1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2012, 2015 by Delphix. All rights reserved.
24 * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27/* Portions Copyright 2007 Jeremy Teo */
28/* Portions Copyright 2010 Robert Milkowski */
29
30#include <sys/types.h>
31#include <sys/param.h>
32#include <sys/time.h>
33#include <sys/systm.h>
34#include <sys/sysmacros.h>
35#include <sys/resource.h>
36#include <sys/vfs.h>
37#include <sys/vfs_opreg.h>
38#include <sys/vnode.h>
39#include <sys/file.h>
40#include <sys/stat.h>
41#include <sys/kmem.h>
42#include <sys/taskq.h>
43#include <sys/uio.h>
44#include <sys/vmsystm.h>
45#include <sys/atomic.h>
46#include <sys/vm.h>
47#include <vm/seg_vn.h>
48#include <vm/pvn.h>
49#include <vm/as.h>
50#include <vm/kpm.h>
51#include <vm/seg_kpm.h>
52#include <sys/mman.h>
53#include <sys/pathname.h>
54#include <sys/cmn_err.h>
55#include <sys/errno.h>
56#include <sys/unistd.h>
57#include <sys/zfs_dir.h>
58#include <sys/zfs_acl.h>
59#include <sys/zfs_ioctl.h>
60#include <sys/fs/zfs.h>
61#include <sys/dmu.h>
62#include <sys/dmu_objset.h>
63#include <sys/spa.h>
64#include <sys/txg.h>
65#include <sys/dbuf.h>
66#include <sys/zap.h>
67#include <sys/sa.h>
68#include <sys/dirent.h>
69#include <sys/policy.h>
70#include <sys/sunddi.h>
71#include <sys/filio.h>
72#include <sys/sid.h>
73#include "fs/fs_subr.h"
74#include <sys/zfs_ctldir.h>
75#include <sys/zfs_fuid.h>
76#include <sys/zfs_sa.h>
77#include <sys/dnlc.h>
78#include <sys/zfs_rlock.h>
79#include <sys/extdirent.h>
80#include <sys/kidmap.h>
81#include <sys/cred.h>
82#include <sys/attr.h>
83
84/*
85 * Programming rules.
86 *
87 * Each vnode op performs some logical unit of work.  To do this, the ZPL must
88 * properly lock its in-core state, create a DMU transaction, do the work,
89 * record this work in the intent log (ZIL), commit the DMU transaction,
90 * and wait for the intent log to commit if it is a synchronous operation.
91 * Moreover, the vnode ops must work in both normal and log replay context.
92 * The ordering of events is important to avoid deadlocks and references
93 * to freed memory.  The example below illustrates the following Big Rules:
94 *
95 *  (1)	A check must be made in each zfs thread for a mounted file system.
96 *	This is done avoiding races using ZFS_ENTER(zfsvfs).
97 *	A ZFS_EXIT(zfsvfs) is needed before all returns.  Any znodes
98 *	must be checked with ZFS_VERIFY_ZP(zp).  Both of these macros
99 *	can return EIO from the calling function.
100 *
101 *  (2)	VN_RELE() should always be the last thing except for zil_commit()
102 *	(if necessary) and ZFS_EXIT(). This is for 3 reasons:
103 *	First, if it's the last reference, the vnode/znode
104 *	can be freed, so the zp may point to freed memory.  Second, the last
105 *	reference will call zfs_zinactive(), which may induce a lot of work --
106 *	pushing cached pages (which acquires range locks) and syncing out
107 *	cached atime changes.  Third, zfs_zinactive() may require a new tx,
108 *	which could deadlock the system if you were already holding one.
109 *	If you must call VN_RELE() within a tx then use VN_RELE_ASYNC().
110 *
111 *  (3)	All range locks must be grabbed before calling dmu_tx_assign(),
112 *	as they can span dmu_tx_assign() calls.
113 *
114 *  (4) If ZPL locks are held, pass TXG_NOWAIT as the second argument to
115 *      dmu_tx_assign().  This is critical because we don't want to block
116 *      while holding locks.
117 *
118 *	If no ZPL locks are held (aside from ZFS_ENTER()), use TXG_WAIT.  This
119 *	reduces lock contention and CPU usage when we must wait (note that if
120 *	throughput is constrained by the storage, nearly every transaction
121 *	must wait).
122 *
123 *      Note, in particular, that if a lock is sometimes acquired before
124 *      the tx assigns, and sometimes after (e.g. z_lock), then failing
125 *      to use a non-blocking assign can deadlock the system.  The scenario:
126 *
127 *	Thread A has grabbed a lock before calling dmu_tx_assign().
128 *	Thread B is in an already-assigned tx, and blocks for this lock.
129 *	Thread A calls dmu_tx_assign(TXG_WAIT) and blocks in txg_wait_open()
130 *	forever, because the previous txg can't quiesce until B's tx commits.
131 *
132 *	If dmu_tx_assign() returns ERESTART and zfsvfs->z_assign is TXG_NOWAIT,
133 *	then drop all locks, call dmu_tx_wait(), and try again.  On subsequent
134 *	calls to dmu_tx_assign(), pass TXG_WAITED rather than TXG_NOWAIT,
135 *	to indicate that this operation has already called dmu_tx_wait().
136 *	This will ensure that we don't retry forever, waiting a short bit
137 *	each time.
138 *
139 *  (5)	If the operation succeeded, generate the intent log entry for it
140 *	before dropping locks.  This ensures that the ordering of events
141 *	in the intent log matches the order in which they actually occurred.
142 *	During ZIL replay the zfs_log_* functions will update the sequence
143 *	number to indicate the zil transaction has replayed.
144 *
145 *  (6)	At the end of each vnode op, the DMU tx must always commit,
146 *	regardless of whether there were any errors.
147 *
148 *  (7)	After dropping all locks, invoke zil_commit(zilog, foid)
149 *	to ensure that synchronous semantics are provided when necessary.
150 *
151 * In general, this is how things should be ordered in each vnode op:
152 *
153 *	ZFS_ENTER(zfsvfs);		// exit if unmounted
154 * top:
155 *	zfs_dirent_lock(&dl, ...)	// lock directory entry (may VN_HOLD())
156 *	rw_enter(...);			// grab any other locks you need
157 *	tx = dmu_tx_create(...);	// get DMU tx
158 *	dmu_tx_hold_*();		// hold each object you might modify
159 *	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
160 *	if (error) {
161 *		rw_exit(...);		// drop locks
162 *		zfs_dirent_unlock(dl);	// unlock directory entry
163 *		VN_RELE(...);		// release held vnodes
164 *		if (error == ERESTART) {
165 *			waited = B_TRUE;
166 *			dmu_tx_wait(tx);
167 *			dmu_tx_abort(tx);
168 *			goto top;
169 *		}
170 *		dmu_tx_abort(tx);	// abort DMU tx
171 *		ZFS_EXIT(zfsvfs);	// finished in zfs
172 *		return (error);		// really out of space
173 *	}
174 *	error = do_real_work();		// do whatever this VOP does
175 *	if (error == 0)
176 *		zfs_log_*(...);		// on success, make ZIL entry
177 *	dmu_tx_commit(tx);		// commit DMU tx -- error or not
178 *	rw_exit(...);			// drop locks
179 *	zfs_dirent_unlock(dl);		// unlock directory entry
180 *	VN_RELE(...);			// release held vnodes
181 *	zil_commit(zilog, foid);	// synchronous when necessary
182 *	ZFS_EXIT(zfsvfs);		// finished in zfs
183 *	return (error);			// done, report error
184 */
185
186/* ARGSUSED */
187static int
188zfs_open(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *ct)
189{
190	znode_t	*zp = VTOZ(*vpp);
191	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
192
193	ZFS_ENTER(zfsvfs);
194	ZFS_VERIFY_ZP(zp);
195
196	if ((flag & FWRITE) && (zp->z_pflags & ZFS_APPENDONLY) &&
197	    ((flag & FAPPEND) == 0)) {
198		ZFS_EXIT(zfsvfs);
199		return (SET_ERROR(EPERM));
200	}
201
202	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
203	    ZTOV(zp)->v_type == VREG &&
204	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) {
205		if (fs_vscan(*vpp, cr, 0) != 0) {
206			ZFS_EXIT(zfsvfs);
207			return (SET_ERROR(EACCES));
208		}
209	}
210
211	/* Keep a count of the synchronous opens in the znode */
212	if (flag & (FSYNC | FDSYNC))
213		atomic_inc_32(&zp->z_sync_cnt);
214
215	ZFS_EXIT(zfsvfs);
216	return (0);
217}
218
219/* ARGSUSED */
220static int
221zfs_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
222    caller_context_t *ct)
223{
224	znode_t	*zp = VTOZ(vp);
225	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
226
227	/*
228	 * Clean up any locks held by this process on the vp.
229	 */
230	cleanlocks(vp, ddi_get_pid(), 0);
231	cleanshares(vp, ddi_get_pid());
232
233	ZFS_ENTER(zfsvfs);
234	ZFS_VERIFY_ZP(zp);
235
236	/* Decrement the synchronous opens in the znode */
237	if ((flag & (FSYNC | FDSYNC)) && (count == 1))
238		atomic_dec_32(&zp->z_sync_cnt);
239
240	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
241	    ZTOV(zp)->v_type == VREG &&
242	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0)
243		VERIFY(fs_vscan(vp, cr, 1) == 0);
244
245	ZFS_EXIT(zfsvfs);
246	return (0);
247}
248
249/*
250 * Lseek support for finding holes (cmd == _FIO_SEEK_HOLE) and
251 * data (cmd == _FIO_SEEK_DATA). "off" is an in/out parameter.
252 */
253static int
254zfs_holey(vnode_t *vp, int cmd, offset_t *off)
255{
256	znode_t	*zp = VTOZ(vp);
257	uint64_t noff = (uint64_t)*off; /* new offset */
258	uint64_t file_sz;
259	int error;
260	boolean_t hole;
261
262	file_sz = zp->z_size;
263	if (noff >= file_sz)  {
264		return (SET_ERROR(ENXIO));
265	}
266
267	if (cmd == _FIO_SEEK_HOLE)
268		hole = B_TRUE;
269	else
270		hole = B_FALSE;
271
272	error = dmu_offset_next(zp->z_zfsvfs->z_os, zp->z_id, hole, &noff);
273
274	if (error == ESRCH)
275		return (SET_ERROR(ENXIO));
276
277	/*
278	 * We could find a hole that begins after the logical end-of-file,
279	 * because dmu_offset_next() only works on whole blocks.  If the
280	 * EOF falls mid-block, then indicate that the "virtual hole"
281	 * at the end of the file begins at the logical EOF, rather than
282	 * at the end of the last block.
283	 */
284	if (noff > file_sz) {
285		ASSERT(hole);
286		noff = file_sz;
287	}
288
289	if (noff < *off)
290		return (error);
291	*off = noff;
292	return (error);
293}
294
295/* ARGSUSED */
296static int
297zfs_ioctl(vnode_t *vp, int com, intptr_t data, int flag, cred_t *cred,
298    int *rvalp, caller_context_t *ct)
299{
300	offset_t off;
301	offset_t ndata;
302	dmu_object_info_t doi;
303	int error;
304	zfsvfs_t *zfsvfs;
305	znode_t *zp;
306
307	switch (com) {
308	case _FIOFFS:
309	{
310		return (zfs_sync(vp->v_vfsp, 0, cred));
311
312		/*
313		 * The following two ioctls are used by bfu.  Faking out,
314		 * necessary to avoid bfu errors.
315		 */
316	}
317	case _FIOGDIO:
318	case _FIOSDIO:
319	{
320		return (0);
321	}
322
323	case _FIO_SEEK_DATA:
324	case _FIO_SEEK_HOLE:
325	{
326		if (ddi_copyin((void *)data, &off, sizeof (off), flag))
327			return (SET_ERROR(EFAULT));
328
329		zp = VTOZ(vp);
330		zfsvfs = zp->z_zfsvfs;
331		ZFS_ENTER(zfsvfs);
332		ZFS_VERIFY_ZP(zp);
333
334		/* offset parameter is in/out */
335		error = zfs_holey(vp, com, &off);
336		ZFS_EXIT(zfsvfs);
337		if (error)
338			return (error);
339		if (ddi_copyout(&off, (void *)data, sizeof (off), flag))
340			return (SET_ERROR(EFAULT));
341		return (0);
342	}
343	case _FIO_COUNT_FILLED:
344	{
345		/*
346		 * _FIO_COUNT_FILLED adds a new ioctl command which
347		 * exposes the number of filled blocks in a
348		 * ZFS object.
349		 */
350		zp = VTOZ(vp);
351		zfsvfs = zp->z_zfsvfs;
352		ZFS_ENTER(zfsvfs);
353		ZFS_VERIFY_ZP(zp);
354
355		/*
356		 * Wait for all dirty blocks for this object
357		 * to get synced out to disk, and the DMU info
358		 * updated.
359		 */
360		error = dmu_object_wait_synced(zfsvfs->z_os, zp->z_id);
361		if (error) {
362			ZFS_EXIT(zfsvfs);
363			return (error);
364		}
365
366		/*
367		 * Retrieve fill count from DMU object.
368		 */
369		error = dmu_object_info(zfsvfs->z_os, zp->z_id, &doi);
370		if (error) {
371			ZFS_EXIT(zfsvfs);
372			return (error);
373		}
374
375		ndata = doi.doi_fill_count;
376
377		ZFS_EXIT(zfsvfs);
378		if (ddi_copyout(&ndata, (void *)data, sizeof (ndata), flag))
379			return (SET_ERROR(EFAULT));
380		return (0);
381	}
382	}
383	return (SET_ERROR(ENOTTY));
384}
385
386/*
387 * Utility functions to map and unmap a single physical page.  These
388 * are used to manage the mappable copies of ZFS file data, and therefore
389 * do not update ref/mod bits.
390 */
391caddr_t
392zfs_map_page(page_t *pp, enum seg_rw rw)
393{
394	if (kpm_enable)
395		return (hat_kpm_mapin(pp, 0));
396	ASSERT(rw == S_READ || rw == S_WRITE);
397	return (ppmapin(pp, PROT_READ | ((rw == S_WRITE) ? PROT_WRITE : 0),
398	    (caddr_t)-1));
399}
400
401void
402zfs_unmap_page(page_t *pp, caddr_t addr)
403{
404	if (kpm_enable) {
405		hat_kpm_mapout(pp, 0, addr);
406	} else {
407		ppmapout(addr);
408	}
409}
410
411/*
412 * When a file is memory mapped, we must keep the IO data synchronized
413 * between the DMU cache and the memory mapped pages.  What this means:
414 *
415 * On Write:	If we find a memory mapped page, we write to *both*
416 *		the page and the dmu buffer.
417 */
418static void
419update_pages(vnode_t *vp, int64_t start, int len, objset_t *os, uint64_t oid)
420{
421	int64_t	off;
422
423	off = start & PAGEOFFSET;
424	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
425		page_t *pp;
426		uint64_t nbytes = MIN(PAGESIZE - off, len);
427
428		if (pp = page_lookup(vp, start, SE_SHARED)) {
429			caddr_t va;
430
431			va = zfs_map_page(pp, S_WRITE);
432			(void) dmu_read(os, oid, start+off, nbytes, va+off,
433			    DMU_READ_PREFETCH);
434			zfs_unmap_page(pp, va);
435			page_unlock(pp);
436		}
437		len -= nbytes;
438		off = 0;
439	}
440}
441
442/*
443 * When a file is memory mapped, we must keep the IO data synchronized
444 * between the DMU cache and the memory mapped pages.  What this means:
445 *
446 * On Read:	We "read" preferentially from memory mapped pages,
447 *		else we default from the dmu buffer.
448 *
449 * NOTE: We will always "break up" the IO into PAGESIZE uiomoves when
450 *	 the file is memory mapped.
451 */
452static int
453mappedread(vnode_t *vp, int nbytes, uio_t *uio)
454{
455	znode_t *zp = VTOZ(vp);
456	int64_t	start, off;
457	int len = nbytes;
458	int error = 0;
459
460	start = uio->uio_loffset;
461	off = start & PAGEOFFSET;
462	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
463		page_t *pp;
464		uint64_t bytes = MIN(PAGESIZE - off, len);
465
466		if (pp = page_lookup(vp, start, SE_SHARED)) {
467			caddr_t va;
468
469			va = zfs_map_page(pp, S_READ);
470			error = uiomove(va + off, bytes, UIO_READ, uio);
471			zfs_unmap_page(pp, va);
472			page_unlock(pp);
473		} else {
474			error = dmu_read_uio_dbuf(sa_get_db(zp->z_sa_hdl),
475			    uio, bytes);
476		}
477		len -= bytes;
478		off = 0;
479		if (error)
480			break;
481	}
482	return (error);
483}
484
485offset_t zfs_read_chunk_size = 1024 * 1024; /* Tunable */
486
487/*
488 * Read bytes from specified file into supplied buffer.
489 *
490 *	IN:	vp	- vnode of file to be read from.
491 *		uio	- structure supplying read location, range info,
492 *			  and return buffer.
493 *		ioflag	- SYNC flags; used to provide FRSYNC semantics.
494 *		cr	- credentials of caller.
495 *		ct	- caller context
496 *
497 *	OUT:	uio	- updated offset and range, buffer filled.
498 *
499 *	RETURN:	0 on success, error code on failure.
500 *
501 * Side Effects:
502 *	vp - atime updated if byte count > 0
503 */
504/* ARGSUSED */
505static int
506zfs_read(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
507{
508	znode_t		*zp = VTOZ(vp);
509	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
510	ssize_t		n, nbytes;
511	int		error = 0;
512	rl_t		*rl;
513	xuio_t		*xuio = NULL;
514
515	ZFS_ENTER(zfsvfs);
516	ZFS_VERIFY_ZP(zp);
517
518	if (zp->z_pflags & ZFS_AV_QUARANTINED) {
519		ZFS_EXIT(zfsvfs);
520		return (SET_ERROR(EACCES));
521	}
522
523	/*
524	 * Validate file offset
525	 */
526	if (uio->uio_loffset < (offset_t)0) {
527		ZFS_EXIT(zfsvfs);
528		return (SET_ERROR(EINVAL));
529	}
530
531	/*
532	 * Fasttrack empty reads
533	 */
534	if (uio->uio_resid == 0) {
535		ZFS_EXIT(zfsvfs);
536		return (0);
537	}
538
539	/*
540	 * Check for mandatory locks
541	 */
542	if (MANDMODE(zp->z_mode)) {
543		if (error = chklock(vp, FREAD,
544		    uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct)) {
545			ZFS_EXIT(zfsvfs);
546			return (error);
547		}
548	}
549
550	/*
551	 * If we're in FRSYNC mode, sync out this znode before reading it.
552	 */
553	if (ioflag & FRSYNC || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
554		zil_commit(zfsvfs->z_log, zp->z_id);
555
556	/*
557	 * Lock the range against changes.
558	 */
559	rl = zfs_range_lock(zp, uio->uio_loffset, uio->uio_resid, RL_READER);
560
561	/*
562	 * If we are reading past end-of-file we can skip
563	 * to the end; but we might still need to set atime.
564	 */
565	if (uio->uio_loffset >= zp->z_size) {
566		error = 0;
567		goto out;
568	}
569
570	ASSERT(uio->uio_loffset < zp->z_size);
571	n = MIN(uio->uio_resid, zp->z_size - uio->uio_loffset);
572
573	if ((uio->uio_extflg == UIO_XUIO) &&
574	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY)) {
575		int nblk;
576		int blksz = zp->z_blksz;
577		uint64_t offset = uio->uio_loffset;
578
579		xuio = (xuio_t *)uio;
580		if ((ISP2(blksz))) {
581			nblk = (P2ROUNDUP(offset + n, blksz) - P2ALIGN(offset,
582			    blksz)) / blksz;
583		} else {
584			ASSERT(offset + n <= blksz);
585			nblk = 1;
586		}
587		(void) dmu_xuio_init(xuio, nblk);
588
589		if (vn_has_cached_data(vp)) {
590			/*
591			 * For simplicity, we always allocate a full buffer
592			 * even if we only expect to read a portion of a block.
593			 */
594			while (--nblk >= 0) {
595				(void) dmu_xuio_add(xuio,
596				    dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
597				    blksz), 0, blksz);
598			}
599		}
600	}
601
602	while (n > 0) {
603		nbytes = MIN(n, zfs_read_chunk_size -
604		    P2PHASE(uio->uio_loffset, zfs_read_chunk_size));
605
606		if (vn_has_cached_data(vp)) {
607			error = mappedread(vp, nbytes, uio);
608		} else {
609			error = dmu_read_uio_dbuf(sa_get_db(zp->z_sa_hdl),
610			    uio, nbytes);
611		}
612		if (error) {
613			/* convert checksum errors into IO errors */
614			if (error == ECKSUM)
615				error = SET_ERROR(EIO);
616			break;
617		}
618
619		n -= nbytes;
620	}
621out:
622	zfs_range_unlock(rl);
623
624	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
625	ZFS_EXIT(zfsvfs);
626	return (error);
627}
628
629/*
630 * Write the bytes to a file.
631 *
632 *	IN:	vp	- vnode of file to be written to.
633 *		uio	- structure supplying write location, range info,
634 *			  and data buffer.
635 *		ioflag	- FAPPEND, FSYNC, and/or FDSYNC.  FAPPEND is
636 *			  set if in append mode.
637 *		cr	- credentials of caller.
638 *		ct	- caller context (NFS/CIFS fem monitor only)
639 *
640 *	OUT:	uio	- updated offset and range.
641 *
642 *	RETURN:	0 on success, error code on failure.
643 *
644 * Timestamps:
645 *	vp - ctime|mtime updated if byte count > 0
646 */
647
648/* ARGSUSED */
649static int
650zfs_write(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
651{
652	znode_t		*zp = VTOZ(vp);
653	rlim64_t	limit = uio->uio_llimit;
654	ssize_t		start_resid = uio->uio_resid;
655	ssize_t		tx_bytes;
656	uint64_t	end_size;
657	dmu_tx_t	*tx;
658	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
659	zilog_t		*zilog;
660	offset_t	woff;
661	ssize_t		n, nbytes;
662	rl_t		*rl;
663	int		max_blksz = zfsvfs->z_max_blksz;
664	int		error = 0;
665	arc_buf_t	*abuf;
666	iovec_t		*aiov = NULL;
667	xuio_t		*xuio = NULL;
668	int		i_iov = 0;
669	int		iovcnt = uio->uio_iovcnt;
670	iovec_t		*iovp = uio->uio_iov;
671	int		write_eof;
672	int		count = 0;
673	sa_bulk_attr_t	bulk[4];
674	uint64_t	mtime[2], ctime[2];
675
676	/*
677	 * Fasttrack empty write
678	 */
679	n = start_resid;
680	if (n == 0)
681		return (0);
682
683	if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
684		limit = MAXOFFSET_T;
685
686	ZFS_ENTER(zfsvfs);
687	ZFS_VERIFY_ZP(zp);
688
689	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
690	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
691	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,
692	    &zp->z_size, 8);
693	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
694	    &zp->z_pflags, 8);
695
696	/*
697	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
698	 * callers might not be able to detect properly that we are read-only,
699	 * so check it explicitly here.
700	 */
701	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
702		ZFS_EXIT(zfsvfs);
703		return (SET_ERROR(EROFS));
704	}
705
706	/*
707	 * If immutable or not appending then return EPERM
708	 */
709	if ((zp->z_pflags & (ZFS_IMMUTABLE | ZFS_READONLY)) ||
710	    ((zp->z_pflags & ZFS_APPENDONLY) && !(ioflag & FAPPEND) &&
711	    (uio->uio_loffset < zp->z_size))) {
712		ZFS_EXIT(zfsvfs);
713		return (SET_ERROR(EPERM));
714	}
715
716	zilog = zfsvfs->z_log;
717
718	/*
719	 * Validate file offset
720	 */
721	woff = ioflag & FAPPEND ? zp->z_size : uio->uio_loffset;
722	if (woff < 0) {
723		ZFS_EXIT(zfsvfs);
724		return (SET_ERROR(EINVAL));
725	}
726
727	/*
728	 * Check for mandatory locks before calling zfs_range_lock()
729	 * in order to prevent a deadlock with locks set via fcntl().
730	 */
731	if (MANDMODE((mode_t)zp->z_mode) &&
732	    (error = chklock(vp, FWRITE, woff, n, uio->uio_fmode, ct)) != 0) {
733		ZFS_EXIT(zfsvfs);
734		return (error);
735	}
736
737	/*
738	 * Pre-fault the pages to ensure slow (eg NFS) pages
739	 * don't hold up txg.
740	 * Skip this if uio contains loaned arc_buf.
741	 */
742	if ((uio->uio_extflg == UIO_XUIO) &&
743	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY))
744		xuio = (xuio_t *)uio;
745	else
746		uio_prefaultpages(MIN(n, max_blksz), uio);
747
748	/*
749	 * If in append mode, set the io offset pointer to eof.
750	 */
751	if (ioflag & FAPPEND) {
752		/*
753		 * Obtain an appending range lock to guarantee file append
754		 * semantics.  We reset the write offset once we have the lock.
755		 */
756		rl = zfs_range_lock(zp, 0, n, RL_APPEND);
757		woff = rl->r_off;
758		if (rl->r_len == UINT64_MAX) {
759			/*
760			 * We overlocked the file because this write will cause
761			 * the file block size to increase.
762			 * Note that zp_size cannot change with this lock held.
763			 */
764			woff = zp->z_size;
765		}
766		uio->uio_loffset = woff;
767	} else {
768		/*
769		 * Note that if the file block size will change as a result of
770		 * this write, then this range lock will lock the entire file
771		 * so that we can re-write the block safely.
772		 */
773		rl = zfs_range_lock(zp, woff, n, RL_WRITER);
774	}
775
776	if (woff >= limit) {
777		zfs_range_unlock(rl);
778		ZFS_EXIT(zfsvfs);
779		return (SET_ERROR(EFBIG));
780	}
781
782	if ((woff + n) > limit || woff > (limit - n))
783		n = limit - woff;
784
785	/* Will this write extend the file length? */
786	write_eof = (woff + n > zp->z_size);
787
788	end_size = MAX(zp->z_size, woff + n);
789
790	/*
791	 * Write the file in reasonable size chunks.  Each chunk is written
792	 * in a separate transaction; this keeps the intent log records small
793	 * and allows us to do more fine-grained space accounting.
794	 */
795	while (n > 0) {
796		abuf = NULL;
797		woff = uio->uio_loffset;
798		if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
799		    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
800			if (abuf != NULL)
801				dmu_return_arcbuf(abuf);
802			error = SET_ERROR(EDQUOT);
803			break;
804		}
805
806		if (xuio && abuf == NULL) {
807			ASSERT(i_iov < iovcnt);
808			aiov = &iovp[i_iov];
809			abuf = dmu_xuio_arcbuf(xuio, i_iov);
810			dmu_xuio_clear(xuio, i_iov);
811			DTRACE_PROBE3(zfs_cp_write, int, i_iov,
812			    iovec_t *, aiov, arc_buf_t *, abuf);
813			ASSERT((aiov->iov_base == abuf->b_data) ||
814			    ((char *)aiov->iov_base - (char *)abuf->b_data +
815			    aiov->iov_len == arc_buf_size(abuf)));
816			i_iov++;
817		} else if (abuf == NULL && n >= max_blksz &&
818		    woff >= zp->z_size &&
819		    P2PHASE(woff, max_blksz) == 0 &&
820		    zp->z_blksz == max_blksz) {
821			/*
822			 * This write covers a full block.  "Borrow" a buffer
823			 * from the dmu so that we can fill it before we enter
824			 * a transaction.  This avoids the possibility of
825			 * holding up the transaction if the data copy hangs
826			 * up on a pagefault (e.g., from an NFS server mapping).
827			 */
828			size_t cbytes;
829
830			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
831			    max_blksz);
832			ASSERT(abuf != NULL);
833			ASSERT(arc_buf_size(abuf) == max_blksz);
834			if (error = uiocopy(abuf->b_data, max_blksz,
835			    UIO_WRITE, uio, &cbytes)) {
836				dmu_return_arcbuf(abuf);
837				break;
838			}
839			ASSERT(cbytes == max_blksz);
840		}
841
842		/*
843		 * Start a transaction.
844		 */
845		tx = dmu_tx_create(zfsvfs->z_os);
846		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
847		dmu_tx_hold_write(tx, zp->z_id, woff, MIN(n, max_blksz));
848		zfs_sa_upgrade_txholds(tx, zp);
849		error = dmu_tx_assign(tx, TXG_WAIT);
850		if (error) {
851			dmu_tx_abort(tx);
852			if (abuf != NULL)
853				dmu_return_arcbuf(abuf);
854			break;
855		}
856
857		/*
858		 * If zfs_range_lock() over-locked we grow the blocksize
859		 * and then reduce the lock range.  This will only happen
860		 * on the first iteration since zfs_range_reduce() will
861		 * shrink down r_len to the appropriate size.
862		 */
863		if (rl->r_len == UINT64_MAX) {
864			uint64_t new_blksz;
865
866			if (zp->z_blksz > max_blksz) {
867				/*
868				 * File's blocksize is already larger than the
869				 * "recordsize" property.  Only let it grow to
870				 * the next power of 2.
871				 */
872				ASSERT(!ISP2(zp->z_blksz));
873				new_blksz = MIN(end_size,
874				    1 << highbit64(zp->z_blksz));
875			} else {
876				new_blksz = MIN(end_size, max_blksz);
877			}
878			zfs_grow_blocksize(zp, new_blksz, tx);
879			zfs_range_reduce(rl, woff, n);
880		}
881
882		/*
883		 * XXX - should we really limit each write to z_max_blksz?
884		 * Perhaps we should use SPA_MAXBLOCKSIZE chunks?
885		 */
886		nbytes = MIN(n, max_blksz - P2PHASE(woff, max_blksz));
887
888		if (abuf == NULL) {
889			tx_bytes = uio->uio_resid;
890			error = dmu_write_uio_dbuf(sa_get_db(zp->z_sa_hdl),
891			    uio, nbytes, tx);
892			tx_bytes -= uio->uio_resid;
893		} else {
894			tx_bytes = nbytes;
895			ASSERT(xuio == NULL || tx_bytes == aiov->iov_len);
896			/*
897			 * If this is not a full block write, but we are
898			 * extending the file past EOF and this data starts
899			 * block-aligned, use assign_arcbuf().  Otherwise,
900			 * write via dmu_write().
901			 */
902			if (tx_bytes < max_blksz && (!write_eof ||
903			    aiov->iov_base != abuf->b_data)) {
904				ASSERT(xuio);
905				dmu_write(zfsvfs->z_os, zp->z_id, woff,
906				    aiov->iov_len, aiov->iov_base, tx);
907				dmu_return_arcbuf(abuf);
908				xuio_stat_wbuf_copied();
909			} else {
910				ASSERT(xuio || tx_bytes == max_blksz);
911				dmu_assign_arcbuf(sa_get_db(zp->z_sa_hdl),
912				    woff, abuf, tx);
913			}
914			ASSERT(tx_bytes <= uio->uio_resid);
915			uioskip(uio, tx_bytes);
916		}
917		if (tx_bytes && vn_has_cached_data(vp)) {
918			update_pages(vp, woff,
919			    tx_bytes, zfsvfs->z_os, zp->z_id);
920		}
921
922		/*
923		 * If we made no progress, we're done.  If we made even
924		 * partial progress, update the znode and ZIL accordingly.
925		 */
926		if (tx_bytes == 0) {
927			(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
928			    (void *)&zp->z_size, sizeof (uint64_t), tx);
929			dmu_tx_commit(tx);
930			ASSERT(error != 0);
931			break;
932		}
933
934		/*
935		 * Clear Set-UID/Set-GID bits on successful write if not
936		 * privileged and at least one of the excute bits is set.
937		 *
938		 * It would be nice to to this after all writes have
939		 * been done, but that would still expose the ISUID/ISGID
940		 * to another app after the partial write is committed.
941		 *
942		 * Note: we don't call zfs_fuid_map_id() here because
943		 * user 0 is not an ephemeral uid.
944		 */
945		mutex_enter(&zp->z_acl_lock);
946		if ((zp->z_mode & (S_IXUSR | (S_IXUSR >> 3) |
947		    (S_IXUSR >> 6))) != 0 &&
948		    (zp->z_mode & (S_ISUID | S_ISGID)) != 0 &&
949		    secpolicy_vnode_setid_retain(cr,
950		    (zp->z_mode & S_ISUID) != 0 && zp->z_uid == 0) != 0) {
951			uint64_t newmode;
952			zp->z_mode &= ~(S_ISUID | S_ISGID);
953			newmode = zp->z_mode;
954			(void) sa_update(zp->z_sa_hdl, SA_ZPL_MODE(zfsvfs),
955			    (void *)&newmode, sizeof (uint64_t), tx);
956		}
957		mutex_exit(&zp->z_acl_lock);
958
959		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
960		    B_TRUE);
961
962		/*
963		 * Update the file size (zp_size) if it has changed;
964		 * account for possible concurrent updates.
965		 */
966		while ((end_size = zp->z_size) < uio->uio_loffset) {
967			(void) atomic_cas_64(&zp->z_size, end_size,
968			    uio->uio_loffset);
969			ASSERT(error == 0);
970		}
971		/*
972		 * If we are replaying and eof is non zero then force
973		 * the file size to the specified eof. Note, there's no
974		 * concurrency during replay.
975		 */
976		if (zfsvfs->z_replay && zfsvfs->z_replay_eof != 0)
977			zp->z_size = zfsvfs->z_replay_eof;
978
979		error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
980
981		zfs_log_write(zilog, tx, TX_WRITE, zp, woff, tx_bytes, ioflag);
982		dmu_tx_commit(tx);
983
984		if (error != 0)
985			break;
986		ASSERT(tx_bytes == nbytes);
987		n -= nbytes;
988
989		if (!xuio && n > 0)
990			uio_prefaultpages(MIN(n, max_blksz), uio);
991	}
992
993	zfs_range_unlock(rl);
994
995	/*
996	 * If we're in replay mode, or we made no progress, return error.
997	 * Otherwise, it's at least a partial write, so it's successful.
998	 */
999	if (zfsvfs->z_replay || uio->uio_resid == start_resid) {
1000		ZFS_EXIT(zfsvfs);
1001		return (error);
1002	}
1003
1004	if (ioflag & (FSYNC | FDSYNC) ||
1005	    zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1006		zil_commit(zilog, zp->z_id);
1007
1008	ZFS_EXIT(zfsvfs);
1009	return (0);
1010}
1011
1012void
1013zfs_get_done(zgd_t *zgd, int error)
1014{
1015	znode_t *zp = zgd->zgd_private;
1016	objset_t *os = zp->z_zfsvfs->z_os;
1017
1018	if (zgd->zgd_db)
1019		dmu_buf_rele(zgd->zgd_db, zgd);
1020
1021	zfs_range_unlock(zgd->zgd_rl);
1022
1023	/*
1024	 * Release the vnode asynchronously as we currently have the
1025	 * txg stopped from syncing.
1026	 */
1027	VN_RELE_ASYNC(ZTOV(zp), dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
1028
1029	if (error == 0 && zgd->zgd_bp)
1030		zil_add_block(zgd->zgd_zilog, zgd->zgd_bp);
1031
1032	kmem_free(zgd, sizeof (zgd_t));
1033}
1034
1035#ifdef DEBUG
1036static int zil_fault_io = 0;
1037#endif
1038
1039/*
1040 * Get data to generate a TX_WRITE intent log record.
1041 */
1042int
1043zfs_get_data(void *arg, lr_write_t *lr, char *buf, zio_t *zio)
1044{
1045	zfsvfs_t *zfsvfs = arg;
1046	objset_t *os = zfsvfs->z_os;
1047	znode_t *zp;
1048	uint64_t object = lr->lr_foid;
1049	uint64_t offset = lr->lr_offset;
1050	uint64_t size = lr->lr_length;
1051	blkptr_t *bp = &lr->lr_blkptr;
1052	dmu_buf_t *db;
1053	zgd_t *zgd;
1054	int error = 0;
1055
1056	ASSERT(zio != NULL);
1057	ASSERT(size != 0);
1058
1059	/*
1060	 * Nothing to do if the file has been removed
1061	 */
1062	if (zfs_zget(zfsvfs, object, &zp) != 0)
1063		return (SET_ERROR(ENOENT));
1064	if (zp->z_unlinked) {
1065		/*
1066		 * Release the vnode asynchronously as we currently have the
1067		 * txg stopped from syncing.
1068		 */
1069		VN_RELE_ASYNC(ZTOV(zp),
1070		    dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
1071		return (SET_ERROR(ENOENT));
1072	}
1073
1074	zgd = (zgd_t *)kmem_zalloc(sizeof (zgd_t), KM_SLEEP);
1075	zgd->zgd_zilog = zfsvfs->z_log;
1076	zgd->zgd_private = zp;
1077
1078	/*
1079	 * Write records come in two flavors: immediate and indirect.
1080	 * For small writes it's cheaper to store the data with the
1081	 * log record (immediate); for large writes it's cheaper to
1082	 * sync the data and get a pointer to it (indirect) so that
1083	 * we don't have to write the data twice.
1084	 */
1085	if (buf != NULL) { /* immediate write */
1086		zgd->zgd_rl = zfs_range_lock(zp, offset, size, RL_READER);
1087		/* test for truncation needs to be done while range locked */
1088		if (offset >= zp->z_size) {
1089			error = SET_ERROR(ENOENT);
1090		} else {
1091			error = dmu_read(os, object, offset, size, buf,
1092			    DMU_READ_NO_PREFETCH);
1093		}
1094		ASSERT(error == 0 || error == ENOENT);
1095	} else { /* indirect write */
1096		/*
1097		 * Have to lock the whole block to ensure when it's
1098		 * written out and it's checksum is being calculated
1099		 * that no one can change the data. We need to re-check
1100		 * blocksize after we get the lock in case it's changed!
1101		 */
1102		for (;;) {
1103			uint64_t blkoff;
1104			size = zp->z_blksz;
1105			blkoff = ISP2(size) ? P2PHASE(offset, size) : offset;
1106			offset -= blkoff;
1107			zgd->zgd_rl = zfs_range_lock(zp, offset, size,
1108			    RL_READER);
1109			if (zp->z_blksz == size)
1110				break;
1111			offset += blkoff;
1112			zfs_range_unlock(zgd->zgd_rl);
1113		}
1114		/* test for truncation needs to be done while range locked */
1115		if (lr->lr_offset >= zp->z_size)
1116			error = SET_ERROR(ENOENT);
1117#ifdef DEBUG
1118		if (zil_fault_io) {
1119			error = SET_ERROR(EIO);
1120			zil_fault_io = 0;
1121		}
1122#endif
1123		if (error == 0)
1124			error = dmu_buf_hold(os, object, offset, zgd, &db,
1125			    DMU_READ_NO_PREFETCH);
1126
1127		if (error == 0) {
1128			blkptr_t *obp = dmu_buf_get_blkptr(db);
1129			if (obp) {
1130				ASSERT(BP_IS_HOLE(bp));
1131				*bp = *obp;
1132			}
1133
1134			zgd->zgd_db = db;
1135			zgd->zgd_bp = bp;
1136
1137			ASSERT(db->db_offset == offset);
1138			ASSERT(db->db_size == size);
1139
1140			error = dmu_sync(zio, lr->lr_common.lrc_txg,
1141			    zfs_get_done, zgd);
1142			ASSERT(error || lr->lr_length <= zp->z_blksz);
1143
1144			/*
1145			 * On success, we need to wait for the write I/O
1146			 * initiated by dmu_sync() to complete before we can
1147			 * release this dbuf.  We will finish everything up
1148			 * in the zfs_get_done() callback.
1149			 */
1150			if (error == 0)
1151				return (0);
1152
1153			if (error == EALREADY) {
1154				lr->lr_common.lrc_txtype = TX_WRITE2;
1155				error = 0;
1156			}
1157		}
1158	}
1159
1160	zfs_get_done(zgd, error);
1161
1162	return (error);
1163}
1164
1165/*ARGSUSED*/
1166static int
1167zfs_access(vnode_t *vp, int mode, int flag, cred_t *cr,
1168    caller_context_t *ct)
1169{
1170	znode_t *zp = VTOZ(vp);
1171	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1172	int error;
1173
1174	ZFS_ENTER(zfsvfs);
1175	ZFS_VERIFY_ZP(zp);
1176
1177	if (flag & V_ACE_MASK)
1178		error = zfs_zaccess(zp, mode, flag, B_FALSE, cr);
1179	else
1180		error = zfs_zaccess_rwx(zp, mode, flag, cr);
1181
1182	ZFS_EXIT(zfsvfs);
1183	return (error);
1184}
1185
1186/*
1187 * If vnode is for a device return a specfs vnode instead.
1188 */
1189static int
1190specvp_check(vnode_t **vpp, cred_t *cr)
1191{
1192	int error = 0;
1193
1194	if (IS_DEVVP(*vpp)) {
1195		struct vnode *svp;
1196
1197		svp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type, cr);
1198		VN_RELE(*vpp);
1199		if (svp == NULL)
1200			error = SET_ERROR(ENOSYS);
1201		*vpp = svp;
1202	}
1203	return (error);
1204}
1205
1206
1207/*
1208 * Lookup an entry in a directory, or an extended attribute directory.
1209 * If it exists, return a held vnode reference for it.
1210 *
1211 *	IN:	dvp	- vnode of directory to search.
1212 *		nm	- name of entry to lookup.
1213 *		pnp	- full pathname to lookup [UNUSED].
1214 *		flags	- LOOKUP_XATTR set if looking for an attribute.
1215 *		rdir	- root directory vnode [UNUSED].
1216 *		cr	- credentials of caller.
1217 *		ct	- caller context
1218 *		direntflags - directory lookup flags
1219 *		realpnp - returned pathname.
1220 *
1221 *	OUT:	vpp	- vnode of located entry, NULL if not found.
1222 *
1223 *	RETURN:	0 on success, error code on failure.
1224 *
1225 * Timestamps:
1226 *	NA
1227 */
1228/* ARGSUSED */
1229static int
1230zfs_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1231    int flags, vnode_t *rdir, cred_t *cr,  caller_context_t *ct,
1232    int *direntflags, pathname_t *realpnp)
1233{
1234	znode_t *zdp = VTOZ(dvp);
1235	zfsvfs_t *zfsvfs = zdp->z_zfsvfs;
1236	int	error = 0;
1237
1238	/* fast path */
1239	if (!(flags & (LOOKUP_XATTR | FIGNORECASE))) {
1240
1241		if (dvp->v_type != VDIR) {
1242			return (SET_ERROR(ENOTDIR));
1243		} else if (zdp->z_sa_hdl == NULL) {
1244			return (SET_ERROR(EIO));
1245		}
1246
1247		if (nm[0] == 0 || (nm[0] == '.' && nm[1] == '\0')) {
1248			error = zfs_fastaccesschk_execute(zdp, cr);
1249			if (!error) {
1250				*vpp = dvp;
1251				VN_HOLD(*vpp);
1252				return (0);
1253			}
1254			return (error);
1255		} else {
1256			vnode_t *tvp = dnlc_lookup(dvp, nm);
1257
1258			if (tvp) {
1259				error = zfs_fastaccesschk_execute(zdp, cr);
1260				if (error) {
1261					VN_RELE(tvp);
1262					return (error);
1263				}
1264				if (tvp == DNLC_NO_VNODE) {
1265					VN_RELE(tvp);
1266					return (SET_ERROR(ENOENT));
1267				} else {
1268					*vpp = tvp;
1269					return (specvp_check(vpp, cr));
1270				}
1271			}
1272		}
1273	}
1274
1275	DTRACE_PROBE2(zfs__fastpath__lookup__miss, vnode_t *, dvp, char *, nm);
1276
1277	ZFS_ENTER(zfsvfs);
1278	ZFS_VERIFY_ZP(zdp);
1279
1280	*vpp = NULL;
1281
1282	if (flags & LOOKUP_XATTR) {
1283		/*
1284		 * If the xattr property is off, refuse the lookup request.
1285		 */
1286		if (!(zfsvfs->z_vfs->vfs_flag & VFS_XATTR)) {
1287			ZFS_EXIT(zfsvfs);
1288			return (SET_ERROR(EINVAL));
1289		}
1290
1291		/*
1292		 * We don't allow recursive attributes..
1293		 * Maybe someday we will.
1294		 */
1295		if (zdp->z_pflags & ZFS_XATTR) {
1296			ZFS_EXIT(zfsvfs);
1297			return (SET_ERROR(EINVAL));
1298		}
1299
1300		if (error = zfs_get_xattrdir(VTOZ(dvp), vpp, cr, flags)) {
1301			ZFS_EXIT(zfsvfs);
1302			return (error);
1303		}
1304
1305		/*
1306		 * Do we have permission to get into attribute directory?
1307		 */
1308
1309		if (error = zfs_zaccess(VTOZ(*vpp), ACE_EXECUTE, 0,
1310		    B_FALSE, cr)) {
1311			VN_RELE(*vpp);
1312			*vpp = NULL;
1313		}
1314
1315		ZFS_EXIT(zfsvfs);
1316		return (error);
1317	}
1318
1319	if (dvp->v_type != VDIR) {
1320		ZFS_EXIT(zfsvfs);
1321		return (SET_ERROR(ENOTDIR));
1322	}
1323
1324	/*
1325	 * Check accessibility of directory.
1326	 */
1327
1328	if (error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr)) {
1329		ZFS_EXIT(zfsvfs);
1330		return (error);
1331	}
1332
1333	if (zfsvfs->z_utf8 && u8_validate(nm, strlen(nm),
1334	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1335		ZFS_EXIT(zfsvfs);
1336		return (SET_ERROR(EILSEQ));
1337	}
1338
1339	error = zfs_dirlook(zdp, nm, vpp, flags, direntflags, realpnp);
1340	if (error == 0)
1341		error = specvp_check(vpp, cr);
1342
1343	ZFS_EXIT(zfsvfs);
1344	return (error);
1345}
1346
1347/*
1348 * Attempt to create a new entry in a directory.  If the entry
1349 * already exists, truncate the file if permissible, else return
1350 * an error.  Return the vp of the created or trunc'd file.
1351 *
1352 *	IN:	dvp	- vnode of directory to put new file entry in.
1353 *		name	- name of new file entry.
1354 *		vap	- attributes of new file.
1355 *		excl	- flag indicating exclusive or non-exclusive mode.
1356 *		mode	- mode to open file with.
1357 *		cr	- credentials of caller.
1358 *		flag	- large file flag [UNUSED].
1359 *		ct	- caller context
1360 *		vsecp	- ACL to be set
1361 *
1362 *	OUT:	vpp	- vnode of created or trunc'd entry.
1363 *
1364 *	RETURN:	0 on success, error code on failure.
1365 *
1366 * Timestamps:
1367 *	dvp - ctime|mtime updated if new entry created
1368 *	 vp - ctime|mtime always, atime if new
1369 */
1370
1371/* ARGSUSED */
1372static int
1373zfs_create(vnode_t *dvp, char *name, vattr_t *vap, vcexcl_t excl,
1374    int mode, vnode_t **vpp, cred_t *cr, int flag, caller_context_t *ct,
1375    vsecattr_t *vsecp)
1376{
1377	znode_t		*zp, *dzp = VTOZ(dvp);
1378	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1379	zilog_t		*zilog;
1380	objset_t	*os;
1381	zfs_dirlock_t	*dl;
1382	dmu_tx_t	*tx;
1383	int		error;
1384	ksid_t		*ksid;
1385	uid_t		uid;
1386	gid_t		gid = crgetgid(cr);
1387	zfs_acl_ids_t   acl_ids;
1388	boolean_t	fuid_dirtied;
1389	boolean_t	have_acl = B_FALSE;
1390	boolean_t	waited = B_FALSE;
1391
1392	/*
1393	 * If we have an ephemeral id, ACL, or XVATTR then
1394	 * make sure file system is at proper version
1395	 */
1396
1397	ksid = crgetsid(cr, KSID_OWNER);
1398	if (ksid)
1399		uid = ksid_getid(ksid);
1400	else
1401		uid = crgetuid(cr);
1402
1403	if (zfsvfs->z_use_fuids == B_FALSE &&
1404	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1405	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1406		return (SET_ERROR(EINVAL));
1407
1408	ZFS_ENTER(zfsvfs);
1409	ZFS_VERIFY_ZP(dzp);
1410	os = zfsvfs->z_os;
1411	zilog = zfsvfs->z_log;
1412
1413	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
1414	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1415		ZFS_EXIT(zfsvfs);
1416		return (SET_ERROR(EILSEQ));
1417	}
1418
1419	if (vap->va_mask & AT_XVATTR) {
1420		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1421		    crgetuid(cr), cr, vap->va_type)) != 0) {
1422			ZFS_EXIT(zfsvfs);
1423			return (error);
1424		}
1425	}
1426top:
1427	*vpp = NULL;
1428
1429	if ((vap->va_mode & VSVTX) && secpolicy_vnode_stky_modify(cr))
1430		vap->va_mode &= ~VSVTX;
1431
1432	if (*name == '\0') {
1433		/*
1434		 * Null component name refers to the directory itself.
1435		 */
1436		VN_HOLD(dvp);
1437		zp = dzp;
1438		dl = NULL;
1439		error = 0;
1440	} else {
1441		/* possible VN_HOLD(zp) */
1442		int zflg = 0;
1443
1444		if (flag & FIGNORECASE)
1445			zflg |= ZCILOOK;
1446
1447		error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1448		    NULL, NULL);
1449		if (error) {
1450			if (have_acl)
1451				zfs_acl_ids_free(&acl_ids);
1452			if (strcmp(name, "..") == 0)
1453				error = SET_ERROR(EISDIR);
1454			ZFS_EXIT(zfsvfs);
1455			return (error);
1456		}
1457	}
1458
1459	if (zp == NULL) {
1460		uint64_t txtype;
1461
1462		/*
1463		 * Create a new file object and update the directory
1464		 * to reference it.
1465		 */
1466		if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
1467			if (have_acl)
1468				zfs_acl_ids_free(&acl_ids);
1469			goto out;
1470		}
1471
1472		/*
1473		 * We only support the creation of regular files in
1474		 * extended attribute directories.
1475		 */
1476
1477		if ((dzp->z_pflags & ZFS_XATTR) &&
1478		    (vap->va_type != VREG)) {
1479			if (have_acl)
1480				zfs_acl_ids_free(&acl_ids);
1481			error = SET_ERROR(EINVAL);
1482			goto out;
1483		}
1484
1485		if (!have_acl && (error = zfs_acl_ids_create(dzp, 0, vap,
1486		    cr, vsecp, &acl_ids)) != 0)
1487			goto out;
1488		have_acl = B_TRUE;
1489
1490		if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1491			zfs_acl_ids_free(&acl_ids);
1492			error = SET_ERROR(EDQUOT);
1493			goto out;
1494		}
1495
1496		tx = dmu_tx_create(os);
1497
1498		dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1499		    ZFS_SA_BASE_ATTR_SIZE);
1500
1501		fuid_dirtied = zfsvfs->z_fuid_dirty;
1502		if (fuid_dirtied)
1503			zfs_fuid_txhold(zfsvfs, tx);
1504		dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
1505		dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
1506		if (!zfsvfs->z_use_sa &&
1507		    acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1508			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
1509			    0, acl_ids.z_aclp->z_acl_bytes);
1510		}
1511		error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1512		if (error) {
1513			zfs_dirent_unlock(dl);
1514			if (error == ERESTART) {
1515				waited = B_TRUE;
1516				dmu_tx_wait(tx);
1517				dmu_tx_abort(tx);
1518				goto top;
1519			}
1520			zfs_acl_ids_free(&acl_ids);
1521			dmu_tx_abort(tx);
1522			ZFS_EXIT(zfsvfs);
1523			return (error);
1524		}
1525		zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1526
1527		if (fuid_dirtied)
1528			zfs_fuid_sync(zfsvfs, tx);
1529
1530		(void) zfs_link_create(dl, zp, tx, ZNEW);
1531		txtype = zfs_log_create_txtype(Z_FILE, vsecp, vap);
1532		if (flag & FIGNORECASE)
1533			txtype |= TX_CI;
1534		zfs_log_create(zilog, tx, txtype, dzp, zp, name,
1535		    vsecp, acl_ids.z_fuidp, vap);
1536		zfs_acl_ids_free(&acl_ids);
1537		dmu_tx_commit(tx);
1538	} else {
1539		int aflags = (flag & FAPPEND) ? V_APPEND : 0;
1540
1541		if (have_acl)
1542			zfs_acl_ids_free(&acl_ids);
1543		have_acl = B_FALSE;
1544
1545		/*
1546		 * A directory entry already exists for this name.
1547		 */
1548		/*
1549		 * Can't truncate an existing file if in exclusive mode.
1550		 */
1551		if (excl == EXCL) {
1552			error = SET_ERROR(EEXIST);
1553			goto out;
1554		}
1555		/*
1556		 * Can't open a directory for writing.
1557		 */
1558		if ((ZTOV(zp)->v_type == VDIR) && (mode & S_IWRITE)) {
1559			error = SET_ERROR(EISDIR);
1560			goto out;
1561		}
1562		/*
1563		 * Verify requested access to file.
1564		 */
1565		if (mode && (error = zfs_zaccess_rwx(zp, mode, aflags, cr))) {
1566			goto out;
1567		}
1568
1569		mutex_enter(&dzp->z_lock);
1570		dzp->z_seq++;
1571		mutex_exit(&dzp->z_lock);
1572
1573		/*
1574		 * Truncate regular files if requested.
1575		 */
1576		if ((ZTOV(zp)->v_type == VREG) &&
1577		    (vap->va_mask & AT_SIZE) && (vap->va_size == 0)) {
1578			/* we can't hold any locks when calling zfs_freesp() */
1579			zfs_dirent_unlock(dl);
1580			dl = NULL;
1581			error = zfs_freesp(zp, 0, 0, mode, TRUE);
1582			if (error == 0) {
1583				vnevent_create(ZTOV(zp), ct);
1584			}
1585		}
1586	}
1587out:
1588
1589	if (dl)
1590		zfs_dirent_unlock(dl);
1591
1592	if (error) {
1593		if (zp)
1594			VN_RELE(ZTOV(zp));
1595	} else {
1596		*vpp = ZTOV(zp);
1597		error = specvp_check(vpp, cr);
1598	}
1599
1600	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1601		zil_commit(zilog, 0);
1602
1603	ZFS_EXIT(zfsvfs);
1604	return (error);
1605}
1606
1607/*
1608 * Remove an entry from a directory.
1609 *
1610 *	IN:	dvp	- vnode of directory to remove entry from.
1611 *		name	- name of entry to remove.
1612 *		cr	- credentials of caller.
1613 *		ct	- caller context
1614 *		flags	- case flags
1615 *
1616 *	RETURN:	0 on success, error code on failure.
1617 *
1618 * Timestamps:
1619 *	dvp - ctime|mtime
1620 *	 vp - ctime (if nlink > 0)
1621 */
1622
1623uint64_t null_xattr = 0;
1624
1625/*ARGSUSED*/
1626static int
1627zfs_remove(vnode_t *dvp, char *name, cred_t *cr, caller_context_t *ct,
1628    int flags)
1629{
1630	znode_t		*zp, *dzp = VTOZ(dvp);
1631	znode_t		*xzp;
1632	vnode_t		*vp;
1633	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1634	zilog_t		*zilog;
1635	uint64_t	acl_obj, xattr_obj;
1636	uint64_t	xattr_obj_unlinked = 0;
1637	uint64_t	obj = 0;
1638	zfs_dirlock_t	*dl;
1639	dmu_tx_t	*tx;
1640	boolean_t	may_delete_now, delete_now = FALSE;
1641	boolean_t	unlinked, toobig = FALSE;
1642	uint64_t	txtype;
1643	pathname_t	*realnmp = NULL;
1644	pathname_t	realnm;
1645	int		error;
1646	int		zflg = ZEXISTS;
1647	boolean_t	waited = B_FALSE;
1648
1649	ZFS_ENTER(zfsvfs);
1650	ZFS_VERIFY_ZP(dzp);
1651	zilog = zfsvfs->z_log;
1652
1653	if (flags & FIGNORECASE) {
1654		zflg |= ZCILOOK;
1655		pn_alloc(&realnm);
1656		realnmp = &realnm;
1657	}
1658
1659top:
1660	xattr_obj = 0;
1661	xzp = NULL;
1662	/*
1663	 * Attempt to lock directory; fail if entry doesn't exist.
1664	 */
1665	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1666	    NULL, realnmp)) {
1667		if (realnmp)
1668			pn_free(realnmp);
1669		ZFS_EXIT(zfsvfs);
1670		return (error);
1671	}
1672
1673	vp = ZTOV(zp);
1674
1675	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
1676		goto out;
1677	}
1678
1679	/*
1680	 * Need to use rmdir for removing directories.
1681	 */
1682	if (vp->v_type == VDIR) {
1683		error = SET_ERROR(EPERM);
1684		goto out;
1685	}
1686
1687	vnevent_remove(vp, dvp, name, ct);
1688
1689	if (realnmp)
1690		dnlc_remove(dvp, realnmp->pn_buf);
1691	else
1692		dnlc_remove(dvp, name);
1693
1694	mutex_enter(&vp->v_lock);
1695	may_delete_now = vp->v_count == 1 && !vn_has_cached_data(vp);
1696	mutex_exit(&vp->v_lock);
1697
1698	/*
1699	 * We may delete the znode now, or we may put it in the unlinked set;
1700	 * it depends on whether we're the last link, and on whether there are
1701	 * other holds on the vnode.  So we dmu_tx_hold() the right things to
1702	 * allow for either case.
1703	 */
1704	obj = zp->z_id;
1705	tx = dmu_tx_create(zfsvfs->z_os);
1706	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
1707	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
1708	zfs_sa_upgrade_txholds(tx, zp);
1709	zfs_sa_upgrade_txholds(tx, dzp);
1710	if (may_delete_now) {
1711		toobig =
1712		    zp->z_size > zp->z_blksz * DMU_MAX_DELETEBLKCNT;
1713		/* if the file is too big, only hold_free a token amount */
1714		dmu_tx_hold_free(tx, zp->z_id, 0,
1715		    (toobig ? DMU_MAX_ACCESS : DMU_OBJECT_END));
1716	}
1717
1718	/* are there any extended attributes? */
1719	error = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1720	    &xattr_obj, sizeof (xattr_obj));
1721	if (error == 0 && xattr_obj) {
1722		error = zfs_zget(zfsvfs, xattr_obj, &xzp);
1723		ASSERT0(error);
1724		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
1725		dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);
1726	}
1727
1728	mutex_enter(&zp->z_lock);
1729	if ((acl_obj = zfs_external_acl(zp)) != 0 && may_delete_now)
1730		dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END);
1731	mutex_exit(&zp->z_lock);
1732
1733	/* charge as an update -- would be nice not to charge at all */
1734	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
1735
1736	/*
1737	 * Mark this transaction as typically resulting in a net free of space
1738	 */
1739	dmu_tx_mark_netfree(tx);
1740
1741	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1742	if (error) {
1743		zfs_dirent_unlock(dl);
1744		VN_RELE(vp);
1745		if (xzp)
1746			VN_RELE(ZTOV(xzp));
1747		if (error == ERESTART) {
1748			waited = B_TRUE;
1749			dmu_tx_wait(tx);
1750			dmu_tx_abort(tx);
1751			goto top;
1752		}
1753		if (realnmp)
1754			pn_free(realnmp);
1755		dmu_tx_abort(tx);
1756		ZFS_EXIT(zfsvfs);
1757		return (error);
1758	}
1759
1760	/*
1761	 * Remove the directory entry.
1762	 */
1763	error = zfs_link_destroy(dl, zp, tx, zflg, &unlinked);
1764
1765	if (error) {
1766		dmu_tx_commit(tx);
1767		goto out;
1768	}
1769
1770	if (unlinked) {
1771		/*
1772		 * Hold z_lock so that we can make sure that the ACL obj
1773		 * hasn't changed.  Could have been deleted due to
1774		 * zfs_sa_upgrade().
1775		 */
1776		mutex_enter(&zp->z_lock);
1777		mutex_enter(&vp->v_lock);
1778		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1779		    &xattr_obj_unlinked, sizeof (xattr_obj_unlinked));
1780		delete_now = may_delete_now && !toobig &&
1781		    vp->v_count == 1 && !vn_has_cached_data(vp) &&
1782		    xattr_obj == xattr_obj_unlinked && zfs_external_acl(zp) ==
1783		    acl_obj;
1784		mutex_exit(&vp->v_lock);
1785	}
1786
1787	if (delete_now) {
1788		if (xattr_obj_unlinked) {
1789			ASSERT3U(xzp->z_links, ==, 2);
1790			mutex_enter(&xzp->z_lock);
1791			xzp->z_unlinked = 1;
1792			xzp->z_links = 0;
1793			error = sa_update(xzp->z_sa_hdl, SA_ZPL_LINKS(zfsvfs),
1794			    &xzp->z_links, sizeof (xzp->z_links), tx);
1795			ASSERT3U(error,  ==,  0);
1796			mutex_exit(&xzp->z_lock);
1797			zfs_unlinked_add(xzp, tx);
1798
1799			if (zp->z_is_sa)
1800				error = sa_remove(zp->z_sa_hdl,
1801				    SA_ZPL_XATTR(zfsvfs), tx);
1802			else
1803				error = sa_update(zp->z_sa_hdl,
1804				    SA_ZPL_XATTR(zfsvfs), &null_xattr,
1805				    sizeof (uint64_t), tx);
1806			ASSERT0(error);
1807		}
1808		mutex_enter(&vp->v_lock);
1809		vp->v_count--;
1810		ASSERT0(vp->v_count);
1811		mutex_exit(&vp->v_lock);
1812		mutex_exit(&zp->z_lock);
1813		zfs_znode_delete(zp, tx);
1814	} else if (unlinked) {
1815		mutex_exit(&zp->z_lock);
1816		zfs_unlinked_add(zp, tx);
1817	}
1818
1819	txtype = TX_REMOVE;
1820	if (flags & FIGNORECASE)
1821		txtype |= TX_CI;
1822	zfs_log_remove(zilog, tx, txtype, dzp, name, obj);
1823
1824	dmu_tx_commit(tx);
1825out:
1826	if (realnmp)
1827		pn_free(realnmp);
1828
1829	zfs_dirent_unlock(dl);
1830
1831	if (!delete_now)
1832		VN_RELE(vp);
1833	if (xzp)
1834		VN_RELE(ZTOV(xzp));
1835
1836	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1837		zil_commit(zilog, 0);
1838
1839	ZFS_EXIT(zfsvfs);
1840	return (error);
1841}
1842
1843/*
1844 * Create a new directory and insert it into dvp using the name
1845 * provided.  Return a pointer to the inserted directory.
1846 *
1847 *	IN:	dvp	- vnode of directory to add subdir to.
1848 *		dirname	- name of new directory.
1849 *		vap	- attributes of new directory.
1850 *		cr	- credentials of caller.
1851 *		ct	- caller context
1852 *		flags	- case flags
1853 *		vsecp	- ACL to be set
1854 *
1855 *	OUT:	vpp	- vnode of created directory.
1856 *
1857 *	RETURN:	0 on success, error code on failure.
1858 *
1859 * Timestamps:
1860 *	dvp - ctime|mtime updated
1861 *	 vp - ctime|mtime|atime updated
1862 */
1863/*ARGSUSED*/
1864static int
1865zfs_mkdir(vnode_t *dvp, char *dirname, vattr_t *vap, vnode_t **vpp, cred_t *cr,
1866    caller_context_t *ct, int flags, vsecattr_t *vsecp)
1867{
1868	znode_t		*zp, *dzp = VTOZ(dvp);
1869	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1870	zilog_t		*zilog;
1871	zfs_dirlock_t	*dl;
1872	uint64_t	txtype;
1873	dmu_tx_t	*tx;
1874	int		error;
1875	int		zf = ZNEW;
1876	ksid_t		*ksid;
1877	uid_t		uid;
1878	gid_t		gid = crgetgid(cr);
1879	zfs_acl_ids_t   acl_ids;
1880	boolean_t	fuid_dirtied;
1881	boolean_t	waited = B_FALSE;
1882
1883	ASSERT(vap->va_type == VDIR);
1884
1885	/*
1886	 * If we have an ephemeral id, ACL, or XVATTR then
1887	 * make sure file system is at proper version
1888	 */
1889
1890	ksid = crgetsid(cr, KSID_OWNER);
1891	if (ksid)
1892		uid = ksid_getid(ksid);
1893	else
1894		uid = crgetuid(cr);
1895	if (zfsvfs->z_use_fuids == B_FALSE &&
1896	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1897	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1898		return (SET_ERROR(EINVAL));
1899
1900	ZFS_ENTER(zfsvfs);
1901	ZFS_VERIFY_ZP(dzp);
1902	zilog = zfsvfs->z_log;
1903
1904	if (dzp->z_pflags & ZFS_XATTR) {
1905		ZFS_EXIT(zfsvfs);
1906		return (SET_ERROR(EINVAL));
1907	}
1908
1909	if (zfsvfs->z_utf8 && u8_validate(dirname,
1910	    strlen(dirname), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1911		ZFS_EXIT(zfsvfs);
1912		return (SET_ERROR(EILSEQ));
1913	}
1914	if (flags & FIGNORECASE)
1915		zf |= ZCILOOK;
1916
1917	if (vap->va_mask & AT_XVATTR) {
1918		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1919		    crgetuid(cr), cr, vap->va_type)) != 0) {
1920			ZFS_EXIT(zfsvfs);
1921			return (error);
1922		}
1923	}
1924
1925	if ((error = zfs_acl_ids_create(dzp, 0, vap, cr,
1926	    vsecp, &acl_ids)) != 0) {
1927		ZFS_EXIT(zfsvfs);
1928		return (error);
1929	}
1930	/*
1931	 * First make sure the new directory doesn't exist.
1932	 *
1933	 * Existence is checked first to make sure we don't return
1934	 * EACCES instead of EEXIST which can cause some applications
1935	 * to fail.
1936	 */
1937top:
1938	*vpp = NULL;
1939
1940	if (error = zfs_dirent_lock(&dl, dzp, dirname, &zp, zf,
1941	    NULL, NULL)) {
1942		zfs_acl_ids_free(&acl_ids);
1943		ZFS_EXIT(zfsvfs);
1944		return (error);
1945	}
1946
1947	if (error = zfs_zaccess(dzp, ACE_ADD_SUBDIRECTORY, 0, B_FALSE, cr)) {
1948		zfs_acl_ids_free(&acl_ids);
1949		zfs_dirent_unlock(dl);
1950		ZFS_EXIT(zfsvfs);
1951		return (error);
1952	}
1953
1954	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1955		zfs_acl_ids_free(&acl_ids);
1956		zfs_dirent_unlock(dl);
1957		ZFS_EXIT(zfsvfs);
1958		return (SET_ERROR(EDQUOT));
1959	}
1960
1961	/*
1962	 * Add a new entry to the directory.
1963	 */
1964	tx = dmu_tx_create(zfsvfs->z_os);
1965	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, dirname);
1966	dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
1967	fuid_dirtied = zfsvfs->z_fuid_dirty;
1968	if (fuid_dirtied)
1969		zfs_fuid_txhold(zfsvfs, tx);
1970	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1971		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
1972		    acl_ids.z_aclp->z_acl_bytes);
1973	}
1974
1975	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1976	    ZFS_SA_BASE_ATTR_SIZE);
1977
1978	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1979	if (error) {
1980		zfs_dirent_unlock(dl);
1981		if (error == ERESTART) {
1982			waited = B_TRUE;
1983			dmu_tx_wait(tx);
1984			dmu_tx_abort(tx);
1985			goto top;
1986		}
1987		zfs_acl_ids_free(&acl_ids);
1988		dmu_tx_abort(tx);
1989		ZFS_EXIT(zfsvfs);
1990		return (error);
1991	}
1992
1993	/*
1994	 * Create new node.
1995	 */
1996	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1997
1998	if (fuid_dirtied)
1999		zfs_fuid_sync(zfsvfs, tx);
2000
2001	/*
2002	 * Now put new name in parent dir.
2003	 */
2004	(void) zfs_link_create(dl, zp, tx, ZNEW);
2005
2006	*vpp = ZTOV(zp);
2007
2008	txtype = zfs_log_create_txtype(Z_DIR, vsecp, vap);
2009	if (flags & FIGNORECASE)
2010		txtype |= TX_CI;
2011	zfs_log_create(zilog, tx, txtype, dzp, zp, dirname, vsecp,
2012	    acl_ids.z_fuidp, vap);
2013
2014	zfs_acl_ids_free(&acl_ids);
2015
2016	dmu_tx_commit(tx);
2017
2018	zfs_dirent_unlock(dl);
2019
2020	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
2021		zil_commit(zilog, 0);
2022
2023	ZFS_EXIT(zfsvfs);
2024	return (0);
2025}
2026
2027/*
2028 * Remove a directory subdir entry.  If the current working
2029 * directory is the same as the subdir to be removed, the
2030 * remove will fail.
2031 *
2032 *	IN:	dvp	- vnode of directory to remove from.
2033 *		name	- name of directory to be removed.
2034 *		cwd	- vnode of current working directory.
2035 *		cr	- credentials of caller.
2036 *		ct	- caller context
2037 *		flags	- case flags
2038 *
2039 *	RETURN:	0 on success, error code on failure.
2040 *
2041 * Timestamps:
2042 *	dvp - ctime|mtime updated
2043 */
2044/*ARGSUSED*/
2045static int
2046zfs_rmdir(vnode_t *dvp, char *name, vnode_t *cwd, cred_t *cr,
2047    caller_context_t *ct, int flags)
2048{
2049	znode_t		*dzp = VTOZ(dvp);
2050	znode_t		*zp;
2051	vnode_t		*vp;
2052	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
2053	zilog_t		*zilog;
2054	zfs_dirlock_t	*dl;
2055	dmu_tx_t	*tx;
2056	int		error;
2057	int		zflg = ZEXISTS;
2058	boolean_t	waited = B_FALSE;
2059
2060	ZFS_ENTER(zfsvfs);
2061	ZFS_VERIFY_ZP(dzp);
2062	zilog = zfsvfs->z_log;
2063
2064	if (flags & FIGNORECASE)
2065		zflg |= ZCILOOK;
2066top:
2067	zp = NULL;
2068
2069	/*
2070	 * Attempt to lock directory; fail if entry doesn't exist.
2071	 */
2072	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
2073	    NULL, NULL)) {
2074		ZFS_EXIT(zfsvfs);
2075		return (error);
2076	}
2077
2078	vp = ZTOV(zp);
2079
2080	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
2081		goto out;
2082	}
2083
2084	if (vp->v_type != VDIR) {
2085		error = SET_ERROR(ENOTDIR);
2086		goto out;
2087	}
2088
2089	if (vp == cwd) {
2090		error = SET_ERROR(EINVAL);
2091		goto out;
2092	}
2093
2094	vnevent_rmdir(vp, dvp, name, ct);
2095
2096	/*
2097	 * Grab a lock on the directory to make sure that noone is
2098	 * trying to add (or lookup) entries while we are removing it.
2099	 */
2100	rw_enter(&zp->z_name_lock, RW_WRITER);
2101
2102	/*
2103	 * Grab a lock on the parent pointer to make sure we play well
2104	 * with the treewalk and directory rename code.
2105	 */
2106	rw_enter(&zp->z_parent_lock, RW_WRITER);
2107
2108	tx = dmu_tx_create(zfsvfs->z_os);
2109	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
2110	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
2111	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
2112	zfs_sa_upgrade_txholds(tx, zp);
2113	zfs_sa_upgrade_txholds(tx, dzp);
2114	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
2115	if (error) {
2116		rw_exit(&zp->z_parent_lock);
2117		rw_exit(&zp->z_name_lock);
2118		zfs_dirent_unlock(dl);
2119		VN_RELE(vp);
2120		if (error == ERESTART) {
2121			waited = B_TRUE;
2122			dmu_tx_wait(tx);
2123			dmu_tx_abort(tx);
2124			goto top;
2125		}
2126		dmu_tx_abort(tx);
2127		ZFS_EXIT(zfsvfs);
2128		return (error);
2129	}
2130
2131	error = zfs_link_destroy(dl, zp, tx, zflg, NULL);
2132
2133	if (error == 0) {
2134		uint64_t txtype = TX_RMDIR;
2135		if (flags & FIGNORECASE)
2136			txtype |= TX_CI;
2137		zfs_log_remove(zilog, tx, txtype, dzp, name, ZFS_NO_OBJECT);
2138	}
2139
2140	dmu_tx_commit(tx);
2141
2142	rw_exit(&zp->z_parent_lock);
2143	rw_exit(&zp->z_name_lock);
2144out:
2145	zfs_dirent_unlock(dl);
2146
2147	VN_RELE(vp);
2148
2149	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
2150		zil_commit(zilog, 0);
2151
2152	ZFS_EXIT(zfsvfs);
2153	return (error);
2154}
2155
2156/*
2157 * Read as many directory entries as will fit into the provided
2158 * buffer from the given directory cursor position (specified in
2159 * the uio structure).
2160 *
2161 *	IN:	vp	- vnode of directory to read.
2162 *		uio	- structure supplying read location, range info,
2163 *			  and return buffer.
2164 *		cr	- credentials of caller.
2165 *		ct	- caller context
2166 *		flags	- case flags
2167 *
2168 *	OUT:	uio	- updated offset and range, buffer filled.
2169 *		eofp	- set to true if end-of-file detected.
2170 *
2171 *	RETURN:	0 on success, error code on failure.
2172 *
2173 * Timestamps:
2174 *	vp - atime updated
2175 *
2176 * Note that the low 4 bits of the cookie returned by zap is always zero.
2177 * This allows us to use the low range for "special" directory entries:
2178 * We use 0 for '.', and 1 for '..'.  If this is the root of the filesystem,
2179 * we use the offset 2 for the '.zfs' directory.
2180 */
2181/* ARGSUSED */
2182static int
2183zfs_readdir(vnode_t *vp, uio_t *uio, cred_t *cr, int *eofp,
2184    caller_context_t *ct, int flags)
2185{
2186	znode_t		*zp = VTOZ(vp);
2187	iovec_t		*iovp;
2188	edirent_t	*eodp;
2189	dirent64_t	*odp;
2190	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2191	objset_t	*os;
2192	caddr_t		outbuf;
2193	size_t		bufsize;
2194	zap_cursor_t	zc;
2195	zap_attribute_t	zap;
2196	uint_t		bytes_wanted;
2197	uint64_t	offset; /* must be unsigned; checks for < 1 */
2198	uint64_t	parent;
2199	int		local_eof;
2200	int		outcount;
2201	int		error;
2202	uint8_t		prefetch;
2203	boolean_t	check_sysattrs;
2204
2205	ZFS_ENTER(zfsvfs);
2206	ZFS_VERIFY_ZP(zp);
2207
2208	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
2209	    &parent, sizeof (parent))) != 0) {
2210		ZFS_EXIT(zfsvfs);
2211		return (error);
2212	}
2213
2214	/*
2215	 * If we are not given an eof variable,
2216	 * use a local one.
2217	 */
2218	if (eofp == NULL)
2219		eofp = &local_eof;
2220
2221	/*
2222	 * Check for valid iov_len.
2223	 */
2224	if (uio->uio_iov->iov_len <= 0) {
2225		ZFS_EXIT(zfsvfs);
2226		return (SET_ERROR(EINVAL));
2227	}
2228
2229	/*
2230	 * Quit if directory has been removed (posix)
2231	 */
2232	if ((*eofp = zp->z_unlinked) != 0) {
2233		ZFS_EXIT(zfsvfs);
2234		return (0);
2235	}
2236
2237	error = 0;
2238	os = zfsvfs->z_os;
2239	offset = uio->uio_loffset;
2240	prefetch = zp->z_zn_prefetch;
2241
2242	/*
2243	 * Initialize the iterator cursor.
2244	 */
2245	if (offset <= 3) {
2246		/*
2247		 * Start iteration from the beginning of the directory.
2248		 */
2249		zap_cursor_init(&zc, os, zp->z_id);
2250	} else {
2251		/*
2252		 * The offset is a serialized cursor.
2253		 */
2254		zap_cursor_init_serialized(&zc, os, zp->z_id, offset);
2255	}
2256
2257	/*
2258	 * Get space to change directory entries into fs independent format.
2259	 */
2260	iovp = uio->uio_iov;
2261	bytes_wanted = iovp->iov_len;
2262	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) {
2263		bufsize = bytes_wanted;
2264		outbuf = kmem_alloc(bufsize, KM_SLEEP);
2265		odp = (struct dirent64 *)outbuf;
2266	} else {
2267		bufsize = bytes_wanted;
2268		outbuf = NULL;
2269		odp = (struct dirent64 *)iovp->iov_base;
2270	}
2271	eodp = (struct edirent *)odp;
2272
2273	/*
2274	 * If this VFS supports the system attribute view interface; and
2275	 * we're looking at an extended attribute directory; and we care
2276	 * about normalization conflicts on this vfs; then we must check
2277	 * for normalization conflicts with the sysattr name space.
2278	 */
2279	check_sysattrs = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
2280	    (vp->v_flag & V_XATTRDIR) && zfsvfs->z_norm &&
2281	    (flags & V_RDDIR_ENTFLAGS);
2282
2283	/*
2284	 * Transform to file-system independent format
2285	 */
2286	outcount = 0;
2287	while (outcount < bytes_wanted) {
2288		ino64_t objnum;
2289		ushort_t reclen;
2290		off64_t *next = NULL;
2291
2292		/*
2293		 * Special case `.', `..', and `.zfs'.
2294		 */
2295		if (offset == 0) {
2296			(void) strcpy(zap.za_name, ".");
2297			zap.za_normalization_conflict = 0;
2298			objnum = zp->z_id;
2299		} else if (offset == 1) {
2300			(void) strcpy(zap.za_name, "..");
2301			zap.za_normalization_conflict = 0;
2302			objnum = parent;
2303		} else if (offset == 2 && zfs_show_ctldir(zp)) {
2304			(void) strcpy(zap.za_name, ZFS_CTLDIR_NAME);
2305			zap.za_normalization_conflict = 0;
2306			objnum = ZFSCTL_INO_ROOT;
2307		} else {
2308			/*
2309			 * Grab next entry.
2310			 */
2311			if (error = zap_cursor_retrieve(&zc, &zap)) {
2312				if ((*eofp = (error == ENOENT)) != 0)
2313					break;
2314				else
2315					goto update;
2316			}
2317
2318			if (zap.za_integer_length != 8 ||
2319			    zap.za_num_integers != 1) {
2320				cmn_err(CE_WARN, "zap_readdir: bad directory "
2321				    "entry, obj = %lld, offset = %lld\n",
2322				    (u_longlong_t)zp->z_id,
2323				    (u_longlong_t)offset);
2324				error = SET_ERROR(ENXIO);
2325				goto update;
2326			}
2327
2328			objnum = ZFS_DIRENT_OBJ(zap.za_first_integer);
2329			/*
2330			 * MacOS X can extract the object type here such as:
2331			 * uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);
2332			 */
2333
2334			if (check_sysattrs && !zap.za_normalization_conflict) {
2335				zap.za_normalization_conflict =
2336				    xattr_sysattr_casechk(zap.za_name);
2337			}
2338		}
2339
2340		if (flags & V_RDDIR_ACCFILTER) {
2341			/*
2342			 * If we have no access at all, don't include
2343			 * this entry in the returned information
2344			 */
2345			znode_t	*ezp;
2346			if (zfs_zget(zp->z_zfsvfs, objnum, &ezp) != 0)
2347				goto skip_entry;
2348			if (!zfs_has_access(ezp, cr)) {
2349				VN_RELE(ZTOV(ezp));
2350				goto skip_entry;
2351			}
2352			VN_RELE(ZTOV(ezp));
2353		}
2354
2355		if (flags & V_RDDIR_ENTFLAGS)
2356			reclen = EDIRENT_RECLEN(strlen(zap.za_name));
2357		else
2358			reclen = DIRENT64_RECLEN(strlen(zap.za_name));
2359
2360		/*
2361		 * Will this entry fit in the buffer?
2362		 */
2363		if (outcount + reclen > bufsize) {
2364			/*
2365			 * Did we manage to fit anything in the buffer?
2366			 */
2367			if (!outcount) {
2368				error = SET_ERROR(EINVAL);
2369				goto update;
2370			}
2371			break;
2372		}
2373		if (flags & V_RDDIR_ENTFLAGS) {
2374			/*
2375			 * Add extended flag entry:
2376			 */
2377			eodp->ed_ino = objnum;
2378			eodp->ed_reclen = reclen;
2379			/* NOTE: ed_off is the offset for the *next* entry */
2380			next = &(eodp->ed_off);
2381			eodp->ed_eflags = zap.za_normalization_conflict ?
2382			    ED_CASE_CONFLICT : 0;
2383			(void) strncpy(eodp->ed_name, zap.za_name,
2384			    EDIRENT_NAMELEN(reclen));
2385			eodp = (edirent_t *)((intptr_t)eodp + reclen);
2386		} else {
2387			/*
2388			 * Add normal entry:
2389			 */
2390			odp->d_ino = objnum;
2391			odp->d_reclen = reclen;
2392			/* NOTE: d_off is the offset for the *next* entry */
2393			next = &(odp->d_off);
2394			(void) strncpy(odp->d_name, zap.za_name,
2395			    DIRENT64_NAMELEN(reclen));
2396			odp = (dirent64_t *)((intptr_t)odp + reclen);
2397		}
2398		outcount += reclen;
2399
2400		ASSERT(outcount <= bufsize);
2401
2402		/* Prefetch znode */
2403		if (prefetch)
2404			dmu_prefetch(os, objnum, 0, 0, 0,
2405			    ZIO_PRIORITY_SYNC_READ);
2406
2407	skip_entry:
2408		/*
2409		 * Move to the next entry, fill in the previous offset.
2410		 */
2411		if (offset > 2 || (offset == 2 && !zfs_show_ctldir(zp))) {
2412			zap_cursor_advance(&zc);
2413			offset = zap_cursor_serialize(&zc);
2414		} else {
2415			offset += 1;
2416		}
2417		if (next)
2418			*next = offset;
2419	}
2420	zp->z_zn_prefetch = B_FALSE; /* a lookup will re-enable pre-fetching */
2421
2422	if (uio->uio_segflg == UIO_SYSSPACE && uio->uio_iovcnt == 1) {
2423		iovp->iov_base += outcount;
2424		iovp->iov_len -= outcount;
2425		uio->uio_resid -= outcount;
2426	} else if (error = uiomove(outbuf, (long)outcount, UIO_READ, uio)) {
2427		/*
2428		 * Reset the pointer.
2429		 */
2430		offset = uio->uio_loffset;
2431	}
2432
2433update:
2434	zap_cursor_fini(&zc);
2435	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
2436		kmem_free(outbuf, bufsize);
2437
2438	if (error == ENOENT)
2439		error = 0;
2440
2441	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
2442
2443	uio->uio_loffset = offset;
2444	ZFS_EXIT(zfsvfs);
2445	return (error);
2446}
2447
2448ulong_t zfs_fsync_sync_cnt = 4;
2449
2450static int
2451zfs_fsync(vnode_t *vp, int syncflag, cred_t *cr, caller_context_t *ct)
2452{
2453	znode_t	*zp = VTOZ(vp);
2454	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2455
2456	/*
2457	 * Regardless of whether this is required for standards conformance,
2458	 * this is the logical behavior when fsync() is called on a file with
2459	 * dirty pages.  We use B_ASYNC since the ZIL transactions are already
2460	 * going to be pushed out as part of the zil_commit().
2461	 */
2462	if (vn_has_cached_data(vp) && !(syncflag & FNODSYNC) &&
2463	    (vp->v_type == VREG) && !(IS_SWAPVP(vp)))
2464		(void) VOP_PUTPAGE(vp, (offset_t)0, (size_t)0, B_ASYNC, cr, ct);
2465
2466	(void) tsd_set(zfs_fsyncer_key, (void *)zfs_fsync_sync_cnt);
2467
2468	if (zfsvfs->z_os->os_sync != ZFS_SYNC_DISABLED) {
2469		ZFS_ENTER(zfsvfs);
2470		ZFS_VERIFY_ZP(zp);
2471		zil_commit(zfsvfs->z_log, zp->z_id);
2472		ZFS_EXIT(zfsvfs);
2473	}
2474	return (0);
2475}
2476
2477
2478/*
2479 * Get the requested file attributes and place them in the provided
2480 * vattr structure.
2481 *
2482 *	IN:	vp	- vnode of file.
2483 *		vap	- va_mask identifies requested attributes.
2484 *			  If AT_XVATTR set, then optional attrs are requested
2485 *		flags	- ATTR_NOACLCHECK (CIFS server context)
2486 *		cr	- credentials of caller.
2487 *		ct	- caller context
2488 *
2489 *	OUT:	vap	- attribute values.
2490 *
2491 *	RETURN:	0 (always succeeds).
2492 */
2493/* ARGSUSED */
2494static int
2495zfs_getattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2496    caller_context_t *ct)
2497{
2498	znode_t *zp = VTOZ(vp);
2499	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2500	int	error = 0;
2501	uint64_t links;
2502	uint64_t mtime[2], ctime[2];
2503	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2504	xoptattr_t *xoap = NULL;
2505	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2506	sa_bulk_attr_t bulk[2];
2507	int count = 0;
2508
2509	ZFS_ENTER(zfsvfs);
2510	ZFS_VERIFY_ZP(zp);
2511
2512	zfs_fuid_map_ids(zp, cr, &vap->va_uid, &vap->va_gid);
2513
2514	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
2515	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
2516
2517	if ((error = sa_bulk_lookup(zp->z_sa_hdl, bulk, count)) != 0) {
2518		ZFS_EXIT(zfsvfs);
2519		return (error);
2520	}
2521
2522	/*
2523	 * If ACL is trivial don't bother looking for ACE_READ_ATTRIBUTES.
2524	 * Also, if we are the owner don't bother, since owner should
2525	 * always be allowed to read basic attributes of file.
2526	 */
2527	if (!(zp->z_pflags & ZFS_ACL_TRIVIAL) &&
2528	    (vap->va_uid != crgetuid(cr))) {
2529		if (error = zfs_zaccess(zp, ACE_READ_ATTRIBUTES, 0,
2530		    skipaclchk, cr)) {
2531			ZFS_EXIT(zfsvfs);
2532			return (error);
2533		}
2534	}
2535
2536	/*
2537	 * Return all attributes.  It's cheaper to provide the answer
2538	 * than to determine whether we were asked the question.
2539	 */
2540
2541	mutex_enter(&zp->z_lock);
2542	vap->va_type = vp->v_type;
2543	vap->va_mode = zp->z_mode & MODEMASK;
2544	vap->va_fsid = zp->z_zfsvfs->z_vfs->vfs_dev;
2545	vap->va_nodeid = zp->z_id;
2546	if ((vp->v_flag & VROOT) && zfs_show_ctldir(zp))
2547		links = zp->z_links + 1;
2548	else
2549		links = zp->z_links;
2550	vap->va_nlink = MIN(links, UINT32_MAX);	/* nlink_t limit! */
2551	vap->va_size = zp->z_size;
2552	vap->va_rdev = vp->v_rdev;
2553	vap->va_seq = zp->z_seq;
2554
2555	/*
2556	 * Add in any requested optional attributes and the create time.
2557	 * Also set the corresponding bits in the returned attribute bitmap.
2558	 */
2559	if ((xoap = xva_getxoptattr(xvap)) != NULL && zfsvfs->z_use_fuids) {
2560		if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE)) {
2561			xoap->xoa_archive =
2562			    ((zp->z_pflags & ZFS_ARCHIVE) != 0);
2563			XVA_SET_RTN(xvap, XAT_ARCHIVE);
2564		}
2565
2566		if (XVA_ISSET_REQ(xvap, XAT_READONLY)) {
2567			xoap->xoa_readonly =
2568			    ((zp->z_pflags & ZFS_READONLY) != 0);
2569			XVA_SET_RTN(xvap, XAT_READONLY);
2570		}
2571
2572		if (XVA_ISSET_REQ(xvap, XAT_SYSTEM)) {
2573			xoap->xoa_system =
2574			    ((zp->z_pflags & ZFS_SYSTEM) != 0);
2575			XVA_SET_RTN(xvap, XAT_SYSTEM);
2576		}
2577
2578		if (XVA_ISSET_REQ(xvap, XAT_HIDDEN)) {
2579			xoap->xoa_hidden =
2580			    ((zp->z_pflags & ZFS_HIDDEN) != 0);
2581			XVA_SET_RTN(xvap, XAT_HIDDEN);
2582		}
2583
2584		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2585			xoap->xoa_nounlink =
2586			    ((zp->z_pflags & ZFS_NOUNLINK) != 0);
2587			XVA_SET_RTN(xvap, XAT_NOUNLINK);
2588		}
2589
2590		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2591			xoap->xoa_immutable =
2592			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0);
2593			XVA_SET_RTN(xvap, XAT_IMMUTABLE);
2594		}
2595
2596		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2597			xoap->xoa_appendonly =
2598			    ((zp->z_pflags & ZFS_APPENDONLY) != 0);
2599			XVA_SET_RTN(xvap, XAT_APPENDONLY);
2600		}
2601
2602		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2603			xoap->xoa_nodump =
2604			    ((zp->z_pflags & ZFS_NODUMP) != 0);
2605			XVA_SET_RTN(xvap, XAT_NODUMP);
2606		}
2607
2608		if (XVA_ISSET_REQ(xvap, XAT_OPAQUE)) {
2609			xoap->xoa_opaque =
2610			    ((zp->z_pflags & ZFS_OPAQUE) != 0);
2611			XVA_SET_RTN(xvap, XAT_OPAQUE);
2612		}
2613
2614		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2615			xoap->xoa_av_quarantined =
2616			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0);
2617			XVA_SET_RTN(xvap, XAT_AV_QUARANTINED);
2618		}
2619
2620		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2621			xoap->xoa_av_modified =
2622			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0);
2623			XVA_SET_RTN(xvap, XAT_AV_MODIFIED);
2624		}
2625
2626		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) &&
2627		    vp->v_type == VREG) {
2628			zfs_sa_get_scanstamp(zp, xvap);
2629		}
2630
2631		if (XVA_ISSET_REQ(xvap, XAT_CREATETIME)) {
2632			uint64_t times[2];
2633
2634			(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_CRTIME(zfsvfs),
2635			    times, sizeof (times));
2636			ZFS_TIME_DECODE(&xoap->xoa_createtime, times);
2637			XVA_SET_RTN(xvap, XAT_CREATETIME);
2638		}
2639
2640		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2641			xoap->xoa_reparse = ((zp->z_pflags & ZFS_REPARSE) != 0);
2642			XVA_SET_RTN(xvap, XAT_REPARSE);
2643		}
2644		if (XVA_ISSET_REQ(xvap, XAT_GEN)) {
2645			xoap->xoa_generation = zp->z_gen;
2646			XVA_SET_RTN(xvap, XAT_GEN);
2647		}
2648
2649		if (XVA_ISSET_REQ(xvap, XAT_OFFLINE)) {
2650			xoap->xoa_offline =
2651			    ((zp->z_pflags & ZFS_OFFLINE) != 0);
2652			XVA_SET_RTN(xvap, XAT_OFFLINE);
2653		}
2654
2655		if (XVA_ISSET_REQ(xvap, XAT_SPARSE)) {
2656			xoap->xoa_sparse =
2657			    ((zp->z_pflags & ZFS_SPARSE) != 0);
2658			XVA_SET_RTN(xvap, XAT_SPARSE);
2659		}
2660	}
2661
2662	ZFS_TIME_DECODE(&vap->va_atime, zp->z_atime);
2663	ZFS_TIME_DECODE(&vap->va_mtime, mtime);
2664	ZFS_TIME_DECODE(&vap->va_ctime, ctime);
2665
2666	mutex_exit(&zp->z_lock);
2667
2668	sa_object_size(zp->z_sa_hdl, &vap->va_blksize, &vap->va_nblocks);
2669
2670	if (zp->z_blksz == 0) {
2671		/*
2672		 * Block size hasn't been set; suggest maximal I/O transfers.
2673		 */
2674		vap->va_blksize = zfsvfs->z_max_blksz;
2675	}
2676
2677	ZFS_EXIT(zfsvfs);
2678	return (0);
2679}
2680
2681/*
2682 * Set the file attributes to the values contained in the
2683 * vattr structure.
2684 *
2685 *	IN:	vp	- vnode of file to be modified.
2686 *		vap	- new attribute values.
2687 *			  If AT_XVATTR set, then optional attrs are being set
2688 *		flags	- ATTR_UTIME set if non-default time values provided.
2689 *			- ATTR_NOACLCHECK (CIFS context only).
2690 *		cr	- credentials of caller.
2691 *		ct	- caller context
2692 *
2693 *	RETURN:	0 on success, error code on failure.
2694 *
2695 * Timestamps:
2696 *	vp - ctime updated, mtime updated if size changed.
2697 */
2698/* ARGSUSED */
2699static int
2700zfs_setattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2701    caller_context_t *ct)
2702{
2703	znode_t		*zp = VTOZ(vp);
2704	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2705	zilog_t		*zilog;
2706	dmu_tx_t	*tx;
2707	vattr_t		oldva;
2708	xvattr_t	tmpxvattr;
2709	uint_t		mask = vap->va_mask;
2710	uint_t		saved_mask = 0;
2711	int		trim_mask = 0;
2712	uint64_t	new_mode;
2713	uint64_t	new_uid, new_gid;
2714	uint64_t	xattr_obj;
2715	uint64_t	mtime[2], ctime[2];
2716	znode_t		*attrzp;
2717	int		need_policy = FALSE;
2718	int		err, err2;
2719	zfs_fuid_info_t *fuidp = NULL;
2720	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2721	xoptattr_t	*xoap;
2722	zfs_acl_t	*aclp;
2723	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2724	boolean_t	fuid_dirtied = B_FALSE;
2725	sa_bulk_attr_t	bulk[7], xattr_bulk[7];
2726	int		count = 0, xattr_count = 0;
2727
2728	if (mask == 0)
2729		return (0);
2730
2731	if (mask & AT_NOSET)
2732		return (SET_ERROR(EINVAL));
2733
2734	ZFS_ENTER(zfsvfs);
2735	ZFS_VERIFY_ZP(zp);
2736
2737	zilog = zfsvfs->z_log;
2738
2739	/*
2740	 * Make sure that if we have ephemeral uid/gid or xvattr specified
2741	 * that file system is at proper version level
2742	 */
2743
2744	if (zfsvfs->z_use_fuids == B_FALSE &&
2745	    (((mask & AT_UID) && IS_EPHEMERAL(vap->va_uid)) ||
2746	    ((mask & AT_GID) && IS_EPHEMERAL(vap->va_gid)) ||
2747	    (mask & AT_XVATTR))) {
2748		ZFS_EXIT(zfsvfs);
2749		return (SET_ERROR(EINVAL));
2750	}
2751
2752	if (mask & AT_SIZE && vp->v_type == VDIR) {
2753		ZFS_EXIT(zfsvfs);
2754		return (SET_ERROR(EISDIR));
2755	}
2756
2757	if (mask & AT_SIZE && vp->v_type != VREG && vp->v_type != VFIFO) {
2758		ZFS_EXIT(zfsvfs);
2759		return (SET_ERROR(EINVAL));
2760	}
2761
2762	/*
2763	 * If this is an xvattr_t, then get a pointer to the structure of
2764	 * optional attributes.  If this is NULL, then we have a vattr_t.
2765	 */
2766	xoap = xva_getxoptattr(xvap);
2767
2768	xva_init(&tmpxvattr);
2769
2770	/*
2771	 * Immutable files can only alter immutable bit and atime
2772	 */
2773	if ((zp->z_pflags & ZFS_IMMUTABLE) &&
2774	    ((mask & (AT_SIZE|AT_UID|AT_GID|AT_MTIME|AT_MODE)) ||
2775	    ((mask & AT_XVATTR) && XVA_ISSET_REQ(xvap, XAT_CREATETIME)))) {
2776		ZFS_EXIT(zfsvfs);
2777		return (SET_ERROR(EPERM));
2778	}
2779
2780	if ((mask & AT_SIZE) && (zp->z_pflags & ZFS_READONLY)) {
2781		ZFS_EXIT(zfsvfs);
2782		return (SET_ERROR(EPERM));
2783	}
2784
2785	/*
2786	 * Verify timestamps doesn't overflow 32 bits.
2787	 * ZFS can handle large timestamps, but 32bit syscalls can't
2788	 * handle times greater than 2039.  This check should be removed
2789	 * once large timestamps are fully supported.
2790	 */
2791	if (mask & (AT_ATIME | AT_MTIME)) {
2792		if (((mask & AT_ATIME) && TIMESPEC_OVERFLOW(&vap->va_atime)) ||
2793		    ((mask & AT_MTIME) && TIMESPEC_OVERFLOW(&vap->va_mtime))) {
2794			ZFS_EXIT(zfsvfs);
2795			return (SET_ERROR(EOVERFLOW));
2796		}
2797	}
2798
2799top:
2800	attrzp = NULL;
2801	aclp = NULL;
2802
2803	/* Can this be moved to before the top label? */
2804	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
2805		ZFS_EXIT(zfsvfs);
2806		return (SET_ERROR(EROFS));
2807	}
2808
2809	/*
2810	 * First validate permissions
2811	 */
2812
2813	if (mask & AT_SIZE) {
2814		err = zfs_zaccess(zp, ACE_WRITE_DATA, 0, skipaclchk, cr);
2815		if (err) {
2816			ZFS_EXIT(zfsvfs);
2817			return (err);
2818		}
2819		/*
2820		 * XXX - Note, we are not providing any open
2821		 * mode flags here (like FNDELAY), so we may
2822		 * block if there are locks present... this
2823		 * should be addressed in openat().
2824		 */
2825		/* XXX - would it be OK to generate a log record here? */
2826		err = zfs_freesp(zp, vap->va_size, 0, 0, FALSE);
2827		if (err) {
2828			ZFS_EXIT(zfsvfs);
2829			return (err);
2830		}
2831
2832		if (vap->va_size == 0)
2833			vnevent_truncate(ZTOV(zp), ct);
2834	}
2835
2836	if (mask & (AT_ATIME|AT_MTIME) ||
2837	    ((mask & AT_XVATTR) && (XVA_ISSET_REQ(xvap, XAT_HIDDEN) ||
2838	    XVA_ISSET_REQ(xvap, XAT_READONLY) ||
2839	    XVA_ISSET_REQ(xvap, XAT_ARCHIVE) ||
2840	    XVA_ISSET_REQ(xvap, XAT_OFFLINE) ||
2841	    XVA_ISSET_REQ(xvap, XAT_SPARSE) ||
2842	    XVA_ISSET_REQ(xvap, XAT_CREATETIME) ||
2843	    XVA_ISSET_REQ(xvap, XAT_SYSTEM)))) {
2844		need_policy = zfs_zaccess(zp, ACE_WRITE_ATTRIBUTES, 0,
2845		    skipaclchk, cr);
2846	}
2847
2848	if (mask & (AT_UID|AT_GID)) {
2849		int	idmask = (mask & (AT_UID|AT_GID));
2850		int	take_owner;
2851		int	take_group;
2852
2853		/*
2854		 * NOTE: even if a new mode is being set,
2855		 * we may clear S_ISUID/S_ISGID bits.
2856		 */
2857
2858		if (!(mask & AT_MODE))
2859			vap->va_mode = zp->z_mode;
2860
2861		/*
2862		 * Take ownership or chgrp to group we are a member of
2863		 */
2864
2865		take_owner = (mask & AT_UID) && (vap->va_uid == crgetuid(cr));
2866		take_group = (mask & AT_GID) &&
2867		    zfs_groupmember(zfsvfs, vap->va_gid, cr);
2868
2869		/*
2870		 * If both AT_UID and AT_GID are set then take_owner and
2871		 * take_group must both be set in order to allow taking
2872		 * ownership.
2873		 *
2874		 * Otherwise, send the check through secpolicy_vnode_setattr()
2875		 *
2876		 */
2877
2878		if (((idmask == (AT_UID|AT_GID)) && take_owner && take_group) ||
2879		    ((idmask == AT_UID) && take_owner) ||
2880		    ((idmask == AT_GID) && take_group)) {
2881			if (zfs_zaccess(zp, ACE_WRITE_OWNER, 0,
2882			    skipaclchk, cr) == 0) {
2883				/*
2884				 * Remove setuid/setgid for non-privileged users
2885				 */
2886				secpolicy_setid_clear(vap, cr);
2887				trim_mask = (mask & (AT_UID|AT_GID));
2888			} else {
2889				need_policy =  TRUE;
2890			}
2891		} else {
2892			need_policy =  TRUE;
2893		}
2894	}
2895
2896	mutex_enter(&zp->z_lock);
2897	oldva.va_mode = zp->z_mode;
2898	zfs_fuid_map_ids(zp, cr, &oldva.va_uid, &oldva.va_gid);
2899	if (mask & AT_XVATTR) {
2900		/*
2901		 * Update xvattr mask to include only those attributes
2902		 * that are actually changing.
2903		 *
2904		 * the bits will be restored prior to actually setting
2905		 * the attributes so the caller thinks they were set.
2906		 */
2907		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2908			if (xoap->xoa_appendonly !=
2909			    ((zp->z_pflags & ZFS_APPENDONLY) != 0)) {
2910				need_policy = TRUE;
2911			} else {
2912				XVA_CLR_REQ(xvap, XAT_APPENDONLY);
2913				XVA_SET_REQ(&tmpxvattr, XAT_APPENDONLY);
2914			}
2915		}
2916
2917		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2918			if (xoap->xoa_nounlink !=
2919			    ((zp->z_pflags & ZFS_NOUNLINK) != 0)) {
2920				need_policy = TRUE;
2921			} else {
2922				XVA_CLR_REQ(xvap, XAT_NOUNLINK);
2923				XVA_SET_REQ(&tmpxvattr, XAT_NOUNLINK);
2924			}
2925		}
2926
2927		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2928			if (xoap->xoa_immutable !=
2929			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0)) {
2930				need_policy = TRUE;
2931			} else {
2932				XVA_CLR_REQ(xvap, XAT_IMMUTABLE);
2933				XVA_SET_REQ(&tmpxvattr, XAT_IMMUTABLE);
2934			}
2935		}
2936
2937		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2938			if (xoap->xoa_nodump !=
2939			    ((zp->z_pflags & ZFS_NODUMP) != 0)) {
2940				need_policy = TRUE;
2941			} else {
2942				XVA_CLR_REQ(xvap, XAT_NODUMP);
2943				XVA_SET_REQ(&tmpxvattr, XAT_NODUMP);
2944			}
2945		}
2946
2947		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2948			if (xoap->xoa_av_modified !=
2949			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0)) {
2950				need_policy = TRUE;
2951			} else {
2952				XVA_CLR_REQ(xvap, XAT_AV_MODIFIED);
2953				XVA_SET_REQ(&tmpxvattr, XAT_AV_MODIFIED);
2954			}
2955		}
2956
2957		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2958			if ((vp->v_type != VREG &&
2959			    xoap->xoa_av_quarantined) ||
2960			    xoap->xoa_av_quarantined !=
2961			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0)) {
2962				need_policy = TRUE;
2963			} else {
2964				XVA_CLR_REQ(xvap, XAT_AV_QUARANTINED);
2965				XVA_SET_REQ(&tmpxvattr, XAT_AV_QUARANTINED);
2966			}
2967		}
2968
2969		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2970			mutex_exit(&zp->z_lock);
2971			ZFS_EXIT(zfsvfs);
2972			return (SET_ERROR(EPERM));
2973		}
2974
2975		if (need_policy == FALSE &&
2976		    (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) ||
2977		    XVA_ISSET_REQ(xvap, XAT_OPAQUE))) {
2978			need_policy = TRUE;
2979		}
2980	}
2981
2982	mutex_exit(&zp->z_lock);
2983
2984	if (mask & AT_MODE) {
2985		if (zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr) == 0) {
2986			err = secpolicy_setid_setsticky_clear(vp, vap,
2987			    &oldva, cr);
2988			if (err) {
2989				ZFS_EXIT(zfsvfs);
2990				return (err);
2991			}
2992			trim_mask |= AT_MODE;
2993		} else {
2994			need_policy = TRUE;
2995		}
2996	}
2997
2998	if (need_policy) {
2999		/*
3000		 * If trim_mask is set then take ownership
3001		 * has been granted or write_acl is present and user
3002		 * has the ability to modify mode.  In that case remove
3003		 * UID|GID and or MODE from mask so that
3004		 * secpolicy_vnode_setattr() doesn't revoke it.
3005		 */
3006
3007		if (trim_mask) {
3008			saved_mask = vap->va_mask;
3009			vap->va_mask &= ~trim_mask;
3010		}
3011		err = secpolicy_vnode_setattr(cr, vp, vap, &oldva, flags,
3012		    (int (*)(void *, int, cred_t *))zfs_zaccess_unix, zp);
3013		if (err) {
3014			ZFS_EXIT(zfsvfs);
3015			return (err);
3016		}
3017
3018		if (trim_mask)
3019			vap->va_mask |= saved_mask;
3020	}
3021
3022	/*
3023	 * secpolicy_vnode_setattr, or take ownership may have
3024	 * changed va_mask
3025	 */
3026	mask = vap->va_mask;
3027
3028	if ((mask & (AT_UID | AT_GID))) {
3029		err = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
3030		    &xattr_obj, sizeof (xattr_obj));
3031
3032		if (err == 0 && xattr_obj) {
3033			err = zfs_zget(zp->z_zfsvfs, xattr_obj, &attrzp);
3034			if (err)
3035				goto out2;
3036		}
3037		if (mask & AT_UID) {
3038			new_uid = zfs_fuid_create(zfsvfs,
3039			    (uint64_t)vap->va_uid, cr, ZFS_OWNER, &fuidp);
3040			if (new_uid != zp->z_uid &&
3041			    zfs_fuid_overquota(zfsvfs, B_FALSE, new_uid)) {
3042				if (attrzp)
3043					VN_RELE(ZTOV(attrzp));
3044				err = SET_ERROR(EDQUOT);
3045				goto out2;
3046			}
3047		}
3048
3049		if (mask & AT_GID) {
3050			new_gid = zfs_fuid_create(zfsvfs, (uint64_t)vap->va_gid,
3051			    cr, ZFS_GROUP, &fuidp);
3052			if (new_gid != zp->z_gid &&
3053			    zfs_fuid_overquota(zfsvfs, B_TRUE, new_gid)) {
3054				if (attrzp)
3055					VN_RELE(ZTOV(attrzp));
3056				err = SET_ERROR(EDQUOT);
3057				goto out2;
3058			}
3059		}
3060	}
3061	tx = dmu_tx_create(zfsvfs->z_os);
3062
3063	if (mask & AT_MODE) {
3064		uint64_t pmode = zp->z_mode;
3065		uint64_t acl_obj;
3066		new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT);
3067
3068		if (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_RESTRICTED &&
3069		    !(zp->z_pflags & ZFS_ACL_TRIVIAL)) {
3070			err = SET_ERROR(EPERM);
3071			goto out;
3072		}
3073
3074		if (err = zfs_acl_chmod_setattr(zp, &aclp, new_mode))
3075			goto out;
3076
3077		mutex_enter(&zp->z_lock);
3078		if (!zp->z_is_sa && ((acl_obj = zfs_external_acl(zp)) != 0)) {
3079			/*
3080			 * Are we upgrading ACL from old V0 format
3081			 * to V1 format?
3082			 */
3083			if (zfsvfs->z_version >= ZPL_VERSION_FUID &&
3084			    zfs_znode_acl_version(zp) ==
3085			    ZFS_ACL_VERSION_INITIAL) {
3086				dmu_tx_hold_free(tx, acl_obj, 0,
3087				    DMU_OBJECT_END);
3088				dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3089				    0, aclp->z_acl_bytes);
3090			} else {
3091				dmu_tx_hold_write(tx, acl_obj, 0,
3092				    aclp->z_acl_bytes);
3093			}
3094		} else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3095			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3096			    0, aclp->z_acl_bytes);
3097		}
3098		mutex_exit(&zp->z_lock);
3099		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3100	} else {
3101		if ((mask & AT_XVATTR) &&
3102		    XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3103			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3104		else
3105			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
3106	}
3107
3108	if (attrzp) {
3109		dmu_tx_hold_sa(tx, attrzp->z_sa_hdl, B_FALSE);
3110	}
3111
3112	fuid_dirtied = zfsvfs->z_fuid_dirty;
3113	if (fuid_dirtied)
3114		zfs_fuid_txhold(zfsvfs, tx);
3115
3116	zfs_sa_upgrade_txholds(tx, zp);
3117
3118	err = dmu_tx_assign(tx, TXG_WAIT);
3119	if (err)
3120		goto out;
3121
3122	count = 0;
3123	/*
3124	 * Set each attribute requested.
3125	 * We group settings according to the locks they need to acquire.
3126	 *
3127	 * Note: you cannot set ctime directly, although it will be
3128	 * updated as a side-effect of calling this function.
3129	 */
3130
3131
3132	if (mask & (AT_UID|AT_GID|AT_MODE))
3133		mutex_enter(&zp->z_acl_lock);
3134	mutex_enter(&zp->z_lock);
3135
3136	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
3137	    &zp->z_pflags, sizeof (zp->z_pflags));
3138
3139	if (attrzp) {
3140		if (mask & (AT_UID|AT_GID|AT_MODE))
3141			mutex_enter(&attrzp->z_acl_lock);
3142		mutex_enter(&attrzp->z_lock);
3143		SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3144		    SA_ZPL_FLAGS(zfsvfs), NULL, &attrzp->z_pflags,
3145		    sizeof (attrzp->z_pflags));
3146	}
3147
3148	if (mask & (AT_UID|AT_GID)) {
3149
3150		if (mask & AT_UID) {
3151			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_UID(zfsvfs), NULL,
3152			    &new_uid, sizeof (new_uid));
3153			zp->z_uid = new_uid;
3154			if (attrzp) {
3155				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3156				    SA_ZPL_UID(zfsvfs), NULL, &new_uid,
3157				    sizeof (new_uid));
3158				attrzp->z_uid = new_uid;
3159			}
3160		}
3161
3162		if (mask & AT_GID) {
3163			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_GID(zfsvfs),
3164			    NULL, &new_gid, sizeof (new_gid));
3165			zp->z_gid = new_gid;
3166			if (attrzp) {
3167				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3168				    SA_ZPL_GID(zfsvfs), NULL, &new_gid,
3169				    sizeof (new_gid));
3170				attrzp->z_gid = new_gid;
3171			}
3172		}
3173		if (!(mask & AT_MODE)) {
3174			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs),
3175			    NULL, &new_mode, sizeof (new_mode));
3176			new_mode = zp->z_mode;
3177		}
3178		err = zfs_acl_chown_setattr(zp);
3179		ASSERT(err == 0);
3180		if (attrzp) {
3181			err = zfs_acl_chown_setattr(attrzp);
3182			ASSERT(err == 0);
3183		}
3184	}
3185
3186	if (mask & AT_MODE) {
3187		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs), NULL,
3188		    &new_mode, sizeof (new_mode));
3189		zp->z_mode = new_mode;
3190		ASSERT3U((uintptr_t)aclp, !=, NULL);
3191		err = zfs_aclset_common(zp, aclp, cr, tx);
3192		ASSERT0(err);
3193		if (zp->z_acl_cached)
3194			zfs_acl_free(zp->z_acl_cached);
3195		zp->z_acl_cached = aclp;
3196		aclp = NULL;
3197	}
3198
3199
3200	if (mask & AT_ATIME) {
3201		ZFS_TIME_ENCODE(&vap->va_atime, zp->z_atime);
3202		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ATIME(zfsvfs), NULL,
3203		    &zp->z_atime, sizeof (zp->z_atime));
3204	}
3205
3206	if (mask & AT_MTIME) {
3207		ZFS_TIME_ENCODE(&vap->va_mtime, mtime);
3208		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
3209		    mtime, sizeof (mtime));
3210	}
3211
3212	/* XXX - shouldn't this be done *before* the ATIME/MTIME checks? */
3213	if (mask & AT_SIZE && !(mask & AT_MTIME)) {
3214		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs),
3215		    NULL, mtime, sizeof (mtime));
3216		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3217		    &ctime, sizeof (ctime));
3218		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
3219		    B_TRUE);
3220	} else if (mask != 0) {
3221		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3222		    &ctime, sizeof (ctime));
3223		zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime, ctime,
3224		    B_TRUE);
3225		if (attrzp) {
3226			SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3227			    SA_ZPL_CTIME(zfsvfs), NULL,
3228			    &ctime, sizeof (ctime));
3229			zfs_tstamp_update_setup(attrzp, STATE_CHANGED,
3230			    mtime, ctime, B_TRUE);
3231		}
3232	}
3233	/*
3234	 * Do this after setting timestamps to prevent timestamp
3235	 * update from toggling bit
3236	 */
3237
3238	if (xoap && (mask & AT_XVATTR)) {
3239
3240		/*
3241		 * restore trimmed off masks
3242		 * so that return masks can be set for caller.
3243		 */
3244
3245		if (XVA_ISSET_REQ(&tmpxvattr, XAT_APPENDONLY)) {
3246			XVA_SET_REQ(xvap, XAT_APPENDONLY);
3247		}
3248		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NOUNLINK)) {
3249			XVA_SET_REQ(xvap, XAT_NOUNLINK);
3250		}
3251		if (XVA_ISSET_REQ(&tmpxvattr, XAT_IMMUTABLE)) {
3252			XVA_SET_REQ(xvap, XAT_IMMUTABLE);
3253		}
3254		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NODUMP)) {
3255			XVA_SET_REQ(xvap, XAT_NODUMP);
3256		}
3257		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_MODIFIED)) {
3258			XVA_SET_REQ(xvap, XAT_AV_MODIFIED);
3259		}
3260		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_QUARANTINED)) {
3261			XVA_SET_REQ(xvap, XAT_AV_QUARANTINED);
3262		}
3263
3264		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3265			ASSERT(vp->v_type == VREG);
3266
3267		zfs_xvattr_set(zp, xvap, tx);
3268	}
3269
3270	if (fuid_dirtied)
3271		zfs_fuid_sync(zfsvfs, tx);
3272
3273	if (mask != 0)
3274		zfs_log_setattr(zilog, tx, TX_SETATTR, zp, vap, mask, fuidp);
3275
3276	mutex_exit(&zp->z_lock);
3277	if (mask & (AT_UID|AT_GID|AT_MODE))
3278		mutex_exit(&zp->z_acl_lock);
3279
3280	if (attrzp) {
3281		if (mask & (AT_UID|AT_GID|AT_MODE))
3282			mutex_exit(&attrzp->z_acl_lock);
3283		mutex_exit(&attrzp->z_lock);
3284	}
3285out:
3286	if (err == 0 && attrzp) {
3287		err2 = sa_bulk_update(attrzp->z_sa_hdl, xattr_bulk,
3288		    xattr_count, tx);
3289		ASSERT(err2 == 0);
3290	}
3291
3292	if (attrzp)
3293		VN_RELE(ZTOV(attrzp));
3294
3295	if (aclp)
3296		zfs_acl_free(aclp);
3297
3298	if (fuidp) {
3299		zfs_fuid_info_free(fuidp);
3300		fuidp = NULL;
3301	}
3302
3303	if (err) {
3304		dmu_tx_abort(tx);
3305		if (err == ERESTART)
3306			goto top;
3307	} else {
3308		err2 = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
3309		dmu_tx_commit(tx);
3310	}
3311
3312out2:
3313	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3314		zil_commit(zilog, 0);
3315
3316	ZFS_EXIT(zfsvfs);
3317	return (err);
3318}
3319
3320typedef struct zfs_zlock {
3321	krwlock_t	*zl_rwlock;	/* lock we acquired */
3322	znode_t		*zl_znode;	/* znode we held */
3323	struct zfs_zlock *zl_next;	/* next in list */
3324} zfs_zlock_t;
3325
3326/*
3327 * Drop locks and release vnodes that were held by zfs_rename_lock().
3328 */
3329static void
3330zfs_rename_unlock(zfs_zlock_t **zlpp)
3331{
3332	zfs_zlock_t *zl;
3333
3334	while ((zl = *zlpp) != NULL) {
3335		if (zl->zl_znode != NULL)
3336			VN_RELE(ZTOV(zl->zl_znode));
3337		rw_exit(zl->zl_rwlock);
3338		*zlpp = zl->zl_next;
3339		kmem_free(zl, sizeof (*zl));
3340	}
3341}
3342
3343/*
3344 * Search back through the directory tree, using the ".." entries.
3345 * Lock each directory in the chain to prevent concurrent renames.
3346 * Fail any attempt to move a directory into one of its own descendants.
3347 * XXX - z_parent_lock can overlap with map or grow locks
3348 */
3349static int
3350zfs_rename_lock(znode_t *szp, znode_t *tdzp, znode_t *sdzp, zfs_zlock_t **zlpp)
3351{
3352	zfs_zlock_t	*zl;
3353	znode_t		*zp = tdzp;
3354	uint64_t	rootid = zp->z_zfsvfs->z_root;
3355	uint64_t	oidp = zp->z_id;
3356	krwlock_t	*rwlp = &szp->z_parent_lock;
3357	krw_t		rw = RW_WRITER;
3358
3359	/*
3360	 * First pass write-locks szp and compares to zp->z_id.
3361	 * Later passes read-lock zp and compare to zp->z_parent.
3362	 */
3363	do {
3364		if (!rw_tryenter(rwlp, rw)) {
3365			/*
3366			 * Another thread is renaming in this path.
3367			 * Note that if we are a WRITER, we don't have any
3368			 * parent_locks held yet.
3369			 */
3370			if (rw == RW_READER && zp->z_id > szp->z_id) {
3371				/*
3372				 * Drop our locks and restart
3373				 */
3374				zfs_rename_unlock(&zl);
3375				*zlpp = NULL;
3376				zp = tdzp;
3377				oidp = zp->z_id;
3378				rwlp = &szp->z_parent_lock;
3379				rw = RW_WRITER;
3380				continue;
3381			} else {
3382				/*
3383				 * Wait for other thread to drop its locks
3384				 */
3385				rw_enter(rwlp, rw);
3386			}
3387		}
3388
3389		zl = kmem_alloc(sizeof (*zl), KM_SLEEP);
3390		zl->zl_rwlock = rwlp;
3391		zl->zl_znode = NULL;
3392		zl->zl_next = *zlpp;
3393		*zlpp = zl;
3394
3395		if (oidp == szp->z_id)		/* We're a descendant of szp */
3396			return (SET_ERROR(EINVAL));
3397
3398		if (oidp == rootid)		/* We've hit the top */
3399			return (0);
3400
3401		if (rw == RW_READER) {		/* i.e. not the first pass */
3402			int error = zfs_zget(zp->z_zfsvfs, oidp, &zp);
3403			if (error)
3404				return (error);
3405			zl->zl_znode = zp;
3406		}
3407		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zp->z_zfsvfs),
3408		    &oidp, sizeof (oidp));
3409		rwlp = &zp->z_parent_lock;
3410		rw = RW_READER;
3411
3412	} while (zp->z_id != sdzp->z_id);
3413
3414	return (0);
3415}
3416
3417/*
3418 * Move an entry from the provided source directory to the target
3419 * directory.  Change the entry name as indicated.
3420 *
3421 *	IN:	sdvp	- Source directory containing the "old entry".
3422 *		snm	- Old entry name.
3423 *		tdvp	- Target directory to contain the "new entry".
3424 *		tnm	- New entry name.
3425 *		cr	- credentials of caller.
3426 *		ct	- caller context
3427 *		flags	- case flags
3428 *
3429 *	RETURN:	0 on success, error code on failure.
3430 *
3431 * Timestamps:
3432 *	sdvp,tdvp - ctime|mtime updated
3433 */
3434/*ARGSUSED*/
3435static int
3436zfs_rename(vnode_t *sdvp, char *snm, vnode_t *tdvp, char *tnm, cred_t *cr,
3437    caller_context_t *ct, int flags)
3438{
3439	znode_t		*tdzp, *szp, *tzp;
3440	znode_t		*sdzp = VTOZ(sdvp);
3441	zfsvfs_t	*zfsvfs = sdzp->z_zfsvfs;
3442	zilog_t		*zilog;
3443	vnode_t		*realvp;
3444	zfs_dirlock_t	*sdl, *tdl;
3445	dmu_tx_t	*tx;
3446	zfs_zlock_t	*zl;
3447	int		cmp, serr, terr;
3448	int		error = 0;
3449	int		zflg = 0;
3450	boolean_t	waited = B_FALSE;
3451
3452	ZFS_ENTER(zfsvfs);
3453	ZFS_VERIFY_ZP(sdzp);
3454	zilog = zfsvfs->z_log;
3455
3456	/*
3457	 * Make sure we have the real vp for the target directory.
3458	 */
3459	if (VOP_REALVP(tdvp, &realvp, ct) == 0)
3460		tdvp = realvp;
3461
3462	tdzp = VTOZ(tdvp);
3463	ZFS_VERIFY_ZP(tdzp);
3464
3465	/*
3466	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
3467	 * ctldir appear to have the same v_vfsp.
3468	 */
3469	if (tdzp->z_zfsvfs != zfsvfs || zfsctl_is_node(tdvp)) {
3470		ZFS_EXIT(zfsvfs);
3471		return (SET_ERROR(EXDEV));
3472	}
3473
3474	if (zfsvfs->z_utf8 && u8_validate(tnm,
3475	    strlen(tnm), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3476		ZFS_EXIT(zfsvfs);
3477		return (SET_ERROR(EILSEQ));
3478	}
3479
3480	if (flags & FIGNORECASE)
3481		zflg |= ZCILOOK;
3482
3483top:
3484	szp = NULL;
3485	tzp = NULL;
3486	zl = NULL;
3487
3488	/*
3489	 * This is to prevent the creation of links into attribute space
3490	 * by renaming a linked file into/outof an attribute directory.
3491	 * See the comment in zfs_link() for why this is considered bad.
3492	 */
3493	if ((tdzp->z_pflags & ZFS_XATTR) != (sdzp->z_pflags & ZFS_XATTR)) {
3494		ZFS_EXIT(zfsvfs);
3495		return (SET_ERROR(EINVAL));
3496	}
3497
3498	/*
3499	 * Lock source and target directory entries.  To prevent deadlock,
3500	 * a lock ordering must be defined.  We lock the directory with
3501	 * the smallest object id first, or if it's a tie, the one with
3502	 * the lexically first name.
3503	 */
3504	if (sdzp->z_id < tdzp->z_id) {
3505		cmp = -1;
3506	} else if (sdzp->z_id > tdzp->z_id) {
3507		cmp = 1;
3508	} else {
3509		/*
3510		 * First compare the two name arguments without
3511		 * considering any case folding.
3512		 */
3513		int nofold = (zfsvfs->z_norm & ~U8_TEXTPREP_TOUPPER);
3514
3515		cmp = u8_strcmp(snm, tnm, 0, nofold, U8_UNICODE_LATEST, &error);
3516		ASSERT(error == 0 || !zfsvfs->z_utf8);
3517		if (cmp == 0) {
3518			/*
3519			 * POSIX: "If the old argument and the new argument
3520			 * both refer to links to the same existing file,
3521			 * the rename() function shall return successfully
3522			 * and perform no other action."
3523			 */
3524			ZFS_EXIT(zfsvfs);
3525			return (0);
3526		}
3527		/*
3528		 * If the file system is case-folding, then we may
3529		 * have some more checking to do.  A case-folding file
3530		 * system is either supporting mixed case sensitivity
3531		 * access or is completely case-insensitive.  Note
3532		 * that the file system is always case preserving.
3533		 *
3534		 * In mixed sensitivity mode case sensitive behavior
3535		 * is the default.  FIGNORECASE must be used to
3536		 * explicitly request case insensitive behavior.
3537		 *
3538		 * If the source and target names provided differ only
3539		 * by case (e.g., a request to rename 'tim' to 'Tim'),
3540		 * we will treat this as a special case in the
3541		 * case-insensitive mode: as long as the source name
3542		 * is an exact match, we will allow this to proceed as
3543		 * a name-change request.
3544		 */
3545		if ((zfsvfs->z_case == ZFS_CASE_INSENSITIVE ||
3546		    (zfsvfs->z_case == ZFS_CASE_MIXED &&
3547		    flags & FIGNORECASE)) &&
3548		    u8_strcmp(snm, tnm, 0, zfsvfs->z_norm, U8_UNICODE_LATEST,
3549		    &error) == 0) {
3550			/*
3551			 * case preserving rename request, require exact
3552			 * name matches
3553			 */
3554			zflg |= ZCIEXACT;
3555			zflg &= ~ZCILOOK;
3556		}
3557	}
3558
3559	/*
3560	 * If the source and destination directories are the same, we should
3561	 * grab the z_name_lock of that directory only once.
3562	 */
3563	if (sdzp == tdzp) {
3564		zflg |= ZHAVELOCK;
3565		rw_enter(&sdzp->z_name_lock, RW_READER);
3566	}
3567
3568	if (cmp < 0) {
3569		serr = zfs_dirent_lock(&sdl, sdzp, snm, &szp,
3570		    ZEXISTS | zflg, NULL, NULL);
3571		terr = zfs_dirent_lock(&tdl,
3572		    tdzp, tnm, &tzp, ZRENAMING | zflg, NULL, NULL);
3573	} else {
3574		terr = zfs_dirent_lock(&tdl,
3575		    tdzp, tnm, &tzp, zflg, NULL, NULL);
3576		serr = zfs_dirent_lock(&sdl,
3577		    sdzp, snm, &szp, ZEXISTS | ZRENAMING | zflg,
3578		    NULL, NULL);
3579	}
3580
3581	if (serr) {
3582		/*
3583		 * Source entry invalid or not there.
3584		 */
3585		if (!terr) {
3586			zfs_dirent_unlock(tdl);
3587			if (tzp)
3588				VN_RELE(ZTOV(tzp));
3589		}
3590
3591		if (sdzp == tdzp)
3592			rw_exit(&sdzp->z_name_lock);
3593
3594		if (strcmp(snm, "..") == 0)
3595			serr = SET_ERROR(EINVAL);
3596		ZFS_EXIT(zfsvfs);
3597		return (serr);
3598	}
3599	if (terr) {
3600		zfs_dirent_unlock(sdl);
3601		VN_RELE(ZTOV(szp));
3602
3603		if (sdzp == tdzp)
3604			rw_exit(&sdzp->z_name_lock);
3605
3606		if (strcmp(tnm, "..") == 0)
3607			terr = SET_ERROR(EINVAL);
3608		ZFS_EXIT(zfsvfs);
3609		return (terr);
3610	}
3611
3612	/*
3613	 * Must have write access at the source to remove the old entry
3614	 * and write access at the target to create the new entry.
3615	 * Note that if target and source are the same, this can be
3616	 * done in a single check.
3617	 */
3618
3619	if (error = zfs_zaccess_rename(sdzp, szp, tdzp, tzp, cr))
3620		goto out;
3621
3622	if (ZTOV(szp)->v_type == VDIR) {
3623		/*
3624		 * Check to make sure rename is valid.
3625		 * Can't do a move like this: /usr/a/b to /usr/a/b/c/d
3626		 */
3627		if (error = zfs_rename_lock(szp, tdzp, sdzp, &zl))
3628			goto out;
3629	}
3630
3631	/*
3632	 * Does target exist?
3633	 */
3634	if (tzp) {
3635		/*
3636		 * Source and target must be the same type.
3637		 */
3638		if (ZTOV(szp)->v_type == VDIR) {
3639			if (ZTOV(tzp)->v_type != VDIR) {
3640				error = SET_ERROR(ENOTDIR);
3641				goto out;
3642			}
3643		} else {
3644			if (ZTOV(tzp)->v_type == VDIR) {
3645				error = SET_ERROR(EISDIR);
3646				goto out;
3647			}
3648		}
3649		/*
3650		 * POSIX dictates that when the source and target
3651		 * entries refer to the same file object, rename
3652		 * must do nothing and exit without error.
3653		 */
3654		if (szp->z_id == tzp->z_id) {
3655			error = 0;
3656			goto out;
3657		}
3658	}
3659
3660	vnevent_rename_src(ZTOV(szp), sdvp, snm, ct);
3661	if (tzp)
3662		vnevent_rename_dest(ZTOV(tzp), tdvp, tnm, ct);
3663
3664	/*
3665	 * notify the target directory if it is not the same
3666	 * as source directory.
3667	 */
3668	if (tdvp != sdvp) {
3669		vnevent_rename_dest_dir(tdvp, ct);
3670	}
3671
3672	tx = dmu_tx_create(zfsvfs->z_os);
3673	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
3674	dmu_tx_hold_sa(tx, sdzp->z_sa_hdl, B_FALSE);
3675	dmu_tx_hold_zap(tx, sdzp->z_id, FALSE, snm);
3676	dmu_tx_hold_zap(tx, tdzp->z_id, TRUE, tnm);
3677	if (sdzp != tdzp) {
3678		dmu_tx_hold_sa(tx, tdzp->z_sa_hdl, B_FALSE);
3679		zfs_sa_upgrade_txholds(tx, tdzp);
3680	}
3681	if (tzp) {
3682		dmu_tx_hold_sa(tx, tzp->z_sa_hdl, B_FALSE);
3683		zfs_sa_upgrade_txholds(tx, tzp);
3684	}
3685
3686	zfs_sa_upgrade_txholds(tx, szp);
3687	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
3688	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3689	if (error) {
3690		if (zl != NULL)
3691			zfs_rename_unlock(&zl);
3692		zfs_dirent_unlock(sdl);
3693		zfs_dirent_unlock(tdl);
3694
3695		if (sdzp == tdzp)
3696			rw_exit(&sdzp->z_name_lock);
3697
3698		VN_RELE(ZTOV(szp));
3699		if (tzp)
3700			VN_RELE(ZTOV(tzp));
3701		if (error == ERESTART) {
3702			waited = B_TRUE;
3703			dmu_tx_wait(tx);
3704			dmu_tx_abort(tx);
3705			goto top;
3706		}
3707		dmu_tx_abort(tx);
3708		ZFS_EXIT(zfsvfs);
3709		return (error);
3710	}
3711
3712	if (tzp)	/* Attempt to remove the existing target */
3713		error = zfs_link_destroy(tdl, tzp, tx, zflg, NULL);
3714
3715	if (error == 0) {
3716		error = zfs_link_create(tdl, szp, tx, ZRENAMING);
3717		if (error == 0) {
3718			szp->z_pflags |= ZFS_AV_MODIFIED;
3719
3720			error = sa_update(szp->z_sa_hdl, SA_ZPL_FLAGS(zfsvfs),
3721			    (void *)&szp->z_pflags, sizeof (uint64_t), tx);
3722			ASSERT0(error);
3723
3724			error = zfs_link_destroy(sdl, szp, tx, ZRENAMING, NULL);
3725			if (error == 0) {
3726				zfs_log_rename(zilog, tx, TX_RENAME |
3727				    (flags & FIGNORECASE ? TX_CI : 0), sdzp,
3728				    sdl->dl_name, tdzp, tdl->dl_name, szp);
3729
3730				/*
3731				 * Update path information for the target vnode
3732				 */
3733				vn_renamepath(tdvp, ZTOV(szp), tnm,
3734				    strlen(tnm));
3735			} else {
3736				/*
3737				 * At this point, we have successfully created
3738				 * the target name, but have failed to remove
3739				 * the source name.  Since the create was done
3740				 * with the ZRENAMING flag, there are
3741				 * complications; for one, the link count is
3742				 * wrong.  The easiest way to deal with this
3743				 * is to remove the newly created target, and
3744				 * return the original error.  This must
3745				 * succeed; fortunately, it is very unlikely to
3746				 * fail, since we just created it.
3747				 */
3748				VERIFY3U(zfs_link_destroy(tdl, szp, tx,
3749				    ZRENAMING, NULL), ==, 0);
3750			}
3751		}
3752	}
3753
3754	dmu_tx_commit(tx);
3755out:
3756	if (zl != NULL)
3757		zfs_rename_unlock(&zl);
3758
3759	zfs_dirent_unlock(sdl);
3760	zfs_dirent_unlock(tdl);
3761
3762	if (sdzp == tdzp)
3763		rw_exit(&sdzp->z_name_lock);
3764
3765
3766	VN_RELE(ZTOV(szp));
3767	if (tzp)
3768		VN_RELE(ZTOV(tzp));
3769
3770	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3771		zil_commit(zilog, 0);
3772
3773	ZFS_EXIT(zfsvfs);
3774	return (error);
3775}
3776
3777/*
3778 * Insert the indicated symbolic reference entry into the directory.
3779 *
3780 *	IN:	dvp	- Directory to contain new symbolic link.
3781 *		link	- Name for new symlink entry.
3782 *		vap	- Attributes of new entry.
3783 *		cr	- credentials of caller.
3784 *		ct	- caller context
3785 *		flags	- case flags
3786 *
3787 *	RETURN:	0 on success, error code on failure.
3788 *
3789 * Timestamps:
3790 *	dvp - ctime|mtime updated
3791 */
3792/*ARGSUSED*/
3793static int
3794zfs_symlink(vnode_t *dvp, char *name, vattr_t *vap, char *link, cred_t *cr,
3795    caller_context_t *ct, int flags)
3796{
3797	znode_t		*zp, *dzp = VTOZ(dvp);
3798	zfs_dirlock_t	*dl;
3799	dmu_tx_t	*tx;
3800	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3801	zilog_t		*zilog;
3802	uint64_t	len = strlen(link);
3803	int		error;
3804	int		zflg = ZNEW;
3805	zfs_acl_ids_t	acl_ids;
3806	boolean_t	fuid_dirtied;
3807	uint64_t	txtype = TX_SYMLINK;
3808	boolean_t	waited = B_FALSE;
3809
3810	ASSERT(vap->va_type == VLNK);
3811
3812	ZFS_ENTER(zfsvfs);
3813	ZFS_VERIFY_ZP(dzp);
3814	zilog = zfsvfs->z_log;
3815
3816	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
3817	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3818		ZFS_EXIT(zfsvfs);
3819		return (SET_ERROR(EILSEQ));
3820	}
3821	if (flags & FIGNORECASE)
3822		zflg |= ZCILOOK;
3823
3824	if (len > MAXPATHLEN) {
3825		ZFS_EXIT(zfsvfs);
3826		return (SET_ERROR(ENAMETOOLONG));
3827	}
3828
3829	if ((error = zfs_acl_ids_create(dzp, 0,
3830	    vap, cr, NULL, &acl_ids)) != 0) {
3831		ZFS_EXIT(zfsvfs);
3832		return (error);
3833	}
3834top:
3835	/*
3836	 * Attempt to lock directory; fail if entry already exists.
3837	 */
3838	error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg, NULL, NULL);
3839	if (error) {
3840		zfs_acl_ids_free(&acl_ids);
3841		ZFS_EXIT(zfsvfs);
3842		return (error);
3843	}
3844
3845	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
3846		zfs_acl_ids_free(&acl_ids);
3847		zfs_dirent_unlock(dl);
3848		ZFS_EXIT(zfsvfs);
3849		return (error);
3850	}
3851
3852	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
3853		zfs_acl_ids_free(&acl_ids);
3854		zfs_dirent_unlock(dl);
3855		ZFS_EXIT(zfsvfs);
3856		return (SET_ERROR(EDQUOT));
3857	}
3858	tx = dmu_tx_create(zfsvfs->z_os);
3859	fuid_dirtied = zfsvfs->z_fuid_dirty;
3860	dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, MAX(1, len));
3861	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
3862	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
3863	    ZFS_SA_BASE_ATTR_SIZE + len);
3864	dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
3865	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3866		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
3867		    acl_ids.z_aclp->z_acl_bytes);
3868	}
3869	if (fuid_dirtied)
3870		zfs_fuid_txhold(zfsvfs, tx);
3871	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3872	if (error) {
3873		zfs_dirent_unlock(dl);
3874		if (error == ERESTART) {
3875			waited = B_TRUE;
3876			dmu_tx_wait(tx);
3877			dmu_tx_abort(tx);
3878			goto top;
3879		}
3880		zfs_acl_ids_free(&acl_ids);
3881		dmu_tx_abort(tx);
3882		ZFS_EXIT(zfsvfs);
3883		return (error);
3884	}
3885
3886	/*
3887	 * Create a new object for the symlink.
3888	 * for version 4 ZPL datsets the symlink will be an SA attribute
3889	 */
3890	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
3891
3892	if (fuid_dirtied)
3893		zfs_fuid_sync(zfsvfs, tx);
3894
3895	mutex_enter(&zp->z_lock);
3896	if (zp->z_is_sa)
3897		error = sa_update(zp->z_sa_hdl, SA_ZPL_SYMLINK(zfsvfs),
3898		    link, len, tx);
3899	else
3900		zfs_sa_symlink(zp, link, len, tx);
3901	mutex_exit(&zp->z_lock);
3902
3903	zp->z_size = len;
3904	(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
3905	    &zp->z_size, sizeof (zp->z_size), tx);
3906	/*
3907	 * Insert the new object into the directory.
3908	 */
3909	(void) zfs_link_create(dl, zp, tx, ZNEW);
3910
3911	if (flags & FIGNORECASE)
3912		txtype |= TX_CI;
3913	zfs_log_symlink(zilog, tx, txtype, dzp, zp, name, link);
3914
3915	zfs_acl_ids_free(&acl_ids);
3916
3917	dmu_tx_commit(tx);
3918
3919	zfs_dirent_unlock(dl);
3920
3921	VN_RELE(ZTOV(zp));
3922
3923	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3924		zil_commit(zilog, 0);
3925
3926	ZFS_EXIT(zfsvfs);
3927	return (error);
3928}
3929
3930/*
3931 * Return, in the buffer contained in the provided uio structure,
3932 * the symbolic path referred to by vp.
3933 *
3934 *	IN:	vp	- vnode of symbolic link.
3935 *		uio	- structure to contain the link path.
3936 *		cr	- credentials of caller.
3937 *		ct	- caller context
3938 *
3939 *	OUT:	uio	- structure containing the link path.
3940 *
3941 *	RETURN:	0 on success, error code on failure.
3942 *
3943 * Timestamps:
3944 *	vp - atime updated
3945 */
3946/* ARGSUSED */
3947static int
3948zfs_readlink(vnode_t *vp, uio_t *uio, cred_t *cr, caller_context_t *ct)
3949{
3950	znode_t		*zp = VTOZ(vp);
3951	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
3952	int		error;
3953
3954	ZFS_ENTER(zfsvfs);
3955	ZFS_VERIFY_ZP(zp);
3956
3957	mutex_enter(&zp->z_lock);
3958	if (zp->z_is_sa)
3959		error = sa_lookup_uio(zp->z_sa_hdl,
3960		    SA_ZPL_SYMLINK(zfsvfs), uio);
3961	else
3962		error = zfs_sa_readlink(zp, uio);
3963	mutex_exit(&zp->z_lock);
3964
3965	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
3966
3967	ZFS_EXIT(zfsvfs);
3968	return (error);
3969}
3970
3971/*
3972 * Insert a new entry into directory tdvp referencing svp.
3973 *
3974 *	IN:	tdvp	- Directory to contain new entry.
3975 *		svp	- vnode of new entry.
3976 *		name	- name of new entry.
3977 *		cr	- credentials of caller.
3978 *		ct	- caller context
3979 *
3980 *	RETURN:	0 on success, error code on failure.
3981 *
3982 * Timestamps:
3983 *	tdvp - ctime|mtime updated
3984 *	 svp - ctime updated
3985 */
3986/* ARGSUSED */
3987static int
3988zfs_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr,
3989    caller_context_t *ct, int flags)
3990{
3991	znode_t		*dzp = VTOZ(tdvp);
3992	znode_t		*tzp, *szp;
3993	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3994	zilog_t		*zilog;
3995	zfs_dirlock_t	*dl;
3996	dmu_tx_t	*tx;
3997	vnode_t		*realvp;
3998	int		error;
3999	int		zf = ZNEW;
4000	uint64_t	parent;
4001	uid_t		owner;
4002	boolean_t	waited = B_FALSE;
4003
4004	ASSERT(tdvp->v_type == VDIR);
4005
4006	ZFS_ENTER(zfsvfs);
4007	ZFS_VERIFY_ZP(dzp);
4008	zilog = zfsvfs->z_log;
4009
4010	if (VOP_REALVP(svp, &realvp, ct) == 0)
4011		svp = realvp;
4012
4013	/*
4014	 * POSIX dictates that we return EPERM here.
4015	 * Better choices include ENOTSUP or EISDIR.
4016	 */
4017	if (svp->v_type == VDIR) {
4018		ZFS_EXIT(zfsvfs);
4019		return (SET_ERROR(EPERM));
4020	}
4021
4022	szp = VTOZ(svp);
4023	ZFS_VERIFY_ZP(szp);
4024
4025	/*
4026	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
4027	 * ctldir appear to have the same v_vfsp.
4028	 */
4029	if (szp->z_zfsvfs != zfsvfs || zfsctl_is_node(svp)) {
4030		ZFS_EXIT(zfsvfs);
4031		return (SET_ERROR(EXDEV));
4032	}
4033
4034	/* Prevent links to .zfs/shares files */
4035
4036	if ((error = sa_lookup(szp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
4037	    &parent, sizeof (uint64_t))) != 0) {
4038		ZFS_EXIT(zfsvfs);
4039		return (error);
4040	}
4041	if (parent == zfsvfs->z_shares_dir) {
4042		ZFS_EXIT(zfsvfs);
4043		return (SET_ERROR(EPERM));
4044	}
4045
4046	if (zfsvfs->z_utf8 && u8_validate(name,
4047	    strlen(name), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
4048		ZFS_EXIT(zfsvfs);
4049		return (SET_ERROR(EILSEQ));
4050	}
4051	if (flags & FIGNORECASE)
4052		zf |= ZCILOOK;
4053
4054	/*
4055	 * We do not support links between attributes and non-attributes
4056	 * because of the potential security risk of creating links
4057	 * into "normal" file space in order to circumvent restrictions
4058	 * imposed in attribute space.
4059	 */
4060	if ((szp->z_pflags & ZFS_XATTR) != (dzp->z_pflags & ZFS_XATTR)) {
4061		ZFS_EXIT(zfsvfs);
4062		return (SET_ERROR(EINVAL));
4063	}
4064
4065
4066	owner = zfs_fuid_map_id(zfsvfs, szp->z_uid, cr, ZFS_OWNER);
4067	if (owner != crgetuid(cr) && secpolicy_basic_link(cr) != 0) {
4068		ZFS_EXIT(zfsvfs);
4069		return (SET_ERROR(EPERM));
4070	}
4071
4072	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
4073		ZFS_EXIT(zfsvfs);
4074		return (error);
4075	}
4076
4077top:
4078	/*
4079	 * Attempt to lock directory; fail if entry already exists.
4080	 */
4081	error = zfs_dirent_lock(&dl, dzp, name, &tzp, zf, NULL, NULL);
4082	if (error) {
4083		ZFS_EXIT(zfsvfs);
4084		return (error);
4085	}
4086
4087	tx = dmu_tx_create(zfsvfs->z_os);
4088	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
4089	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
4090	zfs_sa_upgrade_txholds(tx, szp);
4091	zfs_sa_upgrade_txholds(tx, dzp);
4092	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
4093	if (error) {
4094		zfs_dirent_unlock(dl);
4095		if (error == ERESTART) {
4096			waited = B_TRUE;
4097			dmu_tx_wait(tx);
4098			dmu_tx_abort(tx);
4099			goto top;
4100		}
4101		dmu_tx_abort(tx);
4102		ZFS_EXIT(zfsvfs);
4103		return (error);
4104	}
4105
4106	error = zfs_link_create(dl, szp, tx, 0);
4107
4108	if (error == 0) {
4109		uint64_t txtype = TX_LINK;
4110		if (flags & FIGNORECASE)
4111			txtype |= TX_CI;
4112		zfs_log_link(zilog, tx, txtype, dzp, szp, name);
4113	}
4114
4115	dmu_tx_commit(tx);
4116
4117	zfs_dirent_unlock(dl);
4118
4119	if (error == 0) {
4120		vnevent_link(svp, ct);
4121	}
4122
4123	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4124		zil_commit(zilog, 0);
4125
4126	ZFS_EXIT(zfsvfs);
4127	return (error);
4128}
4129
4130/*
4131 * zfs_null_putapage() is used when the file system has been force
4132 * unmounted. It just drops the pages.
4133 */
4134/* ARGSUSED */
4135static int
4136zfs_null_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4137    size_t *lenp, int flags, cred_t *cr)
4138{
4139	pvn_write_done(pp, B_INVAL|B_FORCE|B_ERROR);
4140	return (0);
4141}
4142
4143/*
4144 * Push a page out to disk, klustering if possible.
4145 *
4146 *	IN:	vp	- file to push page to.
4147 *		pp	- page to push.
4148 *		flags	- additional flags.
4149 *		cr	- credentials of caller.
4150 *
4151 *	OUT:	offp	- start of range pushed.
4152 *		lenp	- len of range pushed.
4153 *
4154 *	RETURN:	0 on success, error code on failure.
4155 *
4156 * NOTE: callers must have locked the page to be pushed.  On
4157 * exit, the page (and all other pages in the kluster) must be
4158 * unlocked.
4159 */
4160/* ARGSUSED */
4161static int
4162zfs_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4163    size_t *lenp, int flags, cred_t *cr)
4164{
4165	znode_t		*zp = VTOZ(vp);
4166	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4167	dmu_tx_t	*tx;
4168	u_offset_t	off, koff;
4169	size_t		len, klen;
4170	int		err;
4171
4172	off = pp->p_offset;
4173	len = PAGESIZE;
4174	/*
4175	 * If our blocksize is bigger than the page size, try to kluster
4176	 * multiple pages so that we write a full block (thus avoiding
4177	 * a read-modify-write).
4178	 */
4179	if (off < zp->z_size && zp->z_blksz > PAGESIZE) {
4180		klen = P2ROUNDUP((ulong_t)zp->z_blksz, PAGESIZE);
4181		koff = ISP2(klen) ? P2ALIGN(off, (u_offset_t)klen) : 0;
4182		ASSERT(koff <= zp->z_size);
4183		if (koff + klen > zp->z_size)
4184			klen = P2ROUNDUP(zp->z_size - koff, (uint64_t)PAGESIZE);
4185		pp = pvn_write_kluster(vp, pp, &off, &len, koff, klen, flags);
4186	}
4187	ASSERT3U(btop(len), ==, btopr(len));
4188
4189	/*
4190	 * Can't push pages past end-of-file.
4191	 */
4192	if (off >= zp->z_size) {
4193		/* ignore all pages */
4194		err = 0;
4195		goto out;
4196	} else if (off + len > zp->z_size) {
4197		int npages = btopr(zp->z_size - off);
4198		page_t *trunc;
4199
4200		page_list_break(&pp, &trunc, npages);
4201		/* ignore pages past end of file */
4202		if (trunc)
4203			pvn_write_done(trunc, flags);
4204		len = zp->z_size - off;
4205	}
4206
4207	if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
4208	    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
4209		err = SET_ERROR(EDQUOT);
4210		goto out;
4211	}
4212	tx = dmu_tx_create(zfsvfs->z_os);
4213	dmu_tx_hold_write(tx, zp->z_id, off, len);
4214
4215	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4216	zfs_sa_upgrade_txholds(tx, zp);
4217	err = dmu_tx_assign(tx, TXG_WAIT);
4218	if (err != 0) {
4219		dmu_tx_abort(tx);
4220		goto out;
4221	}
4222
4223	if (zp->z_blksz <= PAGESIZE) {
4224		caddr_t va = zfs_map_page(pp, S_READ);
4225		ASSERT3U(len, <=, PAGESIZE);
4226		dmu_write(zfsvfs->z_os, zp->z_id, off, len, va, tx);
4227		zfs_unmap_page(pp, va);
4228	} else {
4229		err = dmu_write_pages(zfsvfs->z_os, zp->z_id, off, len, pp, tx);
4230	}
4231
4232	if (err == 0) {
4233		uint64_t mtime[2], ctime[2];
4234		sa_bulk_attr_t bulk[3];
4235		int count = 0;
4236
4237		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
4238		    &mtime, 16);
4239		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
4240		    &ctime, 16);
4241		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
4242		    &zp->z_pflags, 8);
4243		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
4244		    B_TRUE);
4245		zfs_log_write(zfsvfs->z_log, tx, TX_WRITE, zp, off, len, 0);
4246	}
4247	dmu_tx_commit(tx);
4248
4249out:
4250	pvn_write_done(pp, (err ? B_ERROR : 0) | flags);
4251	if (offp)
4252		*offp = off;
4253	if (lenp)
4254		*lenp = len;
4255
4256	return (err);
4257}
4258
4259/*
4260 * Copy the portion of the file indicated from pages into the file.
4261 * The pages are stored in a page list attached to the files vnode.
4262 *
4263 *	IN:	vp	- vnode of file to push page data to.
4264 *		off	- position in file to put data.
4265 *		len	- amount of data to write.
4266 *		flags	- flags to control the operation.
4267 *		cr	- credentials of caller.
4268 *		ct	- caller context.
4269 *
4270 *	RETURN:	0 on success, error code on failure.
4271 *
4272 * Timestamps:
4273 *	vp - ctime|mtime updated
4274 */
4275/*ARGSUSED*/
4276static int
4277zfs_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr,
4278    caller_context_t *ct)
4279{
4280	znode_t		*zp = VTOZ(vp);
4281	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4282	page_t		*pp;
4283	size_t		io_len;
4284	u_offset_t	io_off;
4285	uint_t		blksz;
4286	rl_t		*rl;
4287	int		error = 0;
4288
4289	ZFS_ENTER(zfsvfs);
4290	ZFS_VERIFY_ZP(zp);
4291
4292	/*
4293	 * There's nothing to do if no data is cached.
4294	 */
4295	if (!vn_has_cached_data(vp)) {
4296		ZFS_EXIT(zfsvfs);
4297		return (0);
4298	}
4299
4300	/*
4301	 * Align this request to the file block size in case we kluster.
4302	 * XXX - this can result in pretty aggresive locking, which can
4303	 * impact simultanious read/write access.  One option might be
4304	 * to break up long requests (len == 0) into block-by-block
4305	 * operations to get narrower locking.
4306	 */
4307	blksz = zp->z_blksz;
4308	if (ISP2(blksz))
4309		io_off = P2ALIGN_TYPED(off, blksz, u_offset_t);
4310	else
4311		io_off = 0;
4312	if (len > 0 && ISP2(blksz))
4313		io_len = P2ROUNDUP_TYPED(len + (off - io_off), blksz, size_t);
4314	else
4315		io_len = 0;
4316
4317	if (io_len == 0) {
4318		/*
4319		 * Search the entire vp list for pages >= io_off.
4320		 */
4321		rl = zfs_range_lock(zp, io_off, UINT64_MAX, RL_WRITER);
4322		error = pvn_vplist_dirty(vp, io_off, zfs_putapage, flags, cr);
4323		goto out;
4324	}
4325	rl = zfs_range_lock(zp, io_off, io_len, RL_WRITER);
4326
4327	if (off > zp->z_size) {
4328		/* past end of file */
4329		zfs_range_unlock(rl);
4330		ZFS_EXIT(zfsvfs);
4331		return (0);
4332	}
4333
4334	len = MIN(io_len, P2ROUNDUP(zp->z_size, PAGESIZE) - io_off);
4335
4336	for (off = io_off; io_off < off + len; io_off += io_len) {
4337		if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
4338			pp = page_lookup(vp, io_off,
4339			    (flags & (B_INVAL | B_FREE)) ? SE_EXCL : SE_SHARED);
4340		} else {
4341			pp = page_lookup_nowait(vp, io_off,
4342			    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
4343		}
4344
4345		if (pp != NULL && pvn_getdirty(pp, flags)) {
4346			int err;
4347
4348			/*
4349			 * Found a dirty page to push
4350			 */
4351			err = zfs_putapage(vp, pp, &io_off, &io_len, flags, cr);
4352			if (err)
4353				error = err;
4354		} else {
4355			io_len = PAGESIZE;
4356		}
4357	}
4358out:
4359	zfs_range_unlock(rl);
4360	if ((flags & B_ASYNC) == 0 || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4361		zil_commit(zfsvfs->z_log, zp->z_id);
4362	ZFS_EXIT(zfsvfs);
4363	return (error);
4364}
4365
4366/*ARGSUSED*/
4367void
4368zfs_inactive(vnode_t *vp, cred_t *cr, caller_context_t *ct)
4369{
4370	znode_t	*zp = VTOZ(vp);
4371	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4372	int error;
4373
4374	rw_enter(&zfsvfs->z_teardown_inactive_lock, RW_READER);
4375	if (zp->z_sa_hdl == NULL) {
4376		/*
4377		 * The fs has been unmounted, or we did a
4378		 * suspend/resume and this file no longer exists.
4379		 */
4380		if (vn_has_cached_data(vp)) {
4381			(void) pvn_vplist_dirty(vp, 0, zfs_null_putapage,
4382			    B_INVAL, cr);
4383		}
4384
4385		mutex_enter(&zp->z_lock);
4386		mutex_enter(&vp->v_lock);
4387		ASSERT(vp->v_count == 1);
4388		vp->v_count = 0;
4389		mutex_exit(&vp->v_lock);
4390		mutex_exit(&zp->z_lock);
4391		rw_exit(&zfsvfs->z_teardown_inactive_lock);
4392		zfs_znode_free(zp);
4393		return;
4394	}
4395
4396	/*
4397	 * Attempt to push any data in the page cache.  If this fails
4398	 * we will get kicked out later in zfs_zinactive().
4399	 */
4400	if (vn_has_cached_data(vp)) {
4401		(void) pvn_vplist_dirty(vp, 0, zfs_putapage, B_INVAL|B_ASYNC,
4402		    cr);
4403	}
4404
4405	if (zp->z_atime_dirty && zp->z_unlinked == 0) {
4406		dmu_tx_t *tx = dmu_tx_create(zfsvfs->z_os);
4407
4408		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4409		zfs_sa_upgrade_txholds(tx, zp);
4410		error = dmu_tx_assign(tx, TXG_WAIT);
4411		if (error) {
4412			dmu_tx_abort(tx);
4413		} else {
4414			mutex_enter(&zp->z_lock);
4415			(void) sa_update(zp->z_sa_hdl, SA_ZPL_ATIME(zfsvfs),
4416			    (void *)&zp->z_atime, sizeof (zp->z_atime), tx);
4417			zp->z_atime_dirty = 0;
4418			mutex_exit(&zp->z_lock);
4419			dmu_tx_commit(tx);
4420		}
4421	}
4422
4423	zfs_zinactive(zp);
4424	rw_exit(&zfsvfs->z_teardown_inactive_lock);
4425}
4426
4427/*
4428 * Bounds-check the seek operation.
4429 *
4430 *	IN:	vp	- vnode seeking within
4431 *		ooff	- old file offset
4432 *		noffp	- pointer to new file offset
4433 *		ct	- caller context
4434 *
4435 *	RETURN:	0 on success, EINVAL if new offset invalid.
4436 */
4437/* ARGSUSED */
4438static int
4439zfs_seek(vnode_t *vp, offset_t ooff, offset_t *noffp,
4440    caller_context_t *ct)
4441{
4442	if (vp->v_type == VDIR)
4443		return (0);
4444	return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
4445}
4446
4447/*
4448 * Pre-filter the generic locking function to trap attempts to place
4449 * a mandatory lock on a memory mapped file.
4450 */
4451static int
4452zfs_frlock(vnode_t *vp, int cmd, flock64_t *bfp, int flag, offset_t offset,
4453    flk_callback_t *flk_cbp, cred_t *cr, caller_context_t *ct)
4454{
4455	znode_t *zp = VTOZ(vp);
4456	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4457
4458	ZFS_ENTER(zfsvfs);
4459	ZFS_VERIFY_ZP(zp);
4460
4461	/*
4462	 * We are following the UFS semantics with respect to mapcnt
4463	 * here: If we see that the file is mapped already, then we will
4464	 * return an error, but we don't worry about races between this
4465	 * function and zfs_map().
4466	 */
4467	if (zp->z_mapcnt > 0 && MANDMODE(zp->z_mode)) {
4468		ZFS_EXIT(zfsvfs);
4469		return (SET_ERROR(EAGAIN));
4470	}
4471	ZFS_EXIT(zfsvfs);
4472	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr, ct));
4473}
4474
4475/*
4476 * If we can't find a page in the cache, we will create a new page
4477 * and fill it with file data.  For efficiency, we may try to fill
4478 * multiple pages at once (klustering) to fill up the supplied page
4479 * list.  Note that the pages to be filled are held with an exclusive
4480 * lock to prevent access by other threads while they are being filled.
4481 */
4482static int
4483zfs_fillpage(vnode_t *vp, u_offset_t off, struct seg *seg,
4484    caddr_t addr, page_t *pl[], size_t plsz, enum seg_rw rw)
4485{
4486	znode_t *zp = VTOZ(vp);
4487	page_t *pp, *cur_pp;
4488	objset_t *os = zp->z_zfsvfs->z_os;
4489	u_offset_t io_off, total;
4490	size_t io_len;
4491	int err;
4492
4493	if (plsz == PAGESIZE || zp->z_blksz <= PAGESIZE) {
4494		/*
4495		 * We only have a single page, don't bother klustering
4496		 */
4497		io_off = off;
4498		io_len = PAGESIZE;
4499		pp = page_create_va(vp, io_off, io_len,
4500		    PG_EXCL | PG_WAIT, seg, addr);
4501	} else {
4502		/*
4503		 * Try to find enough pages to fill the page list
4504		 */
4505		pp = pvn_read_kluster(vp, off, seg, addr, &io_off,
4506		    &io_len, off, plsz, 0);
4507	}
4508	if (pp == NULL) {
4509		/*
4510		 * The page already exists, nothing to do here.
4511		 */
4512		*pl = NULL;
4513		return (0);
4514	}
4515
4516	/*
4517	 * Fill the pages in the kluster.
4518	 */
4519	cur_pp = pp;
4520	for (total = io_off + io_len; io_off < total; io_off += PAGESIZE) {
4521		caddr_t va;
4522
4523		ASSERT3U(io_off, ==, cur_pp->p_offset);
4524		va = zfs_map_page(cur_pp, S_WRITE);
4525		err = dmu_read(os, zp->z_id, io_off, PAGESIZE, va,
4526		    DMU_READ_PREFETCH);
4527		zfs_unmap_page(cur_pp, va);
4528		if (err) {
4529			/* On error, toss the entire kluster */
4530			pvn_read_done(pp, B_ERROR);
4531			/* convert checksum errors into IO errors */
4532			if (err == ECKSUM)
4533				err = SET_ERROR(EIO);
4534			return (err);
4535		}
4536		cur_pp = cur_pp->p_next;
4537	}
4538
4539	/*
4540	 * Fill in the page list array from the kluster starting
4541	 * from the desired offset `off'.
4542	 * NOTE: the page list will always be null terminated.
4543	 */
4544	pvn_plist_init(pp, pl, plsz, off, io_len, rw);
4545	ASSERT(pl == NULL || (*pl)->p_offset == off);
4546
4547	return (0);
4548}
4549
4550/*
4551 * Return pointers to the pages for the file region [off, off + len]
4552 * in the pl array.  If plsz is greater than len, this function may
4553 * also return page pointers from after the specified region
4554 * (i.e. the region [off, off + plsz]).  These additional pages are
4555 * only returned if they are already in the cache, or were created as
4556 * part of a klustered read.
4557 *
4558 *	IN:	vp	- vnode of file to get data from.
4559 *		off	- position in file to get data from.
4560 *		len	- amount of data to retrieve.
4561 *		plsz	- length of provided page list.
4562 *		seg	- segment to obtain pages for.
4563 *		addr	- virtual address of fault.
4564 *		rw	- mode of created pages.
4565 *		cr	- credentials of caller.
4566 *		ct	- caller context.
4567 *
4568 *	OUT:	protp	- protection mode of created pages.
4569 *		pl	- list of pages created.
4570 *
4571 *	RETURN:	0 on success, error code on failure.
4572 *
4573 * Timestamps:
4574 *	vp - atime updated
4575 */
4576/* ARGSUSED */
4577static int
4578zfs_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
4579    page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4580    enum seg_rw rw, cred_t *cr, caller_context_t *ct)
4581{
4582	znode_t		*zp = VTOZ(vp);
4583	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4584	page_t		**pl0 = pl;
4585	int		err = 0;
4586
4587	/* we do our own caching, faultahead is unnecessary */
4588	if (pl == NULL)
4589		return (0);
4590	else if (len > plsz)
4591		len = plsz;
4592	else
4593		len = P2ROUNDUP(len, PAGESIZE);
4594	ASSERT(plsz >= len);
4595
4596	ZFS_ENTER(zfsvfs);
4597	ZFS_VERIFY_ZP(zp);
4598
4599	if (protp)
4600		*protp = PROT_ALL;
4601
4602	/*
4603	 * Loop through the requested range [off, off + len) looking
4604	 * for pages.  If we don't find a page, we will need to create
4605	 * a new page and fill it with data from the file.
4606	 */
4607	while (len > 0) {
4608		if (*pl = page_lookup(vp, off, SE_SHARED))
4609			*(pl+1) = NULL;
4610		else if (err = zfs_fillpage(vp, off, seg, addr, pl, plsz, rw))
4611			goto out;
4612		while (*pl) {
4613			ASSERT3U((*pl)->p_offset, ==, off);
4614			off += PAGESIZE;
4615			addr += PAGESIZE;
4616			if (len > 0) {
4617				ASSERT3U(len, >=, PAGESIZE);
4618				len -= PAGESIZE;
4619			}
4620			ASSERT3U(plsz, >=, PAGESIZE);
4621			plsz -= PAGESIZE;
4622			pl++;
4623		}
4624	}
4625
4626	/*
4627	 * Fill out the page array with any pages already in the cache.
4628	 */
4629	while (plsz > 0 &&
4630	    (*pl++ = page_lookup_nowait(vp, off, SE_SHARED))) {
4631			off += PAGESIZE;
4632			plsz -= PAGESIZE;
4633	}
4634out:
4635	if (err) {
4636		/*
4637		 * Release any pages we have previously locked.
4638		 */
4639		while (pl > pl0)
4640			page_unlock(*--pl);
4641	} else {
4642		ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
4643	}
4644
4645	*pl = NULL;
4646
4647	ZFS_EXIT(zfsvfs);
4648	return (err);
4649}
4650
4651/*
4652 * Request a memory map for a section of a file.  This code interacts
4653 * with common code and the VM system as follows:
4654 *
4655 * - common code calls mmap(), which ends up in smmap_common()
4656 * - this calls VOP_MAP(), which takes you into (say) zfs
4657 * - zfs_map() calls as_map(), passing segvn_create() as the callback
4658 * - segvn_create() creates the new segment and calls VOP_ADDMAP()
4659 * - zfs_addmap() updates z_mapcnt
4660 */
4661/*ARGSUSED*/
4662static int
4663zfs_map(vnode_t *vp, offset_t off, struct as *as, caddr_t *addrp,
4664    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4665    caller_context_t *ct)
4666{
4667	znode_t *zp = VTOZ(vp);
4668	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4669	segvn_crargs_t	vn_a;
4670	int		error;
4671
4672	ZFS_ENTER(zfsvfs);
4673	ZFS_VERIFY_ZP(zp);
4674
4675	if ((prot & PROT_WRITE) && (zp->z_pflags &
4676	    (ZFS_IMMUTABLE | ZFS_READONLY | ZFS_APPENDONLY))) {
4677		ZFS_EXIT(zfsvfs);
4678		return (SET_ERROR(EPERM));
4679	}
4680
4681	if ((prot & (PROT_READ | PROT_EXEC)) &&
4682	    (zp->z_pflags & ZFS_AV_QUARANTINED)) {
4683		ZFS_EXIT(zfsvfs);
4684		return (SET_ERROR(EACCES));
4685	}
4686
4687	if (vp->v_flag & VNOMAP) {
4688		ZFS_EXIT(zfsvfs);
4689		return (SET_ERROR(ENOSYS));
4690	}
4691
4692	if (off < 0 || len > MAXOFFSET_T - off) {
4693		ZFS_EXIT(zfsvfs);
4694		return (SET_ERROR(ENXIO));
4695	}
4696
4697	if (vp->v_type != VREG) {
4698		ZFS_EXIT(zfsvfs);
4699		return (SET_ERROR(ENODEV));
4700	}
4701
4702	/*
4703	 * If file is locked, disallow mapping.
4704	 */
4705	if (MANDMODE(zp->z_mode) && vn_has_flocks(vp)) {
4706		ZFS_EXIT(zfsvfs);
4707		return (SET_ERROR(EAGAIN));
4708	}
4709
4710	as_rangelock(as);
4711	error = choose_addr(as, addrp, len, off, ADDR_VACALIGN, flags);
4712	if (error != 0) {
4713		as_rangeunlock(as);
4714		ZFS_EXIT(zfsvfs);
4715		return (error);
4716	}
4717
4718	vn_a.vp = vp;
4719	vn_a.offset = (u_offset_t)off;
4720	vn_a.type = flags & MAP_TYPE;
4721	vn_a.prot = prot;
4722	vn_a.maxprot = maxprot;
4723	vn_a.cred = cr;
4724	vn_a.amp = NULL;
4725	vn_a.flags = flags & ~MAP_TYPE;
4726	vn_a.szc = 0;
4727	vn_a.lgrp_mem_policy_flags = 0;
4728
4729	error = as_map(as, *addrp, len, segvn_create, &vn_a);
4730
4731	as_rangeunlock(as);
4732	ZFS_EXIT(zfsvfs);
4733	return (error);
4734}
4735
4736/* ARGSUSED */
4737static int
4738zfs_addmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4739    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4740    caller_context_t *ct)
4741{
4742	uint64_t pages = btopr(len);
4743
4744	atomic_add_64(&VTOZ(vp)->z_mapcnt, pages);
4745	return (0);
4746}
4747
4748/*
4749 * The reason we push dirty pages as part of zfs_delmap() is so that we get a
4750 * more accurate mtime for the associated file.  Since we don't have a way of
4751 * detecting when the data was actually modified, we have to resort to
4752 * heuristics.  If an explicit msync() is done, then we mark the mtime when the
4753 * last page is pushed.  The problem occurs when the msync() call is omitted,
4754 * which by far the most common case:
4755 *
4756 *	open()
4757 *	mmap()
4758 *	<modify memory>
4759 *	munmap()
4760 *	close()
4761 *	<time lapse>
4762 *	putpage() via fsflush
4763 *
4764 * If we wait until fsflush to come along, we can have a modification time that
4765 * is some arbitrary point in the future.  In order to prevent this in the
4766 * common case, we flush pages whenever a (MAP_SHARED, PROT_WRITE) mapping is
4767 * torn down.
4768 */
4769/* ARGSUSED */
4770static int
4771zfs_delmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4772    size_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cr,
4773    caller_context_t *ct)
4774{
4775	uint64_t pages = btopr(len);
4776
4777	ASSERT3U(VTOZ(vp)->z_mapcnt, >=, pages);
4778	atomic_add_64(&VTOZ(vp)->z_mapcnt, -pages);
4779
4780	if ((flags & MAP_SHARED) && (prot & PROT_WRITE) &&
4781	    vn_has_cached_data(vp))
4782		(void) VOP_PUTPAGE(vp, off, len, B_ASYNC, cr, ct);
4783
4784	return (0);
4785}
4786
4787/*
4788 * Free or allocate space in a file.  Currently, this function only
4789 * supports the `F_FREESP' command.  However, this command is somewhat
4790 * misnamed, as its functionality includes the ability to allocate as
4791 * well as free space.
4792 *
4793 *	IN:	vp	- vnode of file to free data in.
4794 *		cmd	- action to take (only F_FREESP supported).
4795 *		bfp	- section of file to free/alloc.
4796 *		flag	- current file open mode flags.
4797 *		offset	- current file offset.
4798 *		cr	- credentials of caller [UNUSED].
4799 *		ct	- caller context.
4800 *
4801 *	RETURN:	0 on success, error code on failure.
4802 *
4803 * Timestamps:
4804 *	vp - ctime|mtime updated
4805 */
4806/* ARGSUSED */
4807static int
4808zfs_space(vnode_t *vp, int cmd, flock64_t *bfp, int flag,
4809    offset_t offset, cred_t *cr, caller_context_t *ct)
4810{
4811	znode_t		*zp = VTOZ(vp);
4812	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4813	uint64_t	off, len;
4814	int		error;
4815
4816	ZFS_ENTER(zfsvfs);
4817	ZFS_VERIFY_ZP(zp);
4818
4819	if (cmd != F_FREESP) {
4820		ZFS_EXIT(zfsvfs);
4821		return (SET_ERROR(EINVAL));
4822	}
4823
4824	/*
4825	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
4826	 * callers might not be able to detect properly that we are read-only,
4827	 * so check it explicitly here.
4828	 */
4829	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
4830		ZFS_EXIT(zfsvfs);
4831		return (SET_ERROR(EROFS));
4832	}
4833
4834	if (error = convoff(vp, bfp, 0, offset)) {
4835		ZFS_EXIT(zfsvfs);
4836		return (error);
4837	}
4838
4839	if (bfp->l_len < 0) {
4840		ZFS_EXIT(zfsvfs);
4841		return (SET_ERROR(EINVAL));
4842	}
4843
4844	off = bfp->l_start;
4845	len = bfp->l_len; /* 0 means from off to end of file */
4846
4847	error = zfs_freesp(zp, off, len, flag, TRUE);
4848
4849	if (error == 0 && off == 0 && len == 0)
4850		vnevent_truncate(ZTOV(zp), ct);
4851
4852	ZFS_EXIT(zfsvfs);
4853	return (error);
4854}
4855
4856/*ARGSUSED*/
4857static int
4858zfs_fid(vnode_t *vp, fid_t *fidp, caller_context_t *ct)
4859{
4860	znode_t		*zp = VTOZ(vp);
4861	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4862	uint32_t	gen;
4863	uint64_t	gen64;
4864	uint64_t	object = zp->z_id;
4865	zfid_short_t	*zfid;
4866	int		size, i, error;
4867
4868	ZFS_ENTER(zfsvfs);
4869	ZFS_VERIFY_ZP(zp);
4870
4871	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zfsvfs),
4872	    &gen64, sizeof (uint64_t))) != 0) {
4873		ZFS_EXIT(zfsvfs);
4874		return (error);
4875	}
4876
4877	gen = (uint32_t)gen64;
4878
4879	size = (zfsvfs->z_parent != zfsvfs) ? LONG_FID_LEN : SHORT_FID_LEN;
4880	if (fidp->fid_len < size) {
4881		fidp->fid_len = size;
4882		ZFS_EXIT(zfsvfs);
4883		return (SET_ERROR(ENOSPC));
4884	}
4885
4886	zfid = (zfid_short_t *)fidp;
4887
4888	zfid->zf_len = size;
4889
4890	for (i = 0; i < sizeof (zfid->zf_object); i++)
4891		zfid->zf_object[i] = (uint8_t)(object >> (8 * i));
4892
4893	/* Must have a non-zero generation number to distinguish from .zfs */
4894	if (gen == 0)
4895		gen = 1;
4896	for (i = 0; i < sizeof (zfid->zf_gen); i++)
4897		zfid->zf_gen[i] = (uint8_t)(gen >> (8 * i));
4898
4899	if (size == LONG_FID_LEN) {
4900		uint64_t	objsetid = dmu_objset_id(zfsvfs->z_os);
4901		zfid_long_t	*zlfid;
4902
4903		zlfid = (zfid_long_t *)fidp;
4904
4905		for (i = 0; i < sizeof (zlfid->zf_setid); i++)
4906			zlfid->zf_setid[i] = (uint8_t)(objsetid >> (8 * i));
4907
4908		/* XXX - this should be the generation number for the objset */
4909		for (i = 0; i < sizeof (zlfid->zf_setgen); i++)
4910			zlfid->zf_setgen[i] = 0;
4911	}
4912
4913	ZFS_EXIT(zfsvfs);
4914	return (0);
4915}
4916
4917static int
4918zfs_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr,
4919    caller_context_t *ct)
4920{
4921	znode_t		*zp, *xzp;
4922	zfsvfs_t	*zfsvfs;
4923	zfs_dirlock_t	*dl;
4924	int		error;
4925
4926	switch (cmd) {
4927	case _PC_LINK_MAX:
4928		*valp = ULONG_MAX;
4929		return (0);
4930
4931	case _PC_FILESIZEBITS:
4932		*valp = 64;
4933		return (0);
4934
4935	case _PC_XATTR_EXISTS:
4936		zp = VTOZ(vp);
4937		zfsvfs = zp->z_zfsvfs;
4938		ZFS_ENTER(zfsvfs);
4939		ZFS_VERIFY_ZP(zp);
4940		*valp = 0;
4941		error = zfs_dirent_lock(&dl, zp, "", &xzp,
4942		    ZXATTR | ZEXISTS | ZSHARED, NULL, NULL);
4943		if (error == 0) {
4944			zfs_dirent_unlock(dl);
4945			if (!zfs_dirempty(xzp))
4946				*valp = 1;
4947			VN_RELE(ZTOV(xzp));
4948		} else if (error == ENOENT) {
4949			/*
4950			 * If there aren't extended attributes, it's the
4951			 * same as having zero of them.
4952			 */
4953			error = 0;
4954		}
4955		ZFS_EXIT(zfsvfs);
4956		return (error);
4957
4958	case _PC_SATTR_ENABLED:
4959	case _PC_SATTR_EXISTS:
4960		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
4961		    (vp->v_type == VREG || vp->v_type == VDIR);
4962		return (0);
4963
4964	case _PC_ACCESS_FILTERING:
4965		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_ACCESS_FILTER) &&
4966		    vp->v_type == VDIR;
4967		return (0);
4968
4969	case _PC_ACL_ENABLED:
4970		*valp = _ACL_ACE_ENABLED;
4971		return (0);
4972
4973	case _PC_MIN_HOLE_SIZE:
4974		*valp = (ulong_t)SPA_MINBLOCKSIZE;
4975		return (0);
4976
4977	case _PC_TIMESTAMP_RESOLUTION:
4978		/* nanosecond timestamp resolution */
4979		*valp = 1L;
4980		return (0);
4981
4982	default:
4983		return (fs_pathconf(vp, cmd, valp, cr, ct));
4984	}
4985}
4986
4987/*ARGSUSED*/
4988static int
4989zfs_getsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
4990    caller_context_t *ct)
4991{
4992	znode_t *zp = VTOZ(vp);
4993	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4994	int error;
4995	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
4996
4997	ZFS_ENTER(zfsvfs);
4998	ZFS_VERIFY_ZP(zp);
4999	error = zfs_getacl(zp, vsecp, skipaclchk, cr);
5000	ZFS_EXIT(zfsvfs);
5001
5002	return (error);
5003}
5004
5005/*ARGSUSED*/
5006static int
5007zfs_setsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
5008    caller_context_t *ct)
5009{
5010	znode_t *zp = VTOZ(vp);
5011	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
5012	int error;
5013	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
5014	zilog_t	*zilog = zfsvfs->z_log;
5015
5016	ZFS_ENTER(zfsvfs);
5017	ZFS_VERIFY_ZP(zp);
5018
5019	error = zfs_setacl(zp, vsecp, skipaclchk, cr);
5020
5021	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
5022		zil_commit(zilog, 0);
5023
5024	ZFS_EXIT(zfsvfs);
5025	return (error);
5026}
5027
5028/*
5029 * The smallest read we may consider to loan out an arcbuf.
5030 * This must be a power of 2.
5031 */
5032int zcr_blksz_min = (1 << 10);	/* 1K */
5033/*
5034 * If set to less than the file block size, allow loaning out of an
5035 * arcbuf for a partial block read.  This must be a power of 2.
5036 */
5037int zcr_blksz_max = (1 << 17);	/* 128K */
5038
5039/*ARGSUSED*/
5040static int
5041zfs_reqzcbuf(vnode_t *vp, enum uio_rw ioflag, xuio_t *xuio, cred_t *cr,
5042    caller_context_t *ct)
5043{
5044	znode_t	*zp = VTOZ(vp);
5045	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
5046	int max_blksz = zfsvfs->z_max_blksz;
5047	uio_t *uio = &xuio->xu_uio;
5048	ssize_t size = uio->uio_resid;
5049	offset_t offset = uio->uio_loffset;
5050	int blksz;
5051	int fullblk, i;
5052	arc_buf_t *abuf;
5053	ssize_t maxsize;
5054	int preamble, postamble;
5055
5056	if (xuio->xu_type != UIOTYPE_ZEROCOPY)
5057		return (SET_ERROR(EINVAL));
5058
5059	ZFS_ENTER(zfsvfs);
5060	ZFS_VERIFY_ZP(zp);
5061	switch (ioflag) {
5062	case UIO_WRITE:
5063		/*
5064		 * Loan out an arc_buf for write if write size is bigger than
5065		 * max_blksz, and the file's block size is also max_blksz.
5066		 */
5067		blksz = max_blksz;
5068		if (size < blksz || zp->z_blksz != blksz) {
5069			ZFS_EXIT(zfsvfs);
5070			return (SET_ERROR(EINVAL));
5071		}
5072		/*
5073		 * Caller requests buffers for write before knowing where the
5074		 * write offset might be (e.g. NFS TCP write).
5075		 */
5076		if (offset == -1) {
5077			preamble = 0;
5078		} else {
5079			preamble = P2PHASE(offset, blksz);
5080			if (preamble) {
5081				preamble = blksz - preamble;
5082				size -= preamble;
5083			}
5084		}
5085
5086		postamble = P2PHASE(size, blksz);
5087		size -= postamble;
5088
5089		fullblk = size / blksz;
5090		(void) dmu_xuio_init(xuio,
5091		    (preamble != 0) + fullblk + (postamble != 0));
5092		DTRACE_PROBE3(zfs_reqzcbuf_align, int, preamble,
5093		    int, postamble, int,
5094		    (preamble != 0) + fullblk + (postamble != 0));
5095
5096		/*
5097		 * Have to fix iov base/len for partial buffers.  They
5098		 * currently represent full arc_buf's.
5099		 */
5100		if (preamble) {
5101			/* data begins in the middle of the arc_buf */
5102			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5103			    blksz);
5104			ASSERT(abuf);
5105			(void) dmu_xuio_add(xuio, abuf,
5106			    blksz - preamble, preamble);
5107		}
5108
5109		for (i = 0; i < fullblk; i++) {
5110			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5111			    blksz);
5112			ASSERT(abuf);
5113			(void) dmu_xuio_add(xuio, abuf, 0, blksz);
5114		}
5115
5116		if (postamble) {
5117			/* data ends in the middle of the arc_buf */
5118			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5119			    blksz);
5120			ASSERT(abuf);
5121			(void) dmu_xuio_add(xuio, abuf, 0, postamble);
5122		}
5123		break;
5124	case UIO_READ:
5125		/*
5126		 * Loan out an arc_buf for read if the read size is larger than
5127		 * the current file block size.  Block alignment is not
5128		 * considered.  Partial arc_buf will be loaned out for read.
5129		 */
5130		blksz = zp->z_blksz;
5131		if (blksz < zcr_blksz_min)
5132			blksz = zcr_blksz_min;
5133		if (blksz > zcr_blksz_max)
5134			blksz = zcr_blksz_max;
5135		/* avoid potential complexity of dealing with it */
5136		if (blksz > max_blksz) {
5137			ZFS_EXIT(zfsvfs);
5138			return (SET_ERROR(EINVAL));
5139		}
5140
5141		maxsize = zp->z_size - uio->uio_loffset;
5142		if (size > maxsize)
5143			size = maxsize;
5144
5145		if (size < blksz || vn_has_cached_data(vp)) {
5146			ZFS_EXIT(zfsvfs);
5147			return (SET_ERROR(EINVAL));
5148		}
5149		break;
5150	default:
5151		ZFS_EXIT(zfsvfs);
5152		return (SET_ERROR(EINVAL));
5153	}
5154
5155	uio->uio_extflg = UIO_XUIO;
5156	XUIO_XUZC_RW(xuio) = ioflag;
5157	ZFS_EXIT(zfsvfs);
5158	return (0);
5159}
5160
5161/*ARGSUSED*/
5162static int
5163zfs_retzcbuf(vnode_t *vp, xuio_t *xuio, cred_t *cr, caller_context_t *ct)
5164{
5165	int i;
5166	arc_buf_t *abuf;
5167	int ioflag = XUIO_XUZC_RW(xuio);
5168
5169	ASSERT(xuio->xu_type == UIOTYPE_ZEROCOPY);
5170
5171	i = dmu_xuio_cnt(xuio);
5172	while (i-- > 0) {
5173		abuf = dmu_xuio_arcbuf(xuio, i);
5174		/*
5175		 * if abuf == NULL, it must be a write buffer
5176		 * that has been returned in zfs_write().
5177		 */
5178		if (abuf)
5179			dmu_return_arcbuf(abuf);
5180		ASSERT(abuf || ioflag == UIO_WRITE);
5181	}
5182
5183	dmu_xuio_fini(xuio);
5184	return (0);
5185}
5186
5187/*
5188 * Predeclare these here so that the compiler assumes that
5189 * this is an "old style" function declaration that does
5190 * not include arguments => we won't get type mismatch errors
5191 * in the initializations that follow.
5192 */
5193static int zfs_inval();
5194static int zfs_isdir();
5195
5196static int
5197zfs_inval()
5198{
5199	return (SET_ERROR(EINVAL));
5200}
5201
5202static int
5203zfs_isdir()
5204{
5205	return (SET_ERROR(EISDIR));
5206}
5207/*
5208 * Directory vnode operations template
5209 */
5210vnodeops_t *zfs_dvnodeops;
5211const fs_operation_def_t zfs_dvnodeops_template[] = {
5212	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5213	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5214	VOPNAME_READ,		{ .error = zfs_isdir },
5215	VOPNAME_WRITE,		{ .error = zfs_isdir },
5216	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5217	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5218	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5219	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5220	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5221	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5222	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5223	VOPNAME_LINK,		{ .vop_link = zfs_link },
5224	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5225	VOPNAME_MKDIR,		{ .vop_mkdir = zfs_mkdir },
5226	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5227	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5228	VOPNAME_SYMLINK,	{ .vop_symlink = zfs_symlink },
5229	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5230	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5231	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5232	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5233	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5234	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5235	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5236	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5237	NULL,			NULL
5238};
5239
5240/*
5241 * Regular file vnode operations template
5242 */
5243vnodeops_t *zfs_fvnodeops;
5244const fs_operation_def_t zfs_fvnodeops_template[] = {
5245	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5246	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5247	VOPNAME_READ,		{ .vop_read = zfs_read },
5248	VOPNAME_WRITE,		{ .vop_write = zfs_write },
5249	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5250	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5251	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5252	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5253	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5254	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5255	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5256	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5257	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5258	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5259	VOPNAME_FRLOCK,		{ .vop_frlock = zfs_frlock },
5260	VOPNAME_SPACE,		{ .vop_space = zfs_space },
5261	VOPNAME_GETPAGE,	{ .vop_getpage = zfs_getpage },
5262	VOPNAME_PUTPAGE,	{ .vop_putpage = zfs_putpage },
5263	VOPNAME_MAP,		{ .vop_map = zfs_map },
5264	VOPNAME_ADDMAP,		{ .vop_addmap = zfs_addmap },
5265	VOPNAME_DELMAP,		{ .vop_delmap = zfs_delmap },
5266	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5267	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5268	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5269	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5270	VOPNAME_REQZCBUF,	{ .vop_reqzcbuf = zfs_reqzcbuf },
5271	VOPNAME_RETZCBUF,	{ .vop_retzcbuf = zfs_retzcbuf },
5272	NULL,			NULL
5273};
5274
5275/*
5276 * Symbolic link vnode operations template
5277 */
5278vnodeops_t *zfs_symvnodeops;
5279const fs_operation_def_t zfs_symvnodeops_template[] = {
5280	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5281	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5282	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5283	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5284	VOPNAME_READLINK,	{ .vop_readlink = zfs_readlink },
5285	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5286	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5287	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5288	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5289	NULL,			NULL
5290};
5291
5292/*
5293 * special share hidden files vnode operations template
5294 */
5295vnodeops_t *zfs_sharevnodeops;
5296const fs_operation_def_t zfs_sharevnodeops_template[] = {
5297	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5298	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5299	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5300	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5301	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5302	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5303	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5304	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5305	NULL,			NULL
5306};
5307
5308/*
5309 * Extended attribute directory vnode operations template
5310 *
5311 * This template is identical to the directory vnodes
5312 * operation template except for restricted operations:
5313 *	VOP_MKDIR()
5314 *	VOP_SYMLINK()
5315 *
5316 * Note that there are other restrictions embedded in:
5317 *	zfs_create()	- restrict type to VREG
5318 *	zfs_link()	- no links into/out of attribute space
5319 *	zfs_rename()	- no moves into/out of attribute space
5320 */
5321vnodeops_t *zfs_xdvnodeops;
5322const fs_operation_def_t zfs_xdvnodeops_template[] = {
5323	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5324	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5325	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5326	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5327	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5328	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5329	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5330	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5331	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5332	VOPNAME_LINK,		{ .vop_link = zfs_link },
5333	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5334	VOPNAME_MKDIR,		{ .error = zfs_inval },
5335	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5336	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5337	VOPNAME_SYMLINK,	{ .error = zfs_inval },
5338	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5339	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5340	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5341	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5342	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5343	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5344	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5345	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5346	NULL,			NULL
5347};
5348
5349/*
5350 * Error vnode operations template
5351 */
5352vnodeops_t *zfs_evnodeops;
5353const fs_operation_def_t zfs_evnodeops_template[] = {
5354	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5355	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5356	NULL,			NULL
5357};
5358