 @@ -1,1175 +1,1177 @@
-/*	$NetBSD: vfs_syscalls.c,v 1.372 2008/09/24 09:44:09 ad Exp $	*/
+/*	$NetBSD: vfs_syscalls.c,v 1.373 2008/09/24 10:07:19 ad Exp $	*/
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
  * (c) UNIX System Laboratories, Inc.
  * All or some portions of this file are derived from material licensed
  * to the University of California by American Telephone and Telegraph
  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
  * the permission of UNIX System Laboratories, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)vfs_syscalls.c	8.42 (Berkeley) 7/31/95
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.372 2008/09/24 09:44:09 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.373 2008/09/24 10:07:19 ad Exp $");
 #include "opt_compat_netbsd.h"
 #include "opt_compat_43.h"
 #include "opt_fileassoc.h"
 #include "veriexec.h"
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/namei.h>
 #include <sys/filedesc.h>
 #include <sys/kernel.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <sys/vnode.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/uio.h>
 #include <sys/malloc.h>
 #include <sys/kmem.h>
 #include <sys/dirent.h>
 #include <sys/sysctl.h>
 #include <sys/syscallargs.h>
 #include <sys/vfs_syscalls.h>
 #include <sys/ktrace.h>
 #ifdef FILEASSOC
 #include <sys/fileassoc.h>
 #endif /* FILEASSOC */
 #include <sys/verified_exec.h>
 #include <sys/kauth.h>
 #include <sys/atomic.h>
 #include <sys/module.h>
 #include <miscfs/genfs/genfs.h>
 #include <miscfs/syncfs/syncfs.h>
 #include <miscfs/specfs/specdev.h>
 #ifdef COMPAT_30
 #include "opt_nfsserver.h"
 #include <nfs/rpcv2.h>
 #endif
 #include <nfs/nfsproto.h>
 #ifdef COMPAT_30
 #include <nfs/nfs.h>
 #include <nfs/nfs_var.h>
 #endif
 MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount struct");
 static int change_dir(struct nameidata *, struct lwp *);
 static int change_flags(struct vnode *, u_long, struct lwp *);
 static int change_mode(struct vnode *, int, struct lwp *l);
 static int change_owner(struct vnode *, uid_t, gid_t, struct lwp *, int);
 void checkdirs(struct vnode *);
 int dovfsusermount = 0;
 /*
  * Virtual File System System Calls
  */
 /*
  * Mount a file system.
  */
 #if defined(COMPAT_09) || defined(COMPAT_43)
 /*
  * This table is used to maintain compatibility with 4.3BSD
  * and NetBSD 0.9 mount syscalls.  Note, the order is important!
+ *
  * Do not modify this table. It should only contain filesystems
  * supported by NetBSD 0.9 and 4.3BSD.
  */
 const char * const mountcompatnames[] = {
 	NULL,		/* 0 = MOUNT_NONE */
 	MOUNT_FFS,	/* 1 = MOUNT_UFS */
 	MOUNT_NFS,	/* 2 */
 	MOUNT_MFS,	/* 3 */
 	MOUNT_MSDOS,	/* 4 */
 	MOUNT_CD9660,	/* 5 = MOUNT_ISOFS */
 	MOUNT_FDESC,	/* 6 */
 	MOUNT_KERNFS,	/* 7 */
 	NULL,		/* 8 = MOUNT_DEVFS */
 	MOUNT_AFS,	/* 9 */
 };
 const int nmountcompatnames = sizeof(mountcompatnames) /
     sizeof(mountcompatnames[0]);
 #endif /* COMPAT_09 || COMPAT_43 */
 static int
 mount_update(struct lwp *l, struct vnode *vp, const char *path, int flags,
     void *data, size_t *data_len)
+{
 	struct mount *mp;
 	int error = 0, saved_flags;
 	mp = vp->v_mount;
 	saved_flags = mp->mnt_flag;
 	/* We can operate only on VV_ROOT nodes. */
 	if ((vp->v_vflag & VV_ROOT) == 0) {
 		error = EINVAL;
 		goto out;
+	}
 	/*
 	 * We only allow the filesystem to be reloaded if it
-	 * is currently mounted read-only.
+	 * is currently mounted read-only.  Additionally, we
 	 * prevent read-write to read-only downgrades.
 	 */
-	if (flags & MNT_RELOAD && !(mp->mnt_flag & MNT_RDONLY)) {
+	if ((flags & (MNT_RELOAD | MNT_RDONLY)) != 0 &&
 	    (mp->mnt_flag & MNT_RDONLY) == 0) {
 		error = EOPNOTSUPP;	/* Needs translation */
 		goto out;
+	}
 	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
 	    KAUTH_REQ_SYSTEM_MOUNT_UPDATE, mp, KAUTH_ARG(flags), data);
 	if (error)
 		goto out;
 	if (vfs_busy(mp, NULL)) {
 		error = EPERM;
 		goto out;
+	}
 	mutex_enter(&mp->mnt_updating);
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	mp->mnt_flag |= flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
 	/*
 	 * Set the mount level flags.
 	 */
 	if (flags & MNT_RDONLY)
 		mp->mnt_flag |= MNT_RDONLY;
 	else if (mp->mnt_flag & MNT_RDONLY)
 		mp->mnt_iflag |= IMNT_WANTRDWR;
 	mp->mnt_flag &=
 	  ~(MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
 	    MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOCOREDUMP |
 	    MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP |
 	    MNT_LOG);
 	mp->mnt_flag |= flags &
 	   (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
 	    MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOCOREDUMP |
 	    MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP |
 	    MNT_LOG | MNT_IGNORE);
 	error = VFS_MOUNT(mp, path, data, data_len);
 #if defined(COMPAT_30) && defined(NFSSERVER)
 	if (error && data != NULL) {
 		int error2;
 		/* Update failed; let's try and see if it was an
 		 * export request. */
 		error2 = nfs_update_exports_30(mp, path, data, l);
 		/* Only update error code if the export request was
 		 * understood but some problem occurred while
 		 * processing it. */
 		if (error2 != EJUSTRETURN)
 			error = error2;
+	}
 #endif
 	if (mp->mnt_iflag & IMNT_WANTRDWR)
 		mp->mnt_flag &= ~MNT_RDONLY;
 	if (error)
 		mp->mnt_flag = saved_flags;
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	mp->mnt_iflag &= ~IMNT_WANTRDWR;
 	if ((mp->mnt_flag & (MNT_RDONLY | MNT_ASYNC)) == 0) {
 		if (mp->mnt_syncer == NULL)
 			error = vfs_allocate_syncvnode(mp);
 	} else {
 		if (mp->mnt_syncer != NULL)
 			vfs_deallocate_syncvnode(mp);
+	}
 	mutex_exit(&mp->mnt_updating);
 	vfs_unbusy(mp, false, NULL);
  out:
 	return (error);
+}
 static int
 mount_get_vfsops(const char *fstype, struct vfsops **vfsops)
+{
 	char fstypename[sizeof(((struct statvfs *)NULL)->f_fstypename)];
 	int error;
 	/* Copy file-system type from userspace.  */
 	error = copyinstr(fstype, fstypename, sizeof(fstypename), NULL);
 	if (error) {
 #if defined(COMPAT_09) || defined(COMPAT_43)
 		/*
 		 * Historically, filesystem types were identified by numbers.
 		 * If we get an integer for the filesystem type instead of a
 		 * string, we check to see if it matches one of the historic
 		 * filesystem types.
 		 */
 		u_long fsindex = (u_long)fstype;
 		if (fsindex >= nmountcompatnames ||
 		    mountcompatnames[fsindex] == NULL)
 			return ENODEV;
 		strlcpy(fstypename, mountcompatnames[fsindex],
 		    sizeof(fstypename));
 #else
 		return error;
 #endif
+	}
 #ifdef	COMPAT_10
 	/* Accept `ufs' as an alias for `ffs'. */
 	if (strcmp(fstypename, "ufs") == 0)
 		fstypename[0] = 'f';
 #endif
 	if ((*vfsops = vfs_getopsbyname(fstypename)) != NULL)
 		return 0;
 	/* If we can autoload a vfs module, try again */
 	(void)module_load(fstype, 0, NULL, MODULE_CLASS_VFS, true);
 	if ((*vfsops = vfs_getopsbyname(fstypename)) != NULL)
 		return 0;
 	return ENODEV;
+}
 static int
 mount_domount(struct lwp *l, struct vnode **vpp, struct vfsops *vfsops,
     const char *path, int flags, void *data, size_t *data_len, u_int recurse)
+{
 	struct mount *mp;
 	struct vnode *vp = *vpp;
 	struct vattr va;
 	int error;
 	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
 	    KAUTH_REQ_SYSTEM_MOUNT_NEW, vp, KAUTH_ARG(flags), data);
 	if (error)
 		return error;
 	/* Can't make a non-dir a mount-point (from here anyway). */
 	if (vp->v_type != VDIR)
 		return ENOTDIR;
 	/*
 	 * If the user is not root, ensure that they own the directory
 	 * onto which we are attempting to mount.
 	 */
 	if ((error = VOP_GETATTR(vp, &va, l->l_cred)) != 0 ||
 	    (va.va_uid != kauth_cred_geteuid(l->l_cred) &&
 	    (error = kauth_authorize_generic(l->l_cred,
 	    KAUTH_GENERIC_ISSUSER, NULL)) != 0)) {
 		return error;
+	}
 	if (flags & MNT_EXPORTED)
 		return EINVAL;
 	if ((error = vinvalbuf(vp, V_SAVE, l->l_cred, l, 0, 0)) != 0)
 		return error;
 	/*
 	 * Check if a file-system is not already mounted on this vnode.
 	 */
 	if (vp->v_mountedhere != NULL)
 		return EBUSY;
 	mp = kmem_zalloc(sizeof(*mp), KM_SLEEP);
 	if (mp == NULL)
 		return ENOMEM;
 	mp->mnt_op = vfsops;
 	mp->mnt_refcnt = 1;
 	TAILQ_INIT(&mp->mnt_vnodelist);
 	rw_init(&mp->mnt_unmounting);
  	mutex_init(&mp->mnt_renamelock, MUTEX_DEFAULT, IPL_NONE);
 	mutex_init(&mp->mnt_updating, MUTEX_DEFAULT, IPL_NONE);
 	error = vfs_busy(mp, NULL);
 	KASSERT(error == 0);
 	mutex_enter(&mp->mnt_updating);
 	mp->mnt_vnodecovered = vp;
 	mp->mnt_stat.f_owner = kauth_cred_geteuid(l->l_cred);
 	mount_initspecific(mp);
 	/*
 	 * The underlying file system may refuse the mount for
 	 * various reasons.  Allow the user to force it to happen.
+	 *
 	 * Set the mount level flags.
 	 */
 	mp->mnt_flag = flags &
 	   (MNT_FORCE | MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
 	    MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOCOREDUMP |
 	    MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP |
 	    MNT_LOG | MNT_IGNORE | MNT_RDONLY);
 	error = VFS_MOUNT(mp, path, data, data_len);
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	/*
 	 * Put the new filesystem on the mount list after root.
 	 */
 	cache_purge(vp);
 	if (error != 0) {
 		vp->v_mountedhere = NULL;
 		mutex_exit(&mp->mnt_updating);
 		vfs_unbusy(mp, false, NULL);
 		vfs_destroy(mp);
 		return error;
+	}
 	mp->mnt_iflag &= ~IMNT_WANTRDWR;
 	mutex_enter(&mountlist_lock);
 	vp->v_mountedhere = mp;
 	CIRCLEQ_INSERT_TAIL(&mountlist, mp, mnt_list);
 	mutex_exit(&mountlist_lock);
     	vn_restorerecurse(vp, recurse);
 	VOP_UNLOCK(vp, 0);
 	checkdirs(vp);
 	if ((mp->mnt_flag & (MNT_RDONLY | MNT_ASYNC)) == 0)
 		error = vfs_allocate_syncvnode(mp);
 	/* Hold an additional reference to the mount across VFS_START(). */
 	mutex_exit(&mp->mnt_updating);
 	vfs_unbusy(mp, true, NULL);
 	(void) VFS_STATVFS(mp, &mp->mnt_stat);
 	error = VFS_START(mp, 0);
 	if (error)
 		vrele(vp);
 	/* Drop reference held for VFS_START(). */
 	vfs_destroy(mp);
 	*vpp = NULL;
 	return error;
+}
 static int
 mount_getargs(struct lwp *l, struct vnode *vp, const char *path, int flags,
     void *data, size_t *data_len)
+{
 	struct mount *mp;
 	int error;
 	/* If MNT_GETARGS is specified, it should be the only flag. */
 	if (flags & ~MNT_GETARGS)
 		return EINVAL;
 	mp = vp->v_mount;
 	/* XXX: probably some notion of "can see" here if we want isolation. */
 	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
 	    KAUTH_REQ_SYSTEM_MOUNT_GET, mp, data, NULL);
 	if (error)
 		return error;
 	if ((vp->v_vflag & VV_ROOT) == 0)
 		return EINVAL;
 	if (vfs_busy(mp, NULL))
 		return EPERM;
 	mutex_enter(&mp->mnt_updating);
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	mp->mnt_flag |= MNT_GETARGS;
 	error = VFS_MOUNT(mp, path, data, data_len);
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	mutex_exit(&mp->mnt_updating);
 	vfs_unbusy(mp, false, NULL);
 	return (error);
+}
 #ifdef COMPAT_40
 /* ARGSUSED */
 int
 compat_40_sys_mount(struct lwp *l, const struct compat_40_sys_mount_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) type;
 		syscallarg(const char *) path;
 		syscallarg(int) flags;
 		syscallarg(void *) data;
 	} */
 	register_t dummy;
 	return do_sys_mount(l, NULL, SCARG(uap, type), SCARG(uap, path),
 	    SCARG(uap, flags), SCARG(uap, data), UIO_USERSPACE, 0, &dummy);
+}
 #endif
 int
 sys___mount50(struct lwp *l, const struct sys___mount50_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) type;
 		syscallarg(const char *) path;
 		syscallarg(int) flags;
 		syscallarg(void *) data;
 		syscallarg(size_t) data_len;
 	} */
 	return do_sys_mount(l, NULL, SCARG(uap, type), SCARG(uap, path),
 	    SCARG(uap, flags), SCARG(uap, data), UIO_USERSPACE,
 	    SCARG(uap, data_len), retval);
+}
 int
 do_sys_mount(struct lwp *l, struct vfsops *vfsops, const char *type,
     const char *path, int flags, void *data, enum uio_seg data_seg,
     size_t data_len, register_t *retval)
+{
 	struct vnode *vp;
 	struct nameidata nd;
 	void *data_buf = data;
 	u_int recurse;
 	int error;
 	/*
 	 * Get vnode to be covered
 	 */
 	NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE, path);
 	if ((error = namei(&nd)) != 0)
 		return (error);
 	vp = nd.ni_vp;
 	/*
 	 * A lookup in VFS_MOUNT might result in an attempt to
 	 * lock this vnode again, so make the lock recursive.
 	 */
 	if (vfsops == NULL) {
 		if (flags & (MNT_GETARGS | MNT_UPDATE)) {
 			vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 			recurse = vn_setrecurse(vp);
 			vfsops = vp->v_mount->mnt_op;
 		} else {
 			/* 'type' is userspace */
 			error = mount_get_vfsops(type, &vfsops);
 			vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 			recurse = vn_setrecurse(vp);
 			if (error != 0)
 				goto done;
+		}
 	} else {
 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 		recurse = vn_setrecurse(vp);
+	}
 	if (data != NULL && data_seg == UIO_USERSPACE) {
 		if (data_len == 0) {
 			/* No length supplied, use default for filesystem */
 			data_len = vfsops->vfs_min_mount_data;
 			if (data_len > VFS_MAX_MOUNT_DATA) {
 				/* maybe a force loaded old LKM */
 				error = EINVAL;
 				goto done;
+			}
 #ifdef COMPAT_30
 			/* Hopefully a longer buffer won't make copyin() fail */
 			if (flags & MNT_UPDATE
 			    && data_len < sizeof (struct mnt_export_args30))
 				data_len = sizeof (struct mnt_export_args30);
 #endif
+		}
 		data_buf = malloc(data_len, M_TEMP, M_WAITOK);
 		/* NFS needs the buffer even for mnt_getargs .... */
 		error = copyin(data, data_buf, data_len);
 		if (error != 0)
 			goto done;
+	}
 	if (flags & MNT_GETARGS) {
 		if (data_len == 0) {
 			error = EINVAL;
 			goto done;
+		}
 		error = mount_getargs(l, vp, path, flags, data_buf, &data_len);
 		if (error != 0)
 			goto done;
 		if (data_seg == UIO_USERSPACE)
 			error = copyout(data_buf, data, data_len);
 		*retval = data_len;
 	} else if (flags & MNT_UPDATE) {
 		error = mount_update(l, vp, path, flags, data_buf, &data_len);
 	} else {
 		/* Locking is handled internally in mount_domount(). */
 		error = mount_domount(l, &vp, vfsops, path, flags, data_buf,
 		    &data_len, recurse);
+	}
     done:
     	if (vp != NULL) {
 	    	vn_restorerecurse(vp, recurse);
 	    	vput(vp);
+	}
 	if (data_buf != data)
 		free(data_buf, M_TEMP);
 	return (error);
+}
 /*
  * Scan all active processes to see if any of them have a current
  * or root directory onto which the new filesystem has just been
  * mounted. If so, replace them with the new mount point.
  */
 void
 checkdirs(struct vnode *olddp)
+{
 	struct cwdinfo *cwdi;
 	struct vnode *newdp, *rele1, *rele2;
 	struct proc *p;
 	bool retry;
 	if (olddp->v_usecount == 1)
 		return;
 	if (VFS_ROOT(olddp->v_mountedhere, &newdp))
 		panic("mount: lost mount");
 	do {
 		retry = false;
 		mutex_enter(proc_lock);
 		PROCLIST_FOREACH(p, &allproc) {
 			if ((p->p_flag & PK_MARKER) != 0)
 				continue;
 			if ((cwdi = p->p_cwdi) == NULL)
 				continue;
 			/*
 			 * Can't change to the old directory any more,
 			 * so even if we see a stale value it's not a
 			 * problem.
 			 */
 			if (cwdi->cwdi_cdir != olddp &&
 			    cwdi->cwdi_rdir != olddp)
 			    	continue;
 			retry = true;
 			rele1 = NULL;
 			rele2 = NULL;
 			atomic_inc_uint(&cwdi->cwdi_refcnt);
 			mutex_exit(proc_lock);
 			rw_enter(&cwdi->cwdi_lock, RW_WRITER);
 			if (cwdi->cwdi_cdir == olddp) {
 				rele1 = cwdi->cwdi_cdir;
 				VREF(newdp);
 				cwdi->cwdi_cdir = newdp;
+			}
 			if (cwdi->cwdi_rdir == olddp) {
 				rele2 = cwdi->cwdi_rdir;
 				VREF(newdp);
 				cwdi->cwdi_rdir = newdp;
+			}
 			rw_exit(&cwdi->cwdi_lock);
 			cwdfree(cwdi);
 			if (rele1 != NULL)
 				vrele(rele1);
 			if (rele2 != NULL)
 				vrele(rele2);
 			mutex_enter(proc_lock);
 			break;
+		}
 		mutex_exit(proc_lock);
 	} while (retry);
 	if (rootvnode == olddp) {
 		vrele(rootvnode);
 		VREF(newdp);
 		rootvnode = newdp;
+	}
 	vput(newdp);
+}
 /*
  * Unmount a file system.
+ *
  * Note: unmount takes a path to the vnode mounted on as argument,
  * not special file (as before).
  */
 /* ARGSUSED */
 int
 sys_unmount(struct lwp *l, const struct sys_unmount_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(int) flags;
 	} */
 	struct vnode *vp;
 	struct mount *mp;
 	int error;
 	struct nameidata nd;
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
 	    SCARG(uap, path));
 	if ((error = namei(&nd)) != 0)
 		return (error);
 	vp = nd.ni_vp;
 	mp = vp->v_mount;
 	atomic_inc_uint(&mp->mnt_refcnt);
 	VOP_UNLOCK(vp, 0);
 	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
 	    KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT, mp, NULL, NULL);
 	if (error) {
 		vrele(vp);
 		vfs_destroy(mp);
 		return (error);
+	}
 	/*
 	 * Don't allow unmounting the root file system.
 	 */
 	if (mp->mnt_flag & MNT_ROOTFS) {
 		vrele(vp);
 		vfs_destroy(mp);
 		return (EINVAL);
+	}
 	/*
 	 * Must be the root of the filesystem
 	 */
 	if ((vp->v_vflag & VV_ROOT) == 0) {
 		vrele(vp);
 		vfs_destroy(mp);
 		return (EINVAL);
+	}
 	vrele(vp);
 	error = dounmount(mp, SCARG(uap, flags), l);
 	return error;
+}
 /*
  * Do the actual file system unmount.  File system is assumed to have
  * been locked by the caller.
+ *
  * => Caller gain reference to the mount, explicility for unmount.
  * => Reference will be dropped in all cases.
  */
 int
 dounmount(struct mount *mp, int flags, struct lwp *l)
+{
 	struct vnode *coveredvp;
 	int error;
 	int async;
 	int used_syncer;
 #if NVERIEXEC > 0
 	error = veriexec_unmountchk(mp);
 	if (error)
 		return (error);
 #endif /* NVERIEXEC > 0 */
 	/*
 	 * XXX Freeze syncer.  Must do this before locking the
 	 * mount point.  See dounmount() for details.
 	 */
 	mutex_enter(&syncer_mutex);
 	rw_enter(&mp->mnt_unmounting, RW_WRITER);
 	if ((mp->mnt_iflag & IMNT_GONE) != 0) {
 		rw_exit(&mp->mnt_unmounting);
 		mutex_exit(&syncer_mutex);
 		vfs_destroy(mp);
 		return ENOENT;
+	}
 	used_syncer = (mp->mnt_syncer != NULL);
 	/*
 	 * XXX Syncer must be frozen when we get here.  This should really
 	 * be done on a per-mountpoint basis, but especially the softdep
 	 * code possibly called from the syncer doesn't exactly work on a
 	 * per-mountpoint basis, so the softdep code would become a maze
 	 * of vfs_busy() calls.
+	 *
 	 * The caller of dounmount() must acquire syncer_mutex because
 	 * the syncer itself acquires locks in syncer_mutex -> vfs_busy
 	 * order, and we must preserve that order to avoid deadlock.
+	 *
 	 * So, if the file system did not use the syncer, now is
 	 * the time to release the syncer_mutex.
 	 */
 	if (used_syncer == 0)
 		mutex_exit(&syncer_mutex);
 	mp->mnt_iflag |= IMNT_UNMOUNT;
 	async = mp->mnt_flag & MNT_ASYNC;
 	mp->mnt_flag &= ~MNT_ASYNC;
 	cache_purgevfs(mp);	/* remove cache entries for this file sys */
 	if (mp->mnt_syncer != NULL)
 		vfs_deallocate_syncvnode(mp);
 	error = 0;
 	if ((mp->mnt_flag & MNT_RDONLY) == 0) {
 		error = VFS_SYNC(mp, MNT_WAIT, l->l_cred);
+	}
 	vfs_scrubvnlist(mp);
 	if (error == 0 || (flags & MNT_FORCE))
 		error = VFS_UNMOUNT(mp, flags);
 	if (error) {
 		if ((mp->mnt_flag & (MNT_RDONLY | MNT_ASYNC)) == 0)
 			(void) vfs_allocate_syncvnode(mp);
 		mp->mnt_iflag &= ~IMNT_UNMOUNT;
 		mp->mnt_flag |= async;
 		rw_exit(&mp->mnt_unmounting);
 		if (used_syncer)
 			mutex_exit(&syncer_mutex);
 		return (error);
+	}
 	vfs_scrubvnlist(mp);
 	mutex_enter(&mountlist_lock);
 	if ((coveredvp = mp->mnt_vnodecovered) != NULLVP)
 		coveredvp->v_mountedhere = NULL;
 	CIRCLEQ_REMOVE(&mountlist, mp, mnt_list);
 	mp->mnt_iflag |= IMNT_GONE;
 	mutex_exit(&mountlist_lock);
 	if (TAILQ_FIRST(&mp->mnt_vnodelist) != NULL)
 		panic("unmount: dangling vnode");
 	if (used_syncer)
 		mutex_exit(&syncer_mutex);
 	vfs_hooks_unmount(mp);
 	rw_exit(&mp->mnt_unmounting);
 	vfs_destroy(mp);	/* caller provided reference */
 	vfs_destroy(mp);	/* from mount(), final nail in coffin */
 	if (coveredvp != NULLVP)
 		vrele(coveredvp);
 	return (0);
+}
 /*
  * Sync each mounted filesystem.
  */
 #ifdef DEBUG
 int syncprt = 0;
 struct ctldebug debug0 = { "syncprt", &syncprt };
 #endif
 /* ARGSUSED */
 int
 sys_sync(struct lwp *l, const void *v, register_t *retval)
+{
 	struct mount *mp, *nmp;
 	int asyncflag;
 	if (l == NULL)
 		l = &lwp0;
 	mutex_enter(&mountlist_lock);
 	for (mp = CIRCLEQ_FIRST(&mountlist); mp != (void *)&mountlist;
 	     mp = nmp) {
 		if (vfs_busy(mp, &nmp)) {
 			continue;
+		}
 		mutex_enter(&mp->mnt_updating);
 		if ((mp->mnt_flag & MNT_RDONLY) == 0) {
 			asyncflag = mp->mnt_flag & MNT_ASYNC;
 			mp->mnt_flag &= ~MNT_ASYNC;
 			VFS_SYNC(mp, MNT_NOWAIT, l->l_cred);
 			if (asyncflag)
 				 mp->mnt_flag |= MNT_ASYNC;
+		}
 		mutex_exit(&mp->mnt_updating);
 		vfs_unbusy(mp, false, &nmp);
+	}
 	mutex_exit(&mountlist_lock);
 #ifdef DEBUG
 	if (syncprt)
 		vfs_bufstats();
 #endif /* DEBUG */
 	return (0);
+}
 /*
  * Change filesystem quotas.
  */
 /* ARGSUSED */
 int
 sys_quotactl(struct lwp *l, const struct sys_quotactl_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(int) cmd;
 		syscallarg(int) uid;
 		syscallarg(void *) arg;
 	} */
 	struct mount *mp;
 	int error;
 	struct nameidata nd;
 	NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
 	    SCARG(uap, path));
 	if ((error = namei(&nd)) != 0)
 		return (error);
 	mp = nd.ni_vp->v_mount;
 	error = VFS_QUOTACTL(mp, SCARG(uap, cmd), SCARG(uap, uid),
 	    SCARG(uap, arg));
 	vrele(nd.ni_vp);
 	return (error);
+}
 int
 dostatvfs(struct mount *mp, struct statvfs *sp, struct lwp *l, int flags,
     int root)
+{
 	struct cwdinfo *cwdi = l->l_proc->p_cwdi;
 	int error = 0;
 	/*
 	 * If MNT_NOWAIT or MNT_LAZY is specified, do not
 	 * refresh the fsstat cache. MNT_WAIT or MNT_LAZY
 	 * overrides MNT_NOWAIT.
 	 */
 	if (flags == MNT_NOWAIT	|| flags == MNT_LAZY ||
 	    (flags != MNT_WAIT && flags != 0)) {
 		memcpy(sp, &mp->mnt_stat, sizeof(*sp));
 		goto done;
+	}
 	/* Get the filesystem stats now */
 	memset(sp, 0, sizeof(*sp));
 	if ((error = VFS_STATVFS(mp, sp)) != 0) {
 		return error;
+	}
 	if (cwdi->cwdi_rdir == NULL)
 		(void)memcpy(&mp->mnt_stat, sp, sizeof(mp->mnt_stat));
 done:
 	if (cwdi->cwdi_rdir != NULL) {
 		size_t len;
 		char *bp;
 		char c;
 		char *path = PNBUF_GET();
 		bp = path + MAXPATHLEN;
 		*--bp = '\0';
 		rw_enter(&cwdi->cwdi_lock, RW_READER);
 		error = getcwd_common(cwdi->cwdi_rdir, rootvnode, &bp, path,
 		    MAXPATHLEN / 2, 0, l);
 		rw_exit(&cwdi->cwdi_lock);
 		if (error) {
 			PNBUF_PUT(path);
 			return error;
+		}
 		len = strlen(bp);
 		/*
 		 * for mount points that are below our root, we can see
 		 * them, so we fix up the pathname and return them. The
 		 * rest we cannot see, so we don't allow viewing the
 		 * data.
 		 */
 		if (strncmp(bp, sp->f_mntonname, len) == 0 &&
 		    ((c = sp->f_mntonname[len]) == '/' || c == '\0')) {
 			(void)strlcpy(sp->f_mntonname, &sp->f_mntonname[len],
 			    sizeof(sp->f_mntonname));
 			if (sp->f_mntonname[0] == '\0')
 				(void)strlcpy(sp->f_mntonname, "/",
 				    sizeof(sp->f_mntonname));
 		} else {
 			if (root)
 				(void)strlcpy(sp->f_mntonname, "/",
 				    sizeof(sp->f_mntonname));
 			else
 				error = EPERM;
+		}
 		PNBUF_PUT(path);
+	}
 	sp->f_flag = mp->mnt_flag & MNT_VISFLAGMASK;
 	return error;
+}
 /*
  * Get filesystem statistics by path.
  */
 int
 do_sys_pstatvfs(struct lwp *l, const char *path, int flags, struct statvfs *sb)
+{
 	struct mount *mp;
 	int error;
 	struct nameidata nd;
 	NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE, path);
 	if ((error = namei(&nd)) != 0)
 		return error;
 	mp = nd.ni_vp->v_mount;
 	error = dostatvfs(mp, sb, l, flags, 1);
 	vrele(nd.ni_vp);
 	return error;
+}
 /* ARGSUSED */
 int
 sys_statvfs1(struct lwp *l, const struct sys_statvfs1_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(struct statvfs *) buf;
 		syscallarg(int) flags;
 	} */
 	struct statvfs *sb;
 	int error;
 	sb = STATVFSBUF_GET();
 	error = do_sys_pstatvfs(l, SCARG(uap, path), SCARG(uap, flags), sb);
 	if (error == 0)
 		error = copyout(sb, SCARG(uap, buf), sizeof(*sb));
 	STATVFSBUF_PUT(sb);
 	return error;
+}
 /*
  * Get filesystem statistics by fd.
  */
 int
 do_sys_fstatvfs(struct lwp *l, int fd, int flags, struct statvfs *sb)
+{
 	file_t *fp;
 	struct mount *mp;
 	int error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(fd, &fp)) != 0)
 		return (error);
 	mp = ((struct vnode *)fp->f_data)->v_mount;
 	error = dostatvfs(mp, sb, curlwp, flags, 1);
 	fd_putfile(fd);
 	return error;
+}
 /* ARGSUSED */
 int
 sys_fstatvfs1(struct lwp *l, const struct sys_fstatvfs1_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(struct statvfs *) buf;
 		syscallarg(int) flags;
 	} */
 	struct statvfs *sb;
 	int error;
 	sb = STATVFSBUF_GET();
 	error = do_sys_fstatvfs(l, SCARG(uap, fd), SCARG(uap, flags), sb);
 	if (error == 0)
 		error = copyout(sb, SCARG(uap, buf), sizeof(*sb));
 	STATVFSBUF_PUT(sb);
 	return error;
+}
 /*
  * Get statistics on all filesystems.
  */
 int
 do_sys_getvfsstat(struct lwp *l, void *sfsp, size_t bufsize, int flags,
     int (*copyfn)(const void *, void *, size_t), size_t entry_sz,
     register_t *retval)
+{
 	int root = 0;
 	struct proc *p = l->l_proc;
 	struct mount *mp, *nmp;
 	struct statvfs *sb;
 	size_t count, maxcount;
 	int error = 0;
 	sb = STATVFSBUF_GET();
 	maxcount = bufsize / entry_sz;
 	mutex_enter(&mountlist_lock);
 	count = 0;
 	for (mp = CIRCLEQ_FIRST(&mountlist); mp != (void *)&mountlist;
 	     mp = nmp) {
 		if (vfs_busy(mp, &nmp)) {
 			continue;
+		}
 		if (sfsp && count < maxcount) {
 			error = dostatvfs(mp, sb, l, flags, 0);
 			if (error) {
 				vfs_unbusy(mp, false, &nmp);
 				error = 0;
 				continue;
+			}
 			error = copyfn(sb, sfsp, entry_sz);
 			if (error) {
 				vfs_unbusy(mp, false, NULL);
 				goto out;
+			}
 			sfsp = (char *)sfsp + entry_sz;
 			root |= strcmp(sb->f_mntonname, "/") == 0;
+		}
 		count++;
 		vfs_unbusy(mp, false, &nmp);
+	}
 	mutex_exit(&mountlist_lock);
 	if (root == 0 && p->p_cwdi->cwdi_rdir) {
 		/*
 		 * fake a root entry
 		 */
 		error = dostatvfs(p->p_cwdi->cwdi_rdir->v_mount,
 		    sb, l, flags, 1);
 		if (error != 0)
 			goto out;
 		if (sfsp) {
 			error = copyfn(sb, sfsp, entry_sz);
 			if (error != 0)
 				goto out;
+		}
 		count++;
+	}
 	if (sfsp && count > maxcount)
 		*retval = maxcount;
 	else
 		*retval = count;
 out:
 	STATVFSBUF_PUT(sb);
 	return error;
+}
 int
 sys_getvfsstat(struct lwp *l, const struct sys_getvfsstat_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(struct statvfs *) buf;
 		syscallarg(size_t) bufsize;
 		syscallarg(int) flags;
 	} */
 	return do_sys_getvfsstat(l, SCARG(uap, buf), SCARG(uap, bufsize),
 	    SCARG(uap, flags), copyout, sizeof (struct statvfs), retval);
+}
 /*
  * Change current working directory to a given file descriptor.
  */
 /* ARGSUSED */
 int
 sys_fchdir(struct lwp *l, const struct sys_fchdir_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 	} */
 	struct proc *p = l->l_proc;
 	struct cwdinfo *cwdi;
 	struct vnode *vp, *tdp;
 	struct mount *mp;
 	file_t *fp;
 	int error, fd;
 	/* fd_getvnode() will use the descriptor for us */
 	fd = SCARG(uap, fd);
 	if ((error = fd_getvnode(fd, &fp)) != 0)
 		return (error);
 	vp = fp->f_data;
 	VREF(vp);
 	vn_lock(vp,  LK_EXCLUSIVE | LK_RETRY);
 	if (vp->v_type != VDIR)
 		error = ENOTDIR;
 	else
 		error = VOP_ACCESS(vp, VEXEC, l->l_cred);
 	if (error) {
 		vput(vp);
 		goto out;
+	}
 	while ((mp = vp->v_mountedhere) != NULL) {
 		error = vfs_busy(mp, NULL);
 		vput(vp);
 		if (error != 0)
 			goto out;
 		error = VFS_ROOT(mp, &tdp);
 		vfs_unbusy(mp, false, NULL);
 		if (error)
 			goto out;
 		vp = tdp;
+	}
 	VOP_UNLOCK(vp, 0);
 	/*
 	 * Disallow changing to a directory not under the process's
 	 * current root directory (if there is one).
 	 */
 	cwdi = p->p_cwdi;
 	rw_enter(&cwdi->cwdi_lock, RW_WRITER);
 	if (cwdi->cwdi_rdir && !vn_isunder(vp, NULL, l)) {
 		vrele(vp);
 		error = EPERM;	/* operation not permitted */
 	} else {
 		vrele(cwdi->cwdi_cdir);
 		cwdi->cwdi_cdir = vp;
+	}
 	rw_exit(&cwdi->cwdi_lock);
  out:
 	fd_putfile(fd);
 	return (error);
+}
 /*
  * Change this process's notion of the root directory to a given file
  * descriptor.
  */
 int
 sys_fchroot(struct lwp *l, const struct sys_fchroot_args *uap, register_t *retval)
+{
 	struct proc *p = l->l_proc;
 	struct cwdinfo *cwdi;
 	struct vnode	*vp;
 	file_t	*fp;
 	int		 error, fd = SCARG(uap, fd);
 	if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHROOT,