xref: /freebsd/sys/fs/tmpfs/tmpfs_subr.c (revision 79d939126a819f31882343b5733c2073452a4218)
1 /*	$NetBSD: tmpfs_subr.c,v 1.35 2007/07/09 21:10:50 ad Exp $	*/
2 
3 /*-
4  * SPDX-License-Identifier: BSD-2-Clause-NetBSD
5  *
6  * Copyright (c) 2005 The NetBSD Foundation, Inc.
7  * All rights reserved.
8  *
9  * This code is derived from software contributed to The NetBSD Foundation
10  * by Julio M. Merino Vidal, developed as part of Google's Summer of Code
11  * 2005 program.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
23  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
26  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 /*
36  * Efficient memory file system supporting functions.
37  */
38 #include <sys/cdefs.h>
39 __FBSDID("$FreeBSD$");
40 
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/dirent.h>
44 #include <sys/fnv_hash.h>
45 #include <sys/lock.h>
46 #include <sys/limits.h>
47 #include <sys/mount.h>
48 #include <sys/namei.h>
49 #include <sys/priv.h>
50 #include <sys/proc.h>
51 #include <sys/random.h>
52 #include <sys/refcount.h>
53 #include <sys/rwlock.h>
54 #include <sys/smr.h>
55 #include <sys/stat.h>
56 #include <sys/sysctl.h>
57 #include <sys/user.h>
58 #include <sys/vnode.h>
59 #include <sys/vmmeter.h>
60 
61 #include <vm/vm.h>
62 #include <vm/vm_param.h>
63 #include <vm/vm_object.h>
64 #include <vm/vm_page.h>
65 #include <vm/vm_pageout.h>
66 #include <vm/vm_pager.h>
67 #include <vm/vm_extern.h>
68 #include <vm/swap_pager.h>
69 
70 #include <fs/tmpfs/tmpfs.h>
71 #include <fs/tmpfs/tmpfs_fifoops.h>
72 #include <fs/tmpfs/tmpfs_vnops.h>
73 
74 SYSCTL_NODE(_vfs, OID_AUTO, tmpfs, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
75     "tmpfs file system");
76 
77 static long tmpfs_pages_reserved = TMPFS_PAGES_MINRESERVED;
78 
79 MALLOC_DEFINE(M_TMPFSDIR, "tmpfs dir", "tmpfs dirent structure");
80 static uma_zone_t tmpfs_node_pool;
81 VFS_SMR_DECLARE;
82 
83 int tmpfs_pager_type = -1;
84 
85 static vm_object_t
86 tmpfs_pager_alloc(void *handle, vm_ooffset_t size, vm_prot_t prot,
87     vm_ooffset_t offset, struct ucred *cred)
88 {
89 	vm_object_t object;
90 
91 	MPASS(handle == NULL);
92 	MPASS(offset == 0);
93 	object = vm_object_allocate_dyn(tmpfs_pager_type, size,
94 	    OBJ_COLORED | OBJ_SWAP);
95 	if (!swap_pager_init_object(object, NULL, NULL, size, 0)) {
96 		vm_object_deallocate(object);
97 		object = NULL;
98 	}
99 	return (object);
100 }
101 
102 /*
103  * Make sure tmpfs vnodes with writable mappings can be found on the lazy list.
104  *
105  * This allows for periodic mtime updates while only scanning vnodes which are
106  * plausibly dirty, see tmpfs_update_mtime_lazy.
107  */
108 static void
109 tmpfs_pager_writecount_recalc(vm_object_t object, vm_offset_t old,
110     vm_offset_t new)
111 {
112 	struct vnode *vp;
113 
114 	VM_OBJECT_ASSERT_WLOCKED(object);
115 
116 	vp = object->un_pager.swp.swp_tmpfs;
117 
118 	/*
119 	 * Forced unmount?
120 	 */
121 	if (vp == NULL) {
122 		KASSERT((object->flags & OBJ_TMPFS_VREF) == 0,
123 		    ("object %p with OBJ_TMPFS_VREF but without vnode", object));
124 		VM_OBJECT_WUNLOCK(object);
125 		return;
126 	}
127 
128 	if (old == 0) {
129 		VNASSERT((object->flags & OBJ_TMPFS_VREF) == 0, vp,
130 		    ("object without writable mappings has a reference"));
131 		VNPASS(vp->v_usecount > 0, vp);
132 	} else {
133 		VNASSERT((object->flags & OBJ_TMPFS_VREF) != 0, vp,
134 		    ("object with writable mappings does not have a reference"));
135 	}
136 
137 	if (old == new) {
138 		VM_OBJECT_WUNLOCK(object);
139 		return;
140 	}
141 
142 	if (new == 0) {
143 		vm_object_clear_flag(object, OBJ_TMPFS_VREF);
144 		VM_OBJECT_WUNLOCK(object);
145 		vrele(vp);
146 	} else {
147 		if ((object->flags & OBJ_TMPFS_VREF) == 0) {
148 			vref(vp);
149 			vlazy(vp);
150 			vm_object_set_flag(object, OBJ_TMPFS_VREF);
151 		}
152 		VM_OBJECT_WUNLOCK(object);
153 	}
154 }
155 
156 static void
157 tmpfs_pager_update_writecount(vm_object_t object, vm_offset_t start,
158     vm_offset_t end)
159 {
160 	vm_offset_t new, old;
161 
162 	VM_OBJECT_WLOCK(object);
163 	KASSERT((object->flags & OBJ_ANON) == 0,
164 	    ("%s: object %p with OBJ_ANON", __func__, object));
165 	old = object->un_pager.swp.writemappings;
166 	object->un_pager.swp.writemappings += (vm_ooffset_t)end - start;
167 	new = object->un_pager.swp.writemappings;
168 	tmpfs_pager_writecount_recalc(object, old, new);
169 	VM_OBJECT_ASSERT_UNLOCKED(object);
170 }
171 
172 static void
173 tmpfs_pager_release_writecount(vm_object_t object, vm_offset_t start,
174     vm_offset_t end)
175 {
176 	vm_offset_t new, old;
177 
178 	VM_OBJECT_WLOCK(object);
179 	KASSERT((object->flags & OBJ_ANON) == 0,
180 	    ("%s: object %p with OBJ_ANON", __func__, object));
181 	old = object->un_pager.swp.writemappings;
182 	object->un_pager.swp.writemappings -= (vm_ooffset_t)end - start;
183 	new = object->un_pager.swp.writemappings;
184 	tmpfs_pager_writecount_recalc(object, old, new);
185 	VM_OBJECT_ASSERT_UNLOCKED(object);
186 }
187 
188 static void
189 tmpfs_pager_getvp(vm_object_t object, struct vnode **vpp, bool *vp_heldp)
190 {
191 	struct vnode *vp;
192 
193 	/*
194 	 * Tmpfs VREG node, which was reclaimed, has tmpfs_pager_type
195 	 * type, but not OBJ_TMPFS flag.  In this case there is no
196 	 * v_writecount to adjust.
197 	 */
198 	if (vp_heldp != NULL)
199 		VM_OBJECT_RLOCK(object);
200 	else
201 		VM_OBJECT_ASSERT_LOCKED(object);
202 	if ((object->flags & OBJ_TMPFS) != 0) {
203 		vp = object->un_pager.swp.swp_tmpfs;
204 		if (vp != NULL) {
205 			*vpp = vp;
206 			if (vp_heldp != NULL) {
207 				vhold(vp);
208 				*vp_heldp = true;
209 			}
210 		}
211 	}
212 	if (vp_heldp != NULL)
213 		VM_OBJECT_RUNLOCK(object);
214 }
215 
216 struct pagerops tmpfs_pager_ops = {
217 	.pgo_kvme_type = KVME_TYPE_VNODE,
218 	.pgo_alloc = tmpfs_pager_alloc,
219 	.pgo_set_writeable_dirty = vm_object_set_writeable_dirty_,
220 	.pgo_update_writecount = tmpfs_pager_update_writecount,
221 	.pgo_release_writecount = tmpfs_pager_release_writecount,
222 	.pgo_mightbedirty = vm_object_mightbedirty_,
223 	.pgo_getvp = tmpfs_pager_getvp,
224 };
225 
226 static int
227 tmpfs_node_ctor(void *mem, int size, void *arg, int flags)
228 {
229 	struct tmpfs_node *node;
230 
231 	node = mem;
232 	node->tn_gen++;
233 	node->tn_size = 0;
234 	node->tn_status = 0;
235 	node->tn_accessed = false;
236 	node->tn_flags = 0;
237 	node->tn_links = 0;
238 	node->tn_vnode = NULL;
239 	node->tn_vpstate = 0;
240 	return (0);
241 }
242 
243 static void
244 tmpfs_node_dtor(void *mem, int size, void *arg)
245 {
246 	struct tmpfs_node *node;
247 
248 	node = mem;
249 	node->tn_type = VNON;
250 }
251 
252 static int
253 tmpfs_node_init(void *mem, int size, int flags)
254 {
255 	struct tmpfs_node *node;
256 
257 	node = mem;
258 	node->tn_id = 0;
259 	mtx_init(&node->tn_interlock, "tmpfsni", NULL, MTX_DEF);
260 	node->tn_gen = arc4random();
261 	return (0);
262 }
263 
264 static void
265 tmpfs_node_fini(void *mem, int size)
266 {
267 	struct tmpfs_node *node;
268 
269 	node = mem;
270 	mtx_destroy(&node->tn_interlock);
271 }
272 
273 int
274 tmpfs_subr_init(void)
275 {
276 	tmpfs_pager_type = vm_pager_alloc_dyn_type(&tmpfs_pager_ops,
277 	    OBJT_SWAP);
278 	if (tmpfs_pager_type == -1)
279 		return (EINVAL);
280 	tmpfs_node_pool = uma_zcreate("TMPFS node",
281 	    sizeof(struct tmpfs_node), tmpfs_node_ctor, tmpfs_node_dtor,
282 	    tmpfs_node_init, tmpfs_node_fini, UMA_ALIGN_PTR, 0);
283 	VFS_SMR_ZONE_SET(tmpfs_node_pool);
284 	return (0);
285 }
286 
287 void
288 tmpfs_subr_uninit(void)
289 {
290 	if (tmpfs_pager_type != -1)
291 		vm_pager_free_dyn_type(tmpfs_pager_type);
292 	tmpfs_pager_type = -1;
293 	uma_zdestroy(tmpfs_node_pool);
294 }
295 
296 static int
297 sysctl_mem_reserved(SYSCTL_HANDLER_ARGS)
298 {
299 	int error;
300 	long pages, bytes;
301 
302 	pages = *(long *)arg1;
303 	bytes = pages * PAGE_SIZE;
304 
305 	error = sysctl_handle_long(oidp, &bytes, 0, req);
306 	if (error || !req->newptr)
307 		return (error);
308 
309 	pages = bytes / PAGE_SIZE;
310 	if (pages < TMPFS_PAGES_MINRESERVED)
311 		return (EINVAL);
312 
313 	*(long *)arg1 = pages;
314 	return (0);
315 }
316 
317 SYSCTL_PROC(_vfs_tmpfs, OID_AUTO, memory_reserved,
318     CTLTYPE_LONG|CTLFLAG_MPSAFE|CTLFLAG_RW, &tmpfs_pages_reserved, 0,
319     sysctl_mem_reserved, "L",
320     "Amount of available memory and swap below which tmpfs growth stops");
321 
322 static __inline int tmpfs_dirtree_cmp(struct tmpfs_dirent *a,
323     struct tmpfs_dirent *b);
324 RB_PROTOTYPE_STATIC(tmpfs_dir, tmpfs_dirent, uh.td_entries, tmpfs_dirtree_cmp);
325 
326 size_t
327 tmpfs_mem_avail(void)
328 {
329 	size_t avail;
330 	long reserved;
331 
332 	avail = swap_pager_avail + vm_free_count();
333 	reserved = atomic_load_long(&tmpfs_pages_reserved);
334 	if (__predict_false(avail < reserved))
335 		return (0);
336 	return (avail - reserved);
337 }
338 
339 size_t
340 tmpfs_pages_used(struct tmpfs_mount *tmp)
341 {
342 	const size_t node_size = sizeof(struct tmpfs_node) +
343 	    sizeof(struct tmpfs_dirent);
344 	size_t meta_pages;
345 
346 	meta_pages = howmany((uintmax_t)tmp->tm_nodes_inuse * node_size,
347 	    PAGE_SIZE);
348 	return (meta_pages + tmp->tm_pages_used);
349 }
350 
351 static size_t
352 tmpfs_pages_check_avail(struct tmpfs_mount *tmp, size_t req_pages)
353 {
354 	if (tmpfs_mem_avail() < req_pages)
355 		return (0);
356 
357 	if (tmp->tm_pages_max != ULONG_MAX &&
358 	    tmp->tm_pages_max < req_pages + tmpfs_pages_used(tmp))
359 			return (0);
360 
361 	return (1);
362 }
363 
364 static int
365 tmpfs_partial_page_invalidate(vm_object_t object, vm_pindex_t idx, int base,
366     int end, boolean_t ignerr)
367 {
368 	vm_page_t m;
369 	int rv, error;
370 
371 	VM_OBJECT_ASSERT_WLOCKED(object);
372 	KASSERT(base >= 0, ("%s: base %d", __func__, base));
373 	KASSERT(end - base <= PAGE_SIZE, ("%s: base %d end %d", __func__, base,
374 	    end));
375 	error = 0;
376 
377 retry:
378 	m = vm_page_grab(object, idx, VM_ALLOC_NOCREAT);
379 	if (m != NULL) {
380 		MPASS(vm_page_all_valid(m));
381 	} else if (vm_pager_has_page(object, idx, NULL, NULL)) {
382 		m = vm_page_alloc(object, idx, VM_ALLOC_NORMAL |
383 		    VM_ALLOC_WAITFAIL);
384 		if (m == NULL)
385 			goto retry;
386 		vm_object_pip_add(object, 1);
387 		VM_OBJECT_WUNLOCK(object);
388 		rv = vm_pager_get_pages(object, &m, 1, NULL, NULL);
389 		VM_OBJECT_WLOCK(object);
390 		vm_object_pip_wakeup(object);
391 		if (rv == VM_PAGER_OK) {
392 			/*
393 			 * Since the page was not resident, and therefore not
394 			 * recently accessed, immediately enqueue it for
395 			 * asynchronous laundering.  The current operation is
396 			 * not regarded as an access.
397 			 */
398 			vm_page_launder(m);
399 		} else {
400 			vm_page_free(m);
401 			m = NULL;
402 			if (!ignerr)
403 				error = EIO;
404 		}
405 	}
406 	if (m != NULL) {
407 		pmap_zero_page_area(m, base, end - base);
408 		vm_page_set_dirty(m);
409 		vm_page_xunbusy(m);
410 	}
411 
412 	return (error);
413 }
414 
415 void
416 tmpfs_ref_node(struct tmpfs_node *node)
417 {
418 #ifdef INVARIANTS
419 	u_int old;
420 
421 	old =
422 #endif
423 	refcount_acquire(&node->tn_refcount);
424 #ifdef INVARIANTS
425 	KASSERT(old > 0, ("node %p zero refcount", node));
426 #endif
427 }
428 
429 /*
430  * Allocates a new node of type 'type' inside the 'tmp' mount point, with
431  * its owner set to 'uid', its group to 'gid' and its mode set to 'mode',
432  * using the credentials of the process 'p'.
433  *
434  * If the node type is set to 'VDIR', then the parent parameter must point
435  * to the parent directory of the node being created.  It may only be NULL
436  * while allocating the root node.
437  *
438  * If the node type is set to 'VBLK' or 'VCHR', then the rdev parameter
439  * specifies the device the node represents.
440  *
441  * If the node type is set to 'VLNK', then the parameter target specifies
442  * the file name of the target file for the symbolic link that is being
443  * created.
444  *
445  * Note that new nodes are retrieved from the available list if it has
446  * items or, if it is empty, from the node pool as long as there is enough
447  * space to create them.
448  *
449  * Returns zero on success or an appropriate error code on failure.
450  */
451 int
452 tmpfs_alloc_node(struct mount *mp, struct tmpfs_mount *tmp, enum vtype type,
453     uid_t uid, gid_t gid, mode_t mode, struct tmpfs_node *parent,
454     const char *target, dev_t rdev, struct tmpfs_node **node)
455 {
456 	struct tmpfs_node *nnode;
457 	char *symlink;
458 	char symlink_smr;
459 
460 	/* If the root directory of the 'tmp' file system is not yet
461 	 * allocated, this must be the request to do it. */
462 	MPASS(IMPLIES(tmp->tm_root == NULL, parent == NULL && type == VDIR));
463 
464 	MPASS(IFF(type == VLNK, target != NULL));
465 	MPASS(IFF(type == VBLK || type == VCHR, rdev != VNOVAL));
466 
467 	if (tmp->tm_nodes_inuse >= tmp->tm_nodes_max)
468 		return (ENOSPC);
469 	if (tmpfs_pages_check_avail(tmp, 1) == 0)
470 		return (ENOSPC);
471 
472 	if ((mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) {
473 		/*
474 		 * When a new tmpfs node is created for fully
475 		 * constructed mount point, there must be a parent
476 		 * node, which vnode is locked exclusively.  As
477 		 * consequence, if the unmount is executing in
478 		 * parallel, vflush() cannot reclaim the parent vnode.
479 		 * Due to this, the check for MNTK_UNMOUNT flag is not
480 		 * racy: if we did not see MNTK_UNMOUNT flag, then tmp
481 		 * cannot be destroyed until node construction is
482 		 * finished and the parent vnode unlocked.
483 		 *
484 		 * Tmpfs does not need to instantiate new nodes during
485 		 * unmount.
486 		 */
487 		return (EBUSY);
488 	}
489 	if ((mp->mnt_kern_flag & MNT_RDONLY) != 0)
490 		return (EROFS);
491 
492 	nnode = uma_zalloc_smr(tmpfs_node_pool, M_WAITOK);
493 
494 	/* Generic initialization. */
495 	nnode->tn_type = type;
496 	vfs_timestamp(&nnode->tn_atime);
497 	nnode->tn_birthtime = nnode->tn_ctime = nnode->tn_mtime =
498 	    nnode->tn_atime;
499 	nnode->tn_uid = uid;
500 	nnode->tn_gid = gid;
501 	nnode->tn_mode = mode;
502 	nnode->tn_id = alloc_unr64(&tmp->tm_ino_unr);
503 	nnode->tn_refcount = 1;
504 
505 	/* Type-specific initialization. */
506 	switch (nnode->tn_type) {
507 	case VBLK:
508 	case VCHR:
509 		nnode->tn_rdev = rdev;
510 		break;
511 
512 	case VDIR:
513 		RB_INIT(&nnode->tn_dir.tn_dirhead);
514 		LIST_INIT(&nnode->tn_dir.tn_dupindex);
515 		MPASS(parent != nnode);
516 		MPASS(IMPLIES(parent == NULL, tmp->tm_root == NULL));
517 		nnode->tn_dir.tn_parent = (parent == NULL) ? nnode : parent;
518 		nnode->tn_dir.tn_readdir_lastn = 0;
519 		nnode->tn_dir.tn_readdir_lastp = NULL;
520 		nnode->tn_links++;
521 		TMPFS_NODE_LOCK(nnode->tn_dir.tn_parent);
522 		nnode->tn_dir.tn_parent->tn_links++;
523 		TMPFS_NODE_UNLOCK(nnode->tn_dir.tn_parent);
524 		break;
525 
526 	case VFIFO:
527 		/* FALLTHROUGH */
528 	case VSOCK:
529 		break;
530 
531 	case VLNK:
532 		MPASS(strlen(target) < MAXPATHLEN);
533 		nnode->tn_size = strlen(target);
534 
535 		symlink = NULL;
536 		if (!tmp->tm_nonc) {
537 			symlink = cache_symlink_alloc(nnode->tn_size + 1, M_WAITOK);
538 			symlink_smr = true;
539 		}
540 		if (symlink == NULL) {
541 			symlink = malloc(nnode->tn_size + 1, M_TMPFSNAME, M_WAITOK);
542 			symlink_smr = false;
543 		}
544 		memcpy(symlink, target, nnode->tn_size + 1);
545 
546 		/*
547 		 * Allow safe symlink resolving for lockless lookup.
548 		 * tmpfs_fplookup_symlink references this comment.
549 		 *
550 		 * 1. nnode is not yet visible to the world
551 		 * 2. both tn_link_target and tn_link_smr get populated
552 		 * 3. release fence publishes their content
553 		 * 4. tn_link_target content is immutable until node destruction,
554 		 *    where the pointer gets set to NULL
555 		 * 5. tn_link_smr is never changed once set
556 		 *
557 		 * As a result it is sufficient to issue load consume on the node
558 		 * pointer to also get the above content in a stable manner.
559 		 * Worst case tn_link_smr flag may be set to true despite being stale,
560 		 * while the target buffer is already cleared out.
561 		 */
562 		atomic_store_ptr(&nnode->tn_link_target, symlink);
563 		atomic_store_char((char *)&nnode->tn_link_smr, symlink_smr);
564 		atomic_thread_fence_rel();
565 		break;
566 
567 	case VREG:
568 		nnode->tn_reg.tn_aobj =
569 		    vm_pager_allocate(tmpfs_pager_type, NULL, 0,
570 			VM_PROT_DEFAULT, 0,
571 			NULL /* XXXKIB - tmpfs needs swap reservation */);
572 		/* OBJ_TMPFS is set together with the setting of vp->v_object */
573 		nnode->tn_reg.tn_tmp = tmp;
574 		break;
575 
576 	default:
577 		panic("tmpfs_alloc_node: type %p %d", nnode,
578 		    (int)nnode->tn_type);
579 	}
580 
581 	TMPFS_LOCK(tmp);
582 	LIST_INSERT_HEAD(&tmp->tm_nodes_used, nnode, tn_entries);
583 	nnode->tn_attached = true;
584 	tmp->tm_nodes_inuse++;
585 	tmp->tm_refcount++;
586 	TMPFS_UNLOCK(tmp);
587 
588 	*node = nnode;
589 	return (0);
590 }
591 
592 /*
593  * Destroys the node pointed to by node from the file system 'tmp'.
594  * If the node references a directory, no entries are allowed.
595  */
596 void
597 tmpfs_free_node(struct tmpfs_mount *tmp, struct tmpfs_node *node)
598 {
599 	if (refcount_release_if_not_last(&node->tn_refcount))
600 		return;
601 
602 	TMPFS_LOCK(tmp);
603 	TMPFS_NODE_LOCK(node);
604 	if (!tmpfs_free_node_locked(tmp, node, false)) {
605 		TMPFS_NODE_UNLOCK(node);
606 		TMPFS_UNLOCK(tmp);
607 	}
608 }
609 
610 bool
611 tmpfs_free_node_locked(struct tmpfs_mount *tmp, struct tmpfs_node *node,
612     bool detach)
613 {
614 	vm_object_t uobj;
615 	char *symlink;
616 	bool last;
617 
618 	TMPFS_MP_ASSERT_LOCKED(tmp);
619 	TMPFS_NODE_ASSERT_LOCKED(node);
620 
621 	last = refcount_release(&node->tn_refcount);
622 	if (node->tn_attached && (detach || last)) {
623 		MPASS(tmp->tm_nodes_inuse > 0);
624 		tmp->tm_nodes_inuse--;
625 		LIST_REMOVE(node, tn_entries);
626 		node->tn_attached = false;
627 	}
628 	if (!last)
629 		return (false);
630 
631 	TMPFS_NODE_UNLOCK(node);
632 
633 #ifdef INVARIANTS
634 	MPASS(node->tn_vnode == NULL);
635 	MPASS((node->tn_vpstate & TMPFS_VNODE_ALLOCATING) == 0);
636 
637 	/*
638 	 * Make sure this is a node type we can deal with. Everything is explicitly
639 	 * enumerated without the 'default' clause so the compiler can throw an
640 	 * error in case a new type is added.
641 	 */
642 	switch (node->tn_type) {
643 	case VBLK:
644 	case VCHR:
645 	case VDIR:
646 	case VFIFO:
647 	case VSOCK:
648 	case VLNK:
649 	case VREG:
650 		break;
651 	case VNON:
652 	case VBAD:
653 	case VMARKER:
654 		panic("%s: bad type %d for node %p", __func__, (int)node->tn_type, node);
655 	}
656 #endif
657 
658 	switch (node->tn_type) {
659 	case VREG:
660 		uobj = node->tn_reg.tn_aobj;
661 		if (uobj != NULL) {
662 			if (uobj->size != 0)
663 				atomic_subtract_long(&tmp->tm_pages_used, uobj->size);
664 		}
665 
666 		tmpfs_free_tmp(tmp);
667 
668 		if (uobj != NULL) {
669 			KASSERT((uobj->flags & OBJ_TMPFS) == 0,
670 			    ("leaked OBJ_TMPFS node %p vm_obj %p", node, uobj));
671 			vm_object_deallocate(uobj);
672 		}
673 		break;
674 	case VLNK:
675 		tmpfs_free_tmp(tmp);
676 
677 		symlink = node->tn_link_target;
678 		atomic_store_ptr(&node->tn_link_target, NULL);
679 		if (atomic_load_char(&node->tn_link_smr)) {
680 			cache_symlink_free(symlink, node->tn_size + 1);
681 		} else {
682 			free(symlink, M_TMPFSNAME);
683 		}
684 		break;
685 	default:
686 		tmpfs_free_tmp(tmp);
687 		break;
688 	}
689 
690 	uma_zfree_smr(tmpfs_node_pool, node);
691 	return (true);
692 }
693 
694 static __inline uint32_t
695 tmpfs_dirent_hash(const char *name, u_int len)
696 {
697 	uint32_t hash;
698 
699 	hash = fnv_32_buf(name, len, FNV1_32_INIT + len) & TMPFS_DIRCOOKIE_MASK;
700 #ifdef TMPFS_DEBUG_DIRCOOKIE_DUP
701 	hash &= 0xf;
702 #endif
703 	if (hash < TMPFS_DIRCOOKIE_MIN)
704 		hash += TMPFS_DIRCOOKIE_MIN;
705 
706 	return (hash);
707 }
708 
709 static __inline off_t
710 tmpfs_dirent_cookie(struct tmpfs_dirent *de)
711 {
712 	if (de == NULL)
713 		return (TMPFS_DIRCOOKIE_EOF);
714 
715 	MPASS(de->td_cookie >= TMPFS_DIRCOOKIE_MIN);
716 
717 	return (de->td_cookie);
718 }
719 
720 static __inline boolean_t
721 tmpfs_dirent_dup(struct tmpfs_dirent *de)
722 {
723 	return ((de->td_cookie & TMPFS_DIRCOOKIE_DUP) != 0);
724 }
725 
726 static __inline boolean_t
727 tmpfs_dirent_duphead(struct tmpfs_dirent *de)
728 {
729 	return ((de->td_cookie & TMPFS_DIRCOOKIE_DUPHEAD) != 0);
730 }
731 
732 void
733 tmpfs_dirent_init(struct tmpfs_dirent *de, const char *name, u_int namelen)
734 {
735 	de->td_hash = de->td_cookie = tmpfs_dirent_hash(name, namelen);
736 	memcpy(de->ud.td_name, name, namelen);
737 	de->td_namelen = namelen;
738 }
739 
740 /*
741  * Allocates a new directory entry for the node node with a name of name.
742  * The new directory entry is returned in *de.
743  *
744  * The link count of node is increased by one to reflect the new object
745  * referencing it.
746  *
747  * Returns zero on success or an appropriate error code on failure.
748  */
749 int
750 tmpfs_alloc_dirent(struct tmpfs_mount *tmp, struct tmpfs_node *node,
751     const char *name, u_int len, struct tmpfs_dirent **de)
752 {
753 	struct tmpfs_dirent *nde;
754 
755 	nde = malloc(sizeof(*nde), M_TMPFSDIR, M_WAITOK);
756 	nde->td_node = node;
757 	if (name != NULL) {
758 		nde->ud.td_name = malloc(len, M_TMPFSNAME, M_WAITOK);
759 		tmpfs_dirent_init(nde, name, len);
760 	} else
761 		nde->td_namelen = 0;
762 	if (node != NULL)
763 		node->tn_links++;
764 
765 	*de = nde;
766 
767 	return (0);
768 }
769 
770 /*
771  * Frees a directory entry.  It is the caller's responsibility to destroy
772  * the node referenced by it if needed.
773  *
774  * The link count of node is decreased by one to reflect the removal of an
775  * object that referenced it.  This only happens if 'node_exists' is true;
776  * otherwise the function will not access the node referred to by the
777  * directory entry, as it may already have been released from the outside.
778  */
779 void
780 tmpfs_free_dirent(struct tmpfs_mount *tmp, struct tmpfs_dirent *de)
781 {
782 	struct tmpfs_node *node;
783 
784 	node = de->td_node;
785 	if (node != NULL) {
786 		MPASS(node->tn_links > 0);
787 		node->tn_links--;
788 	}
789 	if (!tmpfs_dirent_duphead(de) && de->ud.td_name != NULL)
790 		free(de->ud.td_name, M_TMPFSNAME);
791 	free(de, M_TMPFSDIR);
792 }
793 
794 void
795 tmpfs_destroy_vobject(struct vnode *vp, vm_object_t obj)
796 {
797 	bool want_vrele;
798 
799 	ASSERT_VOP_ELOCKED(vp, "tmpfs_destroy_vobject");
800 	if (vp->v_type != VREG || obj == NULL)
801 		return;
802 
803 	VM_OBJECT_WLOCK(obj);
804 	VI_LOCK(vp);
805 	/*
806 	 * May be going through forced unmount.
807 	 */
808 	want_vrele = false;
809 	if ((obj->flags & OBJ_TMPFS_VREF) != 0) {
810 		vm_object_clear_flag(obj, OBJ_TMPFS_VREF);
811 		want_vrele = true;
812 	}
813 
814 	vm_object_clear_flag(obj, OBJ_TMPFS);
815 	obj->un_pager.swp.swp_tmpfs = NULL;
816 	if (vp->v_writecount < 0)
817 		vp->v_writecount = 0;
818 	VI_UNLOCK(vp);
819 	VM_OBJECT_WUNLOCK(obj);
820 	if (want_vrele) {
821 		vrele(vp);
822 	}
823 }
824 
825 /*
826  * Allocates a new vnode for the node node or returns a new reference to
827  * an existing one if the node had already a vnode referencing it.  The
828  * resulting locked vnode is returned in *vpp.
829  *
830  * Returns zero on success or an appropriate error code on failure.
831  */
832 int
833 tmpfs_alloc_vp(struct mount *mp, struct tmpfs_node *node, int lkflag,
834     struct vnode **vpp)
835 {
836 	struct vnode *vp;
837 	enum vgetstate vs;
838 	struct tmpfs_mount *tm;
839 	vm_object_t object;
840 	int error;
841 
842 	error = 0;
843 	tm = VFS_TO_TMPFS(mp);
844 	TMPFS_NODE_LOCK(node);
845 	tmpfs_ref_node(node);
846 loop:
847 	TMPFS_NODE_ASSERT_LOCKED(node);
848 	if ((vp = node->tn_vnode) != NULL) {
849 		MPASS((node->tn_vpstate & TMPFS_VNODE_DOOMED) == 0);
850 		if ((node->tn_type == VDIR && node->tn_dir.tn_parent == NULL) ||
851 		    (VN_IS_DOOMED(vp) &&
852 		     (lkflag & LK_NOWAIT) != 0)) {
853 			TMPFS_NODE_UNLOCK(node);
854 			error = ENOENT;
855 			vp = NULL;
856 			goto out;
857 		}
858 		if (VN_IS_DOOMED(vp)) {
859 			node->tn_vpstate |= TMPFS_VNODE_WRECLAIM;
860 			while ((node->tn_vpstate & TMPFS_VNODE_WRECLAIM) != 0) {
861 				msleep(&node->tn_vnode, TMPFS_NODE_MTX(node),
862 				    0, "tmpfsE", 0);
863 			}
864 			goto loop;
865 		}
866 		vs = vget_prep(vp);
867 		TMPFS_NODE_UNLOCK(node);
868 		error = vget_finish(vp, lkflag, vs);
869 		if (error == ENOENT) {
870 			TMPFS_NODE_LOCK(node);
871 			goto loop;
872 		}
873 		if (error != 0) {
874 			vp = NULL;
875 			goto out;
876 		}
877 
878 		/*
879 		 * Make sure the vnode is still there after
880 		 * getting the interlock to avoid racing a free.
881 		 */
882 		if (node->tn_vnode != vp) {
883 			vput(vp);
884 			TMPFS_NODE_LOCK(node);
885 			goto loop;
886 		}
887 
888 		goto out;
889 	}
890 
891 	if ((node->tn_vpstate & TMPFS_VNODE_DOOMED) ||
892 	    (node->tn_type == VDIR && node->tn_dir.tn_parent == NULL)) {
893 		TMPFS_NODE_UNLOCK(node);
894 		error = ENOENT;
895 		vp = NULL;
896 		goto out;
897 	}
898 
899 	/*
900 	 * otherwise lock the vp list while we call getnewvnode
901 	 * since that can block.
902 	 */
903 	if (node->tn_vpstate & TMPFS_VNODE_ALLOCATING) {
904 		node->tn_vpstate |= TMPFS_VNODE_WANT;
905 		error = msleep((caddr_t) &node->tn_vpstate,
906 		    TMPFS_NODE_MTX(node), 0, "tmpfs_alloc_vp", 0);
907 		if (error != 0)
908 			goto out;
909 		goto loop;
910 	} else
911 		node->tn_vpstate |= TMPFS_VNODE_ALLOCATING;
912 
913 	TMPFS_NODE_UNLOCK(node);
914 
915 	/* Get a new vnode and associate it with our node. */
916 	error = getnewvnode("tmpfs", mp, VFS_TO_TMPFS(mp)->tm_nonc ?
917 	    &tmpfs_vnodeop_nonc_entries : &tmpfs_vnodeop_entries, &vp);
918 	if (error != 0)
919 		goto unlock;
920 	MPASS(vp != NULL);
921 
922 	/* lkflag is ignored, the lock is exclusive */
923 	(void) vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
924 
925 	vp->v_data = node;
926 	vp->v_type = node->tn_type;
927 
928 	/* Type-specific initialization. */
929 	switch (node->tn_type) {
930 	case VBLK:
931 		/* FALLTHROUGH */
932 	case VCHR:
933 		/* FALLTHROUGH */
934 	case VLNK:
935 		/* FALLTHROUGH */
936 	case VSOCK:
937 		break;
938 	case VFIFO:
939 		vp->v_op = &tmpfs_fifoop_entries;
940 		break;
941 	case VREG:
942 		object = node->tn_reg.tn_aobj;
943 		VM_OBJECT_WLOCK(object);
944 		KASSERT((object->flags & OBJ_TMPFS_VREF) == 0,
945 		    ("%s: object %p with OBJ_TMPFS_VREF but without vnode",
946 		    __func__, object));
947 		KASSERT(object->un_pager.swp.writemappings == 0,
948 		    ("%s: object %p has writemappings",
949 		    __func__, object));
950 		VI_LOCK(vp);
951 		KASSERT(vp->v_object == NULL, ("Not NULL v_object in tmpfs"));
952 		vp->v_object = object;
953 		object->un_pager.swp.swp_tmpfs = vp;
954 		vm_object_set_flag(object, OBJ_TMPFS);
955 		vn_irflag_set_locked(vp, VIRF_PGREAD | VIRF_TEXT_REF);
956 		VI_UNLOCK(vp);
957 		VM_OBJECT_WUNLOCK(object);
958 		break;
959 	case VDIR:
960 		MPASS(node->tn_dir.tn_parent != NULL);
961 		if (node->tn_dir.tn_parent == node)
962 			vp->v_vflag |= VV_ROOT;
963 		break;
964 
965 	default:
966 		panic("tmpfs_alloc_vp: type %p %d", node, (int)node->tn_type);
967 	}
968 	if (vp->v_type != VFIFO)
969 		VN_LOCK_ASHARE(vp);
970 
971 	error = insmntque1(vp, mp);
972 	if (error != 0) {
973 		/* Need to clear v_object for insmntque failure. */
974 		tmpfs_destroy_vobject(vp, vp->v_object);
975 		vp->v_object = NULL;
976 		vp->v_data = NULL;
977 		vp->v_op = &dead_vnodeops;
978 		vgone(vp);
979 		vput(vp);
980 		vp = NULL;
981 	}
982 
983 unlock:
984 	TMPFS_NODE_LOCK(node);
985 
986 	MPASS(node->tn_vpstate & TMPFS_VNODE_ALLOCATING);
987 	node->tn_vpstate &= ~TMPFS_VNODE_ALLOCATING;
988 	node->tn_vnode = vp;
989 
990 	if (node->tn_vpstate & TMPFS_VNODE_WANT) {
991 		node->tn_vpstate &= ~TMPFS_VNODE_WANT;
992 		TMPFS_NODE_UNLOCK(node);
993 		wakeup((caddr_t) &node->tn_vpstate);
994 	} else
995 		TMPFS_NODE_UNLOCK(node);
996 
997 out:
998 	if (error == 0) {
999 		*vpp = vp;
1000 
1001 #ifdef INVARIANTS
1002 		MPASS(*vpp != NULL && VOP_ISLOCKED(*vpp));
1003 		TMPFS_NODE_LOCK(node);
1004 		MPASS(*vpp == node->tn_vnode);
1005 		TMPFS_NODE_UNLOCK(node);
1006 #endif
1007 	}
1008 	tmpfs_free_node(tm, node);
1009 
1010 	return (error);
1011 }
1012 
1013 /*
1014  * Destroys the association between the vnode vp and the node it
1015  * references.
1016  */
1017 void
1018 tmpfs_free_vp(struct vnode *vp)
1019 {
1020 	struct tmpfs_node *node;
1021 
1022 	node = VP_TO_TMPFS_NODE(vp);
1023 
1024 	TMPFS_NODE_ASSERT_LOCKED(node);
1025 	node->tn_vnode = NULL;
1026 	if ((node->tn_vpstate & TMPFS_VNODE_WRECLAIM) != 0)
1027 		wakeup(&node->tn_vnode);
1028 	node->tn_vpstate &= ~TMPFS_VNODE_WRECLAIM;
1029 	vp->v_data = NULL;
1030 }
1031 
1032 /*
1033  * Allocates a new file of type 'type' and adds it to the parent directory
1034  * 'dvp'; this addition is done using the component name given in 'cnp'.
1035  * The ownership of the new file is automatically assigned based on the
1036  * credentials of the caller (through 'cnp'), the group is set based on
1037  * the parent directory and the mode is determined from the 'vap' argument.
1038  * If successful, *vpp holds a vnode to the newly created file and zero
1039  * is returned.  Otherwise *vpp is NULL and the function returns an
1040  * appropriate error code.
1041  */
1042 int
1043 tmpfs_alloc_file(struct vnode *dvp, struct vnode **vpp, struct vattr *vap,
1044     struct componentname *cnp, const char *target)
1045 {
1046 	int error;
1047 	struct tmpfs_dirent *de;
1048 	struct tmpfs_mount *tmp;
1049 	struct tmpfs_node *dnode;
1050 	struct tmpfs_node *node;
1051 	struct tmpfs_node *parent;
1052 
1053 	ASSERT_VOP_ELOCKED(dvp, "tmpfs_alloc_file");
1054 	MPASS(cnp->cn_flags & HASBUF);
1055 
1056 	tmp = VFS_TO_TMPFS(dvp->v_mount);
1057 	dnode = VP_TO_TMPFS_DIR(dvp);
1058 	*vpp = NULL;
1059 
1060 	/* If the entry we are creating is a directory, we cannot overflow
1061 	 * the number of links of its parent, because it will get a new
1062 	 * link. */
1063 	if (vap->va_type == VDIR) {
1064 		/* Ensure that we do not overflow the maximum number of links
1065 		 * imposed by the system. */
1066 		MPASS(dnode->tn_links <= TMPFS_LINK_MAX);
1067 		if (dnode->tn_links == TMPFS_LINK_MAX) {
1068 			return (EMLINK);
1069 		}
1070 
1071 		parent = dnode;
1072 		MPASS(parent != NULL);
1073 	} else
1074 		parent = NULL;
1075 
1076 	/* Allocate a node that represents the new file. */
1077 	error = tmpfs_alloc_node(dvp->v_mount, tmp, vap->va_type,
1078 	    cnp->cn_cred->cr_uid, dnode->tn_gid, vap->va_mode, parent,
1079 	    target, vap->va_rdev, &node);
1080 	if (error != 0)
1081 		return (error);
1082 
1083 	/* Allocate a directory entry that points to the new file. */
1084 	error = tmpfs_alloc_dirent(tmp, node, cnp->cn_nameptr, cnp->cn_namelen,
1085 	    &de);
1086 	if (error != 0) {
1087 		tmpfs_free_node(tmp, node);
1088 		return (error);
1089 	}
1090 
1091 	/* Allocate a vnode for the new file. */
1092 	error = tmpfs_alloc_vp(dvp->v_mount, node, LK_EXCLUSIVE, vpp);
1093 	if (error != 0) {
1094 		tmpfs_free_dirent(tmp, de);
1095 		tmpfs_free_node(tmp, node);
1096 		return (error);
1097 	}
1098 
1099 	/* Now that all required items are allocated, we can proceed to
1100 	 * insert the new node into the directory, an operation that
1101 	 * cannot fail. */
1102 	if (cnp->cn_flags & ISWHITEOUT)
1103 		tmpfs_dir_whiteout_remove(dvp, cnp);
1104 	tmpfs_dir_attach(dvp, de);
1105 	return (0);
1106 }
1107 
1108 struct tmpfs_dirent *
1109 tmpfs_dir_first(struct tmpfs_node *dnode, struct tmpfs_dir_cursor *dc)
1110 {
1111 	struct tmpfs_dirent *de;
1112 
1113 	de = RB_MIN(tmpfs_dir, &dnode->tn_dir.tn_dirhead);
1114 	dc->tdc_tree = de;
1115 	if (de != NULL && tmpfs_dirent_duphead(de))
1116 		de = LIST_FIRST(&de->ud.td_duphead);
1117 	dc->tdc_current = de;
1118 
1119 	return (dc->tdc_current);
1120 }
1121 
1122 struct tmpfs_dirent *
1123 tmpfs_dir_next(struct tmpfs_node *dnode, struct tmpfs_dir_cursor *dc)
1124 {
1125 	struct tmpfs_dirent *de;
1126 
1127 	MPASS(dc->tdc_tree != NULL);
1128 	if (tmpfs_dirent_dup(dc->tdc_current)) {
1129 		dc->tdc_current = LIST_NEXT(dc->tdc_current, uh.td_dup.entries);
1130 		if (dc->tdc_current != NULL)
1131 			return (dc->tdc_current);
1132 	}
1133 	dc->tdc_tree = dc->tdc_current = RB_NEXT(tmpfs_dir,
1134 	    &dnode->tn_dir.tn_dirhead, dc->tdc_tree);
1135 	if ((de = dc->tdc_current) != NULL && tmpfs_dirent_duphead(de)) {
1136 		dc->tdc_current = LIST_FIRST(&de->ud.td_duphead);
1137 		MPASS(dc->tdc_current != NULL);
1138 	}
1139 
1140 	return (dc->tdc_current);
1141 }
1142 
1143 /* Lookup directory entry in RB-Tree. Function may return duphead entry. */
1144 static struct tmpfs_dirent *
1145 tmpfs_dir_xlookup_hash(struct tmpfs_node *dnode, uint32_t hash)
1146 {
1147 	struct tmpfs_dirent *de, dekey;
1148 
1149 	dekey.td_hash = hash;
1150 	de = RB_FIND(tmpfs_dir, &dnode->tn_dir.tn_dirhead, &dekey);
1151 	return (de);
1152 }
1153 
1154 /* Lookup directory entry by cookie, initialize directory cursor accordingly. */
1155 static struct tmpfs_dirent *
1156 tmpfs_dir_lookup_cookie(struct tmpfs_node *node, off_t cookie,
1157     struct tmpfs_dir_cursor *dc)
1158 {
1159 	struct tmpfs_dir *dirhead = &node->tn_dir.tn_dirhead;
1160 	struct tmpfs_dirent *de, dekey;
1161 
1162 	MPASS(cookie >= TMPFS_DIRCOOKIE_MIN);
1163 
1164 	if (cookie == node->tn_dir.tn_readdir_lastn &&
1165 	    (de = node->tn_dir.tn_readdir_lastp) != NULL) {
1166 		/* Protect against possible race, tn_readdir_last[pn]
1167 		 * may be updated with only shared vnode lock held. */
1168 		if (cookie == tmpfs_dirent_cookie(de))
1169 			goto out;
1170 	}
1171 
1172 	if ((cookie & TMPFS_DIRCOOKIE_DUP) != 0) {
1173 		LIST_FOREACH(de, &node->tn_dir.tn_dupindex,
1174 		    uh.td_dup.index_entries) {
1175 			MPASS(tmpfs_dirent_dup(de));
1176 			if (de->td_cookie == cookie)
1177 				goto out;
1178 			/* dupindex list is sorted. */
1179 			if (de->td_cookie < cookie) {
1180 				de = NULL;
1181 				goto out;
1182 			}
1183 		}
1184 		MPASS(de == NULL);
1185 		goto out;
1186 	}
1187 
1188 	if ((cookie & TMPFS_DIRCOOKIE_MASK) != cookie) {
1189 		de = NULL;
1190 	} else {
1191 		dekey.td_hash = cookie;
1192 		/* Recover if direntry for cookie was removed */
1193 		de = RB_NFIND(tmpfs_dir, dirhead, &dekey);
1194 	}
1195 	dc->tdc_tree = de;
1196 	dc->tdc_current = de;
1197 	if (de != NULL && tmpfs_dirent_duphead(de)) {
1198 		dc->tdc_current = LIST_FIRST(&de->ud.td_duphead);
1199 		MPASS(dc->tdc_current != NULL);
1200 	}
1201 	return (dc->tdc_current);
1202 
1203 out:
1204 	dc->tdc_tree = de;
1205 	dc->tdc_current = de;
1206 	if (de != NULL && tmpfs_dirent_dup(de))
1207 		dc->tdc_tree = tmpfs_dir_xlookup_hash(node,
1208 		    de->td_hash);
1209 	return (dc->tdc_current);
1210 }
1211 
1212 /*
1213  * Looks for a directory entry in the directory represented by node.
1214  * 'cnp' describes the name of the entry to look for.  Note that the .
1215  * and .. components are not allowed as they do not physically exist
1216  * within directories.
1217  *
1218  * Returns a pointer to the entry when found, otherwise NULL.
1219  */
1220 struct tmpfs_dirent *
1221 tmpfs_dir_lookup(struct tmpfs_node *node, struct tmpfs_node *f,
1222     struct componentname *cnp)
1223 {
1224 	struct tmpfs_dir_duphead *duphead;
1225 	struct tmpfs_dirent *de;
1226 	uint32_t hash;
1227 
1228 	MPASS(IMPLIES(cnp->cn_namelen == 1, cnp->cn_nameptr[0] != '.'));
1229 	MPASS(IMPLIES(cnp->cn_namelen == 2, !(cnp->cn_nameptr[0] == '.' &&
1230 	    cnp->cn_nameptr[1] == '.')));
1231 	TMPFS_VALIDATE_DIR(node);
1232 
1233 	hash = tmpfs_dirent_hash(cnp->cn_nameptr, cnp->cn_namelen);
1234 	de = tmpfs_dir_xlookup_hash(node, hash);
1235 	if (de != NULL && tmpfs_dirent_duphead(de)) {
1236 		duphead = &de->ud.td_duphead;
1237 		LIST_FOREACH(de, duphead, uh.td_dup.entries) {
1238 			if (TMPFS_DIRENT_MATCHES(de, cnp->cn_nameptr,
1239 			    cnp->cn_namelen))
1240 				break;
1241 		}
1242 	} else if (de != NULL) {
1243 		if (!TMPFS_DIRENT_MATCHES(de, cnp->cn_nameptr,
1244 		    cnp->cn_namelen))
1245 			de = NULL;
1246 	}
1247 	if (de != NULL && f != NULL && de->td_node != f)
1248 		de = NULL;
1249 
1250 	return (de);
1251 }
1252 
1253 /*
1254  * Attach duplicate-cookie directory entry nde to dnode and insert to dupindex
1255  * list, allocate new cookie value.
1256  */
1257 static void
1258 tmpfs_dir_attach_dup(struct tmpfs_node *dnode,
1259     struct tmpfs_dir_duphead *duphead, struct tmpfs_dirent *nde)
1260 {
1261 	struct tmpfs_dir_duphead *dupindex;
1262 	struct tmpfs_dirent *de, *pde;
1263 
1264 	dupindex = &dnode->tn_dir.tn_dupindex;
1265 	de = LIST_FIRST(dupindex);
1266 	if (de == NULL || de->td_cookie < TMPFS_DIRCOOKIE_DUP_MAX) {
1267 		if (de == NULL)
1268 			nde->td_cookie = TMPFS_DIRCOOKIE_DUP_MIN;
1269 		else
1270 			nde->td_cookie = de->td_cookie + 1;
1271 		MPASS(tmpfs_dirent_dup(nde));
1272 		LIST_INSERT_HEAD(dupindex, nde, uh.td_dup.index_entries);
1273 		LIST_INSERT_HEAD(duphead, nde, uh.td_dup.entries);
1274 		return;
1275 	}
1276 
1277 	/*
1278 	 * Cookie numbers are near exhaustion. Scan dupindex list for unused
1279 	 * numbers. dupindex list is sorted in descending order. Keep it so
1280 	 * after inserting nde.
1281 	 */
1282 	while (1) {
1283 		pde = de;
1284 		de = LIST_NEXT(de, uh.td_dup.index_entries);
1285 		if (de == NULL && pde->td_cookie != TMPFS_DIRCOOKIE_DUP_MIN) {
1286 			/*
1287 			 * Last element of the index doesn't have minimal cookie
1288 			 * value, use it.
1289 			 */
1290 			nde->td_cookie = TMPFS_DIRCOOKIE_DUP_MIN;
1291 			LIST_INSERT_AFTER(pde, nde, uh.td_dup.index_entries);
1292 			LIST_INSERT_HEAD(duphead, nde, uh.td_dup.entries);
1293 			return;
1294 		} else if (de == NULL) {
1295 			/*
1296 			 * We are so lucky have 2^30 hash duplicates in single
1297 			 * directory :) Return largest possible cookie value.
1298 			 * It should be fine except possible issues with
1299 			 * VOP_READDIR restart.
1300 			 */
1301 			nde->td_cookie = TMPFS_DIRCOOKIE_DUP_MAX;
1302 			LIST_INSERT_HEAD(dupindex, nde,
1303 			    uh.td_dup.index_entries);
1304 			LIST_INSERT_HEAD(duphead, nde, uh.td_dup.entries);
1305 			return;
1306 		}
1307 		if (de->td_cookie + 1 == pde->td_cookie ||
1308 		    de->td_cookie >= TMPFS_DIRCOOKIE_DUP_MAX)
1309 			continue;	/* No hole or invalid cookie. */
1310 		nde->td_cookie = de->td_cookie + 1;
1311 		MPASS(tmpfs_dirent_dup(nde));
1312 		MPASS(pde->td_cookie > nde->td_cookie);
1313 		MPASS(nde->td_cookie > de->td_cookie);
1314 		LIST_INSERT_BEFORE(de, nde, uh.td_dup.index_entries);
1315 		LIST_INSERT_HEAD(duphead, nde, uh.td_dup.entries);
1316 		return;
1317 	}
1318 }
1319 
1320 /*
1321  * Attaches the directory entry de to the directory represented by vp.
1322  * Note that this does not change the link count of the node pointed by
1323  * the directory entry, as this is done by tmpfs_alloc_dirent.
1324  */
1325 void
1326 tmpfs_dir_attach(struct vnode *vp, struct tmpfs_dirent *de)
1327 {
1328 	struct tmpfs_node *dnode;
1329 	struct tmpfs_dirent *xde, *nde;
1330 
1331 	ASSERT_VOP_ELOCKED(vp, __func__);
1332 	MPASS(de->td_namelen > 0);
1333 	MPASS(de->td_hash >= TMPFS_DIRCOOKIE_MIN);
1334 	MPASS(de->td_cookie == de->td_hash);
1335 
1336 	dnode = VP_TO_TMPFS_DIR(vp);
1337 	dnode->tn_dir.tn_readdir_lastn = 0;
1338 	dnode->tn_dir.tn_readdir_lastp = NULL;
1339 
1340 	MPASS(!tmpfs_dirent_dup(de));
1341 	xde = RB_INSERT(tmpfs_dir, &dnode->tn_dir.tn_dirhead, de);
1342 	if (xde != NULL && tmpfs_dirent_duphead(xde))
1343 		tmpfs_dir_attach_dup(dnode, &xde->ud.td_duphead, de);
1344 	else if (xde != NULL) {
1345 		/*
1346 		 * Allocate new duphead. Swap xde with duphead to avoid
1347 		 * adding/removing elements with the same hash.
1348 		 */
1349 		MPASS(!tmpfs_dirent_dup(xde));
1350 		tmpfs_alloc_dirent(VFS_TO_TMPFS(vp->v_mount), NULL, NULL, 0,
1351 		    &nde);
1352 		/* *nde = *xde; XXX gcc 4.2.1 may generate invalid code. */
1353 		memcpy(nde, xde, sizeof(*xde));
1354 		xde->td_cookie |= TMPFS_DIRCOOKIE_DUPHEAD;
1355 		LIST_INIT(&xde->ud.td_duphead);
1356 		xde->td_namelen = 0;
1357 		xde->td_node = NULL;
1358 		tmpfs_dir_attach_dup(dnode, &xde->ud.td_duphead, nde);
1359 		tmpfs_dir_attach_dup(dnode, &xde->ud.td_duphead, de);
1360 	}
1361 	dnode->tn_size += sizeof(struct tmpfs_dirent);
1362 	dnode->tn_status |= TMPFS_NODE_CHANGED | TMPFS_NODE_MODIFIED;
1363 	dnode->tn_accessed = true;
1364 	tmpfs_update(vp);
1365 }
1366 
1367 /*
1368  * Detaches the directory entry de from the directory represented by vp.
1369  * Note that this does not change the link count of the node pointed by
1370  * the directory entry, as this is done by tmpfs_free_dirent.
1371  */
1372 void
1373 tmpfs_dir_detach(struct vnode *vp, struct tmpfs_dirent *de)
1374 {
1375 	struct tmpfs_mount *tmp;
1376 	struct tmpfs_dir *head;
1377 	struct tmpfs_node *dnode;
1378 	struct tmpfs_dirent *xde;
1379 
1380 	ASSERT_VOP_ELOCKED(vp, __func__);
1381 
1382 	dnode = VP_TO_TMPFS_DIR(vp);
1383 	head = &dnode->tn_dir.tn_dirhead;
1384 	dnode->tn_dir.tn_readdir_lastn = 0;
1385 	dnode->tn_dir.tn_readdir_lastp = NULL;
1386 
1387 	if (tmpfs_dirent_dup(de)) {
1388 		/* Remove duphead if de was last entry. */
1389 		if (LIST_NEXT(de, uh.td_dup.entries) == NULL) {
1390 			xde = tmpfs_dir_xlookup_hash(dnode, de->td_hash);
1391 			MPASS(tmpfs_dirent_duphead(xde));
1392 		} else
1393 			xde = NULL;
1394 		LIST_REMOVE(de, uh.td_dup.entries);
1395 		LIST_REMOVE(de, uh.td_dup.index_entries);
1396 		if (xde != NULL) {
1397 			if (LIST_EMPTY(&xde->ud.td_duphead)) {
1398 				RB_REMOVE(tmpfs_dir, head, xde);
1399 				tmp = VFS_TO_TMPFS(vp->v_mount);
1400 				MPASS(xde->td_node == NULL);
1401 				tmpfs_free_dirent(tmp, xde);
1402 			}
1403 		}
1404 		de->td_cookie = de->td_hash;
1405 	} else
1406 		RB_REMOVE(tmpfs_dir, head, de);
1407 
1408 	dnode->tn_size -= sizeof(struct tmpfs_dirent);
1409 	dnode->tn_status |= TMPFS_NODE_CHANGED | TMPFS_NODE_MODIFIED;
1410 	dnode->tn_accessed = true;
1411 	tmpfs_update(vp);
1412 }
1413 
1414 void
1415 tmpfs_dir_destroy(struct tmpfs_mount *tmp, struct tmpfs_node *dnode)
1416 {
1417 	struct tmpfs_dirent *de, *dde, *nde;
1418 
1419 	RB_FOREACH_SAFE(de, tmpfs_dir, &dnode->tn_dir.tn_dirhead, nde) {
1420 		RB_REMOVE(tmpfs_dir, &dnode->tn_dir.tn_dirhead, de);
1421 		/* Node may already be destroyed. */
1422 		de->td_node = NULL;
1423 		if (tmpfs_dirent_duphead(de)) {
1424 			while ((dde = LIST_FIRST(&de->ud.td_duphead)) != NULL) {
1425 				LIST_REMOVE(dde, uh.td_dup.entries);
1426 				dde->td_node = NULL;
1427 				tmpfs_free_dirent(tmp, dde);
1428 			}
1429 		}
1430 		tmpfs_free_dirent(tmp, de);
1431 	}
1432 }
1433 
1434 /*
1435  * Helper function for tmpfs_readdir.  Creates a '.' entry for the given
1436  * directory and returns it in the uio space.  The function returns 0
1437  * on success, -1 if there was not enough space in the uio structure to
1438  * hold the directory entry or an appropriate error code if another
1439  * error happens.
1440  */
1441 static int
1442 tmpfs_dir_getdotdent(struct tmpfs_mount *tm, struct tmpfs_node *node,
1443     struct uio *uio)
1444 {
1445 	int error;
1446 	struct dirent dent;
1447 
1448 	TMPFS_VALIDATE_DIR(node);
1449 	MPASS(uio->uio_offset == TMPFS_DIRCOOKIE_DOT);
1450 
1451 	dent.d_fileno = node->tn_id;
1452 	dent.d_off = TMPFS_DIRCOOKIE_DOTDOT;
1453 	dent.d_type = DT_DIR;
1454 	dent.d_namlen = 1;
1455 	dent.d_name[0] = '.';
1456 	dent.d_reclen = GENERIC_DIRSIZ(&dent);
1457 	dirent_terminate(&dent);
1458 
1459 	if (dent.d_reclen > uio->uio_resid)
1460 		error = EJUSTRETURN;
1461 	else
1462 		error = uiomove(&dent, dent.d_reclen, uio);
1463 
1464 	tmpfs_set_accessed(tm, node);
1465 
1466 	return (error);
1467 }
1468 
1469 /*
1470  * Helper function for tmpfs_readdir.  Creates a '..' entry for the given
1471  * directory and returns it in the uio space.  The function returns 0
1472  * on success, -1 if there was not enough space in the uio structure to
1473  * hold the directory entry or an appropriate error code if another
1474  * error happens.
1475  */
1476 static int
1477 tmpfs_dir_getdotdotdent(struct tmpfs_mount *tm, struct tmpfs_node *node,
1478     struct uio *uio, off_t next)
1479 {
1480 	struct tmpfs_node *parent;
1481 	struct dirent dent;
1482 	int error;
1483 
1484 	TMPFS_VALIDATE_DIR(node);
1485 	MPASS(uio->uio_offset == TMPFS_DIRCOOKIE_DOTDOT);
1486 
1487 	/*
1488 	 * Return ENOENT if the current node is already removed.
1489 	 */
1490 	TMPFS_ASSERT_LOCKED(node);
1491 	parent = node->tn_dir.tn_parent;
1492 	if (parent == NULL)
1493 		return (ENOENT);
1494 
1495 	dent.d_fileno = parent->tn_id;
1496 	dent.d_off = next;
1497 	dent.d_type = DT_DIR;
1498 	dent.d_namlen = 2;
1499 	dent.d_name[0] = '.';
1500 	dent.d_name[1] = '.';
1501 	dent.d_reclen = GENERIC_DIRSIZ(&dent);
1502 	dirent_terminate(&dent);
1503 
1504 	if (dent.d_reclen > uio->uio_resid)
1505 		error = EJUSTRETURN;
1506 	else
1507 		error = uiomove(&dent, dent.d_reclen, uio);
1508 
1509 	tmpfs_set_accessed(tm, node);
1510 
1511 	return (error);
1512 }
1513 
1514 /*
1515  * Helper function for tmpfs_readdir.  Returns as much directory entries
1516  * as can fit in the uio space.  The read starts at uio->uio_offset.
1517  * The function returns 0 on success, -1 if there was not enough space
1518  * in the uio structure to hold the directory entry or an appropriate
1519  * error code if another error happens.
1520  */
1521 int
1522 tmpfs_dir_getdents(struct tmpfs_mount *tm, struct tmpfs_node *node,
1523     struct uio *uio, int maxcookies, uint64_t *cookies, int *ncookies)
1524 {
1525 	struct tmpfs_dir_cursor dc;
1526 	struct tmpfs_dirent *de, *nde;
1527 	off_t off;
1528 	int error;
1529 
1530 	TMPFS_VALIDATE_DIR(node);
1531 
1532 	off = 0;
1533 
1534 	/*
1535 	 * Lookup the node from the current offset.  The starting offset of
1536 	 * 0 will lookup both '.' and '..', and then the first real entry,
1537 	 * or EOF if there are none.  Then find all entries for the dir that
1538 	 * fit into the buffer.  Once no more entries are found (de == NULL),
1539 	 * the offset is set to TMPFS_DIRCOOKIE_EOF, which will cause the next
1540 	 * call to return 0.
1541 	 */
1542 	switch (uio->uio_offset) {
1543 	case TMPFS_DIRCOOKIE_DOT:
1544 		error = tmpfs_dir_getdotdent(tm, node, uio);
1545 		if (error != 0)
1546 			return (error);
1547 		uio->uio_offset = off = TMPFS_DIRCOOKIE_DOTDOT;
1548 		if (cookies != NULL)
1549 			cookies[(*ncookies)++] = off;
1550 		/* FALLTHROUGH */
1551 	case TMPFS_DIRCOOKIE_DOTDOT:
1552 		de = tmpfs_dir_first(node, &dc);
1553 		off = tmpfs_dirent_cookie(de);
1554 		error = tmpfs_dir_getdotdotdent(tm, node, uio, off);
1555 		if (error != 0)
1556 			return (error);
1557 		uio->uio_offset = off;
1558 		if (cookies != NULL)
1559 			cookies[(*ncookies)++] = off;
1560 		/* EOF. */
1561 		if (de == NULL)
1562 			return (0);
1563 		break;
1564 	case TMPFS_DIRCOOKIE_EOF:
1565 		return (0);
1566 	default:
1567 		de = tmpfs_dir_lookup_cookie(node, uio->uio_offset, &dc);
1568 		if (de == NULL)
1569 			return (EINVAL);
1570 		if (cookies != NULL)
1571 			off = tmpfs_dirent_cookie(de);
1572 	}
1573 
1574 	/*
1575 	 * Read as much entries as possible; i.e., until we reach the end of the
1576 	 * directory or we exhaust uio space.
1577 	 */
1578 	do {
1579 		struct dirent d;
1580 
1581 		/*
1582 		 * Create a dirent structure representing the current tmpfs_node
1583 		 * and fill it.
1584 		 */
1585 		if (de->td_node == NULL) {
1586 			d.d_fileno = 1;
1587 			d.d_type = DT_WHT;
1588 		} else {
1589 			d.d_fileno = de->td_node->tn_id;
1590 			switch (de->td_node->tn_type) {
1591 			case VBLK:
1592 				d.d_type = DT_BLK;
1593 				break;
1594 
1595 			case VCHR:
1596 				d.d_type = DT_CHR;
1597 				break;
1598 
1599 			case VDIR:
1600 				d.d_type = DT_DIR;
1601 				break;
1602 
1603 			case VFIFO:
1604 				d.d_type = DT_FIFO;
1605 				break;
1606 
1607 			case VLNK:
1608 				d.d_type = DT_LNK;
1609 				break;
1610 
1611 			case VREG:
1612 				d.d_type = DT_REG;
1613 				break;
1614 
1615 			case VSOCK:
1616 				d.d_type = DT_SOCK;
1617 				break;
1618 
1619 			default:
1620 				panic("tmpfs_dir_getdents: type %p %d",
1621 				    de->td_node, (int)de->td_node->tn_type);
1622 			}
1623 		}
1624 		d.d_namlen = de->td_namelen;
1625 		MPASS(de->td_namelen < sizeof(d.d_name));
1626 		(void)memcpy(d.d_name, de->ud.td_name, de->td_namelen);
1627 		d.d_reclen = GENERIC_DIRSIZ(&d);
1628 
1629 		/*
1630 		 * Stop reading if the directory entry we are treating is bigger
1631 		 * than the amount of data that can be returned.
1632 		 */
1633 		if (d.d_reclen > uio->uio_resid) {
1634 			error = EJUSTRETURN;
1635 			break;
1636 		}
1637 
1638 		nde = tmpfs_dir_next(node, &dc);
1639 		d.d_off = tmpfs_dirent_cookie(nde);
1640 		dirent_terminate(&d);
1641 
1642 		/*
1643 		 * Copy the new dirent structure into the output buffer and
1644 		 * advance pointers.
1645 		 */
1646 		error = uiomove(&d, d.d_reclen, uio);
1647 		if (error == 0) {
1648 			de = nde;
1649 			if (cookies != NULL) {
1650 				off = tmpfs_dirent_cookie(de);
1651 				MPASS(*ncookies < maxcookies);
1652 				cookies[(*ncookies)++] = off;
1653 			}
1654 		}
1655 	} while (error == 0 && uio->uio_resid > 0 && de != NULL);
1656 
1657 	/* Skip setting off when using cookies as it is already done above. */
1658 	if (cookies == NULL)
1659 		off = tmpfs_dirent_cookie(de);
1660 
1661 	/* Update the offset and cache. */
1662 	uio->uio_offset = off;
1663 	node->tn_dir.tn_readdir_lastn = off;
1664 	node->tn_dir.tn_readdir_lastp = de;
1665 
1666 	tmpfs_set_accessed(tm, node);
1667 	return (error);
1668 }
1669 
1670 int
1671 tmpfs_dir_whiteout_add(struct vnode *dvp, struct componentname *cnp)
1672 {
1673 	struct tmpfs_dirent *de;
1674 	int error;
1675 
1676 	error = tmpfs_alloc_dirent(VFS_TO_TMPFS(dvp->v_mount), NULL,
1677 	    cnp->cn_nameptr, cnp->cn_namelen, &de);
1678 	if (error != 0)
1679 		return (error);
1680 	tmpfs_dir_attach(dvp, de);
1681 	return (0);
1682 }
1683 
1684 void
1685 tmpfs_dir_whiteout_remove(struct vnode *dvp, struct componentname *cnp)
1686 {
1687 	struct tmpfs_dirent *de;
1688 
1689 	de = tmpfs_dir_lookup(VP_TO_TMPFS_DIR(dvp), NULL, cnp);
1690 	MPASS(de != NULL && de->td_node == NULL);
1691 	tmpfs_dir_detach(dvp, de);
1692 	tmpfs_free_dirent(VFS_TO_TMPFS(dvp->v_mount), de);
1693 }
1694 
1695 /*
1696  * Resizes the aobj associated with the regular file pointed to by 'vp' to the
1697  * size 'newsize'.  'vp' must point to a vnode that represents a regular file.
1698  * 'newsize' must be positive.
1699  *
1700  * Returns zero on success or an appropriate error code on failure.
1701  */
1702 int
1703 tmpfs_reg_resize(struct vnode *vp, off_t newsize, boolean_t ignerr)
1704 {
1705 	struct tmpfs_mount *tmp;
1706 	struct tmpfs_node *node;
1707 	vm_object_t uobj;
1708 	vm_pindex_t idx, newpages, oldpages;
1709 	off_t oldsize;
1710 	int base, error;
1711 
1712 	MPASS(vp->v_type == VREG);
1713 	MPASS(newsize >= 0);
1714 
1715 	node = VP_TO_TMPFS_NODE(vp);
1716 	uobj = node->tn_reg.tn_aobj;
1717 	tmp = VFS_TO_TMPFS(vp->v_mount);
1718 
1719 	/*
1720 	 * Convert the old and new sizes to the number of pages needed to
1721 	 * store them.  It may happen that we do not need to do anything
1722 	 * because the last allocated page can accommodate the change on
1723 	 * its own.
1724 	 */
1725 	oldsize = node->tn_size;
1726 	oldpages = OFF_TO_IDX(oldsize + PAGE_MASK);
1727 	MPASS(oldpages == uobj->size);
1728 	newpages = OFF_TO_IDX(newsize + PAGE_MASK);
1729 
1730 	if (__predict_true(newpages == oldpages && newsize >= oldsize)) {
1731 		node->tn_size = newsize;
1732 		return (0);
1733 	}
1734 
1735 	if (newpages > oldpages &&
1736 	    tmpfs_pages_check_avail(tmp, newpages - oldpages) == 0)
1737 		return (ENOSPC);
1738 
1739 	VM_OBJECT_WLOCK(uobj);
1740 	if (newsize < oldsize) {
1741 		/*
1742 		 * Zero the truncated part of the last page.
1743 		 */
1744 		base = newsize & PAGE_MASK;
1745 		if (base != 0) {
1746 			idx = OFF_TO_IDX(newsize);
1747 			error = tmpfs_partial_page_invalidate(uobj, idx, base,
1748 			    PAGE_SIZE, ignerr);
1749 			if (error != 0) {
1750 				VM_OBJECT_WUNLOCK(uobj);
1751 				return (error);
1752 			}
1753 		}
1754 
1755 		/*
1756 		 * Release any swap space and free any whole pages.
1757 		 */
1758 		if (newpages < oldpages)
1759 			vm_object_page_remove(uobj, newpages, 0, 0);
1760 	}
1761 	uobj->size = newpages;
1762 	VM_OBJECT_WUNLOCK(uobj);
1763 
1764 	atomic_add_long(&tmp->tm_pages_used, newpages - oldpages);
1765 
1766 	node->tn_size = newsize;
1767 	return (0);
1768 }
1769 
1770 /*
1771  * Punch hole in the aobj associated with the regular file pointed to by 'vp'.
1772  * Requests completely beyond the end-of-file are converted to no-op.
1773  *
1774  * Returns 0 on success or error code from tmpfs_partial_page_invalidate() on
1775  * failure.
1776  */
1777 int
1778 tmpfs_reg_punch_hole(struct vnode *vp, off_t *offset, off_t *length)
1779 {
1780 	struct tmpfs_node *node;
1781 	vm_object_t object;
1782 	vm_pindex_t pistart, pi, piend;
1783 	int startofs, endofs, end;
1784 	off_t off, len;
1785 	int error;
1786 
1787 	KASSERT(*length <= OFF_MAX - *offset, ("%s: offset + length overflows",
1788 	    __func__));
1789 	node = VP_TO_TMPFS_NODE(vp);
1790 	KASSERT(node->tn_type == VREG, ("%s: node is not regular file",
1791 	    __func__));
1792 	object = node->tn_reg.tn_aobj;
1793 	off = *offset;
1794 	len = omin(node->tn_size - off, *length);
1795 	startofs = off & PAGE_MASK;
1796 	endofs = (off + len) & PAGE_MASK;
1797 	pistart = OFF_TO_IDX(off);
1798 	piend = OFF_TO_IDX(off + len);
1799 	pi = OFF_TO_IDX((vm_ooffset_t)off + PAGE_MASK);
1800 	error = 0;
1801 
1802 	/* Handle the case when offset is on or beyond file size. */
1803 	if (len <= 0) {
1804 		*length = 0;
1805 		return (0);
1806 	}
1807 
1808 	VM_OBJECT_WLOCK(object);
1809 
1810 	/*
1811 	 * If there is a partial page at the beginning of the hole-punching
1812 	 * request, fill the partial page with zeroes.
1813 	 */
1814 	if (startofs != 0) {
1815 		end = pistart != piend ? PAGE_SIZE : endofs;
1816 		error = tmpfs_partial_page_invalidate(object, pistart, startofs,
1817 		    end, FALSE);
1818 		if (error != 0)
1819 			goto out;
1820 		off += end - startofs;
1821 		len -= end - startofs;
1822 	}
1823 
1824 	/*
1825 	 * Toss away the full pages in the affected area.
1826 	 */
1827 	if (pi < piend) {
1828 		vm_object_page_remove(object, pi, piend, 0);
1829 		off += IDX_TO_OFF(piend - pi);
1830 		len -= IDX_TO_OFF(piend - pi);
1831 	}
1832 
1833 	/*
1834 	 * If there is a partial page at the end of the hole-punching request,
1835 	 * fill the partial page with zeroes.
1836 	 */
1837 	if (endofs != 0 && pistart != piend) {
1838 		error = tmpfs_partial_page_invalidate(object, piend, 0, endofs,
1839 		    FALSE);
1840 		if (error != 0)
1841 			goto out;
1842 		off += endofs;
1843 		len -= endofs;
1844 	}
1845 
1846 out:
1847 	VM_OBJECT_WUNLOCK(object);
1848 	*offset = off;
1849 	*length = len;
1850 	return (error);
1851 }
1852 
1853 void
1854 tmpfs_check_mtime(struct vnode *vp)
1855 {
1856 	struct tmpfs_node *node;
1857 	struct vm_object *obj;
1858 
1859 	ASSERT_VOP_ELOCKED(vp, "check_mtime");
1860 	if (vp->v_type != VREG)
1861 		return;
1862 	obj = vp->v_object;
1863 	KASSERT(obj->type == tmpfs_pager_type &&
1864 	    (obj->flags & (OBJ_SWAP | OBJ_TMPFS)) ==
1865 	    (OBJ_SWAP | OBJ_TMPFS), ("non-tmpfs obj"));
1866 	/* unlocked read */
1867 	if (obj->generation != obj->cleangeneration) {
1868 		VM_OBJECT_WLOCK(obj);
1869 		if (obj->generation != obj->cleangeneration) {
1870 			obj->cleangeneration = obj->generation;
1871 			node = VP_TO_TMPFS_NODE(vp);
1872 			node->tn_status |= TMPFS_NODE_MODIFIED |
1873 			    TMPFS_NODE_CHANGED;
1874 		}
1875 		VM_OBJECT_WUNLOCK(obj);
1876 	}
1877 }
1878 
1879 /*
1880  * Change flags of the given vnode.
1881  * Caller should execute tmpfs_update on vp after a successful execution.
1882  * The vnode must be locked on entry and remain locked on exit.
1883  */
1884 int
1885 tmpfs_chflags(struct vnode *vp, u_long flags, struct ucred *cred,
1886     struct thread *p)
1887 {
1888 	int error;
1889 	struct tmpfs_node *node;
1890 
1891 	ASSERT_VOP_ELOCKED(vp, "chflags");
1892 
1893 	node = VP_TO_TMPFS_NODE(vp);
1894 
1895 	if ((flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | SF_NOUNLINK |
1896 	    UF_APPEND | UF_ARCHIVE | UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP |
1897 	    UF_NOUNLINK | UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE |
1898 	    UF_SPARSE | UF_SYSTEM)) != 0)
1899 		return (EOPNOTSUPP);
1900 
1901 	/* Disallow this operation if the file system is mounted read-only. */
1902 	if (vp->v_mount->mnt_flag & MNT_RDONLY)
1903 		return (EROFS);
1904 
1905 	/*
1906 	 * Callers may only modify the file flags on objects they
1907 	 * have VADMIN rights for.
1908 	 */
1909 	if ((error = VOP_ACCESS(vp, VADMIN, cred, p)))
1910 		return (error);
1911 	/*
1912 	 * Unprivileged processes are not permitted to unset system
1913 	 * flags, or modify flags if any system flags are set.
1914 	 */
1915 	if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
1916 		if (node->tn_flags &
1917 		    (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
1918 			error = securelevel_gt(cred, 0);
1919 			if (error)
1920 				return (error);
1921 		}
1922 	} else {
1923 		if (node->tn_flags &
1924 		    (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
1925 		    ((flags ^ node->tn_flags) & SF_SETTABLE))
1926 			return (EPERM);
1927 	}
1928 	node->tn_flags = flags;
1929 	node->tn_status |= TMPFS_NODE_CHANGED;
1930 
1931 	ASSERT_VOP_ELOCKED(vp, "chflags2");
1932 
1933 	return (0);
1934 }
1935 
1936 /*
1937  * Change access mode on the given vnode.
1938  * Caller should execute tmpfs_update on vp after a successful execution.
1939  * The vnode must be locked on entry and remain locked on exit.
1940  */
1941 int
1942 tmpfs_chmod(struct vnode *vp, mode_t mode, struct ucred *cred, struct thread *p)
1943 {
1944 	int error;
1945 	struct tmpfs_node *node;
1946 	mode_t newmode;
1947 
1948 	ASSERT_VOP_ELOCKED(vp, "chmod");
1949 	ASSERT_VOP_IN_SEQC(vp);
1950 
1951 	node = VP_TO_TMPFS_NODE(vp);
1952 
1953 	/* Disallow this operation if the file system is mounted read-only. */
1954 	if (vp->v_mount->mnt_flag & MNT_RDONLY)
1955 		return (EROFS);
1956 
1957 	/* Immutable or append-only files cannot be modified, either. */
1958 	if (node->tn_flags & (IMMUTABLE | APPEND))
1959 		return (EPERM);
1960 
1961 	/*
1962 	 * To modify the permissions on a file, must possess VADMIN
1963 	 * for that file.
1964 	 */
1965 	if ((error = VOP_ACCESS(vp, VADMIN, cred, p)))
1966 		return (error);
1967 
1968 	/*
1969 	 * Privileged processes may set the sticky bit on non-directories,
1970 	 * as well as set the setgid bit on a file with a group that the
1971 	 * process is not a member of.
1972 	 */
1973 	if (vp->v_type != VDIR && (mode & S_ISTXT)) {
1974 		if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
1975 			return (EFTYPE);
1976 	}
1977 	if (!groupmember(node->tn_gid, cred) && (mode & S_ISGID)) {
1978 		error = priv_check_cred(cred, PRIV_VFS_SETGID);
1979 		if (error)
1980 			return (error);
1981 	}
1982 
1983 	newmode = node->tn_mode & ~ALLPERMS;
1984 	newmode |= mode & ALLPERMS;
1985 	atomic_store_short(&node->tn_mode, newmode);
1986 
1987 	node->tn_status |= TMPFS_NODE_CHANGED;
1988 
1989 	ASSERT_VOP_ELOCKED(vp, "chmod2");
1990 
1991 	return (0);
1992 }
1993 
1994 /*
1995  * Change ownership of the given vnode.  At least one of uid or gid must
1996  * be different than VNOVAL.  If one is set to that value, the attribute
1997  * is unchanged.
1998  * Caller should execute tmpfs_update on vp after a successful execution.
1999  * The vnode must be locked on entry and remain locked on exit.
2000  */
2001 int
2002 tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
2003     struct thread *p)
2004 {
2005 	int error;
2006 	struct tmpfs_node *node;
2007 	uid_t ouid;
2008 	gid_t ogid;
2009 	mode_t newmode;
2010 
2011 	ASSERT_VOP_ELOCKED(vp, "chown");
2012 	ASSERT_VOP_IN_SEQC(vp);
2013 
2014 	node = VP_TO_TMPFS_NODE(vp);
2015 
2016 	/* Assign default values if they are unknown. */
2017 	MPASS(uid != VNOVAL || gid != VNOVAL);
2018 	if (uid == VNOVAL)
2019 		uid = node->tn_uid;
2020 	if (gid == VNOVAL)
2021 		gid = node->tn_gid;
2022 	MPASS(uid != VNOVAL && gid != VNOVAL);
2023 
2024 	/* Disallow this operation if the file system is mounted read-only. */
2025 	if (vp->v_mount->mnt_flag & MNT_RDONLY)
2026 		return (EROFS);
2027 
2028 	/* Immutable or append-only files cannot be modified, either. */
2029 	if (node->tn_flags & (IMMUTABLE | APPEND))
2030 		return (EPERM);
2031 
2032 	/*
2033 	 * To modify the ownership of a file, must possess VADMIN for that
2034 	 * file.
2035 	 */
2036 	if ((error = VOP_ACCESS(vp, VADMIN, cred, p)))
2037 		return (error);
2038 
2039 	/*
2040 	 * To change the owner of a file, or change the group of a file to a
2041 	 * group of which we are not a member, the caller must have
2042 	 * privilege.
2043 	 */
2044 	if ((uid != node->tn_uid ||
2045 	    (gid != node->tn_gid && !groupmember(gid, cred))) &&
2046 	    (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
2047 		return (error);
2048 
2049 	ogid = node->tn_gid;
2050 	ouid = node->tn_uid;
2051 
2052 	node->tn_uid = uid;
2053 	node->tn_gid = gid;
2054 
2055 	node->tn_status |= TMPFS_NODE_CHANGED;
2056 
2057 	if ((node->tn_mode & (S_ISUID | S_ISGID)) && (ouid != uid || ogid != gid)) {
2058 		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) {
2059 			newmode = node->tn_mode & ~(S_ISUID | S_ISGID);
2060 			atomic_store_short(&node->tn_mode, newmode);
2061 		}
2062 	}
2063 
2064 	ASSERT_VOP_ELOCKED(vp, "chown2");
2065 
2066 	return (0);
2067 }
2068 
2069 /*
2070  * Change size of the given vnode.
2071  * Caller should execute tmpfs_update on vp after a successful execution.
2072  * The vnode must be locked on entry and remain locked on exit.
2073  */
2074 int
2075 tmpfs_chsize(struct vnode *vp, u_quad_t size, struct ucred *cred,
2076     struct thread *p)
2077 {
2078 	int error;
2079 	struct tmpfs_node *node;
2080 
2081 	ASSERT_VOP_ELOCKED(vp, "chsize");
2082 
2083 	node = VP_TO_TMPFS_NODE(vp);
2084 
2085 	/* Decide whether this is a valid operation based on the file type. */
2086 	error = 0;
2087 	switch (vp->v_type) {
2088 	case VDIR:
2089 		return (EISDIR);
2090 
2091 	case VREG:
2092 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
2093 			return (EROFS);
2094 		break;
2095 
2096 	case VBLK:
2097 		/* FALLTHROUGH */
2098 	case VCHR:
2099 		/* FALLTHROUGH */
2100 	case VFIFO:
2101 		/*
2102 		 * Allow modifications of special files even if in the file
2103 		 * system is mounted read-only (we are not modifying the
2104 		 * files themselves, but the objects they represent).
2105 		 */
2106 		return (0);
2107 
2108 	default:
2109 		/* Anything else is unsupported. */
2110 		return (EOPNOTSUPP);
2111 	}
2112 
2113 	/* Immutable or append-only files cannot be modified, either. */
2114 	if (node->tn_flags & (IMMUTABLE | APPEND))
2115 		return (EPERM);
2116 
2117 	error = tmpfs_truncate(vp, size);
2118 	/*
2119 	 * tmpfs_truncate will raise the NOTE_EXTEND and NOTE_ATTRIB kevents
2120 	 * for us, as will update tn_status; no need to do that here.
2121 	 */
2122 
2123 	ASSERT_VOP_ELOCKED(vp, "chsize2");
2124 
2125 	return (error);
2126 }
2127 
2128 /*
2129  * Change access and modification times of the given vnode.
2130  * Caller should execute tmpfs_update on vp after a successful execution.
2131  * The vnode must be locked on entry and remain locked on exit.
2132  */
2133 int
2134 tmpfs_chtimes(struct vnode *vp, struct vattr *vap,
2135     struct ucred *cred, struct thread *l)
2136 {
2137 	int error;
2138 	struct tmpfs_node *node;
2139 
2140 	ASSERT_VOP_ELOCKED(vp, "chtimes");
2141 
2142 	node = VP_TO_TMPFS_NODE(vp);
2143 
2144 	/* Disallow this operation if the file system is mounted read-only. */
2145 	if (vp->v_mount->mnt_flag & MNT_RDONLY)
2146 		return (EROFS);
2147 
2148 	/* Immutable or append-only files cannot be modified, either. */
2149 	if (node->tn_flags & (IMMUTABLE | APPEND))
2150 		return (EPERM);
2151 
2152 	error = vn_utimes_perm(vp, vap, cred, l);
2153 	if (error != 0)
2154 		return (error);
2155 
2156 	if (vap->va_atime.tv_sec != VNOVAL)
2157 		node->tn_accessed = true;
2158 
2159 	if (vap->va_mtime.tv_sec != VNOVAL)
2160 		node->tn_status |= TMPFS_NODE_MODIFIED;
2161 
2162 	if (vap->va_birthtime.tv_sec != VNOVAL)
2163 		node->tn_status |= TMPFS_NODE_MODIFIED;
2164 
2165 	tmpfs_itimes(vp, &vap->va_atime, &vap->va_mtime);
2166 
2167 	if (vap->va_birthtime.tv_sec != VNOVAL)
2168 		node->tn_birthtime = vap->va_birthtime;
2169 	ASSERT_VOP_ELOCKED(vp, "chtimes2");
2170 
2171 	return (0);
2172 }
2173 
2174 void
2175 tmpfs_set_status(struct tmpfs_mount *tm, struct tmpfs_node *node, int status)
2176 {
2177 
2178 	if ((node->tn_status & status) == status || tm->tm_ronly)
2179 		return;
2180 	TMPFS_NODE_LOCK(node);
2181 	node->tn_status |= status;
2182 	TMPFS_NODE_UNLOCK(node);
2183 }
2184 
2185 void
2186 tmpfs_set_accessed(struct tmpfs_mount *tm, struct tmpfs_node *node)
2187 {
2188 	if (node->tn_accessed || tm->tm_ronly)
2189 		return;
2190 	atomic_store_8(&node->tn_accessed, true);
2191 }
2192 
2193 /* Sync timestamps */
2194 void
2195 tmpfs_itimes(struct vnode *vp, const struct timespec *acc,
2196     const struct timespec *mod)
2197 {
2198 	struct tmpfs_node *node;
2199 	struct timespec now;
2200 
2201 	ASSERT_VOP_LOCKED(vp, "tmpfs_itimes");
2202 	node = VP_TO_TMPFS_NODE(vp);
2203 
2204 	if (!node->tn_accessed &&
2205 	    (node->tn_status & (TMPFS_NODE_MODIFIED | TMPFS_NODE_CHANGED)) == 0)
2206 		return;
2207 
2208 	vfs_timestamp(&now);
2209 	TMPFS_NODE_LOCK(node);
2210 	if (node->tn_accessed) {
2211 		if (acc == NULL)
2212 			 acc = &now;
2213 		node->tn_atime = *acc;
2214 	}
2215 	if (node->tn_status & TMPFS_NODE_MODIFIED) {
2216 		if (mod == NULL)
2217 			mod = &now;
2218 		node->tn_mtime = *mod;
2219 	}
2220 	if (node->tn_status & TMPFS_NODE_CHANGED)
2221 		node->tn_ctime = now;
2222 	node->tn_status &= ~(TMPFS_NODE_MODIFIED | TMPFS_NODE_CHANGED);
2223 	node->tn_accessed = false;
2224 	TMPFS_NODE_UNLOCK(node);
2225 
2226 	/* XXX: FIX? The entropy here is desirable, but the harvesting may be expensive */
2227 	random_harvest_queue(node, sizeof(*node), RANDOM_FS_ATIME);
2228 }
2229 
2230 int
2231 tmpfs_truncate(struct vnode *vp, off_t length)
2232 {
2233 	int error;
2234 	struct tmpfs_node *node;
2235 
2236 	node = VP_TO_TMPFS_NODE(vp);
2237 
2238 	if (length < 0) {
2239 		error = EINVAL;
2240 		goto out;
2241 	}
2242 
2243 	if (node->tn_size == length) {
2244 		error = 0;
2245 		goto out;
2246 	}
2247 
2248 	if (length > VFS_TO_TMPFS(vp->v_mount)->tm_maxfilesize)
2249 		return (EFBIG);
2250 
2251 	error = tmpfs_reg_resize(vp, length, FALSE);
2252 	if (error == 0)
2253 		node->tn_status |= TMPFS_NODE_CHANGED | TMPFS_NODE_MODIFIED;
2254 
2255 out:
2256 	tmpfs_update(vp);
2257 
2258 	return (error);
2259 }
2260 
2261 static __inline int
2262 tmpfs_dirtree_cmp(struct tmpfs_dirent *a, struct tmpfs_dirent *b)
2263 {
2264 	if (a->td_hash > b->td_hash)
2265 		return (1);
2266 	else if (a->td_hash < b->td_hash)
2267 		return (-1);
2268 	return (0);
2269 }
2270 
2271 RB_GENERATE_STATIC(tmpfs_dir, tmpfs_dirent, uh.td_entries, tmpfs_dirtree_cmp);
2272