xref: /titanic_51/usr/src/uts/common/fs/specfs/specvnops.c (revision 81f63062a60a29358c252e0d10807f8a8547fbb5)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
27 /*	  All Rights Reserved  	*/
28 
29 /*
30  * University Copyright- Copyright (c) 1982, 1986, 1988
31  * The Regents of the University of California
32  * All Rights Reserved
33  *
34  * University Acknowledgment- Portions of this document are derived from
35  * software developed by the University of California, Berkeley, and its
36  * contributors.
37  */
38 
39 
40 #pragma ident	"%Z%%M%	%I%	%E% SMI"
41 
42 #include <sys/types.h>
43 #include <sys/thread.h>
44 #include <sys/t_lock.h>
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/bitmap.h>
48 #include <sys/buf.h>
49 #include <sys/cmn_err.h>
50 #include <sys/conf.h>
51 #include <sys/ddi.h>
52 #include <sys/debug.h>
53 #include <sys/dkio.h>
54 #include <sys/errno.h>
55 #include <sys/time.h>
56 #include <sys/fcntl.h>
57 #include <sys/flock.h>
58 #include <sys/file.h>
59 #include <sys/kmem.h>
60 #include <sys/mman.h>
61 #include <sys/open.h>
62 #include <sys/swap.h>
63 #include <sys/sysmacros.h>
64 #include <sys/uio.h>
65 #include <sys/vfs.h>
66 #include <sys/vfs_opreg.h>
67 #include <sys/vnode.h>
68 #include <sys/stat.h>
69 #include <sys/poll.h>
70 #include <sys/stream.h>
71 #include <sys/strsubr.h>
72 #include <sys/policy.h>
73 #include <sys/devpolicy.h>
74 
75 #include <sys/proc.h>
76 #include <sys/user.h>
77 #include <sys/session.h>
78 #include <sys/vmsystm.h>
79 #include <sys/vtrace.h>
80 #include <sys/pathname.h>
81 
82 #include <sys/fs/snode.h>
83 
84 #include <vm/seg.h>
85 #include <vm/seg_map.h>
86 #include <vm/page.h>
87 #include <vm/pvn.h>
88 #include <vm/seg_dev.h>
89 #include <vm/seg_vn.h>
90 
91 #include <fs/fs_subr.h>
92 
93 #include <sys/esunddi.h>
94 #include <sys/autoconf.h>
95 #include <sys/sunndi.h>
96 #include <sys/contract/device_impl.h>
97 
98 
99 static int spec_open(struct vnode **, int, struct cred *);
100 static int spec_close(struct vnode *, int, int, offset_t, struct cred *);
101 static int spec_read(struct vnode *, struct uio *, int, struct cred *,
102 	struct caller_context *);
103 static int spec_write(struct vnode *, struct uio *, int, struct cred *,
104 	struct caller_context *);
105 static int spec_ioctl(struct vnode *, int, intptr_t, int, struct cred *, int *);
106 static int spec_getattr(struct vnode *, struct vattr *, int, struct cred *);
107 static int spec_setattr(struct vnode *, struct vattr *, int, struct cred *,
108 	caller_context_t *);
109 static int spec_access(struct vnode *, int, int, struct cred *);
110 static int spec_create(struct vnode *, char *, vattr_t *, enum vcexcl,
111     int, struct vnode **, struct cred *, int);
112 static int spec_fsync(struct vnode *, int, struct cred *);
113 static void spec_inactive(struct vnode *, struct cred *);
114 static int spec_fid(struct vnode *, struct fid *);
115 static int spec_seek(struct vnode *, offset_t, offset_t *);
116 static int spec_frlock(struct vnode *, int, struct flock64 *, int, offset_t,
117     struct flk_callback *, struct cred *);
118 static int spec_realvp(struct vnode *, struct vnode **);
119 
120 static int spec_getpage(struct vnode *, offset_t, size_t, uint_t *, page_t **,
121     size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
122 static int spec_putapage(struct vnode *, page_t *, u_offset_t *, size_t *, int,
123 	struct cred *);
124 static struct buf *spec_startio(struct vnode *, page_t *, u_offset_t, size_t,
125 	int);
126 static int spec_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
127     page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
128 static int spec_map(struct vnode *, offset_t, struct as *, caddr_t *, size_t,
129     uchar_t, uchar_t, uint_t, struct cred *);
130 static int spec_addmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
131     uchar_t, uchar_t, uint_t, struct cred *);
132 static int spec_delmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
133     uint_t, uint_t, uint_t, struct cred *);
134 
135 static int spec_poll(struct vnode *, short, int, short *, struct pollhead **);
136 static int spec_dump(struct vnode *, caddr_t, int, int);
137 static int spec_pageio(struct vnode *, page_t *, u_offset_t, size_t, int,
138     cred_t *);
139 
140 static int spec_getsecattr(struct vnode *, vsecattr_t *, int, struct cred *);
141 static int spec_setsecattr(struct vnode *, vsecattr_t *, int, struct cred *);
142 static int spec_pathconf(struct	vnode *, int, ulong_t *, struct cred *);
143 
144 #define	SN_HOLD(csp)	{ \
145 	mutex_enter(&csp->s_lock); \
146 	csp->s_count++; \
147 	mutex_exit(&csp->s_lock); \
148 }
149 
150 #define	SN_RELE(csp)	{ \
151 	mutex_enter(&csp->s_lock); \
152 	csp->s_count--; \
153 	ASSERT((csp->s_count > 0) || (csp->s_vnode->v_stream == NULL)); \
154 	mutex_exit(&csp->s_lock); \
155 }
156 
157 #define	S_ISFENCED(sp)	((VTOS((sp)->s_commonvp))->s_flag & SFENCED)
158 
159 struct vnodeops *spec_vnodeops;
160 
161 /*
162  * *PLEASE NOTE*: If you add new entry points to specfs, do
163  * not forget to add support for fencing. A fenced snode
164  * is indicated by the SFENCED flag in the common snode.
165  * If a snode is fenced, determine if your entry point is
166  * a configuration operation (Example: open), a detection
167  * operation (Example: gettattr), an I/O operation (Example: ioctl())
168  * or an unconfiguration operation (Example: close). If it is
169  * a configuration or detection operation, fail the operation
170  * for a fenced snode with an ENXIO or EIO as appropriate. If
171  * it is any other operation, let it through.
172  */
173 
174 const fs_operation_def_t spec_vnodeops_template[] = {
175 	VOPNAME_OPEN,		{ .vop_open = spec_open },
176 	VOPNAME_CLOSE,		{ .vop_close = spec_close },
177 	VOPNAME_READ,		{ .vop_read = spec_read },
178 	VOPNAME_WRITE,		{ .vop_write = spec_write },
179 	VOPNAME_IOCTL,		{ .vop_ioctl = spec_ioctl },
180 	VOPNAME_GETATTR,	{ .vop_getattr = spec_getattr },
181 	VOPNAME_SETATTR,	{ .vop_setattr = spec_setattr },
182 	VOPNAME_ACCESS,		{ .vop_access = spec_access },
183 	VOPNAME_CREATE,		{ .vop_create = spec_create },
184 	VOPNAME_FSYNC,		{ .vop_fsync = spec_fsync },
185 	VOPNAME_INACTIVE,	{ .vop_inactive = spec_inactive },
186 	VOPNAME_FID,		{ .vop_fid = spec_fid },
187 	VOPNAME_SEEK,		{ .vop_seek = spec_seek },
188 	VOPNAME_PATHCONF,	{ .vop_pathconf = spec_pathconf },
189 	VOPNAME_FRLOCK,		{ .vop_frlock = spec_frlock },
190 	VOPNAME_REALVP,		{ .vop_realvp = spec_realvp },
191 	VOPNAME_GETPAGE,	{ .vop_getpage = spec_getpage },
192 	VOPNAME_PUTPAGE,	{ .vop_putpage = spec_putpage },
193 	VOPNAME_MAP,		{ .vop_map = spec_map },
194 	VOPNAME_ADDMAP,		{ .vop_addmap = spec_addmap },
195 	VOPNAME_DELMAP,		{ .vop_delmap = spec_delmap },
196 	VOPNAME_POLL,		{ .vop_poll = spec_poll },
197 	VOPNAME_DUMP,		{ .vop_dump = spec_dump },
198 	VOPNAME_PAGEIO,		{ .vop_pageio = spec_pageio },
199 	VOPNAME_SETSECATTR,	{ .vop_setsecattr = spec_setsecattr },
200 	VOPNAME_GETSECATTR,	{ .vop_getsecattr = spec_getsecattr },
201 	NULL,			NULL
202 };
203 
204 /*
205  * Return address of spec_vnodeops
206  */
207 struct vnodeops *
208 spec_getvnodeops(void)
209 {
210 	return (spec_vnodeops);
211 }
212 
213 extern vnode_t *rconsvp;
214 
215 /*
216  * Acquire the serial lock on the common snode.
217  */
218 #define	LOCK_CSP(csp)			(void) spec_lockcsp(csp, 0, 1, 0)
219 #define	LOCKHOLD_CSP_SIG(csp)		spec_lockcsp(csp, 1, 1, 1)
220 #define	SYNCHOLD_CSP_SIG(csp, intr)	spec_lockcsp(csp, intr, 0, 1)
221 
222 typedef enum {
223 	LOOP,
224 	INTR,
225 	SUCCESS
226 } slock_ret_t;
227 
228 /*
229  * Synchronize with active SLOCKED snode, optionally checking for a signal and
230  * optionally returning with SLOCKED set and SN_HOLD done.  The 'intr'
231  * argument determines if the thread is interruptible by a signal while
232  * waiting, the function returns INTR if interrupted while there is another
233  * thread closing this snonde and LOOP if interrupted otherwise.
234  * When SUCCESS is returned the 'hold' argument determines if the open
235  * count (SN_HOLD) has been incremented and the 'setlock' argument
236  * determines if the function returns with SLOCKED set.
237  */
238 static slock_ret_t
239 spec_lockcsp(struct snode *csp, int intr, int setlock, int hold)
240 {
241 	slock_ret_t ret = SUCCESS;
242 	mutex_enter(&csp->s_lock);
243 	while (csp->s_flag & SLOCKED) {
244 		csp->s_flag |= SWANT;
245 		if (intr) {
246 			if (!cv_wait_sig(&csp->s_cv, &csp->s_lock)) {
247 				if (csp->s_flag & SCLOSING)
248 					ret = INTR;
249 				else
250 					ret = LOOP;
251 				mutex_exit(&csp->s_lock);
252 				return (ret);		/* interrupted */
253 			}
254 		} else {
255 			cv_wait(&csp->s_cv, &csp->s_lock);
256 		}
257 	}
258 	if (setlock)
259 		csp->s_flag |= SLOCKED;
260 	if (hold)
261 		csp->s_count++;		/* one more open reference : SN_HOLD */
262 	mutex_exit(&csp->s_lock);
263 	return (ret);			/* serialized/locked */
264 }
265 
266 /*
267  * Unlock the serial lock on the common snode
268  */
269 #define	UNLOCK_CSP_LOCK_HELD(csp)			\
270 	ASSERT(mutex_owned(&csp->s_lock));		\
271 	if (csp->s_flag & SWANT)			\
272 		cv_broadcast(&csp->s_cv);		\
273 	csp->s_flag &= ~(SWANT|SLOCKED);
274 
275 #define	UNLOCK_CSP(csp)					\
276 	mutex_enter(&csp->s_lock);			\
277 	UNLOCK_CSP_LOCK_HELD(csp);			\
278 	mutex_exit(&csp->s_lock);
279 
280 /*
281  * compute/return the size of the device
282  */
283 #define	SPEC_SIZE(csp)	\
284 	(((csp)->s_flag & SSIZEVALID) ? (csp)->s_size : spec_size(csp))
285 
286 /*
287  * Compute and return the size.  If the size in the common snode is valid then
288  * return it.  If not valid then get the size from the driver and set size in
289  * the common snode.  If the device has not been attached then we don't ask for
290  * an update from the driver- for non-streams SSIZEVALID stays unset until the
291  * device is attached. A stat of a mknod outside /devices (non-devfs) may
292  * report UNKNOWN_SIZE because the device may not be attached yet (SDIPSET not
293  * established in mknod until open time). An stat in /devices will report the
294  * size correctly.  Specfs should always call SPEC_SIZE instead of referring
295  * directly to s_size to initialize/retrieve the size of a device.
296  *
297  * XXX There is an inconsistency between block and raw - "unknown" is
298  * UNKNOWN_SIZE for VBLK and 0 for VCHR(raw).
299  */
300 static u_offset_t
301 spec_size(struct snode *csp)
302 {
303 	struct vnode	*cvp = STOV(csp);
304 	u_offset_t	size;
305 	int		plen;
306 	uint32_t	size32;
307 	dev_t		dev;
308 	dev_info_t	*devi;
309 	major_t		maj;
310 	uint_t		blksize;
311 	int		blkshift;
312 
313 	ASSERT((csp)->s_commonvp == cvp);	/* must be common node */
314 
315 	/* return cached value */
316 	mutex_enter(&csp->s_lock);
317 	if (csp->s_flag & SSIZEVALID) {
318 		mutex_exit(&csp->s_lock);
319 		return (csp->s_size);
320 	}
321 
322 	/* VOP_GETATTR of mknod has not had devcnt restriction applied */
323 	dev = cvp->v_rdev;
324 	maj = getmajor(dev);
325 	if (maj >= devcnt) {
326 		/* return non-cached UNKNOWN_SIZE */
327 		mutex_exit(&csp->s_lock);
328 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
329 	}
330 
331 	/* establish cached zero size for streams */
332 	if (STREAMSTAB(maj)) {
333 		csp->s_size = 0;
334 		csp->s_flag |= SSIZEVALID;
335 		mutex_exit(&csp->s_lock);
336 		return (0);
337 	}
338 
339 	/*
340 	 * Return non-cached UNKNOWN_SIZE if not open.
341 	 *
342 	 * NB: This check is bogus, calling prop_op(9E) should be gated by
343 	 * attach, not open. Not having this check however opens up a new
344 	 * context under which a driver's prop_op(9E) could be called. Calling
345 	 * prop_op(9E) in this new context has been shown to expose latent
346 	 * driver bugs (insufficient NULL pointer checks that lead to panic).
347 	 * We are keeping this open check for now to avoid these panics.
348 	 */
349 	if (csp->s_count == 0) {
350 		mutex_exit(&csp->s_lock);
351 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
352 	}
353 
354 	/* Return non-cached UNKNOWN_SIZE if not attached. */
355 	if (((csp->s_flag & SDIPSET) == 0) || (csp->s_dip == NULL) ||
356 	    !i_ddi_devi_attached(csp->s_dip)) {
357 		mutex_exit(&csp->s_lock);
358 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
359 	}
360 
361 	devi = csp->s_dip;
362 
363 	/*
364 	 * Established cached size obtained from the attached driver. Since we
365 	 * know the devinfo node, for efficiency we use cdev_prop_op directly
366 	 * instead of [cb]dev_[Ss]size.
367 	 */
368 	if (cvp->v_type == VCHR) {
369 		size = 0;
370 		plen = sizeof (size);
371 		if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
372 		    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
373 		    DDI_PROP_CONSUMER_TYPED, "Size", (caddr_t)&size,
374 		    &plen) != DDI_PROP_SUCCESS) {
375 			plen = sizeof (size32);
376 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
377 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
378 			    "size", (caddr_t)&size32, &plen) ==
379 			    DDI_PROP_SUCCESS)
380 				size = size32;
381 		}
382 	} else {
383 		size = UNKNOWN_SIZE;
384 		plen = sizeof (size);
385 		if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
386 		    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
387 		    DDI_PROP_CONSUMER_TYPED, "Nblocks", (caddr_t)&size,
388 		    &plen) != DDI_PROP_SUCCESS) {
389 			plen = sizeof (size32);
390 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
391 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
392 			    "nblocks", (caddr_t)&size32, &plen) ==
393 			    DDI_PROP_SUCCESS)
394 				size = size32;
395 		}
396 
397 		if (size != UNKNOWN_SIZE) {
398 			blksize = DEV_BSIZE;		/* default */
399 			plen = sizeof (blksize);
400 
401 			/* try to get dev_t specific "blksize" */
402 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
403 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
404 			    "blksize", (caddr_t)&blksize, &plen) !=
405 			    DDI_PROP_SUCCESS) {
406 				/*
407 				 * Try for dev_info node "device-blksize".
408 				 * If this fails then blksize will still be
409 				 * DEV_BSIZE default value.
410 				 */
411 				(void) cdev_prop_op(DDI_DEV_T_ANY, devi,
412 				    PROP_LEN_AND_VAL_BUF,
413 				    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
414 				    "device-blksize", (caddr_t)&blksize, &plen);
415 			}
416 
417 			/* blksize must be a power of two */
418 			ASSERT(BIT_ONLYONESET(blksize));
419 			blkshift = highbit(blksize) - 1;
420 
421 			/* convert from block size to byte size */
422 			if (size < (MAXOFFSET_T >> blkshift))
423 				size = size << blkshift;
424 			else
425 				size = UNKNOWN_SIZE;
426 		}
427 	}
428 
429 	csp->s_size = size;
430 	csp->s_flag |= SSIZEVALID;
431 
432 	mutex_exit(&csp->s_lock);
433 	return (size);
434 }
435 
436 /*
437  * This function deal with vnode substitution in the case of
438  * device cloning.
439  */
440 static int
441 spec_clone(struct vnode **vpp, dev_t newdev, int vtype, struct stdata *stp)
442 {
443 	dev_t		dev = (*vpp)->v_rdev;
444 	major_t		maj = getmajor(dev);
445 	major_t 	newmaj = getmajor(newdev);
446 	int		sysclone = (maj == clone_major);
447 	int		qassociate_used = 0;
448 	struct snode	*oldsp, *oldcsp;
449 	struct snode	*newsp, *newcsp;
450 	struct vnode	*newvp, *newcvp;
451 	dev_info_t	*dip;
452 	queue_t		*dq;
453 
454 	ASSERT(dev != newdev);
455 
456 	/*
457 	 * Check for cloning across different drivers.
458 	 * We only support this under the system provided clone driver
459 	 */
460 	if ((maj != newmaj) && !sysclone) {
461 		cmn_err(CE_NOTE,
462 		    "unsupported clone open maj = %u, newmaj = %u",
463 		    maj, newmaj);
464 		return (ENXIO);
465 	}
466 
467 	/* old */
468 	oldsp = VTOS(*vpp);
469 	oldcsp = VTOS(oldsp->s_commonvp);
470 
471 	/* new */
472 	newvp = makespecvp(newdev, vtype);
473 	ASSERT(newvp != NULL);
474 	newsp = VTOS(newvp);
475 	newcvp = newsp->s_commonvp;
476 	newcsp = VTOS(newcvp);
477 
478 	/*
479 	 * Clones inherit fsid, realvp, and dip.
480 	 * XXX realvp inherit is not occurring, does fstat of clone work?
481 	 */
482 	newsp->s_fsid = oldsp->s_fsid;
483 	if (sysclone) {
484 		newsp->s_flag |= SCLONE;
485 		dip = NULL;
486 	} else {
487 		newsp->s_flag |= SSELFCLONE;
488 		dip = oldcsp->s_dip;
489 	}
490 
491 	/*
492 	 * If we cloned to an opened newdev that already has called
493 	 * spec_assoc_vp_with_devi (SDIPSET set) then the association is
494 	 * already established.
495 	 */
496 	if (!(newcsp->s_flag & SDIPSET)) {
497 		/*
498 		 * Establish s_dip association for newdev.
499 		 *
500 		 * If we trusted the getinfo(9E) DDI_INFO_DEVT2INSTANCE
501 		 * implementation of all cloning drivers  (SCLONE and SELFCLONE)
502 		 * we would always use e_ddi_hold_devi_by_dev().  We know that
503 		 * many drivers have had (still have?) problems with
504 		 * DDI_INFO_DEVT2INSTANCE, so we try to minimize reliance by
505 		 * detecting drivers that use QASSOCIATE (by looking down the
506 		 * stream) and setting their s_dip association to NULL.
507 		 */
508 		qassociate_used = 0;
509 		if (stp) {
510 			for (dq = stp->sd_wrq; dq; dq = dq->q_next) {
511 				if (_RD(dq)->q_flag & _QASSOCIATED) {
512 					qassociate_used = 1;
513 					dip = NULL;
514 					break;
515 				}
516 			}
517 		}
518 
519 		if (dip || qassociate_used) {
520 			spec_assoc_vp_with_devi(newvp, dip);
521 		} else {
522 			/* derive association from newdev */
523 			dip = e_ddi_hold_devi_by_dev(newdev, 0);
524 			spec_assoc_vp_with_devi(newvp, dip);
525 			if (dip)
526 				ddi_release_devi(dip);
527 		}
528 	}
529 
530 	SN_HOLD(newcsp);
531 
532 	/* deal with stream stuff */
533 	if (stp != NULL) {
534 		LOCK_CSP(newcsp);	/* synchronize stream open/close */
535 		mutex_enter(&newcsp->s_lock);
536 		newcvp->v_stream = newvp->v_stream = stp;
537 		stp->sd_vnode = newcvp;
538 		stp->sd_strtab = STREAMSTAB(newmaj);
539 		mutex_exit(&newcsp->s_lock);
540 		UNLOCK_CSP(newcsp);
541 	}
542 
543 	/* substitute the vnode */
544 	SN_RELE(oldcsp);
545 	VN_RELE(*vpp);
546 	*vpp = newvp;
547 
548 	return (0);
549 }
550 
551 static int
552 spec_open(struct vnode **vpp, int flag, struct cred *cr)
553 {
554 	major_t maj;
555 	dev_t dev, newdev;
556 	struct vnode *vp, *cvp;
557 	struct snode *sp, *csp;
558 	struct stdata *stp;
559 	dev_info_t *dip;
560 	int error, type;
561 	contract_t *ct = NULL;
562 	int open_returns_eintr;
563 	slock_ret_t spec_locksp_ret;
564 
565 
566 	flag &= ~FCREAT;		/* paranoia */
567 
568 	vp = *vpp;
569 	sp = VTOS(vp);
570 	ASSERT((vp->v_type == VCHR) || (vp->v_type == VBLK));
571 	if ((vp->v_type != VCHR) && (vp->v_type != VBLK))
572 		return (ENXIO);
573 
574 	/*
575 	 * If the VFS_NODEVICES bit was set for the mount,
576 	 * do not allow opens of special devices.
577 	 */
578 	if (sp->s_realvp && (sp->s_realvp->v_vfsp->vfs_flag & VFS_NODEVICES))
579 		return (ENXIO);
580 
581 	newdev = dev = vp->v_rdev;
582 
583 	/*
584 	 * If we are opening a node that has not had spec_assoc_vp_with_devi
585 	 * called against it (mknod outside /devices or a non-dacf makespecvp
586 	 * node) then SDIPSET will not be set. In this case we call an
587 	 * interface which will reconstruct the path and lookup (drive attach)
588 	 * through devfs (e_ddi_hold_devi_by_dev -> e_ddi_hold_devi_by_path ->
589 	 * devfs_lookupname).  For support of broken drivers that don't call
590 	 * ddi_create_minor_node for all minor nodes in their instance space,
591 	 * we call interfaces that operates at the directory/devinfo
592 	 * (major/instance) level instead of to the leaf/minor node level.
593 	 * After finding and attaching the dip we associate it with the
594 	 * common specfs vnode (s_dip), which sets SDIPSET.  A DL_DETACH_REQ
595 	 * to style-2 stream driver may set s_dip to NULL with SDIPSET set.
596 	 *
597 	 * NOTE: Although e_ddi_hold_devi_by_dev takes a dev_t argument, its
598 	 * implementation operates at the major/instance level since it only
599 	 * need to return a dip.
600 	 */
601 	cvp = sp->s_commonvp;
602 	csp = VTOS(cvp);
603 	if (!(csp->s_flag & SDIPSET)) {
604 		/* try to attach, return error if we fail */
605 		if ((dip = e_ddi_hold_devi_by_dev(dev, 0)) == NULL)
606 			return (ENXIO);
607 
608 		/* associate dip with the common snode s_dip */
609 		spec_assoc_vp_with_devi(vp, dip);
610 		ddi_release_devi(dip);	/* from e_ddi_hold_devi_by_dev */
611 	}
612 
613 	/* check if device fenced off */
614 	if (S_ISFENCED(sp))
615 		return (ENXIO);
616 
617 #ifdef  DEBUG
618 	/* verify attach/open exclusion guarantee */
619 	dip = csp->s_dip;
620 	ASSERT((dip == NULL) || i_ddi_devi_attached(dip));
621 #endif  /* DEBUG */
622 
623 	if ((error = secpolicy_spec_open(cr, vp, flag)) != 0)
624 		return (error);
625 
626 	maj = getmajor(dev);
627 	if (STREAMSTAB(maj))
628 		goto streams_open;
629 
630 	/*
631 	 * Wait for in progress last close to complete. This guarantees
632 	 * to the driver writer that we will never be in the drivers
633 	 * open and close on the same (dev_t, otype) at the same time.
634 	 * Open count already incremented (SN_HOLD) on non-zero return.
635 	 * The wait is interruptible by a signal if the driver sets the
636 	 * D_OPEN_RETURNS_EINTR cb_ops(9S) cb_flag or sets the
637 	 * ddi-open-returns-eintr(9P) property in its driver.conf.
638 	 */
639 	if ((devopsp[maj]->devo_cb_ops->cb_flag & D_OPEN_RETURNS_EINTR) ||
640 	    (devnamesp[maj].dn_flags & DN_OPEN_RETURNS_EINTR))
641 		open_returns_eintr = 1;
642 	else
643 		open_returns_eintr = 0;
644 	while ((spec_locksp_ret = SYNCHOLD_CSP_SIG(csp, open_returns_eintr)) !=
645 	    SUCCESS) {
646 		if (spec_locksp_ret == INTR)
647 			return (EINTR);
648 	}
649 
650 	/* non streams open */
651 	type = (vp->v_type == VBLK ? OTYP_BLK : OTYP_CHR);
652 	error = dev_open(&newdev, flag, type, cr);
653 
654 	/* deal with clone case */
655 	if (error == 0 && dev != newdev) {
656 		error = spec_clone(vpp, newdev, vp->v_type, NULL);
657 		/*
658 		 * bail on clone failure, further processing
659 		 * results in undefined behaviors.
660 		 */
661 		if (error != 0)
662 			return (error);
663 		sp = VTOS(*vpp);
664 		csp = VTOS(sp->s_commonvp);
665 	}
666 
667 	/*
668 	 * create contracts only for userland opens
669 	 * Successful open and cloning is done at this point.
670 	 */
671 	if (error == 0 && !(flag & FKLYR)) {
672 		int spec_type;
673 		spec_type = (STOV(csp)->v_type == VCHR) ? S_IFCHR : S_IFBLK;
674 		if (contract_device_open(newdev, spec_type, NULL) != 0) {
675 			error = EIO;
676 		}
677 	}
678 
679 	if (error == 0) {
680 		sp->s_size = SPEC_SIZE(csp);
681 
682 		if ((csp->s_flag & SNEEDCLOSE) == 0) {
683 			int nmaj = getmajor(newdev);
684 			mutex_enter(&csp->s_lock);
685 			/* successful open needs a close later */
686 			csp->s_flag |= SNEEDCLOSE;
687 
688 			/*
689 			 * Invalidate possible cached "unknown" size
690 			 * established by a VOP_GETATTR while open was in
691 			 * progress, and the driver might fail prop_op(9E).
692 			 */
693 			if (((cvp->v_type == VCHR) && (csp->s_size == 0)) ||
694 			    ((cvp->v_type == VBLK) &&
695 			    (csp->s_size == UNKNOWN_SIZE)))
696 				csp->s_flag &= ~SSIZEVALID;
697 
698 			if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_64BIT)
699 				csp->s_flag |= SLOFFSET;
700 			if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_U64BIT)
701 				csp->s_flag |= SLOFFSET | SANYOFFSET;
702 			mutex_exit(&csp->s_lock);
703 		}
704 		return (0);
705 	}
706 
707 	/*
708 	 * Open failed. If we missed a close operation because
709 	 * we were trying to get the device open and it is the
710 	 * last in progress open that is failing then call close.
711 	 *
712 	 * NOTE: Only non-streams open has this race condition.
713 	 */
714 	mutex_enter(&csp->s_lock);
715 	csp->s_count--;			/* decrement open count : SN_RELE */
716 	if ((csp->s_count == 0) &&	/* no outstanding open */
717 	    (csp->s_mapcnt == 0) &&	/* no mapping */
718 	    (csp->s_flag & SNEEDCLOSE)) { /* need a close */
719 		csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
720 
721 		/* See comment in spec_close() */
722 		if (csp->s_flag & (SCLONE | SSELFCLONE))
723 			csp->s_flag &= ~SDIPSET;
724 
725 		csp->s_flag |= SCLOSING;
726 		mutex_exit(&csp->s_lock);
727 
728 		ASSERT(*vpp != NULL);
729 		(void) device_close(*vpp, flag, cr);
730 
731 		mutex_enter(&csp->s_lock);
732 		csp->s_flag &= ~SCLOSING;
733 		mutex_exit(&csp->s_lock);
734 	} else {
735 		mutex_exit(&csp->s_lock);
736 	}
737 	return (error);
738 
739 streams_open:
740 	if (vp->v_type != VCHR)
741 		return (ENXIO);
742 
743 	/*
744 	 * Lock common snode to prevent any new clone opens on this
745 	 * stream while one is in progress. This is necessary since
746 	 * the stream currently associated with the clone device will
747 	 * not be part of it after the clone open completes. Unfortunately
748 	 * we don't know in advance if this is a clone
749 	 * device so we have to lock all opens.
750 	 *
751 	 * If we fail, it's because of an interrupt - EINTR return is an
752 	 * expected aspect of opening a stream so we don't need to check
753 	 * D_OPEN_RETURNS_EINTR. Open count already incremented (SN_HOLD)
754 	 * on non-zero return.
755 	 */
756 	if (LOCKHOLD_CSP_SIG(csp) != SUCCESS)
757 		return (EINTR);
758 
759 	error = stropen(cvp, &newdev, flag, cr);
760 	stp = cvp->v_stream;
761 
762 	/* deal with the clone case */
763 	if ((error == 0) && (dev != newdev)) {
764 		vp->v_stream = cvp->v_stream = NULL;
765 		UNLOCK_CSP(csp);
766 		error = spec_clone(vpp, newdev, vp->v_type, stp);
767 		/*
768 		 * bail on clone failure, further processing
769 		 * results in undefined behaviors.
770 		 */
771 		if (error != 0)
772 			return (error);
773 		sp = VTOS(*vpp);
774 		csp = VTOS(sp->s_commonvp);
775 	} else if (error == 0) {
776 		vp->v_stream = stp;
777 		UNLOCK_CSP(csp);
778 	}
779 
780 	/*
781 	 * create contracts only for userland opens
782 	 * Successful open and cloning is done at this point.
783 	 */
784 	if (error == 0 && !(flag & FKLYR)) {
785 		/* STREAM is of type S_IFCHR */
786 		if (contract_device_open(newdev, S_IFCHR, &ct) != 0) {
787 			UNLOCK_CSP(csp);
788 			(void) spec_close(vp, flag, 1, 0, cr);
789 			return (EIO);
790 		}
791 	}
792 
793 	if (error == 0) {
794 		/* STREAMS devices don't have a size */
795 		sp->s_size = csp->s_size = 0;
796 
797 		if (!(stp->sd_flag & STRISTTY) || (flag & FNOCTTY))
798 			return (0);
799 
800 		/* try to allocate it as a controlling terminal */
801 		if (strctty(stp) != EINTR)
802 			return (0);
803 
804 		/* strctty() was interrupted by a signal */
805 		if (ct) {
806 			/* we only create contracts for userland opens */
807 			ASSERT(ttoproc(curthread));
808 			(void) contract_abandon(ct, ttoproc(curthread), 0);
809 		}
810 		(void) spec_close(vp, flag, 1, 0, cr);
811 		return (EINTR);
812 	}
813 
814 	/*
815 	 * Deal with stropen failure.
816 	 *
817 	 * sd_flag in the stream head cannot change since the
818 	 * common snode is locked before the call to stropen().
819 	 */
820 	if ((stp != NULL) && (stp->sd_flag & STREOPENFAIL)) {
821 		/*
822 		 * Open failed part way through.
823 		 */
824 		mutex_enter(&stp->sd_lock);
825 		stp->sd_flag &= ~STREOPENFAIL;
826 		mutex_exit(&stp->sd_lock);
827 
828 		UNLOCK_CSP(csp);
829 		(void) spec_close(vp, flag, 1, 0, cr);
830 	} else {
831 		UNLOCK_CSP(csp);
832 		SN_RELE(csp);
833 	}
834 
835 	return (error);
836 }
837 
838 /*ARGSUSED2*/
839 static int
840 spec_close(
841 	struct vnode	*vp,
842 	int		flag,
843 	int		count,
844 	offset_t	offset,
845 	struct cred	*cr)
846 {
847 	struct vnode *cvp;
848 	struct snode *sp, *csp;
849 	enum vtype type;
850 	dev_t dev;
851 	int error = 0;
852 	int sysclone;
853 
854 	if (!(flag & FKLYR)) {
855 		/* this only applies to closes of devices from userland */
856 		cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
857 		cleanshares(vp, ttoproc(curthread)->p_pid);
858 		if (vp->v_stream)
859 			strclean(vp);
860 	}
861 	if (count > 1)
862 		return (0);
863 
864 	/* we allow close to succeed even if device is fenced off */
865 	sp = VTOS(vp);
866 	cvp = sp->s_commonvp;
867 
868 	dev = sp->s_dev;
869 	type = vp->v_type;
870 
871 	ASSERT(type == VCHR || type == VBLK);
872 
873 	/*
874 	 * Prevent close/close and close/open races by serializing closes
875 	 * on this common snode. Clone opens are held up until after
876 	 * we have closed this device so the streams linkage is maintained
877 	 */
878 	csp = VTOS(cvp);
879 
880 	LOCK_CSP(csp);
881 	mutex_enter(&csp->s_lock);
882 
883 	csp->s_count--;			/* one fewer open reference : SN_RELE */
884 	sysclone = sp->s_flag & SCLONE;
885 
886 	/*
887 	 * Invalidate size on each close.
888 	 *
889 	 * XXX We do this on each close because we don't have interfaces that
890 	 * allow a driver to invalidate the size.  Since clearing this on each
891 	 * close this causes property overhead we skip /dev/null and
892 	 * /dev/zero to avoid degrading kenbus performance.
893 	 */
894 	if (getmajor(dev) != mm_major)
895 		csp->s_flag &= ~SSIZEVALID;
896 
897 	/*
898 	 * Only call the close routine when the last open reference through
899 	 * any [s, v]node goes away.  This can be checked by looking at
900 	 * s_count on the common vnode.
901 	 */
902 	if ((csp->s_count == 0) && (csp->s_mapcnt == 0)) {
903 		/* we don't need a close */
904 		csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
905 
906 		/*
907 		 * A cloning driver may open-clone to the same dev_t that we
908 		 * are closing before spec_inactive destroys the common snode.
909 		 * If this occurs the s_dip association needs to be reevaluated.
910 		 * We clear SDIPSET to force reevaluation in this case.  When
911 		 * reevaluation occurs (by spec_clone after open), if the
912 		 * devinfo association has changed then the old association
913 		 * will be released as the new association is established by
914 		 * spec_assoc_vp_with_devi().
915 		 */
916 		if (csp->s_flag & (SCLONE | SSELFCLONE))
917 			csp->s_flag &= ~SDIPSET;
918 
919 		csp->s_flag |= SCLOSING;
920 		mutex_exit(&csp->s_lock);
921 		error = device_close(vp, flag, cr);
922 
923 		/*
924 		 * Decrement the devops held in clnopen()
925 		 */
926 		if (sysclone) {
927 			ddi_rele_driver(getmajor(dev));
928 		}
929 		mutex_enter(&csp->s_lock);
930 		csp->s_flag &= ~SCLOSING;
931 	}
932 
933 	UNLOCK_CSP_LOCK_HELD(csp);
934 	mutex_exit(&csp->s_lock);
935 
936 	return (error);
937 }
938 
939 /*ARGSUSED2*/
940 static int
941 spec_read(
942 	struct vnode	*vp,
943 	struct uio	*uiop,
944 	int		ioflag,
945 	struct cred	*cr,
946 	struct caller_context *ct)
947 {
948 	int error;
949 	struct snode *sp = VTOS(vp);
950 	dev_t dev = sp->s_dev;
951 	size_t n;
952 	ulong_t on;
953 	u_offset_t bdevsize;
954 	offset_t maxoff;
955 	offset_t off;
956 	struct vnode *blkvp;
957 
958 	ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
959 
960 	if (STREAMSTAB(getmajor(dev))) {	/* stream */
961 		ASSERT(vp->v_type == VCHR);
962 		smark(sp, SACC);
963 		return (strread(vp, uiop, cr));
964 	}
965 
966 	if (uiop->uio_resid == 0)
967 		return (0);
968 
969 	/*
970 	 * Plain old character devices that set D_U64BIT can have
971 	 * unrestricted offsets.
972 	 */
973 	maxoff = spec_maxoffset(vp);
974 	ASSERT(maxoff != -1 || vp->v_type == VCHR);
975 
976 	if (maxoff != -1 && (uiop->uio_loffset < 0 ||
977 	    uiop->uio_loffset + uiop->uio_resid > maxoff))
978 		return (EINVAL);
979 
980 	if (vp->v_type == VCHR) {
981 		smark(sp, SACC);
982 		ASSERT(STREAMSTAB(getmajor(dev)) == 0);
983 		return (cdev_read(dev, uiop, cr));
984 	}
985 
986 	/*
987 	 * Block device.
988 	 */
989 	error = 0;
990 	blkvp = sp->s_commonvp;
991 	bdevsize = SPEC_SIZE(VTOS(blkvp));
992 
993 	do {
994 		caddr_t base;
995 		offset_t diff;
996 
997 		off = uiop->uio_loffset & (offset_t)MAXBMASK;
998 		on = (size_t)(uiop->uio_loffset & MAXBOFFSET);
999 		n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
1000 		diff = bdevsize - uiop->uio_loffset;
1001 
1002 		if (diff <= 0)
1003 			break;
1004 		if (diff < n)
1005 			n = (size_t)diff;
1006 
1007 		if (vpm_enable) {
1008 			error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1009 			    n, uiop, 1, NULL, 0, S_READ);
1010 		} else {
1011 			base = segmap_getmapflt(segkmap, blkvp,
1012 			    (u_offset_t)(off + on), n, 1, S_READ);
1013 
1014 			error = uiomove(base + on, n, UIO_READ, uiop);
1015 		}
1016 		if (!error) {
1017 			int flags = 0;
1018 			/*
1019 			 * If we read a whole block, we won't need this
1020 			 * buffer again soon.
1021 			 */
1022 			if (n + on == MAXBSIZE)
1023 				flags = SM_DONTNEED | SM_FREE;
1024 			if (vpm_enable) {
1025 				error = vpm_sync_pages(blkvp, off, n, flags);
1026 			} else {
1027 				error = segmap_release(segkmap, base, flags);
1028 			}
1029 		} else {
1030 			if (vpm_enable) {
1031 				(void) vpm_sync_pages(blkvp, off, n, 0);
1032 			} else {
1033 				(void) segmap_release(segkmap, base, 0);
1034 			}
1035 			if (bdevsize == UNKNOWN_SIZE) {
1036 				error = 0;
1037 				break;
1038 			}
1039 		}
1040 	} while (error == 0 && uiop->uio_resid > 0 && n != 0);
1041 
1042 	return (error);
1043 }
1044 
1045 /*ARGSUSED*/
1046 static int
1047 spec_write(
1048 	struct vnode *vp,
1049 	struct uio *uiop,
1050 	int ioflag,
1051 	struct cred *cr,
1052 	struct caller_context *ct)
1053 {
1054 	int error;
1055 	struct snode *sp = VTOS(vp);
1056 	dev_t dev = sp->s_dev;
1057 	size_t n;
1058 	ulong_t on;
1059 	u_offset_t bdevsize;
1060 	offset_t maxoff;
1061 	offset_t off;
1062 	struct vnode *blkvp;
1063 
1064 	ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
1065 
1066 	if (STREAMSTAB(getmajor(dev))) {
1067 		ASSERT(vp->v_type == VCHR);
1068 		smark(sp, SUPD);
1069 		return (strwrite(vp, uiop, cr));
1070 	}
1071 
1072 	/*
1073 	 * Plain old character devices that set D_U64BIT can have
1074 	 * unrestricted offsets.
1075 	 */
1076 	maxoff = spec_maxoffset(vp);
1077 	ASSERT(maxoff != -1 || vp->v_type == VCHR);
1078 
1079 	if (maxoff != -1 && (uiop->uio_loffset < 0 ||
1080 	    uiop->uio_loffset + uiop->uio_resid > maxoff))
1081 		return (EINVAL);
1082 
1083 	if (vp->v_type == VCHR) {
1084 		smark(sp, SUPD);
1085 		ASSERT(STREAMSTAB(getmajor(dev)) == 0);
1086 		return (cdev_write(dev, uiop, cr));
1087 	}
1088 
1089 	if (uiop->uio_resid == 0)
1090 		return (0);
1091 
1092 	error = 0;
1093 	blkvp = sp->s_commonvp;
1094 	bdevsize = SPEC_SIZE(VTOS(blkvp));
1095 
1096 	do {
1097 		int pagecreate;
1098 		int newpage;
1099 		caddr_t base;
1100 		offset_t diff;
1101 
1102 		off = uiop->uio_loffset & (offset_t)MAXBMASK;
1103 		on = (ulong_t)(uiop->uio_loffset & MAXBOFFSET);
1104 		n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
1105 		pagecreate = 0;
1106 
1107 		diff = bdevsize - uiop->uio_loffset;
1108 		if (diff <= 0) {
1109 			error = ENXIO;
1110 			break;
1111 		}
1112 		if (diff < n)
1113 			n = (size_t)diff;
1114 
1115 		/*
1116 		 * Check to see if we can skip reading in the page
1117 		 * and just allocate the memory.  We can do this
1118 		 * if we are going to rewrite the entire mapping
1119 		 * or if we are going to write to end of the device
1120 		 * from the beginning of the mapping.
1121 		 */
1122 		if (n == MAXBSIZE || (on == 0 && (off + n) == bdevsize))
1123 			pagecreate = 1;
1124 
1125 		newpage = 0;
1126 		if (vpm_enable) {
1127 			error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1128 			    n, uiop, !pagecreate, NULL, 0, S_WRITE);
1129 		} else {
1130 			base = segmap_getmapflt(segkmap, blkvp,
1131 			    (u_offset_t)(off + on), n, !pagecreate, S_WRITE);
1132 
1133 			/*
1134 			 * segmap_pagecreate() returns 1 if it calls
1135 			 * page_create_va() to allocate any pages.
1136 			 */
1137 
1138 			if (pagecreate)
1139 				newpage = segmap_pagecreate(segkmap, base + on,
1140 				    n, 0);
1141 
1142 			error = uiomove(base + on, n, UIO_WRITE, uiop);
1143 		}
1144 
1145 		if (!vpm_enable && pagecreate &&
1146 		    uiop->uio_loffset <
1147 		    P2ROUNDUP_TYPED(off + on + n, PAGESIZE, offset_t)) {
1148 			/*
1149 			 * We created pages w/o initializing them completely,
1150 			 * thus we need to zero the part that wasn't set up.
1151 			 * This can happen if we write to the end of the device
1152 			 * or if we had some sort of error during the uiomove.
1153 			 */
1154 			long nzero;
1155 			offset_t nmoved;
1156 
1157 			nmoved = (uiop->uio_loffset - (off + on));
1158 			if (nmoved < 0 || nmoved > n) {
1159 				panic("spec_write: nmoved bogus");
1160 				/*NOTREACHED*/
1161 			}
1162 			nzero = (long)P2ROUNDUP(on + n, PAGESIZE) -
1163 			    (on + nmoved);
1164 			if (nzero < 0 || (on + nmoved + nzero > MAXBSIZE)) {
1165 				panic("spec_write: nzero bogus");
1166 				/*NOTREACHED*/
1167 			}
1168 			(void) kzero(base + on + nmoved, (size_t)nzero);
1169 		}
1170 
1171 		/*
1172 		 * Unlock the pages which have been allocated by
1173 		 * page_create_va() in segmap_pagecreate().
1174 		 */
1175 		if (!vpm_enable && newpage)
1176 			segmap_pageunlock(segkmap, base + on,
1177 			    (size_t)n, S_WRITE);
1178 
1179 		if (error == 0) {
1180 			int flags = 0;
1181 
1182 			/*
1183 			 * Force write back for synchronous write cases.
1184 			 */
1185 			if (ioflag & (FSYNC|FDSYNC))
1186 				flags = SM_WRITE;
1187 			else if (n + on == MAXBSIZE || IS_SWAPVP(vp)) {
1188 				/*
1189 				 * Have written a whole block.
1190 				 * Start an asynchronous write and
1191 				 * mark the buffer to indicate that
1192 				 * it won't be needed again soon.
1193 				 * Push swap files here, since it
1194 				 * won't happen anywhere else.
1195 				 */
1196 				flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
1197 			}
1198 			smark(sp, SUPD|SCHG);
1199 			if (vpm_enable) {
1200 				error = vpm_sync_pages(blkvp, off, n, flags);
1201 			} else {
1202 				error = segmap_release(segkmap, base, flags);
1203 			}
1204 		} else {
1205 			if (vpm_enable) {
1206 				(void) vpm_sync_pages(blkvp, off, n, SM_INVAL);
1207 			} else {
1208 				(void) segmap_release(segkmap, base, SM_INVAL);
1209 			}
1210 		}
1211 
1212 	} while (error == 0 && uiop->uio_resid > 0 && n != 0);
1213 
1214 	return (error);
1215 }
1216 
1217 static int
1218 spec_ioctl(struct vnode *vp, int cmd, intptr_t arg, int mode, struct cred *cr,
1219     int *rvalp)
1220 {
1221 	struct snode *sp;
1222 	dev_t dev;
1223 	int error;
1224 
1225 	if (vp->v_type != VCHR)
1226 		return (ENOTTY);
1227 
1228 	/*
1229 	 * allow ioctls() to go through even for fenced snodes, as they
1230 	 * may include unconfiguration operation - for example popping of
1231 	 * streams modules.
1232 	 */
1233 
1234 	sp = VTOS(vp);
1235 	dev = sp->s_dev;
1236 	if (STREAMSTAB(getmajor(dev))) {
1237 		error = strioctl(vp, cmd, arg, mode, U_TO_K, cr, rvalp);
1238 	} else {
1239 		error = cdev_ioctl(dev, cmd, arg, mode, cr, rvalp);
1240 	}
1241 	return (error);
1242 }
1243 
1244 static int
1245 spec_getattr(struct vnode *vp, struct vattr *vap, int flags, struct cred *cr)
1246 {
1247 	int error;
1248 	struct snode *sp;
1249 	struct vnode *realvp;
1250 
1251 	/* With ATTR_COMM we will not get attributes from realvp */
1252 	if (flags & ATTR_COMM) {
1253 		sp = VTOS(vp);
1254 		vp = sp->s_commonvp;
1255 	}
1256 	sp = VTOS(vp);
1257 
1258 	/* we want stat() to fail with ENXIO if the device is fenced off */
1259 	if (S_ISFENCED(sp))
1260 		return (ENXIO);
1261 
1262 	realvp = sp->s_realvp;
1263 
1264 	if (realvp == NULL) {
1265 		static int snode_shift	= 0;
1266 
1267 		/*
1268 		 * Calculate the amount of bitshift to a snode pointer which
1269 		 * will still keep it unique.  See below.
1270 		 */
1271 		if (snode_shift == 0)
1272 			snode_shift = highbit(sizeof (struct snode));
1273 		ASSERT(snode_shift > 0);
1274 
1275 		/*
1276 		 * No real vnode behind this one.  Fill in the fields
1277 		 * from the snode.
1278 		 *
1279 		 * This code should be refined to return only the
1280 		 * attributes asked for instead of all of them.
1281 		 */
1282 		vap->va_type = vp->v_type;
1283 		vap->va_mode = 0;
1284 		vap->va_uid = vap->va_gid = 0;
1285 		vap->va_fsid = sp->s_fsid;
1286 
1287 		/*
1288 		 * If the va_nodeid is > MAX_USHORT, then i386 stats might
1289 		 * fail. So we shift down the snode pointer to try and get
1290 		 * the most uniqueness into 16-bits.
1291 		 */
1292 		vap->va_nodeid = ((ino64_t)(uintptr_t)sp >> snode_shift) &
1293 		    0xFFFF;
1294 		vap->va_nlink = 0;
1295 		vap->va_rdev = sp->s_dev;
1296 
1297 		/*
1298 		 * va_nblocks is the number of 512 byte blocks used to store
1299 		 * the mknod for the device, not the number of blocks on the
1300 		 * device itself.  This is typically zero since the mknod is
1301 		 * represented directly in the inode itself.
1302 		 */
1303 		vap->va_nblocks = 0;
1304 	} else {
1305 		error = VOP_GETATTR(realvp, vap, flags, cr);
1306 		if (error != 0)
1307 			return (error);
1308 	}
1309 
1310 	/* set the size from the snode */
1311 	vap->va_size = SPEC_SIZE(VTOS(sp->s_commonvp));
1312 	vap->va_blksize = MAXBSIZE;
1313 
1314 	mutex_enter(&sp->s_lock);
1315 	vap->va_atime.tv_sec = sp->s_atime;
1316 	vap->va_mtime.tv_sec = sp->s_mtime;
1317 	vap->va_ctime.tv_sec = sp->s_ctime;
1318 	mutex_exit(&sp->s_lock);
1319 
1320 	vap->va_atime.tv_nsec = 0;
1321 	vap->va_mtime.tv_nsec = 0;
1322 	vap->va_ctime.tv_nsec = 0;
1323 	vap->va_seq = 0;
1324 
1325 	return (0);
1326 }
1327 
1328 static int
1329 spec_setattr(
1330 	struct vnode *vp,
1331 	struct vattr *vap,
1332 	int flags,
1333 	struct cred *cr,
1334 	caller_context_t *ctp)
1335 {
1336 	struct snode *sp = VTOS(vp);
1337 	struct vnode *realvp;
1338 	int error;
1339 
1340 	/* fail with ENXIO if the device is fenced off */
1341 	if (S_ISFENCED(sp))
1342 		return (ENXIO);
1343 
1344 	if (vp->v_type == VCHR && vp->v_stream && (vap->va_mask & AT_SIZE)) {
1345 		/*
1346 		 * 1135080:	O_TRUNC should have no effect on
1347 		 *		named pipes and terminal devices.
1348 		 */
1349 		ASSERT(vap->va_mask == AT_SIZE);
1350 		return (0);
1351 	}
1352 
1353 	if ((realvp = sp->s_realvp) == NULL)
1354 		error = 0;	/* no real vnode to update */
1355 	else
1356 		error = VOP_SETATTR(realvp, vap, flags, cr, ctp);
1357 	if (error == 0) {
1358 		/*
1359 		 * If times were changed, update snode.
1360 		 */
1361 		mutex_enter(&sp->s_lock);
1362 		if (vap->va_mask & AT_ATIME)
1363 			sp->s_atime = vap->va_atime.tv_sec;
1364 		if (vap->va_mask & AT_MTIME) {
1365 			sp->s_mtime = vap->va_mtime.tv_sec;
1366 			sp->s_ctime = gethrestime_sec();
1367 		}
1368 		mutex_exit(&sp->s_lock);
1369 	}
1370 	return (error);
1371 }
1372 
1373 static int
1374 spec_access(struct vnode *vp, int mode, int flags, struct cred *cr)
1375 {
1376 	struct vnode *realvp;
1377 	struct snode *sp = VTOS(vp);
1378 
1379 	/* fail with ENXIO if the device is fenced off */
1380 	if (S_ISFENCED(sp))
1381 		return (ENXIO);
1382 
1383 	if ((realvp = sp->s_realvp) != NULL)
1384 		return (VOP_ACCESS(realvp, mode, flags, cr));
1385 	else
1386 		return (0);	/* Allow all access. */
1387 }
1388 
1389 /*
1390  * This can be called if creat or an open with O_CREAT is done on the root
1391  * of a lofs mount where the mounted entity is a special file.
1392  */
1393 /*ARGSUSED*/
1394 static int
1395 spec_create(struct vnode *dvp, char *name, vattr_t *vap, enum vcexcl excl,
1396     int mode, struct vnode **vpp, struct cred *cr, int flag)
1397 {
1398 	int error;
1399 	struct snode *sp = VTOS(dvp);
1400 
1401 	/* fail with ENXIO if the device is fenced off */
1402 	if (S_ISFENCED(sp))
1403 		return (ENXIO);
1404 
1405 	ASSERT(dvp && (dvp->v_flag & VROOT) && *name == '\0');
1406 	if (excl == NONEXCL) {
1407 		if (mode && (error = spec_access(dvp, mode, 0, cr)))
1408 			return (error);
1409 		VN_HOLD(dvp);
1410 		return (0);
1411 	}
1412 	return (EEXIST);
1413 }
1414 
1415 /*
1416  * In order to sync out the snode times without multi-client problems,
1417  * make sure the times written out are never earlier than the times
1418  * already set in the vnode.
1419  */
1420 static int
1421 spec_fsync(struct vnode *vp, int syncflag, struct cred *cr)
1422 {
1423 	struct snode *sp = VTOS(vp);
1424 	struct vnode *realvp;
1425 	struct vnode *cvp;
1426 	struct vattr va, vatmp;
1427 
1428 	/* allow syncing even if device is fenced off */
1429 
1430 	/* If times didn't change, don't flush anything. */
1431 	mutex_enter(&sp->s_lock);
1432 	if ((sp->s_flag & (SACC|SUPD|SCHG)) == 0 && vp->v_type != VBLK) {
1433 		mutex_exit(&sp->s_lock);
1434 		return (0);
1435 	}
1436 	sp->s_flag &= ~(SACC|SUPD|SCHG);
1437 	mutex_exit(&sp->s_lock);
1438 	cvp = sp->s_commonvp;
1439 	realvp = sp->s_realvp;
1440 
1441 	if (vp->v_type == VBLK && cvp != vp && vn_has_cached_data(cvp) &&
1442 	    (cvp->v_flag & VISSWAP) == 0)
1443 		(void) VOP_PUTPAGE(cvp, (offset_t)0, 0, 0, cr);
1444 
1445 	/*
1446 	 * For devices that support it, force write cache to stable storage.
1447 	 * We don't need the lock to check s_flags since we can treat
1448 	 * SNOFLUSH as a hint.
1449 	 */
1450 	if ((vp->v_type == VBLK || vp->v_type == VCHR) &&
1451 	    !(sp->s_flag & SNOFLUSH)) {
1452 		int rval, rc;
1453 		struct dk_callback spec_callback;
1454 
1455 		spec_callback.dkc_flag = FLUSH_VOLATILE;
1456 		spec_callback.dkc_callback = NULL;
1457 
1458 		/* synchronous flush on volatile cache */
1459 		rc = cdev_ioctl(vp->v_rdev, DKIOCFLUSHWRITECACHE,
1460 		    (intptr_t)&spec_callback, FNATIVE|FKIOCTL, cr, &rval);
1461 
1462 		if (rc == ENOTSUP || rc == ENOTTY) {
1463 			mutex_enter(&sp->s_lock);
1464 			sp->s_flag |= SNOFLUSH;
1465 			mutex_exit(&sp->s_lock);
1466 		}
1467 	}
1468 
1469 	/*
1470 	 * If no real vnode to update, don't flush anything.
1471 	 */
1472 	if (realvp == NULL)
1473 		return (0);
1474 
1475 	vatmp.va_mask = AT_ATIME|AT_MTIME;
1476 	if (VOP_GETATTR(realvp, &vatmp, 0, cr) == 0) {
1477 
1478 		mutex_enter(&sp->s_lock);
1479 		if (vatmp.va_atime.tv_sec > sp->s_atime)
1480 			va.va_atime = vatmp.va_atime;
1481 		else {
1482 			va.va_atime.tv_sec = sp->s_atime;
1483 			va.va_atime.tv_nsec = 0;
1484 		}
1485 		if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1486 			va.va_mtime = vatmp.va_mtime;
1487 		else {
1488 			va.va_mtime.tv_sec = sp->s_mtime;
1489 			va.va_mtime.tv_nsec = 0;
1490 		}
1491 		mutex_exit(&sp->s_lock);
1492 
1493 		va.va_mask = AT_ATIME|AT_MTIME;
1494 		(void) VOP_SETATTR(realvp, &va, 0, cr, NULL);
1495 	}
1496 	(void) VOP_FSYNC(realvp, syncflag, cr);
1497 	return (0);
1498 }
1499 
1500 /*ARGSUSED*/
1501 static void
1502 spec_inactive(struct vnode *vp, struct cred *cr)
1503 {
1504 	struct snode *sp = VTOS(vp);
1505 	struct vnode *cvp;
1506 	struct vnode *rvp;
1507 
1508 	/*
1509 	 * If no one has reclaimed the vnode, remove from the
1510 	 * cache now.
1511 	 */
1512 	if (vp->v_count < 1) {
1513 		panic("spec_inactive: Bad v_count");
1514 		/*NOTREACHED*/
1515 	}
1516 	mutex_enter(&stable_lock);
1517 
1518 	mutex_enter(&vp->v_lock);
1519 	/*
1520 	 * Drop the temporary hold by vn_rele now
1521 	 */
1522 	if (--vp->v_count != 0) {
1523 		mutex_exit(&vp->v_lock);
1524 		mutex_exit(&stable_lock);
1525 		return;
1526 	}
1527 	mutex_exit(&vp->v_lock);
1528 
1529 	sdelete(sp);
1530 	mutex_exit(&stable_lock);
1531 
1532 	/* We are the sole owner of sp now */
1533 	cvp = sp->s_commonvp;
1534 	rvp = sp->s_realvp;
1535 
1536 	if (rvp) {
1537 		/*
1538 		 * If the snode times changed, then update the times
1539 		 * associated with the "realvp".
1540 		 */
1541 		if ((sp->s_flag & (SACC|SUPD|SCHG)) != 0) {
1542 
1543 			struct vattr va, vatmp;
1544 
1545 			mutex_enter(&sp->s_lock);
1546 			sp->s_flag &= ~(SACC|SUPD|SCHG);
1547 			mutex_exit(&sp->s_lock);
1548 			vatmp.va_mask = AT_ATIME|AT_MTIME;
1549 			/*
1550 			 * The user may not own the device, but we
1551 			 * want to update the attributes anyway.
1552 			 */
1553 			if (VOP_GETATTR(rvp, &vatmp, 0, kcred) == 0) {
1554 				if (vatmp.va_atime.tv_sec > sp->s_atime)
1555 					va.va_atime = vatmp.va_atime;
1556 				else {
1557 					va.va_atime.tv_sec = sp->s_atime;
1558 					va.va_atime.tv_nsec = 0;
1559 				}
1560 				if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1561 					va.va_mtime = vatmp.va_mtime;
1562 				else {
1563 					va.va_mtime.tv_sec = sp->s_mtime;
1564 					va.va_mtime.tv_nsec = 0;
1565 				}
1566 
1567 				va.va_mask = AT_ATIME|AT_MTIME;
1568 				(void) VOP_SETATTR(rvp, &va, 0, kcred, NULL);
1569 			}
1570 		}
1571 	}
1572 	ASSERT(!vn_has_cached_data(vp));
1573 	vn_invalid(vp);
1574 
1575 	/* if we are sharing another file systems vfs, release it */
1576 	if (vp->v_vfsp && (vp->v_vfsp != &spec_vfs))
1577 		VFS_RELE(vp->v_vfsp);
1578 
1579 	/* if we have a realvp, release the realvp */
1580 	if (rvp)
1581 		VN_RELE(rvp);
1582 
1583 	/* if we have a common, release the common */
1584 	if (cvp && (cvp != vp)) {
1585 		VN_RELE(cvp);
1586 #ifdef DEBUG
1587 	} else if (cvp) {
1588 		/*
1589 		 * if this is the last reference to a common vnode, any
1590 		 * associated stream had better have been closed
1591 		 */
1592 		ASSERT(cvp == vp);
1593 		ASSERT(cvp->v_stream == NULL);
1594 #endif /* DEBUG */
1595 	}
1596 
1597 	/*
1598 	 * if we have a hold on a devinfo node (established by
1599 	 * spec_assoc_vp_with_devi), release the hold
1600 	 */
1601 	if (sp->s_dip)
1602 		ddi_release_devi(sp->s_dip);
1603 
1604 	/*
1605 	 * If we have an associated device policy, release it.
1606 	 */
1607 	if (sp->s_plcy != NULL)
1608 		dpfree(sp->s_plcy);
1609 
1610 	/*
1611 	 * If all holds on the devinfo node are through specfs/devfs
1612 	 * and we just destroyed the last specfs node associated with the
1613 	 * device, then the devinfo node reference count should now be
1614 	 * zero.  We can't check this because there may be other holds
1615 	 * on the node from non file system sources: ddi_hold_devi_by_instance
1616 	 * for example.
1617 	 */
1618 	kmem_cache_free(snode_cache, sp);
1619 }
1620 
1621 static int
1622 spec_fid(struct vnode *vp, struct fid *fidp)
1623 {
1624 	struct vnode *realvp;
1625 	struct snode *sp = VTOS(vp);
1626 
1627 	if ((realvp = sp->s_realvp) != NULL)
1628 		return (VOP_FID(realvp, fidp));
1629 	else
1630 		return (EINVAL);
1631 }
1632 
1633 /*ARGSUSED1*/
1634 static int
1635 spec_seek(struct vnode *vp, offset_t ooff, offset_t *noffp)
1636 {
1637 	offset_t maxoff = spec_maxoffset(vp);
1638 
1639 	if (maxoff == -1 || *noffp <= maxoff)
1640 		return (0);
1641 	else
1642 		return (EINVAL);
1643 }
1644 
1645 static int
1646 spec_frlock(
1647 	struct vnode *vp,
1648 	int		cmd,
1649 	struct flock64	*bfp,
1650 	int		flag,
1651 	offset_t	offset,
1652 	struct flk_callback *flk_cbp,
1653 	struct cred	*cr)
1654 {
1655 	struct snode *sp = VTOS(vp);
1656 	struct snode *csp;
1657 
1658 	csp = VTOS(sp->s_commonvp);
1659 	/*
1660 	 * If file is being mapped, disallow frlock.
1661 	 */
1662 	if (csp->s_mapcnt > 0)
1663 		return (EAGAIN);
1664 
1665 	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr));
1666 }
1667 
1668 static int
1669 spec_realvp(struct vnode *vp, struct vnode **vpp)
1670 {
1671 	struct vnode *rvp;
1672 
1673 	if ((rvp = VTOS(vp)->s_realvp) != NULL) {
1674 		vp = rvp;
1675 		if (VOP_REALVP(vp, &rvp) == 0)
1676 			vp = rvp;
1677 	}
1678 
1679 	*vpp = vp;
1680 	return (0);
1681 }
1682 
1683 /*
1684  * Return all the pages from [off..off + len] in block
1685  * or character device.
1686  */
1687 static int
1688 spec_getpage(
1689 	struct vnode	*vp,
1690 	offset_t	off,
1691 	size_t		len,
1692 	uint_t		*protp,
1693 	page_t		*pl[],
1694 	size_t		plsz,
1695 	struct seg	*seg,
1696 	caddr_t		addr,
1697 	enum seg_rw	rw,
1698 	struct cred	*cr)
1699 {
1700 	struct snode *sp = VTOS(vp);
1701 	int err;
1702 
1703 	ASSERT(sp->s_commonvp == vp);
1704 
1705 	/*
1706 	 * XXX	Given the above assertion, this might not do
1707 	 *	what is wanted here.
1708 	 */
1709 	if (vp->v_flag & VNOMAP)
1710 		return (ENOSYS);
1711 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_GETPAGE,
1712 	    "specfs getpage:vp %p off %llx len %ld snode %p",
1713 	    vp, off, len, sp);
1714 
1715 	switch (vp->v_type) {
1716 	case VBLK:
1717 		if (protp != NULL)
1718 			*protp = PROT_ALL;
1719 
1720 		if (((u_offset_t)off + len) > (SPEC_SIZE(sp) + PAGEOFFSET))
1721 			return (EFAULT);	/* beyond EOF */
1722 
1723 		if (len <= PAGESIZE)
1724 			err = spec_getapage(vp, (u_offset_t)off, len, protp, pl,
1725 			    plsz, seg, addr, rw, cr);
1726 		else
1727 			err = pvn_getpages(spec_getapage, vp, (u_offset_t)off,
1728 			    len, protp, pl, plsz, seg, addr, rw, cr);
1729 		break;
1730 
1731 	case VCHR:
1732 		cmn_err(CE_NOTE, "spec_getpage called for character device. "
1733 		    "Check any non-ON consolidation drivers");
1734 		err = 0;
1735 		pl[0] = (page_t *)0;
1736 		break;
1737 
1738 	default:
1739 		panic("spec_getpage: bad v_type 0x%x", vp->v_type);
1740 		/*NOTREACHED*/
1741 	}
1742 
1743 	return (err);
1744 }
1745 
1746 extern int klustsize;	/* set in machdep.c */
1747 
1748 int spec_ra = 1;
1749 int spec_lostpage;	/* number of times we lost original page */
1750 
1751 /*ARGSUSED2*/
1752 static int
1753 spec_getapage(
1754 	struct vnode *vp,
1755 	u_offset_t	off,
1756 	size_t		len,
1757 	uint_t		*protp,
1758 	page_t		*pl[],
1759 	size_t		plsz,
1760 	struct seg	*seg,
1761 	caddr_t		addr,
1762 	enum seg_rw	rw,
1763 	struct cred	*cr)
1764 {
1765 	struct snode *sp;
1766 	struct buf *bp;
1767 	page_t *pp, *pp2;
1768 	u_offset_t io_off1, io_off2;
1769 	size_t io_len1;
1770 	size_t io_len2;
1771 	size_t blksz;
1772 	u_offset_t blkoff;
1773 	int dora, err;
1774 	page_t *pagefound;
1775 	uint_t xlen;
1776 	size_t adj_klustsize;
1777 	u_offset_t size;
1778 	u_offset_t tmpoff;
1779 
1780 	sp = VTOS(vp);
1781 	TRACE_3(TR_FAC_SPECFS, TR_SPECFS_GETAPAGE,
1782 	    "specfs getapage:vp %p off %llx snode %p", vp, off, sp);
1783 reread:
1784 
1785 	err = 0;
1786 	bp = NULL;
1787 	pp = NULL;
1788 	pp2 = NULL;
1789 
1790 	if (pl != NULL)
1791 		pl[0] = NULL;
1792 
1793 	size = SPEC_SIZE(VTOS(sp->s_commonvp));
1794 
1795 	if (spec_ra && sp->s_nextr == off)
1796 		dora = 1;
1797 	else
1798 		dora = 0;
1799 
1800 	if (size == UNKNOWN_SIZE) {
1801 		dora = 0;
1802 		adj_klustsize = PAGESIZE;
1803 	} else {
1804 		adj_klustsize = dora ? klustsize : PAGESIZE;
1805 	}
1806 
1807 again:
1808 	if ((pagefound = page_exists(vp, off)) == NULL) {
1809 		if (rw == S_CREATE) {
1810 			/*
1811 			 * We're allocating a swap slot and it's
1812 			 * associated page was not found, so allocate
1813 			 * and return it.
1814 			 */
1815 			if ((pp = page_create_va(vp, off,
1816 			    PAGESIZE, PG_WAIT, seg, addr)) == NULL) {
1817 				panic("spec_getapage: page_create");
1818 				/*NOTREACHED*/
1819 			}
1820 			io_len1 = PAGESIZE;
1821 			sp->s_nextr = off + PAGESIZE;
1822 		} else {
1823 			/*
1824 			 * Need to really do disk I/O to get the page(s).
1825 			 */
1826 			blkoff = (off / adj_klustsize) * adj_klustsize;
1827 			if (size == UNKNOWN_SIZE) {
1828 				blksz = PAGESIZE;
1829 			} else {
1830 				if (blkoff + adj_klustsize <= size)
1831 					blksz = adj_klustsize;
1832 				else
1833 					blksz =
1834 					    MIN(size - blkoff, adj_klustsize);
1835 			}
1836 
1837 			pp = pvn_read_kluster(vp, off, seg, addr, &tmpoff,
1838 			    &io_len1, blkoff, blksz, 0);
1839 			io_off1 = tmpoff;
1840 			/*
1841 			 * Make sure the page didn't sneek into the
1842 			 * cache while we blocked in pvn_read_kluster.
1843 			 */
1844 			if (pp == NULL)
1845 				goto again;
1846 
1847 			/*
1848 			 * Zero part of page which we are not
1849 			 * going to be reading from disk now.
1850 			 */
1851 			xlen = (uint_t)(io_len1 & PAGEOFFSET);
1852 			if (xlen != 0)
1853 				pagezero(pp->p_prev, xlen, PAGESIZE - xlen);
1854 
1855 			bp = spec_startio(vp, pp, io_off1, io_len1,
1856 			    pl == NULL ? (B_ASYNC | B_READ) : B_READ);
1857 			sp->s_nextr = io_off1 + io_len1;
1858 		}
1859 	}
1860 
1861 	if (dora && rw != S_CREATE) {
1862 		u_offset_t off2;
1863 		caddr_t addr2;
1864 
1865 		off2 = ((off / adj_klustsize) + 1) * adj_klustsize;
1866 		addr2 = addr + (off2 - off);
1867 
1868 		pp2 = NULL;
1869 		/*
1870 		 * If we are past EOF then don't bother trying
1871 		 * with read-ahead.
1872 		 */
1873 		if (off2 >= size)
1874 			pp2 = NULL;
1875 		else {
1876 			if (off2 + adj_klustsize <= size)
1877 				blksz = adj_klustsize;
1878 			else
1879 				blksz = MIN(size - off2, adj_klustsize);
1880 
1881 			pp2 = pvn_read_kluster(vp, off2, seg, addr2, &tmpoff,
1882 			    &io_len2, off2, blksz, 1);
1883 			io_off2 = tmpoff;
1884 		}
1885 
1886 		if (pp2 != NULL) {
1887 			/*
1888 			 * Zero part of page which we are not
1889 			 * going to be reading from disk now.
1890 			 */
1891 			xlen = (uint_t)(io_len2 & PAGEOFFSET);
1892 			if (xlen != 0)
1893 				pagezero(pp2->p_prev, xlen, PAGESIZE - xlen);
1894 
1895 			(void) spec_startio(vp, pp2, io_off2, io_len2,
1896 			    B_READ | B_ASYNC);
1897 		}
1898 	}
1899 
1900 	if (pl == NULL)
1901 		return (err);
1902 
1903 	if (bp != NULL) {
1904 		err = biowait(bp);
1905 		pageio_done(bp);
1906 
1907 		if (err) {
1908 			if (pp != NULL)
1909 				pvn_read_done(pp, B_ERROR);
1910 			return (err);
1911 		}
1912 	}
1913 
1914 	if (pagefound) {
1915 		se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
1916 		/*
1917 		 * Page exists in the cache, acquire the appropriate
1918 		 * lock.  If this fails, start all over again.
1919 		 */
1920 
1921 		if ((pp = page_lookup(vp, off, se)) == NULL) {
1922 			spec_lostpage++;
1923 			goto reread;
1924 		}
1925 		pl[0] = pp;
1926 		pl[1] = NULL;
1927 
1928 		sp->s_nextr = off + PAGESIZE;
1929 		return (0);
1930 	}
1931 
1932 	if (pp != NULL)
1933 		pvn_plist_init(pp, pl, plsz, off, io_len1, rw);
1934 	return (0);
1935 }
1936 
1937 /*
1938  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED, B_FORCE}.
1939  * If len == 0, do from off to EOF.
1940  *
1941  * The normal cases should be len == 0 & off == 0 (entire vp list),
1942  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
1943  * (from pageout).
1944  */
1945 int
1946 spec_putpage(
1947 	struct vnode *vp,
1948 	offset_t	off,
1949 	size_t		len,
1950 	int		flags,
1951 	struct cred	*cr)
1952 {
1953 	struct snode *sp = VTOS(vp);
1954 	struct vnode *cvp;
1955 	page_t *pp;
1956 	u_offset_t io_off;
1957 	size_t io_len = 0;	/* for lint */
1958 	int err = 0;
1959 	u_offset_t size;
1960 	u_offset_t tmpoff;
1961 
1962 	ASSERT(vp->v_count != 0);
1963 
1964 	if (vp->v_flag & VNOMAP)
1965 		return (ENOSYS);
1966 
1967 	cvp = sp->s_commonvp;
1968 	size = SPEC_SIZE(VTOS(cvp));
1969 
1970 	if (!vn_has_cached_data(vp) || off >= size)
1971 		return (0);
1972 
1973 	ASSERT(vp->v_type == VBLK && cvp == vp);
1974 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTPAGE,
1975 	    "specfs putpage:vp %p off %llx len %ld snode %p",
1976 	    vp, off, len, sp);
1977 
1978 	if (len == 0) {
1979 		/*
1980 		 * Search the entire vp list for pages >= off.
1981 		 */
1982 		err = pvn_vplist_dirty(vp, off, spec_putapage,
1983 		    flags, cr);
1984 	} else {
1985 		u_offset_t eoff;
1986 
1987 		/*
1988 		 * Loop over all offsets in the range [off...off + len]
1989 		 * looking for pages to deal with.  We set limits so
1990 		 * that we kluster to klustsize boundaries.
1991 		 */
1992 		eoff = off + len;
1993 		for (io_off = off; io_off < eoff && io_off < size;
1994 		    io_off += io_len) {
1995 			/*
1996 			 * If we are not invalidating, synchronously
1997 			 * freeing or writing pages use the routine
1998 			 * page_lookup_nowait() to prevent reclaiming
1999 			 * them from the free list.
2000 			 */
2001 			if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
2002 				pp = page_lookup(vp, io_off,
2003 				    (flags & (B_INVAL | B_FREE)) ?
2004 				    SE_EXCL : SE_SHARED);
2005 			} else {
2006 				pp = page_lookup_nowait(vp, io_off,
2007 				    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
2008 			}
2009 
2010 			if (pp == NULL || pvn_getdirty(pp, flags) == 0)
2011 				io_len = PAGESIZE;
2012 			else {
2013 				err = spec_putapage(vp, pp, &tmpoff, &io_len,
2014 				    flags, cr);
2015 				io_off = tmpoff;
2016 				if (err != 0)
2017 					break;
2018 				/*
2019 				 * "io_off" and "io_len" are returned as
2020 				 * the range of pages we actually wrote.
2021 				 * This allows us to skip ahead more quickly
2022 				 * since several pages may've been dealt
2023 				 * with by this iteration of the loop.
2024 				 */
2025 			}
2026 		}
2027 	}
2028 	return (err);
2029 }
2030 
2031 
2032 /*
2033  * Write out a single page, possibly klustering adjacent
2034  * dirty pages.
2035  */
2036 /*ARGSUSED5*/
2037 static int
2038 spec_putapage(
2039 	struct vnode	*vp,
2040 	page_t		*pp,
2041 	u_offset_t	*offp,		/* return value */
2042 	size_t		*lenp,		/* return value */
2043 	int		flags,
2044 	struct cred	*cr)
2045 {
2046 	struct snode *sp = VTOS(vp);
2047 	u_offset_t io_off;
2048 	size_t io_len;
2049 	size_t blksz;
2050 	u_offset_t blkoff;
2051 	int err = 0;
2052 	struct buf *bp;
2053 	u_offset_t size;
2054 	size_t adj_klustsize;
2055 	u_offset_t tmpoff;
2056 
2057 	/*
2058 	 * Destroy read ahead value since we are really going to write.
2059 	 */
2060 	sp->s_nextr = 0;
2061 	size = SPEC_SIZE(VTOS(sp->s_commonvp));
2062 
2063 	adj_klustsize = klustsize;
2064 
2065 	blkoff = (pp->p_offset / adj_klustsize) * adj_klustsize;
2066 
2067 	if (blkoff + adj_klustsize <= size)
2068 		blksz = adj_klustsize;
2069 	else
2070 		blksz = size - blkoff;
2071 
2072 	/*
2073 	 * Find a kluster that fits in one contiguous chunk.
2074 	 */
2075 	pp = pvn_write_kluster(vp, pp, &tmpoff, &io_len, blkoff,
2076 	    blksz, flags);
2077 	io_off = tmpoff;
2078 
2079 	/*
2080 	 * Check for page length rounding problems
2081 	 * XXX - Is this necessary?
2082 	 */
2083 	if (io_off + io_len > size) {
2084 		ASSERT((io_off + io_len) - size < PAGESIZE);
2085 		io_len = size - io_off;
2086 	}
2087 
2088 	bp = spec_startio(vp, pp, io_off, io_len, B_WRITE | flags);
2089 
2090 	/*
2091 	 * Wait for i/o to complete if the request is not B_ASYNC.
2092 	 */
2093 	if ((flags & B_ASYNC) == 0) {
2094 		err = biowait(bp);
2095 		pageio_done(bp);
2096 		pvn_write_done(pp, ((err) ? B_ERROR : 0) | B_WRITE | flags);
2097 	}
2098 
2099 	if (offp)
2100 		*offp = io_off;
2101 	if (lenp)
2102 		*lenp = io_len;
2103 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTAPAGE,
2104 	    "specfs putapage:vp %p offp %p snode %p err %d",
2105 	    vp, offp, sp, err);
2106 	return (err);
2107 }
2108 
2109 /*
2110  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
2111  */
2112 static struct buf *
2113 spec_startio(
2114 	struct vnode *vp,
2115 	page_t		*pp,
2116 	u_offset_t	io_off,
2117 	size_t		io_len,
2118 	int		flags)
2119 {
2120 	struct buf *bp;
2121 
2122 	bp = pageio_setup(pp, io_len, vp, flags);
2123 
2124 	bp->b_edev = vp->v_rdev;
2125 	bp->b_dev = cmpdev(vp->v_rdev);
2126 	bp->b_blkno = btodt(io_off);
2127 	bp->b_un.b_addr = (caddr_t)0;
2128 
2129 	(void) bdev_strategy(bp);
2130 
2131 	if (flags & B_READ)
2132 		lwp_stat_update(LWP_STAT_INBLK, 1);
2133 	else
2134 		lwp_stat_update(LWP_STAT_OUBLK, 1);
2135 
2136 	return (bp);
2137 }
2138 
2139 static int
2140 spec_poll(
2141 	struct vnode	*vp,
2142 	short		events,
2143 	int		anyyet,
2144 	short		*reventsp,
2145 	struct pollhead **phpp)
2146 {
2147 	dev_t dev;
2148 	int error;
2149 
2150 	if (vp->v_type == VBLK)
2151 		error = fs_poll(vp, events, anyyet, reventsp, phpp);
2152 	else {
2153 		ASSERT(vp->v_type == VCHR);
2154 		dev = vp->v_rdev;
2155 		if (STREAMSTAB(getmajor(dev))) {
2156 			ASSERT(vp->v_stream != NULL);
2157 			error = strpoll(vp->v_stream, events, anyyet,
2158 			    reventsp, phpp);
2159 		} else if (devopsp[getmajor(dev)]->devo_cb_ops->cb_chpoll) {
2160 			error = cdev_poll(dev, events, anyyet, reventsp, phpp);
2161 		} else {
2162 			error = fs_poll(vp, events, anyyet, reventsp, phpp);
2163 		}
2164 	}
2165 	return (error);
2166 }
2167 
2168 /*
2169  * This routine is called through the cdevsw[] table to handle
2170  * traditional mmap'able devices that support a d_mmap function.
2171  */
2172 /*ARGSUSED8*/
2173 int
2174 spec_segmap(
2175 	dev_t dev,
2176 	off_t off,
2177 	struct as *as,
2178 	caddr_t *addrp,
2179 	off_t len,
2180 	uint_t prot,
2181 	uint_t maxprot,
2182 	uint_t flags,
2183 	struct cred *cred)
2184 {
2185 	struct segdev_crargs dev_a;
2186 	int (*mapfunc)(dev_t dev, off_t off, int prot);
2187 	size_t i;
2188 	int	error;
2189 
2190 	if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev)
2191 		return (ENODEV);
2192 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_SEGMAP,
2193 	    "specfs segmap:dev %x as %p len %lx prot %x",
2194 	    dev, as, len, prot);
2195 
2196 	/*
2197 	 * Character devices that support the d_mmap
2198 	 * interface can only be mmap'ed shared.
2199 	 */
2200 	if ((flags & MAP_TYPE) != MAP_SHARED)
2201 		return (EINVAL);
2202 
2203 	/*
2204 	 * Check to ensure that the entire range is
2205 	 * legal and we are not trying to map in
2206 	 * more than the device will let us.
2207 	 */
2208 	for (i = 0; i < len; i += PAGESIZE) {
2209 		if (cdev_mmap(mapfunc, dev, off + i, maxprot) == -1)
2210 			return (ENXIO);
2211 	}
2212 
2213 	as_rangelock(as);
2214 	if ((flags & MAP_FIXED) == 0) {
2215 		/*
2216 		 * Pick an address w/o worrying about
2217 		 * any vac alignment constraints.
2218 		 */
2219 		map_addr(addrp, len, (offset_t)off, 0, flags);
2220 		if (*addrp == NULL) {
2221 			as_rangeunlock(as);
2222 			return (ENOMEM);
2223 		}
2224 	} else {
2225 		/*
2226 		 * User-specified address; blow away any previous mappings.
2227 		 */
2228 		(void) as_unmap(as, *addrp, len);
2229 	}
2230 
2231 	dev_a.mapfunc = mapfunc;
2232 	dev_a.dev = dev;
2233 	dev_a.offset = off;
2234 	dev_a.prot = (uchar_t)prot;
2235 	dev_a.maxprot = (uchar_t)maxprot;
2236 	dev_a.hat_flags = 0;
2237 	dev_a.hat_attr = 0;
2238 	dev_a.devmap_data = NULL;
2239 
2240 	error = as_map(as, *addrp, len, segdev_create, &dev_a);
2241 	as_rangeunlock(as);
2242 	return (error);
2243 }
2244 
2245 int
2246 spec_char_map(
2247 	dev_t dev,
2248 	offset_t off,
2249 	struct as *as,
2250 	caddr_t *addrp,
2251 	size_t len,
2252 	uchar_t prot,
2253 	uchar_t maxprot,
2254 	uint_t flags,
2255 	struct cred *cred)
2256 {
2257 	int error = 0;
2258 	major_t maj = getmajor(dev);
2259 	int map_flag;
2260 	int (*segmap)(dev_t, off_t, struct as *,
2261 	    caddr_t *, off_t, uint_t, uint_t, uint_t, cred_t *);
2262 	int (*devmap)(dev_t, devmap_cookie_t, offset_t,
2263 	    size_t, size_t *, uint_t);
2264 	int (*mmap)(dev_t dev, off_t off, int prot);
2265 
2266 	/*
2267 	 * Character device: let the device driver
2268 	 * pick the appropriate segment driver.
2269 	 *
2270 	 * 4.x compat.: allow 'NULL' cb_segmap => spec_segmap
2271 	 * Kindness: allow 'nulldev' cb_segmap => spec_segmap
2272 	 */
2273 	segmap = devopsp[maj]->devo_cb_ops->cb_segmap;
2274 	if (segmap == NULL || segmap == nulldev || segmap == nodev) {
2275 		mmap = devopsp[maj]->devo_cb_ops->cb_mmap;
2276 		map_flag = devopsp[maj]->devo_cb_ops->cb_flag;
2277 
2278 		/*
2279 		 * Use old mmap framework if the driver has both mmap
2280 		 * and devmap entry points.  This is to prevent the
2281 		 * system from calling invalid devmap entry point
2282 		 * for some drivers that might have put garbage in the
2283 		 * devmap entry point.
2284 		 */
2285 		if ((map_flag & D_DEVMAP) || mmap == NULL ||
2286 		    mmap == nulldev || mmap == nodev) {
2287 			devmap = devopsp[maj]->devo_cb_ops->cb_devmap;
2288 
2289 			/*
2290 			 * If driver provides devmap entry point in
2291 			 * cb_ops but not xx_segmap(9E), call
2292 			 * devmap_setup with default settings
2293 			 * (NULL) for callback_ops and driver
2294 			 * callback private data
2295 			 */
2296 			if (devmap == nodev || devmap == NULL ||
2297 			    devmap == nulldev)
2298 				return (ENODEV);
2299 
2300 			error = devmap_setup(dev, off, as, addrp,
2301 			    len, prot, maxprot, flags, cred);
2302 
2303 			return (error);
2304 		} else
2305 			segmap = spec_segmap;
2306 	} else
2307 		segmap = cdev_segmap;
2308 
2309 	return ((*segmap)(dev, (off_t)off, as, addrp, len, prot,
2310 	    maxprot, flags, cred));
2311 }
2312 
2313 static int
2314 spec_map(
2315 	struct vnode *vp,
2316 	offset_t off,
2317 	struct as *as,
2318 	caddr_t *addrp,
2319 	size_t len,
2320 	uchar_t prot,
2321 	uchar_t maxprot,
2322 	uint_t flags,
2323 	struct cred *cred)
2324 {
2325 	int error = 0;
2326 	struct snode *sp = VTOS(vp);
2327 
2328 	if (vp->v_flag & VNOMAP)
2329 		return (ENOSYS);
2330 
2331 	/* fail map with ENXIO if the device is fenced off */
2332 	if (S_ISFENCED(sp))
2333 		return (ENXIO);
2334 
2335 	/*
2336 	 * If file is locked, fail mapping attempt.
2337 	 */
2338 	if (vn_has_flocks(vp))
2339 		return (EAGAIN);
2340 
2341 	if (vp->v_type == VCHR) {
2342 		return (spec_char_map(vp->v_rdev, off, as, addrp, len, prot,
2343 		    maxprot, flags, cred));
2344 	} else if (vp->v_type == VBLK) {
2345 		struct segvn_crargs vn_a;
2346 		struct vnode *cvp;
2347 		struct snode *sp;
2348 
2349 		/*
2350 		 * Block device, use segvn mapping to the underlying commonvp
2351 		 * for pages.
2352 		 */
2353 		if (off > spec_maxoffset(vp))
2354 			return (ENXIO);
2355 
2356 		sp = VTOS(vp);
2357 		cvp = sp->s_commonvp;
2358 		ASSERT(cvp != NULL);
2359 
2360 		if (off < 0 || ((offset_t)(off + len) < 0))
2361 			return (ENXIO);
2362 
2363 		as_rangelock(as);
2364 		if ((flags & MAP_FIXED) == 0) {
2365 			map_addr(addrp, len, off, 1, flags);
2366 			if (*addrp == NULL) {
2367 				as_rangeunlock(as);
2368 				return (ENOMEM);
2369 			}
2370 		} else {
2371 			/*
2372 			 * User-specified address; blow away any
2373 			 * previous mappings.
2374 			 */
2375 			(void) as_unmap(as, *addrp, len);
2376 		}
2377 
2378 		vn_a.vp = cvp;
2379 		vn_a.offset = off;
2380 		vn_a.type = flags & MAP_TYPE;
2381 		vn_a.prot = (uchar_t)prot;
2382 		vn_a.maxprot = (uchar_t)maxprot;
2383 		vn_a.flags = flags & ~MAP_TYPE;
2384 		vn_a.cred = cred;
2385 		vn_a.amp = NULL;
2386 		vn_a.szc = 0;
2387 		vn_a.lgrp_mem_policy_flags = 0;
2388 
2389 		error = as_map(as, *addrp, len, segvn_create, &vn_a);
2390 		as_rangeunlock(as);
2391 	} else
2392 		return (ENODEV);
2393 
2394 	return (error);
2395 }
2396 
2397 /*ARGSUSED1*/
2398 static int
2399 spec_addmap(
2400 	struct vnode *vp,	/* the common vnode */
2401 	offset_t off,
2402 	struct as *as,
2403 	caddr_t addr,
2404 	size_t len,		/* how many bytes to add */
2405 	uchar_t prot,
2406 	uchar_t maxprot,
2407 	uint_t flags,
2408 	struct cred *cred)
2409 {
2410 	int error = 0;
2411 	struct snode *csp = VTOS(vp);
2412 	ulong_t npages;
2413 
2414 	ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2415 
2416 	/*
2417 	 * XXX	Given the above assertion, this might not
2418 	 *	be a particularly sensible thing to test.
2419 	 */
2420 	if (vp->v_flag & VNOMAP)
2421 		return (ENOSYS);
2422 
2423 	/* fail with EIO if the device is fenced off */
2424 	if (S_ISFENCED(csp))
2425 		return (EIO);
2426 
2427 	npages = btopr(len);
2428 	LOCK_CSP(csp);
2429 	csp->s_mapcnt += npages;
2430 
2431 	UNLOCK_CSP(csp);
2432 	return (error);
2433 }
2434 
2435 /*ARGSUSED1*/
2436 static int
2437 spec_delmap(
2438 	struct vnode *vp,	/* the common vnode */
2439 	offset_t off,
2440 	struct as *as,
2441 	caddr_t addr,
2442 	size_t len,		/* how many bytes to take away */
2443 	uint_t prot,
2444 	uint_t maxprot,
2445 	uint_t flags,
2446 	struct cred *cred)
2447 {
2448 	struct snode *csp = VTOS(vp);
2449 	ulong_t npages;
2450 	long mcnt;
2451 
2452 	/* segdev passes us the common vp */
2453 
2454 	ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2455 
2456 	/* allow delmap to succeed even if device fenced off */
2457 
2458 	/*
2459 	 * XXX	Given the above assertion, this might not
2460 	 *	be a particularly sensible thing to test..
2461 	 */
2462 	if (vp->v_flag & VNOMAP)
2463 		return (ENOSYS);
2464 
2465 	npages = btopr(len);
2466 
2467 	LOCK_CSP(csp);
2468 	mutex_enter(&csp->s_lock);
2469 	mcnt = (csp->s_mapcnt -= npages);
2470 
2471 	if (mcnt == 0) {
2472 		/*
2473 		 * Call the close routine when the last reference of any
2474 		 * kind through any [s, v]node goes away.  The s_dip hold
2475 		 * on the devinfo node is released when the vnode is
2476 		 * destroyed.
2477 		 */
2478 		if (csp->s_count == 0) {
2479 			csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
2480 
2481 			/* See comment in spec_close() */
2482 			if (csp->s_flag & (SCLONE | SSELFCLONE))
2483 				csp->s_flag &= ~SDIPSET;
2484 
2485 			mutex_exit(&csp->s_lock);
2486 
2487 			(void) device_close(vp, 0, cred);
2488 		} else
2489 			mutex_exit(&csp->s_lock);
2490 
2491 		mutex_enter(&csp->s_lock);
2492 	}
2493 	ASSERT(mcnt >= 0);
2494 
2495 	UNLOCK_CSP_LOCK_HELD(csp);
2496 	mutex_exit(&csp->s_lock);
2497 
2498 	return (0);
2499 }
2500 
2501 static int
2502 spec_dump(struct vnode *vp, caddr_t addr, int bn, int count)
2503 {
2504 	/* allow dump to succeed even if device fenced off */
2505 
2506 	ASSERT(vp->v_type == VBLK);
2507 	return (bdev_dump(vp->v_rdev, addr, bn, count));
2508 }
2509 
2510 
2511 /*
2512  * Do i/o on the given page list from/to vp, io_off for io_len.
2513  * Flags are composed of:
2514  * 	{B_ASYNC, B_INVAL, B_FREE, B_DONTNEED, B_READ, B_WRITE}
2515  * If B_ASYNC is not set i/o is waited for.
2516  */
2517 /*ARGSUSED5*/
2518 static int
2519 spec_pageio(
2520 	struct vnode *vp,
2521 	page_t	*pp,
2522 	u_offset_t io_off,
2523 	size_t	io_len,
2524 	int	flags,
2525 	cred_t	*cr)
2526 {
2527 	struct buf *bp = NULL;
2528 	int err = 0;
2529 
2530 	if (pp == NULL)
2531 		return (EINVAL);
2532 
2533 	bp = spec_startio(vp, pp, io_off, io_len, flags);
2534 
2535 	/*
2536 	 * Wait for i/o to complete if the request is not B_ASYNC.
2537 	 */
2538 	if ((flags & B_ASYNC) == 0) {
2539 		err = biowait(bp);
2540 		pageio_done(bp);
2541 	}
2542 	return (err);
2543 }
2544 
2545 /*
2546  * Set ACL on underlying vnode if one exists, or return ENOSYS otherwise.
2547  */
2548 int
2549 spec_setsecattr(struct vnode *vp, vsecattr_t *vsap, int flag, struct cred *cr)
2550 {
2551 	struct vnode *realvp;
2552 	struct snode *sp = VTOS(vp);
2553 	int error;
2554 
2555 	/* fail with ENXIO if the device is fenced off */
2556 	if (S_ISFENCED(sp))
2557 		return (ENXIO);
2558 
2559 	/*
2560 	 * The acl(2) system calls VOP_RWLOCK on the file before setting an
2561 	 * ACL, but since specfs does not serialize reads and writes, this
2562 	 * VOP does not do anything.  However, some backing file systems may
2563 	 * expect the lock to be held before setting an ACL, so it is taken
2564 	 * here privately to avoid serializing specfs reads and writes.
2565 	 */
2566 	if ((realvp = sp->s_realvp) != NULL) {
2567 		(void) VOP_RWLOCK(realvp, V_WRITELOCK_TRUE, NULL);
2568 		error = VOP_SETSECATTR(realvp, vsap, flag, cr);
2569 		(void) VOP_RWUNLOCK(realvp, V_WRITELOCK_TRUE, NULL);
2570 		return (error);
2571 	} else
2572 		return (fs_nosys());
2573 }
2574 
2575 /*
2576  * Get ACL from underlying vnode if one exists, or fabricate it from
2577  * the permissions returned by spec_getattr() otherwise.
2578  */
2579 int
2580 spec_getsecattr(struct vnode *vp, vsecattr_t *vsap, int flag, struct cred *cr)
2581 {
2582 	struct vnode *realvp;
2583 	struct snode *sp = VTOS(vp);
2584 
2585 	/* fail with ENXIO if the device is fenced off */
2586 	if (S_ISFENCED(sp))
2587 		return (ENXIO);
2588 
2589 	if ((realvp = sp->s_realvp) != NULL)
2590 		return (VOP_GETSECATTR(realvp, vsap, flag, cr));
2591 	else
2592 		return (fs_fab_acl(vp, vsap, flag, cr));
2593 }
2594 
2595 int
2596 spec_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr)
2597 {
2598 	vnode_t *realvp;
2599 	struct snode *sp = VTOS(vp);
2600 
2601 	/* fail with ENXIO if the device is fenced off */
2602 	if (S_ISFENCED(sp))
2603 		return (ENXIO);
2604 
2605 	if ((realvp = sp->s_realvp) != NULL)
2606 		return (VOP_PATHCONF(realvp, cmd, valp, cr));
2607 	else
2608 		return (fs_pathconf(vp, cmd, valp, cr));
2609 }
2610