/usr/src/sys/kern/vfs

Bug Summary

File:	kern/vfs_subr.c
Warning:	line 1259, column 7 Access to field 'si_rdev' results in a dereference of a null pointer (loaded from field 'vu_specinfo')
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name vfs_subr.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -target-feature -sse2 -target-feature -sse -target-feature -3dnow -target-feature -mmx -target-feature +save-args -disable-red-zone -no-implicit-float -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/sys -I /usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I /usr/src/sys/arch -I /usr/src/sys/dev/pci/drm/include -I /usr/src/sys/dev/pci/drm/include/uapi -I /usr/src/sys/dev/pci/drm/amd/include/asic_reg -I /usr/src/sys/dev/pci/drm/amd/include -I /usr/src/sys/dev/pci/drm/amd/amdgpu -I /usr/src/sys/dev/pci/drm/amd/display -I /usr/src/sys/dev/pci/drm/amd/display/include -I /usr/src/sys/dev/pci/drm/amd/display/dc -I /usr/src/sys/dev/pci/drm/amd/display/amdgpu_dm -I /usr/src/sys/dev/pci/drm/amd/pm/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu11 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu12 -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/hwmgr -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/smumgr -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc/hw -I /usr/src/sys/dev/pci/drm/amd/display/dc/clk_mgr -I /usr/src/sys/dev/pci/drm/amd/display/modules/inc -I /usr/src/sys/dev/pci/drm/amd/display/modules/hdcp -I /usr/src/sys/dev/pci/drm/amd/display/dmub/inc -I /usr/src/sys/dev/pci/drm/i915 -D DDB -D DIAGNOSTIC -D KTRACE -D ACCOUNTING -D KMEMSTATS -D PTRACE -D POOL_DEBUG -D CRYPTO -D SYSVMSG -D SYSVSEM -D SYSVSHM -D UVM_SWAP_ENCRYPT -D FFS -D FFS2 -D FFS_SOFTUPDATES -D UFS_DIRHASH -D QUOTA -D EXT2FS -D MFS -D NFSCLIENT -D NFSSERVER -D CD9660 -D UDF -D MSDOSFS -D FIFO -D FUSE -D SOCKET_SPLICE -D TCP_ECN -D TCP_SIGNATURE -D INET6 -D IPSEC -D PPP_BSDCOMP -D PPP_DEFLATE -D PIPEX -D MROUTING -D MPLS -D BOOT_CONFIG -D USER_PCICONF -D APERTURE -D MTRR -D NTFS -D HIBERNATE -D PCIVERBOSE -D USBVERBOSE -D WSDISPLAY_COMPAT_USL -D WSDISPLAY_COMPAT_RAWKBD -D WSDISPLAY_DEFAULTSCREENS=6 -D X86EMU -D ONEWIREVERBOSE -D MULTIPROCESSOR -D MAXUSERS=80 -D _KERNEL -D CONFIG_DRM_AMD_DC_DCN3_0 -O2 -Wno-pointer-sign -Wno-address-of-packed-member -Wno-constant-conversion -Wno-unused-but-set-variable -Wno-gnu-folding-constant -fdebug-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /usr/obj/sys/arch/amd64/compile/GENERIC.MP/scan-build/2022-01-12-131800-47421-1 -x c /usr/src/sys/kern/vfs_subr.c
1/*	$OpenBSD: vfs_subr.c,v 1.313 2021/10/25 10:24:54 claudio Exp $	*/
2/*	$NetBSD: vfs_subr.c,v 1.53 1996/04/22 01:39:13 christos Exp $	*/

4/*
* Copyright (c) 1989, 1993
*	The Regents of the University of California.  All rights reserved.
* (c) UNIX System Laboratories, Inc.
* All or some portions of this file are derived from material licensed
* to the University of California by American Telephone and Telegraph
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
* the permission of UNIX System Laboratories, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in the
*    documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
*    may be used to endorse or promote products derived from this software
*    without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*	@(#)vfs_subr.c	8.13 (Berkeley) 4/18/94
*/

40/*
* External virtual filesystem routines
*/

44#include <sys/param.h>
45#include <sys/systm.h>
46#include <sys/proc.h>
47#include <sys/sysctl.h>
48#include <sys/mount.h>
49#include <sys/time.h>
50#include <sys/fcntl.h>
51#include <sys/kernel.h>
52#include <sys/conf.h>
53#include <sys/vnode.h>
54#include <sys/lock.h>
55#include <sys/lockf.h>
56#include <sys/stat.h>
57#include <sys/acct.h>
58#include <sys/namei.h>
59#include <sys/ucred.h>
60#include <sys/buf.h>
61#include <sys/errno.h>
62#include <sys/malloc.h>
63#include <sys/mbuf.h>
64#include <sys/syscallargs.h>
65#include <sys/pool.h>
66#include <sys/tree.h>
67#include <sys/specdev.h>
68#include <sys/atomic.h>

70#include <netinet/in.h>

72#include <uvm/uvm_extern.h>
73#include <uvm/uvm_vnode.h>

75#include "softraid.h"

77void sr_quiesce(void);

79enum vtype iftovt_tab[16] = {
VNON, VFIFO, VCHR, VNON, VDIR, VNON, VBLK, VNON,
VREG, VNON, VLNK, VNON, VSOCK, VNON, VNON, VBAD,
82};

84int	vttoif_tab[9] = {
0, S_IFREG0100000, S_IFDIR0040000, S_IFBLK0060000, S_IFCHR0020000, S_IFLNK0120000,
S_IFSOCK0140000, S_IFIFO0010000, S_IFMT0170000,
87};

89int prtactive = 0;		/* 1 => print out reclaim of active vnodes */
90int suid_clear = 1;		/* 1 => clear SUID / SGID on owner change */

92/*
* Insq/Remq for the vnode usage lists.
*/
95#define	bufinsvn(bp, dp)do { if (((bp)->b_vnbufs.le_next = (dp)->lh_first) != (
(void *)0)) (dp)->lh_first->b_vnbufs.le_prev = &(bp
)->b_vnbufs.le_next; (dp)->lh_first = (bp); (bp)->b_vnbufs
.le_prev = &(dp)->lh_first; } while (0)	LIST_INSERT_HEAD(dp, bp, b_vnbufs)do { if (((bp)->b_vnbufs.le_next = (dp)->lh_first) != (
(void *)0)) (dp)->lh_first->b_vnbufs.le_prev = &(bp
)->b_vnbufs.le_next; (dp)->lh_first = (bp); (bp)->b_vnbufs
.le_prev = &(dp)->lh_first; } while (0)
96#define	bufremvn(bp){ do { if ((bp)->b_vnbufs.le_next != ((void *)0)) (bp)->
b_vnbufs.le_next->b_vnbufs.le_prev = (bp)->b_vnbufs.le_prev
; *(bp)->b_vnbufs.le_prev = (bp)->b_vnbufs.le_next; ((bp
)->b_vnbufs.le_prev) = ((void *)-1); ((bp)->b_vnbufs.le_next
) = ((void *)-1); } while (0); ((bp)->b_vnbufs.le_next) = (
(struct buf *)0x87654321); } {							\
LIST_REMOVE(bp, b_vnbufs)do { if ((bp)->b_vnbufs.le_next != ((void *)0)) (bp)->b_vnbufs
.le_next->b_vnbufs.le_prev = (bp)->b_vnbufs.le_prev; *(
bp)->b_vnbufs.le_prev = (bp)->b_vnbufs.le_next; ((bp)->
b_vnbufs.le_prev) = ((void *)-1); ((bp)->b_vnbufs.le_next)
 = ((void *)-1); } while (0);					\
LIST_NEXT(bp, b_vnbufs)((bp)->b_vnbufs.le_next) = NOLIST((struct buf *)0x87654321);				\
99}

101struct freelst vnode_hold_list;	/* list of vnodes referencing buffers */
102struct freelst vnode_free_list;	/* vnode free list */

104struct mntlist mountlist;	/* mounted filesystem list */

106void	vclean(struct vnode *, int, struct proc *);

108void insmntque(struct vnode *, struct mount *);
109int getdevvp(dev_t, struct vnode **, enum vtype);

111int vfs_hang_addrlist(struct mount *, struct netexport *,
		  struct export_args *);
113int vfs_free_netcred(struct radix_node *, void *, u_int);
114void vfs_free_addrlist(struct netexport *);
115void vputonfreelist(struct vnode *);

117int vflush_vnode(struct vnode *, void *);
118int maxvnodes;

120struct mutex vnode_mtx = MUTEX_INITIALIZER(IPL_BIO){ ((void *)0), ((((0x6)) > 0x0 && ((0x6)) < 0x9
) ? 0x9 : ((0x6))), 0x0 };

122void vfs_unmountall(void);

124#ifdef DEBUG
125void printlockedvnodes(void);
126#endif

128struct pool vnode_pool;
129struct pool uvm_vnode_pool;

131static inline int rb_buf_compare(const struct buf *b1, const struct buf *b2);
132RBT_GENERATE(buf_rb_bufs, buf, b_rbbufs, rb_buf_compare)static int buf_rb_bufs_RBT_COMPARE(const void *lptr, const void
 *rptr) { const struct buf *l = lptr, *r = rptr; return rb_buf_compare
(l, r); } static const struct rb_type buf_rb_bufs_RBT_INFO = {
 buf_rb_bufs_RBT_COMPARE, ((void *)0), __builtin_offsetof(struct
 buf, b_rbbufs), }; const struct rb_type *const buf_rb_bufs_RBT_TYPE
 = &buf_rb_bufs_RBT_INFO;

134static inline int
135rb_buf_compare(const struct buf *b1, const struct buf *b2)
136{
if (b1->b_lblkno < b2->b_lblkno)
return(-1);
if (b1->b_lblkno > b2->b_lblkno)
return(1);
return(0);
142}

144/*
* Initialize the vnode management data structures.
*/
147void
148vntblinit(void)
149{
/* buffer cache may need a vnode for each buffer */
maxvnodes = 2 * initialvnodes;
pool_init(&vnode_pool, sizeof(struct vnode), 0, IPL_NONE0x0,
   PR_WAITOK0x0001, "vnodes", NULL((void *)0));
pool_init(&uvm_vnode_pool, sizeof(struct uvm_vnode), 0, IPL_NONE0x0,
   PR_WAITOK0x0001, "uvmvnodes", NULL((void *)0));
TAILQ_INIT(&vnode_hold_list)do { (&vnode_hold_list)->tqh_first = ((void *)0); (&
vnode_hold_list)->tqh_last = &(&vnode_hold_list)->
tqh_first; } while (0);
TAILQ_INIT(&vnode_free_list)do { (&vnode_free_list)->tqh_first = ((void *)0); (&
vnode_free_list)->tqh_last = &(&vnode_free_list)->
tqh_first; } while (0);
TAILQ_INIT(&mountlist)do { (&mountlist)->tqh_first = ((void *)0); (&mountlist
)->tqh_last = &(&mountlist)->tqh_first; } while
 (0);
/*
* Initialize the filesystem syncer.
*/
vn_initialize_syncerd();

164#ifdef NFSSERVER1
rn_init(sizeof(struct sockaddr_in));
166#endif /* NFSSERVER */
167}

169/*
* Allocate a mount point.
*
* The returned mount point is marked as busy.
*/
174struct mount *
175vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp)
176{
struct mount *mp;

mp = malloc(sizeof(*mp), M_MOUNT20, M_WAITOK0x0001|M_ZERO0x0008);
rw_init_flags(&mp->mnt_lock, "vfslock", RWL_IS_VNODE)_rw_init_flags(&mp->mnt_lock, "vfslock", 0x04, ((void *
)0));
(void)vfs_busy(mp, VB_READ0x01|VB_NOWAIT0x04);

TAILQ_INIT(&mp->mnt_vnodelist)do { (&mp->mnt_vnodelist)->tqh_first = ((void *)0);
 (&mp->mnt_vnodelist)->tqh_last = &(&mp->
mnt_vnodelist)->tqh_first; } while (0);
mp->mnt_vnodecovered = vp;

atomic_inc_int(&vfsp->vfc_refcount)_atomic_inc_int(&vfsp->vfc_refcount);
mp->mnt_vfc = vfsp;
mp->mnt_op = vfsp->vfc_vfsops;
mp->mnt_flag = vfsp->vfc_flags;
strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN16);

return (mp);
193}

195/*
* Release a mount point.
*/
198void
199vfs_mount_free(struct mount *mp)
200{
atomic_dec_int(&mp->mnt_vfc->vfc_refcount)_atomic_dec_int(&mp->mnt_vfc->vfc_refcount);
free(mp, M_MOUNT20, sizeof(*mp));
203}

205/*
* Mark a mount point as busy. Used to synchronize access and to delay
* unmounting.
*
* Default behaviour is to attempt getting a READ lock and in case of an
* ongoing unmount, to wait for it to finish and then return failure.
*/
212int
213vfs_busy(struct mount *mp, int flags)
214{
int rwflags = 0;

if (flags & VB_WRITE0x02)
rwflags |= RW_WRITE0x0001UL;
else
rwflags |= RW_READ0x0002UL;

if (flags & VB_WAIT0x08)
rwflags |= RW_SLEEPFAIL0x0020UL;
else
rwflags |= RW_NOSLEEP0x0040UL;

227#ifdef WITNESS
if (flags & VB_DUPOK0x10)
rwflags |= RW_DUPOK0x0100UL;
230#endif

if (rw_enter(&mp->mnt_lock, rwflags))
return (EBUSY16);

return (0);
236}

238/*
* Free a busy file system
*/
241void
242vfs_unbusy(struct mount *mp)
243{
rw_exit(&mp->mnt_lock);
245}

247int
248vfs_isbusy(struct mount *mp)
249{
if (RWLOCK_OWNER(&mp->mnt_lock)((struct proc *)((&mp->mnt_lock)->rwl_owner & ~
0x07UL)) > 0)
return (1);
else
return (0);
254}

256/*
* Lookup a filesystem type, and if found allocate and initialize
* a mount structure for it.
*
* Devname is usually updated by mount(8) after booting.
*/
262int
263vfs_rootmountalloc(char *fstypename, char *devname, struct mount **mpp)
264{
struct vfsconf *vfsp;
struct mount *mp;

vfsp = vfs_byname(fstypename);
if (vfsp == NULL((void *)0))
return (ENODEV19);
mp = vfs_mount_alloc(NULLVP((struct vnode *)((void *)0)), vfsp);
mp->mnt_flag |= MNT_RDONLY0x00000001;
mp->mnt_stat.f_mntonname[0] = '/';
copystr(devname, mp->mnt_stat.f_mntfromname, MNAMELEN90, NULL((void *)0));
copystr(devname, mp->mnt_stat.f_mntfromspec, MNAMELEN90, NULL((void *)0));
*mpp = mp;
return (0);
}

280/*
* Lookup a mount point by filesystem identifier.
*/
283struct mount *
284vfs_getvfs(fsid_t *fsid)
285{
struct mount *mp;

TAILQ_FOREACH(mp, &mountlist, mnt_list)for((mp) = ((&mountlist)->tqh_first); (mp) != ((void *
)0); (mp) = ((mp)->mnt_list.tqe_next)) {
if (mp->mnt_stat.f_fsid.val[0] == fsid->val[0] &&
    mp->mnt_stat.f_fsid.val[1] == fsid->val[1]) {
	return (mp);
}
}

return (NULL((void *)0));
296}


299/*
* Get a new unique fsid
*/
302void
303vfs_getnewfsid(struct mount *mp)
304{
static u_short xxxfs_mntid;

fsid_t tfsid;
int mtype;

mtype = mp->mnt_vfc->vfc_typenum;
mp->mnt_stat.f_fsid.val[0] = makedev(nblkdev + mtype, 0)((dev_t)((((nblkdev + mtype) & 0xff) << 8) | ((0) &
 0xff) | (((0) & 0xffff00) << 8)));
mp->mnt_stat.f_fsid.val[1] = mtype;
if (xxxfs_mntid == 0)
++xxxfs_mntid;
tfsid.val[0] = makedev(nblkdev + mtype, xxxfs_mntid)((dev_t)((((nblkdev + mtype) & 0xff) << 8) | ((xxxfs_mntid
) & 0xff) | (((xxxfs_mntid) & 0xffff00) << 8)));
tfsid.val[1] = mtype;
if (!TAILQ_EMPTY(&mountlist)(((&mountlist)->tqh_first) == ((void *)0))) {
while (vfs_getvfs(&tfsid)) {
	tfsid.val[0]++;
	xxxfs_mntid++;
}
}
mp->mnt_stat.f_fsid.val[0] = tfsid.val[0];
324}

326/*
* Set vnode attributes to VNOVAL
*/
329void
330vattr_null(struct vattr *vap)
331{

vap->va_type = VNON;
/*
* Don't get fancy: u_quad_t = u_int = VNOVAL leaves the u_quad_t
* with 2^31-1 instead of 2^64-1.  Just write'm out and let
* the compiler do its job.
*/
vap->va_mode = VNOVAL(-1);
vap->va_nlink = VNOVAL(-1);
vap->va_uid = VNOVAL(-1);
vap->va_gid = VNOVAL(-1);
vap->va_fsid = VNOVAL(-1);
vap->va_fileid = VNOVAL(-1);
vap->va_size = VNOVAL(-1);
vap->va_blocksize = VNOVAL(-1);
vap->va_atime.tv_sec = VNOVAL(-1);
vap->va_atime.tv_nsec = VNOVAL(-1);
vap->va_mtime.tv_sec = VNOVAL(-1);
vap->va_mtime.tv_nsec = VNOVAL(-1);
vap->va_ctime.tv_sec = VNOVAL(-1);
vap->va_ctime.tv_nsec = VNOVAL(-1);
vap->va_gen = VNOVAL(-1);
vap->va_flags = VNOVAL(-1);
vap->va_rdev = VNOVAL(-1);
vap->va_bytes = VNOVAL(-1);
vap->va_filerev = VNOVAL(-1);
vap->va_vaflags = 0;
359}

361/*
* Routines having to do with the management of the vnode table.
*/
364long numvnodes;

366/*
* Return the next vnode from the free list.
*/
369int
370getnewvnode(enum vtagtype tag, struct mount *mp, const struct vops *vops,
  struct vnode **vpp)
372{
struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc;
struct freelst *listhd;
static int toggle;
struct vnode *vp;
int s;

/*
* allow maxvnodes to increase if the buffer cache itself
* is big enough to justify it. (we don't shrink it ever)
*/
maxvnodes = maxvnodes < bcstats.numbufs ? bcstats.numbufs
   : maxvnodes;

/*
* We must choose whether to allocate a new vnode or recycle an
* existing one. The criterion for allocating a new one is that
* the total number of vnodes is less than the number desired or
* there are no vnodes on either free list. Generally we only
* want to recycle vnodes that have no buffers associated with
* them, so we look first on the vnode_free_list. If it is empty,
* we next consider vnodes with referencing buffers on the
* vnode_hold_list. The toggle ensures that half the time we
* will use a buffer from the vnode_hold_list, and half the time
* we will allocate a new one unless the list has grown to twice
* the desired size. We are reticent to recycle vnodes from the
* vnode_hold_list because we will lose the identity of all its
* referencing buffers.
*/
toggle ^= 1;
if (numvnodes / 2 > maxvnodes)
toggle = 0;

s = splbio()splraise(0x6);
if ((numvnodes < maxvnodes) ||
   ((TAILQ_FIRST(listhd = &vnode_free_list)((listhd = &vnode_free_list)->tqh_first) == NULL((void *)0)) &&
   ((TAILQ_FIRST(listhd = &vnode_hold_list)((listhd = &vnode_hold_list)->tqh_first) == NULL((void *)0)) || toggle))) {
splx(s)spllower(s);
vp = pool_get(&vnode_pool, PR_WAITOK0x0001 | PR_ZERO0x0008);
vp->v_uvm = pool_get(&uvm_vnode_pool, PR_WAITOK0x0001 | PR_ZERO0x0008);
vp->v_uvm->u_vnode = vp;
uvm_obj_init(&vp->v_uvm->u_obj, &uvm_vnodeops, 0);
RBT_INIT(buf_rb_bufs, &vp->v_bufs_tree)buf_rb_bufs_RBT_INIT(&vp->v_bufs_tree);
cache_tree_init(&vp->v_nc_tree);
TAILQ_INIT(&vp->v_cache_dst)do { (&vp->v_cache_dst)->tqh_first = ((void *)0); (
&vp->v_cache_dst)->tqh_last = &(&vp->v_cache_dst
)->tqh_first; } while (0);
numvnodes++;
} else {
TAILQ_FOREACH(vp, listhd, v_freelist)for((vp) = ((listhd)->tqh_first); (vp) != ((void *)0); (vp
) = ((vp)->v_freelist.tqe_next)) {
	if (VOP_ISLOCKED(vp) == 0)
		break;
}
/*
 * Unless this is a bad time of the month, at most
 * the first NCPUS items on the free list are
 * locked, so this is close enough to being empty.
 */
if (vp == NULL((void *)0)) {
	splx(s)spllower(s);
	tablefull("vnode");
	*vpp = NULL((void *)0);
	return (ENFILE23);
}

435#ifdef DIAGNOSTIC1
if (vp->v_usecount) {
	vprint("free vnode", vp);
	panic("free vnode isn't");
}
440#endif

TAILQ_REMOVE(listhd, vp, v_freelist)do { if (((vp)->v_freelist.tqe_next) != ((void *)0)) (vp)->
v_freelist.tqe_next->v_freelist.tqe_prev = (vp)->v_freelist
.tqe_prev; else (listhd)->tqh_last = (vp)->v_freelist.tqe_prev
; *(vp)->v_freelist.tqe_prev = (vp)->v_freelist.tqe_next
; ((vp)->v_freelist.tqe_prev) = ((void *)-1); ((vp)->v_freelist
.tqe_next) = ((void *)-1); } while (0);
vp->v_bioflag &= ~VBIOONFREELIST0x0004;
splx(s)spllower(s);

if (vp->v_type != VBAD)
	vgonel(vp, p);
448#ifdef DIAGNOSTIC1
if (vp->v_data) {
	vprint("cleaned vnode", vp);
	panic("cleaned vnode isn't");
}
s = splbio()splraise(0x6);
if (vp->v_numoutput)
	panic("Clean vnode has pending I/O's");
splx(s)spllower(s);
457#endif
vp->v_flag = 0;
vp->v_socketv_un.vu_socket = NULL((void *)0);
}
cache_purge(vp);
vp->v_type = VNON;
vp->v_tag = tag;
vp->v_op = vops;
insmntque(vp, mp);
*vpp = vp;
vp->v_usecount = 1;
vp->v_data = NULL((void *)0);
return (0);
470}

472/*
* Move a vnode from one mount queue to another.
*/
475void
476insmntque(struct vnode *vp, struct mount *mp)
477{
/*
* Delete from old mount point vnode list, if on one.
*/
if (vp->v_mount != NULL((void *)0))
TAILQ_REMOVE(&vp->v_mount->mnt_vnodelist, vp, v_mntvnodes)do { if (((vp)->v_mntvnodes.tqe_next) != ((void *)0)) (vp)
->v_mntvnodes.tqe_next->v_mntvnodes.tqe_prev = (vp)->
v_mntvnodes.tqe_prev; else (&vp->v_mount->mnt_vnodelist
)->tqh_last = (vp)->v_mntvnodes.tqe_prev; *(vp)->v_mntvnodes
.tqe_prev = (vp)->v_mntvnodes.tqe_next; ((vp)->v_mntvnodes
.tqe_prev) = ((void *)-1); ((vp)->v_mntvnodes.tqe_next) = (
(void *)-1); } while (0);
/*
* Insert into list of vnodes for the new mount point, if available.
*/
if ((vp->v_mount = mp) != NULL((void *)0))
TAILQ_INSERT_TAIL(&mp->mnt_vnodelist, vp, v_mntvnodes)do { (vp)->v_mntvnodes.tqe_next = ((void *)0); (vp)->v_mntvnodes
.tqe_prev = (&mp->mnt_vnodelist)->tqh_last; *(&
mp->mnt_vnodelist)->tqh_last = (vp); (&mp->mnt_vnodelist
)->tqh_last = &(vp)->v_mntvnodes.tqe_next; } while (
0);
488}

490/*
* Create a vnode for a block device.
* Used for root filesystem, argdev, and swap areas.
* Also used for memory file system special devices.
*/
495int
496bdevvp(dev_t dev, struct vnode **vpp)
497{
return (getdevvp(dev, vpp, VBLK));
499}

501/*
* Create a vnode for a character device.
* Used for console handling.
*/
505int
506cdevvp(dev_t dev, struct vnode **vpp)
507{
return (getdevvp(dev, vpp, VCHR));
509}

511/*
* Create a vnode for a device.
* Used by bdevvp (block device) for root file system etc.,
* and by cdevvp (character device) for console.
*/
516int
517getdevvp(dev_t dev, struct vnode **vpp, enum vtype type)
518{
struct vnode *vp;
struct vnode *nvp;
int error;

if (dev == NODEV(dev_t)(-1)) {
*vpp = NULLVP((struct vnode *)((void *)0));
return (0);
}
error = getnewvnode(VT_NON, NULL((void *)0), &spec_vops, &nvp);
if (error) {
*vpp = NULLVP((struct vnode *)((void *)0));
return (error);
}
vp = nvp;
vp->v_type = type;
if ((nvp = checkalias(vp, dev, NULL((void *)0))) != NULL((void *)0)) {
vput(vp);
vp = nvp;
}
if (vp->v_type == VCHR && cdevsw[major(vp->v_rdev)(((unsigned)(vp->v_un.vu_specinfo->si_rdev) >> 8)
 & 0xff)].d_type == D_TTY2)
vp->v_flag |= VISTTY0x0008;
*vpp = vp;
return (0);
542}

544/*
* Check to see if the new vnode represents a special device
* for which we already have a vnode (either because of
* bdevvp() or because of a different vnode representing
* the same block device). If such an alias exists, deallocate
* the existing contents and return the aliased vnode. The
* caller is responsible for filling it with its new contents.
*/
552struct vnode *
553checkalias(struct vnode *nvp, dev_t nvp_rdev, struct mount *mp)
554{
struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc;
struct vnode *vp;
struct vnodechain *vchain;

if (nvp->v_type != VBLK && nvp->v_type != VCHR)
return (NULLVP((struct vnode *)((void *)0)));

vchain = &speclisth[SPECHASH(nvp_rdev)(((nvp_rdev>>5)+(nvp_rdev))&(64 -1))];
563loop:
SLIST_FOREACH(vp, vchain, v_specnext)for((vp) = ((vchain)->slh_first); (vp) != ((void *)0); (vp
) = ((vp)->v_un.vu_specinfo->si_specnext.sle_next)) {
if (nvp_rdev != vp->v_rdevv_un.vu_specinfo->si_rdev || nvp->v_type != vp->v_type) {
	continue;
}
/*
 * Alias, but not in use, so flush it out.
 */
if (vp->v_usecount == 0) {
	vgonel(vp, p);
	goto loop;
}
if (vget(vp, LK_EXCLUSIVE0x0001UL)) {
	goto loop;
}
break;
}

/*
* Common case is actually in the if statement
*/
if (vp == NULL((void *)0) || !(vp->v_tag == VT_NON && vp->v_type == VBLK)) {
nvp->v_specinfov_un.vu_specinfo = malloc(sizeof(struct specinfo), M_VNODE25,
	M_WAITOK0x0001);
nvp->v_rdevv_un.vu_specinfo->si_rdev = nvp_rdev;
nvp->v_hashchainv_un.vu_specinfo->si_hashchain = vchain;
nvp->v_specmountpointv_un.vu_specinfo->si_mountpoint = NULL((void *)0);
nvp->v_speclockfv_un.vu_specinfo->si_lockf = NULL((void *)0);
nvp->v_specbitmapv_un.vu_specinfo->si_ci.ci_bitmap = NULL((void *)0);
if (nvp->v_type == VCHR &&
    (cdevsw[major(nvp_rdev)(((unsigned)(nvp_rdev) >> 8) & 0xff)].d_flags & D_CLONE0x0001) &&
    (minor(nvp_rdev)((unsigned)((nvp_rdev) & 0xff) | (((nvp_rdev) & 0xffff0000
) >> 8)) >> CLONE_SHIFT8 == 0)) {
	if (vp != NULLVP((struct vnode *)((void *)0)))
		nvp->v_specbitmapv_un.vu_specinfo->si_ci.ci_bitmap = vp->v_specbitmapv_un.vu_specinfo->si_ci.ci_bitmap;
	else
		nvp->v_specbitmapv_un.vu_specinfo->si_ci.ci_bitmap = malloc(CLONE_MAPSZ128,
		    M_VNODE25, M_WAITOK0x0001 | M_ZERO0x0008);
}
SLIST_INSERT_HEAD(vchain, nvp, v_specnext)do { (nvp)->v_un.vu_specinfo->si_specnext.sle_next = (vchain
)->slh_first; (vchain)->slh_first = (nvp); } while (0);
if (vp != NULLVP((struct vnode *)((void *)0))) {
	nvp->v_flag |= VALIASED0x0800;
	vp->v_flag |= VALIASED0x0800;
	vput(vp);
}
return (NULLVP((struct vnode *)((void *)0)));
}

/*
* This code is the uncommon case. It is called in case
* we found an alias that was VT_NON && vtype of VBLK
* This means we found a block device that was created
* using bdevvp.
* An example of such a vnode is the root partition device vnode
* created in ffs_mountroot.
*
* The vnodes created by bdevvp should not be aliased (why?).
*/

VOP_UNLOCK(vp);
vclean(vp, 0, p);
vp->v_op = nvp->v_op;
vp->v_tag = nvp->v_tag;
nvp->v_type = VNON;
insmntque(vp, mp);
return (vp);
628}

630/*
* Grab a particular vnode from the free list, increment its
* reference count and lock it. If the vnode lock bit is set,
* the vnode is being eliminated in vgone. In that case, we
* cannot grab it, so the process is awakened when the
* transition is completed, and an error code is returned to
* indicate that the vnode is no longer usable, possibly
* having been changed to a new file system type.
*/
639int
640vget(struct vnode *vp, int flags)
641{
int error, s, onfreelist;

/*
* If the vnode is in the process of being cleaned out for
* another use, we wait for the cleaning to finish and then
* return failure. Cleaning is determined by checking that
* the VXLOCK flag is set.
*/
mtx_enter(&vnode_mtx);
if (vp->v_lflag & VXLOCK0x0100) {
if (flags & LK_NOWAIT0x0040UL) {
	mtx_leave(&vnode_mtx);
	return (EBUSY16);
}

vp->v_lflag |= VXWANT0x0200;
msleep_nsec(vp, &vnode_mtx, PINOD8, "vget", INFSLP0xffffffffffffffffULL);
mtx_leave(&vnode_mtx);
return (ENOENT2);
}
mtx_leave(&vnode_mtx);

onfreelist = vp->v_bioflag & VBIOONFREELIST0x0004;
if (vp->v_usecount == 0 && onfreelist) {
s = splbio()splraise(0x6);
if (vp->v_holdcnt > 0)
	TAILQ_REMOVE(&vnode_hold_list, vp, v_freelist)do { if (((vp)->v_freelist.tqe_next) != ((void *)0)) (vp)->
v_freelist.tqe_next->v_freelist.tqe_prev = (vp)->v_freelist
.tqe_prev; else (&vnode_hold_list)->tqh_last = (vp)->
v_freelist.tqe_prev; *(vp)->v_freelist.tqe_prev = (vp)->
v_freelist.tqe_next; ((vp)->v_freelist.tqe_prev) = ((void *
)-1); ((vp)->v_freelist.tqe_next) = ((void *)-1); } while (
0);
else
	TAILQ_REMOVE(&vnode_free_list, vp, v_freelist)do { if (((vp)->v_freelist.tqe_next) != ((void *)0)) (vp)->
v_freelist.tqe_next->v_freelist.tqe_prev = (vp)->v_freelist
.tqe_prev; else (&vnode_free_list)->tqh_last = (vp)->
v_freelist.tqe_prev; *(vp)->v_freelist.tqe_prev = (vp)->
v_freelist.tqe_next; ((vp)->v_freelist.tqe_prev) = ((void *
)-1); ((vp)->v_freelist.tqe_next) = ((void *)-1); } while (
0);
vp->v_bioflag &= ~VBIOONFREELIST0x0004;
splx(s)spllower(s);
}

vp->v_usecount++;
if (flags & LK_TYPE_MASK(0x0001UL|0x0002UL)) {
if ((error = vn_lock(vp, flags)) != 0) {
	vp->v_usecount--;
	if (vp->v_usecount == 0 && onfreelist)
		vputonfreelist(vp);
}
return (error);
}

return (0);
686}


689/* Vnode reference. */
690void
691vref(struct vnode *vp)
692{
KERNEL_ASSERT_LOCKED()((_kernel_lock_held()) ? (void)0 : __assert("diagnostic ", "/usr/src/sys/kern/vfs_subr.c"
, 693, "_kernel_lock_held()"));

695#ifdef DIAGNOSTIC1
if (vp->v_usecount == 0)
panic("vref used where vget required");
if (vp->v_type == VNON)
panic("vref on a VNON vnode");
700#endif
vp->v_usecount++;
702}

704void
705vputonfreelist(struct vnode *vp)
706{
int s;
struct freelst *lst;

s = splbio()splraise(0x6);
711#ifdef DIAGNOSTIC1
if (vp->v_usecount != 0)
panic("Use count is not zero!");

/*
* If the hold count is still positive, one or many threads could still
* be waiting on the vnode lock inside uvn_io().
*/
if (vp->v_holdcnt == 0 && vp->v_lockcount != 0)
panic("%s: lock count is not zero", __func__);

if (vp->v_bioflag & VBIOONFREELIST0x0004) {
vprint("vnode already on free list: ", vp);
panic("vnode already on free list");
}
726#endif

vp->v_bioflag |= VBIOONFREELIST0x0004;
vp->v_bioflag &= ~VBIOERROR0x0008;

if (vp->v_holdcnt > 0)
lst = &vnode_hold_list;
else
lst = &vnode_free_list;

if (vp->v_type == VBAD)
TAILQ_INSERT_HEAD(lst, vp, v_freelist)do { if (((vp)->v_freelist.tqe_next = (lst)->tqh_first)
 != ((void *)0)) (lst)->tqh_first->v_freelist.tqe_prev =
 &(vp)->v_freelist.tqe_next; else (lst)->tqh_last =
 &(vp)->v_freelist.tqe_next; (lst)->tqh_first = (vp
); (vp)->v_freelist.tqe_prev = &(lst)->tqh_first; }
 while (0);
else
TAILQ_INSERT_TAIL(lst, vp, v_freelist)do { (vp)->v_freelist.tqe_next = ((void *)0); (vp)->v_freelist
.tqe_prev = (lst)->tqh_last; *(lst)->tqh_last = (vp); (
lst)->tqh_last = &(vp)->v_freelist.tqe_next; } while
 (0);

splx(s)spllower(s);
742}

744/*
* vput(), just unlock and vrele()
*/
747void
748vput(struct vnode *vp)
749{
struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc;

752#ifdef DIAGNOSTIC1
if (vp == NULL((void *)0))
panic("vput: null vp");
755#endif

757#ifdef DIAGNOSTIC1
if (vp->v_usecount == 0) {
vprint("vput: bad ref count", vp);
panic("vput: ref cnt");
}
762#endif
vp->v_usecount--;
KASSERT(vp->v_usecount > 0 || vp->v_uvcount == 0)((vp->v_usecount > 0 || vp->v_uvcount == 0) ? (void)
: __assert("diagnostic ", "/usr/src/sys/kern/vfs_subr.c", 764
, "vp->v_usecount > 0 || vp->v_uvcount == 0"));
if (vp->v_usecount > 0) {
VOP_UNLOCK(vp);
return;
}

770#ifdef DIAGNOSTIC1
if (vp->v_writecount != 0) {
vprint("vput: bad writecount", vp);
panic("vput: v_writecount != 0");
}
775#endif

VOP_INACTIVE(vp, p);

if (vp->v_usecount == 0 && !(vp->v_bioflag & VBIOONFREELIST0x0004))
vputonfreelist(vp);
781}

783/*
* Vnode release - use for active VNODES.
* If count drops to zero, call inactive routine and return to freelist.
* Returns 0 if it did not sleep.
*/
788int
789vrele(struct vnode *vp)
790{
struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc;

793#ifdef DIAGNOSTIC1
if (vp == NULL((void *)0))
panic("vrele: null vp");
796#endif
797#ifdef DIAGNOSTIC1
if (vp->v_usecount == 0) {
vprint("vrele: bad ref count", vp);
panic("vrele: ref cnt");
}
802#endif
vp->v_usecount--;
if (vp->v_usecount > 0) {
return (0);
}

808#ifdef DIAGNOSTIC1
if (vp->v_writecount != 0) {
vprint("vrele: bad writecount", vp);
panic("vrele: v_writecount != 0");
}
813#endif

if (vn_lock(vp, LK_EXCLUSIVE0x0001UL)) {
816#ifdef DIAGNOSTIC1
vprint("vrele: cannot lock", vp);
818#endif
return (1);
}

VOP_INACTIVE(vp, p);

if (vp->v_usecount == 0 && !(vp->v_bioflag & VBIOONFREELIST0x0004))
vputonfreelist(vp);
return (1);
827}

829/* Page or buffer structure gets a reference. */
830void
831vhold(struct vnode *vp)
832{
/*
* If it is on the freelist and the hold count is currently
* zero, move it to the hold list.
*/
if ((vp->v_bioflag & VBIOONFREELIST0x0004) &&
   vp->v_holdcnt == 0 && vp->v_usecount == 0) {
TAILQ_REMOVE(&vnode_free_list, vp, v_freelist)do { if (((vp)->v_freelist.tqe_next) != ((void *)0)) (vp)->
v_freelist.tqe_next->v_freelist.tqe_prev = (vp)->v_freelist
.tqe_prev; else (&vnode_free_list)->tqh_last = (vp)->
v_freelist.tqe_prev; *(vp)->v_freelist.tqe_prev = (vp)->
v_freelist.tqe_next; ((vp)->v_freelist.tqe_prev) = ((void *
)-1); ((vp)->v_freelist.tqe_next) = ((void *)-1); } while (
0);
TAILQ_INSERT_TAIL(&vnode_hold_list, vp, v_freelist)do { (vp)->v_freelist.tqe_next = ((void *)0); (vp)->v_freelist
.tqe_prev = (&vnode_hold_list)->tqh_last; *(&vnode_hold_list
)->tqh_last = (vp); (&vnode_hold_list)->tqh_last = &
(vp)->v_freelist.tqe_next; } while (0);
}
vp->v_holdcnt++;
843}

845/* Lose interest in a vnode. */
846void
847vdrop(struct vnode *vp)
848{
849#ifdef DIAGNOSTIC1
if (vp->v_holdcnt == 0)
panic("vdrop: zero holdcnt");
852#endif

vp->v_holdcnt--;

/*
* If it is on the holdlist and the hold count drops to
* zero, move it to the free list.
*/
if ((vp->v_bioflag & VBIOONFREELIST0x0004) &&
   vp->v_holdcnt == 0 && vp->v_usecount == 0) {
TAILQ_REMOVE(&vnode_hold_list, vp, v_freelist)do { if (((vp)->v_freelist.tqe_next) != ((void *)0)) (vp)->
v_freelist.tqe_next->v_freelist.tqe_prev = (vp)->v_freelist
.tqe_prev; else (&vnode_hold_list)->tqh_last = (vp)->
v_freelist.tqe_prev; *(vp)->v_freelist.tqe_prev = (vp)->
v_freelist.tqe_next; ((vp)->v_freelist.tqe_prev) = ((void *
)-1); ((vp)->v_freelist.tqe_next) = ((void *)-1); } while (
0);
TAILQ_INSERT_TAIL(&vnode_free_list, vp, v_freelist)do { (vp)->v_freelist.tqe_next = ((void *)0); (vp)->v_freelist
.tqe_prev = (&vnode_free_list)->tqh_last; *(&vnode_free_list
)->tqh_last = (vp); (&vnode_free_list)->tqh_last = &
(vp)->v_freelist.tqe_next; } while (0);
}
865}

867/*
* Remove any vnodes in the vnode table belonging to mount point mp.
*
* If MNT_NOFORCE is specified, there should not be any active ones,
* return error if any are found (nb: this is a user error, not a
* system error). If MNT_FORCE is specified, detach any active vnodes
* that are found.
*/
875#ifdef DEBUG_SYSCTL
876int busyprt = 0;	/* print out busy vnodes */
877struct ctldebug debug_vfs_busyprt = { "vfs_busyprt", &busyprt };
878#endif

880int
881vfs_mount_foreach_vnode(struct mount *mp,
  int (*func)(struct vnode *, void *), void *arg) {
struct vnode *vp, *nvp;
int error = 0;

886loop:
TAILQ_FOREACH_SAFE(vp , &mp->mnt_vnodelist, v_mntvnodes, nvp)for ((vp) = ((&mp->mnt_vnodelist)->tqh_first); (vp)
 != ((void *)0) && ((nvp) = ((vp)->v_mntvnodes.tqe_next
), 1); (vp) = (nvp)) {
if (vp->v_mount != mp)
	goto loop;

error = func(vp, arg);

if (error != 0)
	break;
}

return (error);
898}

900struct vflush_args {
struct vnode *skipvp;
int busy;
int flags;
904};

906int
907vflush_vnode(struct vnode *vp, void *arg)
908{
struct vflush_args *va = arg;
struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc;

if (vp == va->skipvp) {
return (0);
}

if ((va->flags & SKIPSYSTEM0x0001) && (vp->v_flag & VSYSTEM0x0004)) {
return (0);
}

/*
* If WRITECLOSE is set, only flush out regular file
* vnodes open for writing.
*/
if ((va->flags & WRITECLOSE0x0004) &&
   (vp->v_writecount == 0 || vp->v_type != VREG)) {
return (0);
}

/*
* With v_usecount == 0, all we need to do is clear
* out the vnode data structures and we are done.
*/
if (vp->v_usecount == 0) {
vgonel(vp, p);
return (0);
}

/*
* If FORCECLOSE is set, forcibly close the vnode.
* For block or character devices, revert to an
* anonymous device. For all other files, just kill them.
*/
if (va->flags & FORCECLOSE0x0002) {
if (vp->v_type != VBLK && vp->v_type != VCHR) {
	vgonel(vp, p);
} else {
	vclean(vp, 0, p);
	vp->v_op = &spec_vops;
	insmntque(vp, NULL((void *)0));
}
return (0);
}

/*
* If set, this is allowed to ignore vnodes which don't
* have changes pending to disk.
* XXX Might be nice to check per-fs "inode" flags, but
* generally the filesystem is sync'd already, right?
*/
if ((va->flags & IGNORECLEAN0x0010) &&
   LIST_EMPTY(&vp->v_dirtyblkhd)(((&vp->v_dirtyblkhd)->lh_first) == ((void *)0)))
return (0);

964#ifdef DEBUG_SYSCTL
if (busyprt)
vprint("vflush: busy vnode", vp);
967#endif
va->busy++;
return (0);
970}

972int
973vflush(struct mount *mp, struct vnode *skipvp, int flags)
974{
struct vflush_args va;
va.skipvp = skipvp;
va.busy = 0;
va.flags = flags;

vfs_mount_foreach_vnode(mp, vflush_vnode, &va);

if (va.busy)
return (EBUSY16);
return (0);
985}

987/*
* Disassociate the underlying file system from a vnode.
*/
990void
991vclean(struct vnode *vp, int flags, struct proc *p)
992{
int active, do_wakeup = 0;

/*
* Check to see if the vnode is in use.
* If so we have to reference it before we clean it out
* so that its count cannot fall to zero and generate a
* race against ourselves to recycle it.
*/
if ((active = vp->v_usecount) != 0)
vp->v_usecount++;

/*
* Prevent the vnode from being recycled or
* brought into use while we clean it out.
*/
mtx_enter(&vnode_mtx);
if (vp->v_lflag & VXLOCK0x0100)
panic("vclean: deadlock");
vp->v_lflag |= VXLOCK0x0100;

if (vp->v_lockcount > 0) {
/*
 * Ensure that any thread currently waiting on the same lock has
 * observed that the vnode is about to be exclusively locked
 * before continuing.
 */
msleep_nsec(&vp->v_lockcount, &vnode_mtx, PINOD8, "vop_lock",
    INFSLP0xffffffffffffffffULL);
KASSERT(vp->v_lockcount == 0)((vp->v_lockcount == 0) ? (void)0 : __assert("diagnostic "
, "/usr/src/sys/kern/vfs_subr.c", 1021, "vp->v_lockcount == 0"
));
}
mtx_leave(&vnode_mtx);

/*
* Even if the count is zero, the VOP_INACTIVE routine may still
* have the object locked while it cleans it out. The VOP_LOCK
* ensures that the VOP_INACTIVE routine is done with its work.
* For active vnodes, it ensures that no other activity can
* occur while the underlying object is being cleaned out.
*/
VOP_LOCK(vp, LK_EXCLUSIVE0x0001UL | LK_DRAIN0x1000UL);

/*
* Clean out any VM data associated with the vnode.
*/
uvm_vnp_terminate(vp);
/*
* Clean out any buffers associated with the vnode.
*/
if (flags & DOCLOSE0x0008)
vinvalbuf(vp, V_SAVE0x0001, NOCRED((struct ucred *)-1), p, 0, INFSLP0xffffffffffffffffULL);
/*
* If purging an active vnode, it must be closed and
* deactivated before being reclaimed. Note that the
* VOP_INACTIVE will unlock the vnode
*/
if (active) {
if (flags & DOCLOSE0x0008)
	VOP_CLOSE(vp, FNONBLOCK0x0004, NOCRED((struct ucred *)-1), p);
VOP_INACTIVE(vp, p);
} else {
/*
 * Any other processes trying to obtain this lock must first
 * wait for VXLOCK to clear, then call the new lock operation.
 */
VOP_UNLOCK(vp);
}

/*
* Reclaim the vnode.
*/
if (VOP_RECLAIM(vp, p))
panic("vclean: cannot reclaim");
if (active) {
vp->v_usecount--;
if (vp->v_usecount == 0) {
	if (vp->v_holdcnt > 0)
		panic("vclean: not clean");
	vputonfreelist(vp);
}
}
cache_purge(vp);

/*
* Done with purge, notify sleepers of the grim news.
*/
vp->v_op = &dead_vops;
VN_KNOTE(vp, NOTE_REVOKE)do { struct klist *__list = (&vp->v_selectinfo.si_note
); if (__list != ((void *)0)) knote(__list, (0x0040)); } while
 (0);
vp->v_tag = VT_NON;
1081#ifdef VFSLCKDEBUG
vp->v_flag &= ~VLOCKSWORK0x4000;
1083#endif
mtx_enter(&vnode_mtx);
vp->v_lflag &= ~VXLOCK0x0100;
if (vp->v_lflag & VXWANT0x0200) {
vp->v_lflag &= ~VXWANT0x0200;
do_wakeup = 1;
}
mtx_leave(&vnode_mtx);
if (do_wakeup)
wakeup(vp);
1093}

1095/*
* Recycle an unused vnode to the front of the free list.
*/
1098int
1099vrecycle(struct vnode *vp, struct proc *p)
1100{
if (vp->v_usecount == 0) {
vgonel(vp, p);
return (1);
}
return (0);
1106}

1108/*
* Eliminate all activity associated with a vnode
* in preparation for reuse.
*/
1112void
1113vgone(struct vnode *vp)
1114{
struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc;
vgonel(vp, p);
12
←
Calling 'vgonel'→
32
←
Returning from 'vgonel'→
1117}

1119/*
* vgone, with struct proc.
*/
1122void
1123vgonel(struct vnode *vp, struct proc *p)
1124{
struct vnode *vq;
struct vnode *vx;

KASSERT(vp->v_uvcount == 0)((vp->v_uvcount == 0) ? (void)0 : __assert("diagnostic ", "/usr/src/sys/kern/vfs_subr.c"
, 1128, "vp->v_uvcount == 0"));
13
←
Assuming field 'v_uvcount' is equal to 0→
14
←
'?' condition is true→

/*
* If a vgone (or vclean) is already in progress,
* wait until it is done and return.
*/
mtx_enter(&vnode_mtx);
if (vp->v_lflag & VXLOCK0x0100) {
15
←
Assuming the condition is false→
16
←
Taking false branch→
vp->v_lflag |= VXWANT0x0200;
msleep_nsec(vp, &vnode_mtx, PINOD8, "vgone", INFSLP0xffffffffffffffffULL);
mtx_leave(&vnode_mtx);
return;
}
mtx_leave(&vnode_mtx);

/*
* Clean out the filesystem specific data.
*/
vclean(vp, DOCLOSE0x0008, p);
/*
* Delete from old mount point vnode list, if on one.
*/
if (vp->v_mount != NULL((void *)0))
17
←
Assuming field 'v_mount' is equal to NULL→
18
←
Taking false branch→
insmntque(vp, NULL((void *)0));
/*
* If special device, remove it from special device alias list
* if it is on one.
*/
if ((vp->v_type == VBLK || vp->v_type == VCHR) &&
19
←
Assuming field 'v_type' is not equal to VBLK→
20
←
Assuming field 'v_type' is equal to VCHR→
22
←
Taking true branch→
   vp->v_specinfov_un.vu_specinfo != NULL((void *)0)) {
21
←
Assuming field 'vu_specinfo' is not equal to NULL→
if ((vp->v_flag & VALIASED0x0800) == 0 && vp->v_type23.1
Field 'v_type' is equal to VCHR
 == VCHR &&
23
←
Assuming the condition is true→
    (cdevsw[major(vp->v_rdev)(((unsigned)(vp->v_un.vu_specinfo->si_rdev) >> 8)
 & 0xff)].d_flags & D_CLONE0x0001) &&
24
←
Assuming the condition is false→
    (minor(vp->v_rdev)((unsigned)((vp->v_un.vu_specinfo->si_rdev) & 0xff)
 | (((vp->v_un.vu_specinfo->si_rdev) & 0xffff0000) >>
 8)) >> CLONE_SHIFT8 == 0)) {
	free(vp->v_specbitmapv_un.vu_specinfo->si_ci.ci_bitmap, M_VNODE25, CLONE_MAPSZ128);
}
SLIST_REMOVE(vp->v_hashchain, vp, vnode, v_specnext)do { if ((vp->v_un.vu_specinfo->si_hashchain)->slh_first
 == (vp)) { do { ((vp->v_un.vu_specinfo->si_hashchain))
->slh_first = ((vp->v_un.vu_specinfo->si_hashchain))
->slh_first->v_un.vu_specinfo->si_specnext.sle_next;
 } while (0); } else { struct vnode *curelm = (vp->v_un.vu_specinfo
->si_hashchain)->slh_first; while (curelm->v_un.vu_specinfo
->si_specnext.sle_next != (vp)) curelm = curelm->v_un.vu_specinfo
->si_specnext.sle_next; curelm->v_un.vu_specinfo->si_specnext
.sle_next = curelm->v_un.vu_specinfo->si_specnext.sle_next
->v_un.vu_specinfo->si_specnext.sle_next; } ((vp)->v_un
.vu_specinfo->si_specnext.sle_next) = ((void *)-1); } while
 (0);
25
←
Assuming 'vp' is equal to field 'slh_first'→
26
←
Taking true branch→
27
←
Loop condition is false.  Exiting loop→
28
←
Loop condition is false.  Exiting loop→
if (vp->v_flag & VALIASED0x0800) {
29
←
Taking false branch→
	vx = NULL((void *)0);
	SLIST_FOREACH(vq, vp->v_hashchain, v_specnext)for((vq) = ((vp->v_un.vu_specinfo->si_hashchain)->slh_first
); (vq) != ((void *)0); (vq) = ((vq)->v_un.vu_specinfo->
si_specnext.sle_next)) {
		if (vq->v_rdevv_un.vu_specinfo->si_rdev != vp->v_rdevv_un.vu_specinfo->si_rdev ||
		    vq->v_type != vp->v_type)
			continue;
		if (vx)
			break;
		vx = vq;
	}
	if (vx == NULL((void *)0))
		panic("missing alias");
	if (vq == NULL((void *)0))
		vx->v_flag &= ~VALIASED0x0800;
	vp->v_flag &= ~VALIASED0x0800;
}
lf_purgelocks(&vp->v_speclockfv_un.vu_specinfo->si_lockf);
free(vp->v_specinfov_un.vu_specinfo, M_VNODE25, sizeof(struct specinfo));
vp->v_specinfov_un.vu_specinfo = NULL((void *)0);
30
←
Null pointer value stored to field 'vu_specinfo'→
}
/*
* If it is on the freelist and not already at the head,
* move it to the head of the list.
*/
vp->v_type = VBAD;

/*
* Move onto the free list, unless we were called from
* getnewvnode and we're not on any free list
*/
if (vp->v_usecount == 0 &&
31
←
Assuming field 'v_usecount' is not equal to 0→
   (vp->v_bioflag & VBIOONFREELIST0x0004)) {
int s;

s = splbio()splraise(0x6);

if (vp->v_holdcnt > 0)
	panic("vgonel: not clean");

if (TAILQ_FIRST(&vnode_free_list)((&vnode_free_list)->tqh_first) != vp) {
	TAILQ_REMOVE(&vnode_free_list, vp, v_freelist)do { if (((vp)->v_freelist.tqe_next) != ((void *)0)) (vp)->
v_freelist.tqe_next->v_freelist.tqe_prev = (vp)->v_freelist
.tqe_prev; else (&vnode_free_list)->tqh_last = (vp)->
v_freelist.tqe_prev; *(vp)->v_freelist.tqe_prev = (vp)->
v_freelist.tqe_next; ((vp)->v_freelist.tqe_prev) = ((void *
)-1); ((vp)->v_freelist.tqe_next) = ((void *)-1); } while (
0);
	TAILQ_INSERT_HEAD(&vnode_free_list, vp, v_freelist)do { if (((vp)->v_freelist.tqe_next = (&vnode_free_list
)->tqh_first) != ((void *)0)) (&vnode_free_list)->tqh_first
->v_freelist.tqe_prev = &(vp)->v_freelist.tqe_next;
 else (&vnode_free_list)->tqh_last = &(vp)->v_freelist
.tqe_next; (&vnode_free_list)->tqh_first = (vp); (vp)->
v_freelist.tqe_prev = &(&vnode_free_list)->tqh_first
; } while (0);
}
splx(s)spllower(s);
}
1209}

1211/*
* Lookup a vnode by device number.
*/
1214int
1215vfinddev(dev_t dev, enum vtype type, struct vnode **vpp)
1216{
struct vnode *vp;
int rc =0;

SLIST_FOREACH(vp, &speclisth[SPECHASH(dev)], v_specnext)for((vp) = ((&speclisth[(((dev>>5)+(dev))&(64 -
1))])->slh_first); (vp) != ((void *)0); (vp) = ((vp)->v_un
.vu_specinfo->si_specnext.sle_next)) {
if (dev != vp->v_rdevv_un.vu_specinfo->si_rdev || type != vp->v_type)
	continue;
*vpp = vp;
rc = 1;
break;
}
return (rc);
1228}

1230/*
* Revoke all the vnodes corresponding to the specified minor number
* range (endpoints inclusive) of the specified major.
*/
1234void
1235vdevgone(int maj, int minl, int minh, enum vtype type)
1236{
struct vnode *vp;
int mn;

for (mn = minl; mn <= minh; mn++)
if (vfinddev(makedev(maj, mn)((dev_t)((((maj) & 0xff) << 8) | ((mn) & 0xff) |
 (((mn) & 0xffff00) << 8))), type, &vp))
	VOP_REVOKE(vp, REVOKEALL0x0001);
1243}

1245/*
* Calculate the total number of references to a special device.
*/
1248int
1249vcount(struct vnode *vp)
1250{
struct vnode *vq;
int count;

1254loop:
if ((vp->v_flag & VALIASED0x0800) == 0)
1
Assuming the condition is false→
2
←
Taking false branch→
35
←
Taking false branch→
return (vp->v_usecount);
count = 0;
SLIST_FOREACH(vq, vp->v_hashchain, v_specnext)for((vq) = ((vp->v_un.vu_specinfo->si_hashchain)->slh_first
); (vq) != ((void *)0); (vq) = ((vq)->v_un.vu_specinfo->
si_specnext.sle_next)) {
3
←
Assuming 'vq' is not equal to null→
4
←
Loop condition is true.  Entering loop body→
36
←
Loop condition is true.  Entering loop body→
if (vq->v_rdevv_un.vu_specinfo->si_rdev != vp->v_rdevv_un.vu_specinfo->si_rdev || vq->v_type != vp->v_type)
5
←
Assuming 'vq->v_rdev' is equal to 'vp->v_rdev'→
6
←
Assuming 'vq->v_type' is equal to 'vp->v_type'→
7
←
Taking false branch→
37
←
Access to field 'si_rdev' results in a dereference of a null pointer (loaded from field 'vu_specinfo')
	continue;
/*
 * Alias, but not in use, so flush it out.
 */
if (vq->v_usecount == 0 && vq != vp) {
8
←
Assuming field 'v_usecount' is equal to 0→
9
←
Assuming 'vq' is not equal to 'vp'→
10
←
Taking true branch→
	vgone(vq);
11
←
Calling 'vgone'→
33
←
Returning from 'vgone'→
	goto loop;
34
←
Control jumps to line 1255→
}
count += vq->v_usecount;
}
return (count);
1271}

1273#if defined(DEBUG) || defined(DIAGNOSTIC1)
1274/*
* Print out a description of a vnode.
*/
1277static char *typename[] =
 { "VNON", "VREG", "VDIR", "VBLK", "VCHR", "VLNK", "VSOCK", "VFIFO", "VBAD" };

1280void
1281vprint(char *label, struct vnode *vp)
1282{
char buf[64];

if (label != NULL((void *)0))
printf("%s: ", label);
printf("%p, type %s, use %u, write %u, hold %u,",
vp, typename[vp->v_type], vp->v_usecount, vp->v_writecount,
vp->v_holdcnt);
buf[0] = '\0';
if (vp->v_flag & VROOT0x0001)
strlcat(buf, "|VROOT", sizeof buf);
if (vp->v_flag & VTEXT0x0002)
strlcat(buf, "|VTEXT", sizeof buf);
if (vp->v_flag & VSYSTEM0x0004)
strlcat(buf, "|VSYSTEM", sizeof buf);
if (vp->v_lflag & VXLOCK0x0100)
strlcat(buf, "|VXLOCK", sizeof buf);
if (vp->v_lflag & VXWANT0x0200)
strlcat(buf, "|VXWANT", sizeof buf);
if (vp->v_bioflag & VBIOWAIT0x0001)
strlcat(buf, "|VBIOWAIT", sizeof buf);
if (vp->v_bioflag & VBIOONFREELIST0x0004)
strlcat(buf, "|VBIOONFREELIST", sizeof buf);
if (vp->v_bioflag & VBIOONSYNCLIST0x0002)
strlcat(buf, "|VBIOONSYNCLIST", sizeof buf);
if (vp->v_flag & VALIASED0x0800)
strlcat(buf, "|VALIASED", sizeof buf);
if (buf[0] != '\0')
printf(" flags (%s)", &buf[1]);
if (vp->v_data == NULL((void *)0)) {
printf("\n");
} else {
printf("\n\t");
VOP_PRINT(vp);
}
1317}
1318#endif /* DEBUG || DIAGNOSTIC */

1320#ifdef DEBUG
1321/*
* List all of the locked vnodes in the system.
* Called when debugging the kernel.
*/
1325void
1326printlockedvnodes(void)
1327{
struct mount *mp;
struct vnode *vp;

printf("Locked vnodes\n");

TAILQ_FOREACH(mp, &mountlist, mnt_list)for((mp) = ((&mountlist)->tqh_first); (mp) != ((void *
)0); (mp) = ((mp)->mnt_list.tqe_next)) {
if (vfs_busy(mp, VB_READ0x01|VB_NOWAIT0x04))
	continue;
TAILQ_FOREACH(vp, &mp->mnt_vnodelist, v_mntvnodes)for((vp) = ((&mp->mnt_vnodelist)->tqh_first); (vp) !=
 ((void *)0); (vp) = ((vp)->v_mntvnodes.tqe_next)) {
	if (VOP_ISLOCKED(vp))
		vprint(NULL((void *)0), vp);
}
vfs_unbusy(mp);
}

1343}
1344#endif

1346/*
* Top level filesystem related information gathering.
*/
1349int
1350vfs_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
  size_t newlen, struct proc *p)
1352{
struct vfsconf *vfsp, *tmpvfsp;
int ret;

/* all sysctl names at this level are at least name and field */
if (namelen < 2)
return (ENOTDIR20);		/* overloaded */

if (name[0] != VFS_GENERIC0) {
vfsp = vfs_bytypenum(name[0]);
if (vfsp == NULL((void *)0) || vfsp->vfc_vfsops->vfs_sysctl == NULL((void *)0))
	return (EOPNOTSUPP45);

return ((*vfsp->vfc_vfsops->vfs_sysctl)(&name[1], namelen - 1,
    oldp, oldlenp, newp, newlen, p));
}

switch (name[1]) {
case VFS_MAXTYPENUM1:
return (sysctl_rdint(oldp, oldlenp, newp, maxvfsconf));

case VFS_CONF2:
if (namelen < 3)
	return (ENOTDIR20);	/* overloaded */

vfsp = vfs_bytypenum(name[2]);
if (vfsp == NULL((void *)0))
	return (EOPNOTSUPP45);

/* Make a copy, clear out kernel pointers */
tmpvfsp = malloc(sizeof(*tmpvfsp), M_TEMP127, M_WAITOK0x0001|M_ZERO0x0008);
memcpy(tmpvfsp, vfsp, sizeof(*tmpvfsp))__builtin_memcpy((tmpvfsp), (vfsp), (sizeof(*tmpvfsp)));
tmpvfsp->vfc_vfsops = NULL((void *)0);

ret = sysctl_rdstruct(oldp, oldlenp, newp, tmpvfsp,
    sizeof(struct vfsconf));

free(tmpvfsp, M_TEMP127, sizeof(*tmpvfsp));
return (ret);
case VFS_BCACHESTAT3:	/* buffer cache statistics */
ret = sysctl_rdstruct(oldp, oldlenp, newp, &bcstats,
    sizeof(struct bcachestats));
return(ret);
}
return (EOPNOTSUPP45);
1397}

1399/*
* Check to see if a filesystem is mounted on a block device.
*/
1402int
1403vfs_mountedon(struct vnode *vp)
1404{
struct vnode *vq;
int error = 0;

if (vp->v_specmountpointv_un.vu_specinfo->si_mountpoint != NULL((void *)0))
return (EBUSY16);
if (vp->v_flag & VALIASED0x0800) {
SLIST_FOREACH(vq, vp->v_hashchain, v_specnext)for((vq) = ((vp->v_un.vu_specinfo->si_hashchain)->slh_first
); (vq) != ((void *)0); (vq) = ((vq)->v_un.vu_specinfo->
si_specnext.sle_next)) {
	if (vq->v_rdevv_un.vu_specinfo->si_rdev != vp->v_rdevv_un.vu_specinfo->si_rdev ||
	    vq->v_type != vp->v_type)
		continue;
	if (vq->v_specmountpointv_un.vu_specinfo->si_mountpoint != NULL((void *)0)) {
		error = EBUSY16;
		break;
	}
}
}
return (error);
1422}

1424#ifdef NFSSERVER1
1425/*
* Build hash lists of net addresses and hang them off the mount point.
* Called by vfs_export() to set up the lists of export addresses.
*/
1429int
1430vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
  struct export_args *argp)
1432{
struct netcred *np;
struct radix_node_head *rnh;
int nplen, i;
struct radix_node *rn;
struct sockaddr *saddr, *smask = NULL((void *)0);
int error;

if (argp->ex_addrlen == 0) {
if (mp->mnt_flag & MNT_DEFEXPORTED0x00000200)
	return (EPERM1);
np = &nep->ne_defexported;
/* fill in the kernel's ucred from userspace's xucred */
if ((error = crfromxucred(&np->netc_anon, &argp->ex_anon)))
	return (error);
mp->mnt_flag |= MNT_DEFEXPORTED0x00000200;
goto finish;
}
if (argp->ex_addrlen > MLEN(256 - sizeof(struct m_hdr)) || argp->ex_masklen > MLEN(256 - sizeof(struct m_hdr)) ||
   argp->ex_addrlen < 0 || argp->ex_masklen < 0)
return (EINVAL22);
nplen = sizeof(struct netcred) + argp->ex_addrlen + argp->ex_masklen;
np = (struct netcred *)malloc(nplen, M_NETADDR49, M_WAITOK0x0001|M_ZERO0x0008);
np->netc_len = nplen;
saddr = (struct sockaddr *)(np + 1);
error = copyin(argp->ex_addr, saddr, argp->ex_addrlen);
if (error)
goto out;
if (saddr->sa_len > argp->ex_addrlen)
saddr->sa_len = argp->ex_addrlen;
if (argp->ex_masklen) {
smask = (struct sockaddr *)((caddr_t)saddr + argp->ex_addrlen);
error = copyin(argp->ex_mask, smask, argp->ex_masklen);
if (error)
	goto out;
if (smask->sa_len > argp->ex_masklen)
	smask->sa_len = argp->ex_masklen;
}
/* fill in the kernel's ucred from userspace's xucred */
if ((error = crfromxucred(&np->netc_anon, &argp->ex_anon)))
goto out;
i = saddr->sa_family;
switch (i) {
case AF_INET2:
if ((rnh = nep->ne_rtable_inet) == NULL((void *)0)) {
	if (!rn_inithead((void **)&nep->ne_rtable_inet,
	    offsetof(struct sockaddr_in, sin_addr)__builtin_offsetof(struct sockaddr_in, sin_addr))) {
		error = ENOBUFS55;
		goto out;
	}
	rnh = nep->ne_rtable_inet;
}
break;
default:
error = EINVAL22;
goto out;
}
rn = rn_addroute(saddr, smask, rnh, np->netc_rnodes, 0);
if (rn == NULL((void *)0) || np != (struct netcred *)rn) { /* already exists */
error = EPERM1;
goto out;
}
1494finish:
np->netc_exflags = argp->ex_flags;
return (0);
1497out:
free(np, M_NETADDR49, np->netc_len);
return (error);
1500}

1502int
1503vfs_free_netcred(struct radix_node *rn, void *w, u_int id)
1504{
struct radix_node_head *rnh = (struct radix_node_head *)w;
struct netcred * np = (struct netcred *)rn;

rn_delete(rn->rn_keyrn_u.rn_leaf.rn_Key, rn->rn_maskrn_u.rn_leaf.rn_Mask, rnh, NULL((void *)0));
free(np, M_NETADDR49, np->netc_len);
return (0);
1511}

1513/*
* Free the net address hash lists that are hanging off the mount points.
*/
1516void
1517vfs_free_addrlist(struct netexport *nep)
1518{
struct radix_node_head *rnh;

if ((rnh = nep->ne_rtable_inet) != NULL((void *)0)) {
rn_walktree(rnh, vfs_free_netcred, rnh);
free(rnh, M_RTABLE5, sizeof(*rnh));
nep->ne_rtable_inet = NULL((void *)0);
}
1526}
1527#endif /* NFSSERVER */

1529int
1530vfs_export(struct mount *mp, struct netexport *nep, struct export_args *argp)
1531{
1532#ifdef NFSSERVER1
int error;

if (argp->ex_flags & MNT_DELEXPORT0x00020000) {
vfs_free_addrlist(nep);
mp->mnt_flag &= ~(MNT_EXPORTED0x00000100 | MNT_DEFEXPORTED0x00000200);
}
if (argp->ex_flags & MNT_EXPORTED0x00000100) {
if ((error = vfs_hang_addrlist(mp, nep, argp)) != 0)
	return (error);
mp->mnt_flag |= MNT_EXPORTED0x00000100;
}
return (0);
1545#else
return (ENOTSUP91);
1547#endif /* NFSSERVER */
1548}

1550struct netcred *
1551vfs_export_lookup(struct mount *mp, struct netexport *nep, struct mbuf *nam)
1552{
1553#ifdef NFSSERVER1
struct netcred *np;
struct radix_node_head *rnh;
struct sockaddr *saddr;

np = NULL((void *)0);
if (mp->mnt_flag & MNT_EXPORTED0x00000100) {
/*
 * Lookup in the export list first.
 */
if (nam != NULL((void *)0)) {
	saddr = mtod(nam, struct sockaddr *)((struct sockaddr *)((nam)->m_hdr.mh_data));
	switch(saddr->sa_family) {
	case AF_INET2:
		rnh = nep->ne_rtable_inet;
		break;
	default:
		rnh = NULL((void *)0);
		break;
	}
	if (rnh != NULL((void *)0))
		np = (struct netcred *)rn_match(saddr, rnh);
}
/*
 * If no address match, use the default if it exists.
 */
if (np == NULL((void *)0) && mp->mnt_flag & MNT_DEFEXPORTED0x00000200)
	np = &nep->ne_defexported;
}
return (np);
1583#else
return (NULL((void *)0));
1585#endif /* NFSSERVER */
1586}

1588/*
* Do the usual access checking.
* file_mode, uid and gid are from the vnode in question,
* while acc_mode and cred are from the VOP_ACCESS parameter list
*/
1593int
1594vaccess(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
  mode_t acc_mode, struct ucred *cred)
1596{
mode_t mask;

/* User id 0 always gets read/write access. */
if (cred->cr_uid == 0) {
/* For VEXEC, at least one of the execute bits must be set. */
if ((acc_mode & VEXEC00100) && type != VDIR &&
    (file_mode & (S_IXUSR0000100|S_IXGRP0000010|S_IXOTH0000001)) == 0)
	return EACCES13;
return 0;
}

mask = 0;

/* Otherwise, check the owner. */
if (cred->cr_uid == uid) {
if (acc_mode & VEXEC00100)
	mask |= S_IXUSR0000100;
if (acc_mode & VREAD00400)
	mask |= S_IRUSR0000400;
if (acc_mode & VWRITE00200)
	mask |= S_IWUSR0000200;
return (file_mode & mask) == mask ? 0 : EACCES13;
}

/* Otherwise, check the groups. */
if (groupmember(gid, cred)) {
if (acc_mode & VEXEC00100)
	mask |= S_IXGRP0000010;
if (acc_mode & VREAD00400)
	mask |= S_IRGRP0000040;
if (acc_mode & VWRITE00200)
	mask |= S_IWGRP0000020;
return (file_mode & mask) == mask ? 0 : EACCES13;
}

/* Otherwise, check everyone else. */
if (acc_mode & VEXEC00100)
mask |= S_IXOTH0000001;
if (acc_mode & VREAD00400)
mask |= S_IROTH0000004;
if (acc_mode & VWRITE00200)
mask |= S_IWOTH0000002;
return (file_mode & mask) == mask ? 0 : EACCES13;
1640}

1642int
1643vnoperm(struct vnode *vp)
1644{
if (vp->v_flag & VROOT0x0001 || vp->v_mount == NULL((void *)0))
return 0;

return (vp->v_mount->mnt_flag & MNT_NOPERM0x00000020);
1649}

1651struct rwlock vfs_stall_lock = RWLOCK_INITIALIZER("vfs_stall"){ 0, "vfs_stall" };
1652unsigned int vfs_stalling = 0;

1654int
1655vfs_stall(struct proc *p, int stall)
1656{
struct mount *mp;
int allerror = 0, error;

if (stall) {
atomic_inc_int(&vfs_stalling)_atomic_inc_int(&vfs_stalling);
rw_enter_write(&vfs_stall_lock);
}

/*
* The loop variable mp is protected by vfs_busy() so that it cannot
* be unmounted while VFS_SYNC() sleeps.  Traverse forward to keep the
* lock order consistent with dounmount().
*/
TAILQ_FOREACH(mp, &mountlist, mnt_list)for((mp) = ((&mountlist)->tqh_first); (mp) != ((void *
)0); (mp) = ((mp)->mnt_list.tqe_next)) {
if (stall) {
	error = vfs_busy(mp, VB_WRITE0x02|VB_WAIT0x08|VB_DUPOK0x10);
	if (error) {
		printf("%s: busy\n", mp->mnt_stat.f_mntonname);
		allerror = error;
		continue;
	}
	uvm_vnp_sync(mp);
	error = VFS_SYNC(mp, MNT_WAIT, stall, p->p_ucred, p)(*(mp)->mnt_op->vfs_sync)(mp, 1, stall, p->p_ucred, p
);
	if (error) {
		printf("%s: failed to sync\n",
		    mp->mnt_stat.f_mntonname);
		vfs_unbusy(mp);
		allerror = error;
		continue;
	}
	mp->mnt_flag |= MNT_STALLED0x00100000;
} else {
	if (mp->mnt_flag & MNT_STALLED0x00100000) {
		vfs_unbusy(mp);
		mp->mnt_flag &= ~MNT_STALLED0x00100000;
	}
}
}

if (!stall) {
rw_exit_write(&vfs_stall_lock);
atomic_dec_int(&vfs_stalling)_atomic_dec_int(&vfs_stalling);
}

return (allerror);
1702}

1704void
1705vfs_stall_barrier(void)
1706{
if (__predict_false(vfs_stalling)__builtin_expect(((vfs_stalling) != 0), 0)) {
rw_enter_read(&vfs_stall_lock);
rw_exit_read(&vfs_stall_lock);
}
1711}

1713/*
* Unmount all file systems.
* We traverse the list in reverse order under the assumption that doing so
* will avoid needing to worry about dependencies.
*/
1718void
1719vfs_unmountall(void)
1720{
struct mount *mp, *nmp;
int allerror, error, again = 1;

retry:
allerror = 0;
TAILQ_FOREACH_REVERSE_SAFE(mp, &mountlist, mntlist, mnt_list, nmp)for ((mp) = (*(((struct mntlist *)((&mountlist)->tqh_last
))->tqh_last)); (mp) != ((void *)0) && ((nmp) = (*
(((struct mntlist *)((mp)->mnt_list.tqe_prev))->tqh_last
)), 1); (mp) = (nmp)) {
if (vfs_busy(mp, VB_WRITE0x02|VB_NOWAIT0x04))
	continue;
/* XXX Here is a race, the next pointer is not locked. */
if ((error = dounmount(mp, MNT_FORCE0x00080000, curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
 (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
 __ci;})->ci_curproc)) != 0) {
	printf("unmount of %s failed with error %d\n",
	    mp->mnt_stat.f_mntonname, error);
	allerror = 1;
}
}

if (allerror) {
printf("WARNING: some file systems would not unmount\n");
if (again) {
	printf("retrying\n");
	again = 0;
	goto retry;
}
}
1745}

1747/*
* Sync and unmount file systems before shutting down.
*/
1750void
1751vfs_shutdown(struct proc *p)
1752{
1753#ifdef ACCOUNTING1
acct_shutdown();
1755#endif

printf("syncing disks...");

if (panicstr == NULL((void *)0)) {
/* Sync before unmount, in case we hang on something. */
sys_sync(p, NULL((void *)0), NULL((void *)0));
vfs_unmountall();
}

1765#if NSOFTRAID1 > 0
sr_quiesce();
1767#endif

if (vfs_syncwait(p, 1))
printf(" giving up\n");
else
printf(" done\n");
1773}

1775/*
* perform sync() operation and wait for buffers to flush.
*/
1778int
1779vfs_syncwait(struct proc *p, int verbose)
1780{
struct buf *bp;
int iter, nbusy, dcount, s;
1783#ifdef MULTIPROCESSOR1
int hold_count;
1785#endif

sys_sync(p, NULL((void *)0), NULL((void *)0));

/* Wait for sync to finish. */
dcount = 10000;
for (iter = 0; iter < 20; iter++) {
nbusy = 0;
LIST_FOREACH(bp, &bufhead, b_list)for((bp) = ((&bufhead)->lh_first); (bp)!= ((void *)0);
 (bp) = ((bp)->b_list.le_next)) {
	if ((bp->b_flags & (B_BUSY0x00000010|B_INVAL0x00000800|B_READ0x00008000)) == B_BUSY0x00000010)
		nbusy++;
	/*
	 * With soft updates, some buffers that are
	 * written will be remarked as dirty until other
	 * buffers are written.
	 */
	if (bp->b_flags & B_DELWRI0x00000080) {
		s = splbio()splraise(0x6);
		bremfreebufcache_take(bp);
		buf_acquire(bp);
		splx(s)spllower(s);
		nbusy++;
		bawrite(bp);
		if (dcount-- <= 0) {
			if (verbose)
				printf("softdep ");
			return 1;
		}
	}
}
if (nbusy == 0)
	break;
if (verbose)
	printf("%d ", nbusy);
1819#ifdef MULTIPROCESSOR1
if (_kernel_lock_held())
	hold_count = __mp_release_all(&kernel_lock);
else
	hold_count = 0;
1824#endif
DELAY(40000 * iter)(*delay_func)(40000 * iter);
1826#ifdef MULTIPROCESSOR1
if (hold_count)
	__mp_acquire_count(&kernel_lock, hold_count);
1829#endif
}

return nbusy;
1833}

1835/*
* posix file system related system variables.
*/
1838int
1839fs_posix_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp,
  void *newp, size_t newlen, struct proc *p)
1841{
/* all sysctl names at this level are terminal */
if (namelen != 1)
return (ENOTDIR20);

switch (name[0]) {
case FS_POSIX_SETUID1:
if (newp && securelevel > 0)
	return (EPERM1);
return(sysctl_int(oldp, oldlenp, newp, newlen, &suid_clear));
default:
return (EOPNOTSUPP45);
}
/* NOTREACHED */
1855}

1857/*
* file system related system variables.
*/
1860int
1861fs_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
  size_t newlen, struct proc *p)
1863{
sysctlfn *fn;

switch (name[0]) {
case FS_POSIX1:
fn = fs_posix_sysctl;
break;
default:
return (EOPNOTSUPP45);
}
return (*fn)(name + 1, namelen - 1, oldp, oldlenp, newp, newlen, p);
1874}


1877/*
* Routines dealing with vnodes and buffers
*/

1881/*
* Wait for all outstanding I/Os to complete
*
* Manipulates v_numoutput. Must be called at splbio()
*/
1886int
1887vwaitforio(struct vnode *vp, int slpflag, char *wmesg, uint64_t timeo)
1888{
int error = 0;

splassert(IPL_BIO)do { if (splassert_ctl > 0) { splassert_check(0x6, __func__
); } } while (0);

while (vp->v_numoutput) {
vp->v_bioflag |= VBIOWAIT0x0001;
error = tsleep_nsec(&vp->v_numoutput,
    slpflag | (PRIBIO16 + 1), wmesg, timeo);
if (error)
	break;
}

return (error);
1902}

1904/*
* Update outstanding I/O count and do wakeup if requested.
*
* Manipulates v_numoutput. Must be called at splbio()
*/
1909void
1910vwakeup(struct vnode *vp)
1911{
splassert(IPL_BIO)do { if (splassert_ctl > 0) { splassert_check(0x6, __func__
); } } while (0);

if (vp != NULL((void *)0)) {
if (vp->v_numoutput-- == 0)
	panic("vwakeup: neg numoutput");
if ((vp->v_bioflag & VBIOWAIT0x0001) && vp->v_numoutput == 0) {
	vp->v_bioflag &= ~VBIOWAIT0x0001;
	wakeup(&vp->v_numoutput);
}
}
1922}

1924/*
* Flush out and invalidate all buffers associated with a vnode.
* Called with the underlying object locked.
*/
1928int
1929vinvalbuf(struct vnode *vp, int flags, struct ucred *cred, struct proc *p,
  int slpflag, uint64_t slptimeo)
1931{
struct buf *bp;
struct buf *nbp, *blist;
int s, error;

1936#ifdef VFSLCKDEBUG
if ((vp->v_flag & VLOCKSWORK0x4000) && !VOP_ISLOCKED(vp))
panic("%s: vp isn't locked, vp %p", __func__, vp);
1939#endif

if (flags & V_SAVE0x0001) {
s = splbio()splraise(0x6);
vwaitforio(vp, 0, "vinvalbuf", INFSLP0xffffffffffffffffULL);
if (!LIST_EMPTY(&vp->v_dirtyblkhd)(((&vp->v_dirtyblkhd)->lh_first) == ((void *)0))) {
	splx(s)spllower(s);
	if ((error = VOP_FSYNC(vp, cred, MNT_WAIT1, p)) != 0)
		return (error);
	s = splbio()splraise(0x6);
	if (vp->v_numoutput > 0 ||
	    !LIST_EMPTY(&vp->v_dirtyblkhd)(((&vp->v_dirtyblkhd)->lh_first) == ((void *)0)))
		panic("%s: dirty bufs, vp %p", __func__, vp);
}
splx(s)spllower(s);
}
1955loop:
s = splbio()splraise(0x6);
for (;;) {
int count = 0;
if ((blist = LIST_FIRST(&vp->v_cleanblkhd)((&vp->v_cleanblkhd)->lh_first)) &&
    (flags & V_SAVEMETA0x0002))
	while (blist && blist->b_lblkno < 0)
		blist = LIST_NEXT(blist, b_vnbufs)((blist)->b_vnbufs.le_next);
if (blist == NULL((void *)0) &&
    (blist = LIST_FIRST(&vp->v_dirtyblkhd)((&vp->v_dirtyblkhd)->lh_first)) &&
    (flags & V_SAVEMETA0x0002))
	while (blist && blist->b_lblkno < 0)
		blist = LIST_NEXT(blist, b_vnbufs)((blist)->b_vnbufs.le_next);
if (!blist)
	break;

for (bp = blist; bp; bp = nbp) {
	nbp = LIST_NEXT(bp, b_vnbufs)((bp)->b_vnbufs.le_next);
	if (flags & V_SAVEMETA0x0002 && bp->b_lblkno < 0)
		continue;
	if (bp->b_flags & B_BUSY0x00000010) {
		bp->b_flags |= B_WANTED0x00010000;
		error = tsleep_nsec(bp, slpflag | (PRIBIO16 + 1),
		    "vinvalbuf", slptimeo);
		if (error) {
			splx(s)spllower(s);
			return (error);
		}
		break;
	}
	bremfreebufcache_take(bp);
	/*
	 * XXX Since there are no node locks for NFS, I believe
	 * there is a slight chance that a delayed write will
	 * occur while sleeping just above, so check for it.
	 */
	if ((bp->b_flags & B_DELWRI0x00000080) && (flags & V_SAVE0x0001)) {
		buf_acquire(bp);
		splx(s)spllower(s);
		(void) VOP_BWRITE(bp);
		goto loop;
	}
	buf_acquire_nomap(bp);
	bp->b_flags |= B_INVAL0x00000800;
	brelse(bp);
	count++;
	/*
	 * XXX Temporary workaround XXX
	 *
	 * If this is a gigantisch vnode and we are
	 * trashing a ton of buffers, drop the lock
	 * and yield every so often. The longer term
	 * fix is to add a separate list for these
	 * invalid buffers so we don't have to do the
	 * work to free these here.
	 */
	if (count > 100) {
		splx(s)spllower(s);
		sched_pause(yield)do { if (({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0"
 : "=r" (__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self
))); __ci;})->ci_schedstate.spc_schedflags & 0x0002) yield
(); } while (0);
		goto loop;
	}
}
}
if (!(flags & V_SAVEMETA0x0002) &&
   (!LIST_EMPTY(&vp->v_dirtyblkhd)(((&vp->v_dirtyblkhd)->lh_first) == ((void *)0)) || !LIST_EMPTY(&vp->v_cleanblkhd)(((&vp->v_cleanblkhd)->lh_first) == ((void *)0))))
panic("%s: flush failed, vp %p", __func__, vp);
splx(s)spllower(s);
return (0);
2023}

2025void
2026vflushbuf(struct vnode *vp, int sync)
2027{
struct buf *bp, *nbp;
int s;

2031loop:
s = splbio()splraise(0x6);
LIST_FOREACH_SAFE(bp, &vp->v_dirtyblkhd, b_vnbufs, nbp)for ((bp) = ((&vp->v_dirtyblkhd)->lh_first); (bp) &&
 ((nbp) = ((bp)->b_vnbufs.le_next), 1); (bp) = (nbp)) {
if ((bp->b_flags & B_BUSY0x00000010))
	continue;
if ((bp->b_flags & B_DELWRI0x00000080) == 0)
	panic("vflushbuf: not dirty");
bremfreebufcache_take(bp);
buf_acquire(bp);
splx(s)spllower(s);
/*
 * Wait for I/O associated with indirect blocks to complete,
 * since there is no way to quickly wait for them below.
 */
if (bp->b_vp == vp || sync == 0)
	(void) bawrite(bp);
else
	(void) bwrite(bp);
goto loop;
}
if (sync == 0) {
splx(s)spllower(s);
return;
}
vwaitforio(vp, 0, "vflushbuf", INFSLP0xffffffffffffffffULL);
if (!LIST_EMPTY(&vp->v_dirtyblkhd)(((&vp->v_dirtyblkhd)->lh_first) == ((void *)0))) {
splx(s)spllower(s);
2058#ifdef DIAGNOSTIC1
vprint("vflushbuf: dirty", vp);
2060#endif
goto loop;
}
splx(s)spllower(s);
2064}

2066/*
* Associate a buffer with a vnode.
*
* Manipulates buffer vnode queues. Must be called at splbio().
*/
2071void
2072bgetvp(struct vnode *vp, struct buf *bp)
2073{
splassert(IPL_BIO)do { if (splassert_ctl > 0) { splassert_check(0x6, __func__
); } } while (0);


if (bp->b_vp)
panic("bgetvp: not free");
vhold(vp);
bp->b_vp = vp;
if (vp->v_type == VBLK || vp->v_type == VCHR)
bp->b_dev = vp->v_rdevv_un.vu_specinfo->si_rdev;
else
bp->b_dev = NODEV(dev_t)(-1);
/*
* Insert onto list for new vnode.
*/
bufinsvn(bp, &vp->v_cleanblkhd)do { if (((bp)->b_vnbufs.le_next = (&vp->v_cleanblkhd
)->lh_first) != ((void *)0)) (&vp->v_cleanblkhd)->
lh_first->b_vnbufs.le_prev = &(bp)->b_vnbufs.le_next
; (&vp->v_cleanblkhd)->lh_first = (bp); (bp)->b_vnbufs
.le_prev = &(&vp->v_cleanblkhd)->lh_first; } while
 (0);
2089}

2091/*
* Disassociate a buffer from a vnode.
*
* Manipulates vnode buffer queues. Must be called at splbio().
*/
2096void
2097brelvp(struct buf *bp)
2098{
struct vnode *vp;

splassert(IPL_BIO)do { if (splassert_ctl > 0) { splassert_check(0x6, __func__
); } } while (0);

if ((vp = bp->b_vp) == (struct vnode *) 0)
panic("brelvp: NULL");
/*
* Delete from old vnode list, if on one.
*/
if (LIST_NEXT(bp, b_vnbufs)((bp)->b_vnbufs.le_next) != NOLIST((struct buf *)0x87654321))
bufremvn(bp){ do { if ((bp)->b_vnbufs.le_next != ((void *)0)) (bp)->
b_vnbufs.le_next->b_vnbufs.le_prev = (bp)->b_vnbufs.le_prev
; *(bp)->b_vnbufs.le_prev = (bp)->b_vnbufs.le_next; ((bp
)->b_vnbufs.le_prev) = ((void *)-1); ((bp)->b_vnbufs.le_next
) = ((void *)-1); } while (0); ((bp)->b_vnbufs.le_next) = (
(struct buf *)0x87654321); };
if ((vp->v_bioflag & VBIOONSYNCLIST0x0002) &&
   LIST_EMPTY(&vp->v_dirtyblkhd)(((&vp->v_dirtyblkhd)->lh_first) == ((void *)0))) {
vp->v_bioflag &= ~VBIOONSYNCLIST0x0002;
LIST_REMOVE(vp, v_synclist)do { if ((vp)->v_synclist.le_next != ((void *)0)) (vp)->
v_synclist.le_next->v_synclist.le_prev = (vp)->v_synclist
.le_prev; *(vp)->v_synclist.le_prev = (vp)->v_synclist.
le_next; ((vp)->v_synclist.le_prev) = ((void *)-1); ((vp)->
v_synclist.le_next) = ((void *)-1); } while (0);
}
bp->b_vp = NULL((void *)0);

vdrop(vp);
2118}

2120/*
* Replaces the current vnode associated with the buffer, if any,
* with a new vnode.
*
* If an output I/O is pending on the buffer, the old vnode
* I/O count is adjusted.
*
* Ignores vnode buffer queues. Must be called at splbio().
*/
2129void
2130buf_replacevnode(struct buf *bp, struct vnode *newvp)
2131{
struct vnode *oldvp = bp->b_vp;

splassert(IPL_BIO)do { if (splassert_ctl > 0) { splassert_check(0x6, __func__
); } } while (0);

if (oldvp)
brelvp(bp);

if ((bp->b_flags & (B_READ0x00008000 | B_DONE0x00000100)) == 0) {
newvp->v_numoutput++;	/* put it on swapdev */
vwakeup(oldvp);
}

bgetvp(newvp, bp);
bufremvn(bp){ do { if ((bp)->b_vnbufs.le_next != ((void *)0)) (bp)->
b_vnbufs.le_next->b_vnbufs.le_prev = (bp)->b_vnbufs.le_prev
; *(bp)->b_vnbufs.le_prev = (bp)->b_vnbufs.le_next; ((bp
)->b_vnbufs.le_prev) = ((void *)-1); ((bp)->b_vnbufs.le_next
) = ((void *)-1); } while (0); ((bp)->b_vnbufs.le_next) = (
(struct buf *)0x87654321); };
2146}

2148/*
* Used to assign buffers to the appropriate clean or dirty list on
* the vnode and to add newly dirty vnodes to the appropriate
* filesystem syncer list.
*
* Manipulates vnode buffer queues. Must be called at splbio().
*/
2155void
2156reassignbuf(struct buf *bp)
2157{
struct buflists *listheadp;
int delay;
struct vnode *vp = bp->b_vp;

splassert(IPL_BIO)do { if (splassert_ctl > 0) { splassert_check(0x6, __func__
); } } while (0);

/*
* Delete from old vnode list, if on one.
*/
if (LIST_NEXT(bp, b_vnbufs)((bp)->b_vnbufs.le_next) != NOLIST((struct buf *)0x87654321))
bufremvn(bp){ do { if ((bp)->b_vnbufs.le_next != ((void *)0)) (bp)->
b_vnbufs.le_next->b_vnbufs.le_prev = (bp)->b_vnbufs.le_prev
; *(bp)->b_vnbufs.le_prev = (bp)->b_vnbufs.le_next; ((bp
)->b_vnbufs.le_prev) = ((void *)-1); ((bp)->b_vnbufs.le_next
) = ((void *)-1); } while (0); ((bp)->b_vnbufs.le_next) = (
(struct buf *)0x87654321); };

/*
* If dirty, put on list of dirty buffers;
* otherwise insert onto list of clean buffers.
*/
if ((bp->b_flags & B_DELWRI0x00000080) == 0) {
listheadp = &vp->v_cleanblkhd;
if ((vp->v_bioflag & VBIOONSYNCLIST0x0002) &&
    LIST_EMPTY(&vp->v_dirtyblkhd)(((&vp->v_dirtyblkhd)->lh_first) == ((void *)0))) {
	vp->v_bioflag &= ~VBIOONSYNCLIST0x0002;
	LIST_REMOVE(vp, v_synclist)do { if ((vp)->v_synclist.le_next != ((void *)0)) (vp)->
v_synclist.le_next->v_synclist.le_prev = (vp)->v_synclist
.le_prev; *(vp)->v_synclist.le_prev = (vp)->v_synclist.
le_next; ((vp)->v_synclist.le_prev) = ((void *)-1); ((vp)->
v_synclist.le_next) = ((void *)-1); } while (0);
}
} else {
listheadp = &vp->v_dirtyblkhd;
if ((vp->v_bioflag & VBIOONSYNCLIST0x0002) == 0) {
	switch (vp->v_type) {
	case VDIR:
		delay = syncdelay / 2;
		break;
	case VBLK:
		if (vp->v_specmountpointv_un.vu_specinfo->si_mountpoint != NULL((void *)0)) {
			delay = syncdelay / 3;
			break;
		}
		/* FALLTHROUGH */
	default:
		delay = syncdelay;
	}
	vn_syncer_add_to_worklist(vp, delay);
}
}
bufinsvn(bp, listheadp)do { if (((bp)->b_vnbufs.le_next = (listheadp)->lh_first
) != ((void *)0)) (listheadp)->lh_first->b_vnbufs.le_prev
 = &(bp)->b_vnbufs.le_next; (listheadp)->lh_first =
 (bp); (bp)->b_vnbufs.le_prev = &(listheadp)->lh_first
; } while (0);
2201}

2203/*
* Check if vnode represents a disk device
*/
2206int
2207vn_isdisk(struct vnode *vp, int *errp)
2208{
if (vp->v_type != VBLK && vp->v_type != VCHR)
return (0);

return (1);
2213}

2215#ifdef DDB1
2216#include <machine/db_machdep.h>
2217#include <ddb/db_interface.h>

2219void
2220vfs_buf_print(void *b, int full,
  int (*pr)(const char *, ...) __attribute__((__format__(__kprintf__,1,2))))
2222{
struct buf *bp = b;

(*pr)("  vp %p lblkno 0x%llx blkno 0x%llx dev 0x%x\n"
     "  proc %p error %d flags %lb\n",
   bp->b_vp, (int64_t)bp->b_lblkno, (int64_t)bp->b_blkno, bp->b_dev,
   bp->b_proc, bp->b_error, bp->b_flags, B_BITS"\20\001AGE\002NEEDCOMMIT\003ASYNC\004BAD\005BUSY" "\006CACHE\007CALL\010DELWRI\011DONE\012EINTR\013ERROR"
 "\014INVAL\015NOCACHE\016PHYS\017RAW\020READ" "\021WANTED\022WRITEINPROG\023XXX(FORMAT)\024DEFERRED"
 "\025SCANNED\026DAEMON\027RELEASED\030WARM\031COLD\032BC\033DMA");

(*pr)("  bufsize 0x%lx bcount 0x%lx resid 0x%lx\n"
     "  data %p saveaddr %p dep %p iodone %p\n",
   bp->b_bufsize, bp->b_bcount, (long)bp->b_resid,
   bp->b_data, bp->b_saveaddr,
   LIST_FIRST(&bp->b_dep)((&bp->b_dep)->lh_first), bp->b_iodone);

(*pr)("  dirty {off 0x%x end 0x%x} valid {off 0x%x end 0x%x}\n",
   bp->b_dirtyoff, bp->b_dirtyend, bp->b_validoff, bp->b_validend);

2239#ifdef FFS_SOFTUPDATES1
if (full)
softdep_print(bp, full, pr);
2242#endif
2243}

2245const char *vtypes[] = { VTYPE_NAMES"VNON", "VREG", "VDIR", "VBLK", "VCHR", "VLNK", "VSOCK", "VFIFO"
, "VBAD" };
2246const char *vtags[] = { VTAG_NAMES"NON", "UFS", "NFS", "MFS", "MSDOSFS", "unused", "unused", "unused"
, "ISOFS", "unused", "EXT2FS", "VFS", "NTFS", "UDF", "FUSEFS"
, "TMPFS" };

2248void
2249vfs_vnode_print(void *v, int full,
  int (*pr)(const char *, ...) __attribute__((__format__(__kprintf__,1,2))))
2251{
struct vnode *vp = v;

(*pr)("tag %s(%d) type %s(%d) mount %p typedata %p\n",
     (u_int)vp->v_tag >= nitems(vtags)(sizeof((vtags)) / sizeof((vtags)[0]))? "<unk>":vtags[vp->v_tag],
     vp->v_tag,
     (u_int)vp->v_type >= nitems(vtypes)(sizeof((vtypes)) / sizeof((vtypes)[0]))? "<unk>":vtypes[vp->v_type],
     vp->v_type, vp->v_mount, vp->v_mountedherev_un.vu_mountedhere);

(*pr)("data %p usecount %d writecount %d holdcnt %d numoutput %d\n",
     vp->v_data, vp->v_usecount, vp->v_writecount,
     vp->v_holdcnt, vp->v_numoutput);

/* uvm_object_printit(&vp->v_uobj, full, pr); */

if (full) {
struct buf *bp;

(*pr)("clean bufs:\n");
LIST_FOREACH(bp, &vp->v_cleanblkhd, b_vnbufs)for((bp) = ((&vp->v_cleanblkhd)->lh_first); (bp)!= (
(void *)0); (bp) = ((bp)->b_vnbufs.le_next)) {
	(*pr)(" bp %p\n", bp);
	vfs_buf_print(bp, full, pr);
}

(*pr)("dirty bufs:\n");
LIST_FOREACH(bp, &vp->v_dirtyblkhd, b_vnbufs)for((bp) = ((&vp->v_dirtyblkhd)->lh_first); (bp)!= (
(void *)0); (bp) = ((bp)->b_vnbufs.le_next)) {
	(*pr)(" bp %p\n", bp);
	vfs_buf_print(bp, full, pr);
}
}
2281}

2283void
2284vfs_mount_print(struct mount *mp, int full,
  int (*pr)(const char *, ...) __attribute__((__format__(__kprintf__,1,2))))
2286{
struct vfsconf *vfc = mp->mnt_vfc;
struct vnode *vp;
int cnt;

(*pr)("flags %b\nvnodecovered %p syncer %p data %p\n",
   mp->mnt_flag, MNT_BITS"\20\001RDONLY\002SYNCHRONOUS\003NOEXEC\004NOSUID\005NODEV\006NOPERM"
 "\007ASYNC\010EXRDONLY\011EXPORTED\012DEFEXPORTED\013EXPORTANON"
 "\014WXALLOWED\015LOCAL\016QUOTA\017ROOTFS\020NOATIME\021UPDATE"
 "\022DELEXPORT\023RELOAD\024FORCE\025STALLED\026SWAPPABLE\032WANTRDWR"
 "\033SOFTDEP\034DOOMED",
   mp->mnt_vnodecovered, mp->mnt_syncer, mp->mnt_data);

(*pr)("vfsconf: ops %p name \"%s\" num %d ref %u flags 0x%x\n",
   vfc->vfc_vfsops, vfc->vfc_name, vfc->vfc_typenum,
   vfc->vfc_refcount, vfc->vfc_flags);

(*pr)("statvfs cache: bsize %x iosize %x\n"
   "blocks %llu free %llu avail %lld\n",
   mp->mnt_stat.f_bsize, mp->mnt_stat.f_iosize, mp->mnt_stat.f_blocks,
   mp->mnt_stat.f_bfree, mp->mnt_stat.f_bavail);

(*pr)("  files %llu ffiles %llu favail %lld\n", mp->mnt_stat.f_files,
   mp->mnt_stat.f_ffree, mp->mnt_stat.f_favail);

(*pr)("  f_fsidx {0x%x, 0x%x} owner %u ctime 0x%llx\n",
   mp->mnt_stat.f_fsid.val[0], mp->mnt_stat.f_fsid.val[1],
   mp->mnt_stat.f_owner, mp->mnt_stat.f_ctime);

(*pr)("  syncwrites %llu asyncwrites = %llu\n",
   mp->mnt_stat.f_syncwrites, mp->mnt_stat.f_asyncwrites);

(*pr)("  syncreads %llu asyncreads = %llu\n",
   mp->mnt_stat.f_syncreads, mp->mnt_stat.f_asyncreads);

(*pr)("  fstype \"%s\" mnton \"%s\" mntfrom \"%s\" mntspec \"%s\"\n",
   mp->mnt_stat.f_fstypename, mp->mnt_stat.f_mntonname,
   mp->mnt_stat.f_mntfromname, mp->mnt_stat.f_mntfromspec);

(*pr)("locked vnodes:");
/* XXX would take mountlist lock, except ddb has no context */
cnt = 0;
TAILQ_FOREACH(vp, &mp->mnt_vnodelist, v_mntvnodes)for((vp) = ((&mp->mnt_vnodelist)->tqh_first); (vp) !=
 ((void *)0); (vp) = ((vp)->v_mntvnodes.tqe_next)) {
if (VOP_ISLOCKED(vp)) {
	if (cnt == 0)
		(*pr)("\n  %p", vp);
	else if ((cnt % (72 / (sizeof(void *) * 2 + 4))) == 0)
		(*pr)(",\n  %p", vp);
	else
		(*pr)(", %p", vp);
	cnt++;
}
}
(*pr)("\n");

if (full) {
(*pr)("all vnodes:");
/* XXX would take mountlist lock, except ddb has no context */
cnt = 0;
TAILQ_FOREACH(vp, &mp->mnt_vnodelist, v_mntvnodes)for((vp) = ((&mp->mnt_vnodelist)->tqh_first); (vp) !=
 ((void *)0); (vp) = ((vp)->v_mntvnodes.tqe_next)) {
	if (cnt == 0)
		(*pr)("\n  %p", vp);
	else if ((cnt % (72 / (sizeof(void *) * 2 + 4))) == 0)
		(*pr)(",\n  %p", vp);
	else
		(*pr)(", %p", vp);
	cnt++;
}
(*pr)("\n");
}
2352}
2353#endif /* DDB */

2355void
2356copy_statfs_info(struct statfs *sbp, const struct mount *mp)
2357{
const struct statfs *mbp;

strncpy(sbp->f_fstypename, mp->mnt_vfc->vfc_name, MFSNAMELEN16);

if (sbp == (mbp = &mp->mnt_stat))
return;

sbp->f_fsid = mbp->f_fsid;
sbp->f_owner = mbp->f_owner;
sbp->f_flags = mbp->f_flags;
sbp->f_syncwrites = mbp->f_syncwrites;
sbp->f_asyncwrites = mbp->f_asyncwrites;
sbp->f_syncreads = mbp->f_syncreads;
sbp->f_asyncreads = mbp->f_asyncreads;
sbp->f_namemax = mbp->f_namemax;
memcpy(sbp->f_mntonname, mp->mnt_stat.f_mntonname, MNAMELEN)__builtin_memcpy((sbp->f_mntonname), (mp->mnt_stat.f_mntonname
), (90));
memcpy(sbp->f_mntfromname, mp->mnt_stat.f_mntfromname, MNAMELEN)__builtin_memcpy((sbp->f_mntfromname), (mp->mnt_stat.f_mntfromname
), (90));
memcpy(sbp->f_mntfromspec, mp->mnt_stat.f_mntfromspec, MNAMELEN)__builtin_memcpy((sbp->f_mntfromspec), (mp->mnt_stat.f_mntfromspec
), (90));
memcpy(&sbp->mount_info, &mp->mnt_stat.mount_info,__builtin_memcpy((&sbp->mount_info), (&mp->mnt_stat
.mount_info), (sizeof(union mount_info)))
   sizeof(union mount_info))__builtin_memcpy((&sbp->mount_info), (&mp->mnt_stat
.mount_info), (sizeof(union mount_info)));
2378}