1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  25  */
  26 
  27 /*      Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
  28 /*        All Rights Reserved   */
  29 
  30 /*
  31  * University Copyright- Copyright (c) 1982, 1986, 1988
  32  * The Regents of the University of California
  33  * All Rights Reserved
  34  *
  35  * University Acknowledgment- Portions of this document are derived from
  36  * software developed by the University of California, Berkeley, and its
  37  * contributors.
  38  */
  39 
  40 #include <sys/types.h>
  41 #include <sys/thread.h>
  42 #include <sys/t_lock.h>
  43 #include <sys/param.h>
  44 #include <sys/systm.h>
  45 #include <sys/bitmap.h>
  46 #include <sys/buf.h>
  47 #include <sys/cmn_err.h>
  48 #include <sys/conf.h>
  49 #include <sys/ddi.h>
  50 #include <sys/debug.h>
  51 #include <sys/dkio.h>
  52 #include <sys/errno.h>
  53 #include <sys/time.h>
  54 #include <sys/fcntl.h>
  55 #include <sys/flock.h>
  56 #include <sys/file.h>
  57 #include <sys/kmem.h>
  58 #include <sys/mman.h>
  59 #include <sys/open.h>
  60 #include <sys/swap.h>
  61 #include <sys/sysmacros.h>
  62 #include <sys/uio.h>
  63 #include <sys/vfs.h>
  64 #include <sys/vfs_opreg.h>
  65 #include <sys/vnode.h>
  66 #include <sys/stat.h>
  67 #include <sys/poll.h>
  68 #include <sys/stream.h>
  69 #include <sys/strsubr.h>
  70 #include <sys/policy.h>
  71 #include <sys/devpolicy.h>
  72 
  73 #include <sys/proc.h>
  74 #include <sys/user.h>
  75 #include <sys/session.h>
  76 #include <sys/vmsystm.h>
  77 #include <sys/vtrace.h>
  78 #include <sys/pathname.h>
  79 
  80 #include <sys/fs/snode.h>
  81 
  82 #include <vm/seg.h>
  83 #include <vm/seg_map.h>
  84 #include <vm/page.h>
  85 #include <vm/pvn.h>
  86 #include <vm/seg_dev.h>
  87 #include <vm/seg_vn.h>
  88 
  89 #include <fs/fs_subr.h>
  90 
  91 #include <sys/esunddi.h>
  92 #include <sys/autoconf.h>
  93 #include <sys/sunndi.h>
  94 #include <sys/contract/device_impl.h>
  95 
  96 
  97 static int spec_open(struct vnode **, int, struct cred *, caller_context_t *);
  98 static int spec_close(struct vnode *, int, int, offset_t, struct cred *,
  99         caller_context_t *);
 100 static int spec_read(struct vnode *, struct uio *, int, struct cred *,
 101         caller_context_t *);
 102 static int spec_write(struct vnode *, struct uio *, int, struct cred *,
 103         caller_context_t *);
 104 static int spec_ioctl(struct vnode *, int, intptr_t, int, struct cred *, int *,
 105         caller_context_t *);
 106 static int spec_getattr(struct vnode *, struct vattr *, int, struct cred *,
 107         caller_context_t *);
 108 static int spec_setattr(struct vnode *, struct vattr *, int, struct cred *,
 109         caller_context_t *);
 110 static int spec_access(struct vnode *, int, int, struct cred *,
 111         caller_context_t *);
 112 static int spec_create(struct vnode *, char *, vattr_t *, enum vcexcl, int,
 113         struct vnode **, struct cred *, int, caller_context_t *, vsecattr_t *);
 114 static int spec_fsync(struct vnode *, int, struct cred *, caller_context_t *);
 115 static void spec_inactive(struct vnode *, struct cred *, caller_context_t *);
 116 static int spec_fid(struct vnode *, struct fid *, caller_context_t *);
 117 static int spec_seek(struct vnode *, offset_t, offset_t *, caller_context_t *);
 118 static int spec_frlock(struct vnode *, int, struct flock64 *, int, offset_t,
 119         struct flk_callback *, struct cred *, caller_context_t *);
 120 static int spec_realvp(struct vnode *, struct vnode **, caller_context_t *);
 121 
 122 static int spec_getpage(struct vnode *, offset_t, size_t, uint_t *, page_t **,
 123         size_t, struct seg *, caddr_t, enum seg_rw, struct cred *,
 124         caller_context_t *);
 125 static int spec_putapage(struct vnode *, page_t *, u_offset_t *, size_t *, int,
 126         struct cred *);
 127 static struct buf *spec_startio(struct vnode *, page_t *, u_offset_t, size_t,
 128         int);
 129 static int spec_getapage(struct vnode *, u_offset_t, size_t, uint_t *,
 130         page_t **, size_t, struct seg *, caddr_t, enum seg_rw, struct cred *);
 131 static int spec_map(struct vnode *, offset_t, struct as *, caddr_t *, size_t,
 132         uchar_t, uchar_t, uint_t, struct cred *, caller_context_t *);
 133 static int spec_addmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
 134         uchar_t, uchar_t, uint_t, struct cred *, caller_context_t *);
 135 static int spec_delmap(struct vnode *, offset_t, struct as *, caddr_t, size_t,
 136         uint_t, uint_t, uint_t, struct cred *, caller_context_t *);
 137 
 138 static int spec_poll(struct vnode *, short, int, short *, struct pollhead **,
 139         caller_context_t *);
 140 static int spec_dump(struct vnode *, caddr_t, offset_t, offset_t,
 141     caller_context_t *);
 142 static int spec_pageio(struct vnode *, page_t *, u_offset_t, size_t, int,
 143     cred_t *, caller_context_t *);
 144 
 145 static int spec_getsecattr(struct vnode *, vsecattr_t *, int, struct cred *,
 146         caller_context_t *);
 147 static int spec_setsecattr(struct vnode *, vsecattr_t *, int, struct cred *,
 148         caller_context_t *);
 149 static int spec_pathconf(struct vnode *, int, ulong_t *, struct cred *,
 150         caller_context_t *);
 151 
 152 #define SN_HOLD(csp)    { \
 153         mutex_enter(&csp->s_lock); \
 154         csp->s_count++; \
 155         mutex_exit(&csp->s_lock); \
 156 }
 157 
 158 #define SN_RELE(csp)    { \
 159         mutex_enter(&csp->s_lock); \
 160         csp->s_count--; \
 161         ASSERT((csp->s_count > 0) || (csp->s_vnode->v_stream == NULL)); \
 162         mutex_exit(&csp->s_lock); \
 163 }
 164 
 165 #define S_ISFENCED(sp)  ((VTOS((sp)->s_commonvp))->s_flag & SFENCED)
 166 
 167 struct vnodeops *spec_vnodeops;
 168 
 169 /*
 170  * *PLEASE NOTE*: If you add new entry points to specfs, do
 171  * not forget to add support for fencing. A fenced snode
 172  * is indicated by the SFENCED flag in the common snode.
 173  * If a snode is fenced, determine if your entry point is
 174  * a configuration operation (Example: open), a detection
 175  * operation (Example: gettattr), an I/O operation (Example: ioctl())
 176  * or an unconfiguration operation (Example: close). If it is
 177  * a configuration or detection operation, fail the operation
 178  * for a fenced snode with an ENXIO or EIO as appropriate. If
 179  * it is any other operation, let it through.
 180  */
 181 
 182 const fs_operation_def_t spec_vnodeops_template[] = {
 183         { VOPNAME_OPEN,         { .vop_open = spec_open } },
 184         { VOPNAME_CLOSE,        { .vop_close = spec_close } },
 185         { VOPNAME_READ,         { .vop_read = spec_read } },
 186         { VOPNAME_WRITE,        { .vop_write = spec_write } },
 187         { VOPNAME_IOCTL,        { .vop_ioctl = spec_ioctl } },
 188         { VOPNAME_GETATTR,      { .vop_getattr = spec_getattr } },
 189         { VOPNAME_SETATTR,      { .vop_setattr = spec_setattr } },
 190         { VOPNAME_ACCESS,       { .vop_access = spec_access } },
 191         { VOPNAME_CREATE,       { .vop_create = spec_create } },
 192         { VOPNAME_FSYNC,        { .vop_fsync = spec_fsync } },
 193         { VOPNAME_INACTIVE,     { .vop_inactive = spec_inactive } },
 194         { VOPNAME_FID,          { .vop_fid = spec_fid } },
 195         { VOPNAME_SEEK,         { .vop_seek = spec_seek } },
 196         { VOPNAME_PATHCONF,     { .vop_pathconf = spec_pathconf } },
 197         { VOPNAME_FRLOCK,       { .vop_frlock = spec_frlock } },
 198         { VOPNAME_REALVP,       { .vop_realvp = spec_realvp } },
 199         { VOPNAME_GETPAGE,      { .vop_getpage = spec_getpage } },
 200         { VOPNAME_PUTPAGE,      { .vop_putpage = spec_putpage } },
 201         { VOPNAME_MAP,          { .vop_map = spec_map } },
 202         { VOPNAME_ADDMAP,       { .vop_addmap = spec_addmap } },
 203         { VOPNAME_DELMAP,       { .vop_delmap = spec_delmap } },
 204         { VOPNAME_POLL,         { .vop_poll = spec_poll } },
 205         { VOPNAME_DUMP,         { .vop_dump = spec_dump } },
 206         { VOPNAME_PAGEIO,       { .vop_pageio = spec_pageio } },
 207         { VOPNAME_SETSECATTR,   { .vop_setsecattr = spec_setsecattr } },
 208         { VOPNAME_GETSECATTR,   { .vop_getsecattr = spec_getsecattr } },
 209         { NULL,                 { NULL } }
 210 };
 211 
 212 /*
 213  * Return address of spec_vnodeops
 214  */
 215 struct vnodeops *
 216 spec_getvnodeops(void)
 217 {
 218         return (spec_vnodeops);
 219 }
 220 
 221 extern vnode_t *rconsvp;
 222 
 223 /*
 224  * Acquire the serial lock on the common snode.
 225  */
 226 #define LOCK_CSP(csp)                   (void) spec_lockcsp(csp, 0, 1, 0)
 227 #define LOCKHOLD_CSP_SIG(csp)           spec_lockcsp(csp, 1, 1, 1)
 228 #define SYNCHOLD_CSP_SIG(csp, intr)     spec_lockcsp(csp, intr, 0, 1)
 229 
 230 typedef enum {
 231         LOOP,
 232         INTR,
 233         SUCCESS
 234 } slock_ret_t;
 235 
 236 /*
 237  * Synchronize with active SLOCKED snode, optionally checking for a signal and
 238  * optionally returning with SLOCKED set and SN_HOLD done.  The 'intr'
 239  * argument determines if the thread is interruptible by a signal while
 240  * waiting, the function returns INTR if interrupted while there is another
 241  * thread closing this snonde and LOOP if interrupted otherwise.
 242  * When SUCCESS is returned the 'hold' argument determines if the open
 243  * count (SN_HOLD) has been incremented and the 'setlock' argument
 244  * determines if the function returns with SLOCKED set.
 245  */
 246 static slock_ret_t
 247 spec_lockcsp(struct snode *csp, int intr, int setlock, int hold)
 248 {
 249         slock_ret_t ret = SUCCESS;
 250         mutex_enter(&csp->s_lock);
 251         while (csp->s_flag & SLOCKED) {
 252                 csp->s_flag |= SWANT;
 253                 if (intr) {
 254                         if (!cv_wait_sig(&csp->s_cv, &csp->s_lock)) {
 255                                 if (csp->s_flag & SCLOSING)
 256                                         ret = INTR;
 257                                 else
 258                                         ret = LOOP;
 259                                 mutex_exit(&csp->s_lock);
 260                                 return (ret);           /* interrupted */
 261                         }
 262                 } else {
 263                         cv_wait(&csp->s_cv, &csp->s_lock);
 264                 }
 265         }
 266         if (setlock)
 267                 csp->s_flag |= SLOCKED;
 268         if (hold)
 269                 csp->s_count++;              /* one more open reference : SN_HOLD */
 270         mutex_exit(&csp->s_lock);
 271         return (ret);                   /* serialized/locked */
 272 }
 273 
 274 /*
 275  * Unlock the serial lock on the common snode
 276  */
 277 #define UNLOCK_CSP_LOCK_HELD(csp)                       \
 278         ASSERT(mutex_owned(&csp->s_lock));               \
 279         if (csp->s_flag & SWANT)                 \
 280                 cv_broadcast(&csp->s_cv);                \
 281         csp->s_flag &= ~(SWANT|SLOCKED);
 282 
 283 #define UNLOCK_CSP(csp)                                 \
 284         mutex_enter(&csp->s_lock);                       \
 285         UNLOCK_CSP_LOCK_HELD(csp);                      \
 286         mutex_exit(&csp->s_lock);
 287 
 288 /*
 289  * compute/return the size of the device
 290  */
 291 #define SPEC_SIZE(csp)  \
 292         (((csp)->s_flag & SSIZEVALID) ? (csp)->s_size : spec_size(csp))
 293 
 294 /*
 295  * Compute and return the size.  If the size in the common snode is valid then
 296  * return it.  If not valid then get the size from the driver and set size in
 297  * the common snode.  If the device has not been attached then we don't ask for
 298  * an update from the driver- for non-streams SSIZEVALID stays unset until the
 299  * device is attached. A stat of a mknod outside /devices (non-devfs) may
 300  * report UNKNOWN_SIZE because the device may not be attached yet (SDIPSET not
 301  * established in mknod until open time). An stat in /devices will report the
 302  * size correctly.  Specfs should always call SPEC_SIZE instead of referring
 303  * directly to s_size to initialize/retrieve the size of a device.
 304  *
 305  * XXX There is an inconsistency between block and raw - "unknown" is
 306  * UNKNOWN_SIZE for VBLK and 0 for VCHR(raw).
 307  */
 308 static u_offset_t
 309 spec_size(struct snode *csp)
 310 {
 311         struct vnode    *cvp = STOV(csp);
 312         u_offset_t      size;
 313         int             plen;
 314         uint32_t        size32;
 315         dev_t           dev;
 316         dev_info_t      *devi;
 317         major_t         maj;
 318         uint_t          blksize;
 319         int             blkshift;
 320 
 321         ASSERT((csp)->s_commonvp == cvp);    /* must be common node */
 322 
 323         /* return cached value */
 324         mutex_enter(&csp->s_lock);
 325         if (csp->s_flag & SSIZEVALID) {
 326                 mutex_exit(&csp->s_lock);
 327                 return (csp->s_size);
 328         }
 329 
 330         /* VOP_GETATTR of mknod has not had devcnt restriction applied */
 331         dev = cvp->v_rdev;
 332         maj = getmajor(dev);
 333         if (maj >= devcnt) {
 334                 /* return non-cached UNKNOWN_SIZE */
 335                 mutex_exit(&csp->s_lock);
 336                 return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
 337         }
 338 
 339         /* establish cached zero size for streams */
 340         if (STREAMSTAB(maj)) {
 341                 csp->s_size = 0;
 342                 csp->s_flag |= SSIZEVALID;
 343                 mutex_exit(&csp->s_lock);
 344                 return (0);
 345         }
 346 
 347         /*
 348          * Return non-cached UNKNOWN_SIZE if not open.
 349          *
 350          * NB: This check is bogus, calling prop_op(9E) should be gated by
 351          * attach, not open. Not having this check however opens up a new
 352          * context under which a driver's prop_op(9E) could be called. Calling
 353          * prop_op(9E) in this new context has been shown to expose latent
 354          * driver bugs (insufficient NULL pointer checks that lead to panic).
 355          * We are keeping this open check for now to avoid these panics.
 356          */
 357         if (csp->s_count == 0) {
 358                 mutex_exit(&csp->s_lock);
 359                 return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
 360         }
 361 
 362         /* Return non-cached UNKNOWN_SIZE if not attached. */
 363         if (((csp->s_flag & SDIPSET) == 0) || (csp->s_dip == NULL) ||
 364             !i_ddi_devi_attached(csp->s_dip)) {
 365                 mutex_exit(&csp->s_lock);
 366                 return ((cvp->v_type == VCHR) ? 0 : UNKNOWN_SIZE);
 367         }
 368 
 369         devi = csp->s_dip;
 370 
 371         /*
 372          * Established cached size obtained from the attached driver. Since we
 373          * know the devinfo node, for efficiency we use cdev_prop_op directly
 374          * instead of [cb]dev_[Ss]size.
 375          */
 376         if (cvp->v_type == VCHR) {
 377                 size = 0;
 378                 plen = sizeof (size);
 379                 if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 380                     DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
 381                     DDI_PROP_CONSUMER_TYPED, "Size", (caddr_t)&size,
 382                     &plen) != DDI_PROP_SUCCESS) {
 383                         plen = sizeof (size32);
 384                         if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 385                             DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
 386                             "size", (caddr_t)&size32, &plen) ==
 387                             DDI_PROP_SUCCESS)
 388                                 size = size32;
 389                 }
 390         } else {
 391                 size = UNKNOWN_SIZE;
 392                 plen = sizeof (size);
 393                 if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 394                     DDI_PROP_NOTPROM | DDI_PROP_DONTPASS |
 395                     DDI_PROP_CONSUMER_TYPED, "Nblocks", (caddr_t)&size,
 396                     &plen) != DDI_PROP_SUCCESS) {
 397                         plen = sizeof (size32);
 398                         if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 399                             DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
 400                             "nblocks", (caddr_t)&size32, &plen) ==
 401                             DDI_PROP_SUCCESS)
 402                                 size = size32;
 403                 }
 404 
 405                 if (size != UNKNOWN_SIZE) {
 406                         blksize = DEV_BSIZE;            /* default */
 407                         plen = sizeof (blksize);
 408 
 409                         /* try to get dev_t specific "blksize" */
 410                         if (cdev_prop_op(dev, devi, PROP_LEN_AND_VAL_BUF,
 411                             DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
 412                             "blksize", (caddr_t)&blksize, &plen) !=
 413                             DDI_PROP_SUCCESS) {
 414                                 /*
 415                                  * Try for dev_info node "device-blksize".
 416                                  * If this fails then blksize will still be
 417                                  * DEV_BSIZE default value.
 418                                  */
 419                                 (void) cdev_prop_op(DDI_DEV_T_ANY, devi,
 420                                     PROP_LEN_AND_VAL_BUF,
 421                                     DDI_PROP_NOTPROM | DDI_PROP_DONTPASS,
 422                                     "device-blksize", (caddr_t)&blksize, &plen);
 423                         }
 424 
 425                         /* blksize must be a power of two */
 426                         ASSERT(BIT_ONLYONESET(blksize));
 427                         blkshift = highbit(blksize) - 1;
 428 
 429                         /* convert from block size to byte size */
 430                         if (size < (MAXOFFSET_T >> blkshift))
 431                                 size = size << blkshift;
 432                         else
 433                                 size = UNKNOWN_SIZE;
 434                 }
 435         }
 436 
 437         csp->s_size = size;
 438         csp->s_flag |= SSIZEVALID;
 439 
 440         mutex_exit(&csp->s_lock);
 441         return (size);
 442 }
 443 
 444 /*
 445  * This function deal with vnode substitution in the case of
 446  * device cloning.
 447  */
 448 static int
 449 spec_clone(struct vnode **vpp, dev_t newdev, int vtype, struct stdata *stp)
 450 {
 451         dev_t           dev = (*vpp)->v_rdev;
 452         major_t         maj = getmajor(dev);
 453         major_t         newmaj = getmajor(newdev);
 454         int             sysclone = (maj == clone_major);
 455         int             qassociate_used = 0;
 456         struct snode    *oldsp, *oldcsp;
 457         struct snode    *newsp, *newcsp;
 458         struct vnode    *newvp, *newcvp;
 459         dev_info_t      *dip;
 460         queue_t         *dq;
 461 
 462         ASSERT(dev != newdev);
 463 
 464         /*
 465          * Check for cloning across different drivers.
 466          * We only support this under the system provided clone driver
 467          */
 468         if ((maj != newmaj) && !sysclone) {
 469                 cmn_err(CE_NOTE,
 470                     "unsupported clone open maj = %u, newmaj = %u",
 471                     maj, newmaj);
 472                 return (ENXIO);
 473         }
 474 
 475         /* old */
 476         oldsp = VTOS(*vpp);
 477         oldcsp = VTOS(oldsp->s_commonvp);
 478 
 479         /* new */
 480         newvp = makespecvp(newdev, vtype);
 481         ASSERT(newvp != NULL);
 482         newsp = VTOS(newvp);
 483         newcvp = newsp->s_commonvp;
 484         newcsp = VTOS(newcvp);
 485 
 486         /*
 487          * Clones inherit fsid, realvp, and dip.
 488          * XXX realvp inherit is not occurring, does fstat of clone work?
 489          */
 490         newsp->s_fsid = oldsp->s_fsid;
 491         if (sysclone) {
 492                 newsp->s_flag |= SCLONE;
 493                 dip = NULL;
 494         } else {
 495                 newsp->s_flag |= SSELFCLONE;
 496                 dip = oldcsp->s_dip;
 497         }
 498 
 499         /*
 500          * If we cloned to an opened newdev that already has called
 501          * spec_assoc_vp_with_devi (SDIPSET set) then the association is
 502          * already established.
 503          */
 504         if (!(newcsp->s_flag & SDIPSET)) {
 505                 /*
 506                  * Establish s_dip association for newdev.
 507                  *
 508                  * If we trusted the getinfo(9E) DDI_INFO_DEVT2INSTANCE
 509                  * implementation of all cloning drivers  (SCLONE and SELFCLONE)
 510                  * we would always use e_ddi_hold_devi_by_dev().  We know that
 511                  * many drivers have had (still have?) problems with
 512                  * DDI_INFO_DEVT2INSTANCE, so we try to minimize reliance by
 513                  * detecting drivers that use QASSOCIATE (by looking down the
 514                  * stream) and setting their s_dip association to NULL.
 515                  */
 516                 qassociate_used = 0;
 517                 if (stp) {
 518                         for (dq = stp->sd_wrq; dq; dq = dq->q_next) {
 519                                 if (_RD(dq)->q_flag & _QASSOCIATED) {
 520                                         qassociate_used = 1;
 521                                         dip = NULL;
 522                                         break;
 523                                 }
 524                         }
 525                 }
 526 
 527                 if (dip || qassociate_used) {
 528                         spec_assoc_vp_with_devi(newvp, dip);
 529                 } else {
 530                         /* derive association from newdev */
 531                         dip = e_ddi_hold_devi_by_dev(newdev, 0);
 532                         spec_assoc_vp_with_devi(newvp, dip);
 533                         if (dip)
 534                                 ddi_release_devi(dip);
 535                 }
 536         }
 537 
 538         SN_HOLD(newcsp);
 539 
 540         /* deal with stream stuff */
 541         if (stp != NULL) {
 542                 LOCK_CSP(newcsp);       /* synchronize stream open/close */
 543                 mutex_enter(&newcsp->s_lock);
 544                 newcvp->v_stream = newvp->v_stream = stp;
 545                 stp->sd_vnode = newcvp;
 546                 stp->sd_strtab = STREAMSTAB(newmaj);
 547                 mutex_exit(&newcsp->s_lock);
 548                 UNLOCK_CSP(newcsp);
 549         }
 550 
 551         /* substitute the vnode */
 552         SN_RELE(oldcsp);
 553         VN_RELE(*vpp);
 554         *vpp = newvp;
 555 
 556         return (0);
 557 }
 558 
 559 static int
 560 spec_open(struct vnode **vpp, int flag, struct cred *cr, caller_context_t *cc)
 561 {
 562         major_t maj;
 563         dev_t dev, newdev;
 564         struct vnode *vp, *cvp;
 565         struct snode *sp, *csp;
 566         struct stdata *stp;
 567         dev_info_t *dip;
 568         int error, type;
 569         contract_t *ct = NULL;
 570         int open_returns_eintr;
 571         slock_ret_t spec_locksp_ret;
 572 
 573 
 574         flag &= ~FCREAT;            /* paranoia */
 575 
 576         vp = *vpp;
 577         sp = VTOS(vp);
 578         ASSERT((vp->v_type == VCHR) || (vp->v_type == VBLK));
 579         if ((vp->v_type != VCHR) && (vp->v_type != VBLK))
 580                 return (ENXIO);
 581 
 582         /*
 583          * If the VFS_NODEVICES bit was set for the mount,
 584          * do not allow opens of special devices.
 585          */
 586         if (sp->s_realvp && (sp->s_realvp->v_vfsp->vfs_flag & VFS_NODEVICES))
 587                 return (ENXIO);
 588 
 589         newdev = dev = vp->v_rdev;
 590 
 591         /*
 592          * If we are opening a node that has not had spec_assoc_vp_with_devi
 593          * called against it (mknod outside /devices or a non-dacf makespecvp
 594          * node) then SDIPSET will not be set. In this case we call an
 595          * interface which will reconstruct the path and lookup (drive attach)
 596          * through devfs (e_ddi_hold_devi_by_dev -> e_ddi_hold_devi_by_path ->
 597          * devfs_lookupname).  For support of broken drivers that don't call
 598          * ddi_create_minor_node for all minor nodes in their instance space,
 599          * we call interfaces that operates at the directory/devinfo
 600          * (major/instance) level instead of to the leaf/minor node level.
 601          * After finding and attaching the dip we associate it with the
 602          * common specfs vnode (s_dip), which sets SDIPSET.  A DL_DETACH_REQ
 603          * to style-2 stream driver may set s_dip to NULL with SDIPSET set.
 604          *
 605          * NOTE: Although e_ddi_hold_devi_by_dev takes a dev_t argument, its
 606          * implementation operates at the major/instance level since it only
 607          * need to return a dip.
 608          */
 609         cvp = sp->s_commonvp;
 610         csp = VTOS(cvp);
 611         if (!(csp->s_flag & SDIPSET)) {
 612                 /* try to attach, return error if we fail */
 613                 if ((dip = e_ddi_hold_devi_by_dev(dev, 0)) == NULL)
 614                         return (ENXIO);
 615 
 616                 /* associate dip with the common snode s_dip */
 617                 spec_assoc_vp_with_devi(vp, dip);
 618                 ddi_release_devi(dip);  /* from e_ddi_hold_devi_by_dev */
 619         }
 620 
 621         /* check if device fenced off */
 622         if (S_ISFENCED(sp))
 623                 return (ENXIO);
 624 
 625 #ifdef  DEBUG
 626         /* verify attach/open exclusion guarantee */
 627         dip = csp->s_dip;
 628         ASSERT((dip == NULL) || i_ddi_devi_attached(dip));
 629 #endif  /* DEBUG */
 630 
 631         if ((error = secpolicy_spec_open(cr, vp, flag)) != 0)
 632                 return (error);
 633 
 634         /* Verify existance of open(9E) implementation. */
 635         maj = getmajor(dev);
 636         if ((maj >= devcnt) ||
 637             (devopsp[maj]->devo_cb_ops == NULL) ||
 638             (devopsp[maj]->devo_cb_ops->cb_open == NULL))
 639                 return (ENXIO);
 640 
 641         /*
 642          * split STREAMS vs. non-STREAMS
 643          *
 644          * If the device is a dual-personality device, then we might want
 645          * to allow for a regular OTYP_BLK open.  If however it's strictly
 646          * a pure STREAMS device, the cb_open entry point will be
 647          * nodev() which returns ENXIO.  This does make this failure path
 648          * somewhat longer, but such attempts to use OTYP_BLK with STREAMS
 649          * devices should be exceedingly rare.  (Most of the time they will
 650          * be due to programmer error.)
 651          */
 652         if ((vp->v_type == VCHR) && (STREAMSTAB(maj)))
 653                 goto streams_open;
 654 
 655 not_streams:
 656         /*
 657          * Wait for in progress last close to complete. This guarantees
 658          * to the driver writer that we will never be in the drivers
 659          * open and close on the same (dev_t, otype) at the same time.
 660          * Open count already incremented (SN_HOLD) on non-zero return.
 661          * The wait is interruptible by a signal if the driver sets the
 662          * D_OPEN_RETURNS_EINTR cb_ops(9S) cb_flag or sets the
 663          * ddi-open-returns-eintr(9P) property in its driver.conf.
 664          */
 665         if ((devopsp[maj]->devo_cb_ops->cb_flag & D_OPEN_RETURNS_EINTR) ||
 666             (devnamesp[maj].dn_flags & DN_OPEN_RETURNS_EINTR))
 667                 open_returns_eintr = 1;
 668         else
 669                 open_returns_eintr = 0;
 670         while ((spec_locksp_ret = SYNCHOLD_CSP_SIG(csp, open_returns_eintr)) !=
 671             SUCCESS) {
 672                 if (spec_locksp_ret == INTR)
 673                         return (EINTR);
 674         }
 675 
 676         /* non streams open */
 677         type = (vp->v_type == VBLK ? OTYP_BLK : OTYP_CHR);
 678         error = dev_open(&newdev, flag, type, cr);
 679 
 680         /* deal with clone case */
 681         if (error == 0 && dev != newdev) {
 682                 error = spec_clone(vpp, newdev, vp->v_type, NULL);
 683                 /*
 684                  * bail on clone failure, further processing
 685                  * results in undefined behaviors.
 686                  */
 687                 if (error != 0)
 688                         return (error);
 689                 sp = VTOS(*vpp);
 690                 csp = VTOS(sp->s_commonvp);
 691         }
 692 
 693         /*
 694          * create contracts only for userland opens
 695          * Successful open and cloning is done at this point.
 696          */
 697         if (error == 0 && !(flag & FKLYR)) {
 698                 int spec_type;
 699                 spec_type = (STOV(csp)->v_type == VCHR) ? S_IFCHR : S_IFBLK;
 700                 if (contract_device_open(newdev, spec_type, NULL) != 0) {
 701                         error = EIO;
 702                 }
 703         }
 704 
 705         if (error == 0) {
 706                 sp->s_size = SPEC_SIZE(csp);
 707 
 708                 if ((csp->s_flag & SNEEDCLOSE) == 0) {
 709                         int nmaj = getmajor(newdev);
 710                         mutex_enter(&csp->s_lock);
 711                         /* successful open needs a close later */
 712                         csp->s_flag |= SNEEDCLOSE;
 713 
 714                         /*
 715                          * Invalidate possible cached "unknown" size
 716                          * established by a VOP_GETATTR while open was in
 717                          * progress, and the driver might fail prop_op(9E).
 718                          */
 719                         if (((cvp->v_type == VCHR) && (csp->s_size == 0)) ||
 720                             ((cvp->v_type == VBLK) &&
 721                             (csp->s_size == UNKNOWN_SIZE)))
 722                                 csp->s_flag &= ~SSIZEVALID;
 723 
 724                         if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_64BIT)
 725                                 csp->s_flag |= SLOFFSET;
 726                         if (devopsp[nmaj]->devo_cb_ops->cb_flag & D_U64BIT)
 727                                 csp->s_flag |= SLOFFSET | SANYOFFSET;
 728                         mutex_exit(&csp->s_lock);
 729                 }
 730                 return (0);
 731         }
 732 
 733         /*
 734          * Open failed. If we missed a close operation because
 735          * we were trying to get the device open and it is the
 736          * last in progress open that is failing then call close.
 737          *
 738          * NOTE: Only non-streams open has this race condition.
 739          */
 740         mutex_enter(&csp->s_lock);
 741         csp->s_count--;                      /* decrement open count : SN_RELE */
 742         if ((csp->s_count == 0) &&   /* no outstanding open */
 743             (csp->s_mapcnt == 0) &&  /* no mapping */
 744             (csp->s_flag & SNEEDCLOSE)) { /* need a close */
 745                 csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
 746 
 747                 /* See comment in spec_close() */
 748                 if (csp->s_flag & (SCLONE | SSELFCLONE))
 749                         csp->s_flag &= ~SDIPSET;
 750 
 751                 csp->s_flag |= SCLOSING;
 752                 mutex_exit(&csp->s_lock);
 753 
 754                 ASSERT(*vpp != NULL);
 755                 (void) device_close(*vpp, flag, cr);
 756 
 757                 mutex_enter(&csp->s_lock);
 758                 csp->s_flag &= ~SCLOSING;
 759                 mutex_exit(&csp->s_lock);
 760         } else {
 761                 mutex_exit(&csp->s_lock);
 762         }
 763         return (error);
 764 
 765 streams_open:
 766         /*
 767          * Lock common snode to prevent any new clone opens on this
 768          * stream while one is in progress. This is necessary since
 769          * the stream currently associated with the clone device will
 770          * not be part of it after the clone open completes. Unfortunately
 771          * we don't know in advance if this is a clone
 772          * device so we have to lock all opens.
 773          *
 774          * If we fail, it's because of an interrupt - EINTR return is an
 775          * expected aspect of opening a stream so we don't need to check
 776          * D_OPEN_RETURNS_EINTR. Open count already incremented (SN_HOLD)
 777          * on non-zero return.
 778          */
 779         if (LOCKHOLD_CSP_SIG(csp) != SUCCESS)
 780                 return (EINTR);
 781 
 782         error = stropen(cvp, &newdev, flag, cr);
 783         stp = cvp->v_stream;
 784 
 785         /* deal with the clone case */
 786         if ((error == 0) && (dev != newdev)) {
 787                 vp->v_stream = cvp->v_stream = NULL;
 788                 UNLOCK_CSP(csp);
 789                 error = spec_clone(vpp, newdev, vp->v_type, stp);
 790                 /*
 791                  * bail on clone failure, further processing
 792                  * results in undefined behaviors.
 793                  */
 794                 if (error != 0)
 795                         return (error);
 796                 sp = VTOS(*vpp);
 797                 csp = VTOS(sp->s_commonvp);
 798         } else if (error == 0) {
 799                 vp->v_stream = stp;
 800                 UNLOCK_CSP(csp);
 801         }
 802 
 803         /*
 804          * create contracts only for userland opens
 805          * Successful open and cloning is done at this point.
 806          */
 807         if (error == 0 && !(flag & FKLYR)) {
 808                 /* STREAM is of type S_IFCHR */
 809                 if (contract_device_open(newdev, S_IFCHR, &ct) != 0) {
 810                         UNLOCK_CSP(csp);
 811                         (void) spec_close(vp, flag, 1, 0, cr, cc);
 812                         return (EIO);
 813                 }
 814         }
 815 
 816         if (error == 0) {
 817                 /* STREAMS devices don't have a size */
 818                 sp->s_size = csp->s_size = 0;
 819 
 820                 if (!(stp->sd_flag & STRISTTY) || (flag & FNOCTTY))
 821                         return (0);
 822 
 823                 /* try to allocate it as a controlling terminal */
 824                 if (strctty(stp) != EINTR)
 825                         return (0);
 826 
 827                 /* strctty() was interrupted by a signal */
 828                 if (ct) {
 829                         /* we only create contracts for userland opens */
 830                         ASSERT(ttoproc(curthread));
 831                         (void) contract_abandon(ct, ttoproc(curthread), 0);
 832                 }
 833                 (void) spec_close(vp, flag, 1, 0, cr, cc);
 834                 return (EINTR);
 835         }
 836 
 837         /*
 838          * Deal with stropen failure.
 839          *
 840          * sd_flag in the stream head cannot change since the
 841          * common snode is locked before the call to stropen().
 842          */
 843         if ((stp != NULL) && (stp->sd_flag & STREOPENFAIL)) {
 844                 /*
 845                  * Open failed part way through.
 846                  */
 847                 mutex_enter(&stp->sd_lock);
 848                 stp->sd_flag &= ~STREOPENFAIL;
 849                 mutex_exit(&stp->sd_lock);
 850 
 851                 UNLOCK_CSP(csp);
 852                 (void) spec_close(vp, flag, 1, 0, cr, cc);
 853         } else {
 854                 UNLOCK_CSP(csp);
 855                 SN_RELE(csp);
 856         }
 857 
 858         /*
 859          * Resolution for STREAMS vs. regular character device: If the
 860          * STREAMS open(9e) returns ENOSTR, then try an ordinary device
 861          * open instead.
 862          */
 863         if (error == ENOSTR) {
 864                 goto not_streams;
 865         }
 866         return (error);
 867 }
 868 
 869 /*ARGSUSED2*/
 870 static int
 871 spec_close(
 872         struct vnode    *vp,
 873         int             flag,
 874         int             count,
 875         offset_t        offset,
 876         struct cred     *cr,
 877         caller_context_t *ct)
 878 {
 879         struct vnode *cvp;
 880         struct snode *sp, *csp;
 881         enum vtype type;
 882         dev_t dev;
 883         int error = 0;
 884         int sysclone;
 885 
 886         if (!(flag & FKLYR)) {
 887                 /* this only applies to closes of devices from userland */
 888                 cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
 889                 cleanshares(vp, ttoproc(curthread)->p_pid);
 890                 if (vp->v_stream)
 891                         strclean(vp);
 892         }
 893         if (count > 1)
 894                 return (0);
 895 
 896         /* we allow close to succeed even if device is fenced off */
 897         sp = VTOS(vp);
 898         cvp = sp->s_commonvp;
 899 
 900         dev = sp->s_dev;
 901         type = vp->v_type;
 902 
 903         ASSERT(type == VCHR || type == VBLK);
 904 
 905         /*
 906          * Prevent close/close and close/open races by serializing closes
 907          * on this common snode. Clone opens are held up until after
 908          * we have closed this device so the streams linkage is maintained
 909          */
 910         csp = VTOS(cvp);
 911 
 912         LOCK_CSP(csp);
 913         mutex_enter(&csp->s_lock);
 914 
 915         csp->s_count--;                      /* one fewer open reference : SN_RELE */
 916         sysclone = sp->s_flag & SCLONE;
 917 
 918         /*
 919          * Invalidate size on each close.
 920          *
 921          * XXX We do this on each close because we don't have interfaces that
 922          * allow a driver to invalidate the size.  Since clearing this on each
 923          * close this causes property overhead we skip /dev/null and
 924          * /dev/zero to avoid degrading kenbus performance.
 925          */
 926         if (getmajor(dev) != mm_major)
 927                 csp->s_flag &= ~SSIZEVALID;
 928 
 929         /*
 930          * Only call the close routine when the last open reference through
 931          * any [s, v]node goes away.  This can be checked by looking at
 932          * s_count on the common vnode.
 933          */
 934         if ((csp->s_count == 0) && (csp->s_mapcnt == 0)) {
 935                 /* we don't need a close */
 936                 csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
 937 
 938                 /*
 939                  * A cloning driver may open-clone to the same dev_t that we
 940                  * are closing before spec_inactive destroys the common snode.
 941                  * If this occurs the s_dip association needs to be reevaluated.
 942                  * We clear SDIPSET to force reevaluation in this case.  When
 943                  * reevaluation occurs (by spec_clone after open), if the
 944                  * devinfo association has changed then the old association
 945                  * will be released as the new association is established by
 946                  * spec_assoc_vp_with_devi().
 947                  */
 948                 if (csp->s_flag & (SCLONE | SSELFCLONE))
 949                         csp->s_flag &= ~SDIPSET;
 950 
 951                 csp->s_flag |= SCLOSING;
 952                 mutex_exit(&csp->s_lock);
 953                 error = device_close(vp, flag, cr);
 954 
 955                 /*
 956                  * Decrement the devops held in clnopen()
 957                  */
 958                 if (sysclone) {
 959                         ddi_rele_driver(getmajor(dev));
 960                 }
 961                 mutex_enter(&csp->s_lock);
 962                 csp->s_flag &= ~SCLOSING;
 963         }
 964 
 965         UNLOCK_CSP_LOCK_HELD(csp);
 966         mutex_exit(&csp->s_lock);
 967 
 968         return (error);
 969 }
 970 
 971 /*ARGSUSED2*/
 972 static int
 973 spec_read(
 974         struct vnode    *vp,
 975         struct uio      *uiop,
 976         int             ioflag,
 977         struct cred     *cr,
 978         caller_context_t *ct)
 979 {
 980         int error;
 981         struct snode *sp = VTOS(vp);
 982         dev_t dev = sp->s_dev;
 983         size_t n;
 984         ulong_t on;
 985         u_offset_t bdevsize;
 986         offset_t maxoff;
 987         offset_t off;
 988         struct vnode *blkvp;
 989 
 990         ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
 991 
 992         if (vp->v_stream) {
 993                 ASSERT(vp->v_type == VCHR);
 994                 smark(sp, SACC);
 995                 return (strread(vp, uiop, cr));
 996         }
 997 
 998         if (uiop->uio_resid == 0)
 999                 return (0);
1000 
1001         /*
1002          * Plain old character devices that set D_U64BIT can have
1003          * unrestricted offsets.
1004          */
1005         maxoff = spec_maxoffset(vp);
1006         ASSERT(maxoff != -1 || vp->v_type == VCHR);
1007 
1008         if (maxoff != -1 && (uiop->uio_loffset < 0 ||
1009             uiop->uio_loffset + uiop->uio_resid > maxoff))
1010                 return (EINVAL);
1011 
1012         if (vp->v_type == VCHR) {
1013                 smark(sp, SACC);
1014                 ASSERT(vp->v_stream == NULL);
1015                 return (cdev_read(dev, uiop, cr));
1016         }
1017 
1018         /*
1019          * Block device.
1020          */
1021         error = 0;
1022         blkvp = sp->s_commonvp;
1023         bdevsize = SPEC_SIZE(VTOS(blkvp));
1024 
1025         do {
1026                 caddr_t base;
1027                 offset_t diff;
1028 
1029                 off = uiop->uio_loffset & (offset_t)MAXBMASK;
1030                 on = (size_t)(uiop->uio_loffset & MAXBOFFSET);
1031                 n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
1032                 diff = bdevsize - uiop->uio_loffset;
1033 
1034                 if (diff <= 0)
1035                         break;
1036                 if (diff < n)
1037                         n = (size_t)diff;
1038 
1039                 if (vpm_enable) {
1040                         error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1041                             n, uiop, 1, NULL, 0, S_READ);
1042                 } else {
1043                         base = segmap_getmapflt(segkmap, blkvp,
1044                             (u_offset_t)(off + on), n, 1, S_READ);
1045 
1046                         error = uiomove(base + on, n, UIO_READ, uiop);
1047                 }
1048                 if (!error) {
1049                         int flags = 0;
1050                         /*
1051                          * If we read a whole block, we won't need this
1052                          * buffer again soon.
1053                          */
1054                         if (n + on == MAXBSIZE)
1055                                 flags = SM_DONTNEED | SM_FREE;
1056                         if (vpm_enable) {
1057                                 error = vpm_sync_pages(blkvp, off, n, flags);
1058                         } else {
1059                                 error = segmap_release(segkmap, base, flags);
1060                         }
1061                 } else {
1062                         if (vpm_enable) {
1063                                 (void) vpm_sync_pages(blkvp, off, n, 0);
1064                         } else {
1065                                 (void) segmap_release(segkmap, base, 0);
1066                         }
1067                         if (bdevsize == UNKNOWN_SIZE) {
1068                                 error = 0;
1069                                 break;
1070                         }
1071                 }
1072         } while (error == 0 && uiop->uio_resid > 0 && n != 0);
1073 
1074         return (error);
1075 }
1076 
1077 /*ARGSUSED*/
1078 static int
1079 spec_write(
1080         struct vnode *vp,
1081         struct uio *uiop,
1082         int ioflag,
1083         struct cred *cr,
1084         caller_context_t *ct)
1085 {
1086         int error;
1087         struct snode *sp = VTOS(vp);
1088         dev_t dev = sp->s_dev;
1089         size_t n;
1090         ulong_t on;
1091         u_offset_t bdevsize;
1092         offset_t maxoff;
1093         offset_t off;
1094         struct vnode *blkvp;
1095 
1096         ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
1097 
1098         if (vp->v_stream) {
1099                 ASSERT(vp->v_type == VCHR);
1100                 smark(sp, SUPD);
1101                 return (strwrite(vp, uiop, cr));
1102         }
1103 
1104         /*
1105          * Plain old character devices that set D_U64BIT can have
1106          * unrestricted offsets.
1107          */
1108         maxoff = spec_maxoffset(vp);
1109         ASSERT(maxoff != -1 || vp->v_type == VCHR);
1110 
1111         if (maxoff != -1 && (uiop->uio_loffset < 0 ||
1112             uiop->uio_loffset + uiop->uio_resid > maxoff))
1113                 return (EINVAL);
1114 
1115         if (vp->v_type == VCHR) {
1116                 smark(sp, SUPD);
1117                 ASSERT(vp->v_stream == NULL);
1118                 return (cdev_write(dev, uiop, cr));
1119         }
1120 
1121         if (uiop->uio_resid == 0)
1122                 return (0);
1123 
1124         error = 0;
1125         blkvp = sp->s_commonvp;
1126         bdevsize = SPEC_SIZE(VTOS(blkvp));
1127 
1128         do {
1129                 int pagecreate;
1130                 int newpage;
1131                 caddr_t base;
1132                 offset_t diff;
1133 
1134                 off = uiop->uio_loffset & (offset_t)MAXBMASK;
1135                 on = (ulong_t)(uiop->uio_loffset & MAXBOFFSET);
1136                 n = (size_t)MIN(MAXBSIZE - on, uiop->uio_resid);
1137                 pagecreate = 0;
1138 
1139                 diff = bdevsize - uiop->uio_loffset;
1140                 if (diff <= 0) {
1141                         error = ENXIO;
1142                         break;
1143                 }
1144                 if (diff < n)
1145                         n = (size_t)diff;
1146 
1147                 /*
1148                  * Check to see if we can skip reading in the page
1149                  * and just allocate the memory.  We can do this
1150                  * if we are going to rewrite the entire mapping
1151                  * or if we are going to write to end of the device
1152                  * from the beginning of the mapping.
1153                  */
1154                 if (n == MAXBSIZE || (on == 0 && (off + n) == bdevsize))
1155                         pagecreate = 1;
1156 
1157                 newpage = 0;
1158 
1159                 /*
1160                  * Touch the page and fault it in if it is not in core
1161                  * before segmap_getmapflt or vpm_data_copy can lock it.
1162                  * This is to avoid the deadlock if the buffer is mapped
1163                  * to the same file through mmap which we want to write.
1164                  */
1165                 uio_prefaultpages((long)n, uiop);
1166 
1167                 if (vpm_enable) {
1168                         error = vpm_data_copy(blkvp, (u_offset_t)(off + on),
1169                             n, uiop, !pagecreate, NULL, 0, S_WRITE);
1170                 } else {
1171                         base = segmap_getmapflt(segkmap, blkvp,
1172                             (u_offset_t)(off + on), n, !pagecreate, S_WRITE);
1173 
1174                         /*
1175                          * segmap_pagecreate() returns 1 if it calls
1176                          * page_create_va() to allocate any pages.
1177                          */
1178 
1179                         if (pagecreate)
1180                                 newpage = segmap_pagecreate(segkmap, base + on,
1181                                     n, 0);
1182 
1183                         error = uiomove(base + on, n, UIO_WRITE, uiop);
1184                 }
1185 
1186                 if (!vpm_enable && pagecreate &&
1187                     uiop->uio_loffset <
1188                     P2ROUNDUP_TYPED(off + on + n, PAGESIZE, offset_t)) {
1189                         /*
1190                          * We created pages w/o initializing them completely,
1191                          * thus we need to zero the part that wasn't set up.
1192                          * This can happen if we write to the end of the device
1193                          * or if we had some sort of error during the uiomove.
1194                          */
1195                         long nzero;
1196                         offset_t nmoved;
1197 
1198                         nmoved = (uiop->uio_loffset - (off + on));
1199                         if (nmoved < 0 || nmoved > n) {
1200                                 panic("spec_write: nmoved bogus");
1201                                 /*NOTREACHED*/
1202                         }
1203                         nzero = (long)P2ROUNDUP(on + n, PAGESIZE) -
1204                             (on + nmoved);
1205                         if (nzero < 0 || (on + nmoved + nzero > MAXBSIZE)) {
1206                                 panic("spec_write: nzero bogus");
1207                                 /*NOTREACHED*/
1208                         }
1209                         (void) kzero(base + on + nmoved, (size_t)nzero);
1210                 }
1211 
1212                 /*
1213                  * Unlock the pages which have been allocated by
1214                  * page_create_va() in segmap_pagecreate().
1215                  */
1216                 if (!vpm_enable && newpage)
1217                         segmap_pageunlock(segkmap, base + on,
1218                             (size_t)n, S_WRITE);
1219 
1220                 if (error == 0) {
1221                         int flags = 0;
1222 
1223                         /*
1224                          * Force write back for synchronous write cases.
1225                          */
1226                         if (ioflag & (FSYNC|FDSYNC))
1227                                 flags = SM_WRITE;
1228                         else if (n + on == MAXBSIZE || IS_SWAPVP(vp)) {
1229                                 /*
1230                                  * Have written a whole block.
1231                                  * Start an asynchronous write and
1232                                  * mark the buffer to indicate that
1233                                  * it won't be needed again soon.
1234                                  * Push swap files here, since it
1235                                  * won't happen anywhere else.
1236                                  */
1237                                 flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
1238                         }
1239                         smark(sp, SUPD|SCHG);
1240                         if (vpm_enable) {
1241                                 error = vpm_sync_pages(blkvp, off, n, flags);
1242                         } else {
1243                                 error = segmap_release(segkmap, base, flags);
1244                         }
1245                 } else {
1246                         if (vpm_enable) {
1247                                 (void) vpm_sync_pages(blkvp, off, n, SM_INVAL);
1248                         } else {
1249                                 (void) segmap_release(segkmap, base, SM_INVAL);
1250                         }
1251                 }
1252 
1253         } while (error == 0 && uiop->uio_resid > 0 && n != 0);
1254 
1255         return (error);
1256 }
1257 
1258 /*ARGSUSED6*/
1259 static int
1260 spec_ioctl(struct vnode *vp, int cmd, intptr_t arg, int mode, struct cred *cr,
1261     int *rvalp, caller_context_t *ct)
1262 {
1263         struct snode *sp;
1264         dev_t dev;
1265         int error;
1266 
1267         if (vp->v_type != VCHR)
1268                 return (ENOTTY);
1269 
1270         /*
1271          * allow ioctls() to go through even for fenced snodes, as they
1272          * may include unconfiguration operation - for example popping of
1273          * streams modules.
1274          */
1275 
1276         sp = VTOS(vp);
1277         dev = sp->s_dev;
1278         if (vp->v_stream) {
1279                 error = strioctl(vp, cmd, arg, mode, U_TO_K, cr, rvalp);
1280         } else {
1281                 error = cdev_ioctl(dev, cmd, arg, mode, cr, rvalp);
1282         }
1283         return (error);
1284 }
1285 
1286 static int
1287 spec_getattr(
1288         struct vnode *vp,
1289         struct vattr *vap,
1290         int flags,
1291         struct cred *cr,
1292         caller_context_t *ct)
1293 {
1294         int error;
1295         struct snode *sp;
1296         struct vnode *realvp;
1297 
1298         /* With ATTR_COMM we will not get attributes from realvp */
1299         if (flags & ATTR_COMM) {
1300                 sp = VTOS(vp);
1301                 vp = sp->s_commonvp;
1302         }
1303         sp = VTOS(vp);
1304 
1305         /* we want stat() to fail with ENXIO if the device is fenced off */
1306         if (S_ISFENCED(sp))
1307                 return (ENXIO);
1308 
1309         realvp = sp->s_realvp;
1310 
1311         if (realvp == NULL) {
1312                 static int snode_shift  = 0;
1313 
1314                 /*
1315                  * Calculate the amount of bitshift to a snode pointer which
1316                  * will still keep it unique.  See below.
1317                  */
1318                 if (snode_shift == 0)
1319                         snode_shift = highbit(sizeof (struct snode));
1320                 ASSERT(snode_shift > 0);
1321 
1322                 /*
1323                  * No real vnode behind this one.  Fill in the fields
1324                  * from the snode.
1325                  *
1326                  * This code should be refined to return only the
1327                  * attributes asked for instead of all of them.
1328                  */
1329                 vap->va_type = vp->v_type;
1330                 vap->va_mode = 0;
1331                 vap->va_uid = vap->va_gid = 0;
1332                 vap->va_fsid = sp->s_fsid;
1333 
1334                 /*
1335                  * If the va_nodeid is > MAX_USHORT, then i386 stats might
1336                  * fail. So we shift down the snode pointer to try and get
1337                  * the most uniqueness into 16-bits.
1338                  */
1339                 vap->va_nodeid = ((ino64_t)(uintptr_t)sp >> snode_shift) &
1340                     0xFFFF;
1341                 vap->va_nlink = 0;
1342                 vap->va_rdev = sp->s_dev;
1343 
1344                 /*
1345                  * va_nblocks is the number of 512 byte blocks used to store
1346                  * the mknod for the device, not the number of blocks on the
1347                  * device itself.  This is typically zero since the mknod is
1348                  * represented directly in the inode itself.
1349                  */
1350                 vap->va_nblocks = 0;
1351         } else {
1352                 error = VOP_GETATTR(realvp, vap, flags, cr, ct);
1353                 if (error != 0)
1354                         return (error);
1355         }
1356 
1357         /* set the size from the snode */
1358         vap->va_size = SPEC_SIZE(VTOS(sp->s_commonvp));
1359         vap->va_blksize = MAXBSIZE;
1360 
1361         mutex_enter(&sp->s_lock);
1362         vap->va_atime.tv_sec = sp->s_atime;
1363         vap->va_mtime.tv_sec = sp->s_mtime;
1364         vap->va_ctime.tv_sec = sp->s_ctime;
1365         mutex_exit(&sp->s_lock);
1366 
1367         vap->va_atime.tv_nsec = 0;
1368         vap->va_mtime.tv_nsec = 0;
1369         vap->va_ctime.tv_nsec = 0;
1370         vap->va_seq = 0;
1371 
1372         return (0);
1373 }
1374 
1375 static int
1376 spec_setattr(
1377         struct vnode *vp,
1378         struct vattr *vap,
1379         int flags,
1380         struct cred *cr,
1381         caller_context_t *ct)
1382 {
1383         struct snode *sp = VTOS(vp);
1384         struct vnode *realvp;
1385         int error;
1386 
1387         /* fail with ENXIO if the device is fenced off */
1388         if (S_ISFENCED(sp))
1389                 return (ENXIO);
1390 
1391         if (vp->v_type == VCHR && vp->v_stream && (vap->va_mask & AT_SIZE)) {
1392                 /*
1393                  * 1135080:     O_TRUNC should have no effect on
1394                  *              named pipes and terminal devices.
1395                  */
1396                 ASSERT(vap->va_mask == AT_SIZE);
1397                 return (0);
1398         }
1399 
1400         if ((realvp = sp->s_realvp) == NULL)
1401                 error = 0;      /* no real vnode to update */
1402         else
1403                 error = VOP_SETATTR(realvp, vap, flags, cr, ct);
1404         if (error == 0) {
1405                 /*
1406                  * If times were changed, update snode.
1407                  */
1408                 mutex_enter(&sp->s_lock);
1409                 if (vap->va_mask & AT_ATIME)
1410                         sp->s_atime = vap->va_atime.tv_sec;
1411                 if (vap->va_mask & AT_MTIME) {
1412                         sp->s_mtime = vap->va_mtime.tv_sec;
1413                         sp->s_ctime = gethrestime_sec();
1414                 }
1415                 mutex_exit(&sp->s_lock);
1416         }
1417         return (error);
1418 }
1419 
1420 static int
1421 spec_access(
1422         struct vnode *vp,
1423         int mode,
1424         int flags,
1425         struct cred *cr,
1426         caller_context_t *ct)
1427 {
1428         struct vnode *realvp;
1429         struct snode *sp = VTOS(vp);
1430 
1431         /* fail with ENXIO if the device is fenced off */
1432         if (S_ISFENCED(sp))
1433                 return (ENXIO);
1434 
1435         if ((realvp = sp->s_realvp) != NULL)
1436                 return (VOP_ACCESS(realvp, mode, flags, cr, ct));
1437         else
1438                 return (0);     /* Allow all access. */
1439 }
1440 
1441 /*
1442  * This can be called if creat or an open with O_CREAT is done on the root
1443  * of a lofs mount where the mounted entity is a special file.
1444  */
1445 /*ARGSUSED*/
1446 static int
1447 spec_create(
1448         struct vnode *dvp,
1449         char *name,
1450         vattr_t *vap,
1451         enum vcexcl excl,
1452         int mode,
1453         struct vnode **vpp,
1454         struct cred *cr,
1455         int flag,
1456         caller_context_t *ct,
1457         vsecattr_t *vsecp)
1458 {
1459         int error;
1460         struct snode *sp = VTOS(dvp);
1461 
1462         /* fail with ENXIO if the device is fenced off */
1463         if (S_ISFENCED(sp))
1464                 return (ENXIO);
1465 
1466         ASSERT(dvp && (dvp->v_flag & VROOT) && *name == '\0');
1467         if (excl == NONEXCL) {
1468                 if (mode && (error = spec_access(dvp, mode, 0, cr, ct)))
1469                         return (error);
1470                 VN_HOLD(dvp);
1471                 return (0);
1472         }
1473         return (EEXIST);
1474 }
1475 
1476 /*
1477  * In order to sync out the snode times without multi-client problems,
1478  * make sure the times written out are never earlier than the times
1479  * already set in the vnode.
1480  */
1481 static int
1482 spec_fsync(
1483         struct vnode *vp,
1484         int syncflag,
1485         struct cred *cr,
1486         caller_context_t *ct)
1487 {
1488         struct snode *sp = VTOS(vp);
1489         struct vnode *realvp;
1490         struct vnode *cvp;
1491         struct vattr va, vatmp;
1492 
1493         /* allow syncing even if device is fenced off */
1494 
1495         /* If times didn't change, don't flush anything. */
1496         mutex_enter(&sp->s_lock);
1497         if ((sp->s_flag & (SACC|SUPD|SCHG)) == 0 && vp->v_type != VBLK) {
1498                 mutex_exit(&sp->s_lock);
1499                 return (0);
1500         }
1501         sp->s_flag &= ~(SACC|SUPD|SCHG);
1502         mutex_exit(&sp->s_lock);
1503         cvp = sp->s_commonvp;
1504         realvp = sp->s_realvp;
1505 
1506         if (vp->v_type == VBLK && cvp != vp && vn_has_cached_data(cvp) &&
1507             (cvp->v_flag & VISSWAP) == 0)
1508                 (void) VOP_PUTPAGE(cvp, (offset_t)0, 0, 0, cr, ct);
1509 
1510         /*
1511          * For devices that support it, force write cache to stable storage.
1512          * We don't need the lock to check s_flags since we can treat
1513          * SNOFLUSH as a hint.
1514          */
1515         if ((vp->v_type == VBLK || vp->v_type == VCHR) &&
1516             !(sp->s_flag & SNOFLUSH)) {
1517                 int rval, rc;
1518                 struct dk_callback spec_callback;
1519 
1520                 spec_callback.dkc_flag = FLUSH_VOLATILE;
1521                 spec_callback.dkc_callback = NULL;
1522 
1523                 /* synchronous flush on volatile cache */
1524                 rc = cdev_ioctl(vp->v_rdev, DKIOCFLUSHWRITECACHE,
1525                     (intptr_t)&spec_callback, FNATIVE|FKIOCTL, cr, &rval);
1526 
1527                 if (rc == ENOTSUP || rc == ENOTTY) {
1528                         mutex_enter(&sp->s_lock);
1529                         sp->s_flag |= SNOFLUSH;
1530                         mutex_exit(&sp->s_lock);
1531                 }
1532         }
1533 
1534         /*
1535          * If no real vnode to update, don't flush anything.
1536          */
1537         if (realvp == NULL)
1538                 return (0);
1539 
1540         vatmp.va_mask = AT_ATIME|AT_MTIME;
1541         if (VOP_GETATTR(realvp, &vatmp, 0, cr, ct) == 0) {
1542 
1543                 mutex_enter(&sp->s_lock);
1544                 if (vatmp.va_atime.tv_sec > sp->s_atime)
1545                         va.va_atime = vatmp.va_atime;
1546                 else {
1547                         va.va_atime.tv_sec = sp->s_atime;
1548                         va.va_atime.tv_nsec = 0;
1549                 }
1550                 if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1551                         va.va_mtime = vatmp.va_mtime;
1552                 else {
1553                         va.va_mtime.tv_sec = sp->s_mtime;
1554                         va.va_mtime.tv_nsec = 0;
1555                 }
1556                 mutex_exit(&sp->s_lock);
1557 
1558                 va.va_mask = AT_ATIME|AT_MTIME;
1559                 (void) VOP_SETATTR(realvp, &va, 0, cr, ct);
1560         }
1561         (void) VOP_FSYNC(realvp, syncflag, cr, ct);
1562         return (0);
1563 }
1564 
1565 /*ARGSUSED*/
1566 static void
1567 spec_inactive(struct vnode *vp, struct cred *cr, caller_context_t *ct)
1568 {
1569         struct snode *sp = VTOS(vp);
1570         struct vnode *cvp;
1571         struct vnode *rvp;
1572 
1573         /*
1574          * If no one has reclaimed the vnode, remove from the
1575          * cache now.
1576          */
1577         if (vp->v_count < 1) {
1578                 panic("spec_inactive: Bad v_count");
1579                 /*NOTREACHED*/
1580         }
1581         mutex_enter(&stable_lock);
1582 
1583         mutex_enter(&vp->v_lock);
1584         /*
1585          * Drop the temporary hold by vn_rele now
1586          */
1587         if (--vp->v_count != 0) {
1588                 mutex_exit(&vp->v_lock);
1589                 mutex_exit(&stable_lock);
1590                 return;
1591         }
1592         mutex_exit(&vp->v_lock);
1593 
1594         sdelete(sp);
1595         mutex_exit(&stable_lock);
1596 
1597         /* We are the sole owner of sp now */
1598         cvp = sp->s_commonvp;
1599         rvp = sp->s_realvp;
1600 
1601         if (rvp) {
1602                 /*
1603                  * If the snode times changed, then update the times
1604                  * associated with the "realvp".
1605                  */
1606                 if ((sp->s_flag & (SACC|SUPD|SCHG)) != 0) {
1607 
1608                         struct vattr va, vatmp;
1609 
1610                         mutex_enter(&sp->s_lock);
1611                         sp->s_flag &= ~(SACC|SUPD|SCHG);
1612                         mutex_exit(&sp->s_lock);
1613                         vatmp.va_mask = AT_ATIME|AT_MTIME;
1614                         /*
1615                          * The user may not own the device, but we
1616                          * want to update the attributes anyway.
1617                          */
1618                         if (VOP_GETATTR(rvp, &vatmp, 0, kcred, ct) == 0) {
1619                                 if (vatmp.va_atime.tv_sec > sp->s_atime)
1620                                         va.va_atime = vatmp.va_atime;
1621                                 else {
1622                                         va.va_atime.tv_sec = sp->s_atime;
1623                                         va.va_atime.tv_nsec = 0;
1624                                 }
1625                                 if (vatmp.va_mtime.tv_sec > sp->s_mtime)
1626                                         va.va_mtime = vatmp.va_mtime;
1627                                 else {
1628                                         va.va_mtime.tv_sec = sp->s_mtime;
1629                                         va.va_mtime.tv_nsec = 0;
1630                                 }
1631 
1632                                 va.va_mask = AT_ATIME|AT_MTIME;
1633                                 (void) VOP_SETATTR(rvp, &va, 0, kcred, ct);
1634                         }
1635                 }
1636         }
1637         ASSERT(!vn_has_cached_data(vp));
1638         vn_invalid(vp);
1639 
1640         /* if we are sharing another file systems vfs, release it */
1641         if (vp->v_vfsp && (vp->v_vfsp != &spec_vfs))
1642                 VFS_RELE(vp->v_vfsp);
1643 
1644         /* if we have a realvp, release the realvp */
1645         if (rvp)
1646                 VN_RELE(rvp);
1647 
1648         /* if we have a common, release the common */
1649         if (cvp && (cvp != vp)) {
1650                 VN_RELE(cvp);
1651 #ifdef DEBUG
1652         } else if (cvp) {
1653                 /*
1654                  * if this is the last reference to a common vnode, any
1655                  * associated stream had better have been closed
1656                  */
1657                 ASSERT(cvp == vp);
1658                 ASSERT(cvp->v_stream == NULL);
1659 #endif /* DEBUG */
1660         }
1661 
1662         /*
1663          * if we have a hold on a devinfo node (established by
1664          * spec_assoc_vp_with_devi), release the hold
1665          */
1666         if (sp->s_dip)
1667                 ddi_release_devi(sp->s_dip);
1668 
1669         /*
1670          * If we have an associated device policy, release it.
1671          */
1672         if (sp->s_plcy != NULL)
1673                 dpfree(sp->s_plcy);
1674 
1675         /*
1676          * If all holds on the devinfo node are through specfs/devfs
1677          * and we just destroyed the last specfs node associated with the
1678          * device, then the devinfo node reference count should now be
1679          * zero.  We can't check this because there may be other holds
1680          * on the node from non file system sources: ddi_hold_devi_by_instance
1681          * for example.
1682          */
1683         kmem_cache_free(snode_cache, sp);
1684 }
1685 
1686 static int
1687 spec_fid(struct vnode *vp, struct fid *fidp, caller_context_t *ct)
1688 {
1689         struct vnode *realvp;
1690         struct snode *sp = VTOS(vp);
1691 
1692         if ((realvp = sp->s_realvp) != NULL)
1693                 return (VOP_FID(realvp, fidp, ct));
1694         else
1695                 return (EINVAL);
1696 }
1697 
1698 /*ARGSUSED1*/
1699 static int
1700 spec_seek(
1701         struct vnode *vp,
1702         offset_t ooff,
1703         offset_t *noffp,
1704         caller_context_t *ct)
1705 {
1706         offset_t maxoff = spec_maxoffset(vp);
1707 
1708         if (maxoff == -1 || *noffp <= maxoff)
1709                 return (0);
1710         else
1711                 return (EINVAL);
1712 }
1713 
1714 static int
1715 spec_frlock(
1716         struct vnode *vp,
1717         int             cmd,
1718         struct flock64  *bfp,
1719         int             flag,
1720         offset_t        offset,
1721         struct flk_callback *flk_cbp,
1722         struct cred     *cr,
1723         caller_context_t *ct)
1724 {
1725         struct snode *sp = VTOS(vp);
1726         struct snode *csp;
1727 
1728         csp = VTOS(sp->s_commonvp);
1729         /*
1730          * If file is being mapped, disallow frlock.
1731          */
1732         if (csp->s_mapcnt > 0)
1733                 return (EAGAIN);
1734 
1735         return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr, ct));
1736 }
1737 
1738 static int
1739 spec_realvp(struct vnode *vp, struct vnode **vpp, caller_context_t *ct)
1740 {
1741         struct vnode *rvp;
1742 
1743         if ((rvp = VTOS(vp)->s_realvp) != NULL) {
1744                 vp = rvp;
1745                 if (VOP_REALVP(vp, &rvp, ct) == 0)
1746                         vp = rvp;
1747         }
1748 
1749         *vpp = vp;
1750         return (0);
1751 }
1752 
1753 /*
1754  * Return all the pages from [off..off + len] in block
1755  * or character device.
1756  */
1757 /*ARGSUSED*/
1758 static int
1759 spec_getpage(
1760         struct vnode    *vp,
1761         offset_t        off,
1762         size_t          len,
1763         uint_t          *protp,
1764         page_t          *pl[],
1765         size_t          plsz,
1766         struct seg      *seg,
1767         caddr_t         addr,
1768         enum seg_rw     rw,
1769         struct cred     *cr,
1770         caller_context_t *ct)
1771 {
1772         struct snode *sp = VTOS(vp);
1773         int err;
1774 
1775         ASSERT(sp->s_commonvp == vp);
1776 
1777         /*
1778          * XXX  Given the above assertion, this might not do
1779          *      what is wanted here.
1780          */
1781         if (vp->v_flag & VNOMAP)
1782                 return (ENOSYS);
1783         TRACE_4(TR_FAC_SPECFS, TR_SPECFS_GETPAGE,
1784             "specfs getpage:vp %p off %llx len %ld snode %p",
1785             vp, off, len, sp);
1786 
1787         switch (vp->v_type) {
1788         case VBLK:
1789                 if (protp != NULL)
1790                         *protp = PROT_ALL;
1791 
1792                 if (((u_offset_t)off + len) > (SPEC_SIZE(sp) + PAGEOFFSET))
1793                         return (EFAULT);        /* beyond EOF */
1794 
1795                 err = pvn_getpages(spec_getapage, vp, (u_offset_t)off, len,
1796                     protp, pl, plsz, seg, addr, rw, cr);
1797                 break;
1798 
1799         case VCHR:
1800                 cmn_err(CE_NOTE, "spec_getpage called for character device. "
1801                     "Check any non-ON consolidation drivers");
1802                 err = 0;
1803                 pl[0] = (page_t *)0;
1804                 break;
1805 
1806         default:
1807                 panic("spec_getpage: bad v_type 0x%x", vp->v_type);
1808                 /*NOTREACHED*/
1809         }
1810 
1811         return (err);
1812 }
1813 
1814 extern int klustsize;   /* set in machdep.c */
1815 
1816 int spec_ra = 1;
1817 int spec_lostpage;      /* number of times we lost original page */
1818 
1819 /*ARGSUSED2*/
1820 static int
1821 spec_getapage(
1822         struct vnode *vp,
1823         u_offset_t      off,
1824         size_t          len,
1825         uint_t          *protp,
1826         page_t          *pl[],
1827         size_t          plsz,
1828         struct seg      *seg,
1829         caddr_t         addr,
1830         enum seg_rw     rw,
1831         struct cred     *cr)
1832 {
1833         struct snode *sp;
1834         struct buf *bp;
1835         page_t *pp, *pp2;
1836         u_offset_t io_off1, io_off2;
1837         size_t io_len1;
1838         size_t io_len2;
1839         size_t blksz;
1840         u_offset_t blkoff;
1841         int dora, err;
1842         page_t *pagefound;
1843         uint_t xlen;
1844         size_t adj_klustsize;
1845         u_offset_t size;
1846         u_offset_t tmpoff;
1847 
1848         sp = VTOS(vp);
1849         TRACE_3(TR_FAC_SPECFS, TR_SPECFS_GETAPAGE,
1850             "specfs getapage:vp %p off %llx snode %p", vp, off, sp);
1851 reread:
1852 
1853         err = 0;
1854         bp = NULL;
1855         pp = NULL;
1856         pp2 = NULL;
1857 
1858         if (pl != NULL)
1859                 pl[0] = NULL;
1860 
1861         size = SPEC_SIZE(VTOS(sp->s_commonvp));
1862 
1863         if (spec_ra && sp->s_nextr == off)
1864                 dora = 1;
1865         else
1866                 dora = 0;
1867 
1868         if (size == UNKNOWN_SIZE) {
1869                 dora = 0;
1870                 adj_klustsize = PAGESIZE;
1871         } else {
1872                 adj_klustsize = dora ? klustsize : PAGESIZE;
1873         }
1874 
1875 again:
1876         if ((pagefound = page_exists(vp, off)) == NULL) {
1877                 if (rw == S_CREATE) {
1878                         /*
1879                          * We're allocating a swap slot and it's
1880                          * associated page was not found, so allocate
1881                          * and return it.
1882                          */
1883                         if ((pp = page_create_va(vp, off,
1884                             PAGESIZE, PG_WAIT, seg, addr)) == NULL) {
1885                                 panic("spec_getapage: page_create");
1886                                 /*NOTREACHED*/
1887                         }
1888                         io_len1 = PAGESIZE;
1889                         sp->s_nextr = off + PAGESIZE;
1890                 } else {
1891                         /*
1892                          * Need to really do disk I/O to get the page(s).
1893                          */
1894                         blkoff = (off / adj_klustsize) * adj_klustsize;
1895                         if (size == UNKNOWN_SIZE) {
1896                                 blksz = PAGESIZE;
1897                         } else {
1898                                 if (blkoff + adj_klustsize <= size)
1899                                         blksz = adj_klustsize;
1900                                 else
1901                                         blksz =
1902                                             MIN(size - blkoff, adj_klustsize);
1903                         }
1904 
1905                         pp = pvn_read_kluster(vp, off, seg, addr, &tmpoff,
1906                             &io_len1, blkoff, blksz, 0);
1907                         io_off1 = tmpoff;
1908                         /*
1909                          * Make sure the page didn't sneek into the
1910                          * cache while we blocked in pvn_read_kluster.
1911                          */
1912                         if (pp == NULL)
1913                                 goto again;
1914 
1915                         /*
1916                          * Zero part of page which we are not
1917                          * going to be reading from disk now.
1918                          */
1919                         xlen = (uint_t)(io_len1 & PAGEOFFSET);
1920                         if (xlen != 0)
1921                                 pagezero(pp->p_prev, xlen, PAGESIZE - xlen);
1922 
1923                         bp = spec_startio(vp, pp, io_off1, io_len1,
1924                             pl == NULL ? (B_ASYNC | B_READ) : B_READ);
1925                         sp->s_nextr = io_off1 + io_len1;
1926                 }
1927         }
1928 
1929         if (dora && rw != S_CREATE) {
1930                 u_offset_t off2;
1931                 caddr_t addr2;
1932 
1933                 off2 = ((off / adj_klustsize) + 1) * adj_klustsize;
1934                 addr2 = addr + (off2 - off);
1935 
1936                 pp2 = NULL;
1937                 /*
1938                  * If we are past EOF then don't bother trying
1939                  * with read-ahead.
1940                  */
1941                 if (off2 >= size)
1942                         pp2 = NULL;
1943                 else {
1944                         if (off2 + adj_klustsize <= size)
1945                                 blksz = adj_klustsize;
1946                         else
1947                                 blksz = MIN(size - off2, adj_klustsize);
1948 
1949                         pp2 = pvn_read_kluster(vp, off2, seg, addr2, &tmpoff,
1950                             &io_len2, off2, blksz, 1);
1951                         io_off2 = tmpoff;
1952                 }
1953 
1954                 if (pp2 != NULL) {
1955                         /*
1956                          * Zero part of page which we are not
1957                          * going to be reading from disk now.
1958                          */
1959                         xlen = (uint_t)(io_len2 & PAGEOFFSET);
1960                         if (xlen != 0)
1961                                 pagezero(pp2->p_prev, xlen, PAGESIZE - xlen);
1962 
1963                         (void) spec_startio(vp, pp2, io_off2, io_len2,
1964                             B_READ | B_ASYNC);
1965                 }
1966         }
1967 
1968         if (pl == NULL)
1969                 return (err);
1970 
1971         if (bp != NULL) {
1972                 err = biowait(bp);
1973                 pageio_done(bp);
1974 
1975                 if (err) {
1976                         if (pp != NULL)
1977                                 pvn_read_done(pp, B_ERROR);
1978                         return (err);
1979                 }
1980         }
1981 
1982         if (pagefound) {
1983                 se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
1984                 /*
1985                  * Page exists in the cache, acquire the appropriate
1986                  * lock.  If this fails, start all over again.
1987                  */
1988 
1989                 if ((pp = page_lookup(vp, off, se)) == NULL) {
1990                         spec_lostpage++;
1991                         goto reread;
1992                 }
1993                 pl[0] = pp;
1994                 pl[1] = NULL;
1995 
1996                 sp->s_nextr = off + PAGESIZE;
1997                 return (0);
1998         }
1999 
2000         if (pp != NULL)
2001                 pvn_plist_init(pp, pl, plsz, off, io_len1, rw);
2002         return (0);
2003 }
2004 
2005 /*
2006  * Flags are composed of {B_INVAL, B_DIRTY B_FREE, B_DONTNEED, B_FORCE}.
2007  * If len == 0, do from off to EOF.
2008  *
2009  * The normal cases should be len == 0 & off == 0 (entire vp list),
2010  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
2011  * (from pageout).
2012  */
2013 /*ARGSUSED5*/
2014 int
2015 spec_putpage(
2016         struct vnode *vp,
2017         offset_t        off,
2018         size_t          len,
2019         int             flags,
2020         struct cred     *cr,
2021         caller_context_t *ct)
2022 {
2023         struct snode *sp = VTOS(vp);
2024         struct vnode *cvp;
2025         page_t *pp;
2026         u_offset_t io_off;
2027         size_t io_len = 0;      /* for lint */
2028         int err = 0;
2029         u_offset_t size;
2030         u_offset_t tmpoff;
2031 
2032         ASSERT(vp->v_count != 0);
2033 
2034         if (vp->v_flag & VNOMAP)
2035                 return (ENOSYS);
2036 
2037         cvp = sp->s_commonvp;
2038         size = SPEC_SIZE(VTOS(cvp));
2039 
2040         if (!vn_has_cached_data(vp) || off >= size)
2041                 return (0);
2042 
2043         ASSERT(vp->v_type == VBLK && cvp == vp);
2044         TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTPAGE,
2045             "specfs putpage:vp %p off %llx len %ld snode %p",
2046             vp, off, len, sp);
2047 
2048         if (len == 0) {
2049                 /*
2050                  * Search the entire vp list for pages >= off.
2051                  */
2052                 err = pvn_vplist_dirty(vp, off, spec_putapage,
2053                     flags, cr);
2054         } else {
2055                 u_offset_t eoff;
2056 
2057                 /*
2058                  * Loop over all offsets in the range [off...off + len]
2059                  * looking for pages to deal with.  We set limits so
2060                  * that we kluster to klustsize boundaries.
2061                  */
2062                 eoff = off + len;
2063                 for (io_off = off; io_off < eoff && io_off < size;
2064                     io_off += io_len) {
2065                         /*
2066                          * If we are not invalidating, synchronously
2067                          * freeing or writing pages use the routine
2068                          * page_lookup_nowait() to prevent reclaiming
2069                          * them from the free list.
2070                          */
2071                         if ((flags & B_INVAL) || ((flags & B_ASYNC) == 0)) {
2072                                 pp = page_lookup(vp, io_off,
2073                                     (flags & (B_INVAL | B_FREE)) ?
2074                                     SE_EXCL : SE_SHARED);
2075                         } else {
2076                                 pp = page_lookup_nowait(vp, io_off,
2077                                     (flags & B_FREE) ? SE_EXCL : SE_SHARED);
2078                         }
2079 
2080                         if (pp == NULL || pvn_getdirty(pp, flags) == 0)
2081                                 io_len = PAGESIZE;
2082                         else {
2083                                 err = spec_putapage(vp, pp, &tmpoff, &io_len,
2084                                     flags, cr);
2085                                 io_off = tmpoff;
2086                                 if (err != 0)
2087                                         break;
2088                                 /*
2089                                  * "io_off" and "io_len" are returned as
2090                                  * the range of pages we actually wrote.
2091                                  * This allows us to skip ahead more quickly
2092                                  * since several pages may've been dealt
2093                                  * with by this iteration of the loop.
2094                                  */
2095                         }
2096                 }
2097         }
2098         return (err);
2099 }
2100 
2101 
2102 /*
2103  * Write out a single page, possibly klustering adjacent
2104  * dirty pages.
2105  */
2106 /*ARGSUSED5*/
2107 static int
2108 spec_putapage(
2109         struct vnode    *vp,
2110         page_t          *pp,
2111         u_offset_t      *offp,          /* return value */
2112         size_t          *lenp,          /* return value */
2113         int             flags,
2114         struct cred     *cr)
2115 {
2116         struct snode *sp = VTOS(vp);
2117         u_offset_t io_off;
2118         size_t io_len;
2119         size_t blksz;
2120         u_offset_t blkoff;
2121         int err = 0;
2122         struct buf *bp;
2123         u_offset_t size;
2124         size_t adj_klustsize;
2125         u_offset_t tmpoff;
2126 
2127         /*
2128          * Destroy read ahead value since we are really going to write.
2129          */
2130         sp->s_nextr = 0;
2131         size = SPEC_SIZE(VTOS(sp->s_commonvp));
2132 
2133         adj_klustsize = klustsize;
2134 
2135         blkoff = (pp->p_offset / adj_klustsize) * adj_klustsize;
2136 
2137         if (blkoff + adj_klustsize <= size)
2138                 blksz = adj_klustsize;
2139         else
2140                 blksz = size - blkoff;
2141 
2142         /*
2143          * Find a kluster that fits in one contiguous chunk.
2144          */
2145         pp = pvn_write_kluster(vp, pp, &tmpoff, &io_len, blkoff,
2146             blksz, flags);
2147         io_off = tmpoff;
2148 
2149         /*
2150          * Check for page length rounding problems
2151          * XXX - Is this necessary?
2152          */
2153         if (io_off + io_len > size) {
2154                 ASSERT((io_off + io_len) - size < PAGESIZE);
2155                 io_len = size - io_off;
2156         }
2157 
2158         bp = spec_startio(vp, pp, io_off, io_len, B_WRITE | flags);
2159 
2160         /*
2161          * Wait for i/o to complete if the request is not B_ASYNC.
2162          */
2163         if ((flags & B_ASYNC) == 0) {
2164                 err = biowait(bp);
2165                 pageio_done(bp);
2166                 pvn_write_done(pp, ((err) ? B_ERROR : 0) | B_WRITE | flags);
2167         }
2168 
2169         if (offp)
2170                 *offp = io_off;
2171         if (lenp)
2172                 *lenp = io_len;
2173         TRACE_4(TR_FAC_SPECFS, TR_SPECFS_PUTAPAGE,
2174             "specfs putapage:vp %p offp %p snode %p err %d",
2175             vp, offp, sp, err);
2176         return (err);
2177 }
2178 
2179 /*
2180  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
2181  */
2182 static struct buf *
2183 spec_startio(
2184         struct vnode *vp,
2185         page_t          *pp,
2186         u_offset_t      io_off,
2187         size_t          io_len,
2188         int             flags)
2189 {
2190         struct buf *bp;
2191 
2192         bp = pageio_setup(pp, io_len, vp, flags);
2193 
2194         bp->b_edev = vp->v_rdev;
2195         bp->b_dev = cmpdev(vp->v_rdev);
2196         bp->b_blkno = btodt(io_off);
2197         bp->b_un.b_addr = (caddr_t)0;
2198 
2199         (void) bdev_strategy(bp);
2200 
2201         if (flags & B_READ)
2202                 lwp_stat_update(LWP_STAT_INBLK, 1);
2203         else
2204                 lwp_stat_update(LWP_STAT_OUBLK, 1);
2205 
2206         return (bp);
2207 }
2208 
2209 static int
2210 spec_poll(
2211         struct vnode    *vp,
2212         short           events,
2213         int             anyyet,
2214         short           *reventsp,
2215         struct pollhead **phpp,
2216         caller_context_t *ct)
2217 {
2218         dev_t dev;
2219         int error;
2220 
2221         if (vp->v_type == VBLK)
2222                 error = fs_poll(vp, events, anyyet, reventsp, phpp, ct);
2223         else {
2224                 ASSERT(vp->v_type == VCHR);
2225                 dev = vp->v_rdev;
2226                 if (vp->v_stream) {
2227                         ASSERT(vp->v_stream != NULL);
2228                         error = strpoll(vp->v_stream, events, anyyet,
2229                             reventsp, phpp);
2230                 } else if (devopsp[getmajor(dev)]->devo_cb_ops->cb_chpoll) {
2231                         error = cdev_poll(dev, events, anyyet, reventsp, phpp);
2232                 } else {
2233                         error = fs_poll(vp, events, anyyet, reventsp, phpp, ct);
2234                 }
2235         }
2236         return (error);
2237 }
2238 
2239 /*
2240  * This routine is called through the cdevsw[] table to handle
2241  * traditional mmap'able devices that support a d_mmap function.
2242  */
2243 /*ARGSUSED8*/
2244 int
2245 spec_segmap(
2246         dev_t dev,
2247         off_t off,
2248         struct as *as,
2249         caddr_t *addrp,
2250         off_t len,
2251         uint_t prot,
2252         uint_t maxprot,
2253         uint_t flags,
2254         struct cred *cred)
2255 {
2256         struct segdev_crargs dev_a;
2257         int (*mapfunc)(dev_t dev, off_t off, int prot);
2258         size_t i;
2259         int     error;
2260 
2261         if ((mapfunc = devopsp[getmajor(dev)]->devo_cb_ops->cb_mmap) == nodev)
2262                 return (ENODEV);
2263         TRACE_4(TR_FAC_SPECFS, TR_SPECFS_SEGMAP,
2264             "specfs segmap:dev %x as %p len %lx prot %x",
2265             dev, as, len, prot);
2266 
2267         /*
2268          * Character devices that support the d_mmap
2269          * interface can only be mmap'ed shared.
2270          */
2271         if ((flags & MAP_TYPE) != MAP_SHARED)
2272                 return (EINVAL);
2273 
2274         /*
2275          * Check to ensure that the entire range is
2276          * legal and we are not trying to map in
2277          * more than the device will let us.
2278          */
2279         for (i = 0; i < len; i += PAGESIZE) {
2280                 if (cdev_mmap(mapfunc, dev, off + i, maxprot) == -1)
2281                         return (ENXIO);
2282         }
2283 
2284         as_rangelock(as);
2285         /* Pick an address w/o worrying about any vac alignment constraints. */
2286         error = choose_addr(as, addrp, len, off, ADDR_NOVACALIGN, flags);
2287         if (error != 0) {
2288                 as_rangeunlock(as);
2289                 return (error);
2290         }
2291 
2292         dev_a.mapfunc = mapfunc;
2293         dev_a.dev = dev;
2294         dev_a.offset = off;
2295         dev_a.prot = (uchar_t)prot;
2296         dev_a.maxprot = (uchar_t)maxprot;
2297         dev_a.hat_flags = 0;
2298         dev_a.hat_attr = 0;
2299         dev_a.devmap_data = NULL;
2300 
2301         error = as_map(as, *addrp, len, segdev_create, &dev_a);
2302         as_rangeunlock(as);
2303         return (error);
2304 }
2305 
2306 int
2307 spec_char_map(
2308         dev_t dev,
2309         offset_t off,
2310         struct as *as,
2311         caddr_t *addrp,
2312         size_t len,
2313         uchar_t prot,
2314         uchar_t maxprot,
2315         uint_t flags,
2316         struct cred *cred)
2317 {
2318         int error = 0;
2319         major_t maj = getmajor(dev);
2320         int map_flag;
2321         int (*segmap)(dev_t, off_t, struct as *,
2322             caddr_t *, off_t, uint_t, uint_t, uint_t, cred_t *);
2323         int (*devmap)(dev_t, devmap_cookie_t, offset_t,
2324             size_t, size_t *, uint_t);
2325         int (*mmap)(dev_t dev, off_t off, int prot);
2326 
2327         /*
2328          * Character device: let the device driver
2329          * pick the appropriate segment driver.
2330          *
2331          * 4.x compat.: allow 'NULL' cb_segmap => spec_segmap
2332          * Kindness: allow 'nulldev' cb_segmap => spec_segmap
2333          */
2334         segmap = devopsp[maj]->devo_cb_ops->cb_segmap;
2335         if (segmap == NULL || segmap == nulldev || segmap == nodev) {
2336                 mmap = devopsp[maj]->devo_cb_ops->cb_mmap;
2337                 map_flag = devopsp[maj]->devo_cb_ops->cb_flag;
2338 
2339                 /*
2340                  * Use old mmap framework if the driver has both mmap
2341                  * and devmap entry points.  This is to prevent the
2342                  * system from calling invalid devmap entry point
2343                  * for some drivers that might have put garbage in the
2344                  * devmap entry point.
2345                  */
2346                 if ((map_flag & D_DEVMAP) || mmap == NULL ||
2347                     mmap == nulldev || mmap == nodev) {
2348                         devmap = devopsp[maj]->devo_cb_ops->cb_devmap;
2349 
2350                         /*
2351                          * If driver provides devmap entry point in
2352                          * cb_ops but not xx_segmap(9E), call
2353                          * devmap_setup with default settings
2354                          * (NULL) for callback_ops and driver
2355                          * callback private data
2356                          */
2357                         if (devmap == nodev || devmap == NULL ||
2358                             devmap == nulldev)
2359                                 return (ENODEV);
2360 
2361                         error = devmap_setup(dev, off, as, addrp,
2362                             len, prot, maxprot, flags, cred);
2363 
2364                         return (error);
2365                 } else
2366                         segmap = spec_segmap;
2367         } else
2368                 segmap = cdev_segmap;
2369 
2370         return ((*segmap)(dev, (off_t)off, as, addrp, len, prot,
2371             maxprot, flags, cred));
2372 }
2373 
2374 /*ARGSUSED9*/
2375 static int
2376 spec_map(
2377         struct vnode *vp,
2378         offset_t off,
2379         struct as *as,
2380         caddr_t *addrp,
2381         size_t len,
2382         uchar_t prot,
2383         uchar_t maxprot,
2384         uint_t flags,
2385         struct cred *cred,
2386         caller_context_t *ct)
2387 {
2388         int error = 0;
2389         struct snode *sp = VTOS(vp);
2390 
2391         if (vp->v_flag & VNOMAP)
2392                 return (ENOSYS);
2393 
2394         /* fail map with ENXIO if the device is fenced off */
2395         if (S_ISFENCED(sp))
2396                 return (ENXIO);
2397 
2398         /*
2399          * If file is locked, fail mapping attempt.
2400          */
2401         if (vn_has_flocks(vp))
2402                 return (EAGAIN);
2403 
2404         if (vp->v_type == VCHR) {
2405                 return (spec_char_map(vp->v_rdev, off, as, addrp, len, prot,
2406                     maxprot, flags, cred));
2407         } else if (vp->v_type == VBLK) {
2408                 struct segvn_crargs vn_a;
2409                 struct vnode *cvp;
2410                 struct snode *sp;
2411 
2412                 /*
2413                  * Block device, use segvn mapping to the underlying commonvp
2414                  * for pages.
2415                  */
2416                 if (off > spec_maxoffset(vp))
2417                         return (ENXIO);
2418 
2419                 sp = VTOS(vp);
2420                 cvp = sp->s_commonvp;
2421                 ASSERT(cvp != NULL);
2422 
2423                 if (off < 0 || ((offset_t)(off + len) < 0))
2424                         return (ENXIO);
2425 
2426                 as_rangelock(as);
2427                 error = choose_addr(as, addrp, len, off, ADDR_VACALIGN, flags);
2428                 if (error != 0) {
2429                         as_rangeunlock(as);
2430                         return (error);
2431                 }
2432 
2433                 vn_a.vp = cvp;
2434                 vn_a.offset = off;
2435                 vn_a.type = flags & MAP_TYPE;
2436                 vn_a.prot = (uchar_t)prot;
2437                 vn_a.maxprot = (uchar_t)maxprot;
2438                 vn_a.flags = flags & ~MAP_TYPE;
2439                 vn_a.cred = cred;
2440                 vn_a.amp = NULL;
2441                 vn_a.szc = 0;
2442                 vn_a.lgrp_mem_policy_flags = 0;
2443 
2444                 error = as_map(as, *addrp, len, segvn_create, &vn_a);
2445                 as_rangeunlock(as);
2446         } else
2447                 return (ENODEV);
2448 
2449         return (error);
2450 }
2451 
2452 /*ARGSUSED1*/
2453 static int
2454 spec_addmap(
2455         struct vnode *vp,       /* the common vnode */
2456         offset_t off,
2457         struct as *as,
2458         caddr_t addr,
2459         size_t len,             /* how many bytes to add */
2460         uchar_t prot,
2461         uchar_t maxprot,
2462         uint_t flags,
2463         struct cred *cred,
2464         caller_context_t *ct)
2465 {
2466         int error = 0;
2467         struct snode *csp = VTOS(vp);
2468         ulong_t npages;
2469 
2470         ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2471 
2472         /*
2473          * XXX  Given the above assertion, this might not
2474          *      be a particularly sensible thing to test.
2475          */
2476         if (vp->v_flag & VNOMAP)
2477                 return (ENOSYS);
2478 
2479         /* fail with EIO if the device is fenced off */
2480         if (S_ISFENCED(csp))
2481                 return (EIO);
2482 
2483         npages = btopr(len);
2484         LOCK_CSP(csp);
2485         csp->s_mapcnt += npages;
2486 
2487         UNLOCK_CSP(csp);
2488         return (error);
2489 }
2490 
2491 /*ARGSUSED1*/
2492 static int
2493 spec_delmap(
2494         struct vnode *vp,       /* the common vnode */
2495         offset_t off,
2496         struct as *as,
2497         caddr_t addr,
2498         size_t len,             /* how many bytes to take away */
2499         uint_t prot,
2500         uint_t maxprot,
2501         uint_t flags,
2502         struct cred *cred,
2503         caller_context_t *ct)
2504 {
2505         struct snode *csp = VTOS(vp);
2506         ulong_t npages;
2507         long mcnt;
2508 
2509         /* segdev passes us the common vp */
2510 
2511         ASSERT(vp != NULL && VTOS(vp)->s_commonvp == vp);
2512 
2513         /* allow delmap to succeed even if device fenced off */
2514 
2515         /*
2516          * XXX  Given the above assertion, this might not
2517          *      be a particularly sensible thing to test..
2518          */
2519         if (vp->v_flag & VNOMAP)
2520                 return (ENOSYS);
2521 
2522         npages = btopr(len);
2523 
2524         LOCK_CSP(csp);
2525         mutex_enter(&csp->s_lock);
2526         mcnt = (csp->s_mapcnt -= npages);
2527 
2528         if (mcnt == 0) {
2529                 /*
2530                  * Call the close routine when the last reference of any
2531                  * kind through any [s, v]node goes away.  The s_dip hold
2532                  * on the devinfo node is released when the vnode is
2533                  * destroyed.
2534                  */
2535                 if (csp->s_count == 0) {
2536                         csp->s_flag &= ~(SNEEDCLOSE | SSIZEVALID);
2537 
2538                         /* See comment in spec_close() */
2539                         if (csp->s_flag & (SCLONE | SSELFCLONE))
2540                                 csp->s_flag &= ~SDIPSET;
2541 
2542                         mutex_exit(&csp->s_lock);
2543 
2544                         (void) device_close(vp, 0, cred);
2545                 } else
2546                         mutex_exit(&csp->s_lock);
2547 
2548                 mutex_enter(&csp->s_lock);
2549         }
2550         ASSERT(mcnt >= 0);
2551 
2552         UNLOCK_CSP_LOCK_HELD(csp);
2553         mutex_exit(&csp->s_lock);
2554 
2555         return (0);
2556 }
2557 
2558 /*ARGSUSED4*/
2559 static int
2560 spec_dump(
2561         struct vnode *vp,
2562         caddr_t addr,
2563         offset_t bn,
2564         offset_t count,
2565         caller_context_t *ct)
2566 {
2567         /* allow dump to succeed even if device fenced off */
2568 
2569         ASSERT(vp->v_type == VBLK);
2570         return (bdev_dump(vp->v_rdev, addr, (daddr_t)bn, (int)count));
2571 }
2572 
2573 
2574 /*
2575  * Do i/o on the given page list from/to vp, io_off for io_len.
2576  * Flags are composed of:
2577  *      {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED, B_READ, B_WRITE}
2578  * If B_ASYNC is not set i/o is waited for.
2579  */
2580 /*ARGSUSED5*/
2581 static int
2582 spec_pageio(
2583         struct vnode *vp,
2584         page_t  *pp,
2585         u_offset_t io_off,
2586         size_t  io_len,
2587         int     flags,
2588         cred_t  *cr,
2589         caller_context_t *ct)
2590 {
2591         struct buf *bp = NULL;
2592         int err = 0;
2593 
2594         if (pp == NULL)
2595                 return (EINVAL);
2596 
2597         bp = spec_startio(vp, pp, io_off, io_len, flags);
2598 
2599         /*
2600          * Wait for i/o to complete if the request is not B_ASYNC.
2601          */
2602         if ((flags & B_ASYNC) == 0) {
2603                 err = biowait(bp);
2604                 pageio_done(bp);
2605         }
2606         return (err);
2607 }
2608 
2609 /*
2610  * Set ACL on underlying vnode if one exists, or return ENOSYS otherwise.
2611  */
2612 int
2613 spec_setsecattr(
2614         struct vnode *vp,
2615         vsecattr_t *vsap,
2616         int flag,
2617         struct cred *cr,
2618         caller_context_t *ct)
2619 {
2620         struct vnode *realvp;
2621         struct snode *sp = VTOS(vp);
2622         int error;
2623 
2624         /* fail with ENXIO if the device is fenced off */
2625         if (S_ISFENCED(sp))
2626                 return (ENXIO);
2627 
2628         /*
2629          * The acl(2) system calls VOP_RWLOCK on the file before setting an
2630          * ACL, but since specfs does not serialize reads and writes, this
2631          * VOP does not do anything.  However, some backing file systems may
2632          * expect the lock to be held before setting an ACL, so it is taken
2633          * here privately to avoid serializing specfs reads and writes.
2634          */
2635         if ((realvp = sp->s_realvp) != NULL) {
2636                 (void) VOP_RWLOCK(realvp, V_WRITELOCK_TRUE, ct);
2637                 error = VOP_SETSECATTR(realvp, vsap, flag, cr, ct);
2638                 (void) VOP_RWUNLOCK(realvp, V_WRITELOCK_TRUE, ct);
2639                 return (error);
2640         } else
2641                 return (fs_nosys());
2642 }
2643 
2644 /*
2645  * Get ACL from underlying vnode if one exists, or fabricate it from
2646  * the permissions returned by spec_getattr() otherwise.
2647  */
2648 int
2649 spec_getsecattr(
2650         struct vnode *vp,
2651         vsecattr_t *vsap,
2652         int flag,
2653         struct cred *cr,
2654         caller_context_t *ct)
2655 {
2656         struct vnode *realvp;
2657         struct snode *sp = VTOS(vp);
2658 
2659         /* fail with ENXIO if the device is fenced off */
2660         if (S_ISFENCED(sp))
2661                 return (ENXIO);
2662 
2663         if ((realvp = sp->s_realvp) != NULL)
2664                 return (VOP_GETSECATTR(realvp, vsap, flag, cr, ct));
2665         else
2666                 return (fs_fab_acl(vp, vsap, flag, cr, ct));
2667 }
2668 
2669 int
2670 spec_pathconf(
2671         vnode_t *vp,
2672         int cmd,
2673         ulong_t *valp,
2674         cred_t *cr,
2675         caller_context_t *ct)
2676 {
2677         vnode_t *realvp;
2678         struct snode *sp = VTOS(vp);
2679 
2680         /* fail with ENXIO if the device is fenced off */
2681         if (S_ISFENCED(sp))
2682                 return (ENXIO);
2683 
2684         if ((realvp = sp->s_realvp) != NULL)
2685                 return (VOP_PATHCONF(realvp, cmd, valp, cr, ct));
2686         else
2687                 return (fs_pathconf(vp, cmd, valp, cr, ct));
2688 }