The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/fs/nfsclient/nfs_clrpcops.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * SPDX-License-Identifier: BSD-3-Clause
    3  *
    4  * Copyright (c) 1989, 1993
    5  *      The Regents of the University of California.  All rights reserved.
    6  *
    7  * This code is derived from software contributed to Berkeley by
    8  * Rick Macklem at The University of Guelph.
    9  *
   10  * Redistribution and use in source and binary forms, with or without
   11  * modification, are permitted provided that the following conditions
   12  * are met:
   13  * 1. Redistributions of source code must retain the above copyright
   14  *    notice, this list of conditions and the following disclaimer.
   15  * 2. Redistributions in binary form must reproduce the above copyright
   16  *    notice, this list of conditions and the following disclaimer in the
   17  *    documentation and/or other materials provided with the distribution.
   18  * 3. Neither the name of the University nor the names of its contributors
   19  *    may be used to endorse or promote products derived from this software
   20  *    without specific prior written permission.
   21  *
   22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   32  * SUCH DAMAGE.
   33  *
   34  */
   35 
   36 #include <sys/cdefs.h>
   37 __FBSDID("$FreeBSD: head/sys/fs/nfsclient/nfs_clrpcops.c 345065 2019-03-12 15:07:47Z trasz $");
   38 
   39 /*
   40  * Rpc op calls, generally called from the vnode op calls or through the
   41  * buffer cache, for NFS v2, 3 and 4.
   42  * These do not normally make any changes to vnode arguments or use
   43  * structures that might change between the VFS variants. The returned
   44  * arguments are all at the end, after the NFSPROC_T *p one.
   45  */
   46 
   47 #ifndef APPLEKEXT
   48 #include "opt_inet6.h"
   49 
   50 #include <fs/nfs/nfsport.h>
   51 #include <sys/sysctl.h>
   52 #include <sys/taskqueue.h>
   53 
   54 SYSCTL_DECL(_vfs_nfs);
   55 
   56 static int      nfsignore_eexist = 0;
   57 SYSCTL_INT(_vfs_nfs, OID_AUTO, ignore_eexist, CTLFLAG_RW,
   58     &nfsignore_eexist, 0, "NFS ignore EEXIST replies for mkdir/symlink");
   59 
   60 static int      nfscl_dssameconn = 0;
   61 SYSCTL_INT(_vfs_nfs, OID_AUTO, dssameconn, CTLFLAG_RW,
   62     &nfscl_dssameconn, 0, "Use same TCP connection to multiple DSs");
   63 
   64 /*
   65  * Global variables
   66  */
   67 extern int nfs_numnfscbd;
   68 extern struct timeval nfsboottime;
   69 extern u_int32_t newnfs_false, newnfs_true;
   70 extern nfstype nfsv34_type[9];
   71 extern int nfsrv_useacl;
   72 extern char nfsv4_callbackaddr[INET6_ADDRSTRLEN];
   73 extern int nfscl_debuglevel;
   74 extern int nfs_pnfsiothreads;
   75 NFSCLSTATEMUTEX;
   76 int nfstest_outofseq = 0;
   77 int nfscl_assumeposixlocks = 1;
   78 int nfscl_enablecallb = 0;
   79 short nfsv4_cbport = NFSV4_CBPORT;
   80 int nfstest_openallsetattr = 0;
   81 #endif  /* !APPLEKEXT */
   82 
   83 #define DIRHDSIZ        offsetof(struct dirent, d_name)
   84 
   85 /*
   86  * nfscl_getsameserver() can return one of three values:
   87  * NFSDSP_USETHISSESSION - Use this session for the DS.
   88  * NFSDSP_SEQTHISSESSION - Use the nfsclds_sequence field of this dsp for new
   89  *     session.
   90  * NFSDSP_NOTFOUND - No matching server was found.
   91  */
   92 enum nfsclds_state {
   93         NFSDSP_USETHISSESSION = 0,
   94         NFSDSP_SEQTHISSESSION = 1,
   95         NFSDSP_NOTFOUND = 2,
   96 };
   97 
   98 /*
   99  * Do a write RPC on a DS data file, using this structure for the arguments,
  100  * so that this function can be executed by a separate kernel process.
  101  */
  102 struct nfsclwritedsdorpc {
  103         int                     done;
  104         int                     inprog;
  105         struct task             tsk;
  106         struct vnode            *vp;
  107         int                     iomode;
  108         int                     must_commit;
  109         nfsv4stateid_t          *stateidp;
  110         struct nfsclds          *dsp;
  111         uint64_t                off;
  112         int                     len;
  113         struct nfsfh            *fhp;
  114         struct mbuf             *m;
  115         int                     vers;
  116         int                     minorvers;
  117         struct ucred            *cred;
  118         NFSPROC_T               *p;
  119         int                     err;
  120 };
  121 
  122 static int nfsrpc_setattrrpc(vnode_t , struct vattr *, nfsv4stateid_t *,
  123     struct ucred *, NFSPROC_T *, struct nfsvattr *, int *, void *);
  124 static int nfsrpc_readrpc(vnode_t , struct uio *, struct ucred *,
  125     nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *, void *);
  126 static int nfsrpc_writerpc(vnode_t , struct uio *, int *, int *,
  127     struct ucred *, nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *,
  128     void *);
  129 static int nfsrpc_createv23(vnode_t , char *, int, struct vattr *,
  130     nfsquad_t, int, struct ucred *, NFSPROC_T *, struct nfsvattr *,
  131     struct nfsvattr *, struct nfsfh **, int *, int *, void *);
  132 static int nfsrpc_createv4(vnode_t , char *, int, struct vattr *,
  133     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *,
  134     NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *,
  135     int *, void *, int *);
  136 static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *,
  137     struct nfscllockowner *, u_int64_t, u_int64_t,
  138     u_int32_t, struct ucred *, NFSPROC_T *, int);
  139 static int nfsrpc_setaclrpc(vnode_t, struct ucred *, NFSPROC_T *,
  140     struct acl *, nfsv4stateid_t *, void *);
  141 static int nfsrpc_getlayout(struct nfsmount *, vnode_t, struct nfsfh *, int,
  142     uint32_t *, nfsv4stateid_t *, uint64_t, struct nfscllayout **,
  143     struct ucred *, NFSPROC_T *);
  144 static int nfsrpc_fillsa(struct nfsmount *, struct sockaddr_in *,
  145     struct sockaddr_in6 *, sa_family_t, int, struct nfsclds **, NFSPROC_T *);
  146 static void nfscl_initsessionslots(struct nfsclsession *);
  147 static int nfscl_doflayoutio(vnode_t, struct uio *, int *, int *, int *,
  148     nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
  149     struct nfsclflayout *, uint64_t, uint64_t, int, struct ucred *,
  150     NFSPROC_T *);
  151 static int nfscl_dofflayoutio(vnode_t, struct uio *, int *, int *, int *,
  152     nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
  153     struct nfsclflayout *, uint64_t, uint64_t, int, int, struct mbuf *,
  154     struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *);
  155 static struct mbuf *nfsm_copym(struct mbuf *, int, int);
  156 static int nfsrpc_readds(vnode_t, struct uio *, nfsv4stateid_t *, int *,
  157     struct nfsclds *, uint64_t, int, struct nfsfh *, int, int, int,
  158     struct ucred *, NFSPROC_T *);
  159 static int nfsrpc_writeds(vnode_t, struct uio *, int *, int *,
  160     nfsv4stateid_t *, struct nfsclds *, uint64_t, int,
  161     struct nfsfh *, int, int, int, int, struct ucred *, NFSPROC_T *);
  162 static int nfsio_writedsmir(vnode_t, int *, int *, nfsv4stateid_t *,
  163     struct nfsclds *, uint64_t, int, struct nfsfh *, struct mbuf *, int, int,
  164     struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *);
  165 static int nfsrpc_writedsmir(vnode_t, int *, int *, nfsv4stateid_t *,
  166     struct nfsclds *, uint64_t, int, struct nfsfh *, struct mbuf *, int, int,
  167     struct ucred *, NFSPROC_T *);
  168 static enum nfsclds_state nfscl_getsameserver(struct nfsmount *,
  169     struct nfsclds *, struct nfsclds **, uint32_t *);
  170 static int nfsio_commitds(vnode_t, uint64_t, int, struct nfsclds *,
  171     struct nfsfh *, int, int, struct nfsclwritedsdorpc *, struct ucred *,
  172     NFSPROC_T *);
  173 static int nfsrpc_commitds(vnode_t, uint64_t, int, struct nfsclds *,
  174     struct nfsfh *, int, int, struct ucred *, NFSPROC_T *);
  175 static void nfsrv_setuplayoutget(struct nfsrv_descript *, int, uint64_t,
  176     uint64_t, uint64_t, nfsv4stateid_t *, int, int, int);
  177 static int nfsrv_parseug(struct nfsrv_descript *, int, uid_t *, gid_t *,
  178     NFSPROC_T *);
  179 static int nfsrv_parselayoutget(struct nfsrv_descript *, nfsv4stateid_t *,
  180     int *, struct nfsclflayouthead *);
  181 static int nfsrpc_getopenlayout(struct nfsmount *, vnode_t, u_int8_t *,
  182     int, uint8_t *, int, uint32_t, struct nfsclopen *, uint8_t *, int,
  183     struct nfscldeleg **, struct ucred *, NFSPROC_T *);
  184 static int nfsrpc_getcreatelayout(vnode_t, char *, int, struct vattr *,
  185     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **,
  186     struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *,
  187     struct nfsfh **, int *, int *, void *, int *);
  188 static int nfsrpc_openlayoutrpc(struct nfsmount *, vnode_t, u_int8_t *,
  189     int, uint8_t *, int, uint32_t, struct nfsclopen *, uint8_t *, int,
  190     struct nfscldeleg **, nfsv4stateid_t *, int, int, int, int *,
  191     struct nfsclflayouthead *, int *, struct ucred *, NFSPROC_T *);
  192 static int nfsrpc_createlayout(vnode_t, char *, int, struct vattr *,
  193     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **,
  194     struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *,
  195     struct nfsfh **, int *, int *, void *, int *, nfsv4stateid_t *,
  196     int, int, int, int *, struct nfsclflayouthead *, int *);
  197 static int nfsrpc_layoutget(struct nfsmount *, uint8_t *, int, int, uint64_t,
  198     uint64_t, uint64_t, int, int, nfsv4stateid_t *, int *,
  199     struct nfsclflayouthead *, struct ucred *, NFSPROC_T *, void *);
  200 static int nfsrpc_layoutgetres(struct nfsmount *, vnode_t, uint8_t *,
  201     int, nfsv4stateid_t *, int, uint32_t *, struct nfscllayout **,
  202     struct nfsclflayouthead *, int, int, int *, struct ucred *, NFSPROC_T *);
  203 
  204 int nfs_pnfsio(task_fn_t *, void *);
  205 
  206 /*
  207  * nfs null call from vfs.
  208  */
  209 APPLESTATIC int
  210 nfsrpc_null(vnode_t vp, struct ucred *cred, NFSPROC_T *p)
  211 {
  212         int error;
  213         struct nfsrv_descript nfsd, *nd = &nfsd;
  214         
  215         NFSCL_REQSTART(nd, NFSPROC_NULL, vp);
  216         error = nfscl_request(nd, vp, p, cred, NULL);
  217         if (nd->nd_repstat && !error)
  218                 error = nd->nd_repstat;
  219         mbuf_freem(nd->nd_mrep);
  220         return (error);
  221 }
  222 
  223 /*
  224  * nfs access rpc op.
  225  * For nfs version 3 and 4, use the access rpc to check accessibility. If file
  226  * modes are changed on the server, accesses might still fail later.
  227  */
  228 APPLESTATIC int
  229 nfsrpc_access(vnode_t vp, int acmode, struct ucred *cred,
  230     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
  231 {
  232         int error;
  233         u_int32_t mode, rmode;
  234 
  235         if (acmode & VREAD)
  236                 mode = NFSACCESS_READ;
  237         else
  238                 mode = 0;
  239         if (vnode_vtype(vp) == VDIR) {
  240                 if (acmode & VWRITE)
  241                         mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND |
  242                                  NFSACCESS_DELETE);
  243                 if (acmode & VEXEC)
  244                         mode |= NFSACCESS_LOOKUP;
  245         } else {
  246                 if (acmode & VWRITE)
  247                         mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND);
  248                 if (acmode & VEXEC)
  249                         mode |= NFSACCESS_EXECUTE;
  250         }
  251 
  252         /*
  253          * Now, just call nfsrpc_accessrpc() to do the actual RPC.
  254          */
  255         error = nfsrpc_accessrpc(vp, mode, cred, p, nap, attrflagp, &rmode,
  256             NULL);
  257 
  258         /*
  259          * The NFS V3 spec does not clarify whether or not
  260          * the returned access bits can be a superset of
  261          * the ones requested, so...
  262          */
  263         if (!error && (rmode & mode) != mode)
  264                 error = EACCES;
  265         return (error);
  266 }
  267 
  268 /*
  269  * The actual rpc, separated out for Darwin.
  270  */
  271 APPLESTATIC int
  272 nfsrpc_accessrpc(vnode_t vp, u_int32_t mode, struct ucred *cred,
  273     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, u_int32_t *rmodep,
  274     void *stuff)
  275 {
  276         u_int32_t *tl;
  277         u_int32_t supported, rmode;
  278         int error;
  279         struct nfsrv_descript nfsd, *nd = &nfsd;
  280         nfsattrbit_t attrbits;
  281 
  282         *attrflagp = 0;
  283         supported = mode;
  284         NFSCL_REQSTART(nd, NFSPROC_ACCESS, vp);
  285         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  286         *tl = txdr_unsigned(mode);
  287         if (nd->nd_flag & ND_NFSV4) {
  288                 /*
  289                  * And do a Getattr op.
  290                  */
  291                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  292                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
  293                 NFSGETATTR_ATTRBIT(&attrbits);
  294                 (void) nfsrv_putattrbit(nd, &attrbits);
  295         }
  296         error = nfscl_request(nd, vp, p, cred, stuff);
  297         if (error)
  298                 return (error);
  299         if (nd->nd_flag & ND_NFSV3) {
  300                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
  301                 if (error)
  302                         goto nfsmout;
  303         }
  304         if (!nd->nd_repstat) {
  305                 if (nd->nd_flag & ND_NFSV4) {
  306                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  307                         supported = fxdr_unsigned(u_int32_t, *tl++);
  308                 } else {
  309                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
  310                 }
  311                 rmode = fxdr_unsigned(u_int32_t, *tl);
  312                 if (nd->nd_flag & ND_NFSV4)
  313                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
  314 
  315                 /*
  316                  * It's not obvious what should be done about
  317                  * unsupported access modes. For now, be paranoid
  318                  * and clear the unsupported ones.
  319                  */
  320                 rmode &= supported;
  321                 *rmodep = rmode;
  322         } else
  323                 error = nd->nd_repstat;
  324 nfsmout:
  325         mbuf_freem(nd->nd_mrep);
  326         return (error);
  327 }
  328 
  329 /*
  330  * nfs open rpc
  331  */
  332 APPLESTATIC int
  333 nfsrpc_open(vnode_t vp, int amode, struct ucred *cred, NFSPROC_T *p)
  334 {
  335         struct nfsclopen *op;
  336         struct nfscldeleg *dp;
  337         struct nfsfh *nfhp;
  338         struct nfsnode *np = VTONFS(vp);
  339         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
  340         u_int32_t mode, clidrev;
  341         int ret, newone, error, expireret = 0, retrycnt;
  342 
  343         /*
  344          * For NFSv4, Open Ops are only done on Regular Files.
  345          */
  346         if (vnode_vtype(vp) != VREG)
  347                 return (0);
  348         mode = 0;
  349         if (amode & FREAD)
  350                 mode |= NFSV4OPEN_ACCESSREAD;
  351         if (amode & FWRITE)
  352                 mode |= NFSV4OPEN_ACCESSWRITE;
  353         nfhp = np->n_fhp;
  354 
  355         retrycnt = 0;
  356 #ifdef notdef
  357 { char name[100]; int namel;
  358 namel = (np->n_v4->n4_namelen < 100) ? np->n_v4->n4_namelen : 99;
  359 bcopy(NFS4NODENAME(np->n_v4), name, namel);
  360 name[namel] = '\0';
  361 printf("rpcopen p=0x%x name=%s",p->p_pid,name);
  362 if (nfhp->nfh_len > 0) printf(" fh=0x%x\n",nfhp->nfh_fh[12]);
  363 else printf(" fhl=0\n");
  364 }
  365 #endif
  366         do {
  367             dp = NULL;
  368             error = nfscl_open(vp, nfhp->nfh_fh, nfhp->nfh_len, mode, 1,
  369                 cred, p, NULL, &op, &newone, &ret, 1);
  370             if (error) {
  371                 return (error);
  372             }
  373             if (nmp->nm_clp != NULL)
  374                 clidrev = nmp->nm_clp->nfsc_clientidrev;
  375             else
  376                 clidrev = 0;
  377             if (ret == NFSCLOPEN_DOOPEN) {
  378                 if (np->n_v4 != NULL) {
  379                         /*
  380                          * For the first attempt, try and get a layout, if
  381                          * pNFS is enabled for the mount.
  382                          */
  383                         if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
  384                             nfs_numnfscbd == 0 ||
  385                             (np->n_flag & NNOLAYOUT) != 0 || retrycnt > 0)
  386                                 error = nfsrpc_openrpc(nmp, vp,
  387                                     np->n_v4->n4_data,
  388                                     np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
  389                                     np->n_fhp->nfh_len, mode, op,
  390                                     NFS4NODENAME(np->n_v4),
  391                                     np->n_v4->n4_namelen,
  392                                     &dp, 0, 0x0, cred, p, 0, 0);
  393                         else
  394                                 error = nfsrpc_getopenlayout(nmp, vp,
  395                                     np->n_v4->n4_data,
  396                                     np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
  397                                     np->n_fhp->nfh_len, mode, op,
  398                                     NFS4NODENAME(np->n_v4),
  399                                     np->n_v4->n4_namelen, &dp, cred, p);
  400                         if (dp != NULL) {
  401 #ifdef APPLE
  402                                 OSBitAndAtomic((int32_t)~NDELEGMOD, (UInt32 *)&np->n_flag);
  403 #else
  404                                 NFSLOCKNODE(np);
  405                                 np->n_flag &= ~NDELEGMOD;
  406                                 /*
  407                                  * Invalidate the attribute cache, so that
  408                                  * attributes that pre-date the issue of a
  409                                  * delegation are not cached, since the
  410                                  * cached attributes will remain valid while
  411                                  * the delegation is held.
  412                                  */
  413                                 NFSINVALATTRCACHE(np);
  414                                 NFSUNLOCKNODE(np);
  415 #endif
  416                                 (void) nfscl_deleg(nmp->nm_mountp,
  417                                     op->nfso_own->nfsow_clp,
  418                                     nfhp->nfh_fh, nfhp->nfh_len, cred, p, &dp);
  419                         }
  420                 } else {
  421                         error = EIO;
  422                 }
  423                 newnfs_copyincred(cred, &op->nfso_cred);
  424             } else if (ret == NFSCLOPEN_SETCRED)
  425                 /*
  426                  * This is a new local open on a delegation. It needs
  427                  * to have credentials so that an open can be done
  428                  * against the server during recovery.
  429                  */
  430                 newnfs_copyincred(cred, &op->nfso_cred);
  431 
  432             /*
  433              * nfso_opencnt is the count of how many VOP_OPEN()s have
  434              * been done on this Open successfully and a VOP_CLOSE()
  435              * is expected for each of these.
  436              * If error is non-zero, don't increment it, since the Open
  437              * hasn't succeeded yet.
  438              */
  439             if (!error)
  440                 op->nfso_opencnt++;
  441             nfscl_openrelease(nmp, op, error, newone);
  442             if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
  443                 error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
  444                 error == NFSERR_BADSESSION) {
  445                 (void) nfs_catnap(PZERO, error, "nfs_open");
  446             } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
  447                 && clidrev != 0) {
  448                 expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
  449                 retrycnt++;
  450             }
  451         } while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
  452             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
  453             error == NFSERR_BADSESSION ||
  454             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
  455              expireret == 0 && clidrev != 0 && retrycnt < 4));
  456         if (error && retrycnt >= 4)
  457                 error = EIO;
  458         return (error);
  459 }
  460 
  461 /*
  462  * the actual open rpc
  463  */
  464 APPLESTATIC int
  465 nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp, int fhlen,
  466     u_int8_t *newfhp, int newfhlen, u_int32_t mode, struct nfsclopen *op,
  467     u_int8_t *name, int namelen, struct nfscldeleg **dpp,
  468     int reclaim, u_int32_t delegtype, struct ucred *cred, NFSPROC_T *p,
  469     int syscred, int recursed)
  470 {
  471         u_int32_t *tl;
  472         struct nfsrv_descript nfsd, *nd = &nfsd;
  473         struct nfscldeleg *dp, *ndp = NULL;
  474         struct nfsvattr nfsva;
  475         u_int32_t rflags, deleg;
  476         nfsattrbit_t attrbits;
  477         int error, ret, acesize, limitby;
  478         struct nfsclsession *tsep;
  479 
  480         dp = *dpp;
  481         *dpp = NULL;
  482         nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL, 0, 0);
  483         NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
  484         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  485         *tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
  486         *tl++ = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
  487         tsep = nfsmnt_mdssession(nmp);
  488         *tl++ = tsep->nfsess_clientid.lval[0];
  489         *tl = tsep->nfsess_clientid.lval[1];
  490         (void) nfsm_strtom(nd, op->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN);
  491         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  492         *tl++ = txdr_unsigned(NFSV4OPEN_NOCREATE);
  493         if (reclaim) {
  494                 *tl = txdr_unsigned(NFSV4OPEN_CLAIMPREVIOUS);
  495                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  496                 *tl = txdr_unsigned(delegtype);
  497         } else {
  498                 if (dp != NULL) {
  499                         *tl = txdr_unsigned(NFSV4OPEN_CLAIMDELEGATECUR);
  500                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
  501                         if (NFSHASNFSV4N(nmp))
  502                                 *tl++ = 0;
  503                         else
  504                                 *tl++ = dp->nfsdl_stateid.seqid;
  505                         *tl++ = dp->nfsdl_stateid.other[0];
  506                         *tl++ = dp->nfsdl_stateid.other[1];
  507                         *tl = dp->nfsdl_stateid.other[2];
  508                 } else {
  509                         *tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
  510                 }
  511                 (void) nfsm_strtom(nd, name, namelen);
  512         }
  513         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  514         *tl = txdr_unsigned(NFSV4OP_GETATTR);
  515         NFSZERO_ATTRBIT(&attrbits);
  516         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_CHANGE);
  517         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFY);
  518         (void) nfsrv_putattrbit(nd, &attrbits);
  519         if (syscred)
  520                 nd->nd_flag |= ND_USEGSSNAME;
  521         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
  522             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  523         if (error)
  524                 return (error);
  525         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  526         if (!nd->nd_repstat) {
  527                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
  528                     6 * NFSX_UNSIGNED);
  529                 op->nfso_stateid.seqid = *tl++;
  530                 op->nfso_stateid.other[0] = *tl++;
  531                 op->nfso_stateid.other[1] = *tl++;
  532                 op->nfso_stateid.other[2] = *tl;
  533                 rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
  534                 error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
  535                 if (error)
  536                         goto nfsmout;
  537                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
  538                 deleg = fxdr_unsigned(u_int32_t, *tl);
  539                 if (deleg == NFSV4OPEN_DELEGATEREAD ||
  540                     deleg == NFSV4OPEN_DELEGATEWRITE) {
  541                         if (!(op->nfso_own->nfsow_clp->nfsc_flags &
  542                               NFSCLFLAGS_FIRSTDELEG))
  543                                 op->nfso_own->nfsow_clp->nfsc_flags |=
  544                                   (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
  545                         ndp = malloc(
  546                             sizeof (struct nfscldeleg) + newfhlen,
  547                             M_NFSCLDELEG, M_WAITOK);
  548                         LIST_INIT(&ndp->nfsdl_owner);
  549                         LIST_INIT(&ndp->nfsdl_lock);
  550                         ndp->nfsdl_clp = op->nfso_own->nfsow_clp;
  551                         ndp->nfsdl_fhlen = newfhlen;
  552                         NFSBCOPY(newfhp, ndp->nfsdl_fh, newfhlen);
  553                         newnfs_copyincred(cred, &ndp->nfsdl_cred);
  554                         nfscl_lockinit(&ndp->nfsdl_rwlock);
  555                         NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
  556                             NFSX_UNSIGNED);
  557                         ndp->nfsdl_stateid.seqid = *tl++;
  558                         ndp->nfsdl_stateid.other[0] = *tl++;
  559                         ndp->nfsdl_stateid.other[1] = *tl++;
  560                         ndp->nfsdl_stateid.other[2] = *tl++;
  561                         ret = fxdr_unsigned(int, *tl);
  562                         if (deleg == NFSV4OPEN_DELEGATEWRITE) {
  563                                 ndp->nfsdl_flags = NFSCLDL_WRITE;
  564                                 /*
  565                                  * Indicates how much the file can grow.
  566                                  */
  567                                 NFSM_DISSECT(tl, u_int32_t *,
  568                                     3 * NFSX_UNSIGNED);
  569                                 limitby = fxdr_unsigned(int, *tl++);
  570                                 switch (limitby) {
  571                                 case NFSV4OPEN_LIMITSIZE:
  572                                         ndp->nfsdl_sizelimit = fxdr_hyper(tl);
  573                                         break;
  574                                 case NFSV4OPEN_LIMITBLOCKS:
  575                                         ndp->nfsdl_sizelimit =
  576                                             fxdr_unsigned(u_int64_t, *tl++);
  577                                         ndp->nfsdl_sizelimit *=
  578                                             fxdr_unsigned(u_int64_t, *tl);
  579                                         break;
  580                                 default:
  581                                         error = NFSERR_BADXDR;
  582                                         goto nfsmout;
  583                                 }
  584                         } else {
  585                                 ndp->nfsdl_flags = NFSCLDL_READ;
  586                         }
  587                         if (ret)
  588                                 ndp->nfsdl_flags |= NFSCLDL_RECALL;
  589                         error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret,
  590                             &acesize, p);
  591                         if (error)
  592                                 goto nfsmout;
  593                 } else if (deleg != NFSV4OPEN_DELEGATENONE) {
  594                         error = NFSERR_BADXDR;
  595                         goto nfsmout;
  596                 }
  597                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  598                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
  599                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
  600                     NULL, NULL, NULL, p, cred);
  601                 if (error)
  602                         goto nfsmout;
  603                 if (ndp != NULL) {
  604                         ndp->nfsdl_change = nfsva.na_filerev;
  605                         ndp->nfsdl_modtime = nfsva.na_mtime;
  606                         ndp->nfsdl_flags |= NFSCLDL_MODTIMESET;
  607                 }
  608                 if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM)) {
  609                     do {
  610                         ret = nfsrpc_openconfirm(vp, newfhp, newfhlen, op,
  611                             cred, p);
  612                         if (ret == NFSERR_DELAY)
  613                             (void) nfs_catnap(PZERO, ret, "nfs_open");
  614                     } while (ret == NFSERR_DELAY);
  615                     error = ret;
  616                 }
  617                 if ((rflags & NFSV4OPEN_LOCKTYPEPOSIX) ||
  618                     nfscl_assumeposixlocks)
  619                     op->nfso_posixlock = 1;
  620                 else
  621                     op->nfso_posixlock = 0;
  622 
  623                 /*
  624                  * If the server is handing out delegations, but we didn't
  625                  * get one because an OpenConfirm was required, try the
  626                  * Open again, to get a delegation. This is a harmless no-op,
  627                  * from a server's point of view.
  628                  */
  629                 if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM) &&
  630                     (op->nfso_own->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG)
  631                     && !error && dp == NULL && ndp == NULL && !recursed) {
  632                     do {
  633                         ret = nfsrpc_openrpc(nmp, vp, nfhp, fhlen, newfhp,
  634                             newfhlen, mode, op, name, namelen, &ndp, 0, 0x0,
  635                             cred, p, syscred, 1);
  636                         if (ret == NFSERR_DELAY)
  637                             (void) nfs_catnap(PZERO, ret, "nfs_open2");
  638                     } while (ret == NFSERR_DELAY);
  639                     if (ret) {
  640                         if (ndp != NULL) {
  641                                 free(ndp, M_NFSCLDELEG);
  642                                 ndp = NULL;
  643                         }
  644                         if (ret == NFSERR_STALECLIENTID ||
  645                             ret == NFSERR_STALEDONTRECOVER ||
  646                             ret == NFSERR_BADSESSION)
  647                                 error = ret;
  648                     }
  649                 }
  650         }
  651         if (nd->nd_repstat != 0 && error == 0)
  652                 error = nd->nd_repstat;
  653         if (error == NFSERR_STALECLIENTID)
  654                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  655 nfsmout:
  656         if (!error)
  657                 *dpp = ndp;
  658         else if (ndp != NULL)
  659                 free(ndp, M_NFSCLDELEG);
  660         mbuf_freem(nd->nd_mrep);
  661         return (error);
  662 }
  663 
  664 /*
  665  * open downgrade rpc
  666  */
  667 APPLESTATIC int
  668 nfsrpc_opendowngrade(vnode_t vp, u_int32_t mode, struct nfsclopen *op,
  669     struct ucred *cred, NFSPROC_T *p)
  670 {
  671         u_int32_t *tl;
  672         struct nfsrv_descript nfsd, *nd = &nfsd;
  673         int error;
  674 
  675         NFSCL_REQSTART(nd, NFSPROC_OPENDOWNGRADE, vp);
  676         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 3 * NFSX_UNSIGNED);
  677         if (NFSHASNFSV4N(VFSTONFS(vnode_mount(vp))))
  678                 *tl++ = 0;
  679         else
  680                 *tl++ = op->nfso_stateid.seqid;
  681         *tl++ = op->nfso_stateid.other[0];
  682         *tl++ = op->nfso_stateid.other[1];
  683         *tl++ = op->nfso_stateid.other[2];
  684         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  685         *tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
  686         *tl = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
  687         error = nfscl_request(nd, vp, p, cred, NULL);
  688         if (error)
  689                 return (error);
  690         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  691         if (!nd->nd_repstat) {
  692                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  693                 op->nfso_stateid.seqid = *tl++;
  694                 op->nfso_stateid.other[0] = *tl++;
  695                 op->nfso_stateid.other[1] = *tl++;
  696                 op->nfso_stateid.other[2] = *tl;
  697         }
  698         if (nd->nd_repstat && error == 0)
  699                 error = nd->nd_repstat;
  700         if (error == NFSERR_STALESTATEID)
  701                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  702 nfsmout:
  703         mbuf_freem(nd->nd_mrep);
  704         return (error);
  705 }
  706 
  707 /*
  708  * V4 Close operation.
  709  */
  710 APPLESTATIC int
  711 nfsrpc_close(vnode_t vp, int doclose, NFSPROC_T *p)
  712 {
  713         struct nfsclclient *clp;
  714         int error;
  715 
  716         if (vnode_vtype(vp) != VREG)
  717                 return (0);
  718         if (doclose)
  719                 error = nfscl_doclose(vp, &clp, p);
  720         else
  721                 error = nfscl_getclose(vp, &clp);
  722         if (error)
  723                 return (error);
  724 
  725         nfscl_clientrelease(clp);
  726         return (0);
  727 }
  728 
  729 /*
  730  * Close the open.
  731  */
  732 APPLESTATIC void
  733 nfsrpc_doclose(struct nfsmount *nmp, struct nfsclopen *op, NFSPROC_T *p)
  734 {
  735         struct nfsrv_descript nfsd, *nd = &nfsd;
  736         struct nfscllockowner *lp, *nlp;
  737         struct nfscllock *lop, *nlop;
  738         struct ucred *tcred;
  739         u_int64_t off = 0, len = 0;
  740         u_int32_t type = NFSV4LOCKT_READ;
  741         int error, do_unlock, trycnt;
  742 
  743         tcred = newnfs_getcred();
  744         newnfs_copycred(&op->nfso_cred, tcred);
  745         /*
  746          * (Theoretically this could be done in the same
  747          *  compound as the close, but having multiple
  748          *  sequenced Ops in the same compound might be
  749          *  too scary for some servers.)
  750          */
  751         if (op->nfso_posixlock) {
  752                 off = 0;
  753                 len = NFS64BITSSET;
  754                 type = NFSV4LOCKT_READ;
  755         }
  756 
  757         /*
  758          * Since this function is only called from VOP_INACTIVE(), no
  759          * other thread will be manipulating this Open. As such, the
  760          * lock lists are not being changed by other threads, so it should
  761          * be safe to do this without locking.
  762          */
  763         LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
  764                 do_unlock = 1;
  765                 LIST_FOREACH_SAFE(lop, &lp->nfsl_lock, nfslo_list, nlop) {
  766                         if (op->nfso_posixlock == 0) {
  767                                 off = lop->nfslo_first;
  768                                 len = lop->nfslo_end - lop->nfslo_first;
  769                                 if (lop->nfslo_type == F_WRLCK)
  770                                         type = NFSV4LOCKT_WRITE;
  771                                 else
  772                                         type = NFSV4LOCKT_READ;
  773                         }
  774                         if (do_unlock) {
  775                                 trycnt = 0;
  776                                 do {
  777                                         error = nfsrpc_locku(nd, nmp, lp, off,
  778                                             len, type, tcred, p, 0);
  779                                         if ((nd->nd_repstat == NFSERR_GRACE ||
  780                                             nd->nd_repstat == NFSERR_DELAY) &&
  781                                             error == 0)
  782                                                 (void) nfs_catnap(PZERO,
  783                                                     (int)nd->nd_repstat,
  784                                                     "nfs_close");
  785                                 } while ((nd->nd_repstat == NFSERR_GRACE ||
  786                                     nd->nd_repstat == NFSERR_DELAY) &&
  787                                     error == 0 && trycnt++ < 5);
  788                                 if (op->nfso_posixlock)
  789                                         do_unlock = 0;
  790                         }
  791                         nfscl_freelock(lop, 0);
  792                 }
  793                 /*
  794                  * Do a ReleaseLockOwner.
  795                  * The lock owner name nfsl_owner may be used by other opens for
  796                  * other files but the lock_owner4 name that nfsrpc_rellockown()
  797                  * puts on the wire has the file handle for this file appended
  798                  * to it, so it can be done now.
  799                  */
  800                 (void)nfsrpc_rellockown(nmp, lp, lp->nfsl_open->nfso_fh,
  801                     lp->nfsl_open->nfso_fhlen, tcred, p);
  802         }
  803 
  804         /*
  805          * There could be other Opens for different files on the same
  806          * OpenOwner, so locking is required.
  807          */
  808         NFSLOCKCLSTATE();
  809         nfscl_lockexcl(&op->nfso_own->nfsow_rwlock, NFSCLSTATEMUTEXPTR);
  810         NFSUNLOCKCLSTATE();
  811         do {
  812                 error = nfscl_tryclose(op, tcred, nmp, p);
  813                 if (error == NFSERR_GRACE)
  814                         (void) nfs_catnap(PZERO, error, "nfs_close");
  815         } while (error == NFSERR_GRACE);
  816         NFSLOCKCLSTATE();
  817         nfscl_lockunlock(&op->nfso_own->nfsow_rwlock);
  818 
  819         LIST_FOREACH_SAFE(lp, &op->nfso_lock, nfsl_list, nlp)
  820                 nfscl_freelockowner(lp, 0);
  821         nfscl_freeopen(op, 0);
  822         NFSUNLOCKCLSTATE();
  823         NFSFREECRED(tcred);
  824 }
  825 
  826 /*
  827  * The actual Close RPC.
  828  */
  829 APPLESTATIC int
  830 nfsrpc_closerpc(struct nfsrv_descript *nd, struct nfsmount *nmp,
  831     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p,
  832     int syscred)
  833 {
  834         u_int32_t *tl;
  835         int error;
  836 
  837         nfscl_reqstart(nd, NFSPROC_CLOSE, nmp, op->nfso_fh,
  838             op->nfso_fhlen, NULL, NULL, 0, 0);
  839         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
  840         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  841         if (NFSHASNFSV4N(nmp))
  842                 *tl++ = 0;
  843         else
  844                 *tl++ = op->nfso_stateid.seqid;
  845         *tl++ = op->nfso_stateid.other[0];
  846         *tl++ = op->nfso_stateid.other[1];
  847         *tl = op->nfso_stateid.other[2];
  848         if (syscred)
  849                 nd->nd_flag |= ND_USEGSSNAME;
  850         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
  851             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  852         if (error)
  853                 return (error);
  854         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  855         if (nd->nd_repstat == 0)
  856                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  857         error = nd->nd_repstat;
  858         if (error == NFSERR_STALESTATEID)
  859                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  860 nfsmout:
  861         mbuf_freem(nd->nd_mrep);
  862         return (error);
  863 }
  864 
  865 /*
  866  * V4 Open Confirm RPC.
  867  */
  868 APPLESTATIC int
  869 nfsrpc_openconfirm(vnode_t vp, u_int8_t *nfhp, int fhlen,
  870     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p)
  871 {
  872         u_int32_t *tl;
  873         struct nfsrv_descript nfsd, *nd = &nfsd;
  874         struct nfsmount *nmp;
  875         int error;
  876 
  877         nmp = VFSTONFS(vnode_mount(vp));
  878         if (NFSHASNFSV4N(nmp))
  879                 return (0);             /* No confirmation for NFSv4.1. */
  880         nfscl_reqstart(nd, NFSPROC_OPENCONFIRM, nmp, nfhp, fhlen, NULL, NULL,
  881             0, 0);
  882         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
  883         *tl++ = op->nfso_stateid.seqid;
  884         *tl++ = op->nfso_stateid.other[0];
  885         *tl++ = op->nfso_stateid.other[1];
  886         *tl++ = op->nfso_stateid.other[2];
  887         *tl = txdr_unsigned(op->nfso_own->nfsow_seqid);
  888         error = nfscl_request(nd, vp, p, cred, NULL);
  889         if (error)
  890                 return (error);
  891         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  892         if (!nd->nd_repstat) {
  893                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  894                 op->nfso_stateid.seqid = *tl++;
  895                 op->nfso_stateid.other[0] = *tl++;
  896                 op->nfso_stateid.other[1] = *tl++;
  897                 op->nfso_stateid.other[2] = *tl;
  898         }
  899         error = nd->nd_repstat;
  900         if (error == NFSERR_STALESTATEID)
  901                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  902 nfsmout:
  903         mbuf_freem(nd->nd_mrep);
  904         return (error);
  905 }
  906 
  907 /*
  908  * Do the setclientid and setclientid confirm RPCs. Called from nfs_statfs()
  909  * when a mount has just occurred and when the server replies NFSERR_EXPIRED.
  910  */
  911 APPLESTATIC int
  912 nfsrpc_setclient(struct nfsmount *nmp, struct nfsclclient *clp, int reclaim,
  913     struct ucred *cred, NFSPROC_T *p)
  914 {
  915         u_int32_t *tl;
  916         struct nfsrv_descript nfsd;
  917         struct nfsrv_descript *nd = &nfsd;
  918         nfsattrbit_t attrbits;
  919         u_int8_t *cp = NULL, *cp2, addr[INET6_ADDRSTRLEN + 9];
  920         u_short port;
  921         int error, isinet6 = 0, callblen;
  922         nfsquad_t confirm;
  923         u_int32_t lease;
  924         static u_int32_t rev = 0;
  925         struct nfsclds *dsp;
  926         struct in6_addr a6;
  927         struct nfsclsession *tsep;
  928 
  929         if (nfsboottime.tv_sec == 0)
  930                 NFSSETBOOTTIME(nfsboottime);
  931         clp->nfsc_rev = rev++;
  932         if (NFSHASNFSV4N(nmp)) {
  933                 /*
  934                  * Either there was no previous session or the
  935                  * previous session has failed, so...
  936                  * do an ExchangeID followed by the CreateSession.
  937                  */
  938                 error = nfsrpc_exchangeid(nmp, clp, &nmp->nm_sockreq,
  939                     NFSV4EXCH_USEPNFSMDS | NFSV4EXCH_USENONPNFS, &dsp, cred, p);
  940                 NFSCL_DEBUG(1, "aft exch=%d\n", error);
  941                 if (error == 0)
  942                         error = nfsrpc_createsession(nmp, &dsp->nfsclds_sess,
  943                             &nmp->nm_sockreq,
  944                             dsp->nfsclds_sess.nfsess_sequenceid, 1, cred, p);
  945                 if (error == 0) {
  946                         NFSLOCKMNT(nmp);
  947                         /*
  948                          * The old sessions cannot be safely free'd
  949                          * here, since they may still be used by
  950                          * in-progress RPCs.
  951                          */
  952                         tsep = NULL;
  953                         if (TAILQ_FIRST(&nmp->nm_sess) != NULL)
  954                                 tsep = NFSMNT_MDSSESSION(nmp);
  955                         TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp,
  956                             nfsclds_list);
  957                         /*
  958                          * Wake up RPCs waiting for a slot on the
  959                          * old session. These will then fail with
  960                          * NFSERR_BADSESSION and be retried with the
  961                          * new session by nfsv4_setsequence().
  962                          * Also wakeup() processes waiting for the
  963                          * new session.
  964                          */
  965                         if (tsep != NULL)
  966                                 wakeup(&tsep->nfsess_slots);
  967                         wakeup(&nmp->nm_sess);
  968                         NFSUNLOCKMNT(nmp);
  969                 } else
  970                         nfscl_freenfsclds(dsp);
  971                 NFSCL_DEBUG(1, "aft createsess=%d\n", error);
  972                 if (error == 0 && reclaim == 0) {
  973                         error = nfsrpc_reclaimcomplete(nmp, cred, p);
  974                         NFSCL_DEBUG(1, "aft reclaimcomp=%d\n", error);
  975                         if (error == NFSERR_COMPLETEALREADY ||
  976                             error == NFSERR_NOTSUPP)
  977                                 /* Ignore this error. */
  978                                 error = 0;
  979                 }
  980                 return (error);
  981         }
  982 
  983         /*
  984          * Allocate a single session structure for NFSv4.0, because some of
  985          * the fields are used by NFSv4.0 although it doesn't do a session.
  986          */
  987         dsp = malloc(sizeof(struct nfsclds), M_NFSCLDS, M_WAITOK | M_ZERO);
  988         mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
  989         mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession", NULL, MTX_DEF);
  990         NFSLOCKMNT(nmp);
  991         TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp, nfsclds_list);
  992         tsep = NFSMNT_MDSSESSION(nmp);
  993         NFSUNLOCKMNT(nmp);
  994 
  995         nfscl_reqstart(nd, NFSPROC_SETCLIENTID, nmp, NULL, 0, NULL, NULL, 0, 0);
  996         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  997         *tl++ = txdr_unsigned(nfsboottime.tv_sec);
  998         *tl = txdr_unsigned(clp->nfsc_rev);
  999         (void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
 1000 
 1001         /*
 1002          * set up the callback address
 1003          */
 1004         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1005         *tl = txdr_unsigned(NFS_CALLBCKPROG);
 1006         callblen = strlen(nfsv4_callbackaddr);
 1007         if (callblen == 0)
 1008                 cp = nfscl_getmyip(nmp, &a6, &isinet6);
 1009         if (nfscl_enablecallb && nfs_numnfscbd > 0 &&
 1010             (callblen > 0 || cp != NULL)) {
 1011                 port = htons(nfsv4_cbport);
 1012                 cp2 = (u_int8_t *)&port;
 1013 #ifdef INET6
 1014                 if ((callblen > 0 &&
 1015                      strchr(nfsv4_callbackaddr, ':')) || isinet6) {
 1016                         char ip6buf[INET6_ADDRSTRLEN], *ip6add;
 1017 
 1018                         (void) nfsm_strtom(nd, "tcp6", 4);
 1019                         if (callblen == 0) {
 1020                                 ip6_sprintf(ip6buf, (struct in6_addr *)cp);
 1021                                 ip6add = ip6buf;
 1022                         } else {
 1023                                 ip6add = nfsv4_callbackaddr;
 1024                         }
 1025                         snprintf(addr, INET6_ADDRSTRLEN + 9, "%s.%d.%d",
 1026                             ip6add, cp2[0], cp2[1]);
 1027                 } else
 1028 #endif
 1029                 {
 1030                         (void) nfsm_strtom(nd, "tcp", 3);
 1031                         if (callblen == 0)
 1032                                 snprintf(addr, INET6_ADDRSTRLEN + 9,
 1033                                     "%d.%d.%d.%d.%d.%d", cp[0], cp[1],
 1034                                     cp[2], cp[3], cp2[0], cp2[1]);
 1035                         else
 1036                                 snprintf(addr, INET6_ADDRSTRLEN + 9,
 1037                                     "%s.%d.%d", nfsv4_callbackaddr,
 1038                                     cp2[0], cp2[1]);
 1039                 }
 1040                 (void) nfsm_strtom(nd, addr, strlen(addr));
 1041         } else {
 1042                 (void) nfsm_strtom(nd, "tcp", 3);
 1043                 (void) nfsm_strtom(nd, "0.0.0.0.0.0", 11);
 1044         }
 1045         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1046         *tl = txdr_unsigned(clp->nfsc_cbident);
 1047         nd->nd_flag |= ND_USEGSSNAME;
 1048         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 1049                 NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 1050         if (error)
 1051                 return (error);
 1052         if (nd->nd_repstat == 0) {
 1053             NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1054             tsep->nfsess_clientid.lval[0] = *tl++;
 1055             tsep->nfsess_clientid.lval[1] = *tl++;
 1056             confirm.lval[0] = *tl++;
 1057             confirm.lval[1] = *tl;
 1058             mbuf_freem(nd->nd_mrep);
 1059             nd->nd_mrep = NULL;
 1060 
 1061             /*
 1062              * and confirm it.
 1063              */
 1064             nfscl_reqstart(nd, NFSPROC_SETCLIENTIDCFRM, nmp, NULL, 0, NULL,
 1065                 NULL, 0, 0);
 1066             NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1067             *tl++ = tsep->nfsess_clientid.lval[0];
 1068             *tl++ = tsep->nfsess_clientid.lval[1];
 1069             *tl++ = confirm.lval[0];
 1070             *tl = confirm.lval[1];
 1071             nd->nd_flag |= ND_USEGSSNAME;
 1072             error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p,
 1073                 cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 1074             if (error)
 1075                 return (error);
 1076             mbuf_freem(nd->nd_mrep);
 1077             nd->nd_mrep = NULL;
 1078             if (nd->nd_repstat == 0) {
 1079                 nfscl_reqstart(nd, NFSPROC_GETATTR, nmp, nmp->nm_fh,
 1080                     nmp->nm_fhsize, NULL, NULL, 0, 0);
 1081                 NFSZERO_ATTRBIT(&attrbits);
 1082                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_LEASETIME);
 1083                 (void) nfsrv_putattrbit(nd, &attrbits);
 1084                 nd->nd_flag |= ND_USEGSSNAME;
 1085                 error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p,
 1086                     cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 1087                 if (error)
 1088                     return (error);
 1089                 if (nd->nd_repstat == 0) {
 1090                     error = nfsv4_loadattr(nd, NULL, NULL, NULL, NULL, 0, NULL,
 1091                         NULL, NULL, NULL, NULL, 0, NULL, &lease, NULL, p, cred);
 1092                     if (error)
 1093                         goto nfsmout;
 1094                     clp->nfsc_renew = NFSCL_RENEW(lease);
 1095                     clp->nfsc_expire = NFSD_MONOSEC + clp->nfsc_renew;
 1096                     clp->nfsc_clientidrev++;
 1097                     if (clp->nfsc_clientidrev == 0)
 1098                         clp->nfsc_clientidrev++;
 1099                 }
 1100             }
 1101         }
 1102         error = nd->nd_repstat;
 1103 nfsmout:
 1104         mbuf_freem(nd->nd_mrep);
 1105         return (error);
 1106 }
 1107 
 1108 /*
 1109  * nfs getattr call.
 1110  */
 1111 APPLESTATIC int
 1112 nfsrpc_getattr(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 1113     struct nfsvattr *nap, void *stuff)
 1114 {
 1115         struct nfsrv_descript nfsd, *nd = &nfsd;
 1116         int error;
 1117         nfsattrbit_t attrbits;
 1118         
 1119         NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
 1120         if (nd->nd_flag & ND_NFSV4) {
 1121                 NFSGETATTR_ATTRBIT(&attrbits);
 1122                 (void) nfsrv_putattrbit(nd, &attrbits);
 1123         }
 1124         error = nfscl_request(nd, vp, p, cred, stuff);
 1125         if (error)
 1126                 return (error);
 1127         if (!nd->nd_repstat)
 1128                 error = nfsm_loadattr(nd, nap);
 1129         else
 1130                 error = nd->nd_repstat;
 1131         mbuf_freem(nd->nd_mrep);
 1132         return (error);
 1133 }
 1134 
 1135 /*
 1136  * nfs getattr call with non-vnode arguemnts.
 1137  */
 1138 APPLESTATIC int
 1139 nfsrpc_getattrnovp(struct nfsmount *nmp, u_int8_t *fhp, int fhlen, int syscred,
 1140     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, u_int64_t *xidp,
 1141     uint32_t *leasep)
 1142 {
 1143         struct nfsrv_descript nfsd, *nd = &nfsd;
 1144         int error, vers = NFS_VER2;
 1145         nfsattrbit_t attrbits;
 1146         
 1147         nfscl_reqstart(nd, NFSPROC_GETATTR, nmp, fhp, fhlen, NULL, NULL, 0, 0);
 1148         if (nd->nd_flag & ND_NFSV4) {
 1149                 vers = NFS_VER4;
 1150                 NFSGETATTR_ATTRBIT(&attrbits);
 1151                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_LEASETIME);
 1152                 (void) nfsrv_putattrbit(nd, &attrbits);
 1153         } else if (nd->nd_flag & ND_NFSV3) {
 1154                 vers = NFS_VER3;
 1155         }
 1156         if (syscred)
 1157                 nd->nd_flag |= ND_USEGSSNAME;
 1158         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 1159             NFS_PROG, vers, NULL, 1, xidp, NULL);
 1160         if (error)
 1161                 return (error);
 1162         if (nd->nd_repstat == 0) {
 1163                 if ((nd->nd_flag & ND_NFSV4) != 0)
 1164                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 1165                             NULL, NULL, NULL, NULL, NULL, 0, NULL, leasep, NULL,
 1166                             NULL, NULL);
 1167                 else
 1168                         error = nfsm_loadattr(nd, nap);
 1169         } else
 1170                 error = nd->nd_repstat;
 1171         mbuf_freem(nd->nd_mrep);
 1172         return (error);
 1173 }
 1174 
 1175 /*
 1176  * Do an nfs setattr operation.
 1177  */
 1178 APPLESTATIC int
 1179 nfsrpc_setattr(vnode_t vp, struct vattr *vap, NFSACL_T *aclp,
 1180     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *rnap, int *attrflagp,
 1181     void *stuff)
 1182 {
 1183         int error, expireret = 0, openerr, retrycnt;
 1184         u_int32_t clidrev = 0, mode;
 1185         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1186         struct nfsfh *nfhp;
 1187         nfsv4stateid_t stateid;
 1188         void *lckp;
 1189 
 1190         if (nmp->nm_clp != NULL)
 1191                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1192         if (vap != NULL && NFSATTRISSET(u_quad_t, vap, va_size))
 1193                 mode = NFSV4OPEN_ACCESSWRITE;
 1194         else
 1195                 mode = NFSV4OPEN_ACCESSREAD;
 1196         retrycnt = 0;
 1197         do {
 1198                 lckp = NULL;
 1199                 openerr = 1;
 1200                 if (NFSHASNFSV4(nmp)) {
 1201                         nfhp = VTONFS(vp)->n_fhp;
 1202                         error = nfscl_getstateid(vp, nfhp->nfh_fh,
 1203                             nfhp->nfh_len, mode, 0, cred, p, &stateid, &lckp);
 1204                         if (error && vnode_vtype(vp) == VREG &&
 1205                             (mode == NFSV4OPEN_ACCESSWRITE ||
 1206                              nfstest_openallsetattr)) {
 1207                                 /*
 1208                                  * No Open stateid, so try and open the file
 1209                                  * now.
 1210                                  */
 1211                                 if (mode == NFSV4OPEN_ACCESSWRITE)
 1212                                         openerr = nfsrpc_open(vp, FWRITE, cred,
 1213                                             p);
 1214                                 else
 1215                                         openerr = nfsrpc_open(vp, FREAD, cred,
 1216                                             p);
 1217                                 if (!openerr)
 1218                                         (void) nfscl_getstateid(vp,
 1219                                             nfhp->nfh_fh, nfhp->nfh_len,
 1220                                             mode, 0, cred, p, &stateid, &lckp);
 1221                         }
 1222                 }
 1223                 if (vap != NULL)
 1224                         error = nfsrpc_setattrrpc(vp, vap, &stateid, cred, p,
 1225                             rnap, attrflagp, stuff);
 1226                 else
 1227                         error = nfsrpc_setaclrpc(vp, cred, p, aclp, &stateid,
 1228                             stuff);
 1229                 if (error == NFSERR_OPENMODE && mode == NFSV4OPEN_ACCESSREAD) {
 1230                         NFSLOCKMNT(nmp);
 1231                         nmp->nm_state |= NFSSTA_OPENMODE;
 1232                         NFSUNLOCKMNT(nmp);
 1233                 }
 1234                 if (error == NFSERR_STALESTATEID)
 1235                         nfscl_initiate_recovery(nmp->nm_clp);
 1236                 if (lckp != NULL)
 1237                         nfscl_lockderef(lckp);
 1238                 if (!openerr)
 1239                         (void) nfsrpc_close(vp, 0, p);
 1240                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1241                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1242                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1243                         (void) nfs_catnap(PZERO, error, "nfs_setattr");
 1244                 } else if ((error == NFSERR_EXPIRED ||
 1245                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1246                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1247                 }
 1248                 retrycnt++;
 1249         } while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1250             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1251             error == NFSERR_BADSESSION ||
 1252             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1253             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1254              expireret == 0 && clidrev != 0 && retrycnt < 4) ||
 1255             (error == NFSERR_OPENMODE && mode == NFSV4OPEN_ACCESSREAD &&
 1256              retrycnt < 4));
 1257         if (error && retrycnt >= 4)
 1258                 error = EIO;
 1259         return (error);
 1260 }
 1261 
 1262 static int
 1263 nfsrpc_setattrrpc(vnode_t vp, struct vattr *vap,
 1264     nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
 1265     struct nfsvattr *rnap, int *attrflagp, void *stuff)
 1266 {
 1267         u_int32_t *tl;
 1268         struct nfsrv_descript nfsd, *nd = &nfsd;
 1269         int error;
 1270         nfsattrbit_t attrbits;
 1271 
 1272         *attrflagp = 0;
 1273         NFSCL_REQSTART(nd, NFSPROC_SETATTR, vp);
 1274         if (nd->nd_flag & ND_NFSV4)
 1275                 nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1276         vap->va_type = vnode_vtype(vp);
 1277         nfscl_fillsattr(nd, vap, vp, NFSSATTR_FULL, 0);
 1278         if (nd->nd_flag & ND_NFSV3) {
 1279                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1280                 *tl = newnfs_false;
 1281         } else if (nd->nd_flag & ND_NFSV4) {
 1282                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1283                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1284                 NFSGETATTR_ATTRBIT(&attrbits);
 1285                 (void) nfsrv_putattrbit(nd, &attrbits);
 1286         }
 1287         error = nfscl_request(nd, vp, p, cred, stuff);
 1288         if (error)
 1289                 return (error);
 1290         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 1291                 error = nfscl_wcc_data(nd, vp, rnap, attrflagp, NULL, stuff);
 1292         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 && !error)
 1293                 error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 1294         if (!(nd->nd_flag & ND_NFSV3) && !nd->nd_repstat && !error)
 1295                 error = nfscl_postop_attr(nd, rnap, attrflagp, stuff);
 1296         mbuf_freem(nd->nd_mrep);
 1297         if (nd->nd_repstat && !error)
 1298                 error = nd->nd_repstat;
 1299         return (error);
 1300 }
 1301 
 1302 /*
 1303  * nfs lookup rpc
 1304  */
 1305 APPLESTATIC int
 1306 nfsrpc_lookup(vnode_t dvp, char *name, int len, struct ucred *cred,
 1307     NFSPROC_T *p, struct nfsvattr *dnap, struct nfsvattr *nap,
 1308     struct nfsfh **nfhpp, int *attrflagp, int *dattrflagp, void *stuff)
 1309 {
 1310         u_int32_t *tl;
 1311         struct nfsrv_descript nfsd, *nd = &nfsd;
 1312         struct nfsmount *nmp;
 1313         struct nfsnode *np;
 1314         struct nfsfh *nfhp;
 1315         nfsattrbit_t attrbits;
 1316         int error = 0, lookupp = 0;
 1317 
 1318         *attrflagp = 0;
 1319         *dattrflagp = 0;
 1320         if (vnode_vtype(dvp) != VDIR)
 1321                 return (ENOTDIR);
 1322         nmp = VFSTONFS(vnode_mount(dvp));
 1323         if (len > NFS_MAXNAMLEN)
 1324                 return (ENAMETOOLONG);
 1325         if (NFSHASNFSV4(nmp) && len == 1 &&
 1326                 name[0] == '.') {
 1327                 /*
 1328                  * Just return the current dir's fh.
 1329                  */
 1330                 np = VTONFS(dvp);
 1331                 nfhp = malloc(sizeof (struct nfsfh) +
 1332                         np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
 1333                 nfhp->nfh_len = np->n_fhp->nfh_len;
 1334                 NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
 1335                 *nfhpp = nfhp;
 1336                 return (0);
 1337         }
 1338         if (NFSHASNFSV4(nmp) && len == 2 &&
 1339                 name[0] == '.' && name[1] == '.') {
 1340                 lookupp = 1;
 1341                 NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, dvp);
 1342         } else {
 1343                 NFSCL_REQSTART(nd, NFSPROC_LOOKUP, dvp);
 1344                 (void) nfsm_strtom(nd, name, len);
 1345         }
 1346         if (nd->nd_flag & ND_NFSV4) {
 1347                 NFSGETATTR_ATTRBIT(&attrbits);
 1348                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1349                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 1350                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1351                 (void) nfsrv_putattrbit(nd, &attrbits);
 1352         }
 1353         error = nfscl_request(nd, dvp, p, cred, stuff);
 1354         if (error)
 1355                 return (error);
 1356         if (nd->nd_repstat) {
 1357                 /*
 1358                  * When an NFSv4 Lookupp returns ENOENT, it means that
 1359                  * the lookup is at the root of an fs, so return this dir.
 1360                  */
 1361                 if (nd->nd_repstat == NFSERR_NOENT && lookupp) {
 1362                     np = VTONFS(dvp);
 1363                     nfhp = malloc(sizeof (struct nfsfh) +
 1364                         np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
 1365                     nfhp->nfh_len = np->n_fhp->nfh_len;
 1366                     NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
 1367                     *nfhpp = nfhp;
 1368                     mbuf_freem(nd->nd_mrep);
 1369                     return (0);
 1370                 }
 1371                 if (nd->nd_flag & ND_NFSV3)
 1372                     error = nfscl_postop_attr(nd, dnap, dattrflagp, stuff);
 1373                 else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 1374                     ND_NFSV4) {
 1375                         /* Load the directory attributes. */
 1376                         error = nfsm_loadattr(nd, dnap);
 1377                         if (error == 0)
 1378                                 *dattrflagp = 1;
 1379                 }
 1380                 goto nfsmout;
 1381         }
 1382         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 1383                 /* Load the directory attributes. */
 1384                 error = nfsm_loadattr(nd, dnap);
 1385                 if (error != 0)
 1386                         goto nfsmout;
 1387                 *dattrflagp = 1;
 1388                 /* Skip over the Lookup and GetFH operation status values. */
 1389                 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1390         }
 1391         error = nfsm_getfh(nd, nfhpp);
 1392         if (error)
 1393                 goto nfsmout;
 1394 
 1395         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1396         if ((nd->nd_flag & ND_NFSV3) && !error)
 1397                 error = nfscl_postop_attr(nd, dnap, dattrflagp, stuff);
 1398 nfsmout:
 1399         mbuf_freem(nd->nd_mrep);
 1400         if (!error && nd->nd_repstat)
 1401                 error = nd->nd_repstat;
 1402         return (error);
 1403 }
 1404 
 1405 /*
 1406  * Do a readlink rpc.
 1407  */
 1408 APPLESTATIC int
 1409 nfsrpc_readlink(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1410     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1411 {
 1412         u_int32_t *tl;
 1413         struct nfsrv_descript nfsd, *nd = &nfsd;
 1414         struct nfsnode *np = VTONFS(vp);
 1415         nfsattrbit_t attrbits;
 1416         int error, len, cangetattr = 1;
 1417 
 1418         *attrflagp = 0;
 1419         NFSCL_REQSTART(nd, NFSPROC_READLINK, vp);
 1420         if (nd->nd_flag & ND_NFSV4) {
 1421                 /*
 1422                  * And do a Getattr op.
 1423                  */
 1424                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1425                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1426                 NFSGETATTR_ATTRBIT(&attrbits);
 1427                 (void) nfsrv_putattrbit(nd, &attrbits);
 1428         }
 1429         error = nfscl_request(nd, vp, p, cred, stuff);
 1430         if (error)
 1431                 return (error);
 1432         if (nd->nd_flag & ND_NFSV3)
 1433                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1434         if (!nd->nd_repstat && !error) {
 1435                 NFSM_STRSIZ(len, NFS_MAXPATHLEN);
 1436                 /*
 1437                  * This seems weird to me, but must have been added to
 1438                  * FreeBSD for some reason. The only thing I can think of
 1439                  * is that there was/is some server that replies with
 1440                  * more link data than it should?
 1441                  */
 1442                 if (len == NFS_MAXPATHLEN) {
 1443                         NFSLOCKNODE(np);
 1444                         if (np->n_size > 0 && np->n_size < NFS_MAXPATHLEN) {
 1445                                 len = np->n_size;
 1446                                 cangetattr = 0;
 1447                         }
 1448                         NFSUNLOCKNODE(np);
 1449                 }
 1450                 error = nfsm_mbufuio(nd, uiop, len);
 1451                 if ((nd->nd_flag & ND_NFSV4) && !error && cangetattr)
 1452                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1453         }
 1454         if (nd->nd_repstat && !error)
 1455                 error = nd->nd_repstat;
 1456 nfsmout:
 1457         mbuf_freem(nd->nd_mrep);
 1458         return (error);
 1459 }
 1460 
 1461 /*
 1462  * Read operation.
 1463  */
 1464 APPLESTATIC int
 1465 nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1466     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1467 {
 1468         int error, expireret = 0, retrycnt;
 1469         u_int32_t clidrev = 0;
 1470         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1471         struct nfsnode *np = VTONFS(vp);
 1472         struct ucred *newcred;
 1473         struct nfsfh *nfhp = NULL;
 1474         nfsv4stateid_t stateid;
 1475         void *lckp;
 1476 
 1477         if (nmp->nm_clp != NULL)
 1478                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1479         newcred = cred;
 1480         if (NFSHASNFSV4(nmp)) {
 1481                 nfhp = np->n_fhp;
 1482                 newcred = NFSNEWCRED(cred);
 1483         }
 1484         retrycnt = 0;
 1485         do {
 1486                 lckp = NULL;
 1487                 if (NFSHASNFSV4(nmp))
 1488                         (void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
 1489                             NFSV4OPEN_ACCESSREAD, 0, newcred, p, &stateid,
 1490                             &lckp);
 1491                 error = nfsrpc_readrpc(vp, uiop, newcred, &stateid, p, nap,
 1492                     attrflagp, stuff);
 1493                 if (error == NFSERR_OPENMODE) {
 1494                         NFSLOCKMNT(nmp);
 1495                         nmp->nm_state |= NFSSTA_OPENMODE;
 1496                         NFSUNLOCKMNT(nmp);
 1497                 }
 1498                 if (error == NFSERR_STALESTATEID)
 1499                         nfscl_initiate_recovery(nmp->nm_clp);
 1500                 if (lckp != NULL)
 1501                         nfscl_lockderef(lckp);
 1502                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1503                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1504                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1505                         (void) nfs_catnap(PZERO, error, "nfs_read");
 1506                 } else if ((error == NFSERR_EXPIRED ||
 1507                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1508                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1509                 }
 1510                 retrycnt++;
 1511         } while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1512             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1513             error == NFSERR_BADSESSION ||
 1514             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1515             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1516              expireret == 0 && clidrev != 0 && retrycnt < 4) ||
 1517             (error == NFSERR_OPENMODE && retrycnt < 4));
 1518         if (error && retrycnt >= 4)
 1519                 error = EIO;
 1520         if (NFSHASNFSV4(nmp))
 1521                 NFSFREECRED(newcred);
 1522         return (error);
 1523 }
 1524 
 1525 /*
 1526  * The actual read RPC.
 1527  */
 1528 static int
 1529 nfsrpc_readrpc(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1530     nfsv4stateid_t *stateidp, NFSPROC_T *p, struct nfsvattr *nap,
 1531     int *attrflagp, void *stuff)
 1532 {
 1533         u_int32_t *tl;
 1534         int error = 0, len, retlen, tsiz, eof = 0;
 1535         struct nfsrv_descript nfsd;
 1536         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1537         struct nfsrv_descript *nd = &nfsd;
 1538         int rsize;
 1539         off_t tmp_off;
 1540 
 1541         *attrflagp = 0;
 1542         tsiz = uio_uio_resid(uiop);
 1543         tmp_off = uiop->uio_offset + tsiz;
 1544         NFSLOCKMNT(nmp);
 1545         if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
 1546                 NFSUNLOCKMNT(nmp);
 1547                 return (EFBIG);
 1548         }
 1549         rsize = nmp->nm_rsize;
 1550         NFSUNLOCKMNT(nmp);
 1551         nd->nd_mrep = NULL;
 1552         while (tsiz > 0) {
 1553                 *attrflagp = 0;
 1554                 len = (tsiz > rsize) ? rsize : tsiz;
 1555                 NFSCL_REQSTART(nd, NFSPROC_READ, vp);
 1556                 if (nd->nd_flag & ND_NFSV4)
 1557                         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1558                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED * 3);
 1559                 if (nd->nd_flag & ND_NFSV2) {
 1560                         *tl++ = txdr_unsigned(uiop->uio_offset);
 1561                         *tl++ = txdr_unsigned(len);
 1562                         *tl = 0;
 1563                 } else {
 1564                         txdr_hyper(uiop->uio_offset, tl);
 1565                         *(tl + 2) = txdr_unsigned(len);
 1566                 }
 1567                 /*
 1568                  * Since I can't do a Getattr for NFSv4 for Write, there
 1569                  * doesn't seem any point in doing one here, either.
 1570                  * (See the comment in nfsrpc_writerpc() for more info.)
 1571                  */
 1572                 error = nfscl_request(nd, vp, p, cred, stuff);
 1573                 if (error)
 1574                         return (error);
 1575                 if (nd->nd_flag & ND_NFSV3) {
 1576                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1577                 } else if (!nd->nd_repstat && (nd->nd_flag & ND_NFSV2)) {
 1578                         error = nfsm_loadattr(nd, nap);
 1579                         if (!error)
 1580                                 *attrflagp = 1;
 1581                 }
 1582                 if (nd->nd_repstat || error) {
 1583                         if (!error)
 1584                                 error = nd->nd_repstat;
 1585                         goto nfsmout;
 1586                 }
 1587                 if (nd->nd_flag & ND_NFSV3) {
 1588                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1589                         eof = fxdr_unsigned(int, *(tl + 1));
 1590                 } else if (nd->nd_flag & ND_NFSV4) {
 1591                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 1592                         eof = fxdr_unsigned(int, *tl);
 1593                 }
 1594                 NFSM_STRSIZ(retlen, len);
 1595                 error = nfsm_mbufuio(nd, uiop, retlen);
 1596                 if (error)
 1597                         goto nfsmout;
 1598                 mbuf_freem(nd->nd_mrep);
 1599                 nd->nd_mrep = NULL;
 1600                 tsiz -= retlen;
 1601                 if (!(nd->nd_flag & ND_NFSV2)) {
 1602                         if (eof || retlen == 0)
 1603                                 tsiz = 0;
 1604                 } else if (retlen < len)
 1605                         tsiz = 0;
 1606         }
 1607         return (0);
 1608 nfsmout:
 1609         if (nd->nd_mrep != NULL)
 1610                 mbuf_freem(nd->nd_mrep);
 1611         return (error);
 1612 }
 1613 
 1614 /*
 1615  * nfs write operation
 1616  * When called_from_strategy != 0, it should return EIO for an error that
 1617  * indicates recovery is in progress, so that the buffer will be left
 1618  * dirty and be written back to the server later. If it loops around,
 1619  * the recovery thread could get stuck waiting for the buffer and recovery
 1620  * will then deadlock.
 1621  */
 1622 APPLESTATIC int
 1623 nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 1624     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 1625     void *stuff, int called_from_strategy)
 1626 {
 1627         int error, expireret = 0, retrycnt, nostateid;
 1628         u_int32_t clidrev = 0;
 1629         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1630         struct nfsnode *np = VTONFS(vp);
 1631         struct ucred *newcred;
 1632         struct nfsfh *nfhp = NULL;
 1633         nfsv4stateid_t stateid;
 1634         void *lckp;
 1635 
 1636         *must_commit = 0;
 1637         if (nmp->nm_clp != NULL)
 1638                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1639         newcred = cred;
 1640         if (NFSHASNFSV4(nmp)) {
 1641                 newcred = NFSNEWCRED(cred);
 1642                 nfhp = np->n_fhp;
 1643         }
 1644         retrycnt = 0;
 1645         do {
 1646                 lckp = NULL;
 1647                 nostateid = 0;
 1648                 if (NFSHASNFSV4(nmp)) {
 1649                         (void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
 1650                             NFSV4OPEN_ACCESSWRITE, 0, newcred, p, &stateid,
 1651                             &lckp);
 1652                         if (stateid.other[0] == 0 && stateid.other[1] == 0 &&
 1653                             stateid.other[2] == 0) {
 1654                                 nostateid = 1;
 1655                                 NFSCL_DEBUG(1, "stateid0 in write\n");
 1656                         }
 1657                 }
 1658 
 1659                 /*
 1660                  * If there is no stateid for NFSv4, it means this is an
 1661                  * extraneous write after close. Basically a poorly
 1662                  * implemented buffer cache. Just don't do the write.
 1663                  */
 1664                 if (nostateid)
 1665                         error = 0;
 1666                 else
 1667                         error = nfsrpc_writerpc(vp, uiop, iomode, must_commit,
 1668                             newcred, &stateid, p, nap, attrflagp, stuff);
 1669                 if (error == NFSERR_STALESTATEID)
 1670                         nfscl_initiate_recovery(nmp->nm_clp);
 1671                 if (lckp != NULL)
 1672                         nfscl_lockderef(lckp);
 1673                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1674                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1675                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1676                         (void) nfs_catnap(PZERO, error, "nfs_write");
 1677                 } else if ((error == NFSERR_EXPIRED ||
 1678                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1679                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1680                 }
 1681                 retrycnt++;
 1682         } while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
 1683             ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
 1684               error == NFSERR_STALEDONTRECOVER) && called_from_strategy == 0) ||
 1685             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1686             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1687              expireret == 0 && clidrev != 0 && retrycnt < 4));
 1688         if (error != 0 && (retrycnt >= 4 ||
 1689             ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
 1690               error == NFSERR_STALEDONTRECOVER) && called_from_strategy != 0)))
 1691                 error = EIO;
 1692         if (NFSHASNFSV4(nmp))
 1693                 NFSFREECRED(newcred);
 1694         return (error);
 1695 }
 1696 
 1697 /*
 1698  * The actual write RPC.
 1699  */
 1700 static int
 1701 nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iomode,
 1702     int *must_commit, struct ucred *cred, nfsv4stateid_t *stateidp,
 1703     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1704 {
 1705         u_int32_t *tl;
 1706         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1707         struct nfsnode *np = VTONFS(vp);
 1708         int error = 0, len, tsiz, rlen, commit, committed = NFSWRITE_FILESYNC;
 1709         int wccflag = 0, wsize;
 1710         int32_t backup;
 1711         struct nfsrv_descript nfsd;
 1712         struct nfsrv_descript *nd = &nfsd;
 1713         nfsattrbit_t attrbits;
 1714         off_t tmp_off;
 1715 
 1716         KASSERT(uiop->uio_iovcnt == 1, ("nfs: writerpc iovcnt > 1"));
 1717         *attrflagp = 0;
 1718         tsiz = uio_uio_resid(uiop);
 1719         tmp_off = uiop->uio_offset + tsiz;
 1720         NFSLOCKMNT(nmp);
 1721         if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
 1722                 NFSUNLOCKMNT(nmp);
 1723                 return (EFBIG);
 1724         }
 1725         wsize = nmp->nm_wsize;
 1726         NFSUNLOCKMNT(nmp);
 1727         nd->nd_mrep = NULL;     /* NFSv2 sometimes does a write with */
 1728         nd->nd_repstat = 0;     /* uio_resid == 0, so the while is not done */
 1729         while (tsiz > 0) {
 1730                 *attrflagp = 0;
 1731                 len = (tsiz > wsize) ? wsize : tsiz;
 1732                 NFSCL_REQSTART(nd, NFSPROC_WRITE, vp);
 1733                 if (nd->nd_flag & ND_NFSV4) {
 1734                         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1735                         NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+2*NFSX_UNSIGNED);
 1736                         txdr_hyper(uiop->uio_offset, tl);
 1737                         tl += 2;
 1738                         *tl++ = txdr_unsigned(*iomode);
 1739                         *tl = txdr_unsigned(len);
 1740                 } else if (nd->nd_flag & ND_NFSV3) {
 1741                         NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+3*NFSX_UNSIGNED);
 1742                         txdr_hyper(uiop->uio_offset, tl);
 1743                         tl += 2;
 1744                         *tl++ = txdr_unsigned(len);
 1745                         *tl++ = txdr_unsigned(*iomode);
 1746                         *tl = txdr_unsigned(len);
 1747                 } else {
 1748                         u_int32_t x;
 1749 
 1750                         NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1751                         /*
 1752                          * Not sure why someone changed this, since the
 1753                          * RFC clearly states that "beginoffset" and
 1754                          * "totalcount" are ignored, but it wouldn't
 1755                          * surprise me if there's a busted server out there.
 1756                          */
 1757                         /* Set both "begin" and "current" to non-garbage. */
 1758                         x = txdr_unsigned((u_int32_t)uiop->uio_offset);
 1759                         *tl++ = x;      /* "begin offset" */
 1760                         *tl++ = x;      /* "current offset" */
 1761                         x = txdr_unsigned(len);
 1762                         *tl++ = x;      /* total to this offset */
 1763                         *tl = x;        /* size of this write */
 1764 
 1765                 }
 1766                 nfsm_uiombuf(nd, uiop, len);
 1767                 /*
 1768                  * Although it is tempting to do a normal Getattr Op in the
 1769                  * NFSv4 compound, the result can be a nearly hung client
 1770                  * system if the Getattr asks for Owner and/or OwnerGroup.
 1771                  * It occurs when the client can't map either the Owner or
 1772                  * Owner_group name in the Getattr reply to a uid/gid. When
 1773                  * there is a cache miss, the kernel does an upcall to the
 1774                  * nfsuserd. Then, it can try and read the local /etc/passwd
 1775                  * or /etc/group file. It can then block in getnewbuf(),
 1776                  * waiting for dirty writes to be pushed to the NFS server.
 1777                  * The only reason this doesn't result in a complete
 1778                  * deadlock, is that the upcall times out and allows
 1779                  * the write to complete. However, progress is so slow
 1780                  * that it might just as well be deadlocked.
 1781                  * As such, we get the rest of the attributes, but not
 1782                  * Owner or Owner_group.
 1783                  * nb: nfscl_loadattrcache() needs to be told that these
 1784                  *     partial attributes from a write rpc are being
 1785                  *     passed in, via a argument flag.
 1786                  */
 1787                 if (nd->nd_flag & ND_NFSV4) {
 1788                         NFSWRITEGETATTR_ATTRBIT(&attrbits);
 1789                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1790                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1791                         (void) nfsrv_putattrbit(nd, &attrbits);
 1792                 }
 1793                 error = nfscl_request(nd, vp, p, cred, stuff);
 1794                 if (error)
 1795                         return (error);
 1796                 if (nd->nd_repstat) {
 1797                         /*
 1798                          * In case the rpc gets retried, roll
 1799                          * the uio fileds changed by nfsm_uiombuf()
 1800                          * back.
 1801                          */
 1802                         uiop->uio_offset -= len;
 1803                         uio_uio_resid_add(uiop, len);
 1804                         uio_iov_base_add(uiop, -len);
 1805                         uio_iov_len_add(uiop, len);
 1806                 }
 1807                 if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 1808                         error = nfscl_wcc_data(nd, vp, nap, attrflagp,
 1809                             &wccflag, stuff);
 1810                         if (error)
 1811                                 goto nfsmout;
 1812                 }
 1813                 if (!nd->nd_repstat) {
 1814                         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 1815                                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED
 1816                                         + NFSX_VERF);
 1817                                 rlen = fxdr_unsigned(int, *tl++);
 1818                                 if (rlen == 0) {
 1819                                         error = NFSERR_IO;
 1820                                         goto nfsmout;
 1821                                 } else if (rlen < len) {
 1822                                         backup = len - rlen;
 1823                                         uio_iov_base_add(uiop, -(backup));
 1824                                         uio_iov_len_add(uiop, backup);
 1825                                         uiop->uio_offset -= backup;
 1826                                         uio_uio_resid_add(uiop, backup);
 1827                                         len = rlen;
 1828                                 }
 1829                                 commit = fxdr_unsigned(int, *tl++);
 1830 
 1831                                 /*
 1832                                  * Return the lowest commitment level
 1833                                  * obtained by any of the RPCs.
 1834                                  */
 1835                                 if (committed == NFSWRITE_FILESYNC)
 1836                                         committed = commit;
 1837                                 else if (committed == NFSWRITE_DATASYNC &&
 1838                                         commit == NFSWRITE_UNSTABLE)
 1839                                         committed = commit;
 1840                                 NFSLOCKMNT(nmp);
 1841                                 if (!NFSHASWRITEVERF(nmp)) {
 1842                                         NFSBCOPY((caddr_t)tl,
 1843                                             (caddr_t)&nmp->nm_verf[0],
 1844                                             NFSX_VERF);
 1845                                         NFSSETWRITEVERF(nmp);
 1846                                 } else if (NFSBCMP(tl, nmp->nm_verf,
 1847                                     NFSX_VERF)) {
 1848                                         *must_commit = 1;
 1849                                         NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 1850                                 }
 1851                                 NFSUNLOCKMNT(nmp);
 1852                         }
 1853                         if (nd->nd_flag & ND_NFSV4)
 1854                                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1855                         if (nd->nd_flag & (ND_NFSV2 | ND_NFSV4)) {
 1856                                 error = nfsm_loadattr(nd, nap);
 1857                                 if (!error)
 1858                                         *attrflagp = NFS_LATTR_NOSHRINK;
 1859                         }
 1860                 } else {
 1861                         error = nd->nd_repstat;
 1862                 }
 1863                 if (error)
 1864                         goto nfsmout;
 1865                 NFSWRITERPC_SETTIME(wccflag, np, nap, (nd->nd_flag & ND_NFSV4));
 1866                 mbuf_freem(nd->nd_mrep);
 1867                 nd->nd_mrep = NULL;
 1868                 tsiz -= len;
 1869         }
 1870 nfsmout:
 1871         if (nd->nd_mrep != NULL)
 1872                 mbuf_freem(nd->nd_mrep);
 1873         *iomode = committed;
 1874         if (nd->nd_repstat && !error)
 1875                 error = nd->nd_repstat;
 1876         return (error);
 1877 }
 1878 
 1879 /*
 1880  * nfs mknod rpc
 1881  * For NFS v2 this is a kludge. Use a create rpc but with the IFMT bits of the
 1882  * mode set to specify the file type and the size field for rdev.
 1883  */
 1884 APPLESTATIC int
 1885 nfsrpc_mknod(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1886     u_int32_t rdev, enum vtype vtyp, struct ucred *cred, NFSPROC_T *p,
 1887     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 1888     int *attrflagp, int *dattrflagp, void *dstuff)
 1889 {
 1890         u_int32_t *tl;
 1891         int error = 0;
 1892         struct nfsrv_descript nfsd, *nd = &nfsd;
 1893         nfsattrbit_t attrbits;
 1894 
 1895         *nfhpp = NULL;
 1896         *attrflagp = 0;
 1897         *dattrflagp = 0;
 1898         if (namelen > NFS_MAXNAMLEN)
 1899                 return (ENAMETOOLONG);
 1900         NFSCL_REQSTART(nd, NFSPROC_MKNOD, dvp);
 1901         if (nd->nd_flag & ND_NFSV4) {
 1902                 if (vtyp == VBLK || vtyp == VCHR) {
 1903                         NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 1904                         *tl++ = vtonfsv34_type(vtyp);
 1905                         *tl++ = txdr_unsigned(NFSMAJOR(rdev));
 1906                         *tl = txdr_unsigned(NFSMINOR(rdev));
 1907                 } else {
 1908                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1909                         *tl = vtonfsv34_type(vtyp);
 1910                 }
 1911         }
 1912         (void) nfsm_strtom(nd, name, namelen);
 1913         if (nd->nd_flag & ND_NFSV3) {
 1914                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1915                 *tl = vtonfsv34_type(vtyp);
 1916         }
 1917         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 1918                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 1919         if ((nd->nd_flag & ND_NFSV3) &&
 1920             (vtyp == VCHR || vtyp == VBLK)) {
 1921                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1922                 *tl++ = txdr_unsigned(NFSMAJOR(rdev));
 1923                 *tl = txdr_unsigned(NFSMINOR(rdev));
 1924         }
 1925         if (nd->nd_flag & ND_NFSV4) {
 1926                 NFSGETATTR_ATTRBIT(&attrbits);
 1927                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1928                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 1929                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1930                 (void) nfsrv_putattrbit(nd, &attrbits);
 1931         }
 1932         if (nd->nd_flag & ND_NFSV2)
 1933                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZERDEV, rdev);
 1934         error = nfscl_request(nd, dvp, p, cred, dstuff);
 1935         if (error)
 1936                 return (error);
 1937         if (nd->nd_flag & ND_NFSV4)
 1938                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 1939         if (!nd->nd_repstat) {
 1940                 if (nd->nd_flag & ND_NFSV4) {
 1941                         NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 1942                         error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 1943                         if (error)
 1944                                 goto nfsmout;
 1945                 }
 1946                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 1947                 if (error)
 1948                         goto nfsmout;
 1949         }
 1950         if (nd->nd_flag & ND_NFSV3)
 1951                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 1952         if (!error && nd->nd_repstat)
 1953                 error = nd->nd_repstat;
 1954 nfsmout:
 1955         mbuf_freem(nd->nd_mrep);
 1956         return (error);
 1957 }
 1958 
 1959 /*
 1960  * nfs file create call
 1961  * Mostly just call the approriate routine. (I separated out v4, so that
 1962  * error recovery wouldn't be as difficult.)
 1963  */
 1964 APPLESTATIC int
 1965 nfsrpc_create(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1966     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
 1967     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 1968     int *attrflagp, int *dattrflagp, void *dstuff)
 1969 {
 1970         int error = 0, newone, expireret = 0, retrycnt, unlocked;
 1971         struct nfsclowner *owp;
 1972         struct nfscldeleg *dp;
 1973         struct nfsmount *nmp = VFSTONFS(vnode_mount(dvp));
 1974         u_int32_t clidrev;
 1975 
 1976         if (NFSHASNFSV4(nmp)) {
 1977             retrycnt = 0;
 1978             do {
 1979                 dp = NULL;
 1980                 error = nfscl_open(dvp, NULL, 0, (NFSV4OPEN_ACCESSWRITE |
 1981                     NFSV4OPEN_ACCESSREAD), 0, cred, p, &owp, NULL, &newone,
 1982                     NULL, 1);
 1983                 if (error)
 1984                         return (error);
 1985                 if (nmp->nm_clp != NULL)
 1986                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 1987                 else
 1988                         clidrev = 0;
 1989                 if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
 1990                     nfs_numnfscbd == 0 || retrycnt > 0)
 1991                         error = nfsrpc_createv4(dvp, name, namelen, vap, cverf,
 1992                           fmode, owp, &dp, cred, p, dnap, nnap, nfhpp,
 1993                           attrflagp, dattrflagp, dstuff, &unlocked);
 1994                 else
 1995                         error = nfsrpc_getcreatelayout(dvp, name, namelen, vap,
 1996                           cverf, fmode, owp, &dp, cred, p, dnap, nnap, nfhpp,
 1997                           attrflagp, dattrflagp, dstuff, &unlocked);
 1998                 /*
 1999                  * There is no need to invalidate cached attributes here,
 2000                  * since new post-delegation issue attributes are always
 2001                  * returned by nfsrpc_createv4() and these will update the
 2002                  * attribute cache.
 2003                  */
 2004                 if (dp != NULL)
 2005                         (void) nfscl_deleg(nmp->nm_mountp, owp->nfsow_clp,
 2006                             (*nfhpp)->nfh_fh, (*nfhpp)->nfh_len, cred, p, &dp);
 2007                 nfscl_ownerrelease(nmp, owp, error, newone, unlocked);
 2008                 if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
 2009                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 2010                     error == NFSERR_BADSESSION) {
 2011                         (void) nfs_catnap(PZERO, error, "nfs_open");
 2012                 } else if ((error == NFSERR_EXPIRED ||
 2013                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 2014                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 2015                         retrycnt++;
 2016                 }
 2017             } while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
 2018                 error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 2019                 error == NFSERR_BADSESSION ||
 2020                 ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 2021                  expireret == 0 && clidrev != 0 && retrycnt < 4));
 2022             if (error && retrycnt >= 4)
 2023                     error = EIO;
 2024         } else {
 2025                 error = nfsrpc_createv23(dvp, name, namelen, vap, cverf,
 2026                     fmode, cred, p, dnap, nnap, nfhpp, attrflagp, dattrflagp,
 2027                     dstuff);
 2028         }
 2029         return (error);
 2030 }
 2031 
 2032 /*
 2033  * The create rpc for v2 and 3.
 2034  */
 2035 static int
 2036 nfsrpc_createv23(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 2037     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
 2038     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 2039     int *attrflagp, int *dattrflagp, void *dstuff)
 2040 {
 2041         u_int32_t *tl;
 2042         int error = 0;
 2043         struct nfsrv_descript nfsd, *nd = &nfsd;
 2044 
 2045         *nfhpp = NULL;
 2046         *attrflagp = 0;
 2047         *dattrflagp = 0;
 2048         if (namelen > NFS_MAXNAMLEN)
 2049                 return (ENAMETOOLONG);
 2050         NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp);
 2051         (void) nfsm_strtom(nd, name, namelen);
 2052         if (nd->nd_flag & ND_NFSV3) {
 2053                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2054                 if (fmode & O_EXCL) {
 2055                         *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
 2056                         NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 2057                         *tl++ = cverf.lval[0];
 2058                         *tl = cverf.lval[1];
 2059                 } else {
 2060                         *tl = txdr_unsigned(NFSCREATE_UNCHECKED);
 2061                         nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2062                 }
 2063         } else {
 2064                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZE0, 0);
 2065         }
 2066         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2067         if (error)
 2068                 return (error);
 2069         if (nd->nd_repstat == 0) {
 2070                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2071                 if (error)
 2072                         goto nfsmout;
 2073         }
 2074         if (nd->nd_flag & ND_NFSV3)
 2075                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2076         if (nd->nd_repstat != 0 && error == 0)
 2077                 error = nd->nd_repstat;
 2078 nfsmout:
 2079         mbuf_freem(nd->nd_mrep);
 2080         return (error);
 2081 }
 2082 
 2083 static int
 2084 nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 2085     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
 2086     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2087     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 2088     int *dattrflagp, void *dstuff, int *unlockedp)
 2089 {
 2090         u_int32_t *tl;
 2091         int error = 0, deleg, newone, ret, acesize, limitby;
 2092         struct nfsrv_descript nfsd, *nd = &nfsd;
 2093         struct nfsclopen *op;
 2094         struct nfscldeleg *dp = NULL;
 2095         struct nfsnode *np;
 2096         struct nfsfh *nfhp;
 2097         nfsattrbit_t attrbits;
 2098         nfsv4stateid_t stateid;
 2099         u_int32_t rflags;
 2100         struct nfsmount *nmp;
 2101         struct nfsclsession *tsep;
 2102 
 2103         nmp = VFSTONFS(dvp->v_mount);
 2104         np = VTONFS(dvp);
 2105         *unlockedp = 0;
 2106         *nfhpp = NULL;
 2107         *dpp = NULL;
 2108         *attrflagp = 0;
 2109         *dattrflagp = 0;
 2110         if (namelen > NFS_MAXNAMLEN)
 2111                 return (ENAMETOOLONG);
 2112         NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp);
 2113         /*
 2114          * For V4, this is actually an Open op.
 2115          */
 2116         NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 2117         *tl++ = txdr_unsigned(owp->nfsow_seqid);
 2118         *tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
 2119             NFSV4OPEN_ACCESSREAD);
 2120         *tl++ = txdr_unsigned(NFSV4OPEN_DENYNONE);
 2121         tsep = nfsmnt_mdssession(nmp);
 2122         *tl++ = tsep->nfsess_clientid.lval[0];
 2123         *tl = tsep->nfsess_clientid.lval[1];
 2124         (void) nfsm_strtom(nd, owp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
 2125         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2126         *tl++ = txdr_unsigned(NFSV4OPEN_CREATE);
 2127         if (fmode & O_EXCL) {
 2128                 if (NFSHASNFSV4N(nmp)) {
 2129                         if (NFSHASSESSPERSIST(nmp)) {
 2130                                 /* Use GUARDED for persistent sessions. */
 2131                                 *tl = txdr_unsigned(NFSCREATE_GUARDED);
 2132                                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2133                         } else {
 2134                                 /* Otherwise, use EXCLUSIVE4_1. */
 2135                                 *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE41);
 2136                                 NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 2137                                 *tl++ = cverf.lval[0];
 2138                                 *tl = cverf.lval[1];
 2139                                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2140                         }
 2141                 } else {
 2142                         /* NFSv4.0 */
 2143                         *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
 2144                         NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 2145                         *tl++ = cverf.lval[0];
 2146                         *tl = cverf.lval[1];
 2147                 }
 2148         } else {
 2149                 *tl = txdr_unsigned(NFSCREATE_UNCHECKED);
 2150                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2151         }
 2152         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2153         *tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
 2154         (void) nfsm_strtom(nd, name, namelen);
 2155         /* Get the new file's handle and attributes. */
 2156         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2157         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2158         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2159         NFSGETATTR_ATTRBIT(&attrbits);
 2160         (void) nfsrv_putattrbit(nd, &attrbits);
 2161         /* Get the directory's post-op attributes. */
 2162         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2163         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2164         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
 2165         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2166         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2167         (void) nfsrv_putattrbit(nd, &attrbits);
 2168         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2169         if (error)
 2170                 return (error);
 2171         NFSCL_INCRSEQID(owp->nfsow_seqid, nd);
 2172         if (nd->nd_repstat == 0) {
 2173                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
 2174                     6 * NFSX_UNSIGNED);
 2175                 stateid.seqid = *tl++;
 2176                 stateid.other[0] = *tl++;
 2177                 stateid.other[1] = *tl++;
 2178                 stateid.other[2] = *tl;
 2179                 rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
 2180                 (void) nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 2181                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 2182                 deleg = fxdr_unsigned(int, *tl);
 2183                 if (deleg == NFSV4OPEN_DELEGATEREAD ||
 2184                     deleg == NFSV4OPEN_DELEGATEWRITE) {
 2185                         if (!(owp->nfsow_clp->nfsc_flags &
 2186                               NFSCLFLAGS_FIRSTDELEG))
 2187                                 owp->nfsow_clp->nfsc_flags |=
 2188                                   (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
 2189                         dp = malloc(
 2190                             sizeof (struct nfscldeleg) + NFSX_V4FHMAX,
 2191                             M_NFSCLDELEG, M_WAITOK);
 2192                         LIST_INIT(&dp->nfsdl_owner);
 2193                         LIST_INIT(&dp->nfsdl_lock);
 2194                         dp->nfsdl_clp = owp->nfsow_clp;
 2195                         newnfs_copyincred(cred, &dp->nfsdl_cred);
 2196                         nfscl_lockinit(&dp->nfsdl_rwlock);
 2197                         NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
 2198                             NFSX_UNSIGNED);
 2199                         dp->nfsdl_stateid.seqid = *tl++;
 2200                         dp->nfsdl_stateid.other[0] = *tl++;
 2201                         dp->nfsdl_stateid.other[1] = *tl++;
 2202                         dp->nfsdl_stateid.other[2] = *tl++;
 2203                         ret = fxdr_unsigned(int, *tl);
 2204                         if (deleg == NFSV4OPEN_DELEGATEWRITE) {
 2205                                 dp->nfsdl_flags = NFSCLDL_WRITE;
 2206                                 /*
 2207                                  * Indicates how much the file can grow.
 2208                                  */
 2209                                 NFSM_DISSECT(tl, u_int32_t *,
 2210                                     3 * NFSX_UNSIGNED);
 2211                                 limitby = fxdr_unsigned(int, *tl++);
 2212                                 switch (limitby) {
 2213                                 case NFSV4OPEN_LIMITSIZE:
 2214                                         dp->nfsdl_sizelimit = fxdr_hyper(tl);
 2215                                         break;
 2216                                 case NFSV4OPEN_LIMITBLOCKS:
 2217                                         dp->nfsdl_sizelimit =
 2218                                             fxdr_unsigned(u_int64_t, *tl++);
 2219                                         dp->nfsdl_sizelimit *=
 2220                                             fxdr_unsigned(u_int64_t, *tl);
 2221                                         break;
 2222                                 default:
 2223                                         error = NFSERR_BADXDR;
 2224                                         goto nfsmout;
 2225                                 }
 2226                         } else {
 2227                                 dp->nfsdl_flags = NFSCLDL_READ;
 2228                         }
 2229                         if (ret)
 2230                                 dp->nfsdl_flags |= NFSCLDL_RECALL;
 2231                         error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret,
 2232                             &acesize, p);
 2233                         if (error)
 2234                                 goto nfsmout;
 2235                 } else if (deleg != NFSV4OPEN_DELEGATENONE) {
 2236                         error = NFSERR_BADXDR;
 2237                         goto nfsmout;
 2238                 }
 2239                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2240                 if (error)
 2241                         goto nfsmout;
 2242                 /* Get rid of the PutFH and Getattr status values. */
 2243                 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 2244                 /* Load the directory attributes. */
 2245                 error = nfsm_loadattr(nd, dnap);
 2246                 if (error)
 2247                         goto nfsmout;
 2248                 *dattrflagp = 1;
 2249                 if (dp != NULL && *attrflagp) {
 2250                         dp->nfsdl_change = nnap->na_filerev;
 2251                         dp->nfsdl_modtime = nnap->na_mtime;
 2252                         dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
 2253                 }
 2254                 /*
 2255                  * We can now complete the Open state.
 2256                  */
 2257                 nfhp = *nfhpp;
 2258                 if (dp != NULL) {
 2259                         dp->nfsdl_fhlen = nfhp->nfh_len;
 2260                         NFSBCOPY(nfhp->nfh_fh, dp->nfsdl_fh, nfhp->nfh_len);
 2261                 }
 2262                 /*
 2263                  * Get an Open structure that will be
 2264                  * attached to the OpenOwner, acquired already.
 2265                  */
 2266                 error = nfscl_open(dvp, nfhp->nfh_fh, nfhp->nfh_len, 
 2267                     (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), 0,
 2268                     cred, p, NULL, &op, &newone, NULL, 0);
 2269                 if (error)
 2270                         goto nfsmout;
 2271                 op->nfso_stateid = stateid;
 2272                 newnfs_copyincred(cred, &op->nfso_cred);
 2273                 if ((rflags & NFSV4OPEN_RESULTCONFIRM)) {
 2274                     do {
 2275                         ret = nfsrpc_openconfirm(dvp, nfhp->nfh_fh,
 2276                             nfhp->nfh_len, op, cred, p);
 2277                         if (ret == NFSERR_DELAY)
 2278                             (void) nfs_catnap(PZERO, ret, "nfs_create");
 2279                     } while (ret == NFSERR_DELAY);
 2280                     error = ret;
 2281                 }
 2282 
 2283                 /*
 2284                  * If the server is handing out delegations, but we didn't
 2285                  * get one because an OpenConfirm was required, try the
 2286                  * Open again, to get a delegation. This is a harmless no-op,
 2287                  * from a server's point of view.
 2288                  */
 2289                 if ((rflags & NFSV4OPEN_RESULTCONFIRM) &&
 2290                     (owp->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG) &&
 2291                     !error && dp == NULL) {
 2292                     do {
 2293                         ret = nfsrpc_openrpc(VFSTONFS(vnode_mount(dvp)), dvp,
 2294                             np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
 2295                             nfhp->nfh_fh, nfhp->nfh_len,
 2296                             (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), op,
 2297                             name, namelen, &dp, 0, 0x0, cred, p, 0, 1);
 2298                         if (ret == NFSERR_DELAY)
 2299                             (void) nfs_catnap(PZERO, ret, "nfs_crt2");
 2300                     } while (ret == NFSERR_DELAY);
 2301                     if (ret) {
 2302                         if (dp != NULL) {
 2303                                 free(dp, M_NFSCLDELEG);
 2304                                 dp = NULL;
 2305                         }
 2306                         if (ret == NFSERR_STALECLIENTID ||
 2307                             ret == NFSERR_STALEDONTRECOVER ||
 2308                             ret == NFSERR_BADSESSION)
 2309                                 error = ret;
 2310                     }
 2311                 }
 2312                 nfscl_openrelease(nmp, op, error, newone);
 2313                 *unlockedp = 1;
 2314         }
 2315         if (nd->nd_repstat != 0 && error == 0)
 2316                 error = nd->nd_repstat;
 2317         if (error == NFSERR_STALECLIENTID)
 2318                 nfscl_initiate_recovery(owp->nfsow_clp);
 2319 nfsmout:
 2320         if (!error)
 2321                 *dpp = dp;
 2322         else if (dp != NULL)
 2323                 free(dp, M_NFSCLDELEG);
 2324         mbuf_freem(nd->nd_mrep);
 2325         return (error);
 2326 }
 2327 
 2328 /*
 2329  * Nfs remove rpc
 2330  */
 2331 APPLESTATIC int
 2332 nfsrpc_remove(vnode_t dvp, char *name, int namelen, vnode_t vp,
 2333     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp,
 2334     void *dstuff)
 2335 {
 2336         u_int32_t *tl;
 2337         struct nfsrv_descript nfsd, *nd = &nfsd;
 2338         struct nfsnode *np;
 2339         struct nfsmount *nmp;
 2340         nfsv4stateid_t dstateid;
 2341         int error, ret = 0, i;
 2342 
 2343         *dattrflagp = 0;
 2344         if (namelen > NFS_MAXNAMLEN)
 2345                 return (ENAMETOOLONG);
 2346         nmp = VFSTONFS(vnode_mount(dvp));
 2347 tryagain:
 2348         if (NFSHASNFSV4(nmp) && ret == 0) {
 2349                 ret = nfscl_removedeleg(vp, p, &dstateid);
 2350                 if (ret == 1) {
 2351                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGREMOVE, vp);
 2352                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
 2353                             NFSX_UNSIGNED);
 2354                         if (NFSHASNFSV4N(nmp))
 2355                                 *tl++ = 0;
 2356                         else
 2357                                 *tl++ = dstateid.seqid;
 2358                         *tl++ = dstateid.other[0];
 2359                         *tl++ = dstateid.other[1];
 2360                         *tl++ = dstateid.other[2];
 2361                         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2362                         np = VTONFS(dvp);
 2363                         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2364                             np->n_fhp->nfh_len, 0);
 2365                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2366                         *tl = txdr_unsigned(NFSV4OP_REMOVE);
 2367                 }
 2368         } else {
 2369                 ret = 0;
 2370         }
 2371         if (ret == 0)
 2372                 NFSCL_REQSTART(nd, NFSPROC_REMOVE, dvp);
 2373         (void) nfsm_strtom(nd, name, namelen);
 2374         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2375         if (error)
 2376                 return (error);
 2377         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 2378                 /* For NFSv4, parse out any Delereturn replies. */
 2379                 if (ret > 0 && nd->nd_repstat != 0 &&
 2380                     (nd->nd_flag & ND_NOMOREDATA)) {
 2381                         /*
 2382                          * If the Delegreturn failed, try again without
 2383                          * it. The server will Recall, as required.
 2384                          */
 2385                         mbuf_freem(nd->nd_mrep);
 2386                         goto tryagain;
 2387                 }
 2388                 for (i = 0; i < (ret * 2); i++) {
 2389                         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 2390                             ND_NFSV4) {
 2391                             NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2392                             if (*(tl + 1))
 2393                                 nd->nd_flag |= ND_NOMOREDATA;
 2394                         }
 2395                 }
 2396                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2397         }
 2398         if (nd->nd_repstat && !error)
 2399                 error = nd->nd_repstat;
 2400 nfsmout:
 2401         mbuf_freem(nd->nd_mrep);
 2402         return (error);
 2403 }
 2404 
 2405 /*
 2406  * Do an nfs rename rpc.
 2407  */
 2408 APPLESTATIC int
 2409 nfsrpc_rename(vnode_t fdvp, vnode_t fvp, char *fnameptr, int fnamelen,
 2410     vnode_t tdvp, vnode_t tvp, char *tnameptr, int tnamelen, struct ucred *cred,
 2411     NFSPROC_T *p, struct nfsvattr *fnap, struct nfsvattr *tnap,
 2412     int *fattrflagp, int *tattrflagp, void *fstuff, void *tstuff)
 2413 {
 2414         u_int32_t *tl;
 2415         struct nfsrv_descript nfsd, *nd = &nfsd;
 2416         struct nfsmount *nmp;
 2417         struct nfsnode *np;
 2418         nfsattrbit_t attrbits;
 2419         nfsv4stateid_t fdstateid, tdstateid;
 2420         int error = 0, ret = 0, gottd = 0, gotfd = 0, i;
 2421         
 2422         *fattrflagp = 0;
 2423         *tattrflagp = 0;
 2424         nmp = VFSTONFS(vnode_mount(fdvp));
 2425         if (fnamelen > NFS_MAXNAMLEN || tnamelen > NFS_MAXNAMLEN)
 2426                 return (ENAMETOOLONG);
 2427 tryagain:
 2428         if (NFSHASNFSV4(nmp) && ret == 0) {
 2429                 ret = nfscl_renamedeleg(fvp, &fdstateid, &gotfd, tvp,
 2430                     &tdstateid, &gottd, p);
 2431                 if (gotfd && gottd) {
 2432                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME2, fvp);
 2433                 } else if (gotfd) {
 2434                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, fvp);
 2435                 } else if (gottd) {
 2436                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, tvp);
 2437                 }
 2438                 if (gotfd) {
 2439                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 2440                         if (NFSHASNFSV4N(nmp))
 2441                                 *tl++ = 0;
 2442                         else
 2443                                 *tl++ = fdstateid.seqid;
 2444                         *tl++ = fdstateid.other[0];
 2445                         *tl++ = fdstateid.other[1];
 2446                         *tl = fdstateid.other[2];
 2447                         if (gottd) {
 2448                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2449                                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2450                                 np = VTONFS(tvp);
 2451                                 (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2452                                     np->n_fhp->nfh_len, 0);
 2453                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2454                                 *tl = txdr_unsigned(NFSV4OP_DELEGRETURN);
 2455                         }
 2456                 }
 2457                 if (gottd) {
 2458                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 2459                         if (NFSHASNFSV4N(nmp))
 2460                                 *tl++ = 0;
 2461                         else
 2462                                 *tl++ = tdstateid.seqid;
 2463                         *tl++ = tdstateid.other[0];
 2464                         *tl++ = tdstateid.other[1];
 2465                         *tl = tdstateid.other[2];
 2466                 }
 2467                 if (ret > 0) {
 2468                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2469                         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2470                         np = VTONFS(fdvp);
 2471                         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2472                             np->n_fhp->nfh_len, 0);
 2473                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2474                         *tl = txdr_unsigned(NFSV4OP_SAVEFH);
 2475                 }
 2476         } else {
 2477                 ret = 0;
 2478         }
 2479         if (ret == 0)
 2480                 NFSCL_REQSTART(nd, NFSPROC_RENAME, fdvp);
 2481         if (nd->nd_flag & ND_NFSV4) {
 2482                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2483                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2484                 NFSWCCATTR_ATTRBIT(&attrbits);
 2485                 (void) nfsrv_putattrbit(nd, &attrbits);
 2486                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2487                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2488                 (void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 2489                     VTONFS(tdvp)->n_fhp->nfh_len, 0);
 2490                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2491                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2492                 (void) nfsrv_putattrbit(nd, &attrbits);
 2493                 nd->nd_flag |= ND_V4WCCATTR;
 2494                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2495                 *tl = txdr_unsigned(NFSV4OP_RENAME);
 2496         }
 2497         (void) nfsm_strtom(nd, fnameptr, fnamelen);
 2498         if (!(nd->nd_flag & ND_NFSV4))
 2499                 (void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 2500                         VTONFS(tdvp)->n_fhp->nfh_len, 0);
 2501         (void) nfsm_strtom(nd, tnameptr, tnamelen);
 2502         error = nfscl_request(nd, fdvp, p, cred, fstuff);
 2503         if (error)
 2504                 return (error);
 2505         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 2506                 /* For NFSv4, parse out any Delereturn replies. */
 2507                 if (ret > 0 && nd->nd_repstat != 0 &&
 2508                     (nd->nd_flag & ND_NOMOREDATA)) {
 2509                         /*
 2510                          * If the Delegreturn failed, try again without
 2511                          * it. The server will Recall, as required.
 2512                          */
 2513                         mbuf_freem(nd->nd_mrep);
 2514                         goto tryagain;
 2515                 }
 2516                 for (i = 0; i < (ret * 2); i++) {
 2517                         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 2518                             ND_NFSV4) {
 2519                             NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2520                             if (*(tl + 1)) {
 2521                                 if (i == 0 && ret > 1) {
 2522                                     /*
 2523                                      * If the Delegreturn failed, try again
 2524                                      * without it. The server will Recall, as
 2525                                      * required.
 2526                                      * If ret > 1, the first iteration of this
 2527                                      * loop is the second DelegReturn result.
 2528                                      */
 2529                                     mbuf_freem(nd->nd_mrep);
 2530                                     goto tryagain;
 2531                                 } else {
 2532                                     nd->nd_flag |= ND_NOMOREDATA;
 2533                                 }
 2534                             }
 2535                         }
 2536                 }
 2537                 /* Now, the first wcc attribute reply. */
 2538                 if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 2539                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2540                         if (*(tl + 1))
 2541                                 nd->nd_flag |= ND_NOMOREDATA;
 2542                 }
 2543                 error = nfscl_wcc_data(nd, fdvp, fnap, fattrflagp, NULL,
 2544                     fstuff);
 2545                 /* and the second wcc attribute reply. */
 2546                 if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 &&
 2547                     !error) {
 2548                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2549                         if (*(tl + 1))
 2550                                 nd->nd_flag |= ND_NOMOREDATA;
 2551                 }
 2552                 if (!error)
 2553                         error = nfscl_wcc_data(nd, tdvp, tnap, tattrflagp,
 2554                             NULL, tstuff);
 2555         }
 2556         if (nd->nd_repstat && !error)
 2557                 error = nd->nd_repstat;
 2558 nfsmout:
 2559         mbuf_freem(nd->nd_mrep);
 2560         return (error);
 2561 }
 2562 
 2563 /*
 2564  * nfs hard link create rpc
 2565  */
 2566 APPLESTATIC int
 2567 nfsrpc_link(vnode_t dvp, vnode_t vp, char *name, int namelen,
 2568     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2569     struct nfsvattr *nap, int *attrflagp, int *dattrflagp, void *dstuff)
 2570 {
 2571         u_int32_t *tl;
 2572         struct nfsrv_descript nfsd, *nd = &nfsd;
 2573         nfsattrbit_t attrbits;
 2574         int error = 0;
 2575 
 2576         *attrflagp = 0;
 2577         *dattrflagp = 0;
 2578         if (namelen > NFS_MAXNAMLEN)
 2579                 return (ENAMETOOLONG);
 2580         NFSCL_REQSTART(nd, NFSPROC_LINK, vp);
 2581         if (nd->nd_flag & ND_NFSV4) {
 2582                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2583                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2584         }
 2585         (void) nfsm_fhtom(nd, VTONFS(dvp)->n_fhp->nfh_fh,
 2586                 VTONFS(dvp)->n_fhp->nfh_len, 0);
 2587         if (nd->nd_flag & ND_NFSV4) {
 2588                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2589                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2590                 NFSWCCATTR_ATTRBIT(&attrbits);
 2591                 (void) nfsrv_putattrbit(nd, &attrbits);
 2592                 nd->nd_flag |= ND_V4WCCATTR;
 2593                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2594                 *tl = txdr_unsigned(NFSV4OP_LINK);
 2595         }
 2596         (void) nfsm_strtom(nd, name, namelen);
 2597         error = nfscl_request(nd, vp, p, cred, dstuff);
 2598         if (error)
 2599                 return (error);
 2600         if (nd->nd_flag & ND_NFSV3) {
 2601                 error = nfscl_postop_attr(nd, nap, attrflagp, dstuff);
 2602                 if (!error)
 2603                         error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
 2604                             NULL, dstuff);
 2605         } else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 2606                 /*
 2607                  * First, parse out the PutFH and Getattr result.
 2608                  */
 2609                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2610                 if (!(*(tl + 1)))
 2611                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2612                 if (*(tl + 1))
 2613                         nd->nd_flag |= ND_NOMOREDATA;
 2614                 /*
 2615                  * Get the pre-op attributes.
 2616                  */
 2617                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2618         }
 2619         if (nd->nd_repstat && !error)
 2620                 error = nd->nd_repstat;
 2621 nfsmout:
 2622         mbuf_freem(nd->nd_mrep);
 2623         return (error);
 2624 }
 2625 
 2626 /*
 2627  * nfs symbolic link create rpc
 2628  */
 2629 APPLESTATIC int
 2630 nfsrpc_symlink(vnode_t dvp, char *name, int namelen, const char *target,
 2631     struct vattr *vap, struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2632     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 2633     int *dattrflagp, void *dstuff)
 2634 {
 2635         u_int32_t *tl;
 2636         struct nfsrv_descript nfsd, *nd = &nfsd;
 2637         struct nfsmount *nmp;
 2638         int slen, error = 0;
 2639 
 2640         *nfhpp = NULL;
 2641         *attrflagp = 0;
 2642         *dattrflagp = 0;
 2643         nmp = VFSTONFS(vnode_mount(dvp));
 2644         slen = strlen(target);
 2645         if (slen > NFS_MAXPATHLEN || namelen > NFS_MAXNAMLEN)
 2646                 return (ENAMETOOLONG);
 2647         NFSCL_REQSTART(nd, NFSPROC_SYMLINK, dvp);
 2648         if (nd->nd_flag & ND_NFSV4) {
 2649                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2650                 *tl = txdr_unsigned(NFLNK);
 2651                 (void) nfsm_strtom(nd, target, slen);
 2652         }
 2653         (void) nfsm_strtom(nd, name, namelen);
 2654         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 2655                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2656         if (!(nd->nd_flag & ND_NFSV4))
 2657                 (void) nfsm_strtom(nd, target, slen);
 2658         if (nd->nd_flag & ND_NFSV2)
 2659                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
 2660         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2661         if (error)
 2662                 return (error);
 2663         if (nd->nd_flag & ND_NFSV4)
 2664                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2665         if ((nd->nd_flag & ND_NFSV3) && !error) {
 2666                 if (!nd->nd_repstat)
 2667                         error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2668                 if (!error)
 2669                         error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
 2670                             NULL, dstuff);
 2671         }
 2672         if (nd->nd_repstat && !error)
 2673                 error = nd->nd_repstat;
 2674         mbuf_freem(nd->nd_mrep);
 2675         /*
 2676          * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
 2677          * Only do this if vfs.nfs.ignore_eexist is set.
 2678          * Never do this for NFSv4.1 or later minor versions, since sessions
 2679          * should guarantee "exactly once" RPC semantics.
 2680          */
 2681         if (error == EEXIST && nfsignore_eexist != 0 && (!NFSHASNFSV4(nmp) ||
 2682             nmp->nm_minorvers == 0))
 2683                 error = 0;
 2684         return (error);
 2685 }
 2686 
 2687 /*
 2688  * nfs make dir rpc
 2689  */
 2690 APPLESTATIC int
 2691 nfsrpc_mkdir(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 2692     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2693     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 2694     int *dattrflagp, void *dstuff)
 2695 {
 2696         u_int32_t *tl;
 2697         struct nfsrv_descript nfsd, *nd = &nfsd;
 2698         nfsattrbit_t attrbits;
 2699         int error = 0;
 2700         struct nfsfh *fhp;
 2701         struct nfsmount *nmp;
 2702 
 2703         *nfhpp = NULL;
 2704         *attrflagp = 0;
 2705         *dattrflagp = 0;
 2706         nmp = VFSTONFS(vnode_mount(dvp));
 2707         fhp = VTONFS(dvp)->n_fhp;
 2708         if (namelen > NFS_MAXNAMLEN)
 2709                 return (ENAMETOOLONG);
 2710         NFSCL_REQSTART(nd, NFSPROC_MKDIR, dvp);
 2711         if (nd->nd_flag & ND_NFSV4) {
 2712                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2713                 *tl = txdr_unsigned(NFDIR);
 2714         }
 2715         (void) nfsm_strtom(nd, name, namelen);
 2716         nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
 2717         if (nd->nd_flag & ND_NFSV4) {
 2718                 NFSGETATTR_ATTRBIT(&attrbits);
 2719                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2720                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2721                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2722                 (void) nfsrv_putattrbit(nd, &attrbits);
 2723                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2724                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2725                 (void) nfsm_fhtom(nd, fhp->nfh_fh, fhp->nfh_len, 0);
 2726                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2727                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2728                 (void) nfsrv_putattrbit(nd, &attrbits);
 2729         }
 2730         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2731         if (error)
 2732                 return (error);
 2733         if (nd->nd_flag & ND_NFSV4)
 2734                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2735         if (!nd->nd_repstat && !error) {
 2736                 if (nd->nd_flag & ND_NFSV4) {
 2737                         NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 2738                         error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 2739                 }
 2740                 if (!error)
 2741                         error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2742                 if (error == 0 && (nd->nd_flag & ND_NFSV4) != 0) {
 2743                         /* Get rid of the PutFH and Getattr status values. */
 2744                         NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 2745                         /* Load the directory attributes. */
 2746                         error = nfsm_loadattr(nd, dnap);
 2747                         if (error == 0)
 2748                                 *dattrflagp = 1;
 2749                 }
 2750         }
 2751         if ((nd->nd_flag & ND_NFSV3) && !error)
 2752                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2753         if (nd->nd_repstat && !error)
 2754                 error = nd->nd_repstat;
 2755 nfsmout:
 2756         mbuf_freem(nd->nd_mrep);
 2757         /*
 2758          * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
 2759          * Only do this if vfs.nfs.ignore_eexist is set.
 2760          * Never do this for NFSv4.1 or later minor versions, since sessions
 2761          * should guarantee "exactly once" RPC semantics.
 2762          */
 2763         if (error == EEXIST && nfsignore_eexist != 0 && (!NFSHASNFSV4(nmp) ||
 2764             nmp->nm_minorvers == 0))
 2765                 error = 0;
 2766         return (error);
 2767 }
 2768 
 2769 /*
 2770  * nfs remove directory call
 2771  */
 2772 APPLESTATIC int
 2773 nfsrpc_rmdir(vnode_t dvp, char *name, int namelen, struct ucred *cred,
 2774     NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp, void *dstuff)
 2775 {
 2776         struct nfsrv_descript nfsd, *nd = &nfsd;
 2777         int error = 0;
 2778 
 2779         *dattrflagp = 0;
 2780         if (namelen > NFS_MAXNAMLEN)
 2781                 return (ENAMETOOLONG);
 2782         NFSCL_REQSTART(nd, NFSPROC_RMDIR, dvp);
 2783         (void) nfsm_strtom(nd, name, namelen);
 2784         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2785         if (error)
 2786                 return (error);
 2787         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 2788                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2789         if (nd->nd_repstat && !error)
 2790                 error = nd->nd_repstat;
 2791         mbuf_freem(nd->nd_mrep);
 2792         /*
 2793          * Kludge: Map ENOENT => 0 assuming that you have a reply to a retry.
 2794          */
 2795         if (error == ENOENT)
 2796                 error = 0;
 2797         return (error);
 2798 }
 2799 
 2800 /*
 2801  * Readdir rpc.
 2802  * Always returns with either uio_resid unchanged, if you are at the
 2803  * end of the directory, or uio_resid == 0, with all DIRBLKSIZ chunks
 2804  * filled in.
 2805  * I felt this would allow caching of directory blocks more easily
 2806  * than returning a pertially filled block.
 2807  * Directory offset cookies:
 2808  * Oh my, what to do with them...
 2809  * I can think of three ways to deal with them:
 2810  * 1 - have the layer above these RPCs maintain a map between logical
 2811  *     directory byte offsets and the NFS directory offset cookies
 2812  * 2 - pass the opaque directory offset cookies up into userland
 2813  *     and let the libc functions deal with them, via the system call
 2814  * 3 - return them to userland in the "struct dirent", so future versions
 2815  *     of libc can use them and do whatever is necessary to make things work
 2816  *     above these rpc calls, in the meantime
 2817  * For now, I do #3 by "hiding" the directory offset cookies after the
 2818  * d_name field in struct dirent. This is space inside d_reclen that
 2819  * will be ignored by anything that doesn't know about them.
 2820  * The directory offset cookies are filled in as the last 8 bytes of
 2821  * each directory entry, after d_name. Someday, the userland libc
 2822  * functions may be able to use these. In the meantime, it satisfies
 2823  * OpenBSD's requirements for cookies being returned.
 2824  * If expects the directory offset cookie for the read to be in uio_offset
 2825  * and returns the one for the next entry after this directory block in
 2826  * there, as well.
 2827  */
 2828 APPLESTATIC int
 2829 nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
 2830     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 2831     int *eofp, void *stuff)
 2832 {
 2833         int len, left;
 2834         struct dirent *dp = NULL;
 2835         u_int32_t *tl;
 2836         nfsquad_t cookie, ncookie;
 2837         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 2838         struct nfsnode *dnp = VTONFS(vp);
 2839         struct nfsvattr nfsva;
 2840         struct nfsrv_descript nfsd, *nd = &nfsd;
 2841         int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
 2842         int reqsize, tryformoredirs = 1, readsize, eof = 0, gotmnton = 0;
 2843         u_int64_t dotfileid, dotdotfileid = 0, fakefileno = UINT64_MAX;
 2844         char *cp;
 2845         nfsattrbit_t attrbits, dattrbits;
 2846         u_int32_t rderr, *tl2 = NULL;
 2847         size_t tresid;
 2848 
 2849         KASSERT(uiop->uio_iovcnt == 1 &&
 2850             (uio_uio_resid(uiop) & (DIRBLKSIZ - 1)) == 0,
 2851             ("nfs readdirrpc bad uio"));
 2852         ncookie.lval[0] = ncookie.lval[1] = 0;
 2853         /*
 2854          * There is no point in reading a lot more than uio_resid, however
 2855          * adding one additional DIRBLKSIZ makes sense. Since uio_resid
 2856          * and nm_readdirsize are both exact multiples of DIRBLKSIZ, this
 2857          * will never make readsize > nm_readdirsize.
 2858          */
 2859         readsize = nmp->nm_readdirsize;
 2860         if (readsize > uio_uio_resid(uiop))
 2861                 readsize = uio_uio_resid(uiop) + DIRBLKSIZ;
 2862 
 2863         *attrflagp = 0;
 2864         if (eofp)
 2865                 *eofp = 0;
 2866         tresid = uio_uio_resid(uiop);
 2867         cookie.lval[0] = cookiep->nfsuquad[0];
 2868         cookie.lval[1] = cookiep->nfsuquad[1];
 2869         nd->nd_mrep = NULL;
 2870 
 2871         /*
 2872          * For NFSv4, first create the "." and ".." entries.
 2873          */
 2874         if (NFSHASNFSV4(nmp)) {
 2875                 reqsize = 6 * NFSX_UNSIGNED;
 2876                 NFSGETATTR_ATTRBIT(&dattrbits);
 2877                 NFSZERO_ATTRBIT(&attrbits);
 2878                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
 2879                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TYPE);
 2880                 if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
 2881                     NFSATTRBIT_MOUNTEDONFILEID)) {
 2882                         NFSSETBIT_ATTRBIT(&attrbits,
 2883                             NFSATTRBIT_MOUNTEDONFILEID);
 2884                         gotmnton = 1;
 2885                 } else {
 2886                         /*
 2887                          * Must fake it. Use the fileno, except when the
 2888                          * fsid is != to that of the directory. For that
 2889                          * case, generate a fake fileno that is not the same.
 2890                          */
 2891                         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
 2892                         gotmnton = 0;
 2893                 }
 2894 
 2895                 /*
 2896                  * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
 2897                  */
 2898                 if (uiop->uio_offset == 0) {
 2899                         NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp);
 2900                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2901                         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2902                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2903                         (void) nfsrv_putattrbit(nd, &attrbits);
 2904                         error = nfscl_request(nd, vp, p, cred, stuff);
 2905                         if (error)
 2906                             return (error);
 2907                         dotfileid = 0;  /* Fake out the compiler. */
 2908                         if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
 2909                             error = nfsm_loadattr(nd, &nfsva);
 2910                             if (error != 0)
 2911                                 goto nfsmout;
 2912                             dotfileid = nfsva.na_fileid;
 2913                         }
 2914                         if (nd->nd_repstat == 0) {
 2915                             NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 2916                             len = fxdr_unsigned(int, *(tl + 4));
 2917                             if (len > 0 && len <= NFSX_V4FHMAX)
 2918                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 2919                             else
 2920                                 error = EPERM;
 2921                             if (!error) {
 2922                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 2923                                 nfsva.na_mntonfileno = UINT64_MAX;
 2924                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 2925                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 2926                                     NULL, NULL, NULL, p, cred);
 2927                                 if (error) {
 2928                                     dotdotfileid = dotfileid;
 2929                                 } else if (gotmnton) {
 2930                                     if (nfsva.na_mntonfileno != UINT64_MAX)
 2931                                         dotdotfileid = nfsva.na_mntonfileno;
 2932                                     else
 2933                                         dotdotfileid = nfsva.na_fileid;
 2934                                 } else if (nfsva.na_filesid[0] ==
 2935                                     dnp->n_vattr.na_filesid[0] &&
 2936                                     nfsva.na_filesid[1] ==
 2937                                     dnp->n_vattr.na_filesid[1]) {
 2938                                     dotdotfileid = nfsva.na_fileid;
 2939                                 } else {
 2940                                     do {
 2941                                         fakefileno--;
 2942                                     } while (fakefileno ==
 2943                                         nfsva.na_fileid);
 2944                                     dotdotfileid = fakefileno;
 2945                                 }
 2946                             }
 2947                         } else if (nd->nd_repstat == NFSERR_NOENT) {
 2948                             /*
 2949                              * Lookupp returns NFSERR_NOENT when we are
 2950                              * at the root, so just use the current dir.
 2951                              */
 2952                             nd->nd_repstat = 0;
 2953                             dotdotfileid = dotfileid;
 2954                         } else {
 2955                             error = nd->nd_repstat;
 2956                         }
 2957                         mbuf_freem(nd->nd_mrep);
 2958                         if (error)
 2959                             return (error);
 2960                         nd->nd_mrep = NULL;
 2961                         dp = (struct dirent *)uio_iov_base(uiop);
 2962                         dp->d_pad0 = dp->d_pad1 = 0;
 2963                         dp->d_off = 0;
 2964                         dp->d_type = DT_DIR;
 2965                         dp->d_fileno = dotfileid;
 2966                         dp->d_namlen = 1;
 2967                         *((uint64_t *)dp->d_name) = 0;  /* Zero pad it. */
 2968                         dp->d_name[0] = '.';
 2969                         dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
 2970                         /*
 2971                          * Just make these offset cookie 0.
 2972                          */
 2973                         tl = (u_int32_t *)&dp->d_name[8];
 2974                         *tl++ = 0;
 2975                         *tl = 0;
 2976                         blksiz += dp->d_reclen;
 2977                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 2978                         uiop->uio_offset += dp->d_reclen;
 2979                         uio_iov_base_add(uiop, dp->d_reclen);
 2980                         uio_iov_len_add(uiop, -(dp->d_reclen));
 2981                         dp = (struct dirent *)uio_iov_base(uiop);
 2982                         dp->d_pad0 = dp->d_pad1 = 0;
 2983                         dp->d_off = 0;
 2984                         dp->d_type = DT_DIR;
 2985                         dp->d_fileno = dotdotfileid;
 2986                         dp->d_namlen = 2;
 2987                         *((uint64_t *)dp->d_name) = 0;
 2988                         dp->d_name[0] = '.';
 2989                         dp->d_name[1] = '.';
 2990                         dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
 2991                         /*
 2992                          * Just make these offset cookie 0.
 2993                          */
 2994                         tl = (u_int32_t *)&dp->d_name[8];
 2995                         *tl++ = 0;
 2996                         *tl = 0;
 2997                         blksiz += dp->d_reclen;
 2998                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 2999                         uiop->uio_offset += dp->d_reclen;
 3000                         uio_iov_base_add(uiop, dp->d_reclen);
 3001                         uio_iov_len_add(uiop, -(dp->d_reclen));
 3002                 }
 3003                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_RDATTRERROR);
 3004         } else {
 3005                 reqsize = 5 * NFSX_UNSIGNED;
 3006         }
 3007 
 3008 
 3009         /*
 3010          * Loop around doing readdir rpc's of size readsize.
 3011          * The stopping criteria is EOF or buffer full.
 3012          */
 3013         while (more_dirs && bigenough) {
 3014                 *attrflagp = 0;
 3015                 NFSCL_REQSTART(nd, NFSPROC_READDIR, vp);
 3016                 if (nd->nd_flag & ND_NFSV2) {
 3017                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 3018                         *tl++ = cookie.lval[1];
 3019                         *tl = txdr_unsigned(readsize);
 3020                 } else {
 3021                         NFSM_BUILD(tl, u_int32_t *, reqsize);
 3022                         *tl++ = cookie.lval[0];
 3023                         *tl++ = cookie.lval[1];
 3024                         if (cookie.qval == 0) {
 3025                                 *tl++ = 0;
 3026                                 *tl++ = 0;
 3027                         } else {
 3028                                 NFSLOCKNODE(dnp);
 3029                                 *tl++ = dnp->n_cookieverf.nfsuquad[0];
 3030                                 *tl++ = dnp->n_cookieverf.nfsuquad[1];
 3031                                 NFSUNLOCKNODE(dnp);
 3032                         }
 3033                         if (nd->nd_flag & ND_NFSV4) {
 3034                                 *tl++ = txdr_unsigned(readsize);
 3035                                 *tl = txdr_unsigned(readsize);
 3036                                 (void) nfsrv_putattrbit(nd, &attrbits);
 3037                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 3038                                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3039                                 (void) nfsrv_putattrbit(nd, &dattrbits);
 3040                         } else {
 3041                                 *tl = txdr_unsigned(readsize);
 3042                         }
 3043                 }
 3044                 error = nfscl_request(nd, vp, p, cred, stuff);
 3045                 if (error)
 3046                         return (error);
 3047                 if (!(nd->nd_flag & ND_NFSV2)) {
 3048                         if (nd->nd_flag & ND_NFSV3)
 3049                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 3050                                     stuff);
 3051                         if (!nd->nd_repstat && !error) {
 3052                                 NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
 3053                                 NFSLOCKNODE(dnp);
 3054                                 dnp->n_cookieverf.nfsuquad[0] = *tl++;
 3055                                 dnp->n_cookieverf.nfsuquad[1] = *tl;
 3056                                 NFSUNLOCKNODE(dnp);
 3057                         }
 3058                 }
 3059                 if (nd->nd_repstat || error) {
 3060                         if (!error)
 3061                                 error = nd->nd_repstat;
 3062                         goto nfsmout;
 3063                 }
 3064                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3065                 more_dirs = fxdr_unsigned(int, *tl);
 3066                 if (!more_dirs)
 3067                         tryformoredirs = 0;
 3068         
 3069                 /* loop through the dir entries, doctoring them to 4bsd form */
 3070                 while (more_dirs && bigenough) {
 3071                         if (nd->nd_flag & ND_NFSV4) {
 3072                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3073                                 ncookie.lval[0] = *tl++;
 3074                                 ncookie.lval[1] = *tl++;
 3075                                 len = fxdr_unsigned(int, *tl);
 3076                         } else if (nd->nd_flag & ND_NFSV3) {
 3077                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3078                                 nfsva.na_fileid = fxdr_hyper(tl);
 3079                                 tl += 2;
 3080                                 len = fxdr_unsigned(int, *tl);
 3081                         } else {
 3082                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 3083                                 nfsva.na_fileid = fxdr_unsigned(uint64_t,
 3084                                     *tl++);
 3085                                 len = fxdr_unsigned(int, *tl);
 3086                         }
 3087                         if (len <= 0 || len > NFS_MAXNAMLEN) {
 3088                                 error = EBADRPC;
 3089                                 goto nfsmout;
 3090                         }
 3091                         tlen = roundup2(len, 8);
 3092                         if (tlen == len)
 3093                                 tlen += 8;  /* To ensure null termination. */
 3094                         left = DIRBLKSIZ - blksiz;
 3095                         if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) {
 3096                                 NFSBZERO(uio_iov_base(uiop), left);
 3097                                 dp->d_reclen += left;
 3098                                 uio_iov_base_add(uiop, left);
 3099                                 uio_iov_len_add(uiop, -(left));
 3100                                 uio_uio_resid_add(uiop, -(left));
 3101                                 uiop->uio_offset += left;
 3102                                 blksiz = 0;
 3103                         }
 3104                         if (_GENERIC_DIRLEN(len) + NFSX_HYPER >
 3105                             uio_uio_resid(uiop))
 3106                                 bigenough = 0;
 3107                         if (bigenough) {
 3108                                 dp = (struct dirent *)uio_iov_base(uiop);
 3109                                 dp->d_pad0 = dp->d_pad1 = 0;
 3110                                 dp->d_off = 0;
 3111                                 dp->d_namlen = len;
 3112                                 dp->d_reclen = _GENERIC_DIRLEN(len) +
 3113                                     NFSX_HYPER;
 3114                                 dp->d_type = DT_UNKNOWN;
 3115                                 blksiz += dp->d_reclen;
 3116                                 if (blksiz == DIRBLKSIZ)
 3117                                         blksiz = 0;
 3118                                 uio_uio_resid_add(uiop, -(DIRHDSIZ));
 3119                                 uiop->uio_offset += DIRHDSIZ;
 3120                                 uio_iov_base_add(uiop, DIRHDSIZ);
 3121                                 uio_iov_len_add(uiop, -(DIRHDSIZ));
 3122                                 error = nfsm_mbufuio(nd, uiop, len);
 3123                                 if (error)
 3124                                         goto nfsmout;
 3125                                 cp = uio_iov_base(uiop);
 3126                                 tlen -= len;
 3127                                 NFSBZERO(cp, tlen);
 3128                                 cp += tlen;     /* points to cookie storage */
 3129                                 tl2 = (u_int32_t *)cp;
 3130                                 uio_iov_base_add(uiop, (tlen + NFSX_HYPER));
 3131                                 uio_iov_len_add(uiop, -(tlen + NFSX_HYPER));
 3132                                 uio_uio_resid_add(uiop, -(tlen + NFSX_HYPER));
 3133                                 uiop->uio_offset += (tlen + NFSX_HYPER);
 3134                         } else {
 3135                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 3136                                 if (error)
 3137                                         goto nfsmout;
 3138                         }
 3139                         if (nd->nd_flag & ND_NFSV4) {
 3140                                 rderr = 0;
 3141                                 nfsva.na_mntonfileno = UINT64_MAX;
 3142                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 3143                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 3144                                     NULL, NULL, &rderr, p, cred);
 3145                                 if (error)
 3146                                         goto nfsmout;
 3147                                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3148                         } else if (nd->nd_flag & ND_NFSV3) {
 3149                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3150                                 ncookie.lval[0] = *tl++;
 3151                                 ncookie.lval[1] = *tl++;
 3152                         } else {
 3153                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 3154                                 ncookie.lval[0] = 0;
 3155                                 ncookie.lval[1] = *tl++;
 3156                         }
 3157                         if (bigenough) {
 3158                             if (nd->nd_flag & ND_NFSV4) {
 3159                                 if (rderr) {
 3160                                     dp->d_fileno = 0;
 3161                                 } else {
 3162                                     if (gotmnton) {
 3163                                         if (nfsva.na_mntonfileno != UINT64_MAX)
 3164                                             dp->d_fileno = nfsva.na_mntonfileno;
 3165                                         else
 3166                                             dp->d_fileno = nfsva.na_fileid;
 3167                                     } else if (nfsva.na_filesid[0] ==
 3168                                         dnp->n_vattr.na_filesid[0] &&
 3169                                         nfsva.na_filesid[1] ==
 3170                                         dnp->n_vattr.na_filesid[1]) {
 3171                                         dp->d_fileno = nfsva.na_fileid;
 3172                                     } else {
 3173                                         do {
 3174                                             fakefileno--;
 3175                                         } while (fakefileno ==
 3176                                             nfsva.na_fileid);
 3177                                         dp->d_fileno = fakefileno;
 3178                                     }
 3179                                     dp->d_type = vtonfs_dtype(nfsva.na_type);
 3180                                 }
 3181                             } else {
 3182                                 dp->d_fileno = nfsva.na_fileid;
 3183                             }
 3184                             *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
 3185                                 ncookie.lval[0];
 3186                             *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
 3187                                 ncookie.lval[1];
 3188                         }
 3189                         more_dirs = fxdr_unsigned(int, *tl);
 3190                 }
 3191                 /*
 3192                  * If at end of rpc data, get the eof boolean
 3193                  */
 3194                 if (!more_dirs) {
 3195                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3196                         eof = fxdr_unsigned(int, *tl);
 3197                         if (tryformoredirs)
 3198                                 more_dirs = !eof;
 3199                         if (nd->nd_flag & ND_NFSV4) {
 3200                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 3201                                     stuff);
 3202                                 if (error)
 3203                                         goto nfsmout;
 3204                         }
 3205                 }
 3206                 mbuf_freem(nd->nd_mrep);
 3207                 nd->nd_mrep = NULL;
 3208         }
 3209         /*
 3210          * Fill last record, iff any, out to a multiple of DIRBLKSIZ
 3211          * by increasing d_reclen for the last record.
 3212          */
 3213         if (blksiz > 0) {
 3214                 left = DIRBLKSIZ - blksiz;
 3215                 NFSBZERO(uio_iov_base(uiop), left);
 3216                 dp->d_reclen += left;
 3217                 uio_iov_base_add(uiop, left);
 3218                 uio_iov_len_add(uiop, -(left));
 3219                 uio_uio_resid_add(uiop, -(left));
 3220                 uiop->uio_offset += left;
 3221         }
 3222 
 3223         /*
 3224          * If returning no data, assume end of file.
 3225          * If not bigenough, return not end of file, since you aren't
 3226          *    returning all the data
 3227          * Otherwise, return the eof flag from the server.
 3228          */
 3229         if (eofp) {
 3230                 if (tresid == ((size_t)(uio_uio_resid(uiop))))
 3231                         *eofp = 1;
 3232                 else if (!bigenough)
 3233                         *eofp = 0;
 3234                 else
 3235                         *eofp = eof;
 3236         }
 3237 
 3238         /*
 3239          * Add extra empty records to any remaining DIRBLKSIZ chunks.
 3240          */
 3241         while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) {
 3242                 dp = (struct dirent *)uio_iov_base(uiop);
 3243                 NFSBZERO(dp, DIRBLKSIZ);
 3244                 dp->d_type = DT_UNKNOWN;
 3245                 tl = (u_int32_t *)&dp->d_name[4];
 3246                 *tl++ = cookie.lval[0];
 3247                 *tl = cookie.lval[1];
 3248                 dp->d_reclen = DIRBLKSIZ;
 3249                 uio_iov_base_add(uiop, DIRBLKSIZ);
 3250                 uio_iov_len_add(uiop, -(DIRBLKSIZ));
 3251                 uio_uio_resid_add(uiop, -(DIRBLKSIZ));
 3252                 uiop->uio_offset += DIRBLKSIZ;
 3253         }
 3254 
 3255 nfsmout:
 3256         if (nd->nd_mrep != NULL)
 3257                 mbuf_freem(nd->nd_mrep);
 3258         return (error);
 3259 }
 3260 
 3261 #ifndef APPLE
 3262 /*
 3263  * NFS V3 readdir plus RPC. Used in place of nfsrpc_readdir().
 3264  * (Also used for NFS V4 when mount flag set.)
 3265  * (ditto above w.r.t. multiple of DIRBLKSIZ, etc.)
 3266  */
 3267 APPLESTATIC int
 3268 nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
 3269     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 3270     int *eofp, void *stuff)
 3271 {
 3272         int len, left;
 3273         struct dirent *dp = NULL;
 3274         u_int32_t *tl;
 3275         vnode_t newvp = NULLVP;
 3276         struct nfsrv_descript nfsd, *nd = &nfsd;
 3277         struct nameidata nami, *ndp = &nami;
 3278         struct componentname *cnp = &ndp->ni_cnd;
 3279         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3280         struct nfsnode *dnp = VTONFS(vp), *np;
 3281         struct nfsvattr nfsva;
 3282         struct nfsfh *nfhp;
 3283         nfsquad_t cookie, ncookie;
 3284         int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
 3285         int attrflag, tryformoredirs = 1, eof = 0, gotmnton = 0;
 3286         int isdotdot = 0, unlocknewvp = 0;
 3287         u_int64_t dotfileid, dotdotfileid = 0, fakefileno = UINT64_MAX;
 3288         u_int64_t fileno = 0;
 3289         char *cp;
 3290         nfsattrbit_t attrbits, dattrbits;
 3291         size_t tresid;
 3292         u_int32_t *tl2 = NULL, rderr;
 3293         struct timespec dctime;
 3294 
 3295         KASSERT(uiop->uio_iovcnt == 1 &&
 3296             (uio_uio_resid(uiop) & (DIRBLKSIZ - 1)) == 0,
 3297             ("nfs readdirplusrpc bad uio"));
 3298         ncookie.lval[0] = ncookie.lval[1] = 0;
 3299         timespecclear(&dctime);
 3300         *attrflagp = 0;
 3301         if (eofp != NULL)
 3302                 *eofp = 0;
 3303         ndp->ni_dvp = vp;
 3304         nd->nd_mrep = NULL;
 3305         cookie.lval[0] = cookiep->nfsuquad[0];
 3306         cookie.lval[1] = cookiep->nfsuquad[1];
 3307         tresid = uio_uio_resid(uiop);
 3308 
 3309         /*
 3310          * For NFSv4, first create the "." and ".." entries.
 3311          */
 3312         if (NFSHASNFSV4(nmp)) {
 3313                 NFSGETATTR_ATTRBIT(&dattrbits);
 3314                 NFSZERO_ATTRBIT(&attrbits);
 3315                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
 3316                 if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
 3317                     NFSATTRBIT_MOUNTEDONFILEID)) {
 3318                         NFSSETBIT_ATTRBIT(&attrbits,
 3319                             NFSATTRBIT_MOUNTEDONFILEID);
 3320                         gotmnton = 1;
 3321                 } else {
 3322                         /*
 3323                          * Must fake it. Use the fileno, except when the
 3324                          * fsid is != to that of the directory. For that
 3325                          * case, generate a fake fileno that is not the same.
 3326                          */
 3327                         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
 3328                         gotmnton = 0;
 3329                 }
 3330 
 3331                 /*
 3332                  * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
 3333                  */
 3334                 if (uiop->uio_offset == 0) {
 3335                         NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp);
 3336                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 3337                         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 3338                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3339                         (void) nfsrv_putattrbit(nd, &attrbits);
 3340                         error = nfscl_request(nd, vp, p, cred, stuff);
 3341                         if (error)
 3342                             return (error);
 3343                         dotfileid = 0;  /* Fake out the compiler. */
 3344                         if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
 3345                             error = nfsm_loadattr(nd, &nfsva);
 3346                             if (error != 0)
 3347                                 goto nfsmout;
 3348                             dctime = nfsva.na_ctime;
 3349                             dotfileid = nfsva.na_fileid;
 3350                         }
 3351                         if (nd->nd_repstat == 0) {
 3352                             NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 3353                             len = fxdr_unsigned(int, *(tl + 4));
 3354                             if (len > 0 && len <= NFSX_V4FHMAX)
 3355                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 3356                             else
 3357                                 error = EPERM;
 3358                             if (!error) {
 3359                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 3360                                 nfsva.na_mntonfileno = UINT64_MAX;
 3361                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 3362                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 3363                                     NULL, NULL, NULL, p, cred);
 3364                                 if (error) {
 3365                                     dotdotfileid = dotfileid;
 3366                                 } else if (gotmnton) {
 3367                                     if (nfsva.na_mntonfileno != UINT64_MAX)
 3368                                         dotdotfileid = nfsva.na_mntonfileno;
 3369                                     else
 3370                                         dotdotfileid = nfsva.na_fileid;
 3371                                 } else if (nfsva.na_filesid[0] ==
 3372                                     dnp->n_vattr.na_filesid[0] &&
 3373                                     nfsva.na_filesid[1] ==
 3374                                     dnp->n_vattr.na_filesid[1]) {
 3375                                     dotdotfileid = nfsva.na_fileid;
 3376                                 } else {
 3377                                     do {
 3378                                         fakefileno--;
 3379                                     } while (fakefileno ==
 3380                                         nfsva.na_fileid);
 3381                                     dotdotfileid = fakefileno;
 3382                                 }
 3383                             }
 3384                         } else if (nd->nd_repstat == NFSERR_NOENT) {
 3385                             /*
 3386                              * Lookupp returns NFSERR_NOENT when we are
 3387                              * at the root, so just use the current dir.
 3388                              */
 3389                             nd->nd_repstat = 0;
 3390                             dotdotfileid = dotfileid;
 3391                         } else {
 3392                             error = nd->nd_repstat;
 3393                         }
 3394                         mbuf_freem(nd->nd_mrep);
 3395                         if (error)
 3396                             return (error);
 3397                         nd->nd_mrep = NULL;
 3398                         dp = (struct dirent *)uio_iov_base(uiop);
 3399                         dp->d_pad0 = dp->d_pad1 = 0;
 3400                         dp->d_off = 0;
 3401                         dp->d_type = DT_DIR;
 3402                         dp->d_fileno = dotfileid;
 3403                         dp->d_namlen = 1;
 3404                         *((uint64_t *)dp->d_name) = 0;  /* Zero pad it. */
 3405                         dp->d_name[0] = '.';
 3406                         dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
 3407                         /*
 3408                          * Just make these offset cookie 0.
 3409                          */
 3410                         tl = (u_int32_t *)&dp->d_name[8];
 3411                         *tl++ = 0;
 3412                         *tl = 0;
 3413                         blksiz += dp->d_reclen;
 3414                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 3415                         uiop->uio_offset += dp->d_reclen;
 3416                         uio_iov_base_add(uiop, dp->d_reclen);
 3417                         uio_iov_len_add(uiop, -(dp->d_reclen));
 3418                         dp = (struct dirent *)uio_iov_base(uiop);
 3419                         dp->d_pad0 = dp->d_pad1 = 0;
 3420                         dp->d_off = 0;
 3421                         dp->d_type = DT_DIR;
 3422                         dp->d_fileno = dotdotfileid;
 3423                         dp->d_namlen = 2;
 3424                         *((uint64_t *)dp->d_name) = 0;
 3425                         dp->d_name[0] = '.';
 3426                         dp->d_name[1] = '.';
 3427                         dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
 3428                         /*
 3429                          * Just make these offset cookie 0.
 3430                          */
 3431                         tl = (u_int32_t *)&dp->d_name[8];
 3432                         *tl++ = 0;
 3433                         *tl = 0;
 3434                         blksiz += dp->d_reclen;
 3435                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 3436                         uiop->uio_offset += dp->d_reclen;
 3437                         uio_iov_base_add(uiop, dp->d_reclen);
 3438                         uio_iov_len_add(uiop, -(dp->d_reclen));
 3439                 }
 3440                 NFSREADDIRPLUS_ATTRBIT(&attrbits);
 3441                 if (gotmnton)
 3442                         NFSSETBIT_ATTRBIT(&attrbits,
 3443                             NFSATTRBIT_MOUNTEDONFILEID);
 3444         }
 3445 
 3446         /*
 3447          * Loop around doing readdir rpc's of size nm_readdirsize.
 3448          * The stopping criteria is EOF or buffer full.
 3449          */
 3450         while (more_dirs && bigenough) {
 3451                 *attrflagp = 0;
 3452                 NFSCL_REQSTART(nd, NFSPROC_READDIRPLUS, vp);
 3453                 NFSM_BUILD(tl, u_int32_t *, 6 * NFSX_UNSIGNED);
 3454                 *tl++ = cookie.lval[0];
 3455                 *tl++ = cookie.lval[1];
 3456                 if (cookie.qval == 0) {
 3457                         *tl++ = 0;
 3458                         *tl++ = 0;
 3459                 } else {
 3460                         NFSLOCKNODE(dnp);
 3461                         *tl++ = dnp->n_cookieverf.nfsuquad[0];
 3462                         *tl++ = dnp->n_cookieverf.nfsuquad[1];
 3463                         NFSUNLOCKNODE(dnp);
 3464                 }
 3465                 *tl++ = txdr_unsigned(nmp->nm_readdirsize);
 3466                 *tl = txdr_unsigned(nmp->nm_readdirsize);
 3467                 if (nd->nd_flag & ND_NFSV4) {
 3468                         (void) nfsrv_putattrbit(nd, &attrbits);
 3469                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 3470                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3471                         (void) nfsrv_putattrbit(nd, &dattrbits);
 3472                 }
 3473                 error = nfscl_request(nd, vp, p, cred, stuff);
 3474                 if (error)
 3475                         return (error);
 3476                 if (nd->nd_flag & ND_NFSV3)
 3477                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 3478                 if (nd->nd_repstat || error) {
 3479                         if (!error)
 3480                                 error = nd->nd_repstat;
 3481                         goto nfsmout;
 3482                 }
 3483                 if ((nd->nd_flag & ND_NFSV3) != 0 && *attrflagp != 0)
 3484                         dctime = nap->na_ctime;
 3485                 NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3486                 NFSLOCKNODE(dnp);
 3487                 dnp->n_cookieverf.nfsuquad[0] = *tl++;
 3488                 dnp->n_cookieverf.nfsuquad[1] = *tl++;
 3489                 NFSUNLOCKNODE(dnp);
 3490                 more_dirs = fxdr_unsigned(int, *tl);
 3491                 if (!more_dirs)
 3492                         tryformoredirs = 0;
 3493         
 3494                 /* loop through the dir entries, doctoring them to 4bsd form */
 3495                 while (more_dirs && bigenough) {
 3496                         NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3497                         if (nd->nd_flag & ND_NFSV4) {
 3498                                 ncookie.lval[0] = *tl++;
 3499                                 ncookie.lval[1] = *tl++;
 3500                         } else {
 3501                                 fileno = fxdr_hyper(tl);
 3502                                 tl += 2;
 3503                         }
 3504                         len = fxdr_unsigned(int, *tl);
 3505                         if (len <= 0 || len > NFS_MAXNAMLEN) {
 3506                                 error = EBADRPC;
 3507                                 goto nfsmout;
 3508                         }
 3509                         tlen = roundup2(len, 8);
 3510                         if (tlen == len)
 3511                                 tlen += 8;  /* To ensure null termination. */
 3512                         left = DIRBLKSIZ - blksiz;
 3513                         if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) {
 3514                                 NFSBZERO(uio_iov_base(uiop), left);
 3515                                 dp->d_reclen += left;
 3516                                 uio_iov_base_add(uiop, left);
 3517                                 uio_iov_len_add(uiop, -(left));
 3518                                 uio_uio_resid_add(uiop, -(left));
 3519                                 uiop->uio_offset += left;
 3520                                 blksiz = 0;
 3521                         }
 3522                         if (_GENERIC_DIRLEN(len) + NFSX_HYPER >
 3523                             uio_uio_resid(uiop))
 3524                                 bigenough = 0;
 3525                         if (bigenough) {
 3526                                 dp = (struct dirent *)uio_iov_base(uiop);
 3527                                 dp->d_pad0 = dp->d_pad1 = 0;
 3528                                 dp->d_off = 0;
 3529                                 dp->d_namlen = len;
 3530                                 dp->d_reclen = _GENERIC_DIRLEN(len) +
 3531                                     NFSX_HYPER;
 3532                                 dp->d_type = DT_UNKNOWN;
 3533                                 blksiz += dp->d_reclen;
 3534                                 if (blksiz == DIRBLKSIZ)
 3535                                         blksiz = 0;
 3536                                 uio_uio_resid_add(uiop, -(DIRHDSIZ));
 3537                                 uiop->uio_offset += DIRHDSIZ;
 3538                                 uio_iov_base_add(uiop, DIRHDSIZ);
 3539                                 uio_iov_len_add(uiop, -(DIRHDSIZ));
 3540                                 cnp->cn_nameptr = uio_iov_base(uiop);
 3541                                 cnp->cn_namelen = len;
 3542                                 NFSCNHASHZERO(cnp);
 3543                                 error = nfsm_mbufuio(nd, uiop, len);
 3544                                 if (error)
 3545                                         goto nfsmout;
 3546                                 cp = uio_iov_base(uiop);
 3547                                 tlen -= len;
 3548                                 NFSBZERO(cp, tlen);
 3549                                 cp += tlen;     /* points to cookie storage */
 3550                                 tl2 = (u_int32_t *)cp;
 3551                                 if (len == 2 && cnp->cn_nameptr[0] == '.' &&
 3552                                     cnp->cn_nameptr[1] == '.')
 3553                                         isdotdot = 1;
 3554                                 else
 3555                                         isdotdot = 0;
 3556                                 uio_iov_base_add(uiop, (tlen + NFSX_HYPER));
 3557                                 uio_iov_len_add(uiop, -(tlen + NFSX_HYPER));
 3558                                 uio_uio_resid_add(uiop, -(tlen + NFSX_HYPER));
 3559                                 uiop->uio_offset += (tlen + NFSX_HYPER);
 3560                         } else {
 3561                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 3562                                 if (error)
 3563                                         goto nfsmout;
 3564                         }
 3565                         nfhp = NULL;
 3566                         if (nd->nd_flag & ND_NFSV3) {
 3567                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3568                                 ncookie.lval[0] = *tl++;
 3569                                 ncookie.lval[1] = *tl++;
 3570                                 attrflag = fxdr_unsigned(int, *tl);
 3571                                 if (attrflag) {
 3572                                   error = nfsm_loadattr(nd, &nfsva);
 3573                                   if (error)
 3574                                         goto nfsmout;
 3575                                 }
 3576                                 NFSM_DISSECT(tl,u_int32_t *,NFSX_UNSIGNED);
 3577                                 if (*tl) {
 3578                                         error = nfsm_getfh(nd, &nfhp);
 3579                                         if (error)
 3580                                             goto nfsmout;
 3581                                 }
 3582                                 if (!attrflag && nfhp != NULL) {
 3583                                         free(nfhp, M_NFSFH);
 3584                                         nfhp = NULL;
 3585                                 }
 3586                         } else {
 3587                                 rderr = 0;
 3588                                 nfsva.na_mntonfileno = 0xffffffff;
 3589                                 error = nfsv4_loadattr(nd, NULL, &nfsva, &nfhp,
 3590                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 3591                                     NULL, NULL, &rderr, p, cred);
 3592                                 if (error)
 3593                                         goto nfsmout;
 3594                         }
 3595 
 3596                         if (bigenough) {
 3597                             if (nd->nd_flag & ND_NFSV4) {
 3598                                 if (rderr) {
 3599                                     dp->d_fileno = 0;
 3600                                 } else if (gotmnton) {
 3601                                     if (nfsva.na_mntonfileno != 0xffffffff)
 3602                                         dp->d_fileno = nfsva.na_mntonfileno;
 3603                                     else
 3604                                         dp->d_fileno = nfsva.na_fileid;
 3605                                 } else if (nfsva.na_filesid[0] ==
 3606                                     dnp->n_vattr.na_filesid[0] &&
 3607                                     nfsva.na_filesid[1] ==
 3608                                     dnp->n_vattr.na_filesid[1]) {
 3609                                     dp->d_fileno = nfsva.na_fileid;
 3610                                 } else {
 3611                                     do {
 3612                                         fakefileno--;
 3613                                     } while (fakefileno ==
 3614                                         nfsva.na_fileid);
 3615                                     dp->d_fileno = fakefileno;
 3616                                 }
 3617                             } else {
 3618                                 dp->d_fileno = fileno;
 3619                             }
 3620                             *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
 3621                                 ncookie.lval[0];
 3622                             *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
 3623                                 ncookie.lval[1];
 3624 
 3625                             if (nfhp != NULL) {
 3626                                 if (NFSRV_CMPFH(nfhp->nfh_fh, nfhp->nfh_len,
 3627                                     dnp->n_fhp->nfh_fh, dnp->n_fhp->nfh_len)) {
 3628                                     VREF(vp);
 3629                                     newvp = vp;
 3630                                     unlocknewvp = 0;
 3631                                     free(nfhp, M_NFSFH);
 3632                                     np = dnp;
 3633                                 } else if (isdotdot != 0) {
 3634                                     /*
 3635                                      * Skip doing a nfscl_nget() call for "..".
 3636                                      * There's a race between acquiring the nfs
 3637                                      * node here and lookups that look for the
 3638                                      * directory being read (in the parent).
 3639                                      * It would try to get a lock on ".." here,
 3640                                      * owning the lock on the directory being
 3641                                      * read. Lookup will hold the lock on ".."
 3642                                      * and try to acquire the lock on the
 3643                                      * directory being read.
 3644                                      * If the directory is unlocked/relocked,
 3645                                      * then there is a LOR with the buflock
 3646                                      * vp is relocked.
 3647                                      */
 3648                                     free(nfhp, M_NFSFH);
 3649                                 } else {
 3650                                     error = nfscl_nget(vnode_mount(vp), vp,
 3651                                       nfhp, cnp, p, &np, NULL, LK_EXCLUSIVE);
 3652                                     if (!error) {
 3653                                         newvp = NFSTOV(np);
 3654                                         unlocknewvp = 1;
 3655                                     }
 3656                                 }
 3657                                 nfhp = NULL;
 3658                                 if (newvp != NULLVP) {
 3659                                     error = nfscl_loadattrcache(&newvp,
 3660                                         &nfsva, NULL, NULL, 0, 0);
 3661                                     if (error) {
 3662                                         if (unlocknewvp)
 3663                                             vput(newvp);
 3664                                         else
 3665                                             vrele(newvp);
 3666                                         goto nfsmout;
 3667                                     }
 3668                                     dp->d_type =
 3669                                         vtonfs_dtype(np->n_vattr.na_type);
 3670                                     ndp->ni_vp = newvp;
 3671                                     NFSCNHASH(cnp, HASHINIT);
 3672                                     if (cnp->cn_namelen <= NCHNAMLEN &&
 3673                                         (newvp->v_type != VDIR ||
 3674                                          dctime.tv_sec != 0)) {
 3675                                         cache_enter_time(ndp->ni_dvp,
 3676                                             ndp->ni_vp, cnp,
 3677                                             &nfsva.na_ctime,
 3678                                             newvp->v_type != VDIR ? NULL :
 3679                                             &dctime);
 3680                                     }
 3681                                     if (unlocknewvp)
 3682                                         vput(newvp);
 3683                                     else
 3684                                         vrele(newvp);
 3685                                     newvp = NULLVP;
 3686                                 }
 3687                             }
 3688                         } else if (nfhp != NULL) {
 3689                             free(nfhp, M_NFSFH);
 3690                         }
 3691                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3692                         more_dirs = fxdr_unsigned(int, *tl);
 3693                 }
 3694                 /*
 3695                  * If at end of rpc data, get the eof boolean
 3696                  */
 3697                 if (!more_dirs) {
 3698                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3699                         eof = fxdr_unsigned(int, *tl);
 3700                         if (tryformoredirs)
 3701                                 more_dirs = !eof;
 3702                         if (nd->nd_flag & ND_NFSV4) {
 3703                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 3704                                     stuff);
 3705                                 if (error)
 3706                                         goto nfsmout;
 3707                         }
 3708                 }
 3709                 mbuf_freem(nd->nd_mrep);
 3710                 nd->nd_mrep = NULL;
 3711         }
 3712         /*
 3713          * Fill last record, iff any, out to a multiple of DIRBLKSIZ
 3714          * by increasing d_reclen for the last record.
 3715          */
 3716         if (blksiz > 0) {
 3717                 left = DIRBLKSIZ - blksiz;
 3718                 NFSBZERO(uio_iov_base(uiop), left);
 3719                 dp->d_reclen += left;
 3720                 uio_iov_base_add(uiop, left);
 3721                 uio_iov_len_add(uiop, -(left));
 3722                 uio_uio_resid_add(uiop, -(left));
 3723                 uiop->uio_offset += left;
 3724         }
 3725 
 3726         /*
 3727          * If returning no data, assume end of file.
 3728          * If not bigenough, return not end of file, since you aren't
 3729          *    returning all the data
 3730          * Otherwise, return the eof flag from the server.
 3731          */
 3732         if (eofp != NULL) {
 3733                 if (tresid == uio_uio_resid(uiop))
 3734                         *eofp = 1;
 3735                 else if (!bigenough)
 3736                         *eofp = 0;
 3737                 else
 3738                         *eofp = eof;
 3739         }
 3740 
 3741         /*
 3742          * Add extra empty records to any remaining DIRBLKSIZ chunks.
 3743          */
 3744         while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) {
 3745                 dp = (struct dirent *)uio_iov_base(uiop);
 3746                 NFSBZERO(dp, DIRBLKSIZ);
 3747                 dp->d_type = DT_UNKNOWN;
 3748                 tl = (u_int32_t *)&dp->d_name[4];
 3749                 *tl++ = cookie.lval[0];
 3750                 *tl = cookie.lval[1];
 3751                 dp->d_reclen = DIRBLKSIZ;
 3752                 uio_iov_base_add(uiop, DIRBLKSIZ);
 3753                 uio_iov_len_add(uiop, -(DIRBLKSIZ));
 3754                 uio_uio_resid_add(uiop, -(DIRBLKSIZ));
 3755                 uiop->uio_offset += DIRBLKSIZ;
 3756         }
 3757 
 3758 nfsmout:
 3759         if (nd->nd_mrep != NULL)
 3760                 mbuf_freem(nd->nd_mrep);
 3761         return (error);
 3762 }
 3763 #endif  /* !APPLE */
 3764 
 3765 /*
 3766  * Nfs commit rpc
 3767  */
 3768 APPLESTATIC int
 3769 nfsrpc_commit(vnode_t vp, u_quad_t offset, int cnt, struct ucred *cred,
 3770     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 3771 {
 3772         u_int32_t *tl;
 3773         struct nfsrv_descript nfsd, *nd = &nfsd;
 3774         nfsattrbit_t attrbits;
 3775         int error;
 3776         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3777         
 3778         *attrflagp = 0;
 3779         NFSCL_REQSTART(nd, NFSPROC_COMMIT, vp);
 3780         NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3781         txdr_hyper(offset, tl);
 3782         tl += 2;
 3783         *tl = txdr_unsigned(cnt);
 3784         if (nd->nd_flag & ND_NFSV4) {
 3785                 /*
 3786                  * And do a Getattr op.
 3787                  */
 3788                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 3789                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3790                 NFSGETATTR_ATTRBIT(&attrbits);
 3791                 (void) nfsrv_putattrbit(nd, &attrbits);
 3792         }
 3793         error = nfscl_request(nd, vp, p, cred, stuff);
 3794         if (error)
 3795                 return (error);
 3796         error = nfscl_wcc_data(nd, vp, nap, attrflagp, NULL, stuff);
 3797         if (!error && !nd->nd_repstat) {
 3798                 NFSM_DISSECT(tl, u_int32_t *, NFSX_VERF);
 3799                 NFSLOCKMNT(nmp);
 3800                 if (NFSBCMP(nmp->nm_verf, tl, NFSX_VERF)) {
 3801                         NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 3802                         nd->nd_repstat = NFSERR_STALEWRITEVERF;
 3803                 }
 3804                 NFSUNLOCKMNT(nmp);
 3805                 if (nd->nd_flag & ND_NFSV4)
 3806                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 3807         }
 3808 nfsmout:
 3809         if (!error && nd->nd_repstat)
 3810                 error = nd->nd_repstat;
 3811         mbuf_freem(nd->nd_mrep);
 3812         return (error);
 3813 }
 3814 
 3815 /*
 3816  * NFS byte range lock rpc.
 3817  * (Mostly just calls one of the three lower level RPC routines.)
 3818  */
 3819 APPLESTATIC int
 3820 nfsrpc_advlock(vnode_t vp, off_t size, int op, struct flock *fl,
 3821     int reclaim, struct ucred *cred, NFSPROC_T *p, void *id, int flags)
 3822 {
 3823         struct nfscllockowner *lp;
 3824         struct nfsclclient *clp;
 3825         struct nfsfh *nfhp;
 3826         struct nfsrv_descript nfsd, *nd = &nfsd;
 3827         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3828         u_int64_t off, len;
 3829         off_t start, end;
 3830         u_int32_t clidrev = 0;
 3831         int error = 0, newone = 0, expireret = 0, retrycnt, donelocally;
 3832         int callcnt, dorpc;
 3833 
 3834         /*
 3835          * Convert the flock structure into a start and end and do POSIX
 3836          * bounds checking.
 3837          */
 3838         switch (fl->l_whence) {
 3839         case SEEK_SET:
 3840         case SEEK_CUR:
 3841                 /*
 3842                  * Caller is responsible for adding any necessary offset
 3843                  * when SEEK_CUR is used.
 3844                  */
 3845                 start = fl->l_start;
 3846                 off = fl->l_start;
 3847                 break;
 3848         case SEEK_END:
 3849                 start = size + fl->l_start;
 3850                 off = size + fl->l_start;
 3851                 break;
 3852         default:
 3853                 return (EINVAL);
 3854         }
 3855         if (start < 0)
 3856                 return (EINVAL);
 3857         if (fl->l_len != 0) {
 3858                 end = start + fl->l_len - 1;
 3859                 if (end < start)
 3860                         return (EINVAL);
 3861         }
 3862 
 3863         len = fl->l_len;
 3864         if (len == 0)
 3865                 len = NFS64BITSSET;
 3866         retrycnt = 0;
 3867         do {
 3868             nd->nd_repstat = 0;
 3869             if (op == F_GETLK) {
 3870                 error = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
 3871                 if (error)
 3872                         return (error);
 3873                 error = nfscl_lockt(vp, clp, off, len, fl, p, id, flags);
 3874                 if (!error) {
 3875                         clidrev = clp->nfsc_clientidrev;
 3876                         error = nfsrpc_lockt(nd, vp, clp, off, len, fl, cred,
 3877                             p, id, flags);
 3878                 } else if (error == -1) {
 3879                         error = 0;
 3880                 }
 3881                 nfscl_clientrelease(clp);
 3882             } else if (op == F_UNLCK && fl->l_type == F_UNLCK) {
 3883                 /*
 3884                  * We must loop around for all lockowner cases.
 3885                  */
 3886                 callcnt = 0;
 3887                 error = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
 3888                 if (error)
 3889                         return (error);
 3890                 do {
 3891                     error = nfscl_relbytelock(vp, off, len, cred, p, callcnt,
 3892                         clp, id, flags, &lp, &dorpc);
 3893                     /*
 3894                      * If it returns a NULL lp, we're done.
 3895                      */
 3896                     if (lp == NULL) {
 3897                         if (callcnt == 0)
 3898                             nfscl_clientrelease(clp);
 3899                         else
 3900                             nfscl_releasealllocks(clp, vp, p, id, flags);
 3901                         return (error);
 3902                     }
 3903                     if (nmp->nm_clp != NULL)
 3904                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 3905                     else
 3906                         clidrev = 0;
 3907                     /*
 3908                      * If the server doesn't support Posix lock semantics,
 3909                      * only allow locks on the entire file, since it won't
 3910                      * handle overlapping byte ranges.
 3911                      * There might still be a problem when a lock
 3912                      * upgrade/downgrade (read<->write) occurs, since the
 3913                      * server "might" expect an unlock first?
 3914                      */
 3915                     if (dorpc && (lp->nfsl_open->nfso_posixlock ||
 3916                         (off == 0 && len == NFS64BITSSET))) {
 3917                         /*
 3918                          * Since the lock records will go away, we must
 3919                          * wait for grace and delay here.
 3920                          */
 3921                         do {
 3922                             error = nfsrpc_locku(nd, nmp, lp, off, len,
 3923                                 NFSV4LOCKT_READ, cred, p, 0);
 3924                             if ((nd->nd_repstat == NFSERR_GRACE ||
 3925                                  nd->nd_repstat == NFSERR_DELAY) &&
 3926                                 error == 0)
 3927                                 (void) nfs_catnap(PZERO, (int)nd->nd_repstat,
 3928                                     "nfs_advlock");
 3929                         } while ((nd->nd_repstat == NFSERR_GRACE ||
 3930                             nd->nd_repstat == NFSERR_DELAY) && error == 0);
 3931                     }
 3932                     callcnt++;
 3933                 } while (error == 0 && nd->nd_repstat == 0);
 3934                 nfscl_releasealllocks(clp, vp, p, id, flags);
 3935             } else if (op == F_SETLK) {
 3936                 error = nfscl_getbytelock(vp, off, len, fl->l_type, cred, p,
 3937                     NULL, 0, id, flags, NULL, NULL, &lp, &newone, &donelocally);
 3938                 if (error || donelocally) {
 3939                         return (error);
 3940                 }
 3941                 if (nmp->nm_clp != NULL)
 3942                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 3943                 else
 3944                         clidrev = 0;
 3945                 nfhp = VTONFS(vp)->n_fhp;
 3946                 if (!lp->nfsl_open->nfso_posixlock &&
 3947                     (off != 0 || len != NFS64BITSSET)) {
 3948                         error = EINVAL;
 3949                 } else {
 3950                         error = nfsrpc_lock(nd, nmp, vp, nfhp->nfh_fh,
 3951                             nfhp->nfh_len, lp, newone, reclaim, off,
 3952                             len, fl->l_type, cred, p, 0);
 3953                 }
 3954                 if (!error)
 3955                         error = nd->nd_repstat;
 3956                 nfscl_lockrelease(lp, error, newone);
 3957             } else {
 3958                 error = EINVAL;
 3959             }
 3960             if (!error)
 3961                 error = nd->nd_repstat;
 3962             if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 3963                 error == NFSERR_STALEDONTRECOVER ||
 3964                 error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
 3965                 error == NFSERR_BADSESSION) {
 3966                 (void) nfs_catnap(PZERO, error, "nfs_advlock");
 3967             } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
 3968                 && clidrev != 0) {
 3969                 expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 3970                 retrycnt++;
 3971             }
 3972         } while (error == NFSERR_GRACE ||
 3973             error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
 3974             error == NFSERR_STALEDONTRECOVER || error == NFSERR_STALESTATEID ||
 3975             error == NFSERR_BADSESSION ||
 3976             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 3977              expireret == 0 && clidrev != 0 && retrycnt < 4));
 3978         if (error && retrycnt >= 4)
 3979                 error = EIO;
 3980         return (error);
 3981 }
 3982 
 3983 /*
 3984  * The lower level routine for the LockT case.
 3985  */
 3986 APPLESTATIC int
 3987 nfsrpc_lockt(struct nfsrv_descript *nd, vnode_t vp,
 3988     struct nfsclclient *clp, u_int64_t off, u_int64_t len, struct flock *fl,
 3989     struct ucred *cred, NFSPROC_T *p, void *id, int flags)
 3990 {
 3991         u_int32_t *tl;
 3992         int error, type, size;
 3993         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 3994         struct nfsnode *np;
 3995         struct nfsmount *nmp;
 3996         struct nfsclsession *tsep;
 3997 
 3998         nmp = VFSTONFS(vp->v_mount);
 3999         NFSCL_REQSTART(nd, NFSPROC_LOCKT, vp);
 4000         NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
 4001         if (fl->l_type == F_RDLCK)
 4002                 *tl++ = txdr_unsigned(NFSV4LOCKT_READ);
 4003         else
 4004                 *tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
 4005         txdr_hyper(off, tl);
 4006         tl += 2;
 4007         txdr_hyper(len, tl);
 4008         tl += 2;
 4009         tsep = nfsmnt_mdssession(nmp);
 4010         *tl++ = tsep->nfsess_clientid.lval[0];
 4011         *tl = tsep->nfsess_clientid.lval[1];
 4012         nfscl_filllockowner(id, own, flags);
 4013         np = VTONFS(vp);
 4014         NFSBCOPY(np->n_fhp->nfh_fh, &own[NFSV4CL_LOCKNAMELEN],
 4015             np->n_fhp->nfh_len);
 4016         (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + np->n_fhp->nfh_len);
 4017         error = nfscl_request(nd, vp, p, cred, NULL);
 4018         if (error)
 4019                 return (error);
 4020         if (nd->nd_repstat == 0) {
 4021                 fl->l_type = F_UNLCK;
 4022         } else if (nd->nd_repstat == NFSERR_DENIED) {
 4023                 nd->nd_repstat = 0;
 4024                 fl->l_whence = SEEK_SET;
 4025                 NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
 4026                 fl->l_start = fxdr_hyper(tl);
 4027                 tl += 2;
 4028                 len = fxdr_hyper(tl);
 4029                 tl += 2;
 4030                 if (len == NFS64BITSSET)
 4031                         fl->l_len = 0;
 4032                 else
 4033                         fl->l_len = len;
 4034                 type = fxdr_unsigned(int, *tl++);
 4035                 if (type == NFSV4LOCKT_WRITE)
 4036                         fl->l_type = F_WRLCK;
 4037                 else
 4038                         fl->l_type = F_RDLCK;
 4039                 /*
 4040                  * XXX For now, I have no idea what to do with the
 4041                  * conflicting lock_owner, so I'll just set the pid == 0
 4042                  * and skip over the lock_owner.
 4043                  */
 4044                 fl->l_pid = (pid_t)0;
 4045                 tl += 2;
 4046                 size = fxdr_unsigned(int, *tl);
 4047                 if (size < 0 || size > NFSV4_OPAQUELIMIT)
 4048                         error = EBADRPC;
 4049                 if (!error)
 4050                         error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
 4051         } else if (nd->nd_repstat == NFSERR_STALECLIENTID)
 4052                 nfscl_initiate_recovery(clp);
 4053 nfsmout:
 4054         mbuf_freem(nd->nd_mrep);
 4055         return (error);
 4056 }
 4057 
 4058 /*
 4059  * Lower level function that performs the LockU RPC.
 4060  */
 4061 static int
 4062 nfsrpc_locku(struct nfsrv_descript *nd, struct nfsmount *nmp,
 4063     struct nfscllockowner *lp, u_int64_t off, u_int64_t len,
 4064     u_int32_t type, struct ucred *cred, NFSPROC_T *p, int syscred)
 4065 {
 4066         u_int32_t *tl;
 4067         int error;
 4068 
 4069         nfscl_reqstart(nd, NFSPROC_LOCKU, nmp, lp->nfsl_open->nfso_fh,
 4070             lp->nfsl_open->nfso_fhlen, NULL, NULL, 0, 0);
 4071         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 6 * NFSX_UNSIGNED);
 4072         *tl++ = txdr_unsigned(type);
 4073         *tl = txdr_unsigned(lp->nfsl_seqid);
 4074         if (nfstest_outofseq &&
 4075             (arc4random() % nfstest_outofseq) == 0)
 4076                 *tl = txdr_unsigned(lp->nfsl_seqid + 1);
 4077         tl++;
 4078         if (NFSHASNFSV4N(nmp))
 4079                 *tl++ = 0;
 4080         else
 4081                 *tl++ = lp->nfsl_stateid.seqid;
 4082         *tl++ = lp->nfsl_stateid.other[0];
 4083         *tl++ = lp->nfsl_stateid.other[1];
 4084         *tl++ = lp->nfsl_stateid.other[2];
 4085         txdr_hyper(off, tl);
 4086         tl += 2;
 4087         txdr_hyper(len, tl);
 4088         if (syscred)
 4089                 nd->nd_flag |= ND_USEGSSNAME;
 4090         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4091             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4092         NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
 4093         if (error)
 4094                 return (error);
 4095         if (nd->nd_repstat == 0) {
 4096                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
 4097                 lp->nfsl_stateid.seqid = *tl++;
 4098                 lp->nfsl_stateid.other[0] = *tl++;
 4099                 lp->nfsl_stateid.other[1] = *tl++;
 4100                 lp->nfsl_stateid.other[2] = *tl;
 4101         } else if (nd->nd_repstat == NFSERR_STALESTATEID)
 4102                 nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
 4103 nfsmout:
 4104         mbuf_freem(nd->nd_mrep);
 4105         return (error);
 4106 }
 4107 
 4108 /*
 4109  * The actual Lock RPC.
 4110  */
 4111 APPLESTATIC int
 4112 nfsrpc_lock(struct nfsrv_descript *nd, struct nfsmount *nmp, vnode_t vp,
 4113     u_int8_t *nfhp, int fhlen, struct nfscllockowner *lp, int newone,
 4114     int reclaim, u_int64_t off, u_int64_t len, short type, struct ucred *cred,
 4115     NFSPROC_T *p, int syscred)
 4116 {
 4117         u_int32_t *tl;
 4118         int error, size;
 4119         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 4120         struct nfsclsession *tsep;
 4121 
 4122         nfscl_reqstart(nd, NFSPROC_LOCK, nmp, nfhp, fhlen, NULL, NULL, 0, 0);
 4123         NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
 4124         if (type == F_RDLCK)
 4125                 *tl++ = txdr_unsigned(NFSV4LOCKT_READ);
 4126         else
 4127                 *tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
 4128         *tl++ = txdr_unsigned(reclaim);
 4129         txdr_hyper(off, tl);
 4130         tl += 2;
 4131         txdr_hyper(len, tl);
 4132         tl += 2;
 4133         if (newone) {
 4134             *tl = newnfs_true;
 4135             NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
 4136                 2 * NFSX_UNSIGNED + NFSX_HYPER);
 4137             *tl++ = txdr_unsigned(lp->nfsl_open->nfso_own->nfsow_seqid);
 4138             if (NFSHASNFSV4N(nmp))
 4139                 *tl++ = 0;
 4140             else
 4141                 *tl++ = lp->nfsl_open->nfso_stateid.seqid;
 4142             *tl++ = lp->nfsl_open->nfso_stateid.other[0];
 4143             *tl++ = lp->nfsl_open->nfso_stateid.other[1];
 4144             *tl++ = lp->nfsl_open->nfso_stateid.other[2];
 4145             *tl++ = txdr_unsigned(lp->nfsl_seqid);
 4146             tsep = nfsmnt_mdssession(nmp);
 4147             *tl++ = tsep->nfsess_clientid.lval[0];
 4148             *tl = tsep->nfsess_clientid.lval[1];
 4149             NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
 4150             NFSBCOPY(nfhp, &own[NFSV4CL_LOCKNAMELEN], fhlen);
 4151             (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
 4152         } else {
 4153             *tl = newnfs_false;
 4154             NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + NFSX_UNSIGNED);
 4155             if (NFSHASNFSV4N(nmp))
 4156                 *tl++ = 0;
 4157             else
 4158                 *tl++ = lp->nfsl_stateid.seqid;
 4159             *tl++ = lp->nfsl_stateid.other[0];
 4160             *tl++ = lp->nfsl_stateid.other[1];
 4161             *tl++ = lp->nfsl_stateid.other[2];
 4162             *tl = txdr_unsigned(lp->nfsl_seqid);
 4163             if (nfstest_outofseq &&
 4164                 (arc4random() % nfstest_outofseq) == 0)
 4165                     *tl = txdr_unsigned(lp->nfsl_seqid + 1);
 4166         }
 4167         if (syscred)
 4168                 nd->nd_flag |= ND_USEGSSNAME;
 4169         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
 4170             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4171         if (error)
 4172                 return (error);
 4173         if (newone)
 4174             NFSCL_INCRSEQID(lp->nfsl_open->nfso_own->nfsow_seqid, nd);
 4175         NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
 4176         if (nd->nd_repstat == 0) {
 4177                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
 4178                 lp->nfsl_stateid.seqid = *tl++;
 4179                 lp->nfsl_stateid.other[0] = *tl++;
 4180                 lp->nfsl_stateid.other[1] = *tl++;
 4181                 lp->nfsl_stateid.other[2] = *tl;
 4182         } else if (nd->nd_repstat == NFSERR_DENIED) {
 4183                 NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
 4184                 size = fxdr_unsigned(int, *(tl + 7));
 4185                 if (size < 0 || size > NFSV4_OPAQUELIMIT)
 4186                         error = EBADRPC;
 4187                 if (!error)
 4188                         error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
 4189         } else if (nd->nd_repstat == NFSERR_STALESTATEID)
 4190                 nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
 4191 nfsmout:
 4192         mbuf_freem(nd->nd_mrep);
 4193         return (error);
 4194 }
 4195 
 4196 /*
 4197  * nfs statfs rpc
 4198  * (always called with the vp for the mount point)
 4199  */
 4200 APPLESTATIC int
 4201 nfsrpc_statfs(vnode_t vp, struct nfsstatfs *sbp, struct nfsfsinfo *fsp,
 4202     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 4203     void *stuff)
 4204 {
 4205         u_int32_t *tl = NULL;
 4206         struct nfsrv_descript nfsd, *nd = &nfsd;
 4207         struct nfsmount *nmp;
 4208         nfsattrbit_t attrbits;
 4209         int error;
 4210 
 4211         *attrflagp = 0;
 4212         nmp = VFSTONFS(vnode_mount(vp));
 4213         if (NFSHASNFSV4(nmp)) {
 4214                 /*
 4215                  * For V4, you actually do a getattr.
 4216                  */
 4217                 NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
 4218                 NFSSTATFS_GETATTRBIT(&attrbits);
 4219                 (void) nfsrv_putattrbit(nd, &attrbits);
 4220                 nd->nd_flag |= ND_USEGSSNAME;
 4221                 error = nfscl_request(nd, vp, p, cred, stuff);
 4222                 if (error)
 4223                         return (error);
 4224                 if (nd->nd_repstat == 0) {
 4225                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 4226                             NULL, NULL, sbp, fsp, NULL, 0, NULL, NULL, NULL, p,
 4227                             cred);
 4228                         if (!error) {
 4229                                 nmp->nm_fsid[0] = nap->na_filesid[0];
 4230                                 nmp->nm_fsid[1] = nap->na_filesid[1];
 4231                                 NFSSETHASSETFSID(nmp);
 4232                                 *attrflagp = 1;
 4233                         }
 4234                 } else {
 4235                         error = nd->nd_repstat;
 4236                 }
 4237                 if (error)
 4238                         goto nfsmout;
 4239         } else {
 4240                 NFSCL_REQSTART(nd, NFSPROC_FSSTAT, vp);
 4241                 error = nfscl_request(nd, vp, p, cred, stuff);
 4242                 if (error)
 4243                         return (error);
 4244                 if (nd->nd_flag & ND_NFSV3) {
 4245                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4246                         if (error)
 4247                                 goto nfsmout;
 4248                 }
 4249                 if (nd->nd_repstat) {
 4250                         error = nd->nd_repstat;
 4251                         goto nfsmout;
 4252                 }
 4253                 NFSM_DISSECT(tl, u_int32_t *,
 4254                     NFSX_STATFS(nd->nd_flag & ND_NFSV3));
 4255         }
 4256         if (NFSHASNFSV3(nmp)) {
 4257                 sbp->sf_tbytes = fxdr_hyper(tl); tl += 2;
 4258                 sbp->sf_fbytes = fxdr_hyper(tl); tl += 2;
 4259                 sbp->sf_abytes = fxdr_hyper(tl); tl += 2;
 4260                 sbp->sf_tfiles = fxdr_hyper(tl); tl += 2;
 4261                 sbp->sf_ffiles = fxdr_hyper(tl); tl += 2;
 4262                 sbp->sf_afiles = fxdr_hyper(tl); tl += 2;
 4263                 sbp->sf_invarsec = fxdr_unsigned(u_int32_t, *tl);
 4264         } else if (NFSHASNFSV4(nmp) == 0) {
 4265                 sbp->sf_tsize = fxdr_unsigned(u_int32_t, *tl++);
 4266                 sbp->sf_bsize = fxdr_unsigned(u_int32_t, *tl++);
 4267                 sbp->sf_blocks = fxdr_unsigned(u_int32_t, *tl++);
 4268                 sbp->sf_bfree = fxdr_unsigned(u_int32_t, *tl++);
 4269                 sbp->sf_bavail = fxdr_unsigned(u_int32_t, *tl);
 4270         }
 4271 nfsmout:
 4272         mbuf_freem(nd->nd_mrep);
 4273         return (error);
 4274 }
 4275 
 4276 /*
 4277  * nfs pathconf rpc
 4278  */
 4279 APPLESTATIC int
 4280 nfsrpc_pathconf(vnode_t vp, struct nfsv3_pathconf *pc,
 4281     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 4282     void *stuff)
 4283 {
 4284         struct nfsrv_descript nfsd, *nd = &nfsd;
 4285         struct nfsmount *nmp;
 4286         u_int32_t *tl;
 4287         nfsattrbit_t attrbits;
 4288         int error;
 4289 
 4290         *attrflagp = 0;
 4291         nmp = VFSTONFS(vnode_mount(vp));
 4292         if (NFSHASNFSV4(nmp)) {
 4293                 /*
 4294                  * For V4, you actually do a getattr.
 4295                  */
 4296                 NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
 4297                 NFSPATHCONF_GETATTRBIT(&attrbits);
 4298                 (void) nfsrv_putattrbit(nd, &attrbits);
 4299                 nd->nd_flag |= ND_USEGSSNAME;
 4300                 error = nfscl_request(nd, vp, p, cred, stuff);
 4301                 if (error)
 4302                         return (error);
 4303                 if (nd->nd_repstat == 0) {
 4304                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 4305                             pc, NULL, NULL, NULL, NULL, 0, NULL, NULL, NULL, p,
 4306                             cred);
 4307                         if (!error)
 4308                                 *attrflagp = 1;
 4309                 } else {
 4310                         error = nd->nd_repstat;
 4311                 }
 4312         } else {
 4313                 NFSCL_REQSTART(nd, NFSPROC_PATHCONF, vp);
 4314                 error = nfscl_request(nd, vp, p, cred, stuff);
 4315                 if (error)
 4316                         return (error);
 4317                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4318                 if (nd->nd_repstat && !error)
 4319                         error = nd->nd_repstat;
 4320                 if (!error) {
 4321                         NFSM_DISSECT(tl, u_int32_t *, NFSX_V3PATHCONF);
 4322                         pc->pc_linkmax = fxdr_unsigned(u_int32_t, *tl++);
 4323                         pc->pc_namemax = fxdr_unsigned(u_int32_t, *tl++);
 4324                         pc->pc_notrunc = fxdr_unsigned(u_int32_t, *tl++);
 4325                         pc->pc_chownrestricted =
 4326                             fxdr_unsigned(u_int32_t, *tl++);
 4327                         pc->pc_caseinsensitive =
 4328                             fxdr_unsigned(u_int32_t, *tl++);
 4329                         pc->pc_casepreserving = fxdr_unsigned(u_int32_t, *tl);
 4330                 }
 4331         }
 4332 nfsmout:
 4333         mbuf_freem(nd->nd_mrep);
 4334         return (error);
 4335 }
 4336 
 4337 /*
 4338  * nfs version 3 fsinfo rpc call
 4339  */
 4340 APPLESTATIC int
 4341 nfsrpc_fsinfo(vnode_t vp, struct nfsfsinfo *fsp, struct ucred *cred,
 4342     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 4343 {
 4344         u_int32_t *tl;
 4345         struct nfsrv_descript nfsd, *nd = &nfsd;
 4346         int error;
 4347 
 4348         *attrflagp = 0;
 4349         NFSCL_REQSTART(nd, NFSPROC_FSINFO, vp);
 4350         error = nfscl_request(nd, vp, p, cred, stuff);
 4351         if (error)
 4352                 return (error);
 4353         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4354         if (nd->nd_repstat && !error)
 4355                 error = nd->nd_repstat;
 4356         if (!error) {
 4357                 NFSM_DISSECT(tl, u_int32_t *, NFSX_V3FSINFO);
 4358                 fsp->fs_rtmax = fxdr_unsigned(u_int32_t, *tl++);
 4359                 fsp->fs_rtpref = fxdr_unsigned(u_int32_t, *tl++);
 4360                 fsp->fs_rtmult = fxdr_unsigned(u_int32_t, *tl++);
 4361                 fsp->fs_wtmax = fxdr_unsigned(u_int32_t, *tl++);
 4362                 fsp->fs_wtpref = fxdr_unsigned(u_int32_t, *tl++);
 4363                 fsp->fs_wtmult = fxdr_unsigned(u_int32_t, *tl++);
 4364                 fsp->fs_dtpref = fxdr_unsigned(u_int32_t, *tl++);
 4365                 fsp->fs_maxfilesize = fxdr_hyper(tl);
 4366                 tl += 2;
 4367                 fxdr_nfsv3time(tl, &fsp->fs_timedelta);
 4368                 tl += 2;
 4369                 fsp->fs_properties = fxdr_unsigned(u_int32_t, *tl);
 4370         }
 4371 nfsmout:
 4372         mbuf_freem(nd->nd_mrep);
 4373         return (error);
 4374 }
 4375 
 4376 /*
 4377  * This function performs the Renew RPC.
 4378  */
 4379 APPLESTATIC int
 4380 nfsrpc_renew(struct nfsclclient *clp, struct nfsclds *dsp, struct ucred *cred,
 4381     NFSPROC_T *p)
 4382 {
 4383         u_int32_t *tl;
 4384         struct nfsrv_descript nfsd;
 4385         struct nfsrv_descript *nd = &nfsd;
 4386         struct nfsmount *nmp;
 4387         int error;
 4388         struct nfssockreq *nrp;
 4389         struct nfsclsession *tsep;
 4390 
 4391         nmp = clp->nfsc_nmp;
 4392         if (nmp == NULL)
 4393                 return (0);
 4394         if (dsp == NULL)
 4395                 nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL, NULL, 0,
 4396                     0);
 4397         else
 4398                 nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL,
 4399                     &dsp->nfsclds_sess, 0, 0);
 4400         if (!NFSHASNFSV4N(nmp)) {
 4401                 /* NFSv4.1 just uses a Sequence Op and not a Renew. */
 4402                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 4403                 tsep = nfsmnt_mdssession(nmp);
 4404                 *tl++ = tsep->nfsess_clientid.lval[0];
 4405                 *tl = tsep->nfsess_clientid.lval[1];
 4406         }
 4407         nrp = NULL;
 4408         if (dsp != NULL)
 4409                 nrp = dsp->nfsclds_sockp;
 4410         if (nrp == NULL)
 4411                 /* If NULL, use the MDS socket. */
 4412                 nrp = &nmp->nm_sockreq;
 4413         nd->nd_flag |= ND_USEGSSNAME;
 4414         if (dsp == NULL)
 4415                 error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
 4416                     NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4417         else {
 4418                 error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
 4419                     NFS_PROG, NFS_VER4, NULL, 1, NULL, &dsp->nfsclds_sess);
 4420                 if (error == ENXIO)
 4421                         nfscl_cancelreqs(dsp);
 4422         }
 4423         if (error)
 4424                 return (error);
 4425         error = nd->nd_repstat;
 4426         mbuf_freem(nd->nd_mrep);
 4427         return (error);
 4428 }
 4429 
 4430 /*
 4431  * This function performs the Releaselockowner RPC.
 4432  */
 4433 APPLESTATIC int
 4434 nfsrpc_rellockown(struct nfsmount *nmp, struct nfscllockowner *lp,
 4435     uint8_t *fh, int fhlen, struct ucred *cred, NFSPROC_T *p)
 4436 {
 4437         struct nfsrv_descript nfsd, *nd = &nfsd;
 4438         u_int32_t *tl;
 4439         int error;
 4440         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 4441         struct nfsclsession *tsep;
 4442 
 4443         if (NFSHASNFSV4N(nmp)) {
 4444                 /* For NFSv4.1, do a FreeStateID. */
 4445                 nfscl_reqstart(nd, NFSPROC_FREESTATEID, nmp, NULL, 0, NULL,
 4446                     NULL, 0, 0);
 4447                 nfsm_stateidtom(nd, &lp->nfsl_stateid, NFSSTATEID_PUTSTATEID);
 4448         } else {
 4449                 nfscl_reqstart(nd, NFSPROC_RELEASELCKOWN, nmp, NULL, 0, NULL,
 4450                     NULL, 0, 0);
 4451                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 4452                 tsep = nfsmnt_mdssession(nmp);
 4453                 *tl++ = tsep->nfsess_clientid.lval[0];
 4454                 *tl = tsep->nfsess_clientid.lval[1];
 4455                 NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
 4456                 NFSBCOPY(fh, &own[NFSV4CL_LOCKNAMELEN], fhlen);
 4457                 (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
 4458         }
 4459         nd->nd_flag |= ND_USEGSSNAME;
 4460         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4461             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4462         if (error)
 4463                 return (error);
 4464         error = nd->nd_repstat;
 4465         mbuf_freem(nd->nd_mrep);
 4466         return (error);
 4467 }
 4468 
 4469 /*
 4470  * This function performs the Compound to get the mount pt FH.
 4471  */
 4472 APPLESTATIC int
 4473 nfsrpc_getdirpath(struct nfsmount *nmp, u_char *dirpath, struct ucred *cred,
 4474     NFSPROC_T *p)
 4475 {
 4476         u_int32_t *tl;
 4477         struct nfsrv_descript nfsd;
 4478         struct nfsrv_descript *nd = &nfsd;
 4479         u_char *cp, *cp2;
 4480         int error, cnt, len, setnil;
 4481         u_int32_t *opcntp;
 4482 
 4483         nfscl_reqstart(nd, NFSPROC_PUTROOTFH, nmp, NULL, 0, &opcntp, NULL, 0,
 4484             0);
 4485         cp = dirpath;
 4486         cnt = 0;
 4487         do {
 4488                 setnil = 0;
 4489                 while (*cp == '/')
 4490                         cp++;
 4491                 cp2 = cp;
 4492                 while (*cp2 != '\0' && *cp2 != '/')
 4493                         cp2++;
 4494                 if (*cp2 == '/') {
 4495                         setnil = 1;
 4496                         *cp2 = '\0';
 4497                 }
 4498                 if (cp2 != cp) {
 4499                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 4500                         *tl = txdr_unsigned(NFSV4OP_LOOKUP);
 4501                         nfsm_strtom(nd, cp, strlen(cp));
 4502                         cnt++;
 4503                 }
 4504                 if (setnil)
 4505                         *cp2++ = '/';
 4506                 cp = cp2;
 4507         } while (*cp != '\0');
 4508         if (NFSHASNFSV4N(nmp))
 4509                 /* Has a Sequence Op done by nfscl_reqstart(). */
 4510                 *opcntp = txdr_unsigned(3 + cnt);
 4511         else
 4512                 *opcntp = txdr_unsigned(2 + cnt);
 4513         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 4514         *tl = txdr_unsigned(NFSV4OP_GETFH);
 4515         nd->nd_flag |= ND_USEGSSNAME;
 4516         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4517                 NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4518         if (error)
 4519                 return (error);
 4520         if (nd->nd_repstat == 0) {
 4521                 NFSM_DISSECT(tl, u_int32_t *, (3 + 2 * cnt) * NFSX_UNSIGNED);
 4522                 tl += (2 + 2 * cnt);
 4523                 if ((len = fxdr_unsigned(int, *tl)) <= 0 ||
 4524                         len > NFSX_FHMAX) {
 4525                         nd->nd_repstat = NFSERR_BADXDR;
 4526                 } else {
 4527                         nd->nd_repstat = nfsrv_mtostr(nd, nmp->nm_fh, len);
 4528                         if (nd->nd_repstat == 0)
 4529                                 nmp->nm_fhsize = len;
 4530                 }
 4531         }
 4532         error = nd->nd_repstat;
 4533 nfsmout:
 4534         mbuf_freem(nd->nd_mrep);
 4535         return (error);
 4536 }
 4537 
 4538 /*
 4539  * This function performs the Delegreturn RPC.
 4540  */
 4541 APPLESTATIC int
 4542 nfsrpc_delegreturn(struct nfscldeleg *dp, struct ucred *cred,
 4543     struct nfsmount *nmp, NFSPROC_T *p, int syscred)
 4544 {
 4545         u_int32_t *tl;
 4546         struct nfsrv_descript nfsd;
 4547         struct nfsrv_descript *nd = &nfsd;
 4548         int error;
 4549 
 4550         nfscl_reqstart(nd, NFSPROC_DELEGRETURN, nmp, dp->nfsdl_fh,
 4551             dp->nfsdl_fhlen, NULL, NULL, 0, 0);
 4552         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 4553         if (NFSHASNFSV4N(nmp))
 4554                 *tl++ = 0;
 4555         else
 4556                 *tl++ = dp->nfsdl_stateid.seqid;
 4557         *tl++ = dp->nfsdl_stateid.other[0];
 4558         *tl++ = dp->nfsdl_stateid.other[1];
 4559         *tl = dp->nfsdl_stateid.other[2];
 4560         if (syscred)
 4561                 nd->nd_flag |= ND_USEGSSNAME;
 4562         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4563             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4564         if (error)
 4565                 return (error);
 4566         error = nd->nd_repstat;
 4567         mbuf_freem(nd->nd_mrep);
 4568         return (error);
 4569 }
 4570 
 4571 /*
 4572  * nfs getacl call.
 4573  */
 4574 APPLESTATIC int
 4575 nfsrpc_getacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4576     struct acl *aclp, void *stuff)
 4577 {
 4578         struct nfsrv_descript nfsd, *nd = &nfsd;
 4579         int error;
 4580         nfsattrbit_t attrbits;
 4581         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4582         
 4583         if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
 4584                 return (EOPNOTSUPP);
 4585         NFSCL_REQSTART(nd, NFSPROC_GETACL, vp);
 4586         NFSZERO_ATTRBIT(&attrbits);
 4587         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
 4588         (void) nfsrv_putattrbit(nd, &attrbits);
 4589         error = nfscl_request(nd, vp, p, cred, stuff);
 4590         if (error)
 4591                 return (error);
 4592         if (!nd->nd_repstat)
 4593                 error = nfsv4_loadattr(nd, vp, NULL, NULL, NULL, 0, NULL,
 4594                     NULL, NULL, NULL, aclp, 0, NULL, NULL, NULL, p, cred);
 4595         else
 4596                 error = nd->nd_repstat;
 4597         mbuf_freem(nd->nd_mrep);
 4598         return (error);
 4599 }
 4600 
 4601 /*
 4602  * nfs setacl call.
 4603  */
 4604 APPLESTATIC int
 4605 nfsrpc_setacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4606     struct acl *aclp, void *stuff)
 4607 {
 4608         int error;
 4609         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4610         
 4611         if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
 4612                 return (EOPNOTSUPP);
 4613         error = nfsrpc_setattr(vp, NULL, aclp, cred, p, NULL, NULL, stuff);
 4614         return (error);
 4615 }
 4616 
 4617 /*
 4618  * nfs setacl call.
 4619  */
 4620 static int
 4621 nfsrpc_setaclrpc(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4622     struct acl *aclp, nfsv4stateid_t *stateidp, void *stuff)
 4623 {
 4624         struct nfsrv_descript nfsd, *nd = &nfsd;
 4625         int error;
 4626         nfsattrbit_t attrbits;
 4627         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4628         
 4629         if (!NFSHASNFSV4(nmp))
 4630                 return (EOPNOTSUPP);
 4631         NFSCL_REQSTART(nd, NFSPROC_SETACL, vp);
 4632         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 4633         NFSZERO_ATTRBIT(&attrbits);
 4634         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
 4635         (void) nfsv4_fillattr(nd, vnode_mount(vp), vp, aclp, NULL, NULL, 0,
 4636             &attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0, NULL);
 4637         error = nfscl_request(nd, vp, p, cred, stuff);
 4638         if (error)
 4639                 return (error);
 4640         /* Don't care about the pre/postop attributes */
 4641         mbuf_freem(nd->nd_mrep);
 4642         return (nd->nd_repstat);
 4643 }
 4644 
 4645 /*
 4646  * Do the NFSv4.1 Exchange ID.
 4647  */
 4648 int
 4649 nfsrpc_exchangeid(struct nfsmount *nmp, struct nfsclclient *clp,
 4650     struct nfssockreq *nrp, uint32_t exchflags, struct nfsclds **dspp,
 4651     struct ucred *cred, NFSPROC_T *p)
 4652 {
 4653         uint32_t *tl, v41flags;
 4654         struct nfsrv_descript nfsd;
 4655         struct nfsrv_descript *nd = &nfsd;
 4656         struct nfsclds *dsp;
 4657         struct timespec verstime;
 4658         int error, len;
 4659 
 4660         *dspp = NULL;
 4661         nfscl_reqstart(nd, NFSPROC_EXCHANGEID, nmp, NULL, 0, NULL, NULL, 0, 0);
 4662         NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
 4663         *tl++ = txdr_unsigned(nfsboottime.tv_sec);      /* Client owner */
 4664         *tl = txdr_unsigned(clp->nfsc_rev);
 4665         (void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
 4666 
 4667         NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
 4668         *tl++ = txdr_unsigned(exchflags);
 4669         *tl++ = txdr_unsigned(NFSV4EXCH_SP4NONE);
 4670 
 4671         /* Set the implementation id4 */
 4672         *tl = txdr_unsigned(1);
 4673         (void) nfsm_strtom(nd, "freebsd.org", strlen("freebsd.org"));
 4674         (void) nfsm_strtom(nd, version, strlen(version));
 4675         NFSM_BUILD(tl, uint32_t *, NFSX_V4TIME);
 4676         verstime.tv_sec = 1293840000;           /* Jan 1, 2011 */
 4677         verstime.tv_nsec = 0;
 4678         txdr_nfsv4time(&verstime, tl);
 4679         nd->nd_flag |= ND_USEGSSNAME;
 4680         error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
 4681             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4682         NFSCL_DEBUG(1, "exchangeid err=%d reps=%d\n", error,
 4683             (int)nd->nd_repstat);
 4684         if (error != 0)
 4685                 return (error);
 4686         if (nd->nd_repstat == 0) {
 4687                 NFSM_DISSECT(tl, uint32_t *, 6 * NFSX_UNSIGNED + NFSX_HYPER);
 4688                 len = fxdr_unsigned(int, *(tl + 7));
 4689                 if (len < 0 || len > NFSV4_OPAQUELIMIT) {
 4690                         error = NFSERR_BADXDR;
 4691                         goto nfsmout;
 4692                 }
 4693                 dsp = malloc(sizeof(struct nfsclds) + len + 1, M_NFSCLDS,
 4694                     M_WAITOK | M_ZERO);
 4695                 dsp->nfsclds_expire = NFSD_MONOSEC + clp->nfsc_renew;
 4696                 dsp->nfsclds_servownlen = len;
 4697                 dsp->nfsclds_sess.nfsess_clientid.lval[0] = *tl++;
 4698                 dsp->nfsclds_sess.nfsess_clientid.lval[1] = *tl++;
 4699                 dsp->nfsclds_sess.nfsess_sequenceid =
 4700                     fxdr_unsigned(uint32_t, *tl++);
 4701                 v41flags = fxdr_unsigned(uint32_t, *tl);
 4702                 if ((v41flags & NFSV4EXCH_USEPNFSMDS) != 0 &&
 4703                     NFSHASPNFSOPT(nmp)) {
 4704                         NFSCL_DEBUG(1, "set PNFS\n");
 4705                         NFSLOCKMNT(nmp);
 4706                         nmp->nm_state |= NFSSTA_PNFS;
 4707                         NFSUNLOCKMNT(nmp);
 4708                         dsp->nfsclds_flags |= NFSCLDS_MDS;
 4709                 }
 4710                 if ((v41flags & NFSV4EXCH_USEPNFSDS) != 0)
 4711                         dsp->nfsclds_flags |= NFSCLDS_DS;
 4712                 if (len > 0)
 4713                         nd->nd_repstat = nfsrv_mtostr(nd,
 4714                             dsp->nfsclds_serverown, len);
 4715                 if (nd->nd_repstat == 0) {
 4716                         mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
 4717                         mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
 4718                             NULL, MTX_DEF);
 4719                         nfscl_initsessionslots(&dsp->nfsclds_sess);
 4720                         *dspp = dsp;
 4721                 } else
 4722                         free(dsp, M_NFSCLDS);
 4723         }
 4724         error = nd->nd_repstat;
 4725 nfsmout:
 4726         mbuf_freem(nd->nd_mrep);
 4727         return (error);
 4728 }
 4729 
 4730 /*
 4731  * Do the NFSv4.1 Create Session.
 4732  */
 4733 int
 4734 nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep,
 4735     struct nfssockreq *nrp, uint32_t sequenceid, int mds, struct ucred *cred,
 4736     NFSPROC_T *p)
 4737 {
 4738         uint32_t crflags, maxval, *tl;
 4739         struct nfsrv_descript nfsd;
 4740         struct nfsrv_descript *nd = &nfsd;
 4741         int error, irdcnt;
 4742 
 4743         /* Make sure nm_rsize, nm_wsize is set. */
 4744         if (nmp->nm_rsize > NFS_MAXBSIZE || nmp->nm_rsize == 0)
 4745                 nmp->nm_rsize = NFS_MAXBSIZE;
 4746         if (nmp->nm_wsize > NFS_MAXBSIZE || nmp->nm_wsize == 0)
 4747                 nmp->nm_wsize = NFS_MAXBSIZE;
 4748         nfscl_reqstart(nd, NFSPROC_CREATESESSION, nmp, NULL, 0, NULL, NULL, 0,
 4749             0);
 4750         NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED);
 4751         *tl++ = sep->nfsess_clientid.lval[0];
 4752         *tl++ = sep->nfsess_clientid.lval[1];
 4753         *tl++ = txdr_unsigned(sequenceid);
 4754         crflags = (NFSMNT_RDONLY(nmp->nm_mountp) ? 0 : NFSV4CRSESS_PERSIST);
 4755         if (nfscl_enablecallb != 0 && nfs_numnfscbd > 0 && mds != 0)
 4756                 crflags |= NFSV4CRSESS_CONNBACKCHAN;
 4757         *tl = txdr_unsigned(crflags);
 4758 
 4759         /* Fill in fore channel attributes. */
 4760         NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4761         *tl++ = 0;                              /* Header pad size */
 4762         *tl++ = txdr_unsigned(nmp->nm_wsize + NFS_MAXXDR);/* Max request size */
 4763         *tl++ = txdr_unsigned(nmp->nm_rsize + NFS_MAXXDR);/* Max reply size */
 4764         *tl++ = txdr_unsigned(4096);            /* Max response size cached */
 4765         *tl++ = txdr_unsigned(20);              /* Max operations */
 4766         *tl++ = txdr_unsigned(64);              /* Max slots */
 4767         *tl = 0;                                /* No rdma ird */
 4768 
 4769         /* Fill in back channel attributes. */
 4770         NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4771         *tl++ = 0;                              /* Header pad size */
 4772         *tl++ = txdr_unsigned(10000);           /* Max request size */
 4773         *tl++ = txdr_unsigned(10000);           /* Max response size */
 4774         *tl++ = txdr_unsigned(4096);            /* Max response size cached */
 4775         *tl++ = txdr_unsigned(4);               /* Max operations */
 4776         *tl++ = txdr_unsigned(NFSV4_CBSLOTS);   /* Max slots */
 4777         *tl = 0;                                /* No rdma ird */
 4778 
 4779         NFSM_BUILD(tl, uint32_t *, 8 * NFSX_UNSIGNED);
 4780         *tl++ = txdr_unsigned(NFS_CALLBCKPROG); /* Call back prog # */
 4781 
 4782         /* Allow AUTH_SYS callbacks as uid, gid == 0. */
 4783         *tl++ = txdr_unsigned(1);               /* Auth_sys only */
 4784         *tl++ = txdr_unsigned(AUTH_SYS);        /* AUTH_SYS type */
 4785         *tl++ = txdr_unsigned(nfsboottime.tv_sec); /* time stamp */
 4786         *tl++ = 0;                              /* Null machine name */
 4787         *tl++ = 0;                              /* Uid == 0 */
 4788         *tl++ = 0;                              /* Gid == 0 */
 4789         *tl = 0;                                /* No additional gids */
 4790         nd->nd_flag |= ND_USEGSSNAME;
 4791         error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred, NFS_PROG,
 4792             NFS_VER4, NULL, 1, NULL, NULL);
 4793         if (error != 0)
 4794                 return (error);
 4795         if (nd->nd_repstat == 0) {
 4796                 NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
 4797                     2 * NFSX_UNSIGNED);
 4798                 bcopy(tl, sep->nfsess_sessionid, NFSX_V4SESSIONID);
 4799                 tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
 4800                 sep->nfsess_sequenceid = fxdr_unsigned(uint32_t, *tl++);
 4801                 crflags = fxdr_unsigned(uint32_t, *tl);
 4802                 if ((crflags & NFSV4CRSESS_PERSIST) != 0 && mds != 0) {
 4803                         NFSLOCKMNT(nmp);
 4804                         nmp->nm_state |= NFSSTA_SESSPERSIST;
 4805                         NFSUNLOCKMNT(nmp);
 4806                 }
 4807 
 4808                 /* Get the fore channel slot count. */
 4809                 NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4810                 tl++;                   /* Skip the header pad size. */
 4811 
 4812                 /* Make sure nm_wsize is small enough. */
 4813                 maxval = fxdr_unsigned(uint32_t, *tl++);
 4814                 while (maxval < nmp->nm_wsize + NFS_MAXXDR) {
 4815                         if (nmp->nm_wsize > 8096)
 4816                                 nmp->nm_wsize /= 2;
 4817                         else
 4818                                 break;
 4819                 }
 4820 
 4821                 /* Make sure nm_rsize is small enough. */
 4822                 maxval = fxdr_unsigned(uint32_t, *tl++);
 4823                 while (maxval < nmp->nm_rsize + NFS_MAXXDR) {
 4824                         if (nmp->nm_rsize > 8096)
 4825                                 nmp->nm_rsize /= 2;
 4826                         else
 4827                                 break;
 4828                 }
 4829 
 4830                 sep->nfsess_maxcache = fxdr_unsigned(int, *tl++);
 4831                 tl++;
 4832                 sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++);
 4833                 NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots);
 4834                 irdcnt = fxdr_unsigned(int, *tl);
 4835                 if (irdcnt > 0)
 4836                         NFSM_DISSECT(tl, uint32_t *, irdcnt * NFSX_UNSIGNED);
 4837 
 4838                 /* and the back channel slot count. */
 4839                 NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4840                 tl += 5;
 4841                 sep->nfsess_backslots = fxdr_unsigned(uint16_t, *tl);
 4842                 NFSCL_DEBUG(4, "back slots=%d\n", (int)sep->nfsess_backslots);
 4843         }
 4844         error = nd->nd_repstat;
 4845 nfsmout:
 4846         mbuf_freem(nd->nd_mrep);
 4847         return (error);
 4848 }
 4849 
 4850 /*
 4851  * Do the NFSv4.1 Destroy Session.
 4852  */
 4853 int
 4854 nfsrpc_destroysession(struct nfsmount *nmp, struct nfsclclient *clp,
 4855     struct ucred *cred, NFSPROC_T *p)
 4856 {
 4857         uint32_t *tl;
 4858         struct nfsrv_descript nfsd;
 4859         struct nfsrv_descript *nd = &nfsd;
 4860         int error;
 4861         struct nfsclsession *tsep;
 4862 
 4863         nfscl_reqstart(nd, NFSPROC_DESTROYSESSION, nmp, NULL, 0, NULL, NULL, 0,
 4864             0);
 4865         NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID);
 4866         tsep = nfsmnt_mdssession(nmp);
 4867         bcopy(tsep->nfsess_sessionid, tl, NFSX_V4SESSIONID);
 4868         nd->nd_flag |= ND_USEGSSNAME;
 4869         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4870             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4871         if (error != 0)
 4872                 return (error);
 4873         error = nd->nd_repstat;
 4874         mbuf_freem(nd->nd_mrep);
 4875         return (error);
 4876 }
 4877 
 4878 /*
 4879  * Do the NFSv4.1 Destroy Client.
 4880  */
 4881 int
 4882 nfsrpc_destroyclient(struct nfsmount *nmp, struct nfsclclient *clp,
 4883     struct ucred *cred, NFSPROC_T *p)
 4884 {
 4885         uint32_t *tl;
 4886         struct nfsrv_descript nfsd;
 4887         struct nfsrv_descript *nd = &nfsd;
 4888         int error;
 4889         struct nfsclsession *tsep;
 4890 
 4891         nfscl_reqstart(nd, NFSPROC_DESTROYCLIENT, nmp, NULL, 0, NULL, NULL, 0,
 4892             0);
 4893         NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
 4894         tsep = nfsmnt_mdssession(nmp);
 4895         *tl++ = tsep->nfsess_clientid.lval[0];
 4896         *tl = tsep->nfsess_clientid.lval[1];
 4897         nd->nd_flag |= ND_USEGSSNAME;
 4898         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4899             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4900         if (error != 0)
 4901                 return (error);
 4902         error = nd->nd_repstat;
 4903         mbuf_freem(nd->nd_mrep);
 4904         return (error);
 4905 }
 4906 
 4907 /*
 4908  * Do the NFSv4.1 LayoutGet.
 4909  */
 4910 static int
 4911 nfsrpc_layoutget(struct nfsmount *nmp, uint8_t *fhp, int fhlen, int iomode,
 4912     uint64_t offset, uint64_t len, uint64_t minlen, int layouttype,
 4913     int layoutlen, nfsv4stateid_t *stateidp, int *retonclosep,
 4914     struct nfsclflayouthead *flhp, struct ucred *cred, NFSPROC_T *p,
 4915     void *stuff)
 4916 {
 4917         struct nfsrv_descript nfsd, *nd = &nfsd;
 4918         int error;
 4919 
 4920         nfscl_reqstart(nd, NFSPROC_LAYOUTGET, nmp, fhp, fhlen, NULL, NULL, 0,
 4921             0);
 4922         nfsrv_setuplayoutget(nd, iomode, offset, len, minlen, stateidp,
 4923             layouttype, layoutlen, 0);
 4924         nd->nd_flag |= ND_USEGSSNAME;
 4925         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4926             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4927         NFSCL_DEBUG(4, "layget err=%d st=%d\n", error, nd->nd_repstat);
 4928         if (error != 0)
 4929                 return (error);
 4930         if (nd->nd_repstat == 0)
 4931                 error = nfsrv_parselayoutget(nd, stateidp, retonclosep, flhp);
 4932         if (error == 0 && nd->nd_repstat != 0)
 4933                 error = nd->nd_repstat;
 4934         mbuf_freem(nd->nd_mrep);
 4935         return (error);
 4936 }
 4937 
 4938 /*
 4939  * Do the NFSv4.1 Get Device Info.
 4940  */
 4941 int
 4942 nfsrpc_getdeviceinfo(struct nfsmount *nmp, uint8_t *deviceid, int layouttype,
 4943     uint32_t *notifybitsp, struct nfscldevinfo **ndip, struct ucred *cred,
 4944     NFSPROC_T *p)
 4945 {
 4946         uint32_t cnt, *tl, vers, minorvers;
 4947         struct nfsrv_descript nfsd;
 4948         struct nfsrv_descript *nd = &nfsd;
 4949         struct sockaddr_in sin, ssin;
 4950         struct sockaddr_in6 sin6, ssin6;
 4951         struct nfsclds *dsp = NULL, **dspp, **gotdspp;
 4952         struct nfscldevinfo *ndi;
 4953         int addrcnt = 0, bitcnt, error, gotvers, i, isudp, j, stripecnt;
 4954         uint8_t stripeindex;
 4955         sa_family_t af, safilled;
 4956 
 4957         *ndip = NULL;
 4958         ndi = NULL;
 4959         gotdspp = NULL;
 4960         nfscl_reqstart(nd, NFSPROC_GETDEVICEINFO, nmp, NULL, 0, NULL, NULL, 0,
 4961             0);
 4962         NFSM_BUILD(tl, uint32_t *, NFSX_V4DEVICEID + 3 * NFSX_UNSIGNED);
 4963         NFSBCOPY(deviceid, tl, NFSX_V4DEVICEID);
 4964         tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
 4965         *tl++ = txdr_unsigned(layouttype);
 4966         *tl++ = txdr_unsigned(100000);
 4967         if (notifybitsp != NULL && *notifybitsp != 0) {
 4968                 *tl = txdr_unsigned(1);         /* One word of bits. */
 4969                 NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
 4970                 *tl = txdr_unsigned(*notifybitsp);
 4971         } else
 4972                 *tl = txdr_unsigned(0);
 4973         nd->nd_flag |= ND_USEGSSNAME;
 4974         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4975             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4976         if (error != 0)
 4977                 return (error);
 4978         if (nd->nd_repstat == 0) {
 4979                 NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
 4980                 if (layouttype != fxdr_unsigned(int, *tl))
 4981                         printf("EEK! devinfo layout type not same!\n");
 4982                 if (layouttype == NFSLAYOUT_NFSV4_1_FILES) {
 4983                         NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
 4984                         stripecnt = fxdr_unsigned(int, *tl);
 4985                         NFSCL_DEBUG(4, "stripecnt=%d\n", stripecnt);
 4986                         if (stripecnt < 1 || stripecnt > 4096) {
 4987                                 printf("pNFS File layout devinfo stripecnt %d:"
 4988                                     " out of range\n", stripecnt);
 4989                                 error = NFSERR_BADXDR;
 4990                                 goto nfsmout;
 4991                         }
 4992                         NFSM_DISSECT(tl, uint32_t *, (stripecnt + 1) *
 4993                             NFSX_UNSIGNED);
 4994                         addrcnt = fxdr_unsigned(int, *(tl + stripecnt));
 4995                         NFSCL_DEBUG(4, "addrcnt=%d\n", addrcnt);
 4996                         if (addrcnt < 1 || addrcnt > 128) {
 4997                                 printf("NFS devinfo addrcnt %d: out of range\n",
 4998                                     addrcnt);
 4999                                 error = NFSERR_BADXDR;
 5000                                 goto nfsmout;
 5001                         }
 5002         
 5003                         /*
 5004                          * Now we know how many stripe indices and addresses, so
 5005                          * we can allocate the structure the correct size.
 5006                          */
 5007                         i = (stripecnt * sizeof(uint8_t)) /
 5008                             sizeof(struct nfsclds *) + 1;
 5009                         NFSCL_DEBUG(4, "stripeindices=%d\n", i);
 5010                         ndi = malloc(sizeof(*ndi) + (addrcnt + i) *
 5011                             sizeof(struct nfsclds *), M_NFSDEVINFO, M_WAITOK |
 5012                             M_ZERO);
 5013                         NFSBCOPY(deviceid, ndi->nfsdi_deviceid,
 5014                             NFSX_V4DEVICEID);
 5015                         ndi->nfsdi_refcnt = 0;
 5016                         ndi->nfsdi_flags = NFSDI_FILELAYOUT;
 5017                         ndi->nfsdi_stripecnt = stripecnt;
 5018                         ndi->nfsdi_addrcnt = addrcnt;
 5019                         /* Fill in the stripe indices. */
 5020                         for (i = 0; i < stripecnt; i++) {
 5021                                 stripeindex = fxdr_unsigned(uint8_t, *tl++);
 5022                                 NFSCL_DEBUG(4, "stripeind=%d\n", stripeindex);
 5023                                 if (stripeindex >= addrcnt) {
 5024                                         printf("pNFS File Layout devinfo"
 5025                                             " stripeindex %d: too big\n",
 5026                                             (int)stripeindex);
 5027                                         error = NFSERR_BADXDR;
 5028                                         goto nfsmout;
 5029                                 }
 5030                                 nfsfldi_setstripeindex(ndi, i, stripeindex);
 5031                         }
 5032                 } else if (layouttype == NFSLAYOUT_FLEXFILE) {
 5033                         /* For Flex File, we only get one address list. */
 5034                         ndi = malloc(sizeof(*ndi) + sizeof(struct nfsclds *),
 5035                             M_NFSDEVINFO, M_WAITOK | M_ZERO);
 5036                         NFSBCOPY(deviceid, ndi->nfsdi_deviceid,
 5037                             NFSX_V4DEVICEID);
 5038                         ndi->nfsdi_refcnt = 0;
 5039                         ndi->nfsdi_flags = NFSDI_FLEXFILE;
 5040                         addrcnt = ndi->nfsdi_addrcnt = 1;
 5041                 }
 5042 
 5043                 /* Now, dissect the server address(es). */
 5044                 safilled = AF_UNSPEC;
 5045                 for (i = 0; i < addrcnt; i++) {
 5046                         NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
 5047                         cnt = fxdr_unsigned(uint32_t, *tl);
 5048                         if (cnt == 0) {
 5049                                 printf("NFS devinfo 0 len addrlist\n");
 5050                                 error = NFSERR_BADXDR;
 5051                                 goto nfsmout;
 5052                         }
 5053                         dspp = nfsfldi_addr(ndi, i);
 5054                         safilled = AF_UNSPEC;
 5055                         for (j = 0; j < cnt; j++) {
 5056                                 error = nfsv4_getipaddr(nd, &sin, &sin6, &af,
 5057                                     &isudp);
 5058                                 if (error != 0 && error != EPERM) {
 5059                                         error = NFSERR_BADXDR;
 5060                                         goto nfsmout;
 5061                                 }
 5062                                 if (error == 0 && isudp == 0) {
 5063                                         /*
 5064                                          * The priority is:
 5065                                          * - Same address family.
 5066                                          * Save the address and dspp, so that
 5067                                          * the connection can be done after
 5068                                          * parsing is complete.
 5069                                          */
 5070                                         if (safilled == AF_UNSPEC ||
 5071                                             (af == nmp->nm_nam->sa_family &&
 5072                                              safilled != nmp->nm_nam->sa_family)
 5073                                            ) {
 5074                                                 if (af == AF_INET)
 5075                                                         ssin = sin;
 5076                                                 else
 5077                                                         ssin6 = sin6;
 5078                                                 safilled = af;
 5079                                                 gotdspp = dspp;
 5080                                         }
 5081                                 }
 5082                         }
 5083                 }
 5084 
 5085                 gotvers = NFS_VER4;     /* Always NFSv4 for File Layout. */
 5086                 /* For Flex File, we will take one of the versions to use. */
 5087                 if (layouttype == NFSLAYOUT_FLEXFILE) {
 5088                         NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
 5089                         j = fxdr_unsigned(int, *tl);
 5090                         if (j < 1 || j > NFSDEV_MAXVERS) {
 5091                                 printf("pNFS: too many versions\n");
 5092                                 error = NFSERR_BADXDR;
 5093                                 goto nfsmout;
 5094                         }
 5095                         gotvers = 0;
 5096                         for (i = 0; i < j; i++) {
 5097                                 NFSM_DISSECT(tl, uint32_t *, 5 * NFSX_UNSIGNED);
 5098                                 vers = fxdr_unsigned(uint32_t, *tl++);
 5099                                 minorvers = fxdr_unsigned(uint32_t, *tl++);
 5100                                 if ((vers == NFS_VER4 && minorvers ==
 5101                                     NFSV41_MINORVERSION) || (vers == NFS_VER3 &&
 5102                                     gotvers == 0)) {
 5103                                         gotvers = vers;
 5104                                         /* We'll take this one. */
 5105                                         ndi->nfsdi_versindex = i;
 5106                                         ndi->nfsdi_vers = vers;
 5107                                         ndi->nfsdi_minorvers = minorvers;
 5108                                         ndi->nfsdi_rsize = fxdr_unsigned(
 5109                                             uint32_t, *tl++);
 5110                                         ndi->nfsdi_wsize = fxdr_unsigned(
 5111                                             uint32_t, *tl++);
 5112                                         if (*tl == newnfs_true)
 5113                                                 ndi->nfsdi_flags |=
 5114                                                     NFSDI_TIGHTCOUPLED;
 5115                                         else
 5116                                                 ndi->nfsdi_flags &=
 5117                                                     ~NFSDI_TIGHTCOUPLED;
 5118                                 }
 5119                         }
 5120                         if (gotvers == 0) {
 5121                                 printf("pNFS: no NFSv3 or NFSv4.1\n");
 5122                                 error = NFSERR_BADXDR;
 5123                                 goto nfsmout;
 5124                         }
 5125                 }
 5126 
 5127                 /* And the notify bits. */
 5128                 NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
 5129                 bitcnt = fxdr_unsigned(int, *tl);
 5130                 if (bitcnt > 0) {
 5131                         NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
 5132                         if (notifybitsp != NULL)
 5133                                 *notifybitsp =
 5134                                     fxdr_unsigned(uint32_t, *tl);
 5135                 }
 5136                 if (safilled != AF_UNSPEC) {
 5137                         KASSERT(ndi != NULL, ("ndi is NULL"));
 5138                         *ndip = ndi;
 5139                 } else
 5140                         error = EPERM;
 5141                 if (error == 0) {
 5142                         /*
 5143                          * Now we can do a TCP connection for the correct
 5144                          * NFS version and IP address.
 5145                          */
 5146                         error = nfsrpc_fillsa(nmp, &ssin, &ssin6, safilled,
 5147                             gotvers, &dsp, p);
 5148                 }
 5149                 if (error == 0) {
 5150                         KASSERT(gotdspp != NULL, ("gotdspp is NULL"));
 5151                         *gotdspp = dsp;
 5152                 }
 5153         }
 5154         if (nd->nd_repstat != 0 && error == 0)
 5155                 error = nd->nd_repstat;
 5156 nfsmout:
 5157         if (error != 0 && ndi != NULL)
 5158                 nfscl_freedevinfo(ndi);
 5159         mbuf_freem(nd->nd_mrep);
 5160         return (error);
 5161 }
 5162 
 5163 /*
 5164  * Do the NFSv4.1 LayoutCommit.
 5165  */
 5166 int
 5167 nfsrpc_layoutcommit(struct nfsmount *nmp, uint8_t *fh, int fhlen, int reclaim,
 5168     uint64_t off, uint64_t len, uint64_t lastbyte, nfsv4stateid_t *stateidp,
 5169     int layouttype, struct ucred *cred, NFSPROC_T *p, void *stuff)
 5170 {
 5171         uint32_t *tl;
 5172         struct nfsrv_descript nfsd, *nd = &nfsd;
 5173         int error;
 5174 
 5175         nfscl_reqstart(nd, NFSPROC_LAYOUTCOMMIT, nmp, fh, fhlen, NULL, NULL,
 5176             0, 0);
 5177         NFSM_BUILD(tl, uint32_t *, 5 * NFSX_UNSIGNED + 3 * NFSX_HYPER +
 5178             NFSX_STATEID);
 5179         txdr_hyper(off, tl);
 5180         tl += 2;
 5181         txdr_hyper(len, tl);
 5182         tl += 2;
 5183         if (reclaim != 0)
 5184                 *tl++ = newnfs_true;
 5185         else
 5186                 *tl++ = newnfs_false;
 5187         *tl++ = txdr_unsigned(stateidp->seqid);
 5188         *tl++ = stateidp->other[0];
 5189         *tl++ = stateidp->other[1];
 5190         *tl++ = stateidp->other[2];
 5191         *tl++ = newnfs_true;
 5192         if (lastbyte < off)
 5193                 lastbyte = off;
 5194         else if (lastbyte >= (off + len))
 5195                 lastbyte = off + len - 1;
 5196         txdr_hyper(lastbyte, tl);
 5197         tl += 2;
 5198         *tl++ = newnfs_false;
 5199         *tl++ = txdr_unsigned(layouttype);
 5200         /* All supported layouts are 0 length. */
 5201         *tl = txdr_unsigned(0);
 5202         nd->nd_flag |= ND_USEGSSNAME;
 5203         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 5204             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 5205         if (error != 0)
 5206                 return (error);
 5207         error = nd->nd_repstat;
 5208         mbuf_freem(nd->nd_mrep);
 5209         return (error);
 5210 }
 5211 
 5212 /*
 5213  * Do the NFSv4.1 LayoutReturn.
 5214  */
 5215 int
 5216 nfsrpc_layoutreturn(struct nfsmount *nmp, uint8_t *fh, int fhlen, int reclaim,
 5217     int layouttype, uint32_t iomode, int layoutreturn, uint64_t offset,
 5218     uint64_t len, nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
 5219     uint32_t stat, uint32_t op, char *devid)
 5220 {
 5221         uint32_t *tl;
 5222         struct nfsrv_descript nfsd, *nd = &nfsd;
 5223         uint64_t tu64;
 5224         int error;
 5225 
 5226         nfscl_reqstart(nd, NFSPROC_LAYOUTRETURN, nmp, fh, fhlen, NULL, NULL,
 5227             0, 0);
 5228         NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED);
 5229         if (reclaim != 0)
 5230                 *tl++ = newnfs_true;
 5231         else
 5232                 *tl++ = newnfs_false;
 5233         *tl++ = txdr_unsigned(layouttype);
 5234         *tl++ = txdr_unsigned(iomode);
 5235         *tl = txdr_unsigned(layoutreturn);
 5236         if (layoutreturn == NFSLAYOUTRETURN_FILE) {
 5237                 NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER + NFSX_STATEID +
 5238                     NFSX_UNSIGNED);
 5239                 txdr_hyper(offset, tl);
 5240                 tl += 2;
 5241                 txdr_hyper(len, tl);
 5242                 tl += 2;
 5243                 NFSCL_DEBUG(4, "layoutret stseq=%d\n", (int)stateidp->seqid);
 5244                 *tl++ = txdr_unsigned(stateidp->seqid);
 5245                 *tl++ = stateidp->other[0];
 5246                 *tl++ = stateidp->other[1];
 5247                 *tl++ = stateidp->other[2];
 5248                 if (layouttype == NFSLAYOUT_NFSV4_1_FILES)
 5249                         *tl = txdr_unsigned(0);
 5250                 else if (layouttype == NFSLAYOUT_FLEXFILE) {
 5251                         if (stat != 0) {
 5252                                 *tl = txdr_unsigned(2 * NFSX_HYPER +
 5253                                     NFSX_STATEID + NFSX_V4DEVICEID + 5 *
 5254                                     NFSX_UNSIGNED);
 5255                                 NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER +
 5256                                     NFSX_STATEID + NFSX_V4DEVICEID + 5 *
 5257                                     NFSX_UNSIGNED);
 5258                                 *tl++ = txdr_unsigned(1);       /* One error. */
 5259                                 tu64 = 0;                       /* Offset. */
 5260                                 txdr_hyper(tu64, tl); tl += 2;
 5261                                 tu64 = UINT64_MAX;              /* Length. */
 5262                                 txdr_hyper(tu64, tl); tl += 2;
 5263                                 NFSBCOPY(stateidp, tl, NFSX_STATEID);
 5264                                 tl += (NFSX_STATEID / NFSX_UNSIGNED);
 5265                                 *tl++ = txdr_unsigned(1);       /* One error. */
 5266                                 NFSBCOPY(devid, tl, NFSX_V4DEVICEID);
 5267                                 tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
 5268                                 *tl++ = txdr_unsigned(stat);
 5269                                 *tl++ = txdr_unsigned(op);
 5270                         } else {
 5271                                 *tl = txdr_unsigned(2 * NFSX_UNSIGNED);
 5272                                 NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
 5273                                 /* No ioerrs. */
 5274                                 *tl++ = 0;
 5275                         }
 5276                         *tl = 0;        /* No stats yet. */
 5277                 }
 5278         }
 5279         nd->nd_flag |= ND_USEGSSNAME;
 5280         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 5281             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 5282         if (error != 0)
 5283                 return (error);
 5284         if (nd->nd_repstat == 0) {
 5285                 NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
 5286                 if (*tl != 0) {
 5287                         NFSM_DISSECT(tl, uint32_t *, NFSX_STATEID);
 5288                         stateidp->seqid = fxdr_unsigned(uint32_t, *tl++);
 5289                         stateidp->other[0] = *tl++;
 5290                         stateidp->other[1] = *tl++;
 5291                         stateidp->other[2] = *tl;
 5292                 }
 5293         } else
 5294                 error = nd->nd_repstat;
 5295 nfsmout:
 5296         mbuf_freem(nd->nd_mrep);
 5297         return (error);
 5298 }
 5299 
 5300 /*
 5301  * Acquire a layout and devinfo, if possible. The caller must have acquired
 5302  * a reference count on the nfsclclient structure before calling this.
 5303  * Return the layout in lypp with a reference count on it, if successful.
 5304  */
 5305 static int
 5306 nfsrpc_getlayout(struct nfsmount *nmp, vnode_t vp, struct nfsfh *nfhp,
 5307     int iomode, uint32_t *notifybitsp, nfsv4stateid_t *stateidp, uint64_t off,
 5308     struct nfscllayout **lypp, struct ucred *cred, NFSPROC_T *p)
 5309 {
 5310         struct nfscllayout *lyp;
 5311         struct nfsclflayout *flp;
 5312         struct nfsclflayouthead flh;
 5313         int error = 0, islocked, layoutlen, layouttype, recalled, retonclose;
 5314         nfsv4stateid_t stateid;
 5315         struct nfsclsession *tsep;
 5316 
 5317         *lypp = NULL;
 5318         if (NFSHASFLEXFILE(nmp))
 5319                 layouttype = NFSLAYOUT_FLEXFILE;
 5320         else
 5321                 layouttype = NFSLAYOUT_NFSV4_1_FILES;
 5322         /*
 5323          * If lyp is returned non-NULL, there will be a refcnt (shared lock)
 5324          * on it, iff flp != NULL or a lock (exclusive lock) on it iff
 5325          * flp == NULL.
 5326          */
 5327         lyp = nfscl_getlayout(nmp->nm_clp, nfhp->nfh_fh, nfhp->nfh_len,
 5328             off, &flp, &recalled);
 5329         islocked = 0;
 5330         if (lyp == NULL || flp == NULL) {
 5331                 if (recalled != 0)
 5332                         return (EIO);
 5333                 LIST_INIT(&flh);
 5334                 tsep = nfsmnt_mdssession(nmp);
 5335                 layoutlen = tsep->nfsess_maxcache -
 5336                     (NFSX_STATEID + 3 * NFSX_UNSIGNED);
 5337                 if (lyp == NULL) {
 5338                         stateid.seqid = 0;
 5339                         stateid.other[0] = stateidp->other[0];
 5340                         stateid.other[1] = stateidp->other[1];
 5341                         stateid.other[2] = stateidp->other[2];
 5342                         error = nfsrpc_layoutget(nmp, nfhp->nfh_fh,
 5343                             nfhp->nfh_len, iomode, (uint64_t)0, UINT64_MAX,
 5344                             (uint64_t)0, layouttype, layoutlen, &stateid,
 5345                             &retonclose, &flh, cred, p, NULL);
 5346                 } else {
 5347                         islocked = 1;
 5348                         stateid.seqid = lyp->nfsly_stateid.seqid;
 5349                         stateid.other[0] = lyp->nfsly_stateid.other[0];
 5350                         stateid.other[1] = lyp->nfsly_stateid.other[1];
 5351                         stateid.other[2] = lyp->nfsly_stateid.other[2];
 5352                         error = nfsrpc_layoutget(nmp, nfhp->nfh_fh,
 5353                             nfhp->nfh_len, iomode, off, UINT64_MAX,
 5354                             (uint64_t)0, layouttype, layoutlen, &stateid,
 5355                             &retonclose, &flh, cred, p, NULL);
 5356                 }
 5357                 error = nfsrpc_layoutgetres(nmp, vp, nfhp->nfh_fh,
 5358                     nfhp->nfh_len, &stateid, retonclose, notifybitsp, &lyp,
 5359                     &flh, layouttype, error, NULL, cred, p);
 5360                 if (error == 0)
 5361                         *lypp = lyp;
 5362                 else if (islocked != 0)
 5363                         nfscl_rellayout(lyp, 1);
 5364         } else
 5365                 *lypp = lyp;
 5366         return (error);
 5367 }
 5368 
 5369 /*
 5370  * Do a TCP connection plus exchange id and create session.
 5371  * If successful, a "struct nfsclds" is linked into the list for the
 5372  * mount point and a pointer to it is returned.
 5373  */
 5374 static int
 5375 nfsrpc_fillsa(struct nfsmount *nmp, struct sockaddr_in *sin,
 5376     struct sockaddr_in6 *sin6, sa_family_t af, int vers, struct nfsclds **dspp,
 5377     NFSPROC_T *p)
 5378 {
 5379         struct sockaddr_in *msad, *sad;
 5380         struct sockaddr_in6 *msad6, *sad6;
 5381         struct nfsclclient *clp;
 5382         struct nfssockreq *nrp;
 5383         struct nfsclds *dsp, *tdsp;
 5384         int error;
 5385         enum nfsclds_state retv;
 5386         uint32_t sequenceid;
 5387 
 5388         KASSERT(nmp->nm_sockreq.nr_cred != NULL,
 5389             ("nfsrpc_fillsa: NULL nr_cred"));
 5390         NFSLOCKCLSTATE();
 5391         clp = nmp->nm_clp;
 5392         NFSUNLOCKCLSTATE();
 5393         if (clp == NULL)
 5394                 return (EPERM);
 5395         if (af == AF_INET) {
 5396                 NFSLOCKMNT(nmp);
 5397                 /*
 5398                  * Check to see if we already have a session for this
 5399                  * address that is usable for a DS.
 5400                  * Note that the MDS's address is in a different place
 5401                  * than the sessions already acquired for DS's.
 5402                  */
 5403                 msad = (struct sockaddr_in *)nmp->nm_sockreq.nr_nam;
 5404                 tdsp = TAILQ_FIRST(&nmp->nm_sess);
 5405                 while (tdsp != NULL) {
 5406                         if (msad != NULL && msad->sin_family == AF_INET &&
 5407                             sin->sin_addr.s_addr == msad->sin_addr.s_addr &&
 5408                             sin->sin_port == msad->sin_port &&
 5409                             (tdsp->nfsclds_flags & NFSCLDS_DS) != 0 &&
 5410                             tdsp->nfsclds_sess.nfsess_defunct == 0) {
 5411                                 *dspp = tdsp;
 5412                                 NFSUNLOCKMNT(nmp);
 5413                                 NFSCL_DEBUG(4, "fnd same addr\n");
 5414                                 return (0);
 5415                         }
 5416                         tdsp = TAILQ_NEXT(tdsp, nfsclds_list);
 5417                         if (tdsp != NULL && tdsp->nfsclds_sockp != NULL)
 5418                                 msad = (struct sockaddr_in *)
 5419                                     tdsp->nfsclds_sockp->nr_nam;
 5420                         else
 5421                                 msad = NULL;
 5422                 }
 5423                 NFSUNLOCKMNT(nmp);
 5424 
 5425                 /* No IP address match, so look for new/trunked one. */
 5426                 sad = malloc(sizeof(*sad), M_SONAME, M_WAITOK | M_ZERO);
 5427                 sad->sin_len = sizeof(*sad);
 5428                 sad->sin_family = AF_INET;
 5429                 sad->sin_port = sin->sin_port;
 5430                 sad->sin_addr.s_addr = sin->sin_addr.s_addr;
 5431                 nrp = malloc(sizeof(*nrp), M_NFSSOCKREQ, M_WAITOK | M_ZERO);
 5432                 nrp->nr_nam = (struct sockaddr *)sad;
 5433         } else if (af == AF_INET6) {
 5434                 NFSLOCKMNT(nmp);
 5435                 /*
 5436                  * Check to see if we already have a session for this
 5437                  * address that is usable for a DS.
 5438                  * Note that the MDS's address is in a different place
 5439                  * than the sessions already acquired for DS's.
 5440                  */
 5441                 msad6 = (struct sockaddr_in6 *)nmp->nm_sockreq.nr_nam;
 5442                 tdsp = TAILQ_FIRST(&nmp->nm_sess);
 5443                 while (tdsp != NULL) {
 5444                         if (msad6 != NULL && msad6->sin6_family == AF_INET6 &&
 5445                             IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
 5446                             &msad6->sin6_addr) &&
 5447                             sin6->sin6_port == msad6->sin6_port &&
 5448                             (tdsp->nfsclds_flags & NFSCLDS_DS) != 0 &&
 5449                             tdsp->nfsclds_sess.nfsess_defunct == 0) {
 5450                                 *dspp = tdsp;
 5451                                 NFSUNLOCKMNT(nmp);
 5452                                 return (0);
 5453                         }
 5454                         tdsp = TAILQ_NEXT(tdsp, nfsclds_list);
 5455                         if (tdsp != NULL && tdsp->nfsclds_sockp != NULL)
 5456                                 msad6 = (struct sockaddr_in6 *)
 5457                                     tdsp->nfsclds_sockp->nr_nam;
 5458                         else
 5459                                 msad6 = NULL;
 5460                 }
 5461                 NFSUNLOCKMNT(nmp);
 5462 
 5463                 /* No IP address match, so look for new/trunked one. */
 5464                 sad6 = malloc(sizeof(*sad6), M_SONAME, M_WAITOK | M_ZERO);
 5465                 sad6->sin6_len = sizeof(*sad6);
 5466                 sad6->sin6_family = AF_INET6;
 5467                 sad6->sin6_port = sin6->sin6_port;
 5468                 NFSBCOPY(&sin6->sin6_addr, &sad6->sin6_addr,
 5469                     sizeof(struct in6_addr));
 5470                 nrp = malloc(sizeof(*nrp), M_NFSSOCKREQ, M_WAITOK | M_ZERO);
 5471                 nrp->nr_nam = (struct sockaddr *)sad6;
 5472         } else
 5473                 return (EPERM);
 5474 
 5475         nrp->nr_sotype = SOCK_STREAM;
 5476         mtx_init(&nrp->nr_mtx, "nfssock", NULL, MTX_DEF);
 5477         nrp->nr_prog = NFS_PROG;
 5478         nrp->nr_vers = vers;
 5479 
 5480         /*
 5481          * Use the credentials that were used for the mount, which are
 5482          * in nmp->nm_sockreq.nr_cred for newnfs_connect() etc.
 5483          * Ref. counting the credentials with crhold() is probably not
 5484          * necessary, since nm_sockreq.nr_cred won't be crfree()'d until
 5485          * unmount, but I did it anyhow.
 5486          */
 5487         nrp->nr_cred = crhold(nmp->nm_sockreq.nr_cred);
 5488         error = newnfs_connect(nmp, nrp, NULL, p, 0);
 5489         NFSCL_DEBUG(3, "DS connect=%d\n", error);
 5490 
 5491         dsp = NULL;
 5492         /* Now, do the exchangeid and create session. */
 5493         if (error == 0) {
 5494                 if (vers == NFS_VER4) {
 5495                         error = nfsrpc_exchangeid(nmp, clp, nrp,
 5496                             NFSV4EXCH_USEPNFSDS, &dsp, nrp->nr_cred, p);
 5497                         NFSCL_DEBUG(3, "DS exchangeid=%d\n", error);
 5498                         if (error != 0)
 5499                                 newnfs_disconnect(nrp);
 5500                 } else {
 5501                         dsp = malloc(sizeof(struct nfsclds), M_NFSCLDS,
 5502                             M_WAITOK | M_ZERO);
 5503                         dsp->nfsclds_flags |= NFSCLDS_DS;
 5504                         dsp->nfsclds_expire = INT32_MAX; /* No renews needed. */
 5505                         mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
 5506                         mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
 5507                             NULL, MTX_DEF);
 5508                 }
 5509         }
 5510         if (error == 0) {
 5511                 dsp->nfsclds_sockp = nrp;
 5512                 if (vers == NFS_VER4) {
 5513                         NFSLOCKMNT(nmp);
 5514                         retv = nfscl_getsameserver(nmp, dsp, &tdsp,
 5515                             &sequenceid);
 5516                         NFSCL_DEBUG(3, "getsame ret=%d\n", retv);
 5517                         if (retv == NFSDSP_USETHISSESSION &&
 5518                             nfscl_dssameconn != 0) {
 5519                                 NFSLOCKDS(tdsp);
 5520                                 tdsp->nfsclds_flags |= NFSCLDS_SAMECONN;
 5521                                 NFSUNLOCKDS(tdsp);
 5522                                 NFSUNLOCKMNT(nmp);
 5523                                 /*
 5524                                  * If there is already a session for this
 5525                                  * server, use it.
 5526                                  */
 5527                                 (void)newnfs_disconnect(nrp);
 5528                                 nfscl_freenfsclds(dsp);
 5529                                 *dspp = tdsp;
 5530                                 return (0);
 5531                         }
 5532                         if (retv == NFSDSP_NOTFOUND)
 5533                                 sequenceid =
 5534                                     dsp->nfsclds_sess.nfsess_sequenceid;
 5535                         NFSUNLOCKMNT(nmp);
 5536                         error = nfsrpc_createsession(nmp, &dsp->nfsclds_sess,
 5537                             nrp, sequenceid, 0, nrp->nr_cred, p);
 5538                         NFSCL_DEBUG(3, "DS createsess=%d\n", error);
 5539                 }
 5540         } else {
 5541                 NFSFREECRED(nrp->nr_cred);
 5542                 NFSFREEMUTEX(&nrp->nr_mtx);
 5543                 free(nrp->nr_nam, M_SONAME);
 5544                 free(nrp, M_NFSSOCKREQ);
 5545         }
 5546         if (error == 0) {
 5547                 NFSCL_DEBUG(3, "add DS session\n");
 5548                 /*
 5549                  * Put it at the end of the list. That way the list
 5550                  * is ordered by when the entry was added. This matters
 5551                  * since the one done first is the one that should be
 5552                  * used for sequencid'ing any subsequent create sessions.
 5553                  */
 5554                 NFSLOCKMNT(nmp);
 5555                 TAILQ_INSERT_TAIL(&nmp->nm_sess, dsp, nfsclds_list);
 5556                 NFSUNLOCKMNT(nmp);
 5557                 *dspp = dsp;
 5558         } else if (dsp != NULL) {
 5559                 newnfs_disconnect(nrp);
 5560                 nfscl_freenfsclds(dsp);
 5561         }
 5562         return (error);
 5563 }
 5564 
 5565 /*
 5566  * Do the NFSv4.1 Reclaim Complete.
 5567  */
 5568 int
 5569 nfsrpc_reclaimcomplete(struct nfsmount *nmp, struct ucred *cred, NFSPROC_T *p)
 5570 {
 5571         uint32_t *tl;
 5572         struct nfsrv_descript nfsd;
 5573         struct nfsrv_descript *nd = &nfsd;
 5574         int error;
 5575 
 5576         nfscl_reqstart(nd, NFSPROC_RECLAIMCOMPL, nmp, NULL, 0, NULL, NULL, 0,
 5577             0);
 5578         NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
 5579         *tl = newnfs_false;
 5580         nd->nd_flag |= ND_USEGSSNAME;
 5581         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 5582             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 5583         if (error != 0)
 5584                 return (error);
 5585         error = nd->nd_repstat;
 5586         mbuf_freem(nd->nd_mrep);
 5587         return (error);
 5588 }
 5589 
 5590 /*
 5591  * Initialize the slot tables for a session.
 5592  */
 5593 static void
 5594 nfscl_initsessionslots(struct nfsclsession *sep)
 5595 {
 5596         int i;
 5597 
 5598         for (i = 0; i < NFSV4_CBSLOTS; i++) {
 5599                 if (sep->nfsess_cbslots[i].nfssl_reply != NULL)
 5600                         m_freem(sep->nfsess_cbslots[i].nfssl_reply);
 5601                 NFSBZERO(&sep->nfsess_cbslots[i], sizeof(struct nfsslot));
 5602         }
 5603         for (i = 0; i < 64; i++)
 5604                 sep->nfsess_slotseq[i] = 0;
 5605         sep->nfsess_slots = 0;
 5606 }
 5607 
 5608 /*
 5609  * Called to try and do an I/O operation via an NFSv4.1 Data Server (DS).
 5610  */
 5611 int
 5612 nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 5613     uint32_t rwaccess, int docommit, struct ucred *cred, NFSPROC_T *p)
 5614 {
 5615         struct nfsnode *np = VTONFS(vp);
 5616         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 5617         struct nfscllayout *layp;
 5618         struct nfscldevinfo *dip;
 5619         struct nfsclflayout *rflp;
 5620         struct mbuf *m;
 5621         struct nfsclwritedsdorpc *drpc, *tdrpc;
 5622         nfsv4stateid_t stateid;
 5623         struct ucred *newcred;
 5624         uint64_t lastbyte, len, off, oresid, xfer;
 5625         int eof, error, firstmirror, i, iolaymode, mirrorcnt, recalled, timo;
 5626         void *lckp;
 5627         uint8_t *dev;
 5628         void *iovbase = NULL;
 5629         size_t iovlen = 0;
 5630         off_t offs = 0;
 5631         ssize_t resid = 0;
 5632 
 5633         if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 || nfs_numnfscbd == 0 ||
 5634             (np->n_flag & NNOLAYOUT) != 0)
 5635                 return (EIO);
 5636         /* Now, get a reference cnt on the clientid for this mount. */
 5637         if (nfscl_getref(nmp) == 0)
 5638                 return (EIO);
 5639 
 5640         /* Find an appropriate stateid. */
 5641         newcred = NFSNEWCRED(cred);
 5642         error = nfscl_getstateid(vp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
 5643             rwaccess, 1, newcred, p, &stateid, &lckp);
 5644         if (error != 0) {
 5645                 NFSFREECRED(newcred);
 5646                 nfscl_relref(nmp);
 5647                 return (error);
 5648         }
 5649         /* Search for a layout for this file. */
 5650         off = uiop->uio_offset;
 5651         layp = nfscl_getlayout(nmp->nm_clp, np->n_fhp->nfh_fh,
 5652             np->n_fhp->nfh_len, off, &rflp, &recalled);
 5653         if (layp == NULL || rflp == NULL) {
 5654                 if (recalled != 0) {
 5655                         NFSFREECRED(newcred);
 5656                         nfscl_relref(nmp);
 5657                         return (EIO);
 5658                 }
 5659                 if (layp != NULL) {
 5660                         nfscl_rellayout(layp, (rflp == NULL) ? 1 : 0);
 5661                         layp = NULL;
 5662                 }
 5663                 /* Try and get a Layout, if it is supported. */
 5664                 if (rwaccess == NFSV4OPEN_ACCESSWRITE ||
 5665                     (np->n_flag & NWRITEOPENED) != 0)
 5666                         iolaymode = NFSLAYOUTIOMODE_RW;
 5667                 else
 5668                         iolaymode = NFSLAYOUTIOMODE_READ;
 5669                 error = nfsrpc_getlayout(nmp, vp, np->n_fhp, iolaymode,
 5670                     NULL, &stateid, off, &layp, newcred, p);
 5671                 if (error != 0) {
 5672                         NFSLOCKNODE(np);
 5673                         np->n_flag |= NNOLAYOUT;
 5674                         NFSUNLOCKNODE(np);
 5675                         if (lckp != NULL)
 5676                                 nfscl_lockderef(lckp);
 5677                         NFSFREECRED(newcred);
 5678                         if (layp != NULL)
 5679                                 nfscl_rellayout(layp, 0);
 5680                         nfscl_relref(nmp);
 5681                         return (error);
 5682                 }
 5683         }
 5684 
 5685         /*
 5686          * Loop around finding a layout that works for the first part of
 5687          * this I/O operation, and then call the function that actually
 5688          * does the RPC.
 5689          */
 5690         eof = 0;
 5691         len = (uint64_t)uiop->uio_resid;
 5692         while (len > 0 && error == 0 && eof == 0) {
 5693                 off = uiop->uio_offset;
 5694                 error = nfscl_findlayoutforio(layp, off, rwaccess, &rflp);
 5695                 if (error == 0) {
 5696                         oresid = xfer = (uint64_t)uiop->uio_resid;
 5697                         if (xfer > (rflp->nfsfl_end - rflp->nfsfl_off))
 5698                                 xfer = rflp->nfsfl_end - rflp->nfsfl_off;
 5699                         /*
 5700                          * For Flex File layout with mirrored DSs, select one
 5701                          * of them at random for reads. For writes and commits,
 5702                          * do all mirrors.
 5703                          */
 5704                         m = NULL;
 5705                         tdrpc = drpc = NULL;
 5706                         firstmirror = 0;
 5707                         mirrorcnt = 1;
 5708                         if ((layp->nfsly_flags & NFSLY_FLEXFILE) != 0 &&
 5709                             (mirrorcnt = rflp->nfsfl_mirrorcnt) > 1) {
 5710                                 if (rwaccess == NFSV4OPEN_ACCESSREAD) {
 5711                                         firstmirror = arc4random() % mirrorcnt;
 5712                                         mirrorcnt = firstmirror + 1;
 5713                                 } else {
 5714                                         if (docommit == 0) {
 5715                                                 /*
 5716                                                  * Save values, so uiop can be
 5717                                                  * rolled back upon a write
 5718                                                  * error.
 5719                                                  */
 5720                                                 offs = uiop->uio_offset;
 5721                                                 resid = uiop->uio_resid;
 5722                                                 iovbase =
 5723                                                     uiop->uio_iov->iov_base;
 5724                                                 iovlen = uiop->uio_iov->iov_len;
 5725                                                 m = nfsm_uiombuflist(uiop, len,
 5726                                                     NULL, NULL);
 5727                                         }
 5728                                         tdrpc = drpc = malloc(sizeof(*drpc) *
 5729                                             (mirrorcnt - 1), M_TEMP, M_WAITOK |
 5730                                             M_ZERO);
 5731                                 }
 5732                         }
 5733                         for (i = firstmirror; i < mirrorcnt && error == 0; i++){
 5734                                 if ((layp->nfsly_flags & NFSLY_FLEXFILE) != 0) {
 5735                                         dev = rflp->nfsfl_ffm[i].dev;
 5736                                         dip = nfscl_getdevinfo(nmp->nm_clp, dev,
 5737                                             rflp->nfsfl_ffm[i].devp);
 5738                                 } else {
 5739                                         dev = rflp->nfsfl_dev;
 5740                                         dip = nfscl_getdevinfo(nmp->nm_clp, dev,
 5741                                             rflp->nfsfl_devp);
 5742                                 }
 5743                                 if (dip != NULL) {
 5744                                         if ((rflp->nfsfl_flags & NFSFL_FLEXFILE)
 5745                                             != 0)
 5746                                                 error = nfscl_dofflayoutio(vp,
 5747                                                     uiop, iomode, must_commit,
 5748                                                     &eof, &stateid, rwaccess,
 5749                                                     dip, layp, rflp, off, xfer,
 5750                                                     i, docommit, m, tdrpc,
 5751                                                     newcred, p);
 5752                                         else
 5753                                                 error = nfscl_doflayoutio(vp,
 5754                                                     uiop, iomode, must_commit,
 5755                                                     &eof, &stateid, rwaccess,
 5756                                                     dip, layp, rflp, off, xfer,
 5757                                                     docommit, newcred, p);
 5758                                         nfscl_reldevinfo(dip);
 5759                                 } else
 5760                                         error = EIO;
 5761                                 tdrpc++;
 5762                         }
 5763                         if (m != NULL)
 5764                                 m_freem(m);
 5765                         tdrpc = drpc;
 5766                         timo = hz / 50;         /* Wait for 20msec. */
 5767                         if (timo < 1)
 5768                                 timo = 1;
 5769                         for (i = firstmirror; i < mirrorcnt - 1 &&
 5770                             tdrpc != NULL; i++, tdrpc++) {
 5771                                 /*
 5772                                  * For the unused drpc entries, both inprog and
 5773                                  * err == 0, so this loop won't break.
 5774                                  */
 5775                                 while (tdrpc->inprog != 0 && tdrpc->done == 0)
 5776                                         tsleep(&tdrpc->tsk, PVFS, "clrpcio",
 5777                                             timo);
 5778                                 if (error == 0 && tdrpc->err != 0)
 5779                                         error = tdrpc->err;
 5780                         }
 5781                         free(drpc, M_TEMP);
 5782                         if (error == 0) {
 5783                                 if (mirrorcnt > 1 && rwaccess ==
 5784                                     NFSV4OPEN_ACCESSWRITE && docommit == 0) {
 5785                                         NFSLOCKCLSTATE();
 5786                                         layp->nfsly_flags |= NFSLY_WRITTEN;
 5787                                         NFSUNLOCKCLSTATE();
 5788                                 }
 5789                                 lastbyte = off + xfer - 1;
 5790                                 NFSLOCKCLSTATE();
 5791                                 if (lastbyte > layp->nfsly_lastbyte)
 5792                                         layp->nfsly_lastbyte = lastbyte;
 5793                                 NFSUNLOCKCLSTATE();
 5794                         } else if (error == NFSERR_OPENMODE &&
 5795                             rwaccess == NFSV4OPEN_ACCESSREAD) {
 5796                                 NFSLOCKMNT(nmp);
 5797                                 nmp->nm_state |= NFSSTA_OPENMODE;
 5798                                 NFSUNLOCKMNT(nmp);
 5799                         } else
 5800                                 error = EIO;
 5801                         if (error == 0)
 5802                                 len -= (oresid - (uint64_t)uiop->uio_resid);
 5803                         else if (mirrorcnt > 1 && rwaccess ==
 5804                             NFSV4OPEN_ACCESSWRITE && docommit == 0) {
 5805                                 /*
 5806                                  * In case the rpc gets retried, roll the
 5807                                  * uio fields changed by nfsm_uiombuflist()
 5808                                  * back.
 5809                                  */
 5810                                 uiop->uio_offset = offs;
 5811                                 uiop->uio_resid = resid;
 5812                                 uiop->uio_iov->iov_base = iovbase;
 5813                                 uiop->uio_iov->iov_len = iovlen;
 5814                         }
 5815                 }
 5816         }
 5817         if (lckp != NULL)
 5818                 nfscl_lockderef(lckp);
 5819         NFSFREECRED(newcred);
 5820         nfscl_rellayout(layp, 0);
 5821         nfscl_relref(nmp);
 5822         return (error);
 5823 }
 5824 
 5825 /*
 5826  * Make a copy of the mbuf chain and add an mbuf for null padding, as required.
 5827  */
 5828 static struct mbuf *
 5829 nfsm_copym(struct mbuf *m, int off, int xfer)
 5830 {
 5831         struct mbuf *m2, *m3, *m4;
 5832         uint32_t *tl;
 5833         int rem;
 5834 
 5835         m2 = m_copym(m, off, xfer, M_WAITOK);
 5836         rem = NFSM_RNDUP(xfer) - xfer;
 5837         if (rem > 0) {
 5838                 /*
 5839                  * The zero padding to a multiple of 4 bytes is required by
 5840                  * the XDR. So that the mbufs copied by reference aren't
 5841                  * modified, add an mbuf with the zero'd bytes to the list.
 5842                  * rem will be a maximum of 3, so one zero'd uint32_t is
 5843                  * sufficient.
 5844                  */
 5845                 m3 = m2;
 5846                 while (m3->m_next != NULL)
 5847                         m3 = m3->m_next;
 5848                 NFSMGET(m4);
 5849                 tl = NFSMTOD(m4, uint32_t *);
 5850                 *tl = 0;
 5851                 mbuf_setlen(m4, rem);
 5852                 mbuf_setnext(m3, m4);
 5853         }
 5854         return (m2);
 5855 }
 5856 
 5857 /*
 5858  * Find a file layout that will handle the first bytes of the requested
 5859  * range and return the information from it needed to the I/O operation.
 5860  */
 5861 int
 5862 nfscl_findlayoutforio(struct nfscllayout *lyp, uint64_t off, uint32_t rwaccess,
 5863     struct nfsclflayout **retflpp)
 5864 {
 5865         struct nfsclflayout *flp, *nflp, *rflp;
 5866         uint32_t rw;
 5867 
 5868         rflp = NULL;
 5869         rw = rwaccess;
 5870         /* For reading, do the Read list first and then the Write list. */
 5871         do {
 5872                 if (rw == NFSV4OPEN_ACCESSREAD)
 5873                         flp = LIST_FIRST(&lyp->nfsly_flayread);
 5874                 else
 5875                         flp = LIST_FIRST(&lyp->nfsly_flayrw);
 5876                 while (flp != NULL) {
 5877                         nflp = LIST_NEXT(flp, nfsfl_list);
 5878                         if (flp->nfsfl_off > off)
 5879                                 break;
 5880                         if (flp->nfsfl_end > off &&
 5881                             (rflp == NULL || rflp->nfsfl_end < flp->nfsfl_end))
 5882                                 rflp = flp;
 5883                         flp = nflp;
 5884                 }
 5885                 if (rw == NFSV4OPEN_ACCESSREAD)
 5886                         rw = NFSV4OPEN_ACCESSWRITE;
 5887                 else
 5888                         rw = 0;
 5889         } while (rw != 0);
 5890         if (rflp != NULL) {
 5891                 /* This one covers the most bytes starting at off. */
 5892                 *retflpp = rflp;
 5893                 return (0);
 5894         }
 5895         return (EIO);
 5896 }
 5897 
 5898 /*
 5899  * Do I/O using an NFSv4.1 file layout.
 5900  */
 5901 static int
 5902 nfscl_doflayoutio(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 5903     int *eofp, nfsv4stateid_t *stateidp, int rwflag, struct nfscldevinfo *dp,
 5904     struct nfscllayout *lyp, struct nfsclflayout *flp, uint64_t off,
 5905     uint64_t len, int docommit, struct ucred *cred, NFSPROC_T *p)
 5906 {
 5907         uint64_t io_off, rel_off, stripe_unit_size, transfer, xfer;
 5908         int commit_thru_mds, error, stripe_index, stripe_pos;
 5909         struct nfsnode *np;
 5910         struct nfsfh *fhp;
 5911         struct nfsclds **dspp;
 5912 
 5913         np = VTONFS(vp);
 5914         rel_off = off - flp->nfsfl_patoff;
 5915         stripe_unit_size = (flp->nfsfl_util >> 6) & 0x3ffffff;
 5916         stripe_pos = (rel_off / stripe_unit_size + flp->nfsfl_stripe1) %
 5917             dp->nfsdi_stripecnt;
 5918         transfer = stripe_unit_size - (rel_off % stripe_unit_size);
 5919         error = 0;
 5920 
 5921         /* Loop around, doing I/O for each stripe unit. */
 5922         while (len > 0 && error == 0) {
 5923                 stripe_index = nfsfldi_stripeindex(dp, stripe_pos);
 5924                 dspp = nfsfldi_addr(dp, stripe_index);
 5925                 if (len > transfer && docommit == 0)
 5926                         xfer = transfer;
 5927                 else
 5928                         xfer = len;
 5929                 if ((flp->nfsfl_util & NFSFLAYUTIL_DENSE) != 0) {
 5930                         /* Dense layout. */
 5931                         if (stripe_pos >= flp->nfsfl_fhcnt)
 5932                                 return (EIO);
 5933                         fhp = flp->nfsfl_fh[stripe_pos];
 5934                         io_off = (rel_off / (stripe_unit_size *
 5935                             dp->nfsdi_stripecnt)) * stripe_unit_size +
 5936                             rel_off % stripe_unit_size;
 5937                 } else {
 5938                         /* Sparse layout. */
 5939                         if (flp->nfsfl_fhcnt > 1) {
 5940                                 if (stripe_index >= flp->nfsfl_fhcnt)
 5941                                         return (EIO);
 5942                                 fhp = flp->nfsfl_fh[stripe_index];
 5943                         } else if (flp->nfsfl_fhcnt == 1)
 5944                                 fhp = flp->nfsfl_fh[0];
 5945                         else
 5946                                 fhp = np->n_fhp;
 5947                         io_off = off;