =
2525			    ((zp->z_pflags & ZFS_NOUNLINK) != 0);
2526			XVA_SET_RTN(xvap, XAT_NOUNLINK);
2527		}
2528
2529		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2530			xoap->xoa_immutable =
2531			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0);
2532			XVA_SET_RTN(xvap, XAT_IMMUTABLE);
2533		}
2534
2535		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2536			xoap->xoa_appendonly =
2537			    ((zp->z_pflags & ZFS_APPENDONLY) != 0);
2538			XVA_SET_RTN(xvap, XAT_APPENDONLY);
2539		}
2540
2541		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2542			xoap->xoa_nodump =
2543			    ((zp->z_pflags & ZFS_NODUMP) != 0);
2544			XVA_SET_RTN(xvap, XAT_NODUMP);
2545		}
2546
2547		if (XVA_ISSET_REQ(xvap, XAT_OPAQUE)) {
2548			xoap->xoa_opaque =
2549			    ((zp->z_pflags & ZFS_OPAQUE) != 0);
2550			XVA_SET_RTN(xvap, XAT_OPAQUE);
2551		}
2552
2553		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2554			xoap->xoa_av_quarantined =
2555			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0);
2556			XVA_SET_RTN(xvap, XAT_AV_QUARANTINED);
2557		}
2558
2559		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2560			xoap->xoa_av_modified =
2561			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0);
2562			XVA_SET_RTN(xvap, XAT_AV_MODIFIED);
2563		}
2564
2565		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) &&
2566		    vp->v_type == VREG) {
2567			zfs_sa_get_scanstamp(zp, xvap);
2568		}
2569
2570		if (XVA_ISSET_REQ(xvap, XAT_CREATETIME)) {
2571			uint64_t times[2];
2572
2573			(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_CRTIME(zfsvfs),
2574			    times, sizeof (times));
2575			ZFS_TIME_DECODE(&xoap->xoa_createtime, times);
2576			XVA_SET_RTN(xvap, XAT_CREATETIME);
2577		}
2578
2579		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2580			xoap->xoa_reparse = ((zp->z_pflags & ZFS_REPARSE) != 0);
2581			XVA_SET_RTN(xvap, XAT_REPARSE);
2582		}
2583		if (XVA_ISSET_REQ(xvap, XAT_GEN)) {
2584			xoap->xoa_generation = zp->z_gen;
2585			XVA_SET_RTN(xvap, XAT_GEN);
2586		}
2587
2588		if (XVA_ISSET_REQ(xvap, XAT_OFFLINE)) {
2589			xoap->xoa_offline =
2590			    ((zp->z_pflags & ZFS_OFFLINE) != 0);
2591			XVA_SET_RTN(xvap, XAT_OFFLINE);
2592		}
2593
2594		if (XVA_ISSET_REQ(xvap, XAT_SPARSE)) {
2595			xoap->xoa_sparse =
2596			    ((zp->z_pflags & ZFS_SPARSE) != 0);
2597			XVA_SET_RTN(xvap, XAT_SPARSE);
2598		}
2599	}
2600
2601	ZFS_TIME_DECODE(&vap->va_atime, zp->z_atime);
2602	ZFS_TIME_DECODE(&vap->va_mtime, mtime);
2603	ZFS_TIME_DECODE(&vap->va_ctime, ctime);
2604
2605	mutex_exit(&zp->z_lock);
2606
2607	sa_object_size(zp->z_sa_hdl, &vap->va_blksize, &vap->va_nblocks);
2608
2609	if (zp->z_blksz == 0) {
2610		/*
2611		 * Block size hasn't been set; suggest maximal I/O transfers.
2612		 */
2613		vap->va_blksize = zfsvfs->z_max_blksz;
2614	}
2615
2616	ZFS_EXIT(zfsvfs);
2617	return (0);
2618}
2619
2620/*
2621 * Set the file attributes to the values contained in the
2622 * vattr structure.
2623 *
2624 *	IN:	vp	- vnode of file to be modified.
2625 *		vap	- new attribute values.
2626 *			  If AT_XVATTR set, then optional attrs are being set
2627 *		flags	- ATTR_UTIME set if non-default time values provided.
2628 *			- ATTR_NOACLCHECK (CIFS context only).
2629 *		cr	- credentials of caller.
2630 *		ct	- caller context
2631 *
2632 *	RETURN:	0 on success, error code on failure.
2633 *
2634 * Timestamps:
2635 *	vp - ctime updated, mtime updated if size changed.
2636 */
2637/* ARGSUSED */
2638static int
2639zfs_setattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2640    caller_context_t *ct)
2641{
2642	znode_t		*zp = VTOZ(vp);
2643	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2644	zilog_t		*zilog;
2645	dmu_tx_t	*tx;
2646	vattr_t		oldva;
2647	xvattr_t	tmpxvattr;
2648	uint_t		mask = vap->va_mask;
2649	uint_t		saved_mask = 0;
2650	int		trim_mask = 0;
2651	uint64_t	new_mode;
2652	uint64_t	new_uid, new_gid;
2653	uint64_t	xattr_obj;
2654	uint64_t	mtime[2], ctime[2];
2655	znode_t		*attrzp;
2656	int		need_policy = FALSE;
2657	int		err, err2;
2658	zfs_fuid_info_t *fuidp = NULL;
2659	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2660	xoptattr_t	*xoap;
2661	zfs_acl_t	*aclp;
2662	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2663	boolean_t	fuid_dirtied = B_FALSE;
2664	sa_bulk_attr_t	bulk[7], xattr_bulk[7];
2665	int		count = 0, xattr_count = 0;
2666
2667	if (mask == 0)
2668		return (0);
2669
2670	if (mask & AT_NOSET)
2671		return (SET_ERROR(EINVAL));
2672
2673	ZFS_ENTER(zfsvfs);
2674	ZFS_VERIFY_ZP(zp);
2675
2676	zilog = zfsvfs->z_log;
2677
2678	/*
2679	 * Make sure that if we have ephemeral uid/gid or xvattr specified
2680	 * that file system is at proper version level
2681	 */
2682
2683	if (zfsvfs->z_use_fuids == B_FALSE &&
2684	    (((mask & AT_UID) && IS_EPHEMERAL(vap->va_uid)) ||
2685	    ((mask & AT_GID) && IS_EPHEMERAL(vap->va_gid)) ||
2686	    (mask & AT_XVATTR))) {
2687		ZFS_EXIT(zfsvfs);
2688		return (SET_ERROR(EINVAL));
2689	}
2690
2691	if (mask & AT_SIZE && vp->v_type == VDIR) {
2692		ZFS_EXIT(zfsvfs);
2693		return (SET_ERROR(EISDIR));
2694	}
2695
2696	if (mask & AT_SIZE && vp->v_type != VREG && vp->v_type != VFIFO) {
2697		ZFS_EXIT(zfsvfs);
2698		return (SET_ERROR(EINVAL));
2699	}
2700
2701	/*
2702	 * If this is an xvattr_t, then get a pointer to the structure of
2703	 * optional attributes.  If this is NULL, then we have a vattr_t.
2704	 */
2705	xoap = xva_getxoptattr(xvap);
2706
2707	xva_init(&tmpxvattr);
2708
2709	/*
2710	 * Immutable files can only alter immutable bit and atime
2711	 */
2712	if ((zp->z_pflags & ZFS_IMMUTABLE) &&
2713	    ((mask & (AT_SIZE|AT_UID|AT_GID|AT_MTIME|AT_MODE)) ||
2714	    ((mask & AT_XVATTR) && XVA_ISSET_REQ(xvap, XAT_CREATETIME)))) {
2715		ZFS_EXIT(zfsvfs);
2716		return (SET_ERROR(EPERM));
2717	}
2718
2719	if ((mask & AT_SIZE) && (zp->z_pflags & ZFS_READONLY)) {
2720		ZFS_EXIT(zfsvfs);
2721		return (SET_ERROR(EPERM));
2722	}
2723
2724	/*
2725	 * Verify timestamps doesn't overflow 32 bits.
2726	 * ZFS can handle large timestamps, but 32bit syscalls can't
2727	 * handle times greater than 2039.  This check should be removed
2728	 * once large timestamps are fully supported.
2729	 */
2730	if (mask & (AT_ATIME | AT_MTIME)) {
2731		if (((mask & AT_ATIME) && TIMESPEC_OVERFLOW(&vap->va_atime)) ||
2732		    ((mask & AT_MTIME) && TIMESPEC_OVERFLOW(&vap->va_mtime))) {
2733			ZFS_EXIT(zfsvfs);
2734			return (SET_ERROR(EOVERFLOW));
2735		}
2736	}
2737
2738top:
2739	attrzp = NULL;
2740	aclp = NULL;
2741
2742	/* Can this be moved to before the top label? */
2743	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
2744		ZFS_EXIT(zfsvfs);
2745		return (SET_ERROR(EROFS));
2746	}
2747
2748	/*
2749	 * First validate permissions
2750	 */
2751
2752	if (mask & AT_SIZE) {
2753		err = zfs_zaccess(zp, ACE_WRITE_DATA, 0, skipaclchk, cr);
2754		if (err) {
2755			ZFS_EXIT(zfsvfs);
2756			return (err);
2757		}
2758		/*
2759		 * XXX - Note, we are not providing any open
2760		 * mode flags here (like FNDELAY), so we may
2761		 * block if there are locks present... this
2762		 * should be addressed in openat().
2763		 */
2764		/* XXX - would it be OK to generate a log record here? */
2765		err = zfs_freesp(zp, vap->va_size, 0, 0, FALSE);
2766		if (err) {
2767			ZFS_EXIT(zfsvfs);
2768			return (err);
2769		}
2770
2771		if (vap->va_size == 0)
2772			vnevent_truncate(ZTOV(zp), ct);
2773	}
2774
2775	if (mask & (AT_ATIME|AT_MTIME) ||
2776	    ((mask & AT_XVATTR) && (XVA_ISSET_REQ(xvap, XAT_HIDDEN) ||
2777	    XVA_ISSET_REQ(xvap, XAT_READONLY) ||
2778	    XVA_ISSET_REQ(xvap, XAT_ARCHIVE) ||
2779	    XVA_ISSET_REQ(xvap, XAT_OFFLINE) ||
2780	    XVA_ISSET_REQ(xvap, XAT_SPARSE) ||
2781	    XVA_ISSET_REQ(xvap, XAT_CREATETIME) ||
2782	    XVA_ISSET_REQ(xvap, XAT_SYSTEM)))) {
2783		need_policy = zfs_zaccess(zp, ACE_WRITE_ATTRIBUTES, 0,
2784		    skipaclchk, cr);
2785	}
2786
2787	if (mask & (AT_UID|AT_GID)) {
2788		int	idmask = (mask & (AT_UID|AT_GID));
2789		int	take_owner;
2790		int	take_group;
2791
2792		/*
2793		 * NOTE: even if a new mode is being set,
2794		 * we may clear S_ISUID/S_ISGID bits.
2795		 */
2796
2797		if (!(mask & AT_MODE))
2798			vap->va_mode = zp->z_mode;
2799
2800		/*
2801		 * Take ownership or chgrp to group we are a member of
2802		 */
2803
2804		take_owner = (mask & AT_UID) && (vap->va_uid == crgetuid(cr));
2805		take_group = (mask & AT_GID) &&
2806		    zfs_groupmember(zfsvfs, vap->va_gid, cr);
2807
2808		/*
2809		 * If both AT_UID and AT_GID are set then take_owner and
2810		 * take_group must both be set in order to allow taking
2811		 * ownership.
2812		 *
2813		 * Otherwise, send the check through secpolicy_vnode_setattr()
2814		 *
2815		 */
2816
2817		if (((idmask == (AT_UID|AT_GID)) && take_owner && take_group) ||
2818		    ((idmask == AT_UID) && take_owner) ||
2819		    ((idmask == AT_GID) && take_group)) {
2820			if (zfs_zaccess(zp, ACE_WRITE_OWNER, 0,
2821			    skipaclchk, cr) == 0) {
2822				/*
2823				 * Remove setuid/setgid for non-privileged users
2824				 */
2825				secpolicy_setid_clear(vap, cr);
2826				trim_mask = (mask & (AT_UID|AT_GID));
2827			} else {
2828				need_policy =  TRUE;
2829			}
2830		} else {
2831			need_policy =  TRUE;
2832		}
2833	}
2834
2835	mutex_enter(&zp->z_lock);
2836	oldva.va_mode = zp->z_mode;
2837	zfs_fuid_map_ids(zp, cr, &oldva.va_uid, &oldva.va_gid);
2838	if (mask & AT_XVATTR) {
2839		/*
2840		 * Update xvattr mask to include only those attributes
2841		 * that are actually changing.
2842		 *
2843		 * the bits will be restored prior to actually setting
2844		 * the attributes so the caller thinks they were set.
2845		 */
2846		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2847			if (xoap->xoa_appendonly !=
2848			    ((zp->z_pflags & ZFS_APPENDONLY) != 0)) {
2849				need_policy = TRUE;
2850			} else {
2851				XVA_CLR_REQ(xvap, XAT_APPENDONLY);
2852				XVA_SET_REQ(&tmpxvattr, XAT_APPENDONLY);
2853			}
2854		}
2855
2856		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2857			if (xoap->xoa_nounlink !=
2858			    ((zp->z_pflags & ZFS_NOUNLINK) != 0)) {
2859				need_policy = TRUE;
2860			} else {
2861				XVA_CLR_REQ(xvap, XAT_NOUNLINK);
2862				XVA_SET_REQ(&tmpxvattr, XAT_NOUNLINK);
2863			}
2864		}
2865
2866		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2867			if (xoap->xoa_immutable !=
2868			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0)) {
2869				need_policy = TRUE;
2870			} else {
2871				XVA_CLR_REQ(xvap, XAT_IMMUTABLE);
2872				XVA_SET_REQ(&tmpxvattr, XAT_IMMUTABLE);
2873			}
2874		}
2875
2876		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2877			if (xoap->xoa_nodump !=
2878			    ((zp->z_pflags & ZFS_NODUMP) != 0)) {
2879				need_policy = TRUE;
2880			} else {
2881				XVA_CLR_REQ(xvap, XAT_NODUMP);
2882				XVA_SET_REQ(&tmpxvattr, XAT_NODUMP);
2883			}
2884		}
2885
2886		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2887			if (xoap->xoa_av_modified !=
2888			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0)) {
2889				need_policy = TRUE;
2890			} else {
2891				XVA_CLR_REQ(xvap, XAT_AV_MODIFIED);
2892				XVA_SET_REQ(&tmpxvattr, XAT_AV_MODIFIED);
2893			}
2894		}
2895
2896		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2897			if ((vp->v_type != VREG &&
2898			    xoap->xoa_av_quarantined) ||
2899			    xoap->xoa_av_quarantined !=
2900			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0)) {
2901				need_policy = TRUE;
2902			} else {
2903				XVA_CLR_REQ(xvap, XAT_AV_QUARANTINED);
2904				XVA_SET_REQ(&tmpxvattr, XAT_AV_QUARANTINED);
2905			}
2906		}
2907
2908		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2909			mutex_exit(&zp->z_lock);
2910			ZFS_EXIT(zfsvfs);
2911			return (SET_ERROR(EPERM));
2912		}
2913
2914		if (need_policy == FALSE &&
2915		    (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) ||
2916		    XVA_ISSET_REQ(xvap, XAT_OPAQUE))) {
2917			need_policy = TRUE;
2918		}
2919	}
2920
2921	mutex_exit(&zp->z_lock);
2922
2923	if (mask & AT_MODE) {
2924		if (zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr) == 0) {
2925			err = secpolicy_setid_setsticky_clear(vp, vap,
2926			    &oldva, cr);
2927			if (err) {
2928				ZFS_EXIT(zfsvfs);
2929				return (err);
2930			}
2931			trim_mask |= AT_MODE;
2932		} else {
2933			need_policy = TRUE;
2934		}
2935	}
2936
2937	if (need_policy) {
2938		/*
2939		 * If trim_mask is set then take ownership
2940		 * has been granted or write_acl is present and user
2941		 * has the ability to modify mode.  In that case remove
2942		 * UID|GID and or MODE from mask so that
2943		 * secpolicy_vnode_setattr() doesn't revoke it.
2944		 */
2945
2946		if (trim_mask) {
2947			saved_mask = vap->va_mask;
2948			vap->va_mask &= ~trim_mask;
2949		}
2950		err = secpolicy_vnode_setattr(cr, vp, vap, &oldva, flags,
2951		    (int (*)(void *, int, cred_t *))zfs_zaccess_unix, zp);
2952		if (err) {
2953			ZFS_EXIT(zfsvfs);
2954			return (err);
2955		}
2956
2957		if (trim_mask)
2958			vap->va_mask |= saved_mask;
2959	}
2960
2961	/*
2962	 * secpolicy_vnode_setattr, or take ownership may have
2963	 * changed va_mask
2964	 */
2965	mask = vap->va_mask;
2966
2967	if ((mask & (AT_UID | AT_GID))) {
2968		err = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
2969		    &xattr_obj, sizeof (xattr_obj));
2970
2971		if (err == 0 && xattr_obj) {
2972			err = zfs_zget(zp->z_zfsvfs, xattr_obj, &attrzp);
2973			if (err)
2974				goto out2;
2975		}
2976		if (mask & AT_UID) {
2977			new_uid = zfs_fuid_create(zfsvfs,
2978			    (uint64_t)vap->va_uid, cr, ZFS_OWNER, &fuidp);
2979			if (new_uid != zp->z_uid &&
2980			    zfs_fuid_overquota(zfsvfs, B_FALSE, new_uid)) {
2981				if (attrzp)
2982					VN_RELE(ZTOV(attrzp));
2983				err = SET_ERROR(EDQUOT);
2984				goto out2;
2985			}
2986		}
2987
2988		if (mask & AT_GID) {
2989			new_gid = zfs_fuid_create(zfsvfs, (uint64_t)vap->va_gid,
2990			    cr, ZFS_GROUP, &fuidp);
2991			if (new_gid != zp->z_gid &&
2992			    zfs_fuid_overquota(zfsvfs, B_TRUE, new_gid)) {
2993				if (attrzp)
2994					VN_RELE(ZTOV(attrzp));
2995				err = SET_ERROR(EDQUOT);
2996				goto out2;
2997			}
2998		}
2999	}
3000	tx = dmu_tx_create(zfsvfs->z_os);
3001
3002	if (mask & AT_MODE) {
3003		uint64_t pmode = zp->z_mode;
3004		uint64_t acl_obj;
3005		new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT);
3006
3007		if (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_RESTRICTED &&
3008		    !(zp->z_pflags & ZFS_ACL_TRIVIAL)) {
3009			err = SET_ERROR(EPERM);
3010			goto out;
3011		}
3012
3013		if (err = zfs_acl_chmod_setattr(zp, &aclp, new_mode))
3014			goto out;
3015
3016		mutex_enter(&zp->z_lock);
3017		if (!zp->z_is_sa && ((acl_obj = zfs_external_acl(zp)) != 0)) {
3018			/*
3019			 * Are we upgrading ACL from old V0 format
3020			 * to V1 format?
3021			 */
3022			if (zfsvfs->z_version >= ZPL_VERSION_FUID &&
3023			    zfs_znode_acl_version(zp) ==
3024			    ZFS_ACL_VERSION_INITIAL) {
3025				dmu_tx_hold_free(tx, acl_obj, 0,
3026				    DMU_OBJECT_END);
3027				dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3028				    0, aclp->z_acl_bytes);
3029			} else {
3030				dmu_tx_hold_write(tx, acl_obj, 0,
3031				    aclp->z_acl_bytes);
3032			}
3033		} else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3034			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3035			    0, aclp->z_acl_bytes);
3036		}
3037		mutex_exit(&zp->z_lock);
3038		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3039	} else {
3040		if ((mask & AT_XVATTR) &&
3041		    XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3042			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3043		else
3044			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
3045	}
3046
3047	if (attrzp) {
3048		dmu_tx_hold_sa(tx, attrzp->z_sa_hdl, B_FALSE);
3049	}
3050
3051	fuid_dirtied = zfsvfs->z_fuid_dirty;
3052	if (fuid_dirtied)
3053		zfs_fuid_txhold(zfsvfs, tx);
3054
3055	zfs_sa_upgrade_txholds(tx, zp);
3056
3057	err = dmu_tx_assign(tx, TXG_WAIT);
3058	if (err)
3059		goto out;
3060
3061	count = 0;
3062	/*
3063	 * Set each attribute requested.
3064	 * We group settings according to the locks they need to acquire.
3065	 *
3066	 * Note: you cannot set ctime directly, although it will be
3067	 * updated as a side-effect of calling this function.
3068	 */
3069
3070
3071	if (mask & (AT_UID|AT_GID|AT_MODE))
3072		mutex_enter(&zp->z_acl_lock);
3073	mutex_enter(&zp->z_lock);
3074
3075	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
3076	    &zp->z_pflags, sizeof (zp->z_pflags));
3077
3078	if (attrzp) {
3079		if (mask & (AT_UID|AT_GID|AT_MODE))
3080			mutex_enter(&attrzp->z_acl_lock);
3081		mutex_enter(&attrzp->z_lock);
3082		SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3083		    SA_ZPL_FLAGS(zfsvfs), NULL, &attrzp->z_pflags,
3084		    sizeof (attrzp->z_pflags));
3085	}
3086
3087	if (mask & (AT_UID|AT_GID)) {
3088
3089		if (mask & AT_UID) {
3090			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_UID(zfsvfs), NULL,
3091			    &new_uid, sizeof (new_uid));
3092			zp->z_uid = new_uid;
3093			if (attrzp) {
3094				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3095				    SA_ZPL_UID(zfsvfs), NULL, &new_uid,
3096				    sizeof (new_uid));
3097				attrzp->z_uid = new_uid;
3098			}
3099		}
3100
3101		if (mask & AT_GID) {
3102			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_GID(zfsvfs),
3103			    NULL, &new_gid, sizeof (new_gid));
3104			zp->z_gid = new_gid;
3105			if (attrzp) {
3106				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3107				    SA_ZPL_GID(zfsvfs), NULL, &new_gid,
3108				    sizeof (new_gid));
3109				attrzp->z_gid = new_gid;
3110			}
3111		}
3112		if (!(mask & AT_MODE)) {
3113			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs),
3114			    NULL, &new_mode, sizeof (new_mode));
3115			new_mode = zp->z_mode;
3116		}
3117		err = zfs_acl_chown_setattr(zp);
3118		ASSERT(err == 0);
3119		if (attrzp) {
3120			err = zfs_acl_chown_setattr(attrzp);
3121			ASSERT(err == 0);
3122		}
3123	}
3124
3125	if (mask & AT_MODE) {
3126		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs), NULL,
3127		    &new_mode, sizeof (new_mode));
3128		zp->z_mode = new_mode;
3129		ASSERT3U((uintptr_t)aclp, !=, NULL);
3130		err = zfs_aclset_common(zp, aclp, cr, tx);
3131		ASSERT0(err);
3132		if (zp->z_acl_cached)
3133			zfs_acl_free(zp->z_acl_cached);
3134		zp->z_acl_cached = aclp;
3135		aclp = NULL;
3136	}
3137
3138
3139	if (mask & AT_ATIME) {
3140		ZFS_TIME_ENCODE(&vap->va_atime, zp->z_atime);
3141		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ATIME(zfsvfs), NULL,
3142		    &zp->z_atime, sizeof (zp->z_atime));
3143	}
3144
3145	if (mask & AT_MTIME) {
3146		ZFS_TIME_ENCODE(&vap->va_mtime, mtime);
3147		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
3148		    mtime, sizeof (mtime));
3149	}
3150
3151	/* XXX - shouldn't this be done *before* the ATIME/MTIME checks? */
3152	if (mask & AT_SIZE && !(mask & AT_MTIME)) {
3153		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs),
3154		    NULL, mtime, sizeof (mtime));
3155		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3156		    &ctime, sizeof (ctime));
3157		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
3158		    B_TRUE);
3159	} else if (mask != 0) {
3160		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3161		    &ctime, sizeof (ctime));
3162		zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime, ctime,
3163		    B_TRUE);
3164		if (attrzp) {
3165			SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3166			    SA_ZPL_CTIME(zfsvfs), NULL,
3167			    &ctime, sizeof (ctime));
3168			zfs_tstamp_update_setup(attrzp, STATE_CHANGED,
3169			    mtime, ctime, B_TRUE);
3170		}
3171	}
3172	/*
3173	 * Do this after setting timestamps to prevent timestamp
3174	 * update from toggling bit
3175	 */
3176
3177	if (xoap && (mask & AT_XVATTR)) {
3178
3179		/*
3180		 * restore trimmed off masks
3181		 * so that return masks can be set for caller.
3182		 */
3183
3184		if (XVA_ISSET_REQ(&tmpxvattr, XAT_APPENDONLY)) {
3185			XVA_SET_REQ(xvap, XAT_APPENDONLY);
3186		}
3187		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NOUNLINK)) {
3188			XVA_SET_REQ(xvap, XAT_NOUNLINK);
3189		}
3190		if (XVA_ISSET_REQ(&tmpxvattr, XAT_IMMUTABLE)) {
3191			XVA_SET_REQ(xvap, XAT_IMMUTABLE);
3192		}
3193		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NODUMP)) {
3194			XVA_SET_REQ(xvap, XAT_NODUMP);
3195		}
3196		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_MODIFIED)) {
3197			XVA_SET_REQ(xvap, XAT_AV_MODIFIED);
3198		}
3199		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_QUARANTINED)) {
3200			XVA_SET_REQ(xvap, XAT_AV_QUARANTINED);
3201		}
3202
3203		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3204			ASSERT(vp->v_type == VREG);
3205
3206		zfs_xvattr_set(zp, xvap, tx);
3207	}
3208
3209	if (fuid_dirtied)
3210		zfs_fuid_sync(zfsvfs, tx);
3211
3212	if (mask != 0)
3213		zfs_log_setattr(zilog, tx, TX_SETATTR, zp, vap, mask, fuidp);
3214
3215	mutex_exit(&zp->z_lock);
3216	if (mask & (AT_UID|AT_GID|AT_MODE))
3217		mutex_exit(&zp->z_acl_lock);
3218
3219	if (attrzp) {
3220		if (mask & (AT_UID|AT_GID|AT_MODE))
3221			mutex_exit(&attrzp->z_acl_lock);
3222		mutex_exit(&attrzp->z_lock);
3223	}
3224out:
3225	if (err == 0 && attrzp) {
3226		err2 = sa_bulk_update(attrzp->z_sa_hdl, xattr_bulk,
3227		    xattr_count, tx);
3228		ASSERT(err2 == 0);
3229	}
3230
3231	if (attrzp)
3232		VN_RELE(ZTOV(attrzp));
3233
3234	if (aclp)
3235		zfs_acl_free(aclp);
3236
3237	if (fuidp) {
3238		zfs_fuid_info_free(fuidp);
3239		fuidp = NULL;
3240	}
3241
3242	if (err) {
3243		dmu_tx_abort(tx);
3244		if (err == ERESTART)
3245			goto top;
3246	} else {
3247		err2 = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
3248		dmu_tx_commit(tx);
3249	}
3250
3251out2:
3252	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3253		zil_commit(zilog, 0);
3254
3255	ZFS_EXIT(zfsvfs);
3256	return (err);
3257}
3258
3259typedef struct zfs_zlock {
3260	krwlock_t	*zl_rwlock;	/* lock we acquired */
3261	znode_t		*zl_znode;	/* znode we held */
3262	struct zfs_zlock *zl_next;	/* next in list */
3263} zfs_zlock_t;
3264
3265/*
3266 * Drop locks and release vnodes that were held by zfs_rename_lock().
3267 */
3268static void
3269zfs_rename_unlock(zfs_zlock_t **zlpp)
3270{
3271	zfs_zlock_t *zl;
3272
3273	while ((zl = *zlpp) != NULL) {
3274		if (zl->zl_znode != NULL)
3275			VN_RELE(ZTOV(zl->zl_znode));
3276		rw_exit(zl->zl_rwlock);
3277		*zlpp = zl->zl_next;
3278		kmem_free(zl, sizeof (*zl));
3279	}
3280}
3281
3282/*
3283 * Search back through the directory tree, using the ".." entries.
3284 * Lock each directory in the chain to prevent concurrent renames.
3285 * Fail any attempt to move a directory into one of its own descendants.
3286 * XXX - z_parent_lock can overlap with map or grow locks
3287 */
3288static int
3289zfs_rename_lock(znode_t *szp, znode_t *tdzp, znode_t *sdzp, zfs_zlock_t **zlpp)
3290{
3291	zfs_zlock_t	*zl;
3292	znode_t		*zp = tdzp;
3293	uint64_t	rootid = zp->z_zfsvfs->z_root;
3294	uint64_t	oidp = zp->z_id;
3295	krwlock_t	*rwlp = &szp->z_parent_lock;
3296	krw_t		rw = RW_WRITER;
3297
3298	/*
3299	 * First pass write-locks szp and compares to zp->z_id.
3300	 * Later passes read-lock zp and compare to zp->z_parent.
3301	 */
3302	do {
3303		if (!rw_tryenter(rwlp, rw)) {
3304			/*
3305			 * Another thread is renaming in this path.
3306			 * Note that if we are a WRITER, we don't have any
3307			 * parent_locks held yet.
3308			 */
3309			if (rw == RW_READER && zp->z_id > szp->z_id) {
3310				/*
3311				 * Drop our locks and restart
3312				 */
3313				zfs_rename_unlock(&zl);
3314				*zlpp = NULL;
3315				zp = tdzp;
3316				oidp = zp->z_id;
3317				rwlp = &szp->z_parent_lock;
3318				rw = RW_WRITER;
3319				continue;
3320			} else {
3321				/*
3322				 * Wait for other thread to drop its locks
3323				 */
3324				rw_enter(rwlp, rw);
3325			}
3326		}
3327
3328		zl = kmem_alloc(sizeof (*zl), KM_SLEEP);
3329		zl->zl_rwlock = rwlp;
3330		zl->zl_znode = NULL;
3331		zl->zl_next = *zlpp;
3332		*zlpp = zl;
3333
3334		if (oidp == szp->z_id)		/* We're a descendant of szp */
3335			return (SET_ERROR(EINVAL));
3336
3337		if (oidp == rootid)		/* We've hit the top */
3338			return (0);
3339
3340		if (rw == RW_READER) {		/* i.e. not the first pass */
3341			int error = zfs_zget(zp->z_zfsvfs, oidp, &zp);
3342			if (error)
3343				return (error);
3344			zl->zl_znode = zp;
3345		}
3346		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zp->z_zfsvfs),
3347		    &oidp, sizeof (oidp));
3348		rwlp = &zp->z_parent_lock;
3349		rw = RW_READER;
3350
3351	} while (zp->z_id != sdzp->z_id);
3352
3353	return (0);
3354}
3355
3356/*
3357 * Move an entry from the provided source directory to the target
3358 * directory.  Change the entry name as indicated.
3359 *
3360 *	IN:	sdvp	- Source directory containing the "old entry".
3361 *		snm	- Old entry name.
3362 *		tdvp	- Target directory to contain the "new entry".
3363 *		tnm	- New entry name.
3364 *		cr	- credentials of caller.
3365 *		ct	- caller context
3366 *		flags	- case flags
3367 *
3368 *	RETURN:	0 on success, error code on failure.
3369 *
3370 * Timestamps:
3371 *	sdvp,tdvp - ctime|mtime updated
3372 */
3373/*ARGSUSED*/
3374static int
3375zfs_rename(vnode_t *sdvp, char *snm, vnode_t *tdvp, char *tnm, cred_t *cr,
3376    caller_context_t *ct, int flags)
3377{
3378	znode_t		*tdzp, *szp, *tzp;
3379	znode_t		*sdzp = VTOZ(sdvp);
3380	zfsvfs_t	*zfsvfs = sdzp->z_zfsvfs;
3381	zilog_t		*zilog;
3382	vnode_t		*realvp;
3383	zfs_dirlock_t	*sdl, *tdl;
3384	dmu_tx_t	*tx;
3385	zfs_zlock_t	*zl;
3386	int		cmp, serr, terr;
3387	int		error = 0;
3388	int		zflg = 0;
3389	boolean_t	waited = B_FALSE;
3390
3391	ZFS_ENTER(zfsvfs);
3392	ZFS_VERIFY_ZP(sdzp);
3393	zilog = zfsvfs->z_log;
3394
3395	/*
3396	 * Make sure we have the real vp for the target directory.
3397	 */
3398	if (VOP_REALVP(tdvp, &realvp, ct) == 0)
3399		tdvp = realvp;
3400
3401	tdzp = VTOZ(tdvp);
3402	ZFS_VERIFY_ZP(tdzp);
3403
3404	/*
3405	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
3406	 * ctldir appear to have the same v_vfsp.
3407	 */
3408	if (tdzp->z_zfsvfs != zfsvfs || zfsctl_is_node(tdvp)) {
3409		ZFS_EXIT(zfsvfs);
3410		return (SET_ERROR(EXDEV));
3411	}
3412
3413	if (zfsvfs->z_utf8 && u8_validate(tnm,
3414	    strlen(tnm), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3415		ZFS_EXIT(zfsvfs);
3416		return (SET_ERROR(EILSEQ));
3417	}
3418
3419	if (flags & FIGNORECASE)
3420		zflg |= ZCILOOK;
3421
3422top:
3423	szp = NULL;
3424	tzp = NULL;
3425	zl = NULL;
3426
3427	/*
3428	 * This is to prevent the creation of links into attribute space
3429	 * by renaming a linked file into/outof an attribute directory.
3430	 * See the comment in zfs_link() for why this is considered bad.
3431	 */
3432	if ((tdzp->z_pflags & ZFS_XATTR) != (sdzp->z_pflags & ZFS_XATTR)) {
3433		ZFS_EXIT(zfsvfs);
3434		return (SET_ERROR(EINVAL));
3435	}
3436
3437	/*
3438	 * Lock source and target directory entries.  To prevent deadlock,
3439	 * a lock ordering must be defined.  We lock the directory with
3440	 * the smallest object id first, or if it's a tie, the one with
3441	 * the lexically first name.
3442	 */
3443	if (sdzp->z_id < tdzp->z_id) {
3444		cmp = -1;
3445	} else if (sdzp->z_id > tdzp->z_id) {
3446		cmp = 1;
3447	} else {
3448		/*
3449		 * First compare the two name arguments without
3450		 * considering any case folding.
3451		 */
3452		int nofold = (zfsvfs->z_norm & ~U8_TEXTPREP_TOUPPER);
3453
3454		cmp = u8_strcmp(snm, tnm, 0, nofold, U8_UNICODE_LATEST, &error);
3455		ASSERT(error == 0 || !zfsvfs->z_utf8);
3456		if (cmp == 0) {
3457			/*
3458			 * POSIX: "If the old argument and the new argument
3459			 * both refer to links to the same existing file,
3460			 * the rename() function shall return successfully
3461			 * and perform no other action."
3462			 */
3463			ZFS_EXIT(zfsvfs);
3464			return (0);
3465		}
3466		/*
3467		 * If the file system is case-folding, then we may
3468		 * have some more checking to do.  A case-folding file
3469		 * system is either supporting mixed case sensitivity
3470		 * access or is completely case-insensitive.  Note
3471		 * that the file system is always case preserving.
3472		 *
3473		 * In mixed sensitivity mode case sensitive behavior
3474		 * is the default.  FIGNORECASE must be used to
3475		 * explicitly request case insensitive behavior.
3476		 *
3477		 * If the source and target names provided differ only
3478		 * by case (e.g., a request to rename 'tim' to 'Tim'),
3479		 * we will treat this as a special case in the
3480		 * case-insensitive mode: as long as the source name
3481		 * is an exact match, we will allow this to proceed as
3482		 * a name-change request.
3483		 */
3484		if ((zfsvfs->z_case == ZFS_CASE_INSENSITIVE ||
3485		    (zfsvfs->z_case == ZFS_CASE_MIXED &&
3486		    flags & FIGNORECASE)) &&
3487		    u8_strcmp(snm, tnm, 0, zfsvfs->z_norm, U8_UNICODE_LATEST,
3488		    &error) == 0) {
3489			/*
3490			 * case preserving rename request, require exact
3491			 * name matches
3492			 */
3493			zflg |= ZCIEXACT;
3494			zflg &= ~ZCILOOK;
3495		}
3496	}
3497
3498	/*
3499	 * If the source and destination directories are the same, we should
3500	 * grab the z_name_lock of that directory only once.
3501	 */
3502	if (sdzp == tdzp) {
3503		zflg |= ZHAVELOCK;
3504		rw_enter(&sdzp->z_name_lock, RW_READER);
3505	}
3506
3507	if (cmp < 0) {
3508		serr = zfs_dirent_lock(&sdl, sdzp, snm, &szp,
3509		    ZEXISTS | zflg, NULL, NULL);
3510		terr = zfs_dirent_lock(&tdl,
3511		    tdzp, tnm, &tzp, ZRENAMING | zflg, NULL, NULL);
3512	} else {
3513		terr = zfs_dirent_lock(&tdl,
3514		    tdzp, tnm, &tzp, zflg, NULL, NULL);
3515		serr = zfs_dirent_lock(&sdl,
3516		    sdzp, snm, &szp, ZEXISTS | ZRENAMING | zflg,
3517		    NULL, NULL);
3518	}
3519
3520	if (serr) {
3521		/*
3522		 * Source entry invalid or not there.
3523		 */
3524		if (!terr) {
3525			zfs_dirent_unlock(tdl);
3526			if (tzp)
3527				VN_RELE(ZTOV(tzp));
3528		}
3529
3530		if (sdzp == tdzp)
3531			rw_exit(&sdzp->z_name_lock);
3532
3533		if (strcmp(snm, "..") == 0)
3534			serr = SET_ERROR(EINVAL);
3535		ZFS_EXIT(zfsvfs);
3536		return (serr);
3537	}
3538	if (terr) {
3539		zfs_dirent_unlock(sdl);
3540		VN_RELE(ZTOV(szp));
3541
3542		if (sdzp == tdzp)
3543			rw_exit(&sdzp->z_name_lock);
3544
3545		if (strcmp(tnm, "..") == 0)
3546			terr = SET_ERROR(EINVAL);
3547		ZFS_EXIT(zfsvfs);
3548		return (terr);
3549	}
3550
3551	/*
3552	 * Must have write access at the source to remove the old entry
3553	 * and write access at the target to create the new entry.
3554	 * Note that if target and source are the same, this can be
3555	 * done in a single check.
3556	 */
3557
3558	if (error = zfs_zaccess_rename(sdzp, szp, tdzp, tzp, cr))
3559		goto out;
3560
3561	if (ZTOV(szp)->v_type == VDIR) {
3562		/*
3563		 * Check to make sure rename is valid.
3564		 * Can't do a move like this: /usr/a/b to /usr/a/b/c/d
3565		 */
3566		if (error = zfs_rename_lock(szp, tdzp, sdzp, &zl))
3567			goto out;
3568	}
3569
3570	/*
3571	 * Does target exist?
3572	 */
3573	if (tzp) {
3574		/*
3575		 * Source and target must be the same type.
3576		 */
3577		if (ZTOV(szp)->v_type == VDIR) {
3578			if (ZTOV(tzp)->v_type != VDIR) {
3579				error = SET_ERROR(ENOTDIR);
3580				goto out;
3581			}
3582		} else {
3583			if (ZTOV(tzp)->v_type == VDIR) {
3584				error = SET_ERROR(EISDIR);
3585				goto out;
3586			}
3587		}
3588		/*
3589		 * POSIX dictates that when the source and target
3590		 * entries refer to the same file object, rename
3591		 * must do nothing and exit without error.
3592		 */
3593		if (szp->z_id == tzp->z_id) {
3594			error = 0;
3595			goto out;
3596		}
3597	}
3598
3599	vnevent_rename_src(ZTOV(szp), sdvp, snm, ct);
3600	if (tzp)
3601		vnevent_rename_dest(ZTOV(tzp), tdvp, tnm, ct);
3602
3603	/*
3604	 * notify the target directory if it is not the same
3605	 * as source directory.
3606	 */
3607	if (tdvp != sdvp) {
3608		vnevent_rename_dest_dir(tdvp, ct);
3609	}
3610
3611	tx = dmu_tx_create(zfsvfs->z_os);
3612	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
3613	dmu_tx_hold_sa(tx, sdzp->z_sa_hdl, B_FALSE);
3614	dmu_tx_hold_zap(tx, sdzp->z_id, FALSE, snm);
3615	dmu_tx_hold_zap(tx, tdzp->z_id, TRUE, tnm);
3616	if (sdzp != tdzp) {
3617		dmu_tx_hold_sa(tx, tdzp->z_sa_hdl, B_FALSE);
3618		zfs_sa_upgrade_txholds(tx, tdzp);
3619	}
3620	if (tzp) {
3621		dmu_tx_hold_sa(tx, tzp->z_sa_hdl, B_FALSE);
3622		zfs_sa_upgrade_txholds(tx, tzp);
3623	}
3624
3625	zfs_sa_upgrade_txholds(tx, szp);
3626	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
3627	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3628	if (error) {
3629		if (zl != NULL)
3630			zfs_rename_unlock(&zl);
3631		zfs_dirent_unlock(sdl);
3632		zfs_dirent_unlock(tdl);
3633
3634		if (sdzp == tdzp)
3635			rw_exit(&sdzp->z_name_lock);
3636
3637		VN_RELE(ZTOV(szp));
3638		if (tzp)
3639			VN_RELE(ZTOV(tzp));
3640		if (error == ERESTART) {
3641			waited = B_TRUE;
3642			dmu_tx_wait(tx);
3643			dmu_tx_abort(tx);
3644			goto top;
3645		}
3646		dmu_tx_abort(tx);
3647		ZFS_EXIT(zfsvfs);
3648		return (error);
3649	}
3650
3651	if (tzp)	/* Attempt to remove the existing target */
3652		error = zfs_link_destroy(tdl, tzp, tx, zflg, NULL);
3653
3654	if (error == 0) {
3655		error = zfs_link_create(tdl, szp, tx, ZRENAMING);
3656		if (error == 0) {
3657			szp->z_pflags |= ZFS_AV_MODIFIED;
3658
3659			error = sa_update(szp->z_sa_hdl, SA_ZPL_FLAGS(zfsvfs),
3660			    (void *)&szp->z_pflags, sizeof (uint64_t), tx);
3661			ASSERT0(error);
3662
3663			error = zfs_link_destroy(sdl, szp, tx, ZRENAMING, NULL);
3664			if (error == 0) {
3665				zfs_log_rename(zilog, tx, TX_RENAME |
3666				    (flags & FIGNORECASE ? TX_CI : 0), sdzp,
3667				    sdl->dl_name, tdzp, tdl->dl_name, szp);
3668
3669				/*
3670				 * Update path information for the target vnode
3671				 */
3672				vn_renamepath(tdvp, ZTOV(szp), tnm,
3673				    strlen(tnm));
3674			} else {
3675				/*
3676				 * At this point, we have successfully created
3677				 * the target name, but have failed to remove
3678				 * the source name.  Since the create was done
3679				 * with the ZRENAMING flag, there are
3680				 * complications; for one, the link count is
3681				 * wrong.  The easiest way to deal with this
3682				 * is to remove the newly created target, and
3683				 * return the original error.  This must
3684				 * succeed; fortunately, it is very unlikely to
3685				 * fail, since we just created it.
3686				 */
3687				VERIFY3U(zfs_link_destroy(tdl, szp, tx,
3688				    ZRENAMING, NULL), ==, 0);
3689			}
3690		}
3691	}
3692
3693	dmu_tx_commit(tx);
3694out:
3695	if (zl != NULL)
3696		zfs_rename_unlock(&zl);
3697
3698	zfs_dirent_unlock(sdl);
3699	zfs_dirent_unlock(tdl);
3700
3701	if (sdzp == tdzp)
3702		rw_exit(&sdzp->z_name_lock);
3703
3704
3705	VN_RELE(ZTOV(szp));
3706	if (tzp)
3707		VN_RELE(ZTOV(tzp));
3708
3709	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3710		zil_commit(zilog, 0);
3711
3712	ZFS_EXIT(zfsvfs);
3713	return (error);
3714}
3715
3716/*
3717 * Insert the indicated symbolic reference entry into the directory.
3718 *
3719 *	IN:	dvp	- Directory to contain new symbolic link.
3720 *		link	- Name for new symlink entry.
3721 *		vap	- Attributes of new entry.
3722 *		cr	- credentials of caller.
3723 *		ct	- caller context
3724 *		flags	- case flags
3725 *
3726 *	RETURN:	0 on success, error code on failure.
3727 *
3728 * Timestamps:
3729 *	dvp - ctime|mtime updated
3730 */
3731/*ARGSUSED*/
3732static int
3733zfs_symlink(vnode_t *dvp, char *name, vattr_t *vap, char *link, cred_t *cr,
3734    caller_context_t *ct, int flags)
3735{
3736	znode_t		*zp, *dzp = VTOZ(dvp);
3737	zfs_dirlock_t	*dl;
3738	dmu_tx_t	*tx;
3739	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3740	zilog_t		*zilog;
3741	uint64_t	len = strlen(link);
3742	int		error;
3743	int		zflg = ZNEW;
3744	zfs_acl_ids_t	acl_ids;
3745	boolean_t	fuid_dirtied;
3746	uint64_t	txtype = TX_SYMLINK;
3747	boolean_t	waited = B_FALSE;
3748
3749	ASSERT(vap->va_type == VLNK);
3750
3751	ZFS_ENTER(zfsvfs);
3752	ZFS_VERIFY_ZP(dzp);
3753	zilog = zfsvfs->z_log;
3754
3755	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
3756	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3757		ZFS_EXIT(zfsvfs);
3758		return (SET_ERROR(EILSEQ));
3759	}
3760	if (flags & FIGNORECASE)
3761		zflg |= ZCILOOK;
3762
3763	if (len > MAXPATHLEN) {
3764		ZFS_EXIT(zfsvfs);
3765		return (SET_ERROR(ENAMETOOLONG));
3766	}
3767
3768	if ((error = zfs_acl_ids_create(dzp, 0,
3769	    vap, cr, NULL, &acl_ids)) != 0) {
3770		ZFS_EXIT(zfsvfs);
3771		return (error);
3772	}
3773top:
3774	/*
3775	 * Attempt to lock directory; fail if entry already exists.
3776	 */
3777	error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg, NULL, NULL);
3778	if (error) {
3779		zfs_acl_ids_free(&acl_ids);
3780		ZFS_EXIT(zfsvfs);
3781		return (error);
3782	}
3783
3784	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
3785		zfs_acl_ids_free(&acl_ids);
3786		zfs_dirent_unlock(dl);
3787		ZFS_EXIT(zfsvfs);
3788		return (error);
3789	}
3790
3791	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
3792		zfs_acl_ids_free(&acl_ids);
3793		zfs_dirent_unlock(dl);
3794		ZFS_EXIT(zfsvfs);
3795		return (SET_ERROR(EDQUOT));
3796	}
3797	tx = dmu_tx_create(zfsvfs->z_os);
3798	fuid_dirtied = zfsvfs->z_fuid_dirty;
3799	dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, MAX(1, len));
3800	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
3801	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
3802	    ZFS_SA_BASE_ATTR_SIZE + len);
3803	dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
3804	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3805		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
3806		    acl_ids.z_aclp->z_acl_bytes);
3807	}
3808	if (fuid_dirtied)
3809		zfs_fuid_txhold(zfsvfs, tx);
3810	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3811	if (error) {
3812		zfs_dirent_unlock(dl);
3813		if (error == ERESTART) {
3814			waited = B_TRUE;
3815			dmu_tx_wait(tx);
3816			dmu_tx_abort(tx);
3817			goto top;
3818		}
3819		zfs_acl_ids_free(&acl_ids);
3820		dmu_tx_abort(tx);
3821		ZFS_EXIT(zfsvfs);
3822		return (error);
3823	}
3824
3825	/*
3826	 * Create a new object for the symlink.
3827	 * for version 4 ZPL datsets the symlink will be an SA attribute
3828	 */
3829	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
3830
3831	if (fuid_dirtied)
3832		zfs_fuid_sync(zfsvfs, tx);
3833
3834	mutex_enter(&zp->z_lock);
3835	if (zp->z_is_sa)
3836		error = sa_update(zp->z_sa_hdl, SA_ZPL_SYMLINK(zfsvfs),
3837		    link, len, tx);
3838	else
3839		zfs_sa_symlink(zp, link, len, tx);
3840	mutex_exit(&zp->z_lock);
3841
3842	zp->z_size = len;
3843	(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
3844	    &zp->z_size, sizeof (zp->z_size), tx);
3845	/*
3846	 * Insert the new object into the directory.
3847	 */
3848	(void) zfs_link_create(dl, zp, tx, ZNEW);
3849
3850	if (flags & FIGNORECASE)
3851		txtype |= TX_CI;
3852	zfs_log_symlink(zilog, tx, txtype, dzp, zp, name, link);
3853
3854	zfs_acl_ids_free(&acl_ids);
3855
3856	dmu_tx_commit(tx);
3857
3858	zfs_dirent_unlock(dl);
3859
3860	VN_RELE(ZTOV(zp));
3861
3862	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3863		zil_commit(zilog, 0);
3864
3865	ZFS_EXIT(zfsvfs);
3866	return (error);
3867}
3868
3869/*
3870 * Return, in the buffer contained in the provided uio structure,
3871 * the symbolic path referred to by vp.
3872 *
3873 *	IN:	vp	- vnode of symbolic link.
3874 *		uio	- structure to contain the link path.
3875 *		cr	- credentials of caller.
3876 *		ct	- caller context
3877 *
3878 *	OUT:	uio	- structure containing the link path.
3879 *
3880 *	RETURN:	0 on success, error code on failure.
3881 *
3882 * Timestamps:
3883 *	vp - atime updated
3884 */
3885/* ARGSUSED */
3886static int
3887zfs_readlink(vnode_t *vp, uio_t *uio, cred_t *cr, caller_context_t *ct)
3888{
3889	znode_t		*zp = VTOZ(vp);
3890	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
3891	int		error;
3892
3893	ZFS_ENTER(zfsvfs);
3894	ZFS_VERIFY_ZP(zp);
3895
3896	mutex_enter(&zp->z_lock);
3897	if (zp->z_is_sa)
3898		error = sa_lookup_uio(zp->z_sa_hdl,
3899		    SA_ZPL_SYMLINK(zfsvfs), uio);
3900	else
3901		error = zfs_sa_readlink(zp, uio);
3902	mutex_exit(&zp->z_lock);
3903
3904	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
3905
3906	ZFS_EXIT(zfsvfs);
3907	return (error);
3908}
3909
3910/*
3911 * Insert a new entry into directory tdvp referencing svp.
3912 *
3913 *	IN:	tdvp	- Directory to contain new entry.
3914 *		svp	- vnode of new entry.
3915 *		name	- name of new entry.
3916 *		cr	- credentials of caller.
3917 *		ct	- caller context
3918 *
3919 *	RETURN:	0 on success, error code on failure.
3920 *
3921 * Timestamps:
3922 *	tdvp - ctime|mtime updated
3923 *	 svp - ctime updated
3924 */
3925/* ARGSUSED */
3926static int
3927zfs_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr,
3928    caller_context_t *ct, int flags)
3929{
3930	znode_t		*dzp = VTOZ(tdvp);
3931	znode_t		*tzp, *szp;
3932	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3933	zilog_t		*zilog;
3934	zfs_dirlock_t	*dl;
3935	dmu_tx_t	*tx;
3936	vnode_t		*realvp;
3937	int		error;
3938	int		zf = ZNEW;
3939	uint64_t	parent;
3940	uid_t		owner;
3941	boolean_t	waited = B_FALSE;
3942
3943	ASSERT(tdvp->v_type == VDIR);
3944
3945	ZFS_ENTER(zfsvfs);
3946	ZFS_VERIFY_ZP(dzp);
3947	zilog = zfsvfs->z_log;
3948
3949	if (VOP_REALVP(svp, &realvp, ct) == 0)
3950		svp = realvp;
3951
3952	/*
3953	 * POSIX dictates that we return EPERM here.
3954	 * Better choices include ENOTSUP or EISDIR.
3955	 */
3956	if (svp->v_type == VDIR) {
3957		ZFS_EXIT(zfsvfs);
3958		return (SET_ERROR(EPERM));
3959	}
3960
3961	szp = VTOZ(svp);
3962	ZFS_VERIFY_ZP(szp);
3963
3964	/*
3965	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
3966	 * ctldir appear to have the same v_vfsp.
3967	 */
3968	if (szp->z_zfsvfs != zfsvfs || zfsctl_is_node(svp)) {
3969		ZFS_EXIT(zfsvfs);
3970		return (SET_ERROR(EXDEV));
3971	}
3972
3973	/* Prevent links to .zfs/shares files */
3974
3975	if ((error = sa_lookup(szp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
3976	    &parent, sizeof (uint64_t))) != 0) {
3977		ZFS_EXIT(zfsvfs);
3978		return (error);
3979	}
3980	if (parent == zfsvfs->z_shares_dir) {
3981		ZFS_EXIT(zfsvfs);
3982		return (SET_ERROR(EPERM));
3983	}
3984
3985	if (zfsvfs->z_utf8 && u8_validate(name,
3986	    strlen(name), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3987		ZFS_EXIT(zfsvfs);
3988		return (SET_ERROR(EILSEQ));
3989	}
3990	if (flags & FIGNORECASE)
3991		zf |= ZCILOOK;
3992
3993	/*
3994	 * We do not support links between attributes and non-attributes
3995	 * because of the potential security risk of creating links
3996	 * into "normal" file space in order to circumvent restrictions
3997	 * imposed in attribute space.
3998	 */
3999	if ((szp->z_pflags & ZFS_XATTR) != (dzp->z_pflags & ZFS_XATTR)) {
4000		ZFS_EXIT(zfsvfs);
4001		return (SET_ERROR(EINVAL));
4002	}
4003
4004
4005	owner = zfs_fuid_map_id(zfsvfs, szp->z_uid, cr, ZFS_OWNER);
4006	if (owner != crgetuid(cr) && secpolicy_basic_link(cr) != 0) {
4007		ZFS_EXIT(zfsvfs);
4008		return (SET_ERROR(EPERM));
4009	}
4010
4011	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
4012		ZFS_EXIT(zfsvfs);
4013		return (error);
4014	}
4015
4016top:
4017	/*
4018	 * Attempt to lock directory; fail if entry already exists.
4019	 */
4020	error = zfs_dirent_lock(&dl, dzp, name, &tzp, zf, NULL, NULL);
4021	if (error) {
4022		ZFS_EXIT(zfsvfs);
4023		return (error);
4024	}
4025
4026	tx = dmu_tx_create(zfsvfs->z_os);
4027	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
4028	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
4029	zfs_sa_upgrade_txholds(tx, szp);
4030	zfs_sa_upgrade_txholds(tx, dzp);
4031	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
4032	if (error) {
4033		zfs_dirent_unlock(dl);
4034		if (error == ERESTART) {
4035			waited = B_TRUE;
4036			dmu_tx_wait(tx);
4037			dmu_tx_abort(tx);
4038			goto top;
4039		}
4040		dmu_tx_abort(tx);
4041		ZFS_EXIT(zfsvfs);
4042		return (error);
4043	}
4044
4045	error = zfs_link_create(dl, szp, tx, 0);
4046
4047	if (error == 0) {
4048		uint64_t txtype = TX_LINK;
4049		if (flags & FIGNORECASE)
4050			txtype |= TX_CI;
4051		zfs_log_link(zilog, tx, txtype, dzp, szp, name);
4052	}
4053
4054	dmu_tx_commit(tx);
4055
4056	zfs_dirent_unlock(dl);
4057
4058	if (error == 0) {
4059		vnevent_link(svp, ct);
4060	}
4061
4062	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4063		zil_commit(zilog, 0);
4064
4065	ZFS_EXIT(zfsvfs);
4066	return (error);
4067}
4068
4069/*
4070 * zfs_null_putapage() is used when the file system has been force
4071 * unmounted. It just drops the pages.
4072 */
4073/* ARGSUSED */
4074static int
4075zfs_null_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4076		size_t *lenp, int flags, cred_t *cr)
4077{
4078	pvn_write_done(pp, B_INVAL|B_FORCE|B_ERROR);
4079	return (0);
4080}
4081
4082/*
4083 * Push a page out to disk, klustering if possible.
4084 *
4085 *	IN:	vp	- file to push page to.
4086 *		pp	- page to push.
4087 *		flags	- additional flags.
4088 *		cr	- credentials of caller.
4089 *
4090 *	OUT:	offp	- start of range pushed.
4091 *		lenp	- len of range pushed.
4092 *
4093 *	RETURN:	0 on success, error code on failure.
4094 *
4095 * NOTE: callers must have locked the page to be pushed.  On
4096 * exit, the page (and all other pages in the kluster) must be
4097 * unlocked.
4098 */
4099/* ARGSUSED */
4100static int
4101zfs_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4102		size_t *lenp, int flags, cred_t *cr)
4103{
4104	znode_t		*zp = VTOZ(vp);
4105	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4106	dmu_tx_t	*tx;
4107	u_offset_t	off, koff;
4108	size_t		len, klen;
4109	int		err;
4110
4111	off = pp->p_offset;
4112	len = PAGESIZE;
4113	/*
4114	 * If our blocksize is bigger than the page size, try to kluster
4115	 * multiple pages so that we write a full block (thus avoiding
4116	 * a read-modify-write).
4117	 */
4118	if (off < zp->z_size && zp->z_blksz > PAGESIZE) {
4119		klen = P2ROUNDUP((ulong_t)zp->z_blksz, PAGESIZE);
4120		koff = ISP2(klen) ? P2ALIGN(off, (u_offset_t)klen) : 0;
4121		ASSERT(koff <= zp->z_size);
4122		if (koff + klen > zp->z_size)
4123			klen = P2ROUNDUP(zp->z_size - koff, (uint64_t)PAGESIZE);
4124		pp = pvn_write_kluster(vp, pp, &off, &len, koff, klen, flags);
4125	}
4126	ASSERT3U(btop(len), ==, btopr(len));
4127
4128	/*
4129	 * Can't push pages past end-of-file.
4130	 */
4131	if (off >= zp->z_size) {
4132		/* ignore all pages */
4133		err = 0;
4134		goto out;
4135	} else if (off + len > zp->z_size) {
4136		int npages = btopr(zp->z_size - off);
4137		page_t *trunc;
4138
4139		page_list_break(&pp, &trunc, npages);
4140		/* ignore pages past end of file */
4141		if (trunc)
4142			pvn_write_done(trunc, flags);
4143		len = zp->z_size - off;
4144	}
4145
4146	if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
4147	    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
4148		err = SET_ERROR(EDQUOT);
4149		goto out;
4150	}
4151	tx = dmu_tx_create(zfsvfs->z_os);
4152	dmu_tx_hold_write(tx, zp->z_id, off, len);
4153
4154	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4155	zfs_sa_upgrade_txholds(tx, zp);
4156	err = dmu_tx_assign(tx, TXG_WAIT);
4157	if (err != 0) {
4158		dmu_tx_abort(tx);
4159		goto out;
4160	}
4161
4162	if (zp->z_blksz <= PAGESIZE) {
4163		caddr_t va = zfs_map_page(pp, S_READ);
4164		ASSERT3U(len, <=, PAGESIZE);
4165		dmu_write(zfsvfs->z_os, zp->z_id, off, len, va, tx);
4166		zfs_unmap_page(pp, va);
4167	} else {
4168		err = dmu_write_pages(zfsvfs->z_os, zp->z_id, off, len, pp, tx);
4169	}
4170
4171	if (err == 0) {
4172		uint64_t mtime[2], ctime[2];
4173		sa_bulk_attr_t bulk[3];
4174		int count = 0;
4175
4176		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
4177		    &mtime, 16);
4178		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
4179		    &ctime, 16);
4180		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
4181		    &zp->z_pflags, 8);
4182		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
4183		    B_TRUE);
4184		zfs_log_write(zfsvfs->z_log, tx, TX_WRITE, zp, off, len, 0);
4185	}
4186	dmu_tx_commit(tx);
4187
4188out:
4189	pvn_write_done(pp, (err ? B_ERROR : 0) | flags);
4190	if (offp)
4191		*offp = off;
4192	if (lenp)
4193		*lenp = len;
4194
4195	return (err);
4196}
4197
4198/*
4199 * Copy the portion of the file indicated from pages into the file.
4200 * The pages are stored in a page list attached to the files vnode.
4201 *
4202 *	IN:	vp	- vnode of file to push page data to.
4203 *		off	- position in file to put data.
4204 *		len	- amount of data to write.
4205 *		flags	- flags to control the operation.
4206 *		cr	- credentials of caller.
4207 *		ct	- caller context.
4208 *
4209 *	RETURN:	0 on success, error code on failure.
4210 *
4211 * Timestamps:
4212 *	vp - ctime|mtime updated
4213 */
4214/*ARGSUSED*/
4215static int
4216zfs_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr,
4217    caller_context_t *ct)
4218{
4219	znode_t		*zp = VTOZ(vp);
4220	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4221	page_t		*pp;
4222	size_t		io_len;
4223	u_offset_t	io_off;
4224	uint_t		blksz;
4225	rl_t		*rl;
4226	int		error = 0;
4227
4228	ZFS_ENTER(zfsvfs);
4229	ZFS_VERIFY_ZP(zp);
4230
4231	/*
4232	 * There's nothing to do if no data is cached.
4233	 */
4234	if (!vn_has_cached_data(vp)) {
4235		ZFS_EXIT(zfsvfs);
4236		return (0);
4237	}
4238
4239	/*
4240	 * Align this request to the file block size in case we kluster.
4241	 * XXX - this can result in pretty aggresive locking, which can
4242	 * impact simultanious read/write access.  One option might be
4243	 * to break up long requests (len == 0) into block-by-block
4244	 * operations to get narrower locking.
4245	 */
4246	blksz = zp->z_blksz;
4247	if (ISP2(blksz))
4248		io_off = P2ALIGN_TYPED(off, blksz, u_offset_t);
4249	else
4250		io_off = 0;
4251	if (len > 0 && ISP2(blksz))
4252		io_len = P2ROUNDUP_TYPED(len + (off - io_off), blksz, size_t);
4253	else
4254		io_len = 0;
4255
4256	if (io_len == 0) {
4257		/*
4258		 * Search the entire vp list for pages >= io_off.
4259		 */
4260		rl = zfs_range_lock(zp, io_off, UINT64_MAX, RL_WRITER);
4261		error = pvn_vplist_dirty(vp, io_off, zfs_putapage, flags, cr);
4262		goto out;
4263	}
4264	rl = zfs_range_lock(zp, io_off, io_len, RL_WRITER);
4265
4266	if (off > zp->z_size) {
4267		/* past end of file */
4268		zfs_range_unlock(rl);
4269		ZFS_EXIT(zfsvfs);
4270		return (0);
4271	}
4272
4273	len = MIN(io_len, P2ROUNDUP(zp->z_size, PAGESIZE) - io_off);
4274
4275	for (off = io_off; io_off < off + len; io_off += io_len) {
4276		if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
4277			pp = page_lookup(vp, io_off,
4278			    (flags & (B_INVAL | B_FREE)) ? SE_EXCL : SE_SHARED);
4279		} else {
4280			pp = page_lookup_nowait(vp, io_off,
4281			    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
4282		}
4283
4284		if (pp != NULL && pvn_getdirty(pp, flags)) {
4285			int err;
4286
4287			/*
4288			 * Found a dirty page to push
4289			 */
4290			err = zfs_putapage(vp, pp, &io_off, &io_len, flags, cr);
4291			if (err)
4292				error = err;
4293		} else {
4294			io_len = PAGESIZE;
4295		}
4296	}
4297out:
4298	zfs_range_unlock(rl);
4299	if ((flags & B_ASYNC) == 0 || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4300		zil_commit(zfsvfs->z_log, zp->z_id);
4301	ZFS_EXIT(zfsvfs);
4302	return (error);
4303}
4304
4305/*ARGSUSED*/
4306void
4307zfs_inactive(vnode_t *vp, cred_t *cr, caller_context_t *ct)
4308{
4309	znode_t	*zp = VTOZ(vp);
4310	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4311	int error;
4312
4313	rw_enter(&zfsvfs->z_teardown_inactive_lock, RW_READER);
4314	if (zp->z_sa_hdl == NULL) {
4315		/*
4316		 * The fs has been unmounted, or we did a
4317		 * suspend/resume and this file no longer exists.
4318		 */
4319		if (vn_has_cached_data(vp)) {
4320			(void) pvn_vplist_dirty(vp, 0, zfs_null_putapage,
4321			    B_INVAL, cr);
4322		}
4323
4324		mutex_enter(&zp->z_lock);
4325		mutex_enter(&vp->v_lock);
4326		ASSERT(vp->v_count == 1);
4327		vp->v_count = 0;
4328		mutex_exit(&vp->v_lock);
4329		mutex_exit(&zp->z_lock);
4330		rw_exit(&zfsvfs->z_teardown_inactive_lock);
4331		zfs_znode_free(zp);
4332		return;
4333	}
4334
4335	/*
4336	 * Attempt to push any data in the page cache.  If this fails
4337	 * we will get kicked out later in zfs_zinactive().
4338	 */
4339	if (vn_has_cached_data(vp)) {
4340		(void) pvn_vplist_dirty(vp, 0, zfs_putapage, B_INVAL|B_ASYNC,
4341		    cr);
4342	}
4343
4344	if (zp->z_atime_dirty && zp->z_unlinked == 0) {
4345		dmu_tx_t *tx = dmu_tx_create(zfsvfs->z_os);
4346
4347		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4348		zfs_sa_upgrade_txholds(tx, zp);
4349		error = dmu_tx_assign(tx, TXG_WAIT);
4350		if (error) {
4351			dmu_tx_abort(tx);
4352		} else {
4353			mutex_enter(&zp->z_lock);
4354			(void) sa_update(zp->z_sa_hdl, SA_ZPL_ATIME(zfsvfs),
4355			    (void *)&zp->z_atime, sizeof (zp->z_atime), tx);
4356			zp->z_atime_dirty = 0;
4357			mutex_exit(&zp->z_lock);
4358			dmu_tx_commit(tx);
4359		}
4360	}
4361
4362	zfs_zinactive(zp);
4363	rw_exit(&zfsvfs->z_teardown_inactive_lock);
4364}
4365
4366/*
4367 * Bounds-check the seek operation.
4368 *
4369 *	IN:	vp	- vnode seeking within
4370 *		ooff	- old file offset
4371 *		noffp	- pointer to new file offset
4372 *		ct	- caller context
4373 *
4374 *	RETURN:	0 on success, EINVAL if new offset invalid.
4375 */
4376/* ARGSUSED */
4377static int
4378zfs_seek(vnode_t *vp, offset_t ooff, offset_t *noffp,
4379    caller_context_t *ct)
4380{
4381	if (vp->v_type == VDIR)
4382		return (0);
4383	return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
4384}
4385
4386/*
4387 * Pre-filter the generic locking function to trap attempts to place
4388 * a mandatory lock on a memory mapped file.
4389 */
4390static int
4391zfs_frlock(vnode_t *vp, int cmd, flock64_t *bfp, int flag, offset_t offset,
4392    flk_callback_t *flk_cbp, cred_t *cr, caller_context_t *ct)
4393{
4394	znode_t *zp = VTOZ(vp);
4395	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4396
4397	ZFS_ENTER(zfsvfs);
4398	ZFS_VERIFY_ZP(zp);
4399
4400	/*
4401	 * We are following the UFS semantics with respect to mapcnt
4402	 * here: If we see that the file is mapped already, then we will
4403	 * return an error, but we don't worry about races between this
4404	 * function and zfs_map().
4405	 */
4406	if (zp->z_mapcnt > 0 && MANDMODE(zp->z_mode)) {
4407		ZFS_EXIT(zfsvfs);
4408		return (SET_ERROR(EAGAIN));
4409	}
4410	ZFS_EXIT(zfsvfs);
4411	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr, ct));
4412}
4413
4414/*
4415 * If we can't find a page in the cache, we will create a new page
4416 * and fill it with file data.  For efficiency, we may try to fill
4417 * multiple pages at once (klustering) to fill up the supplied page
4418 * list.  Note that the pages to be filled are held with an exclusive
4419 * lock to prevent access by other threads while they are being filled.
4420 */
4421static int
4422zfs_fillpage(vnode_t *vp, u_offset_t off, struct seg *seg,
4423    caddr_t addr, page_t *pl[], size_t plsz, enum seg_rw rw)
4424{
4425	znode_t *zp = VTOZ(vp);
4426	page_t *pp, *cur_pp;
4427	objset_t *os = zp->z_zfsvfs->z_os;
4428	u_offset_t io_off, total;
4429	size_t io_len;
4430	int err;
4431
4432	if (plsz == PAGESIZE || zp->z_blksz <= PAGESIZE) {
4433		/*
4434		 * We only have a single page, don't bother klustering
4435		 */
4436		io_off = off;
4437		io_len = PAGESIZE;
4438		pp = page_create_va(vp, io_off, io_len,
4439		    PG_EXCL | PG_WAIT, seg, addr);
4440	} else {
4441		/*
4442		 * Try to find enough pages to fill the page list
4443		 */
4444		pp = pvn_read_kluster(vp, off, seg, addr, &io_off,
4445		    &io_len, off, plsz, 0);
4446	}
4447	if (pp == NULL) {
4448		/*
4449		 * The page already exists, nothing to do here.
4450		 */
4451		*pl = NULL;
4452		return (0);
4453	}
4454
4455	/*
4456	 * Fill the pages in the kluster.
4457	 */
4458	cur_pp = pp;
4459	for (total = io_off + io_len; io_off < total; io_off += PAGESIZE) {
4460		caddr_t va;
4461
4462		ASSERT3U(io_off, ==, cur_pp->p_offset);
4463		va = zfs_map_page(cur_pp, S_WRITE);
4464		err = dmu_read(os, zp->z_id, io_off, PAGESIZE, va,
4465		    DMU_READ_PREFETCH);
4466		zfs_unmap_page(cur_pp, va);
4467		if (err) {
4468			/* On error, toss the entire kluster */
4469			pvn_read_done(pp, B_ERROR);
4470			/* convert checksum errors into IO errors */
4471			if (err == ECKSUM)
4472				err = SET_ERROR(EIO);
4473			return (err);
4474		}
4475		cur_pp = cur_pp->p_next;
4476	}
4477
4478	/*
4479	 * Fill in the page list array from the kluster starting
4480	 * from the desired offset `off'.
4481	 * NOTE: the page list will always be null terminated.
4482	 */
4483	pvn_plist_init(pp, pl, plsz, off, io_len, rw);
4484	ASSERT(pl == NULL || (*pl)->p_offset == off);
4485
4486	return (0);
4487}
4488
4489/*
4490 * Return pointers to the pages for the file region [off, off + len]
4491 * in the pl array.  If plsz is greater than len, this function may
4492 * also return page pointers from after the specified region
4493 * (i.e. the region [off, off + plsz]).  These additional pages are
4494 * only returned if they are already in the cache, or were created as
4495 * part of a klustered read.
4496 *
4497 *	IN:	vp	- vnode of file to get data from.
4498 *		off	- position in file to get data from.
4499 *		len	- amount of data to retrieve.
4500 *		plsz	- length of provided page list.
4501 *		seg	- segment to obtain pages for.
4502 *		addr	- virtual address of fault.
4503 *		rw	- mode of created pages.
4504 *		cr	- credentials of caller.
4505 *		ct	- caller context.
4506 *
4507 *	OUT:	protp	- protection mode of created pages.
4508 *		pl	- list of pages created.
4509 *
4510 *	RETURN:	0 on success, error code on failure.
4511 *
4512 * Timestamps:
4513 *	vp - atime updated
4514 */
4515/* ARGSUSED */
4516static int
4517zfs_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
4518    page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4519    enum seg_rw rw, cred_t *cr, caller_context_t *ct)
4520{
4521	znode_t		*zp = VTOZ(vp);
4522	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4523	page_t		**pl0 = pl;
4524	int		err = 0;
4525
4526	/* we do our own caching, faultahead is unnecessary */
4527	if (pl == NULL)
4528		return (0);
4529	else if (len > plsz)
4530		len = plsz;
4531	else
4532		len = P2ROUNDUP(len, PAGESIZE);
4533	ASSERT(plsz >= len);
4534
4535	ZFS_ENTER(zfsvfs);
4536	ZFS_VERIFY_ZP(zp);
4537
4538	if (protp)
4539		*protp = PROT_ALL;
4540
4541	/*
4542	 * Loop through the requested range [off, off + len) looking
4543	 * for pages.  If we don't find a page, we will need to create
4544	 * a new page and fill it with data from the file.
4545	 */
4546	while (len > 0) {
4547		if (*pl = page_lookup(vp, off, SE_SHARED))
4548			*(pl+1) = NULL;
4549		else if (err = zfs_fillpage(vp, off, seg, addr, pl, plsz, rw))
4550			goto out;
4551		while (*pl) {
4552			ASSERT3U((*pl)->p_offset, ==, off);
4553			off += PAGESIZE;
4554			addr += PAGESIZE;
4555			if (len > 0) {
4556				ASSERT3U(len, >=, PAGESIZE);
4557				len -= PAGESIZE;
4558			}
4559			ASSERT3U(plsz, >=, PAGESIZE);
4560			plsz -= PAGESIZE;
4561			pl++;
4562		}
4563	}
4564
4565	/*
4566	 * Fill out the page array with any pages already in the cache.
4567	 */
4568	while (plsz > 0 &&
4569	    (*pl++ = page_lookup_nowait(vp, off, SE_SHARED))) {
4570			off += PAGESIZE;
4571			plsz -= PAGESIZE;
4572	}
4573out:
4574	if (err) {
4575		/*
4576		 * Release any pages we have previously locked.
4577		 */
4578		while (pl > pl0)
4579			page_unlock(*--pl);
4580	} else {
4581		ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
4582	}
4583
4584	*pl = NULL;
4585
4586	ZFS_EXIT(zfsvfs);
4587	return (err);
4588}
4589
4590/*
4591 * Request a memory map for a section of a file.  This code interacts
4592 * with common code and the VM system as follows:
4593 *
4594 * - common code calls mmap(), which ends up in smmap_common()
4595 * - this calls VOP_MAP(), which takes you into (say) zfs
4596 * - zfs_map() calls as_map(), passing segvn_create() as the callback
4597 * - segvn_create() creates the new segment and calls VOP_ADDMAP()
4598 * - zfs_addmap() updates z_mapcnt
4599 */
4600/*ARGSUSED*/
4601static int
4602zfs_map(vnode_t *vp, offset_t off, struct as *as, caddr_t *addrp,
4603    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4604    caller_context_t *ct)
4605{
4606	znode_t *zp = VTOZ(vp);
4607	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4608	segvn_crargs_t	vn_a;
4609	int		error;
4610
4611	ZFS_ENTER(zfsvfs);
4612	ZFS_VERIFY_ZP(zp);
4613
4614	if ((prot & PROT_WRITE) && (zp->z_pflags &
4615	    (ZFS_IMMUTABLE | ZFS_READONLY | ZFS_APPENDONLY))) {
4616		ZFS_EXIT(zfsvfs);
4617		return (SET_ERROR(EPERM));
4618	}
4619
4620	if ((prot & (PROT_READ | PROT_EXEC)) &&
4621	    (zp->z_pflags & ZFS_AV_QUARANTINED)) {
4622		ZFS_EXIT(zfsvfs);
4623		return (SET_ERROR(EACCES));
4624	}
4625
4626	if (vp->v_flag & VNOMAP) {
4627		ZFS_EXIT(zfsvfs);
4628		return (SET_ERROR(ENOSYS));
4629	}
4630
4631	if (off < 0 || len > MAXOFFSET_T - off) {
4632		ZFS_EXIT(zfsvfs);
4633		return (SET_ERROR(ENXIO));
4634	}
4635
4636	if (vp->v_type != VREG) {
4637		ZFS_EXIT(zfsvfs);
4638		return (SET_ERROR(ENODEV));
4639	}
4640
4641	/*
4642	 * If file is locked, disallow mapping.
4643	 */
4644	if (MANDMODE(zp->z_mode) && vn_has_flocks(vp)) {
4645		ZFS_EXIT(zfsvfs);
4646		return (SET_ERROR(EAGAIN));
4647	}
4648
4649	as_rangelock(as);
4650	error = choose_addr(as, addrp, len, off, ADDR_VACALIGN, flags);
4651	if (error != 0) {
4652		as_rangeunlock(as);
4653		ZFS_EXIT(zfsvfs);
4654		return (error);
4655	}
4656
4657	vn_a.vp = vp;
4658	vn_a.offset = (u_offset_t)off;
4659	vn_a.type = flags & MAP_TYPE;
4660	vn_a.prot = prot;
4661	vn_a.maxprot = maxprot;
4662	vn_a.cred = cr;
4663	vn_a.amp = NULL;
4664	vn_a.flags = flags & ~MAP_TYPE;
4665	vn_a.szc = 0;
4666	vn_a.lgrp_mem_policy_flags = 0;
4667
4668	error = as_map(as, *addrp, len, segvn_create, &vn_a);
4669
4670	as_rangeunlock(as);
4671	ZFS_EXIT(zfsvfs);
4672	return (error);
4673}
4674
4675/* ARGSUSED */
4676static int
4677zfs_addmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4678    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4679    caller_context_t *ct)
4680{
4681	uint64_t pages = btopr(len);
4682
4683	atomic_add_64(&VTOZ(vp)->z_mapcnt, pages);
4684	return (0);
4685}
4686
4687/*
4688 * The reason we push dirty pages as part of zfs_delmap() is so that we get a
4689 * more accurate mtime for the associated file.  Since we don't have a way of
4690 * detecting when the data was actually modified, we have to resort to
4691 * heuristics.  If an explicit msync() is done, then we mark the mtime when the
4692 * last page is pushed.  The problem occurs when the msync() call is omitted,
4693 * which by far the most common case:
4694 *
4695 * 	open()
4696 * 	mmap()
4697 * 	<modify memory>
4698 * 	munmap()
4699 * 	close()
4700 * 	<time lapse>
4701 * 	putpage() via fsflush
4702 *
4703 * If we wait until fsflush to come along, we can have a modification time that
4704 * is some arbitrary point in the future.  In order to prevent this in the
4705 * common case, we flush pages whenever a (MAP_SHARED, PROT_WRITE) mapping is
4706 * torn down.
4707 */
4708/* ARGSUSED */
4709static int
4710zfs_delmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4711    size_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cr,
4712    caller_context_t *ct)
4713{
4714	uint64_t pages = btopr(len);
4715
4716	ASSERT3U(VTOZ(vp)->z_mapcnt, >=, pages);
4717	atomic_add_64(&VTOZ(vp)->z_mapcnt, -pages);
4718
4719	if ((flags & MAP_SHARED) && (prot & PROT_WRITE) &&
4720	    vn_has_cached_data(vp))
4721		(void) VOP_PUTPAGE(vp, off, len, B_ASYNC, cr, ct);
4722
4723	return (0);
4724}
4725
4726/*
4727 * Free or allocate space in a file.  Currently, this function only
4728 * supports the `F_FREESP' command.  However, this command is somewhat
4729 * misnamed, as its functionality includes the ability to allocate as
4730 * well as free space.
4731 *
4732 *	IN:	vp	- vnode of file to free data in.
4733 *		cmd	- action to take (only F_FREESP supported).
4734 *		bfp	- section of file to free/alloc.
4735 *		flag	- current file open mode flags.
4736 *		offset	- current file offset.
4737 *		cr	- credentials of caller [UNUSED].
4738 *		ct	- caller context.
4739 *
4740 *	RETURN:	0 on success, error code on failure.
4741 *
4742 * Timestamps:
4743 *	vp - ctime|mtime updated
4744 */
4745/* ARGSUSED */
4746static int
4747zfs_space(vnode_t *vp, int cmd, flock64_t *bfp, int flag,
4748    offset_t offset, cred_t *cr, caller_context_t *ct)
4749{
4750	znode_t		*zp = VTOZ(vp);
4751	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4752	uint64_t	off, len;
4753	int		error;
4754
4755	ZFS_ENTER(zfsvfs);
4756	ZFS_VERIFY_ZP(zp);
4757
4758	if (cmd != F_FREESP) {
4759		ZFS_EXIT(zfsvfs);
4760		return (SET_ERROR(EINVAL));
4761	}
4762
4763	/*
4764	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
4765	 * callers might not be able to detect properly that we are read-only,
4766	 * so check it explicitly here.
4767	 */
4768	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
4769		ZFS_EXIT(zfsvfs);
4770		return (SET_ERROR(EROFS));
4771	}
4772
4773	if (error = convoff(vp, bfp, 0, offset)) {
4774		ZFS_EXIT(zfsvfs);
4775		return (error);
4776	}
4777
4778	if (bfp->l_len < 0) {
4779		ZFS_EXIT(zfsvfs);
4780		return (SET_ERROR(EINVAL));
4781	}
4782
4783	off = bfp->l_start;
4784	len = bfp->l_len; /* 0 means from off to end of file */
4785
4786	error = zfs_freesp(zp, off, len, flag, TRUE);
4787
4788	if (error == 0 && off == 0 && len == 0)
4789		vnevent_truncate(ZTOV(zp), ct);
4790
4791	ZFS_EXIT(zfsvfs);
4792	return (error);
4793}
4794
4795/*ARGSUSED*/
4796static int
4797zfs_fid(vnode_t *vp, fid_t *fidp, caller_context_t *ct)
4798{
4799	znode_t		*zp = VTOZ(vp);
4800	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4801	uint32_t	gen;
4802	uint64_t	gen64;
4803	uint64_t	object = zp->z_id;
4804	zfid_short_t	*zfid;
4805	int		size, i, error;
4806
4807	ZFS_ENTER(zfsvfs);
4808	ZFS_VERIFY_ZP(zp);
4809
4810	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zfsvfs),
4811	    &gen64, sizeof (uint64_t))) != 0) {
4812		ZFS_EXIT(zfsvfs);
4813		return (error);
4814	}
4815
4816	gen = (uint32_t)gen64;
4817
4818	size = (zfsvfs->z_parent != zfsvfs) ? LONG_FID_LEN : SHORT_FID_LEN;
4819	if (fidp->fid_len < size) {
4820		fidp->fid_len = size;
4821		ZFS_EXIT(zfsvfs);
4822		return (SET_ERROR(ENOSPC));
4823	}
4824
4825	zfid = (zfid_short_t *)fidp;
4826
4827	zfid->zf_len = size;
4828
4829	for (i = 0; i < sizeof (zfid->zf_object); i++)
4830		zfid->zf_object[i] = (uint8_t)(object >> (8 * i));
4831
4832	/* Must have a non-zero generation number to distinguish from .zfs */
4833	if (gen == 0)
4834		gen = 1;
4835	for (i = 0; i < sizeof (zfid->zf_gen); i++)
4836		zfid->zf_gen[i] = (uint8_t)(gen >> (8 * i));
4837
4838	if (size == LONG_FID_LEN) {
4839		uint64_t	objsetid = dmu_objset_id(zfsvfs->z_os);
4840		zfid_long_t	*zlfid;
4841
4842		zlfid = (zfid_long_t *)fidp;
4843
4844		for (i = 0; i < sizeof (zlfid->zf_setid); i++)
4845			zlfid->zf_setid[i] = (uint8_t)(objsetid >> (8 * i));
4846
4847		/* XXX - this should be the generation number for the objset */
4848		for (i = 0; i < sizeof (zlfid->zf_setgen); i++)
4849			zlfid->zf_setgen[i] = 0;
4850	}
4851
4852	ZFS_EXIT(zfsvfs);
4853	return (0);
4854}
4855
4856static int
4857zfs_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr,
4858    caller_context_t *ct)
4859{
4860	znode_t		*zp, *xzp;
4861	zfsvfs_t	*zfsvfs;
4862	zfs_dirlock_t	*dl;
4863	int		error;
4864
4865	switch (cmd) {
4866	case _PC_LINK_MAX:
4867		*valp = ULONG_MAX;
4868		return (0);
4869
4870	case _PC_FILESIZEBITS:
4871		*valp = 64;
4872		return (0);
4873
4874	case _PC_XATTR_EXISTS:
4875		zp = VTOZ(vp);
4876		zfsvfs = zp->z_zfsvfs;
4877		ZFS_ENTER(zfsvfs);
4878		ZFS_VERIFY_ZP(zp);
4879		*valp = 0;
4880		error = zfs_dirent_lock(&dl, zp, "", &xzp,
4881		    ZXATTR | ZEXISTS | ZSHARED, NULL, NULL);
4882		if (error == 0) {
4883			zfs_dirent_unlock(dl);
4884			if (!zfs_dirempty(xzp))
4885				*valp = 1;
4886			VN_RELE(ZTOV(xzp));
4887		} else if (error == ENOENT) {
4888			/*
4889			 * If there aren't extended attributes, it's the
4890			 * same as having zero of them.
4891			 */
4892			error = 0;
4893		}
4894		ZFS_EXIT(zfsvfs);
4895		return (error);
4896
4897	case _PC_SATTR_ENABLED:
4898	case _PC_SATTR_EXISTS:
4899		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
4900		    (vp->v_type == VREG || vp->v_type == VDIR);
4901		return (0);
4902
4903	case _PC_ACCESS_FILTERING:
4904		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_ACCESS_FILTER) &&
4905		    vp->v_type == VDIR;
4906		return (0);
4907
4908	case _PC_ACL_ENABLED:
4909		*valp = _ACL_ACE_ENABLED;
4910		return (0);
4911
4912	case _PC_MIN_HOLE_SIZE:
4913		*valp = (ulong_t)SPA_MINBLOCKSIZE;
4914		return (0);
4915
4916	case _PC_TIMESTAMP_RESOLUTION:
4917		/* nanosecond timestamp resolution */
4918		*valp = 1L;
4919		return (0);
4920
4921	default:
4922		return (fs_pathconf(vp, cmd, valp, cr, ct));
4923	}
4924}
4925
4926/*ARGSUSED*/
4927static int
4928zfs_getsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
4929    caller_context_t *ct)
4930{
4931	znode_t *zp = VTOZ(vp);
4932	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4933	int error;
4934	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
4935
4936	ZFS_ENTER(zfsvfs);
4937	ZFS_VERIFY_ZP(zp);
4938	error = zfs_getacl(zp, vsecp, skipaclchk, cr);
4939	ZFS_EXIT(zfsvfs);
4940
4941	return (error);
4942}
4943
4944/*ARGSUSED*/
4945static int
4946zfs_setsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
4947    caller_context_t *ct)
4948{
4949	znode_t *zp = VTOZ(vp);
4950	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4951	int error;
4952	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
4953	zilog_t	*zilog = zfsvfs->z_log;
4954
4955	ZFS_ENTER(zfsvfs);
4956	ZFS_VERIFY_ZP(zp);
4957
4958	error = zfs_setacl(zp, vsecp, skipaclchk, cr);
4959
4960	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4961		zil_commit(zilog, 0);
4962
4963	ZFS_EXIT(zfsvfs);
4964	return (error);
4965}
4966
4967/*
4968 * The smallest read we may consider to loan out an arcbuf.
4969 * This must be a power of 2.
4970 */
4971int zcr_blksz_min = (1 << 10);	/* 1K */
4972/*
4973 * If set to less than the file block size, allow loaning out of an
4974 * arcbuf for a partial block read.  This must be a power of 2.
4975 */
4976int zcr_blksz_max = (1 << 17);	/* 128K */
4977
4978/*ARGSUSED*/
4979static int
4980zfs_reqzcbuf(vnode_t *vp, enum uio_rw ioflag, xuio_t *xuio, cred_t *cr,
4981    caller_context_t *ct)
4982{
4983	znode_t	*zp = VTOZ(vp);
4984	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4985	int max_blksz = zfsvfs->z_max_blksz;
4986	uio_t *uio = &xuio->xu_uio;
4987	ssize_t size = uio->uio_resid;
4988	offset_t offset = uio->uio_loffset;
4989	int blksz;
4990	int fullblk, i;
4991	arc_buf_t *abuf;
4992	ssize_t maxsize;
4993	int preamble, postamble;
4994
4995	if (xuio->xu_type != UIOTYPE_ZEROCOPY)
4996		return (SET_ERROR(EINVAL));
4997
4998	ZFS_ENTER(zfsvfs);
4999	ZFS_VERIFY_ZP(zp);
5000	switch (ioflag) {
5001	case UIO_WRITE:
5002		/*
5003		 * Loan out an arc_buf for write if write size is bigger than
5004		 * max_blksz, and the file's block size is also max_blksz.
5005		 */
5006		blksz = max_blksz;
5007		if (size < blksz || zp->z_blksz != blksz) {
5008			ZFS_EXIT(zfsvfs);
5009			return (SET_ERROR(EINVAL));
5010		}
5011		/*
5012		 * Caller requests buffers for write before knowing where the
5013		 * write offset might be (e.g. NFS TCP write).
5014		 */
5015		if (offset == -1) {
5016			preamble = 0;
5017		} else {
5018			preamble = P2PHASE(offset, blksz);
5019			if (preamble) {
5020				preamble = blksz - preamble;
5021				size -= preamble;
5022			}
5023		}
5024
5025		postamble = P2PHASE(size, blksz);
5026		size -= postamble;
5027
5028		fullblk = size / blksz;
5029		(void) dmu_xuio_init(xuio,
5030		    (preamble != 0) + fullblk + (postamble != 0));
5031		DTRACE_PROBE3(zfs_reqzcbuf_align, int, preamble,
5032		    int, postamble, int,
5033		    (preamble != 0) + fullblk + (postamble != 0));
5034
5035		/*
5036		 * Have to fix iov base/len for partial buffers.  They
5037		 * currently represent full arc_buf's.
5038		 */
5039		if (preamble) {
5040			/* data begins in the middle of the arc_buf */
5041			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5042			    blksz);
5043			ASSERT(abuf);
5044			(void) dmu_xuio_add(xuio, abuf,
5045			    blksz - preamble, preamble);
5046		}
5047
5048		for (i = 0; i < fullblk; i++) {
5049			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5050			    blksz);
5051			ASSERT(abuf);
5052			(void) dmu_xuio_add(xuio, abuf, 0, blksz);
5053		}
5054
5055		if (postamble) {
5056			/* data ends in the middle of the arc_buf */
5057			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5058			    blksz);
5059			ASSERT(abuf);
5060			(void) dmu_xuio_add(xuio, abuf, 0, postamble);
5061		}
5062		break;
5063	case UIO_READ:
5064		/*
5065		 * Loan out an arc_buf for read if the read size is larger than
5066		 * the current file block size.  Block alignment is not
5067		 * considered.  Partial arc_buf will be loaned out for read.
5068		 */
5069		blksz = zp->z_blksz;
5070		if (blksz < zcr_blksz_min)
5071			blksz = zcr_blksz_min;
5072		if (blksz > zcr_blksz_max)
5073			blksz = zcr_blksz_max;
5074		/* avoid potential complexity of dealing with it */
5075		if (blksz > max_blksz) {
5076			ZFS_EXIT(zfsvfs);
5077			return (SET_ERROR(EINVAL));
5078		}
5079
5080		maxsize = zp->z_size - uio->uio_loffset;
5081		if (size > maxsize)
5082			size = maxsize;
5083
5084		if (size < blksz || vn_has_cached_data(vp)) {
5085			ZFS_EXIT(zfsvfs);
5086			return (SET_ERROR(EINVAL));
5087		}
5088		break;
5089	default:
5090		ZFS_EXIT(zfsvfs);
5091		return (SET_ERROR(EINVAL));
5092	}
5093
5094	uio->uio_extflg = UIO_XUIO;
5095	XUIO_XUZC_RW(xuio) = ioflag;
5096	ZFS_EXIT(zfsvfs);
5097	return (0);
5098}
5099
5100/*ARGSUSED*/
5101static int
5102zfs_retzcbuf(vnode_t *vp, xuio_t *xuio, cred_t *cr, caller_context_t *ct)
5103{
5104	int i;
5105	arc_buf_t *abuf;
5106	int ioflag = XUIO_XUZC_RW(xuio);
5107
5108	ASSERT(xuio->xu_type == UIOTYPE_ZEROCOPY);
5109
5110	i = dmu_xuio_cnt(xuio);
5111	while (i-- > 0) {
5112		abuf = dmu_xuio_arcbuf(xuio, i);
5113		/*
5114		 * if abuf == NULL, it must be a write buffer
5115		 * that has been returned in zfs_write().
5116		 */
5117		if (abuf)
5118			dmu_return_arcbuf(abuf);
5119		ASSERT(abuf || ioflag == UIO_WRITE);
5120	}
5121
5122	dmu_xuio_fini(xuio);
5123	return (0);
5124}
5125
5126/*
5127 * Predeclare these here so that the compiler assumes that
5128 * this is an "old style" function declaration that does
5129 * not include arguments => we won't get type mismatch errors
5130 * in the initializations that follow.
5131 */
5132static int zfs_inval();
5133static int zfs_isdir();
5134
5135static int
5136zfs_inval()
5137{
5138	return (SET_ERROR(EINVAL));
5139}
5140
5141static int
5142zfs_isdir()
5143{
5144	return (SET_ERROR(EISDIR));
5145}
5146/*
5147 * Directory vnode operations template
5148 */
5149vnodeops_t *zfs_dvnodeops;
5150const fs_operation_def_t zfs_dvnodeops_template[] = {
5151	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5152	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5153	VOPNAME_READ,		{ .error = zfs_isdir },
5154	VOPNAME_WRITE,		{ .error = zfs_isdir },
5155	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5156	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5157	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5158	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5159	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5160	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5161	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5162	VOPNAME_LINK,		{ .vop_link = zfs_link },
5163	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5164	VOPNAME_MKDIR,		{ .vop_mkdir = zfs_mkdir },
5165	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5166	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5167	VOPNAME_SYMLINK,	{ .vop_symlink = zfs_symlink },
5168	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5169	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5170	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5171	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5172	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5173	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5174	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5175	VOPNAME_VNEVENT, 	{ .vop_vnevent = fs_vnevent_support },
5176	NULL,			NULL
5177};
5178
5179/*
5180 * Regular file vnode operations template
5181 */
5182vnodeops_t *zfs_fvnodeops;
5183const fs_operation_def_t zfs_fvnodeops_template[] = {
5184	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5185	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5186	VOPNAME_READ,		{ .vop_read = zfs_read },
5187	VOPNAME_WRITE,		{ .vop_write = zfs_write },
5188	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5189	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5190	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5191	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5192	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5193	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5194	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5195	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5196	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5197	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5198	VOPNAME_FRLOCK,		{ .vop_frlock = zfs_frlock },
5199	VOPNAME_SPACE,		{ .vop_space = zfs_space },
5200	VOPNAME_GETPAGE,	{ .vop_getpage = zfs_getpage },
5201	VOPNAME_PUTPAGE,	{ .vop_putpage = zfs_putpage },
5202	VOPNAME_MAP,		{ .vop_map = zfs_map },
5203	VOPNAME_ADDMAP,		{ .vop_addmap = zfs_addmap },
5204	VOPNAME_DELMAP,		{ .vop_delmap = zfs_delmap },
5205	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5206	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5207	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5208	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5209	VOPNAME_REQZCBUF, 	{ .vop_reqzcbuf = zfs_reqzcbuf },
5210	VOPNAME_RETZCBUF, 	{ .vop_retzcbuf = zfs_retzcbuf },
5211	NULL,			NULL
5212};
5213
5214/*
5215 * Symbolic link vnode operations template
5216 */
5217vnodeops_t *zfs_symvnodeops;
5218const fs_operation_def_t zfs_symvnodeops_template[] = {
5219	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5220	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5221	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5222	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5223	VOPNAME_READLINK,	{ .vop_readlink = zfs_readlink },
5224	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5225	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5226	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5227	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5228	NULL,			NULL
5229};
5230
5231/*
5232 * special share hidden files vnode operations template
5233 */
5234vnodeops_t *zfs_sharevnodeops;
5235const fs_operation_def_t zfs_sharevnodeops_template[] = {
5236	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5237	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5238	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5239	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5240	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5241	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5242	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5243	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5244	NULL,			NULL
5245};
5246
5247/*
5248 * Extended attribute directory vnode operations template
5249 *
5250 * This template is identical to the directory vnodes
5251 * operation template except for restricted operations:
5252 *	VOP_MKDIR()
5253 *	VOP_SYMLINK()
5254 *
5255 * Note that there are other restrictions embedded in:
5256 *	zfs_create()	- restrict type to VREG
5257 *	zfs_link()	- no links into/out of attribute space
5258 *	zfs_rename()	- no moves into/out of attribute space
5259 */
5260vnodeops_t *zfs_xdvnodeops;
5261const fs_operation_def_t zfs_xdvnodeops_template[] = {
5262	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5263	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5264	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5265	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5266	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5267	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5268	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5269	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5270	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5271	VOPNAME_LINK,		{ .vop_link = zfs_link },
5272	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5273	VOPNAME_MKDIR,		{ .error = zfs_inval },
5274	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5275	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5276	VOPNAME_SYMLINK,	{ .error = zfs_inval },
5277	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5278	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5279	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5280	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5281	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5282	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5283	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5284	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5285	NULL,			NULL
5286};
5287
5288/*
5289 * Error vnode operations template
5290 */
5291vnodeops_t *zfs_evnodeops;
5292const fs_operation_def_t zfs_evnodeops_template[] = {
5293	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5294	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5295	NULL,			NULL
5296};
5297