xref: /titanic_52/usr/src/uts/common/fs/specfs/specvnops.c (revision 94501b61e12c24a6ea3abf427022ca0d4a302f3b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
27 /*	  All Rights Reserved  	*/
28 
29 /*
30  * University Copyright- Copyright (c) 1982, 1986, 1988
31  * The Regents of the University of California
32  * All Rights Reserved
33  *
34  * University Acknowledgment- Portions of this document are derived from
35  * software developed by the University of California, Berkeley, and its
36  * contributors.
37  */
38 
39 
40 #pragma ident	"%Z%%M%	%I%	%E% SMI"
41 
42 #include <sys/types.h>
43 #include <sys/thread.h>
44 #include <sys/t_lock.h>
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/bitmap.h>
48 #include <sys/buf.h>
49 #include <sys/cmn_err.h>
50 #include <sys/conf.h>
51 #include <sys/ddi.h>
52 #include <sys/debug.h>
53 #include <sys/errno.h>
54 #include <sys/time.h>
55 #include <sys/fcntl.h>
56 #include <sys/flock.h>
57 #include <sys/file.h>
58 #include <sys/kmem.h>
59 #include <sys/mman.h>
60 #include <sys/open.h>
61 #include <sys/swap.h>
62 #include <sys/sysmacros.h>
63 #include <sys/uio.h>
64 #include <sys/vfs.h>
65 #include <sys/vnode.h>
66 #include <sys/stat.h>
67 #include <sys/poll.h>
68 #include <sys/stream.h>
69 #include <sys/strsubr.h>
70 #include <sys/policy.h>
71 #include <sys/devpolicy.h>
72 
73 #include <sys/proc.h>
74 #include <sys/user.h>
75 #include <sys/session.h>
76 #include <sys/vmsystm.h>
77 #include <sys/vtrace.h>
78 #include <sys/pathname.h>
79 
80 #include <sys/fs/snode.h>
81 
82 #include <vm/seg.h>
83 #include <vm/seg_map.h>
84 #include <vm/page.h>
85 #include <vm/pvn.h>
86 #include <vm/seg_dev.h>
87 #include <vm/seg_vn.h>
88 
89 #include <fs/fs_subr.h>
90 
91 #include <sys/esunddi.h>
92 #include <sys/autoconf.h>
93 #include <sys/sunndi.h>
94 
95 
96 static int spec_open(struct vnode **, int, struct cred *);
97 static int spec_close(struct vnode *, int, int, offset_t, struct cred *);
98 static int spec_read(struct vnode *, struct uio *, int, struct cred *,
99 	struct caller_context *);
100 static int spec_write(struct vnode *, struct uio *, int, struct cred *,
101 	struct caller_context *);
102 static int spec_ioctl(struct vnode *, int, intptr_t, int, struct cred *, int *);
103 static int spec_getattr(struct vnode *, struct vattr *, int, struct cred *);
104 static int spec_setattr(struct vnode *, struct vattr *, int, struct cred *,
105 	caller_context_t *);
106 static int spec_access(struct vnode *, int, int, struct cred *);
107 static int spec_create(struct vnode *, char *, vattr_t *, enum vcexcl,
108     int, struct vnode **, struct cred *, int);
109 static int spec_fsync(struct vnode *, int, struct cred *);
110 static void spec_inactive(struct vnode *, struct cred *);
111 static int spec_fid(struct vnode *, struct fid *);
112 static int spec_seek(struct vnode *, offset_t, offset_t *);
113 static int spec_frlock(struct vnode *, int, struct flock64 *, int, offset_t,
114     struct flk_callback *, struct cred *);
115 static int spec_realvp(struct vnode *, struct vnode **);
116 
117 static int spec_getpage(struct vnode *, offset_t, size_t, uint_t *, page_t **,
118     size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
119 static int spec_putapage(struct vnode *, page_t *, u_offset_t *, size_t *, int,
120 	struct cred *);
121 static struct buf *spec_startio(struct vnode *, page_t *, u_offset_t, size_t,
122 	int);
123 static int spec_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
124     page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
125 static int spec_map(struct vnode *, offset_t, struct as *, caddr_t *, size_t,
126     uchar_t, uchar_t, uint_t, struct cred *);
127 static int spec_addmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
128     uchar_t, uchar_t, uint_t, struct cred *);
129 static int spec_delmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
130     uint_t, uint_t, uint_t, struct cred *);
131 
132 static int spec_poll(struct vnode *, short, int, short *, struct pollhead **);
133 static int spec_dump(struct vnode *, caddr_t, int, int);
134 static int spec_pageio(struct vnode *, page_t *, u_offset_t, size_t, int,
135     cred_t *);
136 
137 static int spec_getsecattr(struct vnode *, vsecattr_t *, int, struct cred *);
138 static int spec_setsecattr(struct vnode *, vsecattr_t *, int, struct cred *);
139 static int spec_pathconf(struct	vnode *, int, ulong_t *, struct cred *);
140 
141 #define	SN_HOLD(csp)	{ \
142 	mutex_enter(&csp->s_lock); \
143 	csp->s_count++; \
144 	mutex_exit(&csp->s_lock); \
145 }
146 
147 #define	SN_RELE(csp)	{ \
148 	mutex_enter(&csp->s_lock); \
149 	csp->s_count--; \
150 	ASSERT((csp->s_count > 0) || (csp->s_vnode->v_stream == NULL)); \
151 	mutex_exit(&csp->s_lock); \
152 }
153 
154 struct vnodeops *spec_vnodeops;
155 
156 const fs_operation_def_t spec_vnodeops_template[] = {
157 	VOPNAME_OPEN, spec_open,
158 	VOPNAME_CLOSE, spec_close,
159 	VOPNAME_READ, spec_read,
160 	VOPNAME_WRITE, spec_write,
161 	VOPNAME_IOCTL, spec_ioctl,
162 	VOPNAME_GETATTR, spec_getattr,
163 	VOPNAME_SETATTR, spec_setattr,
164 	VOPNAME_ACCESS, spec_access,
165 	VOPNAME_CREATE, spec_create,
166 	VOPNAME_FSYNC, spec_fsync,
167 	VOPNAME_INACTIVE, (fs_generic_func_p) spec_inactive,
168 	VOPNAME_FID, spec_fid,
169 	VOPNAME_SEEK, spec_seek,
170 	VOPNAME_PATHCONF, spec_pathconf,
171 	VOPNAME_FRLOCK, spec_frlock,
172 	VOPNAME_REALVP, spec_realvp,
173 	VOPNAME_GETPAGE, spec_getpage,
174 	VOPNAME_PUTPAGE, spec_putpage,
175 	VOPNAME_MAP, (fs_generic_func_p) spec_map,
176 	VOPNAME_ADDMAP, (fs_generic_func_p) spec_addmap,
177 	VOPNAME_DELMAP, spec_delmap,
178 	VOPNAME_POLL, (fs_generic_func_p) spec_poll,
179 	VOPNAME_DUMP, spec_dump,
180 	VOPNAME_PAGEIO, spec_pageio,
181 	VOPNAME_SETSECATTR, spec_setsecattr,
182 	VOPNAME_GETSECATTR, spec_getsecattr,
183 	NULL, NULL
184 };
185 
186 /*
187  * Return address of spec_vnodeops
188  */
189 struct vnodeops *
190 spec_getvnodeops(void)
191 {
192 	return (spec_vnodeops);
193 }
194 
195 extern vnode_t *rconsvp;
196 
197 /*
198  * Acquire the serial lock on the common snode.
199  */
200 #define	LOCK_CSP(csp)					\
201 	mutex_enter(&csp->s_lock);			\
202 	while (csp->s_flag & SLOCKED) {			\
203 		csp->s_flag |= SWANT;			\
204 		cv_wait(&csp->s_cv, &csp->s_lock);	\
205 	}						\
206 	csp->s_flag |= SLOCKED;				\
207 	mutex_exit(&csp->s_lock);
208 
209 #define	LOCK_CSP_SIG(csp)	lock_csp_sig(csp)
210 
211 /*
212  * Acquire the serial lock on the common snode checking for a signal.
213  * cv_wait_sig is used to allow signals to pull us out.
214  * Return 1 if locked, 0 if interrupted
215  */
216 static int
217 lock_csp_sig(struct snode *csp)
218 {
219 	mutex_enter(&csp->s_lock);
220 	while (csp->s_flag & SLOCKED) {
221 		csp->s_flag |= SWANT;
222 		if (!cv_wait_sig(&csp->s_cv, &csp->s_lock)) {
223 			mutex_exit(&csp->s_lock);
224 			/* interrupted */
225 			return (0);
226 		}
227 	}
228 	csp->s_flag |= SLOCKED;
229 	mutex_exit(&csp->s_lock);
230 
231 	return (1);
232 }
233 
234 /*
235  * Unlock the serial lock on the common snode
236  */
237 #define	UNLOCK_CSP_LOCK_HELD(csp)			\
238 	ASSERT(mutex_owned(&csp->s_lock));		\
239 	if (csp->s_flag & SWANT)			\
240 		cv_broadcast(&csp->s_cv);		\
241 	csp->s_flag &= ~(SWANT|SLOCKED);
242 
243 #define	UNLOCK_CSP(csp)					\
244 	mutex_enter(&csp->s_lock);			\
245 	UNLOCK_CSP_LOCK_HELD(csp);			\
246 	mutex_exit(&csp->s_lock);
247 
248 /*
249  * compute/return the size of the device
250  */
251 #define	SPEC_SIZE(csp)	\
252 	(((csp)->s_flag & SSIZEVALID) ? (csp)->s_size : spec_size(csp))
253 
254 /*
255  * Compute and return the size.  If the size in the common snode is valid then
256  * return it.  If not valid then get the size from the driver and set size in
257  * the common snode.  If the device has not been attached then we don't ask for
258  * an update from the driver- for non-streams SSIZEVALID stays unset until the
259  * device is attached. A stat of a mknod outside /devices (non-devfs) may
260  * report UNKNOWN_SIZE because the device may not be attached yet (SDIPSET not
261  * established in mknod until open time). An stat in /devices will report the
262  * size correctly.  Specfs should always call SPEC_SIZE instead of referring
263  * directly to s_size to initialize/retrieve the size of a device.
264  *
265  * XXX There is an inconsistency between block and raw - "unknown" is
266  * UNKNOWN_SIZE for VBLK and 0 for VCHR(raw).
267  */
268 static u_offset_t
269 spec_size(struct snode *csp)
270 {
271 	struct vnode	*cvp = STOV(csp);
272 	u_offset_t	size;
273 	int		plen;
274 	uint32_t	size32;
275 	dev_t		dev;
276 	dev_info_t	*devi;
277 	major_t		maj;
278 
279 	ASSERT((csp)->s_commonvp == cvp);	/* must be common node */
280 
281 	/* return cached value */
282 	mutex_enter(&csp->s_lock);
283 	if (csp->s_flag & SSIZEVALID) {
284 		mutex_exit(&csp->s_lock);
285 		return (csp->s_size);
286 	}
287 
288 	/* VOP_GETATTR of mknod has not had devcnt restriction applied */
289 	dev = cvp->v_rdev;
290 	maj = getmajor(dev);
291 	if (maj >= devcnt) {
292 		/* return non-cached UNKNOWN_SIZE */
293 		mutex_exit(&csp->s_lock);
294 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
295 	}
296 
297 	/* establish cached zero size for streams */
298 	if (STREAMSTAB(maj)) {
299 		csp->s_size = 0;
300 		csp->s_flag |= SSIZEVALID;
301 		mutex_exit(&csp->s_lock);
302 		return (0);
303 	}
304 
305 	/*
306 	 * Return non-cached UNKNOWN_SIZE if not open.
307 	 *
308 	 * NB: This check is bogus, calling prop_op(9E) should be gated by
309 	 * attach, not open. Not having this check however opens up a new
310 	 * context under which a driver's prop_op(9E) could be called. Calling
311 	 * prop_op(9E) in this new context has been shown to expose latent
312 	 * driver bugs (insufficient NULL pointer checks that lead to panic).
313 	 * We are keeping this open check for now to avoid these panics.
314 	 */
315 	if (csp->s_count == 0) {
316 		mutex_exit(&csp->s_lock);
317 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
318 	}
319 
320 	/* Return non-cached UNKNOWN_SIZE if not attached. */
321 	if (((csp->s_flag & SDIPSET) == 0) || (csp->s_dip == NULL) ||
322 	    !i_ddi_devi_attached(csp->s_dip)) {
323 		mutex_exit(&csp->s_lock);
324 		return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
325 	}
326 
327 	devi = csp->s_dip;
328 
329 	/*
330 	 * Established cached size obtained from the attached driver. Since we
331 	 * know the devinfo node, for efficiency we use cdev_prop_op directly
332 	 * instead of [cb]dev_[Ss]size.
333 	 */
334 	if (cvp->v_type == VCHR) {
335 		size = 0;
336 		plen = sizeof (size);
337 		if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
338 		    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
339 		    DDI_PROP_CONSUMER_TYPED, "Size", (caddr_t)&size,
340 		    &plen) != DDI_PROP_SUCCESS) {
341 			plen = sizeof (size32);
342 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
343 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
344 			    "size", (caddr_t)&size32, &plen) ==
345 			    DDI_PROP_SUCCESS)
346 				size = size32;
347 		}
348 	} else {
349 		size = UNKNOWN_SIZE;
350 		plen = sizeof (size);
351 		if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
352 		    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
353 		    DDI_PROP_CONSUMER_TYPED, "Nblocks", (caddr_t)&size,
354 		    &plen) != DDI_PROP_SUCCESS) {
355 			plen = sizeof (size32);
356 			if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
357 			    DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
358 			    "nblocks", (caddr_t)&size32, &plen) ==
359 			    DDI_PROP_SUCCESS)
360 				size = size32;
361 		}
362 
363 		if (size != UNKNOWN_SIZE) {
364 			/* convert from block size to byte size */
365 			if (size < (MAXOFFSET_T >> DEV_BSHIFT))
366 				size = size << DEV_BSHIFT;
367 			else
368 				size = UNKNOWN_SIZE;
369 		}
370 	}
371 
372 	csp->s_size = size;
373 	csp->s_flag |= SSIZEVALID;
374 
375 	mutex_exit(&csp->s_lock);
376 	return (size);
377 }
378 
379 /*
380  * This function deal with vnode substitution in the case of
381  * device cloning.
382  */
383 static int
384 spec_clone(struct vnode **vpp, dev_t newdev, int vtype, struct stdata *stp)
385 {
386 	dev_t		dev = (*vpp)->v_rdev;
387 	major_t		maj = getmajor(dev);
388 	major_t 	newmaj = getmajor(newdev);
389 	int		sysclone = (maj == clone_major);
390 	int		qassociate_used = 0;
391 	struct snode	*oldsp, *oldcsp;
392 	struct snode	*newsp, *newcsp;
393 	struct vnode	*newvp, *newcvp;
394 	dev_info_t	*dip;
395 	queue_t		*dq;
396 
397 	ASSERT(dev != newdev);
398 
399 	/*
400 	 * Check for cloning across different drivers.
401 	 * We only support this under the system provided clone driver
402 	 */
403 	if ((maj != newmaj) && !sysclone) {
404 		cmn_err(CE_NOTE,
405 		    "unsupported clone open maj = %u, newmaj = %u",
406 		    maj, newmaj);
407 		return (ENXIO);
408 	}
409 
410 	/* old */
411 	oldsp = VTOS(*vpp);
412 	oldcsp = VTOS(oldsp->s_commonvp);
413 
414 	/* new */
415 	newvp = makespecvp(newdev, vtype);
416 	ASSERT(newvp != NULL);
417 	newsp = VTOS(newvp);
418 	newcvp = newsp->s_commonvp;
419 	newcsp = VTOS(newcvp);
420 
421 	/*
422 	 * Clones inherit fsid, realvp, and dip.
423 	 * XXX realvp inherit is not occurring, does fstat of clone work?
424 	 */
425 	newsp->s_fsid = oldsp->s_fsid;
426 	if (sysclone) {
427 		newsp->s_flag |= SCLONE;
428 		dip = NULL;
429 	} else {
430 		newsp->s_flag |= SSELFCLONE;
431 		dip = oldcsp->s_dip;
432 	}
433 
434 	/*
435 	 * If we cloned to an opened newdev that already has called
436 	 * spec_assoc_vp_with_devi (SDIPSET set) then the association is
437 	 * already established.
438 	 */
439 	if (!(newcsp->s_flag & SDIPSET)) {
440 		/*
441 		 * Establish s_dip association for newdev.
442 		 *
443 		 * If we trusted the getinfo(9E) DDI_INFO_DEVT2INSTANCE
444 		 * implementation of all cloning drivers  (SCLONE and SELFCLONE)
445 		 * we would always use e_ddi_hold_devi_by_dev().  We know that
446 		 * many drivers have had (still have?) problems with
447 		 * DDI_INFO_DEVT2INSTANCE, so we try to minimize reliance by
448 		 * detecting drivers that use QASSOCIATE (by looking down the
449 		 * stream) and setting their s_dip association to NULL.
450 		 */
451 		qassociate_used = 0;
452 		if (stp) {
453 			for (dq = stp->sd_wrq; dq; dq = dq->q_next) {
454 				if (_RD(dq)->q_flag & _QASSOCIATED) {
455 					qassociate_used = 1;
456 					dip = NULL;
457 					break;
458 				}
459 			}
460 		}
461 
462 		if (dip || qassociate_used) {
463 			spec_assoc_vp_with_devi(newvp, dip);
464 		} else {
465 			/* derive association from newdev */
466 			dip = e_ddi_hold_devi_by_dev(newdev, 0);
467 			spec_assoc_vp_with_devi(newvp, dip);
468 			if (dip)
469 				ddi_release_devi(dip);
470 		}
471 	}
472 
473 	SN_HOLD(newcsp);
474 
475 	/* deal with stream stuff */
476 	if (stp != NULL) {
477 		LOCK_CSP(newcsp);	/* synchronize stream open/close */
478 		mutex_enter(&newcsp->s_lock);
479 		newcvp->v_stream = newvp->v_stream = stp;
480 		stp->sd_vnode = newcvp;
481 		stp->sd_strtab = STREAMSTAB(newmaj);
482 		mutex_exit(&newcsp->s_lock);
483 		UNLOCK_CSP(newcsp);
484 	}
485 
486 	/* substitute the vnode */
487 	SN_RELE(oldcsp);
488 	VN_RELE(*vpp);
489 	*vpp = newvp;
490 
491 	return (0);
492 }
493 
494 static int
495 spec_open(struct vnode **vpp, int flag, struct cred *cr)
496 {
497 	major_t maj;
498 	dev_t dev, newdev;
499 	struct vnode *vp, *cvp;
500 	struct snode *sp, *csp;
501 	struct stdata *stp;
502 	dev_info_t *dip;
503 	int error, type;
504 
505 	flag &= ~FCREAT;		/* paranoia */
506 
507 	vp = *vpp;
508 	sp = VTOS(vp);
509 	ASSERT((vp->v_type == VCHR) || (vp->v_type == VBLK));
510 	if ((vp->v_type != VCHR) && (vp->v_type != VBLK))
511 		return (ENXIO);
512 
513 	/*
514 	 * If the VFS_NODEVICES bit was set for the mount,
515 	 * do not allow opens of special devices.
516 	 */
517 	if (sp->s_realvp && (sp->s_realvp->v_vfsp->vfs_flag & VFS_NODEVICES))
518 		return (ENXIO);
519 
520 	newdev = dev = vp->v_rdev;
521 
522 	/*
523 	 * If we are opening a node that has not had spec_assoc_vp_with_devi
524 	 * called against it (mknod outside /devices or a non-dacf makespecvp
525 	 * node) then SDIPSET will not be set. In this case we call an
526 	 * interface which will reconstruct the path and lookup (drive attach)
527 	 * through devfs (e_ddi_hold_devi_by_dev -> e_ddi_hold_devi_by_path ->
528 	 * devfs_lookupname).  For support of broken drivers that don't call
529 	 * ddi_create_minor_node for all minor nodes in their instance space,
530 	 * we call interfaces that operates at the directory/devinfo
531 	 * (major/instance) level instead of to the leaf/minor node level.
532 	 * After finding and attaching the dip we associate it with the
533 	 * common specfs vnode (s_dip), which sets SDIPSET.  A DL_DETACH_REQ
534 	 * to style-2 stream driver may set s_dip to NULL with SDIPSET set.
535 	 *
536 	 * NOTE: Although e_ddi_hold_devi_by_dev takes a dev_t argument, its
537 	 * implementation operates at the major/instance level since it only
538 	 * need to return a dip.
539 	 */
540 	cvp = sp->s_commonvp;
541 	csp = VTOS(cvp);
542 	if (!(csp->s_flag & SDIPSET)) {
543 		/* try to attach, return error if we fail */
544 		if ((dip = e_ddi_hold_devi_by_dev(dev, 0)) == NULL)
545 			return (ENXIO);
546 
547 		/* associate dip with the common snode s_dip */
548 		spec_assoc_vp_with_devi(vp, dip);
549 		ddi_release_devi(dip);	/* from e_ddi_hold_devi_by_dev */
550 	}
551 
552 #ifdef  DEBUG
553 	/* verify attach/open exclusion guarantee */
554 	dip = csp->s_dip;
555 	ASSERT((dip == NULL) || i_ddi_devi_attached(dip));
556 #endif  /* DEBUG */
557 
558 	if ((error = secpolicy_spec_open(cr, cvp, flag)) != 0)
559 		return (error);
560 
561 	maj = getmajor(dev);
562 	if (STREAMSTAB(maj))
563 		goto streams_open;
564 
565 	SN_HOLD(csp);			/* increment open count */
566 
567 	/* non streams open */
568 	type = (vp->v_type == VBLK ? OTYP_BLK : OTYP_CHR);
569 	error = dev_open(&newdev, flag, type, cr);
570 
571 	/* deal with clone case */
572 	if (error == 0 && dev != newdev) {
573 		error = spec_clone(vpp, newdev, vp->v_type, NULL);
574 		/*
575 		 * bail on clone failure, further processing
576 		 * results in undefined behaviors.
577 		 */
578 		if (error != 0)
579 			return (error);
580 		sp = VTOS(*vpp);
581 		csp = VTOS(sp->s_commonvp);
582 	}
583 
584 	if (error == 0) {
585 		sp->s_size = SPEC_SIZE(csp);
586 
587 		if ((csp->s_flag & SNEEDCLOSE) == 0) {
588 			int nmaj = getmajor(newdev);
589 			mutex_enter(&csp->s_lock);
590 			/* successful open needs a close later */
591 			csp->s_flag |= SNEEDCLOSE;
592 
593 			/*
594 			 * Invalidate possible cached "unknown" size
595 			 * established by a VOP_GETATTR while open was in
596 			 * progress, and the driver might fail prop_op(9E).
597 			 */
598 			if (((cvp->v_type == VCHR) && (csp->s_size == 0)) ||
599 			    ((cvp->v_type == VBLK) &&
600 			    (csp->s_size == UNKNOWN_SIZE)))
601 				csp->s_flag &= ~SSIZEVALID;
602 
603 			if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_64BIT)
604 				csp->s_flag |= SLOFFSET;
605 			if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_U64BIT)
606 				csp->s_flag |= SLOFFSET | SANYOFFSET;
607 			mutex_exit(&csp->s_lock);
608 		}
609 		return (0);
610 	}
611 
612 	/*
613 	 * Open failed. If we missed a close operation because
614 	 * we were trying to get the device open and it is the
615 	 * last in progress open that is failing then call close.
616 	 *
617 	 * NOTE: Only non-streams open has this race condition.
618 	 */
619 	mutex_enter(&csp->s_lock);
620 	csp->s_count--;			/* decrement open count : SN_RELE */
621 	if ((csp->s_count == 0) &&	/* no outstanding open */
622 	    (csp->s_mapcnt == 0) &&	/* no mapping */
623 	    (csp->s_flag & SNEEDCLOSE)) { /* need a close */
624 		csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
625 
626 		/* See comment in spec_close() */
627 		if (csp->s_flag & (SCLONE | SSELFCLONE))
628 			csp->s_flag &= ~SDIPSET;
629 
630 		mutex_exit(&csp->s_lock);
631 		ASSERT(*vpp != NULL);
632 		(void) device_close(*vpp, flag, cr);
633 	} else {
634 		mutex_exit(&csp->s_lock);
635 	}
636 	return (error);
637 
638 streams_open:
639 	if (vp->v_type != VCHR)
640 		return (ENXIO);
641 
642 	/*
643 	 * Lock common snode to prevent any new clone opens
644 	 * on this stream while one is in progress.
645 	 * This is necessary since the stream currently
646 	 * associated with the clone device will not be part
647 	 * of it after the clone open completes.
648 	 * Unfortunately we don't know in advance if this is
649 	 * a clone device so we have to lock all opens.
650 	 *
651 	 * If we fail, it's because of an interrupt.
652 	 */
653 	if (LOCK_CSP_SIG(csp) == 0)
654 		return (EINTR);
655 
656 	SN_HOLD(csp);			/* increment open count */
657 
658 	error = stropen(cvp, &newdev, flag, cr);
659 	stp = cvp->v_stream;
660 
661 	/* deal with the clone case */
662 	if ((error == 0) && (dev != newdev)) {
663 		vp->v_stream = cvp->v_stream = NULL;
664 		UNLOCK_CSP(csp);
665 		error = spec_clone(vpp, newdev, vp->v_type, stp);
666 		/*
667 		 * bail on clone failure, further processing
668 		 * results in undefined behaviors.
669 		 */
670 		if (error != 0)
671 			return (error);
672 		sp = VTOS(*vpp);
673 		csp = VTOS(sp->s_commonvp);
674 	} else if (error == 0) {
675 		vp->v_stream = stp;
676 		UNLOCK_CSP(csp);
677 	}
678 
679 	if (error == 0) {
680 		/* STREAMS devices don't have a size */
681 		sp->s_size = csp->s_size = 0;
682 
683 		if (!(stp->sd_flag & STRISTTY) || (flag & FNOCTTY))
684 			return (0);
685 
686 		/* try to allocate it as a controlling terminal */
687 		if (strctty(stp) != EINTR)
688 			return (0);
689 
690 		/* strctty() was interrupted by a signal */
691 		(void) spec_close(vp, flag, 1, 0, cr);
692 		return (EINTR);
693 	}
694 
695 	/*
696 	 * Deal with stropen failure.
697 	 *
698 	 * sd_flag in the stream head cannot change since the
699 	 * common snode is locked before the call to stropen().
700 	 */
701 	if ((stp != NULL) && (stp->sd_flag & STREOPENFAIL)) {
702 		/*
703 		 * Open failed part way through.
704 		 */
705 		mutex_enter(&stp->sd_lock);
706 		stp->sd_flag &= ~STREOPENFAIL;
707 		mutex_exit(&stp->sd_lock);
708 
709 		UNLOCK_CSP(csp);
710 		(void) spec_close(vp, flag, 1, 0, cr);
711 	} else {
712 		UNLOCK_CSP(csp);
713 		SN_RELE(csp);
714 	}
715 
716 	return (error);
717 }
718 
719 /*ARGSUSED2*/
720 static int
721 spec_close(
722 	struct vnode	*vp,
723 	int		flag,
724 	int		count,
725 	offset_t	offset,
726 	struct cred	*cr)
727 {
728 	struct vnode *cvp;
729 	struct snode *sp, *csp;
730 	enum vtype type;
731 	dev_t dev;
732 	int error = 0;
733 	int sysclone;
734 
735 	if (!(flag & FKLYR)) {
736 		/* this only applies to closes of devices from userland */
737 		cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
738 		cleanshares(vp, ttoproc(curthread)->p_pid);
739 		if (vp->v_stream)
740 			strclean(vp);
741 	}
742 	if (count > 1)
743 		return (0);
744 
745 	sp = VTOS(vp);
746 	cvp = sp->s_commonvp;
747 
748 	dev = sp->s_dev;
749 	type = vp->v_type;
750 
751 	ASSERT(type == VCHR || type == VBLK);
752 
753 	/*
754 	 * Prevent close/close and close/open races by serializing closes
755 	 * on this common snode. Clone opens are held up until after
756 	 * we have closed this device so the streams linkage is maintained
757 	 */
758 	csp = VTOS(cvp);
759 
760 	LOCK_CSP(csp);
761 	mutex_enter(&csp->s_lock);
762 
763 	csp->s_count--;			/* one fewer open reference : SN_RELE */
764 	sysclone = sp->s_flag & SCLONE;
765 
766 	/*
767 	 * Invalidate size on each close.
768 	 *
769 	 * XXX We do this on each close because we don't have interfaces that
770 	 * allow a driver to invalidate the size.  Since clearing this on each
771 	 * close this causes property overhead we skip /dev/null and
772 	 * /dev/zero to avoid degrading kenbus performance.
773 	 */
774 	if (getmajor(dev) != mm_major)
775 		csp->s_flag &= ~SSIZEVALID;
776 
777 	/*
778 	 * Only call the close routine when the last open reference through
779 	 * any [s, v]node goes away.  This can be checked by looking at
780 	 * s_count on the common vnode.
781 	 */
782 	if ((csp->s_count == 0) && (csp->s_mapcnt == 0)) {
783 		/* we don't need a close */
784 		csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
785 
786 		/*
787 		 * A cloning driver may open-clone to the same dev_t that we
788 		 * are closing before spec_inactive destroys the common snode.
789 		 * If this occurs the s_dip association needs to be reevaluated.
790 		 * We clear SDIPSET to force reevaluation in this case.  When
791 		 * reevaluation occurs (by spec_clone after open), if the
792 		 * devinfo association has changed then the old association
793 		 * will be released as the new association is established by
794 		 * spec_assoc_vp_with_devi().
795 		 */
796 		if (csp->s_flag & (SCLONE | SSELFCLONE))
797 			csp->s_flag &= ~SDIPSET;
798 
799 		mutex_exit(&csp->s_lock);
800 		error = device_close(vp, flag, cr);
801 
802 		/*
803 		 * Decrement the devops held in clnopen()
804 		 */
805 		if (sysclone) {
806 			ddi_rele_driver(getmajor(dev));
807 		}
808 		mutex_enter(&csp->s_lock);
809 	}
810 
811 	UNLOCK_CSP_LOCK_HELD(csp);
812 	mutex_exit(&csp->s_lock);
813 
814 	return (error);
815 }
816 
817 /*ARGSUSED2*/
818 static int
819 spec_read(
820 	struct vnode	*vp,
821 	struct uio	*uiop,
822 	int		ioflag,
823 	struct cred	*cr,
824 	struct caller_context *ct)
825 {
826 	int error;
827 	struct snode *sp = VTOS(vp);
828 	dev_t dev = sp->s_dev;
829 	size_t n;
830 	ulong_t on;
831 	u_offset_t bdevsize;
832 	offset_t maxoff;
833 	offset_t off;
834 	struct vnode *blkvp;
835 
836 	ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
837 
838 	if (STREAMSTAB(getmajor(dev))) {	/* stream */
839 		ASSERT(vp->v_type == VCHR);
840 		smark(sp, SACC);
841 		return (strread(vp, uiop, cr));
842 	}
843 
844 	if (uiop->uio_resid == 0)
845 		return (0);
846 
847 	/*
848 	 * Plain old character devices that set D_U64BIT can have
849 	 * unrestricted offsets.
850 	 */
851 	maxoff = spec_maxoffset(vp);
852 	ASSERT(maxoff != -1 || vp->v_type == VCHR);
853 
854 	if (maxoff != -1 && (uiop->uio_loffset < 0 ||
855 	    uiop->uio_loffset + uiop->uio_resid > maxoff))
856 		return (EINVAL);
857 
858 	if (vp->v_type == VCHR) {
859 		smark(sp, SACC);
860 		ASSERT(STREAMSTAB(getmajor(dev)) == 0);
861 		return (cdev_read(dev, uiop, cr));
862 	}
863 
864 	/*
865 	 * Block device.
866 	 */
867 	error = 0;
868 	blkvp = sp->s_commonvp;
869 	bdevsize = SPEC_SIZE(VTOS(blkvp));
870 
871 	do {
872 		caddr_t base;
873 		offset_t diff;
874 
875 		off = uiop->uio_loffset & (offset_t)MAXBMASK;
876 		on = (size_t)(uiop->uio_loffset & MAXBOFFSET);
877 		n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
878 		diff = bdevsize - uiop->uio_loffset;
879 
880 		if (diff <= 0)
881 			break;
882 		if (diff < n)
883 			n = (size_t)diff;
884 
885 		if (vpm_enable) {
886 			error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
887 				n, uiop, 1, NULL, 0, S_READ);
888 		} else {
889 			base = segmap_getmapflt(segkmap, blkvp,
890 				(u_offset_t)(off + on), n, 1, S_READ);
891 
892 			error = uiomove(base + on, n, UIO_READ, uiop);
893 		}
894 		if (!error) {
895 			int flags = 0;
896 			/*
897 			 * If we read a whole block, we won't need this
898 			 * buffer again soon.
899 			 */
900 			if (n + on == MAXBSIZE)
901 				flags = SM_DONTNEED | SM_FREE;
902 			if (vpm_enable) {
903 				error = vpm_sync_pages(blkvp, off, n, flags);
904 			} else {
905 				error = segmap_release(segkmap, base, flags);
906 			}
907 		} else {
908 			if (vpm_enable) {
909 				(void) vpm_sync_pages(blkvp, off, n, 0);
910 			} else {
911 				(void) segmap_release(segkmap, base, 0);
912 			}
913 			if (bdevsize == UNKNOWN_SIZE) {
914 				error = 0;
915 				break;
916 			}
917 		}
918 	} while (error == 0 && uiop->uio_resid > 0 && n != 0);
919 
920 	return (error);
921 }
922 
923 /*ARGSUSED*/
924 static int
925 spec_write(
926 	struct vnode *vp,
927 	struct uio *uiop,
928 	int ioflag,
929 	struct cred *cr,
930 	struct caller_context *ct)
931 {
932 	int error;
933 	struct snode *sp = VTOS(vp);
934 	dev_t dev = sp->s_dev;
935 	size_t n;
936 	ulong_t on;
937 	u_offset_t bdevsize;
938 	offset_t maxoff;
939 	offset_t off;
940 	struct vnode *blkvp;
941 
942 	ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
943 
944 	if (STREAMSTAB(getmajor(dev))) {
945 		ASSERT(vp->v_type == VCHR);
946 		smark(sp, SUPD);
947 		return (strwrite(vp, uiop, cr));
948 	}
949 
950 	/*
951 	 * Plain old character devices that set D_U64BIT can have
952 	 * unrestricted offsets.
953 	 */
954 	maxoff = spec_maxoffset(vp);
955 	ASSERT(maxoff != -1 || vp->v_type == VCHR);
956 
957 	if (maxoff != -1 && (uiop->uio_loffset < 0 ||
958 	    uiop->uio_loffset + uiop->uio_resid > maxoff))
959 		return (EINVAL);
960 
961 	if (vp->v_type == VCHR) {
962 		smark(sp, SUPD);
963 		ASSERT(STREAMSTAB(getmajor(dev)) == 0);
964 		return (cdev_write(dev, uiop, cr));
965 	}
966 
967 	if (uiop->uio_resid == 0)
968 		return (0);
969 
970 	error = 0;
971 	blkvp = sp->s_commonvp;
972 	bdevsize = SPEC_SIZE(VTOS(blkvp));
973 
974 	do {
975 		int pagecreate;
976 		int newpage;
977 		caddr_t base;
978 		offset_t diff;
979 
980 		off = uiop->uio_loffset & (offset_t)MAXBMASK;
981 		on = (ulong_t)(uiop->uio_loffset & MAXBOFFSET);
982 		n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
983 		pagecreate = 0;
984 
985 		diff = bdevsize - uiop->uio_loffset;
986 		if (diff <= 0) {
987 			error = ENXIO;
988 			break;
989 		}
990 		if (diff < n)
991 			n = (size_t)diff;
992 
993 		/*
994 		 * Check to see if we can skip reading in the page
995 		 * and just allocate the memory.  We can do this
996 		 * if we are going to rewrite the entire mapping
997 		 * or if we are going to write to end of the device
998 		 * from the beginning of the mapping.
999 		 */
1000 		if (n == MAXBSIZE || (on == 0 && (off + n) == bdevsize))
1001 			pagecreate = 1;
1002 
1003 		newpage = 0;
1004 		if (vpm_enable) {
1005 			error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1006 				n, uiop, !pagecreate, NULL, 0, S_WRITE);
1007 		} else {
1008 			base = segmap_getmapflt(segkmap, blkvp,
1009 			    (u_offset_t)(off + on), n, !pagecreate, S_WRITE);
1010 
1011 			/*
1012 			 * segmap_pagecreate() returns 1 if it calls
1013 			 * page_create_va() to allocate any pages.
1014 			 */
1015 
1016 			if (pagecreate)
1017 				newpage = segmap_pagecreate(segkmap, base + on,
1018 					n, 0);
1019 
1020 			error = uiomove(base + on, n, UIO_WRITE, uiop);
1021 		}
1022 
1023 		if (!vpm_enable && pagecreate &&
1024 		    uiop->uio_loffset <
1025 		    P2ROUNDUP_TYPED(off + on + n, PAGESIZE, offset_t)) {
1026 			/*
1027 			 * We created pages w/o initializing them completely,
1028 			 * thus we need to zero the part that wasn't set up.
1029 			 * This can happen if we write to the end of the device
1030 			 * or if we had some sort of error during the uiomove.
1031 			 */
1032 			long nzero;
1033 			offset_t nmoved;
1034 
1035 			nmoved = (uiop->uio_loffset - (off + on));
1036 			if (nmoved < 0 || nmoved > n) {
1037 				panic("spec_write: nmoved bogus");
1038 				/*NOTREACHED*/
1039 			}
1040 			nzero = (long)P2ROUNDUP(on + n, PAGESIZE) -
1041 			    (on + nmoved);
1042 			if (nzero < 0 || (on + nmoved + nzero > MAXBSIZE)) {
1043 				panic("spec_write: nzero bogus");
1044 				/*NOTREACHED*/
1045 			}
1046 			(void) kzero(base + on + nmoved, (size_t)nzero);
1047 		}
1048 
1049 		/*
1050 		 * Unlock the pages which have been allocated by
1051 		 * page_create_va() in segmap_pagecreate().
1052 		 */
1053 		if (!vpm_enable && newpage)
1054 			segmap_pageunlock(segkmap, base + on,
1055 				(size_t)n, S_WRITE);
1056 
1057 		if (error == 0) {
1058 			int flags = 0;
1059 
1060 			/*
1061 			 * Force write back for synchronous write cases.
1062 			 */
1063 			if (ioflag & (FSYNC|FDSYNC))
1064 				flags = SM_WRITE;
1065 			else if (n + on == MAXBSIZE || IS_SWAPVP(vp)) {
1066 				/*
1067 				 * Have written a whole block.
1068 				 * Start an asynchronous write and
1069 				 * mark the buffer to indicate that
1070 				 * it won't be needed again soon.
1071 				 * Push swap files here, since it
1072 				 * won't happen anywhere else.
1073 				 */
1074 				flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
1075 			}
1076 			smark(sp, SUPD|SCHG);
1077 			if (vpm_enable) {
1078 				error = vpm_sync_pages(blkvp, off, n, flags);
1079 			} else {
1080 				error = segmap_release(segkmap, base, flags);
1081 			}
1082 		} else {
1083 			if (vpm_enable) {
1084 				(void) vpm_sync_pages(blkvp, off, n, SM_INVAL);
1085 			} else {
1086 				(void) segmap_release(segkmap, base, SM_INVAL);
1087 			}
1088 		}
1089 
1090 	} while (error == 0 && uiop->uio_resid > 0 && n != 0);
1091 
1092 	return (error);
1093 }
1094 
1095 static int
1096 spec_ioctl(struct vnode *vp, int cmd, intptr_t arg, int mode, struct cred *cr,
1097     int *rvalp)
1098 {
1099 	struct snode *sp;
1100 	dev_t dev;
1101 	int error;
1102 
1103 	if (vp->v_type != VCHR)
1104 		return (ENOTTY);
1105 	sp = VTOS(vp);
1106 	dev = sp->s_dev;
1107 	if (STREAMSTAB(getmajor(dev))) {
1108 		error = strioctl(vp, cmd, arg, mode, U_TO_K, cr, rvalp);
1109 	} else {
1110 		error = cdev_ioctl(dev, cmd, arg, mode, cr, rvalp);
1111 	}
1112 	return (error);
1113 }
1114 
1115 static int
1116 spec_getattr(struct vnode *vp, struct vattr *vap, int flags, struct cred *cr)
1117 {
1118 	int error;
1119 	struct snode *sp;
1120 	struct vnode *realvp;
1121 
1122 	/* With ATTR_COMM we will not get attributes from realvp */
1123 	if (flags & ATTR_COMM) {
1124 		sp = VTOS(vp);
1125 		vp = sp->s_commonvp;
1126 	}
1127 	sp = VTOS(vp);
1128 	realvp = sp->s_realvp;
1129 
1130 	if (realvp == NULL) {
1131 		static int snode_shift	= 0;
1132 
1133 		/*
1134 		 * Calculate the amount of bitshift to a snode pointer which
1135 		 * will still keep it unique.  See below.
1136 		 */
1137 		if (snode_shift == 0)
1138 			snode_shift = highbit(sizeof (struct snode));
1139 		ASSERT(snode_shift > 0);
1140 
1141 		/*
1142 		 * No real vnode behind this one.  Fill in the fields
1143 		 * from the snode.
1144 		 *
1145 		 * This code should be refined to return only the
1146 		 * attributes asked for instead of all of them.
1147 		 */
1148 		vap->va_type = vp->v_type;
1149 		vap->va_mode = 0;
1150 		vap->va_uid = vap->va_gid = 0;
1151 		vap->va_fsid = sp->s_fsid;
1152 
1153 		/*
1154 		 * If the va_nodeid is > MAX_USHORT, then i386 stats might
1155 		 * fail. So we shift down the snode pointer to try and get
1156 		 * the most uniqueness into 16-bits.
1157 		 */
1158 		vap->va_nodeid = ((ino64_t)(uintptr_t)sp >> snode_shift) &
1159 		    0xFFFF;
1160 		vap->va_nlink = 0;
1161 		vap->va_rdev = sp->s_dev;
1162 
1163 		/*
1164 		 * va_nblocks is the number of 512 byte blocks used to store
1165 		 * the mknod for the device, not the number of blocks on the
1166 		 * device itself.  This is typically zero since the mknod is
1167 		 * represented directly in the inode itself.
1168 		 */
1169 		vap->va_nblocks = 0;
1170 	} else {
1171 		error = VOP_GETATTR(realvp, vap, flags, cr);
1172 		if (error != 0)
1173 			return (error);
1174 	}
1175 
1176 	/* set the size from the snode */
1177 	vap->va_size = SPEC_SIZE(VTOS(sp->s_commonvp));
1178 	vap->va_blksize = MAXBSIZE;
1179 
1180 	mutex_enter(&sp->s_lock);
1181 	vap->va_atime.tv_sec = sp->s_atime;
1182 	vap->va_mtime.tv_sec = sp->s_mtime;
1183 	vap->va_ctime.tv_sec = sp->s_ctime;
1184 	mutex_exit(&sp->s_lock);
1185 
1186 	vap->va_atime.tv_nsec = 0;
1187 	vap->va_mtime.tv_nsec = 0;
1188 	vap->va_ctime.tv_nsec = 0;
1189 	vap->va_seq = 0;
1190 
1191 	return (0);
1192 }
1193 
1194 static int
1195 spec_setattr(
1196 	struct vnode *vp,
1197 	struct vattr *vap,
1198 	int flags,
1199 	struct cred *cr,
1200 	caller_context_t *ctp)
1201 {
1202 	struct snode *sp = VTOS(vp);
1203 	struct vnode *realvp;
1204 	int error;
1205 
1206 	if (vp->v_type == VCHR && vp->v_stream && (vap->va_mask & AT_SIZE)) {
1207 		/*
1208 		 * 1135080:	O_TRUNC should have no effect on
1209 		 *		named pipes and terminal devices.
1210 		 */
1211 		ASSERT(vap->va_mask == AT_SIZE);
1212 		return (0);
1213 	}
1214 
1215 	if ((realvp = sp->s_realvp) == NULL)
1216 		error = 0;	/* no real vnode to update */
1217 	else
1218 		error = VOP_SETATTR(realvp, vap, flags, cr, ctp);
1219 	if (error == 0) {
1220 		/*
1221 		 * If times were changed, update snode.
1222 		 */
1223 		mutex_enter(&sp->s_lock);
1224 		if (vap->va_mask & AT_ATIME)
1225 			sp->s_atime = vap->va_atime.tv_sec;
1226 		if (vap->va_mask & AT_MTIME) {
1227 			sp->s_mtime = vap->va_mtime.tv_sec;
1228 			sp->s_ctime = gethrestime_sec();
1229 		}
1230 		mutex_exit(&sp->s_lock);
1231 	}
1232 	return (error);
1233 }
1234 
1235 static int
1236 spec_access(struct vnode *vp, int mode, int flags, struct cred *cr)
1237 {
1238 	struct vnode *realvp;
1239 	struct snode *sp = VTOS(vp);
1240 
1241 	if ((realvp = sp->s_realvp) != NULL)
1242 		return (VOP_ACCESS(realvp, mode, flags, cr));
1243 	else
1244 		return (0);	/* Allow all access. */
1245 }
1246 
1247 /*
1248  * This can be called if creat or an open with O_CREAT is done on the root
1249  * of a lofs mount where the mounted entity is a special file.
1250  */
1251 /*ARGSUSED*/
1252 static int
1253 spec_create(struct vnode *dvp, char *name, vattr_t *vap, enum vcexcl excl,
1254     int mode, struct vnode **vpp, struct cred *cr, int flag)
1255 {
1256 	int error;
1257 
1258 	ASSERT(dvp && (dvp->v_flag & VROOT) && *name == '\0');
1259 	if (excl == NONEXCL) {
1260 		if (mode && (error = spec_access(dvp, mode, 0, cr)))
1261 			return (error);
1262 		VN_HOLD(dvp);
1263 		return (0);
1264 	}
1265 	return (EEXIST);
1266 }
1267 
1268 /*
1269  * In order to sync out the snode times without multi-client problems,
1270  * make sure the times written out are never earlier than the times
1271  * already set in the vnode.
1272  */
1273 static int
1274 spec_fsync(struct vnode *vp, int syncflag, struct cred *cr)
1275 {
1276 	struct snode *sp = VTOS(vp);
1277 	struct vnode *realvp;
1278 	struct vnode *cvp;
1279 	struct vattr va, vatmp;
1280 
1281 	/* If times didn't change, don't flush anything. */
1282 	mutex_enter(&sp->s_lock);
1283 	if ((sp->s_flag & (SACC|SUPD|SCHG)) == 0 && vp->v_type != VBLK) {
1284 		mutex_exit(&sp->s_lock);
1285 		return (0);
1286 	}
1287 	sp->s_flag &= ~(SACC|SUPD|SCHG);
1288 	mutex_exit(&sp->s_lock);
1289 	cvp = sp->s_commonvp;
1290 	realvp = sp->s_realvp;
1291 
1292 	if (vp->v_type == VBLK && cvp != vp && vn_has_cached_data(cvp) &&
1293 	    (cvp->v_flag & VISSWAP) == 0)
1294 		(void) VOP_PUTPAGE(cvp, (offset_t)0, 0, 0, cr);
1295 
1296 	/*
1297 	 * If no real vnode to update, don't flush anything.
1298 	 */
1299 	if (realvp == NULL)
1300 		return (0);
1301 
1302 	vatmp.va_mask = AT_ATIME|AT_MTIME;
1303 	if (VOP_GETATTR(realvp, &vatmp, 0, cr) == 0) {
1304 
1305 		mutex_enter(&sp->s_lock);
1306 		if (vatmp.va_atime.tv_sec > sp->s_atime)
1307 			va.va_atime = vatmp.va_atime;
1308 		else {
1309 			va.va_atime.tv_sec = sp->s_atime;
1310 			va.va_atime.tv_nsec = 0;
1311 		}
1312 		if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1313 			va.va_mtime = vatmp.va_mtime;
1314 		else {
1315 			va.va_mtime.tv_sec = sp->s_mtime;
1316 			va.va_mtime.tv_nsec = 0;
1317 		}
1318 		mutex_exit(&sp->s_lock);
1319 
1320 		va.va_mask = AT_ATIME|AT_MTIME;
1321 		(void) VOP_SETATTR(realvp, &va, 0, cr, NULL);
1322 	}
1323 	(void) VOP_FSYNC(realvp, syncflag, cr);
1324 	return (0);
1325 }
1326 
1327 /*ARGSUSED*/
1328 static void
1329 spec_inactive(struct vnode *vp, struct cred *cr)
1330 {
1331 	struct snode *sp = VTOS(vp);
1332 	struct vnode *cvp;
1333 	struct vnode *rvp;
1334 
1335 	/*
1336 	 * If no one has reclaimed the vnode, remove from the
1337 	 * cache now.
1338 	 */
1339 	if (vp->v_count < 1) {
1340 		panic("spec_inactive: Bad v_count");
1341 		/*NOTREACHED*/
1342 	}
1343 	mutex_enter(&stable_lock);
1344 
1345 	mutex_enter(&vp->v_lock);
1346 	/*
1347 	 * Drop the temporary hold by vn_rele now
1348 	 */
1349 	if (--vp->v_count != 0) {
1350 		mutex_exit(&vp->v_lock);
1351 		mutex_exit(&stable_lock);
1352 		return;
1353 	}
1354 	mutex_exit(&vp->v_lock);
1355 
1356 	sdelete(sp);
1357 	mutex_exit(&stable_lock);
1358 
1359 	/* We are the sole owner of sp now */
1360 	cvp = sp->s_commonvp;
1361 	rvp = sp->s_realvp;
1362 
1363 	if (rvp) {
1364 		/*
1365 		 * If the snode times changed, then update the times
1366 		 * associated with the "realvp".
1367 		 */
1368 		if ((sp->s_flag & (SACC|SUPD|SCHG)) != 0) {
1369 
1370 			struct vattr va, vatmp;
1371 
1372 			mutex_enter(&sp->s_lock);
1373 			sp->s_flag &= ~(SACC|SUPD|SCHG);
1374 			mutex_exit(&sp->s_lock);
1375 			vatmp.va_mask = AT_ATIME|AT_MTIME;
1376 			/*
1377 			 * The user may not own the device, but we
1378 			 * want to update the attributes anyway.
1379 			 */
1380 			if (VOP_GETATTR(rvp, &vatmp, 0, kcred) == 0) {
1381 				if (vatmp.va_atime.tv_sec > sp->s_atime)
1382 					va.va_atime = vatmp.va_atime;
1383 				else {
1384 					va.va_atime.tv_sec = sp->s_atime;
1385 					va.va_atime.tv_nsec = 0;
1386 				}
1387 				if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1388 					va.va_mtime = vatmp.va_mtime;
1389 				else {
1390 					va.va_mtime.tv_sec = sp->s_mtime;
1391 					va.va_mtime.tv_nsec = 0;
1392 				}
1393 
1394 				va.va_mask = AT_ATIME|AT_MTIME;
1395 				(void) VOP_SETATTR(rvp, &va, 0, kcred, NULL);
1396 			}
1397 		}
1398 	}
1399 	ASSERT(!vn_has_cached_data(vp));
1400 	vn_invalid(vp);
1401 
1402 	/* if we are sharing another file systems vfs, release it */
1403 	if (vp->v_vfsp && (vp->v_vfsp != &spec_vfs))
1404 		VFS_RELE(vp->v_vfsp);
1405 
1406 	/* if we have a realvp, release the realvp */
1407 	if (rvp)
1408 		VN_RELE(rvp);
1409 
1410 	/* if we have a common, release the common */
1411 	if (cvp && (cvp != vp)) {
1412 		VN_RELE(cvp);
1413 #ifdef DEBUG
1414 	} else if (cvp) {
1415 		/*
1416 		 * if this is the last reference to a common vnode, any
1417 		 * associated stream had better have been closed
1418 		 */
1419 		ASSERT(cvp == vp);
1420 		ASSERT(cvp->v_stream == NULL);
1421 #endif /* DEBUG */
1422 	}
1423 
1424 	/*
1425 	 * if we have a hold on a devinfo node (established by
1426 	 * spec_assoc_vp_with_devi), release the hold
1427 	 */
1428 	if (sp->s_dip)
1429 		ddi_release_devi(sp->s_dip);
1430 
1431 	/*
1432 	 * If we have an associated device policy, release it.
1433 	 */
1434 	if (sp->s_plcy != NULL)
1435 		dpfree(sp->s_plcy);
1436 
1437 	/*
1438 	 * If all holds on the devinfo node are through specfs/devfs
1439 	 * and we just destroyed the last specfs node associated with the
1440 	 * device, then the devinfo node reference count should now be
1441 	 * zero.  We can't check this because there may be other holds
1442 	 * on the node from non file system sources: ddi_hold_devi_by_instance
1443 	 * for example.
1444 	 */
1445 	kmem_cache_free(snode_cache, sp);
1446 }
1447 
1448 static int
1449 spec_fid(struct vnode *vp, struct fid *fidp)
1450 {
1451 	struct vnode *realvp;
1452 	struct snode *sp = VTOS(vp);
1453 
1454 	if ((realvp = sp->s_realvp) != NULL)
1455 		return (VOP_FID(realvp, fidp));
1456 	else
1457 		return (EINVAL);
1458 }
1459 
1460 /*ARGSUSED1*/
1461 static int
1462 spec_seek(struct vnode *vp, offset_t ooff, offset_t *noffp)
1463 {
1464 	offset_t maxoff = spec_maxoffset(vp);
1465 
1466 	if (maxoff == -1 || *noffp <= maxoff)
1467 		return (0);
1468 	else
1469 		return (EINVAL);
1470 }
1471 
1472 static int
1473 spec_frlock(
1474 	struct vnode *vp,
1475 	int		cmd,
1476 	struct flock64	*bfp,
1477 	int		flag,
1478 	offset_t	offset,
1479 	struct flk_callback *flk_cbp,
1480 	struct cred	*cr)
1481 {
1482 	struct snode *sp = VTOS(vp);
1483 	struct snode *csp;
1484 
1485 	csp = VTOS(sp->s_commonvp);
1486 	/*
1487 	 * If file is being mapped, disallow frlock.
1488 	 */
1489 	if (csp->s_mapcnt > 0)
1490 		return (EAGAIN);
1491 
1492 	return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr));
1493 }
1494 
1495 static int
1496 spec_realvp(struct vnode *vp, struct vnode **vpp)
1497 {
1498 	struct vnode *rvp;
1499 
1500 	if ((rvp = VTOS(vp)->s_realvp) != NULL) {
1501 		vp = rvp;
1502 		if (VOP_REALVP(vp, &rvp) == 0)
1503 			vp = rvp;
1504 	}
1505 
1506 	*vpp = vp;
1507 	return (0);
1508 }
1509 
1510 /*
1511  * Return all the pages from [off..off + len] in block
1512  * or character device.
1513  */
1514 static int
1515 spec_getpage(
1516 	struct vnode	*vp,
1517 	offset_t	off,
1518 	size_t		len,
1519 	uint_t		*protp,
1520 	page_t		*pl[],
1521 	size_t		plsz,
1522 	struct seg	*seg,
1523 	caddr_t		addr,
1524 	enum seg_rw	rw,
1525 	struct cred	*cr)
1526 {
1527 	struct snode *sp = VTOS(vp);
1528 	int err;
1529 
1530 	ASSERT(sp->s_commonvp == vp);
1531 
1532 	/*
1533 	 * XXX	Given the above assertion, this might not do
1534 	 *	what is wanted here.
1535 	 */
1536 	if (vp->v_flag & VNOMAP)
1537 		return (ENOSYS);
1538 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_GETPAGE,
1539 		"specfs getpage:vp %p off %llx len %ld snode %p",
1540 		vp, off, len, sp);
1541 
1542 	switch (vp->v_type) {
1543 	case VBLK:
1544 		if (protp != NULL)
1545 			*protp = PROT_ALL;
1546 
1547 		if (((u_offset_t)off + len) > (SPEC_SIZE(sp) + PAGEOFFSET))
1548 			return (EFAULT);	/* beyond EOF */
1549 
1550 		if (len <= PAGESIZE)
1551 			err = spec_getapage(vp, (u_offset_t)off, len, protp, pl,
1552 			    plsz, seg, addr, rw, cr);
1553 		else
1554 			err = pvn_getpages(spec_getapage, vp, (u_offset_t)off,
1555 			    len, protp, pl, plsz, seg, addr, rw, cr);
1556 		break;
1557 
1558 	case VCHR:
1559 		cmn_err(CE_NOTE, "spec_getpage called for character device. "
1560 		    "Check any non-ON consolidation drivers");
1561 		err = 0;
1562 		pl[0] = (page_t *)0;
1563 		break;
1564 
1565 	default:
1566 		panic("spec_getpage: bad v_type 0x%x", vp->v_type);
1567 		/*NOTREACHED*/
1568 	}
1569 
1570 	return (err);
1571 }
1572 
1573 extern int klustsize;	/* set in machdep.c */
1574 
1575 int spec_ra = 1;
1576 int spec_lostpage;	/* number of times we lost original page */
1577 
1578 /*ARGSUSED2*/
1579 static int
1580 spec_getapage(
1581 	struct vnode *vp,
1582 	u_offset_t	off,
1583 	size_t		len,
1584 	uint_t		*protp,
1585 	page_t		*pl[],
1586 	size_t		plsz,
1587 	struct seg	*seg,
1588 	caddr_t		addr,
1589 	enum seg_rw	rw,
1590 	struct cred	*cr)
1591 {
1592 	struct snode *sp;
1593 	struct buf *bp;
1594 	page_t *pp, *pp2;
1595 	u_offset_t io_off1, io_off2;
1596 	size_t io_len1;
1597 	size_t io_len2;
1598 	size_t blksz;
1599 	u_offset_t blkoff;
1600 	int dora, err;
1601 	page_t *pagefound;
1602 	uint_t xlen;
1603 	size_t adj_klustsize;
1604 	u_offset_t size;
1605 	u_offset_t tmpoff;
1606 
1607 	sp = VTOS(vp);
1608 	TRACE_3(TR_FAC_SPECFS, TR_SPECFS_GETAPAGE,
1609 		"specfs getapage:vp %p off %llx snode %p", vp, off, sp);
1610 reread:
1611 
1612 	err = 0;
1613 	bp = NULL;
1614 	pp = NULL;
1615 	pp2 = NULL;
1616 
1617 	if (pl != NULL)
1618 		pl[0] = NULL;
1619 
1620 	size = SPEC_SIZE(VTOS(sp->s_commonvp));
1621 
1622 	if (spec_ra && sp->s_nextr == off)
1623 		dora = 1;
1624 	else
1625 		dora = 0;
1626 
1627 	if (size == UNKNOWN_SIZE) {
1628 		dora = 0;
1629 		adj_klustsize = PAGESIZE;
1630 	} else {
1631 		adj_klustsize = dora ? klustsize : PAGESIZE;
1632 	}
1633 
1634 again:
1635 	if ((pagefound = page_exists(vp, off)) == NULL) {
1636 		if (rw == S_CREATE) {
1637 			/*
1638 			 * We're allocating a swap slot and it's
1639 			 * associated page was not found, so allocate
1640 			 * and return it.
1641 			 */
1642 			if ((pp = page_create_va(vp, off,
1643 			    PAGESIZE, PG_WAIT, seg, addr)) == NULL) {
1644 				panic("spec_getapage: page_create");
1645 				/*NOTREACHED*/
1646 			}
1647 			io_len1 = PAGESIZE;
1648 			sp->s_nextr = off + PAGESIZE;
1649 		} else {
1650 			/*
1651 			 * Need to really do disk I/O to get the page(s).
1652 			 */
1653 			blkoff = (off / adj_klustsize) * adj_klustsize;
1654 			if (size == UNKNOWN_SIZE) {
1655 				blksz = PAGESIZE;
1656 			} else {
1657 				if (blkoff + adj_klustsize <= size)
1658 					blksz = adj_klustsize;
1659 				else
1660 					blksz =
1661 					    MIN(size - blkoff, adj_klustsize);
1662 			}
1663 
1664 			pp = pvn_read_kluster(vp, off, seg, addr, &tmpoff,
1665 			    &io_len1, blkoff, blksz, 0);
1666 			io_off1 = tmpoff;
1667 			/*
1668 			 * Make sure the page didn't sneek into the
1669 			 * cache while we blocked in pvn_read_kluster.
1670 			 */
1671 			if (pp == NULL)
1672 				goto again;
1673 
1674 			/*
1675 			 * Zero part of page which we are not
1676 			 * going to be reading from disk now.
1677 			 */
1678 			xlen = (uint_t)(io_len1 & PAGEOFFSET);
1679 			if (xlen != 0)
1680 				pagezero(pp->p_prev, xlen, PAGESIZE - xlen);
1681 
1682 			bp = spec_startio(vp, pp, io_off1, io_len1,
1683 			    pl == NULL ? (B_ASYNC | B_READ) : B_READ);
1684 			sp->s_nextr = io_off1 + io_len1;
1685 		}
1686 	}
1687 
1688 	if (dora && rw != S_CREATE) {
1689 		u_offset_t off2;
1690 		caddr_t addr2;
1691 
1692 		off2 = ((off / adj_klustsize) + 1) * adj_klustsize;
1693 		addr2 = addr + (off2 - off);
1694 
1695 		pp2 = NULL;
1696 		/*
1697 		 * If we are past EOF then don't bother trying
1698 		 * with read-ahead.
1699 		 */
1700 		if (off2 >= size)
1701 			pp2 = NULL;
1702 		else {
1703 			if (off2 + adj_klustsize <= size)
1704 				blksz = adj_klustsize;
1705 			else
1706 				blksz = MIN(size - off2, adj_klustsize);
1707 
1708 			pp2 = pvn_read_kluster(vp, off2, seg, addr2, &tmpoff,
1709 			    &io_len2, off2, blksz, 1);
1710 			io_off2 = tmpoff;
1711 		}
1712 
1713 		if (pp2 != NULL) {
1714 			/*
1715 			 * Zero part of page which we are not
1716 			 * going to be reading from disk now.
1717 			 */
1718 			xlen = (uint_t)(io_len2 & PAGEOFFSET);
1719 			if (xlen != 0)
1720 				pagezero(pp2->p_prev, xlen, PAGESIZE - xlen);
1721 
1722 			(void) spec_startio(vp, pp2, io_off2, io_len2,
1723 			    B_READ | B_ASYNC);
1724 		}
1725 	}
1726 
1727 	if (pl == NULL)
1728 		return (err);
1729 
1730 	if (bp != NULL) {
1731 		err = biowait(bp);
1732 		pageio_done(bp);
1733 
1734 		if (err) {
1735 			if (pp != NULL)
1736 				pvn_read_done(pp, B_ERROR);
1737 			return (err);
1738 		}
1739 	}
1740 
1741 	if (pagefound) {
1742 		se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
1743 		/*
1744 		 * Page exists in the cache, acquire the appropriate
1745 		 * lock.  If this fails, start all over again.
1746 		 */
1747 
1748 		if ((pp = page_lookup(vp, off, se)) == NULL) {
1749 			spec_lostpage++;
1750 			goto reread;
1751 		}
1752 		pl[0] = pp;
1753 		pl[1] = NULL;
1754 
1755 		sp->s_nextr = off + PAGESIZE;
1756 		return (0);
1757 	}
1758 
1759 	if (pp != NULL)
1760 		pvn_plist_init(pp, pl, plsz, off, io_len1, rw);
1761 	return (0);
1762 }
1763 
1764 /*
1765  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED, B_FORCE}.
1766  * If len == 0, do from off to EOF.
1767  *
1768  * The normal cases should be len == 0 & off == 0 (entire vp list),
1769  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
1770  * (from pageout).
1771  */
1772 int
1773 spec_putpage(
1774 	struct vnode *vp,
1775 	offset_t	off,
1776 	size_t		len,
1777 	int		flags,
1778 	struct cred	*cr)
1779 {
1780 	struct snode *sp = VTOS(vp);
1781 	struct vnode *cvp;
1782 	page_t *pp;
1783 	u_offset_t io_off;
1784 	size_t io_len = 0;	/* for lint */
1785 	int err = 0;
1786 	u_offset_t size;
1787 	u_offset_t tmpoff;
1788 
1789 	ASSERT(vp->v_count != 0);
1790 
1791 	if (vp->v_flag & VNOMAP)
1792 		return (ENOSYS);
1793 
1794 	cvp = sp->s_commonvp;
1795 	size = SPEC_SIZE(VTOS(cvp));
1796 
1797 	if (!vn_has_cached_data(vp) || off >= size)
1798 		return (0);
1799 
1800 	ASSERT(vp->v_type == VBLK && cvp == vp);
1801 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTPAGE,
1802 		"specfs putpage:vp %p off %llx len %ld snode %p",
1803 		vp, off, len, sp);
1804 
1805 	if (len == 0) {
1806 		/*
1807 		 * Search the entire vp list for pages >= off.
1808 		 */
1809 		err = pvn_vplist_dirty(vp, off, spec_putapage,
1810 		    flags, cr);
1811 	} else {
1812 		u_offset_t eoff;
1813 
1814 		/*
1815 		 * Loop over all offsets in the range [off...off + len]
1816 		 * looking for pages to deal with.  We set limits so
1817 		 * that we kluster to klustsize boundaries.
1818 		 */
1819 		eoff = off + len;
1820 		for (io_off = off; io_off < eoff && io_off < size;
1821 		    io_off += io_len) {
1822 			/*
1823 			 * If we are not invalidating, synchronously
1824 			 * freeing or writing pages use the routine
1825 			 * page_lookup_nowait() to prevent reclaiming
1826 			 * them from the free list.
1827 			 */
1828 			if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
1829 				pp = page_lookup(vp, io_off,
1830 					(flags & (B_INVAL | B_FREE)) ?
1831 					    SE_EXCL : SE_SHARED);
1832 			} else {
1833 				pp = page_lookup_nowait(vp, io_off,
1834 					(flags & B_FREE) ? SE_EXCL : SE_SHARED);
1835 			}
1836 
1837 			if (pp == NULL || pvn_getdirty(pp, flags) == 0)
1838 				io_len = PAGESIZE;
1839 			else {
1840 				err = spec_putapage(vp, pp, &tmpoff, &io_len,
1841 				    flags, cr);
1842 				io_off = tmpoff;
1843 				if (err != 0)
1844 					break;
1845 				/*
1846 				 * "io_off" and "io_len" are returned as
1847 				 * the range of pages we actually wrote.
1848 				 * This allows us to skip ahead more quickly
1849 				 * since several pages may've been dealt
1850 				 * with by this iteration of the loop.
1851 				 */
1852 			}
1853 		}
1854 	}
1855 	return (err);
1856 }
1857 
1858 
1859 /*
1860  * Write out a single page, possibly klustering adjacent
1861  * dirty pages.
1862  */
1863 /*ARGSUSED5*/
1864 static int
1865 spec_putapage(
1866 	struct vnode	*vp,
1867 	page_t		*pp,
1868 	u_offset_t	*offp,		/* return value */
1869 	size_t		*lenp,		/* return value */
1870 	int		flags,
1871 	struct cred	*cr)
1872 {
1873 	struct snode *sp = VTOS(vp);
1874 	u_offset_t io_off;
1875 	size_t io_len;
1876 	size_t blksz;
1877 	u_offset_t blkoff;
1878 	int err = 0;
1879 	struct buf *bp;
1880 	u_offset_t size;
1881 	size_t adj_klustsize;
1882 	u_offset_t tmpoff;
1883 
1884 	/*
1885 	 * Destroy read ahead value since we are really going to write.
1886 	 */
1887 	sp->s_nextr = 0;
1888 	size = SPEC_SIZE(VTOS(sp->s_commonvp));
1889 
1890 	adj_klustsize = klustsize;
1891 
1892 	blkoff = (pp->p_offset / adj_klustsize) * adj_klustsize;
1893 
1894 	if (blkoff + adj_klustsize <= size)
1895 		blksz = adj_klustsize;
1896 	else
1897 		blksz = size - blkoff;
1898 
1899 	/*
1900 	 * Find a kluster that fits in one contiguous chunk.
1901 	 */
1902 	pp = pvn_write_kluster(vp, pp, &tmpoff, &io_len, blkoff,
1903 		blksz, flags);
1904 	io_off = tmpoff;
1905 
1906 	/*
1907 	 * Check for page length rounding problems
1908 	 * XXX - Is this necessary?
1909 	 */
1910 	if (io_off + io_len > size) {
1911 		ASSERT((io_off + io_len) - size < PAGESIZE);
1912 		io_len = size - io_off;
1913 	}
1914 
1915 	bp = spec_startio(vp, pp, io_off, io_len, B_WRITE | flags);
1916 
1917 	/*
1918 	 * Wait for i/o to complete if the request is not B_ASYNC.
1919 	 */
1920 	if ((flags & B_ASYNC) == 0) {
1921 		err = biowait(bp);
1922 		pageio_done(bp);
1923 		pvn_write_done(pp, ((err) ? B_ERROR : 0) | B_WRITE | flags);
1924 	}
1925 
1926 	if (offp)
1927 		*offp = io_off;
1928 	if (lenp)
1929 		*lenp = io_len;
1930 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTAPAGE,
1931 		"specfs putapage:vp %p offp %p snode %p err %d",
1932 		vp, offp, sp, err);
1933 	return (err);
1934 }
1935 
1936 /*
1937  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
1938  */
1939 static struct buf *
1940 spec_startio(
1941 	struct vnode *vp,
1942 	page_t		*pp,
1943 	u_offset_t	io_off,
1944 	size_t		io_len,
1945 	int		flags)
1946 {
1947 	struct buf *bp;
1948 
1949 	bp = pageio_setup(pp, io_len, vp, flags);
1950 
1951 	bp->b_edev = vp->v_rdev;
1952 	bp->b_dev = cmpdev(vp->v_rdev);
1953 	bp->b_blkno = btodt(io_off);
1954 	bp->b_un.b_addr = (caddr_t)0;
1955 
1956 	(void) bdev_strategy(bp);
1957 
1958 	if (flags & B_READ)
1959 		lwp_stat_update(LWP_STAT_INBLK, 1);
1960 	else
1961 		lwp_stat_update(LWP_STAT_OUBLK, 1);
1962 
1963 	return (bp);
1964 }
1965 
1966 static int
1967 spec_poll(
1968 	struct vnode	*vp,
1969 	short		events,
1970 	int		anyyet,
1971 	short		*reventsp,
1972 	struct pollhead **phpp)
1973 {
1974 	dev_t dev;
1975 	int error;
1976 
1977 	if (vp->v_type == VBLK)
1978 		error = fs_poll(vp, events, anyyet, reventsp, phpp);
1979 	else {
1980 		ASSERT(vp->v_type == VCHR);
1981 		dev = vp->v_rdev;
1982 		if (STREAMSTAB(getmajor(dev))) {
1983 			ASSERT(vp->v_stream != NULL);
1984 			error = strpoll(vp->v_stream, events, anyyet,
1985 			    reventsp, phpp);
1986 		} else if (devopsp[getmajor(dev)]->devo_cb_ops->cb_chpoll) {
1987 			error = cdev_poll(dev, events, anyyet, reventsp, phpp);
1988 		} else {
1989 			error = fs_poll(vp, events, anyyet, reventsp, phpp);
1990 		}
1991 	}
1992 	return (error);
1993 }
1994 
1995 /*
1996  * This routine is called through the cdevsw[] table to handle
1997  * traditional mmap'able devices that support a d_mmap function.
1998  */
1999 /*ARGSUSED8*/
2000 int
2001 spec_segmap(
2002 	dev_t dev,
2003 	off_t off,
2004 	struct as *as,
2005 	caddr_t *addrp,
2006 	off_t len,
2007 	uint_t prot,
2008 	uint_t maxprot,
2009 	uint_t flags,
2010 	struct cred *cred)
2011 {
2012 	struct segdev_crargs dev_a;
2013 	int (*mapfunc)(dev_t dev, off_t off, int prot);
2014 	size_t i;
2015 	int	error;
2016 
2017 	if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev)
2018 		return (ENODEV);
2019 	TRACE_4(TR_FAC_SPECFS, TR_SPECFS_SEGMAP,
2020 		"specfs segmap:dev %x as %p len %lx prot %x",
2021 		dev, as, len, prot);
2022 
2023 	/*
2024 	 * Character devices that support the d_mmap
2025 	 * interface can only be mmap'ed shared.
2026 	 */
2027 	if ((flags & MAP_TYPE) != MAP_SHARED)
2028 		return (EINVAL);
2029 
2030 	/*
2031 	 * Check to ensure that the entire range is
2032 	 * legal and we are not trying to map in
2033 	 * more than the device will let us.
2034 	 */
2035 	for (i = 0; i < len; i += PAGESIZE) {
2036 		if (cdev_mmap(mapfunc, dev, off + i, maxprot) == -1)
2037 			return (ENXIO);
2038 	}
2039 
2040 	as_rangelock(as);
2041 	if ((flags & MAP_FIXED) == 0) {
2042 		/*
2043 		 * Pick an address w/o worrying about
2044 		 * any vac alignment constraints.
2045 		 */
2046 		map_addr(addrp, len, (offset_t)off, 0, flags);
2047 		if (*addrp == NULL) {
2048 			as_rangeunlock(as);
2049 			return (ENOMEM);
2050 		}
2051 	} else {
2052 		/*
2053 		 * User-specified address; blow away any previous mappings.
2054 		 */
2055 		(void) as_unmap(as, *addrp, len);
2056 	}
2057 
2058 	dev_a.mapfunc = mapfunc;
2059 	dev_a.dev = dev;
2060 	dev_a.offset = off;
2061 	dev_a.prot = (uchar_t)prot;
2062 	dev_a.maxprot = (uchar_t)maxprot;
2063 	dev_a.hat_flags = 0;
2064 	dev_a.hat_attr = 0;
2065 	dev_a.devmap_data = NULL;
2066 
2067 	error = as_map(as, *addrp, len, segdev_create, &dev_a);
2068 	as_rangeunlock(as);
2069 	return (error);
2070 }
2071 
2072 int
2073 spec_char_map(
2074 	dev_t dev,
2075 	offset_t off,
2076 	struct as *as,
2077 	caddr_t *addrp,
2078 	size_t len,
2079 	uchar_t prot,
2080 	uchar_t maxprot,
2081 	uint_t flags,
2082 	struct cred *cred)
2083 {
2084 	int error = 0;
2085 	major_t maj = getmajor(dev);
2086 	int map_flag;
2087 	int (*segmap)(dev_t, off_t, struct as *,
2088 	    caddr_t *, off_t, uint_t, uint_t, uint_t, cred_t *);
2089 	int (*devmap)(dev_t, devmap_cookie_t, offset_t,
2090 		size_t, size_t *, uint_t);
2091 	int (*mmap)(dev_t dev, off_t off, int prot);
2092 
2093 	/*
2094 	 * Character device: let the device driver
2095 	 * pick the appropriate segment driver.
2096 	 *
2097 	 * 4.x compat.: allow 'NULL' cb_segmap => spec_segmap
2098 	 * Kindness: allow 'nulldev' cb_segmap => spec_segmap
2099 	 */
2100 	segmap = devopsp[maj]->devo_cb_ops->cb_segmap;
2101 	if (segmap == NULL || segmap == nulldev || segmap == nodev) {
2102 		mmap = devopsp[maj]->devo_cb_ops->cb_mmap;
2103 		map_flag = devopsp[maj]->devo_cb_ops->cb_flag;
2104 
2105 		/*
2106 		 * Use old mmap framework if the driver has both mmap
2107 		 * and devmap entry points.  This is to prevent the
2108 		 * system from calling invalid devmap entry point
2109 		 * for some drivers that might have put garbage in the
2110 		 * devmap entry point.
2111 		 */
2112 		if ((map_flag & D_DEVMAP) || mmap == NULL ||
2113 		    mmap == nulldev || mmap == nodev) {
2114 			devmap = devopsp[maj]->devo_cb_ops->cb_devmap;
2115 
2116 			/*
2117 			 * If driver provides devmap entry point in
2118 			 * cb_ops but not xx_segmap(9E), call
2119 			 * devmap_setup with default settings
2120 			 * (NULL) for callback_ops and driver
2121 			 * callback private data
2122 			 */
2123 			if (devmap == nodev || devmap == NULL ||
2124 			    devmap == nulldev)
2125 				return (ENODEV);
2126 
2127 			error = devmap_setup(dev, off, as, addrp,
2128 			    len, prot, maxprot, flags, cred);
2129 
2130 			return (error);
2131 		} else
2132 			segmap = spec_segmap;
2133 	} else
2134 		segmap = cdev_segmap;
2135 
2136 	return ((*segmap)(dev, (off_t)off, as, addrp, len, prot,
2137 	    maxprot, flags, cred));
2138 }
2139 
2140 static int
2141 spec_map(
2142 	struct vnode *vp,
2143 	offset_t off,
2144 	struct as *as,
2145 	caddr_t *addrp,
2146 	size_t len,
2147 	uchar_t prot,
2148 	uchar_t maxprot,
2149 	uint_t flags,
2150 	struct cred *cred)
2151 {
2152 	int error = 0;
2153 
2154 	if (vp->v_flag & VNOMAP)
2155 		return (ENOSYS);
2156 
2157 	/*
2158 	 * If file is locked, fail mapping attempt.
2159 	 */
2160 	if (vn_has_flocks(vp))
2161 		return (EAGAIN);
2162 
2163 	if (vp->v_type == VCHR) {
2164 		return (spec_char_map(vp->v_rdev, off, as, addrp, len, prot,
2165 		    maxprot, flags, cred));
2166 	} else if (vp->v_type == VBLK) {
2167 		struct segvn_crargs vn_a;
2168 		struct vnode *cvp;
2169 		struct snode *sp;
2170 
2171 		/*
2172 		 * Block device, use segvn mapping to the underlying commonvp
2173 		 * for pages.
2174 		 */
2175 		if (off > spec_maxoffset(vp))
2176 			return (ENXIO);
2177 
2178 		sp = VTOS(vp);
2179 		cvp = sp->s_commonvp;
2180 		ASSERT(cvp != NULL);
2181 
2182 		if (off < 0 || (off + len) < 0)
2183 			return (ENXIO);
2184 
2185 		as_rangelock(as);
2186 		if ((flags & MAP_FIXED) == 0) {
2187 			map_addr(addrp, len, off, 1, flags);
2188 			if (*addrp == NULL) {
2189 				as_rangeunlock(as);
2190 				return (ENOMEM);
2191 			}
2192 		} else {
2193 			/*
2194 			 * User-specified address; blow away any
2195 			 * previous mappings.
2196 			 */
2197 			(void) as_unmap(as, *addrp, len);
2198 		}
2199 
2200 		vn_a.vp = cvp;
2201 		vn_a.offset = off;
2202 		vn_a.type = flags & MAP_TYPE;
2203 		vn_a.prot = (uchar_t)prot;
2204 		vn_a.maxprot = (uchar_t)maxprot;
2205 		vn_a.flags = flags & ~MAP_TYPE;
2206 		vn_a.cred = cred;
2207 		vn_a.amp = NULL;
2208 		vn_a.szc = 0;
2209 		vn_a.lgrp_mem_policy_flags = 0;
2210 
2211 		error = as_map(as, *addrp, len, segvn_create, &vn_a);
2212 		as_rangeunlock(as);
2213 	} else
2214 		return (ENODEV);
2215 
2216 	return (error);
2217 }
2218 
2219 /*ARGSUSED1*/
2220 static int
2221 spec_addmap(
2222 	struct vnode *vp,	/* the common vnode */
2223 	offset_t off,
2224 	struct as *as,
2225 	caddr_t addr,
2226 	size_t len,		/* how many bytes to add */
2227 	uchar_t prot,
2228 	uchar_t maxprot,
2229 	uint_t flags,
2230 	struct cred *cred)
2231 {
2232 	int error = 0;
2233 	struct snode *csp = VTOS(vp);
2234 	ulong_t npages;
2235 
2236 	ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2237 
2238 	/*
2239 	 * XXX	Given the above assertion, this might not
2240 	 *	be a particularly sensible thing to test.
2241 	 */
2242 	if (vp->v_flag & VNOMAP)
2243 		return (ENOSYS);
2244 
2245 	npages = btopr(len);
2246 	LOCK_CSP(csp);
2247 	csp->s_mapcnt += npages;
2248 
2249 	UNLOCK_CSP(csp);
2250 	return (error);
2251 }
2252 
2253 /*ARGSUSED1*/
2254 static int
2255 spec_delmap(
2256 	struct vnode *vp,	/* the common vnode */
2257 	offset_t off,
2258 	struct as *as,
2259 	caddr_t addr,
2260 	size_t len,		/* how many bytes to take away */
2261 	uint_t prot,
2262 	uint_t maxprot,
2263 	uint_t flags,
2264 	struct cred *cred)
2265 {
2266 	struct snode *csp = VTOS(vp);
2267 	ulong_t npages;
2268 	long mcnt;
2269 
2270 	/* segdev passes us the common vp */
2271 
2272 	ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2273 
2274 	/*
2275 	 * XXX	Given the above assertion, this might not
2276 	 *	be a particularly sensible thing to test..
2277 	 */
2278 	if (vp->v_flag & VNOMAP)
2279 		return (ENOSYS);
2280 
2281 	npages = btopr(len);
2282 
2283 	LOCK_CSP(csp);
2284 	mutex_enter(&csp->s_lock);
2285 	mcnt = (csp->s_mapcnt -= npages);
2286 
2287 	if (mcnt == 0) {
2288 		/*
2289 		 * Call the close routine when the last reference of any
2290 		 * kind through any [s, v]node goes away.  The s_dip hold
2291 		 * on the devinfo node is released when the vnode is
2292 		 * destroyed.
2293 		 */
2294 		if (csp->s_count == 0) {
2295 			csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
2296 
2297 			/* See comment in spec_close() */
2298 			if (csp->s_flag & (SCLONE | SSELFCLONE))
2299 				csp->s_flag &= ~SDIPSET;
2300 
2301 			mutex_exit(&csp->s_lock);
2302 
2303 			(void) device_close(vp, 0, cred);
2304 		} else
2305 			mutex_exit(&csp->s_lock);
2306 
2307 		mutex_enter(&csp->s_lock);
2308 	}
2309 	ASSERT(mcnt >= 0);
2310 
2311 	UNLOCK_CSP_LOCK_HELD(csp);
2312 	mutex_exit(&csp->s_lock);
2313 
2314 	return (0);
2315 }
2316 
2317 static int
2318 spec_dump(struct vnode *vp, caddr_t addr, int bn, int count)
2319 {
2320 	ASSERT(vp->v_type == VBLK);
2321 	return (bdev_dump(vp->v_rdev, addr, bn, count));
2322 }
2323 
2324 
2325 /*
2326  * Do i/o on the given page list from/to vp, io_off for io_len.
2327  * Flags are composed of:
2328  * 	{B_ASYNC, B_INVAL, B_FREE, B_DONTNEED, B_READ, B_WRITE}
2329  * If B_ASYNC is not set i/o is waited for.
2330  */
2331 /*ARGSUSED5*/
2332 static int
2333 spec_pageio(
2334 	struct vnode *vp,
2335 	page_t	*pp,
2336 	u_offset_t io_off,
2337 	size_t	io_len,
2338 	int	flags,
2339 	cred_t	*cr)
2340 {
2341 	struct buf *bp = NULL;
2342 	int err = 0;
2343 
2344 	if (pp == NULL)
2345 		return (EINVAL);
2346 
2347 	bp = spec_startio(vp, pp, io_off, io_len, flags);
2348 
2349 	/*
2350 	 * Wait for i/o to complete if the request is not B_ASYNC.
2351 	 */
2352 	if ((flags & B_ASYNC) == 0) {
2353 		err = biowait(bp);
2354 		pageio_done(bp);
2355 	}
2356 	return (err);
2357 }
2358 
2359 /*
2360  * Set ACL on underlying vnode if one exists, or return ENOSYS otherwise.
2361  */
2362 int
2363 spec_setsecattr(struct vnode *vp, vsecattr_t *vsap, int flag, struct cred *cr)
2364 {
2365 	struct vnode *realvp;
2366 	struct snode *sp = VTOS(vp);
2367 	int error;
2368 
2369 	/*
2370 	 * The acl(2) system calls VOP_RWLOCK on the file before setting an
2371 	 * ACL, but since specfs does not serialize reads and writes, this
2372 	 * VOP does not do anything.  However, some backing file systems may
2373 	 * expect the lock to be held before setting an ACL, so it is taken
2374 	 * here privately to avoid serializing specfs reads and writes.
2375 	 */
2376 	if ((realvp = sp->s_realvp) != NULL) {
2377 		(void) VOP_RWLOCK(realvp, V_WRITELOCK_TRUE, NULL);
2378 		error = VOP_SETSECATTR(realvp, vsap, flag, cr);
2379 		(void) VOP_RWUNLOCK(realvp, V_WRITELOCK_TRUE, NULL);
2380 		return (error);
2381 	} else
2382 		return (fs_nosys());
2383 }
2384 
2385 /*
2386  * Get ACL from underlying vnode if one exists, or fabricate it from
2387  * the permissions returned by spec_getattr() otherwise.
2388  */
2389 int
2390 spec_getsecattr(struct vnode *vp, vsecattr_t *vsap, int flag, struct cred *cr)
2391 {
2392 	struct vnode *realvp;
2393 	struct snode *sp = VTOS(vp);
2394 
2395 	if ((realvp = sp->s_realvp) != NULL)
2396 		return (VOP_GETSECATTR(realvp, vsap, flag, cr));
2397 	else
2398 		return (fs_fab_acl(vp, vsap, flag, cr));
2399 }
2400 
2401 int
2402 spec_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr)
2403 {
2404 	vnode_t *realvp;
2405 	struct snode *sp = VTOS(vp);
2406 
2407 	if ((realvp = sp->s_realvp) != NULL)
2408 		return (VOP_PATHCONF(realvp, cmd, valp, cr));
2409 	else
2410 		return (fs_pathconf(vp, cmd, valp, cr));
2411 }
2412