xref: /titanic_50/usr/src/uts/common/fs/zfs/zfs_dir.c (revision 49e212991a3065f7e499a4b29ae8d8eaf33f3135)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <sys/types.h>
30 #include <sys/param.h>
31 #include <sys/time.h>
32 #include <sys/systm.h>
33 #include <sys/sysmacros.h>
34 #include <sys/resource.h>
35 #include <sys/vfs.h>
36 #include <sys/vnode.h>
37 #include <sys/file.h>
38 #include <sys/mode.h>
39 #include <sys/kmem.h>
40 #include <sys/uio.h>
41 #include <sys/pathname.h>
42 #include <sys/cmn_err.h>
43 #include <sys/errno.h>
44 #include <sys/stat.h>
45 #include <sys/unistd.h>
46 #include <sys/random.h>
47 #include <sys/policy.h>
48 #include <sys/zfs_dir.h>
49 #include <sys/zfs_acl.h>
50 #include <sys/fs/zfs.h>
51 #include "fs/fs_subr.h"
52 #include <sys/zap.h>
53 #include <sys/dmu.h>
54 #include <sys/atomic.h>
55 #include <sys/zfs_ctldir.h>
56 
57 /*
58  * Lock a directory entry.  A dirlock on <dzp, name> protects that name
59  * in dzp's directory zap object.  As long as you hold a dirlock, you can
60  * assume two things: (1) dzp cannot be reaped, and (2) no other thread
61  * can change the zap entry for (i.e. link or unlink) this name.
62  *
63  * Input arguments:
64  *	dzp	- znode for directory
65  *	name	- name of entry to lock
66  *	flag	- ZNEW: if the entry already exists, fail with EEXIST.
67  *		  ZEXISTS: if the entry does not exist, fail with ENOENT.
68  *		  ZSHARED: allow concurrent access with other ZSHARED callers.
69  *		  ZXATTR: we want dzp's xattr directory
70  *
71  * Output arguments:
72  *	zpp	- pointer to the znode for the entry (NULL if there isn't one)
73  *	dlpp	- pointer to the dirlock for this entry (NULL on error)
74  *
75  * Return value: 0 on success or errno on failure.
76  *
77  * NOTE: Always checks for, and rejects, '.' and '..'.
78  */
79 int
80 zfs_dirent_lock(zfs_dirlock_t **dlpp, znode_t *dzp, char *name, znode_t **zpp,
81 	int flag)
82 {
83 	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
84 	zfs_dirlock_t	*dl;
85 	uint64_t	zoid;
86 	int		error;
87 
88 	*zpp = NULL;
89 	*dlpp = NULL;
90 
91 	/*
92 	 * Verify that we are not trying to lock '.', '..', or '.zfs'
93 	 */
94 	if (name[0] == '.' &&
95 	    (name[1] == '\0' || (name[1] == '.' && name[2] == '\0')) ||
96 	    zfs_has_ctldir(dzp) && strcmp(name, ZFS_CTLDIR_NAME) == 0)
97 		return (EEXIST);
98 
99 	/*
100 	 * Wait until there are no locks on this name.
101 	 */
102 	mutex_enter(&dzp->z_lock);
103 	for (;;) {
104 		if (dzp->z_reap) {
105 			mutex_exit(&dzp->z_lock);
106 			return (ENOENT);
107 		}
108 		for (dl = dzp->z_dirlocks; dl != NULL; dl = dl->dl_next)
109 			if (strcmp(name, dl->dl_name) == 0)
110 				break;
111 		if (dl == NULL)	{
112 			/*
113 			 * Allocate a new dirlock and add it to the list.
114 			 */
115 			dl = kmem_alloc(sizeof (zfs_dirlock_t), KM_SLEEP);
116 			cv_init(&dl->dl_cv, NULL, CV_DEFAULT, NULL);
117 			dl->dl_name = name;
118 			dl->dl_sharecnt = 0;
119 			dl->dl_namesize = 0;
120 			dl->dl_dzp = dzp;
121 			dl->dl_next = dzp->z_dirlocks;
122 			dzp->z_dirlocks = dl;
123 			break;
124 		}
125 		if ((flag & ZSHARED) && dl->dl_sharecnt != 0)
126 			break;
127 		cv_wait(&dl->dl_cv, &dzp->z_lock);
128 	}
129 
130 	if ((flag & ZSHARED) && ++dl->dl_sharecnt > 1 && dl->dl_namesize == 0) {
131 		/*
132 		 * We're the second shared reference to dl.  Make a copy of
133 		 * dl_name in case the first thread goes away before we do.
134 		 * Note that we initialize the new name before storing its
135 		 * pointer into dl_name, because the first thread may load
136 		 * dl->dl_name at any time.  He'll either see the old value,
137 		 * which is his, or the new shared copy; either is OK.
138 		 */
139 		dl->dl_namesize = strlen(dl->dl_name) + 1;
140 		name = kmem_alloc(dl->dl_namesize, KM_SLEEP);
141 		bcopy(dl->dl_name, name, dl->dl_namesize);
142 		dl->dl_name = name;
143 	}
144 
145 	mutex_exit(&dzp->z_lock);
146 
147 	/*
148 	 * We have a dirlock on the name.  (Note that it is the dirlock,
149 	 * not the dzp's z_lock, that protects the name in the zap object.)
150 	 * See if there's an object by this name; if so, put a hold on it.
151 	 */
152 	if (flag & ZXATTR) {
153 		zoid = dzp->z_phys->zp_xattr;
154 		error = (zoid == 0 ? ENOENT : 0);
155 	} else {
156 		error = zap_lookup(zfsvfs->z_os, dzp->z_id, name, 8, 1, &zoid);
157 	}
158 	if (error) {
159 		if (error != ENOENT || (flag & ZEXISTS)) {
160 			zfs_dirent_unlock(dl);
161 			return (error);
162 		}
163 	} else {
164 		if (flag & ZNEW) {
165 			zfs_dirent_unlock(dl);
166 			return (EEXIST);
167 		}
168 		error = zfs_zget(zfsvfs, zoid, zpp);
169 		if (error) {
170 			zfs_dirent_unlock(dl);
171 			return (error);
172 		}
173 	}
174 
175 	*dlpp = dl;
176 
177 	return (0);
178 }
179 
180 /*
181  * Unlock this directory entry and wake anyone who was waiting for it.
182  */
183 void
184 zfs_dirent_unlock(zfs_dirlock_t *dl)
185 {
186 	znode_t *dzp = dl->dl_dzp;
187 	zfs_dirlock_t **prev_dl, *cur_dl;
188 
189 	mutex_enter(&dzp->z_lock);
190 	if (dl->dl_sharecnt > 1) {
191 		dl->dl_sharecnt--;
192 		mutex_exit(&dzp->z_lock);
193 		return;
194 	}
195 	prev_dl = &dzp->z_dirlocks;
196 	while ((cur_dl = *prev_dl) != dl)
197 		prev_dl = &cur_dl->dl_next;
198 	*prev_dl = dl->dl_next;
199 	cv_broadcast(&dl->dl_cv);
200 	mutex_exit(&dzp->z_lock);
201 
202 	if (dl->dl_namesize != 0)
203 		kmem_free(dl->dl_name, dl->dl_namesize);
204 	cv_destroy(&dl->dl_cv);
205 	kmem_free(dl, sizeof (*dl));
206 }
207 
208 /*
209  * Look up an entry in a directory.
210  *
211  * NOTE: '.' and '..' are handled as special cases because
212  *	no directory entries are actually stored for them.  If this is
213  *	the root of a filesystem, then '.zfs' is also treated as a
214  *	special pseudo-directory.
215  */
216 int
217 zfs_dirlook(znode_t *dzp, char *name, vnode_t **vpp)
218 {
219 	zfs_dirlock_t *dl;
220 	znode_t *zp;
221 	int error = 0;
222 
223 	if (name[0] == 0 || (name[0] == '.' && name[1] == 0)) {
224 		*vpp = ZTOV(dzp);
225 		VN_HOLD(*vpp);
226 	} else if (name[0] == '.' && name[1] == '.' && name[2] == 0) {
227 		zfsvfs_t *zfsvfs = dzp->z_zfsvfs;
228 		/*
229 		 * If we are a snapshot mounted under .zfs, return
230 		 * the vp for the snapshot directory.
231 		 */
232 		if (zfsvfs->z_parent != zfsvfs) {
233 			error = zfsctl_root_lookup(zfsvfs->z_parent->z_ctldir,
234 			    "snapshot", vpp, NULL, 0, NULL, kcred);
235 			return (error);
236 		}
237 		rw_enter(&dzp->z_parent_lock, RW_READER);
238 		error = zfs_zget(zfsvfs, dzp->z_phys->zp_parent, &zp);
239 		if (error == 0)
240 			*vpp = ZTOV(zp);
241 		rw_exit(&dzp->z_parent_lock);
242 	} else if (zfs_has_ctldir(dzp) && strcmp(name, ZFS_CTLDIR_NAME) == 0) {
243 		*vpp = zfsctl_root(dzp);
244 	} else {
245 		error = zfs_dirent_lock(&dl, dzp, name, &zp, ZEXISTS | ZSHARED);
246 		if (error == 0) {
247 			*vpp = ZTOV(zp);
248 			zfs_dirent_unlock(dl);
249 		}
250 	}
251 
252 	return (error);
253 }
254 
255 static char *
256 zfs_dq_hexname(char namebuf[17], uint64_t x)
257 {
258 	char *name = &namebuf[16];
259 	const char digits[16] = "0123456789abcdef";
260 
261 	*name = '\0';
262 	do {
263 		*--name = digits[x & 0xf];
264 		x >>= 4;
265 	} while (x != 0);
266 
267 	return (name);
268 }
269 
270 void
271 zfs_dq_add(znode_t *zp, dmu_tx_t *tx)
272 {
273 	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
274 	char obj_name[17];
275 	int error;
276 
277 	ASSERT(zp->z_reap);
278 	ASSERT3U(zp->z_phys->zp_links, ==, 0);
279 
280 	error = zap_add(zfsvfs->z_os, zfsvfs->z_dqueue,
281 	    zfs_dq_hexname(obj_name, zp->z_id), 8, 1, &zp->z_id, tx);
282 	ASSERT3U(error, ==, 0);
283 }
284 
285 /*
286  * Delete the entire contents of a directory.  Return a count
287  * of the number of entries that could not be deleted.
288  *
289  * NOTE: this function assumes that the directory is inactive,
290  *	so there is no need to lock its entries before deletion.
291  *	Also, it assumes the directory contents is *only* regular
292  *	files.
293  */
294 static int
295 zfs_purgedir(znode_t *dzp)
296 {
297 	zap_cursor_t	zc;
298 	zap_attribute_t	zap;
299 	znode_t		*xzp;
300 	dmu_tx_t	*tx;
301 	zfsvfs_t	*zfsvfs = dzp->z_zfsvfs;
302 	zfs_dirlock_t	dl;
303 	int skipped = 0;
304 	int error;
305 
306 	ASSERT(dzp->z_active == 0);
307 
308 	for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);
309 	    (error = zap_cursor_retrieve(&zc, &zap)) == 0;
310 	    zap_cursor_advance(&zc)) {
311 		error = zfs_zget(zfsvfs, zap.za_first_integer, &xzp);
312 		ASSERT3U(error, ==, 0);
313 
314 		ASSERT((ZTOV(xzp)->v_type == VREG) ||
315 		    (ZTOV(xzp)->v_type == VLNK));
316 
317 		tx = dmu_tx_create(zfsvfs->z_os);
318 		dmu_tx_hold_bonus(tx, dzp->z_id);
319 		dmu_tx_hold_zap(tx, dzp->z_id, -1);
320 		dmu_tx_hold_bonus(tx, xzp->z_id);
321 		dmu_tx_hold_zap(tx, zfsvfs->z_dqueue, 1);
322 		error = dmu_tx_assign(tx, TXG_WAIT);
323 		if (error) {
324 			dmu_tx_abort(tx);
325 			VN_RELE(ZTOV(xzp));
326 			skipped += 1;
327 			continue;
328 		}
329 		bzero(&dl, sizeof (dl));
330 		dl.dl_dzp = dzp;
331 		dl.dl_name = zap.za_name;
332 
333 		error = zfs_link_destroy(&dl, xzp, tx, 0, NULL);
334 		ASSERT3U(error, ==, 0);
335 		dmu_tx_commit(tx);
336 
337 		VN_RELE(ZTOV(xzp));
338 	}
339 	ASSERT(error == ENOENT);
340 	return (skipped);
341 }
342 
343 /*
344  * Special function to requeue the znodes for deletion that were
345  * in progress when we either crashed or umounted the file system.
346  */
347 static void
348 zfs_drain_dq(zfsvfs_t *zfsvfs)
349 {
350 	zap_cursor_t	zc;
351 	zap_attribute_t zap;
352 	dmu_object_info_t doi;
353 	znode_t		*zp;
354 	int		error;
355 
356 	/*
357 	 * Interate over the contents of the delete queue.
358 	 */
359 	for (zap_cursor_init(&zc, zfsvfs->z_os, zfsvfs->z_dqueue);
360 	    zap_cursor_retrieve(&zc, &zap) == 0;
361 	    zap_cursor_advance(&zc)) {
362 
363 		/*
364 		 * Need some helpers?
365 		 */
366 		if (zfs_delete_thread_target(zfsvfs, -1) != 0)
367 			return;
368 
369 		/*
370 		 * See what kind of object we have in queue
371 		 */
372 
373 		error = dmu_object_info(zfsvfs->z_os,
374 		    zap.za_first_integer, &doi);
375 		if (error != 0)
376 			continue;
377 
378 		ASSERT((doi.doi_type == DMU_OT_PLAIN_FILE_CONTENTS) ||
379 		    (doi.doi_type == DMU_OT_DIRECTORY_CONTENTS));
380 		/*
381 		 * We need to re-mark these queue entries for reaping,
382 		 * so we pull them back into core and set zp->z_reap.
383 		 */
384 		error = zfs_zget(zfsvfs, zap.za_first_integer, &zp);
385 
386 		/*
387 		 * We may pick up znodes that are already marked for reaping.
388 		 * This could happen during the purge of an extended attribute
389 		 * directory.  All we need to do is skip over them, since they
390 		 * are already in the system to be processed by the taskq.
391 		 */
392 		if (error != 0) {
393 			continue;
394 		}
395 		zp->z_reap = 1;
396 		VN_RELE(ZTOV(zp));
397 		break;
398 	}
399 }
400 
401 void
402 zfs_delete_thread(void *arg)
403 {
404 	zfsvfs_t	*zfsvfs = arg;
405 	zfs_delete_t 	*zd = &zfsvfs->z_delete_head;
406 	znode_t		*zp;
407 	callb_cpr_t	cprinfo;
408 
409 	CALLB_CPR_INIT(&cprinfo, &zd->z_mutex, callb_generic_cpr, "zfs_delete");
410 
411 	mutex_enter(&zd->z_mutex);
412 
413 	if (!zd->z_drained && !zd->z_draining) {
414 		zd->z_draining = B_TRUE;
415 		mutex_exit(&zd->z_mutex);
416 		zfs_drain_dq(zfsvfs);
417 		mutex_enter(&zd->z_mutex);
418 		zd->z_draining = B_FALSE;
419 		zd->z_drained = B_TRUE;
420 		cv_broadcast(&zd->z_quiesce_cv);
421 	}
422 
423 	while (zd->z_thread_count <= zd->z_thread_target) {
424 		zp = list_head(&zd->z_znodes);
425 		if (zp == NULL) {
426 			ASSERT(zd->z_znode_count == 0);
427 			CALLB_CPR_SAFE_BEGIN(&cprinfo);
428 			cv_wait(&zd->z_cv, &zd->z_mutex);
429 			CALLB_CPR_SAFE_END(&cprinfo, &zd->z_mutex);
430 			continue;
431 		}
432 		ASSERT(zd->z_znode_count != 0);
433 		list_remove(&zd->z_znodes, zp);
434 		if (--zd->z_znode_count == 0)
435 			cv_broadcast(&zd->z_quiesce_cv);
436 		mutex_exit(&zd->z_mutex);
437 		zfs_rmnode(zp);
438 		(void) zfs_delete_thread_target(zfsvfs, -1);
439 		mutex_enter(&zd->z_mutex);
440 	}
441 
442 	ASSERT(zd->z_thread_count != 0);
443 	if (--zd->z_thread_count == 0)
444 		cv_broadcast(&zd->z_cv);
445 
446 	CALLB_CPR_EXIT(&cprinfo);	/* NB: drops z_mutex */
447 	thread_exit();
448 }
449 
450 static int zfs_work_per_thread_shift = 11;	/* 2048 (2^11) per thread */
451 
452 /*
453  * Set the target number of delete threads to 'nthreads'.
454  * If nthreads == -1, choose a number based on current workload.
455  * If nthreads == 0, don't return until the threads have exited.
456  */
457 int
458 zfs_delete_thread_target(zfsvfs_t *zfsvfs, int nthreads)
459 {
460 	zfs_delete_t *zd = &zfsvfs->z_delete_head;
461 
462 	mutex_enter(&zd->z_mutex);
463 
464 	if (nthreads == -1) {
465 		if (zd->z_thread_target == 0) {
466 			mutex_exit(&zd->z_mutex);
467 			return (EBUSY);
468 		}
469 		nthreads = zd->z_znode_count >> zfs_work_per_thread_shift;
470 		nthreads = MIN(nthreads, ncpus << 1);
471 		nthreads = MAX(nthreads, 1);
472 		nthreads += !!zd->z_draining;
473 	}
474 
475 	zd->z_thread_target = nthreads;
476 
477 	while (zd->z_thread_count < zd->z_thread_target) {
478 		(void) thread_create(NULL, 0, zfs_delete_thread, zfsvfs,
479 		    0, &p0, TS_RUN, minclsyspri);
480 		zd->z_thread_count++;
481 	}
482 
483 	while (zd->z_thread_count > zd->z_thread_target && nthreads == 0) {
484 		cv_broadcast(&zd->z_cv);
485 		cv_wait(&zd->z_cv, &zd->z_mutex);
486 	}
487 
488 	mutex_exit(&zd->z_mutex);
489 
490 	return (0);
491 }
492 
493 /*
494  * Wait until everything that's been queued has been deleted.
495  */
496 void
497 zfs_delete_wait_empty(zfsvfs_t *zfsvfs)
498 {
499 	zfs_delete_t *zd = &zfsvfs->z_delete_head;
500 
501 	mutex_enter(&zd->z_mutex);
502 	ASSERT(zd->z_thread_target != 0);
503 	while (!zd->z_drained || zd->z_znode_count != 0) {
504 		ASSERT(zd->z_thread_target != 0);
505 		cv_wait(&zd->z_quiesce_cv, &zd->z_mutex);
506 	}
507 	mutex_exit(&zd->z_mutex);
508 }
509 
510 void
511 zfs_rmnode(znode_t *zp)
512 {
513 	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
514 	objset_t	*os = zfsvfs->z_os;
515 	znode_t		*xzp = NULL;
516 	char		obj_name[17];
517 	dmu_tx_t	*tx;
518 	uint64_t	acl_obj;
519 	int		error;
520 
521 	ASSERT(zp->z_active == 0);
522 	ASSERT(ZTOV(zp)->v_count == 0);
523 	ASSERT(zp->z_phys->zp_links == 0);
524 
525 	/*
526 	 * If this is an attribute directory, purge its contents.
527 	 */
528 	if (ZTOV(zp)->v_type == VDIR && (zp->z_phys->zp_flags & ZFS_XATTR))
529 		if (zfs_purgedir(zp) != 0) {
530 			zfs_delete_t *delq = &zfsvfs->z_delete_head;
531 			/*
532 			 * Add this back to the delete list to be retried later.
533 			 *
534 			 * XXX - this could just busy loop on us...
535 			 */
536 			mutex_enter(&delq->z_mutex);
537 			list_insert_tail(&delq->z_znodes, zp);
538 			delq->z_znode_count++;
539 			mutex_exit(&delq->z_mutex);
540 			return;
541 		}
542 
543 	/*
544 	 * If the file has extended attributes, unlink the xattr dir.
545 	 */
546 	if (zp->z_phys->zp_xattr) {
547 		error = zfs_zget(zfsvfs, zp->z_phys->zp_xattr, &xzp);
548 		ASSERT(error == 0);
549 	}
550 
551 	acl_obj = zp->z_phys->zp_acl.z_acl_extern_obj;
552 
553 	/*
554 	 * Set up the transaction.
555 	 */
556 	tx = dmu_tx_create(os);
557 	dmu_tx_hold_free(tx, zp->z_id, 0, DMU_OBJECT_END);
558 	dmu_tx_hold_zap(tx, zfsvfs->z_dqueue, -1);
559 	if (xzp) {
560 		dmu_tx_hold_bonus(tx, xzp->z_id);
561 		dmu_tx_hold_zap(tx, zfsvfs->z_dqueue, 1);
562 	}
563 	if (acl_obj)
564 		dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END);
565 	error = dmu_tx_assign(tx, TXG_WAIT);
566 	if (error) {
567 		zfs_delete_t *delq = &zfsvfs->z_delete_head;
568 
569 		dmu_tx_abort(tx);
570 		/*
571 		 * Add this back to the delete list to be retried later.
572 		 *
573 		 * XXX - this could just busy loop on us...
574 		 */
575 		mutex_enter(&delq->z_mutex);
576 		list_insert_tail(&delq->z_znodes, zp);
577 		delq->z_znode_count++;
578 		mutex_exit(&delq->z_mutex);
579 		return;
580 	}
581 
582 	if (xzp) {
583 		dmu_buf_will_dirty(xzp->z_dbuf, tx);
584 		mutex_enter(&xzp->z_lock);
585 		xzp->z_reap = 1;		/* mark xzp for deletion */
586 		xzp->z_phys->zp_links = 0;	/* no more links to it */
587 		mutex_exit(&xzp->z_lock);
588 		zfs_dq_add(xzp, tx);		/* add xzp to delete queue */
589 	}
590 
591 	/*
592 	 * Remove this znode from delete queue
593 	 */
594 	error = zap_remove(os, zfsvfs->z_dqueue,
595 	    zfs_dq_hexname(obj_name, zp->z_id), tx);
596 	ASSERT3U(error, ==, 0);
597 
598 	zfs_znode_delete(zp, tx);
599 
600 	dmu_tx_commit(tx);
601 
602 	if (xzp)
603 		VN_RELE(ZTOV(xzp));
604 }
605 
606 /*
607  * Link zp into dl.  Can only fail if zp has been reaped.
608  */
609 int
610 zfs_link_create(zfs_dirlock_t *dl, znode_t *zp, dmu_tx_t *tx, int flag)
611 {
612 	znode_t *dzp = dl->dl_dzp;
613 	vnode_t *vp = ZTOV(zp);
614 	int zp_is_dir = (vp->v_type == VDIR);
615 	int error;
616 
617 	dmu_buf_will_dirty(zp->z_dbuf, tx);
618 	mutex_enter(&zp->z_lock);
619 
620 	if (!(flag & ZRENAMING)) {
621 		if (zp->z_reap) {	/* no new links to reaped zp */
622 			ASSERT(!(flag & (ZNEW | ZEXISTS)));
623 			mutex_exit(&zp->z_lock);
624 			return (ENOENT);
625 		}
626 		zp->z_phys->zp_links++;
627 	}
628 	zp->z_phys->zp_parent = dzp->z_id;	/* dzp is now zp's parent */
629 
630 	if (!(flag & ZNEW))
631 		zfs_time_stamper_locked(zp, STATE_CHANGED, tx);
632 	mutex_exit(&zp->z_lock);
633 
634 	dmu_buf_will_dirty(dzp->z_dbuf, tx);
635 	mutex_enter(&dzp->z_lock);
636 	dzp->z_phys->zp_size++;			/* one dirent added */
637 	dzp->z_phys->zp_links += zp_is_dir;	/* ".." link from zp */
638 	zfs_time_stamper_locked(dzp, CONTENT_MODIFIED, tx);
639 	mutex_exit(&dzp->z_lock);
640 
641 	error = zap_add(zp->z_zfsvfs->z_os, dzp->z_id, dl->dl_name,
642 	    8, 1, &zp->z_id, tx);
643 	ASSERT(error == 0);
644 
645 	return (0);
646 }
647 
648 /*
649  * Unlink zp from dl, and mark zp for reaping if this was the last link.
650  * Can fail if zp is a mount point (EBUSY) or a non-empty directory (EEXIST).
651  * If 'reaped_ptr' is NULL, we put reaped znodes on the delete queue.
652  * If it's non-NULL, we use it to indicate whether the znode needs reaping,
653  * and it's the caller's job to do it.
654  */
655 int
656 zfs_link_destroy(zfs_dirlock_t *dl, znode_t *zp, dmu_tx_t *tx, int flag,
657 	int *reaped_ptr)
658 {
659 	znode_t *dzp = dl->dl_dzp;
660 	vnode_t *vp = ZTOV(zp);
661 	int zp_is_dir = (vp->v_type == VDIR);
662 	int reaped = 0;
663 	int error;
664 
665 	if (!(flag & ZRENAMING)) {
666 		dmu_buf_will_dirty(zp->z_dbuf, tx);
667 
668 		if (vn_vfswlock(vp))		/* prevent new mounts on zp */
669 			return (EBUSY);
670 
671 		if (vn_ismntpt(vp)) {		/* don't remove mount point */
672 			vn_vfsunlock(vp);
673 			return (EBUSY);
674 		}
675 
676 		mutex_enter(&zp->z_lock);
677 		if (zp_is_dir && !zfs_dirempty(zp)) {	/* dir not empty */
678 			mutex_exit(&zp->z_lock);
679 			vn_vfsunlock(vp);
680 			return (EEXIST);
681 		}
682 		ASSERT(zp->z_phys->zp_links > zp_is_dir);
683 		if (--zp->z_phys->zp_links == zp_is_dir) {
684 			zp->z_reap = 1;
685 			zp->z_phys->zp_links = 0;
686 			reaped = 1;
687 		} else {
688 			zfs_time_stamper_locked(zp, STATE_CHANGED, tx);
689 		}
690 		mutex_exit(&zp->z_lock);
691 		vn_vfsunlock(vp);
692 	}
693 
694 	dmu_buf_will_dirty(dzp->z_dbuf, tx);
695 	mutex_enter(&dzp->z_lock);
696 	dzp->z_phys->zp_size--;			/* one dirent removed */
697 	dzp->z_phys->zp_links -= zp_is_dir;	/* ".." link from zp */
698 	zfs_time_stamper_locked(dzp, CONTENT_MODIFIED, tx);
699 	mutex_exit(&dzp->z_lock);
700 
701 	error = zap_remove(zp->z_zfsvfs->z_os, dzp->z_id, dl->dl_name, tx);
702 	ASSERT(error == 0);
703 
704 	if (reaped_ptr != NULL)
705 		*reaped_ptr = reaped;
706 	else if (reaped)
707 		zfs_dq_add(zp, tx);
708 
709 	return (0);
710 }
711 
712 /*
713  * Indicate whether the directory is empty.  Works with or without z_lock
714  * held, but can only be consider a hint in the latter case.  Returns true
715  * if only "." and ".." remain and there's no work in progress.
716  */
717 boolean_t
718 zfs_dirempty(znode_t *dzp)
719 {
720 	return (dzp->z_phys->zp_size == 2 && dzp->z_dirlocks == 0);
721 }
722 
723 int
724 zfs_make_xattrdir(znode_t *zp, vattr_t *vap, vnode_t **xvpp, cred_t *cr)
725 {
726 	zfsvfs_t *zfsvfs = zp->z_zfsvfs;
727 	znode_t *xzp;
728 	dmu_tx_t *tx;
729 	uint64_t xoid;
730 	int error;
731 
732 	*xvpp = NULL;
733 
734 	if (error = zfs_zaccess(zp, ACE_WRITE_NAMED_ATTRS, cr))
735 		return (error);
736 
737 	tx = dmu_tx_create(zfsvfs->z_os);
738 	dmu_tx_hold_bonus(tx, zp->z_id);
739 	dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, 0);
740 	error = dmu_tx_assign(tx, zfsvfs->z_assign);
741 	if (error) {
742 		dmu_tx_abort(tx);
743 		return (error);
744 	}
745 	zfs_mknode(zp, vap, &xoid, tx, cr, IS_XATTR, &xzp, 0);
746 	ASSERT(xzp->z_id == xoid);
747 	ASSERT(xzp->z_phys->zp_parent == zp->z_id);
748 	dmu_buf_will_dirty(zp->z_dbuf, tx);
749 	zp->z_phys->zp_xattr = xoid;
750 
751 	(void) zfs_log_create(zfsvfs->z_log, tx, TX_MKXATTR, zp, xzp, "");
752 	dmu_tx_commit(tx);
753 
754 	*xvpp = ZTOV(xzp);
755 
756 	return (0);
757 }
758 
759 /*
760  * Return a znode for the extended attribute directory for zp.
761  * ** If the directory does not already exist, it is created **
762  *
763  *	IN:	zp	- znode to obtain attribute directory from
764  *		cr	- credentials of caller
765  *
766  *	OUT:	xzpp	- pointer to extended attribute znode
767  *
768  *	RETURN:	0 on success
769  *		error number on failure
770  */
771 int
772 zfs_get_xattrdir(znode_t *zp, vnode_t **xvpp, cred_t *cr)
773 {
774 	zfsvfs_t	*zfsvfs = zp->z_zfsvfs;
775 	znode_t		*xzp;
776 	zfs_dirlock_t	*dl;
777 	vattr_t		va;
778 	int		error;
779 top:
780 	error = zfs_dirent_lock(&dl, zp, "", &xzp, ZXATTR);
781 	if (error)
782 		return (error);
783 
784 	if (xzp != NULL) {
785 		*xvpp = ZTOV(xzp);
786 		zfs_dirent_unlock(dl);
787 		return (0);
788 	}
789 
790 	ASSERT(zp->z_phys->zp_xattr == 0);
791 
792 	if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY) {
793 		zfs_dirent_unlock(dl);
794 		return (EROFS);
795 	}
796 
797 	/*
798 	 * The ability to 'create' files in an attribute
799 	 * directory comes from the write_xattr permission on the base file.
800 	 *
801 	 * The ability to 'search' an attribute directory requires
802 	 * read_xattr permission on the base file.
803 	 *
804 	 * Once in a directory the ability to read/write attributes
805 	 * is controlled by the permissions on the attribute file.
806 	 */
807 	va.va_mask = AT_TYPE | AT_MODE | AT_UID | AT_GID;
808 	va.va_type = VDIR;
809 	va.va_mode = S_IFDIR | 0755;
810 	va.va_uid = (uid_t)zp->z_phys->zp_uid;
811 	va.va_gid = (gid_t)zp->z_phys->zp_gid;
812 
813 	error = zfs_make_xattrdir(zp, &va, xvpp, cr);
814 	zfs_dirent_unlock(dl);
815 
816 	if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) {
817 		txg_wait_open(dmu_objset_pool(zfsvfs->z_os), 0);
818 		goto top;
819 	}
820 
821 	return (error);
822 }
823 
824 /*
825  * Decide whether it is okay to remove within a sticky directory.
826  *
827  * In sticky directories, write access is not sufficient;
828  * you can remove entries from a directory only if:
829  *
830  *	you own the directory,
831  *	you own the entry,
832  *	the entry is a plain file and you have write access,
833  *	or you are privileged (checked in secpolicy...).
834  *
835  * The function returns 0 if remove access is granted.
836  */
837 int
838 zfs_sticky_remove_access(znode_t *zdp, znode_t *zp, cred_t *cr)
839 {
840 	uid_t  		uid;
841 
842 	if (zdp->z_zfsvfs->z_assign >= TXG_INITIAL)	/* ZIL replay */
843 		return (0);
844 
845 	if ((zdp->z_phys->zp_mode & S_ISVTX) == 0 ||
846 	    (uid = crgetuid(cr)) == zdp->z_phys->zp_uid ||
847 	    uid == zp->z_phys->zp_uid ||
848 	    (ZTOV(zp)->v_type == VREG &&
849 	    zfs_zaccess(zp, ACE_WRITE_DATA, cr) == 0))
850 		return (0);
851 	else
852 		return (secpolicy_vnode_remove(cr));
853 }
854