LU-4703 mdd: do not skip xattr sanity check for all cases

[fs/lustre-release.git] / lustre / mdd / mdd_object.c

diff --git a/lustre/mdd/mdd_object.c b/lustre/mdd/mdd_object.c
index b4f16b3..b44f6f1 100644 (file)
--- a/lustre/mdd/mdd_object.c
+++ b/lustre/mdd/mdd_object.c
@@ -49,7 +49,6 @@
 #include <lprocfs_status.h>
 /* fid_be_cpu(), fid_cpu_to_be(). */
 #include <lustre_fid.h>
-#include <obd_lov.h>
 #include <lustre_idmap.h>
 #include <lustre_param.h>
 #include <lustre_mds.h>
@@ -84,10 +83,11 @@ int mdd_la_get(const struct lu_env *env, struct mdd_object *obj,
                        mdd_obj_dev_name(obj), PFID(mdd_object_fid(obj)));
                 return -ENOENT;
         }
+
         return mdo_attr_get(env, obj, la, capa);
 }
 
-static void mdd_flags_xlate(struct mdd_object *obj, __u32 flags)
+void mdd_flags_xlate(struct mdd_object *obj, __u32 flags)
 {
         obj->mod_flags &= ~(APPEND_OBJ|IMMUTE_OBJ);
 
@@ -102,6 +102,7 @@ struct mdd_thread_info *mdd_env_info(const struct lu_env *env)
 {
         struct mdd_thread_info *info;
 
+       lu_env_refill((struct lu_env *)env);
         info = lu_context_key_get(&env->le_ctx, &mdd_thread_key);
         LASSERT(info != NULL);
         return info;
@@ -120,45 +121,45 @@ const struct lu_name *mdd_name_get_const(const struct lu_env *env,
 
 struct lu_buf *mdd_buf_get(const struct lu_env *env, void *area, ssize_t len)
 {
-        struct lu_buf *buf;
+       struct lu_buf *buf;
 
-        buf = &mdd_env_info(env)->mti_buf;
-        buf->lb_buf = area;
-        buf->lb_len = len;
-        return buf;
+       buf = &mdd_env_info(env)->mti_buf[0];
+       buf->lb_buf = area;
+       buf->lb_len = len;
+       return buf;
 }
 
 const struct lu_buf *mdd_buf_get_const(const struct lu_env *env,
                                        const void *area, ssize_t len)
 {
-        struct lu_buf *buf;
+       struct lu_buf *buf;
 
-        buf = &mdd_env_info(env)->mti_buf;
-        buf->lb_buf = (void *)area;
-        buf->lb_len = len;
-        return buf;
+       buf = &mdd_env_info(env)->mti_buf[0];
+       buf->lb_buf = (void *)area;
+       buf->lb_len = len;
+       return buf;
 }
 
 struct lu_object *mdd_object_alloc(const struct lu_env *env,
-                                   const struct lu_object_header *hdr,
-                                   struct lu_device *d)
+                                  const struct lu_object_header *hdr,
+                                  struct lu_device *d)
 {
-        struct mdd_object *mdd_obj;
-
-       OBD_SLAB_ALLOC_PTR_GFP(mdd_obj, mdd_object_kmem, __GFP_IO);
-        if (mdd_obj != NULL) {
-                struct lu_object *o;
-
-                o = mdd2lu_obj(mdd_obj);
-                lu_object_init(o, NULL, d);
-                mdd_obj->mod_obj.mo_ops = &mdd_obj_ops;
-                mdd_obj->mod_obj.mo_dir_ops = &mdd_dir_ops;
-                mdd_obj->mod_count = 0;
-                o->lo_ops = &mdd_lu_obj_ops;
-                return o;
-        } else {
-                return NULL;
-        }
+       struct mdd_object *mdd_obj;
+
+       OBD_SLAB_ALLOC_PTR_GFP(mdd_obj, mdd_object_kmem, GFP_NOFS);
+       if (mdd_obj != NULL) {
+               struct lu_object *o;
+
+               o = mdd2lu_obj(mdd_obj);
+               lu_object_init(o, NULL, d);
+               mdd_obj->mod_obj.mo_ops = &mdd_obj_ops;
+               mdd_obj->mod_obj.mo_dir_ops = &mdd_dir_ops;
+               mdd_obj->mod_count = 0;
+               o->lo_ops = &mdd_lu_obj_ops;
+               return o;
+       } else {
+               return NULL;
+       }
 }
 
 static int mdd_object_init(const struct lu_env *env, struct lu_object *o,
@@ -173,7 +174,6 @@ static int mdd_object_init(const struct lu_env *env, struct lu_object *o,
         mdd_obj->mod_cltime = 0;
         under = &d->mdd_child->dd_lu_dev;
         below = under->ld_ops->ldo_object_alloc(env, o->lo_header, under);
-        mdd_pdlock_init(mdd_obj);
        if (IS_ERR(below))
                RETURN(PTR_ERR(below));
 
@@ -184,10 +184,18 @@ static int mdd_object_init(const struct lu_env *env, struct lu_object *o,
 
 static int mdd_object_start(const struct lu_env *env, struct lu_object *o)
 {
-       if (lu_object_exists(o))
-                return mdd_get_flags(env, lu2mdd_obj(o));
-        else
-                return 0;
+       int rc = 0;
+
+       if (lu_object_exists(o)) {
+               struct mdd_object *mdd_obj = lu2mdd_obj(o);
+               struct lu_attr *attr = MDD_ENV_VAR(env, la_for_start);
+
+               rc = mdd_la_get(env, mdd_obj, attr, BYPASS_CAPA);
+               if (rc == 0)
+                       mdd_flags_xlate(mdd_obj, attr->la_flags);
+       }
+
+       return rc;
 }
 
 static void mdd_object_free(const struct lu_env *env, struct lu_object *o)
@@ -222,20 +230,6 @@ struct mdd_object *mdd_object_find(const struct lu_env *env,
         return md2mdd_obj(md_object_find_slice(env, &d->mdd_md_dev, f));
 }
 
-/* Returns the full path to this fid, as of changelog record recno. */
-int mdd_get_flags(const struct lu_env *env, struct mdd_object *obj)
-{
-        struct lu_attr *la = &mdd_env_info(env)->mti_la;
-        int rc;
-
-        ENTRY;
-        rc = mdd_la_get(env, obj, la, BYPASS_CAPA);
-        if (rc == 0) {
-                mdd_flags_xlate(obj, la->la_flags);
-        }
-        RETURN(rc);
-}
-
 /*
  * No permission check is needed.
  */
@@ -291,8 +285,8 @@ static int mdd_xattr_get(const struct lu_env *env,
  * Permission check is done when open,
  * no need check again.
  */
-static int mdd_readlink(const struct lu_env *env, struct md_object *obj,
-                        struct lu_buf *buf)
+int mdd_readlink(const struct lu_env *env, struct md_object *obj,
+                struct lu_buf *buf)
 {
         struct mdd_object *mdd_obj = md2mdd_obj(obj);
         struct dt_object  *next;
@@ -307,7 +301,10 @@ static int mdd_readlink(const struct lu_env *env, struct md_object *obj,
         }
 
         next = mdd_object_child(mdd_obj);
-        mdd_read_lock(env, mdd_obj, MOR_TGT_CHILD);
+       LASSERT(next != NULL);
+       LASSERT(next->do_body_ops != NULL);
+       LASSERT(next->do_body_ops->dbo_read != NULL);
+       mdd_read_lock(env, mdd_obj, MOR_TGT_CHILD);
         rc = next->do_body_ops->dbo_read(env, next, buf, &pos,
                                          mdd_object_capa(env, mdd_obj));
         mdd_read_unlock(env, mdd_obj);
@@ -337,10 +334,10 @@ int mdd_declare_object_create_internal(const struct lu_env *env,
                                       struct mdd_object *c,
                                       struct lu_attr *attr,
                                       struct thandle *handle,
-                                      const struct md_op_spec *spec)
+                                      const struct md_op_spec *spec,
+                                      struct dt_allocation_hint *hint)
 {
         struct dt_object_format *dof = &mdd_env_info(env)->mti_dof;
-       struct dt_allocation_hint *hint = &mdd_env_info(env)->mti_hint;
         const struct dt_index_features *feat = spec->sp_feat;
         int rc;
         ENTRY;
@@ -369,10 +366,10 @@ int mdd_declare_object_create_internal(const struct lu_env *env,
 
 int mdd_object_create_internal(const struct lu_env *env, struct mdd_object *p,
                               struct mdd_object *c, struct lu_attr *attr,
-                               struct thandle *handle,
-                               const struct md_op_spec *spec)
+                              struct thandle *handle,
+                              const struct md_op_spec *spec,
+                              struct dt_allocation_hint *hint)
 {
-        struct dt_allocation_hint *hint = &mdd_env_info(env)->mti_hint;
         struct dt_object_format *dof = &mdd_env_info(env)->mti_dof;
         int rc;
         ENTRY;
@@ -386,31 +383,6 @@ int mdd_object_create_internal(const struct lu_env *env, struct mdd_object *p,
        RETURN(rc);
 }
 
-/**
- * Make sure the ctime is increased only.
- */
-static inline int mdd_attr_check(const struct lu_env *env,
-                                 struct mdd_object *obj,
-                                 struct lu_attr *attr)
-{
-        struct lu_attr *tmp_la = &mdd_env_info(env)->mti_la;
-        int rc;
-        ENTRY;
-
-        if (attr->la_valid & LA_CTIME) {
-                rc = mdd_la_get(env, obj, tmp_la, BYPASS_CAPA);
-                if (rc)
-                        RETURN(rc);
-
-                if (attr->la_ctime < tmp_la->la_ctime)
-                        attr->la_valid &= ~(LA_MTIME | LA_CTIME);
-                else if (attr->la_valid == LA_CTIME &&
-                         attr->la_ctime == tmp_la->la_ctime)
-                        attr->la_valid &= ~LA_CTIME;
-        }
-        RETURN(0);
-}
-
 int mdd_attr_set_internal(const struct lu_env *env, struct mdd_object *obj,
                          const struct lu_attr *attr, struct thandle *handle,
                          int needacl)
@@ -426,20 +398,29 @@ int mdd_attr_set_internal(const struct lu_env *env, struct mdd_object *obj,
         RETURN(rc);
 }
 
-int mdd_attr_check_set_internal(const struct lu_env *env,
-                               struct mdd_object *obj, struct lu_attr *attr,
-                               struct thandle *handle, int needacl)
+int mdd_update_time(const struct lu_env *env, struct mdd_object *obj,
+                   const struct lu_attr *oattr, struct lu_attr *attr,
+                   struct thandle *handle)
 {
-        int rc;
-        ENTRY;
-
-        rc = mdd_attr_check(env, obj, attr);
-        if (rc)
-                RETURN(rc);
+       int rc = 0;
+       ENTRY;
 
-        if (attr->la_valid)
-                rc = mdd_attr_set_internal(env, obj, attr, handle, needacl);
-        RETURN(rc);
+       LASSERT(attr->la_valid & LA_CTIME);
+       LASSERT(oattr != NULL);
+
+       /* Make sure the ctime is increased only, however, it's not strictly
+        * reliable at here because there is not guarantee to hold lock on
+        * object, so we just bypass some unnecessary cmtime setting first
+        * and OSD has to check it again. */
+       if (attr->la_ctime < oattr->la_ctime)
+               attr->la_valid &= ~(LA_MTIME | LA_CTIME);
+       else if (attr->la_valid == LA_CTIME &&
+                attr->la_ctime == oattr->la_ctime)
+               attr->la_valid &= ~LA_CTIME;
+
+       if (attr->la_valid != 0)
+               rc = mdd_attr_set_internal(env, obj, attr, handle, 0);
+       RETURN(rc);
 }
 
 /*
@@ -450,23 +431,25 @@ int mdd_attr_check_set_internal(const struct lu_env *env,
  * This API is ported from mds_fix_attr but remove some unnecesssary stuff.
  */
 static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
-                       struct lu_attr *la, const unsigned long flags)
+                       const struct lu_attr *oattr, struct lu_attr *la,
+                       const unsigned long flags)
 {
-        struct lu_attr   *tmp_la     = &mdd_env_info(env)->mti_la;
        struct lu_ucred  *uc;
-        int               rc;
-        ENTRY;
+       int               rc = 0;
+       ENTRY;
 
-        if (!la->la_valid)
-                RETURN(0);
+       if (!la->la_valid)
+               RETURN(0);
+
+       /* Do not permit change file type */
+       if (la->la_valid & LA_TYPE)
+               RETURN(-EPERM);
 
-        /* Do not permit change file type */
-        if (la->la_valid & LA_TYPE)
-                RETURN(-EPERM);
+       /* They should not be processed by setattr */
+       if (la->la_valid & (LA_NLINK | LA_RDEV | LA_BLKSIZE))
+               RETURN(-EPERM);
 
-        /* They should not be processed by setattr */
-        if (la->la_valid & (LA_NLINK | LA_RDEV | LA_BLKSIZE))
-                RETURN(-EPERM);
+       LASSERT(oattr != NULL);
 
        /* export destroy does not have ->le_ses, but we may want
         * to drop LUSTRE_SOM_FL. */
@@ -474,36 +457,33 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
        if (uc == NULL)
                RETURN(0);
 
-        rc = mdd_la_get(env, obj, tmp_la, BYPASS_CAPA);
-        if (rc)
-                RETURN(rc);
-
-        if (la->la_valid == LA_CTIME) {
+       if (la->la_valid == LA_CTIME) {
                if (!(flags & MDS_PERM_BYPASS))
-                        /* This is only for set ctime when rename's source is
-                         * on remote MDS. */
-                       rc = mdd_may_delete(env, NULL, obj, tmp_la, NULL, 1, 0);
-                if (rc == 0 && la->la_ctime <= tmp_la->la_ctime)
-                        la->la_valid &= ~LA_CTIME;
-                RETURN(rc);
-        }
+                       /* This is only for set ctime when rename's source is
+                        * on remote MDS. */
+                       rc = mdd_may_delete(env, NULL, NULL, obj, oattr, NULL,
+                                           1, 0);
+               if (rc == 0 && la->la_ctime <= oattr->la_ctime)
+                       la->la_valid &= ~LA_CTIME;
+               RETURN(rc);
+       }
 
-        if (la->la_valid == LA_ATIME) {
-                /* This is atime only set for read atime update on close. */
-                if (la->la_atime >= tmp_la->la_atime &&
-                    la->la_atime < (tmp_la->la_atime +
-                                    mdd_obj2mdd_dev(obj)->mdd_atime_diff))
-                        la->la_valid &= ~LA_ATIME;
-                RETURN(0);
-        }
+       if (la->la_valid == LA_ATIME) {
+               /* This is atime only set for read atime update on close. */
+               if (la->la_atime >= oattr->la_atime &&
+                   la->la_atime < (oattr->la_atime +
+                               mdd_obj2mdd_dev(obj)->mdd_atime_diff))
+                       la->la_valid &= ~LA_ATIME;
+               RETURN(0);
+       }
 
-        /* Check if flags change. */
-        if (la->la_valid & LA_FLAGS) {
-                unsigned int oldflags = 0;
-                unsigned int newflags = la->la_flags &
-                                (LUSTRE_IMMUTABLE_FL | LUSTRE_APPEND_FL);
+       /* Check if flags change. */
+       if (la->la_valid & LA_FLAGS) {
+               unsigned int oldflags = 0;
+               unsigned int newflags = la->la_flags &
+                               (LUSTRE_IMMUTABLE_FL | LUSTRE_APPEND_FL);
 
-               if ((uc->uc_fsuid != tmp_la->la_uid) &&
+               if ((uc->uc_fsuid != oattr->la_uid) &&
                    !md_capable(uc, CFS_CAP_FOWNER))
                        RETURN(-EPERM);
 
@@ -517,159 +497,159 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj,
                    !md_capable(uc, CFS_CAP_LINUX_IMMUTABLE))
                        RETURN(-EPERM);
 
-                if (!S_ISDIR(tmp_la->la_mode))
-                        la->la_flags &= ~LUSTRE_DIRSYNC_FL;
-        }
+               if (!S_ISDIR(oattr->la_mode))
+                       la->la_flags &= ~LUSTRE_DIRSYNC_FL;
+       }
 
-        if ((mdd_is_immutable(obj) || mdd_is_append(obj)) &&
-            (la->la_valid & ~LA_FLAGS) &&
+       if ((mdd_is_immutable(obj) || mdd_is_append(obj)) &&
+           (la->la_valid & ~LA_FLAGS) &&
            !(flags & MDS_PERM_BYPASS))
-                RETURN(-EPERM);
+               RETURN(-EPERM);
 
        /* Check for setting the obj time. */
        if ((la->la_valid & (LA_MTIME | LA_ATIME | LA_CTIME)) &&
            !(la->la_valid & ~(LA_MTIME | LA_ATIME | LA_CTIME))) {
-               if ((uc->uc_fsuid != tmp_la->la_uid) &&
+               if ((uc->uc_fsuid != oattr->la_uid) &&
                    !md_capable(uc, CFS_CAP_FOWNER)) {
-                       rc = mdd_permission_internal(env, obj, tmp_la,
+                       rc = mdd_permission_internal(env, obj, oattr,
                                                     MAY_WRITE);
                        if (rc)
                                RETURN(rc);
                }
        }
 
-        if (la->la_valid & LA_KILL_SUID) {
-                la->la_valid &= ~LA_KILL_SUID;
-                if ((tmp_la->la_mode & S_ISUID) &&
-                    !(la->la_valid & LA_MODE)) {
-                        la->la_mode = tmp_la->la_mode;
-                        la->la_valid |= LA_MODE;
-                }
-                la->la_mode &= ~S_ISUID;
-        }
+       if (la->la_valid & LA_KILL_SUID) {
+               la->la_valid &= ~LA_KILL_SUID;
+               if ((oattr->la_mode & S_ISUID) &&
+                   !(la->la_valid & LA_MODE)) {
+                       la->la_mode = oattr->la_mode;
+                       la->la_valid |= LA_MODE;
+               }
+               la->la_mode &= ~S_ISUID;
+       }
 
-        if (la->la_valid & LA_KILL_SGID) {
-                la->la_valid &= ~LA_KILL_SGID;
-                if (((tmp_la->la_mode & (S_ISGID | S_IXGRP)) ==
-                                        (S_ISGID | S_IXGRP)) &&
-                    !(la->la_valid & LA_MODE)) {
-                        la->la_mode = tmp_la->la_mode;
-                        la->la_valid |= LA_MODE;
-                }
-                la->la_mode &= ~S_ISGID;
-        }
+       if (la->la_valid & LA_KILL_SGID) {
+               la->la_valid &= ~LA_KILL_SGID;
+               if (((oattr->la_mode & (S_ISGID | S_IXGRP)) ==
+                       (S_ISGID | S_IXGRP)) &&
+                   !(la->la_valid & LA_MODE)) {
+                       la->la_mode = oattr->la_mode;
+                       la->la_valid |= LA_MODE;
+               }
+               la->la_mode &= ~S_ISGID;
+       }
 
-        /* Make sure a caller can chmod. */
-        if (la->la_valid & LA_MODE) {
+       /* Make sure a caller can chmod. */
+       if (la->la_valid & LA_MODE) {
                if (!(flags & MDS_PERM_BYPASS) &&
-                   (uc->uc_fsuid != tmp_la->la_uid) &&
+                   (uc->uc_fsuid != oattr->la_uid) &&
                    !md_capable(uc, CFS_CAP_FOWNER))
                        RETURN(-EPERM);
 
-                if (la->la_mode == (cfs_umode_t) -1)
-                        la->la_mode = tmp_la->la_mode;
-                else
-                        la->la_mode = (la->la_mode & S_IALLUGO) |
-                                      (tmp_la->la_mode & ~S_IALLUGO);
+               if (la->la_mode == (umode_t) -1)
+                       la->la_mode = oattr->la_mode;
+               else
+                       la->la_mode = (la->la_mode & S_IALLUGO) |
+                                       (oattr->la_mode & ~S_IALLUGO);
 
                /* Also check the setgid bit! */
                if (!lustre_in_group_p(uc, (la->la_valid & LA_GID) ?
-                                      la->la_gid : tmp_la->la_gid) &&
+                                      la->la_gid : oattr->la_gid) &&
                    !md_capable(uc, CFS_CAP_FSETID))
                        la->la_mode &= ~S_ISGID;
        } else {
-              la->la_mode = tmp_la->la_mode;
+              la->la_mode = oattr->la_mode;
        }
 
-        /* Make sure a caller can chown. */
-        if (la->la_valid & LA_UID) {
-                if (la->la_uid == (uid_t) -1)
-                        la->la_uid = tmp_la->la_uid;
-               if (((uc->uc_fsuid != tmp_la->la_uid) ||
-                    (la->la_uid != tmp_la->la_uid)) &&
+       /* Make sure a caller can chown. */
+       if (la->la_valid & LA_UID) {
+               if (la->la_uid == (uid_t) -1)
+                       la->la_uid = oattr->la_uid;
+               if (((uc->uc_fsuid != oattr->la_uid) ||
+                    (la->la_uid != oattr->la_uid)) &&
                    !md_capable(uc, CFS_CAP_CHOWN))
                        RETURN(-EPERM);
 
-                /* If the user or group of a non-directory has been
-                 * changed by a non-root user, remove the setuid bit.
-                 * 19981026 David C Niemi <niemi@tux.org>
-                 *
-                 * Changed this to apply to all users, including root,
-                 * to avoid some races. This is the behavior we had in
-                 * 2.0. The check for non-root was definitely wrong
-                 * for 2.2 anyway, as it should have been using
-                 * CAP_FSETID rather than fsuid -- 19990830 SD. */
-                if (((tmp_la->la_mode & S_ISUID) == S_ISUID) &&
-                    !S_ISDIR(tmp_la->la_mode)) {
-                        la->la_mode &= ~S_ISUID;
-                        la->la_valid |= LA_MODE;
-                }
-        }
+               /* If the user or group of a non-directory has been
+                * changed by a non-root user, remove the setuid bit.
+                * 19981026 David C Niemi <niemi@tux.org>
+                *
+                * Changed this to apply to all users, including root,
+                * to avoid some races. This is the behavior we had in
+                * 2.0. The check for non-root was definitely wrong
+                * for 2.2 anyway, as it should have been using
+                * CAP_FSETID rather than fsuid -- 19990830 SD. */
+               if (((oattr->la_mode & S_ISUID) == S_ISUID) &&
+               !S_ISDIR(oattr->la_mode)) {
+                       la->la_mode &= ~S_ISUID;
+                       la->la_valid |= LA_MODE;
+               }
+       }
 
-        /* Make sure caller can chgrp. */
-        if (la->la_valid & LA_GID) {
-                if (la->la_gid == (gid_t) -1)
-                        la->la_gid = tmp_la->la_gid;
-               if (((uc->uc_fsuid != tmp_la->la_uid) ||
-                    ((la->la_gid != tmp_la->la_gid) &&
+       /* Make sure caller can chgrp. */
+       if (la->la_valid & LA_GID) {
+               if (la->la_gid == (gid_t) -1)
+                       la->la_gid = oattr->la_gid;
+               if (((uc->uc_fsuid != oattr->la_uid) ||
+                    ((la->la_gid != oattr->la_gid) &&
                      !lustre_in_group_p(uc, la->la_gid))) &&
                    !md_capable(uc, CFS_CAP_CHOWN))
                        RETURN(-EPERM);
 
-                /* Likewise, if the user or group of a non-directory
-                 * has been changed by a non-root user, remove the
-                 * setgid bit UNLESS there is no group execute bit
-                 * (this would be a file marked for mandatory
-                 * locking).  19981026 David C Niemi <niemi@tux.org>
-                 *
-                 * Removed the fsuid check (see the comment above) --
-                 * 19990830 SD. */
-                if (((tmp_la->la_mode & (S_ISGID | S_IXGRP)) ==
-                     (S_ISGID | S_IXGRP)) && !S_ISDIR(tmp_la->la_mode)) {
-                        la->la_mode &= ~S_ISGID;
-                        la->la_valid |= LA_MODE;
-                }
-        }
+               /* Likewise, if the user or group of a non-directory
+                * has been changed by a non-root user, remove the
+                * setgid bit UNLESS there is no group execute bit
+                * (this would be a file marked for mandatory
+                * locking).  19981026 David C Niemi <niemi@tux.org>
+                *
+                * Removed the fsuid check (see the comment above) --
+                * 19990830 SD. */
+               if (((oattr->la_mode & (S_ISGID | S_IXGRP)) ==
+                   (S_ISGID | S_IXGRP)) && !S_ISDIR(oattr->la_mode)) {
+                       la->la_mode &= ~S_ISGID;
+                       la->la_valid |= LA_MODE;
+               }
+       }
 
-        /* For both Size-on-MDS case and truncate case,
-         * "la->la_valid & (LA_SIZE | LA_BLOCKS)" are ture.
+       /* For both Size-on-MDS case and truncate case,
+        * "la->la_valid & (LA_SIZE | LA_BLOCKS)" are ture.
         * We distinguish them by "flags & MDS_SOM".
-         * For SOM case, it is true, the MAY_WRITE perm has been checked
-         * when open, no need check again. For truncate case, it is false,
-         * the MAY_WRITE perm should be checked here. */
+        * For SOM case, it is true, the MAY_WRITE perm has been checked
+        * when open, no need check again. For truncate case, it is false,
+        * the MAY_WRITE perm should be checked here. */
        if (flags & MDS_SOM) {
-                /* For the "Size-on-MDS" setattr update, merge coming
-                 * attributes with the set in the inode. BUG 10641 */
-                if ((la->la_valid & LA_ATIME) &&
-                    (la->la_atime <= tmp_la->la_atime))
-                        la->la_valid &= ~LA_ATIME;
-
-                /* OST attributes do not have a priority over MDS attributes,
-                 * so drop times if ctime is equal. */
-                if ((la->la_valid & LA_CTIME) &&
-                    (la->la_ctime <= tmp_la->la_ctime))
-                        la->la_valid &= ~(LA_MTIME | LA_CTIME);
-        } else {
-                if (la->la_valid & (LA_SIZE | LA_BLOCKS)) {
+               /* For the "Size-on-MDS" setattr update, merge coming
+                * attributes with the set in the inode. BUG 10641 */
+               if ((la->la_valid & LA_ATIME) &&
+                   (la->la_atime <= oattr->la_atime))
+                       la->la_valid &= ~LA_ATIME;
+
+               /* OST attributes do not have a priority over MDS attributes,
+                * so drop times if ctime is equal. */
+               if ((la->la_valid & LA_CTIME) &&
+                   (la->la_ctime <= oattr->la_ctime))
+                       la->la_valid &= ~(LA_MTIME | LA_CTIME);
+       } else {
+               if (la->la_valid & (LA_SIZE | LA_BLOCKS)) {
                        if (!((flags & MDS_OWNEROVERRIDE) &&
-                             (uc->uc_fsuid == tmp_la->la_uid)) &&
+                             (uc->uc_fsuid == oattr->la_uid)) &&
                            !(flags & MDS_PERM_BYPASS)) {
                                rc = mdd_permission_internal(env, obj,
-                                                            tmp_la, MAY_WRITE);
+                                                            oattr, MAY_WRITE);
                                if (rc != 0)
                                        RETURN(rc);
                        }
-                }
-                if (la->la_valid & LA_CTIME) {
-                        /* The pure setattr, it has the priority over what is
-                         * already set, do not drop it if ctime is equal. */
-                        if (la->la_ctime < tmp_la->la_ctime)
-                                la->la_valid &= ~(LA_ATIME | LA_MTIME |
-                                                  LA_CTIME);
-                }
-        }
+               }
+               if (la->la_valid & LA_CTIME) {
+                       /* The pure setattr, it has the priority over what is
+                        * already set, do not drop it if ctime is equal. */
+                       if (la->la_ctime < oattr->la_ctime)
+                               la->la_valid &= ~(LA_ATIME | LA_MTIME |
+                                                       LA_CTIME);
+               }
+       }
 
-        RETURN(0);
+       RETURN(0);
 }
 
 /** Store a data change changelog record
@@ -829,27 +809,63 @@ static int mdd_declare_attr_set(const struct lu_env *env,
        return rc;
 }
 
+/*
+ * LU-3671
+ *
+ * permission changes may require sync operation, to mitigate performance
+ * impact, only do this for dir and when permission is reduced.
+ *
+ * For regular files, version is updated with permission change (see VBR), async
+ * permission won't cause any issue, while missing permission change on
+ * directory may affect accessibility of other objects after recovery.
+ */
+static inline bool permission_needs_sync(const struct lu_attr *old,
+                                        const struct lu_attr *new)
+{
+       if (!S_ISDIR(old->la_mode))
+               return false;
+
+       if (new->la_valid & (LA_UID | LA_GID))
+               return true;
+
+       if (new->la_valid & LA_MODE &&
+           new->la_mode & (S_ISUID | S_ISGID | S_ISVTX))
+               return true;
+
+       if ((new->la_valid & LA_MODE) &&
+           ((new->la_mode & old->la_mode) & S_IRWXUGO) !=
+            (old->la_mode & S_IRWXUGO))
+               return true;
+
+       return false;
+}
+
 /* set attr and LOV EA at once, return updated attr */
 int mdd_attr_set(const struct lu_env *env, struct md_object *obj,
                 const struct md_attr *ma)
 {
-        struct mdd_object *mdd_obj = md2mdd_obj(obj);
-        struct mdd_device *mdd = mdo2mdd(obj);
-        struct thandle *handle;
-        struct lu_attr *la_copy = &mdd_env_info(env)->mti_la_for_fix;
+       struct mdd_object *mdd_obj = md2mdd_obj(obj);
+       struct mdd_device *mdd = mdo2mdd(obj);
+       struct thandle *handle;
+       struct lu_attr *la_copy = &mdd_env_info(env)->mti_la_for_fix;
+       struct lu_attr *attr = MDD_ENV_VAR(env, cattr);
        const struct lu_attr *la = &ma->ma_attr;
        int rc;
-        ENTRY;
+       ENTRY;
 
        /* we do not use ->attr_set() for LOV/SOM/HSM EA any more */
        LASSERT((ma->ma_valid & MA_LOV) == 0);
        LASSERT((ma->ma_valid & MA_HSM) == 0);
        LASSERT((ma->ma_valid & MA_SOM) == 0);
 
-        *la_copy = ma->ma_attr;
-       rc = mdd_fix_attr(env, mdd_obj, la_copy, ma->ma_attr_flags);
+       rc = mdd_la_get(env, mdd_obj, attr, BYPASS_CAPA);
        if (rc)
-                RETURN(rc);
+               RETURN(rc);
+
+       *la_copy = ma->ma_attr;
+       rc = mdd_fix_attr(env, mdd_obj, attr, la_copy, ma->ma_attr_flags);
+       if (rc)
+               RETURN(rc);
 
         /* setattr on "close" only change atime, or do nothing */
        if (la->la_valid == LA_ATIME && la_copy->la_valid == 0)
@@ -867,50 +883,47 @@ int mdd_attr_set(const struct lu_env *env, struct md_object *obj,
         if (rc)
                 GOTO(stop, rc);
 
-        /* permission changes may require sync operation */
-       if (ma->ma_attr.la_valid & (LA_MODE|LA_UID|LA_GID))
-                handle->th_sync |= !!mdd->mdd_sync_permission;
+       if (mdd->mdd_sync_permission && permission_needs_sync(attr, la))
+               handle->th_sync = 1;
 
        if (la->la_valid & (LA_MTIME | LA_CTIME))
                 CDEBUG(D_INODE, "setting mtime "LPU64", ctime "LPU64"\n",
                       la->la_mtime, la->la_ctime);
 
-        if (la_copy->la_valid & LA_FLAGS) {
+       mdd_write_lock(env, mdd_obj, MOR_TGT_CHILD);
+       if (la_copy->la_valid & LA_FLAGS) {
                rc = mdd_attr_set_internal(env, mdd_obj, la_copy, handle, 1);
-                if (rc == 0)
-                        mdd_flags_xlate(mdd_obj, la_copy->la_flags);
-        } else if (la_copy->la_valid) {            /* setattr */
+               if (rc == 0)
+                       mdd_flags_xlate(mdd_obj, la_copy->la_flags);
+       } else if (la_copy->la_valid) { /* setattr */
                rc = mdd_attr_set_internal(env, mdd_obj, la_copy, handle, 1);
-        }
+       }
+       mdd_write_unlock(env, mdd_obj);
+
+       if (rc == 0)
+               rc = mdd_attr_set_changelog(env, obj, handle, la->la_valid);
+
+       GOTO(stop, rc);
 
-        if (rc == 0)
-                rc = mdd_attr_set_changelog(env, obj, handle,
-                                           la->la_valid);
 stop:
-        mdd_trans_stop(env, mdd, rc, handle);
-        RETURN(rc);
+       mdd_trans_stop(env, mdd, rc, handle);
+       return rc;
 }
 
 static int mdd_xattr_sanity_check(const struct lu_env *env,
-                                 struct mdd_object *obj)
+                                 struct mdd_object *obj,
+                                 const struct lu_attr *attr)
 {
-       struct lu_attr  *tmp_la = &mdd_env_info(env)->mti_la;
        struct lu_ucred *uc     = lu_ucred_assert(env);
-       int rc;
        ENTRY;
 
        if (mdd_is_immutable(obj) || mdd_is_append(obj))
                RETURN(-EPERM);
 
-       rc = mdd_la_get(env, obj, tmp_la, BYPASS_CAPA);
-       if (rc)
-               RETURN(rc);
-
-       if ((uc->uc_fsuid != tmp_la->la_uid) &&
-           !md_capable(uc, CFS_CAP_FOWNER))
+       if ((uc->uc_fsuid != attr->la_uid) && !md_capable(uc, CFS_CAP_FOWNER))
                RETURN(-EPERM);
 
-       RETURN(rc);
+       RETURN(0);
 }
 
 static int mdd_declare_xattr_set(const struct lu_env *env,
@@ -929,15 +942,14 @@ static int mdd_declare_xattr_set(const struct lu_env *env,
        /* Only record user and layout xattr changes */
        if (strncmp(XATTR_USER_PREFIX, name,
                    sizeof(XATTR_USER_PREFIX) - 1) == 0 ||
-           strncmp(XATTR_NAME_LOV, name,
-                   sizeof(XATTR_NAME_LOV) - 1) == 0) {
+           strcmp(XATTR_NAME_LOV, name) == 0) {
                rc = mdd_declare_changelog_store(env, mdd, NULL, handle);
                if (rc)
                        return rc;
        }
 
        /* If HSM data is modified, this could add a changelog */
-       if (strncmp(XATTR_NAME_HSM, name, sizeof(XATTR_NAME_HSM) - 1) == 0) {
+       if (strcmp(XATTR_NAME_HSM, name) == 0) {
                rc = mdd_declare_changelog_store(env, mdd, NULL, handle);
                if (rc)
                        return rc;
@@ -964,7 +976,7 @@ static int mdd_hsm_update_locked(const struct lu_env *env,
        struct mdd_thread_info *info = mdd_env_info(env);
        struct mdd_device      *mdd = mdo2mdd(obj);
        struct mdd_object      *mdd_obj = md2mdd_obj(obj);
-       struct lu_buf          *current_buf = &info->mti_buf;
+       struct lu_buf          *current_buf;
        struct md_hsm          *current_mh;
        struct md_hsm          *new_mh;
        int                     rc;
@@ -975,12 +987,12 @@ static int mdd_hsm_update_locked(const struct lu_env *env,
                RETURN(-ENOMEM);
 
        /* Read HSM attrs from disk */
-       current_buf->lb_buf = info->mti_xattr_buf;
-       current_buf->lb_len = sizeof(info->mti_xattr_buf);
        CLASSERT(sizeof(struct hsm_attrs) <= sizeof(info->mti_xattr_buf));
+       current_buf = mdd_buf_get(env, info->mti_xattr_buf,
+                                 sizeof(info->mti_xattr_buf));
        rc = mdo_xattr_get(env, mdd_obj, current_buf, XATTR_NAME_HSM,
                           mdd_object_capa(env, mdd_obj));
-       rc = lustre_buf2hsm(info->mti_xattr_buf, rc, current_mh);
+       rc = lustre_buf2hsm(current_buf->lb_buf, rc, current_mh);
        if (rc < 0 && rc != -ENODATA)
                GOTO(free, rc);
        else if (rc == -ENODATA)
@@ -1010,7 +1022,6 @@ free:
        return(rc);
 }
 
-
 /**
  * The caller should guarantee to update the object ctime
  * after xattr_set if needed.
@@ -1020,20 +1031,25 @@ static int mdd_xattr_set(const struct lu_env *env, struct md_object *obj,
                         int fl)
 {
        struct mdd_object       *mdd_obj = md2mdd_obj(obj);
+       struct lu_attr          *attr = MDD_ENV_VAR(env, cattr);
        struct mdd_device       *mdd = mdo2mdd(obj);
        struct thandle          *handle;
        int                      rc;
-        ENTRY;
+       ENTRY;
 
-       if (!strcmp(name, XATTR_NAME_ACL_ACCESS)) {
-               rc = mdd_acl_set(env, mdd_obj, buf, fl);
+       rc = mdd_la_get(env, mdd_obj, attr, BYPASS_CAPA);
+       if (rc)
                RETURN(rc);
-       }
 
-       rc = mdd_xattr_sanity_check(env, mdd_obj);
+       rc = mdd_xattr_sanity_check(env, mdd_obj, attr);
        if (rc)
                RETURN(rc);
 
+       if (!strcmp(name, XATTR_NAME_ACL_ACCESS)) {
+               rc = mdd_acl_set(env, mdd_obj, attr, buf, fl);
+               RETURN(rc);
+       }
+
        handle = mdd_trans_create(env, mdd);
        if (IS_ERR(handle))
                RETURN(PTR_ERR(handle));
@@ -1046,13 +1062,9 @@ static int mdd_xattr_set(const struct lu_env *env, struct md_object *obj,
        if (rc)
                GOTO(stop, rc);
 
-       /* security-replated changes may require sync */
-       if (!strcmp(name, XATTR_NAME_ACL_ACCESS))
-               handle->th_sync |= !!mdd->mdd_sync_permission;
-
        mdd_write_lock(env, mdd_obj, MOR_TGT_CHILD);
 
-       if (strncmp(XATTR_NAME_HSM, name, sizeof(XATTR_NAME_HSM) - 1) == 0) {
+       if (strcmp(XATTR_NAME_HSM, name) == 0) {
                rc = mdd_hsm_update_locked(env, obj, buf, handle);
                if (rc) {
                        mdd_write_unlock(env, mdd_obj);
@@ -1066,7 +1078,7 @@ static int mdd_xattr_set(const struct lu_env *env, struct md_object *obj,
        if (rc)
                GOTO(stop, rc);
 
-       if (strncmp(XATTR_NAME_LOV, name, sizeof(XATTR_NAME_LOV) - 1) == 0)
+       if (strcmp(XATTR_NAME_LOV, name) == 0)
                rc = mdd_changelog_data_store(env, mdd, CL_LAYOUT, 0, mdd_obj,
                                              handle);
        else if (strncmp(XATTR_USER_PREFIX, name,
@@ -1090,17 +1102,18 @@ static int mdd_declare_xattr_del(const struct lu_env *env,
                                  const char *name,
                                  struct thandle *handle)
 {
-        int rc;
+       int rc;
 
-        rc = mdo_declare_xattr_del(env, obj, name, handle);
-        if (rc)
-                return rc;
+       rc = mdo_declare_xattr_del(env, obj, name, handle);
+       if (rc)
+               return rc;
 
-        /* Only record user xattr changes */
-        if ((strncmp("user.", name, 5) == 0))
-                rc = mdd_declare_changelog_store(env, mdd, NULL, handle);
+       /* Only record user xattr changes */
+       if ((strncmp(XATTR_USER_PREFIX, name,
+                    sizeof(XATTR_USER_PREFIX) - 1) == 0))
+               rc = mdd_declare_changelog_store(env, mdd, NULL, handle);
 
-        return rc;
+       return rc;
 }
 
 /**
@@ -1110,15 +1123,20 @@ static int mdd_declare_xattr_del(const struct lu_env *env,
 int mdd_xattr_del(const struct lu_env *env, struct md_object *obj,
                   const char *name)
 {
-        struct mdd_object *mdd_obj = md2mdd_obj(obj);
-        struct mdd_device *mdd = mdo2mdd(obj);
-        struct thandle *handle;
-        int  rc;
-        ENTRY;
+       struct mdd_object *mdd_obj = md2mdd_obj(obj);
+       struct lu_attr *attr = MDD_ENV_VAR(env, cattr);
+       struct mdd_device *mdd = mdo2mdd(obj);
+       struct thandle *handle;
+       int  rc;
+       ENTRY;
 
-        rc = mdd_xattr_sanity_check(env, mdd_obj);
-        if (rc)
-                RETURN(rc);
+       rc = mdd_la_get(env, mdd_obj, attr, BYPASS_CAPA);
+       if (rc)
+               RETURN(rc);
+
+       rc = mdd_xattr_sanity_check(env, mdd_obj, attr);
+       if (rc)
+               RETURN(rc);
 
         handle = mdd_trans_create(env, mdd);
         if (IS_ERR(handle))
@@ -1159,12 +1177,11 @@ stop:
  * read lov EA of an object
  * return the lov EA in an allocated lu_buf
  */
-static struct lu_buf *mdd_get_lov_ea(const struct lu_env *env,
-                                    struct mdd_object *obj)
+int mdd_get_lov_ea(const struct lu_env *env, struct mdd_object *obj,
+                  struct lu_buf *lmm_buf)
 {
        struct lu_buf   *buf = &mdd_env_info(env)->mti_big_buf;
-       struct lu_buf   *lmm_buf = NULL;
-       int              rc, sz;
+       int              rc, bufsize;
        ENTRY;
 
 repeat:
@@ -1182,81 +1199,100 @@ repeat:
        }
 
        if (rc < 0)
-               GOTO(out, rc);
+               RETURN(rc);
 
        if (rc == 0)
-               GOTO(out, rc = -ENODATA);
+               RETURN(-ENODATA);
 
-       sz = rc;
+       bufsize = rc;
        if (memcmp(buf, &LU_BUF_NULL, sizeof(*buf)) == 0) {
                /* mti_big_buf was not allocated, so we have to
                 * allocate it based on the ea size */
                buf = lu_buf_check_and_alloc(&mdd_env_info(env)->mti_big_buf,
-                                            sz);
+                                            bufsize);
                if (buf->lb_buf == NULL)
                        GOTO(out, rc = -ENOMEM);
                goto repeat;
        }
 
-       OBD_ALLOC_PTR(lmm_buf);
-       if (!lmm_buf)
+       lu_buf_alloc(lmm_buf, bufsize);
+       if (lmm_buf->lb_buf == NULL)
                GOTO(out, rc = -ENOMEM);
 
-       OBD_ALLOC(lmm_buf->lb_buf, sz);
-       if (!lmm_buf->lb_buf)
-               GOTO(free, rc = -ENOMEM);
-
-       memcpy(lmm_buf->lb_buf, buf->lb_buf, sz);
-       lmm_buf->lb_len = sz;
-
-       GOTO(out, rc = 0);
+       memcpy(lmm_buf->lb_buf, buf->lb_buf, bufsize);
+       rc = 0;
+       EXIT;
 
-free:
-       if (lmm_buf)
-               OBD_FREE_PTR(lmm_buf);
 out:
-       if (rc)
-               return ERR_PTR(rc);
-       return lmm_buf;
+       if (rc < 0)
+               lu_buf_free(lmm_buf);
+       return rc;
 }
 
+static int mdd_xattr_hsm_replace(const struct lu_env *env,
+                                struct mdd_object *o, struct lu_buf *buf,
+                                struct thandle *handle)
+{
+       struct hsm_attrs *attrs;
+       __u32 hsm_flags;
+       int flags = 0;
+       int rc;
+       ENTRY;
+
+       rc = mdo_xattr_set(env, o, buf, XATTR_NAME_HSM, LU_XATTR_REPLACE,
+                          handle, mdd_object_capa(env, o));
+       if (rc != 0)
+               RETURN(rc);
+
+       attrs = buf->lb_buf;
+       hsm_flags = le32_to_cpu(attrs->hsm_flags);
+       if (!(hsm_flags & HS_RELEASED) || mdd_is_dead_obj(o))
+               RETURN(0);
+
+       /* Add a changelog record for release. */
+       hsm_set_cl_event(&flags, HE_RELEASE);
+       rc = mdd_changelog_data_store(env, mdo2mdd(&o->mod_obj), CL_HSM,
+                                     flags, o, handle);
+       RETURN(rc);
+}
 
 /*
  *  check if layout swapping between 2 objects is allowed
  *  the rules are:
+ *  - only normal FIDs or non-system IGIFs
  *  - same type of objects
  *  - same owner/group (so quotas are still valid)
  */
 static int mdd_layout_swap_allowed(const struct lu_env *env,
                                   struct mdd_object *o1,
-                                  struct mdd_object *o2)
+                                  const struct lu_attr *attr1,
+                                  struct mdd_object *o2,
+                                  const struct lu_attr *attr2)
 {
        const struct lu_fid     *fid1, *fid2;
-       __u32                    uid, gid;
-       struct lu_attr          *tmp_la = &mdd_env_info(env)->mti_la;
-       int                      rc;
        ENTRY;
 
        fid1 = mdo2fid(o1);
        fid2 = mdo2fid(o2);
 
-       if (!fid_is_norm(fid1) || !fid_is_norm(fid2) ||
-           (mdd_object_type(o1) != mdd_object_type(o2)))
-               RETURN(-EPERM);
+       if (!fid_is_norm(fid1) &&
+           (!fid_is_igif(fid1) || IS_ERR(mdd_links_get(env, o1))))
+               RETURN(-EBADF);
 
-       tmp_la->la_valid = 0;
-       rc = mdd_la_get(env, o1, tmp_la, BYPASS_CAPA);
-       if (rc)
-               RETURN(rc);
-       uid = tmp_la->la_uid;
-       gid = tmp_la->la_gid;
+       if (!fid_is_norm(fid2) &&
+           (!fid_is_igif(fid2) || IS_ERR(mdd_links_get(env, o2))))
+               RETURN(-EBADF);
 
-       tmp_la->la_valid = 0;
-       rc = mdd_la_get(env, o2, tmp_la, BYPASS_CAPA);
-       if (rc)
-               RETURN(rc);
+       if (mdd_object_type(o1) != mdd_object_type(o2)) {
+               if (S_ISDIR(mdd_object_type(o1)))
+                       RETURN(-ENOTDIR);
+               if (S_ISREG(mdd_object_type(o1)))
+                       RETURN(-EISDIR);
+               RETURN(-EBADF);
+       }
 
-       if ((uid != tmp_la->la_uid) || (gid != tmp_la->la_gid))
+       if ((attr1->la_uid != attr2->la_uid) ||
+           (attr1->la_gid != attr2->la_gid))
                RETURN(-EPERM);
 
        RETURN(0);
@@ -1268,36 +1304,48 @@ static int mdd_layout_swap_allowed(const struct lu_env *env,
 static int mdd_swap_layouts(const struct lu_env *env, struct md_object *obj1,
                            struct md_object *obj2, __u64 flags)
 {
-       struct mdd_object       *o1, *o2, *fst_o, *snd_o;
-       struct lu_buf           *lmm1_buf = NULL, *lmm2_buf = NULL;
-       struct lu_buf           *fst_buf, *snd_buf;
-       struct lov_mds_md       *fst_lmm, *snd_lmm, *old_fst_lmm = NULL;
-       struct thandle          *handle;
+       struct mdd_thread_info  *info = mdd_env_info(env);
+       struct mdd_object       *fst_o = md2mdd_obj(obj1);
+       struct mdd_object       *snd_o = md2mdd_obj(obj2);
+       struct lu_attr          *fst_la = MDD_ENV_VAR(env, cattr);
+       struct lu_attr          *snd_la = MDD_ENV_VAR(env, tattr);
        struct mdd_device       *mdd = mdo2mdd(obj1);
-       int                      rc;
+       struct lov_mds_md       *fst_lmm, *snd_lmm;
+       struct lu_buf           *fst_buf = &info->mti_buf[0];
+       struct lu_buf           *snd_buf = &info->mti_buf[1];
+       struct lu_buf           *fst_hsm_buf = &info->mti_buf[2];
+       struct lu_buf           *snd_hsm_buf = &info->mti_buf[3];
+       struct ost_id           *saved_oi = NULL;
+       struct thandle          *handle;
        __u16                    fst_gen, snd_gen;
        int                      fst_fl;
+       int                      rc;
+       int                      rc2;
        ENTRY;
 
+       CLASSERT(ARRAY_SIZE(info->mti_buf) >= 4);
+       memset(info->mti_buf, 0, sizeof(info->mti_buf));
+
        /* we have to sort the 2 obj, so locking will always
         * be in the same order, even in case of 2 concurrent swaps */
-       rc = lu_fid_cmp(mdo2fid(md2mdd_obj(obj1)),
-                       mdo2fid(md2mdd_obj(obj2)));
-       /* same fid ? */
-       if (rc == 0)
+       rc = lu_fid_cmp(mdo2fid(fst_o), mdo2fid(snd_o));
+       if (rc == 0) /* same fid ? */
                RETURN(-EPERM);
 
-       if (rc > 0) {
-               o1 = md2mdd_obj(obj1);
-               o2 = md2mdd_obj(obj2);
-       } else {
-               o1 = md2mdd_obj(obj2);
-               o2 = md2mdd_obj(obj1);
-       }
+       if (rc < 0)
+               swap(fst_o, snd_o);
+
+       rc = mdd_la_get(env, fst_o, fst_la, BYPASS_CAPA);
+       if (rc != 0)
+               RETURN(rc);
+
+       rc = mdd_la_get(env, snd_o, snd_la, BYPASS_CAPA);
+       if (rc != 0)
+               RETURN(rc);
 
        /* check if layout swapping is allowed */
-       rc = mdd_layout_swap_allowed(env, o1, o2);
-       if (rc)
+       rc = mdd_layout_swap_allowed(env, fst_o, fst_la, snd_o, snd_la);
+       if (rc != 0)
                RETURN(rc);
 
        handle = mdd_trans_create(env, mdd);
@@ -1305,45 +1353,30 @@ static int mdd_swap_layouts(const struct lu_env *env, struct md_object *obj1,
                RETURN(PTR_ERR(handle));
 
        /* objects are already sorted */
-       mdd_write_lock(env, o1, MOR_TGT_CHILD);
-       mdd_write_lock(env, o2, MOR_TGT_CHILD);
-
-       lmm1_buf = mdd_get_lov_ea(env, o1);
-       if (IS_ERR(lmm1_buf)) {
-               rc = PTR_ERR(lmm1_buf);
-               lmm1_buf = NULL;
-               if (rc != -ENODATA)
-                       GOTO(stop, rc);
-       }
+       mdd_write_lock(env, fst_o, MOR_TGT_CHILD);
+       mdd_write_lock(env, snd_o, MOR_TGT_CHILD);
 
-       lmm2_buf = mdd_get_lov_ea(env, o2);
-       if (IS_ERR(lmm2_buf)) {
-               rc = PTR_ERR(lmm2_buf);
-               lmm2_buf = NULL;
-               if (rc != -ENODATA)
-                       GOTO(stop, rc);
-       }
+       rc = mdd_get_lov_ea(env, fst_o, fst_buf);
+       if (rc < 0 && rc != -ENODATA)
+               GOTO(stop, rc);
+
+       rc = mdd_get_lov_ea(env, snd_o, snd_buf);
+       if (rc < 0 && rc != -ENODATA)
+               GOTO(stop, rc);
 
        /* swapping 2 non existant layouts is a success */
-       if ((lmm1_buf == NULL) && (lmm2_buf == NULL))
+       if (fst_buf->lb_buf == NULL && snd_buf->lb_buf == NULL)
                GOTO(stop, rc = 0);
 
        /* to help inode migration between MDT, it is better to
         * start by the no layout file (if one), so we order the swap */
-       if (lmm1_buf == NULL) {
-               fst_o = o1;
-               fst_buf = lmm1_buf;
-               snd_o = o2;
-               snd_buf = lmm2_buf;
-       } else {
-               fst_o = o2;
-               fst_buf = lmm2_buf;
-               snd_o = o1;
-               snd_buf = lmm1_buf;
+       if (snd_buf->lb_buf == NULL) {
+               swap(fst_o, snd_o);
+               swap(fst_buf, snd_buf);
        }
 
        /* lmm and generation layout initialization */
-       if (fst_buf) {
+       if (fst_buf->lb_buf != NULL) {
                fst_lmm = fst_buf->lb_buf;
                fst_gen = le16_to_cpu(fst_lmm->lmm_layout_gen);
                fst_fl  = LU_XATTR_REPLACE;
@@ -1353,7 +1386,6 @@ static int mdd_swap_layouts(const struct lu_env *env, struct md_object *obj1,
                fst_fl  = LU_XATTR_CREATE;
        }
 
-       LASSERT(snd_buf != NULL);
        snd_lmm = snd_buf->lb_buf;
        snd_gen = le16_to_cpu(snd_lmm->lmm_layout_gen);
 
@@ -1362,18 +1394,13 @@ static int mdd_swap_layouts(const struct lu_env *env, struct md_object *obj1,
        fst_gen++;
 
        /* set the file specific informations in lmm */
-       if (fst_lmm) {
-               /* save the orignal lmm common header of first file
-                * to be able to roll back */
-               OBD_ALLOC_PTR(old_fst_lmm);
-               if (old_fst_lmm == NULL)
-                       GOTO(stop, rc = -ENOMEM);
-               *old_fst_lmm = *fst_lmm;
+       if (fst_lmm != NULL) {
+               saved_oi = &info->mti_oa.o_oi;
 
+               *saved_oi = fst_lmm->lmm_oi;
                fst_lmm->lmm_layout_gen = cpu_to_le16(snd_gen);
                fst_lmm->lmm_oi = snd_lmm->lmm_oi;
-
-               snd_lmm->lmm_oi = old_fst_lmm->lmm_oi;
+               snd_lmm->lmm_oi = *saved_oi;
        } else {
                if (snd_lmm->lmm_magic == cpu_to_le32(LOV_MAGIC_V1))
                        snd_lmm->lmm_magic = cpu_to_le32(LOV_MAGIC_V1_DEF);
@@ -1382,52 +1409,103 @@ static int mdd_swap_layouts(const struct lu_env *env, struct md_object *obj1,
                else
                        GOTO(stop, rc = -EPROTO);
        }
-
        snd_lmm->lmm_layout_gen = cpu_to_le16(fst_gen);
 
+       /* Prepare HSM attribute if it's required */
+       if (flags & SWAP_LAYOUTS_MDS_HSM) {
+               const int buflen = sizeof(struct hsm_attrs);
+
+               lu_buf_alloc(fst_hsm_buf, buflen);
+               lu_buf_alloc(snd_hsm_buf, buflen);
+               if (fst_hsm_buf->lb_buf == NULL || snd_hsm_buf->lb_buf == NULL)
+                       GOTO(stop, rc = -ENOMEM);
+
+               /* Read HSM attribute */
+               rc = mdo_xattr_get(env, fst_o, fst_hsm_buf, XATTR_NAME_HSM,
+                                  BYPASS_CAPA);
+               if (rc < 0)
+                       GOTO(stop, rc);
+
+               rc = mdo_xattr_get(env, snd_o, snd_hsm_buf, XATTR_NAME_HSM,
+                                  BYPASS_CAPA);
+               if (rc < 0)
+                       GOTO(stop, rc);
+
+               rc = mdd_declare_xattr_set(env, mdd, fst_o, snd_hsm_buf,
+                                          XATTR_NAME_HSM, LU_XATTR_REPLACE,
+                                          handle);
+               if (rc < 0)
+                       GOTO(stop, rc);
+
+               rc = mdd_declare_xattr_set(env, mdd, snd_o, fst_hsm_buf,
+                                          XATTR_NAME_HSM, LU_XATTR_REPLACE,
+                                          handle);
+               if (rc < 0)
+                       GOTO(stop, rc);
+       }
+
        /* prepare transaction */
        rc = mdd_declare_xattr_set(env, mdd, fst_o, snd_buf, XATTR_NAME_LOV,
                                   fst_fl, handle);
-       if (rc)
+       if (rc != 0)
                GOTO(stop, rc);
 
-       if (fst_buf)
+       if (fst_buf->lb_buf != NULL)
                rc = mdd_declare_xattr_set(env, mdd, snd_o, fst_buf,
                                           XATTR_NAME_LOV, LU_XATTR_REPLACE,
                                           handle);
        else
                rc = mdd_declare_xattr_del(env, mdd, snd_o, XATTR_NAME_LOV,
                                           handle);
-       if (rc)
+       if (rc != 0)
                GOTO(stop, rc);
 
        rc = mdd_trans_start(env, mdd, handle);
-       if (rc)
+       if (rc != 0)
                GOTO(stop, rc);
 
+       if (flags & SWAP_LAYOUTS_MDS_HSM) {
+               rc = mdd_xattr_hsm_replace(env, fst_o, snd_hsm_buf, handle);
+               if (rc < 0)
+                       GOTO(stop, rc);
+
+               rc = mdd_xattr_hsm_replace(env, snd_o, fst_hsm_buf, handle);
+               if (rc < 0) {
+                       rc2 = mdd_xattr_hsm_replace(env, fst_o, fst_hsm_buf,
+                                                   handle);
+                       if (rc2 < 0)
+                               CERROR("%s: restore "DFID" HSM error: %d/%d\n",
+                                      mdd_obj_dev_name(fst_o),
+                                      PFID(mdo2fid(fst_o)), rc, rc2);
+                       GOTO(stop, rc);
+               }
+       }
+
        rc = mdo_xattr_set(env, fst_o, snd_buf, XATTR_NAME_LOV, fst_fl, handle,
                           mdd_object_capa(env, fst_o));
-       if (rc)
+       if (rc != 0)
                GOTO(stop, rc);
 
-       if (fst_buf)
-               rc = mdo_xattr_set(env, snd_o, fst_buf, XATTR_NAME_LOV,
-                                  LU_XATTR_REPLACE, handle,
-                                  mdd_object_capa(env, snd_o));
-       else
-               rc = mdo_xattr_del(env, snd_o, XATTR_NAME_LOV, handle,
-                                  mdd_object_capa(env, snd_o));
-       if (rc) {
-               int     rc2;
+       if (unlikely(OBD_FAIL_CHECK(OBD_FAIL_MDS_HSM_SWAP_LAYOUTS))) {
+               rc = -EOPNOTSUPP;
+       } else {
+               if (fst_buf->lb_buf != NULL)
+                       rc = mdo_xattr_set(env, snd_o, fst_buf, XATTR_NAME_LOV,
+                                          LU_XATTR_REPLACE, handle,
+                                          mdd_object_capa(env, snd_o));
+               else
+                       rc = mdo_xattr_del(env, snd_o, XATTR_NAME_LOV, handle,
+                                          mdd_object_capa(env, snd_o));
+       }
+
+       if (rc != 0) {
+               int steps = 0;
 
                /* failure on second file, but first was done, so we have
-                * to roll back first */
-               /* restore object_id, object_seq and generation number
-                * on first file */
-               if (fst_lmm) {
-                       LASSERT(old_fst_lmm != NULL);
-                       fst_lmm->lmm_oi = old_fst_lmm->lmm_oi;
-                       fst_lmm->lmm_layout_gen = old_fst_lmm->lmm_layout_gen;
+                * to roll back first. */
+               if (fst_buf->lb_buf != NULL) {
+                       fst_lmm->lmm_oi = *saved_oi;
+                       fst_lmm->lmm_layout_gen = cpu_to_le16(fst_gen - 1);
                        rc2 = mdo_xattr_set(env, fst_o, fst_buf, XATTR_NAME_LOV,
                                            LU_XATTR_REPLACE, handle,
                                            mdd_object_capa(env, fst_o));
@@ -1435,15 +1513,25 @@ static int mdd_swap_layouts(const struct lu_env *env, struct md_object *obj1,
                        rc2 = mdo_xattr_del(env, fst_o, XATTR_NAME_LOV, handle,
                                            mdd_object_capa(env, fst_o));
                }
+               if (rc2 < 0)
+                       goto do_lbug;
+
+               ++steps;
+               rc2 = mdd_xattr_hsm_replace(env, fst_o, fst_hsm_buf, handle);
+               if (rc2 < 0)
+                       goto do_lbug;
 
-               if (rc2) {
+               ++steps;
+               rc2 = mdd_xattr_hsm_replace(env, snd_o, snd_hsm_buf, handle);
+
+       do_lbug:
+               if (rc2 < 0) {
                        /* very bad day */
-                       CERROR("%s: unable to roll back after swap layouts"
-                              " failure between "DFID" and "DFID
-                              " rc2 = %d rc = %d)\n",
-                              mdd2obd_dev(mdd)->obd_name,
+                       CERROR("%s: unable to roll back layout swap. FIDs: "
+                              DFID" and "DFID "error: %d/%d, steps: %d\n",
+                              mdd_obj_dev_name(fst_o),
                               PFID(mdo2fid(snd_o)), PFID(mdo2fid(fst_o)),
-                              rc2, rc);
+                              rc, rc2, steps);
                        /* a solution to avoid journal commit is to panic,
                         * but it has strong consequences so we use LBUG to
                         * allow sysdamin to choose to panic or not
@@ -1465,32 +1553,39 @@ static int mdd_swap_layouts(const struct lu_env *env, struct md_object *obj1,
 
 stop:
        mdd_trans_stop(env, mdd, rc, handle);
-       mdd_write_unlock(env, o2);
-       mdd_write_unlock(env, o1);
-
-       if (lmm1_buf && lmm1_buf->lb_buf)
-               OBD_FREE(lmm1_buf->lb_buf, lmm1_buf->lb_len);
-       if (lmm1_buf)
-               OBD_FREE_PTR(lmm1_buf);
-
-       if (lmm2_buf && lmm2_buf->lb_buf)
-               OBD_FREE(lmm2_buf->lb_buf, lmm2_buf->lb_len);
-       if (lmm2_buf)
-               OBD_FREE_PTR(lmm2_buf);
-
-       if (old_fst_lmm)
-               OBD_FREE_PTR(old_fst_lmm);
+       mdd_write_unlock(env, snd_o);
+       mdd_write_unlock(env, fst_o);
 
+       lu_buf_free(fst_buf);
+       lu_buf_free(snd_buf);
+       lu_buf_free(fst_hsm_buf);
+       lu_buf_free(snd_hsm_buf);
        return rc;
 }
 
 void mdd_object_make_hint(const struct lu_env *env, struct mdd_object *parent,
-               struct mdd_object *child, struct lu_attr *attr)
+                         struct mdd_object *child, const struct lu_attr *attr,
+                         const struct md_op_spec *spec,
+                         struct dt_allocation_hint *hint)
 {
-       struct dt_allocation_hint *hint = &mdd_env_info(env)->mti_hint;
-       struct dt_object *np = parent ? mdd_object_child(parent) : NULL;
+       struct dt_object *np = parent ?  mdd_object_child(parent) : NULL;
        struct dt_object *nc = mdd_object_child(child);
 
+       memset(hint, 0, sizeof(*hint));
+
+       /* For striped directory, give striping EA to lod_ah_init, which will
+        * decide the stripe_offset and stripe count by it. */
+       if (S_ISDIR(attr->la_mode) &&
+           unlikely(spec != NULL && spec->sp_cr_flags & MDS_OPEN_HAS_EA)) {
+               hint->dah_eadata = spec->u.sp_ea.eadata;
+               hint->dah_eadata_len = spec->u.sp_ea.eadatalen;
+       } else {
+               hint->dah_eadata = NULL;
+               hint->dah_eadata_len = 0;
+       }
+
+       CDEBUG(D_INFO, DFID" eadata %p len %d\n", PFID(mdd_object_fid(child)),
+              hint->dah_eadata, hint->dah_eadata_len);
        /* @hint will be initialized by underlying device. */
        nc->do_ops->do_ah_init(env, hint, np, nc, attr->la_mode & S_IFMT);
 }
@@ -1498,7 +1593,7 @@ void mdd_object_make_hint(const struct lu_env *env, struct mdd_object *parent,
 /*
  * do NOT or the MAY_*'s, you'll get the weakest
  */
-int accmode(const struct lu_env *env, struct lu_attr *la, int flags)
+int accmode(const struct lu_env *env, const struct lu_attr *la, int flags)
 {
        int res = 0;
 
@@ -1524,45 +1619,41 @@ int accmode(const struct lu_env *env, struct lu_attr *la, int flags)
 }
 
 static int mdd_open_sanity_check(const struct lu_env *env,
-                                 struct mdd_object *obj, int flag)
+                               struct mdd_object *obj,
+                               const struct lu_attr *attr, int flag)
 {
-        struct lu_attr *tmp_la = &mdd_env_info(env)->mti_la;
-        int mode, rc;
-        ENTRY;
-
-        /* EEXIST check */
-        if (mdd_is_dead_obj(obj))
-                RETURN(-ENOENT);
+       int mode, rc;
+       ENTRY;
 
-        rc = mdd_la_get(env, obj, tmp_la, BYPASS_CAPA);
-        if (rc)
-               RETURN(rc);
+       /* EEXIST check */
+       if (mdd_is_dead_obj(obj))
+               RETURN(-ENOENT);
 
-        if (S_ISLNK(tmp_la->la_mode))
-                RETURN(-ELOOP);
+       if (S_ISLNK(attr->la_mode))
+               RETURN(-ELOOP);
 
-        mode = accmode(env, tmp_la, flag);
+       mode = accmode(env, attr, flag);
 
-        if (S_ISDIR(tmp_la->la_mode) && (mode & MAY_WRITE))
-                RETURN(-EISDIR);
+       if (S_ISDIR(attr->la_mode) && (mode & MAY_WRITE))
+               RETURN(-EISDIR);
 
-        if (!(flag & MDS_OPEN_CREATED)) {
-                rc = mdd_permission_internal(env, obj, tmp_la, mode);
-                if (rc)
-                        RETURN(rc);
-        }
+       if (!(flag & MDS_OPEN_CREATED)) {
+               rc = mdd_permission_internal(env, obj, attr, mode);
+               if (rc)
+                       RETURN(rc);
+       }
 
-        if (S_ISFIFO(tmp_la->la_mode) || S_ISSOCK(tmp_la->la_mode) ||
-            S_ISBLK(tmp_la->la_mode) || S_ISCHR(tmp_la->la_mode))
-                flag &= ~MDS_OPEN_TRUNC;
+       if (S_ISFIFO(attr->la_mode) || S_ISSOCK(attr->la_mode) ||
+           S_ISBLK(attr->la_mode) || S_ISCHR(attr->la_mode))
+               flag &= ~MDS_OPEN_TRUNC;
 
-        /* For writing append-only file must open it with append mode. */
-        if (mdd_is_append(obj)) {
-                if ((flag & FMODE_WRITE) && !(flag & MDS_OPEN_APPEND))
-                        RETURN(-EPERM);
-                if (flag & MDS_OPEN_TRUNC)
-                        RETURN(-EPERM);
-        }
+       /* For writing append-only file must open it with append mode. */
+       if (mdd_is_append(obj)) {
+               if ((flag & FMODE_WRITE) && !(flag & MDS_OPEN_APPEND))
+                       RETURN(-EPERM);
+               if (flag & MDS_OPEN_TRUNC)
+                       RETURN(-EPERM);
+       }
 
 #if 0
         /*
@@ -1573,29 +1664,34 @@ static int mdd_open_sanity_check(const struct lu_env *env,
 
                if (uc && ((uc->uc_valid == UCRED_OLD) ||
                           (uc->uc_valid == UCRED_NEW)) &&
-                   (uc->uc_fsuid != tmp_la->la_uid) &&
+                   (uc->uc_fsuid != attr->la_uid) &&
                    !md_capable(uc, CFS_CAP_FOWNER))
                        RETURN(-EPERM);
         }
 #endif
 
-        RETURN(0);
+       RETURN(0);
 }
 
 static int mdd_open(const struct lu_env *env, struct md_object *obj,
-                    int flags)
+                   int flags)
 {
-        struct mdd_object *mdd_obj = md2mdd_obj(obj);
-        int rc = 0;
+       struct mdd_object *mdd_obj = md2mdd_obj(obj);
+       struct lu_attr *attr = MDD_ENV_VAR(env, cattr);
+       int rc = 0;
 
-        mdd_write_lock(env, mdd_obj, MOR_TGT_CHILD);
+       mdd_write_lock(env, mdd_obj, MOR_TGT_CHILD);
 
-        rc = mdd_open_sanity_check(env, mdd_obj, flags);
-        if (rc == 0)
-                mdd_obj->mod_count++;
+       rc = mdd_la_get(env, mdd_obj, attr, BYPASS_CAPA);
+       if (rc)
+               RETURN(rc);
 
-        mdd_write_unlock(env, mdd_obj);
-        return rc;
+       rc = mdd_open_sanity_check(env, mdd_obj, attr, flags);
+       if (rc == 0)
+               mdd_obj->mod_count++;
+
+       mdd_write_unlock(env, mdd_obj);
+       return rc;
 }
 
 int mdd_declare_object_kill(const struct lu_env *env, struct mdd_object *obj,
@@ -1944,14 +2040,22 @@ static int mdd_object_lock(const struct lu_env *env,
                           struct md_object *obj,
                           struct lustre_handle *lh,
                           struct ldlm_enqueue_info *einfo,
-                          void *policy)
+                          ldlm_policy_data_t *policy)
 {
        struct mdd_object *mdd_obj = md2mdd_obj(obj);
-       LASSERT(mdd_object_exists(mdd_obj));
        return dt_object_lock(env, mdd_object_child(mdd_obj), lh,
                              einfo, policy);
 }
 
+static int mdd_object_unlock(const struct lu_env *env,
+                            struct md_object *obj,
+                            struct ldlm_enqueue_info *einfo,
+                            ldlm_policy_data_t *policy)
+{
+       struct mdd_object *mdd_obj = md2mdd_obj(obj);
+       return dt_object_unlock(env, mdd_object_child(mdd_obj), einfo, policy);
+}
+
 const struct md_object_operations mdd_obj_ops = {
        .moo_permission         = mdd_permission,
        .moo_attr_get           = mdd_attr_get,
@@ -1969,4 +2073,5 @@ const struct md_object_operations mdd_obj_ops = {
        .moo_capa_get           = mdd_capa_get,
        .moo_object_sync        = mdd_object_sync,
        .moo_object_lock        = mdd_object_lock,
+       .moo_object_unlock      = mdd_object_unlock,
 };