xref: /titanic_51/usr/src/uts/common/fs/specfs/specvnops.c (revision bac8fa9cb4e49b18fc19e28fa7aeb18816da4f62)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
27 /*	  All Rights Reserved  	*/
28 
29 /*
30  * University Copyright- Copyright (c) 1982, 1986, 1988
31  * The Regents of the University of California
32  * All Rights Reserved
33  *
34  * University Acknowledgment- Portions of this document are derived from
35  * software developed by the University of California, Berkeley, and its
36  * contributors.
37  */
38 
39 
40 #pragma ident	"%Z%%M%	%I%	%E% SMI"
41 
42 #include <sys/types.h>
43 #include <sys/thread.h>
44 #include <sys/t_lock.h>
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/bitmap.h>
48 #include <sys/buf.h>
49 #include <sys/cmn_err.h>
50 #include <sys/conf.h>
51 #include <sys/ddi.h>
52 #include <sys/debug.h>
53 #include <sys/dkio.h>
54 #include <sys/errno.h>
55 #include <sys/time.h>
56 #include <sys/fcntl.h>
57 #include <sys/flock.h>
58 #include <sys/file.h>
59 #include <sys/kmem.h>
60 #include <sys/mman.h>
61 #include <sys/open.h>
62 #include <sys/swap.h>
63 #include <sys/sysmacros.h>
64 #include <sys/uio.h>
65 #include <sys/vfs.h>
66 #include <sys/vnode.h>
67 #include <sys/stat.h>
68 #include <sys/poll.h>
69 #include <sys/stream.h>
70 #include <sys/strsubr.h>
71 #include <sys/policy.h>
72 #include <sys/devpolicy.h>
73 
74 #include <sys/proc.h>
75 #include <sys/user.h>
76 #include <sys/session.h>
77 #include <sys/vmsystm.h>
78 #include <sys/vtrace.h>
79 #include <sys/pathname.h>
80 
81 #include <sys/fs/snode.h>
82 
83 #include <vm/seg.h>
84 #include <vm/seg_map.h>
85 #include <vm/page.h>
86 #include <vm/pvn.h>
87 #include <vm/seg_dev.h>
88 #include <vm/seg_vn.h>
89 
90 #include <fs/fs_subr.h>
91 
92 #include <sys/esunddi.h>
93 #include <sys/autoconf.h>
94 #include <sys/sunndi.h>
95 
96 
97 static int spec_open(struct vnode **, int, struct cred *);
98 static int spec_close(struct vnode *, int, int, offset_t, struct cred *);
99 static int spec_read(struct vnode *, struct uio *, int, struct cred *,
100 	struct caller_context *);
101 static int spec_write(struct vnode *, struct uio *, int, struct cred *,
102 	struct caller_context *);
103 static int spec_ioctl(struct vnode *, int, intptr_t, int, struct cred *, int *);
104 static int spec_getattr(struct vnode *, struct vattr *, int, struct cred *);
105 static int spec_setattr(struct vnode *, struct vattr *, int, struct cred *,
106 	caller_context_t *);
107 static int spec_access(struct vnode *, int, int, struct cred *);
108 static int spec_create(struct vnode *, char *, vattr_t *, enum vcexcl,
109     int, struct vnode **, struct cred *, int);
110 static int spec_fsync(struct vnode *, int, struct cred *);
111 static void spec_inactive(struct vnode *, struct cred *);
112 static int spec_fid(struct vnode *, struct fid *);
113 static int spec_seek(struct vnode *, offset_t, offset_t *);
114 static int spec_frlock(struct vnode *, int, struct flock64 *, int, offset_t,
115     struct flk_callback *, struct cred *);
116 static int spec_realvp(struct vnode *, struct vnode **);
117 
118 static int spec_getpage(struct vnode *, offset_t, size_t, uint_t *, page_t **,
119     size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
120 static int spec_putapage(struct vnode *, page_t *, u_offset_t *, size_t *, int,
121 	struct cred *);
122 static struct buf *spec_startio(struct vnode *, page_t *, u_offset_t, size_t,
123 	int);
124 static int spec_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
125     page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
126 static int spec_map(struct vnode *, offset_t, struct as *, caddr_t *, size_t,
127     uchar_t, uchar_t, uint_t, struct cred *);
128 static int spec_addmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
129     uchar_t, uchar_t, uint_t, struct cred *);
130 static int spec_delmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
131     uint_t, uint_t, uint_t, struct cred *);
132 
133 static int spec_poll(struct vnode *, short, int, short *, struct pollhead **);
134 static int spec_dump(struct vnode *, caddr_t, int, int);
135 static int spec_pageio(struct vnode *, page_t *, u_offset_t, size_t, int,
136     cred_t *);
137 
138 static int spec_getsecattr(struct vnode *, vsecattr_t *, int, struct cred *);
139 static int spec_setsecattr(struct vnode *, vsecattr_t *, int, struct cred *);
140 static int spec_pathconf(struct	vnode *, int, ulong_t *, struct cred *);
141 
142 #define	SN_HOLD(csp)	{ \
143 	mutex_enter(&csp->s_lock); \
144 	csp->s_count++; \
145 	mutex_exit(&csp->s_lock); \
146 }
147 
148 #define	SN_RELE(csp)	{ \
149 	mutex_enter(&csp->s_lock); \
150 	csp->s_count--; \
151 	ASSERT((csp->s_count > 0) || (csp->s_vnode->v_stream == NULL)); \
152 	mutex_exit(&csp->s_lock); \
153 }
154 
155 struct vnodeops *spec_vnodeops;
156 
157 const fs_operation_def_t spec_vnodeops_template[] = {
158 	VOPNAME_OPEN, spec_open,
159 	VOPNAME_CLOSE, spec_close,
160 	VOPNAME_READ, spec_read,
161 	VOPNAME_WRITE, spec_write,
162 	VOPNAME_IOCTL, spec_ioctl,
163 	VOPNAME_GETATTR, spec_getattr,
164 	VOPNAME_SETATTR, spec_setattr,
165 	VOPNAME_ACCESS, spec_access,
166 	VOPNAME_CREATE, spec_create,
167 	VOPNAME_FSYNC, spec_fsync,
168 	VOPNAME_INACTIVE, (fs_generic_func_p) spec_inactive,
169 	VOPNAME_FID, spec_fid,
170 	VOPNAME_SEEK, spec_seek,
171 	VOPNAME_PATHCONF, spec_pathconf,
172 	VOPNAME_FRLOCK, spec_frlock,
173 	VOPNAME_REALVP, spec_realvp,
174 	VOPNAME_GETPAGE, spec_getpage,
175 	VOPNAME_PUTPAGE, spec_putpage,
176 	VOPNAME_MAP, (fs_generic_func_p) spec_map,
177 	VOPNAME_ADDMAP, (fs_generic_func_p) spec_addmap,
178 	VOPNAME_DELMAP, spec_delmap,
179 	VOPNAME_POLL, (fs_generic_func_p) spec_poll,
180 	VOPNAME_DUMP, spec_dump,
181 	VOPNAME_PAGEIO, spec_pageio,
182 	VOPNAME_SETSECATTR, spec_setsecattr,
183 	VOPNAME_GETSECATTR, spec_getsecattr,
184 	NULL, NULL
185 };
186 
187 /*
188  * Return address of spec_vnodeops
189  */
190 struct vnodeops *
191 spec_getvnodeops(void)
192 {
193 	return (spec_vnodeops);
194 }
195 
196 extern vnode_t *rconsvp;
197 
198 /*
199  * Acquire the serial lock on the common snode.
200  */
201 #define	LOCK_CSP(csp)					\
202 	mutex_enter(&csp->s_lock);			\
203 	while (csp->s_flag & SLOCKED) {			\
204 		csp->s_flag |= SWANT;			\
205 		cv_wait(&csp->s_cv, &csp->s_lock);	\
206 	}						\
207 	csp->s_flag |= SLOCKED;				\
208 	mutex_exit(&csp->s_lock);
209 
210 #define	LOCK_CSP_SIG(csp)	lock_csp_sig(csp)
211 
212 /*
213  * Acquire the serial lock on the common snode checking for a signal.
214  * cv_wait_sig is used to allow signals to pull us out.
215  * Return 1 if locked, 0 if interrupted
216  */
217 static int
218 lock_csp_sig(struct snode *csp)
219 {
220 	mutex_enter(&csp->s_lock);
221 	while (csp->s_flag & SLOCKED) {
222 		csp->s_flag |= SWANT;
223 		if (!cv_wait_sig(&csp->s_cv, &csp->s_lock)) {
224 			mutex_exit(&csp->s_lock);
225 			/* interrupted */
226 			return (0);
227 		}
228 	}
229 	csp->s_flag |= SLOCKED;
230 	mutex_exit(&csp->s_lock);
231 
232 	return (1);
233 }
234 
235 /*
236  * Unlock the serial lock on the common snode
237  */
238 #define	UNLOCK_CSP_LOCK_HELD(csp)			\
239 	ASSERT(mutex_owned(&csp->s_lock));		\
240 	if (csp->s_flag & SWANT)			\
241 		cv_broadcast(&csp->s_cv);		\
242 	csp->s_flag &= ~(SWANT|SLOCKED);
243 
244 #define	UNLOCK_CSP(csp)					\
245 	mutex_enter(&csp->s_lock);			\
246 	UNLOCK_CSP_LOCK_HELD(csp);			\
247 	mutex_exit(&csp->s_lock);
248 
249 /*
250  * compute/return the size of the device
251  */
252 #define	SPEC_SIZE(csp)	\
253 	(((csp)->s_flag & SSIZEVALID) ? (csp)->s_size : spec_size(csp))
254 
255 /*
256  * Compute and return the size.  If the size in the common snode is valid then
257  * return it.  If not valid then get the size from the driver and set size in
258  * the common snode.  If the device has not been attached then we don't ask for
259  * an update from the driver- for non-streams SSIZEVALID stays unset until the
260  * device is attached. A stat of a mknod outside /devices (non-devfs) may
261  * report UNKNOWN_SIZE because the device may not be attached yet (SDIPSET not
262  * established in mknod until open time). An stat in /devices will report the
263  * size correctly.  Specfs should always call SPEC_SIZE instead of referring
264  * directly to s_size to initialize/retrieve the size of a device.
265  *
266  * XXX There is an inconsistency between block and raw - "unknown" is
267  * UNKNOWN_SIZE for VBLK and 0 for VCHR(raw).
268  */
269 static u_offset_t
270 spec_size(struct snode *csp)
271 {
272 	struct vnode	*cvp = STOV(csp);
273 	u_offset_t	size;
274 	int		plen;
275 	uint32_t	size32;
276 	dev_t		dev;
277 	dev_info_t	*devi;
278 	major_t		maj;
279 
280 	ASSERT((csp)->s_commonvp == cvp);	/* must be common node */
281 
282 	/* return cached value */
283 	mutex_enter(&csp->s_lock);
284 	if (csp->s_flag & SSIZEVALID) {
285 		mutex_exit(&csp->s_lock);
286 		return (csp->s_size);
287 	}
288 
289 	/* VOP_GETATTR of mknod has not had devcnt restriction applied */
290 	dev = cvp->v_rdev;
291 	maj = getmajor(dev);
292 	if (maj >= devcnt) {
293 		/* return non-cached UNKNOWN_SIZE */
294 		mutex_exit(&csp->s_lock);
295 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
296 	}
297 
298 	/* establish cached zero size for streams */
299 	if (STREAMSTAB(maj)) {
300 		csp->s_size = 0;
301 		csp->s_flag |= SSIZEVALID;
302 		mutex_exit(&csp->s_lock);
303 		return (0);
304 	}
305 
306 	/*
307 	 * Return non-cached UNKNOWN_SIZE if not open.
308 	 *
309 	 * NB: This check is bogus, calling prop_op(9E) should be gated by
310 	 * attach, not open. Not having this check however opens up a new
311 	 * context under which a driver's prop_op(9E) could be called. Calling
312 	 * prop_op(9E) in this new context has been shown to expose latent
313 	 * driver bugs (insufficient NULL pointer checks that lead to panic).
314 	 * We are keeping this open check for now to avoid these panics.
315 	 */
316 	if (csp->s_count == 0) {
317 		mutex_exit(&csp->s_lock);
318 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
319 	}
320 
321 	/* Return non-cached UNKNOWN_SIZE if not attached. */
322 	if (((csp->s_flag & SDIPSET) == 0) || (csp->s_dip == NULL) ||
323 	    !i_ddi_devi_attached(csp->s_dip)) {
324 		mutex_exit(&csp->s_lock);
325 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
326 	}
327 
328 	devi = csp->s_dip;
329 
330 	/*
331 	 * Established cached size obtained from the attached driver. Since we
332 	 * know the devinfo node, for efficiency we use cdev_prop_op directly
333 	 * instead of [cb]dev_[Ss]size.
334 	 */
335 	if (cvp->v_type == VCHR) {
336 		size = 0;
337 		plen = sizeof (size);
338 		if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
339 		    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
340 		    DDI_PROP_CONSUMER_TYPED, "Size", (caddr_t)&size,
341 		    &plen) != DDI_PROP_SUCCESS) {
342 			plen = sizeof (size32);
343 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
344 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
345 			    "size", (caddr_t)&size32, &plen) ==
346 			    DDI_PROP_SUCCESS)
347 				size = size32;
348 		}
349 	} else {
350 		size = UNKNOWN_SIZE;
351 		plen = sizeof (size);
352 		if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
353 		    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
354 		    DDI_PROP_CONSUMER_TYPED, "Nblocks", (caddr_t)&size,
355 		    &plen) != DDI_PROP_SUCCESS) {
356 			plen = sizeof (size32);
357 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
358 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
359 			    "nblocks", (caddr_t)&size32, &plen) ==
360 			    DDI_PROP_SUCCESS)
361 				size = size32;
362 		}
363 
364 		if (size != UNKNOWN_SIZE) {
365 			/* convert from block size to byte size */
366 			if (size < (MAXOFFSET_T >> DEV_BSHIFT))
367 				size = size << DEV_BSHIFT;
368 			else
369 				size = UNKNOWN_SIZE;
370 		}
371 	}
372 
373 	csp->s_size = size;
374 	csp->s_flag |= SSIZEVALID;
375 
376 	mutex_exit(&csp->s_lock);
377 	return (size);
378 }
379 
380 /*
381  * This function deal with vnode substitution in the case of
382  * device cloning.
383  */
384 static int
385 spec_clone(struct vnode **vpp, dev_t newdev, int vtype, struct stdata *stp)
386 {
387 	dev_t		dev = (*vpp)->v_rdev;
388 	major_t		maj = getmajor(dev);
389 	major_t 	newmaj = getmajor(newdev);
390 	int		sysclone = (maj == clone_major);
391 	int		qassociate_used = 0;
392 	struct snode	*oldsp, *oldcsp;
393 	struct snode	*newsp, *newcsp;
394 	struct vnode	*newvp, *newcvp;
395 	dev_info_t	*dip;
396 	queue_t		*dq;
397 
398 	ASSERT(dev != newdev);
399 
400 	/*
401 	 * Check for cloning across different drivers.
402 	 * We only support this under the system provided clone driver
403 	 */
404 	if ((maj != newmaj) && !sysclone) {
405 		cmn_err(CE_NOTE,
406 		    "unsupported clone open maj = %u, newmaj = %u",
407 		    maj, newmaj);
408 		return (ENXIO);
409 	}
410 
411 	/* old */
412 	oldsp = VTOS(*vpp);
413 	oldcsp = VTOS(oldsp->s_commonvp);
414 
415 	/* new */
416 	newvp = makespecvp(newdev, vtype);
417 	ASSERT(newvp != NULL);
418 	newsp = VTOS(newvp);
419 	newcvp = newsp->s_commonvp;
420 	newcsp = VTOS(newcvp);
421 
422 	/*
423 	 * Clones inherit fsid, realvp, and dip.
424 	 * XXX realvp inherit is not occurring, does fstat of clone work?
425 	 */
426 	newsp->s_fsid = oldsp->s_fsid;
427 	if (sysclone) {
428 		newsp->s_flag |= SCLONE;
429 		dip = NULL;
430 	} else {
431 		newsp->s_flag |= SSELFCLONE;
432 		dip = oldcsp->s_dip;
433 	}
434 
435 	/*
436 	 * If we cloned to an opened newdev that already has called
437 	 * spec_assoc_vp_with_devi (SDIPSET set) then the association is
438 	 * already established.
439 	 */
440 	if (!(newcsp->s_flag & SDIPSET)) {
441 		/*
442 		 * Establish s_dip association for newdev.
443 		 *
444 		 * If we trusted the getinfo(9E) DDI_INFO_DEVT2INSTANCE
445 		 * implementation of all cloning drivers  (SCLONE and SELFCLONE)
446 		 * we would always use e_ddi_hold_devi_by_dev().  We know that
447 		 * many drivers have had (still have?) problems with
448 		 * DDI_INFO_DEVT2INSTANCE, so we try to minimize reliance by
449 		 * detecting drivers that use QASSOCIATE (by looking down the
450 		 * stream) and setting their s_dip association to NULL.
451 		 */
452 		qassociate_used = 0;
453 		if (stp) {
454 			for (dq = stp->sd_wrq; dq; dq = dq->q_next) {
455 				if (_RD(dq)->q_flag & _QASSOCIATED) {
456 					qassociate_used = 1;
457 					dip = NULL;
458 					break;
459 				}
460 			}
461 		}
462 
463 		if (dip || qassociate_used) {
464 			spec_assoc_vp_with_devi(newvp, dip);
465 		} else {
466 			/* derive association from newdev */
467 			dip = e_ddi_hold_devi_by_dev(newdev, 0);
468 			spec_assoc_vp_with_devi(newvp, dip);
469 			if (dip)
470 				ddi_release_devi(dip);
471 		}
472 	}
473 
474 	SN_HOLD(newcsp);
475 
476 	/* deal with stream stuff */
477 	if (stp != NULL) {
478 		LOCK_CSP(newcsp);	/* synchronize stream open/close */
479 		mutex_enter(&newcsp->s_lock);
480 		newcvp->v_stream = newvp->v_stream = stp;
481 		stp->sd_vnode = newcvp;
482 		stp->sd_strtab = STREAMSTAB(newmaj);
483 		mutex_exit(&newcsp->s_lock);
484 		UNLOCK_CSP(newcsp);
485 	}
486 
487 	/* substitute the vnode */
488 	SN_RELE(oldcsp);
489 	VN_RELE(*vpp);
490 	*vpp = newvp;
491 
492 	return (0);
493 }
494 
495 static int
496 spec_open(struct vnode **vpp, int flag, struct cred *cr)
497 {
498 	major_t maj;
499 	dev_t dev, newdev;
500 	struct vnode *vp, *cvp;
501 	struct snode *sp, *csp;
502 	struct stdata *stp;
503 	dev_info_t *dip;
504 	int error, type;
505 
506 	flag &= ~FCREAT;		/* paranoia */
507 
508 	vp = *vpp;
509 	sp = VTOS(vp);
510 	ASSERT((vp->v_type == VCHR) || (vp->v_type == VBLK));
511 	if ((vp->v_type != VCHR) && (vp->v_type != VBLK))
512 		return (ENXIO);
513 
514 	/*
515 	 * If the VFS_NODEVICES bit was set for the mount,
516 	 * do not allow opens of special devices.
517 	 */
518 	if (sp->s_realvp && (sp->s_realvp->v_vfsp->vfs_flag & VFS_NODEVICES))
519 		return (ENXIO);
520 
521 	newdev = dev = vp->v_rdev;
522 
523 	/*
524 	 * If we are opening a node that has not had spec_assoc_vp_with_devi
525 	 * called against it (mknod outside /devices or a non-dacf makespecvp
526 	 * node) then SDIPSET will not be set. In this case we call an
527 	 * interface which will reconstruct the path and lookup (drive attach)
528 	 * through devfs (e_ddi_hold_devi_by_dev -> e_ddi_hold_devi_by_path ->
529 	 * devfs_lookupname).  For support of broken drivers that don't call
530 	 * ddi_create_minor_node for all minor nodes in their instance space,
531 	 * we call interfaces that operates at the directory/devinfo
532 	 * (major/instance) level instead of to the leaf/minor node level.
533 	 * After finding and attaching the dip we associate it with the
534 	 * common specfs vnode (s_dip), which sets SDIPSET.  A DL_DETACH_REQ
535 	 * to style-2 stream driver may set s_dip to NULL with SDIPSET set.
536 	 *
537 	 * NOTE: Although e_ddi_hold_devi_by_dev takes a dev_t argument, its
538 	 * implementation operates at the major/instance level since it only
539 	 * need to return a dip.
540 	 */
541 	cvp = sp->s_commonvp;
542 	csp = VTOS(cvp);
543 	if (!(csp->s_flag & SDIPSET)) {
544 		/* try to attach, return error if we fail */
545 		if ((dip = e_ddi_hold_devi_by_dev(dev, 0)) == NULL)
546 			return (ENXIO);
547 
548 		/* associate dip with the common snode s_dip */
549 		spec_assoc_vp_with_devi(vp, dip);
550 		ddi_release_devi(dip);	/* from e_ddi_hold_devi_by_dev */
551 	}
552 
553 #ifdef  DEBUG
554 	/* verify attach/open exclusion guarantee */
555 	dip = csp->s_dip;
556 	ASSERT((dip == NULL) || i_ddi_devi_attached(dip));
557 #endif  /* DEBUG */
558 
559 	if ((error = secpolicy_spec_open(cr, cvp, flag)) != 0)
560 		return (error);
561 
562 	maj = getmajor(dev);
563 	if (STREAMSTAB(maj))
564 		goto streams_open;
565 
566 	SN_HOLD(csp);			/* increment open count */
567 
568 	/* non streams open */
569 	type = (vp->v_type == VBLK ? OTYP_BLK : OTYP_CHR);
570 	error = dev_open(&newdev, flag, type, cr);
571 
572 	/* deal with clone case */
573 	if (error == 0 && dev != newdev) {
574 		error = spec_clone(vpp, newdev, vp->v_type, NULL);
575 		/*
576 		 * bail on clone failure, further processing
577 		 * results in undefined behaviors.
578 		 */
579 		if (error != 0)
580 			return (error);
581 		sp = VTOS(*vpp);
582 		csp = VTOS(sp->s_commonvp);
583 	}
584 
585 	if (error == 0) {
586 		sp->s_size = SPEC_SIZE(csp);
587 
588 		if ((csp->s_flag & SNEEDCLOSE) == 0) {
589 			int nmaj = getmajor(newdev);
590 			mutex_enter(&csp->s_lock);
591 			/* successful open needs a close later */
592 			csp->s_flag |= SNEEDCLOSE;
593 
594 			/*
595 			 * Invalidate possible cached "unknown" size
596 			 * established by a VOP_GETATTR while open was in
597 			 * progress, and the driver might fail prop_op(9E).
598 			 */
599 			if (((cvp->v_type == VCHR) && (csp->s_size == 0)) ||
600 			    ((cvp->v_type == VBLK) &&
601 			    (csp->s_size == UNKNOWN_SIZE)))
602 				csp->s_flag &= ~SSIZEVALID;
603 
604 			if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_64BIT)
605 				csp->s_flag |= SLOFFSET;
606 			if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_U64BIT)
607 				csp->s_flag |= SLOFFSET | SANYOFFSET;
608 			mutex_exit(&csp->s_lock);
609 		}
610 		return (0);
611 	}
612 
613 	/*
614 	 * Open failed. If we missed a close operation because
615 	 * we were trying to get the device open and it is the
616 	 * last in progress open that is failing then call close.
617 	 *
618 	 * NOTE: Only non-streams open has this race condition.
619 	 */
620 	mutex_enter(&csp->s_lock);
621 	csp->s_count--;			/* decrement open count : SN_RELE */
622 	if ((csp->s_count == 0) &&	/* no outstanding open */
623 	    (csp->s_mapcnt == 0) &&	/* no mapping */
624 	    (csp->s_flag & SNEEDCLOSE)) { /* need a close */
625 		csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
626 
627 		/* See comment in spec_close() */
628 		if (csp->s_flag & (SCLONE | SSELFCLONE))
629 			csp->s_flag &= ~SDIPSET;
630 
631 		mutex_exit(&csp->s_lock);
632 		ASSERT(*vpp != NULL);
633 		(void) device_close(*vpp, flag, cr);
634 	} else {
635 		mutex_exit(&csp->s_lock);
636 	}
637 	return (error);
638 
639 streams_open:
640 	if (vp->v_type != VCHR)
641 		return (ENXIO);
642 
643 	/*
644 	 * Lock common snode to prevent any new clone opens
645 	 * on this stream while one is in progress.
646 	 * This is necessary since the stream currently
647 	 * associated with the clone device will not be part
648 	 * of it after the clone open completes.
649 	 * Unfortunately we don't know in advance if this is
650 	 * a clone device so we have to lock all opens.
651 	 *
652 	 * If we fail, it's because of an interrupt.
653 	 */
654 	if (LOCK_CSP_SIG(csp) == 0)
655 		return (EINTR);
656 
657 	SN_HOLD(csp);			/* increment open count */
658 
659 	error = stropen(cvp, &newdev, flag, cr);
660 	stp = cvp->v_stream;
661 
662 	/* deal with the clone case */
663 	if ((error == 0) && (dev != newdev)) {
664 		vp->v_stream = cvp->v_stream = NULL;
665 		UNLOCK_CSP(csp);
666 		error = spec_clone(vpp, newdev, vp->v_type, stp);
667 		/*
668 		 * bail on clone failure, further processing
669 		 * results in undefined behaviors.
670 		 */
671 		if (error != 0)
672 			return (error);
673 		sp = VTOS(*vpp);
674 		csp = VTOS(sp->s_commonvp);
675 	} else if (error == 0) {
676 		vp->v_stream = stp;
677 		UNLOCK_CSP(csp);
678 	}
679 
680 	if (error == 0) {
681 		/* STREAMS devices don't have a size */
682 		sp->s_size = csp->s_size = 0;
683 
684 		if (!(stp->sd_flag & STRISTTY) || (flag & FNOCTTY))
685 			return (0);
686 
687 		/* try to allocate it as a controlling terminal */
688 		if (strctty(stp) != EINTR)
689 			return (0);
690 
691 		/* strctty() was interrupted by a signal */
692 		(void) spec_close(vp, flag, 1, 0, cr);
693 		return (EINTR);
694 	}
695 
696 	/*
697 	 * Deal with stropen failure.
698 	 *
699 	 * sd_flag in the stream head cannot change since the
700 	 * common snode is locked before the call to stropen().
701 	 */
702 	if ((stp != NULL) && (stp->sd_flag & STREOPENFAIL)) {
703 		/*
704 		 * Open failed part way through.
705 		 */
706 		mutex_enter(&stp->sd_lock);
707 		stp->sd_flag &= ~STREOPENFAIL;
708 		mutex_exit(&stp->sd_lock);
709 
710 		UNLOCK_CSP(csp);
711 		(void) spec_close(vp, flag, 1, 0, cr);
712 	} else {
713 		UNLOCK_CSP(csp);
714 		SN_RELE(csp);
715 	}
716 
717 	return (error);
718 }
719 
720 /*ARGSUSED2*/
721 static int
722 spec_close(
723 	struct vnode	*vp,
724 	int		flag,
725 	int		count,
726 	offset_t	offset,
727 	struct cred	*cr)
728 {
729 	struct vnode *cvp;
730 	struct snode *sp, *csp;
731 	enum vtype type;
732 	dev_t dev;
733 	int error = 0;
734 	int sysclone;
735 
736 	if (!(flag & FKLYR)) {
737 		/* this only applies to closes of devices from userland */
738 		cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
739 		cleanshares(vp, ttoproc(curthread)->p_pid);
740 		if (vp->v_stream)
741 			strclean(vp);
742 	}
743 	if (count > 1)
744 		return (0);
745 
746 	sp = VTOS(vp);
747 	cvp = sp->s_commonvp;
748 
749 	dev = sp->s_dev;
750 	type = vp->v_type;
751 
752 	ASSERT(type == VCHR || type == VBLK);
753 
754 	/*
755 	 * Prevent close/close and close/open races by serializing closes
756 	 * on this common snode. Clone opens are held up until after
757 	 * we have closed this device so the streams linkage is maintained
758 	 */
759 	csp = VTOS(cvp);
760 
761 	LOCK_CSP(csp);
762 	mutex_enter(&csp->s_lock);
763 
764 	csp->s_count--;			/* one fewer open reference : SN_RELE */
765 	sysclone = sp->s_flag & SCLONE;
766 
767 	/*
768 	 * Invalidate size on each close.
769 	 *
770 	 * XXX We do this on each close because we don't have interfaces that
771 	 * allow a driver to invalidate the size.  Since clearing this on each
772 	 * close this causes property overhead we skip /dev/null and
773 	 * /dev/zero to avoid degrading kenbus performance.
774 	 */
775 	if (getmajor(dev) != mm_major)
776 		csp->s_flag &= ~SSIZEVALID;
777 
778 	/*
779 	 * Only call the close routine when the last open reference through
780 	 * any [s, v]node goes away.  This can be checked by looking at
781 	 * s_count on the common vnode.
782 	 */
783 	if ((csp->s_count == 0) && (csp->s_mapcnt == 0)) {
784 		/* we don't need a close */
785 		csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
786 
787 		/*
788 		 * A cloning driver may open-clone to the same dev_t that we
789 		 * are closing before spec_inactive destroys the common snode.
790 		 * If this occurs the s_dip association needs to be reevaluated.
791 		 * We clear SDIPSET to force reevaluation in this case.  When
792 		 * reevaluation occurs (by spec_clone after open), if the
793 		 * devinfo association has changed then the old association
794 		 * will be released as the new association is established by
795 		 * spec_assoc_vp_with_devi().
796 		 */
797 		if (csp->s_flag & (SCLONE | SSELFCLONE))
798 			csp->s_flag &= ~SDIPSET;
799 
800 		mutex_exit(&csp->s_lock);
801 		error = device_close(vp, flag, cr);
802 
803 		/*
804 		 * Decrement the devops held in clnopen()
805 		 */
806 		if (sysclone) {
807 			ddi_rele_driver(getmajor(dev));
808 		}
809 		mutex_enter(&csp->s_lock);
810 	}
811 
812 	UNLOCK_CSP_LOCK_HELD(csp);
813 	mutex_exit(&csp->s_lock);
814 
815 	return (error);
816 }
817 
818 /*ARGSUSED2*/
819 static int
820 spec_read(
821 	struct vnode	*vp,
822 	struct uio	*uiop,
823 	int		ioflag,
824 	struct cred	*cr,
825 	struct caller_context *ct)
826 {
827 	int error;
828 	struct snode *sp = VTOS(vp);
829 	dev_t dev = sp->s_dev;
830 	size_t n;
831 	ulong_t on;
832 	u_offset_t bdevsize;
833 	offset_t maxoff;
834 	offset_t off;
835 	struct vnode *blkvp;
836 
837 	ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
838 
839 	if (STREAMSTAB(getmajor(dev))) {	/* stream */
840 		ASSERT(vp->v_type == VCHR);
841 		smark(sp, SACC);
842 		return (strread(vp, uiop, cr));
843 	}
844 
845 	if (uiop->uio_resid == 0)
846 		return (0);
847 
848 	/*
849 	 * Plain old character devices that set D_U64BIT can have
850 	 * unrestricted offsets.
851 	 */
852 	maxoff = spec_maxoffset(vp);
853 	ASSERT(maxoff != -1 || vp->v_type == VCHR);
854 
855 	if (maxoff != -1 && (uiop->uio_loffset < 0 ||
856 	    uiop->uio_loffset + uiop->uio_resid > maxoff))
857 		return (EINVAL);
858 
859 	if (vp->v_type == VCHR) {
860 		smark(sp, SACC);
861 		ASSERT(STREAMSTAB(getmajor(dev)) == 0);
862 		return (cdev_read(dev, uiop, cr));
863 	}
864 
865 	/*
866 	 * Block device.
867 	 */
868 	error = 0;
869 	blkvp = sp->s_commonvp;
870 	bdevsize = SPEC_SIZE(VTOS(blkvp));
871 
872 	do {
873 		caddr_t base;
874 		offset_t diff;
875 
876 		off = uiop->uio_loffset & (offset_t)MAXBMASK;
877 		on = (size_t)(uiop->uio_loffset & MAXBOFFSET);
878 		n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
879 		diff = bdevsize - uiop->uio_loffset;
880 
881 		if (diff <= 0)
882 			break;
883 		if (diff < n)
884 			n = (size_t)diff;
885 
886 		if (vpm_enable) {
887 			error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
888 				n, uiop, 1, NULL, 0, S_READ);
889 		} else {
890 			base = segmap_getmapflt(segkmap, blkvp,
891 				(u_offset_t)(off + on), n, 1, S_READ);
892 
893 			error = uiomove(base + on, n, UIO_READ, uiop);
894 		}
895 		if (!error) {
896 			int flags = 0;
897 			/*
898 			 * If we read a whole block, we won't need this
899 			 * buffer again soon.
900 			 */
901 			if (n + on == MAXBSIZE)
902 				flags = SM_DONTNEED | SM_FREE;
903 			if (vpm_enable) {
904 				error = vpm_sync_pages(blkvp, off, n, flags);
905 			} else {
906 				error = segmap_release(segkmap, base, flags);
907 			}
908 		} else {
909 			if (vpm_enable) {
910 				(void) vpm_sync_pages(blkvp, off, n, 0);
911 			} else {
912 				(void) segmap_release(segkmap, base, 0);
913 			}
914 			if (bdevsize == UNKNOWN_SIZE) {
915 				error = 0;
916 				break;
917 			}
918 		}
919 	} while (error == 0 && uiop->uio_resid > 0 && n != 0);
920 
921 	return (error);
922 }
923 
924 /*ARGSUSED*/
925 static int
926 spec_write(
927 	struct vnode *vp,
928 	struct uio *uiop,
929 	int ioflag,
930 	struct cred *cr,
931 	struct caller_context *ct)
932 {
933 	int error;
934 	struct snode *sp = VTOS(vp);
935 	dev_t dev = sp->s_dev;
936 	size_t n;
937 	ulong_t on;
938 	u_offset_t bdevsize;
939 	offset_t maxoff;
940 	offset_t off;
941 	struct vnode *blkvp;
942 
943 	ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
944 
945 	if (STREAMSTAB(getmajor(dev))) {
946 		ASSERT(vp->v_type == VCHR);
947 		smark(sp, SUPD);
948 		return (strwrite(vp, uiop, cr));
949 	}
950 
951 	/*
952 	 * Plain old character devices that set D_U64BIT can have
953 	 * unrestricted offsets.
954 	 */
955 	maxoff = spec_maxoffset(vp);
956 	ASSERT(maxoff != -1 || vp->v_type == VCHR);
957 
958 	if (maxoff != -1 && (uiop->uio_loffset < 0 ||
959 	    uiop->uio_loffset + uiop->uio_resid > maxoff))
960 		return (EINVAL);
961 
962 	if (vp->v_type == VCHR) {
963 		smark(sp, SUPD);
964 		ASSERT(STREAMSTAB(getmajor(dev)) == 0);
965 		return (cdev_write(dev, uiop, cr));
966 	}
967 
968 	if (uiop->uio_resid == 0)
969 		return (0);
970 
971 	error = 0;
972 	blkvp = sp->s_commonvp;
973 	bdevsize = SPEC_SIZE(VTOS(blkvp));
974 
975 	do {
976 		int pagecreate;
977 		int newpage;
978 		caddr_t base;
979 		offset_t diff;
980 
981 		off = uiop->uio_loffset & (offset_t)MAXBMASK;
982 		on = (ulong_t)(uiop->uio_loffset & MAXBOFFSET);
983 		n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
984 		pagecreate = 0;
985 
986 		diff = bdevsize - uiop->uio_loffset;
987 		if (diff <= 0) {
988 			error = ENXIO;
989 			break;
990 		}
991 		if (diff < n)
992 			n = (size_t)diff;
993 
994 		/*
995 		 * Check to see if we can skip reading in the page
996 		 * and just allocate the memory.  We can do this
997 		 * if we are going to rewrite the entire mapping
998 		 * or if we are going to write to end of the device
999 		 * from the beginning of the mapping.
1000 		 */
1001 		if (n == MAXBSIZE || (on == 0 && (off + n) == bdevsize))
1002 			pagecreate = 1;
1003 
1004 		newpage = 0;
1005 		if (vpm_enable) {
1006 			error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1007 				n, uiop, !pagecreate, NULL, 0, S_WRITE);
1008 		} else {
1009 			base = segmap_getmapflt(segkmap, blkvp,
1010 			    (u_offset_t)(off + on), n, !pagecreate, S_WRITE);
1011 
1012 			/*
1013 			 * segmap_pagecreate() returns 1 if it calls
1014 			 * page_create_va() to allocate any pages.
1015 			 */
1016 
1017 			if (pagecreate)
1018 				newpage = segmap_pagecreate(segkmap, base + on,
1019 					n, 0);
1020 
1021 			error = uiomove(base + on, n, UIO_WRITE, uiop);
1022 		}
1023 
1024 		if (!vpm_enable && pagecreate &&
1025 		    uiop->uio_loffset <
1026 		    P2ROUNDUP_TYPED(off + on + n, PAGESIZE, offset_t)) {
1027 			/*
1028 			 * We created pages w/o initializing them completely,
1029 			 * thus we need to zero the part that wasn't set up.
1030 			 * This can happen if we write to the end of the device
1031 			 * or if we had some sort of error during the uiomove.
1032 			 */
1033 			long nzero;
1034 			offset_t nmoved;
1035 
1036 			nmoved = (uiop->uio_loffset - (off + on));
1037 			if (nmoved < 0 || nmoved > n) {
1038 				panic("spec_write: nmoved bogus");
1039 				/*NOTREACHED*/
1040 			}
1041 			nzero = (long)P2ROUNDUP(on + n, PAGESIZE) -
1042 			    (on + nmoved);
1043 			if (nzero < 0 || (on + nmoved + nzero > MAXBSIZE)) {
1044 				panic("spec_write: nzero bogus");
1045 				/*NOTREACHED*/
1046 			}
1047 			(void) kzero(base + on + nmoved, (size_t)nzero);
1048 		}
1049 
1050 		/*
1051 		 * Unlock the pages which have been allocated by
1052 		 * page_create_va() in segmap_pagecreate().
1053 		 */
1054 		if (!vpm_enable && newpage)
1055 			segmap_pageunlock(segkmap, base + on,
1056 				(size_t)n, S_WRITE);
1057 
1058 		if (error == 0) {
1059 			int flags = 0;
1060 
1061 			/*
1062 			 * Force write back for synchronous write cases.
1063 			 */
1064 			if (ioflag & (FSYNC|FDSYNC))
1065 				flags = SM_WRITE;
1066 			else if (n + on == MAXBSIZE || IS_SWAPVP(vp)) {
1067 				/*
1068 				 * Have written a whole block.
1069 				 * Start an asynchronous write and
1070 				 * mark the buffer to indicate that
1071 				 * it won't be needed again soon.
1072 				 * Push swap files here, since it
1073 				 * won't happen anywhere else.
1074 				 */
1075 				flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
1076 			}
1077 			smark(sp, SUPD|SCHG);
1078 			if (vpm_enable) {
1079 				error = vpm_sync_pages(blkvp, off, n, flags);
1080 			} else {
1081 				error = segmap_release(segkmap, base, flags);
1082 			}
1083 		} else {
1084 			if (vpm_enable) {
1085 				(void) vpm_sync_pages(blkvp, off, n, SM_INVAL);
1086 			} else {
1087 				(void) segmap_release(segkmap, base, SM_INVAL);
1088 			}
1089 		}
1090 
1091 	} while (error == 0 && uiop->uio_resid > 0 && n != 0);
1092 
1093 	return (error);
1094 }
1095 
1096 static int
1097 spec_ioctl(struct vnode *vp, int cmd, intptr_t arg, int mode, struct cred *cr,
1098     int *rvalp)
1099 {
1100 	struct snode *sp;
1101 	dev_t dev;
1102 	int error;
1103 
1104 	if (vp->v_type != VCHR)
1105 		return (ENOTTY);
1106 	sp = VTOS(vp);
1107 	dev = sp->s_dev;
1108 	if (STREAMSTAB(getmajor(dev))) {
1109 		error = strioctl(vp, cmd, arg, mode, U_TO_K, cr, rvalp);
1110 	} else {
1111 		error = cdev_ioctl(dev, cmd, arg, mode, cr, rvalp);
1112 	}
1113 	return (error);
1114 }
1115 
1116 static int
1117 spec_getattr(struct vnode *vp, struct vattr *vap, int flags, struct cred *cr)
1118 {
1119 	int error;
1120 	struct snode *sp;
1121 	struct vnode *realvp;
1122 
1123 	/* With ATTR_COMM we will not get attributes from realvp */
1124 	if (flags & ATTR_COMM) {
1125 		sp = VTOS(vp);
1126 		vp = sp->s_commonvp;
1127 	}
1128 	sp = VTOS(vp);
1129 	realvp = sp->s_realvp;
1130 
1131 	if (realvp == NULL) {
1132 		static int snode_shift	= 0;
1133 
1134 		/*
1135 		 * Calculate the amount of bitshift to a snode pointer which
1136 		 * will still keep it unique.  See below.
1137 		 */
1138 		if (snode_shift == 0)
1139 			snode_shift = highbit(sizeof (struct snode));
1140 		ASSERT(snode_shift > 0);
1141 
1142 		/*
1143 		 * No real vnode behind this one.  Fill in the fields
1144 		 * from the snode.
1145 		 *
1146 		 * This code should be refined to return only the
1147 		 * attributes asked for instead of all of them.
1148 		 */
1149 		vap->va_type = vp->v_type;
1150 		vap->va_mode = 0;
1151 		vap->va_uid = vap->va_gid = 0;
1152 		vap->va_fsid = sp->s_fsid;
1153 
1154 		/*
1155 		 * If the va_nodeid is > MAX_USHORT, then i386 stats might
1156 		 * fail. So we shift down the snode pointer to try and get
1157 		 * the most uniqueness into 16-bits.
1158 		 */
1159 		vap->va_nodeid = ((ino64_t)(uintptr_t)sp >> snode_shift) &
1160 		    0xFFFF;
1161 		vap->va_nlink = 0;
1162 		vap->va_rdev = sp->s_dev;
1163 
1164 		/*
1165 		 * va_nblocks is the number of 512 byte blocks used to store
1166 		 * the mknod for the device, not the number of blocks on the
1167 		 * device itself.  This is typically zero since the mknod is
1168 		 * represented directly in the inode itself.
1169 		 */
1170 		vap->va_nblocks = 0;
1171 	} else {
1172 		error = VOP_GETATTR(realvp, vap, flags, cr);
1173 		if (error != 0)
1174 			return (error);
1175 	}
1176 
1177 	/* set the size from the snode */
1178 	vap->va_size = SPEC_SIZE(VTOS(sp->s_commonvp));
1179 	vap->va_blksize = MAXBSIZE;
1180 
1181 	mutex_enter(&sp->s_lock);
1182 	vap->va_atime.tv_sec = sp->s_atime;
1183 	vap->va_mtime.tv_sec = sp->s_mtime;
1184 	vap->va_ctime.tv_sec = sp->s_ctime;
1185 	mutex_exit(&sp->s_lock);
1186 
1187 	vap->va_atime.tv_nsec = 0;
1188 	vap->va_mtime.tv_nsec = 0;
1189 	vap->va_ctime.tv_nsec = 0;
1190 	vap->va_seq = 0;
1191 
1192 	return (0);
1193 }
1194 
1195 static int
1196 spec_setattr(
1197 	struct vnode *vp,
1198 	struct vattr *vap,
1199 	int flags,
1200 	struct cred *cr,
1201 	caller_context_t *ctp)
1202 {
1203 	struct snode *sp = VTOS(vp);
1204 	struct vnode *realvp;
1205 	int error;
1206 
1207 	if (vp->v_type == VCHR && vp->v_stream && (vap->va_mask & AT_SIZE)) {
1208 		/*
1209 		 * 1135080:	O_TRUNC should have no effect on
1210 		 *		named pipes and terminal devices.
1211 		 */
1212 		ASSERT(vap->va_mask == AT_SIZE);
1213 		return (0);
1214 	}
1215 
1216 	if ((realvp = sp->s_realvp) == NULL)
1217 		error = 0;	/* no real vnode to update */
1218 	else
1219 		error = VOP_SETATTR(realvp, vap, flags, cr, ctp);
1220 	if (error == 0) {
1221 		/*
1222 		 * If times were changed, update snode.
1223 		 */
1224 		mutex_enter(&sp->s_lock);
1225 		if (vap->va_mask & AT_ATIME)
1226 			sp->s_atime = vap->va_atime.tv_sec;
1227 		if (vap->va_mask & AT_MTIME) {
1228 			sp->s_mtime = vap->va_mtime.tv_sec;
1229 			sp->s_ctime = gethrestime_sec();
1230 		}
1231 		mutex_exit(&sp->s_lock);
1232 	}
1233 	return (error);
1234 }
1235 
1236 static int
1237 spec_access(struct vnode *vp, int mode, int flags, struct cred *cr)
1238 {
1239 	struct vnode *realvp;
1240 	struct snode *sp = VTOS(vp);
1241 
1242 	if ((realvp = sp->s_realvp) != NULL)
1243 		return (VOP_ACCESS(realvp, mode, flags, cr));
1244 	else
1245 		return (0);	/* Allow all access. */
1246 }
1247 
1248 /*
1249  * This can be called if creat or an open with O_CREAT is done on the root
1250  * of a lofs mount where the mounted entity is a special file.
1251  */
1252 /*ARGSUSED*/
1253 static int
1254 spec_create(struct vnode *dvp, char *name, vattr_t *vap, enum vcexcl excl,
1255     int mode, struct vnode **vpp, struct cred *cr, int flag)
1256 {
1257 	int error;
1258 
1259 	ASSERT(dvp && (dvp->v_flag & VROOT) && *name == '\0');
1260 	if (excl == NONEXCL) {
1261 		if (mode && (error = spec_access(dvp, mode, 0, cr)))
1262 			return (error);
1263 		VN_HOLD(dvp);
1264 		return (0);
1265 	}
1266 	return (EEXIST);
1267 }
1268 
1269 /*
1270  * In order to sync out the snode times without multi-client problems,
1271  * make sure the times written out are never earlier than the times
1272  * already set in the vnode.
1273  */
1274 static int
1275 spec_fsync(struct vnode *vp, int syncflag, struct cred *cr)
1276 {
1277 	struct snode *sp = VTOS(vp);
1278 	struct vnode *realvp;
1279 	struct vnode *cvp;
1280 	struct vattr va, vatmp;
1281 
1282 	/* If times didn't change, don't flush anything. */
1283 	mutex_enter(&sp->s_lock);
1284 	if ((sp->s_flag & (SACC|SUPD|SCHG)) == 0 && vp->v_type != VBLK) {
1285 		mutex_exit(&sp->s_lock);
1286 		return (0);
1287 	}
1288 	sp->s_flag &= ~(SACC|SUPD|SCHG);
1289 	mutex_exit(&sp->s_lock);
1290 	cvp = sp->s_commonvp;
1291 	realvp = sp->s_realvp;
1292 
1293 	if (vp->v_type == VBLK && cvp != vp && vn_has_cached_data(cvp) &&
1294 	    (cvp->v_flag & VISSWAP) == 0)
1295 		(void) VOP_PUTPAGE(cvp, (offset_t)0, 0, 0, cr);
1296 
1297 	/*
1298 	 * For devices that support it, force write cache to stable storage.
1299 	 * We don't need the lock to check s_flags since we can treat
1300 	 * SNOFLUSH as a hint.
1301 	 */
1302 	if ((vp->v_type == VBLK || vp->v_type == VCHR) &&
1303 	    !(sp->s_flag & SNOFLUSH)) {
1304 		int rval, rc;
1305 		rc = cdev_ioctl(vp->v_rdev, DKIOCFLUSHWRITECACHE,
1306 		    NULL, FNATIVE|FKIOCTL, cr, &rval);
1307 		if (rc == ENOTSUP || rc == ENOTTY) {
1308 			mutex_enter(&sp->s_lock);
1309 			sp->s_flag |= SNOFLUSH;
1310 			mutex_exit(&sp->s_lock);
1311 		}
1312 	}
1313 
1314 	/*
1315 	 * If no real vnode to update, don't flush anything.
1316 	 */
1317 	if (realvp == NULL)
1318 		return (0);
1319 
1320 	vatmp.va_mask = AT_ATIME|AT_MTIME;
1321 	if (VOP_GETATTR(realvp, &vatmp, 0, cr) == 0) {
1322 
1323 		mutex_enter(&sp->s_lock);
1324 		if (vatmp.va_atime.tv_sec > sp->s_atime)
1325 			va.va_atime = vatmp.va_atime;
1326 		else {
1327 			va.va_atime.tv_sec = sp->s_atime;
1328 			va.va_atime.tv_nsec = 0;
1329 		}
1330 		if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1331 			va.va_mtime = vatmp.va_mtime;
1332 		else {
1333 			va.va_mtime.tv_sec = sp->s_mtime;
1334 			va.va_mtime.tv_nsec = 0;
1335 		}
1336 		mutex_exit(&sp->s_lock);
1337 
1338 		va.va_mask = AT_ATIME|AT_MTIME;
1339 		(void) VOP_SETATTR(realvp, &va, 0, cr, NULL);
1340 	}
1341 	(void) VOP_FSYNC(realvp, syncflag, cr);
1342 	return (0);
1343 }
1344 
1345 /*ARGSUSED*/
1346 static void
1347 spec_inactive(struct vnode *vp, struct cred *cr)
1348 {
1349 	struct snode *sp = VTOS(vp);
1350 	struct vnode *cvp;
1351 	struct vnode *rvp;
1352 
1353 	/*
1354 	 * If no one has reclaimed the vnode, remove from the
1355 	 * cache now.
1356 	 */
1357 	if (vp->v_count < 1) {
1358 		panic("spec_inactive: Bad v_count");
1359 		/*NOTREACHED*/
1360 	}
1361 	mutex_enter(&stable_lock);
1362 
1363 	mutex_enter(&vp->v_lock);
1364 	/*
1365 	 * Drop the temporary hold by vn_rele now
1366 	 */
1367 	if (--vp->v_count != 0) {
1368 		mutex_exit(&vp->v_lock);
1369 		mutex_exit(&stable_lock);
1370 		return;
1371 	}
1372 	mutex_exit(&vp->v_lock);
1373 
1374 	sdelete(sp);
1375 	mutex_exit(&stable_lock);
1376 
1377 	/* We are the sole owner of sp now */
1378 	cvp = sp->s_commonvp;
1379 	rvp = sp->s_realvp;
1380 
1381 	if (rvp) {
1382 		/*
1383 		 * If the snode times changed, then update the times
1384 		 * associated with the "realvp".
1385 		 */
1386 		if ((sp->s_flag & (SACC|SUPD|SCHG)) != 0) {
1387 
1388 			struct vattr va, vatmp;
1389 
1390 			mutex_enter(&sp->s_lock);
1391 			sp->s_flag &= ~(SACC|SUPD|SCHG);
1392 			mutex_exit(&sp->s_lock);
1393 			vatmp.va_mask = AT_ATIME|AT_MTIME;
1394 			/*
1395 			 * The user may not own the device, but we
1396 			 * want to update the attributes anyway.
1397 			 */
1398 			if (VOP_GETATTR(rvp, &vatmp, 0, kcred) == 0) {
1399 				if (vatmp.va_atime.tv_sec > sp->s_atime)
1400 					va.va_atime = vatmp.va_atime;
1401 				else {
1402 					va.va_atime.tv_sec = sp->s_atime;
1403 					va.va_atime.tv_nsec = 0;
1404 				}
1405 				if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1406 					va.va_mtime = vatmp.va_mtime;
1407 				else {
1408 					va.va_mtime.tv_sec = sp->s_mtime;
1409 					va.va_mtime.tv_nsec = 0;
1410 				}
1411 
1412 				va.va_mask = AT_ATIME|AT_MTIME;
1413 				(void) VOP_SETATTR(rvp, &va, 0, kcred, NULL);
1414 			}
1415 		}
1416 	}
1417 	ASSERT(!vn_has_cached_data(vp));
1418 	vn_invalid(vp);
1419 
1420 	/* if we are sharing another file systems vfs, release it */
1421 	if (vp->v_vfsp && (vp->v_vfsp != &spec_vfs))
1422 		VFS_RELE(vp->v_vfsp);
1423 
1424 	/* if we have a realvp, release the realvp */
1425 	if (rvp)
1426 		VN_RELE(rvp);
1427 
1428 	/* if we have a common, release the common */
1429 	if (cvp && (cvp != vp)) {
1430 		VN_RELE(cvp);
1431 #ifdef DEBUG
1432 	} else if (cvp) {
1433 		/*
1434 		 * if this is the last reference to a common vnode, any
1435 		 * associated stream had better have been closed
1436 		 */
1437 		ASSERT(cvp == vp);
1438 		ASSERT(cvp->v_stream == NULL);
1439 #endif /* DEBUG */
1440 	}
1441 
1442 	/*
1443 	 * if we have a hold on a devinfo node (established by
1444 	 * spec_assoc_vp_with_devi), release the hold
1445 	 */
1446 	if (sp->s_dip)
1447 		ddi_release_devi(sp->s_dip);
1448 
1449 	/*
1450 	 * If we have an associated device policy, release it.
1451 	 */
1452 	if (sp->s_plcy != NULL)
1453 		dpfree(sp->s_plcy);
1454 
1455 	/*
1456 	 * If all holds on the devinfo node are through specfs/devfs
1457 	 * and we just destroyed the last specfs node associated with the
1458 	 * device, then the devinfo node reference count should now be
1459 	 * zero.  We can't check this because there may be other holds
1460 	 * on the node from non file system sources: ddi_hold_devi_by_instance
1461 	 * for example.
1462 	 */
1463 	kmem_cache_free(snode_cache, sp);
1464 }
1465 
1466 static int
1467 spec_fid(struct vnode *vp, struct fid *fidp)
1468 {
1469 	struct vnode *realvp;
1470 	struct snode *sp = VTOS(vp);
1471 
1472 	if ((realvp = sp->s_realvp) != NULL)
1473 		return (VOP_FID(realvp, fidp));
1474 	else
1475 		return (EINVAL);
1476 }
1477 
1478 /*ARGSUSED1*/
1479 static int
1480 spec_seek(struct vnode *vp, offset_t ooff, offset_t *noffp)
1481 {
1482 	offset_t maxoff = spec_maxoffset(vp);
1483 
1484 	if (maxoff == -1 || *noffp <= maxoff)
1485 		return (0);
1486 	else
1487 		return (EINVAL);
1488 }
1489 
1490 static int
1491 spec_frlock(
1492 	struct vnode *vp,
1493 	int		cmd,
1494 	struct flock64	*bfp,
1495 	int		flag,
1496 	offset_t	offset,
1497 	struct flk_callback *flk_cbp,
1498 	struct cred	*cr)
1499 {
1500 	struct snode *sp = VTOS(vp);
1501 	struct snode *csp;
1502 
1503 	csp = VTOS(sp->s_commonvp);
1504 	/*
1505 	 * If file is being mapped, disallow frlock.
1506 	 */
1507 	if (csp->s_mapcnt > 0)
1508 		return (EAGAIN);
1509 
1510 	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr));
1511 }
1512 
1513 static int
1514 spec_realvp(struct vnode *vp, struct vnode **vpp)
1515 {
1516 	struct vnode *rvp;
1517 
1518 	if ((rvp = VTOS(vp)->s_realvp) != NULL) {
1519 		vp = rvp;
1520 		if (VOP_REALVP(vp, &rvp) == 0)
1521 			vp = rvp;
1522 	}
1523 
1524 	*vpp = vp;
1525 	return (0);
1526 }
1527 
1528 /*
1529  * Return all the pages from [off..off + len] in block
1530  * or character device.
1531  */
1532 static int
1533 spec_getpage(
1534 	struct vnode	*vp,
1535 	offset_t	off,
1536 	size_t		len,
1537 	uint_t		*protp,
1538 	page_t		*pl[],
1539 	size_t		plsz,
1540 	struct seg	*seg,
1541 	caddr_t		addr,
1542 	enum seg_rw	rw,
1543 	struct cred	*cr)
1544 {
1545 	struct snode *sp = VTOS(vp);
1546 	int err;
1547 
1548 	ASSERT(sp->s_commonvp == vp);
1549 
1550 	/*
1551 	 * XXX	Given the above assertion, this might not do
1552 	 *	what is wanted here.
1553 	 */
1554 	if (vp->v_flag & VNOMAP)
1555 		return (ENOSYS);
1556 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_GETPAGE,
1557 		"specfs getpage:vp %p off %llx len %ld snode %p",
1558 		vp, off, len, sp);
1559 
1560 	switch (vp->v_type) {
1561 	case VBLK:
1562 		if (protp != NULL)
1563 			*protp = PROT_ALL;
1564 
1565 		if (((u_offset_t)off + len) > (SPEC_SIZE(sp) + PAGEOFFSET))
1566 			return (EFAULT);	/* beyond EOF */
1567 
1568 		if (len <= PAGESIZE)
1569 			err = spec_getapage(vp, (u_offset_t)off, len, protp, pl,
1570 			    plsz, seg, addr, rw, cr);
1571 		else
1572 			err = pvn_getpages(spec_getapage, vp, (u_offset_t)off,
1573 			    len, protp, pl, plsz, seg, addr, rw, cr);
1574 		break;
1575 
1576 	case VCHR:
1577 		cmn_err(CE_NOTE, "spec_getpage called for character device. "
1578 		    "Check any non-ON consolidation drivers");
1579 		err = 0;
1580 		pl[0] = (page_t *)0;
1581 		break;
1582 
1583 	default:
1584 		panic("spec_getpage: bad v_type 0x%x", vp->v_type);
1585 		/*NOTREACHED*/
1586 	}
1587 
1588 	return (err);
1589 }
1590 
1591 extern int klustsize;	/* set in machdep.c */
1592 
1593 int spec_ra = 1;
1594 int spec_lostpage;	/* number of times we lost original page */
1595 
1596 /*ARGSUSED2*/
1597 static int
1598 spec_getapage(
1599 	struct vnode *vp,
1600 	u_offset_t	off,
1601 	size_t		len,
1602 	uint_t		*protp,
1603 	page_t		*pl[],
1604 	size_t		plsz,
1605 	struct seg	*seg,
1606 	caddr_t		addr,
1607 	enum seg_rw	rw,
1608 	struct cred	*cr)
1609 {
1610 	struct snode *sp;
1611 	struct buf *bp;
1612 	page_t *pp, *pp2;
1613 	u_offset_t io_off1, io_off2;
1614 	size_t io_len1;
1615 	size_t io_len2;
1616 	size_t blksz;
1617 	u_offset_t blkoff;
1618 	int dora, err;
1619 	page_t *pagefound;
1620 	uint_t xlen;
1621 	size_t adj_klustsize;
1622 	u_offset_t size;
1623 	u_offset_t tmpoff;
1624 
1625 	sp = VTOS(vp);
1626 	TRACE_3(TR_FAC_SPECFS, TR_SPECFS_GETAPAGE,
1627 		"specfs getapage:vp %p off %llx snode %p", vp, off, sp);
1628 reread:
1629 
1630 	err = 0;
1631 	bp = NULL;
1632 	pp = NULL;
1633 	pp2 = NULL;
1634 
1635 	if (pl != NULL)
1636 		pl[0] = NULL;
1637 
1638 	size = SPEC_SIZE(VTOS(sp->s_commonvp));
1639 
1640 	if (spec_ra && sp->s_nextr == off)
1641 		dora = 1;
1642 	else
1643 		dora = 0;
1644 
1645 	if (size == UNKNOWN_SIZE) {
1646 		dora = 0;
1647 		adj_klustsize = PAGESIZE;
1648 	} else {
1649 		adj_klustsize = dora ? klustsize : PAGESIZE;
1650 	}
1651 
1652 again:
1653 	if ((pagefound = page_exists(vp, off)) == NULL) {
1654 		if (rw == S_CREATE) {
1655 			/*
1656 			 * We're allocating a swap slot and it's
1657 			 * associated page was not found, so allocate
1658 			 * and return it.
1659 			 */
1660 			if ((pp = page_create_va(vp, off,
1661 			    PAGESIZE, PG_WAIT, seg, addr)) == NULL) {
1662 				panic("spec_getapage: page_create");
1663 				/*NOTREACHED*/
1664 			}
1665 			io_len1 = PAGESIZE;
1666 			sp->s_nextr = off + PAGESIZE;
1667 		} else {
1668 			/*
1669 			 * Need to really do disk I/O to get the page(s).
1670 			 */
1671 			blkoff = (off / adj_klustsize) * adj_klustsize;
1672 			if (size == UNKNOWN_SIZE) {
1673 				blksz = PAGESIZE;
1674 			} else {
1675 				if (blkoff + adj_klustsize <= size)
1676 					blksz = adj_klustsize;
1677 				else
1678 					blksz =
1679 					    MIN(size - blkoff, adj_klustsize);
1680 			}
1681 
1682 			pp = pvn_read_kluster(vp, off, seg, addr, &tmpoff,
1683 			    &io_len1, blkoff, blksz, 0);
1684 			io_off1 = tmpoff;
1685 			/*
1686 			 * Make sure the page didn't sneek into the
1687 			 * cache while we blocked in pvn_read_kluster.
1688 			 */
1689 			if (pp == NULL)
1690 				goto again;
1691 
1692 			/*
1693 			 * Zero part of page which we are not
1694 			 * going to be reading from disk now.
1695 			 */
1696 			xlen = (uint_t)(io_len1 & PAGEOFFSET);
1697 			if (xlen != 0)
1698 				pagezero(pp->p_prev, xlen, PAGESIZE - xlen);
1699 
1700 			bp = spec_startio(vp, pp, io_off1, io_len1,
1701 			    pl == NULL ? (B_ASYNC | B_READ) : B_READ);
1702 			sp->s_nextr = io_off1 + io_len1;
1703 		}
1704 	}
1705 
1706 	if (dora && rw != S_CREATE) {
1707 		u_offset_t off2;
1708 		caddr_t addr2;
1709 
1710 		off2 = ((off / adj_klustsize) + 1) * adj_klustsize;
1711 		addr2 = addr + (off2 - off);
1712 
1713 		pp2 = NULL;
1714 		/*
1715 		 * If we are past EOF then don't bother trying
1716 		 * with read-ahead.
1717 		 */
1718 		if (off2 >= size)
1719 			pp2 = NULL;
1720 		else {
1721 			if (off2 + adj_klustsize <= size)
1722 				blksz = adj_klustsize;
1723 			else
1724 				blksz = MIN(size - off2, adj_klustsize);
1725 
1726 			pp2 = pvn_read_kluster(vp, off2, seg, addr2, &tmpoff,
1727 			    &io_len2, off2, blksz, 1);
1728 			io_off2 = tmpoff;
1729 		}
1730 
1731 		if (pp2 != NULL) {
1732 			/*
1733 			 * Zero part of page which we are not
1734 			 * going to be reading from disk now.
1735 			 */
1736 			xlen = (uint_t)(io_len2 & PAGEOFFSET);
1737 			if (xlen != 0)
1738 				pagezero(pp2->p_prev, xlen, PAGESIZE - xlen);
1739 
1740 			(void) spec_startio(vp, pp2, io_off2, io_len2,
1741 			    B_READ | B_ASYNC);
1742 		}
1743 	}
1744 
1745 	if (pl == NULL)
1746 		return (err);
1747 
1748 	if (bp != NULL) {
1749 		err = biowait(bp);
1750 		pageio_done(bp);
1751 
1752 		if (err) {
1753 			if (pp != NULL)
1754 				pvn_read_done(pp, B_ERROR);
1755 			return (err);
1756 		}
1757 	}
1758 
1759 	if (pagefound) {
1760 		se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
1761 		/*
1762 		 * Page exists in the cache, acquire the appropriate
1763 		 * lock.  If this fails, start all over again.
1764 		 */
1765 
1766 		if ((pp = page_lookup(vp, off, se)) == NULL) {
1767 			spec_lostpage++;
1768 			goto reread;
1769 		}
1770 		pl[0] = pp;
1771 		pl[1] = NULL;
1772 
1773 		sp->s_nextr = off + PAGESIZE;
1774 		return (0);
1775 	}
1776 
1777 	if (pp != NULL)
1778 		pvn_plist_init(pp, pl, plsz, off, io_len1, rw);
1779 	return (0);
1780 }
1781 
1782 /*
1783  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED, B_FORCE}.
1784  * If len == 0, do from off to EOF.
1785  *
1786  * The normal cases should be len == 0 & off == 0 (entire vp list),
1787  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
1788  * (from pageout).
1789  */
1790 int
1791 spec_putpage(
1792 	struct vnode *vp,
1793 	offset_t	off,
1794 	size_t		len,
1795 	int		flags,
1796 	struct cred	*cr)
1797 {
1798 	struct snode *sp = VTOS(vp);
1799 	struct vnode *cvp;
1800 	page_t *pp;
1801 	u_offset_t io_off;
1802 	size_t io_len = 0;	/* for lint */
1803 	int err = 0;
1804 	u_offset_t size;
1805 	u_offset_t tmpoff;
1806 
1807 	ASSERT(vp->v_count != 0);
1808 
1809 	if (vp->v_flag & VNOMAP)
1810 		return (ENOSYS);
1811 
1812 	cvp = sp->s_commonvp;
1813 	size = SPEC_SIZE(VTOS(cvp));
1814 
1815 	if (!vn_has_cached_data(vp) || off >= size)
1816 		return (0);
1817 
1818 	ASSERT(vp->v_type == VBLK && cvp == vp);
1819 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTPAGE,
1820 		"specfs putpage:vp %p off %llx len %ld snode %p",
1821 		vp, off, len, sp);
1822 
1823 	if (len == 0) {
1824 		/*
1825 		 * Search the entire vp list for pages >= off.
1826 		 */
1827 		err = pvn_vplist_dirty(vp, off, spec_putapage,
1828 		    flags, cr);
1829 	} else {
1830 		u_offset_t eoff;
1831 
1832 		/*
1833 		 * Loop over all offsets in the range [off...off + len]
1834 		 * looking for pages to deal with.  We set limits so
1835 		 * that we kluster to klustsize boundaries.
1836 		 */
1837 		eoff = off + len;
1838 		for (io_off = off; io_off < eoff && io_off < size;
1839 		    io_off += io_len) {
1840 			/*
1841 			 * If we are not invalidating, synchronously
1842 			 * freeing or writing pages use the routine
1843 			 * page_lookup_nowait() to prevent reclaiming
1844 			 * them from the free list.
1845 			 */
1846 			if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
1847 				pp = page_lookup(vp, io_off,
1848 					(flags & (B_INVAL | B_FREE)) ?
1849 					    SE_EXCL : SE_SHARED);
1850 			} else {
1851 				pp = page_lookup_nowait(vp, io_off,
1852 					(flags & B_FREE) ? SE_EXCL : SE_SHARED);
1853 			}
1854 
1855 			if (pp == NULL || pvn_getdirty(pp, flags) == 0)
1856 				io_len = PAGESIZE;
1857 			else {
1858 				err = spec_putapage(vp, pp, &tmpoff, &io_len,
1859 				    flags, cr);
1860 				io_off = tmpoff;
1861 				if (err != 0)
1862 					break;
1863 				/*
1864 				 * "io_off" and "io_len" are returned as
1865 				 * the range of pages we actually wrote.
1866 				 * This allows us to skip ahead more quickly
1867 				 * since several pages may've been dealt
1868 				 * with by this iteration of the loop.
1869 				 */
1870 			}
1871 		}
1872 	}
1873 	return (err);
1874 }
1875 
1876 
1877 /*
1878  * Write out a single page, possibly klustering adjacent
1879  * dirty pages.
1880  */
1881 /*ARGSUSED5*/
1882 static int
1883 spec_putapage(
1884 	struct vnode	*vp,
1885 	page_t		*pp,
1886 	u_offset_t	*offp,		/* return value */
1887 	size_t		*lenp,		/* return value */
1888 	int		flags,
1889 	struct cred	*cr)
1890 {
1891 	struct snode *sp = VTOS(vp);
1892 	u_offset_t io_off;
1893 	size_t io_len;
1894 	size_t blksz;
1895 	u_offset_t blkoff;
1896 	int err = 0;
1897 	struct buf *bp;
1898 	u_offset_t size;
1899 	size_t adj_klustsize;
1900 	u_offset_t tmpoff;
1901 
1902 	/*
1903 	 * Destroy read ahead value since we are really going to write.
1904 	 */
1905 	sp->s_nextr = 0;
1906 	size = SPEC_SIZE(VTOS(sp->s_commonvp));
1907 
1908 	adj_klustsize = klustsize;
1909 
1910 	blkoff = (pp->p_offset / adj_klustsize) * adj_klustsize;
1911 
1912 	if (blkoff + adj_klustsize <= size)
1913 		blksz = adj_klustsize;
1914 	else
1915 		blksz = size - blkoff;
1916 
1917 	/*
1918 	 * Find a kluster that fits in one contiguous chunk.
1919 	 */
1920 	pp = pvn_write_kluster(vp, pp, &tmpoff, &io_len, blkoff,
1921 		blksz, flags);
1922 	io_off = tmpoff;
1923 
1924 	/*
1925 	 * Check for page length rounding problems
1926 	 * XXX - Is this necessary?
1927 	 */
1928 	if (io_off + io_len > size) {
1929 		ASSERT((io_off + io_len) - size < PAGESIZE);
1930 		io_len = size - io_off;
1931 	}
1932 
1933 	bp = spec_startio(vp, pp, io_off, io_len, B_WRITE | flags);
1934 
1935 	/*
1936 	 * Wait for i/o to complete if the request is not B_ASYNC.
1937 	 */
1938 	if ((flags & B_ASYNC) == 0) {
1939 		err = biowait(bp);
1940 		pageio_done(bp);
1941 		pvn_write_done(pp, ((err) ? B_ERROR : 0) | B_WRITE | flags);
1942 	}
1943 
1944 	if (offp)
1945 		*offp = io_off;
1946 	if (lenp)
1947 		*lenp = io_len;
1948 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTAPAGE,
1949 		"specfs putapage:vp %p offp %p snode %p err %d",
1950 		vp, offp, sp, err);
1951 	return (err);
1952 }
1953 
1954 /*
1955  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
1956  */
1957 static struct buf *
1958 spec_startio(
1959 	struct vnode *vp,
1960 	page_t		*pp,
1961 	u_offset_t	io_off,
1962 	size_t		io_len,
1963 	int		flags)
1964 {
1965 	struct buf *bp;
1966 
1967 	bp = pageio_setup(pp, io_len, vp, flags);
1968 
1969 	bp->b_edev = vp->v_rdev;
1970 	bp->b_dev = cmpdev(vp->v_rdev);
1971 	bp->b_blkno = btodt(io_off);
1972 	bp->b_un.b_addr = (caddr_t)0;
1973 
1974 	(void) bdev_strategy(bp);
1975 
1976 	if (flags & B_READ)
1977 		lwp_stat_update(LWP_STAT_INBLK, 1);
1978 	else
1979 		lwp_stat_update(LWP_STAT_OUBLK, 1);
1980 
1981 	return (bp);
1982 }
1983 
1984 static int
1985 spec_poll(
1986 	struct vnode	*vp,
1987 	short		events,
1988 	int		anyyet,
1989 	short		*reventsp,
1990 	struct pollhead **phpp)
1991 {
1992 	dev_t dev;
1993 	int error;
1994 
1995 	if (vp->v_type == VBLK)
1996 		error = fs_poll(vp, events, anyyet, reventsp, phpp);
1997 	else {
1998 		ASSERT(vp->v_type == VCHR);
1999 		dev = vp->v_rdev;
2000 		if (STREAMSTAB(getmajor(dev))) {
2001 			ASSERT(vp->v_stream != NULL);
2002 			error = strpoll(vp->v_stream, events, anyyet,
2003 			    reventsp, phpp);
2004 		} else if (devopsp[getmajor(dev)]->devo_cb_ops->cb_chpoll) {
2005 			error = cdev_poll(dev, events, anyyet, reventsp, phpp);
2006 		} else {
2007 			error = fs_poll(vp, events, anyyet, reventsp, phpp);
2008 		}
2009 	}
2010 	return (error);
2011 }
2012 
2013 /*
2014  * This routine is called through the cdevsw[] table to handle
2015  * traditional mmap'able devices that support a d_mmap function.
2016  */
2017 /*ARGSUSED8*/
2018 int
2019 spec_segmap(
2020 	dev_t dev,
2021 	off_t off,
2022 	struct as *as,
2023 	caddr_t *addrp,
2024 	off_t len,
2025 	uint_t prot,
2026 	uint_t maxprot,
2027 	uint_t flags,
2028 	struct cred *cred)
2029 {
2030 	struct segdev_crargs dev_a;
2031 	int (*mapfunc)(dev_t dev, off_t off, int prot);
2032 	size_t i;
2033 	int	error;
2034 
2035 	if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev)
2036 		return (ENODEV);
2037 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_SEGMAP,
2038 		"specfs segmap:dev %x as %p len %lx prot %x",
2039 		dev, as, len, prot);
2040 
2041 	/*
2042 	 * Character devices that support the d_mmap
2043 	 * interface can only be mmap'ed shared.
2044 	 */
2045 	if ((flags & MAP_TYPE) != MAP_SHARED)
2046 		return (EINVAL);
2047 
2048 	/*
2049 	 * Check to ensure that the entire range is
2050 	 * legal and we are not trying to map in
2051 	 * more than the device will let us.
2052 	 */
2053 	for (i = 0; i < len; i += PAGESIZE) {
2054 		if (cdev_mmap(mapfunc, dev, off + i, maxprot) == -1)
2055 			return (ENXIO);
2056 	}
2057 
2058 	as_rangelock(as);
2059 	if ((flags & MAP_FIXED) == 0) {
2060 		/*
2061 		 * Pick an address w/o worrying about
2062 		 * any vac alignment constraints.
2063 		 */
2064 		map_addr(addrp, len, (offset_t)off, 0, flags);
2065 		if (*addrp == NULL) {
2066 			as_rangeunlock(as);
2067 			return (ENOMEM);
2068 		}
2069 	} else {
2070 		/*
2071 		 * User-specified address; blow away any previous mappings.
2072 		 */
2073 		(void) as_unmap(as, *addrp, len);
2074 	}
2075 
2076 	dev_a.mapfunc = mapfunc;
2077 	dev_a.dev = dev;
2078 	dev_a.offset = off;
2079 	dev_a.prot = (uchar_t)prot;
2080 	dev_a.maxprot = (uchar_t)maxprot;
2081 	dev_a.hat_flags = 0;
2082 	dev_a.hat_attr = 0;
2083 	dev_a.devmap_data = NULL;
2084 
2085 	error = as_map(as, *addrp, len, segdev_create, &dev_a);
2086 	as_rangeunlock(as);
2087 	return (error);
2088 }
2089 
2090 int
2091 spec_char_map(
2092 	dev_t dev,
2093 	offset_t off,
2094 	struct as *as,
2095 	caddr_t *addrp,
2096 	size_t len,
2097 	uchar_t prot,
2098 	uchar_t maxprot,
2099 	uint_t flags,
2100 	struct cred *cred)
2101 {
2102 	int error = 0;
2103 	major_t maj = getmajor(dev);
2104 	int map_flag;
2105 	int (*segmap)(dev_t, off_t, struct as *,
2106 	    caddr_t *, off_t, uint_t, uint_t, uint_t, cred_t *);
2107 	int (*devmap)(dev_t, devmap_cookie_t, offset_t,
2108 		size_t, size_t *, uint_t);
2109 	int (*mmap)(dev_t dev, off_t off, int prot);
2110 
2111 	/*
2112 	 * Character device: let the device driver
2113 	 * pick the appropriate segment driver.
2114 	 *
2115 	 * 4.x compat.: allow 'NULL' cb_segmap => spec_segmap
2116 	 * Kindness: allow 'nulldev' cb_segmap => spec_segmap
2117 	 */
2118 	segmap = devopsp[maj]->devo_cb_ops->cb_segmap;
2119 	if (segmap == NULL || segmap == nulldev || segmap == nodev) {
2120 		mmap = devopsp[maj]->devo_cb_ops->cb_mmap;
2121 		map_flag = devopsp[maj]->devo_cb_ops->cb_flag;
2122 
2123 		/*
2124 		 * Use old mmap framework if the driver has both mmap
2125 		 * and devmap entry points.  This is to prevent the
2126 		 * system from calling invalid devmap entry point
2127 		 * for some drivers that might have put garbage in the
2128 		 * devmap entry point.
2129 		 */
2130 		if ((map_flag & D_DEVMAP) || mmap == NULL ||
2131 		    mmap == nulldev || mmap == nodev) {
2132 			devmap = devopsp[maj]->devo_cb_ops->cb_devmap;
2133 
2134 			/*
2135 			 * If driver provides devmap entry point in
2136 			 * cb_ops but not xx_segmap(9E), call
2137 			 * devmap_setup with default settings
2138 			 * (NULL) for callback_ops and driver
2139 			 * callback private data
2140 			 */
2141 			if (devmap == nodev || devmap == NULL ||
2142 			    devmap == nulldev)
2143 				return (ENODEV);
2144 
2145 			error = devmap_setup(dev, off, as, addrp,
2146 			    len, prot, maxprot, flags, cred);
2147 
2148 			return (error);
2149 		} else
2150 			segmap = spec_segmap;
2151 	} else
2152 		segmap = cdev_segmap;
2153 
2154 	return ((*segmap)(dev, (off_t)off, as, addrp, len, prot,
2155 	    maxprot, flags, cred));
2156 }
2157 
2158 static int
2159 spec_map(
2160 	struct vnode *vp,
2161 	offset_t off,
2162 	struct as *as,
2163 	caddr_t *addrp,
2164 	size_t len,
2165 	uchar_t prot,
2166 	uchar_t maxprot,
2167 	uint_t flags,
2168 	struct cred *cred)
2169 {
2170 	int error = 0;
2171 
2172 	if (vp->v_flag & VNOMAP)
2173 		return (ENOSYS);
2174 
2175 	/*
2176 	 * If file is locked, fail mapping attempt.
2177 	 */
2178 	if (vn_has_flocks(vp))
2179 		return (EAGAIN);
2180 
2181 	if (vp->v_type == VCHR) {
2182 		return (spec_char_map(vp->v_rdev, off, as, addrp, len, prot,
2183 		    maxprot, flags, cred));
2184 	} else if (vp->v_type == VBLK) {
2185 		struct segvn_crargs vn_a;
2186 		struct vnode *cvp;
2187 		struct snode *sp;
2188 
2189 		/*
2190 		 * Block device, use segvn mapping to the underlying commonvp
2191 		 * for pages.
2192 		 */
2193 		if (off > spec_maxoffset(vp))
2194 			return (ENXIO);
2195 
2196 		sp = VTOS(vp);
2197 		cvp = sp->s_commonvp;
2198 		ASSERT(cvp != NULL);
2199 
2200 		if (off < 0 || ((offset_t)(off + len) < 0))
2201 			return (ENXIO);
2202 
2203 		as_rangelock(as);
2204 		if ((flags & MAP_FIXED) == 0) {
2205 			map_addr(addrp, len, off, 1, flags);
2206 			if (*addrp == NULL) {
2207 				as_rangeunlock(as);
2208 				return (ENOMEM);
2209 			}
2210 		} else {
2211 			/*
2212 			 * User-specified address; blow away any
2213 			 * previous mappings.
2214 			 */
2215 			(void) as_unmap(as, *addrp, len);
2216 		}
2217 
2218 		vn_a.vp = cvp;
2219 		vn_a.offset = off;
2220 		vn_a.type = flags & MAP_TYPE;
2221 		vn_a.prot = (uchar_t)prot;
2222 		vn_a.maxprot = (uchar_t)maxprot;
2223 		vn_a.flags = flags & ~MAP_TYPE;
2224 		vn_a.cred = cred;
2225 		vn_a.amp = NULL;
2226 		vn_a.szc = 0;
2227 		vn_a.lgrp_mem_policy_flags = 0;
2228 
2229 		error = as_map(as, *addrp, len, segvn_create, &vn_a);
2230 		as_rangeunlock(as);
2231 	} else
2232 		return (ENODEV);
2233 
2234 	return (error);
2235 }
2236 
2237 /*ARGSUSED1*/
2238 static int
2239 spec_addmap(
2240 	struct vnode *vp,	/* the common vnode */
2241 	offset_t off,
2242 	struct as *as,
2243 	caddr_t addr,
2244 	size_t len,		/* how many bytes to add */
2245 	uchar_t prot,
2246 	uchar_t maxprot,
2247 	uint_t flags,
2248 	struct cred *cred)
2249 {
2250 	int error = 0;
2251 	struct snode *csp = VTOS(vp);
2252 	ulong_t npages;
2253 
2254 	ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2255 
2256 	/*
2257 	 * XXX	Given the above assertion, this might not
2258 	 *	be a particularly sensible thing to test.
2259 	 */
2260 	if (vp->v_flag & VNOMAP)
2261 		return (ENOSYS);
2262 
2263 	npages = btopr(len);
2264 	LOCK_CSP(csp);
2265 	csp->s_mapcnt += npages;
2266 
2267 	UNLOCK_CSP(csp);
2268 	return (error);
2269 }
2270 
2271 /*ARGSUSED1*/
2272 static int
2273 spec_delmap(
2274 	struct vnode *vp,	/* the common vnode */
2275 	offset_t off,
2276 	struct as *as,
2277 	caddr_t addr,
2278 	size_t len,		/* how many bytes to take away */
2279 	uint_t prot,
2280 	uint_t maxprot,
2281 	uint_t flags,
2282 	struct cred *cred)
2283 {
2284 	struct snode *csp = VTOS(vp);
2285 	ulong_t npages;
2286 	long mcnt;
2287 
2288 	/* segdev passes us the common vp */
2289 
2290 	ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2291 
2292 	/*
2293 	 * XXX	Given the above assertion, this might not
2294 	 *	be a particularly sensible thing to test..
2295 	 */
2296 	if (vp->v_flag & VNOMAP)
2297 		return (ENOSYS);
2298 
2299 	npages = btopr(len);
2300 
2301 	LOCK_CSP(csp);
2302 	mutex_enter(&csp->s_lock);
2303 	mcnt = (csp->s_mapcnt -= npages);
2304 
2305 	if (mcnt == 0) {
2306 		/*
2307 		 * Call the close routine when the last reference of any
2308 		 * kind through any [s, v]node goes away.  The s_dip hold
2309 		 * on the devinfo node is released when the vnode is
2310 		 * destroyed.
2311 		 */
2312 		if (csp->s_count == 0) {
2313 			csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
2314 
2315 			/* See comment in spec_close() */
2316 			if (csp->s_flag & (SCLONE | SSELFCLONE))
2317 				csp->s_flag &= ~SDIPSET;
2318 
2319 			mutex_exit(&csp->s_lock);
2320 
2321 			(void) device_close(vp, 0, cred);
2322 		} else
2323 			mutex_exit(&csp->s_lock);
2324 
2325 		mutex_enter(&csp->s_lock);
2326 	}
2327 	ASSERT(mcnt >= 0);
2328 
2329 	UNLOCK_CSP_LOCK_HELD(csp);
2330 	mutex_exit(&csp->s_lock);
2331 
2332 	return (0);
2333 }
2334 
2335 static int
2336 spec_dump(struct vnode *vp, caddr_t addr, int bn, int count)
2337 {
2338 	ASSERT(vp->v_type == VBLK);
2339 	return (bdev_dump(vp->v_rdev, addr, bn, count));
2340 }
2341 
2342 
2343 /*
2344  * Do i/o on the given page list from/to vp, io_off for io_len.
2345  * Flags are composed of:
2346  * 	{B_ASYNC, B_INVAL, B_FREE, B_DONTNEED, B_READ, B_WRITE}
2347  * If B_ASYNC is not set i/o is waited for.
2348  */
2349 /*ARGSUSED5*/
2350 static int
2351 spec_pageio(
2352 	struct vnode *vp,
2353 	page_t	*pp,
2354 	u_offset_t io_off,
2355 	size_t	io_len,
2356 	int	flags,
2357 	cred_t	*cr)
2358 {
2359 	struct buf *bp = NULL;
2360 	int err = 0;
2361 
2362 	if (pp == NULL)
2363 		return (EINVAL);
2364 
2365 	bp = spec_startio(vp, pp, io_off, io_len, flags);
2366 
2367 	/*
2368 	 * Wait for i/o to complete if the request is not B_ASYNC.
2369 	 */
2370 	if ((flags & B_ASYNC) == 0) {
2371 		err = biowait(bp);
2372 		pageio_done(bp);
2373 	}
2374 	return (err);
2375 }
2376 
2377 /*
2378  * Set ACL on underlying vnode if one exists, or return ENOSYS otherwise.
2379  */
2380 int
2381 spec_setsecattr(struct vnode *vp, vsecattr_t *vsap, int flag, struct cred *cr)
2382 {
2383 	struct vnode *realvp;
2384 	struct snode *sp = VTOS(vp);
2385 	int error;
2386 
2387 	/*
2388 	 * The acl(2) system calls VOP_RWLOCK on the file before setting an
2389 	 * ACL, but since specfs does not serialize reads and writes, this
2390 	 * VOP does not do anything.  However, some backing file systems may
2391 	 * expect the lock to be held before setting an ACL, so it is taken
2392 	 * here privately to avoid serializing specfs reads and writes.
2393 	 */
2394 	if ((realvp = sp->s_realvp) != NULL) {
2395 		(void) VOP_RWLOCK(realvp, V_WRITELOCK_TRUE, NULL);
2396 		error = VOP_SETSECATTR(realvp, vsap, flag, cr);
2397 		(void) VOP_RWUNLOCK(realvp, V_WRITELOCK_TRUE, NULL);
2398 		return (error);
2399 	} else
2400 		return (fs_nosys());
2401 }
2402 
2403 /*
2404  * Get ACL from underlying vnode if one exists, or fabricate it from
2405  * the permissions returned by spec_getattr() otherwise.
2406  */
2407 int
2408 spec_getsecattr(struct vnode *vp, vsecattr_t *vsap, int flag, struct cred *cr)
2409 {
2410 	struct vnode *realvp;
2411 	struct snode *sp = VTOS(vp);
2412 
2413 	if ((realvp = sp->s_realvp) != NULL)
2414 		return (VOP_GETSECATTR(realvp, vsap, flag, cr));
2415 	else
2416 		return (fs_fab_acl(vp, vsap, flag, cr));
2417 }
2418 
2419 int
2420 spec_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr)
2421 {
2422 	vnode_t *realvp;
2423 	struct snode *sp = VTOS(vp);
2424 
2425 	if ((realvp = sp->s_realvp) != NULL)
2426 		return (VOP_PATHCONF(realvp, cmd, valp, cr));
2427 	else
2428 		return (fs_pathconf(vp, cmd, valp, cr));
2429 }
2430