1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2012, 2015 by Delphix. All rights reserved.
24 * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
25 * Copyright (c) 2014 Integros [integros.com]
26 * Copyright 2015 Joyent, Inc.
27 */
28
29/* Portions Copyright 2007 Jeremy Teo */
30/* Portions Copyright 2010 Robert Milkowski */
31
32#include <sys/types.h>
33#include <sys/param.h>
34#include <sys/time.h>
35#include <sys/systm.h>
36#include <sys/sysmacros.h>
37#include <sys/resource.h>
38#include <sys/vfs.h>
39#include <sys/vfs_opreg.h>
40#include <sys/vnode.h>
41#include <sys/file.h>
42#include <sys/stat.h>
43#include <sys/kmem.h>
44#include <sys/taskq.h>
45#include <sys/uio.h>
46#include <sys/vmsystm.h>
47#include <sys/atomic.h>
48#include <sys/vm.h>
49#include <vm/seg_vn.h>
50#include <vm/pvn.h>
51#include <vm/as.h>
52#include <vm/kpm.h>
53#include <vm/seg_kpm.h>
54#include <sys/mman.h>
55#include <sys/pathname.h>
56#include <sys/cmn_err.h>
57#include <sys/errno.h>
58#include <sys/unistd.h>
59#include <sys/zfs_dir.h>
60#include <sys/zfs_acl.h>
61#include <sys/zfs_ioctl.h>
62#include <sys/fs/zfs.h>
63#include <sys/dmu.h>
64#include <sys/dmu_objset.h>
65#include <sys/spa.h>
66#include <sys/txg.h>
67#include <sys/dbuf.h>
68#include <sys/zap.h>
69#include <sys/sa.h>
70#include <sys/dirent.h>
71#include <sys/policy.h>
72#include <sys/sunddi.h>
73#include <sys/filio.h>
74#include <sys/sid.h>
75#include "fs/fs_subr.h"
76#include <sys/zfs_ctldir.h>
77#include <sys/zfs_fuid.h>
78#include <sys/zfs_sa.h>
79#include <sys/dnlc.h>
80#include <sys/zfs_rlock.h>
81#include <sys/extdirent.h>
82#include <sys/kidmap.h>
83#include <sys/cred.h>
84#include <sys/attr.h>
85
86/*
87 * Programming rules.
88 *
89 * Each vnode op performs some logical unit of work.  To do this, the ZPL must
90 * properly lock its in-core state, create a DMU transaction, do the work,
91 * record this work in the intent log (ZIL), commit the DMU transaction,
92 * and wait for the intent log to commit if it is a synchronous operation.
93 * Moreover, the vnode ops must work in both normal and log replay context.
94 * The ordering of events is important to avoid deadlocks and references
95 * to freed memory.  The example below illustrates the following Big Rules:
96 *
97 *  (1)	A check must be made in each zfs thread for a mounted file system.
98 *	This is done avoiding races using ZFS_ENTER(zfsvfs).
99 *	A ZFS_EXIT(zfsvfs) is needed before all returns.  Any znodes
100 *	must be checked with ZFS_VERIFY_ZP(zp).  Both of these macros
101 *	can return EIO from the calling function.
102 *
103 *  (2)	VN_RELE() should always be the last thing except for zil_commit()
104 *	(if necessary) and ZFS_EXIT(). This is for 3 reasons:
105 *	First, if it's the last reference, the vnode/znode
106 *	can be freed, so the zp may point to freed memory.  Second, the last
107 *	reference will call zfs_zinactive(), which may induce a lot of work --
108 *	pushing cached pages (which acquires range locks) and syncing out
109 *	cached atime changes.  Third, zfs_zinactive() may require a new tx,
110 *	which could deadlock the system if you were already holding one.
111 *	If you must call VN_RELE() within a tx then use VN_RELE_ASYNC().
112 *
113 *  (3)	All range locks must be grabbed before calling dmu_tx_assign(),
114 *	as they can span dmu_tx_assign() calls.
115 *
116 *  (4) If ZPL locks are held, pass TXG_NOWAIT as the second argument to
117 *      dmu_tx_assign().  This is critical because we don't want to block
118 *      while holding locks.
119 *
120 *	If no ZPL locks are held (aside from ZFS_ENTER()), use TXG_WAIT.  This
121 *	reduces lock contention and CPU usage when we must wait (note that if
122 *	throughput is constrained by the storage, nearly every transaction
123 *	must wait).
124 *
125 *      Note, in particular, that if a lock is sometimes acquired before
126 *      the tx assigns, and sometimes after (e.g. z_lock), then failing
127 *      to use a non-blocking assign can deadlock the system.  The scenario:
128 *
129 *	Thread A has grabbed a lock before calling dmu_tx_assign().
130 *	Thread B is in an already-assigned tx, and blocks for this lock.
131 *	Thread A calls dmu_tx_assign(TXG_WAIT) and blocks in txg_wait_open()
132 *	forever, because the previous txg can't quiesce until B's tx commits.
133 *
134 *	If dmu_tx_assign() returns ERESTART and zfsvfs->z_assign is TXG_NOWAIT,
135 *	then drop all locks, call dmu_tx_wait(), and try again.  On subsequent
136 *	calls to dmu_tx_assign(), pass TXG_WAITED rather than TXG_NOWAIT,
137 *	to indicate that this operation has already called dmu_tx_wait().
138 *	This will ensure that we don't retry forever, waiting a short bit
139 *	each time.
140 *
141 *  (5)	If the operation succeeded, generate the intent log entry for it
142 *	before dropping locks.  This ensures that the ordering of events
143 *	in the intent log matches the order in which they actually occurred.
144 *	During ZIL replay the zfs_log_* functions will update the sequence
145 *	number to indicate the zil transaction has replayed.
146 *
147 *  (6)	At the end of each vnode op, the DMU tx must always commit,
148 *	regardless of whether there were any errors.
149 *
150 *  (7)	After dropping all locks, invoke zil_commit(zilog, foid)
151 *	to ensure that synchronous semantics are provided when necessary.
152 *
153 * In general, this is how things should be ordered in each vnode op:
154 *
155 *	ZFS_ENTER(zfsvfs);		// exit if unmounted
156 * top:
157 *	zfs_dirent_lock(&dl, ...)	// lock directory entry (may VN_HOLD())
158 *	rw_enter(...);			// grab any other locks you need
159 *	tx = dmu_tx_create(...);	// get DMU tx
160 *	dmu_tx_hold_*();		// hold each object you might modify
161 *	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
162 *	if (error) {
163 *		rw_exit(...);		// drop locks
164 *		zfs_dirent_unlock(dl);	// unlock directory entry
165 *		VN_RELE(...);		// release held vnodes
166 *		if (error == ERESTART) {
167 *			waited = B_TRUE;
168 *			dmu_tx_wait(tx);
169 *			dmu_tx_abort(tx);
170 *			goto top;
171 *		}
172 *		dmu_tx_abort(tx);	// abort DMU tx
173 *		ZFS_EXIT(zfsvfs);	// finished in zfs
174 *		return (error);		// really out of space
175 *	}
176 *	error = do_real_work();		// do whatever this VOP does
177 *	if (error == 0)
178 *		zfs_log_*(...);		// on success, make ZIL entry
179 *	dmu_tx_commit(tx);		// commit DMU tx -- error or not
180 *	rw_exit(...);			// drop locks
181 *	zfs_dirent_unlock(dl);		// unlock directory entry
182 *	VN_RELE(...);			// release held vnodes
183 *	zil_commit(zilog, foid);	// synchronous when necessary
184 *	ZFS_EXIT(zfsvfs);		// finished in zfs
185 *	return (error);			// done, report error
186 */
187
188/* ARGSUSED */
189static int
190zfs_open(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *ct)
191{
192	znode_t	*zp = VTOZ(*vpp);
193	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
194
195	ZFS_ENTER(zfsvfs);
196	ZFS_VERIFY_ZP(zp);
197
198	if ((flag & FWRITE) && (zp->z_pflags & ZFS_APPENDONLY) &&
199	    ((flag & FAPPEND) == 0)) {
200		ZFS_EXIT(zfsvfs);
201		return (SET_ERROR(EPERM));
202	}
203
204	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
205	    ZTOV(zp)->v_type == VREG &&
206	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0) {
207		if (fs_vscan(*vpp, cr, 0) != 0) {
208			ZFS_EXIT(zfsvfs);
209			return (SET_ERROR(EACCES));
210		}
211	}
212
213	/* Keep a count of the synchronous opens in the znode */
214	if (flag & (FSYNC | FDSYNC))
215		atomic_inc_32(&zp->z_sync_cnt);
216
217	ZFS_EXIT(zfsvfs);
218	return (0);
219}
220
221/* ARGSUSED */
222static int
223zfs_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
224    caller_context_t *ct)
225{
226	znode_t	*zp = VTOZ(vp);
227	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
228
229	/*
230	 * Clean up any locks held by this process on the vp.
231	 */
232	cleanlocks(vp, ddi_get_pid(), 0);
233	cleanshares(vp, ddi_get_pid());
234
235	ZFS_ENTER(zfsvfs);
236	ZFS_VERIFY_ZP(zp);
237
238	/* Decrement the synchronous opens in the znode */
239	if ((flag & (FSYNC | FDSYNC)) && (count == 1))
240		atomic_dec_32(&zp->z_sync_cnt);
241
242	if (!zfs_has_ctldir(zp) && zp->z_zfsvfs->z_vscan &&
243	    ZTOV(zp)->v_type == VREG &&
244	    !(zp->z_pflags & ZFS_AV_QUARANTINED) && zp->z_size > 0)
245		VERIFY(fs_vscan(vp, cr, 1) == 0);
246
247	ZFS_EXIT(zfsvfs);
248	return (0);
249}
250
251/*
252 * Lseek support for finding holes (cmd == _FIO_SEEK_HOLE) and
253 * data (cmd == _FIO_SEEK_DATA). "off" is an in/out parameter.
254 */
255static int
256zfs_holey(vnode_t *vp, int cmd, offset_t *off)
257{
258	znode_t	*zp = VTOZ(vp);
259	uint64_t noff = (uint64_t)*off; /* new offset */
260	uint64_t file_sz;
261	int error;
262	boolean_t hole;
263
264	file_sz = zp->z_size;
265	if (noff >= file_sz)  {
266		return (SET_ERROR(ENXIO));
267	}
268
269	if (cmd == _FIO_SEEK_HOLE)
270		hole = B_TRUE;
271	else
272		hole = B_FALSE;
273
274	error = dmu_offset_next(zp->z_zfsvfs->z_os, zp->z_id, hole, &noff);
275
276	if (error == ESRCH)
277		return (SET_ERROR(ENXIO));
278
279	/*
280	 * We could find a hole that begins after the logical end-of-file,
281	 * because dmu_offset_next() only works on whole blocks.  If the
282	 * EOF falls mid-block, then indicate that the "virtual hole"
283	 * at the end of the file begins at the logical EOF, rather than
284	 * at the end of the last block.
285	 */
286	if (noff > file_sz) {
287		ASSERT(hole);
288		noff = file_sz;
289	}
290
291	if (noff < *off)
292		return (error);
293	*off = noff;
294	return (error);
295}
296
297/* ARGSUSED */
298static int
299zfs_ioctl(vnode_t *vp, int com, intptr_t data, int flag, cred_t *cred,
300    int *rvalp, caller_context_t *ct)
301{
302	offset_t off;
303	offset_t ndata;
304	dmu_object_info_t doi;
305	int error;
306	zfsvfs_t *zfsvfs;
307	znode_t *zp;
308
309	switch (com) {
310	case _FIOFFS:
311	{
312		return (zfs_sync(vp->v_vfsp, 0, cred));
313
314		/*
315		 * The following two ioctls are used by bfu.  Faking out,
316		 * necessary to avoid bfu errors.
317		 */
318	}
319	case _FIOGDIO:
320	case _FIOSDIO:
321	{
322		return (0);
323	}
324
325	case _FIO_SEEK_DATA:
326	case _FIO_SEEK_HOLE:
327	{
328		if (ddi_copyin((void *)data, &off, sizeof (off), flag))
329			return (SET_ERROR(EFAULT));
330
331		zp = VTOZ(vp);
332		zfsvfs = zp->z_zfsvfs;
333		ZFS_ENTER(zfsvfs);
334		ZFS_VERIFY_ZP(zp);
335
336		/* offset parameter is in/out */
337		error = zfs_holey(vp, com, &off);
338		ZFS_EXIT(zfsvfs);
339		if (error)
340			return (error);
341		if (ddi_copyout(&off, (void *)data, sizeof (off), flag))
342			return (SET_ERROR(EFAULT));
343		return (0);
344	}
345	case _FIO_COUNT_FILLED:
346	{
347		/*
348		 * _FIO_COUNT_FILLED adds a new ioctl command which
349		 * exposes the number of filled blocks in a
350		 * ZFS object.
351		 */
352		zp = VTOZ(vp);
353		zfsvfs = zp->z_zfsvfs;
354		ZFS_ENTER(zfsvfs);
355		ZFS_VERIFY_ZP(zp);
356
357		/*
358		 * Wait for all dirty blocks for this object
359		 * to get synced out to disk, and the DMU info
360		 * updated.
361		 */
362		error = dmu_object_wait_synced(zfsvfs->z_os, zp->z_id);
363		if (error) {
364			ZFS_EXIT(zfsvfs);
365			return (error);
366		}
367
368		/*
369		 * Retrieve fill count from DMU object.
370		 */
371		error = dmu_object_info(zfsvfs->z_os, zp->z_id, &doi);
372		if (error) {
373			ZFS_EXIT(zfsvfs);
374			return (error);
375		}
376
377		ndata = doi.doi_fill_count;
378
379		ZFS_EXIT(zfsvfs);
380		if (ddi_copyout(&ndata, (void *)data, sizeof (ndata), flag))
381			return (SET_ERROR(EFAULT));
382		return (0);
383	}
384	}
385	return (SET_ERROR(ENOTTY));
386}
387
388/*
389 * Utility functions to map and unmap a single physical page.  These
390 * are used to manage the mappable copies of ZFS file data, and therefore
391 * do not update ref/mod bits.
392 */
393caddr_t
394zfs_map_page(page_t *pp, enum seg_rw rw)
395{
396	if (kpm_enable)
397		return (hat_kpm_mapin(pp, 0));
398	ASSERT(rw == S_READ || rw == S_WRITE);
399	return (ppmapin(pp, PROT_READ | ((rw == S_WRITE) ? PROT_WRITE : 0),
400	    (caddr_t)-1));
401}
402
403void
404zfs_unmap_page(page_t *pp, caddr_t addr)
405{
406	if (kpm_enable) {
407		hat_kpm_mapout(pp, 0, addr);
408	} else {
409		ppmapout(addr);
410	}
411}
412
413/*
414 * When a file is memory mapped, we must keep the IO data synchronized
415 * between the DMU cache and the memory mapped pages.  What this means:
416 *
417 * On Write:	If we find a memory mapped page, we write to *both*
418 *		the page and the dmu buffer.
419 */
420static void
421update_pages(vnode_t *vp, int64_t start, int len, objset_t *os, uint64_t oid)
422{
423	int64_t	off;
424
425	off = start & PAGEOFFSET;
426	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
427		page_t *pp;
428		uint64_t nbytes = MIN(PAGESIZE - off, len);
429
430		if (pp = page_lookup(vp, start, SE_SHARED)) {
431			caddr_t va;
432
433			va = zfs_map_page(pp, S_WRITE);
434			(void) dmu_read(os, oid, start+off, nbytes, va+off,
435			    DMU_READ_PREFETCH);
436			zfs_unmap_page(pp, va);
437			page_unlock(pp);
438		}
439		len -= nbytes;
440		off = 0;
441	}
442}
443
444/*
445 * When a file is memory mapped, we must keep the IO data synchronized
446 * between the DMU cache and the memory mapped pages.  What this means:
447 *
448 * On Read:	We "read" preferentially from memory mapped pages,
449 *		else we default from the dmu buffer.
450 *
451 * NOTE: We will always "break up" the IO into PAGESIZE uiomoves when
452 *	 the file is memory mapped.
453 */
454static int
455mappedread(vnode_t *vp, int nbytes, uio_t *uio)
456{
457	znode_t *zp = VTOZ(vp);
458	int64_t	start, off;
459	int len = nbytes;
460	int error = 0;
461
462	start = uio->uio_loffset;
463	off = start & PAGEOFFSET;
464	for (start &= PAGEMASK; len > 0; start += PAGESIZE) {
465		page_t *pp;
466		uint64_t bytes = MIN(PAGESIZE - off, len);
467
468		if (pp = page_lookup(vp, start, SE_SHARED)) {
469			caddr_t va;
470
471			va = zfs_map_page(pp, S_READ);
472			error = uiomove(va + off, bytes, UIO_READ, uio);
473			zfs_unmap_page(pp, va);
474			page_unlock(pp);
475		} else {
476			error = dmu_read_uio_dbuf(sa_get_db(zp->z_sa_hdl),
477			    uio, bytes);
478		}
479		len -= bytes;
480		off = 0;
481		if (error)
482			break;
483	}
484	return (error);
485}
486
487offset_t zfs_read_chunk_size = 1024 * 1024; /* Tunable */
488
489/*
490 * Read bytes from specified file into supplied buffer.
491 *
492 *	IN:	vp	- vnode of file to be read from.
493 *		uio	- structure supplying read location, range info,
494 *			  and return buffer.
495 *		ioflag	- SYNC flags; used to provide FRSYNC semantics.
496 *		cr	- credentials of caller.
497 *		ct	- caller context
498 *
499 *	OUT:	uio	- updated offset and range, buffer filled.
500 *
501 *	RETURN:	0 on success, error code on failure.
502 *
503 * Side Effects:
504 *	vp - atime updated if byte count > 0
505 */
506/* ARGSUSED */
507static int
508zfs_read(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
509{
510	znode_t		*zp = VTOZ(vp);
511	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
512	ssize_t		n, nbytes;
513	int		error = 0;
514	rl_t		*rl;
515	xuio_t		*xuio = NULL;
516
517	ZFS_ENTER(zfsvfs);
518	ZFS_VERIFY_ZP(zp);
519
520	if (zp->z_pflags & ZFS_AV_QUARANTINED) {
521		ZFS_EXIT(zfsvfs);
522		return (SET_ERROR(EACCES));
523	}
524
525	/*
526	 * Validate file offset
527	 */
528	if (uio->uio_loffset < (offset_t)0) {
529		ZFS_EXIT(zfsvfs);
530		return (SET_ERROR(EINVAL));
531	}
532
533	/*
534	 * Fasttrack empty reads
535	 */
536	if (uio->uio_resid == 0) {
537		ZFS_EXIT(zfsvfs);
538		return (0);
539	}
540
541	/*
542	 * Check for mandatory locks
543	 */
544	if (MANDMODE(zp->z_mode)) {
545		if (error = chklock(vp, FREAD,
546		    uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct)) {
547			ZFS_EXIT(zfsvfs);
548			return (error);
549		}
550	}
551
552	/*
553	 * If we're in FRSYNC mode, sync out this znode before reading it.
554	 */
555	if (ioflag & FRSYNC || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
556		zil_commit(zfsvfs->z_log, zp->z_id);
557
558	/*
559	 * Lock the range against changes.
560	 */
561	rl = zfs_range_lock(zp, uio->uio_loffset, uio->uio_resid, RL_READER);
562
563	/*
564	 * If we are reading past end-of-file we can skip
565	 * to the end; but we might still need to set atime.
566	 */
567	if (uio->uio_loffset >= zp->z_size) {
568		error = 0;
569		goto out;
570	}
571
572	ASSERT(uio->uio_loffset < zp->z_size);
573	n = MIN(uio->uio_resid, zp->z_size - uio->uio_loffset);
574
575	if ((uio->uio_extflg == UIO_XUIO) &&
576	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY)) {
577		int nblk;
578		int blksz = zp->z_blksz;
579		uint64_t offset = uio->uio_loffset;
580
581		xuio = (xuio_t *)uio;
582		if ((ISP2(blksz))) {
583			nblk = (P2ROUNDUP(offset + n, blksz) - P2ALIGN(offset,
584			    blksz)) / blksz;
585		} else {
586			ASSERT(offset + n <= blksz);
587			nblk = 1;
588		}
589		(void) dmu_xuio_init(xuio, nblk);
590
591		if (vn_has_cached_data(vp)) {
592			/*
593			 * For simplicity, we always allocate a full buffer
594			 * even if we only expect to read a portion of a block.
595			 */
596			while (--nblk >= 0) {
597				(void) dmu_xuio_add(xuio,
598				    dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
599				    blksz), 0, blksz);
600			}
601		}
602	}
603
604	while (n > 0) {
605		nbytes = MIN(n, zfs_read_chunk_size -
606		    P2PHASE(uio->uio_loffset, zfs_read_chunk_size));
607
608		if (vn_has_cached_data(vp)) {
609			error = mappedread(vp, nbytes, uio);
610		} else {
611			error = dmu_read_uio_dbuf(sa_get_db(zp->z_sa_hdl),
612			    uio, nbytes);
613		}
614		if (error) {
615			/* convert checksum errors into IO errors */
616			if (error == ECKSUM)
617				error = SET_ERROR(EIO);
618			break;
619		}
620
621		n -= nbytes;
622	}
623out:
624	zfs_range_unlock(rl);
625
626	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
627	ZFS_EXIT(zfsvfs);
628	return (error);
629}
630
631/*
632 * Write the bytes to a file.
633 *
634 *	IN:	vp	- vnode of file to be written to.
635 *		uio	- structure supplying write location, range info,
636 *			  and data buffer.
637 *		ioflag	- FAPPEND, FSYNC, and/or FDSYNC.  FAPPEND is
638 *			  set if in append mode.
639 *		cr	- credentials of caller.
640 *		ct	- caller context (NFS/CIFS fem monitor only)
641 *
642 *	OUT:	uio	- updated offset and range.
643 *
644 *	RETURN:	0 on success, error code on failure.
645 *
646 * Timestamps:
647 *	vp - ctime|mtime updated if byte count > 0
648 */
649
650/* ARGSUSED */
651static int
652zfs_write(vnode_t *vp, uio_t *uio, int ioflag, cred_t *cr, caller_context_t *ct)
653{
654	znode_t		*zp = VTOZ(vp);
655	rlim64_t	limit = uio->uio_llimit;
656	ssize_t		start_resid = uio->uio_resid;
657	ssize_t		tx_bytes;
658	uint64_t	end_size;
659	dmu_tx_t	*tx;
660	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
661	zilog_t		*zilog;
662	offset_t	woff;
663	ssize_t		n, nbytes;
664	rl_t		*rl;
665	int		max_blksz = zfsvfs->z_max_blksz;
666	int		error = 0;
667	arc_buf_t	*abuf;
668	iovec_t		*aiov = NULL;
669	xuio_t		*xuio = NULL;
670	int		i_iov = 0;
671	int		iovcnt = uio->uio_iovcnt;
672	iovec_t		*iovp = uio->uio_iov;
673	int		write_eof;
674	int		count = 0;
675	sa_bulk_attr_t	bulk[4];
676	uint64_t	mtime[2], ctime[2];
677
678	/*
679	 * Fasttrack empty write
680	 */
681	n = start_resid;
682	if (n == 0)
683		return (0);
684
685	if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
686		limit = MAXOFFSET_T;
687
688	ZFS_ENTER(zfsvfs);
689	ZFS_VERIFY_ZP(zp);
690
691	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
692	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
693	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,
694	    &zp->z_size, 8);
695	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
696	    &zp->z_pflags, 8);
697
698	/*
699	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
700	 * callers might not be able to detect properly that we are read-only,
701	 * so check it explicitly here.
702	 */
703	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
704		ZFS_EXIT(zfsvfs);
705		return (SET_ERROR(EROFS));
706	}
707
708	/*
709	 * If immutable or not appending then return EPERM
710	 */
711	if ((zp->z_pflags & (ZFS_IMMUTABLE | ZFS_READONLY)) ||
712	    ((zp->z_pflags & ZFS_APPENDONLY) && !(ioflag & FAPPEND) &&
713	    (uio->uio_loffset < zp->z_size))) {
714		ZFS_EXIT(zfsvfs);
715		return (SET_ERROR(EPERM));
716	}
717
718	zilog = zfsvfs->z_log;
719
720	/*
721	 * Validate file offset
722	 */
723	woff = ioflag & FAPPEND ? zp->z_size : uio->uio_loffset;
724	if (woff < 0) {
725		ZFS_EXIT(zfsvfs);
726		return (SET_ERROR(EINVAL));
727	}
728
729	/*
730	 * Check for mandatory locks before calling zfs_range_lock()
731	 * in order to prevent a deadlock with locks set via fcntl().
732	 */
733	if (MANDMODE((mode_t)zp->z_mode) &&
734	    (error = chklock(vp, FWRITE, woff, n, uio->uio_fmode, ct)) != 0) {
735		ZFS_EXIT(zfsvfs);
736		return (error);
737	}
738
739	/*
740	 * Pre-fault the pages to ensure slow (eg NFS) pages
741	 * don't hold up txg.
742	 * Skip this if uio contains loaned arc_buf.
743	 */
744	if ((uio->uio_extflg == UIO_XUIO) &&
745	    (((xuio_t *)uio)->xu_type == UIOTYPE_ZEROCOPY))
746		xuio = (xuio_t *)uio;
747	else
748		uio_prefaultpages(MIN(n, max_blksz), uio);
749
750	/*
751	 * If in append mode, set the io offset pointer to eof.
752	 */
753	if (ioflag & FAPPEND) {
754		/*
755		 * Obtain an appending range lock to guarantee file append
756		 * semantics.  We reset the write offset once we have the lock.
757		 */
758		rl = zfs_range_lock(zp, 0, n, RL_APPEND);
759		woff = rl->r_off;
760		if (rl->r_len == UINT64_MAX) {
761			/*
762			 * We overlocked the file because this write will cause
763			 * the file block size to increase.
764			 * Note that zp_size cannot change with this lock held.
765			 */
766			woff = zp->z_size;
767		}
768		uio->uio_loffset = woff;
769	} else {
770		/*
771		 * Note that if the file block size will change as a result of
772		 * this write, then this range lock will lock the entire file
773		 * so that we can re-write the block safely.
774		 */
775		rl = zfs_range_lock(zp, woff, n, RL_WRITER);
776	}
777
778	if (woff >= limit) {
779		zfs_range_unlock(rl);
780		ZFS_EXIT(zfsvfs);
781		return (SET_ERROR(EFBIG));
782	}
783
784	if ((woff + n) > limit || woff > (limit - n))
785		n = limit - woff;
786
787	/* Will this write extend the file length? */
788	write_eof = (woff + n > zp->z_size);
789
790	end_size = MAX(zp->z_size, woff + n);
791
792	/*
793	 * Write the file in reasonable size chunks.  Each chunk is written
794	 * in a separate transaction; this keeps the intent log records small
795	 * and allows us to do more fine-grained space accounting.
796	 */
797	while (n > 0) {
798		abuf = NULL;
799		woff = uio->uio_loffset;
800		if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
801		    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
802			if (abuf != NULL)
803				dmu_return_arcbuf(abuf);
804			error = SET_ERROR(EDQUOT);
805			break;
806		}
807
808		if (xuio && abuf == NULL) {
809			ASSERT(i_iov < iovcnt);
810			aiov = &iovp[i_iov];
811			abuf = dmu_xuio_arcbuf(xuio, i_iov);
812			dmu_xuio_clear(xuio, i_iov);
813			DTRACE_PROBE3(zfs_cp_write, int, i_iov,
814			    iovec_t *, aiov, arc_buf_t *, abuf);
815			ASSERT((aiov->iov_base == abuf->b_data) ||
816			    ((char *)aiov->iov_base - (char *)abuf->b_data +
817			    aiov->iov_len == arc_buf_size(abuf)));
818			i_iov++;
819		} else if (abuf == NULL && n >= max_blksz &&
820		    woff >= zp->z_size &&
821		    P2PHASE(woff, max_blksz) == 0 &&
822		    zp->z_blksz == max_blksz) {
823			/*
824			 * This write covers a full block.  "Borrow" a buffer
825			 * from the dmu so that we can fill it before we enter
826			 * a transaction.  This avoids the possibility of
827			 * holding up the transaction if the data copy hangs
828			 * up on a pagefault (e.g., from an NFS server mapping).
829			 */
830			size_t cbytes;
831
832			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
833			    max_blksz);
834			ASSERT(abuf != NULL);
835			ASSERT(arc_buf_size(abuf) == max_blksz);
836			if (error = uiocopy(abuf->b_data, max_blksz,
837			    UIO_WRITE, uio, &cbytes)) {
838				dmu_return_arcbuf(abuf);
839				break;
840			}
841			ASSERT(cbytes == max_blksz);
842		}
843
844		/*
845		 * Start a transaction.
846		 */
847		tx = dmu_tx_create(zfsvfs->z_os);
848		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
849		dmu_tx_hold_write(tx, zp->z_id, woff, MIN(n, max_blksz));
850		zfs_sa_upgrade_txholds(tx, zp);
851		error = dmu_tx_assign(tx, TXG_WAIT);
852		if (error) {
853			dmu_tx_abort(tx);
854			if (abuf != NULL)
855				dmu_return_arcbuf(abuf);
856			break;
857		}
858
859		/*
860		 * If zfs_range_lock() over-locked we grow the blocksize
861		 * and then reduce the lock range.  This will only happen
862		 * on the first iteration since zfs_range_reduce() will
863		 * shrink down r_len to the appropriate size.
864		 */
865		if (rl->r_len == UINT64_MAX) {
866			uint64_t new_blksz;
867
868			if (zp->z_blksz > max_blksz) {
869				/*
870				 * File's blocksize is already larger than the
871				 * "recordsize" property.  Only let it grow to
872				 * the next power of 2.
873				 */
874				ASSERT(!ISP2(zp->z_blksz));
875				new_blksz = MIN(end_size,
876				    1 << highbit64(zp->z_blksz));
877			} else {
878				new_blksz = MIN(end_size, max_blksz);
879			}
880			zfs_grow_blocksize(zp, new_blksz, tx);
881			zfs_range_reduce(rl, woff, n);
882		}
883
884		/*
885		 * XXX - should we really limit each write to z_max_blksz?
886		 * Perhaps we should use SPA_MAXBLOCKSIZE chunks?
887		 */
888		nbytes = MIN(n, max_blksz - P2PHASE(woff, max_blksz));
889
890		if (abuf == NULL) {
891			tx_bytes = uio->uio_resid;
892			error = dmu_write_uio_dbuf(sa_get_db(zp->z_sa_hdl),
893			    uio, nbytes, tx);
894			tx_bytes -= uio->uio_resid;
895		} else {
896			tx_bytes = nbytes;
897			ASSERT(xuio == NULL || tx_bytes == aiov->iov_len);
898			/*
899			 * If this is not a full block write, but we are
900			 * extending the file past EOF and this data starts
901			 * block-aligned, use assign_arcbuf().  Otherwise,
902			 * write via dmu_write().
903			 */
904			if (tx_bytes < max_blksz && (!write_eof ||
905			    aiov->iov_base != abuf->b_data)) {
906				ASSERT(xuio);
907				dmu_write(zfsvfs->z_os, zp->z_id, woff,
908				    aiov->iov_len, aiov->iov_base, tx);
909				dmu_return_arcbuf(abuf);
910				xuio_stat_wbuf_copied();
911			} else {
912				ASSERT(xuio || tx_bytes == max_blksz);
913				dmu_assign_arcbuf(sa_get_db(zp->z_sa_hdl),
914				    woff, abuf, tx);
915			}
916			ASSERT(tx_bytes <= uio->uio_resid);
917			uioskip(uio, tx_bytes);
918		}
919		if (tx_bytes && vn_has_cached_data(vp)) {
920			update_pages(vp, woff,
921			    tx_bytes, zfsvfs->z_os, zp->z_id);
922		}
923
924		/*
925		 * If we made no progress, we're done.  If we made even
926		 * partial progress, update the znode and ZIL accordingly.
927		 */
928		if (tx_bytes == 0) {
929			(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
930			    (void *)&zp->z_size, sizeof (uint64_t), tx);
931			dmu_tx_commit(tx);
932			ASSERT(error != 0);
933			break;
934		}
935
936		/*
937		 * Clear Set-UID/Set-GID bits on successful write if not
938		 * privileged and at least one of the excute bits is set.
939		 *
940		 * It would be nice to to this after all writes have
941		 * been done, but that would still expose the ISUID/ISGID
942		 * to another app after the partial write is committed.
943		 *
944		 * Note: we don't call zfs_fuid_map_id() here because
945		 * user 0 is not an ephemeral uid.
946		 */
947		mutex_enter(&zp->z_acl_lock);
948		if ((zp->z_mode & (S_IXUSR | (S_IXUSR >> 3) |
949		    (S_IXUSR >> 6))) != 0 &&
950		    (zp->z_mode & (S_ISUID | S_ISGID)) != 0 &&
951		    secpolicy_vnode_setid_retain(cr,
952		    (zp->z_mode & S_ISUID) != 0 && zp->z_uid == 0) != 0) {
953			uint64_t newmode;
954			zp->z_mode &= ~(S_ISUID | S_ISGID);
955			newmode = zp->z_mode;
956			(void) sa_update(zp->z_sa_hdl, SA_ZPL_MODE(zfsvfs),
957			    (void *)&newmode, sizeof (uint64_t), tx);
958		}
959		mutex_exit(&zp->z_acl_lock);
960
961		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
962		    B_TRUE);
963
964		/*
965		 * Update the file size (zp_size) if it has changed;
966		 * account for possible concurrent updates.
967		 */
968		while ((end_size = zp->z_size) < uio->uio_loffset) {
969			(void) atomic_cas_64(&zp->z_size, end_size,
970			    uio->uio_loffset);
971			ASSERT(error == 0);
972		}
973		/*
974		 * If we are replaying and eof is non zero then force
975		 * the file size to the specified eof. Note, there's no
976		 * concurrency during replay.
977		 */
978		if (zfsvfs->z_replay && zfsvfs->z_replay_eof != 0)
979			zp->z_size = zfsvfs->z_replay_eof;
980
981		error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
982
983		zfs_log_write(zilog, tx, TX_WRITE, zp, woff, tx_bytes, ioflag);
984		dmu_tx_commit(tx);
985
986		if (error != 0)
987			break;
988		ASSERT(tx_bytes == nbytes);
989		n -= nbytes;
990
991		if (!xuio && n > 0)
992			uio_prefaultpages(MIN(n, max_blksz), uio);
993	}
994
995	zfs_range_unlock(rl);
996
997	/*
998	 * If we're in replay mode, or we made no progress, return error.
999	 * Otherwise, it's at least a partial write, so it's successful.
1000	 */
1001	if (zfsvfs->z_replay || uio->uio_resid == start_resid) {
1002		ZFS_EXIT(zfsvfs);
1003		return (error);
1004	}
1005
1006	if (ioflag & (FSYNC | FDSYNC) ||
1007	    zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1008		zil_commit(zilog, zp->z_id);
1009
1010	ZFS_EXIT(zfsvfs);
1011	return (0);
1012}
1013
1014void
1015zfs_get_done(zgd_t *zgd, int error)
1016{
1017	znode_t *zp = zgd->zgd_private;
1018	objset_t *os = zp->z_zfsvfs->z_os;
1019
1020	if (zgd->zgd_db)
1021		dmu_buf_rele(zgd->zgd_db, zgd);
1022
1023	zfs_range_unlock(zgd->zgd_rl);
1024
1025	/*
1026	 * Release the vnode asynchronously as we currently have the
1027	 * txg stopped from syncing.
1028	 */
1029	VN_RELE_ASYNC(ZTOV(zp), dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
1030
1031	if (error == 0 && zgd->zgd_bp)
1032		zil_add_block(zgd->zgd_zilog, zgd->zgd_bp);
1033
1034	kmem_free(zgd, sizeof (zgd_t));
1035}
1036
1037#ifdef DEBUG
1038static int zil_fault_io = 0;
1039#endif
1040
1041/*
1042 * Get data to generate a TX_WRITE intent log record.
1043 */
1044int
1045zfs_get_data(void *arg, lr_write_t *lr, char *buf, zio_t *zio)
1046{
1047	zfsvfs_t *zfsvfs = arg;
1048	objset_t *os = zfsvfs->z_os;
1049	znode_t *zp;
1050	uint64_t object = lr->lr_foid;
1051	uint64_t offset = lr->lr_offset;
1052	uint64_t size = lr->lr_length;
1053	blkptr_t *bp = &lr->lr_blkptr;
1054	dmu_buf_t *db;
1055	zgd_t *zgd;
1056	int error = 0;
1057
1058	ASSERT(zio != NULL);
1059	ASSERT(size != 0);
1060
1061	/*
1062	 * Nothing to do if the file has been removed
1063	 */
1064	if (zfs_zget(zfsvfs, object, &zp) != 0)
1065		return (SET_ERROR(ENOENT));
1066	if (zp->z_unlinked) {
1067		/*
1068		 * Release the vnode asynchronously as we currently have the
1069		 * txg stopped from syncing.
1070		 */
1071		VN_RELE_ASYNC(ZTOV(zp),
1072		    dsl_pool_vnrele_taskq(dmu_objset_pool(os)));
1073		return (SET_ERROR(ENOENT));
1074	}
1075
1076	zgd = (zgd_t *)kmem_zalloc(sizeof (zgd_t), KM_SLEEP);
1077	zgd->zgd_zilog = zfsvfs->z_log;
1078	zgd->zgd_private = zp;
1079
1080	/*
1081	 * Write records come in two flavors: immediate and indirect.
1082	 * For small writes it's cheaper to store the data with the
1083	 * log record (immediate); for large writes it's cheaper to
1084	 * sync the data and get a pointer to it (indirect) so that
1085	 * we don't have to write the data twice.
1086	 */
1087	if (buf != NULL) { /* immediate write */
1088		zgd->zgd_rl = zfs_range_lock(zp, offset, size, RL_READER);
1089		/* test for truncation needs to be done while range locked */
1090		if (offset >= zp->z_size) {
1091			error = SET_ERROR(ENOENT);
1092		} else {
1093			error = dmu_read(os, object, offset, size, buf,
1094			    DMU_READ_NO_PREFETCH);
1095		}
1096		ASSERT(error == 0 || error == ENOENT);
1097	} else { /* indirect write */
1098		/*
1099		 * Have to lock the whole block to ensure when it's
1100		 * written out and it's checksum is being calculated
1101		 * that no one can change the data. We need to re-check
1102		 * blocksize after we get the lock in case it's changed!
1103		 */
1104		for (;;) {
1105			uint64_t blkoff;
1106			size = zp->z_blksz;
1107			blkoff = ISP2(size) ? P2PHASE(offset, size) : offset;
1108			offset -= blkoff;
1109			zgd->zgd_rl = zfs_range_lock(zp, offset, size,
1110			    RL_READER);
1111			if (zp->z_blksz == size)
1112				break;
1113			offset += blkoff;
1114			zfs_range_unlock(zgd->zgd_rl);
1115		}
1116		/* test for truncation needs to be done while range locked */
1117		if (lr->lr_offset >= zp->z_size)
1118			error = SET_ERROR(ENOENT);
1119#ifdef DEBUG
1120		if (zil_fault_io) {
1121			error = SET_ERROR(EIO);
1122			zil_fault_io = 0;
1123		}
1124#endif
1125		if (error == 0)
1126			error = dmu_buf_hold(os, object, offset, zgd, &db,
1127			    DMU_READ_NO_PREFETCH);
1128
1129		if (error == 0) {
1130			blkptr_t *obp = dmu_buf_get_blkptr(db);
1131			if (obp) {
1132				ASSERT(BP_IS_HOLE(bp));
1133				*bp = *obp;
1134			}
1135
1136			zgd->zgd_db = db;
1137			zgd->zgd_bp = bp;
1138
1139			ASSERT(db->db_offset == offset);
1140			ASSERT(db->db_size == size);
1141
1142			error = dmu_sync(zio, lr->lr_common.lrc_txg,
1143			    zfs_get_done, zgd);
1144			ASSERT(error || lr->lr_length <= zp->z_blksz);
1145
1146			/*
1147			 * On success, we need to wait for the write I/O
1148			 * initiated by dmu_sync() to complete before we can
1149			 * release this dbuf.  We will finish everything up
1150			 * in the zfs_get_done() callback.
1151			 */
1152			if (error == 0)
1153				return (0);
1154
1155			if (error == EALREADY) {
1156				lr->lr_common.lrc_txtype = TX_WRITE2;
1157				error = 0;
1158			}
1159		}
1160	}
1161
1162	zfs_get_done(zgd, error);
1163
1164	return (error);
1165}
1166
1167/*ARGSUSED*/
1168static int
1169zfs_access(vnode_t *vp, int mode, int flag, cred_t *cr,
1170    caller_context_t *ct)
1171{
1172	znode_t *zp = VTOZ(vp);
1173	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
1174	int error;
1175
1176	ZFS_ENTER(zfsvfs);
1177	ZFS_VERIFY_ZP(zp);
1178
1179	if (flag & V_ACE_MASK)
1180		error = zfs_zaccess(zp, mode, flag, B_FALSE, cr);
1181	else
1182		error = zfs_zaccess_rwx(zp, mode, flag, cr);
1183
1184	ZFS_EXIT(zfsvfs);
1185	return (error);
1186}
1187
1188/*
1189 * If vnode is for a device return a specfs vnode instead.
1190 */
1191static int
1192specvp_check(vnode_t **vpp, cred_t *cr)
1193{
1194	int error = 0;
1195
1196	if (IS_DEVVP(*vpp)) {
1197		struct vnode *svp;
1198
1199		svp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type, cr);
1200		VN_RELE(*vpp);
1201		if (svp == NULL)
1202			error = SET_ERROR(ENOSYS);
1203		*vpp = svp;
1204	}
1205	return (error);
1206}
1207
1208
1209/*
1210 * Lookup an entry in a directory, or an extended attribute directory.
1211 * If it exists, return a held vnode reference for it.
1212 *
1213 *	IN:	dvp	- vnode of directory to search.
1214 *		nm	- name of entry to lookup.
1215 *		pnp	- full pathname to lookup [UNUSED].
1216 *		flags	- LOOKUP_XATTR set if looking for an attribute.
1217 *		rdir	- root directory vnode [UNUSED].
1218 *		cr	- credentials of caller.
1219 *		ct	- caller context
1220 *		direntflags - directory lookup flags
1221 *		realpnp - returned pathname.
1222 *
1223 *	OUT:	vpp	- vnode of located entry, NULL if not found.
1224 *
1225 *	RETURN:	0 on success, error code on failure.
1226 *
1227 * Timestamps:
1228 *	NA
1229 */
1230/* ARGSUSED */
1231static int
1232zfs_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1233    int flags, vnode_t *rdir, cred_t *cr,  caller_context_t *ct,
1234    int *direntflags, pathname_t *realpnp)
1235{
1236	znode_t *zdp = VTOZ(dvp);
1237	zfsvfs_t *zfsvfs = zdp->z_zfsvfs;
1238	int	error = 0;
1239
1240	/* fast path */
1241	if (!(flags & (LOOKUP_XATTR | FIGNORECASE))) {
1242
1243		if (dvp->v_type != VDIR) {
1244			return (SET_ERROR(ENOTDIR));
1245		} else if (zdp->z_sa_hdl == NULL) {
1246			return (SET_ERROR(EIO));
1247		}
1248
1249		if (nm[0] == 0 || (nm[0] == '.' && nm[1] == '\0')) {
1250			error = zfs_fastaccesschk_execute(zdp, cr);
1251			if (!error) {
1252				*vpp = dvp;
1253				VN_HOLD(*vpp);
1254				return (0);
1255			}
1256			return (error);
1257		} else {
1258			vnode_t *tvp = dnlc_lookup(dvp, nm);
1259
1260			if (tvp) {
1261				error = zfs_fastaccesschk_execute(zdp, cr);
1262				if (error) {
1263					VN_RELE(tvp);
1264					return (error);
1265				}
1266				if (tvp == DNLC_NO_VNODE) {
1267					VN_RELE(tvp);
1268					return (SET_ERROR(ENOENT));
1269				} else {
1270					*vpp = tvp;
1271					return (specvp_check(vpp, cr));
1272				}
1273			}
1274		}
1275	}
1276
1277	DTRACE_PROBE2(zfs__fastpath__lookup__miss, vnode_t *, dvp, char *, nm);
1278
1279	ZFS_ENTER(zfsvfs);
1280	ZFS_VERIFY_ZP(zdp);
1281
1282	*vpp = NULL;
1283
1284	if (flags & LOOKUP_XATTR) {
1285		/*
1286		 * If the xattr property is off, refuse the lookup request.
1287		 */
1288		if (!(zfsvfs->z_vfs->vfs_flag & VFS_XATTR)) {
1289			ZFS_EXIT(zfsvfs);
1290			return (SET_ERROR(EINVAL));
1291		}
1292
1293		/*
1294		 * We don't allow recursive attributes..
1295		 * Maybe someday we will.
1296		 */
1297		if (zdp->z_pflags & ZFS_XATTR) {
1298			ZFS_EXIT(zfsvfs);
1299			return (SET_ERROR(EINVAL));
1300		}
1301
1302		if (error = zfs_get_xattrdir(VTOZ(dvp), vpp, cr, flags)) {
1303			ZFS_EXIT(zfsvfs);
1304			return (error);
1305		}
1306
1307		/*
1308		 * Do we have permission to get into attribute directory?
1309		 */
1310
1311		if (error = zfs_zaccess(VTOZ(*vpp), ACE_EXECUTE, 0,
1312		    B_FALSE, cr)) {
1313			VN_RELE(*vpp);
1314			*vpp = NULL;
1315		}
1316
1317		ZFS_EXIT(zfsvfs);
1318		return (error);
1319	}
1320
1321	if (dvp->v_type != VDIR) {
1322		ZFS_EXIT(zfsvfs);
1323		return (SET_ERROR(ENOTDIR));
1324	}
1325
1326	/*
1327	 * Check accessibility of directory.
1328	 */
1329
1330	if (error = zfs_zaccess(zdp, ACE_EXECUTE, 0, B_FALSE, cr)) {
1331		ZFS_EXIT(zfsvfs);
1332		return (error);
1333	}
1334
1335	if (zfsvfs->z_utf8 && u8_validate(nm, strlen(nm),
1336	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1337		ZFS_EXIT(zfsvfs);
1338		return (SET_ERROR(EILSEQ));
1339	}
1340
1341	error = zfs_dirlook(zdp, nm, vpp, flags, direntflags, realpnp);
1342	if (error == 0)
1343		error = specvp_check(vpp, cr);
1344
1345	ZFS_EXIT(zfsvfs);
1346	return (error);
1347}
1348
1349/*
1350 * Attempt to create a new entry in a directory.  If the entry
1351 * already exists, truncate the file if permissible, else return
1352 * an error.  Return the vp of the created or trunc'd file.
1353 *
1354 *	IN:	dvp	- vnode of directory to put new file entry in.
1355 *		name	- name of new file entry.
1356 *		vap	- attributes of new file.
1357 *		excl	- flag indicating exclusive or non-exclusive mode.
1358 *		mode	- mode to open file with.
1359 *		cr	- credentials of caller.
1360 *		flag	- large file flag [UNUSED].
1361 *		ct	- caller context
1362 *		vsecp	- ACL to be set
1363 *
1364 *	OUT:	vpp	- vnode of created or trunc'd entry.
1365 *
1366 *	RETURN:	0 on success, error code on failure.
1367 *
1368 * Timestamps:
1369 *	dvp - ctime|mtime updated if new entry created
1370 *	 vp - ctime|mtime always, atime if new
1371 */
1372
1373/* ARGSUSED */
1374static int
1375zfs_create(vnode_t *dvp, char *name, vattr_t *vap, vcexcl_t excl,
1376    int mode, vnode_t **vpp, cred_t *cr, int flag, caller_context_t *ct,
1377    vsecattr_t *vsecp)
1378{
1379	znode_t		*zp, *dzp = VTOZ(dvp);
1380	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1381	zilog_t		*zilog;
1382	objset_t	*os;
1383	zfs_dirlock_t	*dl;
1384	dmu_tx_t	*tx;
1385	int		error;
1386	ksid_t		*ksid;
1387	uid_t		uid;
1388	gid_t		gid = crgetgid(cr);
1389	zfs_acl_ids_t   acl_ids;
1390	boolean_t	fuid_dirtied;
1391	boolean_t	have_acl = B_FALSE;
1392	boolean_t	waited = B_FALSE;
1393
1394	/*
1395	 * If we have an ephemeral id, ACL, or XVATTR then
1396	 * make sure file system is at proper version
1397	 */
1398
1399	ksid = crgetsid(cr, KSID_OWNER);
1400	if (ksid)
1401		uid = ksid_getid(ksid);
1402	else
1403		uid = crgetuid(cr);
1404
1405	if (zfsvfs->z_use_fuids == B_FALSE &&
1406	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1407	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1408		return (SET_ERROR(EINVAL));
1409
1410	ZFS_ENTER(zfsvfs);
1411	ZFS_VERIFY_ZP(dzp);
1412	os = zfsvfs->z_os;
1413	zilog = zfsvfs->z_log;
1414
1415	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
1416	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1417		ZFS_EXIT(zfsvfs);
1418		return (SET_ERROR(EILSEQ));
1419	}
1420
1421	if (vap->va_mask & AT_XVATTR) {
1422		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1423		    crgetuid(cr), cr, vap->va_type)) != 0) {
1424			ZFS_EXIT(zfsvfs);
1425			return (error);
1426		}
1427	}
1428top:
1429	*vpp = NULL;
1430
1431	if ((vap->va_mode & VSVTX) && secpolicy_vnode_stky_modify(cr))
1432		vap->va_mode &= ~VSVTX;
1433
1434	if (*name == '\0') {
1435		/*
1436		 * Null component name refers to the directory itself.
1437		 */
1438		VN_HOLD(dvp);
1439		zp = dzp;
1440		dl = NULL;
1441		error = 0;
1442	} else {
1443		/* possible VN_HOLD(zp) */
1444		int zflg = 0;
1445
1446		if (flag & FIGNORECASE)
1447			zflg |= ZCILOOK;
1448
1449		error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1450		    NULL, NULL);
1451		if (error) {
1452			if (have_acl)
1453				zfs_acl_ids_free(&acl_ids);
1454			if (strcmp(name, "..") == 0)
1455				error = SET_ERROR(EISDIR);
1456			ZFS_EXIT(zfsvfs);
1457			return (error);
1458		}
1459	}
1460
1461	if (zp == NULL) {
1462		uint64_t txtype;
1463
1464		/*
1465		 * Create a new file object and update the directory
1466		 * to reference it.
1467		 */
1468		if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
1469			if (have_acl)
1470				zfs_acl_ids_free(&acl_ids);
1471			goto out;
1472		}
1473
1474		/*
1475		 * We only support the creation of regular files in
1476		 * extended attribute directories.
1477		 */
1478
1479		if ((dzp->z_pflags & ZFS_XATTR) &&
1480		    (vap->va_type != VREG)) {
1481			if (have_acl)
1482				zfs_acl_ids_free(&acl_ids);
1483			error = SET_ERROR(EINVAL);
1484			goto out;
1485		}
1486
1487		if (!have_acl && (error = zfs_acl_ids_create(dzp, 0, vap,
1488		    cr, vsecp, &acl_ids)) != 0)
1489			goto out;
1490		have_acl = B_TRUE;
1491
1492		if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1493			zfs_acl_ids_free(&acl_ids);
1494			error = SET_ERROR(EDQUOT);
1495			goto out;
1496		}
1497
1498		tx = dmu_tx_create(os);
1499
1500		dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1501		    ZFS_SA_BASE_ATTR_SIZE);
1502
1503		fuid_dirtied = zfsvfs->z_fuid_dirty;
1504		if (fuid_dirtied)
1505			zfs_fuid_txhold(zfsvfs, tx);
1506		dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
1507		dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
1508		if (!zfsvfs->z_use_sa &&
1509		    acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1510			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
1511			    0, acl_ids.z_aclp->z_acl_bytes);
1512		}
1513		error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1514		if (error) {
1515			zfs_dirent_unlock(dl);
1516			if (error == ERESTART) {
1517				waited = B_TRUE;
1518				dmu_tx_wait(tx);
1519				dmu_tx_abort(tx);
1520				goto top;
1521			}
1522			zfs_acl_ids_free(&acl_ids);
1523			dmu_tx_abort(tx);
1524			ZFS_EXIT(zfsvfs);
1525			return (error);
1526		}
1527		zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1528
1529		if (fuid_dirtied)
1530			zfs_fuid_sync(zfsvfs, tx);
1531
1532		(void) zfs_link_create(dl, zp, tx, ZNEW);
1533		txtype = zfs_log_create_txtype(Z_FILE, vsecp, vap);
1534		if (flag & FIGNORECASE)
1535			txtype |= TX_CI;
1536		zfs_log_create(zilog, tx, txtype, dzp, zp, name,
1537		    vsecp, acl_ids.z_fuidp, vap);
1538		zfs_acl_ids_free(&acl_ids);
1539		dmu_tx_commit(tx);
1540	} else {
1541		int aflags = (flag & FAPPEND) ? V_APPEND : 0;
1542
1543		if (have_acl)
1544			zfs_acl_ids_free(&acl_ids);
1545		have_acl = B_FALSE;
1546
1547		/*
1548		 * A directory entry already exists for this name.
1549		 */
1550		/*
1551		 * Can't truncate an existing file if in exclusive mode.
1552		 */
1553		if (excl == EXCL) {
1554			error = SET_ERROR(EEXIST);
1555			goto out;
1556		}
1557		/*
1558		 * Can't open a directory for writing.
1559		 */
1560		if ((ZTOV(zp)->v_type == VDIR) && (mode & S_IWRITE)) {
1561			error = SET_ERROR(EISDIR);
1562			goto out;
1563		}
1564		/*
1565		 * Verify requested access to file.
1566		 */
1567		if (mode && (error = zfs_zaccess_rwx(zp, mode, aflags, cr))) {
1568			goto out;
1569		}
1570
1571		mutex_enter(&dzp->z_lock);
1572		dzp->z_seq++;
1573		mutex_exit(&dzp->z_lock);
1574
1575		/*
1576		 * Truncate regular files if requested.
1577		 */
1578		if ((ZTOV(zp)->v_type == VREG) &&
1579		    (vap->va_mask & AT_SIZE) && (vap->va_size == 0)) {
1580			/* we can't hold any locks when calling zfs_freesp() */
1581			zfs_dirent_unlock(dl);
1582			dl = NULL;
1583			error = zfs_freesp(zp, 0, 0, mode, TRUE);
1584			if (error == 0) {
1585				vnevent_create(ZTOV(zp), ct);
1586			}
1587		}
1588	}
1589out:
1590
1591	if (dl)
1592		zfs_dirent_unlock(dl);
1593
1594	if (error) {
1595		if (zp)
1596			VN_RELE(ZTOV(zp));
1597	} else {
1598		*vpp = ZTOV(zp);
1599		error = specvp_check(vpp, cr);
1600	}
1601
1602	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1603		zil_commit(zilog, 0);
1604
1605	ZFS_EXIT(zfsvfs);
1606	return (error);
1607}
1608
1609/*
1610 * Remove an entry from a directory.
1611 *
1612 *	IN:	dvp	- vnode of directory to remove entry from.
1613 *		name	- name of entry to remove.
1614 *		cr	- credentials of caller.
1615 *		ct	- caller context
1616 *		flags	- case flags
1617 *
1618 *	RETURN:	0 on success, error code on failure.
1619 *
1620 * Timestamps:
1621 *	dvp - ctime|mtime
1622 *	 vp - ctime (if nlink > 0)
1623 */
1624
1625uint64_t null_xattr = 0;
1626
1627/*ARGSUSED*/
1628static int
1629zfs_remove(vnode_t *dvp, char *name, cred_t *cr, caller_context_t *ct,
1630    int flags)
1631{
1632	znode_t		*zp, *dzp = VTOZ(dvp);
1633	znode_t		*xzp;
1634	vnode_t		*vp;
1635	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1636	zilog_t		*zilog;
1637	uint64_t	acl_obj, xattr_obj;
1638	uint64_t	xattr_obj_unlinked = 0;
1639	uint64_t	obj = 0;
1640	zfs_dirlock_t	*dl;
1641	dmu_tx_t	*tx;
1642	boolean_t	may_delete_now, delete_now = FALSE;
1643	boolean_t	unlinked, toobig = FALSE;
1644	uint64_t	txtype;
1645	pathname_t	*realnmp = NULL;
1646	pathname_t	realnm;
1647	int		error;
1648	int		zflg = ZEXISTS;
1649	boolean_t	waited = B_FALSE;
1650
1651	ZFS_ENTER(zfsvfs);
1652	ZFS_VERIFY_ZP(dzp);
1653	zilog = zfsvfs->z_log;
1654
1655	if (flags & FIGNORECASE) {
1656		zflg |= ZCILOOK;
1657		pn_alloc(&realnm);
1658		realnmp = &realnm;
1659	}
1660
1661top:
1662	xattr_obj = 0;
1663	xzp = NULL;
1664	/*
1665	 * Attempt to lock directory; fail if entry doesn't exist.
1666	 */
1667	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
1668	    NULL, realnmp)) {
1669		if (realnmp)
1670			pn_free(realnmp);
1671		ZFS_EXIT(zfsvfs);
1672		return (error);
1673	}
1674
1675	vp = ZTOV(zp);
1676
1677	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
1678		goto out;
1679	}
1680
1681	/*
1682	 * Need to use rmdir for removing directories.
1683	 */
1684	if (vp->v_type == VDIR) {
1685		error = SET_ERROR(EPERM);
1686		goto out;
1687	}
1688
1689	vnevent_remove(vp, dvp, name, ct);
1690
1691	if (realnmp)
1692		dnlc_remove(dvp, realnmp->pn_buf);
1693	else
1694		dnlc_remove(dvp, name);
1695
1696	mutex_enter(&vp->v_lock);
1697	may_delete_now = vp->v_count == 1 && !vn_has_cached_data(vp);
1698	mutex_exit(&vp->v_lock);
1699
1700	/*
1701	 * We may delete the znode now, or we may put it in the unlinked set;
1702	 * it depends on whether we're the last link, and on whether there are
1703	 * other holds on the vnode.  So we dmu_tx_hold() the right things to
1704	 * allow for either case.
1705	 */
1706	obj = zp->z_id;
1707	tx = dmu_tx_create(zfsvfs->z_os);
1708	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
1709	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
1710	zfs_sa_upgrade_txholds(tx, zp);
1711	zfs_sa_upgrade_txholds(tx, dzp);
1712	if (may_delete_now) {
1713		toobig =
1714		    zp->z_size > zp->z_blksz * DMU_MAX_DELETEBLKCNT;
1715		/* if the file is too big, only hold_free a token amount */
1716		dmu_tx_hold_free(tx, zp->z_id, 0,
1717		    (toobig ? DMU_MAX_ACCESS : DMU_OBJECT_END));
1718	}
1719
1720	/* are there any extended attributes? */
1721	error = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1722	    &xattr_obj, sizeof (xattr_obj));
1723	if (error == 0 && xattr_obj) {
1724		error = zfs_zget(zfsvfs, xattr_obj, &xzp);
1725		ASSERT0(error);
1726		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
1727		dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);
1728	}
1729
1730	mutex_enter(&zp->z_lock);
1731	if ((acl_obj = zfs_external_acl(zp)) != 0 && may_delete_now)
1732		dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END);
1733	mutex_exit(&zp->z_lock);
1734
1735	/* charge as an update -- would be nice not to charge at all */
1736	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
1737
1738	/*
1739	 * Mark this transaction as typically resulting in a net free of space
1740	 */
1741	dmu_tx_mark_netfree(tx);
1742
1743	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1744	if (error) {
1745		zfs_dirent_unlock(dl);
1746		VN_RELE(vp);
1747		if (xzp)
1748			VN_RELE(ZTOV(xzp));
1749		if (error == ERESTART) {
1750			waited = B_TRUE;
1751			dmu_tx_wait(tx);
1752			dmu_tx_abort(tx);
1753			goto top;
1754		}
1755		if (realnmp)
1756			pn_free(realnmp);
1757		dmu_tx_abort(tx);
1758		ZFS_EXIT(zfsvfs);
1759		return (error);
1760	}
1761
1762	/*
1763	 * Remove the directory entry.
1764	 */
1765	error = zfs_link_destroy(dl, zp, tx, zflg, &unlinked);
1766
1767	if (error) {
1768		dmu_tx_commit(tx);
1769		goto out;
1770	}
1771
1772	if (unlinked) {
1773		/*
1774		 * Hold z_lock so that we can make sure that the ACL obj
1775		 * hasn't changed.  Could have been deleted due to
1776		 * zfs_sa_upgrade().
1777		 */
1778		mutex_enter(&zp->z_lock);
1779		mutex_enter(&vp->v_lock);
1780		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
1781		    &xattr_obj_unlinked, sizeof (xattr_obj_unlinked));
1782		delete_now = may_delete_now && !toobig &&
1783		    vp->v_count == 1 && !vn_has_cached_data(vp) &&
1784		    xattr_obj == xattr_obj_unlinked && zfs_external_acl(zp) ==
1785		    acl_obj;
1786		mutex_exit(&vp->v_lock);
1787	}
1788
1789	if (delete_now) {
1790		if (xattr_obj_unlinked) {
1791			ASSERT3U(xzp->z_links, ==, 2);
1792			mutex_enter(&xzp->z_lock);
1793			xzp->z_unlinked = 1;
1794			xzp->z_links = 0;
1795			error = sa_update(xzp->z_sa_hdl, SA_ZPL_LINKS(zfsvfs),
1796			    &xzp->z_links, sizeof (xzp->z_links), tx);
1797			ASSERT3U(error,  ==,  0);
1798			mutex_exit(&xzp->z_lock);
1799			zfs_unlinked_add(xzp, tx);
1800
1801			if (zp->z_is_sa)
1802				error = sa_remove(zp->z_sa_hdl,
1803				    SA_ZPL_XATTR(zfsvfs), tx);
1804			else
1805				error = sa_update(zp->z_sa_hdl,
1806				    SA_ZPL_XATTR(zfsvfs), &null_xattr,
1807				    sizeof (uint64_t), tx);
1808			ASSERT0(error);
1809		}
1810		mutex_enter(&vp->v_lock);
1811		vp->v_count--;
1812		ASSERT0(vp->v_count);
1813		mutex_exit(&vp->v_lock);
1814		mutex_exit(&zp->z_lock);
1815		zfs_znode_delete(zp, tx);
1816	} else if (unlinked) {
1817		mutex_exit(&zp->z_lock);
1818		zfs_unlinked_add(zp, tx);
1819	}
1820
1821	txtype = TX_REMOVE;
1822	if (flags & FIGNORECASE)
1823		txtype |= TX_CI;
1824	zfs_log_remove(zilog, tx, txtype, dzp, name, obj);
1825
1826	dmu_tx_commit(tx);
1827out:
1828	if (realnmp)
1829		pn_free(realnmp);
1830
1831	zfs_dirent_unlock(dl);
1832
1833	if (!delete_now)
1834		VN_RELE(vp);
1835	if (xzp)
1836		VN_RELE(ZTOV(xzp));
1837
1838	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
1839		zil_commit(zilog, 0);
1840
1841	ZFS_EXIT(zfsvfs);
1842	return (error);
1843}
1844
1845/*
1846 * Create a new directory and insert it into dvp using the name
1847 * provided.  Return a pointer to the inserted directory.
1848 *
1849 *	IN:	dvp	- vnode of directory to add subdir to.
1850 *		dirname	- name of new directory.
1851 *		vap	- attributes of new directory.
1852 *		cr	- credentials of caller.
1853 *		ct	- caller context
1854 *		flags	- case flags
1855 *		vsecp	- ACL to be set
1856 *
1857 *	OUT:	vpp	- vnode of created directory.
1858 *
1859 *	RETURN:	0 on success, error code on failure.
1860 *
1861 * Timestamps:
1862 *	dvp - ctime|mtime updated
1863 *	 vp - ctime|mtime|atime updated
1864 */
1865/*ARGSUSED*/
1866static int
1867zfs_mkdir(vnode_t *dvp, char *dirname, vattr_t *vap, vnode_t **vpp, cred_t *cr,
1868    caller_context_t *ct, int flags, vsecattr_t *vsecp)
1869{
1870	znode_t		*zp, *dzp = VTOZ(dvp);
1871	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
1872	zilog_t		*zilog;
1873	zfs_dirlock_t	*dl;
1874	uint64_t	txtype;
1875	dmu_tx_t	*tx;
1876	int		error;
1877	int		zf = ZNEW;
1878	ksid_t		*ksid;
1879	uid_t		uid;
1880	gid_t		gid = crgetgid(cr);
1881	zfs_acl_ids_t   acl_ids;
1882	boolean_t	fuid_dirtied;
1883	boolean_t	waited = B_FALSE;
1884
1885	ASSERT(vap->va_type == VDIR);
1886
1887	/*
1888	 * If we have an ephemeral id, ACL, or XVATTR then
1889	 * make sure file system is at proper version
1890	 */
1891
1892	ksid = crgetsid(cr, KSID_OWNER);
1893	if (ksid)
1894		uid = ksid_getid(ksid);
1895	else
1896		uid = crgetuid(cr);
1897	if (zfsvfs->z_use_fuids == B_FALSE &&
1898	    (vsecp || (vap->va_mask & AT_XVATTR) ||
1899	    IS_EPHEMERAL(uid) || IS_EPHEMERAL(gid)))
1900		return (SET_ERROR(EINVAL));
1901
1902	ZFS_ENTER(zfsvfs);
1903	ZFS_VERIFY_ZP(dzp);
1904	zilog = zfsvfs->z_log;
1905
1906	if (dzp->z_pflags & ZFS_XATTR) {
1907		ZFS_EXIT(zfsvfs);
1908		return (SET_ERROR(EINVAL));
1909	}
1910
1911	if (zfsvfs->z_utf8 && u8_validate(dirname,
1912	    strlen(dirname), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
1913		ZFS_EXIT(zfsvfs);
1914		return (SET_ERROR(EILSEQ));
1915	}
1916	if (flags & FIGNORECASE)
1917		zf |= ZCILOOK;
1918
1919	if (vap->va_mask & AT_XVATTR) {
1920		if ((error = secpolicy_xvattr((xvattr_t *)vap,
1921		    crgetuid(cr), cr, vap->va_type)) != 0) {
1922			ZFS_EXIT(zfsvfs);
1923			return (error);
1924		}
1925	}
1926
1927	if ((error = zfs_acl_ids_create(dzp, 0, vap, cr,
1928	    vsecp, &acl_ids)) != 0) {
1929		ZFS_EXIT(zfsvfs);
1930		return (error);
1931	}
1932	/*
1933	 * First make sure the new directory doesn't exist.
1934	 *
1935	 * Existence is checked first to make sure we don't return
1936	 * EACCES instead of EEXIST which can cause some applications
1937	 * to fail.
1938	 */
1939top:
1940	*vpp = NULL;
1941
1942	if (error = zfs_dirent_lock(&dl, dzp, dirname, &zp, zf,
1943	    NULL, NULL)) {
1944		zfs_acl_ids_free(&acl_ids);
1945		ZFS_EXIT(zfsvfs);
1946		return (error);
1947	}
1948
1949	if (error = zfs_zaccess(dzp, ACE_ADD_SUBDIRECTORY, 0, B_FALSE, cr)) {
1950		zfs_acl_ids_free(&acl_ids);
1951		zfs_dirent_unlock(dl);
1952		ZFS_EXIT(zfsvfs);
1953		return (error);
1954	}
1955
1956	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
1957		zfs_acl_ids_free(&acl_ids);
1958		zfs_dirent_unlock(dl);
1959		ZFS_EXIT(zfsvfs);
1960		return (SET_ERROR(EDQUOT));
1961	}
1962
1963	/*
1964	 * Add a new entry to the directory.
1965	 */
1966	tx = dmu_tx_create(zfsvfs->z_os);
1967	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, dirname);
1968	dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);
1969	fuid_dirtied = zfsvfs->z_fuid_dirty;
1970	if (fuid_dirtied)
1971		zfs_fuid_txhold(zfsvfs, tx);
1972	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
1973		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
1974		    acl_ids.z_aclp->z_acl_bytes);
1975	}
1976
1977	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
1978	    ZFS_SA_BASE_ATTR_SIZE);
1979
1980	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
1981	if (error) {
1982		zfs_dirent_unlock(dl);
1983		if (error == ERESTART) {
1984			waited = B_TRUE;
1985			dmu_tx_wait(tx);
1986			dmu_tx_abort(tx);
1987			goto top;
1988		}
1989		zfs_acl_ids_free(&acl_ids);
1990		dmu_tx_abort(tx);
1991		ZFS_EXIT(zfsvfs);
1992		return (error);
1993	}
1994
1995	/*
1996	 * Create new node.
1997	 */
1998	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
1999
2000	if (fuid_dirtied)
2001		zfs_fuid_sync(zfsvfs, tx);
2002
2003	/*
2004	 * Now put new name in parent dir.
2005	 */
2006	(void) zfs_link_create(dl, zp, tx, ZNEW);
2007
2008	*vpp = ZTOV(zp);
2009
2010	txtype = zfs_log_create_txtype(Z_DIR, vsecp, vap);
2011	if (flags & FIGNORECASE)
2012		txtype |= TX_CI;
2013	zfs_log_create(zilog, tx, txtype, dzp, zp, dirname, vsecp,
2014	    acl_ids.z_fuidp, vap);
2015
2016	zfs_acl_ids_free(&acl_ids);
2017
2018	dmu_tx_commit(tx);
2019
2020	zfs_dirent_unlock(dl);
2021
2022	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
2023		zil_commit(zilog, 0);
2024
2025	ZFS_EXIT(zfsvfs);
2026	return (0);
2027}
2028
2029/*
2030 * Remove a directory subdir entry.  If the current working
2031 * directory is the same as the subdir to be removed, the
2032 * remove will fail.
2033 *
2034 *	IN:	dvp	- vnode of directory to remove from.
2035 *		name	- name of directory to be removed.
2036 *		cwd	- vnode of current working directory.
2037 *		cr	- credentials of caller.
2038 *		ct	- caller context
2039 *		flags	- case flags
2040 *
2041 *	RETURN:	0 on success, error code on failure.
2042 *
2043 * Timestamps:
2044 *	dvp - ctime|mtime updated
2045 */
2046/*ARGSUSED*/
2047static int
2048zfs_rmdir(vnode_t *dvp, char *name, vnode_t *cwd, cred_t *cr,
2049    caller_context_t *ct, int flags)
2050{
2051	znode_t		*dzp = VTOZ(dvp);
2052	znode_t		*zp;
2053	vnode_t		*vp;
2054	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
2055	zilog_t		*zilog;
2056	zfs_dirlock_t	*dl;
2057	dmu_tx_t	*tx;
2058	int		error;
2059	int		zflg = ZEXISTS;
2060	boolean_t	waited = B_FALSE;
2061
2062	ZFS_ENTER(zfsvfs);
2063	ZFS_VERIFY_ZP(dzp);
2064	zilog = zfsvfs->z_log;
2065
2066	if (flags & FIGNORECASE)
2067		zflg |= ZCILOOK;
2068top:
2069	zp = NULL;
2070
2071	/*
2072	 * Attempt to lock directory; fail if entry doesn't exist.
2073	 */
2074	if (error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg,
2075	    NULL, NULL)) {
2076		ZFS_EXIT(zfsvfs);
2077		return (error);
2078	}
2079
2080	vp = ZTOV(zp);
2081
2082	if (error = zfs_zaccess_delete(dzp, zp, cr)) {
2083		goto out;
2084	}
2085
2086	if (vp->v_type != VDIR) {
2087		error = SET_ERROR(ENOTDIR);
2088		goto out;
2089	}
2090
2091	if (vp == cwd) {
2092		error = SET_ERROR(EINVAL);
2093		goto out;
2094	}
2095
2096	vnevent_rmdir(vp, dvp, name, ct);
2097
2098	/*
2099	 * Grab a lock on the directory to make sure that noone is
2100	 * trying to add (or lookup) entries while we are removing it.
2101	 */
2102	rw_enter(&zp->z_name_lock, RW_WRITER);
2103
2104	/*
2105	 * Grab a lock on the parent pointer to make sure we play well
2106	 * with the treewalk and directory rename code.
2107	 */
2108	rw_enter(&zp->z_parent_lock, RW_WRITER);
2109
2110	tx = dmu_tx_create(zfsvfs->z_os);
2111	dmu_tx_hold_zap(tx, dzp->z_id, FALSE, name);
2112	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
2113	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
2114	zfs_sa_upgrade_txholds(tx, zp);
2115	zfs_sa_upgrade_txholds(tx, dzp);
2116	dmu_tx_mark_netfree(tx);
2117	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
2118	if (error) {
2119		rw_exit(&zp->z_parent_lock);
2120		rw_exit(&zp->z_name_lock);
2121		zfs_dirent_unlock(dl);
2122		VN_RELE(vp);
2123		if (error == ERESTART) {
2124			waited = B_TRUE;
2125			dmu_tx_wait(tx);
2126			dmu_tx_abort(tx);
2127			goto top;
2128		}
2129		dmu_tx_abort(tx);
2130		ZFS_EXIT(zfsvfs);
2131		return (error);
2132	}
2133
2134	error = zfs_link_destroy(dl, zp, tx, zflg, NULL);
2135
2136	if (error == 0) {
2137		uint64_t txtype = TX_RMDIR;
2138		if (flags & FIGNORECASE)
2139			txtype |= TX_CI;
2140		zfs_log_remove(zilog, tx, txtype, dzp, name, ZFS_NO_OBJECT);
2141	}
2142
2143	dmu_tx_commit(tx);
2144
2145	rw_exit(&zp->z_parent_lock);
2146	rw_exit(&zp->z_name_lock);
2147out:
2148	zfs_dirent_unlock(dl);
2149
2150	VN_RELE(vp);
2151
2152	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
2153		zil_commit(zilog, 0);
2154
2155	ZFS_EXIT(zfsvfs);
2156	return (error);
2157}
2158
2159/*
2160 * Read as many directory entries as will fit into the provided
2161 * buffer from the given directory cursor position (specified in
2162 * the uio structure).
2163 *
2164 *	IN:	vp	- vnode of directory to read.
2165 *		uio	- structure supplying read location, range info,
2166 *			  and return buffer.
2167 *		cr	- credentials of caller.
2168 *		ct	- caller context
2169 *		flags	- case flags
2170 *
2171 *	OUT:	uio	- updated offset and range, buffer filled.
2172 *		eofp	- set to true if end-of-file detected.
2173 *
2174 *	RETURN:	0 on success, error code on failure.
2175 *
2176 * Timestamps:
2177 *	vp - atime updated
2178 *
2179 * Note that the low 4 bits of the cookie returned by zap is always zero.
2180 * This allows us to use the low range for "special" directory entries:
2181 * We use 0 for '.', and 1 for '..'.  If this is the root of the filesystem,
2182 * we use the offset 2 for the '.zfs' directory.
2183 */
2184/* ARGSUSED */
2185static int
2186zfs_readdir(vnode_t *vp, uio_t *uio, cred_t *cr, int *eofp,
2187    caller_context_t *ct, int flags)
2188{
2189	znode_t		*zp = VTOZ(vp);
2190	iovec_t		*iovp;
2191	edirent_t	*eodp;
2192	dirent64_t	*odp;
2193	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2194	objset_t	*os;
2195	caddr_t		outbuf;
2196	size_t		bufsize;
2197	zap_cursor_t	zc;
2198	zap_attribute_t	zap;
2199	uint_t		bytes_wanted;
2200	uint64_t	offset; /* must be unsigned; checks for < 1 */
2201	uint64_t	parent;
2202	int		local_eof;
2203	int		outcount;
2204	int		error;
2205	uint8_t		prefetch;
2206	boolean_t	check_sysattrs;
2207
2208	ZFS_ENTER(zfsvfs);
2209	ZFS_VERIFY_ZP(zp);
2210
2211	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
2212	    &parent, sizeof (parent))) != 0) {
2213		ZFS_EXIT(zfsvfs);
2214		return (error);
2215	}
2216
2217	/*
2218	 * If we are not given an eof variable,
2219	 * use a local one.
2220	 */
2221	if (eofp == NULL)
2222		eofp = &local_eof;
2223
2224	/*
2225	 * Check for valid iov_len.
2226	 */
2227	if (uio->uio_iov->iov_len <= 0) {
2228		ZFS_EXIT(zfsvfs);
2229		return (SET_ERROR(EINVAL));
2230	}
2231
2232	/*
2233	 * Quit if directory has been removed (posix)
2234	 */
2235	if ((*eofp = zp->z_unlinked) != 0) {
2236		ZFS_EXIT(zfsvfs);
2237		return (0);
2238	}
2239
2240	error = 0;
2241	os = zfsvfs->z_os;
2242	offset = uio->uio_loffset;
2243	prefetch = zp->z_zn_prefetch;
2244
2245	/*
2246	 * Initialize the iterator cursor.
2247	 */
2248	if (offset <= 3) {
2249		/*
2250		 * Start iteration from the beginning of the directory.
2251		 */
2252		zap_cursor_init(&zc, os, zp->z_id);
2253	} else {
2254		/*
2255		 * The offset is a serialized cursor.
2256		 */
2257		zap_cursor_init_serialized(&zc, os, zp->z_id, offset);
2258	}
2259
2260	/*
2261	 * Get space to change directory entries into fs independent format.
2262	 */
2263	iovp = uio->uio_iov;
2264	bytes_wanted = iovp->iov_len;
2265	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1) {
2266		bufsize = bytes_wanted;
2267		outbuf = kmem_alloc(bufsize, KM_SLEEP);
2268		odp = (struct dirent64 *)outbuf;
2269	} else {
2270		bufsize = bytes_wanted;
2271		outbuf = NULL;
2272		odp = (struct dirent64 *)iovp->iov_base;
2273	}
2274	eodp = (struct edirent *)odp;
2275
2276	/*
2277	 * If this VFS supports the system attribute view interface; and
2278	 * we're looking at an extended attribute directory; and we care
2279	 * about normalization conflicts on this vfs; then we must check
2280	 * for normalization conflicts with the sysattr name space.
2281	 */
2282	check_sysattrs = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
2283	    (vp->v_flag & V_XATTRDIR) && zfsvfs->z_norm &&
2284	    (flags & V_RDDIR_ENTFLAGS);
2285
2286	/*
2287	 * Transform to file-system independent format
2288	 */
2289	outcount = 0;
2290	while (outcount < bytes_wanted) {
2291		ino64_t objnum;
2292		ushort_t reclen;
2293		off64_t *next = NULL;
2294
2295		/*
2296		 * Special case `.', `..', and `.zfs'.
2297		 */
2298		if (offset == 0) {
2299			(void) strcpy(zap.za_name, ".");
2300			zap.za_normalization_conflict = 0;
2301			objnum = zp->z_id;
2302		} else if (offset == 1) {
2303			(void) strcpy(zap.za_name, "..");
2304			zap.za_normalization_conflict = 0;
2305			objnum = parent;
2306		} else if (offset == 2 && zfs_show_ctldir(zp)) {
2307			(void) strcpy(zap.za_name, ZFS_CTLDIR_NAME);
2308			zap.za_normalization_conflict = 0;
2309			objnum = ZFSCTL_INO_ROOT;
2310		} else {
2311			/*
2312			 * Grab next entry.
2313			 */
2314			if (error = zap_cursor_retrieve(&zc, &zap)) {
2315				if ((*eofp = (error == ENOENT)) != 0)
2316					break;
2317				else
2318					goto update;
2319			}
2320
2321			if (zap.za_integer_length != 8 ||
2322			    zap.za_num_integers != 1) {
2323				cmn_err(CE_WARN, "zap_readdir: bad directory "
2324				    "entry, obj = %lld, offset = %lld\n",
2325				    (u_longlong_t)zp->z_id,
2326				    (u_longlong_t)offset);
2327				error = SET_ERROR(ENXIO);
2328				goto update;
2329			}
2330
2331			objnum = ZFS_DIRENT_OBJ(zap.za_first_integer);
2332			/*
2333			 * MacOS X can extract the object type here such as:
2334			 * uint8_t type = ZFS_DIRENT_TYPE(zap.za_first_integer);
2335			 */
2336
2337			if (check_sysattrs && !zap.za_normalization_conflict) {
2338				zap.za_normalization_conflict =
2339				    xattr_sysattr_casechk(zap.za_name);
2340			}
2341		}
2342
2343		if (flags & V_RDDIR_ACCFILTER) {
2344			/*
2345			 * If we have no access at all, don't include
2346			 * this entry in the returned information
2347			 */
2348			znode_t	*ezp;
2349			if (zfs_zget(zp->z_zfsvfs, objnum, &ezp) != 0)
2350				goto skip_entry;
2351			if (!zfs_has_access(ezp, cr)) {
2352				VN_RELE(ZTOV(ezp));
2353				goto skip_entry;
2354			}
2355			VN_RELE(ZTOV(ezp));
2356		}
2357
2358		if (flags & V_RDDIR_ENTFLAGS)
2359			reclen = EDIRENT_RECLEN(strlen(zap.za_name));
2360		else
2361			reclen = DIRENT64_RECLEN(strlen(zap.za_name));
2362
2363		/*
2364		 * Will this entry fit in the buffer?
2365		 */
2366		if (outcount + reclen > bufsize) {
2367			/*
2368			 * Did we manage to fit anything in the buffer?
2369			 */
2370			if (!outcount) {
2371				error = SET_ERROR(EINVAL);
2372				goto update;
2373			}
2374			break;
2375		}
2376		if (flags & V_RDDIR_ENTFLAGS) {
2377			/*
2378			 * Add extended flag entry:
2379			 */
2380			eodp->ed_ino = objnum;
2381			eodp->ed_reclen = reclen;
2382			/* NOTE: ed_off is the offset for the *next* entry */
2383			next = &(eodp->ed_off);
2384			eodp->ed_eflags = zap.za_normalization_conflict ?
2385			    ED_CASE_CONFLICT : 0;
2386			(void) strncpy(eodp->ed_name, zap.za_name,
2387			    EDIRENT_NAMELEN(reclen));
2388			eodp = (edirent_t *)((intptr_t)eodp + reclen);
2389		} else {
2390			/*
2391			 * Add normal entry:
2392			 */
2393			odp->d_ino = objnum;
2394			odp->d_reclen = reclen;
2395			/* NOTE: d_off is the offset for the *next* entry */
2396			next = &(odp->d_off);
2397			(void) strncpy(odp->d_name, zap.za_name,
2398			    DIRENT64_NAMELEN(reclen));
2399			odp = (dirent64_t *)((intptr_t)odp + reclen);
2400		}
2401		outcount += reclen;
2402
2403		ASSERT(outcount <= bufsize);
2404
2405		/* Prefetch znode */
2406		if (prefetch)
2407			dmu_prefetch(os, objnum, 0, 0, 0,
2408			    ZIO_PRIORITY_SYNC_READ);
2409
2410	skip_entry:
2411		/*
2412		 * Move to the next entry, fill in the previous offset.
2413		 */
2414		if (offset > 2 || (offset == 2 && !zfs_show_ctldir(zp))) {
2415			zap_cursor_advance(&zc);
2416			offset = zap_cursor_serialize(&zc);
2417		} else {
2418			offset += 1;
2419		}
2420		if (next)
2421			*next = offset;
2422	}
2423	zp->z_zn_prefetch = B_FALSE; /* a lookup will re-enable pre-fetching */
2424
2425	if (uio->uio_segflg == UIO_SYSSPACE && uio->uio_iovcnt == 1) {
2426		iovp->iov_base += outcount;
2427		iovp->iov_len -= outcount;
2428		uio->uio_resid -= outcount;
2429	} else if (error = uiomove(outbuf, (long)outcount, UIO_READ, uio)) {
2430		/*
2431		 * Reset the pointer.
2432		 */
2433		offset = uio->uio_loffset;
2434	}
2435
2436update:
2437	zap_cursor_fini(&zc);
2438	if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
2439		kmem_free(outbuf, bufsize);
2440
2441	if (error == ENOENT)
2442		error = 0;
2443
2444	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
2445
2446	uio->uio_loffset = offset;
2447	ZFS_EXIT(zfsvfs);
2448	return (error);
2449}
2450
2451ulong_t zfs_fsync_sync_cnt = 4;
2452
2453static int
2454zfs_fsync(vnode_t *vp, int syncflag, cred_t *cr, caller_context_t *ct)
2455{
2456	znode_t	*zp = VTOZ(vp);
2457	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2458
2459	/*
2460	 * Regardless of whether this is required for standards conformance,
2461	 * this is the logical behavior when fsync() is called on a file with
2462	 * dirty pages.  We use B_ASYNC since the ZIL transactions are already
2463	 * going to be pushed out as part of the zil_commit().
2464	 */
2465	if (vn_has_cached_data(vp) && !(syncflag & FNODSYNC) &&
2466	    (vp->v_type == VREG) && !(IS_SWAPVP(vp)))
2467		(void) VOP_PUTPAGE(vp, (offset_t)0, (size_t)0, B_ASYNC, cr, ct);
2468
2469	(void) tsd_set(zfs_fsyncer_key, (void *)zfs_fsync_sync_cnt);
2470
2471	if (zfsvfs->z_os->os_sync != ZFS_SYNC_DISABLED) {
2472		ZFS_ENTER(zfsvfs);
2473		ZFS_VERIFY_ZP(zp);
2474		zil_commit(zfsvfs->z_log, zp->z_id);
2475		ZFS_EXIT(zfsvfs);
2476	}
2477	return (0);
2478}
2479
2480
2481/*
2482 * Get the requested file attributes and place them in the provided
2483 * vattr structure.
2484 *
2485 *	IN:	vp	- vnode of file.
2486 *		vap	- va_mask identifies requested attributes.
2487 *			  If AT_XVATTR set, then optional attrs are requested
2488 *		flags	- ATTR_NOACLCHECK (CIFS server context)
2489 *		cr	- credentials of caller.
2490 *		ct	- caller context
2491 *
2492 *	OUT:	vap	- attribute values.
2493 *
2494 *	RETURN:	0 (always succeeds).
2495 */
2496/* ARGSUSED */
2497static int
2498zfs_getattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2499    caller_context_t *ct)
2500{
2501	znode_t *zp = VTOZ(vp);
2502	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
2503	int	error = 0;
2504	uint64_t links;
2505	uint64_t mtime[2], ctime[2];
2506	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2507	xoptattr_t *xoap = NULL;
2508	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2509	sa_bulk_attr_t bulk[2];
2510	int count = 0;
2511
2512	ZFS_ENTER(zfsvfs);
2513	ZFS_VERIFY_ZP(zp);
2514
2515	zfs_fuid_map_ids(zp, cr, &vap->va_uid, &vap->va_gid);
2516
2517	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
2518	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
2519
2520	if ((error = sa_bulk_lookup(zp->z_sa_hdl, bulk, count)) != 0) {
2521		ZFS_EXIT(zfsvfs);
2522		return (error);
2523	}
2524
2525	/*
2526	 * If ACL is trivial don't bother looking for ACE_READ_ATTRIBUTES.
2527	 * Also, if we are the owner don't bother, since owner should
2528	 * always be allowed to read basic attributes of file.
2529	 */
2530	if (!(zp->z_pflags & ZFS_ACL_TRIVIAL) &&
2531	    (vap->va_uid != crgetuid(cr))) {
2532		if (error = zfs_zaccess(zp, ACE_READ_ATTRIBUTES, 0,
2533		    skipaclchk, cr)) {
2534			ZFS_EXIT(zfsvfs);
2535			return (error);
2536		}
2537	}
2538
2539	/*
2540	 * Return all attributes.  It's cheaper to provide the answer
2541	 * than to determine whether we were asked the question.
2542	 */
2543
2544	mutex_enter(&zp->z_lock);
2545	vap->va_type = vp->v_type;
2546	vap->va_mode = zp->z_mode & MODEMASK;
2547	vap->va_fsid = zp->z_zfsvfs->z_vfs->vfs_dev;
2548	vap->va_nodeid = zp->z_id;
2549	if ((vp->v_flag & VROOT) && zfs_show_ctldir(zp))
2550		links = zp->z_links + 1;
2551	else
2552		links = zp->z_links;
2553	vap->va_nlink = MIN(links, UINT32_MAX);	/* nlink_t limit! */
2554	vap->va_size = zp->z_size;
2555	vap->va_rdev = vp->v_rdev;
2556	vap->va_seq = zp->z_seq;
2557
2558	/*
2559	 * Add in any requested optional attributes and the create time.
2560	 * Also set the corresponding bits in the returned attribute bitmap.
2561	 */
2562	if ((xoap = xva_getxoptattr(xvap)) != NULL && zfsvfs->z_use_fuids) {
2563		if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE)) {
2564			xoap->xoa_archive =
2565			    ((zp->z_pflags & ZFS_ARCHIVE) != 0);
2566			XVA_SET_RTN(xvap, XAT_ARCHIVE);
2567		}
2568
2569		if (XVA_ISSET_REQ(xvap, XAT_READONLY)) {
2570			xoap->xoa_readonly =
2571			    ((zp->z_pflags & ZFS_READONLY) != 0);
2572			XVA_SET_RTN(xvap, XAT_READONLY);
2573		}
2574
2575		if (XVA_ISSET_REQ(xvap, XAT_SYSTEM)) {
2576			xoap->xoa_system =
2577			    ((zp->z_pflags & ZFS_SYSTEM) != 0);
2578			XVA_SET_RTN(xvap, XAT_SYSTEM);
2579		}
2580
2581		if (XVA_ISSET_REQ(xvap, XAT_HIDDEN)) {
2582			xoap->xoa_hidden =
2583			    ((zp->z_pflags & ZFS_HIDDEN) != 0);
2584			XVA_SET_RTN(xvap, XAT_HIDDEN);
2585		}
2586
2587		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2588			xoap->xoa_nounlink =
2589			    ((zp->z_pflags & ZFS_NOUNLINK) != 0);
2590			XVA_SET_RTN(xvap, XAT_NOUNLINK);
2591		}
2592
2593		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2594			xoap->xoa_immutable =
2595			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0);
2596			XVA_SET_RTN(xvap, XAT_IMMUTABLE);
2597		}
2598
2599		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2600			xoap->xoa_appendonly =
2601			    ((zp->z_pflags & ZFS_APPENDONLY) != 0);
2602			XVA_SET_RTN(xvap, XAT_APPENDONLY);
2603		}
2604
2605		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2606			xoap->xoa_nodump =
2607			    ((zp->z_pflags & ZFS_NODUMP) != 0);
2608			XVA_SET_RTN(xvap, XAT_NODUMP);
2609		}
2610
2611		if (XVA_ISSET_REQ(xvap, XAT_OPAQUE)) {
2612			xoap->xoa_opaque =
2613			    ((zp->z_pflags & ZFS_OPAQUE) != 0);
2614			XVA_SET_RTN(xvap, XAT_OPAQUE);
2615		}
2616
2617		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2618			xoap->xoa_av_quarantined =
2619			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0);
2620			XVA_SET_RTN(xvap, XAT_AV_QUARANTINED);
2621		}
2622
2623		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2624			xoap->xoa_av_modified =
2625			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0);
2626			XVA_SET_RTN(xvap, XAT_AV_MODIFIED);
2627		}
2628
2629		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) &&
2630		    vp->v_type == VREG) {
2631			zfs_sa_get_scanstamp(zp, xvap);
2632		}
2633
2634		if (XVA_ISSET_REQ(xvap, XAT_CREATETIME)) {
2635			uint64_t times[2];
2636
2637			(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_CRTIME(zfsvfs),
2638			    times, sizeof (times));
2639			ZFS_TIME_DECODE(&xoap->xoa_createtime, times);
2640			XVA_SET_RTN(xvap, XAT_CREATETIME);
2641		}
2642
2643		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2644			xoap->xoa_reparse = ((zp->z_pflags & ZFS_REPARSE) != 0);
2645			XVA_SET_RTN(xvap, XAT_REPARSE);
2646		}
2647		if (XVA_ISSET_REQ(xvap, XAT_GEN)) {
2648			xoap->xoa_generation = zp->z_gen;
2649			XVA_SET_RTN(xvap, XAT_GEN);
2650		}
2651
2652		if (XVA_ISSET_REQ(xvap, XAT_OFFLINE)) {
2653			xoap->xoa_offline =
2654			    ((zp->z_pflags & ZFS_OFFLINE) != 0);
2655			XVA_SET_RTN(xvap, XAT_OFFLINE);
2656		}
2657
2658		if (XVA_ISSET_REQ(xvap, XAT_SPARSE)) {
2659			xoap->xoa_sparse =
2660			    ((zp->z_pflags & ZFS_SPARSE) != 0);
2661			XVA_SET_RTN(xvap, XAT_SPARSE);
2662		}
2663	}
2664
2665	ZFS_TIME_DECODE(&vap->va_atime, zp->z_atime);
2666	ZFS_TIME_DECODE(&vap->va_mtime, mtime);
2667	ZFS_TIME_DECODE(&vap->va_ctime, ctime);
2668
2669	mutex_exit(&zp->z_lock);
2670
2671	sa_object_size(zp->z_sa_hdl, &vap->va_blksize, &vap->va_nblocks);
2672
2673	if (zp->z_blksz == 0) {
2674		/*
2675		 * Block size hasn't been set; suggest maximal I/O transfers.
2676		 */
2677		vap->va_blksize = zfsvfs->z_max_blksz;
2678	}
2679
2680	ZFS_EXIT(zfsvfs);
2681	return (0);
2682}
2683
2684/*
2685 * Set the file attributes to the values contained in the
2686 * vattr structure.
2687 *
2688 *	IN:	vp	- vnode of file to be modified.
2689 *		vap	- new attribute values.
2690 *			  If AT_XVATTR set, then optional attrs are being set
2691 *		flags	- ATTR_UTIME set if non-default time values provided.
2692 *			- ATTR_NOACLCHECK (CIFS context only).
2693 *		cr	- credentials of caller.
2694 *		ct	- caller context
2695 *
2696 *	RETURN:	0 on success, error code on failure.
2697 *
2698 * Timestamps:
2699 *	vp - ctime updated, mtime updated if size changed.
2700 */
2701/* ARGSUSED */
2702static int
2703zfs_setattr(vnode_t *vp, vattr_t *vap, int flags, cred_t *cr,
2704    caller_context_t *ct)
2705{
2706	znode_t		*zp = VTOZ(vp);
2707	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
2708	zilog_t		*zilog;
2709	dmu_tx_t	*tx;
2710	vattr_t		oldva;
2711	xvattr_t	tmpxvattr;
2712	uint_t		mask = vap->va_mask;
2713	uint_t		saved_mask = 0;
2714	int		trim_mask = 0;
2715	uint64_t	new_mode;
2716	uint64_t	new_uid, new_gid;
2717	uint64_t	xattr_obj;
2718	uint64_t	mtime[2], ctime[2];
2719	znode_t		*attrzp;
2720	int		need_policy = FALSE;
2721	int		err, err2;
2722	zfs_fuid_info_t *fuidp = NULL;
2723	xvattr_t *xvap = (xvattr_t *)vap;	/* vap may be an xvattr_t * */
2724	xoptattr_t	*xoap;
2725	zfs_acl_t	*aclp;
2726	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
2727	boolean_t	fuid_dirtied = B_FALSE;
2728	sa_bulk_attr_t	bulk[7], xattr_bulk[7];
2729	int		count = 0, xattr_count = 0;
2730
2731	if (mask == 0)
2732		return (0);
2733
2734	if (mask & AT_NOSET)
2735		return (SET_ERROR(EINVAL));
2736
2737	ZFS_ENTER(zfsvfs);
2738	ZFS_VERIFY_ZP(zp);
2739
2740	zilog = zfsvfs->z_log;
2741
2742	/*
2743	 * Make sure that if we have ephemeral uid/gid or xvattr specified
2744	 * that file system is at proper version level
2745	 */
2746
2747	if (zfsvfs->z_use_fuids == B_FALSE &&
2748	    (((mask & AT_UID) && IS_EPHEMERAL(vap->va_uid)) ||
2749	    ((mask & AT_GID) && IS_EPHEMERAL(vap->va_gid)) ||
2750	    (mask & AT_XVATTR))) {
2751		ZFS_EXIT(zfsvfs);
2752		return (SET_ERROR(EINVAL));
2753	}
2754
2755	if (mask & AT_SIZE && vp->v_type == VDIR) {
2756		ZFS_EXIT(zfsvfs);
2757		return (SET_ERROR(EISDIR));
2758	}
2759
2760	if (mask & AT_SIZE && vp->v_type != VREG && vp->v_type != VFIFO) {
2761		ZFS_EXIT(zfsvfs);
2762		return (SET_ERROR(EINVAL));
2763	}
2764
2765	/*
2766	 * If this is an xvattr_t, then get a pointer to the structure of
2767	 * optional attributes.  If this is NULL, then we have a vattr_t.
2768	 */
2769	xoap = xva_getxoptattr(xvap);
2770
2771	xva_init(&tmpxvattr);
2772
2773	/*
2774	 * Immutable files can only alter immutable bit and atime
2775	 */
2776	if ((zp->z_pflags & ZFS_IMMUTABLE) &&
2777	    ((mask & (AT_SIZE|AT_UID|AT_GID|AT_MTIME|AT_MODE)) ||
2778	    ((mask & AT_XVATTR) && XVA_ISSET_REQ(xvap, XAT_CREATETIME)))) {
2779		ZFS_EXIT(zfsvfs);
2780		return (SET_ERROR(EPERM));
2781	}
2782
2783	if ((mask & AT_SIZE) && (zp->z_pflags & ZFS_READONLY)) {
2784		ZFS_EXIT(zfsvfs);
2785		return (SET_ERROR(EPERM));
2786	}
2787
2788	/*
2789	 * Verify timestamps doesn't overflow 32 bits.
2790	 * ZFS can handle large timestamps, but 32bit syscalls can't
2791	 * handle times greater than 2039.  This check should be removed
2792	 * once large timestamps are fully supported.
2793	 */
2794	if (mask & (AT_ATIME | AT_MTIME)) {
2795		if (((mask & AT_ATIME) && TIMESPEC_OVERFLOW(&vap->va_atime)) ||
2796		    ((mask & AT_MTIME) && TIMESPEC_OVERFLOW(&vap->va_mtime))) {
2797			ZFS_EXIT(zfsvfs);
2798			return (SET_ERROR(EOVERFLOW));
2799		}
2800	}
2801
2802top:
2803	attrzp = NULL;
2804	aclp = NULL;
2805
2806	/* Can this be moved to before the top label? */
2807	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
2808		ZFS_EXIT(zfsvfs);
2809		return (SET_ERROR(EROFS));
2810	}
2811
2812	/*
2813	 * First validate permissions
2814	 */
2815
2816	if (mask & AT_SIZE) {
2817		err = zfs_zaccess(zp, ACE_WRITE_DATA, 0, skipaclchk, cr);
2818		if (err) {
2819			ZFS_EXIT(zfsvfs);
2820			return (err);
2821		}
2822		/*
2823		 * XXX - Note, we are not providing any open
2824		 * mode flags here (like FNDELAY), so we may
2825		 * block if there are locks present... this
2826		 * should be addressed in openat().
2827		 */
2828		/* XXX - would it be OK to generate a log record here? */
2829		err = zfs_freesp(zp, vap->va_size, 0, 0, FALSE);
2830		if (err) {
2831			ZFS_EXIT(zfsvfs);
2832			return (err);
2833		}
2834
2835		if (vap->va_size == 0)
2836			vnevent_truncate(ZTOV(zp), ct);
2837	}
2838
2839	if (mask & (AT_ATIME|AT_MTIME) ||
2840	    ((mask & AT_XVATTR) && (XVA_ISSET_REQ(xvap, XAT_HIDDEN) ||
2841	    XVA_ISSET_REQ(xvap, XAT_READONLY) ||
2842	    XVA_ISSET_REQ(xvap, XAT_ARCHIVE) ||
2843	    XVA_ISSET_REQ(xvap, XAT_OFFLINE) ||
2844	    XVA_ISSET_REQ(xvap, XAT_SPARSE) ||
2845	    XVA_ISSET_REQ(xvap, XAT_CREATETIME) ||
2846	    XVA_ISSET_REQ(xvap, XAT_SYSTEM)))) {
2847		need_policy = zfs_zaccess(zp, ACE_WRITE_ATTRIBUTES, 0,
2848		    skipaclchk, cr);
2849	}
2850
2851	if (mask & (AT_UID|AT_GID)) {
2852		int	idmask = (mask & (AT_UID|AT_GID));
2853		int	take_owner;
2854		int	take_group;
2855
2856		/*
2857		 * NOTE: even if a new mode is being set,
2858		 * we may clear S_ISUID/S_ISGID bits.
2859		 */
2860
2861		if (!(mask & AT_MODE))
2862			vap->va_mode = zp->z_mode;
2863
2864		/*
2865		 * Take ownership or chgrp to group we are a member of
2866		 */
2867
2868		take_owner = (mask & AT_UID) && (vap->va_uid == crgetuid(cr));
2869		take_group = (mask & AT_GID) &&
2870		    zfs_groupmember(zfsvfs, vap->va_gid, cr);
2871
2872		/*
2873		 * If both AT_UID and AT_GID are set then take_owner and
2874		 * take_group must both be set in order to allow taking
2875		 * ownership.
2876		 *
2877		 * Otherwise, send the check through secpolicy_vnode_setattr()
2878		 *
2879		 */
2880
2881		if (((idmask == (AT_UID|AT_GID)) && take_owner && take_group) ||
2882		    ((idmask == AT_UID) && take_owner) ||
2883		    ((idmask == AT_GID) && take_group)) {
2884			if (zfs_zaccess(zp, ACE_WRITE_OWNER, 0,
2885			    skipaclchk, cr) == 0) {
2886				/*
2887				 * Remove setuid/setgid for non-privileged users
2888				 */
2889				secpolicy_setid_clear(vap, cr);
2890				trim_mask = (mask & (AT_UID|AT_GID));
2891			} else {
2892				need_policy =  TRUE;
2893			}
2894		} else {
2895			need_policy =  TRUE;
2896		}
2897	}
2898
2899	mutex_enter(&zp->z_lock);
2900	oldva.va_mode = zp->z_mode;
2901	zfs_fuid_map_ids(zp, cr, &oldva.va_uid, &oldva.va_gid);
2902	if (mask & AT_XVATTR) {
2903		/*
2904		 * Update xvattr mask to include only those attributes
2905		 * that are actually changing.
2906		 *
2907		 * the bits will be restored prior to actually setting
2908		 * the attributes so the caller thinks they were set.
2909		 */
2910		if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
2911			if (xoap->xoa_appendonly !=
2912			    ((zp->z_pflags & ZFS_APPENDONLY) != 0)) {
2913				need_policy = TRUE;
2914			} else {
2915				XVA_CLR_REQ(xvap, XAT_APPENDONLY);
2916				XVA_SET_REQ(&tmpxvattr, XAT_APPENDONLY);
2917			}
2918		}
2919
2920		if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
2921			if (xoap->xoa_nounlink !=
2922			    ((zp->z_pflags & ZFS_NOUNLINK) != 0)) {
2923				need_policy = TRUE;
2924			} else {
2925				XVA_CLR_REQ(xvap, XAT_NOUNLINK);
2926				XVA_SET_REQ(&tmpxvattr, XAT_NOUNLINK);
2927			}
2928		}
2929
2930		if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
2931			if (xoap->xoa_immutable !=
2932			    ((zp->z_pflags & ZFS_IMMUTABLE) != 0)) {
2933				need_policy = TRUE;
2934			} else {
2935				XVA_CLR_REQ(xvap, XAT_IMMUTABLE);
2936				XVA_SET_REQ(&tmpxvattr, XAT_IMMUTABLE);
2937			}
2938		}
2939
2940		if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
2941			if (xoap->xoa_nodump !=
2942			    ((zp->z_pflags & ZFS_NODUMP) != 0)) {
2943				need_policy = TRUE;
2944			} else {
2945				XVA_CLR_REQ(xvap, XAT_NODUMP);
2946				XVA_SET_REQ(&tmpxvattr, XAT_NODUMP);
2947			}
2948		}
2949
2950		if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
2951			if (xoap->xoa_av_modified !=
2952			    ((zp->z_pflags & ZFS_AV_MODIFIED) != 0)) {
2953				need_policy = TRUE;
2954			} else {
2955				XVA_CLR_REQ(xvap, XAT_AV_MODIFIED);
2956				XVA_SET_REQ(&tmpxvattr, XAT_AV_MODIFIED);
2957			}
2958		}
2959
2960		if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
2961			if ((vp->v_type != VREG &&
2962			    xoap->xoa_av_quarantined) ||
2963			    xoap->xoa_av_quarantined !=
2964			    ((zp->z_pflags & ZFS_AV_QUARANTINED) != 0)) {
2965				need_policy = TRUE;
2966			} else {
2967				XVA_CLR_REQ(xvap, XAT_AV_QUARANTINED);
2968				XVA_SET_REQ(&tmpxvattr, XAT_AV_QUARANTINED);
2969			}
2970		}
2971
2972		if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
2973			mutex_exit(&zp->z_lock);
2974			ZFS_EXIT(zfsvfs);
2975			return (SET_ERROR(EPERM));
2976		}
2977
2978		if (need_policy == FALSE &&
2979		    (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP) ||
2980		    XVA_ISSET_REQ(xvap, XAT_OPAQUE))) {
2981			need_policy = TRUE;
2982		}
2983	}
2984
2985	mutex_exit(&zp->z_lock);
2986
2987	if (mask & AT_MODE) {
2988		if (zfs_zaccess(zp, ACE_WRITE_ACL, 0, skipaclchk, cr) == 0) {
2989			err = secpolicy_setid_setsticky_clear(vp, vap,
2990			    &oldva, cr);
2991			if (err) {
2992				ZFS_EXIT(zfsvfs);
2993				return (err);
2994			}
2995			trim_mask |= AT_MODE;
2996		} else {
2997			need_policy = TRUE;
2998		}
2999	}
3000
3001	if (need_policy) {
3002		/*
3003		 * If trim_mask is set then take ownership
3004		 * has been granted or write_acl is present and user
3005		 * has the ability to modify mode.  In that case remove
3006		 * UID|GID and or MODE from mask so that
3007		 * secpolicy_vnode_setattr() doesn't revoke it.
3008		 */
3009
3010		if (trim_mask) {
3011			saved_mask = vap->va_mask;
3012			vap->va_mask &= ~trim_mask;
3013		}
3014		err = secpolicy_vnode_setattr(cr, vp, vap, &oldva, flags,
3015		    (int (*)(void *, int, cred_t *))zfs_zaccess_unix, zp);
3016		if (err) {
3017			ZFS_EXIT(zfsvfs);
3018			return (err);
3019		}
3020
3021		if (trim_mask)
3022			vap->va_mask |= saved_mask;
3023	}
3024
3025	/*
3026	 * secpolicy_vnode_setattr, or take ownership may have
3027	 * changed va_mask
3028	 */
3029	mask = vap->va_mask;
3030
3031	if ((mask & (AT_UID | AT_GID))) {
3032		err = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),
3033		    &xattr_obj, sizeof (xattr_obj));
3034
3035		if (err == 0 && xattr_obj) {
3036			err = zfs_zget(zp->z_zfsvfs, xattr_obj, &attrzp);
3037			if (err)
3038				goto out2;
3039		}
3040		if (mask & AT_UID) {
3041			new_uid = zfs_fuid_create(zfsvfs,
3042			    (uint64_t)vap->va_uid, cr, ZFS_OWNER, &fuidp);
3043			if (new_uid != zp->z_uid &&
3044			    zfs_fuid_overquota(zfsvfs, B_FALSE, new_uid)) {
3045				if (attrzp)
3046					VN_RELE(ZTOV(attrzp));
3047				err = SET_ERROR(EDQUOT);
3048				goto out2;
3049			}
3050		}
3051
3052		if (mask & AT_GID) {
3053			new_gid = zfs_fuid_create(zfsvfs, (uint64_t)vap->va_gid,
3054			    cr, ZFS_GROUP, &fuidp);
3055			if (new_gid != zp->z_gid &&
3056			    zfs_fuid_overquota(zfsvfs, B_TRUE, new_gid)) {
3057				if (attrzp)
3058					VN_RELE(ZTOV(attrzp));
3059				err = SET_ERROR(EDQUOT);
3060				goto out2;
3061			}
3062		}
3063	}
3064	tx = dmu_tx_create(zfsvfs->z_os);
3065
3066	if (mask & AT_MODE) {
3067		uint64_t pmode = zp->z_mode;
3068		uint64_t acl_obj;
3069		new_mode = (pmode & S_IFMT) | (vap->va_mode & ~S_IFMT);
3070
3071		if (zp->z_zfsvfs->z_acl_mode == ZFS_ACL_RESTRICTED &&
3072		    !(zp->z_pflags & ZFS_ACL_TRIVIAL)) {
3073			err = SET_ERROR(EPERM);
3074			goto out;
3075		}
3076
3077		if (err = zfs_acl_chmod_setattr(zp, &aclp, new_mode))
3078			goto out;
3079
3080		mutex_enter(&zp->z_lock);
3081		if (!zp->z_is_sa && ((acl_obj = zfs_external_acl(zp)) != 0)) {
3082			/*
3083			 * Are we upgrading ACL from old V0 format
3084			 * to V1 format?
3085			 */
3086			if (zfsvfs->z_version >= ZPL_VERSION_FUID &&
3087			    zfs_znode_acl_version(zp) ==
3088			    ZFS_ACL_VERSION_INITIAL) {
3089				dmu_tx_hold_free(tx, acl_obj, 0,
3090				    DMU_OBJECT_END);
3091				dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3092				    0, aclp->z_acl_bytes);
3093			} else {
3094				dmu_tx_hold_write(tx, acl_obj, 0,
3095				    aclp->z_acl_bytes);
3096			}
3097		} else if (!zp->z_is_sa && aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3098			dmu_tx_hold_write(tx, DMU_NEW_OBJECT,
3099			    0, aclp->z_acl_bytes);
3100		}
3101		mutex_exit(&zp->z_lock);
3102		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3103	} else {
3104		if ((mask & AT_XVATTR) &&
3105		    XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3106			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);
3107		else
3108			dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
3109	}
3110
3111	if (attrzp) {
3112		dmu_tx_hold_sa(tx, attrzp->z_sa_hdl, B_FALSE);
3113	}
3114
3115	fuid_dirtied = zfsvfs->z_fuid_dirty;
3116	if (fuid_dirtied)
3117		zfs_fuid_txhold(zfsvfs, tx);
3118
3119	zfs_sa_upgrade_txholds(tx, zp);
3120
3121	err = dmu_tx_assign(tx, TXG_WAIT);
3122	if (err)
3123		goto out;
3124
3125	count = 0;
3126	/*
3127	 * Set each attribute requested.
3128	 * We group settings according to the locks they need to acquire.
3129	 *
3130	 * Note: you cannot set ctime directly, although it will be
3131	 * updated as a side-effect of calling this function.
3132	 */
3133
3134
3135	if (mask & (AT_UID|AT_GID|AT_MODE))
3136		mutex_enter(&zp->z_acl_lock);
3137	mutex_enter(&zp->z_lock);
3138
3139	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
3140	    &zp->z_pflags, sizeof (zp->z_pflags));
3141
3142	if (attrzp) {
3143		if (mask & (AT_UID|AT_GID|AT_MODE))
3144			mutex_enter(&attrzp->z_acl_lock);
3145		mutex_enter(&attrzp->z_lock);
3146		SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3147		    SA_ZPL_FLAGS(zfsvfs), NULL, &attrzp->z_pflags,
3148		    sizeof (attrzp->z_pflags));
3149	}
3150
3151	if (mask & (AT_UID|AT_GID)) {
3152
3153		if (mask & AT_UID) {
3154			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_UID(zfsvfs), NULL,
3155			    &new_uid, sizeof (new_uid));
3156			zp->z_uid = new_uid;
3157			if (attrzp) {
3158				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3159				    SA_ZPL_UID(zfsvfs), NULL, &new_uid,
3160				    sizeof (new_uid));
3161				attrzp->z_uid = new_uid;
3162			}
3163		}
3164
3165		if (mask & AT_GID) {
3166			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_GID(zfsvfs),
3167			    NULL, &new_gid, sizeof (new_gid));
3168			zp->z_gid = new_gid;
3169			if (attrzp) {
3170				SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3171				    SA_ZPL_GID(zfsvfs), NULL, &new_gid,
3172				    sizeof (new_gid));
3173				attrzp->z_gid = new_gid;
3174			}
3175		}
3176		if (!(mask & AT_MODE)) {
3177			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs),
3178			    NULL, &new_mode, sizeof (new_mode));
3179			new_mode = zp->z_mode;
3180		}
3181		err = zfs_acl_chown_setattr(zp);
3182		ASSERT(err == 0);
3183		if (attrzp) {
3184			err = zfs_acl_chown_setattr(attrzp);
3185			ASSERT(err == 0);
3186		}
3187	}
3188
3189	if (mask & AT_MODE) {
3190		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MODE(zfsvfs), NULL,
3191		    &new_mode, sizeof (new_mode));
3192		zp->z_mode = new_mode;
3193		ASSERT3U((uintptr_t)aclp, !=, NULL);
3194		err = zfs_aclset_common(zp, aclp, cr, tx);
3195		ASSERT0(err);
3196		if (zp->z_acl_cached)
3197			zfs_acl_free(zp->z_acl_cached);
3198		zp->z_acl_cached = aclp;
3199		aclp = NULL;
3200	}
3201
3202
3203	if (mask & AT_ATIME) {
3204		ZFS_TIME_ENCODE(&vap->va_atime, zp->z_atime);
3205		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_ATIME(zfsvfs), NULL,
3206		    &zp->z_atime, sizeof (zp->z_atime));
3207	}
3208
3209	if (mask & AT_MTIME) {
3210		ZFS_TIME_ENCODE(&vap->va_mtime, mtime);
3211		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
3212		    mtime, sizeof (mtime));
3213	}
3214
3215	/* XXX - shouldn't this be done *before* the ATIME/MTIME checks? */
3216	if (mask & AT_SIZE && !(mask & AT_MTIME)) {
3217		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs),
3218		    NULL, mtime, sizeof (mtime));
3219		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3220		    &ctime, sizeof (ctime));
3221		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
3222		    B_TRUE);
3223	} else if (mask != 0) {
3224		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
3225		    &ctime, sizeof (ctime));
3226		zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime, ctime,
3227		    B_TRUE);
3228		if (attrzp) {
3229			SA_ADD_BULK_ATTR(xattr_bulk, xattr_count,
3230			    SA_ZPL_CTIME(zfsvfs), NULL,
3231			    &ctime, sizeof (ctime));
3232			zfs_tstamp_update_setup(attrzp, STATE_CHANGED,
3233			    mtime, ctime, B_TRUE);
3234		}
3235	}
3236	/*
3237	 * Do this after setting timestamps to prevent timestamp
3238	 * update from toggling bit
3239	 */
3240
3241	if (xoap && (mask & AT_XVATTR)) {
3242
3243		/*
3244		 * restore trimmed off masks
3245		 * so that return masks can be set for caller.
3246		 */
3247
3248		if (XVA_ISSET_REQ(&tmpxvattr, XAT_APPENDONLY)) {
3249			XVA_SET_REQ(xvap, XAT_APPENDONLY);
3250		}
3251		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NOUNLINK)) {
3252			XVA_SET_REQ(xvap, XAT_NOUNLINK);
3253		}
3254		if (XVA_ISSET_REQ(&tmpxvattr, XAT_IMMUTABLE)) {
3255			XVA_SET_REQ(xvap, XAT_IMMUTABLE);
3256		}
3257		if (XVA_ISSET_REQ(&tmpxvattr, XAT_NODUMP)) {
3258			XVA_SET_REQ(xvap, XAT_NODUMP);
3259		}
3260		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_MODIFIED)) {
3261			XVA_SET_REQ(xvap, XAT_AV_MODIFIED);
3262		}
3263		if (XVA_ISSET_REQ(&tmpxvattr, XAT_AV_QUARANTINED)) {
3264			XVA_SET_REQ(xvap, XAT_AV_QUARANTINED);
3265		}
3266
3267		if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP))
3268			ASSERT(vp->v_type == VREG);
3269
3270		zfs_xvattr_set(zp, xvap, tx);
3271	}
3272
3273	if (fuid_dirtied)
3274		zfs_fuid_sync(zfsvfs, tx);
3275
3276	if (mask != 0)
3277		zfs_log_setattr(zilog, tx, TX_SETATTR, zp, vap, mask, fuidp);
3278
3279	mutex_exit(&zp->z_lock);
3280	if (mask & (AT_UID|AT_GID|AT_MODE))
3281		mutex_exit(&zp->z_acl_lock);
3282
3283	if (attrzp) {
3284		if (mask & (AT_UID|AT_GID|AT_MODE))
3285			mutex_exit(&attrzp->z_acl_lock);
3286		mutex_exit(&attrzp->z_lock);
3287	}
3288out:
3289	if (err == 0 && attrzp) {
3290		err2 = sa_bulk_update(attrzp->z_sa_hdl, xattr_bulk,
3291		    xattr_count, tx);
3292		ASSERT(err2 == 0);
3293	}
3294
3295	if (attrzp)
3296		VN_RELE(ZTOV(attrzp));
3297
3298	if (aclp)
3299		zfs_acl_free(aclp);
3300
3301	if (fuidp) {
3302		zfs_fuid_info_free(fuidp);
3303		fuidp = NULL;
3304	}
3305
3306	if (err) {
3307		dmu_tx_abort(tx);
3308		if (err == ERESTART)
3309			goto top;
3310	} else {
3311		err2 = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
3312		dmu_tx_commit(tx);
3313	}
3314
3315out2:
3316	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3317		zil_commit(zilog, 0);
3318
3319	ZFS_EXIT(zfsvfs);
3320	return (err);
3321}
3322
3323typedef struct zfs_zlock {
3324	krwlock_t	*zl_rwlock;	/* lock we acquired */
3325	znode_t		*zl_znode;	/* znode we held */
3326	struct zfs_zlock *zl_next;	/* next in list */
3327} zfs_zlock_t;
3328
3329/*
3330 * Drop locks and release vnodes that were held by zfs_rename_lock().
3331 */
3332static void
3333zfs_rename_unlock(zfs_zlock_t **zlpp)
3334{
3335	zfs_zlock_t *zl;
3336
3337	while ((zl = *zlpp) != NULL) {
3338		if (zl->zl_znode != NULL)
3339			VN_RELE(ZTOV(zl->zl_znode));
3340		rw_exit(zl->zl_rwlock);
3341		*zlpp = zl->zl_next;
3342		kmem_free(zl, sizeof (*zl));
3343	}
3344}
3345
3346/*
3347 * Search back through the directory tree, using the ".." entries.
3348 * Lock each directory in the chain to prevent concurrent renames.
3349 * Fail any attempt to move a directory into one of its own descendants.
3350 * XXX - z_parent_lock can overlap with map or grow locks
3351 */
3352static int
3353zfs_rename_lock(znode_t *szp, znode_t *tdzp, znode_t *sdzp, zfs_zlock_t **zlpp)
3354{
3355	zfs_zlock_t	*zl;
3356	znode_t		*zp = tdzp;
3357	uint64_t	rootid = zp->z_zfsvfs->z_root;
3358	uint64_t	oidp = zp->z_id;
3359	krwlock_t	*rwlp = &szp->z_parent_lock;
3360	krw_t		rw = RW_WRITER;
3361
3362	/*
3363	 * First pass write-locks szp and compares to zp->z_id.
3364	 * Later passes read-lock zp and compare to zp->z_parent.
3365	 */
3366	do {
3367		if (!rw_tryenter(rwlp, rw)) {
3368			/*
3369			 * Another thread is renaming in this path.
3370			 * Note that if we are a WRITER, we don't have any
3371			 * parent_locks held yet.
3372			 */
3373			if (rw == RW_READER && zp->z_id > szp->z_id) {
3374				/*
3375				 * Drop our locks and restart
3376				 */
3377				zfs_rename_unlock(&zl);
3378				*zlpp = NULL;
3379				zp = tdzp;
3380				oidp = zp->z_id;
3381				rwlp = &szp->z_parent_lock;
3382				rw = RW_WRITER;
3383				continue;
3384			} else {
3385				/*
3386				 * Wait for other thread to drop its locks
3387				 */
3388				rw_enter(rwlp, rw);
3389			}
3390		}
3391
3392		zl = kmem_alloc(sizeof (*zl), KM_SLEEP);
3393		zl->zl_rwlock = rwlp;
3394		zl->zl_znode = NULL;
3395		zl->zl_next = *zlpp;
3396		*zlpp = zl;
3397
3398		if (oidp == szp->z_id)		/* We're a descendant of szp */
3399			return (SET_ERROR(EINVAL));
3400
3401		if (oidp == rootid)		/* We've hit the top */
3402			return (0);
3403
3404		if (rw == RW_READER) {		/* i.e. not the first pass */
3405			int error = zfs_zget(zp->z_zfsvfs, oidp, &zp);
3406			if (error)
3407				return (error);
3408			zl->zl_znode = zp;
3409		}
3410		(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_PARENT(zp->z_zfsvfs),
3411		    &oidp, sizeof (oidp));
3412		rwlp = &zp->z_parent_lock;
3413		rw = RW_READER;
3414
3415	} while (zp->z_id != sdzp->z_id);
3416
3417	return (0);
3418}
3419
3420/*
3421 * Move an entry from the provided source directory to the target
3422 * directory.  Change the entry name as indicated.
3423 *
3424 *	IN:	sdvp	- Source directory containing the "old entry".
3425 *		snm	- Old entry name.
3426 *		tdvp	- Target directory to contain the "new entry".
3427 *		tnm	- New entry name.
3428 *		cr	- credentials of caller.
3429 *		ct	- caller context
3430 *		flags	- case flags
3431 *
3432 *	RETURN:	0 on success, error code on failure.
3433 *
3434 * Timestamps:
3435 *	sdvp,tdvp - ctime|mtime updated
3436 */
3437/*ARGSUSED*/
3438static int
3439zfs_rename(vnode_t *sdvp, char *snm, vnode_t *tdvp, char *tnm, cred_t *cr,
3440    caller_context_t *ct, int flags)
3441{
3442	znode_t		*tdzp, *szp, *tzp;
3443	znode_t		*sdzp = VTOZ(sdvp);
3444	zfsvfs_t	*zfsvfs = sdzp->z_zfsvfs;
3445	zilog_t		*zilog;
3446	vnode_t		*realvp;
3447	zfs_dirlock_t	*sdl, *tdl;
3448	dmu_tx_t	*tx;
3449	zfs_zlock_t	*zl;
3450	int		cmp, serr, terr;
3451	int		error = 0, rm_err = 0;
3452	int		zflg = 0;
3453	boolean_t	waited = B_FALSE;
3454
3455	ZFS_ENTER(zfsvfs);
3456	ZFS_VERIFY_ZP(sdzp);
3457	zilog = zfsvfs->z_log;
3458
3459	/*
3460	 * Make sure we have the real vp for the target directory.
3461	 */
3462	if (VOP_REALVP(tdvp, &realvp, ct) == 0)
3463		tdvp = realvp;
3464
3465	tdzp = VTOZ(tdvp);
3466	ZFS_VERIFY_ZP(tdzp);
3467
3468	/*
3469	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
3470	 * ctldir appear to have the same v_vfsp.
3471	 */
3472	if (tdzp->z_zfsvfs != zfsvfs || zfsctl_is_node(tdvp)) {
3473		ZFS_EXIT(zfsvfs);
3474		return (SET_ERROR(EXDEV));
3475	}
3476
3477	if (zfsvfs->z_utf8 && u8_validate(tnm,
3478	    strlen(tnm), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3479		ZFS_EXIT(zfsvfs);
3480		return (SET_ERROR(EILSEQ));
3481	}
3482
3483	if (flags & FIGNORECASE)
3484		zflg |= ZCILOOK;
3485
3486top:
3487	szp = NULL;
3488	tzp = NULL;
3489	zl = NULL;
3490
3491	/*
3492	 * This is to prevent the creation of links into attribute space
3493	 * by renaming a linked file into/outof an attribute directory.
3494	 * See the comment in zfs_link() for why this is considered bad.
3495	 */
3496	if ((tdzp->z_pflags & ZFS_XATTR) != (sdzp->z_pflags & ZFS_XATTR)) {
3497		ZFS_EXIT(zfsvfs);
3498		return (SET_ERROR(EINVAL));
3499	}
3500
3501	/*
3502	 * Lock source and target directory entries.  To prevent deadlock,
3503	 * a lock ordering must be defined.  We lock the directory with
3504	 * the smallest object id first, or if it's a tie, the one with
3505	 * the lexically first name.
3506	 */
3507	if (sdzp->z_id < tdzp->z_id) {
3508		cmp = -1;
3509	} else if (sdzp->z_id > tdzp->z_id) {
3510		cmp = 1;
3511	} else {
3512		/*
3513		 * First compare the two name arguments without
3514		 * considering any case folding.
3515		 */
3516		int nofold = (zfsvfs->z_norm & ~U8_TEXTPREP_TOUPPER);
3517
3518		cmp = u8_strcmp(snm, tnm, 0, nofold, U8_UNICODE_LATEST, &error);
3519		ASSERT(error == 0 || !zfsvfs->z_utf8);
3520		if (cmp == 0) {
3521			/*
3522			 * POSIX: "If the old argument and the new argument
3523			 * both refer to links to the same existing file,
3524			 * the rename() function shall return successfully
3525			 * and perform no other action."
3526			 */
3527			ZFS_EXIT(zfsvfs);
3528			return (0);
3529		}
3530		/*
3531		 * If the file system is case-folding, then we may
3532		 * have some more checking to do.  A case-folding file
3533		 * system is either supporting mixed case sensitivity
3534		 * access or is completely case-insensitive.  Note
3535		 * that the file system is always case preserving.
3536		 *
3537		 * In mixed sensitivity mode case sensitive behavior
3538		 * is the default.  FIGNORECASE must be used to
3539		 * explicitly request case insensitive behavior.
3540		 *
3541		 * If the source and target names provided differ only
3542		 * by case (e.g., a request to rename 'tim' to 'Tim'),
3543		 * we will treat this as a special case in the
3544		 * case-insensitive mode: as long as the source name
3545		 * is an exact match, we will allow this to proceed as
3546		 * a name-change request.
3547		 */
3548		if ((zfsvfs->z_case == ZFS_CASE_INSENSITIVE ||
3549		    (zfsvfs->z_case == ZFS_CASE_MIXED &&
3550		    flags & FIGNORECASE)) &&
3551		    u8_strcmp(snm, tnm, 0, zfsvfs->z_norm, U8_UNICODE_LATEST,
3552		    &error) == 0) {
3553			/*
3554			 * case preserving rename request, require exact
3555			 * name matches
3556			 */
3557			zflg |= ZCIEXACT;
3558			zflg &= ~ZCILOOK;
3559		}
3560	}
3561
3562	/*
3563	 * If the source and destination directories are the same, we should
3564	 * grab the z_name_lock of that directory only once.
3565	 */
3566	if (sdzp == tdzp) {
3567		zflg |= ZHAVELOCK;
3568		rw_enter(&sdzp->z_name_lock, RW_READER);
3569	}
3570
3571	if (cmp < 0) {
3572		serr = zfs_dirent_lock(&sdl, sdzp, snm, &szp,
3573		    ZEXISTS | zflg, NULL, NULL);
3574		terr = zfs_dirent_lock(&tdl,
3575		    tdzp, tnm, &tzp, ZRENAMING | zflg, NULL, NULL);
3576	} else {
3577		terr = zfs_dirent_lock(&tdl,
3578		    tdzp, tnm, &tzp, zflg, NULL, NULL);
3579		serr = zfs_dirent_lock(&sdl,
3580		    sdzp, snm, &szp, ZEXISTS | ZRENAMING | zflg,
3581		    NULL, NULL);
3582	}
3583
3584	if (serr) {
3585		/*
3586		 * Source entry invalid or not there.
3587		 */
3588		if (!terr) {
3589			zfs_dirent_unlock(tdl);
3590			if (tzp)
3591				VN_RELE(ZTOV(tzp));
3592		}
3593
3594		if (sdzp == tdzp)
3595			rw_exit(&sdzp->z_name_lock);
3596
3597		if (strcmp(snm, "..") == 0)
3598			serr = SET_ERROR(EINVAL);
3599		ZFS_EXIT(zfsvfs);
3600		return (serr);
3601	}
3602	if (terr) {
3603		zfs_dirent_unlock(sdl);
3604		VN_RELE(ZTOV(szp));
3605
3606		if (sdzp == tdzp)
3607			rw_exit(&sdzp->z_name_lock);
3608
3609		if (strcmp(tnm, "..") == 0)
3610			terr = SET_ERROR(EINVAL);
3611		ZFS_EXIT(zfsvfs);
3612		return (terr);
3613	}
3614
3615	/*
3616	 * Must have write access at the source to remove the old entry
3617	 * and write access at the target to create the new entry.
3618	 * Note that if target and source are the same, this can be
3619	 * done in a single check.
3620	 */
3621
3622	if (error = zfs_zaccess_rename(sdzp, szp, tdzp, tzp, cr))
3623		goto out;
3624
3625	if (ZTOV(szp)->v_type == VDIR) {
3626		/*
3627		 * Check to make sure rename is valid.
3628		 * Can't do a move like this: /usr/a/b to /usr/a/b/c/d
3629		 */
3630		if (error = zfs_rename_lock(szp, tdzp, sdzp, &zl))
3631			goto out;
3632	}
3633
3634	/*
3635	 * Does target exist?
3636	 */
3637	if (tzp) {
3638		/*
3639		 * Source and target must be the same type.
3640		 */
3641		if (ZTOV(szp)->v_type == VDIR) {
3642			if (ZTOV(tzp)->v_type != VDIR) {
3643				error = SET_ERROR(ENOTDIR);
3644				goto out;
3645			}
3646		} else {
3647			if (ZTOV(tzp)->v_type == VDIR) {
3648				error = SET_ERROR(EISDIR);
3649				goto out;
3650			}
3651		}
3652		/*
3653		 * POSIX dictates that when the source and target
3654		 * entries refer to the same file object, rename
3655		 * must do nothing and exit without error.
3656		 */
3657		if (szp->z_id == tzp->z_id) {
3658			error = 0;
3659			goto out;
3660		}
3661	}
3662
3663	vnevent_pre_rename_src(ZTOV(szp), sdvp, snm, ct);
3664	if (tzp)
3665		vnevent_pre_rename_dest(ZTOV(tzp), tdvp, tnm, ct);
3666
3667	/*
3668	 * notify the target directory if it is not the same
3669	 * as source directory.
3670	 */
3671	if (tdvp != sdvp) {
3672		vnevent_pre_rename_dest_dir(tdvp, ZTOV(szp), tnm, ct);
3673	}
3674
3675	tx = dmu_tx_create(zfsvfs->z_os);
3676	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
3677	dmu_tx_hold_sa(tx, sdzp->z_sa_hdl, B_FALSE);
3678	dmu_tx_hold_zap(tx, sdzp->z_id, FALSE, snm);
3679	dmu_tx_hold_zap(tx, tdzp->z_id, TRUE, tnm);
3680	if (sdzp != tdzp) {
3681		dmu_tx_hold_sa(tx, tdzp->z_sa_hdl, B_FALSE);
3682		zfs_sa_upgrade_txholds(tx, tdzp);
3683	}
3684	if (tzp) {
3685		dmu_tx_hold_sa(tx, tzp->z_sa_hdl, B_FALSE);
3686		zfs_sa_upgrade_txholds(tx, tzp);
3687	}
3688
3689	zfs_sa_upgrade_txholds(tx, szp);
3690	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);
3691	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3692	if (error) {
3693		if (zl != NULL)
3694			zfs_rename_unlock(&zl);
3695		zfs_dirent_unlock(sdl);
3696		zfs_dirent_unlock(tdl);
3697
3698		if (sdzp == tdzp)
3699			rw_exit(&sdzp->z_name_lock);
3700
3701		VN_RELE(ZTOV(szp));
3702		if (tzp)
3703			VN_RELE(ZTOV(tzp));
3704		if (error == ERESTART) {
3705			waited = B_TRUE;
3706			dmu_tx_wait(tx);
3707			dmu_tx_abort(tx);
3708			goto top;
3709		}
3710		dmu_tx_abort(tx);
3711		ZFS_EXIT(zfsvfs);
3712		return (error);
3713	}
3714
3715	if (tzp)	/* Attempt to remove the existing target */
3716		error = rm_err = zfs_link_destroy(tdl, tzp, tx, zflg, NULL);
3717
3718	if (error == 0) {
3719		error = zfs_link_create(tdl, szp, tx, ZRENAMING);
3720		if (error == 0) {
3721			szp->z_pflags |= ZFS_AV_MODIFIED;
3722
3723			error = sa_update(szp->z_sa_hdl, SA_ZPL_FLAGS(zfsvfs),
3724			    (void *)&szp->z_pflags, sizeof (uint64_t), tx);
3725			ASSERT0(error);
3726
3727			error = zfs_link_destroy(sdl, szp, tx, ZRENAMING, NULL);
3728			if (error == 0) {
3729				zfs_log_rename(zilog, tx, TX_RENAME |
3730				    (flags & FIGNORECASE ? TX_CI : 0), sdzp,
3731				    sdl->dl_name, tdzp, tdl->dl_name, szp);
3732
3733				/*
3734				 * Update path information for the target vnode
3735				 */
3736				vn_renamepath(tdvp, ZTOV(szp), tnm,
3737				    strlen(tnm));
3738			} else {
3739				/*
3740				 * At this point, we have successfully created
3741				 * the target name, but have failed to remove
3742				 * the source name.  Since the create was done
3743				 * with the ZRENAMING flag, there are
3744				 * complications; for one, the link count is
3745				 * wrong.  The easiest way to deal with this
3746				 * is to remove the newly created target, and
3747				 * return the original error.  This must
3748				 * succeed; fortunately, it is very unlikely to
3749				 * fail, since we just created it.
3750				 */
3751				VERIFY3U(zfs_link_destroy(tdl, szp, tx,
3752				    ZRENAMING, NULL), ==, 0);
3753			}
3754		}
3755	}
3756
3757	dmu_tx_commit(tx);
3758
3759	if (tzp && rm_err == 0)
3760		vnevent_rename_dest(ZTOV(tzp), tdvp, tnm, ct);
3761
3762	if (error == 0) {
3763		vnevent_rename_src(ZTOV(szp), sdvp, snm, ct);
3764		/* notify the target dir if it is not the same as source dir */
3765		if (tdvp != sdvp)
3766			vnevent_rename_dest_dir(tdvp, ct);
3767	}
3768out:
3769	if (zl != NULL)
3770		zfs_rename_unlock(&zl);
3771
3772	zfs_dirent_unlock(sdl);
3773	zfs_dirent_unlock(tdl);
3774
3775	if (sdzp == tdzp)
3776		rw_exit(&sdzp->z_name_lock);
3777
3778
3779	VN_RELE(ZTOV(szp));
3780	if (tzp)
3781		VN_RELE(ZTOV(tzp));
3782
3783	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3784		zil_commit(zilog, 0);
3785
3786	ZFS_EXIT(zfsvfs);
3787	return (error);
3788}
3789
3790/*
3791 * Insert the indicated symbolic reference entry into the directory.
3792 *
3793 *	IN:	dvp	- Directory to contain new symbolic link.
3794 *		link	- Name for new symlink entry.
3795 *		vap	- Attributes of new entry.
3796 *		cr	- credentials of caller.
3797 *		ct	- caller context
3798 *		flags	- case flags
3799 *
3800 *	RETURN:	0 on success, error code on failure.
3801 *
3802 * Timestamps:
3803 *	dvp - ctime|mtime updated
3804 */
3805/*ARGSUSED*/
3806static int
3807zfs_symlink(vnode_t *dvp, char *name, vattr_t *vap, char *link, cred_t *cr,
3808    caller_context_t *ct, int flags)
3809{
3810	znode_t		*zp, *dzp = VTOZ(dvp);
3811	zfs_dirlock_t	*dl;
3812	dmu_tx_t	*tx;
3813	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
3814	zilog_t		*zilog;
3815	uint64_t	len = strlen(link);
3816	int		error;
3817	int		zflg = ZNEW;
3818	zfs_acl_ids_t	acl_ids;
3819	boolean_t	fuid_dirtied;
3820	uint64_t	txtype = TX_SYMLINK;
3821	boolean_t	waited = B_FALSE;
3822
3823	ASSERT(vap->va_type == VLNK);
3824
3825	ZFS_ENTER(zfsvfs);
3826	ZFS_VERIFY_ZP(dzp);
3827	zilog = zfsvfs->z_log;
3828
3829	if (zfsvfs->z_utf8 && u8_validate(name, strlen(name),
3830	    NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
3831		ZFS_EXIT(zfsvfs);
3832		return (SET_ERROR(EILSEQ));
3833	}
3834	if (flags & FIGNORECASE)
3835		zflg |= ZCILOOK;
3836
3837	if (len > MAXPATHLEN) {
3838		ZFS_EXIT(zfsvfs);
3839		return (SET_ERROR(ENAMETOOLONG));
3840	}
3841
3842	if ((error = zfs_acl_ids_create(dzp, 0,
3843	    vap, cr, NULL, &acl_ids)) != 0) {
3844		ZFS_EXIT(zfsvfs);
3845		return (error);
3846	}
3847top:
3848	/*
3849	 * Attempt to lock directory; fail if entry already exists.
3850	 */
3851	error = zfs_dirent_lock(&dl, dzp, name, &zp, zflg, NULL, NULL);
3852	if (error) {
3853		zfs_acl_ids_free(&acl_ids);
3854		ZFS_EXIT(zfsvfs);
3855		return (error);
3856	}
3857
3858	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
3859		zfs_acl_ids_free(&acl_ids);
3860		zfs_dirent_unlock(dl);
3861		ZFS_EXIT(zfsvfs);
3862		return (error);
3863	}
3864
3865	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids)) {
3866		zfs_acl_ids_free(&acl_ids);
3867		zfs_dirent_unlock(dl);
3868		ZFS_EXIT(zfsvfs);
3869		return (SET_ERROR(EDQUOT));
3870	}
3871	tx = dmu_tx_create(zfsvfs->z_os);
3872	fuid_dirtied = zfsvfs->z_fuid_dirty;
3873	dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0, MAX(1, len));
3874	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
3875	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +
3876	    ZFS_SA_BASE_ATTR_SIZE + len);
3877	dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);
3878	if (!zfsvfs->z_use_sa && acl_ids.z_aclp->z_acl_bytes > ZFS_ACE_SPACE) {
3879		dmu_tx_hold_write(tx, DMU_NEW_OBJECT, 0,
3880		    acl_ids.z_aclp->z_acl_bytes);
3881	}
3882	if (fuid_dirtied)
3883		zfs_fuid_txhold(zfsvfs, tx);
3884	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
3885	if (error) {
3886		zfs_dirent_unlock(dl);
3887		if (error == ERESTART) {
3888			waited = B_TRUE;
3889			dmu_tx_wait(tx);
3890			dmu_tx_abort(tx);
3891			goto top;
3892		}
3893		zfs_acl_ids_free(&acl_ids);
3894		dmu_tx_abort(tx);
3895		ZFS_EXIT(zfsvfs);
3896		return (error);
3897	}
3898
3899	/*
3900	 * Create a new object for the symlink.
3901	 * for version 4 ZPL datsets the symlink will be an SA attribute
3902	 */
3903	zfs_mknode(dzp, vap, tx, cr, 0, &zp, &acl_ids);
3904
3905	if (fuid_dirtied)
3906		zfs_fuid_sync(zfsvfs, tx);
3907
3908	mutex_enter(&zp->z_lock);
3909	if (zp->z_is_sa)
3910		error = sa_update(zp->z_sa_hdl, SA_ZPL_SYMLINK(zfsvfs),
3911		    link, len, tx);
3912	else
3913		zfs_sa_symlink(zp, link, len, tx);
3914	mutex_exit(&zp->z_lock);
3915
3916	zp->z_size = len;
3917	(void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
3918	    &zp->z_size, sizeof (zp->z_size), tx);
3919	/*
3920	 * Insert the new object into the directory.
3921	 */
3922	(void) zfs_link_create(dl, zp, tx, ZNEW);
3923
3924	if (flags & FIGNORECASE)
3925		txtype |= TX_CI;
3926	zfs_log_symlink(zilog, tx, txtype, dzp, zp, name, link);
3927
3928	zfs_acl_ids_free(&acl_ids);
3929
3930	dmu_tx_commit(tx);
3931
3932	zfs_dirent_unlock(dl);
3933
3934	VN_RELE(ZTOV(zp));
3935
3936	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
3937		zil_commit(zilog, 0);
3938
3939	ZFS_EXIT(zfsvfs);
3940	return (error);
3941}
3942
3943/*
3944 * Return, in the buffer contained in the provided uio structure,
3945 * the symbolic path referred to by vp.
3946 *
3947 *	IN:	vp	- vnode of symbolic link.
3948 *		uio	- structure to contain the link path.
3949 *		cr	- credentials of caller.
3950 *		ct	- caller context
3951 *
3952 *	OUT:	uio	- structure containing the link path.
3953 *
3954 *	RETURN:	0 on success, error code on failure.
3955 *
3956 * Timestamps:
3957 *	vp - atime updated
3958 */
3959/* ARGSUSED */
3960static int
3961zfs_readlink(vnode_t *vp, uio_t *uio, cred_t *cr, caller_context_t *ct)
3962{
3963	znode_t		*zp = VTOZ(vp);
3964	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
3965	int		error;
3966
3967	ZFS_ENTER(zfsvfs);
3968	ZFS_VERIFY_ZP(zp);
3969
3970	mutex_enter(&zp->z_lock);
3971	if (zp->z_is_sa)
3972		error = sa_lookup_uio(zp->z_sa_hdl,
3973		    SA_ZPL_SYMLINK(zfsvfs), uio);
3974	else
3975		error = zfs_sa_readlink(zp, uio);
3976	mutex_exit(&zp->z_lock);
3977
3978	ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
3979
3980	ZFS_EXIT(zfsvfs);
3981	return (error);
3982}
3983
3984/*
3985 * Insert a new entry into directory tdvp referencing svp.
3986 *
3987 *	IN:	tdvp	- Directory to contain new entry.
3988 *		svp	- vnode of new entry.
3989 *		name	- name of new entry.
3990 *		cr	- credentials of caller.
3991 *		ct	- caller context
3992 *
3993 *	RETURN:	0 on success, error code on failure.
3994 *
3995 * Timestamps:
3996 *	tdvp - ctime|mtime updated
3997 *	 svp - ctime updated
3998 */
3999/* ARGSUSED */
4000static int
4001zfs_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr,
4002    caller_context_t *ct, int flags)
4003{
4004	znode_t		*dzp = VTOZ(tdvp);
4005	znode_t		*tzp, *szp;
4006	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
4007	zilog_t		*zilog;
4008	zfs_dirlock_t	*dl;
4009	dmu_tx_t	*tx;
4010	vnode_t		*realvp;
4011	int		error;
4012	int		zf = ZNEW;
4013	uint64_t	parent;
4014	uid_t		owner;
4015	boolean_t	waited = B_FALSE;
4016
4017	ASSERT(tdvp->v_type == VDIR);
4018
4019	ZFS_ENTER(zfsvfs);
4020	ZFS_VERIFY_ZP(dzp);
4021	zilog = zfsvfs->z_log;
4022
4023	if (VOP_REALVP(svp, &realvp, ct) == 0)
4024		svp = realvp;
4025
4026	/*
4027	 * POSIX dictates that we return EPERM here.
4028	 * Better choices include ENOTSUP or EISDIR.
4029	 */
4030	if (svp->v_type == VDIR) {
4031		ZFS_EXIT(zfsvfs);
4032		return (SET_ERROR(EPERM));
4033	}
4034
4035	szp = VTOZ(svp);
4036	ZFS_VERIFY_ZP(szp);
4037
4038	/*
4039	 * We check z_zfsvfs rather than v_vfsp here, because snapshots and the
4040	 * ctldir appear to have the same v_vfsp.
4041	 */
4042	if (szp->z_zfsvfs != zfsvfs || zfsctl_is_node(svp)) {
4043		ZFS_EXIT(zfsvfs);
4044		return (SET_ERROR(EXDEV));
4045	}
4046
4047	/* Prevent links to .zfs/shares files */
4048
4049	if ((error = sa_lookup(szp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),
4050	    &parent, sizeof (uint64_t))) != 0) {
4051		ZFS_EXIT(zfsvfs);
4052		return (error);
4053	}
4054	if (parent == zfsvfs->z_shares_dir) {
4055		ZFS_EXIT(zfsvfs);
4056		return (SET_ERROR(EPERM));
4057	}
4058
4059	if (zfsvfs->z_utf8 && u8_validate(name,
4060	    strlen(name), NULL, U8_VALIDATE_ENTIRE, &error) < 0) {
4061		ZFS_EXIT(zfsvfs);
4062		return (SET_ERROR(EILSEQ));
4063	}
4064	if (flags & FIGNORECASE)
4065		zf |= ZCILOOK;
4066
4067	/*
4068	 * We do not support links between attributes and non-attributes
4069	 * because of the potential security risk of creating links
4070	 * into "normal" file space in order to circumvent restrictions
4071	 * imposed in attribute space.
4072	 */
4073	if ((szp->z_pflags & ZFS_XATTR) != (dzp->z_pflags & ZFS_XATTR)) {
4074		ZFS_EXIT(zfsvfs);
4075		return (SET_ERROR(EINVAL));
4076	}
4077
4078
4079	owner = zfs_fuid_map_id(zfsvfs, szp->z_uid, cr, ZFS_OWNER);
4080	if (owner != crgetuid(cr) && secpolicy_basic_link(cr) != 0) {
4081		ZFS_EXIT(zfsvfs);
4082		return (SET_ERROR(EPERM));
4083	}
4084
4085	if (error = zfs_zaccess(dzp, ACE_ADD_FILE, 0, B_FALSE, cr)) {
4086		ZFS_EXIT(zfsvfs);
4087		return (error);
4088	}
4089
4090top:
4091	/*
4092	 * Attempt to lock directory; fail if entry already exists.
4093	 */
4094	error = zfs_dirent_lock(&dl, dzp, name, &tzp, zf, NULL, NULL);
4095	if (error) {
4096		ZFS_EXIT(zfsvfs);
4097		return (error);
4098	}
4099
4100	tx = dmu_tx_create(zfsvfs->z_os);
4101	dmu_tx_hold_sa(tx, szp->z_sa_hdl, B_FALSE);
4102	dmu_tx_hold_zap(tx, dzp->z_id, TRUE, name);
4103	zfs_sa_upgrade_txholds(tx, szp);
4104	zfs_sa_upgrade_txholds(tx, dzp);
4105	error = dmu_tx_assign(tx, waited ? TXG_WAITED : TXG_NOWAIT);
4106	if (error) {
4107		zfs_dirent_unlock(dl);
4108		if (error == ERESTART) {
4109			waited = B_TRUE;
4110			dmu_tx_wait(tx);
4111			dmu_tx_abort(tx);
4112			goto top;
4113		}
4114		dmu_tx_abort(tx);
4115		ZFS_EXIT(zfsvfs);
4116		return (error);
4117	}
4118
4119	error = zfs_link_create(dl, szp, tx, 0);
4120
4121	if (error == 0) {
4122		uint64_t txtype = TX_LINK;
4123		if (flags & FIGNORECASE)
4124			txtype |= TX_CI;
4125		zfs_log_link(zilog, tx, txtype, dzp, szp, name);
4126	}
4127
4128	dmu_tx_commit(tx);
4129
4130	zfs_dirent_unlock(dl);
4131
4132	if (error == 0) {
4133		vnevent_link(svp, ct);
4134	}
4135
4136	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4137		zil_commit(zilog, 0);
4138
4139	ZFS_EXIT(zfsvfs);
4140	return (error);
4141}
4142
4143/*
4144 * zfs_null_putapage() is used when the file system has been force
4145 * unmounted. It just drops the pages.
4146 */
4147/* ARGSUSED */
4148static int
4149zfs_null_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4150    size_t *lenp, int flags, cred_t *cr)
4151{
4152	pvn_write_done(pp, B_INVAL|B_FORCE|B_ERROR);
4153	return (0);
4154}
4155
4156/*
4157 * Push a page out to disk, klustering if possible.
4158 *
4159 *	IN:	vp	- file to push page to.
4160 *		pp	- page to push.
4161 *		flags	- additional flags.
4162 *		cr	- credentials of caller.
4163 *
4164 *	OUT:	offp	- start of range pushed.
4165 *		lenp	- len of range pushed.
4166 *
4167 *	RETURN:	0 on success, error code on failure.
4168 *
4169 * NOTE: callers must have locked the page to be pushed.  On
4170 * exit, the page (and all other pages in the kluster) must be
4171 * unlocked.
4172 */
4173/* ARGSUSED */
4174static int
4175zfs_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp,
4176    size_t *lenp, int flags, cred_t *cr)
4177{
4178	znode_t		*zp = VTOZ(vp);
4179	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4180	dmu_tx_t	*tx;
4181	u_offset_t	off, koff;
4182	size_t		len, klen;
4183	int		err;
4184
4185	off = pp->p_offset;
4186	len = PAGESIZE;
4187	/*
4188	 * If our blocksize is bigger than the page size, try to kluster
4189	 * multiple pages so that we write a full block (thus avoiding
4190	 * a read-modify-write).
4191	 */
4192	if (off < zp->z_size && zp->z_blksz > PAGESIZE) {
4193		klen = P2ROUNDUP((ulong_t)zp->z_blksz, PAGESIZE);
4194		koff = ISP2(klen) ? P2ALIGN(off, (u_offset_t)klen) : 0;
4195		ASSERT(koff <= zp->z_size);
4196		if (koff + klen > zp->z_size)
4197			klen = P2ROUNDUP(zp->z_size - koff, (uint64_t)PAGESIZE);
4198		pp = pvn_write_kluster(vp, pp, &off, &len, koff, klen, flags);
4199	}
4200	ASSERT3U(btop(len), ==, btopr(len));
4201
4202	/*
4203	 * Can't push pages past end-of-file.
4204	 */
4205	if (off >= zp->z_size) {
4206		/* ignore all pages */
4207		err = 0;
4208		goto out;
4209	} else if (off + len > zp->z_size) {
4210		int npages = btopr(zp->z_size - off);
4211		page_t *trunc;
4212
4213		page_list_break(&pp, &trunc, npages);
4214		/* ignore pages past end of file */
4215		if (trunc)
4216			pvn_write_done(trunc, flags);
4217		len = zp->z_size - off;
4218	}
4219
4220	if (zfs_owner_overquota(zfsvfs, zp, B_FALSE) ||
4221	    zfs_owner_overquota(zfsvfs, zp, B_TRUE)) {
4222		err = SET_ERROR(EDQUOT);
4223		goto out;
4224	}
4225	tx = dmu_tx_create(zfsvfs->z_os);
4226	dmu_tx_hold_write(tx, zp->z_id, off, len);
4227
4228	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4229	zfs_sa_upgrade_txholds(tx, zp);
4230	err = dmu_tx_assign(tx, TXG_WAIT);
4231	if (err != 0) {
4232		dmu_tx_abort(tx);
4233		goto out;
4234	}
4235
4236	if (zp->z_blksz <= PAGESIZE) {
4237		caddr_t va = zfs_map_page(pp, S_READ);
4238		ASSERT3U(len, <=, PAGESIZE);
4239		dmu_write(zfsvfs->z_os, zp->z_id, off, len, va, tx);
4240		zfs_unmap_page(pp, va);
4241	} else {
4242		err = dmu_write_pages(zfsvfs->z_os, zp->z_id, off, len, pp, tx);
4243	}
4244
4245	if (err == 0) {
4246		uint64_t mtime[2], ctime[2];
4247		sa_bulk_attr_t bulk[3];
4248		int count = 0;
4249
4250		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,
4251		    &mtime, 16);
4252		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,
4253		    &ctime, 16);
4254		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
4255		    &zp->z_pflags, 8);
4256		zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime,
4257		    B_TRUE);
4258		zfs_log_write(zfsvfs->z_log, tx, TX_WRITE, zp, off, len, 0);
4259	}
4260	dmu_tx_commit(tx);
4261
4262out:
4263	pvn_write_done(pp, (err ? B_ERROR : 0) | flags);
4264	if (offp)
4265		*offp = off;
4266	if (lenp)
4267		*lenp = len;
4268
4269	return (err);
4270}
4271
4272/*
4273 * Copy the portion of the file indicated from pages into the file.
4274 * The pages are stored in a page list attached to the files vnode.
4275 *
4276 *	IN:	vp	- vnode of file to push page data to.
4277 *		off	- position in file to put data.
4278 *		len	- amount of data to write.
4279 *		flags	- flags to control the operation.
4280 *		cr	- credentials of caller.
4281 *		ct	- caller context.
4282 *
4283 *	RETURN:	0 on success, error code on failure.
4284 *
4285 * Timestamps:
4286 *	vp - ctime|mtime updated
4287 */
4288/*ARGSUSED*/
4289static int
4290zfs_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr,
4291    caller_context_t *ct)
4292{
4293	znode_t		*zp = VTOZ(vp);
4294	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4295	page_t		*pp;
4296	size_t		io_len;
4297	u_offset_t	io_off;
4298	uint_t		blksz;
4299	rl_t		*rl;
4300	int		error = 0;
4301
4302	ZFS_ENTER(zfsvfs);
4303	ZFS_VERIFY_ZP(zp);
4304
4305	/*
4306	 * There's nothing to do if no data is cached.
4307	 */
4308	if (!vn_has_cached_data(vp)) {
4309		ZFS_EXIT(zfsvfs);
4310		return (0);
4311	}
4312
4313	/*
4314	 * Align this request to the file block size in case we kluster.
4315	 * XXX - this can result in pretty aggresive locking, which can
4316	 * impact simultanious read/write access.  One option might be
4317	 * to break up long requests (len == 0) into block-by-block
4318	 * operations to get narrower locking.
4319	 */
4320	blksz = zp->z_blksz;
4321	if (ISP2(blksz))
4322		io_off = P2ALIGN_TYPED(off, blksz, u_offset_t);
4323	else
4324		io_off = 0;
4325	if (len > 0 && ISP2(blksz))
4326		io_len = P2ROUNDUP_TYPED(len + (off - io_off), blksz, size_t);
4327	else
4328		io_len = 0;
4329
4330	if (io_len == 0) {
4331		/*
4332		 * Search the entire vp list for pages >= io_off.
4333		 */
4334		rl = zfs_range_lock(zp, io_off, UINT64_MAX, RL_WRITER);
4335		error = pvn_vplist_dirty(vp, io_off, zfs_putapage, flags, cr);
4336		goto out;
4337	}
4338	rl = zfs_range_lock(zp, io_off, io_len, RL_WRITER);
4339
4340	if (off > zp->z_size) {
4341		/* past end of file */
4342		zfs_range_unlock(rl);
4343		ZFS_EXIT(zfsvfs);
4344		return (0);
4345	}
4346
4347	len = MIN(io_len, P2ROUNDUP(zp->z_size, PAGESIZE) - io_off);
4348
4349	for (off = io_off; io_off < off + len; io_off += io_len) {
4350		if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
4351			pp = page_lookup(vp, io_off,
4352			    (flags & (B_INVAL | B_FREE)) ? SE_EXCL : SE_SHARED);
4353		} else {
4354			pp = page_lookup_nowait(vp, io_off,
4355			    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
4356		}
4357
4358		if (pp != NULL && pvn_getdirty(pp, flags)) {
4359			int err;
4360
4361			/*
4362			 * Found a dirty page to push
4363			 */
4364			err = zfs_putapage(vp, pp, &io_off, &io_len, flags, cr);
4365			if (err)
4366				error = err;
4367		} else {
4368			io_len = PAGESIZE;
4369		}
4370	}
4371out:
4372	zfs_range_unlock(rl);
4373	if ((flags & B_ASYNC) == 0 || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
4374		zil_commit(zfsvfs->z_log, zp->z_id);
4375	ZFS_EXIT(zfsvfs);
4376	return (error);
4377}
4378
4379/*ARGSUSED*/
4380void
4381zfs_inactive(vnode_t *vp, cred_t *cr, caller_context_t *ct)
4382{
4383	znode_t	*zp = VTOZ(vp);
4384	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4385	int error;
4386
4387	rw_enter(&zfsvfs->z_teardown_inactive_lock, RW_READER);
4388	if (zp->z_sa_hdl == NULL) {
4389		/*
4390		 * The fs has been unmounted, or we did a
4391		 * suspend/resume and this file no longer exists.
4392		 */
4393		if (vn_has_cached_data(vp)) {
4394			(void) pvn_vplist_dirty(vp, 0, zfs_null_putapage,
4395			    B_INVAL, cr);
4396		}
4397
4398		mutex_enter(&zp->z_lock);
4399		mutex_enter(&vp->v_lock);
4400		ASSERT(vp->v_count == 1);
4401		vp->v_count = 0;
4402		mutex_exit(&vp->v_lock);
4403		mutex_exit(&zp->z_lock);
4404		rw_exit(&zfsvfs->z_teardown_inactive_lock);
4405		zfs_znode_free(zp);
4406		return;
4407	}
4408
4409	/*
4410	 * Attempt to push any data in the page cache.  If this fails
4411	 * we will get kicked out later in zfs_zinactive().
4412	 */
4413	if (vn_has_cached_data(vp)) {
4414		(void) pvn_vplist_dirty(vp, 0, zfs_putapage, B_INVAL|B_ASYNC,
4415		    cr);
4416	}
4417
4418	if (zp->z_atime_dirty && zp->z_unlinked == 0) {
4419		dmu_tx_t *tx = dmu_tx_create(zfsvfs->z_os);
4420
4421		dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
4422		zfs_sa_upgrade_txholds(tx, zp);
4423		error = dmu_tx_assign(tx, TXG_WAIT);
4424		if (error) {
4425			dmu_tx_abort(tx);
4426		} else {
4427			mutex_enter(&zp->z_lock);
4428			(void) sa_update(zp->z_sa_hdl, SA_ZPL_ATIME(zfsvfs),
4429			    (void *)&zp->z_atime, sizeof (zp->z_atime), tx);
4430			zp->z_atime_dirty = 0;
4431			mutex_exit(&zp->z_lock);
4432			dmu_tx_commit(tx);
4433		}
4434	}
4435
4436	zfs_zinactive(zp);
4437	rw_exit(&zfsvfs->z_teardown_inactive_lock);
4438}
4439
4440/*
4441 * Bounds-check the seek operation.
4442 *
4443 *	IN:	vp	- vnode seeking within
4444 *		ooff	- old file offset
4445 *		noffp	- pointer to new file offset
4446 *		ct	- caller context
4447 *
4448 *	RETURN:	0 on success, EINVAL if new offset invalid.
4449 */
4450/* ARGSUSED */
4451static int
4452zfs_seek(vnode_t *vp, offset_t ooff, offset_t *noffp,
4453    caller_context_t *ct)
4454{
4455	if (vp->v_type == VDIR)
4456		return (0);
4457	return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
4458}
4459
4460/*
4461 * Pre-filter the generic locking function to trap attempts to place
4462 * a mandatory lock on a memory mapped file.
4463 */
4464static int
4465zfs_frlock(vnode_t *vp, int cmd, flock64_t *bfp, int flag, offset_t offset,
4466    flk_callback_t *flk_cbp, cred_t *cr, caller_context_t *ct)
4467{
4468	znode_t *zp = VTOZ(vp);
4469	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4470
4471	ZFS_ENTER(zfsvfs);
4472	ZFS_VERIFY_ZP(zp);
4473
4474	/*
4475	 * We are following the UFS semantics with respect to mapcnt
4476	 * here: If we see that the file is mapped already, then we will
4477	 * return an error, but we don't worry about races between this
4478	 * function and zfs_map().
4479	 */
4480	if (zp->z_mapcnt > 0 && MANDMODE(zp->z_mode)) {
4481		ZFS_EXIT(zfsvfs);
4482		return (SET_ERROR(EAGAIN));
4483	}
4484	ZFS_EXIT(zfsvfs);
4485	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr, ct));
4486}
4487
4488/*
4489 * If we can't find a page in the cache, we will create a new page
4490 * and fill it with file data.  For efficiency, we may try to fill
4491 * multiple pages at once (klustering) to fill up the supplied page
4492 * list.  Note that the pages to be filled are held with an exclusive
4493 * lock to prevent access by other threads while they are being filled.
4494 */
4495static int
4496zfs_fillpage(vnode_t *vp, u_offset_t off, struct seg *seg,
4497    caddr_t addr, page_t *pl[], size_t plsz, enum seg_rw rw)
4498{
4499	znode_t *zp = VTOZ(vp);
4500	page_t *pp, *cur_pp;
4501	objset_t *os = zp->z_zfsvfs->z_os;
4502	u_offset_t io_off, total;
4503	size_t io_len;
4504	int err;
4505
4506	if (plsz == PAGESIZE || zp->z_blksz <= PAGESIZE) {
4507		/*
4508		 * We only have a single page, don't bother klustering
4509		 */
4510		io_off = off;
4511		io_len = PAGESIZE;
4512		pp = page_create_va(vp, io_off, io_len,
4513		    PG_EXCL | PG_WAIT, seg, addr);
4514	} else {
4515		/*
4516		 * Try to find enough pages to fill the page list
4517		 */
4518		pp = pvn_read_kluster(vp, off, seg, addr, &io_off,
4519		    &io_len, off, plsz, 0);
4520	}
4521	if (pp == NULL) {
4522		/*
4523		 * The page already exists, nothing to do here.
4524		 */
4525		*pl = NULL;
4526		return (0);
4527	}
4528
4529	/*
4530	 * Fill the pages in the kluster.
4531	 */
4532	cur_pp = pp;
4533	for (total = io_off + io_len; io_off < total; io_off += PAGESIZE) {
4534		caddr_t va;
4535
4536		ASSERT3U(io_off, ==, cur_pp->p_offset);
4537		va = zfs_map_page(cur_pp, S_WRITE);
4538		err = dmu_read(os, zp->z_id, io_off, PAGESIZE, va,
4539		    DMU_READ_PREFETCH);
4540		zfs_unmap_page(cur_pp, va);
4541		if (err) {
4542			/* On error, toss the entire kluster */
4543			pvn_read_done(pp, B_ERROR);
4544			/* convert checksum errors into IO errors */
4545			if (err == ECKSUM)
4546				err = SET_ERROR(EIO);
4547			return (err);
4548		}
4549		cur_pp = cur_pp->p_next;
4550	}
4551
4552	/*
4553	 * Fill in the page list array from the kluster starting
4554	 * from the desired offset `off'.
4555	 * NOTE: the page list will always be null terminated.
4556	 */
4557	pvn_plist_init(pp, pl, plsz, off, io_len, rw);
4558	ASSERT(pl == NULL || (*pl)->p_offset == off);
4559
4560	return (0);
4561}
4562
4563/*
4564 * Return pointers to the pages for the file region [off, off + len]
4565 * in the pl array.  If plsz is greater than len, this function may
4566 * also return page pointers from after the specified region
4567 * (i.e. the region [off, off + plsz]).  These additional pages are
4568 * only returned if they are already in the cache, or were created as
4569 * part of a klustered read.
4570 *
4571 *	IN:	vp	- vnode of file to get data from.
4572 *		off	- position in file to get data from.
4573 *		len	- amount of data to retrieve.
4574 *		plsz	- length of provided page list.
4575 *		seg	- segment to obtain pages for.
4576 *		addr	- virtual address of fault.
4577 *		rw	- mode of created pages.
4578 *		cr	- credentials of caller.
4579 *		ct	- caller context.
4580 *
4581 *	OUT:	protp	- protection mode of created pages.
4582 *		pl	- list of pages created.
4583 *
4584 *	RETURN:	0 on success, error code on failure.
4585 *
4586 * Timestamps:
4587 *	vp - atime updated
4588 */
4589/* ARGSUSED */
4590static int
4591zfs_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
4592    page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4593    enum seg_rw rw, cred_t *cr, caller_context_t *ct)
4594{
4595	znode_t		*zp = VTOZ(vp);
4596	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4597	page_t		**pl0 = pl;
4598	int		err = 0;
4599
4600	/* we do our own caching, faultahead is unnecessary */
4601	if (pl == NULL)
4602		return (0);
4603	else if (len > plsz)
4604		len = plsz;
4605	else
4606		len = P2ROUNDUP(len, PAGESIZE);
4607	ASSERT(plsz >= len);
4608
4609	ZFS_ENTER(zfsvfs);
4610	ZFS_VERIFY_ZP(zp);
4611
4612	if (protp)
4613		*protp = PROT_ALL;
4614
4615	/*
4616	 * Loop through the requested range [off, off + len) looking
4617	 * for pages.  If we don't find a page, we will need to create
4618	 * a new page and fill it with data from the file.
4619	 */
4620	while (len > 0) {
4621		if (*pl = page_lookup(vp, off, SE_SHARED))
4622			*(pl+1) = NULL;
4623		else if (err = zfs_fillpage(vp, off, seg, addr, pl, plsz, rw))
4624			goto out;
4625		while (*pl) {
4626			ASSERT3U((*pl)->p_offset, ==, off);
4627			off += PAGESIZE;
4628			addr += PAGESIZE;
4629			if (len > 0) {
4630				ASSERT3U(len, >=, PAGESIZE);
4631				len -= PAGESIZE;
4632			}
4633			ASSERT3U(plsz, >=, PAGESIZE);
4634			plsz -= PAGESIZE;
4635			pl++;
4636		}
4637	}
4638
4639	/*
4640	 * Fill out the page array with any pages already in the cache.
4641	 */
4642	while (plsz > 0 &&
4643	    (*pl++ = page_lookup_nowait(vp, off, SE_SHARED))) {
4644			off += PAGESIZE;
4645			plsz -= PAGESIZE;
4646	}
4647out:
4648	if (err) {
4649		/*
4650		 * Release any pages we have previously locked.
4651		 */
4652		while (pl > pl0)
4653			page_unlock(*--pl);
4654	} else {
4655		ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
4656	}
4657
4658	*pl = NULL;
4659
4660	ZFS_EXIT(zfsvfs);
4661	return (err);
4662}
4663
4664/*
4665 * Request a memory map for a section of a file.  This code interacts
4666 * with common code and the VM system as follows:
4667 *
4668 * - common code calls mmap(), which ends up in smmap_common()
4669 * - this calls VOP_MAP(), which takes you into (say) zfs
4670 * - zfs_map() calls as_map(), passing segvn_create() as the callback
4671 * - segvn_create() creates the new segment and calls VOP_ADDMAP()
4672 * - zfs_addmap() updates z_mapcnt
4673 */
4674/*ARGSUSED*/
4675static int
4676zfs_map(vnode_t *vp, offset_t off, struct as *as, caddr_t *addrp,
4677    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4678    caller_context_t *ct)
4679{
4680	znode_t *zp = VTOZ(vp);
4681	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
4682	segvn_crargs_t	vn_a;
4683	int		error;
4684
4685	ZFS_ENTER(zfsvfs);
4686	ZFS_VERIFY_ZP(zp);
4687
4688	if ((prot & PROT_WRITE) && (zp->z_pflags &
4689	    (ZFS_IMMUTABLE | ZFS_READONLY | ZFS_APPENDONLY))) {
4690		ZFS_EXIT(zfsvfs);
4691		return (SET_ERROR(EPERM));
4692	}
4693
4694	if ((prot & (PROT_READ | PROT_EXEC)) &&
4695	    (zp->z_pflags & ZFS_AV_QUARANTINED)) {
4696		ZFS_EXIT(zfsvfs);
4697		return (SET_ERROR(EACCES));
4698	}
4699
4700	if (vp->v_flag & VNOMAP) {
4701		ZFS_EXIT(zfsvfs);
4702		return (SET_ERROR(ENOSYS));
4703	}
4704
4705	if (off < 0 || len > MAXOFFSET_T - off) {
4706		ZFS_EXIT(zfsvfs);
4707		return (SET_ERROR(ENXIO));
4708	}
4709
4710	if (vp->v_type != VREG) {
4711		ZFS_EXIT(zfsvfs);
4712		return (SET_ERROR(ENODEV));
4713	}
4714
4715	/*
4716	 * If file is locked, disallow mapping.
4717	 */
4718	if (MANDMODE(zp->z_mode) && vn_has_flocks(vp)) {
4719		ZFS_EXIT(zfsvfs);
4720		return (SET_ERROR(EAGAIN));
4721	}
4722
4723	as_rangelock(as);
4724	error = choose_addr(as, addrp, len, off, ADDR_VACALIGN, flags);
4725	if (error != 0) {
4726		as_rangeunlock(as);
4727		ZFS_EXIT(zfsvfs);
4728		return (error);
4729	}
4730
4731	vn_a.vp = vp;
4732	vn_a.offset = (u_offset_t)off;
4733	vn_a.type = flags & MAP_TYPE;
4734	vn_a.prot = prot;
4735	vn_a.maxprot = maxprot;
4736	vn_a.cred = cr;
4737	vn_a.amp = NULL;
4738	vn_a.flags = flags & ~MAP_TYPE;
4739	vn_a.szc = 0;
4740	vn_a.lgrp_mem_policy_flags = 0;
4741
4742	error = as_map(as, *addrp, len, segvn_create, &vn_a);
4743
4744	as_rangeunlock(as);
4745	ZFS_EXIT(zfsvfs);
4746	return (error);
4747}
4748
4749/* ARGSUSED */
4750static int
4751zfs_addmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4752    size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4753    caller_context_t *ct)
4754{
4755	uint64_t pages = btopr(len);
4756
4757	atomic_add_64(&VTOZ(vp)->z_mapcnt, pages);
4758	return (0);
4759}
4760
4761/*
4762 * The reason we push dirty pages as part of zfs_delmap() is so that we get a
4763 * more accurate mtime for the associated file.  Since we don't have a way of
4764 * detecting when the data was actually modified, we have to resort to
4765 * heuristics.  If an explicit msync() is done, then we mark the mtime when the
4766 * last page is pushed.  The problem occurs when the msync() call is omitted,
4767 * which by far the most common case:
4768 *
4769 *	open()
4770 *	mmap()
4771 *	<modify memory>
4772 *	munmap()
4773 *	close()
4774 *	<time lapse>
4775 *	putpage() via fsflush
4776 *
4777 * If we wait until fsflush to come along, we can have a modification time that
4778 * is some arbitrary point in the future.  In order to prevent this in the
4779 * common case, we flush pages whenever a (MAP_SHARED, PROT_WRITE) mapping is
4780 * torn down.
4781 */
4782/* ARGSUSED */
4783static int
4784zfs_delmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4785    size_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cr,
4786    caller_context_t *ct)
4787{
4788	uint64_t pages = btopr(len);
4789
4790	ASSERT3U(VTOZ(vp)->z_mapcnt, >=, pages);
4791	atomic_add_64(&VTOZ(vp)->z_mapcnt, -pages);
4792
4793	if ((flags & MAP_SHARED) && (prot & PROT_WRITE) &&
4794	    vn_has_cached_data(vp))
4795		(void) VOP_PUTPAGE(vp, off, len, B_ASYNC, cr, ct);
4796
4797	return (0);
4798}
4799
4800/*
4801 * Free or allocate space in a file.  Currently, this function only
4802 * supports the `F_FREESP' command.  However, this command is somewhat
4803 * misnamed, as its functionality includes the ability to allocate as
4804 * well as free space.
4805 *
4806 *	IN:	vp	- vnode of file to free data in.
4807 *		cmd	- action to take (only F_FREESP supported).
4808 *		bfp	- section of file to free/alloc.
4809 *		flag	- current file open mode flags.
4810 *		offset	- current file offset.
4811 *		cr	- credentials of caller [UNUSED].
4812 *		ct	- caller context.
4813 *
4814 *	RETURN:	0 on success, error code on failure.
4815 *
4816 * Timestamps:
4817 *	vp - ctime|mtime updated
4818 */
4819/* ARGSUSED */
4820static int
4821zfs_space(vnode_t *vp, int cmd, flock64_t *bfp, int flag,
4822    offset_t offset, cred_t *cr, caller_context_t *ct)
4823{
4824	znode_t		*zp = VTOZ(vp);
4825	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4826	uint64_t	off, len;
4827	int		error;
4828
4829	ZFS_ENTER(zfsvfs);
4830	ZFS_VERIFY_ZP(zp);
4831
4832	if (cmd != F_FREESP) {
4833		ZFS_EXIT(zfsvfs);
4834		return (SET_ERROR(EINVAL));
4835	}
4836
4837	/*
4838	 * In a case vp->v_vfsp != zp->z_zfsvfs->z_vfs (e.g. snapshots) our
4839	 * callers might not be able to detect properly that we are read-only,
4840	 * so check it explicitly here.
4841	 */
4842	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
4843		ZFS_EXIT(zfsvfs);
4844		return (SET_ERROR(EROFS));
4845	}
4846
4847	if (error = convoff(vp, bfp, 0, offset)) {
4848		ZFS_EXIT(zfsvfs);
4849		return (error);
4850	}
4851
4852	if (bfp->l_len < 0) {
4853		ZFS_EXIT(zfsvfs);
4854		return (SET_ERROR(EINVAL));
4855	}
4856
4857	off = bfp->l_start;
4858	len = bfp->l_len; /* 0 means from off to end of file */
4859
4860	error = zfs_freesp(zp, off, len, flag, TRUE);
4861
4862	if (error == 0 && off == 0 && len == 0)
4863		vnevent_truncate(ZTOV(zp), ct);
4864
4865	ZFS_EXIT(zfsvfs);
4866	return (error);
4867}
4868
4869/*ARGSUSED*/
4870static int
4871zfs_fid(vnode_t *vp, fid_t *fidp, caller_context_t *ct)
4872{
4873	znode_t		*zp = VTOZ(vp);
4874	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
4875	uint32_t	gen;
4876	uint64_t	gen64;
4877	uint64_t	object = zp->z_id;
4878	zfid_short_t	*zfid;
4879	int		size, i, error;
4880
4881	ZFS_ENTER(zfsvfs);
4882	ZFS_VERIFY_ZP(zp);
4883
4884	if ((error = sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zfsvfs),
4885	    &gen64, sizeof (uint64_t))) != 0) {
4886		ZFS_EXIT(zfsvfs);
4887		return (error);
4888	}
4889
4890	gen = (uint32_t)gen64;
4891
4892	size = (zfsvfs->z_parent != zfsvfs) ? LONG_FID_LEN : SHORT_FID_LEN;
4893	if (fidp->fid_len < size) {
4894		fidp->fid_len = size;
4895		ZFS_EXIT(zfsvfs);
4896		return (SET_ERROR(ENOSPC));
4897	}
4898
4899	zfid = (zfid_short_t *)fidp;
4900
4901	zfid->zf_len = size;
4902
4903	for (i = 0; i < sizeof (zfid->zf_object); i++)
4904		zfid->zf_object[i] = (uint8_t)(object >> (8 * i));
4905
4906	/* Must have a non-zero generation number to distinguish from .zfs */
4907	if (gen == 0)
4908		gen = 1;
4909	for (i = 0; i < sizeof (zfid->zf_gen); i++)
4910		zfid->zf_gen[i] = (uint8_t)(gen >> (8 * i));
4911
4912	if (size == LONG_FID_LEN) {
4913		uint64_t	objsetid = dmu_objset_id(zfsvfs->z_os);
4914		zfid_long_t	*zlfid;
4915
4916		zlfid = (zfid_long_t *)fidp;
4917
4918		for (i = 0; i < sizeof (zlfid->zf_setid); i++)
4919			zlfid->zf_setid[i] = (uint8_t)(objsetid >> (8 * i));
4920
4921		/* XXX - this should be the generation number for the objset */
4922		for (i = 0; i < sizeof (zlfid->zf_setgen); i++)
4923			zlfid->zf_setgen[i] = 0;
4924	}
4925
4926	ZFS_EXIT(zfsvfs);
4927	return (0);
4928}
4929
4930static int
4931zfs_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr,
4932    caller_context_t *ct)
4933{
4934	znode_t		*zp, *xzp;
4935	zfsvfs_t	*zfsvfs;
4936	zfs_dirlock_t	*dl;
4937	int		error;
4938
4939	switch (cmd) {
4940	case _PC_LINK_MAX:
4941		*valp = ULONG_MAX;
4942		return (0);
4943
4944	case _PC_FILESIZEBITS:
4945		*valp = 64;
4946		return (0);
4947
4948	case _PC_XATTR_EXISTS:
4949		zp = VTOZ(vp);
4950		zfsvfs = zp->z_zfsvfs;
4951		ZFS_ENTER(zfsvfs);
4952		ZFS_VERIFY_ZP(zp);
4953		*valp = 0;
4954		error = zfs_dirent_lock(&dl, zp, "", &xzp,
4955		    ZXATTR | ZEXISTS | ZSHARED, NULL, NULL);
4956		if (error == 0) {
4957			zfs_dirent_unlock(dl);
4958			if (!zfs_dirempty(xzp))
4959				*valp = 1;
4960			VN_RELE(ZTOV(xzp));
4961		} else if (error == ENOENT) {
4962			/*
4963			 * If there aren't extended attributes, it's the
4964			 * same as having zero of them.
4965			 */
4966			error = 0;
4967		}
4968		ZFS_EXIT(zfsvfs);
4969		return (error);
4970
4971	case _PC_SATTR_ENABLED:
4972	case _PC_SATTR_EXISTS:
4973		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
4974		    (vp->v_type == VREG || vp->v_type == VDIR);
4975		return (0);
4976
4977	case _PC_ACCESS_FILTERING:
4978		*valp = vfs_has_feature(vp->v_vfsp, VFSFT_ACCESS_FILTER) &&
4979		    vp->v_type == VDIR;
4980		return (0);
4981
4982	case _PC_ACL_ENABLED:
4983		*valp = _ACL_ACE_ENABLED;
4984		return (0);
4985
4986	case _PC_MIN_HOLE_SIZE:
4987		*valp = (ulong_t)SPA_MINBLOCKSIZE;
4988		return (0);
4989
4990	case _PC_TIMESTAMP_RESOLUTION:
4991		/* nanosecond timestamp resolution */
4992		*valp = 1L;
4993		return (0);
4994
4995	default:
4996		return (fs_pathconf(vp, cmd, valp, cr, ct));
4997	}
4998}
4999
5000/*ARGSUSED*/
5001static int
5002zfs_getsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
5003    caller_context_t *ct)
5004{
5005	znode_t *zp = VTOZ(vp);
5006	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
5007	int error;
5008	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
5009
5010	ZFS_ENTER(zfsvfs);
5011	ZFS_VERIFY_ZP(zp);
5012	error = zfs_getacl(zp, vsecp, skipaclchk, cr);
5013	ZFS_EXIT(zfsvfs);
5014
5015	return (error);
5016}
5017
5018/*ARGSUSED*/
5019static int
5020zfs_setsecattr(vnode_t *vp, vsecattr_t *vsecp, int flag, cred_t *cr,
5021    caller_context_t *ct)
5022{
5023	znode_t *zp = VTOZ(vp);
5024	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
5025	int error;
5026	boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
5027	zilog_t	*zilog = zfsvfs->z_log;
5028
5029	ZFS_ENTER(zfsvfs);
5030	ZFS_VERIFY_ZP(zp);
5031
5032	error = zfs_setacl(zp, vsecp, skipaclchk, cr);
5033
5034	if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
5035		zil_commit(zilog, 0);
5036
5037	ZFS_EXIT(zfsvfs);
5038	return (error);
5039}
5040
5041/*
5042 * The smallest read we may consider to loan out an arcbuf.
5043 * This must be a power of 2.
5044 */
5045int zcr_blksz_min = (1 << 10);	/* 1K */
5046/*
5047 * If set to less than the file block size, allow loaning out of an
5048 * arcbuf for a partial block read.  This must be a power of 2.
5049 */
5050int zcr_blksz_max = (1 << 17);	/* 128K */
5051
5052/*ARGSUSED*/
5053static int
5054zfs_reqzcbuf(vnode_t *vp, enum uio_rw ioflag, xuio_t *xuio, cred_t *cr,
5055    caller_context_t *ct)
5056{
5057	znode_t	*zp = VTOZ(vp);
5058	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
5059	int max_blksz = zfsvfs->z_max_blksz;
5060	uio_t *uio = &xuio->xu_uio;
5061	ssize_t size = uio->uio_resid;
5062	offset_t offset = uio->uio_loffset;
5063	int blksz;
5064	int fullblk, i;
5065	arc_buf_t *abuf;
5066	ssize_t maxsize;
5067	int preamble, postamble;
5068
5069	if (xuio->xu_type != UIOTYPE_ZEROCOPY)
5070		return (SET_ERROR(EINVAL));
5071
5072	ZFS_ENTER(zfsvfs);
5073	ZFS_VERIFY_ZP(zp);
5074	switch (ioflag) {
5075	case UIO_WRITE:
5076		/*
5077		 * Loan out an arc_buf for write if write size is bigger than
5078		 * max_blksz, and the file's block size is also max_blksz.
5079		 */
5080		blksz = max_blksz;
5081		if (size < blksz || zp->z_blksz != blksz) {
5082			ZFS_EXIT(zfsvfs);
5083			return (SET_ERROR(EINVAL));
5084		}
5085		/*
5086		 * Caller requests buffers for write before knowing where the
5087		 * write offset might be (e.g. NFS TCP write).
5088		 */
5089		if (offset == -1) {
5090			preamble = 0;
5091		} else {
5092			preamble = P2PHASE(offset, blksz);
5093			if (preamble) {
5094				preamble = blksz - preamble;
5095				size -= preamble;
5096			}
5097		}
5098
5099		postamble = P2PHASE(size, blksz);
5100		size -= postamble;
5101
5102		fullblk = size / blksz;
5103		(void) dmu_xuio_init(xuio,
5104		    (preamble != 0) + fullblk + (postamble != 0));
5105		DTRACE_PROBE3(zfs_reqzcbuf_align, int, preamble,
5106		    int, postamble, int,
5107		    (preamble != 0) + fullblk + (postamble != 0));
5108
5109		/*
5110		 * Have to fix iov base/len for partial buffers.  They
5111		 * currently represent full arc_buf's.
5112		 */
5113		if (preamble) {
5114			/* data begins in the middle of the arc_buf */
5115			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5116			    blksz);
5117			ASSERT(abuf);
5118			(void) dmu_xuio_add(xuio, abuf,
5119			    blksz - preamble, preamble);
5120		}
5121
5122		for (i = 0; i < fullblk; i++) {
5123			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5124			    blksz);
5125			ASSERT(abuf);
5126			(void) dmu_xuio_add(xuio, abuf, 0, blksz);
5127		}
5128
5129		if (postamble) {
5130			/* data ends in the middle of the arc_buf */
5131			abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
5132			    blksz);
5133			ASSERT(abuf);
5134			(void) dmu_xuio_add(xuio, abuf, 0, postamble);
5135		}
5136		break;
5137	case UIO_READ:
5138		/*
5139		 * Loan out an arc_buf for read if the read size is larger than
5140		 * the current file block size.  Block alignment is not
5141		 * considered.  Partial arc_buf will be loaned out for read.
5142		 */
5143		blksz = zp->z_blksz;
5144		if (blksz < zcr_blksz_min)
5145			blksz = zcr_blksz_min;
5146		if (blksz > zcr_blksz_max)
5147			blksz = zcr_blksz_max;
5148		/* avoid potential complexity of dealing with it */
5149		if (blksz > max_blksz) {
5150			ZFS_EXIT(zfsvfs);
5151			return (SET_ERROR(EINVAL));
5152		}
5153
5154		maxsize = zp->z_size - uio->uio_loffset;
5155		if (size > maxsize)
5156			size = maxsize;
5157
5158		if (size < blksz || vn_has_cached_data(vp)) {
5159			ZFS_EXIT(zfsvfs);
5160			return (SET_ERROR(EINVAL));
5161		}
5162		break;
5163	default:
5164		ZFS_EXIT(zfsvfs);
5165		return (SET_ERROR(EINVAL));
5166	}
5167
5168	uio->uio_extflg = UIO_XUIO;
5169	XUIO_XUZC_RW(xuio) = ioflag;
5170	ZFS_EXIT(zfsvfs);
5171	return (0);
5172}
5173
5174/*ARGSUSED*/
5175static int
5176zfs_retzcbuf(vnode_t *vp, xuio_t *xuio, cred_t *cr, caller_context_t *ct)
5177{
5178	int i;
5179	arc_buf_t *abuf;
5180	int ioflag = XUIO_XUZC_RW(xuio);
5181
5182	ASSERT(xuio->xu_type == UIOTYPE_ZEROCOPY);
5183
5184	i = dmu_xuio_cnt(xuio);
5185	while (i-- > 0) {
5186		abuf = dmu_xuio_arcbuf(xuio, i);
5187		/*
5188		 * if abuf == NULL, it must be a write buffer
5189		 * that has been returned in zfs_write().
5190		 */
5191		if (abuf)
5192			dmu_return_arcbuf(abuf);
5193		ASSERT(abuf || ioflag == UIO_WRITE);
5194	}
5195
5196	dmu_xuio_fini(xuio);
5197	return (0);
5198}
5199
5200/*
5201 * Predeclare these here so that the compiler assumes that
5202 * this is an "old style" function declaration that does
5203 * not include arguments => we won't get type mismatch errors
5204 * in the initializations that follow.
5205 */
5206static int zfs_inval();
5207static int zfs_isdir();
5208
5209static int
5210zfs_inval()
5211{
5212	return (SET_ERROR(EINVAL));
5213}
5214
5215static int
5216zfs_isdir()
5217{
5218	return (SET_ERROR(EISDIR));
5219}
5220/*
5221 * Directory vnode operations template
5222 */
5223vnodeops_t *zfs_dvnodeops;
5224const fs_operation_def_t zfs_dvnodeops_template[] = {
5225	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5226	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5227	VOPNAME_READ,		{ .error = zfs_isdir },
5228	VOPNAME_WRITE,		{ .error = zfs_isdir },
5229	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5230	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5231	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5232	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5233	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5234	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5235	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5236	VOPNAME_LINK,		{ .vop_link = zfs_link },
5237	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5238	VOPNAME_MKDIR,		{ .vop_mkdir = zfs_mkdir },
5239	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5240	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5241	VOPNAME_SYMLINK,	{ .vop_symlink = zfs_symlink },
5242	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5243	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5244	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5245	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5246	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5247	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5248	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5249	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5250	NULL,			NULL
5251};
5252
5253/*
5254 * Regular file vnode operations template
5255 */
5256vnodeops_t *zfs_fvnodeops;
5257const fs_operation_def_t zfs_fvnodeops_template[] = {
5258	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5259	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5260	VOPNAME_READ,		{ .vop_read = zfs_read },
5261	VOPNAME_WRITE,		{ .vop_write = zfs_write },
5262	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5263	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5264	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5265	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5266	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5267	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5268	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5269	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5270	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5271	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5272	VOPNAME_FRLOCK,		{ .vop_frlock = zfs_frlock },
5273	VOPNAME_SPACE,		{ .vop_space = zfs_space },
5274	VOPNAME_GETPAGE,	{ .vop_getpage = zfs_getpage },
5275	VOPNAME_PUTPAGE,	{ .vop_putpage = zfs_putpage },
5276	VOPNAME_MAP,		{ .vop_map = zfs_map },
5277	VOPNAME_ADDMAP,		{ .vop_addmap = zfs_addmap },
5278	VOPNAME_DELMAP,		{ .vop_delmap = zfs_delmap },
5279	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5280	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5281	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5282	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5283	VOPNAME_REQZCBUF,	{ .vop_reqzcbuf = zfs_reqzcbuf },
5284	VOPNAME_RETZCBUF,	{ .vop_retzcbuf = zfs_retzcbuf },
5285	NULL,			NULL
5286};
5287
5288/*
5289 * Symbolic link vnode operations template
5290 */
5291vnodeops_t *zfs_symvnodeops;
5292const fs_operation_def_t zfs_symvnodeops_template[] = {
5293	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5294	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5295	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5296	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5297	VOPNAME_READLINK,	{ .vop_readlink = zfs_readlink },
5298	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5299	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5300	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5301	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5302	NULL,			NULL
5303};
5304
5305/*
5306 * special share hidden files vnode operations template
5307 */
5308vnodeops_t *zfs_sharevnodeops;
5309const fs_operation_def_t zfs_sharevnodeops_template[] = {
5310	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5311	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5312	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5313	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5314	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5315	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5316	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5317	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5318	NULL,			NULL
5319};
5320
5321/*
5322 * Extended attribute directory vnode operations template
5323 *
5324 * This template is identical to the directory vnodes
5325 * operation template except for restricted operations:
5326 *	VOP_MKDIR()
5327 *	VOP_SYMLINK()
5328 *
5329 * Note that there are other restrictions embedded in:
5330 *	zfs_create()	- restrict type to VREG
5331 *	zfs_link()	- no links into/out of attribute space
5332 *	zfs_rename()	- no moves into/out of attribute space
5333 */
5334vnodeops_t *zfs_xdvnodeops;
5335const fs_operation_def_t zfs_xdvnodeops_template[] = {
5336	VOPNAME_OPEN,		{ .vop_open = zfs_open },
5337	VOPNAME_CLOSE,		{ .vop_close = zfs_close },
5338	VOPNAME_IOCTL,		{ .vop_ioctl = zfs_ioctl },
5339	VOPNAME_GETATTR,	{ .vop_getattr = zfs_getattr },
5340	VOPNAME_SETATTR,	{ .vop_setattr = zfs_setattr },
5341	VOPNAME_ACCESS,		{ .vop_access = zfs_access },
5342	VOPNAME_LOOKUP,		{ .vop_lookup = zfs_lookup },
5343	VOPNAME_CREATE,		{ .vop_create = zfs_create },
5344	VOPNAME_REMOVE,		{ .vop_remove = zfs_remove },
5345	VOPNAME_LINK,		{ .vop_link = zfs_link },
5346	VOPNAME_RENAME,		{ .vop_rename = zfs_rename },
5347	VOPNAME_MKDIR,		{ .error = zfs_inval },
5348	VOPNAME_RMDIR,		{ .vop_rmdir = zfs_rmdir },
5349	VOPNAME_READDIR,	{ .vop_readdir = zfs_readdir },
5350	VOPNAME_SYMLINK,	{ .error = zfs_inval },
5351	VOPNAME_FSYNC,		{ .vop_fsync = zfs_fsync },
5352	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5353	VOPNAME_FID,		{ .vop_fid = zfs_fid },
5354	VOPNAME_SEEK,		{ .vop_seek = zfs_seek },
5355	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5356	VOPNAME_GETSECATTR,	{ .vop_getsecattr = zfs_getsecattr },
5357	VOPNAME_SETSECATTR,	{ .vop_setsecattr = zfs_setsecattr },
5358	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
5359	NULL,			NULL
5360};
5361
5362/*
5363 * Error vnode operations template
5364 */
5365vnodeops_t *zfs_evnodeops;
5366const fs_operation_def_t zfs_evnodeops_template[] = {
5367	VOPNAME_INACTIVE,	{ .vop_inactive = zfs_inactive },
5368	VOPNAME_PATHCONF,	{ .vop_pathconf = zfs_pathconf },
5369	NULL,			NULL
5370};
5371