 @@ -1,1072 +1,1072 @@
-/*	$NetBSD: vfs_syscalls.c,v 1.441 2011/11/18 21:17:45 christos Exp $	*/
+/*	$NetBSD: vfs_syscalls.c,v 1.442 2011/12/02 12:30:14 yamt Exp $	*/
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Andrew Doran.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
  * (c) UNIX System Laboratories, Inc.
  * All or some portions of this file are derived from material licensed
  * to the University of California by American Telephone and Telegraph
  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
  * the permission of UNIX System Laboratories, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)vfs_syscalls.c	8.42 (Berkeley) 7/31/95
  */
 /*
  * Virtual File System System Calls
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.441 2011/11/18 21:17:45 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.442 2011/12/02 12:30:14 yamt Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_fileassoc.h"
 #include "veriexec.h"
 #endif
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/namei.h>
 #include <sys/filedesc.h>
 #include <sys/kernel.h>
 #include <sys/file.h>
 #include <sys/fcntl.h>
 #include <sys/stat.h>
 #include <sys/vnode.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/uio.h>
 #include <sys/kmem.h>
 #include <sys/dirent.h>
 #include <sys/sysctl.h>
 #include <sys/syscallargs.h>
 #include <sys/vfs_syscalls.h>
 #include <sys/ktrace.h>
 #ifdef FILEASSOC
 #include <sys/fileassoc.h>
 #endif /* FILEASSOC */
 #include <sys/extattr.h>
 #include <sys/verified_exec.h>
 #include <sys/kauth.h>
 #include <sys/atomic.h>
 #include <sys/module.h>
 #include <sys/buf.h>
 #include <miscfs/genfs/genfs.h>
 #include <miscfs/syncfs/syncfs.h>
 #include <miscfs/specfs/specdev.h>
 #include <nfs/rpcv2.h>
 #include <nfs/nfsproto.h>
 #include <nfs/nfs.h>
 #include <nfs/nfs_var.h>
 static int change_flags(struct vnode *, u_long, struct lwp *);
 static int change_mode(struct vnode *, int, struct lwp *l);
 static int change_owner(struct vnode *, uid_t, gid_t, struct lwp *, int);
 /*
  * This table is used to maintain compatibility with 4.3BSD
  * and NetBSD 0.9 mount syscalls - and possibly other systems.
  * Note, the order is important!
+ *
  * Do not modify this table. It should only contain filesystems
  * supported by NetBSD 0.9 and 4.3BSD.
  */
 const char * const mountcompatnames[] = {
 	NULL,		/* 0 = MOUNT_NONE */
 	MOUNT_FFS,	/* 1 = MOUNT_UFS */
 	MOUNT_NFS,	/* 2 */
 	MOUNT_MFS,	/* 3 */
 	MOUNT_MSDOS,	/* 4 */
 	MOUNT_CD9660,	/* 5 = MOUNT_ISOFS */
 	MOUNT_FDESC,	/* 6 */
 	MOUNT_KERNFS,	/* 7 */
 	NULL,		/* 8 = MOUNT_DEVFS */
 	MOUNT_AFS,	/* 9 */
 };
 const int nmountcompatnames = __arraycount(mountcompatnames);
 static int
 open_setfp(struct lwp *l, file_t *fp, struct vnode *vp, int indx, int flags)
+{
 	int error;
 	fp->f_flag = flags & FMASK;
 	fp->f_type = DTYPE_VNODE;
 	fp->f_ops = &vnops;
 	fp->f_data = vp;
 	if (flags & (O_EXLOCK | O_SHLOCK)) {
 		struct flock lf;
 		int type;
 		lf.l_whence = SEEK_SET;
 		lf.l_start = 0;
 		lf.l_len = 0;
 		if (flags & O_EXLOCK)
 			lf.l_type = F_WRLCK;
 		else
 			lf.l_type = F_RDLCK;
 		type = F_FLOCK;
 		if ((flags & FNONBLOCK) == 0)
 			type |= F_WAIT;
 		VOP_UNLOCK(vp);
 		error = VOP_ADVLOCK(vp, fp, F_SETLK, &lf, type);
 		if (error) {
 			(void) vn_close(vp, fp->f_flag, fp->f_cred);
 			fd_abort(l->l_proc, fp, indx);
 			return error;
+		}
 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 		atomic_or_uint(&fp->f_flag, FHASLOCK);
+	}
 	if (flags & O_CLOEXEC)
 		fd_set_exclose(l, indx, true);
 	return 0;
+}
 static int
 mount_update(struct lwp *l, struct vnode *vp, const char *path, int flags,
     void *data, size_t *data_len)
+{
 	struct mount *mp;
 	int error = 0, saved_flags;
 	mp = vp->v_mount;
 	saved_flags = mp->mnt_flag;
 	/* We can operate only on VV_ROOT nodes. */
 	if ((vp->v_vflag & VV_ROOT) == 0) {
 		error = EINVAL;
 		goto out;
+	}
 	/*
 	 * We only allow the filesystem to be reloaded if it
 	 * is currently mounted read-only.  Additionally, we
 	 * prevent read-write to read-only downgrades.
 	 */
 	if ((flags & (MNT_RELOAD | MNT_RDONLY)) != 0 &&
 	    (mp->mnt_flag & MNT_RDONLY) == 0 &&
 	    (mp->mnt_iflag & IMNT_CAN_RWTORO) == 0) {
 		error = EOPNOTSUPP;	/* Needs translation */
 		goto out;
+	}
 	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
 	    KAUTH_REQ_SYSTEM_MOUNT_UPDATE, mp, KAUTH_ARG(flags), data);
 	if (error)
 		goto out;
 	if (vfs_busy(mp, NULL)) {
 		error = EPERM;
 		goto out;
+	}
 	mutex_enter(&mp->mnt_updating);
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	mp->mnt_flag |= flags & MNT_OP_FLAGS;
 	/*
 	 * Set the mount level flags.
 	 */
 	if (flags & MNT_RDONLY)
 		mp->mnt_flag |= MNT_RDONLY;
 	else if (mp->mnt_flag & MNT_RDONLY)
 		mp->mnt_iflag |= IMNT_WANTRDWR;
 	mp->mnt_flag &= ~MNT_BASIC_FLAGS;
 	mp->mnt_flag |= flags & MNT_BASIC_FLAGS;
 	error = VFS_MOUNT(mp, path, data, data_len);
 	if (error && data != NULL) {
 		int error2;
 		/*
 		 * Update failed; let's try and see if it was an
 		 * export request.  For compat with 3.0 and earlier.
 		 */
 		error2 = vfs_hooks_reexport(mp, path, data);
 		/*
 		 * Only update error code if the export request was
 		 * understood but some problem occurred while
 		 * processing it.
 		 */
 		if (error2 != EJUSTRETURN)
 			error = error2;
+	}
 	if (mp->mnt_iflag & IMNT_WANTRDWR)
 		mp->mnt_flag &= ~MNT_RDONLY;
 	if (error)
 		mp->mnt_flag = saved_flags;
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	mp->mnt_iflag &= ~IMNT_WANTRDWR;
 	if ((mp->mnt_flag & (MNT_RDONLY | MNT_ASYNC)) == 0) {
 		if (mp->mnt_syncer == NULL)
 			error = vfs_allocate_syncvnode(mp);
 	} else {
 		if (mp->mnt_syncer != NULL)
 			vfs_deallocate_syncvnode(mp);
+	}
 	mutex_exit(&mp->mnt_updating);
 	vfs_unbusy(mp, false, NULL);
 	if ((error == 0) && !(saved_flags & MNT_EXTATTR) &&
 	    (flags & MNT_EXTATTR)) {
 		if (VFS_EXTATTRCTL(vp->v_mount, EXTATTR_CMD_START,
 				   NULL, 0, NULL) != 0) {
 			printf("%s: failed to start extattr, error = %d",
 			       vp->v_mount->mnt_stat.f_mntonname, error);
 			mp->mnt_flag &= ~MNT_EXTATTR;
+		}
+	}
 	if ((error == 0) && (saved_flags & MNT_EXTATTR) &&
 	    !(flags & MNT_EXTATTR)) {
 		if (VFS_EXTATTRCTL(vp->v_mount, EXTATTR_CMD_STOP,
 				   NULL, 0, NULL) != 0) {
 			printf("%s: failed to stop extattr, error = %d",
 			       vp->v_mount->mnt_stat.f_mntonname, error);
 			mp->mnt_flag |= MNT_RDONLY;
+		}
+	}
  out:
 	return (error);
+}
 static int
 mount_get_vfsops(const char *fstype, struct vfsops **vfsops)
+{
 	char fstypename[sizeof(((struct statvfs *)NULL)->f_fstypename)];
 	int error;
 	/* Copy file-system type from userspace.  */
 	error = copyinstr(fstype, fstypename, sizeof(fstypename), NULL);
 	if (error) {
 		/*
 		 * Historically, filesystem types were identified by numbers.
 		 * If we get an integer for the filesystem type instead of a
 		 * string, we check to see if it matches one of the historic
 		 * filesystem types.
 		 */
 		u_long fsindex = (u_long)fstype;
 		if (fsindex >= nmountcompatnames ||
 		    mountcompatnames[fsindex] == NULL)
 			return ENODEV;
 		strlcpy(fstypename, mountcompatnames[fsindex],
 		    sizeof(fstypename));
+	}
 	/* Accept `ufs' as an alias for `ffs', for compatibility. */
 	if (strcmp(fstypename, "ufs") == 0)
 		fstypename[0] = 'f';
 	if ((*vfsops = vfs_getopsbyname(fstypename)) != NULL)
 		return 0;
 	/* If we can autoload a vfs module, try again */
 	(void)module_autoload(fstypename, MODULE_CLASS_VFS);
 	if ((*vfsops = vfs_getopsbyname(fstypename)) != NULL)
 		return 0;
 	return ENODEV;
+}
 static int
 mount_getargs(struct lwp *l, struct vnode *vp, const char *path, int flags,
     void *data, size_t *data_len)
+{
 	struct mount *mp;
 	int error;
 	/* If MNT_GETARGS is specified, it should be the only flag. */
 	if (flags & ~MNT_GETARGS)
 		return EINVAL;
 	mp = vp->v_mount;
 	/* XXX: probably some notion of "can see" here if we want isolation. */
 	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
 	    KAUTH_REQ_SYSTEM_MOUNT_GET, mp, data, NULL);
 	if (error)
 		return error;
 	if ((vp->v_vflag & VV_ROOT) == 0)
 		return EINVAL;
 	if (vfs_busy(mp, NULL))
 		return EPERM;
 	mutex_enter(&mp->mnt_updating);
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	mp->mnt_flag |= MNT_GETARGS;
 	error = VFS_MOUNT(mp, path, data, data_len);
 	mp->mnt_flag &= ~MNT_OP_FLAGS;
 	mutex_exit(&mp->mnt_updating);
 	vfs_unbusy(mp, false, NULL);
 	return (error);
+}
 int
 sys___mount50(struct lwp *l, const struct sys___mount50_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) type;
 		syscallarg(const char *) path;
 		syscallarg(int) flags;
 		syscallarg(void *) data;
 		syscallarg(size_t) data_len;
 	} */
 	return do_sys_mount(l, NULL, SCARG(uap, type), SCARG(uap, path),
 	    SCARG(uap, flags), SCARG(uap, data), UIO_USERSPACE,
 	    SCARG(uap, data_len), retval);
+}
 int
 do_sys_mount(struct lwp *l, struct vfsops *vfsops, const char *type,
     const char *path, int flags, void *data, enum uio_seg data_seg,
     size_t data_len, register_t *retval)
+{
 	struct vnode *vp;
 	void *data_buf = data;
 	bool vfsopsrele = false;
 	int error;
 	/* XXX: The calling convention of this routine is totally bizarre */
 	if (vfsops)
 		vfsopsrele = true;
 	/*
 	 * Get vnode to be covered
 	 */
 	error = namei_simple_user(path, NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0) {
 		vp = NULL;
 		goto done;
+	}
 	if (vfsops == NULL) {
 		if (flags & (MNT_GETARGS | MNT_UPDATE)) {
 			vfsops = vp->v_mount->mnt_op;
 		} else {
 			/* 'type' is userspace */
 			error = mount_get_vfsops(type, &vfsops);
 			if (error != 0)
 				goto done;
 			vfsopsrele = true;
+		}
+	}
 	if (data != NULL && data_seg == UIO_USERSPACE) {
 		if (data_len == 0) {
 			/* No length supplied, use default for filesystem */
 			data_len = vfsops->vfs_min_mount_data;
 			if (data_len > VFS_MAX_MOUNT_DATA) {
 				error = EINVAL;
 				goto done;
+			}
 			/*
 			 * Hopefully a longer buffer won't make copyin() fail.
 			 * For compatibility with 3.0 and earlier.
 			 */
 			if (flags & MNT_UPDATE
 			    && data_len < sizeof (struct mnt_export_args30))
 				data_len = sizeof (struct mnt_export_args30);
+		}
 		data_buf = kmem_alloc(data_len, KM_SLEEP);
 		/* NFS needs the buffer even for mnt_getargs .... */
 		error = copyin(data, data_buf, data_len);
 		if (error != 0)
 			goto done;
+	}
 	if (flags & MNT_GETARGS) {
 		if (data_len == 0) {
 			error = EINVAL;
 			goto done;
+		}
 		error = mount_getargs(l, vp, path, flags, data_buf, &data_len);
 		if (error != 0)
 			goto done;
 		if (data_seg == UIO_USERSPACE)
 			error = copyout(data_buf, data, data_len);
 		*retval = data_len;
 	} else if (flags & MNT_UPDATE) {
 		error = mount_update(l, vp, path, flags, data_buf, &data_len);
 	} else {
 		/* Locking is handled internally in mount_domount(). */
 		KASSERT(vfsopsrele == true);
 		error = mount_domount(l, &vp, vfsops, path, flags, data_buf,
 		    &data_len);
 		vfsopsrele = false;
 		if ((error == 0) && (flags & MNT_EXTATTR)) {
 			if (VFS_EXTATTRCTL(vp->v_mount, EXTATTR_CMD_START,
 					   NULL, 0, NULL) != 0)
 				printf("%s: failed to start extattr",
 				       vp->v_mount->mnt_stat.f_mntonname);
 				/* XXX remove flag */
+		}
+	}
     done:
 	if (vfsopsrele)
 		vfs_delref(vfsops);
     	if (vp != NULL) {
 	    	vrele(vp);
+	}
 	if (data_buf != data)
 		kmem_free(data_buf, data_len);
 	return (error);
+}
 /*
  * Unmount a file system.
+ *
  * Note: unmount takes a path to the vnode mounted on as argument,
  * not special file (as before).
  */
 /* ARGSUSED */
 int
 sys_unmount(struct lwp *l, const struct sys_unmount_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(int) flags;
 	} */
 	struct vnode *vp;
 	struct mount *mp;
 	int error;
 	struct pathbuf *pb;
 	struct nameidata nd;
 	error = pathbuf_copyin(SCARG(uap, path), &pb);
 	if (error) {
 		return error;
+	}
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, pb);
 	if ((error = namei(&nd)) != 0) {
 		pathbuf_destroy(pb);
 		return error;
+	}
 	vp = nd.ni_vp;
 	pathbuf_destroy(pb);
 	mp = vp->v_mount;
 	atomic_inc_uint(&mp->mnt_refcnt);
 	VOP_UNLOCK(vp);
 	error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
 	    KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT, mp, NULL, NULL);
 	if (error) {
 		vrele(vp);
 		vfs_destroy(mp);
 		return (error);
+	}
 	/*
 	 * Don't allow unmounting the root file system.
 	 */
 	if (mp->mnt_flag & MNT_ROOTFS) {
 		vrele(vp);
 		vfs_destroy(mp);
 		return (EINVAL);
+	}
 	/*
 	 * Must be the root of the filesystem
 	 */
 	if ((vp->v_vflag & VV_ROOT) == 0) {
 		vrele(vp);
 		vfs_destroy(mp);
 		return (EINVAL);
+	}
 	vrele(vp);
 	error = dounmount(mp, SCARG(uap, flags), l);
 	vfs_destroy(mp);
 	return error;
+}
 /*
  * Sync each mounted filesystem.
  */
 #ifdef DEBUG
 int syncprt = 0;
 struct ctldebug debug0 = { "syncprt", &syncprt };
 #endif
 void
 do_sys_sync(struct lwp *l)
+{
 	struct mount *mp, *nmp;
 	int asyncflag;
 	mutex_enter(&mountlist_lock);
 	for (mp = CIRCLEQ_FIRST(&mountlist); mp != (void *)&mountlist;
 	     mp = nmp) {
 		if (vfs_busy(mp, &nmp)) {
 			continue;
+		}
 		mutex_enter(&mp->mnt_updating);
 		if ((mp->mnt_flag & MNT_RDONLY) == 0) {
 			asyncflag = mp->mnt_flag & MNT_ASYNC;
 			mp->mnt_flag &= ~MNT_ASYNC;
 			VFS_SYNC(mp, MNT_NOWAIT, l->l_cred);
 			if (asyncflag)
 				 mp->mnt_flag |= MNT_ASYNC;
+		}
 		mutex_exit(&mp->mnt_updating);
 		vfs_unbusy(mp, false, &nmp);
+	}
 	mutex_exit(&mountlist_lock);
 #ifdef DEBUG
 	if (syncprt)
 		vfs_bufstats();
 #endif /* DEBUG */
+}
 /* ARGSUSED */
 int
 sys_sync(struct lwp *l, const void *v, register_t *retval)
+{
 	do_sys_sync(l);
 	return (0);
+}
 /*
  * Change filesystem quotas.
  */
 /* ARGSUSED */
 int
 sys___quotactl50(struct lwp *l, const struct sys___quotactl50_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(struct plistref *) pref;
 	} */
 	struct mount *mp;
 	int error;
 	struct vnode *vp;
 	prop_dictionary_t dict;
 	struct plistref pref;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	mp = vp->v_mount;
 	error = copyin(SCARG(uap, pref), &pref, sizeof(pref));
 	if (error)
 		return error;
 	error = prop_dictionary_copyin(&pref, &dict);
 	if (error)
 		return error;
 	error = VFS_QUOTACTL(mp, dict);
 	vrele(vp);
 	if (!error)
 		error = prop_dictionary_copyout(&pref, dict);
 	if (!error)
 		error = copyout(&pref, SCARG(uap, pref), sizeof(pref));
 	prop_object_release(dict);
 	return (error);
+}
 int
 dostatvfs(struct mount *mp, struct statvfs *sp, struct lwp *l, int flags,
     int root)
+{
 	struct cwdinfo *cwdi = l->l_proc->p_cwdi;
 	int error = 0;
 	/*
 	 * If MNT_NOWAIT or MNT_LAZY is specified, do not
 	 * refresh the fsstat cache. MNT_WAIT or MNT_LAZY
 	 * overrides MNT_NOWAIT.
 	 */
 	if (flags == MNT_NOWAIT	|| flags == MNT_LAZY ||
 	    (flags != MNT_WAIT && flags != 0)) {
 		memcpy(sp, &mp->mnt_stat, sizeof(*sp));
 		goto done;
+	}
 	/* Get the filesystem stats now */
 	memset(sp, 0, sizeof(*sp));
 	if ((error = VFS_STATVFS(mp, sp)) != 0) {
 		return error;
+	}
 	if (cwdi->cwdi_rdir == NULL)
 		(void)memcpy(&mp->mnt_stat, sp, sizeof(mp->mnt_stat));
 done:
 	if (cwdi->cwdi_rdir != NULL) {
 		size_t len;
 		char *bp;
 		char c;
 		char *path = PNBUF_GET();
 		bp = path + MAXPATHLEN;
 		*--bp = '\0';
 		rw_enter(&cwdi->cwdi_lock, RW_READER);
 		error = getcwd_common(cwdi->cwdi_rdir, rootvnode, &bp, path,
 		    MAXPATHLEN / 2, 0, l);
 		rw_exit(&cwdi->cwdi_lock);
 		if (error) {
 			PNBUF_PUT(path);
 			return error;
+		}
 		len = strlen(bp);
 		if (len != 1) {
 			/*
 			 * for mount points that are below our root, we can see
 			 * them, so we fix up the pathname and return them. The
 			 * rest we cannot see, so we don't allow viewing the
 			 * data.
 			 */
 			if (strncmp(bp, sp->f_mntonname, len) == 0 &&
 			    ((c = sp->f_mntonname[len]) == '/' || c == '\0')) {
 				(void)strlcpy(sp->f_mntonname,
 				    c == '\0' ? "/" : &sp->f_mntonname[len],
 				    sizeof(sp->f_mntonname));
 			} else {
 				if (root)
 					(void)strlcpy(sp->f_mntonname, "/",
 					    sizeof(sp->f_mntonname));
 				else
 					error = EPERM;
+			}
+		}
 		PNBUF_PUT(path);
+	}
 	sp->f_flag = mp->mnt_flag & MNT_VISFLAGMASK;
 	return error;
+}
 /*
  * Get filesystem statistics by path.
  */
 int
 do_sys_pstatvfs(struct lwp *l, const char *path, int flags, struct statvfs *sb)
+{
 	struct mount *mp;
 	int error;
 	struct vnode *vp;
 	error = namei_simple_user(path, NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return error;
 	mp = vp->v_mount;
 	error = dostatvfs(mp, sb, l, flags, 1);
 	vrele(vp);
 	return error;
+}
 /* ARGSUSED */
 int
 sys_statvfs1(struct lwp *l, const struct sys_statvfs1_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(struct statvfs *) buf;
 		syscallarg(int) flags;
 	} */
 	struct statvfs *sb;
 	int error;
 	sb = STATVFSBUF_GET();
 	error = do_sys_pstatvfs(l, SCARG(uap, path), SCARG(uap, flags), sb);
 	if (error == 0)
 		error = copyout(sb, SCARG(uap, buf), sizeof(*sb));
 	STATVFSBUF_PUT(sb);
 	return error;
+}
 /*
  * Get filesystem statistics by fd.
  */
 int
 do_sys_fstatvfs(struct lwp *l, int fd, int flags, struct statvfs *sb)
+{
 	file_t *fp;
 	struct mount *mp;
 	int error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(fd, &fp)) != 0)
 		return (error);
 	mp = ((struct vnode *)fp->f_data)->v_mount;
 	error = dostatvfs(mp, sb, curlwp, flags, 1);
 	fd_putfile(fd);
 	return error;
+}
 /* ARGSUSED */
 int
 sys_fstatvfs1(struct lwp *l, const struct sys_fstatvfs1_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(struct statvfs *) buf;
 		syscallarg(int) flags;
 	} */
 	struct statvfs *sb;
 	int error;
 	sb = STATVFSBUF_GET();
 	error = do_sys_fstatvfs(l, SCARG(uap, fd), SCARG(uap, flags), sb);
 	if (error == 0)
 		error = copyout(sb, SCARG(uap, buf), sizeof(*sb));
 	STATVFSBUF_PUT(sb);
 	return error;
+}
 /*
  * Get statistics on all filesystems.
  */
 int
 do_sys_getvfsstat(struct lwp *l, void *sfsp, size_t bufsize, int flags,
     int (*copyfn)(const void *, void *, size_t), size_t entry_sz,
     register_t *retval)
+{
 	int root = 0;
 	struct proc *p = l->l_proc;
 	struct mount *mp, *nmp;
 	struct statvfs *sb;
 	size_t count, maxcount;
 	int error = 0;
 	sb = STATVFSBUF_GET();
 	maxcount = bufsize / entry_sz;
 	mutex_enter(&mountlist_lock);
 	count = 0;
 	for (mp = CIRCLEQ_FIRST(&mountlist); mp != (void *)&mountlist;
 	     mp = nmp) {
 		if (vfs_busy(mp, &nmp)) {
 			continue;
+		}
 		if (sfsp && count < maxcount) {
 			error = dostatvfs(mp, sb, l, flags, 0);
 			if (error) {
 				vfs_unbusy(mp, false, &nmp);
 				error = 0;
 				continue;
+			}
 			error = copyfn(sb, sfsp, entry_sz);
 			if (error) {
 				vfs_unbusy(mp, false, NULL);
 				goto out;
+			}
 			sfsp = (char *)sfsp + entry_sz;
 			root |= strcmp(sb->f_mntonname, "/") == 0;
+		}
 		count++;
 		vfs_unbusy(mp, false, &nmp);
+	}
 	mutex_exit(&mountlist_lock);
 	if (root == 0 && p->p_cwdi->cwdi_rdir) {
 		/*
 		 * fake a root entry
 		 */
 		error = dostatvfs(p->p_cwdi->cwdi_rdir->v_mount,
 		    sb, l, flags, 1);
 		if (error != 0)
 			goto out;
 		if (sfsp) {
 			error = copyfn(sb, sfsp, entry_sz);
 			if (error != 0)
 				goto out;
+		}
 		count++;
+	}
 	if (sfsp && count > maxcount)
 		*retval = maxcount;
 	else
 		*retval = count;
 out:
 	STATVFSBUF_PUT(sb);
 	return error;
+}
 int
 sys_getvfsstat(struct lwp *l, const struct sys_getvfsstat_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(struct statvfs *) buf;
 		syscallarg(size_t) bufsize;
 		syscallarg(int) flags;
 	} */
 	return do_sys_getvfsstat(l, SCARG(uap, buf), SCARG(uap, bufsize),
 	    SCARG(uap, flags), copyout, sizeof (struct statvfs), retval);
+}
 /*
  * Change current working directory to a given file descriptor.
  */
 /* ARGSUSED */
 int
 sys_fchdir(struct lwp *l, const struct sys_fchdir_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 	} */
 	struct proc *p = l->l_proc;
 	struct cwdinfo *cwdi;
 	struct vnode *vp, *tdp;
 	struct mount *mp;
 	file_t *fp;
 	int error, fd;
 	/* fd_getvnode() will use the descriptor for us */
 	fd = SCARG(uap, fd);
 	if ((error = fd_getvnode(fd, &fp)) != 0)
 		return (error);
 	vp = fp->f_data;
 	vref(vp);
 	vn_lock(vp,  LK_EXCLUSIVE | LK_RETRY);
 	if (vp->v_type != VDIR)
 		error = ENOTDIR;
 	else
 		error = VOP_ACCESS(vp, VEXEC, l->l_cred);
 	if (error) {
 		vput(vp);
 		goto out;
+	}
 	while ((mp = vp->v_mountedhere) != NULL) {
 		error = vfs_busy(mp, NULL);
 		vput(vp);
 		if (error != 0)
 			goto out;
 		error = VFS_ROOT(mp, &tdp);
 		vfs_unbusy(mp, false, NULL);
 		if (error)
 			goto out;
 		vp = tdp;
+	}
 	VOP_UNLOCK(vp);
 	/*
 	 * Disallow changing to a directory not under the process's
 	 * current root directory (if there is one).
 	 */
 	cwdi = p->p_cwdi;
 	rw_enter(&cwdi->cwdi_lock, RW_WRITER);
 	if (cwdi->cwdi_rdir && !vn_isunder(vp, NULL, l)) {
 		vrele(vp);
 		error = EPERM;	/* operation not permitted */
 	} else {
 		vrele(cwdi->cwdi_cdir);
 		cwdi->cwdi_cdir = vp;
+	}
 	rw_exit(&cwdi->cwdi_lock);
  out:
 	fd_putfile(fd);
 	return (error);
+}
 /*
  * Change this process's notion of the root directory to a given file
  * descriptor.
  */
 int
 sys_fchroot(struct lwp *l, const struct sys_fchroot_args *uap, register_t *retval)
+{
 	struct proc *p = l->l_proc;
 	struct vnode	*vp;
 	file_t	*fp;
 	int		 error, fd = SCARG(uap, fd);
 	if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHROOT,
  	    KAUTH_REQ_SYSTEM_CHROOT_FCHROOT, NULL, NULL, NULL)) != 0)
 		return error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(fd, &fp)) != 0)
 		return error;
 	vp = fp->f_data;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	if (vp->v_type != VDIR)
 		error = ENOTDIR;
 	else
 		error = VOP_ACCESS(vp, VEXEC, l->l_cred);
 	VOP_UNLOCK(vp);
 	if (error)
 		goto out;
 	vref(vp);
 	change_root(p->p_cwdi, vp, l);
  out:
 	fd_putfile(fd);
 	return (error);
+}
 /*
  * Change current working directory (``.'').
  */
 /* ARGSUSED */
 int
 sys_chdir(struct lwp *l, const struct sys_chdir_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 	} */
 	struct proc *p = l->l_proc;
 	struct cwdinfo *cwdi;
 	int error;
 	struct vnode *vp;
 	if ((error = chdir_lookup(SCARG(uap, path), UIO_USERSPACE,
 				  &vp, l)) != 0)
 		return (error);
 	cwdi = p->p_cwdi;
 	rw_enter(&cwdi->cwdi_lock, RW_WRITER);
 	vrele(cwdi->cwdi_cdir);
 	cwdi->cwdi_cdir = vp;
 	rw_exit(&cwdi->cwdi_lock);
 	return (0);
+}
 /*
  * Change notion of root (``/'') directory.
  */
 /* ARGSUSED */
 int
 sys_chroot(struct lwp *l, const struct sys_chroot_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 	} */
 	struct proc *p = l->l_proc;
 	int error;
 	struct vnode *vp;
 	if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHROOT,
 	    KAUTH_REQ_SYSTEM_CHROOT_CHROOT, NULL, NULL, NULL)) != 0)
 		return (error);
 	if ((error = chdir_lookup(SCARG(uap, path), UIO_USERSPACE,
 				  &vp, l)) != 0)
 		return (error);
 	change_root(p->p_cwdi, vp, l);
 	return (0);
+}
 /*
  * Common routine for chroot and fchroot.
  * NB: callers need to properly authorize the change root operation.
  */
 void
 change_root(struct cwdinfo *cwdi, struct vnode *vp, struct lwp *l)
+{
 	rw_enter(&cwdi->cwdi_lock, RW_WRITER);
 	if (cwdi->cwdi_rdir != NULL)
 		vrele(cwdi->cwdi_rdir);
 	cwdi->cwdi_rdir = vp;
 	/*
 	 * Prevent escaping from chroot by putting the root under
 	 * the working directory.  Silently chdir to / if we aren't
 	 * already there.
 	 */
 	if (!vn_isunder(cwdi->cwdi_cdir, vp, l)) {
 		/*
 		 * XXX would be more failsafe to change directory to a
 		 * deadfs node here instead
 		 */
 		vrele(cwdi->cwdi_cdir);
 		vref(vp);
 		cwdi->cwdi_cdir = vp;
+	}
 	rw_exit(&cwdi->cwdi_lock);
+}
 /*
  * Common routine for chroot and chdir.
  * XXX "where" should be enum uio_seg
  */
 int
 chdir_lookup(const char *path, int where, struct vnode **vpp, struct lwp *l)
+{
 	struct pathbuf *pb;
 	struct nameidata nd;
 	int error;
 	error = pathbuf_maybe_copyin(path, where, &pb);
 	if (error) {
 		return error;
+	}
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, pb);
 	if ((error = namei(&nd)) != 0) {
 		pathbuf_destroy(pb);
 		return error;
+	}
 @@ -2573,1285 +2573,1284 @@ sys_chflags(struct lwp *l, const struct
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = change_flags(vp, SCARG(uap, flags), l);
 	vput(vp);
 	return (error);
+}
 /*
  * Change flags of a file given a file descriptor.
  */
 /* ARGSUSED */
 int
 sys_fchflags(struct lwp *l, const struct sys_fchflags_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(u_long) flags;
 	} */
 	struct vnode *vp;
 	file_t *fp;
 	int error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	vp = fp->f_data;
 	error = change_flags(vp, SCARG(uap, flags), l);
 	VOP_UNLOCK(vp);
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 /*
  * Change flags of a file given a path name; this version does
  * not follow links.
  */
 int
 sys_lchflags(struct lwp *l, const struct sys_lchflags_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(u_long) flags;
 	} */
 	struct vnode *vp;
 	int error;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_NOFOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = change_flags(vp, SCARG(uap, flags), l);
 	vput(vp);
 	return (error);
+}
 /*
  * Common routine to change flags of a file.
  */
 int
 change_flags(struct vnode *vp, u_long flags, struct lwp *l)
+{
 	struct vattr vattr;
 	int error;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	/*
 	 * Non-superusers cannot change the flags on devices, even if they
 	 * own them.
 	 */
 	if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
 		if ((error = VOP_GETATTR(vp, &vattr, l->l_cred)) != 0)
 			goto out;
 		if (vattr.va_type == VCHR || vattr.va_type == VBLK) {
 			error = EINVAL;
 			goto out;
+		}
+	}
 	vattr_null(&vattr);
 	vattr.va_flags = flags;
 	error = VOP_SETATTR(vp, &vattr, l->l_cred);
 out:
 	return (error);
+}
 /*
  * Change mode of a file given path name; this version follows links.
  */
 /* ARGSUSED */
 int
 sys_chmod(struct lwp *l, const struct sys_chmod_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(int) mode;
 	} */
 	int error;
 	struct vnode *vp;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = change_mode(vp, SCARG(uap, mode), l);
 	vrele(vp);
 	return (error);
+}
 /*
  * Change mode of a file given a file descriptor.
  */
 /* ARGSUSED */
 int
 sys_fchmod(struct lwp *l, const struct sys_fchmod_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(int) mode;
 	} */
 	file_t *fp;
 	int error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	error = change_mode(fp->f_data, SCARG(uap, mode), l);
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 int
 sys_fchmodat(struct lwp *l, const struct sys_fchmodat_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(const char *) path;
 		syscallarg(int) mode;
 		syscallarg(int) flag;
 	} */
 	return ENOSYS;
+}
 /*
  * Change mode of a file given path name; this version does not follow links.
  */
 /* ARGSUSED */
 int
 sys_lchmod(struct lwp *l, const struct sys_lchmod_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(int) mode;
 	} */
 	int error;
 	struct vnode *vp;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_NOFOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = change_mode(vp, SCARG(uap, mode), l);
 	vrele(vp);
 	return (error);
+}
 /*
  * Common routine to set mode given a vnode.
  */
 static int
 change_mode(struct vnode *vp, int mode, struct lwp *l)
+{
 	struct vattr vattr;
 	int error;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	vattr_null(&vattr);
 	vattr.va_mode = mode & ALLPERMS;
 	error = VOP_SETATTR(vp, &vattr, l->l_cred);
 	VOP_UNLOCK(vp);
 	return (error);
+}
 /*
  * Set ownership given a path name; this version follows links.
  */
 /* ARGSUSED */
 int
 sys_chown(struct lwp *l, const struct sys_chown_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(uid_t) uid;
 		syscallarg(gid_t) gid;
 	} */
 	int error;
 	struct vnode *vp;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = change_owner(vp, SCARG(uap, uid), SCARG(uap, gid), l, 0);
 	vrele(vp);
 	return (error);
+}
 /*
  * Set ownership given a path name; this version follows links.
  * Provides POSIX semantics.
  */
 /* ARGSUSED */
 int
 sys___posix_chown(struct lwp *l, const struct sys___posix_chown_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(uid_t) uid;
 		syscallarg(gid_t) gid;
 	} */
 	int error;
 	struct vnode *vp;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = change_owner(vp, SCARG(uap, uid), SCARG(uap, gid), l, 1);
 	vrele(vp);
 	return (error);
+}
 /*
  * Set ownership given a file descriptor.
  */
 /* ARGSUSED */
 int
 sys_fchown(struct lwp *l, const struct sys_fchown_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(uid_t) uid;
 		syscallarg(gid_t) gid;
 	} */
 	int error;
 	file_t *fp;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	error = change_owner(fp->f_data, SCARG(uap, uid), SCARG(uap, gid),
 	    l, 0);
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 int
 sys_fchownat(struct lwp *l, const struct sys_fchownat_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(const char *) path;
 		syscallarg(uid_t) uid;
 		syscallarg(gid_t) gid;
 		syscallarg(int) flag;
 	} */
 	return ENOSYS;
+}
 /*
  * Set ownership given a file descriptor, providing POSIX/XPG semantics.
  */
 /* ARGSUSED */
 int
 sys___posix_fchown(struct lwp *l, const struct sys___posix_fchown_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(uid_t) uid;
 		syscallarg(gid_t) gid;
 	} */
 	int error;
 	file_t *fp;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	error = change_owner(fp->f_data, SCARG(uap, uid), SCARG(uap, gid),
 	    l, 1);
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 /*
  * Set ownership given a path name; this version does not follow links.
  */
 /* ARGSUSED */
 int
 sys_lchown(struct lwp *l, const struct sys_lchown_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(uid_t) uid;
 		syscallarg(gid_t) gid;
 	} */
 	int error;
 	struct vnode *vp;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_NOFOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = change_owner(vp, SCARG(uap, uid), SCARG(uap, gid), l, 0);
 	vrele(vp);
 	return (error);
+}
 /*
  * Set ownership given a path name; this version does not follow links.
  * Provides POSIX/XPG semantics.
  */
 /* ARGSUSED */
 int
 sys___posix_lchown(struct lwp *l, const struct sys___posix_lchown_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(uid_t) uid;
 		syscallarg(gid_t) gid;
 	} */
 	int error;
 	struct vnode *vp;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_NOFOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = change_owner(vp, SCARG(uap, uid), SCARG(uap, gid), l, 1);
 	vrele(vp);
 	return (error);
+}
 /*
  * Common routine to set ownership given a vnode.
  */
 static int
 change_owner(struct vnode *vp, uid_t uid, gid_t gid, struct lwp *l,
     int posix_semantics)
+{
 	struct vattr vattr;
 	mode_t newmode;
 	int error;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	if ((error = VOP_GETATTR(vp, &vattr, l->l_cred)) != 0)
 		goto out;
 #define CHANGED(x) ((int)(x) != -1)
 	newmode = vattr.va_mode;
 	if (posix_semantics) {
 		/*
 		 * POSIX/XPG semantics: if the caller is not the super-user,
 		 * clear set-user-id and set-group-id bits.  Both POSIX and
 		 * the XPG consider the behaviour for calls by the super-user
 		 * implementation-defined; we leave the set-user-id and set-
 		 * group-id settings intact in that case.
 		 */
 		if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
 				      NULL) != 0)
 			newmode &= ~(S_ISUID | S_ISGID);
 	} else {
 		/*
 		 * NetBSD semantics: when changing owner and/or group,
 		 * clear the respective bit(s).
 		 */
 		if (CHANGED(uid))
 			newmode &= ~S_ISUID;
 		if (CHANGED(gid))
 			newmode &= ~S_ISGID;
+	}
 	/* Update va_mode iff altered. */
 	if (vattr.va_mode == newmode)
 		newmode = VNOVAL;
 	vattr_null(&vattr);
 	vattr.va_uid = CHANGED(uid) ? uid : (uid_t)VNOVAL;
 	vattr.va_gid = CHANGED(gid) ? gid : (gid_t)VNOVAL;
 	vattr.va_mode = newmode;
 	error = VOP_SETATTR(vp, &vattr, l->l_cred);
 #undef CHANGED
 out:
 	VOP_UNLOCK(vp);
 	return (error);
+}
 /*
  * Set the access and modification times given a path name; this
  * version follows links.
  */
 /* ARGSUSED */
 int
 sys___utimes50(struct lwp *l, const struct sys___utimes50_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(const struct timeval *) tptr;
 	} */
 	return do_sys_utimes(l, NULL, SCARG(uap, path), FOLLOW,
 	    SCARG(uap, tptr), UIO_USERSPACE);
+}
 /*
  * Set the access and modification times given a file descriptor.
  */
 /* ARGSUSED */
 int
 sys___futimes50(struct lwp *l, const struct sys___futimes50_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(const struct timeval *) tptr;
 	} */
 	int error;
 	file_t *fp;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	error = do_sys_utimes(l, fp->f_data, NULL, 0, SCARG(uap, tptr),
 	    UIO_USERSPACE);
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 int
 sys_futimens(struct lwp *l, const struct sys_futimens_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(const struct timespec *) tptr;
 	} */
 	int error;
 	file_t *fp;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	error = do_sys_utimens(l, fp->f_data, NULL, 0, SCARG(uap, tptr),
 	    UIO_USERSPACE);
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 /*
  * Set the access and modification times given a path name; this
  * version does not follow links.
  */
 int
 sys___lutimes50(struct lwp *l, const struct sys___lutimes50_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(const struct timeval *) tptr;
 	} */
 	return do_sys_utimes(l, NULL, SCARG(uap, path), NOFOLLOW,
 	    SCARG(uap, tptr), UIO_USERSPACE);
+}
 int
 sys_utimensat(struct lwp *l, const struct sys_utimensat_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(const char *) path;
 		syscallarg(const struct timespec *) tptr;
 		syscallarg(int) flag;
 	} */
 	int follow;
 	const struct timespec *tptr;
 	/*
 	 * Specified fd is not yet implemented
 	 */
 	if (SCARG(uap, fd) != AT_FDCWD)
 		return ENOSYS;
 	tptr = SCARG(uap, tptr);
 	follow = (SCARG(uap, flag) & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
 	return do_sys_utimens(l, NULL, SCARG(uap, path), follow,
 	    tptr, UIO_USERSPACE);
+}
 /*
  * Common routine to set access and modification times given a vnode.
  */
 int
 do_sys_utimens(struct lwp *l, struct vnode *vp, const char *path, int flag,
     const struct timespec *tptr, enum uio_seg seg)
+{
 	struct vattr vattr;
 	int error, dorele = 0;
 	namei_simple_flags_t sflags;
 	bool vanull, setbirthtime;
 	struct timespec ts[2];
 	/*
 	 * I have checked all callers and they pass either FOLLOW,
 	 * NOFOLLOW, or 0 (when they don't pass a path), and NOFOLLOW
 	 * is 0. More to the point, they don't pass anything else.
 	 * Let's keep it that way at least until the namei interfaces
 	 * are fully sanitized.
 	 */
 	KASSERT(flag == NOFOLLOW || flag == FOLLOW);
 	sflags = (flag == FOLLOW) ?
 		NSM_FOLLOW_TRYEMULROOT : NSM_NOFOLLOW_TRYEMULROOT;
 	if (tptr == NULL) {
 		vanull = true;
 		nanotime(&ts[0]);
 		ts[1] = ts[0];
 	} else {
 		vanull = false;
 		if (seg != UIO_SYSSPACE) {
 			error = copyin(tptr, ts, sizeof (ts));
 			if (error != 0)
 				return error;
 		} else {
 			ts[0] = tptr[0];
 			ts[1] = tptr[1];
+		}
+	}
 	if (ts[0].tv_nsec == UTIME_NOW) {
 		nanotime(&ts[0]);
 		if (ts[1].tv_nsec == UTIME_NOW) {
 			vanull = true;
 			ts[1] = ts[0];
+		}
 	} else if (ts[1].tv_nsec == UTIME_NOW)
 		nanotime(&ts[1]);
 	if (vp == NULL) {
 		/* note: SEG describes TPTR, not PATH; PATH is always user */
 		error = namei_simple_user(path, sflags, &vp);
 		if (error != 0)
 			return error;
 		dorele = 1;
+	}
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	setbirthtime = (VOP_GETATTR(vp, &vattr, l->l_cred) == 0 &&
 	    timespeccmp(&ts[1], &vattr.va_birthtime, <));
 	vattr_null(&vattr);
 	if (ts[0].tv_nsec != UTIME_OMIT)
 		vattr.va_atime = ts[0];
 	if (ts[1].tv_nsec != UTIME_OMIT) {
 		vattr.va_mtime = ts[1];
 		if (setbirthtime)
 			vattr.va_birthtime = ts[1];
+	}
 	if (vanull)
 		vattr.va_vaflags |= VA_UTIMES_NULL;
 	error = VOP_SETATTR(vp, &vattr, l->l_cred);
 	VOP_UNLOCK(vp);
 	if (dorele != 0)
 		vrele(vp);
 	return error;
+}
 int
 do_sys_utimes(struct lwp *l, struct vnode *vp, const char *path, int flag,
     const struct timeval *tptr, enum uio_seg seg)
+{
 	struct timespec ts[2];
 	struct timespec *tsptr = NULL;
 	int error;
 	if (tptr != NULL) {
 		struct timeval tv[2];
 		if (seg != UIO_SYSSPACE) {
 			error = copyin(tptr, tv, sizeof (tv));
 			if (error != 0)
 				return error;
 			tptr = tv;
+		}
 		if ((tv[0].tv_usec == UTIME_NOW) ||
 		    (tv[0].tv_usec == UTIME_OMIT))
 			ts[0].tv_nsec = tv[0].tv_usec;
 		else
 			TIMEVAL_TO_TIMESPEC(&tptr[0], &ts[0]);
 		if ((tv[1].tv_usec == UTIME_NOW) ||
 		    (tv[1].tv_usec == UTIME_OMIT))
 			ts[1].tv_nsec = tv[1].tv_usec;
 		else
 			TIMEVAL_TO_TIMESPEC(&tptr[1], &ts[1]);
 		tsptr = &ts[0];
+	}
 	return do_sys_utimens(l, vp, path, flag, tsptr, UIO_SYSSPACE);
+}
 /*
  * Truncate a file given its path name.
  */
 /* ARGSUSED */
 int
 sys_truncate(struct lwp *l, const struct sys_truncate_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(int) pad;
 		syscallarg(off_t) length;
 	} */
 	struct vnode *vp;
 	struct vattr vattr;
 	int error;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	if (vp->v_type == VDIR)
 		error = EISDIR;
 	else if ((error = vn_writechk(vp)) == 0 &&
 	    (error = VOP_ACCESS(vp, VWRITE, l->l_cred)) == 0) {
 		vattr_null(&vattr);
 		vattr.va_size = SCARG(uap, length);
 		error = VOP_SETATTR(vp, &vattr, l->l_cred);
+	}
 	vput(vp);
 	return (error);
+}
 /*
  * Truncate a file given a file descriptor.
  */
 /* ARGSUSED */
 int
 sys_ftruncate(struct lwp *l, const struct sys_ftruncate_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(int) pad;
 		syscallarg(off_t) length;
 	} */
 	struct vattr vattr;
 	struct vnode *vp;
 	file_t *fp;
 	int error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	if ((fp->f_flag & FWRITE) == 0) {
 		error = EINVAL;
 		goto out;
+	}
 	vp = fp->f_data;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	if (vp->v_type == VDIR)
 		error = EISDIR;
 	else if ((error = vn_writechk(vp)) == 0) {
 		vattr_null(&vattr);
 		vattr.va_size = SCARG(uap, length);
 		error = VOP_SETATTR(vp, &vattr, fp->f_cred);
+	}
 	VOP_UNLOCK(vp);
  out:
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 /*
  * Sync an open file.
  */
 /* ARGSUSED */
 int
 sys_fsync(struct lwp *l, const struct sys_fsync_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 	} */
 	struct vnode *vp;
 	file_t *fp;
 	int error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	vp = fp->f_data;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	error = VOP_FSYNC(vp, fp->f_cred, FSYNC_WAIT, 0, 0);
 	VOP_UNLOCK(vp);
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 /*
  * Sync a range of file data.  API modeled after that found in AIX.
+ *
  * FDATASYNC indicates that we need only save enough metadata to be able
  * to re-read the written data.  Note we duplicate AIX's requirement that
  * the file be open for writing.
  */
 /* ARGSUSED */
 int
 sys_fsync_range(struct lwp *l, const struct sys_fsync_range_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(int) flags;
 		syscallarg(off_t) start;
 		syscallarg(off_t) length;
 	} */
 	struct vnode *vp;
 	file_t *fp;
 	int flags, nflags;
 	off_t s, e, len;
 	int error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	if ((fp->f_flag & FWRITE) == 0) {
 		error = EBADF;
 		goto out;
+	}
 	flags = SCARG(uap, flags);
 	if (((flags & (FDATASYNC | FFILESYNC)) == 0) ||
 	    ((~flags & (FDATASYNC | FFILESYNC)) == 0)) {
 		error = EINVAL;
 		goto out;
+	}
 	/* Now set up the flags for value(s) to pass to VOP_FSYNC() */
 	if (flags & FDATASYNC)
 		nflags = FSYNC_DATAONLY | FSYNC_WAIT;
 	else
 		nflags = FSYNC_WAIT;
 	if (flags & FDISKSYNC)
 		nflags |= FSYNC_CACHE;
 	len = SCARG(uap, length);
 	/* If length == 0, we do the whole file, and s = e = 0 will do that */
 	if (len) {
 		s = SCARG(uap, start);
 		e = s + len;
 		if (e < s) {
 			error = EINVAL;
 			goto out;
+		}
 	} else {
 		e = 0;
 		s = 0;
+	}
 	vp = fp->f_data;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	error = VOP_FSYNC(vp, fp->f_cred, nflags, s, e);
 	VOP_UNLOCK(vp);
 out:
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 /*
  * Sync the data of an open file.
  */
 /* ARGSUSED */
 int
 sys_fdatasync(struct lwp *l, const struct sys_fdatasync_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 	} */
 	struct vnode *vp;
 	file_t *fp;
 	int error;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	if ((fp->f_flag & FWRITE) == 0) {
 		fd_putfile(SCARG(uap, fd));
 		return (EBADF);
+	}
 	vp = fp->f_data;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	error = VOP_FSYNC(vp, fp->f_cred, FSYNC_WAIT|FSYNC_DATAONLY, 0, 0);
 	VOP_UNLOCK(vp);
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 /*
  * Rename files, (standard) BSD semantics frontend.
  */
 /* ARGSUSED */
 int
 sys_rename(struct lwp *l, const struct sys_rename_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) from;
 		syscallarg(const char *) to;
 	} */
 	return (do_sys_rename(SCARG(uap, from), SCARG(uap, to), UIO_USERSPACE, 0));
+}
 int
 sys_renameat(struct lwp *l, const struct sys_renameat_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) fromfd;
 		syscallarg(const char *) from;
 		syscallarg(int) tofd;
 		syscallarg(const char *) to;
 	} */
 	return ENOSYS;
+}
 /*
  * Rename files, POSIX semantics frontend.
  */
 /* ARGSUSED */
 int
 sys___posix_rename(struct lwp *l, const struct sys___posix_rename_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) from;
 		syscallarg(const char *) to;
 	} */
 	return (do_sys_rename(SCARG(uap, from), SCARG(uap, to), UIO_USERSPACE, 1));
+}
 /*
  * Rename files.  Source and destination must either both be directories,
  * or both not be directories.  If target is a directory, it must be empty.
  * If `from' and `to' refer to the same object, the value of the `retain'
  * argument is used to determine whether `from' will be
+ *
  * (retain == 0)	deleted unless `from' and `to' refer to the same
  *			object in the file system's name space (BSD).
  * (retain == 1)	always retained (POSIX).
  */
 int
 do_sys_rename(const char *from, const char *to, enum uio_seg seg, int retain)
+{
 	struct vnode *tvp, *fvp, *tdvp;
 	struct pathbuf *frompb, *topb;
 	struct nameidata fromnd, tond;
 	struct mount *fs;
 	int error;
 	error = pathbuf_maybe_copyin(from, seg, &frompb);
 	if (error) {
 		return error;
+	}
 	error = pathbuf_maybe_copyin(to, seg, &topb);
 	if (error) {
 		pathbuf_destroy(frompb);
 		return error;
+	}
 	NDINIT(&fromnd, DELETE, LOCKPARENT | TRYEMULROOT | INRENAME,
 	    frompb);
 	if ((error = namei(&fromnd)) != 0) {
 		pathbuf_destroy(frompb);
 		pathbuf_destroy(topb);
 		return (error);
+	}
 	if (fromnd.ni_dvp != fromnd.ni_vp)
 		VOP_UNLOCK(fromnd.ni_dvp);
 	fvp = fromnd.ni_vp;
 	fs = fvp->v_mount;
 	error = VFS_RENAMELOCK_ENTER(fs);
 	if (error) {
 		VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
 		vrele(fromnd.ni_dvp);
 		vrele(fvp);
 		goto out1;
+	}
 	/*
 	 * close, partially, yet another race - ideally we should only
 	 * go as far as getting fromnd.ni_dvp before getting the per-fs
 	 * lock, and then continue to get fromnd.ni_vp, but we can't do
 	 * that with namei as it stands.
+	 *
 	 * This still won't prevent rmdir from nuking fromnd.ni_vp
 	 * under us. The real fix is to get the locks in the right
 	 * order and do the lookups in the right places, but that's a
 	 * major rototill.
+	 *
 	 * Note: this logic (as well as this whole function) is cloned
 	 * in nfs_serv.c. Proceed accordingly.
 	 */
 	vrele(fvp);
 	if ((fromnd.ni_cnd.cn_namelen == 1 &&
 	     fromnd.ni_cnd.cn_nameptr[0] == '.') ||
 	    (fromnd.ni_cnd.cn_namelen == 2 &&
 	     fromnd.ni_cnd.cn_nameptr[0] == '.' &&
 	     fromnd.ni_cnd.cn_nameptr[1] == '.')) {
 		error = EINVAL;
 		VFS_RENAMELOCK_EXIT(fs);
 		VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
 		vrele(fromnd.ni_dvp);
 		goto out1;
+	}
 	vn_lock(fromnd.ni_dvp, LK_EXCLUSIVE | LK_RETRY);
 	error = relookup(fromnd.ni_dvp, &fromnd.ni_vp, &fromnd.ni_cnd, 0);
 	if (error) {
 		VOP_UNLOCK(fromnd.ni_dvp);
 		VFS_RENAMELOCK_EXIT(fs);
 		VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
 		vrele(fromnd.ni_dvp);
 		goto out1;
+	}
 	VOP_UNLOCK(fromnd.ni_vp);
 	if (fromnd.ni_dvp != fromnd.ni_vp)
 		VOP_UNLOCK(fromnd.ni_dvp);
 	fvp = fromnd.ni_vp;
 	NDINIT(&tond, RENAME,
 	    LOCKPARENT | LOCKLEAF | NOCACHE | TRYEMULROOT
 	      | INRENAME | (fvp->v_type == VDIR ? CREATEDIR : 0),
 	    topb);
 	if ((error = namei(&tond)) != 0) {
 		VFS_RENAMELOCK_EXIT(fs);
 		VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
 		vrele(fromnd.ni_dvp);
 		vrele(fvp);
 		goto out1;
+	}
 	tdvp = tond.ni_dvp;
 	tvp = tond.ni_vp;
 	if (tvp != NULL) {
 		if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
 			error = ENOTDIR;
 			goto out;
 		} else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
 			error = EISDIR;
 			goto out;
+		}
+	}
 	if (fvp == tdvp)
 		error = EINVAL;
 	/*
 	 * Source and destination refer to the same object.
 	 */
 	if (fvp == tvp) {
 		if (retain)
 			error = -1;
 		else if (fromnd.ni_dvp == tdvp &&
 		    fromnd.ni_cnd.cn_namelen == tond.ni_cnd.cn_namelen &&
-		    !memcmp(fromnd.ni_cnd.cn_nameptr,
+		    !memcmp(fromnd.ni_cnd.cn_nameptr, tond.ni_cnd.cn_nameptr,
 		          tond.ni_cnd.cn_nameptr,
 		          fromnd.ni_cnd.cn_namelen))
-		error = -1;
+			error = -1;
+	}
 	/*
 	 * Prevent cross-mount operation.
 	 */
 	if (error == 0) {
 		if (tond.ni_dvp->v_mount != fromnd.ni_dvp->v_mount) {
 			error = EXDEV;
+		}
+	}
 #if NVERIEXEC > 0
 	if (!error) {
 		char *f1, *f2;
 		size_t f1_len;
 		size_t f2_len;
 		f1_len = fromnd.ni_cnd.cn_namelen + 1;
 		f1 = kmem_alloc(f1_len, KM_SLEEP);
 		strlcpy(f1, fromnd.ni_cnd.cn_nameptr, f1_len);
 		f2_len = tond.ni_cnd.cn_namelen + 1;
 		f2 = kmem_alloc(f2_len, KM_SLEEP);
 		strlcpy(f2, tond.ni_cnd.cn_nameptr, f2_len);
 		error = veriexec_renamechk(curlwp, fvp, f1, tvp, f2);
 		kmem_free(f1, f1_len);
 		kmem_free(f2, f2_len);
+	}
 #endif /* NVERIEXEC > 0 */
 out:
 	if (!error) {
 		error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
 				   tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
 		VFS_RENAMELOCK_EXIT(fs);
 	} else {
 		VOP_ABORTOP(tond.ni_dvp, &tond.ni_cnd);
 		if (tdvp == tvp)
 			vrele(tdvp);
 		else
 			vput(tdvp);
 		if (tvp)
 			vput(tvp);
 		VFS_RENAMELOCK_EXIT(fs);
 		VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
 		vrele(fromnd.ni_dvp);
 		vrele(fvp);
+	}
 out1:
 	pathbuf_destroy(frompb);
 	pathbuf_destroy(topb);
 	return (error == -1 ? 0 : error);
+}
 /*
  * Make a directory file.
  */
 /* ARGSUSED */
 int
 sys_mkdir(struct lwp *l, const struct sys_mkdir_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 		syscallarg(int) mode;
 	} */
 	return do_sys_mkdir(SCARG(uap, path), SCARG(uap, mode), UIO_USERSPACE);
+}
 int
 sys_mkdirat(struct lwp *l, const struct sys_mkdirat_args *uap,
     register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(const char *) path;
 		syscallarg(int) mode;
 	} */
 	return ENOSYS;
+}
 int
 do_sys_mkdir(const char *path, mode_t mode, enum uio_seg seg)
+{
 	struct proc *p = curlwp->l_proc;
 	struct vnode *vp;
 	struct vattr vattr;
 	int error;
 	struct pathbuf *pb;
 	struct nameidata nd;
 	/* XXX bollocks, should pass in a pathbuf */
 	error = pathbuf_maybe_copyin(path, seg, &pb);
 	if (error) {
 		return error;
+	}
 	NDINIT(&nd, CREATE, LOCKPARENT | CREATEDIR | TRYEMULROOT, pb);
 	if ((error = namei(&nd)) != 0) {
 		pathbuf_destroy(pb);
 		return (error);
+	}
 	vp = nd.ni_vp;
 	if (vp != NULL) {
 		VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
 		if (nd.ni_dvp == vp)
 			vrele(nd.ni_dvp);
 		else
 			vput(nd.ni_dvp);
 		vrele(vp);
 		pathbuf_destroy(pb);
 		return (EEXIST);
+	}
 	vattr_null(&vattr);
 	vattr.va_type = VDIR;
 	/* We will read cwdi->cwdi_cmask unlocked. */
 	vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_cwdi->cwdi_cmask;
 	error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
 	if (!error)
 		vput(nd.ni_vp);
 	pathbuf_destroy(pb);
 	return (error);
+}
 /*
  * Remove a directory file.
  */
 /* ARGSUSED */
 int
 sys_rmdir(struct lwp *l, const struct sys_rmdir_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 	} */
 	struct vnode *vp;
 	int error;
 	struct pathbuf *pb;
 	struct nameidata nd;
 	error = pathbuf_copyin(SCARG(uap, path), &pb);
 	if (error) {
 		return error;
+	}
 	NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | TRYEMULROOT, pb);
 	if ((error = namei(&nd)) != 0) {
 		pathbuf_destroy(pb);
 		return error;
+	}
 	vp = nd.ni_vp;
 	if (vp->v_type != VDIR) {
 		error = ENOTDIR;
 		goto out;
+	}
 	/*
 	 * No rmdir "." please.
 	 */
 	if (nd.ni_dvp == vp) {
 		error = EINVAL;
 		goto out;
+	}
 	/*
 	 * The root of a mounted filesystem cannot be deleted.
 	 */
 	if ((vp->v_vflag & VV_ROOT) != 0 || vp->v_mountedhere != NULL) {
 		error = EBUSY;
 		goto out;
+	}
 	error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
 	pathbuf_destroy(pb);
 	return (error);
 out:
 	VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
 	if (nd.ni_dvp == vp)
 		vrele(nd.ni_dvp);
 	else
 		vput(nd.ni_dvp);
 	vput(vp);
 	pathbuf_destroy(pb);
 	return (error);
+}
 /*
  * Read a block of directory entries in a file system independent format.
  */
 int
 sys___getdents30(struct lwp *l, const struct sys___getdents30_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(char *) buf;
 		syscallarg(size_t) count;
 	} */
 	file_t *fp;
 	int error, done;
 	/* fd_getvnode() will use the descriptor for us */
 	if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
 		return (error);
 	if ((fp->f_flag & FREAD) == 0) {
 		error = EBADF;
 		goto out;
+	}
 	error = vn_readdir(fp, SCARG(uap, buf), UIO_USERSPACE,
 			SCARG(uap, count), &done, l, 0, 0);
 	ktrgenio(SCARG(uap, fd), UIO_READ, SCARG(uap, buf), done, error);
 	*retval = done;
  out:
 	fd_putfile(SCARG(uap, fd));
 	return (error);
+}
 /*
  * Set the mode mask for creation of filesystem nodes.
  */
 int
 sys_umask(struct lwp *l, const struct sys_umask_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(mode_t) newmask;
 	} */
 	struct proc *p = l->l_proc;
 	struct cwdinfo *cwdi;
 	/*
 	 * cwdi->cwdi_cmask will be read unlocked elsewhere.  What's
 	 * important is that we serialize changes to the mask.  The
 	 * rw_exit() will issue a write memory barrier on our behalf,
 	 * and force the changes out to other CPUs (as it must use an
 	 * atomic operation, draining the local CPU's store buffers).
 	 */
 	cwdi = p->p_cwdi;
 	rw_enter(&cwdi->cwdi_lock, RW_WRITER);
 	*retval = cwdi->cwdi_cmask;
 	cwdi->cwdi_cmask = SCARG(uap, newmask) & ALLPERMS;
 	rw_exit(&cwdi->cwdi_lock);
 	return (0);
+}
 int
 dorevoke(struct vnode *vp, kauth_cred_t cred)
+{
 	struct vattr vattr;
 	int error;
 	vn_lock(vp, LK_SHARED | LK_RETRY);
 	error = VOP_GETATTR(vp, &vattr, cred);
 	VOP_UNLOCK(vp);
 	if (error != 0)
 		return error;
 	if (kauth_cred_geteuid(cred) == vattr.va_uid ||
 	    (error = kauth_authorize_generic(cred,
 	    KAUTH_GENERIC_ISSUSER, NULL)) == 0)
 		VOP_REVOKE(vp, REVOKEALL);
 	return (error);
+}
 /*
  * Void all references to file by ripping underlying filesystem
  * away from vnode.
  */
 /* ARGSUSED */
 int
 sys_revoke(struct lwp *l, const struct sys_revoke_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) path;
 	} */
 	struct vnode *vp;
 	int error;
 	error = namei_simple_user(SCARG(uap, path),
 				NSM_FOLLOW_TRYEMULROOT, &vp);
 	if (error != 0)
 		return (error);
 	error = dorevoke(vp, l->l_cred);
 	vrele(vp);
 	return (error);
+}