xref: /titanic_52/usr/src/uts/common/fs/tmpfs/tmp_vnops.c (revision 27c48ed935c6a5f6015c6534b98e3090b1ddfdb6)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/types.h>
29 #include <sys/param.h>
30 #include <sys/t_lock.h>
31 #include <sys/systm.h>
32 #include <sys/sysmacros.h>
33 #include <sys/user.h>
34 #include <sys/time.h>
35 #include <sys/vfs.h>
36 #include <sys/vfs_opreg.h>
37 #include <sys/vnode.h>
38 #include <sys/file.h>
39 #include <sys/fcntl.h>
40 #include <sys/flock.h>
41 #include <sys/kmem.h>
42 #include <sys/uio.h>
43 #include <sys/errno.h>
44 #include <sys/stat.h>
45 #include <sys/cred.h>
46 #include <sys/dirent.h>
47 #include <sys/pathname.h>
48 #include <sys/vmsystm.h>
49 #include <sys/fs/tmp.h>
50 #include <sys/fs/tmpnode.h>
51 #include <sys/mman.h>
52 #include <vm/hat.h>
53 #include <vm/seg_vn.h>
54 #include <vm/seg_map.h>
55 #include <vm/seg.h>
56 #include <vm/anon.h>
57 #include <vm/as.h>
58 #include <vm/page.h>
59 #include <vm/pvn.h>
60 #include <sys/cmn_err.h>
61 #include <sys/debug.h>
62 #include <sys/swap.h>
63 #include <sys/buf.h>
64 #include <sys/vm.h>
65 #include <sys/vtrace.h>
66 #include <sys/policy.h>
67 #include <fs/fs_subr.h>
68 
69 static int	tmp_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
70 	page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
71 static int 	tmp_putapage(struct vnode *, page_t *, u_offset_t *, size_t *,
72 	int, struct cred *);
73 
74 /* ARGSUSED1 */
75 static int
76 tmp_open(struct vnode **vpp, int flag, struct cred *cred)
77 {
78 	/*
79 	 * swapon to a tmpfs file is not supported so access
80 	 * is denied on open if VISSWAP is set.
81 	 */
82 	if ((*vpp)->v_flag & VISSWAP)
83 		return (EINVAL);
84 	return (0);
85 }
86 
87 /* ARGSUSED1 */
88 static int
89 tmp_close(struct vnode *vp, int flag, int count,
90     offset_t offset, struct cred *cred)
91 {
92 	cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
93 	cleanshares(vp, ttoproc(curthread)->p_pid);
94 	return (0);
95 }
96 
97 /*
98  * wrtmp does the real work of write requests for tmpfs.
99  */
100 static int
101 wrtmp(
102 	struct tmount *tm,
103 	struct tmpnode *tp,
104 	struct uio *uio,
105 	struct cred *cr,
106 	struct caller_context *ct)
107 {
108 	pgcnt_t pageoffset;	/* offset in pages */
109 	ulong_t segmap_offset;	/* pagesize byte offset into segmap */
110 	caddr_t base;		/* base of segmap */
111 	ssize_t bytes;		/* bytes to uiomove */
112 	pfn_t pagenumber;	/* offset in pages into tmp file */
113 	struct vnode *vp;
114 	int error = 0;
115 	int	pagecreate;	/* == 1 if we allocated a page */
116 	int	newpage;
117 	rlim64_t limit = uio->uio_llimit;
118 	long oresid = uio->uio_resid;
119 	timestruc_t now;
120 
121 	/*
122 	 * tp->tn_size is incremented before the uiomove
123 	 * is done on a write.  If the move fails (bad user
124 	 * address) reset tp->tn_size.
125 	 * The better way would be to increment tp->tn_size
126 	 * only if the uiomove succeeds.
127 	 */
128 	long tn_size_changed = 0;
129 	long old_tn_size;
130 
131 	vp = TNTOV(tp);
132 	ASSERT(vp->v_type == VREG);
133 
134 	TRACE_1(TR_FAC_TMPFS, TR_TMPFS_RWTMP_START,
135 		"tmp_wrtmp_start:vp %p", vp);
136 
137 	ASSERT(RW_WRITE_HELD(&tp->tn_contents));
138 	ASSERT(RW_WRITE_HELD(&tp->tn_rwlock));
139 
140 	if (MANDLOCK(vp, tp->tn_mode)) {
141 		rw_exit(&tp->tn_contents);
142 		/*
143 		 * tmp_getattr ends up being called by chklock
144 		 */
145 		error = chklock(vp, FWRITE,
146 			uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct);
147 		rw_enter(&tp->tn_contents, RW_WRITER);
148 		if (error != 0) {
149 			TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
150 				"tmp_wrtmp_end:vp %p error %d", vp, error);
151 			return (error);
152 		}
153 	}
154 
155 	if (uio->uio_loffset < 0)
156 		return (EINVAL);
157 
158 	if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
159 		limit = MAXOFFSET_T;
160 
161 	if (uio->uio_loffset >= limit) {
162 		proc_t *p = ttoproc(curthread);
163 
164 		mutex_enter(&p->p_lock);
165 		(void) rctl_action(rctlproc_legacy[RLIMIT_FSIZE], p->p_rctls,
166 		    p, RCA_UNSAFE_SIGINFO);
167 		mutex_exit(&p->p_lock);
168 		return (EFBIG);
169 	}
170 
171 	if (uio->uio_loffset >= MAXOFF_T) {
172 		TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
173 			"tmp_wrtmp_end:vp %p error %d", vp, EINVAL);
174 		return (EFBIG);
175 	}
176 
177 	if (uio->uio_resid == 0) {
178 		TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
179 			"tmp_wrtmp_end:vp %p error %d", vp, 0);
180 		return (0);
181 	}
182 
183 	if (limit > MAXOFF_T)
184 		limit = MAXOFF_T;
185 
186 	do {
187 		long	offset;
188 		long	delta;
189 
190 		offset = (long)uio->uio_offset;
191 		pageoffset = offset & PAGEOFFSET;
192 		/*
193 		 * A maximum of PAGESIZE bytes of data is transferred
194 		 * each pass through this loop
195 		 */
196 		bytes = MIN(PAGESIZE - pageoffset, uio->uio_resid);
197 
198 		if (offset + bytes >= limit) {
199 			if (offset >= limit) {
200 				error = EFBIG;
201 				goto out;
202 			}
203 			bytes = limit - offset;
204 		}
205 		pagenumber = btop(offset);
206 
207 		/*
208 		 * delta is the amount of anonymous memory
209 		 * to reserve for the file.
210 		 * We always reserve in pagesize increments so
211 		 * unless we're extending the file into a new page,
212 		 * we don't need to call tmp_resv.
213 		 */
214 		delta = offset + bytes -
215 		    P2ROUNDUP_TYPED(tp->tn_size, PAGESIZE, u_offset_t);
216 		if (delta > 0) {
217 			pagecreate = 1;
218 			if (tmp_resv(tm, tp, delta, pagecreate)) {
219 				/*
220 				 * Log file system full in the zone that owns
221 				 * the tmpfs mount, as well as in the global
222 				 * zone if necessary.
223 				 */
224 				zcmn_err(tm->tm_vfsp->vfs_zone->zone_id,
225 				    CE_WARN, "%s: File system full, "
226 				    "swap space limit exceeded",
227 				    tm->tm_mntpath);
228 
229 				if (tm->tm_vfsp->vfs_zone->zone_id !=
230 				    GLOBAL_ZONEID) {
231 
232 					vfs_t *vfs = tm->tm_vfsp;
233 
234 					zcmn_err(GLOBAL_ZONEID,
235 					    CE_WARN, "%s: File system full, "
236 					    "swap space limit exceeded",
237 					    vfs->vfs_vnodecovered->v_path);
238 				}
239 				error = ENOSPC;
240 				break;
241 			}
242 			tmpnode_growmap(tp, (ulong_t)offset + bytes);
243 		}
244 		/* grow the file to the new length */
245 		if (offset + bytes > tp->tn_size) {
246 			tn_size_changed = 1;
247 			old_tn_size = tp->tn_size;
248 			tp->tn_size = offset + bytes;
249 		}
250 		if (bytes == PAGESIZE) {
251 			/*
252 			 * Writing whole page so reading from disk
253 			 * is a waste
254 			 */
255 			pagecreate = 1;
256 		} else {
257 			pagecreate = 0;
258 		}
259 		/*
260 		 * If writing past EOF or filling in a hole
261 		 * we need to allocate an anon slot.
262 		 */
263 		if (anon_get_ptr(tp->tn_anon, pagenumber) == NULL) {
264 			(void) anon_set_ptr(tp->tn_anon, pagenumber,
265 				anon_alloc(vp, ptob(pagenumber)), ANON_SLEEP);
266 			pagecreate = 1;
267 			tp->tn_nblocks++;
268 		}
269 
270 		/*
271 		 * We have to drop the contents lock to allow the VM
272 		 * system to reaquire it in tmp_getpage()
273 		 */
274 		rw_exit(&tp->tn_contents);
275 
276 		newpage = 0;
277 		if (vpm_enable) {
278 			/*
279 			 * Copy data. If new pages are created, part of
280 			 * the page that is not written will be initizliazed
281 			 * with zeros.
282 			 */
283 			error = vpm_data_copy(vp, offset, bytes, uio,
284 				!pagecreate, &newpage, 1, S_WRITE);
285 		} else {
286 			/* Get offset within the segmap mapping */
287 			segmap_offset = (offset & PAGEMASK) & MAXBOFFSET;
288 			base = segmap_getmapflt(segkmap, vp,
289 						(offset &  MAXBMASK),
290 			    PAGESIZE, !pagecreate, S_WRITE);
291 		}
292 
293 
294 		if (!vpm_enable && pagecreate) {
295 			/*
296 			 * segmap_pagecreate() returns 1 if it calls
297 			 * page_create_va() to allocate any pages.
298 			 */
299 			newpage = segmap_pagecreate(segkmap,
300 			    base + segmap_offset, (size_t)PAGESIZE, 0);
301 			/*
302 			 * Clear from the beginning of the page to the starting
303 			 * offset of the data.
304 			 */
305 			if (pageoffset != 0)
306 				(void) kzero(base + segmap_offset,
307 				    (size_t)pageoffset);
308 		}
309 
310 		if (!vpm_enable) {
311 			error = uiomove(base + segmap_offset + pageoffset,
312 			(long)bytes, UIO_WRITE, uio);
313 		}
314 
315 		if (!vpm_enable && pagecreate &&
316 		    uio->uio_offset < P2ROUNDUP(offset + bytes, PAGESIZE)) {
317 			long	zoffset; /* zero from offset into page */
318 			/*
319 			 * We created pages w/o initializing them completely,
320 			 * thus we need to zero the part that wasn't set up.
321 			 * This happens on most EOF write cases and if
322 			 * we had some sort of error during the uiomove.
323 			 */
324 			long nmoved;
325 
326 			nmoved = uio->uio_offset - offset;
327 			ASSERT((nmoved + pageoffset) <= PAGESIZE);
328 
329 			/*
330 			 * Zero from the end of data in the page to the
331 			 * end of the page.
332 			 */
333 			if ((zoffset = pageoffset + nmoved) < PAGESIZE)
334 				(void) kzero(base + segmap_offset + zoffset,
335 					(size_t)PAGESIZE - zoffset);
336 		}
337 
338 		/*
339 		 * Unlock the pages which have been allocated by
340 		 * page_create_va() in segmap_pagecreate()
341 		 */
342 		if (!vpm_enable && newpage) {
343 			segmap_pageunlock(segkmap, base + segmap_offset,
344 			    (size_t)PAGESIZE, S_WRITE);
345 		}
346 
347 		if (error) {
348 			/*
349 			 * If we failed on a write, we must
350 			 * be sure to invalidate any pages that may have
351 			 * been allocated.
352 			 */
353 			if (vpm_enable) {
354 				(void) vpm_sync_pages(vp, offset,
355 						PAGESIZE, SM_INVAL);
356 			} else {
357 				(void) segmap_release(segkmap, base, SM_INVAL);
358 			}
359 		} else {
360 			if (vpm_enable) {
361 				error = vpm_sync_pages(vp, offset,
362 						PAGESIZE, 0);
363 			} else {
364 				error = segmap_release(segkmap, base, 0);
365 			}
366 		}
367 
368 		/*
369 		 * Re-acquire contents lock.
370 		 */
371 		rw_enter(&tp->tn_contents, RW_WRITER);
372 		/*
373 		 * If the uiomove failed, fix up tn_size.
374 		 */
375 		if (error) {
376 			if (tn_size_changed) {
377 				/*
378 				 * The uiomove failed, and we
379 				 * allocated blocks,so get rid
380 				 * of them.
381 				 */
382 				(void) tmpnode_trunc(tm, tp,
383 				    (ulong_t)old_tn_size);
384 			}
385 		} else {
386 			/*
387 			 * XXX - Can this be out of the loop?
388 			 */
389 			if ((tp->tn_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) &&
390 			    (tp->tn_mode & (S_ISUID | S_ISGID)) &&
391 			    secpolicy_vnode_setid_retain(cr,
392 			    (tp->tn_mode & S_ISUID) != 0 && tp->tn_uid == 0)) {
393 				/*
394 				 * Clear Set-UID & Set-GID bits on
395 				 * successful write if not privileged
396 				 * and at least one of the execute bits
397 				 * is set.  If we always clear Set-GID,
398 				 * mandatory file and record locking is
399 				 * unuseable.
400 				 */
401 				tp->tn_mode &= ~(S_ISUID | S_ISGID);
402 			}
403 			gethrestime(&now);
404 			tp->tn_mtime = now;
405 			tp->tn_ctime = now;
406 		}
407 	} while (error == 0 && uio->uio_resid > 0 && bytes != 0);
408 
409 out:
410 	/*
411 	 * If we've already done a partial-write, terminate
412 	 * the write but return no error.
413 	 */
414 	if (oresid != uio->uio_resid)
415 		error = 0;
416 	TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
417 		"tmp_wrtmp_end:vp %p error %d", vp, error);
418 	return (error);
419 }
420 
421 /*
422  * rdtmp does the real work of read requests for tmpfs.
423  */
424 static int
425 rdtmp(
426 	struct tmount *tm,
427 	struct tmpnode *tp,
428 	struct uio *uio,
429 	struct caller_context *ct)
430 {
431 	ulong_t pageoffset;	/* offset in tmpfs file (uio_offset) */
432 	ulong_t segmap_offset;	/* pagesize byte offset into segmap */
433 	caddr_t base;		/* base of segmap */
434 	ssize_t bytes;		/* bytes to uiomove */
435 	struct vnode *vp;
436 	int error;
437 	long oresid = uio->uio_resid;
438 
439 #if defined(lint)
440 	tm = tm;
441 #endif
442 	vp = TNTOV(tp);
443 
444 	TRACE_1(TR_FAC_TMPFS, TR_TMPFS_RWTMP_START,
445 		"tmp_rdtmp_start:vp %p", vp);
446 
447 	ASSERT(RW_LOCK_HELD(&tp->tn_contents));
448 
449 	if (MANDLOCK(vp, tp->tn_mode)) {
450 		rw_exit(&tp->tn_contents);
451 		/*
452 		 * tmp_getattr ends up being called by chklock
453 		 */
454 		error = chklock(vp, FREAD,
455 			uio->uio_loffset, uio->uio_resid, uio->uio_fmode, ct);
456 		rw_enter(&tp->tn_contents, RW_READER);
457 		if (error != 0) {
458 			TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
459 				"tmp_rdtmp_end:vp %p error %d", vp, error);
460 			return (error);
461 		}
462 	}
463 	ASSERT(tp->tn_type == VREG);
464 
465 	if (uio->uio_loffset >= MAXOFF_T) {
466 		TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
467 			"tmp_rdtmp_end:vp %p error %d", vp, EINVAL);
468 		return (0);
469 	}
470 	if (uio->uio_loffset < 0)
471 		return (EINVAL);
472 	if (uio->uio_resid == 0) {
473 		TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
474 			"tmp_rdtmp_end:vp %p error %d", vp, 0);
475 		return (0);
476 	}
477 
478 	vp = TNTOV(tp);
479 
480 	do {
481 		long diff;
482 		long offset;
483 
484 		offset = uio->uio_offset;
485 		pageoffset = offset & PAGEOFFSET;
486 		bytes = MIN(PAGESIZE - pageoffset, uio->uio_resid);
487 
488 		diff = tp->tn_size - offset;
489 
490 		if (diff <= 0) {
491 			error = 0;
492 			goto out;
493 		}
494 		if (diff < bytes)
495 			bytes = diff;
496 
497 		/*
498 		 * We have to drop the contents lock to prevent the VM
499 		 * system from trying to reaquire it in tmp_getpage()
500 		 * should the uiomove cause a pagefault.
501 		 */
502 		rw_exit(&tp->tn_contents);
503 
504 		if (vpm_enable) {
505 			/*
506 			 * Copy data.
507 			 */
508 			error = vpm_data_copy(vp, offset, bytes, uio,
509 				1, NULL, 0, S_READ);
510 		} else {
511 			segmap_offset = (offset & PAGEMASK) & MAXBOFFSET;
512 			base = segmap_getmapflt(segkmap, vp, offset & MAXBMASK,
513 			    bytes, 1, S_READ);
514 
515 			error = uiomove(base + segmap_offset + pageoffset,
516 			    (long)bytes, UIO_READ, uio);
517 		}
518 
519 		if (error) {
520 			if (vpm_enable) {
521 				(void) vpm_sync_pages(vp, offset,
522 						PAGESIZE, 0);
523 			} else {
524 				(void) segmap_release(segkmap, base, 0);
525 			}
526 		} else {
527 			if (vpm_enable) {
528 				error = vpm_sync_pages(vp, offset,
529 						PAGESIZE, 0);
530 			} else {
531 				error = segmap_release(segkmap, base, 0);
532 			}
533 		}
534 
535 		/*
536 		 * Re-acquire contents lock.
537 		 */
538 		rw_enter(&tp->tn_contents, RW_READER);
539 
540 	} while (error == 0 && uio->uio_resid > 0);
541 
542 out:
543 	gethrestime(&tp->tn_atime);
544 
545 	/*
546 	 * If we've already done a partial read, terminate
547 	 * the read but return no error.
548 	 */
549 	if (oresid != uio->uio_resid)
550 		error = 0;
551 
552 	TRACE_2(TR_FAC_TMPFS, TR_TMPFS_RWTMP_END,
553 		"tmp_rdtmp_end:vp %x error %d", vp, error);
554 	return (error);
555 }
556 
557 /* ARGSUSED2 */
558 static int
559 tmp_read(struct vnode *vp, struct uio *uiop, int ioflag, cred_t *cred,
560 	struct caller_context *ct)
561 {
562 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
563 	struct tmount *tm = (struct tmount *)VTOTM(vp);
564 	int error;
565 
566 	/*
567 	 * We don't currently support reading non-regular files
568 	 */
569 	if (vp->v_type == VDIR)
570 		return (EISDIR);
571 	if (vp->v_type != VREG)
572 		return (EINVAL);
573 	/*
574 	 * tmp_rwlock should have already been called from layers above
575 	 */
576 	ASSERT(RW_READ_HELD(&tp->tn_rwlock));
577 
578 	rw_enter(&tp->tn_contents, RW_READER);
579 
580 	error = rdtmp(tm, tp, uiop, ct);
581 
582 	rw_exit(&tp->tn_contents);
583 
584 	return (error);
585 }
586 
587 static int
588 tmp_write(struct vnode *vp, struct uio *uiop, int ioflag, struct cred *cred,
589 	struct caller_context *ct)
590 {
591 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
592 	struct tmount *tm = (struct tmount *)VTOTM(vp);
593 	int error;
594 
595 	/*
596 	 * We don't currently support writing to non-regular files
597 	 */
598 	if (vp->v_type != VREG)
599 		return (EINVAL);	/* XXX EISDIR? */
600 
601 	/*
602 	 * tmp_rwlock should have already been called from layers above
603 	 */
604 	ASSERT(RW_WRITE_HELD(&tp->tn_rwlock));
605 
606 	rw_enter(&tp->tn_contents, RW_WRITER);
607 
608 	if (ioflag & FAPPEND) {
609 		/*
610 		 * In append mode start at end of file.
611 		 */
612 		uiop->uio_loffset = tp->tn_size;
613 	}
614 
615 	error = wrtmp(tm, tp, uiop, cred, ct);
616 
617 	rw_exit(&tp->tn_contents);
618 
619 	return (error);
620 }
621 
622 /* ARGSUSED */
623 static int
624 tmp_ioctl(struct vnode *vp, int com, intptr_t data, int flag,
625     struct cred *cred, int *rvalp)
626 {
627 	return (ENOTTY);
628 }
629 
630 /* ARGSUSED2 */
631 static int
632 tmp_getattr(struct vnode *vp, struct vattr *vap, int flags, struct cred *cred)
633 {
634 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
635 	struct vnode *mvp;
636 	struct vattr va;
637 	int attrs = 1;
638 
639 	/*
640 	 * A special case to handle the root tnode on a diskless nfs
641 	 * client who may have had its uid and gid inherited
642 	 * from an nfs vnode with nobody ownership.  Likely the
643 	 * root filesystem. After nfs is fully functional the uid/gid
644 	 * may be mapable so ask again.
645 	 * vfsp can't get unmounted because we hold vp.
646 	 */
647 	if (vp->v_flag & VROOT &&
648 	    (mvp = vp->v_vfsp->vfs_vnodecovered) != NULL) {
649 		mutex_enter(&tp->tn_tlock);
650 		if (tp->tn_uid == UID_NOBODY || tp->tn_gid == GID_NOBODY) {
651 			mutex_exit(&tp->tn_tlock);
652 			bzero(&va, sizeof (struct vattr));
653 			va.va_mask = AT_UID|AT_GID;
654 			attrs = VOP_GETATTR(mvp, &va, 0, cred);
655 		} else {
656 			mutex_exit(&tp->tn_tlock);
657 		}
658 	}
659 	mutex_enter(&tp->tn_tlock);
660 	if (attrs == 0) {
661 		tp->tn_uid = va.va_uid;
662 		tp->tn_gid = va.va_gid;
663 	}
664 	vap->va_type = vp->v_type;
665 	vap->va_mode = tp->tn_mode & MODEMASK;
666 	vap->va_uid = tp->tn_uid;
667 	vap->va_gid = tp->tn_gid;
668 	vap->va_fsid = tp->tn_fsid;
669 	vap->va_nodeid = (ino64_t)tp->tn_nodeid;
670 	vap->va_nlink = tp->tn_nlink;
671 	vap->va_size = (u_offset_t)tp->tn_size;
672 	vap->va_atime = tp->tn_atime;
673 	vap->va_mtime = tp->tn_mtime;
674 	vap->va_ctime = tp->tn_ctime;
675 	vap->va_blksize = PAGESIZE;
676 	vap->va_rdev = tp->tn_rdev;
677 	vap->va_seq = tp->tn_seq;
678 
679 	/*
680 	 * XXX Holes are not taken into account.  We could take the time to
681 	 * run through the anon array looking for allocated slots...
682 	 */
683 	vap->va_nblocks = (fsblkcnt64_t)btodb(ptob(btopr(vap->va_size)));
684 	mutex_exit(&tp->tn_tlock);
685 	return (0);
686 }
687 
688 /*ARGSUSED4*/
689 static int
690 tmp_setattr(
691 	struct vnode *vp,
692 	struct vattr *vap,
693 	int flags,
694 	struct cred *cred,
695 	caller_context_t *ct)
696 {
697 	struct tmount *tm = (struct tmount *)VTOTM(vp);
698 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
699 	int error = 0;
700 	struct vattr *get;
701 	long mask;
702 
703 	/*
704 	 * Cannot set these attributes
705 	 */
706 	if (vap->va_mask & AT_NOSET)
707 		return (EINVAL);
708 
709 	mutex_enter(&tp->tn_tlock);
710 
711 	get = &tp->tn_attr;
712 	/*
713 	 * Change file access modes. Must be owner or have sufficient
714 	 * privileges.
715 	 */
716 	error = secpolicy_vnode_setattr(cred, vp, vap, get, flags,
717 			    tmp_taccess, tp);
718 
719 	if (error)
720 		goto out;
721 
722 	mask = vap->va_mask;
723 
724 	if (mask & AT_MODE) {
725 		get->va_mode &= S_IFMT;
726 		get->va_mode |= vap->va_mode & ~S_IFMT;
727 	}
728 
729 	if (mask & AT_UID)
730 		get->va_uid = vap->va_uid;
731 	if (mask & AT_GID)
732 		get->va_gid = vap->va_gid;
733 	if (mask & AT_ATIME)
734 		get->va_atime = vap->va_atime;
735 	if (mask & AT_MTIME)
736 		get->va_mtime = vap->va_mtime;
737 
738 	if (mask & (AT_UID | AT_GID | AT_MODE | AT_MTIME))
739 		gethrestime(&tp->tn_ctime);
740 
741 	if (mask & AT_SIZE) {
742 		ASSERT(vp->v_type != VDIR);
743 
744 		/* Don't support large files. */
745 		if (vap->va_size > MAXOFF_T) {
746 			error = EFBIG;
747 			goto out;
748 		}
749 		mutex_exit(&tp->tn_tlock);
750 
751 		rw_enter(&tp->tn_rwlock, RW_WRITER);
752 		rw_enter(&tp->tn_contents, RW_WRITER);
753 		error = tmpnode_trunc(tm, tp, (ulong_t)vap->va_size);
754 		rw_exit(&tp->tn_contents);
755 		rw_exit(&tp->tn_rwlock);
756 		goto out1;
757 	}
758 out:
759 	mutex_exit(&tp->tn_tlock);
760 out1:
761 	return (error);
762 }
763 
764 /* ARGSUSED2 */
765 static int
766 tmp_access(struct vnode *vp, int mode, int flags, struct cred *cred)
767 {
768 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
769 	int error;
770 
771 	mutex_enter(&tp->tn_tlock);
772 	error = tmp_taccess(tp, mode, cred);
773 	mutex_exit(&tp->tn_tlock);
774 	return (error);
775 }
776 
777 /* ARGSUSED3 */
778 static int
779 tmp_lookup(
780 	struct vnode *dvp,
781 	char *nm,
782 	struct vnode **vpp,
783 	struct pathname *pnp,
784 	int flags,
785 	struct vnode *rdir,
786 	struct cred *cred)
787 {
788 	struct tmpnode *tp = (struct tmpnode *)VTOTN(dvp);
789 	struct tmpnode *ntp = NULL;
790 	int error;
791 
792 
793 	/* allow cd into @ dir */
794 	if (flags & LOOKUP_XATTR) {
795 		struct tmpnode *xdp;
796 		struct tmount *tm;
797 
798 		if (tp->tn_flags & ISXATTR)
799 			/* No attributes on attributes */
800 			return (EINVAL);
801 
802 		rw_enter(&tp->tn_rwlock, RW_WRITER);
803 		if (tp->tn_xattrdp == NULL) {
804 			if (!(flags & CREATE_XATTR_DIR)) {
805 				rw_exit(&tp->tn_rwlock);
806 				return (ENOENT);
807 			}
808 
809 			/*
810 			 * No attribute directory exists for this
811 			 * node - create the attr dir as a side effect
812 			 * of this lookup.
813 			 */
814 
815 			/*
816 			 * Make sure we have adequate permission...
817 			 */
818 
819 			if ((error = tmp_taccess(tp, VWRITE, cred)) != 0) {
820 				rw_exit(&tp->tn_rwlock);
821 				return (error);
822 			}
823 
824 			xdp = tmp_memalloc(sizeof (struct tmpnode),
825 				TMP_MUSTHAVE);
826 			tm = VTOTM(dvp);
827 			tmpnode_init(tm, xdp, &tp->tn_attr, NULL);
828 			/*
829 			 * Fix-up fields unique to attribute directories.
830 			 */
831 			xdp->tn_flags = ISXATTR;
832 			xdp->tn_type = VDIR;
833 			if (tp->tn_type == VDIR) {
834 				xdp->tn_mode = tp->tn_attr.va_mode;
835 			} else {
836 				xdp->tn_mode = 0700;
837 				if (tp->tn_attr.va_mode & 0040)
838 					xdp->tn_mode |= 0750;
839 				if (tp->tn_attr.va_mode & 0004)
840 					xdp->tn_mode |= 0705;
841 			}
842 			xdp->tn_vnode->v_type = VDIR;
843 			xdp->tn_vnode->v_flag |= V_XATTRDIR;
844 			tdirinit(tp, xdp);
845 			tp->tn_xattrdp = xdp;
846 		} else {
847 			VN_HOLD(tp->tn_xattrdp->tn_vnode);
848 		}
849 		*vpp = TNTOV(tp->tn_xattrdp);
850 		rw_exit(&tp->tn_rwlock);
851 		return (0);
852 	}
853 
854 	/*
855 	 * Null component name is a synonym for directory being searched.
856 	 */
857 	if (*nm == '\0') {
858 		VN_HOLD(dvp);
859 		*vpp = dvp;
860 		return (0);
861 	}
862 	ASSERT(tp);
863 
864 	error = tdirlookup(tp, nm, &ntp, cred);
865 
866 	if (error == 0) {
867 		ASSERT(ntp);
868 		*vpp = TNTOV(ntp);
869 		/*
870 		 * If vnode is a device return special vnode instead
871 		 */
872 		if (IS_DEVVP(*vpp)) {
873 			struct vnode *newvp;
874 
875 			newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type,
876 			    cred);
877 			VN_RELE(*vpp);
878 			*vpp = newvp;
879 		}
880 	}
881 	TRACE_4(TR_FAC_TMPFS, TR_TMPFS_LOOKUP,
882 	    "tmpfs lookup:vp %p name %s vpp %p error %d",
883 	    dvp, nm, vpp, error);
884 	return (error);
885 }
886 
887 /*ARGSUSED7*/
888 static int
889 tmp_create(
890 	struct vnode *dvp,
891 	char *nm,
892 	struct vattr *vap,
893 	enum vcexcl exclusive,
894 	int mode,
895 	struct vnode **vpp,
896 	struct cred *cred,
897 	int flag)
898 {
899 	struct tmpnode *parent;
900 	struct tmount *tm;
901 	struct tmpnode *self;
902 	int error;
903 	struct tmpnode *oldtp;
904 
905 again:
906 	parent = (struct tmpnode *)VTOTN(dvp);
907 	tm = (struct tmount *)VTOTM(dvp);
908 	self = NULL;
909 	error = 0;
910 	oldtp = NULL;
911 
912 	/* device files not allowed in ext. attr dirs */
913 	if ((parent->tn_flags & ISXATTR) &&
914 		(vap->va_type == VBLK || vap->va_type == VCHR ||
915 		vap->va_type == VFIFO || vap->va_type == VDOOR ||
916 		vap->va_type == VSOCK || vap->va_type == VPORT))
917 			return (EINVAL);
918 
919 	if (vap->va_type == VREG && (vap->va_mode & VSVTX)) {
920 		/* Must be privileged to set sticky bit */
921 		if (secpolicy_vnode_stky_modify(cred))
922 			vap->va_mode &= ~VSVTX;
923 	} else if (vap->va_type == VNON) {
924 		return (EINVAL);
925 	}
926 
927 	/*
928 	 * Null component name is a synonym for directory being searched.
929 	 */
930 	if (*nm == '\0') {
931 		VN_HOLD(dvp);
932 		oldtp = parent;
933 	} else {
934 		error = tdirlookup(parent, nm, &oldtp, cred);
935 	}
936 
937 	if (error == 0) {	/* name found */
938 		ASSERT(oldtp);
939 
940 		rw_enter(&oldtp->tn_rwlock, RW_WRITER);
941 
942 		/*
943 		 * if create/read-only an existing
944 		 * directory, allow it
945 		 */
946 		if (exclusive == EXCL)
947 			error = EEXIST;
948 		else if ((oldtp->tn_type == VDIR) && (mode & VWRITE))
949 			error = EISDIR;
950 		else {
951 			error = tmp_taccess(oldtp, mode, cred);
952 		}
953 
954 		if (error) {
955 			rw_exit(&oldtp->tn_rwlock);
956 			tmpnode_rele(oldtp);
957 			return (error);
958 		}
959 		*vpp = TNTOV(oldtp);
960 		if ((*vpp)->v_type == VREG && (vap->va_mask & AT_SIZE) &&
961 		    vap->va_size == 0) {
962 			rw_enter(&oldtp->tn_contents, RW_WRITER);
963 			(void) tmpnode_trunc(tm, oldtp, 0);
964 			rw_exit(&oldtp->tn_contents);
965 		}
966 		rw_exit(&oldtp->tn_rwlock);
967 		if (IS_DEVVP(*vpp)) {
968 			struct vnode *newvp;
969 
970 			newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type,
971 			    cred);
972 			VN_RELE(*vpp);
973 			if (newvp == NULL) {
974 				return (ENOSYS);
975 			}
976 			*vpp = newvp;
977 		}
978 		return (0);
979 	}
980 
981 	if (error != ENOENT)
982 		return (error);
983 
984 	rw_enter(&parent->tn_rwlock, RW_WRITER);
985 	error = tdirenter(tm, parent, nm, DE_CREATE,
986 	    (struct tmpnode *)NULL, (struct tmpnode *)NULL,
987 	    vap, &self, cred);
988 	rw_exit(&parent->tn_rwlock);
989 
990 	if (error) {
991 		if (self)
992 			tmpnode_rele(self);
993 
994 		if (error == EEXIST) {
995 			/*
996 			 * This means that the file was created sometime
997 			 * after we checked and did not find it and when
998 			 * we went to create it.
999 			 * Since creat() is supposed to truncate a file
1000 			 * that already exits go back to the begining
1001 			 * of the function. This time we will find it
1002 			 * and go down the tmp_trunc() path
1003 			 */
1004 			goto again;
1005 		}
1006 		return (error);
1007 	}
1008 
1009 	*vpp = TNTOV(self);
1010 
1011 	if (!error && IS_DEVVP(*vpp)) {
1012 		struct vnode *newvp;
1013 
1014 		newvp = specvp(*vpp, (*vpp)->v_rdev, (*vpp)->v_type, cred);
1015 		VN_RELE(*vpp);
1016 		if (newvp == NULL)
1017 			return (ENOSYS);
1018 		*vpp = newvp;
1019 	}
1020 	TRACE_3(TR_FAC_TMPFS, TR_TMPFS_CREATE,
1021 		"tmpfs create:dvp %p nm %s vpp %p", dvp, nm, vpp);
1022 	return (0);
1023 }
1024 
1025 static int
1026 tmp_remove(struct vnode *dvp, char *nm, struct cred *cred)
1027 {
1028 	struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1029 	int error;
1030 	struct tmpnode *tp = NULL;
1031 
1032 	error = tdirlookup(parent, nm, &tp, cred);
1033 	if (error)
1034 		return (error);
1035 
1036 	ASSERT(tp);
1037 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1038 	rw_enter(&tp->tn_rwlock, RW_WRITER);
1039 
1040 	if (tp->tn_type != VDIR ||
1041 	    (error = secpolicy_fs_linkdir(cred, dvp->v_vfsp)) == 0)
1042 		error = tdirdelete(parent, tp, nm, DR_REMOVE, cred);
1043 
1044 	rw_exit(&tp->tn_rwlock);
1045 	rw_exit(&parent->tn_rwlock);
1046 	vnevent_remove(TNTOV(tp));
1047 	tmpnode_rele(tp);
1048 
1049 	TRACE_3(TR_FAC_TMPFS, TR_TMPFS_REMOVE,
1050 		"tmpfs remove:dvp %p nm %s error %d", dvp, nm, error);
1051 	return (error);
1052 }
1053 
1054 static int
1055 tmp_link(struct vnode *dvp, struct vnode *srcvp, char *tnm, struct cred *cred)
1056 {
1057 	struct tmpnode *parent;
1058 	struct tmpnode *from;
1059 	struct tmount *tm = (struct tmount *)VTOTM(dvp);
1060 	int error;
1061 	struct tmpnode *found = NULL;
1062 	struct vnode *realvp;
1063 
1064 	if (VOP_REALVP(srcvp, &realvp) == 0)
1065 		srcvp = realvp;
1066 
1067 	parent = (struct tmpnode *)VTOTN(dvp);
1068 	from = (struct tmpnode *)VTOTN(srcvp);
1069 
1070 	if ((srcvp->v_type == VDIR &&
1071 	    secpolicy_fs_linkdir(cred, dvp->v_vfsp)) ||
1072 	    (from->tn_uid != crgetuid(cred) && secpolicy_basic_link(cred)))
1073 		return (EPERM);
1074 
1075 	/*
1076 	 * Make sure link for extended attributes is valid
1077 	 * We only support hard linking of xattr's in xattrdir to an xattrdir
1078 	 */
1079 	if ((from->tn_flags & ISXATTR) != (parent->tn_flags & ISXATTR))
1080 		return (EINVAL);
1081 
1082 	error = tdirlookup(parent, tnm, &found, cred);
1083 	if (error == 0) {
1084 		ASSERT(found);
1085 		tmpnode_rele(found);
1086 		return (EEXIST);
1087 	}
1088 
1089 	if (error != ENOENT)
1090 		return (error);
1091 
1092 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1093 	error = tdirenter(tm, parent, tnm, DE_LINK, (struct tmpnode *)NULL,
1094 		from, NULL, (struct tmpnode **)NULL, cred);
1095 	rw_exit(&parent->tn_rwlock);
1096 	return (error);
1097 }
1098 
1099 static int
1100 tmp_rename(
1101 	struct vnode *odvp,	/* source parent vnode */
1102 	char *onm,		/* source name */
1103 	struct vnode *ndvp,	/* destination parent vnode */
1104 	char *nnm,		/* destination name */
1105 	struct cred *cred)
1106 {
1107 	struct tmpnode *fromparent;
1108 	struct tmpnode *toparent;
1109 	struct tmpnode *fromtp = NULL;	/* source tmpnode */
1110 	struct tmount *tm = (struct tmount *)VTOTM(odvp);
1111 	int error;
1112 	int samedir = 0;	/* set if odvp == ndvp */
1113 	struct vnode *realvp;
1114 
1115 	if (VOP_REALVP(ndvp, &realvp) == 0)
1116 		ndvp = realvp;
1117 
1118 	fromparent = (struct tmpnode *)VTOTN(odvp);
1119 	toparent = (struct tmpnode *)VTOTN(ndvp);
1120 
1121 	if ((fromparent->tn_flags & ISXATTR) != (toparent->tn_flags & ISXATTR))
1122 		return (EINVAL);
1123 
1124 	mutex_enter(&tm->tm_renamelck);
1125 
1126 	/*
1127 	 * Look up tmpnode of file we're supposed to rename.
1128 	 */
1129 	error = tdirlookup(fromparent, onm, &fromtp, cred);
1130 	if (error) {
1131 		mutex_exit(&tm->tm_renamelck);
1132 		return (error);
1133 	}
1134 
1135 	/*
1136 	 * Make sure we can delete the old (source) entry.  This
1137 	 * requires write permission on the containing directory.  If
1138 	 * that directory is "sticky" it requires further checks.
1139 	 */
1140 	if (((error = tmp_taccess(fromparent, VWRITE, cred)) != 0) ||
1141 	    (error = tmp_sticky_remove_access(fromparent, fromtp, cred)) != 0)
1142 		goto done;
1143 
1144 	/*
1145 	 * Check for renaming to or from '.' or '..' or that
1146 	 * fromtp == fromparent
1147 	 */
1148 	if ((onm[0] == '.' &&
1149 	    (onm[1] == '\0' || (onm[1] == '.' && onm[2] == '\0'))) ||
1150 	    (nnm[0] == '.' &&
1151 	    (nnm[1] == '\0' || (nnm[1] == '.' && nnm[2] == '\0'))) ||
1152 	    (fromparent == fromtp)) {
1153 		error = EINVAL;
1154 		goto done;
1155 	}
1156 
1157 	samedir = (fromparent == toparent);
1158 	/*
1159 	 * Make sure we can search and rename into the new
1160 	 * (destination) directory.
1161 	 */
1162 	if (!samedir) {
1163 		error = tmp_taccess(toparent, VEXEC|VWRITE, cred);
1164 		if (error)
1165 			goto done;
1166 	}
1167 
1168 	/*
1169 	 * Link source to new target
1170 	 */
1171 	rw_enter(&toparent->tn_rwlock, RW_WRITER);
1172 	error = tdirenter(tm, toparent, nnm, DE_RENAME,
1173 	    fromparent, fromtp, (struct vattr *)NULL,
1174 	    (struct tmpnode **)NULL, cred);
1175 	rw_exit(&toparent->tn_rwlock);
1176 
1177 	if (error) {
1178 		/*
1179 		 * ESAME isn't really an error; it indicates that the
1180 		 * operation should not be done because the source and target
1181 		 * are the same file, but that no error should be reported.
1182 		 */
1183 		if (error == ESAME)
1184 			error = 0;
1185 		goto done;
1186 	}
1187 
1188 	/*
1189 	 * Unlink from source.
1190 	 */
1191 	rw_enter(&fromparent->tn_rwlock, RW_WRITER);
1192 	rw_enter(&fromtp->tn_rwlock, RW_WRITER);
1193 
1194 	error = tdirdelete(fromparent, fromtp, onm, DR_RENAME, cred);
1195 
1196 	/*
1197 	 * The following handles the case where our source tmpnode was
1198 	 * removed before we got to it.
1199 	 *
1200 	 * XXX We should also cleanup properly in the case where tdirdelete
1201 	 * fails for some other reason.  Currently this case shouldn't happen.
1202 	 * (see 1184991).
1203 	 */
1204 	if (error == ENOENT)
1205 		error = 0;
1206 
1207 	rw_exit(&fromtp->tn_rwlock);
1208 	rw_exit(&fromparent->tn_rwlock);
1209 done:
1210 	tmpnode_rele(fromtp);
1211 	mutex_exit(&tm->tm_renamelck);
1212 
1213 	TRACE_5(TR_FAC_TMPFS, TR_TMPFS_RENAME,
1214 		"tmpfs rename:ovp %p onm %s nvp %p nnm %s error %d",
1215 		odvp, onm, ndvp, nnm, error);
1216 	return (error);
1217 }
1218 
1219 static int
1220 tmp_mkdir(
1221 	struct vnode *dvp,
1222 	char *nm,
1223 	struct vattr *va,
1224 	struct vnode **vpp,
1225 	struct cred *cred)
1226 {
1227 	struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1228 	struct tmpnode *self = NULL;
1229 	struct tmount *tm = (struct tmount *)VTOTM(dvp);
1230 	int error;
1231 
1232 	/* no new dirs allowed in xattr dirs */
1233 	if (parent->tn_flags & ISXATTR)
1234 		return (EINVAL);
1235 
1236 	/*
1237 	 * Might be dangling directory.  Catch it here,
1238 	 * because a ENOENT return from tdirlookup() is
1239 	 * an "o.k. return".
1240 	 */
1241 	if (parent->tn_nlink == 0)
1242 		return (ENOENT);
1243 
1244 	error = tdirlookup(parent, nm, &self, cred);
1245 	if (error == 0) {
1246 		ASSERT(self);
1247 		tmpnode_rele(self);
1248 		return (EEXIST);
1249 	}
1250 	if (error != ENOENT)
1251 		return (error);
1252 
1253 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1254 	error = tdirenter(tm, parent, nm, DE_MKDIR,
1255 		(struct tmpnode *)NULL, (struct tmpnode *)NULL, va,
1256 		&self, cred);
1257 	if (error) {
1258 		rw_exit(&parent->tn_rwlock);
1259 		if (self)
1260 			tmpnode_rele(self);
1261 		return (error);
1262 	}
1263 	rw_exit(&parent->tn_rwlock);
1264 	*vpp = TNTOV(self);
1265 	return (0);
1266 }
1267 
1268 static int
1269 tmp_rmdir(
1270 	struct vnode *dvp,
1271 	char *nm,
1272 	struct vnode *cdir,
1273 	struct cred *cred)
1274 {
1275 	struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1276 	struct tmpnode *self = NULL;
1277 	struct vnode *vp;
1278 	int error = 0;
1279 
1280 	/*
1281 	 * Return error when removing . and ..
1282 	 */
1283 	if (strcmp(nm, ".") == 0)
1284 		return (EINVAL);
1285 	if (strcmp(nm, "..") == 0)
1286 		return (EEXIST); /* Should be ENOTEMPTY */
1287 	error = tdirlookup(parent, nm, &self, cred);
1288 	if (error)
1289 		return (error);
1290 
1291 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1292 	rw_enter(&self->tn_rwlock, RW_WRITER);
1293 
1294 	vp = TNTOV(self);
1295 	if (vp == dvp || vp == cdir) {
1296 		error = EINVAL;
1297 		goto done1;
1298 	}
1299 	if (self->tn_type != VDIR) {
1300 		error = ENOTDIR;
1301 		goto done1;
1302 	}
1303 
1304 	mutex_enter(&self->tn_tlock);
1305 	if (self->tn_nlink > 2) {
1306 		mutex_exit(&self->tn_tlock);
1307 		error = EEXIST;
1308 		goto done1;
1309 	}
1310 	mutex_exit(&self->tn_tlock);
1311 
1312 	if (vn_vfswlock(vp)) {
1313 		error = EBUSY;
1314 		goto done1;
1315 	}
1316 	if (vn_mountedvfs(vp) != NULL) {
1317 		error = EBUSY;
1318 		goto done;
1319 	}
1320 
1321 	/*
1322 	 * Check for an empty directory
1323 	 * i.e. only includes entries for "." and ".."
1324 	 */
1325 	if (self->tn_dirents > 2) {
1326 		error = EEXIST;		/* SIGH should be ENOTEMPTY */
1327 		/*
1328 		 * Update atime because checking tn_dirents is logically
1329 		 * equivalent to reading the directory
1330 		 */
1331 		gethrestime(&self->tn_atime);
1332 		goto done;
1333 	}
1334 
1335 	error = tdirdelete(parent, self, nm, DR_RMDIR, cred);
1336 done:
1337 	vn_vfsunlock(vp);
1338 done1:
1339 	rw_exit(&self->tn_rwlock);
1340 	rw_exit(&parent->tn_rwlock);
1341 	vnevent_rmdir(TNTOV(self));
1342 	tmpnode_rele(self);
1343 
1344 	return (error);
1345 }
1346 
1347 /* ARGSUSED2 */
1348 
1349 static int
1350 tmp_readdir(struct vnode *vp, struct uio *uiop, struct cred *cred, int *eofp)
1351 {
1352 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1353 	struct tdirent *tdp;
1354 	int error = 0;
1355 	size_t namelen;
1356 	struct dirent64 *dp;
1357 	ulong_t offset;
1358 	ulong_t total_bytes_wanted;
1359 	long outcount = 0;
1360 	long bufsize;
1361 	int reclen;
1362 	caddr_t outbuf;
1363 
1364 	if (uiop->uio_loffset >= MAXOFF_T) {
1365 		if (eofp)
1366 			*eofp = 1;
1367 		return (0);
1368 	}
1369 	/*
1370 	 * assuming system call has already called tmp_rwlock
1371 	 */
1372 	ASSERT(RW_READ_HELD(&tp->tn_rwlock));
1373 
1374 	if (uiop->uio_iovcnt != 1)
1375 		return (EINVAL);
1376 
1377 	if (vp->v_type != VDIR)
1378 		return (ENOTDIR);
1379 
1380 	/*
1381 	 * There's a window here where someone could have removed
1382 	 * all the entries in the directory after we put a hold on the
1383 	 * vnode but before we grabbed the rwlock.  Just return.
1384 	 */
1385 	if (tp->tn_dir == NULL) {
1386 		if (tp->tn_nlink) {
1387 			panic("empty directory 0x%p", (void *)tp);
1388 			/*NOTREACHED*/
1389 		}
1390 		return (0);
1391 	}
1392 
1393 	/*
1394 	 * Get space for multiple directory entries
1395 	 */
1396 	total_bytes_wanted = uiop->uio_iov->iov_len;
1397 	bufsize = total_bytes_wanted + sizeof (struct dirent64);
1398 	outbuf = kmem_alloc(bufsize, KM_SLEEP);
1399 
1400 	dp = (struct dirent64 *)outbuf;
1401 
1402 
1403 	offset = 0;
1404 	tdp = tp->tn_dir;
1405 	while (tdp) {
1406 		namelen = strlen(tdp->td_name);	/* no +1 needed */
1407 		offset = tdp->td_offset;
1408 		if (offset >= uiop->uio_offset) {
1409 			reclen = (int)DIRENT64_RECLEN(namelen);
1410 			if (outcount + reclen > total_bytes_wanted) {
1411 				if (!outcount)
1412 					/*
1413 					 * Buffer too small for any entries.
1414 					 */
1415 					error = EINVAL;
1416 				break;
1417 			}
1418 			ASSERT(tdp->td_tmpnode != NULL);
1419 
1420 			/* use strncpy(9f) to zero out uninitialized bytes */
1421 
1422 			(void) strncpy(dp->d_name, tdp->td_name,
1423 			    DIRENT64_NAMELEN(reclen));
1424 			dp->d_reclen = (ushort_t)reclen;
1425 			dp->d_ino = (ino64_t)tdp->td_tmpnode->tn_nodeid;
1426 			dp->d_off = (offset_t)tdp->td_offset + 1;
1427 			dp = (struct dirent64 *)
1428 			    ((uintptr_t)dp + dp->d_reclen);
1429 			outcount += reclen;
1430 			ASSERT(outcount <= bufsize);
1431 		}
1432 		tdp = tdp->td_next;
1433 	}
1434 
1435 	if (!error)
1436 		error = uiomove(outbuf, outcount, UIO_READ, uiop);
1437 
1438 	if (!error) {
1439 		/* If we reached the end of the list our offset */
1440 		/* should now be just past the end. */
1441 		if (!tdp) {
1442 			offset += 1;
1443 			if (eofp)
1444 				*eofp = 1;
1445 		} else if (eofp)
1446 			*eofp = 0;
1447 		uiop->uio_offset = offset;
1448 	}
1449 	gethrestime(&tp->tn_atime);
1450 	kmem_free(outbuf, bufsize);
1451 	return (error);
1452 }
1453 
1454 static int
1455 tmp_symlink(
1456 	struct vnode *dvp,
1457 	char *lnm,
1458 	struct vattr *tva,
1459 	char *tnm,
1460 	struct cred *cred)
1461 {
1462 	struct tmpnode *parent = (struct tmpnode *)VTOTN(dvp);
1463 	struct tmpnode *self = (struct tmpnode *)NULL;
1464 	struct tmount *tm = (struct tmount *)VTOTM(dvp);
1465 	char *cp = NULL;
1466 	int error;
1467 	size_t len;
1468 
1469 	/* no symlinks allowed to files in xattr dirs */
1470 	if (parent->tn_flags & ISXATTR)
1471 		return (EINVAL);
1472 
1473 	error = tdirlookup(parent, lnm, &self, cred);
1474 	if (error == 0) {
1475 		/*
1476 		 * The entry already exists
1477 		 */
1478 		tmpnode_rele(self);
1479 		return (EEXIST);	/* was 0 */
1480 	}
1481 
1482 	if (error != ENOENT) {
1483 		if (self != NULL)
1484 			tmpnode_rele(self);
1485 		return (error);
1486 	}
1487 
1488 	rw_enter(&parent->tn_rwlock, RW_WRITER);
1489 	error = tdirenter(tm, parent, lnm, DE_CREATE, (struct tmpnode *)NULL,
1490 	    (struct tmpnode *)NULL, tva, &self, cred);
1491 	rw_exit(&parent->tn_rwlock);
1492 
1493 	if (error) {
1494 		if (self)
1495 			tmpnode_rele(self);
1496 		return (error);
1497 	}
1498 	len = strlen(tnm) + 1;
1499 	cp = tmp_memalloc(len, 0);
1500 	if (cp == NULL) {
1501 		tmpnode_rele(self);
1502 		return (ENOSPC);
1503 	}
1504 	(void) strcpy(cp, tnm);
1505 
1506 	self->tn_symlink = cp;
1507 	self->tn_size = len - 1;
1508 	tmpnode_rele(self);
1509 	return (error);
1510 }
1511 
1512 /* ARGSUSED2 */
1513 static int
1514 tmp_readlink(struct vnode *vp, struct uio *uiop, struct cred *cred)
1515 {
1516 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1517 	int error = 0;
1518 
1519 	if (vp->v_type != VLNK)
1520 		return (EINVAL);
1521 
1522 	rw_enter(&tp->tn_rwlock, RW_READER);
1523 	rw_enter(&tp->tn_contents, RW_READER);
1524 	error = uiomove(tp->tn_symlink, tp->tn_size, UIO_READ, uiop);
1525 	gethrestime(&tp->tn_atime);
1526 	rw_exit(&tp->tn_contents);
1527 	rw_exit(&tp->tn_rwlock);
1528 	return (error);
1529 }
1530 
1531 /* ARGSUSED */
1532 static int
1533 tmp_fsync(struct vnode *vp, int syncflag, struct cred *cred)
1534 {
1535 	return (0);
1536 }
1537 
1538 /* ARGSUSED */
1539 static void
1540 tmp_inactive(struct vnode *vp, struct cred *cred)
1541 {
1542 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1543 	struct tmount *tm = (struct tmount *)VFSTOTM(vp->v_vfsp);
1544 
1545 	rw_enter(&tp->tn_rwlock, RW_WRITER);
1546 top:
1547 	mutex_enter(&tp->tn_tlock);
1548 	mutex_enter(&vp->v_lock);
1549 	ASSERT(vp->v_count >= 1);
1550 
1551 	/*
1552 	 * If we don't have the last hold or the link count is non-zero,
1553 	 * there's little to do -- just drop our hold.
1554 	 */
1555 	if (vp->v_count > 1 || tp->tn_nlink != 0) {
1556 		vp->v_count--;
1557 		mutex_exit(&vp->v_lock);
1558 		mutex_exit(&tp->tn_tlock);
1559 		rw_exit(&tp->tn_rwlock);
1560 		return;
1561 	}
1562 
1563 	/*
1564 	 * We have the last hold *and* the link count is zero, so this
1565 	 * tmpnode is dead from the filesystem's viewpoint.  However,
1566 	 * if the tmpnode has any pages associated with it (i.e. if it's
1567 	 * a normal file with non-zero size), the tmpnode can still be
1568 	 * discovered by pageout or fsflush via the page vnode pointers.
1569 	 * In this case we must drop all our locks, truncate the tmpnode,
1570 	 * and try the whole dance again.
1571 	 */
1572 	if (tp->tn_size != 0) {
1573 		if (tp->tn_type == VREG) {
1574 			mutex_exit(&vp->v_lock);
1575 			mutex_exit(&tp->tn_tlock);
1576 			rw_enter(&tp->tn_contents, RW_WRITER);
1577 			(void) tmpnode_trunc(tm, tp, 0);
1578 			rw_exit(&tp->tn_contents);
1579 			ASSERT(tp->tn_size == 0);
1580 			ASSERT(tp->tn_nblocks == 0);
1581 			goto top;
1582 		}
1583 		if (tp->tn_type == VLNK)
1584 			tmp_memfree(tp->tn_symlink, tp->tn_size + 1);
1585 	}
1586 
1587 	/*
1588 	 * Remove normal file/dir's xattr dir and xattrs.
1589 	 */
1590 	if (tp->tn_xattrdp) {
1591 		struct tmpnode *xtp = tp->tn_xattrdp;
1592 
1593 		ASSERT(xtp->tn_flags & ISXATTR);
1594 		tmpnode_hold(xtp);
1595 		rw_enter(&xtp->tn_rwlock, RW_WRITER);
1596 		tdirtrunc(xtp);
1597 		DECR_COUNT(&xtp->tn_nlink, &xtp->tn_tlock);
1598 		tp->tn_xattrdp = NULL;
1599 		rw_exit(&xtp->tn_rwlock);
1600 		tmpnode_rele(xtp);
1601 	}
1602 
1603 	mutex_exit(&vp->v_lock);
1604 	mutex_exit(&tp->tn_tlock);
1605 	/* Here's our chance to send invalid event while we're between locks */
1606 	vn_invalid(TNTOV(tp));
1607 	mutex_enter(&tm->tm_contents);
1608 	if (tp->tn_forw == NULL)
1609 		tm->tm_rootnode->tn_back = tp->tn_back;
1610 	else
1611 		tp->tn_forw->tn_back = tp->tn_back;
1612 	tp->tn_back->tn_forw = tp->tn_forw;
1613 	mutex_exit(&tm->tm_contents);
1614 	rw_exit(&tp->tn_rwlock);
1615 	rw_destroy(&tp->tn_rwlock);
1616 	mutex_destroy(&tp->tn_tlock);
1617 	vn_free(TNTOV(tp));
1618 	tmp_memfree(tp, sizeof (struct tmpnode));
1619 }
1620 
1621 static int
1622 tmp_fid(struct vnode *vp, struct fid *fidp)
1623 {
1624 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
1625 	struct tfid *tfid;
1626 
1627 	if (fidp->fid_len < (sizeof (struct tfid) - sizeof (ushort_t))) {
1628 		fidp->fid_len = sizeof (struct tfid) - sizeof (ushort_t);
1629 		return (ENOSPC);
1630 	}
1631 
1632 	tfid = (struct tfid *)fidp;
1633 	bzero(tfid, sizeof (struct tfid));
1634 	tfid->tfid_len = (int)sizeof (struct tfid) - sizeof (ushort_t);
1635 
1636 	tfid->tfid_ino = tp->tn_nodeid;
1637 	tfid->tfid_gen = tp->tn_gen;
1638 
1639 	return (0);
1640 }
1641 
1642 
1643 /*
1644  * Return all the pages from [off..off+len] in given file
1645  */
1646 static int
1647 tmp_getpage(
1648 	struct vnode *vp,
1649 	offset_t off,
1650 	size_t len,
1651 	uint_t *protp,
1652 	page_t *pl[],
1653 	size_t plsz,
1654 	struct seg *seg,
1655 	caddr_t addr,
1656 	enum seg_rw rw,
1657 	struct cred *cr)
1658 {
1659 	int err = 0;
1660 	struct tmpnode *tp = VTOTN(vp);
1661 	anoff_t toff = (anoff_t)off;
1662 	size_t tlen = len;
1663 	u_offset_t tmpoff;
1664 	timestruc_t now;
1665 
1666 	rw_enter(&tp->tn_contents, RW_READER);
1667 
1668 	if (off + len  > tp->tn_size + PAGEOFFSET) {
1669 		err = EFAULT;
1670 		goto out;
1671 	}
1672 	/*
1673 	 * Look for holes (no anon slot) in faulting range. If there are
1674 	 * holes we have to switch to a write lock and fill them in. Swap
1675 	 * space for holes was already reserved when the file was grown.
1676 	 */
1677 	tmpoff = toff;
1678 	if (non_anon(tp->tn_anon, btop(off), &tmpoff, &tlen)) {
1679 		if (!rw_tryupgrade(&tp->tn_contents)) {
1680 			rw_exit(&tp->tn_contents);
1681 			rw_enter(&tp->tn_contents, RW_WRITER);
1682 			/* Size may have changed when lock was dropped */
1683 			if (off + len  > tp->tn_size + PAGEOFFSET) {
1684 				err = EFAULT;
1685 				goto out;
1686 			}
1687 		}
1688 		for (toff = (anoff_t)off; toff < (anoff_t)off + len;
1689 		    toff += PAGESIZE) {
1690 			if (anon_get_ptr(tp->tn_anon, btop(toff)) == NULL) {
1691 				/* XXX - may allocate mem w. write lock held */
1692 				(void) anon_set_ptr(tp->tn_anon, btop(toff),
1693 						anon_alloc(vp, toff),
1694 						ANON_SLEEP);
1695 				tp->tn_nblocks++;
1696 			}
1697 		}
1698 		rw_downgrade(&tp->tn_contents);
1699 	}
1700 
1701 
1702 	if (len <= PAGESIZE)
1703 		err = tmp_getapage(vp, (u_offset_t)off, len, protp, pl, plsz,
1704 		    seg, addr, rw, cr);
1705 	else
1706 		err = pvn_getpages(tmp_getapage, vp, (u_offset_t)off, len,
1707 		    protp, pl, plsz, seg, addr, rw, cr);
1708 
1709 	gethrestime(&now);
1710 	tp->tn_atime = now;
1711 	if (rw == S_WRITE)
1712 		tp->tn_mtime = now;
1713 
1714 out:
1715 	rw_exit(&tp->tn_contents);
1716 	return (err);
1717 }
1718 
1719 /*
1720  * Called from pvn_getpages or swap_getpage to get a particular page.
1721  */
1722 /*ARGSUSED*/
1723 static int
1724 tmp_getapage(
1725 	struct vnode *vp,
1726 	u_offset_t off,
1727 	size_t len,
1728 	uint_t *protp,
1729 	page_t *pl[],
1730 	size_t plsz,
1731 	struct seg *seg,
1732 	caddr_t addr,
1733 	enum seg_rw rw,
1734 	struct cred *cr)
1735 {
1736 	struct page *pp;
1737 	int flags;
1738 	int err = 0;
1739 	struct vnode *pvp;
1740 	u_offset_t poff;
1741 
1742 	if (protp != NULL)
1743 		*protp = PROT_ALL;
1744 again:
1745 	if (pp = page_lookup(vp, off, rw == S_CREATE ? SE_EXCL : SE_SHARED)) {
1746 		if (pl) {
1747 			pl[0] = pp;
1748 			pl[1] = NULL;
1749 		} else {
1750 			page_unlock(pp);
1751 		}
1752 	} else {
1753 		pp = page_create_va(vp, off, PAGESIZE,
1754 		    PG_WAIT | PG_EXCL, seg, addr);
1755 		/*
1756 		 * Someone raced in and created the page after we did the
1757 		 * lookup but before we did the create, so go back and
1758 		 * try to look it up again.
1759 		 */
1760 		if (pp == NULL)
1761 			goto again;
1762 		/*
1763 		 * Fill page from backing store, if any. If none, then
1764 		 * either this is a newly filled hole or page must have
1765 		 * been unmodified and freed so just zero it out.
1766 		 */
1767 		err = swap_getphysname(vp, off, &pvp, &poff);
1768 		if (err) {
1769 			panic("tmp_getapage: no anon slot vp %p "
1770 			    "off %llx pp %p\n", (void *)vp, off, (void *)pp);
1771 		}
1772 		if (pvp) {
1773 			flags = (pl == NULL ? B_ASYNC|B_READ : B_READ);
1774 			err = VOP_PAGEIO(pvp, pp, (u_offset_t)poff, PAGESIZE,
1775 			    flags, cr);
1776 			if (flags & B_ASYNC)
1777 				pp = NULL;
1778 		} else if (rw != S_CREATE) {
1779 			pagezero(pp, 0, PAGESIZE);
1780 		}
1781 		if (err && pp)
1782 			pvn_read_done(pp, B_ERROR);
1783 		if (err == 0) {
1784 			if (pl)
1785 				pvn_plist_init(pp, pl, plsz, off, PAGESIZE, rw);
1786 			else
1787 				pvn_io_done(pp);
1788 		}
1789 	}
1790 	return (err);
1791 }
1792 
1793 
1794 /*
1795  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED}.
1796  * If len == 0, do from off to EOF.
1797  */
1798 static int tmp_nopage = 0;	/* Don't do tmp_putpage's if set */
1799 
1800 /* ARGSUSED */
1801 int
1802 tmp_putpage(
1803 	register struct vnode *vp,
1804 	offset_t off,
1805 	size_t len,
1806 	int flags,
1807 	struct cred *cr)
1808 {
1809 	register page_t *pp;
1810 	u_offset_t io_off;
1811 	size_t io_len = 0;
1812 	int err = 0;
1813 	struct tmpnode *tp = VTOTN(vp);
1814 	int dolock;
1815 
1816 	if (tmp_nopage)
1817 		return (0);
1818 
1819 	ASSERT(vp->v_count != 0);
1820 
1821 	if (vp->v_flag & VNOMAP)
1822 		return (ENOSYS);
1823 
1824 	/*
1825 	 * This being tmpfs, we don't ever do i/o unless we really
1826 	 * have to (when we're low on memory and pageout calls us
1827 	 * with B_ASYNC | B_FREE or the user explicitly asks for it with
1828 	 * B_DONTNEED).
1829 	 * XXX to approximately track the mod time like ufs we should
1830 	 * update the times here. The problem is, once someone does a
1831 	 * store we never clear the mod bit and do i/o, thus fsflush
1832 	 * will keep calling us every 30 seconds to do the i/o and we'll
1833 	 * continually update the mod time. At least we update the mod
1834 	 * time on the first store because this results in a call to getpage.
1835 	 */
1836 	if (flags != (B_ASYNC | B_FREE) && (flags & B_INVAL) == 0 &&
1837 		(flags & B_DONTNEED) == 0)
1838 		return (0);
1839 	/*
1840 	 * If this thread owns the lock, i.e., this thread grabbed it
1841 	 * as writer somewhere above, then we don't need to grab the
1842 	 * lock as reader in this routine.
1843 	 */
1844 	dolock = (rw_owner(&tp->tn_contents) != curthread);
1845 
1846 	/*
1847 	 * If this is pageout don't block on the lock as you could deadlock
1848 	 * when freemem == 0 (another thread has the read lock and is blocked
1849 	 * creating a page, and a third thread is waiting to get the writers
1850 	 * lock - waiting writers priority blocks us from getting the read
1851 	 * lock). Of course, if the only freeable pages are on this tmpnode
1852 	 * we're hosed anyways. A better solution might be a new lock type.
1853 	 * Note: ufs has the same problem.
1854 	 */
1855 	if (curproc == proc_pageout) {
1856 		if (!rw_tryenter(&tp->tn_contents, RW_READER))
1857 			return (ENOMEM);
1858 	} else if (dolock)
1859 		rw_enter(&tp->tn_contents, RW_READER);
1860 
1861 	if (!vn_has_cached_data(vp))
1862 		goto out;
1863 
1864 	if (len == 0) {
1865 		if (curproc == proc_pageout) {
1866 			panic("tmp: pageout can't block");
1867 			/*NOTREACHED*/
1868 		}
1869 
1870 		/* Search the entire vp list for pages >= off. */
1871 		err = pvn_vplist_dirty(vp, (u_offset_t)off, tmp_putapage,
1872 		    flags, cr);
1873 	} else {
1874 		u_offset_t eoff;
1875 
1876 		/*
1877 		 * Loop over all offsets in the range [off...off + len]
1878 		 * looking for pages to deal with.
1879 		 */
1880 		eoff = MIN(off + len, tp->tn_size);
1881 		for (io_off = off; io_off < eoff; io_off += io_len) {
1882 			/*
1883 			 * If we are not invalidating, synchronously
1884 			 * freeing or writing pages use the routine
1885 			 * page_lookup_nowait() to prevent reclaiming
1886 			 * them from the free list.
1887 			 */
1888 			if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
1889 				pp = page_lookup(vp, io_off,
1890 				    (flags & (B_INVAL | B_FREE)) ?
1891 				    SE_EXCL : SE_SHARED);
1892 			} else {
1893 				pp = page_lookup_nowait(vp, io_off,
1894 				    (flags & B_FREE) ? SE_EXCL : SE_SHARED);
1895 			}
1896 
1897 			if (pp == NULL || pvn_getdirty(pp, flags) == 0)
1898 				io_len = PAGESIZE;
1899 			else {
1900 				err = tmp_putapage(vp, pp, &io_off, &io_len,
1901 				    flags, cr);
1902 				if (err != 0)
1903 					break;
1904 			}
1905 		}
1906 	}
1907 	/* If invalidating, verify all pages on vnode list are gone. */
1908 	if (err == 0 && off == 0 && len == 0 &&
1909 	    (flags & B_INVAL) && vn_has_cached_data(vp)) {
1910 		panic("tmp_putpage: B_INVAL, pages not gone");
1911 		/*NOTREACHED*/
1912 	}
1913 out:
1914 	if ((curproc == proc_pageout) || dolock)
1915 		rw_exit(&tp->tn_contents);
1916 	/*
1917 	 * Only reason putapage is going to give us SE_NOSWAP as error
1918 	 * is when we ask a page to be written to physical backing store
1919 	 * and there is none. Ignore this because we might be dealing
1920 	 * with a swap page which does not have any backing store
1921 	 * on disk. In any other case we won't get this error over here.
1922 	 */
1923 	if (err == SE_NOSWAP)
1924 		err = 0;
1925 	return (err);
1926 }
1927 
1928 long tmp_putpagecnt, tmp_pagespushed;
1929 
1930 /*
1931  * Write out a single page.
1932  * For tmpfs this means choose a physical swap slot and write the page
1933  * out using VOP_PAGEIO. For performance, we attempt to kluster; i.e.,
1934  * we try to find a bunch of other dirty pages adjacent in the file
1935  * and a bunch of contiguous swap slots, and then write all the pages
1936  * out in a single i/o.
1937  */
1938 /*ARGSUSED*/
1939 static int
1940 tmp_putapage(
1941 	struct vnode *vp,
1942 	page_t *pp,
1943 	u_offset_t *offp,
1944 	size_t *lenp,
1945 	int flags,
1946 	struct cred *cr)
1947 {
1948 	int err;
1949 	ulong_t klstart, kllen;
1950 	page_t *pplist, *npplist;
1951 	extern int klustsize;
1952 	long tmp_klustsize;
1953 	struct tmpnode *tp;
1954 	size_t pp_off, pp_len;
1955 	u_offset_t io_off;
1956 	size_t io_len;
1957 	struct vnode *pvp;
1958 	u_offset_t pstart;
1959 	u_offset_t offset;
1960 	u_offset_t tmpoff;
1961 
1962 	ASSERT(PAGE_LOCKED(pp));
1963 
1964 	/* Kluster in tmp_klustsize chunks */
1965 	tp = VTOTN(vp);
1966 	tmp_klustsize = klustsize;
1967 	offset = pp->p_offset;
1968 	klstart = (offset / tmp_klustsize) * tmp_klustsize;
1969 	kllen = MIN(tmp_klustsize, tp->tn_size - klstart);
1970 
1971 	/* Get a kluster of pages */
1972 	pplist =
1973 	    pvn_write_kluster(vp, pp, &tmpoff, &pp_len, klstart, kllen, flags);
1974 
1975 	pp_off = (size_t)tmpoff;
1976 
1977 	/*
1978 	 * Get a cluster of physical offsets for the pages; the amount we
1979 	 * get may be some subrange of what we ask for (io_off, io_len).
1980 	 */
1981 	io_off = pp_off;
1982 	io_len = pp_len;
1983 	err = swap_newphysname(vp, offset, &io_off, &io_len, &pvp, &pstart);
1984 	ASSERT(err != SE_NOANON); /* anon slot must have been filled */
1985 	if (err) {
1986 		pvn_write_done(pplist, B_ERROR | B_WRITE | flags);
1987 		/*
1988 		 * If this routine is called as a result of segvn_sync
1989 		 * operation and we have no physical swap then we can get an
1990 		 * error here. In such case we would return SE_NOSWAP as error.
1991 		 * At this point, we expect only SE_NOSWAP.
1992 		 */
1993 		ASSERT(err == SE_NOSWAP);
1994 		if (flags & B_INVAL)
1995 			err = ENOMEM;
1996 		goto out;
1997 	}
1998 	ASSERT(pp_off <= io_off && io_off + io_len <= pp_off + pp_len);
1999 	ASSERT(io_off <= offset && offset < io_off + io_len);
2000 
2001 	/* Toss pages at front/rear that we couldn't get physical backing for */
2002 	if (io_off != pp_off) {
2003 		npplist = NULL;
2004 		page_list_break(&pplist, &npplist, btop(io_off - pp_off));
2005 		ASSERT(pplist->p_offset == pp_off);
2006 		ASSERT(pplist->p_prev->p_offset == io_off - PAGESIZE);
2007 		pvn_write_done(pplist, B_ERROR | B_WRITE | flags);
2008 		pplist = npplist;
2009 	}
2010 	if (io_off + io_len < pp_off + pp_len) {
2011 		npplist = NULL;
2012 		page_list_break(&pplist, &npplist, btop(io_len));
2013 		ASSERT(npplist->p_offset == io_off + io_len);
2014 		ASSERT(npplist->p_prev->p_offset == pp_off + pp_len - PAGESIZE);
2015 		pvn_write_done(npplist, B_ERROR | B_WRITE | flags);
2016 	}
2017 
2018 	ASSERT(pplist->p_offset == io_off);
2019 	ASSERT(pplist->p_prev->p_offset == io_off + io_len - PAGESIZE);
2020 	ASSERT(btopr(io_len) <= btopr(kllen));
2021 
2022 	/* Do i/o on the remaining kluster */
2023 	err = VOP_PAGEIO(pvp, pplist, (u_offset_t)pstart, io_len,
2024 	    B_WRITE | flags, cr);
2025 
2026 	if ((flags & B_ASYNC) == 0) {
2027 		pvn_write_done(pplist, ((err) ? B_ERROR : 0) | B_WRITE | flags);
2028 	}
2029 out:
2030 	if (!err) {
2031 		if (offp)
2032 			*offp = io_off;
2033 		if (lenp)
2034 			*lenp = io_len;
2035 		tmp_putpagecnt++;
2036 		tmp_pagespushed += btop(io_len);
2037 	}
2038 	if (err && err != ENOMEM && err != SE_NOSWAP)
2039 		cmn_err(CE_WARN, "tmp_putapage: err %d\n", err);
2040 	return (err);
2041 }
2042 
2043 static int
2044 tmp_map(
2045 	struct vnode *vp,
2046 	offset_t off,
2047 	struct as *as,
2048 	caddr_t *addrp,
2049 	size_t len,
2050 	uchar_t prot,
2051 	uchar_t maxprot,
2052 	uint_t flags,
2053 	struct cred *cred)
2054 {
2055 	struct segvn_crargs vn_a;
2056 	struct tmpnode *tp = (struct tmpnode *)VTOTN(vp);
2057 	int error;
2058 
2059 #ifdef _ILP32
2060 	if (len > MAXOFF_T)
2061 		return (ENOMEM);
2062 #endif
2063 
2064 	if (vp->v_flag & VNOMAP)
2065 		return (ENOSYS);
2066 
2067 	if (off < 0 || (offset_t)(off + len) < 0 ||
2068 	    off > MAXOFF_T || (off + len) > MAXOFF_T)
2069 		return (ENXIO);
2070 
2071 	if (vp->v_type != VREG)
2072 		return (ENODEV);
2073 
2074 	/*
2075 	 * Don't allow mapping to locked file
2076 	 */
2077 	if (vn_has_mandatory_locks(vp, tp->tn_mode)) {
2078 		return (EAGAIN);
2079 	}
2080 
2081 	as_rangelock(as);
2082 	if ((flags & MAP_FIXED) == 0) {
2083 		map_addr(addrp, len, (offset_t)off, 1, flags);
2084 		if (*addrp == NULL) {
2085 			as_rangeunlock(as);
2086 			return (ENOMEM);
2087 		}
2088 	} else {
2089 		/*
2090 		 * User specified address - blow away any previous mappings
2091 		 */
2092 		(void) as_unmap(as, *addrp, len);
2093 	}
2094 
2095 	vn_a.vp = vp;
2096 	vn_a.offset = (u_offset_t)off;
2097 	vn_a.type = flags & MAP_TYPE;
2098 	vn_a.prot = prot;
2099 	vn_a.maxprot = maxprot;
2100 	vn_a.flags = flags & ~MAP_TYPE;
2101 	vn_a.cred = cred;
2102 	vn_a.amp = NULL;
2103 	vn_a.szc = 0;
2104 	vn_a.lgrp_mem_policy_flags = 0;
2105 
2106 	error = as_map(as, *addrp, len, segvn_create, &vn_a);
2107 	as_rangeunlock(as);
2108 	return (error);
2109 }
2110 
2111 /*
2112  * tmp_addmap and tmp_delmap can't be called since the vp
2113  * maintained in the segvn mapping is NULL.
2114  */
2115 /* ARGSUSED */
2116 static int
2117 tmp_addmap(
2118 	struct vnode *vp,
2119 	offset_t off,
2120 	struct as *as,
2121 	caddr_t addr,
2122 	size_t len,
2123 	uchar_t prot,
2124 	uchar_t maxprot,
2125 	uint_t flags,
2126 	struct cred *cred)
2127 {
2128 	return (0);
2129 }
2130 
2131 /* ARGSUSED */
2132 static int
2133 tmp_delmap(
2134 	struct vnode *vp,
2135 	offset_t off,
2136 	struct as *as,
2137 	caddr_t addr,
2138 	size_t len,
2139 	uint_t prot,
2140 	uint_t maxprot,
2141 	uint_t flags,
2142 	struct cred *cred)
2143 {
2144 	return (0);
2145 }
2146 
2147 static int
2148 tmp_freesp(struct vnode *vp, struct flock64 *lp, int flag)
2149 {
2150 	register int i;
2151 	register struct tmpnode *tp = VTOTN(vp);
2152 	int error;
2153 
2154 	ASSERT(vp->v_type == VREG);
2155 	ASSERT(lp->l_start >= 0);
2156 
2157 	if (lp->l_len != 0)
2158 		return (EINVAL);
2159 
2160 	rw_enter(&tp->tn_rwlock, RW_WRITER);
2161 	if (tp->tn_size == lp->l_start) {
2162 		rw_exit(&tp->tn_rwlock);
2163 		return (0);
2164 	}
2165 
2166 	/*
2167 	 * Check for any mandatory locks on the range
2168 	 */
2169 	if (MANDLOCK(vp, tp->tn_mode)) {
2170 		long save_start;
2171 
2172 		save_start = lp->l_start;
2173 
2174 		if (tp->tn_size < lp->l_start) {
2175 			/*
2176 			 * "Truncate up" case: need to make sure there
2177 			 * is no lock beyond current end-of-file. To
2178 			 * do so, we need to set l_start to the size
2179 			 * of the file temporarily.
2180 			 */
2181 			lp->l_start = tp->tn_size;
2182 		}
2183 		lp->l_type = F_WRLCK;
2184 		lp->l_sysid = 0;
2185 		lp->l_pid = ttoproc(curthread)->p_pid;
2186 		i = (flag & (FNDELAY|FNONBLOCK)) ? 0 : SLPFLCK;
2187 		if ((i = reclock(vp, lp, i, 0, lp->l_start, NULL)) != 0 ||
2188 		    lp->l_type != F_UNLCK) {
2189 			rw_exit(&tp->tn_rwlock);
2190 			return (i ? i : EAGAIN);
2191 		}
2192 
2193 		lp->l_start = save_start;
2194 	}
2195 	VFSTOTM(vp->v_vfsp);
2196 
2197 	rw_enter(&tp->tn_contents, RW_WRITER);
2198 	error = tmpnode_trunc((struct tmount *)VFSTOTM(vp->v_vfsp),
2199 	    tp, (ulong_t)lp->l_start);
2200 	rw_exit(&tp->tn_contents);
2201 	rw_exit(&tp->tn_rwlock);
2202 	return (error);
2203 }
2204 
2205 /* ARGSUSED */
2206 static int
2207 tmp_space(
2208 	struct vnode *vp,
2209 	int cmd,
2210 	struct flock64 *bfp,
2211 	int flag,
2212 	offset_t offset,
2213 	cred_t *cred,
2214 	caller_context_t *ct)
2215 {
2216 	int error;
2217 
2218 	if (cmd != F_FREESP)
2219 		return (EINVAL);
2220 	if ((error = convoff(vp, bfp, 0, (offset_t)offset)) == 0) {
2221 		if ((bfp->l_start > MAXOFF_T) || (bfp->l_len > MAXOFF_T))
2222 			return (EFBIG);
2223 		error = tmp_freesp(vp, bfp, flag);
2224 	}
2225 	return (error);
2226 }
2227 
2228 /* ARGSUSED */
2229 static int
2230 tmp_seek(struct vnode *vp, offset_t ooff, offset_t *noffp)
2231 {
2232 	return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
2233 }
2234 
2235 /* ARGSUSED2 */
2236 static int
2237 tmp_rwlock(struct vnode *vp, int write_lock, caller_context_t *ctp)
2238 {
2239 	struct tmpnode *tp = VTOTN(vp);
2240 
2241 	if (write_lock) {
2242 		rw_enter(&tp->tn_rwlock, RW_WRITER);
2243 	} else {
2244 		rw_enter(&tp->tn_rwlock, RW_READER);
2245 	}
2246 	return (write_lock);
2247 }
2248 
2249 /* ARGSUSED1 */
2250 static void
2251 tmp_rwunlock(struct vnode *vp, int write_lock, caller_context_t *ctp)
2252 {
2253 	struct tmpnode *tp = VTOTN(vp);
2254 
2255 	rw_exit(&tp->tn_rwlock);
2256 }
2257 
2258 static int
2259 tmp_pathconf(struct vnode *vp, int cmd, ulong_t *valp, cred_t *cr)
2260 {
2261 	struct tmpnode *tp = NULL;
2262 	int error;
2263 
2264 	switch (cmd) {
2265 	case _PC_XATTR_EXISTS:
2266 		if (vp->v_vfsp->vfs_flag & VFS_XATTR) {
2267 			*valp = 0;	/* assume no attributes */
2268 			error = 0;	/* okay to ask */
2269 			tp = VTOTN(vp);
2270 			rw_enter(&tp->tn_rwlock, RW_READER);
2271 			if (tp->tn_xattrdp) {
2272 				rw_enter(&tp->tn_xattrdp->tn_rwlock, RW_READER);
2273 				/* do not count "." and ".." */
2274 				if (tp->tn_xattrdp->tn_dirents > 2)
2275 					*valp = 1;
2276 				rw_exit(&tp->tn_xattrdp->tn_rwlock);
2277 			}
2278 			rw_exit(&tp->tn_rwlock);
2279 		} else {
2280 			error = EINVAL;
2281 		}
2282 		break;
2283 	default:
2284 		error = fs_pathconf(vp, cmd, valp, cr);
2285 	}
2286 	return (error);
2287 }
2288 
2289 
2290 struct vnodeops *tmp_vnodeops;
2291 
2292 const fs_operation_def_t tmp_vnodeops_template[] = {
2293 	VOPNAME_OPEN,		{ .vop_open = tmp_open },
2294 	VOPNAME_CLOSE,		{ .vop_close = tmp_close },
2295 	VOPNAME_READ,		{ .vop_read = tmp_read },
2296 	VOPNAME_WRITE,		{ .vop_write = tmp_write },
2297 	VOPNAME_IOCTL,		{ .vop_ioctl = tmp_ioctl },
2298 	VOPNAME_GETATTR,	{ .vop_getattr = tmp_getattr },
2299 	VOPNAME_SETATTR,	{ .vop_setattr = tmp_setattr },
2300 	VOPNAME_ACCESS,		{ .vop_access = tmp_access },
2301 	VOPNAME_LOOKUP,		{ .vop_lookup = tmp_lookup },
2302 	VOPNAME_CREATE,		{ .vop_create = tmp_create },
2303 	VOPNAME_REMOVE,		{ .vop_remove = tmp_remove },
2304 	VOPNAME_LINK,		{ .vop_link = tmp_link },
2305 	VOPNAME_RENAME,		{ .vop_rename = tmp_rename },
2306 	VOPNAME_MKDIR,		{ .vop_mkdir = tmp_mkdir },
2307 	VOPNAME_RMDIR,		{ .vop_rmdir = tmp_rmdir },
2308 	VOPNAME_READDIR,	{ .vop_readdir = tmp_readdir },
2309 	VOPNAME_SYMLINK,	{ .vop_symlink = tmp_symlink },
2310 	VOPNAME_READLINK,	{ .vop_readlink = tmp_readlink },
2311 	VOPNAME_FSYNC,		{ .vop_fsync = tmp_fsync },
2312 	VOPNAME_INACTIVE,	{ .vop_inactive = tmp_inactive },
2313 	VOPNAME_FID,		{ .vop_fid = tmp_fid },
2314 	VOPNAME_RWLOCK,		{ .vop_rwlock = tmp_rwlock },
2315 	VOPNAME_RWUNLOCK,	{ .vop_rwunlock = tmp_rwunlock },
2316 	VOPNAME_SEEK,		{ .vop_seek = tmp_seek },
2317 	VOPNAME_SPACE,		{ .vop_space = tmp_space },
2318 	VOPNAME_GETPAGE,	{ .vop_getpage = tmp_getpage },
2319 	VOPNAME_PUTPAGE,	{ .vop_putpage = tmp_putpage },
2320 	VOPNAME_MAP,		{ .vop_map = tmp_map },
2321 	VOPNAME_ADDMAP,		{ .vop_addmap = tmp_addmap },
2322 	VOPNAME_DELMAP,		{ .vop_delmap = tmp_delmap },
2323 	VOPNAME_PATHCONF,	{ .vop_pathconf = tmp_pathconf },
2324 	VOPNAME_VNEVENT,	{ .vop_vnevent = fs_vnevent_support },
2325 	NULL,			NULL
2326 };
2327