xref: /freebsd/sys/fs/nfsclient/nfs_clrpcops.c (revision 328110da2661a8841f12000b99fea27ceacdd5b2) 
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1989, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * This code is derived from software contributed to Berkeley by
8  * Rick Macklem at The University of Guelph.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the University nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  *
34  */
35 
36 #include <sys/cdefs.h>
37 /*
38  * Rpc op calls, generally called from the vnode op calls or through the
39  * buffer cache, for NFS v2, 3 and 4.
40  * These do not normally make any changes to vnode arguments or use
41  * structures that might change between the VFS variants. The returned
42  * arguments are all at the end, after the NFSPROC_T *p one.
43  */
44 
45 #include "opt_inet6.h"
46 
47 #include <fs/nfs/nfsport.h>
48 #include <fs/nfsclient/nfs.h>
49 #include <sys/extattr.h>
50 #include <sys/sysctl.h>
51 #include <sys/taskqueue.h>
52 
53 SYSCTL_DECL(_vfs_nfs);
54 
55 static int	nfsignore_eexist = 0;
56 SYSCTL_INT(_vfs_nfs, OID_AUTO, ignore_eexist, CTLFLAG_RW,
57     &nfsignore_eexist, 0, "NFS ignore EEXIST replies for mkdir/symlink");
58 
59 static int	nfscl_dssameconn = 0;
60 SYSCTL_INT(_vfs_nfs, OID_AUTO, dssameconn, CTLFLAG_RW,
61     &nfscl_dssameconn, 0, "Use same TCP connection to multiple DSs");
62 
63 static uint64_t nfs_maxcopyrange = SSIZE_MAX;
64 SYSCTL_U64(_vfs_nfs, OID_AUTO, maxcopyrange, CTLFLAG_RW,
65     &nfs_maxcopyrange, 0, "Max size of a Copy so RPC times reasonable");
66 
67 /*
68  * Global variables
69  */
70 extern struct nfsstatsv1 nfsstatsv1;
71 extern int nfs_numnfscbd;
72 extern struct timeval nfsboottime;
73 extern u_int32_t newnfs_false, newnfs_true;
74 extern nfstype nfsv34_type[9];
75 extern int nfsrv_useacl;
76 extern char nfsv4_callbackaddr[INET6_ADDRSTRLEN];
77 extern int nfscl_debuglevel;
78 extern int nfs_pnfsiothreads;
79 extern u_long sb_max_adj;
80 NFSCLSTATEMUTEX;
81 int nfstest_outofseq = 0;
82 int nfscl_assumeposixlocks = 1;
83 int nfscl_enablecallb = 0;
84 short nfsv4_cbport = NFSV4_CBPORT;
85 int nfstest_openallsetattr = 0;
86 
87 #define	DIRHDSIZ	offsetof(struct dirent, d_name)
88 
89 /*
90  * nfscl_getsameserver() can return one of three values:
91  * NFSDSP_USETHISSESSION - Use this session for the DS.
92  * NFSDSP_SEQTHISSESSION - Use the nfsclds_sequence field of this dsp for new
93  *     session.
94  * NFSDSP_NOTFOUND - No matching server was found.
95  */
96 enum nfsclds_state {
97 	NFSDSP_USETHISSESSION = 0,
98 	NFSDSP_SEQTHISSESSION = 1,
99 	NFSDSP_NOTFOUND = 2,
100 };
101 
102 /*
103  * Do a write RPC on a DS data file, using this structure for the arguments,
104  * so that this function can be executed by a separate kernel process.
105  */
106 struct nfsclwritedsdorpc {
107 	int			done;
108 	int			inprog;
109 	struct task		tsk;
110 	struct vnode		*vp;
111 	int			iomode;
112 	int			must_commit;
113 	nfsv4stateid_t		*stateidp;
114 	struct nfsclds		*dsp;
115 	uint64_t		off;
116 	int			len;
117 #ifdef notyet
118 	int			advise;
119 #endif
120 	struct nfsfh		*fhp;
121 	struct mbuf		*m;
122 	int			vers;
123 	int			minorvers;
124 	struct ucred		*cred;
125 	NFSPROC_T		*p;
126 	int			err;
127 };
128 
129 static int nfsrpc_setattrrpc(vnode_t , struct vattr *, nfsv4stateid_t *,
130     struct ucred *, NFSPROC_T *, struct nfsvattr *, int *);
131 static int nfsrpc_readrpc(vnode_t , struct uio *, struct ucred *,
132     nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *);
133 static int nfsrpc_writerpc(vnode_t , struct uio *, int *, int *,
134     struct ucred *, nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *,
135     int);
136 static int nfsrpc_deallocaterpc(vnode_t, off_t, off_t, nfsv4stateid_t *,
137     struct nfsvattr *, int *, struct ucred *, NFSPROC_T *);
138 static int nfsrpc_createv23(vnode_t , char *, int, struct vattr *,
139     nfsquad_t, int, struct ucred *, NFSPROC_T *, struct nfsvattr *,
140     struct nfsvattr *, struct nfsfh **, int *, int *);
141 static int nfsrpc_createv4(vnode_t , char *, int, struct vattr *,
142     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *,
143     NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *,
144     int *, int *);
145 static bool nfscl_invalidfname(bool, char *, int);
146 static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *,
147     struct nfscllockowner *, u_int64_t, u_int64_t,
148     u_int32_t, struct ucred *, NFSPROC_T *, int);
149 static int nfsrpc_setaclrpc(vnode_t, struct ucred *, NFSPROC_T *,
150     struct acl *, nfsv4stateid_t *);
151 static int nfsrpc_layouterror(struct nfsmount *, uint8_t *, int, uint64_t,
152     uint64_t, nfsv4stateid_t *, struct ucred *, NFSPROC_T *, uint32_t,
153     uint32_t, char *);
154 static int nfsrpc_getlayout(struct nfsmount *, vnode_t, struct nfsfh *, int,
155     uint32_t, uint32_t *, nfsv4stateid_t *, uint64_t, struct nfscllayout **,
156     struct ucred *, NFSPROC_T *);
157 static int nfsrpc_fillsa(struct nfsmount *, struct sockaddr_in *,
158     struct sockaddr_in6 *, sa_family_t, int, int, struct nfsclds **,
159     NFSPROC_T *);
160 static void nfscl_initsessionslots(struct nfsclsession *);
161 static int nfscl_doflayoutio(vnode_t, struct uio *, int *, int *, int *,
162     nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
163     struct nfsclflayout *, uint64_t, uint64_t, int, struct ucred *,
164     NFSPROC_T *);
165 static int nfscl_dofflayoutio(vnode_t, struct uio *, int *, int *, int *,
166     nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
167     struct nfsclflayout *, uint64_t, uint64_t, int, int, struct mbuf *,
168     struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *);
169 static int nfsrpc_readds(vnode_t, struct uio *, nfsv4stateid_t *, int *,
170     struct nfsclds *, uint64_t, int, struct nfsfh *, int, int, int,
171     struct ucred *, NFSPROC_T *);
172 static int nfsrpc_writeds(vnode_t, struct uio *, int *, int *,
173     nfsv4stateid_t *, struct nfsclds *, uint64_t, int,
174     struct nfsfh *, int, int, int, int, struct ucred *, NFSPROC_T *);
175 static int nfsio_writedsmir(vnode_t, int *, int *, nfsv4stateid_t *,
176     struct nfsclds *, uint64_t, int, struct nfsfh *, struct mbuf *, int, int,
177     struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *);
178 static int nfsrpc_writedsmir(vnode_t, int *, int *, nfsv4stateid_t *,
179     struct nfsclds *, uint64_t, int, struct nfsfh *, struct mbuf *, int, int,
180     struct ucred *, NFSPROC_T *);
181 static enum nfsclds_state nfscl_getsameserver(struct nfsmount *,
182     struct nfsclds *, struct nfsclds **, uint32_t *);
183 static int nfsio_commitds(vnode_t, uint64_t, int, struct nfsclds *,
184     struct nfsfh *, int, int, struct nfsclwritedsdorpc *, struct ucred *,
185     NFSPROC_T *);
186 static int nfsrpc_commitds(vnode_t, uint64_t, int, struct nfsclds *,
187     struct nfsfh *, int, int, struct ucred *, NFSPROC_T *);
188 #ifdef notyet
189 static int nfsio_adviseds(vnode_t, uint64_t, int, int, struct nfsclds *,
190     struct nfsfh *, int, int, struct nfsclwritedsdorpc *, struct ucred *,
191     NFSPROC_T *);
192 static int nfsrpc_adviseds(vnode_t, uint64_t, int, int, struct nfsclds *,
193     struct nfsfh *, int, int, struct ucred *, NFSPROC_T *);
194 #endif
195 static int nfsrpc_allocaterpc(vnode_t, off_t, off_t, nfsv4stateid_t *,
196     struct nfsvattr *, int *, struct ucred *, NFSPROC_T *);
197 static void nfsrv_setuplayoutget(struct nfsrv_descript *, int, uint64_t,
198     uint64_t, uint64_t, nfsv4stateid_t *, int, int, int);
199 static int nfsrv_parseug(struct nfsrv_descript *, int, uid_t *, gid_t *,
200     NFSPROC_T *);
201 static int nfsrv_parselayoutget(struct nfsmount *, struct nfsrv_descript *,
202     nfsv4stateid_t *, int *, struct nfsclflayouthead *);
203 static int nfsrpc_getopenlayout(struct nfsmount *, vnode_t, u_int8_t *,
204     int, uint8_t *, int, uint32_t, struct nfsclopen *, uint8_t *, int,
205     struct nfscldeleg **, struct ucred *, NFSPROC_T *);
206 static int nfsrpc_getcreatelayout(vnode_t, char *, int, struct vattr *,
207     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **,
208     struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *,
209     struct nfsfh **, int *, int *, int *);
210 static int nfsrpc_openlayoutrpc(struct nfsmount *, vnode_t, u_int8_t *,
211     int, uint8_t *, int, uint32_t, struct nfsclopen *, uint8_t *, int,
212     struct nfscldeleg **, nfsv4stateid_t *, int, int, int, int *,
213     struct nfsclflayouthead *, int *, struct ucred *, NFSPROC_T *);
214 static int nfsrpc_createlayout(vnode_t, char *, int, struct vattr *,
215     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **,
216     struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *,
217     struct nfsfh **, int *, int *, int *, nfsv4stateid_t *,
218     int, int, int, int *, struct nfsclflayouthead *, int *);
219 static int nfsrpc_layoutget(struct nfsmount *, uint8_t *, int, int, uint64_t,
220     uint64_t, uint64_t, int, int, nfsv4stateid_t *, int *,
221     struct nfsclflayouthead *, struct ucred *, NFSPROC_T *);
222 static int nfsrpc_layoutgetres(struct nfsmount *, vnode_t, uint8_t *,
223     int, nfsv4stateid_t *, int, uint32_t *, struct nfscllayout **,
224     struct nfsclflayouthead *, int, int, int *, struct ucred *, NFSPROC_T *);
225 static int nfsrpc_copyrpc(vnode_t, off_t, vnode_t, off_t, size_t *,
226     nfsv4stateid_t *, nfsv4stateid_t *, struct nfsvattr *, int *,
227     struct nfsvattr *, int *, bool, int *, struct ucred *, NFSPROC_T *);
228 static int nfsrpc_seekrpc(vnode_t, off_t *, nfsv4stateid_t *, bool *,
229     int, struct nfsvattr *, int *, struct ucred *);
230 static struct mbuf *nfsm_split(struct mbuf *, uint64_t);
231 static void nfscl_statfs(struct vnode *, struct ucred *, NFSPROC_T *);
232 
233 int nfs_pnfsio(task_fn_t *, void *);
234 
235 /*
236  * nfs null call from vfs.
237  */
238 int
239 nfsrpc_null(vnode_t vp, struct ucred *cred, NFSPROC_T *p)
240 {
241 	int error;
242 	struct nfsrv_descript nfsd, *nd = &nfsd;
243 
244 	NFSCL_REQSTART(nd, NFSPROC_NULL, vp, NULL);
245 	error = nfscl_request(nd, vp, p, cred);
246 	if (nd->nd_repstat && !error)
247 		error = nd->nd_repstat;
248 	m_freem(nd->nd_mrep);
249 	return (error);
250 }
251 
252 /*
253  * nfs access rpc op.
254  * For nfs version 3 and 4, use the access rpc to check accessibility. If file
255  * modes are changed on the server, accesses might still fail later.
256  */
257 int
258 nfsrpc_access(vnode_t vp, int acmode, struct ucred *cred,
259     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
260 {
261 	int error;
262 	u_int32_t mode, rmode;
263 
264 	if (acmode & VREAD)
265 		mode = NFSACCESS_READ;
266 	else
267 		mode = 0;
268 	if (vp->v_type == VDIR) {
269 		if (acmode & VWRITE)
270 			mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND |
271 				 NFSACCESS_DELETE);
272 		if (acmode & VEXEC)
273 			mode |= NFSACCESS_LOOKUP;
274 	} else {
275 		if (acmode & VWRITE)
276 			mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND);
277 		if (acmode & VEXEC)
278 			mode |= NFSACCESS_EXECUTE;
279 	}
280 
281 	/*
282 	 * Now, just call nfsrpc_accessrpc() to do the actual RPC.
283 	 */
284 	error = nfsrpc_accessrpc(vp, mode, cred, p, nap, attrflagp, &rmode);
285 
286 	/*
287 	 * The NFS V3 spec does not clarify whether or not
288 	 * the returned access bits can be a superset of
289 	 * the ones requested, so...
290 	 */
291 	if (!error && (rmode & mode) != mode)
292 		error = EACCES;
293 	return (error);
294 }
295 
296 /*
297  * The actual rpc, separated out for Darwin.
298  */
299 int
300 nfsrpc_accessrpc(vnode_t vp, u_int32_t mode, struct ucred *cred,
301     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, u_int32_t *rmodep)
302 {
303 	u_int32_t *tl;
304 	u_int32_t supported, rmode;
305 	int error;
306 	struct nfsrv_descript nfsd, *nd = &nfsd;
307 	nfsattrbit_t attrbits;
308 	struct nfsmount *nmp;
309 	struct nfsnode *np;
310 
311 	*attrflagp = 0;
312 	supported = mode;
313 	nmp = VFSTONFS(vp->v_mount);
314 	np = VTONFS(vp);
315 	if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0 &&
316 	    nmp->nm_fhsize == 0) {
317 		/* Attempt to get the actual root file handle. */
318 		error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp), cred, p);
319 		if (error != 0)
320 			return (EACCES);
321 		if (np->n_fhp->nfh_len == NFSX_FHMAX + 1)
322 			nfscl_statfs(vp, cred, p);
323 	}
324 	NFSCL_REQSTART(nd, NFSPROC_ACCESS, vp, cred);
325 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
326 	*tl = txdr_unsigned(mode);
327 	if (nd->nd_flag & ND_NFSV4) {
328 		/*
329 		 * And do a Getattr op.
330 		 */
331 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
332 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
333 		NFSGETATTR_ATTRBIT(&attrbits);
334 		(void) nfsrv_putattrbit(nd, &attrbits);
335 	}
336 	error = nfscl_request(nd, vp, p, cred);
337 	if (error)
338 		return (error);
339 	if (nd->nd_flag & ND_NFSV3) {
340 		error = nfscl_postop_attr(nd, nap, attrflagp);
341 		if (error)
342 			goto nfsmout;
343 	}
344 	if (!nd->nd_repstat) {
345 		if (nd->nd_flag & ND_NFSV4) {
346 			NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
347 			supported = fxdr_unsigned(u_int32_t, *tl++);
348 		} else {
349 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
350 		}
351 		rmode = fxdr_unsigned(u_int32_t, *tl);
352 		if (nd->nd_flag & ND_NFSV4)
353 			error = nfscl_postop_attr(nd, nap, attrflagp);
354 
355 		/*
356 		 * It's not obvious what should be done about
357 		 * unsupported access modes. For now, be paranoid
358 		 * and clear the unsupported ones.
359 		 */
360 		rmode &= supported;
361 		*rmodep = rmode;
362 	} else
363 		error = nd->nd_repstat;
364 nfsmout:
365 	m_freem(nd->nd_mrep);
366 	return (error);
367 }
368 
369 /*
370  * nfs open rpc
371  */
372 int
373 nfsrpc_open(vnode_t vp, int amode, struct ucred *cred, NFSPROC_T *p)
374 {
375 	struct nfsclopen *op;
376 	struct nfscldeleg *dp;
377 	struct nfsfh *nfhp;
378 	struct nfsnode *np = VTONFS(vp);
379 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
380 	u_int32_t mode, clidrev;
381 	int ret, newone, error, expireret = 0, retrycnt;
382 
383 	/*
384 	 * For NFSv4, Open Ops are only done on Regular Files.
385 	 */
386 	if (vp->v_type != VREG)
387 		return (0);
388 	mode = 0;
389 	if (amode & FREAD)
390 		mode |= NFSV4OPEN_ACCESSREAD;
391 	if (amode & FWRITE)
392 		mode |= NFSV4OPEN_ACCESSWRITE;
393 	if (NFSHASNFSV4N(nmp)) {
394 		if (!NFSHASPNFS(nmp) && nfscl_enablecallb != 0 &&
395 		    nfs_numnfscbd > 0 &&
396 		    (vn_irflag_read(vp) & VIRF_NAMEDATTR) == 0) {
397 			if ((mode & NFSV4OPEN_ACCESSWRITE) != 0)
398 				mode |= NFSV4OPEN_WANTWRITEDELEG;
399 			else
400 				mode |= NFSV4OPEN_WANTANYDELEG;
401 		} else
402 			mode |= NFSV4OPEN_WANTNODELEG;
403 	}
404 	nfhp = np->n_fhp;
405 
406 	retrycnt = 0;
407 	do {
408 	    dp = NULL;
409 	    error = nfscl_open(vp, nfhp->nfh_fh, nfhp->nfh_len,
410 		(mode & NFSV4OPEN_ACCESSBOTH), 1, cred, p, NULL,
411 		&op, &newone, &ret, 1, true);
412 	    if (error) {
413 		return (error);
414 	    }
415 	    if (nmp->nm_clp != NULL)
416 		clidrev = nmp->nm_clp->nfsc_clientidrev;
417 	    else
418 		clidrev = 0;
419 	    if (ret == NFSCLOPEN_DOOPEN) {
420 		if (np->n_v4 != NULL) {
421 			/*
422 			 * For the first attempt, try and get a layout, if
423 			 * pNFS is enabled for the mount.
424 			 */
425 			if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
426 			    nfs_numnfscbd == 0 ||
427 			    (np->n_flag & NNOLAYOUT) != 0 || retrycnt > 0)
428 				error = nfsrpc_openrpc(nmp, vp,
429 				    np->n_v4->n4_data,
430 				    np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
431 				    np->n_fhp->nfh_len, mode, op,
432 				    NFS4NODENAME(np->n_v4),
433 				    np->n_v4->n4_namelen,
434 				    &dp, 0, 0x0, cred, p, 0, 0);
435 			else
436 				error = nfsrpc_getopenlayout(nmp, vp,
437 				    np->n_v4->n4_data,
438 				    np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
439 				    np->n_fhp->nfh_len, mode, op,
440 				    NFS4NODENAME(np->n_v4),
441 				    np->n_v4->n4_namelen, &dp, cred, p);
442 			if (dp != NULL) {
443 				NFSLOCKNODE(np);
444 				np->n_flag &= ~NDELEGMOD;
445 				/*
446 				 * Invalidate the attribute cache, so that
447 				 * attributes that pre-date the issue of a
448 				 * delegation are not cached, since the
449 				 * cached attributes will remain valid while
450 				 * the delegation is held.
451 				 */
452 				NFSINVALATTRCACHE(np);
453 				NFSUNLOCKNODE(np);
454 				(void) nfscl_deleg(nmp->nm_mountp,
455 				    op->nfso_own->nfsow_clp,
456 				    nfhp->nfh_fh, nfhp->nfh_len, cred, p, dp);
457 			}
458 		} else if (NFSHASNFSV4N(nmp)) {
459 			/*
460 			 * For the first attempt, try and get a layout, if
461 			 * pNFS is enabled for the mount.
462 			 */
463 			if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
464 			    nfs_numnfscbd == 0 ||
465 			    (np->n_flag & NNOLAYOUT) != 0 || retrycnt > 0)
466 				error = nfsrpc_openrpc(nmp, vp, nfhp->nfh_fh,
467 				    nfhp->nfh_len, nfhp->nfh_fh, nfhp->nfh_len,
468 				    mode, op, NULL, 0, &dp, 0, 0x0, cred, p, 0,
469 				    0);
470 			else
471 				error = nfsrpc_getopenlayout(nmp, vp,
472 				    nfhp->nfh_fh, nfhp->nfh_len, nfhp->nfh_fh,
473 				    nfhp->nfh_len, mode, op, NULL, 0, &dp,
474 				    cred, p);
475 			if (dp != NULL) {
476 				NFSLOCKNODE(np);
477 				np->n_flag &= ~NDELEGMOD;
478 				/*
479 				 * Invalidate the attribute cache, so that
480 				 * attributes that pre-date the issue of a
481 				 * delegation are not cached, since the
482 				 * cached attributes will remain valid while
483 				 * the delegation is held.
484 				 */
485 				NFSINVALATTRCACHE(np);
486 				NFSUNLOCKNODE(np);
487 				(void) nfscl_deleg(nmp->nm_mountp,
488 				    op->nfso_own->nfsow_clp,
489 				    nfhp->nfh_fh, nfhp->nfh_len, cred, p, dp);
490 			}
491 		} else {
492 			error = EIO;
493 		}
494 		newnfs_copyincred(cred, &op->nfso_cred);
495 	    } else if (ret == NFSCLOPEN_SETCRED)
496 		/*
497 		 * This is a new local open on a delegation. It needs
498 		 * to have credentials so that an open can be done
499 		 * against the server during recovery.
500 		 */
501 		newnfs_copyincred(cred, &op->nfso_cred);
502 
503 	    /*
504 	     * nfso_opencnt is the count of how many VOP_OPEN()s have
505 	     * been done on this Open successfully and a VOP_CLOSE()
506 	     * is expected for each of these.
507 	     * If error is non-zero, don't increment it, since the Open
508 	     * hasn't succeeded yet.
509 	     */
510 	    if (!error) {
511 		op->nfso_opencnt++;
512 		if (NFSHASNFSV4N(nmp) && NFSHASONEOPENOWN(nmp)) {
513 		    NFSLOCKNODE(np);
514 		    np->n_openstateid = op;
515 		    NFSUNLOCKNODE(np);
516 		}
517 	    }
518 	    nfscl_openrelease(nmp, op, error, newone);
519 	    if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
520 		error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
521 		error == NFSERR_BADSESSION) {
522 		(void) nfs_catnap(PZERO, error, "nfs_open");
523 	    } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
524 		&& clidrev != 0) {
525 		expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
526 		retrycnt++;
527 	    }
528 	} while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
529 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
530 	    error == NFSERR_BADSESSION ||
531 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
532 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
533 	if (error && retrycnt >= 4)
534 		error = EIO;
535 	return (error);
536 }
537 
538 /*
539  * the actual open rpc
540  */
541 int
542 nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp, int fhlen,
543     u_int8_t *newfhp, int newfhlen, u_int32_t mode, struct nfsclopen *op,
544     u_int8_t *name, int namelen, struct nfscldeleg **dpp,
545     int reclaim, u_int32_t delegtype, struct ucred *cred, NFSPROC_T *p,
546     int syscred, int recursed)
547 {
548 	u_int32_t *tl;
549 	struct nfsrv_descript nfsd, *nd = &nfsd;
550 	struct nfscldeleg *dp, *ndp = NULL;
551 	struct nfsvattr nfsva;
552 	u_int32_t rflags, deleg;
553 	nfsattrbit_t attrbits;
554 	int error, ret, acesize, limitby;
555 	struct nfsclsession *tsep;
556 
557 	dp = *dpp;
558 	*dpp = NULL;
559 	nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL, 0, 0,
560 	    cred);
561 	NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
562 	*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
563 	*tl++ = txdr_unsigned(mode & (NFSV4OPEN_ACCESSBOTH |
564 	    NFSV4OPEN_WANTDELEGMASK));
565 	*tl++ = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
566 	tsep = nfsmnt_mdssession(nmp);
567 	*tl++ = tsep->nfsess_clientid.lval[0];
568 	*tl = tsep->nfsess_clientid.lval[1];
569 	(void) nfsm_strtom(nd, op->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN);
570 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
571 	*tl++ = txdr_unsigned(NFSV4OPEN_NOCREATE);
572 	if (reclaim) {
573 		*tl = txdr_unsigned(NFSV4OPEN_CLAIMPREVIOUS);
574 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
575 		*tl = txdr_unsigned(delegtype);
576 	} else {
577 		if (dp != NULL) {
578 			if (NFSHASNFSV4N(nmp))
579 				*tl = txdr_unsigned(
580 				    NFSV4OPEN_CLAIMDELEGATECURFH);
581 			else
582 				*tl = txdr_unsigned(NFSV4OPEN_CLAIMDELEGATECUR);
583 			NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
584 			if (NFSHASNFSV4N(nmp))
585 				*tl++ = 0;
586 			else
587 				*tl++ = dp->nfsdl_stateid.seqid;
588 			*tl++ = dp->nfsdl_stateid.other[0];
589 			*tl++ = dp->nfsdl_stateid.other[1];
590 			*tl = dp->nfsdl_stateid.other[2];
591 			if (!NFSHASNFSV4N(nmp))
592 				(void)nfsm_strtom(nd, name, namelen);
593 		} else if (NFSHASNFSV4N(nmp)) {
594 			*tl = txdr_unsigned(NFSV4OPEN_CLAIMFH);
595 		} else {
596 			*tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
597 			(void)nfsm_strtom(nd, name, namelen);
598 		}
599 	}
600 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
601 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
602 	NFSZERO_ATTRBIT(&attrbits);
603 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_CHANGE);
604 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFY);
605 	(void) nfsrv_putattrbit(nd, &attrbits);
606 	if (syscred)
607 		nd->nd_flag |= ND_USEGSSNAME;
608 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
609 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
610 	if (error)
611 		return (error);
612 	NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
613 	if (nd->nd_repstat == 0 || (nd->nd_repstat == NFSERR_DELAY &&
614 	    reclaim != 0 && (nd->nd_flag & ND_NOMOREDATA) == 0)) {
615 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
616 		    6 * NFSX_UNSIGNED);
617 		op->nfso_stateid.seqid = *tl++;
618 		op->nfso_stateid.other[0] = *tl++;
619 		op->nfso_stateid.other[1] = *tl++;
620 		op->nfso_stateid.other[2] = *tl;
621 		rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
622 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
623 		if (error)
624 			goto nfsmout;
625 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
626 		deleg = fxdr_unsigned(u_int32_t, *tl);
627 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
628 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
629 			if (!(op->nfso_own->nfsow_clp->nfsc_flags &
630 			      NFSCLFLAGS_FIRSTDELEG))
631 				op->nfso_own->nfsow_clp->nfsc_flags |=
632 				  (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
633 			ndp = malloc(
634 			    sizeof (struct nfscldeleg) + newfhlen,
635 			    M_NFSCLDELEG, M_WAITOK);
636 			LIST_INIT(&ndp->nfsdl_owner);
637 			LIST_INIT(&ndp->nfsdl_lock);
638 			ndp->nfsdl_clp = op->nfso_own->nfsow_clp;
639 			ndp->nfsdl_fhlen = newfhlen;
640 			NFSBCOPY(newfhp, ndp->nfsdl_fh, newfhlen);
641 			newnfs_copyincred(cred, &ndp->nfsdl_cred);
642 			nfscl_lockinit(&ndp->nfsdl_rwlock);
643 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
644 			    NFSX_UNSIGNED);
645 			ndp->nfsdl_stateid.seqid = *tl++;
646 			ndp->nfsdl_stateid.other[0] = *tl++;
647 			ndp->nfsdl_stateid.other[1] = *tl++;
648 			ndp->nfsdl_stateid.other[2] = *tl++;
649 			ret = fxdr_unsigned(int, *tl);
650 			if (deleg == NFSV4OPEN_DELEGATEWRITE) {
651 				ndp->nfsdl_flags = NFSCLDL_WRITE;
652 				/*
653 				 * Indicates how much the file can grow.
654 				 */
655 				NFSM_DISSECT(tl, u_int32_t *,
656 				    3 * NFSX_UNSIGNED);
657 				limitby = fxdr_unsigned(int, *tl++);
658 				switch (limitby) {
659 				case NFSV4OPEN_LIMITSIZE:
660 					ndp->nfsdl_sizelimit = fxdr_hyper(tl);
661 					break;
662 				case NFSV4OPEN_LIMITBLOCKS:
663 					ndp->nfsdl_sizelimit =
664 					    fxdr_unsigned(u_int64_t, *tl++);
665 					ndp->nfsdl_sizelimit *=
666 					    fxdr_unsigned(u_int64_t, *tl);
667 					break;
668 				default:
669 					error = NFSERR_BADXDR;
670 					goto nfsmout;
671 				}
672 			} else {
673 				ndp->nfsdl_flags = NFSCLDL_READ;
674 			}
675 			if (ret)
676 				ndp->nfsdl_flags |= NFSCLDL_RECALL;
677 			error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false,
678 			    &ret, &acesize, p);
679 			if (error)
680 				goto nfsmout;
681 		} else if (deleg == NFSV4OPEN_DELEGATENONEEXT &&
682 		    NFSHASNFSV4N(nmp)) {
683 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
684 			deleg = fxdr_unsigned(uint32_t, *tl);
685 			if (deleg == NFSV4OPEN_CONTENTION ||
686 			    deleg == NFSV4OPEN_RESOURCE)
687 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
688 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
689 			error = NFSERR_BADXDR;
690 			goto nfsmout;
691 		}
692 		NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
693 		/* If the 2nd element == NFS_OK, the Getattr succeeded. */
694 		if (*++tl == 0) {
695 			KASSERT(nd->nd_repstat == 0,
696 			    ("nfsrpc_openrpc: Getattr repstat"));
697 			error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
698 			    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
699 			    NULL, NULL, NULL, NULL, p, cred);
700 			if (error)
701 				goto nfsmout;
702 		}
703 		if (ndp != NULL) {
704 			if (reclaim != 0 && dp != NULL) {
705 				ndp->nfsdl_change = dp->nfsdl_change;
706 				ndp->nfsdl_modtime = dp->nfsdl_modtime;
707 				ndp->nfsdl_flags |= NFSCLDL_MODTIMESET;
708 			} else if (nd->nd_repstat == 0) {
709 				ndp->nfsdl_change = nfsva.na_filerev;
710 				ndp->nfsdl_modtime = nfsva.na_mtime;
711 				ndp->nfsdl_flags |= NFSCLDL_MODTIMESET;
712 			} else
713 				ndp->nfsdl_flags |= NFSCLDL_RECALL;
714 		}
715 		nd->nd_repstat = 0;
716 		if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM)) {
717 		    do {
718 			ret = nfsrpc_openconfirm(vp, newfhp, newfhlen, op,
719 			    cred, p);
720 			if (ret == NFSERR_DELAY)
721 			    (void) nfs_catnap(PZERO, ret, "nfs_open");
722 		    } while (ret == NFSERR_DELAY);
723 		    error = ret;
724 		}
725 		if ((rflags & NFSV4OPEN_LOCKTYPEPOSIX) ||
726 		    nfscl_assumeposixlocks)
727 		    op->nfso_posixlock = 1;
728 		else
729 		    op->nfso_posixlock = 0;
730 
731 		/*
732 		 * If the server is handing out delegations, but we didn't
733 		 * get one because an OpenConfirm was required, try the
734 		 * Open again, to get a delegation. This is a harmless no-op,
735 		 * from a server's point of view.
736 		 */
737 		if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM) &&
738 		    (op->nfso_own->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG)
739 		    && !error && dp == NULL && ndp == NULL && !recursed) {
740 		    do {
741 			ret = nfsrpc_openrpc(nmp, vp, nfhp, fhlen, newfhp,
742 			    newfhlen, mode, op, name, namelen, &ndp, 0, 0x0,
743 			    cred, p, syscred, 1);
744 			if (ret == NFSERR_DELAY)
745 			    (void) nfs_catnap(PZERO, ret, "nfs_open2");
746 		    } while (ret == NFSERR_DELAY);
747 		    if (ret) {
748 			if (ndp != NULL) {
749 				free(ndp, M_NFSCLDELEG);
750 				ndp = NULL;
751 			}
752 			if (ret == NFSERR_STALECLIENTID ||
753 			    ret == NFSERR_STALEDONTRECOVER ||
754 			    ret == NFSERR_BADSESSION)
755 				error = ret;
756 		    }
757 		}
758 	}
759 	if (nd->nd_repstat != 0 && error == 0)
760 		error = nd->nd_repstat;
761 	if (error == NFSERR_STALECLIENTID)
762 		nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
763 nfsmout:
764 	if (!error)
765 		*dpp = ndp;
766 	else if (ndp != NULL)
767 		free(ndp, M_NFSCLDELEG);
768 	m_freem(nd->nd_mrep);
769 	return (error);
770 }
771 
772 /*
773  * open downgrade rpc
774  */
775 int
776 nfsrpc_opendowngrade(vnode_t vp, u_int32_t mode, struct nfsclopen *op,
777     struct ucred *cred, NFSPROC_T *p)
778 {
779 	u_int32_t *tl;
780 	struct nfsrv_descript nfsd, *nd = &nfsd;
781 	int error;
782 
783 	NFSCL_REQSTART(nd, NFSPROC_OPENDOWNGRADE, vp, cred);
784 	NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 3 * NFSX_UNSIGNED);
785 	if (NFSHASNFSV4N(VFSTONFS(vp->v_mount)))
786 		*tl++ = 0;
787 	else
788 		*tl++ = op->nfso_stateid.seqid;
789 	*tl++ = op->nfso_stateid.other[0];
790 	*tl++ = op->nfso_stateid.other[1];
791 	*tl++ = op->nfso_stateid.other[2];
792 	*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
793 	*tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
794 	*tl = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
795 	error = nfscl_request(nd, vp, p, cred);
796 	if (error)
797 		return (error);
798 	NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
799 	if (!nd->nd_repstat) {
800 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
801 		op->nfso_stateid.seqid = *tl++;
802 		op->nfso_stateid.other[0] = *tl++;
803 		op->nfso_stateid.other[1] = *tl++;
804 		op->nfso_stateid.other[2] = *tl;
805 	}
806 	if (nd->nd_repstat && error == 0)
807 		error = nd->nd_repstat;
808 	if (error == NFSERR_STALESTATEID)
809 		nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
810 nfsmout:
811 	m_freem(nd->nd_mrep);
812 	return (error);
813 }
814 
815 /*
816  * V4 Close operation.
817  */
818 int
819 nfsrpc_close(vnode_t vp, int doclose, NFSPROC_T *p)
820 {
821 	struct nfsclclient *clp;
822 	int error;
823 
824 	if (vp->v_type != VREG)
825 		return (0);
826 	if (doclose)
827 		error = nfscl_doclose(vp, &clp, p);
828 	else {
829 		error = nfscl_getclose(vp, &clp);
830 		if (error == 0)
831 			nfscl_clientrelease(clp);
832 	}
833 	return (error);
834 }
835 
836 /*
837  * Close the open.
838  */
839 int
840 nfsrpc_doclose(struct nfsmount *nmp, struct nfsclopen *op, NFSPROC_T *p,
841     bool loop_on_delayed, bool freeop)
842 {
843 	struct nfsrv_descript nfsd, *nd = &nfsd;
844 	struct nfscllockowner *lp, *nlp;
845 	struct nfscllock *lop, *nlop;
846 	struct ucred *tcred;
847 	u_int64_t off = 0, len = 0;
848 	u_int32_t type = NFSV4LOCKT_READ;
849 	int error, do_unlock, trycnt;
850 	bool own_not_null;
851 
852 	tcred = newnfs_getcred();
853 	newnfs_copycred(&op->nfso_cred, tcred);
854 	/*
855 	 * (Theoretically this could be done in the same
856 	 *  compound as the close, but having multiple
857 	 *  sequenced Ops in the same compound might be
858 	 *  too scary for some servers.)
859 	 */
860 	if (op->nfso_posixlock) {
861 		off = 0;
862 		len = NFS64BITSSET;
863 		type = NFSV4LOCKT_READ;
864 	}
865 
866 	/*
867 	 * Since this function is only called from VOP_INACTIVE(), no
868 	 * other thread will be manipulating this Open. As such, the
869 	 * lock lists are not being changed by other threads, so it should
870 	 * be safe to do this without locking.
871 	 */
872 	LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
873 		do_unlock = 1;
874 		LIST_FOREACH_SAFE(lop, &lp->nfsl_lock, nfslo_list, nlop) {
875 			if (op->nfso_posixlock == 0) {
876 				off = lop->nfslo_first;
877 				len = lop->nfslo_end - lop->nfslo_first;
878 				if (lop->nfslo_type == F_WRLCK)
879 					type = NFSV4LOCKT_WRITE;
880 				else
881 					type = NFSV4LOCKT_READ;
882 			}
883 			if (do_unlock) {
884 				trycnt = 0;
885 				do {
886 					error = nfsrpc_locku(nd, nmp, lp, off,
887 					    len, type, tcred, p, 0);
888 					if ((nd->nd_repstat == NFSERR_GRACE ||
889 					    nd->nd_repstat == NFSERR_DELAY) &&
890 					    error == 0)
891 						(void) nfs_catnap(PZERO,
892 						    (int)nd->nd_repstat,
893 						    "nfs_close");
894 				} while ((nd->nd_repstat == NFSERR_GRACE ||
895 				    nd->nd_repstat == NFSERR_DELAY) &&
896 				    error == 0 && trycnt++ < 5);
897 				if (op->nfso_posixlock)
898 					do_unlock = 0;
899 			}
900 			nfscl_freelock(lop, 0);
901 		}
902 		/*
903 		 * Do a ReleaseLockOwner.
904 		 * The lock owner name nfsl_owner may be used by other opens for
905 		 * other files but the lock_owner4 name that nfsrpc_rellockown()
906 		 * puts on the wire has the file handle for this file appended
907 		 * to it, so it can be done now.
908 		 */
909 		(void)nfsrpc_rellockown(nmp, lp, lp->nfsl_open->nfso_fh,
910 		    lp->nfsl_open->nfso_fhlen, tcred, p);
911 	}
912 
913 	/*
914 	 * There could be other Opens for different files on the same
915 	 * OpenOwner, so locking is required.
916 	 */
917 	own_not_null = false;
918 	if (op->nfso_own != NULL) {
919 		own_not_null = true;
920 		NFSLOCKCLSTATE();
921 		nfscl_lockexcl(&op->nfso_own->nfsow_rwlock, NFSCLSTATEMUTEXPTR);
922 		NFSUNLOCKCLSTATE();
923 	}
924 	do {
925 		error = nfscl_tryclose(op, tcred, nmp, p, loop_on_delayed);
926 		if (error == NFSERR_GRACE)
927 			(void) nfs_catnap(PZERO, error, "nfs_close");
928 	} while (error == NFSERR_GRACE);
929 	if (own_not_null) {
930 		NFSLOCKCLSTATE();
931 		nfscl_lockunlock(&op->nfso_own->nfsow_rwlock);
932 	}
933 
934 	LIST_FOREACH_SAFE(lp, &op->nfso_lock, nfsl_list, nlp)
935 		nfscl_freelockowner(lp, 0);
936 	if (freeop && error != NFSERR_DELAY)
937 		nfscl_freeopen(op, 0, true);
938 	if (own_not_null)
939 		NFSUNLOCKCLSTATE();
940 	NFSFREECRED(tcred);
941 	return (error);
942 }
943 
944 /*
945  * The actual Close RPC.
946  */
947 int
948 nfsrpc_closerpc(struct nfsrv_descript *nd, struct nfsmount *nmp,
949     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p,
950     int syscred)
951 {
952 	u_int32_t *tl;
953 	int error;
954 
955 	nfscl_reqstart(nd, NFSPROC_CLOSE, nmp, op->nfso_fh,
956 	    op->nfso_fhlen, NULL, NULL, 0, 0, cred);
957 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
958 	if (NFSHASNFSV4N(nmp)) {
959 		*tl++ = 0;
960 		*tl++ = 0;
961 	} else {
962 		*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
963 		*tl++ = op->nfso_stateid.seqid;
964 	}
965 	*tl++ = op->nfso_stateid.other[0];
966 	*tl++ = op->nfso_stateid.other[1];
967 	*tl = op->nfso_stateid.other[2];
968 	if (syscred)
969 		nd->nd_flag |= ND_USEGSSNAME;
970 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
971 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
972 	if (error)
973 		return (error);
974 	if (!NFSHASNFSV4N(nmp))
975 		NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
976 	if (nd->nd_repstat == 0)
977 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
978 	error = nd->nd_repstat;
979 	if (!NFSHASNFSV4N(nmp) && error == NFSERR_STALESTATEID)
980 		nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
981 nfsmout:
982 	m_freem(nd->nd_mrep);
983 	return (error);
984 }
985 
986 /*
987  * V4 Open Confirm RPC.
988  */
989 int
990 nfsrpc_openconfirm(vnode_t vp, u_int8_t *nfhp, int fhlen,
991     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p)
992 {
993 	u_int32_t *tl;
994 	struct nfsrv_descript nfsd, *nd = &nfsd;
995 	struct nfsmount *nmp;
996 	int error;
997 
998 	nmp = VFSTONFS(vp->v_mount);
999 	if (NFSHASNFSV4N(nmp))
1000 		return (0);		/* No confirmation for NFSv4.1. */
1001 	nfscl_reqstart(nd, NFSPROC_OPENCONFIRM, nmp, nfhp, fhlen, NULL, NULL,
1002 	    0, 0, NULL);
1003 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
1004 	*tl++ = op->nfso_stateid.seqid;
1005 	*tl++ = op->nfso_stateid.other[0];
1006 	*tl++ = op->nfso_stateid.other[1];
1007 	*tl++ = op->nfso_stateid.other[2];
1008 	*tl = txdr_unsigned(op->nfso_own->nfsow_seqid);
1009 	error = nfscl_request(nd, vp, p, cred);
1010 	if (error)
1011 		return (error);
1012 	NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
1013 	if (!nd->nd_repstat) {
1014 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
1015 		op->nfso_stateid.seqid = *tl++;
1016 		op->nfso_stateid.other[0] = *tl++;
1017 		op->nfso_stateid.other[1] = *tl++;
1018 		op->nfso_stateid.other[2] = *tl;
1019 	}
1020 	error = nd->nd_repstat;
1021 	if (error == NFSERR_STALESTATEID)
1022 		nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
1023 nfsmout:
1024 	m_freem(nd->nd_mrep);
1025 	return (error);
1026 }
1027 
1028 /*
1029  * Do the setclientid and setclientid confirm RPCs. Called from nfs_statfs()
1030  * when a mount has just occurred and when the server replies NFSERR_EXPIRED.
1031  */
1032 int
1033 nfsrpc_setclient(struct nfsmount *nmp, struct nfsclclient *clp, int reclaim,
1034     bool *retokp, struct ucred *cred, NFSPROC_T *p)
1035 {
1036 	u_int32_t *tl;
1037 	struct nfsrv_descript nfsd;
1038 	struct nfsrv_descript *nd = &nfsd;
1039 	u_int8_t *cp = NULL, *cp2, addr[INET6_ADDRSTRLEN + 9];
1040 	u_short port;
1041 	int error, isinet6 = 0, callblen;
1042 	nfsquad_t confirm;
1043 	static u_int32_t rev = 0;
1044 	struct nfsclds *dsp, *odsp;
1045 	struct in6_addr a6;
1046 	struct nfsclsession *tsep;
1047 	struct rpc_reconupcall recon;
1048 	struct nfscl_reconarg *rcp;
1049 
1050 	if (nfsboottime.tv_sec == 0)
1051 		NFSSETBOOTTIME(nfsboottime);
1052 	if (NFSHASNFSV4N(nmp)) {
1053 		error = NFSERR_BADSESSION;
1054 		odsp = dsp = NULL;
1055 		if (retokp != NULL) {
1056 			NFSLOCKMNT(nmp);
1057 			odsp = TAILQ_FIRST(&nmp->nm_sess);
1058 			NFSUNLOCKMNT(nmp);
1059 		}
1060 		if (odsp != NULL) {
1061 			/*
1062 			 * When a session already exists, first try a
1063 			 * CreateSession with the extant ClientID.
1064 			 */
1065 			dsp = malloc(sizeof(struct nfsclds) +
1066 			    odsp->nfsclds_servownlen + 1, M_NFSCLDS,
1067 			    M_WAITOK | M_ZERO);
1068 			dsp->nfsclds_expire = NFSD_MONOSEC + clp->nfsc_renew;
1069 			dsp->nfsclds_servownlen = odsp->nfsclds_servownlen;
1070 			dsp->nfsclds_sess.nfsess_clientid =
1071 			    odsp->nfsclds_sess.nfsess_clientid;
1072 			dsp->nfsclds_sess.nfsess_sequenceid =
1073 			    odsp->nfsclds_sess.nfsess_sequenceid + 1;
1074 			dsp->nfsclds_flags = odsp->nfsclds_flags;
1075 			if (dsp->nfsclds_servownlen > 0)
1076 				memcpy(dsp->nfsclds_serverown,
1077 				    odsp->nfsclds_serverown,
1078 				    dsp->nfsclds_servownlen + 1);
1079 			mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
1080 			mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
1081 			    NULL, MTX_DEF);
1082 			nfscl_initsessionslots(&dsp->nfsclds_sess);
1083 			error = nfsrpc_createsession(nmp, &dsp->nfsclds_sess,
1084 			    &nmp->nm_sockreq, NULL,
1085 			    dsp->nfsclds_sess.nfsess_sequenceid, 1, cred, p);
1086 			NFSCL_DEBUG(1, "create session for extant "
1087 			    "ClientID=%d\n", error);
1088 			if (error != 0) {
1089 				nfscl_freenfsclds(dsp);
1090 				dsp = NULL;
1091 				/*
1092 				 * If *retokp is true, return any error other
1093 				 * than NFSERR_STALECLIENTID,
1094 				 * NFSERR_BADSESSION or NFSERR_STALEDONTRECOVER
1095 				 * so that nfscl_recover() will not loop.
1096 				 */
1097 				if (*retokp)
1098 					return (NFSERR_IO);
1099 			} else
1100 				*retokp = true;
1101 		} else if (retokp != NULL && *retokp)
1102 			return (NFSERR_IO);
1103 		if (error != 0) {
1104 			/*
1105 			 * Either there was no previous session or the
1106 			 * CreateSession attempt failed, so...
1107 			 * do an ExchangeID followed by the CreateSession.
1108 			 */
1109 			clp->nfsc_rev = rev++;
1110 			error = nfsrpc_exchangeid(nmp, clp, &nmp->nm_sockreq, 0,
1111 			    NFSV4EXCH_USEPNFSMDS | NFSV4EXCH_USENONPNFS, &dsp,
1112 			    cred, p);
1113 			NFSCL_DEBUG(1, "aft exch=%d\n", error);
1114 			if (error == 0)
1115 				error = nfsrpc_createsession(nmp,
1116 				    &dsp->nfsclds_sess, &nmp->nm_sockreq, NULL,
1117 				    dsp->nfsclds_sess.nfsess_sequenceid, 1,
1118 				    cred, p);
1119 			NFSCL_DEBUG(1, "aft createsess=%d\n", error);
1120 		}
1121 		if (error == 0) {
1122 			/*
1123 			 * If the session supports a backchannel, set up
1124 			 * the BindConnectionToSession call in the krpc
1125 			 * so that it is done on a reconnection.
1126 			 */
1127 			if (nfscl_enablecallb != 0 && nfs_numnfscbd > 0) {
1128 				rcp = mem_alloc(sizeof(*rcp));
1129 				rcp->minorvers = nmp->nm_minorvers;
1130 				memcpy(rcp->sessionid,
1131 				    dsp->nfsclds_sess.nfsess_sessionid,
1132 				    NFSX_V4SESSIONID);
1133 				recon.call = nfsrpc_bindconnsess;
1134 				recon.arg = rcp;
1135 				CLNT_CONTROL(nmp->nm_client, CLSET_RECONUPCALL,
1136 				    &recon);
1137 			}
1138 
1139 			NFSLOCKMNT(nmp);
1140 			/*
1141 			 * The old sessions cannot be safely free'd
1142 			 * here, since they may still be used by
1143 			 * in-progress RPCs.
1144 			 */
1145 			tsep = NULL;
1146 			if (TAILQ_FIRST(&nmp->nm_sess) != NULL) {
1147 				/*
1148 				 * Mark the old session defunct.  Needed
1149 				 * when called from nfscl_hasexpired().
1150 				 */
1151 				tsep = NFSMNT_MDSSESSION(nmp);
1152 				tsep->nfsess_defunct = 1;
1153 			}
1154 			TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp,
1155 			    nfsclds_list);
1156 			/*
1157 			 * Wake up RPCs waiting for a slot on the
1158 			 * old session. These will then fail with
1159 			 * NFSERR_BADSESSION and be retried with the
1160 			 * new session by nfsv4_setsequence().
1161 			 * Also wakeup() processes waiting for the
1162 			 * new session.
1163 			 */
1164 			if (tsep != NULL)
1165 				wakeup(&tsep->nfsess_slots);
1166 			wakeup(&nmp->nm_sess);
1167 			NFSUNLOCKMNT(nmp);
1168 		} else if (dsp != NULL)
1169 			nfscl_freenfsclds(dsp);
1170 		if (error == 0 && reclaim == 0) {
1171 			error = nfsrpc_reclaimcomplete(nmp, cred, p);
1172 			NFSCL_DEBUG(1, "aft reclaimcomp=%d\n", error);
1173 			if (error == NFSERR_COMPLETEALREADY ||
1174 			    error == NFSERR_NOTSUPP)
1175 				/* Ignore this error. */
1176 				error = 0;
1177 		}
1178 		return (error);
1179 	} else if (retokp != NULL && *retokp)
1180 		return (NFSERR_IO);
1181 	clp->nfsc_rev = rev++;
1182 
1183 	/*
1184 	 * Allocate a single session structure for NFSv4.0, because some of
1185 	 * the fields are used by NFSv4.0 although it doesn't do a session.
1186 	 */
1187 	dsp = malloc(sizeof(struct nfsclds), M_NFSCLDS, M_WAITOK | M_ZERO);
1188 	mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
1189 	mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession", NULL, MTX_DEF);
1190 	NFSLOCKMNT(nmp);
1191 	TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp, nfsclds_list);
1192 	tsep = NFSMNT_MDSSESSION(nmp);
1193 	NFSUNLOCKMNT(nmp);
1194 
1195 	nfscl_reqstart(nd, NFSPROC_SETCLIENTID, nmp, NULL, 0, NULL, NULL, 0, 0,
1196 	    NULL);
1197 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
1198 	*tl++ = txdr_unsigned(nfsboottime.tv_sec);
1199 	*tl = txdr_unsigned(clp->nfsc_rev);
1200 	(void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
1201 
1202 	/*
1203 	 * set up the callback address
1204 	 */
1205 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1206 	*tl = txdr_unsigned(NFS_CALLBCKPROG);
1207 	callblen = strlen(nfsv4_callbackaddr);
1208 	if (callblen == 0)
1209 		cp = nfscl_getmyip(nmp, &a6, &isinet6);
1210 	if (nfscl_enablecallb && nfs_numnfscbd > 0 &&
1211 	    (callblen > 0 || cp != NULL)) {
1212 		port = htons(nfsv4_cbport);
1213 		cp2 = (u_int8_t *)&port;
1214 #ifdef INET6
1215 		if ((callblen > 0 &&
1216 		     strchr(nfsv4_callbackaddr, ':')) || isinet6) {
1217 			char ip6buf[INET6_ADDRSTRLEN], *ip6add;
1218 
1219 			(void) nfsm_strtom(nd, "tcp6", 4);
1220 			if (callblen == 0) {
1221 				ip6_sprintf(ip6buf, (struct in6_addr *)cp);
1222 				ip6add = ip6buf;
1223 			} else {
1224 				ip6add = nfsv4_callbackaddr;
1225 			}
1226 			snprintf(addr, INET6_ADDRSTRLEN + 9, "%s.%d.%d",
1227 			    ip6add, cp2[0], cp2[1]);
1228 		} else
1229 #endif
1230 		{
1231 			(void) nfsm_strtom(nd, "tcp", 3);
1232 			if (callblen == 0)
1233 				snprintf(addr, INET6_ADDRSTRLEN + 9,
1234 				    "%d.%d.%d.%d.%d.%d", cp[0], cp[1],
1235 				    cp[2], cp[3], cp2[0], cp2[1]);
1236 			else
1237 				snprintf(addr, INET6_ADDRSTRLEN + 9,
1238 				    "%s.%d.%d", nfsv4_callbackaddr,
1239 				    cp2[0], cp2[1]);
1240 		}
1241 		(void) nfsm_strtom(nd, addr, strlen(addr));
1242 	} else {
1243 		(void) nfsm_strtom(nd, "tcp", 3);
1244 		(void) nfsm_strtom(nd, "0.0.0.0.0.0", 11);
1245 	}
1246 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1247 	*tl = txdr_unsigned(clp->nfsc_cbident);
1248 	nd->nd_flag |= ND_USEGSSNAME;
1249 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
1250 		NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
1251 	if (error)
1252 		return (error);
1253 	if (nd->nd_repstat == 0) {
1254 	    NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1255 	    tsep->nfsess_clientid.lval[0] = *tl++;
1256 	    tsep->nfsess_clientid.lval[1] = *tl++;
1257 	    confirm.lval[0] = *tl++;
1258 	    confirm.lval[1] = *tl;
1259 	    m_freem(nd->nd_mrep);
1260 	    nd->nd_mrep = NULL;
1261 
1262 	    /*
1263 	     * and confirm it.
1264 	     */
1265 	    nfscl_reqstart(nd, NFSPROC_SETCLIENTIDCFRM, nmp, NULL, 0, NULL,
1266 		NULL, 0, 0, NULL);
1267 	    NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1268 	    *tl++ = tsep->nfsess_clientid.lval[0];
1269 	    *tl++ = tsep->nfsess_clientid.lval[1];
1270 	    *tl++ = confirm.lval[0];
1271 	    *tl = confirm.lval[1];
1272 	    nd->nd_flag |= ND_USEGSSNAME;
1273 	    error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p,
1274 		cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
1275 	    if (error)
1276 		return (error);
1277 	    m_freem(nd->nd_mrep);
1278 	    nd->nd_mrep = NULL;
1279 	}
1280 	error = nd->nd_repstat;
1281 nfsmout:
1282 	m_freem(nd->nd_mrep);
1283 	return (error);
1284 }
1285 
1286 /*
1287  * nfs getattr call.
1288  */
1289 int
1290 nfsrpc_getattr(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
1291     struct nfsvattr *nap)
1292 {
1293 	struct nfsrv_descript nfsd, *nd = &nfsd;
1294 	int error;
1295 	nfsattrbit_t attrbits;
1296 	struct nfsnode *np;
1297 	struct nfsmount *nmp;
1298 
1299 	nmp = VFSTONFS(vp->v_mount);
1300 	np = VTONFS(vp);
1301 	if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0 &&
1302 	    nmp->nm_fhsize == 0) {
1303 		/* Attempt to get the actual root file handle. */
1304 		error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp), cred, p);
1305 		if (error != 0)
1306 			return (EACCES);
1307 		if (np->n_fhp->nfh_len == NFSX_FHMAX + 1)
1308 			nfscl_statfs(vp, cred, p);
1309 	}
1310 	NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp, cred);
1311 	if (nd->nd_flag & ND_NFSV4) {
1312 		NFSGETATTR_ATTRBIT(&attrbits);
1313 		(void) nfsrv_putattrbit(nd, &attrbits);
1314 	}
1315 	error = nfscl_request(nd, vp, p, cred);
1316 	if (error)
1317 		return (error);
1318 	if (!nd->nd_repstat)
1319 		error = nfsm_loadattr(nd, nap);
1320 	else
1321 		error = nd->nd_repstat;
1322 	m_freem(nd->nd_mrep);
1323 	return (error);
1324 }
1325 
1326 /*
1327  * nfs getattr call with non-vnode arguments.
1328  */
1329 int
1330 nfsrpc_getattrnovp(struct nfsmount *nmp, u_int8_t *fhp, int fhlen, int syscred,
1331     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, u_int64_t *xidp,
1332     uint32_t *leasep)
1333 {
1334 	struct nfsrv_descript nfsd, *nd = &nfsd;
1335 	int error, vers = NFS_VER2;
1336 	nfsattrbit_t attrbits;
1337 
1338 	nfscl_reqstart(nd, NFSPROC_GETATTR, nmp, fhp, fhlen, NULL, NULL, 0, 0,
1339 	    cred);
1340 	if (nd->nd_flag & ND_NFSV4) {
1341 		vers = NFS_VER4;
1342 		NFSGETATTR_ATTRBIT(&attrbits);
1343 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_LEASETIME);
1344 		(void) nfsrv_putattrbit(nd, &attrbits);
1345 	} else if (nd->nd_flag & ND_NFSV3) {
1346 		vers = NFS_VER3;
1347 	}
1348 	if (syscred)
1349 		nd->nd_flag |= ND_USEGSSNAME;
1350 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
1351 	    NFS_PROG, vers, NULL, 1, xidp, NULL);
1352 	if (error)
1353 		return (error);
1354 	if (nd->nd_repstat == 0) {
1355 		if ((nd->nd_flag & ND_NFSV4) != 0)
1356 			error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
1357 			    NULL, NULL, NULL, NULL, NULL, 0, NULL, leasep, NULL,
1358 			    NULL, NULL, NULL);
1359 		else
1360 			error = nfsm_loadattr(nd, nap);
1361 	} else
1362 		error = nd->nd_repstat;
1363 	m_freem(nd->nd_mrep);
1364 	return (error);
1365 }
1366 
1367 /*
1368  * Do an nfs setattr operation.
1369  */
1370 int
1371 nfsrpc_setattr(vnode_t vp, struct vattr *vap, NFSACL_T *aclp,
1372     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *rnap, int *attrflagp)
1373 {
1374 	int error, expireret = 0, openerr, retrycnt;
1375 	u_int32_t clidrev = 0, mode;
1376 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1377 	struct nfsfh *nfhp;
1378 	nfsv4stateid_t stateid;
1379 	void *lckp;
1380 
1381 	if (nmp->nm_clp != NULL)
1382 		clidrev = nmp->nm_clp->nfsc_clientidrev;
1383 	if (vap != NULL && NFSATTRISSET(u_quad_t, vap, va_size))
1384 		mode = NFSV4OPEN_ACCESSWRITE;
1385 	else
1386 		mode = NFSV4OPEN_ACCESSREAD;
1387 	retrycnt = 0;
1388 	do {
1389 		lckp = NULL;
1390 		openerr = 1;
1391 		if (NFSHASNFSV4(nmp)) {
1392 			nfhp = VTONFS(vp)->n_fhp;
1393 			error = nfscl_getstateid(vp, nfhp->nfh_fh,
1394 			    nfhp->nfh_len, mode, 0, cred, p, &stateid, &lckp);
1395 			if (error && vp->v_type == VREG &&
1396 			    (mode == NFSV4OPEN_ACCESSWRITE ||
1397 			     nfstest_openallsetattr)) {
1398 				/*
1399 				 * No Open stateid, so try and open the file
1400 				 * now.
1401 				 */
1402 				if (mode == NFSV4OPEN_ACCESSWRITE)
1403 					openerr = nfsrpc_open(vp, FWRITE, cred,
1404 					    p);
1405 				else
1406 					openerr = nfsrpc_open(vp, FREAD, cred,
1407 					    p);
1408 				if (!openerr)
1409 					(void) nfscl_getstateid(vp,
1410 					    nfhp->nfh_fh, nfhp->nfh_len,
1411 					    mode, 0, cred, p, &stateid, &lckp);
1412 			}
1413 		}
1414 		if (vap != NULL)
1415 			error = nfsrpc_setattrrpc(vp, vap, &stateid, cred, p,
1416 			    rnap, attrflagp);
1417 		else
1418 			error = nfsrpc_setaclrpc(vp, cred, p, aclp, &stateid);
1419 		if (error == NFSERR_OPENMODE && mode == NFSV4OPEN_ACCESSREAD) {
1420 			NFSLOCKMNT(nmp);
1421 			nmp->nm_state |= NFSSTA_OPENMODE;
1422 			NFSUNLOCKMNT(nmp);
1423 		}
1424 		if (error == NFSERR_STALESTATEID)
1425 			nfscl_initiate_recovery(nmp->nm_clp);
1426 		if (lckp != NULL)
1427 			nfscl_lockderef(lckp);
1428 		if (!openerr)
1429 			(void) nfsrpc_close(vp, 0, p);
1430 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1431 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1432 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
1433 			(void) nfs_catnap(PZERO, error, "nfs_setattr");
1434 		} else if ((error == NFSERR_EXPIRED ||
1435 		    ((!NFSHASINT(nmp) || !NFSHASNFSV4N(nmp)) &&
1436 		    error == NFSERR_BADSTATEID)) && clidrev != 0) {
1437 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
1438 		} else if (error == NFSERR_BADSTATEID && NFSHASINT(nmp) &&
1439 		    NFSHASNFSV4N(nmp)) {
1440 			error = EIO;
1441 		}
1442 		retrycnt++;
1443 	} while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1444 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1445 	    error == NFSERR_BADSESSION ||
1446 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
1447 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
1448 	     expireret == 0 && clidrev != 0 && retrycnt < 4) ||
1449 	    (error == NFSERR_OPENMODE && mode == NFSV4OPEN_ACCESSREAD &&
1450 	     retrycnt < 4));
1451 	if (error && retrycnt >= 4)
1452 		error = EIO;
1453 	return (error);
1454 }
1455 
1456 static int
1457 nfsrpc_setattrrpc(vnode_t vp, struct vattr *vap,
1458     nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
1459     struct nfsvattr *rnap, int *attrflagp)
1460 {
1461 	u_int32_t *tl;
1462 	struct nfsrv_descript nfsd, *nd = &nfsd;
1463 	int error;
1464 	nfsattrbit_t attrbits;
1465 
1466 	*attrflagp = 0;
1467 	NFSCL_REQSTART(nd, NFSPROC_SETATTR, vp, cred);
1468 	if (nd->nd_flag & ND_NFSV4)
1469 		nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
1470 	vap->va_type = vp->v_type;
1471 	nfscl_fillsattr(nd, vap, vp, NFSSATTR_FULL, 0);
1472 	if (nd->nd_flag & ND_NFSV3) {
1473 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1474 		*tl = newnfs_false;
1475 	} else if (nd->nd_flag & ND_NFSV4) {
1476 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1477 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
1478 		NFSGETATTR_ATTRBIT(&attrbits);
1479 		(void) nfsrv_putattrbit(nd, &attrbits);
1480 	}
1481 	error = nfscl_request(nd, vp, p, cred);
1482 	if (error)
1483 		return (error);
1484 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
1485 		error = nfscl_wcc_data(nd, vp, rnap, attrflagp, NULL, NULL);
1486 	if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 && !error)
1487 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
1488 	if (!(nd->nd_flag & ND_NFSV3) && !nd->nd_repstat && !error)
1489 		error = nfscl_postop_attr(nd, rnap, attrflagp);
1490 	m_freem(nd->nd_mrep);
1491 	if (nd->nd_repstat && !error)
1492 		error = nd->nd_repstat;
1493 	return (error);
1494 }
1495 
1496 /*
1497  * nfs lookup rpc
1498  */
1499 int
1500 nfsrpc_lookup(vnode_t dvp, char *name, int len, struct ucred *cred,
1501     NFSPROC_T *p, struct nfsvattr *dnap, struct nfsvattr *nap,
1502     struct nfsfh **nfhpp, int *attrflagp, int *dattrflagp, uint32_t openmode)
1503 {
1504 	uint32_t deleg, rflags, *tl;
1505 	struct nfsrv_descript nfsd, *nd = &nfsd;
1506 	struct nfsmount *nmp;
1507 	struct nfsnode *np;
1508 	struct nfsfh *nfhp;
1509 	nfsattrbit_t attrbits;
1510 	int error = 0, lookupp = 0, newone, ret, retop;
1511 	uint8_t own[NFSV4CL_LOCKNAMELEN];
1512 	struct nfsclopen *op;
1513 	struct nfscldeleg *ndp;
1514 	nfsv4stateid_t stateid;
1515 
1516 	*attrflagp = 0;
1517 	*dattrflagp = 0;
1518 	if (dvp->v_type != VDIR)
1519 		return (ENOTDIR);
1520 	nmp = VFSTONFS(dvp->v_mount);
1521 	if (len > NFS_MAXNAMLEN)
1522 		return (ENAMETOOLONG);
1523 	if (NFSHASNFSV4(nmp) && len == 1 &&
1524 		name[0] == '.') {
1525 		/*
1526 		 * Just return the current dir's fh.
1527 		 */
1528 		np = VTONFS(dvp);
1529 		nfhp = malloc(sizeof (struct nfsfh) +
1530 			np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
1531 		nfhp->nfh_len = np->n_fhp->nfh_len;
1532 		NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
1533 		*nfhpp = nfhp;
1534 		return (0);
1535 	}
1536 	if (NFSHASNFSV4(nmp) && len == 2 &&
1537 		name[0] == '.' && name[1] == '.') {
1538 		lookupp = 1;
1539 		openmode = 0;
1540 		NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, dvp, cred);
1541 	} else if (openmode != 0) {
1542 		NFSCL_REQSTART(nd, NFSPROC_LOOKUPOPEN, dvp, cred);
1543 		nfsm_strtom(nd, name, len);
1544 	} else {
1545 		NFSCL_REQSTART(nd, NFSPROC_LOOKUP, dvp, cred);
1546 		(void) nfsm_strtom(nd, name, len);
1547 	}
1548 	if (nd->nd_flag & ND_NFSV4) {
1549 		NFSGETATTR_ATTRBIT(&attrbits);
1550 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
1551 		*tl++ = txdr_unsigned(NFSV4OP_GETFH);
1552 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
1553 		(void) nfsrv_putattrbit(nd, &attrbits);
1554 		if (openmode != 0) {
1555 			/* Test for a VREG file. */
1556 			NFSZERO_ATTRBIT(&attrbits);
1557 			NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TYPE);
1558 			NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
1559 			*tl = txdr_unsigned(NFSV4OP_VERIFY);
1560 			nfsrv_putattrbit(nd, &attrbits);
1561 			NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
1562 			*tl++ = txdr_unsigned(NFSX_UNSIGNED);
1563 			*tl = vtonfsv34_type(VREG);
1564 
1565 			/* Attempt the Open for VREG. */
1566 			nfscl_filllockowner(NULL, own, F_POSIX);
1567 			NFSM_BUILD(tl, uint32_t *, 6 * NFSX_UNSIGNED);
1568 			*tl++ = txdr_unsigned(NFSV4OP_OPEN);
1569 			*tl++ = 0;		/* seqid, ignored. */
1570 			*tl++ = txdr_unsigned(openmode | NFSV4OPEN_WANTNODELEG);
1571 			*tl++ = txdr_unsigned(NFSV4OPEN_DENYNONE);
1572 			*tl++ = 0;		/* ClientID, ignored. */
1573 			*tl = 0;
1574 			nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN);
1575 			NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
1576 			*tl++ = txdr_unsigned(NFSV4OPEN_NOCREATE);
1577 			*tl = txdr_unsigned(NFSV4OPEN_CLAIMFH);
1578 		}
1579 	}
1580 	error = nfscl_request(nd, dvp, p, cred);
1581 	if (error)
1582 		return (error);
1583 	ndp = NULL;
1584 	if (nd->nd_repstat) {
1585 		/*
1586 		 * When an NFSv4 Lookupp returns ENOENT, it means that
1587 		 * the lookup is at the root of an fs, so return this dir.
1588 		 */
1589 		if (nd->nd_repstat == NFSERR_NOENT && lookupp) {
1590 		    np = VTONFS(dvp);
1591 		    nfhp = malloc(sizeof (struct nfsfh) +
1592 			np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
1593 		    nfhp->nfh_len = np->n_fhp->nfh_len;
1594 		    NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
1595 		    *nfhpp = nfhp;
1596 		    m_freem(nd->nd_mrep);
1597 		    return (0);
1598 		}
1599 		if (nd->nd_flag & ND_NFSV3)
1600 		    error = nfscl_postop_attr(nd, dnap, dattrflagp);
1601 		else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
1602 		    ND_NFSV4) {
1603 			/* Load the directory attributes. */
1604 			error = nfsm_loadattr(nd, dnap);
1605 			if (error != 0)
1606 				goto nfsmout;
1607 			*dattrflagp = 1;
1608 		}
1609 		/* Check Lookup operation reply status. */
1610 		if (openmode != 0 && (nd->nd_flag & ND_NOMOREDATA) == 0) {
1611 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
1612 			if (*++tl != 0)
1613 				goto nfsmout;
1614 		}
1615 		/* Look for GetFH reply. */
1616 		if (openmode != 0 && (nd->nd_flag & ND_NOMOREDATA) == 0) {
1617 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
1618 			if (*++tl != 0)
1619 				goto nfsmout;
1620 			error = nfsm_getfh(nd, nfhpp);
1621 			if (error)
1622 				goto nfsmout;
1623 		}
1624 		/* Look for Getattr reply. */
1625 		if (openmode != 0 && (nd->nd_flag & ND_NOMOREDATA) == 0) {
1626 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
1627 			if (*++tl != 0)
1628 				goto nfsmout;
1629 			error = nfsm_loadattr(nd, nap);
1630 			if (error == 0) {
1631 				/*
1632 				 * We have now successfully completed the
1633 				 * lookup, so set nd_repstat to 0.
1634 				 */
1635 				nd->nd_repstat = 0;
1636 				*attrflagp = 1;
1637 			}
1638 		}
1639 		goto nfsmout;
1640 	}
1641 	if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
1642 		/* Load the directory attributes. */
1643 		error = nfsm_loadattr(nd, dnap);
1644 		if (error != 0)
1645 			goto nfsmout;
1646 		*dattrflagp = 1;
1647 		/* Skip over the Lookup and GetFH operation status values. */
1648 		NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1649 	}
1650 	error = nfsm_getfh(nd, nfhpp);
1651 	if (error)
1652 		goto nfsmout;
1653 
1654 	error = nfscl_postop_attr(nd, nap, attrflagp);
1655 	if (openmode != 0 && error == 0) {
1656 		NFSM_DISSECT(tl, uint32_t *, NFSX_STATEID +
1657 		    10 * NFSX_UNSIGNED);
1658 		tl += 4;	/* Skip over Verify+Open status. */
1659 		stateid.seqid = *tl++;
1660 		stateid.other[0] = *tl++;
1661 		stateid.other[1] = *tl++;
1662 		stateid.other[2] = *tl;
1663 		rflags = fxdr_unsigned(uint32_t, *(tl + 6));
1664 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
1665 		if (error != 0)
1666 			goto nfsmout;
1667 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
1668 		deleg = fxdr_unsigned(uint32_t, *tl);
1669 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
1670 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
1671 			/*
1672 			 * Just need to fill in the fields used by
1673 			 * nfscl_trydelegreturn().
1674 			 * Mark the mount point as acquiring
1675 			 * delegations, so NFSPROC_LOOKUPOPEN will
1676 			 * no longer be done.
1677 			 */
1678 			NFSLOCKMNT(nmp);
1679 			nmp->nm_privflag |= NFSMNTP_DELEGISSUED;
1680 			NFSUNLOCKMNT(nmp);
1681 			ndp = malloc(sizeof(struct nfscldeleg) +
1682 			    (*nfhpp)->nfh_len, M_NFSCLDELEG, M_WAITOK);
1683 			ndp->nfsdl_fhlen = (*nfhpp)->nfh_len;
1684 			NFSBCOPY((*nfhpp)->nfh_fh, ndp->nfsdl_fh,
1685 			    ndp->nfsdl_fhlen);
1686 			newnfs_copyincred(cred, &ndp->nfsdl_cred);
1687 			NFSM_DISSECT(tl, uint32_t *, NFSX_STATEID);
1688 			ndp->nfsdl_stateid.seqid = *tl++;
1689 			ndp->nfsdl_stateid.other[0] = *tl++;
1690 			ndp->nfsdl_stateid.other[1] = *tl++;
1691 			ndp->nfsdl_stateid.other[2] = *tl++;
1692 		} else if (deleg == NFSV4OPEN_DELEGATENONEEXT &&
1693 		    NFSHASNFSV4N(nmp)) {
1694 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
1695 			deleg = fxdr_unsigned(uint32_t, *tl);
1696 			if (deleg == NFSV4OPEN_CONTENTION ||
1697 			    deleg == NFSV4OPEN_RESOURCE)
1698 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
1699 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
1700 			error = NFSERR_BADXDR;
1701 			goto nfsmout;
1702 		}
1703 		ret = nfscl_open(dvp, (*nfhpp)->nfh_fh, (*nfhpp)->nfh_len,
1704 		    openmode, 0, cred, p, NULL, &op, &newone, &retop, 1, true);
1705 		if (ret != 0)
1706 			goto nfsmout;
1707 		if (newone != 0) {
1708 			op->nfso_stateid.seqid = stateid.seqid;
1709 			op->nfso_stateid.other[0] = stateid.other[0];
1710 			op->nfso_stateid.other[1] = stateid.other[1];
1711 			op->nfso_stateid.other[2] = stateid.other[2];
1712 			op->nfso_mode = openmode;
1713 		} else {
1714 			op->nfso_stateid.seqid = stateid.seqid;
1715 			if (retop == NFSCLOPEN_DOOPEN)
1716 				op->nfso_mode |= openmode;
1717 		}
1718 		if ((rflags & NFSV4OPEN_LOCKTYPEPOSIX) != 0 ||
1719 		    nfscl_assumeposixlocks)
1720 			op->nfso_posixlock = 1;
1721 		else
1722 			op->nfso_posixlock = 0;
1723 		nfscl_openrelease(nmp, op, 0, 0);
1724 		if (ndp != NULL) {
1725 			/*
1726 			 * Since we do not have the vnode, we
1727 			 * cannot invalidate cached attributes.
1728 			 * Just return the delegation.
1729 			 */
1730 			nfscl_trydelegreturn(ndp, cred, nmp, p);
1731 		}
1732 	}
1733 	if ((nd->nd_flag & ND_NFSV3) && !error)
1734 		error = nfscl_postop_attr(nd, dnap, dattrflagp);
1735 nfsmout:
1736 	m_freem(nd->nd_mrep);
1737 	if (!error && nd->nd_repstat)
1738 		error = nd->nd_repstat;
1739 	free(ndp, M_NFSCLDELEG);
1740 	return (error);
1741 }
1742 
1743 /*
1744  * Do a readlink rpc.
1745  */
1746 int
1747 nfsrpc_readlink(vnode_t vp, struct uio *uiop, struct ucred *cred,
1748     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
1749 {
1750 	u_int32_t *tl;
1751 	struct nfsrv_descript nfsd, *nd = &nfsd;
1752 	struct nfsnode *np = VTONFS(vp);
1753 	nfsattrbit_t attrbits;
1754 	int error, len, cangetattr = 1;
1755 
1756 	*attrflagp = 0;
1757 	NFSCL_REQSTART(nd, NFSPROC_READLINK, vp, cred);
1758 	if (nd->nd_flag & ND_NFSV4) {
1759 		/*
1760 		 * And do a Getattr op.
1761 		 */
1762 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1763 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
1764 		NFSGETATTR_ATTRBIT(&attrbits);
1765 		(void) nfsrv_putattrbit(nd, &attrbits);
1766 	}
1767 	error = nfscl_request(nd, vp, p, cred);
1768 	if (error)
1769 		return (error);
1770 	if (nd->nd_flag & ND_NFSV3)
1771 		error = nfscl_postop_attr(nd, nap, attrflagp);
1772 	if (!nd->nd_repstat && !error) {
1773 		NFSM_STRSIZ(len, NFS_MAXPATHLEN);
1774 		/*
1775 		 * This seems weird to me, but must have been added to
1776 		 * FreeBSD for some reason. The only thing I can think of
1777 		 * is that there was/is some server that replies with
1778 		 * more link data than it should?
1779 		 */
1780 		if (len == NFS_MAXPATHLEN) {
1781 			NFSLOCKNODE(np);
1782 			if (np->n_size > 0 && np->n_size < NFS_MAXPATHLEN) {
1783 				len = np->n_size;
1784 				cangetattr = 0;
1785 			}
1786 			NFSUNLOCKNODE(np);
1787 		}
1788 		error = nfsm_mbufuio(nd, uiop, len);
1789 		if ((nd->nd_flag & ND_NFSV4) && !error && cangetattr)
1790 			error = nfscl_postop_attr(nd, nap, attrflagp);
1791 	}
1792 	if (nd->nd_repstat && !error)
1793 		error = nd->nd_repstat;
1794 nfsmout:
1795 	m_freem(nd->nd_mrep);
1796 	return (error);
1797 }
1798 
1799 /*
1800  * Read operation.
1801  */
1802 int
1803 nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
1804     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
1805 {
1806 	int error, expireret = 0, retrycnt;
1807 	u_int32_t clidrev = 0;
1808 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1809 	struct nfsnode *np = VTONFS(vp);
1810 	struct ucred *newcred;
1811 	struct nfsfh *nfhp = NULL;
1812 	nfsv4stateid_t stateid;
1813 	void *lckp;
1814 
1815 	if (nmp->nm_clp != NULL)
1816 		clidrev = nmp->nm_clp->nfsc_clientidrev;
1817 	newcred = cred;
1818 	if (NFSHASNFSV4(nmp)) {
1819 		nfhp = np->n_fhp;
1820 		newcred = NFSNEWCRED(cred);
1821 	}
1822 	retrycnt = 0;
1823 	do {
1824 		lckp = NULL;
1825 		if (NFSHASNFSV4(nmp))
1826 			(void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
1827 			    NFSV4OPEN_ACCESSREAD, 0, newcred, p, &stateid,
1828 			    &lckp);
1829 		error = nfsrpc_readrpc(vp, uiop, newcred, &stateid, p, nap,
1830 		    attrflagp);
1831 		if (error == NFSERR_OPENMODE) {
1832 			NFSLOCKMNT(nmp);
1833 			nmp->nm_state |= NFSSTA_OPENMODE;
1834 			NFSUNLOCKMNT(nmp);
1835 		}
1836 		if (error == NFSERR_STALESTATEID)
1837 			nfscl_initiate_recovery(nmp->nm_clp);
1838 		if (lckp != NULL)
1839 			nfscl_lockderef(lckp);
1840 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1841 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1842 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
1843 			(void) nfs_catnap(PZERO, error, "nfs_read");
1844 		} else if ((error == NFSERR_EXPIRED ||
1845 		    ((!NFSHASINT(nmp) || !NFSHASNFSV4N(nmp)) &&
1846 		    error == NFSERR_BADSTATEID)) && clidrev != 0) {
1847 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
1848 		} else if (error == NFSERR_BADSTATEID && NFSHASINT(nmp) &&
1849 		    NFSHASNFSV4N(nmp)) {
1850 			error = EIO;
1851 		}
1852 		retrycnt++;
1853 	} while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1854 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1855 	    error == NFSERR_BADSESSION ||
1856 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
1857 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
1858 	     expireret == 0 && clidrev != 0 && retrycnt < 4) ||
1859 	    (error == NFSERR_OPENMODE && retrycnt < 4));
1860 	if (error && retrycnt >= 4)
1861 		error = EIO;
1862 	if (NFSHASNFSV4(nmp))
1863 		NFSFREECRED(newcred);
1864 	return (error);
1865 }
1866 
1867 /*
1868  * The actual read RPC.
1869  */
1870 static int
1871 nfsrpc_readrpc(vnode_t vp, struct uio *uiop, struct ucred *cred,
1872     nfsv4stateid_t *stateidp, NFSPROC_T *p, struct nfsvattr *nap,
1873     int *attrflagp)
1874 {
1875 	u_int32_t *tl;
1876 	int error = 0, len, retlen, tsiz, eof = 0;
1877 	struct nfsrv_descript nfsd;
1878 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1879 	struct nfsrv_descript *nd = &nfsd;
1880 	int rsize;
1881 	off_t tmp_off;
1882 
1883 	*attrflagp = 0;
1884 	tsiz = uiop->uio_resid;
1885 	tmp_off = uiop->uio_offset + tsiz;
1886 	NFSLOCKMNT(nmp);
1887 	if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
1888 		NFSUNLOCKMNT(nmp);
1889 		return (EFBIG);
1890 	}
1891 	rsize = nmp->nm_rsize;
1892 	NFSUNLOCKMNT(nmp);
1893 	nd->nd_mrep = NULL;
1894 	while (tsiz > 0) {
1895 		*attrflagp = 0;
1896 		len = (tsiz > rsize) ? rsize : tsiz;
1897 		NFSCL_REQSTART(nd, NFSPROC_READ, vp, cred);
1898 		if (nd->nd_flag & ND_NFSV4)
1899 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
1900 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED * 3);
1901 		if (nd->nd_flag & ND_NFSV2) {
1902 			*tl++ = txdr_unsigned(uiop->uio_offset);
1903 			*tl++ = txdr_unsigned(len);
1904 			*tl = 0;
1905 		} else {
1906 			txdr_hyper(uiop->uio_offset, tl);
1907 			*(tl + 2) = txdr_unsigned(len);
1908 		}
1909 		/*
1910 		 * Since I can't do a Getattr for NFSv4 for Write, there
1911 		 * doesn't seem any point in doing one here, either.
1912 		 * (See the comment in nfsrpc_writerpc() for more info.)
1913 		 */
1914 		error = nfscl_request(nd, vp, p, cred);
1915 		if (error)
1916 			return (error);
1917 		if (nd->nd_flag & ND_NFSV3) {
1918 			error = nfscl_postop_attr(nd, nap, attrflagp);
1919 		} else if (!nd->nd_repstat && (nd->nd_flag & ND_NFSV2)) {
1920 			error = nfsm_loadattr(nd, nap);
1921 			if (!error)
1922 				*attrflagp = 1;
1923 		}
1924 		if (nd->nd_repstat || error) {
1925 			if (!error)
1926 				error = nd->nd_repstat;
1927 			goto nfsmout;
1928 		}
1929 		if (nd->nd_flag & ND_NFSV3) {
1930 			NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
1931 			eof = fxdr_unsigned(int, *(tl + 1));
1932 		} else if (nd->nd_flag & ND_NFSV4) {
1933 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
1934 			eof = fxdr_unsigned(int, *tl);
1935 		}
1936 		NFSM_STRSIZ(retlen, len);
1937 		error = nfsm_mbufuio(nd, uiop, retlen);
1938 		if (error)
1939 			goto nfsmout;
1940 		m_freem(nd->nd_mrep);
1941 		nd->nd_mrep = NULL;
1942 		tsiz -= retlen;
1943 		if (!(nd->nd_flag & ND_NFSV2)) {
1944 			if (eof || retlen == 0)
1945 				tsiz = 0;
1946 		} else if (retlen < len)
1947 			tsiz = 0;
1948 	}
1949 	return (0);
1950 nfsmout:
1951 	if (nd->nd_mrep != NULL)
1952 		m_freem(nd->nd_mrep);
1953 	return (error);
1954 }
1955 
1956 /*
1957  * nfs write operation
1958  * When called_from_strategy != 0, it should return EIO for an error that
1959  * indicates recovery is in progress, so that the buffer will be left
1960  * dirty and be written back to the server later. If it loops around,
1961  * the recovery thread could get stuck waiting for the buffer and recovery
1962  * will then deadlock.
1963  */
1964 int
1965 nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
1966     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
1967     int called_from_strategy, int ioflag)
1968 {
1969 	int error, expireret = 0, retrycnt, nostateid;
1970 	u_int32_t clidrev = 0;
1971 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1972 	struct nfsnode *np = VTONFS(vp);
1973 	struct ucred *newcred;
1974 	struct nfsfh *nfhp = NULL;
1975 	nfsv4stateid_t stateid;
1976 	void *lckp;
1977 
1978 	KASSERT(*must_commit >= 0 && *must_commit <= 2,
1979 	    ("nfsrpc_write: must_commit out of range=%d", *must_commit));
1980 	if (nmp->nm_clp != NULL)
1981 		clidrev = nmp->nm_clp->nfsc_clientidrev;
1982 	newcred = cred;
1983 	if (NFSHASNFSV4(nmp)) {
1984 		newcred = NFSNEWCRED(cred);
1985 		nfhp = np->n_fhp;
1986 	}
1987 	retrycnt = 0;
1988 	do {
1989 		lckp = NULL;
1990 		nostateid = 0;
1991 		if (NFSHASNFSV4(nmp)) {
1992 			(void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
1993 			    NFSV4OPEN_ACCESSWRITE, 0, newcred, p, &stateid,
1994 			    &lckp);
1995 			if (stateid.other[0] == 0 && stateid.other[1] == 0 &&
1996 			    stateid.other[2] == 0) {
1997 				nostateid = 1;
1998 				NFSCL_DEBUG(1, "stateid0 in write\n");
1999 			}
2000 		}
2001 
2002 		/*
2003 		 * If there is no stateid for NFSv4, it means this is an
2004 		 * extraneous write after close. Basically a poorly
2005 		 * implemented buffer cache. Just don't do the write.
2006 		 */
2007 		if (nostateid)
2008 			error = 0;
2009 		else
2010 			error = nfsrpc_writerpc(vp, uiop, iomode, must_commit,
2011 			    newcred, &stateid, p, nap, attrflagp, ioflag);
2012 		if (error == NFSERR_STALESTATEID)
2013 			nfscl_initiate_recovery(nmp->nm_clp);
2014 		if (lckp != NULL)
2015 			nfscl_lockderef(lckp);
2016 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
2017 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
2018 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
2019 			(void) nfs_catnap(PZERO, error, "nfs_write");
2020 		} else if ((error == NFSERR_EXPIRED ||
2021 		    ((!NFSHASINT(nmp) || !NFSHASNFSV4N(nmp)) &&
2022 		    error == NFSERR_BADSTATEID)) && clidrev != 0) {
2023 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
2024 		} else if (error == NFSERR_BADSTATEID && NFSHASINT(nmp) &&
2025 		    NFSHASNFSV4N(nmp)) {
2026 			error = EIO;
2027 		}
2028 		retrycnt++;
2029 	} while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
2030 	    ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
2031 	      error == NFSERR_STALEDONTRECOVER) && called_from_strategy == 0) ||
2032 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
2033 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
2034 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
2035 	if (error != 0 && (retrycnt >= 4 ||
2036 	    ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
2037 	      error == NFSERR_STALEDONTRECOVER) && called_from_strategy != 0)))
2038 		error = EIO;
2039 	if (NFSHASNFSV4(nmp))
2040 		NFSFREECRED(newcred);
2041 	return (error);
2042 }
2043 
2044 /*
2045  * The actual write RPC.
2046  */
2047 static int
2048 nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iomode,
2049     int *must_commit, struct ucred *cred, nfsv4stateid_t *stateidp,
2050     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, int ioflag)
2051 {
2052 	u_int32_t *tl;
2053 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
2054 	struct nfsnode *np = VTONFS(vp);
2055 	int error = 0, len, rlen, commit, committed = NFSWRITE_FILESYNC;
2056 	int wccflag = 0;
2057 	int32_t backup;
2058 	struct nfsrv_descript *nd;
2059 	nfsattrbit_t attrbits;
2060 	uint64_t tmp_off;
2061 	ssize_t tsiz, wsize;
2062 	bool do_append;
2063 
2064 	KASSERT(uiop->uio_iovcnt == 1, ("nfs: writerpc iovcnt > 1"));
2065 	*attrflagp = 0;
2066 	tsiz = uiop->uio_resid;
2067 	tmp_off = uiop->uio_offset + tsiz;
2068 	NFSLOCKMNT(nmp);
2069 	if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
2070 		NFSUNLOCKMNT(nmp);
2071 		return (EFBIG);
2072 	}
2073 	wsize = nmp->nm_wsize;
2074 	do_append = false;
2075 	if ((ioflag & IO_APPEND) != 0 && NFSHASNFSV4(nmp) && !NFSHASPNFS(nmp))
2076 		do_append = true;
2077 	NFSUNLOCKMNT(nmp);
2078 	nd = malloc(sizeof(*nd), M_TEMP, M_WAITOK);
2079 	nd->nd_mrep = NULL;	/* NFSv2 sometimes does a write with */
2080 	nd->nd_repstat = 0;	/* uio_resid == 0, so the while is not done */
2081 	while (tsiz > 0) {
2082 		*attrflagp = 0;
2083 		len = (tsiz > wsize) ? wsize : tsiz;
2084 		if (do_append)
2085 			NFSCL_REQSTART(nd, NFSPROC_APPENDWRITE, vp, cred);
2086 		else
2087 			NFSCL_REQSTART(nd, NFSPROC_WRITE, vp, cred);
2088 		if (nd->nd_flag & ND_NFSV4) {
2089 			if (do_append) {
2090 				NFSZERO_ATTRBIT(&attrbits);
2091 				NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_SIZE);
2092 				nfsrv_putattrbit(nd, &attrbits);
2093 				NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED +
2094 				    NFSX_HYPER);
2095 				*tl++ = txdr_unsigned(NFSX_HYPER);
2096 				txdr_hyper(uiop->uio_offset, tl); tl += 2;
2097 				*tl = txdr_unsigned(NFSV4OP_WRITE);
2098 			}
2099 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
2100 			NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+2*NFSX_UNSIGNED);
2101 			txdr_hyper(uiop->uio_offset, tl);
2102 			tl += 2;
2103 			*tl++ = txdr_unsigned(*iomode);
2104 			*tl = txdr_unsigned(len);
2105 		} else if (nd->nd_flag & ND_NFSV3) {
2106 			NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+3*NFSX_UNSIGNED);
2107 			txdr_hyper(uiop->uio_offset, tl);
2108 			tl += 2;
2109 			*tl++ = txdr_unsigned(len);
2110 			*tl++ = txdr_unsigned(*iomode);
2111 			*tl = txdr_unsigned(len);
2112 		} else {
2113 			u_int32_t x;
2114 
2115 			NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
2116 			/*
2117 			 * Not sure why someone changed this, since the
2118 			 * RFC clearly states that "beginoffset" and
2119 			 * "totalcount" are ignored, but it wouldn't
2120 			 * surprise me if there's a busted server out there.
2121 			 */
2122 			/* Set both "begin" and "current" to non-garbage. */
2123 			x = txdr_unsigned((u_int32_t)uiop->uio_offset);
2124 			*tl++ = x;      /* "begin offset" */
2125 			*tl++ = x;      /* "current offset" */
2126 			x = txdr_unsigned(len);
2127 			*tl++ = x;      /* total to this offset */
2128 			*tl = x;        /* size of this write */
2129 		}
2130 		error = nfsm_uiombuf(nd, uiop, len);
2131 		if (error != 0) {
2132 			m_freem(nd->nd_mreq);
2133 			free(nd, M_TEMP);
2134 			return (error);
2135 		}
2136 		/*
2137 		 * Although it is tempting to do a normal Getattr Op in the
2138 		 * NFSv4 compound, the result can be a nearly hung client
2139 		 * system if the Getattr asks for Owner and/or OwnerGroup.
2140 		 * It occurs when the client can't map either the Owner or
2141 		 * Owner_group name in the Getattr reply to a uid/gid. When
2142 		 * there is a cache miss, the kernel does an upcall to the
2143 		 * nfsuserd. Then, it can try and read the local /etc/passwd
2144 		 * or /etc/group file. It can then block in getnewbuf(),
2145 		 * waiting for dirty writes to be pushed to the NFS server.
2146 		 * The only reason this doesn't result in a complete
2147 		 * deadlock, is that the upcall times out and allows
2148 		 * the write to complete. However, progress is so slow
2149 		 * that it might just as well be deadlocked.
2150 		 * As such, we get the rest of the attributes, but not
2151 		 * Owner or Owner_group.
2152 		 * nb: nfscl_loadattrcache() needs to be told that these
2153 		 *     partial attributes from a write rpc are being
2154 		 *     passed in, via a argument flag.
2155 		 */
2156 		if (nd->nd_flag & ND_NFSV4) {
2157 			NFSWRITEGETATTR_ATTRBIT(&attrbits);
2158 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2159 			*tl = txdr_unsigned(NFSV4OP_GETATTR);
2160 			(void) nfsrv_putattrbit(nd, &attrbits);
2161 		}
2162 		error = nfscl_request(nd, vp, p, cred);
2163 		if (error) {
2164 			free(nd, M_TEMP);
2165 			return (error);
2166 		}
2167 		if (nd->nd_repstat) {
2168 			/*
2169 			 * In case the rpc gets retried, roll
2170 			 * the uio fields changed by nfsm_uiombuf()
2171 			 * back.
2172 			 */
2173 			uiop->uio_offset -= len;
2174 			uiop->uio_resid += len;
2175 			uiop->uio_iov->iov_base =
2176 			    (char *)uiop->uio_iov->iov_base - len;
2177 			uiop->uio_iov->iov_len += len;
2178 		}
2179 		if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
2180 			error = nfscl_wcc_data(nd, vp, nap, attrflagp,
2181 			    &wccflag, &tmp_off);
2182 			if (error)
2183 				goto nfsmout;
2184 		}
2185 		if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
2186 		    (ND_NFSV4 | ND_NOMOREDATA) &&
2187 		    nd->nd_repstat == NFSERR_NOTSAME && do_append) {
2188 			/*
2189 			 * Verify of the file's size failed, so redo the
2190 			 * write using the file's size as returned in
2191 			 * the wcc attributes.
2192 			 */
2193 			if (tmp_off + tsiz <= nmp->nm_maxfilesize) {
2194 				do_append = false;
2195 				uiop->uio_offset = tmp_off;
2196 				m_freem(nd->nd_mrep);
2197 				nd->nd_mrep = NULL;
2198 				continue;
2199 			} else
2200 				nd->nd_repstat = EFBIG;
2201 		}
2202 		if (!nd->nd_repstat) {
2203 			if (do_append) {
2204 				/* Strip off the Write reply status. */
2205 				do_append = false;
2206 				NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
2207 			}
2208 			if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
2209 				NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED
2210 					+ NFSX_VERF);
2211 				rlen = fxdr_unsigned(int, *tl++);
2212 				if (rlen == 0) {
2213 					error = NFSERR_IO;
2214 					goto nfsmout;
2215 				} else if (rlen < len) {
2216 					backup = len - rlen;
2217 					uiop->uio_iov->iov_base =
2218 					    (char *)uiop->uio_iov->iov_base -
2219 					    backup;
2220 					uiop->uio_iov->iov_len += backup;
2221 					uiop->uio_offset -= backup;
2222 					uiop->uio_resid += backup;
2223 					len = rlen;
2224 				}
2225 				commit = fxdr_unsigned(int, *tl++);
2226 
2227 				/*
2228 				 * Return the lowest commitment level
2229 				 * obtained by any of the RPCs.
2230 				 */
2231 				if (committed == NFSWRITE_FILESYNC)
2232 					committed = commit;
2233 				else if (committed == NFSWRITE_DATASYNC &&
2234 					commit == NFSWRITE_UNSTABLE)
2235 					committed = commit;
2236 				NFSLOCKMNT(nmp);
2237 				if (!NFSHASWRITEVERF(nmp)) {
2238 					NFSBCOPY((caddr_t)tl,
2239 					    (caddr_t)&nmp->nm_verf[0],
2240 					    NFSX_VERF);
2241 					NFSSETWRITEVERF(nmp);
2242 	    			} else if (NFSBCMP(tl, nmp->nm_verf,
2243 				    NFSX_VERF) && *must_commit != 2) {
2244 					*must_commit = 1;
2245 					NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
2246 				}
2247 				NFSUNLOCKMNT(nmp);
2248 			}
2249 			if (nd->nd_flag & ND_NFSV4)
2250 				NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2251 			if (nd->nd_flag & (ND_NFSV2 | ND_NFSV4)) {
2252 				error = nfsm_loadattr(nd, nap);
2253 				if (!error)
2254 					*attrflagp = NFS_LATTR_NOSHRINK;
2255 			}
2256 		} else {
2257 			error = nd->nd_repstat;
2258 		}
2259 		if (error)
2260 			goto nfsmout;
2261 		NFSWRITERPC_SETTIME(wccflag, np, nap, (nd->nd_flag & ND_NFSV4));
2262 		m_freem(nd->nd_mrep);
2263 		nd->nd_mrep = NULL;
2264 		tsiz -= len;
2265 	}
2266 nfsmout:
2267 	if (nd->nd_mrep != NULL)
2268 		m_freem(nd->nd_mrep);
2269 	*iomode = committed;
2270 	if (nd->nd_repstat && !error)
2271 		error = nd->nd_repstat;
2272 	free(nd, M_TEMP);
2273 	return (error);
2274 }
2275 
2276 /*
2277  * Do an nfs deallocate operation.
2278  */
2279 int
2280 nfsrpc_deallocate(vnode_t vp, off_t offs, off_t len, struct nfsvattr *nap,
2281     int *attrflagp, struct ucred *cred, NFSPROC_T *p)
2282 {
2283 	int error, expireret = 0, openerr, retrycnt;
2284 	uint32_t clidrev = 0;
2285 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
2286 	struct nfsfh *nfhp;
2287 	nfsv4stateid_t stateid;
2288 	void *lckp;
2289 
2290 	if (nmp->nm_clp != NULL)
2291 		clidrev = nmp->nm_clp->nfsc_clientidrev;
2292 	retrycnt = 0;
2293 	do {
2294 		lckp = NULL;
2295 		openerr = 1;
2296 		nfhp = VTONFS(vp)->n_fhp;
2297 		error = nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
2298 		    NFSV4OPEN_ACCESSWRITE, 0, cred, p, &stateid, &lckp);
2299 		if (error != 0) {
2300 			/*
2301 			 * No Open stateid, so try and open the file
2302 			 * now.
2303 			 */
2304 			openerr = nfsrpc_open(vp, FWRITE, cred, p);
2305 			if (openerr == 0)
2306 				nfscl_getstateid(vp, nfhp->nfh_fh,
2307 				    nfhp->nfh_len, NFSV4OPEN_ACCESSWRITE, 0,
2308 				    cred, p, &stateid, &lckp);
2309 		}
2310 		error = nfsrpc_deallocaterpc(vp, offs, len, &stateid, nap,
2311 		    attrflagp, cred, p);
2312 		if (error == NFSERR_STALESTATEID)
2313 			nfscl_initiate_recovery(nmp->nm_clp);
2314 		if (lckp != NULL)
2315 			nfscl_lockderef(lckp);
2316 		if (openerr == 0)
2317 			nfsrpc_close(vp, 0, p);
2318 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
2319 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
2320 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
2321 			(void) nfs_catnap(PZERO, error, "nfs_deallocate");
2322 		} else if ((error == NFSERR_EXPIRED || (!NFSHASINT(nmp) &&
2323 		    error == NFSERR_BADSTATEID)) && clidrev != 0) {
2324 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
2325 		} else if (error == NFSERR_BADSTATEID && NFSHASINT(nmp)) {
2326 			error = EIO;
2327 		}
2328 		retrycnt++;
2329 	} while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
2330 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
2331 	    error == NFSERR_BADSESSION ||
2332 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
2333 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
2334 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
2335 	if (error && retrycnt >= 4)
2336 		error = EIO;
2337 	return (error);
2338 }
2339 
2340 /*
2341  * The actual deallocate RPC.
2342  */
2343 static int
2344 nfsrpc_deallocaterpc(vnode_t vp, off_t offs, off_t len,
2345     nfsv4stateid_t *stateidp, struct nfsvattr *nap, int *attrflagp,
2346     struct ucred *cred, NFSPROC_T *p)
2347 {
2348 	uint32_t *tl;
2349 	struct nfsnode *np = VTONFS(vp);
2350 	int error, wccflag;
2351 	struct nfsrv_descript nfsd;
2352 	struct nfsrv_descript *nd = &nfsd;
2353 	nfsattrbit_t attrbits;
2354 
2355 	*attrflagp = 0;
2356 	NFSCL_REQSTART(nd, NFSPROC_DEALLOCATE, vp, cred);
2357 	nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
2358 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER);
2359 	txdr_hyper(offs, tl);
2360 	tl += 2;
2361 	txdr_hyper(len, tl);
2362 	NFSWRITEGETATTR_ATTRBIT(&attrbits);
2363 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
2364 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
2365 	nfsrv_putattrbit(nd, &attrbits);
2366 	error = nfscl_request(nd, vp, p, cred);
2367 	if (error != 0)
2368 		return (error);
2369 	wccflag = 0;
2370 	error = nfscl_wcc_data(nd, vp, nap, attrflagp, &wccflag, NULL);
2371 	if (error != 0)
2372 		goto nfsmout;
2373 	if (nd->nd_repstat == 0) {
2374 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
2375 		error = nfsm_loadattr(nd, nap);
2376 		if (error != 0)
2377 			goto nfsmout;
2378 		*attrflagp = NFS_LATTR_NOSHRINK;
2379 	}
2380 	NFSWRITERPC_SETTIME(wccflag, np, nap, 1);
2381 nfsmout:
2382 	m_freem(nd->nd_mrep);
2383 	if (nd->nd_repstat != 0 && error == 0)
2384 		error = nd->nd_repstat;
2385 	return (error);
2386 }
2387 
2388 /*
2389  * nfs mknod rpc
2390  * For NFS v2 this is a kludge. Use a create rpc but with the IFMT bits of the
2391  * mode set to specify the file type and the size field for rdev.
2392  */
2393 int
2394 nfsrpc_mknod(vnode_t dvp, char *name, int namelen, struct vattr *vap,
2395     u_int32_t rdev, __enum_uint8(vtype) vtyp, struct ucred *cred, NFSPROC_T *p,
2396     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
2397     int *attrflagp, int *dattrflagp)
2398 {
2399 	u_int32_t *tl;
2400 	int error = 0;
2401 	struct nfsrv_descript nfsd, *nd = &nfsd;
2402 	nfsattrbit_t attrbits;
2403 
2404 	*nfhpp = NULL;
2405 	*attrflagp = 0;
2406 	*dattrflagp = 0;
2407 	if (namelen > NFS_MAXNAMLEN)
2408 		return (ENAMETOOLONG);
2409 	NFSCL_REQSTART(nd, NFSPROC_MKNOD, dvp, cred);
2410 	if (nd->nd_flag & ND_NFSV4) {
2411 		if (vtyp == VBLK || vtyp == VCHR) {
2412 			NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
2413 			*tl++ = vtonfsv34_type(vtyp);
2414 			*tl++ = txdr_unsigned(NFSMAJOR(rdev));
2415 			*tl = txdr_unsigned(NFSMINOR(rdev));
2416 		} else {
2417 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2418 			*tl = vtonfsv34_type(vtyp);
2419 		}
2420 	}
2421 	(void) nfsm_strtom(nd, name, namelen);
2422 	if (nd->nd_flag & ND_NFSV3) {
2423 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2424 		*tl = vtonfsv34_type(vtyp);
2425 	}
2426 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
2427 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_NEWFILE, 0);
2428 	if ((nd->nd_flag & ND_NFSV3) &&
2429 	    (vtyp == VCHR || vtyp == VBLK)) {
2430 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2431 		*tl++ = txdr_unsigned(NFSMAJOR(rdev));
2432 		*tl = txdr_unsigned(NFSMINOR(rdev));
2433 	}
2434 	if (nd->nd_flag & ND_NFSV4) {
2435 		NFSGETATTR_ATTRBIT(&attrbits);
2436 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2437 		*tl++ = txdr_unsigned(NFSV4OP_GETFH);
2438 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
2439 		(void) nfsrv_putattrbit(nd, &attrbits);
2440 	}
2441 	if (nd->nd_flag & ND_NFSV2)
2442 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZERDEV, rdev);
2443 	error = nfscl_request(nd, dvp, p, cred);
2444 	if (error)
2445 		return (error);
2446 	if (nd->nd_flag & ND_NFSV4)
2447 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, NULL);
2448 	if (!nd->nd_repstat) {
2449 		if (nd->nd_flag & ND_NFSV4) {
2450 			NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
2451 			error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
2452 			if (error)
2453 				goto nfsmout;
2454 		}
2455 		error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
2456 		if (error)
2457 			goto nfsmout;
2458 	}
2459 	if (nd->nd_flag & ND_NFSV3)
2460 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, NULL);
2461 	if (!error && nd->nd_repstat)
2462 		error = nd->nd_repstat;
2463 nfsmout:
2464 	m_freem(nd->nd_mrep);
2465 	return (error);
2466 }
2467 
2468 /*
2469  * nfs file create call
2470  * Mostly just call the approriate routine. (I separated out v4, so that
2471  * error recovery wouldn't be as difficult.)
2472  */
2473 int
2474 nfsrpc_create(vnode_t dvp, char *name, int namelen, struct vattr *vap,
2475     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
2476     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
2477     int *attrflagp, int *dattrflagp)
2478 {
2479 	int error = 0, newone, expireret = 0, retrycnt, unlocked;
2480 	struct nfsclowner *owp;
2481 	struct nfscldeleg *dp;
2482 	struct nfsmount *nmp = VFSTONFS(dvp->v_mount);
2483 	u_int32_t clidrev;
2484 
2485 	if (NFSHASNFSV4(nmp)) {
2486 	    retrycnt = 0;
2487 	    do {
2488 		dp = NULL;
2489 		error = nfscl_open(dvp, NULL, 0, (NFSV4OPEN_ACCESSWRITE |
2490 		    NFSV4OPEN_ACCESSREAD), 0, cred, p, &owp, NULL, &newone,
2491 		    NULL, 1, true);
2492 		if (error)
2493 			return (error);
2494 		if (nmp->nm_clp != NULL)
2495 			clidrev = nmp->nm_clp->nfsc_clientidrev;
2496 		else
2497 			clidrev = 0;
2498 		if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
2499 		    nfs_numnfscbd == 0 || retrycnt > 0)
2500 			error = nfsrpc_createv4(dvp, name, namelen, vap, cverf,
2501 			  fmode, owp, &dp, cred, p, dnap, nnap, nfhpp,
2502 			  attrflagp, dattrflagp, &unlocked);
2503 		else
2504 			error = nfsrpc_getcreatelayout(dvp, name, namelen, vap,
2505 			  cverf, fmode, owp, &dp, cred, p, dnap, nnap, nfhpp,
2506 			  attrflagp, dattrflagp, &unlocked);
2507 		/*
2508 		 * There is no need to invalidate cached attributes here,
2509 		 * since new post-delegation issue attributes are always
2510 		 * returned by nfsrpc_createv4() and these will update the
2511 		 * attribute cache.
2512 		 */
2513 		if (dp != NULL)
2514 			(void) nfscl_deleg(nmp->nm_mountp, owp->nfsow_clp,
2515 			    (*nfhpp)->nfh_fh, (*nfhpp)->nfh_len, cred, p, dp);
2516 		nfscl_ownerrelease(nmp, owp, error, newone, unlocked);
2517 		if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
2518 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
2519 		    error == NFSERR_BADSESSION) {
2520 			(void) nfs_catnap(PZERO, error, "nfs_open");
2521 		} else if ((error == NFSERR_EXPIRED ||
2522 		    error == NFSERR_BADSTATEID) && clidrev != 0) {
2523 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
2524 			retrycnt++;
2525 		}
2526 	    } while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
2527 		error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
2528 		error == NFSERR_BADSESSION ||
2529 		((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
2530 		 expireret == 0 && clidrev != 0 && retrycnt < 4));
2531 	    if (error && retrycnt >= 4)
2532 		    error = EIO;
2533 	} else {
2534 		error = nfsrpc_createv23(dvp, name, namelen, vap, cverf,
2535 		    fmode, cred, p, dnap, nnap, nfhpp, attrflagp, dattrflagp);
2536 	}
2537 	return (error);
2538 }
2539 
2540 /*
2541  * The create rpc for v2 and 3.
2542  */
2543 static int
2544 nfsrpc_createv23(vnode_t dvp, char *name, int namelen, struct vattr *vap,
2545     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
2546     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
2547     int *attrflagp, int *dattrflagp)
2548 {
2549 	u_int32_t *tl;
2550 	int error = 0;
2551 	struct nfsrv_descript nfsd, *nd = &nfsd;
2552 
2553 	*nfhpp = NULL;
2554 	*attrflagp = 0;
2555 	*dattrflagp = 0;
2556 	if (namelen > NFS_MAXNAMLEN)
2557 		return (ENAMETOOLONG);
2558 	NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp, cred);
2559 	(void) nfsm_strtom(nd, name, namelen);
2560 	if (nd->nd_flag & ND_NFSV3) {
2561 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2562 		if (fmode & O_EXCL) {
2563 			*tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
2564 			NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
2565 			*tl++ = cverf.lval[0];
2566 			*tl = cverf.lval[1];
2567 		} else {
2568 			*tl = txdr_unsigned(NFSCREATE_UNCHECKED);
2569 			nfscl_fillsattr(nd, vap, dvp, 0, 0);
2570 		}
2571 	} else {
2572 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZE0, 0);
2573 	}
2574 	error = nfscl_request(nd, dvp, p, cred);
2575 	if (error)
2576 		return (error);
2577 	if (nd->nd_repstat == 0) {
2578 		error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
2579 		if (error)
2580 			goto nfsmout;
2581 	}
2582 	if (nd->nd_flag & ND_NFSV3)
2583 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, NULL);
2584 	if (nd->nd_repstat != 0 && error == 0)
2585 		error = nd->nd_repstat;
2586 nfsmout:
2587 	m_freem(nd->nd_mrep);
2588 	return (error);
2589 }
2590 
2591 static int
2592 nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap,
2593     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
2594     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
2595     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
2596     int *dattrflagp, int *unlockedp)
2597 {
2598 	u_int32_t *tl;
2599 	int error = 0, deleg, newone, ret, acesize, limitby;
2600 	struct nfsrv_descript nfsd, *nd = &nfsd;
2601 	struct nfsclopen *op;
2602 	struct nfscldeleg *dp = NULL;
2603 	struct nfsnode *np;
2604 	struct nfsfh *nfhp;
2605 	nfsattrbit_t attrbits;
2606 	nfsv4stateid_t stateid;
2607 	u_int32_t rflags;
2608 	struct nfsmount *nmp;
2609 	struct nfsclsession *tsep;
2610 
2611 	nmp = VFSTONFS(dvp->v_mount);
2612 	np = VTONFS(dvp);
2613 	*unlockedp = 0;
2614 	*nfhpp = NULL;
2615 	*dpp = NULL;
2616 	*attrflagp = 0;
2617 	*dattrflagp = 0;
2618 	if (namelen > NFS_MAXNAMLEN)
2619 		return (ENAMETOOLONG);
2620 	NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp, cred);
2621 	/*
2622 	 * For V4, this is actually an Open op.
2623 	 */
2624 	NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
2625 	*tl++ = txdr_unsigned(owp->nfsow_seqid);
2626 	if (NFSHASNFSV4N(nmp)) {
2627 		if (!NFSHASPNFS(nmp) && nfscl_enablecallb != 0 &&
2628 		    nfs_numnfscbd > 0)
2629 			*tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
2630 			    NFSV4OPEN_ACCESSREAD | NFSV4OPEN_WANTWRITEDELEG);
2631 		else
2632 			*tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
2633 			    NFSV4OPEN_ACCESSREAD | NFSV4OPEN_WANTNODELEG);
2634 	} else
2635 		*tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
2636 		    NFSV4OPEN_ACCESSREAD);
2637 	*tl++ = txdr_unsigned(NFSV4OPEN_DENYNONE);
2638 	tsep = nfsmnt_mdssession(nmp);
2639 	*tl++ = tsep->nfsess_clientid.lval[0];
2640 	*tl = tsep->nfsess_clientid.lval[1];
2641 	(void) nfsm_strtom(nd, owp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
2642 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2643 	*tl++ = txdr_unsigned(NFSV4OPEN_CREATE);
2644 	if (fmode & O_EXCL) {
2645 		if (NFSHASNFSV4N(nmp)) {
2646 			if (NFSHASSESSPERSIST(nmp)) {
2647 				/* Use GUARDED for persistent sessions. */
2648 				*tl = txdr_unsigned(NFSCREATE_GUARDED);
2649 				nfscl_fillsattr(nd, vap, dvp, NFSSATTR_NEWFILE,
2650 				    0);
2651 			} else {
2652 				/* Otherwise, use EXCLUSIVE4_1. */
2653 				*tl = txdr_unsigned(NFSCREATE_EXCLUSIVE41);
2654 				NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
2655 				*tl++ = cverf.lval[0];
2656 				*tl = cverf.lval[1];
2657 				nfscl_fillsattr(nd, vap, dvp, NFSSATTR_NEWFILE,
2658 				    0);
2659 			}
2660 		} else {
2661 			/* NFSv4.0 */
2662 			*tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
2663 			NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
2664 			*tl++ = cverf.lval[0];
2665 			*tl = cverf.lval[1];
2666 		}
2667 	} else {
2668 		*tl = txdr_unsigned(NFSCREATE_UNCHECKED);
2669 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_NEWFILE, 0);
2670 	}
2671 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2672 	*tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
2673 	(void) nfsm_strtom(nd, name, namelen);
2674 	/* Get the new file's handle and attributes. */
2675 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2676 	*tl++ = txdr_unsigned(NFSV4OP_GETFH);
2677 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
2678 	NFSGETATTR_ATTRBIT(&attrbits);
2679 	(void) nfsrv_putattrbit(nd, &attrbits);
2680 	/* Get the directory's post-op attributes. */
2681 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2682 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
2683 	(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
2684 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2685 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
2686 	(void) nfsrv_putattrbit(nd, &attrbits);
2687 	error = nfscl_request(nd, dvp, p, cred);
2688 	if (error)
2689 		return (error);
2690 	NFSCL_INCRSEQID(owp->nfsow_seqid, nd);
2691 	if (nd->nd_repstat == 0) {
2692 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
2693 		    6 * NFSX_UNSIGNED);
2694 		stateid.seqid = *tl++;
2695 		stateid.other[0] = *tl++;
2696 		stateid.other[1] = *tl++;
2697 		stateid.other[2] = *tl;
2698 		rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
2699 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
2700 		if (error)
2701 			goto nfsmout;
2702 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
2703 		deleg = fxdr_unsigned(int, *tl);
2704 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
2705 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
2706 			if (!(owp->nfsow_clp->nfsc_flags &
2707 			      NFSCLFLAGS_FIRSTDELEG))
2708 				owp->nfsow_clp->nfsc_flags |=
2709 				  (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
2710 			dp = malloc(
2711 			    sizeof (struct nfscldeleg) + NFSX_V4FHMAX,
2712 			    M_NFSCLDELEG, M_WAITOK);
2713 			LIST_INIT(&dp->nfsdl_owner);
2714 			LIST_INIT(&dp->nfsdl_lock);
2715 			dp->nfsdl_clp = owp->nfsow_clp;
2716 			newnfs_copyincred(cred, &dp->nfsdl_cred);
2717 			nfscl_lockinit(&dp->nfsdl_rwlock);
2718 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
2719 			    NFSX_UNSIGNED);
2720 			dp->nfsdl_stateid.seqid = *tl++;
2721 			dp->nfsdl_stateid.other[0] = *tl++;
2722 			dp->nfsdl_stateid.other[1] = *tl++;
2723 			dp->nfsdl_stateid.other[2] = *tl++;
2724 			ret = fxdr_unsigned(int, *tl);
2725 			if (deleg == NFSV4OPEN_DELEGATEWRITE) {
2726 				dp->nfsdl_flags = NFSCLDL_WRITE;
2727 				/*
2728 				 * Indicates how much the file can grow.
2729 				 */
2730 				NFSM_DISSECT(tl, u_int32_t *,
2731 				    3 * NFSX_UNSIGNED);
2732 				limitby = fxdr_unsigned(int, *tl++);
2733 				switch (limitby) {
2734 				case NFSV4OPEN_LIMITSIZE:
2735 					dp->nfsdl_sizelimit = fxdr_hyper(tl);
2736 					break;
2737 				case NFSV4OPEN_LIMITBLOCKS:
2738 					dp->nfsdl_sizelimit =
2739 					    fxdr_unsigned(u_int64_t, *tl++);
2740 					dp->nfsdl_sizelimit *=
2741 					    fxdr_unsigned(u_int64_t, *tl);
2742 					break;
2743 				default:
2744 					error = NFSERR_BADXDR;
2745 					goto nfsmout;
2746 				}
2747 			} else {
2748 				dp->nfsdl_flags = NFSCLDL_READ;
2749 			}
2750 			if (ret)
2751 				dp->nfsdl_flags |= NFSCLDL_RECALL;
2752 			error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false,
2753 			    &ret, &acesize, p);
2754 			if (error)
2755 				goto nfsmout;
2756 		} else if (deleg == NFSV4OPEN_DELEGATENONEEXT &&
2757 		    NFSHASNFSV4N(nmp)) {
2758 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
2759 			deleg = fxdr_unsigned(uint32_t, *tl);
2760 			if (deleg == NFSV4OPEN_CONTENTION ||
2761 			    deleg == NFSV4OPEN_RESOURCE)
2762 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
2763 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
2764 			error = NFSERR_BADXDR;
2765 			goto nfsmout;
2766 		}
2767 		error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
2768 		if (error)
2769 			goto nfsmout;
2770 		/* Get rid of the PutFH and Getattr status values. */
2771 		NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
2772 		/* Load the directory attributes. */
2773 		error = nfsm_loadattr(nd, dnap);
2774 		if (error)
2775 			goto nfsmout;
2776 		*dattrflagp = 1;
2777 		if (dp != NULL && *attrflagp) {
2778 			dp->nfsdl_change = nnap->na_filerev;
2779 			dp->nfsdl_modtime = nnap->na_mtime;
2780 			dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
2781 		}
2782 		/*
2783 		 * We can now complete the Open state.
2784 		 */
2785 		nfhp = *nfhpp;
2786 		if (dp != NULL) {
2787 			dp->nfsdl_fhlen = nfhp->nfh_len;
2788 			NFSBCOPY(nfhp->nfh_fh, dp->nfsdl_fh, nfhp->nfh_len);
2789 		}
2790 		/*
2791 		 * Get an Open structure that will be
2792 		 * attached to the OpenOwner, acquired already.
2793 		 */
2794 		error = nfscl_open(dvp, nfhp->nfh_fh, nfhp->nfh_len,
2795 		    (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), 0,
2796 		    cred, p, NULL, &op, &newone, NULL, 0, false);
2797 		if (error)
2798 			goto nfsmout;
2799 		op->nfso_stateid = stateid;
2800 		newnfs_copyincred(cred, &op->nfso_cred);
2801 		if ((rflags & NFSV4OPEN_RESULTCONFIRM)) {
2802 		    do {
2803 			ret = nfsrpc_openconfirm(dvp, nfhp->nfh_fh,
2804 			    nfhp->nfh_len, op, cred, p);
2805 			if (ret == NFSERR_DELAY)
2806 			    (void) nfs_catnap(PZERO, ret, "nfs_create");
2807 		    } while (ret == NFSERR_DELAY);
2808 		    error = ret;
2809 		}
2810 
2811 		/*
2812 		 * If the server is handing out delegations, but we didn't
2813 		 * get one because an OpenConfirm was required, try the
2814 		 * Open again, to get a delegation. This is a harmless no-op,
2815 		 * from a server's point of view.
2816 		 */
2817 		if ((rflags & NFSV4OPEN_RESULTCONFIRM) &&
2818 		    (owp->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG) &&
2819 		    !error && dp == NULL) {
2820 		    KASSERT(!NFSHASNFSV4N(nmp),
2821 			("nfsrpc_createv4: result confirm"));
2822 		    do {
2823 			ret = nfsrpc_openrpc(VFSTONFS(dvp->v_mount), dvp,
2824 			    np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
2825 			    nfhp->nfh_fh, nfhp->nfh_len,
2826 			    (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), op,
2827 			    name, namelen, &dp, 0, 0x0, cred, p, 0, 1);
2828 			if (ret == NFSERR_DELAY)
2829 			    (void) nfs_catnap(PZERO, ret, "nfs_crt2");
2830 		    } while (ret == NFSERR_DELAY);
2831 		    if (ret) {
2832 			if (dp != NULL) {
2833 				free(dp, M_NFSCLDELEG);
2834 				dp = NULL;
2835 			}
2836 			if (ret == NFSERR_STALECLIENTID ||
2837 			    ret == NFSERR_STALEDONTRECOVER ||
2838 			    ret == NFSERR_BADSESSION)
2839 				error = ret;
2840 		    }
2841 		}
2842 		nfscl_openrelease(nmp, op, error, newone);
2843 		*unlockedp = 1;
2844 	}
2845 	if (nd->nd_repstat != 0 && error == 0)
2846 		error = nd->nd_repstat;
2847 	if (error == NFSERR_STALECLIENTID)
2848 		nfscl_initiate_recovery(owp->nfsow_clp);
2849 nfsmout:
2850 	if (!error)
2851 		*dpp = dp;
2852 	else if (dp != NULL)
2853 		free(dp, M_NFSCLDELEG);
2854 	m_freem(nd->nd_mrep);
2855 	return (error);
2856 }
2857 
2858 /*
2859  * Nfs remove rpc
2860  */
2861 int
2862 nfsrpc_remove(struct vnode *dvp, char *name, int namelen, struct vnode *vp,
2863     struct nfsvattr *nap, int *attrflagp, nfsremove_status *file_status,
2864     struct nfsvattr *dnap, int *dattrflagp, struct ucred *cred, NFSPROC_T *p)
2865 {
2866 	uint32_t *tl;
2867 	struct nfsrv_descript nfsd, *nd = &nfsd;
2868 	struct nfsnode *np;
2869 	struct nfsmount *nmp;
2870 	nfsv4stateid_t dstateid;
2871 	nfsattrbit_t attrbits;
2872 	int error, i, ret;
2873 
2874 	*dattrflagp = 0;
2875 	*attrflagp = 0;
2876 	*file_status = UNKNOWN;
2877 	ret = 0;
2878 	if (namelen > NFS_MAXNAMLEN)
2879 		return (ENAMETOOLONG);
2880 	nmp = VFSTONFS(dvp->v_mount);
2881 tryagain:
2882 	if (NFSHASNFSV4(nmp) && ((nmp->nm_flag & NFSMNT_NOCTO) == 0 ||
2883 	    !NFSHASNFSV4N(nmp)) && ret == 0) {
2884 		ret = nfscl_removedeleg(vp, p, &dstateid);
2885 		if (ret == 1) {
2886 			NFSCL_REQSTART(nd, NFSPROC_RETDELEGREMOVE, vp, cred);
2887 			NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
2888 			    NFSX_UNSIGNED);
2889 			if (NFSHASNFSV4N(nmp))
2890 				*tl++ = 0;
2891 			else
2892 				*tl++ = dstateid.seqid;
2893 			*tl++ = dstateid.other[0];
2894 			*tl++ = dstateid.other[1];
2895 			*tl++ = dstateid.other[2];
2896 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
2897 			np = VTONFS(dvp);
2898 			(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
2899 			    np->n_fhp->nfh_len, 0);
2900 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2901 			*tl = txdr_unsigned(NFSV4OP_REMOVE);
2902 		}
2903 	} else {
2904 		ret = 0;
2905 	}
2906 	if (ret == 0)
2907 		NFSCL_REQSTART(nd, NFSPROC_REMOVE, dvp, cred);
2908 	(void)nfsm_strtom(nd, name, namelen);
2909 	if (ret == 0 && (nd->nd_flag & ND_NFSV4) != 0) {
2910 		NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
2911 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
2912 		np = VTONFS(vp);
2913 		(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
2914 		NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
2915 		NFSGETATTR_ATTRBIT(&attrbits);
2916 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
2917 		(void)nfsrv_putattrbit(nd, &attrbits);
2918 	}
2919 	error = nfscl_request(nd, dvp, p, cred);
2920 	if (error != 0)
2921 		return (error);
2922 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
2923 		/* For NFSv4, parse out any Delereturn replies. */
2924 		if (ret > 0 && nd->nd_repstat != 0 &&
2925 		    (nd->nd_flag & ND_NOMOREDATA)) {
2926 			/*
2927 			 * If the Delegreturn failed, try again without
2928 			 * it. The server will Recall, as required.
2929 			 */
2930 			m_freem(nd->nd_mrep);
2931 			goto tryagain;
2932 		}
2933 		for (i = 0; i < (ret * 2); i++) {
2934 			if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
2935 			    ND_NFSV4) {
2936 			    NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2937 			    if (*(tl + 1))
2938 				nd->nd_flag |= ND_NOMOREDATA;
2939 			}
2940 		}
2941 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, NULL);
2942 	}
2943 	if (ret == 0 && (nd->nd_flag & (ND_NFSV4 |
2944 	    ND_NOMOREDATA)) == ND_NFSV4) {
2945 		/* Parse out the Remove reply for NFSPROC_REMOVE. */
2946 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED + 2 * NFSX_HYPER);
2947 		/* No use for change info for now. */
2948 		/* The Remove succeeded. */
2949 		nd->nd_repstat = 0;
2950 	}
2951 	if (ret == 0 && (nd->nd_flag & (ND_NFSV4 |
2952 	    ND_NOMOREDATA)) == ND_NFSV4) {
2953 		/* Parse out the PutFH, Getattr for NFSPROC_REMOVE. */
2954 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
2955 		if (*(tl + 1) != 0) {
2956 			i = fxdr_unsigned(int, *(tl + 1));
2957 			if (i == NFSERR_STALE)
2958 				*file_status = DELETED;
2959 		} else {
2960 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
2961 			if (*(tl + 1) != 0) {
2962 				i = fxdr_unsigned(int, *(tl + 1));
2963 				if (i == NFSERR_STALE)
2964 					*file_status = DELETED;
2965 			} else {
2966 				error = nfsm_loadattr(nd, nap);
2967 				if (error == 0) {
2968 					*attrflagp = 1;
2969 					if (nap->na_nlink == 0)
2970 						*file_status = NLINK_ZERO;
2971 					else
2972 						*file_status = VALID;
2973 				}
2974 			}
2975 		}
2976 	}
2977 	if (nd->nd_repstat != 0 && error == 0)
2978 		error = nd->nd_repstat;
2979 nfsmout:
2980 	m_freem(nd->nd_mrep);
2981 	return (error);
2982 }
2983 
2984 /*
2985  * Do an nfs rename rpc.
2986  */
2987 int
2988 nfsrpc_rename(struct vnode *fdvp, struct vnode *fvp, char *fnameptr,
2989     int fnamelen, struct vnode *tdvp, struct vnode *tvp, char *tnameptr,
2990     int tnamelen, nfsremove_status *tvp_status, struct nfsvattr *fnap,
2991     struct nfsvattr *tnap, int *fattrflagp, int *tattrflagp,
2992     struct nfsvattr *tvpnap, int *tvpattrflagp, struct ucred *cred,
2993     NFSPROC_T *p)
2994 {
2995 	uint32_t *tl;
2996 	struct nfsrv_descript nfsd, *nd = &nfsd;
2997 	struct nfsmount *nmp;
2998 	struct nfsnode *np;
2999 	nfsattrbit_t attrbits;
3000 	nfsv4stateid_t fdstateid, tdstateid;
3001 	int error = 0, ret = 0, gottd = 0, gotfd = 0, i;
3002 
3003 	*fattrflagp = 0;
3004 	*tattrflagp = 0;
3005 	*tvpattrflagp = 0;
3006 	*tvp_status = UNKNOWN;
3007 	nmp = VFSTONFS(fdvp->v_mount);
3008 	if (fnamelen > NFS_MAXNAMLEN || tnamelen > NFS_MAXNAMLEN)
3009 		return (ENAMETOOLONG);
3010 tryagain:
3011 	if (NFSHASNFSV4(nmp) && ((nmp->nm_flag & NFSMNT_NOCTO) == 0 ||
3012 	    !NFSHASNFSV4N(nmp)) && ret == 0) {
3013 		ret = nfscl_renamedeleg(fvp, &fdstateid, &gotfd, tvp,
3014 		    &tdstateid, &gottd, p);
3015 		if (gotfd && gottd) {
3016 			NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME2, fvp, cred);
3017 		} else if (gotfd) {
3018 			NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, fvp, cred);
3019 		} else if (gottd) {
3020 			NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, tvp, cred);
3021 		}
3022 		if (gotfd) {
3023 			NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
3024 			if (NFSHASNFSV4N(nmp))
3025 				*tl++ = 0;
3026 			else
3027 				*tl++ = fdstateid.seqid;
3028 			*tl++ = fdstateid.other[0];
3029 			*tl++ = fdstateid.other[1];
3030 			*tl = fdstateid.other[2];
3031 			if (gottd) {
3032 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3033 				*tl = txdr_unsigned(NFSV4OP_PUTFH);
3034 				np = VTONFS(tvp);
3035 				(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
3036 				    np->n_fhp->nfh_len, 0);
3037 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3038 				*tl = txdr_unsigned(NFSV4OP_DELEGRETURN);
3039 			}
3040 		}
3041 		if (gottd) {
3042 			NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
3043 			if (NFSHASNFSV4N(nmp))
3044 				*tl++ = 0;
3045 			else
3046 				*tl++ = tdstateid.seqid;
3047 			*tl++ = tdstateid.other[0];
3048 			*tl++ = tdstateid.other[1];
3049 			*tl = tdstateid.other[2];
3050 		}
3051 		if (ret > 0) {
3052 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3053 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
3054 			np = VTONFS(fdvp);
3055 			(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh,
3056 			    np->n_fhp->nfh_len, 0);
3057 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3058 			*tl = txdr_unsigned(NFSV4OP_SAVEFH);
3059 		}
3060 	} else {
3061 		ret = 0;
3062 	}
3063 	if (ret == 0)
3064 		NFSCL_REQSTART(nd, NFSPROC_RENAME, fdvp, cred);
3065 	if ((nd->nd_flag & ND_NFSV4) != 0) {
3066 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3067 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
3068 		NFSWCCATTR_ATTRBIT(&attrbits);
3069 		(void)nfsrv_putattrbit(nd, &attrbits);
3070 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3071 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
3072 		(void)nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
3073 		    VTONFS(tdvp)->n_fhp->nfh_len, 0);
3074 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3075 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
3076 		(void)nfsrv_putattrbit(nd, &attrbits);
3077 		nd->nd_flag |= ND_V4WCCATTR;
3078 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3079 		*tl = txdr_unsigned(NFSV4OP_RENAME);
3080 	}
3081 	(void)nfsm_strtom(nd, fnameptr, fnamelen);
3082 	if ((nd->nd_flag & ND_NFSV4) == 0)
3083 		(void)nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
3084 			VTONFS(tdvp)->n_fhp->nfh_len, 0);
3085 	(void)nfsm_strtom(nd, tnameptr, tnamelen);
3086 	if (ret == 0 && (nd->nd_flag & ND_NFSV4) != 0) {
3087 		NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
3088 		/* When tvp == NULL, it doesn't matter which dvp is used. */
3089 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
3090 		if (tvp != NULL)
3091 			(void)nfsm_fhtom(nmp, nd, VTONFS(tvp)->n_fhp->nfh_fh,
3092 			    VTONFS(tvp)->n_fhp->nfh_len, 0);
3093 		else
3094 			(void)nfsm_fhtom(nmp, nd, VTONFS(tdvp)->n_fhp->nfh_fh,
3095 			    VTONFS(tdvp)->n_fhp->nfh_len, 0);
3096 		NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
3097 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
3098 		NFSGETATTR_ATTRBIT(&attrbits);
3099 		(void)nfsrv_putattrbit(nd, &attrbits);
3100 	}
3101 	error = nfscl_request(nd, fdvp, p, cred);
3102 	if (error != 0)
3103 		return (error);
3104 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
3105 		/* For NFSv4, parse out any Delereturn replies. */
3106 		if (ret > 0 && nd->nd_repstat != 0 &&
3107 		    (nd->nd_flag & ND_NOMOREDATA)) {
3108 			/*
3109 			 * If the Delegreturn failed, try again without
3110 			 * it. The server will Recall, as required.
3111 			 */
3112 			m_freem(nd->nd_mrep);
3113 			goto tryagain;
3114 		}
3115 		for (i = 0; i < (ret * 2); i++) {
3116 			if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
3117 			    ND_NFSV4) {
3118 			    NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
3119 			    if (*(tl + 1)) {
3120 				if (i == 1 && ret > 1) {
3121 				    /*
3122 				     * If the Delegreturn failed, try again
3123 				     * without it. The server will Recall, as
3124 				     * required.
3125 				     * If ret > 1, the second iteration of this
3126 				     * loop is the second DelegReturn result.
3127 				     */
3128 				    m_freem(nd->nd_mrep);
3129 				    goto tryagain;
3130 				} else {
3131 				    nd->nd_flag |= ND_NOMOREDATA;
3132 				}
3133 			    }
3134 			}
3135 		}
3136 		/* Now, the first wcc attribute reply. */
3137 		if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
3138 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
3139 			if (*(tl + 1))
3140 				nd->nd_flag |= ND_NOMOREDATA;
3141 		}
3142 		error = nfscl_wcc_data(nd, fdvp, fnap, fattrflagp, NULL, NULL);
3143 		/* and the second wcc attribute reply. */
3144 		if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 &&
3145 		    error == 0) {
3146 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
3147 			if (*(tl + 1))
3148 				nd->nd_flag |= ND_NOMOREDATA;
3149 		}
3150 		if (error == 0)
3151 			error = nfscl_wcc_data(nd, tdvp, tnap, tattrflagp,
3152 			    NULL, NULL);
3153 	}
3154 	if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 &&
3155 	    ret == 0 && error == 0) {
3156 		/* Parse out the rename successful reply. */
3157 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED +
3158 		    4 * NFSX_HYPER);
3159 		nd->nd_repstat = 0;	/* Rename succeeded. */
3160 		/* Parse PutFH reply for tvp. */
3161 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
3162 		if (*(tl + 1) != 0) {
3163 			if (tvp != NULL) {
3164 				i = fxdr_unsigned(int, *(tl + 1));
3165 				if (i == NFSERR_STALE)
3166 					*tvp_status = DELETED;
3167 			}
3168 		} else {
3169 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
3170 			if (*(tl + 1) != 0) {
3171 				if (tvp != NULL) {
3172 					i = fxdr_unsigned(int, *(tl + 1));
3173 					if (i == NFSERR_STALE)
3174 						*tvp_status = DELETED;
3175 				}
3176 			} else {
3177 				error = nfsm_loadattr(nd, tvpnap);
3178 				if (error == 0 && tvp != NULL) {
3179 					*tvpattrflagp = 1;
3180 					if (tvpnap->na_nlink == 0)
3181 						*tvp_status = NLINK_ZERO;
3182 					else
3183 						*tvp_status = VALID;
3184 				}
3185 			}
3186 		}
3187 	}
3188 	if (nd->nd_repstat != 0 && error == 0)
3189 		error = nd->nd_repstat;
3190 nfsmout:
3191 	m_freem(nd->nd_mrep);
3192 	return (error);
3193 }
3194 
3195 /*
3196  * nfs hard link create rpc
3197  */
3198 int
3199 nfsrpc_link(vnode_t dvp, vnode_t vp, char *name, int namelen,
3200     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
3201     struct nfsvattr *nap, int *attrflagp, int *dattrflagp)
3202 {
3203 	u_int32_t *tl;
3204 	struct nfsrv_descript nfsd, *nd = &nfsd;
3205 	nfsattrbit_t attrbits;
3206 	int error = 0;
3207 
3208 	*attrflagp = 0;
3209 	*dattrflagp = 0;
3210 	if (namelen > NFS_MAXNAMLEN)
3211 		return (ENAMETOOLONG);
3212 	NFSCL_REQSTART(nd, NFSPROC_LINK, vp, cred);
3213 	if (nd->nd_flag & ND_NFSV4) {
3214 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3215 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
3216 	}
3217 	(void)nfsm_fhtom(VFSTONFS(dvp->v_mount), nd, VTONFS(dvp)->n_fhp->nfh_fh,
3218 		VTONFS(dvp)->n_fhp->nfh_len, 0);
3219 	if (nd->nd_flag & ND_NFSV4) {
3220 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3221 		*tl = txdr_unsigned(NFSV4OP_LINK);
3222 	}
3223 	(void) nfsm_strtom(nd, name, namelen);
3224 	if (nd->nd_flag & ND_NFSV4) {
3225 		NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
3226 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
3227 		NFSGETATTR_ATTRBIT(&attrbits);
3228 		(void)nfsrv_putattrbit(nd, &attrbits);
3229 		NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
3230 		*tl++ = txdr_unsigned(NFSV4OP_RESTOREFH);
3231 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
3232 		(void)nfsrv_putattrbit(nd, &attrbits);
3233 	}
3234 	error = nfscl_request(nd, vp, p, cred);
3235 	if (error)
3236 		return (error);
3237 	if (nd->nd_flag & ND_NFSV3) {
3238 		error = nfscl_postop_attr(nd, nap, attrflagp);
3239 		if (!error)
3240 			error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
3241 			    NULL, NULL);
3242 	} else if (nd->nd_repstat == 0 && (nd->nd_flag & ND_NFSV4) != 0) {
3243 		/*
3244 		 * First and parse out the PutFH and Link results.
3245 		 */
3246 		NFSM_DISSECT(tl, uint32_t *, 5 * NFSX_UNSIGNED +
3247 		    2 * NFSX_HYPER);
3248 		if (*(tl + 3))
3249 			nd->nd_flag |= ND_NOMOREDATA;
3250 		/*
3251 		 * Get the directory post-op attributes.
3252 		 */
3253 		if ((nd->nd_flag & ND_NOMOREDATA) == 0)
3254 			error = nfscl_postop_attr(nd, dnap, dattrflagp);
3255 		if (error == 0 && (nd->nd_flag & ND_NOMOREDATA) == 0) {
3256 			/* Get rid of the RestoreFH reply. */
3257 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
3258 			if (*(tl + 1))
3259 				nd->nd_flag |= ND_NOMOREDATA;
3260 		}
3261 		/* Get the file's post-op attributes. */
3262 		if (error == 0 && (nd->nd_flag & ND_NOMOREDATA) == 0)
3263 			error = nfscl_postop_attr(nd, nap, attrflagp);
3264 	}
3265 	if (nd->nd_repstat && !error)
3266 		error = nd->nd_repstat;
3267 nfsmout:
3268 	m_freem(nd->nd_mrep);
3269 	return (error);
3270 }
3271 
3272 /*
3273  * nfs symbolic link create rpc
3274  */
3275 int
3276 nfsrpc_symlink(vnode_t dvp, char *name, int namelen, const char *target,
3277     struct vattr *vap, struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
3278     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
3279     int *dattrflagp)
3280 {
3281 	u_int32_t *tl;
3282 	struct nfsrv_descript nfsd, *nd = &nfsd;
3283 	struct nfsmount *nmp;
3284 	int slen, error = 0;
3285 
3286 	*nfhpp = NULL;
3287 	*attrflagp = 0;
3288 	*dattrflagp = 0;
3289 	nmp = VFSTONFS(dvp->v_mount);
3290 	slen = strlen(target);
3291 	if (slen > NFS_MAXPATHLEN || namelen > NFS_MAXNAMLEN)
3292 		return (ENAMETOOLONG);
3293 	NFSCL_REQSTART(nd, NFSPROC_SYMLINK, dvp, cred);
3294 	if (nd->nd_flag & ND_NFSV4) {
3295 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3296 		*tl = txdr_unsigned(NFLNK);
3297 		(void) nfsm_strtom(nd, target, slen);
3298 	}
3299 	(void) nfsm_strtom(nd, name, namelen);
3300 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
3301 		nfscl_fillsattr(nd, vap, dvp, 0, 0);
3302 	if (!(nd->nd_flag & ND_NFSV4))
3303 		(void) nfsm_strtom(nd, target, slen);
3304 	if (nd->nd_flag & ND_NFSV2)
3305 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
3306 	error = nfscl_request(nd, dvp, p, cred);
3307 	if (error)
3308 		return (error);
3309 	if (nd->nd_flag & ND_NFSV4)
3310 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, NULL);
3311 	if ((nd->nd_flag & ND_NFSV3) && !error) {
3312 		if (!nd->nd_repstat)
3313 			error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
3314 		if (!error)
3315 			error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
3316 			    NULL, NULL);
3317 	}
3318 	if (nd->nd_repstat && !error)
3319 		error = nd->nd_repstat;
3320 	m_freem(nd->nd_mrep);
3321 	/*
3322 	 * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
3323 	 * Only do this if vfs.nfs.ignore_eexist is set.
3324 	 * Never do this for NFSv4.1 or later minor versions, since sessions
3325 	 * should guarantee "exactly once" RPC semantics.
3326 	 */
3327 	if (error == EEXIST && nfsignore_eexist != 0 && (!NFSHASNFSV4(nmp) ||
3328 	    nmp->nm_minorvers == 0))
3329 		error = 0;
3330 	return (error);
3331 }
3332 
3333 /*
3334  * nfs make dir rpc
3335  */
3336 int
3337 nfsrpc_mkdir(vnode_t dvp, char *name, int namelen, struct vattr *vap,
3338     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
3339     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
3340     int *dattrflagp)
3341 {
3342 	u_int32_t *tl;
3343 	struct nfsrv_descript nfsd, *nd = &nfsd;
3344 	nfsattrbit_t attrbits;
3345 	int error = 0;
3346 	struct nfsfh *fhp;
3347 	struct nfsmount *nmp;
3348 
3349 	*nfhpp = NULL;
3350 	*attrflagp = 0;
3351 	*dattrflagp = 0;
3352 	nmp = VFSTONFS(dvp->v_mount);
3353 	fhp = VTONFS(dvp)->n_fhp;
3354 	if (namelen > NFS_MAXNAMLEN)
3355 		return (ENAMETOOLONG);
3356 	NFSCL_REQSTART(nd, NFSPROC_MKDIR, dvp, cred);
3357 	if (nd->nd_flag & ND_NFSV4) {
3358 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3359 		*tl = txdr_unsigned(NFDIR);
3360 	}
3361 	(void) nfsm_strtom(nd, name, namelen);
3362 	nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1 | NFSSATTR_NEWFILE, 0);
3363 	if (nd->nd_flag & ND_NFSV4) {
3364 		NFSGETATTR_ATTRBIT(&attrbits);
3365 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
3366 		*tl++ = txdr_unsigned(NFSV4OP_GETFH);
3367 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
3368 		(void) nfsrv_putattrbit(nd, &attrbits);
3369 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3370 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
3371 		(void)nfsm_fhtom(nmp, nd, fhp->nfh_fh, fhp->nfh_len, 0);
3372 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3373 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
3374 		(void) nfsrv_putattrbit(nd, &attrbits);
3375 	}
3376 	error = nfscl_request(nd, dvp, p, cred);
3377 	if (error)
3378 		return (error);
3379 	if (nd->nd_flag & ND_NFSV4)
3380 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, NULL);
3381 	if (!nd->nd_repstat && !error) {
3382 		if (nd->nd_flag & ND_NFSV4) {
3383 			NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
3384 			error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
3385 		}
3386 		if (!error)
3387 			error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
3388 		if (error == 0 && (nd->nd_flag & ND_NFSV4) != 0) {
3389 			/* Get rid of the PutFH and Getattr status values. */
3390 			NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
3391 			/* Load the directory attributes. */
3392 			error = nfsm_loadattr(nd, dnap);
3393 			if (error == 0)
3394 				*dattrflagp = 1;
3395 		}
3396 	}
3397 	if ((nd->nd_flag & ND_NFSV3) && !error)
3398 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, NULL);
3399 	if (nd->nd_repstat && !error)
3400 		error = nd->nd_repstat;
3401 nfsmout:
3402 	m_freem(nd->nd_mrep);
3403 	/*
3404 	 * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
3405 	 * Only do this if vfs.nfs.ignore_eexist is set.
3406 	 * Never do this for NFSv4.1 or later minor versions, since sessions
3407 	 * should guarantee "exactly once" RPC semantics.
3408 	 */
3409 	if (error == EEXIST && nfsignore_eexist != 0 && (!NFSHASNFSV4(nmp) ||
3410 	    nmp->nm_minorvers == 0))
3411 		error = 0;
3412 	return (error);
3413 }
3414 
3415 /*
3416  * nfs remove directory call
3417  */
3418 int
3419 nfsrpc_rmdir(vnode_t dvp, char *name, int namelen, struct ucred *cred,
3420     NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp)
3421 {
3422 	struct nfsrv_descript nfsd, *nd = &nfsd;
3423 	int error = 0;
3424 
3425 	*dattrflagp = 0;
3426 	if (namelen > NFS_MAXNAMLEN)
3427 		return (ENAMETOOLONG);
3428 	NFSCL_REQSTART(nd, NFSPROC_RMDIR, dvp, cred);
3429 	(void) nfsm_strtom(nd, name, namelen);
3430 	error = nfscl_request(nd, dvp, p, cred);
3431 	if (error)
3432 		return (error);
3433 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
3434 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, NULL);
3435 	if (nd->nd_repstat && !error)
3436 		error = nd->nd_repstat;
3437 	m_freem(nd->nd_mrep);
3438 	/*
3439 	 * Kludge: Map ENOENT => 0 assuming that you have a reply to a retry.
3440 	 */
3441 	if (error == ENOENT)
3442 		error = 0;
3443 	return (error);
3444 }
3445 
3446 /*
3447  * Check to make sure the file name in a Readdir reply is valid.
3448  */
3449 static bool
3450 nfscl_invalidfname(bool is_v4, char *name, int len)
3451 {
3452 	int i;
3453 	char *cp;
3454 
3455 	if (is_v4 && ((len == 1 && name[0] == '.') ||
3456 	    (len == 2 && name[0] == '.' && name[1] == '.'))) {
3457 		printf("Readdir NFSv4 reply has dot or dotdot in it\n");
3458 		return (true);
3459 	}
3460 	cp = name;
3461 	for (i = 0; i < len; i++, cp++) {
3462 		if (*cp == '/' || *cp == '\0') {
3463 			printf("Readdir reply file name had imbedded / or nul"
3464 			    " byte\n");
3465 			return (true);
3466 		}
3467 	}
3468 	return (false);
3469 }
3470 
3471 /*
3472  * Readdir rpc.
3473  * Always returns with either uio_resid unchanged, if you are at the
3474  * end of the directory, or uio_resid == 0, with all DIRBLKSIZ chunks
3475  * filled in.
3476  * I felt this would allow caching of directory blocks more easily
3477  * than returning a pertially filled block.
3478  * Directory offset cookies:
3479  * Oh my, what to do with them...
3480  * I can think of three ways to deal with them:
3481  * 1 - have the layer above these RPCs maintain a map between logical
3482  *     directory byte offsets and the NFS directory offset cookies
3483  * 2 - pass the opaque directory offset cookies up into userland
3484  *     and let the libc functions deal with them, via the system call
3485  * 3 - return them to userland in the "struct dirent", so future versions
3486  *     of libc can use them and do whatever is necessary to make things work
3487  *     above these rpc calls, in the meantime
3488  * For now, I do #3 by "hiding" the directory offset cookies after the
3489  * d_name field in struct dirent. This is space inside d_reclen that
3490  * will be ignored by anything that doesn't know about them.
3491  * The directory offset cookies are filled in as the last 8 bytes of
3492  * each directory entry, after d_name. Someday, the userland libc
3493  * functions may be able to use these. In the meantime, it satisfies
3494  * OpenBSD's requirements for cookies being returned.
3495  * If expects the directory offset cookie for the read to be in uio_offset
3496  * and returns the one for the next entry after this directory block in
3497  * there, as well.
3498  */
3499 int
3500 nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
3501     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
3502     int *eofp)
3503 {
3504 	int len, left;
3505 	struct dirent *dp = NULL;
3506 	u_int32_t *tl;
3507 	nfsquad_t cookie, ncookie;
3508 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
3509 	struct nfsnode *dnp = VTONFS(vp);
3510 	struct nfsvattr nfsva;
3511 	struct nfsrv_descript nfsd, *nd = &nfsd;
3512 	int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
3513 	int reqsize, tryformoredirs = 1, readsize, eof = 0, gotmnton = 0;
3514 	u_int64_t dotfileid, dotdotfileid = 0, fakefileno = UINT64_MAX;
3515 	char *cp;
3516 	nfsattrbit_t attrbits, dattrbits;
3517 	u_int32_t rderr, *tl2 = NULL;
3518 	size_t tresid;
3519 	bool validentry;
3520 
3521 	KASSERT(uiop->uio_iovcnt == 1 &&
3522 	    (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0,
3523 	    ("nfs readdirrpc bad uio"));
3524 	KASSERT(uiop->uio_segflg == UIO_SYSSPACE,
3525 	    ("nfsrpc_readdir: uio userspace"));
3526 	ncookie.lval[0] = ncookie.lval[1] = 0;
3527 	/*
3528 	 * There is no point in reading a lot more than uio_resid, however
3529 	 * adding one additional DIRBLKSIZ makes sense. Since uio_resid
3530 	 * and nm_readdirsize are both exact multiples of DIRBLKSIZ, this
3531 	 * will never make readsize > nm_readdirsize.
3532 	 */
3533 	readsize = nmp->nm_readdirsize;
3534 	if (readsize > uiop->uio_resid)
3535 		readsize = uiop->uio_resid + DIRBLKSIZ;
3536 
3537 	*attrflagp = 0;
3538 	if (eofp)
3539 		*eofp = 0;
3540 	tresid = uiop->uio_resid;
3541 	cookie.lval[0] = cookiep->nfsuquad[0];
3542 	cookie.lval[1] = cookiep->nfsuquad[1];
3543 	nd->nd_mrep = NULL;
3544 
3545 	/*
3546 	 * For NFSv4, first create the "." and ".." entries.
3547 	 */
3548 	if (NFSHASNFSV4(nmp)) {
3549 		reqsize = 6 * NFSX_UNSIGNED;
3550 		NFSGETATTR_ATTRBIT(&dattrbits);
3551 		NFSZERO_ATTRBIT(&attrbits);
3552 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
3553 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TYPE);
3554 		if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
3555 		    NFSATTRBIT_MOUNTEDONFILEID)) {
3556 			NFSSETBIT_ATTRBIT(&attrbits,
3557 			    NFSATTRBIT_MOUNTEDONFILEID);
3558 			gotmnton = 1;
3559 		} else {
3560 			/*
3561 			 * Must fake it. Use the fileno, except when the
3562 			 * fsid is != to that of the directory. For that
3563 			 * case, generate a fake fileno that is not the same.
3564 			 */
3565 			NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
3566 			gotmnton = 0;
3567 		}
3568 
3569 		/*
3570 		 * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
3571 		 */
3572 		if (uiop->uio_offset == 0) {
3573 			NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp, cred);
3574 			NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
3575 			*tl++ = txdr_unsigned(NFSV4OP_GETFH);
3576 			*tl = txdr_unsigned(NFSV4OP_GETATTR);
3577 			(void) nfsrv_putattrbit(nd, &attrbits);
3578 			error = nfscl_request(nd, vp, p, cred);
3579 			if (error)
3580 			    return (error);
3581 			dotfileid = 0;	/* Fake out the compiler. */
3582 			if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
3583 			    error = nfsm_loadattr(nd, &nfsva);
3584 			    if (error != 0)
3585 				goto nfsmout;
3586 			    dotfileid = nfsva.na_fileid;
3587 			}
3588 			if (nd->nd_repstat == 0) {
3589 			    NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
3590 			    len = fxdr_unsigned(int, *(tl + 4));
3591 			    if (len > 0 && len <= NFSX_V4FHMAX)
3592 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
3593 			    else
3594 				error = EPERM;
3595 			    if (!error) {
3596 				NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
3597 				nfsva.na_mntonfileno = UINT64_MAX;
3598 				error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
3599 				    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
3600 				    NULL, NULL, NULL, NULL, p, cred);
3601 				if (error) {
3602 				    dotdotfileid = dotfileid;
3603 				} else if (gotmnton) {
3604 				    if (nfsva.na_mntonfileno != UINT64_MAX)
3605 					dotdotfileid = nfsva.na_mntonfileno;
3606 				    else
3607 					dotdotfileid = nfsva.na_fileid;
3608 				} else if (nfsva.na_filesid[0] ==
3609 				    dnp->n_vattr.na_filesid[0] &&
3610 				    nfsva.na_filesid[1] ==
3611 				    dnp->n_vattr.na_filesid[1]) {
3612 				    dotdotfileid = nfsva.na_fileid;
3613 				} else {
3614 				    do {
3615 					fakefileno--;
3616 				    } while (fakefileno ==
3617 					nfsva.na_fileid);
3618 				    dotdotfileid = fakefileno;
3619 				}
3620 			    }
3621 			} else if (nd->nd_repstat == NFSERR_NOENT) {
3622 			    /*
3623 			     * Lookupp returns NFSERR_NOENT when we are
3624 			     * at the root, so just use the current dir.
3625 			     */
3626 			    nd->nd_repstat = 0;
3627 			    dotdotfileid = dotfileid;
3628 			} else {
3629 			    error = nd->nd_repstat;
3630 			}
3631 			m_freem(nd->nd_mrep);
3632 			if (error)
3633 			    return (error);
3634 			nd->nd_mrep = NULL;
3635 			dp = (struct dirent *)uiop->uio_iov->iov_base;
3636 			dp->d_pad0 = dp->d_pad1 = 0;
3637 			dp->d_off = 0;
3638 			dp->d_type = DT_DIR;
3639 			dp->d_fileno = dotfileid;
3640 			dp->d_namlen = 1;
3641 			*((uint64_t *)dp->d_name) = 0;	/* Zero pad it. */
3642 			dp->d_name[0] = '.';
3643 			dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
3644 			/*
3645 			 * Just make these offset cookie 0.
3646 			 */
3647 			tl = (u_int32_t *)&dp->d_name[8];
3648 			*tl++ = 0;
3649 			*tl = 0;
3650 			blksiz += dp->d_reclen;
3651 			uiop->uio_resid -= dp->d_reclen;
3652 			uiop->uio_offset += dp->d_reclen;
3653 			uiop->uio_iov->iov_base =
3654 			    (char *)uiop->uio_iov->iov_base + dp->d_reclen;
3655 			uiop->uio_iov->iov_len -= dp->d_reclen;
3656 			dp = (struct dirent *)uiop->uio_iov->iov_base;
3657 			dp->d_pad0 = dp->d_pad1 = 0;
3658 			dp->d_off = 0;
3659 			dp->d_type = DT_DIR;
3660 			dp->d_fileno = dotdotfileid;
3661 			dp->d_namlen = 2;
3662 			*((uint64_t *)dp->d_name) = 0;
3663 			dp->d_name[0] = '.';
3664 			dp->d_name[1] = '.';
3665 			dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
3666 			/*
3667 			 * Just make these offset cookie 0.
3668 			 */
3669 			tl = (u_int32_t *)&dp->d_name[8];
3670 			*tl++ = 0;
3671 			*tl = 0;
3672 			blksiz += dp->d_reclen;
3673 			uiop->uio_resid -= dp->d_reclen;
3674 			uiop->uio_offset += dp->d_reclen;
3675 			uiop->uio_iov->iov_base =
3676 			    (char *)uiop->uio_iov->iov_base + dp->d_reclen;
3677 			uiop->uio_iov->iov_len -= dp->d_reclen;
3678 		}
3679 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_RDATTRERROR);
3680 	} else {
3681 		reqsize = 5 * NFSX_UNSIGNED;
3682 	}
3683 
3684 	/*
3685 	 * Loop around doing readdir rpc's of size readsize.
3686 	 * The stopping criteria is EOF or buffer full.
3687 	 */
3688 	while (more_dirs && bigenough) {
3689 		*attrflagp = 0;
3690 		NFSCL_REQSTART(nd, NFSPROC_READDIR, vp, cred);
3691 		if (nd->nd_flag & ND_NFSV2) {
3692 			NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
3693 			*tl++ = cookie.lval[1];
3694 			*tl = txdr_unsigned(readsize);
3695 		} else {
3696 			NFSM_BUILD(tl, u_int32_t *, reqsize);
3697 			*tl++ = cookie.lval[0];
3698 			*tl++ = cookie.lval[1];
3699 			if (cookie.qval == 0) {
3700 				*tl++ = 0;
3701 				*tl++ = 0;
3702 			} else {
3703 				NFSLOCKNODE(dnp);
3704 				*tl++ = dnp->n_cookieverf.nfsuquad[0];
3705 				*tl++ = dnp->n_cookieverf.nfsuquad[1];
3706 				NFSUNLOCKNODE(dnp);
3707 			}
3708 			if (nd->nd_flag & ND_NFSV4) {
3709 				*tl++ = txdr_unsigned(readsize);
3710 				*tl = txdr_unsigned(readsize);
3711 				(void) nfsrv_putattrbit(nd, &attrbits);
3712 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3713 				*tl = txdr_unsigned(NFSV4OP_GETATTR);
3714 				(void) nfsrv_putattrbit(nd, &dattrbits);
3715 			} else {
3716 				*tl = txdr_unsigned(readsize);
3717 			}
3718 		}
3719 		error = nfscl_request(nd, vp, p, cred);
3720 		if (error)
3721 			return (error);
3722 		if (!(nd->nd_flag & ND_NFSV2)) {
3723 			if (nd->nd_flag & ND_NFSV3)
3724 				error = nfscl_postop_attr(nd, nap, attrflagp);
3725 			if (!nd->nd_repstat && !error) {
3726 				NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
3727 				NFSLOCKNODE(dnp);
3728 				dnp->n_cookieverf.nfsuquad[0] = *tl++;
3729 				dnp->n_cookieverf.nfsuquad[1] = *tl;
3730 				NFSUNLOCKNODE(dnp);
3731 			}
3732 		}
3733 		if (nd->nd_repstat || error) {
3734 			if (!error)
3735 				error = nd->nd_repstat;
3736 			goto nfsmout;
3737 		}
3738 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3739 		more_dirs = fxdr_unsigned(int, *tl);
3740 		if (!more_dirs)
3741 			tryformoredirs = 0;
3742 
3743 		/* loop through the dir entries, doctoring them to 4bsd form */
3744 		while (more_dirs && bigenough) {
3745 			validentry = true;
3746 			if (nd->nd_flag & ND_NFSV4) {
3747 				NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
3748 				ncookie.lval[0] = *tl++;
3749 				ncookie.lval[1] = *tl++;
3750 				len = fxdr_unsigned(int, *tl);
3751 			} else if (nd->nd_flag & ND_NFSV3) {
3752 				NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
3753 				nfsva.na_fileid = fxdr_hyper(tl);
3754 				tl += 2;
3755 				len = fxdr_unsigned(int, *tl);
3756 			} else {
3757 				NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
3758 				nfsva.na_fileid = fxdr_unsigned(uint64_t,
3759 				    *tl++);
3760 				len = fxdr_unsigned(int, *tl);
3761 			}
3762 			if (len <= 0 || len > NFS_MAXNAMLEN) {
3763 				error = EBADRPC;
3764 				goto nfsmout;
3765 			}
3766 			tlen = roundup2(len, 8);
3767 			if (tlen == len)
3768 				tlen += 8;  /* To ensure null termination. */
3769 			left = DIRBLKSIZ - blksiz;
3770 			if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) {
3771 				NFSBZERO(uiop->uio_iov->iov_base, left);
3772 				dp->d_reclen += left;
3773 				uiop->uio_iov->iov_base =
3774 				    (char *)uiop->uio_iov->iov_base + left;
3775 				uiop->uio_iov->iov_len -= left;
3776 				uiop->uio_resid -= left;
3777 				uiop->uio_offset += left;
3778 				blksiz = 0;
3779 			}
3780 			if (_GENERIC_DIRLEN(len) + NFSX_HYPER >
3781 			    uiop->uio_resid)
3782 				bigenough = 0;
3783 			if (bigenough) {
3784 				struct iovec saviov;
3785 				off_t savoff;
3786 				ssize_t savresid;
3787 				int savblksiz;
3788 
3789 				saviov.iov_base = uiop->uio_iov->iov_base;
3790 				saviov.iov_len = uiop->uio_iov->iov_len;
3791 				savoff = uiop->uio_offset;
3792 				savresid = uiop->uio_resid;
3793 				savblksiz = blksiz;
3794 
3795 				dp = (struct dirent *)uiop->uio_iov->iov_base;
3796 				dp->d_pad0 = dp->d_pad1 = 0;
3797 				dp->d_off = 0;
3798 				dp->d_namlen = len;
3799 				dp->d_reclen = _GENERIC_DIRLEN(len) +
3800 				    NFSX_HYPER;
3801 				dp->d_type = DT_UNKNOWN;
3802 				blksiz += dp->d_reclen;
3803 				if (blksiz == DIRBLKSIZ)
3804 					blksiz = 0;
3805 				uiop->uio_resid -= DIRHDSIZ;
3806 				uiop->uio_offset += DIRHDSIZ;
3807 				uiop->uio_iov->iov_base =
3808 				    (char *)uiop->uio_iov->iov_base + DIRHDSIZ;
3809 				uiop->uio_iov->iov_len -= DIRHDSIZ;
3810 				cp = uiop->uio_iov->iov_base;
3811 				error = nfsm_mbufuio(nd, uiop, len);
3812 				if (error)
3813 					goto nfsmout;
3814 				/* Check for an invalid file name. */
3815 				if (nfscl_invalidfname(
3816 				    (nd->nd_flag & ND_NFSV4) != 0, cp, len)) {
3817 					/* Skip over this entry. */
3818 					uiop->uio_iov->iov_base =
3819 					    saviov.iov_base;
3820 					uiop->uio_iov->iov_len =
3821 					    saviov.iov_len;
3822 					uiop->uio_offset = savoff;
3823 					uiop->uio_resid = savresid;
3824 					blksiz = savblksiz;
3825 					validentry = false;
3826 				} else {
3827 					cp = uiop->uio_iov->iov_base;
3828 					tlen -= len;
3829 					NFSBZERO(cp, tlen);
3830 					cp += tlen; /* points to cookie store */
3831 					tl2 = (u_int32_t *)cp;
3832 					uiop->uio_iov->iov_base =
3833 					    (char *)uiop->uio_iov->iov_base +
3834 					    tlen + NFSX_HYPER;
3835 					uiop->uio_iov->iov_len -= tlen +
3836 					    NFSX_HYPER;
3837 					uiop->uio_resid -= tlen + NFSX_HYPER;
3838 					uiop->uio_offset += (tlen + NFSX_HYPER);
3839 				}
3840 			} else {
3841 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
3842 				if (error)
3843 					goto nfsmout;
3844 			}
3845 			if (nd->nd_flag & ND_NFSV4) {
3846 				rderr = 0;
3847 				nfsva.na_mntonfileno = UINT64_MAX;
3848 				error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
3849 				    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
3850 				    NULL, NULL, &rderr, NULL, p, cred);
3851 				if (error)
3852 					goto nfsmout;
3853 				NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3854 			} else if (nd->nd_flag & ND_NFSV3) {
3855 				NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
3856 				ncookie.lval[0] = *tl++;
3857 				ncookie.lval[1] = *tl++;
3858 			} else {
3859 				NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
3860 				ncookie.lval[0] = 0;
3861 				ncookie.lval[1] = *tl++;
3862 			}
3863 			if (bigenough && validentry) {
3864 			    if (nd->nd_flag & ND_NFSV4) {
3865 				if (rderr) {
3866 				    dp->d_fileno = 0;
3867 				} else {
3868 				    if (gotmnton) {
3869 					if (nfsva.na_mntonfileno != UINT64_MAX)
3870 					    dp->d_fileno = nfsva.na_mntonfileno;
3871 					else
3872 					    dp->d_fileno = nfsva.na_fileid;
3873 				    } else if (nfsva.na_filesid[0] ==
3874 					dnp->n_vattr.na_filesid[0] &&
3875 					nfsva.na_filesid[1] ==
3876 					dnp->n_vattr.na_filesid[1]) {
3877 					dp->d_fileno = nfsva.na_fileid;
3878 				    } else {
3879 					do {
3880 					    fakefileno--;
3881 					} while (fakefileno ==
3882 					    nfsva.na_fileid);
3883 					dp->d_fileno = fakefileno;
3884 				    }
3885 				    dp->d_type = vtonfs_dtype(nfsva.na_type);
3886 				}
3887 			    } else {
3888 				dp->d_fileno = nfsva.na_fileid;
3889 			    }
3890 			    *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
3891 				ncookie.lval[0];
3892 			    *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
3893 				ncookie.lval[1];
3894 			}
3895 			more_dirs = fxdr_unsigned(int, *tl);
3896 		}
3897 		/*
3898 		 * If at end of rpc data, get the eof boolean
3899 		 */
3900 		if (!more_dirs) {
3901 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3902 			eof = fxdr_unsigned(int, *tl);
3903 			if (tryformoredirs)
3904 				more_dirs = !eof;
3905 			if (nd->nd_flag & ND_NFSV4) {
3906 				error = nfscl_postop_attr(nd, nap, attrflagp);
3907 				if (error)
3908 					goto nfsmout;
3909 			}
3910 		}
3911 		m_freem(nd->nd_mrep);
3912 		nd->nd_mrep = NULL;
3913 	}
3914 	/*
3915 	 * Fill last record, iff any, out to a multiple of DIRBLKSIZ
3916 	 * by increasing d_reclen for the last record.
3917 	 */
3918 	if (blksiz > 0) {
3919 		left = DIRBLKSIZ - blksiz;
3920 		NFSBZERO(uiop->uio_iov->iov_base, left);
3921 		dp->d_reclen += left;
3922 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base +
3923 		    left;
3924 		uiop->uio_iov->iov_len -= left;
3925 		uiop->uio_resid -= left;
3926 		uiop->uio_offset += left;
3927 	}
3928 
3929 	/*
3930 	 * If returning no data, assume end of file.
3931 	 * If not bigenough, return not end of file, since you aren't
3932 	 *    returning all the data
3933 	 * Otherwise, return the eof flag from the server.
3934 	 */
3935 	if (eofp) {
3936 		if (tresid == ((size_t)(uiop->uio_resid)))
3937 			*eofp = 1;
3938 		else if (!bigenough)
3939 			*eofp = 0;
3940 		else
3941 			*eofp = eof;
3942 	}
3943 
3944 	/*
3945 	 * Add extra empty records to any remaining DIRBLKSIZ chunks.
3946 	 */
3947 	while (uiop->uio_resid > 0 && uiop->uio_resid != tresid) {
3948 		dp = (struct dirent *)uiop->uio_iov->iov_base;
3949 		NFSBZERO(dp, DIRBLKSIZ);
3950 		dp->d_type = DT_UNKNOWN;
3951 		tl = (u_int32_t *)&dp->d_name[4];
3952 		*tl++ = cookie.lval[0];
3953 		*tl = cookie.lval[1];
3954 		dp->d_reclen = DIRBLKSIZ;
3955 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base +
3956 		    DIRBLKSIZ;
3957 		uiop->uio_iov->iov_len -= DIRBLKSIZ;
3958 		uiop->uio_resid -= DIRBLKSIZ;
3959 		uiop->uio_offset += DIRBLKSIZ;
3960 	}
3961 
3962 nfsmout:
3963 	if (nd->nd_mrep != NULL)
3964 		m_freem(nd->nd_mrep);
3965 	return (error);
3966 }
3967 
3968 /*
3969  * NFS V3 readdir plus RPC. Used in place of nfsrpc_readdir().
3970  * (Also used for NFS V4 when mount flag set.)
3971  * (ditto above w.r.t. multiple of DIRBLKSIZ, etc.)
3972  */
3973 int
3974 nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
3975     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
3976     int *eofp)
3977 {
3978 	int len, left;
3979 	struct dirent *dp = NULL;
3980 	u_int32_t *tl;
3981 	vnode_t newvp = NULLVP;
3982 	struct nfsrv_descript nfsd, *nd = &nfsd;
3983 	struct nameidata nami, *ndp = &nami;
3984 	struct componentname *cnp = &ndp->ni_cnd;
3985 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
3986 	struct nfsnode *dnp = VTONFS(vp), *np;
3987 	struct nfsvattr nfsva;
3988 	struct nfsfh *nfhp;
3989 	nfsquad_t cookie, ncookie;
3990 	int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
3991 	int attrflag, tryformoredirs = 1, eof = 0, gotmnton = 0;
3992 	int isdotdot = 0, unlocknewvp = 0;
3993 	u_int64_t dotfileid, dotdotfileid = 0, fakefileno = UINT64_MAX;
3994 	u_int64_t fileno = 0;
3995 	char *cp;
3996 	nfsattrbit_t attrbits, dattrbits;
3997 	size_t tresid;
3998 	u_int32_t *tl2 = NULL, rderr;
3999 	struct timespec dctime, ts;
4000 	bool attr_ok, named_dir, validentry;
4001 
4002 	KASSERT(uiop->uio_iovcnt == 1 &&
4003 	    (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0,
4004 	    ("nfs readdirplusrpc bad uio"));
4005 	KASSERT(uiop->uio_segflg == UIO_SYSSPACE,
4006 	    ("nfsrpc_readdirplus: uio userspace"));
4007 	named_dir = false;
4008 	if ((vp->v_irflag & VIRF_NAMEDDIR) != 0)
4009 		named_dir = true;
4010 	ncookie.lval[0] = ncookie.lval[1] = 0;
4011 	timespecclear(&dctime);
4012 	*attrflagp = 0;
4013 	if (eofp != NULL)
4014 		*eofp = 0;
4015 	ndp->ni_dvp = vp;
4016 	nd->nd_mrep = NULL;
4017 	cookie.lval[0] = cookiep->nfsuquad[0];
4018 	cookie.lval[1] = cookiep->nfsuquad[1];
4019 	tresid = uiop->uio_resid;
4020 
4021 	/*
4022 	 * For NFSv4, first create the "." and ".." entries.
4023 	 */
4024 	if (NFSHASNFSV4(nmp)) {
4025 		NFSGETATTR_ATTRBIT(&dattrbits);
4026 		NFSZERO_ATTRBIT(&attrbits);
4027 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
4028 		if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
4029 		    NFSATTRBIT_MOUNTEDONFILEID)) {
4030 			NFSSETBIT_ATTRBIT(&attrbits,
4031 			    NFSATTRBIT_MOUNTEDONFILEID);
4032 			gotmnton = 1;
4033 		} else {
4034 			/*
4035 			 * Must fake it. Use the fileno, except when the
4036 			 * fsid is != to that of the directory. For that
4037 			 * case, generate a fake fileno that is not the same.
4038 			 */
4039 			NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
4040 			gotmnton = 0;
4041 		}
4042 
4043 		/*
4044 		 * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
4045 		 */
4046 		if (uiop->uio_offset == 0) {
4047 			NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp, cred);
4048 			NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
4049 			*tl++ = txdr_unsigned(NFSV4OP_GETFH);
4050 			*tl = txdr_unsigned(NFSV4OP_GETATTR);
4051 			(void) nfsrv_putattrbit(nd, &attrbits);
4052 			error = nfscl_request(nd, vp, p, cred);
4053 			if (error)
4054 			    return (error);
4055 			dotfileid = 0;	/* Fake out the compiler. */
4056 			if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
4057 			    error = nfsm_loadattr(nd, &nfsva);
4058 			    if (error != 0)
4059 				goto nfsmout;
4060 			    dctime = nfsva.na_ctime;
4061 			    dotfileid = nfsva.na_fileid;
4062 			}
4063 			if (nd->nd_repstat == 0) {
4064 			    NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
4065 			    len = fxdr_unsigned(int, *(tl + 4));
4066 			    if (len > 0 && len <= NFSX_V4FHMAX)
4067 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
4068 			    else
4069 				error = EPERM;
4070 			    if (!error) {
4071 				NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
4072 				nfsva.na_mntonfileno = UINT64_MAX;
4073 				error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
4074 				    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
4075 				    NULL, NULL, NULL, NULL, p, cred);
4076 				if (error) {
4077 				    dotdotfileid = dotfileid;
4078 				} else if (gotmnton) {
4079 				    if (nfsva.na_mntonfileno != UINT64_MAX)
4080 					dotdotfileid = nfsva.na_mntonfileno;
4081 				    else
4082 					dotdotfileid = nfsva.na_fileid;
4083 				} else if (nfsva.na_filesid[0] ==
4084 				    dnp->n_vattr.na_filesid[0] &&
4085 				    nfsva.na_filesid[1] ==
4086 				    dnp->n_vattr.na_filesid[1]) {
4087 				    dotdotfileid = nfsva.na_fileid;
4088 				} else {
4089 				    do {
4090 					fakefileno--;
4091 				    } while (fakefileno ==
4092 					nfsva.na_fileid);
4093 				    dotdotfileid = fakefileno;
4094 				}
4095 			    }
4096 			} else if (nd->nd_repstat == NFSERR_NOENT) {
4097 			    /*
4098 			     * Lookupp returns NFSERR_NOENT when we are
4099 			     * at the root, so just use the current dir.
4100 			     */
4101 			    nd->nd_repstat = 0;
4102 			    dotdotfileid = dotfileid;
4103 			} else {
4104 			    error = nd->nd_repstat;
4105 			}
4106 			m_freem(nd->nd_mrep);
4107 			if (error)
4108 			    return (error);
4109 			nd->nd_mrep = NULL;
4110 			dp = (struct dirent *)uiop->uio_iov->iov_base;
4111 			dp->d_pad0 = dp->d_pad1 = 0;
4112 			dp->d_off = 0;
4113 			dp->d_type = DT_DIR;
4114 			dp->d_fileno = dotfileid;
4115 			dp->d_namlen = 1;
4116 			*((uint64_t *)dp->d_name) = 0;	/* Zero pad it. */
4117 			dp->d_name[0] = '.';
4118 			dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
4119 			/*
4120 			 * Just make these offset cookie 0.
4121 			 */
4122 			tl = (u_int32_t *)&dp->d_name[8];
4123 			*tl++ = 0;
4124 			*tl = 0;
4125 			blksiz += dp->d_reclen;
4126 			uiop->uio_resid -= dp->d_reclen;
4127 			uiop->uio_offset += dp->d_reclen;
4128 			uiop->uio_iov->iov_base =
4129 			    (char *)uiop->uio_iov->iov_base + dp->d_reclen;
4130 			uiop->uio_iov->iov_len -= dp->d_reclen;
4131 			dp = (struct dirent *)uiop->uio_iov->iov_base;
4132 			dp->d_pad0 = dp->d_pad1 = 0;
4133 			dp->d_off = 0;
4134 			dp->d_type = DT_DIR;
4135 			dp->d_fileno = dotdotfileid;
4136 			dp->d_namlen = 2;
4137 			*((uint64_t *)dp->d_name) = 0;
4138 			dp->d_name[0] = '.';
4139 			dp->d_name[1] = '.';
4140 			dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
4141 			/*
4142 			 * Just make these offset cookie 0.
4143 			 */
4144 			tl = (u_int32_t *)&dp->d_name[8];
4145 			*tl++ = 0;
4146 			*tl = 0;
4147 			blksiz += dp->d_reclen;
4148 			uiop->uio_resid -= dp->d_reclen;
4149 			uiop->uio_offset += dp->d_reclen;
4150 			uiop->uio_iov->iov_base =
4151 			    (char *)uiop->uio_iov->iov_base + dp->d_reclen;
4152 			uiop->uio_iov->iov_len -= dp->d_reclen;
4153 		}
4154 		NFSREADDIRPLUS_ATTRBIT(&attrbits);
4155 		if (gotmnton)
4156 			NFSSETBIT_ATTRBIT(&attrbits,
4157 			    NFSATTRBIT_MOUNTEDONFILEID);
4158 		if (!NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
4159 		    NFSATTRBIT_TIMECREATE))
4160 			NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMECREATE);
4161 		if (!NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
4162 		    NFSATTRBIT_HIDDEN) ||
4163 		    !NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
4164 		    NFSATTRBIT_SYSTEM)) {
4165 			NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_HIDDEN);
4166 			NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_SYSTEM);
4167 		}
4168 	}
4169 
4170 	/*
4171 	 * Loop around doing readdir rpc's of size nm_readdirsize.
4172 	 * The stopping criteria is EOF or buffer full.
4173 	 */
4174 	while (more_dirs && bigenough) {
4175 		*attrflagp = 0;
4176 		NFSCL_REQSTART(nd, NFSPROC_READDIRPLUS, vp, cred);
4177  		NFSM_BUILD(tl, u_int32_t *, 6 * NFSX_UNSIGNED);
4178 		*tl++ = cookie.lval[0];
4179 		*tl++ = cookie.lval[1];
4180 		if (cookie.qval == 0) {
4181 			*tl++ = 0;
4182 			*tl++ = 0;
4183 		} else {
4184 			NFSLOCKNODE(dnp);
4185 			*tl++ = dnp->n_cookieverf.nfsuquad[0];
4186 			*tl++ = dnp->n_cookieverf.nfsuquad[1];
4187 			NFSUNLOCKNODE(dnp);
4188 		}
4189 		*tl++ = txdr_unsigned(nmp->nm_readdirsize);
4190 		*tl = txdr_unsigned(nmp->nm_readdirsize);
4191 		if (nd->nd_flag & ND_NFSV4) {
4192 			(void) nfsrv_putattrbit(nd, &attrbits);
4193 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
4194 			*tl = txdr_unsigned(NFSV4OP_GETATTR);
4195 			(void) nfsrv_putattrbit(nd, &dattrbits);
4196 		}
4197 		nanouptime(&ts);
4198 		error = nfscl_request(nd, vp, p, cred);
4199 		if (error)
4200 			return (error);
4201 		if (nd->nd_flag & ND_NFSV3)
4202 			error = nfscl_postop_attr(nd, nap, attrflagp);
4203 		if (nd->nd_repstat || error) {
4204 			if (!error)
4205 				error = nd->nd_repstat;
4206 			goto nfsmout;
4207 		}
4208 		if ((nd->nd_flag & ND_NFSV3) != 0 && *attrflagp != 0)
4209 			dctime = nap->na_ctime;
4210 		NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
4211 		NFSLOCKNODE(dnp);
4212 		dnp->n_cookieverf.nfsuquad[0] = *tl++;
4213 		dnp->n_cookieverf.nfsuquad[1] = *tl++;
4214 		NFSUNLOCKNODE(dnp);
4215 		more_dirs = fxdr_unsigned(int, *tl);
4216 		if (!more_dirs)
4217 			tryformoredirs = 0;
4218 
4219 		/* loop through the dir entries, doctoring them to 4bsd form */
4220 		while (more_dirs && bigenough) {
4221 			validentry = true;
4222 			NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
4223 			if (nd->nd_flag & ND_NFSV4) {
4224 				ncookie.lval[0] = *tl++;
4225 				ncookie.lval[1] = *tl++;
4226 			} else {
4227 				fileno = fxdr_hyper(tl);
4228 				tl += 2;
4229 			}
4230 			len = fxdr_unsigned(int, *tl);
4231 			if (len <= 0 || len > NFS_MAXNAMLEN) {
4232 				error = EBADRPC;
4233 				goto nfsmout;
4234 			}
4235 			tlen = roundup2(len, 8);
4236 			if (tlen == len)
4237 				tlen += 8;  /* To ensure null termination. */
4238 			left = DIRBLKSIZ - blksiz;
4239 			if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) {
4240 				NFSBZERO(uiop->uio_iov->iov_base, left);
4241 				dp->d_reclen += left;
4242 				uiop->uio_iov->iov_base =
4243 				    (char *)uiop->uio_iov->iov_base + left;
4244 				uiop->uio_iov->iov_len -= left;
4245 				uiop->uio_resid -= left;
4246 				uiop->uio_offset += left;
4247 				blksiz = 0;
4248 			}
4249 			if (_GENERIC_DIRLEN(len) + NFSX_HYPER >
4250 			    uiop->uio_resid)
4251 				bigenough = 0;
4252 			if (bigenough) {
4253 				struct iovec saviov;
4254 				off_t savoff;
4255 				ssize_t savresid;
4256 				int savblksiz;
4257 
4258 				saviov.iov_base = uiop->uio_iov->iov_base;
4259 				saviov.iov_len = uiop->uio_iov->iov_len;
4260 				savoff = uiop->uio_offset;
4261 				savresid = uiop->uio_resid;
4262 				savblksiz = blksiz;
4263 
4264 				dp = (struct dirent *)uiop->uio_iov->iov_base;
4265 				dp->d_pad0 = dp->d_pad1 = 0;
4266 				dp->d_off = 0;
4267 				dp->d_namlen = len;
4268 				dp->d_reclen = _GENERIC_DIRLEN(len) +
4269 				    NFSX_HYPER;
4270 				dp->d_type = DT_UNKNOWN;
4271 				blksiz += dp->d_reclen;
4272 				if (blksiz == DIRBLKSIZ)
4273 					blksiz = 0;
4274 				uiop->uio_resid -= DIRHDSIZ;
4275 				uiop->uio_offset += DIRHDSIZ;
4276 				uiop->uio_iov->iov_base =
4277 				    (char *)uiop->uio_iov->iov_base + DIRHDSIZ;
4278 				uiop->uio_iov->iov_len -= DIRHDSIZ;
4279 				cnp->cn_nameptr = uiop->uio_iov->iov_base;
4280 				cnp->cn_namelen = len;
4281 				NFSCNHASHZERO(cnp);
4282 				cp = uiop->uio_iov->iov_base;
4283 				error = nfsm_mbufuio(nd, uiop, len);
4284 				if (error)
4285 					goto nfsmout;
4286 				/* Check for an invalid file name. */
4287 				if (nfscl_invalidfname(
4288 				    (nd->nd_flag & ND_NFSV4) != 0, cp, len)) {
4289 					/* Skip over this entry. */
4290 					uiop->uio_iov->iov_base =
4291 					    saviov.iov_base;
4292 					uiop->uio_iov->iov_len =
4293 					    saviov.iov_len;
4294 					uiop->uio_offset = savoff;
4295 					uiop->uio_resid = savresid;
4296 					blksiz = savblksiz;
4297 					validentry = false;
4298 				} else {
4299 					cp = uiop->uio_iov->iov_base;
4300 					tlen -= len;
4301 					NFSBZERO(cp, tlen);
4302 					cp += tlen; /* points to cookie store */
4303 					tl2 = (u_int32_t *)cp;
4304 					if (len == 2 &&
4305 					    cnp->cn_nameptr[0] == '.' &&
4306 					    cnp->cn_nameptr[1] == '.')
4307 						isdotdot = 1;
4308 					else
4309 						isdotdot = 0;
4310 					uiop->uio_iov->iov_base =
4311 					    (char *)uiop->uio_iov->iov_base +
4312 					    tlen + NFSX_HYPER;
4313 					uiop->uio_iov->iov_len -= tlen +
4314 					    NFSX_HYPER;
4315 					uiop->uio_resid -= tlen + NFSX_HYPER;
4316 					uiop->uio_offset += (tlen + NFSX_HYPER);
4317 				}
4318 			} else {
4319 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
4320 				if (error)
4321 					goto nfsmout;
4322 			}
4323 			nfhp = NULL;
4324 			if (nd->nd_flag & ND_NFSV3) {
4325 				NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
4326 				ncookie.lval[0] = *tl++;
4327 				ncookie.lval[1] = *tl++;
4328 				attrflag = fxdr_unsigned(int, *tl);
4329 				if (attrflag) {
4330 				  error = nfsm_loadattr(nd, &nfsva);
4331 				  if (error)
4332 					goto nfsmout;
4333 				}
4334 				NFSM_DISSECT(tl,u_int32_t *,NFSX_UNSIGNED);
4335 				if (*tl) {
4336 					error = nfsm_getfh(nd, &nfhp);
4337 					if (error)
4338 					    goto nfsmout;
4339 				}
4340 				if (!attrflag && nfhp != NULL) {
4341 					free(nfhp, M_NFSFH);
4342 					nfhp = NULL;
4343 				}
4344 			} else {
4345 				rderr = 0;
4346 				nfsva.na_mntonfileno = 0xffffffff;
4347 				error = nfsv4_loadattr(nd, NULL, &nfsva, &nfhp,
4348 				    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
4349 				    NULL, NULL, &rderr, NULL, p, cred);
4350 				if (error)
4351 					goto nfsmout;
4352 			}
4353 
4354 			if (bigenough && validentry) {
4355 			    if (nd->nd_flag & ND_NFSV4) {
4356 				if (rderr) {
4357 				    dp->d_fileno = 0;
4358 				} else if (gotmnton) {
4359 				    if (nfsva.na_mntonfileno != 0xffffffff)
4360 					dp->d_fileno = nfsva.na_mntonfileno;
4361 				    else
4362 					dp->d_fileno = nfsva.na_fileid;
4363 				} else if (nfsva.na_filesid[0] ==
4364 				    dnp->n_vattr.na_filesid[0] &&
4365 				    nfsva.na_filesid[1] ==
4366 				    dnp->n_vattr.na_filesid[1]) {
4367 				    dp->d_fileno = nfsva.na_fileid;
4368 				} else {
4369 				    do {
4370 					fakefileno--;
4371 				    } while (fakefileno ==
4372 					nfsva.na_fileid);
4373 				    dp->d_fileno = fakefileno;
4374 				}
4375 			    } else {
4376 				dp->d_fileno = fileno;
4377 			    }
4378 			    *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
4379 				ncookie.lval[0];
4380 			    *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
4381 				ncookie.lval[1];
4382 
4383 			    if (nfhp != NULL) {
4384 				attr_ok = true;
4385 				if (NFSRV_CMPFH(nfhp->nfh_fh, nfhp->nfh_len,
4386 				    dnp->n_fhp->nfh_fh, dnp->n_fhp->nfh_len)) {
4387 				    VREF(vp);
4388 				    newvp = vp;
4389 				    unlocknewvp = 0;
4390 				    free(nfhp, M_NFSFH);
4391 				    np = dnp;
4392 				} else if (isdotdot != 0) {
4393 				    /*
4394 				     * Skip doing a nfscl_nget() call for "..".
4395 				     * There's a race between acquiring the nfs
4396 				     * node here and lookups that look for the
4397 				     * directory being read (in the parent).
4398 				     * It would try to get a lock on ".." here,
4399 				     * owning the lock on the directory being
4400 				     * read. Lookup will hold the lock on ".."
4401 				     * and try to acquire the lock on the
4402 				     * directory being read.
4403 				     * If the directory is unlocked/relocked,
4404 				     * then there is a LOR with the buflock
4405 				     * vp is relocked.
4406 				     */
4407 				    free(nfhp, M_NFSFH);
4408 				} else {
4409 				    error = nfscl_nget(vp->v_mount, vp,
4410 				      nfhp, cnp, p, &np, LK_EXCLUSIVE);
4411 				    if (!error) {
4412 					newvp = NFSTOV(np);
4413 					unlocknewvp = 1;
4414 					/*
4415 					 * If n_localmodtime >= time before RPC,
4416 					 * then a file modification operation,
4417 					 * such as VOP_SETATTR() of size, has
4418 					 * occurred while the Lookup RPC and
4419 					 * acquisition of the vnode happened. As
4420 					 * such, the attributes might be stale,
4421 					 * with possibly an incorrect size.
4422 					 */
4423 					NFSLOCKNODE(np);
4424 					if (timespecisset(
4425 					    &np->n_localmodtime) &&
4426 					    timespeccmp(&np->n_localmodtime,
4427 					    &ts, >=)) {
4428 					    NFSCL_DEBUG(4, "nfsrpc_readdirplus:"
4429 						" localmod stale attributes\n");
4430 					    attr_ok = false;
4431 					}
4432 					NFSUNLOCKNODE(np);
4433 				    }
4434 				}
4435 				nfhp = NULL;
4436 				if (newvp != NULLVP) {
4437 				    if (attr_ok)
4438 					error = nfscl_loadattrcache(&newvp,
4439 					    &nfsva, NULL, 0, 0);
4440 				    if (error) {
4441 					if (unlocknewvp)
4442 					    vput(newvp);
4443 					else
4444 					    vrele(newvp);
4445 					goto nfsmout;
4446 				    }
4447 				    dp->d_type =
4448 					vtonfs_dtype(np->n_vattr.na_type);
4449 				    ndp->ni_vp = newvp;
4450 				    NFSCNHASH(cnp, HASHINIT);
4451 				    if (cnp->cn_namelen <= NCHNAMLEN &&
4452 					ndp->ni_dvp != ndp->ni_vp &&
4453 					(newvp->v_type != VDIR ||
4454 					 dctime.tv_sec != 0) &&
4455 					!named_dir) {
4456 					cache_enter_time_flags(ndp->ni_dvp,
4457 					    ndp->ni_vp, cnp,
4458 					    &nfsva.na_ctime,
4459 					    newvp->v_type != VDIR ? NULL :
4460 					    &dctime, VFS_CACHE_DROPOLD);
4461 				    }
4462 				    if (unlocknewvp)
4463 					vput(newvp);
4464 				    else
4465 					vrele(newvp);
4466 				    newvp = NULLVP;
4467 				}
4468 			    }
4469 			} else if (nfhp != NULL) {
4470 			    free(nfhp, M_NFSFH);
4471 			}
4472 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
4473 			more_dirs = fxdr_unsigned(int, *tl);
4474 		}
4475 		/*
4476 		 * If at end of rpc data, get the eof boolean
4477 		 */
4478 		if (!more_dirs) {
4479 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
4480 			eof = fxdr_unsigned(int, *tl);
4481 			if (tryformoredirs)
4482 				more_dirs = !eof;
4483 			if (nd->nd_flag & ND_NFSV4) {
4484 				error = nfscl_postop_attr(nd, nap, attrflagp);
4485 				if (error)
4486 					goto nfsmout;
4487 			}
4488 		}
4489 		m_freem(nd->nd_mrep);
4490 		nd->nd_mrep = NULL;
4491 	}
4492 	/*
4493 	 * Fill last record, iff any, out to a multiple of DIRBLKSIZ
4494 	 * by increasing d_reclen for the last record.
4495 	 */
4496 	if (blksiz > 0) {
4497 		left = DIRBLKSIZ - blksiz;
4498 		NFSBZERO(uiop->uio_iov->iov_base, left);
4499 		dp->d_reclen += left;
4500 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base +
4501 		    left;
4502 		uiop->uio_iov->iov_len -= left;
4503 		uiop->uio_resid -= left;
4504 		uiop->uio_offset += left;
4505 	}
4506 
4507 	/*
4508 	 * If returning no data, assume end of file.
4509 	 * If not bigenough, return not end of file, since you aren't
4510 	 *    returning all the data
4511 	 * Otherwise, return the eof flag from the server.
4512 	 */
4513 	if (eofp != NULL) {
4514 		if (tresid == uiop->uio_resid)
4515 			*eofp = 1;
4516 		else if (!bigenough)
4517 			*eofp = 0;
4518 		else
4519 			*eofp = eof;
4520 	}
4521 
4522 	/*
4523 	 * Add extra empty records to any remaining DIRBLKSIZ chunks.
4524 	 */
4525 	while (uiop->uio_resid > 0 && uiop->uio_resid != tresid) {
4526 		dp = (struct dirent *)uiop->uio_iov->iov_base;
4527 		NFSBZERO(dp, DIRBLKSIZ);
4528 		dp->d_type = DT_UNKNOWN;
4529 		tl = (u_int32_t *)&dp->d_name[4];
4530 		*tl++ = cookie.lval[0];
4531 		*tl = cookie.lval[1];
4532 		dp->d_reclen = DIRBLKSIZ;
4533 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base +
4534 		    DIRBLKSIZ;
4535 		uiop->uio_iov->iov_len -= DIRBLKSIZ;
4536 		uiop->uio_resid -= DIRBLKSIZ;
4537 		uiop->uio_offset += DIRBLKSIZ;
4538 	}
4539 
4540 nfsmout:
4541 	if (nd->nd_mrep != NULL)
4542 		m_freem(nd->nd_mrep);
4543 	return (error);
4544 }
4545 
4546 /*
4547  * Nfs commit rpc
4548  */
4549 int
4550 nfsrpc_commit(vnode_t vp, u_quad_t offset, int cnt, struct ucred *cred,
4551     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
4552 {
4553 	u_int32_t *tl;
4554 	struct nfsrv_descript nfsd, *nd = &nfsd;
4555 	nfsattrbit_t attrbits;
4556 	int error;
4557 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
4558 
4559 	*attrflagp = 0;
4560 	NFSCL_REQSTART(nd, NFSPROC_COMMIT, vp, cred);
4561 	NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
4562 	txdr_hyper(offset, tl);
4563 	tl += 2;
4564 	*tl = txdr_unsigned(cnt);
4565 	if (nd->nd_flag & ND_NFSV4) {
4566 		/*
4567 		 * And do a Getattr op.
4568 		 */
4569 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
4570 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
4571 		NFSGETATTR_ATTRBIT(&attrbits);
4572 		(void) nfsrv_putattrbit(nd, &attrbits);
4573 	}
4574 	error = nfscl_request(nd, vp, p, cred);
4575 	if (error)
4576 		return (error);
4577 	error = nfscl_wcc_data(nd, vp, nap, attrflagp, NULL, NULL);
4578 	if (!error && !nd->nd_repstat) {
4579 		NFSM_DISSECT(tl, u_int32_t *, NFSX_VERF);
4580 		NFSLOCKMNT(nmp);
4581 		if (NFSBCMP(nmp->nm_verf, tl, NFSX_VERF)) {
4582 			NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
4583 			nd->nd_repstat = NFSERR_STALEWRITEVERF;
4584 		}
4585 		NFSUNLOCKMNT(nmp);
4586 		if (nd->nd_flag & ND_NFSV4)
4587 			error = nfscl_postop_attr(nd, nap, attrflagp);
4588 	}
4589 nfsmout:
4590 	if (!error && nd->nd_repstat)
4591 		error = nd->nd_repstat;
4592 	m_freem(nd->nd_mrep);
4593 	return (error);
4594 }
4595 
4596 /*
4597  * NFS byte range lock rpc.
4598  * (Mostly just calls one of the three lower level RPC routines.)
4599  */
4600 int
4601 nfsrpc_advlock(vnode_t vp, off_t size, int op, struct flock *fl,
4602     int reclaim, struct ucred *cred, NFSPROC_T *p, void *id, int flags)
4603 {
4604 	struct nfscllockowner *lp;
4605 	struct nfsclclient *clp;
4606 	struct nfsfh *nfhp;
4607 	struct nfsrv_descript nfsd, *nd = &nfsd;
4608 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
4609 	u_int64_t off, len;
4610 	off_t start, end;
4611 	u_int32_t clidrev = 0;
4612 	int error = 0, newone = 0, expireret = 0, retrycnt, donelocally;
4613 	int callcnt, dorpc;
4614 
4615 	/*
4616 	 * Convert the flock structure into a start and end and do POSIX
4617 	 * bounds checking.
4618 	 */
4619 	switch (fl->l_whence) {
4620 	case SEEK_SET:
4621 	case SEEK_CUR:
4622 		/*
4623 		 * Caller is responsible for adding any necessary offset
4624 		 * when SEEK_CUR is used.
4625 		 */
4626 		start = fl->l_start;
4627 		off = fl->l_start;
4628 		break;
4629 	case SEEK_END:
4630 		start = size + fl->l_start;
4631 		off = size + fl->l_start;
4632 		break;
4633 	default:
4634 		return (EINVAL);
4635 	}
4636 	if (start < 0)
4637 		return (EINVAL);
4638 	if (fl->l_len != 0) {
4639 		end = start + fl->l_len - 1;
4640 		if (end < start)
4641 			return (EINVAL);
4642 	}
4643 
4644 	len = fl->l_len;
4645 	if (len == 0)
4646 		len = NFS64BITSSET;
4647 	retrycnt = 0;
4648 	do {
4649 	    nd->nd_repstat = 0;
4650 	    if (op == F_GETLK) {
4651 		error = nfscl_getcl(vp->v_mount, cred, p, false, true, &clp);
4652 		if (error)
4653 			return (error);
4654 		error = nfscl_lockt(vp, clp, off, len, fl, p, id, flags);
4655 		if (!error) {
4656 			clidrev = clp->nfsc_clientidrev;
4657 			error = nfsrpc_lockt(nd, vp, clp, off, len, fl, cred,
4658 			    p, id, flags);
4659 		} else if (error == -1) {
4660 			error = 0;
4661 		}
4662 		nfscl_clientrelease(clp);
4663 	    } else if (op == F_UNLCK && fl->l_type == F_UNLCK) {
4664 		/*
4665 		 * We must loop around for all lockowner cases.
4666 		 */
4667 		callcnt = 0;
4668 		error = nfscl_getcl(vp->v_mount, cred, p, false, true, &clp);
4669 		if (error)
4670 			return (error);
4671 		do {
4672 		    error = nfscl_relbytelock(vp, off, len, cred, p, callcnt,
4673 			clp, id, flags, &lp, &dorpc);
4674 		    /*
4675 		     * If it returns a NULL lp, we're done.
4676 		     */
4677 		    if (lp == NULL) {
4678 			if (callcnt == 0)
4679 			    nfscl_clientrelease(clp);
4680 			else
4681 			    nfscl_releasealllocks(clp, vp, p, id, flags);
4682 			return (error);
4683 		    }
4684 		    if (nmp->nm_clp != NULL)
4685 			clidrev = nmp->nm_clp->nfsc_clientidrev;
4686 		    else
4687 			clidrev = 0;
4688 		    /*
4689 		     * If the server doesn't support Posix lock semantics,
4690 		     * only allow locks on the entire file, since it won't
4691 		     * handle overlapping byte ranges.
4692 		     * There might still be a problem when a lock
4693 		     * upgrade/downgrade (read<->write) occurs, since the
4694 		     * server "might" expect an unlock first?
4695 		     */
4696 		    if (dorpc && (lp->nfsl_open->nfso_posixlock ||
4697 			(off == 0 && len == NFS64BITSSET))) {
4698 			/*
4699 			 * Since the lock records will go away, we must
4700 			 * wait for grace and delay here.
4701 			 */
4702 			do {
4703 			    error = nfsrpc_locku(nd, nmp, lp, off, len,
4704 				NFSV4LOCKT_READ, cred, p, 0);
4705 			    if ((nd->nd_repstat == NFSERR_GRACE ||
4706 				 nd->nd_repstat == NFSERR_DELAY) &&
4707 				error == 0)
4708 				(void) nfs_catnap(PZERO, (int)nd->nd_repstat,
4709 				    "nfs_advlock");
4710 			} while ((nd->nd_repstat == NFSERR_GRACE ||
4711 			    nd->nd_repstat == NFSERR_DELAY) && error == 0);
4712 		    }
4713 		    callcnt++;
4714 		} while (error == 0 && nd->nd_repstat == 0);
4715 		nfscl_releasealllocks(clp, vp, p, id, flags);
4716 	    } else if (op == F_SETLK) {
4717 		error = nfscl_getbytelock(vp, off, len, fl->l_type, cred, p,
4718 		    NULL, 0, id, flags, NULL, NULL, &lp, &newone, &donelocally);
4719 		if (error || donelocally) {
4720 			return (error);
4721 		}
4722 		if (nmp->nm_clp != NULL)
4723 			clidrev = nmp->nm_clp->nfsc_clientidrev;
4724 		else
4725 			clidrev = 0;
4726 		nfhp = VTONFS(vp)->n_fhp;
4727 		if (!lp->nfsl_open->nfso_posixlock &&
4728 		    (off != 0 || len != NFS64BITSSET)) {
4729 			error = EINVAL;
4730 		} else {
4731 			error = nfsrpc_lock(nd, nmp, vp, nfhp->nfh_fh,
4732 			    nfhp->nfh_len, lp, newone, reclaim, off,
4733 			    len, fl->l_type, cred, p, 0);
4734 		}
4735 		if (!error)
4736 			error = nd->nd_repstat;
4737 		nfscl_lockrelease(lp, error, newone);
4738 	    } else {
4739 		error = EINVAL;
4740 	    }
4741 	    if (!error)
4742 	        error = nd->nd_repstat;
4743 	    if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
4744 		error == NFSERR_STALEDONTRECOVER ||
4745 		error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
4746 		error == NFSERR_BADSESSION) {
4747 		(void) nfs_catnap(PZERO, error, "nfs_advlock");
4748 	    } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
4749 		&& clidrev != 0) {
4750 		expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
4751 		retrycnt++;
4752 	    }
4753 	} while (error == NFSERR_GRACE ||
4754 	    error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
4755 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_STALESTATEID ||
4756 	    error == NFSERR_BADSESSION ||
4757 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
4758 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
4759 	if (error && retrycnt >= 4)
4760 		error = EIO;
4761 	return (error);
4762 }
4763 
4764 /*
4765  * The lower level routine for the LockT case.
4766  */
4767 int
4768 nfsrpc_lockt(struct nfsrv_descript *nd, vnode_t vp,
4769     struct nfsclclient *clp, u_int64_t off, u_int64_t len, struct flock *fl,
4770     struct ucred *cred, NFSPROC_T *p, void *id, int flags)
4771 {
4772 	u_int32_t *tl;
4773 	int error, type, size;
4774 	uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
4775 	struct nfsnode *np;
4776 	struct nfsmount *nmp;
4777 	struct nfsclsession *tsep;
4778 
4779 	nmp = VFSTONFS(vp->v_mount);
4780 	NFSCL_REQSTART(nd, NFSPROC_LOCKT, vp, cred);
4781 	NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
4782 	if (fl->l_type == F_RDLCK)
4783 		*tl++ = txdr_unsigned(NFSV4LOCKT_READ);
4784 	else
4785 		*tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
4786 	txdr_hyper(off, tl);
4787 	tl += 2;
4788 	txdr_hyper(len, tl);
4789 	tl += 2;
4790 	tsep = nfsmnt_mdssession(nmp);
4791 	*tl++ = tsep->nfsess_clientid.lval[0];
4792 	*tl = tsep->nfsess_clientid.lval[1];
4793 	nfscl_filllockowner(id, own, flags);
4794 	np = VTONFS(vp);
4795 	NFSBCOPY(np->n_fhp->nfh_fh, &own[NFSV4CL_LOCKNAMELEN],
4796 	    np->n_fhp->nfh_len);
4797 	(void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + np->n_fhp->nfh_len);
4798 	error = nfscl_request(nd, vp, p, cred);
4799 	if (error)
4800 		return (error);
4801 	if (nd->nd_repstat == 0) {
4802 		fl->l_type = F_UNLCK;
4803 	} else if (nd->nd_repstat == NFSERR_DENIED) {
4804 		nd->nd_repstat = 0;
4805 		fl->l_whence = SEEK_SET;
4806 		NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
4807 		fl->l_start = fxdr_hyper(tl);
4808 		tl += 2;
4809 		len = fxdr_hyper(tl);
4810 		tl += 2;
4811 		if (len == NFS64BITSSET)
4812 			fl->l_len = 0;
4813 		else
4814 			fl->l_len = len;
4815 		type = fxdr_unsigned(int, *tl++);
4816 		if (type == NFSV4LOCKT_WRITE)
4817 			fl->l_type = F_WRLCK;
4818 		else
4819 			fl->l_type = F_RDLCK;
4820 		/*
4821 		 * XXX For now, I have no idea what to do with the
4822 		 * conflicting lock_owner, so I'll just set the pid == 0
4823 		 * and skip over the lock_owner.
4824 		 */
4825 		fl->l_pid = (pid_t)0;
4826 		tl += 2;
4827 		size = fxdr_unsigned(int, *tl);
4828 		if (size < 0 || size > NFSV4_OPAQUELIMIT)
4829 			error = EBADRPC;
4830 		if (!error)
4831 			error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
4832 	} else if (nd->nd_repstat == NFSERR_STALECLIENTID)
4833 		nfscl_initiate_recovery(clp);
4834 nfsmout:
4835 	m_freem(nd->nd_mrep);
4836 	return (error);
4837 }
4838 
4839 /*
4840  * Lower level function that performs the LockU RPC.
4841  */
4842 static int
4843 nfsrpc_locku(struct nfsrv_descript *nd, struct nfsmount *nmp,
4844     struct nfscllockowner *lp, u_int64_t off, u_int64_t len,
4845     u_int32_t type, struct ucred *cred, NFSPROC_T *p, int syscred)
4846 {
4847 	u_int32_t *tl;
4848 	int error;
4849 
4850 	nfscl_reqstart(nd, NFSPROC_LOCKU, nmp, lp->nfsl_open->nfso_fh,
4851 	    lp->nfsl_open->nfso_fhlen, NULL, NULL, 0, 0, cred);
4852 	NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 6 * NFSX_UNSIGNED);
4853 	*tl++ = txdr_unsigned(type);
4854 	*tl = txdr_unsigned(lp->nfsl_seqid);
4855 	if (nfstest_outofseq &&
4856 	    (arc4random() % nfstest_outofseq) == 0)
4857 		*tl = txdr_unsigned(lp->nfsl_seqid + 1);
4858 	tl++;
4859 	if (NFSHASNFSV4N(nmp))
4860 		*tl++ = 0;
4861 	else
4862 		*tl++ = lp->nfsl_stateid.seqid;
4863 	*tl++ = lp->nfsl_stateid.other[0];
4864 	*tl++ = lp->nfsl_stateid.other[1];
4865 	*tl++ = lp->nfsl_stateid.other[2];
4866 	txdr_hyper(off, tl);
4867 	tl += 2;
4868 	txdr_hyper(len, tl);
4869 	if (syscred)
4870 		nd->nd_flag |= ND_USEGSSNAME;
4871 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
4872 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4873 	NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
4874 	if (error)
4875 		return (error);
4876 	if (nd->nd_repstat == 0) {
4877 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
4878 		lp->nfsl_stateid.seqid = *tl++;
4879 		lp->nfsl_stateid.other[0] = *tl++;
4880 		lp->nfsl_stateid.other[1] = *tl++;
4881 		lp->nfsl_stateid.other[2] = *tl;
4882 	} else if (nd->nd_repstat == NFSERR_STALESTATEID)
4883 		nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
4884 nfsmout:
4885 	m_freem(nd->nd_mrep);
4886 	return (error);
4887 }
4888 
4889 /*
4890  * The actual Lock RPC.
4891  */
4892 int
4893 nfsrpc_lock(struct nfsrv_descript *nd, struct nfsmount *nmp, vnode_t vp,
4894     u_int8_t *nfhp, int fhlen, struct nfscllockowner *lp, int newone,
4895     int reclaim, u_int64_t off, u_int64_t len, short type, struct ucred *cred,
4896     NFSPROC_T *p, int syscred)
4897 {
4898 	u_int32_t *tl;
4899 	int error, size;
4900 	uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
4901 	struct nfsclsession *tsep;
4902 
4903 	nfscl_reqstart(nd, NFSPROC_LOCK, nmp, nfhp, fhlen, NULL, NULL, 0, 0,
4904 	    cred);
4905 	NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
4906 	if (type == F_RDLCK)
4907 		*tl++ = txdr_unsigned(NFSV4LOCKT_READ);
4908 	else
4909 		*tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
4910 	*tl++ = txdr_unsigned(reclaim);
4911 	txdr_hyper(off, tl);
4912 	tl += 2;
4913 	txdr_hyper(len, tl);
4914 	tl += 2;
4915 	if (newone) {
4916 	    *tl = newnfs_true;
4917 	    NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
4918 		2 * NFSX_UNSIGNED + NFSX_HYPER);
4919 	    *tl++ = txdr_unsigned(lp->nfsl_open->nfso_own->nfsow_seqid);
4920 	    if (NFSHASNFSV4N(nmp))
4921 		*tl++ = 0;
4922 	    else
4923 		*tl++ = lp->nfsl_open->nfso_stateid.seqid;
4924 	    *tl++ = lp->nfsl_open->nfso_stateid.other[0];
4925 	    *tl++ = lp->nfsl_open->nfso_stateid.other[1];
4926 	    *tl++ = lp->nfsl_open->nfso_stateid.other[2];
4927 	    *tl++ = txdr_unsigned(lp->nfsl_seqid);
4928 	    tsep = nfsmnt_mdssession(nmp);
4929 	    *tl++ = tsep->nfsess_clientid.lval[0];
4930 	    *tl = tsep->nfsess_clientid.lval[1];
4931 	    NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
4932 	    NFSBCOPY(nfhp, &own[NFSV4CL_LOCKNAMELEN], fhlen);
4933 	    (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
4934 	} else {
4935 	    *tl = newnfs_false;
4936 	    NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + NFSX_UNSIGNED);
4937 	    if (NFSHASNFSV4N(nmp))
4938 		*tl++ = 0;
4939 	    else
4940 		*tl++ = lp->nfsl_stateid.seqid;
4941 	    *tl++ = lp->nfsl_stateid.other[0];
4942 	    *tl++ = lp->nfsl_stateid.other[1];
4943 	    *tl++ = lp->nfsl_stateid.other[2];
4944 	    *tl = txdr_unsigned(lp->nfsl_seqid);
4945 	    if (nfstest_outofseq &&
4946 		(arc4random() % nfstest_outofseq) == 0)
4947 		    *tl = txdr_unsigned(lp->nfsl_seqid + 1);
4948 	}
4949 	if (syscred)
4950 		nd->nd_flag |= ND_USEGSSNAME;
4951 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
4952 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4953 	if (error)
4954 		return (error);
4955 	if (newone)
4956 	    NFSCL_INCRSEQID(lp->nfsl_open->nfso_own->nfsow_seqid, nd);
4957 	NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
4958 	if (nd->nd_repstat == 0) {
4959 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
4960 		lp->nfsl_stateid.seqid = *tl++;
4961 		lp->nfsl_stateid.other[0] = *tl++;
4962 		lp->nfsl_stateid.other[1] = *tl++;
4963 		lp->nfsl_stateid.other[2] = *tl;
4964 	} else if (nd->nd_repstat == NFSERR_DENIED) {
4965 		NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
4966 		size = fxdr_unsigned(int, *(tl + 7));
4967 		if (size < 0 || size > NFSV4_OPAQUELIMIT)
4968 			error = EBADRPC;
4969 		if (!error)
4970 			error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
4971 	} else if (nd->nd_repstat == NFSERR_STALESTATEID)
4972 		nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
4973 nfsmout:
4974 	m_freem(nd->nd_mrep);
4975 	return (error);
4976 }
4977 
4978 /*
4979  * nfs statfs rpc
4980  * (always called with the vp for the mount point)
4981  */
4982 int
4983 nfsrpc_statfs(vnode_t vp, struct nfsstatfs *sbp, struct nfsfsinfo *fsp,
4984     uint32_t *leasep, struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap,
4985     int *attrflagp)
4986 {
4987 	u_int32_t *tl = NULL;
4988 	struct nfsrv_descript nfsd, *nd = &nfsd;
4989 	struct nfsmount *nmp;
4990 	nfsattrbit_t attrbits;
4991 	int error;
4992 
4993 	*attrflagp = 0;
4994 	nmp = VFSTONFS(vp->v_mount);
4995 	if (NFSHASNFSV4(nmp)) {
4996 		/*
4997 		 * For V4, you actually do a getattr.
4998 		 */
4999 		NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp, cred);
5000 		if (leasep != NULL)
5001 			NFSROOTFS_GETATTRBIT(&attrbits);
5002 		else
5003 			NFSSTATFS_GETATTRBIT(&attrbits);
5004 		(void) nfsrv_putattrbit(nd, &attrbits);
5005 		nd->nd_flag |= ND_USEGSSNAME;
5006 		error = nfscl_request(nd, vp, p, cred);
5007 		if (error)
5008 			return (error);
5009 		if (nd->nd_repstat == 0) {
5010 			error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
5011 			    NULL, NULL, sbp, fsp, NULL, 0, NULL, leasep, NULL,
5012 			    NULL, p, cred);
5013 			if (!error) {
5014 				nmp->nm_fsid[0] = nap->na_filesid[0];
5015 				nmp->nm_fsid[1] = nap->na_filesid[1];
5016 				NFSSETHASSETFSID(nmp);
5017 				*attrflagp = 1;
5018 			}
5019 		} else {
5020 			error = nd->nd_repstat;
5021 		}
5022 		if (error)
5023 			goto nfsmout;
5024 	} else {
5025 		NFSCL_REQSTART(nd, NFSPROC_FSSTAT, vp, NULL);
5026 		error = nfscl_request(nd, vp, p, cred);
5027 		if (error)
5028 			return (error);
5029 		if (nd->nd_flag & ND_NFSV3) {
5030 			error = nfscl_postop_attr(nd, nap, attrflagp);
5031 			if (error)
5032 				goto nfsmout;
5033 		}
5034 		if (nd->nd_repstat) {
5035 			error = nd->nd_repstat;
5036 			goto nfsmout;
5037 		}
5038 		NFSM_DISSECT(tl, u_int32_t *,
5039 		    NFSX_STATFS(nd->nd_flag & ND_NFSV3));
5040 	}
5041 	if (NFSHASNFSV3(nmp)) {
5042 		sbp->sf_tbytes = fxdr_hyper(tl); tl += 2;
5043 		sbp->sf_fbytes = fxdr_hyper(tl); tl += 2;
5044 		sbp->sf_abytes = fxdr_hyper(tl); tl += 2;
5045 		sbp->sf_tfiles = fxdr_hyper(tl); tl += 2;
5046 		sbp->sf_ffiles = fxdr_hyper(tl); tl += 2;
5047 		sbp->sf_afiles = fxdr_hyper(tl); tl += 2;
5048 		sbp->sf_invarsec = fxdr_unsigned(u_int32_t, *tl);
5049 	} else if (NFSHASNFSV4(nmp) == 0) {
5050 		sbp->sf_tsize = fxdr_unsigned(u_int32_t, *tl++);
5051 		sbp->sf_bsize = fxdr_unsigned(u_int32_t, *tl++);
5052 		sbp->sf_blocks = fxdr_unsigned(u_int32_t, *tl++);
5053 		sbp->sf_bfree = fxdr_unsigned(u_int32_t, *tl++);
5054 		sbp->sf_bavail = fxdr_unsigned(u_int32_t, *tl);
5055 	}
5056 nfsmout:
5057 	m_freem(nd->nd_mrep);
5058 	return (error);
5059 }
5060 
5061 /*
5062  * nfs pathconf rpc
5063  */
5064 int
5065 nfsrpc_pathconf(vnode_t vp, struct nfsv3_pathconf *pc, bool *has_namedattrp,
5066     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
5067 {
5068 	struct nfsrv_descript nfsd, *nd = &nfsd;
5069 	struct nfsmount *nmp;
5070 	u_int32_t *tl;
5071 	nfsattrbit_t attrbits;
5072 	int error;
5073 	struct nfsnode *np;
5074 
5075 	*has_namedattrp = false;
5076 	*attrflagp = 0;
5077 	nmp = VFSTONFS(vp->v_mount);
5078 	if (NFSHASNFSV4(nmp)) {
5079 		np = VTONFS(vp);
5080 		if ((nmp->nm_privflag & NFSMNTP_FAKEROOTFH) != 0 &&
5081 		    nmp->nm_fhsize == 0) {
5082 			/* Attempt to get the actual root file handle. */
5083 			error = nfsrpc_getdirpath(nmp, NFSMNT_DIRPATH(nmp),
5084 			    cred, p);
5085 			if (error != 0)
5086 				return (EACCES);
5087 			if (np->n_fhp->nfh_len == NFSX_FHMAX + 1)
5088 				nfscl_statfs(vp, cred, p);
5089 		}
5090 		/*
5091 		 * For V4, you actually do a getattr.
5092 		 */
5093 		NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp, cred);
5094 		NFSPATHCONF_GETATTRBIT(&attrbits);
5095 		(void) nfsrv_putattrbit(nd, &attrbits);
5096 		nd->nd_flag |= ND_USEGSSNAME;
5097 		error = nfscl_request(nd, vp, p, cred);
5098 		if (error)
5099 			return (error);
5100 		if (nd->nd_repstat == 0) {
5101 			error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
5102 			    pc, NULL, NULL, NULL, NULL, 0, NULL, NULL, NULL,
5103 			    has_namedattrp, p, cred);
5104 			if (!error)
5105 				*attrflagp = 1;
5106 		} else {
5107 			error = nd->nd_repstat;
5108 		}
5109 	} else {
5110 		NFSCL_REQSTART(nd, NFSPROC_PATHCONF, vp, NULL);
5111 		error = nfscl_request(nd, vp, p, cred);
5112 		if (error)
5113 			return (error);
5114 		error = nfscl_postop_attr(nd, nap, attrflagp);
5115 		if (nd->nd_repstat && !error)
5116 			error = nd->nd_repstat;
5117 		if (!error) {
5118 			NFSM_DISSECT(tl, u_int32_t *, NFSX_V3PATHCONF);
5119 			pc->pc_linkmax = fxdr_unsigned(u_int32_t, *tl++);
5120 			pc->pc_namemax = fxdr_unsigned(u_int32_t, *tl++);
5121 			pc->pc_notrunc = fxdr_unsigned(u_int32_t, *tl++);
5122 			pc->pc_chownrestricted =
5123 			    fxdr_unsigned(u_int32_t, *tl++);
5124 			pc->pc_caseinsensitive =
5125 			    fxdr_unsigned(u_int32_t, *tl++);
5126 			pc->pc_casepreserving = fxdr_unsigned(u_int32_t, *tl);
5127 		}
5128 	}
5129 nfsmout:
5130 	m_freem(nd->nd_mrep);
5131 	return (error);
5132 }
5133 
5134 /*
5135  * nfs version 3 fsinfo rpc call
5136  */
5137 int
5138 nfsrpc_fsinfo(vnode_t vp, struct nfsfsinfo *fsp, struct ucred *cred,
5139     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
5140 {
5141 	u_int32_t *tl;
5142 	struct nfsrv_descript nfsd, *nd = &nfsd;
5143 	int error;
5144 
5145 	*attrflagp = 0;
5146 	NFSCL_REQSTART(nd, NFSPROC_FSINFO, vp, NULL);
5147 	error = nfscl_request(nd, vp, p, cred);
5148 	if (error)
5149 		return (error);
5150 	error = nfscl_postop_attr(nd, nap, attrflagp);
5151 	if (nd->nd_repstat && !error)
5152 		error = nd->nd_repstat;
5153 	if (!error) {
5154 		NFSM_DISSECT(tl, u_int32_t *, NFSX_V3FSINFO);
5155 		fsp->fs_rtmax = fxdr_unsigned(u_int32_t, *tl++);
5156 		fsp->fs_rtpref = fxdr_unsigned(u_int32_t, *tl++);
5157 		fsp->fs_rtmult = fxdr_unsigned(u_int32_t, *tl++);
5158 		fsp->fs_wtmax = fxdr_unsigned(u_int32_t, *tl++);
5159 		fsp->fs_wtpref = fxdr_unsigned(u_int32_t, *tl++);
5160 		fsp->fs_wtmult = fxdr_unsigned(u_int32_t, *tl++);
5161 		fsp->fs_dtpref = fxdr_unsigned(u_int32_t, *tl++);
5162 		fsp->fs_maxfilesize = fxdr_hyper(tl);
5163 		tl += 2;
5164 		fxdr_nfsv3time(tl, &fsp->fs_timedelta);
5165 		tl += 2;
5166 		fsp->fs_properties = fxdr_unsigned(u_int32_t, *tl);
5167 	}
5168 nfsmout:
5169 	m_freem(nd->nd_mrep);
5170 	return (error);
5171 }
5172 
5173 /*
5174  * This function performs the Renew RPC.
5175  */
5176 int
5177 nfsrpc_renew(struct nfsclclient *clp, struct nfsclds *dsp, struct ucred *cred,
5178     NFSPROC_T *p)
5179 {
5180 	u_int32_t *tl;
5181 	struct nfsrv_descript nfsd;
5182 	struct nfsrv_descript *nd = &nfsd;
5183 	struct nfsmount *nmp;
5184 	int error;
5185 	struct nfssockreq *nrp;
5186 	struct nfsclsession *tsep;
5187 
5188 	nmp = clp->nfsc_nmp;
5189 	if (nmp == NULL)
5190 		return (0);
5191 	if (dsp == NULL)
5192 		nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL, NULL, 0,
5193 		    0, cred);
5194 	else
5195 		nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL,
5196 		    &dsp->nfsclds_sess, 0, 0, NULL);
5197 	if (!NFSHASNFSV4N(nmp)) {
5198 		/* NFSv4.1 just uses a Sequence Op and not a Renew. */
5199 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
5200 		tsep = nfsmnt_mdssession(nmp);
5201 		*tl++ = tsep->nfsess_clientid.lval[0];
5202 		*tl = tsep->nfsess_clientid.lval[1];
5203 	}
5204 	nrp = NULL;
5205 	if (dsp != NULL)
5206 		nrp = dsp->nfsclds_sockp;
5207 	if (nrp == NULL)
5208 		/* If NULL, use the MDS socket. */
5209 		nrp = &nmp->nm_sockreq;
5210 	nd->nd_flag |= ND_USEGSSNAME;
5211 	if (dsp == NULL)
5212 		error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
5213 		    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5214 	else {
5215 		error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
5216 		    NFS_PROG, NFS_VER4, NULL, 1, NULL, &dsp->nfsclds_sess);
5217 		if (error == ENXIO)
5218 			nfscl_cancelreqs(dsp);
5219 	}
5220 	if (error)
5221 		return (error);
5222 	error = nd->nd_repstat;
5223 	m_freem(nd->nd_mrep);
5224 	return (error);
5225 }
5226 
5227 /*
5228  * This function performs the Releaselockowner RPC.
5229  */
5230 int
5231 nfsrpc_rellockown(struct nfsmount *nmp, struct nfscllockowner *lp,
5232     uint8_t *fh, int fhlen, struct ucred *cred, NFSPROC_T *p)
5233 {
5234 	struct nfsrv_descript nfsd, *nd = &nfsd;
5235 	u_int32_t *tl;
5236 	int error;
5237 	uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
5238 	struct nfsclsession *tsep;
5239 
5240 	if (NFSHASNFSV4N(nmp)) {
5241 		/* For NFSv4.1, do a FreeStateID. */
5242 		nfscl_reqstart(nd, NFSPROC_FREESTATEID, nmp, NULL, 0, NULL,
5243 		    NULL, 0, 0, cred);
5244 		nfsm_stateidtom(nd, &lp->nfsl_stateid, NFSSTATEID_PUTSTATEID);
5245 	} else {
5246 		nfscl_reqstart(nd, NFSPROC_RELEASELCKOWN, nmp, NULL, 0, NULL,
5247 		    NULL, 0, 0, NULL);
5248 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
5249 		tsep = nfsmnt_mdssession(nmp);
5250 		*tl++ = tsep->nfsess_clientid.lval[0];
5251 		*tl = tsep->nfsess_clientid.lval[1];
5252 		NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
5253 		NFSBCOPY(fh, &own[NFSV4CL_LOCKNAMELEN], fhlen);
5254 		(void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
5255 	}
5256 	nd->nd_flag |= ND_USEGSSNAME;
5257 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5258 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5259 	if (error)
5260 		return (error);
5261 	error = nd->nd_repstat;
5262 	m_freem(nd->nd_mrep);
5263 	return (error);
5264 }
5265 
5266 /*
5267  * This function performs the Compound to get the mount pt FH.
5268  */
5269 int
5270 nfsrpc_getdirpath(struct nfsmount *nmp, u_char *dirpath, struct ucred *cred,
5271     NFSPROC_T *p)
5272 {
5273 	u_int32_t *tl;
5274 	struct nfsrv_descript nfsd;
5275 	struct nfsrv_descript *nd = &nfsd;
5276 	u_char *cp, *cp2, *fhp;
5277 	int error, cnt, len, setnil;
5278 	u_int32_t *opcntp;
5279 
5280 	nfscl_reqstart(nd, NFSPROC_PUTROOTFH, nmp, NULL, 0, &opcntp, NULL, 0,
5281 	    0, NULL);
5282 	cp = dirpath;
5283 	cnt = 0;
5284 	do {
5285 		setnil = 0;
5286 		while (*cp == '/')
5287 			cp++;
5288 		cp2 = cp;
5289 		while (*cp2 != '\0' && *cp2 != '/')
5290 			cp2++;
5291 		if (*cp2 == '/') {
5292 			setnil = 1;
5293 			*cp2 = '\0';
5294 		}
5295 		if (cp2 != cp) {
5296 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
5297 			*tl = txdr_unsigned(NFSV4OP_LOOKUP);
5298 			nfsm_strtom(nd, cp, strlen(cp));
5299 			cnt++;
5300 		}
5301 		if (setnil)
5302 			*cp2++ = '/';
5303 		cp = cp2;
5304 	} while (*cp != '\0');
5305 	if (NFSHASNFSV4N(nmp))
5306 		/* Has a Sequence Op done by nfscl_reqstart(). */
5307 		*opcntp = txdr_unsigned(3 + cnt);
5308 	else
5309 		*opcntp = txdr_unsigned(2 + cnt);
5310 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
5311 	*tl = txdr_unsigned(NFSV4OP_GETFH);
5312 	nd->nd_flag |= ND_USEGSSNAME;
5313 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5314 		NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5315 	if (error)
5316 		return (error);
5317 	if (nd->nd_repstat == 0) {
5318 		NFSM_DISSECT(tl, u_int32_t *, (3 + 2 * cnt) * NFSX_UNSIGNED);
5319 		tl += (2 + 2 * cnt);
5320 		if ((len = fxdr_unsigned(int, *tl)) <= 0 ||
5321 			len > NFSX_FHMAX) {
5322 			nd->nd_repstat = NFSERR_BADXDR;
5323 		} else {
5324 			fhp = malloc(len + 1, M_TEMP, M_WAITOK);
5325 			nd->nd_repstat = nfsrv_mtostr(nd, fhp, len);
5326 			if (nd->nd_repstat == 0) {
5327 				NFSLOCKMNT(nmp);
5328 				if (nmp->nm_fhsize == 0) {
5329 					NFSBCOPY(fhp, nmp->nm_fh, len);
5330 					nmp->nm_fhsize = len;
5331 				}
5332 				NFSUNLOCKMNT(nmp);
5333 			}
5334 			free(fhp, M_TEMP);
5335 		}
5336 	}
5337 	error = nd->nd_repstat;
5338 nfsmout:
5339 	m_freem(nd->nd_mrep);
5340 	return (error);
5341 }
5342 
5343 /*
5344  * This function performs the Delegreturn RPC.
5345  */
5346 int
5347 nfsrpc_delegreturn(struct nfscldeleg *dp, struct ucred *cred,
5348     struct nfsmount *nmp, NFSPROC_T *p, int syscred)
5349 {
5350 	u_int32_t *tl;
5351 	struct nfsrv_descript nfsd;
5352 	struct nfsrv_descript *nd = &nfsd;
5353 	int error;
5354 
5355 	nfscl_reqstart(nd, NFSPROC_DELEGRETURN, nmp, dp->nfsdl_fh,
5356 	    dp->nfsdl_fhlen, NULL, NULL, 0, 0, cred);
5357 	NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
5358 	if (NFSHASNFSV4N(nmp))
5359 		*tl++ = 0;
5360 	else
5361 		*tl++ = dp->nfsdl_stateid.seqid;
5362 	*tl++ = dp->nfsdl_stateid.other[0];
5363 	*tl++ = dp->nfsdl_stateid.other[1];
5364 	*tl = dp->nfsdl_stateid.other[2];
5365 	if (syscred)
5366 		nd->nd_flag |= ND_USEGSSNAME;
5367 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5368 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5369 	if (error)
5370 		return (error);
5371 	error = nd->nd_repstat;
5372 	m_freem(nd->nd_mrep);
5373 	return (error);
5374 }
5375 
5376 /*
5377  * nfs getacl call.
5378  */
5379 int
5380 nfsrpc_getacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p, struct acl *aclp)
5381 {
5382 	struct nfsrv_descript nfsd, *nd = &nfsd;
5383 	int error;
5384 	nfsattrbit_t attrbits;
5385 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
5386 
5387 	if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
5388 		return (EOPNOTSUPP);
5389 	NFSCL_REQSTART(nd, NFSPROC_GETACL, vp, cred);
5390 	NFSZERO_ATTRBIT(&attrbits);
5391 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
5392 	(void) nfsrv_putattrbit(nd, &attrbits);
5393 	error = nfscl_request(nd, vp, p, cred);
5394 	if (error)
5395 		return (error);
5396 	if (!nd->nd_repstat)
5397 		error = nfsv4_loadattr(nd, vp, NULL, NULL, NULL, 0, NULL,
5398 		    NULL, NULL, NULL, aclp, 0, NULL, NULL, NULL, NULL, p, cred);
5399 	else
5400 		error = nd->nd_repstat;
5401 	m_freem(nd->nd_mrep);
5402 	return (error);
5403 }
5404 
5405 /*
5406  * nfs setacl call.
5407  */
5408 int
5409 nfsrpc_setacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p, struct acl *aclp)
5410 {
5411 	int error;
5412 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
5413 
5414 	if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
5415 		return (EOPNOTSUPP);
5416 	error = nfsrpc_setattr(vp, NULL, aclp, cred, p, NULL, NULL);
5417 	return (error);
5418 }
5419 
5420 /*
5421  * nfs setacl call.
5422  */
5423 static int
5424 nfsrpc_setaclrpc(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
5425     struct acl *aclp, nfsv4stateid_t *stateidp)
5426 {
5427 	struct nfsrv_descript nfsd, *nd = &nfsd;
5428 	int error;
5429 	nfsattrbit_t attrbits;
5430 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
5431 
5432 	if (!NFSHASNFSV4(nmp))
5433 		return (EOPNOTSUPP);
5434 	NFSCL_REQSTART(nd, NFSPROC_SETACL, vp, cred);
5435 	nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
5436 	NFSZERO_ATTRBIT(&attrbits);
5437 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
5438 	(void) nfsv4_fillattr(nd, vp->v_mount, vp, aclp, NULL, NULL, 0,
5439 	    &attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0, NULL, false, false,
5440 	    false);
5441 	error = nfscl_request(nd, vp, p, cred);
5442 	if (error)
5443 		return (error);
5444 	/* Don't care about the pre/postop attributes */
5445 	m_freem(nd->nd_mrep);
5446 	return (nd->nd_repstat);
5447 }
5448 
5449 /*
5450  * Do the NFSv4.1 Exchange ID.
5451  */
5452 int
5453 nfsrpc_exchangeid(struct nfsmount *nmp, struct nfsclclient *clp,
5454     struct nfssockreq *nrp, int minorvers, uint32_t exchflags,
5455     struct nfsclds **dspp, struct ucred *cred, NFSPROC_T *p)
5456 {
5457 	uint32_t *tl, v41flags;
5458 	struct nfsrv_descript nfsd;
5459 	struct nfsrv_descript *nd = &nfsd;
5460 	struct nfsclds *dsp;
5461 	struct timespec verstime;
5462 	int error, len;
5463 
5464 	*dspp = NULL;
5465 	if (minorvers == 0)
5466 		minorvers = nmp->nm_minorvers;
5467 	nfscl_reqstart(nd, NFSPROC_EXCHANGEID, nmp, NULL, 0, NULL, NULL,
5468 	    NFS_VER4, minorvers, NULL);
5469 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
5470 	*tl++ = txdr_unsigned(nfsboottime.tv_sec);	/* Client owner */
5471 	*tl = txdr_unsigned(clp->nfsc_rev);
5472 	(void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
5473 
5474 	NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
5475 	*tl++ = txdr_unsigned(exchflags);
5476 	*tl++ = txdr_unsigned(NFSV4EXCH_SP4NONE);
5477 
5478 	/* Set the implementation id4 */
5479 	*tl = txdr_unsigned(1);
5480 	(void) nfsm_strtom(nd, "freebsd.org", strlen("freebsd.org"));
5481 	(void) nfsm_strtom(nd, version, strlen(version));
5482 	NFSM_BUILD(tl, uint32_t *, NFSX_V4TIME);
5483 	verstime.tv_sec = 1293840000;		/* Jan 1, 2011 */
5484 	verstime.tv_nsec = 0;
5485 	txdr_nfsv4time(&verstime, tl);
5486 	nd->nd_flag |= ND_USEGSSNAME;
5487 	error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
5488 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5489 	NFSCL_DEBUG(1, "exchangeid err=%d reps=%d\n", error,
5490 	    (int)nd->nd_repstat);
5491 	if (error != 0)
5492 		return (error);
5493 	if (nd->nd_repstat == 0) {
5494 		NFSM_DISSECT(tl, uint32_t *, 6 * NFSX_UNSIGNED + NFSX_HYPER);
5495 		len = fxdr_unsigned(int, *(tl + 7));
5496 		if (len < 0 || len > NFSV4_OPAQUELIMIT) {
5497 			error = NFSERR_BADXDR;
5498 			goto nfsmout;
5499 		}
5500 		dsp = malloc(sizeof(struct nfsclds) + len + 1, M_NFSCLDS,
5501 		    M_WAITOK | M_ZERO);
5502 		dsp->nfsclds_expire = NFSD_MONOSEC + clp->nfsc_renew;
5503 		dsp->nfsclds_servownlen = len;
5504 		dsp->nfsclds_sess.nfsess_clientid.lval[0] = *tl++;
5505 		dsp->nfsclds_sess.nfsess_clientid.lval[1] = *tl++;
5506 		dsp->nfsclds_sess.nfsess_sequenceid =
5507 		    fxdr_unsigned(uint32_t, *tl++);
5508 		v41flags = fxdr_unsigned(uint32_t, *tl);
5509 		if ((v41flags & NFSV4EXCH_USEPNFSMDS) != 0 &&
5510 		    NFSHASPNFSOPT(nmp)) {
5511 			NFSCL_DEBUG(1, "set PNFS\n");
5512 			NFSLOCKMNT(nmp);
5513 			nmp->nm_state |= NFSSTA_PNFS;
5514 			NFSUNLOCKMNT(nmp);
5515 			dsp->nfsclds_flags |= NFSCLDS_MDS;
5516 		}
5517 		if ((v41flags & NFSV4EXCH_USEPNFSDS) != 0)
5518 			dsp->nfsclds_flags |= NFSCLDS_DS;
5519 		if (minorvers == NFSV42_MINORVERSION)
5520 			dsp->nfsclds_flags |= NFSCLDS_MINORV2;
5521 		if (len > 0)
5522 			nd->nd_repstat = nfsrv_mtostr(nd,
5523 			    dsp->nfsclds_serverown, len);
5524 		if (nd->nd_repstat == 0) {
5525 			mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
5526 			mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
5527 			    NULL, MTX_DEF);
5528 			nfscl_initsessionslots(&dsp->nfsclds_sess);
5529 			*dspp = dsp;
5530 		} else
5531 			free(dsp, M_NFSCLDS);
5532 	}
5533 	error = nd->nd_repstat;
5534 nfsmout:
5535 	m_freem(nd->nd_mrep);
5536 	return (error);
5537 }
5538 
5539 /*
5540  * Do the NFSv4.1 Create Session.
5541  */
5542 int
5543 nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep,
5544     struct nfssockreq *nrp, struct nfsclds *dsp, uint32_t sequenceid, int mds,
5545     struct ucred *cred, NFSPROC_T *p)
5546 {
5547 	uint32_t crflags, maxval, *tl;
5548 	struct nfsrv_descript nfsd;
5549 	struct nfsrv_descript *nd = &nfsd;
5550 	int error, irdcnt, minorvers;
5551 
5552 	/* Make sure nm_rsize, nm_wsize is set. */
5553 	if (nmp->nm_rsize > NFS_MAXBSIZE || nmp->nm_rsize == 0)
5554 		nmp->nm_rsize = NFS_MAXBSIZE;
5555 	if (nmp->nm_wsize > NFS_MAXBSIZE || nmp->nm_wsize == 0)
5556 		nmp->nm_wsize = NFS_MAXBSIZE;
5557 	if (dsp == NULL)
5558 		minorvers = nmp->nm_minorvers;
5559 	else if ((dsp->nfsclds_flags & NFSCLDS_MINORV2) != 0)
5560 		minorvers = NFSV42_MINORVERSION;
5561 	else
5562 		minorvers = NFSV41_MINORVERSION;
5563 	nfscl_reqstart(nd, NFSPROC_CREATESESSION, nmp, NULL, 0, NULL, NULL,
5564 	    NFS_VER4, minorvers, NULL);
5565 	NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED);
5566 	*tl++ = sep->nfsess_clientid.lval[0];
5567 	*tl++ = sep->nfsess_clientid.lval[1];
5568 	*tl++ = txdr_unsigned(sequenceid);
5569 	crflags = (NFSMNT_RDONLY(nmp->nm_mountp) ? 0 : NFSV4CRSESS_PERSIST);
5570 	if (nfscl_enablecallb != 0 && nfs_numnfscbd > 0 && mds != 0)
5571 		crflags |= NFSV4CRSESS_CONNBACKCHAN;
5572 	*tl = txdr_unsigned(crflags);
5573 
5574 	/* Fill in fore channel attributes. */
5575 	NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
5576 	*tl++ = 0;				/* Header pad size */
5577 	if ((nd->nd_flag & ND_NFSV42) != 0 && mds != 0 && sb_max_adj >=
5578 	    nmp->nm_wsize && sb_max_adj >= nmp->nm_rsize) {
5579 		/*
5580 		 * NFSv4.2 Extended Attribute operations may want to do
5581 		 * requests/replies that are larger than nm_rsize/nm_wsize.
5582 		 */
5583 		*tl++ = txdr_unsigned(sb_max_adj - NFS_MAXXDR);
5584 		*tl++ = txdr_unsigned(sb_max_adj - NFS_MAXXDR);
5585 	} else {
5586 		*tl++ = txdr_unsigned(nmp->nm_wsize + NFS_MAXXDR);
5587 		*tl++ = txdr_unsigned(nmp->nm_rsize + NFS_MAXXDR);
5588 	}
5589 	*tl++ = txdr_unsigned(4096);		/* Max response size cached */
5590 	*tl++ = txdr_unsigned(20);		/* Max operations */
5591 	*tl++ = txdr_unsigned(64);		/* Max slots */
5592 	*tl = 0;				/* No rdma ird */
5593 
5594 	/* Fill in back channel attributes. */
5595 	NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
5596 	*tl++ = 0;				/* Header pad size */
5597 	*tl++ = txdr_unsigned(10000);		/* Max request size */
5598 	*tl++ = txdr_unsigned(10000);		/* Max response size */
5599 	*tl++ = txdr_unsigned(4096);		/* Max response size cached */
5600 	*tl++ = txdr_unsigned(4);		/* Max operations */
5601 	*tl++ = txdr_unsigned(NFSV4_CBSLOTS);	/* Max slots */
5602 	*tl = 0;				/* No rdma ird */
5603 
5604 	NFSM_BUILD(tl, uint32_t *, 8 * NFSX_UNSIGNED);
5605 	*tl++ = txdr_unsigned(NFS_CALLBCKPROG);	/* Call back prog # */
5606 
5607 	/* Allow AUTH_SYS callbacks as uid, gid == 0. */
5608 	*tl++ = txdr_unsigned(1);		/* Auth_sys only */
5609 	*tl++ = txdr_unsigned(AUTH_SYS);	/* AUTH_SYS type */
5610 	*tl++ = txdr_unsigned(nfsboottime.tv_sec); /* time stamp */
5611 	*tl++ = 0;				/* Null machine name */
5612 	*tl++ = 0;				/* Uid == 0 */
5613 	*tl++ = 0;				/* Gid == 0 */
5614 	*tl = 0;				/* No additional gids */
5615 	nd->nd_flag |= ND_USEGSSNAME;
5616 	error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred, NFS_PROG,
5617 	    NFS_VER4, NULL, 1, NULL, NULL);
5618 	if (error != 0)
5619 		return (error);
5620 	if (nd->nd_repstat == 0) {
5621 		NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
5622 		    2 * NFSX_UNSIGNED);
5623 		bcopy(tl, sep->nfsess_sessionid, NFSX_V4SESSIONID);
5624 		tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
5625 		sep->nfsess_sequenceid = fxdr_unsigned(uint32_t, *tl++);
5626 		crflags = fxdr_unsigned(uint32_t, *tl);
5627 		if ((crflags & NFSV4CRSESS_PERSIST) != 0 && mds != 0) {
5628 			NFSLOCKMNT(nmp);
5629 			nmp->nm_state |= NFSSTA_SESSPERSIST;
5630 			NFSUNLOCKMNT(nmp);
5631 		}
5632 
5633 		/* Get the fore channel slot count. */
5634 		NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
5635 		tl++;			/* Skip the header pad size. */
5636 
5637 		/* Make sure nm_wsize is small enough. */
5638 		maxval = fxdr_unsigned(uint32_t, *tl++);
5639 		while (maxval < nmp->nm_wsize + NFS_MAXXDR) {
5640 			if (nmp->nm_wsize > 8096)
5641 				nmp->nm_wsize /= 2;
5642 			else
5643 				break;
5644 		}
5645 		sep->nfsess_maxreq = maxval;
5646 
5647 		/* Make sure nm_rsize is small enough. */
5648 		maxval = fxdr_unsigned(uint32_t, *tl++);
5649 		while (maxval < nmp->nm_rsize + NFS_MAXXDR) {
5650 			if (nmp->nm_rsize > 8096)
5651 				nmp->nm_rsize /= 2;
5652 			else
5653 				break;
5654 		}
5655 		sep->nfsess_maxresp = maxval;
5656 
5657 		sep->nfsess_maxcache = fxdr_unsigned(int, *tl++);
5658 		tl++;
5659 		sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++);
5660 		NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots);
5661 		irdcnt = fxdr_unsigned(int, *tl);
5662 		if (irdcnt < 0 || irdcnt > 1) {
5663 			error = NFSERR_BADXDR;
5664 			goto nfsmout;
5665 		}
5666 		if (irdcnt > 0)
5667 			NFSM_DISSECT(tl, uint32_t *, irdcnt * NFSX_UNSIGNED);
5668 
5669 		/* and the back channel slot count. */
5670 		NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
5671 		tl += 5;
5672 		sep->nfsess_backslots = fxdr_unsigned(uint16_t, *tl);
5673 		NFSCL_DEBUG(4, "back slots=%d\n", (int)sep->nfsess_backslots);
5674 	}
5675 	error = nd->nd_repstat;
5676 nfsmout:
5677 	m_freem(nd->nd_mrep);
5678 	return (error);
5679 }
5680 
5681 /*
5682  * Do the NFSv4.1 Destroy Client.
5683  */
5684 int
5685 nfsrpc_destroyclient(struct nfsmount *nmp, struct nfsclclient *clp,
5686     struct ucred *cred, NFSPROC_T *p)
5687 {
5688 	uint32_t *tl;
5689 	struct nfsrv_descript nfsd;
5690 	struct nfsrv_descript *nd = &nfsd;
5691 	int error;
5692 	struct nfsclsession *tsep;
5693 
5694 	nfscl_reqstart(nd, NFSPROC_DESTROYCLIENT, nmp, NULL, 0, NULL, NULL, 0,
5695 	    0, NULL);
5696 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
5697 	tsep = nfsmnt_mdssession(nmp);
5698 	*tl++ = tsep->nfsess_clientid.lval[0];
5699 	*tl = tsep->nfsess_clientid.lval[1];
5700 	nd->nd_flag |= ND_USEGSSNAME;
5701 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5702 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5703 	if (error != 0)
5704 		return (error);
5705 	error = nd->nd_repstat;
5706 	m_freem(nd->nd_mrep);
5707 	return (error);
5708 }
5709 
5710 /*
5711  * Do the NFSv4.1 LayoutGet.
5712  */
5713 static int
5714 nfsrpc_layoutget(struct nfsmount *nmp, uint8_t *fhp, int fhlen, int iomode,
5715     uint64_t offset, uint64_t len, uint64_t minlen, int layouttype,
5716     int layoutlen, nfsv4stateid_t *stateidp, int *retonclosep,
5717     struct nfsclflayouthead *flhp, struct ucred *cred, NFSPROC_T *p)
5718 {
5719 	struct nfsrv_descript nfsd, *nd = &nfsd;
5720 	int error;
5721 
5722 	nfscl_reqstart(nd, NFSPROC_LAYOUTGET, nmp, fhp, fhlen, NULL, NULL, 0,
5723 	    0, cred);
5724 	nfsrv_setuplayoutget(nd, iomode, offset, len, minlen, stateidp,
5725 	    layouttype, layoutlen, 0);
5726 	nd->nd_flag |= ND_USEGSSNAME;
5727 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5728 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5729 	NFSCL_DEBUG(4, "layget err=%d st=%d\n", error, nd->nd_repstat);
5730 	if (error != 0)
5731 		return (error);
5732 	if (nd->nd_repstat == 0)
5733 		error = nfsrv_parselayoutget(nmp, nd, stateidp, retonclosep,
5734 		    flhp);
5735 	if (error == 0 && nd->nd_repstat != 0)
5736 		error = nd->nd_repstat;
5737 	m_freem(nd->nd_mrep);
5738 	return (error);
5739 }
5740 
5741 /*
5742  * Do the NFSv4.1 Get Device Info.
5743  */
5744 int
5745 nfsrpc_getdeviceinfo(struct nfsmount *nmp, uint8_t *deviceid, int layouttype,
5746     uint32_t *notifybitsp, struct nfscldevinfo **ndip, struct ucred *cred,
5747     NFSPROC_T *p)
5748 {
5749 	uint32_t cnt, *tl, vers, minorvers;
5750 	struct nfsrv_descript nfsd;
5751 	struct nfsrv_descript *nd = &nfsd;
5752 	struct sockaddr_in sin, ssin;
5753 	struct sockaddr_in6 sin6, ssin6;
5754 	struct nfsclds *dsp = NULL, **dspp, **gotdspp;
5755 	struct nfscldevinfo *ndi;
5756 	int addrcnt = 0, bitcnt, error, gotminor, gotvers, i, isudp, j;
5757 	int stripecnt;
5758 	uint8_t stripeindex;
5759 	sa_family_t af, safilled;
5760 
5761 	ssin.sin_port = 0;		/* To shut up compiler. */
5762 	ssin.sin_addr.s_addr = 0;	/* ditto */
5763 	*ndip = NULL;
5764 	ndi = NULL;
5765 	gotdspp = NULL;
5766 	nfscl_reqstart(nd, NFSPROC_GETDEVICEINFO, nmp, NULL, 0, NULL, NULL, 0,
5767 	    0, cred);
5768 	NFSM_BUILD(tl, uint32_t *, NFSX_V4DEVICEID + 3 * NFSX_UNSIGNED);
5769 	NFSBCOPY(deviceid, tl, NFSX_V4DEVICEID);
5770 	tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
5771 	*tl++ = txdr_unsigned(layouttype);
5772 	*tl++ = txdr_unsigned(100000);
5773 	if (notifybitsp != NULL && *notifybitsp != 0) {
5774 		*tl = txdr_unsigned(1);		/* One word of bits. */
5775 		NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
5776 		*tl = txdr_unsigned(*notifybitsp);
5777 	} else
5778 		*tl = txdr_unsigned(0);
5779 	nd->nd_flag |= ND_USEGSSNAME;
5780 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5781 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5782 	if (error != 0)
5783 		return (error);
5784 	if (nd->nd_repstat == 0) {
5785 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
5786 		if (layouttype != fxdr_unsigned(int, *tl))
5787 			printf("EEK! devinfo layout type not same!\n");
5788 		if (layouttype == NFSLAYOUT_NFSV4_1_FILES) {
5789 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5790 			stripecnt = fxdr_unsigned(int, *tl);
5791 			NFSCL_DEBUG(4, "stripecnt=%d\n", stripecnt);
5792 			if (stripecnt < 1 || stripecnt > 4096) {
5793 				printf("pNFS File layout devinfo stripecnt %d:"
5794 				    " out of range\n", stripecnt);
5795 				error = NFSERR_BADXDR;
5796 				goto nfsmout;
5797 			}
5798 			NFSM_DISSECT(tl, uint32_t *, (stripecnt + 1) *
5799 			    NFSX_UNSIGNED);
5800 			addrcnt = fxdr_unsigned(int, *(tl + stripecnt));
5801 			NFSCL_DEBUG(4, "addrcnt=%d\n", addrcnt);
5802 			if (addrcnt < 1 || addrcnt > 128) {
5803 				printf("NFS devinfo addrcnt %d: out of range\n",
5804 				    addrcnt);
5805 				error = NFSERR_BADXDR;
5806 				goto nfsmout;
5807 			}
5808 
5809 			/*
5810 			 * Now we know how many stripe indices and addresses, so
5811 			 * we can allocate the structure the correct size.
5812 			 */
5813 			i = (stripecnt * sizeof(uint8_t)) /
5814 			    sizeof(struct nfsclds *) + 1;
5815 			NFSCL_DEBUG(4, "stripeindices=%d\n", i);
5816 			ndi = malloc(sizeof(*ndi) + (addrcnt + i) *
5817 			    sizeof(struct nfsclds *), M_NFSDEVINFO, M_WAITOK |
5818 			    M_ZERO);
5819 			NFSBCOPY(deviceid, ndi->nfsdi_deviceid,
5820 			    NFSX_V4DEVICEID);
5821 			ndi->nfsdi_refcnt = 0;
5822 			ndi->nfsdi_flags = NFSDI_FILELAYOUT;
5823 			ndi->nfsdi_stripecnt = stripecnt;
5824 			ndi->nfsdi_addrcnt = addrcnt;
5825 			/* Fill in the stripe indices. */
5826 			for (i = 0; i < stripecnt; i++) {
5827 				stripeindex = fxdr_unsigned(uint8_t, *tl++);
5828 				NFSCL_DEBUG(4, "stripeind=%d\n", stripeindex);
5829 				if (stripeindex >= addrcnt) {
5830 					printf("pNFS File Layout devinfo"
5831 					    " stripeindex %d: too big\n",
5832 					    (int)stripeindex);
5833 					error = NFSERR_BADXDR;
5834 					goto nfsmout;
5835 				}
5836 				nfsfldi_setstripeindex(ndi, i, stripeindex);
5837 			}
5838 		} else if (layouttype == NFSLAYOUT_FLEXFILE) {
5839 			/* For Flex File, we only get one address list. */
5840 			ndi = malloc(sizeof(*ndi) + sizeof(struct nfsclds *),
5841 			    M_NFSDEVINFO, M_WAITOK | M_ZERO);
5842 			NFSBCOPY(deviceid, ndi->nfsdi_deviceid,
5843 			    NFSX_V4DEVICEID);
5844 			ndi->nfsdi_refcnt = 0;
5845 			ndi->nfsdi_flags = NFSDI_FLEXFILE;
5846 			addrcnt = ndi->nfsdi_addrcnt = 1;
5847 		}
5848 
5849 		/* Now, dissect the server address(es). */
5850 		safilled = AF_UNSPEC;
5851 		for (i = 0; i < addrcnt; i++) {
5852 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5853 			cnt = fxdr_unsigned(uint32_t, *tl);
5854 			if (cnt == 0) {
5855 				printf("NFS devinfo 0 len addrlist\n");
5856 				error = NFSERR_BADXDR;
5857 				goto nfsmout;
5858 			}
5859 			dspp = nfsfldi_addr(ndi, i);
5860 			safilled = AF_UNSPEC;
5861 			for (j = 0; j < cnt; j++) {
5862 				error = nfsv4_getipaddr(nd, &sin, &sin6, &af,
5863 				    &isudp);
5864 				if (error != 0 && error != EPERM) {
5865 					error = NFSERR_BADXDR;
5866 					goto nfsmout;
5867 				}
5868 				if (error == 0 && isudp == 0) {
5869 					/*
5870 					 * The priority is:
5871 					 * - Same address family.
5872 					 * Save the address and dspp, so that
5873 					 * the connection can be done after
5874 					 * parsing is complete.
5875 					 */
5876 					if (safilled == AF_UNSPEC ||
5877 					    (af == nmp->nm_nam->sa_family &&
5878 					     safilled != nmp->nm_nam->sa_family)
5879 					   ) {
5880 						if (af == AF_INET)
5881 							ssin = sin;
5882 						else
5883 							ssin6 = sin6;
5884 						safilled = af;
5885 						gotdspp = dspp;
5886 					}
5887 				}
5888 			}
5889 		}
5890 
5891 		gotvers = NFS_VER4;	/* Default NFSv4.1 for File Layout. */
5892 		gotminor = NFSV41_MINORVERSION;
5893 		/* For Flex File, we will take one of the versions to use. */
5894 		if (layouttype == NFSLAYOUT_FLEXFILE) {
5895 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5896 			j = fxdr_unsigned(int, *tl);
5897 			if (j < 1 || j > NFSDEV_MAXVERS) {
5898 				printf("pNFS: too many versions\n");
5899 				error = NFSERR_BADXDR;
5900 				goto nfsmout;
5901 			}
5902 			gotvers = 0;
5903 			gotminor = 0;
5904 			for (i = 0; i < j; i++) {
5905 				NFSM_DISSECT(tl, uint32_t *, 5 * NFSX_UNSIGNED);
5906 				vers = fxdr_unsigned(uint32_t, *tl++);
5907 				minorvers = fxdr_unsigned(uint32_t, *tl++);
5908 				if (vers == NFS_VER3)
5909 					minorvers = 0;
5910 				if ((vers == NFS_VER4 && ((minorvers ==
5911 				    NFSV41_MINORVERSION && gotminor == 0) ||
5912 				    minorvers == NFSV42_MINORVERSION)) ||
5913 				    (vers == NFS_VER3 && gotvers == 0)) {
5914 					gotvers = vers;
5915 					gotminor = minorvers;
5916 					/* We'll take this one. */
5917 					ndi->nfsdi_versindex = i;
5918 					ndi->nfsdi_vers = vers;
5919 					ndi->nfsdi_minorvers = minorvers;
5920 					ndi->nfsdi_rsize = fxdr_unsigned(
5921 					    uint32_t, *tl++);
5922 					ndi->nfsdi_wsize = fxdr_unsigned(
5923 					    uint32_t, *tl++);
5924 					if (*tl == newnfs_true)
5925 						ndi->nfsdi_flags |=
5926 						    NFSDI_TIGHTCOUPLED;
5927 					else
5928 						ndi->nfsdi_flags &=
5929 						    ~NFSDI_TIGHTCOUPLED;
5930 				}
5931 			}
5932 			if (gotvers == 0) {
5933 				printf("pNFS: no NFSv3, NFSv4.1 or NFSv4.2\n");
5934 				error = NFSERR_BADXDR;
5935 				goto nfsmout;
5936 			}
5937 		}
5938 
5939 		/* And the notify bits. */
5940 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5941 		bitcnt = fxdr_unsigned(int, *tl);
5942 		if (bitcnt > 0) {
5943 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5944 			if (notifybitsp != NULL)
5945 				*notifybitsp =
5946 				    fxdr_unsigned(uint32_t, *tl);
5947 		}
5948 		if (safilled != AF_UNSPEC) {
5949 			KASSERT(ndi != NULL, ("ndi is NULL"));
5950 			*ndip = ndi;
5951 		} else
5952 			error = EPERM;
5953 		if (error == 0) {
5954 			/*
5955 			 * Now we can do a TCP connection for the correct
5956 			 * NFS version and IP address.
5957 			 */
5958 			error = nfsrpc_fillsa(nmp, &ssin, &ssin6, safilled,
5959 			    gotvers, gotminor, &dsp, p);
5960 		}
5961 		if (error == 0) {
5962 			KASSERT(gotdspp != NULL, ("gotdspp is NULL"));
5963 			*gotdspp = dsp;
5964 		}
5965 	}
5966 	if (nd->nd_repstat != 0 && error == 0)
5967 		error = nd->nd_repstat;
5968 nfsmout:
5969 	if (error != 0 && ndi != NULL)
5970 		nfscl_freedevinfo(ndi);
5971 	m_freem(nd->nd_mrep);
5972 	return (error);
5973 }
5974 
5975 /*
5976  * Do the NFSv4.1 LayoutCommit.
5977  */
5978 int
5979 nfsrpc_layoutcommit(struct nfsmount *nmp, uint8_t *fh, int fhlen, int reclaim,
5980     uint64_t off, uint64_t len, uint64_t lastbyte, nfsv4stateid_t *stateidp,
5981     int layouttype, struct ucred *cred, NFSPROC_T *p)
5982 {
5983 	uint32_t *tl;
5984 	struct nfsrv_descript nfsd, *nd = &nfsd;
5985 	int error;
5986 
5987 	nfscl_reqstart(nd, NFSPROC_LAYOUTCOMMIT, nmp, fh, fhlen, NULL, NULL,
5988 	    0, 0, cred);
5989 	NFSM_BUILD(tl, uint32_t *, 5 * NFSX_UNSIGNED + 3 * NFSX_HYPER +
5990 	    NFSX_STATEID);
5991 	txdr_hyper(off, tl);
5992 	tl += 2;
5993 	txdr_hyper(len, tl);
5994 	tl += 2;
5995 	if (reclaim != 0)
5996 		*tl++ = newnfs_true;
5997 	else
5998 		*tl++ = newnfs_false;
5999 	*tl++ = txdr_unsigned(stateidp->seqid);
6000 	*tl++ = stateidp->other[0];
6001 	*tl++ = stateidp->other[1];
6002 	*tl++ = stateidp->other[2];
6003 	*tl++ = newnfs_true;
6004 	if (lastbyte < off)
6005 		lastbyte = off;
6006 	else if (lastbyte >= (off + len))
6007 		lastbyte = off + len - 1;
6008 	txdr_hyper(lastbyte, tl);
6009 	tl += 2;
6010 	*tl++ = newnfs_false;
6011 	*tl++ = txdr_unsigned(layouttype);
6012 	/* All supported layouts are 0 length. */
6013 	*tl = txdr_unsigned(0);
6014 	nd->nd_flag |= ND_USEGSSNAME;
6015 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
6016 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
6017 	if (error != 0)
6018 		return (error);
6019 	error = nd->nd_repstat;
6020 	m_freem(nd->nd_mrep);
6021 	return (error);
6022 }
6023 
6024 /*
6025  * Do the NFSv4.1 LayoutReturn.
6026  */
6027 int
6028 nfsrpc_layoutreturn(struct nfsmount *nmp, uint8_t *fh, int fhlen, int reclaim,
6029     int layouttype, uint32_t iomode, int layoutreturn, uint64_t offset,
6030     uint64_t len, nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
6031     uint32_t stat, uint32_t op, char *devid)
6032 {
6033 	uint32_t *tl;
6034 	struct nfsrv_descript nfsd, *nd = &nfsd;
6035 	uint64_t tu64;
6036 	int error;
6037 
6038 	nfscl_reqstart(nd, NFSPROC_LAYOUTRETURN, nmp, fh, fhlen, NULL, NULL,
6039 	    0, 0, cred);
6040 	NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED);
6041 	if (reclaim != 0)
6042 		*tl++ = newnfs_true;
6043 	else
6044 		*tl++ = newnfs_false;
6045 	*tl++ = txdr_unsigned(layouttype);
6046 	*tl++ = txdr_unsigned(iomode);
6047 	*tl = txdr_unsigned(layoutreturn);
6048 	if (layoutreturn == NFSLAYOUTRETURN_FILE) {
6049 		NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER + NFSX_STATEID +
6050 		    NFSX_UNSIGNED);
6051 		txdr_hyper(offset, tl);
6052 		tl += 2;
6053 		txdr_hyper(len, tl);
6054 		tl += 2;
6055 		NFSCL_DEBUG(4, "layoutret stseq=%d\n", (int)stateidp->seqid);
6056 		*tl++ = txdr_unsigned(stateidp->seqid);
6057 		*tl++ = stateidp->other[0];
6058 		*tl++ = stateidp->other[1];
6059 		*tl++ = stateidp->other[2];
6060 		if (layouttype == NFSLAYOUT_NFSV4_1_FILES)
6061 			*tl = txdr_unsigned(0);
6062 		else if (layouttype == NFSLAYOUT_FLEXFILE) {
6063 			if (stat != 0) {
6064 				*tl = txdr_unsigned(2 * NFSX_HYPER +
6065 				    NFSX_STATEID + NFSX_V4DEVICEID + 5 *
6066 				    NFSX_UNSIGNED);
6067 				NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER +
6068 				    NFSX_STATEID + NFSX_V4DEVICEID + 5 *
6069 				    NFSX_UNSIGNED);
6070 				*tl++ = txdr_unsigned(1);	/* One error. */
6071 				tu64 = 0;			/* Offset. */
6072 				txdr_hyper(tu64, tl); tl += 2;
6073 				tu64 = UINT64_MAX;		/* Length. */
6074 				txdr_hyper(tu64, tl); tl += 2;
6075 				NFSBCOPY(stateidp, tl, NFSX_STATEID);
6076 				tl += (NFSX_STATEID / NFSX_UNSIGNED);
6077 				*tl++ = txdr_unsigned(1);	/* One error. */
6078 				NFSBCOPY(devid, tl, NFSX_V4DEVICEID);
6079 				tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
6080 				*tl++ = txdr_unsigned(stat);
6081 				*tl++ = txdr_unsigned(op);
6082 			} else {
6083 				*tl = txdr_unsigned(2 * NFSX_UNSIGNED);
6084 				NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
6085 				/* No ioerrs. */
6086 				*tl++ = 0;
6087 			}
6088 			*tl = 0;	/* No stats yet. */
6089 		}
6090 	}
6091 	nd->nd_flag |= ND_USEGSSNAME;
6092 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
6093 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
6094 	if (error != 0)
6095 		return (error);
6096 	if (nd->nd_repstat == 0) {
6097 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
6098 		if (*tl != 0) {
6099 			NFSM_DISSECT(tl, uint32_t *, NFSX_STATEID);
6100 			stateidp->seqid = fxdr_unsigned(uint32_t, *tl++);
6101 			stateidp->other[0] = *tl++;
6102 			stateidp->other[1] = *tl++;
6103 			stateidp->other[2] = *tl;
6104 		}
6105 	} else
6106 		error = nd->nd_repstat;
6107 nfsmout:
6108 	m_freem(nd->nd_mrep);
6109 	return (error);
6110 }
6111 
6112 /*
6113  * Do the NFSv4.2 LayoutError.
6114  */
6115 static int
6116 nfsrpc_layouterror(struct nfsmount *nmp, uint8_t *fh, int fhlen, uint64_t offset,
6117     uint64_t len, nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
6118     uint32_t stat, uint32_t op, char *devid)
6119 {
6120 	uint32_t *tl;
6121 	struct nfsrv_descript nfsd, *nd = &nfsd;
6122 	int error;
6123 
6124 	nfscl_reqstart(nd, NFSPROC_LAYOUTERROR, nmp, fh, fhlen, NULL, NULL,
6125 	    0, 0, cred);
6126 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER + NFSX_STATEID +
6127 	    NFSX_V4DEVICEID + 3 * NFSX_UNSIGNED);
6128 	txdr_hyper(offset, tl); tl += 2;
6129 	txdr_hyper(len, tl); tl += 2;
6130 	*tl++ = txdr_unsigned(stateidp->seqid);
6131 	*tl++ = stateidp->other[0];
6132 	*tl++ = stateidp->other[1];
6133 	*tl++ = stateidp->other[2];
6134 	*tl++ = txdr_unsigned(1);
6135 	NFSBCOPY(devid, tl, NFSX_V4DEVICEID);
6136 	tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
6137 	*tl++ = txdr_unsigned(stat);
6138 	*tl = txdr_unsigned(op);
6139 	nd->nd_flag |= ND_USEGSSNAME;
6140 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
6141 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
6142 	if (error != 0)
6143 		return (error);
6144 	if (nd->nd_repstat != 0)
6145 		error = nd->nd_repstat;
6146 	m_freem(nd->nd_mrep);
6147 	return (error);
6148 }
6149 
6150 /*
6151  * Acquire a layout and devinfo, if possible. The caller must have acquired
6152  * a reference count on the nfsclclient structure before calling this.
6153  * Return the layout in lypp with a reference count on it, if successful.
6154  */
6155 static int
6156 nfsrpc_getlayout(struct nfsmount *nmp, vnode_t vp, struct nfsfh *nfhp,
6157     int iomode, uint32_t rw, uint32_t *notifybitsp, nfsv4stateid_t *stateidp,
6158     uint64_t off, struct nfscllayout **lypp, struct ucred *cred, NFSPROC_T *p)
6159 {
6160 	struct nfscllayout *lyp;
6161 	struct nfsclflayout *flp;
6162 	struct nfsclflayouthead flh;
6163 	int error = 0, islocked, layoutlen, layouttype, recalled, retonclose;
6164 	nfsv4stateid_t stateid;
6165 	struct nfsclsession *tsep;
6166 
6167 	*lypp = NULL;
6168 	if (NFSHASFLEXFILE(nmp))
6169 		layouttype = NFSLAYOUT_FLEXFILE;
6170 	else
6171 		layouttype = NFSLAYOUT_NFSV4_1_FILES;
6172 	/*
6173 	 * If lyp is returned non-NULL, there will be a refcnt (shared lock)
6174 	 * on it, iff flp != NULL or a lock (exclusive lock) on it iff
6175 	 * flp == NULL.
6176 	 */
6177 	lyp = nfscl_getlayout(nmp->nm_clp, nfhp->nfh_fh, nfhp->nfh_len,
6178 	    off, rw, &flp, &recalled);
6179 	islocked = 0;
6180 	if (lyp == NULL || flp == NULL) {
6181 		if (recalled != 0)
6182 			return (EIO);
6183 		LIST_INIT(&flh);
6184 		tsep = nfsmnt_mdssession(nmp);
6185 		layoutlen = tsep->nfsess_maxcache -
6186 		    (NFSX_STATEID + 3 * NFSX_UNSIGNED);
6187 		if (lyp == NULL) {
6188 			stateid.seqid = 0;
6189 			stateid.other[0] = stateidp->other[0];
6190 			stateid.other[1] = stateidp->other[1];
6191 			stateid.other[2] = stateidp->other[2];
6192 			error = nfsrpc_layoutget(nmp, nfhp->nfh_fh,
6193 			    nfhp->nfh_len, iomode, (uint64_t)0, UINT64_MAX,
6194 			    (uint64_t)0, layouttype, layoutlen, &stateid,
6195 			    &retonclose, &flh, cred, p);
6196 		} else {
6197 			islocked = 1;
6198 			stateid.seqid = lyp->nfsly_stateid.seqid;
6199 			stateid.other[0] = lyp->nfsly_stateid.other[0];
6200 			stateid.other[1] = lyp->nfsly_stateid.other[1];
6201 			stateid.other[2] = lyp->nfsly_stateid.other[2];
6202 			error = nfsrpc_layoutget(nmp, nfhp->nfh_fh,
6203 			    nfhp->nfh_len, iomode, off, UINT64_MAX,
6204 			    (uint64_t)0, layouttype, layoutlen, &stateid,
6205 			    &retonclose, &flh, cred, p);
6206 		}
6207 		error = nfsrpc_layoutgetres(nmp, vp, nfhp->nfh_fh,
6208 		    nfhp->nfh_len, &stateid, retonclose, notifybitsp, &lyp,
6209 		    &flh, layouttype, error, NULL, cred, p);
6210 		if (error == 0)
6211 			*lypp = lyp;
6212 		else if (islocked != 0)
6213 			nfscl_rellayout(lyp, 1);
6214 	} else
6215 		*lypp = lyp;
6216 	return (error);
6217 }
6218 
6219 /*
6220  * Do a TCP connection plus exchange id and create session.
6221  * If successful, a "struct nfsclds" is linked into the list for the
6222  * mount point and a pointer to it is returned.
6223  */
6224 static int
6225 nfsrpc_fillsa(struct nfsmount *nmp, struct sockaddr_in *sin,
6226     struct sockaddr_in6 *sin6, sa_family_t af, int vers, int minorvers,
6227     struct nfsclds **dspp, NFSPROC_T *p)
6228 {
6229 	struct sockaddr_in *msad, *sad;
6230 	struct sockaddr_in6 *msad6, *sad6;
6231 	struct nfsclclient *clp;
6232 	struct nfssockreq *nrp;
6233 	struct nfsclds *dsp, *tdsp;
6234 	int error, firsttry;
6235 	enum nfsclds_state retv;
6236 	uint32_t sequenceid = 0;
6237 
6238 	KASSERT(nmp->nm_sockreq.nr_cred != NULL,
6239 	    ("nfsrpc_fillsa: NULL nr_cred"));
6240 	NFSLOCKCLSTATE();
6241 	clp = nmp->nm_clp;
6242 	NFSUNLOCKCLSTATE();
6243 	if (clp == NULL)
6244 		return (EPERM);
6245 	if (af == AF_INET) {
6246 		NFSLOCKMNT(nmp);
6247 		/*
6248 		 * Check to see if we already have a session for this
6249 		 * address that is usable for a DS.
6250 		 * Note that the MDS's address is in a different place
6251 		 * than the sessions already acquired for DS's.
6252 		 */
6253 		msad = (struct sockaddr_in *)nmp->nm_sockreq.nr_nam;
6254 		tdsp = TAILQ_FIRST(&nmp->nm_sess);
6255 		while (tdsp != NULL) {
6256 			if (msad != NULL && msad->sin_family == AF_INET &&
6257 			    sin->sin_addr.s_addr == msad->sin_addr.s_addr &&
6258 			    sin->sin_port == msad->sin_port &&
6259 			    (tdsp->nfsclds_flags & NFSCLDS_DS) != 0 &&
6260 			    tdsp->nfsclds_sess.nfsess_defunct == 0) {
6261 				*dspp = tdsp;
6262 				NFSUNLOCKMNT(nmp);
6263 				NFSCL_DEBUG(4, "fnd same addr\n");
6264 				return (0);
6265 			}
6266 			tdsp = TAILQ_NEXT(tdsp, nfsclds_list);
6267 			if (tdsp != NULL && tdsp->nfsclds_sockp != NULL)
6268 				msad = (struct sockaddr_in *)
6269 				    tdsp->nfsclds_sockp->nr_nam;
6270 			else
6271 				msad = NULL;
6272 		}
6273 		NFSUNLOCKMNT(nmp);
6274 
6275 		/* No IP address match, so look for new/trunked one. */
6276 		sad = malloc(sizeof(*sad), M_SONAME, M_WAITOK | M_ZERO);
6277 		sad->sin_len = sizeof(*sad);
6278 		sad->sin_family = AF_INET;
6279 		sad->sin_port = sin->sin_port;
6280 		sad->sin_addr.s_addr = sin->sin_addr.s_addr;
6281 		if (NFSHASPNFS(nmp) && NFSHASKERB(nmp)) {
6282 			/* For pNFS, a separate server principal is needed. */
6283 			nrp = malloc(sizeof(*nrp) + NI_MAXSERV + NI_MAXHOST,
6284 			    M_NFSSOCKREQ, M_WAITOK | M_ZERO);
6285 			/*
6286 			 * Use the latter part of nr_srvprinc as a temporary
6287 			 * buffer for the IP address.
6288 			 */
6289 			inet_ntoa_r(sad->sin_addr,
6290 			    &nrp->nr_srvprinc[NI_MAXSERV]);
6291 			NFSCL_DEBUG(1, "nfsrpc_fillsa: DS IP=%s\n",
6292 			    &nrp->nr_srvprinc[NI_MAXSERV]);
6293 			if (!rpc_gss_ip_to_srv_principal_call(
6294 			    &nrp->nr_srvprinc[NI_MAXSERV], "nfs",
6295 			    nrp->nr_srvprinc))
6296 				nrp->nr_srvprinc[0] = '\0';
6297 			NFSCL_DEBUG(1, "nfsrpc_fillsa: srv principal=%s\n",
6298 			    nrp->nr_srvprinc);
6299 		} else
6300 			nrp = malloc(sizeof(*nrp), M_NFSSOCKREQ,
6301 			    M_WAITOK | M_ZERO);
6302 		nrp->nr_nam = (struct sockaddr *)sad;
6303 	} else if (af == AF_INET6) {
6304 		NFSLOCKMNT(nmp);
6305 		/*
6306 		 * Check to see if we already have a session for this
6307 		 * address that is usable for a DS.
6308 		 * Note that the MDS's address is in a different place
6309 		 * than the sessions already acquired for DS's.
6310 		 */
6311 		msad6 = (struct sockaddr_in6 *)nmp->nm_sockreq.nr_nam;
6312 		tdsp = TAILQ_FIRST(&nmp->nm_sess);
6313 		while (tdsp != NULL) {
6314 			if (msad6 != NULL && msad6->sin6_family == AF_INET6 &&
6315 			    IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
6316 			    &msad6->sin6_addr) &&
6317 			    sin6->sin6_port == msad6->sin6_port &&
6318 			    (tdsp->nfsclds_flags & NFSCLDS_DS) != 0 &&
6319 			    tdsp->nfsclds_sess.nfsess_defunct == 0) {
6320 				*dspp = tdsp;
6321 				NFSUNLOCKMNT(nmp);
6322 				return (0);
6323 			}
6324 			tdsp = TAILQ_NEXT(tdsp, nfsclds_list);
6325 			if (tdsp != NULL && tdsp->nfsclds_sockp != NULL)
6326 				msad6 = (struct sockaddr_in6 *)
6327 				    tdsp->nfsclds_sockp->nr_nam;
6328 			else
6329 				msad6 = NULL;
6330 		}
6331 		NFSUNLOCKMNT(nmp);
6332 
6333 		/* No IP address match, so look for new/trunked one. */
6334 		sad6 = malloc(sizeof(*sad6), M_SONAME, M_WAITOK | M_ZERO);
6335 		sad6->sin6_len = sizeof(*sad6);
6336 		sad6->sin6_family = AF_INET6;
6337 		sad6->sin6_port = sin6->sin6_port;
6338 		NFSBCOPY(&sin6->sin6_addr, &sad6->sin6_addr,
6339 		    sizeof(struct in6_addr));
6340 		if (NFSHASPNFS(nmp) && NFSHASKERB(nmp)) {
6341 			/* For pNFS, a separate server principal is needed. */
6342 			nrp = malloc(sizeof(*nrp) + NI_MAXSERV + NI_MAXHOST,
6343 			    M_NFSSOCKREQ, M_WAITOK | M_ZERO);
6344 			/*
6345 			 * Use the latter part of nr_srvprinc as a temporary
6346 			 * buffer for the IP address.
6347 			 */
6348 			inet_ntop(AF_INET6, &sad6->sin6_addr,
6349 			    &nrp->nr_srvprinc[NI_MAXSERV], NI_MAXHOST);
6350 			NFSCL_DEBUG(1, "nfsrpc_fillsa: DS IP=%s\n",
6351 			    &nrp->nr_srvprinc[NI_MAXSERV]);
6352 			if (!rpc_gss_ip_to_srv_principal_call(
6353 			    &nrp->nr_srvprinc[NI_MAXSERV], "nfs",
6354 			    nrp->nr_srvprinc))
6355 				nrp->nr_srvprinc[0] = '\0';
6356 			NFSCL_DEBUG(1, "nfsrpc_fillsa: srv principal=%s\n",
6357 			    nrp->nr_srvprinc);
6358 		} else
6359 			nrp = malloc(sizeof(*nrp), M_NFSSOCKREQ,
6360 			    M_WAITOK | M_ZERO);
6361 		nrp->nr_nam = (struct sockaddr *)sad6;
6362 	} else
6363 		return (EPERM);
6364 
6365 	nrp->nr_sotype = SOCK_STREAM;
6366 	mtx_init(&nrp->nr_mtx, "nfssock", NULL, MTX_DEF);
6367 	nrp->nr_prog = NFS_PROG;
6368 	nrp->nr_vers = vers;
6369 
6370 	/*
6371 	 * Use the credentials that were used for the mount, which are
6372 	 * in nmp->nm_sockreq.nr_cred for newnfs_connect() etc.
6373 	 * Ref. counting the credentials with crhold() is probably not
6374 	 * necessary, since nm_sockreq.nr_cred won't be crfree()'d until
6375 	 * unmount, but I did it anyhow.
6376 	 */
6377 	nrp->nr_cred = crhold(nmp->nm_sockreq.nr_cred);
6378 	error = newnfs_connect(nmp, nrp, NULL, p, 0, false, &nrp->nr_client);
6379 	NFSCL_DEBUG(3, "DS connect=%d\n", error);
6380 
6381 	dsp = NULL;
6382 	/* Now, do the exchangeid and create session. */
6383 	if (error == 0) {
6384 		if (vers == NFS_VER4) {
6385 			firsttry = 0;
6386 			do {
6387 				error = nfsrpc_exchangeid(nmp, clp, nrp,
6388 				    minorvers, NFSV4EXCH_USEPNFSDS, &dsp,
6389 				    nrp->nr_cred, p);
6390 				NFSCL_DEBUG(3, "DS exchangeid=%d\n", error);
6391 				if (error == NFSERR_MINORVERMISMATCH)
6392 					minorvers = NFSV42_MINORVERSION;
6393 			} while (error == NFSERR_MINORVERMISMATCH &&
6394 			    firsttry++ == 0);
6395 			if (error != 0)
6396 				newnfs_disconnect(NULL, nrp);
6397 		} else {
6398 			dsp = malloc(sizeof(struct nfsclds), M_NFSCLDS,
6399 			    M_WAITOK | M_ZERO);
6400 			dsp->nfsclds_flags |= NFSCLDS_DS;
6401 			dsp->nfsclds_expire = INT32_MAX; /* No renews needed. */
6402 			mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
6403 			mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
6404 			    NULL, MTX_DEF);
6405 		}
6406 	}
6407 	if (error == 0) {
6408 		dsp->nfsclds_sockp = nrp;
6409 		if (vers == NFS_VER4) {
6410 			NFSLOCKMNT(nmp);
6411 			retv = nfscl_getsameserver(nmp, dsp, &tdsp,
6412 			    &sequenceid);
6413 			NFSCL_DEBUG(3, "getsame ret=%d\n", retv);
6414 			if (retv == NFSDSP_USETHISSESSION &&
6415 			    nfscl_dssameconn != 0) {
6416 				NFSLOCKDS(tdsp);
6417 				tdsp->nfsclds_flags |= NFSCLDS_SAMECONN;
6418 				NFSUNLOCKDS(tdsp);
6419 				NFSUNLOCKMNT(nmp);
6420 				/*
6421 				 * If there is already a session for this
6422 				 * server, use it.
6423 				 */
6424 				newnfs_disconnect(NULL, nrp);
6425 				nfscl_freenfsclds(dsp);
6426 				*dspp = tdsp;
6427 				return (0);
6428 			}
6429 			if (retv == NFSDSP_NOTFOUND)
6430 				sequenceid =
6431 				    dsp->nfsclds_sess.nfsess_sequenceid;
6432 			NFSUNLOCKMNT(nmp);
6433 			error = nfsrpc_createsession(nmp, &dsp->nfsclds_sess,
6434 			    nrp, dsp, sequenceid, 0, nrp->nr_cred, p);
6435 			NFSCL_DEBUG(3, "DS createsess=%d\n", error);
6436 		}
6437 	} else {
6438 		NFSFREECRED(nrp->nr_cred);
6439 		NFSFREEMUTEX(&nrp->nr_mtx);
6440 		free(nrp->nr_nam, M_SONAME);
6441 		free(nrp, M_NFSSOCKREQ);
6442 	}
6443 	if (error == 0) {
6444 		NFSCL_DEBUG(3, "add DS session\n");
6445 		/*
6446 		 * Put it at the end of the list. That way the list
6447 		 * is ordered by when the entry was added. This matters
6448 		 * since the one done first is the one that should be
6449 		 * used for sequencid'ing any subsequent create sessions.
6450 		 */
6451 		NFSLOCKMNT(nmp);
6452 		TAILQ_INSERT_TAIL(&nmp->nm_sess, dsp, nfsclds_list);
6453 		NFSUNLOCKMNT(nmp);
6454 		*dspp = dsp;
6455 	} else if (dsp != NULL) {
6456 		newnfs_disconnect(NULL, nrp);
6457 		nfscl_freenfsclds(dsp);
6458 	}
6459 	return (error);
6460 }
6461 
6462 /*
6463  * Do the NFSv4.1 Reclaim Complete.
6464  */
6465 int
6466 nfsrpc_reclaimcomplete(struct nfsmount *nmp, struct ucred *cred, NFSPROC_T *p)
6467 {
6468 	uint32_t *tl;
6469 	struct nfsrv_descript nfsd;
6470 	struct nfsrv_descript *nd = &nfsd;
6471 	int error;
6472 
6473 	nfscl_reqstart(nd, NFSPROC_RECLAIMCOMPL, nmp, NULL, 0, NULL, NULL, 0,
6474 	    0, cred);
6475 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
6476 	*tl = newnfs_false;
6477 	nd->nd_flag |= ND_USEGSSNAME;
6478 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
6479 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
6480 	if (error != 0)
6481 		return (error);
6482 	error = nd->nd_repstat;
6483 	m_freem(nd->nd_mrep);
6484 	return (error);
6485 }
6486 
6487 /*
6488  * Initialize the slot tables for a session.
6489  */
6490 static void
6491 nfscl_initsessionslots(struct nfsclsession *sep)
6492 {
6493 	int i;
6494 
6495 	for (i = 0; i < NFSV4_CBSLOTS; i++) {
6496 		if (sep->nfsess_cbslots[i].nfssl_reply != NULL)
6497 			m_freem(sep->nfsess_cbslots[i].nfssl_reply);
6498 		NFSBZERO(&sep->nfsess_cbslots[i], sizeof(struct nfsslot));
6499 	}
6500 	for (i = 0; i < 64; i++)
6501 		sep->nfsess_slotseq[i] = 0;
6502 	sep->nfsess_slots = 0;
6503 	sep->nfsess_badslots = 0;
6504 }
6505 
6506 /*
6507  * Called to try and do an I/O operation via an NFSv4.1 Data Server (DS).
6508  */
6509 int
6510 nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
6511     uint32_t rwaccess, int docommit, struct ucred *cred, NFSPROC_T *p)
6512 {
6513 	struct nfsnode *np = VTONFS(vp);
6514 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
6515 	struct nfscllayout *layp;
6516 	struct nfscldevinfo *dip;
6517 	struct nfsclflayout *rflp;
6518 	struct mbuf *m, *m2;
6519 	struct nfsclwritedsdorpc *drpc, *tdrpc;
6520 	nfsv4stateid_t stateid;
6521 	struct ucred *newcred;
6522 	uint64_t lastbyte, len, off, oresid, xfer;
6523 	int eof, error, firstmirror, i, iolaymode, mirrorcnt, recalled, timo;
6524 	void *lckp;
6525 	uint8_t *dev;
6526 	void *iovbase = NULL;
6527 	size_t iovlen = 0;
6528 	off_t offs = 0;
6529 	ssize_t resid = 0;
6530 	uint32_t op;
6531 
6532 	if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 || nfs_numnfscbd == 0 ||
6533 	    (np->n_flag & NNOLAYOUT) != 0)
6534 		return (EIO);
6535 	/* Now, get a reference cnt on the clientid for this mount. */
6536 	if (nfscl_getref(nmp) == 0)
6537 		return (EIO);
6538 
6539 	/* Find an appropriate stateid. */
6540 	newcred = NFSNEWCRED(cred);
6541 	error = nfscl_getstateid(vp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
6542 	    rwaccess, 1, newcred, p, &stateid, &lckp);
6543 	if (error != 0) {
6544 		NFSFREECRED(newcred);
6545 		nfscl_relref(nmp);
6546 		return (error);
6547 	}
6548 	/* Search for a layout for this file. */
6549 	off = uiop->uio_offset;
6550 	layp = nfscl_getlayout(nmp->nm_clp, np->n_fhp->nfh_fh,
6551 	    np->n_fhp->nfh_len, off, rwaccess, &rflp, &recalled);
6552 	if (layp == NULL || rflp == NULL) {
6553 		if (recalled != 0) {
6554 			NFSFREECRED(newcred);
6555 			if (lckp != NULL)
6556 				nfscl_lockderef(lckp);
6557 			nfscl_relref(nmp);
6558 			return (EIO);
6559 		}
6560 		if (layp != NULL) {
6561 			nfscl_rellayout(layp, (rflp == NULL) ? 1 : 0);
6562 			layp = NULL;
6563 		}
6564 		/* Try and get a Layout, if it is supported. */
6565 		if (rwaccess == NFSV4OPEN_ACCESSWRITE ||
6566 		    (np->n_flag & NWRITEOPENED) != 0)
6567 			iolaymode = NFSLAYOUTIOMODE_RW;
6568 		else
6569 			iolaymode = NFSLAYOUTIOMODE_READ;
6570 		error = nfsrpc_getlayout(nmp, vp, np->n_fhp, iolaymode,
6571 		    rwaccess, NULL, &stateid, off, &layp, newcred, p);
6572 		if (error != 0) {
6573 			NFSLOCKNODE(np);
6574 			np->n_flag |= NNOLAYOUT;
6575 			NFSUNLOCKNODE(np);
6576 			if (lckp != NULL)
6577 				nfscl_lockderef(lckp);
6578 			NFSFREECRED(newcred);
6579 			if (layp != NULL)
6580 				nfscl_rellayout(layp, 0);
6581 			nfscl_relref(nmp);
6582 			return (error);
6583 		}
6584 	}
6585 
6586 	/*
6587 	 * Loop around finding a layout that works for the first part of
6588 	 * this I/O operation, and then call the function that actually
6589 	 * does the RPC.
6590 	 */
6591 	eof = 0;
6592 	len = (uint64_t)uiop->uio_resid;
6593 	while (len > 0 && error == 0 && eof == 0) {
6594 		off = uiop->uio_offset;
6595 		error = nfscl_findlayoutforio(layp, off, rwaccess, &rflp);
6596 		if (error == 0) {
6597 			oresid = xfer = (uint64_t)uiop->uio_resid;
6598 			if (xfer > (rflp->nfsfl_end - rflp->nfsfl_off))
6599 				xfer = rflp->nfsfl_end - rflp->nfsfl_off;
6600 			/*
6601 			 * For Flex File layout with mirrored DSs, select one
6602 			 * of them at random for reads. For writes and commits,
6603 			 * do all mirrors.
6604 			 */
6605 			m = NULL;
6606 			tdrpc = drpc = NULL;
6607 			firstmirror = 0;
6608 			mirrorcnt = 1;
6609 			if ((layp->nfsly_flags & NFSLY_FLEXFILE) != 0 &&
6610 			    (mirrorcnt = rflp->nfsfl_mirrorcnt) > 1) {
6611 				if (rwaccess == NFSV4OPEN_ACCESSREAD) {
6612 					firstmirror = arc4random() % mirrorcnt;
6613 					mirrorcnt = firstmirror + 1;
6614 				} else {
6615 					if (docommit == 0) {
6616 						/*
6617 						 * Save values, so uiop can be
6618 						 * rolled back upon a write
6619 						 * error.
6620 						 */
6621 						offs = uiop->uio_offset;
6622 						resid = uiop->uio_resid;
6623 						iovbase =
6624 						    uiop->uio_iov->iov_base;
6625 						iovlen = uiop->uio_iov->iov_len;
6626 						m = nfsm_uiombuflist(uiop, len,
6627 						    0);
6628 						if (m == NULL) {
6629 							error = EFAULT;
6630 							break;
6631 						}
6632 					}
6633 					tdrpc = drpc = malloc(sizeof(*drpc) *
6634 					    (mirrorcnt - 1), M_TEMP, M_WAITOK |
6635 					    M_ZERO);
6636 				}
6637 			}
6638 			for (i = firstmirror; i < mirrorcnt && error == 0; i++){
6639 				m2 = NULL;
6640 				if (m != NULL && i < mirrorcnt - 1)
6641 					m2 = m_copym(m, 0, M_COPYALL, M_WAITOK);
6642 				else {
6643 					m2 = m;
6644 					m = NULL;
6645 				}
6646 				if ((layp->nfsly_flags & NFSLY_FLEXFILE) != 0) {
6647 					dev = rflp->nfsfl_ffm[i].dev;
6648 					dip = nfscl_getdevinfo(nmp->nm_clp, dev,
6649 					    rflp->nfsfl_ffm[i].devp);
6650 				} else {
6651 					dev = rflp->nfsfl_dev;
6652 					dip = nfscl_getdevinfo(nmp->nm_clp, dev,
6653 					    rflp->nfsfl_devp);
6654 				}
6655 				if (dip != NULL) {
6656 					if ((rflp->nfsfl_flags & NFSFL_FLEXFILE)
6657 					    != 0)
6658 						error = nfscl_dofflayoutio(vp,
6659 						    uiop, iomode, must_commit,
6660 						    &eof, &stateid, rwaccess,
6661 						    dip, layp, rflp, off, xfer,
6662 						    i, docommit, m2, tdrpc,
6663 						    newcred, p);
6664 					else
6665 						error = nfscl_doflayoutio(vp,
6666 						    uiop, iomode, must_commit,
6667 						    &eof, &stateid, rwaccess,
6668 						    dip, layp, rflp, off, xfer,
6669 						    docommit, newcred, p);
6670 					nfscl_reldevinfo(dip);
6671 				} else {
6672 					if (m2 != NULL)
6673 						m_freem(m2);
6674 					error = EIO;
6675 				}
6676 				tdrpc++;
6677 			}
6678 			if (m != NULL)
6679 				m_freem(m);
6680 			tdrpc = drpc;
6681 			timo = hz / 50;		/* Wait for 20msec. */
6682 			if (timo < 1)
6683 				timo = 1;
6684 			for (i = firstmirror; i < mirrorcnt - 1 &&
6685 			    tdrpc != NULL; i++, tdrpc++) {
6686 				/*
6687 				 * For the unused drpc entries, both inprog and
6688 				 * err == 0, so this loop won't break.
6689 				 */
6690 				while (tdrpc->inprog != 0 && tdrpc->done == 0)
6691 					tsleep(&tdrpc->tsk, PVFS, "clrpcio",
6692 					    timo);
6693 				if (error == 0 && tdrpc->err != 0)
6694 					error = tdrpc->err;
6695 				if (rwaccess != NFSV4OPEN_ACCESSREAD &&
6696 				    docommit == 0 && *must_commit == 0 &&
6697 				    tdrpc->must_commit == 1)
6698 					*must_commit = 1;
6699 			}
6700 			free(drpc, M_TEMP);
6701 			if (error == 0) {
6702 				if (mirrorcnt > 1 && rwaccess ==
6703 				    NFSV4OPEN_ACCESSWRITE && docommit == 0) {
6704 					NFSLOCKCLSTATE();
6705 					layp->nfsly_flags |= NFSLY_WRITTEN;
6706 					NFSUNLOCKCLSTATE();
6707 				}
6708 				lastbyte = off + xfer - 1;
6709 				NFSLOCKCLSTATE();
6710 				if (lastbyte > layp->nfsly_lastbyte)
6711 					layp->nfsly_lastbyte = lastbyte;
6712 				NFSUNLOCKCLSTATE();
6713 			} else if (error == NFSERR_OPENMODE &&
6714 			    rwaccess == NFSV4OPEN_ACCESSREAD) {
6715 				NFSLOCKMNT(nmp);
6716 				nmp->nm_state |= NFSSTA_OPENMODE;
6717 				NFSUNLOCKMNT(nmp);
6718 			} else if ((error == NFSERR_NOSPC ||
6719 			    error == NFSERR_IO || error == NFSERR_NXIO) &&
6720 			    nmp->nm_minorvers == NFSV42_MINORVERSION) {
6721 				if (docommit != 0)
6722 					op = NFSV4OP_COMMIT;
6723 				else if (rwaccess == NFSV4OPEN_ACCESSREAD)
6724 					op = NFSV4OP_READ;
6725 				else
6726 					op = NFSV4OP_WRITE;
6727 				nfsrpc_layouterror(nmp, np->n_fhp->nfh_fh,
6728 				    np->n_fhp->nfh_len, off, xfer,
6729 				    &layp->nfsly_stateid, newcred, p, error, op,
6730 				    dip->nfsdi_deviceid);
6731 				error = EIO;
6732 			} else
6733 				error = EIO;
6734 			if (error == 0)
6735 				len -= (oresid - (uint64_t)uiop->uio_resid);
6736 			else if (mirrorcnt > 1 && rwaccess ==
6737 			    NFSV4OPEN_ACCESSWRITE && docommit == 0) {
6738 				/*
6739 				 * In case the rpc gets retried, roll the
6740 				 * uio fields changed by nfsm_uiombuflist()
6741 				 * back.
6742 				 */
6743 				uiop->uio_offset = offs;
6744 				uiop->uio_resid = resid;
6745 				uiop->uio_iov->iov_base = iovbase;
6746 				uiop->uio_iov->iov_len = iovlen;
6747 			}
6748 		}
6749 	}
6750 	if (lckp != NULL)
6751 		nfscl_lockderef(lckp);
6752 	NFSFREECRED(newcred);
6753 	nfscl_rellayout(layp, 0);
6754 	nfscl_relref(nmp);
6755 	return (error);
6756 }
6757 
6758 /*
6759  * Find a file layout that will handle the first bytes of the requested
6760  * range and return the information from it needed to the I/O operation.
6761  */
6762 int
6763 nfscl_findlayoutforio(struct nfscllayout *lyp, uint64_t off, uint32_t rwaccess,
6764     struct nfsclflayout **retflpp)
6765 {
6766 	struct nfsclflayout *flp, *nflp, *rflp;
6767 	uint32_t rw;
6768 
6769 	rflp = NULL;
6770 	rw = rwaccess;
6771 	/* For reading, do the Read list first and then the Write list. */
6772 	do {
6773 		if (rw == NFSV4OPEN_ACCESSREAD)
6774 			flp = LIST_FIRST(&lyp->nfsly_flayread);
6775 		else
6776 			flp = LIST_FIRST(&lyp->nfsly_flayrw);
6777 		while (flp != NULL) {
6778 			nflp = LIST_NEXT(flp, nfsfl_list);
6779 			if (flp->nfsfl_off > off)
6780 				break;
6781 			if (flp->nfsfl_end > off &&
6782 			    (rflp == NULL || rflp->nfsfl_end < flp->nfsfl_end))
6783 				rflp = flp;
6784 			flp = nflp;
6785 		}
6786 		if (rw == NFSV4OPEN_ACCESSREAD)
6787 			rw = NFSV4OPEN_ACCESSWRITE;
6788 		else
6789 			rw = 0;
6790 	} while (rw != 0);
6791 	if (rflp != NULL) {
6792 		/* This one covers the most bytes starting at off. */
6793 		*retflpp = rflp;
6794 		return (0);
6795 	}
6796 	return (EIO);
6797 }
6798 
6799 /*
6800  * Do I/O using an NFSv4.1 or NFSv4.2 file layout.
6801  */
6802 static int
6803 nfscl_doflayoutio(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
6804     int *eofp, nfsv4stateid_t *stateidp, int rwflag, struct nfscldevinfo *dp,
6805     struct nfscllayout *lyp, struct nfsclflayout *flp, uint64_t off,
6806     uint64_t len, int docommit, struct ucred *cred, NFSPROC_T *p)
6807 {
6808 	uint64_t io_off, rel_off, stripe_unit_size, transfer, xfer;
6809 	int commit_thru_mds, error, stripe_index, stripe_pos, minorvers;
6810 	struct nfsnode *np;
6811 	struct nfsfh *fhp;
6812 	struct nfsclds **dspp;
6813 
6814 	np = VTONFS(vp);
6815 	rel_off = off - flp->nfsfl_patoff;
6816 	stripe_unit_size = flp->nfsfl_util & NFSFLAYUTIL_STRIPE_MASK;
6817 	stripe_pos = (rel_off / stripe_unit_size + flp->nfsfl_stripe1) %
6818 	    dp->nfsdi_stripecnt;
6819 	transfer = stripe_unit_size - (rel_off % stripe_unit_size);
6820 	error = 0;
6821 
6822 	/* Loop around, doing I/O for each stripe unit. */
6823 	while (len > 0 && error == 0) {
6824 		stripe_index = nfsfldi_stripeindex(dp, stripe_pos);
6825 		dspp = nfsfldi_addr(dp, stripe_index);
6826 		if (((*dspp)->nfsclds_flags & NFSCLDS_MINORV2) != 0)
6827 			minorvers = NFSV42_MINORVERSION;
6828 		else
6829 			minorvers = NFSV41_MINORVERSION;
6830 		if (len > transfer && docommit == 0)
6831 			xfer = transfer;
6832 		else
6833 			xfer = len;
6834 		if ((flp->nfsfl_util & NFSFLAYUTIL_DENSE) != 0) {
6835 			/* Dense layout. */
6836 			if (stripe_pos >= flp->nfsfl_fhcnt)
6837 				return (EIO);
6838 			fhp = flp->nfsfl_fh[stripe_pos];
6839 			io_off = (rel_off / (stripe_unit_size *
6840 			    dp->nfsdi_stripecnt)) * stripe_unit_size +
6841 			    rel_off % stripe_unit_size;
6842 		} else {
6843 			/* Sparse layout. */
6844 			if (flp->nfsfl_fhcnt > 1) {
6845 				if (stripe_index >= flp->nfsfl_fhcnt)
6846 					return (EIO);
6847 				fhp = flp->nfsfl_fh[stripe_index];
6848 			} else if (flp->nfsfl_fhcnt == 1)
6849 				fhp = flp->nfsfl_fh[0];
6850 			else
6851 				fhp = np->n_fhp;
6852 			io_off = off;
6853 		}
6854 		if ((flp->nfsfl_util & NFSFLAYUTIL_COMMIT_THRU_MDS) != 0) {
6855 			commit_thru_mds = 1;
6856 			if (docommit != 0)
6857 				error = EIO;
6858 		} else {
6859 			commit_thru_mds = 0;
6860 			NFSLOCKNODE(np);
6861 			np->n_flag |= NDSCOMMIT;
6862 			NFSUNLOCKNODE(np);
6863 		}
6864 		if (docommit != 0) {
6865 			if (error == 0)
6866 				error = nfsrpc_commitds(vp, io_off, xfer,
6867 				    *dspp, fhp, NFS_VER4, minorvers, cred, p);
6868 			if (error == 0) {
6869 				/*
6870 				 * Set both eof and uio_resid = 0 to end any
6871 				 * loops.
6872 				 */
6873 				*eofp = 1;
6874 				uiop->uio_resid = 0;
6875 			} else {
6876 				NFSLOCKNODE(np);
6877 				np->n_flag &= ~NDSCOMMIT;
6878 				NFSUNLOCKNODE(np);
6879 			}
6880 		} else if (rwflag == NFSV4OPEN_ACCESSREAD)
6881 			error = nfsrpc_readds(vp, uiop, stateidp, eofp, *dspp,
6882 			    io_off, xfer, fhp, 0, NFS_VER4, minorvers, cred, p);
6883 		else {
6884 			error = nfsrpc_writeds(vp, uiop, iomode, must_commit,
6885 			    stateidp, *dspp, io_off, xfer, fhp, commit_thru_mds,
6886 			    0, NFS_VER4, minorvers, cred, p);
6887 			if (error == 0) {
6888 				NFSLOCKCLSTATE();
6889 				lyp->nfsly_flags |= NFSLY_WRITTEN;
6890 				NFSUNLOCKCLSTATE();
6891 			}
6892 		}
6893 		if (error == 0) {
6894 			transfer = stripe_unit_size;
6895 			stripe_pos = (stripe_pos + 1) % dp->nfsdi_stripecnt;
6896 			len -= xfer;
6897 			off += xfer;
6898 		}
6899 	}
6900 	return (error);
6901 }
6902 
6903 /*
6904  * Do I/O using an NFSv4.1 flex file layout.
6905  */
6906 static int
6907 nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
6908     int *eofp, nfsv4stateid_t *stateidp, int rwflag, struct nfscldevinfo *dp,
6909     struct nfscllayout *lyp, struct nfsclflayout *flp, uint64_t off,
6910     uint64_t len, int mirror, int docommit, struct mbuf *mp,
6911     struct nfsclwritedsdorpc *drpc, struct ucred *cred, NFSPROC_T *p)
6912 {
6913 	uint64_t xfer;
6914 	int error;
6915 	struct nfsnode *np;
6916 	struct nfsfh *fhp;
6917 	struct nfsclds **dspp;
6918 	struct ucred *tcred;
6919 	struct mbuf *m, *m2;
6920 	uint32_t copylen;
6921 
6922 	np = VTONFS(vp);
6923 	error = 0;
6924 	NFSCL_DEBUG(4, "nfscl_dofflayoutio: off=%ju len=%ju\n", (uintmax_t)off,
6925 	    (uintmax_t)len);
6926 	/* Loop around, doing I/O for each stripe unit. */
6927 	while (len > 0 && error == 0) {
6928 		dspp = nfsfldi_addr(dp, 0);
6929 		fhp = flp->nfsfl_ffm[mirror].fh[dp->nfsdi_versindex];
6930 		stateidp = &flp->nfsfl_ffm[mirror].st;
6931 		NFSCL_DEBUG(4, "mirror=%d vind=%d fhlen=%d st.seqid=0x%x\n",
6932 		    mirror, dp->nfsdi_versindex, fhp->nfh_len, stateidp->seqid);
6933 		if ((dp->nfsdi_flags & NFSDI_TIGHTCOUPLED) == 0) {
6934 			tcred = NFSNEWCRED(cred);
6935 			tcred->cr_uid = flp->nfsfl_ffm[mirror].user;
6936 			tcred->cr_gid = flp->nfsfl_ffm[mirror].group;
6937 			/* XXXKE Fix this if cr_gid gets separated out. */
6938 			tcred->cr_ngroups = 1;
6939 		} else
6940 			tcred = cred;
6941 		if (rwflag == NFSV4OPEN_ACCESSREAD)
6942 			copylen = dp->nfsdi_rsize;
6943 		else {
6944 			copylen = dp->nfsdi_wsize;
6945 			if (len > copylen && mp != NULL) {
6946 				/*
6947 				 * When a mirrored configuration needs to do
6948 				 * multiple writes to each mirror, all writes
6949 				 * except the last one must be a multiple of
6950 				 * 4 bytes.  This is required so that the XDR
6951 				 * does not need padding.
6952 				 * If possible, clip the size to an exact
6953 				 * multiple of the mbuf length, so that the
6954 				 * split will be on an mbuf boundary.
6955 				 */
6956 				copylen &= 0xfffffffc;
6957 				if (copylen > mp->m_len)
6958 					copylen = copylen / mp->m_len *
6959 					    mp->m_len;
6960 			}
6961 		}
6962 		NFSLOCKNODE(np);
6963 		np->n_flag |= NDSCOMMIT;
6964 		NFSUNLOCKNODE(np);
6965 		if (len > copylen && docommit == 0)
6966 			xfer = copylen;
6967 		else
6968 			xfer = len;
6969 		if (docommit != 0) {
6970 			if (error == 0) {
6971 				/*
6972 				 * Do last mirrored DS commit with this thread.
6973 				 */
6974 				if (mirror < flp->nfsfl_mirrorcnt - 1)
6975 					error = nfsio_commitds(vp, off, xfer,
6976 					    *dspp, fhp, dp->nfsdi_vers,
6977 					    dp->nfsdi_minorvers, drpc, tcred,
6978 					    p);
6979 				else
6980 					error = nfsrpc_commitds(vp, off, xfer,
6981 					    *dspp, fhp, dp->nfsdi_vers,
6982 					    dp->nfsdi_minorvers, tcred, p);
6983 				NFSCL_DEBUG(4, "commitds=%d\n", error);
6984 				if (error != 0 && error != EACCES && error !=
6985 				    ESTALE) {
6986 					NFSCL_DEBUG(4,
6987 					    "DS layreterr for commit\n");
6988 					nfscl_dserr(NFSV4OP_COMMIT, error, dp,
6989 					    lyp, *dspp);
6990 				}
6991 			}
6992 			NFSCL_DEBUG(4, "aft nfsio_commitds=%d\n", error);
6993 			if (error == 0) {
6994 				/*
6995 				 * Set both eof and uio_resid = 0 to end any
6996 				 * loops.
6997 				 */
6998 				*eofp = 1;
6999 				uiop->uio_resid = 0;
7000 			} else {
7001 				NFSLOCKNODE(np);
7002 				np->n_flag &= ~NDSCOMMIT;
7003 				NFSUNLOCKNODE(np);
7004 			}
7005 		} else if (rwflag == NFSV4OPEN_ACCESSREAD) {
7006 			error = nfsrpc_readds(vp, uiop, stateidp, eofp, *dspp,
7007 			    off, xfer, fhp, 1, dp->nfsdi_vers,
7008 			    dp->nfsdi_minorvers, tcred, p);
7009 			NFSCL_DEBUG(4, "readds=%d\n", error);
7010 			if (error != 0 && error != EACCES && error != ESTALE) {
7011 				NFSCL_DEBUG(4, "DS layreterr for read\n");
7012 				nfscl_dserr(NFSV4OP_READ, error, dp, lyp,
7013 				    *dspp);
7014 			}
7015 		} else {
7016 			if (flp->nfsfl_mirrorcnt == 1) {
7017 				error = nfsrpc_writeds(vp, uiop, iomode,
7018 				    must_commit, stateidp, *dspp, off, xfer,
7019 				    fhp, 0, 1, dp->nfsdi_vers,
7020 				    dp->nfsdi_minorvers, tcred, p);
7021 				if (error == 0) {
7022 					NFSLOCKCLSTATE();
7023 					lyp->nfsly_flags |= NFSLY_WRITTEN;
7024 					NFSUNLOCKCLSTATE();
7025 				}
7026 			} else {
7027 				m = mp;
7028 				if (xfer < len) {
7029 					/* The mbuf list must be split. */
7030 					m2 = nfsm_split(mp, xfer);
7031 					if (m2 != NULL)
7032 						mp = m2;
7033 					else {
7034 						m_freem(mp);
7035 						error = EIO;
7036 					}
7037 				}
7038 				NFSCL_DEBUG(4, "mcopy len=%jd xfer=%jd\n",
7039 				    (uintmax_t)len, (uintmax_t)xfer);
7040 				/*
7041 				 * Do last write to a mirrored DS with this
7042 				 * thread.
7043 				 */
7044 				if (error == 0) {
7045 					if (mirror < flp->nfsfl_mirrorcnt - 1)
7046 						error = nfsio_writedsmir(vp,
7047 						    iomode, must_commit,
7048 						    stateidp, *dspp, off,
7049 						    xfer, fhp, m,
7050 						    dp->nfsdi_vers,
7051 						    dp->nfsdi_minorvers, drpc,
7052 						    tcred, p);
7053 					else
7054 						error = nfsrpc_writedsmir(vp,
7055 						    iomode, must_commit,
7056 						    stateidp, *dspp, off,
7057 						    xfer, fhp, m,
7058 						    dp->nfsdi_vers,
7059 						    dp->nfsdi_minorvers, tcred,
7060 						    p);
7061 				}
7062 				NFSCL_DEBUG(4, "nfsio_writedsmir=%d\n", error);
7063 				if (error != 0 && error != EACCES && error !=
7064 				    ESTALE) {
7065 					NFSCL_DEBUG(4,
7066 					    "DS layreterr for write\n");
7067 					nfscl_dserr(NFSV4OP_WRITE, error, dp,
7068 					    lyp, *dspp);
7069 				}
7070 			}
7071 		}
7072 		NFSCL_DEBUG(4, "aft read/writeds=%d\n", error);
7073 		if (error == 0) {
7074 			len -= xfer;
7075 			off += xfer;
7076 		}
7077 		if ((dp->nfsdi_flags & NFSDI_TIGHTCOUPLED) == 0)
7078 			NFSFREECRED(tcred);
7079 	}
7080 	NFSCL_DEBUG(4, "eo nfscl_dofflayoutio=%d\n", error);
7081 	return (error);
7082 }
7083 
7084 /*
7085  * The actual read RPC done to a DS.
7086  */
7087 static int
7088 nfsrpc_readds(vnode_t vp, struct uio *uiop, nfsv4stateid_t *stateidp, int *eofp,
7089     struct nfsclds *dsp, uint64_t io_off, int len, struct nfsfh *fhp, int flex,
7090     int vers, int minorvers, struct ucred *cred, NFSPROC_T *p)
7091 {
7092 	uint32_t *tl;
7093 	int attrflag, error, retlen;
7094 	struct nfsrv_descript nfsd;
7095 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
7096 	struct nfsrv_descript *nd = &nfsd;
7097 	struct nfssockreq *nrp;
7098 	struct nfsvattr na;
7099 
7100 	nd->nd_mrep = NULL;
7101 	if (vers == 0 || vers == NFS_VER4) {
7102 		nfscl_reqstart(nd, NFSPROC_READDS, nmp, fhp->nfh_fh,
7103 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers,
7104 		    NULL);
7105 		vers = NFS_VER4;
7106 		NFSCL_DEBUG(4, "nfsrpc_readds: vers4 minvers=%d\n", minorvers);
7107 		if (flex != 0)
7108 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
7109 		else
7110 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSEQIDZERO);
7111 	} else {
7112 		nfscl_reqstart(nd, NFSPROC_READ, nmp, fhp->nfh_fh,
7113 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers,
7114 		    NULL);
7115 		NFSDECRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_READ]);
7116 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_READDS]);
7117 		NFSCL_DEBUG(4, "nfsrpc_readds: vers3\n");
7118 	}
7119 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED * 3);
7120 	txdr_hyper(io_off, tl);
7121 	*(tl + 2) = txdr_unsigned(len);
7122 	nrp = dsp->nfsclds_sockp;
7123 	NFSCL_DEBUG(4, "nfsrpc_readds: nrp=%p\n", nrp);
7124 	if (nrp == NULL)
7125 		/* If NULL, use the MDS socket. */
7126 		nrp = &nmp->nm_sockreq;
7127 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
7128 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
7129 	NFSCL_DEBUG(4, "nfsrpc_readds: stat=%d err=%d\n", nd->nd_repstat,
7130 	    error);
7131 	if (error != 0)
7132 		return (error);
7133 	if (vers == NFS_VER3) {
7134 		error = nfscl_postop_attr(nd, &na, &attrflag);
7135 		NFSCL_DEBUG(4, "nfsrpc_readds: postop=%d\n", error);
7136 		if (error != 0)
7137 			goto nfsmout;
7138 	}
7139 	if (nd->nd_repstat != 0) {
7140 		error = nd->nd_repstat;
7141 		goto nfsmout;
7142 	}
7143 	if (vers == NFS_VER3) {
7144 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
7145 		*eofp = fxdr_unsigned(int, *(tl + 1));
7146 	} else {
7147 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
7148 		*eofp = fxdr_unsigned(int, *tl);
7149 	}
7150 	NFSM_STRSIZ(retlen, len);
7151 	NFSCL_DEBUG(4, "nfsrpc_readds: retlen=%d eof=%d\n", retlen, *eofp);
7152 	error = nfsm_mbufuio(nd, uiop, retlen);
7153 nfsmout:
7154 	if (nd->nd_mrep != NULL)
7155 		m_freem(nd->nd_mrep);
7156 	return (error);
7157 }
7158 
7159 /*
7160  * The actual write RPC done to a DS.
7161  */
7162 static int
7163 nfsrpc_writeds(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
7164     nfsv4stateid_t *stateidp, struct nfsclds *dsp, uint64_t io_off, int len,
7165     struct nfsfh *fhp, int commit_thru_mds, int flex, int vers, int minorvers,
7166     struct ucred *cred, NFSPROC_T *p)
7167 {
7168 	uint32_t *tl;
7169 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
7170 	int attrflag, error, rlen, commit, committed = NFSWRITE_FILESYNC;
7171 	int32_t backup;
7172 	struct nfsrv_descript nfsd;
7173 	struct nfsrv_descript *nd = &nfsd;
7174 	struct nfssockreq *nrp;
7175 	struct nfsvattr na;
7176 
7177 	KASSERT(uiop->uio_iovcnt == 1, ("nfs: writerpc iovcnt > 1"));
7178 	nd->nd_mrep = NULL;
7179 	if (vers == 0 || vers == NFS_VER4) {
7180 		nfscl_reqstart(nd, NFSPROC_WRITEDS, nmp, fhp->nfh_fh,
7181 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers,
7182 		    NULL);
7183 		NFSCL_DEBUG(4, "nfsrpc_writeds: vers4 minvers=%d\n", minorvers);
7184 		vers = NFS_VER4;
7185 		if (flex != 0)
7186 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
7187 		else
7188 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSEQIDZERO);
7189 		NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 * NFSX_UNSIGNED);
7190 	} else {
7191 		nfscl_reqstart(nd, NFSPROC_WRITE, nmp, fhp->nfh_fh,
7192 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers,
7193 		    NULL);
7194 		NFSDECRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_WRITE]);
7195 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_WRITEDS]);
7196 		NFSCL_DEBUG(4, "nfsrpc_writeds: vers3\n");
7197 		NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 3 * NFSX_UNSIGNED);
7198 	}
7199 	txdr_hyper(io_off, tl);
7200 	tl += 2;
7201 	if (vers == NFS_VER3)
7202 		*tl++ = txdr_unsigned(len);
7203 	*tl++ = txdr_unsigned(*iomode);
7204 	*tl = txdr_unsigned(len);
7205 	error = nfsm_uiombuf(nd, uiop, len);
7206 	if (error != 0) {
7207 		m_freem(nd->nd_mreq);
7208 		return (error);
7209 	}
7210 	nrp = dsp->nfsclds_sockp;
7211 	if (nrp == NULL)
7212 		/* If NULL, use the MDS socket. */
7213 		nrp = &nmp->nm_sockreq;
7214 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
7215 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
7216 	NFSCL_DEBUG(4, "nfsrpc_writeds: err=%d stat=%d\n", error,
7217 	    nd->nd_repstat);
7218 	if (error != 0)
7219 		return (error);
7220 	if (nd->nd_repstat != 0) {
7221 		/*
7222 		 * In case the rpc gets retried, roll
7223 		 * the uio fields changed by nfsm_uiombuf()
7224 		 * back.
7225 		 */
7226 		uiop->uio_offset -= len;
7227 		uiop->uio_resid += len;
7228 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base - len;
7229 		uiop->uio_iov->iov_len += len;
7230 		error = nd->nd_repstat;
7231 	} else {
7232 		if (vers == NFS_VER3) {
7233 			error = nfscl_wcc_data(nd, vp, &na, &attrflag, NULL,
7234 			    NULL);
7235 			NFSCL_DEBUG(4, "nfsrpc_writeds: wcc_data=%d\n", error);
7236 			if (error != 0)
7237 				goto nfsmout;
7238 		}
7239 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED + NFSX_VERF);
7240 		rlen = fxdr_unsigned(int, *tl++);
7241 		NFSCL_DEBUG(4, "nfsrpc_writeds: len=%d rlen=%d\n", len, rlen);
7242 		if (rlen == 0) {
7243 			error = NFSERR_IO;
7244 			goto nfsmout;
7245 		} else if (rlen < len) {
7246 			backup = len - rlen;
7247 			uiop->uio_iov->iov_base =
7248 			    (char *)uiop->uio_iov->iov_base - backup;
7249 			uiop->uio_iov->iov_len += backup;
7250 			uiop->uio_offset -= backup;
7251 			uiop->uio_resid += backup;
7252 			len = rlen;
7253 		}
7254 		commit = fxdr_unsigned(int, *tl++);
7255 
7256 		/*
7257 		 * Return the lowest commitment level
7258 		 * obtained by any of the RPCs.
7259 		 */
7260 		if (committed == NFSWRITE_FILESYNC)
7261 			committed = commit;
7262 		else if (committed == NFSWRITE_DATASYNC &&
7263 		    commit == NFSWRITE_UNSTABLE)
7264 			committed = commit;
7265 		if (commit_thru_mds != 0) {
7266 			NFSLOCKMNT(nmp);
7267 			if (!NFSHASWRITEVERF(nmp)) {
7268 				NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
7269 				NFSSETWRITEVERF(nmp);
7270 			} else if (NFSBCMP(tl, nmp->nm_verf, NFSX_VERF) &&
7271 			    *must_commit != 2) {
7272 				*must_commit = 1;
7273 				NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
7274 			}
7275 			NFSUNLOCKMNT(nmp);
7276 		} else {
7277 			NFSLOCKDS(dsp);
7278 			if ((dsp->nfsclds_flags & NFSCLDS_HASWRITEVERF) == 0) {
7279 				NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
7280 				dsp->nfsclds_flags |= NFSCLDS_HASWRITEVERF;
7281 			} else if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF) &&
7282 			    *must_commit != 2) {
7283 				*must_commit = 1;
7284 				NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
7285 			}
7286 			NFSUNLOCKDS(dsp);
7287 		}
7288 	}
7289 nfsmout:
7290 	if (nd->nd_mrep != NULL)
7291 		m_freem(nd->nd_mrep);
7292 	*iomode = committed;
7293 	if (nd->nd_repstat != 0 && error == 0)
7294 		error = nd->nd_repstat;
7295 	return (error);
7296 }
7297 
7298 /*
7299  * The actual write RPC done to a DS.
7300  * This variant is called from a separate kernel process for mirrors.
7301  * Any short write is considered an IO error.
7302  */
7303 static int
7304 nfsrpc_writedsmir(vnode_t vp, int *iomode, int *must_commit,
7305     nfsv4stateid_t *stateidp, struct nfsclds *dsp, uint64_t io_off, int len,
7306     struct nfsfh *fhp, struct mbuf *m, int vers, int minorvers,
7307     struct ucred *cred, NFSPROC_T *p)
7308 {
7309 	uint32_t *tl;
7310 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
7311 	int attrflag, error, commit, committed = NFSWRITE_FILESYNC, rlen;
7312 	struct nfsrv_descript nfsd;
7313 	struct nfsrv_descript *nd = &nfsd;
7314 	struct nfssockreq *nrp;
7315 	struct nfsvattr na;
7316 
7317 	nd->nd_mrep = NULL;
7318 	if (vers == 0 || vers == NFS_VER4) {
7319 		nfscl_reqstart(nd, NFSPROC_WRITEDS, nmp, fhp->nfh_fh,
7320 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers,
7321 		    NULL);
7322 		vers = NFS_VER4;
7323 		NFSCL_DEBUG(4, "nfsrpc_writedsmir: vers4 minvers=%d\n",
7324 		    minorvers);
7325 		nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
7326 		NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 * NFSX_UNSIGNED);
7327 	} else {
7328 		nfscl_reqstart(nd, NFSPROC_WRITE, nmp, fhp->nfh_fh,
7329 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers,
7330 		    NULL);
7331 		NFSDECRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_WRITE]);
7332 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_WRITEDS]);
7333 		NFSCL_DEBUG(4, "nfsrpc_writedsmir: vers3\n");
7334 		NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 3 * NFSX_UNSIGNED);
7335 	}
7336 	txdr_hyper(io_off, tl);
7337 	tl += 2;
7338 	if (vers == NFS_VER3)
7339 		*tl++ = txdr_unsigned(len);
7340 	*tl++ = txdr_unsigned(*iomode);
7341 	*tl = txdr_unsigned(len);
7342 	if (len > 0) {
7343 		/* Put data in mbuf chain. */
7344 		nd->nd_mb->m_next = m;
7345 	}
7346 	nrp = dsp->nfsclds_sockp;
7347 	if (nrp == NULL)
7348 		/* If NULL, use the MDS socket. */
7349 		nrp = &nmp->nm_sockreq;
7350 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
7351 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
7352 	NFSCL_DEBUG(4, "nfsrpc_writedsmir: err=%d stat=%d\n", error,
7353 	    nd->nd_repstat);
7354 	if (error != 0)
7355 		return (error);
7356 	if (nd->nd_repstat != 0)
7357 		error = nd->nd_repstat;
7358 	else {
7359 		if (vers == NFS_VER3) {
7360 			error = nfscl_wcc_data(nd, vp, &na, &attrflag, NULL,
7361 			    NULL);
7362 			NFSCL_DEBUG(4, "nfsrpc_writedsmir: wcc_data=%d\n",
7363 			    error);
7364 			if (error != 0)
7365 				goto nfsmout;
7366 		}
7367 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED + NFSX_VERF);
7368 		rlen = fxdr_unsigned(int, *tl++);
7369 		NFSCL_DEBUG(4, "nfsrpc_writedsmir: len=%d rlen=%d\n", len,
7370 		    rlen);
7371 		if (rlen != len) {
7372 			error = NFSERR_IO;
7373 			NFSCL_DEBUG(4, "nfsrpc_writedsmir: len=%d rlen=%d\n",
7374 			    len, rlen);
7375 			goto nfsmout;
7376 		}
7377 		commit = fxdr_unsigned(int, *tl++);
7378 
7379 		/*
7380 		 * Return the lowest commitment level
7381 		 * obtained by any of the RPCs.
7382 		 */
7383 		if (committed == NFSWRITE_FILESYNC)
7384 			committed = commit;
7385 		else if (committed == NFSWRITE_DATASYNC &&
7386 		    commit == NFSWRITE_UNSTABLE)
7387 			committed = commit;
7388 		NFSLOCKDS(dsp);
7389 		if ((dsp->nfsclds_flags & NFSCLDS_HASWRITEVERF) == 0) {
7390 			NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
7391 			dsp->nfsclds_flags |= NFSCLDS_HASWRITEVERF;
7392 		} else if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF) &&
7393 		    *must_commit != 2) {
7394 			*must_commit = 1;
7395 			NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
7396 		}
7397 		NFSUNLOCKDS(dsp);
7398 	}
7399 nfsmout:
7400 	if (nd->nd_mrep != NULL)
7401 		m_freem(nd->nd_mrep);
7402 	*iomode = committed;
7403 	if (nd->nd_repstat != 0 && error == 0)
7404 		error = nd->nd_repstat;
7405 	return (error);
7406 }
7407 
7408 /*
7409  * Start up the thread that will execute nfsrpc_writedsmir().
7410  */
7411 static void
7412 start_writedsmir(void *arg, int pending)
7413 {
7414 	struct nfsclwritedsdorpc *drpc;
7415 
7416 	drpc = (struct nfsclwritedsdorpc *)arg;
7417 	drpc->err = nfsrpc_writedsmir(drpc->vp, &drpc->iomode,
7418 	    &drpc->must_commit, drpc->stateidp, drpc->dsp, drpc->off, drpc->len,
7419 	    drpc->fhp, drpc->m, drpc->vers, drpc->minorvers, drpc->cred,
7420 	    drpc->p);
7421 	drpc->done = 1;
7422 	crfree(drpc->cred);
7423 	NFSCL_DEBUG(4, "start_writedsmir: err=%d\n", drpc->err);
7424 }
7425 
7426 /*
7427  * Set up the write DS mirror call for the pNFS I/O thread.
7428  */
7429 static int
7430 nfsio_writedsmir(vnode_t vp, int *iomode, int *must_commit,
7431     nfsv4stateid_t *stateidp, struct nfsclds *dsp, uint64_t off, int len,
7432     struct nfsfh *fhp, struct mbuf *m, int vers, int minorvers,
7433     struct nfsclwritedsdorpc *drpc, struct ucred *cred, NFSPROC_T *p)
7434 {
7435 	int error, ret;
7436 
7437 	error = 0;
7438 	drpc->done = 0;
7439 	drpc->vp = vp;
7440 	drpc->iomode = *iomode;
7441 	drpc->must_commit = *must_commit;
7442 	drpc->stateidp = stateidp;
7443 	drpc->dsp = dsp;
7444 	drpc->off = off;
7445 	drpc->len = len;
7446 	drpc->fhp = fhp;
7447 	drpc->m = m;
7448 	drpc->vers = vers;
7449 	drpc->minorvers = minorvers;
7450 	drpc->cred = crhold(cred);
7451 	drpc->p = p;
7452 	drpc->inprog = 0;
7453 	ret = EIO;
7454 	if (nfs_pnfsiothreads != 0) {
7455 		ret = nfs_pnfsio(start_writedsmir, drpc);
7456 		NFSCL_DEBUG(4, "nfsio_writedsmir: nfs_pnfsio=%d\n", ret);
7457 	}
7458 	if (ret != 0) {
7459 		error = nfsrpc_writedsmir(vp, iomode, &drpc->must_commit,
7460 		    stateidp, dsp, off, len, fhp, m, vers, minorvers, cred, p);
7461 		crfree(drpc->cred);
7462 	}
7463 	NFSCL_DEBUG(4, "nfsio_writedsmir: error=%d\n", error);
7464 	return (error);
7465 }
7466 
7467 /*
7468  * Free up the nfsclds structure.
7469  */
7470 void
7471 nfscl_freenfsclds(struct nfsclds *dsp)
7472 {
7473 	int i;
7474 
7475 	if (dsp == NULL)
7476 		return;
7477 	if (dsp->nfsclds_sockp != NULL) {
7478 		NFSFREECRED(dsp->nfsclds_sockp->nr_cred);
7479 		NFSFREEMUTEX(&dsp->nfsclds_sockp->nr_mtx);
7480 		free(dsp->nfsclds_sockp->nr_nam, M_SONAME);
7481 		free(dsp->nfsclds_sockp, M_NFSSOCKREQ);
7482 	}
7483 	NFSFREEMUTEX(&dsp->nfsclds_mtx);
7484 	NFSFREEMUTEX(&dsp->nfsclds_sess.nfsess_mtx);
7485 	for (i = 0; i < NFSV4_CBSLOTS; i++) {
7486 		if (dsp->nfsclds_sess.nfsess_cbslots[i].nfssl_reply != NULL)
7487 			m_freem(
7488 			    dsp->nfsclds_sess.nfsess_cbslots[i].nfssl_reply);
7489 	}
7490 	free(dsp, M_NFSCLDS);
7491 }
7492 
7493 static enum nfsclds_state
7494 nfscl_getsameserver(struct nfsmount *nmp, struct nfsclds *newdsp,
7495     struct nfsclds **retdspp, uint32_t *sequencep)
7496 {
7497 	struct nfsclds *dsp;
7498 	int fndseq;
7499 
7500 	/*
7501 	 * Search the list of nfsclds structures for one with the same
7502 	 * server.
7503 	 */
7504 	fndseq = 0;
7505 	TAILQ_FOREACH(dsp, &nmp->nm_sess, nfsclds_list) {
7506 		if (dsp->nfsclds_servownlen == newdsp->nfsclds_servownlen &&
7507 		    dsp->nfsclds_servownlen != 0 &&
7508 		    !NFSBCMP(dsp->nfsclds_serverown, newdsp->nfsclds_serverown,
7509 		    dsp->nfsclds_servownlen) &&
7510 		    dsp->nfsclds_sess.nfsess_defunct == 0) {
7511 			NFSCL_DEBUG(4, "fnd same fdsp=%p dsp=%p flg=0x%x\n",
7512 			    TAILQ_FIRST(&nmp->nm_sess), dsp,
7513 			    dsp->nfsclds_flags);
7514 			if (fndseq == 0) {
7515 				/* Get sequenceid# from first entry. */
7516 				*sequencep =
7517 				    dsp->nfsclds_sess.nfsess_sequenceid;
7518 				fndseq = 1;
7519 			}
7520 			/* Server major id matches. */
7521 			if ((dsp->nfsclds_flags & NFSCLDS_DS) != 0) {
7522 				*retdspp = dsp;
7523 				return (NFSDSP_USETHISSESSION);
7524 			}
7525 		}
7526 	}
7527 	if (fndseq != 0)
7528 		return (NFSDSP_SEQTHISSESSION);
7529 	return (NFSDSP_NOTFOUND);
7530 }
7531 
7532 /*
7533  * NFS commit rpc to a NFSv4.1 DS.
7534  */
7535 static int
7536 nfsrpc_commitds(vnode_t vp, uint64_t offset, int cnt, struct nfsclds *dsp,
7537     struct nfsfh *fhp, int vers, int minorvers, struct ucred *cred,
7538     NFSPROC_T *p)
7539 {
7540 	uint32_t *tl;
7541 	struct nfsrv_descript nfsd, *nd = &nfsd;
7542 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
7543 	struct nfssockreq *nrp;
7544 	struct nfsvattr na;
7545 	int attrflag, error;
7546 
7547 	nd->nd_mrep = NULL;
7548 	if (vers == 0 || vers == NFS_VER4) {
7549 		nfscl_reqstart(nd, NFSPROC_COMMITDS, nmp, fhp->nfh_fh,
7550 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers,
7551 		    NULL);
7552 		vers = NFS_VER4;
7553 	} else {
7554 		nfscl_reqstart(nd, NFSPROC_COMMIT, nmp, fhp->nfh_fh,
7555 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers,
7556 		    NULL);
7557 		NFSDECRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_COMMIT]);
7558 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_COMMITDS]);
7559 	}
7560 	NFSCL_DEBUG(4, "nfsrpc_commitds: vers=%d minvers=%d\n", vers,
7561 	    minorvers);
7562 	NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + NFSX_UNSIGNED);
7563 	txdr_hyper(offset, tl);
7564 	tl += 2;
7565 	*tl = txdr_unsigned(cnt);
7566 	nrp = dsp->nfsclds_sockp;
7567 	if (nrp == NULL)
7568 		/* If NULL, use the MDS socket. */
7569 		nrp = &nmp->nm_sockreq;
7570 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
7571 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
7572 	NFSCL_DEBUG(4, "nfsrpc_commitds: err=%d stat=%d\n", error,
7573 	    nd->nd_repstat);
7574 	if (error != 0)
7575 		return (error);
7576 	if (nd->nd_repstat == 0) {
7577 		if (vers == NFS_VER3) {
7578 			error = nfscl_wcc_data(nd, vp, &na, &attrflag, NULL,
7579 			    NULL);
7580 			NFSCL_DEBUG(4, "nfsrpc_commitds: wccdata=%d\n", error);
7581 			if (error != 0)
7582 				goto nfsmout;
7583 		}
7584 		NFSM_DISSECT(tl, u_int32_t *, NFSX_VERF);
7585 		NFSLOCKDS(dsp);
7586 		if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF)) {
7587 			NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
7588 			error = NFSERR_STALEWRITEVERF;
7589 		}
7590 		NFSUNLOCKDS(dsp);
7591 	}
7592 nfsmout:
7593 	if (error == 0 && nd->nd_repstat != 0)
7594 		error = nd->nd_repstat;
7595 	m_freem(nd->nd_mrep);
7596 	return (error);
7597 }
7598 
7599 /*
7600  * Start up the thread that will execute nfsrpc_commitds().
7601  */
7602 static void
7603 start_commitds(void *arg, int pending)
7604 {
7605 	struct nfsclwritedsdorpc *drpc;
7606 
7607 	drpc = (struct nfsclwritedsdorpc *)arg;
7608 	drpc->err = nfsrpc_commitds(drpc->vp, drpc->off, drpc->len,
7609 	    drpc->dsp, drpc->fhp, drpc->vers, drpc->minorvers, drpc->cred,
7610 	    drpc->p);
7611 	drpc->done = 1;
7612 	crfree(drpc->cred);
7613 	NFSCL_DEBUG(4, "start_commitds: err=%d\n", drpc->err);
7614 }
7615 
7616 /*
7617  * Set up the commit DS mirror call for the pNFS I/O thread.
7618  */
7619 static int
7620 nfsio_commitds(vnode_t vp, uint64_t offset, int cnt, struct nfsclds *dsp,
7621     struct nfsfh *fhp, int vers, int minorvers,
7622     struct nfsclwritedsdorpc *drpc, struct ucred *cred, NFSPROC_T *p)
7623 {
7624 	int error, ret;
7625 
7626 	error = 0;
7627 	drpc->done = 0;
7628 	drpc->vp = vp;
7629 	drpc->off = offset;
7630 	drpc->len = cnt;
7631 	drpc->dsp = dsp;
7632 	drpc->fhp = fhp;
7633 	drpc->vers = vers;
7634 	drpc->minorvers = minorvers;
7635 	drpc->cred = crhold(cred);
7636 	drpc->p = p;
7637 	drpc->inprog = 0;
7638 	ret = EIO;
7639 	if (nfs_pnfsiothreads != 0) {
7640 		ret = nfs_pnfsio(start_commitds, drpc);
7641 		NFSCL_DEBUG(4, "nfsio_commitds: nfs_pnfsio=%d\n", ret);
7642 	}
7643 	if (ret != 0) {
7644 		error = nfsrpc_commitds(vp, offset, cnt, dsp, fhp, vers,
7645 		    minorvers, cred, p);
7646 		crfree(drpc->cred);
7647 	}
7648 	NFSCL_DEBUG(4, "nfsio_commitds: error=%d\n", error);
7649 	return (error);
7650 }
7651 
7652 /*
7653  * NFS Advise rpc
7654  */
7655 int
7656 nfsrpc_advise(vnode_t vp, off_t offset, uint64_t cnt, int advise,
7657     struct ucred *cred, NFSPROC_T *p)
7658 {
7659 	u_int32_t *tl;
7660 	struct nfsrv_descript nfsd, *nd = &nfsd;
7661 	nfsattrbit_t hints;
7662 	int error;
7663 
7664 	NFSZERO_ATTRBIT(&hints);
7665 	if (advise == POSIX_FADV_WILLNEED)
7666 		NFSSETBIT_ATTRBIT(&hints, NFSV4IOHINT_WILLNEED);
7667 	else if (advise == POSIX_FADV_DONTNEED)
7668 		NFSSETBIT_ATTRBIT(&hints, NFSV4IOHINT_DONTNEED);
7669 	else
7670 		return (0);
7671 	NFSCL_REQSTART(nd, NFSPROC_IOADVISE, vp, cred);
7672 	nfsm_stateidtom(nd, NULL, NFSSTATEID_PUTALLZERO);
7673 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER);
7674 	txdr_hyper(offset, tl);
7675 	tl += 2;
7676 	txdr_hyper(cnt, tl);
7677 	nfsrv_putattrbit(nd, &hints);
7678 	error = nfscl_request(nd, vp, p, cred);
7679 	if (error != 0)
7680 		return (error);
7681 	if (nd->nd_repstat != 0)
7682 		error = nd->nd_repstat;
7683 	m_freem(nd->nd_mrep);
7684 	return (error);
7685 }
7686 
7687 #ifdef notyet
7688 /*
7689  * NFS advise rpc to a NFSv4.2 DS.
7690  */
7691 static int
7692 nfsrpc_adviseds(vnode_t vp, uint64_t offset, int cnt, int advise,
7693     struct nfsclds *dsp, struct nfsfh *fhp, int vers, int minorvers,
7694     struct ucred *cred, NFSPROC_T *p)
7695 {
7696 	uint32_t *tl;
7697 	struct nfsrv_descript nfsd, *nd = &nfsd;
7698 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
7699 	struct nfssockreq *nrp;
7700 	nfsattrbit_t hints;
7701 	int error;
7702 
7703 	/* For NFS DSs prior to NFSv4.2, just return OK. */
7704 	if (vers == NFS_VER3 || minorversion < NFSV42_MINORVERSION)
7705 		return (0);
7706 	NFSZERO_ATTRBIT(&hints);
7707 	if (advise == POSIX_FADV_WILLNEED)
7708 		NFSSETBIT_ATTRBIT(&hints, NFSV4IOHINT_WILLNEED);
7709 	else if (advise == POSIX_FADV_DONTNEED)
7710 		NFSSETBIT_ATTRBIT(&hints, NFSV4IOHINT_DONTNEED);
7711 	else
7712 		return (0);
7713 	nd->nd_mrep = NULL;
7714 	nfscl_reqstart(nd, NFSPROC_IOADVISEDS, nmp, fhp->nfh_fh,
7715 	    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers, NULL);
7716 	vers = NFS_VER4;
7717 	NFSCL_DEBUG(4, "nfsrpc_adviseds: vers=%d minvers=%d\n", vers,
7718 	    minorvers);
7719 	nfsm_stateidtom(nd, NULL, NFSSTATEID_PUTALLZERO);
7720 	NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + NFSX_UNSIGNED);
7721 	txdr_hyper(offset, tl);
7722 	tl += 2;
7723 	*tl = txdr_unsigned(cnt);
7724 	nfsrv_putattrbit(nd, &hints);
7725 	nrp = dsp->nfsclds_sockp;
7726 	if (nrp == NULL)
7727 		/* If NULL, use the MDS socket. */
7728 		nrp = &nmp->nm_sockreq;
7729 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
7730 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
7731 	NFSCL_DEBUG(4, "nfsrpc_adviseds: err=%d stat=%d\n", error,
7732 	    nd->nd_repstat);
7733 	if (error != 0)
7734 		return (error);
7735 	if (nd->nd_repstat != 0)
7736 		error = nd->nd_repstat;
7737 	m_freem(nd->nd_mrep);
7738 	return (error);
7739 }
7740 
7741 /*
7742  * Start up the thread that will execute nfsrpc_commitds().
7743  */
7744 static void
7745 start_adviseds(void *arg, int pending)
7746 {
7747 	struct nfsclwritedsdorpc *drpc;
7748 
7749 	drpc = (struct nfsclwritedsdorpc *)arg;
7750 	drpc->err = nfsrpc_adviseds(drpc->vp, drpc->off, drpc->len,
7751 	    drpc->advise, drpc->dsp, drpc->fhp, drpc->vers, drpc->minorvers,
7752 	    drpc->cred, drpc->p);
7753 	drpc->done = 1;
7754 	crfree(drpc->cred);
7755 	NFSCL_DEBUG(4, "start_adviseds: err=%d\n", drpc->err);
7756 }
7757 
7758 /*
7759  * Set up the advise DS mirror call for the pNFS I/O thread.
7760  */
7761 static int
7762 nfsio_adviseds(vnode_t vp, uint64_t offset, int cnt, int advise,
7763     struct nfsclds *dsp, struct nfsfh *fhp, int vers, int minorvers,
7764     struct nfsclwritedsdorpc *drpc, struct ucred *cred, NFSPROC_T *p)
7765 {
7766 	int error, ret;
7767 
7768 	error = 0;
7769 	drpc->done = 0;
7770 	drpc->vp = vp;
7771 	drpc->off = offset;
7772 	drpc->len = cnt;
7773 	drpc->advise = advise;
7774 	drpc->dsp = dsp;
7775 	drpc->fhp = fhp;
7776 	drpc->vers = vers;
7777 	drpc->minorvers = minorvers;
7778 	drpc->cred = crhold(cred);
7779 	drpc->p = p;
7780 	drpc->inprog = 0;
7781 	ret = EIO;
7782 	if (nfs_pnfsiothreads != 0) {
7783 		ret = nfs_pnfsio(start_adviseds, drpc);
7784 		NFSCL_DEBUG(4, "nfsio_adviseds: nfs_pnfsio=%d\n", ret);
7785 	}
7786 	if (ret != 0) {
7787 		error = nfsrpc_adviseds(vp, offset, cnt, advise, dsp, fhp, vers,
7788 		    minorvers, cred, p);
7789 		crfree(drpc->cred);
7790 	}
7791 	NFSCL_DEBUG(4, "nfsio_adviseds: error=%d\n", error);
7792 	return (error);
7793 }
7794 #endif	/* notyet */
7795 
7796 /*
7797  * Do the Allocate operation, retrying for recovery.
7798  */
7799 int
7800 nfsrpc_allocate(vnode_t vp, off_t off, off_t len, struct nfsvattr *nap,
7801     int *attrflagp, struct ucred *cred, NFSPROC_T *p)
7802 {
7803 	int error, expireret = 0, retrycnt, nostateid;
7804 	uint32_t clidrev = 0;
7805 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
7806 	struct nfsfh *nfhp = NULL;
7807 	nfsv4stateid_t stateid;
7808 	off_t tmp_off;
7809 	void *lckp;
7810 
7811 	if (len < 0)
7812 		return (EINVAL);
7813 	if (len == 0)
7814 		return (0);
7815 	tmp_off = off + len;
7816 	NFSLOCKMNT(nmp);
7817 	if (tmp_off > nmp->nm_maxfilesize || tmp_off < off) {
7818 		NFSUNLOCKMNT(nmp);
7819 		return (EFBIG);
7820 	}
7821 	if (nmp->nm_clp != NULL)
7822 		clidrev = nmp->nm_clp->nfsc_clientidrev;
7823 	NFSUNLOCKMNT(nmp);
7824 	nfhp = VTONFS(vp)->n_fhp;
7825 	retrycnt = 0;
7826 	do {
7827 		lckp = NULL;
7828 		nostateid = 0;
7829 		nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
7830 		    NFSV4OPEN_ACCESSWRITE, 0, cred, p, &stateid, &lckp);
7831 		if (stateid.other[0] == 0 && stateid.other[1] == 0 &&
7832 		    stateid.other[2] == 0) {
7833 			nostateid = 1;
7834 			NFSCL_DEBUG(1, "stateid0 in allocate\n");
7835 		}
7836 
7837 		/*
7838 		 * Not finding a stateid should probably never happen,
7839 		 * but just return an error for this case.
7840 		 */
7841 		if (nostateid != 0)
7842 			error = EIO;
7843 		else
7844 			error = nfsrpc_allocaterpc(vp, off, len, &stateid,
7845 			    nap, attrflagp, cred, p);
7846 		if (error == NFSERR_STALESTATEID)
7847 			nfscl_initiate_recovery(nmp->nm_clp);
7848 		if (lckp != NULL)
7849 			nfscl_lockderef(lckp);
7850 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
7851 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
7852 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
7853 			(void) nfs_catnap(PZERO, error, "nfs_allocate");
7854 		} else if ((error == NFSERR_EXPIRED || (!NFSHASINT(nmp) &&
7855 		    error == NFSERR_BADSTATEID)) && clidrev != 0) {
7856 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
7857 		} else if (error == NFSERR_BADSTATEID && NFSHASINT(nmp)) {
7858 			error = EIO;
7859 		}
7860 		retrycnt++;
7861 	} while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
7862 	    error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
7863 	    error == NFSERR_STALEDONTRECOVER ||
7864 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
7865 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
7866 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
7867 	if (error != 0 && retrycnt >= 4)
7868 		error = EIO;
7869 	return (error);
7870 }
7871 
7872 /*
7873  * The allocate RPC.
7874  */
7875 static int
7876 nfsrpc_allocaterpc(vnode_t vp, off_t off, off_t len, nfsv4stateid_t *stateidp,
7877     struct nfsvattr *nap, int *attrflagp, struct ucred *cred, NFSPROC_T *p)
7878 {
7879 	uint32_t *tl;
7880 	int error;
7881 	struct nfsrv_descript nfsd;
7882 	struct nfsrv_descript *nd = &nfsd;
7883 	nfsattrbit_t attrbits;
7884 
7885 	*attrflagp = 0;
7886 	NFSCL_REQSTART(nd, NFSPROC_ALLOCATE, vp, cred);
7887 	nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
7888 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER + NFSX_UNSIGNED);
7889 	txdr_hyper(off, tl); tl += 2;
7890 	txdr_hyper(len, tl); tl += 2;
7891 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
7892 	NFSGETATTR_ATTRBIT(&attrbits);
7893 	nfsrv_putattrbit(nd, &attrbits);
7894 	error = nfscl_request(nd, vp, p, cred);
7895 	if (error != 0)
7896 		return (error);
7897 	if (nd->nd_repstat == 0) {
7898 		NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
7899 		error = nfsm_loadattr(nd, nap);
7900 		if (error == 0)
7901 			*attrflagp = NFS_LATTR_NOSHRINK;
7902 	} else
7903 		error = nd->nd_repstat;
7904 nfsmout:
7905 	m_freem(nd->nd_mrep);
7906 	return (error);
7907 }
7908 
7909 /*
7910  * Set up the XDR arguments for the LayoutGet operation.
7911  */
7912 static void
7913 nfsrv_setuplayoutget(struct nfsrv_descript *nd, int iomode, uint64_t offset,
7914     uint64_t len, uint64_t minlen, nfsv4stateid_t *stateidp, int layouttype,
7915     int layoutlen, int usecurstateid)
7916 {
7917 	uint32_t *tl;
7918 
7919 	NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED + 3 * NFSX_HYPER +
7920 	    NFSX_STATEID);
7921 	*tl++ = newnfs_false;		/* Don't signal availability. */
7922 	*tl++ = txdr_unsigned(layouttype);
7923 	*tl++ = txdr_unsigned(iomode);
7924 	txdr_hyper(offset, tl);
7925 	tl += 2;
7926 	txdr_hyper(len, tl);
7927 	tl += 2;
7928 	txdr_hyper(minlen, tl);
7929 	tl += 2;
7930 	if (usecurstateid != 0) {
7931 		/* Special stateid for Current stateid. */
7932 		*tl++ = txdr_unsigned(1);
7933 		*tl++ = 0;
7934 		*tl++ = 0;
7935 		*tl++ = 0;
7936 	} else {
7937 		*tl++ = txdr_unsigned(stateidp->seqid);
7938 		NFSCL_DEBUG(4, "layget seq=%d\n", (int)stateidp->seqid);
7939 		*tl++ = stateidp->other[0];
7940 		*tl++ = stateidp->other[1];
7941 		*tl++ = stateidp->other[2];
7942 	}
7943 	*tl = txdr_unsigned(layoutlen);
7944 }
7945 
7946 /*
7947  * Parse the reply for a successful LayoutGet operation.
7948  */
7949 static int
7950 nfsrv_parselayoutget(struct nfsmount *nmp, struct nfsrv_descript *nd,
7951     nfsv4stateid_t *stateidp, int *retonclosep, struct nfsclflayouthead *flhp)
7952 {
7953 	uint32_t *tl;
7954 	struct nfsclflayout *flp, *prevflp, *tflp;
7955 	int cnt, error, fhcnt, gotiomode, i, iomode, j, k, l, laytype, nfhlen;
7956 	int m, mirrorcnt;
7957 	uint64_t retlen, off;
7958 	struct nfsfh *nfhp;
7959 	uint8_t *cp;
7960 	uid_t user;
7961 	gid_t grp;
7962 
7963 	NFSCL_DEBUG(4, "in nfsrv_parselayoutget\n");
7964 	error = 0;
7965 	flp = NULL;
7966 	gotiomode = -1;
7967 	NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED + NFSX_STATEID);
7968 	if (*tl++ != 0)
7969 		*retonclosep = 1;
7970 	else
7971 		*retonclosep = 0;
7972 	stateidp->seqid = fxdr_unsigned(uint32_t, *tl++);
7973 	NFSCL_DEBUG(4, "retoncls=%d stseq=%d\n", *retonclosep,
7974 	    (int)stateidp->seqid);
7975 	stateidp->other[0] = *tl++;
7976 	stateidp->other[1] = *tl++;
7977 	stateidp->other[2] = *tl++;
7978 	cnt = fxdr_unsigned(int, *tl);
7979 	NFSCL_DEBUG(4, "layg cnt=%d\n", cnt);
7980 	if (cnt <= 0 || cnt > 10000) {
7981 		/* Don't accept more than 10000 layouts in reply. */
7982 		error = NFSERR_BADXDR;
7983 		goto nfsmout;
7984 	}
7985 	for (i = 0; i < cnt; i++) {
7986 		/* Dissect to the layout type. */
7987 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_HYPER +
7988 		    3 * NFSX_UNSIGNED);
7989 		off = fxdr_hyper(tl); tl += 2;
7990 		retlen = fxdr_hyper(tl); tl += 2;
7991 		iomode = fxdr_unsigned(int, *tl++);
7992 		laytype = fxdr_unsigned(int, *tl);
7993 		NFSCL_DEBUG(4, "layt=%d off=%ju len=%ju iom=%d\n", laytype,
7994 		    (uintmax_t)off, (uintmax_t)retlen, iomode);
7995 		/* Ignore length of layout body for now. */
7996 		if (laytype == NFSLAYOUT_NFSV4_1_FILES) {
7997 			/* Parse the File layout up to fhcnt. */
7998 			NFSM_DISSECT(tl, uint32_t *, 3 * NFSX_UNSIGNED +
7999 			    NFSX_HYPER + NFSX_V4DEVICEID);
8000 			fhcnt = fxdr_unsigned(int, *(tl + 4 +
8001 			    NFSX_V4DEVICEID / NFSX_UNSIGNED));
8002 			NFSCL_DEBUG(4, "fhcnt=%d\n", fhcnt);
8003 			if (fhcnt < 0 || fhcnt > 100) {
8004 				/* Don't accept more than 100 file handles. */
8005 				error = NFSERR_BADXDR;
8006 				goto nfsmout;
8007 			}
8008 			if (fhcnt > 0)
8009 				flp = malloc(sizeof(*flp) + fhcnt *
8010 				    sizeof(struct nfsfh *), M_NFSFLAYOUT,
8011 				    M_WAITOK);
8012 			else
8013 				flp = malloc(sizeof(*flp), M_NFSFLAYOUT,
8014 				    M_WAITOK);
8015 			flp->nfsfl_flags = NFSFL_FILE;
8016 			flp->nfsfl_fhcnt = 0;
8017 			flp->nfsfl_devp = NULL;
8018 			flp->nfsfl_off = off;
8019 			if (flp->nfsfl_off + retlen < flp->nfsfl_off)
8020 				flp->nfsfl_end = UINT64_MAX - flp->nfsfl_off;
8021 			else
8022 				flp->nfsfl_end = flp->nfsfl_off + retlen;
8023 			flp->nfsfl_iomode = iomode;
8024 			if (gotiomode == -1)
8025 				gotiomode = flp->nfsfl_iomode;
8026 			/* Ignore layout body length for now. */
8027 			NFSBCOPY(tl, flp->nfsfl_dev, NFSX_V4DEVICEID);
8028 			tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
8029 			flp->nfsfl_util = fxdr_unsigned(uint32_t, *tl++);
8030 			NFSCL_DEBUG(4, "flutil=0x%x\n", flp->nfsfl_util);
8031 			mtx_lock(&nmp->nm_mtx);
8032 			if (nmp->nm_minorvers > 1 && (flp->nfsfl_util &
8033 			    NFSFLAYUTIL_IOADVISE_THRU_MDS) != 0)
8034 				nmp->nm_privflag |= NFSMNTP_IOADVISETHRUMDS;
8035 			mtx_unlock(&nmp->nm_mtx);
8036 			flp->nfsfl_stripe1 = fxdr_unsigned(uint32_t, *tl++);
8037 			flp->nfsfl_patoff = fxdr_hyper(tl); tl += 2;
8038 			NFSCL_DEBUG(4, "stripe1=%u poff=%ju\n",
8039 			    flp->nfsfl_stripe1, (uintmax_t)flp->nfsfl_patoff);
8040 			for (j = 0; j < fhcnt; j++) {
8041 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8042 				nfhlen = fxdr_unsigned(int, *tl);
8043 				if (nfhlen <= 0 || nfhlen > NFSX_V4FHMAX) {
8044 					error = NFSERR_BADXDR;
8045 					goto nfsmout;
8046 				}
8047 				nfhp = malloc(sizeof(*nfhp) + nfhlen - 1,
8048 				    M_NFSFH, M_WAITOK);
8049 				flp->nfsfl_fh[j] = nfhp;
8050 				flp->nfsfl_fhcnt++;
8051 				nfhp->nfh_len = nfhlen;
8052 				NFSM_DISSECT(cp, uint8_t *, NFSM_RNDUP(nfhlen));
8053 				NFSBCOPY(cp, nfhp->nfh_fh, nfhlen);
8054 			}
8055 		} else if (laytype == NFSLAYOUT_FLEXFILE) {
8056 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED +
8057 			    NFSX_HYPER);
8058 			mirrorcnt = fxdr_unsigned(int, *(tl + 2));
8059 			NFSCL_DEBUG(4, "mirrorcnt=%d\n", mirrorcnt);
8060 			if (mirrorcnt < 1 || mirrorcnt > NFSDEV_MAXMIRRORS) {
8061 				error = NFSERR_BADXDR;
8062 				goto nfsmout;
8063 			}
8064 			flp = malloc(sizeof(*flp) + mirrorcnt *
8065 			    sizeof(struct nfsffm), M_NFSFLAYOUT, M_WAITOK);
8066 			flp->nfsfl_flags = NFSFL_FLEXFILE;
8067 			flp->nfsfl_mirrorcnt = mirrorcnt;
8068 			for (j = 0; j < mirrorcnt; j++)
8069 				flp->nfsfl_ffm[j].devp = NULL;
8070 			flp->nfsfl_off = off;
8071 			if (flp->nfsfl_off + retlen < flp->nfsfl_off)
8072 				flp->nfsfl_end = UINT64_MAX - flp->nfsfl_off;
8073 			else
8074 				flp->nfsfl_end = flp->nfsfl_off + retlen;
8075 			flp->nfsfl_iomode = iomode;
8076 			if (gotiomode == -1)
8077 				gotiomode = flp->nfsfl_iomode;
8078 			flp->nfsfl_stripeunit = fxdr_hyper(tl);
8079 			NFSCL_DEBUG(4, "stripeunit=%ju\n",
8080 			    (uintmax_t)flp->nfsfl_stripeunit);
8081 			for (j = 0; j < mirrorcnt; j++) {
8082 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8083 				k = fxdr_unsigned(int, *tl);
8084 				if (k < 1 || k > 128) {
8085 					error = NFSERR_BADXDR;
8086 					goto nfsmout;
8087 				}
8088 				NFSCL_DEBUG(4, "servercnt=%d\n", k);
8089 				for (l = 0; l < k; l++) {
8090 					NFSM_DISSECT(tl, uint32_t *,
8091 					    NFSX_V4DEVICEID + NFSX_STATEID +
8092 					    2 * NFSX_UNSIGNED);
8093 					if (l == 0) {
8094 						/* Just use the first server. */
8095 						NFSBCOPY(tl,
8096 						    flp->nfsfl_ffm[j].dev,
8097 						    NFSX_V4DEVICEID);
8098 						tl += (NFSX_V4DEVICEID /
8099 						    NFSX_UNSIGNED);
8100 						tl++;
8101 						flp->nfsfl_ffm[j].st.seqid =
8102 						    *tl++;
8103 						flp->nfsfl_ffm[j].st.other[0] =
8104 						    *tl++;
8105 						flp->nfsfl_ffm[j].st.other[1] =
8106 						    *tl++;
8107 						flp->nfsfl_ffm[j].st.other[2] =
8108 						    *tl++;
8109 						NFSCL_DEBUG(4, "st.seqid=%u "
8110 						 "st.o0=0x%x st.o1=0x%x "
8111 						 "st.o2=0x%x\n",
8112 						 flp->nfsfl_ffm[j].st.seqid,
8113 						 flp->nfsfl_ffm[j].st.other[0],
8114 						 flp->nfsfl_ffm[j].st.other[1],
8115 						 flp->nfsfl_ffm[j].st.other[2]);
8116 					} else
8117 						tl += ((NFSX_V4DEVICEID +
8118 						    NFSX_STATEID +
8119 						    NFSX_UNSIGNED) /
8120 						    NFSX_UNSIGNED);
8121 					fhcnt = fxdr_unsigned(int, *tl);
8122 					NFSCL_DEBUG(4, "fhcnt=%d\n", fhcnt);
8123 					if (fhcnt < 1 ||
8124 					    fhcnt > NFSDEV_MAXVERS) {
8125 						error = NFSERR_BADXDR;
8126 						goto nfsmout;
8127 					}
8128 					for (m = 0; m < fhcnt; m++) {
8129 						NFSM_DISSECT(tl, uint32_t *,
8130 						    NFSX_UNSIGNED);
8131 						nfhlen = fxdr_unsigned(int,
8132 						    *tl);
8133 						NFSCL_DEBUG(4, "nfhlen=%d\n",
8134 						    nfhlen);
8135 						if (nfhlen <= 0 || nfhlen >
8136 						    NFSX_V4FHMAX) {
8137 							error = NFSERR_BADXDR;
8138 							goto nfsmout;
8139 						}
8140 						NFSM_DISSECT(cp, uint8_t *,
8141 						    NFSM_RNDUP(nfhlen));
8142 						if (l == 0) {
8143 							flp->nfsfl_ffm[j].fhcnt
8144 							    = fhcnt;
8145 							nfhp = malloc(
8146 							    sizeof(*nfhp) +
8147 							    nfhlen - 1, M_NFSFH,
8148 							    M_WAITOK);
8149 							flp->nfsfl_ffm[j].fh[m]
8150 							    = nfhp;
8151 							nfhp->nfh_len = nfhlen;
8152 							NFSBCOPY(cp,
8153 							    nfhp->nfh_fh,
8154 							    nfhlen);
8155 							NFSCL_DEBUG(4,
8156 							    "got fh\n");
8157 						}
8158 					}
8159 					/* Now, get the ffsd_user/ffds_group. */
8160 					error = nfsrv_parseug(nd, 0, &user,
8161 					    &grp, curthread);
8162 					NFSCL_DEBUG(4, "after parseu=%d\n",
8163 					    error);
8164 					if (error == 0)
8165 						error = nfsrv_parseug(nd, 1,
8166 						    &user, &grp, curthread);
8167 					NFSCL_DEBUG(4, "aft parseg=%d\n",
8168 					    grp);
8169 					if (error != 0)
8170 						goto nfsmout;
8171 					NFSCL_DEBUG(4, "user=%d group=%d\n",
8172 					    user, grp);
8173 					if (l == 0) {
8174 						flp->nfsfl_ffm[j].user = user;
8175 						flp->nfsfl_ffm[j].group = grp;
8176 						NFSCL_DEBUG(4,
8177 						    "usr=%d grp=%d\n", user,
8178 						    grp);
8179 					}
8180 				}
8181 			}
8182 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8183 			flp->nfsfl_fflags = fxdr_unsigned(uint32_t, *tl++);
8184 #ifdef notnow
8185 			/*
8186 			 * At this time, there is no flag.
8187 			 * NFSFLEXFLAG_IOADVISE_THRU_MDS might need to be
8188 			 * added, or it may never exist?
8189 			 */
8190 			mtx_lock(&nmp->nm_mtx);
8191 			if (nmp->nm_minorvers > 1 && (flp->nfsfl_fflags &
8192 			    NFSFLEXFLAG_IOADVISE_THRU_MDS) != 0)
8193 				nmp->nm_privflag |= NFSMNTP_IOADVISETHRUMDS;
8194 			mtx_unlock(&nmp->nm_mtx);
8195 #endif
8196 			flp->nfsfl_statshint = fxdr_unsigned(uint32_t, *tl);
8197 			NFSCL_DEBUG(4, "fflags=0x%x statshint=%d\n",
8198 			    flp->nfsfl_fflags, flp->nfsfl_statshint);
8199 		} else {
8200 			error = NFSERR_BADXDR;
8201 			goto nfsmout;
8202 		}
8203 		if (flp->nfsfl_iomode == gotiomode) {
8204 			/* Keep the list in increasing offset order. */
8205 			tflp = LIST_FIRST(flhp);
8206 			prevflp = NULL;
8207 			while (tflp != NULL &&
8208 			    tflp->nfsfl_off < flp->nfsfl_off) {
8209 				prevflp = tflp;
8210 				tflp = LIST_NEXT(tflp, nfsfl_list);
8211 			}
8212 			if (prevflp == NULL)
8213 				LIST_INSERT_HEAD(flhp, flp, nfsfl_list);
8214 			else
8215 				LIST_INSERT_AFTER(prevflp, flp,
8216 				    nfsfl_list);
8217 			NFSCL_DEBUG(4, "flp inserted\n");
8218 		} else {
8219 			printf("nfscl_layoutget(): got wrong iomode\n");
8220 			nfscl_freeflayout(flp);
8221 		}
8222 		flp = NULL;
8223 	}
8224 nfsmout:
8225 	NFSCL_DEBUG(4, "eo nfsrv_parselayoutget=%d\n", error);
8226 	if (error != 0 && flp != NULL)
8227 		nfscl_freeflayout(flp);
8228 	return (error);
8229 }
8230 
8231 /*
8232  * Parse a user/group digit string.
8233  */
8234 static int
8235 nfsrv_parseug(struct nfsrv_descript *nd, int dogrp, uid_t *uidp, gid_t *gidp,
8236     NFSPROC_T *p)
8237 {
8238 	uint32_t *tl;
8239 	char *cp, *str, str0[NFSV4_SMALLSTR + 1];
8240 	uint32_t len = 0;
8241 	int error = 0;
8242 
8243 	NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8244 	len = fxdr_unsigned(uint32_t, *tl);
8245 	str = NULL;
8246 	if (len > NFSV4_OPAQUELIMIT) {
8247 		error = NFSERR_BADXDR;
8248 		goto nfsmout;
8249 	}
8250 	NFSCL_DEBUG(4, "nfsrv_parseug: len=%d\n", len);
8251 	if (len == 0) {
8252 		if (dogrp != 0)
8253 			*gidp = GID_NOGROUP;
8254 		else
8255 			*uidp = UID_NOBODY;
8256 		return (0);
8257 	}
8258 	if (len > NFSV4_SMALLSTR)
8259 		str = malloc(len + 1, M_TEMP, M_WAITOK);
8260 	else
8261 		str = str0;
8262 	NFSM_DISSECT(cp, char *, NFSM_RNDUP(len));
8263 	NFSBCOPY(cp, str, len);
8264 	str[len] = '\0';
8265 	NFSCL_DEBUG(4, "nfsrv_parseug: str=%s\n", str);
8266 	if (dogrp != 0)
8267 		error = nfsv4_strtogid(nd, str, len, gidp);
8268 	else
8269 		error = nfsv4_strtouid(nd, str, len, uidp);
8270 nfsmout:
8271 	if (len > NFSV4_SMALLSTR)
8272 		free(str, M_TEMP);
8273 	NFSCL_DEBUG(4, "eo nfsrv_parseug=%d\n", error);
8274 	return (error);
8275 }
8276 
8277 /*
8278  * Similar to nfsrpc_getlayout(), except that it uses nfsrpc_openlayget(),
8279  * so that it does both an Open and a Layoutget.
8280  */
8281 static int
8282 nfsrpc_getopenlayout(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp,
8283     int fhlen, uint8_t *newfhp, int newfhlen, uint32_t mode,
8284     struct nfsclopen *op, uint8_t *name, int namelen, struct nfscldeleg **dpp,
8285     struct ucred *cred, NFSPROC_T *p)
8286 {
8287 	struct nfscllayout *lyp;
8288 	struct nfsclflayout *flp;
8289 	struct nfsclflayouthead flh;
8290 	int error, islocked, layoutlen, recalled, retonclose, usecurstateid;
8291 	int layouttype, laystat;
8292 	nfsv4stateid_t stateid;
8293 	struct nfsclsession *tsep;
8294 
8295 	error = 0;
8296 	if (NFSHASFLEXFILE(nmp))
8297 		layouttype = NFSLAYOUT_FLEXFILE;
8298 	else
8299 		layouttype = NFSLAYOUT_NFSV4_1_FILES;
8300 	/*
8301 	 * If lyp is returned non-NULL, there will be a refcnt (shared lock)
8302 	 * on it, iff flp != NULL or a lock (exclusive lock) on it iff
8303 	 * flp == NULL.
8304 	 */
8305 	lyp = nfscl_getlayout(nmp->nm_clp, newfhp, newfhlen, 0, mode, &flp,
8306 	    &recalled);
8307 	NFSCL_DEBUG(4, "nfsrpc_getopenlayout nfscl_getlayout lyp=%p\n", lyp);
8308 	if (lyp == NULL)
8309 		islocked = 0;
8310 	else if (flp != NULL)
8311 		islocked = 1;
8312 	else
8313 		islocked = 2;
8314 	if ((lyp == NULL || flp == NULL) && recalled == 0) {
8315 		LIST_INIT(&flh);
8316 		tsep = nfsmnt_mdssession(nmp);
8317 		layoutlen = tsep->nfsess_maxcache - (NFSX_STATEID +
8318 		    3 * NFSX_UNSIGNED);
8319 		if (lyp == NULL)
8320 			usecurstateid = 1;
8321 		else {
8322 			usecurstateid = 0;
8323 			stateid.seqid = lyp->nfsly_stateid.seqid;
8324 			stateid.other[0] = lyp->nfsly_stateid.other[0];
8325 			stateid.other[1] = lyp->nfsly_stateid.other[1];
8326 			stateid.other[2] = lyp->nfsly_stateid.other[2];
8327 		}
8328 		error = nfsrpc_openlayoutrpc(nmp, vp, nfhp, fhlen,
8329 		    newfhp, newfhlen, mode, op, name, namelen,
8330 		    dpp, &stateid, usecurstateid, layouttype, layoutlen,
8331 		    &retonclose, &flh, &laystat, cred, p);
8332 		NFSCL_DEBUG(4, "aft nfsrpc_openlayoutrpc laystat=%d err=%d\n",
8333 		    laystat, error);
8334 		laystat = nfsrpc_layoutgetres(nmp, vp, newfhp, newfhlen,
8335 		    &stateid, retonclose, NULL, &lyp, &flh, layouttype, laystat,
8336 		    &islocked, cred, p);
8337 	} else
8338 		error = nfsrpc_openrpc(nmp, vp, nfhp, fhlen, newfhp, newfhlen,
8339 		    mode, op, name, namelen, dpp, 0, 0, cred, p, 0, 0);
8340 	if (islocked == 2)
8341 		nfscl_rellayout(lyp, 1);
8342 	else if (islocked == 1)
8343 		nfscl_rellayout(lyp, 0);
8344 	return (error);
8345 }
8346 
8347 /*
8348  * This function does an Open+LayoutGet for an NFSv4.1 mount with pNFS
8349  * enabled, only for the CLAIM_NULL case.  All other NFSv4 Opens are
8350  * handled by nfsrpc_openrpc().
8351  * For the case where op == NULL, dvp is the directory.  When op != NULL, it
8352  * can be NULL.
8353  */
8354 static int
8355 nfsrpc_openlayoutrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp,
8356     int fhlen, uint8_t *newfhp, int newfhlen, uint32_t mode,
8357     struct nfsclopen *op, uint8_t *name, int namelen, struct nfscldeleg **dpp,
8358     nfsv4stateid_t *stateidp, int usecurstateid, int layouttype,
8359     int layoutlen, int *retonclosep, struct nfsclflayouthead *flhp,
8360     int *laystatp, struct ucred *cred, NFSPROC_T *p)
8361 {
8362 	uint32_t *tl;
8363 	struct nfsrv_descript nfsd, *nd = &nfsd;
8364 	struct nfscldeleg *ndp = NULL;
8365 	struct nfsvattr nfsva;
8366 	struct nfsclsession *tsep;
8367 	uint32_t rflags, deleg;
8368 	nfsattrbit_t attrbits;
8369 	int error, ret, acesize, limitby, iomode;
8370 
8371 	*dpp = NULL;
8372 	*laystatp = ENXIO;
8373 	nfscl_reqstart(nd, NFSPROC_OPENLAYGET, nmp, nfhp, fhlen, NULL, NULL,
8374 	    0, 0, cred);
8375 	NFSM_BUILD(tl, uint32_t *, 5 * NFSX_UNSIGNED);
8376 	*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
8377 	*tl++ = txdr_unsigned(mode & (NFSV4OPEN_ACCESSBOTH |
8378 	    NFSV4OPEN_WANTDELEGMASK));
8379 	*tl++ = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
8380 	tsep = nfsmnt_mdssession(nmp);
8381 	*tl++ = tsep->nfsess_clientid.lval[0];
8382 	*tl = tsep->nfsess_clientid.lval[1];
8383 	nfsm_strtom(nd, op->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN);
8384 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8385 	*tl++ = txdr_unsigned(NFSV4OPEN_NOCREATE);
8386 	if (NFSHASNFSV4N(nmp)) {
8387 		*tl = txdr_unsigned(NFSV4OPEN_CLAIMFH);
8388 	} else {
8389 		*tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
8390 		nfsm_strtom(nd, name, namelen);
8391 	}
8392 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8393 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8394 	NFSZERO_ATTRBIT(&attrbits);
8395 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_CHANGE);
8396 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFY);
8397 	nfsrv_putattrbit(nd, &attrbits);
8398 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8399 	*tl = txdr_unsigned(NFSV4OP_LAYOUTGET);
8400 	if ((mode & NFSV4OPEN_ACCESSWRITE) != 0)
8401 		iomode = NFSLAYOUTIOMODE_RW;
8402 	else
8403 		iomode = NFSLAYOUTIOMODE_READ;
8404 	nfsrv_setuplayoutget(nd, iomode, 0, UINT64_MAX, 0, stateidp,
8405 	    layouttype, layoutlen, usecurstateid);
8406 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
8407 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
8408 	if (error != 0)
8409 		return (error);
8410 	NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
8411 	if (nd->nd_repstat != 0)
8412 		*laystatp = nd->nd_repstat;
8413 	if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
8414 		/* ND_NOMOREDATA will be set if the Open operation failed. */
8415 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
8416 		    6 * NFSX_UNSIGNED);
8417 		op->nfso_stateid.seqid = *tl++;
8418 		op->nfso_stateid.other[0] = *tl++;
8419 		op->nfso_stateid.other[1] = *tl++;
8420 		op->nfso_stateid.other[2] = *tl;
8421 		rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
8422 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
8423 		if (error != 0)
8424 			goto nfsmout;
8425 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
8426 		deleg = fxdr_unsigned(u_int32_t, *tl);
8427 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
8428 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
8429 			if (!(op->nfso_own->nfsow_clp->nfsc_flags &
8430 			      NFSCLFLAGS_FIRSTDELEG))
8431 				op->nfso_own->nfsow_clp->nfsc_flags |=
8432 				  (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
8433 			ndp = malloc(sizeof(struct nfscldeleg) + newfhlen,
8434 			    M_NFSCLDELEG, M_WAITOK);
8435 			LIST_INIT(&ndp->nfsdl_owner);
8436 			LIST_INIT(&ndp->nfsdl_lock);
8437 			ndp->nfsdl_clp = op->nfso_own->nfsow_clp;
8438 			ndp->nfsdl_fhlen = newfhlen;
8439 			NFSBCOPY(newfhp, ndp->nfsdl_fh, newfhlen);
8440 			newnfs_copyincred(cred, &ndp->nfsdl_cred);
8441 			nfscl_lockinit(&ndp->nfsdl_rwlock);
8442 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
8443 			    NFSX_UNSIGNED);
8444 			ndp->nfsdl_stateid.seqid = *tl++;
8445 			ndp->nfsdl_stateid.other[0] = *tl++;
8446 			ndp->nfsdl_stateid.other[1] = *tl++;
8447 			ndp->nfsdl_stateid.other[2] = *tl++;
8448 			ret = fxdr_unsigned(int, *tl);
8449 			if (deleg == NFSV4OPEN_DELEGATEWRITE) {
8450 				ndp->nfsdl_flags = NFSCLDL_WRITE;
8451 				/*
8452 				 * Indicates how much the file can grow.
8453 				 */
8454 				NFSM_DISSECT(tl, u_int32_t *,
8455 				    3 * NFSX_UNSIGNED);
8456 				limitby = fxdr_unsigned(int, *tl++);
8457 				switch (limitby) {
8458 				case NFSV4OPEN_LIMITSIZE:
8459 					ndp->nfsdl_sizelimit = fxdr_hyper(tl);
8460 					break;
8461 				case NFSV4OPEN_LIMITBLOCKS:
8462 					ndp->nfsdl_sizelimit =
8463 					    fxdr_unsigned(u_int64_t, *tl++);
8464 					ndp->nfsdl_sizelimit *=
8465 					    fxdr_unsigned(u_int64_t, *tl);
8466 					break;
8467 				default:
8468 					error = NFSERR_BADXDR;
8469 					goto nfsmout;
8470 				};
8471 			} else
8472 				ndp->nfsdl_flags = NFSCLDL_READ;
8473 			if (ret != 0)
8474 				ndp->nfsdl_flags |= NFSCLDL_RECALL;
8475 			error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false,
8476 			    &ret, &acesize, p);
8477 			if (error != 0)
8478 				goto nfsmout;
8479 		} else if (deleg == NFSV4OPEN_DELEGATENONEEXT &&
8480 		    NFSHASNFSV4N(nmp)) {
8481 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8482 			deleg = fxdr_unsigned(uint32_t, *tl);
8483 			if (deleg == NFSV4OPEN_CONTENTION ||
8484 			    deleg == NFSV4OPEN_RESOURCE)
8485 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8486 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
8487 			error = NFSERR_BADXDR;
8488 			goto nfsmout;
8489 		}
8490 		if ((rflags & NFSV4OPEN_LOCKTYPEPOSIX) != 0 ||
8491 		    nfscl_assumeposixlocks)
8492 			op->nfso_posixlock = 1;
8493 		else
8494 			op->nfso_posixlock = 0;
8495 		NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
8496 		/* If the 2nd element == NFS_OK, the Getattr succeeded. */
8497 		if (*++tl == 0) {
8498 			error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
8499 			    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
8500 			    NULL, NULL, NULL, NULL, p, cred);
8501 			if (error != 0)
8502 				goto nfsmout;
8503 			if (ndp != NULL) {
8504 				ndp->nfsdl_change = nfsva.na_filerev;
8505 				ndp->nfsdl_modtime = nfsva.na_mtime;
8506 				ndp->nfsdl_flags |= NFSCLDL_MODTIMESET;
8507 				*dpp = ndp;
8508 				ndp = NULL;
8509 			}
8510 			/*
8511 			 * At this point, the Open has succeeded, so set
8512 			 * nd_repstat = NFS_OK.  If the Layoutget failed,
8513 			 * this function just won't return a layout.
8514 			 */
8515 			if (nd->nd_repstat == 0) {
8516 				NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8517 				*laystatp = fxdr_unsigned(int, *++tl);
8518 				if (*laystatp == 0) {
8519 					error = nfsrv_parselayoutget(nmp, nd,
8520 					    stateidp, retonclosep, flhp);
8521 					if (error != 0)
8522 						*laystatp = error;
8523 				}
8524 			} else
8525 				nd->nd_repstat = 0;	/* Return 0 for Open. */
8526 		}
8527 	}
8528 	if (nd->nd_repstat != 0 && error == 0)
8529 		error = nd->nd_repstat;
8530 nfsmout:
8531 	free(ndp, M_NFSCLDELEG);
8532 	m_freem(nd->nd_mrep);
8533 	return (error);
8534 }
8535 
8536 /*
8537  * Similar nfsrpc_createv4(), but also does the LayoutGet operation.
8538  * Used only for mounts with pNFS enabled.
8539  */
8540 static int
8541 nfsrpc_createlayout(vnode_t dvp, char *name, int namelen, struct vattr *vap,
8542     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
8543     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
8544     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
8545     int *dattrflagp, int *unlockedp, nfsv4stateid_t *stateidp,
8546     int usecurstateid, int layouttype, int layoutlen, int *retonclosep,
8547     struct nfsclflayouthead *flhp, int *laystatp)
8548 {
8549 	uint32_t *tl;
8550 	int error = 0, deleg, newone, ret, acesize, limitby;
8551 	struct nfsrv_descript nfsd, *nd = &nfsd;
8552 	struct nfsclopen *op;
8553 	struct nfscldeleg *dp = NULL;
8554 	struct nfsnode *np;
8555 	struct nfsfh *nfhp;
8556 	struct nfsclsession *tsep;
8557 	nfsattrbit_t attrbits;
8558 	nfsv4stateid_t stateid;
8559 	struct nfsmount *nmp;
8560 
8561 	nmp = VFSTONFS(dvp->v_mount);
8562 	np = VTONFS(dvp);
8563 	*laystatp = ENXIO;
8564 	*unlockedp = 0;
8565 	*nfhpp = NULL;
8566 	*dpp = NULL;
8567 	*attrflagp = 0;
8568 	*dattrflagp = 0;
8569 	if (namelen > NFS_MAXNAMLEN)
8570 		return (ENAMETOOLONG);
8571 	NFSCL_REQSTART(nd, NFSPROC_CREATELAYGET, dvp, cred);
8572 	/*
8573 	 * For V4, this is actually an Open op.
8574 	 */
8575 	NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
8576 	*tl++ = txdr_unsigned(owp->nfsow_seqid);
8577 	if (NFSHASNFSV4N(nmp)) {
8578 		if (!NFSHASPNFS(nmp) && nfscl_enablecallb != 0 &&
8579 		    nfs_numnfscbd > 0)
8580 			*tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
8581 			    NFSV4OPEN_ACCESSREAD | NFSV4OPEN_WANTWRITEDELEG);
8582 		else
8583 			*tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
8584 			    NFSV4OPEN_ACCESSREAD | NFSV4OPEN_WANTNODELEG);
8585 	} else
8586 		*tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
8587 		    NFSV4OPEN_ACCESSREAD);
8588 	*tl++ = txdr_unsigned(NFSV4OPEN_DENYNONE);
8589 	tsep = nfsmnt_mdssession(nmp);
8590 	*tl++ = tsep->nfsess_clientid.lval[0];
8591 	*tl = tsep->nfsess_clientid.lval[1];
8592 	nfsm_strtom(nd, owp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
8593 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
8594 	*tl++ = txdr_unsigned(NFSV4OPEN_CREATE);
8595 	if ((fmode & O_EXCL) != 0) {
8596 		if (NFSHASSESSPERSIST(nmp)) {
8597 			/* Use GUARDED for persistent sessions. */
8598 			*tl = txdr_unsigned(NFSCREATE_GUARDED);
8599 			nfscl_fillsattr(nd, vap, dvp, NFSSATTR_NEWFILE, 0);
8600 		} else {
8601 			/* Otherwise, use EXCLUSIVE4_1. */
8602 			*tl = txdr_unsigned(NFSCREATE_EXCLUSIVE41);
8603 			NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
8604 			*tl++ = cverf.lval[0];
8605 			*tl = cverf.lval[1];
8606 			nfscl_fillsattr(nd, vap, dvp, NFSSATTR_NEWFILE, 0);
8607 		}
8608 	} else {
8609 		*tl = txdr_unsigned(NFSCREATE_UNCHECKED);
8610 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_NEWFILE, 0);
8611 	}
8612 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
8613 	*tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
8614 	nfsm_strtom(nd, name, namelen);
8615 	/* Get the new file's handle and attributes, plus save the FH. */
8616 	NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
8617 	*tl++ = txdr_unsigned(NFSV4OP_SAVEFH);
8618 	*tl++ = txdr_unsigned(NFSV4OP_GETFH);
8619 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8620 	NFSGETATTR_ATTRBIT(&attrbits);
8621 	nfsrv_putattrbit(nd, &attrbits);
8622 	/* Get the directory's post-op attributes. */
8623 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
8624 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
8625 	(void)nfsm_fhtom(nmp, nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
8626 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
8627 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8628 	nfsrv_putattrbit(nd, &attrbits);
8629 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
8630 	*tl++ = txdr_unsigned(NFSV4OP_RESTOREFH);
8631 	*tl = txdr_unsigned(NFSV4OP_LAYOUTGET);
8632 	nfsrv_setuplayoutget(nd, NFSLAYOUTIOMODE_RW, 0, UINT64_MAX, 0, stateidp,
8633 	    layouttype, layoutlen, usecurstateid);
8634 	error = nfscl_request(nd, dvp, p, cred);
8635 	if (error != 0)
8636 		return (error);
8637 	NFSCL_DEBUG(4, "nfsrpc_createlayout stat=%d err=%d\n", nd->nd_repstat,
8638 	    error);
8639 	if (nd->nd_repstat != 0)
8640 		*laystatp = nd->nd_repstat;
8641 	NFSCL_INCRSEQID(owp->nfsow_seqid, nd);
8642 	if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
8643 		NFSCL_DEBUG(4, "nfsrpc_createlayout open succeeded\n");
8644 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
8645 		    6 * NFSX_UNSIGNED);
8646 		stateid.seqid = *tl++;
8647 		stateid.other[0] = *tl++;
8648 		stateid.other[1] = *tl++;
8649 		stateid.other[2] = *tl;
8650 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
8651 		if (error != 0)
8652 			goto nfsmout;
8653 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
8654 		deleg = fxdr_unsigned(int, *tl);
8655 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
8656 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
8657 			if (!(owp->nfsow_clp->nfsc_flags &
8658 			      NFSCLFLAGS_FIRSTDELEG))
8659 				owp->nfsow_clp->nfsc_flags |=
8660 				  (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
8661 			dp = malloc(sizeof(struct nfscldeleg) + NFSX_V4FHMAX,
8662 			    M_NFSCLDELEG, M_WAITOK);
8663 			LIST_INIT(&dp->nfsdl_owner);
8664 			LIST_INIT(&dp->nfsdl_lock);
8665 			dp->nfsdl_clp = owp->nfsow_clp;
8666 			newnfs_copyincred(cred, &dp->nfsdl_cred);
8667 			nfscl_lockinit(&dp->nfsdl_rwlock);
8668 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
8669 			    NFSX_UNSIGNED);
8670 			dp->nfsdl_stateid.seqid = *tl++;
8671 			dp->nfsdl_stateid.other[0] = *tl++;
8672 			dp->nfsdl_stateid.other[1] = *tl++;
8673 			dp->nfsdl_stateid.other[2] = *tl++;
8674 			ret = fxdr_unsigned(int, *tl);
8675 			if (deleg == NFSV4OPEN_DELEGATEWRITE) {
8676 				dp->nfsdl_flags = NFSCLDL_WRITE;
8677 				/*
8678 				 * Indicates how much the file can grow.
8679 				 */
8680 				NFSM_DISSECT(tl, u_int32_t *,
8681 				    3 * NFSX_UNSIGNED);
8682 				limitby = fxdr_unsigned(int, *tl++);
8683 				switch (limitby) {
8684 				case NFSV4OPEN_LIMITSIZE:
8685 					dp->nfsdl_sizelimit = fxdr_hyper(tl);
8686 					break;
8687 				case NFSV4OPEN_LIMITBLOCKS:
8688 					dp->nfsdl_sizelimit =
8689 					    fxdr_unsigned(u_int64_t, *tl++);
8690 					dp->nfsdl_sizelimit *=
8691 					    fxdr_unsigned(u_int64_t, *tl);
8692 					break;
8693 				default:
8694 					error = NFSERR_BADXDR;
8695 					goto nfsmout;
8696 				};
8697 			} else {
8698 				dp->nfsdl_flags = NFSCLDL_READ;
8699 			}
8700 			if (ret != 0)
8701 				dp->nfsdl_flags |= NFSCLDL_RECALL;
8702 			error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false,
8703 			    &ret, &acesize, p);
8704 			if (error != 0)
8705 				goto nfsmout;
8706 		} else if (deleg == NFSV4OPEN_DELEGATENONEEXT &&
8707 		    NFSHASNFSV4N(nmp)) {
8708 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8709 			deleg = fxdr_unsigned(uint32_t, *tl);
8710 			if (deleg == NFSV4OPEN_CONTENTION ||
8711 			    deleg == NFSV4OPEN_RESOURCE)
8712 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8713 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
8714 			error = NFSERR_BADXDR;
8715 			goto nfsmout;
8716 		}
8717 
8718 		/* Now, we should have the status for the SaveFH. */
8719 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8720 		if (*++tl == 0) {
8721 			NFSCL_DEBUG(4, "nfsrpc_createlayout SaveFH ok\n");
8722 			/*
8723 			 * Now, process the GetFH and Getattr for the newly
8724 			 * created file. nfscl_mtofh() will set
8725 			 * ND_NOMOREDATA if these weren't successful.
8726 			 */
8727 			error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
8728 			NFSCL_DEBUG(4, "aft nfscl_mtofh err=%d\n", error);
8729 			if (error != 0)
8730 				goto nfsmout;
8731 		} else
8732 			nd->nd_flag |= ND_NOMOREDATA;
8733 		/* Now we have the PutFH and Getattr for the directory. */
8734 		if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
8735 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8736 			if (*++tl != 0)
8737 				nd->nd_flag |= ND_NOMOREDATA;
8738 			else {
8739 				NFSM_DISSECT(tl, uint32_t *, 2 *
8740 				    NFSX_UNSIGNED);
8741 				if (*++tl != 0)
8742 					nd->nd_flag |= ND_NOMOREDATA;
8743 			}
8744 		}
8745 		if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
8746 			/* Load the directory attributes. */
8747 			error = nfsm_loadattr(nd, dnap);
8748 			NFSCL_DEBUG(4, "aft nfsm_loadattr err=%d\n", error);
8749 			if (error != 0)
8750 				goto nfsmout;
8751 			*dattrflagp = 1;
8752 			if (dp != NULL && *attrflagp != 0) {
8753 				dp->nfsdl_change = nnap->na_filerev;
8754 				dp->nfsdl_modtime = nnap->na_mtime;
8755 				dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
8756 			}
8757 			/*
8758 			 * We can now complete the Open state.
8759 			 */
8760 			nfhp = *nfhpp;
8761 			if (dp != NULL) {
8762 				dp->nfsdl_fhlen = nfhp->nfh_len;
8763 				NFSBCOPY(nfhp->nfh_fh, dp->nfsdl_fh,
8764 				    nfhp->nfh_len);
8765 			}
8766 			/*
8767 			 * Get an Open structure that will be
8768 			 * attached to the OpenOwner, acquired already.
8769 			 */
8770 			error = nfscl_open(dvp, nfhp->nfh_fh, nfhp->nfh_len,
8771 			    (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), 0,
8772 			    cred, p, NULL, &op, &newone, NULL, 0, false);
8773 			if (error != 0)
8774 				goto nfsmout;
8775 			op->nfso_stateid = stateid;
8776 			newnfs_copyincred(cred, &op->nfso_cred);
8777 
8778 			nfscl_openrelease(nmp, op, error, newone);
8779 			*unlockedp = 1;
8780 
8781 			/* Now, handle the RestoreFH and LayoutGet. */
8782 			if (nd->nd_repstat == 0) {
8783 				NFSM_DISSECT(tl, uint32_t *, 4 * NFSX_UNSIGNED);
8784 				*laystatp = fxdr_unsigned(int, *(tl + 3));
8785 				if (*laystatp == 0) {
8786 					error = nfsrv_parselayoutget(nmp, nd,
8787 					    stateidp, retonclosep, flhp);
8788 					if (error != 0)
8789 						*laystatp = error;
8790 				}
8791 				NFSCL_DEBUG(4, "aft nfsrv_parselayout err=%d\n",
8792 				    error);
8793 			} else
8794 				nd->nd_repstat = 0;
8795 		}
8796 	}
8797 	if (nd->nd_repstat != 0 && error == 0)
8798 		error = nd->nd_repstat;
8799 	if (error == NFSERR_STALECLIENTID)
8800 		nfscl_initiate_recovery(owp->nfsow_clp);
8801 nfsmout:
8802 	NFSCL_DEBUG(4, "eo nfsrpc_createlayout err=%d\n", error);
8803 	if (error == 0)
8804 		*dpp = dp;
8805 	else
8806 		free(dp, M_NFSCLDELEG);
8807 	m_freem(nd->nd_mrep);
8808 	return (error);
8809 }
8810 
8811 /*
8812  * Similar to nfsrpc_getopenlayout(), except that it used for the Create case.
8813  */
8814 static int
8815 nfsrpc_getcreatelayout(vnode_t dvp, char *name, int namelen, struct vattr *vap,
8816     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
8817     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
8818     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
8819     int *dattrflagp, int *unlockedp)
8820 {
8821 	struct nfscllayout *lyp;
8822 	struct nfsclflayouthead flh;
8823 	struct nfsfh *nfhp;
8824 	struct nfsclsession *tsep;
8825 	struct nfsmount *nmp;
8826 	nfsv4stateid_t stateid;
8827 	int error, layoutlen, layouttype, retonclose, laystat;
8828 
8829 	error = 0;
8830 	nmp = VFSTONFS(dvp->v_mount);
8831 	if (NFSHASFLEXFILE(nmp))
8832 		layouttype = NFSLAYOUT_FLEXFILE;
8833 	else
8834 		layouttype = NFSLAYOUT_NFSV4_1_FILES;
8835 	LIST_INIT(&flh);
8836 	tsep = nfsmnt_mdssession(nmp);
8837 	layoutlen = tsep->nfsess_maxcache - (NFSX_STATEID + 3 * NFSX_UNSIGNED);
8838 	error = nfsrpc_createlayout(dvp, name, namelen, vap, cverf, fmode,
8839 	    owp, dpp, cred, p, dnap, nnap, nfhpp, attrflagp, dattrflagp,
8840 	    unlockedp, &stateid, 1, layouttype, layoutlen, &retonclose,
8841 	    &flh, &laystat);
8842 	NFSCL_DEBUG(4, "aft nfsrpc_createlayoutrpc laystat=%d err=%d\n",
8843 	    laystat, error);
8844 	lyp = NULL;
8845 	if (laystat == 0) {
8846 		nfhp = *nfhpp;
8847 		laystat = nfsrpc_layoutgetres(nmp, dvp, nfhp->nfh_fh,
8848 		    nfhp->nfh_len, &stateid, retonclose, NULL, &lyp, &flh,
8849 		    layouttype, laystat, NULL, cred, p);
8850 	} else
8851 		laystat = nfsrpc_layoutgetres(nmp, dvp, NULL, 0, &stateid,
8852 		    retonclose, NULL, &lyp, &flh, layouttype, laystat, NULL,
8853 		    cred, p);
8854 	if (laystat == 0)
8855 		nfscl_rellayout(lyp, 0);
8856 	return (error);
8857 }
8858 
8859 /*
8860  * Process the results of a layoutget() operation.
8861  */
8862 static int
8863 nfsrpc_layoutgetres(struct nfsmount *nmp, vnode_t vp, uint8_t *newfhp,
8864     int newfhlen, nfsv4stateid_t *stateidp, int retonclose, uint32_t *notifybit,
8865     struct nfscllayout **lypp, struct nfsclflayouthead *flhp, int layouttype,
8866     int laystat, int *islockedp, struct ucred *cred, NFSPROC_T *p)
8867 {
8868 	struct nfsclflayout *tflp;
8869 	struct nfscldevinfo *dip;
8870 	uint8_t *dev;
8871 	int i, mirrorcnt;
8872 
8873 	if (laystat == NFSERR_UNKNLAYOUTTYPE) {
8874 		NFSLOCKMNT(nmp);
8875 		if (!NFSHASFLEXFILE(nmp)) {
8876 			/* Switch to using Flex File Layout. */
8877 			nmp->nm_state |= NFSSTA_FLEXFILE;
8878 		} else if (layouttype == NFSLAYOUT_FLEXFILE) {
8879 			/* Disable pNFS. */
8880 			NFSCL_DEBUG(1, "disable PNFS\n");
8881 			nmp->nm_state &= ~(NFSSTA_PNFS | NFSSTA_FLEXFILE);
8882 		}
8883 		NFSUNLOCKMNT(nmp);
8884 	}
8885 	if (laystat == 0) {
8886 		NFSCL_DEBUG(4, "nfsrpc_layoutgetres at FOREACH\n");
8887 		LIST_FOREACH(tflp, flhp, nfsfl_list) {
8888 			if (layouttype == NFSLAYOUT_FLEXFILE)
8889 				mirrorcnt = tflp->nfsfl_mirrorcnt;
8890 			else
8891 				mirrorcnt = 1;
8892 			for (i = 0; i < mirrorcnt; i++) {
8893 				laystat = nfscl_adddevinfo(nmp, NULL, i, tflp);
8894 				NFSCL_DEBUG(4, "aft adddev=%d\n", laystat);
8895 				if (laystat != 0) {
8896 					if (layouttype == NFSLAYOUT_FLEXFILE)
8897 						dev = tflp->nfsfl_ffm[i].dev;
8898 					else
8899 						dev = tflp->nfsfl_dev;
8900 					laystat = nfsrpc_getdeviceinfo(nmp, dev,
8901 					    layouttype, notifybit, &dip, cred,
8902 					    p);
8903 					NFSCL_DEBUG(4, "aft nfsrpc_gdi=%d\n",
8904 					    laystat);
8905 					if (laystat != 0)
8906 						goto out;
8907 					laystat = nfscl_adddevinfo(nmp, dip, i,
8908 					    tflp);
8909 					if (laystat != 0)
8910 						printf("nfsrpc_layoutgetresout"
8911 						    ": cannot add\n");
8912 				}
8913 			}
8914 		}
8915 	}
8916 out:
8917 	if (laystat == 0) {
8918 		/*
8919 		 * nfscl_layout() always returns with the nfsly_lock
8920 		 * set to a refcnt (shared lock).
8921 		 * Passing in dvp is sufficient, since it is only used to
8922 		 * get the fsid for the file system.
8923 		 */
8924 		laystat = nfscl_layout(nmp, vp, newfhp, newfhlen, stateidp,
8925 		    layouttype, retonclose, flhp, lypp, cred, p);
8926 		NFSCL_DEBUG(4, "nfsrpc_layoutgetres: aft nfscl_layout=%d\n",
8927 		    laystat);
8928 		if (laystat == 0 && islockedp != NULL)
8929 			*islockedp = 1;
8930 	}
8931 	return (laystat);
8932 }
8933 
8934 /*
8935  * nfs copy_file_range operation.
8936  */
8937 int
8938 nfsrpc_copy_file_range(vnode_t invp, off_t *inoffp, vnode_t outvp,
8939     off_t *outoffp, size_t *lenp, unsigned int flags, int *inattrflagp,
8940     struct nfsvattr *innap, int *outattrflagp, struct nfsvattr *outnap,
8941     struct ucred *cred, bool consecutive, bool *must_commitp)
8942 {
8943 	int commit, error, expireret = 0, retrycnt;
8944 	u_int32_t clidrev = 0;
8945 	struct nfsmount *nmp = VFSTONFS(invp->v_mount);
8946 	struct nfsfh *innfhp = NULL, *outnfhp = NULL;
8947 	nfsv4stateid_t instateid, outstateid;
8948 	void *inlckp, *outlckp;
8949 
8950 	if (nmp->nm_clp != NULL)
8951 		clidrev = nmp->nm_clp->nfsc_clientidrev;
8952 	innfhp = VTONFS(invp)->n_fhp;
8953 	outnfhp = VTONFS(outvp)->n_fhp;
8954 	retrycnt = 0;
8955 	do {
8956 		/* Get both stateids. */
8957 		inlckp = NULL;
8958 		nfscl_getstateid(invp, innfhp->nfh_fh, innfhp->nfh_len,
8959 		    NFSV4OPEN_ACCESSREAD, 0, NULL, curthread, &instateid,
8960 		    &inlckp);
8961 		outlckp = NULL;
8962 		nfscl_getstateid(outvp, outnfhp->nfh_fh, outnfhp->nfh_len,
8963 		    NFSV4OPEN_ACCESSWRITE, 0, NULL, curthread, &outstateid,
8964 		    &outlckp);
8965 
8966 		error = nfsrpc_copyrpc(invp, *inoffp, outvp, *outoffp, lenp,
8967 		    &instateid, &outstateid, innap, inattrflagp, outnap,
8968 		    outattrflagp, consecutive, &commit, cred, curthread);
8969 		if (error == 0) {
8970 			if (commit != NFSWRITE_FILESYNC)
8971 				*must_commitp = true;
8972 			*inoffp += *lenp;
8973 			*outoffp += *lenp;
8974 		} else if (error == NFSERR_STALESTATEID)
8975 			nfscl_initiate_recovery(nmp->nm_clp);
8976 		if (inlckp != NULL)
8977 			nfscl_lockderef(inlckp);
8978 		if (outlckp != NULL)
8979 			nfscl_lockderef(outlckp);
8980 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
8981 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
8982 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
8983 			(void) nfs_catnap(PZERO, error, "nfs_cfr");
8984 		} else if ((error == NFSERR_EXPIRED || (!NFSHASINT(nmp) &&
8985 		    error == NFSERR_BADSTATEID)) && clidrev != 0) {
8986 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev,
8987 			    curthread);
8988 		} else if (error == NFSERR_BADSTATEID && NFSHASINT(nmp)) {
8989 			error = EIO;
8990 		}
8991 		retrycnt++;
8992 	} while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
8993 	    error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
8994 	      error == NFSERR_STALEDONTRECOVER ||
8995 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
8996 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
8997 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
8998 	if (error != 0 && (retrycnt >= 4 ||
8999 	    error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
9000 	      error == NFSERR_STALEDONTRECOVER))
9001 		error = EIO;
9002 	return (error);
9003 }
9004 
9005 /*
9006  * The copy RPC.
9007  */
9008 static int
9009 nfsrpc_copyrpc(vnode_t invp, off_t inoff, vnode_t outvp, off_t outoff,
9010     size_t *lenp, nfsv4stateid_t *instateidp, nfsv4stateid_t *outstateidp,
9011     struct nfsvattr *innap, int *inattrflagp, struct nfsvattr *outnap,
9012     int *outattrflagp, bool consecutive, int *commitp, struct ucred *cred,
9013     NFSPROC_T *p)
9014 {
9015 	uint32_t *tl, *opcntp;
9016 	int error;
9017 	struct nfsrv_descript nfsd;
9018 	struct nfsrv_descript *nd = &nfsd;
9019 	struct nfsmount *nmp;
9020 	nfsattrbit_t attrbits;
9021 	struct vattr va;
9022 	uint64_t len;
9023 
9024 	nmp = VFSTONFS(invp->v_mount);
9025 	*inattrflagp = *outattrflagp = 0;
9026 	*commitp = NFSWRITE_UNSTABLE;
9027 	len = *lenp;
9028 	*lenp = 0;
9029 	if (len > nfs_maxcopyrange)
9030 		len = nfs_maxcopyrange;
9031 	nfscl_reqstart(nd, NFSPROC_COPY, nmp, VTONFS(invp)->n_fhp->nfh_fh,
9032 	    VTONFS(invp)->n_fhp->nfh_len, &opcntp, NULL, 0, 0, cred);
9033 	/*
9034 	 * First do a Setattr of atime to the server's clock
9035 	 * time.  The FreeBSD "collective" was of the opinion
9036 	 * that setting atime was necessary for this syscall.
9037 	 * Do the Setattr before the Copy, so that it can be
9038 	 * handled well if the server replies NFSERR_DELAY to
9039 	 * the Setattr operation.
9040 	 */
9041 	if ((nmp->nm_mountp->mnt_flag & MNT_NOATIME) == 0) {
9042 		NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9043 		*tl = txdr_unsigned(NFSV4OP_SETATTR);
9044 		nfsm_stateidtom(nd, instateidp, NFSSTATEID_PUTSTATEID);
9045 		VATTR_NULL(&va);
9046 		va.va_atime.tv_sec = va.va_atime.tv_nsec = 0;
9047 		va.va_vaflags = VA_UTIMES_NULL;
9048 		nfscl_fillsattr(nd, &va, invp, 0, 0);
9049 		/* Bump opcnt from 7 to 8. */
9050 		*opcntp = txdr_unsigned(8);
9051 	}
9052 
9053 	/* Now Getattr the invp attributes. */
9054 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9055 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
9056 	NFSGETATTR_ATTRBIT(&attrbits);
9057 	nfsrv_putattrbit(nd, &attrbits);
9058 
9059 	/* Set outvp. */
9060 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9061 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
9062 	(void)nfsm_fhtom(nmp, nd, VTONFS(outvp)->n_fhp->nfh_fh,
9063 	    VTONFS(outvp)->n_fhp->nfh_len, 0);
9064 
9065 	/* Do the Copy. */
9066 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9067 	*tl = txdr_unsigned(NFSV4OP_COPY);
9068 	nfsm_stateidtom(nd, instateidp, NFSSTATEID_PUTSTATEID);
9069 	nfsm_stateidtom(nd, outstateidp, NFSSTATEID_PUTSTATEID);
9070 	NFSM_BUILD(tl, uint32_t *, 3 * NFSX_HYPER + 4 * NFSX_UNSIGNED);
9071 	txdr_hyper(inoff, tl); tl += 2;
9072 	txdr_hyper(outoff, tl); tl += 2;
9073 	txdr_hyper(len, tl); tl += 2;
9074 	if (consecutive)
9075 		*tl++ = newnfs_true;
9076 	else
9077 		*tl++ = newnfs_false;
9078 	*tl++ = newnfs_true;
9079 	*tl++ = 0;
9080 
9081 	/* Get the outvp attributes. */
9082 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
9083 	NFSWRITEGETATTR_ATTRBIT(&attrbits);
9084 	nfsrv_putattrbit(nd, &attrbits);
9085 
9086 	error = nfscl_request(nd, invp, p, cred);
9087 	if (error != 0)
9088 		return (error);
9089 	/* Skip over the Setattr reply. */
9090 	if ((nd->nd_flag & ND_NOMOREDATA) == 0 &&
9091 	    (nmp->nm_mountp->mnt_flag & MNT_NOATIME) == 0) {
9092 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9093 		if (*(tl + 1) == 0) {
9094 			error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
9095 			if (error != 0)
9096 				goto nfsmout;
9097 		} else
9098 			nd->nd_flag |= ND_NOMOREDATA;
9099 	}
9100 	if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
9101 		/* Get the input file's attributes. */
9102 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9103 		if (*(tl + 1) == 0) {
9104 			error = nfsm_loadattr(nd, innap);
9105 			if (error != 0)
9106 				goto nfsmout;
9107 			*inattrflagp = 1;
9108 		} else
9109 			nd->nd_flag |= ND_NOMOREDATA;
9110 	}
9111 	/* Skip over return stat for PutFH. */
9112 	if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
9113 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9114 		if (*++tl != 0)
9115 			nd->nd_flag |= ND_NOMOREDATA;
9116 	}
9117 	/* Skip over return stat for Copy. */
9118 	if ((nd->nd_flag & ND_NOMOREDATA) == 0)
9119 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9120 	if (nd->nd_repstat == 0) {
9121 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
9122 		if (*tl != 0) {
9123 			/* There should be no callback ids. */
9124 			error = NFSERR_BADXDR;
9125 			goto nfsmout;
9126 		}
9127 		NFSM_DISSECT(tl, uint32_t *, NFSX_HYPER + 3 * NFSX_UNSIGNED +
9128 		    NFSX_VERF);
9129 		len = fxdr_hyper(tl); tl += 2;
9130 		*commitp = fxdr_unsigned(int, *tl++);
9131 		NFSLOCKMNT(nmp);
9132 		if (!NFSHASWRITEVERF(nmp)) {
9133 			NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
9134 			NFSSETWRITEVERF(nmp);
9135 	    	} else if (NFSBCMP(tl, nmp->nm_verf, NFSX_VERF)) {
9136 			NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
9137 			nd->nd_repstat = NFSERR_STALEWRITEVERF;
9138 		}
9139 		NFSUNLOCKMNT(nmp);
9140 		tl += (NFSX_VERF / NFSX_UNSIGNED);
9141 		if (nd->nd_repstat == 0 && *++tl != newnfs_true)
9142 			/* Must be a synchronous copy. */
9143 			nd->nd_repstat = NFSERR_NOTSUPP;
9144 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9145 		error = nfsm_loadattr(nd, outnap);
9146 		if (error == 0)
9147 			*outattrflagp = NFS_LATTR_NOSHRINK;
9148 		if (nd->nd_repstat == 0)
9149 			*lenp = len;
9150 	} else if (nd->nd_repstat == NFSERR_OFFLOADNOREQS) {
9151 		/*
9152 		 * For the case where consecutive is not supported, but
9153 		 * synchronous is supported, we can try consecutive == false
9154 		 * by returning this error.  Otherwise, return NFSERR_NOTSUPP,
9155 		 * since Copy cannot be done.
9156 		 */
9157 		if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
9158 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9159 			if (!consecutive || *++tl == newnfs_false)
9160 				nd->nd_repstat = NFSERR_NOTSUPP;
9161 		} else
9162 			nd->nd_repstat = NFSERR_BADXDR;
9163 	}
9164 	if (error == 0)
9165 		error = nd->nd_repstat;
9166 nfsmout:
9167 	m_freem(nd->nd_mrep);
9168 	return (error);
9169 }
9170 
9171 /*
9172  * Seek operation.
9173  */
9174 int
9175 nfsrpc_seek(vnode_t vp, off_t *offp, bool *eofp, int content,
9176     struct ucred *cred, struct nfsvattr *nap, int *attrflagp)
9177 {
9178 	int error, expireret = 0, retrycnt;
9179 	u_int32_t clidrev = 0;
9180 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
9181 	struct nfsnode *np = VTONFS(vp);
9182 	struct nfsfh *nfhp = NULL;
9183 	nfsv4stateid_t stateid;
9184 	void *lckp;
9185 
9186 	if (nmp->nm_clp != NULL)
9187 		clidrev = nmp->nm_clp->nfsc_clientidrev;
9188 	nfhp = np->n_fhp;
9189 	retrycnt = 0;
9190 	do {
9191 		lckp = NULL;
9192 		nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
9193 		    NFSV4OPEN_ACCESSREAD, 0, cred, curthread, &stateid, &lckp);
9194 		error = nfsrpc_seekrpc(vp, offp, &stateid, eofp, content,
9195 		    nap, attrflagp, cred);
9196 		if (error == NFSERR_STALESTATEID)
9197 			nfscl_initiate_recovery(nmp->nm_clp);
9198 		if (lckp != NULL)
9199 			nfscl_lockderef(lckp);
9200 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
9201 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
9202 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
9203 			(void) nfs_catnap(PZERO, error, "nfs_seek");
9204 		} else if ((error == NFSERR_EXPIRED || (!NFSHASINT(nmp) &&
9205 		    error == NFSERR_BADSTATEID)) && clidrev != 0) {
9206 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev,
9207 			    curthread);
9208 		} else if (error == NFSERR_BADSTATEID && NFSHASINT(nmp)) {
9209 			error = EIO;
9210 		}
9211 		retrycnt++;
9212 	} while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
9213 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
9214 	    error == NFSERR_BADSESSION ||
9215 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
9216 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
9217 	     expireret == 0 && clidrev != 0 && retrycnt < 4) ||
9218 	    (error == NFSERR_OPENMODE && retrycnt < 4));
9219 	if (error && retrycnt >= 4)
9220 		error = EIO;
9221 	return (error);
9222 }
9223 
9224 /*
9225  * The seek RPC.
9226  */
9227 static int
9228 nfsrpc_seekrpc(vnode_t vp, off_t *offp, nfsv4stateid_t *stateidp, bool *eofp,
9229     int content, struct nfsvattr *nap, int *attrflagp, struct ucred *cred)
9230 {
9231 	uint32_t *tl;
9232 	int error;
9233 	struct nfsrv_descript nfsd;
9234 	struct nfsrv_descript *nd = &nfsd;
9235 	nfsattrbit_t attrbits;
9236 
9237 	*attrflagp = 0;
9238 	NFSCL_REQSTART(nd, NFSPROC_SEEK, vp, cred);
9239 	nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
9240 	NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 * NFSX_UNSIGNED);
9241 	txdr_hyper(*offp, tl); tl += 2;
9242 	*tl++ = txdr_unsigned(content);
9243 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
9244 	NFSGETATTR_ATTRBIT(&attrbits);
9245 	nfsrv_putattrbit(nd, &attrbits);
9246 	error = nfscl_request(nd, vp, curthread, cred);
9247 	if (error != 0)
9248 		return (error);
9249 	if (nd->nd_repstat == 0) {
9250 		NFSM_DISSECT(tl, uint32_t *, 3 * NFSX_UNSIGNED + NFSX_HYPER);
9251 		if (*tl++ == newnfs_true)
9252 			*eofp = true;
9253 		else
9254 			*eofp = false;
9255 		*offp = fxdr_hyper(tl);
9256 		/* Just skip over Getattr op status. */
9257 		error = nfsm_loadattr(nd, nap);
9258 		if (error == 0)
9259 			*attrflagp = 1;
9260 	}
9261 	error = nd->nd_repstat;
9262 nfsmout:
9263 	m_freem(nd->nd_mrep);
9264 	return (error);
9265 }
9266 
9267 /*
9268  * The getextattr RPC.
9269  */
9270 int
9271 nfsrpc_getextattr(vnode_t vp, const char *name, struct uio *uiop, ssize_t *lenp,
9272     struct nfsvattr *nap, int *attrflagp, struct ucred *cred, NFSPROC_T *p)
9273 {
9274 	uint32_t *tl;
9275 	int error;
9276 	struct nfsrv_descript nfsd;
9277 	struct nfsrv_descript *nd = &nfsd;
9278 	nfsattrbit_t attrbits;
9279 	uint32_t len, len2;
9280 
9281 	*attrflagp = 0;
9282 	NFSCL_REQSTART(nd, NFSPROC_GETEXTATTR, vp, cred);
9283 	nfsm_strtom(nd, name, strlen(name));
9284 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9285 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
9286 	NFSGETATTR_ATTRBIT(&attrbits);
9287 	nfsrv_putattrbit(nd, &attrbits);
9288 	error = nfscl_request(nd, vp, p, cred);
9289 	if (error != 0)
9290 		return (error);
9291 	if (nd->nd_repstat == 0) {
9292 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
9293 		len = fxdr_unsigned(uint32_t, *tl);
9294 		/* Sanity check lengths. */
9295 		if (uiop != NULL && len > 0 && len <= IOSIZE_MAX &&
9296 		    uiop->uio_resid <= UINT32_MAX) {
9297 			len2 = uiop->uio_resid;
9298 			if (len2 >= len)
9299 				error = nfsm_mbufuio(nd, uiop, len);
9300 			else {
9301 				error = nfsm_mbufuio(nd, uiop, len2);
9302 				if (error == 0) {
9303 					/*
9304 					 * nfsm_mbufuio() advances to a multiple
9305 					 * of 4, so round up len2 as well.  Then
9306 					 * we need to advance over the rest of
9307 					 * the data, rounding up the remaining
9308 					 * length.
9309 					 */
9310 					len2 = NFSM_RNDUP(len2);
9311 					len2 = NFSM_RNDUP(len - len2);
9312 					if (len2 > 0)
9313 						error = nfsm_advance(nd, len2,
9314 						    -1);
9315 				}
9316 			}
9317 		} else if (uiop == NULL && len > 0) {
9318 			/* Just wants the length and not the data. */
9319 			error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
9320 		} else if (len > 0)
9321 			error = ENOATTR;
9322 		if (error != 0)
9323 			goto nfsmout;
9324 		*lenp = len;
9325 		/* Just skip over Getattr op status. */
9326 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9327 		error = nfsm_loadattr(nd, nap);
9328 		if (error == 0)
9329 			*attrflagp = 1;
9330 	}
9331 	if (error == 0)
9332 		error = nd->nd_repstat;
9333 nfsmout:
9334 	m_freem(nd->nd_mrep);
9335 	return (error);
9336 }
9337 
9338 /*
9339  * The setextattr RPC.
9340  */
9341 int
9342 nfsrpc_setextattr(vnode_t vp, const char *name, struct uio *uiop,
9343     struct nfsvattr *nap, int *attrflagp, struct ucred *cred, NFSPROC_T *p)
9344 {
9345 	uint32_t *tl;
9346 	int error;
9347 	struct nfsrv_descript nfsd;
9348 	struct nfsrv_descript *nd = &nfsd;
9349 	nfsattrbit_t attrbits;
9350 
9351 	*attrflagp = 0;
9352 	NFSCL_REQSTART(nd, NFSPROC_SETEXTATTR, vp, cred);
9353 	if (uiop->uio_resid > nd->nd_maxreq) {
9354 		/* nd_maxreq is set by NFSCL_REQSTART(). */
9355 		m_freem(nd->nd_mreq);
9356 		return (EINVAL);
9357 	}
9358 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9359 	*tl = txdr_unsigned(NFSV4SXATTR_EITHER);
9360 	nfsm_strtom(nd, name, strlen(name));
9361 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9362 	*tl = txdr_unsigned(uiop->uio_resid);
9363 	error = nfsm_uiombuf(nd, uiop, uiop->uio_resid);
9364 	if (error != 0) {
9365 		m_freem(nd->nd_mreq);
9366 		return (error);
9367 	}
9368 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9369 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
9370 	NFSGETATTR_ATTRBIT(&attrbits);
9371 	nfsrv_putattrbit(nd, &attrbits);
9372 	error = nfscl_request(nd, vp, p, cred);
9373 	if (error != 0)
9374 		return (error);
9375 	if (nd->nd_repstat == 0) {
9376 		/* Just skip over the reply and Getattr op status. */
9377 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_HYPER + 3 *
9378 		    NFSX_UNSIGNED);
9379 		error = nfsm_loadattr(nd, nap);
9380 		if (error == 0)
9381 			*attrflagp = 1;
9382 	}
9383 	if (error == 0)
9384 		error = nd->nd_repstat;
9385 nfsmout:
9386 	m_freem(nd->nd_mrep);
9387 	return (error);
9388 }
9389 
9390 /*
9391  * The removeextattr RPC.
9392  */
9393 int
9394 nfsrpc_rmextattr(vnode_t vp, const char *name, struct nfsvattr *nap,
9395     int *attrflagp, struct ucred *cred, NFSPROC_T *p)
9396 {
9397 	uint32_t *tl;
9398 	int error;
9399 	struct nfsrv_descript nfsd;
9400 	struct nfsrv_descript *nd = &nfsd;
9401 	nfsattrbit_t attrbits;
9402 
9403 	*attrflagp = 0;
9404 	NFSCL_REQSTART(nd, NFSPROC_RMEXTATTR, vp, cred);
9405 	nfsm_strtom(nd, name, strlen(name));
9406 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9407 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
9408 	NFSGETATTR_ATTRBIT(&attrbits);
9409 	nfsrv_putattrbit(nd, &attrbits);
9410 	error = nfscl_request(nd, vp, p, cred);
9411 	if (error != 0)
9412 		return (error);
9413 	if (nd->nd_repstat == 0) {
9414 		/* Just skip over the reply and Getattr op status. */
9415 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_HYPER + 3 *
9416 		    NFSX_UNSIGNED);
9417 		error = nfsm_loadattr(nd, nap);
9418 		if (error == 0)
9419 			*attrflagp = 1;
9420 	}
9421 	if (error == 0)
9422 		error = nd->nd_repstat;
9423 nfsmout:
9424 	m_freem(nd->nd_mrep);
9425 	return (error);
9426 }
9427 
9428 /*
9429  * The listextattr RPC.
9430  */
9431 int
9432 nfsrpc_listextattr(vnode_t vp, uint64_t *cookiep, struct uio *uiop,
9433     size_t *lenp, bool *eofp, struct nfsvattr *nap, int *attrflagp,
9434     struct ucred *cred, NFSPROC_T *p)
9435 {
9436 	uint32_t *tl;
9437 	int cnt, error, i, len;
9438 	struct nfsrv_descript nfsd;
9439 	struct nfsrv_descript *nd = &nfsd;
9440 	nfsattrbit_t attrbits;
9441 	u_char c;
9442 
9443 	*attrflagp = 0;
9444 	NFSCL_REQSTART(nd, NFSPROC_LISTEXTATTR, vp, cred);
9445 	NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 * NFSX_UNSIGNED);
9446 	txdr_hyper(*cookiep, tl); tl += 2;
9447 	*tl++ = txdr_unsigned(*lenp);
9448 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
9449 	NFSGETATTR_ATTRBIT(&attrbits);
9450 	nfsrv_putattrbit(nd, &attrbits);
9451 	error = nfscl_request(nd, vp, p, cred);
9452 	if (error != 0)
9453 		return (error);
9454 	*eofp = true;
9455 	*lenp = 0;
9456 	if (nd->nd_repstat == 0) {
9457 		NFSM_DISSECT(tl, uint32_t *, NFSX_HYPER + NFSX_UNSIGNED);
9458 		*cookiep = fxdr_hyper(tl); tl += 2;
9459 		cnt = fxdr_unsigned(int, *tl);
9460 		if (cnt < 0) {
9461 			error = EBADRPC;
9462 			goto nfsmout;
9463 		}
9464 		for (i = 0; i < cnt; i++) {
9465 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
9466 			len = fxdr_unsigned(int, *tl);
9467 			if (len <= 0 || len > EXTATTR_MAXNAMELEN) {
9468 				error = EBADRPC;
9469 				goto nfsmout;
9470 			}
9471 			if (uiop == NULL)
9472 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
9473 			else if (uiop->uio_resid >= len + 1) {
9474 				c = len;
9475 				error = uiomove(&c, sizeof(c), uiop);
9476 				if (error == 0)
9477 					error = nfsm_mbufuio(nd, uiop, len);
9478 			} else {
9479 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
9480 				*eofp = false;
9481 			}
9482 			if (error != 0)
9483 				goto nfsmout;
9484 			*lenp += (len + 1);
9485 		}
9486 		/* Get the eof and skip over the Getattr op status. */
9487 		NFSM_DISSECT(tl, uint32_t *, 3 * NFSX_UNSIGNED);
9488 		/*
9489 		 * *eofp is set false above, because it wasn't able to copy
9490 		 * all of the reply.
9491 		 */
9492 		if (*eofp && *tl == 0)
9493 			*eofp = false;
9494 		error = nfsm_loadattr(nd, nap);
9495 		if (error == 0)
9496 			*attrflagp = 1;
9497 	}
9498 	if (error == 0)
9499 		error = nd->nd_repstat;
9500 nfsmout:
9501 	m_freem(nd->nd_mrep);
9502 	return (error);
9503 }
9504 
9505 /*
9506  * Split an mbuf list.  For non-M_EXTPG mbufs, just use m_split().
9507  */
9508 static struct mbuf *
9509 nfsm_split(struct mbuf *mp, uint64_t xfer)
9510 {
9511 	struct mbuf *m, *m2;
9512 	vm_page_t pg;
9513 	int i, j, left, pgno, plen, trim;
9514 	char *cp, *cp2;
9515 
9516 	if ((mp->m_flags & M_EXTPG) == 0) {
9517 		m = m_split(mp, xfer, M_WAITOK);
9518 		return (m);
9519 	}
9520 
9521 	/* Find the correct mbuf to split at. */
9522 	for (m = mp; m != NULL && xfer > m->m_len; m = m->m_next)
9523 		xfer -= m->m_len;
9524 	if (m == NULL)
9525 		return (NULL);
9526 
9527 	/* If xfer == m->m_len, we can just split the mbuf list. */
9528 	if (xfer == m->m_len) {
9529 		m2 = m->m_next;
9530 		m->m_next = NULL;
9531 		return (m2);
9532 	}
9533 
9534 	/* Find the page to split at. */
9535 	pgno = 0;
9536 	left = xfer;
9537 	do {
9538 		if (pgno == 0)
9539 			plen = m_epg_pagelen(m, 0, m->m_epg_1st_off);
9540 		else
9541 			plen = m_epg_pagelen(m, pgno, 0);
9542 		if (left <= plen)
9543 			break;
9544 		left -= plen;
9545 		pgno++;
9546 	} while (pgno < m->m_epg_npgs);
9547 	if (pgno == m->m_epg_npgs)
9548 		panic("nfsm_split: eroneous ext_pgs mbuf");
9549 
9550 	m2 = mb_alloc_ext_pgs(M_WAITOK, mb_free_mext_pgs, 0);
9551 	m2->m_epg_flags |= EPG_FLAG_ANON;
9552 
9553 	/*
9554 	 * If left < plen, allocate a new page for the new mbuf
9555 	 * and copy the data after left in the page to this new
9556 	 * page.
9557 	 */
9558 	if (left < plen) {
9559 		pg = vm_page_alloc_noobj(VM_ALLOC_WAITOK | VM_ALLOC_NODUMP |
9560 		    VM_ALLOC_WIRED);
9561 		m2->m_epg_pa[0] = VM_PAGE_TO_PHYS(pg);
9562 		m2->m_epg_npgs = 1;
9563 
9564 		/* Copy the data after left to the new page. */
9565 		trim = plen - left;
9566 		cp = (char *)(void *)PHYS_TO_DMAP(m->m_epg_pa[pgno]);
9567 		if (pgno == 0)
9568 			cp += m->m_epg_1st_off;
9569 		cp += left;
9570 		cp2 = (char *)(void *)PHYS_TO_DMAP(m2->m_epg_pa[0]);
9571 		if (pgno == m->m_epg_npgs - 1)
9572 			m2->m_epg_last_len = trim;
9573 		else {
9574 			cp2 += PAGE_SIZE - trim;
9575 			m2->m_epg_1st_off = PAGE_SIZE - trim;
9576 			m2->m_epg_last_len = m->m_epg_last_len;
9577 		}
9578 		memcpy(cp2, cp, trim);
9579 		m2->m_len = trim;
9580 	} else {
9581 		m2->m_len = 0;
9582 		m2->m_epg_last_len = m->m_epg_last_len;
9583 	}
9584 
9585 	/* Move the pages beyond pgno to the new mbuf. */
9586 	for (i = pgno + 1, j = m2->m_epg_npgs; i < m->m_epg_npgs; i++, j++) {
9587 		m2->m_epg_pa[j] = m->m_epg_pa[i];
9588 		/* Never moves page 0. */
9589 		m2->m_len += m_epg_pagelen(m, i, 0);
9590 	}
9591 	m2->m_epg_npgs = j;
9592 	m->m_epg_npgs = pgno + 1;
9593 	m->m_epg_last_len = left;
9594 	m->m_len = xfer;
9595 
9596 	m2->m_next = m->m_next;
9597 	m->m_next = NULL;
9598 	return (m2);
9599 }
9600 
9601 /*
9602  * Do the NFSv4.1 Bind Connection to Session.
9603  * Called from the reconnect layer of the krpc (sys/rpc/clnt_rc.c).
9604  */
9605 void
9606 nfsrpc_bindconnsess(CLIENT *cl, void *arg, struct ucred *cr)
9607 {
9608 	struct nfscl_reconarg *rcp = (struct nfscl_reconarg *)arg;
9609 	uint32_t res, *tl;
9610 	struct nfsrv_descript nfsd;
9611 	struct nfsrv_descript *nd = &nfsd;
9612 	struct rpc_callextra ext;
9613 	struct timeval utimeout;
9614 	enum clnt_stat stat;
9615 	int error;
9616 
9617 	nfscl_reqstart(nd, NFSPROC_BINDCONNTOSESS, NULL, NULL, 0, NULL, NULL,
9618 	    NFS_VER4, rcp->minorvers, NULL);
9619 	NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID + 2 * NFSX_UNSIGNED);
9620 	memcpy(tl, rcp->sessionid, NFSX_V4SESSIONID);
9621 	tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
9622 	*tl++ = txdr_unsigned(NFSCDFC4_FORE_OR_BOTH);
9623 	*tl = newnfs_false;
9624 
9625 	memset(&ext, 0, sizeof(ext));
9626 	utimeout.tv_sec = 30;
9627 	utimeout.tv_usec = 0;
9628 	ext.rc_auth = authunix_create(cr);
9629 	nd->nd_mrep = NULL;
9630 	stat = CLNT_CALL_MBUF(cl, &ext, NFSV4PROC_COMPOUND, nd->nd_mreq,
9631 	    &nd->nd_mrep, utimeout);
9632 	AUTH_DESTROY(ext.rc_auth);
9633 	if (stat != RPC_SUCCESS) {
9634 		printf("nfsrpc_bindconnsess: call failed stat=%d\n", stat);
9635 		return;
9636 	}
9637 	if (nd->nd_mrep == NULL) {
9638 		printf("nfsrpc_bindconnsess: no reply args\n");
9639 		return;
9640 	}
9641 	error = 0;
9642 	newnfs_realign(&nd->nd_mrep, M_WAITOK);
9643 	nd->nd_md = nd->nd_mrep;
9644 	nd->nd_dpos = mtod(nd->nd_md, char *);
9645 	NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9646 	nd->nd_repstat = fxdr_unsigned(uint32_t, *tl++);
9647 	if (nd->nd_repstat == NFSERR_OK) {
9648 		res = fxdr_unsigned(uint32_t, *tl);
9649 		if (res > 0 && (error = nfsm_advance(nd, NFSM_RNDUP(res),
9650 		    -1)) != 0)
9651 			goto nfsmout;
9652 		NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
9653 		    4 * NFSX_UNSIGNED);
9654 		tl += 3;
9655 		if (!NFSBCMP(tl, rcp->sessionid, NFSX_V4SESSIONID)) {
9656 			tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
9657 			res = fxdr_unsigned(uint32_t, *tl);
9658 			if (res != NFSCDFS4_BOTH)
9659 				printf("nfsrpc_bindconnsess: did not "
9660 				    "return FS4_BOTH\n");
9661 		} else
9662 			printf("nfsrpc_bindconnsess: not same "
9663 			    "sessionid\n");
9664 	} else if (nd->nd_repstat != NFSERR_BADSESSION)
9665 		printf("nfsrpc_bindconnsess: returned %d\n", nd->nd_repstat);
9666 nfsmout:
9667 	if (error != 0)
9668 		printf("nfsrpc_bindconnsess: reply bad xdr\n");
9669 	m_freem(nd->nd_mrep);
9670 }
9671 
9672 /*
9673  * nfs opeattr rpc
9674  */
9675 int
9676 nfsrpc_openattr(struct nfsmount *nmp, struct vnode *vp, uint8_t *fhp, int fhlen,
9677     bool createit, struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap,
9678     struct nfsfh **nfhpp, int *attrflagp)
9679 {
9680 	uint32_t *tl;
9681 	struct nfsrv_descript nfsd, *nd = &nfsd;
9682 	nfsattrbit_t attrbits;
9683 	int error = 0;
9684 
9685 	*attrflagp = 0;
9686 	nfscl_reqstart(nd, NFSPROC_OPENATTR, nmp, fhp, fhlen, NULL, NULL, 0, 0,
9687 	    cred);
9688 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
9689 	if (createit)
9690 		*tl = newnfs_true;
9691 	else
9692 		*tl = newnfs_false;
9693 	NFSGETATTR_ATTRBIT(&attrbits);
9694 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9695 	*tl++ = txdr_unsigned(NFSV4OP_GETFH);
9696 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
9697 	(void)nfsrv_putattrbit(nd, &attrbits);
9698 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
9699 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
9700 	if (error != 0)
9701 		return (error);
9702 	if (nd->nd_repstat == 0) {
9703 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
9704 		error = nfsm_getfh(nd, nfhpp);
9705 		if (error != 0)
9706 			goto nfsmout;
9707 		error = nfscl_postop_attr(nd, nap, attrflagp);
9708 	}
9709 nfsmout:
9710 	m_freem(nd->nd_mrep);
9711 	if (error == 0 && nd->nd_repstat != 0)
9712 		error = nd->nd_repstat;
9713 	return (error);
9714 }
9715 
9716 /*
9717  * Do roughly what nfs_statfs() does for NFSv4, but when called with a shared
9718  * locked vnode.
9719  */
9720 static void
9721 nfscl_statfs(struct vnode *vp, struct ucred *cred, NFSPROC_T *td)
9722 {
9723 	struct nfsvattr nfsva;
9724 	struct nfsfsinfo fs;
9725 	struct nfsstatfs sb;
9726 	struct mount *mp;
9727 	struct nfsmount *nmp;
9728 	uint32_t lease;
9729 	int attrflag, error;
9730 
9731 	mp = vp->v_mount;
9732 	nmp = VFSTONFS(mp);
9733 	error = nfsrpc_statfs(vp, &sb, &fs, &lease, cred, td, &nfsva,
9734 	    &attrflag);
9735 	if (attrflag != 0)
9736 		(void) nfscl_loadattrcache(&vp, &nfsva, NULL, 0, 1);
9737 	if (error == 0) {
9738 		NFSLOCKCLSTATE();
9739 		if (nmp->nm_clp != NULL)
9740 			nmp->nm_clp->nfsc_renew = NFSCL_RENEW(lease);
9741 		NFSUNLOCKCLSTATE();
9742 		mtx_lock(&nmp->nm_mtx);
9743 		nfscl_loadfsinfo(nmp, &fs);
9744 		nfscl_loadsbinfo(nmp, &sb, &mp->mnt_stat);
9745 		mp->mnt_stat.f_iosize = newnfs_iosize(nmp);
9746 		mtx_unlock(&nmp->nm_mtx);
9747 	}
9748 }
9749