xref: /titanic_50/usr/src/uts/common/fs/specfs/specvnops.c (revision 8d483882aa3390058094b043f3d62187b5d1de03)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
27 /*	  All Rights Reserved  	*/
28 
29 /*
30  * University Copyright- Copyright (c) 1982, 1986, 1988
31  * The Regents of the University of California
32  * All Rights Reserved
33  *
34  * University Acknowledgment- Portions of this document are derived from
35  * software developed by the University of California, Berkeley, and its
36  * contributors.
37  */
38 
39 
40 #pragma ident	"%Z%%M%	%I%	%E% SMI"
41 
42 #include <sys/types.h>
43 #include <sys/thread.h>
44 #include <sys/t_lock.h>
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/bitmap.h>
48 #include <sys/buf.h>
49 #include <sys/cmn_err.h>
50 #include <sys/conf.h>
51 #include <sys/ddi.h>
52 #include <sys/debug.h>
53 #include <sys/dkio.h>
54 #include <sys/errno.h>
55 #include <sys/time.h>
56 #include <sys/fcntl.h>
57 #include <sys/flock.h>
58 #include <sys/file.h>
59 #include <sys/kmem.h>
60 #include <sys/mman.h>
61 #include <sys/open.h>
62 #include <sys/swap.h>
63 #include <sys/sysmacros.h>
64 #include <sys/uio.h>
65 #include <sys/vfs.h>
66 #include <sys/vfs_opreg.h>
67 #include <sys/vnode.h>
68 #include <sys/stat.h>
69 #include <sys/poll.h>
70 #include <sys/stream.h>
71 #include <sys/strsubr.h>
72 #include <sys/policy.h>
73 #include <sys/devpolicy.h>
74 
75 #include <sys/proc.h>
76 #include <sys/user.h>
77 #include <sys/session.h>
78 #include <sys/vmsystm.h>
79 #include <sys/vtrace.h>
80 #include <sys/pathname.h>
81 
82 #include <sys/fs/snode.h>
83 
84 #include <vm/seg.h>
85 #include <vm/seg_map.h>
86 #include <vm/page.h>
87 #include <vm/pvn.h>
88 #include <vm/seg_dev.h>
89 #include <vm/seg_vn.h>
90 
91 #include <fs/fs_subr.h>
92 
93 #include <sys/esunddi.h>
94 #include <sys/autoconf.h>
95 #include <sys/sunndi.h>
96 #include <sys/contract/device_impl.h>
97 
98 
99 static int spec_open(struct vnode **, int, struct cred *);
100 static int spec_close(struct vnode *, int, int, offset_t, struct cred *);
101 static int spec_read(struct vnode *, struct uio *, int, struct cred *,
102 	struct caller_context *);
103 static int spec_write(struct vnode *, struct uio *, int, struct cred *,
104 	struct caller_context *);
105 static int spec_ioctl(struct vnode *, int, intptr_t, int, struct cred *, int *);
106 static int spec_getattr(struct vnode *, struct vattr *, int, struct cred *);
107 static int spec_setattr(struct vnode *, struct vattr *, int, struct cred *,
108 	caller_context_t *);
109 static int spec_access(struct vnode *, int, int, struct cred *);
110 static int spec_create(struct vnode *, char *, vattr_t *, enum vcexcl,
111     int, struct vnode **, struct cred *, int);
112 static int spec_fsync(struct vnode *, int, struct cred *);
113 static void spec_inactive(struct vnode *, struct cred *);
114 static int spec_fid(struct vnode *, struct fid *);
115 static int spec_seek(struct vnode *, offset_t, offset_t *);
116 static int spec_frlock(struct vnode *, int, struct flock64 *, int, offset_t,
117     struct flk_callback *, struct cred *);
118 static int spec_realvp(struct vnode *, struct vnode **);
119 
120 static int spec_getpage(struct vnode *, offset_t, size_t, uint_t *, page_t **,
121     size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
122 static int spec_putapage(struct vnode *, page_t *, u_offset_t *, size_t *, int,
123 	struct cred *);
124 static struct buf *spec_startio(struct vnode *, page_t *, u_offset_t, size_t,
125 	int);
126 static int spec_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
127     page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
128 static int spec_map(struct vnode *, offset_t, struct as *, caddr_t *, size_t,
129     uchar_t, uchar_t, uint_t, struct cred *);
130 static int spec_addmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
131     uchar_t, uchar_t, uint_t, struct cred *);
132 static int spec_delmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
133     uint_t, uint_t, uint_t, struct cred *);
134 
135 static int spec_poll(struct vnode *, short, int, short *, struct pollhead **);
136 static int spec_dump(struct vnode *, caddr_t, int, int);
137 static int spec_pageio(struct vnode *, page_t *, u_offset_t, size_t, int,
138     cred_t *);
139 
140 static int spec_getsecattr(struct vnode *, vsecattr_t *, int, struct cred *);
141 static int spec_setsecattr(struct vnode *, vsecattr_t *, int, struct cred *);
142 static int spec_pathconf(struct	vnode *, int, ulong_t *, struct cred *);
143 
144 #define	SN_HOLD(csp)	{ \
145 	mutex_enter(&csp->s_lock); \
146 	csp->s_count++; \
147 	mutex_exit(&csp->s_lock); \
148 }
149 
150 #define	SN_RELE(csp)	{ \
151 	mutex_enter(&csp->s_lock); \
152 	csp->s_count--; \
153 	ASSERT((csp->s_count > 0) || (csp->s_vnode->v_stream == NULL)); \
154 	mutex_exit(&csp->s_lock); \
155 }
156 
157 #define	S_ISFENCED(sp)	((VTOS((sp)->s_commonvp))->s_flag & SFENCED)
158 
159 struct vnodeops *spec_vnodeops;
160 
161 /*
162  * *PLEASE NOTE*: If you add new entry points to specfs, do
163  * not forget to add support for fencing. A fenced snode
164  * is indicated by the SFENCED flag in the common snode.
165  * If a snode is fenced, determine if your entry point is
166  * a configuration operation (Example: open), a detection
167  * operation (Example: gettattr), an I/O operation (Example: ioctl())
168  * or an unconfiguration operation (Example: close). If it is
169  * a configuration or detection operation, fail the operation
170  * for a fenced snode with an ENXIO or EIO as appropriate. If
171  * it is any other operation, let it through.
172  */
173 
174 const fs_operation_def_t spec_vnodeops_template[] = {
175 	VOPNAME_OPEN,		{ .vop_open = spec_open },
176 	VOPNAME_CLOSE,		{ .vop_close = spec_close },
177 	VOPNAME_READ,		{ .vop_read = spec_read },
178 	VOPNAME_WRITE,		{ .vop_write = spec_write },
179 	VOPNAME_IOCTL,		{ .vop_ioctl = spec_ioctl },
180 	VOPNAME_GETATTR,	{ .vop_getattr = spec_getattr },
181 	VOPNAME_SETATTR,	{ .vop_setattr = spec_setattr },
182 	VOPNAME_ACCESS,		{ .vop_access = spec_access },
183 	VOPNAME_CREATE,		{ .vop_create = spec_create },
184 	VOPNAME_FSYNC,		{ .vop_fsync = spec_fsync },
185 	VOPNAME_INACTIVE,	{ .vop_inactive = spec_inactive },
186 	VOPNAME_FID,		{ .vop_fid = spec_fid },
187 	VOPNAME_SEEK,		{ .vop_seek = spec_seek },
188 	VOPNAME_PATHCONF,	{ .vop_pathconf = spec_pathconf },
189 	VOPNAME_FRLOCK,		{ .vop_frlock = spec_frlock },
190 	VOPNAME_REALVP,		{ .vop_realvp = spec_realvp },
191 	VOPNAME_GETPAGE,	{ .vop_getpage = spec_getpage },
192 	VOPNAME_PUTPAGE,	{ .vop_putpage = spec_putpage },
193 	VOPNAME_MAP,		{ .vop_map = spec_map },
194 	VOPNAME_ADDMAP,		{ .vop_addmap = spec_addmap },
195 	VOPNAME_DELMAP,		{ .vop_delmap = spec_delmap },
196 	VOPNAME_POLL,		{ .vop_poll = spec_poll },
197 	VOPNAME_DUMP,		{ .vop_dump = spec_dump },
198 	VOPNAME_PAGEIO,		{ .vop_pageio = spec_pageio },
199 	VOPNAME_SETSECATTR,	{ .vop_setsecattr = spec_setsecattr },
200 	VOPNAME_GETSECATTR,	{ .vop_getsecattr = spec_getsecattr },
201 	NULL,			NULL
202 };
203 
204 /*
205  * Return address of spec_vnodeops
206  */
207 struct vnodeops *
208 spec_getvnodeops(void)
209 {
210 	return (spec_vnodeops);
211 }
212 
213 extern vnode_t *rconsvp;
214 
215 /*
216  * Acquire the serial lock on the common snode.
217  */
218 #define	LOCK_CSP(csp)			(void) spec_lockcsp(csp, 0, 1, 0)
219 #define	LOCKHOLD_CSP_SIG(csp)		spec_lockcsp(csp, 1, 1, 1)
220 #define	SYNCHOLD_CSP_SIG(csp, intr)	spec_lockcsp(csp, intr, 0, 1)
221 
222 /*
223  * Synchronize with active SLOCKED, optionally checking for a signal and
224  * optionally returning with SLOCKED set and SN_HOLD done.  The 'intr'
225  * argument determines if the thread is interruptible by a signal while
226  * waiting, the function returns 0 if interrupted.  When 1 is returned
227  * the 'hold' argument determines if the open count (SN_HOLD) has been
228  * incremented and the 'setlock' argument determines if the function
229  * returns with SLOCKED set.
230  */
231 static int
232 spec_lockcsp(struct snode *csp, int intr, int setlock, int hold)
233 {
234 	mutex_enter(&csp->s_lock);
235 	while (csp->s_flag & SLOCKED) {
236 		csp->s_flag |= SWANT;
237 		if (intr) {
238 			if (!cv_wait_sig(&csp->s_cv, &csp->s_lock)) {
239 				mutex_exit(&csp->s_lock);
240 				return (0);		/* interrupted */
241 			}
242 		} else {
243 			cv_wait(&csp->s_cv, &csp->s_lock);
244 		}
245 	}
246 	if (setlock)
247 		csp->s_flag |= SLOCKED;
248 	if (hold)
249 		csp->s_count++;		/* one more open reference : SN_HOLD */
250 	mutex_exit(&csp->s_lock);
251 	return (1);			/* serialized/locked */
252 }
253 
254 /*
255  * Unlock the serial lock on the common snode
256  */
257 #define	UNLOCK_CSP_LOCK_HELD(csp)			\
258 	ASSERT(mutex_owned(&csp->s_lock));		\
259 	if (csp->s_flag & SWANT)			\
260 		cv_broadcast(&csp->s_cv);		\
261 	csp->s_flag &= ~(SWANT|SLOCKED);
262 
263 #define	UNLOCK_CSP(csp)					\
264 	mutex_enter(&csp->s_lock);			\
265 	UNLOCK_CSP_LOCK_HELD(csp);			\
266 	mutex_exit(&csp->s_lock);
267 
268 /*
269  * compute/return the size of the device
270  */
271 #define	SPEC_SIZE(csp)	\
272 	(((csp)->s_flag & SSIZEVALID) ? (csp)->s_size : spec_size(csp))
273 
274 /*
275  * Compute and return the size.  If the size in the common snode is valid then
276  * return it.  If not valid then get the size from the driver and set size in
277  * the common snode.  If the device has not been attached then we don't ask for
278  * an update from the driver- for non-streams SSIZEVALID stays unset until the
279  * device is attached. A stat of a mknod outside /devices (non-devfs) may
280  * report UNKNOWN_SIZE because the device may not be attached yet (SDIPSET not
281  * established in mknod until open time). An stat in /devices will report the
282  * size correctly.  Specfs should always call SPEC_SIZE instead of referring
283  * directly to s_size to initialize/retrieve the size of a device.
284  *
285  * XXX There is an inconsistency between block and raw - "unknown" is
286  * UNKNOWN_SIZE for VBLK and 0 for VCHR(raw).
287  */
288 static u_offset_t
289 spec_size(struct snode *csp)
290 {
291 	struct vnode	*cvp = STOV(csp);
292 	u_offset_t	size;
293 	int		plen;
294 	uint32_t	size32;
295 	dev_t		dev;
296 	dev_info_t	*devi;
297 	major_t		maj;
298 	uint_t		blksize;
299 	int		blkshift;
300 
301 	ASSERT((csp)->s_commonvp == cvp);	/* must be common node */
302 
303 	/* return cached value */
304 	mutex_enter(&csp->s_lock);
305 	if (csp->s_flag & SSIZEVALID) {
306 		mutex_exit(&csp->s_lock);
307 		return (csp->s_size);
308 	}
309 
310 	/* VOP_GETATTR of mknod has not had devcnt restriction applied */
311 	dev = cvp->v_rdev;
312 	maj = getmajor(dev);
313 	if (maj >= devcnt) {
314 		/* return non-cached UNKNOWN_SIZE */
315 		mutex_exit(&csp->s_lock);
316 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
317 	}
318 
319 	/* establish cached zero size for streams */
320 	if (STREAMSTAB(maj)) {
321 		csp->s_size = 0;
322 		csp->s_flag |= SSIZEVALID;
323 		mutex_exit(&csp->s_lock);
324 		return (0);
325 	}
326 
327 	/*
328 	 * Return non-cached UNKNOWN_SIZE if not open.
329 	 *
330 	 * NB: This check is bogus, calling prop_op(9E) should be gated by
331 	 * attach, not open. Not having this check however opens up a new
332 	 * context under which a driver's prop_op(9E) could be called. Calling
333 	 * prop_op(9E) in this new context has been shown to expose latent
334 	 * driver bugs (insufficient NULL pointer checks that lead to panic).
335 	 * We are keeping this open check for now to avoid these panics.
336 	 */
337 	if (csp->s_count == 0) {
338 		mutex_exit(&csp->s_lock);
339 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
340 	}
341 
342 	/* Return non-cached UNKNOWN_SIZE if not attached. */
343 	if (((csp->s_flag & SDIPSET) == 0) || (csp->s_dip == NULL) ||
344 	    !i_ddi_devi_attached(csp->s_dip)) {
345 		mutex_exit(&csp->s_lock);
346 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
347 	}
348 
349 	devi = csp->s_dip;
350 
351 	/*
352 	 * Established cached size obtained from the attached driver. Since we
353 	 * know the devinfo node, for efficiency we use cdev_prop_op directly
354 	 * instead of [cb]dev_[Ss]size.
355 	 */
356 	if (cvp->v_type == VCHR) {
357 		size = 0;
358 		plen = sizeof (size);
359 		if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
360 		    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
361 		    DDI_PROP_CONSUMER_TYPED, "Size", (caddr_t)&size,
362 		    &plen) != DDI_PROP_SUCCESS) {
363 			plen = sizeof (size32);
364 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
365 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
366 			    "size", (caddr_t)&size32, &plen) ==
367 			    DDI_PROP_SUCCESS)
368 				size = size32;
369 		}
370 	} else {
371 		size = UNKNOWN_SIZE;
372 		plen = sizeof (size);
373 		if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
374 		    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
375 		    DDI_PROP_CONSUMER_TYPED, "Nblocks", (caddr_t)&size,
376 		    &plen) != DDI_PROP_SUCCESS) {
377 			plen = sizeof (size32);
378 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
379 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
380 			    "nblocks", (caddr_t)&size32, &plen) ==
381 			    DDI_PROP_SUCCESS)
382 				size = size32;
383 		}
384 
385 		if (size != UNKNOWN_SIZE) {
386 			blksize = DEV_BSIZE;		/* default */
387 			plen = sizeof (blksize);
388 
389 			/* try to get dev_t specific "blksize" */
390 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
391 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
392 			    "blksize", (caddr_t)&blksize, &plen) !=
393 			    DDI_PROP_SUCCESS) {
394 				/*
395 				 * Try for dev_info node "device-blksize".
396 				 * If this fails then blksize will still be
397 				 * DEV_BSIZE default value.
398 				 */
399 				(void) cdev_prop_op(DDI_DEV_T_ANY, devi,
400 				    PROP_LEN_AND_VAL_BUF,
401 				    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
402 				    "device-blksize", (caddr_t)&blksize, &plen);
403 			}
404 
405 			/* blksize must be a power of two */
406 			ASSERT(BIT_ONLYONESET(blksize));
407 			blkshift = highbit(blksize) - 1;
408 
409 			/* convert from block size to byte size */
410 			if (size < (MAXOFFSET_T >> blkshift))
411 				size = size << blkshift;
412 			else
413 				size = UNKNOWN_SIZE;
414 		}
415 	}
416 
417 	csp->s_size = size;
418 	csp->s_flag |= SSIZEVALID;
419 
420 	mutex_exit(&csp->s_lock);
421 	return (size);
422 }
423 
424 /*
425  * This function deal with vnode substitution in the case of
426  * device cloning.
427  */
428 static int
429 spec_clone(struct vnode **vpp, dev_t newdev, int vtype, struct stdata *stp)
430 {
431 	dev_t		dev = (*vpp)->v_rdev;
432 	major_t		maj = getmajor(dev);
433 	major_t 	newmaj = getmajor(newdev);
434 	int		sysclone = (maj == clone_major);
435 	int		qassociate_used = 0;
436 	struct snode	*oldsp, *oldcsp;
437 	struct snode	*newsp, *newcsp;
438 	struct vnode	*newvp, *newcvp;
439 	dev_info_t	*dip;
440 	queue_t		*dq;
441 
442 	ASSERT(dev != newdev);
443 
444 	/*
445 	 * Check for cloning across different drivers.
446 	 * We only support this under the system provided clone driver
447 	 */
448 	if ((maj != newmaj) && !sysclone) {
449 		cmn_err(CE_NOTE,
450 		    "unsupported clone open maj = %u, newmaj = %u",
451 		    maj, newmaj);
452 		return (ENXIO);
453 	}
454 
455 	/* old */
456 	oldsp = VTOS(*vpp);
457 	oldcsp = VTOS(oldsp->s_commonvp);
458 
459 	/* new */
460 	newvp = makespecvp(newdev, vtype);
461 	ASSERT(newvp != NULL);
462 	newsp = VTOS(newvp);
463 	newcvp = newsp->s_commonvp;
464 	newcsp = VTOS(newcvp);
465 
466 	/*
467 	 * Clones inherit fsid, realvp, and dip.
468 	 * XXX realvp inherit is not occurring, does fstat of clone work?
469 	 */
470 	newsp->s_fsid = oldsp->s_fsid;
471 	if (sysclone) {
472 		newsp->s_flag |= SCLONE;
473 		dip = NULL;
474 	} else {
475 		newsp->s_flag |= SSELFCLONE;
476 		dip = oldcsp->s_dip;
477 	}
478 
479 	/*
480 	 * If we cloned to an opened newdev that already has called
481 	 * spec_assoc_vp_with_devi (SDIPSET set) then the association is
482 	 * already established.
483 	 */
484 	if (!(newcsp->s_flag & SDIPSET)) {
485 		/*
486 		 * Establish s_dip association for newdev.
487 		 *
488 		 * If we trusted the getinfo(9E) DDI_INFO_DEVT2INSTANCE
489 		 * implementation of all cloning drivers  (SCLONE and SELFCLONE)
490 		 * we would always use e_ddi_hold_devi_by_dev().  We know that
491 		 * many drivers have had (still have?) problems with
492 		 * DDI_INFO_DEVT2INSTANCE, so we try to minimize reliance by
493 		 * detecting drivers that use QASSOCIATE (by looking down the
494 		 * stream) and setting their s_dip association to NULL.
495 		 */
496 		qassociate_used = 0;
497 		if (stp) {
498 			for (dq = stp->sd_wrq; dq; dq = dq->q_next) {
499 				if (_RD(dq)->q_flag & _QASSOCIATED) {
500 					qassociate_used = 1;
501 					dip = NULL;
502 					break;
503 				}
504 			}
505 		}
506 
507 		if (dip || qassociate_used) {
508 			spec_assoc_vp_with_devi(newvp, dip);
509 		} else {
510 			/* derive association from newdev */
511 			dip = e_ddi_hold_devi_by_dev(newdev, 0);
512 			spec_assoc_vp_with_devi(newvp, dip);
513 			if (dip)
514 				ddi_release_devi(dip);
515 		}
516 	}
517 
518 	SN_HOLD(newcsp);
519 
520 	/* deal with stream stuff */
521 	if (stp != NULL) {
522 		LOCK_CSP(newcsp);	/* synchronize stream open/close */
523 		mutex_enter(&newcsp->s_lock);
524 		newcvp->v_stream = newvp->v_stream = stp;
525 		stp->sd_vnode = newcvp;
526 		stp->sd_strtab = STREAMSTAB(newmaj);
527 		mutex_exit(&newcsp->s_lock);
528 		UNLOCK_CSP(newcsp);
529 	}
530 
531 	/* substitute the vnode */
532 	SN_RELE(oldcsp);
533 	VN_RELE(*vpp);
534 	*vpp = newvp;
535 
536 	return (0);
537 }
538 
539 static int
540 spec_open(struct vnode **vpp, int flag, struct cred *cr)
541 {
542 	major_t maj;
543 	dev_t dev, newdev;
544 	struct vnode *vp, *cvp;
545 	struct snode *sp, *csp;
546 	struct stdata *stp;
547 	dev_info_t *dip;
548 	int error, type;
549 	contract_t *ct = NULL;
550 	int open_returns_eintr;
551 
552 	flag &= ~FCREAT;		/* paranoia */
553 
554 	vp = *vpp;
555 	sp = VTOS(vp);
556 	ASSERT((vp->v_type == VCHR) || (vp->v_type == VBLK));
557 	if ((vp->v_type != VCHR) && (vp->v_type != VBLK))
558 		return (ENXIO);
559 
560 	/*
561 	 * If the VFS_NODEVICES bit was set for the mount,
562 	 * do not allow opens of special devices.
563 	 */
564 	if (sp->s_realvp && (sp->s_realvp->v_vfsp->vfs_flag & VFS_NODEVICES))
565 		return (ENXIO);
566 
567 	newdev = dev = vp->v_rdev;
568 
569 	/*
570 	 * If we are opening a node that has not had spec_assoc_vp_with_devi
571 	 * called against it (mknod outside /devices or a non-dacf makespecvp
572 	 * node) then SDIPSET will not be set. In this case we call an
573 	 * interface which will reconstruct the path and lookup (drive attach)
574 	 * through devfs (e_ddi_hold_devi_by_dev -> e_ddi_hold_devi_by_path ->
575 	 * devfs_lookupname).  For support of broken drivers that don't call
576 	 * ddi_create_minor_node for all minor nodes in their instance space,
577 	 * we call interfaces that operates at the directory/devinfo
578 	 * (major/instance) level instead of to the leaf/minor node level.
579 	 * After finding and attaching the dip we associate it with the
580 	 * common specfs vnode (s_dip), which sets SDIPSET.  A DL_DETACH_REQ
581 	 * to style-2 stream driver may set s_dip to NULL with SDIPSET set.
582 	 *
583 	 * NOTE: Although e_ddi_hold_devi_by_dev takes a dev_t argument, its
584 	 * implementation operates at the major/instance level since it only
585 	 * need to return a dip.
586 	 */
587 	cvp = sp->s_commonvp;
588 	csp = VTOS(cvp);
589 	if (!(csp->s_flag & SDIPSET)) {
590 		/* try to attach, return error if we fail */
591 		if ((dip = e_ddi_hold_devi_by_dev(dev, 0)) == NULL)
592 			return (ENXIO);
593 
594 		/* associate dip with the common snode s_dip */
595 		spec_assoc_vp_with_devi(vp, dip);
596 		ddi_release_devi(dip);	/* from e_ddi_hold_devi_by_dev */
597 	}
598 
599 	/* check if device fenced off */
600 	if (S_ISFENCED(sp))
601 		return (ENXIO);
602 
603 #ifdef  DEBUG
604 	/* verify attach/open exclusion guarantee */
605 	dip = csp->s_dip;
606 	ASSERT((dip == NULL) || i_ddi_devi_attached(dip));
607 #endif  /* DEBUG */
608 
609 	if ((error = secpolicy_spec_open(cr, vp, flag)) != 0)
610 		return (error);
611 
612 	maj = getmajor(dev);
613 	if (STREAMSTAB(maj))
614 		goto streams_open;
615 
616 	/*
617 	 * Wait for in progress last close to complete. This guarantees
618 	 * to the driver writer that we will never be in the drivers
619 	 * open and close on the same (dev_t, otype) at the same time.
620 	 * Open count already incremented (SN_HOLD) on non-zero return.
621 	 * The wait is interruptible by a signal if the driver sets the
622 	 * D_OPEN_RETURNS_EINTR cb_ops(9S) cb_flag or sets the
623 	 * ddi-open-returns-eintr(9P) property in its driver.conf.
624 	 */
625 	if ((devopsp[maj]->devo_cb_ops->cb_flag & D_OPEN_RETURNS_EINTR) ||
626 	    (devnamesp[maj].dn_flags & DN_OPEN_RETURNS_EINTR))
627 		open_returns_eintr = 1;
628 	else
629 		open_returns_eintr = 0;
630 	while (SYNCHOLD_CSP_SIG(csp, open_returns_eintr) == 0) {
631 		if (csp->s_flag & SCLOSING)
632 			return (EINTR);
633 	}
634 
635 	/* non streams open */
636 	type = (vp->v_type == VBLK ? OTYP_BLK : OTYP_CHR);
637 	error = dev_open(&newdev, flag, type, cr);
638 
639 	/* deal with clone case */
640 	if (error == 0 && dev != newdev) {
641 		error = spec_clone(vpp, newdev, vp->v_type, NULL);
642 		/*
643 		 * bail on clone failure, further processing
644 		 * results in undefined behaviors.
645 		 */
646 		if (error != 0)
647 			return (error);
648 		sp = VTOS(*vpp);
649 		csp = VTOS(sp->s_commonvp);
650 	}
651 
652 	/*
653 	 * create contracts only for userland opens
654 	 * Successful open and cloning is done at this point.
655 	 */
656 	if (error == 0 && !(flag & FKLYR)) {
657 		int spec_type;
658 		spec_type = (STOV(csp)->v_type == VCHR) ? S_IFCHR : S_IFBLK;
659 		if (contract_device_open(newdev, spec_type, NULL) != 0) {
660 			error = EIO;
661 		}
662 	}
663 
664 	if (error == 0) {
665 		sp->s_size = SPEC_SIZE(csp);
666 
667 		if ((csp->s_flag & SNEEDCLOSE) == 0) {
668 			int nmaj = getmajor(newdev);
669 			mutex_enter(&csp->s_lock);
670 			/* successful open needs a close later */
671 			csp->s_flag |= SNEEDCLOSE;
672 
673 			/*
674 			 * Invalidate possible cached "unknown" size
675 			 * established by a VOP_GETATTR while open was in
676 			 * progress, and the driver might fail prop_op(9E).
677 			 */
678 			if (((cvp->v_type == VCHR) && (csp->s_size == 0)) ||
679 			    ((cvp->v_type == VBLK) &&
680 			    (csp->s_size == UNKNOWN_SIZE)))
681 				csp->s_flag &= ~SSIZEVALID;
682 
683 			if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_64BIT)
684 				csp->s_flag |= SLOFFSET;
685 			if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_U64BIT)
686 				csp->s_flag |= SLOFFSET | SANYOFFSET;
687 			mutex_exit(&csp->s_lock);
688 		}
689 		return (0);
690 	}
691 
692 	/*
693 	 * Open failed. If we missed a close operation because
694 	 * we were trying to get the device open and it is the
695 	 * last in progress open that is failing then call close.
696 	 *
697 	 * NOTE: Only non-streams open has this race condition.
698 	 */
699 	mutex_enter(&csp->s_lock);
700 	csp->s_count--;			/* decrement open count : SN_RELE */
701 	if ((csp->s_count == 0) &&	/* no outstanding open */
702 	    (csp->s_mapcnt == 0) &&	/* no mapping */
703 	    (csp->s_flag & SNEEDCLOSE)) { /* need a close */
704 		csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
705 
706 		/* See comment in spec_close() */
707 		if (csp->s_flag & (SCLONE | SSELFCLONE))
708 			csp->s_flag &= ~SDIPSET;
709 
710 		csp->s_flag |= SCLOSING;
711 		mutex_exit(&csp->s_lock);
712 
713 		ASSERT(*vpp != NULL);
714 		(void) device_close(*vpp, flag, cr);
715 
716 		mutex_enter(&csp->s_lock);
717 		csp->s_flag &= ~SCLOSING;
718 		mutex_exit(&csp->s_lock);
719 	} else {
720 		mutex_exit(&csp->s_lock);
721 	}
722 	return (error);
723 
724 streams_open:
725 	if (vp->v_type != VCHR)
726 		return (ENXIO);
727 
728 	/*
729 	 * Lock common snode to prevent any new clone opens on this
730 	 * stream while one is in progress. This is necessary since
731 	 * the stream currently associated with the clone device will
732 	 * not be part of it after the clone open completes. Unfortunately
733 	 * we don't know in advance if this is a clone
734 	 * device so we have to lock all opens.
735 	 *
736 	 * If we fail, it's because of an interrupt - EINTR return is an
737 	 * expected aspect of opening a stream so we don't need to check
738 	 * D_OPEN_RETURNS_EINTR. Open count already incremented (SN_HOLD)
739 	 * on non-zero return.
740 	 */
741 	if (LOCKHOLD_CSP_SIG(csp) == 0)
742 		return (EINTR);
743 
744 	error = stropen(cvp, &newdev, flag, cr);
745 	stp = cvp->v_stream;
746 
747 	/* deal with the clone case */
748 	if ((error == 0) && (dev != newdev)) {
749 		vp->v_stream = cvp->v_stream = NULL;
750 		UNLOCK_CSP(csp);
751 		error = spec_clone(vpp, newdev, vp->v_type, stp);
752 		/*
753 		 * bail on clone failure, further processing
754 		 * results in undefined behaviors.
755 		 */
756 		if (error != 0)
757 			return (error);
758 		sp = VTOS(*vpp);
759 		csp = VTOS(sp->s_commonvp);
760 	} else if (error == 0) {
761 		vp->v_stream = stp;
762 		UNLOCK_CSP(csp);
763 	}
764 
765 	/*
766 	 * create contracts only for userland opens
767 	 * Successful open and cloning is done at this point.
768 	 */
769 	if (error == 0 && !(flag & FKLYR)) {
770 		/* STREAM is of type S_IFCHR */
771 		if (contract_device_open(newdev, S_IFCHR, &ct) != 0) {
772 			UNLOCK_CSP(csp);
773 			(void) spec_close(vp, flag, 1, 0, cr);
774 			return (EIO);
775 		}
776 	}
777 
778 	if (error == 0) {
779 		/* STREAMS devices don't have a size */
780 		sp->s_size = csp->s_size = 0;
781 
782 		if (!(stp->sd_flag & STRISTTY) || (flag & FNOCTTY))
783 			return (0);
784 
785 		/* try to allocate it as a controlling terminal */
786 		if (strctty(stp) != EINTR)
787 			return (0);
788 
789 		/* strctty() was interrupted by a signal */
790 		if (ct) {
791 			/* we only create contracts for userland opens */
792 			ASSERT(ttoproc(curthread));
793 			(void) contract_abandon(ct, ttoproc(curthread), 0);
794 		}
795 		(void) spec_close(vp, flag, 1, 0, cr);
796 		return (EINTR);
797 	}
798 
799 	/*
800 	 * Deal with stropen failure.
801 	 *
802 	 * sd_flag in the stream head cannot change since the
803 	 * common snode is locked before the call to stropen().
804 	 */
805 	if ((stp != NULL) && (stp->sd_flag & STREOPENFAIL)) {
806 		/*
807 		 * Open failed part way through.
808 		 */
809 		mutex_enter(&stp->sd_lock);
810 		stp->sd_flag &= ~STREOPENFAIL;
811 		mutex_exit(&stp->sd_lock);
812 
813 		UNLOCK_CSP(csp);
814 		(void) spec_close(vp, flag, 1, 0, cr);
815 	} else {
816 		UNLOCK_CSP(csp);
817 		SN_RELE(csp);
818 	}
819 
820 	return (error);
821 }
822 
823 /*ARGSUSED2*/
824 static int
825 spec_close(
826 	struct vnode	*vp,
827 	int		flag,
828 	int		count,
829 	offset_t	offset,
830 	struct cred	*cr)
831 {
832 	struct vnode *cvp;
833 	struct snode *sp, *csp;
834 	enum vtype type;
835 	dev_t dev;
836 	int error = 0;
837 	int sysclone;
838 
839 	if (!(flag & FKLYR)) {
840 		/* this only applies to closes of devices from userland */
841 		cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
842 		cleanshares(vp, ttoproc(curthread)->p_pid);
843 		if (vp->v_stream)
844 			strclean(vp);
845 	}
846 	if (count > 1)
847 		return (0);
848 
849 	/* we allow close to succeed even if device is fenced off */
850 	sp = VTOS(vp);
851 	cvp = sp->s_commonvp;
852 
853 	dev = sp->s_dev;
854 	type = vp->v_type;
855 
856 	ASSERT(type == VCHR || type == VBLK);
857 
858 	/*
859 	 * Prevent close/close and close/open races by serializing closes
860 	 * on this common snode. Clone opens are held up until after
861 	 * we have closed this device so the streams linkage is maintained
862 	 */
863 	csp = VTOS(cvp);
864 
865 	LOCK_CSP(csp);
866 	mutex_enter(&csp->s_lock);
867 
868 	csp->s_count--;			/* one fewer open reference : SN_RELE */
869 	sysclone = sp->s_flag & SCLONE;
870 
871 	/*
872 	 * Invalidate size on each close.
873 	 *
874 	 * XXX We do this on each close because we don't have interfaces that
875 	 * allow a driver to invalidate the size.  Since clearing this on each
876 	 * close this causes property overhead we skip /dev/null and
877 	 * /dev/zero to avoid degrading kenbus performance.
878 	 */
879 	if (getmajor(dev) != mm_major)
880 		csp->s_flag &= ~SSIZEVALID;
881 
882 	/*
883 	 * Only call the close routine when the last open reference through
884 	 * any [s, v]node goes away.  This can be checked by looking at
885 	 * s_count on the common vnode.
886 	 */
887 	if ((csp->s_count == 0) && (csp->s_mapcnt == 0)) {
888 		/* we don't need a close */
889 		csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
890 
891 		/*
892 		 * A cloning driver may open-clone to the same dev_t that we
893 		 * are closing before spec_inactive destroys the common snode.
894 		 * If this occurs the s_dip association needs to be reevaluated.
895 		 * We clear SDIPSET to force reevaluation in this case.  When
896 		 * reevaluation occurs (by spec_clone after open), if the
897 		 * devinfo association has changed then the old association
898 		 * will be released as the new association is established by
899 		 * spec_assoc_vp_with_devi().
900 		 */
901 		if (csp->s_flag & (SCLONE | SSELFCLONE))
902 			csp->s_flag &= ~SDIPSET;
903 
904 		csp->s_flag |= SCLOSING;
905 		mutex_exit(&csp->s_lock);
906 		error = device_close(vp, flag, cr);
907 
908 		/*
909 		 * Decrement the devops held in clnopen()
910 		 */
911 		if (sysclone) {
912 			ddi_rele_driver(getmajor(dev));
913 		}
914 		mutex_enter(&csp->s_lock);
915 		csp->s_flag &= ~SCLOSING;
916 	}
917 
918 	UNLOCK_CSP_LOCK_HELD(csp);
919 	mutex_exit(&csp->s_lock);
920 
921 	return (error);
922 }
923 
924 /*ARGSUSED2*/
925 static int
926 spec_read(
927 	struct vnode	*vp,
928 	struct uio	*uiop,
929 	int		ioflag,
930 	struct cred	*cr,
931 	struct caller_context *ct)
932 {
933 	int error;
934 	struct snode *sp = VTOS(vp);
935 	dev_t dev = sp->s_dev;
936 	size_t n;
937 	ulong_t on;
938 	u_offset_t bdevsize;
939 	offset_t maxoff;
940 	offset_t off;
941 	struct vnode *blkvp;
942 
943 	ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
944 
945 	if (STREAMSTAB(getmajor(dev))) {	/* stream */
946 		ASSERT(vp->v_type == VCHR);
947 		smark(sp, SACC);
948 		return (strread(vp, uiop, cr));
949 	}
950 
951 	if (uiop->uio_resid == 0)
952 		return (0);
953 
954 	/*
955 	 * Plain old character devices that set D_U64BIT can have
956 	 * unrestricted offsets.
957 	 */
958 	maxoff = spec_maxoffset(vp);
959 	ASSERT(maxoff != -1 || vp->v_type == VCHR);
960 
961 	if (maxoff != -1 && (uiop->uio_loffset < 0 ||
962 	    uiop->uio_loffset + uiop->uio_resid > maxoff))
963 		return (EINVAL);
964 
965 	if (vp->v_type == VCHR) {
966 		smark(sp, SACC);
967 		ASSERT(STREAMSTAB(getmajor(dev)) == 0);
968 		return (cdev_read(dev, uiop, cr));
969 	}
970 
971 	/*
972 	 * Block device.
973 	 */
974 	error = 0;
975 	blkvp = sp->s_commonvp;
976 	bdevsize = SPEC_SIZE(VTOS(blkvp));
977 
978 	do {
979 		caddr_t base;
980 		offset_t diff;
981 
982 		off = uiop->uio_loffset & (offset_t)MAXBMASK;
983 		on = (size_t)(uiop->uio_loffset & MAXBOFFSET);
984 		n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
985 		diff = bdevsize - uiop->uio_loffset;
986 
987 		if (diff <= 0)
988 			break;
989 		if (diff < n)
990 			n = (size_t)diff;
991 
992 		if (vpm_enable) {
993 			error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
994 			    n, uiop, 1, NULL, 0, S_READ);
995 		} else {
996 			base = segmap_getmapflt(segkmap, blkvp,
997 			    (u_offset_t)(off + on), n, 1, S_READ);
998 
999 			error = uiomove(base + on, n, UIO_READ, uiop);
1000 		}
1001 		if (!error) {
1002 			int flags = 0;
1003 			/*
1004 			 * If we read a whole block, we won't need this
1005 			 * buffer again soon.
1006 			 */
1007 			if (n + on == MAXBSIZE)
1008 				flags = SM_DONTNEED | SM_FREE;
1009 			if (vpm_enable) {
1010 				error = vpm_sync_pages(blkvp, off, n, flags);
1011 			} else {
1012 				error = segmap_release(segkmap, base, flags);
1013 			}
1014 		} else {
1015 			if (vpm_enable) {
1016 				(void) vpm_sync_pages(blkvp, off, n, 0);
1017 			} else {
1018 				(void) segmap_release(segkmap, base, 0);
1019 			}
1020 			if (bdevsize == UNKNOWN_SIZE) {
1021 				error = 0;
1022 				break;
1023 			}
1024 		}
1025 	} while (error == 0 && uiop->uio_resid > 0 && n != 0);
1026 
1027 	return (error);
1028 }
1029 
1030 /*ARGSUSED*/
1031 static int
1032 spec_write(
1033 	struct vnode *vp,
1034 	struct uio *uiop,
1035 	int ioflag,
1036 	struct cred *cr,
1037 	struct caller_context *ct)
1038 {
1039 	int error;
1040 	struct snode *sp = VTOS(vp);
1041 	dev_t dev = sp->s_dev;
1042 	size_t n;
1043 	ulong_t on;
1044 	u_offset_t bdevsize;
1045 	offset_t maxoff;
1046 	offset_t off;
1047 	struct vnode *blkvp;
1048 
1049 	ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
1050 
1051 	if (STREAMSTAB(getmajor(dev))) {
1052 		ASSERT(vp->v_type == VCHR);
1053 		smark(sp, SUPD);
1054 		return (strwrite(vp, uiop, cr));
1055 	}
1056 
1057 	/*
1058 	 * Plain old character devices that set D_U64BIT can have
1059 	 * unrestricted offsets.
1060 	 */
1061 	maxoff = spec_maxoffset(vp);
1062 	ASSERT(maxoff != -1 || vp->v_type == VCHR);
1063 
1064 	if (maxoff != -1 && (uiop->uio_loffset < 0 ||
1065 	    uiop->uio_loffset + uiop->uio_resid > maxoff))
1066 		return (EINVAL);
1067 
1068 	if (vp->v_type == VCHR) {
1069 		smark(sp, SUPD);
1070 		ASSERT(STREAMSTAB(getmajor(dev)) == 0);
1071 		return (cdev_write(dev, uiop, cr));
1072 	}
1073 
1074 	if (uiop->uio_resid == 0)
1075 		return (0);
1076 
1077 	error = 0;
1078 	blkvp = sp->s_commonvp;
1079 	bdevsize = SPEC_SIZE(VTOS(blkvp));
1080 
1081 	do {
1082 		int pagecreate;
1083 		int newpage;
1084 		caddr_t base;
1085 		offset_t diff;
1086 
1087 		off = uiop->uio_loffset & (offset_t)MAXBMASK;
1088 		on = (ulong_t)(uiop->uio_loffset & MAXBOFFSET);
1089 		n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
1090 		pagecreate = 0;
1091 
1092 		diff = bdevsize - uiop->uio_loffset;
1093 		if (diff <= 0) {
1094 			error = ENXIO;
1095 			break;
1096 		}
1097 		if (diff < n)
1098 			n = (size_t)diff;
1099 
1100 		/*
1101 		 * Check to see if we can skip reading in the page
1102 		 * and just allocate the memory.  We can do this
1103 		 * if we are going to rewrite the entire mapping
1104 		 * or if we are going to write to end of the device
1105 		 * from the beginning of the mapping.
1106 		 */
1107 		if (n == MAXBSIZE || (on == 0 && (off + n) == bdevsize))
1108 			pagecreate = 1;
1109 
1110 		newpage = 0;
1111 		if (vpm_enable) {
1112 			error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1113 			    n, uiop, !pagecreate, NULL, 0, S_WRITE);
1114 		} else {
1115 			base = segmap_getmapflt(segkmap, blkvp,
1116 			    (u_offset_t)(off + on), n, !pagecreate, S_WRITE);
1117 
1118 			/*
1119 			 * segmap_pagecreate() returns 1 if it calls
1120 			 * page_create_va() to allocate any pages.
1121 			 */
1122 
1123 			if (pagecreate)
1124 				newpage = segmap_pagecreate(segkmap, base + on,
1125 				    n, 0);
1126 
1127 			error = uiomove(base + on, n, UIO_WRITE, uiop);
1128 		}
1129 
1130 		if (!vpm_enable && pagecreate &&
1131 		    uiop->uio_loffset <
1132 		    P2ROUNDUP_TYPED(off + on + n, PAGESIZE, offset_t)) {
1133 			/*
1134 			 * We created pages w/o initializing them completely,
1135 			 * thus we need to zero the part that wasn't set up.
1136 			 * This can happen if we write to the end of the device
1137 			 * or if we had some sort of error during the uiomove.
1138 			 */
1139 			long nzero;
1140 			offset_t nmoved;
1141 
1142 			nmoved = (uiop->uio_loffset - (off + on));
1143 			if (nmoved < 0 || nmoved > n) {
1144 				panic("spec_write: nmoved bogus");
1145 				/*NOTREACHED*/
1146 			}
1147 			nzero = (long)P2ROUNDUP(on + n, PAGESIZE) -
1148 			    (on + nmoved);
1149 			if (nzero < 0 || (on + nmoved + nzero > MAXBSIZE)) {
1150 				panic("spec_write: nzero bogus");
1151 				/*NOTREACHED*/
1152 			}
1153 			(void) kzero(base + on + nmoved, (size_t)nzero);
1154 		}
1155 
1156 		/*
1157 		 * Unlock the pages which have been allocated by
1158 		 * page_create_va() in segmap_pagecreate().
1159 		 */
1160 		if (!vpm_enable && newpage)
1161 			segmap_pageunlock(segkmap, base + on,
1162 			    (size_t)n, S_WRITE);
1163 
1164 		if (error == 0) {
1165 			int flags = 0;
1166 
1167 			/*
1168 			 * Force write back for synchronous write cases.
1169 			 */
1170 			if (ioflag & (FSYNC|FDSYNC))
1171 				flags = SM_WRITE;
1172 			else if (n + on == MAXBSIZE || IS_SWAPVP(vp)) {
1173 				/*
1174 				 * Have written a whole block.
1175 				 * Start an asynchronous write and
1176 				 * mark the buffer to indicate that
1177 				 * it won't be needed again soon.
1178 				 * Push swap files here, since it
1179 				 * won't happen anywhere else.
1180 				 */
1181 				flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
1182 			}
1183 			smark(sp, SUPD|SCHG);
1184 			if (vpm_enable) {
1185 				error = vpm_sync_pages(blkvp, off, n, flags);
1186 			} else {
1187 				error = segmap_release(segkmap, base, flags);
1188 			}
1189 		} else {
1190 			if (vpm_enable) {
1191 				(void) vpm_sync_pages(blkvp, off, n, SM_INVAL);
1192 			} else {
1193 				(void) segmap_release(segkmap, base, SM_INVAL);
1194 			}
1195 		}
1196 
1197 	} while (error == 0 && uiop->uio_resid > 0 && n != 0);
1198 
1199 	return (error);
1200 }
1201 
1202 static int
1203 spec_ioctl(struct vnode *vp, int cmd, intptr_t arg, int mode, struct cred *cr,
1204     int *rvalp)
1205 {
1206 	struct snode *sp;
1207 	dev_t dev;
1208 	int error;
1209 
1210 	if (vp->v_type != VCHR)
1211 		return (ENOTTY);
1212 
1213 	/*
1214 	 * allow ioctls() to go through even for fenced snodes, as they
1215 	 * may include unconfiguration operation - for example popping of
1216 	 * streams modules.
1217 	 */
1218 
1219 	sp = VTOS(vp);
1220 	dev = sp->s_dev;
1221 	if (STREAMSTAB(getmajor(dev))) {
1222 		error = strioctl(vp, cmd, arg, mode, U_TO_K, cr, rvalp);
1223 	} else {
1224 		error = cdev_ioctl(dev, cmd, arg, mode, cr, rvalp);
1225 	}
1226 	return (error);
1227 }
1228 
1229 static int
1230 spec_getattr(struct vnode *vp, struct vattr *vap, int flags, struct cred *cr)
1231 {
1232 	int error;
1233 	struct snode *sp;
1234 	struct vnode *realvp;
1235 
1236 	/* With ATTR_COMM we will not get attributes from realvp */
1237 	if (flags & ATTR_COMM) {
1238 		sp = VTOS(vp);
1239 		vp = sp->s_commonvp;
1240 	}
1241 	sp = VTOS(vp);
1242 
1243 	/* we want stat() to fail with ENXIO if the device is fenced off */
1244 	if (S_ISFENCED(sp))
1245 		return (ENXIO);
1246 
1247 	realvp = sp->s_realvp;
1248 
1249 	if (realvp == NULL) {
1250 		static int snode_shift	= 0;
1251 
1252 		/*
1253 		 * Calculate the amount of bitshift to a snode pointer which
1254 		 * will still keep it unique.  See below.
1255 		 */
1256 		if (snode_shift == 0)
1257 			snode_shift = highbit(sizeof (struct snode));
1258 		ASSERT(snode_shift > 0);
1259 
1260 		/*
1261 		 * No real vnode behind this one.  Fill in the fields
1262 		 * from the snode.
1263 		 *
1264 		 * This code should be refined to return only the
1265 		 * attributes asked for instead of all of them.
1266 		 */
1267 		vap->va_type = vp->v_type;
1268 		vap->va_mode = 0;
1269 		vap->va_uid = vap->va_gid = 0;
1270 		vap->va_fsid = sp->s_fsid;
1271 
1272 		/*
1273 		 * If the va_nodeid is > MAX_USHORT, then i386 stats might
1274 		 * fail. So we shift down the snode pointer to try and get
1275 		 * the most uniqueness into 16-bits.
1276 		 */
1277 		vap->va_nodeid = ((ino64_t)(uintptr_t)sp >> snode_shift) &
1278 		    0xFFFF;
1279 		vap->va_nlink = 0;
1280 		vap->va_rdev = sp->s_dev;
1281 
1282 		/*
1283 		 * va_nblocks is the number of 512 byte blocks used to store
1284 		 * the mknod for the device, not the number of blocks on the
1285 		 * device itself.  This is typically zero since the mknod is
1286 		 * represented directly in the inode itself.
1287 		 */
1288 		vap->va_nblocks = 0;
1289 	} else {
1290 		error = VOP_GETATTR(realvp, vap, flags, cr);
1291 		if (error != 0)
1292 			return (error);
1293 	}
1294 
1295 	/* set the size from the snode */
1296 	vap->va_size = SPEC_SIZE(VTOS(sp->s_commonvp));
1297 	vap->va_blksize = MAXBSIZE;
1298 
1299 	mutex_enter(&sp->s_lock);
1300 	vap->va_atime.tv_sec = sp->s_atime;
1301 	vap->va_mtime.tv_sec = sp->s_mtime;
1302 	vap->va_ctime.tv_sec = sp->s_ctime;
1303 	mutex_exit(&sp->s_lock);
1304 
1305 	vap->va_atime.tv_nsec = 0;
1306 	vap->va_mtime.tv_nsec = 0;
1307 	vap->va_ctime.tv_nsec = 0;
1308 	vap->va_seq = 0;
1309 
1310 	return (0);
1311 }
1312 
1313 static int
1314 spec_setattr(
1315 	struct vnode *vp,
1316 	struct vattr *vap,
1317 	int flags,
1318 	struct cred *cr,
1319 	caller_context_t *ctp)
1320 {
1321 	struct snode *sp = VTOS(vp);
1322 	struct vnode *realvp;
1323 	int error;
1324 
1325 	/* fail with ENXIO if the device is fenced off */
1326 	if (S_ISFENCED(sp))
1327 		return (ENXIO);
1328 
1329 	if (vp->v_type == VCHR && vp->v_stream && (vap->va_mask & AT_SIZE)) {
1330 		/*
1331 		 * 1135080:	O_TRUNC should have no effect on
1332 		 *		named pipes and terminal devices.
1333 		 */
1334 		ASSERT(vap->va_mask == AT_SIZE);
1335 		return (0);
1336 	}
1337 
1338 	if ((realvp = sp->s_realvp) == NULL)
1339 		error = 0;	/* no real vnode to update */
1340 	else
1341 		error = VOP_SETATTR(realvp, vap, flags, cr, ctp);
1342 	if (error == 0) {
1343 		/*
1344 		 * If times were changed, update snode.
1345 		 */
1346 		mutex_enter(&sp->s_lock);
1347 		if (vap->va_mask & AT_ATIME)
1348 			sp->s_atime = vap->va_atime.tv_sec;
1349 		if (vap->va_mask & AT_MTIME) {
1350 			sp->s_mtime = vap->va_mtime.tv_sec;
1351 			sp->s_ctime = gethrestime_sec();
1352 		}
1353 		mutex_exit(&sp->s_lock);
1354 	}
1355 	return (error);
1356 }
1357 
1358 static int
1359 spec_access(struct vnode *vp, int mode, int flags, struct cred *cr)
1360 {
1361 	struct vnode *realvp;
1362 	struct snode *sp = VTOS(vp);
1363 
1364 	/* fail with ENXIO if the device is fenced off */
1365 	if (S_ISFENCED(sp))
1366 		return (ENXIO);
1367 
1368 	if ((realvp = sp->s_realvp) != NULL)
1369 		return (VOP_ACCESS(realvp, mode, flags, cr));
1370 	else
1371 		return (0);	/* Allow all access. */
1372 }
1373 
1374 /*
1375  * This can be called if creat or an open with O_CREAT is done on the root
1376  * of a lofs mount where the mounted entity is a special file.
1377  */
1378 /*ARGSUSED*/
1379 static int
1380 spec_create(struct vnode *dvp, char *name, vattr_t *vap, enum vcexcl excl,
1381     int mode, struct vnode **vpp, struct cred *cr, int flag)
1382 {
1383 	int error;
1384 	struct snode *sp = VTOS(dvp);
1385 
1386 	/* fail with ENXIO if the device is fenced off */
1387 	if (S_ISFENCED(sp))
1388 		return (ENXIO);
1389 
1390 	ASSERT(dvp && (dvp->v_flag & VROOT) && *name == '\0');
1391 	if (excl == NONEXCL) {
1392 		if (mode && (error = spec_access(dvp, mode, 0, cr)))
1393 			return (error);
1394 		VN_HOLD(dvp);
1395 		return (0);
1396 	}
1397 	return (EEXIST);
1398 }
1399 
1400 /*
1401  * In order to sync out the snode times without multi-client problems,
1402  * make sure the times written out are never earlier than the times
1403  * already set in the vnode.
1404  */
1405 static int
1406 spec_fsync(struct vnode *vp, int syncflag, struct cred *cr)
1407 {
1408 	struct snode *sp = VTOS(vp);
1409 	struct vnode *realvp;
1410 	struct vnode *cvp;
1411 	struct vattr va, vatmp;
1412 
1413 	/* allow syncing even if device is fenced off */
1414 
1415 	/* If times didn't change, don't flush anything. */
1416 	mutex_enter(&sp->s_lock);
1417 	if ((sp->s_flag & (SACC|SUPD|SCHG)) == 0 && vp->v_type != VBLK) {
1418 		mutex_exit(&sp->s_lock);
1419 		return (0);
1420 	}
1421 	sp->s_flag &= ~(SACC|SUPD|SCHG);
1422 	mutex_exit(&sp->s_lock);
1423 	cvp = sp->s_commonvp;
1424 	realvp = sp->s_realvp;
1425 
1426 	if (vp->v_type == VBLK && cvp != vp && vn_has_cached_data(cvp) &&
1427 	    (cvp->v_flag & VISSWAP) == 0)
1428 		(void) VOP_PUTPAGE(cvp, (offset_t)0, 0, 0, cr);
1429 
1430 	/*
1431 	 * For devices that support it, force write cache to stable storage.
1432 	 * We don't need the lock to check s_flags since we can treat
1433 	 * SNOFLUSH as a hint.
1434 	 */
1435 	if ((vp->v_type == VBLK || vp->v_type == VCHR) &&
1436 	    !(sp->s_flag & SNOFLUSH)) {
1437 		int rval, rc;
1438 		rc = cdev_ioctl(vp->v_rdev, DKIOCFLUSHWRITECACHE,
1439 		    NULL, FNATIVE|FKIOCTL, cr, &rval);
1440 		if (rc == ENOTSUP || rc == ENOTTY) {
1441 			mutex_enter(&sp->s_lock);
1442 			sp->s_flag |= SNOFLUSH;
1443 			mutex_exit(&sp->s_lock);
1444 		}
1445 	}
1446 
1447 	/*
1448 	 * If no real vnode to update, don't flush anything.
1449 	 */
1450 	if (realvp == NULL)
1451 		return (0);
1452 
1453 	vatmp.va_mask = AT_ATIME|AT_MTIME;
1454 	if (VOP_GETATTR(realvp, &vatmp, 0, cr) == 0) {
1455 
1456 		mutex_enter(&sp->s_lock);
1457 		if (vatmp.va_atime.tv_sec > sp->s_atime)
1458 			va.va_atime = vatmp.va_atime;
1459 		else {
1460 			va.va_atime.tv_sec = sp->s_atime;
1461 			va.va_atime.tv_nsec = 0;
1462 		}
1463 		if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1464 			va.va_mtime = vatmp.va_mtime;
1465 		else {
1466 			va.va_mtime.tv_sec = sp->s_mtime;
1467 			va.va_mtime.tv_nsec = 0;
1468 		}
1469 		mutex_exit(&sp->s_lock);
1470 
1471 		va.va_mask = AT_ATIME|AT_MTIME;
1472 		(void) VOP_SETATTR(realvp, &va, 0, cr, NULL);
1473 	}
1474 	(void) VOP_FSYNC(realvp, syncflag, cr);
1475 	return (0);
1476 }
1477 
1478 /*ARGSUSED*/
1479 static void
1480 spec_inactive(struct vnode *vp, struct cred *cr)
1481 {
1482 	struct snode *sp = VTOS(vp);
1483 	struct vnode *cvp;
1484 	struct vnode *rvp;
1485 
1486 	/*
1487 	 * If no one has reclaimed the vnode, remove from the
1488 	 * cache now.
1489 	 */
1490 	if (vp->v_count < 1) {
1491 		panic("spec_inactive: Bad v_count");
1492 		/*NOTREACHED*/
1493 	}
1494 	mutex_enter(&stable_lock);
1495 
1496 	mutex_enter(&vp->v_lock);
1497 	/*
1498 	 * Drop the temporary hold by vn_rele now
1499 	 */
1500 	if (--vp->v_count != 0) {
1501 		mutex_exit(&vp->v_lock);
1502 		mutex_exit(&stable_lock);
1503 		return;
1504 	}
1505 	mutex_exit(&vp->v_lock);
1506 
1507 	sdelete(sp);
1508 	mutex_exit(&stable_lock);
1509 
1510 	/* We are the sole owner of sp now */
1511 	cvp = sp->s_commonvp;
1512 	rvp = sp->s_realvp;
1513 
1514 	if (rvp) {
1515 		/*
1516 		 * If the snode times changed, then update the times
1517 		 * associated with the "realvp".
1518 		 */
1519 		if ((sp->s_flag & (SACC|SUPD|SCHG)) != 0) {
1520 
1521 			struct vattr va, vatmp;
1522 
1523 			mutex_enter(&sp->s_lock);
1524 			sp->s_flag &= ~(SACC|SUPD|SCHG);
1525 			mutex_exit(&sp->s_lock);
1526 			vatmp.va_mask = AT_ATIME|AT_MTIME;
1527 			/*
1528 			 * The user may not own the device, but we
1529 			 * want to update the attributes anyway.
1530 			 */
1531 			if (VOP_GETATTR(rvp, &vatmp, 0, kcred) == 0) {
1532 				if (vatmp.va_atime.tv_sec > sp->s_atime)
1533 					va.va_atime = vatmp.va_atime;
1534 				else {
1535 					va.va_atime.tv_sec = sp->s_atime;
1536 					va.va_atime.tv_nsec = 0;
1537 				}
1538 				if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1539 					va.va_mtime = vatmp.va_mtime;
1540 				else {
1541 					va.va_mtime.tv_sec = sp->s_mtime;
1542 					va.va_mtime.tv_nsec = 0;
1543 				}
1544 
1545 				va.va_mask = AT_ATIME|AT_MTIME;
1546 				(void) VOP_SETATTR(rvp, &va, 0, kcred, NULL);
1547 			}
1548 		}
1549 	}
1550 	ASSERT(!vn_has_cached_data(vp));
1551 	vn_invalid(vp);
1552 
1553 	/* if we are sharing another file systems vfs, release it */
1554 	if (vp->v_vfsp && (vp->v_vfsp != &spec_vfs))
1555 		VFS_RELE(vp->v_vfsp);
1556 
1557 	/* if we have a realvp, release the realvp */
1558 	if (rvp)
1559 		VN_RELE(rvp);
1560 
1561 	/* if we have a common, release the common */
1562 	if (cvp && (cvp != vp)) {
1563 		VN_RELE(cvp);
1564 #ifdef DEBUG
1565 	} else if (cvp) {
1566 		/*
1567 		 * if this is the last reference to a common vnode, any
1568 		 * associated stream had better have been closed
1569 		 */
1570 		ASSERT(cvp == vp);
1571 		ASSERT(cvp->v_stream == NULL);
1572 #endif /* DEBUG */
1573 	}
1574 
1575 	/*
1576 	 * if we have a hold on a devinfo node (established by
1577 	 * spec_assoc_vp_with_devi), release the hold
1578 	 */
1579 	if (sp->s_dip)
1580 		ddi_release_devi(sp->s_dip);
1581 
1582 	/*
1583 	 * If we have an associated device policy, release it.
1584 	 */
1585 	if (sp->s_plcy != NULL)
1586 		dpfree(sp->s_plcy);
1587 
1588 	/*
1589 	 * If all holds on the devinfo node are through specfs/devfs
1590 	 * and we just destroyed the last specfs node associated with the
1591 	 * device, then the devinfo node reference count should now be
1592 	 * zero.  We can't check this because there may be other holds
1593 	 * on the node from non file system sources: ddi_hold_devi_by_instance
1594 	 * for example.
1595 	 */
1596 	kmem_cache_free(snode_cache, sp);
1597 }
1598 
1599 static int
1600 spec_fid(struct vnode *vp, struct fid *fidp)
1601 {
1602 	struct vnode *realvp;
1603 	struct snode *sp = VTOS(vp);
1604 
1605 	if ((realvp = sp->s_realvp) != NULL)
1606 		return (VOP_FID(realvp, fidp));
1607 	else
1608 		return (EINVAL);
1609 }
1610 
1611 /*ARGSUSED1*/
1612 static int
1613 spec_seek(struct vnode *vp, offset_t ooff, offset_t *noffp)
1614 {
1615 	offset_t maxoff = spec_maxoffset(vp);
1616 
1617 	if (maxoff == -1 || *noffp <= maxoff)
1618 		return (0);
1619 	else
1620 		return (EINVAL);
1621 }
1622 
1623 static int
1624 spec_frlock(
1625 	struct vnode *vp,
1626 	int		cmd,
1627 	struct flock64	*bfp,
1628 	int		flag,
1629 	offset_t	offset,
1630 	struct flk_callback *flk_cbp,
1631 	struct cred	*cr)
1632 {
1633 	struct snode *sp = VTOS(vp);
1634 	struct snode *csp;
1635 
1636 	csp = VTOS(sp->s_commonvp);
1637 	/*
1638 	 * If file is being mapped, disallow frlock.
1639 	 */
1640 	if (csp->s_mapcnt > 0)
1641 		return (EAGAIN);
1642 
1643 	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr));
1644 }
1645 
1646 static int
1647 spec_realvp(struct vnode *vp, struct vnode **vpp)
1648 {
1649 	struct vnode *rvp;
1650 
1651 	if ((rvp = VTOS(vp)->s_realvp) != NULL) {
1652 		vp = rvp;
1653 		if (VOP_REALVP(vp, &rvp) == 0)
1654 			vp = rvp;
1655 	}
1656 
1657 	*vpp = vp;
1658 	return (0);
1659 }
1660 
1661 /*
1662  * Return all the pages from [off..off + len] in block
1663  * or character device.
1664  */
1665 static int
1666 spec_getpage(
1667 	struct vnode	*vp,
1668 	offset_t	off,
1669 	size_t		len,
1670 	uint_t		*protp,
1671 	page_t		*pl[],
1672 	size_t		plsz,
1673 	struct seg	*seg,
1674 	caddr_t		addr,
1675 	enum seg_rw	rw,
1676 	struct cred	*cr)
1677 {
1678 	struct snode *sp = VTOS(vp);
1679 	int err;
1680 
1681 	ASSERT(sp->s_commonvp == vp);
1682 
1683 	/*
1684 	 * XXX	Given the above assertion, this might not do
1685 	 *	what is wanted here.
1686 	 */
1687 	if (vp->v_flag & VNOMAP)
1688 		return (ENOSYS);
1689 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_GETPAGE,
1690 	    "specfs getpage:vp %p off %llx len %ld snode %p",
1691 	    vp, off, len, sp);
1692 
1693 	switch (vp->v_type) {
1694 	case VBLK:
1695 		if (protp != NULL)
1696 			*protp = PROT_ALL;
1697 
1698 		if (((u_offset_t)off + len) > (SPEC_SIZE(sp) + PAGEOFFSET))
1699 			return (EFAULT);	/* beyond EOF */
1700 
1701 		if (len <= PAGESIZE)
1702 			err = spec_getapage(vp, (u_offset_t)off, len, protp, pl,
1703 			    plsz, seg, addr, rw, cr);
1704 		else
1705 			err = pvn_getpages(spec_getapage, vp, (u_offset_t)off,
1706 			    len, protp, pl, plsz, seg, addr, rw, cr);
1707 		break;
1708 
1709 	case VCHR:
1710 		cmn_err(CE_NOTE, "spec_getpage called for character device. "
1711 		    "Check any non-ON consolidation drivers");
1712 		err = 0;
1713 		pl[0] = (page_t *)0;
1714 		break;
1715 
1716 	default:
1717 		panic("spec_getpage: bad v_type 0x%x", vp->v_type);
1718 		/*NOTREACHED*/
1719 	}
1720 
1721 	return (err);
1722 }
1723 
1724 extern int klustsize;	/* set in machdep.c */
1725 
1726 int spec_ra = 1;
1727 int spec_lostpage;	/* number of times we lost original page */
1728 
1729 /*ARGSUSED2*/
1730 static int
1731 spec_getapage(
1732 	struct vnode *vp,
1733 	u_offset_t	off,
1734 	size_t		len,
1735 	uint_t		*protp,
1736 	page_t		*pl[],
1737 	size_t		plsz,
1738 	struct seg	*seg,
1739 	caddr_t		addr,
1740 	enum seg_rw	rw,
1741 	struct cred	*cr)
1742 {
1743 	struct snode *sp;
1744 	struct buf *bp;
1745 	page_t *pp, *pp2;
1746 	u_offset_t io_off1, io_off2;
1747 	size_t io_len1;
1748 	size_t io_len2;
1749 	size_t blksz;
1750 	u_offset_t blkoff;
1751 	int dora, err;
1752 	page_t *pagefound;
1753 	uint_t xlen;
1754 	size_t adj_klustsize;
1755 	u_offset_t size;
1756 	u_offset_t tmpoff;
1757 
1758 	sp = VTOS(vp);
1759 	TRACE_3(TR_FAC_SPECFS, TR_SPECFS_GETAPAGE,
1760 	    "specfs getapage:vp %p off %llx snode %p", vp, off, sp);
1761 reread:
1762 
1763 	err = 0;
1764 	bp = NULL;
1765 	pp = NULL;
1766 	pp2 = NULL;
1767 
1768 	if (pl != NULL)
1769 		pl[0] = NULL;
1770 
1771 	size = SPEC_SIZE(VTOS(sp->s_commonvp));
1772 
1773 	if (spec_ra && sp->s_nextr == off)
1774 		dora = 1;
1775 	else
1776 		dora = 0;
1777 
1778 	if (size == UNKNOWN_SIZE) {
1779 		dora = 0;
1780 		adj_klustsize = PAGESIZE;
1781 	} else {
1782 		adj_klustsize = dora ? klustsize : PAGESIZE;
1783 	}
1784 
1785 again:
1786 	if ((pagefound = page_exists(vp, off)) == NULL) {
1787 		if (rw == S_CREATE) {
1788 			/*
1789 			 * We're allocating a swap slot and it's
1790 			 * associated page was not found, so allocate
1791 			 * and return it.
1792 			 */
1793 			if ((pp = page_create_va(vp, off,
1794 			    PAGESIZE, PG_WAIT, seg, addr)) == NULL) {
1795 				panic("spec_getapage: page_create");
1796 				/*NOTREACHED*/
1797 			}
1798 			io_len1 = PAGESIZE;
1799 			sp->s_nextr = off + PAGESIZE;
1800 		} else {
1801 			/*
1802 			 * Need to really do disk I/O to get the page(s).
1803 			 */
1804 			blkoff = (off / adj_klustsize) * adj_klustsize;
1805 			if (size == UNKNOWN_SIZE) {
1806 				blksz = PAGESIZE;
1807 			} else {
1808 				if (blkoff + adj_klustsize <= size)
1809 					blksz = adj_klustsize;
1810 				else
1811 					blksz =
1812 					    MIN(size - blkoff, adj_klustsize);
1813 			}
1814 
1815 			pp = pvn_read_kluster(vp, off, seg, addr, &tmpoff,
1816 			    &io_len1, blkoff, blksz, 0);
1817 			io_off1 = tmpoff;
1818 			/*
1819 			 * Make sure the page didn't sneek into the
1820 			 * cache while we blocked in pvn_read_kluster.
1821 			 */
1822 			if (pp == NULL)
1823 				goto again;
1824 
1825 			/*
1826 			 * Zero part of page which we are not
1827 			 * going to be reading from disk now.
1828 			 */
1829 			xlen = (uint_t)(io_len1 & PAGEOFFSET);
1830 			if (xlen != 0)
1831 				pagezero(pp->p_prev, xlen, PAGESIZE - xlen);
1832 
1833 			bp = spec_startio(vp, pp, io_off1, io_len1,
1834 			    pl == NULL ? (B_ASYNC | B_READ) : B_READ);
1835 			sp->s_nextr = io_off1 + io_len1;
1836 		}
1837 	}
1838 
1839 	if (dora && rw != S_CREATE) {
1840 		u_offset_t off2;
1841 		caddr_t addr2;
1842 
1843 		off2 = ((off / adj_klustsize) + 1) * adj_klustsize;
1844 		addr2 = addr + (off2 - off);
1845 
1846 		pp2 = NULL;
1847 		/*
1848 		 * If we are past EOF then don't bother trying
1849 		 * with read-ahead.
1850 		 */
1851 		if (off2 >= size)
1852 			pp2 = NULL;
1853 		else {
1854 			if (off2 + adj_klustsize <= size)
1855 				blksz = adj_klustsize;
1856 			else
1857 				blksz = MIN(size - off2, adj_klustsize);
1858 
1859 			pp2 = pvn_read_kluster(vp, off2, seg, addr2, &tmpoff,
1860 			    &io_len2, off2, blksz, 1);
1861 			io_off2 = tmpoff;
1862 		}
1863 
1864 		if (pp2 != NULL) {
1865 			/*
1866 			 * Zero part of page which we are not
1867 			 * going to be reading from disk now.
1868 			 */
1869 			xlen = (uint_t)(io_len2 & PAGEOFFSET);
1870 			if (xlen != 0)
1871 				pagezero(pp2->p_prev, xlen, PAGESIZE - xlen);
1872 
1873 			(void) spec_startio(vp, pp2, io_off2, io_len2,
1874 			    B_READ | B_ASYNC);
1875 		}
1876 	}
1877 
1878 	if (pl == NULL)
1879 		return (err);
1880 
1881 	if (bp != NULL) {
1882 		err = biowait(bp);
1883 		pageio_done(bp);
1884 
1885 		if (err) {
1886 			if (pp != NULL)
1887 				pvn_read_done(pp, B_ERROR);
1888 			return (err);
1889 		}
1890 	}
1891 
1892 	if (pagefound) {
1893 		se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
1894 		/*
1895 		 * Page exists in the cache, acquire the appropriate
1896 		 * lock.  If this fails, start all over again.
1897 		 */
1898 
1899 		if ((pp = page_lookup(vp, off, se)) == NULL) {
1900 			spec_lostpage++;
1901 			goto reread;
1902 		}
1903 		pl[0] = pp;
1904 		pl[1] = NULL;
1905 
1906 		sp->s_nextr = off + PAGESIZE;
1907 		return (0);
1908 	}
1909 
1910 	if (pp != NULL)
1911 		pvn_plist_init(pp, pl, plsz, off, io_len1, rw);
1912 	return (0);
1913 }
1914 
1915 /*
1916  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED, B_FORCE}.
1917  * If len == 0, do from off to EOF.
1918  *
1919  * The normal cases should be len == 0 & off == 0 (entire vp list),
1920  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
1921  * (from pageout).
1922  */
1923 int
1924 spec_putpage(
1925 	struct vnode *vp,
1926 	offset_t	off,
1927 	size_t		len,
1928 	int		flags,
1929 	struct cred	*cr)
1930 {
1931 	struct snode *sp = VTOS(vp);
1932 	struct vnode *cvp;
1933 	page_t *pp;
1934 	u_offset_t io_off;
1935 	size_t io_len = 0;	/* for lint */
1936 	int err = 0;
1937 	u_offset_t size;
1938 	u_offset_t tmpoff;
1939 
1940 	ASSERT(vp->v_count != 0);
1941 
1942 	if (vp->v_flag & VNOMAP)
1943 		return (ENOSYS);
1944 
1945 	cvp = sp->s_commonvp;
1946 	size = SPEC_SIZE(VTOS(cvp));
1947 
1948 	if (!vn_has_cached_data(vp) || off >= size)
1949 		return (0);
1950 
1951 	ASSERT(vp->v_type == VBLK && cvp == vp);
1952 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTPAGE,
1953 	    "specfs putpage:vp %p off %llx len %ld snode %p",
1954 	    vp, off, len, sp);
1955 
1956 	if (len == 0) {
1957 		/*
1958 		 * Search the entire vp list for pages >= off.
1959 		 */
1960 		err = pvn_vplist_dirty(vp, off, spec_putapage,
1961 		    flags, cr);
1962 	} else {
1963 		u_offset_t eoff;
1964 
1965 		/*
1966 		 * Loop over all offsets in the range [off...off + len]
1967 		 * looking for pages to deal with.  We set limits so
1968 		 * that we kluster to klustsize boundaries.
1969 		 */
1970 		eoff = off + len;
1971 		for (io_off = off; io_off < eoff && io_off < size;
1972 		    io_off += io_len) {
1973 			/*
1974 			 * If we are not invalidating, synchronously
1975 			 * freeing or writing pages use the routine
1976 			 * page_lookup_nowait() to prevent reclaiming
1977 			 * them from the free list.
1978 			 */
1979 			if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
1980 				pp = page_lookup(vp, io_off,
1981 				    (flags & (B_INVAL | B_FREE)) ?
1982 				    SE_EXCL : SE_SHARED);
1983 			} else {
1984 				pp = page_lookup_nowait(vp, io_off,
1985 				    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
1986 			}
1987 
1988 			if (pp == NULL || pvn_getdirty(pp, flags) == 0)
1989 				io_len = PAGESIZE;
1990 			else {
1991 				err = spec_putapage(vp, pp, &tmpoff, &io_len,
1992 				    flags, cr);
1993 				io_off = tmpoff;
1994 				if (err != 0)
1995 					break;
1996 				/*
1997 				 * "io_off" and "io_len" are returned as
1998 				 * the range of pages we actually wrote.
1999 				 * This allows us to skip ahead more quickly
2000 				 * since several pages may've been dealt
2001 				 * with by this iteration of the loop.
2002 				 */
2003 			}
2004 		}
2005 	}
2006 	return (err);
2007 }
2008 
2009 
2010 /*
2011  * Write out a single page, possibly klustering adjacent
2012  * dirty pages.
2013  */
2014 /*ARGSUSED5*/
2015 static int
2016 spec_putapage(
2017 	struct vnode	*vp,
2018 	page_t		*pp,
2019 	u_offset_t	*offp,		/* return value */
2020 	size_t		*lenp,		/* return value */
2021 	int		flags,
2022 	struct cred	*cr)
2023 {
2024 	struct snode *sp = VTOS(vp);
2025 	u_offset_t io_off;
2026 	size_t io_len;
2027 	size_t blksz;
2028 	u_offset_t blkoff;
2029 	int err = 0;
2030 	struct buf *bp;
2031 	u_offset_t size;
2032 	size_t adj_klustsize;
2033 	u_offset_t tmpoff;
2034 
2035 	/*
2036 	 * Destroy read ahead value since we are really going to write.
2037 	 */
2038 	sp->s_nextr = 0;
2039 	size = SPEC_SIZE(VTOS(sp->s_commonvp));
2040 
2041 	adj_klustsize = klustsize;
2042 
2043 	blkoff = (pp->p_offset / adj_klustsize) * adj_klustsize;
2044 
2045 	if (blkoff + adj_klustsize <= size)
2046 		blksz = adj_klustsize;
2047 	else
2048 		blksz = size - blkoff;
2049 
2050 	/*
2051 	 * Find a kluster that fits in one contiguous chunk.
2052 	 */
2053 	pp = pvn_write_kluster(vp, pp, &tmpoff, &io_len, blkoff,
2054 	    blksz, flags);
2055 	io_off = tmpoff;
2056 
2057 	/*
2058 	 * Check for page length rounding problems
2059 	 * XXX - Is this necessary?
2060 	 */
2061 	if (io_off + io_len > size) {
2062 		ASSERT((io_off + io_len) - size < PAGESIZE);
2063 		io_len = size - io_off;
2064 	}
2065 
2066 	bp = spec_startio(vp, pp, io_off, io_len, B_WRITE | flags);
2067 
2068 	/*
2069 	 * Wait for i/o to complete if the request is not B_ASYNC.
2070 	 */
2071 	if ((flags & B_ASYNC) == 0) {
2072 		err = biowait(bp);
2073 		pageio_done(bp);
2074 		pvn_write_done(pp, ((err) ? B_ERROR : 0) | B_WRITE | flags);
2075 	}
2076 
2077 	if (offp)
2078 		*offp = io_off;
2079 	if (lenp)
2080 		*lenp = io_len;
2081 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTAPAGE,
2082 	    "specfs putapage:vp %p offp %p snode %p err %d",
2083 	    vp, offp, sp, err);
2084 	return (err);
2085 }
2086 
2087 /*
2088  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
2089  */
2090 static struct buf *
2091 spec_startio(
2092 	struct vnode *vp,
2093 	page_t		*pp,
2094 	u_offset_t	io_off,
2095 	size_t		io_len,
2096 	int		flags)
2097 {
2098 	struct buf *bp;
2099 
2100 	bp = pageio_setup(pp, io_len, vp, flags);
2101 
2102 	bp->b_edev = vp->v_rdev;
2103 	bp->b_dev = cmpdev(vp->v_rdev);
2104 	bp->b_blkno = btodt(io_off);
2105 	bp->b_un.b_addr = (caddr_t)0;
2106 
2107 	(void) bdev_strategy(bp);
2108 
2109 	if (flags & B_READ)
2110 		lwp_stat_update(LWP_STAT_INBLK, 1);
2111 	else
2112 		lwp_stat_update(LWP_STAT_OUBLK, 1);
2113 
2114 	return (bp);
2115 }
2116 
2117 static int
2118 spec_poll(
2119 	struct vnode	*vp,
2120 	short		events,
2121 	int		anyyet,
2122 	short		*reventsp,
2123 	struct pollhead **phpp)
2124 {
2125 	dev_t dev;
2126 	int error;
2127 
2128 	if (vp->v_type == VBLK)
2129 		error = fs_poll(vp, events, anyyet, reventsp, phpp);
2130 	else {
2131 		ASSERT(vp->v_type == VCHR);
2132 		dev = vp->v_rdev;
2133 		if (STREAMSTAB(getmajor(dev))) {
2134 			ASSERT(vp->v_stream != NULL);
2135 			error = strpoll(vp->v_stream, events, anyyet,
2136 			    reventsp, phpp);
2137 		} else if (devopsp[getmajor(dev)]->devo_cb_ops->cb_chpoll) {
2138 			error = cdev_poll(dev, events, anyyet, reventsp, phpp);
2139 		} else {
2140 			error = fs_poll(vp, events, anyyet, reventsp, phpp);
2141 		}
2142 	}
2143 	return (error);
2144 }
2145 
2146 /*
2147  * This routine is called through the cdevsw[] table to handle
2148  * traditional mmap'able devices that support a d_mmap function.
2149  */
2150 /*ARGSUSED8*/
2151 int
2152 spec_segmap(
2153 	dev_t dev,
2154 	off_t off,
2155 	struct as *as,
2156 	caddr_t *addrp,
2157 	off_t len,
2158 	uint_t prot,
2159 	uint_t maxprot,
2160 	uint_t flags,
2161 	struct cred *cred)
2162 {
2163 	struct segdev_crargs dev_a;
2164 	int (*mapfunc)(dev_t dev, off_t off, int prot);
2165 	size_t i;
2166 	int	error;
2167 
2168 	if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev)
2169 		return (ENODEV);
2170 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_SEGMAP,
2171 	    "specfs segmap:dev %x as %p len %lx prot %x",
2172 	    dev, as, len, prot);
2173 
2174 	/*
2175 	 * Character devices that support the d_mmap
2176 	 * interface can only be mmap'ed shared.
2177 	 */
2178 	if ((flags & MAP_TYPE) != MAP_SHARED)
2179 		return (EINVAL);
2180 
2181 	/*
2182 	 * Check to ensure that the entire range is
2183 	 * legal and we are not trying to map in
2184 	 * more than the device will let us.
2185 	 */
2186 	for (i = 0; i < len; i += PAGESIZE) {
2187 		if (cdev_mmap(mapfunc, dev, off + i, maxprot) == -1)
2188 			return (ENXIO);
2189 	}
2190 
2191 	as_rangelock(as);
2192 	if ((flags & MAP_FIXED) == 0) {
2193 		/*
2194 		 * Pick an address w/o worrying about
2195 		 * any vac alignment constraints.
2196 		 */
2197 		map_addr(addrp, len, (offset_t)off, 0, flags);
2198 		if (*addrp == NULL) {
2199 			as_rangeunlock(as);
2200 			return (ENOMEM);
2201 		}
2202 	} else {
2203 		/*
2204 		 * User-specified address; blow away any previous mappings.
2205 		 */
2206 		(void) as_unmap(as, *addrp, len);
2207 	}
2208 
2209 	dev_a.mapfunc = mapfunc;
2210 	dev_a.dev = dev;
2211 	dev_a.offset = off;
2212 	dev_a.prot = (uchar_t)prot;
2213 	dev_a.maxprot = (uchar_t)maxprot;
2214 	dev_a.hat_flags = 0;
2215 	dev_a.hat_attr = 0;
2216 	dev_a.devmap_data = NULL;
2217 
2218 	error = as_map(as, *addrp, len, segdev_create, &dev_a);
2219 	as_rangeunlock(as);
2220 	return (error);
2221 }
2222 
2223 int
2224 spec_char_map(
2225 	dev_t dev,
2226 	offset_t off,
2227 	struct as *as,
2228 	caddr_t *addrp,
2229 	size_t len,
2230 	uchar_t prot,
2231 	uchar_t maxprot,
2232 	uint_t flags,
2233 	struct cred *cred)
2234 {
2235 	int error = 0;
2236 	major_t maj = getmajor(dev);
2237 	int map_flag;
2238 	int (*segmap)(dev_t, off_t, struct as *,
2239 	    caddr_t *, off_t, uint_t, uint_t, uint_t, cred_t *);
2240 	int (*devmap)(dev_t, devmap_cookie_t, offset_t,
2241 	    size_t, size_t *, uint_t);
2242 	int (*mmap)(dev_t dev, off_t off, int prot);
2243 
2244 	/*
2245 	 * Character device: let the device driver
2246 	 * pick the appropriate segment driver.
2247 	 *
2248 	 * 4.x compat.: allow 'NULL' cb_segmap => spec_segmap
2249 	 * Kindness: allow 'nulldev' cb_segmap => spec_segmap
2250 	 */
2251 	segmap = devopsp[maj]->devo_cb_ops->cb_segmap;
2252 	if (segmap == NULL || segmap == nulldev || segmap == nodev) {
2253 		mmap = devopsp[maj]->devo_cb_ops->cb_mmap;
2254 		map_flag = devopsp[maj]->devo_cb_ops->cb_flag;
2255 
2256 		/*
2257 		 * Use old mmap framework if the driver has both mmap
2258 		 * and devmap entry points.  This is to prevent the
2259 		 * system from calling invalid devmap entry point
2260 		 * for some drivers that might have put garbage in the
2261 		 * devmap entry point.
2262 		 */
2263 		if ((map_flag & D_DEVMAP) || mmap == NULL ||
2264 		    mmap == nulldev || mmap == nodev) {
2265 			devmap = devopsp[maj]->devo_cb_ops->cb_devmap;
2266 
2267 			/*
2268 			 * If driver provides devmap entry point in
2269 			 * cb_ops but not xx_segmap(9E), call
2270 			 * devmap_setup with default settings
2271 			 * (NULL) for callback_ops and driver
2272 			 * callback private data
2273 			 */
2274 			if (devmap == nodev || devmap == NULL ||
2275 			    devmap == nulldev)
2276 				return (ENODEV);
2277 
2278 			error = devmap_setup(dev, off, as, addrp,
2279 			    len, prot, maxprot, flags, cred);
2280 
2281 			return (error);
2282 		} else
2283 			segmap = spec_segmap;
2284 	} else
2285 		segmap = cdev_segmap;
2286 
2287 	return ((*segmap)(dev, (off_t)off, as, addrp, len, prot,
2288 	    maxprot, flags, cred));
2289 }
2290 
2291 static int
2292 spec_map(
2293 	struct vnode *vp,
2294 	offset_t off,
2295 	struct as *as,
2296 	caddr_t *addrp,
2297 	size_t len,
2298 	uchar_t prot,
2299 	uchar_t maxprot,
2300 	uint_t flags,
2301 	struct cred *cred)
2302 {
2303 	int error = 0;
2304 	struct snode *sp = VTOS(vp);
2305 
2306 	if (vp->v_flag & VNOMAP)
2307 		return (ENOSYS);
2308 
2309 	/* fail map with ENXIO if the device is fenced off */
2310 	if (S_ISFENCED(sp))
2311 		return (ENXIO);
2312 
2313 	/*
2314 	 * If file is locked, fail mapping attempt.
2315 	 */
2316 	if (vn_has_flocks(vp))
2317 		return (EAGAIN);
2318 
2319 	if (vp->v_type == VCHR) {
2320 		return (spec_char_map(vp->v_rdev, off, as, addrp, len, prot,
2321 		    maxprot, flags, cred));
2322 	} else if (vp->v_type == VBLK) {
2323 		struct segvn_crargs vn_a;
2324 		struct vnode *cvp;
2325 		struct snode *sp;
2326 
2327 		/*
2328 		 * Block device, use segvn mapping to the underlying commonvp
2329 		 * for pages.
2330 		 */
2331 		if (off > spec_maxoffset(vp))
2332 			return (ENXIO);
2333 
2334 		sp = VTOS(vp);
2335 		cvp = sp->s_commonvp;
2336 		ASSERT(cvp != NULL);
2337 
2338 		if (off < 0 || ((offset_t)(off + len) < 0))
2339 			return (ENXIO);
2340 
2341 		as_rangelock(as);
2342 		if ((flags & MAP_FIXED) == 0) {
2343 			map_addr(addrp, len, off, 1, flags);
2344 			if (*addrp == NULL) {
2345 				as_rangeunlock(as);
2346 				return (ENOMEM);
2347 			}
2348 		} else {
2349 			/*
2350 			 * User-specified address; blow away any
2351 			 * previous mappings.
2352 			 */
2353 			(void) as_unmap(as, *addrp, len);
2354 		}
2355 
2356 		vn_a.vp = cvp;
2357 		vn_a.offset = off;
2358 		vn_a.type = flags & MAP_TYPE;
2359 		vn_a.prot = (uchar_t)prot;
2360 		vn_a.maxprot = (uchar_t)maxprot;
2361 		vn_a.flags = flags & ~MAP_TYPE;
2362 		vn_a.cred = cred;
2363 		vn_a.amp = NULL;
2364 		vn_a.szc = 0;
2365 		vn_a.lgrp_mem_policy_flags = 0;
2366 
2367 		error = as_map(as, *addrp, len, segvn_create, &vn_a);
2368 		as_rangeunlock(as);
2369 	} else
2370 		return (ENODEV);
2371 
2372 	return (error);
2373 }
2374 
2375 /*ARGSUSED1*/
2376 static int
2377 spec_addmap(
2378 	struct vnode *vp,	/* the common vnode */
2379 	offset_t off,
2380 	struct as *as,
2381 	caddr_t addr,
2382 	size_t len,		/* how many bytes to add */
2383 	uchar_t prot,
2384 	uchar_t maxprot,
2385 	uint_t flags,
2386 	struct cred *cred)
2387 {
2388 	int error = 0;
2389 	struct snode *csp = VTOS(vp);
2390 	ulong_t npages;
2391 
2392 	ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2393 
2394 	/*
2395 	 * XXX	Given the above assertion, this might not
2396 	 *	be a particularly sensible thing to test.
2397 	 */
2398 	if (vp->v_flag & VNOMAP)
2399 		return (ENOSYS);
2400 
2401 	/* fail with EIO if the device is fenced off */
2402 	if (S_ISFENCED(csp))
2403 		return (EIO);
2404 
2405 	npages = btopr(len);
2406 	LOCK_CSP(csp);
2407 	csp->s_mapcnt += npages;
2408 
2409 	UNLOCK_CSP(csp);
2410 	return (error);
2411 }
2412 
2413 /*ARGSUSED1*/
2414 static int
2415 spec_delmap(
2416 	struct vnode *vp,	/* the common vnode */
2417 	offset_t off,
2418 	struct as *as,
2419 	caddr_t addr,
2420 	size_t len,		/* how many bytes to take away */
2421 	uint_t prot,
2422 	uint_t maxprot,
2423 	uint_t flags,
2424 	struct cred *cred)
2425 {
2426 	struct snode *csp = VTOS(vp);
2427 	ulong_t npages;
2428 	long mcnt;
2429 
2430 	/* segdev passes us the common vp */
2431 
2432 	ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2433 
2434 	/* allow delmap to succeed even if device fenced off */
2435 
2436 	/*
2437 	 * XXX	Given the above assertion, this might not
2438 	 *	be a particularly sensible thing to test..
2439 	 */
2440 	if (vp->v_flag & VNOMAP)
2441 		return (ENOSYS);
2442 
2443 	npages = btopr(len);
2444 
2445 	LOCK_CSP(csp);
2446 	mutex_enter(&csp->s_lock);
2447 	mcnt = (csp->s_mapcnt -= npages);
2448 
2449 	if (mcnt == 0) {
2450 		/*
2451 		 * Call the close routine when the last reference of any
2452 		 * kind through any [s, v]node goes away.  The s_dip hold
2453 		 * on the devinfo node is released when the vnode is
2454 		 * destroyed.
2455 		 */
2456 		if (csp->s_count == 0) {
2457 			csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
2458 
2459 			/* See comment in spec_close() */
2460 			if (csp->s_flag & (SCLONE | SSELFCLONE))
2461 				csp->s_flag &= ~SDIPSET;
2462 
2463 			mutex_exit(&csp->s_lock);
2464 
2465 			(void) device_close(vp, 0, cred);
2466 		} else
2467 			mutex_exit(&csp->s_lock);
2468 
2469 		mutex_enter(&csp->s_lock);
2470 	}
2471 	ASSERT(mcnt >= 0);
2472 
2473 	UNLOCK_CSP_LOCK_HELD(csp);
2474 	mutex_exit(&csp->s_lock);
2475 
2476 	return (0);
2477 }
2478 
2479 static int
2480 spec_dump(struct vnode *vp, caddr_t addr, int bn, int count)
2481 {
2482 	/* allow dump to succeed even if device fenced off */
2483 
2484 	ASSERT(vp->v_type == VBLK);
2485 	return (bdev_dump(vp->v_rdev, addr, bn, count));
2486 }
2487 
2488 
2489 /*
2490  * Do i/o on the given page list from/to vp, io_off for io_len.
2491  * Flags are composed of:
2492  * 	{B_ASYNC, B_INVAL, B_FREE, B_DONTNEED, B_READ, B_WRITE}
2493  * If B_ASYNC is not set i/o is waited for.
2494  */
2495 /*ARGSUSED5*/
2496 static int
2497 spec_pageio(
2498 	struct vnode *vp,
2499 	page_t	*pp,
2500 	u_offset_t io_off,
2501 	size_t	io_len,
2502 	int	flags,
2503 	cred_t	*cr)
2504 {
2505 	struct buf *bp = NULL;
2506 	int err = 0;
2507 
2508 	if (pp == NULL)
2509 		return (EINVAL);
2510 
2511 	bp = spec_startio(vp, pp, io_off, io_len, flags);
2512 
2513 	/*
2514 	 * Wait for i/o to complete if the request is not B_ASYNC.
2515 	 */
2516 	if ((flags & B_ASYNC) == 0) {
2517 		err = biowait(bp);
2518 		pageio_done(bp);
2519 	}
2520 	return (err);
2521 }
2522 
2523 /*
2524  * Set ACL on underlying vnode if one exists, or return ENOSYS otherwise.
2525  */
2526 int
2527 spec_setsecattr(struct vnode *vp, vsecattr_t *vsap, int flag, struct cred *cr)
2528 {
2529 	struct vnode *realvp;
2530 	struct snode *sp = VTOS(vp);
2531 	int error;
2532 
2533 	/* fail with ENXIO if the device is fenced off */
2534 	if (S_ISFENCED(sp))
2535 		return (ENXIO);
2536 
2537 	/*
2538 	 * The acl(2) system calls VOP_RWLOCK on the file before setting an
2539 	 * ACL, but since specfs does not serialize reads and writes, this
2540 	 * VOP does not do anything.  However, some backing file systems may
2541 	 * expect the lock to be held before setting an ACL, so it is taken
2542 	 * here privately to avoid serializing specfs reads and writes.
2543 	 */
2544 	if ((realvp = sp->s_realvp) != NULL) {
2545 		(void) VOP_RWLOCK(realvp, V_WRITELOCK_TRUE, NULL);
2546 		error = VOP_SETSECATTR(realvp, vsap, flag, cr);
2547 		(void) VOP_RWUNLOCK(realvp, V_WRITELOCK_TRUE, NULL);
2548 		return (error);
2549 	} else
2550 		return (fs_nosys());
2551 }
2552 
2553 /*
2554  * Get ACL from underlying vnode if one exists, or fabricate it from
2555  * the permissions returned by spec_getattr() otherwise.
2556  */
2557 int
2558 spec_getsecattr(struct vnode *vp, vsecattr_t *vsap, int flag, struct cred *cr)
2559 {
2560 	struct vnode *realvp;
2561 	struct snode *sp = VTOS(vp);
2562 
2563 	/* fail with ENXIO if the device is fenced off */
2564 	if (S_ISFENCED(sp))
2565 		return (ENXIO);
2566 
2567 	if ((realvp = sp->s_realvp) != NULL)
2568 		return (VOP_GETSECATTR(realvp, vsap, flag, cr));
2569 	else
2570 		return (fs_fab_acl(vp, vsap, flag, cr));
2571 }
2572 
2573 int
2574 spec_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr)
2575 {
2576 	vnode_t *realvp;
2577 	struct snode *sp = VTOS(vp);
2578 
2579 	/* fail with ENXIO if the device is fenced off */
2580 	if (S_ISFENCED(sp))
2581 		return (ENXIO);
2582 
2583 	if ((realvp = sp->s_realvp) != NULL)
2584 		return (VOP_PATHCONF(realvp, cmd, valp, cr));
2585 	else
2586 		return (fs_pathconf(vp, cmd, valp, cr));
2587 }
2588