The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/fs/nfsclient/nfs_clrpcops.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 1989, 1993
    3  *      The Regents of the University of California.  All rights reserved.
    4  *
    5  * This code is derived from software contributed to Berkeley by
    6  * Rick Macklem at The University of Guelph.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 4. Neither the name of the University nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  *
   32  */
   33 
   34 #include <sys/cdefs.h>
   35 __FBSDID("$FreeBSD: releng/10.2/sys/fs/nfsclient/nfs_clrpcops.c 284101 2015-06-06 20:54:41Z rmacklem $");
   36 
   37 /*
   38  * Rpc op calls, generally called from the vnode op calls or through the
   39  * buffer cache, for NFS v2, 3 and 4.
   40  * These do not normally make any changes to vnode arguments or use
   41  * structures that might change between the VFS variants. The returned
   42  * arguments are all at the end, after the NFSPROC_T *p one.
   43  */
   44 
   45 #ifndef APPLEKEXT
   46 #include "opt_inet6.h"
   47 
   48 #include <fs/nfs/nfsport.h>
   49 
   50 /*
   51  * Global variables
   52  */
   53 extern int nfs_numnfscbd;
   54 extern struct timeval nfsboottime;
   55 extern u_int32_t newnfs_false, newnfs_true;
   56 extern nfstype nfsv34_type[9];
   57 extern int nfsrv_useacl;
   58 extern char nfsv4_callbackaddr[INET6_ADDRSTRLEN];
   59 extern int nfscl_debuglevel;
   60 NFSCLSTATEMUTEX;
   61 int nfstest_outofseq = 0;
   62 int nfscl_assumeposixlocks = 1;
   63 int nfscl_enablecallb = 0;
   64 short nfsv4_cbport = NFSV4_CBPORT;
   65 int nfstest_openallsetattr = 0;
   66 #endif  /* !APPLEKEXT */
   67 
   68 #define DIRHDSIZ        (sizeof (struct dirent) - (MAXNAMLEN + 1))
   69 
   70 /*
   71  * nfscl_getsameserver() can return one of three values:
   72  * NFSDSP_USETHISSESSION - Use this session for the DS.
   73  * NFSDSP_SEQTHISSESSION - Use the nfsclds_sequence field of this dsp for new
   74  *     session.
   75  * NFSDSP_NOTFOUND - No matching server was found.
   76  */
   77 enum nfsclds_state {
   78         NFSDSP_USETHISSESSION = 0,
   79         NFSDSP_SEQTHISSESSION = 1,
   80         NFSDSP_NOTFOUND = 2,
   81 };
   82 
   83 static int nfsrpc_setattrrpc(vnode_t , struct vattr *, nfsv4stateid_t *,
   84     struct ucred *, NFSPROC_T *, struct nfsvattr *, int *, void *);
   85 static int nfsrpc_readrpc(vnode_t , struct uio *, struct ucred *,
   86     nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *, void *);
   87 static int nfsrpc_writerpc(vnode_t , struct uio *, int *, int *,
   88     struct ucred *, nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *,
   89     void *);
   90 static int nfsrpc_createv23(vnode_t , char *, int, struct vattr *,
   91     nfsquad_t, int, struct ucred *, NFSPROC_T *, struct nfsvattr *,
   92     struct nfsvattr *, struct nfsfh **, int *, int *, void *);
   93 static int nfsrpc_createv4(vnode_t , char *, int, struct vattr *,
   94     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *,
   95     NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *,
   96     int *, void *, int *);
   97 static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *,
   98     struct nfscllockowner *, u_int64_t, u_int64_t,
   99     u_int32_t, struct ucred *, NFSPROC_T *, int);
  100 static int nfsrpc_setaclrpc(vnode_t, struct ucred *, NFSPROC_T *,
  101     struct acl *, nfsv4stateid_t *, void *);
  102 static int nfsrpc_getlayout(struct nfsmount *, vnode_t, struct nfsfh *, int,
  103     uint32_t *, nfsv4stateid_t *, uint64_t, struct nfscllayout **,
  104     struct ucred *, NFSPROC_T *);
  105 static int nfsrpc_fillsa(struct nfsmount *, struct sockaddr_storage *,
  106     struct nfsclds **, NFSPROC_T *);
  107 static void nfscl_initsessionslots(struct nfsclsession *);
  108 static int nfscl_doflayoutio(vnode_t, struct uio *, int *, int *, int *,
  109     nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
  110     struct nfsclflayout *, uint64_t, uint64_t, struct ucred *, NFSPROC_T *);
  111 static int nfsrpc_readds(vnode_t, struct uio *, nfsv4stateid_t *, int *,
  112     struct nfsclds *, uint64_t, int, struct nfsfh *, struct ucred *,
  113     NFSPROC_T *);
  114 static int nfsrpc_writeds(vnode_t, struct uio *, int *, int *,
  115     nfsv4stateid_t *, struct nfsclds *, uint64_t, int,
  116     struct nfsfh *, int, struct ucred *, NFSPROC_T *);
  117 static enum nfsclds_state nfscl_getsameserver(struct nfsmount *,
  118     struct nfsclds *, struct nfsclds **);
  119 #ifdef notyet
  120 static int nfsrpc_commitds(vnode_t, uint64_t, int, struct nfsclds *,
  121     struct nfsfh *, struct ucred *, NFSPROC_T *, void *);
  122 #endif
  123 
  124 /*
  125  * nfs null call from vfs.
  126  */
  127 APPLESTATIC int
  128 nfsrpc_null(vnode_t vp, struct ucred *cred, NFSPROC_T *p)
  129 {
  130         int error;
  131         struct nfsrv_descript nfsd, *nd = &nfsd;
  132         
  133         NFSCL_REQSTART(nd, NFSPROC_NULL, vp);
  134         error = nfscl_request(nd, vp, p, cred, NULL);
  135         if (nd->nd_repstat && !error)
  136                 error = nd->nd_repstat;
  137         mbuf_freem(nd->nd_mrep);
  138         return (error);
  139 }
  140 
  141 /*
  142  * nfs access rpc op.
  143  * For nfs version 3 and 4, use the access rpc to check accessibility. If file
  144  * modes are changed on the server, accesses might still fail later.
  145  */
  146 APPLESTATIC int
  147 nfsrpc_access(vnode_t vp, int acmode, struct ucred *cred,
  148     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
  149 {
  150         int error;
  151         u_int32_t mode, rmode;
  152 
  153         if (acmode & VREAD)
  154                 mode = NFSACCESS_READ;
  155         else
  156                 mode = 0;
  157         if (vnode_vtype(vp) == VDIR) {
  158                 if (acmode & VWRITE)
  159                         mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND |
  160                                  NFSACCESS_DELETE);
  161                 if (acmode & VEXEC)
  162                         mode |= NFSACCESS_LOOKUP;
  163         } else {
  164                 if (acmode & VWRITE)
  165                         mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND);
  166                 if (acmode & VEXEC)
  167                         mode |= NFSACCESS_EXECUTE;
  168         }
  169 
  170         /*
  171          * Now, just call nfsrpc_accessrpc() to do the actual RPC.
  172          */
  173         error = nfsrpc_accessrpc(vp, mode, cred, p, nap, attrflagp, &rmode,
  174             NULL);
  175 
  176         /*
  177          * The NFS V3 spec does not clarify whether or not
  178          * the returned access bits can be a superset of
  179          * the ones requested, so...
  180          */
  181         if (!error && (rmode & mode) != mode)
  182                 error = EACCES;
  183         return (error);
  184 }
  185 
  186 /*
  187  * The actual rpc, separated out for Darwin.
  188  */
  189 APPLESTATIC int
  190 nfsrpc_accessrpc(vnode_t vp, u_int32_t mode, struct ucred *cred,
  191     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, u_int32_t *rmodep,
  192     void *stuff)
  193 {
  194         u_int32_t *tl;
  195         u_int32_t supported, rmode;
  196         int error;
  197         struct nfsrv_descript nfsd, *nd = &nfsd;
  198         nfsattrbit_t attrbits;
  199 
  200         *attrflagp = 0;
  201         supported = mode;
  202         NFSCL_REQSTART(nd, NFSPROC_ACCESS, vp);
  203         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  204         *tl = txdr_unsigned(mode);
  205         if (nd->nd_flag & ND_NFSV4) {
  206                 /*
  207                  * And do a Getattr op.
  208                  */
  209                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  210                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
  211                 NFSGETATTR_ATTRBIT(&attrbits);
  212                 (void) nfsrv_putattrbit(nd, &attrbits);
  213         }
  214         error = nfscl_request(nd, vp, p, cred, stuff);
  215         if (error)
  216                 return (error);
  217         if (nd->nd_flag & ND_NFSV3) {
  218                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
  219                 if (error)
  220                         goto nfsmout;
  221         }
  222         if (!nd->nd_repstat) {
  223                 if (nd->nd_flag & ND_NFSV4) {
  224                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  225                         supported = fxdr_unsigned(u_int32_t, *tl++);
  226                 } else {
  227                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
  228                 }
  229                 rmode = fxdr_unsigned(u_int32_t, *tl);
  230                 if (nd->nd_flag & ND_NFSV4)
  231                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
  232 
  233                 /*
  234                  * It's not obvious what should be done about
  235                  * unsupported access modes. For now, be paranoid
  236                  * and clear the unsupported ones.
  237                  */
  238                 rmode &= supported;
  239                 *rmodep = rmode;
  240         } else
  241                 error = nd->nd_repstat;
  242 nfsmout:
  243         mbuf_freem(nd->nd_mrep);
  244         return (error);
  245 }
  246 
  247 /*
  248  * nfs open rpc
  249  */
  250 APPLESTATIC int
  251 nfsrpc_open(vnode_t vp, int amode, struct ucred *cred, NFSPROC_T *p)
  252 {
  253         struct nfsclopen *op;
  254         struct nfscldeleg *dp;
  255         struct nfsfh *nfhp;
  256         struct nfsnode *np = VTONFS(vp);
  257         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
  258         u_int32_t mode, clidrev;
  259         int ret, newone, error, expireret = 0, retrycnt;
  260 
  261         /*
  262          * For NFSv4, Open Ops are only done on Regular Files.
  263          */
  264         if (vnode_vtype(vp) != VREG)
  265                 return (0);
  266         mode = 0;
  267         if (amode & FREAD)
  268                 mode |= NFSV4OPEN_ACCESSREAD;
  269         if (amode & FWRITE)
  270                 mode |= NFSV4OPEN_ACCESSWRITE;
  271         nfhp = np->n_fhp;
  272 
  273         retrycnt = 0;
  274 #ifdef notdef
  275 { char name[100]; int namel;
  276 namel = (np->n_v4->n4_namelen < 100) ? np->n_v4->n4_namelen : 99;
  277 bcopy(NFS4NODENAME(np->n_v4), name, namel);
  278 name[namel] = '\0';
  279 printf("rpcopen p=0x%x name=%s",p->p_pid,name);
  280 if (nfhp->nfh_len > 0) printf(" fh=0x%x\n",nfhp->nfh_fh[12]);
  281 else printf(" fhl=0\n");
  282 }
  283 #endif
  284         do {
  285             dp = NULL;
  286             error = nfscl_open(vp, nfhp->nfh_fh, nfhp->nfh_len, mode, 1,
  287                 cred, p, NULL, &op, &newone, &ret, 1);
  288             if (error) {
  289                 return (error);
  290             }
  291             if (nmp->nm_clp != NULL)
  292                 clidrev = nmp->nm_clp->nfsc_clientidrev;
  293             else
  294                 clidrev = 0;
  295             if (ret == NFSCLOPEN_DOOPEN) {
  296                 if (np->n_v4 != NULL) {
  297                         error = nfsrpc_openrpc(nmp, vp, np->n_v4->n4_data,
  298                            np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
  299                            np->n_fhp->nfh_len, mode, op,
  300                            NFS4NODENAME(np->n_v4), np->n_v4->n4_namelen, &dp,
  301                            0, 0x0, cred, p, 0, 0);
  302                         if (dp != NULL) {
  303 #ifdef APPLE
  304                                 OSBitAndAtomic((int32_t)~NDELEGMOD, (UInt32 *)&np->n_flag);
  305 #else
  306                                 NFSLOCKNODE(np);
  307                                 np->n_flag &= ~NDELEGMOD;
  308                                 /*
  309                                  * Invalidate the attribute cache, so that
  310                                  * attributes that pre-date the issue of a
  311                                  * delegation are not cached, since the
  312                                  * cached attributes will remain valid while
  313                                  * the delegation is held.
  314                                  */
  315                                 NFSINVALATTRCACHE(np);
  316                                 NFSUNLOCKNODE(np);
  317 #endif
  318                                 (void) nfscl_deleg(nmp->nm_mountp,
  319                                     op->nfso_own->nfsow_clp,
  320                                     nfhp->nfh_fh, nfhp->nfh_len, cred, p, &dp);
  321                         }
  322                 } else {
  323                         error = EIO;
  324                 }
  325                 newnfs_copyincred(cred, &op->nfso_cred);
  326             } else if (ret == NFSCLOPEN_SETCRED)
  327                 /*
  328                  * This is a new local open on a delegation. It needs
  329                  * to have credentials so that an open can be done
  330                  * against the server during recovery.
  331                  */
  332                 newnfs_copyincred(cred, &op->nfso_cred);
  333 
  334             /*
  335              * nfso_opencnt is the count of how many VOP_OPEN()s have
  336              * been done on this Open successfully and a VOP_CLOSE()
  337              * is expected for each of these.
  338              * If error is non-zero, don't increment it, since the Open
  339              * hasn't succeeded yet.
  340              */
  341             if (!error)
  342                 op->nfso_opencnt++;
  343             nfscl_openrelease(op, error, newone);
  344             if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
  345                 error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
  346                 error == NFSERR_BADSESSION) {
  347                 (void) nfs_catnap(PZERO, error, "nfs_open");
  348             } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
  349                 && clidrev != 0) {
  350                 expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
  351                 retrycnt++;
  352             }
  353         } while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
  354             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
  355             error == NFSERR_BADSESSION ||
  356             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
  357              expireret == 0 && clidrev != 0 && retrycnt < 4));
  358         if (error && retrycnt >= 4)
  359                 error = EIO;
  360         return (error);
  361 }
  362 
  363 /*
  364  * the actual open rpc
  365  */
  366 APPLESTATIC int
  367 nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp, int fhlen,
  368     u_int8_t *newfhp, int newfhlen, u_int32_t mode, struct nfsclopen *op,
  369     u_int8_t *name, int namelen, struct nfscldeleg **dpp,
  370     int reclaim, u_int32_t delegtype, struct ucred *cred, NFSPROC_T *p,
  371     int syscred, int recursed)
  372 {
  373         u_int32_t *tl;
  374         struct nfsrv_descript nfsd, *nd = &nfsd;
  375         struct nfscldeleg *dp, *ndp = NULL;
  376         struct nfsvattr nfsva;
  377         u_int32_t rflags, deleg;
  378         nfsattrbit_t attrbits;
  379         int error, ret, acesize, limitby;
  380 
  381         dp = *dpp;
  382         *dpp = NULL;
  383         nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL);
  384         NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
  385         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  386         *tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
  387         *tl++ = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
  388         *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0];
  389         *tl = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1];
  390         (void) nfsm_strtom(nd, op->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN);
  391         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  392         *tl++ = txdr_unsigned(NFSV4OPEN_NOCREATE);
  393         if (reclaim) {
  394                 *tl = txdr_unsigned(NFSV4OPEN_CLAIMPREVIOUS);
  395                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  396                 *tl = txdr_unsigned(delegtype);
  397         } else {
  398                 if (dp != NULL) {
  399                         *tl = txdr_unsigned(NFSV4OPEN_CLAIMDELEGATECUR);
  400                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
  401                         if (NFSHASNFSV4N(nmp))
  402                                 *tl++ = 0;
  403                         else
  404                                 *tl++ = dp->nfsdl_stateid.seqid;
  405                         *tl++ = dp->nfsdl_stateid.other[0];
  406                         *tl++ = dp->nfsdl_stateid.other[1];
  407                         *tl = dp->nfsdl_stateid.other[2];
  408                 } else {
  409                         *tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
  410                 }
  411                 (void) nfsm_strtom(nd, name, namelen);
  412         }
  413         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  414         *tl = txdr_unsigned(NFSV4OP_GETATTR);
  415         NFSZERO_ATTRBIT(&attrbits);
  416         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_CHANGE);
  417         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFY);
  418         (void) nfsrv_putattrbit(nd, &attrbits);
  419         if (syscred)
  420                 nd->nd_flag |= ND_USEGSSNAME;
  421         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
  422             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  423         if (error)
  424                 return (error);
  425         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  426         if (!nd->nd_repstat) {
  427                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
  428                     6 * NFSX_UNSIGNED);
  429                 op->nfso_stateid.seqid = *tl++;
  430                 op->nfso_stateid.other[0] = *tl++;
  431                 op->nfso_stateid.other[1] = *tl++;
  432                 op->nfso_stateid.other[2] = *tl;
  433                 rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
  434                 error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
  435                 if (error)
  436                         goto nfsmout;
  437                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
  438                 deleg = fxdr_unsigned(u_int32_t, *tl);
  439                 if (deleg == NFSV4OPEN_DELEGATEREAD ||
  440                     deleg == NFSV4OPEN_DELEGATEWRITE) {
  441                         if (!(op->nfso_own->nfsow_clp->nfsc_flags &
  442                               NFSCLFLAGS_FIRSTDELEG))
  443                                 op->nfso_own->nfsow_clp->nfsc_flags |=
  444                                   (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
  445                         MALLOC(ndp, struct nfscldeleg *,
  446                             sizeof (struct nfscldeleg) + newfhlen,
  447                             M_NFSCLDELEG, M_WAITOK);
  448                         LIST_INIT(&ndp->nfsdl_owner);
  449                         LIST_INIT(&ndp->nfsdl_lock);
  450                         ndp->nfsdl_clp = op->nfso_own->nfsow_clp;
  451                         ndp->nfsdl_fhlen = newfhlen;
  452                         NFSBCOPY(newfhp, ndp->nfsdl_fh, newfhlen);
  453                         newnfs_copyincred(cred, &ndp->nfsdl_cred);
  454                         nfscl_lockinit(&ndp->nfsdl_rwlock);
  455                         NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
  456                             NFSX_UNSIGNED);
  457                         ndp->nfsdl_stateid.seqid = *tl++;
  458                         ndp->nfsdl_stateid.other[0] = *tl++;
  459                         ndp->nfsdl_stateid.other[1] = *tl++;
  460                         ndp->nfsdl_stateid.other[2] = *tl++;
  461                         ret = fxdr_unsigned(int, *tl);
  462                         if (deleg == NFSV4OPEN_DELEGATEWRITE) {
  463                                 ndp->nfsdl_flags = NFSCLDL_WRITE;
  464                                 /*
  465                                  * Indicates how much the file can grow.
  466                                  */
  467                                 NFSM_DISSECT(tl, u_int32_t *,
  468                                     3 * NFSX_UNSIGNED);
  469                                 limitby = fxdr_unsigned(int, *tl++);
  470                                 switch (limitby) {
  471                                 case NFSV4OPEN_LIMITSIZE:
  472                                         ndp->nfsdl_sizelimit = fxdr_hyper(tl);
  473                                         break;
  474                                 case NFSV4OPEN_LIMITBLOCKS:
  475                                         ndp->nfsdl_sizelimit =
  476                                             fxdr_unsigned(u_int64_t, *tl++);
  477                                         ndp->nfsdl_sizelimit *=
  478                                             fxdr_unsigned(u_int64_t, *tl);
  479                                         break;
  480                                 default:
  481                                         error = NFSERR_BADXDR;
  482                                         goto nfsmout;
  483                                 };
  484                         } else {
  485                                 ndp->nfsdl_flags = NFSCLDL_READ;
  486                         }
  487                         if (ret)
  488                                 ndp->nfsdl_flags |= NFSCLDL_RECALL;
  489                         error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret,
  490                             &acesize, p);
  491                         if (error)
  492                                 goto nfsmout;
  493                 } else if (deleg != NFSV4OPEN_DELEGATENONE) {
  494                         error = NFSERR_BADXDR;
  495                         goto nfsmout;
  496                 }
  497                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  498                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
  499                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
  500                     NULL, NULL, NULL, p, cred);
  501                 if (error)
  502                         goto nfsmout;
  503                 if (ndp != NULL) {
  504                         ndp->nfsdl_change = nfsva.na_filerev;
  505                         ndp->nfsdl_modtime = nfsva.na_mtime;
  506                         ndp->nfsdl_flags |= NFSCLDL_MODTIMESET;
  507                 }
  508                 if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM)) {
  509                     do {
  510                         ret = nfsrpc_openconfirm(vp, newfhp, newfhlen, op,
  511                             cred, p);
  512                         if (ret == NFSERR_DELAY)
  513                             (void) nfs_catnap(PZERO, ret, "nfs_open");
  514                     } while (ret == NFSERR_DELAY);
  515                     error = ret;
  516                 }
  517                 if ((rflags & NFSV4OPEN_LOCKTYPEPOSIX) ||
  518                     nfscl_assumeposixlocks)
  519                     op->nfso_posixlock = 1;
  520                 else
  521                     op->nfso_posixlock = 0;
  522 
  523                 /*
  524                  * If the server is handing out delegations, but we didn't
  525                  * get one because an OpenConfirm was required, try the
  526                  * Open again, to get a delegation. This is a harmless no-op,
  527                  * from a server's point of view.
  528                  */
  529                 if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM) &&
  530                     (op->nfso_own->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG)
  531                     && !error && dp == NULL && ndp == NULL && !recursed) {
  532                     do {
  533                         ret = nfsrpc_openrpc(nmp, vp, nfhp, fhlen, newfhp,
  534                             newfhlen, mode, op, name, namelen, &ndp, 0, 0x0,
  535                             cred, p, syscred, 1);
  536                         if (ret == NFSERR_DELAY)
  537                             (void) nfs_catnap(PZERO, ret, "nfs_open2");
  538                     } while (ret == NFSERR_DELAY);
  539                     if (ret) {
  540                         if (ndp != NULL)
  541                                 FREE((caddr_t)ndp, M_NFSCLDELEG);
  542                         if (ret == NFSERR_STALECLIENTID ||
  543                             ret == NFSERR_STALEDONTRECOVER ||
  544                             ret == NFSERR_BADSESSION)
  545                                 error = ret;
  546                     }
  547                 }
  548         }
  549         if (nd->nd_repstat != 0 && error == 0)
  550                 error = nd->nd_repstat;
  551         if (error == NFSERR_STALECLIENTID || error == NFSERR_BADSESSION)
  552                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  553 nfsmout:
  554         if (!error)
  555                 *dpp = ndp;
  556         else if (ndp != NULL)
  557                 FREE((caddr_t)ndp, M_NFSCLDELEG);
  558         mbuf_freem(nd->nd_mrep);
  559         return (error);
  560 }
  561 
  562 /*
  563  * open downgrade rpc
  564  */
  565 APPLESTATIC int
  566 nfsrpc_opendowngrade(vnode_t vp, u_int32_t mode, struct nfsclopen *op,
  567     struct ucred *cred, NFSPROC_T *p)
  568 {
  569         u_int32_t *tl;
  570         struct nfsrv_descript nfsd, *nd = &nfsd;
  571         int error;
  572 
  573         NFSCL_REQSTART(nd, NFSPROC_OPENDOWNGRADE, vp);
  574         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 3 * NFSX_UNSIGNED);
  575         if (NFSHASNFSV4N(VFSTONFS(vnode_mount(vp))))
  576                 *tl++ = 0;
  577         else
  578                 *tl++ = op->nfso_stateid.seqid;
  579         *tl++ = op->nfso_stateid.other[0];
  580         *tl++ = op->nfso_stateid.other[1];
  581         *tl++ = op->nfso_stateid.other[2];
  582         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  583         *tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
  584         *tl = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
  585         error = nfscl_request(nd, vp, p, cred, NULL);
  586         if (error)
  587                 return (error);
  588         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  589         if (!nd->nd_repstat) {
  590                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  591                 op->nfso_stateid.seqid = *tl++;
  592                 op->nfso_stateid.other[0] = *tl++;
  593                 op->nfso_stateid.other[1] = *tl++;
  594                 op->nfso_stateid.other[2] = *tl;
  595         }
  596         if (nd->nd_repstat && error == 0)
  597                 error = nd->nd_repstat;
  598         if (error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION)
  599                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  600 nfsmout:
  601         mbuf_freem(nd->nd_mrep);
  602         return (error);
  603 }
  604 
  605 /*
  606  * V4 Close operation.
  607  */
  608 APPLESTATIC int
  609 nfsrpc_close(vnode_t vp, int doclose, NFSPROC_T *p)
  610 {
  611         struct nfsclclient *clp;
  612         int error;
  613 
  614         if (vnode_vtype(vp) != VREG)
  615                 return (0);
  616         if (doclose)
  617                 error = nfscl_doclose(vp, &clp, p);
  618         else
  619                 error = nfscl_getclose(vp, &clp);
  620         if (error)
  621                 return (error);
  622 
  623         nfscl_clientrelease(clp);
  624         return (0);
  625 }
  626 
  627 /*
  628  * Close the open.
  629  */
  630 APPLESTATIC void
  631 nfsrpc_doclose(struct nfsmount *nmp, struct nfsclopen *op, NFSPROC_T *p)
  632 {
  633         struct nfsrv_descript nfsd, *nd = &nfsd;
  634         struct nfscllockowner *lp, *nlp;
  635         struct nfscllock *lop, *nlop;
  636         struct ucred *tcred;
  637         u_int64_t off = 0, len = 0;
  638         u_int32_t type = NFSV4LOCKT_READ;
  639         int error, do_unlock, trycnt;
  640 
  641         tcred = newnfs_getcred();
  642         newnfs_copycred(&op->nfso_cred, tcred);
  643         /*
  644          * (Theoretically this could be done in the same
  645          *  compound as the close, but having multiple
  646          *  sequenced Ops in the same compound might be
  647          *  too scary for some servers.)
  648          */
  649         if (op->nfso_posixlock) {
  650                 off = 0;
  651                 len = NFS64BITSSET;
  652                 type = NFSV4LOCKT_READ;
  653         }
  654 
  655         /*
  656          * Since this function is only called from VOP_INACTIVE(), no
  657          * other thread will be manipulating this Open. As such, the
  658          * lock lists are not being changed by other threads, so it should
  659          * be safe to do this without locking.
  660          */
  661         LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
  662                 do_unlock = 1;
  663                 LIST_FOREACH_SAFE(lop, &lp->nfsl_lock, nfslo_list, nlop) {
  664                         if (op->nfso_posixlock == 0) {
  665                                 off = lop->nfslo_first;
  666                                 len = lop->nfslo_end - lop->nfslo_first;
  667                                 if (lop->nfslo_type == F_WRLCK)
  668                                         type = NFSV4LOCKT_WRITE;
  669                                 else
  670                                         type = NFSV4LOCKT_READ;
  671                         }
  672                         if (do_unlock) {
  673                                 trycnt = 0;
  674                                 do {
  675                                         error = nfsrpc_locku(nd, nmp, lp, off,
  676                                             len, type, tcred, p, 0);
  677                                         if ((nd->nd_repstat == NFSERR_GRACE ||
  678                                             nd->nd_repstat == NFSERR_DELAY) &&
  679                                             error == 0)
  680                                                 (void) nfs_catnap(PZERO,
  681                                                     (int)nd->nd_repstat,
  682                                                     "nfs_close");
  683                                 } while ((nd->nd_repstat == NFSERR_GRACE ||
  684                                     nd->nd_repstat == NFSERR_DELAY) &&
  685                                     error == 0 && trycnt++ < 5);
  686                                 if (op->nfso_posixlock)
  687                                         do_unlock = 0;
  688                         }
  689                         nfscl_freelock(lop, 0);
  690                 }
  691                 /*
  692                  * Do a ReleaseLockOwner.
  693                  * The lock owner name nfsl_owner may be used by other opens for
  694                  * other files but the lock_owner4 name that nfsrpc_rellockown()
  695                  * puts on the wire has the file handle for this file appended
  696                  * to it, so it can be done now.
  697                  */
  698                 (void)nfsrpc_rellockown(nmp, lp, lp->nfsl_open->nfso_fh,
  699                     lp->nfsl_open->nfso_fhlen, tcred, p);
  700         }
  701 
  702         /*
  703          * There could be other Opens for different files on the same
  704          * OpenOwner, so locking is required.
  705          */
  706         NFSLOCKCLSTATE();
  707         nfscl_lockexcl(&op->nfso_own->nfsow_rwlock, NFSCLSTATEMUTEXPTR);
  708         NFSUNLOCKCLSTATE();
  709         do {
  710                 error = nfscl_tryclose(op, tcred, nmp, p);
  711                 if (error == NFSERR_GRACE)
  712                         (void) nfs_catnap(PZERO, error, "nfs_close");
  713         } while (error == NFSERR_GRACE);
  714         NFSLOCKCLSTATE();
  715         nfscl_lockunlock(&op->nfso_own->nfsow_rwlock);
  716 
  717         LIST_FOREACH_SAFE(lp, &op->nfso_lock, nfsl_list, nlp)
  718                 nfscl_freelockowner(lp, 0);
  719         nfscl_freeopen(op, 0);
  720         NFSUNLOCKCLSTATE();
  721         NFSFREECRED(tcred);
  722 }
  723 
  724 /*
  725  * The actual Close RPC.
  726  */
  727 APPLESTATIC int
  728 nfsrpc_closerpc(struct nfsrv_descript *nd, struct nfsmount *nmp,
  729     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p,
  730     int syscred)
  731 {
  732         u_int32_t *tl;
  733         int error;
  734 
  735         nfscl_reqstart(nd, NFSPROC_CLOSE, nmp, op->nfso_fh,
  736             op->nfso_fhlen, NULL, NULL);
  737         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
  738         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  739         if (NFSHASNFSV4N(nmp))
  740                 *tl++ = 0;
  741         else
  742                 *tl++ = op->nfso_stateid.seqid;
  743         *tl++ = op->nfso_stateid.other[0];
  744         *tl++ = op->nfso_stateid.other[1];
  745         *tl = op->nfso_stateid.other[2];
  746         if (syscred)
  747                 nd->nd_flag |= ND_USEGSSNAME;
  748         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
  749             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  750         if (error)
  751                 return (error);
  752         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  753         if (nd->nd_repstat == 0)
  754                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  755         error = nd->nd_repstat;
  756         if (error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION)
  757                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  758 nfsmout:
  759         mbuf_freem(nd->nd_mrep);
  760         return (error);
  761 }
  762 
  763 /*
  764  * V4 Open Confirm RPC.
  765  */
  766 APPLESTATIC int
  767 nfsrpc_openconfirm(vnode_t vp, u_int8_t *nfhp, int fhlen,
  768     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p)
  769 {
  770         u_int32_t *tl;
  771         struct nfsrv_descript nfsd, *nd = &nfsd;
  772         struct nfsmount *nmp;
  773         int error;
  774 
  775         nmp = VFSTONFS(vnode_mount(vp));
  776         if (NFSHASNFSV4N(nmp))
  777                 return (0);             /* No confirmation for NFSv4.1. */
  778         nfscl_reqstart(nd, NFSPROC_OPENCONFIRM, nmp, nfhp, fhlen, NULL, NULL);
  779         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
  780         *tl++ = op->nfso_stateid.seqid;
  781         *tl++ = op->nfso_stateid.other[0];
  782         *tl++ = op->nfso_stateid.other[1];
  783         *tl++ = op->nfso_stateid.other[2];
  784         *tl = txdr_unsigned(op->nfso_own->nfsow_seqid);
  785         error = nfscl_request(nd, vp, p, cred, NULL);
  786         if (error)
  787                 return (error);
  788         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  789         if (!nd->nd_repstat) {
  790                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  791                 op->nfso_stateid.seqid = *tl++;
  792                 op->nfso_stateid.other[0] = *tl++;
  793                 op->nfso_stateid.other[1] = *tl++;
  794                 op->nfso_stateid.other[2] = *tl;
  795         }
  796         error = nd->nd_repstat;
  797         if (error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION)
  798                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  799 nfsmout:
  800         mbuf_freem(nd->nd_mrep);
  801         return (error);
  802 }
  803 
  804 /*
  805  * Do the setclientid and setclientid confirm RPCs. Called from nfs_statfs()
  806  * when a mount has just occurred and when the server replies NFSERR_EXPIRED.
  807  */
  808 APPLESTATIC int
  809 nfsrpc_setclient(struct nfsmount *nmp, struct nfsclclient *clp, int reclaim,
  810     struct ucred *cred, NFSPROC_T *p)
  811 {
  812         u_int32_t *tl;
  813         struct nfsrv_descript nfsd;
  814         struct nfsrv_descript *nd = &nfsd;
  815         nfsattrbit_t attrbits;
  816         u_int8_t *cp = NULL, *cp2, addr[INET6_ADDRSTRLEN + 9];
  817         u_short port;
  818         int error, isinet6 = 0, callblen;
  819         nfsquad_t confirm;
  820         u_int32_t lease;
  821         static u_int32_t rev = 0;
  822         struct nfsclds *dsp, *ndsp, *tdsp;
  823 
  824         if (nfsboottime.tv_sec == 0)
  825                 NFSSETBOOTTIME(nfsboottime);
  826         clp->nfsc_rev = rev++;
  827         if (NFSHASNFSV4N(nmp)) {
  828                 error = nfsrpc_exchangeid(nmp, clp, &nmp->nm_sockreq,
  829                     NFSV4EXCH_USEPNFSMDS | NFSV4EXCH_USENONPNFS, &dsp, cred, p);
  830                 NFSCL_DEBUG(1, "aft exch=%d\n", error);
  831                 if (error == 0) {
  832                         error = nfsrpc_createsession(nmp, &dsp->nfsclds_sess,
  833                             &nmp->nm_sockreq,
  834                             dsp->nfsclds_sess.nfsess_sequenceid, 1, cred, p);
  835                         if (error == 0) {
  836                                 NFSLOCKMNT(nmp);
  837                                 TAILQ_FOREACH_SAFE(tdsp, &nmp->nm_sess,
  838                                     nfsclds_list, ndsp)
  839                                         nfscl_freenfsclds(tdsp);
  840                                 TAILQ_INIT(&nmp->nm_sess);
  841                                 TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp,
  842                                     nfsclds_list);
  843                                 NFSUNLOCKMNT(nmp);
  844                         } else
  845                                 nfscl_freenfsclds(dsp);
  846                         NFSCL_DEBUG(1, "aft createsess=%d\n", error);
  847                 }
  848                 if (error == 0 && reclaim == 0) {
  849                         error = nfsrpc_reclaimcomplete(nmp, cred, p);
  850                         NFSCL_DEBUG(1, "aft reclaimcomp=%d\n", error);
  851                         if (error == NFSERR_COMPLETEALREADY ||
  852                             error == NFSERR_NOTSUPP)
  853                                 /* Ignore this error. */
  854                                 error = 0;
  855                 }
  856                 return (error);
  857         }
  858 
  859         /*
  860          * Allocate a single session structure for NFSv4.0, because some of
  861          * the fields are used by NFSv4.0 although it doesn't do a session.
  862          */
  863         dsp = malloc(sizeof(struct nfsclds), M_NFSCLDS, M_WAITOK | M_ZERO);
  864         mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
  865         mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession", NULL, MTX_DEF);
  866         NFSLOCKMNT(nmp);
  867         TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp, nfsclds_list);
  868         NFSUNLOCKMNT(nmp);
  869 
  870         nfscl_reqstart(nd, NFSPROC_SETCLIENTID, nmp, NULL, 0, NULL, NULL);
  871         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  872         *tl++ = txdr_unsigned(nfsboottime.tv_sec);
  873         *tl = txdr_unsigned(clp->nfsc_rev);
  874         (void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
  875 
  876         /*
  877          * set up the callback address
  878          */
  879         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  880         *tl = txdr_unsigned(NFS_CALLBCKPROG);
  881         callblen = strlen(nfsv4_callbackaddr);
  882         if (callblen == 0)
  883                 cp = nfscl_getmyip(nmp, &isinet6);
  884         if (nfscl_enablecallb && nfs_numnfscbd > 0 &&
  885             (callblen > 0 || cp != NULL)) {
  886                 port = htons(nfsv4_cbport);
  887                 cp2 = (u_int8_t *)&port;
  888 #ifdef INET6
  889                 if ((callblen > 0 &&
  890                      strchr(nfsv4_callbackaddr, ':')) || isinet6) {
  891                         char ip6buf[INET6_ADDRSTRLEN], *ip6add;
  892 
  893                         (void) nfsm_strtom(nd, "tcp6", 4);
  894                         if (callblen == 0) {
  895                                 ip6_sprintf(ip6buf, (struct in6_addr *)cp);
  896                                 ip6add = ip6buf;
  897                         } else {
  898                                 ip6add = nfsv4_callbackaddr;
  899                         }
  900                         snprintf(addr, INET6_ADDRSTRLEN + 9, "%s.%d.%d",
  901                             ip6add, cp2[0], cp2[1]);
  902                 } else
  903 #endif
  904                 {
  905                         (void) nfsm_strtom(nd, "tcp", 3);
  906                         if (callblen == 0)
  907                                 snprintf(addr, INET6_ADDRSTRLEN + 9,
  908                                     "%d.%d.%d.%d.%d.%d", cp[0], cp[1],
  909                                     cp[2], cp[3], cp2[0], cp2[1]);
  910                         else
  911                                 snprintf(addr, INET6_ADDRSTRLEN + 9,
  912                                     "%s.%d.%d", nfsv4_callbackaddr,
  913                                     cp2[0], cp2[1]);
  914                 }
  915                 (void) nfsm_strtom(nd, addr, strlen(addr));
  916         } else {
  917                 (void) nfsm_strtom(nd, "tcp", 3);
  918                 (void) nfsm_strtom(nd, "0.0.0.0.0.0", 11);
  919         }
  920         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  921         *tl = txdr_unsigned(clp->nfsc_cbident);
  922         nd->nd_flag |= ND_USEGSSNAME;
  923         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
  924                 NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  925         if (error)
  926                 return (error);
  927         if (nd->nd_repstat == 0) {
  928             NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
  929             NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0] = *tl++;
  930             NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1] = *tl++;
  931             confirm.lval[0] = *tl++;
  932             confirm.lval[1] = *tl;
  933             mbuf_freem(nd->nd_mrep);
  934             nd->nd_mrep = NULL;
  935 
  936             /*
  937              * and confirm it.
  938              */
  939             nfscl_reqstart(nd, NFSPROC_SETCLIENTIDCFRM, nmp, NULL, 0, NULL,
  940                 NULL);
  941             NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
  942             *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0];
  943             *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1];
  944             *tl++ = confirm.lval[0];
  945             *tl = confirm.lval[1];
  946             nd->nd_flag |= ND_USEGSSNAME;
  947             error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p,
  948                 cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  949             if (error)
  950                 return (error);
  951             mbuf_freem(nd->nd_mrep);
  952             nd->nd_mrep = NULL;
  953             if (nd->nd_repstat == 0) {
  954                 nfscl_reqstart(nd, NFSPROC_GETATTR, nmp, nmp->nm_fh,
  955                     nmp->nm_fhsize, NULL, NULL);
  956                 NFSZERO_ATTRBIT(&attrbits);
  957                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_LEASETIME);
  958                 (void) nfsrv_putattrbit(nd, &attrbits);
  959                 nd->nd_flag |= ND_USEGSSNAME;
  960                 error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p,
  961                     cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  962                 if (error)
  963                     return (error);
  964                 if (nd->nd_repstat == 0) {
  965                     error = nfsv4_loadattr(nd, NULL, NULL, NULL, NULL, 0, NULL,
  966                         NULL, NULL, NULL, NULL, 0, NULL, &lease, NULL, p, cred);
  967                     if (error)
  968                         goto nfsmout;
  969                     clp->nfsc_renew = NFSCL_RENEW(lease);
  970                     clp->nfsc_expire = NFSD_MONOSEC + clp->nfsc_renew;
  971                     clp->nfsc_clientidrev++;
  972                     if (clp->nfsc_clientidrev == 0)
  973                         clp->nfsc_clientidrev++;
  974                 }
  975             }
  976         }
  977         error = nd->nd_repstat;
  978 nfsmout:
  979         mbuf_freem(nd->nd_mrep);
  980         return (error);
  981 }
  982 
  983 /*
  984  * nfs getattr call.
  985  */
  986 APPLESTATIC int
  987 nfsrpc_getattr(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
  988     struct nfsvattr *nap, void *stuff)
  989 {
  990         struct nfsrv_descript nfsd, *nd = &nfsd;
  991         int error;
  992         nfsattrbit_t attrbits;
  993         
  994         NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
  995         if (nd->nd_flag & ND_NFSV4) {
  996                 NFSGETATTR_ATTRBIT(&attrbits);
  997                 (void) nfsrv_putattrbit(nd, &attrbits);
  998         }
  999         error = nfscl_request(nd, vp, p, cred, stuff);
 1000         if (error)
 1001                 return (error);
 1002         if (!nd->nd_repstat)
 1003                 error = nfsm_loadattr(nd, nap);
 1004         else
 1005                 error = nd->nd_repstat;
 1006         mbuf_freem(nd->nd_mrep);
 1007         return (error);
 1008 }
 1009 
 1010 /*
 1011  * nfs getattr call with non-vnode arguemnts.
 1012  */
 1013 APPLESTATIC int
 1014 nfsrpc_getattrnovp(struct nfsmount *nmp, u_int8_t *fhp, int fhlen, int syscred,
 1015     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, u_int64_t *xidp,
 1016     uint32_t *leasep)
 1017 {
 1018         struct nfsrv_descript nfsd, *nd = &nfsd;
 1019         int error, vers = NFS_VER2;
 1020         nfsattrbit_t attrbits;
 1021         
 1022         nfscl_reqstart(nd, NFSPROC_GETATTR, nmp, fhp, fhlen, NULL, NULL);
 1023         if (nd->nd_flag & ND_NFSV4) {
 1024                 vers = NFS_VER4;
 1025                 NFSGETATTR_ATTRBIT(&attrbits);
 1026                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_LEASETIME);
 1027                 (void) nfsrv_putattrbit(nd, &attrbits);
 1028         } else if (nd->nd_flag & ND_NFSV3) {
 1029                 vers = NFS_VER3;
 1030         }
 1031         if (syscred)
 1032                 nd->nd_flag |= ND_USEGSSNAME;
 1033         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 1034             NFS_PROG, vers, NULL, 1, xidp, NULL);
 1035         if (error)
 1036                 return (error);
 1037         if (nd->nd_repstat == 0) {
 1038                 if ((nd->nd_flag & ND_NFSV4) != 0)
 1039                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 1040                             NULL, NULL, NULL, NULL, NULL, 0, NULL, leasep, NULL,
 1041                             NULL, NULL);
 1042                 else
 1043                         error = nfsm_loadattr(nd, nap);
 1044         } else
 1045                 error = nd->nd_repstat;
 1046         mbuf_freem(nd->nd_mrep);
 1047         return (error);
 1048 }
 1049 
 1050 /*
 1051  * Do an nfs setattr operation.
 1052  */
 1053 APPLESTATIC int
 1054 nfsrpc_setattr(vnode_t vp, struct vattr *vap, NFSACL_T *aclp,
 1055     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *rnap, int *attrflagp,
 1056     void *stuff)
 1057 {
 1058         int error, expireret = 0, openerr, retrycnt;
 1059         u_int32_t clidrev = 0, mode;
 1060         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1061         struct nfsfh *nfhp;
 1062         nfsv4stateid_t stateid;
 1063         void *lckp;
 1064 
 1065         if (nmp->nm_clp != NULL)
 1066                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1067         if (vap != NULL && NFSATTRISSET(u_quad_t, vap, va_size))
 1068                 mode = NFSV4OPEN_ACCESSWRITE;
 1069         else
 1070                 mode = NFSV4OPEN_ACCESSREAD;
 1071         retrycnt = 0;
 1072         do {
 1073                 lckp = NULL;
 1074                 openerr = 1;
 1075                 if (NFSHASNFSV4(nmp)) {
 1076                         nfhp = VTONFS(vp)->n_fhp;
 1077                         error = nfscl_getstateid(vp, nfhp->nfh_fh,
 1078                             nfhp->nfh_len, mode, 0, cred, p, &stateid, &lckp);
 1079                         if (error && vnode_vtype(vp) == VREG &&
 1080                             (mode == NFSV4OPEN_ACCESSWRITE ||
 1081                              nfstest_openallsetattr)) {
 1082                                 /*
 1083                                  * No Open stateid, so try and open the file
 1084                                  * now.
 1085                                  */
 1086                                 if (mode == NFSV4OPEN_ACCESSWRITE)
 1087                                         openerr = nfsrpc_open(vp, FWRITE, cred,
 1088                                             p);
 1089                                 else
 1090                                         openerr = nfsrpc_open(vp, FREAD, cred,
 1091                                             p);
 1092                                 if (!openerr)
 1093                                         (void) nfscl_getstateid(vp,
 1094                                             nfhp->nfh_fh, nfhp->nfh_len,
 1095                                             mode, 0, cred, p, &stateid, &lckp);
 1096                         }
 1097                 }
 1098                 if (vap != NULL)
 1099                         error = nfsrpc_setattrrpc(vp, vap, &stateid, cred, p,
 1100                             rnap, attrflagp, stuff);
 1101                 else
 1102                         error = nfsrpc_setaclrpc(vp, cred, p, aclp, &stateid,
 1103                             stuff);
 1104                 if (error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION)
 1105                         nfscl_initiate_recovery(nmp->nm_clp);
 1106                 if (lckp != NULL)
 1107                         nfscl_lockderef(lckp);
 1108                 if (!openerr)
 1109                         (void) nfsrpc_close(vp, 0, p);
 1110                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1111                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1112                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1113                         (void) nfs_catnap(PZERO, error, "nfs_setattr");
 1114                 } else if ((error == NFSERR_EXPIRED ||
 1115                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1116                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1117                 }
 1118                 retrycnt++;
 1119         } while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1120             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1121             error == NFSERR_BADSESSION ||
 1122             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1123             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1124              expireret == 0 && clidrev != 0 && retrycnt < 4));
 1125         if (error && retrycnt >= 4)
 1126                 error = EIO;
 1127         return (error);
 1128 }
 1129 
 1130 static int
 1131 nfsrpc_setattrrpc(vnode_t vp, struct vattr *vap,
 1132     nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
 1133     struct nfsvattr *rnap, int *attrflagp, void *stuff)
 1134 {
 1135         u_int32_t *tl;
 1136         struct nfsrv_descript nfsd, *nd = &nfsd;
 1137         int error;
 1138         nfsattrbit_t attrbits;
 1139 
 1140         *attrflagp = 0;
 1141         NFSCL_REQSTART(nd, NFSPROC_SETATTR, vp);
 1142         if (nd->nd_flag & ND_NFSV4)
 1143                 nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1144         vap->va_type = vnode_vtype(vp);
 1145         nfscl_fillsattr(nd, vap, vp, NFSSATTR_FULL, 0);
 1146         if (nd->nd_flag & ND_NFSV3) {
 1147                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1148                 *tl = newnfs_false;
 1149         } else if (nd->nd_flag & ND_NFSV4) {
 1150                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1151                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1152                 NFSGETATTR_ATTRBIT(&attrbits);
 1153                 (void) nfsrv_putattrbit(nd, &attrbits);
 1154         }
 1155         error = nfscl_request(nd, vp, p, cred, stuff);
 1156         if (error)
 1157                 return (error);
 1158         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 1159                 error = nfscl_wcc_data(nd, vp, rnap, attrflagp, NULL, stuff);
 1160         if ((nd->nd_flag & ND_NFSV4) && !error)
 1161                 error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 1162         if (!(nd->nd_flag & ND_NFSV3) && !nd->nd_repstat && !error)
 1163                 error = nfscl_postop_attr(nd, rnap, attrflagp, stuff);
 1164         mbuf_freem(nd->nd_mrep);
 1165         if (nd->nd_repstat && !error)
 1166                 error = nd->nd_repstat;
 1167         return (error);
 1168 }
 1169 
 1170 /*
 1171  * nfs lookup rpc
 1172  */
 1173 APPLESTATIC int
 1174 nfsrpc_lookup(vnode_t dvp, char *name, int len, struct ucred *cred,
 1175     NFSPROC_T *p, struct nfsvattr *dnap, struct nfsvattr *nap,
 1176     struct nfsfh **nfhpp, int *attrflagp, int *dattrflagp, void *stuff)
 1177 {
 1178         u_int32_t *tl;
 1179         struct nfsrv_descript nfsd, *nd = &nfsd;
 1180         struct nfsmount *nmp;
 1181         struct nfsnode *np;
 1182         struct nfsfh *nfhp;
 1183         nfsattrbit_t attrbits;
 1184         int error = 0, lookupp = 0;
 1185 
 1186         *attrflagp = 0;
 1187         *dattrflagp = 0;
 1188         if (vnode_vtype(dvp) != VDIR)
 1189                 return (ENOTDIR);
 1190         nmp = VFSTONFS(vnode_mount(dvp));
 1191         if (len > NFS_MAXNAMLEN)
 1192                 return (ENAMETOOLONG);
 1193         if (NFSHASNFSV4(nmp) && len == 1 &&
 1194                 name[0] == '.') {
 1195                 /*
 1196                  * Just return the current dir's fh.
 1197                  */
 1198                 np = VTONFS(dvp);
 1199                 MALLOC(nfhp, struct nfsfh *, sizeof (struct nfsfh) +
 1200                         np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
 1201                 nfhp->nfh_len = np->n_fhp->nfh_len;
 1202                 NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
 1203                 *nfhpp = nfhp;
 1204                 return (0);
 1205         }
 1206         if (NFSHASNFSV4(nmp) && len == 2 &&
 1207                 name[0] == '.' && name[1] == '.') {
 1208                 lookupp = 1;
 1209                 NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, dvp);
 1210         } else {
 1211                 NFSCL_REQSTART(nd, NFSPROC_LOOKUP, dvp);
 1212                 (void) nfsm_strtom(nd, name, len);
 1213         }
 1214         if (nd->nd_flag & ND_NFSV4) {
 1215                 NFSGETATTR_ATTRBIT(&attrbits);
 1216                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1217                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 1218                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1219                 (void) nfsrv_putattrbit(nd, &attrbits);
 1220         }
 1221         error = nfscl_request(nd, dvp, p, cred, stuff);
 1222         if (error)
 1223                 return (error);
 1224         if (nd->nd_repstat) {
 1225                 /*
 1226                  * When an NFSv4 Lookupp returns ENOENT, it means that
 1227                  * the lookup is at the root of an fs, so return this dir.
 1228                  */
 1229                 if (nd->nd_repstat == NFSERR_NOENT && lookupp) {
 1230                     np = VTONFS(dvp);
 1231                     MALLOC(nfhp, struct nfsfh *, sizeof (struct nfsfh) +
 1232                         np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
 1233                     nfhp->nfh_len = np->n_fhp->nfh_len;
 1234                     NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
 1235                     *nfhpp = nfhp;
 1236                     mbuf_freem(nd->nd_mrep);
 1237                     return (0);
 1238                 }
 1239                 if (nd->nd_flag & ND_NFSV3)
 1240                     error = nfscl_postop_attr(nd, dnap, dattrflagp, stuff);
 1241                 else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 1242                     ND_NFSV4) {
 1243                         /* Load the directory attributes. */
 1244                         error = nfsm_loadattr(nd, dnap);
 1245                         if (error == 0)
 1246                                 *dattrflagp = 1;
 1247                 }
 1248                 goto nfsmout;
 1249         }
 1250         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 1251                 /* Load the directory attributes. */
 1252                 error = nfsm_loadattr(nd, dnap);
 1253                 if (error != 0)
 1254                         goto nfsmout;
 1255                 *dattrflagp = 1;
 1256                 /* Skip over the Lookup and GetFH operation status values. */
 1257                 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1258         }
 1259         error = nfsm_getfh(nd, nfhpp);
 1260         if (error)
 1261                 goto nfsmout;
 1262 
 1263         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1264         if ((nd->nd_flag & ND_NFSV3) && !error)
 1265                 error = nfscl_postop_attr(nd, dnap, dattrflagp, stuff);
 1266 nfsmout:
 1267         mbuf_freem(nd->nd_mrep);
 1268         if (!error && nd->nd_repstat)
 1269                 error = nd->nd_repstat;
 1270         return (error);
 1271 }
 1272 
 1273 /*
 1274  * Do a readlink rpc.
 1275  */
 1276 APPLESTATIC int
 1277 nfsrpc_readlink(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1278     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1279 {
 1280         u_int32_t *tl;
 1281         struct nfsrv_descript nfsd, *nd = &nfsd;
 1282         struct nfsnode *np = VTONFS(vp);
 1283         nfsattrbit_t attrbits;
 1284         int error, len, cangetattr = 1;
 1285 
 1286         *attrflagp = 0;
 1287         NFSCL_REQSTART(nd, NFSPROC_READLINK, vp);
 1288         if (nd->nd_flag & ND_NFSV4) {
 1289                 /*
 1290                  * And do a Getattr op.
 1291                  */
 1292                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1293                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1294                 NFSGETATTR_ATTRBIT(&attrbits);
 1295                 (void) nfsrv_putattrbit(nd, &attrbits);
 1296         }
 1297         error = nfscl_request(nd, vp, p, cred, stuff);
 1298         if (error)
 1299                 return (error);
 1300         if (nd->nd_flag & ND_NFSV3)
 1301                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1302         if (!nd->nd_repstat && !error) {
 1303                 NFSM_STRSIZ(len, NFS_MAXPATHLEN);
 1304                 /*
 1305                  * This seems weird to me, but must have been added to
 1306                  * FreeBSD for some reason. The only thing I can think of
 1307                  * is that there was/is some server that replies with
 1308                  * more link data than it should?
 1309                  */
 1310                 if (len == NFS_MAXPATHLEN) {
 1311                         NFSLOCKNODE(np);
 1312                         if (np->n_size > 0 && np->n_size < NFS_MAXPATHLEN) {
 1313                                 len = np->n_size;
 1314                                 cangetattr = 0;
 1315                         }
 1316                         NFSUNLOCKNODE(np);
 1317                 }
 1318                 error = nfsm_mbufuio(nd, uiop, len);
 1319                 if ((nd->nd_flag & ND_NFSV4) && !error && cangetattr)
 1320                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1321         }
 1322         if (nd->nd_repstat && !error)
 1323                 error = nd->nd_repstat;
 1324 nfsmout:
 1325         mbuf_freem(nd->nd_mrep);
 1326         return (error);
 1327 }
 1328 
 1329 /*
 1330  * Read operation.
 1331  */
 1332 APPLESTATIC int
 1333 nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1334     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1335 {
 1336         int error, expireret = 0, retrycnt;
 1337         u_int32_t clidrev = 0;
 1338         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1339         struct nfsnode *np = VTONFS(vp);
 1340         struct ucred *newcred;
 1341         struct nfsfh *nfhp = NULL;
 1342         nfsv4stateid_t stateid;
 1343         void *lckp;
 1344 
 1345         if (nmp->nm_clp != NULL)
 1346                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1347         newcred = cred;
 1348         if (NFSHASNFSV4(nmp)) {
 1349                 nfhp = np->n_fhp;
 1350                 newcred = NFSNEWCRED(cred);
 1351         }
 1352         retrycnt = 0;
 1353         do {
 1354                 lckp = NULL;
 1355                 if (NFSHASNFSV4(nmp))
 1356                         (void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
 1357                             NFSV4OPEN_ACCESSREAD, 0, newcred, p, &stateid,
 1358                             &lckp);
 1359                 error = nfsrpc_readrpc(vp, uiop, newcred, &stateid, p, nap,
 1360                     attrflagp, stuff);
 1361                 if (error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION)
 1362                         nfscl_initiate_recovery(nmp->nm_clp);
 1363                 if (lckp != NULL)
 1364                         nfscl_lockderef(lckp);
 1365                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1366                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1367                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1368                         (void) nfs_catnap(PZERO, error, "nfs_read");
 1369                 } else if ((error == NFSERR_EXPIRED ||
 1370                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1371                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1372                 }
 1373                 retrycnt++;
 1374         } while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1375             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1376             error == NFSERR_BADSESSION ||
 1377             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1378             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1379              expireret == 0 && clidrev != 0 && retrycnt < 4));
 1380         if (error && retrycnt >= 4)
 1381                 error = EIO;
 1382         if (NFSHASNFSV4(nmp))
 1383                 NFSFREECRED(newcred);
 1384         return (error);
 1385 }
 1386 
 1387 /*
 1388  * The actual read RPC.
 1389  */
 1390 static int
 1391 nfsrpc_readrpc(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1392     nfsv4stateid_t *stateidp, NFSPROC_T *p, struct nfsvattr *nap,
 1393     int *attrflagp, void *stuff)
 1394 {
 1395         u_int32_t *tl;
 1396         int error = 0, len, retlen, tsiz, eof = 0;
 1397         struct nfsrv_descript nfsd;
 1398         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1399         struct nfsrv_descript *nd = &nfsd;
 1400         int rsize;
 1401         off_t tmp_off;
 1402 
 1403         *attrflagp = 0;
 1404         tsiz = uio_uio_resid(uiop);
 1405         tmp_off = uiop->uio_offset + tsiz;
 1406         NFSLOCKMNT(nmp);
 1407         if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
 1408                 NFSUNLOCKMNT(nmp);
 1409                 return (EFBIG);
 1410         }
 1411         rsize = nmp->nm_rsize;
 1412         NFSUNLOCKMNT(nmp);
 1413         nd->nd_mrep = NULL;
 1414         while (tsiz > 0) {
 1415                 *attrflagp = 0;
 1416                 len = (tsiz > rsize) ? rsize : tsiz;
 1417                 NFSCL_REQSTART(nd, NFSPROC_READ, vp);
 1418                 if (nd->nd_flag & ND_NFSV4)
 1419                         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1420                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED * 3);
 1421                 if (nd->nd_flag & ND_NFSV2) {
 1422                         *tl++ = txdr_unsigned(uiop->uio_offset);
 1423                         *tl++ = txdr_unsigned(len);
 1424                         *tl = 0;
 1425                 } else {
 1426                         txdr_hyper(uiop->uio_offset, tl);
 1427                         *(tl + 2) = txdr_unsigned(len);
 1428                 }
 1429                 /*
 1430                  * Since I can't do a Getattr for NFSv4 for Write, there
 1431                  * doesn't seem any point in doing one here, either.
 1432                  * (See the comment in nfsrpc_writerpc() for more info.)
 1433                  */
 1434                 error = nfscl_request(nd, vp, p, cred, stuff);
 1435                 if (error)
 1436                         return (error);
 1437                 if (nd->nd_flag & ND_NFSV3) {
 1438                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1439                 } else if (!nd->nd_repstat && (nd->nd_flag & ND_NFSV2)) {
 1440                         error = nfsm_loadattr(nd, nap);
 1441                         if (!error)
 1442                                 *attrflagp = 1;
 1443                 }
 1444                 if (nd->nd_repstat || error) {
 1445                         if (!error)
 1446                                 error = nd->nd_repstat;
 1447                         goto nfsmout;
 1448                 }
 1449                 if (nd->nd_flag & ND_NFSV3) {
 1450                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1451                         eof = fxdr_unsigned(int, *(tl + 1));
 1452                 } else if (nd->nd_flag & ND_NFSV4) {
 1453                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 1454                         eof = fxdr_unsigned(int, *tl);
 1455                 }
 1456                 NFSM_STRSIZ(retlen, len);
 1457                 error = nfsm_mbufuio(nd, uiop, retlen);
 1458                 if (error)
 1459                         goto nfsmout;
 1460                 mbuf_freem(nd->nd_mrep);
 1461                 nd->nd_mrep = NULL;
 1462                 tsiz -= retlen;
 1463                 if (!(nd->nd_flag & ND_NFSV2)) {
 1464                         if (eof || retlen == 0)
 1465                                 tsiz = 0;
 1466                 } else if (retlen < len)
 1467                         tsiz = 0;
 1468         }
 1469         return (0);
 1470 nfsmout:
 1471         if (nd->nd_mrep != NULL)
 1472                 mbuf_freem(nd->nd_mrep);
 1473         return (error);
 1474 }
 1475 
 1476 /*
 1477  * nfs write operation
 1478  * When called_from_strategy != 0, it should return EIO for an error that
 1479  * indicates recovery is in progress, so that the buffer will be left
 1480  * dirty and be written back to the server later. If it loops around,
 1481  * the recovery thread could get stuck waiting for the buffer and recovery
 1482  * will then deadlock.
 1483  */
 1484 APPLESTATIC int
 1485 nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 1486     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 1487     void *stuff, int called_from_strategy)
 1488 {
 1489         int error, expireret = 0, retrycnt, nostateid;
 1490         u_int32_t clidrev = 0;
 1491         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1492         struct nfsnode *np = VTONFS(vp);
 1493         struct ucred *newcred;
 1494         struct nfsfh *nfhp = NULL;
 1495         nfsv4stateid_t stateid;
 1496         void *lckp;
 1497 
 1498         *must_commit = 0;
 1499         if (nmp->nm_clp != NULL)
 1500                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1501         newcred = cred;
 1502         if (NFSHASNFSV4(nmp)) {
 1503                 newcred = NFSNEWCRED(cred);
 1504                 nfhp = np->n_fhp;
 1505         }
 1506         retrycnt = 0;
 1507         do {
 1508                 lckp = NULL;
 1509                 nostateid = 0;
 1510                 if (NFSHASNFSV4(nmp)) {
 1511                         (void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
 1512                             NFSV4OPEN_ACCESSWRITE, 0, newcred, p, &stateid,
 1513                             &lckp);
 1514                         if (stateid.other[0] == 0 && stateid.other[1] == 0 &&
 1515                             stateid.other[2] == 0) {
 1516                                 nostateid = 1;
 1517                                 NFSCL_DEBUG(1, "stateid0 in write\n");
 1518                         }
 1519                 }
 1520 
 1521                 /*
 1522                  * If there is no stateid for NFSv4, it means this is an
 1523                  * extraneous write after close. Basically a poorly
 1524                  * implemented buffer cache. Just don't do the write.
 1525                  */
 1526                 if (nostateid)
 1527                         error = 0;
 1528                 else
 1529                         error = nfsrpc_writerpc(vp, uiop, iomode, must_commit,
 1530                             newcred, &stateid, p, nap, attrflagp, stuff);
 1531                 if (error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION)
 1532                         nfscl_initiate_recovery(nmp->nm_clp);
 1533                 if (lckp != NULL)
 1534                         nfscl_lockderef(lckp);
 1535                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1536                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1537                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1538                         (void) nfs_catnap(PZERO, error, "nfs_write");
 1539                 } else if ((error == NFSERR_EXPIRED ||
 1540                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1541                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1542                 }
 1543                 retrycnt++;
 1544         } while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
 1545             ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
 1546               error == NFSERR_STALEDONTRECOVER) && called_from_strategy == 0) ||
 1547             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1548             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1549              expireret == 0 && clidrev != 0 && retrycnt < 4));
 1550         if (error != 0 && (retrycnt >= 4 ||
 1551             ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
 1552               error == NFSERR_STALEDONTRECOVER) && called_from_strategy != 0)))
 1553                 error = EIO;
 1554         if (NFSHASNFSV4(nmp))
 1555                 NFSFREECRED(newcred);
 1556         return (error);
 1557 }
 1558 
 1559 /*
 1560  * The actual write RPC.
 1561  */
 1562 static int
 1563 nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iomode,
 1564     int *must_commit, struct ucred *cred, nfsv4stateid_t *stateidp,
 1565     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1566 {
 1567         u_int32_t *tl;
 1568         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1569         struct nfsnode *np = VTONFS(vp);
 1570         int error = 0, len, tsiz, rlen, commit, committed = NFSWRITE_FILESYNC;
 1571         int wccflag = 0, wsize;
 1572         int32_t backup;
 1573         struct nfsrv_descript nfsd;
 1574         struct nfsrv_descript *nd = &nfsd;
 1575         nfsattrbit_t attrbits;
 1576         off_t tmp_off;
 1577 
 1578         KASSERT(uiop->uio_iovcnt == 1, ("nfs: writerpc iovcnt > 1"));
 1579         *attrflagp = 0;
 1580         tsiz = uio_uio_resid(uiop);
 1581         tmp_off = uiop->uio_offset + tsiz;
 1582         NFSLOCKMNT(nmp);
 1583         if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
 1584                 NFSUNLOCKMNT(nmp);
 1585                 return (EFBIG);
 1586         }
 1587         wsize = nmp->nm_wsize;
 1588         NFSUNLOCKMNT(nmp);
 1589         nd->nd_mrep = NULL;     /* NFSv2 sometimes does a write with */
 1590         nd->nd_repstat = 0;     /* uio_resid == 0, so the while is not done */
 1591         while (tsiz > 0) {
 1592                 *attrflagp = 0;
 1593                 len = (tsiz > wsize) ? wsize : tsiz;
 1594                 NFSCL_REQSTART(nd, NFSPROC_WRITE, vp);
 1595                 if (nd->nd_flag & ND_NFSV4) {
 1596                         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1597                         NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+2*NFSX_UNSIGNED);
 1598                         txdr_hyper(uiop->uio_offset, tl);
 1599                         tl += 2;
 1600                         *tl++ = txdr_unsigned(*iomode);
 1601                         *tl = txdr_unsigned(len);
 1602                 } else if (nd->nd_flag & ND_NFSV3) {
 1603                         NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+3*NFSX_UNSIGNED);
 1604                         txdr_hyper(uiop->uio_offset, tl);
 1605                         tl += 2;
 1606                         *tl++ = txdr_unsigned(len);
 1607                         *tl++ = txdr_unsigned(*iomode);
 1608                         *tl = txdr_unsigned(len);
 1609                 } else {
 1610                         u_int32_t x;
 1611 
 1612                         NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1613                         /*
 1614                          * Not sure why someone changed this, since the
 1615                          * RFC clearly states that "beginoffset" and
 1616                          * "totalcount" are ignored, but it wouldn't
 1617                          * surprise me if there's a busted server out there.
 1618                          */
 1619                         /* Set both "begin" and "current" to non-garbage. */
 1620                         x = txdr_unsigned((u_int32_t)uiop->uio_offset);
 1621                         *tl++ = x;      /* "begin offset" */
 1622                         *tl++ = x;      /* "current offset" */
 1623                         x = txdr_unsigned(len);
 1624                         *tl++ = x;      /* total to this offset */
 1625                         *tl = x;        /* size of this write */
 1626 
 1627                 }
 1628                 nfsm_uiombuf(nd, uiop, len);
 1629                 /*
 1630                  * Although it is tempting to do a normal Getattr Op in the
 1631                  * NFSv4 compound, the result can be a nearly hung client
 1632                  * system if the Getattr asks for Owner and/or OwnerGroup.
 1633                  * It occurs when the client can't map either the Owner or
 1634                  * Owner_group name in the Getattr reply to a uid/gid. When
 1635                  * there is a cache miss, the kernel does an upcall to the
 1636                  * nfsuserd. Then, it can try and read the local /etc/passwd
 1637                  * or /etc/group file. It can then block in getnewbuf(),
 1638                  * waiting for dirty writes to be pushed to the NFS server.
 1639                  * The only reason this doesn't result in a complete
 1640                  * deadlock, is that the upcall times out and allows
 1641                  * the write to complete. However, progress is so slow
 1642                  * that it might just as well be deadlocked.
 1643                  * As such, we get the rest of the attributes, but not
 1644                  * Owner or Owner_group.
 1645                  * nb: nfscl_loadattrcache() needs to be told that these
 1646                  *     partial attributes from a write rpc are being
 1647                  *     passed in, via a argument flag.
 1648                  */
 1649                 if (nd->nd_flag & ND_NFSV4) {
 1650                         NFSWRITEGETATTR_ATTRBIT(&attrbits);
 1651                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1652                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1653                         (void) nfsrv_putattrbit(nd, &attrbits);
 1654                 }
 1655                 error = nfscl_request(nd, vp, p, cred, stuff);
 1656                 if (error)
 1657                         return (error);
 1658                 if (nd->nd_repstat) {
 1659                         /*
 1660                          * In case the rpc gets retried, roll
 1661                          * the uio fileds changed by nfsm_uiombuf()
 1662                          * back.
 1663                          */
 1664                         uiop->uio_offset -= len;
 1665                         uio_uio_resid_add(uiop, len);
 1666                         uio_iov_base_add(uiop, -len);
 1667                         uio_iov_len_add(uiop, len);
 1668                 }
 1669                 if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 1670                         error = nfscl_wcc_data(nd, vp, nap, attrflagp,
 1671                             &wccflag, stuff);
 1672                         if (error)
 1673                                 goto nfsmout;
 1674                 }
 1675                 if (!nd->nd_repstat) {
 1676                         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 1677                                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED
 1678                                         + NFSX_VERF);
 1679                                 rlen = fxdr_unsigned(int, *tl++);
 1680                                 if (rlen == 0) {
 1681                                         error = NFSERR_IO;
 1682                                         goto nfsmout;
 1683                                 } else if (rlen < len) {
 1684                                         backup = len - rlen;
 1685                                         uio_iov_base_add(uiop, -(backup));
 1686                                         uio_iov_len_add(uiop, backup);
 1687                                         uiop->uio_offset -= backup;
 1688                                         uio_uio_resid_add(uiop, backup);
 1689                                         len = rlen;
 1690                                 }
 1691                                 commit = fxdr_unsigned(int, *tl++);
 1692 
 1693                                 /*
 1694                                  * Return the lowest committment level
 1695                                  * obtained by any of the RPCs.
 1696                                  */
 1697                                 if (committed == NFSWRITE_FILESYNC)
 1698                                         committed = commit;
 1699                                 else if (committed == NFSWRITE_DATASYNC &&
 1700                                         commit == NFSWRITE_UNSTABLE)
 1701                                         committed = commit;
 1702                                 NFSLOCKMNT(nmp);
 1703                                 if (!NFSHASWRITEVERF(nmp)) {
 1704                                         NFSBCOPY((caddr_t)tl,
 1705                                             (caddr_t)&nmp->nm_verf[0],
 1706                                             NFSX_VERF);
 1707                                         NFSSETWRITEVERF(nmp);
 1708                                 } else if (NFSBCMP(tl, nmp->nm_verf,
 1709                                     NFSX_VERF)) {
 1710                                         *must_commit = 1;
 1711                                         NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 1712                                 }
 1713                                 NFSUNLOCKMNT(nmp);
 1714                         }
 1715                         if (nd->nd_flag & ND_NFSV4)
 1716                                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1717                         if (nd->nd_flag & (ND_NFSV2 | ND_NFSV4)) {
 1718                                 error = nfsm_loadattr(nd, nap);
 1719                                 if (!error)
 1720                                         *attrflagp = NFS_LATTR_NOSHRINK;
 1721                         }
 1722                 } else {
 1723                         error = nd->nd_repstat;
 1724                 }
 1725                 if (error)
 1726                         goto nfsmout;
 1727                 NFSWRITERPC_SETTIME(wccflag, np, (nd->nd_flag & ND_NFSV4));
 1728                 mbuf_freem(nd->nd_mrep);
 1729                 nd->nd_mrep = NULL;
 1730                 tsiz -= len;
 1731         }
 1732 nfsmout:
 1733         if (nd->nd_mrep != NULL)
 1734                 mbuf_freem(nd->nd_mrep);
 1735         *iomode = committed;
 1736         if (nd->nd_repstat && !error)
 1737                 error = nd->nd_repstat;
 1738         return (error);
 1739 }
 1740 
 1741 /*
 1742  * nfs mknod rpc
 1743  * For NFS v2 this is a kludge. Use a create rpc but with the IFMT bits of the
 1744  * mode set to specify the file type and the size field for rdev.
 1745  */
 1746 APPLESTATIC int
 1747 nfsrpc_mknod(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1748     u_int32_t rdev, enum vtype vtyp, struct ucred *cred, NFSPROC_T *p,
 1749     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 1750     int *attrflagp, int *dattrflagp, void *dstuff)
 1751 {
 1752         u_int32_t *tl;
 1753         int error = 0;
 1754         struct nfsrv_descript nfsd, *nd = &nfsd;
 1755         nfsattrbit_t attrbits;
 1756 
 1757         *nfhpp = NULL;
 1758         *attrflagp = 0;
 1759         *dattrflagp = 0;
 1760         if (namelen > NFS_MAXNAMLEN)
 1761                 return (ENAMETOOLONG);
 1762         NFSCL_REQSTART(nd, NFSPROC_MKNOD, dvp);
 1763         if (nd->nd_flag & ND_NFSV4) {
 1764                 if (vtyp == VBLK || vtyp == VCHR) {
 1765                         NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 1766                         *tl++ = vtonfsv34_type(vtyp);
 1767                         *tl++ = txdr_unsigned(NFSMAJOR(rdev));
 1768                         *tl = txdr_unsigned(NFSMINOR(rdev));
 1769                 } else {
 1770                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1771                         *tl = vtonfsv34_type(vtyp);
 1772                 }
 1773         }
 1774         (void) nfsm_strtom(nd, name, namelen);
 1775         if (nd->nd_flag & ND_NFSV3) {
 1776                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1777                 *tl = vtonfsv34_type(vtyp);
 1778         }
 1779         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 1780                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 1781         if ((nd->nd_flag & ND_NFSV3) &&
 1782             (vtyp == VCHR || vtyp == VBLK)) {
 1783                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1784                 *tl++ = txdr_unsigned(NFSMAJOR(rdev));
 1785                 *tl = txdr_unsigned(NFSMINOR(rdev));
 1786         }
 1787         if (nd->nd_flag & ND_NFSV4) {
 1788                 NFSGETATTR_ATTRBIT(&attrbits);
 1789                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1790                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 1791                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1792                 (void) nfsrv_putattrbit(nd, &attrbits);
 1793         }
 1794         if (nd->nd_flag & ND_NFSV2)
 1795                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZERDEV, rdev);
 1796         error = nfscl_request(nd, dvp, p, cred, dstuff);
 1797         if (error)
 1798                 return (error);
 1799         if (nd->nd_flag & ND_NFSV4)
 1800                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 1801         if (!nd->nd_repstat) {
 1802                 if (nd->nd_flag & ND_NFSV4) {
 1803                         NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 1804                         error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 1805                         if (error)
 1806                                 goto nfsmout;
 1807                 }
 1808                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 1809                 if (error)
 1810                         goto nfsmout;
 1811         }
 1812         if (nd->nd_flag & ND_NFSV3)
 1813                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 1814         if (!error && nd->nd_repstat)
 1815                 error = nd->nd_repstat;
 1816 nfsmout:
 1817         mbuf_freem(nd->nd_mrep);
 1818         return (error);
 1819 }
 1820 
 1821 /*
 1822  * nfs file create call
 1823  * Mostly just call the approriate routine. (I separated out v4, so that
 1824  * error recovery wouldn't be as difficult.)
 1825  */
 1826 APPLESTATIC int
 1827 nfsrpc_create(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1828     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
 1829     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 1830     int *attrflagp, int *dattrflagp, void *dstuff)
 1831 {
 1832         int error = 0, newone, expireret = 0, retrycnt, unlocked;
 1833         struct nfsclowner *owp;
 1834         struct nfscldeleg *dp;
 1835         struct nfsmount *nmp = VFSTONFS(vnode_mount(dvp));
 1836         u_int32_t clidrev;
 1837 
 1838         if (NFSHASNFSV4(nmp)) {
 1839             retrycnt = 0;
 1840             do {
 1841                 dp = NULL;
 1842                 error = nfscl_open(dvp, NULL, 0, (NFSV4OPEN_ACCESSWRITE |
 1843                     NFSV4OPEN_ACCESSREAD), 0, cred, p, &owp, NULL, &newone,
 1844                     NULL, 1);
 1845                 if (error)
 1846                         return (error);
 1847                 if (nmp->nm_clp != NULL)
 1848                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 1849                 else
 1850                         clidrev = 0;
 1851                 error = nfsrpc_createv4(dvp, name, namelen, vap, cverf, fmode,
 1852                   owp, &dp, cred, p, dnap, nnap, nfhpp, attrflagp, dattrflagp,
 1853                   dstuff, &unlocked);
 1854                 /*
 1855                  * There is no need to invalidate cached attributes here,
 1856                  * since new post-delegation issue attributes are always
 1857                  * returned by nfsrpc_createv4() and these will update the
 1858                  * attribute cache.
 1859                  */
 1860                 if (dp != NULL)
 1861                         (void) nfscl_deleg(nmp->nm_mountp, owp->nfsow_clp,
 1862                             (*nfhpp)->nfh_fh, (*nfhpp)->nfh_len, cred, p, &dp);
 1863                 nfscl_ownerrelease(owp, error, newone, unlocked);
 1864                 if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
 1865                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1866                     error == NFSERR_BADSESSION) {
 1867                         (void) nfs_catnap(PZERO, error, "nfs_open");
 1868                 } else if ((error == NFSERR_EXPIRED ||
 1869                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1870                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1871                         retrycnt++;
 1872                 }
 1873             } while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
 1874                 error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1875                 error == NFSERR_BADSESSION ||
 1876                 ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1877                  expireret == 0 && clidrev != 0 && retrycnt < 4));
 1878             if (error && retrycnt >= 4)
 1879                     error = EIO;
 1880         } else {
 1881                 error = nfsrpc_createv23(dvp, name, namelen, vap, cverf,
 1882                     fmode, cred, p, dnap, nnap, nfhpp, attrflagp, dattrflagp,
 1883                     dstuff);
 1884         }
 1885         return (error);
 1886 }
 1887 
 1888 /*
 1889  * The create rpc for v2 and 3.
 1890  */
 1891 static int
 1892 nfsrpc_createv23(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1893     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
 1894     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 1895     int *attrflagp, int *dattrflagp, void *dstuff)
 1896 {
 1897         u_int32_t *tl;
 1898         int error = 0;
 1899         struct nfsrv_descript nfsd, *nd = &nfsd;
 1900 
 1901         *nfhpp = NULL;
 1902         *attrflagp = 0;
 1903         *dattrflagp = 0;
 1904         if (namelen > NFS_MAXNAMLEN)
 1905                 return (ENAMETOOLONG);
 1906         NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp);
 1907         (void) nfsm_strtom(nd, name, namelen);
 1908         if (nd->nd_flag & ND_NFSV3) {
 1909                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1910                 if (fmode & O_EXCL) {
 1911                         *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
 1912                         NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 1913                         *tl++ = cverf.lval[0];
 1914                         *tl = cverf.lval[1];
 1915                 } else {
 1916                         *tl = txdr_unsigned(NFSCREATE_UNCHECKED);
 1917                         nfscl_fillsattr(nd, vap, dvp, 0, 0);
 1918                 }
 1919         } else {
 1920                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZE0, 0);
 1921         }
 1922         error = nfscl_request(nd, dvp, p, cred, dstuff);
 1923         if (error)
 1924                 return (error);
 1925         if (nd->nd_repstat == 0) {
 1926                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 1927                 if (error)
 1928                         goto nfsmout;
 1929         }
 1930         if (nd->nd_flag & ND_NFSV3)
 1931                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 1932         if (nd->nd_repstat != 0 && error == 0)
 1933                 error = nd->nd_repstat;
 1934 nfsmout:
 1935         mbuf_freem(nd->nd_mrep);
 1936         return (error);
 1937 }
 1938 
 1939 static int
 1940 nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1941     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
 1942     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 1943     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 1944     int *dattrflagp, void *dstuff, int *unlockedp)
 1945 {
 1946         u_int32_t *tl;
 1947         int error = 0, deleg, newone, ret, acesize, limitby;
 1948         struct nfsrv_descript nfsd, *nd = &nfsd;
 1949         struct nfsclopen *op;
 1950         struct nfscldeleg *dp = NULL;
 1951         struct nfsnode *np;
 1952         struct nfsfh *nfhp;
 1953         nfsattrbit_t attrbits;
 1954         nfsv4stateid_t stateid;
 1955         u_int32_t rflags;
 1956         struct nfsmount *nmp;
 1957 
 1958         nmp = VFSTONFS(dvp->v_mount);
 1959         np = VTONFS(dvp);
 1960         *unlockedp = 0;
 1961         *nfhpp = NULL;
 1962         *dpp = NULL;
 1963         *attrflagp = 0;
 1964         *dattrflagp = 0;
 1965         if (namelen > NFS_MAXNAMLEN)
 1966                 return (ENAMETOOLONG);
 1967         NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp);
 1968         /*
 1969          * For V4, this is actually an Open op.
 1970          */
 1971         NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 1972         *tl++ = txdr_unsigned(owp->nfsow_seqid);
 1973         *tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
 1974             NFSV4OPEN_ACCESSREAD);
 1975         *tl++ = txdr_unsigned(NFSV4OPEN_DENYNONE);
 1976         *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0];
 1977         *tl = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1];
 1978         (void) nfsm_strtom(nd, owp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
 1979         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1980         *tl++ = txdr_unsigned(NFSV4OPEN_CREATE);
 1981         if (fmode & O_EXCL) {
 1982                 if (NFSHASNFSV4N(nmp)) {
 1983                         if (NFSHASSESSPERSIST(nmp)) {
 1984                                 /* Use GUARDED for persistent sessions. */
 1985                                 *tl = txdr_unsigned(NFSCREATE_GUARDED);
 1986                                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 1987                         } else {
 1988                                 /* Otherwise, use EXCLUSIVE4_1. */
 1989                                 *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE41);
 1990                                 NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 1991                                 *tl++ = cverf.lval[0];
 1992                                 *tl = cverf.lval[1];
 1993                                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 1994                         }
 1995                 } else {
 1996                         /* NFSv4.0 */
 1997                         *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
 1998                         NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 1999                         *tl++ = cverf.lval[0];
 2000                         *tl = cverf.lval[1];
 2001                 }
 2002         } else {
 2003                 *tl = txdr_unsigned(NFSCREATE_UNCHECKED);
 2004                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2005         }
 2006         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2007         *tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
 2008         (void) nfsm_strtom(nd, name, namelen);
 2009         /* Get the new file's handle and attributes. */
 2010         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2011         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2012         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2013         NFSGETATTR_ATTRBIT(&attrbits);
 2014         (void) nfsrv_putattrbit(nd, &attrbits);
 2015         /* Get the directory's post-op attributes. */
 2016         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2017         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2018         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
 2019         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2020         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2021         (void) nfsrv_putattrbit(nd, &attrbits);
 2022         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2023         if (error)
 2024                 return (error);
 2025         NFSCL_INCRSEQID(owp->nfsow_seqid, nd);
 2026         if (nd->nd_repstat == 0) {
 2027                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
 2028                     6 * NFSX_UNSIGNED);
 2029                 stateid.seqid = *tl++;
 2030                 stateid.other[0] = *tl++;
 2031                 stateid.other[1] = *tl++;
 2032                 stateid.other[2] = *tl;
 2033                 rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
 2034                 (void) nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 2035                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 2036                 deleg = fxdr_unsigned(int, *tl);
 2037                 if (deleg == NFSV4OPEN_DELEGATEREAD ||
 2038                     deleg == NFSV4OPEN_DELEGATEWRITE) {
 2039                         if (!(owp->nfsow_clp->nfsc_flags &
 2040                               NFSCLFLAGS_FIRSTDELEG))
 2041                                 owp->nfsow_clp->nfsc_flags |=
 2042                                   (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
 2043                         MALLOC(dp, struct nfscldeleg *,
 2044                             sizeof (struct nfscldeleg) + NFSX_V4FHMAX,
 2045                             M_NFSCLDELEG, M_WAITOK);
 2046                         LIST_INIT(&dp->nfsdl_owner);
 2047                         LIST_INIT(&dp->nfsdl_lock);
 2048                         dp->nfsdl_clp = owp->nfsow_clp;
 2049                         newnfs_copyincred(cred, &dp->nfsdl_cred);
 2050                         nfscl_lockinit(&dp->nfsdl_rwlock);
 2051                         NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
 2052                             NFSX_UNSIGNED);
 2053                         dp->nfsdl_stateid.seqid = *tl++;
 2054                         dp->nfsdl_stateid.other[0] = *tl++;
 2055                         dp->nfsdl_stateid.other[1] = *tl++;
 2056                         dp->nfsdl_stateid.other[2] = *tl++;
 2057                         ret = fxdr_unsigned(int, *tl);
 2058                         if (deleg == NFSV4OPEN_DELEGATEWRITE) {
 2059                                 dp->nfsdl_flags = NFSCLDL_WRITE;
 2060                                 /*
 2061                                  * Indicates how much the file can grow.
 2062                                  */
 2063                                 NFSM_DISSECT(tl, u_int32_t *,
 2064                                     3 * NFSX_UNSIGNED);
 2065                                 limitby = fxdr_unsigned(int, *tl++);
 2066                                 switch (limitby) {
 2067                                 case NFSV4OPEN_LIMITSIZE:
 2068                                         dp->nfsdl_sizelimit = fxdr_hyper(tl);
 2069                                         break;
 2070                                 case NFSV4OPEN_LIMITBLOCKS:
 2071                                         dp->nfsdl_sizelimit =
 2072                                             fxdr_unsigned(u_int64_t, *tl++);
 2073                                         dp->nfsdl_sizelimit *=
 2074                                             fxdr_unsigned(u_int64_t, *tl);
 2075                                         break;
 2076                                 default:
 2077                                         error = NFSERR_BADXDR;
 2078                                         goto nfsmout;
 2079                                 };
 2080                         } else {
 2081                                 dp->nfsdl_flags = NFSCLDL_READ;
 2082                         }
 2083                         if (ret)
 2084                                 dp->nfsdl_flags |= NFSCLDL_RECALL;
 2085                         error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret,
 2086                             &acesize, p);
 2087                         if (error)
 2088                                 goto nfsmout;
 2089                 } else if (deleg != NFSV4OPEN_DELEGATENONE) {
 2090                         error = NFSERR_BADXDR;
 2091                         goto nfsmout;
 2092                 }
 2093                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2094                 if (error)
 2095                         goto nfsmout;
 2096                 /* Get rid of the PutFH and Getattr status values. */
 2097                 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 2098                 /* Load the directory attributes. */
 2099                 error = nfsm_loadattr(nd, dnap);
 2100                 if (error)
 2101                         goto nfsmout;
 2102                 *dattrflagp = 1;
 2103                 if (dp != NULL && *attrflagp) {
 2104                         dp->nfsdl_change = nnap->na_filerev;
 2105                         dp->nfsdl_modtime = nnap->na_mtime;
 2106                         dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
 2107                 }
 2108                 /*
 2109                  * We can now complete the Open state.
 2110                  */
 2111                 nfhp = *nfhpp;
 2112                 if (dp != NULL) {
 2113                         dp->nfsdl_fhlen = nfhp->nfh_len;
 2114                         NFSBCOPY(nfhp->nfh_fh, dp->nfsdl_fh, nfhp->nfh_len);
 2115                 }
 2116                 /*
 2117                  * Get an Open structure that will be
 2118                  * attached to the OpenOwner, acquired already.
 2119                  */
 2120                 error = nfscl_open(dvp, nfhp->nfh_fh, nfhp->nfh_len, 
 2121                     (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), 0,
 2122                     cred, p, NULL, &op, &newone, NULL, 0);
 2123                 if (error)
 2124                         goto nfsmout;
 2125                 op->nfso_stateid = stateid;
 2126                 newnfs_copyincred(cred, &op->nfso_cred);
 2127                 if ((rflags & NFSV4OPEN_RESULTCONFIRM)) {
 2128                     do {
 2129                         ret = nfsrpc_openconfirm(dvp, nfhp->nfh_fh,
 2130                             nfhp->nfh_len, op, cred, p);
 2131                         if (ret == NFSERR_DELAY)
 2132                             (void) nfs_catnap(PZERO, ret, "nfs_create");
 2133                     } while (ret == NFSERR_DELAY);
 2134                     error = ret;
 2135                 }
 2136 
 2137                 /*
 2138                  * If the server is handing out delegations, but we didn't
 2139                  * get one because an OpenConfirm was required, try the
 2140                  * Open again, to get a delegation. This is a harmless no-op,
 2141                  * from a server's point of view.
 2142                  */
 2143                 if ((rflags & NFSV4OPEN_RESULTCONFIRM) &&
 2144                     (owp->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG) &&
 2145                     !error && dp == NULL) {
 2146                     do {
 2147                         ret = nfsrpc_openrpc(VFSTONFS(vnode_mount(dvp)), dvp,
 2148                             np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
 2149                             nfhp->nfh_fh, nfhp->nfh_len,
 2150                             (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), op,
 2151                             name, namelen, &dp, 0, 0x0, cred, p, 0, 1);
 2152                         if (ret == NFSERR_DELAY)
 2153                             (void) nfs_catnap(PZERO, ret, "nfs_crt2");
 2154                     } while (ret == NFSERR_DELAY);
 2155                     if (ret) {
 2156                         if (dp != NULL) {
 2157                                 FREE((caddr_t)dp, M_NFSCLDELEG);
 2158                                 dp = NULL;
 2159                         }
 2160                         if (ret == NFSERR_STALECLIENTID ||
 2161                             ret == NFSERR_STALEDONTRECOVER ||
 2162                             ret == NFSERR_BADSESSION)
 2163                                 error = ret;
 2164                     }
 2165                 }
 2166                 nfscl_openrelease(op, error, newone);
 2167                 *unlockedp = 1;
 2168         }
 2169         if (nd->nd_repstat != 0 && error == 0)
 2170                 error = nd->nd_repstat;
 2171         if (error == NFSERR_STALECLIENTID || error == NFSERR_BADSESSION)
 2172                 nfscl_initiate_recovery(owp->nfsow_clp);
 2173 nfsmout:
 2174         if (!error)
 2175                 *dpp = dp;
 2176         else if (dp != NULL)
 2177                 FREE((caddr_t)dp, M_NFSCLDELEG);
 2178         mbuf_freem(nd->nd_mrep);
 2179         return (error);
 2180 }
 2181 
 2182 /*
 2183  * Nfs remove rpc
 2184  */
 2185 APPLESTATIC int
 2186 nfsrpc_remove(vnode_t dvp, char *name, int namelen, vnode_t vp,
 2187     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp,
 2188     void *dstuff)
 2189 {
 2190         u_int32_t *tl;
 2191         struct nfsrv_descript nfsd, *nd = &nfsd;
 2192         struct nfsnode *np;
 2193         struct nfsmount *nmp;
 2194         nfsv4stateid_t dstateid;
 2195         int error, ret = 0, i;
 2196 
 2197         *dattrflagp = 0;
 2198         if (namelen > NFS_MAXNAMLEN)
 2199                 return (ENAMETOOLONG);
 2200         nmp = VFSTONFS(vnode_mount(dvp));
 2201 tryagain:
 2202         if (NFSHASNFSV4(nmp) && ret == 0) {
 2203                 ret = nfscl_removedeleg(vp, p, &dstateid);
 2204                 if (ret == 1) {
 2205                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGREMOVE, vp);
 2206                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
 2207                             NFSX_UNSIGNED);
 2208                         if (NFSHASNFSV4N(nmp))
 2209                                 *tl++ = 0;
 2210                         else
 2211                                 *tl++ = dstateid.seqid;
 2212                         *tl++ = dstateid.other[0];
 2213                         *tl++ = dstateid.other[1];
 2214                         *tl++ = dstateid.other[2];
 2215                         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2216                         np = VTONFS(dvp);
 2217                         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2218                             np->n_fhp->nfh_len, 0);
 2219                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2220                         *tl = txdr_unsigned(NFSV4OP_REMOVE);
 2221                 }
 2222         } else {
 2223                 ret = 0;
 2224         }
 2225         if (ret == 0)
 2226                 NFSCL_REQSTART(nd, NFSPROC_REMOVE, dvp);
 2227         (void) nfsm_strtom(nd, name, namelen);
 2228         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2229         if (error)
 2230                 return (error);
 2231         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 2232                 /* For NFSv4, parse out any Delereturn replies. */
 2233                 if (ret > 0 && nd->nd_repstat != 0 &&
 2234                     (nd->nd_flag & ND_NOMOREDATA)) {
 2235                         /*
 2236                          * If the Delegreturn failed, try again without
 2237                          * it. The server will Recall, as required.
 2238                          */
 2239                         mbuf_freem(nd->nd_mrep);
 2240                         goto tryagain;
 2241                 }
 2242                 for (i = 0; i < (ret * 2); i++) {
 2243                         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 2244                             ND_NFSV4) {
 2245                             NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2246                             if (*(tl + 1))
 2247                                 nd->nd_flag |= ND_NOMOREDATA;
 2248                         }
 2249                 }
 2250                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2251         }
 2252         if (nd->nd_repstat && !error)
 2253                 error = nd->nd_repstat;
 2254 nfsmout:
 2255         mbuf_freem(nd->nd_mrep);
 2256         return (error);
 2257 }
 2258 
 2259 /*
 2260  * Do an nfs rename rpc.
 2261  */
 2262 APPLESTATIC int
 2263 nfsrpc_rename(vnode_t fdvp, vnode_t fvp, char *fnameptr, int fnamelen,
 2264     vnode_t tdvp, vnode_t tvp, char *tnameptr, int tnamelen, struct ucred *cred,
 2265     NFSPROC_T *p, struct nfsvattr *fnap, struct nfsvattr *tnap,
 2266     int *fattrflagp, int *tattrflagp, void *fstuff, void *tstuff)
 2267 {
 2268         u_int32_t *tl;
 2269         struct nfsrv_descript nfsd, *nd = &nfsd;
 2270         struct nfsmount *nmp;
 2271         struct nfsnode *np;
 2272         nfsattrbit_t attrbits;
 2273         nfsv4stateid_t fdstateid, tdstateid;
 2274         int error = 0, ret = 0, gottd = 0, gotfd = 0, i;
 2275         
 2276         *fattrflagp = 0;
 2277         *tattrflagp = 0;
 2278         nmp = VFSTONFS(vnode_mount(fdvp));
 2279         if (fnamelen > NFS_MAXNAMLEN || tnamelen > NFS_MAXNAMLEN)
 2280                 return (ENAMETOOLONG);
 2281 tryagain:
 2282         if (NFSHASNFSV4(nmp) && ret == 0) {
 2283                 ret = nfscl_renamedeleg(fvp, &fdstateid, &gotfd, tvp,
 2284                     &tdstateid, &gottd, p);
 2285                 if (gotfd && gottd) {
 2286                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME2, fvp);
 2287                 } else if (gotfd) {
 2288                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, fvp);
 2289                 } else if (gottd) {
 2290                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, tvp);
 2291                 }
 2292                 if (gotfd) {
 2293                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 2294                         if (NFSHASNFSV4N(nmp))
 2295                                 *tl++ = 0;
 2296                         else
 2297                                 *tl++ = fdstateid.seqid;
 2298                         *tl++ = fdstateid.other[0];
 2299                         *tl++ = fdstateid.other[1];
 2300                         *tl = fdstateid.other[2];
 2301                         if (gottd) {
 2302                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2303                                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2304                                 np = VTONFS(tvp);
 2305                                 (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2306                                     np->n_fhp->nfh_len, 0);
 2307                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2308                                 *tl = txdr_unsigned(NFSV4OP_DELEGRETURN);
 2309                         }
 2310                 }
 2311                 if (gottd) {
 2312                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 2313                         if (NFSHASNFSV4N(nmp))
 2314                                 *tl++ = 0;
 2315                         else
 2316                                 *tl++ = tdstateid.seqid;
 2317                         *tl++ = tdstateid.other[0];
 2318                         *tl++ = tdstateid.other[1];
 2319                         *tl = tdstateid.other[2];
 2320                 }
 2321                 if (ret > 0) {
 2322                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2323                         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2324                         np = VTONFS(fdvp);
 2325                         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2326                             np->n_fhp->nfh_len, 0);
 2327                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2328                         *tl = txdr_unsigned(NFSV4OP_SAVEFH);
 2329                 }
 2330         } else {
 2331                 ret = 0;
 2332         }
 2333         if (ret == 0)
 2334                 NFSCL_REQSTART(nd, NFSPROC_RENAME, fdvp);
 2335         if (nd->nd_flag & ND_NFSV4) {
 2336                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2337                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2338                 NFSWCCATTR_ATTRBIT(&attrbits);
 2339                 (void) nfsrv_putattrbit(nd, &attrbits);
 2340                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2341                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2342                 (void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 2343                     VTONFS(tdvp)->n_fhp->nfh_len, 0);
 2344                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2345                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2346                 (void) nfsrv_putattrbit(nd, &attrbits);
 2347                 nd->nd_flag |= ND_V4WCCATTR;
 2348                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2349                 *tl = txdr_unsigned(NFSV4OP_RENAME);
 2350         }
 2351         (void) nfsm_strtom(nd, fnameptr, fnamelen);
 2352         if (!(nd->nd_flag & ND_NFSV4))
 2353                 (void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 2354                         VTONFS(tdvp)->n_fhp->nfh_len, 0);
 2355         (void) nfsm_strtom(nd, tnameptr, tnamelen);
 2356         error = nfscl_request(nd, fdvp, p, cred, fstuff);
 2357         if (error)
 2358                 return (error);
 2359         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 2360                 /* For NFSv4, parse out any Delereturn replies. */
 2361                 if (ret > 0 && nd->nd_repstat != 0 &&
 2362                     (nd->nd_flag & ND_NOMOREDATA)) {
 2363                         /*
 2364                          * If the Delegreturn failed, try again without
 2365                          * it. The server will Recall, as required.
 2366                          */
 2367                         mbuf_freem(nd->nd_mrep);
 2368                         goto tryagain;
 2369                 }
 2370                 for (i = 0; i < (ret * 2); i++) {
 2371                         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 2372                             ND_NFSV4) {
 2373                             NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2374                             if (*(tl + 1)) {
 2375                                 if (i == 0 && ret > 1) {
 2376                                     /*
 2377                                      * If the Delegreturn failed, try again
 2378                                      * without it. The server will Recall, as
 2379                                      * required.
 2380                                      * If ret > 1, the first iteration of this
 2381                                      * loop is the second DelegReturn result.
 2382                                      */
 2383                                     mbuf_freem(nd->nd_mrep);
 2384                                     goto tryagain;
 2385                                 } else {
 2386                                     nd->nd_flag |= ND_NOMOREDATA;
 2387                                 }
 2388                             }
 2389                         }
 2390                 }
 2391                 /* Now, the first wcc attribute reply. */
 2392                 if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 2393                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2394                         if (*(tl + 1))
 2395                                 nd->nd_flag |= ND_NOMOREDATA;
 2396                 }
 2397                 error = nfscl_wcc_data(nd, fdvp, fnap, fattrflagp, NULL,
 2398                     fstuff);
 2399                 /* and the second wcc attribute reply. */
 2400                 if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 &&
 2401                     !error) {
 2402                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2403                         if (*(tl + 1))
 2404                                 nd->nd_flag |= ND_NOMOREDATA;
 2405                 }
 2406                 if (!error)
 2407                         error = nfscl_wcc_data(nd, tdvp, tnap, tattrflagp,
 2408                             NULL, tstuff);
 2409         }
 2410         if (nd->nd_repstat && !error)
 2411                 error = nd->nd_repstat;
 2412 nfsmout:
 2413         mbuf_freem(nd->nd_mrep);
 2414         return (error);
 2415 }
 2416 
 2417 /*
 2418  * nfs hard link create rpc
 2419  */
 2420 APPLESTATIC int
 2421 nfsrpc_link(vnode_t dvp, vnode_t vp, char *name, int namelen,
 2422     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2423     struct nfsvattr *nap, int *attrflagp, int *dattrflagp, void *dstuff)
 2424 {
 2425         u_int32_t *tl;
 2426         struct nfsrv_descript nfsd, *nd = &nfsd;
 2427         nfsattrbit_t attrbits;
 2428         int error = 0;
 2429 
 2430         *attrflagp = 0;
 2431         *dattrflagp = 0;
 2432         if (namelen > NFS_MAXNAMLEN)
 2433                 return (ENAMETOOLONG);
 2434         NFSCL_REQSTART(nd, NFSPROC_LINK, vp);
 2435         if (nd->nd_flag & ND_NFSV4) {
 2436                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2437                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2438         }
 2439         (void) nfsm_fhtom(nd, VTONFS(dvp)->n_fhp->nfh_fh,
 2440                 VTONFS(dvp)->n_fhp->nfh_len, 0);
 2441         if (nd->nd_flag & ND_NFSV4) {
 2442                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2443                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2444                 NFSWCCATTR_ATTRBIT(&attrbits);
 2445                 (void) nfsrv_putattrbit(nd, &attrbits);
 2446                 nd->nd_flag |= ND_V4WCCATTR;
 2447                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2448                 *tl = txdr_unsigned(NFSV4OP_LINK);
 2449         }
 2450         (void) nfsm_strtom(nd, name, namelen);
 2451         error = nfscl_request(nd, vp, p, cred, dstuff);
 2452         if (error)
 2453                 return (error);
 2454         if (nd->nd_flag & ND_NFSV3) {
 2455                 error = nfscl_postop_attr(nd, nap, attrflagp, dstuff);
 2456                 if (!error)
 2457                         error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
 2458                             NULL, dstuff);
 2459         } else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 2460                 /*
 2461                  * First, parse out the PutFH and Getattr result.
 2462                  */
 2463                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2464                 if (!(*(tl + 1)))
 2465                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2466                 if (*(tl + 1))
 2467                         nd->nd_flag |= ND_NOMOREDATA;
 2468                 /*
 2469                  * Get the pre-op attributes.
 2470                  */
 2471                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2472         }
 2473         if (nd->nd_repstat && !error)
 2474                 error = nd->nd_repstat;
 2475 nfsmout:
 2476         mbuf_freem(nd->nd_mrep);
 2477         return (error);
 2478 }
 2479 
 2480 /*
 2481  * nfs symbolic link create rpc
 2482  */
 2483 APPLESTATIC int
 2484 nfsrpc_symlink(vnode_t dvp, char *name, int namelen, char *target,
 2485     struct vattr *vap, struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2486     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 2487     int *dattrflagp, void *dstuff)
 2488 {
 2489         u_int32_t *tl;
 2490         struct nfsrv_descript nfsd, *nd = &nfsd;
 2491         struct nfsmount *nmp;
 2492         int slen, error = 0;
 2493 
 2494         *nfhpp = NULL;
 2495         *attrflagp = 0;
 2496         *dattrflagp = 0;
 2497         nmp = VFSTONFS(vnode_mount(dvp));
 2498         slen = strlen(target);
 2499         if (slen > NFS_MAXPATHLEN || namelen > NFS_MAXNAMLEN)
 2500                 return (ENAMETOOLONG);
 2501         NFSCL_REQSTART(nd, NFSPROC_SYMLINK, dvp);
 2502         if (nd->nd_flag & ND_NFSV4) {
 2503                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2504                 *tl = txdr_unsigned(NFLNK);
 2505                 (void) nfsm_strtom(nd, target, slen);
 2506         }
 2507         (void) nfsm_strtom(nd, name, namelen);
 2508         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 2509                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2510         if (!(nd->nd_flag & ND_NFSV4))
 2511                 (void) nfsm_strtom(nd, target, slen);
 2512         if (nd->nd_flag & ND_NFSV2)
 2513                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
 2514         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2515         if (error)
 2516                 return (error);
 2517         if (nd->nd_flag & ND_NFSV4)
 2518                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2519         if ((nd->nd_flag & ND_NFSV3) && !error) {
 2520                 if (!nd->nd_repstat)
 2521                         error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2522                 if (!error)
 2523                         error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
 2524                             NULL, dstuff);
 2525         }
 2526         if (nd->nd_repstat && !error)
 2527                 error = nd->nd_repstat;
 2528         mbuf_freem(nd->nd_mrep);
 2529         /*
 2530          * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
 2531          */
 2532         if (error == EEXIST)
 2533                 error = 0;
 2534         return (error);
 2535 }
 2536 
 2537 /*
 2538  * nfs make dir rpc
 2539  */
 2540 APPLESTATIC int
 2541 nfsrpc_mkdir(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 2542     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2543     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 2544     int *dattrflagp, void *dstuff)
 2545 {
 2546         u_int32_t *tl;
 2547         struct nfsrv_descript nfsd, *nd = &nfsd;
 2548         nfsattrbit_t attrbits;
 2549         int error = 0;
 2550         struct nfsfh *fhp;
 2551 
 2552         *nfhpp = NULL;
 2553         *attrflagp = 0;
 2554         *dattrflagp = 0;
 2555         fhp = VTONFS(dvp)->n_fhp;
 2556         if (namelen > NFS_MAXNAMLEN)
 2557                 return (ENAMETOOLONG);
 2558         NFSCL_REQSTART(nd, NFSPROC_MKDIR, dvp);
 2559         if (nd->nd_flag & ND_NFSV4) {
 2560                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2561                 *tl = txdr_unsigned(NFDIR);
 2562         }
 2563         (void) nfsm_strtom(nd, name, namelen);
 2564         nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
 2565         if (nd->nd_flag & ND_NFSV4) {
 2566                 NFSGETATTR_ATTRBIT(&attrbits);
 2567                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2568                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2569                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2570                 (void) nfsrv_putattrbit(nd, &attrbits);
 2571                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2572                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2573                 (void) nfsm_fhtom(nd, fhp->nfh_fh, fhp->nfh_len, 0);
 2574                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2575                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2576                 (void) nfsrv_putattrbit(nd, &attrbits);
 2577         }
 2578         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2579         if (error)
 2580                 return (error);
 2581         if (nd->nd_flag & ND_NFSV4)
 2582                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2583         if (!nd->nd_repstat && !error) {
 2584                 if (nd->nd_flag & ND_NFSV4) {
 2585                         NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 2586                         error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 2587                 }
 2588                 if (!error)
 2589                         error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2590                 if (error == 0 && (nd->nd_flag & ND_NFSV4) != 0) {
 2591                         /* Get rid of the PutFH and Getattr status values. */
 2592                         NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 2593                         /* Load the directory attributes. */
 2594                         error = nfsm_loadattr(nd, dnap);
 2595                         if (error == 0)
 2596                                 *dattrflagp = 1;
 2597                 }
 2598         }
 2599         if ((nd->nd_flag & ND_NFSV3) && !error)
 2600                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2601         if (nd->nd_repstat && !error)
 2602                 error = nd->nd_repstat;
 2603 nfsmout:
 2604         mbuf_freem(nd->nd_mrep);
 2605         /*
 2606          * Kludge: Map EEXIST => 0 assuming that you have a reply to a retry.
 2607          */
 2608         if (error == EEXIST)
 2609                 error = 0;
 2610         return (error);
 2611 }
 2612 
 2613 /*
 2614  * nfs remove directory call
 2615  */
 2616 APPLESTATIC int
 2617 nfsrpc_rmdir(vnode_t dvp, char *name, int namelen, struct ucred *cred,
 2618     NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp, void *dstuff)
 2619 {
 2620         struct nfsrv_descript nfsd, *nd = &nfsd;
 2621         int error = 0;
 2622 
 2623         *dattrflagp = 0;
 2624         if (namelen > NFS_MAXNAMLEN)
 2625                 return (ENAMETOOLONG);
 2626         NFSCL_REQSTART(nd, NFSPROC_RMDIR, dvp);
 2627         (void) nfsm_strtom(nd, name, namelen);
 2628         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2629         if (error)
 2630                 return (error);
 2631         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 2632                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2633         if (nd->nd_repstat && !error)
 2634                 error = nd->nd_repstat;
 2635         mbuf_freem(nd->nd_mrep);
 2636         /*
 2637          * Kludge: Map ENOENT => 0 assuming that you have a reply to a retry.
 2638          */
 2639         if (error == ENOENT)
 2640                 error = 0;
 2641         return (error);
 2642 }
 2643 
 2644 /*
 2645  * Readdir rpc.
 2646  * Always returns with either uio_resid unchanged, if you are at the
 2647  * end of the directory, or uio_resid == 0, with all DIRBLKSIZ chunks
 2648  * filled in.
 2649  * I felt this would allow caching of directory blocks more easily
 2650  * than returning a pertially filled block.
 2651  * Directory offset cookies:
 2652  * Oh my, what to do with them...
 2653  * I can think of three ways to deal with them:
 2654  * 1 - have the layer above these RPCs maintain a map between logical
 2655  *     directory byte offsets and the NFS directory offset cookies
 2656  * 2 - pass the opaque directory offset cookies up into userland
 2657  *     and let the libc functions deal with them, via the system call
 2658  * 3 - return them to userland in the "struct dirent", so future versions
 2659  *     of libc can use them and do whatever is necessary to amke things work
 2660  *     above these rpc calls, in the meantime
 2661  * For now, I do #3 by "hiding" the directory offset cookies after the
 2662  * d_name field in struct dirent. This is space inside d_reclen that
 2663  * will be ignored by anything that doesn't know about them.
 2664  * The directory offset cookies are filled in as the last 8 bytes of
 2665  * each directory entry, after d_name. Someday, the userland libc
 2666  * functions may be able to use these. In the meantime, it satisfies
 2667  * OpenBSD's requirements for cookies being returned.
 2668  * If expects the directory offset cookie for the read to be in uio_offset
 2669  * and returns the one for the next entry after this directory block in
 2670  * there, as well.
 2671  */
 2672 APPLESTATIC int
 2673 nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
 2674     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 2675     int *eofp, void *stuff)
 2676 {
 2677         int len, left;
 2678         struct dirent *dp = NULL;
 2679         u_int32_t *tl;
 2680         nfsquad_t cookie, ncookie;
 2681         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 2682         struct nfsnode *dnp = VTONFS(vp);
 2683         struct nfsvattr nfsva;
 2684         struct nfsrv_descript nfsd, *nd = &nfsd;
 2685         int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
 2686         int reqsize, tryformoredirs = 1, readsize, eof = 0, gotmnton = 0;
 2687         long dotfileid, dotdotfileid = 0;
 2688         u_int32_t fakefileno = 0xffffffff, rderr;
 2689         char *cp;
 2690         nfsattrbit_t attrbits, dattrbits;
 2691         u_int32_t *tl2 = NULL;
 2692         size_t tresid;
 2693 
 2694         KASSERT(uiop->uio_iovcnt == 1 &&
 2695             (uio_uio_resid(uiop) & (DIRBLKSIZ - 1)) == 0,
 2696             ("nfs readdirrpc bad uio"));
 2697 
 2698         /*
 2699          * There is no point in reading a lot more than uio_resid, however
 2700          * adding one additional DIRBLKSIZ makes sense. Since uio_resid
 2701          * and nm_readdirsize are both exact multiples of DIRBLKSIZ, this
 2702          * will never make readsize > nm_readdirsize.
 2703          */
 2704         readsize = nmp->nm_readdirsize;
 2705         if (readsize > uio_uio_resid(uiop))
 2706                 readsize = uio_uio_resid(uiop) + DIRBLKSIZ;
 2707 
 2708         *attrflagp = 0;
 2709         if (eofp)
 2710                 *eofp = 0;
 2711         tresid = uio_uio_resid(uiop);
 2712         cookie.lval[0] = cookiep->nfsuquad[0];
 2713         cookie.lval[1] = cookiep->nfsuquad[1];
 2714         nd->nd_mrep = NULL;
 2715 
 2716         /*
 2717          * For NFSv4, first create the "." and ".." entries.
 2718          */
 2719         if (NFSHASNFSV4(nmp)) {
 2720                 reqsize = 6 * NFSX_UNSIGNED;
 2721                 NFSGETATTR_ATTRBIT(&dattrbits);
 2722                 NFSZERO_ATTRBIT(&attrbits);
 2723                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
 2724                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TYPE);
 2725                 if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
 2726                     NFSATTRBIT_MOUNTEDONFILEID)) {
 2727                         NFSSETBIT_ATTRBIT(&attrbits,
 2728                             NFSATTRBIT_MOUNTEDONFILEID);
 2729                         gotmnton = 1;
 2730                 } else {
 2731                         /*
 2732                          * Must fake it. Use the fileno, except when the
 2733                          * fsid is != to that of the directory. For that
 2734                          * case, generate a fake fileno that is not the same.
 2735                          */
 2736                         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
 2737                         gotmnton = 0;
 2738                 }
 2739 
 2740                 /*
 2741                  * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
 2742                  */
 2743                 if (uiop->uio_offset == 0) {
 2744                         NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp);
 2745                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2746                         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2747                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2748                         (void) nfsrv_putattrbit(nd, &attrbits);
 2749                         error = nfscl_request(nd, vp, p, cred, stuff);
 2750                         if (error)
 2751                             return (error);
 2752                         dotfileid = 0;  /* Fake out the compiler. */
 2753                         if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
 2754                             error = nfsm_loadattr(nd, &nfsva);
 2755                             if (error != 0)
 2756                                 goto nfsmout;
 2757                             dotfileid = nfsva.na_fileid;
 2758                         }
 2759                         if (nd->nd_repstat == 0) {
 2760                             NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 2761                             len = fxdr_unsigned(int, *(tl + 4));
 2762                             if (len > 0 && len <= NFSX_V4FHMAX)
 2763                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 2764                             else
 2765                                 error = EPERM;
 2766                             if (!error) {
 2767                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 2768                                 nfsva.na_mntonfileno = 0xffffffff;
 2769                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 2770                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 2771                                     NULL, NULL, NULL, p, cred);
 2772                                 if (error) {
 2773                                     dotdotfileid = dotfileid;
 2774                                 } else if (gotmnton) {
 2775                                     if (nfsva.na_mntonfileno != 0xffffffff)
 2776                                         dotdotfileid = nfsva.na_mntonfileno;
 2777                                     else
 2778                                         dotdotfileid = nfsva.na_fileid;
 2779                                 } else if (nfsva.na_filesid[0] ==
 2780                                     dnp->n_vattr.na_filesid[0] &&
 2781                                     nfsva.na_filesid[1] ==
 2782                                     dnp->n_vattr.na_filesid[1]) {
 2783                                     dotdotfileid = nfsva.na_fileid;
 2784                                 } else {
 2785                                     do {
 2786                                         fakefileno--;
 2787                                     } while (fakefileno ==
 2788                                         nfsva.na_fileid);
 2789                                     dotdotfileid = fakefileno;
 2790                                 }
 2791                             }
 2792                         } else if (nd->nd_repstat == NFSERR_NOENT) {
 2793                             /*
 2794                              * Lookupp returns NFSERR_NOENT when we are
 2795                              * at the root, so just use the current dir.
 2796                              */
 2797                             nd->nd_repstat = 0;
 2798                             dotdotfileid = dotfileid;
 2799                         } else {
 2800                             error = nd->nd_repstat;
 2801                         }
 2802                         mbuf_freem(nd->nd_mrep);
 2803                         if (error)
 2804                             return (error);
 2805                         nd->nd_mrep = NULL;
 2806                         dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop));
 2807                         dp->d_type = DT_DIR;
 2808                         dp->d_fileno = dotfileid;
 2809                         dp->d_namlen = 1;
 2810                         dp->d_name[0] = '.';
 2811                         dp->d_name[1] = '\0';
 2812                         dp->d_reclen = DIRENT_SIZE(dp) + NFSX_HYPER;
 2813                         /*
 2814                          * Just make these offset cookie 0.
 2815                          */
 2816                         tl = (u_int32_t *)&dp->d_name[4];
 2817                         *tl++ = 0;
 2818                         *tl = 0;
 2819                         blksiz += dp->d_reclen;
 2820                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 2821                         uiop->uio_offset += dp->d_reclen;
 2822                         uio_iov_base_add(uiop, dp->d_reclen);
 2823                         uio_iov_len_add(uiop, -(dp->d_reclen));
 2824                         dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop));
 2825                         dp->d_type = DT_DIR;
 2826                         dp->d_fileno = dotdotfileid;
 2827                         dp->d_namlen = 2;
 2828                         dp->d_name[0] = '.';
 2829                         dp->d_name[1] = '.';
 2830                         dp->d_name[2] = '\0';
 2831                         dp->d_reclen = DIRENT_SIZE(dp) + NFSX_HYPER;
 2832                         /*
 2833                          * Just make these offset cookie 0.
 2834                          */
 2835                         tl = (u_int32_t *)&dp->d_name[4];
 2836                         *tl++ = 0;
 2837                         *tl = 0;
 2838                         blksiz += dp->d_reclen;
 2839                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 2840                         uiop->uio_offset += dp->d_reclen;
 2841                         uio_iov_base_add(uiop, dp->d_reclen);
 2842                         uio_iov_len_add(uiop, -(dp->d_reclen));
 2843                 }
 2844                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_RDATTRERROR);
 2845         } else {
 2846                 reqsize = 5 * NFSX_UNSIGNED;
 2847         }
 2848 
 2849 
 2850         /*
 2851          * Loop around doing readdir rpc's of size readsize.
 2852          * The stopping criteria is EOF or buffer full.
 2853          */
 2854         while (more_dirs && bigenough) {
 2855                 *attrflagp = 0;
 2856                 NFSCL_REQSTART(nd, NFSPROC_READDIR, vp);
 2857                 if (nd->nd_flag & ND_NFSV2) {
 2858                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2859                         *tl++ = cookie.lval[1];
 2860                         *tl = txdr_unsigned(readsize);
 2861                 } else {
 2862                         NFSM_BUILD(tl, u_int32_t *, reqsize);
 2863                         *tl++ = cookie.lval[0];
 2864                         *tl++ = cookie.lval[1];
 2865                         if (cookie.qval == 0) {
 2866                                 *tl++ = 0;
 2867                                 *tl++ = 0;
 2868                         } else {
 2869                                 NFSLOCKNODE(dnp);
 2870                                 *tl++ = dnp->n_cookieverf.nfsuquad[0];
 2871                                 *tl++ = dnp->n_cookieverf.nfsuquad[1];
 2872                                 NFSUNLOCKNODE(dnp);
 2873                         }
 2874                         if (nd->nd_flag & ND_NFSV4) {
 2875                                 *tl++ = txdr_unsigned(readsize);
 2876                                 *tl = txdr_unsigned(readsize);
 2877                                 (void) nfsrv_putattrbit(nd, &attrbits);
 2878                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2879                                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2880                                 (void) nfsrv_putattrbit(nd, &dattrbits);
 2881                         } else {
 2882                                 *tl = txdr_unsigned(readsize);
 2883                         }
 2884                 }
 2885                 error = nfscl_request(nd, vp, p, cred, stuff);
 2886                 if (error)
 2887                         return (error);
 2888                 if (!(nd->nd_flag & ND_NFSV2)) {
 2889                         if (nd->nd_flag & ND_NFSV3)
 2890                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 2891                                     stuff);
 2892                         if (!nd->nd_repstat && !error) {
 2893                                 NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
 2894                                 NFSLOCKNODE(dnp);
 2895                                 dnp->n_cookieverf.nfsuquad[0] = *tl++;
 2896                                 dnp->n_cookieverf.nfsuquad[1] = *tl;
 2897                                 NFSUNLOCKNODE(dnp);
 2898                         }
 2899                 }
 2900                 if (nd->nd_repstat || error) {
 2901                         if (!error)
 2902                                 error = nd->nd_repstat;
 2903                         goto nfsmout;
 2904                 }
 2905                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 2906                 more_dirs = fxdr_unsigned(int, *tl);
 2907                 if (!more_dirs)
 2908                         tryformoredirs = 0;
 2909         
 2910                 /* loop thru the dir entries, doctoring them to 4bsd form */
 2911                 while (more_dirs && bigenough) {
 2912                         if (nd->nd_flag & ND_NFSV4) {
 2913                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 2914                                 ncookie.lval[0] = *tl++;
 2915                                 ncookie.lval[1] = *tl++;
 2916                                 len = fxdr_unsigned(int, *tl);
 2917                         } else if (nd->nd_flag & ND_NFSV3) {
 2918                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 2919                                 nfsva.na_fileid = fxdr_hyper(tl);
 2920                                 tl += 2;
 2921                                 len = fxdr_unsigned(int, *tl);
 2922                         } else {
 2923                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 2924                                 nfsva.na_fileid =
 2925                                     fxdr_unsigned(long, *tl++);
 2926                                 len = fxdr_unsigned(int, *tl);
 2927                         }
 2928                         if (len <= 0 || len > NFS_MAXNAMLEN) {
 2929                                 error = EBADRPC;
 2930                                 goto nfsmout;
 2931                         }
 2932                         tlen = NFSM_RNDUP(len);
 2933                         if (tlen == len)
 2934                                 tlen += 4;  /* To ensure null termination */
 2935                         left = DIRBLKSIZ - blksiz;
 2936                         if ((int)(tlen + DIRHDSIZ + NFSX_HYPER) > left) {
 2937                                 dp->d_reclen += left;
 2938                                 uio_iov_base_add(uiop, left);
 2939                                 uio_iov_len_add(uiop, -(left));
 2940                                 uio_uio_resid_add(uiop, -(left));
 2941                                 uiop->uio_offset += left;
 2942                                 blksiz = 0;
 2943                         }
 2944                         if ((int)(tlen + DIRHDSIZ + NFSX_HYPER) > uio_uio_resid(uiop))
 2945                                 bigenough = 0;
 2946                         if (bigenough) {
 2947                                 dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop));
 2948                                 dp->d_namlen = len;
 2949                                 dp->d_reclen = tlen + DIRHDSIZ + NFSX_HYPER;
 2950                                 dp->d_type = DT_UNKNOWN;
 2951                                 blksiz += dp->d_reclen;
 2952                                 if (blksiz == DIRBLKSIZ)
 2953                                         blksiz = 0;
 2954                                 uio_uio_resid_add(uiop, -(DIRHDSIZ));
 2955                                 uiop->uio_offset += DIRHDSIZ;
 2956                                 uio_iov_base_add(uiop, DIRHDSIZ);
 2957                                 uio_iov_len_add(uiop, -(DIRHDSIZ));
 2958                                 error = nfsm_mbufuio(nd, uiop, len);
 2959                                 if (error)
 2960                                         goto nfsmout;
 2961                                 cp = CAST_DOWN(caddr_t, uio_iov_base(uiop));
 2962                                 tlen -= len;
 2963                                 *cp = '\0';     /* null terminate */
 2964                                 cp += tlen;     /* points to cookie storage */
 2965                                 tl2 = (u_int32_t *)cp;
 2966                                 uio_iov_base_add(uiop, (tlen + NFSX_HYPER));
 2967                                 uio_iov_len_add(uiop, -(tlen + NFSX_HYPER));
 2968                                 uio_uio_resid_add(uiop, -(tlen + NFSX_HYPER));
 2969                                 uiop->uio_offset += (tlen + NFSX_HYPER);
 2970                         } else {
 2971                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 2972                                 if (error)
 2973                                         goto nfsmout;
 2974                         }
 2975                         if (nd->nd_flag & ND_NFSV4) {
 2976                                 rderr = 0;
 2977                                 nfsva.na_mntonfileno = 0xffffffff;
 2978                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 2979                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 2980                                     NULL, NULL, &rderr, p, cred);
 2981                                 if (error)
 2982                                         goto nfsmout;
 2983                                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 2984                         } else if (nd->nd_flag & ND_NFSV3) {
 2985                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 2986                                 ncookie.lval[0] = *tl++;
 2987                                 ncookie.lval[1] = *tl++;
 2988                         } else {
 2989                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 2990                                 ncookie.lval[0] = 0;
 2991                                 ncookie.lval[1] = *tl++;
 2992                         }
 2993                         if (bigenough) {
 2994                             if (nd->nd_flag & ND_NFSV4) {
 2995                                 if (rderr) {
 2996                                     dp->d_fileno = 0;
 2997                                 } else {
 2998                                     if (gotmnton) {
 2999                                         if (nfsva.na_mntonfileno != 0xffffffff)
 3000                                             dp->d_fileno = nfsva.na_mntonfileno;
 3001                                         else
 3002                                             dp->d_fileno = nfsva.na_fileid;
 3003                                     } else if (nfsva.na_filesid[0] ==
 3004                                         dnp->n_vattr.na_filesid[0] &&
 3005                                         nfsva.na_filesid[1] ==
 3006                                         dnp->n_vattr.na_filesid[1]) {
 3007                                         dp->d_fileno = nfsva.na_fileid;
 3008                                     } else {
 3009                                         do {
 3010                                             fakefileno--;
 3011                                         } while (fakefileno ==
 3012                                             nfsva.na_fileid);
 3013                                         dp->d_fileno = fakefileno;
 3014                                     }
 3015                                     dp->d_type = vtonfs_dtype(nfsva.na_type);
 3016                                 }
 3017                             } else {
 3018                                 dp->d_fileno = nfsva.na_fileid;
 3019                             }
 3020                             *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
 3021                                 ncookie.lval[0];
 3022                             *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
 3023                                 ncookie.lval[1];
 3024                         }
 3025                         more_dirs = fxdr_unsigned(int, *tl);
 3026                 }
 3027                 /*
 3028                  * If at end of rpc data, get the eof boolean
 3029                  */
 3030                 if (!more_dirs) {
 3031                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3032                         eof = fxdr_unsigned(int, *tl);
 3033                         if (tryformoredirs)
 3034                                 more_dirs = !eof;
 3035                         if (nd->nd_flag & ND_NFSV4) {
 3036                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 3037                                     stuff);
 3038                                 if (error)
 3039                                         goto nfsmout;
 3040                         }
 3041                 }
 3042                 mbuf_freem(nd->nd_mrep);
 3043                 nd->nd_mrep = NULL;
 3044         }
 3045         /*
 3046          * Fill last record, iff any, out to a multiple of DIRBLKSIZ
 3047          * by increasing d_reclen for the last record.
 3048          */
 3049         if (blksiz > 0) {
 3050                 left = DIRBLKSIZ - blksiz;
 3051                 dp->d_reclen += left;
 3052                 uio_iov_base_add(uiop, left);
 3053                 uio_iov_len_add(uiop, -(left));
 3054                 uio_uio_resid_add(uiop, -(left));
 3055                 uiop->uio_offset += left;
 3056         }
 3057 
 3058         /*
 3059          * If returning no data, assume end of file.
 3060          * If not bigenough, return not end of file, since you aren't
 3061          *    returning all the data
 3062          * Otherwise, return the eof flag from the server.
 3063          */
 3064         if (eofp) {
 3065                 if (tresid == ((size_t)(uio_uio_resid(uiop))))
 3066                         *eofp = 1;
 3067                 else if (!bigenough)
 3068                         *eofp = 0;
 3069                 else
 3070                         *eofp = eof;
 3071         }
 3072 
 3073 nfsmout:
 3074         if (nd->nd_mrep != NULL)
 3075                 mbuf_freem(nd->nd_mrep);
 3076         return (error);
 3077 }
 3078 
 3079 #ifndef APPLE
 3080 /*
 3081  * NFS V3 readdir plus RPC. Used in place of nfsrpc_readdir().
 3082  * (Also used for NFS V4 when mount flag set.)
 3083  * (ditto above w.r.t. multiple of DIRBLKSIZ, etc.)
 3084  */
 3085 APPLESTATIC int
 3086 nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
 3087     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 3088     int *eofp, void *stuff)
 3089 {
 3090         int len, left;
 3091         struct dirent *dp = NULL;
 3092         u_int32_t *tl;
 3093         vnode_t newvp = NULLVP;
 3094         struct nfsrv_descript nfsd, *nd = &nfsd;
 3095         struct nameidata nami, *ndp = &nami;
 3096         struct componentname *cnp = &ndp->ni_cnd;
 3097         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3098         struct nfsnode *dnp = VTONFS(vp), *np;
 3099         struct nfsvattr nfsva;
 3100         struct nfsfh *nfhp;
 3101         nfsquad_t cookie, ncookie;
 3102         int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
 3103         int attrflag, tryformoredirs = 1, eof = 0, gotmnton = 0;
 3104         int isdotdot = 0, unlocknewvp = 0;
 3105         long dotfileid, dotdotfileid = 0, fileno = 0;
 3106         char *cp;
 3107         nfsattrbit_t attrbits, dattrbits;
 3108         size_t tresid;
 3109         u_int32_t *tl2 = NULL, fakefileno = 0xffffffff, rderr;
 3110         struct timespec dctime;
 3111 
 3112         KASSERT(uiop->uio_iovcnt == 1 &&
 3113             (uio_uio_resid(uiop) & (DIRBLKSIZ - 1)) == 0,
 3114             ("nfs readdirplusrpc bad uio"));
 3115         timespecclear(&dctime);
 3116         *attrflagp = 0;
 3117         if (eofp != NULL)
 3118                 *eofp = 0;
 3119         ndp->ni_dvp = vp;
 3120         nd->nd_mrep = NULL;
 3121         cookie.lval[0] = cookiep->nfsuquad[0];
 3122         cookie.lval[1] = cookiep->nfsuquad[1];
 3123         tresid = uio_uio_resid(uiop);
 3124 
 3125         /*
 3126          * For NFSv4, first create the "." and ".." entries.
 3127          */
 3128         if (NFSHASNFSV4(nmp)) {
 3129                 NFSGETATTR_ATTRBIT(&dattrbits);
 3130                 NFSZERO_ATTRBIT(&attrbits);
 3131                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
 3132                 if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
 3133                     NFSATTRBIT_MOUNTEDONFILEID)) {
 3134                         NFSSETBIT_ATTRBIT(&attrbits,
 3135                             NFSATTRBIT_MOUNTEDONFILEID);
 3136                         gotmnton = 1;
 3137                 } else {
 3138                         /*
 3139                          * Must fake it. Use the fileno, except when the
 3140                          * fsid is != to that of the directory. For that
 3141                          * case, generate a fake fileno that is not the same.
 3142                          */
 3143                         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
 3144                         gotmnton = 0;
 3145                 }
 3146 
 3147                 /*
 3148                  * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
 3149                  */
 3150                 if (uiop->uio_offset == 0) {
 3151                         NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp);
 3152                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 3153                         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 3154                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3155                         (void) nfsrv_putattrbit(nd, &attrbits);
 3156                         error = nfscl_request(nd, vp, p, cred, stuff);
 3157                         if (error)
 3158                             return (error);
 3159                         dotfileid = 0;  /* Fake out the compiler. */
 3160                         if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
 3161                             error = nfsm_loadattr(nd, &nfsva);
 3162                             if (error != 0)
 3163                                 goto nfsmout;
 3164                             dctime = nfsva.na_ctime;
 3165                             dotfileid = nfsva.na_fileid;
 3166                         }
 3167                         if (nd->nd_repstat == 0) {
 3168                             NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 3169                             len = fxdr_unsigned(int, *(tl + 4));
 3170                             if (len > 0 && len <= NFSX_V4FHMAX)
 3171                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 3172                             else
 3173                                 error = EPERM;
 3174                             if (!error) {
 3175                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 3176                                 nfsva.na_mntonfileno = 0xffffffff;
 3177                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 3178                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 3179                                     NULL, NULL, NULL, p, cred);
 3180                                 if (error) {
 3181                                     dotdotfileid = dotfileid;
 3182                                 } else if (gotmnton) {
 3183                                     if (nfsva.na_mntonfileno != 0xffffffff)
 3184                                         dotdotfileid = nfsva.na_mntonfileno;
 3185                                     else
 3186                                         dotdotfileid = nfsva.na_fileid;
 3187                                 } else if (nfsva.na_filesid[0] ==
 3188                                     dnp->n_vattr.na_filesid[0] &&
 3189                                     nfsva.na_filesid[1] ==
 3190                                     dnp->n_vattr.na_filesid[1]) {
 3191                                     dotdotfileid = nfsva.na_fileid;
 3192                                 } else {
 3193                                     do {
 3194                                         fakefileno--;
 3195                                     } while (fakefileno ==
 3196                                         nfsva.na_fileid);
 3197                                     dotdotfileid = fakefileno;
 3198                                 }
 3199                             }
 3200                         } else if (nd->nd_repstat == NFSERR_NOENT) {
 3201                             /*
 3202                              * Lookupp returns NFSERR_NOENT when we are
 3203                              * at the root, so just use the current dir.
 3204                              */
 3205                             nd->nd_repstat = 0;
 3206                             dotdotfileid = dotfileid;
 3207                         } else {
 3208                             error = nd->nd_repstat;
 3209                         }
 3210                         mbuf_freem(nd->nd_mrep);
 3211                         if (error)
 3212                             return (error);
 3213                         nd->nd_mrep = NULL;
 3214                         dp = (struct dirent *)uio_iov_base(uiop);
 3215                         dp->d_type = DT_DIR;
 3216                         dp->d_fileno = dotfileid;
 3217                         dp->d_namlen = 1;
 3218                         dp->d_name[0] = '.';
 3219                         dp->d_name[1] = '\0';
 3220                         dp->d_reclen = DIRENT_SIZE(dp) + NFSX_HYPER;
 3221                         /*
 3222                          * Just make these offset cookie 0.
 3223                          */
 3224                         tl = (u_int32_t *)&dp->d_name[4];
 3225                         *tl++ = 0;
 3226                         *tl = 0;
 3227                         blksiz += dp->d_reclen;
 3228                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 3229                         uiop->uio_offset += dp->d_reclen;
 3230                         uio_iov_base_add(uiop, dp->d_reclen);
 3231                         uio_iov_len_add(uiop, -(dp->d_reclen));
 3232                         dp = (struct dirent *)uio_iov_base(uiop);
 3233                         dp->d_type = DT_DIR;
 3234                         dp->d_fileno = dotdotfileid;
 3235                         dp->d_namlen = 2;
 3236                         dp->d_name[0] = '.';
 3237                         dp->d_name[1] = '.';
 3238                         dp->d_name[2] = '\0';
 3239                         dp->d_reclen = DIRENT_SIZE(dp) + NFSX_HYPER;
 3240                         /*
 3241                          * Just make these offset cookie 0.
 3242                          */
 3243                         tl = (u_int32_t *)&dp->d_name[4];
 3244                         *tl++ = 0;
 3245                         *tl = 0;
 3246                         blksiz += dp->d_reclen;
 3247                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 3248                         uiop->uio_offset += dp->d_reclen;
 3249                         uio_iov_base_add(uiop, dp->d_reclen);
 3250                         uio_iov_len_add(uiop, -(dp->d_reclen));
 3251                 }
 3252                 NFSREADDIRPLUS_ATTRBIT(&attrbits);
 3253                 if (gotmnton)
 3254                         NFSSETBIT_ATTRBIT(&attrbits,
 3255                             NFSATTRBIT_MOUNTEDONFILEID);
 3256         }
 3257 
 3258         /*
 3259          * Loop around doing readdir rpc's of size nm_readdirsize.
 3260          * The stopping criteria is EOF or buffer full.
 3261          */
 3262         while (more_dirs && bigenough) {
 3263                 *attrflagp = 0;
 3264                 NFSCL_REQSTART(nd, NFSPROC_READDIRPLUS, vp);
 3265                 NFSM_BUILD(tl, u_int32_t *, 6 * NFSX_UNSIGNED);
 3266                 *tl++ = cookie.lval[0];
 3267                 *tl++ = cookie.lval[1];
 3268                 if (cookie.qval == 0) {
 3269                         *tl++ = 0;
 3270                         *tl++ = 0;
 3271                 } else {
 3272                         NFSLOCKNODE(dnp);
 3273                         *tl++ = dnp->n_cookieverf.nfsuquad[0];
 3274                         *tl++ = dnp->n_cookieverf.nfsuquad[1];
 3275                         NFSUNLOCKNODE(dnp);
 3276                 }
 3277                 *tl++ = txdr_unsigned(nmp->nm_readdirsize);
 3278                 *tl = txdr_unsigned(nmp->nm_readdirsize);
 3279                 if (nd->nd_flag & ND_NFSV4) {
 3280                         (void) nfsrv_putattrbit(nd, &attrbits);
 3281                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 3282                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3283                         (void) nfsrv_putattrbit(nd, &dattrbits);
 3284                 }
 3285                 error = nfscl_request(nd, vp, p, cred, stuff);
 3286                 if (error)
 3287                         return (error);
 3288                 if (nd->nd_flag & ND_NFSV3)
 3289                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 3290                 if (nd->nd_repstat || error) {
 3291                         if (!error)
 3292                                 error = nd->nd_repstat;
 3293                         goto nfsmout;
 3294                 }
 3295                 if ((nd->nd_flag & ND_NFSV3) != 0 && *attrflagp != 0)
 3296                         dctime = nap->na_ctime;
 3297                 NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3298                 NFSLOCKNODE(dnp);
 3299                 dnp->n_cookieverf.nfsuquad[0] = *tl++;
 3300                 dnp->n_cookieverf.nfsuquad[1] = *tl++;
 3301                 NFSUNLOCKNODE(dnp);
 3302                 more_dirs = fxdr_unsigned(int, *tl);
 3303                 if (!more_dirs)
 3304                         tryformoredirs = 0;
 3305         
 3306                 /* loop thru the dir entries, doctoring them to 4bsd form */
 3307                 while (more_dirs && bigenough) {
 3308                         NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3309                         if (nd->nd_flag & ND_NFSV4) {
 3310                                 ncookie.lval[0] = *tl++;
 3311                                 ncookie.lval[1] = *tl++;
 3312                         } else {
 3313                                 fileno = fxdr_unsigned(long, *++tl);
 3314                                 tl++;
 3315                         }
 3316                         len = fxdr_unsigned(int, *tl);
 3317                         if (len <= 0 || len > NFS_MAXNAMLEN) {
 3318                                 error = EBADRPC;
 3319                                 goto nfsmout;
 3320                         }
 3321                         tlen = NFSM_RNDUP(len);
 3322                         if (tlen == len)
 3323                                 tlen += 4;  /* To ensure null termination */
 3324                         left = DIRBLKSIZ - blksiz;
 3325                         if ((tlen + DIRHDSIZ + NFSX_HYPER) > left) {
 3326                                 dp->d_reclen += left;
 3327                                 uio_iov_base_add(uiop, left);
 3328                                 uio_iov_len_add(uiop, -(left));
 3329                                 uio_uio_resid_add(uiop, -(left));
 3330                                 uiop->uio_offset += left;
 3331                                 blksiz = 0;
 3332                         }
 3333                         if ((tlen + DIRHDSIZ + NFSX_HYPER) > uio_uio_resid(uiop))
 3334                                 bigenough = 0;
 3335                         if (bigenough) {
 3336                                 dp = (struct dirent *)uio_iov_base(uiop);
 3337                                 dp->d_namlen = len;
 3338                                 dp->d_reclen = tlen + DIRHDSIZ + NFSX_HYPER;
 3339                                 dp->d_type = DT_UNKNOWN;
 3340                                 blksiz += dp->d_reclen;
 3341                                 if (blksiz == DIRBLKSIZ)
 3342                                         blksiz = 0;
 3343                                 uio_uio_resid_add(uiop, -(DIRHDSIZ));
 3344                                 uiop->uio_offset += DIRHDSIZ;
 3345                                 uio_iov_base_add(uiop, DIRHDSIZ);
 3346                                 uio_iov_len_add(uiop, -(DIRHDSIZ));
 3347                                 cnp->cn_nameptr = uio_iov_base(uiop);
 3348                                 cnp->cn_namelen = len;
 3349                                 NFSCNHASHZERO(cnp);
 3350                                 error = nfsm_mbufuio(nd, uiop, len);
 3351                                 if (error)
 3352                                         goto nfsmout;
 3353                                 cp = uio_iov_base(uiop);
 3354                                 tlen -= len;
 3355                                 *cp = '\0';
 3356                                 cp += tlen;     /* points to cookie storage */
 3357                                 tl2 = (u_int32_t *)cp;
 3358                                 if (len == 2 && cnp->cn_nameptr[0] == '.' &&
 3359                                     cnp->cn_nameptr[1] == '.')
 3360                                         isdotdot = 1;
 3361                                 else
 3362                                         isdotdot = 0;
 3363                                 uio_iov_base_add(uiop, (tlen + NFSX_HYPER));
 3364                                 uio_iov_len_add(uiop, -(tlen + NFSX_HYPER));
 3365                                 uio_uio_resid_add(uiop, -(tlen + NFSX_HYPER));
 3366                                 uiop->uio_offset += (tlen + NFSX_HYPER);
 3367                         } else {
 3368                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 3369                                 if (error)
 3370                                         goto nfsmout;
 3371                         }
 3372                         nfhp = NULL;
 3373                         if (nd->nd_flag & ND_NFSV3) {
 3374                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3375                                 ncookie.lval[0] = *tl++;
 3376                                 ncookie.lval[1] = *tl++;
 3377                                 attrflag = fxdr_unsigned(int, *tl);
 3378                                 if (attrflag) {
 3379                                   error = nfsm_loadattr(nd, &nfsva);
 3380                                   if (error)
 3381                                         goto nfsmout;
 3382                                 }
 3383                                 NFSM_DISSECT(tl,u_int32_t *,NFSX_UNSIGNED);
 3384                                 if (*tl) {
 3385                                         error = nfsm_getfh(nd, &nfhp);
 3386                                         if (error)
 3387                                             goto nfsmout;
 3388                                 }
 3389                                 if (!attrflag && nfhp != NULL) {
 3390                                         FREE((caddr_t)nfhp, M_NFSFH);
 3391                                         nfhp = NULL;
 3392                                 }
 3393                         } else {
 3394                                 rderr = 0;
 3395                                 nfsva.na_mntonfileno = 0xffffffff;
 3396                                 error = nfsv4_loadattr(nd, NULL, &nfsva, &nfhp,
 3397                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 3398                                     NULL, NULL, &rderr, p, cred);
 3399                                 if (error)
 3400                                         goto nfsmout;
 3401                         }
 3402 
 3403                         if (bigenough) {
 3404                             if (nd->nd_flag & ND_NFSV4) {
 3405                                 if (rderr) {
 3406                                     dp->d_fileno = 0;
 3407                                 } else if (gotmnton) {
 3408                                     if (nfsva.na_mntonfileno != 0xffffffff)
 3409                                         dp->d_fileno = nfsva.na_mntonfileno;
 3410                                     else
 3411                                         dp->d_fileno = nfsva.na_fileid;
 3412                                 } else if (nfsva.na_filesid[0] ==
 3413                                     dnp->n_vattr.na_filesid[0] &&
 3414                                     nfsva.na_filesid[1] ==
 3415                                     dnp->n_vattr.na_filesid[1]) {
 3416                                     dp->d_fileno = nfsva.na_fileid;
 3417                                 } else {
 3418                                     do {
 3419                                         fakefileno--;
 3420                                     } while (fakefileno ==
 3421                                         nfsva.na_fileid);
 3422                                     dp->d_fileno = fakefileno;
 3423                                 }
 3424                             } else {
 3425                                 dp->d_fileno = fileno;
 3426                             }
 3427                             *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
 3428                                 ncookie.lval[0];
 3429                             *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
 3430                                 ncookie.lval[1];
 3431 
 3432                             if (nfhp != NULL) {
 3433                                 if (NFSRV_CMPFH(nfhp->nfh_fh, nfhp->nfh_len,
 3434                                     dnp->n_fhp->nfh_fh, dnp->n_fhp->nfh_len)) {
 3435                                     VREF(vp);
 3436                                     newvp = vp;
 3437                                     unlocknewvp = 0;
 3438                                     FREE((caddr_t)nfhp, M_NFSFH);
 3439                                     np = dnp;
 3440                                 } else if (isdotdot != 0) {
 3441                                     /*
 3442                                      * Skip doing a nfscl_nget() call for "..".
 3443                                      * There's a race between acquiring the nfs
 3444                                      * node here and lookups that look for the
 3445                                      * directory being read (in the parent).
 3446                                      * It would try to get a lock on ".." here,
 3447                                      * owning the lock on the directory being
 3448                                      * read. Lookup will hold the lock on ".."
 3449                                      * and try to acquire the lock on the
 3450                                      * directory being read.
 3451                                      * If the directory is unlocked/relocked,
 3452                                      * then there is a LOR with the buflock
 3453                                      * vp is relocked.
 3454                                      */
 3455                                     free(nfhp, M_NFSFH);
 3456                                 } else {
 3457                                     error = nfscl_nget(vnode_mount(vp), vp,
 3458                                       nfhp, cnp, p, &np, NULL, LK_EXCLUSIVE);
 3459                                     if (!error) {
 3460                                         newvp = NFSTOV(np);
 3461                                         unlocknewvp = 1;
 3462                                     }
 3463                                 }
 3464                                 nfhp = NULL;
 3465                                 if (newvp != NULLVP) {
 3466                                     error = nfscl_loadattrcache(&newvp,
 3467                                         &nfsva, NULL, NULL, 0, 0);
 3468                                     if (error) {
 3469                                         if (unlocknewvp)
 3470                                             vput(newvp);
 3471                                         else
 3472                                             vrele(newvp);
 3473                                         goto nfsmout;
 3474                                     }
 3475                                     dp->d_type =
 3476                                         vtonfs_dtype(np->n_vattr.na_type);
 3477                                     ndp->ni_vp = newvp;
 3478                                     NFSCNHASH(cnp, HASHINIT);
 3479                                     if (cnp->cn_namelen <= NCHNAMLEN &&
 3480                                         (newvp->v_type != VDIR ||
 3481                                          dctime.tv_sec != 0)) {
 3482                                         cache_enter_time(ndp->ni_dvp,
 3483                                             ndp->ni_vp, cnp,
 3484                                             &nfsva.na_ctime,
 3485                                             newvp->v_type != VDIR ? NULL :
 3486                                             &dctime);
 3487                                     }
 3488                                     if (unlocknewvp)
 3489                                         vput(newvp);
 3490                                     else
 3491                                         vrele(newvp);
 3492                                     newvp = NULLVP;
 3493                                 }
 3494                             }
 3495                         } else if (nfhp != NULL) {
 3496                             FREE((caddr_t)nfhp, M_NFSFH);
 3497                         }
 3498                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3499                         more_dirs = fxdr_unsigned(int, *tl);
 3500                 }
 3501                 /*
 3502                  * If at end of rpc data, get the eof boolean
 3503                  */
 3504                 if (!more_dirs) {
 3505                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3506                         eof = fxdr_unsigned(int, *tl);
 3507                         if (tryformoredirs)
 3508                                 more_dirs = !eof;
 3509                         if (nd->nd_flag & ND_NFSV4) {
 3510                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 3511                                     stuff);
 3512                                 if (error)
 3513                                         goto nfsmout;
 3514                         }
 3515                 }
 3516                 mbuf_freem(nd->nd_mrep);
 3517                 nd->nd_mrep = NULL;
 3518         }
 3519         /*
 3520          * Fill last record, iff any, out to a multiple of DIRBLKSIZ
 3521          * by increasing d_reclen for the last record.
 3522          */
 3523         if (blksiz > 0) {
 3524                 left = DIRBLKSIZ - blksiz;
 3525                 dp->d_reclen += left;
 3526                 uio_iov_base_add(uiop, left);
 3527                 uio_iov_len_add(uiop, -(left));
 3528                 uio_uio_resid_add(uiop, -(left));
 3529                 uiop->uio_offset += left;
 3530         }
 3531 
 3532         /*
 3533          * If returning no data, assume end of file.
 3534          * If not bigenough, return not end of file, since you aren't
 3535          *    returning all the data
 3536          * Otherwise, return the eof flag from the server.
 3537          */
 3538         if (eofp != NULL) {
 3539                 if (tresid == uio_uio_resid(uiop))
 3540                         *eofp = 1;
 3541                 else if (!bigenough)
 3542                         *eofp = 0;
 3543                 else
 3544                         *eofp = eof;
 3545         }
 3546 
 3547 nfsmout:
 3548         if (nd->nd_mrep != NULL)
 3549                 mbuf_freem(nd->nd_mrep);
 3550         return (error);
 3551 }
 3552 #endif  /* !APPLE */
 3553 
 3554 /*
 3555  * Nfs commit rpc
 3556  */
 3557 APPLESTATIC int
 3558 nfsrpc_commit(vnode_t vp, u_quad_t offset, int cnt, struct ucred *cred,
 3559     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 3560 {
 3561         u_int32_t *tl;
 3562         struct nfsrv_descript nfsd, *nd = &nfsd;
 3563         nfsattrbit_t attrbits;
 3564         int error;
 3565         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3566         
 3567         *attrflagp = 0;
 3568         NFSCL_REQSTART(nd, NFSPROC_COMMIT, vp);
 3569         NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3570         txdr_hyper(offset, tl);
 3571         tl += 2;
 3572         *tl = txdr_unsigned(cnt);
 3573         if (nd->nd_flag & ND_NFSV4) {
 3574                 /*
 3575                  * And do a Getattr op.
 3576                  */
 3577                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 3578                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3579                 NFSGETATTR_ATTRBIT(&attrbits);
 3580                 (void) nfsrv_putattrbit(nd, &attrbits);
 3581         }
 3582         error = nfscl_request(nd, vp, p, cred, stuff);
 3583         if (error)
 3584                 return (error);
 3585         error = nfscl_wcc_data(nd, vp, nap, attrflagp, NULL, stuff);
 3586         if (!error && !nd->nd_repstat) {
 3587                 NFSM_DISSECT(tl, u_int32_t *, NFSX_VERF);
 3588                 NFSLOCKMNT(nmp);
 3589                 if (NFSBCMP(nmp->nm_verf, tl, NFSX_VERF)) {
 3590                         NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 3591                         nd->nd_repstat = NFSERR_STALEWRITEVERF;
 3592                 }
 3593                 NFSUNLOCKMNT(nmp);
 3594                 if (nd->nd_flag & ND_NFSV4)
 3595                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 3596         }
 3597 nfsmout:
 3598         if (!error && nd->nd_repstat)
 3599                 error = nd->nd_repstat;
 3600         mbuf_freem(nd->nd_mrep);
 3601         return (error);
 3602 }
 3603 
 3604 /*
 3605  * NFS byte range lock rpc.
 3606  * (Mostly just calls one of the three lower level RPC routines.)
 3607  */
 3608 APPLESTATIC int
 3609 nfsrpc_advlock(vnode_t vp, off_t size, int op, struct flock *fl,
 3610     int reclaim, struct ucred *cred, NFSPROC_T *p, void *id, int flags)
 3611 {
 3612         struct nfscllockowner *lp;
 3613         struct nfsclclient *clp;
 3614         struct nfsfh *nfhp;
 3615         struct nfsrv_descript nfsd, *nd = &nfsd;
 3616         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3617         u_int64_t off, len;
 3618         off_t start, end;
 3619         u_int32_t clidrev = 0;
 3620         int error = 0, newone = 0, expireret = 0, retrycnt, donelocally;
 3621         int callcnt, dorpc;
 3622 
 3623         /*
 3624          * Convert the flock structure into a start and end and do POSIX
 3625          * bounds checking.
 3626          */
 3627         switch (fl->l_whence) {
 3628         case SEEK_SET:
 3629         case SEEK_CUR:
 3630                 /*
 3631                  * Caller is responsible for adding any necessary offset
 3632                  * when SEEK_CUR is used.
 3633                  */
 3634                 start = fl->l_start;
 3635                 off = fl->l_start;
 3636                 break;
 3637         case SEEK_END:
 3638                 start = size + fl->l_start;
 3639                 off = size + fl->l_start;
 3640                 break;
 3641         default:
 3642                 return (EINVAL);
 3643         };
 3644         if (start < 0)
 3645                 return (EINVAL);
 3646         if (fl->l_len != 0) {
 3647                 end = start + fl->l_len - 1;
 3648                 if (end < start)
 3649                         return (EINVAL);
 3650         }
 3651 
 3652         len = fl->l_len;
 3653         if (len == 0)
 3654                 len = NFS64BITSSET;
 3655         retrycnt = 0;
 3656         do {
 3657             nd->nd_repstat = 0;
 3658             if (op == F_GETLK) {
 3659                 error = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
 3660                 if (error)
 3661                         return (error);
 3662                 error = nfscl_lockt(vp, clp, off, len, fl, p, id, flags);
 3663                 if (!error) {
 3664                         clidrev = clp->nfsc_clientidrev;
 3665                         error = nfsrpc_lockt(nd, vp, clp, off, len, fl, cred,
 3666                             p, id, flags);
 3667                 } else if (error == -1) {
 3668                         error = 0;
 3669                 }
 3670                 nfscl_clientrelease(clp);
 3671             } else if (op == F_UNLCK && fl->l_type == F_UNLCK) {
 3672                 /*
 3673                  * We must loop around for all lockowner cases.
 3674                  */
 3675                 callcnt = 0;
 3676                 error = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
 3677                 if (error)
 3678                         return (error);
 3679                 do {
 3680                     error = nfscl_relbytelock(vp, off, len, cred, p, callcnt,
 3681                         clp, id, flags, &lp, &dorpc);
 3682                     /*
 3683                      * If it returns a NULL lp, we're done.
 3684                      */
 3685                     if (lp == NULL) {
 3686                         if (callcnt == 0)
 3687                             nfscl_clientrelease(clp);
 3688                         else
 3689                             nfscl_releasealllocks(clp, vp, p, id, flags);
 3690                         return (error);
 3691                     }
 3692                     if (nmp->nm_clp != NULL)
 3693                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 3694                     else
 3695                         clidrev = 0;
 3696                     /*
 3697                      * If the server doesn't support Posix lock semantics,
 3698                      * only allow locks on the entire file, since it won't
 3699                      * handle overlapping byte ranges.
 3700                      * There might still be a problem when a lock
 3701                      * upgrade/downgrade (read<->write) occurs, since the
 3702                      * server "might" expect an unlock first?
 3703                      */
 3704                     if (dorpc && (lp->nfsl_open->nfso_posixlock ||
 3705                         (off == 0 && len == NFS64BITSSET))) {
 3706                         /*
 3707                          * Since the lock records will go away, we must
 3708                          * wait for grace and delay here.
 3709                          */
 3710                         do {
 3711                             error = nfsrpc_locku(nd, nmp, lp, off, len,
 3712                                 NFSV4LOCKT_READ, cred, p, 0);
 3713                             if ((nd->nd_repstat == NFSERR_GRACE ||
 3714                                  nd->nd_repstat == NFSERR_DELAY) &&
 3715                                 error == 0)
 3716                                 (void) nfs_catnap(PZERO, (int)nd->nd_repstat,
 3717                                     "nfs_advlock");
 3718                         } while ((nd->nd_repstat == NFSERR_GRACE ||
 3719                             nd->nd_repstat == NFSERR_DELAY) && error == 0);
 3720                     }
 3721                     callcnt++;
 3722                 } while (error == 0 && nd->nd_repstat == 0);
 3723                 nfscl_releasealllocks(clp, vp, p, id, flags);
 3724             } else if (op == F_SETLK) {
 3725                 error = nfscl_getbytelock(vp, off, len, fl->l_type, cred, p,
 3726                     NULL, 0, id, flags, NULL, NULL, &lp, &newone, &donelocally);
 3727                 if (error || donelocally) {
 3728                         return (error);
 3729                 }
 3730                 if (nmp->nm_clp != NULL)
 3731                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 3732                 else
 3733                         clidrev = 0;
 3734                 nfhp = VTONFS(vp)->n_fhp;
 3735                 if (!lp->nfsl_open->nfso_posixlock &&
 3736                     (off != 0 || len != NFS64BITSSET)) {
 3737                         error = EINVAL;
 3738                 } else {
 3739                         error = nfsrpc_lock(nd, nmp, vp, nfhp->nfh_fh,
 3740                             nfhp->nfh_len, lp, newone, reclaim, off,
 3741                             len, fl->l_type, cred, p, 0);
 3742                 }
 3743                 if (!error)
 3744                         error = nd->nd_repstat;
 3745                 nfscl_lockrelease(lp, error, newone);
 3746             } else {
 3747                 error = EINVAL;
 3748             }
 3749             if (!error)
 3750                 error = nd->nd_repstat;
 3751             if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 3752                 error == NFSERR_STALEDONTRECOVER ||
 3753                 error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
 3754                 error == NFSERR_BADSESSION) {
 3755                 (void) nfs_catnap(PZERO, error, "nfs_advlock");
 3756             } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
 3757                 && clidrev != 0) {
 3758                 expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 3759                 retrycnt++;
 3760             }
 3761         } while (error == NFSERR_GRACE ||
 3762             error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
 3763             error == NFSERR_STALEDONTRECOVER || error == NFSERR_STALESTATEID ||
 3764             error == NFSERR_BADSESSION ||
 3765             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 3766              expireret == 0 && clidrev != 0 && retrycnt < 4));
 3767         if (error && retrycnt >= 4)
 3768                 error = EIO;
 3769         return (error);
 3770 }
 3771 
 3772 /*
 3773  * The lower level routine for the LockT case.
 3774  */
 3775 APPLESTATIC int
 3776 nfsrpc_lockt(struct nfsrv_descript *nd, vnode_t vp,
 3777     struct nfsclclient *clp, u_int64_t off, u_int64_t len, struct flock *fl,
 3778     struct ucred *cred, NFSPROC_T *p, void *id, int flags)
 3779 {
 3780         u_int32_t *tl;
 3781         int error, type, size;
 3782         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 3783         struct nfsnode *np;
 3784         struct nfsmount *nmp;
 3785 
 3786         nmp = VFSTONFS(vp->v_mount);
 3787         NFSCL_REQSTART(nd, NFSPROC_LOCKT, vp);
 3788         NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
 3789         if (fl->l_type == F_RDLCK)
 3790                 *tl++ = txdr_unsigned(NFSV4LOCKT_READ);
 3791         else
 3792                 *tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
 3793         txdr_hyper(off, tl);
 3794         tl += 2;
 3795         txdr_hyper(len, tl);
 3796         tl += 2;
 3797         *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0];
 3798         *tl = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1];
 3799         nfscl_filllockowner(id, own, flags);
 3800         np = VTONFS(vp);
 3801         NFSBCOPY(np->n_fhp->nfh_fh, &own[NFSV4CL_LOCKNAMELEN],
 3802             np->n_fhp->nfh_len);
 3803         (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + np->n_fhp->nfh_len);
 3804         error = nfscl_request(nd, vp, p, cred, NULL);
 3805         if (error)
 3806                 return (error);
 3807         if (nd->nd_repstat == 0) {
 3808                 fl->l_type = F_UNLCK;
 3809         } else if (nd->nd_repstat == NFSERR_DENIED) {
 3810                 nd->nd_repstat = 0;
 3811                 fl->l_whence = SEEK_SET;
 3812                 NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
 3813                 fl->l_start = fxdr_hyper(tl);
 3814                 tl += 2;
 3815                 len = fxdr_hyper(tl);
 3816                 tl += 2;
 3817                 if (len == NFS64BITSSET)
 3818                         fl->l_len = 0;
 3819                 else
 3820                         fl->l_len = len;
 3821                 type = fxdr_unsigned(int, *tl++);
 3822                 if (type == NFSV4LOCKT_WRITE)
 3823                         fl->l_type = F_WRLCK;
 3824                 else
 3825                         fl->l_type = F_RDLCK;
 3826                 /*
 3827                  * XXX For now, I have no idea what to do with the
 3828                  * conflicting lock_owner, so I'll just set the pid == 0
 3829                  * and skip over the lock_owner.
 3830                  */
 3831                 fl->l_pid = (pid_t)0;
 3832                 tl += 2;
 3833                 size = fxdr_unsigned(int, *tl);
 3834                 if (size < 0 || size > NFSV4_OPAQUELIMIT)
 3835                         error = EBADRPC;
 3836                 if (!error)
 3837                         error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
 3838         } else if (nd->nd_repstat == NFSERR_STALECLIENTID ||
 3839             nd->nd_repstat == NFSERR_BADSESSION)
 3840                 nfscl_initiate_recovery(clp);
 3841 nfsmout:
 3842         mbuf_freem(nd->nd_mrep);
 3843         return (error);
 3844 }
 3845 
 3846 /*
 3847  * Lower level function that performs the LockU RPC.
 3848  */
 3849 static int
 3850 nfsrpc_locku(struct nfsrv_descript *nd, struct nfsmount *nmp,
 3851     struct nfscllockowner *lp, u_int64_t off, u_int64_t len,
 3852     u_int32_t type, struct ucred *cred, NFSPROC_T *p, int syscred)
 3853 {
 3854         u_int32_t *tl;
 3855         int error;
 3856 
 3857         nfscl_reqstart(nd, NFSPROC_LOCKU, nmp, lp->nfsl_open->nfso_fh,
 3858             lp->nfsl_open->nfso_fhlen, NULL, NULL);
 3859         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 6 * NFSX_UNSIGNED);
 3860         *tl++ = txdr_unsigned(type);
 3861         *tl = txdr_unsigned(lp->nfsl_seqid);
 3862         if (nfstest_outofseq &&
 3863             (arc4random() % nfstest_outofseq) == 0)
 3864                 *tl = txdr_unsigned(lp->nfsl_seqid + 1);
 3865         tl++;
 3866         if (NFSHASNFSV4N(nmp))
 3867                 *tl++ = 0;
 3868         else
 3869                 *tl++ = lp->nfsl_stateid.seqid;
 3870         *tl++ = lp->nfsl_stateid.other[0];
 3871         *tl++ = lp->nfsl_stateid.other[1];
 3872         *tl++ = lp->nfsl_stateid.other[2];
 3873         txdr_hyper(off, tl);
 3874         tl += 2;
 3875         txdr_hyper(len, tl);
 3876         if (syscred)
 3877                 nd->nd_flag |= ND_USEGSSNAME;
 3878         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 3879             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 3880         NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
 3881         if (error)
 3882                 return (error);
 3883         if (nd->nd_repstat == 0) {
 3884                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
 3885                 lp->nfsl_stateid.seqid = *tl++;
 3886                 lp->nfsl_stateid.other[0] = *tl++;
 3887                 lp->nfsl_stateid.other[1] = *tl++;
 3888                 lp->nfsl_stateid.other[2] = *tl;
 3889         } else if (nd->nd_repstat == NFSERR_STALESTATEID ||
 3890             nd->nd_repstat == NFSERR_BADSESSION)
 3891                 nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
 3892 nfsmout:
 3893         mbuf_freem(nd->nd_mrep);
 3894         return (error);
 3895 }
 3896 
 3897 /*
 3898  * The actual Lock RPC.
 3899  */
 3900 APPLESTATIC int
 3901 nfsrpc_lock(struct nfsrv_descript *nd, struct nfsmount *nmp, vnode_t vp,
 3902     u_int8_t *nfhp, int fhlen, struct nfscllockowner *lp, int newone,
 3903     int reclaim, u_int64_t off, u_int64_t len, short type, struct ucred *cred,
 3904     NFSPROC_T *p, int syscred)
 3905 {
 3906         u_int32_t *tl;
 3907         int error, size;
 3908         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 3909 
 3910         nfscl_reqstart(nd, NFSPROC_LOCK, nmp, nfhp, fhlen, NULL, NULL);
 3911         NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
 3912         if (type == F_RDLCK)
 3913                 *tl++ = txdr_unsigned(NFSV4LOCKT_READ);
 3914         else
 3915                 *tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
 3916         *tl++ = txdr_unsigned(reclaim);
 3917         txdr_hyper(off, tl);
 3918         tl += 2;
 3919         txdr_hyper(len, tl);
 3920         tl += 2;
 3921         if (newone) {
 3922             *tl = newnfs_true;
 3923             NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
 3924                 2 * NFSX_UNSIGNED + NFSX_HYPER);
 3925             *tl++ = txdr_unsigned(lp->nfsl_open->nfso_own->nfsow_seqid);
 3926             if (NFSHASNFSV4N(nmp))
 3927                 *tl++ = 0;
 3928             else
 3929                 *tl++ = lp->nfsl_open->nfso_stateid.seqid;
 3930             *tl++ = lp->nfsl_open->nfso_stateid.other[0];
 3931             *tl++ = lp->nfsl_open->nfso_stateid.other[1];
 3932             *tl++ = lp->nfsl_open->nfso_stateid.other[2];
 3933             *tl++ = txdr_unsigned(lp->nfsl_seqid);
 3934             *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0];
 3935             *tl = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1];
 3936             NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
 3937             NFSBCOPY(nfhp, &own[NFSV4CL_LOCKNAMELEN], fhlen);
 3938             (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
 3939         } else {
 3940             *tl = newnfs_false;
 3941             NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + NFSX_UNSIGNED);
 3942             if (NFSHASNFSV4N(nmp))
 3943                 *tl++ = 0;
 3944             else
 3945                 *tl++ = lp->nfsl_stateid.seqid;
 3946             *tl++ = lp->nfsl_stateid.other[0];
 3947             *tl++ = lp->nfsl_stateid.other[1];
 3948             *tl++ = lp->nfsl_stateid.other[2];
 3949             *tl = txdr_unsigned(lp->nfsl_seqid);
 3950             if (nfstest_outofseq &&
 3951                 (arc4random() % nfstest_outofseq) == 0)
 3952                     *tl = txdr_unsigned(lp->nfsl_seqid + 1);
 3953         }
 3954         if (syscred)
 3955                 nd->nd_flag |= ND_USEGSSNAME;
 3956         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
 3957             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 3958         if (error)
 3959                 return (error);
 3960         if (newone)
 3961             NFSCL_INCRSEQID(lp->nfsl_open->nfso_own->nfsow_seqid, nd);
 3962         NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
 3963         if (nd->nd_repstat == 0) {
 3964                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
 3965                 lp->nfsl_stateid.seqid = *tl++;
 3966                 lp->nfsl_stateid.other[0] = *tl++;
 3967                 lp->nfsl_stateid.other[1] = *tl++;
 3968                 lp->nfsl_stateid.other[2] = *tl;
 3969         } else if (nd->nd_repstat == NFSERR_DENIED) {
 3970                 NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
 3971                 size = fxdr_unsigned(int, *(tl + 7));
 3972                 if (size < 0 || size > NFSV4_OPAQUELIMIT)
 3973                         error = EBADRPC;
 3974                 if (!error)
 3975                         error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
 3976         } else if (nd->nd_repstat == NFSERR_STALESTATEID ||
 3977             nd->nd_repstat == NFSERR_BADSESSION)
 3978                 nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
 3979 nfsmout:
 3980         mbuf_freem(nd->nd_mrep);
 3981         return (error);
 3982 }
 3983 
 3984 /*
 3985  * nfs statfs rpc
 3986  * (always called with the vp for the mount point)
 3987  */
 3988 APPLESTATIC int
 3989 nfsrpc_statfs(vnode_t vp, struct nfsstatfs *sbp, struct nfsfsinfo *fsp,
 3990     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 3991     void *stuff)
 3992 {
 3993         u_int32_t *tl = NULL;
 3994         struct nfsrv_descript nfsd, *nd = &nfsd;
 3995         struct nfsmount *nmp;
 3996         nfsattrbit_t attrbits;
 3997         int error;
 3998 
 3999         *attrflagp = 0;
 4000         nmp = VFSTONFS(vnode_mount(vp));
 4001         if (NFSHASNFSV4(nmp)) {
 4002                 /*
 4003                  * For V4, you actually do a getattr.
 4004                  */
 4005                 NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
 4006                 NFSSTATFS_GETATTRBIT(&attrbits);
 4007                 (void) nfsrv_putattrbit(nd, &attrbits);
 4008                 nd->nd_flag |= ND_USEGSSNAME;
 4009                 error = nfscl_request(nd, vp, p, cred, stuff);
 4010                 if (error)
 4011                         return (error);
 4012                 if (nd->nd_repstat == 0) {
 4013                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 4014                             NULL, NULL, sbp, fsp, NULL, 0, NULL, NULL, NULL, p,
 4015                             cred);
 4016                         if (!error) {
 4017                                 nmp->nm_fsid[0] = nap->na_filesid[0];
 4018                                 nmp->nm_fsid[1] = nap->na_filesid[1];
 4019                                 NFSSETHASSETFSID(nmp);
 4020                                 *attrflagp = 1;
 4021                         }
 4022                 } else {
 4023                         error = nd->nd_repstat;
 4024                 }
 4025                 if (error)
 4026                         goto nfsmout;
 4027         } else {
 4028                 NFSCL_REQSTART(nd, NFSPROC_FSSTAT, vp);
 4029                 error = nfscl_request(nd, vp, p, cred, stuff);
 4030                 if (error)
 4031                         return (error);
 4032                 if (nd->nd_flag & ND_NFSV3) {
 4033                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4034                         if (error)
 4035                                 goto nfsmout;
 4036                 }
 4037                 if (nd->nd_repstat) {
 4038                         error = nd->nd_repstat;
 4039                         goto nfsmout;
 4040                 }
 4041                 NFSM_DISSECT(tl, u_int32_t *,
 4042                     NFSX_STATFS(nd->nd_flag & ND_NFSV3));
 4043         }
 4044         if (NFSHASNFSV3(nmp)) {
 4045                 sbp->sf_tbytes = fxdr_hyper(tl); tl += 2;
 4046                 sbp->sf_fbytes = fxdr_hyper(tl); tl += 2;
 4047                 sbp->sf_abytes = fxdr_hyper(tl); tl += 2;
 4048                 sbp->sf_tfiles = fxdr_hyper(tl); tl += 2;
 4049                 sbp->sf_ffiles = fxdr_hyper(tl); tl += 2;
 4050                 sbp->sf_afiles = fxdr_hyper(tl); tl += 2;
 4051                 sbp->sf_invarsec = fxdr_unsigned(u_int32_t, *tl);
 4052         } else if (NFSHASNFSV4(nmp) == 0) {
 4053                 sbp->sf_tsize = fxdr_unsigned(u_int32_t, *tl++);
 4054                 sbp->sf_bsize = fxdr_unsigned(u_int32_t, *tl++);
 4055                 sbp->sf_blocks = fxdr_unsigned(u_int32_t, *tl++);
 4056                 sbp->sf_bfree = fxdr_unsigned(u_int32_t, *tl++);
 4057                 sbp->sf_bavail = fxdr_unsigned(u_int32_t, *tl);
 4058         }
 4059 nfsmout:
 4060         mbuf_freem(nd->nd_mrep);
 4061         return (error);
 4062 }
 4063 
 4064 /*
 4065  * nfs pathconf rpc
 4066  */
 4067 APPLESTATIC int
 4068 nfsrpc_pathconf(vnode_t vp, struct nfsv3_pathconf *pc,
 4069     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 4070     void *stuff)
 4071 {
 4072         struct nfsrv_descript nfsd, *nd = &nfsd;
 4073         struct nfsmount *nmp;
 4074         u_int32_t *tl;
 4075         nfsattrbit_t attrbits;
 4076         int error;
 4077 
 4078         *attrflagp = 0;
 4079         nmp = VFSTONFS(vnode_mount(vp));
 4080         if (NFSHASNFSV4(nmp)) {
 4081                 /*
 4082                  * For V4, you actually do a getattr.
 4083                  */
 4084                 NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
 4085                 NFSPATHCONF_GETATTRBIT(&attrbits);
 4086                 (void) nfsrv_putattrbit(nd, &attrbits);
 4087                 nd->nd_flag |= ND_USEGSSNAME;
 4088                 error = nfscl_request(nd, vp, p, cred, stuff);
 4089                 if (error)
 4090                         return (error);
 4091                 if (nd->nd_repstat == 0) {
 4092                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 4093                             pc, NULL, NULL, NULL, NULL, 0, NULL, NULL, NULL, p,
 4094                             cred);
 4095                         if (!error)
 4096                                 *attrflagp = 1;
 4097                 } else {
 4098                         error = nd->nd_repstat;
 4099                 }
 4100         } else {
 4101                 NFSCL_REQSTART(nd, NFSPROC_PATHCONF, vp);
 4102                 error = nfscl_request(nd, vp, p, cred, stuff);
 4103                 if (error)
 4104                         return (error);
 4105                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4106                 if (nd->nd_repstat && !error)
 4107                         error = nd->nd_repstat;
 4108                 if (!error) {
 4109                         NFSM_DISSECT(tl, u_int32_t *, NFSX_V3PATHCONF);
 4110                         pc->pc_linkmax = fxdr_unsigned(u_int32_t, *tl++);
 4111                         pc->pc_namemax = fxdr_unsigned(u_int32_t, *tl++);
 4112                         pc->pc_notrunc = fxdr_unsigned(u_int32_t, *tl++);
 4113                         pc->pc_chownrestricted =
 4114                             fxdr_unsigned(u_int32_t, *tl++);
 4115                         pc->pc_caseinsensitive =
 4116                             fxdr_unsigned(u_int32_t, *tl++);
 4117                         pc->pc_casepreserving = fxdr_unsigned(u_int32_t, *tl);
 4118                 }
 4119         }
 4120 nfsmout:
 4121         mbuf_freem(nd->nd_mrep);
 4122         return (error);
 4123 }
 4124 
 4125 /*
 4126  * nfs version 3 fsinfo rpc call
 4127  */
 4128 APPLESTATIC int
 4129 nfsrpc_fsinfo(vnode_t vp, struct nfsfsinfo *fsp, struct ucred *cred,
 4130     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 4131 {
 4132         u_int32_t *tl;
 4133         struct nfsrv_descript nfsd, *nd = &nfsd;
 4134         int error;
 4135 
 4136         *attrflagp = 0;
 4137         NFSCL_REQSTART(nd, NFSPROC_FSINFO, vp);
 4138         error = nfscl_request(nd, vp, p, cred, stuff);
 4139         if (error)
 4140                 return (error);
 4141         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4142         if (nd->nd_repstat && !error)
 4143                 error = nd->nd_repstat;
 4144         if (!error) {
 4145                 NFSM_DISSECT(tl, u_int32_t *, NFSX_V3FSINFO);
 4146                 fsp->fs_rtmax = fxdr_unsigned(u_int32_t, *tl++);
 4147                 fsp->fs_rtpref = fxdr_unsigned(u_int32_t, *tl++);
 4148                 fsp->fs_rtmult = fxdr_unsigned(u_int32_t, *tl++);
 4149                 fsp->fs_wtmax = fxdr_unsigned(u_int32_t, *tl++);
 4150                 fsp->fs_wtpref = fxdr_unsigned(u_int32_t, *tl++);
 4151                 fsp->fs_wtmult = fxdr_unsigned(u_int32_t, *tl++);
 4152                 fsp->fs_dtpref = fxdr_unsigned(u_int32_t, *tl++);
 4153                 fsp->fs_maxfilesize = fxdr_hyper(tl);
 4154                 tl += 2;
 4155                 fxdr_nfsv3time(tl, &fsp->fs_timedelta);
 4156                 tl += 2;
 4157                 fsp->fs_properties = fxdr_unsigned(u_int32_t, *tl);
 4158         }
 4159 nfsmout:
 4160         mbuf_freem(nd->nd_mrep);
 4161         return (error);
 4162 }
 4163 
 4164 /*
 4165  * This function performs the Renew RPC.
 4166  */
 4167 APPLESTATIC int
 4168 nfsrpc_renew(struct nfsclclient *clp, struct nfsclds *dsp, struct ucred *cred,
 4169     NFSPROC_T *p)
 4170 {
 4171         u_int32_t *tl;
 4172         struct nfsrv_descript nfsd;
 4173         struct nfsrv_descript *nd = &nfsd;
 4174         struct nfsmount *nmp;
 4175         int error;
 4176         struct nfssockreq *nrp;
 4177 
 4178         nmp = clp->nfsc_nmp;
 4179         if (nmp == NULL)
 4180                 return (0);
 4181         nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL,
 4182             &dsp->nfsclds_sess);
 4183         if (!NFSHASNFSV4N(nmp)) {
 4184                 /* NFSv4.1 just uses a Sequence Op and not a Renew. */
 4185                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 4186                 *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0];
 4187                 *tl = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1];
 4188         }
 4189         nrp = dsp->nfsclds_sockp;
 4190         if (nrp == NULL)
 4191                 /* If NULL, use the MDS socket. */
 4192                 nrp = &nmp->nm_sockreq;
 4193         nd->nd_flag |= ND_USEGSSNAME;
 4194         error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
 4195             NFS_PROG, NFS_VER4, NULL, 1, NULL, &dsp->nfsclds_sess);
 4196         if (error)
 4197                 return (error);
 4198         error = nd->nd_repstat;
 4199         mbuf_freem(nd->nd_mrep);
 4200         return (error);
 4201 }
 4202 
 4203 /*
 4204  * This function performs the Releaselockowner RPC.
 4205  */
 4206 APPLESTATIC int
 4207 nfsrpc_rellockown(struct nfsmount *nmp, struct nfscllockowner *lp,
 4208     uint8_t *fh, int fhlen, struct ucred *cred, NFSPROC_T *p)
 4209 {
 4210         struct nfsrv_descript nfsd, *nd = &nfsd;
 4211         u_int32_t *tl;
 4212         int error;
 4213         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 4214 
 4215         if (NFSHASNFSV4N(nmp)) {
 4216                 /* For NFSv4.1, do a FreeStateID. */
 4217                 nfscl_reqstart(nd, NFSPROC_FREESTATEID, nmp, NULL, 0, NULL,
 4218                     NULL);
 4219                 nfsm_stateidtom(nd, &lp->nfsl_stateid, NFSSTATEID_PUTSTATEID);
 4220         } else {
 4221                 nfscl_reqstart(nd, NFSPROC_RELEASELCKOWN, nmp, NULL, 0, NULL,
 4222                     NULL);
 4223                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 4224                 *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0];
 4225                 *tl = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1];
 4226                 NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
 4227                 NFSBCOPY(fh, &own[NFSV4CL_LOCKNAMELEN], fhlen);
 4228                 (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
 4229         }
 4230         nd->nd_flag |= ND_USEGSSNAME;
 4231         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4232             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4233         if (error)
 4234                 return (error);
 4235         error = nd->nd_repstat;
 4236         mbuf_freem(nd->nd_mrep);
 4237         return (error);
 4238 }
 4239 
 4240 /*
 4241  * This function performs the Compound to get the mount pt FH.
 4242  */
 4243 APPLESTATIC int
 4244 nfsrpc_getdirpath(struct nfsmount *nmp, u_char *dirpath, struct ucred *cred,
 4245     NFSPROC_T *p)
 4246 {
 4247         u_int32_t *tl;
 4248         struct nfsrv_descript nfsd;
 4249         struct nfsrv_descript *nd = &nfsd;
 4250         u_char *cp, *cp2;
 4251         int error, cnt, len, setnil;
 4252         u_int32_t *opcntp;
 4253 
 4254         nfscl_reqstart(nd, NFSPROC_PUTROOTFH, nmp, NULL, 0, &opcntp, NULL);
 4255         cp = dirpath;
 4256         cnt = 0;
 4257         do {
 4258                 setnil = 0;
 4259                 while (*cp == '/')
 4260                         cp++;
 4261                 cp2 = cp;
 4262                 while (*cp2 != '\0' && *cp2 != '/')
 4263                         cp2++;
 4264                 if (*cp2 == '/') {
 4265                         setnil = 1;
 4266                         *cp2 = '\0';
 4267                 }
 4268                 if (cp2 != cp) {
 4269                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 4270                         *tl = txdr_unsigned(NFSV4OP_LOOKUP);
 4271                         nfsm_strtom(nd, cp, strlen(cp));
 4272                         cnt++;
 4273                 }
 4274                 if (setnil)
 4275                         *cp2++ = '/';
 4276                 cp = cp2;
 4277         } while (*cp != '\0');
 4278         if (NFSHASNFSV4N(nmp))
 4279                 /* Has a Sequence Op done by nfscl_reqstart(). */
 4280                 *opcntp = txdr_unsigned(3 + cnt);
 4281         else
 4282                 *opcntp = txdr_unsigned(2 + cnt);
 4283         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 4284         *tl = txdr_unsigned(NFSV4OP_GETFH);
 4285         nd->nd_flag |= ND_USEGSSNAME;
 4286         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4287                 NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4288         if (error)
 4289                 return (error);
 4290         if (nd->nd_repstat == 0) {
 4291                 NFSM_DISSECT(tl, u_int32_t *, (3 + 2 * cnt) * NFSX_UNSIGNED);
 4292                 tl += (2 + 2 * cnt);
 4293                 if ((len = fxdr_unsigned(int, *tl)) <= 0 ||
 4294                         len > NFSX_FHMAX) {
 4295                         nd->nd_repstat = NFSERR_BADXDR;
 4296                 } else {
 4297                         nd->nd_repstat = nfsrv_mtostr(nd, nmp->nm_fh, len);
 4298                         if (nd->nd_repstat == 0)
 4299                                 nmp->nm_fhsize = len;
 4300                 }
 4301         }
 4302         error = nd->nd_repstat;
 4303 nfsmout:
 4304         mbuf_freem(nd->nd_mrep);
 4305         return (error);
 4306 }
 4307 
 4308 /*
 4309  * This function performs the Delegreturn RPC.
 4310  */
 4311 APPLESTATIC int
 4312 nfsrpc_delegreturn(struct nfscldeleg *dp, struct ucred *cred,
 4313     struct nfsmount *nmp, NFSPROC_T *p, int syscred)
 4314 {
 4315         u_int32_t *tl;
 4316         struct nfsrv_descript nfsd;
 4317         struct nfsrv_descript *nd = &nfsd;
 4318         int error;
 4319 
 4320         nfscl_reqstart(nd, NFSPROC_DELEGRETURN, nmp, dp->nfsdl_fh,
 4321             dp->nfsdl_fhlen, NULL, NULL);
 4322         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 4323         if (NFSHASNFSV4N(nmp))
 4324                 *tl++ = 0;
 4325         else
 4326                 *tl++ = dp->nfsdl_stateid.seqid;
 4327         *tl++ = dp->nfsdl_stateid.other[0];
 4328         *tl++ = dp->nfsdl_stateid.other[1];
 4329         *tl = dp->nfsdl_stateid.other[2];
 4330         if (syscred)
 4331                 nd->nd_flag |= ND_USEGSSNAME;
 4332         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4333             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4334         if (error)
 4335                 return (error);
 4336         error = nd->nd_repstat;
 4337         mbuf_freem(nd->nd_mrep);
 4338         return (error);
 4339 }
 4340 
 4341 /*
 4342  * nfs getacl call.
 4343  */
 4344 APPLESTATIC int
 4345 nfsrpc_getacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4346     struct acl *aclp, void *stuff)
 4347 {
 4348         struct nfsrv_descript nfsd, *nd = &nfsd;
 4349         int error;
 4350         nfsattrbit_t attrbits;
 4351         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4352         
 4353         if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
 4354                 return (EOPNOTSUPP);
 4355         NFSCL_REQSTART(nd, NFSPROC_GETACL, vp);
 4356         NFSZERO_ATTRBIT(&attrbits);
 4357         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
 4358         (void) nfsrv_putattrbit(nd, &attrbits);
 4359         error = nfscl_request(nd, vp, p, cred, stuff);
 4360         if (error)
 4361                 return (error);
 4362         if (!nd->nd_repstat)
 4363                 error = nfsv4_loadattr(nd, vp, NULL, NULL, NULL, 0, NULL,
 4364                     NULL, NULL, NULL, aclp, 0, NULL, NULL, NULL, p, cred);
 4365         else
 4366                 error = nd->nd_repstat;
 4367         mbuf_freem(nd->nd_mrep);
 4368         return (error);
 4369 }
 4370 
 4371 /*
 4372  * nfs setacl call.
 4373  */
 4374 APPLESTATIC int
 4375 nfsrpc_setacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4376     struct acl *aclp, void *stuff)
 4377 {
 4378         int error;
 4379         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4380         
 4381         if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
 4382                 return (EOPNOTSUPP);
 4383         error = nfsrpc_setattr(vp, NULL, aclp, cred, p, NULL, NULL, stuff);
 4384         return (error);
 4385 }
 4386 
 4387 /*
 4388  * nfs setacl call.
 4389  */
 4390 static int
 4391 nfsrpc_setaclrpc(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4392     struct acl *aclp, nfsv4stateid_t *stateidp, void *stuff)
 4393 {
 4394         struct nfsrv_descript nfsd, *nd = &nfsd;
 4395         int error;
 4396         nfsattrbit_t attrbits;
 4397         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4398         
 4399         if (!NFSHASNFSV4(nmp))
 4400                 return (EOPNOTSUPP);
 4401         NFSCL_REQSTART(nd, NFSPROC_SETACL, vp);
 4402         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 4403         NFSZERO_ATTRBIT(&attrbits);
 4404         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
 4405         (void) nfsv4_fillattr(nd, vnode_mount(vp), vp, aclp, NULL, NULL, 0,
 4406             &attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0);
 4407         error = nfscl_request(nd, vp, p, cred, stuff);
 4408         if (error)
 4409                 return (error);
 4410         /* Don't care about the pre/postop attributes */
 4411         mbuf_freem(nd->nd_mrep);
 4412         return (nd->nd_repstat);
 4413 }
 4414 
 4415 /*
 4416  * Do the NFSv4.1 Exchange ID.
 4417  */
 4418 int
 4419 nfsrpc_exchangeid(struct nfsmount *nmp, struct nfsclclient *clp,
 4420     struct nfssockreq *nrp, uint32_t exchflags, struct nfsclds **dspp,
 4421     struct ucred *cred, NFSPROC_T *p)
 4422 {
 4423         uint32_t *tl, v41flags;
 4424         struct nfsrv_descript nfsd;
 4425         struct nfsrv_descript *nd = &nfsd;
 4426         struct nfsclds *dsp;
 4427         struct timespec verstime;
 4428         int error, len;
 4429 
 4430         *dspp = NULL;
 4431         nfscl_reqstart(nd, NFSPROC_EXCHANGEID, nmp, NULL, 0, NULL, NULL);
 4432         NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
 4433         *tl++ = txdr_unsigned(nfsboottime.tv_sec);      /* Client owner */
 4434         *tl = txdr_unsigned(clp->nfsc_rev);
 4435         (void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
 4436 
 4437         NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
 4438         *tl++ = txdr_unsigned(exchflags);
 4439         *tl++ = txdr_unsigned(NFSV4EXCH_SP4NONE);
 4440 
 4441         /* Set the implementation id4 */
 4442         *tl = txdr_unsigned(1);
 4443         (void) nfsm_strtom(nd, "freebsd.org", strlen("freebsd.org"));
 4444         (void) nfsm_strtom(nd, version, strlen(version));
 4445         NFSM_BUILD(tl, uint32_t *, NFSX_V4TIME);
 4446         verstime.tv_sec = 1293840000;           /* Jan 1, 2011 */
 4447         verstime.tv_nsec = 0;
 4448         txdr_nfsv4time(&verstime, tl);
 4449         nd->nd_flag |= ND_USEGSSNAME;
 4450         error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
 4451             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4452         NFSCL_DEBUG(1, "exchangeid err=%d reps=%d\n", error,
 4453             (int)nd->nd_repstat);
 4454         if (error != 0)
 4455                 return (error);
 4456         if (nd->nd_repstat == 0) {
 4457                 NFSM_DISSECT(tl, uint32_t *, 6 * NFSX_UNSIGNED + NFSX_HYPER);
 4458                 len = fxdr_unsigned(int, *(tl + 7));
 4459                 if (len < 0 || len > NFSV4_OPAQUELIMIT) {
 4460                         error = NFSERR_BADXDR;
 4461                         goto nfsmout;
 4462                 }
 4463                 dsp = malloc(sizeof(struct nfsclds) + len, M_NFSCLDS,
 4464                     M_WAITOK | M_ZERO);
 4465                 dsp->nfsclds_expire = NFSD_MONOSEC + clp->nfsc_renew;
 4466                 dsp->nfsclds_servownlen = len;
 4467                 dsp->nfsclds_sess.nfsess_clientid.lval[0] = *tl++;
 4468                 dsp->nfsclds_sess.nfsess_clientid.lval[1] = *tl++;
 4469                 dsp->nfsclds_sess.nfsess_sequenceid =
 4470                     fxdr_unsigned(uint32_t, *tl++);
 4471                 v41flags = fxdr_unsigned(uint32_t, *tl);
 4472                 if ((v41flags & NFSV4EXCH_USEPNFSMDS) != 0 &&
 4473                     NFSHASPNFSOPT(nmp)) {
 4474                         NFSCL_DEBUG(1, "set PNFS\n");
 4475                         NFSLOCKMNT(nmp);
 4476                         nmp->nm_state |= NFSSTA_PNFS;
 4477                         NFSUNLOCKMNT(nmp);
 4478                         dsp->nfsclds_flags |= NFSCLDS_MDS;
 4479                 }
 4480                 if ((v41flags & NFSV4EXCH_USEPNFSDS) != 0)
 4481                         dsp->nfsclds_flags |= NFSCLDS_DS;
 4482                 if (len > 0)
 4483                         nd->nd_repstat = nfsrv_mtostr(nd,
 4484                             dsp->nfsclds_serverown, len);
 4485                 if (nd->nd_repstat == 0) {
 4486                         mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
 4487                         mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
 4488                             NULL, MTX_DEF);
 4489                         nfscl_initsessionslots(&dsp->nfsclds_sess);
 4490                         *dspp = dsp;
 4491                 } else
 4492                         free(dsp, M_NFSCLDS);
 4493         }
 4494         error = nd->nd_repstat;
 4495 nfsmout:
 4496         mbuf_freem(nd->nd_mrep);
 4497         return (error);
 4498 }
 4499 
 4500 /*
 4501  * Do the NFSv4.1 Create Session.
 4502  */
 4503 int
 4504 nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep,
 4505     struct nfssockreq *nrp, uint32_t sequenceid, int mds, struct ucred *cred,
 4506     NFSPROC_T *p)
 4507 {
 4508         uint32_t crflags, *tl;
 4509         struct nfsrv_descript nfsd;
 4510         struct nfsrv_descript *nd = &nfsd;
 4511         int error, irdcnt;
 4512 
 4513         nfscl_reqstart(nd, NFSPROC_CREATESESSION, nmp, NULL, 0, NULL, NULL);
 4514         NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED);
 4515         *tl++ = sep->nfsess_clientid.lval[0];
 4516         *tl++ = sep->nfsess_clientid.lval[1];
 4517         *tl++ = txdr_unsigned(sequenceid);
 4518         crflags = (NFSMNT_RDONLY(nmp->nm_mountp) ? 0 : NFSV4CRSESS_PERSIST);
 4519         if (nfscl_enablecallb != 0 && nfs_numnfscbd > 0)
 4520                 crflags |= NFSV4CRSESS_CONNBACKCHAN;
 4521         *tl = txdr_unsigned(crflags);
 4522 
 4523         /* Fill in fore channel attributes. */
 4524         NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4525         *tl++ = 0;                              /* Header pad size */
 4526         *tl++ = txdr_unsigned(100000);          /* Max request size */
 4527         *tl++ = txdr_unsigned(100000);          /* Max response size */
 4528         *tl++ = txdr_unsigned(4096);            /* Max response size cached */
 4529         *tl++ = txdr_unsigned(20);              /* Max operations */
 4530         *tl++ = txdr_unsigned(64);              /* Max slots */
 4531         *tl = 0;                                /* No rdma ird */
 4532 
 4533         /* Fill in back channel attributes. */
 4534         NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4535         *tl++ = 0;                              /* Header pad size */
 4536         *tl++ = txdr_unsigned(10000);           /* Max request size */
 4537         *tl++ = txdr_unsigned(10000);           /* Max response size */
 4538         *tl++ = txdr_unsigned(4096);            /* Max response size cached */
 4539         *tl++ = txdr_unsigned(4);               /* Max operations */
 4540         *tl++ = txdr_unsigned(NFSV4_CBSLOTS);   /* Max slots */
 4541         *tl = 0;                                /* No rdma ird */
 4542 
 4543         NFSM_BUILD(tl, uint32_t *, 8 * NFSX_UNSIGNED);
 4544         *tl++ = txdr_unsigned(NFS_CALLBCKPROG); /* Call back prog # */
 4545 
 4546         /* Allow AUTH_SYS callbacks as uid, gid == 0. */
 4547         *tl++ = txdr_unsigned(1);               /* Auth_sys only */
 4548         *tl++ = txdr_unsigned(AUTH_SYS);        /* AUTH_SYS type */
 4549         *tl++ = txdr_unsigned(nfsboottime.tv_sec); /* time stamp */
 4550         *tl++ = 0;                              /* Null machine name */
 4551         *tl++ = 0;                              /* Uid == 0 */
 4552         *tl++ = 0;                              /* Gid == 0 */
 4553         *tl = 0;                                /* No additional gids */
 4554         nd->nd_flag |= ND_USEGSSNAME;
 4555         error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred, NFS_PROG,
 4556             NFS_VER4, NULL, 1, NULL, NULL);
 4557         if (error != 0)
 4558                 return (error);
 4559         if (nd->nd_repstat == 0) {
 4560                 NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
 4561                     2 * NFSX_UNSIGNED);
 4562                 bcopy(tl, sep->nfsess_sessionid, NFSX_V4SESSIONID);
 4563                 tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
 4564                 sep->nfsess_sequenceid = fxdr_unsigned(uint32_t, *tl++);
 4565                 crflags = fxdr_unsigned(uint32_t, *tl);
 4566                 if ((crflags & NFSV4CRSESS_PERSIST) != 0 && mds != 0) {
 4567                         NFSLOCKMNT(nmp);
 4568                         nmp->nm_state |= NFSSTA_SESSPERSIST;
 4569                         NFSUNLOCKMNT(nmp);
 4570                 }
 4571 
 4572                 /* Get the fore channel slot count. */
 4573                 NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4574                 tl += 3;                /* Skip the other counts. */            
 4575                 sep->nfsess_maxcache = fxdr_unsigned(int, *tl++);
 4576                 tl++;
 4577                 sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++);
 4578                 NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots);
 4579                 irdcnt = fxdr_unsigned(int, *tl);
 4580                 if (irdcnt > 0)
 4581                         NFSM_DISSECT(tl, uint32_t *, irdcnt * NFSX_UNSIGNED);
 4582 
 4583                 /* and the back channel slot count. */
 4584                 NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4585                 tl += 5;
 4586                 sep->nfsess_backslots = fxdr_unsigned(uint16_t, *tl);
 4587                 NFSCL_DEBUG(4, "back slots=%d\n", (int)sep->nfsess_backslots);
 4588         }
 4589         error = nd->nd_repstat;
 4590 nfsmout:
 4591         mbuf_freem(nd->nd_mrep);
 4592         return (error);
 4593 }
 4594 
 4595 /*
 4596  * Do the NFSv4.1 Destroy Session.
 4597  */
 4598 int
 4599 nfsrpc_destroysession(struct nfsmount *nmp, struct nfsclclient *clp,
 4600     struct ucred *cred, NFSPROC_T *p)
 4601 {
 4602         uint32_t *tl;
 4603         struct nfsrv_descript nfsd;
 4604         struct nfsrv_descript *nd = &nfsd;
 4605         int error;
 4606 
 4607         nfscl_reqstart(nd, NFSPROC_DESTROYSESSION, nmp, NULL, 0, NULL, NULL);
 4608         NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID);
 4609         bcopy(NFSMNT_MDSSESSION(nmp)->nfsess_sessionid, tl, NFSX_V4SESSIONID);
 4610         nd->nd_flag |= ND_USEGSSNAME;
 4611         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4612             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4613         if (error != 0)
 4614                 return (error);
 4615         error = nd->nd_repstat;
 4616         mbuf_freem(nd->nd_mrep);
 4617         return (error);
 4618 }
 4619 
 4620 /*
 4621  * Do the NFSv4.1 Destroy Client.
 4622  */
 4623 int
 4624 nfsrpc_destroyclient(struct nfsmount *nmp, struct nfsclclient *clp,
 4625     struct ucred *cred, NFSPROC_T *p)
 4626 {
 4627         uint32_t *tl;
 4628         struct nfsrv_descript nfsd;
 4629         struct nfsrv_descript *nd = &nfsd;
 4630         int error;
 4631 
 4632         nfscl_reqstart(nd, NFSPROC_DESTROYCLIENT, nmp, NULL, 0, NULL, NULL);
 4633         NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
 4634         *tl++ = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[0];
 4635         *tl = NFSMNT_MDSSESSION(nmp)->nfsess_clientid.lval[1];
 4636         nd->nd_flag |= ND_USEGSSNAME;
 4637         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4638             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4639         if (error != 0)
 4640                 return (error);
 4641         error = nd->nd_repstat;
 4642         mbuf_freem(nd->nd_mrep);
 4643         return (error);
 4644 }
 4645 
 4646 /*
 4647  * Do the NFSv4.1 LayoutGet.
 4648  */
 4649 int
 4650 nfsrpc_layoutget(struct nfsmount *nmp, uint8_t *fhp, int fhlen, int iomode,
 4651     uint64_t offset, uint64_t len, uint64_t minlen, int layoutlen,
 4652     nfsv4stateid_t *stateidp, int *retonclosep, struct nfsclflayouthead *flhp,
 4653     struct ucred *cred, NFSPROC_T *p, void *stuff)
 4654 {
 4655         uint32_t *tl;
 4656         struct nfsrv_descript nfsd, *nd = &nfsd;
 4657         struct nfsfh *nfhp;
 4658         struct nfsclflayout *flp, *prevflp, *tflp;
 4659         int cnt, error, gotiomode, fhcnt, nfhlen, i, j;
 4660         uint8_t *cp;
 4661         uint64_t retlen;
 4662 
 4663         flp = NULL;
 4664         gotiomode = -1;
 4665         nfscl_reqstart(nd, NFSPROC_LAYOUTGET, nmp, fhp, fhlen, NULL, NULL);
 4666         NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED + 3 * NFSX_HYPER +
 4667             NFSX_STATEID);
 4668         *tl++ = newnfs_false;           /* Don't signal availability. */
 4669         *tl++ = txdr_unsigned(NFSLAYOUT_NFSV4_1_FILES);
 4670         *tl++ = txdr_unsigned(iomode);
 4671         txdr_hyper(offset, tl);
 4672         tl += 2;
 4673         txdr_hyper(len, tl);
 4674         tl += 2;
 4675         txdr_hyper(minlen, tl);
 4676         tl += 2;
 4677         *tl++ = txdr_unsigned(stateidp->seqid);
 4678         NFSCL_DEBUG(4, "layget seq=%d\n", (int)stateidp->seqid);
 4679         *tl++ = stateidp->other[0];
 4680         *tl++ = stateidp->other[1];
 4681         *tl++ = stateidp->other[2];
 4682         *tl = txdr_unsigned(layoutlen);
 4683         nd->nd_flag |= ND_USEGSSNAME;
 4684         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4685             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4686         if (error != 0)
 4687                 return (error);
 4688         if (nd->nd_repstat == 0) {
 4689                 NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED + NFSX_STATEID);
 4690                 if (*tl++ != 0)
 4691                         *retonclosep = 1;
 4692                 else
 4693                         *retonclosep = 0;
 4694                 stateidp->seqid = fxdr_unsigned(uint32_t, *tl++);
 4695                 NFSCL_DEBUG(4, "retoncls=%d stseq=%d\n", *retonclosep,
 4696                     (int)stateidp->seqid);
 4697                 stateidp->other[0] = *tl++;
 4698                 stateidp->other[1] = *tl++;
 4699                 stateidp->other[2] = *tl++;
 4700                 cnt = fxdr_unsigned(int, *tl);
 4701                 NFSCL_DEBUG(4, "layg cnt=%d\n", cnt);
 4702                 if (cnt <= 0 || cnt > 10000) {
 4703                         /* Don't accept more than 10000 layouts in reply. */
 4704                         error = NFSERR_BADXDR;
 4705                         goto nfsmout;
 4706                 }
 4707                 for (i = 0; i < cnt; i++) {
 4708                         /* Dissect all the way to the file handle cnt. */
 4709                         NFSM_DISSECT(tl, uint32_t *, 3 * NFSX_HYPER +
 4710                             6 * NFSX_UNSIGNED + NFSX_V4DEVICEID);
 4711                         fhcnt = fxdr_unsigned(int, *(tl + 11 +
 4712                             NFSX_V4DEVICEID / NFSX_UNSIGNED));
 4713                         NFSCL_DEBUG(4, "fhcnt=%d\n", fhcnt);
 4714                         if (fhcnt < 0 || fhcnt > 100) {
 4715                                 /* Don't accept more than 100 file handles. */
 4716                                 error = NFSERR_BADXDR;
 4717                                 goto nfsmout;
 4718                         }
 4719                         if (fhcnt > 1)
 4720                                 flp = malloc(sizeof(*flp) + (fhcnt - 1) *
 4721                                     sizeof(struct nfsfh *),
 4722                                     M_NFSFLAYOUT, M_WAITOK);
 4723                         else
 4724                                 flp = malloc(sizeof(*flp),
 4725                                     M_NFSFLAYOUT, M_WAITOK);
 4726                         flp->nfsfl_flags = 0;
 4727                         flp->nfsfl_fhcnt = 0;
 4728                         flp->nfsfl_devp = NULL;
 4729                         flp->nfsfl_off = fxdr_hyper(tl); tl += 2;
 4730                         retlen = fxdr_hyper(tl); tl += 2;
 4731                         if (flp->nfsfl_off + retlen < flp->nfsfl_off)
 4732                                 flp->nfsfl_end = UINT64_MAX - flp->nfsfl_off;
 4733                         else
 4734                                 flp->nfsfl_end = flp->nfsfl_off + retlen;
 4735                         flp->nfsfl_iomode = fxdr_unsigned(int, *tl++);
 4736                         if (gotiomode == -1)
 4737                                 gotiomode = flp->nfsfl_iomode;
 4738                         NFSCL_DEBUG(4, "layg reqiom=%d retiom=%d\n", iomode,
 4739                             (int)flp->nfsfl_iomode);
 4740                         if (fxdr_unsigned(int, *tl++) !=
 4741                             NFSLAYOUT_NFSV4_1_FILES) {
 4742                                 printf("NFSv4.1: got non-files layout\n");
 4743                                 error = NFSERR_BADXDR;
 4744                                 goto nfsmout;
 4745                         }
 4746                         NFSBCOPY(++tl, flp->nfsfl_dev, NFSX_V4DEVICEID);
 4747                         tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
 4748                         flp->nfsfl_util = fxdr_unsigned(uint32_t, *tl++);
 4749                         NFSCL_DEBUG(4, "flutil=0x%x\n", flp->nfsfl_util);
 4750                         flp->nfsfl_stripe1 = fxdr_unsigned(uint32_t, *tl++);
 4751                         flp->nfsfl_patoff = fxdr_hyper(tl); tl += 2;
 4752                         if (fxdr_unsigned(int, *tl) != fhcnt) {
 4753                                 printf("EEK! bad fhcnt\n");
 4754                                 error = NFSERR_BADXDR;
 4755                                 goto nfsmout;
 4756                         }
 4757                         for (j = 0; j < fhcnt; j++) {
 4758                                 NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
 4759                                 nfhlen = fxdr_unsigned(int, *tl);
 4760                                 if (nfhlen <= 0 || nfhlen > NFSX_V4FHMAX) {
 4761                                         error = NFSERR_BADXDR;
 4762                                         goto nfsmout;
 4763                                 }
 4764                                 nfhp = malloc(sizeof(*nfhp) + nfhlen - 1,
 4765                                     M_NFSFH, M_WAITOK);
 4766                                 flp->nfsfl_fh[j] = nfhp;
 4767                                 flp->nfsfl_fhcnt++;
 4768                                 nfhp->nfh_len = nfhlen;
 4769                                 NFSM_DISSECT(cp, uint8_t *, NFSM_RNDUP(nfhlen));
 4770                                 NFSBCOPY(cp, nfhp->nfh_fh, nfhlen);
 4771                         }
 4772                         if (flp->nfsfl_iomode == gotiomode) {
 4773                                 /* Keep the list in increasing offset order. */
 4774                                 tflp = LIST_FIRST(flhp);
 4775                                 prevflp = NULL;
 4776                                 while (tflp != NULL &&
 4777                                     tflp->nfsfl_off < flp->nfsfl_off) {
 4778                                         prevflp = tflp;
 4779                                         tflp = LIST_NEXT(tflp, nfsfl_list);
 4780                                 }
 4781                                 if (prevflp == NULL)
 4782                                         LIST_INSERT_HEAD(flhp, flp, nfsfl_list);
 4783                                 else
 4784                                         LIST_INSERT_AFTER(prevflp, flp,
 4785                                             nfsfl_list);
 4786                         } else {
 4787                                 printf("nfscl_layoutget(): got wrong iomode\n");
 4788                                 nfscl_freeflayout(flp);
 4789                         }
 4790                         flp = NULL;
 4791                 }
 4792         }
 4793         if (nd->nd_repstat != 0 && error == 0)
 4794                 error = nd->nd_repstat;
 4795 nfsmout:
 4796         if (error != 0 && flp != NULL)
 4797                 nfscl_freeflayout(flp);
 4798         mbuf_freem(nd->nd_mrep);
 4799         return (error);
 4800 }
 4801 
 4802 /*
 4803  * Do the NFSv4.1 Get Device Info.
 4804  */
 4805 int
 4806 nfsrpc_getdeviceinfo(struct nfsmount *nmp, uint8_t *deviceid, int layouttype,
 4807     uint32_t *notifybitsp, struct nfscldevinfo **ndip, struct ucred *cred,
 4808     NFSPROC_T *p)
 4809 {
 4810         uint32_t cnt, *tl;
 4811         struct nfsrv_descript nfsd;
 4812         struct nfsrv_descript *nd = &nfsd;
 4813         struct sockaddr_storage ss;
 4814         struct nfsclds *dsp = NULL, **dspp;
 4815         struct nfscldevinfo *ndi;
 4816         int addrcnt, bitcnt, error, i, isudp, j, pos, safilled, stripecnt;
 4817         uint8_t stripeindex;
 4818 
 4819         *ndip = NULL;
 4820         ndi = NULL;
 4821         nfscl_reqstart(nd, NFSPROC_GETDEVICEINFO, nmp, NULL, 0, NULL, NULL);
 4822         NFSM_BUILD(tl, uint32_t *, NFSX_V4DEVICEID + 3 * NFSX_UNSIGNED);
 4823         NFSBCOPY(deviceid, tl, NFSX_V4DEVICEID);
 4824         tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
 4825         *tl++ = txdr_unsigned(layouttype);
 4826         *tl++ = txdr_unsigned(100000);
 4827         if (notifybitsp != NULL && *notifybitsp != 0) {
 4828                 *tl = txdr_unsigned(1);         /* One word of bits. */
 4829                 NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
 4830                 *tl = txdr_unsigned(*notifybitsp);
 4831         } else
 4832                 *tl = txdr_unsigned(0);
 4833         nd->nd_flag |= ND_USEGSSNAME;
 4834         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4835             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4836         if (error != 0)
 4837                 return (error);
 4838         if (nd->nd_repstat == 0) {
 4839                 NFSM_DISSECT(tl, uint32_t *, 3 * NFSX_UNSIGNED);
 4840                 if (layouttype != fxdr_unsigned(int, *tl++))
 4841