/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 1984, 2010, Oracle and/or its affiliates. All rights reserved.
 */

/*      Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T     */
/*        All Rights Reserved   */

/*
 * University Copyright- Copyright (c) 1982, 1986, 1988
 * The Regents of the University of California
 * All Rights Reserved
 *
 * University Acknowledgment- Portions of this document are derived from
 * software developed by the University of California, Berkeley, and its
 * contributors.
 */

/*
 * Directory manipulation routines.
 *
 * When manipulating directories, the i_rwlock provides serialization
 * since directories cannot be mmapped. The i_contents lock is redundant.
 */

#include <sys/types.h>
#include <sys/t_lock.h>
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/signal.h>
#include <sys/cred.h>
#include <sys/proc.h>
#include <sys/disp.h>
#include <sys/user.h>
#include <sys/vfs.h>
#include <sys/vnode.h>
#include <sys/stat.h>
#include <sys/mode.h>
#include <sys/buf.h>
#include <sys/uio.h>
#include <sys/dnlc.h>
#include <sys/fs/ufs_inode.h>
#include <sys/fs/ufs_fs.h>
#include <sys/mount.h>
#include <sys/fs/ufs_fsdir.h>
#include <sys/fs/ufs_trans.h>
#include <sys/fs/ufs_panic.h>
#include <sys/fs/ufs_quota.h>
#include <sys/errno.h>
#include <sys/debug.h>
#include <vm/seg.h>
#include <sys/sysmacros.h>
#include <sys/cmn_err.h>
#include <sys/cpuvar.h>
#include <sys/unistd.h>
#include <sys/policy.h>

/*
 * This is required since we're using P2ROUNDUP_TYPED on DIRBLKSIZ
 */
#if !ISP2(DIRBLKSIZ)
#error  "DIRBLKSIZ not a power of 2"
#endif

/*
 * A virgin directory.
 */
static struct dirtemplate mastertemplate = {
        0, 12, 1, ".",
        0, DIRBLKSIZ - 12, 2, ".."
};

#define LDIRSIZ(len) \
        ((sizeof (struct direct) - (MAXNAMLEN + 1)) + ((len + 1 + 3) &~ 3))
#define MAX_DIR_NAME_LEN(len) \
        (((len) - (sizeof (struct direct) - (MAXNAMLEN + 1))) - 1)

/*
 * The dnlc directory cache allows a 64 bit handle for directory entries.
 * For ufs we squeeze both the 32 bit inumber and a 32 bit disk offset
 * into the handle. Note, a 32 bit offset allows a 4GB directory, which
 * is way beyond what could be cached in memory by the directory
 * caching routines. So we are quite safe with this limit.
 * The macros below pack and unpack the handle.
 */
#define H_TO_INO(h) (uint32_t)((h) & UINT_MAX)
#define H_TO_OFF(h) (off_t)((h) >> 32)
#define INO_OFF_TO_H(ino, off) (uint64_t)(((uint64_t)(off) << 32) | (ino))

/*
 * The average size of a typical on disk directory entry is about 16 bytes
 * and so defines AV_DIRECT_SHIFT : log2(16)
 * This define is only used to approximate the number of entries
 * is a directory. This is needed for dnlc_dir_start() which will immediately
 * return an error if the value is not within its acceptable range of
 * number of files in a directory.
 */
#define AV_DIRECT_SHIFT 4
/*
 * If the directory size (from i_size) is greater than the ufs_min_dir_cache
 * tunable then we request dnlc directory caching.
 * This has found to be profitable after 1024 file names.
 */
int ufs_min_dir_cache = 1024 << AV_DIRECT_SHIFT;

/* The time point the dnlc directory caching was disabled */
static hrtime_t ufs_dc_disable_at;
/* directory caching disable duration */
static hrtime_t ufs_dc_disable_duration = (hrtime_t)NANOSEC * 5;

#ifdef DEBUG
int dirchk = 1;
#else /* !DEBUG */
int dirchk = 0;
#endif /* DEBUG */
int ufs_negative_cache = 1;
uint64_t ufs_dirremove_retry_cnt;

static void dirbad();
static int ufs_dirrename();
static int ufs_diraddentry();
static int ufs_dirempty();
static int ufs_dirscan();
static int ufs_dirclrdotdot();
static int ufs_dirfixdotdot();
static int ufs_dirpurgedotdot();
static int dirprepareentry();
static int ufs_dirmakedirect();
static int dirbadname();
static int dirmangled();

/*
 * Check accessibility of directory against inquired mode and type.
 * Execute access is required to search the directory.
 * Access for write is interpreted as allowing
 * deletion of files in the directory.
 * Note, the reader i_contents lock will be acquired in
 * ufs_iaccess().
 */
int
ufs_diraccess(struct inode *ip, int mode, struct cred *cr)
{
        if (((ip->i_mode & IFMT) != IFDIR) &&
            ((ip->i_mode & IFMT) != IFATTRDIR))
                return (ENOTDIR);

        return (ufs_iaccess(ip, mode, cr, 1));
}

/*
 * Look for a given name in a directory.  On successful return, *ipp
 * will point to the VN_HELD inode.
 * The caller is responsible for checking accessibility upfront
 * via ufs_diraccess().
 */
int
ufs_dirlook(
        struct inode *dp,
        char *namep,
        struct inode **ipp,
        struct cred *cr,
        int skipdnlc,                   /* skip the 1st level dnlc */
        int skipcaching)                /* force directory caching off */
{
        uint64_t handle;
        struct fbuf *fbp;               /* a buffer of directory entries */
        struct direct *ep;              /* the current directory entry */
        struct vnode *vp;
        struct vnode *dvp;              /* directory vnode ptr */
        struct ulockfs *ulp;
        dcanchor_t *dcap;
        off_t endsearch;                /* offset to end directory search */
        off_t offset;
        off_t start_off;                /* starting offset from middle search */
        off_t last_offset;              /* last offset */
        int entryoffsetinblock;         /* offset of ep in addr's buffer */
        int numdirpasses;               /* strategy for directory search */
        int namlen;                     /* length of name */
        int err;
        int doingchk;
        int i;
        int caching;
        int indeadlock;
        ino_t ep_ino;                   /* entry i number */
        ino_t chkino;
        ushort_t ep_reclen;             /* direct local d_reclen */

        ASSERT(*namep != '\0'); /* All callers ensure *namep is non null */

        if (dp->i_ufsvfs)
                ulp = &dp->i_ufsvfs->vfs_ulockfs;

        /*
         * Check the directory name lookup cache, first for individual files
         * then for complete directories.
         */
        dvp = ITOV(dp);
        if (!skipdnlc && (vp = dnlc_lookup(dvp, namep))) {
                /* vp is already held from dnlc_lookup */
                if (vp == DNLC_NO_VNODE) {
                        VN_RELE(vp);
                        return (ENOENT);
                }
                *ipp = VTOI(vp);
                return (0);
        }

        dcap = &dp->i_danchor;

        /*
         * Grab the reader lock on the directory data before checking
         * the dnlc to avoid a race with ufs_dirremove() & friends.
         *
         * ufs_tryirwlock uses rw_tryenter and checks for SLOCK to
         * avoid i_rwlock, ufs_lockfs_begin deadlock. If deadlock
         * possible, retries the operation.
         */
        ufs_tryirwlock((&dp->i_rwlock), RW_READER, retry_dircache);
        if (indeadlock)
                return (EAGAIN);

        switch (dnlc_dir_lookup(dcap, namep, &handle)) {
        case DFOUND:
                ep_ino = (ino_t)H_TO_INO(handle);
                if (dp->i_number == ep_ino) {
                        VN_HOLD(dvp);   /* want ourself, "." */
                        *ipp = dp;
                        rw_exit(&dp->i_rwlock);
                        return (0);
                }
                if (namep[0] == '.' && namep[1] == '.' && namep[2] == 0) {
                        uint64_t handle2;
                        /*
                         * release the lock on the dir we are searching
                         * to avoid a deadlock when grabbing the
                         * i_contents lock in ufs_iget_alloced().
                         */
                        rw_exit(&dp->i_rwlock);
                        rw_enter(&dp->i_ufsvfs->vfs_dqrwlock, RW_READER);
                        err = ufs_iget_alloced(dp->i_vfs, ep_ino, ipp, cr);
                        rw_exit(&dp->i_ufsvfs->vfs_dqrwlock);
                        /*
                         * must recheck as we dropped dp->i_rwlock
                         */
                        ufs_tryirwlock(&dp->i_rwlock, RW_READER, retry_parent);
                        if (indeadlock) {
                                if (!err)
                                        VN_RELE(ITOV(*ipp));
                                return (EAGAIN);
                        }
                        if (!err && (dnlc_dir_lookup(dcap, namep, &handle2)
                            == DFOUND) && (handle == handle2)) {
                                dnlc_update(dvp, namep, ITOV(*ipp));
                                rw_exit(&dp->i_rwlock);
                                return (0);
                        }
                        /* check failed, read the actual directory */
                        if (!err) {
                                VN_RELE(ITOV(*ipp));
                        }
                        goto restart;
                }
                /* usual case of not "." nor ".." */
                rw_enter(&dp->i_ufsvfs->vfs_dqrwlock, RW_READER);
                err = ufs_iget_alloced(dp->i_vfs, ep_ino, ipp, cr);
                rw_exit(&dp->i_ufsvfs->vfs_dqrwlock);
                if (err) {
                        rw_exit(&dp->i_rwlock);
                        return (err);
                }
                dnlc_update(dvp, namep, ITOV(*ipp));
                rw_exit(&dp->i_rwlock);
                return (0);
        case DNOENT:
                if (ufs_negative_cache && (dp->i_nlink > 0)) {
                        dnlc_enter(dvp, namep, DNLC_NO_VNODE);
                }
                rw_exit(&dp->i_rwlock);
                return (ENOENT);
        default:
                break;
        }
restart:

        fbp = NULL;
        doingchk = 0;
        chkino = 0;
        caching = 0;

        /*
         * Attempt to cache any directories greater than the tunable
         * ufs_min_cache_dir. If it fails due to memory shortage (DNOMEM),
         * disable caching for this directory and record the system time.
         * Any attempt after the disable time has expired will enable
         * the caching again.
         */
        if (!skipcaching && (dp->i_size >= ufs_min_dir_cache)) {
                /*
                 * if the directory caching disable time has expired
                 * enable the caching again.
                 */
                if (dp->i_cachedir == CD_DISABLED_NOMEM &&
                    gethrtime() - ufs_dc_disable_at > ufs_dc_disable_duration) {
                        ufs_dc_disable_at = 0;
                        dp->i_cachedir = CD_ENABLED;
                }
                if (dp->i_cachedir == CD_ENABLED) {
                        switch (dnlc_dir_start(dcap, dp->i_size >>
                            AV_DIRECT_SHIFT)) {
                        case DNOMEM:
                                dp->i_cachedir = CD_DISABLED_NOMEM;
                                ufs_dc_disable_at = gethrtime();
                                break;
                        case DTOOBIG:
                                dp->i_cachedir = CD_DISABLED_TOOBIG;
                                break;
                        case DOK:
                                caching = 1;
                                break;
                        default:
                                break;
                        }
                }
        }
        /*
         * If caching we don't stop when the file has been
         * found, but need to know later, so clear *ipp now
         */
        *ipp = NULL;

recheck:
        if (caching) {
                offset = 0;
                entryoffsetinblock = 0;
                numdirpasses = 1;
        } else {
                /*
                 * Take care to look at dp->i_diroff only once, as it
                 * may be changing due to other threads/cpus.
                 */
                offset = dp->i_diroff;
                if (offset > dp->i_size) {
                        offset = 0;
                }
                if (offset == 0) {
                        entryoffsetinblock = 0;
                        numdirpasses = 1;
                } else {
                        start_off = offset;

                        entryoffsetinblock = blkoff(dp->i_fs, offset);
                        if (entryoffsetinblock != 0) {
                                err = blkatoff(dp, offset, (char **)0, &fbp);
                                if (err)
                                        goto bad;
                        }
                        numdirpasses = 2;
                }
        }
        endsearch = P2ROUNDUP_TYPED(dp->i_size, DIRBLKSIZ, u_offset_t);
        namlen = strlen(namep);
        last_offset = 0;

searchloop:
        while (offset < endsearch) {
                /*
                 * If offset is on a block boundary,
                 * read the next directory block.
                 * Release previous if it exists.
                 */
                if (blkoff(dp->i_fs, offset) == 0) {
                        if (fbp != NULL) {
                                fbrelse(fbp, S_OTHER);
                        }
                        err = blkatoff(dp, offset, (char **)0, &fbp);
                        if (err)
                                goto bad;
                        entryoffsetinblock = 0;
                }

                /*
                 * If the offset to the next entry is invalid or if the
                 * next entry is a zero length record or if the record
                 * length is invalid, then skip to the next directory
                 * block.  Complete validation checks are done if the
                 * record length is invalid.
                 *
                 * Full validation checks are slow so they are disabled
                 * by default.  Complete checks can be run by patching
                 * "dirchk" to be true.
                 *
                 * We have to check the validity of entryoffsetinblock
                 * here because it can be set to i_diroff above.
                 */
                ep = (struct direct *)(fbp->fb_addr + entryoffsetinblock);
                if ((entryoffsetinblock & 0x3) || ep->d_reclen == 0 ||
                    (dirchk || (ep->d_reclen & 0x3)) &&
                    dirmangled(dp, ep, entryoffsetinblock, offset)) {
                        i = DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1));
                        offset += i;
                        entryoffsetinblock += i;
                        if (caching) {
                                dnlc_dir_purge(dcap);
                                caching = 0;
                        }
                        continue;
                }

                ep_reclen = ep->d_reclen;

                /*
                 * Add named entries and free space into the directory cache
                 */
                if (caching) {
                        ushort_t extra;
                        off_t off2;

                        if (ep->d_ino == 0) {
                                extra = ep_reclen;
                                if (offset & (DIRBLKSIZ - 1)) {
                                        dnlc_dir_purge(dcap);
                                        dp->i_cachedir = CD_DISABLED;
                                        caching = 0;
                                }
                        } else {
                                /*
                                 * entries hold the previous offset except the
                                 * 1st which holds the offset + 1
                                 */
                                if (offset & (DIRBLKSIZ - 1)) {
                                        off2 = last_offset;
                                } else {
                                        off2 = offset + 1;
                                }
                                caching = (dnlc_dir_add_entry(dcap, ep->d_name,
                                    INO_OFF_TO_H(ep->d_ino, off2)) == DOK);
                                extra = ep_reclen - DIRSIZ(ep);
                        }
                        if (caching && (extra >= LDIRSIZ(1))) {
                                caching = (dnlc_dir_add_space(dcap, extra,
                                    (uint64_t)offset) == DOK);
                        }
                }

                /*
                 * Check for a name match.
                 * We have the parent inode read locked with i_rwlock.
                 */
                if (ep->d_ino && ep->d_namlen == namlen &&
                    *namep == *ep->d_name &&    /* fast chk 1st chr */
                    bcmp(namep, ep->d_name, (int)ep->d_namlen) == 0) {

                        /*
                         * We have to release the fbp early here to avoid
                         * a possible deadlock situation where we have the
                         * fbp and want the directory inode and someone doing
                         * a ufs_direnter_* has the directory inode and wants
                         * the fbp.  XXX - is this still needed?
                         */
                        ep_ino = (ino_t)ep->d_ino;
                        ASSERT(fbp != NULL);
                        fbrelse(fbp, S_OTHER);
                        fbp = NULL;

                        /*
                         * Atomic update (read lock held)
                         */
                        dp->i_diroff = offset;

                        if (namlen == 2 && namep[0] == '.' && namep[1] == '.') {
                                struct timeval32 omtime;

                                if (caching) {
                                        dnlc_dir_purge(dcap);
                                        caching = 0;
                                }
                                if (doingchk) {
                                        /*
                                         * if the inumber didn't change
                                         * continue with already found inode.
                                         */
                                        if (ep_ino == chkino)
                                                goto checkok;
                                        else {
                                                VN_RELE(ITOV(*ipp));
                                                /* *ipp is nulled at restart */
                                                goto restart;
                                        }
                                }
                                /*
                                 * release the lock on the dir we are searching
                                 * to avoid a deadlock when grabbing the
                                 * i_contents lock in ufs_iget_alloced().
                                 */
                                omtime = dp->i_mtime;
                                rw_exit(&dp->i_rwlock);
                                rw_enter(&dp->i_ufsvfs->vfs_dqrwlock,
                                    RW_READER);
                                err = ufs_iget_alloced(dp->i_vfs, ep_ino, ipp,
                                    cr);
                                rw_exit(&dp->i_ufsvfs->vfs_dqrwlock);
                                ufs_tryirwlock(&dp->i_rwlock, RW_READER,
                                    retry_disk);
                                if (indeadlock) {
                                        if (!err)
                                                VN_RELE(ITOV(*ipp));
                                        return (EAGAIN);
                                }
                                if (err)
                                        goto bad;
                                /*
                                 * Since we released the lock on the directory,
                                 * we must check that the same inode is still
                                 * the ".." entry for this directory.
                                 */
                                /*CSTYLED*/
                                if (timercmp(&omtime, &dp->i_mtime, !=)) {
                                        /*
                                         * Modification time changed on the
                                         * directory, we must go check if
                                         * the inumber changed for ".."
                                         */
                                        doingchk = 1;
                                        chkino = ep_ino;
                                        entryoffsetinblock = 0;
                                        if (caching) {
                                                /*
                                                 * Forget directory caching
                                                 * for this rare case
                                                 */
                                                dnlc_dir_purge(dcap);
                                                caching = 0;
                                        }
                                        goto recheck;
                                }
                        } else if (dp->i_number == ep_ino) {
                                VN_HOLD(dvp);   /* want ourself, "." */
                                *ipp = dp;
                                if (caching) {
                                        dnlc_dir_purge(dcap);
                                        caching = 0;
                                }
                        } else {
                                rw_enter(&dp->i_ufsvfs->vfs_dqrwlock,
                                    RW_READER);
                                err = ufs_iget_alloced(dp->i_vfs, ep_ino, ipp,
                                    cr);
                                rw_exit(&dp->i_ufsvfs->vfs_dqrwlock);
                                if (err)
                                        goto bad;
                        }
checkok:
                        ASSERT(*ipp);
                        dnlc_update(dvp, namep, ITOV(*ipp));
                        /*
                         * If we are not caching then just return the entry
                         * otherwise complete loading up the cache
                         */
                        if (!caching) {
                                rw_exit(&dp->i_rwlock);
                                return (0);
                        }
                        err = blkatoff(dp, offset, (char **)0, &fbp);
                        if (err)
                                goto bad;
                }
                last_offset = offset;
                offset += ep_reclen;
                entryoffsetinblock += ep_reclen;
        }
        /*
         * If we started in the middle of the directory and failed
         * to find our target, we must check the beginning as well.
         */
        if (numdirpasses == 2) {
                numdirpasses--;
                offset = 0;
                endsearch = start_off;
                goto searchloop;
        }

        /*
         * If whole directory caching is on (or was originally on) then
         * the entry may have been found.
         */
        if (*ipp == NULL) {
                err = ENOENT;
                if (ufs_negative_cache && (dp->i_nlink > 0)) {
                        dnlc_enter(dvp, namep, DNLC_NO_VNODE);
                }
        }
        if (caching) {
                dnlc_dir_complete(dcap);
                caching = 0;
        }

bad:
        if (err && *ipp) {
                /*
                 * err and *ipp can both be set if we were attempting to
                 * cache the directory, and we found the entry, then later
                 * while trying to complete the directory cache encountered
                 * a error (eg reading a directory sector).
                 */
                VN_RELE(ITOV(*ipp));
                *ipp = NULL;
        }

        if (fbp)
                fbrelse(fbp, S_OTHER);
        rw_exit(&dp->i_rwlock);
        if (caching)
                dnlc_dir_purge(dcap);
        return (err);
}

/*
 * Write a new directory entry for DE_CREATE or DE_MKDIR operations.
 */
int
ufs_direnter_cm(
        struct inode *tdp,      /* target directory to make entry in */
        char *namep,            /* name of entry */
        enum de_op op,          /* entry operation */
        struct vattr *vap,      /* attributes if new inode needed */
        struct inode **ipp,     /* return entered inode here */
        struct cred *cr,        /* user credentials */
        int flags)              /* no entry exists */
{
        struct inode *tip;      /* inode of (existing) target file */
        char *s;
        struct ufs_slot slot;   /* slot info to pass around */
        int namlen;             /* length of name */
        int err;                /* error number */
        struct inode *nip;      /* new inode */
        int do_rele_nip = 0;    /* release nip */
        int noentry = flags & ~IQUIET;
        int quiet = flags & IQUIET;     /* Suppress out of inodes message */
        int indeadlock;
        struct ulockfs *ulp;

        ASSERT(RW_WRITE_HELD(&tdp->i_rwlock));

        if (((tdp->i_mode & IFMT) == IFATTRDIR) && ((op == DE_MKDIR) ||
            ((vap->va_type == VCHR) || (vap->va_type == VBLK) ||
            (vap->va_type == VDOOR) || (vap->va_type == VSOCK) ||
            (vap->va_type == VFIFO))))
                return (EINVAL);

        /* don't allow '/' characters in pathname component */
        for (s = namep, namlen = 0; *s; s++, namlen++)
                if (*s == '/')
                        return (EACCES);
        ASSERT(namlen);

        /*
         * Check accessibility of target directory.
         */
        if (err = ufs_diraccess(tdp, IEXEC, cr))
                return (err);

        /*
         * If name is "." or ".." then if this is a create look it up
         * and return EEXIST.
         */
        if (namep[0] == '.' &&
            (namlen == 1 || (namlen == 2 && namep[1] == '.'))) {
                /*
                 * ufs_dirlook will acquire the i_rwlock
                 */
                if (tdp->i_ufsvfs)
                        ulp = &tdp->i_ufsvfs->vfs_ulockfs;
                rw_exit(&tdp->i_rwlock);
                if (err = ufs_dirlook(tdp, namep, ipp, cr, 0, 0)) {
                        if (err == EAGAIN)
                                return (err);

                        /*
                         * ufs_tryirwlock uses rw_tryenter and checks for
                         * SLOCK to avoid i_rwlock, ufs_lockfs_begin deadlock.
                         * If deadlock possible, retries the operation.
                         */
                        ufs_tryirwlock(&tdp->i_rwlock, RW_WRITER, retry_err);
                        if (indeadlock)
                                return (EAGAIN);

                        return (err);
                }
                ufs_tryirwlock(&tdp->i_rwlock, RW_WRITER, retry);
                if (indeadlock) {
                        VN_RELE(ITOV(*ipp));
                        return (EAGAIN);
                }
                return (EEXIST);
        }

        /*
         * If target directory has not been removed, then we can consider
         * allowing file to be created.
         */
        if (tdp->i_nlink <= 0) {
                return (ENOENT);
        }

        /*
         * Search for the entry. Return VN_HELD tip if found.
         */
        tip = NULL;
        slot.fbp = NULL;
        slot.status = NONE;
        rw_enter(&tdp->i_ufsvfs->vfs_dqrwlock, RW_READER);
        rw_enter(&tdp->i_contents, RW_WRITER);
        err = ufs_dircheckforname(tdp, namep, namlen, &slot, &tip, cr, noentry);
        if (err)
                goto out;
        if (tip) {
                ASSERT(!noentry);
                *ipp = tip;
                err = EEXIST;
        } else {
                /*
                 * The entry does not exist. Check write permission in
                 * directory to see if entry can be created.
                 */
                if (err = ufs_iaccess(tdp, IWRITE, cr, 0))
                        goto out;
                /*
                 * Make new inode and directory entry.
                 */
                tdp->i_flag |= quiet;
                if (err = ufs_dirmakeinode(tdp, &nip, vap, op, cr)) {
                        if (nip != NULL)
                                do_rele_nip = 1;
                        goto out;
                }
                if (err = ufs_diraddentry(tdp, namep, op,
                    namlen, &slot, nip, NULL, cr)) {
                        /*
                         * Unmake the inode we just made.
                         */
                        rw_enter(&nip->i_contents, RW_WRITER);
                        if (((nip->i_mode & IFMT) == IFDIR) ||
                            ((nip->i_mode & IFMT) == IFATTRDIR)) {
                                tdp->i_nlink--;
                                ufs_setreclaim(tdp);
                                tdp->i_flag |= ICHG;
                                tdp->i_seq++;
                                TRANS_INODE(tdp->i_ufsvfs, tdp);
                                ITIMES_NOLOCK(tdp);
                        }
                        nip->i_nlink = 0;
                        ufs_setreclaim(nip);
                        TRANS_INODE(nip->i_ufsvfs, nip);
                        nip->i_flag |= ICHG;
                        nip->i_seq++;
                        ITIMES_NOLOCK(nip);
                        rw_exit(&nip->i_contents);
                        do_rele_nip = 1;
                } else {
                        *ipp = nip;
                }
        }

out:
        if (slot.fbp)
                fbrelse(slot.fbp, S_OTHER);

        tdp->i_flag &= ~quiet;
        rw_exit(&tdp->i_contents);

        /*
         * Drop vfs_dqrwlock before calling VN_RELE() on nip to
         * avoid deadlock since ufs_delete() grabs vfs_dqrwlock as reader.
         */
        rw_exit(&tdp->i_ufsvfs->vfs_dqrwlock);

        if (do_rele_nip) {
                VN_RELE(ITOV(nip));
        }

        return (err);
}

/*
 * Write a new directory entry for DE_LINK, DE_SYMLINK or DE_RENAME operations.
 */
int
ufs_direnter_lr(
        struct inode *tdp,      /* target directory to make entry in */
        char *namep,            /* name of entry */
        enum de_op op,          /* entry operation */
        struct inode *sdp,      /* source inode parent if rename */
        struct inode *sip,      /* source inode */
        struct cred *cr)        /* user credentials */
{
        struct inode *tip;      /* inode of (existing) target file */
        char *s;
        struct ufs_slot slot;   /* slot info to pass around */
        int namlen;             /* length of name */
        int err;                /* error number */

        /* don't allow '/' characters in pathname component */
        for (s = namep, namlen = 0; *s; s++, namlen++)
                if (*s == '/')
                        return (EACCES);
        ASSERT(namlen);
        ASSERT(RW_WRITE_HELD(&tdp->i_rwlock));

        /*
         * If name is "." or ".." then if this is a create look it up
         * and return EEXIST.  Rename or link TO "." or ".." is forbidden.
         */
        if (namep[0] == '.' &&
            (namlen == 1 || (namlen == 2 && namep[1] == '.'))) {
                if (op == DE_RENAME) {
                        return (EINVAL);        /* *SIGH* should be ENOTEMPTY */
                }
                return (EEXIST);
        }
        /*
         * For link and rename lock the source entry and check the link count
         * to see if it has been removed while it was unlocked.  If not, we
         * increment the link count and force the inode to disk to make sure
         * that it is there before any directory entry that points to it.
         *
         * In the case of a symbolic link, we are dealing with a new inode
         * which does not yet have any links.  We've created it with a link
         * count of 1, and we don't want to increment it since this will be
         * its first link.
         *
         * We are about to push the inode to disk. We make sure
         * that the inode's data blocks are flushed first so the
         * inode and it's data blocks are always in sync.  This
         * adds some robustness in in the event of a power failure
         * or panic where sync fails. If we panic before the
         * inode is updated, then the inode still refers to the
         * old data blocks (or none for a new file). If we panic
         * after the inode is updated, then the inode refers to
         * the new data blocks.
         *
         * We do this before grabbing the i_contents lock because
         * ufs_syncip() will want that lock. We could do the data
         * syncing after the removal checks, but upon return from
         * the data sync we would have to repeat the removal
         * checks.
         */
        if (err = TRANS_SYNCIP(sip, 0, I_DSYNC, TOP_FSYNC)) {
                return (err);
        }

        rw_enter(&sip->i_contents, RW_WRITER);
        if (sip->i_nlink <= 0) {
                rw_exit(&sip->i_contents);
                return (ENOENT);
        }
        if (sip->i_nlink == MAXLINK) {
                rw_exit(&sip->i_contents);
                return (EMLINK);
        }

        /*
         * Sync the indirect blocks associated with the file
         * for the same reasons as described above.  Since this
         * call wants the i_contents lock held for it we can do
         * this here with no extra work.
         */
        if (err = ufs_sync_indir(sip)) {
                rw_exit(&sip->i_contents);
                return (err);
        }

        if (op != DE_SYMLINK)
                sip->i_nlink++;
        TRANS_INODE(sip->i_ufsvfs, sip);
        sip->i_flag |= ICHG;
        sip->i_seq++;
        ufs_iupdat(sip, I_SYNC);
        rw_exit(&sip->i_contents);

        /*
         * If target directory has not been removed, then we can consider
         * allowing file to be created.
         */
        if (tdp->i_nlink <= 0) {
                err = ENOENT;
                goto out2;
        }

        /*
         * Check accessibility of target directory.
         */
        if (err = ufs_diraccess(tdp, IEXEC, cr))
                goto out2;

        /*
         * Search for the entry. Return VN_HELD tip if found.
         */
        tip = NULL;
        slot.status = NONE;
        slot.fbp = NULL;
        rw_enter(&tdp->i_ufsvfs->vfs_dqrwlock, RW_READER);
        rw_enter(&tdp->i_contents, RW_WRITER);
        err = ufs_dircheckforname(tdp, namep, namlen, &slot, &tip, cr, 0);
        if (err)
                goto out;

        if (tip) {
                switch (op) {
                case DE_RENAME:
                        err = ufs_dirrename(sdp, sip, tdp, namep,
                            tip, &slot, cr);
                        break;

                case DE_LINK:
                case DE_SYMLINK:
                        /*
                         * Can't link to an existing file.
                         */
                        err = EEXIST;
                        break;
                default:
                        break;
                }
        } else {
                /*
                 * The entry does not exist. Check write permission in
                 * directory to see if entry can be created.
                 */
                if (err = ufs_iaccess(tdp, IWRITE, cr, 0))
                        goto out;
                err = ufs_diraddentry(tdp, namep, op, namlen, &slot, sip, sdp,
                    cr);
        }

out:
        if (slot.fbp)
                fbrelse(slot.fbp, S_OTHER);

        rw_exit(&tdp->i_contents);

        /*
         * Drop vfs_dqrwlock before calling VN_RELE() on tip to
         * avoid deadlock since ufs_delete() grabs vfs_dqrwlock as reader.
         */
        rw_exit(&tdp->i_ufsvfs->vfs_dqrwlock);

        /*
         * If we renamed a file over the top of an existing file,
         * or linked a file to an existing file (or tried to),
         * then release and delete (or just release) the inode.
         */
        if (tip)
                VN_RELE(ITOV(tip));

out2:
        if (err) {
                /*
                 * Undo bumped link count.
                 */
                if (op != DE_SYMLINK) {
                        rw_enter(&sip->i_contents, RW_WRITER);
                        sip->i_nlink--;
                        ufs_setreclaim(sip);
                        TRANS_INODE(sip->i_ufsvfs, sip);
                        sip->i_flag |= ICHG;
                        sip->i_seq++;
                        ITIMES_NOLOCK(sip);
                        rw_exit(&sip->i_contents);
                }
        }
        return (err);
}

/*
 * Check for the existence of a name in a directory (unless noentry
 * is set) , or else of an empty
 * slot in which an entry may be made.  If the requested name is found,
 * then on return *ipp points at the inode and *offp contains
 * its offset in the directory.  If the name is not found, then *ipp
 * will be NULL and *slotp will contain information about a directory slot in
 * which an entry may be made (either an empty slot, or the first position
 * past the end of the directory).
 * The target directory inode (tdp) is supplied write locked (i_rwlock).
 *
 * This may not be used on "." or "..", but aliases of "." are ok.
 */
int
ufs_dircheckforname(
        struct inode *tdp,      /* inode of directory being checked */
        char *namep,            /* name we're checking for */
        int namlen,             /* length of name, excluding null */
        struct ufs_slot *slotp, /* slot structure */
        struct inode **ipp,     /* return inode if we find one */
        struct cred *cr,
        int noentry)            /* noentry - just look for space */
{
        uint64_t handle;
        struct fbuf *fbp;       /* pointer to directory block */
        struct direct *ep;      /* directory entry */
        struct direct *nep;     /* next directory entry */
        dcanchor_t *dcap;
        vnode_t *dvp;           /* directory vnode ptr */
        off_t dirsize;          /* size of the directory */
        off_t offset;           /* offset in the directory */
        off_t last_offset;      /* last offset */
        off_t enduseful;        /* pointer past last used dir slot */
        int entryoffsetinblk;   /* offset of ep in fbp's buffer */
        int i;                  /* length of mangled entry */
        int needed;
        int err;
        int first;
        int caching;
        int stat;
        ino_t ep_ino;
        slotstat_t initstat = slotp->status;

        ASSERT(RW_WRITE_HELD(&tdp->i_rwlock));
        ASSERT(RW_WRITE_HELD(&tdp->i_contents));
        ASSERT(*ipp == NULL);
        fbp = NULL;

        /*
         * First check if there is a complete cache of the directory.
         */
        dvp = ITOV(tdp);

        dcap = &tdp->i_danchor;
        if (noentry) {
                /*
                 * We know from the 1st level dnlc cache that the entry
                 * doesn't exist, so don't bother searching the directory
                 * cache, but just look for space (possibly in the directory
                 * cache).
                 */
                stat = DNOENT;
        } else {
                stat = dnlc_dir_lookup(dcap, namep, &handle);
        }
        switch (stat) {
        case DFOUND:
                ep_ino = (ino_t)H_TO_INO(handle);
                if (tdp->i_number == ep_ino) {
                        *ipp = tdp;     /* we want ourself, ie "." */
                        VN_HOLD(dvp);
                } else {
                        err = ufs_iget_alloced(tdp->i_vfs, ep_ino, ipp, cr);
                        if (err)
                                return (err);
                }
                offset = H_TO_OFF(handle);
                first = 0;
                if (offset & 1) {
                        /* This is the first entry in the block */
                        first = 1;
                        offset -= 1;
                        ASSERT((offset & (DIRBLKSIZ - 1)) == 0);
                }
                err = blkatoff(tdp, offset, (char **)&ep, &fbp);
                if (err) {
                        VN_RELE(ITOV(*ipp));
                        *ipp = NULL;
                        return (err);
                }
                /*
                 * Check the validity of the entry.
                 * If it's bad, then throw away the cache and
                 * continue without it. The dirmangled() routine
                 * will then be called upon it.
                 */
                if ((ep->d_reclen == 0) || (ep->d_reclen & 0x3)) {
                        VN_RELE(ITOV(*ipp));
                        *ipp = NULL;
                        dnlc_dir_purge(dcap);
                        break;
                }
                /*
                 * Remember the returned offset is the offset of the
                 * preceding record (unless this is the 1st record
                 * in the DIRBLKSIZ sized block (disk sector)), then it's
                 * offset + 1. Note, no real offsets are on odd boundaries.
                 */
                if (first) {
                        ASSERT((offset & (DIRBLKSIZ - 1)) == 0);
                        slotp->offset = offset;
                        slotp->size = 0;
                        slotp->ep = ep;
                } else {
                        /* get the next entry */
                        nep = (struct direct *)((char *)ep + ep->d_reclen);
                        /*
                         * Check the validity of this entry as well
                         * If it's bad, then throw away the cache and
                         * continue without it. The dirmangled() routine
                         * will then be called upon it.
                         */
                        if ((nep->d_reclen == 0) || (nep->d_reclen & 0x3) ||
                            (nep->d_ino != ep_ino)) {
                                VN_RELE(ITOV(*ipp));
                                *ipp = NULL;
                                dnlc_dir_purge(dcap);
                                break;
                        }
                        slotp->offset = offset + ep->d_reclen;
                        slotp->size = ep->d_reclen;
                        slotp->ep = nep;
                }
                slotp->status = EXIST;
                slotp->fbp = fbp;
                slotp->endoff = 0;
                slotp->cached = 1;
                dnlc_update(dvp, namep, ITOV(*ipp));
                return (0);
        case DNOENT:
                /*
                 * The caller gets to set the initial slot status to
                 * indicate whether it's interested in getting a
                 * empty slot. For example, the status can be set
                 * to FOUND when an entry is being deleted.
                 */
                ASSERT(slotp->fbp == NULL);
                if (slotp->status == FOUND) {
                        return (0);
                }
                switch (dnlc_dir_rem_space_by_len(dcap, LDIRSIZ(namlen),
                    &handle)) {
                case DFOUND:
                        offset = (off_t)handle;
                        err = blkatoff(tdp, offset, (char **)&ep, &fbp);
                        if (err) {
                                dnlc_dir_purge(dcap);
                                ASSERT(*ipp == NULL);
                                return (err);
                        }
                        /*
                         * Check the validity of the entry.
                         * If it's bad, then throw away the cache and
                         * continue without it. The dirmangled() routine
                         * will then be called upon it.
                         */
                        if ((ep->d_reclen == 0) || (ep->d_reclen & 0x3)) {
                                dnlc_dir_purge(dcap);
                                break;
                        }
                        /*
                         * Remember the returned offset is the offset of the
                         * containing record.
                         */
                        slotp->status = FOUND;
                        slotp->ep = ep;
                        slotp->offset = offset;
                        slotp->fbp = fbp;
                        slotp->size = ep->d_reclen;
                        /*
                         * Set end offset to 0. Truncation is handled
                         * because the dnlc cache will blow away the
                         * cached directory when an entry is removed
                         * that drops the entries left to less than half
                         * the minumum number (dnlc_min_dir_cache).
                         */
                        slotp->endoff = 0;
                        slotp->cached = 1;
                        return (0);
                case DNOENT:
                        slotp->status = NONE;
                        slotp->offset = P2ROUNDUP_TYPED(tdp->i_size,
                            DIRBLKSIZ, u_offset_t);
                        slotp->size = DIRBLKSIZ;
                        slotp->endoff = 0;
                        slotp->cached = 1;
                        return (0);
                default:
                        break;
                }
                break;
        }
        slotp->cached = 0;
        caching = 0;
        if (!noentry && tdp->i_size >= ufs_min_dir_cache) {
                /*
                 * if the directory caching disable time has expired
                 * enable caching again.
                 */
                if (tdp->i_cachedir == CD_DISABLED_NOMEM &&
                    gethrtime() - ufs_dc_disable_at > ufs_dc_disable_duration) {
                        ufs_dc_disable_at = 0;
                        tdp->i_cachedir = CD_ENABLED;
                }
                /*
                 * Attempt to cache any directories greater than the tunable
                 * ufs_min_cache_dir. If it fails due to memory shortage
                 * (DNOMEM), disable caching for this directory and record
                 * the system time. Any attempt after the disable time has
                 * expired will enable the caching again.
                 */
                if (tdp->i_cachedir == CD_ENABLED) {
                        switch (dnlc_dir_start(dcap,
                            tdp->i_size >> AV_DIRECT_SHIFT)) {
                        case DNOMEM:
                                tdp->i_cachedir = CD_DISABLED_NOMEM;
                                ufs_dc_disable_at = gethrtime();
                                break;
                        case DTOOBIG:
                                tdp->i_cachedir = CD_DISABLED_TOOBIG;
                                break;
                        case DOK:
                                caching = 1;
                                break;
                        default:
                                break;
                        }
                }
        }

        /*
         * No point in using i_diroff since we must search whole directory
         */
        dirsize = P2ROUNDUP_TYPED(tdp->i_size, DIRBLKSIZ, u_offset_t);
        enduseful = 0;
        offset = last_offset = 0;
        entryoffsetinblk = 0;
        needed = (int)LDIRSIZ(namlen);
        while (offset < dirsize) {
                /*
                 * If offset is on a block boundary,
                 * read the next directory block.
                 * Release previous if it exists.
                 */
                if (blkoff(tdp->i_fs, offset) == 0) {
                        if (fbp != NULL)
                                fbrelse(fbp, S_OTHER);

                        err = blkatoff(tdp, offset, (char **)0, &fbp);
                        if (err) {
                                ASSERT(*ipp == NULL);
                                if (caching) {
                                        dnlc_dir_purge(dcap);
                                }
                                return (err);
                        }
                        entryoffsetinblk = 0;
                }
                /*
                 * If still looking for a slot, and at a DIRBLKSIZ
                 * boundary, have to start looking for free space
                 * again.
                 */
                if (slotp->status == NONE &&
                    (entryoffsetinblk & (DIRBLKSIZ - 1)) == 0) {
                        slotp->offset = -1;
                }
                /*
                 * If the next entry is a zero length record or if the
                 * record length is invalid, then skip to the next
                 * directory block.  Complete validation checks are
                 * done if the record length is invalid.
                 *
                 * Full validation checks are slow so they are disabled
                 * by default.  Complete checks can be run by patching
                 * "dirchk" to be true.
                 *
                 * We do not have to check the validity of
                 * entryoffsetinblk here because it starts out as zero
                 * and is only incremented by d_reclen values that we
                 * validate here.
                 */
                ep = (struct direct *)(fbp->fb_addr + entryoffsetinblk);
                if (ep->d_reclen == 0 ||
                    (dirchk || (ep->d_reclen & 0x3)) &&
                    dirmangled(tdp, ep, entryoffsetinblk, offset)) {
                        i = DIRBLKSIZ - (entryoffsetinblk & (DIRBLKSIZ - 1));
                        offset += i;
                        entryoffsetinblk += i;
                        if (caching) {
                                dnlc_dir_purge(dcap);
                                caching = 0;
                        }
                        continue;
                }

                /*
                 * Add named entries and free space into the directory cache
                 */
                if (caching) {
                        ushort_t extra;
                        off_t off2;

                        if (ep->d_ino == 0) {
                                extra = ep->d_reclen;
                                if (offset & (DIRBLKSIZ - 1)) {
                                        dnlc_dir_purge(dcap);
                                        caching = 0;
                                }
                        } else {
                                /*
                                 * entries hold the previous offset if
                                 * not the 1st one
                                 */
                                if (offset & (DIRBLKSIZ - 1)) {
                                        off2 = last_offset;
                                } else {
                                        off2 = offset + 1;
                                }
                                caching = (dnlc_dir_add_entry(dcap, ep->d_name,
                                    INO_OFF_TO_H(ep->d_ino, off2)) == DOK);
                                extra = ep->d_reclen - DIRSIZ(ep);
                        }
                        if (caching && (extra >= LDIRSIZ(1))) {
                                caching = (dnlc_dir_add_space(dcap, extra,
                                    (uint64_t)offset) == DOK);
                        }
                }

                /*
                 * If an appropriate sized slot has not yet been found,
                 * check to see if one is available.
                 */
                if ((slotp->status != FOUND) && (slotp->status != EXIST)) {
                        int size = ep->d_reclen;

                        if (ep->d_ino != 0)
                                size -= DIRSIZ(ep);
                        if (size > 0) {
                                if (size >= needed) {
                                        slotp->offset = offset;
                                        slotp->size = ep->d_reclen;
                                        if (noentry) {
                                                slotp->ep = ep;
                                                slotp->fbp = fbp;
                                                slotp->status = FOUND;
                                                slotp->endoff = 0;
                                                return (0);
                                        }
                                        slotp->status = FOUND;
                                } else if (slotp->status == NONE) {
                                        if (slotp->offset == -1)
                                                slotp->offset = offset;
                                }
                        }
                }
                /*
                 * Check for a name match.
                 */
                if (ep->d_ino && ep->d_namlen == namlen &&
                    *namep == *ep->d_name &&    /* fast chk 1st char */
                    bcmp(namep, ep->d_name, namlen) == 0) {

                        tdp->i_diroff = offset;

                        if (tdp->i_number == ep->d_ino) {
                                *ipp = tdp;     /* we want ourself, ie "." */
                                VN_HOLD(dvp);
                        } else {
                                err = ufs_iget_alloced(tdp->i_vfs,
                                    (ino_t)ep->d_ino, ipp, cr);
                                if (err) {
                                        fbrelse(fbp, S_OTHER);
                                        if (caching)
                                                dnlc_dir_purge(dcap);
                                        return (err);
                                }
                        }
                        slotp->status = EXIST;
                        slotp->offset = offset;
                        slotp->size = (int)(offset - last_offset);
                        slotp->fbp = fbp;
                        slotp->ep = ep;
                        slotp->endoff = 0;
                        if (caching)
                                dnlc_dir_purge(dcap);
                        return (0);
                }
                last_offset = offset;
                offset += ep->d_reclen;
                entryoffsetinblk += ep->d_reclen;
                if (ep->d_ino)
                        enduseful = offset;
        }
        if (fbp) {
                fbrelse(fbp, S_OTHER);
        }

        if (caching) {
                dnlc_dir_complete(dcap);
                slotp->cached = 1;
                if (slotp->status == FOUND) {
                        if (initstat == FOUND) {
                                return (0);
                        }
                        (void) dnlc_dir_rem_space_by_handle(dcap,
                            slotp->offset);
                        slotp->endoff = 0;
                        return (0);
                }
        }

        if (slotp->status == NONE) {
                /*
                 * We didn't find a slot; the new directory entry should be put
                 * at the end of the directory.  Return an indication of where
                 * this is, and set "endoff" to zero; since we're going to have
                 * to extend the directory, we're certainly not going to
                 * truncate it.
                 */
                slotp->offset = dirsize;
                slotp->size = DIRBLKSIZ;
                slotp->endoff = 0;
        } else {
                /*
                 * We found a slot, and will return an indication of where that
                 * slot is, as any new directory entry will be put there.
                 * Since that slot will become a useful entry, if the last
                 * useful entry we found was before this one, update the offset
                 * of the last useful entry.
                 */
                if (enduseful < slotp->offset + slotp->size)
                        enduseful = slotp->offset + slotp->size;
                slotp->endoff = P2ROUNDUP_TYPED(enduseful, DIRBLKSIZ, off_t);
        }
        *ipp = NULL;
        return (0);
}

uint64_t ufs_dirrename_retry_cnt;

/*
 * Rename the entry in the directory tdp so that it points to
 * sip instead of tip.
 */
static int
ufs_dirrename(
        struct inode *sdp,      /* parent directory of source */
        struct inode *sip,      /* source inode */
        struct inode *tdp,      /* parent directory of target */
        char *namep,            /* entry we are trying to change */
        struct inode *tip,      /* target inode */
        struct ufs_slot *slotp, /* slot for entry */
        struct cred *cr)        /* credentials */
{
        vnode_t *tdvp;
        off_t offset;
        int err;
        int doingdirectory;

        ASSERT(sdp->i_ufsvfs != NULL);
        ASSERT(RW_WRITE_HELD(&tdp->i_rwlock));
        ASSERT(RW_WRITE_HELD(&tdp->i_contents));
        /*
         * Short circuit rename of something to itself.
         */
        if (sip->i_number == tip->i_number) {
                return (ESAME); /* special KLUDGE error code */
        }

        /*
         * We're locking 2 peer level locks, so must use tryenter
         * on the 2nd to avoid deadlocks that would occur
         * if we renamed a->b and b->a concurrently.
         */
retry:
        rw_enter(&tip->i_contents, RW_WRITER);
        if (!rw_tryenter(&sip->i_contents, RW_READER)) {
                /*
                 * drop tip and wait (sleep) until we stand a chance
                 * of holding sip
                 */
                rw_exit(&tip->i_contents);
                rw_enter(&sip->i_contents, RW_READER);
                /*
                 * Reverse the lock grabs in case we have heavy
                 * contention on the 2nd lock.
                 */
                if (!rw_tryenter(&tip->i_contents, RW_WRITER)) {
                        ufs_dirrename_retry_cnt++;
                        rw_exit(&sip->i_contents);
                        goto retry;
                }
        }

        /*
         * Check that everything is on the same filesystem.
         */
        if ((ITOV(tip)->v_vfsp != ITOV(tdp)->v_vfsp) ||
            (ITOV(tip)->v_vfsp != ITOV(sip)->v_vfsp)) {
                err = EXDEV;            /* XXX archaic */
                goto out;
        }
        /*
         * Must have write permission to rewrite target entry.
         * Perform additional checks for sticky directories.
         */
        if ((err = ufs_iaccess(tdp, IWRITE, cr, 0)) != 0 ||
            (err = ufs_sticky_remove_access(tdp, tip, cr)) != 0)
                goto out;

        /*
         * Ensure source and target are compatible (both directories
         * or both not directories).  If target is a directory it must
         * be empty and have no links to it; in addition it must not
         * be a mount point, and both the source and target must be
         * writable.
         */
        doingdirectory = (((sip->i_mode & IFMT) == IFDIR) ||
            ((sip->i_mode & IFMT) == IFATTRDIR));
        if (((tip->i_mode & IFMT) == IFDIR) ||
            ((tip->i_mode & IFMT) == IFATTRDIR)) {
                if (!doingdirectory) {
                        err = EISDIR;
                        goto out;
                }
                /*
                 * vn_vfsrlock will prevent mounts from using the directory
                 * until we are done.
                 */
                if (vn_vfsrlock(ITOV(tip))) {
                        err = EBUSY;
                        goto out;
                }
                if (vn_mountedvfs(ITOV(tip)) != NULL) {
                        vn_vfsunlock(ITOV(tip));
                        err = EBUSY;
                        goto out;
                }
                if (!ufs_dirempty(tip, tdp->i_number, cr) || tip->i_nlink > 2) {
                        vn_vfsunlock(ITOV(tip));
                        err = EEXIST;   /* SIGH should be ENOTEMPTY */
                        goto out;
                }
        } else if (doingdirectory) {
                err = ENOTDIR;
                goto out;
        }

        /*
         * Rewrite the inode pointer for target name entry
         * from the target inode (ip) to the source inode (sip).
         * This prevents the target entry from disappearing
         * during a crash. Mark the directory inode to reflect the changes.
         */
        tdvp = ITOV(tdp);
        slotp->ep->d_ino = (int32_t)sip->i_number;
        dnlc_update(tdvp, namep, ITOV(sip));
        if (slotp->size) {
                offset = slotp->offset - slotp->size;
        } else {
                offset = slotp->offset + 1;
        }
        if (slotp->cached) {
                (void) dnlc_dir_update(&tdp->i_danchor, namep,
                    INO_OFF_TO_H(slotp->ep->d_ino, offset));
        }

        err = TRANS_DIR(tdp, slotp->offset);
        if (err)
                fbrelse(slotp->fbp, S_OTHER);
        else
                err = ufs_fbwrite(slotp->fbp, tdp);

        slotp->fbp = NULL;
        if (err) {
                if (doingdirectory)
                        vn_vfsunlock(ITOV(tip));
                goto out;
        }

        TRANS_INODE(tdp->i_ufsvfs, tdp);
        tdp->i_flag |= IUPD|ICHG;
        tdp->i_seq++;
        ITIMES_NOLOCK(tdp);

        /*
         * Decrement the link count of the target inode.
         * Fix the ".." entry in sip to point to dp.
         * This is done after the new entry is on the disk.
         */
        tip->i_nlink--;
        TRANS_INODE(tip->i_ufsvfs, tip);
        tip->i_flag |= ICHG;
        tip->i_seq++;
        ITIMES_NOLOCK(tip);
        if (doingdirectory) {
                /*
                 * The entry for tip no longer exists so I can unlock the
                 * vfslock.
                 */
                vn_vfsunlock(ITOV(tip));
                /*
                 * Decrement target link count once more if it was a directory.
                 */
                if (--tip->i_nlink != 0) {
                        err = ufs_fault(ITOV(tip),
                    "ufs_dirrename: target directory link count != 0 (%s)",
                            tip->i_fs->fs_fsmnt);
                        rw_exit(&tip->i_contents);
                        return (err);
                }
                TRANS_INODE(tip->i_ufsvfs, tip);
                ufs_setreclaim(tip);
                /*
                 * Renaming a directory with the parent different
                 * requires that ".." be rewritten.  The window is
                 * still there for ".." to be inconsistent, but this
                 * is unavoidable, and a lot shorter than when it was
                 * done in a user process.  We decrement the link
                 * count in the new parent as appropriate to reflect
                 * the just-removed target.  If the parent is the
                 * same, this is appropriate since the original
                 * directory is going away.  If the new parent is
                 * different, ufs_dirfixdotdot() will bump the link count
                 * back.
                 */
                tdp->i_nlink--;
                ufs_setreclaim(tdp);
                TRANS_INODE(tdp->i_ufsvfs, tdp);
                tdp->i_flag |= ICHG;
                tdp->i_seq++;
                ITIMES_NOLOCK(tdp);
                if (sdp != tdp) {
                        rw_exit(&tip->i_contents);
                        rw_exit(&sip->i_contents);
                        err = ufs_dirfixdotdot(sip, sdp, tdp);
                        return (err);
                }
        } else
                ufs_setreclaim(tip);
out:
        rw_exit(&tip->i_contents);
        rw_exit(&sip->i_contents);
        return (err);
}

/*
 * Fix the ".." entry of the child directory so that it points
 * to the new parent directory instead of the old one.  Routine
 * assumes that dp is a directory and that all the inodes are on
 * the same file system.
 */
static int
ufs_dirfixdotdot(
        struct inode *dp,       /* child directory */
        struct inode *opdp,     /* old parent directory */
        struct inode *npdp)     /* new parent directory */
{
        struct fbuf *fbp;
        struct dirtemplate *dirp;
        vnode_t *dvp;
        int err;

        ASSERT(RW_WRITE_HELD(&npdp->i_rwlock));
        ASSERT(RW_WRITE_HELD(&npdp->i_contents));

        /*
         * We hold the child directory's i_contents lock before calling
         * blkatoff so that we honor correct locking protocol which is
         * i_contents lock and then page lock. (blkatoff will call
         * ufs_getpage where we want the page lock)
         * We hold the child directory's i_rwlock before i_contents (as
         * per the locking protocol) since we are modifying the ".." entry
         * of the child directory.
         * We hold the i_rwlock and i_contents lock until we record
         * this directory delta to the log (via ufs_trans_dir) and have
         * done fbrelse.
         */
        rw_enter(&dp->i_rwlock, RW_WRITER);
        rw_enter(&dp->i_contents, RW_WRITER);
        err = blkatoff(dp, (off_t)0, (char **)&dirp, &fbp);
        if (err)
                goto bad;

        if (dp->i_nlink <= 0 ||
            dp->i_size < sizeof (struct dirtemplate)) {
                err = ENOENT;
                goto bad;
        }

        if (dirp->dotdot_namlen != 2 ||
            dirp->dotdot_name[0] != '.' ||
            dirp->dotdot_name[1] != '.') {      /* Sanity check. */
                dirbad(dp, "mangled .. entry", (off_t)0);
                err = ENOTDIR;
                goto bad;
        }

        /*
         * Increment the link count in the new parent inode and force it out.
         */
        if (npdp->i_nlink == MAXLINK) {
                err = EMLINK;
                goto bad;
        }
        npdp->i_nlink++;
        TRANS_INODE(npdp->i_ufsvfs, npdp);
        npdp->i_flag |= ICHG;
        npdp->i_seq++;
        ufs_iupdat(npdp, I_SYNC);

        /*
         * Rewrite the child ".." entry and force it out.
         */
        dvp = ITOV(dp);
        dirp->dotdot_ino = (uint32_t)npdp->i_number;
        dnlc_update(dvp, "..", ITOV(npdp));
        (void) dnlc_dir_update(&dp->i_danchor, "..",
            INO_OFF_TO_H(dirp->dotdot_ino, 0));

        err = TRANS_DIR(dp, 0);
        if (err)
                fbrelse(fbp, S_OTHER);
        else
                err = ufs_fbwrite(fbp, dp);

        fbp = NULL;
        if (err)
                goto bad;

        rw_exit(&dp->i_contents);
        rw_exit(&dp->i_rwlock);

        /*
         * Decrement the link count of the old parent inode and force it out.
         */
        ASSERT(opdp);
        rw_enter(&opdp->i_contents, RW_WRITER);
        ASSERT(opdp->i_nlink > 0);
        opdp->i_nlink--;
        ufs_setreclaim(opdp);
        TRANS_INODE(opdp->i_ufsvfs, opdp);
        opdp->i_flag |= ICHG;
        opdp->i_seq++;
        ufs_iupdat(opdp, I_SYNC);
        rw_exit(&opdp->i_contents);
        return (0);

bad:
        if (fbp)
                fbrelse(fbp, S_OTHER);
        rw_exit(&dp->i_contents);
        rw_exit(&dp->i_rwlock);
        return (err);
}

/*
 * Enter the file sip in the directory tdp with name namep.
 */
static int
ufs_diraddentry(
        struct inode *tdp,
        char *namep,
        enum de_op op,
        int namlen,
        struct ufs_slot *slotp,
        struct inode *sip,
        struct inode *sdp,
        struct cred *cr)
{
        struct direct *ep, *nep;
        vnode_t *tdvp;
        dcanchor_t *dcap = &tdp->i_danchor;
        off_t offset;
        int err;
        ushort_t extra;

        ASSERT(RW_WRITE_HELD(&tdp->i_rwlock));
        ASSERT(RW_WRITE_HELD(&tdp->i_contents));
        /*
         * Prepare a new entry.  If the caller has not supplied an
         * existing inode, make a new one.
         */
        err = dirprepareentry(tdp, slotp, cr);
        if (err) {
                if (slotp->fbp) {
                        fbrelse(slotp->fbp, S_OTHER);
                        slotp->fbp = NULL;
                }
                return (err);
        }
        /*
         * Check inode to be linked to see if it is in the
         * same filesystem.
         */
        if (ITOV(tdp)->v_vfsp != ITOV(sip)->v_vfsp) {
                err = EXDEV;
                goto bad;
        }

        /*
         * If renaming a directory then fix up the ".." entry in the
         * directory to point to the new parent.
         */
        if ((op == DE_RENAME) && (((sip->i_mode & IFMT) == IFDIR) ||
            ((sip->i_mode & IFMT) == IFATTRDIR)) && (sdp != tdp)) {
                err = ufs_dirfixdotdot(sip, sdp, tdp);
                if (err)
                        goto bad;
        }

        /*
         * Fill in entry data.
         */
        ep = slotp->ep;
        ep->d_namlen = (ushort_t)namlen;
        (void) strncpy(ep->d_name, namep, (size_t)((namlen + 4) & ~3));
        ep->d_ino = (uint32_t)sip->i_number;
        tdvp = ITOV(tdp);
        dnlc_update(tdvp, namep, ITOV(sip));
        /*
         * Note the offset supplied for any named entry is
         * the offset of the previous one, unless it's the 1st.
         * slotp->size is used to pass the length to
         * the previous entry.
         */
        if (slotp->size) {
                offset = slotp->offset - slotp->size;
        } else {
                offset = slotp->offset + 1;
        }

        if (slotp->cached) {
                /*
                 * Add back any usable unused space to the dnlc directory
                 * cache.
                 */
                extra = ep->d_reclen - DIRSIZ(ep);
                if (extra >= LDIRSIZ(1)) {
                        (void) dnlc_dir_add_space(dcap, extra,
                            (uint64_t)slotp->offset);
                }

                (void) dnlc_dir_add_entry(dcap, namep,
                    INO_OFF_TO_H(ep->d_ino, offset));

                /* adjust the previous offset of the next entry */
                nep = (struct direct *)((char *)ep + ep->d_reclen);
                if ((uintptr_t)nep & (DIRBLKSIZ - 1)) {
                        /*
                         * Not a new block.
                         *
                         * Check the validity of the next entry.
                         * If it's bad, then throw away the cache, and
                         * continue as before directory caching.
                         */
                        if ((nep->d_reclen == 0) || (nep->d_reclen & 0x3) ||
                            dnlc_dir_update(dcap, nep->d_name,
                            INO_OFF_TO_H(nep->d_ino, slotp->offset))
                            == DNOENT) {
                                dnlc_dir_purge(dcap);
                                slotp->cached = 0;
                        }
                }
        }

        /*
         * Write out the directory block.
         */
        err = TRANS_DIR(tdp, slotp->offset);
        if (err)
                fbrelse(slotp->fbp, S_OTHER);
        else
                err = ufs_fbwrite(slotp->fbp, tdp);

        slotp->fbp = NULL;
        /*
         * If this is a rename of a directory, then we have already
         * fixed the ".." entry to refer to the new parent. If err
         * is true at this point, we have failed to update the new
         * parent to refer to the renamed directory.
         * XXX - we need to unwind the ".." fix.
         */
        if (err)
                return (err);

        /*
         * Mark the directory inode to reflect the changes.
         * Truncate the directory to chop off blocks of empty entries.
         */

        TRANS_INODE(tdp->i_ufsvfs, tdp);
        tdp->i_flag |= IUPD|ICHG;
        tdp->i_seq++;
        tdp->i_diroff = 0;
        ITIMES_NOLOCK(tdp);
        /*
         * If the directory grew then dirprepareentry() will have
         * set IATTCHG in tdp->i_flag, then the directory inode must
         * be flushed out. This is because if fsync() is used later
         * the directory size must be correct, otherwise a crash would
         * cause fsck to move the file to lost+found. Also because later
         * a file may be linked in more than one directory, then there
         * is no way to flush the original directory. So it must be
         * flushed out on creation. See bug 4293809.
         */
        if (tdp->i_flag & IATTCHG) {
                ufs_iupdat(tdp, I_SYNC);
        }

        if (slotp->endoff && (slotp->endoff < tdp->i_size)) {
                if (!TRANS_ISTRANS(tdp->i_ufsvfs)) {
                        (void) ufs_itrunc(tdp, (u_offset_t)slotp->endoff, 0,
                            cr);
                }
        }


        return (0);

bad:
        if (slotp->cached) {
                dnlc_dir_purge(dcap);
                fbrelse(slotp->fbp, S_OTHER);
                slotp->cached = 0;
                slotp->fbp = NULL;
                return (err);
        }

        /*
         * Clear out entry prepared by dirprepareent.
         */
        slotp->ep->d_ino = 0;
        slotp->ep->d_namlen = 0;

        /*
         * Don't touch err so we don't clobber the real error that got us here.
         */
        if (TRANS_DIR(tdp, slotp->offset))
                fbrelse(slotp->fbp, S_OTHER);
        else
                (void) ufs_fbwrite(slotp->fbp, tdp);
        slotp->fbp = NULL;
        return (err);
}

/*
 * Prepare a directory slot to receive an entry.
 */
static int
dirprepareentry(
        struct inode *dp,       /* directory we are working in */
        struct ufs_slot *slotp, /* available slot info */
        struct cred *cr)
{
        struct direct *ep, *nep;
        off_t entryend;
        int err;
        slotstat_t status = slotp->status;
        ushort_t dsize;

        ASSERT((status == NONE) || (status == FOUND));
        ASSERT(RW_WRITE_HELD(&dp->i_rwlock));
        ASSERT(RW_WRITE_HELD(&dp->i_contents));
        /*
         * If we didn't find a slot, then indicate that the
         * new slot belongs at the end of the directory.
         * If we found a slot, then the new entry can be
         * put at slotp->offset.
         */
        entryend = slotp->offset + slotp->size;
        if (status == NONE) {
                ASSERT((slotp->offset & (DIRBLKSIZ - 1)) == 0);
                if (DIRBLKSIZ > dp->i_fs->fs_fsize) {
                        err = ufs_fault(ITOV(dp),
                            "dirprepareentry: bad fs_fsize, DIRBLKSIZ: %d"
                            " > dp->i_fs->fs_fsize: %d (%s)",
                            DIRBLKSIZ, dp->i_fs->fs_fsize, dp->i_fs->fs_fsmnt);
                        return (err);
                }
                /*
                 * Allocate the new block.
                 */
                err = BMAPALLOC(dp, (u_offset_t)slotp->offset,
                    (int)(blkoff(dp->i_fs, slotp->offset) + DIRBLKSIZ), cr);
                if (err) {
                        return (err);
                }
                dp->i_size = entryend;
                TRANS_INODE(dp->i_ufsvfs, dp);
                dp->i_flag |= IUPD|ICHG|IATTCHG;
                dp->i_seq++;
                ITIMES_NOLOCK(dp);
        } else if (entryend > dp->i_size) {
                /*
                 * Adjust directory size, if needed. This should never
                 * push the size past a new multiple of DIRBLKSIZ.
                 * This is an artifact of the old (4.2BSD) way of initializing
                 * directory sizes to be less than DIRBLKSIZ.
                 */
                dp->i_size = P2ROUNDUP_TYPED(entryend, DIRBLKSIZ, off_t);
                TRANS_INODE(dp->i_ufsvfs, dp);
                dp->i_flag |= IUPD|ICHG|IATTCHG;
                dp->i_seq++;
                ITIMES_NOLOCK(dp);
        }

        /*
         * Get the block containing the space for the new directory entry.
         */
        if (slotp->fbp == NULL) {
                err = blkatoff(dp, slotp->offset, (char **)&slotp->ep,
                    &slotp->fbp);
                if (err) {
                        return (err);
                }
        }
        ep = slotp->ep;

        switch (status) {
        case NONE:
                /*
                 * No space in the directory. slotp->offset will be on a
                 * directory block boundary and we will write the new entry
                 * into a fresh block.
                 */
                ep->d_reclen = DIRBLKSIZ;
                slotp->size = 0; /* length of previous entry */
                break;
        case FOUND:
                /*
                 * An entry of the required size has been found. Use it.
                 */
                if (ep->d_ino == 0) {
                        /* this is the 1st record in a block */
                        slotp->size = 0; /* length of previous entry */
                } else {
                        dsize = DIRSIZ(ep);
                        nep = (struct direct *)((char *)ep + dsize);
                        nep->d_reclen = ep->d_reclen - dsize;
                        ep->d_reclen = dsize;
                        slotp->ep = nep;
                        slotp->offset += dsize;
                        slotp->size = dsize; /* length of previous entry */
                }
                break;
        default:
                break;
        }
        return (0);
}

/*
 * Allocate and initialize a new inode that will go into directory tdp.
 * This routine is called from ufs_symlink(), as well as within this file.
 */
int
ufs_dirmakeinode(
        struct inode *tdp,
        struct inode **ipp,
        struct vattr *vap,
        enum de_op op,
        struct cred *cr)
{
        struct inode *ip;
        enum vtype type;
        int imode;                      /* mode and format as in inode */
        ino_t ipref;
        int err;
        timestruc_t now;

        ASSERT(vap != NULL);
        ASSERT(op == DE_CREATE || op == DE_MKDIR || op == DE_ATTRDIR ||
            op == DE_SYMLINK);
        ASSERT((vap->va_mask & (AT_TYPE|AT_MODE)) == (AT_TYPE|AT_MODE));
        ASSERT(RW_WRITE_HELD(&tdp->i_rwlock));
        ASSERT(RW_WRITE_HELD(&tdp->i_contents));
        /*
         * Allocate a new inode.
         */
        type = vap->va_type;
        if (type == VDIR) {
                ipref = dirpref(tdp);
        } else {
                ipref = tdp->i_number;
        }
        if (op == DE_ATTRDIR)
                imode = vap->va_mode;
        else
                imode = MAKEIMODE(type, vap->va_mode);
        *ipp = NULL;
        err = ufs_ialloc(tdp, ipref, imode, &ip, cr);
        if (err)
                return (err);

        /*
         * We don't need to grab vfs_dqrwlock here because it is held
         * in ufs_direnter_*() above us.
         */
        ASSERT(RW_READ_HELD(&ip->i_ufsvfs->vfs_dqrwlock));
        rw_enter(&ip->i_contents, RW_WRITER);
        if (ip->i_dquot != NULL) {
                err = ufs_fault(ITOV(ip),
                    "ufs_dirmakeinode, ip->i_dquot != NULL: dquot (%s)",
                    tdp->i_fs->fs_fsmnt);
                rw_exit(&ip->i_contents);
                return (err);
        }
        *ipp = ip;
        ip->i_mode = (o_mode_t)imode;
        if (type == VBLK || type == VCHR) {
                dev_t d = vap->va_rdev;
                dev32_t dev32;

                /*
                 * Don't allow a special file to be created with a
                 * dev_t that cannot be represented by this filesystem
                 * format on disk.
                 */
                if (!cmpldev(&dev32, d)) {
                        err = EOVERFLOW;
                        goto fail;
                }

                ITOV(ip)->v_rdev = ip->i_rdev = d;

                if (dev32 & ~((O_MAXMAJ << L_BITSMINOR32) | O_MAXMIN)) {
                        ip->i_ordev = dev32; /* can't use old format */
                } else {
                        ip->i_ordev = cmpdev(d);
                }
        }
        ITOV(ip)->v_type = type;
        ufs_reset_vnode(ip->i_vnode);
        if (type == VDIR) {
                ip->i_nlink = 2; /* anticipating a call to dirmakedirect */
        } else {
                ip->i_nlink = 1;
        }

        if (op == DE_ATTRDIR) {
                ip->i_uid = vap->va_uid;
                ip->i_gid = vap->va_gid;
        } else
                ip->i_uid = crgetuid(cr);
        /*
         * To determine the group-id of the created file:
         *   1) If the gid is set in the attribute list (non-Sun & pre-4.0
         *      clients are not likely to set the gid), then use it if
         *      the process is privileged, belongs to the target group,
         *      or the group is the same as the parent directory.
         *   2) If the filesystem was not mounted with the Old-BSD-compatible
         *      GRPID option, and the directory's set-gid bit is clear,
         *      then use the process's gid.
         *   3) Otherwise, set the group-id to the gid of the parent directory.
         */
        if (op != DE_ATTRDIR && (vap->va_mask & AT_GID) &&
            ((vap->va_gid == tdp->i_gid) || groupmember(vap->va_gid, cr) ||
            secpolicy_vnode_create_gid(cr) == 0)) {
                /*
                 * XXX - is this only the case when a 4.0 NFS client, or a
                 * client derived from that code, makes a call over the wire?
                 */
                ip->i_gid = vap->va_gid;
        } else
                ip->i_gid = (tdp->i_mode & ISGID) ? tdp->i_gid : crgetgid(cr);

        /*
         * For SunOS 5.0->5.4, the lines below read:
         *
         * ip->i_suid = (ip->i_uid > MAXUID) ? UID_LONG : ip->i_uid;
         * ip->i_sgid = (ip->i_gid > MAXUID) ? GID_LONG : ip->i_gid;
         *
         * where MAXUID was set to 60002.  See notes on this in ufs_inode.c
         */
        ip->i_suid =
            (ulong_t)ip->i_uid > (ulong_t)USHRT_MAX ? UID_LONG : ip->i_uid;
        ip->i_sgid =
            (ulong_t)ip->i_gid > (ulong_t)USHRT_MAX ? GID_LONG : ip->i_gid;

        /*
         * If we're creating a directory, and the parent directory has the
         * set-GID bit set, set it on the new directory.
         * Otherwise, if the user is neither privileged nor a member of the
         * file's new group, clear the file's set-GID bit.
         */
        if ((tdp->i_mode & ISGID) && (type == VDIR))
                ip->i_mode |= ISGID;
        else {
                if ((ip->i_mode & ISGID) &&
                    secpolicy_vnode_setids_setgids(cr, ip->i_gid) != 0)
                        ip->i_mode &= ~ISGID;
        }

        if (((vap->va_mask & AT_ATIME) && TIMESPEC_OVERFLOW(&vap->va_atime)) ||
            ((vap->va_mask & AT_MTIME) && TIMESPEC_OVERFLOW(&vap->va_mtime))) {
                err = EOVERFLOW;
                goto fail;
        }

        /*
         * Extended attribute directories are not subject to quotas.
         */
        if (op != DE_ATTRDIR)
                ip->i_dquot = getinoquota(ip);
        else
                ip->i_dquot = NULL;

        if (op == DE_MKDIR || op == DE_ATTRDIR) {
                err = ufs_dirmakedirect(ip, tdp, (op == DE_MKDIR) ? 0 : 1, cr);
                if (err)
                        goto fail;
        }

        /*
         * generate the shadow inode and attach it to the new object
         */
        ASSERT((tdp->i_shadow && tdp->i_ufs_acl) ||
            (!tdp->i_shadow && !tdp->i_ufs_acl));
        if (tdp->i_shadow && tdp->i_ufs_acl &&
            (((tdp->i_mode & IFMT) == IFDIR) ||
            ((tdp->i_mode & IFMT) == IFATTRDIR))) {
                err = ufs_si_inherit(ip, tdp, ip->i_mode, cr);
                if (err) {
                        if (op == DE_MKDIR) {
                                /*
                                 * clean up parent directory
                                 *
                                 * tdp->i_contents already locked from
                                 * ufs_direnter_*()
                                 */
                                tdp->i_nlink--;
                                TRANS_INODE(tdp->i_ufsvfs, tdp);
                                tdp->i_flag |= ICHG;
                                tdp->i_seq++;
                                ufs_iupdat(tdp, I_SYNC);
                        }
                        goto fail;
                }
        }

        /*
         * If the passed in attributes contain atime and/or mtime
         * settings, then use them instead of using the current
         * high resolution time.
         */
        if (vap->va_mask & (AT_MTIME|AT_ATIME)) {
                if (vap->va_mask & AT_ATIME) {
                        ip->i_atime.tv_sec = vap->va_atime.tv_sec;
                        ip->i_atime.tv_usec = vap->va_atime.tv_nsec / 1000;
                        ip->i_flag &= ~IACC;
                } else
                        ip->i_flag |= IACC;
                if (vap->va_mask & AT_MTIME) {
                        ip->i_mtime.tv_sec = vap->va_mtime.tv_sec;
                        ip->i_mtime.tv_usec = vap->va_mtime.tv_nsec / 1000;
                        gethrestime(&now);
                        if (now.tv_sec > TIME32_MAX) {
                                /*
                                 * In 2038, ctime sticks forever..
                                 */
                                ip->i_ctime.tv_sec = TIME32_MAX;
                                ip->i_ctime.tv_usec = 0;
                        } else {
                                ip->i_ctime.tv_sec = now.tv_sec;
                                ip->i_ctime.tv_usec = now.tv_nsec / 1000;
                        }
                        ip->i_flag &= ~(IUPD|ICHG);
                        ip->i_flag |= IMODTIME;
                } else
                        ip->i_flag |= IUPD|ICHG;
                ip->i_flag |= IMOD;
        } else
                ip->i_flag |= IACC|IUPD|ICHG;
        ip->i_seq++;

        /*
         * If this is an attribute tag it as one.
         */
        if ((tdp->i_mode & IFMT) == IFATTRDIR) {
                ip->i_cflags |= IXATTR;
        }

        /*
         * push inode before it's name appears in a directory
         */
        TRANS_INODE(ip->i_ufsvfs, ip);
        ufs_iupdat(ip, I_SYNC);
        rw_exit(&ip->i_contents);
        return (0);

fail:
        /* Throw away inode we just allocated. */
        ip->i_nlink = 0;
        ufs_setreclaim(ip);
        TRANS_INODE(ip->i_ufsvfs, ip);
        ip->i_flag |= ICHG;
        ip->i_seq++;
        ITIMES_NOLOCK(ip);
        rw_exit(&ip->i_contents);
        return (err);
}

/*
 * Write a prototype directory into the empty inode ip, whose parent is dp.
 */
static int
ufs_dirmakedirect(
        struct inode *ip,               /* new directory */
        struct inode *dp,               /* parent directory */
        int     attrdir,
        struct cred *cr)
{
        struct dirtemplate *dirp;
        struct fbuf *fbp;
        int err;

        ASSERT(RW_WRITE_HELD(&ip->i_contents));
        ASSERT(RW_WRITE_HELD(&dp->i_rwlock));
        ASSERT(RW_WRITE_HELD(&dp->i_contents));
        /*
         * Allocate space for the directory we're creating.
         */
        err = BMAPALLOC(ip, (u_offset_t)0, DIRBLKSIZ, cr);
        if (err)
                return (err);
        if (DIRBLKSIZ > dp->i_fs->fs_fsize) {
                err = ufs_fault(ITOV(dp),
"ufs_dirmakedirect: bad fs_fsize, DIRBLKSIZ: %d > dp->i_fs->fs_fsize: %d (%s)",
                    DIRBLKSIZ, dp->i_fs->fs_fsize,
                    dp->i_fs->fs_fsmnt);
                return (err);
        }
        ip->i_size = DIRBLKSIZ;
        TRANS_INODE(ip->i_ufsvfs, ip);
        ip->i_flag |= IUPD|ICHG|IATTCHG;
        ip->i_seq++;
        ITIMES_NOLOCK(ip);
        /*
         * Update the tdp link count and write out the change.
         * This reflects the ".." entry we'll soon write.
         */
        if (dp->i_nlink == MAXLINK)
                return (EMLINK);
        if (attrdir == 0)
                dp->i_nlink++;
        TRANS_INODE(dp->i_ufsvfs, dp);
        dp->i_flag |= ICHG;
        dp->i_seq++;
        ufs_iupdat(dp, I_SYNC);
        /*
         * Initialize directory with "."
         * and ".." from static template.
         *
         * Since the parent directory is locked, we don't have to
         * worry about anything changing when we drop the write
         * lock on (ip).
         *
         */
        err = fbread(ITOV(ip), (offset_t)0, (uint_t)ip->i_fs->fs_fsize,
            S_READ, &fbp);

        if (err) {
                goto fail;
        }
        dirp = (struct dirtemplate *)fbp->fb_addr;
        /*
         * Now initialize the directory we're creating
         * with the "." and ".." entries.
         */
        *dirp = mastertemplate;                 /* structure assignment */
        dirp->dot_ino = (uint32_t)ip->i_number;
        dirp->dotdot_ino = (uint32_t)dp->i_number;

        err = TRANS_DIR(ip, 0);
        if (err) {
                fbrelse(fbp, S_OTHER);
                goto fail;
        }

        err = ufs_fbwrite(fbp, ip);
        if (err) {
                goto fail;
        }

        return (0);

fail:
        if (attrdir == 0)
                dp->i_nlink--;
        TRANS_INODE(dp->i_ufsvfs, dp);
        dp->i_flag |= ICHG;
        dp->i_seq++;
        ufs_iupdat(dp, I_SYNC);
        return (err);
}

/*
 * Delete a directory entry.  If oip is nonzero the entry is checked
 * to make sure it still reflects oip.
 */
int
ufs_dirremove(
        struct inode *dp,
        char *namep,
        struct inode *oip,
        struct vnode *cdir,
        enum dr_op op,
        struct cred *cr)
{
        struct direct *ep, *pep, *nep;
        struct inode *ip;
        vnode_t *dvp, *vp;
        struct ufs_slot slot;
        int namlen;
        int err;
        int mode;
        ushort_t extra;

        namlen = (int)strlen(namep);
        if (namlen == 0) {
                struct fs       *fs = dp->i_fs;

                cmn_err(CE_WARN, "%s: ufs_dirremove: attempted to remove"
                    " nameless file in directory (directory inode %llu)",
                    fs->fs_fsmnt, (u_longlong_t)dp->i_number);
                ASSERT(namlen != 0);

                return (ENOENT);
        }

        /*
         * return error when removing . and ..
         */
        if (namep[0] == '.') {
                if (namlen == 1)
                        return (EINVAL);
                else if (namlen == 2 && namep[1] == '.') {
                        return (EEXIST);        /* SIGH should be ENOTEMPTY */
                }
        }

        ASSERT(RW_WRITE_HELD(&dp->i_rwlock));

retry:
        /*
         * Check accessibility of directory.
         */
        if (err = ufs_diraccess(dp, IEXEC|IWRITE, cr))
                return (err);

        ip = NULL;
        slot.fbp = NULL;
        slot.status = FOUND;    /* don't need to look for empty slot */
        rw_enter(&dp->i_ufsvfs->vfs_dqrwlock, RW_READER);
        rw_enter(&dp->i_contents, RW_WRITER);

        err = ufs_dircheckforname(dp, namep, namlen, &slot, &ip, cr, 0);
        if (err)
                goto out_novfs;
        if (ip == NULL) {
                err = ENOENT;
                goto out_novfs;
        }
        vp = ITOV(ip);
        if (oip && oip != ip) {
                err = ENOENT;
                goto out_novfs;
        }

        mode = ip->i_mode & IFMT;
        if (mode == IFDIR || mode == IFATTRDIR) {

                /*
                 * vn_vfsrlock() prevents races between mount and rmdir.
                 */
                if (vn_vfsrlock(vp)) {
                        err = EBUSY;
                        goto out_novfs;
                }
                if (vn_mountedvfs(vp) != NULL && op != DR_RENAME) {
                        err = EBUSY;
                        goto out;
                }
                /*
                 * If we are removing a directory, get a lock on it.
                 * Taking a writer lock prevents a parallel ufs_dirlook from
                 * incorrectly entering a negative cache vnode entry in the dnlc
                 * If the directory is empty, it will stay empty until
                 * we can remove it.
                 */
                if (!rw_tryenter(&ip->i_rwlock, RW_WRITER)) {
                        /*
                         * It is possible that a thread in rename would have
                         * acquired this rwlock. To prevent a deadlock we
                         * do a rw_tryenter. If we fail to get the lock
                         * we drop all the locks we have acquired, wait
                         * for 2 ticks and reacquire the
                         * directory's (dp) i_rwlock and try again.
                         * If we dont drop dp's i_rwlock then we will panic
                         * with a "Deadlock: cycle in blocking chain"
                         * since in ufs_dircheckpath we want dp's i_rwlock.
                         * dp is guaranteed to exist since ufs_dirremove is
                         * called after a VN_HOLD(dp) has been done.
                         */
                        ufs_dirremove_retry_cnt++;
                        vn_vfsunlock(vp);
                        if (slot.fbp)
                                fbrelse(slot.fbp, S_OTHER);
                        rw_exit(&dp->i_contents);
                        rw_exit(&dp->i_ufsvfs->vfs_dqrwlock);
                        rw_exit(&dp->i_rwlock);
                        VN_RELE(vp);
                        delay(2);
                        rw_enter(&dp->i_rwlock, RW_WRITER);
                        goto retry;
                }
        }
        rw_enter(&ip->i_contents, RW_READER);

        /*
         * Now check the restrictions that apply on sticky directories.
         */
        if ((err = ufs_sticky_remove_access(dp, ip, cr)) != 0) {
                rw_exit(&ip->i_contents);
                if (mode == IFDIR || mode == IFATTRDIR)
                        rw_exit(&ip->i_rwlock);
                goto out;
        }

        if (op == DR_RMDIR) {
                /*
                 * For rmdir(2), some special checks are required.
                 * (a) Don't remove any alias of the parent (e.g. ".").
                 * (b) Don't remove the current directory.
                 * (c) Make sure the entry is (still) a directory.
                 * (d) Make sure the directory is empty.
                 */

                if (dp == ip || vp == cdir)
                        err = EINVAL;
                else if (((ip->i_mode & IFMT) != IFDIR) &&
                    ((ip->i_mode & IFMT) != IFATTRDIR))
                        err = ENOTDIR;
                else if ((ip->i_nlink > 2) ||
                    !ufs_dirempty(ip, dp->i_number, cr)) {
                        err = EEXIST;   /* SIGH should be ENOTEMPTY */
                }

                if (err) {
                        rw_exit(&ip->i_contents);
                        if (mode == IFDIR || mode == IFATTRDIR)
                                rw_exit(&ip->i_rwlock);
                        goto out;
                }
        } else if (op == DR_REMOVE)  {
                /*
                 * unlink(2) requires a different check: allow only
                 * privileged users to unlink a directory.
                 */
                if (vp->v_type == VDIR &&
                    secpolicy_fs_linkdir(cr, vp->v_vfsp)) {
                        err = EPERM;
                        rw_exit(&ip->i_contents);
                        rw_exit(&ip->i_rwlock);
                        goto out;
                }
        }

        rw_exit(&ip->i_contents);

        /*
         * Remove the cache'd entry, if any.
         */
        dvp = ITOV(dp);
        dnlc_remove(dvp, namep);
        ep = slot.ep;
        ep->d_ino = 0;

        if (slot.cached) {
                dcanchor_t *dcap = &dp->i_danchor;

                (void) dnlc_dir_rem_entry(dcap, namep, NULL);
                if (((int)ep->d_reclen - (int)DIRSIZ(ep)) >= LDIRSIZ(1)) {
                        (void) dnlc_dir_rem_space_by_handle(dcap, slot.offset);
                }
                if (slot.offset & (DIRBLKSIZ - 1)) {
                        /*
                         * Collapse new free space into previous entry.
                         * Note, the previous entry has already been
                         * validated in ufs_dircheckforname().
                         */
                        ASSERT(slot.size);
                        pep = (struct direct *)((char *)ep - slot.size);
                        if ((pep->d_ino == 0) &&
                            ((uintptr_t)pep & (DIRBLKSIZ - 1))) {
                                dnlc_dir_purge(dcap);
                                slot.cached = 0;
                                goto nocache;
                        }
                        if (pep->d_ino) {
                                extra = pep->d_reclen - DIRSIZ(pep);
                        } else {
                                extra = pep->d_reclen;
                        }
                        if (extra >= LDIRSIZ(1)) {
                                (void) dnlc_dir_rem_space_by_handle(dcap,
                                    (uint64_t)(slot.offset - slot.size));
                        }
                        pep->d_reclen += ep->d_reclen;
                        (void) dnlc_dir_add_space(dcap, extra + ep->d_reclen,
                            (uint64_t)(slot.offset - slot.size));
                        /* adjust the previous pointer in the next entry */
                        nep = (struct direct *)((char *)ep + ep->d_reclen);
                        if ((uintptr_t)nep & (DIRBLKSIZ - 1)) {
                                /*
                                 * Not a new block.
                                 *
                                 * Check the validity of the entry.
                                 * If it's bad, then throw away the cache and
                                 * continue.
                                 */
                                if ((nep->d_reclen == 0) ||
                                    (nep->d_reclen & 0x3) ||
                                    (dnlc_dir_update(dcap, nep->d_name,
                                    INO_OFF_TO_H(nep->d_ino,
                                    slot.offset - slot.size)) == DNOENT)) {
                                        dnlc_dir_purge(dcap);
                                        slot.cached = 0;
                                }
                        }
                } else {
                        (void) dnlc_dir_add_space(dcap, ep->d_reclen,
                            (uint64_t)slot.offset);
                }
        } else {
                /*
                 * If the entry isn't the first in the directory, we must
                 * reclaim the space of the now empty record by adding
                 * the record size to the size of the previous entry.
                 */
                if (slot.offset & (DIRBLKSIZ - 1)) {
                        /*
                         * Collapse new free space into previous entry.
                         */
                        pep = (struct direct *)((char *)ep - slot.size);
                        pep->d_reclen += ep->d_reclen;
                }
        }
nocache:


        err = TRANS_DIR(dp, slot.offset);
        if (err)
                fbrelse(slot.fbp, S_OTHER);
        else
                err = ufs_fbwrite(slot.fbp, dp);
        slot.fbp = NULL;

        /*
         * If we were removing a directory, it is 'gone' now, but we cannot
         * unlock it as a thread may be waiting for the lock in ufs_create. If
         * we did, it could then create a file in a deleted directory.
         */

        if (err) {
                if (mode == IFDIR || mode == IFATTRDIR)
                        rw_exit(&ip->i_rwlock);
                goto out;
        }

        rw_enter(&ip->i_contents, RW_WRITER);

        dp->i_flag |= IUPD|ICHG;
        dp->i_seq++;
        ip->i_flag |= ICHG;
        ip->i_seq++;

        TRANS_INODE(dp->i_ufsvfs, dp);
        TRANS_INODE(ip->i_ufsvfs, ip);
        /*
         * Now dispose of the inode.
         */
        if (ip->i_nlink > 0) {
                /*
                 * This is not done for IFATTRDIR's because they don't
                 * have entries in the dnlc and the link counts are
                 * not incremented when they are created.
                 */
                if (op == DR_RMDIR && (ip->i_mode & IFMT) == IFDIR) {
                        /*
                         * Decrement by 2 because we're trashing the "."
                         * entry as well as removing the entry in dp.
                         * Clear the directory entry, but there may be
                         * other hard links so don't free the inode.
                         * Decrement the dp linkcount because we're
                         * trashing the ".." entry.
                         */
                        ip->i_nlink -= 2;
                        dp->i_nlink--;
                        ufs_setreclaim(dp);
                        /*
                         * XXX need to discard negative cache entries
                         * for vp.  See comment in ufs_delete().
                         */
                        dnlc_remove(vp, ".");
                        dnlc_remove(vp, "..");
                        /*
                         * The return value is ignored here bacause if
                         * the directory purge fails we don't want to
                         * stop the delete. If ufs_dirpurgedotdot fails
                         * the delete will continue with the preexiting
                         * behavior.
                         */
                        (void) ufs_dirpurgedotdot(ip, dp->i_number, cr);
                } else {
                        ip->i_nlink--;
                }
                ufs_setreclaim(ip);
        }
        ITIMES_NOLOCK(dp);
        ITIMES_NOLOCK(ip);

        if (!TRANS_ISTRANS(dp->i_ufsvfs))
                ufs_iupdat(dp, I_SYNC);
        if (!TRANS_ISTRANS(ip->i_ufsvfs))
                ufs_iupdat(ip, I_SYNC);

        rw_exit(&ip->i_contents);
        if (mode == IFDIR || mode == IFATTRDIR)
                rw_exit(&ip->i_rwlock);
out:
        if (mode == IFDIR || mode == IFATTRDIR) {
                vn_vfsunlock(vp);
        }
out_novfs:
        ASSERT(RW_WRITE_HELD(&dp->i_contents));

        if (slot.fbp)
                fbrelse(slot.fbp, S_OTHER);

        rw_exit(&dp->i_contents);
        rw_exit(&dp->i_ufsvfs->vfs_dqrwlock);

        /*
         * Release (and delete) the inode after we drop vfs_dqrwlock to
         * avoid deadlock since ufs_delete() grabs vfs_dqrwlock as reader.
         */
        if (ip)
                VN_RELE(vp);

        return (err);
}

/*
 * Return buffer with contents of block "offset"
 * from the beginning of directory "ip".  If "res"
 * is non-zero, fill it in with a pointer to the
 * remaining space in the directory.
 *
 */

int
blkatoff(
        struct inode *ip,
        off_t offset,
        char **res,
        struct fbuf **fbpp)
{
        struct fs *fs;
        struct fbuf *fbp;
        daddr_t lbn;
        uint_t bsize;
        int err;

        CPU_STATS_ADD_K(sys, ufsdirblk, 1);
        fs = ip->i_fs;
        lbn = (daddr_t)lblkno(fs, offset);
        bsize = (uint_t)blksize(fs, ip, lbn);
        err = fbread(ITOV(ip), (offset_t)(offset & fs->fs_bmask),
            bsize, S_READ, &fbp);
        if (err) {
                *fbpp = (struct fbuf *)NULL;
                return (err);
        }
        if (res)
                *res = fbp->fb_addr + blkoff(fs, offset);
        *fbpp = fbp;
        return (0);
}

/*
 * Do consistency checking:
 *      record length must be multiple of 4
 *      entry must fit in rest of its DIRBLKSIZ block
 *      record must be large enough to contain entry
 *      name is not longer than MAXNAMLEN
 *      name must be as long as advertised, and null terminated
 * NOTE: record length must not be zero (should be checked previously).
 *       This routine is only called if dirchk is true.
 *       It would be nice to set the FSBAD flag in the super-block when
 *       this routine fails so that a fsck is forced on next reboot,
 *       but locking is a problem.
 */
static int
dirmangled(
        struct inode *dp,
        struct direct *ep,
        int entryoffsetinblock,
        off_t offset)
{
        int i;

        i = DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1));
        if ((ep->d_reclen & 0x3) != 0 || (int)ep->d_reclen > i ||
            (uint_t)ep->d_reclen < DIRSIZ(ep) || ep->d_namlen > MAXNAMLEN ||
            ep->d_ino && dirbadname(ep->d_name, (int)ep->d_namlen)) {
                dirbad(dp, "mangled entry", offset);
                return (1);
        }
        return (0);
}

static void
dirbad(struct inode *ip, char *how, off_t offset)
{
        cmn_err(CE_NOTE, "%s: bad dir ino %d at offset %ld: %s",
            ip->i_fs->fs_fsmnt, (int)ip->i_number, offset, how);
}

static int
dirbadname(char *sp, int l)
{
        while (l--) {                   /* check for nulls */
                if (*sp++ == '\0') {
                        return (1);
                }
        }
        return (*sp);                   /* check for terminating null */
}

/*
 * Check if a directory is empty or not.
 */
static int
ufs_dirempty(
        struct inode *ip,
        ino_t parentino,
        struct cred *cr)
{
        return (ufs_dirscan(ip, parentino, cr, 0));
}

/*
 * clear the .. directory entry.
 */
static int
ufs_dirpurgedotdot(
        struct inode *ip,
        ino_t parentino,
        struct cred *cr)
{
        return (ufs_dirscan(ip, parentino, cr, 1));
}

/*
 * Scan the directoy. If clr_dotdot is true clear the ..
 * directory else check to see if the directory is empty.
 *
 * clr_dotdot is used as a flag to tell us if we need
 * to clear the dotdot entry
 *
 * N.B.: does not handle corrupted directories.
 */
static int
ufs_dirscan(
        struct inode *ip,
        ino_t parentino,
        struct cred *cr,
        int clr_dotdot)
{
        offset_t off;
        struct tmp_dir dbuf, *dp;
        int err, count;
        int empty = 1;  /* Assume it's empty */

        dp = &dbuf;
        ASSERT(RW_LOCK_HELD(&ip->i_contents));

        ASSERT(ip->i_size <= (offset_t)MAXOFF_T);
        for (off = 0; off < ip->i_size; off += dp->d_reclen) {
                err = ufs_rdwri(UIO_READ, FREAD, ip, (caddr_t)dp,
                    sizeof (struct tmp_dir), off, UIO_SYSSPACE, &count, cr);
                /*
                 * Since we read sizeof (struct tmp_dir), residual must
                 * be 0 unless we're at end of file.
                 */
                if (err || count != 0 || dp->d_reclen == 0) {
                        empty = 0;
                        break;
                }
                /* skip empty entries */
                if (dp->d_ino == 0)
                        continue;
                /* accept only "." and ".." */
                if (dp->d_namlen > 2 || dp->d_name[0] != '.') {
                        empty = 0;
                        break;
                }
                /*
                 * At this point d_namlen must be 1 or 2.
                 * 1 implies ".", 2 implies ".." if second
                 * char is also "."
                 */
                if (dp->d_namlen == 1)
                        continue;
                if (dp->d_name[1] == '.' &&
                    (ino_t)dp->d_ino == parentino) {
                        /*
                         * If we're doing a purge we need to check for
                         * the . and .. entries and clear the d_ino for ..
                         *
                         * if clr_dotdot is set ufs_dirscan does not
                         * check for an empty directory.
                         */
                        if (clr_dotdot) {
                                /*
                                 * Have to actually zap the ..
                                 * entry in the directory, as
                                 * otherwise someone might have
                                 * dp as its cwd and try to
                                 * open .., which now points to
                                 * an unallocated inode.
                                 */
                                empty = ufs_dirclrdotdot(ip, parentino);
                                break;
                        } else {
                                continue;
                        }
                }
                empty = 0;
                break;
        }
        return (empty);
}

clock_t retry_backoff_delay = 1; /* delay before retrying the i_rwlock */
uint64_t dircheck_retry_cnt;
/*
 * Check if source directory inode is in the path of the target directory.
 * Target is supplied locked.
 *
 * The source and target inode's should be different upon entry.
 */
int
ufs_dircheckpath(
        ino_t source_ino,
        struct inode *target,
        struct inode *sdp,
        struct cred *cr)
{
        struct fbuf *fbp;
        struct dirtemplate *dirp;
        struct inode *ip;
        struct ufsvfs *ufsvfsp;
        struct inode *tip;
        ino_t dotdotino;
        int err;

        ASSERT(target->i_ufsvfs != NULL);
        ASSERT(RW_LOCK_HELD(&target->i_rwlock));
        ASSERT(RW_LOCK_HELD(&sdp->i_rwlock));

        ip = target;
        if (ip->i_number == source_ino) {
                err = EINVAL;
                goto out;
        }
        if (ip->i_number == UFSROOTINO) {
                err = 0;
                goto out;
        }
        /*
         * Search back through the directory tree, using the ".." entries.
         * Fail any attempt to move a directory into an ancestor directory.
         */
        fbp = NULL;
        for (;;) {
                struct vfs      *vfs;

                err = blkatoff(ip, (off_t)0, (char **)&dirp, &fbp);
                if (err)
                        break;
                if (((ip->i_mode & IFMT) != IFDIR) || ip->i_nlink == 0 ||
                    ip->i_size < sizeof (struct dirtemplate)) {
                        dirbad(ip, "bad size, unlinked or not dir", (off_t)0);
                        err = ENOTDIR;
                        break;
                }
                if (dirp->dotdot_namlen != 2 ||
                    dirp->dotdot_name[0] != '.' ||
                    dirp->dotdot_name[1] != '.') {
                        dirbad(ip, "mangled .. entry", (off_t)0);
                        err = ENOTDIR;          /* Sanity check */
                        break;
                }
                dotdotino = (ino_t)dirp->dotdot_ino;
                if (dotdotino == source_ino) {
                        err = EINVAL;
                        break;
                }
                if (dotdotino == UFSROOTINO)
                        break;
                if (fbp) {
                        fbrelse(fbp, S_OTHER);
                        fbp = NULL;
                }
                vfs = ip->i_vfs;
                ufsvfsp = ip->i_ufsvfs;

                if (ip != target) {
                        rw_exit(&ip->i_rwlock);
                        VN_RELE(ITOV(ip));
                }
                /*
                 * Race to get the inode.
                 */
                rw_enter(&ufsvfsp->vfs_dqrwlock, RW_READER);
                if (err = ufs_iget_alloced(vfs, dotdotino, &tip, cr)) {
                        rw_exit(&ufsvfsp->vfs_dqrwlock);
                        ip = NULL;
                        break;
                }
                rw_exit(&ufsvfsp->vfs_dqrwlock);
                /*
                 * If the directory of the source inode (also a directory)
                 * is the same as this next entry up the chain, then
                 * we know the source directory itself can't be in the
                 * chain. This also prevents a panic because we already
                 * have sdp->i_rwlock locked.
                 */
                if (tip == sdp) {
                        VN_RELE(ITOV(tip));
                        ip = NULL;
                        break;
                }
                ip = tip;

                /*
                 * If someone has set the WRITE_WANTED bit in this lock and if
                 * this happens to be a sdp or tdp of another parallel rename
                 * which is executing  the same code and in similar situation
                 * we end up in a 4 way deadlock. We need to make sure that
                 * the WRITE_WANTED bit is not  set.
                 */
retry_lock:
                if (!rw_tryenter(&ip->i_rwlock, RW_READER)) {
                        /*
                         * If the lock held as WRITER thats fine but if it
                         * has WRITE_WANTED bit set we might end up in a
                         * deadlock. If WRITE_WANTED is set we return
                         * with EAGAIN else we just go back and try.
                         */
                        if (RW_ISWRITER(&ip->i_rwlock) &&
                            !(RW_WRITE_HELD(&ip->i_rwlock))) {
                                err = EAGAIN;
                                if (fbp) {
                                        fbrelse(fbp, S_OTHER);
                                }
                                VN_RELE(ITOV(ip));
                                return (err);
                        } else {
                                /*
                                 * The lock is being write held. We could
                                 * just do a rw_enter here but there is a
                                 * window between the check and now, where
                                 * the status could have changed, so to
                                 * avoid looping we backoff and go back to
                                 * try for the lock.
                                 */
                                delay(retry_backoff_delay);
                                dircheck_retry_cnt++;
                                goto retry_lock;
                        }
                }
        }
        if (fbp) {
                fbrelse(fbp, S_OTHER);
        }
out:
        if (ip) {
                if (ip != target) {
                        rw_exit(&ip->i_rwlock);
                        VN_RELE(ITOV(ip));
                }
        }
        return (err);
}

int
ufs_xattrdirempty(struct inode *ip, ino_t parentino, struct cred *cr)
{
        offset_t off;
        struct tmp_dir dbuf, *dp;
        int err, count;
        int empty = 1;  /* Assume it's empty */

        dp = &dbuf;
        ASSERT(RW_LOCK_HELD(&ip->i_contents));

        ASSERT(ip->i_size <= (offset_t)MAXOFF_T);
        for (off = 0; off < ip->i_size; off += dp->d_reclen) {
                err = ufs_rdwri(UIO_READ, FREAD, ip, (caddr_t)dp,
                    sizeof (struct tmp_dir), off, UIO_SYSSPACE, &count, cr);
                /*
                 * Since we read sizeof (struct tmp_dir), residual must
                 * be 0 unless we're at end of file.
                 */

                if (err || count != 0 || dp->d_reclen == 0) {
                        empty = 0;
                        break;
                }
                /* skip empty entries */
                if (dp->d_ino == 0)
                        continue;
                /*
                 * At this point d_namlen must be 1 or 2.
                 * 1 implies ".", 2 implies ".." if second
                 * char is also "."
                 */

                if (dp->d_namlen == 1 && dp->d_name[0] == '.' &&
                    (ino_t)dp->d_ino == parentino)
                        continue;

                if (dp->d_namlen == 2 && dp->d_name[0] == '.' &&
                    dp->d_name[1] == '.') {
                        continue;
                }
                empty = 0;
                break;
        }
        return (empty);
}


/*
 * Allocate and initialize a new shadow inode to contain extended attributes.
 */
int
ufs_xattrmkdir(
        struct inode *tdp,
        struct inode **ipp,
        int flags,
        struct cred *cr)
{
        struct inode *ip;
        struct vattr va;
        int err;
        int retry = 1;
        struct ufsvfs *ufsvfsp;
        struct ulockfs *ulp;
        int issync;
        int trans_size;
        int dorwlock;           /* 0 = not yet taken, */
                                /* 1 = taken outside the transaction, */
                                /* 2 = taken inside the transaction */

        /*
         * Validate permission to create attribute directory
         */

        if ((err = ufs_iaccess(tdp, IWRITE, cr, 1)) != 0) {
                return (err);
        }

        if (vn_is_readonly(ITOV(tdp)))
                return (EROFS);

        /*
         * No need to re-init err after again:, since it's set before
         * the next use of it.
         */
again:
        dorwlock = 0;
        va.va_type = VDIR;
        va.va_uid = tdp->i_uid;
        va.va_gid = tdp->i_gid;

        if ((tdp->i_mode & IFMT) == IFDIR) {
                va.va_mode = (o_mode_t)IFATTRDIR;
                va.va_mode |= tdp->i_mode & 0777;
        } else {
                va.va_mode = (o_mode_t)IFATTRDIR|0700;
                if (tdp->i_mode & 0040)
                        va.va_mode |= 0750;
                if (tdp->i_mode & 0004)
                        va.va_mode |= 0705;
        }
        va.va_mask = AT_TYPE|AT_MODE;

        ufsvfsp = tdp->i_ufsvfs;

        err = ufs_lockfs_begin(ufsvfsp, &ulp, ULOCKFS_MKDIR_MASK);
        if (err)
                return (err);

        /*
         * Acquire i_rwlock before TRANS_BEGIN_CSYNC() if this is a file.
         * This follows the protocol for read()/write().
         */
        if (ITOV(tdp)->v_type != VDIR) {
                rw_enter(&tdp->i_rwlock, RW_WRITER);
                dorwlock = 1;
        }

        if (ulp) {
                trans_size = (int)TOP_MKDIR_SIZE(tdp);
                TRANS_BEGIN_CSYNC(ufsvfsp, issync, TOP_MKDIR, trans_size);
        }

        /*
         * Acquire i_rwlock after TRANS_BEGIN_CSYNC() if this is a directory.
         * This follows the protocol established by
         * ufs_link/create/remove/rename/mkdir/rmdir/symlink.
         */
        if (dorwlock == 0) {
                rw_enter(&tdp->i_rwlock, RW_WRITER);
                dorwlock = 2;
        }
        rw_enter(&ufsvfsp->vfs_dqrwlock, RW_READER);
        rw_enter(&tdp->i_contents, RW_WRITER);

        /*
         * Suppress out of inodes messages if we will retry.
         */
        if (retry)
                tdp->i_flag |= IQUIET;
        err = ufs_dirmakeinode(tdp, &ip, &va, DE_ATTRDIR, cr);
        tdp->i_flag &= ~IQUIET;

        if (err)
                goto fail;

        if (flags) {

                /*
                 * Now attach it to src file.
                 */

                tdp->i_oeftflag = ip->i_number;
        }

        ip->i_cflags |= IXATTR;
        ITOV(ip)->v_flag |= V_XATTRDIR;
        TRANS_INODE(ufsvfsp, tdp);
        tdp->i_flag |= ICHG | IUPD;
        tdp->i_seq++;
        ufs_iupdat(tdp, I_SYNC);
        rw_exit(&tdp->i_contents);
        rw_exit(&ufsvfsp->vfs_dqrwlock);

        rw_enter(&ip->i_rwlock, RW_WRITER);
        rw_enter(&ip->i_contents, RW_WRITER);
        TRANS_INODE(ufsvfsp, ip);
        ip->i_flag |= ICHG| IUPD;
        ip->i_seq++;
        ufs_iupdat(ip, I_SYNC);
        rw_exit(&ip->i_contents);
        rw_exit(&ip->i_rwlock);
        if (dorwlock == 2)
                rw_exit(&tdp->i_rwlock);
        if (ulp) {
                int terr = 0;

                TRANS_END_CSYNC(ufsvfsp, err, issync, TOP_MKDIR, trans_size);
                ufs_lockfs_end(ulp);
                if (err == 0)
                        err = terr;
        }
        if (dorwlock == 1)
                rw_exit(&tdp->i_rwlock);
        *ipp = ip;
        return (err);

fail:
        rw_exit(&tdp->i_contents);
        rw_exit(&ufsvfsp->vfs_dqrwlock);
        if (dorwlock == 2)
                rw_exit(&tdp->i_rwlock);
        if (ulp) {
                TRANS_END_CSYNC(ufsvfsp, err, issync, TOP_MKDIR, trans_size);
                ufs_lockfs_end(ulp);
        }
        if (dorwlock == 1)
                rw_exit(&tdp->i_rwlock);
        if (ip != NULL)
                VN_RELE(ITOV(ip));

        /*
         * No inodes?  See if any are tied up in pending deletions.
         * This has to be done outside of any of the above, because
         * the draining operation can't be done from inside a transaction.
         */
        if ((err == ENOSPC) && retry && TRANS_ISTRANS(ufsvfsp)) {
                ufs_delete_drain_wait(ufsvfsp, 1);
                retry = 0;
                goto again;
        }

        return (err);
}

/*
 * clear the dotdot directory entry.
 * Used by ufs_dirscan when clr_dotdot
 * flag is set and we're deleting a
 * directory.
 */
static int
ufs_dirclrdotdot(struct inode *ip, ino_t parentino)
{
        struct fbuf *fbp;
        struct direct *dotp, *dotdotp;
        int err = 0;

        ASSERT(RW_WRITE_HELD(&ip->i_rwlock));
        ASSERT(RW_LOCK_HELD(&ip->i_contents));
        err = blkatoff(ip, 0, NULL, &fbp);
        if (err) {
                return (err);
        }

        dotp = (struct direct *)fbp->fb_addr;
        if ((dotp->d_namlen < (MAXNAMLEN + 1)) &&
            ((DIRBLKSIZ - DIRSIZ(dotp)) >= (sizeof (struct dirtemplate) / 2))) {
                dotdotp = (struct direct *)((char *)dotp + dotp->d_reclen);
                if ((dotdotp->d_namlen < (MAXNAMLEN + 1)) &&
                    ((DIRBLKSIZ - DIRSIZ(dotp)) >= dotdotp->d_reclen)) {

                        dotp->d_reclen += dotdotp->d_reclen;
                        if (parentino == dotdotp->d_ino) {
                                dotdotp->d_ino = 0;
                                dotdotp->d_namlen = 0;
                                dotdotp->d_reclen = 0;
                        }

                        err = TRANS_DIR(ip, 0);
                        if (err) {
                                fbrelse(fbp, S_OTHER);
                        } else {
                                err = ufs_fbwrite(fbp, ip);
                        }
                }
        } else {
                err = -1;
        }
        return (err);
}