Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/contrib/openzfs/module/os/linux/zfs/zfs_dir.c
108059 views
1
// SPDX-License-Identifier: CDDL-1.0

2
/*

3
 * CDDL HEADER START

4
 *

5
 * The contents of this file are subject to the terms of the

6
 * Common Development and Distribution License (the "License").

7
 * You may not use this file except in compliance with the License.

8
 *

9
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

10
 * or https://opensource.org/licenses/CDDL-1.0.

11
 * See the License for the specific language governing permissions

12
 * and limitations under the License.

13
 *

14
 * When distributing Covered Code, include this CDDL HEADER in each

15
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.

16
 * If applicable, add the following below this CDDL HEADER, with the

17
 * fields enclosed by brackets "[]" replaced with your own identifying

18
 * information: Portions Copyright [yyyy] [name of copyright owner]

19
 *

20
 * CDDL HEADER END

21
 */

22


23
/*

24
 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.

25
 * Copyright (c) 2013, 2016 by Delphix. All rights reserved.

26
 * Copyright 2017 Nexenta Systems, Inc.

27
 */

28


29
#include <sys/types.h>

30
#include <sys/param.h>

31
#include <sys/time.h>

32
#include <sys/sysmacros.h>

33
#include <sys/vfs.h>

34
#include <sys/vnode.h>

35
#include <sys/file.h>

36
#include <sys/kmem.h>

37
#include <sys/uio.h>

38
#include <sys/pathname.h>

39
#include <sys/cmn_err.h>

40
#include <sys/errno.h>

41
#include <sys/stat.h>

42
#include <sys/sunddi.h>

43
#include <sys/random.h>

44
#include <sys/policy.h>

45
#include <sys/zfs_dir.h>

46
#include <sys/zfs_acl.h>

47
#include <sys/zfs_vnops.h>

48
#include <sys/fs/zfs.h>

49
#include <sys/zap.h>

50
#include <sys/dmu.h>

51
#include <sys/atomic.h>

52
#include <sys/zfs_ctldir.h>

53
#include <sys/zfs_fuid.h>

54
#include <sys/sa.h>

55
#include <sys/zfs_sa.h>

56
#include <sys/dmu_objset.h>

57
#include <sys/dsl_dir.h>

58


59
/*

60
 * zfs_match_find() is used by zfs_dirent_lock() to perform zap lookups

61
 * of names after deciding which is the appropriate lookup interface.

62
 */

63
static int

64
zfs_match_find(zfsvfs_t *zfsvfs, znode_t *dzp, const char *name,

65
    matchtype_t mt, boolean_t update, int *deflags, pathname_t *rpnp,

66
    uint64_t *zoid)

67
{

68
	boolean_t conflict = B_FALSE;

69
	int error;

70


71
	if (zfsvfs->z_norm) {

72
		size_t bufsz = 0;

73
		char *buf = NULL;

74


75
		if (rpnp) {

76
			buf = rpnp->pn_buf;

77
			bufsz = rpnp->pn_bufsize;

78
		}

79


80
		/*

81
		 * In the non-mixed case we only expect there would ever

82
		 * be one match, but we need to use the normalizing lookup.

83
		 */

84
		error = zap_lookup_norm(zfsvfs->z_os, dzp->z_id, name, 8, 1,

85
		    zoid, mt, buf, bufsz, &conflict);

86
	} else {

87
		error = zap_lookup(zfsvfs->z_os, dzp->z_id, name, 8, 1, zoid);

88
	}

89


90
	/*

91
	 * Allow multiple entries provided the first entry is

92
	 * the object id.  Non-zpl consumers may safely make

93
	 * use of the additional space.

94
	 *

95
	 * XXX: This should be a feature flag for compatibility

96
	 */

97
	if (error == EOVERFLOW)

98
		error = 0;

99


100
	if (zfsvfs->z_norm && !error && deflags)

101
		*deflags = conflict ? ED_CASE_CONFLICT : 0;

102


103
	*zoid = ZFS_DIRENT_OBJ(*zoid);

104


105
	return (error);

106
}

107


108
/*

109
 * Lock a directory entry.  A dirlock on <dzp, name> protects that name

110
 * in dzp's directory zap object.  As long as you hold a dirlock, you can

111
 * assume two things: (1) dzp cannot be reaped, and (2) no other thread

112
 * can change the zap entry for (i.e. link or unlink) this name.

113
 *

114
 * Input arguments:

115
 *	dzp	- znode for directory

116
 *	name	- name of entry to lock

117
 *	flag	- ZNEW: if the entry already exists, fail with EEXIST.

118
 *		  ZEXISTS: if the entry does not exist, fail with ENOENT.

119
 *		  ZSHARED: allow concurrent access with other ZSHARED callers.

120
 *		  ZXATTR: we want dzp's xattr directory

121
 *		  ZCILOOK: On a mixed sensitivity file system,

122
 *			   this lookup should be case-insensitive.

123
 *		  ZCIEXACT: On a purely case-insensitive file system,

124
 *			    this lookup should be case-sensitive.

125
 *		  ZRENAMING: we are locking for renaming, force narrow locks

126
 *		  ZHAVELOCK: Don't grab the z_name_lock for this call. The

127
 *			     current thread already holds it.

128
 *

129
 * Output arguments:

130
 *	zpp	- pointer to the znode for the entry (NULL if there isn't one)

131
 *	dlpp	- pointer to the dirlock for this entry (NULL on error)

132
 *      direntflags - (case-insensitive lookup only)

133
 *		flags if multiple case-sensitive matches exist in directory

134
 *      realpnp     - (case-insensitive lookup only)

135
 *		actual name matched within the directory

136
 *

137
 * Return value: 0 on success or errno on failure.

138
 *

139
 * NOTE: Always checks for, and rejects, '.' and '..'.

140
 * NOTE: For case-insensitive file systems we take wide locks (see below),

141
 *	 but return znode pointers to a single match.

142
 */

143
int

144
zfs_dirent_lock(zfs_dirlock_t **dlpp, znode_t *dzp, char *name,

145
    znode_t **zpp, int flag, int *direntflags, pathname_t *realpnp)

146
{

147
	zfsvfs_t	*zfsvfs = ZTOZSB(dzp);

148
	zfs_dirlock_t	*dl;

149
	boolean_t	update;

150
	matchtype_t	mt = 0;

151
	uint64_t	zoid;

152
	int		error = 0;

153
	int		cmpflags;

154


155
	*zpp = NULL;

156
	*dlpp = NULL;

157


158
	/*

159
	 * Verify that we are not trying to lock '.', '..', or '.zfs'

160
	 */

161
	if ((name[0] == '.' &&

162
	    (name[1] == '\0' || (name[1] == '.' && name[2] == '\0'))) ||

163
	    (zfs_has_ctldir(dzp) && strcmp(name, ZFS_CTLDIR_NAME) == 0))

164
		return (SET_ERROR(EEXIST));

165


166
	/*

167
	 * Case sensitivity and normalization preferences are set when

168
	 * the file system is created.  These are stored in the

169
	 * zfsvfs->z_case and zfsvfs->z_norm fields.  These choices

170
	 * affect what vnodes can be cached in the DNLC, how we

171
	 * perform zap lookups, and the "width" of our dirlocks.

172
	 *

173
	 * A normal dirlock locks a single name.  Note that with

174
	 * normalization a name can be composed multiple ways, but

175
	 * when normalized, these names all compare equal.  A wide

176
	 * dirlock locks multiple names.  We need these when the file

177
	 * system is supporting mixed-mode access.  It is sometimes

178
	 * necessary to lock all case permutations of file name at

179
	 * once so that simultaneous case-insensitive/case-sensitive

180
	 * behaves as rationally as possible.

181
	 */

182


183
	/*

184
	 * When matching we may need to normalize & change case according to

185
	 * FS settings.

186
	 *

187
	 * Note that a normalized match is necessary for a case insensitive

188
	 * filesystem when the lookup request is not exact because normalization

189
	 * can fold case independent of normalizing code point sequences.

190
	 *

191
	 * See the table above zfs_dropname().

192
	 */

193
	if (zfsvfs->z_norm != 0) {

194
		mt = MT_NORMALIZE;

195


196
		/*

197
		 * Determine if the match needs to honor the case specified in

198
		 * lookup, and if so keep track of that so that during

199
		 * normalization we don't fold case.

200
		 */

201
		if ((zfsvfs->z_case == ZFS_CASE_INSENSITIVE &&

202
		    (flag & ZCIEXACT)) ||

203
		    (zfsvfs->z_case == ZFS_CASE_MIXED && !(flag & ZCILOOK))) {

204
			mt |= MT_MATCH_CASE;

205
		}

206
	}

207


208
	/*

209
	 * Only look in or update the DNLC if we are looking for the

210
	 * name on a file system that does not require normalization

211
	 * or case folding.  We can also look there if we happen to be

212
	 * on a non-normalizing, mixed sensitivity file system IF we

213
	 * are looking for the exact name.

214
	 *

215
	 * Maybe can add TO-UPPERed version of name to dnlc in ci-only

216
	 * case for performance improvement?

217
	 */

218
	update = !zfsvfs->z_norm ||

219
	    (zfsvfs->z_case == ZFS_CASE_MIXED &&

220
	    !(zfsvfs->z_norm & ~U8_TEXTPREP_TOUPPER) && !(flag & ZCILOOK));

221


222
	/*

223
	 * ZRENAMING indicates we are in a situation where we should

224
	 * take narrow locks regardless of the file system's

225
	 * preferences for normalizing and case folding.  This will

226
	 * prevent us deadlocking trying to grab the same wide lock

227
	 * twice if the two names happen to be case-insensitive

228
	 * matches.

229
	 */

230
	if (flag & ZRENAMING)

231
		cmpflags = 0;

232
	else

233
		cmpflags = zfsvfs->z_norm;

234


235
	/*

236
	 * Wait until there are no locks on this name.

237
	 *

238
	 * Don't grab the lock if it is already held. However, cannot

239
	 * have both ZSHARED and ZHAVELOCK together.

240
	 */

241
	ASSERT(!(flag & ZSHARED) || !(flag & ZHAVELOCK));

242
	if (!(flag & ZHAVELOCK))

243
		rw_enter(&dzp->z_name_lock, RW_READER);

244


245
	mutex_enter(&dzp->z_lock);

246
	for (;;) {

247
		if (dzp->z_unlinked && !(flag & ZXATTR)) {

248
			mutex_exit(&dzp->z_lock);

249
			if (!(flag & ZHAVELOCK))

250
				rw_exit(&dzp->z_name_lock);

251
			return (SET_ERROR(ENOENT));

252
		}

253
		for (dl = dzp->z_dirlocks; dl != NULL; dl = dl->dl_next) {

254
			if ((u8_strcmp(name, dl->dl_name, 0, cmpflags,

255
			    U8_UNICODE_LATEST, &error) == 0) || error != 0)

256
				break;

257
		}

258
		if (error != 0) {

259
			mutex_exit(&dzp->z_lock);

260
			if (!(flag & ZHAVELOCK))

261
				rw_exit(&dzp->z_name_lock);

262
			return (SET_ERROR(ENOENT));

263
		}

264
		if (dl == NULL)	{

265
			/*

266
			 * Allocate a new dirlock and add it to the list.

267
			 */

268
			dl = kmem_alloc(sizeof (zfs_dirlock_t), KM_SLEEP);

269
			cv_init(&dl->dl_cv, NULL, CV_DEFAULT, NULL);

270
			dl->dl_name = name;

271
			dl->dl_sharecnt = 0;

272
			dl->dl_namelock = 0;

273
			dl->dl_namesize = 0;

274
			dl->dl_dzp = dzp;

275
			dl->dl_next = dzp->z_dirlocks;

276
			dzp->z_dirlocks = dl;

277
			break;

278
		}

279
		if ((flag & ZSHARED) && dl->dl_sharecnt != 0)

280
			break;

281
		cv_wait(&dl->dl_cv, &dzp->z_lock);

282
	}

283


284
	/*

285
	 * If the z_name_lock was NOT held for this dirlock record it.

286
	 */

287
	if (flag & ZHAVELOCK)

288
		dl->dl_namelock = 1;

289


290
	if ((flag & ZSHARED) && ++dl->dl_sharecnt > 1 && dl->dl_namesize == 0) {

291
		/*

292
		 * We're the second shared reference to dl.  Make a copy of

293
		 * dl_name in case the first thread goes away before we do.

294
		 * Note that we initialize the new name before storing its

295
		 * pointer into dl_name, because the first thread may load

296
		 * dl->dl_name at any time.  It'll either see the old value,

297
		 * which belongs to it, or the new shared copy; either is OK.

298
		 */

299
		dl->dl_namesize = strlen(dl->dl_name) + 1;

300
		name = kmem_alloc(dl->dl_namesize, KM_SLEEP);

301
		memcpy(name, dl->dl_name, dl->dl_namesize);

302
		dl->dl_name = name;

303
	}

304


305
	mutex_exit(&dzp->z_lock);

306


307
	/*

308
	 * We have a dirlock on the name.  (Note that it is the dirlock,

309
	 * not the dzp's z_lock, that protects the name in the zap object.)

310
	 * See if there's an object by this name; if so, put a hold on it.

311
	 */

312
	if (flag & ZXATTR) {

313
		error = sa_lookup(dzp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs), &zoid,

314
		    sizeof (zoid));

315
		if (error == 0)

316
			error = (zoid == 0 ? SET_ERROR(ENOENT) : 0);

317
	} else {

318
		error = zfs_match_find(zfsvfs, dzp, name, mt,

319
		    update, direntflags, realpnp, &zoid);

320
	}

321
	if (error) {

322
		if (error != ENOENT || (flag & ZEXISTS)) {

323
			zfs_dirent_unlock(dl);

324
			return (error);

325
		}

326
	} else {

327
		if (flag & ZNEW) {

328
			zfs_dirent_unlock(dl);

329
			return (SET_ERROR(EEXIST));

330
		}

331
		error = zfs_zget(zfsvfs, zoid, zpp);

332
		if (error) {

333
			zfs_dirent_unlock(dl);

334
			return (error);

335
		}

336
	}

337


338
	*dlpp = dl;

339


340
	return (0);

341
}

342


343
/*

344
 * Unlock this directory entry and wake anyone who was waiting for it.

345
 */

346
void

347
zfs_dirent_unlock(zfs_dirlock_t *dl)

348
{

349
	znode_t *dzp = dl->dl_dzp;

350
	zfs_dirlock_t **prev_dl, *cur_dl;

351


352
	mutex_enter(&dzp->z_lock);

353


354
	if (!dl->dl_namelock)

355
		rw_exit(&dzp->z_name_lock);

356


357
	if (dl->dl_sharecnt > 1) {

358
		dl->dl_sharecnt--;

359
		mutex_exit(&dzp->z_lock);

360
		return;

361
	}

362
	prev_dl = &dzp->z_dirlocks;

363
	while ((cur_dl = *prev_dl) != dl)

364
		prev_dl = &cur_dl->dl_next;

365
	*prev_dl = dl->dl_next;

366
	cv_broadcast(&dl->dl_cv);

367
	mutex_exit(&dzp->z_lock);

368


369
	if (dl->dl_namesize != 0)

370
		kmem_free(dl->dl_name, dl->dl_namesize);

371
	cv_destroy(&dl->dl_cv);

372
	kmem_free(dl, sizeof (*dl));

373
}

374


375
/*

376
 * Look up an entry in a directory.

377
 *

378
 * NOTE: '.' and '..' are handled as special cases because

379
 *	no directory entries are actually stored for them.  If this is

380
 *	the root of a filesystem, then '.zfs' is also treated as a

381
 *	special pseudo-directory.

382
 */

383
int

384
zfs_dirlook(znode_t *dzp, char *name, znode_t **zpp, int flags,

385
    int *deflg, pathname_t *rpnp)

386
{

387
	zfs_dirlock_t *dl;

388
	znode_t *zp;

389
	struct inode *ip;

390
	int error = 0;

391
	uint64_t parent;

392


393
	if (name[0] == 0 || (name[0] == '.' && name[1] == 0)) {

394
		*zpp = dzp;

395
		zhold(*zpp);

396
	} else if (name[0] == '.' && name[1] == '.' && name[2] == 0) {

397
		zfsvfs_t *zfsvfs = ZTOZSB(dzp);

398


399
		/*

400
		 * If we are a snapshot mounted under .zfs, return

401
		 * the inode pointer for the snapshot directory.

402
		 */

403
		if ((error = sa_lookup(dzp->z_sa_hdl,

404
		    SA_ZPL_PARENT(zfsvfs), &parent, sizeof (parent))) != 0)

405
			return (error);

406


407
		if (parent == dzp->z_id && zfsvfs->z_parent != zfsvfs) {

408
			error = zfsctl_root_lookup(zfsvfs->z_parent->z_ctldir,

409
			    "snapshot", &ip, 0, kcred, NULL, NULL);

410
			*zpp = ITOZ(ip);

411
			return (error);

412
		}

413
		rw_enter(&dzp->z_parent_lock, RW_READER);

414
		error = zfs_zget(zfsvfs, parent, &zp);

415
		if (error == 0)

416
			*zpp = zp;

417
		rw_exit(&dzp->z_parent_lock);

418
	} else if (zfs_has_ctldir(dzp) && strcmp(name, ZFS_CTLDIR_NAME) == 0) {

419
		if (ZTOZSB(dzp)->z_show_ctldir == ZFS_SNAPDIR_DISABLED) {

420
			return (SET_ERROR(ENOENT));

421
		}

422
		ip = zfsctl_root(dzp);

423
		*zpp = ITOZ(ip);

424
	} else {

425
		int zf;

426


427
		zf = ZEXISTS | ZSHARED;

428
		if (flags & FIGNORECASE)

429
			zf |= ZCILOOK;

430


431
		error = zfs_dirent_lock(&dl, dzp, name, &zp, zf, deflg, rpnp);

432
		if (error == 0) {

433
			*zpp = zp;

434
			zfs_dirent_unlock(dl);

435
			dzp->z_zn_prefetch = B_TRUE; /* enable prefetching */

436
		}

437
		rpnp = NULL;

438
	}

439


440
	if ((flags & FIGNORECASE) && rpnp && !error)

441
		(void) strlcpy(rpnp->pn_buf, name, rpnp->pn_bufsize);

442


443
	return (error);

444
}

445


446
/*

447
 * unlinked Set (formerly known as the "delete queue") Error Handling

448
 *

449
 * When dealing with the unlinked set, we dmu_tx_hold_zap(), but we

450
 * don't specify the name of the entry that we will be manipulating.  We

451
 * also fib and say that we won't be adding any new entries to the

452
 * unlinked set, even though we might (this is to lower the minimum file

453
 * size that can be deleted in a full filesystem).  So on the small

454
 * chance that the nlink list is using a fat zap (ie. has more than

455
 * 2000 entries), we *may* not pre-read a block that's needed.

456
 * Therefore it is remotely possible for some of the assertions

457
 * regarding the unlinked set below to fail due to i/o error.  On a

458
 * nondebug system, this will result in the space being leaked.

459
 */

460
void

461
zfs_unlinked_add(znode_t *zp, dmu_tx_t *tx)

462
{

463
	zfsvfs_t *zfsvfs = ZTOZSB(zp);

464


465
	ASSERT(zp->z_unlinked);

466
	ASSERT0(ZTOI(zp)->i_nlink);

467


468
	VERIFY3U(0, ==,

469
	    zap_add_int(zfsvfs->z_os, zfsvfs->z_unlinkedobj, zp->z_id, tx));

470


471
	dataset_kstats_update_nunlinks_kstat(&zfsvfs->z_kstat, 1);

472
}

473


474
/*

475
 * Clean up any znodes that had no links when we either crashed or

476
 * (force) umounted the file system.

477
 */

478
static void

479
zfs_unlinked_drain_task(void *arg)

480
{

481
	zfsvfs_t *zfsvfs = arg;

482
	zap_cursor_t	zc;

483
	zap_attribute_t *zap = zap_attribute_alloc();

484
	dmu_object_info_t doi;

485
	znode_t		*zp;

486
	int		error;

487


488
	ASSERT3B(zfsvfs->z_draining, ==, B_TRUE);

489


490
	/*

491
	 * Iterate over the contents of the unlinked set.

492
	 */

493
	for (zap_cursor_init(&zc, zfsvfs->z_os, zfsvfs->z_unlinkedobj);

494
	    zap_cursor_retrieve(&zc, zap) == 0 && !zfsvfs->z_drain_cancel;

495
	    zap_cursor_advance(&zc)) {

496


497
		/*

498
		 * See what kind of object we have in list

499
		 */

500


501
		error = dmu_object_info(zfsvfs->z_os,

502
		    zap->za_first_integer, &doi);

503
		if (error != 0)

504
			continue;

505


506
		ASSERT((doi.doi_type == DMU_OT_PLAIN_FILE_CONTENTS) ||

507
		    (doi.doi_type == DMU_OT_DIRECTORY_CONTENTS));

508
		/*

509
		 * We need to re-mark these list entries for deletion,

510
		 * so we pull them back into core and set zp->z_unlinked.

511
		 */

512
		error = zfs_zget(zfsvfs, zap->za_first_integer, &zp);

513


514
		/*

515
		 * We may pick up znodes that are already marked for deletion.

516
		 * This could happen during the purge of an extended attribute

517
		 * directory.  All we need to do is skip over them, since they

518
		 * are already in the system marked z_unlinked.

519
		 */

520
		if (error != 0)

521
			continue;

522


523
		zp->z_unlinked = B_TRUE;

524


525
		/*

526
		 * zrele() decrements the znode's ref count and may cause

527
		 * it to be synchronously freed. We interrupt freeing

528
		 * of this znode by checking the return value of

529
		 * dmu_objset_zfs_unmounting() in dmu_free_long_range()

530
		 * when an unmount is requested.

531
		 */

532
		zrele(zp);

533
		ASSERT3B(zfsvfs->z_unmounted, ==, B_FALSE);

534
	}

535
	zap_cursor_fini(&zc);

536


537
	zfsvfs->z_draining = B_FALSE;

538
	zfsvfs->z_drain_task = TASKQID_INVALID;

539
	zap_attribute_free(zap);

540
}

541


542
/*

543
 * Sets z_draining then tries to dispatch async unlinked drain.

544
 * If that fails executes synchronous unlinked drain.

545
 */

546
void

547
zfs_unlinked_drain(zfsvfs_t *zfsvfs)

548
{

549
	ASSERT3B(zfsvfs->z_unmounted, ==, B_FALSE);

550
	ASSERT3B(zfsvfs->z_draining, ==, B_FALSE);

551


552
	zfsvfs->z_draining = B_TRUE;

553
	zfsvfs->z_drain_cancel = B_FALSE;

554


555
	zfsvfs->z_drain_task = taskq_dispatch(

556
	    dsl_pool_unlinked_drain_taskq(dmu_objset_pool(zfsvfs->z_os)),

557
	    zfs_unlinked_drain_task, zfsvfs, TQ_SLEEP);

558
	if (zfsvfs->z_drain_task == TASKQID_INVALID) {

559
		zfs_dbgmsg("async zfs_unlinked_drain dispatch failed");

560
		zfs_unlinked_drain_task(zfsvfs);

561
	}

562
}

563


564
/*

565
 * Wait for the unlinked drain taskq task to stop. This will interrupt the

566
 * unlinked set processing if it is in progress.

567
 */

568
void

569
zfs_unlinked_drain_stop_wait(zfsvfs_t *zfsvfs)

570
{

571
	ASSERT3B(zfsvfs->z_unmounted, ==, B_FALSE);

572


573
	if (zfsvfs->z_draining) {

574
		zfsvfs->z_drain_cancel = B_TRUE;

575
		taskq_cancel_id(dsl_pool_unlinked_drain_taskq(

576
		    dmu_objset_pool(zfsvfs->z_os)), zfsvfs->z_drain_task,

577
		    B_TRUE);

578
		zfsvfs->z_drain_task = TASKQID_INVALID;

579
		zfsvfs->z_draining = B_FALSE;

580
	}

581
}

582


583
/*

584
 * Delete the entire contents of a directory.  Return a count

585
 * of the number of entries that could not be deleted. If we encounter

586
 * an error, return a count of at least one so that the directory stays

587
 * in the unlinked set.

588
 *

589
 * NOTE: this function assumes that the directory is inactive,

590
 *	so there is no need to lock its entries before deletion.

591
 *	Also, it assumes the directory contents is *only* regular

592
 *	files.

593
 */

594
static int

595
zfs_purgedir(znode_t *dzp)

596
{

597
	zap_cursor_t	zc;

598
	zap_attribute_t	*zap = zap_attribute_alloc();

599
	znode_t		*xzp;

600
	dmu_tx_t	*tx;

601
	zfsvfs_t	*zfsvfs = ZTOZSB(dzp);

602
	zfs_dirlock_t	dl;

603
	int skipped = 0;

604
	int error;

605


606
	for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id);

607
	    (error = zap_cursor_retrieve(&zc, zap)) == 0;

608
	    zap_cursor_advance(&zc)) {

609
		error = zfs_zget(zfsvfs,

610
		    ZFS_DIRENT_OBJ(zap->za_first_integer), &xzp);

611
		if (error) {

612
			skipped += 1;

613
			continue;

614
		}

615


616
		ASSERT(S_ISREG(ZTOI(xzp)->i_mode) ||

617
		    S_ISLNK(ZTOI(xzp)->i_mode));

618


619
		tx = dmu_tx_create(zfsvfs->z_os);

620
		dmu_tx_hold_sa(tx, dzp->z_sa_hdl, B_FALSE);

621
		dmu_tx_hold_zap(tx, dzp->z_id, FALSE, zap->za_name);

622
		dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);

623
		dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);

624
		/* Is this really needed ? */

625
		zfs_sa_upgrade_txholds(tx, xzp);

626
		dmu_tx_mark_netfree(tx);

627
		error = dmu_tx_assign(tx, DMU_TX_WAIT);

628
		if (error) {

629
			dmu_tx_abort(tx);

630
			zfs_zrele_async(xzp);

631
			skipped += 1;

632
			continue;

633
		}

634
		memset(&dl, 0, sizeof (dl));

635
		dl.dl_dzp = dzp;

636
		dl.dl_name = zap->za_name;

637


638
		error = zfs_link_destroy(&dl, xzp, tx, 0, NULL);

639
		if (error)

640
			skipped += 1;

641
		dmu_tx_commit(tx);

642


643
		zfs_zrele_async(xzp);

644
	}

645
	zap_cursor_fini(&zc);

646
	zap_attribute_free(zap);

647
	if (error != ENOENT)

648
		skipped += 1;

649
	return (skipped);

650
}

651


652
void

653
zfs_rmnode(znode_t *zp)

654
{

655
	zfsvfs_t	*zfsvfs = ZTOZSB(zp);

656
	objset_t	*os = zfsvfs->z_os;

657
	znode_t		*xzp = NULL;

658
	dmu_tx_t	*tx;

659
	znode_hold_t	*zh;

660
	uint64_t	z_id = zp->z_id;

661
	uint64_t	acl_obj;

662
	uint64_t	xattr_obj;

663
	uint64_t	links;

664
	int		error;

665


666
	ASSERT0(ZTOI(zp)->i_nlink);

667
	ASSERT0(atomic_read(&ZTOI(zp)->i_count));

668


669
	/*

670
	 * If this is an attribute directory, purge its contents.

671
	 */

672
	if (S_ISDIR(ZTOI(zp)->i_mode) && (zp->z_pflags & ZFS_XATTR)) {

673
		if (zfs_purgedir(zp) != 0) {

674
			/*

675
			 * Not enough space to delete some xattrs.

676
			 * Leave it in the unlinked set.

677
			 */

678
			zh = zfs_znode_hold_enter(zfsvfs, z_id);

679
			zfs_znode_dmu_fini(zp);

680
			zfs_znode_hold_exit(zfsvfs, zh);

681
			return;

682
		}

683
	}

684


685
	/*

686
	 * Free up all the data in the file.  We don't do this for directories

687
	 * because we need truncate and remove to be in the same tx, like in

688
	 * zfs_znode_delete(). Otherwise, if we crash here we'll end up with

689
	 * an inconsistent truncated zap object in the delete queue.  Note a

690
	 * truncated file is harmless since it only contains user data.

691
	 */

692
	if (S_ISREG(ZTOI(zp)->i_mode)) {

693
		error = dmu_free_long_range(os, zp->z_id, 0, DMU_OBJECT_END);

694
		if (error) {

695
			/*

696
			 * Not enough space or we were interrupted by unmount.

697
			 * Leave the file in the unlinked set.

698
			 */

699
			zh = zfs_znode_hold_enter(zfsvfs, z_id);

700
			zfs_znode_dmu_fini(zp);

701
			zfs_znode_hold_exit(zfsvfs, zh);

702
			return;

703
		}

704
	}

705


706
	/*

707
	 * If the file has extended attributes, we're going to unlink

708
	 * the xattr dir.

709
	 */

710
	error = sa_lookup(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs),

711
	    &xattr_obj, sizeof (xattr_obj));

712
	if (error == 0 && xattr_obj) {

713
		error = zfs_zget(zfsvfs, xattr_obj, &xzp);

714
		ASSERT0(error);

715
	}

716


717
	acl_obj = zfs_external_acl(zp);

718


719
	/*

720
	 * Set up the final transaction.

721
	 */

722
	tx = dmu_tx_create(os);

723
	dmu_tx_hold_free(tx, zp->z_id, 0, DMU_OBJECT_END);

724
	dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, FALSE, NULL);

725
	if (xzp) {

726
		dmu_tx_hold_zap(tx, zfsvfs->z_unlinkedobj, TRUE, NULL);

727
		dmu_tx_hold_sa(tx, xzp->z_sa_hdl, B_FALSE);

728
	}

729
	if (acl_obj)

730
		dmu_tx_hold_free(tx, acl_obj, 0, DMU_OBJECT_END);

731


732
	zfs_sa_upgrade_txholds(tx, zp);

733
	error = dmu_tx_assign(tx, DMU_TX_WAIT);

734
	if (error) {

735
		/*

736
		 * Not enough space to delete the file.  Leave it in the

737
		 * unlinked set, leaking it until the fs is remounted (at

738
		 * which point we'll call zfs_unlinked_drain() to process it).

739
		 */

740
		dmu_tx_abort(tx);

741
		zh = zfs_znode_hold_enter(zfsvfs, z_id);

742
		zfs_znode_dmu_fini(zp);

743
		zfs_znode_hold_exit(zfsvfs, zh);

744
		goto out;

745
	}

746


747
	if (xzp) {

748
		ASSERT0(error);

749
		mutex_enter(&xzp->z_lock);

750
		xzp->z_unlinked = B_TRUE;	/* mark xzp for deletion */

751
		clear_nlink(ZTOI(xzp));		/* no more links to it */

752
		links = 0;

753
		VERIFY0(sa_update(xzp->z_sa_hdl, SA_ZPL_LINKS(zfsvfs),

754
		    &links, sizeof (links), tx));

755
		mutex_exit(&xzp->z_lock);

756
		zfs_unlinked_add(xzp, tx);

757
	}

758


759
	mutex_enter(&os->os_dsl_dataset->ds_dir->dd_activity_lock);

760


761
	/*

762
	 * Remove this znode from the unlinked set.  If a has rollback has

763
	 * occurred while a file is open and unlinked.  Then when the file

764
	 * is closed post rollback it will not exist in the rolled back

765
	 * version of the unlinked object.

766
	 */

767
	error = zap_remove_int(zfsvfs->z_os, zfsvfs->z_unlinkedobj,

768
	    zp->z_id, tx);

769
	VERIFY(error == 0 || error == ENOENT);

770


771
	uint64_t count;

772
	if (zap_count(os, zfsvfs->z_unlinkedobj, &count) == 0 && count == 0) {

773
		cv_broadcast(&os->os_dsl_dataset->ds_dir->dd_activity_cv);

774
	}

775


776
	mutex_exit(&os->os_dsl_dataset->ds_dir->dd_activity_lock);

777


778
	dataset_kstats_update_nunlinked_kstat(&zfsvfs->z_kstat, 1);

779


780
	zfs_znode_delete(zp, tx);

781


782
	dmu_tx_commit(tx);

783
out:

784
	if (xzp)

785
		zfs_zrele_async(xzp);

786
}

787


788
static uint64_t

789
zfs_dirent(znode_t *zp, uint64_t mode)

790
{

791
	uint64_t de = zp->z_id;

792


793
	if (ZTOZSB(zp)->z_version >= ZPL_VERSION_DIRENT_TYPE)

794
		de |= IFTODT(mode) << 60;

795
	return (de);

796
}

797


798
/*

799
 * Link zp into dl.  Can fail in the following cases :

800
 * - if zp has been unlinked.

801
 * - if the number of entries with the same hash (aka. colliding entries)

802
 *    exceed the capacity of a leaf-block of fatzap and splitting of the

803
 *    leaf-block does not help.

804
 */

805
int

806
zfs_link_create(zfs_dirlock_t *dl, znode_t *zp, dmu_tx_t *tx, int flag)

807
{

808
	znode_t *dzp = dl->dl_dzp;

809
	zfsvfs_t *zfsvfs = ZTOZSB(zp);

810
	uint64_t value;

811
	int zp_is_dir = S_ISDIR(ZTOI(zp)->i_mode);

812
	sa_bulk_attr_t bulk[5];

813
	uint64_t mtime[2], ctime[2];

814
	uint64_t links;

815
	int count = 0;

816
	int error;

817


818
	mutex_enter(&zp->z_lock);

819


820
	if (!(flag & ZRENAMING)) {

821
		if (zp->z_unlinked) {	/* no new links to unlinked zp */

822
			ASSERT(!(flag & (ZNEW | ZEXISTS)));

823
			mutex_exit(&zp->z_lock);

824
			return (SET_ERROR(ENOENT));

825
		}

826
		if (!(flag & ZNEW)) {

827
			/*

828
			 * ZNEW nodes come from zfs_mknode() where the link

829
			 * count has already been initialised

830
			 */

831
			inc_nlink(ZTOI(zp));

832
			links = ZTOI(zp)->i_nlink;

833
			SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs),

834
			    NULL, &links, sizeof (links));

835
		}

836
	}

837


838
	value = zfs_dirent(zp, zp->z_mode);

839
	error = zap_add(ZTOZSB(zp)->z_os, dzp->z_id, dl->dl_name, 8, 1,

840
	    &value, tx);

841


842
	/*

843
	 * zap_add could fail to add the entry if it exceeds the capacity of the

844
	 * leaf-block and zap_leaf_split() failed to help.

845
	 * The caller of this routine is responsible for failing the transaction

846
	 * which will rollback the SA updates done above.

847
	 */

848
	if (error != 0) {

849
		if (!(flag & ZRENAMING) && !(flag & ZNEW))

850
			drop_nlink(ZTOI(zp));

851
		mutex_exit(&zp->z_lock);

852
		return (error);

853
	}

854


855
	/*

856
	 * If we added a longname activate the SPA_FEATURE_LONGNAME.

857
	 */

858
	if (strlen(dl->dl_name) >= ZAP_MAXNAMELEN) {

859
		dsl_dataset_t *ds = dmu_objset_ds(zfsvfs->z_os);

860
		ds->ds_feature_activation[SPA_FEATURE_LONGNAME] =

861
		    (void *)B_TRUE;

862
	}

863


864
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_PARENT(zfsvfs), NULL,

865
	    &dzp->z_id, sizeof (dzp->z_id));

866
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,

867
	    &zp->z_pflags, sizeof (zp->z_pflags));

868


869
	if (!(flag & ZNEW)) {

870
		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,

871
		    ctime, sizeof (ctime));

872
		zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime,

873
		    ctime);

874
	}

875
	error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);

876
	ASSERT0(error);

877


878
	mutex_exit(&zp->z_lock);

879


880
	mutex_enter(&dzp->z_lock);

881
	dzp->z_size++;

882
	if (zp_is_dir)

883
		inc_nlink(ZTOI(dzp));

884
	links = ZTOI(dzp)->i_nlink;

885
	count = 0;

886
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,

887
	    &dzp->z_size, sizeof (dzp->z_size));

888
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs), NULL,

889
	    &links, sizeof (links));

890
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL,

891
	    mtime, sizeof (mtime));

892
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL,

893
	    ctime, sizeof (ctime));

894
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,

895
	    &dzp->z_pflags, sizeof (dzp->z_pflags));

896
	zfs_tstamp_update_setup(dzp, CONTENT_MODIFIED, mtime, ctime);

897
	error = sa_bulk_update(dzp->z_sa_hdl, bulk, count, tx);

898
	ASSERT0(error);

899
	mutex_exit(&dzp->z_lock);

900


901
	return (0);

902
}

903


904
/*

905
 * The match type in the code for this function should conform to:

906
 *

907
 * ------------------------------------------------------------------------

908
 * fs type  | z_norm      | lookup type | match type

909
 * ---------|-------------|-------------|----------------------------------

910
 * CS !norm | 0           |           0 | 0 (exact)

911
 * CS  norm | formX       |           0 | MT_NORMALIZE

912
 * CI !norm | upper       |   !ZCIEXACT | MT_NORMALIZE

913
 * CI !norm | upper       |    ZCIEXACT | MT_NORMALIZE | MT_MATCH_CASE

914
 * CI  norm | upper|formX |   !ZCIEXACT | MT_NORMALIZE

915
 * CI  norm | upper|formX |    ZCIEXACT | MT_NORMALIZE | MT_MATCH_CASE

916
 * CM !norm | upper       |    !ZCILOOK | MT_NORMALIZE | MT_MATCH_CASE

917
 * CM !norm | upper       |     ZCILOOK | MT_NORMALIZE

918
 * CM  norm | upper|formX |    !ZCILOOK | MT_NORMALIZE | MT_MATCH_CASE

919
 * CM  norm | upper|formX |     ZCILOOK | MT_NORMALIZE

920
 *

921
 * Abbreviations:

922
 *    CS = Case Sensitive, CI = Case Insensitive, CM = Case Mixed

923
 *    upper = case folding set by fs type on creation (U8_TEXTPREP_TOUPPER)

924
 *    formX = unicode normalization form set on fs creation

925
 */

926
static int

927
zfs_dropname(zfs_dirlock_t *dl, znode_t *zp, znode_t *dzp, dmu_tx_t *tx,

928
    int flag)

929
{

930
	int error;

931


932
	if (ZTOZSB(zp)->z_norm) {

933
		matchtype_t mt = MT_NORMALIZE;

934


935
		if ((ZTOZSB(zp)->z_case == ZFS_CASE_INSENSITIVE &&

936
		    (flag & ZCIEXACT)) ||

937
		    (ZTOZSB(zp)->z_case == ZFS_CASE_MIXED &&

938
		    !(flag & ZCILOOK))) {

939
			mt |= MT_MATCH_CASE;

940
		}

941


942
		error = zap_remove_norm(ZTOZSB(zp)->z_os, dzp->z_id,

943
		    dl->dl_name, mt, tx);

944
	} else {

945
		error = zap_remove(ZTOZSB(zp)->z_os, dzp->z_id, dl->dl_name,

946
		    tx);

947
	}

948


949
	return (error);

950
}

951


952
static int

953
zfs_drop_nlink_locked(znode_t *zp, dmu_tx_t *tx, boolean_t *unlinkedp)

954
{

955
	zfsvfs_t	*zfsvfs = ZTOZSB(zp);

956
	int		zp_is_dir = S_ISDIR(ZTOI(zp)->i_mode);

957
	boolean_t	unlinked = B_FALSE;

958
	sa_bulk_attr_t	bulk[3];

959
	uint64_t	mtime[2], ctime[2];

960
	uint64_t	links;

961
	int		count = 0;

962
	int		error;

963


964
	if (zp_is_dir && !zfs_dirempty(zp))

965
		return (SET_ERROR(ENOTEMPTY));

966


967
	if (ZTOI(zp)->i_nlink <= zp_is_dir) {

968
		zfs_panic_recover("zfs: link count on %lu is %u, "

969
		    "should be at least %u", zp->z_id,

970
		    (int)ZTOI(zp)->i_nlink, zp_is_dir + 1);

971
		set_nlink(ZTOI(zp), zp_is_dir + 1);

972
	}

973
	drop_nlink(ZTOI(zp));

974
	if (ZTOI(zp)->i_nlink == zp_is_dir) {

975
		zp->z_unlinked = B_TRUE;

976
		clear_nlink(ZTOI(zp));

977
		unlinked = B_TRUE;

978
	} else {

979
		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs),

980
		    NULL, &ctime, sizeof (ctime));

981
		SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs),

982
		    NULL, &zp->z_pflags, sizeof (zp->z_pflags));

983
		zfs_tstamp_update_setup(zp, STATE_CHANGED, mtime,

984
		    ctime);

985
	}

986
	links = ZTOI(zp)->i_nlink;

987
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs),

988
	    NULL, &links, sizeof (links));

989
	error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);

990
	ASSERT0(error);

991


992
	if (unlinkedp != NULL)

993
		*unlinkedp = unlinked;

994
	else if (unlinked)

995
		zfs_unlinked_add(zp, tx);

996


997
	return (0);

998
}

999


1000
/*

1001
 * Forcefully drop an nlink reference from (zp) and mark it for deletion if it

1002
 * was the last link. This *must* only be done to znodes which have already

1003
 * been zfs_link_destroy()'d with ZRENAMING. This is explicitly only used in

1004
 * the error path of zfs_rename(), where we have to correct the nlink count if

1005
 * we failed to link the target as well as failing to re-link the original

1006
 * znodes.

1007
 */

1008
int

1009
zfs_drop_nlink(znode_t *zp, dmu_tx_t *tx, boolean_t *unlinkedp)

1010
{

1011
	int error;

1012


1013
	mutex_enter(&zp->z_lock);

1014
	error = zfs_drop_nlink_locked(zp, tx, unlinkedp);

1015
	mutex_exit(&zp->z_lock);

1016


1017
	return (error);

1018
}

1019


1020
/*

1021
 * Unlink zp from dl, and mark zp for deletion if this was the last link. Can

1022
 * fail if zp is a mount point (EBUSY) or a non-empty directory (ENOTEMPTY).

1023
 * If 'unlinkedp' is NULL, we put unlinked znodes on the unlinked list.

1024
 * If it's non-NULL, we use it to indicate whether the znode needs deletion,

1025
 * and it's the caller's job to do it.

1026
 */

1027
int

1028
zfs_link_destroy(zfs_dirlock_t *dl, znode_t *zp, dmu_tx_t *tx, int flag,

1029
    boolean_t *unlinkedp)

1030
{

1031
	znode_t *dzp = dl->dl_dzp;

1032
	zfsvfs_t *zfsvfs = ZTOZSB(dzp);

1033
	int zp_is_dir = S_ISDIR(ZTOI(zp)->i_mode);

1034
	boolean_t unlinked = B_FALSE;

1035
	sa_bulk_attr_t bulk[5];

1036
	uint64_t mtime[2], ctime[2];

1037
	uint64_t links;

1038
	int count = 0;

1039
	int error;

1040


1041
	if (!(flag & ZRENAMING)) {

1042
		mutex_enter(&zp->z_lock);

1043


1044
		if (zp_is_dir && !zfs_dirempty(zp)) {

1045
			mutex_exit(&zp->z_lock);

1046
			return (SET_ERROR(ENOTEMPTY));

1047
		}

1048


1049
		/*

1050
		 * If we get here, we are going to try to remove the object.

1051
		 * First try removing the name from the directory; if that

1052
		 * fails, return the error.

1053
		 */

1054
		error = zfs_dropname(dl, zp, dzp, tx, flag);

1055
		if (error != 0) {

1056
			mutex_exit(&zp->z_lock);

1057
			return (error);

1058
		}

1059


1060
		/* The only error is !zfs_dirempty() and we checked earlier. */

1061
		error = zfs_drop_nlink_locked(zp, tx, &unlinked);

1062
		ASSERT0(error);

1063
		mutex_exit(&zp->z_lock);

1064
	} else {

1065
		error = zfs_dropname(dl, zp, dzp, tx, flag);

1066
		if (error != 0)

1067
			return (error);

1068
	}

1069


1070
	mutex_enter(&dzp->z_lock);

1071
	dzp->z_size--;		/* one dirent removed */

1072
	if (zp_is_dir)

1073
		drop_nlink(ZTOI(dzp));	/* ".." link from zp */

1074
	links = ZTOI(dzp)->i_nlink;

1075
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_LINKS(zfsvfs),

1076
	    NULL, &links, sizeof (links));

1077
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs),

1078
	    NULL, &dzp->z_size, sizeof (dzp->z_size));

1079
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs),

1080
	    NULL, ctime, sizeof (ctime));

1081
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs),

1082
	    NULL, mtime, sizeof (mtime));

1083
	SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs),

1084
	    NULL, &dzp->z_pflags, sizeof (dzp->z_pflags));

1085
	zfs_tstamp_update_setup(dzp, CONTENT_MODIFIED, mtime, ctime);

1086
	error = sa_bulk_update(dzp->z_sa_hdl, bulk, count, tx);

1087
	ASSERT0(error);

1088
	mutex_exit(&dzp->z_lock);

1089


1090
	if (unlinkedp != NULL)

1091
		*unlinkedp = unlinked;

1092
	else if (unlinked)

1093
		zfs_unlinked_add(zp, tx);

1094


1095
	return (0);

1096
}

1097


1098
/*

1099
 * Indicate whether the directory is empty.  Works with or without z_lock

1100
 * held, but can only be consider a hint in the latter case.  Returns true

1101
 * if only "." and ".." remain and there's no work in progress.

1102
 *

1103
 * The internal ZAP size, rather than zp->z_size, needs to be checked since

1104
 * some consumers (Lustre) do not strictly maintain an accurate SA_ZPL_SIZE.

1105
 */

1106
boolean_t

1107
zfs_dirempty(znode_t *dzp)

1108
{

1109
	zfsvfs_t *zfsvfs = ZTOZSB(dzp);

1110
	uint64_t count;

1111
	int error;

1112


1113
	if (dzp->z_dirlocks != NULL)

1114
		return (B_FALSE);

1115


1116
	error = zap_count(zfsvfs->z_os, dzp->z_id, &count);

1117
	if (error != 0 || count != 0)

1118
		return (B_FALSE);

1119


1120
	return (B_TRUE);

1121
}

1122


1123
int

1124
zfs_make_xattrdir(znode_t *zp, vattr_t *vap, znode_t **xzpp, cred_t *cr)

1125
{

1126
	zfsvfs_t *zfsvfs = ZTOZSB(zp);

1127
	znode_t *xzp;

1128
	dmu_tx_t *tx;

1129
	int error;

1130
	zfs_acl_ids_t acl_ids;

1131
	boolean_t fuid_dirtied;

1132
#ifdef ZFS_DEBUG

1133
	uint64_t parent;

1134
#endif

1135


1136
	*xzpp = NULL;

1137


1138
	if ((error = zfs_acl_ids_create(zp, IS_XATTR, vap, cr, NULL,

1139
	    &acl_ids, zfs_init_idmap)) != 0)

1140
		return (error);

1141
	if (zfs_acl_ids_overquota(zfsvfs, &acl_ids, zp->z_projid)) {

1142
		zfs_acl_ids_free(&acl_ids);

1143
		return (SET_ERROR(EDQUOT));

1144
	}

1145


1146
	tx = dmu_tx_create(zfsvfs->z_os);

1147
	dmu_tx_hold_sa_create(tx, acl_ids.z_aclp->z_acl_bytes +

1148
	    ZFS_SA_BASE_ATTR_SIZE);

1149
	dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_TRUE);

1150
	dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL);

1151
	fuid_dirtied = zfsvfs->z_fuid_dirty;

1152
	if (fuid_dirtied)

1153
		zfs_fuid_txhold(zfsvfs, tx);

1154
	error = dmu_tx_assign(tx, DMU_TX_WAIT);

1155
	if (error) {

1156
		zfs_acl_ids_free(&acl_ids);

1157
		dmu_tx_abort(tx);

1158
		return (error);

1159
	}

1160
	zfs_mknode(zp, vap, tx, cr, IS_XATTR, &xzp, &acl_ids);

1161


1162
	if (fuid_dirtied)

1163
		zfs_fuid_sync(zfsvfs, tx);

1164


1165
#ifdef ZFS_DEBUG

1166
	error = sa_lookup(xzp->z_sa_hdl, SA_ZPL_PARENT(zfsvfs),

1167
	    &parent, sizeof (parent));

1168
	ASSERT(error == 0 && parent == zp->z_id);

1169
#endif

1170


1171
	VERIFY0(sa_update(zp->z_sa_hdl, SA_ZPL_XATTR(zfsvfs), &xzp->z_id,

1172
	    sizeof (xzp->z_id), tx));

1173


1174
	if (!zp->z_unlinked)

1175
		zfs_log_create(zfsvfs->z_log, tx, TX_MKXATTR, zp, xzp, "", NULL,

1176
		    acl_ids.z_fuidp, vap);

1177


1178
	zfs_acl_ids_free(&acl_ids);

1179
	dmu_tx_commit(tx);

1180


1181
	*xzpp = xzp;

1182


1183
	return (0);

1184
}

1185


1186
/*

1187
 * Return a znode for the extended attribute directory for zp.

1188
 * ** If the directory does not already exist, it is created **

1189
 *

1190
 *	IN:	zp	- znode to obtain attribute directory from

1191
 *		cr	- credentials of caller

1192
 *		flags	- flags from the VOP_LOOKUP call

1193
 *

1194
 *	OUT:	xipp	- pointer to extended attribute znode

1195
 *

1196
 *	RETURN:	0 on success

1197
 *		error number on failure

1198
 */

1199
int

1200
zfs_get_xattrdir(znode_t *zp, znode_t **xzpp, cred_t *cr, int flags)

1201
{

1202
	zfsvfs_t	*zfsvfs = ZTOZSB(zp);

1203
	znode_t		*xzp;

1204
	zfs_dirlock_t	*dl;

1205
	vattr_t		va;

1206
	int		error;

1207
top:

1208
	error = zfs_dirent_lock(&dl, zp, "", &xzp, ZXATTR, NULL, NULL);

1209
	if (error)

1210
		return (error);

1211


1212
	if (xzp != NULL) {

1213
		*xzpp = xzp;

1214
		zfs_dirent_unlock(dl);

1215
		return (0);

1216
	}

1217


1218
	if (!(flags & CREATE_XATTR_DIR)) {

1219
		zfs_dirent_unlock(dl);

1220
		return (SET_ERROR(ENOENT));

1221
	}

1222


1223
	if (zfs_is_readonly(zfsvfs)) {

1224
		zfs_dirent_unlock(dl);

1225
		return (SET_ERROR(EROFS));

1226
	}

1227


1228
	/*

1229
	 * The ability to 'create' files in an attribute

1230
	 * directory comes from the write_xattr permission on the base file.

1231
	 *

1232
	 * The ability to 'search' an attribute directory requires

1233
	 * read_xattr permission on the base file.

1234
	 *

1235
	 * Once in a directory the ability to read/write attributes

1236
	 * is controlled by the permissions on the attribute file.

1237
	 */

1238
	va.va_mask = ATTR_MODE | ATTR_UID | ATTR_GID;

1239
	va.va_mode = S_IFDIR | S_ISVTX | 0777;

1240
	zfs_fuid_map_ids(zp, cr, &va.va_uid, &va.va_gid);

1241


1242
	va.va_dentry = NULL;

1243
	error = zfs_make_xattrdir(zp, &va, xzpp, cr);

1244
	zfs_dirent_unlock(dl);

1245


1246
	if (error == ERESTART) {

1247
		/* NB: we already did dmu_tx_wait() if necessary */

1248
		goto top;

1249
	}

1250


1251
	return (error);

1252
}

1253


1254
/*

1255
 * Decide whether it is okay to remove within a sticky directory.

1256
 *

1257
 * In sticky directories, write access is not sufficient;

1258
 * you can remove entries from a directory only if:

1259
 *

1260
 *	you own the directory,

1261
 *	you own the entry,

1262
 *	you have write access to the entry,

1263
 *	or you are privileged (checked in secpolicy...).

1264
 *

1265
 * The function returns 0 if remove access is granted.

1266
 */

1267
int

1268
zfs_sticky_remove_access(znode_t *zdp, znode_t *zp, cred_t *cr)

1269
{

1270
	uid_t		uid;

1271
	uid_t		downer;

1272
	uid_t		fowner;

1273
	zfsvfs_t	*zfsvfs = ZTOZSB(zdp);

1274


1275
	if (zfsvfs->z_replay)

1276
		return (0);

1277


1278
	if ((zdp->z_mode & S_ISVTX) == 0)

1279
		return (0);

1280


1281
	downer = zfs_fuid_map_id(zfsvfs, KUID_TO_SUID(ZTOI(zdp)->i_uid),

1282
	    cr, ZFS_OWNER);

1283
	fowner = zfs_fuid_map_id(zfsvfs, KUID_TO_SUID(ZTOI(zp)->i_uid),

1284
	    cr, ZFS_OWNER);

1285


1286
	if ((uid = crgetuid(cr)) == downer || uid == fowner ||

1287
	    zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr,

1288
	    zfs_init_idmap) == 0)

1289
		return (0);

1290
	else

1291
		return (secpolicy_vnode_remove(cr));

1292
}

1293


1294