xref: /freebsd/sys/fs/tmpfs/tmpfs_vnops.c (revision ec0ea6efa1ad229d75c394c1a9b9cac33af2b1d3)
1 /*	$NetBSD: tmpfs_vnops.c,v 1.39 2007/07/23 15:41:01 jmmv Exp $	*/
2 
3 /*-
4  * SPDX-License-Identifier: BSD-2-Clause-NetBSD
5  *
6  * Copyright (c) 2005, 2006 The NetBSD Foundation, Inc.
7  * All rights reserved.
8  *
9  * This code is derived from software contributed to The NetBSD Foundation
10  * by Julio M. Merino Vidal, developed as part of Google's Summer of Code
11  * 2005 program.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
23  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
26  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 /*
36  * tmpfs vnode interface.
37  */
38 #include <sys/cdefs.h>
39 __FBSDID("$FreeBSD$");
40 
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/dirent.h>
44 #include <sys/fcntl.h>
45 #include <sys/file.h>
46 #include <sys/limits.h>
47 #include <sys/lockf.h>
48 #include <sys/lock.h>
49 #include <sys/mount.h>
50 #include <sys/namei.h>
51 #include <sys/priv.h>
52 #include <sys/proc.h>
53 #include <sys/rwlock.h>
54 #include <sys/sched.h>
55 #include <sys/stat.h>
56 #include <sys/sysctl.h>
57 #include <sys/unistd.h>
58 #include <sys/vnode.h>
59 #include <sys/smr.h>
60 #include <security/audit/audit.h>
61 #include <security/mac/mac_framework.h>
62 
63 #include <vm/vm.h>
64 #include <vm/vm_param.h>
65 #include <vm/vm_object.h>
66 
67 #include <fs/tmpfs/tmpfs_vnops.h>
68 #include <fs/tmpfs/tmpfs.h>
69 
70 SYSCTL_DECL(_vfs_tmpfs);
71 VFS_SMR_DECLARE;
72 
73 static volatile int tmpfs_rename_restarts;
74 SYSCTL_INT(_vfs_tmpfs, OID_AUTO, rename_restarts, CTLFLAG_RD,
75     __DEVOLATILE(int *, &tmpfs_rename_restarts), 0,
76     "Times rename had to restart due to lock contention");
77 
78 static int
79 tmpfs_vn_get_ino_alloc(struct mount *mp, void *arg, int lkflags,
80     struct vnode **rvp)
81 {
82 
83 	return (tmpfs_alloc_vp(mp, arg, lkflags, rvp));
84 }
85 
86 static int
87 tmpfs_lookup1(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp)
88 {
89 	struct tmpfs_dirent *de;
90 	struct tmpfs_node *dnode, *pnode;
91 	struct tmpfs_mount *tm;
92 	int error;
93 
94 	/* Caller assumes responsibility for ensuring access (VEXEC). */
95 	dnode = VP_TO_TMPFS_DIR(dvp);
96 	*vpp = NULLVP;
97 
98 	/* We cannot be requesting the parent directory of the root node. */
99 	MPASS(IMPLIES(dnode->tn_type == VDIR &&
100 	    dnode->tn_dir.tn_parent == dnode,
101 	    !(cnp->cn_flags & ISDOTDOT)));
102 
103 	TMPFS_ASSERT_LOCKED(dnode);
104 	if (dnode->tn_dir.tn_parent == NULL) {
105 		error = ENOENT;
106 		goto out;
107 	}
108 	if (cnp->cn_flags & ISDOTDOT) {
109 		tm = VFS_TO_TMPFS(dvp->v_mount);
110 		pnode = dnode->tn_dir.tn_parent;
111 		tmpfs_ref_node(pnode);
112 		error = vn_vget_ino_gen(dvp, tmpfs_vn_get_ino_alloc,
113 		    pnode, cnp->cn_lkflags, vpp);
114 		tmpfs_free_node(tm, pnode);
115 		if (error != 0)
116 			goto out;
117 	} else if (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') {
118 		VREF(dvp);
119 		*vpp = dvp;
120 		error = 0;
121 	} else {
122 		de = tmpfs_dir_lookup(dnode, NULL, cnp);
123 		if (de != NULL && de->td_node == NULL)
124 			cnp->cn_flags |= ISWHITEOUT;
125 		if (de == NULL || de->td_node == NULL) {
126 			/*
127 			 * The entry was not found in the directory.
128 			 * This is OK if we are creating or renaming an
129 			 * entry and are working on the last component of
130 			 * the path name.
131 			 */
132 			if ((cnp->cn_flags & ISLASTCN) &&
133 			    (cnp->cn_nameiop == CREATE || \
134 			    cnp->cn_nameiop == RENAME ||
135 			    (cnp->cn_nameiop == DELETE &&
136 			    cnp->cn_flags & DOWHITEOUT &&
137 			    cnp->cn_flags & ISWHITEOUT))) {
138 				error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred,
139 				    curthread);
140 				if (error != 0)
141 					goto out;
142 
143 				/*
144 				 * Keep the component name in the buffer for
145 				 * future uses.
146 				 */
147 				cnp->cn_flags |= SAVENAME;
148 
149 				error = EJUSTRETURN;
150 			} else
151 				error = ENOENT;
152 		} else {
153 			struct tmpfs_node *tnode;
154 
155 			/*
156 			 * The entry was found, so get its associated
157 			 * tmpfs_node.
158 			 */
159 			tnode = de->td_node;
160 
161 			/*
162 			 * If we are not at the last path component and
163 			 * found a non-directory or non-link entry (which
164 			 * may itself be pointing to a directory), raise
165 			 * an error.
166 			 */
167 			if ((tnode->tn_type != VDIR &&
168 			    tnode->tn_type != VLNK) &&
169 			    !(cnp->cn_flags & ISLASTCN)) {
170 				error = ENOTDIR;
171 				goto out;
172 			}
173 
174 			/*
175 			 * If we are deleting or renaming the entry, keep
176 			 * track of its tmpfs_dirent so that it can be
177 			 * easily deleted later.
178 			 */
179 			if ((cnp->cn_flags & ISLASTCN) &&
180 			    (cnp->cn_nameiop == DELETE ||
181 			    cnp->cn_nameiop == RENAME)) {
182 				error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred,
183 				    curthread);
184 				if (error != 0)
185 					goto out;
186 
187 				/* Allocate a new vnode on the matching entry. */
188 				error = tmpfs_alloc_vp(dvp->v_mount, tnode,
189 				    cnp->cn_lkflags, vpp);
190 				if (error != 0)
191 					goto out;
192 
193 				if ((dnode->tn_mode & S_ISTXT) &&
194 				  VOP_ACCESS(dvp, VADMIN, cnp->cn_cred,
195 				  curthread) && VOP_ACCESS(*vpp, VADMIN,
196 				  cnp->cn_cred, curthread)) {
197 					error = EPERM;
198 					vput(*vpp);
199 					*vpp = NULL;
200 					goto out;
201 				}
202 				cnp->cn_flags |= SAVENAME;
203 			} else {
204 				error = tmpfs_alloc_vp(dvp->v_mount, tnode,
205 				    cnp->cn_lkflags, vpp);
206 				if (error != 0)
207 					goto out;
208 			}
209 		}
210 	}
211 
212 	/*
213 	 * Store the result of this lookup in the cache.  Avoid this if the
214 	 * request was for creation, as it does not improve timings on
215 	 * emprical tests.
216 	 */
217 	if ((cnp->cn_flags & MAKEENTRY) != 0 && tmpfs_use_nc(dvp))
218 		cache_enter(dvp, *vpp, cnp);
219 
220 out:
221 	/*
222 	 * If there were no errors, *vpp cannot be null and it must be
223 	 * locked.
224 	 */
225 	MPASS(IFF(error == 0, *vpp != NULLVP && VOP_ISLOCKED(*vpp)));
226 
227 	return (error);
228 }
229 
230 static int
231 tmpfs_cached_lookup(struct vop_cachedlookup_args *v)
232 {
233 
234 	return (tmpfs_lookup1(v->a_dvp, v->a_vpp, v->a_cnp));
235 }
236 
237 static int
238 tmpfs_lookup(struct vop_lookup_args *v)
239 {
240 	struct vnode *dvp = v->a_dvp;
241 	struct vnode **vpp = v->a_vpp;
242 	struct componentname *cnp = v->a_cnp;
243 	int error;
244 
245 	/* Check accessibility of requested node as a first step. */
246 	error = vn_dir_check_exec(dvp, cnp);
247 	if (error != 0)
248 		return (error);
249 
250 	return (tmpfs_lookup1(dvp, vpp, cnp));
251 }
252 
253 static int
254 tmpfs_create(struct vop_create_args *v)
255 {
256 	struct vnode *dvp = v->a_dvp;
257 	struct vnode **vpp = v->a_vpp;
258 	struct componentname *cnp = v->a_cnp;
259 	struct vattr *vap = v->a_vap;
260 	int error;
261 
262 	MPASS(vap->va_type == VREG || vap->va_type == VSOCK);
263 
264 	error = tmpfs_alloc_file(dvp, vpp, vap, cnp, NULL);
265 	if (error == 0 && (cnp->cn_flags & MAKEENTRY) != 0 && tmpfs_use_nc(dvp))
266 		cache_enter(dvp, *vpp, cnp);
267 	return (error);
268 }
269 
270 static int
271 tmpfs_mknod(struct vop_mknod_args *v)
272 {
273 	struct vnode *dvp = v->a_dvp;
274 	struct vnode **vpp = v->a_vpp;
275 	struct componentname *cnp = v->a_cnp;
276 	struct vattr *vap = v->a_vap;
277 
278 	if (vap->va_type != VBLK && vap->va_type != VCHR &&
279 	    vap->va_type != VFIFO)
280 		return (EINVAL);
281 
282 	return (tmpfs_alloc_file(dvp, vpp, vap, cnp, NULL));
283 }
284 
285 struct fileops tmpfs_fnops;
286 
287 static int
288 tmpfs_open(struct vop_open_args *v)
289 {
290 	struct vnode *vp;
291 	struct tmpfs_node *node;
292 	struct file *fp;
293 	int error, mode;
294 
295 	vp = v->a_vp;
296 	mode = v->a_mode;
297 	node = VP_TO_TMPFS_NODE(vp);
298 
299 	/*
300 	 * The file is still active but all its names have been removed
301 	 * (e.g. by a "rmdir $(pwd)").  It cannot be opened any more as
302 	 * it is about to die.
303 	 */
304 	if (node->tn_links < 1)
305 		return (ENOENT);
306 
307 	/* If the file is marked append-only, deny write requests. */
308 	if (node->tn_flags & APPEND && (mode & (FWRITE | O_APPEND)) == FWRITE)
309 		error = EPERM;
310 	else {
311 		error = 0;
312 		/* For regular files, the call below is nop. */
313 		KASSERT(vp->v_type != VREG || (node->tn_reg.tn_aobj->flags &
314 		    OBJ_DEAD) == 0, ("dead object"));
315 		vnode_create_vobject(vp, node->tn_size, v->a_td);
316 	}
317 
318 	fp = v->a_fp;
319 	MPASS(fp == NULL || fp->f_data == NULL);
320 	if (error == 0 && fp != NULL && vp->v_type == VREG) {
321 		tmpfs_ref_node(node);
322 		finit_vnode(fp, mode, node, &tmpfs_fnops);
323 	}
324 
325 	return (error);
326 }
327 
328 static int
329 tmpfs_close(struct vop_close_args *v)
330 {
331 	struct vnode *vp = v->a_vp;
332 
333 	/* Update node times. */
334 	tmpfs_update(vp);
335 
336 	return (0);
337 }
338 
339 int
340 tmpfs_fo_close(struct file *fp, struct thread *td)
341 {
342 	struct tmpfs_node *node;
343 
344 	node = fp->f_data;
345 	if (node != NULL) {
346 		MPASS(node->tn_type == VREG);
347 		tmpfs_free_node(node->tn_reg.tn_tmp, node);
348 	}
349 	return (vnops.fo_close(fp, td));
350 }
351 
352 /*
353  * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see
354  * the comment above cache_fplookup for details.
355  */
356 int
357 tmpfs_fplookup_vexec(struct vop_fplookup_vexec_args *v)
358 {
359 	struct vnode *vp;
360 	struct tmpfs_node *node;
361 	struct ucred *cred;
362 	mode_t all_x, mode;
363 
364 	vp = v->a_vp;
365 	node = VP_TO_TMPFS_NODE_SMR(vp);
366 	if (__predict_false(node == NULL))
367 		return (EAGAIN);
368 
369 	all_x = S_IXUSR | S_IXGRP | S_IXOTH;
370 	mode = atomic_load_short(&node->tn_mode);
371 	if (__predict_true((mode & all_x) == all_x))
372 		return (0);
373 
374 	cred = v->a_cred;
375 	return (vaccess_vexec_smr(mode, node->tn_uid, node->tn_gid, cred));
376 }
377 
378 int
379 tmpfs_access(struct vop_access_args *v)
380 {
381 	struct vnode *vp = v->a_vp;
382 	accmode_t accmode = v->a_accmode;
383 	struct ucred *cred = v->a_cred;
384 	mode_t all_x = S_IXUSR | S_IXGRP | S_IXOTH;
385 	int error;
386 	struct tmpfs_node *node;
387 
388 	MPASS(VOP_ISLOCKED(vp));
389 
390 	node = VP_TO_TMPFS_NODE(vp);
391 
392 	/*
393 	 * Common case path lookup.
394 	 */
395 	if (__predict_true(accmode == VEXEC && (node->tn_mode & all_x) == all_x))
396 		return (0);
397 
398 	switch (vp->v_type) {
399 	case VDIR:
400 		/* FALLTHROUGH */
401 	case VLNK:
402 		/* FALLTHROUGH */
403 	case VREG:
404 		if (accmode & VWRITE && vp->v_mount->mnt_flag & MNT_RDONLY) {
405 			error = EROFS;
406 			goto out;
407 		}
408 		break;
409 
410 	case VBLK:
411 		/* FALLTHROUGH */
412 	case VCHR:
413 		/* FALLTHROUGH */
414 	case VSOCK:
415 		/* FALLTHROUGH */
416 	case VFIFO:
417 		break;
418 
419 	default:
420 		error = EINVAL;
421 		goto out;
422 	}
423 
424 	if (accmode & VWRITE && node->tn_flags & IMMUTABLE) {
425 		error = EPERM;
426 		goto out;
427 	}
428 
429 	error = vaccess(vp->v_type, node->tn_mode, node->tn_uid, node->tn_gid,
430 	    accmode, cred);
431 
432 out:
433 	MPASS(VOP_ISLOCKED(vp));
434 
435 	return (error);
436 }
437 
438 int
439 tmpfs_stat(struct vop_stat_args *v)
440 {
441 	struct vnode *vp = v->a_vp;
442 	struct stat *sb = v->a_sb;
443 	vm_object_t obj;
444 	struct tmpfs_node *node;
445 	int error;
446 
447 	node = VP_TO_TMPFS_NODE(vp);
448 
449 	tmpfs_update_getattr(vp);
450 
451 	error = vop_stat_helper_pre(v);
452 	if (__predict_false(error))
453 		return (error);
454 
455 	sb->st_dev = vp->v_mount->mnt_stat.f_fsid.val[0];
456 	sb->st_ino = node->tn_id;
457 	sb->st_mode = node->tn_mode | VTTOIF(vp->v_type);
458 	sb->st_nlink = node->tn_links;
459 	sb->st_uid = node->tn_uid;
460 	sb->st_gid = node->tn_gid;
461 	sb->st_rdev = (vp->v_type == VBLK || vp->v_type == VCHR) ?
462 		node->tn_rdev : NODEV;
463 	sb->st_size = node->tn_size;
464 	sb->st_atim.tv_sec = node->tn_atime.tv_sec;
465 	sb->st_atim.tv_nsec = node->tn_atime.tv_nsec;
466 	sb->st_mtim.tv_sec = node->tn_mtime.tv_sec;
467 	sb->st_mtim.tv_nsec = node->tn_mtime.tv_nsec;
468 	sb->st_ctim.tv_sec = node->tn_ctime.tv_sec;
469 	sb->st_ctim.tv_nsec = node->tn_ctime.tv_nsec;
470 	sb->st_birthtim.tv_sec = node->tn_birthtime.tv_sec;
471 	sb->st_birthtim.tv_nsec = node->tn_birthtime.tv_nsec;
472 	sb->st_blksize = PAGE_SIZE;
473 	sb->st_flags = node->tn_flags;
474 	sb->st_gen = node->tn_gen;
475 	if (vp->v_type == VREG) {
476 		obj = node->tn_reg.tn_aobj;
477 		sb->st_blocks = (u_quad_t)obj->resident_page_count * PAGE_SIZE;
478 	} else
479 		sb->st_blocks = node->tn_size;
480 	sb->st_blocks /= S_BLKSIZE;
481 	return (vop_stat_helper_post(v, error));
482 }
483 
484 int
485 tmpfs_getattr(struct vop_getattr_args *v)
486 {
487 	struct vnode *vp = v->a_vp;
488 	struct vattr *vap = v->a_vap;
489 	vm_object_t obj;
490 	struct tmpfs_node *node;
491 
492 	node = VP_TO_TMPFS_NODE(vp);
493 
494 	tmpfs_update_getattr(vp);
495 
496 	vap->va_type = vp->v_type;
497 	vap->va_mode = node->tn_mode;
498 	vap->va_nlink = node->tn_links;
499 	vap->va_uid = node->tn_uid;
500 	vap->va_gid = node->tn_gid;
501 	vap->va_fsid = vp->v_mount->mnt_stat.f_fsid.val[0];
502 	vap->va_fileid = node->tn_id;
503 	vap->va_size = node->tn_size;
504 	vap->va_blocksize = PAGE_SIZE;
505 	vap->va_atime = node->tn_atime;
506 	vap->va_mtime = node->tn_mtime;
507 	vap->va_ctime = node->tn_ctime;
508 	vap->va_birthtime = node->tn_birthtime;
509 	vap->va_gen = node->tn_gen;
510 	vap->va_flags = node->tn_flags;
511 	vap->va_rdev = (vp->v_type == VBLK || vp->v_type == VCHR) ?
512 		node->tn_rdev : NODEV;
513 	if (vp->v_type == VREG) {
514 		obj = node->tn_reg.tn_aobj;
515 		vap->va_bytes = (u_quad_t)obj->resident_page_count * PAGE_SIZE;
516 	} else
517 		vap->va_bytes = node->tn_size;
518 	vap->va_filerev = 0;
519 
520 	return (0);
521 }
522 
523 int
524 tmpfs_setattr(struct vop_setattr_args *v)
525 {
526 	struct vnode *vp = v->a_vp;
527 	struct vattr *vap = v->a_vap;
528 	struct ucred *cred = v->a_cred;
529 	struct thread *td = curthread;
530 
531 	int error;
532 
533 	MPASS(VOP_ISLOCKED(vp));
534 	ASSERT_VOP_IN_SEQC(vp);
535 
536 	error = 0;
537 
538 	/* Abort if any unsettable attribute is given. */
539 	if (vap->va_type != VNON ||
540 	    vap->va_nlink != VNOVAL ||
541 	    vap->va_fsid != VNOVAL ||
542 	    vap->va_fileid != VNOVAL ||
543 	    vap->va_blocksize != VNOVAL ||
544 	    vap->va_gen != VNOVAL ||
545 	    vap->va_rdev != VNOVAL ||
546 	    vap->va_bytes != VNOVAL)
547 		error = EINVAL;
548 
549 	if (error == 0 && (vap->va_flags != VNOVAL))
550 		error = tmpfs_chflags(vp, vap->va_flags, cred, td);
551 
552 	if (error == 0 && (vap->va_size != VNOVAL))
553 		error = tmpfs_chsize(vp, vap->va_size, cred, td);
554 
555 	if (error == 0 && (vap->va_uid != VNOVAL || vap->va_gid != VNOVAL))
556 		error = tmpfs_chown(vp, vap->va_uid, vap->va_gid, cred, td);
557 
558 	if (error == 0 && (vap->va_mode != (mode_t)VNOVAL))
559 		error = tmpfs_chmod(vp, vap->va_mode, cred, td);
560 
561 	if (error == 0 && ((vap->va_atime.tv_sec != VNOVAL &&
562 	    vap->va_atime.tv_nsec != VNOVAL) ||
563 	    (vap->va_mtime.tv_sec != VNOVAL &&
564 	    vap->va_mtime.tv_nsec != VNOVAL) ||
565 	    (vap->va_birthtime.tv_sec != VNOVAL &&
566 	    vap->va_birthtime.tv_nsec != VNOVAL)))
567 		error = tmpfs_chtimes(vp, vap, cred, td);
568 
569 	/*
570 	 * Update the node times.  We give preference to the error codes
571 	 * generated by this function rather than the ones that may arise
572 	 * from tmpfs_update.
573 	 */
574 	tmpfs_update(vp);
575 
576 	MPASS(VOP_ISLOCKED(vp));
577 
578 	return (error);
579 }
580 
581 static int
582 tmpfs_read(struct vop_read_args *v)
583 {
584 	struct vnode *vp;
585 	struct uio *uio;
586 	struct tmpfs_node *node;
587 
588 	vp = v->a_vp;
589 	if (vp->v_type != VREG)
590 		return (EISDIR);
591 	uio = v->a_uio;
592 	if (uio->uio_offset < 0)
593 		return (EINVAL);
594 	node = VP_TO_TMPFS_NODE(vp);
595 	tmpfs_set_accessed(VFS_TO_TMPFS(vp->v_mount), node);
596 	return (uiomove_object(node->tn_reg.tn_aobj, node->tn_size, uio));
597 }
598 
599 static int
600 tmpfs_read_pgcache(struct vop_read_pgcache_args *v)
601 {
602 	struct vnode *vp;
603 	struct tmpfs_node *node;
604 	vm_object_t object;
605 	off_t size;
606 	int error;
607 
608 	vp = v->a_vp;
609 	VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp);
610 
611 	if (v->a_uio->uio_offset < 0)
612 		return (EINVAL);
613 
614 	error = EJUSTRETURN;
615 	vfs_smr_enter();
616 
617 	node = VP_TO_TMPFS_NODE_SMR(vp);
618 	if (node == NULL)
619 		goto out_smr;
620 	MPASS(node->tn_type == VREG);
621 	MPASS(node->tn_refcount >= 1);
622 	object = node->tn_reg.tn_aobj;
623 	if (object == NULL)
624 		goto out_smr;
625 
626 	MPASS(object->type == tmpfs_pager_type);
627 	MPASS((object->flags & (OBJ_ANON | OBJ_DEAD | OBJ_SWAP)) ==
628 	    OBJ_SWAP);
629 	if (!VN_IS_DOOMED(vp)) {
630 		/* size cannot become shorter due to rangelock. */
631 		size = node->tn_size;
632 		tmpfs_set_accessed(node->tn_reg.tn_tmp, node);
633 		vfs_smr_exit();
634 		error = uiomove_object(object, size, v->a_uio);
635 		return (error);
636 	}
637 out_smr:
638 	vfs_smr_exit();
639 	return (error);
640 }
641 
642 static int
643 tmpfs_write(struct vop_write_args *v)
644 {
645 	struct vnode *vp;
646 	struct uio *uio;
647 	struct tmpfs_node *node;
648 	off_t oldsize;
649 	int error, ioflag;
650 	mode_t newmode;
651 
652 	vp = v->a_vp;
653 	uio = v->a_uio;
654 	ioflag = v->a_ioflag;
655 	error = 0;
656 	node = VP_TO_TMPFS_NODE(vp);
657 	oldsize = node->tn_size;
658 
659 	if (uio->uio_offset < 0 || vp->v_type != VREG)
660 		return (EINVAL);
661 	if (uio->uio_resid == 0)
662 		return (0);
663 	if (ioflag & IO_APPEND)
664 		uio->uio_offset = node->tn_size;
665 	if (uio->uio_offset + uio->uio_resid >
666 	  VFS_TO_TMPFS(vp->v_mount)->tm_maxfilesize)
667 		return (EFBIG);
668 	if (vn_rlimit_fsize(vp, uio, uio->uio_td))
669 		return (EFBIG);
670 	if (uio->uio_offset + uio->uio_resid > node->tn_size) {
671 		error = tmpfs_reg_resize(vp, uio->uio_offset + uio->uio_resid,
672 		    FALSE);
673 		if (error != 0)
674 			goto out;
675 	}
676 
677 	error = uiomove_object(node->tn_reg.tn_aobj, node->tn_size, uio);
678 	node->tn_status |= TMPFS_NODE_MODIFIED | TMPFS_NODE_CHANGED;
679 	node->tn_accessed = true;
680 	if (node->tn_mode & (S_ISUID | S_ISGID)) {
681 		if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID)) {
682 			newmode = node->tn_mode & ~(S_ISUID | S_ISGID);
683 			vn_seqc_write_begin(vp);
684 			atomic_store_short(&node->tn_mode, newmode);
685 			vn_seqc_write_end(vp);
686 		}
687 	}
688 	if (error != 0)
689 		(void)tmpfs_reg_resize(vp, oldsize, TRUE);
690 
691 out:
692 	MPASS(IMPLIES(error == 0, uio->uio_resid == 0));
693 	MPASS(IMPLIES(error != 0, oldsize == node->tn_size));
694 
695 	return (error);
696 }
697 
698 static int
699 tmpfs_deallocate(struct vop_deallocate_args *v)
700 {
701 	return (tmpfs_reg_punch_hole(v->a_vp, v->a_offset, v->a_len));
702 }
703 
704 static int
705 tmpfs_fsync(struct vop_fsync_args *v)
706 {
707 	struct vnode *vp = v->a_vp;
708 
709 	MPASS(VOP_ISLOCKED(vp));
710 
711 	tmpfs_check_mtime(vp);
712 	tmpfs_update(vp);
713 
714 	return (0);
715 }
716 
717 static int
718 tmpfs_remove(struct vop_remove_args *v)
719 {
720 	struct vnode *dvp = v->a_dvp;
721 	struct vnode *vp = v->a_vp;
722 
723 	int error;
724 	struct tmpfs_dirent *de;
725 	struct tmpfs_mount *tmp;
726 	struct tmpfs_node *dnode;
727 	struct tmpfs_node *node;
728 
729 	MPASS(VOP_ISLOCKED(dvp));
730 	MPASS(VOP_ISLOCKED(vp));
731 
732 	if (vp->v_type == VDIR) {
733 		error = EISDIR;
734 		goto out;
735 	}
736 
737 	dnode = VP_TO_TMPFS_DIR(dvp);
738 	node = VP_TO_TMPFS_NODE(vp);
739 	tmp = VFS_TO_TMPFS(vp->v_mount);
740 	de = tmpfs_dir_lookup(dnode, node, v->a_cnp);
741 	MPASS(de != NULL);
742 
743 	/* Files marked as immutable or append-only cannot be deleted. */
744 	if ((node->tn_flags & (IMMUTABLE | APPEND | NOUNLINK)) ||
745 	    (dnode->tn_flags & APPEND)) {
746 		error = EPERM;
747 		goto out;
748 	}
749 
750 	/* Remove the entry from the directory; as it is a file, we do not
751 	 * have to change the number of hard links of the directory. */
752 	tmpfs_dir_detach(dvp, de);
753 	if (v->a_cnp->cn_flags & DOWHITEOUT)
754 		tmpfs_dir_whiteout_add(dvp, v->a_cnp);
755 
756 	/* Free the directory entry we just deleted.  Note that the node
757 	 * referred by it will not be removed until the vnode is really
758 	 * reclaimed. */
759 	tmpfs_free_dirent(tmp, de);
760 
761 	node->tn_status |= TMPFS_NODE_CHANGED;
762 	node->tn_accessed = true;
763 	error = 0;
764 
765 out:
766 	return (error);
767 }
768 
769 static int
770 tmpfs_link(struct vop_link_args *v)
771 {
772 	struct vnode *dvp = v->a_tdvp;
773 	struct vnode *vp = v->a_vp;
774 	struct componentname *cnp = v->a_cnp;
775 
776 	int error;
777 	struct tmpfs_dirent *de;
778 	struct tmpfs_node *node;
779 
780 	MPASS(VOP_ISLOCKED(dvp));
781 	MPASS(cnp->cn_flags & HASBUF);
782 	MPASS(dvp != vp); /* XXX When can this be false? */
783 	node = VP_TO_TMPFS_NODE(vp);
784 
785 	/* Ensure that we do not overflow the maximum number of links imposed
786 	 * by the system. */
787 	MPASS(node->tn_links <= TMPFS_LINK_MAX);
788 	if (node->tn_links == TMPFS_LINK_MAX) {
789 		error = EMLINK;
790 		goto out;
791 	}
792 
793 	/* We cannot create links of files marked immutable or append-only. */
794 	if (node->tn_flags & (IMMUTABLE | APPEND)) {
795 		error = EPERM;
796 		goto out;
797 	}
798 
799 	/* Allocate a new directory entry to represent the node. */
800 	error = tmpfs_alloc_dirent(VFS_TO_TMPFS(vp->v_mount), node,
801 	    cnp->cn_nameptr, cnp->cn_namelen, &de);
802 	if (error != 0)
803 		goto out;
804 
805 	/* Insert the new directory entry into the appropriate directory. */
806 	if (cnp->cn_flags & ISWHITEOUT)
807 		tmpfs_dir_whiteout_remove(dvp, cnp);
808 	tmpfs_dir_attach(dvp, de);
809 
810 	/* vp link count has changed, so update node times. */
811 	node->tn_status |= TMPFS_NODE_CHANGED;
812 	tmpfs_update(vp);
813 
814 	error = 0;
815 
816 out:
817 	return (error);
818 }
819 
820 /*
821  * We acquire all but fdvp locks using non-blocking acquisitions.  If we
822  * fail to acquire any lock in the path we will drop all held locks,
823  * acquire the new lock in a blocking fashion, and then release it and
824  * restart the rename.  This acquire/release step ensures that we do not
825  * spin on a lock waiting for release.  On error release all vnode locks
826  * and decrement references the way tmpfs_rename() would do.
827  */
828 static int
829 tmpfs_rename_relock(struct vnode *fdvp, struct vnode **fvpp,
830     struct vnode *tdvp, struct vnode **tvpp,
831     struct componentname *fcnp, struct componentname *tcnp)
832 {
833 	struct vnode *nvp;
834 	struct mount *mp;
835 	struct tmpfs_dirent *de;
836 	int error, restarts = 0;
837 
838 	VOP_UNLOCK(tdvp);
839 	if (*tvpp != NULL && *tvpp != tdvp)
840 		VOP_UNLOCK(*tvpp);
841 	mp = fdvp->v_mount;
842 
843 relock:
844 	restarts += 1;
845 	error = vn_lock(fdvp, LK_EXCLUSIVE);
846 	if (error)
847 		goto releout;
848 	if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) {
849 		VOP_UNLOCK(fdvp);
850 		error = vn_lock(tdvp, LK_EXCLUSIVE);
851 		if (error)
852 			goto releout;
853 		VOP_UNLOCK(tdvp);
854 		goto relock;
855 	}
856 	/*
857 	 * Re-resolve fvp to be certain it still exists and fetch the
858 	 * correct vnode.
859 	 */
860 	de = tmpfs_dir_lookup(VP_TO_TMPFS_DIR(fdvp), NULL, fcnp);
861 	if (de == NULL) {
862 		VOP_UNLOCK(fdvp);
863 		VOP_UNLOCK(tdvp);
864 		if ((fcnp->cn_flags & ISDOTDOT) != 0 ||
865 		    (fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.'))
866 			error = EINVAL;
867 		else
868 			error = ENOENT;
869 		goto releout;
870 	}
871 	error = tmpfs_alloc_vp(mp, de->td_node, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
872 	if (error != 0) {
873 		VOP_UNLOCK(fdvp);
874 		VOP_UNLOCK(tdvp);
875 		if (error != EBUSY)
876 			goto releout;
877 		error = tmpfs_alloc_vp(mp, de->td_node, LK_EXCLUSIVE, &nvp);
878 		if (error != 0)
879 			goto releout;
880 		VOP_UNLOCK(nvp);
881 		/*
882 		 * Concurrent rename race.
883 		 */
884 		if (nvp == tdvp) {
885 			vrele(nvp);
886 			error = EINVAL;
887 			goto releout;
888 		}
889 		vrele(*fvpp);
890 		*fvpp = nvp;
891 		goto relock;
892 	}
893 	vrele(*fvpp);
894 	*fvpp = nvp;
895 	VOP_UNLOCK(*fvpp);
896 	/*
897 	 * Re-resolve tvp and acquire the vnode lock if present.
898 	 */
899 	de = tmpfs_dir_lookup(VP_TO_TMPFS_DIR(tdvp), NULL, tcnp);
900 	/*
901 	 * If tvp disappeared we just carry on.
902 	 */
903 	if (de == NULL && *tvpp != NULL) {
904 		vrele(*tvpp);
905 		*tvpp = NULL;
906 	}
907 	/*
908 	 * Get the tvp ino if the lookup succeeded.  We may have to restart
909 	 * if the non-blocking acquire fails.
910 	 */
911 	if (de != NULL) {
912 		nvp = NULL;
913 		error = tmpfs_alloc_vp(mp, de->td_node,
914 		    LK_EXCLUSIVE | LK_NOWAIT, &nvp);
915 		if (*tvpp != NULL)
916 			vrele(*tvpp);
917 		*tvpp = nvp;
918 		if (error != 0) {
919 			VOP_UNLOCK(fdvp);
920 			VOP_UNLOCK(tdvp);
921 			if (error != EBUSY)
922 				goto releout;
923 			error = tmpfs_alloc_vp(mp, de->td_node, LK_EXCLUSIVE,
924 			    &nvp);
925 			if (error != 0)
926 				goto releout;
927 			VOP_UNLOCK(nvp);
928 			/*
929 			 * fdvp contains fvp, thus tvp (=fdvp) is not empty.
930 			 */
931 			if (nvp == fdvp) {
932 				error = ENOTEMPTY;
933 				goto releout;
934 			}
935 			goto relock;
936 		}
937 	}
938 	tmpfs_rename_restarts += restarts;
939 
940 	return (0);
941 
942 releout:
943 	vrele(fdvp);
944 	vrele(*fvpp);
945 	vrele(tdvp);
946 	if (*tvpp != NULL)
947 		vrele(*tvpp);
948 	tmpfs_rename_restarts += restarts;
949 
950 	return (error);
951 }
952 
953 static int
954 tmpfs_rename(struct vop_rename_args *v)
955 {
956 	struct vnode *fdvp = v->a_fdvp;
957 	struct vnode *fvp = v->a_fvp;
958 	struct componentname *fcnp = v->a_fcnp;
959 	struct vnode *tdvp = v->a_tdvp;
960 	struct vnode *tvp = v->a_tvp;
961 	struct componentname *tcnp = v->a_tcnp;
962 	char *newname;
963 	struct tmpfs_dirent *de;
964 	struct tmpfs_mount *tmp;
965 	struct tmpfs_node *fdnode;
966 	struct tmpfs_node *fnode;
967 	struct tmpfs_node *tnode;
968 	struct tmpfs_node *tdnode;
969 	int error;
970 	bool want_seqc_end;
971 
972 	MPASS(VOP_ISLOCKED(tdvp));
973 	MPASS(IMPLIES(tvp != NULL, VOP_ISLOCKED(tvp)));
974 	MPASS(fcnp->cn_flags & HASBUF);
975 	MPASS(tcnp->cn_flags & HASBUF);
976 
977 	want_seqc_end = false;
978 
979 	/*
980 	 * Disallow cross-device renames.
981 	 * XXX Why isn't this done by the caller?
982 	 */
983 	if (fvp->v_mount != tdvp->v_mount ||
984 	    (tvp != NULL && fvp->v_mount != tvp->v_mount)) {
985 		error = EXDEV;
986 		goto out;
987 	}
988 
989 	/* If source and target are the same file, there is nothing to do. */
990 	if (fvp == tvp) {
991 		error = 0;
992 		goto out;
993 	}
994 
995 	/*
996 	 * If we need to move the directory between entries, lock the
997 	 * source so that we can safely operate on it.
998 	 */
999 	if (fdvp != tdvp && fdvp != tvp) {
1000 		if (vn_lock(fdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) {
1001 			error = tmpfs_rename_relock(fdvp, &fvp, tdvp, &tvp,
1002 			    fcnp, tcnp);
1003 			if (error != 0)
1004 				return (error);
1005 			ASSERT_VOP_ELOCKED(fdvp,
1006 			    "tmpfs_rename: fdvp not locked");
1007 			ASSERT_VOP_ELOCKED(tdvp,
1008 			    "tmpfs_rename: tdvp not locked");
1009 			if (tvp != NULL)
1010 				ASSERT_VOP_ELOCKED(tvp,
1011 				    "tmpfs_rename: tvp not locked");
1012 			if (fvp == tvp) {
1013 				error = 0;
1014 				goto out_locked;
1015 			}
1016 		}
1017 	}
1018 
1019 	if (tvp != NULL)
1020 		vn_seqc_write_begin(tvp);
1021 	vn_seqc_write_begin(tdvp);
1022 	vn_seqc_write_begin(fvp);
1023 	vn_seqc_write_begin(fdvp);
1024 	want_seqc_end = true;
1025 
1026 	tmp = VFS_TO_TMPFS(tdvp->v_mount);
1027 	tdnode = VP_TO_TMPFS_DIR(tdvp);
1028 	tnode = (tvp == NULL) ? NULL : VP_TO_TMPFS_NODE(tvp);
1029 	fdnode = VP_TO_TMPFS_DIR(fdvp);
1030 	fnode = VP_TO_TMPFS_NODE(fvp);
1031 	de = tmpfs_dir_lookup(fdnode, fnode, fcnp);
1032 
1033 	/*
1034 	 * Entry can disappear before we lock fdvp,
1035 	 * also avoid manipulating '.' and '..' entries.
1036 	 */
1037 	if (de == NULL) {
1038 		if ((fcnp->cn_flags & ISDOTDOT) != 0 ||
1039 		    (fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.'))
1040 			error = EINVAL;
1041 		else
1042 			error = ENOENT;
1043 		goto out_locked;
1044 	}
1045 	MPASS(de->td_node == fnode);
1046 
1047 	/*
1048 	 * If re-naming a directory to another preexisting directory
1049 	 * ensure that the target directory is empty so that its
1050 	 * removal causes no side effects.
1051 	 * Kern_rename guarantees the destination to be a directory
1052 	 * if the source is one.
1053 	 */
1054 	if (tvp != NULL) {
1055 		MPASS(tnode != NULL);
1056 
1057 		if ((tnode->tn_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1058 		    (tdnode->tn_flags & (APPEND | IMMUTABLE))) {
1059 			error = EPERM;
1060 			goto out_locked;
1061 		}
1062 
1063 		if (fnode->tn_type == VDIR && tnode->tn_type == VDIR) {
1064 			if (tnode->tn_size > 0) {
1065 				error = ENOTEMPTY;
1066 				goto out_locked;
1067 			}
1068 		} else if (fnode->tn_type == VDIR && tnode->tn_type != VDIR) {
1069 			error = ENOTDIR;
1070 			goto out_locked;
1071 		} else if (fnode->tn_type != VDIR && tnode->tn_type == VDIR) {
1072 			error = EISDIR;
1073 			goto out_locked;
1074 		} else {
1075 			MPASS(fnode->tn_type != VDIR &&
1076 				tnode->tn_type != VDIR);
1077 		}
1078 	}
1079 
1080 	if ((fnode->tn_flags & (NOUNLINK | IMMUTABLE | APPEND))
1081 	    || (fdnode->tn_flags & (APPEND | IMMUTABLE))) {
1082 		error = EPERM;
1083 		goto out_locked;
1084 	}
1085 
1086 	/*
1087 	 * Ensure that we have enough memory to hold the new name, if it
1088 	 * has to be changed.
1089 	 */
1090 	if (fcnp->cn_namelen != tcnp->cn_namelen ||
1091 	    bcmp(fcnp->cn_nameptr, tcnp->cn_nameptr, fcnp->cn_namelen) != 0) {
1092 		newname = malloc(tcnp->cn_namelen, M_TMPFSNAME, M_WAITOK);
1093 	} else
1094 		newname = NULL;
1095 
1096 	/*
1097 	 * If the node is being moved to another directory, we have to do
1098 	 * the move.
1099 	 */
1100 	if (fdnode != tdnode) {
1101 		/*
1102 		 * In case we are moving a directory, we have to adjust its
1103 		 * parent to point to the new parent.
1104 		 */
1105 		if (de->td_node->tn_type == VDIR) {
1106 			struct tmpfs_node *n;
1107 
1108 			/*
1109 			 * Ensure the target directory is not a child of the
1110 			 * directory being moved.  Otherwise, we'd end up
1111 			 * with stale nodes.
1112 			 */
1113 			n = tdnode;
1114 			/*
1115 			 * TMPFS_LOCK guaranties that no nodes are freed while
1116 			 * traversing the list. Nodes can only be marked as
1117 			 * removed: tn_parent == NULL.
1118 			 */
1119 			TMPFS_LOCK(tmp);
1120 			TMPFS_NODE_LOCK(n);
1121 			while (n != n->tn_dir.tn_parent) {
1122 				struct tmpfs_node *parent;
1123 
1124 				if (n == fnode) {
1125 					TMPFS_NODE_UNLOCK(n);
1126 					TMPFS_UNLOCK(tmp);
1127 					error = EINVAL;
1128 					if (newname != NULL)
1129 						    free(newname, M_TMPFSNAME);
1130 					goto out_locked;
1131 				}
1132 				parent = n->tn_dir.tn_parent;
1133 				TMPFS_NODE_UNLOCK(n);
1134 				if (parent == NULL) {
1135 					n = NULL;
1136 					break;
1137 				}
1138 				TMPFS_NODE_LOCK(parent);
1139 				if (parent->tn_dir.tn_parent == NULL) {
1140 					TMPFS_NODE_UNLOCK(parent);
1141 					n = NULL;
1142 					break;
1143 				}
1144 				n = parent;
1145 			}
1146 			TMPFS_UNLOCK(tmp);
1147 			if (n == NULL) {
1148 				error = EINVAL;
1149 				if (newname != NULL)
1150 					    free(newname, M_TMPFSNAME);
1151 				goto out_locked;
1152 			}
1153 			TMPFS_NODE_UNLOCK(n);
1154 
1155 			/* Adjust the parent pointer. */
1156 			TMPFS_VALIDATE_DIR(fnode);
1157 			TMPFS_NODE_LOCK(de->td_node);
1158 			de->td_node->tn_dir.tn_parent = tdnode;
1159 			TMPFS_NODE_UNLOCK(de->td_node);
1160 
1161 			/*
1162 			 * As a result of changing the target of the '..'
1163 			 * entry, the link count of the source and target
1164 			 * directories has to be adjusted.
1165 			 */
1166 			TMPFS_NODE_LOCK(tdnode);
1167 			TMPFS_ASSERT_LOCKED(tdnode);
1168 			tdnode->tn_links++;
1169 			TMPFS_NODE_UNLOCK(tdnode);
1170 
1171 			TMPFS_NODE_LOCK(fdnode);
1172 			TMPFS_ASSERT_LOCKED(fdnode);
1173 			fdnode->tn_links--;
1174 			TMPFS_NODE_UNLOCK(fdnode);
1175 		}
1176 	}
1177 
1178 	/*
1179 	 * Do the move: just remove the entry from the source directory
1180 	 * and insert it into the target one.
1181 	 */
1182 	tmpfs_dir_detach(fdvp, de);
1183 
1184 	if (fcnp->cn_flags & DOWHITEOUT)
1185 		tmpfs_dir_whiteout_add(fdvp, fcnp);
1186 	if (tcnp->cn_flags & ISWHITEOUT)
1187 		tmpfs_dir_whiteout_remove(tdvp, tcnp);
1188 
1189 	/*
1190 	 * If the name has changed, we need to make it effective by changing
1191 	 * it in the directory entry.
1192 	 */
1193 	if (newname != NULL) {
1194 		MPASS(tcnp->cn_namelen <= MAXNAMLEN);
1195 
1196 		free(de->ud.td_name, M_TMPFSNAME);
1197 		de->ud.td_name = newname;
1198 		tmpfs_dirent_init(de, tcnp->cn_nameptr, tcnp->cn_namelen);
1199 
1200 		fnode->tn_status |= TMPFS_NODE_CHANGED;
1201 		tdnode->tn_status |= TMPFS_NODE_MODIFIED;
1202 	}
1203 
1204 	/*
1205 	 * If we are overwriting an entry, we have to remove the old one
1206 	 * from the target directory.
1207 	 */
1208 	if (tvp != NULL) {
1209 		struct tmpfs_dirent *tde;
1210 
1211 		/* Remove the old entry from the target directory. */
1212 		tde = tmpfs_dir_lookup(tdnode, tnode, tcnp);
1213 		tmpfs_dir_detach(tdvp, tde);
1214 
1215 		/*
1216 		 * Free the directory entry we just deleted.  Note that the
1217 		 * node referred by it will not be removed until the vnode is
1218 		 * really reclaimed.
1219 		 */
1220 		tmpfs_free_dirent(VFS_TO_TMPFS(tvp->v_mount), tde);
1221 	}
1222 
1223 	tmpfs_dir_attach(tdvp, de);
1224 
1225 	if (tmpfs_use_nc(fvp)) {
1226 		cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp);
1227 	}
1228 
1229 	error = 0;
1230 
1231 out_locked:
1232 	if (fdvp != tdvp && fdvp != tvp)
1233 		VOP_UNLOCK(fdvp);
1234 
1235 out:
1236 	if (want_seqc_end) {
1237 		if (tvp != NULL)
1238 			vn_seqc_write_end(tvp);
1239 		vn_seqc_write_end(tdvp);
1240 		vn_seqc_write_end(fvp);
1241 		vn_seqc_write_end(fdvp);
1242 	}
1243 
1244 	/*
1245 	 * Release target nodes.
1246 	 * XXX: I don't understand when tdvp can be the same as tvp, but
1247 	 * other code takes care of this...
1248 	 */
1249 	if (tdvp == tvp)
1250 		vrele(tdvp);
1251 	else
1252 		vput(tdvp);
1253 	if (tvp != NULL)
1254 		vput(tvp);
1255 
1256 	/* Release source nodes. */
1257 	vrele(fdvp);
1258 	vrele(fvp);
1259 
1260 	return (error);
1261 }
1262 
1263 static int
1264 tmpfs_mkdir(struct vop_mkdir_args *v)
1265 {
1266 	struct vnode *dvp = v->a_dvp;
1267 	struct vnode **vpp = v->a_vpp;
1268 	struct componentname *cnp = v->a_cnp;
1269 	struct vattr *vap = v->a_vap;
1270 
1271 	MPASS(vap->va_type == VDIR);
1272 
1273 	return (tmpfs_alloc_file(dvp, vpp, vap, cnp, NULL));
1274 }
1275 
1276 static int
1277 tmpfs_rmdir(struct vop_rmdir_args *v)
1278 {
1279 	struct vnode *dvp = v->a_dvp;
1280 	struct vnode *vp = v->a_vp;
1281 
1282 	int error;
1283 	struct tmpfs_dirent *de;
1284 	struct tmpfs_mount *tmp;
1285 	struct tmpfs_node *dnode;
1286 	struct tmpfs_node *node;
1287 
1288 	MPASS(VOP_ISLOCKED(dvp));
1289 	MPASS(VOP_ISLOCKED(vp));
1290 
1291 	tmp = VFS_TO_TMPFS(dvp->v_mount);
1292 	dnode = VP_TO_TMPFS_DIR(dvp);
1293 	node = VP_TO_TMPFS_DIR(vp);
1294 
1295 	/* Directories with more than two entries ('.' and '..') cannot be
1296 	 * removed. */
1297 	 if (node->tn_size > 0) {
1298 		 error = ENOTEMPTY;
1299 		 goto out;
1300 	 }
1301 
1302 	if ((dnode->tn_flags & APPEND)
1303 	    || (node->tn_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
1304 		error = EPERM;
1305 		goto out;
1306 	}
1307 
1308 	/* This invariant holds only if we are not trying to remove "..".
1309 	  * We checked for that above so this is safe now. */
1310 	MPASS(node->tn_dir.tn_parent == dnode);
1311 
1312 	/* Get the directory entry associated with node (vp).  This was
1313 	 * filled by tmpfs_lookup while looking up the entry. */
1314 	de = tmpfs_dir_lookup(dnode, node, v->a_cnp);
1315 	MPASS(TMPFS_DIRENT_MATCHES(de,
1316 	    v->a_cnp->cn_nameptr,
1317 	    v->a_cnp->cn_namelen));
1318 
1319 	/* Check flags to see if we are allowed to remove the directory. */
1320 	if ((dnode->tn_flags & APPEND) != 0 ||
1321 	    (node->tn_flags & (NOUNLINK | IMMUTABLE | APPEND)) != 0) {
1322 		error = EPERM;
1323 		goto out;
1324 	}
1325 
1326 	/* Detach the directory entry from the directory (dnode). */
1327 	tmpfs_dir_detach(dvp, de);
1328 	if (v->a_cnp->cn_flags & DOWHITEOUT)
1329 		tmpfs_dir_whiteout_add(dvp, v->a_cnp);
1330 
1331 	/* No vnode should be allocated for this entry from this point */
1332 	TMPFS_NODE_LOCK(node);
1333 	node->tn_links--;
1334 	node->tn_dir.tn_parent = NULL;
1335 	node->tn_status |= TMPFS_NODE_CHANGED | TMPFS_NODE_MODIFIED;
1336 	node->tn_accessed = true;
1337 
1338 	TMPFS_NODE_UNLOCK(node);
1339 
1340 	TMPFS_NODE_LOCK(dnode);
1341 	dnode->tn_links--;
1342 	dnode->tn_status |= TMPFS_NODE_CHANGED | TMPFS_NODE_MODIFIED;
1343 	dnode->tn_accessed = true;
1344 	TMPFS_NODE_UNLOCK(dnode);
1345 
1346 	if (tmpfs_use_nc(dvp)) {
1347 		cache_vop_rmdir(dvp, vp);
1348 	}
1349 
1350 	/* Free the directory entry we just deleted.  Note that the node
1351 	 * referred by it will not be removed until the vnode is really
1352 	 * reclaimed. */
1353 	tmpfs_free_dirent(tmp, de);
1354 
1355 	/* Release the deleted vnode (will destroy the node, notify
1356 	 * interested parties and clean it from the cache). */
1357 
1358 	dnode->tn_status |= TMPFS_NODE_CHANGED;
1359 	tmpfs_update(dvp);
1360 
1361 	error = 0;
1362 
1363 out:
1364 	return (error);
1365 }
1366 
1367 static int
1368 tmpfs_symlink(struct vop_symlink_args *v)
1369 {
1370 	struct vnode *dvp = v->a_dvp;
1371 	struct vnode **vpp = v->a_vpp;
1372 	struct componentname *cnp = v->a_cnp;
1373 	struct vattr *vap = v->a_vap;
1374 	const char *target = v->a_target;
1375 
1376 #ifdef notyet /* XXX FreeBSD BUG: kern_symlink is not setting VLNK */
1377 	MPASS(vap->va_type == VLNK);
1378 #else
1379 	vap->va_type = VLNK;
1380 #endif
1381 
1382 	return (tmpfs_alloc_file(dvp, vpp, vap, cnp, target));
1383 }
1384 
1385 static int
1386 tmpfs_readdir(struct vop_readdir_args *va)
1387 {
1388 	struct vnode *vp;
1389 	struct uio *uio;
1390 	struct tmpfs_mount *tm;
1391 	struct tmpfs_node *node;
1392 	uint64_t **cookies;
1393 	int *eofflag, *ncookies;
1394 	ssize_t startresid;
1395 	int error, maxcookies;
1396 
1397 	vp = va->a_vp;
1398 	uio = va->a_uio;
1399 	eofflag = va->a_eofflag;
1400 	cookies = va->a_cookies;
1401 	ncookies = va->a_ncookies;
1402 
1403 	/* This operation only makes sense on directory nodes. */
1404 	if (vp->v_type != VDIR)
1405 		return (ENOTDIR);
1406 
1407 	maxcookies = 0;
1408 	node = VP_TO_TMPFS_DIR(vp);
1409 	tm = VFS_TO_TMPFS(vp->v_mount);
1410 
1411 	startresid = uio->uio_resid;
1412 
1413 	/* Allocate cookies for NFS and compat modules. */
1414 	if (cookies != NULL && ncookies != NULL) {
1415 		maxcookies = howmany(node->tn_size,
1416 		    sizeof(struct tmpfs_dirent)) + 2;
1417 		*cookies = malloc(maxcookies * sizeof(**cookies), M_TEMP,
1418 		    M_WAITOK);
1419 		*ncookies = 0;
1420 	}
1421 
1422 	if (cookies == NULL)
1423 		error = tmpfs_dir_getdents(tm, node, uio, 0, NULL, NULL);
1424 	else
1425 		error = tmpfs_dir_getdents(tm, node, uio, maxcookies, *cookies,
1426 		    ncookies);
1427 
1428 	/* Buffer was filled without hitting EOF. */
1429 	if (error == EJUSTRETURN)
1430 		error = (uio->uio_resid != startresid) ? 0 : EINVAL;
1431 
1432 	if (error != 0 && cookies != NULL && ncookies != NULL) {
1433 		free(*cookies, M_TEMP);
1434 		*cookies = NULL;
1435 		*ncookies = 0;
1436 	}
1437 
1438 	if (eofflag != NULL)
1439 		*eofflag =
1440 		    (error == 0 && uio->uio_offset == TMPFS_DIRCOOKIE_EOF);
1441 
1442 	return (error);
1443 }
1444 
1445 static int
1446 tmpfs_readlink(struct vop_readlink_args *v)
1447 {
1448 	struct vnode *vp = v->a_vp;
1449 	struct uio *uio = v->a_uio;
1450 
1451 	int error;
1452 	struct tmpfs_node *node;
1453 
1454 	MPASS(uio->uio_offset == 0);
1455 	MPASS(vp->v_type == VLNK);
1456 
1457 	node = VP_TO_TMPFS_NODE(vp);
1458 
1459 	error = uiomove(node->tn_link_target, MIN(node->tn_size, uio->uio_resid),
1460 	    uio);
1461 	tmpfs_set_accessed(VFS_TO_TMPFS(vp->v_mount), node);
1462 
1463 	return (error);
1464 }
1465 
1466 /*
1467  * VOP_FPLOOKUP_SYMLINK routines are subject to special circumstances, see
1468  * the comment above cache_fplookup for details.
1469  *
1470  * Check tmpfs_alloc_node for tmpfs-specific synchronisation notes.
1471  */
1472 static int
1473 tmpfs_fplookup_symlink(struct vop_fplookup_symlink_args *v)
1474 {
1475 	struct vnode *vp;
1476 	struct tmpfs_node *node;
1477 	char *symlink;
1478 
1479 	vp = v->a_vp;
1480 	node = VP_TO_TMPFS_NODE_SMR(vp);
1481 	if (__predict_false(node == NULL))
1482 		return (EAGAIN);
1483 	if (!atomic_load_char(&node->tn_link_smr))
1484 		return (EAGAIN);
1485 	symlink = atomic_load_ptr(&node->tn_link_target);
1486 	if (symlink == NULL)
1487 		return (EAGAIN);
1488 
1489 	return (cache_symlink_resolve(v->a_fpl, symlink, node->tn_size));
1490 }
1491 
1492 static int
1493 tmpfs_inactive(struct vop_inactive_args *v)
1494 {
1495 	struct vnode *vp;
1496 	struct tmpfs_node *node;
1497 
1498 	vp = v->a_vp;
1499 	node = VP_TO_TMPFS_NODE(vp);
1500 	if (node->tn_links == 0)
1501 		vrecycle(vp);
1502 	else
1503 		tmpfs_check_mtime(vp);
1504 	return (0);
1505 }
1506 
1507 static int
1508 tmpfs_need_inactive(struct vop_need_inactive_args *ap)
1509 {
1510 	struct vnode *vp;
1511 	struct tmpfs_node *node;
1512 	struct vm_object *obj;
1513 
1514 	vp = ap->a_vp;
1515 	node = VP_TO_TMPFS_NODE(vp);
1516 	if (node->tn_links == 0)
1517 		goto need;
1518 	if (vp->v_type == VREG) {
1519 		obj = vp->v_object;
1520 		if (obj->generation != obj->cleangeneration)
1521 			goto need;
1522 	}
1523 	return (0);
1524 need:
1525 	return (1);
1526 }
1527 
1528 int
1529 tmpfs_reclaim(struct vop_reclaim_args *v)
1530 {
1531 	struct vnode *vp;
1532 	struct tmpfs_mount *tmp;
1533 	struct tmpfs_node *node;
1534 	bool unlock;
1535 
1536 	vp = v->a_vp;
1537 	node = VP_TO_TMPFS_NODE(vp);
1538 	tmp = VFS_TO_TMPFS(vp->v_mount);
1539 
1540 	if (vp->v_type == VREG)
1541 		tmpfs_destroy_vobject(vp, node->tn_reg.tn_aobj);
1542 	vp->v_object = NULL;
1543 
1544 	TMPFS_LOCK(tmp);
1545 	TMPFS_NODE_LOCK(node);
1546 	tmpfs_free_vp(vp);
1547 
1548 	/*
1549 	 * If the node referenced by this vnode was deleted by the user,
1550 	 * we must free its associated data structures (now that the vnode
1551 	 * is being reclaimed).
1552 	 */
1553 	unlock = true;
1554 	if (node->tn_links == 0 &&
1555 	    (node->tn_vpstate & TMPFS_VNODE_ALLOCATING) == 0) {
1556 		node->tn_vpstate = TMPFS_VNODE_DOOMED;
1557 		unlock = !tmpfs_free_node_locked(tmp, node, true);
1558 	}
1559 
1560 	if (unlock) {
1561 		TMPFS_NODE_UNLOCK(node);
1562 		TMPFS_UNLOCK(tmp);
1563 	}
1564 
1565 	MPASS(vp->v_data == NULL);
1566 	return (0);
1567 }
1568 
1569 int
1570 tmpfs_print(struct vop_print_args *v)
1571 {
1572 	struct vnode *vp = v->a_vp;
1573 
1574 	struct tmpfs_node *node;
1575 
1576 	node = VP_TO_TMPFS_NODE(vp);
1577 
1578 	printf("tag VT_TMPFS, tmpfs_node %p, flags 0x%lx, links %jd\n",
1579 	    node, node->tn_flags, (uintmax_t)node->tn_links);
1580 	printf("\tmode 0%o, owner %d, group %d, size %jd, status 0x%x\n",
1581 	    node->tn_mode, node->tn_uid, node->tn_gid,
1582 	    (intmax_t)node->tn_size, node->tn_status);
1583 
1584 	if (vp->v_type == VFIFO)
1585 		fifo_printinfo(vp);
1586 
1587 	printf("\n");
1588 
1589 	return (0);
1590 }
1591 
1592 int
1593 tmpfs_pathconf(struct vop_pathconf_args *v)
1594 {
1595 	struct vnode *vp = v->a_vp;
1596 	int name = v->a_name;
1597 	long *retval = v->a_retval;
1598 
1599 	int error;
1600 
1601 	error = 0;
1602 
1603 	switch (name) {
1604 	case _PC_LINK_MAX:
1605 		*retval = TMPFS_LINK_MAX;
1606 		break;
1607 
1608 	case _PC_SYMLINK_MAX:
1609 		*retval = MAXPATHLEN;
1610 		break;
1611 
1612 	case _PC_NAME_MAX:
1613 		*retval = NAME_MAX;
1614 		break;
1615 
1616 	case _PC_PIPE_BUF:
1617 		if (vp->v_type == VDIR || vp->v_type == VFIFO)
1618 			*retval = PIPE_BUF;
1619 		else
1620 			error = EINVAL;
1621 		break;
1622 
1623 	case _PC_CHOWN_RESTRICTED:
1624 		*retval = 1;
1625 		break;
1626 
1627 	case _PC_NO_TRUNC:
1628 		*retval = 1;
1629 		break;
1630 
1631 	case _PC_SYNC_IO:
1632 		*retval = 1;
1633 		break;
1634 
1635 	case _PC_FILESIZEBITS:
1636 		*retval = 64;
1637 		break;
1638 
1639 	default:
1640 		error = vop_stdpathconf(v);
1641 	}
1642 
1643 	return (error);
1644 }
1645 
1646 static int
1647 tmpfs_vptofh(struct vop_vptofh_args *ap)
1648 /*
1649 vop_vptofh {
1650 	IN struct vnode *a_vp;
1651 	IN struct fid *a_fhp;
1652 };
1653 */
1654 {
1655 	struct tmpfs_fid_data tfd;
1656 	struct tmpfs_node *node;
1657 	struct fid *fhp;
1658 
1659 	node = VP_TO_TMPFS_NODE(ap->a_vp);
1660 	fhp = ap->a_fhp;
1661 	fhp->fid_len = sizeof(tfd);
1662 
1663 	/*
1664 	 * Copy into fid_data from the stack to avoid unaligned pointer use.
1665 	 * See the comment in sys/mount.h on struct fid for details.
1666 	 */
1667 	tfd.tfd_id = node->tn_id;
1668 	tfd.tfd_gen = node->tn_gen;
1669 	memcpy(fhp->fid_data, &tfd, fhp->fid_len);
1670 
1671 	return (0);
1672 }
1673 
1674 static int
1675 tmpfs_whiteout(struct vop_whiteout_args *ap)
1676 {
1677 	struct vnode *dvp = ap->a_dvp;
1678 	struct componentname *cnp = ap->a_cnp;
1679 	struct tmpfs_dirent *de;
1680 
1681 	switch (ap->a_flags) {
1682 	case LOOKUP:
1683 		return (0);
1684 	case CREATE:
1685 		de = tmpfs_dir_lookup(VP_TO_TMPFS_DIR(dvp), NULL, cnp);
1686 		if (de != NULL)
1687 			return (de->td_node == NULL ? 0 : EEXIST);
1688 		return (tmpfs_dir_whiteout_add(dvp, cnp));
1689 	case DELETE:
1690 		tmpfs_dir_whiteout_remove(dvp, cnp);
1691 		return (0);
1692 	default:
1693 		panic("tmpfs_whiteout: unknown op");
1694 	}
1695 }
1696 
1697 static int
1698 tmpfs_vptocnp_dir(struct tmpfs_node *tn, struct tmpfs_node *tnp,
1699     struct tmpfs_dirent **pde)
1700 {
1701 	struct tmpfs_dir_cursor dc;
1702 	struct tmpfs_dirent *de;
1703 
1704 	for (de = tmpfs_dir_first(tnp, &dc); de != NULL;
1705 	     de = tmpfs_dir_next(tnp, &dc)) {
1706 		if (de->td_node == tn) {
1707 			*pde = de;
1708 			return (0);
1709 		}
1710 	}
1711 	return (ENOENT);
1712 }
1713 
1714 static int
1715 tmpfs_vptocnp_fill(struct vnode *vp, struct tmpfs_node *tn,
1716     struct tmpfs_node *tnp, char *buf, size_t *buflen, struct vnode **dvp)
1717 {
1718 	struct tmpfs_dirent *de;
1719 	int error, i;
1720 
1721 	error = vn_vget_ino_gen(vp, tmpfs_vn_get_ino_alloc, tnp, LK_SHARED,
1722 	    dvp);
1723 	if (error != 0)
1724 		return (error);
1725 	error = tmpfs_vptocnp_dir(tn, tnp, &de);
1726 	if (error == 0) {
1727 		i = *buflen;
1728 		i -= de->td_namelen;
1729 		if (i < 0) {
1730 			error = ENOMEM;
1731 		} else {
1732 			bcopy(de->ud.td_name, buf + i, de->td_namelen);
1733 			*buflen = i;
1734 		}
1735 	}
1736 	if (error == 0) {
1737 		if (vp != *dvp)
1738 			VOP_UNLOCK(*dvp);
1739 	} else {
1740 		if (vp != *dvp)
1741 			vput(*dvp);
1742 		else
1743 			vrele(vp);
1744 	}
1745 	return (error);
1746 }
1747 
1748 static int
1749 tmpfs_vptocnp(struct vop_vptocnp_args *ap)
1750 {
1751 	struct vnode *vp, **dvp;
1752 	struct tmpfs_node *tn, *tnp, *tnp1;
1753 	struct tmpfs_dirent *de;
1754 	struct tmpfs_mount *tm;
1755 	char *buf;
1756 	size_t *buflen;
1757 	int error;
1758 
1759 	vp = ap->a_vp;
1760 	dvp = ap->a_vpp;
1761 	buf = ap->a_buf;
1762 	buflen = ap->a_buflen;
1763 
1764 	tm = VFS_TO_TMPFS(vp->v_mount);
1765 	tn = VP_TO_TMPFS_NODE(vp);
1766 	if (tn->tn_type == VDIR) {
1767 		tnp = tn->tn_dir.tn_parent;
1768 		if (tnp == NULL)
1769 			return (ENOENT);
1770 		tmpfs_ref_node(tnp);
1771 		error = tmpfs_vptocnp_fill(vp, tn, tn->tn_dir.tn_parent, buf,
1772 		    buflen, dvp);
1773 		tmpfs_free_node(tm, tnp);
1774 		return (error);
1775 	}
1776 restart:
1777 	TMPFS_LOCK(tm);
1778 restart_locked:
1779 	LIST_FOREACH_SAFE(tnp, &tm->tm_nodes_used, tn_entries, tnp1) {
1780 		if (tnp->tn_type != VDIR)
1781 			continue;
1782 		TMPFS_NODE_LOCK(tnp);
1783 		tmpfs_ref_node(tnp);
1784 
1785 		/*
1786 		 * tn_vnode cannot be instantiated while we hold the
1787 		 * node lock, so the directory cannot be changed while
1788 		 * we iterate over it.  Do this to avoid instantiating
1789 		 * vnode for directories which cannot point to our
1790 		 * node.
1791 		 */
1792 		error = tnp->tn_vnode == NULL ? tmpfs_vptocnp_dir(tn, tnp,
1793 		    &de) : 0;
1794 
1795 		if (error == 0) {
1796 			TMPFS_NODE_UNLOCK(tnp);
1797 			TMPFS_UNLOCK(tm);
1798 			error = tmpfs_vptocnp_fill(vp, tn, tnp, buf, buflen,
1799 			    dvp);
1800 			if (error == 0) {
1801 				tmpfs_free_node(tm, tnp);
1802 				return (0);
1803 			}
1804 			if (VN_IS_DOOMED(vp)) {
1805 				tmpfs_free_node(tm, tnp);
1806 				return (ENOENT);
1807 			}
1808 			TMPFS_LOCK(tm);
1809 			TMPFS_NODE_LOCK(tnp);
1810 		}
1811 		if (tmpfs_free_node_locked(tm, tnp, false)) {
1812 			goto restart;
1813 		} else {
1814 			KASSERT(tnp->tn_refcount > 0,
1815 			    ("node %p refcount zero", tnp));
1816 			if (tnp->tn_attached) {
1817 				tnp1 = LIST_NEXT(tnp, tn_entries);
1818 				TMPFS_NODE_UNLOCK(tnp);
1819 			} else {
1820 				TMPFS_NODE_UNLOCK(tnp);
1821 				goto restart_locked;
1822 			}
1823 		}
1824 	}
1825 	TMPFS_UNLOCK(tm);
1826 	return (ENOENT);
1827 }
1828 
1829 /*
1830  * Vnode operations vector used for files stored in a tmpfs file system.
1831  */
1832 struct vop_vector tmpfs_vnodeop_entries = {
1833 	.vop_default =			&default_vnodeops,
1834 	.vop_lookup =			vfs_cache_lookup,
1835 	.vop_cachedlookup =		tmpfs_cached_lookup,
1836 	.vop_create =			tmpfs_create,
1837 	.vop_mknod =			tmpfs_mknod,
1838 	.vop_open =			tmpfs_open,
1839 	.vop_close =			tmpfs_close,
1840 	.vop_fplookup_vexec =		tmpfs_fplookup_vexec,
1841 	.vop_fplookup_symlink =		tmpfs_fplookup_symlink,
1842 	.vop_access =			tmpfs_access,
1843 	.vop_stat =			tmpfs_stat,
1844 	.vop_getattr =			tmpfs_getattr,
1845 	.vop_setattr =			tmpfs_setattr,
1846 	.vop_read =			tmpfs_read,
1847 	.vop_read_pgcache =		tmpfs_read_pgcache,
1848 	.vop_write =			tmpfs_write,
1849 	.vop_deallocate =		tmpfs_deallocate,
1850 	.vop_fsync =			tmpfs_fsync,
1851 	.vop_remove =			tmpfs_remove,
1852 	.vop_link =			tmpfs_link,
1853 	.vop_rename =			tmpfs_rename,
1854 	.vop_mkdir =			tmpfs_mkdir,
1855 	.vop_rmdir =			tmpfs_rmdir,
1856 	.vop_symlink =			tmpfs_symlink,
1857 	.vop_readdir =			tmpfs_readdir,
1858 	.vop_readlink =			tmpfs_readlink,
1859 	.vop_inactive =			tmpfs_inactive,
1860 	.vop_need_inactive =		tmpfs_need_inactive,
1861 	.vop_reclaim =			tmpfs_reclaim,
1862 	.vop_print =			tmpfs_print,
1863 	.vop_pathconf =			tmpfs_pathconf,
1864 	.vop_vptofh =			tmpfs_vptofh,
1865 	.vop_whiteout =			tmpfs_whiteout,
1866 	.vop_bmap =			VOP_EOPNOTSUPP,
1867 	.vop_vptocnp =			tmpfs_vptocnp,
1868 	.vop_lock1 =			vop_lock,
1869 	.vop_unlock = 			vop_unlock,
1870 	.vop_islocked = 		vop_islocked,
1871 	.vop_add_writecount =		vop_stdadd_writecount_nomsync,
1872 };
1873 VFS_VOP_VECTOR_REGISTER(tmpfs_vnodeop_entries);
1874 
1875 /*
1876  * Same vector for mounts which do not use namecache.
1877  */
1878 struct vop_vector tmpfs_vnodeop_nonc_entries = {
1879 	.vop_default =			&tmpfs_vnodeop_entries,
1880 	.vop_lookup =			tmpfs_lookup,
1881 };
1882 VFS_VOP_VECTOR_REGISTER(tmpfs_vnodeop_nonc_entries);
1883