The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/fs/nfsclient/nfs_clrpcops.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 1989, 1993
    3  *      The Regents of the University of California.  All rights reserved.
    4  *
    5  * This code is derived from software contributed to Berkeley by
    6  * Rick Macklem at The University of Guelph.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 4. Neither the name of the University nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  *
   32  */
   33 
   34 #include <sys/cdefs.h>
   35 __FBSDID("$FreeBSD: releng/11.2/sys/fs/nfsclient/nfs_clrpcops.c 331722 2018-03-29 02:50:57Z eadler $");
   36 
   37 /*
   38  * Rpc op calls, generally called from the vnode op calls or through the
   39  * buffer cache, for NFS v2, 3 and 4.
   40  * These do not normally make any changes to vnode arguments or use
   41  * structures that might change between the VFS variants. The returned
   42  * arguments are all at the end, after the NFSPROC_T *p one.
   43  */
   44 
   45 #ifndef APPLEKEXT
   46 #include "opt_inet6.h"
   47 
   48 #include <fs/nfs/nfsport.h>
   49 #include <sys/sysctl.h>
   50 
   51 SYSCTL_DECL(_vfs_nfs);
   52 
   53 static int      nfsignore_eexist = 0;
   54 SYSCTL_INT(_vfs_nfs, OID_AUTO, ignore_eexist, CTLFLAG_RW,
   55     &nfsignore_eexist, 0, "NFS ignore EEXIST replies for mkdir/symlink");
   56 
   57 /*
   58  * Global variables
   59  */
   60 extern int nfs_numnfscbd;
   61 extern struct timeval nfsboottime;
   62 extern u_int32_t newnfs_false, newnfs_true;
   63 extern nfstype nfsv34_type[9];
   64 extern int nfsrv_useacl;
   65 extern char nfsv4_callbackaddr[INET6_ADDRSTRLEN];
   66 extern int nfscl_debuglevel;
   67 NFSCLSTATEMUTEX;
   68 int nfstest_outofseq = 0;
   69 int nfscl_assumeposixlocks = 1;
   70 int nfscl_enablecallb = 0;
   71 short nfsv4_cbport = NFSV4_CBPORT;
   72 int nfstest_openallsetattr = 0;
   73 #endif  /* !APPLEKEXT */
   74 
   75 #define DIRHDSIZ        (sizeof (struct dirent) - (MAXNAMLEN + 1))
   76 
   77 /*
   78  * nfscl_getsameserver() can return one of three values:
   79  * NFSDSP_USETHISSESSION - Use this session for the DS.
   80  * NFSDSP_SEQTHISSESSION - Use the nfsclds_sequence field of this dsp for new
   81  *     session.
   82  * NFSDSP_NOTFOUND - No matching server was found.
   83  */
   84 enum nfsclds_state {
   85         NFSDSP_USETHISSESSION = 0,
   86         NFSDSP_SEQTHISSESSION = 1,
   87         NFSDSP_NOTFOUND = 2,
   88 };
   89 
   90 static int nfsrpc_setattrrpc(vnode_t , struct vattr *, nfsv4stateid_t *,
   91     struct ucred *, NFSPROC_T *, struct nfsvattr *, int *, void *);
   92 static int nfsrpc_readrpc(vnode_t , struct uio *, struct ucred *,
   93     nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *, void *);
   94 static int nfsrpc_writerpc(vnode_t , struct uio *, int *, int *,
   95     struct ucred *, nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *,
   96     void *);
   97 static int nfsrpc_createv23(vnode_t , char *, int, struct vattr *,
   98     nfsquad_t, int, struct ucred *, NFSPROC_T *, struct nfsvattr *,
   99     struct nfsvattr *, struct nfsfh **, int *, int *, void *);
  100 static int nfsrpc_createv4(vnode_t , char *, int, struct vattr *,
  101     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *,
  102     NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *,
  103     int *, void *, int *);
  104 static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *,
  105     struct nfscllockowner *, u_int64_t, u_int64_t,
  106     u_int32_t, struct ucred *, NFSPROC_T *, int);
  107 static int nfsrpc_setaclrpc(vnode_t, struct ucred *, NFSPROC_T *,
  108     struct acl *, nfsv4stateid_t *, void *);
  109 static int nfsrpc_getlayout(struct nfsmount *, vnode_t, struct nfsfh *, int,
  110     uint32_t *, nfsv4stateid_t *, uint64_t, struct nfscllayout **,
  111     struct ucred *, NFSPROC_T *);
  112 static int nfsrpc_fillsa(struct nfsmount *, struct sockaddr_storage *,
  113     struct nfsclds **, NFSPROC_T *);
  114 static void nfscl_initsessionslots(struct nfsclsession *);
  115 static int nfscl_doflayoutio(vnode_t, struct uio *, int *, int *, int *,
  116     nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
  117     struct nfsclflayout *, uint64_t, uint64_t, int, struct ucred *,
  118     NFSPROC_T *);
  119 static int nfsrpc_readds(vnode_t, struct uio *, nfsv4stateid_t *, int *,
  120     struct nfsclds *, uint64_t, int, struct nfsfh *, struct ucred *,
  121     NFSPROC_T *);
  122 static int nfsrpc_writeds(vnode_t, struct uio *, int *, int *,
  123     nfsv4stateid_t *, struct nfsclds *, uint64_t, int,
  124     struct nfsfh *, int, struct ucred *, NFSPROC_T *);
  125 static enum nfsclds_state nfscl_getsameserver(struct nfsmount *,
  126     struct nfsclds *, struct nfsclds **);
  127 static int nfsrpc_commitds(vnode_t, uint64_t, int, struct nfsclds *,
  128     struct nfsfh *, struct ucred *, NFSPROC_T *);
  129 static void nfsrv_setuplayoutget(struct nfsrv_descript *, int, uint64_t,
  130     uint64_t, uint64_t, nfsv4stateid_t *, int, int);
  131 static int nfsrv_parselayoutget(struct nfsrv_descript *, nfsv4stateid_t *,
  132     int *, struct nfsclflayouthead *);
  133 static int nfsrpc_getopenlayout(struct nfsmount *, vnode_t, u_int8_t *,
  134     int, uint8_t *, int, uint32_t, struct nfsclopen *, uint8_t *, int,
  135     struct nfscldeleg **, struct ucred *, NFSPROC_T *);
  136 static int nfsrpc_getcreatelayout(vnode_t, char *, int, struct vattr *,
  137     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **,
  138     struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *,
  139     struct nfsfh **, int *, int *, void *, int *);
  140 static int nfsrpc_openlayoutrpc(struct nfsmount *, vnode_t, u_int8_t *,
  141     int, uint8_t *, int, uint32_t, struct nfsclopen *, uint8_t *, int,
  142     struct nfscldeleg **, nfsv4stateid_t *, int, int, int *,
  143     struct nfsclflayouthead *, int *, struct ucred *, NFSPROC_T *);
  144 static int nfsrpc_createlayout(vnode_t, char *, int, struct vattr *,
  145     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **,
  146     struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *,
  147     struct nfsfh **, int *, int *, void *, int *, nfsv4stateid_t *,
  148     int, int, int *, struct nfsclflayouthead *, int *);
  149 static int nfsrpc_layoutgetres(struct nfsmount *, vnode_t, uint8_t *,
  150     int, nfsv4stateid_t *, int, uint32_t *, struct nfscllayout **,
  151     struct nfsclflayouthead *, int, int *, struct ucred *, NFSPROC_T *);
  152 
  153 /*
  154  * nfs null call from vfs.
  155  */
  156 APPLESTATIC int
  157 nfsrpc_null(vnode_t vp, struct ucred *cred, NFSPROC_T *p)
  158 {
  159         int error;
  160         struct nfsrv_descript nfsd, *nd = &nfsd;
  161         
  162         NFSCL_REQSTART(nd, NFSPROC_NULL, vp);
  163         error = nfscl_request(nd, vp, p, cred, NULL);
  164         if (nd->nd_repstat && !error)
  165                 error = nd->nd_repstat;
  166         mbuf_freem(nd->nd_mrep);
  167         return (error);
  168 }
  169 
  170 /*
  171  * nfs access rpc op.
  172  * For nfs version 3 and 4, use the access rpc to check accessibility. If file
  173  * modes are changed on the server, accesses might still fail later.
  174  */
  175 APPLESTATIC int
  176 nfsrpc_access(vnode_t vp, int acmode, struct ucred *cred,
  177     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
  178 {
  179         int error;
  180         u_int32_t mode, rmode;
  181 
  182         if (acmode & VREAD)
  183                 mode = NFSACCESS_READ;
  184         else
  185                 mode = 0;
  186         if (vnode_vtype(vp) == VDIR) {
  187                 if (acmode & VWRITE)
  188                         mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND |
  189                                  NFSACCESS_DELETE);
  190                 if (acmode & VEXEC)
  191                         mode |= NFSACCESS_LOOKUP;
  192         } else {
  193                 if (acmode & VWRITE)
  194                         mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND);
  195                 if (acmode & VEXEC)
  196                         mode |= NFSACCESS_EXECUTE;
  197         }
  198 
  199         /*
  200          * Now, just call nfsrpc_accessrpc() to do the actual RPC.
  201          */
  202         error = nfsrpc_accessrpc(vp, mode, cred, p, nap, attrflagp, &rmode,
  203             NULL);
  204 
  205         /*
  206          * The NFS V3 spec does not clarify whether or not
  207          * the returned access bits can be a superset of
  208          * the ones requested, so...
  209          */
  210         if (!error && (rmode & mode) != mode)
  211                 error = EACCES;
  212         return (error);
  213 }
  214 
  215 /*
  216  * The actual rpc, separated out for Darwin.
  217  */
  218 APPLESTATIC int
  219 nfsrpc_accessrpc(vnode_t vp, u_int32_t mode, struct ucred *cred,
  220     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, u_int32_t *rmodep,
  221     void *stuff)
  222 {
  223         u_int32_t *tl;
  224         u_int32_t supported, rmode;
  225         int error;
  226         struct nfsrv_descript nfsd, *nd = &nfsd;
  227         nfsattrbit_t attrbits;
  228 
  229         *attrflagp = 0;
  230         supported = mode;
  231         NFSCL_REQSTART(nd, NFSPROC_ACCESS, vp);
  232         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  233         *tl = txdr_unsigned(mode);
  234         if (nd->nd_flag & ND_NFSV4) {
  235                 /*
  236                  * And do a Getattr op.
  237                  */
  238                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  239                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
  240                 NFSGETATTR_ATTRBIT(&attrbits);
  241                 (void) nfsrv_putattrbit(nd, &attrbits);
  242         }
  243         error = nfscl_request(nd, vp, p, cred, stuff);
  244         if (error)
  245                 return (error);
  246         if (nd->nd_flag & ND_NFSV3) {
  247                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
  248                 if (error)
  249                         goto nfsmout;
  250         }
  251         if (!nd->nd_repstat) {
  252                 if (nd->nd_flag & ND_NFSV4) {
  253                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  254                         supported = fxdr_unsigned(u_int32_t, *tl++);
  255                 } else {
  256                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
  257                 }
  258                 rmode = fxdr_unsigned(u_int32_t, *tl);
  259                 if (nd->nd_flag & ND_NFSV4)
  260                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
  261 
  262                 /*
  263                  * It's not obvious what should be done about
  264                  * unsupported access modes. For now, be paranoid
  265                  * and clear the unsupported ones.
  266                  */
  267                 rmode &= supported;
  268                 *rmodep = rmode;
  269         } else
  270                 error = nd->nd_repstat;
  271 nfsmout:
  272         mbuf_freem(nd->nd_mrep);
  273         return (error);
  274 }
  275 
  276 /*
  277  * nfs open rpc
  278  */
  279 APPLESTATIC int
  280 nfsrpc_open(vnode_t vp, int amode, struct ucred *cred, NFSPROC_T *p)
  281 {
  282         struct nfsclopen *op;
  283         struct nfscldeleg *dp;
  284         struct nfsfh *nfhp;
  285         struct nfsnode *np = VTONFS(vp);
  286         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
  287         u_int32_t mode, clidrev;
  288         int ret, newone, error, expireret = 0, retrycnt;
  289 
  290         /*
  291          * For NFSv4, Open Ops are only done on Regular Files.
  292          */
  293         if (vnode_vtype(vp) != VREG)
  294                 return (0);
  295         mode = 0;
  296         if (amode & FREAD)
  297                 mode |= NFSV4OPEN_ACCESSREAD;
  298         if (amode & FWRITE)
  299                 mode |= NFSV4OPEN_ACCESSWRITE;
  300         nfhp = np->n_fhp;
  301 
  302         retrycnt = 0;
  303 #ifdef notdef
  304 { char name[100]; int namel;
  305 namel = (np->n_v4->n4_namelen < 100) ? np->n_v4->n4_namelen : 99;
  306 bcopy(NFS4NODENAME(np->n_v4), name, namel);
  307 name[namel] = '\0';
  308 printf("rpcopen p=0x%x name=%s",p->p_pid,name);
  309 if (nfhp->nfh_len > 0) printf(" fh=0x%x\n",nfhp->nfh_fh[12]);
  310 else printf(" fhl=0\n");
  311 }
  312 #endif
  313         do {
  314             dp = NULL;
  315             error = nfscl_open(vp, nfhp->nfh_fh, nfhp->nfh_len, mode, 1,
  316                 cred, p, NULL, &op, &newone, &ret, 1);
  317             if (error) {
  318                 return (error);
  319             }
  320             if (nmp->nm_clp != NULL)
  321                 clidrev = nmp->nm_clp->nfsc_clientidrev;
  322             else
  323                 clidrev = 0;
  324             if (ret == NFSCLOPEN_DOOPEN) {
  325                 if (np->n_v4 != NULL) {
  326                         /*
  327                          * For the first attempt, try and get a layout, if
  328                          * pNFS is enabled for the mount.
  329                          */
  330                         if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
  331                             nfs_numnfscbd == 0 ||
  332                             (np->n_flag & NNOLAYOUT) != 0 || retrycnt > 0)
  333                                 error = nfsrpc_openrpc(nmp, vp,
  334                                     np->n_v4->n4_data,
  335                                     np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
  336                                     np->n_fhp->nfh_len, mode, op,
  337                                     NFS4NODENAME(np->n_v4),
  338                                     np->n_v4->n4_namelen,
  339                                     &dp, 0, 0x0, cred, p, 0, 0);
  340                         else
  341                                 error = nfsrpc_getopenlayout(nmp, vp,
  342                                     np->n_v4->n4_data,
  343                                     np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
  344                                     np->n_fhp->nfh_len, mode, op,
  345                                     NFS4NODENAME(np->n_v4),
  346                                     np->n_v4->n4_namelen, &dp, cred, p);
  347                         if (dp != NULL) {
  348 #ifdef APPLE
  349                                 OSBitAndAtomic((int32_t)~NDELEGMOD, (UInt32 *)&np->n_flag);
  350 #else
  351                                 NFSLOCKNODE(np);
  352                                 np->n_flag &= ~NDELEGMOD;
  353                                 /*
  354                                  * Invalidate the attribute cache, so that
  355                                  * attributes that pre-date the issue of a
  356                                  * delegation are not cached, since the
  357                                  * cached attributes will remain valid while
  358                                  * the delegation is held.
  359                                  */
  360                                 NFSINVALATTRCACHE(np);
  361                                 NFSUNLOCKNODE(np);
  362 #endif
  363                                 (void) nfscl_deleg(nmp->nm_mountp,
  364                                     op->nfso_own->nfsow_clp,
  365                                     nfhp->nfh_fh, nfhp->nfh_len, cred, p, &dp);
  366                         }
  367                 } else {
  368                         error = EIO;
  369                 }
  370                 newnfs_copyincred(cred, &op->nfso_cred);
  371             } else if (ret == NFSCLOPEN_SETCRED)
  372                 /*
  373                  * This is a new local open on a delegation. It needs
  374                  * to have credentials so that an open can be done
  375                  * against the server during recovery.
  376                  */
  377                 newnfs_copyincred(cred, &op->nfso_cred);
  378 
  379             /*
  380              * nfso_opencnt is the count of how many VOP_OPEN()s have
  381              * been done on this Open successfully and a VOP_CLOSE()
  382              * is expected for each of these.
  383              * If error is non-zero, don't increment it, since the Open
  384              * hasn't succeeded yet.
  385              */
  386             if (!error)
  387                 op->nfso_opencnt++;
  388             nfscl_openrelease(nmp, op, error, newone);
  389             if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
  390                 error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
  391                 error == NFSERR_BADSESSION) {
  392                 (void) nfs_catnap(PZERO, error, "nfs_open");
  393             } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
  394                 && clidrev != 0) {
  395                 expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
  396                 retrycnt++;
  397             }
  398         } while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
  399             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
  400             error == NFSERR_BADSESSION ||
  401             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
  402              expireret == 0 && clidrev != 0 && retrycnt < 4));
  403         if (error && retrycnt >= 4)
  404                 error = EIO;
  405         return (error);
  406 }
  407 
  408 /*
  409  * the actual open rpc
  410  */
  411 APPLESTATIC int
  412 nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp, int fhlen,
  413     u_int8_t *newfhp, int newfhlen, u_int32_t mode, struct nfsclopen *op,
  414     u_int8_t *name, int namelen, struct nfscldeleg **dpp,
  415     int reclaim, u_int32_t delegtype, struct ucred *cred, NFSPROC_T *p,
  416     int syscred, int recursed)
  417 {
  418         u_int32_t *tl;
  419         struct nfsrv_descript nfsd, *nd = &nfsd;
  420         struct nfscldeleg *dp, *ndp = NULL;
  421         struct nfsvattr nfsva;
  422         u_int32_t rflags, deleg;
  423         nfsattrbit_t attrbits;
  424         int error, ret, acesize, limitby;
  425         struct nfsclsession *tsep;
  426 
  427         dp = *dpp;
  428         *dpp = NULL;
  429         nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL);
  430         NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
  431         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  432         *tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
  433         *tl++ = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
  434         tsep = nfsmnt_mdssession(nmp);
  435         *tl++ = tsep->nfsess_clientid.lval[0];
  436         *tl = tsep->nfsess_clientid.lval[1];
  437         (void) nfsm_strtom(nd, op->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN);
  438         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  439         *tl++ = txdr_unsigned(NFSV4OPEN_NOCREATE);
  440         if (reclaim) {
  441                 *tl = txdr_unsigned(NFSV4OPEN_CLAIMPREVIOUS);
  442                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  443                 *tl = txdr_unsigned(delegtype);
  444         } else {
  445                 if (dp != NULL) {
  446                         *tl = txdr_unsigned(NFSV4OPEN_CLAIMDELEGATECUR);
  447                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
  448                         if (NFSHASNFSV4N(nmp))
  449                                 *tl++ = 0;
  450                         else
  451                                 *tl++ = dp->nfsdl_stateid.seqid;
  452                         *tl++ = dp->nfsdl_stateid.other[0];
  453                         *tl++ = dp->nfsdl_stateid.other[1];
  454                         *tl = dp->nfsdl_stateid.other[2];
  455                 } else {
  456                         *tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
  457                 }
  458                 (void) nfsm_strtom(nd, name, namelen);
  459         }
  460         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  461         *tl = txdr_unsigned(NFSV4OP_GETATTR);
  462         NFSZERO_ATTRBIT(&attrbits);
  463         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_CHANGE);
  464         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFY);
  465         (void) nfsrv_putattrbit(nd, &attrbits);
  466         if (syscred)
  467                 nd->nd_flag |= ND_USEGSSNAME;
  468         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
  469             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  470         if (error)
  471                 return (error);
  472         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  473         if (!nd->nd_repstat) {
  474                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
  475                     6 * NFSX_UNSIGNED);
  476                 op->nfso_stateid.seqid = *tl++;
  477                 op->nfso_stateid.other[0] = *tl++;
  478                 op->nfso_stateid.other[1] = *tl++;
  479                 op->nfso_stateid.other[2] = *tl;
  480                 rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
  481                 error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
  482                 if (error)
  483                         goto nfsmout;
  484                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
  485                 deleg = fxdr_unsigned(u_int32_t, *tl);
  486                 if (deleg == NFSV4OPEN_DELEGATEREAD ||
  487                     deleg == NFSV4OPEN_DELEGATEWRITE) {
  488                         if (!(op->nfso_own->nfsow_clp->nfsc_flags &
  489                               NFSCLFLAGS_FIRSTDELEG))
  490                                 op->nfso_own->nfsow_clp->nfsc_flags |=
  491                                   (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
  492                         MALLOC(ndp, struct nfscldeleg *,
  493                             sizeof (struct nfscldeleg) + newfhlen,
  494                             M_NFSCLDELEG, M_WAITOK);
  495                         LIST_INIT(&ndp->nfsdl_owner);
  496                         LIST_INIT(&ndp->nfsdl_lock);
  497                         ndp->nfsdl_clp = op->nfso_own->nfsow_clp;
  498                         ndp->nfsdl_fhlen = newfhlen;
  499                         NFSBCOPY(newfhp, ndp->nfsdl_fh, newfhlen);
  500                         newnfs_copyincred(cred, &ndp->nfsdl_cred);
  501                         nfscl_lockinit(&ndp->nfsdl_rwlock);
  502                         NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
  503                             NFSX_UNSIGNED);
  504                         ndp->nfsdl_stateid.seqid = *tl++;
  505                         ndp->nfsdl_stateid.other[0] = *tl++;
  506                         ndp->nfsdl_stateid.other[1] = *tl++;
  507                         ndp->nfsdl_stateid.other[2] = *tl++;
  508                         ret = fxdr_unsigned(int, *tl);
  509                         if (deleg == NFSV4OPEN_DELEGATEWRITE) {
  510                                 ndp->nfsdl_flags = NFSCLDL_WRITE;
  511                                 /*
  512                                  * Indicates how much the file can grow.
  513                                  */
  514                                 NFSM_DISSECT(tl, u_int32_t *,
  515                                     3 * NFSX_UNSIGNED);
  516                                 limitby = fxdr_unsigned(int, *tl++);
  517                                 switch (limitby) {
  518                                 case NFSV4OPEN_LIMITSIZE:
  519                                         ndp->nfsdl_sizelimit = fxdr_hyper(tl);
  520                                         break;
  521                                 case NFSV4OPEN_LIMITBLOCKS:
  522                                         ndp->nfsdl_sizelimit =
  523                                             fxdr_unsigned(u_int64_t, *tl++);
  524                                         ndp->nfsdl_sizelimit *=
  525                                             fxdr_unsigned(u_int64_t, *tl);
  526                                         break;
  527                                 default:
  528                                         error = NFSERR_BADXDR;
  529                                         goto nfsmout;
  530                                 }
  531                         } else {
  532                                 ndp->nfsdl_flags = NFSCLDL_READ;
  533                         }
  534                         if (ret)
  535                                 ndp->nfsdl_flags |= NFSCLDL_RECALL;
  536                         error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, &ret,
  537                             &acesize, p);
  538                         if (error)
  539                                 goto nfsmout;
  540                 } else if (deleg != NFSV4OPEN_DELEGATENONE) {
  541                         error = NFSERR_BADXDR;
  542                         goto nfsmout;
  543                 }
  544                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  545                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
  546                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
  547                     NULL, NULL, NULL, p, cred);
  548                 if (error)
  549                         goto nfsmout;
  550                 if (ndp != NULL) {
  551                         ndp->nfsdl_change = nfsva.na_filerev;
  552                         ndp->nfsdl_modtime = nfsva.na_mtime;
  553                         ndp->nfsdl_flags |= NFSCLDL_MODTIMESET;
  554                 }
  555                 if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM)) {
  556                     do {
  557                         ret = nfsrpc_openconfirm(vp, newfhp, newfhlen, op,
  558                             cred, p);
  559                         if (ret == NFSERR_DELAY)
  560                             (void) nfs_catnap(PZERO, ret, "nfs_open");
  561                     } while (ret == NFSERR_DELAY);
  562                     error = ret;
  563                 }
  564                 if ((rflags & NFSV4OPEN_LOCKTYPEPOSIX) ||
  565                     nfscl_assumeposixlocks)
  566                     op->nfso_posixlock = 1;
  567                 else
  568                     op->nfso_posixlock = 0;
  569 
  570                 /*
  571                  * If the server is handing out delegations, but we didn't
  572                  * get one because an OpenConfirm was required, try the
  573                  * Open again, to get a delegation. This is a harmless no-op,
  574                  * from a server's point of view.
  575                  */
  576                 if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM) &&
  577                     (op->nfso_own->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG)
  578                     && !error && dp == NULL && ndp == NULL && !recursed) {
  579                     do {
  580                         ret = nfsrpc_openrpc(nmp, vp, nfhp, fhlen, newfhp,
  581                             newfhlen, mode, op, name, namelen, &ndp, 0, 0x0,
  582                             cred, p, syscred, 1);
  583                         if (ret == NFSERR_DELAY)
  584                             (void) nfs_catnap(PZERO, ret, "nfs_open2");
  585                     } while (ret == NFSERR_DELAY);
  586                     if (ret) {
  587                         if (ndp != NULL) {
  588                                 FREE((caddr_t)ndp, M_NFSCLDELEG);
  589                                 ndp = NULL;
  590                         }
  591                         if (ret == NFSERR_STALECLIENTID ||
  592                             ret == NFSERR_STALEDONTRECOVER ||
  593                             ret == NFSERR_BADSESSION)
  594                                 error = ret;
  595                     }
  596                 }
  597         }
  598         if (nd->nd_repstat != 0 && error == 0)
  599                 error = nd->nd_repstat;
  600         if (error == NFSERR_STALECLIENTID)
  601                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  602 nfsmout:
  603         if (!error)
  604                 *dpp = ndp;
  605         else if (ndp != NULL)
  606                 FREE((caddr_t)ndp, M_NFSCLDELEG);
  607         mbuf_freem(nd->nd_mrep);
  608         return (error);
  609 }
  610 
  611 /*
  612  * open downgrade rpc
  613  */
  614 APPLESTATIC int
  615 nfsrpc_opendowngrade(vnode_t vp, u_int32_t mode, struct nfsclopen *op,
  616     struct ucred *cred, NFSPROC_T *p)
  617 {
  618         u_int32_t *tl;
  619         struct nfsrv_descript nfsd, *nd = &nfsd;
  620         int error;
  621 
  622         NFSCL_REQSTART(nd, NFSPROC_OPENDOWNGRADE, vp);
  623         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 3 * NFSX_UNSIGNED);
  624         if (NFSHASNFSV4N(VFSTONFS(vnode_mount(vp))))
  625                 *tl++ = 0;
  626         else
  627                 *tl++ = op->nfso_stateid.seqid;
  628         *tl++ = op->nfso_stateid.other[0];
  629         *tl++ = op->nfso_stateid.other[1];
  630         *tl++ = op->nfso_stateid.other[2];
  631         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  632         *tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
  633         *tl = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
  634         error = nfscl_request(nd, vp, p, cred, NULL);
  635         if (error)
  636                 return (error);
  637         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  638         if (!nd->nd_repstat) {
  639                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  640                 op->nfso_stateid.seqid = *tl++;
  641                 op->nfso_stateid.other[0] = *tl++;
  642                 op->nfso_stateid.other[1] = *tl++;
  643                 op->nfso_stateid.other[2] = *tl;
  644         }
  645         if (nd->nd_repstat && error == 0)
  646                 error = nd->nd_repstat;
  647         if (error == NFSERR_STALESTATEID)
  648                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  649 nfsmout:
  650         mbuf_freem(nd->nd_mrep);
  651         return (error);
  652 }
  653 
  654 /*
  655  * V4 Close operation.
  656  */
  657 APPLESTATIC int
  658 nfsrpc_close(vnode_t vp, int doclose, NFSPROC_T *p)
  659 {
  660         struct nfsclclient *clp;
  661         int error;
  662 
  663         if (vnode_vtype(vp) != VREG)
  664                 return (0);
  665         if (doclose)
  666                 error = nfscl_doclose(vp, &clp, p);
  667         else
  668                 error = nfscl_getclose(vp, &clp);
  669         if (error)
  670                 return (error);
  671 
  672         nfscl_clientrelease(clp);
  673         return (0);
  674 }
  675 
  676 /*
  677  * Close the open.
  678  */
  679 APPLESTATIC void
  680 nfsrpc_doclose(struct nfsmount *nmp, struct nfsclopen *op, NFSPROC_T *p)
  681 {
  682         struct nfsrv_descript nfsd, *nd = &nfsd;
  683         struct nfscllockowner *lp, *nlp;
  684         struct nfscllock *lop, *nlop;
  685         struct ucred *tcred;
  686         u_int64_t off = 0, len = 0;
  687         u_int32_t type = NFSV4LOCKT_READ;
  688         int error, do_unlock, trycnt;
  689 
  690         tcred = newnfs_getcred();
  691         newnfs_copycred(&op->nfso_cred, tcred);
  692         /*
  693          * (Theoretically this could be done in the same
  694          *  compound as the close, but having multiple
  695          *  sequenced Ops in the same compound might be
  696          *  too scary for some servers.)
  697          */
  698         if (op->nfso_posixlock) {
  699                 off = 0;
  700                 len = NFS64BITSSET;
  701                 type = NFSV4LOCKT_READ;
  702         }
  703 
  704         /*
  705          * Since this function is only called from VOP_INACTIVE(), no
  706          * other thread will be manipulating this Open. As such, the
  707          * lock lists are not being changed by other threads, so it should
  708          * be safe to do this without locking.
  709          */
  710         LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
  711                 do_unlock = 1;
  712                 LIST_FOREACH_SAFE(lop, &lp->nfsl_lock, nfslo_list, nlop) {
  713                         if (op->nfso_posixlock == 0) {
  714                                 off = lop->nfslo_first;
  715                                 len = lop->nfslo_end - lop->nfslo_first;
  716                                 if (lop->nfslo_type == F_WRLCK)
  717                                         type = NFSV4LOCKT_WRITE;
  718                                 else
  719                                         type = NFSV4LOCKT_READ;
  720                         }
  721                         if (do_unlock) {
  722                                 trycnt = 0;
  723                                 do {
  724                                         error = nfsrpc_locku(nd, nmp, lp, off,
  725                                             len, type, tcred, p, 0);
  726                                         if ((nd->nd_repstat == NFSERR_GRACE ||
  727                                             nd->nd_repstat == NFSERR_DELAY) &&
  728                                             error == 0)
  729                                                 (void) nfs_catnap(PZERO,
  730                                                     (int)nd->nd_repstat,
  731                                                     "nfs_close");
  732                                 } while ((nd->nd_repstat == NFSERR_GRACE ||
  733                                     nd->nd_repstat == NFSERR_DELAY) &&
  734                                     error == 0 && trycnt++ < 5);
  735                                 if (op->nfso_posixlock)
  736                                         do_unlock = 0;
  737                         }
  738                         nfscl_freelock(lop, 0);
  739                 }
  740                 /*
  741                  * Do a ReleaseLockOwner.
  742                  * The lock owner name nfsl_owner may be used by other opens for
  743                  * other files but the lock_owner4 name that nfsrpc_rellockown()
  744                  * puts on the wire has the file handle for this file appended
  745                  * to it, so it can be done now.
  746                  */
  747                 (void)nfsrpc_rellockown(nmp, lp, lp->nfsl_open->nfso_fh,
  748                     lp->nfsl_open->nfso_fhlen, tcred, p);
  749         }
  750 
  751         /*
  752          * There could be other Opens for different files on the same
  753          * OpenOwner, so locking is required.
  754          */
  755         NFSLOCKCLSTATE();
  756         nfscl_lockexcl(&op->nfso_own->nfsow_rwlock, NFSCLSTATEMUTEXPTR);
  757         NFSUNLOCKCLSTATE();
  758         do {
  759                 error = nfscl_tryclose(op, tcred, nmp, p);
  760                 if (error == NFSERR_GRACE)
  761                         (void) nfs_catnap(PZERO, error, "nfs_close");
  762         } while (error == NFSERR_GRACE);
  763         NFSLOCKCLSTATE();
  764         nfscl_lockunlock(&op->nfso_own->nfsow_rwlock);
  765 
  766         LIST_FOREACH_SAFE(lp, &op->nfso_lock, nfsl_list, nlp)
  767                 nfscl_freelockowner(lp, 0);
  768         nfscl_freeopen(op, 0);
  769         NFSUNLOCKCLSTATE();
  770         NFSFREECRED(tcred);
  771 }
  772 
  773 /*
  774  * The actual Close RPC.
  775  */
  776 APPLESTATIC int
  777 nfsrpc_closerpc(struct nfsrv_descript *nd, struct nfsmount *nmp,
  778     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p,
  779     int syscred)
  780 {
  781         u_int32_t *tl;
  782         int error;
  783 
  784         nfscl_reqstart(nd, NFSPROC_CLOSE, nmp, op->nfso_fh,
  785             op->nfso_fhlen, NULL, NULL);
  786         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
  787         *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
  788         if (NFSHASNFSV4N(nmp))
  789                 *tl++ = 0;
  790         else
  791                 *tl++ = op->nfso_stateid.seqid;
  792         *tl++ = op->nfso_stateid.other[0];
  793         *tl++ = op->nfso_stateid.other[1];
  794         *tl = op->nfso_stateid.other[2];
  795         if (syscred)
  796                 nd->nd_flag |= ND_USEGSSNAME;
  797         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
  798             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  799         if (error)
  800                 return (error);
  801         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  802         if (nd->nd_repstat == 0)
  803                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  804         error = nd->nd_repstat;
  805         if (error == NFSERR_STALESTATEID)
  806                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  807 nfsmout:
  808         mbuf_freem(nd->nd_mrep);
  809         return (error);
  810 }
  811 
  812 /*
  813  * V4 Open Confirm RPC.
  814  */
  815 APPLESTATIC int
  816 nfsrpc_openconfirm(vnode_t vp, u_int8_t *nfhp, int fhlen,
  817     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p)
  818 {
  819         u_int32_t *tl;
  820         struct nfsrv_descript nfsd, *nd = &nfsd;
  821         struct nfsmount *nmp;
  822         int error;
  823 
  824         nmp = VFSTONFS(vnode_mount(vp));
  825         if (NFSHASNFSV4N(nmp))
  826                 return (0);             /* No confirmation for NFSv4.1. */
  827         nfscl_reqstart(nd, NFSPROC_OPENCONFIRM, nmp, nfhp, fhlen, NULL, NULL);
  828         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
  829         *tl++ = op->nfso_stateid.seqid;
  830         *tl++ = op->nfso_stateid.other[0];
  831         *tl++ = op->nfso_stateid.other[1];
  832         *tl++ = op->nfso_stateid.other[2];
  833         *tl = txdr_unsigned(op->nfso_own->nfsow_seqid);
  834         error = nfscl_request(nd, vp, p, cred, NULL);
  835         if (error)
  836                 return (error);
  837         NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
  838         if (!nd->nd_repstat) {
  839                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
  840                 op->nfso_stateid.seqid = *tl++;
  841                 op->nfso_stateid.other[0] = *tl++;
  842                 op->nfso_stateid.other[1] = *tl++;
  843                 op->nfso_stateid.other[2] = *tl;
  844         }
  845         error = nd->nd_repstat;
  846         if (error == NFSERR_STALESTATEID)
  847                 nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
  848 nfsmout:
  849         mbuf_freem(nd->nd_mrep);
  850         return (error);
  851 }
  852 
  853 /*
  854  * Do the setclientid and setclientid confirm RPCs. Called from nfs_statfs()
  855  * when a mount has just occurred and when the server replies NFSERR_EXPIRED.
  856  */
  857 APPLESTATIC int
  858 nfsrpc_setclient(struct nfsmount *nmp, struct nfsclclient *clp, int reclaim,
  859     struct ucred *cred, NFSPROC_T *p)
  860 {
  861         u_int32_t *tl;
  862         struct nfsrv_descript nfsd;
  863         struct nfsrv_descript *nd = &nfsd;
  864         nfsattrbit_t attrbits;
  865         u_int8_t *cp = NULL, *cp2, addr[INET6_ADDRSTRLEN + 9];
  866         u_short port;
  867         int error, isinet6 = 0, callblen;
  868         nfsquad_t confirm;
  869         u_int32_t lease;
  870         static u_int32_t rev = 0;
  871         struct nfsclds *dsp;
  872         struct in6_addr a6;
  873         struct nfsclsession *tsep;
  874 
  875         if (nfsboottime.tv_sec == 0)
  876                 NFSSETBOOTTIME(nfsboottime);
  877         clp->nfsc_rev = rev++;
  878         if (NFSHASNFSV4N(nmp)) {
  879                 /*
  880                  * Either there was no previous session or the
  881                  * previous session has failed, so...
  882                  * do an ExchangeID followed by the CreateSession.
  883                  */
  884                 error = nfsrpc_exchangeid(nmp, clp, &nmp->nm_sockreq,
  885                     NFSV4EXCH_USEPNFSMDS | NFSV4EXCH_USENONPNFS, &dsp, cred, p);
  886                 NFSCL_DEBUG(1, "aft exch=%d\n", error);
  887                 if (error == 0)
  888                         error = nfsrpc_createsession(nmp, &dsp->nfsclds_sess,
  889                             &nmp->nm_sockreq,
  890                             dsp->nfsclds_sess.nfsess_sequenceid, 1, cred, p);
  891                 if (error == 0) {
  892                         NFSLOCKMNT(nmp);
  893                         /*
  894                          * The old sessions cannot be safely free'd
  895                          * here, since they may still be used by
  896                          * in-progress RPCs.
  897                          */
  898                         tsep = NULL;
  899                         if (TAILQ_FIRST(&nmp->nm_sess) != NULL)
  900                                 tsep = NFSMNT_MDSSESSION(nmp);
  901                         TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp,
  902                             nfsclds_list);
  903                         /*
  904                          * Wake up RPCs waiting for a slot on the
  905                          * old session. These will then fail with
  906                          * NFSERR_BADSESSION and be retried with the
  907                          * new session by nfsv4_setsequence().
  908                          * Also wakeup() processes waiting for the
  909                          * new session.
  910                          */
  911                         if (tsep != NULL)
  912                                 wakeup(&tsep->nfsess_slots);
  913                         wakeup(&nmp->nm_sess);
  914                         NFSUNLOCKMNT(nmp);
  915                 } else
  916                         nfscl_freenfsclds(dsp);
  917                 NFSCL_DEBUG(1, "aft createsess=%d\n", error);
  918                 if (error == 0 && reclaim == 0) {
  919                         error = nfsrpc_reclaimcomplete(nmp, cred, p);
  920                         NFSCL_DEBUG(1, "aft reclaimcomp=%d\n", error);
  921                         if (error == NFSERR_COMPLETEALREADY ||
  922                             error == NFSERR_NOTSUPP)
  923                                 /* Ignore this error. */
  924                                 error = 0;
  925                 }
  926                 return (error);
  927         }
  928 
  929         /*
  930          * Allocate a single session structure for NFSv4.0, because some of
  931          * the fields are used by NFSv4.0 although it doesn't do a session.
  932          */
  933         dsp = malloc(sizeof(struct nfsclds), M_NFSCLDS, M_WAITOK | M_ZERO);
  934         mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
  935         mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession", NULL, MTX_DEF);
  936         NFSLOCKMNT(nmp);
  937         TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp, nfsclds_list);
  938         tsep = NFSMNT_MDSSESSION(nmp);
  939         NFSUNLOCKMNT(nmp);
  940 
  941         nfscl_reqstart(nd, NFSPROC_SETCLIENTID, nmp, NULL, 0, NULL, NULL);
  942         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
  943         *tl++ = txdr_unsigned(nfsboottime.tv_sec);
  944         *tl = txdr_unsigned(clp->nfsc_rev);
  945         (void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
  946 
  947         /*
  948          * set up the callback address
  949          */
  950         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  951         *tl = txdr_unsigned(NFS_CALLBCKPROG);
  952         callblen = strlen(nfsv4_callbackaddr);
  953         if (callblen == 0)
  954                 cp = nfscl_getmyip(nmp, &a6, &isinet6);
  955         if (nfscl_enablecallb && nfs_numnfscbd > 0 &&
  956             (callblen > 0 || cp != NULL)) {
  957                 port = htons(nfsv4_cbport);
  958                 cp2 = (u_int8_t *)&port;
  959 #ifdef INET6
  960                 if ((callblen > 0 &&
  961                      strchr(nfsv4_callbackaddr, ':')) || isinet6) {
  962                         char ip6buf[INET6_ADDRSTRLEN], *ip6add;
  963 
  964                         (void) nfsm_strtom(nd, "tcp6", 4);
  965                         if (callblen == 0) {
  966                                 ip6_sprintf(ip6buf, (struct in6_addr *)cp);
  967                                 ip6add = ip6buf;
  968                         } else {
  969                                 ip6add = nfsv4_callbackaddr;
  970                         }
  971                         snprintf(addr, INET6_ADDRSTRLEN + 9, "%s.%d.%d",
  972                             ip6add, cp2[0], cp2[1]);
  973                 } else
  974 #endif
  975                 {
  976                         (void) nfsm_strtom(nd, "tcp", 3);
  977                         if (callblen == 0)
  978                                 snprintf(addr, INET6_ADDRSTRLEN + 9,
  979                                     "%d.%d.%d.%d.%d.%d", cp[0], cp[1],
  980                                     cp[2], cp[3], cp2[0], cp2[1]);
  981                         else
  982                                 snprintf(addr, INET6_ADDRSTRLEN + 9,
  983                                     "%s.%d.%d", nfsv4_callbackaddr,
  984                                     cp2[0], cp2[1]);
  985                 }
  986                 (void) nfsm_strtom(nd, addr, strlen(addr));
  987         } else {
  988                 (void) nfsm_strtom(nd, "tcp", 3);
  989                 (void) nfsm_strtom(nd, "0.0.0.0.0.0", 11);
  990         }
  991         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
  992         *tl = txdr_unsigned(clp->nfsc_cbident);
  993         nd->nd_flag |= ND_USEGSSNAME;
  994         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
  995                 NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
  996         if (error)
  997                 return (error);
  998         if (nd->nd_repstat == 0) {
  999             NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1000             tsep->nfsess_clientid.lval[0] = *tl++;
 1001             tsep->nfsess_clientid.lval[1] = *tl++;
 1002             confirm.lval[0] = *tl++;
 1003             confirm.lval[1] = *tl;
 1004             mbuf_freem(nd->nd_mrep);
 1005             nd->nd_mrep = NULL;
 1006 
 1007             /*
 1008              * and confirm it.
 1009              */
 1010             nfscl_reqstart(nd, NFSPROC_SETCLIENTIDCFRM, nmp, NULL, 0, NULL,
 1011                 NULL);
 1012             NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1013             *tl++ = tsep->nfsess_clientid.lval[0];
 1014             *tl++ = tsep->nfsess_clientid.lval[1];
 1015             *tl++ = confirm.lval[0];
 1016             *tl = confirm.lval[1];
 1017             nd->nd_flag |= ND_USEGSSNAME;
 1018             error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p,
 1019                 cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 1020             if (error)
 1021                 return (error);
 1022             mbuf_freem(nd->nd_mrep);
 1023             nd->nd_mrep = NULL;
 1024             if (nd->nd_repstat == 0) {
 1025                 nfscl_reqstart(nd, NFSPROC_GETATTR, nmp, nmp->nm_fh,
 1026                     nmp->nm_fhsize, NULL, NULL);
 1027                 NFSZERO_ATTRBIT(&attrbits);
 1028                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_LEASETIME);
 1029                 (void) nfsrv_putattrbit(nd, &attrbits);
 1030                 nd->nd_flag |= ND_USEGSSNAME;
 1031                 error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p,
 1032                     cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 1033                 if (error)
 1034                     return (error);
 1035                 if (nd->nd_repstat == 0) {
 1036                     error = nfsv4_loadattr(nd, NULL, NULL, NULL, NULL, 0, NULL,
 1037                         NULL, NULL, NULL, NULL, 0, NULL, &lease, NULL, p, cred);
 1038                     if (error)
 1039                         goto nfsmout;
 1040                     clp->nfsc_renew = NFSCL_RENEW(lease);
 1041                     clp->nfsc_expire = NFSD_MONOSEC + clp->nfsc_renew;
 1042                     clp->nfsc_clientidrev++;
 1043                     if (clp->nfsc_clientidrev == 0)
 1044                         clp->nfsc_clientidrev++;
 1045                 }
 1046             }
 1047         }
 1048         error = nd->nd_repstat;
 1049 nfsmout:
 1050         mbuf_freem(nd->nd_mrep);
 1051         return (error);
 1052 }
 1053 
 1054 /*
 1055  * nfs getattr call.
 1056  */
 1057 APPLESTATIC int
 1058 nfsrpc_getattr(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 1059     struct nfsvattr *nap, void *stuff)
 1060 {
 1061         struct nfsrv_descript nfsd, *nd = &nfsd;
 1062         int error;
 1063         nfsattrbit_t attrbits;
 1064         
 1065         NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
 1066         if (nd->nd_flag & ND_NFSV4) {
 1067                 NFSGETATTR_ATTRBIT(&attrbits);
 1068                 (void) nfsrv_putattrbit(nd, &attrbits);
 1069         }
 1070         error = nfscl_request(nd, vp, p, cred, stuff);
 1071         if (error)
 1072                 return (error);
 1073         if (!nd->nd_repstat)
 1074                 error = nfsm_loadattr(nd, nap);
 1075         else
 1076                 error = nd->nd_repstat;
 1077         mbuf_freem(nd->nd_mrep);
 1078         return (error);
 1079 }
 1080 
 1081 /*
 1082  * nfs getattr call with non-vnode arguemnts.
 1083  */
 1084 APPLESTATIC int
 1085 nfsrpc_getattrnovp(struct nfsmount *nmp, u_int8_t *fhp, int fhlen, int syscred,
 1086     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, u_int64_t *xidp,
 1087     uint32_t *leasep)
 1088 {
 1089         struct nfsrv_descript nfsd, *nd = &nfsd;
 1090         int error, vers = NFS_VER2;
 1091         nfsattrbit_t attrbits;
 1092         
 1093         nfscl_reqstart(nd, NFSPROC_GETATTR, nmp, fhp, fhlen, NULL, NULL);
 1094         if (nd->nd_flag & ND_NFSV4) {
 1095                 vers = NFS_VER4;
 1096                 NFSGETATTR_ATTRBIT(&attrbits);
 1097                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_LEASETIME);
 1098                 (void) nfsrv_putattrbit(nd, &attrbits);
 1099         } else if (nd->nd_flag & ND_NFSV3) {
 1100                 vers = NFS_VER3;
 1101         }
 1102         if (syscred)
 1103                 nd->nd_flag |= ND_USEGSSNAME;
 1104         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 1105             NFS_PROG, vers, NULL, 1, xidp, NULL);
 1106         if (error)
 1107                 return (error);
 1108         if (nd->nd_repstat == 0) {
 1109                 if ((nd->nd_flag & ND_NFSV4) != 0)
 1110                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 1111                             NULL, NULL, NULL, NULL, NULL, 0, NULL, leasep, NULL,
 1112                             NULL, NULL);
 1113                 else
 1114                         error = nfsm_loadattr(nd, nap);
 1115         } else
 1116                 error = nd->nd_repstat;
 1117         mbuf_freem(nd->nd_mrep);
 1118         return (error);
 1119 }
 1120 
 1121 /*
 1122  * Do an nfs setattr operation.
 1123  */
 1124 APPLESTATIC int
 1125 nfsrpc_setattr(vnode_t vp, struct vattr *vap, NFSACL_T *aclp,
 1126     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *rnap, int *attrflagp,
 1127     void *stuff)
 1128 {
 1129         int error, expireret = 0, openerr, retrycnt;
 1130         u_int32_t clidrev = 0, mode;
 1131         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1132         struct nfsfh *nfhp;
 1133         nfsv4stateid_t stateid;
 1134         void *lckp;
 1135 
 1136         if (nmp->nm_clp != NULL)
 1137                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1138         if (vap != NULL && NFSATTRISSET(u_quad_t, vap, va_size))
 1139                 mode = NFSV4OPEN_ACCESSWRITE;
 1140         else
 1141                 mode = NFSV4OPEN_ACCESSREAD;
 1142         retrycnt = 0;
 1143         do {
 1144                 lckp = NULL;
 1145                 openerr = 1;
 1146                 if (NFSHASNFSV4(nmp)) {
 1147                         nfhp = VTONFS(vp)->n_fhp;
 1148                         error = nfscl_getstateid(vp, nfhp->nfh_fh,
 1149                             nfhp->nfh_len, mode, 0, cred, p, &stateid, &lckp);
 1150                         if (error && vnode_vtype(vp) == VREG &&
 1151                             (mode == NFSV4OPEN_ACCESSWRITE ||
 1152                              nfstest_openallsetattr)) {
 1153                                 /*
 1154                                  * No Open stateid, so try and open the file
 1155                                  * now.
 1156                                  */
 1157                                 if (mode == NFSV4OPEN_ACCESSWRITE)
 1158                                         openerr = nfsrpc_open(vp, FWRITE, cred,
 1159                                             p);
 1160                                 else
 1161                                         openerr = nfsrpc_open(vp, FREAD, cred,
 1162                                             p);
 1163                                 if (!openerr)
 1164                                         (void) nfscl_getstateid(vp,
 1165                                             nfhp->nfh_fh, nfhp->nfh_len,
 1166                                             mode, 0, cred, p, &stateid, &lckp);
 1167                         }
 1168                 }
 1169                 if (vap != NULL)
 1170                         error = nfsrpc_setattrrpc(vp, vap, &stateid, cred, p,
 1171                             rnap, attrflagp, stuff);
 1172                 else
 1173                         error = nfsrpc_setaclrpc(vp, cred, p, aclp, &stateid,
 1174                             stuff);
 1175                 if (error == NFSERR_OPENMODE && mode == NFSV4OPEN_ACCESSREAD) {
 1176                         NFSLOCKMNT(nmp);
 1177                         nmp->nm_state |= NFSSTA_OPENMODE;
 1178                         NFSUNLOCKMNT(nmp);
 1179                 }
 1180                 if (error == NFSERR_STALESTATEID)
 1181                         nfscl_initiate_recovery(nmp->nm_clp);
 1182                 if (lckp != NULL)
 1183                         nfscl_lockderef(lckp);
 1184                 if (!openerr)
 1185                         (void) nfsrpc_close(vp, 0, p);
 1186                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1187                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1188                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1189                         (void) nfs_catnap(PZERO, error, "nfs_setattr");
 1190                 } else if ((error == NFSERR_EXPIRED ||
 1191                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1192                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1193                 }
 1194                 retrycnt++;
 1195         } while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1196             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1197             error == NFSERR_BADSESSION ||
 1198             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1199             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1200              expireret == 0 && clidrev != 0 && retrycnt < 4) ||
 1201             (error == NFSERR_OPENMODE && mode == NFSV4OPEN_ACCESSREAD &&
 1202              retrycnt < 4));
 1203         if (error && retrycnt >= 4)
 1204                 error = EIO;
 1205         return (error);
 1206 }
 1207 
 1208 static int
 1209 nfsrpc_setattrrpc(vnode_t vp, struct vattr *vap,
 1210     nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
 1211     struct nfsvattr *rnap, int *attrflagp, void *stuff)
 1212 {
 1213         u_int32_t *tl;
 1214         struct nfsrv_descript nfsd, *nd = &nfsd;
 1215         int error;
 1216         nfsattrbit_t attrbits;
 1217 
 1218         *attrflagp = 0;
 1219         NFSCL_REQSTART(nd, NFSPROC_SETATTR, vp);
 1220         if (nd->nd_flag & ND_NFSV4)
 1221                 nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1222         vap->va_type = vnode_vtype(vp);
 1223         nfscl_fillsattr(nd, vap, vp, NFSSATTR_FULL, 0);
 1224         if (nd->nd_flag & ND_NFSV3) {
 1225                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1226                 *tl = newnfs_false;
 1227         } else if (nd->nd_flag & ND_NFSV4) {
 1228                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1229                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1230                 NFSGETATTR_ATTRBIT(&attrbits);
 1231                 (void) nfsrv_putattrbit(nd, &attrbits);
 1232         }
 1233         error = nfscl_request(nd, vp, p, cred, stuff);
 1234         if (error)
 1235                 return (error);
 1236         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 1237                 error = nfscl_wcc_data(nd, vp, rnap, attrflagp, NULL, stuff);
 1238         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 && !error)
 1239                 error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 1240         if (!(nd->nd_flag & ND_NFSV3) && !nd->nd_repstat && !error)
 1241                 error = nfscl_postop_attr(nd, rnap, attrflagp, stuff);
 1242         mbuf_freem(nd->nd_mrep);
 1243         if (nd->nd_repstat && !error)
 1244                 error = nd->nd_repstat;
 1245         return (error);
 1246 }
 1247 
 1248 /*
 1249  * nfs lookup rpc
 1250  */
 1251 APPLESTATIC int
 1252 nfsrpc_lookup(vnode_t dvp, char *name, int len, struct ucred *cred,
 1253     NFSPROC_T *p, struct nfsvattr *dnap, struct nfsvattr *nap,
 1254     struct nfsfh **nfhpp, int *attrflagp, int *dattrflagp, void *stuff)
 1255 {
 1256         u_int32_t *tl;
 1257         struct nfsrv_descript nfsd, *nd = &nfsd;
 1258         struct nfsmount *nmp;
 1259         struct nfsnode *np;
 1260         struct nfsfh *nfhp;
 1261         nfsattrbit_t attrbits;
 1262         int error = 0, lookupp = 0;
 1263 
 1264         *attrflagp = 0;
 1265         *dattrflagp = 0;
 1266         if (vnode_vtype(dvp) != VDIR)
 1267                 return (ENOTDIR);
 1268         nmp = VFSTONFS(vnode_mount(dvp));
 1269         if (len > NFS_MAXNAMLEN)
 1270                 return (ENAMETOOLONG);
 1271         if (NFSHASNFSV4(nmp) && len == 1 &&
 1272                 name[0] == '.') {
 1273                 /*
 1274                  * Just return the current dir's fh.
 1275                  */
 1276                 np = VTONFS(dvp);
 1277                 MALLOC(nfhp, struct nfsfh *, sizeof (struct nfsfh) +
 1278                         np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
 1279                 nfhp->nfh_len = np->n_fhp->nfh_len;
 1280                 NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
 1281                 *nfhpp = nfhp;
 1282                 return (0);
 1283         }
 1284         if (NFSHASNFSV4(nmp) && len == 2 &&
 1285                 name[0] == '.' && name[1] == '.') {
 1286                 lookupp = 1;
 1287                 NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, dvp);
 1288         } else {
 1289                 NFSCL_REQSTART(nd, NFSPROC_LOOKUP, dvp);
 1290                 (void) nfsm_strtom(nd, name, len);
 1291         }
 1292         if (nd->nd_flag & ND_NFSV4) {
 1293                 NFSGETATTR_ATTRBIT(&attrbits);
 1294                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1295                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 1296                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1297                 (void) nfsrv_putattrbit(nd, &attrbits);
 1298         }
 1299         error = nfscl_request(nd, dvp, p, cred, stuff);
 1300         if (error)
 1301                 return (error);
 1302         if (nd->nd_repstat) {
 1303                 /*
 1304                  * When an NFSv4 Lookupp returns ENOENT, it means that
 1305                  * the lookup is at the root of an fs, so return this dir.
 1306                  */
 1307                 if (nd->nd_repstat == NFSERR_NOENT && lookupp) {
 1308                     np = VTONFS(dvp);
 1309                     MALLOC(nfhp, struct nfsfh *, sizeof (struct nfsfh) +
 1310                         np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
 1311                     nfhp->nfh_len = np->n_fhp->nfh_len;
 1312                     NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
 1313                     *nfhpp = nfhp;
 1314                     mbuf_freem(nd->nd_mrep);
 1315                     return (0);
 1316                 }
 1317                 if (nd->nd_flag & ND_NFSV3)
 1318                     error = nfscl_postop_attr(nd, dnap, dattrflagp, stuff);
 1319                 else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 1320                     ND_NFSV4) {
 1321                         /* Load the directory attributes. */
 1322                         error = nfsm_loadattr(nd, dnap);
 1323                         if (error == 0)
 1324                                 *dattrflagp = 1;
 1325                 }
 1326                 goto nfsmout;
 1327         }
 1328         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 1329                 /* Load the directory attributes. */
 1330                 error = nfsm_loadattr(nd, dnap);
 1331                 if (error != 0)
 1332                         goto nfsmout;
 1333                 *dattrflagp = 1;
 1334                 /* Skip over the Lookup and GetFH operation status values. */
 1335                 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1336         }
 1337         error = nfsm_getfh(nd, nfhpp);
 1338         if (error)
 1339                 goto nfsmout;
 1340 
 1341         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1342         if ((nd->nd_flag & ND_NFSV3) && !error)
 1343                 error = nfscl_postop_attr(nd, dnap, dattrflagp, stuff);
 1344 nfsmout:
 1345         mbuf_freem(nd->nd_mrep);
 1346         if (!error && nd->nd_repstat)
 1347                 error = nd->nd_repstat;
 1348         return (error);
 1349 }
 1350 
 1351 /*
 1352  * Do a readlink rpc.
 1353  */
 1354 APPLESTATIC int
 1355 nfsrpc_readlink(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1356     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1357 {
 1358         u_int32_t *tl;
 1359         struct nfsrv_descript nfsd, *nd = &nfsd;
 1360         struct nfsnode *np = VTONFS(vp);
 1361         nfsattrbit_t attrbits;
 1362         int error, len, cangetattr = 1;
 1363 
 1364         *attrflagp = 0;
 1365         NFSCL_REQSTART(nd, NFSPROC_READLINK, vp);
 1366         if (nd->nd_flag & ND_NFSV4) {
 1367                 /*
 1368                  * And do a Getattr op.
 1369                  */
 1370                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1371                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1372                 NFSGETATTR_ATTRBIT(&attrbits);
 1373                 (void) nfsrv_putattrbit(nd, &attrbits);
 1374         }
 1375         error = nfscl_request(nd, vp, p, cred, stuff);
 1376         if (error)
 1377                 return (error);
 1378         if (nd->nd_flag & ND_NFSV3)
 1379                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1380         if (!nd->nd_repstat && !error) {
 1381                 NFSM_STRSIZ(len, NFS_MAXPATHLEN);
 1382                 /*
 1383                  * This seems weird to me, but must have been added to
 1384                  * FreeBSD for some reason. The only thing I can think of
 1385                  * is that there was/is some server that replies with
 1386                  * more link data than it should?
 1387                  */
 1388                 if (len == NFS_MAXPATHLEN) {
 1389                         NFSLOCKNODE(np);
 1390                         if (np->n_size > 0 && np->n_size < NFS_MAXPATHLEN) {
 1391                                 len = np->n_size;
 1392                                 cangetattr = 0;
 1393                         }
 1394                         NFSUNLOCKNODE(np);
 1395                 }
 1396                 error = nfsm_mbufuio(nd, uiop, len);
 1397                 if ((nd->nd_flag & ND_NFSV4) && !error && cangetattr)
 1398                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1399         }
 1400         if (nd->nd_repstat && !error)
 1401                 error = nd->nd_repstat;
 1402 nfsmout:
 1403         mbuf_freem(nd->nd_mrep);
 1404         return (error);
 1405 }
 1406 
 1407 /*
 1408  * Read operation.
 1409  */
 1410 APPLESTATIC int
 1411 nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1412     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1413 {
 1414         int error, expireret = 0, retrycnt;
 1415         u_int32_t clidrev = 0;
 1416         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1417         struct nfsnode *np = VTONFS(vp);
 1418         struct ucred *newcred;
 1419         struct nfsfh *nfhp = NULL;
 1420         nfsv4stateid_t stateid;
 1421         void *lckp;
 1422 
 1423         if (nmp->nm_clp != NULL)
 1424                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1425         newcred = cred;
 1426         if (NFSHASNFSV4(nmp)) {
 1427                 nfhp = np->n_fhp;
 1428                 newcred = NFSNEWCRED(cred);
 1429         }
 1430         retrycnt = 0;
 1431         do {
 1432                 lckp = NULL;
 1433                 if (NFSHASNFSV4(nmp))
 1434                         (void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
 1435                             NFSV4OPEN_ACCESSREAD, 0, newcred, p, &stateid,
 1436                             &lckp);
 1437                 error = nfsrpc_readrpc(vp, uiop, newcred, &stateid, p, nap,
 1438                     attrflagp, stuff);
 1439                 if (error == NFSERR_OPENMODE) {
 1440                         NFSLOCKMNT(nmp);
 1441                         nmp->nm_state |= NFSSTA_OPENMODE;
 1442                         NFSUNLOCKMNT(nmp);
 1443                 }
 1444                 if (error == NFSERR_STALESTATEID)
 1445                         nfscl_initiate_recovery(nmp->nm_clp);
 1446                 if (lckp != NULL)
 1447                         nfscl_lockderef(lckp);
 1448                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1449                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1450                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1451                         (void) nfs_catnap(PZERO, error, "nfs_read");
 1452                 } else if ((error == NFSERR_EXPIRED ||
 1453                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1454                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1455                 }
 1456                 retrycnt++;
 1457         } while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1458             error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1459             error == NFSERR_BADSESSION ||
 1460             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1461             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1462              expireret == 0 && clidrev != 0 && retrycnt < 4) ||
 1463             (error == NFSERR_OPENMODE && retrycnt < 4));
 1464         if (error && retrycnt >= 4)
 1465                 error = EIO;
 1466         if (NFSHASNFSV4(nmp))
 1467                 NFSFREECRED(newcred);
 1468         return (error);
 1469 }
 1470 
 1471 /*
 1472  * The actual read RPC.
 1473  */
 1474 static int
 1475 nfsrpc_readrpc(vnode_t vp, struct uio *uiop, struct ucred *cred,
 1476     nfsv4stateid_t *stateidp, NFSPROC_T *p, struct nfsvattr *nap,
 1477     int *attrflagp, void *stuff)
 1478 {
 1479         u_int32_t *tl;
 1480         int error = 0, len, retlen, tsiz, eof = 0;
 1481         struct nfsrv_descript nfsd;
 1482         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1483         struct nfsrv_descript *nd = &nfsd;
 1484         int rsize;
 1485         off_t tmp_off;
 1486 
 1487         *attrflagp = 0;
 1488         tsiz = uio_uio_resid(uiop);
 1489         tmp_off = uiop->uio_offset + tsiz;
 1490         NFSLOCKMNT(nmp);
 1491         if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
 1492                 NFSUNLOCKMNT(nmp);
 1493                 return (EFBIG);
 1494         }
 1495         rsize = nmp->nm_rsize;
 1496         NFSUNLOCKMNT(nmp);
 1497         nd->nd_mrep = NULL;
 1498         while (tsiz > 0) {
 1499                 *attrflagp = 0;
 1500                 len = (tsiz > rsize) ? rsize : tsiz;
 1501                 NFSCL_REQSTART(nd, NFSPROC_READ, vp);
 1502                 if (nd->nd_flag & ND_NFSV4)
 1503                         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1504                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED * 3);
 1505                 if (nd->nd_flag & ND_NFSV2) {
 1506                         *tl++ = txdr_unsigned(uiop->uio_offset);
 1507                         *tl++ = txdr_unsigned(len);
 1508                         *tl = 0;
 1509                 } else {
 1510                         txdr_hyper(uiop->uio_offset, tl);
 1511                         *(tl + 2) = txdr_unsigned(len);
 1512                 }
 1513                 /*
 1514                  * Since I can't do a Getattr for NFSv4 for Write, there
 1515                  * doesn't seem any point in doing one here, either.
 1516                  * (See the comment in nfsrpc_writerpc() for more info.)
 1517                  */
 1518                 error = nfscl_request(nd, vp, p, cred, stuff);
 1519                 if (error)
 1520                         return (error);
 1521                 if (nd->nd_flag & ND_NFSV3) {
 1522                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 1523                 } else if (!nd->nd_repstat && (nd->nd_flag & ND_NFSV2)) {
 1524                         error = nfsm_loadattr(nd, nap);
 1525                         if (!error)
 1526                                 *attrflagp = 1;
 1527                 }
 1528                 if (nd->nd_repstat || error) {
 1529                         if (!error)
 1530                                 error = nd->nd_repstat;
 1531                         goto nfsmout;
 1532                 }
 1533                 if (nd->nd_flag & ND_NFSV3) {
 1534                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1535                         eof = fxdr_unsigned(int, *(tl + 1));
 1536                 } else if (nd->nd_flag & ND_NFSV4) {
 1537                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 1538                         eof = fxdr_unsigned(int, *tl);
 1539                 }
 1540                 NFSM_STRSIZ(retlen, len);
 1541                 error = nfsm_mbufuio(nd, uiop, retlen);
 1542                 if (error)
 1543                         goto nfsmout;
 1544                 mbuf_freem(nd->nd_mrep);
 1545                 nd->nd_mrep = NULL;
 1546                 tsiz -= retlen;
 1547                 if (!(nd->nd_flag & ND_NFSV2)) {
 1548                         if (eof || retlen == 0)
 1549                                 tsiz = 0;
 1550                 } else if (retlen < len)
 1551                         tsiz = 0;
 1552         }
 1553         return (0);
 1554 nfsmout:
 1555         if (nd->nd_mrep != NULL)
 1556                 mbuf_freem(nd->nd_mrep);
 1557         return (error);
 1558 }
 1559 
 1560 /*
 1561  * nfs write operation
 1562  * When called_from_strategy != 0, it should return EIO for an error that
 1563  * indicates recovery is in progress, so that the buffer will be left
 1564  * dirty and be written back to the server later. If it loops around,
 1565  * the recovery thread could get stuck waiting for the buffer and recovery
 1566  * will then deadlock.
 1567  */
 1568 APPLESTATIC int
 1569 nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 1570     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 1571     void *stuff, int called_from_strategy)
 1572 {
 1573         int error, expireret = 0, retrycnt, nostateid;
 1574         u_int32_t clidrev = 0;
 1575         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1576         struct nfsnode *np = VTONFS(vp);
 1577         struct ucred *newcred;
 1578         struct nfsfh *nfhp = NULL;
 1579         nfsv4stateid_t stateid;
 1580         void *lckp;
 1581 
 1582         *must_commit = 0;
 1583         if (nmp->nm_clp != NULL)
 1584                 clidrev = nmp->nm_clp->nfsc_clientidrev;
 1585         newcred = cred;
 1586         if (NFSHASNFSV4(nmp)) {
 1587                 newcred = NFSNEWCRED(cred);
 1588                 nfhp = np->n_fhp;
 1589         }
 1590         retrycnt = 0;
 1591         do {
 1592                 lckp = NULL;
 1593                 nostateid = 0;
 1594                 if (NFSHASNFSV4(nmp)) {
 1595                         (void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
 1596                             NFSV4OPEN_ACCESSWRITE, 0, newcred, p, &stateid,
 1597                             &lckp);
 1598                         if (stateid.other[0] == 0 && stateid.other[1] == 0 &&
 1599                             stateid.other[2] == 0) {
 1600                                 nostateid = 1;
 1601                                 NFSCL_DEBUG(1, "stateid0 in write\n");
 1602                         }
 1603                 }
 1604 
 1605                 /*
 1606                  * If there is no stateid for NFSv4, it means this is an
 1607                  * extraneous write after close. Basically a poorly
 1608                  * implemented buffer cache. Just don't do the write.
 1609                  */
 1610                 if (nostateid)
 1611                         error = 0;
 1612                 else
 1613                         error = nfsrpc_writerpc(vp, uiop, iomode, must_commit,
 1614                             newcred, &stateid, p, nap, attrflagp, stuff);
 1615                 if (error == NFSERR_STALESTATEID)
 1616                         nfscl_initiate_recovery(nmp->nm_clp);
 1617                 if (lckp != NULL)
 1618                         nfscl_lockderef(lckp);
 1619                 if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 1620                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1621                     error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
 1622                         (void) nfs_catnap(PZERO, error, "nfs_write");
 1623                 } else if ((error == NFSERR_EXPIRED ||
 1624                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1625                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1626                 }
 1627                 retrycnt++;
 1628         } while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
 1629             ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
 1630               error == NFSERR_STALEDONTRECOVER) && called_from_strategy == 0) ||
 1631             (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
 1632             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1633              expireret == 0 && clidrev != 0 && retrycnt < 4));
 1634         if (error != 0 && (retrycnt >= 4 ||
 1635             ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
 1636               error == NFSERR_STALEDONTRECOVER) && called_from_strategy != 0)))
 1637                 error = EIO;
 1638         if (NFSHASNFSV4(nmp))
 1639                 NFSFREECRED(newcred);
 1640         return (error);
 1641 }
 1642 
 1643 /*
 1644  * The actual write RPC.
 1645  */
 1646 static int
 1647 nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iomode,
 1648     int *must_commit, struct ucred *cred, nfsv4stateid_t *stateidp,
 1649     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 1650 {
 1651         u_int32_t *tl;
 1652         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 1653         struct nfsnode *np = VTONFS(vp);
 1654         int error = 0, len, tsiz, rlen, commit, committed = NFSWRITE_FILESYNC;
 1655         int wccflag = 0, wsize;
 1656         int32_t backup;
 1657         struct nfsrv_descript nfsd;
 1658         struct nfsrv_descript *nd = &nfsd;
 1659         nfsattrbit_t attrbits;
 1660         off_t tmp_off;
 1661 
 1662         KASSERT(uiop->uio_iovcnt == 1, ("nfs: writerpc iovcnt > 1"));
 1663         *attrflagp = 0;
 1664         tsiz = uio_uio_resid(uiop);
 1665         tmp_off = uiop->uio_offset + tsiz;
 1666         NFSLOCKMNT(nmp);
 1667         if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
 1668                 NFSUNLOCKMNT(nmp);
 1669                 return (EFBIG);
 1670         }
 1671         wsize = nmp->nm_wsize;
 1672         NFSUNLOCKMNT(nmp);
 1673         nd->nd_mrep = NULL;     /* NFSv2 sometimes does a write with */
 1674         nd->nd_repstat = 0;     /* uio_resid == 0, so the while is not done */
 1675         while (tsiz > 0) {
 1676                 *attrflagp = 0;
 1677                 len = (tsiz > wsize) ? wsize : tsiz;
 1678                 NFSCL_REQSTART(nd, NFSPROC_WRITE, vp);
 1679                 if (nd->nd_flag & ND_NFSV4) {
 1680                         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 1681                         NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+2*NFSX_UNSIGNED);
 1682                         txdr_hyper(uiop->uio_offset, tl);
 1683                         tl += 2;
 1684                         *tl++ = txdr_unsigned(*iomode);
 1685                         *tl = txdr_unsigned(len);
 1686                 } else if (nd->nd_flag & ND_NFSV3) {
 1687                         NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+3*NFSX_UNSIGNED);
 1688                         txdr_hyper(uiop->uio_offset, tl);
 1689                         tl += 2;
 1690                         *tl++ = txdr_unsigned(len);
 1691                         *tl++ = txdr_unsigned(*iomode);
 1692                         *tl = txdr_unsigned(len);
 1693                 } else {
 1694                         u_int32_t x;
 1695 
 1696                         NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 1697                         /*
 1698                          * Not sure why someone changed this, since the
 1699                          * RFC clearly states that "beginoffset" and
 1700                          * "totalcount" are ignored, but it wouldn't
 1701                          * surprise me if there's a busted server out there.
 1702                          */
 1703                         /* Set both "begin" and "current" to non-garbage. */
 1704                         x = txdr_unsigned((u_int32_t)uiop->uio_offset);
 1705                         *tl++ = x;      /* "begin offset" */
 1706                         *tl++ = x;      /* "current offset" */
 1707                         x = txdr_unsigned(len);
 1708                         *tl++ = x;      /* total to this offset */
 1709                         *tl = x;        /* size of this write */
 1710 
 1711                 }
 1712                 nfsm_uiombuf(nd, uiop, len);
 1713                 /*
 1714                  * Although it is tempting to do a normal Getattr Op in the
 1715                  * NFSv4 compound, the result can be a nearly hung client
 1716                  * system if the Getattr asks for Owner and/or OwnerGroup.
 1717                  * It occurs when the client can't map either the Owner or
 1718                  * Owner_group name in the Getattr reply to a uid/gid. When
 1719                  * there is a cache miss, the kernel does an upcall to the
 1720                  * nfsuserd. Then, it can try and read the local /etc/passwd
 1721                  * or /etc/group file. It can then block in getnewbuf(),
 1722                  * waiting for dirty writes to be pushed to the NFS server.
 1723                  * The only reason this doesn't result in a complete
 1724                  * deadlock, is that the upcall times out and allows
 1725                  * the write to complete. However, progress is so slow
 1726                  * that it might just as well be deadlocked.
 1727                  * As such, we get the rest of the attributes, but not
 1728                  * Owner or Owner_group.
 1729                  * nb: nfscl_loadattrcache() needs to be told that these
 1730                  *     partial attributes from a write rpc are being
 1731                  *     passed in, via a argument flag.
 1732                  */
 1733                 if (nd->nd_flag & ND_NFSV4) {
 1734                         NFSWRITEGETATTR_ATTRBIT(&attrbits);
 1735                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1736                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1737                         (void) nfsrv_putattrbit(nd, &attrbits);
 1738                 }
 1739                 error = nfscl_request(nd, vp, p, cred, stuff);
 1740                 if (error)
 1741                         return (error);
 1742                 if (nd->nd_repstat) {
 1743                         /*
 1744                          * In case the rpc gets retried, roll
 1745                          * the uio fileds changed by nfsm_uiombuf()
 1746                          * back.
 1747                          */
 1748                         uiop->uio_offset -= len;
 1749                         uio_uio_resid_add(uiop, len);
 1750                         uio_iov_base_add(uiop, -len);
 1751                         uio_iov_len_add(uiop, len);
 1752                 }
 1753                 if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 1754                         error = nfscl_wcc_data(nd, vp, nap, attrflagp,
 1755                             &wccflag, stuff);
 1756                         if (error)
 1757                                 goto nfsmout;
 1758                 }
 1759                 if (!nd->nd_repstat) {
 1760                         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 1761                                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED
 1762                                         + NFSX_VERF);
 1763                                 rlen = fxdr_unsigned(int, *tl++);
 1764                                 if (rlen == 0) {
 1765                                         error = NFSERR_IO;
 1766                                         goto nfsmout;
 1767                                 } else if (rlen < len) {
 1768                                         backup = len - rlen;
 1769                                         uio_iov_base_add(uiop, -(backup));
 1770                                         uio_iov_len_add(uiop, backup);
 1771                                         uiop->uio_offset -= backup;
 1772                                         uio_uio_resid_add(uiop, backup);
 1773                                         len = rlen;
 1774                                 }
 1775                                 commit = fxdr_unsigned(int, *tl++);
 1776 
 1777                                 /*
 1778                                  * Return the lowest commitment level
 1779                                  * obtained by any of the RPCs.
 1780                                  */
 1781                                 if (committed == NFSWRITE_FILESYNC)
 1782                                         committed = commit;
 1783                                 else if (committed == NFSWRITE_DATASYNC &&
 1784                                         commit == NFSWRITE_UNSTABLE)
 1785                                         committed = commit;
 1786                                 NFSLOCKMNT(nmp);
 1787                                 if (!NFSHASWRITEVERF(nmp)) {
 1788                                         NFSBCOPY((caddr_t)tl,
 1789                                             (caddr_t)&nmp->nm_verf[0],
 1790                                             NFSX_VERF);
 1791                                         NFSSETWRITEVERF(nmp);
 1792                                 } else if (NFSBCMP(tl, nmp->nm_verf,
 1793                                     NFSX_VERF)) {
 1794                                         *must_commit = 1;
 1795                                         NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 1796                                 }
 1797                                 NFSUNLOCKMNT(nmp);
 1798                         }
 1799                         if (nd->nd_flag & ND_NFSV4)
 1800                                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1801                         if (nd->nd_flag & (ND_NFSV2 | ND_NFSV4)) {
 1802                                 error = nfsm_loadattr(nd, nap);
 1803                                 if (!error)
 1804                                         *attrflagp = NFS_LATTR_NOSHRINK;
 1805                         }
 1806                 } else {
 1807                         error = nd->nd_repstat;
 1808                 }
 1809                 if (error)
 1810                         goto nfsmout;
 1811                 NFSWRITERPC_SETTIME(wccflag, np, nap, (nd->nd_flag & ND_NFSV4));
 1812                 mbuf_freem(nd->nd_mrep);
 1813                 nd->nd_mrep = NULL;
 1814                 tsiz -= len;
 1815         }
 1816 nfsmout:
 1817         if (nd->nd_mrep != NULL)
 1818                 mbuf_freem(nd->nd_mrep);
 1819         *iomode = committed;
 1820         if (nd->nd_repstat && !error)
 1821                 error = nd->nd_repstat;
 1822         return (error);
 1823 }
 1824 
 1825 /*
 1826  * nfs mknod rpc
 1827  * For NFS v2 this is a kludge. Use a create rpc but with the IFMT bits of the
 1828  * mode set to specify the file type and the size field for rdev.
 1829  */
 1830 APPLESTATIC int
 1831 nfsrpc_mknod(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1832     u_int32_t rdev, enum vtype vtyp, struct ucred *cred, NFSPROC_T *p,
 1833     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 1834     int *attrflagp, int *dattrflagp, void *dstuff)
 1835 {
 1836         u_int32_t *tl;
 1837         int error = 0;
 1838         struct nfsrv_descript nfsd, *nd = &nfsd;
 1839         nfsattrbit_t attrbits;
 1840 
 1841         *nfhpp = NULL;
 1842         *attrflagp = 0;
 1843         *dattrflagp = 0;
 1844         if (namelen > NFS_MAXNAMLEN)
 1845                 return (ENAMETOOLONG);
 1846         NFSCL_REQSTART(nd, NFSPROC_MKNOD, dvp);
 1847         if (nd->nd_flag & ND_NFSV4) {
 1848                 if (vtyp == VBLK || vtyp == VCHR) {
 1849                         NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 1850                         *tl++ = vtonfsv34_type(vtyp);
 1851                         *tl++ = txdr_unsigned(NFSMAJOR(rdev));
 1852                         *tl = txdr_unsigned(NFSMINOR(rdev));
 1853                 } else {
 1854                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1855                         *tl = vtonfsv34_type(vtyp);
 1856                 }
 1857         }
 1858         (void) nfsm_strtom(nd, name, namelen);
 1859         if (nd->nd_flag & ND_NFSV3) {
 1860                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 1861                 *tl = vtonfsv34_type(vtyp);
 1862         }
 1863         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 1864                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 1865         if ((nd->nd_flag & ND_NFSV3) &&
 1866             (vtyp == VCHR || vtyp == VBLK)) {
 1867                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1868                 *tl++ = txdr_unsigned(NFSMAJOR(rdev));
 1869                 *tl = txdr_unsigned(NFSMINOR(rdev));
 1870         }
 1871         if (nd->nd_flag & ND_NFSV4) {
 1872                 NFSGETATTR_ATTRBIT(&attrbits);
 1873                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 1874                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 1875                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 1876                 (void) nfsrv_putattrbit(nd, &attrbits);
 1877         }
 1878         if (nd->nd_flag & ND_NFSV2)
 1879                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZERDEV, rdev);
 1880         error = nfscl_request(nd, dvp, p, cred, dstuff);
 1881         if (error)
 1882                 return (error);
 1883         if (nd->nd_flag & ND_NFSV4)
 1884                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 1885         if (!nd->nd_repstat) {
 1886                 if (nd->nd_flag & ND_NFSV4) {
 1887                         NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 1888                         error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 1889                         if (error)
 1890                                 goto nfsmout;
 1891                 }
 1892                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 1893                 if (error)
 1894                         goto nfsmout;
 1895         }
 1896         if (nd->nd_flag & ND_NFSV3)
 1897                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 1898         if (!error && nd->nd_repstat)
 1899                 error = nd->nd_repstat;
 1900 nfsmout:
 1901         mbuf_freem(nd->nd_mrep);
 1902         return (error);
 1903 }
 1904 
 1905 /*
 1906  * nfs file create call
 1907  * Mostly just call the approriate routine. (I separated out v4, so that
 1908  * error recovery wouldn't be as difficult.)
 1909  */
 1910 APPLESTATIC int
 1911 nfsrpc_create(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1912     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
 1913     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 1914     int *attrflagp, int *dattrflagp, void *dstuff)
 1915 {
 1916         int error = 0, newone, expireret = 0, retrycnt, unlocked;
 1917         struct nfsclowner *owp;
 1918         struct nfscldeleg *dp;
 1919         struct nfsmount *nmp = VFSTONFS(vnode_mount(dvp));
 1920         u_int32_t clidrev;
 1921 
 1922         if (NFSHASNFSV4(nmp)) {
 1923             retrycnt = 0;
 1924             do {
 1925                 dp = NULL;
 1926                 error = nfscl_open(dvp, NULL, 0, (NFSV4OPEN_ACCESSWRITE |
 1927                     NFSV4OPEN_ACCESSREAD), 0, cred, p, &owp, NULL, &newone,
 1928                     NULL, 1);
 1929                 if (error)
 1930                         return (error);
 1931                 if (nmp->nm_clp != NULL)
 1932                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 1933                 else
 1934                         clidrev = 0;
 1935                 if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
 1936                     nfs_numnfscbd == 0 || retrycnt > 0)
 1937                         error = nfsrpc_createv4(dvp, name, namelen, vap, cverf,
 1938                           fmode, owp, &dp, cred, p, dnap, nnap, nfhpp,
 1939                           attrflagp, dattrflagp, dstuff, &unlocked);
 1940                 else
 1941                         error = nfsrpc_getcreatelayout(dvp, name, namelen, vap,
 1942                           cverf, fmode, owp, &dp, cred, p, dnap, nnap, nfhpp,
 1943                           attrflagp, dattrflagp, dstuff, &unlocked);
 1944                 /*
 1945                  * There is no need to invalidate cached attributes here,
 1946                  * since new post-delegation issue attributes are always
 1947                  * returned by nfsrpc_createv4() and these will update the
 1948                  * attribute cache.
 1949                  */
 1950                 if (dp != NULL)
 1951                         (void) nfscl_deleg(nmp->nm_mountp, owp->nfsow_clp,
 1952                             (*nfhpp)->nfh_fh, (*nfhpp)->nfh_len, cred, p, &dp);
 1953                 nfscl_ownerrelease(nmp, owp, error, newone, unlocked);
 1954                 if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
 1955                     error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1956                     error == NFSERR_BADSESSION) {
 1957                         (void) nfs_catnap(PZERO, error, "nfs_open");
 1958                 } else if ((error == NFSERR_EXPIRED ||
 1959                     error == NFSERR_BADSTATEID) && clidrev != 0) {
 1960                         expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 1961                         retrycnt++;
 1962                 }
 1963             } while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
 1964                 error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
 1965                 error == NFSERR_BADSESSION ||
 1966                 ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 1967                  expireret == 0 && clidrev != 0 && retrycnt < 4));
 1968             if (error && retrycnt >= 4)
 1969                     error = EIO;
 1970         } else {
 1971                 error = nfsrpc_createv23(dvp, name, namelen, vap, cverf,
 1972                     fmode, cred, p, dnap, nnap, nfhpp, attrflagp, dattrflagp,
 1973                     dstuff);
 1974         }
 1975         return (error);
 1976 }
 1977 
 1978 /*
 1979  * The create rpc for v2 and 3.
 1980  */
 1981 static int
 1982 nfsrpc_createv23(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 1983     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
 1984     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
 1985     int *attrflagp, int *dattrflagp, void *dstuff)
 1986 {
 1987         u_int32_t *tl;
 1988         int error = 0;
 1989         struct nfsrv_descript nfsd, *nd = &nfsd;
 1990 
 1991         *nfhpp = NULL;
 1992         *attrflagp = 0;
 1993         *dattrflagp = 0;
 1994         if (namelen > NFS_MAXNAMLEN)
 1995                 return (ENAMETOOLONG);
 1996         NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp);
 1997         (void) nfsm_strtom(nd, name, namelen);
 1998         if (nd->nd_flag & ND_NFSV3) {
 1999                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2000                 if (fmode & O_EXCL) {
 2001                         *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
 2002                         NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 2003                         *tl++ = cverf.lval[0];
 2004                         *tl = cverf.lval[1];
 2005                 } else {
 2006                         *tl = txdr_unsigned(NFSCREATE_UNCHECKED);
 2007                         nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2008                 }
 2009         } else {
 2010                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZE0, 0);
 2011         }
 2012         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2013         if (error)
 2014                 return (error);
 2015         if (nd->nd_repstat == 0) {
 2016                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2017                 if (error)
 2018                         goto nfsmout;
 2019         }
 2020         if (nd->nd_flag & ND_NFSV3)
 2021                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2022         if (nd->nd_repstat != 0 && error == 0)
 2023                 error = nd->nd_repstat;
 2024 nfsmout:
 2025         mbuf_freem(nd->nd_mrep);
 2026         return (error);
 2027 }
 2028 
 2029 static int
 2030 nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 2031     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
 2032     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2033     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 2034     int *dattrflagp, void *dstuff, int *unlockedp)
 2035 {
 2036         u_int32_t *tl;
 2037         int error = 0, deleg, newone, ret, acesize, limitby;
 2038         struct nfsrv_descript nfsd, *nd = &nfsd;
 2039         struct nfsclopen *op;
 2040         struct nfscldeleg *dp = NULL;
 2041         struct nfsnode *np;
 2042         struct nfsfh *nfhp;
 2043         nfsattrbit_t attrbits;
 2044         nfsv4stateid_t stateid;
 2045         u_int32_t rflags;
 2046         struct nfsmount *nmp;
 2047         struct nfsclsession *tsep;
 2048 
 2049         nmp = VFSTONFS(dvp->v_mount);
 2050         np = VTONFS(dvp);
 2051         *unlockedp = 0;
 2052         *nfhpp = NULL;
 2053         *dpp = NULL;
 2054         *attrflagp = 0;
 2055         *dattrflagp = 0;
 2056         if (namelen > NFS_MAXNAMLEN)
 2057                 return (ENAMETOOLONG);
 2058         NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp);
 2059         /*
 2060          * For V4, this is actually an Open op.
 2061          */
 2062         NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 2063         *tl++ = txdr_unsigned(owp->nfsow_seqid);
 2064         *tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
 2065             NFSV4OPEN_ACCESSREAD);
 2066         *tl++ = txdr_unsigned(NFSV4OPEN_DENYNONE);
 2067         tsep = nfsmnt_mdssession(nmp);
 2068         *tl++ = tsep->nfsess_clientid.lval[0];
 2069         *tl = tsep->nfsess_clientid.lval[1];
 2070         (void) nfsm_strtom(nd, owp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
 2071         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2072         *tl++ = txdr_unsigned(NFSV4OPEN_CREATE);
 2073         if (fmode & O_EXCL) {
 2074                 if (NFSHASNFSV4N(nmp)) {
 2075                         if (NFSHASSESSPERSIST(nmp)) {
 2076                                 /* Use GUARDED for persistent sessions. */
 2077                                 *tl = txdr_unsigned(NFSCREATE_GUARDED);
 2078                                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2079                         } else {
 2080                                 /* Otherwise, use EXCLUSIVE4_1. */
 2081                                 *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE41);
 2082                                 NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 2083                                 *tl++ = cverf.lval[0];
 2084                                 *tl = cverf.lval[1];
 2085                                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2086                         }
 2087                 } else {
 2088                         /* NFSv4.0 */
 2089                         *tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
 2090                         NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
 2091                         *tl++ = cverf.lval[0];
 2092                         *tl = cverf.lval[1];
 2093                 }
 2094         } else {
 2095                 *tl = txdr_unsigned(NFSCREATE_UNCHECKED);
 2096                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2097         }
 2098         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2099         *tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
 2100         (void) nfsm_strtom(nd, name, namelen);
 2101         /* Get the new file's handle and attributes. */
 2102         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2103         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2104         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2105         NFSGETATTR_ATTRBIT(&attrbits);
 2106         (void) nfsrv_putattrbit(nd, &attrbits);
 2107         /* Get the directory's post-op attributes. */
 2108         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2109         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2110         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
 2111         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2112         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2113         (void) nfsrv_putattrbit(nd, &attrbits);
 2114         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2115         if (error)
 2116                 return (error);
 2117         NFSCL_INCRSEQID(owp->nfsow_seqid, nd);
 2118         if (nd->nd_repstat == 0) {
 2119                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
 2120                     6 * NFSX_UNSIGNED);
 2121                 stateid.seqid = *tl++;
 2122                 stateid.other[0] = *tl++;
 2123                 stateid.other[1] = *tl++;
 2124                 stateid.other[2] = *tl;
 2125                 rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
 2126                 (void) nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 2127                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 2128                 deleg = fxdr_unsigned(int, *tl);
 2129                 if (deleg == NFSV4OPEN_DELEGATEREAD ||
 2130                     deleg == NFSV4OPEN_DELEGATEWRITE) {
 2131                         if (!(owp->nfsow_clp->nfsc_flags &
 2132                               NFSCLFLAGS_FIRSTDELEG))
 2133                                 owp->nfsow_clp->nfsc_flags |=
 2134                                   (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
 2135                         MALLOC(dp, struct nfscldeleg *,
 2136                             sizeof (struct nfscldeleg) + NFSX_V4FHMAX,
 2137                             M_NFSCLDELEG, M_WAITOK);
 2138                         LIST_INIT(&dp->nfsdl_owner);
 2139                         LIST_INIT(&dp->nfsdl_lock);
 2140                         dp->nfsdl_clp = owp->nfsow_clp;
 2141                         newnfs_copyincred(cred, &dp->nfsdl_cred);
 2142                         nfscl_lockinit(&dp->nfsdl_rwlock);
 2143                         NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
 2144                             NFSX_UNSIGNED);
 2145                         dp->nfsdl_stateid.seqid = *tl++;
 2146                         dp->nfsdl_stateid.other[0] = *tl++;
 2147                         dp->nfsdl_stateid.other[1] = *tl++;
 2148                         dp->nfsdl_stateid.other[2] = *tl++;
 2149                         ret = fxdr_unsigned(int, *tl);
 2150                         if (deleg == NFSV4OPEN_DELEGATEWRITE) {
 2151                                 dp->nfsdl_flags = NFSCLDL_WRITE;
 2152                                 /*
 2153                                  * Indicates how much the file can grow.
 2154                                  */
 2155                                 NFSM_DISSECT(tl, u_int32_t *,
 2156                                     3 * NFSX_UNSIGNED);
 2157                                 limitby = fxdr_unsigned(int, *tl++);
 2158                                 switch (limitby) {
 2159                                 case NFSV4OPEN_LIMITSIZE:
 2160                                         dp->nfsdl_sizelimit = fxdr_hyper(tl);
 2161                                         break;
 2162                                 case NFSV4OPEN_LIMITBLOCKS:
 2163                                         dp->nfsdl_sizelimit =
 2164                                             fxdr_unsigned(u_int64_t, *tl++);
 2165                                         dp->nfsdl_sizelimit *=
 2166                                             fxdr_unsigned(u_int64_t, *tl);
 2167                                         break;
 2168                                 default:
 2169                                         error = NFSERR_BADXDR;
 2170                                         goto nfsmout;
 2171                                 }
 2172                         } else {
 2173                                 dp->nfsdl_flags = NFSCLDL_READ;
 2174                         }
 2175                         if (ret)
 2176                                 dp->nfsdl_flags |= NFSCLDL_RECALL;
 2177                         error = nfsrv_dissectace(nd, &dp->nfsdl_ace, &ret,
 2178                             &acesize, p);
 2179                         if (error)
 2180                                 goto nfsmout;
 2181                 } else if (deleg != NFSV4OPEN_DELEGATENONE) {
 2182                         error = NFSERR_BADXDR;
 2183                         goto nfsmout;
 2184                 }
 2185                 error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2186                 if (error)
 2187                         goto nfsmout;
 2188                 /* Get rid of the PutFH and Getattr status values. */
 2189                 NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 2190                 /* Load the directory attributes. */
 2191                 error = nfsm_loadattr(nd, dnap);
 2192                 if (error)
 2193                         goto nfsmout;
 2194                 *dattrflagp = 1;
 2195                 if (dp != NULL && *attrflagp) {
 2196                         dp->nfsdl_change = nnap->na_filerev;
 2197                         dp->nfsdl_modtime = nnap->na_mtime;
 2198                         dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
 2199                 }
 2200                 /*
 2201                  * We can now complete the Open state.
 2202                  */
 2203                 nfhp = *nfhpp;
 2204                 if (dp != NULL) {
 2205                         dp->nfsdl_fhlen = nfhp->nfh_len;
 2206                         NFSBCOPY(nfhp->nfh_fh, dp->nfsdl_fh, nfhp->nfh_len);
 2207                 }
 2208                 /*
 2209                  * Get an Open structure that will be
 2210                  * attached to the OpenOwner, acquired already.
 2211                  */
 2212                 error = nfscl_open(dvp, nfhp->nfh_fh, nfhp->nfh_len, 
 2213                     (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), 0,
 2214                     cred, p, NULL, &op, &newone, NULL, 0);
 2215                 if (error)
 2216                         goto nfsmout;
 2217                 op->nfso_stateid = stateid;
 2218                 newnfs_copyincred(cred, &op->nfso_cred);
 2219                 if ((rflags & NFSV4OPEN_RESULTCONFIRM)) {
 2220                     do {
 2221                         ret = nfsrpc_openconfirm(dvp, nfhp->nfh_fh,
 2222                             nfhp->nfh_len, op, cred, p);
 2223                         if (ret == NFSERR_DELAY)
 2224                             (void) nfs_catnap(PZERO, ret, "nfs_create");
 2225                     } while (ret == NFSERR_DELAY);
 2226                     error = ret;
 2227                 }
 2228 
 2229                 /*
 2230                  * If the server is handing out delegations, but we didn't
 2231                  * get one because an OpenConfirm was required, try the
 2232                  * Open again, to get a delegation. This is a harmless no-op,
 2233                  * from a server's point of view.
 2234                  */
 2235                 if ((rflags & NFSV4OPEN_RESULTCONFIRM) &&
 2236                     (owp->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG) &&
 2237                     !error && dp == NULL) {
 2238                     do {
 2239                         ret = nfsrpc_openrpc(VFSTONFS(vnode_mount(dvp)), dvp,
 2240                             np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
 2241                             nfhp->nfh_fh, nfhp->nfh_len,
 2242                             (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), op,
 2243                             name, namelen, &dp, 0, 0x0, cred, p, 0, 1);
 2244                         if (ret == NFSERR_DELAY)
 2245                             (void) nfs_catnap(PZERO, ret, "nfs_crt2");
 2246                     } while (ret == NFSERR_DELAY);
 2247                     if (ret) {
 2248                         if (dp != NULL) {
 2249                                 FREE((caddr_t)dp, M_NFSCLDELEG);
 2250                                 dp = NULL;
 2251                         }
 2252                         if (ret == NFSERR_STALECLIENTID ||
 2253                             ret == NFSERR_STALEDONTRECOVER ||
 2254                             ret == NFSERR_BADSESSION)
 2255                                 error = ret;
 2256                     }
 2257                 }
 2258                 nfscl_openrelease(nmp, op, error, newone);
 2259                 *unlockedp = 1;
 2260         }
 2261         if (nd->nd_repstat != 0 && error == 0)
 2262                 error = nd->nd_repstat;
 2263         if (error == NFSERR_STALECLIENTID)
 2264                 nfscl_initiate_recovery(owp->nfsow_clp);
 2265 nfsmout:
 2266         if (!error)
 2267                 *dpp = dp;
 2268         else if (dp != NULL)
 2269                 FREE((caddr_t)dp, M_NFSCLDELEG);
 2270         mbuf_freem(nd->nd_mrep);
 2271         return (error);
 2272 }
 2273 
 2274 /*
 2275  * Nfs remove rpc
 2276  */
 2277 APPLESTATIC int
 2278 nfsrpc_remove(vnode_t dvp, char *name, int namelen, vnode_t vp,
 2279     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp,
 2280     void *dstuff)
 2281 {
 2282         u_int32_t *tl;
 2283         struct nfsrv_descript nfsd, *nd = &nfsd;
 2284         struct nfsnode *np;
 2285         struct nfsmount *nmp;
 2286         nfsv4stateid_t dstateid;
 2287         int error, ret = 0, i;
 2288 
 2289         *dattrflagp = 0;
 2290         if (namelen > NFS_MAXNAMLEN)
 2291                 return (ENAMETOOLONG);
 2292         nmp = VFSTONFS(vnode_mount(dvp));
 2293 tryagain:
 2294         if (NFSHASNFSV4(nmp) && ret == 0) {
 2295                 ret = nfscl_removedeleg(vp, p, &dstateid);
 2296                 if (ret == 1) {
 2297                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGREMOVE, vp);
 2298                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
 2299                             NFSX_UNSIGNED);
 2300                         if (NFSHASNFSV4N(nmp))
 2301                                 *tl++ = 0;
 2302                         else
 2303                                 *tl++ = dstateid.seqid;
 2304                         *tl++ = dstateid.other[0];
 2305                         *tl++ = dstateid.other[1];
 2306                         *tl++ = dstateid.other[2];
 2307                         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2308                         np = VTONFS(dvp);
 2309                         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2310                             np->n_fhp->nfh_len, 0);
 2311                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2312                         *tl = txdr_unsigned(NFSV4OP_REMOVE);
 2313                 }
 2314         } else {
 2315                 ret = 0;
 2316         }
 2317         if (ret == 0)
 2318                 NFSCL_REQSTART(nd, NFSPROC_REMOVE, dvp);
 2319         (void) nfsm_strtom(nd, name, namelen);
 2320         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2321         if (error)
 2322                 return (error);
 2323         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 2324                 /* For NFSv4, parse out any Delereturn replies. */
 2325                 if (ret > 0 && nd->nd_repstat != 0 &&
 2326                     (nd->nd_flag & ND_NOMOREDATA)) {
 2327                         /*
 2328                          * If the Delegreturn failed, try again without
 2329                          * it. The server will Recall, as required.
 2330                          */
 2331                         mbuf_freem(nd->nd_mrep);
 2332                         goto tryagain;
 2333                 }
 2334                 for (i = 0; i < (ret * 2); i++) {
 2335                         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 2336                             ND_NFSV4) {
 2337                             NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2338                             if (*(tl + 1))
 2339                                 nd->nd_flag |= ND_NOMOREDATA;
 2340                         }
 2341                 }
 2342                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2343         }
 2344         if (nd->nd_repstat && !error)
 2345                 error = nd->nd_repstat;
 2346 nfsmout:
 2347         mbuf_freem(nd->nd_mrep);
 2348         return (error);
 2349 }
 2350 
 2351 /*
 2352  * Do an nfs rename rpc.
 2353  */
 2354 APPLESTATIC int
 2355 nfsrpc_rename(vnode_t fdvp, vnode_t fvp, char *fnameptr, int fnamelen,
 2356     vnode_t tdvp, vnode_t tvp, char *tnameptr, int tnamelen, struct ucred *cred,
 2357     NFSPROC_T *p, struct nfsvattr *fnap, struct nfsvattr *tnap,
 2358     int *fattrflagp, int *tattrflagp, void *fstuff, void *tstuff)
 2359 {
 2360         u_int32_t *tl;
 2361         struct nfsrv_descript nfsd, *nd = &nfsd;
 2362         struct nfsmount *nmp;
 2363         struct nfsnode *np;
 2364         nfsattrbit_t attrbits;
 2365         nfsv4stateid_t fdstateid, tdstateid;
 2366         int error = 0, ret = 0, gottd = 0, gotfd = 0, i;
 2367         
 2368         *fattrflagp = 0;
 2369         *tattrflagp = 0;
 2370         nmp = VFSTONFS(vnode_mount(fdvp));
 2371         if (fnamelen > NFS_MAXNAMLEN || tnamelen > NFS_MAXNAMLEN)
 2372                 return (ENAMETOOLONG);
 2373 tryagain:
 2374         if (NFSHASNFSV4(nmp) && ret == 0) {
 2375                 ret = nfscl_renamedeleg(fvp, &fdstateid, &gotfd, tvp,
 2376                     &tdstateid, &gottd, p);
 2377                 if (gotfd && gottd) {
 2378                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME2, fvp);
 2379                 } else if (gotfd) {
 2380                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, fvp);
 2381                 } else if (gottd) {
 2382                         NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, tvp);
 2383                 }
 2384                 if (gotfd) {
 2385                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 2386                         if (NFSHASNFSV4N(nmp))
 2387                                 *tl++ = 0;
 2388                         else
 2389                                 *tl++ = fdstateid.seqid;
 2390                         *tl++ = fdstateid.other[0];
 2391                         *tl++ = fdstateid.other[1];
 2392                         *tl = fdstateid.other[2];
 2393                         if (gottd) {
 2394                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2395                                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2396                                 np = VTONFS(tvp);
 2397                                 (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2398                                     np->n_fhp->nfh_len, 0);
 2399                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2400                                 *tl = txdr_unsigned(NFSV4OP_DELEGRETURN);
 2401                         }
 2402                 }
 2403                 if (gottd) {
 2404                         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 2405                         if (NFSHASNFSV4N(nmp))
 2406                                 *tl++ = 0;
 2407                         else
 2408                                 *tl++ = tdstateid.seqid;
 2409                         *tl++ = tdstateid.other[0];
 2410                         *tl++ = tdstateid.other[1];
 2411                         *tl = tdstateid.other[2];
 2412                 }
 2413                 if (ret > 0) {
 2414                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2415                         *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2416                         np = VTONFS(fdvp);
 2417                         (void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
 2418                             np->n_fhp->nfh_len, 0);
 2419                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2420                         *tl = txdr_unsigned(NFSV4OP_SAVEFH);
 2421                 }
 2422         } else {
 2423                 ret = 0;
 2424         }
 2425         if (ret == 0)
 2426                 NFSCL_REQSTART(nd, NFSPROC_RENAME, fdvp);
 2427         if (nd->nd_flag & ND_NFSV4) {
 2428                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2429                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2430                 NFSWCCATTR_ATTRBIT(&attrbits);
 2431                 (void) nfsrv_putattrbit(nd, &attrbits);
 2432                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2433                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2434                 (void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 2435                     VTONFS(tdvp)->n_fhp->nfh_len, 0);
 2436                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2437                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2438                 (void) nfsrv_putattrbit(nd, &attrbits);
 2439                 nd->nd_flag |= ND_V4WCCATTR;
 2440                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2441                 *tl = txdr_unsigned(NFSV4OP_RENAME);
 2442         }
 2443         (void) nfsm_strtom(nd, fnameptr, fnamelen);
 2444         if (!(nd->nd_flag & ND_NFSV4))
 2445                 (void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
 2446                         VTONFS(tdvp)->n_fhp->nfh_len, 0);
 2447         (void) nfsm_strtom(nd, tnameptr, tnamelen);
 2448         error = nfscl_request(nd, fdvp, p, cred, fstuff);
 2449         if (error)
 2450                 return (error);
 2451         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
 2452                 /* For NFSv4, parse out any Delereturn replies. */
 2453                 if (ret > 0 && nd->nd_repstat != 0 &&
 2454                     (nd->nd_flag & ND_NOMOREDATA)) {
 2455                         /*
 2456                          * If the Delegreturn failed, try again without
 2457                          * it. The server will Recall, as required.
 2458                          */
 2459                         mbuf_freem(nd->nd_mrep);
 2460                         goto tryagain;
 2461                 }
 2462                 for (i = 0; i < (ret * 2); i++) {
 2463                         if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
 2464                             ND_NFSV4) {
 2465                             NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2466                             if (*(tl + 1)) {
 2467                                 if (i == 0 && ret > 1) {
 2468                                     /*
 2469                                      * If the Delegreturn failed, try again
 2470                                      * without it. The server will Recall, as
 2471                                      * required.
 2472                                      * If ret > 1, the first iteration of this
 2473                                      * loop is the second DelegReturn result.
 2474                                      */
 2475                                     mbuf_freem(nd->nd_mrep);
 2476                                     goto tryagain;
 2477                                 } else {
 2478                                     nd->nd_flag |= ND_NOMOREDATA;
 2479                                 }
 2480                             }
 2481                         }
 2482                 }
 2483                 /* Now, the first wcc attribute reply. */
 2484                 if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 2485                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2486                         if (*(tl + 1))
 2487                                 nd->nd_flag |= ND_NOMOREDATA;
 2488                 }
 2489                 error = nfscl_wcc_data(nd, fdvp, fnap, fattrflagp, NULL,
 2490                     fstuff);
 2491                 /* and the second wcc attribute reply. */
 2492                 if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 &&
 2493                     !error) {
 2494                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2495                         if (*(tl + 1))
 2496                                 nd->nd_flag |= ND_NOMOREDATA;
 2497                 }
 2498                 if (!error)
 2499                         error = nfscl_wcc_data(nd, tdvp, tnap, tattrflagp,
 2500                             NULL, tstuff);
 2501         }
 2502         if (nd->nd_repstat && !error)
 2503                 error = nd->nd_repstat;
 2504 nfsmout:
 2505         mbuf_freem(nd->nd_mrep);
 2506         return (error);
 2507 }
 2508 
 2509 /*
 2510  * nfs hard link create rpc
 2511  */
 2512 APPLESTATIC int
 2513 nfsrpc_link(vnode_t dvp, vnode_t vp, char *name, int namelen,
 2514     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2515     struct nfsvattr *nap, int *attrflagp, int *dattrflagp, void *dstuff)
 2516 {
 2517         u_int32_t *tl;
 2518         struct nfsrv_descript nfsd, *nd = &nfsd;
 2519         nfsattrbit_t attrbits;
 2520         int error = 0;
 2521 
 2522         *attrflagp = 0;
 2523         *dattrflagp = 0;
 2524         if (namelen > NFS_MAXNAMLEN)
 2525                 return (ENAMETOOLONG);
 2526         NFSCL_REQSTART(nd, NFSPROC_LINK, vp);
 2527         if (nd->nd_flag & ND_NFSV4) {
 2528                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2529                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2530         }
 2531         (void) nfsm_fhtom(nd, VTONFS(dvp)->n_fhp->nfh_fh,
 2532                 VTONFS(dvp)->n_fhp->nfh_len, 0);
 2533         if (nd->nd_flag & ND_NFSV4) {
 2534                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2535                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2536                 NFSWCCATTR_ATTRBIT(&attrbits);
 2537                 (void) nfsrv_putattrbit(nd, &attrbits);
 2538                 nd->nd_flag |= ND_V4WCCATTR;
 2539                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2540                 *tl = txdr_unsigned(NFSV4OP_LINK);
 2541         }
 2542         (void) nfsm_strtom(nd, name, namelen);
 2543         error = nfscl_request(nd, vp, p, cred, dstuff);
 2544         if (error)
 2545                 return (error);
 2546         if (nd->nd_flag & ND_NFSV3) {
 2547                 error = nfscl_postop_attr(nd, nap, attrflagp, dstuff);
 2548                 if (!error)
 2549                         error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
 2550                             NULL, dstuff);
 2551         } else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
 2552                 /*
 2553                  * First, parse out the PutFH and Getattr result.
 2554                  */
 2555                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2556                 if (!(*(tl + 1)))
 2557                         NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2558                 if (*(tl + 1))
 2559                         nd->nd_flag |= ND_NOMOREDATA;
 2560                 /*
 2561                  * Get the pre-op attributes.
 2562                  */
 2563                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2564         }
 2565         if (nd->nd_repstat && !error)
 2566                 error = nd->nd_repstat;
 2567 nfsmout:
 2568         mbuf_freem(nd->nd_mrep);
 2569         return (error);
 2570 }
 2571 
 2572 /*
 2573  * nfs symbolic link create rpc
 2574  */
 2575 APPLESTATIC int
 2576 nfsrpc_symlink(vnode_t dvp, char *name, int namelen, char *target,
 2577     struct vattr *vap, struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2578     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 2579     int *dattrflagp, void *dstuff)
 2580 {
 2581         u_int32_t *tl;
 2582         struct nfsrv_descript nfsd, *nd = &nfsd;
 2583         struct nfsmount *nmp;
 2584         int slen, error = 0;
 2585 
 2586         *nfhpp = NULL;
 2587         *attrflagp = 0;
 2588         *dattrflagp = 0;
 2589         nmp = VFSTONFS(vnode_mount(dvp));
 2590         slen = strlen(target);
 2591         if (slen > NFS_MAXPATHLEN || namelen > NFS_MAXNAMLEN)
 2592                 return (ENAMETOOLONG);
 2593         NFSCL_REQSTART(nd, NFSPROC_SYMLINK, dvp);
 2594         if (nd->nd_flag & ND_NFSV4) {
 2595                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2596                 *tl = txdr_unsigned(NFLNK);
 2597                 (void) nfsm_strtom(nd, target, slen);
 2598         }
 2599         (void) nfsm_strtom(nd, name, namelen);
 2600         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 2601                 nfscl_fillsattr(nd, vap, dvp, 0, 0);
 2602         if (!(nd->nd_flag & ND_NFSV4))
 2603                 (void) nfsm_strtom(nd, target, slen);
 2604         if (nd->nd_flag & ND_NFSV2)
 2605                 nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
 2606         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2607         if (error)
 2608                 return (error);
 2609         if (nd->nd_flag & ND_NFSV4)
 2610                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2611         if ((nd->nd_flag & ND_NFSV3) && !error) {
 2612                 if (!nd->nd_repstat)
 2613                         error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2614                 if (!error)
 2615                         error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
 2616                             NULL, dstuff);
 2617         }
 2618         if (nd->nd_repstat && !error)
 2619                 error = nd->nd_repstat;
 2620         mbuf_freem(nd->nd_mrep);
 2621         /*
 2622          * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
 2623          * Only do this if vfs.nfs.ignore_eexist is set.
 2624          * Never do this for NFSv4.1 or later minor versions, since sessions
 2625          * should guarantee "exactly once" RPC semantics.
 2626          */
 2627         if (error == EEXIST && nfsignore_eexist != 0 && (!NFSHASNFSV4(nmp) ||
 2628             nmp->nm_minorvers == 0))
 2629                 error = 0;
 2630         return (error);
 2631 }
 2632 
 2633 /*
 2634  * nfs make dir rpc
 2635  */
 2636 APPLESTATIC int
 2637 nfsrpc_mkdir(vnode_t dvp, char *name, int namelen, struct vattr *vap,
 2638     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
 2639     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
 2640     int *dattrflagp, void *dstuff)
 2641 {
 2642         u_int32_t *tl;
 2643         struct nfsrv_descript nfsd, *nd = &nfsd;
 2644         nfsattrbit_t attrbits;
 2645         int error = 0;
 2646         struct nfsfh *fhp;
 2647         struct nfsmount *nmp;
 2648 
 2649         *nfhpp = NULL;
 2650         *attrflagp = 0;
 2651         *dattrflagp = 0;
 2652         nmp = VFSTONFS(vnode_mount(dvp));
 2653         fhp = VTONFS(dvp)->n_fhp;
 2654         if (namelen > NFS_MAXNAMLEN)
 2655                 return (ENAMETOOLONG);
 2656         NFSCL_REQSTART(nd, NFSPROC_MKDIR, dvp);
 2657         if (nd->nd_flag & ND_NFSV4) {
 2658                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2659                 *tl = txdr_unsigned(NFDIR);
 2660         }
 2661         (void) nfsm_strtom(nd, name, namelen);
 2662         nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
 2663         if (nd->nd_flag & ND_NFSV4) {
 2664                 NFSGETATTR_ATTRBIT(&attrbits);
 2665                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2666                 *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2667                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2668                 (void) nfsrv_putattrbit(nd, &attrbits);
 2669                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2670                 *tl = txdr_unsigned(NFSV4OP_PUTFH);
 2671                 (void) nfsm_fhtom(nd, fhp->nfh_fh, fhp->nfh_len, 0);
 2672                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2673                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2674                 (void) nfsrv_putattrbit(nd, &attrbits);
 2675         }
 2676         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2677         if (error)
 2678                 return (error);
 2679         if (nd->nd_flag & ND_NFSV4)
 2680                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2681         if (!nd->nd_repstat && !error) {
 2682                 if (nd->nd_flag & ND_NFSV4) {
 2683                         NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 2684                         error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
 2685                 }
 2686                 if (!error)
 2687                         error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
 2688                 if (error == 0 && (nd->nd_flag & ND_NFSV4) != 0) {
 2689                         /* Get rid of the PutFH and Getattr status values. */
 2690                         NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
 2691                         /* Load the directory attributes. */
 2692                         error = nfsm_loadattr(nd, dnap);
 2693                         if (error == 0)
 2694                                 *dattrflagp = 1;
 2695                 }
 2696         }
 2697         if ((nd->nd_flag & ND_NFSV3) && !error)
 2698                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2699         if (nd->nd_repstat && !error)
 2700                 error = nd->nd_repstat;
 2701 nfsmout:
 2702         mbuf_freem(nd->nd_mrep);
 2703         /*
 2704          * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
 2705          * Only do this if vfs.nfs.ignore_eexist is set.
 2706          * Never do this for NFSv4.1 or later minor versions, since sessions
 2707          * should guarantee "exactly once" RPC semantics.
 2708          */
 2709         if (error == EEXIST && nfsignore_eexist != 0 && (!NFSHASNFSV4(nmp) ||
 2710             nmp->nm_minorvers == 0))
 2711                 error = 0;
 2712         return (error);
 2713 }
 2714 
 2715 /*
 2716  * nfs remove directory call
 2717  */
 2718 APPLESTATIC int
 2719 nfsrpc_rmdir(vnode_t dvp, char *name, int namelen, struct ucred *cred,
 2720     NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp, void *dstuff)
 2721 {
 2722         struct nfsrv_descript nfsd, *nd = &nfsd;
 2723         int error = 0;
 2724 
 2725         *dattrflagp = 0;
 2726         if (namelen > NFS_MAXNAMLEN)
 2727                 return (ENAMETOOLONG);
 2728         NFSCL_REQSTART(nd, NFSPROC_RMDIR, dvp);
 2729         (void) nfsm_strtom(nd, name, namelen);
 2730         error = nfscl_request(nd, dvp, p, cred, dstuff);
 2731         if (error)
 2732                 return (error);
 2733         if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
 2734                 error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
 2735         if (nd->nd_repstat && !error)
 2736                 error = nd->nd_repstat;
 2737         mbuf_freem(nd->nd_mrep);
 2738         /*
 2739          * Kludge: Map ENOENT => 0 assuming that you have a reply to a retry.
 2740          */
 2741         if (error == ENOENT)
 2742                 error = 0;
 2743         return (error);
 2744 }
 2745 
 2746 /*
 2747  * Readdir rpc.
 2748  * Always returns with either uio_resid unchanged, if you are at the
 2749  * end of the directory, or uio_resid == 0, with all DIRBLKSIZ chunks
 2750  * filled in.
 2751  * I felt this would allow caching of directory blocks more easily
 2752  * than returning a pertially filled block.
 2753  * Directory offset cookies:
 2754  * Oh my, what to do with them...
 2755  * I can think of three ways to deal with them:
 2756  * 1 - have the layer above these RPCs maintain a map between logical
 2757  *     directory byte offsets and the NFS directory offset cookies
 2758  * 2 - pass the opaque directory offset cookies up into userland
 2759  *     and let the libc functions deal with them, via the system call
 2760  * 3 - return them to userland in the "struct dirent", so future versions
 2761  *     of libc can use them and do whatever is necessary to make things work
 2762  *     above these rpc calls, in the meantime
 2763  * For now, I do #3 by "hiding" the directory offset cookies after the
 2764  * d_name field in struct dirent. This is space inside d_reclen that
 2765  * will be ignored by anything that doesn't know about them.
 2766  * The directory offset cookies are filled in as the last 8 bytes of
 2767  * each directory entry, after d_name. Someday, the userland libc
 2768  * functions may be able to use these. In the meantime, it satisfies
 2769  * OpenBSD's requirements for cookies being returned.
 2770  * If expects the directory offset cookie for the read to be in uio_offset
 2771  * and returns the one for the next entry after this directory block in
 2772  * there, as well.
 2773  */
 2774 APPLESTATIC int
 2775 nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
 2776     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 2777     int *eofp, void *stuff)
 2778 {
 2779         int len, left;
 2780         struct dirent *dp = NULL;
 2781         u_int32_t *tl;
 2782         nfsquad_t cookie, ncookie;
 2783         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 2784         struct nfsnode *dnp = VTONFS(vp);
 2785         struct nfsvattr nfsva;
 2786         struct nfsrv_descript nfsd, *nd = &nfsd;
 2787         int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
 2788         int reqsize, tryformoredirs = 1, readsize, eof = 0, gotmnton = 0;
 2789         long dotfileid, dotdotfileid = 0;
 2790         u_int32_t fakefileno = 0xffffffff, rderr;
 2791         char *cp;
 2792         nfsattrbit_t attrbits, dattrbits;
 2793         u_int32_t *tl2 = NULL;
 2794         size_t tresid;
 2795 
 2796         KASSERT(uiop->uio_iovcnt == 1 &&
 2797             (uio_uio_resid(uiop) & (DIRBLKSIZ - 1)) == 0,
 2798             ("nfs readdirrpc bad uio"));
 2799 
 2800         /*
 2801          * There is no point in reading a lot more than uio_resid, however
 2802          * adding one additional DIRBLKSIZ makes sense. Since uio_resid
 2803          * and nm_readdirsize are both exact multiples of DIRBLKSIZ, this
 2804          * will never make readsize > nm_readdirsize.
 2805          */
 2806         readsize = nmp->nm_readdirsize;
 2807         if (readsize > uio_uio_resid(uiop))
 2808                 readsize = uio_uio_resid(uiop) + DIRBLKSIZ;
 2809 
 2810         *attrflagp = 0;
 2811         if (eofp)
 2812                 *eofp = 0;
 2813         tresid = uio_uio_resid(uiop);
 2814         cookie.lval[0] = cookiep->nfsuquad[0];
 2815         cookie.lval[1] = cookiep->nfsuquad[1];
 2816         nd->nd_mrep = NULL;
 2817 
 2818         /*
 2819          * For NFSv4, first create the "." and ".." entries.
 2820          */
 2821         if (NFSHASNFSV4(nmp)) {
 2822                 reqsize = 6 * NFSX_UNSIGNED;
 2823                 NFSGETATTR_ATTRBIT(&dattrbits);
 2824                 NFSZERO_ATTRBIT(&attrbits);
 2825                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
 2826                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TYPE);
 2827                 if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
 2828                     NFSATTRBIT_MOUNTEDONFILEID)) {
 2829                         NFSSETBIT_ATTRBIT(&attrbits,
 2830                             NFSATTRBIT_MOUNTEDONFILEID);
 2831                         gotmnton = 1;
 2832                 } else {
 2833                         /*
 2834                          * Must fake it. Use the fileno, except when the
 2835                          * fsid is != to that of the directory. For that
 2836                          * case, generate a fake fileno that is not the same.
 2837                          */
 2838                         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
 2839                         gotmnton = 0;
 2840                 }
 2841 
 2842                 /*
 2843                  * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
 2844                  */
 2845                 if (uiop->uio_offset == 0) {
 2846                         NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp);
 2847                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2848                         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 2849                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2850                         (void) nfsrv_putattrbit(nd, &attrbits);
 2851                         error = nfscl_request(nd, vp, p, cred, stuff);
 2852                         if (error)
 2853                             return (error);
 2854                         dotfileid = 0;  /* Fake out the compiler. */
 2855                         if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
 2856                             error = nfsm_loadattr(nd, &nfsva);
 2857                             if (error != 0)
 2858                                 goto nfsmout;
 2859                             dotfileid = nfsva.na_fileid;
 2860                         }
 2861                         if (nd->nd_repstat == 0) {
 2862                             NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 2863                             len = fxdr_unsigned(int, *(tl + 4));
 2864                             if (len > 0 && len <= NFSX_V4FHMAX)
 2865                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 2866                             else
 2867                                 error = EPERM;
 2868                             if (!error) {
 2869                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 2870                                 nfsva.na_mntonfileno = 0xffffffff;
 2871                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 2872                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 2873                                     NULL, NULL, NULL, p, cred);
 2874                                 if (error) {
 2875                                     dotdotfileid = dotfileid;
 2876                                 } else if (gotmnton) {
 2877                                     if (nfsva.na_mntonfileno != 0xffffffff)
 2878                                         dotdotfileid = nfsva.na_mntonfileno;
 2879                                     else
 2880                                         dotdotfileid = nfsva.na_fileid;
 2881                                 } else if (nfsva.na_filesid[0] ==
 2882                                     dnp->n_vattr.na_filesid[0] &&
 2883                                     nfsva.na_filesid[1] ==
 2884                                     dnp->n_vattr.na_filesid[1]) {
 2885                                     dotdotfileid = nfsva.na_fileid;
 2886                                 } else {
 2887                                     do {
 2888                                         fakefileno--;
 2889                                     } while (fakefileno ==
 2890                                         nfsva.na_fileid);
 2891                                     dotdotfileid = fakefileno;
 2892                                 }
 2893                             }
 2894                         } else if (nd->nd_repstat == NFSERR_NOENT) {
 2895                             /*
 2896                              * Lookupp returns NFSERR_NOENT when we are
 2897                              * at the root, so just use the current dir.
 2898                              */
 2899                             nd->nd_repstat = 0;
 2900                             dotdotfileid = dotfileid;
 2901                         } else {
 2902                             error = nd->nd_repstat;
 2903                         }
 2904                         mbuf_freem(nd->nd_mrep);
 2905                         if (error)
 2906                             return (error);
 2907                         nd->nd_mrep = NULL;
 2908                         dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop));
 2909                         dp->d_type = DT_DIR;
 2910                         dp->d_fileno = dotfileid;
 2911                         dp->d_namlen = 1;
 2912                         dp->d_name[0] = '.';
 2913                         dp->d_name[1] = '\0';
 2914                         dp->d_reclen = DIRENT_SIZE(dp) + NFSX_HYPER;
 2915                         /*
 2916                          * Just make these offset cookie 0.
 2917                          */
 2918                         tl = (u_int32_t *)&dp->d_name[4];
 2919                         *tl++ = 0;
 2920                         *tl = 0;
 2921                         blksiz += dp->d_reclen;
 2922                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 2923                         uiop->uio_offset += dp->d_reclen;
 2924                         uio_iov_base_add(uiop, dp->d_reclen);
 2925                         uio_iov_len_add(uiop, -(dp->d_reclen));
 2926                         dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop));
 2927                         dp->d_type = DT_DIR;
 2928                         dp->d_fileno = dotdotfileid;
 2929                         dp->d_namlen = 2;
 2930                         dp->d_name[0] = '.';
 2931                         dp->d_name[1] = '.';
 2932                         dp->d_name[2] = '\0';
 2933                         dp->d_reclen = DIRENT_SIZE(dp) + NFSX_HYPER;
 2934                         /*
 2935                          * Just make these offset cookie 0.
 2936                          */
 2937                         tl = (u_int32_t *)&dp->d_name[4];
 2938                         *tl++ = 0;
 2939                         *tl = 0;
 2940                         blksiz += dp->d_reclen;
 2941                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 2942                         uiop->uio_offset += dp->d_reclen;
 2943                         uio_iov_base_add(uiop, dp->d_reclen);
 2944                         uio_iov_len_add(uiop, -(dp->d_reclen));
 2945                 }
 2946                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_RDATTRERROR);
 2947         } else {
 2948                 reqsize = 5 * NFSX_UNSIGNED;
 2949         }
 2950 
 2951 
 2952         /*
 2953          * Loop around doing readdir rpc's of size readsize.
 2954          * The stopping criteria is EOF or buffer full.
 2955          */
 2956         while (more_dirs && bigenough) {
 2957                 *attrflagp = 0;
 2958                 NFSCL_REQSTART(nd, NFSPROC_READDIR, vp);
 2959                 if (nd->nd_flag & ND_NFSV2) {
 2960                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 2961                         *tl++ = cookie.lval[1];
 2962                         *tl = txdr_unsigned(readsize);
 2963                 } else {
 2964                         NFSM_BUILD(tl, u_int32_t *, reqsize);
 2965                         *tl++ = cookie.lval[0];
 2966                         *tl++ = cookie.lval[1];
 2967                         if (cookie.qval == 0) {
 2968                                 *tl++ = 0;
 2969                                 *tl++ = 0;
 2970                         } else {
 2971                                 NFSLOCKNODE(dnp);
 2972                                 *tl++ = dnp->n_cookieverf.nfsuquad[0];
 2973                                 *tl++ = dnp->n_cookieverf.nfsuquad[1];
 2974                                 NFSUNLOCKNODE(dnp);
 2975                         }
 2976                         if (nd->nd_flag & ND_NFSV4) {
 2977                                 *tl++ = txdr_unsigned(readsize);
 2978                                 *tl = txdr_unsigned(readsize);
 2979                                 (void) nfsrv_putattrbit(nd, &attrbits);
 2980                                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 2981                                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 2982                                 (void) nfsrv_putattrbit(nd, &dattrbits);
 2983                         } else {
 2984                                 *tl = txdr_unsigned(readsize);
 2985                         }
 2986                 }
 2987                 error = nfscl_request(nd, vp, p, cred, stuff);
 2988                 if (error)
 2989                         return (error);
 2990                 if (!(nd->nd_flag & ND_NFSV2)) {
 2991                         if (nd->nd_flag & ND_NFSV3)
 2992                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 2993                                     stuff);
 2994                         if (!nd->nd_repstat && !error) {
 2995                                 NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
 2996                                 NFSLOCKNODE(dnp);
 2997                                 dnp->n_cookieverf.nfsuquad[0] = *tl++;
 2998                                 dnp->n_cookieverf.nfsuquad[1] = *tl;
 2999                                 NFSUNLOCKNODE(dnp);
 3000                         }
 3001                 }
 3002                 if (nd->nd_repstat || error) {
 3003                         if (!error)
 3004                                 error = nd->nd_repstat;
 3005                         goto nfsmout;
 3006                 }
 3007                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3008                 more_dirs = fxdr_unsigned(int, *tl);
 3009                 if (!more_dirs)
 3010                         tryformoredirs = 0;
 3011         
 3012                 /* loop through the dir entries, doctoring them to 4bsd form */
 3013                 while (more_dirs && bigenough) {
 3014                         if (nd->nd_flag & ND_NFSV4) {
 3015                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3016                                 ncookie.lval[0] = *tl++;
 3017                                 ncookie.lval[1] = *tl++;
 3018                                 len = fxdr_unsigned(int, *tl);
 3019                         } else if (nd->nd_flag & ND_NFSV3) {
 3020                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3021                                 nfsva.na_fileid = fxdr_hyper(tl);
 3022                                 tl += 2;
 3023                                 len = fxdr_unsigned(int, *tl);
 3024                         } else {
 3025                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 3026                                 nfsva.na_fileid =
 3027                                     fxdr_unsigned(long, *tl++);
 3028                                 len = fxdr_unsigned(int, *tl);
 3029                         }
 3030                         if (len <= 0 || len > NFS_MAXNAMLEN) {
 3031                                 error = EBADRPC;
 3032                                 goto nfsmout;
 3033                         }
 3034                         tlen = NFSM_RNDUP(len);
 3035                         if (tlen == len)
 3036                                 tlen += 4;  /* To ensure null termination */
 3037                         left = DIRBLKSIZ - blksiz;
 3038                         if ((int)(tlen + DIRHDSIZ + NFSX_HYPER) > left) {
 3039                                 dp->d_reclen += left;
 3040                                 uio_iov_base_add(uiop, left);
 3041                                 uio_iov_len_add(uiop, -(left));
 3042                                 uio_uio_resid_add(uiop, -(left));
 3043                                 uiop->uio_offset += left;
 3044                                 blksiz = 0;
 3045                         }
 3046                         if ((int)(tlen + DIRHDSIZ + NFSX_HYPER) > uio_uio_resid(uiop))
 3047                                 bigenough = 0;
 3048                         if (bigenough) {
 3049                                 dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop));
 3050                                 dp->d_namlen = len;
 3051                                 dp->d_reclen = tlen + DIRHDSIZ + NFSX_HYPER;
 3052                                 dp->d_type = DT_UNKNOWN;
 3053                                 blksiz += dp->d_reclen;
 3054                                 if (blksiz == DIRBLKSIZ)
 3055                                         blksiz = 0;
 3056                                 uio_uio_resid_add(uiop, -(DIRHDSIZ));
 3057                                 uiop->uio_offset += DIRHDSIZ;
 3058                                 uio_iov_base_add(uiop, DIRHDSIZ);
 3059                                 uio_iov_len_add(uiop, -(DIRHDSIZ));
 3060                                 error = nfsm_mbufuio(nd, uiop, len);
 3061                                 if (error)
 3062                                         goto nfsmout;
 3063                                 cp = CAST_DOWN(caddr_t, uio_iov_base(uiop));
 3064                                 tlen -= len;
 3065                                 *cp = '\0';     /* null terminate */
 3066                                 cp += tlen;     /* points to cookie storage */
 3067                                 tl2 = (u_int32_t *)cp;
 3068                                 uio_iov_base_add(uiop, (tlen + NFSX_HYPER));
 3069                                 uio_iov_len_add(uiop, -(tlen + NFSX_HYPER));
 3070                                 uio_uio_resid_add(uiop, -(tlen + NFSX_HYPER));
 3071                                 uiop->uio_offset += (tlen + NFSX_HYPER);
 3072                         } else {
 3073                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 3074                                 if (error)
 3075                                         goto nfsmout;
 3076                         }
 3077                         if (nd->nd_flag & ND_NFSV4) {
 3078                                 rderr = 0;
 3079                                 nfsva.na_mntonfileno = 0xffffffff;
 3080                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 3081                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 3082                                     NULL, NULL, &rderr, p, cred);
 3083                                 if (error)
 3084                                         goto nfsmout;
 3085                                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3086                         } else if (nd->nd_flag & ND_NFSV3) {
 3087                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3088                                 ncookie.lval[0] = *tl++;
 3089                                 ncookie.lval[1] = *tl++;
 3090                         } else {
 3091                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 3092                                 ncookie.lval[0] = 0;
 3093                                 ncookie.lval[1] = *tl++;
 3094                         }
 3095                         if (bigenough) {
 3096                             if (nd->nd_flag & ND_NFSV4) {
 3097                                 if (rderr) {
 3098                                     dp->d_fileno = 0;
 3099                                 } else {
 3100                                     if (gotmnton) {
 3101                                         if (nfsva.na_mntonfileno != 0xffffffff)
 3102                                             dp->d_fileno = nfsva.na_mntonfileno;
 3103                                         else
 3104                                             dp->d_fileno = nfsva.na_fileid;
 3105                                     } else if (nfsva.na_filesid[0] ==
 3106                                         dnp->n_vattr.na_filesid[0] &&
 3107                                         nfsva.na_filesid[1] ==
 3108                                         dnp->n_vattr.na_filesid[1]) {
 3109                                         dp->d_fileno = nfsva.na_fileid;
 3110                                     } else {
 3111                                         do {
 3112                                             fakefileno--;
 3113                                         } while (fakefileno ==
 3114                                             nfsva.na_fileid);
 3115                                         dp->d_fileno = fakefileno;
 3116                                     }
 3117                                     dp->d_type = vtonfs_dtype(nfsva.na_type);
 3118                                 }
 3119                             } else {
 3120                                 dp->d_fileno = nfsva.na_fileid;
 3121                             }
 3122                             *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
 3123                                 ncookie.lval[0];
 3124                             *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
 3125                                 ncookie.lval[1];
 3126                         }
 3127                         more_dirs = fxdr_unsigned(int, *tl);
 3128                 }
 3129                 /*
 3130                  * If at end of rpc data, get the eof boolean
 3131                  */
 3132                 if (!more_dirs) {
 3133                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3134                         eof = fxdr_unsigned(int, *tl);
 3135                         if (tryformoredirs)
 3136                                 more_dirs = !eof;
 3137                         if (nd->nd_flag & ND_NFSV4) {
 3138                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 3139                                     stuff);
 3140                                 if (error)
 3141                                         goto nfsmout;
 3142                         }
 3143                 }
 3144                 mbuf_freem(nd->nd_mrep);
 3145                 nd->nd_mrep = NULL;
 3146         }
 3147         /*
 3148          * Fill last record, iff any, out to a multiple of DIRBLKSIZ
 3149          * by increasing d_reclen for the last record.
 3150          */
 3151         if (blksiz > 0) {
 3152                 left = DIRBLKSIZ - blksiz;
 3153                 dp->d_reclen += left;
 3154                 uio_iov_base_add(uiop, left);
 3155                 uio_iov_len_add(uiop, -(left));
 3156                 uio_uio_resid_add(uiop, -(left));
 3157                 uiop->uio_offset += left;
 3158         }
 3159 
 3160         /*
 3161          * If returning no data, assume end of file.
 3162          * If not bigenough, return not end of file, since you aren't
 3163          *    returning all the data
 3164          * Otherwise, return the eof flag from the server.
 3165          */
 3166         if (eofp) {
 3167                 if (tresid == ((size_t)(uio_uio_resid(uiop))))
 3168                         *eofp = 1;
 3169                 else if (!bigenough)
 3170                         *eofp = 0;
 3171                 else
 3172                         *eofp = eof;
 3173         }
 3174 
 3175         /*
 3176          * Add extra empty records to any remaining DIRBLKSIZ chunks.
 3177          */
 3178         while (uio_uio_resid(uiop) > 0 && ((size_t)(uio_uio_resid(uiop))) != tresid) {
 3179                 dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop));
 3180                 dp->d_type = DT_UNKNOWN;
 3181                 dp->d_fileno = 0;
 3182                 dp->d_namlen = 0;
 3183                 dp->d_name[0] = '\0';
 3184                 tl = (u_int32_t *)&dp->d_name[4];
 3185                 *tl++ = cookie.lval[0];
 3186                 *tl = cookie.lval[1];
 3187                 dp->d_reclen = DIRBLKSIZ;
 3188                 uio_iov_base_add(uiop, DIRBLKSIZ);
 3189                 uio_iov_len_add(uiop, -(DIRBLKSIZ));
 3190                 uio_uio_resid_add(uiop, -(DIRBLKSIZ));
 3191                 uiop->uio_offset += DIRBLKSIZ;
 3192         }
 3193 
 3194 nfsmout:
 3195         if (nd->nd_mrep != NULL)
 3196                 mbuf_freem(nd->nd_mrep);
 3197         return (error);
 3198 }
 3199 
 3200 #ifndef APPLE
 3201 /*
 3202  * NFS V3 readdir plus RPC. Used in place of nfsrpc_readdir().
 3203  * (Also used for NFS V4 when mount flag set.)
 3204  * (ditto above w.r.t. multiple of DIRBLKSIZ, etc.)
 3205  */
 3206 APPLESTATIC int
 3207 nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
 3208     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 3209     int *eofp, void *stuff)
 3210 {
 3211         int len, left;
 3212         struct dirent *dp = NULL;
 3213         u_int32_t *tl;
 3214         vnode_t newvp = NULLVP;
 3215         struct nfsrv_descript nfsd, *nd = &nfsd;
 3216         struct nameidata nami, *ndp = &nami;
 3217         struct componentname *cnp = &ndp->ni_cnd;
 3218         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3219         struct nfsnode *dnp = VTONFS(vp), *np;
 3220         struct nfsvattr nfsva;
 3221         struct nfsfh *nfhp;
 3222         nfsquad_t cookie, ncookie;
 3223         int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
 3224         int attrflag, tryformoredirs = 1, eof = 0, gotmnton = 0;
 3225         int isdotdot = 0, unlocknewvp = 0;
 3226         long dotfileid, dotdotfileid = 0, fileno = 0;
 3227         char *cp;
 3228         nfsattrbit_t attrbits, dattrbits;
 3229         size_t tresid;
 3230         u_int32_t *tl2 = NULL, fakefileno = 0xffffffff, rderr;
 3231         struct timespec dctime;
 3232 
 3233         KASSERT(uiop->uio_iovcnt == 1 &&
 3234             (uio_uio_resid(uiop) & (DIRBLKSIZ - 1)) == 0,
 3235             ("nfs readdirplusrpc bad uio"));
 3236         timespecclear(&dctime);
 3237         *attrflagp = 0;
 3238         if (eofp != NULL)
 3239                 *eofp = 0;
 3240         ndp->ni_dvp = vp;
 3241         nd->nd_mrep = NULL;
 3242         cookie.lval[0] = cookiep->nfsuquad[0];
 3243         cookie.lval[1] = cookiep->nfsuquad[1];
 3244         tresid = uio_uio_resid(uiop);
 3245 
 3246         /*
 3247          * For NFSv4, first create the "." and ".." entries.
 3248          */
 3249         if (NFSHASNFSV4(nmp)) {
 3250                 NFSGETATTR_ATTRBIT(&dattrbits);
 3251                 NFSZERO_ATTRBIT(&attrbits);
 3252                 NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
 3253                 if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
 3254                     NFSATTRBIT_MOUNTEDONFILEID)) {
 3255                         NFSSETBIT_ATTRBIT(&attrbits,
 3256                             NFSATTRBIT_MOUNTEDONFILEID);
 3257                         gotmnton = 1;
 3258                 } else {
 3259                         /*
 3260                          * Must fake it. Use the fileno, except when the
 3261                          * fsid is != to that of the directory. For that
 3262                          * case, generate a fake fileno that is not the same.
 3263                          */
 3264                         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
 3265                         gotmnton = 0;
 3266                 }
 3267 
 3268                 /*
 3269                  * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
 3270                  */
 3271                 if (uiop->uio_offset == 0) {
 3272                         NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp);
 3273                         NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 3274                         *tl++ = txdr_unsigned(NFSV4OP_GETFH);
 3275                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3276                         (void) nfsrv_putattrbit(nd, &attrbits);
 3277                         error = nfscl_request(nd, vp, p, cred, stuff);
 3278                         if (error)
 3279                             return (error);
 3280                         dotfileid = 0;  /* Fake out the compiler. */
 3281                         if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
 3282                             error = nfsm_loadattr(nd, &nfsva);
 3283                             if (error != 0)
 3284                                 goto nfsmout;
 3285                             dctime = nfsva.na_ctime;
 3286                             dotfileid = nfsva.na_fileid;
 3287                         }
 3288                         if (nd->nd_repstat == 0) {
 3289                             NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
 3290                             len = fxdr_unsigned(int, *(tl + 4));
 3291                             if (len > 0 && len <= NFSX_V4FHMAX)
 3292                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 3293                             else
 3294                                 error = EPERM;
 3295                             if (!error) {
 3296                                 NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
 3297                                 nfsva.na_mntonfileno = 0xffffffff;
 3298                                 error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
 3299                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 3300                                     NULL, NULL, NULL, p, cred);
 3301                                 if (error) {
 3302                                     dotdotfileid = dotfileid;
 3303                                 } else if (gotmnton) {
 3304                                     if (nfsva.na_mntonfileno != 0xffffffff)
 3305                                         dotdotfileid = nfsva.na_mntonfileno;
 3306                                     else
 3307                                         dotdotfileid = nfsva.na_fileid;
 3308                                 } else if (nfsva.na_filesid[0] ==
 3309                                     dnp->n_vattr.na_filesid[0] &&
 3310                                     nfsva.na_filesid[1] ==
 3311                                     dnp->n_vattr.na_filesid[1]) {
 3312                                     dotdotfileid = nfsva.na_fileid;
 3313                                 } else {
 3314                                     do {
 3315                                         fakefileno--;
 3316                                     } while (fakefileno ==
 3317                                         nfsva.na_fileid);
 3318                                     dotdotfileid = fakefileno;
 3319                                 }
 3320                             }
 3321                         } else if (nd->nd_repstat == NFSERR_NOENT) {
 3322                             /*
 3323                              * Lookupp returns NFSERR_NOENT when we are
 3324                              * at the root, so just use the current dir.
 3325                              */
 3326                             nd->nd_repstat = 0;
 3327                             dotdotfileid = dotfileid;
 3328                         } else {
 3329                             error = nd->nd_repstat;
 3330                         }
 3331                         mbuf_freem(nd->nd_mrep);
 3332                         if (error)
 3333                             return (error);
 3334                         nd->nd_mrep = NULL;
 3335                         dp = (struct dirent *)uio_iov_base(uiop);
 3336                         dp->d_type = DT_DIR;
 3337                         dp->d_fileno = dotfileid;
 3338                         dp->d_namlen = 1;
 3339                         dp->d_name[0] = '.';
 3340                         dp->d_name[1] = '\0';
 3341                         dp->d_reclen = DIRENT_SIZE(dp) + NFSX_HYPER;
 3342                         /*
 3343                          * Just make these offset cookie 0.
 3344                          */
 3345                         tl = (u_int32_t *)&dp->d_name[4];
 3346                         *tl++ = 0;
 3347                         *tl = 0;
 3348                         blksiz += dp->d_reclen;
 3349                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 3350                         uiop->uio_offset += dp->d_reclen;
 3351                         uio_iov_base_add(uiop, dp->d_reclen);
 3352                         uio_iov_len_add(uiop, -(dp->d_reclen));
 3353                         dp = (struct dirent *)uio_iov_base(uiop);
 3354                         dp->d_type = DT_DIR;
 3355                         dp->d_fileno = dotdotfileid;
 3356                         dp->d_namlen = 2;
 3357                         dp->d_name[0] = '.';
 3358                         dp->d_name[1] = '.';
 3359                         dp->d_name[2] = '\0';
 3360                         dp->d_reclen = DIRENT_SIZE(dp) + NFSX_HYPER;
 3361                         /*
 3362                          * Just make these offset cookie 0.
 3363                          */
 3364                         tl = (u_int32_t *)&dp->d_name[4];
 3365                         *tl++ = 0;
 3366                         *tl = 0;
 3367                         blksiz += dp->d_reclen;
 3368                         uio_uio_resid_add(uiop, -(dp->d_reclen));
 3369                         uiop->uio_offset += dp->d_reclen;
 3370                         uio_iov_base_add(uiop, dp->d_reclen);
 3371                         uio_iov_len_add(uiop, -(dp->d_reclen));
 3372                 }
 3373                 NFSREADDIRPLUS_ATTRBIT(&attrbits);
 3374                 if (gotmnton)
 3375                         NFSSETBIT_ATTRBIT(&attrbits,
 3376                             NFSATTRBIT_MOUNTEDONFILEID);
 3377         }
 3378 
 3379         /*
 3380          * Loop around doing readdir rpc's of size nm_readdirsize.
 3381          * The stopping criteria is EOF or buffer full.
 3382          */
 3383         while (more_dirs && bigenough) {
 3384                 *attrflagp = 0;
 3385                 NFSCL_REQSTART(nd, NFSPROC_READDIRPLUS, vp);
 3386                 NFSM_BUILD(tl, u_int32_t *, 6 * NFSX_UNSIGNED);
 3387                 *tl++ = cookie.lval[0];
 3388                 *tl++ = cookie.lval[1];
 3389                 if (cookie.qval == 0) {
 3390                         *tl++ = 0;
 3391                         *tl++ = 0;
 3392                 } else {
 3393                         NFSLOCKNODE(dnp);
 3394                         *tl++ = dnp->n_cookieverf.nfsuquad[0];
 3395                         *tl++ = dnp->n_cookieverf.nfsuquad[1];
 3396                         NFSUNLOCKNODE(dnp);
 3397                 }
 3398                 *tl++ = txdr_unsigned(nmp->nm_readdirsize);
 3399                 *tl = txdr_unsigned(nmp->nm_readdirsize);
 3400                 if (nd->nd_flag & ND_NFSV4) {
 3401                         (void) nfsrv_putattrbit(nd, &attrbits);
 3402                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 3403                         *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3404                         (void) nfsrv_putattrbit(nd, &dattrbits);
 3405                 }
 3406                 error = nfscl_request(nd, vp, p, cred, stuff);
 3407                 if (error)
 3408                         return (error);
 3409                 if (nd->nd_flag & ND_NFSV3)
 3410                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 3411                 if (nd->nd_repstat || error) {
 3412                         if (!error)
 3413                                 error = nd->nd_repstat;
 3414                         goto nfsmout;
 3415                 }
 3416                 if ((nd->nd_flag & ND_NFSV3) != 0 && *attrflagp != 0)
 3417                         dctime = nap->na_ctime;
 3418                 NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3419                 NFSLOCKNODE(dnp);
 3420                 dnp->n_cookieverf.nfsuquad[0] = *tl++;
 3421                 dnp->n_cookieverf.nfsuquad[1] = *tl++;
 3422                 NFSUNLOCKNODE(dnp);
 3423                 more_dirs = fxdr_unsigned(int, *tl);
 3424                 if (!more_dirs)
 3425                         tryformoredirs = 0;
 3426         
 3427                 /* loop through the dir entries, doctoring them to 4bsd form */
 3428                 while (more_dirs && bigenough) {
 3429                         NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3430                         if (nd->nd_flag & ND_NFSV4) {
 3431                                 ncookie.lval[0] = *tl++;
 3432                                 ncookie.lval[1] = *tl++;
 3433                         } else {
 3434                                 fileno = fxdr_unsigned(long, *++tl);
 3435                                 tl++;
 3436                         }
 3437                         len = fxdr_unsigned(int, *tl);
 3438                         if (len <= 0 || len > NFS_MAXNAMLEN) {
 3439                                 error = EBADRPC;
 3440                                 goto nfsmout;
 3441                         }
 3442                         tlen = NFSM_RNDUP(len);
 3443                         if (tlen == len)
 3444                                 tlen += 4;  /* To ensure null termination */
 3445                         left = DIRBLKSIZ - blksiz;
 3446                         if ((tlen + DIRHDSIZ + NFSX_HYPER) > left) {
 3447                                 dp->d_reclen += left;
 3448                                 uio_iov_base_add(uiop, left);
 3449                                 uio_iov_len_add(uiop, -(left));
 3450                                 uio_uio_resid_add(uiop, -(left));
 3451                                 uiop->uio_offset += left;
 3452                                 blksiz = 0;
 3453                         }
 3454                         if ((tlen + DIRHDSIZ + NFSX_HYPER) > uio_uio_resid(uiop))
 3455                                 bigenough = 0;
 3456                         if (bigenough) {
 3457                                 dp = (struct dirent *)uio_iov_base(uiop);
 3458                                 dp->d_namlen = len;
 3459                                 dp->d_reclen = tlen + DIRHDSIZ + NFSX_HYPER;
 3460                                 dp->d_type = DT_UNKNOWN;
 3461                                 blksiz += dp->d_reclen;
 3462                                 if (blksiz == DIRBLKSIZ)
 3463                                         blksiz = 0;
 3464                                 uio_uio_resid_add(uiop, -(DIRHDSIZ));
 3465                                 uiop->uio_offset += DIRHDSIZ;
 3466                                 uio_iov_base_add(uiop, DIRHDSIZ);
 3467                                 uio_iov_len_add(uiop, -(DIRHDSIZ));
 3468                                 cnp->cn_nameptr = uio_iov_base(uiop);
 3469                                 cnp->cn_namelen = len;
 3470                                 NFSCNHASHZERO(cnp);
 3471                                 error = nfsm_mbufuio(nd, uiop, len);
 3472                                 if (error)
 3473                                         goto nfsmout;
 3474                                 cp = uio_iov_base(uiop);
 3475                                 tlen -= len;
 3476                                 *cp = '\0';
 3477                                 cp += tlen;     /* points to cookie storage */
 3478                                 tl2 = (u_int32_t *)cp;
 3479                                 if (len == 2 && cnp->cn_nameptr[0] == '.' &&
 3480                                     cnp->cn_nameptr[1] == '.')
 3481                                         isdotdot = 1;
 3482                                 else
 3483                                         isdotdot = 0;
 3484                                 uio_iov_base_add(uiop, (tlen + NFSX_HYPER));
 3485                                 uio_iov_len_add(uiop, -(tlen + NFSX_HYPER));
 3486                                 uio_uio_resid_add(uiop, -(tlen + NFSX_HYPER));
 3487                                 uiop->uio_offset += (tlen + NFSX_HYPER);
 3488                         } else {
 3489                                 error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
 3490                                 if (error)
 3491                                         goto nfsmout;
 3492                         }
 3493                         nfhp = NULL;
 3494                         if (nd->nd_flag & ND_NFSV3) {
 3495                                 NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
 3496                                 ncookie.lval[0] = *tl++;
 3497                                 ncookie.lval[1] = *tl++;
 3498                                 attrflag = fxdr_unsigned(int, *tl);
 3499                                 if (attrflag) {
 3500                                   error = nfsm_loadattr(nd, &nfsva);
 3501                                   if (error)
 3502                                         goto nfsmout;
 3503                                 }
 3504                                 NFSM_DISSECT(tl,u_int32_t *,NFSX_UNSIGNED);
 3505                                 if (*tl) {
 3506                                         error = nfsm_getfh(nd, &nfhp);
 3507                                         if (error)
 3508                                             goto nfsmout;
 3509                                 }
 3510                                 if (!attrflag && nfhp != NULL) {
 3511                                         FREE((caddr_t)nfhp, M_NFSFH);
 3512                                         nfhp = NULL;
 3513                                 }
 3514                         } else {
 3515                                 rderr = 0;
 3516                                 nfsva.na_mntonfileno = 0xffffffff;
 3517                                 error = nfsv4_loadattr(nd, NULL, &nfsva, &nfhp,
 3518                                     NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
 3519                                     NULL, NULL, &rderr, p, cred);
 3520                                 if (error)
 3521                                         goto nfsmout;
 3522                         }
 3523 
 3524                         if (bigenough) {
 3525                             if (nd->nd_flag & ND_NFSV4) {
 3526                                 if (rderr) {
 3527                                     dp->d_fileno = 0;
 3528                                 } else if (gotmnton) {
 3529                                     if (nfsva.na_mntonfileno != 0xffffffff)
 3530                                         dp->d_fileno = nfsva.na_mntonfileno;
 3531                                     else
 3532                                         dp->d_fileno = nfsva.na_fileid;
 3533                                 } else if (nfsva.na_filesid[0] ==
 3534                                     dnp->n_vattr.na_filesid[0] &&
 3535                                     nfsva.na_filesid[1] ==
 3536                                     dnp->n_vattr.na_filesid[1]) {
 3537                                     dp->d_fileno = nfsva.na_fileid;
 3538                                 } else {
 3539                                     do {
 3540                                         fakefileno--;
 3541                                     } while (fakefileno ==
 3542                                         nfsva.na_fileid);
 3543                                     dp->d_fileno = fakefileno;
 3544                                 }
 3545                             } else {
 3546                                 dp->d_fileno = fileno;
 3547                             }
 3548                             *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
 3549                                 ncookie.lval[0];
 3550                             *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
 3551                                 ncookie.lval[1];
 3552 
 3553                             if (nfhp != NULL) {
 3554                                 if (NFSRV_CMPFH(nfhp->nfh_fh, nfhp->nfh_len,
 3555                                     dnp->n_fhp->nfh_fh, dnp->n_fhp->nfh_len)) {
 3556                                     VREF(vp);
 3557                                     newvp = vp;
 3558                                     unlocknewvp = 0;
 3559                                     FREE((caddr_t)nfhp, M_NFSFH);
 3560                                     np = dnp;
 3561                                 } else if (isdotdot != 0) {
 3562                                     /*
 3563                                      * Skip doing a nfscl_nget() call for "..".
 3564                                      * There's a race between acquiring the nfs
 3565                                      * node here and lookups that look for the
 3566                                      * directory being read (in the parent).
 3567                                      * It would try to get a lock on ".." here,
 3568                                      * owning the lock on the directory being
 3569                                      * read. Lookup will hold the lock on ".."
 3570                                      * and try to acquire the lock on the
 3571                                      * directory being read.
 3572                                      * If the directory is unlocked/relocked,
 3573                                      * then there is a LOR with the buflock
 3574                                      * vp is relocked.
 3575                                      */
 3576                                     free(nfhp, M_NFSFH);
 3577                                 } else {
 3578                                     error = nfscl_nget(vnode_mount(vp), vp,
 3579                                       nfhp, cnp, p, &np, NULL, LK_EXCLUSIVE);
 3580                                     if (!error) {
 3581                                         newvp = NFSTOV(np);
 3582                                         unlocknewvp = 1;
 3583                                     }
 3584                                 }
 3585                                 nfhp = NULL;
 3586                                 if (newvp != NULLVP) {
 3587                                     error = nfscl_loadattrcache(&newvp,
 3588                                         &nfsva, NULL, NULL, 0, 0);
 3589                                     if (error) {
 3590                                         if (unlocknewvp)
 3591                                             vput(newvp);
 3592                                         else
 3593                                             vrele(newvp);
 3594                                         goto nfsmout;
 3595                                     }
 3596                                     dp->d_type =
 3597                                         vtonfs_dtype(np->n_vattr.na_type);
 3598                                     ndp->ni_vp = newvp;
 3599                                     NFSCNHASH(cnp, HASHINIT);
 3600                                     if (cnp->cn_namelen <= NCHNAMLEN &&
 3601                                         (newvp->v_type != VDIR ||
 3602                                          dctime.tv_sec != 0)) {
 3603                                         cache_enter_time(ndp->ni_dvp,
 3604                                             ndp->ni_vp, cnp,
 3605                                             &nfsva.na_ctime,
 3606                                             newvp->v_type != VDIR ? NULL :
 3607                                             &dctime);
 3608                                     }
 3609                                     if (unlocknewvp)
 3610                                         vput(newvp);
 3611                                     else
 3612                                         vrele(newvp);
 3613                                     newvp = NULLVP;
 3614                                 }
 3615                             }
 3616                         } else if (nfhp != NULL) {
 3617                             FREE((caddr_t)nfhp, M_NFSFH);
 3618                         }
 3619                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3620                         more_dirs = fxdr_unsigned(int, *tl);
 3621                 }
 3622                 /*
 3623                  * If at end of rpc data, get the eof boolean
 3624                  */
 3625                 if (!more_dirs) {
 3626                         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3627                         eof = fxdr_unsigned(int, *tl);
 3628                         if (tryformoredirs)
 3629                                 more_dirs = !eof;
 3630                         if (nd->nd_flag & ND_NFSV4) {
 3631                                 error = nfscl_postop_attr(nd, nap, attrflagp,
 3632                                     stuff);
 3633                                 if (error)
 3634                                         goto nfsmout;
 3635                         }
 3636                 }
 3637                 mbuf_freem(nd->nd_mrep);
 3638                 nd->nd_mrep = NULL;
 3639         }
 3640         /*
 3641          * Fill last record, iff any, out to a multiple of DIRBLKSIZ
 3642          * by increasing d_reclen for the last record.
 3643          */
 3644         if (blksiz > 0) {
 3645                 left = DIRBLKSIZ - blksiz;
 3646                 dp->d_reclen += left;
 3647                 uio_iov_base_add(uiop, left);
 3648                 uio_iov_len_add(uiop, -(left));
 3649                 uio_uio_resid_add(uiop, -(left));
 3650                 uiop->uio_offset += left;
 3651         }
 3652 
 3653         /*
 3654          * If returning no data, assume end of file.
 3655          * If not bigenough, return not end of file, since you aren't
 3656          *    returning all the data
 3657          * Otherwise, return the eof flag from the server.
 3658          */
 3659         if (eofp != NULL) {
 3660                 if (tresid == uio_uio_resid(uiop))
 3661                         *eofp = 1;
 3662                 else if (!bigenough)
 3663                         *eofp = 0;
 3664                 else
 3665                         *eofp = eof;
 3666         }
 3667 
 3668         /*
 3669          * Add extra empty records to any remaining DIRBLKSIZ chunks.
 3670          */
 3671         while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) {
 3672                 dp = (struct dirent *)uio_iov_base(uiop);
 3673                 dp->d_type = DT_UNKNOWN;
 3674                 dp->d_fileno = 0;
 3675                 dp->d_namlen = 0;
 3676                 dp->d_name[0] = '\0';
 3677                 tl = (u_int32_t *)&dp->d_name[4];
 3678                 *tl++ = cookie.lval[0];
 3679                 *tl = cookie.lval[1];
 3680                 dp->d_reclen = DIRBLKSIZ;
 3681                 uio_iov_base_add(uiop, DIRBLKSIZ);
 3682                 uio_iov_len_add(uiop, -(DIRBLKSIZ));
 3683                 uio_uio_resid_add(uiop, -(DIRBLKSIZ));
 3684                 uiop->uio_offset += DIRBLKSIZ;
 3685         }
 3686 
 3687 nfsmout:
 3688         if (nd->nd_mrep != NULL)
 3689                 mbuf_freem(nd->nd_mrep);
 3690         return (error);
 3691 }
 3692 #endif  /* !APPLE */
 3693 
 3694 /*
 3695  * Nfs commit rpc
 3696  */
 3697 APPLESTATIC int
 3698 nfsrpc_commit(vnode_t vp, u_quad_t offset, int cnt, struct ucred *cred,
 3699     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 3700 {
 3701         u_int32_t *tl;
 3702         struct nfsrv_descript nfsd, *nd = &nfsd;
 3703         nfsattrbit_t attrbits;
 3704         int error;
 3705         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3706         
 3707         *attrflagp = 0;
 3708         NFSCL_REQSTART(nd, NFSPROC_COMMIT, vp);
 3709         NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3710         txdr_hyper(offset, tl);
 3711         tl += 2;
 3712         *tl = txdr_unsigned(cnt);
 3713         if (nd->nd_flag & ND_NFSV4) {
 3714                 /*
 3715                  * And do a Getattr op.
 3716                  */
 3717                 NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 3718                 *tl = txdr_unsigned(NFSV4OP_GETATTR);
 3719                 NFSGETATTR_ATTRBIT(&attrbits);
 3720                 (void) nfsrv_putattrbit(nd, &attrbits);
 3721         }
 3722         error = nfscl_request(nd, vp, p, cred, stuff);
 3723         if (error)
 3724                 return (error);
 3725         error = nfscl_wcc_data(nd, vp, nap, attrflagp, NULL, stuff);
 3726         if (!error && !nd->nd_repstat) {
 3727                 NFSM_DISSECT(tl, u_int32_t *, NFSX_VERF);
 3728                 NFSLOCKMNT(nmp);
 3729                 if (NFSBCMP(nmp->nm_verf, tl, NFSX_VERF)) {
 3730                         NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 3731                         nd->nd_repstat = NFSERR_STALEWRITEVERF;
 3732                 }
 3733                 NFSUNLOCKMNT(nmp);
 3734                 if (nd->nd_flag & ND_NFSV4)
 3735                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 3736         }
 3737 nfsmout:
 3738         if (!error && nd->nd_repstat)
 3739                 error = nd->nd_repstat;
 3740         mbuf_freem(nd->nd_mrep);
 3741         return (error);
 3742 }
 3743 
 3744 /*
 3745  * NFS byte range lock rpc.
 3746  * (Mostly just calls one of the three lower level RPC routines.)
 3747  */
 3748 APPLESTATIC int
 3749 nfsrpc_advlock(vnode_t vp, off_t size, int op, struct flock *fl,
 3750     int reclaim, struct ucred *cred, NFSPROC_T *p, void *id, int flags)
 3751 {
 3752         struct nfscllockowner *lp;
 3753         struct nfsclclient *clp;
 3754         struct nfsfh *nfhp;
 3755         struct nfsrv_descript nfsd, *nd = &nfsd;
 3756         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 3757         u_int64_t off, len;
 3758         off_t start, end;
 3759         u_int32_t clidrev = 0;
 3760         int error = 0, newone = 0, expireret = 0, retrycnt, donelocally;
 3761         int callcnt, dorpc;
 3762 
 3763         /*
 3764          * Convert the flock structure into a start and end and do POSIX
 3765          * bounds checking.
 3766          */
 3767         switch (fl->l_whence) {
 3768         case SEEK_SET:
 3769         case SEEK_CUR:
 3770                 /*
 3771                  * Caller is responsible for adding any necessary offset
 3772                  * when SEEK_CUR is used.
 3773                  */
 3774                 start = fl->l_start;
 3775                 off = fl->l_start;
 3776                 break;
 3777         case SEEK_END:
 3778                 start = size + fl->l_start;
 3779                 off = size + fl->l_start;
 3780                 break;
 3781         default:
 3782                 return (EINVAL);
 3783         }
 3784         if (start < 0)
 3785                 return (EINVAL);
 3786         if (fl->l_len != 0) {
 3787                 end = start + fl->l_len - 1;
 3788                 if (end < start)
 3789                         return (EINVAL);
 3790         }
 3791 
 3792         len = fl->l_len;
 3793         if (len == 0)
 3794                 len = NFS64BITSSET;
 3795         retrycnt = 0;
 3796         do {
 3797             nd->nd_repstat = 0;
 3798             if (op == F_GETLK) {
 3799                 error = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
 3800                 if (error)
 3801                         return (error);
 3802                 error = nfscl_lockt(vp, clp, off, len, fl, p, id, flags);
 3803                 if (!error) {
 3804                         clidrev = clp->nfsc_clientidrev;
 3805                         error = nfsrpc_lockt(nd, vp, clp, off, len, fl, cred,
 3806                             p, id, flags);
 3807                 } else if (error == -1) {
 3808                         error = 0;
 3809                 }
 3810                 nfscl_clientrelease(clp);
 3811             } else if (op == F_UNLCK && fl->l_type == F_UNLCK) {
 3812                 /*
 3813                  * We must loop around for all lockowner cases.
 3814                  */
 3815                 callcnt = 0;
 3816                 error = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
 3817                 if (error)
 3818                         return (error);
 3819                 do {
 3820                     error = nfscl_relbytelock(vp, off, len, cred, p, callcnt,
 3821                         clp, id, flags, &lp, &dorpc);
 3822                     /*
 3823                      * If it returns a NULL lp, we're done.
 3824                      */
 3825                     if (lp == NULL) {
 3826                         if (callcnt == 0)
 3827                             nfscl_clientrelease(clp);
 3828                         else
 3829                             nfscl_releasealllocks(clp, vp, p, id, flags);
 3830                         return (error);
 3831                     }
 3832                     if (nmp->nm_clp != NULL)
 3833                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 3834                     else
 3835                         clidrev = 0;
 3836                     /*
 3837                      * If the server doesn't support Posix lock semantics,
 3838                      * only allow locks on the entire file, since it won't
 3839                      * handle overlapping byte ranges.
 3840                      * There might still be a problem when a lock
 3841                      * upgrade/downgrade (read<->write) occurs, since the
 3842                      * server "might" expect an unlock first?
 3843                      */
 3844                     if (dorpc && (lp->nfsl_open->nfso_posixlock ||
 3845                         (off == 0 && len == NFS64BITSSET))) {
 3846                         /*
 3847                          * Since the lock records will go away, we must
 3848                          * wait for grace and delay here.
 3849                          */
 3850                         do {
 3851                             error = nfsrpc_locku(nd, nmp, lp, off, len,
 3852                                 NFSV4LOCKT_READ, cred, p, 0);
 3853                             if ((nd->nd_repstat == NFSERR_GRACE ||
 3854                                  nd->nd_repstat == NFSERR_DELAY) &&
 3855                                 error == 0)
 3856                                 (void) nfs_catnap(PZERO, (int)nd->nd_repstat,
 3857                                     "nfs_advlock");
 3858                         } while ((nd->nd_repstat == NFSERR_GRACE ||
 3859                             nd->nd_repstat == NFSERR_DELAY) && error == 0);
 3860                     }
 3861                     callcnt++;
 3862                 } while (error == 0 && nd->nd_repstat == 0);
 3863                 nfscl_releasealllocks(clp, vp, p, id, flags);
 3864             } else if (op == F_SETLK) {
 3865                 error = nfscl_getbytelock(vp, off, len, fl->l_type, cred, p,
 3866                     NULL, 0, id, flags, NULL, NULL, &lp, &newone, &donelocally);
 3867                 if (error || donelocally) {
 3868                         return (error);
 3869                 }
 3870                 if (nmp->nm_clp != NULL)
 3871                         clidrev = nmp->nm_clp->nfsc_clientidrev;
 3872                 else
 3873                         clidrev = 0;
 3874                 nfhp = VTONFS(vp)->n_fhp;
 3875                 if (!lp->nfsl_open->nfso_posixlock &&
 3876                     (off != 0 || len != NFS64BITSSET)) {
 3877                         error = EINVAL;
 3878                 } else {
 3879                         error = nfsrpc_lock(nd, nmp, vp, nfhp->nfh_fh,
 3880                             nfhp->nfh_len, lp, newone, reclaim, off,
 3881                             len, fl->l_type, cred, p, 0);
 3882                 }
 3883                 if (!error)
 3884                         error = nd->nd_repstat;
 3885                 nfscl_lockrelease(lp, error, newone);
 3886             } else {
 3887                 error = EINVAL;
 3888             }
 3889             if (!error)
 3890                 error = nd->nd_repstat;
 3891             if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
 3892                 error == NFSERR_STALEDONTRECOVER ||
 3893                 error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
 3894                 error == NFSERR_BADSESSION) {
 3895                 (void) nfs_catnap(PZERO, error, "nfs_advlock");
 3896             } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
 3897                 && clidrev != 0) {
 3898                 expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
 3899                 retrycnt++;
 3900             }
 3901         } while (error == NFSERR_GRACE ||
 3902             error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
 3903             error == NFSERR_STALEDONTRECOVER || error == NFSERR_STALESTATEID ||
 3904             error == NFSERR_BADSESSION ||
 3905             ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
 3906              expireret == 0 && clidrev != 0 && retrycnt < 4));
 3907         if (error && retrycnt >= 4)
 3908                 error = EIO;
 3909         return (error);
 3910 }
 3911 
 3912 /*
 3913  * The lower level routine for the LockT case.
 3914  */
 3915 APPLESTATIC int
 3916 nfsrpc_lockt(struct nfsrv_descript *nd, vnode_t vp,
 3917     struct nfsclclient *clp, u_int64_t off, u_int64_t len, struct flock *fl,
 3918     struct ucred *cred, NFSPROC_T *p, void *id, int flags)
 3919 {
 3920         u_int32_t *tl;
 3921         int error, type, size;
 3922         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 3923         struct nfsnode *np;
 3924         struct nfsmount *nmp;
 3925         struct nfsclsession *tsep;
 3926 
 3927         nmp = VFSTONFS(vp->v_mount);
 3928         NFSCL_REQSTART(nd, NFSPROC_LOCKT, vp);
 3929         NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
 3930         if (fl->l_type == F_RDLCK)
 3931                 *tl++ = txdr_unsigned(NFSV4LOCKT_READ);
 3932         else
 3933                 *tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
 3934         txdr_hyper(off, tl);
 3935         tl += 2;
 3936         txdr_hyper(len, tl);
 3937         tl += 2;
 3938         tsep = nfsmnt_mdssession(nmp);
 3939         *tl++ = tsep->nfsess_clientid.lval[0];
 3940         *tl = tsep->nfsess_clientid.lval[1];
 3941         nfscl_filllockowner(id, own, flags);
 3942         np = VTONFS(vp);
 3943         NFSBCOPY(np->n_fhp->nfh_fh, &own[NFSV4CL_LOCKNAMELEN],
 3944             np->n_fhp->nfh_len);
 3945         (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + np->n_fhp->nfh_len);
 3946         error = nfscl_request(nd, vp, p, cred, NULL);
 3947         if (error)
 3948                 return (error);
 3949         if (nd->nd_repstat == 0) {
 3950                 fl->l_type = F_UNLCK;
 3951         } else if (nd->nd_repstat == NFSERR_DENIED) {
 3952                 nd->nd_repstat = 0;
 3953                 fl->l_whence = SEEK_SET;
 3954                 NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
 3955                 fl->l_start = fxdr_hyper(tl);
 3956                 tl += 2;
 3957                 len = fxdr_hyper(tl);
 3958                 tl += 2;
 3959                 if (len == NFS64BITSSET)
 3960                         fl->l_len = 0;
 3961                 else
 3962                         fl->l_len = len;
 3963                 type = fxdr_unsigned(int, *tl++);
 3964                 if (type == NFSV4LOCKT_WRITE)
 3965                         fl->l_type = F_WRLCK;
 3966                 else
 3967                         fl->l_type = F_RDLCK;
 3968                 /*
 3969                  * XXX For now, I have no idea what to do with the
 3970                  * conflicting lock_owner, so I'll just set the pid == 0
 3971                  * and skip over the lock_owner.
 3972                  */
 3973                 fl->l_pid = (pid_t)0;
 3974                 tl += 2;
 3975                 size = fxdr_unsigned(int, *tl);
 3976                 if (size < 0 || size > NFSV4_OPAQUELIMIT)
 3977                         error = EBADRPC;
 3978                 if (!error)
 3979                         error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
 3980         } else if (nd->nd_repstat == NFSERR_STALECLIENTID)
 3981                 nfscl_initiate_recovery(clp);
 3982 nfsmout:
 3983         mbuf_freem(nd->nd_mrep);
 3984         return (error);
 3985 }
 3986 
 3987 /*
 3988  * Lower level function that performs the LockU RPC.
 3989  */
 3990 static int
 3991 nfsrpc_locku(struct nfsrv_descript *nd, struct nfsmount *nmp,
 3992     struct nfscllockowner *lp, u_int64_t off, u_int64_t len,
 3993     u_int32_t type, struct ucred *cred, NFSPROC_T *p, int syscred)
 3994 {
 3995         u_int32_t *tl;
 3996         int error;
 3997 
 3998         nfscl_reqstart(nd, NFSPROC_LOCKU, nmp, lp->nfsl_open->nfso_fh,
 3999             lp->nfsl_open->nfso_fhlen, NULL, NULL);
 4000         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 6 * NFSX_UNSIGNED);
 4001         *tl++ = txdr_unsigned(type);
 4002         *tl = txdr_unsigned(lp->nfsl_seqid);
 4003         if (nfstest_outofseq &&
 4004             (arc4random() % nfstest_outofseq) == 0)
 4005                 *tl = txdr_unsigned(lp->nfsl_seqid + 1);
 4006         tl++;
 4007         if (NFSHASNFSV4N(nmp))
 4008                 *tl++ = 0;
 4009         else
 4010                 *tl++ = lp->nfsl_stateid.seqid;
 4011         *tl++ = lp->nfsl_stateid.other[0];
 4012         *tl++ = lp->nfsl_stateid.other[1];
 4013         *tl++ = lp->nfsl_stateid.other[2];
 4014         txdr_hyper(off, tl);
 4015         tl += 2;
 4016         txdr_hyper(len, tl);
 4017         if (syscred)
 4018                 nd->nd_flag |= ND_USEGSSNAME;
 4019         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4020             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4021         NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
 4022         if (error)
 4023                 return (error);
 4024         if (nd->nd_repstat == 0) {
 4025                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
 4026                 lp->nfsl_stateid.seqid = *tl++;
 4027                 lp->nfsl_stateid.other[0] = *tl++;
 4028                 lp->nfsl_stateid.other[1] = *tl++;
 4029                 lp->nfsl_stateid.other[2] = *tl;
 4030         } else if (nd->nd_repstat == NFSERR_STALESTATEID)
 4031                 nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
 4032 nfsmout:
 4033         mbuf_freem(nd->nd_mrep);
 4034         return (error);
 4035 }
 4036 
 4037 /*
 4038  * The actual Lock RPC.
 4039  */
 4040 APPLESTATIC int
 4041 nfsrpc_lock(struct nfsrv_descript *nd, struct nfsmount *nmp, vnode_t vp,
 4042     u_int8_t *nfhp, int fhlen, struct nfscllockowner *lp, int newone,
 4043     int reclaim, u_int64_t off, u_int64_t len, short type, struct ucred *cred,
 4044     NFSPROC_T *p, int syscred)
 4045 {
 4046         u_int32_t *tl;
 4047         int error, size;
 4048         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 4049         struct nfsclsession *tsep;
 4050 
 4051         nfscl_reqstart(nd, NFSPROC_LOCK, nmp, nfhp, fhlen, NULL, NULL);
 4052         NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
 4053         if (type == F_RDLCK)
 4054                 *tl++ = txdr_unsigned(NFSV4LOCKT_READ);
 4055         else
 4056                 *tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
 4057         *tl++ = txdr_unsigned(reclaim);
 4058         txdr_hyper(off, tl);
 4059         tl += 2;
 4060         txdr_hyper(len, tl);
 4061         tl += 2;
 4062         if (newone) {
 4063             *tl = newnfs_true;
 4064             NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
 4065                 2 * NFSX_UNSIGNED + NFSX_HYPER);
 4066             *tl++ = txdr_unsigned(lp->nfsl_open->nfso_own->nfsow_seqid);
 4067             if (NFSHASNFSV4N(nmp))
 4068                 *tl++ = 0;
 4069             else
 4070                 *tl++ = lp->nfsl_open->nfso_stateid.seqid;
 4071             *tl++ = lp->nfsl_open->nfso_stateid.other[0];
 4072             *tl++ = lp->nfsl_open->nfso_stateid.other[1];
 4073             *tl++ = lp->nfsl_open->nfso_stateid.other[2];
 4074             *tl++ = txdr_unsigned(lp->nfsl_seqid);
 4075             tsep = nfsmnt_mdssession(nmp);
 4076             *tl++ = tsep->nfsess_clientid.lval[0];
 4077             *tl = tsep->nfsess_clientid.lval[1];
 4078             NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
 4079             NFSBCOPY(nfhp, &own[NFSV4CL_LOCKNAMELEN], fhlen);
 4080             (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
 4081         } else {
 4082             *tl = newnfs_false;
 4083             NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + NFSX_UNSIGNED);
 4084             if (NFSHASNFSV4N(nmp))
 4085                 *tl++ = 0;
 4086             else
 4087                 *tl++ = lp->nfsl_stateid.seqid;
 4088             *tl++ = lp->nfsl_stateid.other[0];
 4089             *tl++ = lp->nfsl_stateid.other[1];
 4090             *tl++ = lp->nfsl_stateid.other[2];
 4091             *tl = txdr_unsigned(lp->nfsl_seqid);
 4092             if (nfstest_outofseq &&
 4093                 (arc4random() % nfstest_outofseq) == 0)
 4094                     *tl = txdr_unsigned(lp->nfsl_seqid + 1);
 4095         }
 4096         if (syscred)
 4097                 nd->nd_flag |= ND_USEGSSNAME;
 4098         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
 4099             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4100         if (error)
 4101                 return (error);
 4102         if (newone)
 4103             NFSCL_INCRSEQID(lp->nfsl_open->nfso_own->nfsow_seqid, nd);
 4104         NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
 4105         if (nd->nd_repstat == 0) {
 4106                 NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
 4107                 lp->nfsl_stateid.seqid = *tl++;
 4108                 lp->nfsl_stateid.other[0] = *tl++;
 4109                 lp->nfsl_stateid.other[1] = *tl++;
 4110                 lp->nfsl_stateid.other[2] = *tl;
 4111         } else if (nd->nd_repstat == NFSERR_DENIED) {
 4112                 NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
 4113                 size = fxdr_unsigned(int, *(tl + 7));
 4114                 if (size < 0 || size > NFSV4_OPAQUELIMIT)
 4115                         error = EBADRPC;
 4116                 if (!error)
 4117                         error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
 4118         } else if (nd->nd_repstat == NFSERR_STALESTATEID)
 4119                 nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
 4120 nfsmout:
 4121         mbuf_freem(nd->nd_mrep);
 4122         return (error);
 4123 }
 4124 
 4125 /*
 4126  * nfs statfs rpc
 4127  * (always called with the vp for the mount point)
 4128  */
 4129 APPLESTATIC int
 4130 nfsrpc_statfs(vnode_t vp, struct nfsstatfs *sbp, struct nfsfsinfo *fsp,
 4131     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 4132     void *stuff)
 4133 {
 4134         u_int32_t *tl = NULL;
 4135         struct nfsrv_descript nfsd, *nd = &nfsd;
 4136         struct nfsmount *nmp;
 4137         nfsattrbit_t attrbits;
 4138         int error;
 4139 
 4140         *attrflagp = 0;
 4141         nmp = VFSTONFS(vnode_mount(vp));
 4142         if (NFSHASNFSV4(nmp)) {
 4143                 /*
 4144                  * For V4, you actually do a getattr.
 4145                  */
 4146                 NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
 4147                 NFSSTATFS_GETATTRBIT(&attrbits);
 4148                 (void) nfsrv_putattrbit(nd, &attrbits);
 4149                 nd->nd_flag |= ND_USEGSSNAME;
 4150                 error = nfscl_request(nd, vp, p, cred, stuff);
 4151                 if (error)
 4152                         return (error);
 4153                 if (nd->nd_repstat == 0) {
 4154                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 4155                             NULL, NULL, sbp, fsp, NULL, 0, NULL, NULL, NULL, p,
 4156                             cred);
 4157                         if (!error) {
 4158                                 nmp->nm_fsid[0] = nap->na_filesid[0];
 4159                                 nmp->nm_fsid[1] = nap->na_filesid[1];
 4160                                 NFSSETHASSETFSID(nmp);
 4161                                 *attrflagp = 1;
 4162                         }
 4163                 } else {
 4164                         error = nd->nd_repstat;
 4165                 }
 4166                 if (error)
 4167                         goto nfsmout;
 4168         } else {
 4169                 NFSCL_REQSTART(nd, NFSPROC_FSSTAT, vp);
 4170                 error = nfscl_request(nd, vp, p, cred, stuff);
 4171                 if (error)
 4172                         return (error);
 4173                 if (nd->nd_flag & ND_NFSV3) {
 4174                         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4175                         if (error)
 4176                                 goto nfsmout;
 4177                 }
 4178                 if (nd->nd_repstat) {
 4179                         error = nd->nd_repstat;
 4180                         goto nfsmout;
 4181                 }
 4182                 NFSM_DISSECT(tl, u_int32_t *,
 4183                     NFSX_STATFS(nd->nd_flag & ND_NFSV3));
 4184         }
 4185         if (NFSHASNFSV3(nmp)) {
 4186                 sbp->sf_tbytes = fxdr_hyper(tl); tl += 2;
 4187                 sbp->sf_fbytes = fxdr_hyper(tl); tl += 2;
 4188                 sbp->sf_abytes = fxdr_hyper(tl); tl += 2;
 4189                 sbp->sf_tfiles = fxdr_hyper(tl); tl += 2;
 4190                 sbp->sf_ffiles = fxdr_hyper(tl); tl += 2;
 4191                 sbp->sf_afiles = fxdr_hyper(tl); tl += 2;
 4192                 sbp->sf_invarsec = fxdr_unsigned(u_int32_t, *tl);
 4193         } else if (NFSHASNFSV4(nmp) == 0) {
 4194                 sbp->sf_tsize = fxdr_unsigned(u_int32_t, *tl++);
 4195                 sbp->sf_bsize = fxdr_unsigned(u_int32_t, *tl++);
 4196                 sbp->sf_blocks = fxdr_unsigned(u_int32_t, *tl++);
 4197                 sbp->sf_bfree = fxdr_unsigned(u_int32_t, *tl++);
 4198                 sbp->sf_bavail = fxdr_unsigned(u_int32_t, *tl);
 4199         }
 4200 nfsmout:
 4201         mbuf_freem(nd->nd_mrep);
 4202         return (error);
 4203 }
 4204 
 4205 /*
 4206  * nfs pathconf rpc
 4207  */
 4208 APPLESTATIC int
 4209 nfsrpc_pathconf(vnode_t vp, struct nfsv3_pathconf *pc,
 4210     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
 4211     void *stuff)
 4212 {
 4213         struct nfsrv_descript nfsd, *nd = &nfsd;
 4214         struct nfsmount *nmp;
 4215         u_int32_t *tl;
 4216         nfsattrbit_t attrbits;
 4217         int error;
 4218 
 4219         *attrflagp = 0;
 4220         nmp = VFSTONFS(vnode_mount(vp));
 4221         if (NFSHASNFSV4(nmp)) {
 4222                 /*
 4223                  * For V4, you actually do a getattr.
 4224                  */
 4225                 NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
 4226                 NFSPATHCONF_GETATTRBIT(&attrbits);
 4227                 (void) nfsrv_putattrbit(nd, &attrbits);
 4228                 nd->nd_flag |= ND_USEGSSNAME;
 4229                 error = nfscl_request(nd, vp, p, cred, stuff);
 4230                 if (error)
 4231                         return (error);
 4232                 if (nd->nd_repstat == 0) {
 4233                         error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
 4234                             pc, NULL, NULL, NULL, NULL, 0, NULL, NULL, NULL, p,
 4235                             cred);
 4236                         if (!error)
 4237                                 *attrflagp = 1;
 4238                 } else {
 4239                         error = nd->nd_repstat;
 4240                 }
 4241         } else {
 4242                 NFSCL_REQSTART(nd, NFSPROC_PATHCONF, vp);
 4243                 error = nfscl_request(nd, vp, p, cred, stuff);
 4244                 if (error)
 4245                         return (error);
 4246                 error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4247                 if (nd->nd_repstat && !error)
 4248                         error = nd->nd_repstat;
 4249                 if (!error) {
 4250                         NFSM_DISSECT(tl, u_int32_t *, NFSX_V3PATHCONF);
 4251                         pc->pc_linkmax = fxdr_unsigned(u_int32_t, *tl++);
 4252                         pc->pc_namemax = fxdr_unsigned(u_int32_t, *tl++);
 4253                         pc->pc_notrunc = fxdr_unsigned(u_int32_t, *tl++);
 4254                         pc->pc_chownrestricted =
 4255                             fxdr_unsigned(u_int32_t, *tl++);
 4256                         pc->pc_caseinsensitive =
 4257                             fxdr_unsigned(u_int32_t, *tl++);
 4258                         pc->pc_casepreserving = fxdr_unsigned(u_int32_t, *tl);
 4259                 }
 4260         }
 4261 nfsmout:
 4262         mbuf_freem(nd->nd_mrep);
 4263         return (error);
 4264 }
 4265 
 4266 /*
 4267  * nfs version 3 fsinfo rpc call
 4268  */
 4269 APPLESTATIC int
 4270 nfsrpc_fsinfo(vnode_t vp, struct nfsfsinfo *fsp, struct ucred *cred,
 4271     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
 4272 {
 4273         u_int32_t *tl;
 4274         struct nfsrv_descript nfsd, *nd = &nfsd;
 4275         int error;
 4276 
 4277         *attrflagp = 0;
 4278         NFSCL_REQSTART(nd, NFSPROC_FSINFO, vp);
 4279         error = nfscl_request(nd, vp, p, cred, stuff);
 4280         if (error)
 4281                 return (error);
 4282         error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
 4283         if (nd->nd_repstat && !error)
 4284                 error = nd->nd_repstat;
 4285         if (!error) {
 4286                 NFSM_DISSECT(tl, u_int32_t *, NFSX_V3FSINFO);
 4287                 fsp->fs_rtmax = fxdr_unsigned(u_int32_t, *tl++);
 4288                 fsp->fs_rtpref = fxdr_unsigned(u_int32_t, *tl++);
 4289                 fsp->fs_rtmult = fxdr_unsigned(u_int32_t, *tl++);
 4290                 fsp->fs_wtmax = fxdr_unsigned(u_int32_t, *tl++);
 4291                 fsp->fs_wtpref = fxdr_unsigned(u_int32_t, *tl++);
 4292                 fsp->fs_wtmult = fxdr_unsigned(u_int32_t, *tl++);
 4293                 fsp->fs_dtpref = fxdr_unsigned(u_int32_t, *tl++);
 4294                 fsp->fs_maxfilesize = fxdr_hyper(tl);
 4295                 tl += 2;
 4296                 fxdr_nfsv3time(tl, &fsp->fs_timedelta);
 4297                 tl += 2;
 4298                 fsp->fs_properties = fxdr_unsigned(u_int32_t, *tl);
 4299         }
 4300 nfsmout:
 4301         mbuf_freem(nd->nd_mrep);
 4302         return (error);
 4303 }
 4304 
 4305 /*
 4306  * This function performs the Renew RPC.
 4307  */
 4308 APPLESTATIC int
 4309 nfsrpc_renew(struct nfsclclient *clp, struct nfsclds *dsp, struct ucred *cred,
 4310     NFSPROC_T *p)
 4311 {
 4312         u_int32_t *tl;
 4313         struct nfsrv_descript nfsd;
 4314         struct nfsrv_descript *nd = &nfsd;
 4315         struct nfsmount *nmp;
 4316         int error;
 4317         struct nfssockreq *nrp;
 4318         struct nfsclsession *tsep;
 4319 
 4320         nmp = clp->nfsc_nmp;
 4321         if (nmp == NULL)
 4322                 return (0);
 4323         if (dsp == NULL)
 4324                 nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL, NULL);
 4325         else
 4326                 nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL,
 4327                     &dsp->nfsclds_sess);
 4328         if (!NFSHASNFSV4N(nmp)) {
 4329                 /* NFSv4.1 just uses a Sequence Op and not a Renew. */
 4330                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 4331                 tsep = nfsmnt_mdssession(nmp);
 4332                 *tl++ = tsep->nfsess_clientid.lval[0];
 4333                 *tl = tsep->nfsess_clientid.lval[1];
 4334         }
 4335         nrp = NULL;
 4336         if (dsp != NULL)
 4337                 nrp = dsp->nfsclds_sockp;
 4338         if (nrp == NULL)
 4339                 /* If NULL, use the MDS socket. */
 4340                 nrp = &nmp->nm_sockreq;
 4341         nd->nd_flag |= ND_USEGSSNAME;
 4342         if (dsp == NULL)
 4343                 error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
 4344                     NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4345         else
 4346                 error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
 4347                     NFS_PROG, NFS_VER4, NULL, 1, NULL, &dsp->nfsclds_sess);
 4348         if (error)
 4349                 return (error);
 4350         error = nd->nd_repstat;
 4351         mbuf_freem(nd->nd_mrep);
 4352         return (error);
 4353 }
 4354 
 4355 /*
 4356  * This function performs the Releaselockowner RPC.
 4357  */
 4358 APPLESTATIC int
 4359 nfsrpc_rellockown(struct nfsmount *nmp, struct nfscllockowner *lp,
 4360     uint8_t *fh, int fhlen, struct ucred *cred, NFSPROC_T *p)
 4361 {
 4362         struct nfsrv_descript nfsd, *nd = &nfsd;
 4363         u_int32_t *tl;
 4364         int error;
 4365         uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
 4366         struct nfsclsession *tsep;
 4367 
 4368         if (NFSHASNFSV4N(nmp)) {
 4369                 /* For NFSv4.1, do a FreeStateID. */
 4370                 nfscl_reqstart(nd, NFSPROC_FREESTATEID, nmp, NULL, 0, NULL,
 4371                     NULL);
 4372                 nfsm_stateidtom(nd, &lp->nfsl_stateid, NFSSTATEID_PUTSTATEID);
 4373         } else {
 4374                 nfscl_reqstart(nd, NFSPROC_RELEASELCKOWN, nmp, NULL, 0, NULL,
 4375                     NULL);
 4376                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 4377                 tsep = nfsmnt_mdssession(nmp);
 4378                 *tl++ = tsep->nfsess_clientid.lval[0];
 4379                 *tl = tsep->nfsess_clientid.lval[1];
 4380                 NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
 4381                 NFSBCOPY(fh, &own[NFSV4CL_LOCKNAMELEN], fhlen);
 4382                 (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
 4383         }
 4384         nd->nd_flag |= ND_USEGSSNAME;
 4385         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4386             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4387         if (error)
 4388                 return (error);
 4389         error = nd->nd_repstat;
 4390         mbuf_freem(nd->nd_mrep);
 4391         return (error);
 4392 }
 4393 
 4394 /*
 4395  * This function performs the Compound to get the mount pt FH.
 4396  */
 4397 APPLESTATIC int
 4398 nfsrpc_getdirpath(struct nfsmount *nmp, u_char *dirpath, struct ucred *cred,
 4399     NFSPROC_T *p)
 4400 {
 4401         u_int32_t *tl;
 4402         struct nfsrv_descript nfsd;
 4403         struct nfsrv_descript *nd = &nfsd;
 4404         u_char *cp, *cp2;
 4405         int error, cnt, len, setnil;
 4406         u_int32_t *opcntp;
 4407 
 4408         nfscl_reqstart(nd, NFSPROC_PUTROOTFH, nmp, NULL, 0, &opcntp, NULL);
 4409         cp = dirpath;
 4410         cnt = 0;
 4411         do {
 4412                 setnil = 0;
 4413                 while (*cp == '/')
 4414                         cp++;
 4415                 cp2 = cp;
 4416                 while (*cp2 != '\0' && *cp2 != '/')
 4417                         cp2++;
 4418                 if (*cp2 == '/') {
 4419                         setnil = 1;
 4420                         *cp2 = '\0';
 4421                 }
 4422                 if (cp2 != cp) {
 4423                         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 4424                         *tl = txdr_unsigned(NFSV4OP_LOOKUP);
 4425                         nfsm_strtom(nd, cp, strlen(cp));
 4426                         cnt++;
 4427                 }
 4428                 if (setnil)
 4429                         *cp2++ = '/';
 4430                 cp = cp2;
 4431         } while (*cp != '\0');
 4432         if (NFSHASNFSV4N(nmp))
 4433                 /* Has a Sequence Op done by nfscl_reqstart(). */
 4434                 *opcntp = txdr_unsigned(3 + cnt);
 4435         else
 4436                 *opcntp = txdr_unsigned(2 + cnt);
 4437         NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
 4438         *tl = txdr_unsigned(NFSV4OP_GETFH);
 4439         nd->nd_flag |= ND_USEGSSNAME;
 4440         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4441                 NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4442         if (error)
 4443                 return (error);
 4444         if (nd->nd_repstat == 0) {
 4445                 NFSM_DISSECT(tl, u_int32_t *, (3 + 2 * cnt) * NFSX_UNSIGNED);
 4446                 tl += (2 + 2 * cnt);
 4447                 if ((len = fxdr_unsigned(int, *tl)) <= 0 ||
 4448                         len > NFSX_FHMAX) {
 4449                         nd->nd_repstat = NFSERR_BADXDR;
 4450                 } else {
 4451                         nd->nd_repstat = nfsrv_mtostr(nd, nmp->nm_fh, len);
 4452                         if (nd->nd_repstat == 0)
 4453                                 nmp->nm_fhsize = len;
 4454                 }
 4455         }
 4456         error = nd->nd_repstat;
 4457 nfsmout:
 4458         mbuf_freem(nd->nd_mrep);
 4459         return (error);
 4460 }
 4461 
 4462 /*
 4463  * This function performs the Delegreturn RPC.
 4464  */
 4465 APPLESTATIC int
 4466 nfsrpc_delegreturn(struct nfscldeleg *dp, struct ucred *cred,
 4467     struct nfsmount *nmp, NFSPROC_T *p, int syscred)
 4468 {
 4469         u_int32_t *tl;
 4470         struct nfsrv_descript nfsd;
 4471         struct nfsrv_descript *nd = &nfsd;
 4472         int error;
 4473 
 4474         nfscl_reqstart(nd, NFSPROC_DELEGRETURN, nmp, dp->nfsdl_fh,
 4475             dp->nfsdl_fhlen, NULL, NULL);
 4476         NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
 4477         if (NFSHASNFSV4N(nmp))
 4478                 *tl++ = 0;
 4479         else
 4480                 *tl++ = dp->nfsdl_stateid.seqid;
 4481         *tl++ = dp->nfsdl_stateid.other[0];
 4482         *tl++ = dp->nfsdl_stateid.other[1];
 4483         *tl = dp->nfsdl_stateid.other[2];
 4484         if (syscred)
 4485                 nd->nd_flag |= ND_USEGSSNAME;
 4486         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4487             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4488         if (error)
 4489                 return (error);
 4490         error = nd->nd_repstat;
 4491         mbuf_freem(nd->nd_mrep);
 4492         return (error);
 4493 }
 4494 
 4495 /*
 4496  * nfs getacl call.
 4497  */
 4498 APPLESTATIC int
 4499 nfsrpc_getacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4500     struct acl *aclp, void *stuff)
 4501 {
 4502         struct nfsrv_descript nfsd, *nd = &nfsd;
 4503         int error;
 4504         nfsattrbit_t attrbits;
 4505         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4506         
 4507         if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
 4508                 return (EOPNOTSUPP);
 4509         NFSCL_REQSTART(nd, NFSPROC_GETACL, vp);
 4510         NFSZERO_ATTRBIT(&attrbits);
 4511         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
 4512         (void) nfsrv_putattrbit(nd, &attrbits);
 4513         error = nfscl_request(nd, vp, p, cred, stuff);
 4514         if (error)
 4515                 return (error);
 4516         if (!nd->nd_repstat)
 4517                 error = nfsv4_loadattr(nd, vp, NULL, NULL, NULL, 0, NULL,
 4518                     NULL, NULL, NULL, aclp, 0, NULL, NULL, NULL, p, cred);
 4519         else
 4520                 error = nd->nd_repstat;
 4521         mbuf_freem(nd->nd_mrep);
 4522         return (error);
 4523 }
 4524 
 4525 /*
 4526  * nfs setacl call.
 4527  */
 4528 APPLESTATIC int
 4529 nfsrpc_setacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4530     struct acl *aclp, void *stuff)
 4531 {
 4532         int error;
 4533         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4534         
 4535         if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
 4536                 return (EOPNOTSUPP);
 4537         error = nfsrpc_setattr(vp, NULL, aclp, cred, p, NULL, NULL, stuff);
 4538         return (error);
 4539 }
 4540 
 4541 /*
 4542  * nfs setacl call.
 4543  */
 4544 static int
 4545 nfsrpc_setaclrpc(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4546     struct acl *aclp, nfsv4stateid_t *stateidp, void *stuff)
 4547 {
 4548         struct nfsrv_descript nfsd, *nd = &nfsd;
 4549         int error;
 4550         nfsattrbit_t attrbits;
 4551         struct nfsmount *nmp = VFSTONFS(vnode_mount(vp));
 4552         
 4553         if (!NFSHASNFSV4(nmp))
 4554                 return (EOPNOTSUPP);
 4555         NFSCL_REQSTART(nd, NFSPROC_SETACL, vp);
 4556         nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
 4557         NFSZERO_ATTRBIT(&attrbits);
 4558         NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
 4559         (void) nfsv4_fillattr(nd, vnode_mount(vp), vp, aclp, NULL, NULL, 0,
 4560             &attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0);
 4561         error = nfscl_request(nd, vp, p, cred, stuff);
 4562         if (error)
 4563                 return (error);
 4564         /* Don't care about the pre/postop attributes */
 4565         mbuf_freem(nd->nd_mrep);
 4566         return (nd->nd_repstat);
 4567 }
 4568 
 4569 /*
 4570  * Do the NFSv4.1 Exchange ID.
 4571  */
 4572 int
 4573 nfsrpc_exchangeid(struct nfsmount *nmp, struct nfsclclient *clp,
 4574     struct nfssockreq *nrp, uint32_t exchflags, struct nfsclds **dspp,
 4575     struct ucred *cred, NFSPROC_T *p)
 4576 {
 4577         uint32_t *tl, v41flags;
 4578         struct nfsrv_descript nfsd;
 4579         struct nfsrv_descript *nd = &nfsd;
 4580         struct nfsclds *dsp;
 4581         struct timespec verstime;
 4582         int error, len;
 4583 
 4584         *dspp = NULL;
 4585         nfscl_reqstart(nd, NFSPROC_EXCHANGEID, nmp, NULL, 0, NULL, NULL);
 4586         NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
 4587         *tl++ = txdr_unsigned(nfsboottime.tv_sec);      /* Client owner */
 4588         *tl = txdr_unsigned(clp->nfsc_rev);
 4589         (void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
 4590 
 4591         NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
 4592         *tl++ = txdr_unsigned(exchflags);
 4593         *tl++ = txdr_unsigned(NFSV4EXCH_SP4NONE);
 4594 
 4595         /* Set the implementation id4 */
 4596         *tl = txdr_unsigned(1);
 4597         (void) nfsm_strtom(nd, "freebsd.org", strlen("freebsd.org"));
 4598         (void) nfsm_strtom(nd, version, strlen(version));
 4599         NFSM_BUILD(tl, uint32_t *, NFSX_V4TIME);
 4600         verstime.tv_sec = 1293840000;           /* Jan 1, 2011 */
 4601         verstime.tv_nsec = 0;
 4602         txdr_nfsv4time(&verstime, tl);
 4603         nd->nd_flag |= ND_USEGSSNAME;
 4604         error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
 4605             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4606         NFSCL_DEBUG(1, "exchangeid err=%d reps=%d\n", error,
 4607             (int)nd->nd_repstat);
 4608         if (error != 0)
 4609                 return (error);
 4610         if (nd->nd_repstat == 0) {
 4611                 NFSM_DISSECT(tl, uint32_t *, 6 * NFSX_UNSIGNED + NFSX_HYPER);
 4612                 len = fxdr_unsigned(int, *(tl + 7));
 4613                 if (len < 0 || len > NFSV4_OPAQUELIMIT) {
 4614                         error = NFSERR_BADXDR;
 4615                         goto nfsmout;
 4616                 }
 4617                 dsp = malloc(sizeof(struct nfsclds) + len + 1, M_NFSCLDS,
 4618                     M_WAITOK | M_ZERO);
 4619                 dsp->nfsclds_expire = NFSD_MONOSEC + clp->nfsc_renew;
 4620                 dsp->nfsclds_servownlen = len;
 4621                 dsp->nfsclds_sess.nfsess_clientid.lval[0] = *tl++;
 4622                 dsp->nfsclds_sess.nfsess_clientid.lval[1] = *tl++;
 4623                 dsp->nfsclds_sess.nfsess_sequenceid =
 4624                     fxdr_unsigned(uint32_t, *tl++);
 4625                 v41flags = fxdr_unsigned(uint32_t, *tl);
 4626                 if ((v41flags & NFSV4EXCH_USEPNFSMDS) != 0 &&
 4627                     NFSHASPNFSOPT(nmp)) {
 4628                         NFSCL_DEBUG(1, "set PNFS\n");
 4629                         NFSLOCKMNT(nmp);
 4630                         nmp->nm_state |= NFSSTA_PNFS;
 4631                         NFSUNLOCKMNT(nmp);
 4632                         dsp->nfsclds_flags |= NFSCLDS_MDS;
 4633                 }
 4634                 if ((v41flags & NFSV4EXCH_USEPNFSDS) != 0)
 4635                         dsp->nfsclds_flags |= NFSCLDS_DS;
 4636                 if (len > 0)
 4637                         nd->nd_repstat = nfsrv_mtostr(nd,
 4638                             dsp->nfsclds_serverown, len);
 4639                 if (nd->nd_repstat == 0) {
 4640                         mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
 4641                         mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
 4642                             NULL, MTX_DEF);
 4643                         nfscl_initsessionslots(&dsp->nfsclds_sess);
 4644                         *dspp = dsp;
 4645                 } else
 4646                         free(dsp, M_NFSCLDS);
 4647         }
 4648         error = nd->nd_repstat;
 4649 nfsmout:
 4650         mbuf_freem(nd->nd_mrep);
 4651         return (error);
 4652 }
 4653 
 4654 /*
 4655  * Do the NFSv4.1 Create Session.
 4656  */
 4657 int
 4658 nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep,
 4659     struct nfssockreq *nrp, uint32_t sequenceid, int mds, struct ucred *cred,
 4660     NFSPROC_T *p)
 4661 {
 4662         uint32_t crflags, maxval, *tl;
 4663         struct nfsrv_descript nfsd;
 4664         struct nfsrv_descript *nd = &nfsd;
 4665         int error, irdcnt;
 4666 
 4667         /* Make sure nm_rsize, nm_wsize is set. */
 4668         if (nmp->nm_rsize > NFS_MAXBSIZE || nmp->nm_rsize == 0)
 4669                 nmp->nm_rsize = NFS_MAXBSIZE;
 4670         if (nmp->nm_wsize > NFS_MAXBSIZE || nmp->nm_wsize == 0)
 4671                 nmp->nm_wsize = NFS_MAXBSIZE;
 4672         nfscl_reqstart(nd, NFSPROC_CREATESESSION, nmp, NULL, 0, NULL, NULL);
 4673         NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED);
 4674         *tl++ = sep->nfsess_clientid.lval[0];
 4675         *tl++ = sep->nfsess_clientid.lval[1];
 4676         *tl++ = txdr_unsigned(sequenceid);
 4677         crflags = (NFSMNT_RDONLY(nmp->nm_mountp) ? 0 : NFSV4CRSESS_PERSIST);
 4678         if (nfscl_enablecallb != 0 && nfs_numnfscbd > 0 && mds != 0)
 4679                 crflags |= NFSV4CRSESS_CONNBACKCHAN;
 4680         *tl = txdr_unsigned(crflags);
 4681 
 4682         /* Fill in fore channel attributes. */
 4683         NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4684         *tl++ = 0;                              /* Header pad size */
 4685         *tl++ = txdr_unsigned(nmp->nm_wsize + NFS_MAXXDR);/* Max request size */
 4686         *tl++ = txdr_unsigned(nmp->nm_rsize + NFS_MAXXDR);/* Max reply size */
 4687         *tl++ = txdr_unsigned(4096);            /* Max response size cached */
 4688         *tl++ = txdr_unsigned(20);              /* Max operations */
 4689         *tl++ = txdr_unsigned(64);              /* Max slots */
 4690         *tl = 0;                                /* No rdma ird */
 4691 
 4692         /* Fill in back channel attributes. */
 4693         NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4694         *tl++ = 0;                              /* Header pad size */
 4695         *tl++ = txdr_unsigned(10000);           /* Max request size */
 4696         *tl++ = txdr_unsigned(10000);           /* Max response size */
 4697         *tl++ = txdr_unsigned(4096);            /* Max response size cached */
 4698         *tl++ = txdr_unsigned(4);               /* Max operations */
 4699         *tl++ = txdr_unsigned(NFSV4_CBSLOTS);   /* Max slots */
 4700         *tl = 0;                                /* No rdma ird */
 4701 
 4702         NFSM_BUILD(tl, uint32_t *, 8 * NFSX_UNSIGNED);
 4703         *tl++ = txdr_unsigned(NFS_CALLBCKPROG); /* Call back prog # */
 4704 
 4705         /* Allow AUTH_SYS callbacks as uid, gid == 0. */
 4706         *tl++ = txdr_unsigned(1);               /* Auth_sys only */
 4707         *tl++ = txdr_unsigned(AUTH_SYS);        /* AUTH_SYS type */
 4708         *tl++ = txdr_unsigned(nfsboottime.tv_sec); /* time stamp */
 4709         *tl++ = 0;                              /* Null machine name */
 4710         *tl++ = 0;                              /* Uid == 0 */
 4711         *tl++ = 0;                              /* Gid == 0 */
 4712         *tl = 0;                                /* No additional gids */
 4713         nd->nd_flag |= ND_USEGSSNAME;
 4714         error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred, NFS_PROG,
 4715             NFS_VER4, NULL, 1, NULL, NULL);
 4716         if (error != 0)
 4717                 return (error);
 4718         if (nd->nd_repstat == 0) {
 4719                 NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
 4720                     2 * NFSX_UNSIGNED);
 4721                 bcopy(tl, sep->nfsess_sessionid, NFSX_V4SESSIONID);
 4722                 tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
 4723                 sep->nfsess_sequenceid = fxdr_unsigned(uint32_t, *tl++);
 4724                 crflags = fxdr_unsigned(uint32_t, *tl);
 4725                 if ((crflags & NFSV4CRSESS_PERSIST) != 0 && mds != 0) {
 4726                         NFSLOCKMNT(nmp);
 4727                         nmp->nm_state |= NFSSTA_SESSPERSIST;
 4728                         NFSUNLOCKMNT(nmp);
 4729                 }
 4730 
 4731                 /* Get the fore channel slot count. */
 4732                 NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4733                 tl++;                   /* Skip the header pad size. */
 4734 
 4735                 /* Make sure nm_wsize is small enough. */
 4736                 maxval = fxdr_unsigned(uint32_t, *tl++);
 4737                 while (maxval < nmp->nm_wsize + NFS_MAXXDR) {
 4738                         if (nmp->nm_wsize > 8096)
 4739                                 nmp->nm_wsize /= 2;
 4740                         else
 4741                                 break;
 4742                 }
 4743 
 4744                 /* Make sure nm_rsize is small enough. */
 4745                 maxval = fxdr_unsigned(uint32_t, *tl++);
 4746                 while (maxval < nmp->nm_rsize + NFS_MAXXDR) {
 4747                         if (nmp->nm_rsize > 8096)
 4748                                 nmp->nm_rsize /= 2;
 4749                         else
 4750                                 break;
 4751                 }
 4752 
 4753                 sep->nfsess_maxcache = fxdr_unsigned(int, *tl++);
 4754                 tl++;
 4755                 sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++);
 4756                 NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots);
 4757                 irdcnt = fxdr_unsigned(int, *tl);
 4758                 if (irdcnt > 0)
 4759                         NFSM_DISSECT(tl, uint32_t *, irdcnt * NFSX_UNSIGNED);
 4760 
 4761                 /* and the back channel slot count. */
 4762                 NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
 4763                 tl += 5;
 4764                 sep->nfsess_backslots = fxdr_unsigned(uint16_t, *tl);
 4765                 NFSCL_DEBUG(4, "back slots=%d\n", (int)sep->nfsess_backslots);
 4766         }
 4767         error = nd->nd_repstat;
 4768 nfsmout:
 4769         mbuf_freem(nd->nd_mrep);
 4770         return (error);
 4771 }
 4772 
 4773 /*
 4774  * Do the NFSv4.1 Destroy Session.
 4775  */
 4776 int
 4777 nfsrpc_destroysession(struct nfsmount *nmp, struct nfsclclient *clp,
 4778     struct ucred *cred, NFSPROC_T *p)
 4779 {
 4780         uint32_t *tl;
 4781         struct nfsrv_descript nfsd;
 4782         struct nfsrv_descript *nd = &nfsd;
 4783         int error;
 4784         struct nfsclsession *tsep;
 4785 
 4786         nfscl_reqstart(nd, NFSPROC_DESTROYSESSION, nmp, NULL, 0, NULL, NULL);
 4787         NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID);
 4788         tsep = nfsmnt_mdssession(nmp);
 4789         bcopy(tsep->nfsess_sessionid, tl, NFSX_V4SESSIONID);
 4790         nd->nd_flag |= ND_USEGSSNAME;
 4791         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4792             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4793         if (error != 0)
 4794                 return (error);
 4795         error = nd->nd_repstat;
 4796         mbuf_freem(nd->nd_mrep);
 4797         return (error);
 4798 }
 4799 
 4800 /*
 4801  * Do the NFSv4.1 Destroy Client.
 4802  */
 4803 int
 4804 nfsrpc_destroyclient(struct nfsmount *nmp, struct nfsclclient *clp,
 4805     struct ucred *cred, NFSPROC_T *p)
 4806 {
 4807         uint32_t *tl;
 4808         struct nfsrv_descript nfsd;
 4809         struct nfsrv_descript *nd = &nfsd;
 4810         int error;
 4811         struct nfsclsession *tsep;
 4812 
 4813         nfscl_reqstart(nd, NFSPROC_DESTROYCLIENT, nmp, NULL, 0, NULL, NULL);
 4814         NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
 4815         tsep = nfsmnt_mdssession(nmp);
 4816         *tl++ = tsep->nfsess_clientid.lval[0];
 4817         *tl = tsep->nfsess_clientid.lval[1];
 4818         nd->nd_flag |= ND_USEGSSNAME;
 4819         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4820             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4821         if (error != 0)
 4822                 return (error);
 4823         error = nd->nd_repstat;
 4824         mbuf_freem(nd->nd_mrep);
 4825         return (error);
 4826 }
 4827 
 4828 /*
 4829  * Do the NFSv4.1 LayoutGet.
 4830  */
 4831 int
 4832 nfsrpc_layoutget(struct nfsmount *nmp, uint8_t *fhp, int fhlen, int iomode,
 4833     uint64_t offset, uint64_t len, uint64_t minlen, int layoutlen,
 4834     nfsv4stateid_t *stateidp, int *retonclosep, struct nfsclflayouthead *flhp,
 4835     struct ucred *cred, NFSPROC_T *p, void *stuff)
 4836 {
 4837         struct nfsrv_descript nfsd, *nd = &nfsd;
 4838         int error;
 4839 
 4840         nfscl_reqstart(nd, NFSPROC_LAYOUTGET, nmp, fhp, fhlen, NULL, NULL);
 4841         nfsrv_setuplayoutget(nd, iomode, offset, len, minlen, stateidp,
 4842             layoutlen, 0);
 4843         nd->nd_flag |= ND_USEGSSNAME;
 4844         error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 4845             NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
 4846         NFSCL_DEBUG(4, "layget err=%d st=%d\n", error, nd->nd_repstat);
 4847         if (error != 0)
 4848                 return (error);
 4849         if (nd->nd_repstat == 0)
 4850                 error = nfsrv_parselayoutget(nd, stateidp, retonclosep, flhp);
 4851         if (error == 0 && nd->nd_repstat != 0)
 4852                 error = nd->nd_repstat;
 4853         mbuf_freem(nd->nd_mrep);
 4854         return (error);
 4855 }
 4856 
 4857 /*
 4858  * Do the NFSv4.1 Get Device Info.
 4859  */
 4860 int
 4861 nfsrpc_getdeviceinfo(struct nfsmount *nmp, uint8_t *deviceid, int layouttype,
 4862     uint32_t *notifybitsp, struct nfscldevinfo **ndip, struct ucred *cred,
 4863     NFSPROC_T *p)
 4864 {
 4865         uint32_t cnt, *tl;
 4866         struct nfsrv_descript nfsd;
 4867         struct nfsrv_descript *nd = &nfsd;