xref: /freebsd/sys/fs/unionfs/union_subr.c (revision edf8578117e8844e02c0121147f45e4609b30680)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1994 Jan-Simon Pendry
5  * Copyright (c) 1994
6  *	The Regents of the University of California.  All rights reserved.
7  * Copyright (c) 2005, 2006, 2012 Masanori Ozawa <ozawa@ongs.co.jp>, ONGS Inc.
8  * Copyright (c) 2006, 2012 Daichi Goto <daichi@freebsd.org>
9  *
10  * This code is derived from software contributed to Berkeley by
11  * Jan-Simon Pendry.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. Neither the name of the University nor the names of its contributors
22  *    may be used to endorse or promote products derived from this software
23  *    without specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35  * SUCH DAMAGE.
36  *
37  *	@(#)union_subr.c	8.20 (Berkeley) 5/20/95
38  */
39 
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/kernel.h>
43 #include <sys/ktr.h>
44 #include <sys/lock.h>
45 #include <sys/mutex.h>
46 #include <sys/malloc.h>
47 #include <sys/mount.h>
48 #include <sys/namei.h>
49 #include <sys/proc.h>
50 #include <sys/vnode.h>
51 #include <sys/dirent.h>
52 #include <sys/fcntl.h>
53 #include <sys/filedesc.h>
54 #include <sys/stat.h>
55 #include <sys/sysctl.h>
56 #include <sys/taskqueue.h>
57 #include <sys/resourcevar.h>
58 
59 #include <machine/atomic.h>
60 
61 #include <security/mac/mac_framework.h>
62 
63 #include <vm/uma.h>
64 
65 #include <fs/unionfs/union.h>
66 
67 #define NUNIONFSNODECACHE 16
68 #define UNIONFSHASHMASK (NUNIONFSNODECACHE - 1)
69 
70 static MALLOC_DEFINE(M_UNIONFSHASH, "UNIONFS hash", "UNIONFS hash table");
71 MALLOC_DEFINE(M_UNIONFSNODE, "UNIONFS node", "UNIONFS vnode private part");
72 MALLOC_DEFINE(M_UNIONFSPATH, "UNIONFS path", "UNIONFS path private part");
73 
74 static struct task unionfs_deferred_rele_task;
75 static struct mtx unionfs_deferred_rele_lock;
76 static STAILQ_HEAD(, unionfs_node) unionfs_deferred_rele_list =
77     STAILQ_HEAD_INITIALIZER(unionfs_deferred_rele_list);
78 static TASKQUEUE_DEFINE_THREAD(unionfs_rele);
79 
80 unsigned int unionfs_ndeferred = 0;
81 SYSCTL_UINT(_vfs, OID_AUTO, unionfs_ndeferred, CTLFLAG_RD,
82     &unionfs_ndeferred, 0, "unionfs deferred vnode release");
83 
84 static void unionfs_deferred_rele(void *, int);
85 
86 /*
87  * Initialize
88  */
89 int
90 unionfs_init(struct vfsconf *vfsp)
91 {
92 	UNIONFSDEBUG("unionfs_init\n");	/* printed during system boot */
93 	TASK_INIT(&unionfs_deferred_rele_task, 0, unionfs_deferred_rele, NULL);
94 	mtx_init(&unionfs_deferred_rele_lock, "uniondefr", NULL, MTX_DEF);
95 	return (0);
96 }
97 
98 /*
99  * Uninitialize
100  */
101 int
102 unionfs_uninit(struct vfsconf *vfsp)
103 {
104 	taskqueue_quiesce(taskqueue_unionfs_rele);
105 	taskqueue_free(taskqueue_unionfs_rele);
106 	mtx_destroy(&unionfs_deferred_rele_lock);
107 	return (0);
108 }
109 
110 static void
111 unionfs_deferred_rele(void *arg __unused, int pending __unused)
112 {
113 	STAILQ_HEAD(, unionfs_node) local_rele_list;
114 	struct unionfs_node *unp, *tunp;
115 	unsigned int ndeferred;
116 
117 	ndeferred = 0;
118 	STAILQ_INIT(&local_rele_list);
119 	mtx_lock(&unionfs_deferred_rele_lock);
120 	STAILQ_CONCAT(&local_rele_list, &unionfs_deferred_rele_list);
121 	mtx_unlock(&unionfs_deferred_rele_lock);
122 	STAILQ_FOREACH_SAFE(unp, &local_rele_list, un_rele, tunp) {
123 		++ndeferred;
124 		MPASS(unp->un_dvp != NULL);
125 		vrele(unp->un_dvp);
126 		free(unp, M_UNIONFSNODE);
127 	}
128 
129 	/* We expect this function to be single-threaded, thus no atomic */
130 	unionfs_ndeferred += ndeferred;
131 }
132 
133 static struct unionfs_node_hashhead *
134 unionfs_get_hashhead(struct vnode *dvp, struct vnode *lookup)
135 {
136 	struct unionfs_node *unp;
137 
138 	unp = VTOUNIONFS(dvp);
139 
140 	return (&(unp->un_hashtbl[vfs_hash_index(lookup) & UNIONFSHASHMASK]));
141 }
142 
143 /*
144  * Attempt to lookup a cached unionfs vnode by upper/lower vp
145  * from dvp, with dvp's interlock held.
146  */
147 static struct vnode *
148 unionfs_get_cached_vnode_locked(struct vnode *lookup, struct vnode *dvp)
149 {
150 	struct unionfs_node *unp;
151 	struct unionfs_node_hashhead *hd;
152 	struct vnode *vp;
153 
154 	hd = unionfs_get_hashhead(dvp, lookup);
155 
156 	LIST_FOREACH(unp, hd, un_hash) {
157 		if (unp->un_uppervp == lookup ||
158 		    unp->un_lowervp == lookup) {
159 			vp = UNIONFSTOV(unp);
160 			VI_LOCK_FLAGS(vp, MTX_DUPOK);
161 			vp->v_iflag &= ~VI_OWEINACT;
162 			if (VN_IS_DOOMED(vp) ||
163 			    ((vp->v_iflag & VI_DOINGINACT) != 0)) {
164 				VI_UNLOCK(vp);
165 				vp = NULLVP;
166 			} else {
167 				vrefl(vp);
168 				VI_UNLOCK(vp);
169 			}
170 			return (vp);
171 		}
172 	}
173 
174 	return (NULLVP);
175 }
176 
177 
178 /*
179  * Get the cached vnode.
180  */
181 static struct vnode *
182 unionfs_get_cached_vnode(struct vnode *uvp, struct vnode *lvp,
183     struct vnode *dvp)
184 {
185 	struct vnode *vp;
186 
187 	vp = NULLVP;
188 	VI_LOCK(dvp);
189 	if (uvp != NULLVP)
190 		vp = unionfs_get_cached_vnode_locked(uvp, dvp);
191 	else if (lvp != NULLVP)
192 		vp = unionfs_get_cached_vnode_locked(lvp, dvp);
193 	VI_UNLOCK(dvp);
194 
195 	return (vp);
196 }
197 
198 /*
199  * Add the new vnode into cache.
200  */
201 static struct vnode *
202 unionfs_ins_cached_vnode(struct unionfs_node *uncp,
203     struct vnode *dvp)
204 {
205 	struct unionfs_node_hashhead *hd;
206 	struct vnode *vp;
207 
208 	ASSERT_VOP_ELOCKED(uncp->un_uppervp, __func__);
209 	ASSERT_VOP_ELOCKED(uncp->un_lowervp, __func__);
210 	KASSERT(uncp->un_uppervp == NULLVP || uncp->un_uppervp->v_type == VDIR,
211 	    ("%s: v_type != VDIR", __func__));
212 	KASSERT(uncp->un_lowervp == NULLVP || uncp->un_lowervp->v_type == VDIR,
213 	    ("%s: v_type != VDIR", __func__));
214 
215 	vp = NULLVP;
216 	VI_LOCK(dvp);
217 	if (uncp->un_uppervp != NULL)
218 		vp = unionfs_get_cached_vnode_locked(uncp->un_uppervp, dvp);
219 	else if (uncp->un_lowervp != NULL)
220 		vp = unionfs_get_cached_vnode_locked(uncp->un_lowervp, dvp);
221 	if (vp == NULLVP) {
222 		hd = unionfs_get_hashhead(dvp, (uncp->un_uppervp != NULLVP ?
223 		    uncp->un_uppervp : uncp->un_lowervp));
224 		LIST_INSERT_HEAD(hd, uncp, un_hash);
225 	}
226 	VI_UNLOCK(dvp);
227 
228 	return (vp);
229 }
230 
231 /*
232  * Remove the vnode.
233  */
234 static void
235 unionfs_rem_cached_vnode(struct unionfs_node *unp, struct vnode *dvp)
236 {
237 	KASSERT(unp != NULL, ("%s: null node", __func__));
238 	KASSERT(dvp != NULLVP,
239 	    ("%s: null parent vnode", __func__));
240 
241 	VI_LOCK(dvp);
242 	if (unp->un_hash.le_prev != NULL) {
243 		LIST_REMOVE(unp, un_hash);
244 		unp->un_hash.le_next = NULL;
245 		unp->un_hash.le_prev = NULL;
246 	}
247 	VI_UNLOCK(dvp);
248 }
249 
250 /*
251  * Common cleanup handling for unionfs_nodeget
252  * Upper, lower, and parent directory vnodes are expected to be referenced by
253  * the caller.  Upper and lower vnodes, if non-NULL, are also expected to be
254  * exclusively locked by the caller.
255  * This function will return with the caller's locks and references undone.
256  */
257 static void
258 unionfs_nodeget_cleanup(struct vnode *vp, struct unionfs_node *unp)
259 {
260 
261 	/*
262 	 * Lock and reset the default vnode lock; vgone() expects a locked
263 	 * vnode, and we're going to reset the vnode ops.
264 	 */
265 	lockmgr(&vp->v_lock, LK_EXCLUSIVE, NULL);
266 
267 	/*
268 	 * Clear out private data and reset the vnode ops to avoid use of
269 	 * unionfs vnode ops on a partially constructed vnode.
270 	 */
271 	VI_LOCK(vp);
272 	vp->v_data = NULL;
273 	vp->v_vnlock = &vp->v_lock;
274 	vp->v_op = &dead_vnodeops;
275 	VI_UNLOCK(vp);
276 	vgone(vp);
277 	vput(vp);
278 
279 	if (unp->un_dvp != NULLVP)
280 		vrele(unp->un_dvp);
281 	if (unp->un_uppervp != NULLVP)
282 		vput(unp->un_uppervp);
283 	if (unp->un_lowervp != NULLVP)
284 		vput(unp->un_lowervp);
285 	if (unp->un_hashtbl != NULL)
286 		hashdestroy(unp->un_hashtbl, M_UNIONFSHASH, UNIONFSHASHMASK);
287 	free(unp->un_path, M_UNIONFSPATH);
288 	free(unp, M_UNIONFSNODE);
289 }
290 
291 /*
292  * Make a new or get existing unionfs node.
293  *
294  * uppervp and lowervp should be unlocked. Because if new unionfs vnode is
295  * locked, uppervp or lowervp is locked too. In order to prevent dead lock,
296  * you should not lock plurality simultaneously.
297  */
298 int
299 unionfs_nodeget(struct mount *mp, struct vnode *uppervp,
300     struct vnode *lowervp, struct vnode *dvp, struct vnode **vpp,
301     struct componentname *cnp)
302 {
303 	char	       *path;
304 	struct unionfs_mount *ump;
305 	struct unionfs_node *unp;
306 	struct vnode   *vp;
307 	u_long		hashmask;
308 	int		error;
309 	int		lkflags;
310 	__enum_uint8(vtype)	vt;
311 
312 	error = 0;
313 	ump = MOUNTTOUNIONFSMOUNT(mp);
314 	lkflags = (cnp ? cnp->cn_lkflags : 0);
315 	path = (cnp ? cnp->cn_nameptr : NULL);
316 	*vpp = NULLVP;
317 
318 	if (uppervp == NULLVP && lowervp == NULLVP)
319 		panic("%s: upper and lower is null", __func__);
320 
321 	vt = (uppervp != NULLVP ? uppervp->v_type : lowervp->v_type);
322 
323 	/* If it has no ISLASTCN flag, path check is skipped. */
324 	if (cnp && !(cnp->cn_flags & ISLASTCN))
325 		path = NULL;
326 
327 	/* check the cache */
328 	if (dvp != NULLVP && vt == VDIR) {
329 		vp = unionfs_get_cached_vnode(uppervp, lowervp, dvp);
330 		if (vp != NULLVP) {
331 			*vpp = vp;
332 			goto unionfs_nodeget_out;
333 		}
334 	}
335 
336 	unp = malloc(sizeof(struct unionfs_node),
337 	    M_UNIONFSNODE, M_WAITOK | M_ZERO);
338 
339 	error = getnewvnode("unionfs", mp, &unionfs_vnodeops, &vp);
340 	if (error != 0) {
341 		free(unp, M_UNIONFSNODE);
342 		return (error);
343 	}
344 	if (dvp != NULLVP)
345 		vref(dvp);
346 	if (uppervp != NULLVP)
347 		vref(uppervp);
348 	if (lowervp != NULLVP)
349 		vref(lowervp);
350 
351 	if (vt == VDIR) {
352 		unp->un_hashtbl = hashinit(NUNIONFSNODECACHE, M_UNIONFSHASH,
353 		    &hashmask);
354 		KASSERT(hashmask == UNIONFSHASHMASK,
355 		    ("unexpected unionfs hash mask 0x%lx", hashmask));
356 	}
357 
358 	unp->un_vnode = vp;
359 	unp->un_uppervp = uppervp;
360 	unp->un_lowervp = lowervp;
361 	unp->un_dvp = dvp;
362 	if (uppervp != NULLVP)
363 		vp->v_vnlock = uppervp->v_vnlock;
364 	else
365 		vp->v_vnlock = lowervp->v_vnlock;
366 
367 	if (path != NULL) {
368 		unp->un_path = malloc(cnp->cn_namelen + 1,
369 		    M_UNIONFSPATH, M_WAITOK | M_ZERO);
370 		bcopy(cnp->cn_nameptr, unp->un_path, cnp->cn_namelen);
371 		unp->un_path[cnp->cn_namelen] = '\0';
372 		unp->un_pathlen = cnp->cn_namelen;
373 	}
374 	vp->v_type = vt;
375 	vp->v_data = unp;
376 
377 	/*
378 	 * TODO: This is an imperfect check, as there's no guarantee that
379 	 * the underlying filesystems will always return vnode pointers
380 	 * for the root inodes that match our cached values.  To reduce
381 	 * the likelihood of failure, for example in the case where either
382 	 * vnode has been forcibly doomed, we check both pointers and set
383 	 * VV_ROOT if either matches.
384 	 */
385 	if (ump->um_uppervp == uppervp || ump->um_lowervp == lowervp)
386 		vp->v_vflag |= VV_ROOT;
387 	KASSERT(dvp != NULL || (vp->v_vflag & VV_ROOT) != 0,
388 	    ("%s: NULL dvp for non-root vp %p", __func__, vp));
389 
390 	vn_lock_pair(lowervp, false, LK_EXCLUSIVE, uppervp, false,
391 	    LK_EXCLUSIVE);
392 	error = insmntque1(vp, mp);
393 	if (error != 0) {
394 		unionfs_nodeget_cleanup(vp, unp);
395 		return (error);
396 	}
397 	if (lowervp != NULL && VN_IS_DOOMED(lowervp)) {
398 		vput(lowervp);
399 		unp->un_lowervp = lowervp = NULL;
400 	}
401 	if (uppervp != NULL && VN_IS_DOOMED(uppervp)) {
402 		vput(uppervp);
403 		unp->un_uppervp = uppervp = NULL;
404 		if (lowervp != NULLVP)
405 			vp->v_vnlock = lowervp->v_vnlock;
406 	}
407 	if (lowervp == NULL && uppervp == NULL) {
408 		unionfs_nodeget_cleanup(vp, unp);
409 		return (ENOENT);
410 	}
411 
412 	vn_set_state(vp, VSTATE_CONSTRUCTED);
413 
414 	if (dvp != NULLVP && vt == VDIR)
415 		*vpp = unionfs_ins_cached_vnode(unp, dvp);
416 	if (*vpp != NULLVP) {
417 		unionfs_nodeget_cleanup(vp, unp);
418 		vp = *vpp;
419 	} else {
420 		if (uppervp != NULL)
421 			VOP_UNLOCK(uppervp);
422 		if (lowervp != NULL)
423 			VOP_UNLOCK(lowervp);
424 		*vpp = vp;
425 	}
426 
427 unionfs_nodeget_out:
428 	if (lkflags & LK_TYPE_MASK)
429 		vn_lock(vp, lkflags | LK_RETRY);
430 
431 	return (0);
432 }
433 
434 /*
435  * Clean up the unionfs node.
436  */
437 void
438 unionfs_noderem(struct vnode *vp)
439 {
440 	struct unionfs_node *unp, *unp_t1, *unp_t2;
441 	struct unionfs_node_hashhead *hd;
442 	struct unionfs_node_status *unsp, *unsp_tmp;
443 	struct vnode   *lvp;
444 	struct vnode   *uvp;
445 	struct vnode   *dvp;
446 	int		count;
447 	int		writerefs;
448 
449 	/*
450 	 * The root vnode lock may be recursed during unmount, because
451 	 * it may share the same lock as the unionfs mount's covered vnode,
452 	 * which is locked across VFS_UNMOUNT().  This lock will then be
453 	 * recursively taken during the vflush() issued by unionfs_unmount().
454 	 * But we still only need to lock the unionfs lock once, because only
455 	 * one of those lock operations was taken against a unionfs vnode and
456 	 * will be undone against a unionfs vnode.
457 	 */
458 	KASSERT(vp->v_vnlock->lk_recurse == 0 || (vp->v_vflag & VV_ROOT) != 0,
459 	    ("%s: vnode %p locked recursively", __func__, vp));
460 	if (lockmgr(&vp->v_lock, LK_EXCLUSIVE | LK_NOWAIT, NULL) != 0)
461 		panic("%s: failed to acquire lock for vnode lock", __func__);
462 
463 	/*
464 	 * Use the interlock to protect the clearing of v_data to
465 	 * prevent faults in unionfs_lock().
466 	 */
467 	VI_LOCK(vp);
468 	unp = VTOUNIONFS(vp);
469 	lvp = unp->un_lowervp;
470 	uvp = unp->un_uppervp;
471 	dvp = unp->un_dvp;
472 	unp->un_lowervp = unp->un_uppervp = NULLVP;
473 	vp->v_vnlock = &(vp->v_lock);
474 	vp->v_data = NULL;
475 	vp->v_object = NULL;
476 	if (unp->un_hashtbl != NULL) {
477 		/*
478 		 * Clear out any cached child vnodes.  This should only
479 		 * be necessary during forced unmount, when the vnode may
480 		 * be reclaimed with a non-zero use count.  Otherwise the
481 		 * reference held by each child should prevent reclamation.
482 		 */
483 		for (count = 0; count <= UNIONFSHASHMASK; count++) {
484 			hd = unp->un_hashtbl + count;
485 			LIST_FOREACH_SAFE(unp_t1, hd, un_hash, unp_t2) {
486 				LIST_REMOVE(unp_t1, un_hash);
487 				unp_t1->un_hash.le_next = NULL;
488 				unp_t1->un_hash.le_prev = NULL;
489 			}
490 		}
491 	}
492 	VI_UNLOCK(vp);
493 
494 	writerefs = atomic_load_int(&vp->v_writecount);
495 	VNASSERT(writerefs >= 0, vp,
496 	    ("%s: write count %d, unexpected text ref", __func__, writerefs));
497 	/*
498 	 * If we were opened for write, we leased the write reference
499 	 * to the lower vnode.  If this is a reclamation due to the
500 	 * forced unmount, undo the reference now.
501 	 */
502 	if (writerefs > 0) {
503 		VNASSERT(uvp != NULL, vp,
504 		    ("%s: write reference without upper vnode", __func__));
505 		VOP_ADD_WRITECOUNT(uvp, -writerefs);
506 	}
507 	if (lvp != NULLVP)
508 		VOP_UNLOCK(lvp);
509 	if (uvp != NULLVP)
510 		VOP_UNLOCK(uvp);
511 
512 	if (dvp != NULLVP)
513 		unionfs_rem_cached_vnode(unp, dvp);
514 
515 	if (lvp != NULLVP)
516 		vrele(lvp);
517 	if (uvp != NULLVP)
518 		vrele(uvp);
519 	if (unp->un_path != NULL) {
520 		free(unp->un_path, M_UNIONFSPATH);
521 		unp->un_path = NULL;
522 		unp->un_pathlen = 0;
523 	}
524 
525 	if (unp->un_hashtbl != NULL) {
526 		hashdestroy(unp->un_hashtbl, M_UNIONFSHASH, UNIONFSHASHMASK);
527 	}
528 
529 	LIST_FOREACH_SAFE(unsp, &(unp->un_unshead), uns_list, unsp_tmp) {
530 		LIST_REMOVE(unsp, uns_list);
531 		free(unsp, M_TEMP);
532 	}
533 	if (dvp != NULLVP) {
534 		mtx_lock(&unionfs_deferred_rele_lock);
535 		STAILQ_INSERT_TAIL(&unionfs_deferred_rele_list, unp, un_rele);
536 		mtx_unlock(&unionfs_deferred_rele_lock);
537 		taskqueue_enqueue(taskqueue_unionfs_rele,
538 		    &unionfs_deferred_rele_task);
539 	} else
540 		free(unp, M_UNIONFSNODE);
541 }
542 
543 /*
544  * Get the unionfs node status object for the vnode corresponding to unp,
545  * for the process that owns td.  Allocate a new status object if one
546  * does not already exist.
547  */
548 void
549 unionfs_get_node_status(struct unionfs_node *unp, struct thread *td,
550     struct unionfs_node_status **unspp)
551 {
552 	struct unionfs_node_status *unsp;
553 	pid_t pid;
554 
555 	pid = td->td_proc->p_pid;
556 
557 	KASSERT(NULL != unspp, ("%s: NULL status", __func__));
558 	ASSERT_VOP_ELOCKED(UNIONFSTOV(unp), __func__);
559 
560 	LIST_FOREACH(unsp, &(unp->un_unshead), uns_list) {
561 		if (unsp->uns_pid == pid) {
562 			*unspp = unsp;
563 			return;
564 		}
565 	}
566 
567 	/* create a new unionfs node status */
568 	unsp = malloc(sizeof(struct unionfs_node_status),
569 	    M_TEMP, M_WAITOK | M_ZERO);
570 
571 	unsp->uns_pid = pid;
572 	LIST_INSERT_HEAD(&(unp->un_unshead), unsp, uns_list);
573 
574 	*unspp = unsp;
575 }
576 
577 /*
578  * Remove the unionfs node status, if you can.
579  * You need exclusive lock this vnode.
580  */
581 void
582 unionfs_tryrem_node_status(struct unionfs_node *unp,
583     struct unionfs_node_status *unsp)
584 {
585 	KASSERT(NULL != unsp, ("%s: NULL status", __func__));
586 	ASSERT_VOP_ELOCKED(UNIONFSTOV(unp), __func__);
587 
588 	if (0 < unsp->uns_lower_opencnt || 0 < unsp->uns_upper_opencnt)
589 		return;
590 
591 	LIST_REMOVE(unsp, uns_list);
592 	free(unsp, M_TEMP);
593 }
594 
595 /*
596  * Create upper node attr.
597  */
598 void
599 unionfs_create_uppervattr_core(struct unionfs_mount *ump, struct vattr *lva,
600     struct vattr *uva, struct thread *td)
601 {
602 	VATTR_NULL(uva);
603 	uva->va_type = lva->va_type;
604 	uva->va_atime = lva->va_atime;
605 	uva->va_mtime = lva->va_mtime;
606 	uva->va_ctime = lva->va_ctime;
607 
608 	switch (ump->um_copymode) {
609 	case UNIONFS_TRANSPARENT:
610 		uva->va_mode = lva->va_mode;
611 		uva->va_uid = lva->va_uid;
612 		uva->va_gid = lva->va_gid;
613 		break;
614 	case UNIONFS_MASQUERADE:
615 		if (ump->um_uid == lva->va_uid) {
616 			uva->va_mode = lva->va_mode & 077077;
617 			uva->va_mode |= (lva->va_type == VDIR ?
618 			    ump->um_udir : ump->um_ufile) & 0700;
619 			uva->va_uid = lva->va_uid;
620 			uva->va_gid = lva->va_gid;
621 		} else {
622 			uva->va_mode = (lva->va_type == VDIR ?
623 			    ump->um_udir : ump->um_ufile);
624 			uva->va_uid = ump->um_uid;
625 			uva->va_gid = ump->um_gid;
626 		}
627 		break;
628 	default:		/* UNIONFS_TRADITIONAL */
629 		uva->va_mode = 0777 & ~td->td_proc->p_pd->pd_cmask;
630 		uva->va_uid = ump->um_uid;
631 		uva->va_gid = ump->um_gid;
632 		break;
633 	}
634 }
635 
636 /*
637  * Create upper node attr.
638  */
639 int
640 unionfs_create_uppervattr(struct unionfs_mount *ump, struct vnode *lvp,
641     struct vattr *uva, struct ucred *cred, struct thread *td)
642 {
643 	struct vattr	lva;
644 	int		error;
645 
646 	if ((error = VOP_GETATTR(lvp, &lva, cred)))
647 		return (error);
648 
649 	unionfs_create_uppervattr_core(ump, &lva, uva, td);
650 
651 	return (error);
652 }
653 
654 /*
655  * relookup
656  *
657  * dvp should be locked on entry and will be locked on return.
658  *
659  * If an error is returned, *vpp will be invalid, otherwise it will hold a
660  * locked, referenced vnode. If *vpp == dvp then remember that only one
661  * LK_EXCLUSIVE lock is held.
662  */
663 int
664 unionfs_relookup(struct vnode *dvp, struct vnode **vpp,
665     struct componentname *cnp, struct componentname *cn, struct thread *td,
666     char *path, int pathlen, u_long nameiop)
667 {
668 	int error;
669 	bool refstart;
670 
671 	cn->cn_namelen = pathlen;
672 	cn->cn_pnbuf = path;
673 	cn->cn_nameiop = nameiop;
674 	cn->cn_flags = (LOCKPARENT | LOCKLEAF | ISLASTCN);
675 	cn->cn_lkflags = LK_EXCLUSIVE;
676 	cn->cn_cred = cnp->cn_cred;
677 	cn->cn_nameptr = cn->cn_pnbuf;
678 
679 	refstart = false;
680 	if (nameiop == DELETE) {
681 		cn->cn_flags |= (cnp->cn_flags & DOWHITEOUT);
682 	} else if (nameiop == RENAME) {
683 		refstart = true;
684 	} else if (nameiop == CREATE) {
685 		cn->cn_flags |= NOCACHE;
686 	}
687 
688 	vref(dvp);
689 	VOP_UNLOCK(dvp);
690 
691 	if ((error = vfs_relookup(dvp, vpp, cn, refstart))) {
692 		vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY);
693 	} else
694 		vrele(dvp);
695 
696 	KASSERT(cn->cn_pnbuf == path, ("%s: cn_pnbuf changed", __func__));
697 
698 	return (error);
699 }
700 
701 /*
702  * relookup for CREATE namei operation.
703  *
704  * dvp is unionfs vnode. dvp should be locked.
705  *
706  * If it called 'unionfs_copyfile' function by unionfs_link etc,
707  * VOP_LOOKUP information is broken.
708  * So it need relookup in order to create link etc.
709  */
710 int
711 unionfs_relookup_for_create(struct vnode *dvp, struct componentname *cnp,
712     struct thread *td)
713 {
714 	struct vnode *udvp;
715 	struct vnode *vp;
716 	struct componentname cn;
717 	int error;
718 
719 	udvp = UNIONFSVPTOUPPERVP(dvp);
720 	vp = NULLVP;
721 
722 	error = unionfs_relookup(udvp, &vp, cnp, &cn, td, cnp->cn_nameptr,
723 	    cnp->cn_namelen, CREATE);
724 	if (error)
725 		return (error);
726 
727 	if (vp != NULLVP) {
728 		if (udvp == vp)
729 			vrele(vp);
730 		else
731 			vput(vp);
732 
733 		error = EEXIST;
734 	}
735 
736 	return (error);
737 }
738 
739 /*
740  * relookup for DELETE namei operation.
741  *
742  * dvp is unionfs vnode. dvp should be locked.
743  */
744 int
745 unionfs_relookup_for_delete(struct vnode *dvp, struct componentname *cnp,
746     struct thread *td)
747 {
748 	struct vnode *udvp;
749 	struct vnode *vp;
750 	struct componentname cn;
751 	int error;
752 
753 	udvp = UNIONFSVPTOUPPERVP(dvp);
754 	vp = NULLVP;
755 
756 	error = unionfs_relookup(udvp, &vp, cnp, &cn, td, cnp->cn_nameptr,
757 	    cnp->cn_namelen, DELETE);
758 	if (error)
759 		return (error);
760 
761 	if (vp == NULLVP)
762 		error = ENOENT;
763 	else {
764 		if (udvp == vp)
765 			vrele(vp);
766 		else
767 			vput(vp);
768 	}
769 
770 	return (error);
771 }
772 
773 /*
774  * relookup for RENAME namei operation.
775  *
776  * dvp is unionfs vnode. dvp should be locked.
777  */
778 int
779 unionfs_relookup_for_rename(struct vnode *dvp, struct componentname *cnp,
780     struct thread *td)
781 {
782 	struct vnode *udvp;
783 	struct vnode *vp;
784 	struct componentname cn;
785 	int error;
786 
787 	udvp = UNIONFSVPTOUPPERVP(dvp);
788 	vp = NULLVP;
789 
790 	error = unionfs_relookup(udvp, &vp, cnp, &cn, td, cnp->cn_nameptr,
791 	    cnp->cn_namelen, RENAME);
792 	if (error)
793 		return (error);
794 
795 	if (vp != NULLVP) {
796 		if (udvp == vp)
797 			vrele(vp);
798 		else
799 			vput(vp);
800 	}
801 
802 	return (error);
803 }
804 
805 /*
806  * Update the unionfs_node.
807  *
808  * uvp is new locked upper vnode. unionfs vnode's lock will be exchanged to the
809  * uvp's lock and lower's lock will be unlocked.
810  */
811 static void
812 unionfs_node_update(struct unionfs_node *unp, struct vnode *uvp,
813     struct thread *td)
814 {
815 	struct unionfs_node_hashhead *hd;
816 	struct vnode   *vp;
817 	struct vnode   *lvp;
818 	struct vnode   *dvp;
819 	unsigned	count, lockrec;
820 
821 	vp = UNIONFSTOV(unp);
822 	lvp = unp->un_lowervp;
823 	ASSERT_VOP_ELOCKED(lvp, __func__);
824 	ASSERT_VOP_ELOCKED(uvp, __func__);
825 	dvp = unp->un_dvp;
826 
827 	VNASSERT(vp->v_writecount == 0, vp,
828 	    ("%s: non-zero writecount", __func__));
829 	/*
830 	 * Update the upper vnode's lock state to match the lower vnode,
831 	 * and then switch the unionfs vnode's lock to the upper vnode.
832 	 */
833 	lockrec = lvp->v_vnlock->lk_recurse;
834 	for (count = 0; count < lockrec; count++)
835 		vn_lock(uvp, LK_EXCLUSIVE | LK_CANRECURSE | LK_RETRY);
836 	VI_LOCK(vp);
837 	unp->un_uppervp = uvp;
838 	vp->v_vnlock = uvp->v_vnlock;
839 	VI_UNLOCK(vp);
840 
841 	/*
842 	 * Re-cache the unionfs vnode against the upper vnode
843 	 */
844 	if (dvp != NULLVP && vp->v_type == VDIR) {
845 		VI_LOCK(dvp);
846 		if (unp->un_hash.le_prev != NULL) {
847 			LIST_REMOVE(unp, un_hash);
848 			hd = unionfs_get_hashhead(dvp, uvp);
849 			LIST_INSERT_HEAD(hd, unp, un_hash);
850 		}
851 		VI_UNLOCK(unp->un_dvp);
852 	}
853 }
854 
855 /*
856  * Create a new shadow dir.
857  *
858  * udvp should be locked on entry and will be locked on return.
859  *
860  * If no error returned, unp will be updated.
861  */
862 int
863 unionfs_mkshadowdir(struct unionfs_mount *ump, struct vnode *udvp,
864     struct unionfs_node *unp, struct componentname *cnp, struct thread *td)
865 {
866 	struct vnode   *lvp;
867 	struct vnode   *uvp;
868 	struct vattr	va;
869 	struct vattr	lva;
870 	struct nameidata nd;
871 	struct mount   *mp;
872 	struct ucred   *cred;
873 	struct ucred   *credbk;
874 	struct uidinfo *rootinfo;
875 	int		error;
876 
877 	if (unp->un_uppervp != NULLVP)
878 		return (EEXIST);
879 
880 	lvp = unp->un_lowervp;
881 	uvp = NULLVP;
882 	credbk = cnp->cn_cred;
883 
884 	/* Authority change to root */
885 	rootinfo = uifind((uid_t)0);
886 	cred = crdup(cnp->cn_cred);
887 	/*
888 	 * The calls to chgproccnt() are needed to compensate for change_ruid()
889 	 * calling chgproccnt().
890 	 */
891 	chgproccnt(cred->cr_ruidinfo, 1, 0);
892 	change_euid(cred, rootinfo);
893 	change_ruid(cred, rootinfo);
894 	change_svuid(cred, (uid_t)0);
895 	uifree(rootinfo);
896 	cnp->cn_cred = cred;
897 
898 	memset(&nd.ni_cnd, 0, sizeof(struct componentname));
899 	NDPREINIT(&nd);
900 
901 	if ((error = VOP_GETATTR(lvp, &lva, cnp->cn_cred)))
902 		goto unionfs_mkshadowdir_abort;
903 
904 	if ((error = unionfs_relookup(udvp, &uvp, cnp, &nd.ni_cnd, td,
905 	    cnp->cn_nameptr, cnp->cn_namelen, CREATE)))
906 		goto unionfs_mkshadowdir_abort;
907 	if (uvp != NULLVP) {
908 		if (udvp == uvp)
909 			vrele(uvp);
910 		else
911 			vput(uvp);
912 
913 		error = EEXIST;
914 		goto unionfs_mkshadowdir_abort;
915 	}
916 
917 	if ((error = vn_start_write(udvp, &mp, V_WAIT | V_PCATCH)))
918 		goto unionfs_mkshadowdir_abort;
919 	unionfs_create_uppervattr_core(ump, &lva, &va, td);
920 
921 	error = VOP_MKDIR(udvp, &uvp, &nd.ni_cnd, &va);
922 
923 	if (!error) {
924 		unionfs_node_update(unp, uvp, td);
925 
926 		/*
927 		 * XXX The bug which cannot set uid/gid was corrected.
928 		 * Ignore errors.
929 		 */
930 		va.va_type = VNON;
931 		VOP_SETATTR(uvp, &va, nd.ni_cnd.cn_cred);
932 	}
933 	vn_finished_write(mp);
934 
935 unionfs_mkshadowdir_abort:
936 	cnp->cn_cred = credbk;
937 	chgproccnt(cred->cr_ruidinfo, -1, 0);
938 	crfree(cred);
939 
940 	return (error);
941 }
942 
943 /*
944  * Create a new whiteout.
945  *
946  * dvp should be locked on entry and will be locked on return.
947  */
948 int
949 unionfs_mkwhiteout(struct vnode *dvp, struct componentname *cnp,
950     struct thread *td, char *path, int pathlen)
951 {
952 	struct vnode   *wvp;
953 	struct nameidata nd;
954 	struct mount   *mp;
955 	int		error;
956 
957 	wvp = NULLVP;
958 	NDPREINIT(&nd);
959 	if ((error = unionfs_relookup(dvp, &wvp, cnp, &nd.ni_cnd, td, path,
960 	    pathlen, CREATE))) {
961 		return (error);
962 	}
963 	if (wvp != NULLVP) {
964 		if (dvp == wvp)
965 			vrele(wvp);
966 		else
967 			vput(wvp);
968 
969 		return (EEXIST);
970 	}
971 
972 	if ((error = vn_start_write(dvp, &mp, V_WAIT | V_PCATCH)))
973 		goto unionfs_mkwhiteout_free_out;
974 	error = VOP_WHITEOUT(dvp, &nd.ni_cnd, CREATE);
975 
976 	vn_finished_write(mp);
977 
978 unionfs_mkwhiteout_free_out:
979 	return (error);
980 }
981 
982 /*
983  * Create a new vnode for create a new shadow file.
984  *
985  * If an error is returned, *vpp will be invalid, otherwise it will hold a
986  * locked, referenced and opened vnode.
987  *
988  * unp is never updated.
989  */
990 static int
991 unionfs_vn_create_on_upper(struct vnode **vpp, struct vnode *udvp,
992     struct unionfs_node *unp, struct vattr *uvap, struct thread *td)
993 {
994 	struct unionfs_mount *ump;
995 	struct vnode   *vp;
996 	struct vnode   *lvp;
997 	struct ucred   *cred;
998 	struct vattr	lva;
999 	struct nameidata nd;
1000 	int		fmode;
1001 	int		error;
1002 
1003 	ump = MOUNTTOUNIONFSMOUNT(UNIONFSTOV(unp)->v_mount);
1004 	vp = NULLVP;
1005 	lvp = unp->un_lowervp;
1006 	cred = td->td_ucred;
1007 	fmode = FFLAGS(O_WRONLY | O_CREAT | O_TRUNC | O_EXCL);
1008 	error = 0;
1009 
1010 	if ((error = VOP_GETATTR(lvp, &lva, cred)) != 0)
1011 		return (error);
1012 	unionfs_create_uppervattr_core(ump, &lva, uvap, td);
1013 
1014 	if (unp->un_path == NULL)
1015 		panic("%s: NULL un_path", __func__);
1016 
1017 	nd.ni_cnd.cn_namelen = unp->un_pathlen;
1018 	nd.ni_cnd.cn_pnbuf = unp->un_path;
1019 	nd.ni_cnd.cn_nameiop = CREATE;
1020 	nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | ISLASTCN;
1021 	nd.ni_cnd.cn_lkflags = LK_EXCLUSIVE;
1022 	nd.ni_cnd.cn_cred = cred;
1023 	nd.ni_cnd.cn_nameptr = nd.ni_cnd.cn_pnbuf;
1024 	NDPREINIT(&nd);
1025 
1026 	vref(udvp);
1027 	if ((error = vfs_relookup(udvp, &vp, &nd.ni_cnd, false)) != 0)
1028 		goto unionfs_vn_create_on_upper_free_out2;
1029 	vrele(udvp);
1030 
1031 	if (vp != NULLVP) {
1032 		if (vp == udvp)
1033 			vrele(vp);
1034 		else
1035 			vput(vp);
1036 		error = EEXIST;
1037 		goto unionfs_vn_create_on_upper_free_out1;
1038 	}
1039 
1040 	if ((error = VOP_CREATE(udvp, &vp, &nd.ni_cnd, uvap)) != 0)
1041 		goto unionfs_vn_create_on_upper_free_out1;
1042 
1043 	if ((error = VOP_OPEN(vp, fmode, cred, td, NULL)) != 0) {
1044 		vput(vp);
1045 		goto unionfs_vn_create_on_upper_free_out1;
1046 	}
1047 	error = VOP_ADD_WRITECOUNT(vp, 1);
1048 	CTR3(KTR_VFS, "%s: vp %p v_writecount increased to %d",
1049 	    __func__, vp, vp->v_writecount);
1050 	if (error == 0) {
1051 		*vpp = vp;
1052 	} else {
1053 		VOP_CLOSE(vp, fmode, cred, td);
1054 	}
1055 
1056 unionfs_vn_create_on_upper_free_out1:
1057 	VOP_UNLOCK(udvp);
1058 
1059 unionfs_vn_create_on_upper_free_out2:
1060 	KASSERT(nd.ni_cnd.cn_pnbuf == unp->un_path,
1061 	    ("%s: cn_pnbuf changed", __func__));
1062 
1063 	return (error);
1064 }
1065 
1066 /*
1067  * Copy from lvp to uvp.
1068  *
1069  * lvp and uvp should be locked and opened on entry and will be locked and
1070  * opened on return.
1071  */
1072 static int
1073 unionfs_copyfile_core(struct vnode *lvp, struct vnode *uvp,
1074     struct ucred *cred, struct thread *td)
1075 {
1076 	char           *buf;
1077 	struct uio	uio;
1078 	struct iovec	iov;
1079 	off_t		offset;
1080 	int		count;
1081 	int		error;
1082 	int		bufoffset;
1083 
1084 	error = 0;
1085 	memset(&uio, 0, sizeof(uio));
1086 
1087 	uio.uio_td = td;
1088 	uio.uio_segflg = UIO_SYSSPACE;
1089 	uio.uio_offset = 0;
1090 
1091 	buf = malloc(MAXBSIZE, M_TEMP, M_WAITOK);
1092 
1093 	while (error == 0) {
1094 		offset = uio.uio_offset;
1095 
1096 		uio.uio_iov = &iov;
1097 		uio.uio_iovcnt = 1;
1098 		iov.iov_base = buf;
1099 		iov.iov_len = MAXBSIZE;
1100 		uio.uio_resid = iov.iov_len;
1101 		uio.uio_rw = UIO_READ;
1102 
1103 		if ((error = VOP_READ(lvp, &uio, 0, cred)) != 0)
1104 			break;
1105 		if ((count = MAXBSIZE - uio.uio_resid) == 0)
1106 			break;
1107 
1108 		bufoffset = 0;
1109 		while (bufoffset < count) {
1110 			uio.uio_iov = &iov;
1111 			uio.uio_iovcnt = 1;
1112 			iov.iov_base = buf + bufoffset;
1113 			iov.iov_len = count - bufoffset;
1114 			uio.uio_offset = offset + bufoffset;
1115 			uio.uio_resid = iov.iov_len;
1116 			uio.uio_rw = UIO_WRITE;
1117 
1118 			if ((error = VOP_WRITE(uvp, &uio, 0, cred)) != 0)
1119 				break;
1120 
1121 			bufoffset += (count - bufoffset) - uio.uio_resid;
1122 		}
1123 
1124 		uio.uio_offset = offset + bufoffset;
1125 	}
1126 
1127 	free(buf, M_TEMP);
1128 
1129 	return (error);
1130 }
1131 
1132 /*
1133  * Copy file from lower to upper.
1134  *
1135  * If you need copy of the contents, set 1 to docopy. Otherwise, set 0 to
1136  * docopy.
1137  *
1138  * If no error returned, unp will be updated.
1139  */
1140 int
1141 unionfs_copyfile(struct unionfs_node *unp, int docopy, struct ucred *cred,
1142     struct thread *td)
1143 {
1144 	struct mount   *mp;
1145 	struct vnode   *udvp;
1146 	struct vnode   *lvp;
1147 	struct vnode   *uvp;
1148 	struct vattr	uva;
1149 	int		error;
1150 
1151 	lvp = unp->un_lowervp;
1152 	uvp = NULLVP;
1153 
1154 	if ((UNIONFSTOV(unp)->v_mount->mnt_flag & MNT_RDONLY))
1155 		return (EROFS);
1156 	if (unp->un_dvp == NULLVP)
1157 		return (EINVAL);
1158 	if (unp->un_uppervp != NULLVP)
1159 		return (EEXIST);
1160 	udvp = VTOUNIONFS(unp->un_dvp)->un_uppervp;
1161 	if (udvp == NULLVP)
1162 		return (EROFS);
1163 	if ((udvp->v_mount->mnt_flag & MNT_RDONLY))
1164 		return (EROFS);
1165 
1166 	error = VOP_ACCESS(lvp, VREAD, cred, td);
1167 	if (error != 0)
1168 		return (error);
1169 
1170 	if ((error = vn_start_write(udvp, &mp, V_WAIT | V_PCATCH)) != 0)
1171 		return (error);
1172 	error = unionfs_vn_create_on_upper(&uvp, udvp, unp, &uva, td);
1173 	if (error != 0) {
1174 		vn_finished_write(mp);
1175 		return (error);
1176 	}
1177 
1178 	if (docopy != 0) {
1179 		error = VOP_OPEN(lvp, FREAD, cred, td, NULL);
1180 		if (error == 0) {
1181 			error = unionfs_copyfile_core(lvp, uvp, cred, td);
1182 			VOP_CLOSE(lvp, FREAD, cred, td);
1183 		}
1184 	}
1185 	VOP_CLOSE(uvp, FWRITE, cred, td);
1186 	VOP_ADD_WRITECOUNT_CHECKED(uvp, -1);
1187 	CTR3(KTR_VFS, "%s: vp %p v_writecount decreased to %d",
1188 	    __func__, uvp, uvp->v_writecount);
1189 
1190 	vn_finished_write(mp);
1191 
1192 	if (error == 0) {
1193 		/* Reset the attributes. Ignore errors. */
1194 		uva.va_type = VNON;
1195 		VOP_SETATTR(uvp, &uva, cred);
1196 	}
1197 
1198 	unionfs_node_update(unp, uvp, td);
1199 
1200 	return (error);
1201 }
1202 
1203 /*
1204  * It checks whether vp can rmdir. (check empty)
1205  *
1206  * vp is unionfs vnode.
1207  * vp should be locked.
1208  */
1209 int
1210 unionfs_check_rmdir(struct vnode *vp, struct ucred *cred, struct thread *td)
1211 {
1212 	struct vnode   *uvp;
1213 	struct vnode   *lvp;
1214 	struct vnode   *tvp;
1215 	struct dirent  *dp;
1216 	struct dirent  *edp;
1217 	struct componentname cn;
1218 	struct iovec	iov;
1219 	struct uio	uio;
1220 	struct vattr	va;
1221 	int		error;
1222 	int		eofflag;
1223 	int		lookuperr;
1224 
1225 	/*
1226 	 * The size of buf needs to be larger than DIRBLKSIZ.
1227 	 */
1228 	char		buf[256 * 6];
1229 
1230 	ASSERT_VOP_ELOCKED(vp, __func__);
1231 
1232 	eofflag = 0;
1233 	uvp = UNIONFSVPTOUPPERVP(vp);
1234 	lvp = UNIONFSVPTOLOWERVP(vp);
1235 
1236 	/* check opaque */
1237 	if ((error = VOP_GETATTR(uvp, &va, cred)) != 0)
1238 		return (error);
1239 	if (va.va_flags & OPAQUE)
1240 		return (0);
1241 
1242 	/* open vnode */
1243 #ifdef MAC
1244 	if ((error = mac_vnode_check_open(cred, vp, VEXEC|VREAD)) != 0)
1245 		return (error);
1246 #endif
1247 	if ((error = VOP_ACCESS(vp, VEXEC|VREAD, cred, td)) != 0)
1248 		return (error);
1249 	if ((error = VOP_OPEN(vp, FREAD, cred, td, NULL)) != 0)
1250 		return (error);
1251 
1252 	uio.uio_rw = UIO_READ;
1253 	uio.uio_segflg = UIO_SYSSPACE;
1254 	uio.uio_td = td;
1255 	uio.uio_offset = 0;
1256 
1257 #ifdef MAC
1258 	error = mac_vnode_check_readdir(td->td_ucred, lvp);
1259 #endif
1260 	while (!error && !eofflag) {
1261 		iov.iov_base = buf;
1262 		iov.iov_len = sizeof(buf);
1263 		uio.uio_iov = &iov;
1264 		uio.uio_iovcnt = 1;
1265 		uio.uio_resid = iov.iov_len;
1266 
1267 		error = VOP_READDIR(lvp, &uio, cred, &eofflag, NULL, NULL);
1268 		if (error != 0)
1269 			break;
1270 		KASSERT(eofflag != 0 || uio.uio_resid < sizeof(buf),
1271 		    ("%s: empty read from lower FS", __func__));
1272 
1273 		edp = (struct dirent*)&buf[sizeof(buf) - uio.uio_resid];
1274 		for (dp = (struct dirent*)buf; !error && dp < edp;
1275 		     dp = (struct dirent*)((caddr_t)dp + dp->d_reclen)) {
1276 			if (dp->d_type == DT_WHT || dp->d_fileno == 0 ||
1277 			    (dp->d_namlen == 1 && dp->d_name[0] == '.') ||
1278 			    (dp->d_namlen == 2 && !bcmp(dp->d_name, "..", 2)))
1279 				continue;
1280 
1281 			cn.cn_namelen = dp->d_namlen;
1282 			cn.cn_pnbuf = NULL;
1283 			cn.cn_nameptr = dp->d_name;
1284 			cn.cn_nameiop = LOOKUP;
1285 			cn.cn_flags = LOCKPARENT | LOCKLEAF | RDONLY | ISLASTCN;
1286 			cn.cn_lkflags = LK_EXCLUSIVE;
1287 			cn.cn_cred = cred;
1288 
1289 			/*
1290 			 * check entry in lower.
1291 			 * Sometimes, readdir function returns
1292 			 * wrong entry.
1293 			 */
1294 			lookuperr = VOP_LOOKUP(lvp, &tvp, &cn);
1295 
1296 			if (!lookuperr)
1297 				vput(tvp);
1298 			else
1299 				continue; /* skip entry */
1300 
1301 			/*
1302 			 * check entry
1303 			 * If it has no exist/whiteout entry in upper,
1304 			 * directory is not empty.
1305 			 */
1306 			cn.cn_flags = LOCKPARENT | LOCKLEAF | RDONLY | ISLASTCN;
1307 			lookuperr = VOP_LOOKUP(uvp, &tvp, &cn);
1308 
1309 			if (!lookuperr)
1310 				vput(tvp);
1311 
1312 			/* ignore exist or whiteout entry */
1313 			if (!lookuperr ||
1314 			    (lookuperr == ENOENT && (cn.cn_flags & ISWHITEOUT)))
1315 				continue;
1316 
1317 			error = ENOTEMPTY;
1318 		}
1319 	}
1320 
1321 	/* close vnode */
1322 	VOP_CLOSE(vp, FREAD, cred, td);
1323 
1324 	return (error);
1325 }
1326 
1327