1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26 
  27 /*
  28  * Copyright (c) 2012, Joyent, Inc. All rights reserved.
  29  */
  30 
  31 #include <sys/types.h>
  32 #include <sys/param.h>
  33 #include <sys/t_lock.h>
  34 #include <sys/systm.h>
  35 #include <sys/sysmacros.h>
  36 #include <sys/user.h>
  37 #include <sys/time.h>
  38 #include <sys/vfs.h>
  39 #include <sys/vfs_opreg.h>
  40 #include <sys/vnode.h>
  41 #include <sys/file.h>
  42 #include <sys/fcntl.h>
  43 #include <sys/flock.h>
  44 #include <sys/kmem.h>
  45 #include <sys/uio.h>
  46 #include <sys/errno.h>
  47 #include <sys/stat.h>
  48 #include <sys/cred.h>
  49 #include <sys/dirent.h>
  50 #include <sys/pathname.h>
  51 #include <sys/vmsystm.h>
  52 #include <sys/fs/tmp.h>
  53 #include <sys/fs/tmpnode.h>
  54 #include <sys/mman.h>
  55 #include <vm/hat.h>
  56 #include <vm/seg_vn.h>
  57 #include <vm/seg_map.h>
  58 #include <vm/seg.h>
  59 #include <vm/anon.h>
  60 #include <vm/as.h>
  61 #include <vm/page.h>
  62 #include <vm/pvn.h>
  63 #include <sys/cmn_err.h>
  64 #include <sys/debug.h>
  65 #include <sys/swap.h>
  66 #include <sys/buf.h>
  67 #include <sys/vm.h>
  68 #include <sys/vtrace.h>
  69 #include <sys/policy.h>
  70 #include <fs/fs_subr.h>
  71 
  72 static int      tmp_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
  73         page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
  74 static int      tmp_putapage(struct vnode *, page_t *, u_offset_t *, size_t *,
  75         int, struct cred *);
  76 
  77 /* ARGSUSED1 */
  78 static int
  79 tmp_open(struct vnode **vpp, int flag, struct cred *cred, caller_context_t *ct)
  80 {
  81         /*
  82          * swapon to a tmpfs file is not supported so access
  83          * is denied on open if VISSWAP is set.
  84          */
  85         if ((*vpp)->v_flag & VISSWAP)
  86                 return (EINVAL);
  87         return (0);
  88 }
  89 
  90 /* ARGSUSED1 */
  91 static int
  92 tmp_close(
  93         struct vnode *vp,
  94         int flag,
  95         int count,
  96         offset_t offset,
  97         struct cred *cred,
  98         caller_context_t *ct)
  99 {
 100         cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
 101         cleanshares(vp, ttoproc(curthread)->p_pid);
 102         return (0);
 103 }
 104 
 105 /*
 106  * wrtmp does the real work of write requests for tmpfs.
 107  */
 108 static int
 109 wrtmp(
 110         struct tmount *tm,
 111         struct tmpnode *tp,
 112         struct uio *uio,
 113         struct cred *cr,
 114         struct caller_context *ct)
 115 {
 116         pgcnt_t pageoffset;     /* offset in pages */
 117         ulong_t segmap_offset;  /* pagesize byte offset into segmap */
 118         caddr_t base;           /* base of segmap */
 119         ssize_t bytes;          /* bytes to uiomove */
 120         pfn_t pagenumber;       /* offset in pages into tmp file */
 121         struct vnode *vp;
 122         int error = 0;
 123         int     pagecreate;     /* == 1 if we allocated a page */
 124         int     newpage;
 125         rlim64_t limit = uio->uio_llimit;
 126         long oresid = uio->uio_resid;
 127         timestruc_t now;
 128 
 129         long tn_size_changed = 0;
 130         long old_tn_size;
 131         long new_tn_size;
 132 
 133         vp = TNTOV(tp);
 134         ASSERT(vp->v_type == VREG);
 135 
 136         TRACE_1(TR_FAC_TMPFS, TR_TMPFS_RWTMP_START,
 137             "tmp_wrtmp_start:vp %p", vp);
 138 
 139         ASSERT(RW_WRITE_HELD(&tp->tn_contents));
 140         ASSERT(RW_WRITE_HELD(&tp->tn_rwlock));
 141 
 142         if (MANDLOCK(vp, tp->tn_mode)) {
 143                 rw_exit(&tp->tn_contents);
 144                 /*
 145                  * tmp_getattr ends up being called by chklock
 146                  */
 147                 error = chklock(vp, FWRITE, uio->uio_loffset, uio->uio_resid,
 148                     uio->uio_fmode, ct);
 149                 rw_enter(&tp->tn_contents, RW_WRITER);
 150                 if (error != 0) {
 151                         TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
 152                             "tmp_wrtmp_end:vp %p error %d", vp, error);
 153                         return (error);
 154                 }
 155         }
 156 
 157         if (uio->uio_loffset < 0)
 158                 return (EINVAL);
 159 
 160         if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
 161                 limit = MAXOFFSET_T;
 162 
 163         if (uio->uio_loffset >= limit) {
 164                 proc_t *p = ttoproc(curthread);
 165 
 166                 mutex_enter(&p->p_lock);
 167                 (void) rctl_action(rctlproc_legacy[RLIMIT_FSIZE], p->p_rctls,
 168                     p, RCA_UNSAFE_SIGINFO);
 169                 mutex_exit(&p->p_lock);
 170                 return (EFBIG);
 171         }
 172 
 173         if (uio->uio_loffset >= MAXOFF_T) {
 174                 TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
 175                     "tmp_wrtmp_end:vp %p error %d", vp, EINVAL);
 176                 return (EFBIG);
 177         }
 178 
 179         if (uio->uio_resid == 0) {
 180                 TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
 181                     "tmp_wrtmp_end:vp %p error %d", vp, 0);
 182                 return (0);
 183         }
 184 
 185         if (limit > MAXOFF_T)
 186                 limit = MAXOFF_T;
 187 
 188         do {
 189                 long    offset;
 190                 long    delta;
 191 
 192                 offset = (long)uio->uio_offset;
 193                 pageoffset = offset & PAGEOFFSET;
 194                 /*
 195                  * A maximum of PAGESIZE bytes of data is transferred
 196                  * each pass through this loop
 197                  */
 198                 bytes = MIN(PAGESIZE - pageoffset, uio->uio_resid);
 199 
 200                 if (offset + bytes >= limit) {
 201                         if (offset >= limit) {
 202                                 error = EFBIG;
 203                                 goto out;
 204                         }
 205                         bytes = limit - offset;
 206                 }
 207                 pagenumber = btop(offset);
 208 
 209                 /*
 210                  * delta is the amount of anonymous memory
 211                  * to reserve for the file.
 212                  * We always reserve in pagesize increments so
 213                  * unless we're extending the file into a new page,
 214                  * we don't need to call tmp_resv.
 215                  */
 216                 delta = offset + bytes -
 217                     P2ROUNDUP_TYPED(tp->tn_size, PAGESIZE, u_offset_t);
 218                 if (delta > 0) {
 219                         pagecreate = 1;
 220                         if (tmp_resv(tm, tp, delta, pagecreate)) {
 221                                 /*
 222                                  * Log file system full in the zone that owns
 223                                  * the tmpfs mount, as well as in the global
 224                                  * zone if necessary.
 225                                  */
 226                                 zcmn_err(tm->tm_vfsp->vfs_zone->zone_id,
 227                                     CE_WARN, "%s: File system full, "
 228                                     "swap space limit exceeded",
 229                                     tm->tm_mntpath);
 230 
 231                                 if (tm->tm_vfsp->vfs_zone->zone_id !=
 232                                     GLOBAL_ZONEID) {
 233 
 234                                         vfs_t *vfs = tm->tm_vfsp;
 235 
 236                                         zcmn_err(GLOBAL_ZONEID,
 237                                             CE_WARN, "%s: File system full, "
 238                                             "swap space limit exceeded",
 239                                             vfs->vfs_vnodecovered->v_path);
 240                                 }
 241                                 error = ENOSPC;
 242                                 break;
 243                         }
 244                         tmpnode_growmap(tp, (ulong_t)offset + bytes);
 245                 }
 246                 /* grow the file to the new length */
 247                 if (offset + bytes > tp->tn_size) {
 248                         tn_size_changed = 1;
 249                         old_tn_size = tp->tn_size;
 250                         /*
 251                          * Postpone updating tp->tn_size until uiomove() is
 252                          * done.
 253                          */
 254                         new_tn_size = offset + bytes;
 255                 }
 256                 if (bytes == PAGESIZE) {
 257                         /*
 258                          * Writing whole page so reading from disk
 259                          * is a waste
 260                          */
 261                         pagecreate = 1;
 262                 } else {
 263                         pagecreate = 0;
 264                 }
 265                 /*
 266                  * If writing past EOF or filling in a hole
 267                  * we need to allocate an anon slot.
 268                  */
 269                 if (anon_get_ptr(tp->tn_anon, pagenumber) == NULL) {
 270                         (void) anon_set_ptr(tp->tn_anon, pagenumber,
 271                             anon_alloc(vp, ptob(pagenumber)), ANON_SLEEP);
 272                         pagecreate = 1;
 273                         tp->tn_nblocks++;
 274                 }
 275 
 276                 /*
 277                  * We have to drop the contents lock to allow the VM
 278                  * system to reacquire it in tmp_getpage()
 279                  */
 280                 rw_exit(&tp->tn_contents);
 281 
 282                 /*
 283                  * Touch the page and fault it in if it is not in core
 284                  * before segmap_getmapflt or vpm_data_copy can lock it.
 285                  * This is to avoid the deadlock if the buffer is mapped
 286                  * to the same file through mmap which we want to write.
 287                  */
 288                 uio_prefaultpages((long)bytes, uio);
 289 
 290                 newpage = 0;
 291                 if (vpm_enable) {
 292                         /*
 293                          * Copy data. If new pages are created, part of
 294                          * the page that is not written will be initizliazed
 295                          * with zeros.
 296                          */
 297                         error = vpm_data_copy(vp, offset, bytes, uio,
 298                             !pagecreate, &newpage, 1, S_WRITE);
 299                 } else {
 300                         /* Get offset within the segmap mapping */
 301                         segmap_offset = (offset & PAGEMASK) & MAXBOFFSET;
 302                         base = segmap_getmapflt(segkmap, vp,
 303                             (offset &  MAXBMASK), PAGESIZE, !pagecreate,
 304                             S_WRITE);
 305                 }
 306 
 307 
 308                 if (!vpm_enable && pagecreate) {
 309                         /*
 310                          * segmap_pagecreate() returns 1 if it calls
 311                          * page_create_va() to allocate any pages.
 312                          */
 313                         newpage = segmap_pagecreate(segkmap,
 314                             base + segmap_offset, (size_t)PAGESIZE, 0);
 315                         /*
 316                          * Clear from the beginning of the page to the starting
 317                          * offset of the data.
 318                          */
 319                         if (pageoffset != 0)
 320                                 (void) kzero(base + segmap_offset,
 321                                     (size_t)pageoffset);
 322                 }
 323 
 324                 if (!vpm_enable) {
 325                         error = uiomove(base + segmap_offset + pageoffset,
 326                             (long)bytes, UIO_WRITE, uio);
 327                 }
 328 
 329                 if (!vpm_enable && pagecreate &&
 330                     uio->uio_offset < P2ROUNDUP(offset + bytes, PAGESIZE)) {
 331                         long    zoffset; /* zero from offset into page */
 332                         /*
 333                          * We created pages w/o initializing them completely,
 334                          * thus we need to zero the part that wasn't set up.
 335                          * This happens on most EOF write cases and if
 336                          * we had some sort of error during the uiomove.
 337                          */
 338                         long nmoved;
 339 
 340                         nmoved = uio->uio_offset - offset;
 341                         ASSERT((nmoved + pageoffset) <= PAGESIZE);
 342 
 343                         /*
 344                          * Zero from the end of data in the page to the
 345                          * end of the page.
 346                          */
 347                         if ((zoffset = pageoffset + nmoved) < PAGESIZE)
 348                                 (void) kzero(base + segmap_offset + zoffset,
 349                                     (size_t)PAGESIZE - zoffset);
 350                 }
 351 
 352                 /*
 353                  * Unlock the pages which have been allocated by
 354                  * page_create_va() in segmap_pagecreate()
 355                  */
 356                 if (!vpm_enable && newpage) {
 357                         segmap_pageunlock(segkmap, base + segmap_offset,
 358                             (size_t)PAGESIZE, S_WRITE);
 359                 }
 360 
 361                 if (error) {
 362                         /*
 363                          * If we failed on a write, we must
 364                          * be sure to invalidate any pages that may have
 365                          * been allocated.
 366                          */
 367                         if (vpm_enable) {
 368                                 (void) vpm_sync_pages(vp, offset, PAGESIZE,
 369                                     SM_INVAL);
 370                         } else {
 371                                 (void) segmap_release(segkmap, base, SM_INVAL);
 372                         }
 373                 } else {
 374                         if (vpm_enable) {
 375                                 error = vpm_sync_pages(vp, offset, PAGESIZE,
 376                                     0);
 377                         } else {
 378                                 error = segmap_release(segkmap, base, 0);
 379                         }
 380                 }
 381 
 382                 /*
 383                  * Re-acquire contents lock.
 384                  */
 385                 rw_enter(&tp->tn_contents, RW_WRITER);
 386 
 387                 /*
 388                  * Update tn_size.
 389                  */
 390                 if (tn_size_changed)
 391                         tp->tn_size = new_tn_size;
 392 
 393                 /*
 394                  * If the uiomove failed, fix up tn_size.
 395                  */
 396                 if (error) {
 397                         if (tn_size_changed) {
 398                                 /*
 399                                  * The uiomove failed, and we
 400                                  * allocated blocks,so get rid
 401                                  * of them.
 402                                  */
 403                                 (void) tmpnode_trunc(tm, tp,
 404                                     (ulong_t)old_tn_size);
 405                         }
 406                 } else {
 407                         /*
 408                          * XXX - Can this be out of the loop?
 409                          */
 410                         if ((tp->tn_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) &&
 411                             (tp->tn_mode & (S_ISUID | S_ISGID)) &&
 412                             secpolicy_vnode_setid_retain(cr,
 413                             (tp->tn_mode & S_ISUID) != 0 && tp->tn_uid == 0)) {
 414                                 /*
 415                                  * Clear Set-UID & Set-GID bits on
 416                                  * successful write if not privileged
 417                                  * and at least one of the execute bits
 418                                  * is set.  If we always clear Set-GID,
 419                                  * mandatory file and record locking is
 420                                  * unuseable.
 421                                  */
 422                                 tp->tn_mode &= ~(S_ISUID | S_ISGID);
 423                         }
 424                         gethrestime(&now);
 425                         tp->tn_mtime = now;
 426                         tp->tn_ctime = now;
 427                 }
 428         } while (error == 0 && uio->uio_resid > 0 && bytes != 0);
 429 
 430 out:
 431         /*
 432          * If we've already done a partial-write, terminate
 433          * the write but return no error.
 434          */
 435         if (oresid != uio->uio_resid)
 436                 error = 0;
 437         TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
 438             "tmp_wrtmp_end:vp %p error %d", vp, error);
 439         return (error);
 440 }
 441 
 442 /*
 443  * rdtmp does the real work of read requests for tmpfs.
 444  */
 445 static int
 446 rdtmp(
 447         struct tmount *tm,
 448         struct tmpnode *tp,
 449         struct uio *uio,
 450         struct caller_context *ct)
 451 {
 452         ulong_t pageoffset;     /* offset in tmpfs file (uio_offset) */
 453         ulong_t segmap_offset;  /* pagesize byte offset into segmap */
 454         caddr_t base;           /* base of segmap */
 455         ssize_t bytes;          /* bytes to uiomove */
 456         struct vnode *vp;
 457         int error;
 458         long oresid = uio->uio_resid;
 459 
 460 #if defined(lint)
 461         tm = tm;
 462 #endif
 463         vp = TNTOV(tp);
 464 
 465         TRACE_1(TR_FAC_TMPFS, TR_TMPFS_RWTMP_START, "tmp_rdtmp_start:vp %p",
 466             vp);
 467 
 468         ASSERT(RW_LOCK_HELD(&tp->tn_contents));
 469 
 470         if (MANDLOCK(vp, tp->tn_mode)) {
 471                 rw_exit(&tp->tn_contents);
 472                 /*
 473                  * tmp_getattr ends up being called by chklock
 474                  */
 475                 error = chklock(vp, FREAD, uio->uio_loffset, uio->uio_resid,
 476                     uio->uio_fmode, ct);
 477                 rw_enter(&tp->tn_contents, RW_READER);
 478                 if (error != 0) {
 479                         TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
 480                             "tmp_rdtmp_end:vp %p error %d", vp, error);
 481                         return (error);
 482                 }
 483         }
 484         ASSERT(tp->tn_type == VREG);
 485 
 486         if (uio->uio_loffset >= MAXOFF_T) {
 487                 TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
 488                     "tmp_rdtmp_end:vp %p error %d", vp, EINVAL);
 489                 return (0);
 490         }
 491         if (uio->uio_loffset < 0)
 492                 return (EINVAL);
 493         if (uio->uio_resid == 0) {
 494                 TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
 495                     "tmp_rdtmp_end:vp %p error %d", vp, 0);
 496                 return (0);
 497         }
 498 
 499         vp = TNTOV(tp);
 500 
 501         do {
 502                 long diff;
 503                 long offset;
 504 
 505                 offset = uio->uio_offset;
 506                 pageoffset = offset & PAGEOFFSET;
 507                 bytes = MIN(PAGESIZE - pageoffset, uio->uio_resid);
 508 
 509                 diff = tp->tn_size - offset;
 510 
 511                 if (diff <= 0) {
 512                         error = 0;
 513                         goto out;
 514                 }
 515                 if (diff < bytes)
 516                         bytes = diff;
 517 
 518                 /*
 519                  * We have to drop the contents lock to allow the VM system
 520                  * to reacquire it in tmp_getpage() should the uiomove cause a
 521                  * pagefault.
 522                  */
 523                 rw_exit(&tp->tn_contents);
 524 
 525                 if (vpm_enable) {
 526                         /*
 527                          * Copy data.
 528                          */
 529                         error = vpm_data_copy(vp, offset, bytes, uio, 1, NULL,
 530                             0, S_READ);
 531                 } else {
 532                         segmap_offset = (offset & PAGEMASK) & MAXBOFFSET;
 533                         base = segmap_getmapflt(segkmap, vp, offset & MAXBMASK,
 534                             bytes, 1, S_READ);
 535 
 536                         error = uiomove(base + segmap_offset + pageoffset,
 537                             (long)bytes, UIO_READ, uio);
 538                 }
 539 
 540                 if (error) {
 541                         if (vpm_enable) {
 542                                 (void) vpm_sync_pages(vp, offset, PAGESIZE, 0);
 543                         } else {
 544                                 (void) segmap_release(segkmap, base, 0);
 545                         }
 546                 } else {
 547                         if (vpm_enable) {
 548                                 error = vpm_sync_pages(vp, offset, PAGESIZE,
 549                                     0);
 550                         } else {
 551                                 error = segmap_release(segkmap, base, 0);
 552                         }
 553                 }
 554 
 555                 /*
 556                  * Re-acquire contents lock.
 557                  */
 558                 rw_enter(&tp->tn_contents, RW_READER);
 559 
 560         } while (error == 0 && uio->uio_resid > 0);
 561 
 562 out:
 563         gethrestime(&tp->tn_atime);
 564 
 565         /*
 566          * If we've already done a partial read, terminate
 567          * the read but return no error.
 568          */
 569         if (oresid != uio->uio_resid)
 570                 error = 0;
 571 
 572         TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
 573             "tmp_rdtmp_end:vp %x error %d", vp, error);
 574         return (error);
 575 }
 576 
 577 /* ARGSUSED2 */
 578 static int
 579 tmp_read(struct vnode *vp, struct uio *uiop, int ioflag, cred_t *cred,
 580     struct caller_context *ct)
 581 {
 582         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
 583         struct tmount *tm = (struct tmount *)VTOTM(vp);
 584         int error;
 585 
 586         /*
 587          * We don't currently support reading non-regular files
 588          */
 589         if (vp->v_type == VDIR)
 590                 return (EISDIR);
 591         if (vp->v_type != VREG)
 592                 return (EINVAL);
 593         /*
 594          * tmp_rwlock should have already been called from layers above
 595          */
 596         ASSERT(RW_READ_HELD(&tp->tn_rwlock));
 597 
 598         rw_enter(&tp->tn_contents, RW_READER);
 599 
 600         error = rdtmp(tm, tp, uiop, ct);
 601 
 602         rw_exit(&tp->tn_contents);
 603 
 604         return (error);
 605 }
 606 
 607 static int
 608 tmp_write(struct vnode *vp, struct uio *uiop, int ioflag, struct cred *cred,
 609     struct caller_context *ct)
 610 {
 611         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
 612         struct tmount *tm = (struct tmount *)VTOTM(vp);
 613         int error;
 614 
 615         /*
 616          * We don't currently support writing to non-regular files
 617          */
 618         if (vp->v_type != VREG)
 619                 return (EINVAL);        /* XXX EISDIR? */
 620 
 621         /*
 622          * tmp_rwlock should have already been called from layers above
 623          */
 624         ASSERT(RW_WRITE_HELD(&tp->tn_rwlock));
 625 
 626         rw_enter(&tp->tn_contents, RW_WRITER);
 627 
 628         if (ioflag & FAPPEND) {
 629                 /*
 630                  * In append mode start at end of file.
 631                  */
 632                 uiop->uio_loffset = tp->tn_size;
 633         }
 634 
 635         error = wrtmp(tm, tp, uiop, cred, ct);
 636 
 637         rw_exit(&tp->tn_contents);
 638 
 639         return (error);
 640 }
 641 
 642 /* ARGSUSED */
 643 static int
 644 tmp_ioctl(
 645         struct vnode *vp,
 646         int com,
 647         intptr_t data,
 648         int flag,
 649         struct cred *cred,
 650         int *rvalp,
 651         caller_context_t *ct)
 652 {
 653         return (ENOTTY);
 654 }
 655 
 656 /* ARGSUSED2 */
 657 static int
 658 tmp_getattr(
 659         struct vnode *vp,
 660         struct vattr *vap,
 661         int flags,
 662         struct cred *cred,
 663         caller_context_t *ct)
 664 {
 665         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
 666         struct vnode *mvp;
 667         struct vattr va;
 668         int attrs = 1;
 669 
 670         /*
 671          * A special case to handle the root tnode on a diskless nfs
 672          * client who may have had its uid and gid inherited
 673          * from an nfs vnode with nobody ownership.  Likely the
 674          * root filesystem. After nfs is fully functional the uid/gid
 675          * may be mapable so ask again.
 676          * vfsp can't get unmounted because we hold vp.
 677          */
 678         if (vp->v_flag & VROOT &&
 679             (mvp = vp->v_vfsp->vfs_vnodecovered) != NULL) {
 680                 mutex_enter(&tp->tn_tlock);
 681                 if (tp->tn_uid == UID_NOBODY || tp->tn_gid == GID_NOBODY) {
 682                         mutex_exit(&tp->tn_tlock);
 683                         bzero(&va, sizeof (struct vattr));
 684                         va.va_mask = AT_UID|AT_GID;
 685                         attrs = VOP_GETATTR(mvp, &va, 0, cred, ct);
 686                 } else {
 687                         mutex_exit(&tp->tn_tlock);
 688                 }
 689         }
 690         mutex_enter(&tp->tn_tlock);
 691         if (attrs == 0) {
 692                 tp->tn_uid = va.va_uid;
 693                 tp->tn_gid = va.va_gid;
 694         }
 695         vap->va_type = vp->v_type;
 696         vap->va_mode = tp->tn_mode & MODEMASK;
 697         vap->va_uid = tp->tn_uid;
 698         vap->va_gid = tp->tn_gid;
 699         vap->va_fsid = tp->tn_fsid;
 700         vap->va_nodeid = (ino64_t)tp->tn_nodeid;
 701         vap->va_nlink = tp->tn_nlink;
 702         vap->va_size = (u_offset_t)tp->tn_size;
 703         vap->va_atime = tp->tn_atime;
 704         vap->va_mtime = tp->tn_mtime;
 705         vap->va_ctime = tp->tn_ctime;
 706         vap->va_blksize = PAGESIZE;
 707         vap->va_rdev = tp->tn_rdev;
 708         vap->va_seq = tp->tn_seq;
 709 
 710         /*
 711          * XXX Holes are not taken into account.  We could take the time to
 712          * run through the anon array looking for allocated slots...
 713          */
 714         vap->va_nblocks = (fsblkcnt64_t)btodb(ptob(btopr(vap->va_size)));
 715         mutex_exit(&tp->tn_tlock);
 716         return (0);
 717 }
 718 
 719 /*ARGSUSED4*/
 720 static int
 721 tmp_setattr(
 722         struct vnode *vp,
 723         struct vattr *vap,
 724         int flags,
 725         struct cred *cred,
 726         caller_context_t *ct)
 727 {
 728         struct tmount *tm = (struct tmount *)VTOTM(vp);
 729         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
 730         int error = 0;
 731         struct vattr *get;
 732         long mask;
 733 
 734         /*
 735          * Cannot set these attributes
 736          */
 737         if ((vap->va_mask & AT_NOSET) || (vap->va_mask & AT_XVATTR))
 738                 return (EINVAL);
 739 
 740         mutex_enter(&tp->tn_tlock);
 741 
 742         get = &tp->tn_attr;
 743         /*
 744          * Change file access modes. Must be owner or have sufficient
 745          * privileges.
 746          */
 747         error = secpolicy_vnode_setattr(cred, vp, vap, get, flags, tmp_taccess,
 748             tp);
 749 
 750         if (error)
 751                 goto out;
 752 
 753         mask = vap->va_mask;
 754 
 755         if (mask & AT_MODE) {
 756                 get->va_mode &= S_IFMT;
 757                 get->va_mode |= vap->va_mode & ~S_IFMT;
 758         }
 759 
 760         if (mask & AT_UID)
 761                 get->va_uid = vap->va_uid;
 762         if (mask & AT_GID)
 763                 get->va_gid = vap->va_gid;
 764         if (mask & AT_ATIME)
 765                 get->va_atime = vap->va_atime;
 766         if (mask & AT_MTIME)
 767                 get->va_mtime = vap->va_mtime;
 768 
 769         if (mask & (AT_UID | AT_GID | AT_MODE | AT_MTIME))
 770                 gethrestime(&tp->tn_ctime);
 771 
 772         if (mask & AT_SIZE) {
 773                 ASSERT(vp->v_type != VDIR);
 774 
 775                 /* Don't support large files. */
 776                 if (vap->va_size > MAXOFF_T) {
 777                         error = EFBIG;
 778                         goto out;
 779                 }
 780                 mutex_exit(&tp->tn_tlock);
 781 
 782                 rw_enter(&tp->tn_rwlock, RW_WRITER);
 783                 rw_enter(&tp->tn_contents, RW_WRITER);
 784                 error = tmpnode_trunc(tm, tp, (ulong_t)vap->va_size);
 785                 rw_exit(&tp->tn_contents);
 786                 rw_exit(&tp->tn_rwlock);
 787 
 788                 if (error == 0 && vap->va_size == 0)
 789                         vnevent_truncate(vp, ct);
 790 
 791                 goto out1;
 792         }
 793 out:
 794         mutex_exit(&tp->tn_tlock);
 795 out1:
 796         return (error);
 797 }
 798 
 799 /* ARGSUSED2 */
 800 static int
 801 tmp_access(
 802         struct vnode *vp,
 803         int mode,
 804         int flags,
 805         struct cred *cred,
 806         caller_context_t *ct)
 807 {
 808         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
 809         int error;
 810 
 811         mutex_enter(&tp->tn_tlock);
 812         error = tmp_taccess(tp, mode, cred);
 813         mutex_exit(&tp->tn_tlock);
 814         return (error);
 815 }
 816 
 817 /* ARGSUSED3 */
 818 static int
 819 tmp_lookup(
 820         struct vnode *dvp,
 821         char *nm,
 822         struct vnode **vpp,
 823         struct pathname *pnp,
 824         int flags,
 825         struct vnode *rdir,
 826         struct cred *cred,
 827         caller_context_t *ct,
 828         int *direntflags,
 829         pathname_t *realpnp)
 830 {
 831         struct tmpnode *tp = (struct tmpnode *)VTOTN(dvp);
 832         struct tmpnode *ntp = NULL;
 833         int error;
 834 
 835 
 836         /* allow cd into @ dir */
 837         if (flags & LOOKUP_XATTR) {
 838                 struct tmpnode *xdp;
 839                 struct tmount *tm;
 840 
 841                 /*
 842                  * don't allow attributes if not mounted XATTR support
 843                  */
 844                 if (!(dvp->v_vfsp->vfs_flag & VFS_XATTR))
 845                         return (EINVAL);
 846 
 847                 if (tp->tn_flags & ISXATTR)
 848                         /* No attributes on attributes */
 849                         return (EINVAL);
 850 
 851                 rw_enter(&tp->tn_rwlock, RW_WRITER);
 852                 if (tp->tn_xattrdp == NULL) {
 853                         if (!(flags & CREATE_XATTR_DIR)) {
 854                                 rw_exit(&tp->tn_rwlock);
 855                                 return (ENOENT);
 856                         }
 857 
 858                         /*
 859                          * No attribute directory exists for this
 860                          * node - create the attr dir as a side effect
 861                          * of this lookup.
 862                          */
 863 
 864                         /*
 865                          * Make sure we have adequate permission...
 866                          */
 867 
 868                         if ((error = tmp_taccess(tp, VWRITE, cred)) != 0) {
 869                                 rw_exit(&tp->tn_rwlock);
 870                                 return (error);
 871                         }
 872 
 873                         xdp = tmp_memalloc(sizeof (struct tmpnode),
 874                             TMP_MUSTHAVE);
 875                         tm = VTOTM(dvp);
 876                         tmpnode_init(tm, xdp, &tp->tn_attr, NULL);
 877                         /*
 878                          * Fix-up fields unique to attribute directories.
 879                          */
 880                         xdp->tn_flags = ISXATTR;
 881                         xdp->tn_type = VDIR;
 882                         if (tp->tn_type == VDIR) {
 883                                 xdp->tn_mode = tp->tn_attr.va_mode;
 884                         } else {
 885                                 xdp->tn_mode = 0700;
 886                                 if (tp->tn_attr.va_mode & 0040)
 887                                         xdp->tn_mode |= 0750;
 888                                 if (tp->tn_attr.va_mode & 0004)
 889                                         xdp->tn_mode |= 0705;
 890                         }
 891                         xdp->tn_vnode->v_type = VDIR;
 892                         xdp->tn_vnode->v_flag |= V_XATTRDIR;
 893                         tdirinit(tp, xdp);
 894                         tp->tn_xattrdp = xdp;
 895                 } else {
 896                         VN_HOLD(tp->tn_xattrdp->tn_vnode);
 897                 }
 898                 *vpp = TNTOV(tp->tn_xattrdp);
 899                 rw_exit(&tp->tn_rwlock);
 900                 return (0);
 901         }
 902 
 903         /*
 904          * Null component name is a synonym for directory being searched.
 905          */
 906         if (*nm == '\0') {
 907                 VN_HOLD(dvp);
 908                 *vpp = dvp;
 909                 return (0);
 910         }
 911         ASSERT(tp);
 912 
 913         error = tdirlookup(tp, nm, &ntp, cred);
 914 
 915         if (error == 0) {
 916                 ASSERT(ntp);
 917                 *vpp = TNTOV(ntp);
 918                 /*
 919                  * If vnode is a device return special vnode instead
 920                  */
 921                 if (IS_DEVVP(*vpp)) {
 922                         struct vnode *newvp;
 923 
 924                         newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type,
 925                             cred);
 926                         VN_RELE(*vpp);
 927                         *vpp = newvp;
 928                 }
 929         }
 930         TRACE_4(TR_FAC_TMPFS, TR_TMPFS_LOOKUP,
 931             "tmpfs lookup:vp %p name %s vpp %p error %d",
 932             dvp, nm, vpp, error);
 933         return (error);
 934 }
 935 
 936 /*ARGSUSED7*/
 937 static int
 938 tmp_create(
 939         struct vnode *dvp,
 940         char *nm,
 941         struct vattr *vap,
 942         enum vcexcl exclusive,
 943         int mode,
 944         struct vnode **vpp,
 945         struct cred *cred,
 946         int flag,
 947         caller_context_t *ct,
 948         vsecattr_t *vsecp)
 949 {
 950         struct tmpnode *parent;
 951         struct tmount *tm;
 952         struct tmpnode *self;
 953         int error;
 954         struct tmpnode *oldtp;
 955 
 956 again:
 957         parent = (struct tmpnode *)VTOTN(dvp);
 958         tm = (struct tmount *)VTOTM(dvp);
 959         self = NULL;
 960         error = 0;
 961         oldtp = NULL;
 962 
 963         /* device files not allowed in ext. attr dirs */
 964         if ((parent->tn_flags & ISXATTR) &&
 965             (vap->va_type == VBLK || vap->va_type == VCHR ||
 966             vap->va_type == VFIFO || vap->va_type == VDOOR ||
 967             vap->va_type == VSOCK || vap->va_type == VPORT))
 968                         return (EINVAL);
 969 
 970         if (vap->va_type == VREG && (vap->va_mode & VSVTX)) {
 971                 /* Must be privileged to set sticky bit */
 972                 if (secpolicy_vnode_stky_modify(cred))
 973                         vap->va_mode &= ~VSVTX;
 974         } else if (vap->va_type == VNON) {
 975                 return (EINVAL);
 976         }
 977 
 978         /*
 979          * Null component name is a synonym for directory being searched.
 980          */
 981         if (*nm == '\0') {
 982                 VN_HOLD(dvp);
 983                 oldtp = parent;
 984         } else {
 985                 error = tdirlookup(parent, nm, &oldtp, cred);
 986         }
 987 
 988         if (error == 0) {       /* name found */
 989                 boolean_t trunc = B_FALSE;
 990 
 991                 ASSERT(oldtp);
 992 
 993                 rw_enter(&oldtp->tn_rwlock, RW_WRITER);
 994 
 995                 /*
 996                  * if create/read-only an existing
 997                  * directory, allow it
 998                  */
 999                 if (exclusive == EXCL)
1000                         error = EEXIST;
1001                 else if ((oldtp->tn_type == VDIR) && (mode & VWRITE))
1002                         error = EISDIR;
1003                 else {
1004                         error = tmp_taccess(oldtp, mode, cred);
1005                 }
1006 
1007                 if (error) {
1008                         rw_exit(&oldtp->tn_rwlock);
1009                         tmpnode_rele(oldtp);
1010                         return (error);
1011                 }
1012                 *vpp = TNTOV(oldtp);
1013                 if ((*vpp)->v_type == VREG && (vap->va_mask & AT_SIZE) &&
1014                     vap->va_size == 0) {
1015                         rw_enter(&oldtp->tn_contents, RW_WRITER);
1016                         (void) tmpnode_trunc(tm, oldtp, 0);
1017                         rw_exit(&oldtp->tn_contents);
1018                         trunc = B_TRUE;
1019                 }
1020                 rw_exit(&oldtp->tn_rwlock);
1021                 if (IS_DEVVP(*vpp)) {
1022                         struct vnode *newvp;
1023 
1024                         newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type,
1025                             cred);
1026                         VN_RELE(*vpp);
1027                         if (newvp == NULL) {
1028                                 return (ENOSYS);
1029                         }
1030                         *vpp = newvp;
1031                 }
1032 
1033                 if (trunc)
1034                         vnevent_create(*vpp, ct);
1035 
1036                 return (0);
1037         }
1038 
1039         if (error != ENOENT)
1040                 return (error);
1041 
1042         rw_enter(&parent->tn_rwlock, RW_WRITER);
1043         error = tdirenter(tm, parent, nm, DE_CREATE,
1044             (struct tmpnode *)NULL, (struct tmpnode *)NULL,
1045             vap, &self, cred, ct);
1046         rw_exit(&parent->tn_rwlock);
1047 
1048         if (error) {
1049                 if (self)
1050                         tmpnode_rele(self);
1051 
1052                 if (error == EEXIST) {
1053                         /*
1054                          * This means that the file was created sometime
1055                          * after we checked and did not find it and when
1056                          * we went to create it.
1057                          * Since creat() is supposed to truncate a file
1058                          * that already exits go back to the begining
1059                          * of the function. This time we will find it
1060                          * and go down the tmp_trunc() path
1061                          */
1062                         goto again;
1063                 }
1064                 return (error);
1065         }
1066 
1067         *vpp = TNTOV(self);
1068 
1069         if (!error && IS_DEVVP(*vpp)) {
1070                 struct vnode *newvp;
1071 
1072                 newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type, cred);
1073                 VN_RELE(*vpp);
1074                 if (newvp == NULL)
1075                         return (ENOSYS);
1076                 *vpp = newvp;
1077         }
1078         TRACE_3(TR_FAC_TMPFS, TR_TMPFS_CREATE,
1079             "tmpfs create:dvp %p nm %s vpp %p", dvp, nm, vpp);
1080         return (0);
1081 }
1082 
1083 /* ARGSUSED3 */
1084 static int
1085 tmp_remove(
1086         struct vnode *dvp,
1087         char *nm,
1088         struct cred *cred,
1089         caller_context_t *ct,
1090         int flags)
1091 {
1092         struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1093         int error;
1094         struct tmpnode *tp = NULL;
1095 
1096         error = tdirlookup(parent, nm, &tp, cred);
1097         if (error)
1098                 return (error);
1099 
1100         ASSERT(tp);
1101         rw_enter(&parent->tn_rwlock, RW_WRITER);
1102         rw_enter(&tp->tn_rwlock, RW_WRITER);
1103 
1104         if (tp->tn_type != VDIR ||
1105             (error = secpolicy_fs_linkdir(cred, dvp->v_vfsp)) == 0)
1106                 error = tdirdelete(parent, tp, nm, DR_REMOVE, cred);
1107 
1108         rw_exit(&tp->tn_rwlock);
1109         rw_exit(&parent->tn_rwlock);
1110         vnevent_remove(TNTOV(tp), dvp, nm, ct);
1111         tmpnode_rele(tp);
1112 
1113         TRACE_3(TR_FAC_TMPFS, TR_TMPFS_REMOVE,
1114             "tmpfs remove:dvp %p nm %s error %d", dvp, nm, error);
1115         return (error);
1116 }
1117 
1118 /* ARGSUSED4 */
1119 static int
1120 tmp_link(
1121         struct vnode *dvp,
1122         struct vnode *srcvp,
1123         char *tnm,
1124         struct cred *cred,
1125         caller_context_t *ct,
1126         int flags)
1127 {
1128         struct tmpnode *parent;
1129         struct tmpnode *from;
1130         struct tmount *tm = (struct tmount *)VTOTM(dvp);
1131         int error;
1132         struct tmpnode *found = NULL;
1133         struct vnode *realvp;
1134 
1135         if (VOP_REALVP(srcvp, &realvp, ct) == 0)
1136                 srcvp = realvp;
1137 
1138         parent = (struct tmpnode *)VTOTN(dvp);
1139         from = (struct tmpnode *)VTOTN(srcvp);
1140 
1141         if ((srcvp->v_type == VDIR &&
1142             secpolicy_fs_linkdir(cred, dvp->v_vfsp)) ||
1143             (from->tn_uid != crgetuid(cred) && secpolicy_basic_link(cred)))
1144                 return (EPERM);
1145 
1146         /*
1147          * Make sure link for extended attributes is valid
1148          * We only support hard linking of xattr's in xattrdir to an xattrdir
1149          */
1150         if ((from->tn_flags & ISXATTR) != (parent->tn_flags & ISXATTR))
1151                 return (EINVAL);
1152 
1153         error = tdirlookup(parent, tnm, &found, cred);
1154         if (error == 0) {
1155                 ASSERT(found);
1156                 tmpnode_rele(found);
1157                 return (EEXIST);
1158         }
1159 
1160         if (error != ENOENT)
1161                 return (error);
1162 
1163         rw_enter(&parent->tn_rwlock, RW_WRITER);
1164         error = tdirenter(tm, parent, tnm, DE_LINK, (struct tmpnode *)NULL,
1165             from, NULL, (struct tmpnode **)NULL, cred, ct);
1166         rw_exit(&parent->tn_rwlock);
1167         if (error == 0) {
1168                 vnevent_link(srcvp, ct);
1169         }
1170         return (error);
1171 }
1172 
1173 /* ARGSUSED5 */
1174 static int
1175 tmp_rename(
1176         struct vnode *odvp,     /* source parent vnode */
1177         char *onm,              /* source name */
1178         struct vnode *ndvp,     /* destination parent vnode */
1179         char *nnm,              /* destination name */
1180         struct cred *cred,
1181         caller_context_t *ct,
1182         int flags)
1183 {
1184         struct tmpnode *fromparent;
1185         struct tmpnode *toparent;
1186         struct tmpnode *fromtp = NULL;  /* source tmpnode */
1187         struct tmount *tm = (struct tmount *)VTOTM(odvp);
1188         int error;
1189         int samedir = 0;        /* set if odvp == ndvp */
1190         struct vnode *realvp;
1191 
1192         if (VOP_REALVP(ndvp, &realvp, ct) == 0)
1193                 ndvp = realvp;
1194 
1195         fromparent = (struct tmpnode *)VTOTN(odvp);
1196         toparent = (struct tmpnode *)VTOTN(ndvp);
1197 
1198         if ((fromparent->tn_flags & ISXATTR) != (toparent->tn_flags & ISXATTR))
1199                 return (EINVAL);
1200 
1201         mutex_enter(&tm->tm_renamelck);
1202 
1203         /*
1204          * Look up tmpnode of file we're supposed to rename.
1205          */
1206         error = tdirlookup(fromparent, onm, &fromtp, cred);
1207         if (error) {
1208                 mutex_exit(&tm->tm_renamelck);
1209                 return (error);
1210         }
1211 
1212         /*
1213          * Make sure we can delete the old (source) entry.  This
1214          * requires write permission on the containing directory.  If
1215          * that directory is "sticky" it requires further checks.
1216          */
1217         if (((error = tmp_taccess(fromparent, VWRITE, cred)) != 0) ||
1218             (error = tmp_sticky_remove_access(fromparent, fromtp, cred)) != 0)
1219                 goto done;
1220 
1221         /*
1222          * Check for renaming to or from '.' or '..' or that
1223          * fromtp == fromparent
1224          */
1225         if ((onm[0] == '.' &&
1226             (onm[1] == '\0' || (onm[1] == '.' && onm[2] == '\0'))) ||
1227             (nnm[0] == '.' &&
1228             (nnm[1] == '\0' || (nnm[1] == '.' && nnm[2] == '\0'))) ||
1229             (fromparent == fromtp)) {
1230                 error = EINVAL;
1231                 goto done;
1232         }
1233 
1234         samedir = (fromparent == toparent);
1235         /*
1236          * Make sure we can search and rename into the new
1237          * (destination) directory.
1238          */
1239         if (!samedir) {
1240                 error = tmp_taccess(toparent, VEXEC|VWRITE, cred);
1241                 if (error)
1242                         goto done;
1243         }
1244 
1245         /*
1246          * Link source to new target
1247          */
1248         rw_enter(&toparent->tn_rwlock, RW_WRITER);
1249         error = tdirenter(tm, toparent, nnm, DE_RENAME,
1250             fromparent, fromtp, (struct vattr *)NULL,
1251             (struct tmpnode **)NULL, cred, ct);
1252         rw_exit(&toparent->tn_rwlock);
1253 
1254         if (error) {
1255                 /*
1256                  * ESAME isn't really an error; it indicates that the
1257                  * operation should not be done because the source and target
1258                  * are the same file, but that no error should be reported.
1259                  */
1260                 if (error == ESAME)
1261                         error = 0;
1262                 goto done;
1263         }
1264         vnevent_rename_src(TNTOV(fromtp), odvp, onm, ct);
1265 
1266         /*
1267          * Notify the target directory if not same as
1268          * source directory.
1269          */
1270         if (ndvp != odvp) {
1271                 vnevent_rename_dest_dir(ndvp, ct);
1272         }
1273 
1274         /*
1275          * Unlink from source.
1276          */
1277         rw_enter(&fromparent->tn_rwlock, RW_WRITER);
1278         rw_enter(&fromtp->tn_rwlock, RW_WRITER);
1279 
1280         error = tdirdelete(fromparent, fromtp, onm, DR_RENAME, cred);
1281 
1282         /*
1283          * The following handles the case where our source tmpnode was
1284          * removed before we got to it.
1285          *
1286          * XXX We should also cleanup properly in the case where tdirdelete
1287          * fails for some other reason.  Currently this case shouldn't happen.
1288          * (see 1184991).
1289          */
1290         if (error == ENOENT)
1291                 error = 0;
1292 
1293         rw_exit(&fromtp->tn_rwlock);
1294         rw_exit(&fromparent->tn_rwlock);
1295 done:
1296         tmpnode_rele(fromtp);
1297         mutex_exit(&tm->tm_renamelck);
1298 
1299         TRACE_5(TR_FAC_TMPFS, TR_TMPFS_RENAME,
1300             "tmpfs rename:ovp %p onm %s nvp %p nnm %s error %d", odvp, onm,
1301             ndvp, nnm, error);
1302         return (error);
1303 }
1304 
1305 /* ARGSUSED5 */
1306 static int
1307 tmp_mkdir(
1308         struct vnode *dvp,
1309         char *nm,
1310         struct vattr *va,
1311         struct vnode **vpp,
1312         struct cred *cred,
1313         caller_context_t *ct,
1314         int flags,
1315         vsecattr_t *vsecp)
1316 {
1317         struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1318         struct tmpnode *self = NULL;
1319         struct tmount *tm = (struct tmount *)VTOTM(dvp);
1320         int error;
1321 
1322         /* no new dirs allowed in xattr dirs */
1323         if (parent->tn_flags & ISXATTR)
1324                 return (EINVAL);
1325 
1326         /*
1327          * Might be dangling directory.  Catch it here,
1328          * because a ENOENT return from tdirlookup() is
1329          * an "o.k. return".
1330          */
1331         if (parent->tn_nlink == 0)
1332                 return (ENOENT);
1333 
1334         error = tdirlookup(parent, nm, &self, cred);
1335         if (error == 0) {
1336                 ASSERT(self);
1337                 tmpnode_rele(self);
1338                 return (EEXIST);
1339         }
1340         if (error != ENOENT)
1341                 return (error);
1342 
1343         rw_enter(&parent->tn_rwlock, RW_WRITER);
1344         error = tdirenter(tm, parent, nm, DE_MKDIR, (struct tmpnode *)NULL,
1345             (struct tmpnode *)NULL, va, &self, cred, ct);
1346         if (error) {
1347                 rw_exit(&parent->tn_rwlock);
1348                 if (self)
1349                         tmpnode_rele(self);
1350                 return (error);
1351         }
1352         rw_exit(&parent->tn_rwlock);
1353         *vpp = TNTOV(self);
1354         return (0);
1355 }
1356 
1357 /* ARGSUSED4 */
1358 static int
1359 tmp_rmdir(
1360         struct vnode *dvp,
1361         char *nm,
1362         struct vnode *cdir,
1363         struct cred *cred,
1364         caller_context_t *ct,
1365         int flags)
1366 {
1367         struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1368         struct tmpnode *self = NULL;
1369         struct vnode *vp;
1370         int error = 0;
1371 
1372         /*
1373          * Return error when removing . and ..
1374          */
1375         if (strcmp(nm, ".") == 0)
1376                 return (EINVAL);
1377         if (strcmp(nm, "..") == 0)
1378                 return (EEXIST); /* Should be ENOTEMPTY */
1379         error = tdirlookup(parent, nm, &self, cred);
1380         if (error)
1381                 return (error);
1382 
1383         rw_enter(&parent->tn_rwlock, RW_WRITER);
1384         rw_enter(&self->tn_rwlock, RW_WRITER);
1385 
1386         vp = TNTOV(self);
1387         if (vp == dvp || vp == cdir) {
1388                 error = EINVAL;
1389                 goto done1;
1390         }
1391         if (self->tn_type != VDIR) {
1392                 error = ENOTDIR;
1393                 goto done1;
1394         }
1395 
1396         mutex_enter(&self->tn_tlock);
1397         if (self->tn_nlink > 2) {
1398                 mutex_exit(&self->tn_tlock);
1399                 error = EEXIST;
1400                 goto done1;
1401         }
1402         mutex_exit(&self->tn_tlock);
1403 
1404         if (vn_vfswlock(vp)) {
1405                 error = EBUSY;
1406                 goto done1;
1407         }
1408         if (vn_mountedvfs(vp) != NULL) {
1409                 error = EBUSY;
1410                 goto done;
1411         }
1412 
1413         /*
1414          * Check for an empty directory
1415          * i.e. only includes entries for "." and ".."
1416          */
1417         if (self->tn_dirents > 2) {
1418                 error = EEXIST;         /* SIGH should be ENOTEMPTY */
1419                 /*
1420                  * Update atime because checking tn_dirents is logically
1421                  * equivalent to reading the directory
1422                  */
1423                 gethrestime(&self->tn_atime);
1424                 goto done;
1425         }
1426 
1427         error = tdirdelete(parent, self, nm, DR_RMDIR, cred);
1428 done:
1429         vn_vfsunlock(vp);
1430 done1:
1431         rw_exit(&self->tn_rwlock);
1432         rw_exit(&parent->tn_rwlock);
1433         vnevent_rmdir(TNTOV(self), dvp, nm, ct);
1434         tmpnode_rele(self);
1435 
1436         return (error);
1437 }
1438 
1439 /* ARGSUSED2 */
1440 static int
1441 tmp_readdir(
1442         struct vnode *vp,
1443         struct uio *uiop,
1444         struct cred *cred,
1445         int *eofp,
1446         caller_context_t *ct,
1447         int flags)
1448 {
1449         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1450         struct tdirent *tdp;
1451         int error = 0;
1452         size_t namelen;
1453         struct dirent64 *dp;
1454         ulong_t offset;
1455         ulong_t total_bytes_wanted;
1456         long outcount = 0;
1457         long bufsize;
1458         int reclen;
1459         caddr_t outbuf;
1460 
1461         if (uiop->uio_loffset >= MAXOFF_T) {
1462                 if (eofp)
1463                         *eofp = 1;
1464                 return (0);
1465         }
1466         /*
1467          * assuming system call has already called tmp_rwlock
1468          */
1469         ASSERT(RW_READ_HELD(&tp->tn_rwlock));
1470 
1471         if (uiop->uio_iovcnt != 1)
1472                 return (EINVAL);
1473 
1474         if (vp->v_type != VDIR)
1475                 return (ENOTDIR);
1476 
1477         /*
1478          * There's a window here where someone could have removed
1479          * all the entries in the directory after we put a hold on the
1480          * vnode but before we grabbed the rwlock.  Just return.
1481          */
1482         if (tp->tn_dir == NULL) {
1483                 if (tp->tn_nlink) {
1484                         panic("empty directory 0x%p", (void *)tp);
1485                         /*NOTREACHED*/
1486                 }
1487                 return (0);
1488         }
1489 
1490         /*
1491          * Get space for multiple directory entries
1492          */
1493         total_bytes_wanted = uiop->uio_iov->iov_len;
1494         bufsize = total_bytes_wanted + sizeof (struct dirent64);
1495         outbuf = kmem_alloc(bufsize, KM_SLEEP);
1496 
1497         dp = (struct dirent64 *)outbuf;
1498 
1499 
1500         offset = 0;
1501         tdp = tp->tn_dir;
1502         while (tdp) {
1503                 namelen = strlen(tdp->td_name);      /* no +1 needed */
1504                 offset = tdp->td_offset;
1505                 if (offset >= uiop->uio_offset) {
1506                         reclen = (int)DIRENT64_RECLEN(namelen);
1507                         if (outcount + reclen > total_bytes_wanted) {
1508                                 if (!outcount)
1509                                         /*
1510                                          * Buffer too small for any entries.
1511                                          */
1512                                         error = EINVAL;
1513                                 break;
1514                         }
1515                         ASSERT(tdp->td_tmpnode != NULL);
1516 
1517                         /* use strncpy(9f) to zero out uninitialized bytes */
1518 
1519                         (void) strncpy(dp->d_name, tdp->td_name,
1520                             DIRENT64_NAMELEN(reclen));
1521                         dp->d_reclen = (ushort_t)reclen;
1522                         dp->d_ino = (ino64_t)tdp->td_tmpnode->tn_nodeid;
1523                         dp->d_off = (offset_t)tdp->td_offset + 1;
1524                         dp = (struct dirent64 *)
1525                             ((uintptr_t)dp + dp->d_reclen);
1526                         outcount += reclen;
1527                         ASSERT(outcount <= bufsize);
1528                 }
1529                 tdp = tdp->td_next;
1530         }
1531 
1532         if (!error)
1533                 error = uiomove(outbuf, outcount, UIO_READ, uiop);
1534 
1535         if (!error) {
1536                 /* If we reached the end of the list our offset */
1537                 /* should now be just past the end. */
1538                 if (!tdp) {
1539                         offset += 1;
1540                         if (eofp)
1541                                 *eofp = 1;
1542                 } else if (eofp)
1543                         *eofp = 0;
1544                 uiop->uio_offset = offset;
1545         }
1546         gethrestime(&tp->tn_atime);
1547         kmem_free(outbuf, bufsize);
1548         return (error);
1549 }
1550 
1551 /* ARGSUSED5 */
1552 static int
1553 tmp_symlink(
1554         struct vnode *dvp,
1555         char *lnm,
1556         struct vattr *tva,
1557         char *tnm,
1558         struct cred *cred,
1559         caller_context_t *ct,
1560         int flags)
1561 {
1562         struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1563         struct tmpnode *self = (struct tmpnode *)NULL;
1564         struct tmount *tm = (struct tmount *)VTOTM(dvp);
1565         char *cp = NULL;
1566         int error;
1567         size_t len;
1568 
1569         /* no symlinks allowed to files in xattr dirs */
1570         if (parent->tn_flags & ISXATTR)
1571                 return (EINVAL);
1572 
1573         error = tdirlookup(parent, lnm, &self, cred);
1574         if (error == 0) {
1575                 /*
1576                  * The entry already exists
1577                  */
1578                 tmpnode_rele(self);
1579                 return (EEXIST);        /* was 0 */
1580         }
1581 
1582         if (error != ENOENT) {
1583                 if (self != NULL)
1584                         tmpnode_rele(self);
1585                 return (error);
1586         }
1587 
1588         rw_enter(&parent->tn_rwlock, RW_WRITER);
1589         error = tdirenter(tm, parent, lnm, DE_CREATE, (struct tmpnode *)NULL,
1590             (struct tmpnode *)NULL, tva, &self, cred, ct);
1591         rw_exit(&parent->tn_rwlock);
1592 
1593         if (error) {
1594                 if (self)
1595                         tmpnode_rele(self);
1596                 return (error);
1597         }
1598         len = strlen(tnm) + 1;
1599         cp = tmp_memalloc(len, 0);
1600         if (cp == NULL) {
1601                 tmpnode_rele(self);
1602                 return (ENOSPC);
1603         }
1604         (void) strcpy(cp, tnm);
1605 
1606         self->tn_symlink = cp;
1607         self->tn_size = len - 1;
1608         tmpnode_rele(self);
1609         return (error);
1610 }
1611 
1612 /* ARGSUSED2 */
1613 static int
1614 tmp_readlink(
1615         struct vnode *vp,
1616         struct uio *uiop,
1617         struct cred *cred,
1618         caller_context_t *ct)
1619 {
1620         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1621         int error = 0;
1622 
1623         if (vp->v_type != VLNK)
1624                 return (EINVAL);
1625 
1626         rw_enter(&tp->tn_rwlock, RW_READER);
1627         rw_enter(&tp->tn_contents, RW_READER);
1628         error = uiomove(tp->tn_symlink, tp->tn_size, UIO_READ, uiop);
1629         gethrestime(&tp->tn_atime);
1630         rw_exit(&tp->tn_contents);
1631         rw_exit(&tp->tn_rwlock);
1632         return (error);
1633 }
1634 
1635 /* ARGSUSED */
1636 static int
1637 tmp_fsync(
1638         struct vnode *vp,
1639         int syncflag,
1640         struct cred *cred,
1641         caller_context_t *ct)
1642 {
1643         return (0);
1644 }
1645 
1646 /* ARGSUSED */
1647 static void
1648 tmp_inactive(struct vnode *vp, struct cred *cred, caller_context_t *ct)
1649 {
1650         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1651         struct tmount *tm = (struct tmount *)VFSTOTM(vp->v_vfsp);
1652 
1653         rw_enter(&tp->tn_rwlock, RW_WRITER);
1654 top:
1655         mutex_enter(&tp->tn_tlock);
1656         mutex_enter(&vp->v_lock);
1657         ASSERT(vp->v_count >= 1);
1658 
1659         /*
1660          * If we don't have the last hold or the link count is non-zero,
1661          * there's little to do -- just drop our hold.
1662          */
1663         if (vp->v_count > 1 || tp->tn_nlink != 0) {
1664                 vp->v_count--;
1665                 mutex_exit(&vp->v_lock);
1666                 mutex_exit(&tp->tn_tlock);
1667                 rw_exit(&tp->tn_rwlock);
1668                 return;
1669         }
1670 
1671         /*
1672          * We have the last hold *and* the link count is zero, so this
1673          * tmpnode is dead from the filesystem's viewpoint.  However,
1674          * if the tmpnode has any pages associated with it (i.e. if it's
1675          * a normal file with non-zero size), the tmpnode can still be
1676          * discovered by pageout or fsflush via the page vnode pointers.
1677          * In this case we must drop all our locks, truncate the tmpnode,
1678          * and try the whole dance again.
1679          */
1680         if (tp->tn_size != 0) {
1681                 if (tp->tn_type == VREG) {
1682                         mutex_exit(&vp->v_lock);
1683                         mutex_exit(&tp->tn_tlock);
1684                         rw_enter(&tp->tn_contents, RW_WRITER);
1685                         (void) tmpnode_trunc(tm, tp, 0);
1686                         rw_exit(&tp->tn_contents);
1687                         ASSERT(tp->tn_size == 0);
1688                         ASSERT(tp->tn_nblocks == 0);
1689                         goto top;
1690                 }
1691                 if (tp->tn_type == VLNK)
1692                         tmp_memfree(tp->tn_symlink, tp->tn_size + 1);
1693         }
1694 
1695         /*
1696          * Remove normal file/dir's xattr dir and xattrs.
1697          */
1698         if (tp->tn_xattrdp) {
1699                 struct tmpnode *xtp = tp->tn_xattrdp;
1700 
1701                 ASSERT(xtp->tn_flags & ISXATTR);
1702                 tmpnode_hold(xtp);
1703                 rw_enter(&xtp->tn_rwlock, RW_WRITER);
1704                 tdirtrunc(xtp);
1705                 DECR_COUNT(&xtp->tn_nlink, &xtp->tn_tlock);
1706                 tp->tn_xattrdp = NULL;
1707                 rw_exit(&xtp->tn_rwlock);
1708                 tmpnode_rele(xtp);
1709         }
1710 
1711         mutex_exit(&vp->v_lock);
1712         mutex_exit(&tp->tn_tlock);
1713         /* Here's our chance to send invalid event while we're between locks */
1714         vn_invalid(TNTOV(tp));
1715         mutex_enter(&tm->tm_contents);
1716         if (tp->tn_forw == NULL)
1717                 tm->tm_rootnode->tn_back = tp->tn_back;
1718         else
1719                 tp->tn_forw->tn_back = tp->tn_back;
1720         tp->tn_back->tn_forw = tp->tn_forw;
1721         mutex_exit(&tm->tm_contents);
1722         rw_exit(&tp->tn_rwlock);
1723         rw_destroy(&tp->tn_rwlock);
1724         mutex_destroy(&tp->tn_tlock);
1725         vn_free(TNTOV(tp));
1726         tmp_memfree(tp, sizeof (struct tmpnode));
1727 }
1728 
1729 /* ARGSUSED2 */
1730 static int
1731 tmp_fid(struct vnode *vp, struct fid *fidp, caller_context_t *ct)
1732 {
1733         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1734         struct tfid *tfid;
1735 
1736         if (fidp->fid_len < (sizeof (struct tfid) - sizeof (ushort_t))) {
1737                 fidp->fid_len = sizeof (struct tfid) - sizeof (ushort_t);
1738                 return (ENOSPC);
1739         }
1740 
1741         tfid = (struct tfid *)fidp;
1742         bzero(tfid, sizeof (struct tfid));
1743         tfid->tfid_len = (int)sizeof (struct tfid) - sizeof (ushort_t);
1744 
1745         tfid->tfid_ino = tp->tn_nodeid;
1746         tfid->tfid_gen = tp->tn_gen;
1747 
1748         return (0);
1749 }
1750 
1751 
1752 /*
1753  * Return all the pages from [off..off+len] in given file
1754  */
1755 /* ARGSUSED */
1756 static int
1757 tmp_getpage(
1758         struct vnode *vp,
1759         offset_t off,
1760         size_t len,
1761         uint_t *protp,
1762         page_t *pl[],
1763         size_t plsz,
1764         struct seg *seg,
1765         caddr_t addr,
1766         enum seg_rw rw,
1767         struct cred *cr,
1768         caller_context_t *ct)
1769 {
1770         int err = 0;
1771         struct tmpnode *tp = VTOTN(vp);
1772         anoff_t toff = (anoff_t)off;
1773         size_t tlen = len;
1774         u_offset_t tmpoff;
1775         timestruc_t now;
1776 
1777         rw_enter(&tp->tn_contents, RW_READER);
1778 
1779         if (off + len  > tp->tn_size + PAGEOFFSET) {
1780                 err = EFAULT;
1781                 goto out;
1782         }
1783         /*
1784          * Look for holes (no anon slot) in faulting range. If there are
1785          * holes we have to switch to a write lock and fill them in. Swap
1786          * space for holes was already reserved when the file was grown.
1787          */
1788         tmpoff = toff;
1789         if (non_anon(tp->tn_anon, btop(off), &tmpoff, &tlen)) {
1790                 if (!rw_tryupgrade(&tp->tn_contents)) {
1791                         rw_exit(&tp->tn_contents);
1792                         rw_enter(&tp->tn_contents, RW_WRITER);
1793                         /* Size may have changed when lock was dropped */
1794                         if (off + len  > tp->tn_size + PAGEOFFSET) {
1795                                 err = EFAULT;
1796                                 goto out;
1797                         }
1798                 }
1799                 for (toff = (anoff_t)off; toff < (anoff_t)off + len;
1800                     toff += PAGESIZE) {
1801                         if (anon_get_ptr(tp->tn_anon, btop(toff)) == NULL) {
1802                                 /* XXX - may allocate mem w. write lock held */
1803                                 (void) anon_set_ptr(tp->tn_anon, btop(toff),
1804                                     anon_alloc(vp, toff), ANON_SLEEP);
1805                                 tp->tn_nblocks++;
1806                         }
1807                 }
1808                 rw_downgrade(&tp->tn_contents);
1809         }
1810 
1811 
1812         if (len <= PAGESIZE)
1813                 err = tmp_getapage(vp, (u_offset_t)off, len, protp, pl, plsz,
1814                     seg, addr, rw, cr);
1815         else
1816                 err = pvn_getpages(tmp_getapage, vp, (u_offset_t)off, len,
1817                     protp, pl, plsz, seg, addr, rw, cr);
1818 
1819         gethrestime(&now);
1820         tp->tn_atime = now;
1821         if (rw == S_WRITE)
1822                 tp->tn_mtime = now;
1823 
1824 out:
1825         rw_exit(&tp->tn_contents);
1826         return (err);
1827 }
1828 
1829 /*
1830  * Called from pvn_getpages or swap_getpage to get a particular page.
1831  */
1832 /*ARGSUSED*/
1833 static int
1834 tmp_getapage(
1835         struct vnode *vp,
1836         u_offset_t off,
1837         size_t len,
1838         uint_t *protp,
1839         page_t *pl[],
1840         size_t plsz,
1841         struct seg *seg,
1842         caddr_t addr,
1843         enum seg_rw rw,
1844         struct cred *cr)
1845 {
1846         struct page *pp;
1847         int flags;
1848         int err = 0;
1849         struct vnode *pvp;
1850         u_offset_t poff;
1851 
1852         if (protp != NULL)
1853                 *protp = PROT_ALL;
1854 again:
1855         if (pp = page_lookup(vp, off, rw == S_CREATE ? SE_EXCL : SE_SHARED)) {
1856                 if (pl) {
1857                         pl[0] = pp;
1858                         pl[1] = NULL;
1859                 } else {
1860                         page_unlock(pp);
1861                 }
1862         } else {
1863                 pp = page_create_va(vp, off, PAGESIZE,
1864                     PG_WAIT | PG_EXCL, seg, addr);
1865                 /*
1866                  * Someone raced in and created the page after we did the
1867                  * lookup but before we did the create, so go back and
1868                  * try to look it up again.
1869                  */
1870                 if (pp == NULL)
1871                         goto again;
1872                 /*
1873                  * Fill page from backing store, if any. If none, then
1874                  * either this is a newly filled hole or page must have
1875                  * been unmodified and freed so just zero it out.
1876                  */
1877                 err = swap_getphysname(vp, off, &pvp, &poff);
1878                 if (err) {
1879                         panic("tmp_getapage: no anon slot vp %p "
1880                             "off %llx pp %p\n", (void *)vp, off, (void *)pp);
1881                 }
1882                 if (pvp) {
1883                         flags = (pl == NULL ? B_ASYNC|B_READ : B_READ);
1884                         err = VOP_PAGEIO(pvp, pp, (u_offset_t)poff, PAGESIZE,
1885                             flags, cr, NULL);
1886                         if (flags & B_ASYNC)
1887                                 pp = NULL;
1888                 } else if (rw != S_CREATE) {
1889                         pagezero(pp, 0, PAGESIZE);
1890                 }
1891                 if (err && pp)
1892                         pvn_read_done(pp, B_ERROR);
1893                 if (err == 0) {
1894                         if (pl)
1895                                 pvn_plist_init(pp, pl, plsz, off, PAGESIZE, rw);
1896                         else
1897                                 pvn_io_done(pp);
1898                 }
1899         }
1900         return (err);
1901 }
1902 
1903 
1904 /*
1905  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED}.
1906  * If len == 0, do from off to EOF.
1907  */
1908 static int tmp_nopage = 0;      /* Don't do tmp_putpage's if set */
1909 
1910 /* ARGSUSED */
1911 int
1912 tmp_putpage(
1913         register struct vnode *vp,
1914         offset_t off,
1915         size_t len,
1916         int flags,
1917         struct cred *cr,
1918         caller_context_t *ct)
1919 {
1920         register page_t *pp;
1921         u_offset_t io_off;
1922         size_t io_len = 0;
1923         int err = 0;
1924         struct tmpnode *tp = VTOTN(vp);
1925         int dolock;
1926 
1927         if (tmp_nopage)
1928                 return (0);
1929 
1930         ASSERT(vp->v_count != 0);
1931 
1932         if (vp->v_flag & VNOMAP)
1933                 return (ENOSYS);
1934 
1935         /*
1936          * This being tmpfs, we don't ever do i/o unless we really
1937          * have to (when we're low on memory and pageout calls us
1938          * with B_ASYNC | B_FREE or the user explicitly asks for it with
1939          * B_DONTNEED).
1940          * XXX to approximately track the mod time like ufs we should
1941          * update the times here. The problem is, once someone does a
1942          * store we never clear the mod bit and do i/o, thus fsflush
1943          * will keep calling us every 30 seconds to do the i/o and we'll
1944          * continually update the mod time. At least we update the mod
1945          * time on the first store because this results in a call to getpage.
1946          */
1947         if (flags != (B_ASYNC | B_FREE) && (flags & B_INVAL) == 0 &&
1948             (flags & B_DONTNEED) == 0)
1949                 return (0);
1950         /*
1951          * If this thread owns the lock, i.e., this thread grabbed it
1952          * as writer somewhere above, then we don't need to grab the
1953          * lock as reader in this routine.
1954          */
1955         dolock = (rw_owner(&tp->tn_contents) != curthread);
1956 
1957         /*
1958          * If this is pageout don't block on the lock as you could deadlock
1959          * when freemem == 0 (another thread has the read lock and is blocked
1960          * creating a page, and a third thread is waiting to get the writers
1961          * lock - waiting writers priority blocks us from getting the read
1962          * lock). Of course, if the only freeable pages are on this tmpnode
1963          * we're hosed anyways. A better solution might be a new lock type.
1964          * Note: ufs has the same problem.
1965          */
1966         if (curproc == proc_pageout) {
1967                 if (!rw_tryenter(&tp->tn_contents, RW_READER))
1968                         return (ENOMEM);
1969         } else if (dolock)
1970                 rw_enter(&tp->tn_contents, RW_READER);
1971 
1972         if (!vn_has_cached_data(vp))
1973                 goto out;
1974 
1975         if (len == 0) {
1976                 if (curproc == proc_pageout) {
1977                         panic("tmp: pageout can't block");
1978                         /*NOTREACHED*/
1979                 }
1980 
1981                 /* Search the entire vp list for pages >= off. */
1982                 err = pvn_vplist_dirty(vp, (u_offset_t)off, tmp_putapage,
1983                     flags, cr);
1984         } else {
1985                 u_offset_t eoff;
1986 
1987                 /*
1988                  * Loop over all offsets in the range [off...off + len]
1989                  * looking for pages to deal with.
1990                  */
1991                 eoff = MIN(off + len, tp->tn_size);
1992                 for (io_off = off; io_off < eoff; io_off += io_len) {
1993                         /*
1994                          * If we are not invalidating, synchronously
1995                          * freeing or writing pages use the routine
1996                          * page_lookup_nowait() to prevent reclaiming
1997                          * them from the free list.
1998                          */
1999                         if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
2000                                 pp = page_lookup(vp, io_off,
2001                                     (flags & (B_INVAL | B_FREE)) ?
2002                                     SE_EXCL : SE_SHARED);
2003                         } else {
2004                                 pp = page_lookup_nowait(vp, io_off,
2005                                     (flags & B_FREE) ? SE_EXCL : SE_SHARED);
2006                         }
2007 
2008                         if (pp == NULL || pvn_getdirty(pp, flags) == 0)
2009                                 io_len = PAGESIZE;
2010                         else {
2011                                 err = tmp_putapage(vp, pp, &io_off, &io_len,
2012                                     flags, cr);
2013                                 if (err != 0)
2014                                         break;
2015                         }
2016                 }
2017         }
2018         /* If invalidating, verify all pages on vnode list are gone. */
2019         if (err == 0 && off == 0 && len == 0 &&
2020             (flags & B_INVAL) && vn_has_cached_data(vp)) {
2021                 panic("tmp_putpage: B_INVAL, pages not gone");
2022                 /*NOTREACHED*/
2023         }
2024 out:
2025         if ((curproc == proc_pageout) || dolock)
2026                 rw_exit(&tp->tn_contents);
2027         /*
2028          * Only reason putapage is going to give us SE_NOSWAP as error
2029          * is when we ask a page to be written to physical backing store
2030          * and there is none. Ignore this because we might be dealing
2031          * with a swap page which does not have any backing store
2032          * on disk. In any other case we won't get this error over here.
2033          */
2034         if (err == SE_NOSWAP)
2035                 err = 0;
2036         return (err);
2037 }
2038 
2039 long tmp_putpagecnt, tmp_pagespushed;
2040 
2041 /*
2042  * Write out a single page.
2043  * For tmpfs this means choose a physical swap slot and write the page
2044  * out using VOP_PAGEIO. For performance, we attempt to kluster; i.e.,
2045  * we try to find a bunch of other dirty pages adjacent in the file
2046  * and a bunch of contiguous swap slots, and then write all the pages
2047  * out in a single i/o.
2048  */
2049 /*ARGSUSED*/
2050 static int
2051 tmp_putapage(
2052         struct vnode *vp,
2053         page_t *pp,
2054         u_offset_t *offp,
2055         size_t *lenp,
2056         int flags,
2057         struct cred *cr)
2058 {
2059         int err;
2060         ulong_t klstart, kllen;
2061         page_t *pplist, *npplist;
2062         extern int klustsize;
2063         long tmp_klustsize;
2064         struct tmpnode *tp;
2065         size_t pp_off, pp_len;
2066         u_offset_t io_off;
2067         size_t io_len;
2068         struct vnode *pvp;
2069         u_offset_t pstart;
2070         u_offset_t offset;
2071         u_offset_t tmpoff;
2072 
2073         ASSERT(PAGE_LOCKED(pp));
2074 
2075         /* Kluster in tmp_klustsize chunks */
2076         tp = VTOTN(vp);
2077         tmp_klustsize = klustsize;
2078         offset = pp->p_offset;
2079         klstart = (offset / tmp_klustsize) * tmp_klustsize;
2080         kllen = MIN(tmp_klustsize, tp->tn_size - klstart);
2081 
2082         /* Get a kluster of pages */
2083         pplist =
2084             pvn_write_kluster(vp, pp, &tmpoff, &pp_len, klstart, kllen, flags);
2085 
2086         pp_off = (size_t)tmpoff;
2087 
2088         /*
2089          * Get a cluster of physical offsets for the pages; the amount we
2090          * get may be some subrange of what we ask for (io_off, io_len).
2091          */
2092         io_off = pp_off;
2093         io_len = pp_len;
2094         err = swap_newphysname(vp, offset, &io_off, &io_len, &pvp, &pstart);
2095         ASSERT(err != SE_NOANON); /* anon slot must have been filled */
2096         if (err) {
2097                 pvn_write_done(pplist, B_ERROR | B_WRITE | flags);
2098                 /*
2099                  * If this routine is called as a result of segvn_sync
2100                  * operation and we have no physical swap then we can get an
2101                  * error here. In such case we would return SE_NOSWAP as error.
2102                  * At this point, we expect only SE_NOSWAP.
2103                  */
2104                 ASSERT(err == SE_NOSWAP);
2105                 if (flags & B_INVAL)
2106                         err = ENOMEM;
2107                 goto out;
2108         }
2109         ASSERT(pp_off <= io_off && io_off + io_len <= pp_off + pp_len);
2110         ASSERT(io_off <= offset && offset < io_off + io_len);
2111 
2112         /* Toss pages at front/rear that we couldn't get physical backing for */
2113         if (io_off != pp_off) {
2114                 npplist = NULL;
2115                 page_list_break(&pplist, &npplist, btop(io_off - pp_off));
2116                 ASSERT(pplist->p_offset == pp_off);
2117                 ASSERT(pplist->p_prev->p_offset == io_off - PAGESIZE);
2118                 pvn_write_done(pplist, B_ERROR | B_WRITE | flags);
2119                 pplist = npplist;
2120         }
2121         if (io_off + io_len < pp_off + pp_len) {
2122                 npplist = NULL;
2123                 page_list_break(&pplist, &npplist, btop(io_len));
2124                 ASSERT(npplist->p_offset == io_off + io_len);
2125                 ASSERT(npplist->p_prev->p_offset == pp_off + pp_len - PAGESIZE);
2126                 pvn_write_done(npplist, B_ERROR | B_WRITE | flags);
2127         }
2128 
2129         ASSERT(pplist->p_offset == io_off);
2130         ASSERT(pplist->p_prev->p_offset == io_off + io_len - PAGESIZE);
2131         ASSERT(btopr(io_len) <= btopr(kllen));
2132 
2133         /* Do i/o on the remaining kluster */
2134         err = VOP_PAGEIO(pvp, pplist, (u_offset_t)pstart, io_len,
2135             B_WRITE | flags, cr, NULL);
2136 
2137         if ((flags & B_ASYNC) == 0) {
2138                 pvn_write_done(pplist, ((err) ? B_ERROR : 0) | B_WRITE | flags);
2139         }
2140 out:
2141         if (!err) {
2142                 if (offp)
2143                         *offp = io_off;
2144                 if (lenp)
2145                         *lenp = io_len;
2146                 tmp_putpagecnt++;
2147                 tmp_pagespushed += btop(io_len);
2148         }
2149         if (err && err != ENOMEM && err != SE_NOSWAP)
2150                 cmn_err(CE_WARN, "tmp_putapage: err %d\n", err);
2151         return (err);
2152 }
2153 
2154 /* ARGSUSED */
2155 static int
2156 tmp_map(
2157         struct vnode *vp,
2158         offset_t off,
2159         struct as *as,
2160         caddr_t *addrp,
2161         size_t len,
2162         uchar_t prot,
2163         uchar_t maxprot,
2164         uint_t flags,
2165         struct cred *cred,
2166         caller_context_t *ct)
2167 {
2168         struct segvn_crargs vn_a;
2169         struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
2170         int error;
2171 
2172 #ifdef _ILP32
2173         if (len > MAXOFF_T)
2174                 return (ENOMEM);
2175 #endif
2176 
2177         if (vp->v_flag & VNOMAP)
2178                 return (ENOSYS);
2179 
2180         if (off < 0 || (offset_t)(off + len) < 0 ||
2181             off > MAXOFF_T || (off + len) > MAXOFF_T)
2182                 return (ENXIO);
2183 
2184         if (vp->v_type != VREG)
2185                 return (ENODEV);
2186 
2187         /*
2188          * Don't allow mapping to locked file
2189          */
2190         if (vn_has_mandatory_locks(vp, tp->tn_mode)) {
2191                 return (EAGAIN);
2192         }
2193 
2194         as_rangelock(as);
2195         error = choose_addr(as, addrp, len, off, ADDR_VACALIGN, flags);
2196         if (error != 0) {
2197                 as_rangeunlock(as);
2198                 return (error);
2199         }
2200 
2201         vn_a.vp = vp;
2202         vn_a.offset = (u_offset_t)off;
2203         vn_a.type = flags & MAP_TYPE;
2204         vn_a.prot = prot;
2205         vn_a.maxprot = maxprot;
2206         vn_a.flags = flags & ~MAP_TYPE;
2207         vn_a.cred = cred;
2208         vn_a.amp = NULL;
2209         vn_a.szc = 0;
2210         vn_a.lgrp_mem_policy_flags = 0;
2211 
2212         error = as_map(as, *addrp, len, segvn_create, &vn_a);
2213         as_rangeunlock(as);
2214         return (error);
2215 }
2216 
2217 /*
2218  * tmp_addmap and tmp_delmap can't be called since the vp
2219  * maintained in the segvn mapping is NULL.
2220  */
2221 /* ARGSUSED */
2222 static int
2223 tmp_addmap(
2224         struct vnode *vp,
2225         offset_t off,
2226         struct as *as,
2227         caddr_t addr,
2228         size_t len,
2229         uchar_t prot,
2230         uchar_t maxprot,
2231         uint_t flags,
2232         struct cred *cred,
2233         caller_context_t *ct)
2234 {
2235         return (0);
2236 }
2237 
2238 /* ARGSUSED */
2239 static int
2240 tmp_delmap(
2241         struct vnode *vp,
2242         offset_t off,
2243         struct as *as,
2244         caddr_t addr,
2245         size_t len,
2246         uint_t prot,
2247         uint_t maxprot,
2248         uint_t flags,
2249         struct cred *cred,
2250         caller_context_t *ct)
2251 {
2252         return (0);
2253 }
2254 
2255 static int
2256 tmp_freesp(struct vnode *vp, struct flock64 *lp, int flag)
2257 {
2258         register int i;
2259         register struct tmpnode *tp = VTOTN(vp);
2260         int error;
2261 
2262         ASSERT(vp->v_type == VREG);
2263         ASSERT(lp->l_start >= 0);
2264 
2265         if (lp->l_len != 0)
2266                 return (EINVAL);
2267 
2268         rw_enter(&tp->tn_rwlock, RW_WRITER);
2269         if (tp->tn_size == lp->l_start) {
2270                 rw_exit(&tp->tn_rwlock);
2271                 return (0);
2272         }
2273 
2274         /*
2275          * Check for any mandatory locks on the range
2276          */
2277         if (MANDLOCK(vp, tp->tn_mode)) {
2278                 long save_start;
2279 
2280                 save_start = lp->l_start;
2281 
2282                 if (tp->tn_size < lp->l_start) {
2283                         /*
2284                          * "Truncate up" case: need to make sure there
2285                          * is no lock beyond current end-of-file. To
2286                          * do so, we need to set l_start to the size
2287                          * of the file temporarily.
2288                          */
2289                         lp->l_start = tp->tn_size;
2290                 }
2291                 lp->l_type = F_WRLCK;
2292                 lp->l_sysid = 0;
2293                 lp->l_pid = ttoproc(curthread)->p_pid;
2294                 i = (flag & (FNDELAY|FNONBLOCK)) ? 0 : SLPFLCK;
2295                 if ((i = reclock(vp, lp, i, 0, lp->l_start, NULL)) != 0 ||
2296                     lp->l_type != F_UNLCK) {
2297                         rw_exit(&tp->tn_rwlock);
2298                         return (i ? i : EAGAIN);
2299                 }
2300 
2301                 lp->l_start = save_start;
2302         }
2303         VFSTOTM(vp->v_vfsp);
2304 
2305         rw_enter(&tp->tn_contents, RW_WRITER);
2306         error = tmpnode_trunc((struct tmount *)VFSTOTM(vp->v_vfsp),
2307             tp, (ulong_t)lp->l_start);
2308         rw_exit(&tp->tn_contents);
2309         rw_exit(&tp->tn_rwlock);
2310         return (error);
2311 }
2312 
2313 /* ARGSUSED */
2314 static int
2315 tmp_space(
2316         struct vnode *vp,
2317         int cmd,
2318         struct flock64 *bfp,
2319         int flag,
2320         offset_t offset,
2321         cred_t *cred,
2322         caller_context_t *ct)
2323 {
2324         int error;
2325 
2326         if (cmd != F_FREESP)
2327                 return (EINVAL);
2328         if ((error = convoff(vp, bfp, 0, (offset_t)offset)) == 0) {
2329                 if ((bfp->l_start > MAXOFF_T) || (bfp->l_len > MAXOFF_T))
2330                         return (EFBIG);
2331                 error = tmp_freesp(vp, bfp, flag);
2332 
2333                 if (error == 0 && bfp->l_start == 0)
2334                         vnevent_truncate(vp, ct);
2335         }
2336         return (error);
2337 }
2338 
2339 /* ARGSUSED */
2340 static int
2341 tmp_seek(
2342         struct vnode *vp,
2343         offset_t ooff,
2344         offset_t *noffp,
2345         caller_context_t *ct)
2346 {
2347         return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
2348 }
2349 
2350 /* ARGSUSED2 */
2351 static int
2352 tmp_rwlock(struct vnode *vp, int write_lock, caller_context_t *ctp)
2353 {
2354         struct tmpnode *tp = VTOTN(vp);
2355 
2356         if (write_lock) {
2357                 rw_enter(&tp->tn_rwlock, RW_WRITER);
2358         } else {
2359                 rw_enter(&tp->tn_rwlock, RW_READER);
2360         }
2361         return (write_lock);
2362 }
2363 
2364 /* ARGSUSED1 */
2365 static void
2366 tmp_rwunlock(struct vnode *vp, int write_lock, caller_context_t *ctp)
2367 {
2368         struct tmpnode *tp = VTOTN(vp);
2369 
2370         rw_exit(&tp->tn_rwlock);
2371 }
2372 
2373 static int
2374 tmp_pathconf(
2375         struct vnode *vp,
2376         int cmd,
2377         ulong_t *valp,
2378         cred_t *cr,
2379         caller_context_t *ct)
2380 {
2381         struct tmpnode *tp = NULL;
2382         int error;
2383 
2384         switch (cmd) {
2385         case _PC_XATTR_EXISTS:
2386                 if (vp->v_vfsp->vfs_flag & VFS_XATTR) {
2387                         *valp = 0;      /* assume no attributes */
2388                         error = 0;      /* okay to ask */
2389                         tp = VTOTN(vp);
2390                         rw_enter(&tp->tn_rwlock, RW_READER);
2391                         if (tp->tn_xattrdp) {
2392                                 rw_enter(&tp->tn_xattrdp->tn_rwlock, RW_READER);
2393                                 /* do not count "." and ".." */
2394                                 if (tp->tn_xattrdp->tn_dirents > 2)
2395                                         *valp = 1;
2396                                 rw_exit(&tp->tn_xattrdp->tn_rwlock);
2397                         }
2398                         rw_exit(&tp->tn_rwlock);
2399                 } else {
2400                         error = EINVAL;
2401                 }
2402                 break;
2403         case _PC_SATTR_ENABLED:
2404         case _PC_SATTR_EXISTS:
2405                 *valp = vfs_has_feature(vp->v_vfsp, VFSFT_SYSATTR_VIEWS) &&
2406                     (vp->v_type == VREG || vp->v_type == VDIR);
2407                 error = 0;
2408                 break;
2409         case _PC_TIMESTAMP_RESOLUTION:
2410                 /* nanosecond timestamp resolution */
2411                 *valp = 1L;
2412                 error = 0;
2413                 break;
2414         default:
2415                 error = fs_pathconf(vp, cmd, valp, cr, ct);
2416         }
2417         return (error);
2418 }
2419 
2420 
2421 struct vnodeops *tmp_vnodeops;
2422 
2423 const fs_operation_def_t tmp_vnodeops_template[] = {
2424         VOPNAME_OPEN,           { .vop_open = tmp_open },
2425         VOPNAME_CLOSE,          { .vop_close = tmp_close },
2426         VOPNAME_READ,           { .vop_read = tmp_read },
2427         VOPNAME_WRITE,          { .vop_write = tmp_write },
2428         VOPNAME_IOCTL,          { .vop_ioctl = tmp_ioctl },
2429         VOPNAME_GETATTR,        { .vop_getattr = tmp_getattr },
2430         VOPNAME_SETATTR,        { .vop_setattr = tmp_setattr },
2431         VOPNAME_ACCESS,         { .vop_access = tmp_access },
2432         VOPNAME_LOOKUP,         { .vop_lookup = tmp_lookup },
2433         VOPNAME_CREATE,         { .vop_create = tmp_create },
2434         VOPNAME_REMOVE,         { .vop_remove = tmp_remove },
2435         VOPNAME_LINK,           { .vop_link = tmp_link },
2436         VOPNAME_RENAME,         { .vop_rename = tmp_rename },
2437         VOPNAME_MKDIR,          { .vop_mkdir = tmp_mkdir },
2438         VOPNAME_RMDIR,          { .vop_rmdir = tmp_rmdir },
2439         VOPNAME_READDIR,        { .vop_readdir = tmp_readdir },
2440         VOPNAME_SYMLINK,        { .vop_symlink = tmp_symlink },
2441         VOPNAME_READLINK,       { .vop_readlink = tmp_readlink },
2442         VOPNAME_FSYNC,          { .vop_fsync = tmp_fsync },
2443         VOPNAME_INACTIVE,       { .vop_inactive = tmp_inactive },
2444         VOPNAME_FID,            { .vop_fid = tmp_fid },
2445         VOPNAME_RWLOCK,         { .vop_rwlock = tmp_rwlock },
2446         VOPNAME_RWUNLOCK,       { .vop_rwunlock = tmp_rwunlock },
2447         VOPNAME_SEEK,           { .vop_seek = tmp_seek },
2448         VOPNAME_SPACE,          { .vop_space = tmp_space },
2449         VOPNAME_GETPAGE,        { .vop_getpage = tmp_getpage },
2450         VOPNAME_PUTPAGE,        { .vop_putpage = tmp_putpage },
2451         VOPNAME_MAP,            { .vop_map = tmp_map },
2452         VOPNAME_ADDMAP,         { .vop_addmap = tmp_addmap },
2453         VOPNAME_DELMAP,         { .vop_delmap = tmp_delmap },
2454         VOPNAME_PATHCONF,       { .vop_pathconf = tmp_pathconf },
2455         VOPNAME_VNEVENT,        { .vop_vnevent = fs_vnevent_support },
2456         NULL,                   NULL
2457 };