The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/fs/nfsclient/nfs_clstate.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
    3  *
    4  * Copyright (c) 2009 Rick Macklem, University of Guelph
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  *
   16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   26  * SUCH DAMAGE.
   27  *
   28  */
   29 
   30 #include <sys/cdefs.h>
   31 __FBSDID("$FreeBSD$");
   32 
   33 /*
   34  * These functions implement the client side state handling for NFSv4.
   35  * NFSv4 state handling:
   36  * - A lockowner is used to determine lock contention, so it
   37  *   corresponds directly to a Posix pid. (1 to 1 mapping)
   38  * - The correct granularity of an OpenOwner is not nearly so
   39  *   obvious. An OpenOwner does the following:
   40  *   - provides a serial sequencing of Open/Close/Lock-with-new-lockowner
   41  *   - is used to check for Open/Share contention (not applicable to
   42  *     this client, since all Opens are Deny_None)
   43  *   As such, I considered both extreme.
   44  *   1 OpenOwner per ClientID - Simple to manage, but fully serializes
   45  *   all Open, Close and Lock (with a new lockowner) Ops.
   46  *   1 OpenOwner for each Open - This one results in an OpenConfirm for
   47  *   every Open, for most servers.
   48  *   So, I chose to use the same mapping as I did for LockOwnwers.
   49  *   The main concern here is that you can end up with multiple Opens
   50  *   for the same File Handle, but on different OpenOwners (opens
   51  *   inherited from parents, grandparents...) and you do not know
   52  *   which of these the vnodeop close applies to. This is handled by
   53  *   delaying the Close Op(s) until all of the Opens have been closed.
   54  *   (It is not yet obvious if this is the correct granularity.)
   55  * - How the code handles serialization:
   56  *   - For the ClientId, it uses an exclusive lock while getting its
   57  *     SetClientId and during recovery. Otherwise, it uses a shared
   58  *     lock via a reference count.
   59  *   - For the rest of the data structures, it uses an SMP mutex
   60  *     (once the nfs client is SMP safe) and doesn't sleep while
   61  *     manipulating the linked lists.
   62  *   - The serialization of Open/Close/Lock/LockU falls out in the
   63  *     "wash", since OpenOwners and LockOwners are both mapped from
   64  *     Posix pid. In other words, there is only one Posix pid using
   65  *     any given owner, so that owner is serialized. (If you change
   66  *     the granularity of the OpenOwner, then code must be added to
   67  *     serialize Ops on the OpenOwner.)
   68  * - When to get rid of OpenOwners and LockOwners.
   69  *   - The function nfscl_cleanup_common() is executed after a process exits.
   70  *     It goes through the client list looking for all Open and Lock Owners.
   71  *     When one is found, it is marked "defunct" or in the case of
   72  *     an OpenOwner without any Opens, freed.
   73  *     The renew thread scans for defunct Owners and gets rid of them,
   74  *     if it can. The LockOwners will also be deleted when the
   75  *     associated Open is closed.
   76  *   - If the LockU or Close Op(s) fail during close in a way
   77  *     that could be recovered upon retry, they are relinked to the
   78  *     ClientId's defunct open list and retried by the renew thread
   79  *     until they succeed or an unmount/recovery occurs.
   80  *     (Since we are done with them, they do not need to be recovered.)
   81  */
   82 
   83 #include <fs/nfs/nfsport.h>
   84 
   85 /*
   86  * Global variables
   87  */
   88 extern struct nfsstatsv1 nfsstatsv1;
   89 extern struct nfsreqhead nfsd_reqq;
   90 extern u_int32_t newnfs_false, newnfs_true;
   91 extern int nfscl_debuglevel;
   92 extern int nfscl_enablecallb;
   93 extern int nfs_numnfscbd;
   94 NFSREQSPINLOCK;
   95 NFSCLSTATEMUTEX;
   96 int nfscl_inited = 0;
   97 struct nfsclhead nfsclhead;     /* Head of clientid list */
   98 int nfscl_deleghighwater = NFSCLDELEGHIGHWATER;
   99 int nfscl_layouthighwater = NFSCLLAYOUTHIGHWATER;
  100 
  101 static int nfscl_delegcnt = 0;
  102 static int nfscl_layoutcnt = 0;
  103 static int nfscl_getopen(struct nfsclownerhead *, struct nfsclopenhash *,
  104     u_int8_t *, int, u_int8_t *, u_int8_t *, u_int32_t,
  105     struct nfscllockowner **, struct nfsclopen **);
  106 static bool nfscl_checkown(struct nfsclowner *, struct nfsclopen *, uint8_t *,
  107     uint8_t *, struct nfscllockowner **, struct nfsclopen **,
  108     struct nfsclopen **);
  109 static void nfscl_clrelease(struct nfsclclient *);
  110 static void nfscl_unlinkopen(struct nfsclopen *);
  111 static void nfscl_cleanclient(struct nfsclclient *);
  112 static void nfscl_expireclient(struct nfsclclient *, struct nfsmount *,
  113     struct ucred *, NFSPROC_T *);
  114 static int nfscl_expireopen(struct nfsclclient *, struct nfsclopen *,
  115     struct nfsmount *, struct ucred *, NFSPROC_T *);
  116 static void nfscl_recover(struct nfsclclient *, bool *, struct ucred *,
  117     NFSPROC_T *);
  118 static void nfscl_insertlock(struct nfscllockowner *, struct nfscllock *,
  119     struct nfscllock *, int);
  120 static int nfscl_updatelock(struct nfscllockowner *, struct nfscllock **,
  121     struct nfscllock **, int);
  122 static void nfscl_delegreturnall(struct nfsclclient *, NFSPROC_T *,
  123     struct nfscldeleghead *);
  124 static u_int32_t nfscl_nextcbident(void);
  125 static mount_t nfscl_getmnt(int, uint8_t *, u_int32_t, struct nfsclclient **);
  126 static struct nfsclclient *nfscl_getclnt(u_int32_t);
  127 static struct nfsclclient *nfscl_getclntsess(uint8_t *);
  128 static struct nfscldeleg *nfscl_finddeleg(struct nfsclclient *, u_int8_t *,
  129     int);
  130 static void nfscl_retoncloselayout(vnode_t, struct nfsclclient *, uint8_t *,
  131     int, struct nfsclrecalllayout **, struct nfscllayout **);
  132 static void nfscl_reldevinfo_locked(struct nfscldevinfo *);
  133 static struct nfscllayout *nfscl_findlayout(struct nfsclclient *, u_int8_t *,
  134     int);
  135 static struct nfscldevinfo *nfscl_finddevinfo(struct nfsclclient *, uint8_t *);
  136 static int nfscl_checkconflict(struct nfscllockownerhead *, struct nfscllock *,
  137     u_int8_t *, struct nfscllock **);
  138 static void nfscl_freealllocks(struct nfscllockownerhead *, int);
  139 static int nfscl_localconflict(struct nfsclclient *, u_int8_t *, int,
  140     struct nfscllock *, u_int8_t *, struct nfscldeleg *, struct nfscllock **);
  141 static void nfscl_newopen(struct nfsclclient *, struct nfscldeleg *,
  142     struct nfsclowner **, struct nfsclowner **, struct nfsclopen **,
  143     struct nfsclopen **, u_int8_t *, u_int8_t *, int, struct ucred *, int *);
  144 static int nfscl_moveopen(vnode_t , struct nfsclclient *,
  145     struct nfsmount *, struct nfsclopen *, struct nfsclowner *,
  146     struct nfscldeleg *, struct ucred *, NFSPROC_T *);
  147 static void nfscl_totalrecall(struct nfsclclient *);
  148 static int nfscl_relock(vnode_t , struct nfsclclient *, struct nfsmount *,
  149     struct nfscllockowner *, struct nfscllock *, struct ucred *, NFSPROC_T *);
  150 static int nfscl_tryopen(struct nfsmount *, vnode_t , u_int8_t *, int,
  151     u_int8_t *, int, u_int32_t, struct nfsclopen *, u_int8_t *, int,
  152     struct nfscldeleg **, int, u_int32_t, struct ucred *, NFSPROC_T *);
  153 static int nfscl_trylock(struct nfsmount *, vnode_t , u_int8_t *,
  154     int, struct nfscllockowner *, int, int, u_int64_t, u_int64_t, short,
  155     struct ucred *, NFSPROC_T *);
  156 static int nfsrpc_reopen(struct nfsmount *, u_int8_t *, int, u_int32_t,
  157     struct nfsclopen *, struct nfscldeleg **, struct ucred *, NFSPROC_T *);
  158 static void nfscl_freedeleg(struct nfscldeleghead *, struct nfscldeleg *,
  159     bool);
  160 static int nfscl_errmap(struct nfsrv_descript *, u_int32_t);
  161 static void nfscl_cleanup_common(struct nfsclclient *, u_int8_t *);
  162 static int nfscl_recalldeleg(struct nfsclclient *, struct nfsmount *,
  163     struct nfscldeleg *, vnode_t, struct ucred *, NFSPROC_T *, int,
  164     vnode_t *);
  165 static void nfscl_freeopenowner(struct nfsclowner *, int);
  166 static void nfscl_cleandeleg(struct nfscldeleg *);
  167 static int nfscl_trydelegreturn(struct nfscldeleg *, struct ucred *,
  168     struct nfsmount *, NFSPROC_T *);
  169 static void nfscl_emptylockowner(struct nfscllockowner *,
  170     struct nfscllockownerfhhead *);
  171 static void nfscl_mergeflayouts(struct nfsclflayouthead *,
  172     struct nfsclflayouthead *);
  173 static int nfscl_layoutrecall(int, struct nfscllayout *, uint32_t, uint64_t,
  174     uint64_t, uint32_t, uint32_t, uint32_t, char *, struct nfsclrecalllayout *);
  175 static int nfscl_seq(uint32_t, uint32_t);
  176 static void nfscl_layoutreturn(struct nfsmount *, struct nfscllayout *,
  177     struct ucred *, NFSPROC_T *);
  178 static void nfscl_dolayoutcommit(struct nfsmount *, struct nfscllayout *,
  179     struct ucred *, NFSPROC_T *);
  180 
  181 static short nfscberr_null[] = {
  182         0,
  183         0,
  184 };
  185 
  186 static short nfscberr_getattr[] = {
  187         NFSERR_RESOURCE,
  188         NFSERR_BADHANDLE,
  189         NFSERR_BADXDR,
  190         NFSERR_RESOURCE,
  191         NFSERR_SERVERFAULT,
  192         0,
  193 };
  194 
  195 static short nfscberr_recall[] = {
  196         NFSERR_RESOURCE,
  197         NFSERR_BADHANDLE,
  198         NFSERR_BADSTATEID,
  199         NFSERR_BADXDR,
  200         NFSERR_RESOURCE,
  201         NFSERR_SERVERFAULT,
  202         0,
  203 };
  204 
  205 static short *nfscl_cberrmap[] = {
  206         nfscberr_null,
  207         nfscberr_null,
  208         nfscberr_null,
  209         nfscberr_getattr,
  210         nfscberr_recall
  211 };
  212 
  213 #define NETFAMILY(clp) \
  214                 (((clp)->nfsc_flags & NFSCLFLAGS_AFINET6) ? AF_INET6 : AF_INET)
  215 
  216 /*
  217  * Called for an open operation.
  218  * If the nfhp argument is NULL, just get an openowner.
  219  */
  220 int
  221 nfscl_open(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t amode, int usedeleg,
  222     struct ucred *cred, NFSPROC_T *p, struct nfsclowner **owpp,
  223     struct nfsclopen **opp, int *newonep, int *retp, int lockit, bool firstref)
  224 {
  225         struct nfsclclient *clp;
  226         struct nfsclowner *owp, *nowp;
  227         struct nfsclopen *op = NULL, *nop = NULL;
  228         struct nfscldeleg *dp;
  229         struct nfsclownerhead *ohp;
  230         u_int8_t own[NFSV4CL_LOCKNAMELEN];
  231         int ret;
  232 
  233         if (newonep != NULL)
  234                 *newonep = 0;
  235         if (opp != NULL)
  236                 *opp = NULL;
  237         if (owpp != NULL)
  238                 *owpp = NULL;
  239 
  240         /*
  241          * Might need one or both of these, so MALLOC them now, to
  242          * avoid a tsleep() in MALLOC later.
  243          */
  244         nowp = malloc(sizeof (struct nfsclowner),
  245             M_NFSCLOWNER, M_WAITOK);
  246         if (nfhp != NULL) {
  247             nop = malloc(sizeof (struct nfsclopen) +
  248                 fhlen - 1, M_NFSCLOPEN, M_WAITOK);
  249             nop->nfso_hash.le_prev = NULL;
  250         }
  251         ret = nfscl_getcl(vp->v_mount, cred, p, false, firstref, &clp);
  252         if (ret != 0) {
  253                 free(nowp, M_NFSCLOWNER);
  254                 if (nop != NULL)
  255                         free(nop, M_NFSCLOPEN);
  256                 return (ret);
  257         }
  258 
  259         /*
  260          * Get the Open iff it already exists.
  261          * If none found, add the new one or return error, depending upon
  262          * "create".
  263          */
  264         NFSLOCKCLSTATE();
  265         dp = NULL;
  266         /* First check the delegation list */
  267         if (nfhp != NULL && usedeleg) {
  268                 LIST_FOREACH(dp, NFSCLDELEGHASH(clp, nfhp, fhlen), nfsdl_hash) {
  269                         if (dp->nfsdl_fhlen == fhlen &&
  270                             !NFSBCMP(nfhp, dp->nfsdl_fh, fhlen)) {
  271                                 if (!(amode & NFSV4OPEN_ACCESSWRITE) ||
  272                                     (dp->nfsdl_flags & NFSCLDL_WRITE))
  273                                         break;
  274                                 dp = NULL;
  275                                 break;
  276                         }
  277                 }
  278         }
  279 
  280         /* For NFSv4.1/4.2 and this option, use a single open_owner. */
  281         if (NFSHASONEOPENOWN(VFSTONFS(vp->v_mount)))
  282                 nfscl_filllockowner(NULL, own, F_POSIX);
  283         else
  284                 nfscl_filllockowner(p->td_proc, own, F_POSIX);
  285         if (dp != NULL)
  286                 ohp = &dp->nfsdl_owner;
  287         else
  288                 ohp = &clp->nfsc_owner;
  289         /* Now, search for an openowner */
  290         LIST_FOREACH(owp, ohp, nfsow_list) {
  291                 if (!NFSBCMP(owp->nfsow_owner, own, NFSV4CL_LOCKNAMELEN))
  292                         break;
  293         }
  294 
  295         /*
  296          * Create a new open, as required.
  297          */
  298         nfscl_newopen(clp, dp, &owp, &nowp, &op, &nop, own, nfhp, fhlen,
  299             cred, newonep);
  300 
  301         /*
  302          * Now, check the mode on the open and return the appropriate
  303          * value.
  304          */
  305         if (retp != NULL) {
  306                 if (nfhp != NULL && dp != NULL && nop == NULL)
  307                         /* new local open on delegation */
  308                         *retp = NFSCLOPEN_SETCRED;
  309                 else
  310                         *retp = NFSCLOPEN_OK;
  311         }
  312         if (op != NULL && (amode & ~(op->nfso_mode))) {
  313                 op->nfso_mode |= amode;
  314                 if (retp != NULL && dp == NULL)
  315                         *retp = NFSCLOPEN_DOOPEN;
  316         }
  317 
  318         /*
  319          * Serialize modifications to the open owner for multiple threads
  320          * within the same process using a read/write sleep lock.
  321          * For NFSv4.1 and a single OpenOwner, allow concurrent open operations
  322          * by acquiring a shared lock.  The close operations still use an
  323          * exclusive lock for this case.
  324          */
  325         if (lockit != 0) {
  326                 if (NFSHASONEOPENOWN(VFSTONFS(vp->v_mount))) {
  327                         /*
  328                          * Get a shared lock on the OpenOwner, but first
  329                          * wait for any pending exclusive lock, so that the
  330                          * exclusive locker gets priority.
  331                          */
  332                         nfsv4_lock(&owp->nfsow_rwlock, 0, NULL,
  333                             NFSCLSTATEMUTEXPTR, NULL);
  334                         nfsv4_getref(&owp->nfsow_rwlock, NULL,
  335                             NFSCLSTATEMUTEXPTR, NULL);
  336                 } else
  337                         nfscl_lockexcl(&owp->nfsow_rwlock, NFSCLSTATEMUTEXPTR);
  338         }
  339         NFSUNLOCKCLSTATE();
  340         if (nowp != NULL)
  341                 free(nowp, M_NFSCLOWNER);
  342         if (nop != NULL)
  343                 free(nop, M_NFSCLOPEN);
  344         if (owpp != NULL)
  345                 *owpp = owp;
  346         if (opp != NULL)
  347                 *opp = op;
  348         return (0);
  349 }
  350 
  351 /*
  352  * Create a new open, as required.
  353  */
  354 static void
  355 nfscl_newopen(struct nfsclclient *clp, struct nfscldeleg *dp,
  356     struct nfsclowner **owpp, struct nfsclowner **nowpp, struct nfsclopen **opp,
  357     struct nfsclopen **nopp, u_int8_t *own, u_int8_t *fhp, int fhlen,
  358     struct ucred *cred, int *newonep)
  359 {
  360         struct nfsclowner *owp = *owpp, *nowp;
  361         struct nfsclopen *op, *nop;
  362 
  363         if (nowpp != NULL)
  364                 nowp = *nowpp;
  365         else
  366                 nowp = NULL;
  367         if (nopp != NULL)
  368                 nop = *nopp;
  369         else
  370                 nop = NULL;
  371         if (owp == NULL && nowp != NULL) {
  372                 NFSBCOPY(own, nowp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
  373                 LIST_INIT(&nowp->nfsow_open);
  374                 nowp->nfsow_clp = clp;
  375                 nowp->nfsow_seqid = 0;
  376                 nowp->nfsow_defunct = 0;
  377                 nfscl_lockinit(&nowp->nfsow_rwlock);
  378                 if (dp != NULL) {
  379                         nfsstatsv1.cllocalopenowners++;
  380                         LIST_INSERT_HEAD(&dp->nfsdl_owner, nowp, nfsow_list);
  381                 } else {
  382                         nfsstatsv1.clopenowners++;
  383                         LIST_INSERT_HEAD(&clp->nfsc_owner, nowp, nfsow_list);
  384                 }
  385                 owp = *owpp = nowp;
  386                 *nowpp = NULL;
  387                 if (newonep != NULL)
  388                         *newonep = 1;
  389         }
  390 
  391          /* If an fhp has been specified, create an Open as well. */
  392         if (fhp != NULL) {
  393                 /* and look for the correct open, based upon FH */
  394                 LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
  395                         if (op->nfso_fhlen == fhlen &&
  396                             !NFSBCMP(op->nfso_fh, fhp, fhlen))
  397                                 break;
  398                 }
  399                 if (op == NULL && nop != NULL) {
  400                         nop->nfso_own = owp;
  401                         nop->nfso_mode = 0;
  402                         nop->nfso_opencnt = 0;
  403                         nop->nfso_posixlock = 1;
  404                         nop->nfso_fhlen = fhlen;
  405                         NFSBCOPY(fhp, nop->nfso_fh, fhlen);
  406                         LIST_INIT(&nop->nfso_lock);
  407                         nop->nfso_stateid.seqid = 0;
  408                         nop->nfso_stateid.other[0] = 0;
  409                         nop->nfso_stateid.other[1] = 0;
  410                         nop->nfso_stateid.other[2] = 0;
  411                         KASSERT(cred != NULL, ("%s: cred NULL\n", __func__));
  412                         newnfs_copyincred(cred, &nop->nfso_cred);
  413                         if (dp != NULL) {
  414                                 TAILQ_REMOVE(&clp->nfsc_deleg, dp, nfsdl_list);
  415                                 TAILQ_INSERT_HEAD(&clp->nfsc_deleg, dp,
  416                                     nfsdl_list);
  417                                 dp->nfsdl_timestamp = NFSD_MONOSEC + 120;
  418                                 nfsstatsv1.cllocalopens++;
  419                         } else {
  420                                 LIST_INSERT_HEAD(NFSCLOPENHASH(clp, fhp, fhlen),
  421                                     nop, nfso_hash);
  422                                 nfsstatsv1.clopens++;
  423                         }
  424                         LIST_INSERT_HEAD(&owp->nfsow_open, nop, nfso_list);
  425                         *opp = nop;
  426                         *nopp = NULL;
  427                         if (newonep != NULL)
  428                                 *newonep = 1;
  429                 } else {
  430                         *opp = op;
  431                 }
  432         }
  433 }
  434 
  435 /*
  436  * Called to find/add a delegation to a client.
  437  */
  438 int
  439 nfscl_deleg(mount_t mp, struct nfsclclient *clp, u_int8_t *nfhp,
  440     int fhlen, struct ucred *cred, NFSPROC_T *p, struct nfscldeleg **dpp)
  441 {
  442         struct nfscldeleg *dp = *dpp, *tdp;
  443         struct nfsmount *nmp;
  444 
  445         KASSERT(mp != NULL, ("nfscl_deleg: mp NULL"));
  446         nmp = VFSTONFS(mp);
  447         /*
  448          * First, if we have received a Read delegation for a file on a
  449          * read/write file system, just return it, because they aren't
  450          * useful, imho.
  451          */
  452         if (dp != NULL && !NFSMNT_RDONLY(mp) &&
  453             (dp->nfsdl_flags & NFSCLDL_READ)) {
  454                 nfscl_trydelegreturn(dp, cred, nmp, p);
  455                 free(dp, M_NFSCLDELEG);
  456                 *dpp = NULL;
  457                 return (0);
  458         }
  459 
  460         /*
  461          * Since a delegation might be added to the mount,
  462          * set NFSMNTP_DELEGISSUED now.  If a delegation already
  463          * exagain ists, setting this flag is harmless.
  464          */
  465         NFSLOCKMNT(nmp);
  466         nmp->nm_privflag |= NFSMNTP_DELEGISSUED;
  467         NFSUNLOCKMNT(nmp);
  468 
  469         /* Look for the correct deleg, based upon FH */
  470         NFSLOCKCLSTATE();
  471         tdp = nfscl_finddeleg(clp, nfhp, fhlen);
  472         if (tdp == NULL) {
  473                 if (dp == NULL) {
  474                         NFSUNLOCKCLSTATE();
  475                         return (NFSERR_BADSTATEID);
  476                 }
  477                 *dpp = NULL;
  478                 TAILQ_INSERT_HEAD(&clp->nfsc_deleg, dp, nfsdl_list);
  479                 LIST_INSERT_HEAD(NFSCLDELEGHASH(clp, nfhp, fhlen), dp,
  480                     nfsdl_hash);
  481                 dp->nfsdl_timestamp = NFSD_MONOSEC + 120;
  482                 nfsstatsv1.cldelegates++;
  483                 nfscl_delegcnt++;
  484         } else {
  485                 /*
  486                  * Delegation already exists, what do we do if a new one??
  487                  */
  488                 if (dp != NULL) {
  489                         printf("Deleg already exists!\n");
  490                         free(dp, M_NFSCLDELEG);
  491                         *dpp = NULL;
  492                 } else {
  493                         *dpp = tdp;
  494                 }
  495         }
  496         NFSUNLOCKCLSTATE();
  497         return (0);
  498 }
  499 
  500 /*
  501  * Find a delegation for this file handle. Return NULL upon failure.
  502  */
  503 static struct nfscldeleg *
  504 nfscl_finddeleg(struct nfsclclient *clp, u_int8_t *fhp, int fhlen)
  505 {
  506         struct nfscldeleg *dp;
  507 
  508         LIST_FOREACH(dp, NFSCLDELEGHASH(clp, fhp, fhlen), nfsdl_hash) {
  509             if (dp->nfsdl_fhlen == fhlen &&
  510                 !NFSBCMP(dp->nfsdl_fh, fhp, fhlen))
  511                 break;
  512         }
  513         return (dp);
  514 }
  515 
  516 /*
  517  * Get a stateid for an I/O operation. First, look for an open and iff
  518  * found, return either a lockowner stateid or the open stateid.
  519  * If no Open is found, just return error and the special stateid of all zeros.
  520  */
  521 int
  522 nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
  523     int fords, struct ucred *cred, NFSPROC_T *p, nfsv4stateid_t *stateidp,
  524     void **lckpp)
  525 {
  526         struct nfsclclient *clp;
  527         struct nfsclopen *op = NULL, *top;
  528         struct nfsclopenhash *oph;
  529         struct nfscllockowner *lp;
  530         struct nfscldeleg *dp;
  531         struct nfsnode *np;
  532         struct nfsmount *nmp;
  533         u_int8_t own[NFSV4CL_LOCKNAMELEN], lockown[NFSV4CL_LOCKNAMELEN];
  534         int error;
  535         bool done;
  536 
  537         *lckpp = NULL;
  538         /*
  539          * Initially, just set the special stateid of all zeros.
  540          * (Don't do this for a DS, since the special stateid can't be used.)
  541          */
  542         if (fords == 0) {
  543                 stateidp->seqid = 0;
  544                 stateidp->other[0] = 0;
  545                 stateidp->other[1] = 0;
  546                 stateidp->other[2] = 0;
  547         }
  548         if (vnode_vtype(vp) != VREG)
  549                 return (EISDIR);
  550         np = VTONFS(vp);
  551         nmp = VFSTONFS(vp->v_mount);
  552 
  553         /*
  554          * For "oneopenown" mounts, first check for a cached open in the
  555          * NFS vnode, that can be used as a stateid.  This can only be
  556          * done if no delegations have been issued to the mount and no
  557          * byte range file locking has been done for the file.
  558          */
  559         if (NFSHASNFSV4N(nmp) && NFSHASONEOPENOWN(nmp) && fords == 0) {
  560                 NFSLOCKMNT(nmp);
  561                 NFSLOCKNODE(np);
  562                 if ((nmp->nm_privflag & NFSMNTP_DELEGISSUED) == 0 &&
  563                     (np->n_flag & NMIGHTBELOCKED) == 0 &&
  564                     np->n_openstateid != NULL) {
  565                         stateidp->seqid = 0;
  566                         stateidp->other[0] =
  567                             np->n_openstateid->nfso_stateid.other[0];
  568                         stateidp->other[1] =
  569                             np->n_openstateid->nfso_stateid.other[1];
  570                         stateidp->other[2] =
  571                             np->n_openstateid->nfso_stateid.other[2];
  572                         NFSUNLOCKNODE(np);
  573                         NFSUNLOCKMNT(nmp);
  574                         return (0);
  575                 }
  576                 NFSUNLOCKNODE(np);
  577                 NFSUNLOCKMNT(nmp);
  578         }
  579 
  580         NFSLOCKCLSTATE();
  581         clp = nfscl_findcl(nmp);
  582         if (clp == NULL) {
  583                 NFSUNLOCKCLSTATE();
  584                 return (EACCES);
  585         }
  586 
  587         /*
  588          * Wait for recovery to complete.
  589          */
  590         while ((clp->nfsc_flags & NFSCLFLAGS_RECVRINPROG))
  591                 (void) nfsmsleep(&clp->nfsc_flags, NFSCLSTATEMUTEXPTR,
  592                     PZERO, "nfsrecvr", NULL);
  593 
  594         /*
  595          * First, look for a delegation.
  596          */
  597         LIST_FOREACH(dp, NFSCLDELEGHASH(clp, nfhp, fhlen), nfsdl_hash) {
  598                 if (dp->nfsdl_fhlen == fhlen &&
  599                     !NFSBCMP(nfhp, dp->nfsdl_fh, fhlen)) {
  600                         if (!(mode & NFSV4OPEN_ACCESSWRITE) ||
  601                             (dp->nfsdl_flags & NFSCLDL_WRITE)) {
  602                                 if (NFSHASNFSV4N(nmp))
  603                                         stateidp->seqid = 0;
  604                                 else
  605                                         stateidp->seqid =
  606                                             dp->nfsdl_stateid.seqid;
  607                                 stateidp->other[0] = dp->nfsdl_stateid.other[0];
  608                                 stateidp->other[1] = dp->nfsdl_stateid.other[1];
  609                                 stateidp->other[2] = dp->nfsdl_stateid.other[2];
  610                                 if (!(np->n_flag & NDELEGRECALL)) {
  611                                         TAILQ_REMOVE(&clp->nfsc_deleg, dp,
  612                                             nfsdl_list);
  613                                         TAILQ_INSERT_HEAD(&clp->nfsc_deleg, dp,
  614                                             nfsdl_list);
  615                                         dp->nfsdl_timestamp = NFSD_MONOSEC +
  616                                             120;
  617                                         dp->nfsdl_rwlock.nfslock_usecnt++;
  618                                         *lckpp = (void *)&dp->nfsdl_rwlock;
  619                                 }
  620                                 NFSUNLOCKCLSTATE();
  621                                 return (0);
  622                         }
  623                         break;
  624                 }
  625         }
  626 
  627         if (p != NULL) {
  628                 /*
  629                  * If p != NULL, we want to search the parentage tree
  630                  * for a matching OpenOwner and use that.
  631                  */
  632                 if (NFSHASONEOPENOWN(VFSTONFS(vp->v_mount)))
  633                         nfscl_filllockowner(NULL, own, F_POSIX);
  634                 else
  635                         nfscl_filllockowner(p->td_proc, own, F_POSIX);
  636                 nfscl_filllockowner(p->td_proc, lockown, F_POSIX);
  637                 lp = NULL;
  638                 error = nfscl_getopen(NULL, clp->nfsc_openhash, nfhp, fhlen,
  639                     own, lockown, mode, &lp, &op);
  640                 if (error == 0 && lp != NULL && fords == 0) {
  641                         /* Don't return a lock stateid for a DS. */
  642                         if (NFSHASNFSV4N(nmp))
  643                                 stateidp->seqid = 0;
  644                         else
  645                                 stateidp->seqid = lp->nfsl_stateid.seqid;
  646                         stateidp->other[0] =
  647                             lp->nfsl_stateid.other[0];
  648                         stateidp->other[1] =
  649                             lp->nfsl_stateid.other[1];
  650                         stateidp->other[2] =
  651                             lp->nfsl_stateid.other[2];
  652                         NFSUNLOCKCLSTATE();
  653                         return (0);
  654                 }
  655         }
  656         if (op == NULL) {
  657                 /* If not found, just look for any OpenOwner that will work. */
  658                 top = NULL;
  659                 done = false;
  660                 oph = NFSCLOPENHASH(clp, nfhp, fhlen);
  661                 LIST_FOREACH(op, oph, nfso_hash) {
  662                         if (op->nfso_fhlen == fhlen &&
  663                             !NFSBCMP(op->nfso_fh, nfhp, fhlen)) {
  664                                 if (top == NULL && (op->nfso_mode &
  665                                     NFSV4OPEN_ACCESSWRITE) != 0 &&
  666                                     (mode & NFSV4OPEN_ACCESSREAD) != 0)
  667                                         top = op;
  668                                 if ((mode & op->nfso_mode) == mode) {
  669                                         /* LRU order the hash list. */
  670                                         LIST_REMOVE(op, nfso_hash);
  671                                         LIST_INSERT_HEAD(oph, op, nfso_hash);
  672                                         done = true;
  673                                         break;
  674                                 }
  675                         }
  676                 }
  677                 if (!done) {
  678                         NFSCL_DEBUG(2, "openmode top=%p\n", top);
  679                         if (top == NULL || NFSHASOPENMODE(nmp)) {
  680                                 NFSUNLOCKCLSTATE();
  681                                 return (ENOENT);
  682                         } else
  683                                 op = top;
  684                 }
  685                 /*
  686                  * For read aheads or write behinds, use the open cred.
  687                  * A read ahead or write behind is indicated by p == NULL.
  688                  */
  689                 if (p == NULL)
  690                         newnfs_copycred(&op->nfso_cred, cred);
  691         }
  692 
  693         /*
  694          * No lock stateid, so return the open stateid.
  695          */
  696         if (NFSHASNFSV4N(nmp))
  697                 stateidp->seqid = 0;
  698         else
  699                 stateidp->seqid = op->nfso_stateid.seqid;
  700         stateidp->other[0] = op->nfso_stateid.other[0];
  701         stateidp->other[1] = op->nfso_stateid.other[1];
  702         stateidp->other[2] = op->nfso_stateid.other[2];
  703         NFSUNLOCKCLSTATE();
  704         return (0);
  705 }
  706 
  707 /*
  708  * Search for a matching file, mode and, optionally, lockowner.
  709  */
  710 static int
  711 nfscl_getopen(struct nfsclownerhead *ohp, struct nfsclopenhash *ohashp,
  712     u_int8_t *nfhp, int fhlen, u_int8_t *openown, u_int8_t *lockown,
  713     u_int32_t mode, struct nfscllockowner **lpp, struct nfsclopen **opp)
  714 {
  715         struct nfsclowner *owp;
  716         struct nfsclopen *op, *rop, *rop2;
  717         struct nfsclopenhash *oph;
  718         bool keep_looping;
  719 
  720         KASSERT(ohp == NULL || ohashp == NULL, ("nfscl_getopen: "
  721             "only one of ohp and ohashp can be set"));
  722         if (lpp != NULL)
  723                 *lpp = NULL;
  724         /*
  725          * rop will be set to the open to be returned. There are three
  726          * variants of this, all for an open of the correct file:
  727          * 1 - A match of lockown.
  728          * 2 - A match of the openown, when no lockown match exists.
  729          * 3 - A match for any open, if no openown or lockown match exists.
  730          * Looking for #2 over #3 probably isn't necessary, but since
  731          * RFC3530 is vague w.r.t. the relationship between openowners and
  732          * lockowners, I think this is the safer way to go.
  733          */
  734         rop = NULL;
  735         rop2 = NULL;
  736         keep_looping = true;
  737         /* Search the client list */
  738         if (ohashp == NULL) {
  739                 /* Search the local opens on the delegation. */
  740                 LIST_FOREACH(owp, ohp, nfsow_list) {
  741                         /* and look for the correct open */
  742                         LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
  743                                 if (op->nfso_fhlen == fhlen &&
  744                                     !NFSBCMP(op->nfso_fh, nfhp, fhlen)
  745                                     && (op->nfso_mode & mode) == mode)
  746                                         keep_looping = nfscl_checkown(owp, op, openown,
  747                                             lockown, lpp, &rop, &rop2);
  748                                 if (!keep_looping)
  749                                         break;
  750                         }
  751                         if (!keep_looping)
  752                                 break;
  753                 }
  754         } else {
  755                 /* Search for matching opens on the hash list. */
  756                 oph = &ohashp[NFSCLOPENHASHFUNC(nfhp, fhlen)];
  757                 LIST_FOREACH(op, oph, nfso_hash) {
  758                         if (op->nfso_fhlen == fhlen &&
  759                             !NFSBCMP(op->nfso_fh, nfhp, fhlen)
  760                             && (op->nfso_mode & mode) == mode)
  761                                 keep_looping = nfscl_checkown(op->nfso_own, op,
  762                                     openown, lockown, lpp, &rop, &rop2);
  763                         if (!keep_looping) {
  764                                 /* LRU order the hash list. */
  765                                 LIST_REMOVE(op, nfso_hash);
  766                                 LIST_INSERT_HEAD(oph, op, nfso_hash);
  767                                 break;
  768                         }
  769                 }
  770         }
  771         if (rop == NULL)
  772                 rop = rop2;
  773         if (rop == NULL)
  774                 return (EBADF);
  775         *opp = rop;
  776         return (0);
  777 }
  778 
  779 /* Check for an owner match. */
  780 static bool
  781 nfscl_checkown(struct nfsclowner *owp, struct nfsclopen *op, uint8_t *openown,
  782     uint8_t *lockown, struct nfscllockowner **lpp, struct nfsclopen **ropp,
  783     struct nfsclopen **ropp2)
  784 {
  785         struct nfscllockowner *lp;
  786         bool keep_looping;
  787 
  788         keep_looping = true;
  789         if (lpp != NULL) {
  790                 /* Now look for a matching lockowner. */
  791                 LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
  792                         if (!NFSBCMP(lp->nfsl_owner, lockown,
  793                             NFSV4CL_LOCKNAMELEN)) {
  794                                 *lpp = lp;
  795                                 *ropp = op;
  796                                 return (false);
  797                         }
  798                 }
  799         }
  800         if (*ropp == NULL && !NFSBCMP(owp->nfsow_owner, openown,
  801             NFSV4CL_LOCKNAMELEN)) {
  802                 *ropp = op;
  803                 if (lpp == NULL)
  804                         keep_looping = false;
  805         }
  806         if (*ropp2 == NULL)
  807                 *ropp2 = op;
  808         return (keep_looping);
  809 }
  810 
  811 /*
  812  * Release use of an open owner. Called when open operations are done
  813  * with the open owner.
  814  */
  815 void
  816 nfscl_ownerrelease(struct nfsmount *nmp, struct nfsclowner *owp,
  817     __unused int error, __unused int candelete, int unlocked)
  818 {
  819 
  820         if (owp == NULL)
  821                 return;
  822         NFSLOCKCLSTATE();
  823         if (unlocked == 0) {
  824                 if (NFSHASONEOPENOWN(nmp))
  825                         nfsv4_relref(&owp->nfsow_rwlock);
  826                 else
  827                         nfscl_lockunlock(&owp->nfsow_rwlock);
  828         }
  829         nfscl_clrelease(owp->nfsow_clp);
  830         NFSUNLOCKCLSTATE();
  831 }
  832 
  833 /*
  834  * Release use of an open structure under an open owner.
  835  */
  836 void
  837 nfscl_openrelease(struct nfsmount *nmp, struct nfsclopen *op, int error,
  838     int candelete)
  839 {
  840         struct nfsclclient *clp;
  841         struct nfsclowner *owp;
  842 
  843         if (op == NULL)
  844                 return;
  845         NFSLOCKCLSTATE();
  846         owp = op->nfso_own;
  847         if (NFSHASONEOPENOWN(nmp))
  848                 nfsv4_relref(&owp->nfsow_rwlock);
  849         else
  850                 nfscl_lockunlock(&owp->nfsow_rwlock);
  851         clp = owp->nfsow_clp;
  852         if (error && candelete && op->nfso_opencnt == 0)
  853                 nfscl_freeopen(op, 0, true);
  854         nfscl_clrelease(clp);
  855         NFSUNLOCKCLSTATE();
  856 }
  857 
  858 /*
  859  * Called to get a clientid structure. It will optionally lock the
  860  * client data structures to do the SetClientId/SetClientId_confirm,
  861  * but will release that lock and return the clientid with a reference
  862  * count on it.
  863  * If the "cred" argument is NULL, a new clientid should not be created.
  864  * If the "p" argument is NULL, a SetClientID/SetClientIDConfirm cannot
  865  * be done.
  866  * It always clpp with a reference count on it, unless returning an error.
  867  */
  868 int
  869 nfscl_getcl(struct mount *mp, struct ucred *cred, NFSPROC_T *p,
  870     bool tryminvers, bool firstref, struct nfsclclient **clpp)
  871 {
  872         struct nfsclclient *clp;
  873         struct nfsclclient *newclp = NULL;
  874         struct nfsmount *nmp;
  875         char uuid[HOSTUUIDLEN];
  876         int igotlock = 0, error, trystalecnt, clidinusedelay, i;
  877         u_int16_t idlen = 0;
  878 
  879         nmp = VFSTONFS(mp);
  880         if (cred != NULL) {
  881                 getcredhostuuid(cred, uuid, sizeof uuid);
  882                 idlen = strlen(uuid);
  883                 if (idlen > 0)
  884                         idlen += sizeof (u_int64_t);
  885                 else
  886                         idlen += sizeof (u_int64_t) + 16; /* 16 random bytes */
  887                 newclp = malloc(
  888                     sizeof (struct nfsclclient) + idlen - 1, M_NFSCLCLIENT,
  889                     M_WAITOK | M_ZERO);
  890         }
  891         NFSLOCKCLSTATE();
  892         /*
  893          * If a forced dismount is already in progress, don't
  894          * allocate a new clientid and get out now. For the case where
  895          * clp != NULL, this is a harmless optimization.
  896          */
  897         if (NFSCL_FORCEDISM(mp)) {
  898                 NFSUNLOCKCLSTATE();
  899                 if (newclp != NULL)
  900                         free(newclp, M_NFSCLCLIENT);
  901                 return (EBADF);
  902         }
  903         clp = nmp->nm_clp;
  904         if (clp == NULL) {
  905                 if (newclp == NULL) {
  906                         NFSUNLOCKCLSTATE();
  907                         return (EACCES);
  908                 }
  909                 clp = newclp;
  910                 clp->nfsc_idlen = idlen;
  911                 LIST_INIT(&clp->nfsc_owner);
  912                 TAILQ_INIT(&clp->nfsc_deleg);
  913                 TAILQ_INIT(&clp->nfsc_layout);
  914                 LIST_INIT(&clp->nfsc_devinfo);
  915                 for (i = 0; i < NFSCLDELEGHASHSIZE; i++)
  916                         LIST_INIT(&clp->nfsc_deleghash[i]);
  917                 for (i = 0; i < NFSCLOPENHASHSIZE; i++)
  918                         LIST_INIT(&clp->nfsc_openhash[i]);
  919                 for (i = 0; i < NFSCLLAYOUTHASHSIZE; i++)
  920                         LIST_INIT(&clp->nfsc_layouthash[i]);
  921                 clp->nfsc_flags = NFSCLFLAGS_INITED;
  922                 clp->nfsc_clientidrev = 1;
  923                 clp->nfsc_cbident = nfscl_nextcbident();
  924                 nfscl_fillclid(nmp->nm_clval, uuid, clp->nfsc_id,
  925                     clp->nfsc_idlen);
  926                 LIST_INSERT_HEAD(&nfsclhead, clp, nfsc_list);
  927                 nmp->nm_clp = clp;
  928                 clp->nfsc_nmp = nmp;
  929         } else {
  930                 if (newclp != NULL)
  931                         free(newclp, M_NFSCLCLIENT);
  932         }
  933         while ((clp->nfsc_flags & NFSCLFLAGS_HASCLIENTID) == 0 && !igotlock &&
  934             !NFSCL_FORCEDISM(mp))
  935                 igotlock = nfsv4_lock(&clp->nfsc_lock, 1, NULL,
  936                     NFSCLSTATEMUTEXPTR, mp);
  937         if (igotlock == 0) {
  938                 /*
  939                  * Call nfsv4_lock() with "iwantlock == 0" on the firstref so
  940                  * that it will wait for a pending exclusive lock request.
  941                  * This gives the exclusive lock request priority over this
  942                  * shared lock request.
  943                  * An exclusive lock on nfsc_lock is used mainly for server
  944                  * crash recoveries and delegation recalls.
  945                  */
  946                 if (firstref)
  947                         nfsv4_lock(&clp->nfsc_lock, 0, NULL, NFSCLSTATEMUTEXPTR,
  948                             mp);
  949                 nfsv4_getref(&clp->nfsc_lock, NULL, NFSCLSTATEMUTEXPTR, mp);
  950         }
  951         if (igotlock == 0 && NFSCL_FORCEDISM(mp)) {
  952                 /*
  953                  * Both nfsv4_lock() and nfsv4_getref() know to check
  954                  * for NFSCL_FORCEDISM() and return without sleeping to
  955                  * wait for the exclusive lock to be released, since it
  956                  * might be held by nfscl_umount() and we need to get out
  957                  * now for that case and not wait until nfscl_umount()
  958                  * releases it.
  959                  */
  960                 NFSUNLOCKCLSTATE();
  961                 return (EBADF);
  962         }
  963         NFSUNLOCKCLSTATE();
  964 
  965         /*
  966          * If it needs a clientid, do the setclientid now.
  967          */
  968         if ((clp->nfsc_flags & NFSCLFLAGS_HASCLIENTID) == 0) {
  969                 if (!igotlock)
  970                         panic("nfscl_clget");
  971                 if (p == NULL || cred == NULL) {
  972                         NFSLOCKCLSTATE();
  973                         nfsv4_unlock(&clp->nfsc_lock, 0);
  974                         NFSUNLOCKCLSTATE();
  975                         return (EACCES);
  976                 }
  977                 /*
  978                  * If RFC3530 Sec. 14.2.33 is taken literally,
  979                  * NFSERR_CLIDINUSE will be returned persistently for the
  980                  * case where a new mount of the same file system is using
  981                  * a different principal. In practice, NFSERR_CLIDINUSE is
  982                  * only returned when there is outstanding unexpired state
  983                  * on the clientid. As such, try for twice the lease
  984                  * interval, if we know what that is. Otherwise, make a
  985                  * wild ass guess.
  986                  * The case of returning NFSERR_STALECLIENTID is far less
  987                  * likely, but might occur if there is a significant delay
  988                  * between doing the SetClientID and SetClientIDConfirm Ops,
  989                  * such that the server throws away the clientid before
  990                  * receiving the SetClientIDConfirm.
  991                  */
  992                 if (clp->nfsc_renew > 0)
  993                         clidinusedelay = NFSCL_LEASE(clp->nfsc_renew) * 2;
  994                 else
  995                         clidinusedelay = 120;
  996                 trystalecnt = 3;
  997                 do {
  998                         error = nfsrpc_setclient(nmp, clp, 0, NULL, cred, p);
  999                         if (error == NFSERR_STALECLIENTID ||
 1000                             error == NFSERR_STALEDONTRECOVER ||
 1001                             error == NFSERR_BADSESSION ||
 1002                             error == NFSERR_CLIDINUSE) {
 1003                                 (void) nfs_catnap(PZERO, error, "nfs_setcl");
 1004                         } else if (error == NFSERR_MINORVERMISMATCH &&
 1005                             tryminvers) {
 1006                                 if (nmp->nm_minorvers > 0)
 1007                                         nmp->nm_minorvers--;
 1008                                 else
 1009                                         tryminvers = false;
 1010                         }
 1011                 } while (((error == NFSERR_STALECLIENTID ||
 1012                      error == NFSERR_BADSESSION ||
 1013                      error == NFSERR_STALEDONTRECOVER) && --trystalecnt > 0) ||
 1014                     (error == NFSERR_CLIDINUSE && --clidinusedelay > 0) ||
 1015                     (error == NFSERR_MINORVERMISMATCH && tryminvers));
 1016                 if (error) {
 1017                         NFSLOCKCLSTATE();
 1018                         nfsv4_unlock(&clp->nfsc_lock, 0);
 1019                         NFSUNLOCKCLSTATE();
 1020                         return (error);
 1021                 }
 1022                 clp->nfsc_flags |= NFSCLFLAGS_HASCLIENTID;
 1023         }
 1024         if (igotlock) {
 1025                 NFSLOCKCLSTATE();
 1026                 nfsv4_unlock(&clp->nfsc_lock, 1);
 1027                 NFSUNLOCKCLSTATE();
 1028         }
 1029 
 1030         *clpp = clp;
 1031         return (0);
 1032 }
 1033 
 1034 /*
 1035  * Get a reference to a clientid and return it, if valid.
 1036  */
 1037 struct nfsclclient *
 1038 nfscl_findcl(struct nfsmount *nmp)
 1039 {
 1040         struct nfsclclient *clp;
 1041 
 1042         clp = nmp->nm_clp;
 1043         if (clp == NULL || !(clp->nfsc_flags & NFSCLFLAGS_HASCLIENTID))
 1044                 return (NULL);
 1045         return (clp);
 1046 }
 1047 
 1048 /*
 1049  * Release the clientid structure. It may be locked or reference counted.
 1050  */
 1051 static void
 1052 nfscl_clrelease(struct nfsclclient *clp)
 1053 {
 1054 
 1055         if (clp->nfsc_lock.nfslock_lock & NFSV4LOCK_LOCK)
 1056                 nfsv4_unlock(&clp->nfsc_lock, 0);
 1057         else
 1058                 nfsv4_relref(&clp->nfsc_lock);
 1059 }
 1060 
 1061 /*
 1062  * External call for nfscl_clrelease.
 1063  */
 1064 void
 1065 nfscl_clientrelease(struct nfsclclient *clp)
 1066 {
 1067 
 1068         NFSLOCKCLSTATE();
 1069         if (clp->nfsc_lock.nfslock_lock & NFSV4LOCK_LOCK)
 1070                 nfsv4_unlock(&clp->nfsc_lock, 0);
 1071         else
 1072                 nfsv4_relref(&clp->nfsc_lock);
 1073         NFSUNLOCKCLSTATE();
 1074 }
 1075 
 1076 /*
 1077  * Called when wanting to lock a byte region.
 1078  */
 1079 int
 1080 nfscl_getbytelock(vnode_t vp, u_int64_t off, u_int64_t len,
 1081     short type, struct ucred *cred, NFSPROC_T *p, struct nfsclclient *rclp,
 1082     int recovery, void *id, int flags, u_int8_t *rownp, u_int8_t *ropenownp,
 1083     struct nfscllockowner **lpp, int *newonep, int *donelocallyp)
 1084 {
 1085         struct nfscllockowner *lp;
 1086         struct nfsclopen *op;
 1087         struct nfsclclient *clp;
 1088         struct nfscllockowner *nlp;
 1089         struct nfscllock *nlop, *otherlop;
 1090         struct nfscldeleg *dp = NULL, *ldp = NULL;
 1091         struct nfscllockownerhead *lhp = NULL;
 1092         struct nfsnode *np;
 1093         u_int8_t own[NFSV4CL_LOCKNAMELEN], *ownp, openown[NFSV4CL_LOCKNAMELEN];
 1094         u_int8_t *openownp;
 1095         int error = 0, ret, donelocally = 0;
 1096         u_int32_t mode;
 1097 
 1098         /* For Lock Ops, the open mode doesn't matter, so use 0 to match any. */
 1099         mode = 0;
 1100         np = VTONFS(vp);
 1101         *lpp = NULL;
 1102         lp = NULL;
 1103         *newonep = 0;
 1104         *donelocallyp = 0;
 1105 
 1106         /*
 1107          * Might need these, so MALLOC them now, to
 1108          * avoid a tsleep() in MALLOC later.
 1109          */
 1110         nlp = malloc(
 1111             sizeof (struct nfscllockowner), M_NFSCLLOCKOWNER, M_WAITOK);
 1112         otherlop = malloc(
 1113             sizeof (struct nfscllock), M_NFSCLLOCK, M_WAITOK);
 1114         nlop = malloc(
 1115             sizeof (struct nfscllock), M_NFSCLLOCK, M_WAITOK);
 1116         nlop->nfslo_type = type;
 1117         nlop->nfslo_first = off;
 1118         if (len == NFS64BITSSET) {
 1119                 nlop->nfslo_end = NFS64BITSSET;
 1120         } else {
 1121                 nlop->nfslo_end = off + len;
 1122                 if (nlop->nfslo_end <= nlop->nfslo_first)
 1123                         error = NFSERR_INVAL;
 1124         }
 1125 
 1126         if (!error) {
 1127                 if (recovery)
 1128                         clp = rclp;
 1129                 else
 1130                         error = nfscl_getcl(vp->v_mount, cred, p, false, true,
 1131                             &clp);
 1132         }
 1133         if (error) {
 1134                 free(nlp, M_NFSCLLOCKOWNER);
 1135                 free(otherlop, M_NFSCLLOCK);
 1136                 free(nlop, M_NFSCLLOCK);
 1137                 return (error);
 1138         }
 1139 
 1140         op = NULL;
 1141         if (recovery) {
 1142                 ownp = rownp;
 1143                 openownp = ropenownp;
 1144         } else {
 1145                 nfscl_filllockowner(id, own, flags);
 1146                 ownp = own;
 1147                 if (NFSHASONEOPENOWN(VFSTONFS(vp->v_mount)))
 1148                         nfscl_filllockowner(NULL, openown, F_POSIX);
 1149                 else
 1150                         nfscl_filllockowner(p->td_proc, openown, F_POSIX);
 1151                 openownp = openown;
 1152         }
 1153         if (!recovery) {
 1154                 NFSLOCKCLSTATE();
 1155                 /*
 1156                  * First, search for a delegation. If one exists for this file,
 1157                  * the lock can be done locally against it, so long as there
 1158                  * isn't a local lock conflict.
 1159                  */
 1160                 ldp = dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
 1161                     np->n_fhp->nfh_len);
 1162                 /* Just sanity check for correct type of delegation */
 1163                 if (dp != NULL && ((dp->nfsdl_flags &
 1164                     (NFSCLDL_RECALL | NFSCLDL_DELEGRET)) != 0 ||
 1165                      (type == F_WRLCK &&
 1166                       (dp->nfsdl_flags & NFSCLDL_WRITE) == 0)))
 1167                         dp = NULL;
 1168         }
 1169         if (dp != NULL) {
 1170                 /* Now, find an open and maybe a lockowner. */
 1171                 ret = nfscl_getopen(&dp->nfsdl_owner, NULL, np->n_fhp->nfh_fh,
 1172                     np->n_fhp->nfh_len, openownp, ownp, mode, NULL, &op);
 1173                 if (ret)
 1174                         ret = nfscl_getopen(NULL, clp->nfsc_openhash,
 1175                             np->n_fhp->nfh_fh, np->n_fhp->nfh_len, openownp,
 1176                             ownp, mode, NULL, &op);
 1177                 if (!ret) {
 1178                         lhp = &dp->nfsdl_lock;
 1179                         TAILQ_REMOVE(&clp->nfsc_deleg, dp, nfsdl_list);
 1180                         TAILQ_INSERT_HEAD(&clp->nfsc_deleg, dp, nfsdl_list);
 1181                         dp->nfsdl_timestamp = NFSD_MONOSEC + 120;
 1182                         donelocally = 1;
 1183                 } else {
 1184                         dp = NULL;
 1185                 }
 1186         }
 1187         if (!donelocally) {
 1188                 /*
 1189                  * Get the related Open and maybe lockowner.
 1190                  */
 1191                 error = nfscl_getopen(NULL, clp->nfsc_openhash,
 1192                     np->n_fhp->nfh_fh, np->n_fhp->nfh_len, openownp,
 1193                     ownp, mode, &lp, &op);
 1194                 if (!error)
 1195                         lhp = &op->nfso_lock;
 1196         }
 1197         if (!error && !recovery)
 1198                 error = nfscl_localconflict(clp, np->n_fhp->nfh_fh,
 1199                     np->n_fhp->nfh_len, nlop, ownp, ldp, NULL);
 1200         if (error) {
 1201                 if (!recovery) {
 1202                         nfscl_clrelease(clp);
 1203                         NFSUNLOCKCLSTATE();
 1204                 }
 1205                 free(nlp, M_NFSCLLOCKOWNER);
 1206                 free(otherlop, M_NFSCLLOCK);
 1207                 free(nlop, M_NFSCLLOCK);
 1208                 return (error);
 1209         }
 1210 
 1211         /*
 1212          * Ok, see if a lockowner exists and create one, as required.
 1213          */
 1214         if (lp == NULL)
 1215                 LIST_FOREACH(lp, lhp, nfsl_list) {
 1216                         if (!NFSBCMP(lp->nfsl_owner, ownp, NFSV4CL_LOCKNAMELEN))
 1217                                 break;
 1218                 }
 1219         if (lp == NULL) {
 1220                 NFSBCOPY(ownp, nlp->nfsl_owner, NFSV4CL_LOCKNAMELEN);
 1221                 if (recovery)
 1222                         NFSBCOPY(ropenownp, nlp->nfsl_openowner,
 1223                             NFSV4CL_LOCKNAMELEN);
 1224                 else
 1225                         NFSBCOPY(op->nfso_own->nfsow_owner, nlp->nfsl_openowner,
 1226                             NFSV4CL_LOCKNAMELEN);
 1227                 nlp->nfsl_seqid = 0;
 1228                 nlp->nfsl_lockflags = flags;
 1229                 nlp->nfsl_inprog = NULL;
 1230                 nfscl_lockinit(&nlp->nfsl_rwlock);
 1231                 LIST_INIT(&nlp->nfsl_lock);
 1232                 if (donelocally) {
 1233                         nlp->nfsl_open = NULL;
 1234                         nfsstatsv1.cllocallockowners++;
 1235                 } else {
 1236                         nlp->nfsl_open = op;
 1237                         nfsstatsv1.cllockowners++;
 1238                 }
 1239                 LIST_INSERT_HEAD(lhp, nlp, nfsl_list);
 1240                 lp = nlp;
 1241                 nlp = NULL;
 1242                 *newonep = 1;
 1243         }
 1244 
 1245         /*
 1246          * Now, update the byte ranges for locks.
 1247          */
 1248         ret = nfscl_updatelock(lp, &nlop, &otherlop, donelocally);
 1249         if (!ret)
 1250                 donelocally = 1;
 1251         if (donelocally) {
 1252                 *donelocallyp = 1;
 1253                 if (!recovery)
 1254                         nfscl_clrelease(clp);
 1255         } else {
 1256                 /*
 1257                  * Serial modifications on the lock owner for multiple threads
 1258                  * for the same process using a read/write lock.
 1259                  */
 1260                 if (!recovery)
 1261                         nfscl_lockexcl(&lp->nfsl_rwlock, NFSCLSTATEMUTEXPTR);
 1262         }
 1263         if (!recovery)
 1264                 NFSUNLOCKCLSTATE();
 1265 
 1266         if (nlp)
 1267                 free(nlp, M_NFSCLLOCKOWNER);
 1268         if (nlop)
 1269                 free(nlop, M_NFSCLLOCK);
 1270         if (otherlop)
 1271                 free(otherlop, M_NFSCLLOCK);
 1272 
 1273         *lpp = lp;
 1274         return (0);
 1275 }
 1276 
 1277 /*
 1278  * Called to unlock a byte range, for LockU.
 1279  */
 1280 int
 1281 nfscl_relbytelock(vnode_t vp, u_int64_t off, u_int64_t len,
 1282     __unused struct ucred *cred, NFSPROC_T *p, int callcnt,
 1283     struct nfsclclient *clp, void *id, int flags,
 1284     struct nfscllockowner **lpp, int *dorpcp)
 1285 {
 1286         struct nfscllockowner *lp;
 1287         struct nfsclopen *op;
 1288         struct nfscllock *nlop, *other_lop = NULL;
 1289         struct nfscldeleg *dp;
 1290         struct nfsnode *np;
 1291         u_int8_t own[NFSV4CL_LOCKNAMELEN];
 1292         int ret = 0, fnd;
 1293 
 1294         np = VTONFS(vp);
 1295         *lpp = NULL;
 1296         *dorpcp = 0;
 1297 
 1298         /*
 1299          * Might need these, so MALLOC them now, to
 1300          * avoid a tsleep() in MALLOC later.
 1301          */
 1302         nlop = malloc(
 1303             sizeof (struct nfscllock), M_NFSCLLOCK, M_WAITOK);
 1304         nlop->nfslo_type = F_UNLCK;
 1305         nlop->nfslo_first = off;
 1306         if (len == NFS64BITSSET) {
 1307                 nlop->nfslo_end = NFS64BITSSET;
 1308         } else {
 1309                 nlop->nfslo_end = off + len;
 1310                 if (nlop->nfslo_end <= nlop->nfslo_first) {
 1311                         free(nlop, M_NFSCLLOCK);
 1312                         return (NFSERR_INVAL);
 1313                 }
 1314         }
 1315         if (callcnt == 0) {
 1316                 other_lop = malloc(
 1317                     sizeof (struct nfscllock), M_NFSCLLOCK, M_WAITOK);
 1318                 *other_lop = *nlop;
 1319         }
 1320         nfscl_filllockowner(id, own, flags);
 1321         dp = NULL;
 1322         NFSLOCKCLSTATE();
 1323         if (callcnt == 0)
 1324                 dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
 1325                     np->n_fhp->nfh_len);
 1326 
 1327         /*
 1328          * First, unlock any local regions on a delegation.
 1329          */
 1330         if (dp != NULL) {
 1331                 /* Look for this lockowner. */
 1332                 LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
 1333                         if (!NFSBCMP(lp->nfsl_owner, own,
 1334                             NFSV4CL_LOCKNAMELEN))
 1335                                 break;
 1336                 }
 1337                 if (lp != NULL)
 1338                         /* Use other_lop, so nlop is still available */
 1339                         (void)nfscl_updatelock(lp, &other_lop, NULL, 1);
 1340         }
 1341 
 1342         /*
 1343          * Now, find a matching open/lockowner that hasn't already been done,
 1344          * as marked by nfsl_inprog.
 1345          */
 1346         lp = NULL;
 1347         fnd = 0;
 1348         LIST_FOREACH(op, NFSCLOPENHASH(clp, np->n_fhp->nfh_fh,
 1349             np->n_fhp->nfh_len), nfso_hash) {
 1350                 if (op->nfso_fhlen == np->n_fhp->nfh_len &&
 1351                     !NFSBCMP(op->nfso_fh, np->n_fhp->nfh_fh, op->nfso_fhlen)) {
 1352                         LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
 1353                                 if (lp->nfsl_inprog == NULL &&
 1354                                     !NFSBCMP(lp->nfsl_owner, own,
 1355                                      NFSV4CL_LOCKNAMELEN)) {
 1356                                         fnd = 1;
 1357                                         break;
 1358                                 }
 1359                         }
 1360                 }
 1361                 if (fnd)
 1362                         break;
 1363         }
 1364 
 1365         if (lp != NULL) {
 1366                 ret = nfscl_updatelock(lp, &nlop, NULL, 0);
 1367                 if (ret)
 1368                         *dorpcp = 1;
 1369                 /*
 1370                  * Serial modifications on the lock owner for multiple
 1371                  * threads for the same process using a read/write lock.
 1372                  */
 1373                 lp->nfsl_inprog = p;
 1374                 nfscl_lockexcl(&lp->nfsl_rwlock, NFSCLSTATEMUTEXPTR);
 1375                 *lpp = lp;
 1376         }
 1377         NFSUNLOCKCLSTATE();
 1378         if (nlop)
 1379                 free(nlop, M_NFSCLLOCK);
 1380         if (other_lop)
 1381                 free(other_lop, M_NFSCLLOCK);
 1382         return (0);
 1383 }
 1384 
 1385 /*
 1386  * Release all lockowners marked in progess for this process and file.
 1387  */
 1388 void
 1389 nfscl_releasealllocks(struct nfsclclient *clp, vnode_t vp, NFSPROC_T *p,
 1390     void *id, int flags)
 1391 {
 1392         struct nfsclopen *op;
 1393         struct nfscllockowner *lp;
 1394         struct nfsnode *np;
 1395         u_int8_t own[NFSV4CL_LOCKNAMELEN];
 1396 
 1397         np = VTONFS(vp);
 1398         nfscl_filllockowner(id, own, flags);
 1399         NFSLOCKCLSTATE();
 1400         LIST_FOREACH(op, NFSCLOPENHASH(clp, np->n_fhp->nfh_fh,
 1401             np->n_fhp->nfh_len), nfso_hash) {
 1402                 if (op->nfso_fhlen == np->n_fhp->nfh_len &&
 1403                     !NFSBCMP(op->nfso_fh, np->n_fhp->nfh_fh, op->nfso_fhlen)) {
 1404                         LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
 1405                                 if (lp->nfsl_inprog == p &&
 1406                                     !NFSBCMP(lp->nfsl_owner, own,
 1407                                     NFSV4CL_LOCKNAMELEN)) {
 1408                                         lp->nfsl_inprog = NULL;
 1409                                         nfscl_lockunlock(&lp->nfsl_rwlock);
 1410                                 }
 1411                         }
 1412                 }
 1413         }
 1414         nfscl_clrelease(clp);
 1415         NFSUNLOCKCLSTATE();
 1416 }
 1417 
 1418 /*
 1419  * Called to find out if any bytes within the byte range specified are
 1420  * write locked by the calling process. Used to determine if flushing
 1421  * is required before a LockU.
 1422  * If in doubt, return 1, so the flush will occur.
 1423  */
 1424 int
 1425 nfscl_checkwritelocked(vnode_t vp, struct flock *fl,
 1426     struct ucred *cred, NFSPROC_T *p, void *id, int flags)
 1427 {
 1428         struct nfscllockowner *lp;
 1429         struct nfsclopen *op;
 1430         struct nfsclclient *clp;
 1431         struct nfscllock *lop;
 1432         struct nfscldeleg *dp;
 1433         struct nfsnode *np;
 1434         u_int64_t off, end;
 1435         u_int8_t own[NFSV4CL_LOCKNAMELEN];
 1436         int error = 0;
 1437 
 1438         np = VTONFS(vp);
 1439         switch (fl->l_whence) {
 1440         case SEEK_SET:
 1441         case SEEK_CUR:
 1442                 /*
 1443                  * Caller is responsible for adding any necessary offset
 1444                  * when SEEK_CUR is used.
 1445                  */
 1446                 off = fl->l_start;
 1447                 break;
 1448         case SEEK_END:
 1449                 off = np->n_size + fl->l_start;
 1450                 break;
 1451         default:
 1452                 return (1);
 1453         }
 1454         if (fl->l_len != 0) {
 1455                 end = off + fl->l_len;
 1456                 if (end < off)
 1457                         return (1);
 1458         } else {
 1459                 end = NFS64BITSSET;
 1460         }
 1461 
 1462         error = nfscl_getcl(vp->v_mount, cred, p, false, true, &clp);
 1463         if (error)
 1464                 return (1);
 1465         nfscl_filllockowner(id, own, flags);
 1466         NFSLOCKCLSTATE();
 1467 
 1468         /*
 1469          * First check the delegation locks.
 1470          */
 1471         dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
 1472         if (dp != NULL) {
 1473                 LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
 1474                         if (!NFSBCMP(lp->nfsl_owner, own,
 1475                             NFSV4CL_LOCKNAMELEN))
 1476                                 break;
 1477                 }
 1478                 if (lp != NULL) {
 1479                         LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
 1480                                 if (lop->nfslo_first >= end)
 1481                                         break;
 1482                                 if (lop->nfslo_end <= off)
 1483                                         continue;
 1484                                 if (lop->nfslo_type == F_WRLCK) {
 1485                                         nfscl_clrelease(clp);
 1486                                         NFSUNLOCKCLSTATE();
 1487                                         return (1);
 1488                                 }
 1489                         }
 1490                 }
 1491         }
 1492 
 1493         /*
 1494          * Now, check state against the server.
 1495          */
 1496         LIST_FOREACH(op, NFSCLOPENHASH(clp, np->n_fhp->nfh_fh,
 1497             np->n_fhp->nfh_len), nfso_hash) {
 1498                 if (op->nfso_fhlen == np->n_fhp->nfh_len &&
 1499                     !NFSBCMP(op->nfso_fh, np->n_fhp->nfh_fh, op->nfso_fhlen)) {
 1500                         LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
 1501                                 if (!NFSBCMP(lp->nfsl_owner, own,
 1502                                     NFSV4CL_LOCKNAMELEN))
 1503                                         break;
 1504                         }
 1505                         if (lp != NULL) {
 1506                                 LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
 1507                                         if (lop->nfslo_first >= end)
 1508                                                 break;
 1509                                         if (lop->nfslo_end <= off)
 1510                                                 continue;
 1511                                         if (lop->nfslo_type == F_WRLCK) {
 1512                                                 nfscl_clrelease(clp);
 1513                                                 NFSUNLOCKCLSTATE();
 1514                                                 return (1);
 1515                                         }
 1516                                 }
 1517                         }
 1518                 }
 1519         }
 1520         nfscl_clrelease(clp);
 1521         NFSUNLOCKCLSTATE();
 1522         return (0);
 1523 }
 1524 
 1525 /*
 1526  * Release a byte range lock owner structure.
 1527  */
 1528 void
 1529 nfscl_lockrelease(struct nfscllockowner *lp, int error, int candelete)
 1530 {
 1531         struct nfsclclient *clp;
 1532 
 1533         if (lp == NULL)
 1534                 return;
 1535         NFSLOCKCLSTATE();
 1536         clp = lp->nfsl_open->nfso_own->nfsow_clp;
 1537         if (error != 0 && candelete &&
 1538             (lp->nfsl_rwlock.nfslock_lock & NFSV4LOCK_WANTED) == 0)
 1539                 nfscl_freelockowner(lp, 0);
 1540         else
 1541                 nfscl_lockunlock(&lp->nfsl_rwlock);
 1542         nfscl_clrelease(clp);
 1543         NFSUNLOCKCLSTATE();
 1544 }
 1545 
 1546 /*
 1547  * Unlink the open structure.
 1548  */
 1549 static void
 1550 nfscl_unlinkopen(struct nfsclopen *op)
 1551 {
 1552 
 1553         LIST_REMOVE(op, nfso_list);
 1554         if (op->nfso_hash.le_prev != NULL)
 1555                 LIST_REMOVE(op, nfso_hash);
 1556 }
 1557 
 1558 /*
 1559  * Free up an open structure and any associated byte range lock structures.
 1560  */
 1561 void
 1562 nfscl_freeopen(struct nfsclopen *op, int local, bool unlink)
 1563 {
 1564 
 1565         if (unlink)
 1566                 nfscl_unlinkopen(op);
 1567         nfscl_freealllocks(&op->nfso_lock, local);
 1568         free(op, M_NFSCLOPEN);
 1569         if (local)
 1570                 nfsstatsv1.cllocalopens--;
 1571         else
 1572                 nfsstatsv1.clopens--;
 1573 }
 1574 
 1575 /*
 1576  * Free up all lock owners and associated locks.
 1577  */
 1578 static void
 1579 nfscl_freealllocks(struct nfscllockownerhead *lhp, int local)
 1580 {
 1581         struct nfscllockowner *lp, *nlp;
 1582 
 1583         LIST_FOREACH_SAFE(lp, lhp, nfsl_list, nlp) {
 1584                 if ((lp->nfsl_rwlock.nfslock_lock & NFSV4LOCK_WANTED))
 1585                         panic("nfscllckw");
 1586                 nfscl_freelockowner(lp, local);
 1587         }
 1588 }
 1589 
 1590 /*
 1591  * Called for an Open when NFSERR_EXPIRED is received from the server.
 1592  * If there are no byte range locks nor a Share Deny lost, try to do a
 1593  * fresh Open. Otherwise, free the open.
 1594  */
 1595 static int
 1596 nfscl_expireopen(struct nfsclclient *clp, struct nfsclopen *op,
 1597     struct nfsmount *nmp, struct ucred *cred, NFSPROC_T *p)
 1598 {
 1599         struct nfscllockowner *lp;
 1600         struct nfscldeleg *dp;
 1601         int mustdelete = 0, error;
 1602 
 1603         /*
 1604          * Look for any byte range lock(s).
 1605          */
 1606         LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
 1607                 if (!LIST_EMPTY(&lp->nfsl_lock)) {
 1608                         mustdelete = 1;
 1609                         break;
 1610                 }
 1611         }
 1612 
 1613         /*
 1614          * If no byte range lock(s) nor a Share deny, try to re-open.
 1615          */
 1616         if (!mustdelete && (op->nfso_mode & NFSLCK_DENYBITS) == 0) {
 1617                 newnfs_copycred(&op->nfso_cred, cred);
 1618                 dp = NULL;
 1619                 error = nfsrpc_reopen(nmp, op->nfso_fh,
 1620                     op->nfso_fhlen, op->nfso_mode, op, &dp, cred, p);
 1621                 if (error) {
 1622                         mustdelete = 1;
 1623                         if (dp != NULL) {
 1624                                 free(dp, M_NFSCLDELEG);
 1625                                 dp = NULL;
 1626                         }
 1627                 }
 1628                 if (dp != NULL)
 1629                         nfscl_deleg(nmp->nm_mountp, clp, op->nfso_fh,
 1630                             op->nfso_fhlen, cred, p, &dp);
 1631         }
 1632 
 1633         /*
 1634          * If a byte range lock or Share deny or couldn't re-open, free it.
 1635          */
 1636         if (mustdelete)
 1637                 nfscl_freeopen(op, 0, true);
 1638         return (mustdelete);
 1639 }
 1640 
 1641 /*
 1642  * Free up an open owner structure.
 1643  */
 1644 static void
 1645 nfscl_freeopenowner(struct nfsclowner *owp, int local)
 1646 {
 1647         int owned;
 1648 
 1649         /*
 1650          * Make sure the NFSCLSTATE mutex is held, to avoid races with
 1651          * calls in nfscl_renewthread() that do not hold a reference
 1652          * count on the nfsclclient and just the mutex.
 1653          * The mutex will not be held for calls done with the exclusive
 1654          * nfsclclient lock held, in particular, nfscl_hasexpired()
 1655          * and nfscl_recalldeleg() might do this.
 1656          */
 1657         owned = mtx_owned(NFSCLSTATEMUTEXPTR);
 1658         if (owned == 0)
 1659                 NFSLOCKCLSTATE();
 1660         LIST_REMOVE(owp, nfsow_list);
 1661         if (owned == 0)
 1662                 NFSUNLOCKCLSTATE();
 1663         free(owp, M_NFSCLOWNER);
 1664         if (local)
 1665                 nfsstatsv1.cllocalopenowners--;
 1666         else
 1667                 nfsstatsv1.clopenowners--;
 1668 }
 1669 
 1670 /*
 1671  * Free up a byte range lock owner structure.
 1672  */
 1673 void
 1674 nfscl_freelockowner(struct nfscllockowner *lp, int local)
 1675 {
 1676         struct nfscllock *lop, *nlop;
 1677         int owned;
 1678 
 1679         /*
 1680          * Make sure the NFSCLSTATE mutex is held, to avoid races with
 1681          * calls in nfscl_renewthread() that do not hold a reference
 1682          * count on the nfsclclient and just the mutex.
 1683          * The mutex will not be held for calls done with the exclusive
 1684          * nfsclclient lock held, in particular, nfscl_hasexpired()
 1685          * and nfscl_recalldeleg() might do this.
 1686          */
 1687         owned = mtx_owned(NFSCLSTATEMUTEXPTR);
 1688         if (owned == 0)
 1689                 NFSLOCKCLSTATE();
 1690         LIST_REMOVE(lp, nfsl_list);
 1691         if (owned == 0)
 1692                 NFSUNLOCKCLSTATE();
 1693         LIST_FOREACH_SAFE(lop, &lp->nfsl_lock, nfslo_list, nlop) {
 1694                 nfscl_freelock(lop, local);
 1695         }
 1696         free(lp, M_NFSCLLOCKOWNER);
 1697         if (local)
 1698                 nfsstatsv1.cllocallockowners--;
 1699         else
 1700                 nfsstatsv1.cllockowners--;
 1701 }
 1702 
 1703 /*
 1704  * Free up a byte range lock structure.
 1705  */
 1706 void
 1707 nfscl_freelock(struct nfscllock *lop, int local)
 1708 {
 1709 
 1710         LIST_REMOVE(lop, nfslo_list);
 1711         free(lop, M_NFSCLLOCK);
 1712         if (local)
 1713                 nfsstatsv1.cllocallocks--;
 1714         else
 1715                 nfsstatsv1.cllocks--;
 1716 }
 1717 
 1718 /*
 1719  * Clean out the state related to a delegation.
 1720  */
 1721 static void
 1722 nfscl_cleandeleg(struct nfscldeleg *dp)
 1723 {
 1724         struct nfsclowner *owp, *nowp;
 1725         struct nfsclopen *op;
 1726 
 1727         LIST_FOREACH_SAFE(owp, &dp->nfsdl_owner, nfsow_list, nowp) {
 1728                 op = LIST_FIRST(&owp->nfsow_open);
 1729                 if (op != NULL) {
 1730                         if (LIST_NEXT(op, nfso_list) != NULL)
 1731                                 panic("nfscleandel");
 1732                         nfscl_freeopen(op, 1, true);
 1733                 }
 1734                 nfscl_freeopenowner(owp, 1);
 1735         }
 1736         nfscl_freealllocks(&dp->nfsdl_lock, 1);
 1737 }
 1738 
 1739 /*
 1740  * Free a delegation.
 1741  */
 1742 static void
 1743 nfscl_freedeleg(struct nfscldeleghead *hdp, struct nfscldeleg *dp, bool freeit)
 1744 {
 1745 
 1746         TAILQ_REMOVE(hdp, dp, nfsdl_list);
 1747         LIST_REMOVE(dp, nfsdl_hash);
 1748         if (freeit)
 1749                 free(dp, M_NFSCLDELEG);
 1750         nfsstatsv1.cldelegates--;
 1751         nfscl_delegcnt--;
 1752 }
 1753 
 1754 /*
 1755  * Free up all state related to this client structure.
 1756  */
 1757 static void
 1758 nfscl_cleanclient(struct nfsclclient *clp)
 1759 {
 1760         struct nfsclowner *owp, *nowp;
 1761         struct nfsclopen *op, *nop;
 1762         struct nfscllayout *lyp, *nlyp;
 1763         struct nfscldevinfo *dip, *ndip;
 1764 
 1765         TAILQ_FOREACH_SAFE(lyp, &clp->nfsc_layout, nfsly_list, nlyp)
 1766                 nfscl_freelayout(lyp);
 1767 
 1768         LIST_FOREACH_SAFE(dip, &clp->nfsc_devinfo, nfsdi_list, ndip)
 1769                 nfscl_freedevinfo(dip);
 1770 
 1771         /* Now, all the OpenOwners, etc. */
 1772         LIST_FOREACH_SAFE(owp, &clp->nfsc_owner, nfsow_list, nowp) {
 1773                 LIST_FOREACH_SAFE(op, &owp->nfsow_open, nfso_list, nop) {
 1774                         nfscl_freeopen(op, 0, true);
 1775                 }
 1776                 nfscl_freeopenowner(owp, 0);
 1777         }
 1778 }
 1779 
 1780 /*
 1781  * Called when an NFSERR_EXPIRED is received from the server.
 1782  */
 1783 static void
 1784 nfscl_expireclient(struct nfsclclient *clp, struct nfsmount *nmp,
 1785     struct ucred *cred, NFSPROC_T *p)
 1786 {
 1787         struct nfsclowner *owp, *nowp, *towp;
 1788         struct nfsclopen *op, *nop, *top;
 1789         struct nfscldeleg *dp, *ndp;
 1790         int ret, printed = 0;
 1791 
 1792         /*
 1793          * First, merge locally issued Opens into the list for the server.
 1794          */
 1795         dp = TAILQ_FIRST(&clp->nfsc_deleg);
 1796         while (dp != NULL) {
 1797             ndp = TAILQ_NEXT(dp, nfsdl_list);
 1798             owp = LIST_FIRST(&dp->nfsdl_owner);
 1799             while (owp != NULL) {
 1800                 nowp = LIST_NEXT(owp, nfsow_list);
 1801                 op = LIST_FIRST(&owp->nfsow_open);
 1802                 if (op != NULL) {
 1803                     if (LIST_NEXT(op, nfso_list) != NULL)
 1804                         panic("nfsclexp");
 1805                     LIST_FOREACH(towp, &clp->nfsc_owner, nfsow_list) {
 1806                         if (!NFSBCMP(towp->nfsow_owner, owp->nfsow_owner,
 1807                             NFSV4CL_LOCKNAMELEN))
 1808                             break;
 1809                     }
 1810                     if (towp != NULL) {
 1811                         /* Merge opens in */
 1812                         LIST_FOREACH(top, &towp->nfsow_open, nfso_list) {
 1813                             if (top->nfso_fhlen == op->nfso_fhlen &&
 1814                                 !NFSBCMP(top->nfso_fh, op->nfso_fh,
 1815                                  op->nfso_fhlen)) {
 1816                                 top->nfso_mode |= op->nfso_mode;
 1817                                 top->nfso_opencnt += op->nfso_opencnt;
 1818                                 break;
 1819                             }
 1820                         }
 1821                         if (top == NULL) {
 1822                             /* Just add the open to the owner list */
 1823                             LIST_REMOVE(op, nfso_list);
 1824                             op->nfso_own = towp;
 1825                             LIST_INSERT_HEAD(&towp->nfsow_open, op, nfso_list);
 1826                             LIST_INSERT_HEAD(NFSCLOPENHASH(clp, op->nfso_fh,
 1827                                 op->nfso_fhlen), op, nfso_hash);
 1828                             nfsstatsv1.cllocalopens--;
 1829                             nfsstatsv1.clopens++;
 1830                         }
 1831                     } else {
 1832                         /* Just add the openowner to the client list */
 1833                         LIST_REMOVE(owp, nfsow_list);
 1834                         owp->nfsow_clp = clp;
 1835                         LIST_INSERT_HEAD(&clp->nfsc_owner, owp, nfsow_list);
 1836                         LIST_INSERT_HEAD(NFSCLOPENHASH(clp, op->nfso_fh,
 1837                             op->nfso_fhlen), op, nfso_hash);
 1838                         nfsstatsv1.cllocalopenowners--;
 1839                         nfsstatsv1.clopenowners++;
 1840                         nfsstatsv1.cllocalopens--;
 1841                         nfsstatsv1.clopens++;
 1842                     }
 1843                 }
 1844                 owp = nowp;
 1845             }
 1846             if (!printed && !LIST_EMPTY(&dp->nfsdl_lock)) {
 1847                 printed = 1;
 1848                 printf("nfsv4 expired locks lost\n");
 1849             }
 1850             nfscl_cleandeleg(dp);
 1851             nfscl_freedeleg(&clp->nfsc_deleg, dp, true);
 1852             dp = ndp;
 1853         }
 1854         if (!TAILQ_EMPTY(&clp->nfsc_deleg))
 1855             panic("nfsclexp");
 1856 
 1857         /*
 1858          * Now, try and reopen against the server.
 1859          */
 1860         LIST_FOREACH_SAFE(owp, &clp->nfsc_owner, nfsow_list, nowp) {
 1861                 owp->nfsow_seqid = 0;
 1862                 LIST_FOREACH_SAFE(op, &owp->nfsow_open, nfso_list, nop) {
 1863                         ret = nfscl_expireopen(clp, op, nmp, cred, p);
 1864                         if (ret && !printed) {
 1865                                 printed = 1;
 1866                                 printf("nfsv4 expired locks lost\n");
 1867                         }
 1868                 }
 1869                 if (LIST_EMPTY(&owp->nfsow_open))
 1870                         nfscl_freeopenowner(owp, 0);
 1871         }
 1872 }
 1873 
 1874 /*
 1875  * This function must be called after the process represented by "own" has
 1876  * exited. Must be called with CLSTATE lock held.
 1877  */
 1878 static void
 1879 nfscl_cleanup_common(struct nfsclclient *clp, u_int8_t *own)
 1880 {
 1881         struct nfsclowner *owp, *nowp;
 1882         struct nfscllockowner *lp;
 1883         struct nfscldeleg *dp;
 1884 
 1885         /* First, get rid of local locks on delegations. */
 1886         TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
 1887                 LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
 1888                     if (!NFSBCMP(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN)) {
 1889                         if ((lp->nfsl_rwlock.nfslock_lock & NFSV4LOCK_WANTED))
 1890                             panic("nfscllckw");
 1891                         nfscl_freelockowner(lp, 1);
 1892                         break;
 1893                     }
 1894                 }
 1895         }
 1896         owp = LIST_FIRST(&clp->nfsc_owner);
 1897         while (owp != NULL) {
 1898                 nowp = LIST_NEXT(owp, nfsow_list);
 1899                 if (!NFSBCMP(owp->nfsow_owner, own,
 1900                     NFSV4CL_LOCKNAMELEN)) {
 1901                         /*
 1902                          * If there are children that haven't closed the
 1903                          * file descriptors yet, the opens will still be
 1904                          * here. For that case, let the renew thread clear
 1905                          * out the OpenOwner later.
 1906                          */
 1907                         if (LIST_EMPTY(&owp->nfsow_open))
 1908                                 nfscl_freeopenowner(owp, 0);
 1909                         else
 1910                                 owp->nfsow_defunct = 1;
 1911                         break;
 1912                 }
 1913                 owp = nowp;
 1914         }
 1915 }
 1916 
 1917 /*
 1918  * Find open/lock owners for processes that have exited.
 1919  */
 1920 static void
 1921 nfscl_cleanupkext(struct nfsclclient *clp, struct nfscllockownerfhhead *lhp)
 1922 {
 1923         struct nfsclowner *owp, *nowp;
 1924         struct nfsclopen *op;
 1925         struct nfscllockowner *lp, *nlp;
 1926         struct nfscldeleg *dp;
 1927         uint8_t own[NFSV4CL_LOCKNAMELEN];
 1928 
 1929         /*
 1930          * All the pidhash locks must be acquired, since they are sx locks
 1931          * and must be acquired before the mutexes.  The pid(s) that will
 1932          * be used aren't known yet, so all the locks need to be acquired.
 1933          * Fortunately, this function is only performed once/sec.
 1934          */
 1935         pidhash_slockall();
 1936         NFSLOCKCLSTATE();
 1937         LIST_FOREACH_SAFE(owp, &clp->nfsc_owner, nfsow_list, nowp) {
 1938                 LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
 1939                         LIST_FOREACH_SAFE(lp, &op->nfso_lock, nfsl_list, nlp) {
 1940                                 if (LIST_EMPTY(&lp->nfsl_lock))
 1941                                         nfscl_emptylockowner(lp, lhp);
 1942                         }
 1943                 }
 1944                 if (nfscl_procdoesntexist(owp->nfsow_owner)) {
 1945                         memcpy(own, owp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
 1946                         nfscl_cleanup_common(clp, own);
 1947                 }
 1948         }
 1949 
 1950         /*
 1951          * For the single open_owner case, these lock owners need to be
 1952          * checked to see if they still exist separately.
 1953          * This is because nfscl_procdoesntexist() never returns true for
 1954          * the single open_owner so that the above doesn't ever call
 1955          * nfscl_cleanup_common().
 1956          */
 1957         TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
 1958                 LIST_FOREACH_SAFE(lp, &dp->nfsdl_lock, nfsl_list, nlp) {
 1959                         if (nfscl_procdoesntexist(lp->nfsl_owner)) {
 1960                                 memcpy(own, lp->nfsl_owner,
 1961                                     NFSV4CL_LOCKNAMELEN);
 1962                                 nfscl_cleanup_common(clp, own);
 1963                         }
 1964                 }
 1965         }
 1966         NFSUNLOCKCLSTATE();
 1967         pidhash_sunlockall();
 1968 }
 1969 
 1970 /*
 1971  * Take the empty lock owner and move it to the local lhp list if the
 1972  * associated process no longer exists.
 1973  */
 1974 static void
 1975 nfscl_emptylockowner(struct nfscllockowner *lp,
 1976     struct nfscllockownerfhhead *lhp)
 1977 {
 1978         struct nfscllockownerfh *lfhp, *mylfhp;
 1979         struct nfscllockowner *nlp;
 1980         int fnd_it;
 1981 
 1982         /* If not a Posix lock owner, just return. */
 1983         if ((lp->nfsl_lockflags & F_POSIX) == 0)
 1984                 return;
 1985 
 1986         fnd_it = 0;
 1987         mylfhp = NULL;
 1988         /*
 1989          * First, search to see if this lock owner is already in the list.
 1990          * If it is, then the associated process no longer exists.
 1991          */
 1992         SLIST_FOREACH(lfhp, lhp, nfslfh_list) {
 1993                 if (lfhp->nfslfh_len == lp->nfsl_open->nfso_fhlen &&
 1994                     !NFSBCMP(lfhp->nfslfh_fh, lp->nfsl_open->nfso_fh,
 1995                     lfhp->nfslfh_len))
 1996                         mylfhp = lfhp;
 1997                 LIST_FOREACH(nlp, &lfhp->nfslfh_lock, nfsl_list)
 1998                         if (!NFSBCMP(nlp->nfsl_owner, lp->nfsl_owner,
 1999                             NFSV4CL_LOCKNAMELEN))
 2000                                 fnd_it = 1;
 2001         }
 2002         /* If not found, check if process still exists. */
 2003         if (fnd_it == 0 && nfscl_procdoesntexist(lp->nfsl_owner) == 0)
 2004                 return;
 2005 
 2006         /* Move the lock owner over to the local list. */
 2007         if (mylfhp == NULL) {
 2008                 mylfhp = malloc(sizeof(struct nfscllockownerfh), M_TEMP,
 2009                     M_NOWAIT);
 2010                 if (mylfhp == NULL)
 2011                         return;
 2012                 mylfhp->nfslfh_len = lp->nfsl_open->nfso_fhlen;
 2013                 NFSBCOPY(lp->nfsl_open->nfso_fh, mylfhp->nfslfh_fh,
 2014                     mylfhp->nfslfh_len);
 2015                 LIST_INIT(&mylfhp->nfslfh_lock);
 2016                 SLIST_INSERT_HEAD(lhp, mylfhp, nfslfh_list);
 2017         }
 2018         LIST_REMOVE(lp, nfsl_list);
 2019         LIST_INSERT_HEAD(&mylfhp->nfslfh_lock, lp, nfsl_list);
 2020 }
 2021 
 2022 static int      fake_global;    /* Used to force visibility of MNTK_UNMOUNTF */
 2023 /*
 2024  * Called from nfs umount to free up the clientid.
 2025  */
 2026 void
 2027 nfscl_umount(struct nfsmount *nmp, NFSPROC_T *p, struct nfscldeleghead *dhp)
 2028 {
 2029         struct nfsclclient *clp;
 2030         struct ucred *cred;
 2031         int igotlock;
 2032 
 2033         /*
 2034          * For the case that matters, this is the thread that set
 2035          * MNTK_UNMOUNTF, so it will see it set. The code that follows is
 2036          * done to ensure that any thread executing nfscl_getcl() after
 2037          * this time, will see MNTK_UNMOUNTF set. nfscl_getcl() uses the
 2038          * mutex for NFSLOCKCLSTATE(), so it is "m" for the following
 2039          * explanation, courtesy of Alan Cox.
 2040          * What follows is a snippet from Alan Cox's email at:
 2041          * https://docs.FreeBSD.org/cgi/mid.cgi?BANLkTikR3d65zPHo9==08ZfJ2vmqZucEvw
 2042          * 
 2043          * 1. Set MNTK_UNMOUNTF
 2044          * 2. Acquire a standard FreeBSD mutex "m".
 2045          * 3. Update some data structures.
 2046          * 4. Release mutex "m".
 2047          * 
 2048          * Then, other threads that acquire "m" after step 4 has occurred will
 2049          * see MNTK_UNMOUNTF as set.  But, other threads that beat thread X to
 2050          * step 2 may or may not see MNTK_UNMOUNTF as set.
 2051          */
 2052         NFSLOCKCLSTATE();
 2053         if ((nmp->nm_mountp->mnt_kern_flag & MNTK_UNMOUNTF) != 0) {
 2054                 fake_global++;
 2055                 NFSUNLOCKCLSTATE();
 2056                 NFSLOCKCLSTATE();
 2057         }
 2058 
 2059         clp = nmp->nm_clp;
 2060         if (clp != NULL) {
 2061                 if ((clp->nfsc_flags & NFSCLFLAGS_INITED) == 0)
 2062                         panic("nfscl umount");
 2063 
 2064                 /*
 2065                  * First, handshake with the nfscl renew thread, to terminate
 2066                  * it.
 2067                  */
 2068                 clp->nfsc_flags |= NFSCLFLAGS_UMOUNT;
 2069                 while (clp->nfsc_flags & NFSCLFLAGS_HASTHREAD)
 2070                         (void)mtx_sleep(clp, NFSCLSTATEMUTEXPTR, PWAIT,
 2071                             "nfsclumnt", hz);
 2072 
 2073                 /*
 2074                  * Now, get the exclusive lock on the client state, so
 2075                  * that no uses of the state are still in progress.
 2076                  */
 2077                 do {
 2078                         igotlock = nfsv4_lock(&clp->nfsc_lock, 1, NULL,
 2079                             NFSCLSTATEMUTEXPTR, NULL);
 2080                 } while (!igotlock);
 2081                 NFSUNLOCKCLSTATE();
 2082 
 2083                 /*
 2084                  * Free up all the state. It will expire on the server, but
 2085                  * maybe we should do a SetClientId/SetClientIdConfirm so
 2086                  * the server throws it away?
 2087                  */
 2088                 LIST_REMOVE(clp, nfsc_list);
 2089                 nfscl_delegreturnall(clp, p, dhp);
 2090                 cred = newnfs_getcred();
 2091                 if (NFSHASNFSV4N(nmp)) {
 2092                         nfsrpc_destroysession(nmp, NULL, cred, p);
 2093                         nfsrpc_destroyclient(nmp, clp, cred, p);
 2094                 } else
 2095                         nfsrpc_setclient(nmp, clp, 0, NULL, cred, p);
 2096                 nfscl_cleanclient(clp);
 2097                 nmp->nm_clp = NULL;
 2098                 NFSFREECRED(cred);
 2099                 free(clp, M_NFSCLCLIENT);
 2100         } else
 2101                 NFSUNLOCKCLSTATE();
 2102 }
 2103 
 2104 /*
 2105  * This function is called when a server replies with NFSERR_STALECLIENTID
 2106  * NFSERR_STALESTATEID or NFSERR_BADSESSION. It traverses the clientid lists,
 2107  * doing Opens and Locks with reclaim. If these fail, it deletes the
 2108  * corresponding state.
 2109  */
 2110 static void
 2111 nfscl_recover(struct nfsclclient *clp, bool *retokp, struct ucred *cred,
 2112     NFSPROC_T *p)
 2113 {
 2114         struct nfsclowner *owp, *nowp;
 2115         struct nfsclopen *op, *nop;
 2116         struct nfscllockowner *lp, *nlp;
 2117         struct nfscllock *lop, *nlop;
 2118         struct nfscldeleg *dp, *ndp, *tdp;
 2119         struct nfsmount *nmp;
 2120         struct ucred *tcred;
 2121         struct nfsclopenhead extra_open;
 2122         struct nfscldeleghead extra_deleg;
 2123         struct nfsreq *rep;
 2124         u_int64_t len;
 2125         u_int32_t delegtype = NFSV4OPEN_DELEGATEWRITE, mode;
 2126         int i, igotlock = 0, error, trycnt, firstlock;
 2127         struct nfscllayout *lyp, *nlyp;
 2128         bool recovered_one;
 2129 
 2130         /*
 2131          * First, lock the client structure, so everyone else will
 2132          * block when trying to use state.
 2133          */
 2134         NFSLOCKCLSTATE();
 2135         clp->nfsc_flags |= NFSCLFLAGS_RECVRINPROG;
 2136         do {
 2137                 igotlock = nfsv4_lock(&clp->nfsc_lock, 1, NULL,
 2138                     NFSCLSTATEMUTEXPTR, NULL);
 2139         } while (!igotlock);
 2140         NFSUNLOCKCLSTATE();
 2141 
 2142         nmp = clp->nfsc_nmp;
 2143         if (nmp == NULL)
 2144                 panic("nfscl recover");
 2145 
 2146         /*
 2147          * For now, just get rid of all layouts. There may be a need
 2148          * to do LayoutCommit Ops with reclaim == true later.
 2149          */
 2150         TAILQ_FOREACH_SAFE(lyp, &clp->nfsc_layout, nfsly_list, nlyp)
 2151                 nfscl_freelayout(lyp);
 2152         TAILQ_INIT(&clp->nfsc_layout);
 2153         for (i = 0; i < NFSCLLAYOUTHASHSIZE; i++)
 2154                 LIST_INIT(&clp->nfsc_layouthash[i]);
 2155 
 2156         trycnt = 5;
 2157         tcred = NULL;
 2158         do {
 2159                 error = nfsrpc_setclient(nmp, clp, 1, retokp, cred, p);
 2160         } while ((error == NFSERR_STALECLIENTID ||
 2161              error == NFSERR_BADSESSION ||
 2162              error == NFSERR_STALEDONTRECOVER) && --trycnt > 0);
 2163         if (error) {
 2164                 NFSLOCKCLSTATE();
 2165                 clp->nfsc_flags &= ~(NFSCLFLAGS_RECOVER |
 2166                     NFSCLFLAGS_RECVRINPROG);
 2167                 wakeup(&clp->nfsc_flags);
 2168                 nfsv4_unlock(&clp->nfsc_lock, 0);
 2169                 NFSUNLOCKCLSTATE();
 2170                 return;
 2171         }
 2172         clp->nfsc_flags |= NFSCLFLAGS_HASCLIENTID;
 2173         clp->nfsc_flags &= ~NFSCLFLAGS_RECOVER;
 2174 
 2175         /*
 2176          * Mark requests already queued on the server, so that they don't
 2177          * initiate another recovery cycle. Any requests already in the
 2178          * queue that handle state information will have the old stale
 2179          * clientid/stateid and will get a NFSERR_STALESTATEID,
 2180          * NFSERR_STALECLIENTID or NFSERR_BADSESSION reply from the server.
 2181          * This will be translated to NFSERR_STALEDONTRECOVER when
 2182          * R_DONTRECOVER is set.
 2183          */
 2184         NFSLOCKREQ();
 2185         TAILQ_FOREACH(rep, &nfsd_reqq, r_chain) {
 2186                 if (rep->r_nmp == nmp)
 2187                         rep->r_flags |= R_DONTRECOVER;
 2188         }
 2189         NFSUNLOCKREQ();
 2190 
 2191         /*
 2192          * If nfsrpc_setclient() returns *retokp == true,
 2193          * no more recovery is needed.
 2194          */
 2195         if (*retokp)
 2196                 goto out;
 2197 
 2198         /*
 2199          * Now, mark all delegations "need reclaim".
 2200          */
 2201         TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list)
 2202                 dp->nfsdl_flags |= NFSCLDL_NEEDRECLAIM;
 2203 
 2204         TAILQ_INIT(&extra_deleg);
 2205         LIST_INIT(&extra_open);
 2206         /*
 2207          * Now traverse the state lists, doing Open and Lock Reclaims.
 2208          */
 2209         tcred = newnfs_getcred();
 2210         recovered_one = false;
 2211         owp = LIST_FIRST(&clp->nfsc_owner);
 2212         while (owp != NULL) {
 2213             nowp = LIST_NEXT(owp, nfsow_list);
 2214             owp->nfsow_seqid = 0;
 2215             op = LIST_FIRST(&owp->nfsow_open);
 2216             while (op != NULL) {
 2217                 nop = LIST_NEXT(op, nfso_list);
 2218                 if (error != NFSERR_NOGRACE && error != NFSERR_BADSESSION) {
 2219                     /* Search for a delegation to reclaim with the open */
 2220                     TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
 2221                         if (!(dp->nfsdl_flags & NFSCLDL_NEEDRECLAIM))
 2222                             continue;
 2223                         if ((dp->nfsdl_flags & NFSCLDL_WRITE)) {
 2224                             mode = NFSV4OPEN_ACCESSWRITE;
 2225                             delegtype = NFSV4OPEN_DELEGATEWRITE;
 2226                         } else {
 2227                             mode = NFSV4OPEN_ACCESSREAD;
 2228                             delegtype = NFSV4OPEN_DELEGATEREAD;
 2229                         }
 2230                         if ((op->nfso_mode & mode) == mode &&
 2231                             op->nfso_fhlen == dp->nfsdl_fhlen &&
 2232                             !NFSBCMP(op->nfso_fh, dp->nfsdl_fh, op->nfso_fhlen))
 2233                             break;
 2234                     }
 2235                     ndp = dp;
 2236                     if (dp == NULL)
 2237                         delegtype = NFSV4OPEN_DELEGATENONE;
 2238                     newnfs_copycred(&op->nfso_cred, tcred);
 2239                     error = nfscl_tryopen(nmp, NULL, op->nfso_fh,
 2240                         op->nfso_fhlen, op->nfso_fh, op->nfso_fhlen,
 2241                         op->nfso_mode, op, NULL, 0, &ndp, 1, delegtype,
 2242                         tcred, p);
 2243                     if (!error) {
 2244                         recovered_one = true;
 2245                         /* Handle any replied delegation */
 2246                         if (ndp != NULL && ((ndp->nfsdl_flags & NFSCLDL_WRITE)
 2247                             || NFSMNT_RDONLY(nmp->nm_mountp))) {
 2248                             if ((ndp->nfsdl_flags & NFSCLDL_WRITE))
 2249                                 mode = NFSV4OPEN_ACCESSWRITE;
 2250                             else
 2251                                 mode = NFSV4OPEN_ACCESSREAD;
 2252                             TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
 2253                                 if (!(dp->nfsdl_flags & NFSCLDL_NEEDRECLAIM))
 2254                                     continue;
 2255                                 if ((op->nfso_mode & mode) == mode &&
 2256                                     op->nfso_fhlen == dp->nfsdl_fhlen &&
 2257                                     !NFSBCMP(op->nfso_fh, dp->nfsdl_fh,
 2258                                     op->nfso_fhlen)) {
 2259                                     dp->nfsdl_stateid = ndp->nfsdl_stateid;
 2260                                     dp->nfsdl_sizelimit = ndp->nfsdl_sizelimit;
 2261                                     dp->nfsdl_ace = ndp->nfsdl_ace;
 2262                                     dp->nfsdl_change = ndp->nfsdl_change;
 2263                                     dp->nfsdl_flags &= ~NFSCLDL_NEEDRECLAIM;
 2264                                     if ((ndp->nfsdl_flags & NFSCLDL_RECALL))
 2265                                         dp->nfsdl_flags |= NFSCLDL_RECALL;
 2266                                     free(ndp, M_NFSCLDELEG);
 2267                                     ndp = NULL;
 2268                                     break;
 2269                                 }
 2270                             }
 2271                         }
 2272                         if (ndp != NULL)
 2273                             TAILQ_INSERT_HEAD(&extra_deleg, ndp, nfsdl_list);
 2274 
 2275                         /* and reclaim all byte range locks */
 2276                         lp = LIST_FIRST(&op->nfso_lock);
 2277                         while (lp != NULL) {
 2278                             nlp = LIST_NEXT(lp, nfsl_list);
 2279                             lp->nfsl_seqid = 0;
 2280                             firstlock = 1;
 2281                             lop = LIST_FIRST(&lp->nfsl_lock);
 2282                             while (lop != NULL) {
 2283                                 nlop = LIST_NEXT(lop, nfslo_list);
 2284                                 if (lop->nfslo_end == NFS64BITSSET)
 2285                                     len = NFS64BITSSET;
 2286                                 else
 2287                                     len = lop->nfslo_end - lop->nfslo_first;
 2288                                 error = nfscl_trylock(nmp, NULL,
 2289                                     op->nfso_fh, op->nfso_fhlen, lp,
 2290                                     firstlock, 1, lop->nfslo_first, len,
 2291                                     lop->nfslo_type, tcred, p);
 2292                                 if (error != 0)
 2293                                     nfscl_freelock(lop, 0);
 2294                                 else
 2295                                     firstlock = 0;
 2296                                 lop = nlop;
 2297                             }
 2298                             /* If no locks, but a lockowner, just delete it. */
 2299                             if (LIST_EMPTY(&lp->nfsl_lock))
 2300                                 nfscl_freelockowner(lp, 0);
 2301                             lp = nlp;
 2302                         }
 2303                     } else if (error == NFSERR_NOGRACE && !recovered_one &&
 2304                         NFSHASNFSV4N(nmp)) {
 2305                         /*
 2306                          * For NFSv4.1/4.2, the NFSERR_EXPIRED case will
 2307                          * actually end up here, since the client will do
 2308                          * a recovery for NFSERR_BADSESSION, but will get
 2309                          * an NFSERR_NOGRACE reply for the first "reclaim"
 2310                          * attempt.
 2311                          * So, call nfscl_expireclient() to recover the
 2312                          * opens as best we can and then do a reclaim
 2313                          * complete and return.
 2314                          */
 2315                         nfsrpc_reclaimcomplete(nmp, cred, p);
 2316                         nfscl_expireclient(clp, nmp, tcred, p);
 2317                         goto out;
 2318                     }
 2319                 }
 2320                 if (error != 0 && error != NFSERR_BADSESSION)
 2321                     nfscl_freeopen(op, 0, true);
 2322                 op = nop;
 2323             }
 2324             owp = nowp;
 2325         }
 2326 
 2327         /*
 2328          * Now, try and get any delegations not yet reclaimed by cobbling
 2329          * to-gether an appropriate open.
 2330          */
 2331         nowp = NULL;
 2332         dp = TAILQ_FIRST(&clp->nfsc_deleg);
 2333         while (dp != NULL) {
 2334             ndp = TAILQ_NEXT(dp, nfsdl_list);
 2335             if ((dp->nfsdl_flags & NFSCLDL_NEEDRECLAIM)) {
 2336                 if (nowp == NULL) {
 2337                     nowp = malloc(
 2338                         sizeof (struct nfsclowner), M_NFSCLOWNER, M_WAITOK);
 2339                     /*
 2340                      * Name must be as long an largest possible
 2341                      * NFSV4CL_LOCKNAMELEN. 12 for now.
 2342                      */
 2343                     NFSBCOPY("RECLAIMDELEG", nowp->nfsow_owner,
 2344                         NFSV4CL_LOCKNAMELEN);
 2345                     LIST_INIT(&nowp->nfsow_open);
 2346                     nowp->nfsow_clp = clp;
 2347                     nowp->nfsow_seqid = 0;
 2348                     nowp->nfsow_defunct = 0;
 2349                     nfscl_lockinit(&nowp->nfsow_rwlock);
 2350                 }
 2351                 nop = NULL;
 2352                 if (error != NFSERR_NOGRACE && error != NFSERR_BADSESSION) {
 2353                     nop = malloc(sizeof (struct nfsclopen) +
 2354                         dp->nfsdl_fhlen - 1, M_NFSCLOPEN, M_WAITOK);
 2355                     nop->nfso_own = nowp;
 2356                     if ((dp->nfsdl_flags & NFSCLDL_WRITE)) {
 2357                         nop->nfso_mode = NFSV4OPEN_ACCESSWRITE;
 2358                         delegtype = NFSV4OPEN_DELEGATEWRITE;
 2359                     } else {
 2360                         nop->nfso_mode = NFSV4OPEN_ACCESSREAD;
 2361                         delegtype = NFSV4OPEN_DELEGATEREAD;
 2362                     }
 2363                     nop->nfso_opencnt = 0;
 2364                     nop->nfso_posixlock = 1;
 2365                     nop->nfso_fhlen = dp->nfsdl_fhlen;
 2366                     NFSBCOPY(dp->nfsdl_fh, nop->nfso_fh, dp->nfsdl_fhlen);
 2367                     LIST_INIT(&nop->nfso_lock);
 2368                     nop->nfso_stateid.seqid = 0;
 2369                     nop->nfso_stateid.other[0] = 0;
 2370                     nop->nfso_stateid.other[1] = 0;
 2371                     nop->nfso_stateid.other[2] = 0;
 2372                     newnfs_copycred(&dp->nfsdl_cred, tcred);
 2373                     newnfs_copyincred(tcred, &nop->nfso_cred);
 2374                     tdp = NULL;
 2375                     error = nfscl_tryopen(nmp, NULL, nop->nfso_fh,
 2376                         nop->nfso_fhlen, nop->nfso_fh, nop->nfso_fhlen,
 2377                         nop->nfso_mode, nop, NULL, 0, &tdp, 1,
 2378                         delegtype, tcred, p);
 2379                     if (tdp != NULL) {
 2380                         if ((tdp->nfsdl_flags & NFSCLDL_WRITE))
 2381                             mode = NFSV4OPEN_ACCESSWRITE;
 2382                         else
 2383                             mode = NFSV4OPEN_ACCESSREAD;
 2384                         if ((nop->nfso_mode & mode) == mode &&
 2385                             nop->nfso_fhlen == tdp->nfsdl_fhlen &&
 2386                             !NFSBCMP(nop->nfso_fh, tdp->nfsdl_fh,
 2387                             nop->nfso_fhlen)) {
 2388                             dp->nfsdl_stateid = tdp->nfsdl_stateid;
 2389                             dp->nfsdl_sizelimit = tdp->nfsdl_sizelimit;
 2390                             dp->nfsdl_ace = tdp->nfsdl_ace;
 2391                             dp->nfsdl_change = tdp->nfsdl_change;
 2392                             dp->nfsdl_flags &= ~NFSCLDL_NEEDRECLAIM;
 2393                             if ((tdp->nfsdl_flags & NFSCLDL_RECALL))
 2394                                 dp->nfsdl_flags |= NFSCLDL_RECALL;
 2395                             free(tdp, M_NFSCLDELEG);
 2396                         } else {
 2397                             TAILQ_INSERT_HEAD(&extra_deleg, tdp, nfsdl_list);
 2398                         }
 2399                     }
 2400                 }
 2401                 if (error) {
 2402                     if (nop != NULL)
 2403                         free(nop, M_NFSCLOPEN);
 2404                     if (error == NFSERR_NOGRACE && !recovered_one &&
 2405                         NFSHASNFSV4N(nmp)) {
 2406                         /*
 2407                          * For NFSv4.1/4.2, the NFSERR_EXPIRED case will
 2408                          * actually end up here, since the client will do
 2409                          * a recovery for NFSERR_BADSESSION, but will get
 2410                          * an NFSERR_NOGRACE reply for the first "reclaim"
 2411                          * attempt.
 2412                          * So, call nfscl_expireclient() to recover the
 2413                          * opens as best we can and then do a reclaim
 2414                          * complete and return.
 2415                          */
 2416                         nfsrpc_reclaimcomplete(nmp, cred, p);
 2417                         nfscl_expireclient(clp, nmp, tcred, p);
 2418                         free(nowp, M_NFSCLOWNER);
 2419                         goto out;
 2420                     }
 2421                     /*
 2422                      * Couldn't reclaim it, so throw the state
 2423                      * away. Ouch!!
 2424                      */
 2425                     nfscl_cleandeleg(dp);
 2426                     nfscl_freedeleg(&clp->nfsc_deleg, dp, true);
 2427                 } else {
 2428                     recovered_one = true;
 2429                     LIST_INSERT_HEAD(&extra_open, nop, nfso_list);
 2430                 }
 2431             }
 2432             dp = ndp;
 2433         }
 2434 
 2435         /*
 2436          * Now, get rid of extra Opens and Delegations.
 2437          */
 2438         LIST_FOREACH_SAFE(op, &extra_open, nfso_list, nop) {
 2439                 do {
 2440                         newnfs_copycred(&op->nfso_cred, tcred);
 2441                         error = nfscl_tryclose(op, tcred, nmp, p, true);
 2442                         if (error == NFSERR_GRACE)
 2443                                 (void) nfs_catnap(PZERO, error, "nfsexcls");
 2444                 } while (error == NFSERR_GRACE);
 2445                 LIST_REMOVE(op, nfso_list);
 2446                 free(op, M_NFSCLOPEN);
 2447         }
 2448         if (nowp != NULL)
 2449                 free(nowp, M_NFSCLOWNER);
 2450 
 2451         TAILQ_FOREACH_SAFE(dp, &extra_deleg, nfsdl_list, ndp) {
 2452                 do {
 2453                         newnfs_copycred(&dp->nfsdl_cred, tcred);
 2454                         error = nfscl_trydelegreturn(dp, tcred, nmp, p);
 2455                         if (error == NFSERR_GRACE)
 2456                                 (void) nfs_catnap(PZERO, error, "nfsexdlg");
 2457                 } while (error == NFSERR_GRACE);
 2458                 TAILQ_REMOVE(&extra_deleg, dp, nfsdl_list);
 2459                 free(dp, M_NFSCLDELEG);
 2460         }
 2461 
 2462         /* For NFSv4.1 or later, do a RECLAIM_COMPLETE. */
 2463         if (NFSHASNFSV4N(nmp))
 2464                 (void)nfsrpc_reclaimcomplete(nmp, cred, p);
 2465 
 2466 out:
 2467         NFSLOCKCLSTATE();
 2468         clp->nfsc_flags &= ~NFSCLFLAGS_RECVRINPROG;
 2469         wakeup(&clp->nfsc_flags);
 2470         nfsv4_unlock(&clp->nfsc_lock, 0);
 2471         NFSUNLOCKCLSTATE();
 2472         if (tcred != NULL)
 2473                 NFSFREECRED(tcred);
 2474 }
 2475 
 2476 /*
 2477  * This function is called when a server replies with NFSERR_EXPIRED.
 2478  * It deletes all state for the client and does a fresh SetClientId/confirm.
 2479  * XXX Someday it should post a signal to the process(es) that hold the
 2480  * state, so they know that lock state has been lost.
 2481  */
 2482 int
 2483 nfscl_hasexpired(struct nfsclclient *clp, u_int32_t clidrev, NFSPROC_T *p)
 2484 {
 2485         struct nfsmount *nmp;
 2486         struct ucred *cred;
 2487         int igotlock = 0, error, trycnt;
 2488 
 2489         /*
 2490          * If the clientid has gone away or a new SetClientid has already
 2491          * been done, just return ok.
 2492          */
 2493         if (clp == NULL || clidrev != clp->nfsc_clientidrev)
 2494                 return (0);
 2495 
 2496         /*
 2497          * First, lock the client structure, so everyone else will
 2498          * block when trying to use state. Also, use NFSCLFLAGS_EXPIREIT so
 2499          * that only one thread does the work.
 2500          */
 2501         NFSLOCKCLSTATE();
 2502         clp->nfsc_flags |= NFSCLFLAGS_EXPIREIT;
 2503         do {
 2504                 igotlock = nfsv4_lock(&clp->nfsc_lock, 1, NULL,
 2505                     NFSCLSTATEMUTEXPTR, NULL);
 2506         } while (!igotlock && (clp->nfsc_flags & NFSCLFLAGS_EXPIREIT));
 2507         if ((clp->nfsc_flags & NFSCLFLAGS_EXPIREIT) == 0) {
 2508                 if (igotlock)
 2509                         nfsv4_unlock(&clp->nfsc_lock, 0);
 2510                 NFSUNLOCKCLSTATE();
 2511                 return (0);
 2512         }
 2513         clp->nfsc_flags |= NFSCLFLAGS_RECVRINPROG;
 2514         NFSUNLOCKCLSTATE();
 2515 
 2516         nmp = clp->nfsc_nmp;
 2517         if (nmp == NULL)
 2518                 panic("nfscl expired");
 2519         cred = newnfs_getcred();
 2520         trycnt = 5;
 2521         do {
 2522                 error = nfsrpc_setclient(nmp, clp, 0, NULL, cred, p);
 2523         } while ((error == NFSERR_STALECLIENTID ||
 2524              error == NFSERR_BADSESSION ||
 2525              error == NFSERR_STALEDONTRECOVER) && --trycnt > 0);
 2526         if (error) {
 2527                 NFSLOCKCLSTATE();
 2528                 clp->nfsc_flags &= ~NFSCLFLAGS_RECOVER;
 2529         } else {
 2530                 /*
 2531                  * Expire the state for the client.
 2532                  */
 2533                 nfscl_expireclient(clp, nmp, cred, p);
 2534                 NFSLOCKCLSTATE();
 2535                 clp->nfsc_flags |= NFSCLFLAGS_HASCLIENTID;
 2536                 clp->nfsc_flags &= ~NFSCLFLAGS_RECOVER;
 2537         }
 2538         clp->nfsc_flags &= ~(NFSCLFLAGS_EXPIREIT | NFSCLFLAGS_RECVRINPROG);
 2539         wakeup(&clp->nfsc_flags);
 2540         nfsv4_unlock(&clp->nfsc_lock, 0);
 2541         NFSUNLOCKCLSTATE();
 2542         NFSFREECRED(cred);
 2543         return (error);
 2544 }
 2545 
 2546 /*
 2547  * This function inserts a lock in the list after insert_lop.
 2548  */
 2549 static void
 2550 nfscl_insertlock(struct nfscllockowner *lp, struct nfscllock *new_lop,
 2551     struct nfscllock *insert_lop, int local)
 2552 {
 2553 
 2554         if ((struct nfscllockowner *)insert_lop == lp)
 2555                 LIST_INSERT_HEAD(&lp->nfsl_lock, new_lop, nfslo_list);
 2556         else
 2557                 LIST_INSERT_AFTER(insert_lop, new_lop, nfslo_list);
 2558         if (local)
 2559                 nfsstatsv1.cllocallocks++;
 2560         else
 2561                 nfsstatsv1.cllocks++;
 2562 }
 2563 
 2564 /*
 2565  * This function updates the locking for a lock owner and given file. It
 2566  * maintains a list of lock ranges ordered on increasing file offset that
 2567  * are NFSCLLOCK_READ or NFSCLLOCK_WRITE and non-overlapping (aka POSIX style).
 2568  * It always adds new_lop to the list and sometimes uses the one pointed
 2569  * at by other_lopp.
 2570  * Returns 1 if the locks were modified, 0 otherwise.
 2571  */
 2572 static int
 2573 nfscl_updatelock(struct nfscllockowner *lp, struct nfscllock **new_lopp,
 2574     struct nfscllock **other_lopp, int local)
 2575 {
 2576         struct nfscllock *new_lop = *new_lopp;
 2577         struct nfscllock *lop, *tlop, *ilop;
 2578         struct nfscllock *other_lop;
 2579         int unlock = 0, modified = 0;
 2580         u_int64_t tmp;
 2581 
 2582         /*
 2583          * Work down the list until the lock is merged.
 2584          */
 2585         if (new_lop->nfslo_type == F_UNLCK)
 2586                 unlock = 1;
 2587         ilop = (struct nfscllock *)lp;
 2588         lop = LIST_FIRST(&lp->nfsl_lock);
 2589         while (lop != NULL) {
 2590             /*
 2591              * Only check locks for this file that aren't before the start of
 2592              * new lock's range.
 2593              */
 2594             if (lop->nfslo_end >= new_lop->nfslo_first) {
 2595                 if (new_lop->nfslo_end < lop->nfslo_first) {
 2596                     /*
 2597                      * If the new lock ends before the start of the
 2598                      * current lock's range, no merge, just insert
 2599                      * the new lock.
 2600                      */
 2601                     break;
 2602                 }
 2603                 if (new_lop->nfslo_type == lop->nfslo_type ||
 2604                     (new_lop->nfslo_first <= lop->nfslo_first &&
 2605                      new_lop->nfslo_end >= lop->nfslo_end)) {
 2606                     /*
 2607                      * This lock can be absorbed by the new lock/unlock.
 2608                      * This happens when it covers the entire range
 2609                      * of the old lock or is contiguous
 2610                      * with the old lock and is of the same type or an
 2611                      * unlock.
 2612                      */
 2613                     if (new_lop->nfslo_type != lop->nfslo_type ||
 2614                         new_lop->nfslo_first != lop->nfslo_first ||
 2615                         new_lop->nfslo_end != lop->nfslo_end)
 2616                         modified = 1;
 2617                     if (lop->nfslo_first < new_lop->nfslo_first)
 2618                         new_lop->nfslo_first = lop->nfslo_first;
 2619                     if (lop->nfslo_end > new_lop->nfslo_end)
 2620                         new_lop->nfslo_end = lop->nfslo_end;
 2621                     tlop = lop;
 2622                     lop = LIST_NEXT(lop, nfslo_list);
 2623                     nfscl_freelock(tlop, local);
 2624                     continue;
 2625                 }
 2626 
 2627                 /*
 2628                  * All these cases are for contiguous locks that are not the
 2629                  * same type, so they can't be merged.
 2630                  */
 2631                 if (new_lop->nfslo_first <= lop->nfslo_first) {
 2632                     /*
 2633                      * This case is where the new lock overlaps with the
 2634                      * first part of the old lock. Move the start of the
 2635                      * old lock to just past the end of the new lock. The
 2636                      * new lock will be inserted in front of the old, since
 2637                      * ilop hasn't been updated. (We are done now.)
 2638                      */
 2639                     if (lop->nfslo_first != new_lop->nfslo_end) {
 2640                         lop->nfslo_first = new_lop->nfslo_end;
 2641                         modified = 1;
 2642                     }
 2643                     break;
 2644                 }
 2645                 if (new_lop->nfslo_end >= lop->nfslo_end) {
 2646                     /*
 2647                      * This case is where the new lock overlaps with the
 2648                      * end of the old lock's range. Move the old lock's
 2649                      * end to just before the new lock's first and insert
 2650                      * the new lock after the old lock.
 2651                      * Might not be done yet, since the new lock could
 2652                      * overlap further locks with higher ranges.
 2653                      */
 2654                     if (lop->nfslo_end != new_lop->nfslo_first) {
 2655                         lop->nfslo_end = new_lop->nfslo_first;
 2656                         modified = 1;
 2657                     }
 2658                     ilop = lop;
 2659                     lop = LIST_NEXT(lop, nfslo_list);
 2660                     continue;
 2661                 }
 2662                 /*
 2663                  * The final case is where the new lock's range is in the
 2664                  * middle of the current lock's and splits the current lock
 2665                  * up. Use *other_lopp to handle the second part of the
 2666                  * split old lock range. (We are done now.)
 2667                  * For unlock, we use new_lop as other_lop and tmp, since
 2668                  * other_lop and new_lop are the same for this case.
 2669                  * We noted the unlock case above, so we don't need
 2670                  * new_lop->nfslo_type any longer.
 2671                  */
 2672                 tmp = new_lop->nfslo_first;
 2673                 if (unlock) {
 2674                     other_lop = new_lop;
 2675                     *new_lopp = NULL;
 2676                 } else {
 2677                     other_lop = *other_lopp;
 2678                     *other_lopp = NULL;
 2679                 }
 2680                 other_lop->nfslo_first = new_lop->nfslo_end;
 2681                 other_lop->nfslo_end = lop->nfslo_end;
 2682                 other_lop->nfslo_type = lop->nfslo_type;
 2683                 lop->nfslo_end = tmp;
 2684                 nfscl_insertlock(lp, other_lop, lop, local);
 2685                 ilop = lop;
 2686                 modified = 1;
 2687                 break;
 2688             }
 2689             ilop = lop;
 2690             lop = LIST_NEXT(lop, nfslo_list);
 2691             if (lop == NULL)
 2692                 break;
 2693         }
 2694 
 2695         /*
 2696          * Insert the new lock in the list at the appropriate place.
 2697          */
 2698         if (!unlock) {
 2699                 nfscl_insertlock(lp, new_lop, ilop, local);
 2700                 *new_lopp = NULL;
 2701                 modified = 1;
 2702         }
 2703         return (modified);
 2704 }
 2705 
 2706 /*
 2707  * This function must be run as a kernel thread.
 2708  * It does Renew Ops and recovery, when required.
 2709  */
 2710 void
 2711 nfscl_renewthread(struct nfsclclient *clp, NFSPROC_T *p)
 2712 {
 2713         struct nfsclowner *owp, *nowp;
 2714         struct nfsclopen *op;
 2715         struct nfscllockowner *lp, *nlp;
 2716         struct nfscldeleghead dh;
 2717         struct nfscldeleg *dp, *ndp;
 2718         struct ucred *cred;
 2719         u_int32_t clidrev;
 2720         int error, cbpathdown, islept, igotlock, ret, clearok;
 2721         uint32_t recover_done_time = 0;
 2722         time_t mytime;
 2723         static time_t prevsec = 0;
 2724         struct nfscllockownerfh *lfhp, *nlfhp;
 2725         struct nfscllockownerfhhead lfh;
 2726         struct nfscllayout *lyp, *nlyp;
 2727         struct nfscldevinfo *dip, *ndip;
 2728         struct nfscllayouthead rlh;
 2729         struct nfsclrecalllayout *recallp;
 2730         struct nfsclds *dsp;
 2731         bool retok;
 2732         struct mount *mp;
 2733         vnode_t vp;
 2734 
 2735         cred = newnfs_getcred();
 2736         NFSLOCKCLSTATE();
 2737         clp->nfsc_flags |= NFSCLFLAGS_HASTHREAD;
 2738         mp = clp->nfsc_nmp->nm_mountp;
 2739         NFSUNLOCKCLSTATE();
 2740         for(;;) {
 2741                 newnfs_setroot(cred);
 2742                 cbpathdown = 0;
 2743                 if (clp->nfsc_flags & NFSCLFLAGS_RECOVER) {
 2744                         /*
 2745                          * Only allow one full recover within 1/2 of the lease
 2746                          * duration (nfsc_renew).
 2747                          * retok is value/result.  If passed in set to true,
 2748                          * it indicates only a CreateSession operation should
 2749                          * be attempted.
 2750                          * If it is returned true, it indicates that the
 2751                          * recovery only required a CreateSession.
 2752                          */
 2753                         retok = true;
 2754                         if (recover_done_time < NFSD_MONOSEC) {
 2755                                 recover_done_time = NFSD_MONOSEC +
 2756                                     clp->nfsc_renew;
 2757                                 retok = false;
 2758                         }
 2759                         NFSCL_DEBUG(1, "Doing recovery, only "
 2760                             "createsession=%d\n", retok);
 2761                         nfscl_recover(clp, &retok, cred, p);
 2762                 }
 2763                 if (clp->nfsc_expire <= NFSD_MONOSEC &&
 2764                     (clp->nfsc_flags & NFSCLFLAGS_HASCLIENTID)) {
 2765                         clp->nfsc_expire = NFSD_MONOSEC + clp->nfsc_renew;
 2766                         clidrev = clp->nfsc_clientidrev;
 2767                         error = nfsrpc_renew(clp, NULL, cred, p);
 2768                         if (error == NFSERR_CBPATHDOWN)
 2769                             cbpathdown = 1;
 2770                         else if (error == NFSERR_STALECLIENTID) {
 2771                             NFSLOCKCLSTATE();
 2772                             clp->nfsc_flags |= NFSCLFLAGS_RECOVER;
 2773                             NFSUNLOCKCLSTATE();
 2774                         } else if (error == NFSERR_EXPIRED)
 2775                             (void) nfscl_hasexpired(clp, clidrev, p);
 2776                 }
 2777 
 2778 checkdsrenew:
 2779                 if (NFSHASNFSV4N(clp->nfsc_nmp)) {
 2780                         /* Do renews for any DS sessions. */
 2781                         NFSLOCKMNT(clp->nfsc_nmp);
 2782                         /* Skip first entry, since the MDS is handled above. */
 2783                         dsp = TAILQ_FIRST(&clp->nfsc_nmp->nm_sess);
 2784                         if (dsp != NULL)
 2785                                 dsp = TAILQ_NEXT(dsp, nfsclds_list);
 2786                         while (dsp != NULL) {
 2787                                 if (dsp->nfsclds_expire <= NFSD_MONOSEC &&
 2788                                     dsp->nfsclds_sess.nfsess_defunct == 0) {
 2789                                         dsp->nfsclds_expire = NFSD_MONOSEC +
 2790                                             clp->nfsc_renew;
 2791                                         NFSUNLOCKMNT(clp->nfsc_nmp);
 2792                                         (void)nfsrpc_renew(clp, dsp, cred, p);
 2793                                         goto checkdsrenew;
 2794                                 }
 2795                                 dsp = TAILQ_NEXT(dsp, nfsclds_list);
 2796                         }
 2797                         NFSUNLOCKMNT(clp->nfsc_nmp);
 2798                 }
 2799 
 2800                 TAILQ_INIT(&dh);
 2801                 NFSLOCKCLSTATE();
 2802                 if (cbpathdown)
 2803                         /* It's a Total Recall! */
 2804                         nfscl_totalrecall(clp);
 2805 
 2806                 /*
 2807                  * Now, handle defunct owners.
 2808                  */
 2809                 LIST_FOREACH_SAFE(owp, &clp->nfsc_owner, nfsow_list, nowp) {
 2810                         if (LIST_EMPTY(&owp->nfsow_open)) {
 2811                                 if (owp->nfsow_defunct != 0)
 2812                                         nfscl_freeopenowner(owp, 0);
 2813                         }
 2814                 }
 2815 
 2816                 /*
 2817                  * Do the recall on any delegations. To avoid trouble, always
 2818                  * come back up here after having slept.
 2819                  */
 2820                 igotlock = 0;
 2821 tryagain:
 2822                 dp = TAILQ_FIRST(&clp->nfsc_deleg);
 2823                 while (dp != NULL) {
 2824                         ndp = TAILQ_NEXT(dp, nfsdl_list);
 2825                         if ((dp->nfsdl_flags & NFSCLDL_RECALL)) {
 2826                                 /*
 2827                                  * Wait for outstanding I/O ops to be done.
 2828                                  */
 2829                                 if (dp->nfsdl_rwlock.nfslock_usecnt > 0) {
 2830                                     if (igotlock) {
 2831                                         nfsv4_unlock(&clp->nfsc_lock, 0);
 2832                                         igotlock = 0;
 2833                                     }
 2834                                     dp->nfsdl_rwlock.nfslock_lock |=
 2835                                         NFSV4LOCK_WANTED;
 2836                                     msleep(&dp->nfsdl_rwlock,
 2837                                         NFSCLSTATEMUTEXPTR, PVFS, "nfscld",
 2838                                         5 * hz);
 2839                                     if (NFSCL_FORCEDISM(mp))
 2840                                         goto terminate;
 2841                                     goto tryagain;
 2842                                 }
 2843                                 while (!igotlock) {
 2844                                     igotlock = nfsv4_lock(&clp->nfsc_lock, 1,
 2845                                         &islept, NFSCLSTATEMUTEXPTR, mp);
 2846                                     if (igotlock == 0 && NFSCL_FORCEDISM(mp))
 2847                                         goto terminate;
 2848                                     if (islept)
 2849                                         goto tryagain;
 2850                                 }
 2851                                 NFSUNLOCKCLSTATE();
 2852                                 newnfs_copycred(&dp->nfsdl_cred, cred);
 2853                                 ret = nfscl_recalldeleg(clp, clp->nfsc_nmp, dp,
 2854                                     NULL, cred, p, 1, &vp);
 2855                                 if (!ret) {
 2856                                     nfscl_cleandeleg(dp);
 2857                                     TAILQ_REMOVE(&clp->nfsc_deleg, dp,
 2858                                         nfsdl_list);
 2859                                     LIST_REMOVE(dp, nfsdl_hash);
 2860                                     TAILQ_INSERT_HEAD(&dh, dp, nfsdl_list);
 2861                                     nfscl_delegcnt--;
 2862                                     nfsstatsv1.cldelegates--;
 2863                                 }
 2864                                 NFSLOCKCLSTATE();
 2865                                 /*
 2866                                  * The nfsc_lock must be released before doing
 2867                                  * vrele(), since it might call nfs_inactive().
 2868                                  * For the unlikely case where the vnode failed
 2869                                  * to be acquired by nfscl_recalldeleg(), a
 2870                                  * VOP_RECLAIM() should be in progress and it
 2871                                  * will return the delegation.
 2872                                  */
 2873                                 nfsv4_unlock(&clp->nfsc_lock, 0);
 2874                                 igotlock = 0;
 2875                                 if (vp != NULL) {
 2876                                         NFSUNLOCKCLSTATE();
 2877                                         vrele(vp);
 2878                                         NFSLOCKCLSTATE();
 2879                                 }
 2880                                 goto tryagain;
 2881                         }
 2882                         dp = ndp;
 2883                 }
 2884 
 2885                 /*
 2886                  * Clear out old delegations, if we are above the high water
 2887                  * mark. Only clear out ones with no state related to them.
 2888                  * The tailq list is in LRU order.
 2889                  */
 2890                 dp = TAILQ_LAST(&clp->nfsc_deleg, nfscldeleghead);
 2891                 while (nfscl_delegcnt > nfscl_deleghighwater && dp != NULL) {
 2892                     ndp = TAILQ_PREV(dp, nfscldeleghead, nfsdl_list);
 2893                     if (dp->nfsdl_rwlock.nfslock_usecnt == 0 &&
 2894                         dp->nfsdl_rwlock.nfslock_lock == 0 &&
 2895                         dp->nfsdl_timestamp < NFSD_MONOSEC &&
 2896                         (dp->nfsdl_flags & (NFSCLDL_RECALL | NFSCLDL_ZAPPED |
 2897                           NFSCLDL_NEEDRECLAIM | NFSCLDL_DELEGRET)) == 0) {
 2898                         clearok = 1;
 2899                         LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
 2900                             op = LIST_FIRST(&owp->nfsow_open);
 2901                             if (op != NULL) {
 2902                                 clearok = 0;
 2903                                 break;
 2904                             }
 2905                         }
 2906                         if (clearok) {
 2907                             LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
 2908                                 if (!LIST_EMPTY(&lp->nfsl_lock)) {
 2909                                     clearok = 0;
 2910                                     break;
 2911                                 }
 2912                             }
 2913                         }
 2914                         if (clearok) {
 2915                             TAILQ_REMOVE(&clp->nfsc_deleg, dp, nfsdl_list);
 2916                             LIST_REMOVE(dp, nfsdl_hash);
 2917                             TAILQ_INSERT_HEAD(&dh, dp, nfsdl_list);
 2918                             nfscl_delegcnt--;
 2919                             nfsstatsv1.cldelegates--;
 2920                         }
 2921                     }
 2922                     dp = ndp;
 2923                 }
 2924                 if (igotlock)
 2925                         nfsv4_unlock(&clp->nfsc_lock, 0);
 2926 
 2927                 /*
 2928                  * Do the recall on any layouts. To avoid trouble, always
 2929                  * come back up here after having slept.
 2930                  */
 2931                 TAILQ_INIT(&rlh);
 2932 tryagain2:
 2933                 TAILQ_FOREACH_SAFE(lyp, &clp->nfsc_layout, nfsly_list, nlyp) {
 2934                         if ((lyp->nfsly_flags & NFSLY_RECALL) != 0) {
 2935                                 /*
 2936                                  * Wait for outstanding I/O ops to be done.
 2937                                  */
 2938                                 if (lyp->nfsly_lock.nfslock_usecnt > 0 ||
 2939                                     (lyp->nfsly_lock.nfslock_lock &
 2940                                      NFSV4LOCK_LOCK) != 0) {
 2941                                         lyp->nfsly_lock.nfslock_lock |=
 2942                                             NFSV4LOCK_WANTED;
 2943                                         msleep(&lyp->nfsly_lock.nfslock_lock,
 2944                                             NFSCLSTATEMUTEXPTR, PVFS, "nfslyp",
 2945                                             5 * hz);
 2946                                         if (NFSCL_FORCEDISM(mp))
 2947                                             goto terminate;
 2948                                         goto tryagain2;
 2949                                 }
 2950                                 /* Move the layout to the recall list. */
 2951                                 TAILQ_REMOVE(&clp->nfsc_layout, lyp,
 2952                                     nfsly_list);
 2953                                 LIST_REMOVE(lyp, nfsly_hash);
 2954                                 TAILQ_INSERT_HEAD(&rlh, lyp, nfsly_list);
 2955 
 2956                                 /* Handle any layout commits. */
 2957                                 if (!NFSHASNOLAYOUTCOMMIT(clp->nfsc_nmp) &&
 2958                                     (lyp->nfsly_flags & NFSLY_WRITTEN) != 0) {
 2959                                         lyp->nfsly_flags &= ~NFSLY_WRITTEN;
 2960                                         NFSUNLOCKCLSTATE();
 2961                                         NFSCL_DEBUG(3, "do layoutcommit\n");
 2962                                         nfscl_dolayoutcommit(clp->nfsc_nmp, lyp,
 2963                                             cred, p);
 2964                                         NFSLOCKCLSTATE();
 2965                                         goto tryagain2;
 2966                                 }
 2967                         }
 2968                 }
 2969 
 2970                 /* Now, look for stale layouts. */
 2971                 lyp = TAILQ_LAST(&clp->nfsc_layout, nfscllayouthead);
 2972                 while (lyp != NULL) {
 2973                         nlyp = TAILQ_PREV(lyp, nfscllayouthead, nfsly_list);
 2974                         if (lyp->nfsly_timestamp < NFSD_MONOSEC &&
 2975                             (lyp->nfsly_flags & (NFSLY_RECALL |
 2976                              NFSLY_RETONCLOSE)) == 0 &&
 2977                             lyp->nfsly_lock.nfslock_usecnt == 0 &&
 2978                             lyp->nfsly_lock.nfslock_lock == 0) {
 2979                                 NFSCL_DEBUG(4, "ret stale lay=%d\n",
 2980                                     nfscl_layoutcnt);
 2981                                 recallp = malloc(sizeof(*recallp),
 2982                                     M_NFSLAYRECALL, M_NOWAIT);
 2983                                 if (recallp == NULL)
 2984                                         break;
 2985                                 (void)nfscl_layoutrecall(NFSLAYOUTRETURN_FILE,
 2986                                     lyp, NFSLAYOUTIOMODE_ANY, 0, UINT64_MAX,
 2987                                     lyp->nfsly_stateid.seqid, 0, 0, NULL,
 2988                                     recallp);
 2989                         }
 2990                         lyp = nlyp;
 2991                 }
 2992 
 2993                 /*
 2994                  * Free up any unreferenced device info structures.
 2995                  */
 2996                 LIST_FOREACH_SAFE(dip, &clp->nfsc_devinfo, nfsdi_list, ndip) {
 2997                         if (dip->nfsdi_layoutrefs == 0 &&
 2998                             dip->nfsdi_refcnt == 0) {
 2999                                 NFSCL_DEBUG(4, "freeing devinfo\n");
 3000                                 LIST_REMOVE(dip, nfsdi_list);
 3001                                 nfscl_freedevinfo(dip);
 3002                         }
 3003                 }
 3004                 NFSUNLOCKCLSTATE();
 3005 
 3006                 /* Do layout return(s), as required. */
 3007                 TAILQ_FOREACH_SAFE(lyp, &rlh, nfsly_list, nlyp) {
 3008                         TAILQ_REMOVE(&rlh, lyp, nfsly_list);
 3009                         NFSCL_DEBUG(4, "ret layout\n");
 3010                         nfscl_layoutreturn(clp->nfsc_nmp, lyp, cred, p);
 3011                         if ((lyp->nfsly_flags & NFSLY_RETONCLOSE) != 0) {
 3012                                 NFSLOCKCLSTATE();
 3013                                 lyp->nfsly_flags |= NFSLY_RETURNED;
 3014                                 wakeup(lyp);
 3015                                 NFSUNLOCKCLSTATE();
 3016                         } else
 3017                                 nfscl_freelayout(lyp);
 3018                 }
 3019 
 3020                 /*
 3021                  * Delegreturn any delegations cleaned out or recalled.
 3022                  */
 3023                 TAILQ_FOREACH_SAFE(dp, &dh, nfsdl_list, ndp) {
 3024                         newnfs_copycred(&dp->nfsdl_cred, cred);
 3025                         (void) nfscl_trydelegreturn(dp, cred, clp->nfsc_nmp, p);
 3026                         TAILQ_REMOVE(&dh, dp, nfsdl_list);
 3027                         free(dp, M_NFSCLDELEG);
 3028                 }
 3029 
 3030                 SLIST_INIT(&lfh);
 3031                 /*
 3032                  * Call nfscl_cleanupkext() once per second to check for
 3033                  * open/lock owners where the process has exited.
 3034                  */
 3035                 mytime = NFSD_MONOSEC;
 3036                 if (prevsec != mytime) {
 3037                         prevsec = mytime;
 3038                         nfscl_cleanupkext(clp, &lfh);
 3039                 }
 3040 
 3041                 /*
 3042                  * Do a ReleaseLockOwner for all lock owners where the
 3043                  * associated process no longer exists, as found by
 3044                  * nfscl_cleanupkext().
 3045                  */
 3046                 newnfs_setroot(cred);
 3047                 SLIST_FOREACH_SAFE(lfhp, &lfh, nfslfh_list, nlfhp) {
 3048                         LIST_FOREACH_SAFE(lp, &lfhp->nfslfh_lock, nfsl_list,
 3049                             nlp) {
 3050                                 (void)nfsrpc_rellockown(clp->nfsc_nmp, lp,
 3051                                     lfhp->nfslfh_fh, lfhp->nfslfh_len, cred,
 3052                                     p);
 3053                                 nfscl_freelockowner(lp, 0);
 3054                         }
 3055                         free(lfhp, M_TEMP);
 3056                 }
 3057                 SLIST_INIT(&lfh);
 3058 
 3059                 NFSLOCKCLSTATE();
 3060                 if ((clp->nfsc_flags & NFSCLFLAGS_RECOVER) == 0)
 3061                         (void)mtx_sleep(clp, NFSCLSTATEMUTEXPTR, PWAIT, "nfscl",
 3062                             hz);
 3063 terminate:
 3064                 if (clp->nfsc_flags & NFSCLFLAGS_UMOUNT) {
 3065                         clp->nfsc_flags &= ~NFSCLFLAGS_HASTHREAD;
 3066                         NFSUNLOCKCLSTATE();
 3067                         NFSFREECRED(cred);
 3068                         wakeup((caddr_t)clp);
 3069                         return;
 3070                 }
 3071                 NFSUNLOCKCLSTATE();
 3072         }
 3073 }
 3074 
 3075 /*
 3076  * Initiate state recovery. Called when NFSERR_STALECLIENTID,
 3077  * NFSERR_STALESTATEID or NFSERR_BADSESSION is received.
 3078  */
 3079 void
 3080 nfscl_initiate_recovery(struct nfsclclient *clp)
 3081 {
 3082 
 3083         if (clp == NULL)
 3084                 return;
 3085         NFSLOCKCLSTATE();
 3086         clp->nfsc_flags |= NFSCLFLAGS_RECOVER;
 3087         NFSUNLOCKCLSTATE();
 3088         wakeup((caddr_t)clp);
 3089 }
 3090 
 3091 /*
 3092  * Dump out the state stuff for debugging.
 3093  */
 3094 void
 3095 nfscl_dumpstate(struct nfsmount *nmp, int openowner, int opens,
 3096     int lockowner, int locks)
 3097 {
 3098         struct nfsclclient *clp;
 3099         struct nfsclowner *owp;
 3100         struct nfsclopen *op;
 3101         struct nfscllockowner *lp;
 3102         struct nfscllock *lop;
 3103         struct nfscldeleg *dp;
 3104 
 3105         clp = nmp->nm_clp;
 3106         if (clp == NULL) {
 3107                 printf("nfscl dumpstate NULL clp\n");
 3108                 return;
 3109         }
 3110         NFSLOCKCLSTATE();
 3111         TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
 3112           LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
 3113             if (openowner && !LIST_EMPTY(&owp->nfsow_open))
 3114                 printf("owner=0x%x 0x%x 0x%x 0x%x seqid=%d\n",
 3115                     owp->nfsow_owner[0], owp->nfsow_owner[1],
 3116                     owp->nfsow_owner[2], owp->nfsow_owner[3],
 3117                     owp->nfsow_seqid);
 3118             LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
 3119                 if (opens)
 3120                     printf("open st=0x%x 0x%x 0x%x cnt=%d fh12=0x%x\n",
 3121                         op->nfso_stateid.other[0], op->nfso_stateid.other[1],
 3122                         op->nfso_stateid.other[2], op->nfso_opencnt,
 3123                         op->nfso_fh[12]);
 3124                 LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
 3125                     if (lockowner)
 3126                         printf("lckown=0x%x 0x%x 0x%x 0x%x seqid=%d st=0x%x 0x%x 0x%x\n",
 3127                             lp->nfsl_owner[0], lp->nfsl_owner[1],
 3128                             lp->nfsl_owner[2], lp->nfsl_owner[3],
 3129                             lp->nfsl_seqid,
 3130                             lp->nfsl_stateid.other[0], lp->nfsl_stateid.other[1],
 3131                             lp->nfsl_stateid.other[2]);
 3132                     LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
 3133                         if (locks)
 3134 #ifdef __FreeBSD__
 3135                             printf("lck typ=%d fst=%ju end=%ju\n",
 3136                                 lop->nfslo_type, (intmax_t)lop->nfslo_first,
 3137                                 (intmax_t)lop->nfslo_end);
 3138 #else
 3139                             printf("lck typ=%d fst=%qd end=%qd\n",
 3140                                 lop->nfslo_type, lop->nfslo_first,
 3141                                 lop->nfslo_end);
 3142 #endif
 3143                     }
 3144                 }
 3145             }
 3146           }
 3147         }
 3148         LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
 3149             if (openowner && !LIST_EMPTY(&owp->nfsow_open))
 3150                 printf("owner=0x%x 0x%x 0x%x 0x%x seqid=%d\n",
 3151                     owp->nfsow_owner[0], owp->nfsow_owner[1],
 3152                     owp->nfsow_owner[2], owp->nfsow_owner[3],
 3153                     owp->nfsow_seqid);
 3154             LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
 3155                 if (opens)
 3156                     printf("open st=0x%x 0x%x 0x%x cnt=%d fh12=0x%x\n",
 3157                         op->nfso_stateid.other[0], op->nfso_stateid.other[1],
 3158                         op->nfso_stateid.other[2], op->nfso_opencnt,
 3159                         op->nfso_fh[12]);
 3160                 LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
 3161                     if (lockowner)
 3162                         printf("lckown=0x%x 0x%x 0x%x 0x%x seqid=%d st=0x%x 0x%x 0x%x\n",
 3163                             lp->nfsl_owner[0], lp->nfsl_owner[1],
 3164                             lp->nfsl_owner[2], lp->nfsl_owner[3],
 3165                             lp->nfsl_seqid,
 3166                             lp->nfsl_stateid.other[0], lp->nfsl_stateid.other[1],
 3167                             lp->nfsl_stateid.other[2]);
 3168                     LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
 3169                         if (locks)
 3170 #ifdef __FreeBSD__
 3171                             printf("lck typ=%d fst=%ju end=%ju\n",
 3172                                 lop->nfslo_type, (intmax_t)lop->nfslo_first,
 3173                                 (intmax_t)lop->nfslo_end);
 3174 #else
 3175                             printf("lck typ=%d fst=%qd end=%qd\n",
 3176                                 lop->nfslo_type, lop->nfslo_first,
 3177                                 lop->nfslo_end);
 3178 #endif
 3179                     }
 3180                 }
 3181             }
 3182         }
 3183         NFSUNLOCKCLSTATE();
 3184 }
 3185 
 3186 /*
 3187  * Check for duplicate open owners and opens.
 3188  * (Only used as a diagnostic aid.)
 3189  */
 3190 void
 3191 nfscl_dupopen(vnode_t vp, int dupopens)
 3192 {
 3193         struct nfsclclient *clp;
 3194         struct nfsclowner *owp, *owp2;
 3195         struct nfsclopen *op, *op2;
 3196         struct nfsfh *nfhp;
 3197 
 3198         clp = VFSTONFS(vp->v_mount)->nm_clp;
 3199         if (clp == NULL) {
 3200                 printf("nfscl dupopen NULL clp\n");
 3201                 return;
 3202         }
 3203         nfhp = VTONFS(vp)->n_fhp;
 3204         NFSLOCKCLSTATE();
 3205 
 3206         /*
 3207          * First, search for duplicate owners.
 3208          * These should never happen!
 3209          */
 3210         LIST_FOREACH(owp2, &clp->nfsc_owner, nfsow_list) {
 3211             LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
 3212                 if (owp != owp2 &&
 3213                     !NFSBCMP(owp->nfsow_owner, owp2->nfsow_owner,
 3214                     NFSV4CL_LOCKNAMELEN)) {
 3215                         NFSUNLOCKCLSTATE();
 3216                         printf("DUP OWNER\n");
 3217                         nfscl_dumpstate(VFSTONFS(vp->v_mount), 1, 1, 0, 0);
 3218                         return;
 3219                 }
 3220             }
 3221         }
 3222 
 3223         /*
 3224          * Now, search for duplicate stateids.
 3225          * These shouldn't happen, either.
 3226          */
 3227         LIST_FOREACH(owp2, &clp->nfsc_owner, nfsow_list) {
 3228             LIST_FOREACH(op2, &owp2->nfsow_open, nfso_list) {
 3229                 LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
 3230                     LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
 3231                         if (op != op2 &&
 3232                             (op->nfso_stateid.other[0] != 0 ||
 3233                              op->nfso_stateid.other[1] != 0 ||
 3234                              op->nfso_stateid.other[2] != 0) &&
 3235                             op->nfso_stateid.other[0] == op2->nfso_stateid.other[0] &&
 3236                             op->nfso_stateid.other[1] == op2->nfso_stateid.other[1] &&
 3237                             op->nfso_stateid.other[2] == op2->nfso_stateid.other[2]) {
 3238                             NFSUNLOCKCLSTATE();
 3239                             printf("DUP STATEID\n");
 3240                             nfscl_dumpstate(VFSTONFS(vp->v_mount), 1, 1, 0, 0);
 3241                             return;
 3242                         }
 3243                     }
 3244                 }
 3245             }
 3246         }
 3247 
 3248         /*
 3249          * Now search for duplicate opens.
 3250          * Duplicate opens for the same owner
 3251          * should never occur. Other duplicates are
 3252          * possible and are checked for if "dupopens"
 3253          * is true.
 3254          */
 3255         LIST_FOREACH(owp2, &clp->nfsc_owner, nfsow_list) {
 3256             LIST_FOREACH(op2, &owp2->nfsow_open, nfso_list) {
 3257                 if (nfhp->nfh_len == op2->nfso_fhlen &&
 3258                     !NFSBCMP(nfhp->nfh_fh, op2->nfso_fh, nfhp->nfh_len)) {
 3259                     LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
 3260                         LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
 3261                             if (op != op2 && nfhp->nfh_len == op->nfso_fhlen &&
 3262                                 !NFSBCMP(nfhp->nfh_fh, op->nfso_fh, nfhp->nfh_len) &&
 3263                                 (!NFSBCMP(op->nfso_own->nfsow_owner,
 3264                                  op2->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN) ||
 3265                                  dupopens)) {
 3266                                 if (!NFSBCMP(op->nfso_own->nfsow_owner,
 3267                                     op2->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN)) {
 3268                                     NFSUNLOCKCLSTATE();
 3269                                     printf("BADDUP OPEN\n");
 3270                                 } else {
 3271                                     NFSUNLOCKCLSTATE();
 3272                                     printf("DUP OPEN\n");
 3273                                 }
 3274                                 nfscl_dumpstate(VFSTONFS(vp->v_mount), 1, 1, 0,
 3275                                     0);
 3276                                 return;
 3277                             }
 3278                         }
 3279                     }
 3280                 }
 3281             }
 3282         }
 3283         NFSUNLOCKCLSTATE();
 3284 }
 3285 
 3286 /*
 3287  * During close, find an open that needs to be dereferenced and
 3288  * dereference it. If there are no more opens for this file,
 3289  * log a message to that effect.
 3290  * Opens aren't actually Close'd until VOP_INACTIVE() is performed
 3291  * on the file's vnode.
 3292  * This is the safe way, since it is difficult to identify
 3293  * which open the close is for and I/O can be performed after the
 3294  * close(2) system call when a file is mmap'd.
 3295  * If it returns 0 for success, there will be a referenced
 3296  * clp returned via clpp.
 3297  */
 3298 int
 3299 nfscl_getclose(vnode_t vp, struct nfsclclient **clpp)
 3300 {
 3301         struct nfsclclient *clp;
 3302         struct nfsclowner *owp;
 3303         struct nfsclopen *op;
 3304         struct nfscldeleg *dp;
 3305         struct nfsfh *nfhp;
 3306         int error, notdecr;
 3307 
 3308         error = nfscl_getcl(vp->v_mount, NULL, NULL, false, true, &clp);
 3309         if (error)
 3310                 return (error);
 3311         *clpp = clp;
 3312 
 3313         nfhp = VTONFS(vp)->n_fhp;
 3314         notdecr = 1;
 3315         NFSLOCKCLSTATE();
 3316         /*
 3317          * First, look for one under a delegation that was locally issued
 3318          * and just decrement the opencnt for it. Since all my Opens against
 3319          * the server are DENY_NONE, I don't see a problem with hanging
 3320          * onto them. (It is much easier to use one of the extant Opens
 3321          * that I already have on the server when a Delegation is recalled
 3322          * than to do fresh Opens.) Someday, I might need to rethink this, but.
 3323          */
 3324         dp = nfscl_finddeleg(clp, nfhp->nfh_fh, nfhp->nfh_len);
 3325         if (dp != NULL) {
 3326                 LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
 3327                         op = LIST_FIRST(&owp->nfsow_open);
 3328                         if (op != NULL) {
 3329                                 /*
 3330                                  * Since a delegation is for a file, there
 3331                                  * should never be more than one open for
 3332                                  * each openowner.
 3333                                  */
 3334                                 if (LIST_NEXT(op, nfso_list) != NULL)
 3335                                         panic("nfscdeleg opens");
 3336                                 if (notdecr && op->nfso_opencnt > 0) {
 3337                                         notdecr = 0;
 3338                                         op->nfso_opencnt--;
 3339                                         break;
 3340                                 }
 3341                         }
 3342                 }
 3343         }
 3344 
 3345         /* Now process the opens against the server. */
 3346         LIST_FOREACH(op, NFSCLOPENHASH(clp, nfhp->nfh_fh, nfhp->nfh_len),
 3347             nfso_hash) {
 3348                 if (op->nfso_fhlen == nfhp->nfh_len &&
 3349                     !NFSBCMP(op->nfso_fh, nfhp->nfh_fh,
 3350                     nfhp->nfh_len)) {
 3351                         /* Found an open, decrement cnt if possible */
 3352                         if (notdecr && op->nfso_opencnt > 0) {
 3353                                 notdecr = 0;
 3354                                 op->nfso_opencnt--;
 3355                         }
 3356                         /*
 3357                          * There are more opens, so just return.
 3358                          */
 3359                         if (op->nfso_opencnt > 0) {
 3360                                 NFSUNLOCKCLSTATE();
 3361                                 return (0);
 3362                         }
 3363                 }
 3364         }
 3365         NFSUNLOCKCLSTATE();
 3366         if (notdecr)
 3367                 printf("nfscl: never fnd open\n");
 3368         return (0);
 3369 }
 3370 
 3371 int
 3372 nfscl_doclose(vnode_t vp, struct nfsclclient **clpp, NFSPROC_T *p)
 3373 {
 3374         struct nfsclclient *clp;
 3375         struct nfsmount *nmp;
 3376         struct nfsclowner *owp, *nowp;
 3377         struct nfsclopen *op, *nop;
 3378         struct nfsclopenhead delayed;
 3379         struct nfscldeleg *dp;
 3380         struct nfsfh *nfhp;
 3381         struct nfsclrecalllayout *recallp;
 3382         struct nfscllayout *lyp;
 3383         int error;
 3384 
 3385         error = nfscl_getcl(vp->v_mount, NULL, NULL, false, true, &clp);
 3386         if (error)
 3387                 return (error);
 3388         *clpp = clp;
 3389 
 3390         nmp = VFSTONFS(vp->v_mount);
 3391         nfhp = VTONFS(vp)->n_fhp;
 3392         recallp = malloc(sizeof(*recallp), M_NFSLAYRECALL, M_WAITOK);
 3393         NFSLOCKCLSTATE();
 3394         /*
 3395          * First get rid of the local Open structures, which should be no
 3396          * longer in use.
 3397          */
 3398         dp = nfscl_finddeleg(clp, nfhp->nfh_fh, nfhp->nfh_len);
 3399         if (dp != NULL) {
 3400                 LIST_FOREACH_SAFE(owp, &dp->nfsdl_owner, nfsow_list, nowp) {
 3401                         op = LIST_FIRST(&owp->nfsow_open);
 3402                         if (op != NULL) {
 3403                                 KASSERT((op->nfso_opencnt == 0),
 3404                                     ("nfscl: bad open cnt on deleg"));
 3405                                 nfscl_freeopen(op, 1, true);
 3406                         }
 3407                         nfscl_freeopenowner(owp, 1);
 3408                 }
 3409         }
 3410 
 3411         /* Return any layouts marked return on close. */
 3412         nfscl_retoncloselayout(vp, clp, nfhp->nfh_fh, nfhp->nfh_len, &recallp,
 3413             &lyp);
 3414 
 3415         /* Now process the opens against the server. */
 3416         LIST_INIT(&delayed);
 3417 lookformore:
 3418         LIST_FOREACH(op, NFSCLOPENHASH(clp, nfhp->nfh_fh, nfhp->nfh_len),
 3419             nfso_hash) {
 3420                 if (op->nfso_fhlen == nfhp->nfh_len &&
 3421                     !NFSBCMP(op->nfso_fh, nfhp->nfh_fh,
 3422                     nfhp->nfh_len)) {
 3423                         /* Found an open, close it. */
 3424 #ifdef DIAGNOSTIC
 3425                         KASSERT((op->nfso_opencnt == 0),
 3426                             ("nfscl: bad open cnt on server (%d)",
 3427                              op->nfso_opencnt));
 3428 #endif
 3429                         NFSUNLOCKCLSTATE();
 3430                         if (NFSHASNFSV4N(nmp))
 3431                                 error = nfsrpc_doclose(nmp, op, p, false, true);
 3432                         else
 3433                                 error = nfsrpc_doclose(nmp, op, p, true, true);
 3434                         NFSLOCKCLSTATE();
 3435                         if (error == NFSERR_DELAY) {
 3436                                 nfscl_unlinkopen(op);
 3437                                 op->nfso_own = NULL;
 3438                                 LIST_INSERT_HEAD(&delayed, op, nfso_list);
 3439                         }
 3440                         goto lookformore;
 3441                 }
 3442         }
 3443         nfscl_clrelease(clp);
 3444 
 3445         /* Now, wait for any layout that is returned upon close. */
 3446         if (lyp != NULL) {
 3447                 while ((lyp->nfsly_flags & NFSLY_RETURNED) == 0) {
 3448                         if (NFSCL_FORCEDISM(nmp->nm_mountp)) {
 3449                                 lyp = NULL;
 3450                                 break;
 3451                         }
 3452                         msleep(lyp, NFSCLSTATEMUTEXPTR, PZERO, "nfslroc", hz);
 3453                 }
 3454                 if (lyp != NULL)
 3455                         nfscl_freelayout(lyp);
 3456         }
 3457 
 3458         NFSUNLOCKCLSTATE();
 3459         /*
 3460          * recallp has been set NULL by nfscl_retoncloselayout() if it was
 3461          * used by the function, but calling free() with a NULL pointer is ok.
 3462          */
 3463         free(recallp, M_NFSLAYRECALL);
 3464 
 3465         /* Now, loop retrying the delayed closes. */
 3466         LIST_FOREACH_SAFE(op, &delayed, nfso_list, nop) {
 3467                 nfsrpc_doclose(nmp, op, p, true, false);
 3468                 LIST_REMOVE(op, nfso_list);
 3469                 nfscl_freeopen(op, 0, false);
 3470         }
 3471         return (0);
 3472 }
 3473 
 3474 /*
 3475  * Return all delegations on this client.
 3476  * (Must be called with client sleep lock.)
 3477  */
 3478 static void
 3479 nfscl_delegreturnall(struct nfsclclient *clp, NFSPROC_T *p,
 3480     struct nfscldeleghead *dhp)
 3481 {
 3482         struct nfscldeleg *dp, *ndp;
 3483         struct ucred *cred;
 3484 
 3485         cred = newnfs_getcred();
 3486         TAILQ_FOREACH_SAFE(dp, &clp->nfsc_deleg, nfsdl_list, ndp) {
 3487                 nfscl_cleandeleg(dp);
 3488                 (void) nfscl_trydelegreturn(dp, cred, clp->nfsc_nmp, p);
 3489                 if (dhp != NULL) {
 3490                         nfscl_freedeleg(&clp->nfsc_deleg, dp, false);
 3491                         TAILQ_INSERT_HEAD(dhp, dp, nfsdl_list);
 3492                 } else
 3493                         nfscl_freedeleg(&clp->nfsc_deleg, dp, true);
 3494         }
 3495         NFSFREECRED(cred);
 3496 }
 3497 
 3498 /*
 3499  * Return any delegation for this vp.
 3500  */
 3501 void
 3502 nfscl_delegreturnvp(vnode_t vp, NFSPROC_T *p)
 3503 {
 3504         struct nfsclclient *clp;
 3505         struct nfscldeleg *dp;
 3506         struct ucred *cred;
 3507         struct nfsnode *np;
 3508         struct nfsmount *nmp;
 3509 
 3510         nmp = VFSTONFS(vp->v_mount);
 3511         NFSLOCKMNT(nmp);
 3512         if ((nmp->nm_privflag & NFSMNTP_DELEGISSUED) == 0) {
 3513                 NFSUNLOCKMNT(nmp);
 3514                 return;
 3515         }
 3516         NFSUNLOCKMNT(nmp);
 3517         np = VTONFS(vp);
 3518         cred = newnfs_getcred();
 3519         dp = NULL;
 3520         NFSLOCKCLSTATE();
 3521         clp = nmp->nm_clp;
 3522         if (clp != NULL)
 3523                 dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
 3524                     np->n_fhp->nfh_len);
 3525         if (dp != NULL) {
 3526                 nfscl_cleandeleg(dp);
 3527                 nfscl_freedeleg(&clp->nfsc_deleg, dp, false);
 3528                 NFSUNLOCKCLSTATE();
 3529                 newnfs_copycred(&dp->nfsdl_cred, cred);
 3530                 nfscl_trydelegreturn(dp, cred, clp->nfsc_nmp, p);
 3531                 free(dp, M_NFSCLDELEG);
 3532         } else
 3533                 NFSUNLOCKCLSTATE();
 3534         NFSFREECRED(cred);
 3535 }
 3536 
 3537 /*
 3538  * Do a callback RPC.
 3539  */
 3540 void
 3541 nfscl_docb(struct nfsrv_descript *nd, NFSPROC_T *p)
 3542 {
 3543         int clist, gotseq_ok, i, j, k, op, rcalls;
 3544         u_int32_t *tl;
 3545         struct nfsclclient *clp;
 3546         struct nfscldeleg *dp = NULL;
 3547         int numops, taglen = -1, error = 0, trunc __unused;
 3548         u_int32_t minorvers = 0, retops = 0, *retopsp = NULL, *repp, cbident;
 3549         u_char tag[NFSV4_SMALLSTR + 1], *tagstr;
 3550         vnode_t vp = NULL;
 3551         struct nfsnode *np;
 3552         struct vattr va;
 3553         struct nfsfh *nfhp;
 3554         mount_t mp;
 3555         nfsattrbit_t attrbits, rattrbits;
 3556         nfsv4stateid_t stateid;
 3557         uint32_t seqid, slotid = 0, highslot, cachethis __unused;
 3558         uint8_t sessionid[NFSX_V4SESSIONID];
 3559         struct mbuf *rep;
 3560         struct nfscllayout *lyp;
 3561         uint64_t filesid[2], len, off;
 3562         int changed, gotone, laytype, recalltype;
 3563         uint32_t iomode;
 3564         struct nfsclrecalllayout *recallp = NULL;
 3565         struct nfsclsession *tsep;
 3566 
 3567         gotseq_ok = 0;
 3568         nfsrvd_rephead(nd);
 3569         NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3570         taglen = fxdr_unsigned(int, *tl);
 3571         if (taglen < 0 || taglen > NFSV4_OPAQUELIMIT) {
 3572                 error = EBADRPC;
 3573                 taglen = -1;
 3574                 goto nfsmout;
 3575         }
 3576         if (taglen <= NFSV4_SMALLSTR)
 3577                 tagstr = tag;
 3578         else
 3579                 tagstr = malloc(taglen + 1, M_TEMP, M_WAITOK);
 3580         error = nfsrv_mtostr(nd, tagstr, taglen);
 3581         if (error) {
 3582                 if (taglen > NFSV4_SMALLSTR)
 3583                         free(tagstr, M_TEMP);
 3584                 taglen = -1;
 3585                 goto nfsmout;
 3586         }
 3587         (void) nfsm_strtom(nd, tag, taglen);
 3588         if (taglen > NFSV4_SMALLSTR) {
 3589                 free(tagstr, M_TEMP);
 3590         }
 3591         NFSM_BUILD(retopsp, u_int32_t *, NFSX_UNSIGNED);
 3592         NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
 3593         minorvers = fxdr_unsigned(u_int32_t, *tl++);
 3594         if (minorvers != NFSV4_MINORVERSION &&
 3595             minorvers != NFSV41_MINORVERSION &&
 3596             minorvers != NFSV42_MINORVERSION)
 3597                 nd->nd_repstat = NFSERR_MINORVERMISMATCH;
 3598         cbident = fxdr_unsigned(u_int32_t, *tl++);
 3599         if (nd->nd_repstat)
 3600                 numops = 0;
 3601         else
 3602                 numops = fxdr_unsigned(int, *tl);
 3603         /*
 3604          * Loop around doing the sub ops.
 3605          */
 3606         for (i = 0; i < numops; i++) {
 3607                 NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 3608                 NFSM_BUILD(repp, u_int32_t *, 2 * NFSX_UNSIGNED);
 3609                 *repp++ = *tl;
 3610                 op = fxdr_unsigned(int, *tl);
 3611                 nd->nd_procnum = op;
 3612                 if (i == 0 && op != NFSV4OP_CBSEQUENCE && minorvers !=
 3613                     NFSV4_MINORVERSION) {
 3614                     nd->nd_repstat = NFSERR_OPNOTINSESS;
 3615                     *repp = nfscl_errmap(nd, minorvers);
 3616                     retops++;
 3617                     break;
 3618                 }
 3619                 if (op < NFSV4OP_CBGETATTR ||
 3620                    (op > NFSV4OP_CBRECALL && minorvers == NFSV4_MINORVERSION) ||
 3621                    (op > NFSV4OP_CBNOTIFYDEVID &&
 3622                     minorvers == NFSV41_MINORVERSION) ||
 3623                    (op > NFSV4OP_CBOFFLOAD &&
 3624                     minorvers == NFSV42_MINORVERSION)) {
 3625                     nd->nd_repstat = NFSERR_OPILLEGAL;
 3626                     *repp = nfscl_errmap(nd, minorvers);
 3627                     retops++;
 3628                     break;
 3629                 }
 3630                 if (op < NFSV42_CBNOPS)
 3631                         nfsstatsv1.cbrpccnt[nd->nd_procnum]++;
 3632                 switch (op) {
 3633                 case NFSV4OP_CBGETATTR:
 3634                         NFSCL_DEBUG(4, "cbgetattr\n");
 3635                         mp = NULL;
 3636                         vp = NULL;
 3637                         error = nfsm_getfh(nd, &nfhp);
 3638                         if (!error)
 3639                                 error = nfsrv_getattrbits(nd, &attrbits,
 3640                                     NULL, NULL);
 3641                         if (!error) {
 3642                                 mp = nfscl_getmnt(minorvers, sessionid, cbident,
 3643                                     &clp);
 3644                                 if (mp == NULL)
 3645                                         error = NFSERR_SERVERFAULT;
 3646                         }
 3647                         if (!error) {
 3648                                 error = nfscl_ngetreopen(mp, nfhp->nfh_fh,
 3649                                     nfhp->nfh_len, p, &np);
 3650                                 if (!error)
 3651                                         vp = NFSTOV(np);
 3652                         }
 3653                         if (!error) {
 3654                                 NFSZERO_ATTRBIT(&rattrbits);
 3655                                 NFSLOCKCLSTATE();
 3656                                 dp = nfscl_finddeleg(clp, nfhp->nfh_fh,
 3657                                     nfhp->nfh_len);
 3658                                 if (dp != NULL) {
 3659                                         if (NFSISSET_ATTRBIT(&attrbits,
 3660                                             NFSATTRBIT_SIZE)) {
 3661                                                 if (vp != NULL)
 3662                                                         va.va_size = np->n_size;
 3663                                                 else
 3664                                                         va.va_size =
 3665                                                             dp->nfsdl_size;
 3666                                                 NFSSETBIT_ATTRBIT(&rattrbits,
 3667                                                     NFSATTRBIT_SIZE);
 3668                                         }
 3669                                         if (NFSISSET_ATTRBIT(&attrbits,
 3670                                             NFSATTRBIT_CHANGE)) {
 3671                                                 va.va_filerev =
 3672                                                     dp->nfsdl_change;
 3673                                                 if (vp == NULL ||
 3674                                                     (np->n_flag & NDELEGMOD))
 3675                                                         va.va_filerev++;
 3676                                                 NFSSETBIT_ATTRBIT(&rattrbits,
 3677                                                     NFSATTRBIT_CHANGE);
 3678                                         }
 3679                                 } else
 3680                                         error = NFSERR_SERVERFAULT;
 3681                                 NFSUNLOCKCLSTATE();
 3682                         }
 3683                         if (vp != NULL)
 3684                                 vrele(vp);
 3685                         if (mp != NULL)
 3686                                 vfs_unbusy(mp);
 3687                         if (nfhp != NULL)
 3688                                 free(nfhp, M_NFSFH);
 3689                         if (!error)
 3690                                 (void) nfsv4_fillattr(nd, NULL, NULL, NULL, &va,
 3691                                     NULL, 0, &rattrbits, NULL, p, 0, 0, 0, 0,
 3692                                     (uint64_t)0, NULL);
 3693                         break;
 3694                 case NFSV4OP_CBRECALL:
 3695                         NFSCL_DEBUG(4, "cbrecall\n");
 3696                         NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
 3697                             NFSX_UNSIGNED);
 3698                         stateid.seqid = *tl++;
 3699                         NFSBCOPY((caddr_t)tl, (caddr_t)stateid.other,
 3700                             NFSX_STATEIDOTHER);
 3701                         tl += (NFSX_STATEIDOTHER / NFSX_UNSIGNED);
 3702                         trunc = fxdr_unsigned(int, *tl);
 3703                         error = nfsm_getfh(nd, &nfhp);
 3704                         if (!error) {
 3705                                 NFSLOCKCLSTATE();
 3706                                 if (minorvers == NFSV4_MINORVERSION)
 3707                                         clp = nfscl_getclnt(cbident);
 3708                                 else
 3709                                         clp = nfscl_getclntsess(sessionid);
 3710                                 if (clp != NULL) {
 3711                                         dp = nfscl_finddeleg(clp, nfhp->nfh_fh,
 3712                                             nfhp->nfh_len);
 3713                                         if (dp != NULL && (dp->nfsdl_flags &
 3714                                             NFSCLDL_DELEGRET) == 0) {
 3715                                                 dp->nfsdl_flags |=
 3716                                                     NFSCLDL_RECALL;
 3717                                                 wakeup((caddr_t)clp);
 3718                                         }
 3719                                 } else {
 3720                                         error = NFSERR_SERVERFAULT;
 3721                                 }
 3722                                 NFSUNLOCKCLSTATE();
 3723                         }
 3724                         if (nfhp != NULL)
 3725                                 free(nfhp, M_NFSFH);
 3726                         break;
 3727                 case NFSV4OP_CBLAYOUTRECALL:
 3728                         NFSCL_DEBUG(4, "cblayrec\n");
 3729                         nfhp = NULL;
 3730                         NFSM_DISSECT(tl, uint32_t *, 4 * NFSX_UNSIGNED);
 3731                         laytype = fxdr_unsigned(int, *tl++);
 3732                         iomode = fxdr_unsigned(uint32_t, *tl++);
 3733                         if (newnfs_true == *tl++)
 3734                                 changed = 1;
 3735                         else
 3736                                 changed = 0;
 3737                         recalltype = fxdr_unsigned(int, *tl);
 3738                         NFSCL_DEBUG(4, "layt=%d iom=%d ch=%d rectyp=%d\n",
 3739                             laytype, iomode, changed, recalltype);
 3740                         recallp = malloc(sizeof(*recallp), M_NFSLAYRECALL,
 3741                             M_WAITOK);
 3742                         if (laytype != NFSLAYOUT_NFSV4_1_FILES &&
 3743                             laytype != NFSLAYOUT_FLEXFILE)
 3744                                 error = NFSERR_NOMATCHLAYOUT;
 3745                         else if (recalltype == NFSLAYOUTRETURN_FILE) {
 3746                                 error = nfsm_getfh(nd, &nfhp);
 3747                                 NFSCL_DEBUG(4, "retfile getfh=%d\n", error);
 3748                                 if (error != 0)
 3749                                         goto nfsmout;
 3750                                 NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_HYPER +
 3751                                     NFSX_STATEID);
 3752                                 off = fxdr_hyper(tl); tl += 2;
 3753                                 len = fxdr_hyper(tl); tl += 2;
 3754                                 stateid.seqid = fxdr_unsigned(uint32_t, *tl++);
 3755                                 NFSBCOPY(tl, stateid.other, NFSX_STATEIDOTHER);
 3756                                 if (minorvers == NFSV4_MINORVERSION)
 3757                                         error = NFSERR_NOTSUPP;
 3758                                 NFSCL_DEBUG(4, "off=%ju len=%ju sq=%u err=%d\n",
 3759                                     (uintmax_t)off, (uintmax_t)len,
 3760                                     stateid.seqid, error);
 3761                                 if (error == 0) {
 3762                                         NFSLOCKCLSTATE();
 3763                                         clp = nfscl_getclntsess(sessionid);
 3764                                         NFSCL_DEBUG(4, "cbly clp=%p\n", clp);
 3765                                         if (clp != NULL) {
 3766                                                 lyp = nfscl_findlayout(clp,
 3767                                                     nfhp->nfh_fh,
 3768                                                     nfhp->nfh_len);
 3769                                                 NFSCL_DEBUG(4, "cblyp=%p\n",
 3770                                                     lyp);
 3771                                                 if (lyp != NULL &&
 3772                                                     (lyp->nfsly_flags &
 3773                                                      (NFSLY_FILES |
 3774                                                       NFSLY_FLEXFILE)) != 0 &&
 3775                                                     !NFSBCMP(stateid.other,
 3776                                                     lyp->nfsly_stateid.other,
 3777                                                     NFSX_STATEIDOTHER)) {
 3778                                                         error =
 3779                                                             nfscl_layoutrecall(
 3780                                                             recalltype,
 3781                                                             lyp, iomode, off,
 3782                                                             len, stateid.seqid,
 3783                                                             0, 0, NULL,
 3784                                                             recallp);
 3785                                                         if (error == 0 &&
 3786                                                             stateid.seqid >
 3787                                                             lyp->nfsly_stateid.seqid)
 3788                                                                 lyp->nfsly_stateid.seqid =
 3789                                                                     stateid.seqid;
 3790                                                         recallp = NULL;
 3791                                                         wakeup(clp);
 3792                                                         NFSCL_DEBUG(4,
 3793                                                             "aft layrcal=%d "
 3794                                                             "layseqid=%d\n",
 3795                                                             error,
 3796                                                             lyp->nfsly_stateid.seqid);
 3797                                                 } else
 3798                                                         error =
 3799                                                           NFSERR_NOMATCHLAYOUT;
 3800                                         } else
 3801                                                 error = NFSERR_NOMATCHLAYOUT;
 3802                                         NFSUNLOCKCLSTATE();
 3803                                 }
 3804                                 free(nfhp, M_NFSFH);
 3805                         } else if (recalltype == NFSLAYOUTRETURN_FSID) {
 3806                                 NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_HYPER);
 3807                                 filesid[0] = fxdr_hyper(tl); tl += 2;
 3808                                 filesid[1] = fxdr_hyper(tl); tl += 2;
 3809                                 gotone = 0;
 3810                                 NFSLOCKCLSTATE();
 3811                                 clp = nfscl_getclntsess(sessionid);
 3812                                 if (clp != NULL) {
 3813                                         TAILQ_FOREACH(lyp, &clp->nfsc_layout,
 3814                                             nfsly_list) {
 3815                                                 if (lyp->nfsly_filesid[0] ==
 3816                                                     filesid[0] &&
 3817                                                     lyp->nfsly_filesid[1] ==
 3818                                                     filesid[1]) {
 3819                                                         error =
 3820                                                             nfscl_layoutrecall(
 3821                                                             recalltype,
 3822                                                             lyp, iomode, 0,
 3823                                                             UINT64_MAX,
 3824                                                             lyp->nfsly_stateid.seqid,
 3825                                                             0, 0, NULL,
 3826                                                             recallp);
 3827                                                         recallp = NULL;
 3828                                                         gotone = 1;
 3829                                                 }
 3830                                         }
 3831                                         if (gotone != 0)
 3832                                                 wakeup(clp);
 3833                                         else
 3834                                                 error = NFSERR_NOMATCHLAYOUT;
 3835                                 } else
 3836                                         error = NFSERR_NOMATCHLAYOUT;
 3837                                 NFSUNLOCKCLSTATE();
 3838                         } else if (recalltype == NFSLAYOUTRETURN_ALL) {
 3839                                 gotone = 0;
 3840                                 NFSLOCKCLSTATE();
 3841                                 clp = nfscl_getclntsess(sessionid);
 3842                                 if (clp != NULL) {
 3843                                         TAILQ_FOREACH(lyp, &clp->nfsc_layout,
 3844                                             nfsly_list) {
 3845                                                 error = nfscl_layoutrecall(
 3846                                                     recalltype, lyp, iomode, 0,
 3847                                                     UINT64_MAX,
 3848                                                     lyp->nfsly_stateid.seqid,
 3849                                                     0, 0, NULL, recallp);
 3850                                                 recallp = NULL;
 3851                                                 gotone = 1;
 3852                                         }
 3853                                         if (gotone != 0)
 3854                                                 wakeup(clp);
 3855                                         else
 3856                                                 error = NFSERR_NOMATCHLAYOUT;
 3857                                 } else
 3858                                         error = NFSERR_NOMATCHLAYOUT;
 3859                                 NFSUNLOCKCLSTATE();
 3860                         } else
 3861                                 error = NFSERR_NOMATCHLAYOUT;
 3862                         if (recallp != NULL) {
 3863                                 free(recallp, M_NFSLAYRECALL);
 3864                                 recallp = NULL;
 3865                         }
 3866                         break;
 3867                 case NFSV4OP_CBSEQUENCE:
 3868                         if (i != 0) {
 3869                             error = NFSERR_SEQUENCEPOS;
 3870                             break;
 3871                         }
 3872                         NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
 3873                             5 * NFSX_UNSIGNED);
 3874                         bcopy(tl, sessionid, NFSX_V4SESSIONID);
 3875                         tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
 3876                         seqid = fxdr_unsigned(uint32_t, *tl++);
 3877                         slotid = fxdr_unsigned(uint32_t, *tl++);
 3878                         highslot = fxdr_unsigned(uint32_t, *tl++);
 3879                         cachethis = *tl++;
 3880                         /* Throw away the referring call stuff. */
 3881                         clist = fxdr_unsigned(int, *tl);
 3882                         for (j = 0; j < clist; j++) {
 3883                                 NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
 3884                                     NFSX_UNSIGNED);
 3885                                 tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
 3886                                 rcalls = fxdr_unsigned(int, *tl);
 3887                                 for (k = 0; k < rcalls; k++) {
 3888                                         NFSM_DISSECT(tl, uint32_t *,
 3889                                             2 * NFSX_UNSIGNED);
 3890                                 }
 3891                         }
 3892                         NFSLOCKCLSTATE();
 3893                         clp = nfscl_getclntsess(sessionid);
 3894                         if (clp == NULL)
 3895                                 error = NFSERR_SERVERFAULT;
 3896                         if (error == 0) {
 3897                                 tsep = nfsmnt_mdssession(clp->nfsc_nmp);
 3898                                 error = nfsv4_seqsession(seqid, slotid,
 3899                                     highslot, tsep->nfsess_cbslots, &rep,
 3900                                     tsep->nfsess_backslots);
 3901                         }
 3902                         NFSUNLOCKCLSTATE();
 3903                         if (error == 0 || error == NFSERR_REPLYFROMCACHE) {
 3904                                 gotseq_ok = 1;
 3905                                 if (rep != NULL) {
 3906                                         /*
 3907                                          * Handle a reply for a retried
 3908                                          * callback.  The reply will be
 3909                                          * re-inserted in the session cache
 3910                                          * by the nfsv4_seqsess_cacherep() call
 3911                                          * after out:
 3912                                          */
 3913                                         KASSERT(error == NFSERR_REPLYFROMCACHE,
 3914                                             ("cbsequence: non-NULL rep"));
 3915                                         NFSCL_DEBUG(4, "Got cbretry\n");
 3916                                         m_freem(nd->nd_mreq);
 3917                                         nd->nd_mreq = rep;
 3918                                         rep = NULL;
 3919                                         goto out;
 3920                                 }
 3921                                 NFSM_BUILD(tl, uint32_t *,
 3922                                     NFSX_V4SESSIONID + 4 * NFSX_UNSIGNED);
 3923                                 bcopy(sessionid, tl, NFSX_V4SESSIONID);
 3924                                 tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
 3925                                 *tl++ = txdr_unsigned(seqid);
 3926                                 *tl++ = txdr_unsigned(slotid);
 3927                                 *tl++ = txdr_unsigned(NFSV4_CBSLOTS - 1);
 3928                                 *tl = txdr_unsigned(NFSV4_CBSLOTS - 1);
 3929                         }
 3930                         break;
 3931                 default:
 3932                         if (i == 0 && minorvers != NFSV4_MINORVERSION)
 3933                                 error = NFSERR_OPNOTINSESS;
 3934                         else {
 3935                                 NFSCL_DEBUG(1, "unsupp callback %d\n", op);
 3936                                 error = NFSERR_NOTSUPP;
 3937                         }
 3938                         break;
 3939                 }
 3940                 if (error) {
 3941                         if (error == EBADRPC || error == NFSERR_BADXDR) {
 3942                                 nd->nd_repstat = NFSERR_BADXDR;
 3943                         } else {
 3944                                 nd->nd_repstat = error;
 3945                         }
 3946                         error = 0;
 3947                 }
 3948                 retops++;
 3949                 if (nd->nd_repstat) {
 3950                         *repp = nfscl_errmap(nd, minorvers);
 3951                         break;
 3952                 } else
 3953                         *repp = 0;      /* NFS4_OK */
 3954         }
 3955 nfsmout:
 3956         if (recallp != NULL)
 3957                 free(recallp, M_NFSLAYRECALL);
 3958         if (error) {
 3959                 if (error == EBADRPC || error == NFSERR_BADXDR)
 3960                         nd->nd_repstat = NFSERR_BADXDR;
 3961                 else
 3962                         printf("nfsv4 comperr1=%d\n", error);
 3963         }
 3964         if (taglen == -1) {
 3965                 NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
 3966                 *tl++ = 0;
 3967                 *tl = 0;
 3968         } else {
 3969                 *retopsp = txdr_unsigned(retops);
 3970         }
 3971         *nd->nd_errp = nfscl_errmap(nd, minorvers);
 3972 out:
 3973         if (gotseq_ok != 0) {
 3974                 rep = m_copym(nd->nd_mreq, 0, M_COPYALL, M_WAITOK);
 3975                 NFSLOCKCLSTATE();
 3976                 clp = nfscl_getclntsess(sessionid);
 3977                 if (clp != NULL) {
 3978                         tsep = nfsmnt_mdssession(clp->nfsc_nmp);
 3979                         nfsv4_seqsess_cacherep(slotid, tsep->nfsess_cbslots,
 3980                             NFSERR_OK, &rep);
 3981                         NFSUNLOCKCLSTATE();
 3982                 } else {
 3983                         NFSUNLOCKCLSTATE();
 3984                         m_freem(rep);
 3985                 }
 3986         }
 3987 }
 3988 
 3989 /*
 3990  * Generate the next cbident value. Basically just increment a static value
 3991  * and then check that it isn't already in the list, if it has wrapped around.
 3992  */
 3993 static u_int32_t
 3994 nfscl_nextcbident(void)
 3995 {
 3996         struct nfsclclient *clp;
 3997         int matched;
 3998         static u_int32_t nextcbident = 0;
 3999         static int haswrapped = 0;
 4000 
 4001         nextcbident++;
 4002         if (nextcbident == 0)
 4003                 haswrapped = 1;
 4004         if (haswrapped) {
 4005                 /*
 4006                  * Search the clientid list for one already using this cbident.
 4007                  */
 4008                 do {
 4009                         matched = 0;
 4010                         NFSLOCKCLSTATE();
 4011                         LIST_FOREACH(clp, &nfsclhead, nfsc_list) {
 4012                                 if (clp->nfsc_cbident == nextcbident) {
 4013                                         matched = 1;
 4014                                         break;
 4015                                 }
 4016                         }
 4017                         NFSUNLOCKCLSTATE();
 4018                         if (matched == 1)
 4019                                 nextcbident++;
 4020                 } while (matched);
 4021         }
 4022         return (nextcbident);
 4023 }
 4024 
 4025 /*
 4026  * Get the mount point related to a given cbident or session and busy it.
 4027  */
 4028 static mount_t
 4029 nfscl_getmnt(int minorvers, uint8_t *sessionid, u_int32_t cbident,
 4030     struct nfsclclient **clpp)
 4031 {
 4032         struct nfsclclient *clp;
 4033         mount_t mp;
 4034         int error;
 4035         struct nfsclsession *tsep;
 4036 
 4037         *clpp = NULL;
 4038         NFSLOCKCLSTATE();
 4039         LIST_FOREACH(clp, &nfsclhead, nfsc_list) {
 4040                 tsep = nfsmnt_mdssession(clp->nfsc_nmp);
 4041                 if (minorvers == NFSV4_MINORVERSION) {
 4042                         if (clp->nfsc_cbident == cbident)
 4043                                 break;
 4044                 } else if (!NFSBCMP(tsep->nfsess_sessionid, sessionid,
 4045                     NFSX_V4SESSIONID))
 4046                         break;
 4047         }
 4048         if (clp == NULL) {
 4049                 NFSUNLOCKCLSTATE();
 4050                 return (NULL);
 4051         }
 4052         mp = clp->nfsc_nmp->nm_mountp;
 4053         vfs_ref(mp);
 4054         NFSUNLOCKCLSTATE();
 4055         error = vfs_busy(mp, 0);
 4056         vfs_rel(mp);
 4057         if (error != 0)
 4058                 return (NULL);
 4059         *clpp = clp;
 4060         return (mp);
 4061 }
 4062 
 4063 /*
 4064  * Get the clientid pointer related to a given cbident.
 4065  */
 4066 static struct nfsclclient *
 4067 nfscl_getclnt(u_int32_t cbident)
 4068 {
 4069         struct nfsclclient *clp;
 4070 
 4071         LIST_FOREACH(clp, &nfsclhead, nfsc_list)
 4072                 if (clp->nfsc_cbident == cbident)
 4073                         break;
 4074         return (clp);
 4075 }
 4076 
 4077 /*
 4078  * Get the clientid pointer related to a given sessionid.
 4079  */
 4080 static struct nfsclclient *
 4081 nfscl_getclntsess(uint8_t *sessionid)
 4082 {
 4083         struct nfsclclient *clp;
 4084         struct nfsclsession *tsep;
 4085 
 4086         LIST_FOREACH(clp, &nfsclhead, nfsc_list) {
 4087                 tsep = nfsmnt_mdssession(clp->nfsc_nmp);
 4088                 if (!NFSBCMP(tsep->nfsess_sessionid, sessionid,
 4089                     NFSX_V4SESSIONID))
 4090                         break;
 4091         }
 4092         return (clp);
 4093 }
 4094 
 4095 /*
 4096  * Search for a lock conflict locally on the client. A conflict occurs if
 4097  * - not same owner and overlapping byte range and at least one of them is
 4098  *   a write lock or this is an unlock.
 4099  */
 4100 static int
 4101 nfscl_localconflict(struct nfsclclient *clp, u_int8_t *fhp, int fhlen,
 4102     struct nfscllock *nlop, u_int8_t *own, struct nfscldeleg *dp,
 4103     struct nfscllock **lopp)
 4104 {
 4105         struct nfsclopen *op;
 4106         int ret;
 4107 
 4108         if (dp != NULL) {
 4109                 ret = nfscl_checkconflict(&dp->nfsdl_lock, nlop, own, lopp);
 4110                 if (ret)
 4111                         return (ret);
 4112         }
 4113         LIST_FOREACH(op, NFSCLOPENHASH(clp, fhp, fhlen), nfso_hash) {
 4114                 if (op->nfso_fhlen == fhlen &&
 4115                     !NFSBCMP(op->nfso_fh, fhp, fhlen)) {
 4116                         ret = nfscl_checkconflict(&op->nfso_lock, nlop,
 4117                             own, lopp);
 4118                         if (ret)
 4119                                 return (ret);
 4120                 }
 4121         }
 4122         return (0);
 4123 }
 4124 
 4125 static int
 4126 nfscl_checkconflict(struct nfscllockownerhead *lhp, struct nfscllock *nlop,
 4127     u_int8_t *own, struct nfscllock **lopp)
 4128 {
 4129         struct nfscllockowner *lp;
 4130         struct nfscllock *lop;
 4131 
 4132         LIST_FOREACH(lp, lhp, nfsl_list) {
 4133                 if (NFSBCMP(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN)) {
 4134                         LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
 4135                                 if (lop->nfslo_first >= nlop->nfslo_end)
 4136                                         break;
 4137                                 if (lop->nfslo_end <= nlop->nfslo_first)
 4138                                         continue;
 4139                                 if (lop->nfslo_type == F_WRLCK ||
 4140                                     nlop->nfslo_type == F_WRLCK ||
 4141                                     nlop->nfslo_type == F_UNLCK) {
 4142                                         if (lopp != NULL)
 4143                                                 *lopp = lop;
 4144                                         return (NFSERR_DENIED);
 4145                                 }
 4146                         }
 4147                 }
 4148         }
 4149         return (0);
 4150 }
 4151 
 4152 /*
 4153  * Check for a local conflicting lock.
 4154  */
 4155 int
 4156 nfscl_lockt(vnode_t vp, struct nfsclclient *clp, u_int64_t off,
 4157     u_int64_t len, struct flock *fl, NFSPROC_T *p, void *id, int flags)
 4158 {
 4159         struct nfscllock *lop, nlck;
 4160         struct nfscldeleg *dp;
 4161         struct nfsnode *np;
 4162         u_int8_t own[NFSV4CL_LOCKNAMELEN];
 4163         int error;
 4164 
 4165         nlck.nfslo_type = fl->l_type;
 4166         nlck.nfslo_first = off;
 4167         if (len == NFS64BITSSET) {
 4168                 nlck.nfslo_end = NFS64BITSSET;
 4169         } else {
 4170                 nlck.nfslo_end = off + len;
 4171                 if (nlck.nfslo_end <= nlck.nfslo_first)
 4172                         return (NFSERR_INVAL);
 4173         }
 4174         np = VTONFS(vp);
 4175         nfscl_filllockowner(id, own, flags);
 4176         NFSLOCKCLSTATE();
 4177         dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
 4178         error = nfscl_localconflict(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
 4179             &nlck, own, dp, &lop);
 4180         if (error != 0) {
 4181                 fl->l_whence = SEEK_SET;
 4182                 fl->l_start = lop->nfslo_first;
 4183                 if (lop->nfslo_end == NFS64BITSSET)
 4184                         fl->l_len = 0;
 4185                 else
 4186                         fl->l_len = lop->nfslo_end - lop->nfslo_first;
 4187                 fl->l_pid = (pid_t)0;
 4188                 fl->l_type = lop->nfslo_type;
 4189                 error = -1;                     /* no RPC required */
 4190         } else if (dp != NULL && ((dp->nfsdl_flags & NFSCLDL_WRITE) ||
 4191             fl->l_type == F_RDLCK)) {
 4192                 /*
 4193                  * The delegation ensures that there isn't a conflicting
 4194                  * lock on the server, so return -1 to indicate an RPC
 4195                  * isn't required.
 4196                  */
 4197                 fl->l_type = F_UNLCK;
 4198                 error = -1;
 4199         }
 4200         NFSUNLOCKCLSTATE();
 4201         return (error);
 4202 }
 4203 
 4204 /*
 4205  * Handle Recall of a delegation.
 4206  * The clp must be exclusive locked when this is called.
 4207  */
 4208 static int
 4209 nfscl_recalldeleg(struct nfsclclient *clp, struct nfsmount *nmp,
 4210     struct nfscldeleg *dp, vnode_t vp, struct ucred *cred, NFSPROC_T *p,
 4211     int called_from_renewthread, vnode_t *vpp)
 4212 {
 4213         struct nfsclowner *owp, *lowp, *nowp;
 4214         struct nfsclopen *op, *lop;
 4215         struct nfscllockowner *lp;
 4216         struct nfscllock *lckp;
 4217         struct nfsnode *np;
 4218         int error = 0, ret;
 4219 
 4220         if (vp == NULL) {
 4221                 KASSERT(vpp != NULL, ("nfscl_recalldeleg: vpp NULL"));
 4222                 *vpp = NULL;
 4223                 /*
 4224                  * First, get a vnode for the file. This is needed to do RPCs.
 4225                  */
 4226                 ret = nfscl_ngetreopen(nmp->nm_mountp, dp->nfsdl_fh,
 4227                     dp->nfsdl_fhlen, p, &np);
 4228                 if (ret) {
 4229                         /*
 4230                          * File isn't open, so nothing to move over to the
 4231                          * server.
 4232                          */
 4233                         return (0);
 4234                 }
 4235                 vp = NFSTOV(np);
 4236                 *vpp = vp;
 4237         } else {
 4238                 np = VTONFS(vp);
 4239         }
 4240         dp->nfsdl_flags &= ~NFSCLDL_MODTIMESET;
 4241 
 4242         /*
 4243          * Ok, if it's a write delegation, flush data to the server, so
 4244          * that close/open consistency is retained.
 4245          */
 4246         ret = 0;
 4247         NFSLOCKNODE(np);
 4248         if ((dp->nfsdl_flags & NFSCLDL_WRITE) && (np->n_flag & NMODIFIED)) {
 4249                 np->n_flag |= NDELEGRECALL;
 4250                 NFSUNLOCKNODE(np);
 4251                 ret = ncl_flush(vp, MNT_WAIT, p, 1, called_from_renewthread);
 4252                 NFSLOCKNODE(np);
 4253                 np->n_flag &= ~NDELEGRECALL;
 4254         }
 4255         NFSINVALATTRCACHE(np);
 4256         NFSUNLOCKNODE(np);
 4257         if (ret == EIO && called_from_renewthread != 0) {
 4258                 /*
 4259                  * If the flush failed with EIO for the renew thread,
 4260                  * return now, so that the dirty buffer will be flushed
 4261                  * later.
 4262                  */
 4263                 return (ret);
 4264         }
 4265 
 4266         /*
 4267          * Now, for each openowner with opens issued locally, move them
 4268          * over to state against the server.
 4269          */
 4270         LIST_FOREACH(lowp, &dp->nfsdl_owner, nfsow_list) {
 4271                 lop = LIST_FIRST(&lowp->nfsow_open);
 4272                 if (lop != NULL) {
 4273                         if (LIST_NEXT(lop, nfso_list) != NULL)
 4274                                 panic("nfsdlg mult opens");
 4275                         /*
 4276                          * Look for the same openowner against the server.
 4277                          */
 4278                         LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
 4279                                 if (!NFSBCMP(lowp->nfsow_owner,
 4280                                     owp->nfsow_owner, NFSV4CL_LOCKNAMELEN)) {
 4281                                         newnfs_copycred(&dp->nfsdl_cred, cred);
 4282                                         ret = nfscl_moveopen(vp, clp, nmp, lop,
 4283                                             owp, dp, cred, p);
 4284                                         if (ret == NFSERR_STALECLIENTID ||
 4285                                             ret == NFSERR_STALEDONTRECOVER ||
 4286                                             ret == NFSERR_BADSESSION)
 4287                                                 return (ret);
 4288                                         if (ret) {
 4289                                                 nfscl_freeopen(lop, 1, true);
 4290                                                 if (!error)
 4291                                                         error = ret;
 4292                                         }
 4293                                         break;
 4294                                 }
 4295                         }
 4296 
 4297                         /*
 4298                          * If no openowner found, create one and get an open
 4299                          * for it.
 4300                          */
 4301                         if (owp == NULL) {
 4302                                 nowp = malloc(
 4303                                     sizeof (struct nfsclowner), M_NFSCLOWNER,
 4304                                     M_WAITOK);
 4305                                 nfscl_newopen(clp, NULL, &owp, &nowp, &op, 
 4306                                     NULL, lowp->nfsow_owner, dp->nfsdl_fh,
 4307                                     dp->nfsdl_fhlen, NULL, NULL);
 4308                                 newnfs_copycred(&dp->nfsdl_cred, cred);
 4309                                 ret = nfscl_moveopen(vp, clp, nmp, lop,
 4310                                     owp, dp, cred, p);
 4311                                 if (ret) {
 4312                                         nfscl_freeopenowner(owp, 0);
 4313                                         if (ret == NFSERR_STALECLIENTID ||
 4314                                             ret == NFSERR_STALEDONTRECOVER ||
 4315                                             ret == NFSERR_BADSESSION)
 4316                                                 return (ret);
 4317                                         if (ret) {
 4318                                                 nfscl_freeopen(lop, 1, true);
 4319                                                 if (!error)
 4320                                                         error = ret;
 4321                                         }
 4322                                 }
 4323                         }
 4324                 }
 4325         }
 4326 
 4327         /*
 4328          * Now, get byte range locks for any locks done locally.
 4329          */
 4330         LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
 4331                 LIST_FOREACH(lckp, &lp->nfsl_lock, nfslo_list) {
 4332                         newnfs_copycred(&dp->nfsdl_cred, cred);
 4333                         ret = nfscl_relock(vp, clp, nmp, lp, lckp, cred, p);
 4334                         if (ret == NFSERR_STALESTATEID ||
 4335                             ret == NFSERR_STALEDONTRECOVER ||
 4336                             ret == NFSERR_STALECLIENTID ||
 4337                             ret == NFSERR_BADSESSION)
 4338                                 return (ret);
 4339                         if (ret && !error)
 4340                                 error = ret;
 4341                 }
 4342         }
 4343         return (error);
 4344 }
 4345 
 4346 /*
 4347  * Move a locally issued open over to an owner on the state list.
 4348  * SIDE EFFECT: If it needs to sleep (do an rpc), it unlocks clstate and
 4349  * returns with it unlocked.
 4350  */
 4351 static int
 4352 nfscl_moveopen(vnode_t vp, struct nfsclclient *clp, struct nfsmount *nmp,
 4353     struct nfsclopen *lop, struct nfsclowner *owp, struct nfscldeleg *dp,
 4354     struct ucred *cred, NFSPROC_T *p)
 4355 {
 4356         struct nfsclopen *op, *nop;
 4357         struct nfscldeleg *ndp;
 4358         struct nfsnode *np;
 4359         int error = 0, newone;
 4360 
 4361         /*
 4362          * First, look for an appropriate open, If found, just increment the
 4363          * opencnt in it.
 4364          */
 4365         LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
 4366                 if ((op->nfso_mode & lop->nfso_mode) == lop->nfso_mode &&
 4367                     op->nfso_fhlen == lop->nfso_fhlen &&
 4368                     !NFSBCMP(op->nfso_fh, lop->nfso_fh, op->nfso_fhlen)) {
 4369                         op->nfso_opencnt += lop->nfso_opencnt;
 4370                         nfscl_freeopen(lop, 1, true);
 4371                         return (0);
 4372                 }
 4373         }
 4374 
 4375         /* No appropriate open, so we have to do one against the server. */
 4376         np = VTONFS(vp);
 4377         nop = malloc(sizeof (struct nfsclopen) +
 4378             lop->nfso_fhlen - 1, M_NFSCLOPEN, M_WAITOK);
 4379         nop->nfso_hash.le_prev = NULL;
 4380         newone = 0;
 4381         nfscl_newopen(clp, NULL, &owp, NULL, &op, &nop, owp->nfsow_owner,
 4382             lop->nfso_fh, lop->nfso_fhlen, cred, &newone);
 4383         ndp = dp;
 4384         error = nfscl_tryopen(nmp, vp, np->n_v4->n4_data, np->n_v4->n4_fhlen,
 4385             lop->nfso_fh, lop->nfso_fhlen, lop->nfso_mode, op,
 4386             NFS4NODENAME(np->n_v4), np->n_v4->n4_namelen, &ndp, 0, 0, cred, p);
 4387         if (error) {
 4388                 if (newone)
 4389                         nfscl_freeopen(op, 0, true);
 4390         } else {
 4391                 op->nfso_mode |= lop->nfso_mode;
 4392                 op->nfso_opencnt += lop->nfso_opencnt;
 4393                 nfscl_freeopen(lop, 1, true);
 4394         }
 4395         if (nop != NULL)
 4396                 free(nop, M_NFSCLOPEN);
 4397         if (ndp != NULL) {
 4398                 /*
 4399                  * What should I do with the returned delegation, since the
 4400                  * delegation is being recalled? For now, just printf and
 4401                  * through it away.
 4402                  */
 4403                 printf("Moveopen returned deleg\n");
 4404                 free(ndp, M_NFSCLDELEG);
 4405         }
 4406         return (error);
 4407 }
 4408 
 4409 /*
 4410  * Recall all delegations on this client.
 4411  */
 4412 static void
 4413 nfscl_totalrecall(struct nfsclclient *clp)
 4414 {
 4415         struct nfscldeleg *dp;
 4416 
 4417         TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
 4418                 if ((dp->nfsdl_flags & NFSCLDL_DELEGRET) == 0)
 4419                         dp->nfsdl_flags |= NFSCLDL_RECALL;
 4420         }
 4421 }
 4422 
 4423 /*
 4424  * Relock byte ranges. Called for delegation recall and state expiry.
 4425  */
 4426 static int
 4427 nfscl_relock(vnode_t vp, struct nfsclclient *clp, struct nfsmount *nmp,
 4428     struct nfscllockowner *lp, struct nfscllock *lop, struct ucred *cred,
 4429     NFSPROC_T *p)
 4430 {
 4431         struct nfscllockowner *nlp;
 4432         struct nfsfh *nfhp;
 4433         struct nfsnode *np;
 4434         u_int64_t off, len;
 4435         int error, newone, donelocally;
 4436 
 4437         if (NFSHASNFSV4N(nmp) && NFSHASONEOPENOWN(nmp)) {
 4438                 np = VTONFS(vp);
 4439                 NFSLOCKNODE(np);
 4440                 np->n_flag |= NMIGHTBELOCKED;
 4441                 NFSUNLOCKNODE(np);
 4442         }
 4443 
 4444         off = lop->nfslo_first;
 4445         len = lop->nfslo_end - lop->nfslo_first;
 4446         error = nfscl_getbytelock(vp, off, len, lop->nfslo_type, cred, p,
 4447             clp, 1, NULL, lp->nfsl_lockflags, lp->nfsl_owner,
 4448             lp->nfsl_openowner, &nlp, &newone, &donelocally);
 4449         if (error || donelocally)
 4450                 return (error);
 4451         nfhp = VTONFS(vp)->n_fhp;
 4452         error = nfscl_trylock(nmp, vp, nfhp->nfh_fh,
 4453             nfhp->nfh_len, nlp, newone, 0, off,
 4454             len, lop->nfslo_type, cred, p);
 4455         if (error)
 4456                 nfscl_freelockowner(nlp, 0);
 4457         return (error);
 4458 }
 4459 
 4460 /*
 4461  * Called to re-open a file. Basically get a vnode for the file handle
 4462  * and then call nfsrpc_openrpc() to do the rest.
 4463  */
 4464 static int
 4465 nfsrpc_reopen(struct nfsmount *nmp, u_int8_t *fhp, int fhlen,
 4466     u_int32_t mode, struct nfsclopen *op, struct nfscldeleg **dpp,
 4467     struct ucred *cred, NFSPROC_T *p)
 4468 {
 4469         struct nfsnode *np;
 4470         vnode_t vp;
 4471         int error;
 4472 
 4473         error = nfscl_ngetreopen(nmp->nm_mountp, fhp, fhlen, p, &np);
 4474         if (error)
 4475                 return (error);
 4476         vp = NFSTOV(np);
 4477         if (np->n_v4 != NULL) {
 4478                 error = nfscl_tryopen(nmp, vp, np->n_v4->n4_data,
 4479                     np->n_v4->n4_fhlen, fhp, fhlen, mode, op,
 4480                     NFS4NODENAME(np->n_v4), np->n_v4->n4_namelen, dpp, 0, 0,
 4481                     cred, p);
 4482         } else {
 4483                 error = EINVAL;
 4484         }
 4485         vrele(vp);
 4486         return (error);
 4487 }
 4488 
 4489 /*
 4490  * Try an open against the server. Just call nfsrpc_openrpc(), retrying while
 4491  * NFSERR_DELAY. Also, try system credentials, if the passed in credentials
 4492  * fail.
 4493  */
 4494 static int
 4495 nfscl_tryopen(struct nfsmount *nmp, vnode_t vp, u_int8_t *fhp, int fhlen,
 4496     u_int8_t *newfhp, int newfhlen, u_int32_t mode, struct nfsclopen *op,
 4497     u_int8_t *name, int namelen, struct nfscldeleg **ndpp,
 4498     int reclaim, u_int32_t delegtype, struct ucred *cred, NFSPROC_T *p)
 4499 {
 4500         int error;
 4501 
 4502         do {
 4503                 error = nfsrpc_openrpc(nmp, vp, fhp, fhlen, newfhp, newfhlen,
 4504                     mode, op, name, namelen, ndpp, reclaim, delegtype, cred, p,
 4505                     0, 0);
 4506                 if (error == NFSERR_DELAY)
 4507                         (void) nfs_catnap(PZERO, error, "nfstryop");
 4508         } while (error == NFSERR_DELAY);
 4509         if (error == EAUTH || error == EACCES) {
 4510                 /* Try again using system credentials */
 4511                 newnfs_setroot(cred);
 4512                 do {
 4513                     error = nfsrpc_openrpc(nmp, vp, fhp, fhlen, newfhp,
 4514                         newfhlen, mode, op, name, namelen, ndpp, reclaim,
 4515                         delegtype, cred, p, 1, 0);
 4516                     if (error == NFSERR_DELAY)
 4517                         (void) nfs_catnap(PZERO, error, "nfstryop");
 4518                 } while (error == NFSERR_DELAY);
 4519         }
 4520         return (error);
 4521 }
 4522 
 4523 /*
 4524  * Try a byte range lock. Just loop on nfsrpc_lock() while it returns
 4525  * NFSERR_DELAY. Also, retry with system credentials, if the provided
 4526  * cred don't work.
 4527  */
 4528 static int
 4529 nfscl_trylock(struct nfsmount *nmp, vnode_t vp, u_int8_t *fhp,
 4530     int fhlen, struct nfscllockowner *nlp, int newone, int reclaim,
 4531     u_int64_t off, u_int64_t len, short type, struct ucred *cred, NFSPROC_T *p)
 4532 {
 4533         struct nfsrv_descript nfsd, *nd = &nfsd;
 4534         int error;
 4535 
 4536         do {
 4537                 error = nfsrpc_lock(nd, nmp, vp, fhp, fhlen, nlp, newone,
 4538                     reclaim, off, len, type, cred, p, 0);
 4539                 if (!error && nd->nd_repstat == NFSERR_DELAY)
 4540                         (void) nfs_catnap(PZERO, (int)nd->nd_repstat,
 4541                             "nfstrylck");
 4542         } while (!error && nd->nd_repstat == NFSERR_DELAY);
 4543         if (!error)
 4544                 error = nd->nd_repstat;
 4545         if (error == EAUTH || error == EACCES) {
 4546                 /* Try again using root credentials */
 4547                 newnfs_setroot(cred);
 4548                 do {
 4549                         error = nfsrpc_lock(nd, nmp, vp, fhp, fhlen, nlp,
 4550                             newone, reclaim, off, len, type, cred, p, 1);
 4551                         if (!error && nd->nd_repstat == NFSERR_DELAY)
 4552                                 (void) nfs_catnap(PZERO, (int)nd->nd_repstat,
 4553                                     "nfstrylck");
 4554                 } while (!error && nd->nd_repstat == NFSERR_DELAY);
 4555                 if (!error)
 4556                         error = nd->nd_repstat;
 4557         }
 4558         return (error);
 4559 }
 4560 
 4561 /*
 4562  * Try a delegreturn against the server. Just call nfsrpc_delegreturn(),
 4563  * retrying while NFSERR_DELAY. Also, try system credentials, if the passed in
 4564  * credentials fail.
 4565  */
 4566 static int
 4567 nfscl_trydelegreturn(struct nfscldeleg *dp, struct ucred *cred,
 4568     struct nfsmount *nmp, NFSPROC_T *p)
 4569 {
 4570         int error;
 4571 
 4572         do {
 4573                 error = nfsrpc_delegreturn(dp, cred, nmp, p, 0);
 4574                 if (error == NFSERR_DELAY)
 4575                         (void) nfs_catnap(PZERO, error, "nfstrydp");
 4576         } while (error == NFSERR_DELAY);
 4577         if (error == EAUTH || error == EACCES) {
 4578                 /* Try again using system credentials */
 4579                 newnfs_setroot(cred);
 4580                 do {
 4581                         error = nfsrpc_delegreturn(dp, cred, nmp, p, 1);
 4582                         if (error == NFSERR_DELAY)
 4583                                 (void) nfs_catnap(PZERO, error, "nfstrydp");
 4584                 } while (error == NFSERR_DELAY);
 4585         }
 4586         return (error);
 4587 }
 4588 
 4589 /*
 4590  * Try a close against the server. Just call nfsrpc_closerpc(),
 4591  * retrying while NFSERR_DELAY. Also, try system credentials, if the passed in
 4592  * credentials fail.
 4593  */
 4594 int
 4595 nfscl_tryclose(struct nfsclopen *op, struct ucred *cred,
 4596     struct nfsmount *nmp, NFSPROC_T *p, bool loop_on_delayed)
 4597 {
 4598         struct nfsrv_descript nfsd, *nd = &nfsd;
 4599         int error;
 4600 
 4601         do {
 4602                 error = nfsrpc_closerpc(nd, nmp, op, cred, p, 0);
 4603                 if (loop_on_delayed && error == NFSERR_DELAY)
 4604                         (void) nfs_catnap(PZERO, error, "nfstrycl");
 4605         } while (loop_on_delayed && error == NFSERR_DELAY);
 4606         if (error == EAUTH || error == EACCES) {
 4607                 /* Try again using system credentials */
 4608                 newnfs_setroot(cred);
 4609                 do {
 4610                         error = nfsrpc_closerpc(nd, nmp, op, cred, p, 1);
 4611                         if (loop_on_delayed && error == NFSERR_DELAY)
 4612                                 (void) nfs_catnap(PZERO, error, "nfstrycl");
 4613                 } while (loop_on_delayed && error == NFSERR_DELAY);
 4614         }
 4615         return (error);
 4616 }
 4617 
 4618 /*
 4619  * Decide if a delegation on a file permits close without flushing writes
 4620  * to the server. This might be a big performance win in some environments.
 4621  * (Not useful until the client does caching on local stable storage.)
 4622  */
 4623 int
 4624 nfscl_mustflush(vnode_t vp)
 4625 {
 4626         struct nfsclclient *clp;
 4627         struct nfscldeleg *dp;
 4628         struct nfsnode *np;
 4629         struct nfsmount *nmp;
 4630 
 4631         np = VTONFS(vp);
 4632         nmp = VFSTONFS(vp->v_mount);
 4633         if (!NFSHASNFSV4(nmp))
 4634                 return (1);
 4635         NFSLOCKMNT(nmp);
 4636         if ((nmp->nm_privflag & NFSMNTP_DELEGISSUED) == 0) {
 4637                 NFSUNLOCKMNT(nmp);
 4638                 return (1);
 4639         }
 4640         NFSUNLOCKMNT(nmp);
 4641         NFSLOCKCLSTATE();
 4642         clp = nfscl_findcl(nmp);
 4643         if (clp == NULL) {
 4644                 NFSUNLOCKCLSTATE();
 4645                 return (1);
 4646         }
 4647         dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
 4648         if (dp != NULL && (dp->nfsdl_flags &
 4649             (NFSCLDL_WRITE | NFSCLDL_RECALL | NFSCLDL_DELEGRET)) ==
 4650              NFSCLDL_WRITE &&
 4651             (dp->nfsdl_sizelimit >= np->n_size ||
 4652              !NFSHASSTRICT3530(nmp))) {
 4653                 NFSUNLOCKCLSTATE();
 4654                 return (0);
 4655         }
 4656         NFSUNLOCKCLSTATE();
 4657         return (1);
 4658 }
 4659 
 4660 /*
 4661  * See if a (write) delegation exists for this file.
 4662  */
 4663 int
 4664 nfscl_nodeleg(vnode_t vp, int writedeleg)
 4665 {
 4666         struct nfsclclient *clp;
 4667         struct nfscldeleg *dp;
 4668         struct nfsnode *np;
 4669         struct nfsmount *nmp;
 4670 
 4671         np = VTONFS(vp);
 4672         nmp = VFSTONFS(vp->v_mount);
 4673         if (!NFSHASNFSV4(nmp))
 4674                 return (1);
 4675         NFSLOCKMNT(nmp);
 4676         if ((nmp->nm_privflag & NFSMNTP_DELEGISSUED) == 0) {
 4677                 NFSUNLOCKMNT(nmp);
 4678                 return (1);
 4679         }
 4680         NFSUNLOCKMNT(nmp);
 4681         NFSLOCKCLSTATE();
 4682         clp = nfscl_findcl(nmp);
 4683         if (clp == NULL) {
 4684                 NFSUNLOCKCLSTATE();
 4685                 return (1);
 4686         }
 4687         dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
 4688         if (dp != NULL &&
 4689             (dp->nfsdl_flags & (NFSCLDL_RECALL | NFSCLDL_DELEGRET)) == 0 &&
 4690             (writedeleg == 0 || (dp->nfsdl_flags & NFSCLDL_WRITE) ==
 4691              NFSCLDL_WRITE)) {
 4692                 NFSUNLOCKCLSTATE();
 4693                 return (0);
 4694         }
 4695         NFSUNLOCKCLSTATE();
 4696         return (1);
 4697 }
 4698 
 4699 /*
 4700  * Look for an associated delegation that should be DelegReturned.
 4701  */
 4702 int
 4703 nfscl_removedeleg(vnode_t vp, NFSPROC_T *p, nfsv4stateid_t *stp)
 4704 {
 4705         struct nfsclclient *clp;
 4706         struct nfscldeleg *dp;
 4707         struct nfsclowner *owp;
 4708         struct nfscllockowner *lp;
 4709         struct nfsmount *nmp;
 4710         struct mount *mp;
 4711         struct ucred *cred;
 4712         struct nfsnode *np;
 4713         int igotlock = 0, triedrecall = 0, needsrecall, retcnt = 0, islept;
 4714 
 4715         nmp = VFSTONFS(vp->v_mount);
 4716         if (NFSHASPNFS(nmp))
 4717                 return (retcnt);
 4718         NFSLOCKMNT(nmp);
 4719         if ((nmp->nm_privflag & NFSMNTP_DELEGISSUED) == 0) {
 4720                 NFSUNLOCKMNT(nmp);
 4721                 return (retcnt);
 4722         }
 4723         NFSUNLOCKMNT(nmp);
 4724         np = VTONFS(vp);
 4725         mp = nmp->nm_mountp;
 4726         NFSLOCKCLSTATE();
 4727         /*
 4728          * Loop around waiting for:
 4729          * - outstanding I/O operations on delegations to complete
 4730          * - for a delegation on vp that has state, lock the client and
 4731          *   do a recall
 4732          * - return delegation with no state
 4733          */
 4734         while (1) {
 4735                 clp = nfscl_findcl(nmp);
 4736                 if (clp == NULL) {
 4737                         NFSUNLOCKCLSTATE();
 4738                         return (retcnt);
 4739                 }
 4740                 dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
 4741                     np->n_fhp->nfh_len);
 4742                 if (dp != NULL) {
 4743                     /*
 4744                      * Wait for outstanding I/O ops to be done.
 4745                      */
 4746                     if (dp->nfsdl_rwlock.nfslock_usecnt > 0) {
 4747                         if (igotlock) {
 4748                             nfsv4_unlock(&clp->nfsc_lock, 0);
 4749                             igotlock = 0;
 4750                         }
 4751                         dp->nfsdl_rwlock.nfslock_lock |= NFSV4LOCK_WANTED;
 4752                         msleep(&dp->nfsdl_rwlock, NFSCLSTATEMUTEXPTR, PZERO,
 4753                             "nfscld", hz);
 4754                         if (NFSCL_FORCEDISM(mp)) {
 4755                             dp->nfsdl_flags &= ~NFSCLDL_DELEGRET;
 4756                             NFSUNLOCKCLSTATE();
 4757                             return (0);
 4758                         }
 4759                         continue;
 4760                     }
 4761                     needsrecall = 0;
 4762                     LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
 4763                         if (!LIST_EMPTY(&owp->nfsow_open)) {
 4764                             needsrecall = 1;
 4765                             break;
 4766                         }
 4767                     }
 4768                     if (!needsrecall) {
 4769                         LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
 4770                             if (!LIST_EMPTY(&lp->nfsl_lock)) {
 4771                                 needsrecall = 1;
 4772                                 break;
 4773                             }
 4774                         }
 4775                     }
 4776                     if (needsrecall && !triedrecall) {
 4777                         dp->nfsdl_flags |= NFSCLDL_DELEGRET;
 4778                         islept = 0;
 4779                         while (!igotlock) {
 4780                             igotlock = nfsv4_lock(&clp->nfsc_lock, 1,
 4781                                 &islept, NFSCLSTATEMUTEXPTR, mp);
 4782                             if (NFSCL_FORCEDISM(mp)) {
 4783                                 dp->nfsdl_flags &= ~NFSCLDL_DELEGRET;
 4784                                 if (igotlock)
 4785                                     nfsv4_unlock(&clp->nfsc_lock, 0);
 4786                                 NFSUNLOCKCLSTATE();
 4787                                 return (0);
 4788                             }
 4789                             if (islept)
 4790                                 break;
 4791                         }
 4792                         if (islept)
 4793                             continue;
 4794                         NFSUNLOCKCLSTATE();
 4795                         cred = newnfs_getcred();
 4796                         newnfs_copycred(&dp->nfsdl_cred, cred);
 4797                         nfscl_recalldeleg(clp, nmp, dp, vp, cred, p, 0, NULL);
 4798                         NFSFREECRED(cred);
 4799                         triedrecall = 1;
 4800                         NFSLOCKCLSTATE();
 4801                         nfsv4_unlock(&clp->nfsc_lock, 0);
 4802                         igotlock = 0;
 4803                         continue;
 4804                     }
 4805                     *stp = dp->nfsdl_stateid;
 4806                     retcnt = 1;
 4807                     nfscl_cleandeleg(dp);
 4808                     nfscl_freedeleg(&clp->nfsc_deleg, dp, true);
 4809                 }
 4810                 if (igotlock)
 4811                     nfsv4_unlock(&clp->nfsc_lock, 0);
 4812                 NFSUNLOCKCLSTATE();
 4813                 return (retcnt);
 4814         }
 4815 }
 4816 
 4817 /*
 4818  * Look for associated delegation(s) that should be DelegReturned.
 4819  */
 4820 int
 4821 nfscl_renamedeleg(vnode_t fvp, nfsv4stateid_t *fstp, int *gotfdp, vnode_t tvp,
 4822     nfsv4stateid_t *tstp, int *gottdp, NFSPROC_T *p)
 4823 {
 4824         struct nfsclclient *clp;
 4825         struct nfscldeleg *dp;
 4826         struct nfsclowner *owp;
 4827         struct nfscllockowner *lp;
 4828         struct nfsmount *nmp;
 4829         struct mount *mp;
 4830         struct ucred *cred;
 4831         struct nfsnode *np;
 4832         int igotlock = 0, triedrecall = 0, needsrecall, retcnt = 0, islept;
 4833 
 4834         nmp = VFSTONFS(fvp->v_mount);
 4835         *gotfdp = 0;
 4836         *gottdp = 0;
 4837         if (NFSHASPNFS(nmp))
 4838                 return (retcnt);
 4839         NFSLOCKMNT(nmp);
 4840         if ((nmp->nm_privflag & NFSMNTP_DELEGISSUED) == 0) {
 4841                 NFSUNLOCKMNT(nmp);
 4842                 return (retcnt);
 4843         }
 4844         NFSUNLOCKMNT(nmp);
 4845         mp = nmp->nm_mountp;
 4846         NFSLOCKCLSTATE();
 4847         /*
 4848          * Loop around waiting for:
 4849          * - outstanding I/O operations on delegations to complete
 4850          * - for a delegation on fvp that has state, lock the client and
 4851          *   do a recall
 4852          * - return delegation(s) with no state.
 4853          */
 4854         while (1) {
 4855                 clp = nfscl_findcl(nmp);
 4856                 if (clp == NULL) {
 4857                         NFSUNLOCKCLSTATE();
 4858                         return (retcnt);
 4859                 }
 4860                 np = VTONFS(fvp);
 4861                 dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
 4862                     np->n_fhp->nfh_len);
 4863                 if (dp != NULL && *gotfdp == 0) {
 4864                     /*
 4865                      * Wait for outstanding I/O ops to be done.
 4866                      */
 4867                     if (dp->nfsdl_rwlock.nfslock_usecnt > 0) {
 4868                         if (igotlock) {
 4869                             nfsv4_unlock(&clp->nfsc_lock, 0);
 4870                             igotlock = 0;
 4871                         }
 4872                         dp->nfsdl_rwlock.nfslock_lock |= NFSV4LOCK_WANTED;
 4873                         msleep(&dp->nfsdl_rwlock, NFSCLSTATEMUTEXPTR, PZERO,
 4874                             "nfscld", hz);
 4875                         if (NFSCL_FORCEDISM(mp)) {
 4876                             dp->nfsdl_flags &= ~NFSCLDL_DELEGRET;
 4877                             NFSUNLOCKCLSTATE();
 4878                             *gotfdp = 0;
 4879                             *gottdp = 0;
 4880                             return (0);
 4881                         }
 4882                         continue;
 4883                     }
 4884                     needsrecall = 0;
 4885                     LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
 4886                         if (!LIST_EMPTY(&owp->nfsow_open)) {
 4887                             needsrecall = 1;
 4888                             break;
 4889                         }
 4890                     }
 4891                     if (!needsrecall) {
 4892                         LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
 4893                             if (!LIST_EMPTY(&lp->nfsl_lock)) {
 4894                                 needsrecall = 1;
 4895                                 break;
 4896                             }
 4897                         }
 4898                     }
 4899                     if (needsrecall && !triedrecall) {
 4900                         dp->nfsdl_flags |= NFSCLDL_DELEGRET;
 4901                         islept = 0;
 4902                         while (!igotlock) {
 4903                             igotlock = nfsv4_lock(&clp->nfsc_lock, 1,
 4904                                 &islept, NFSCLSTATEMUTEXPTR, mp);
 4905                             if (NFSCL_FORCEDISM(mp)) {
 4906                                 dp->nfsdl_flags &= ~NFSCLDL_DELEGRET;
 4907                                 if (igotlock)
 4908                                     nfsv4_unlock(&clp->nfsc_lock, 0);
 4909                                 NFSUNLOCKCLSTATE();
 4910                                 *gotfdp = 0;
 4911                                 *gottdp = 0;
 4912                                 return (0);
 4913                             }
 4914                             if (islept)
 4915                                 break;
 4916                         }
 4917                         if (islept)
 4918                             continue;
 4919                         NFSUNLOCKCLSTATE();
 4920                         cred = newnfs_getcred();
 4921                         newnfs_copycred(&dp->nfsdl_cred, cred);
 4922                         nfscl_recalldeleg(clp, nmp, dp, fvp, cred, p, 0, NULL);
 4923                         NFSFREECRED(cred);
 4924                         triedrecall = 1;
 4925                         NFSLOCKCLSTATE();
 4926                         nfsv4_unlock(&clp->nfsc_lock, 0);
 4927                         igotlock = 0;
 4928                         continue;
 4929                     }
 4930                     *fstp = dp->nfsdl_stateid;
 4931                     retcnt++;
 4932                     *gotfdp = 1;
 4933                     nfscl_cleandeleg(dp);
 4934                     nfscl_freedeleg(&clp->nfsc_deleg, dp, true);
 4935                 }
 4936                 if (igotlock) {
 4937                     nfsv4_unlock(&clp->nfsc_lock, 0);
 4938                     igotlock = 0;
 4939                 }
 4940                 if (tvp != NULL) {
 4941                     np = VTONFS(tvp);
 4942                     dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
 4943                         np->n_fhp->nfh_len);
 4944                     if (dp != NULL && *gottdp == 0) {
 4945                         /*
 4946                          * Wait for outstanding I/O ops to be done.
 4947                          */
 4948                         if (dp->nfsdl_rwlock.nfslock_usecnt > 0) {
 4949                             dp->nfsdl_rwlock.nfslock_lock |= NFSV4LOCK_WANTED;
 4950                             msleep(&dp->nfsdl_rwlock, NFSCLSTATEMUTEXPTR, PZERO,
 4951                                 "nfscld", hz);
 4952                             if (NFSCL_FORCEDISM(mp)) {
 4953                                 NFSUNLOCKCLSTATE();
 4954                                 *gotfdp = 0;
 4955                                 *gottdp = 0;
 4956                                 return (0);
 4957                             }
 4958                             continue;
 4959                         }
 4960                         LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
 4961                             if (!LIST_EMPTY(&owp->nfsow_open)) {
 4962                                 NFSUNLOCKCLSTATE();
 4963                                 return (retcnt);
 4964                             }
 4965                         }
 4966                         LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
 4967                             if (!LIST_EMPTY(&lp->nfsl_lock)) {
 4968                                 NFSUNLOCKCLSTATE();
 4969                                 return (retcnt);
 4970                             }
 4971                         }
 4972                         *tstp = dp->nfsdl_stateid;
 4973                         retcnt++;
 4974                         *gottdp = 1;
 4975                         nfscl_cleandeleg(dp);
 4976                         nfscl_freedeleg(&clp->nfsc_deleg, dp, true);
 4977                     }
 4978                 }
 4979                 NFSUNLOCKCLSTATE();
 4980                 return (retcnt);
 4981         }
 4982 }
 4983 
 4984 /*
 4985  * Get a reference on the clientid associated with the mount point.
 4986  * Return 1 if success, 0 otherwise.
 4987  */
 4988 int
 4989 nfscl_getref(struct nfsmount *nmp)
 4990 {
 4991         struct nfsclclient *clp;
 4992         int ret;
 4993 
 4994         NFSLOCKCLSTATE();
 4995         clp = nfscl_findcl(nmp);
 4996         if (clp == NULL) {
 4997                 NFSUNLOCKCLSTATE();
 4998                 return (0);
 4999         }
 5000         nfsv4_getref(&clp->nfsc_lock, NULL, NFSCLSTATEMUTEXPTR, nmp->nm_mountp);
 5001         ret = 1;
 5002         if (NFSCL_FORCEDISM(nmp->nm_mountp))
 5003                 ret = 0;
 5004         NFSUNLOCKCLSTATE();
 5005         return (ret);
 5006 }
 5007 
 5008 /*
 5009  * Release a reference on a clientid acquired with the above call.
 5010  */
 5011 void
 5012 nfscl_relref(struct nfsmount *nmp)
 5013 {
 5014         struct nfsclclient *clp;
 5015 
 5016         NFSLOCKCLSTATE();
 5017         clp = nfscl_findcl(nmp);
 5018         if (clp == NULL) {
 5019                 NFSUNLOCKCLSTATE();
 5020                 return;
 5021         }
 5022         nfsv4_relref(&clp->nfsc_lock);
 5023         NFSUNLOCKCLSTATE();
 5024 }
 5025 
 5026 /*
 5027  * Save the size attribute in the delegation, since the nfsnode
 5028  * is going away.
 5029  */
 5030 void
 5031 nfscl_reclaimnode(vnode_t vp)
 5032 {
 5033         struct nfsclclient *clp;
 5034         struct nfscldeleg *dp;
 5035         struct nfsnode *np = VTONFS(vp);
 5036         struct nfsmount *nmp;
 5037 
 5038         nmp = VFSTONFS(vp->v_mount);
 5039         if (!NFSHASNFSV4(nmp))
 5040                 return;
 5041         NFSLOCKCLSTATE();
 5042         clp = nfscl_findcl(nmp);
 5043         if (clp == NULL) {
 5044                 NFSUNLOCKCLSTATE();
 5045                 return;
 5046         }
 5047         dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
 5048         if (dp != NULL && (dp->nfsdl_flags & NFSCLDL_WRITE))
 5049                 dp->nfsdl_size = np->n_size;
 5050         NFSUNLOCKCLSTATE();
 5051 }
 5052 
 5053 /*
 5054  * Get the saved size attribute in the delegation, since it is a
 5055  * newly allocated nfsnode.
 5056  */
 5057 void
 5058 nfscl_newnode(vnode_t vp)
 5059 {
 5060         struct nfsclclient *clp;
 5061         struct nfscldeleg *dp;
 5062         struct nfsnode *np = VTONFS(vp);
 5063         struct nfsmount *nmp;
 5064 
 5065         nmp = VFSTONFS(vp->v_mount);
 5066         if (!NFSHASNFSV4(nmp))
 5067                 return;
 5068         NFSLOCKCLSTATE();
 5069         clp = nfscl_findcl(nmp);
 5070         if (clp == NULL) {
 5071                 NFSUNLOCKCLSTATE();
 5072                 return;
 5073         }
 5074         dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
 5075         if (dp != NULL && (dp->nfsdl_flags & NFSCLDL_WRITE))
 5076                 np->n_size = dp->nfsdl_size;
 5077         NFSUNLOCKCLSTATE();
 5078 }
 5079 
 5080 /*
 5081  * If there is a valid write delegation for this file, set the modtime
 5082  * to the local clock time.
 5083  */
 5084 void
 5085 nfscl_delegmodtime(vnode_t vp)
 5086 {
 5087         struct nfsclclient *clp;
 5088         struct nfscldeleg *dp;
 5089         struct nfsnode *np = VTONFS(vp);
 5090         struct nfsmount *nmp;
 5091 
 5092         nmp = VFSTONFS(vp->v_mount);
 5093         if (!NFSHASNFSV4(nmp))
 5094                 return;
 5095         NFSLOCKMNT(nmp);
 5096         if ((nmp->nm_privflag & NFSMNTP_DELEGISSUED) == 0) {
 5097                 NFSUNLOCKMNT(nmp);
 5098                 return;
 5099         }
 5100         NFSUNLOCKMNT(nmp);
 5101         NFSLOCKCLSTATE();
 5102         clp = nfscl_findcl(nmp);
 5103         if (clp == NULL) {
 5104                 NFSUNLOCKCLSTATE();
 5105                 return;
 5106         }
 5107         dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
 5108         if (dp != NULL && (dp->nfsdl_flags & NFSCLDL_WRITE)) {
 5109                 nanotime(&dp->nfsdl_modtime);
 5110                 dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
 5111         }
 5112         NFSUNLOCKCLSTATE();
 5113 }
 5114 
 5115 /*
 5116  * If there is a valid write delegation for this file with a modtime set,
 5117  * put that modtime in mtime.
 5118  */
 5119 void
 5120 nfscl_deleggetmodtime(vnode_t vp, struct timespec *mtime)
 5121 {
 5122         struct nfsclclient *clp;
 5123         struct nfscldeleg *dp;
 5124         struct nfsnode *np = VTONFS(vp);
 5125         struct nfsmount *nmp;
 5126 
 5127         nmp = VFSTONFS(vp->v_mount);
 5128         if (!NFSHASNFSV4(nmp))
 5129                 return;
 5130         NFSLOCKMNT(nmp);
 5131         if ((nmp->nm_privflag & NFSMNTP_DELEGISSUED) == 0) {
 5132                 NFSUNLOCKMNT(nmp);
 5133                 return;
 5134         }
 5135         NFSUNLOCKMNT(nmp);
 5136         NFSLOCKCLSTATE();
 5137         clp = nfscl_findcl(nmp);
 5138         if (clp == NULL) {
 5139                 NFSUNLOCKCLSTATE();
 5140                 return;
 5141         }
 5142         dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
 5143         if (dp != NULL &&
 5144             (dp->nfsdl_flags & (NFSCLDL_WRITE | NFSCLDL_MODTIMESET)) ==
 5145             (NFSCLDL_WRITE | NFSCLDL_MODTIMESET))
 5146                 *mtime = dp->nfsdl_modtime;
 5147         NFSUNLOCKCLSTATE();
 5148 }
 5149 
 5150 static int
 5151 nfscl_errmap(struct nfsrv_descript *nd, u_int32_t minorvers)
 5152 {
 5153         short *defaulterrp, *errp;
 5154 
 5155         if (!nd->nd_repstat)
 5156                 return (0);
 5157         if (nd->nd_procnum == NFSPROC_NOOP)
 5158                 return (txdr_unsigned(nd->nd_repstat & 0xffff));
 5159         if (nd->nd_repstat == EBADRPC)
 5160                 return (txdr_unsigned(NFSERR_BADXDR));
 5161         if (nd->nd_repstat == NFSERR_MINORVERMISMATCH ||
 5162             nd->nd_repstat == NFSERR_OPILLEGAL)
 5163                 return (txdr_unsigned(nd->nd_repstat));
 5164         if (nd->nd_repstat >= NFSERR_BADIOMODE && nd->nd_repstat < 20000 &&
 5165             minorvers > NFSV4_MINORVERSION) {
 5166                 /* NFSv4.n error. */
 5167                 return (txdr_unsigned(nd->nd_repstat));
 5168         }
 5169         if (nd->nd_procnum < NFSV4OP_CBNOPS)
 5170                 errp = defaulterrp = nfscl_cberrmap[nd->nd_procnum];
 5171         else
 5172                 return (txdr_unsigned(nd->nd_repstat));
 5173         while (*++errp)
 5174                 if (*errp == (short)nd->nd_repstat)
 5175                         return (txdr_unsigned(nd->nd_repstat));
 5176         return (txdr_unsigned(*defaulterrp));
 5177 }
 5178 
 5179 /*
 5180  * Called to find/add a layout to a client.
 5181  * This function returns the layout with a refcnt (shared lock) upon
 5182  * success (returns 0) or with no lock/refcnt on the layout when an
 5183  * error is returned.
 5184  * If a layout is passed in via lypp, it is locked (exclusively locked).
 5185  */
 5186 int
 5187 nfscl_layout(struct nfsmount *nmp, vnode_t vp, u_int8_t *fhp, int fhlen,
 5188     nfsv4stateid_t *stateidp, int layouttype, int retonclose,
 5189     struct nfsclflayouthead *fhlp, struct nfscllayout **lypp,
 5190     struct ucred *cred, NFSPROC_T *p)
 5191 {
 5192         struct nfsclclient *clp;
 5193         struct nfscllayout *lyp, *tlyp;
 5194         struct nfsclflayout *flp;
 5195         struct nfsnode *np = VTONFS(vp);
 5196         mount_t mp;
 5197         int layout_passed_in;
 5198 
 5199         mp = nmp->nm_mountp;
 5200         layout_passed_in = 1;
 5201         tlyp = NULL;
 5202         lyp = *lypp;
 5203         if (lyp == NULL) {
 5204                 layout_passed_in = 0;
 5205                 tlyp = malloc(sizeof(*tlyp) + fhlen - 1, M_NFSLAYOUT,
 5206                     M_WAITOK | M_ZERO);
 5207         }
 5208 
 5209         NFSLOCKCLSTATE();
 5210         clp = nmp->nm_clp;
 5211         if (clp == NULL) {
 5212                 if (layout_passed_in != 0)
 5213                         nfsv4_unlock(&lyp->nfsly_lock, 0);
 5214                 NFSUNLOCKCLSTATE();
 5215                 if (tlyp != NULL)
 5216                         free(tlyp, M_NFSLAYOUT);
 5217                 return (EPERM);
 5218         }
 5219         if (lyp == NULL) {
 5220                 /*
 5221                  * Although no lyp was passed in, another thread might have
 5222                  * allocated one. If one is found, just increment it's ref
 5223                  * count and return it.
 5224                  */
 5225                 lyp = nfscl_findlayout(clp, fhp, fhlen);
 5226                 if (lyp == NULL) {
 5227                         lyp = tlyp;
 5228                         tlyp = NULL;
 5229                         lyp->nfsly_stateid.seqid = stateidp->seqid;
 5230                         lyp->nfsly_stateid.other[0] = stateidp->other[0];
 5231                         lyp->nfsly_stateid.other[1] = stateidp->other[1];
 5232                         lyp->nfsly_stateid.other[2] = stateidp->other[2];
 5233                         lyp->nfsly_lastbyte = 0;
 5234                         LIST_INIT(&lyp->nfsly_flayread);
 5235                         LIST_INIT(&lyp->nfsly_flayrw);
 5236                         LIST_INIT(&lyp->nfsly_recall);
 5237                         lyp->nfsly_filesid[0] = np->n_vattr.na_filesid[0];
 5238                         lyp->nfsly_filesid[1] = np->n_vattr.na_filesid[1];
 5239                         lyp->nfsly_clp = clp;
 5240                         if (layouttype == NFSLAYOUT_FLEXFILE)
 5241                                 lyp->nfsly_flags = NFSLY_FLEXFILE;
 5242                         else
 5243                                 lyp->nfsly_flags = NFSLY_FILES;
 5244                         if (retonclose != 0)
 5245                                 lyp->nfsly_flags |= NFSLY_RETONCLOSE;
 5246                         lyp->nfsly_fhlen = fhlen;
 5247                         NFSBCOPY(fhp, lyp->nfsly_fh, fhlen);
 5248                         TAILQ_INSERT_HEAD(&clp->nfsc_layout, lyp, nfsly_list);
 5249                         LIST_INSERT_HEAD(NFSCLLAYOUTHASH(clp, fhp, fhlen), lyp,
 5250                             nfsly_hash);
 5251                         lyp->nfsly_timestamp = NFSD_MONOSEC + 120;
 5252                         nfscl_layoutcnt++;
 5253                         nfsstatsv1.cllayouts++;
 5254                 } else {
 5255                         if (retonclose != 0)
 5256                                 lyp->nfsly_flags |= NFSLY_RETONCLOSE;
 5257                         if (stateidp->seqid > lyp->nfsly_stateid.seqid)
 5258                                 lyp->nfsly_stateid.seqid = stateidp->seqid;
 5259                         TAILQ_REMOVE(&clp->nfsc_layout, lyp, nfsly_list);
 5260                         TAILQ_INSERT_HEAD(&clp->nfsc_layout, lyp, nfsly_list);
 5261                         lyp->nfsly_timestamp = NFSD_MONOSEC + 120;
 5262                 }
 5263                 nfsv4_getref(&lyp->nfsly_lock, NULL, NFSCLSTATEMUTEXPTR, mp);
 5264                 if (NFSCL_FORCEDISM(mp)) {
 5265                         NFSUNLOCKCLSTATE();
 5266                         if (tlyp != NULL)
 5267                                 free(tlyp, M_NFSLAYOUT);
 5268                         return (EPERM);
 5269                 }
 5270                 *lypp = lyp;
 5271         } else if (stateidp->seqid > lyp->nfsly_stateid.seqid)
 5272                 lyp->nfsly_stateid.seqid = stateidp->seqid;
 5273 
 5274         /* Merge the new list of File Layouts into the list. */
 5275         flp = LIST_FIRST(fhlp);
 5276         if (flp != NULL) {
 5277                 if (flp->nfsfl_iomode == NFSLAYOUTIOMODE_READ)
 5278                         nfscl_mergeflayouts(&lyp->nfsly_flayread, fhlp);
 5279                 else
 5280                         nfscl_mergeflayouts(&lyp->nfsly_flayrw, fhlp);
 5281         }
 5282         if (layout_passed_in != 0)
 5283                 nfsv4_unlock(&lyp->nfsly_lock, 1);
 5284         NFSUNLOCKCLSTATE();
 5285         if (tlyp != NULL)
 5286                 free(tlyp, M_NFSLAYOUT);
 5287         return (0);
 5288 }
 5289 
 5290 /*
 5291  * Search for a layout by MDS file handle.
 5292  * If one is found, it is returned with a refcnt (shared lock) iff
 5293  * retflpp returned non-NULL and locked (exclusive locked) iff retflpp is
 5294  * returned NULL.
 5295  */
 5296 struct nfscllayout *
 5297 nfscl_getlayout(struct nfsclclient *clp, uint8_t *fhp, int fhlen,
 5298     uint64_t off, uint32_t rwaccess, struct nfsclflayout **retflpp,
 5299     int *recalledp)
 5300 {
 5301         struct nfscllayout *lyp;
 5302         mount_t mp;
 5303         int error, igotlock;
 5304 
 5305         mp = clp->nfsc_nmp->nm_mountp;
 5306         *recalledp = 0;
 5307         *retflpp = NULL;
 5308         NFSLOCKCLSTATE();
 5309         lyp = nfscl_findlayout(clp, fhp, fhlen);
 5310         if (lyp != NULL) {
 5311                 if ((lyp->nfsly_flags & NFSLY_RECALL) == 0) {
 5312                         TAILQ_REMOVE(&clp->nfsc_layout, lyp, nfsly_list);
 5313                         TAILQ_INSERT_HEAD(&clp->nfsc_layout, lyp, nfsly_list);
 5314                         lyp->nfsly_timestamp = NFSD_MONOSEC + 120;
 5315                         error = nfscl_findlayoutforio(lyp, off, rwaccess,
 5316                             retflpp);
 5317                         if (error == 0)
 5318                                 nfsv4_getref(&lyp->nfsly_lock, NULL,
 5319                                     NFSCLSTATEMUTEXPTR, mp);
 5320                         else {
 5321                                 do {
 5322                                         igotlock = nfsv4_lock(&lyp->nfsly_lock,
 5323                                             1, NULL, NFSCLSTATEMUTEXPTR, mp);
 5324                                 } while (igotlock == 0 && !NFSCL_FORCEDISM(mp));
 5325                                 *retflpp = NULL;
 5326                         }
 5327                         if (NFSCL_FORCEDISM(mp)) {
 5328                                 lyp = NULL;
 5329                                 *recalledp = 1;
 5330                         }
 5331                 } else {
 5332                         lyp = NULL;
 5333                         *recalledp = 1;
 5334                 }
 5335         }
 5336         NFSUNLOCKCLSTATE();
 5337         return (lyp);
 5338 }
 5339 
 5340 /*
 5341  * Search for a layout by MDS file handle. If one is found, mark in to be
 5342  * recalled, if it already marked "return on close".
 5343  */
 5344 static void
 5345 nfscl_retoncloselayout(vnode_t vp, struct nfsclclient *clp, uint8_t *fhp,
 5346     int fhlen, struct nfsclrecalllayout **recallpp, struct nfscllayout **lypp)
 5347 {
 5348         struct nfscllayout *lyp;
 5349         uint32_t iomode;
 5350 
 5351         *lypp = NULL;
 5352         if (vp->v_type != VREG || !NFSHASPNFS(VFSTONFS(vp->v_mount)) ||
 5353             nfscl_enablecallb == 0 || nfs_numnfscbd == 0 ||
 5354             (VTONFS(vp)->n_flag & NNOLAYOUT) != 0)
 5355                 return;
 5356         lyp = nfscl_findlayout(clp, fhp, fhlen);
 5357         if (lyp != NULL && (lyp->nfsly_flags & NFSLY_RETONCLOSE) != 0) {
 5358                 if ((lyp->nfsly_flags & NFSLY_RECALL) == 0) {
 5359                         iomode = 0;
 5360                         if (!LIST_EMPTY(&lyp->nfsly_flayread))
 5361                                 iomode |= NFSLAYOUTIOMODE_READ;
 5362                         if (!LIST_EMPTY(&lyp->nfsly_flayrw))
 5363                                 iomode |= NFSLAYOUTIOMODE_RW;
 5364                         nfscl_layoutrecall(NFSLAYOUTRETURN_FILE, lyp, iomode,
 5365                             0, UINT64_MAX, lyp->nfsly_stateid.seqid, 0, 0, NULL,
 5366                             *recallpp);
 5367                         NFSCL_DEBUG(4, "retoncls recall iomode=%d\n", iomode);
 5368                         *recallpp = NULL;
 5369                 }
 5370 
 5371                 /* Now, wake up renew thread to do LayoutReturn. */
 5372                 wakeup(clp);
 5373                 *lypp = lyp;
 5374         }
 5375 }
 5376 
 5377 /*
 5378  * Mark the layout to be recalled and with an error.
 5379  * Also, disable the dsp from further use.
 5380  */
 5381 void
 5382 nfscl_dserr(uint32_t op, uint32_t stat, struct nfscldevinfo *dp,
 5383     struct nfscllayout *lyp, struct nfsclds *dsp)
 5384 {
 5385         struct nfsclrecalllayout *recallp;
 5386         uint32_t iomode;
 5387 
 5388         printf("DS being disabled, error=%d\n", stat);
 5389         /* Set up the return of the layout. */
 5390         recallp = malloc(sizeof(*recallp), M_NFSLAYRECALL, M_WAITOK);
 5391         iomode = 0;
 5392         NFSLOCKCLSTATE();
 5393         if ((lyp->nfsly_flags & NFSLY_RECALL) == 0) {
 5394                 if (!LIST_EMPTY(&lyp->nfsly_flayread))
 5395                         iomode |= NFSLAYOUTIOMODE_READ;
 5396                 if (!LIST_EMPTY(&lyp->nfsly_flayrw))
 5397                         iomode |= NFSLAYOUTIOMODE_RW;
 5398                 (void)nfscl_layoutrecall(NFSLAYOUTRETURN_FILE, lyp, iomode,
 5399                     0, UINT64_MAX, lyp->nfsly_stateid.seqid, stat, op,
 5400                     dp->nfsdi_deviceid, recallp);
 5401                 NFSUNLOCKCLSTATE();
 5402                 NFSCL_DEBUG(4, "nfscl_dserr recall iomode=%d\n", iomode);
 5403         } else {
 5404                 NFSUNLOCKCLSTATE();
 5405                 free(recallp, M_NFSLAYRECALL);
 5406         }
 5407 
 5408         /* And shut the TCP connection down. */
 5409         nfscl_cancelreqs(dsp);
 5410 }
 5411 
 5412 /*
 5413  * Cancel all RPCs for this "dsp" by closing the connection.
 5414  * Also, mark the session as defunct.
 5415  * If NFSCLDS_SAMECONN is set, the connection is shared with other DSs and
 5416  * cannot be shut down.
 5417  */
 5418 void
 5419 nfscl_cancelreqs(struct nfsclds *dsp)
 5420 {
 5421         struct __rpc_client *cl;
 5422         static int non_event;
 5423 
 5424         NFSLOCKDS(dsp);
 5425         if ((dsp->nfsclds_flags & (NFSCLDS_CLOSED | NFSCLDS_SAMECONN)) == 0 &&
 5426             dsp->nfsclds_sockp != NULL &&
 5427             dsp->nfsclds_sockp->nr_client != NULL) {
 5428                 dsp->nfsclds_flags |= NFSCLDS_CLOSED;
 5429                 cl = dsp->nfsclds_sockp->nr_client;
 5430                 dsp->nfsclds_sess.nfsess_defunct = 1;
 5431                 NFSUNLOCKDS(dsp);
 5432                 CLNT_CLOSE(cl);
 5433                 /*
 5434                  * This 1sec sleep is done to reduce the number of reconnect
 5435                  * attempts made on the DS while it has failed.
 5436                  */
 5437                 tsleep(&non_event, PVFS, "ndscls", hz);
 5438                 return;
 5439         }
 5440         NFSUNLOCKDS(dsp);
 5441 }
 5442 
 5443 /*
 5444  * Dereference a layout.
 5445  */
 5446 void
 5447 nfscl_rellayout(struct nfscllayout *lyp, int exclocked)
 5448 {
 5449 
 5450         NFSLOCKCLSTATE();
 5451         if (exclocked != 0)
 5452                 nfsv4_unlock(&lyp->nfsly_lock, 0);
 5453         else
 5454                 nfsv4_relref(&lyp->nfsly_lock);
 5455         NFSUNLOCKCLSTATE();
 5456 }
 5457 
 5458 /*
 5459  * Search for a devinfo by deviceid. If one is found, return it after
 5460  * acquiring a reference count on it.
 5461  */
 5462 struct nfscldevinfo *
 5463 nfscl_getdevinfo(struct nfsclclient *clp, uint8_t *deviceid,
 5464     struct nfscldevinfo *dip)
 5465 {
 5466 
 5467         NFSLOCKCLSTATE();
 5468         if (dip == NULL)
 5469                 dip = nfscl_finddevinfo(clp, deviceid);
 5470         if (dip != NULL)
 5471                 dip->nfsdi_refcnt++;
 5472         NFSUNLOCKCLSTATE();
 5473         return (dip);
 5474 }
 5475 
 5476 /*
 5477  * Dereference a devinfo structure.
 5478  */
 5479 static void
 5480 nfscl_reldevinfo_locked(struct nfscldevinfo *dip)
 5481 {
 5482 
 5483         dip->nfsdi_refcnt--;
 5484         if (dip->nfsdi_refcnt == 0)
 5485                 wakeup(&dip->nfsdi_refcnt);
 5486 }
 5487 
 5488 /*
 5489  * Dereference a devinfo structure.
 5490  */
 5491 void
 5492 nfscl_reldevinfo(struct nfscldevinfo *dip)
 5493 {
 5494 
 5495         NFSLOCKCLSTATE();
 5496         nfscl_reldevinfo_locked(dip);
 5497         NFSUNLOCKCLSTATE();
 5498 }
 5499 
 5500 /*
 5501  * Find a layout for this file handle. Return NULL upon failure.
 5502  */
 5503 static struct nfscllayout *
 5504 nfscl_findlayout(struct nfsclclient *clp, u_int8_t *fhp, int fhlen)
 5505 {
 5506         struct nfscllayout *lyp;
 5507 
 5508         LIST_FOREACH(lyp, NFSCLLAYOUTHASH(clp, fhp, fhlen), nfsly_hash)
 5509                 if (lyp->nfsly_fhlen == fhlen &&
 5510                     !NFSBCMP(lyp->nfsly_fh, fhp, fhlen))
 5511                         break;
 5512         return (lyp);
 5513 }
 5514 
 5515 /*
 5516  * Find a devinfo for this deviceid. Return NULL upon failure.
 5517  */
 5518 static struct nfscldevinfo *
 5519 nfscl_finddevinfo(struct nfsclclient *clp, uint8_t *deviceid)
 5520 {
 5521         struct nfscldevinfo *dip;
 5522 
 5523         LIST_FOREACH(dip, &clp->nfsc_devinfo, nfsdi_list)
 5524                 if (NFSBCMP(dip->nfsdi_deviceid, deviceid, NFSX_V4DEVICEID)
 5525                     == 0)
 5526                         break;
 5527         return (dip);
 5528 }
 5529 
 5530 /*
 5531  * Merge the new file layout list into the main one, maintaining it in
 5532  * increasing offset order.
 5533  */
 5534 static void
 5535 nfscl_mergeflayouts(struct nfsclflayouthead *fhlp,
 5536     struct nfsclflayouthead *newfhlp)
 5537 {
 5538         struct nfsclflayout *flp, *nflp, *prevflp, *tflp;
 5539 
 5540         flp = LIST_FIRST(fhlp);
 5541         prevflp = NULL;
 5542         LIST_FOREACH_SAFE(nflp, newfhlp, nfsfl_list, tflp) {
 5543                 while (flp != NULL && flp->nfsfl_off < nflp->nfsfl_off) {
 5544                         prevflp = flp;
 5545                         flp = LIST_NEXT(flp, nfsfl_list);
 5546                 }
 5547                 if (prevflp == NULL)
 5548                         LIST_INSERT_HEAD(fhlp, nflp, nfsfl_list);
 5549                 else
 5550                         LIST_INSERT_AFTER(prevflp, nflp, nfsfl_list);
 5551                 prevflp = nflp;
 5552         }
 5553 }
 5554 
 5555 /*
 5556  * Add this nfscldevinfo to the client, if it doesn't already exist.
 5557  * This function consumes the structure pointed at by dip, if not NULL.
 5558  */
 5559 int
 5560 nfscl_adddevinfo(struct nfsmount *nmp, struct nfscldevinfo *dip, int ind,
 5561     struct nfsclflayout *flp)
 5562 {
 5563         struct nfsclclient *clp;
 5564         struct nfscldevinfo *tdip;
 5565         uint8_t *dev;
 5566 
 5567         NFSLOCKCLSTATE();
 5568         clp = nmp->nm_clp;
 5569         if (clp == NULL) {
 5570                 NFSUNLOCKCLSTATE();
 5571                 if (dip != NULL)
 5572                         free(dip, M_NFSDEVINFO);
 5573                 return (ENODEV);
 5574         }
 5575         if ((flp->nfsfl_flags & NFSFL_FILE) != 0)
 5576                 dev = flp->nfsfl_dev;
 5577         else
 5578                 dev = flp->nfsfl_ffm[ind].dev;
 5579         tdip = nfscl_finddevinfo(clp, dev);
 5580         if (tdip != NULL) {
 5581                 tdip->nfsdi_layoutrefs++;
 5582                 if ((flp->nfsfl_flags & NFSFL_FILE) != 0)
 5583                         flp->nfsfl_devp = tdip;
 5584                 else
 5585                         flp->nfsfl_ffm[ind].devp = tdip;
 5586                 nfscl_reldevinfo_locked(tdip);
 5587                 NFSUNLOCKCLSTATE();
 5588                 if (dip != NULL)
 5589                         free(dip, M_NFSDEVINFO);
 5590                 return (0);
 5591         }
 5592         if (dip != NULL) {
 5593                 LIST_INSERT_HEAD(&clp->nfsc_devinfo, dip, nfsdi_list);
 5594                 dip->nfsdi_layoutrefs = 1;
 5595                 if ((flp->nfsfl_flags & NFSFL_FILE) != 0)
 5596                         flp->nfsfl_devp = dip;
 5597                 else
 5598                         flp->nfsfl_ffm[ind].devp = dip;
 5599         }
 5600         NFSUNLOCKCLSTATE();
 5601         if (dip == NULL)
 5602                 return (ENODEV);
 5603         return (0);
 5604 }
 5605 
 5606 /*
 5607  * Free up a layout structure and associated file layout structure(s).
 5608  */
 5609 void
 5610 nfscl_freelayout(struct nfscllayout *layp)
 5611 {
 5612         struct nfsclflayout *flp, *nflp;
 5613         struct nfsclrecalllayout *rp, *nrp;
 5614 
 5615         LIST_FOREACH_SAFE(flp, &layp->nfsly_flayread, nfsfl_list, nflp) {
 5616                 LIST_REMOVE(flp, nfsfl_list);
 5617                 nfscl_freeflayout(flp);
 5618         }
 5619         LIST_FOREACH_SAFE(flp, &layp->nfsly_flayrw, nfsfl_list, nflp) {
 5620                 LIST_REMOVE(flp, nfsfl_list);
 5621                 nfscl_freeflayout(flp);
 5622         }
 5623         LIST_FOREACH_SAFE(rp, &layp->nfsly_recall, nfsrecly_list, nrp) {
 5624                 LIST_REMOVE(rp, nfsrecly_list);
 5625                 free(rp, M_NFSLAYRECALL);
 5626         }
 5627         nfscl_layoutcnt--;
 5628         nfsstatsv1.cllayouts--;
 5629         free(layp, M_NFSLAYOUT);
 5630 }
 5631 
 5632 /*
 5633  * Free up a file layout structure.
 5634  */
 5635 void
 5636 nfscl_freeflayout(struct nfsclflayout *flp)
 5637 {
 5638         int i, j;
 5639 
 5640         if ((flp->nfsfl_flags & NFSFL_FILE) != 0) {
 5641                 for (i = 0; i < flp->nfsfl_fhcnt; i++)
 5642                         free(flp->nfsfl_fh[i], M_NFSFH);
 5643                 if (flp->nfsfl_devp != NULL)
 5644                         flp->nfsfl_devp->nfsdi_layoutrefs--;
 5645         }
 5646         if ((flp->nfsfl_flags & NFSFL_FLEXFILE) != 0)
 5647                 for (i = 0; i < flp->nfsfl_mirrorcnt; i++) {
 5648                         for (j = 0; j < flp->nfsfl_ffm[i].fhcnt; j++)
 5649                                 free(flp->nfsfl_ffm[i].fh[j], M_NFSFH);
 5650                         if (flp->nfsfl_ffm[i].devp != NULL)     
 5651                                 flp->nfsfl_ffm[i].devp->nfsdi_layoutrefs--;     
 5652                 }
 5653         free(flp, M_NFSFLAYOUT);
 5654 }
 5655 
 5656 /*
 5657  * Free up a file layout devinfo structure.
 5658  */
 5659 void