1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 /*      Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
  27 /*        All Rights Reserved   */
  28 
  29 /*
  30  * University Copyright- Copyright (c) 1982, 1986, 1988
  31  * The Regents of the University of California
  32  * All Rights Reserved
  33  *
  34  * University Acknowledgment- Portions of this document are derived from
  35  * software developed by the University of California, Berkeley, and its
  36  * contributors.
  37  */
  38 
  39 #include <sys/types.h>
  40 #include <sys/thread.h>
  41 #include <sys/t_lock.h>
  42 #include <sys/param.h>
  43 #include <sys/systm.h>
  44 #include <sys/bitmap.h>
  45 #include <sys/buf.h>
  46 #include <sys/cmn_err.h>
  47 #include <sys/conf.h>
  48 #include <sys/ddi.h>
  49 #include <sys/debug.h>
  50 #include <sys/dkio.h>
  51 #include <sys/errno.h>
  52 #include <sys/time.h>
  53 #include <sys/fcntl.h>
  54 #include <sys/flock.h>
  55 #include <sys/file.h>
  56 #include <sys/kmem.h>
  57 #include <sys/mman.h>
  58 #include <sys/open.h>
  59 #include <sys/swap.h>
  60 #include <sys/sysmacros.h>
  61 #include <sys/uio.h>
  62 #include <sys/vfs.h>
  63 #include <sys/vfs_opreg.h>
  64 #include <sys/vnode.h>
  65 #include <sys/stat.h>
  66 #include <sys/poll.h>
  67 #include <sys/stream.h>
  68 #include <sys/strsubr.h>
  69 #include <sys/policy.h>
  70 #include <sys/devpolicy.h>
  71 
  72 #include <sys/proc.h>
  73 #include <sys/user.h>
  74 #include <sys/session.h>
  75 #include <sys/vmsystm.h>
  76 #include <sys/vtrace.h>
  77 #include <sys/pathname.h>
  78 
  79 #include <sys/fs/snode.h>
  80 
  81 #include <vm/seg.h>
  82 #include <vm/seg_map.h>
  83 #include <vm/page.h>
  84 #include <vm/pvn.h>
  85 #include <vm/seg_dev.h>
  86 #include <vm/seg_vn.h>
  87 
  88 #include <fs/fs_subr.h>
  89 
  90 #include <sys/esunddi.h>
  91 #include <sys/autoconf.h>
  92 #include <sys/sunndi.h>
  93 #include <sys/contract/device_impl.h>
  94 
  95 
  96 static int spec_open(struct vnode **, int, struct cred *, caller_context_t *);
  97 static int spec_close(struct vnode *, int, int, offset_t, struct cred *,
  98         caller_context_t *);
  99 static int spec_read(struct vnode *, struct uio *, int, struct cred *,
 100         caller_context_t *);
 101 static int spec_write(struct vnode *, struct uio *, int, struct cred *,
 102         caller_context_t *);
 103 static int spec_ioctl(struct vnode *, int, intptr_t, int, struct cred *, int *,
 104         caller_context_t *);
 105 static int spec_getattr(struct vnode *, struct vattr *, int, struct cred *,
 106         caller_context_t *);
 107 static int spec_setattr(struct vnode *, struct vattr *, int, struct cred *,
 108         caller_context_t *);
 109 static int spec_access(struct vnode *, int, int, struct cred *,
 110         caller_context_t *);
 111 static int spec_create(struct vnode *, char *, vattr_t *, enum vcexcl, int,
 112         struct vnode **, struct cred *, int, caller_context_t *, vsecattr_t *);
 113 static int spec_fsync(struct vnode *, int, struct cred *, caller_context_t *);
 114 static void spec_inactive(struct vnode *, struct cred *, caller_context_t *);
 115 static int spec_fid(struct vnode *, struct fid *, caller_context_t *);
 116 static int spec_seek(struct vnode *, offset_t, offset_t *, caller_context_t *);
 117 static int spec_frlock(struct vnode *, int, struct flock64 *, int, offset_t,
 118         struct flk_callback *, struct cred *, caller_context_t *);
 119 static int spec_realvp(struct vnode *, struct vnode **, caller_context_t *);
 120 
 121 static int spec_getpage(struct vnode *, offset_t, size_t, uint_t *, page_t **,
 122         size_t, struct seg *, caddr_t, enum seg_rw, struct cred *,
 123         caller_context_t *);
 124 static int spec_putapage(struct vnode *, page_t *, u_offset_t *, size_t *, int,
 125         struct cred *);
 126 static struct buf *spec_startio(struct vnode *, page_t *, u_offset_t, size_t,
 127         int);
 128 static int spec_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
 129         page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
 130 static int spec_map(struct vnode *, offset_t, struct as *, caddr_t *, size_t,
 131         uchar_t, uchar_t, uint_t, struct cred *, caller_context_t *);
 132 static int spec_addmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
 133         uchar_t, uchar_t, uint_t, struct cred *, caller_context_t *);
 134 static int spec_delmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
 135         uint_t, uint_t, uint_t, struct cred *, caller_context_t *);
 136 
 137 static int spec_poll(struct vnode *, short, int, short *, struct pollhead **,
 138         caller_context_t *);
 139 static int spec_dump(struct vnode *, caddr_t, offset_t, offset_t,
 140     caller_context_t *);
 141 static int spec_pageio(struct vnode *, page_t *, u_offset_t, size_t, int,
 142     cred_t *, caller_context_t *);
 143 
 144 static int spec_getsecattr(struct vnode *, vsecattr_t *, int, struct cred *,
 145         caller_context_t *);
 146 static int spec_setsecattr(struct vnode *, vsecattr_t *, int, struct cred *,
 147         caller_context_t *);
 148 static int spec_pathconf(struct vnode *, int, ulong_t *, struct cred *,
 149         caller_context_t *);
 150 
 151 #define SN_HOLD(csp)    { \
 152         mutex_enter(&csp->s_lock); \
 153         csp->s_count++; \
 154         mutex_exit(&csp->s_lock); \
 155 }
 156 
 157 #define SN_RELE(csp)    { \
 158         mutex_enter(&csp->s_lock); \
 159         csp->s_count--; \
 160         ASSERT((csp->s_count > 0) || (csp->s_vnode->v_stream == NULL)); \
 161         mutex_exit(&csp->s_lock); \
 162 }
 163 
 164 #define S_ISFENCED(sp)  ((VTOS((sp)->s_commonvp))->s_flag & SFENCED)
 165 
 166 struct vnodeops *spec_vnodeops;
 167 
 168 /*
 169  * *PLEASE NOTE*: If you add new entry points to specfs, do
 170  * not forget to add support for fencing. A fenced snode
 171  * is indicated by the SFENCED flag in the common snode.
 172  * If a snode is fenced, determine if your entry point is
 173  * a configuration operation (Example: open), a detection
 174  * operation (Example: gettattr), an I/O operation (Example: ioctl())
 175  * or an unconfiguration operation (Example: close). If it is
 176  * a configuration or detection operation, fail the operation
 177  * for a fenced snode with an ENXIO or EIO as appropriate. If
 178  * it is any other operation, let it through.
 179  */
 180 
 181 const fs_operation_def_t spec_vnodeops_template[] = {
 182         VOPNAME_OPEN,           { .vop_open = spec_open },
 183         VOPNAME_CLOSE,          { .vop_close = spec_close },
 184         VOPNAME_READ,           { .vop_read = spec_read },
 185         VOPNAME_WRITE,          { .vop_write = spec_write },
 186         VOPNAME_IOCTL,          { .vop_ioctl = spec_ioctl },
 187         VOPNAME_GETATTR,        { .vop_getattr = spec_getattr },
 188         VOPNAME_SETATTR,        { .vop_setattr = spec_setattr },
 189         VOPNAME_ACCESS,         { .vop_access = spec_access },
 190         VOPNAME_CREATE,         { .vop_create = spec_create },
 191         VOPNAME_FSYNC,          { .vop_fsync = spec_fsync },
 192         VOPNAME_INACTIVE,       { .vop_inactive = spec_inactive },
 193         VOPNAME_FID,            { .vop_fid = spec_fid },
 194         VOPNAME_SEEK,           { .vop_seek = spec_seek },
 195         VOPNAME_PATHCONF,       { .vop_pathconf = spec_pathconf },
 196         VOPNAME_FRLOCK,         { .vop_frlock = spec_frlock },
 197         VOPNAME_REALVP,         { .vop_realvp = spec_realvp },
 198         VOPNAME_GETPAGE,        { .vop_getpage = spec_getpage },
 199         VOPNAME_PUTPAGE,        { .vop_putpage = spec_putpage },
 200         VOPNAME_MAP,            { .vop_map = spec_map },
 201         VOPNAME_ADDMAP,         { .vop_addmap = spec_addmap },
 202         VOPNAME_DELMAP,         { .vop_delmap = spec_delmap },
 203         VOPNAME_POLL,           { .vop_poll = spec_poll },
 204         VOPNAME_DUMP,           { .vop_dump = spec_dump },
 205         VOPNAME_PAGEIO,         { .vop_pageio = spec_pageio },
 206         VOPNAME_SETSECATTR,     { .vop_setsecattr = spec_setsecattr },
 207         VOPNAME_GETSECATTR,     { .vop_getsecattr = spec_getsecattr },
 208         NULL,                   NULL
 209 };
 210 
 211 /*
 212  * Return address of spec_vnodeops
 213  */
 214 struct vnodeops *
 215 spec_getvnodeops(void)
 216 {
 217         return (spec_vnodeops);
 218 }
 219 
 220 extern vnode_t *rconsvp;
 221 
 222 /*
 223  * Acquire the serial lock on the common snode.
 224  */
 225 #define LOCK_CSP(csp)                   (void) spec_lockcsp(csp, 0, 1, 0)
 226 #define LOCKHOLD_CSP_SIG(csp)           spec_lockcsp(csp, 1, 1, 1)
 227 #define SYNCHOLD_CSP_SIG(csp, intr)     spec_lockcsp(csp, intr, 0, 1)
 228 
 229 typedef enum {
 230         LOOP,
 231         INTR,
 232         SUCCESS
 233 } slock_ret_t;
 234 
 235 /*
 236  * Synchronize with active SLOCKED snode, optionally checking for a signal and
 237  * optionally returning with SLOCKED set and SN_HOLD done.  The 'intr'
 238  * argument determines if the thread is interruptible by a signal while
 239  * waiting, the function returns INTR if interrupted while there is another
 240  * thread closing this snonde and LOOP if interrupted otherwise.
 241  * When SUCCESS is returned the 'hold' argument determines if the open
 242  * count (SN_HOLD) has been incremented and the 'setlock' argument
 243  * determines if the function returns with SLOCKED set.
 244  */
 245 static slock_ret_t
 246 spec_lockcsp(struct snode *csp, int intr, int setlock, int hold)
 247 {
 248         slock_ret_t ret = SUCCESS;
 249         mutex_enter(&csp->s_lock);
 250         while (csp->s_flag & SLOCKED) {
 251                 csp->s_flag |= SWANT;
 252                 if (intr) {
 253                         if (!cv_wait_sig(&csp->s_cv, &csp->s_lock)) {
 254                                 if (csp->s_flag & SCLOSING)
 255                                         ret = INTR;
 256                                 else
 257                                         ret = LOOP;
 258                                 mutex_exit(&csp->s_lock);
 259                                 return (ret);           /* interrupted */
 260                         }
 261                 } else {
 262                         cv_wait(&csp->s_cv, &csp->s_lock);
 263                 }
 264         }
 265         if (setlock)
 266                 csp->s_flag |= SLOCKED;
 267         if (hold)
 268                 csp->s_count++;              /* one more open reference : SN_HOLD */
 269         mutex_exit(&csp->s_lock);
 270         return (ret);                   /* serialized/locked */
 271 }
 272 
 273 /*
 274  * Unlock the serial lock on the common snode
 275  */
 276 #define UNLOCK_CSP_LOCK_HELD(csp)                       \
 277         ASSERT(mutex_owned(&csp->s_lock));               \
 278         if (csp->s_flag & SWANT)                 \
 279                 cv_broadcast(&csp->s_cv);                \
 280         csp->s_flag &= ~(SWANT|SLOCKED);
 281 
 282 #define UNLOCK_CSP(csp)                                 \
 283         mutex_enter(&csp->s_lock);                       \
 284         UNLOCK_CSP_LOCK_HELD(csp);                      \
 285         mutex_exit(&csp->s_lock);
 286 
 287 /*
 288  * compute/return the size of the device
 289  */
 290 #define SPEC_SIZE(csp)  \
 291         (((csp)->s_flag & SSIZEVALID) ? (csp)->s_size : spec_size(csp))
 292 
 293 /*
 294  * Compute and return the size.  If the size in the common snode is valid then
 295  * return it.  If not valid then get the size from the driver and set size in
 296  * the common snode.  If the device has not been attached then we don't ask for
 297  * an update from the driver- for non-streams SSIZEVALID stays unset until the
 298  * device is attached. A stat of a mknod outside /devices (non-devfs) may
 299  * report UNKNOWN_SIZE because the device may not be attached yet (SDIPSET not
 300  * established in mknod until open time). An stat in /devices will report the
 301  * size correctly.  Specfs should always call SPEC_SIZE instead of referring
 302  * directly to s_size to initialize/retrieve the size of a device.
 303  *
 304  * XXX There is an inconsistency between block and raw - "unknown" is
 305  * UNKNOWN_SIZE for VBLK and 0 for VCHR(raw).
 306  */
 307 static u_offset_t
 308 spec_size(struct snode *csp)
 309 {
 310         struct vnode    *cvp = STOV(csp);
 311         u_offset_t      size;
 312         int             plen;
 313         uint32_t        size32;
 314         dev_t           dev;
 315         dev_info_t      *devi;
 316         major_t         maj;
 317         uint_t          blksize;
 318         int             blkshift;
 319 
 320         ASSERT((csp)->s_commonvp == cvp);    /* must be common node */
 321 
 322         /* return cached value */
 323         mutex_enter(&csp->s_lock);
 324         if (csp->s_flag & SSIZEVALID) {
 325                 mutex_exit(&csp->s_lock);
 326                 return (csp->s_size);
 327         }
 328 
 329         /* VOP_GETATTR of mknod has not had devcnt restriction applied */
 330         dev = cvp->v_rdev;
 331         maj = getmajor(dev);
 332         if (maj >= devcnt) {
 333                 /* return non-cached UNKNOWN_SIZE */
 334                 mutex_exit(&csp->s_lock);
 335                 return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
 336         }
 337 
 338         /* establish cached zero size for streams */
 339         if (STREAMSTAB(maj)) {
 340                 csp->s_size = 0;
 341                 csp->s_flag |= SSIZEVALID;
 342                 mutex_exit(&csp->s_lock);
 343                 return (0);
 344         }
 345 
 346         /*
 347          * Return non-cached UNKNOWN_SIZE if not open.
 348          *
 349          * NB: This check is bogus, calling prop_op(9E) should be gated by
 350          * attach, not open. Not having this check however opens up a new
 351          * context under which a driver's prop_op(9E) could be called. Calling
 352          * prop_op(9E) in this new context has been shown to expose latent
 353          * driver bugs (insufficient NULL pointer checks that lead to panic).
 354          * We are keeping this open check for now to avoid these panics.
 355          */
 356         if (csp->s_count == 0) {
 357                 mutex_exit(&csp->s_lock);
 358                 return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
 359         }
 360 
 361         /* Return non-cached UNKNOWN_SIZE if not attached. */
 362         if (((csp->s_flag & SDIPSET) == 0) || (csp->s_dip == NULL) ||
 363             !i_ddi_devi_attached(csp->s_dip)) {
 364                 mutex_exit(&csp->s_lock);
 365                 return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
 366         }
 367 
 368         devi = csp->s_dip;
 369 
 370         /*
 371          * Established cached size obtained from the attached driver. Since we
 372          * know the devinfo node, for efficiency we use cdev_prop_op directly
 373          * instead of [cb]dev_[Ss]size.
 374          */
 375         if (cvp->v_type == VCHR) {
 376                 size = 0;
 377                 plen = sizeof (size);
 378                 if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 379                     DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
 380                     DDI_PROP_CONSUMER_TYPED, "Size", (caddr_t)&size,
 381                     &plen) != DDI_PROP_SUCCESS) {
 382                         plen = sizeof (size32);
 383                         if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 384                             DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
 385                             "size", (caddr_t)&size32, &plen) ==
 386                             DDI_PROP_SUCCESS)
 387                                 size = size32;
 388                 }
 389         } else {
 390                 size = UNKNOWN_SIZE;
 391                 plen = sizeof (size);
 392                 if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 393                     DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
 394                     DDI_PROP_CONSUMER_TYPED, "Nblocks", (caddr_t)&size,
 395                     &plen) != DDI_PROP_SUCCESS) {
 396                         plen = sizeof (size32);
 397                         if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 398                             DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
 399                             "nblocks", (caddr_t)&size32, &plen) ==
 400                             DDI_PROP_SUCCESS)
 401                                 size = size32;
 402                 }
 403 
 404                 if (size != UNKNOWN_SIZE) {
 405                         blksize = DEV_BSIZE;            /* default */
 406                         plen = sizeof (blksize);
 407 
 408                         /* try to get dev_t specific "blksize" */
 409                         if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 410                             DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
 411                             "blksize", (caddr_t)&blksize, &plen) !=
 412                             DDI_PROP_SUCCESS) {
 413                                 /*
 414                                  * Try for dev_info node "device-blksize".
 415                                  * If this fails then blksize will still be
 416                                  * DEV_BSIZE default value.
 417                                  */
 418                                 (void) cdev_prop_op(DDI_DEV_T_ANY, devi,
 419                                     PROP_LEN_AND_VAL_BUF,
 420                                     DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
 421                                     "device-blksize", (caddr_t)&blksize, &plen);
 422                         }
 423 
 424                         /* blksize must be a power of two */
 425                         ASSERT(BIT_ONLYONESET(blksize));
 426                         blkshift = highbit(blksize) - 1;
 427 
 428                         /* convert from block size to byte size */
 429                         if (size < (MAXOFFSET_T >> blkshift))
 430                                 size = size << blkshift;
 431                         else
 432                                 size = UNKNOWN_SIZE;
 433                 }
 434         }
 435 
 436         csp->s_size = size;
 437         csp->s_flag |= SSIZEVALID;
 438 
 439         mutex_exit(&csp->s_lock);
 440         return (size);
 441 }
 442 
 443 /*
 444  * This function deal with vnode substitution in the case of
 445  * device cloning.
 446  */
 447 static int
 448 spec_clone(struct vnode **vpp, dev_t newdev, int vtype, struct stdata *stp)
 449 {
 450         dev_t           dev = (*vpp)->v_rdev;
 451         major_t         maj = getmajor(dev);
 452         major_t         newmaj = getmajor(newdev);
 453         int             sysclone = (maj == clone_major);
 454         int             qassociate_used = 0;
 455         struct snode    *oldsp, *oldcsp;
 456         struct snode    *newsp, *newcsp;
 457         struct vnode    *newvp, *newcvp;
 458         dev_info_t      *dip;
 459         queue_t         *dq;
 460 
 461         ASSERT(dev != newdev);
 462 
 463         /*
 464          * Check for cloning across different drivers.
 465          * We only support this under the system provided clone driver
 466          */
 467         if ((maj != newmaj) && !sysclone) {
 468                 cmn_err(CE_NOTE,
 469                     "unsupported clone open maj = %u, newmaj = %u",
 470                     maj, newmaj);
 471                 return (ENXIO);
 472         }
 473 
 474         /* old */
 475         oldsp = VTOS(*vpp);
 476         oldcsp = VTOS(oldsp->s_commonvp);
 477 
 478         /* new */
 479         newvp = makespecvp(newdev, vtype);
 480         ASSERT(newvp != NULL);
 481         newsp = VTOS(newvp);
 482         newcvp = newsp->s_commonvp;
 483         newcsp = VTOS(newcvp);
 484 
 485         /*
 486          * Clones inherit fsid, realvp, and dip.
 487          * XXX realvp inherit is not occurring, does fstat of clone work?
 488          */
 489         newsp->s_fsid = oldsp->s_fsid;
 490         if (sysclone) {
 491                 newsp->s_flag |= SCLONE;
 492                 dip = NULL;
 493         } else {
 494                 newsp->s_flag |= SSELFCLONE;
 495                 dip = oldcsp->s_dip;
 496         }
 497 
 498         /*
 499          * If we cloned to an opened newdev that already has called
 500          * spec_assoc_vp_with_devi (SDIPSET set) then the association is
 501          * already established.
 502          */
 503         if (!(newcsp->s_flag & SDIPSET)) {
 504                 /*
 505                  * Establish s_dip association for newdev.
 506                  *
 507                  * If we trusted the getinfo(9E) DDI_INFO_DEVT2INSTANCE
 508                  * implementation of all cloning drivers  (SCLONE and SELFCLONE)
 509                  * we would always use e_ddi_hold_devi_by_dev().  We know that
 510                  * many drivers have had (still have?) problems with
 511                  * DDI_INFO_DEVT2INSTANCE, so we try to minimize reliance by
 512                  * detecting drivers that use QASSOCIATE (by looking down the
 513                  * stream) and setting their s_dip association to NULL.
 514                  */
 515                 qassociate_used = 0;
 516                 if (stp) {
 517                         for (dq = stp->sd_wrq; dq; dq = dq->q_next) {
 518                                 if (_RD(dq)->q_flag & _QASSOCIATED) {
 519                                         qassociate_used = 1;
 520                                         dip = NULL;
 521                                         break;
 522                                 }
 523                         }
 524                 }
 525 
 526                 if (dip || qassociate_used) {
 527                         spec_assoc_vp_with_devi(newvp, dip);
 528                 } else {
 529                         /* derive association from newdev */
 530                         dip = e_ddi_hold_devi_by_dev(newdev, 0);
 531                         spec_assoc_vp_with_devi(newvp, dip);
 532                         if (dip)
 533                                 ddi_release_devi(dip);
 534                 }
 535         }
 536 
 537         SN_HOLD(newcsp);
 538 
 539         /* deal with stream stuff */
 540         if (stp != NULL) {
 541                 LOCK_CSP(newcsp);       /* synchronize stream open/close */
 542                 mutex_enter(&newcsp->s_lock);
 543                 newcvp->v_stream = newvp->v_stream = stp;
 544                 stp->sd_vnode = newcvp;
 545                 stp->sd_strtab = STREAMSTAB(newmaj);
 546                 mutex_exit(&newcsp->s_lock);
 547                 UNLOCK_CSP(newcsp);
 548         }
 549 
 550         /* substitute the vnode */
 551         SN_RELE(oldcsp);
 552         VN_RELE(*vpp);
 553         *vpp = newvp;
 554 
 555         return (0);
 556 }
 557 
 558 static int
 559 spec_open(struct vnode **vpp, int flag, struct cred *cr, caller_context_t *cc)
 560 {
 561         major_t maj;
 562         dev_t dev, newdev;
 563         struct vnode *vp, *cvp;
 564         struct snode *sp, *csp;
 565         struct stdata *stp;
 566         dev_info_t *dip;
 567         int error, type;
 568         contract_t *ct = NULL;
 569         int open_returns_eintr;
 570         slock_ret_t spec_locksp_ret;
 571 
 572 
 573         flag &= ~FCREAT;            /* paranoia */
 574 
 575         vp = *vpp;
 576         sp = VTOS(vp);
 577         ASSERT((vp->v_type == VCHR) || (vp->v_type == VBLK));
 578         if ((vp->v_type != VCHR) && (vp->v_type != VBLK))
 579                 return (ENXIO);
 580 
 581         /*
 582          * If the VFS_NODEVICES bit was set for the mount,
 583          * do not allow opens of special devices.
 584          */
 585         if (sp->s_realvp && (sp->s_realvp->v_vfsp->vfs_flag & VFS_NODEVICES))
 586                 return (ENXIO);
 587 
 588         newdev = dev = vp->v_rdev;
 589 
 590         /*
 591          * If we are opening a node that has not had spec_assoc_vp_with_devi
 592          * called against it (mknod outside /devices or a non-dacf makespecvp
 593          * node) then SDIPSET will not be set. In this case we call an
 594          * interface which will reconstruct the path and lookup (drive attach)
 595          * through devfs (e_ddi_hold_devi_by_dev -> e_ddi_hold_devi_by_path ->
 596          * devfs_lookupname).  For support of broken drivers that don't call
 597          * ddi_create_minor_node for all minor nodes in their instance space,
 598          * we call interfaces that operates at the directory/devinfo
 599          * (major/instance) level instead of to the leaf/minor node level.
 600          * After finding and attaching the dip we associate it with the
 601          * common specfs vnode (s_dip), which sets SDIPSET.  A DL_DETACH_REQ
 602          * to style-2 stream driver may set s_dip to NULL with SDIPSET set.
 603          *
 604          * NOTE: Although e_ddi_hold_devi_by_dev takes a dev_t argument, its
 605          * implementation operates at the major/instance level since it only
 606          * need to return a dip.
 607          */
 608         cvp = sp->s_commonvp;
 609         csp = VTOS(cvp);
 610         if (!(csp->s_flag & SDIPSET)) {
 611                 /* try to attach, return error if we fail */
 612                 if ((dip = e_ddi_hold_devi_by_dev(dev, 0)) == NULL)
 613                         return (ENXIO);
 614 
 615                 /* associate dip with the common snode s_dip */
 616                 spec_assoc_vp_with_devi(vp, dip);
 617                 ddi_release_devi(dip);  /* from e_ddi_hold_devi_by_dev */
 618         }
 619 
 620         /* check if device fenced off */
 621         if (S_ISFENCED(sp))
 622                 return (ENXIO);
 623 
 624 #ifdef  DEBUG
 625         /* verify attach/open exclusion guarantee */
 626         dip = csp->s_dip;
 627         ASSERT((dip == NULL) || i_ddi_devi_attached(dip));
 628 #endif  /* DEBUG */
 629 
 630         if ((error = secpolicy_spec_open(cr, vp, flag)) != 0)
 631                 return (error);
 632 
 633         /* Verify existance of open(9E) implementation. */
 634         maj = getmajor(dev);
 635         if ((maj >= devcnt) ||
 636             (devopsp[maj]->devo_cb_ops == NULL) ||
 637             (devopsp[maj]->devo_cb_ops->cb_open == NULL))
 638                 return (ENXIO);
 639 
 640         /*
 641          * split STREAMS vs. non-STREAMS
 642          *
 643          * If the device is a dual-personality device, then we might want
 644          * to allow for a regular OTYP_BLK open.  If however it's strictly
 645          * a pure STREAMS device, the cb_open entry point will be
 646          * nodev() which returns ENXIO.  This does make this failure path
 647          * somewhat longer, but such attempts to use OTYP_BLK with STREAMS
 648          * devices should be exceedingly rare.  (Most of the time they will
 649          * be due to programmer error.)
 650          */
 651         if ((vp->v_type == VCHR) && (STREAMSTAB(maj)))
 652                 goto streams_open;
 653 
 654 not_streams:
 655         /*
 656          * Wait for in progress last close to complete. This guarantees
 657          * to the driver writer that we will never be in the drivers
 658          * open and close on the same (dev_t, otype) at the same time.
 659          * Open count already incremented (SN_HOLD) on non-zero return.
 660          * The wait is interruptible by a signal if the driver sets the
 661          * D_OPEN_RETURNS_EINTR cb_ops(9S) cb_flag or sets the
 662          * ddi-open-returns-eintr(9P) property in its driver.conf.
 663          */
 664         if ((devopsp[maj]->devo_cb_ops->cb_flag & D_OPEN_RETURNS_EINTR) ||
 665             (devnamesp[maj].dn_flags & DN_OPEN_RETURNS_EINTR))
 666                 open_returns_eintr = 1;
 667         else
 668                 open_returns_eintr = 0;
 669         while ((spec_locksp_ret = SYNCHOLD_CSP_SIG(csp, open_returns_eintr)) !=
 670             SUCCESS) {
 671                 if (spec_locksp_ret == INTR)
 672                         return (EINTR);
 673         }
 674 
 675         /* non streams open */
 676         type = (vp->v_type == VBLK ? OTYP_BLK : OTYP_CHR);
 677         error = dev_open(&newdev, flag, type, cr);
 678 
 679         /* deal with clone case */
 680         if (error == 0 && dev != newdev) {
 681                 error = spec_clone(vpp, newdev, vp->v_type, NULL);
 682                 /*
 683                  * bail on clone failure, further processing
 684                  * results in undefined behaviors.
 685                  */
 686                 if (error != 0)
 687                         return (error);
 688                 sp = VTOS(*vpp);
 689                 csp = VTOS(sp->s_commonvp);
 690         }
 691 
 692         /*
 693          * create contracts only for userland opens
 694          * Successful open and cloning is done at this point.
 695          */
 696         if (error == 0 && !(flag & FKLYR)) {
 697                 int spec_type;
 698                 spec_type = (STOV(csp)->v_type == VCHR) ? S_IFCHR : S_IFBLK;
 699                 if (contract_device_open(newdev, spec_type, NULL) != 0) {
 700                         error = EIO;
 701                 }
 702         }
 703 
 704         if (error == 0) {
 705                 sp->s_size = SPEC_SIZE(csp);
 706 
 707                 if ((csp->s_flag & SNEEDCLOSE) == 0) {
 708                         int nmaj = getmajor(newdev);
 709                         mutex_enter(&csp->s_lock);
 710                         /* successful open needs a close later */
 711                         csp->s_flag |= SNEEDCLOSE;
 712 
 713                         /*
 714                          * Invalidate possible cached "unknown" size
 715                          * established by a VOP_GETATTR while open was in
 716                          * progress, and the driver might fail prop_op(9E).
 717                          */
 718                         if (((cvp->v_type == VCHR) && (csp->s_size == 0)) ||
 719                             ((cvp->v_type == VBLK) &&
 720                             (csp->s_size == UNKNOWN_SIZE)))
 721                                 csp->s_flag &= ~SSIZEVALID;
 722 
 723                         if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_64BIT)
 724                                 csp->s_flag |= SLOFFSET;
 725                         if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_U64BIT)
 726                                 csp->s_flag |= SLOFFSET | SANYOFFSET;
 727                         mutex_exit(&csp->s_lock);
 728                 }
 729                 return (0);
 730         }
 731 
 732         /*
 733          * Open failed. If we missed a close operation because
 734          * we were trying to get the device open and it is the
 735          * last in progress open that is failing then call close.
 736          *
 737          * NOTE: Only non-streams open has this race condition.
 738          */
 739         mutex_enter(&csp->s_lock);
 740         csp->s_count--;                      /* decrement open count : SN_RELE */
 741         if ((csp->s_count == 0) &&   /* no outstanding open */
 742             (csp->s_mapcnt == 0) &&  /* no mapping */
 743             (csp->s_flag & SNEEDCLOSE)) { /* need a close */
 744                 csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
 745 
 746                 /* See comment in spec_close() */
 747                 if (csp->s_flag & (SCLONE | SSELFCLONE))
 748                         csp->s_flag &= ~SDIPSET;
 749 
 750                 csp->s_flag |= SCLOSING;
 751                 mutex_exit(&csp->s_lock);
 752 
 753                 ASSERT(*vpp != NULL);
 754                 (void) device_close(*vpp, flag, cr);
 755 
 756                 mutex_enter(&csp->s_lock);
 757                 csp->s_flag &= ~SCLOSING;
 758                 mutex_exit(&csp->s_lock);
 759         } else {
 760                 mutex_exit(&csp->s_lock);
 761         }
 762         return (error);
 763 
 764 streams_open:
 765         /*
 766          * Lock common snode to prevent any new clone opens on this
 767          * stream while one is in progress. This is necessary since
 768          * the stream currently associated with the clone device will
 769          * not be part of it after the clone open completes. Unfortunately
 770          * we don't know in advance if this is a clone
 771          * device so we have to lock all opens.
 772          *
 773          * If we fail, it's because of an interrupt - EINTR return is an
 774          * expected aspect of opening a stream so we don't need to check
 775          * D_OPEN_RETURNS_EINTR. Open count already incremented (SN_HOLD)
 776          * on non-zero return.
 777          */
 778         if (LOCKHOLD_CSP_SIG(csp) != SUCCESS)
 779                 return (EINTR);
 780 
 781         error = stropen(cvp, &newdev, flag, cr);
 782         stp = cvp->v_stream;
 783 
 784         /* deal with the clone case */
 785         if ((error == 0) && (dev != newdev)) {
 786                 vp->v_stream = cvp->v_stream = NULL;
 787                 UNLOCK_CSP(csp);
 788                 error = spec_clone(vpp, newdev, vp->v_type, stp);
 789                 /*
 790                  * bail on clone failure, further processing
 791                  * results in undefined behaviors.
 792                  */
 793                 if (error != 0)
 794                         return (error);
 795                 sp = VTOS(*vpp);
 796                 csp = VTOS(sp->s_commonvp);
 797         } else if (error == 0) {
 798                 vp->v_stream = stp;
 799                 UNLOCK_CSP(csp);
 800         }
 801 
 802         /*
 803          * create contracts only for userland opens
 804          * Successful open and cloning is done at this point.
 805          */
 806         if (error == 0 && !(flag & FKLYR)) {
 807                 /* STREAM is of type S_IFCHR */
 808                 if (contract_device_open(newdev, S_IFCHR, &ct) != 0) {
 809                         UNLOCK_CSP(csp);
 810                         (void) spec_close(vp, flag, 1, 0, cr, cc);
 811                         return (EIO);
 812                 }
 813         }
 814 
 815         if (error == 0) {
 816                 /* STREAMS devices don't have a size */
 817                 sp->s_size = csp->s_size = 0;
 818 
 819                 if (!(stp->sd_flag & STRISTTY) || (flag & FNOCTTY))
 820                         return (0);
 821 
 822                 /* try to allocate it as a controlling terminal */
 823                 if (strctty(stp) != EINTR)
 824                         return (0);
 825 
 826                 /* strctty() was interrupted by a signal */
 827                 if (ct) {
 828                         /* we only create contracts for userland opens */
 829                         ASSERT(ttoproc(curthread));
 830                         (void) contract_abandon(ct, ttoproc(curthread), 0);
 831                 }
 832                 (void) spec_close(vp, flag, 1, 0, cr, cc);
 833                 return (EINTR);
 834         }
 835 
 836         /*
 837          * Deal with stropen failure.
 838          *
 839          * sd_flag in the stream head cannot change since the
 840          * common snode is locked before the call to stropen().
 841          */
 842         if ((stp != NULL) && (stp->sd_flag & STREOPENFAIL)) {
 843                 /*
 844                  * Open failed part way through.
 845                  */
 846                 mutex_enter(&stp->sd_lock);
 847                 stp->sd_flag &= ~STREOPENFAIL;
 848                 mutex_exit(&stp->sd_lock);
 849 
 850                 UNLOCK_CSP(csp);
 851                 (void) spec_close(vp, flag, 1, 0, cr, cc);
 852         } else {
 853                 UNLOCK_CSP(csp);
 854                 SN_RELE(csp);
 855         }
 856 
 857         /*
 858          * Resolution for STREAMS vs. regular character device: If the
 859          * STREAMS open(9e) returns ENOSTR, then try an ordinary device
 860          * open instead.
 861          */
 862         if (error == ENOSTR) {
 863                 goto not_streams;
 864         }
 865         return (error);
 866 }
 867 
 868 /*ARGSUSED2*/
 869 static int
 870 spec_close(
 871         struct vnode    *vp,
 872         int             flag,
 873         int             count,
 874         offset_t        offset,
 875         struct cred     *cr,
 876         caller_context_t *ct)
 877 {
 878         struct vnode *cvp;
 879         struct snode *sp, *csp;
 880         enum vtype type;
 881         dev_t dev;
 882         int error = 0;
 883         int sysclone;
 884 
 885         if (!(flag & FKLYR)) {
 886                 /* this only applies to closes of devices from userland */
 887                 cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
 888                 cleanshares(vp, ttoproc(curthread)->p_pid);
 889                 if (vp->v_stream)
 890                         strclean(vp);
 891         }
 892         if (count > 1)
 893                 return (0);
 894 
 895         /* we allow close to succeed even if device is fenced off */
 896         sp = VTOS(vp);
 897         cvp = sp->s_commonvp;
 898 
 899         dev = sp->s_dev;
 900         type = vp->v_type;
 901 
 902         ASSERT(type == VCHR || type == VBLK);
 903 
 904         /*
 905          * Prevent close/close and close/open races by serializing closes
 906          * on this common snode. Clone opens are held up until after
 907          * we have closed this device so the streams linkage is maintained
 908          */
 909         csp = VTOS(cvp);
 910 
 911         LOCK_CSP(csp);
 912         mutex_enter(&csp->s_lock);
 913 
 914         csp->s_count--;                      /* one fewer open reference : SN_RELE */
 915         sysclone = sp->s_flag & SCLONE;
 916 
 917         /*
 918          * Invalidate size on each close.
 919          *
 920          * XXX We do this on each close because we don't have interfaces that
 921          * allow a driver to invalidate the size.  Since clearing this on each
 922          * close this causes property overhead we skip /dev/null and
 923          * /dev/zero to avoid degrading kenbus performance.
 924          */
 925         if (getmajor(dev) != mm_major)
 926                 csp->s_flag &= ~SSIZEVALID;
 927 
 928         /*
 929          * Only call the close routine when the last open reference through
 930          * any [s, v]node goes away.  This can be checked by looking at
 931          * s_count on the common vnode.
 932          */
 933         if ((csp->s_count == 0) && (csp->s_mapcnt == 0)) {
 934                 /* we don't need a close */
 935                 csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
 936 
 937                 /*
 938                  * A cloning driver may open-clone to the same dev_t that we
 939                  * are closing before spec_inactive destroys the common snode.
 940                  * If this occurs the s_dip association needs to be reevaluated.
 941                  * We clear SDIPSET to force reevaluation in this case.  When
 942                  * reevaluation occurs (by spec_clone after open), if the
 943                  * devinfo association has changed then the old association
 944                  * will be released as the new association is established by
 945                  * spec_assoc_vp_with_devi().
 946                  */
 947                 if (csp->s_flag & (SCLONE | SSELFCLONE))
 948                         csp->s_flag &= ~SDIPSET;
 949 
 950                 csp->s_flag |= SCLOSING;
 951                 mutex_exit(&csp->s_lock);
 952                 error = device_close(vp, flag, cr);
 953 
 954                 /*
 955                  * Decrement the devops held in clnopen()
 956                  */
 957                 if (sysclone) {
 958                         ddi_rele_driver(getmajor(dev));
 959                 }
 960                 mutex_enter(&csp->s_lock);
 961                 csp->s_flag &= ~SCLOSING;
 962         }
 963 
 964         UNLOCK_CSP_LOCK_HELD(csp);
 965         mutex_exit(&csp->s_lock);
 966 
 967         return (error);
 968 }
 969 
 970 /*ARGSUSED2*/
 971 static int
 972 spec_read(
 973         struct vnode    *vp,
 974         struct uio      *uiop,
 975         int             ioflag,
 976         struct cred     *cr,
 977         caller_context_t *ct)
 978 {
 979         int error;
 980         struct snode *sp = VTOS(vp);
 981         dev_t dev = sp->s_dev;
 982         size_t n;
 983         ulong_t on;
 984         u_offset_t bdevsize;
 985         offset_t maxoff;
 986         offset_t off;
 987         struct vnode *blkvp;
 988 
 989         ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
 990 
 991         if (vp->v_stream) {
 992                 ASSERT(vp->v_type == VCHR);
 993                 smark(sp, SACC);
 994                 return (strread(vp, uiop, cr));
 995         }
 996 
 997         if (uiop->uio_resid == 0)
 998                 return (0);
 999 
1000         /*
1001          * Plain old character devices that set D_U64BIT can have
1002          * unrestricted offsets.
1003          */
1004         maxoff = spec_maxoffset(vp);
1005         ASSERT(maxoff != -1 || vp->v_type == VCHR);
1006 
1007         if (maxoff != -1 && (uiop->uio_loffset < 0 ||
1008             uiop->uio_loffset + uiop->uio_resid > maxoff))
1009                 return (EINVAL);
1010 
1011         if (vp->v_type == VCHR) {
1012                 smark(sp, SACC);
1013                 ASSERT(vp->v_stream == NULL);
1014                 return (cdev_read(dev, uiop, cr));
1015         }
1016 
1017         /*
1018          * Block device.
1019          */
1020         error = 0;
1021         blkvp = sp->s_commonvp;
1022         bdevsize = SPEC_SIZE(VTOS(blkvp));
1023 
1024         do {
1025                 caddr_t base;
1026                 offset_t diff;
1027 
1028                 off = uiop->uio_loffset & (offset_t)MAXBMASK;
1029                 on = (size_t)(uiop->uio_loffset & MAXBOFFSET);
1030                 n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
1031                 diff = bdevsize - uiop->uio_loffset;
1032 
1033                 if (diff <= 0)
1034                         break;
1035                 if (diff < n)
1036                         n = (size_t)diff;
1037 
1038                 if (vpm_enable) {
1039                         error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1040                             n, uiop, 1, NULL, 0, S_READ);
1041                 } else {
1042                         base = segmap_getmapflt(segkmap, blkvp,
1043                             (u_offset_t)(off + on), n, 1, S_READ);
1044 
1045                         error = uiomove(base + on, n, UIO_READ, uiop);
1046                 }
1047                 if (!error) {
1048                         int flags = 0;
1049                         /*
1050                          * If we read a whole block, we won't need this
1051                          * buffer again soon.
1052                          */
1053                         if (n + on == MAXBSIZE)
1054                                 flags = SM_DONTNEED | SM_FREE;
1055                         if (vpm_enable) {
1056                                 error = vpm_sync_pages(blkvp, off, n, flags);
1057                         } else {
1058                                 error = segmap_release(segkmap, base, flags);
1059                         }
1060                 } else {
1061                         if (vpm_enable) {
1062                                 (void) vpm_sync_pages(blkvp, off, n, 0);
1063                         } else {
1064                                 (void) segmap_release(segkmap, base, 0);
1065                         }
1066                         if (bdevsize == UNKNOWN_SIZE) {
1067                                 error = 0;
1068                                 break;
1069                         }
1070                 }
1071         } while (error == 0 && uiop->uio_resid > 0 && n != 0);
1072 
1073         return (error);
1074 }
1075 
1076 /*ARGSUSED*/
1077 static int
1078 spec_write(
1079         struct vnode *vp,
1080         struct uio *uiop,
1081         int ioflag,
1082         struct cred *cr,
1083         caller_context_t *ct)
1084 {
1085         int error;
1086         struct snode *sp = VTOS(vp);
1087         dev_t dev = sp->s_dev;
1088         size_t n;
1089         ulong_t on;
1090         u_offset_t bdevsize;
1091         offset_t maxoff;
1092         offset_t off;
1093         struct vnode *blkvp;
1094 
1095         ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
1096 
1097         if (vp->v_stream) {
1098                 ASSERT(vp->v_type == VCHR);
1099                 smark(sp, SUPD);
1100                 return (strwrite(vp, uiop, cr));
1101         }
1102 
1103         /*
1104          * Plain old character devices that set D_U64BIT can have
1105          * unrestricted offsets.
1106          */
1107         maxoff = spec_maxoffset(vp);
1108         ASSERT(maxoff != -1 || vp->v_type == VCHR);
1109 
1110         if (maxoff != -1 && (uiop->uio_loffset < 0 ||
1111             uiop->uio_loffset + uiop->uio_resid > maxoff))
1112                 return (EINVAL);
1113 
1114         if (vp->v_type == VCHR) {
1115                 smark(sp, SUPD);
1116                 ASSERT(vp->v_stream == NULL);
1117                 return (cdev_write(dev, uiop, cr));
1118         }
1119 
1120         if (uiop->uio_resid == 0)
1121                 return (0);
1122 
1123         error = 0;
1124         blkvp = sp->s_commonvp;
1125         bdevsize = SPEC_SIZE(VTOS(blkvp));
1126 
1127         do {
1128                 int pagecreate;
1129                 int newpage;
1130                 caddr_t base;
1131                 offset_t diff;
1132 
1133                 off = uiop->uio_loffset & (offset_t)MAXBMASK;
1134                 on = (ulong_t)(uiop->uio_loffset & MAXBOFFSET);
1135                 n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
1136                 pagecreate = 0;
1137 
1138                 diff = bdevsize - uiop->uio_loffset;
1139                 if (diff <= 0) {
1140                         error = ENXIO;
1141                         break;
1142                 }
1143                 if (diff < n)
1144                         n = (size_t)diff;
1145 
1146                 /*
1147                  * Check to see if we can skip reading in the page
1148                  * and just allocate the memory.  We can do this
1149                  * if we are going to rewrite the entire mapping
1150                  * or if we are going to write to end of the device
1151                  * from the beginning of the mapping.
1152                  */
1153                 if (n == MAXBSIZE || (on == 0 && (off + n) == bdevsize))
1154                         pagecreate = 1;
1155 
1156                 newpage = 0;
1157 
1158                 /*
1159                  * Touch the page and fault it in if it is not in core
1160                  * before segmap_getmapflt or vpm_data_copy can lock it.
1161                  * This is to avoid the deadlock if the buffer is mapped
1162                  * to the same file through mmap which we want to write.
1163                  */
1164                 uio_prefaultpages((long)n, uiop);
1165 
1166                 if (vpm_enable) {
1167                         error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1168                             n, uiop, !pagecreate, NULL, 0, S_WRITE);
1169                 } else {
1170                         base = segmap_getmapflt(segkmap, blkvp,
1171                             (u_offset_t)(off + on), n, !pagecreate, S_WRITE);
1172 
1173                         /*
1174                          * segmap_pagecreate() returns 1 if it calls
1175                          * page_create_va() to allocate any pages.
1176                          */
1177 
1178                         if (pagecreate)
1179                                 newpage = segmap_pagecreate(segkmap, base + on,
1180                                     n, 0);
1181 
1182                         error = uiomove(base + on, n, UIO_WRITE, uiop);
1183                 }
1184 
1185                 if (!vpm_enable && pagecreate &&
1186                     uiop->uio_loffset <
1187                     P2ROUNDUP_TYPED(off + on + n, PAGESIZE, offset_t)) {
1188                         /*
1189                          * We created pages w/o initializing them completely,
1190                          * thus we need to zero the part that wasn't set up.
1191                          * This can happen if we write to the end of the device
1192                          * or if we had some sort of error during the uiomove.
1193                          */
1194                         long nzero;
1195                         offset_t nmoved;
1196 
1197                         nmoved = (uiop->uio_loffset - (off + on));
1198                         if (nmoved < 0 || nmoved > n) {
1199                                 panic("spec_write: nmoved bogus");
1200                                 /*NOTREACHED*/
1201                         }
1202                         nzero = (long)P2ROUNDUP(on + n, PAGESIZE) -
1203                             (on + nmoved);
1204                         if (nzero < 0 || (on + nmoved + nzero > MAXBSIZE)) {
1205                                 panic("spec_write: nzero bogus");
1206                                 /*NOTREACHED*/
1207                         }
1208                         (void) kzero(base + on + nmoved, (size_t)nzero);
1209                 }
1210 
1211                 /*
1212                  * Unlock the pages which have been allocated by
1213                  * page_create_va() in segmap_pagecreate().
1214                  */
1215                 if (!vpm_enable && newpage)
1216                         segmap_pageunlock(segkmap, base + on,
1217                             (size_t)n, S_WRITE);
1218 
1219                 if (error == 0) {
1220                         int flags = 0;
1221 
1222                         /*
1223                          * Force write back for synchronous write cases.
1224                          */
1225                         if (ioflag & (FSYNC|FDSYNC))
1226                                 flags = SM_WRITE;
1227                         else if (n + on == MAXBSIZE || IS_SWAPVP(vp)) {
1228                                 /*
1229                                  * Have written a whole block.
1230                                  * Start an asynchronous write and
1231                                  * mark the buffer to indicate that
1232                                  * it won't be needed again soon.
1233                                  * Push swap files here, since it
1234                                  * won't happen anywhere else.
1235                                  */
1236                                 flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
1237                         }
1238                         smark(sp, SUPD|SCHG);
1239                         if (vpm_enable) {
1240                                 error = vpm_sync_pages(blkvp, off, n, flags);
1241                         } else {
1242                                 error = segmap_release(segkmap, base, flags);
1243                         }
1244                 } else {
1245                         if (vpm_enable) {
1246                                 (void) vpm_sync_pages(blkvp, off, n, SM_INVAL);
1247                         } else {
1248                                 (void) segmap_release(segkmap, base, SM_INVAL);
1249                         }
1250                 }
1251 
1252         } while (error == 0 && uiop->uio_resid > 0 && n != 0);
1253 
1254         return (error);
1255 }
1256 
1257 /*ARGSUSED6*/
1258 static int
1259 spec_ioctl(struct vnode *vp, int cmd, intptr_t arg, int mode, struct cred *cr,
1260     int *rvalp, caller_context_t *ct)
1261 {
1262         struct snode *sp;
1263         dev_t dev;
1264         int error;
1265 
1266         if (vp->v_type != VCHR)
1267                 return (ENOTTY);
1268 
1269         /*
1270          * allow ioctls() to go through even for fenced snodes, as they
1271          * may include unconfiguration operation - for example popping of
1272          * streams modules.
1273          */
1274 
1275         sp = VTOS(vp);
1276         dev = sp->s_dev;
1277         if (vp->v_stream) {
1278                 error = strioctl(vp, cmd, arg, mode, U_TO_K, cr, rvalp);
1279         } else {
1280                 error = cdev_ioctl(dev, cmd, arg, mode, cr, rvalp);
1281         }
1282         return (error);
1283 }
1284 
1285 static int
1286 spec_getattr(
1287         struct vnode *vp,
1288         struct vattr *vap,
1289         int flags,
1290         struct cred *cr,
1291         caller_context_t *ct)
1292 {
1293         int error;
1294         struct snode *sp;
1295         struct vnode *realvp;
1296 
1297         /* With ATTR_COMM we will not get attributes from realvp */
1298         if (flags & ATTR_COMM) {
1299                 sp = VTOS(vp);
1300                 vp = sp->s_commonvp;
1301         }
1302         sp = VTOS(vp);
1303 
1304         /* we want stat() to fail with ENXIO if the device is fenced off */
1305         if (S_ISFENCED(sp))
1306                 return (ENXIO);
1307 
1308         realvp = sp->s_realvp;
1309 
1310         if (realvp == NULL) {
1311                 static int snode_shift  = 0;
1312 
1313                 /*
1314                  * Calculate the amount of bitshift to a snode pointer which
1315                  * will still keep it unique.  See below.
1316                  */
1317                 if (snode_shift == 0)
1318                         snode_shift = highbit(sizeof (struct snode));
1319                 ASSERT(snode_shift > 0);
1320 
1321                 /*
1322                  * No real vnode behind this one.  Fill in the fields
1323                  * from the snode.
1324                  *
1325                  * This code should be refined to return only the
1326                  * attributes asked for instead of all of them.
1327                  */
1328                 vap->va_type = vp->v_type;
1329                 vap->va_mode = 0;
1330                 vap->va_uid = vap->va_gid = 0;
1331                 vap->va_fsid = sp->s_fsid;
1332 
1333                 /*
1334                  * If the va_nodeid is > MAX_USHORT, then i386 stats might
1335                  * fail. So we shift down the snode pointer to try and get
1336                  * the most uniqueness into 16-bits.
1337                  */
1338                 vap->va_nodeid = ((ino64_t)(uintptr_t)sp >> snode_shift) &
1339                     0xFFFF;
1340                 vap->va_nlink = 0;
1341                 vap->va_rdev = sp->s_dev;
1342 
1343                 /*
1344                  * va_nblocks is the number of 512 byte blocks used to store
1345                  * the mknod for the device, not the number of blocks on the
1346                  * device itself.  This is typically zero since the mknod is
1347                  * represented directly in the inode itself.
1348                  */
1349                 vap->va_nblocks = 0;
1350         } else {
1351                 error = VOP_GETATTR(realvp, vap, flags, cr, ct);
1352                 if (error != 0)
1353                         return (error);
1354         }
1355 
1356         /* set the size from the snode */
1357         vap->va_size = SPEC_SIZE(VTOS(sp->s_commonvp));
1358         vap->va_blksize = MAXBSIZE;
1359 
1360         mutex_enter(&sp->s_lock);
1361         vap->va_atime.tv_sec = sp->s_atime;
1362         vap->va_mtime.tv_sec = sp->s_mtime;
1363         vap->va_ctime.tv_sec = sp->s_ctime;
1364         mutex_exit(&sp->s_lock);
1365 
1366         vap->va_atime.tv_nsec = 0;
1367         vap->va_mtime.tv_nsec = 0;
1368         vap->va_ctime.tv_nsec = 0;
1369         vap->va_seq = 0;
1370 
1371         return (0);
1372 }
1373 
1374 static int
1375 spec_setattr(
1376         struct vnode *vp,
1377         struct vattr *vap,
1378         int flags,
1379         struct cred *cr,
1380         caller_context_t *ct)
1381 {
1382         struct snode *sp = VTOS(vp);
1383         struct vnode *realvp;
1384         int error;
1385 
1386         /* fail with ENXIO if the device is fenced off */
1387         if (S_ISFENCED(sp))
1388                 return (ENXIO);
1389 
1390         if (vp->v_type == VCHR && vp->v_stream && (vap->va_mask & AT_SIZE)) {
1391                 /*
1392                  * 1135080:     O_TRUNC should have no effect on
1393                  *              named pipes and terminal devices.
1394                  */
1395                 ASSERT(vap->va_mask == AT_SIZE);
1396                 return (0);
1397         }
1398 
1399         if ((realvp = sp->s_realvp) == NULL)
1400                 error = 0;      /* no real vnode to update */
1401         else
1402                 error = VOP_SETATTR(realvp, vap, flags, cr, ct);
1403         if (error == 0) {
1404                 /*
1405                  * If times were changed, update snode.
1406                  */
1407                 mutex_enter(&sp->s_lock);
1408                 if (vap->va_mask & AT_ATIME)
1409                         sp->s_atime = vap->va_atime.tv_sec;
1410                 if (vap->va_mask & AT_MTIME) {
1411                         sp->s_mtime = vap->va_mtime.tv_sec;
1412                         sp->s_ctime = gethrestime_sec();
1413                 }
1414                 mutex_exit(&sp->s_lock);
1415         }
1416         return (error);
1417 }
1418 
1419 static int
1420 spec_access(
1421         struct vnode *vp,
1422         int mode,
1423         int flags,
1424         struct cred *cr,
1425         caller_context_t *ct)
1426 {
1427         struct vnode *realvp;
1428         struct snode *sp = VTOS(vp);
1429 
1430         /* fail with ENXIO if the device is fenced off */
1431         if (S_ISFENCED(sp))
1432                 return (ENXIO);
1433 
1434         if ((realvp = sp->s_realvp) != NULL)
1435                 return (VOP_ACCESS(realvp, mode, flags, cr, ct));
1436         else
1437                 return (0);     /* Allow all access. */
1438 }
1439 
1440 /*
1441  * This can be called if creat or an open with O_CREAT is done on the root
1442  * of a lofs mount where the mounted entity is a special file.
1443  */
1444 /*ARGSUSED*/
1445 static int
1446 spec_create(
1447         struct vnode *dvp,
1448         char *name,
1449         vattr_t *vap,
1450         enum vcexcl excl,
1451         int mode,
1452         struct vnode **vpp,
1453         struct cred *cr,
1454         int flag,
1455         caller_context_t *ct,
1456         vsecattr_t *vsecp)
1457 {
1458         int error;
1459         struct snode *sp = VTOS(dvp);
1460 
1461         /* fail with ENXIO if the device is fenced off */
1462         if (S_ISFENCED(sp))
1463                 return (ENXIO);
1464 
1465         ASSERT(dvp && (dvp->v_flag & VROOT) && *name == '\0');
1466         if (excl == NONEXCL) {
1467                 if (mode && (error = spec_access(dvp, mode, 0, cr, ct)))
1468                         return (error);
1469                 VN_HOLD(dvp);
1470                 return (0);
1471         }
1472         return (EEXIST);
1473 }
1474 
1475 /*
1476  * In order to sync out the snode times without multi-client problems,
1477  * make sure the times written out are never earlier than the times
1478  * already set in the vnode.
1479  */
1480 static int
1481 spec_fsync(
1482         struct vnode *vp,
1483         int syncflag,
1484         struct cred *cr,
1485         caller_context_t *ct)
1486 {
1487         struct snode *sp = VTOS(vp);
1488         struct vnode *realvp;
1489         struct vnode *cvp;
1490         struct vattr va, vatmp;
1491 
1492         /* allow syncing even if device is fenced off */
1493 
1494         /* If times didn't change, don't flush anything. */
1495         mutex_enter(&sp->s_lock);
1496         if ((sp->s_flag & (SACC|SUPD|SCHG)) == 0 && vp->v_type != VBLK) {
1497                 mutex_exit(&sp->s_lock);
1498                 return (0);
1499         }
1500         sp->s_flag &= ~(SACC|SUPD|SCHG);
1501         mutex_exit(&sp->s_lock);
1502         cvp = sp->s_commonvp;
1503         realvp = sp->s_realvp;
1504 
1505         if (vp->v_type == VBLK && cvp != vp && vn_has_cached_data(cvp) &&
1506             (cvp->v_flag & VISSWAP) == 0)
1507                 (void) VOP_PUTPAGE(cvp, (offset_t)0, 0, 0, cr, ct);
1508 
1509         /*
1510          * For devices that support it, force write cache to stable storage.
1511          * We don't need the lock to check s_flags since we can treat
1512          * SNOFLUSH as a hint.
1513          */
1514         if ((vp->v_type == VBLK || vp->v_type == VCHR) &&
1515             !(sp->s_flag & SNOFLUSH)) {
1516                 int rval, rc;
1517                 struct dk_callback spec_callback;
1518 
1519                 spec_callback.dkc_flag = FLUSH_VOLATILE;
1520                 spec_callback.dkc_callback = NULL;
1521 
1522                 /* synchronous flush on volatile cache */
1523                 rc = cdev_ioctl(vp->v_rdev, DKIOCFLUSHWRITECACHE,
1524                     (intptr_t)&spec_callback, FNATIVE|FKIOCTL, cr, &rval);
1525 
1526                 if (rc == ENOTSUP || rc == ENOTTY) {
1527                         mutex_enter(&sp->s_lock);
1528                         sp->s_flag |= SNOFLUSH;
1529                         mutex_exit(&sp->s_lock);
1530                 }
1531         }
1532 
1533         /*
1534          * If no real vnode to update, don't flush anything.
1535          */
1536         if (realvp == NULL)
1537                 return (0);
1538 
1539         vatmp.va_mask = AT_ATIME|AT_MTIME;
1540         if (VOP_GETATTR(realvp, &vatmp, 0, cr, ct) == 0) {
1541 
1542                 mutex_enter(&sp->s_lock);
1543                 if (vatmp.va_atime.tv_sec > sp->s_atime)
1544                         va.va_atime = vatmp.va_atime;
1545                 else {
1546                         va.va_atime.tv_sec = sp->s_atime;
1547                         va.va_atime.tv_nsec = 0;
1548                 }
1549                 if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1550                         va.va_mtime = vatmp.va_mtime;
1551                 else {
1552                         va.va_mtime.tv_sec = sp->s_mtime;
1553                         va.va_mtime.tv_nsec = 0;
1554                 }
1555                 mutex_exit(&sp->s_lock);
1556 
1557                 va.va_mask = AT_ATIME|AT_MTIME;
1558                 (void) VOP_SETATTR(realvp, &va, 0, cr, ct);
1559         }
1560         (void) VOP_FSYNC(realvp, syncflag, cr, ct);
1561         return (0);
1562 }
1563 
1564 /*ARGSUSED*/
1565 static void
1566 spec_inactive(struct vnode *vp, struct cred *cr, caller_context_t *ct)
1567 {
1568         struct snode *sp = VTOS(vp);
1569         struct vnode *cvp;
1570         struct vnode *rvp;
1571 
1572         /*
1573          * If no one has reclaimed the vnode, remove from the
1574          * cache now.
1575          */
1576         if (vp->v_count < 1) {
1577                 panic("spec_inactive: Bad v_count");
1578                 /*NOTREACHED*/
1579         }
1580         mutex_enter(&stable_lock);
1581 
1582         mutex_enter(&vp->v_lock);
1583         /*
1584          * Drop the temporary hold by vn_rele now
1585          */
1586         if (--vp->v_count != 0) {
1587                 mutex_exit(&vp->v_lock);
1588                 mutex_exit(&stable_lock);
1589                 return;
1590         }
1591         mutex_exit(&vp->v_lock);
1592 
1593         sdelete(sp);
1594         mutex_exit(&stable_lock);
1595 
1596         /* We are the sole owner of sp now */
1597         cvp = sp->s_commonvp;
1598         rvp = sp->s_realvp;
1599 
1600         if (rvp) {
1601                 /*
1602                  * If the snode times changed, then update the times
1603                  * associated with the "realvp".
1604                  */
1605                 if ((sp->s_flag & (SACC|SUPD|SCHG)) != 0) {
1606 
1607                         struct vattr va, vatmp;
1608 
1609                         mutex_enter(&sp->s_lock);
1610                         sp->s_flag &= ~(SACC|SUPD|SCHG);
1611                         mutex_exit(&sp->s_lock);
1612                         vatmp.va_mask = AT_ATIME|AT_MTIME;
1613                         /*
1614                          * The user may not own the device, but we
1615                          * want to update the attributes anyway.
1616                          */
1617                         if (VOP_GETATTR(rvp, &vatmp, 0, kcred, ct) == 0) {
1618                                 if (vatmp.va_atime.tv_sec > sp->s_atime)
1619                                         va.va_atime = vatmp.va_atime;
1620                                 else {
1621                                         va.va_atime.tv_sec = sp->s_atime;
1622                                         va.va_atime.tv_nsec = 0;
1623                                 }
1624                                 if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1625                                         va.va_mtime = vatmp.va_mtime;
1626                                 else {
1627                                         va.va_mtime.tv_sec = sp->s_mtime;
1628                                         va.va_mtime.tv_nsec = 0;
1629                                 }
1630 
1631                                 va.va_mask = AT_ATIME|AT_MTIME;
1632                                 (void) VOP_SETATTR(rvp, &va, 0, kcred, ct);
1633                         }
1634                 }
1635         }
1636         ASSERT(!vn_has_cached_data(vp));
1637         vn_invalid(vp);
1638 
1639         /* if we are sharing another file systems vfs, release it */
1640         if (vp->v_vfsp && (vp->v_vfsp != &spec_vfs))
1641                 VFS_RELE(vp->v_vfsp);
1642 
1643         /* if we have a realvp, release the realvp */
1644         if (rvp)
1645                 VN_RELE(rvp);
1646 
1647         /* if we have a common, release the common */
1648         if (cvp && (cvp != vp)) {
1649                 VN_RELE(cvp);
1650 #ifdef DEBUG
1651         } else if (cvp) {
1652                 /*
1653                  * if this is the last reference to a common vnode, any
1654                  * associated stream had better have been closed
1655                  */
1656                 ASSERT(cvp == vp);
1657                 ASSERT(cvp->v_stream == NULL);
1658 #endif /* DEBUG */
1659         }
1660 
1661         /*
1662          * if we have a hold on a devinfo node (established by
1663          * spec_assoc_vp_with_devi), release the hold
1664          */
1665         if (sp->s_dip)
1666                 ddi_release_devi(sp->s_dip);
1667 
1668         /*
1669          * If we have an associated device policy, release it.
1670          */
1671         if (sp->s_plcy != NULL)
1672                 dpfree(sp->s_plcy);
1673 
1674         /*
1675          * If all holds on the devinfo node are through specfs/devfs
1676          * and we just destroyed the last specfs node associated with the
1677          * device, then the devinfo node reference count should now be
1678          * zero.  We can't check this because there may be other holds
1679          * on the node from non file system sources: ddi_hold_devi_by_instance
1680          * for example.
1681          */
1682         kmem_cache_free(snode_cache, sp);
1683 }
1684 
1685 static int
1686 spec_fid(struct vnode *vp, struct fid *fidp, caller_context_t *ct)
1687 {
1688         struct vnode *realvp;
1689         struct snode *sp = VTOS(vp);
1690 
1691         if ((realvp = sp->s_realvp) != NULL)
1692                 return (VOP_FID(realvp, fidp, ct));
1693         else
1694                 return (EINVAL);
1695 }
1696 
1697 /*ARGSUSED1*/
1698 static int
1699 spec_seek(
1700         struct vnode *vp,
1701         offset_t ooff,
1702         offset_t *noffp,
1703         caller_context_t *ct)
1704 {
1705         offset_t maxoff = spec_maxoffset(vp);
1706 
1707         if (maxoff == -1 || *noffp <= maxoff)
1708                 return (0);
1709         else
1710                 return (EINVAL);
1711 }
1712 
1713 static int
1714 spec_frlock(
1715         struct vnode *vp,
1716         int             cmd,
1717         struct flock64  *bfp,
1718         int             flag,
1719         offset_t        offset,
1720         struct flk_callback *flk_cbp,
1721         struct cred     *cr,
1722         caller_context_t *ct)
1723 {
1724         struct snode *sp = VTOS(vp);
1725         struct snode *csp;
1726 
1727         csp = VTOS(sp->s_commonvp);
1728         /*
1729          * If file is being mapped, disallow frlock.
1730          */
1731         if (csp->s_mapcnt > 0)
1732                 return (EAGAIN);
1733 
1734         return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr, ct));
1735 }
1736 
1737 static int
1738 spec_realvp(struct vnode *vp, struct vnode **vpp, caller_context_t *ct)
1739 {
1740         struct vnode *rvp;
1741 
1742         if ((rvp = VTOS(vp)->s_realvp) != NULL) {
1743                 vp = rvp;
1744                 if (VOP_REALVP(vp, &rvp, ct) == 0)
1745                         vp = rvp;
1746         }
1747 
1748         *vpp = vp;
1749         return (0);
1750 }
1751 
1752 /*
1753  * Return all the pages from [off..off + len] in block
1754  * or character device.
1755  */
1756 /*ARGSUSED*/
1757 static int
1758 spec_getpage(
1759         struct vnode    *vp,
1760         offset_t        off,
1761         size_t          len,
1762         uint_t          *protp,
1763         page_t          *pl[],
1764         size_t          plsz,
1765         struct seg      *seg,
1766         caddr_t         addr,
1767         enum seg_rw     rw,
1768         struct cred     *cr,
1769         caller_context_t *ct)
1770 {
1771         struct snode *sp = VTOS(vp);
1772         int err;
1773 
1774         ASSERT(sp->s_commonvp == vp);
1775 
1776         /*
1777          * XXX  Given the above assertion, this might not do
1778          *      what is wanted here.
1779          */
1780         if (vp->v_flag & VNOMAP)
1781                 return (ENOSYS);
1782         TRACE_4(TR_FAC_SPECFS, TR_SPECFS_GETPAGE,
1783             "specfs getpage:vp %p off %llx len %ld snode %p",
1784             vp, off, len, sp);
1785 
1786         switch (vp->v_type) {
1787         case VBLK:
1788                 if (protp != NULL)
1789                         *protp = PROT_ALL;
1790 
1791                 if (((u_offset_t)off + len) > (SPEC_SIZE(sp) + PAGEOFFSET))
1792                         return (EFAULT);        /* beyond EOF */
1793 
1794                 if (len <= PAGESIZE)
1795                         err = spec_getapage(vp, (u_offset_t)off, len, protp, pl,
1796                             plsz, seg, addr, rw, cr);
1797                 else
1798                         err = pvn_getpages(spec_getapage, vp, (u_offset_t)off,
1799                             len, protp, pl, plsz, seg, addr, rw, cr);
1800                 break;
1801 
1802         case VCHR:
1803                 cmn_err(CE_NOTE, "spec_getpage called for character device. "
1804                     "Check any non-ON consolidation drivers");
1805                 err = 0;
1806                 pl[0] = (page_t *)0;
1807                 break;
1808 
1809         default:
1810                 panic("spec_getpage: bad v_type 0x%x", vp->v_type);
1811                 /*NOTREACHED*/
1812         }
1813 
1814         return (err);
1815 }
1816 
1817 extern int klustsize;   /* set in machdep.c */
1818 
1819 int spec_ra = 1;
1820 int spec_lostpage;      /* number of times we lost original page */
1821 
1822 /*ARGSUSED2*/
1823 static int
1824 spec_getapage(
1825         struct vnode *vp,
1826         u_offset_t      off,
1827         size_t          len,
1828         uint_t          *protp,
1829         page_t          *pl[],
1830         size_t          plsz,
1831         struct seg      *seg,
1832         caddr_t         addr,
1833         enum seg_rw     rw,
1834         struct cred     *cr)
1835 {
1836         struct snode *sp;
1837         struct buf *bp;
1838         page_t *pp, *pp2;
1839         u_offset_t io_off1, io_off2;
1840         size_t io_len1;
1841         size_t io_len2;
1842         size_t blksz;
1843         u_offset_t blkoff;
1844         int dora, err;
1845         page_t *pagefound;
1846         uint_t xlen;
1847         size_t adj_klustsize;
1848         u_offset_t size;
1849         u_offset_t tmpoff;
1850 
1851         sp = VTOS(vp);
1852         TRACE_3(TR_FAC_SPECFS, TR_SPECFS_GETAPAGE,
1853             "specfs getapage:vp %p off %llx snode %p", vp, off, sp);
1854 reread:
1855 
1856         err = 0;
1857         bp = NULL;
1858         pp = NULL;
1859         pp2 = NULL;
1860 
1861         if (pl != NULL)
1862                 pl[0] = NULL;
1863 
1864         size = SPEC_SIZE(VTOS(sp->s_commonvp));
1865 
1866         if (spec_ra && sp->s_nextr == off)
1867                 dora = 1;
1868         else
1869                 dora = 0;
1870 
1871         if (size == UNKNOWN_SIZE) {
1872                 dora = 0;
1873                 adj_klustsize = PAGESIZE;
1874         } else {
1875                 adj_klustsize = dora ? klustsize : PAGESIZE;
1876         }
1877 
1878 again:
1879         if ((pagefound = page_exists(vp, off)) == NULL) {
1880                 if (rw == S_CREATE) {
1881                         /*
1882                          * We're allocating a swap slot and it's
1883                          * associated page was not found, so allocate
1884                          * and return it.
1885                          */
1886                         if ((pp = page_create_va(vp, off,
1887                             PAGESIZE, PG_WAIT, seg, addr)) == NULL) {
1888                                 panic("spec_getapage: page_create");
1889                                 /*NOTREACHED*/
1890                         }
1891                         io_len1 = PAGESIZE;
1892                         sp->s_nextr = off + PAGESIZE;
1893                 } else {
1894                         /*
1895                          * Need to really do disk I/O to get the page(s).
1896                          */
1897                         blkoff = (off / adj_klustsize) * adj_klustsize;
1898                         if (size == UNKNOWN_SIZE) {
1899                                 blksz = PAGESIZE;
1900                         } else {
1901                                 if (blkoff + adj_klustsize <= size)
1902                                         blksz = adj_klustsize;
1903                                 else
1904                                         blksz =
1905                                             MIN(size - blkoff, adj_klustsize);
1906                         }
1907 
1908                         pp = pvn_read_kluster(vp, off, seg, addr, &tmpoff,
1909                             &io_len1, blkoff, blksz, 0);
1910                         io_off1 = tmpoff;
1911                         /*
1912                          * Make sure the page didn't sneek into the
1913                          * cache while we blocked in pvn_read_kluster.
1914                          */
1915                         if (pp == NULL)
1916                                 goto again;
1917 
1918                         /*
1919                          * Zero part of page which we are not
1920                          * going to be reading from disk now.
1921                          */
1922                         xlen = (uint_t)(io_len1 & PAGEOFFSET);
1923                         if (xlen != 0)
1924                                 pagezero(pp->p_prev, xlen, PAGESIZE - xlen);
1925 
1926                         bp = spec_startio(vp, pp, io_off1, io_len1,
1927                             pl == NULL ? (B_ASYNC | B_READ) : B_READ);
1928                         sp->s_nextr = io_off1 + io_len1;
1929                 }
1930         }
1931 
1932         if (dora && rw != S_CREATE) {
1933                 u_offset_t off2;
1934                 caddr_t addr2;
1935 
1936                 off2 = ((off / adj_klustsize) + 1) * adj_klustsize;
1937                 addr2 = addr + (off2 - off);
1938 
1939                 pp2 = NULL;
1940                 /*
1941                  * If we are past EOF then don't bother trying
1942                  * with read-ahead.
1943                  */
1944                 if (off2 >= size)
1945                         pp2 = NULL;
1946                 else {
1947                         if (off2 + adj_klustsize <= size)
1948                                 blksz = adj_klustsize;
1949                         else
1950                                 blksz = MIN(size - off2, adj_klustsize);
1951 
1952                         pp2 = pvn_read_kluster(vp, off2, seg, addr2, &tmpoff,
1953                             &io_len2, off2, blksz, 1);
1954                         io_off2 = tmpoff;
1955                 }
1956 
1957                 if (pp2 != NULL) {
1958                         /*
1959                          * Zero part of page which we are not
1960                          * going to be reading from disk now.
1961                          */
1962                         xlen = (uint_t)(io_len2 & PAGEOFFSET);
1963                         if (xlen != 0)
1964                                 pagezero(pp2->p_prev, xlen, PAGESIZE - xlen);
1965 
1966                         (void) spec_startio(vp, pp2, io_off2, io_len2,
1967                             B_READ | B_ASYNC);
1968                 }
1969         }
1970 
1971         if (pl == NULL)
1972                 return (err);
1973 
1974         if (bp != NULL) {
1975                 err = biowait(bp);
1976                 pageio_done(bp);
1977 
1978                 if (err) {
1979                         if (pp != NULL)
1980                                 pvn_read_done(pp, B_ERROR);
1981                         return (err);
1982                 }
1983         }
1984 
1985         if (pagefound) {
1986                 se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
1987                 /*
1988                  * Page exists in the cache, acquire the appropriate
1989                  * lock.  If this fails, start all over again.
1990                  */
1991 
1992                 if ((pp = page_lookup(vp, off, se)) == NULL) {
1993                         spec_lostpage++;
1994                         goto reread;
1995                 }
1996                 pl[0] = pp;
1997                 pl[1] = NULL;
1998 
1999                 sp->s_nextr = off + PAGESIZE;
2000                 return (0);
2001         }
2002 
2003         if (pp != NULL)
2004                 pvn_plist_init(pp, pl, plsz, off, io_len1, rw);
2005         return (0);
2006 }
2007 
2008 /*
2009  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED, B_FORCE}.
2010  * If len == 0, do from off to EOF.
2011  *
2012  * The normal cases should be len == 0 & off == 0 (entire vp list),
2013  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
2014  * (from pageout).
2015  */
2016 /*ARGSUSED5*/
2017 int
2018 spec_putpage(
2019         struct vnode *vp,
2020         offset_t        off,
2021         size_t          len,
2022         int             flags,
2023         struct cred     *cr,
2024         caller_context_t *ct)
2025 {
2026         struct snode *sp = VTOS(vp);
2027         struct vnode *cvp;
2028         page_t *pp;
2029         u_offset_t io_off;
2030         size_t io_len = 0;      /* for lint */
2031         int err = 0;
2032         u_offset_t size;
2033         u_offset_t tmpoff;
2034 
2035         ASSERT(vp->v_count != 0);
2036 
2037         if (vp->v_flag & VNOMAP)
2038                 return (ENOSYS);
2039 
2040         cvp = sp->s_commonvp;
2041         size = SPEC_SIZE(VTOS(cvp));
2042 
2043         if (!vn_has_cached_data(vp) || off >= size)
2044                 return (0);
2045 
2046         ASSERT(vp->v_type == VBLK && cvp == vp);
2047         TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTPAGE,
2048             "specfs putpage:vp %p off %llx len %ld snode %p",
2049             vp, off, len, sp);
2050 
2051         if (len == 0) {
2052                 /*
2053                  * Search the entire vp list for pages >= off.
2054                  */
2055                 err = pvn_vplist_dirty(vp, off, spec_putapage,
2056                     flags, cr);
2057         } else {
2058                 u_offset_t eoff;
2059 
2060                 /*
2061                  * Loop over all offsets in the range [off...off + len]
2062                  * looking for pages to deal with.  We set limits so
2063                  * that we kluster to klustsize boundaries.
2064                  */
2065                 eoff = off + len;
2066                 for (io_off = off; io_off < eoff && io_off < size;
2067                     io_off += io_len) {
2068                         /*
2069                          * If we are not invalidating, synchronously
2070                          * freeing or writing pages use the routine
2071                          * page_lookup_nowait() to prevent reclaiming
2072                          * them from the free list.
2073                          */
2074                         if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
2075                                 pp = page_lookup(vp, io_off,
2076                                     (flags & (B_INVAL | B_FREE)) ?
2077                                     SE_EXCL : SE_SHARED);
2078                         } else {
2079                                 pp = page_lookup_nowait(vp, io_off,
2080                                     (flags & B_FREE) ? SE_EXCL : SE_SHARED);
2081                         }
2082 
2083                         if (pp == NULL || pvn_getdirty(pp, flags) == 0)
2084                                 io_len = PAGESIZE;
2085                         else {
2086                                 err = spec_putapage(vp, pp, &tmpoff, &io_len,
2087                                     flags, cr);
2088                                 io_off = tmpoff;
2089                                 if (err != 0)
2090                                         break;
2091                                 /*
2092                                  * "io_off" and "io_len" are returned as
2093                                  * the range of pages we actually wrote.
2094                                  * This allows us to skip ahead more quickly
2095                                  * since several pages may've been dealt
2096                                  * with by this iteration of the loop.
2097                                  */
2098                         }
2099                 }
2100         }
2101         return (err);
2102 }
2103 
2104 
2105 /*
2106  * Write out a single page, possibly klustering adjacent
2107  * dirty pages.
2108  */
2109 /*ARGSUSED5*/
2110 static int
2111 spec_putapage(
2112         struct vnode    *vp,
2113         page_t          *pp,
2114         u_offset_t      *offp,          /* return value */
2115         size_t          *lenp,          /* return value */
2116         int             flags,
2117         struct cred     *cr)
2118 {
2119         struct snode *sp = VTOS(vp);
2120         u_offset_t io_off;
2121         size_t io_len;
2122         size_t blksz;
2123         u_offset_t blkoff;
2124         int err = 0;
2125         struct buf *bp;
2126         u_offset_t size;
2127         size_t adj_klustsize;
2128         u_offset_t tmpoff;
2129 
2130         /*
2131          * Destroy read ahead value since we are really going to write.
2132          */
2133         sp->s_nextr = 0;
2134         size = SPEC_SIZE(VTOS(sp->s_commonvp));
2135 
2136         adj_klustsize = klustsize;
2137 
2138         blkoff = (pp->p_offset / adj_klustsize) * adj_klustsize;
2139 
2140         if (blkoff + adj_klustsize <= size)
2141                 blksz = adj_klustsize;
2142         else
2143                 blksz = size - blkoff;
2144 
2145         /*
2146          * Find a kluster that fits in one contiguous chunk.
2147          */
2148         pp = pvn_write_kluster(vp, pp, &tmpoff, &io_len, blkoff,
2149             blksz, flags);
2150         io_off = tmpoff;
2151 
2152         /*
2153          * Check for page length rounding problems
2154          * XXX - Is this necessary?
2155          */
2156         if (io_off + io_len > size) {
2157                 ASSERT((io_off + io_len) - size < PAGESIZE);
2158                 io_len = size - io_off;
2159         }
2160 
2161         bp = spec_startio(vp, pp, io_off, io_len, B_WRITE | flags);
2162 
2163         /*
2164          * Wait for i/o to complete if the request is not B_ASYNC.
2165          */
2166         if ((flags & B_ASYNC) == 0) {
2167                 err = biowait(bp);
2168                 pageio_done(bp);
2169                 pvn_write_done(pp, ((err) ? B_ERROR : 0) | B_WRITE | flags);
2170         }
2171 
2172         if (offp)
2173                 *offp = io_off;
2174         if (lenp)
2175                 *lenp = io_len;
2176         TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTAPAGE,
2177             "specfs putapage:vp %p offp %p snode %p err %d",
2178             vp, offp, sp, err);
2179         return (err);
2180 }
2181 
2182 /*
2183  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
2184  */
2185 static struct buf *
2186 spec_startio(
2187         struct vnode *vp,
2188         page_t          *pp,
2189         u_offset_t      io_off,
2190         size_t          io_len,
2191         int             flags)
2192 {
2193         struct buf *bp;
2194 
2195         bp = pageio_setup(pp, io_len, vp, flags);
2196 
2197         bp->b_edev = vp->v_rdev;
2198         bp->b_dev = cmpdev(vp->v_rdev);
2199         bp->b_blkno = btodt(io_off);
2200         bp->b_un.b_addr = (caddr_t)0;
2201 
2202         (void) bdev_strategy(bp);
2203 
2204         if (flags & B_READ)
2205                 lwp_stat_update(LWP_STAT_INBLK, 1);
2206         else
2207                 lwp_stat_update(LWP_STAT_OUBLK, 1);
2208 
2209         return (bp);
2210 }
2211 
2212 static int
2213 spec_poll(
2214         struct vnode    *vp,
2215         short           events,
2216         int             anyyet,
2217         short           *reventsp,
2218         struct pollhead **phpp,
2219         caller_context_t *ct)
2220 {
2221         dev_t dev;
2222         int error;
2223 
2224         if (vp->v_type == VBLK)
2225                 error = fs_poll(vp, events, anyyet, reventsp, phpp, ct);
2226         else {
2227                 ASSERT(vp->v_type == VCHR);
2228                 dev = vp->v_rdev;
2229                 if (vp->v_stream) {
2230                         ASSERT(vp->v_stream != NULL);
2231                         error = strpoll(vp->v_stream, events, anyyet,
2232                             reventsp, phpp);
2233                 } else if (devopsp[getmajor(dev)]->devo_cb_ops->cb_chpoll) {
2234                         error = cdev_poll(dev, events, anyyet, reventsp, phpp);
2235                 } else {
2236                         error = fs_poll(vp, events, anyyet, reventsp, phpp, ct);
2237                 }
2238         }
2239         return (error);
2240 }
2241 
2242 /*
2243  * This routine is called through the cdevsw[] table to handle
2244  * traditional mmap'able devices that support a d_mmap function.
2245  */
2246 /*ARGSUSED8*/
2247 int
2248 spec_segmap(
2249         dev_t dev,
2250         off_t off,
2251         struct as *as,
2252         caddr_t *addrp,
2253         off_t len,
2254         uint_t prot,
2255         uint_t maxprot,
2256         uint_t flags,
2257         struct cred *cred)
2258 {
2259         struct segdev_crargs dev_a;
2260         int (*mapfunc)(dev_t dev, off_t off, int prot);
2261         size_t i;
2262         int     error;
2263 
2264         if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev)
2265                 return (ENODEV);
2266         TRACE_4(TR_FAC_SPECFS, TR_SPECFS_SEGMAP,
2267             "specfs segmap:dev %x as %p len %lx prot %x",
2268             dev, as, len, prot);
2269 
2270         /*
2271          * Character devices that support the d_mmap
2272          * interface can only be mmap'ed shared.
2273          */
2274         if ((flags & MAP_TYPE) != MAP_SHARED)
2275                 return (EINVAL);
2276 
2277         /*
2278          * Check to ensure that the entire range is
2279          * legal and we are not trying to map in
2280          * more than the device will let us.
2281          */
2282         for (i = 0; i < len; i += PAGESIZE) {
2283                 if (cdev_mmap(mapfunc, dev, off + i, maxprot) == -1)
2284                         return (ENXIO);
2285         }
2286 
2287         as_rangelock(as);
2288         /* Pick an address w/o worrying about any vac alignment constraints. */
2289         error = choose_addr(as, addrp, len, off, ADDR_NOVACALIGN, flags);
2290         if (error != 0) {
2291                 as_rangeunlock(as);
2292                 return (error);
2293         }
2294 
2295         dev_a.mapfunc = mapfunc;
2296         dev_a.dev = dev;
2297         dev_a.offset = off;
2298         dev_a.prot = (uchar_t)prot;
2299         dev_a.maxprot = (uchar_t)maxprot;
2300         dev_a.hat_flags = 0;
2301         dev_a.hat_attr = 0;
2302         dev_a.devmap_data = NULL;
2303 
2304         error = as_map(as, *addrp, len, segdev_create, &dev_a);
2305         as_rangeunlock(as);
2306         return (error);
2307 }
2308 
2309 int
2310 spec_char_map(
2311         dev_t dev,
2312         offset_t off,
2313         struct as *as,
2314         caddr_t *addrp,
2315         size_t len,
2316         uchar_t prot,
2317         uchar_t maxprot,
2318         uint_t flags,
2319         struct cred *cred)
2320 {
2321         int error = 0;
2322         major_t maj = getmajor(dev);
2323         int map_flag;
2324         int (*segmap)(dev_t, off_t, struct as *,
2325             caddr_t *, off_t, uint_t, uint_t, uint_t, cred_t *);
2326         int (*devmap)(dev_t, devmap_cookie_t, offset_t,
2327             size_t, size_t *, uint_t);
2328         int (*mmap)(dev_t dev, off_t off, int prot);
2329 
2330         /*
2331          * Character device: let the device driver
2332          * pick the appropriate segment driver.
2333          *
2334          * 4.x compat.: allow 'NULL' cb_segmap => spec_segmap
2335          * Kindness: allow 'nulldev' cb_segmap => spec_segmap
2336          */
2337         segmap = devopsp[maj]->devo_cb_ops->cb_segmap;
2338         if (segmap == NULL || segmap == nulldev || segmap == nodev) {
2339                 mmap = devopsp[maj]->devo_cb_ops->cb_mmap;
2340                 map_flag = devopsp[maj]->devo_cb_ops->cb_flag;
2341 
2342                 /*
2343                  * Use old mmap framework if the driver has both mmap
2344                  * and devmap entry points.  This is to prevent the
2345                  * system from calling invalid devmap entry point
2346                  * for some drivers that might have put garbage in the
2347                  * devmap entry point.
2348                  */
2349                 if ((map_flag & D_DEVMAP) || mmap == NULL ||
2350                     mmap == nulldev || mmap == nodev) {
2351                         devmap = devopsp[maj]->devo_cb_ops->cb_devmap;
2352 
2353                         /*
2354                          * If driver provides devmap entry point in
2355                          * cb_ops but not xx_segmap(9E), call
2356                          * devmap_setup with default settings
2357                          * (NULL) for callback_ops and driver
2358                          * callback private data
2359                          */
2360                         if (devmap == nodev || devmap == NULL ||
2361                             devmap == nulldev)
2362                                 return (ENODEV);
2363 
2364                         error = devmap_setup(dev, off, as, addrp,
2365                             len, prot, maxprot, flags, cred);
2366 
2367                         return (error);
2368                 } else
2369                         segmap = spec_segmap;
2370         } else
2371                 segmap = cdev_segmap;
2372 
2373         return ((*segmap)(dev, (off_t)off, as, addrp, len, prot,
2374             maxprot, flags, cred));
2375 }
2376 
2377 /*ARGSUSED9*/
2378 static int
2379 spec_map(
2380         struct vnode *vp,
2381         offset_t off,
2382         struct as *as,
2383         caddr_t *addrp,
2384         size_t len,
2385         uchar_t prot,
2386         uchar_t maxprot,
2387         uint_t flags,
2388         struct cred *cred,
2389         caller_context_t *ct)
2390 {
2391         int error = 0;
2392         struct snode *sp = VTOS(vp);
2393 
2394         if (vp->v_flag & VNOMAP)
2395                 return (ENOSYS);
2396 
2397         /* fail map with ENXIO if the device is fenced off */
2398         if (S_ISFENCED(sp))
2399                 return (ENXIO);
2400 
2401         /*
2402          * If file is locked, fail mapping attempt.
2403          */
2404         if (vn_has_flocks(vp))
2405                 return (EAGAIN);
2406 
2407         if (vp->v_type == VCHR) {
2408                 return (spec_char_map(vp->v_rdev, off, as, addrp, len, prot,
2409                     maxprot, flags, cred));
2410         } else if (vp->v_type == VBLK) {
2411                 struct segvn_crargs vn_a;
2412                 struct vnode *cvp;
2413                 struct snode *sp;
2414 
2415                 /*
2416                  * Block device, use segvn mapping to the underlying commonvp
2417                  * for pages.
2418                  */
2419                 if (off > spec_maxoffset(vp))
2420                         return (ENXIO);
2421 
2422                 sp = VTOS(vp);
2423                 cvp = sp->s_commonvp;
2424                 ASSERT(cvp != NULL);
2425 
2426                 if (off < 0 || ((offset_t)(off + len) < 0))
2427                         return (ENXIO);
2428 
2429                 as_rangelock(as);
2430                 error = choose_addr(as, addrp, len, off, ADDR_VACALIGN, flags);
2431                 if (error != 0) {
2432                         as_rangeunlock(as);
2433                         return (error);
2434                 }
2435 
2436                 vn_a.vp = cvp;
2437                 vn_a.offset = off;
2438                 vn_a.type = flags & MAP_TYPE;
2439                 vn_a.prot = (uchar_t)prot;
2440                 vn_a.maxprot = (uchar_t)maxprot;
2441                 vn_a.flags = flags & ~MAP_TYPE;
2442                 vn_a.cred = cred;
2443                 vn_a.amp = NULL;
2444                 vn_a.szc = 0;
2445                 vn_a.lgrp_mem_policy_flags = 0;
2446 
2447                 error = as_map(as, *addrp, len, segvn_create, &vn_a);
2448                 as_rangeunlock(as);
2449         } else
2450                 return (ENODEV);
2451 
2452         return (error);
2453 }
2454 
2455 /*ARGSUSED1*/
2456 static int
2457 spec_addmap(
2458         struct vnode *vp,       /* the common vnode */
2459         offset_t off,
2460         struct as *as,
2461         caddr_t addr,
2462         size_t len,             /* how many bytes to add */
2463         uchar_t prot,
2464         uchar_t maxprot,
2465         uint_t flags,
2466         struct cred *cred,
2467         caller_context_t *ct)
2468 {
2469         int error = 0;
2470         struct snode *csp = VTOS(vp);
2471         ulong_t npages;
2472 
2473         ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2474 
2475         /*
2476          * XXX  Given the above assertion, this might not
2477          *      be a particularly sensible thing to test.
2478          */
2479         if (vp->v_flag & VNOMAP)
2480                 return (ENOSYS);
2481 
2482         /* fail with EIO if the device is fenced off */
2483         if (S_ISFENCED(csp))
2484                 return (EIO);
2485 
2486         npages = btopr(len);
2487         LOCK_CSP(csp);
2488         csp->s_mapcnt += npages;
2489 
2490         UNLOCK_CSP(csp);
2491         return (error);
2492 }
2493 
2494 /*ARGSUSED1*/
2495 static int
2496 spec_delmap(
2497         struct vnode *vp,       /* the common vnode */
2498         offset_t off,
2499         struct as *as,
2500         caddr_t addr,
2501         size_t len,             /* how many bytes to take away */
2502         uint_t prot,
2503         uint_t maxprot,
2504         uint_t flags,
2505         struct cred *cred,
2506         caller_context_t *ct)
2507 {
2508         struct snode *csp = VTOS(vp);
2509         ulong_t npages;
2510         long mcnt;
2511 
2512         /* segdev passes us the common vp */
2513 
2514         ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2515 
2516         /* allow delmap to succeed even if device fenced off */
2517 
2518         /*
2519          * XXX  Given the above assertion, this might not
2520          *      be a particularly sensible thing to test..
2521          */
2522         if (vp->v_flag & VNOMAP)
2523                 return (ENOSYS);
2524 
2525         npages = btopr(len);
2526 
2527         LOCK_CSP(csp);
2528         mutex_enter(&csp->s_lock);
2529         mcnt = (csp->s_mapcnt -= npages);
2530 
2531         if (mcnt == 0) {
2532                 /*
2533                  * Call the close routine when the last reference of any
2534                  * kind through any [s, v]node goes away.  The s_dip hold
2535                  * on the devinfo node is released when the vnode is
2536                  * destroyed.
2537                  */
2538                 if (csp->s_count == 0) {
2539                         csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
2540 
2541                         /* See comment in spec_close() */
2542                         if (csp->s_flag & (SCLONE | SSELFCLONE))
2543                                 csp->s_flag &= ~SDIPSET;
2544 
2545                         mutex_exit(&csp->s_lock);
2546 
2547                         (void) device_close(vp, 0, cred);
2548                 } else
2549                         mutex_exit(&csp->s_lock);
2550 
2551                 mutex_enter(&csp->s_lock);
2552         }
2553         ASSERT(mcnt >= 0);
2554 
2555         UNLOCK_CSP_LOCK_HELD(csp);
2556         mutex_exit(&csp->s_lock);
2557 
2558         return (0);
2559 }
2560 
2561 /*ARGSUSED4*/
2562 static int
2563 spec_dump(
2564         struct vnode *vp,
2565         caddr_t addr,
2566         offset_t bn,
2567         offset_t count,
2568         caller_context_t *ct)
2569 {
2570         /* allow dump to succeed even if device fenced off */
2571 
2572         ASSERT(vp->v_type == VBLK);
2573         return (bdev_dump(vp->v_rdev, addr, (daddr_t)bn, (int)count));
2574 }
2575 
2576 
2577 /*
2578  * Do i/o on the given page list from/to vp, io_off for io_len.
2579  * Flags are composed of:
2580  *      {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED, B_READ, B_WRITE}
2581  * If B_ASYNC is not set i/o is waited for.
2582  */
2583 /*ARGSUSED5*/
2584 static int
2585 spec_pageio(
2586         struct vnode *vp,
2587         page_t  *pp,
2588         u_offset_t io_off,
2589         size_t  io_len,
2590         int     flags,
2591         cred_t  *cr,
2592         caller_context_t *ct)
2593 {
2594         struct buf *bp = NULL;
2595         int err = 0;
2596 
2597         if (pp == NULL)
2598                 return (EINVAL);
2599 
2600         bp = spec_startio(vp, pp, io_off, io_len, flags);
2601 
2602         /*
2603          * Wait for i/o to complete if the request is not B_ASYNC.
2604          */
2605         if ((flags & B_ASYNC) == 0) {
2606                 err = biowait(bp);
2607                 pageio_done(bp);
2608         }
2609         return (err);
2610 }
2611 
2612 /*
2613  * Set ACL on underlying vnode if one exists, or return ENOSYS otherwise.
2614  */
2615 int
2616 spec_setsecattr(
2617         struct vnode *vp,
2618         vsecattr_t *vsap,
2619         int flag,
2620         struct cred *cr,
2621         caller_context_t *ct)
2622 {
2623         struct vnode *realvp;
2624         struct snode *sp = VTOS(vp);
2625         int error;
2626 
2627         /* fail with ENXIO if the device is fenced off */
2628         if (S_ISFENCED(sp))
2629                 return (ENXIO);
2630 
2631         /*
2632          * The acl(2) system calls VOP_RWLOCK on the file before setting an
2633          * ACL, but since specfs does not serialize reads and writes, this
2634          * VOP does not do anything.  However, some backing file systems may
2635          * expect the lock to be held before setting an ACL, so it is taken
2636          * here privately to avoid serializing specfs reads and writes.
2637          */
2638         if ((realvp = sp->s_realvp) != NULL) {
2639                 (void) VOP_RWLOCK(realvp, V_WRITELOCK_TRUE, ct);
2640                 error = VOP_SETSECATTR(realvp, vsap, flag, cr, ct);
2641                 (void) VOP_RWUNLOCK(realvp, V_WRITELOCK_TRUE, ct);
2642                 return (error);
2643         } else
2644                 return (fs_nosys());
2645 }
2646 
2647 /*
2648  * Get ACL from underlying vnode if one exists, or fabricate it from
2649  * the permissions returned by spec_getattr() otherwise.
2650  */
2651 int
2652 spec_getsecattr(
2653         struct vnode *vp,
2654         vsecattr_t *vsap,
2655         int flag,
2656         struct cred *cr,
2657         caller_context_t *ct)
2658 {
2659         struct vnode *realvp;
2660         struct snode *sp = VTOS(vp);
2661 
2662         /* fail with ENXIO if the device is fenced off */
2663         if (S_ISFENCED(sp))
2664                 return (ENXIO);
2665 
2666         if ((realvp = sp->s_realvp) != NULL)
2667                 return (VOP_GETSECATTR(realvp, vsap, flag, cr, ct));
2668         else
2669                 return (fs_fab_acl(vp, vsap, flag, cr, ct));
2670 }
2671 
2672 int
2673 spec_pathconf(
2674         vnode_t *vp,
2675         int cmd,
2676         ulong_t *valp,
2677         cred_t *cr,
2678         caller_context_t *ct)
2679 {
2680         vnode_t *realvp;
2681         struct snode *sp = VTOS(vp);
2682 
2683         /* fail with ENXIO if the device is fenced off */
2684         if (S_ISFENCED(sp))
2685                 return (ENXIO);
2686 
2687         if ((realvp = sp->s_realvp) != NULL)
2688                 return (VOP_PATHCONF(realvp, cmd, valp, cr, ct));
2689         else
2690                 return (fs_pathconf(vp, cmd, valp, cr, ct));
2691 }