xref: /freebsd/sys/fs/nfsclient/nfs_clstate.c (revision f0cfa1b168014f56c02b83e5f28412cc5f78d117)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2009 Rick Macklem, University of Guelph
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  *
28  */
29 
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
32 
33 /*
34  * These functions implement the client side state handling for NFSv4.
35  * NFSv4 state handling:
36  * - A lockowner is used to determine lock contention, so it
37  *   corresponds directly to a Posix pid. (1 to 1 mapping)
38  * - The correct granularity of an OpenOwner is not nearly so
39  *   obvious. An OpenOwner does the following:
40  *   - provides a serial sequencing of Open/Close/Lock-with-new-lockowner
41  *   - is used to check for Open/Share contention (not applicable to
42  *     this client, since all Opens are Deny_None)
43  *   As such, I considered both extreme.
44  *   1 OpenOwner per ClientID - Simple to manage, but fully serializes
45  *   all Open, Close and Lock (with a new lockowner) Ops.
46  *   1 OpenOwner for each Open - This one results in an OpenConfirm for
47  *   every Open, for most servers.
48  *   So, I chose to use the same mapping as I did for LockOwnwers.
49  *   The main concern here is that you can end up with multiple Opens
50  *   for the same File Handle, but on different OpenOwners (opens
51  *   inherited from parents, grandparents...) and you do not know
52  *   which of these the vnodeop close applies to. This is handled by
53  *   delaying the Close Op(s) until all of the Opens have been closed.
54  *   (It is not yet obvious if this is the correct granularity.)
55  * - How the code handles serialization:
56  *   - For the ClientId, it uses an exclusive lock while getting its
57  *     SetClientId and during recovery. Otherwise, it uses a shared
58  *     lock via a reference count.
59  *   - For the rest of the data structures, it uses an SMP mutex
60  *     (once the nfs client is SMP safe) and doesn't sleep while
61  *     manipulating the linked lists.
62  *   - The serialization of Open/Close/Lock/LockU falls out in the
63  *     "wash", since OpenOwners and LockOwners are both mapped from
64  *     Posix pid. In other words, there is only one Posix pid using
65  *     any given owner, so that owner is serialized. (If you change
66  *     the granularity of the OpenOwner, then code must be added to
67  *     serialize Ops on the OpenOwner.)
68  * - When to get rid of OpenOwners and LockOwners.
69  *   - The function nfscl_cleanup_common() is executed after a process exits.
70  *     It goes through the client list looking for all Open and Lock Owners.
71  *     When one is found, it is marked "defunct" or in the case of
72  *     an OpenOwner without any Opens, freed.
73  *     The renew thread scans for defunct Owners and gets rid of them,
74  *     if it can. The LockOwners will also be deleted when the
75  *     associated Open is closed.
76  *   - If the LockU or Close Op(s) fail during close in a way
77  *     that could be recovered upon retry, they are relinked to the
78  *     ClientId's defunct open list and retried by the renew thread
79  *     until they succeed or an unmount/recovery occurs.
80  *     (Since we are done with them, they do not need to be recovered.)
81  */
82 
83 #ifndef APPLEKEXT
84 #include <fs/nfs/nfsport.h>
85 
86 /*
87  * Global variables
88  */
89 extern struct nfsstatsv1 nfsstatsv1;
90 extern struct nfsreqhead nfsd_reqq;
91 extern u_int32_t newnfs_false, newnfs_true;
92 extern int nfscl_debuglevel;
93 extern int nfscl_enablecallb;
94 extern int nfs_numnfscbd;
95 NFSREQSPINLOCK;
96 NFSCLSTATEMUTEX;
97 int nfscl_inited = 0;
98 struct nfsclhead nfsclhead;	/* Head of clientid list */
99 int nfscl_deleghighwater = NFSCLDELEGHIGHWATER;
100 int nfscl_layouthighwater = NFSCLLAYOUTHIGHWATER;
101 #endif	/* !APPLEKEXT */
102 
103 static int nfscl_delegcnt = 0;
104 static int nfscl_layoutcnt = 0;
105 static int nfscl_getopen(struct nfsclownerhead *, u_int8_t *, int, u_int8_t *,
106     u_int8_t *, u_int32_t, struct nfscllockowner **, struct nfsclopen **);
107 static void nfscl_clrelease(struct nfsclclient *);
108 static void nfscl_cleanclient(struct nfsclclient *);
109 static void nfscl_expireclient(struct nfsclclient *, struct nfsmount *,
110     struct ucred *, NFSPROC_T *);
111 static int nfscl_expireopen(struct nfsclclient *, struct nfsclopen *,
112     struct nfsmount *, struct ucred *, NFSPROC_T *);
113 static void nfscl_recover(struct nfsclclient *, struct ucred *, NFSPROC_T *);
114 static void nfscl_insertlock(struct nfscllockowner *, struct nfscllock *,
115     struct nfscllock *, int);
116 static int nfscl_updatelock(struct nfscllockowner *, struct nfscllock **,
117     struct nfscllock **, int);
118 static void nfscl_delegreturnall(struct nfsclclient *, NFSPROC_T *);
119 static u_int32_t nfscl_nextcbident(void);
120 static mount_t nfscl_getmnt(int, uint8_t *, u_int32_t, struct nfsclclient **);
121 static struct nfsclclient *nfscl_getclnt(u_int32_t);
122 static struct nfsclclient *nfscl_getclntsess(uint8_t *);
123 static struct nfscldeleg *nfscl_finddeleg(struct nfsclclient *, u_int8_t *,
124     int);
125 static void nfscl_retoncloselayout(vnode_t, struct nfsclclient *, uint8_t *,
126     int, struct nfsclrecalllayout **);
127 static void nfscl_reldevinfo_locked(struct nfscldevinfo *);
128 static struct nfscllayout *nfscl_findlayout(struct nfsclclient *, u_int8_t *,
129     int);
130 static struct nfscldevinfo *nfscl_finddevinfo(struct nfsclclient *, uint8_t *);
131 static int nfscl_checkconflict(struct nfscllockownerhead *, struct nfscllock *,
132     u_int8_t *, struct nfscllock **);
133 static void nfscl_freealllocks(struct nfscllockownerhead *, int);
134 static int nfscl_localconflict(struct nfsclclient *, u_int8_t *, int,
135     struct nfscllock *, u_int8_t *, struct nfscldeleg *, struct nfscllock **);
136 static void nfscl_newopen(struct nfsclclient *, struct nfscldeleg *,
137     struct nfsclowner **, struct nfsclowner **, struct nfsclopen **,
138     struct nfsclopen **, u_int8_t *, u_int8_t *, int, struct ucred *, int *);
139 static int nfscl_moveopen(vnode_t , struct nfsclclient *,
140     struct nfsmount *, struct nfsclopen *, struct nfsclowner *,
141     struct nfscldeleg *, struct ucred *, NFSPROC_T *);
142 static void nfscl_totalrecall(struct nfsclclient *);
143 static int nfscl_relock(vnode_t , struct nfsclclient *, struct nfsmount *,
144     struct nfscllockowner *, struct nfscllock *, struct ucred *, NFSPROC_T *);
145 static int nfscl_tryopen(struct nfsmount *, vnode_t , u_int8_t *, int,
146     u_int8_t *, int, u_int32_t, struct nfsclopen *, u_int8_t *, int,
147     struct nfscldeleg **, int, u_int32_t, struct ucred *, NFSPROC_T *);
148 static int nfscl_trylock(struct nfsmount *, vnode_t , u_int8_t *,
149     int, struct nfscllockowner *, int, int, u_int64_t, u_int64_t, short,
150     struct ucred *, NFSPROC_T *);
151 static int nfsrpc_reopen(struct nfsmount *, u_int8_t *, int, u_int32_t,
152     struct nfsclopen *, struct nfscldeleg **, struct ucred *, NFSPROC_T *);
153 static void nfscl_freedeleg(struct nfscldeleghead *, struct nfscldeleg *);
154 static int nfscl_errmap(struct nfsrv_descript *, u_int32_t);
155 static void nfscl_cleanup_common(struct nfsclclient *, u_int8_t *);
156 static int nfscl_recalldeleg(struct nfsclclient *, struct nfsmount *,
157     struct nfscldeleg *, vnode_t, struct ucred *, NFSPROC_T *, int);
158 static void nfscl_freeopenowner(struct nfsclowner *, int);
159 static void nfscl_cleandeleg(struct nfscldeleg *);
160 static int nfscl_trydelegreturn(struct nfscldeleg *, struct ucred *,
161     struct nfsmount *, NFSPROC_T *);
162 static void nfscl_emptylockowner(struct nfscllockowner *,
163     struct nfscllockownerfhhead *);
164 static void nfscl_mergeflayouts(struct nfsclflayouthead *,
165     struct nfsclflayouthead *);
166 static int nfscl_layoutrecall(int, struct nfscllayout *, uint32_t, uint64_t,
167     uint64_t, uint32_t, struct nfsclrecalllayout *);
168 static int nfscl_seq(uint32_t, uint32_t);
169 static void nfscl_layoutreturn(struct nfsmount *, struct nfscllayout *,
170     struct ucred *, NFSPROC_T *);
171 static void nfscl_dolayoutcommit(struct nfsmount *, struct nfscllayout *,
172     struct ucred *, NFSPROC_T *);
173 
174 static short nfscberr_null[] = {
175 	0,
176 	0,
177 };
178 
179 static short nfscberr_getattr[] = {
180 	NFSERR_RESOURCE,
181 	NFSERR_BADHANDLE,
182 	NFSERR_BADXDR,
183 	NFSERR_RESOURCE,
184 	NFSERR_SERVERFAULT,
185 	0,
186 };
187 
188 static short nfscberr_recall[] = {
189 	NFSERR_RESOURCE,
190 	NFSERR_BADHANDLE,
191 	NFSERR_BADSTATEID,
192 	NFSERR_BADXDR,
193 	NFSERR_RESOURCE,
194 	NFSERR_SERVERFAULT,
195 	0,
196 };
197 
198 static short *nfscl_cberrmap[] = {
199 	nfscberr_null,
200 	nfscberr_null,
201 	nfscberr_null,
202 	nfscberr_getattr,
203 	nfscberr_recall
204 };
205 
206 #define	NETFAMILY(clp) \
207 		(((clp)->nfsc_flags & NFSCLFLAGS_AFINET6) ? AF_INET6 : AF_INET)
208 
209 /*
210  * Called for an open operation.
211  * If the nfhp argument is NULL, just get an openowner.
212  */
213 APPLESTATIC int
214 nfscl_open(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t amode, int usedeleg,
215     struct ucred *cred, NFSPROC_T *p, struct nfsclowner **owpp,
216     struct nfsclopen **opp, int *newonep, int *retp, int lockit)
217 {
218 	struct nfsclclient *clp;
219 	struct nfsclowner *owp, *nowp;
220 	struct nfsclopen *op = NULL, *nop = NULL;
221 	struct nfscldeleg *dp;
222 	struct nfsclownerhead *ohp;
223 	u_int8_t own[NFSV4CL_LOCKNAMELEN];
224 	int ret;
225 
226 	if (newonep != NULL)
227 		*newonep = 0;
228 	if (opp != NULL)
229 		*opp = NULL;
230 	if (owpp != NULL)
231 		*owpp = NULL;
232 
233 	/*
234 	 * Might need one or both of these, so MALLOC them now, to
235 	 * avoid a tsleep() in MALLOC later.
236 	 */
237 	MALLOC(nowp, struct nfsclowner *, sizeof (struct nfsclowner),
238 	    M_NFSCLOWNER, M_WAITOK);
239 	if (nfhp != NULL)
240 	    MALLOC(nop, struct nfsclopen *, sizeof (struct nfsclopen) +
241 		fhlen - 1, M_NFSCLOPEN, M_WAITOK);
242 	ret = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
243 	if (ret != 0) {
244 		FREE((caddr_t)nowp, M_NFSCLOWNER);
245 		if (nop != NULL)
246 			FREE((caddr_t)nop, M_NFSCLOPEN);
247 		return (ret);
248 	}
249 
250 	/*
251 	 * Get the Open iff it already exists.
252 	 * If none found, add the new one or return error, depending upon
253 	 * "create".
254 	 */
255 	NFSLOCKCLSTATE();
256 	dp = NULL;
257 	/* First check the delegation list */
258 	if (nfhp != NULL && usedeleg) {
259 		LIST_FOREACH(dp, NFSCLDELEGHASH(clp, nfhp, fhlen), nfsdl_hash) {
260 			if (dp->nfsdl_fhlen == fhlen &&
261 			    !NFSBCMP(nfhp, dp->nfsdl_fh, fhlen)) {
262 				if (!(amode & NFSV4OPEN_ACCESSWRITE) ||
263 				    (dp->nfsdl_flags & NFSCLDL_WRITE))
264 					break;
265 				dp = NULL;
266 				break;
267 			}
268 		}
269 	}
270 
271 	if (dp != NULL) {
272 		nfscl_filllockowner(p->td_proc, own, F_POSIX);
273 		ohp = &dp->nfsdl_owner;
274 	} else {
275 		/* For NFSv4.1 and this option, use a single open_owner. */
276 		if (NFSHASONEOPENOWN(VFSTONFS(vnode_mount(vp))))
277 			nfscl_filllockowner(NULL, own, F_POSIX);
278 		else
279 			nfscl_filllockowner(p->td_proc, own, F_POSIX);
280 		ohp = &clp->nfsc_owner;
281 	}
282 	/* Now, search for an openowner */
283 	LIST_FOREACH(owp, ohp, nfsow_list) {
284 		if (!NFSBCMP(owp->nfsow_owner, own, NFSV4CL_LOCKNAMELEN))
285 			break;
286 	}
287 
288 	/*
289 	 * Create a new open, as required.
290 	 */
291 	nfscl_newopen(clp, dp, &owp, &nowp, &op, &nop, own, nfhp, fhlen,
292 	    cred, newonep);
293 
294 	/*
295 	 * Now, check the mode on the open and return the appropriate
296 	 * value.
297 	 */
298 	if (retp != NULL) {
299 		if (nfhp != NULL && dp != NULL && nop == NULL)
300 			/* new local open on delegation */
301 			*retp = NFSCLOPEN_SETCRED;
302 		else
303 			*retp = NFSCLOPEN_OK;
304 	}
305 	if (op != NULL && (amode & ~(op->nfso_mode))) {
306 		op->nfso_mode |= amode;
307 		if (retp != NULL && dp == NULL)
308 			*retp = NFSCLOPEN_DOOPEN;
309 	}
310 
311 	/*
312 	 * Serialize modifications to the open owner for multiple threads
313 	 * within the same process using a read/write sleep lock.
314 	 * For NFSv4.1 and a single OpenOwner, allow concurrent open operations
315 	 * by acquiring a shared lock.  The close operations still use an
316 	 * exclusive lock for this case.
317 	 */
318 	if (lockit != 0) {
319 		if (NFSHASONEOPENOWN(VFSTONFS(vnode_mount(vp)))) {
320 			/*
321 			 * Get a shared lock on the OpenOwner, but first
322 			 * wait for any pending exclusive lock, so that the
323 			 * exclusive locker gets priority.
324 			 */
325 			nfsv4_lock(&owp->nfsow_rwlock, 0, NULL,
326 			    NFSCLSTATEMUTEXPTR, NULL);
327 			nfsv4_getref(&owp->nfsow_rwlock, NULL,
328 			    NFSCLSTATEMUTEXPTR, NULL);
329 		} else
330 			nfscl_lockexcl(&owp->nfsow_rwlock, NFSCLSTATEMUTEXPTR);
331 	}
332 	NFSUNLOCKCLSTATE();
333 	if (nowp != NULL)
334 		FREE((caddr_t)nowp, M_NFSCLOWNER);
335 	if (nop != NULL)
336 		FREE((caddr_t)nop, M_NFSCLOPEN);
337 	if (owpp != NULL)
338 		*owpp = owp;
339 	if (opp != NULL)
340 		*opp = op;
341 	return (0);
342 }
343 
344 /*
345  * Create a new open, as required.
346  */
347 static void
348 nfscl_newopen(struct nfsclclient *clp, struct nfscldeleg *dp,
349     struct nfsclowner **owpp, struct nfsclowner **nowpp, struct nfsclopen **opp,
350     struct nfsclopen **nopp, u_int8_t *own, u_int8_t *fhp, int fhlen,
351     struct ucred *cred, int *newonep)
352 {
353 	struct nfsclowner *owp = *owpp, *nowp;
354 	struct nfsclopen *op, *nop;
355 
356 	if (nowpp != NULL)
357 		nowp = *nowpp;
358 	else
359 		nowp = NULL;
360 	if (nopp != NULL)
361 		nop = *nopp;
362 	else
363 		nop = NULL;
364 	if (owp == NULL && nowp != NULL) {
365 		NFSBCOPY(own, nowp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
366 		LIST_INIT(&nowp->nfsow_open);
367 		nowp->nfsow_clp = clp;
368 		nowp->nfsow_seqid = 0;
369 		nowp->nfsow_defunct = 0;
370 		nfscl_lockinit(&nowp->nfsow_rwlock);
371 		if (dp != NULL) {
372 			nfsstatsv1.cllocalopenowners++;
373 			LIST_INSERT_HEAD(&dp->nfsdl_owner, nowp, nfsow_list);
374 		} else {
375 			nfsstatsv1.clopenowners++;
376 			LIST_INSERT_HEAD(&clp->nfsc_owner, nowp, nfsow_list);
377 		}
378 		owp = *owpp = nowp;
379 		*nowpp = NULL;
380 		if (newonep != NULL)
381 			*newonep = 1;
382 	}
383 
384 	 /* If an fhp has been specified, create an Open as well. */
385 	if (fhp != NULL) {
386 		/* and look for the correct open, based upon FH */
387 		LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
388 			if (op->nfso_fhlen == fhlen &&
389 			    !NFSBCMP(op->nfso_fh, fhp, fhlen))
390 				break;
391 		}
392 		if (op == NULL && nop != NULL) {
393 			nop->nfso_own = owp;
394 			nop->nfso_mode = 0;
395 			nop->nfso_opencnt = 0;
396 			nop->nfso_posixlock = 1;
397 			nop->nfso_fhlen = fhlen;
398 			NFSBCOPY(fhp, nop->nfso_fh, fhlen);
399 			LIST_INIT(&nop->nfso_lock);
400 			nop->nfso_stateid.seqid = 0;
401 			nop->nfso_stateid.other[0] = 0;
402 			nop->nfso_stateid.other[1] = 0;
403 			nop->nfso_stateid.other[2] = 0;
404 			KASSERT(cred != NULL, ("%s: cred NULL\n", __func__));
405 			newnfs_copyincred(cred, &nop->nfso_cred);
406 			if (dp != NULL) {
407 				TAILQ_REMOVE(&clp->nfsc_deleg, dp, nfsdl_list);
408 				TAILQ_INSERT_HEAD(&clp->nfsc_deleg, dp,
409 				    nfsdl_list);
410 				dp->nfsdl_timestamp = NFSD_MONOSEC + 120;
411 				nfsstatsv1.cllocalopens++;
412 			} else {
413 				nfsstatsv1.clopens++;
414 			}
415 			LIST_INSERT_HEAD(&owp->nfsow_open, nop, nfso_list);
416 			*opp = nop;
417 			*nopp = NULL;
418 			if (newonep != NULL)
419 				*newonep = 1;
420 		} else {
421 			*opp = op;
422 		}
423 	}
424 }
425 
426 /*
427  * Called to find/add a delegation to a client.
428  */
429 APPLESTATIC int
430 nfscl_deleg(mount_t mp, struct nfsclclient *clp, u_int8_t *nfhp,
431     int fhlen, struct ucred *cred, NFSPROC_T *p, struct nfscldeleg **dpp)
432 {
433 	struct nfscldeleg *dp = *dpp, *tdp;
434 
435 	/*
436 	 * First, if we have received a Read delegation for a file on a
437 	 * read/write file system, just return it, because they aren't
438 	 * useful, imho.
439 	 */
440 	if (mp != NULL && dp != NULL && !NFSMNT_RDONLY(mp) &&
441 	    (dp->nfsdl_flags & NFSCLDL_READ)) {
442 		(void) nfscl_trydelegreturn(dp, cred, VFSTONFS(mp), p);
443 		FREE((caddr_t)dp, M_NFSCLDELEG);
444 		*dpp = NULL;
445 		return (0);
446 	}
447 
448 	/* Look for the correct deleg, based upon FH */
449 	NFSLOCKCLSTATE();
450 	tdp = nfscl_finddeleg(clp, nfhp, fhlen);
451 	if (tdp == NULL) {
452 		if (dp == NULL) {
453 			NFSUNLOCKCLSTATE();
454 			return (NFSERR_BADSTATEID);
455 		}
456 		*dpp = NULL;
457 		TAILQ_INSERT_HEAD(&clp->nfsc_deleg, dp, nfsdl_list);
458 		LIST_INSERT_HEAD(NFSCLDELEGHASH(clp, nfhp, fhlen), dp,
459 		    nfsdl_hash);
460 		dp->nfsdl_timestamp = NFSD_MONOSEC + 120;
461 		nfsstatsv1.cldelegates++;
462 		nfscl_delegcnt++;
463 	} else {
464 		/*
465 		 * Delegation already exists, what do we do if a new one??
466 		 */
467 		if (dp != NULL) {
468 			printf("Deleg already exists!\n");
469 			FREE((caddr_t)dp, M_NFSCLDELEG);
470 			*dpp = NULL;
471 		} else {
472 			*dpp = tdp;
473 		}
474 	}
475 	NFSUNLOCKCLSTATE();
476 	return (0);
477 }
478 
479 /*
480  * Find a delegation for this file handle. Return NULL upon failure.
481  */
482 static struct nfscldeleg *
483 nfscl_finddeleg(struct nfsclclient *clp, u_int8_t *fhp, int fhlen)
484 {
485 	struct nfscldeleg *dp;
486 
487 	LIST_FOREACH(dp, NFSCLDELEGHASH(clp, fhp, fhlen), nfsdl_hash) {
488 	    if (dp->nfsdl_fhlen == fhlen &&
489 		!NFSBCMP(dp->nfsdl_fh, fhp, fhlen))
490 		break;
491 	}
492 	return (dp);
493 }
494 
495 /*
496  * Get a stateid for an I/O operation. First, look for an open and iff
497  * found, return either a lockowner stateid or the open stateid.
498  * If no Open is found, just return error and the special stateid of all zeros.
499  */
500 APPLESTATIC int
501 nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
502     int fords, struct ucred *cred, NFSPROC_T *p, nfsv4stateid_t *stateidp,
503     void **lckpp)
504 {
505 	struct nfsclclient *clp;
506 	struct nfsclowner *owp;
507 	struct nfsclopen *op = NULL, *top;
508 	struct nfscllockowner *lp;
509 	struct nfscldeleg *dp;
510 	struct nfsnode *np;
511 	struct nfsmount *nmp;
512 	u_int8_t own[NFSV4CL_LOCKNAMELEN];
513 	int error, done;
514 
515 	*lckpp = NULL;
516 	/*
517 	 * Initially, just set the special stateid of all zeros.
518 	 * (Don't do this for a DS, since the special stateid can't be used.)
519 	 */
520 	if (fords == 0) {
521 		stateidp->seqid = 0;
522 		stateidp->other[0] = 0;
523 		stateidp->other[1] = 0;
524 		stateidp->other[2] = 0;
525 	}
526 	if (vnode_vtype(vp) != VREG)
527 		return (EISDIR);
528 	np = VTONFS(vp);
529 	nmp = VFSTONFS(vnode_mount(vp));
530 	NFSLOCKCLSTATE();
531 	clp = nfscl_findcl(nmp);
532 	if (clp == NULL) {
533 		NFSUNLOCKCLSTATE();
534 		return (EACCES);
535 	}
536 
537 	/*
538 	 * Wait for recovery to complete.
539 	 */
540 	while ((clp->nfsc_flags & NFSCLFLAGS_RECVRINPROG))
541 		(void) nfsmsleep(&clp->nfsc_flags, NFSCLSTATEMUTEXPTR,
542 		    PZERO, "nfsrecvr", NULL);
543 
544 	/*
545 	 * First, look for a delegation.
546 	 */
547 	LIST_FOREACH(dp, NFSCLDELEGHASH(clp, nfhp, fhlen), nfsdl_hash) {
548 		if (dp->nfsdl_fhlen == fhlen &&
549 		    !NFSBCMP(nfhp, dp->nfsdl_fh, fhlen)) {
550 			if (!(mode & NFSV4OPEN_ACCESSWRITE) ||
551 			    (dp->nfsdl_flags & NFSCLDL_WRITE)) {
552 				stateidp->seqid = dp->nfsdl_stateid.seqid;
553 				stateidp->other[0] = dp->nfsdl_stateid.other[0];
554 				stateidp->other[1] = dp->nfsdl_stateid.other[1];
555 				stateidp->other[2] = dp->nfsdl_stateid.other[2];
556 				if (!(np->n_flag & NDELEGRECALL)) {
557 					TAILQ_REMOVE(&clp->nfsc_deleg, dp,
558 					    nfsdl_list);
559 					TAILQ_INSERT_HEAD(&clp->nfsc_deleg, dp,
560 					    nfsdl_list);
561 					dp->nfsdl_timestamp = NFSD_MONOSEC +
562 					    120;
563 					dp->nfsdl_rwlock.nfslock_usecnt++;
564 					*lckpp = (void *)&dp->nfsdl_rwlock;
565 				}
566 				NFSUNLOCKCLSTATE();
567 				return (0);
568 			}
569 			break;
570 		}
571 	}
572 
573 	if (p != NULL) {
574 		/*
575 		 * If p != NULL, we want to search the parentage tree
576 		 * for a matching OpenOwner and use that.
577 		 */
578 		if (NFSHASONEOPENOWN(VFSTONFS(vnode_mount(vp))))
579 			nfscl_filllockowner(NULL, own, F_POSIX);
580 		else
581 			nfscl_filllockowner(p->td_proc, own, F_POSIX);
582 		lp = NULL;
583 		error = nfscl_getopen(&clp->nfsc_owner, nfhp, fhlen, own, own,
584 		    mode, &lp, &op);
585 		if (error == 0 && lp != NULL && fords == 0) {
586 			/* Don't return a lock stateid for a DS. */
587 			stateidp->seqid =
588 			    lp->nfsl_stateid.seqid;
589 			stateidp->other[0] =
590 			    lp->nfsl_stateid.other[0];
591 			stateidp->other[1] =
592 			    lp->nfsl_stateid.other[1];
593 			stateidp->other[2] =
594 			    lp->nfsl_stateid.other[2];
595 			NFSUNLOCKCLSTATE();
596 			return (0);
597 		}
598 	}
599 	if (op == NULL) {
600 		/* If not found, just look for any OpenOwner that will work. */
601 		top = NULL;
602 		done = 0;
603 		owp = LIST_FIRST(&clp->nfsc_owner);
604 		while (!done && owp != NULL) {
605 			LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
606 				if (op->nfso_fhlen == fhlen &&
607 				    !NFSBCMP(op->nfso_fh, nfhp, fhlen)) {
608 					if (top == NULL && (op->nfso_mode &
609 					    NFSV4OPEN_ACCESSWRITE) != 0 &&
610 					    (mode & NFSV4OPEN_ACCESSREAD) != 0)
611 						top = op;
612 					if ((mode & op->nfso_mode) == mode) {
613 						done = 1;
614 						break;
615 					}
616 				}
617 			}
618 			if (!done)
619 				owp = LIST_NEXT(owp, nfsow_list);
620 		}
621 		if (!done) {
622 			NFSCL_DEBUG(2, "openmode top=%p\n", top);
623 			if (top == NULL || NFSHASOPENMODE(nmp)) {
624 				NFSUNLOCKCLSTATE();
625 				return (ENOENT);
626 			} else
627 				op = top;
628 		}
629 		/*
630 		 * For read aheads or write behinds, use the open cred.
631 		 * A read ahead or write behind is indicated by p == NULL.
632 		 */
633 		if (p == NULL)
634 			newnfs_copycred(&op->nfso_cred, cred);
635 	}
636 
637 	/*
638 	 * No lock stateid, so return the open stateid.
639 	 */
640 	stateidp->seqid = op->nfso_stateid.seqid;
641 	stateidp->other[0] = op->nfso_stateid.other[0];
642 	stateidp->other[1] = op->nfso_stateid.other[1];
643 	stateidp->other[2] = op->nfso_stateid.other[2];
644 	NFSUNLOCKCLSTATE();
645 	return (0);
646 }
647 
648 /*
649  * Search for a matching file, mode and, optionally, lockowner.
650  */
651 static int
652 nfscl_getopen(struct nfsclownerhead *ohp, u_int8_t *nfhp, int fhlen,
653     u_int8_t *openown, u_int8_t *lockown, u_int32_t mode,
654     struct nfscllockowner **lpp, struct nfsclopen **opp)
655 {
656 	struct nfsclowner *owp;
657 	struct nfsclopen *op, *rop, *rop2;
658 	struct nfscllockowner *lp;
659 	int keep_looping;
660 
661 	if (lpp != NULL)
662 		*lpp = NULL;
663 	/*
664 	 * rop will be set to the open to be returned. There are three
665 	 * variants of this, all for an open of the correct file:
666 	 * 1 - A match of lockown.
667 	 * 2 - A match of the openown, when no lockown match exists.
668 	 * 3 - A match for any open, if no openown or lockown match exists.
669 	 * Looking for #2 over #3 probably isn't necessary, but since
670 	 * RFC3530 is vague w.r.t. the relationship between openowners and
671 	 * lockowners, I think this is the safer way to go.
672 	 */
673 	rop = NULL;
674 	rop2 = NULL;
675 	keep_looping = 1;
676 	/* Search the client list */
677 	owp = LIST_FIRST(ohp);
678 	while (owp != NULL && keep_looping != 0) {
679 		/* and look for the correct open */
680 		op = LIST_FIRST(&owp->nfsow_open);
681 		while (op != NULL && keep_looping != 0) {
682 			if (op->nfso_fhlen == fhlen &&
683 			    !NFSBCMP(op->nfso_fh, nfhp, fhlen)
684 			    && (op->nfso_mode & mode) == mode) {
685 				if (lpp != NULL) {
686 					/* Now look for a matching lockowner. */
687 					LIST_FOREACH(lp, &op->nfso_lock,
688 					    nfsl_list) {
689 						if (!NFSBCMP(lp->nfsl_owner,
690 						    lockown,
691 						    NFSV4CL_LOCKNAMELEN)) {
692 							*lpp = lp;
693 							rop = op;
694 							keep_looping = 0;
695 							break;
696 						}
697 					}
698 				}
699 				if (rop == NULL && !NFSBCMP(owp->nfsow_owner,
700 				    openown, NFSV4CL_LOCKNAMELEN)) {
701 					rop = op;
702 					if (lpp == NULL)
703 						keep_looping = 0;
704 				}
705 				if (rop2 == NULL)
706 					rop2 = op;
707 			}
708 			op = LIST_NEXT(op, nfso_list);
709 		}
710 		owp = LIST_NEXT(owp, nfsow_list);
711 	}
712 	if (rop == NULL)
713 		rop = rop2;
714 	if (rop == NULL)
715 		return (EBADF);
716 	*opp = rop;
717 	return (0);
718 }
719 
720 /*
721  * Release use of an open owner. Called when open operations are done
722  * with the open owner.
723  */
724 APPLESTATIC void
725 nfscl_ownerrelease(struct nfsmount *nmp, struct nfsclowner *owp,
726     __unused int error, __unused int candelete, int unlocked)
727 {
728 
729 	if (owp == NULL)
730 		return;
731 	NFSLOCKCLSTATE();
732 	if (unlocked == 0) {
733 		if (NFSHASONEOPENOWN(nmp))
734 			nfsv4_relref(&owp->nfsow_rwlock);
735 		else
736 			nfscl_lockunlock(&owp->nfsow_rwlock);
737 	}
738 	nfscl_clrelease(owp->nfsow_clp);
739 	NFSUNLOCKCLSTATE();
740 }
741 
742 /*
743  * Release use of an open structure under an open owner.
744  */
745 APPLESTATIC void
746 nfscl_openrelease(struct nfsmount *nmp, struct nfsclopen *op, int error,
747     int candelete)
748 {
749 	struct nfsclclient *clp;
750 	struct nfsclowner *owp;
751 
752 	if (op == NULL)
753 		return;
754 	NFSLOCKCLSTATE();
755 	owp = op->nfso_own;
756 	if (NFSHASONEOPENOWN(nmp))
757 		nfsv4_relref(&owp->nfsow_rwlock);
758 	else
759 		nfscl_lockunlock(&owp->nfsow_rwlock);
760 	clp = owp->nfsow_clp;
761 	if (error && candelete && op->nfso_opencnt == 0)
762 		nfscl_freeopen(op, 0);
763 	nfscl_clrelease(clp);
764 	NFSUNLOCKCLSTATE();
765 }
766 
767 /*
768  * Called to get a clientid structure. It will optionally lock the
769  * client data structures to do the SetClientId/SetClientId_confirm,
770  * but will release that lock and return the clientid with a reference
771  * count on it.
772  * If the "cred" argument is NULL, a new clientid should not be created.
773  * If the "p" argument is NULL, a SetClientID/SetClientIDConfirm cannot
774  * be done.
775  * The start_renewthread argument tells nfscl_getcl() to start a renew
776  * thread if this creates a new clp.
777  * It always clpp with a reference count on it, unless returning an error.
778  */
779 APPLESTATIC int
780 nfscl_getcl(struct mount *mp, struct ucred *cred, NFSPROC_T *p,
781     int start_renewthread, struct nfsclclient **clpp)
782 {
783 	struct nfsclclient *clp;
784 	struct nfsclclient *newclp = NULL;
785 	struct nfsmount *nmp;
786 	char uuid[HOSTUUIDLEN];
787 	int igotlock = 0, error, trystalecnt, clidinusedelay, i;
788 	u_int16_t idlen = 0;
789 
790 	nmp = VFSTONFS(mp);
791 	if (cred != NULL) {
792 		getcredhostuuid(cred, uuid, sizeof uuid);
793 		idlen = strlen(uuid);
794 		if (idlen > 0)
795 			idlen += sizeof (u_int64_t);
796 		else
797 			idlen += sizeof (u_int64_t) + 16; /* 16 random bytes */
798 		MALLOC(newclp, struct nfsclclient *,
799 		    sizeof (struct nfsclclient) + idlen - 1, M_NFSCLCLIENT,
800 		    M_WAITOK | M_ZERO);
801 	}
802 	NFSLOCKCLSTATE();
803 	/*
804 	 * If a forced dismount is already in progress, don't
805 	 * allocate a new clientid and get out now. For the case where
806 	 * clp != NULL, this is a harmless optimization.
807 	 */
808 	if (NFSCL_FORCEDISM(mp)) {
809 		NFSUNLOCKCLSTATE();
810 		if (newclp != NULL)
811 			free(newclp, M_NFSCLCLIENT);
812 		return (EBADF);
813 	}
814 	clp = nmp->nm_clp;
815 	if (clp == NULL) {
816 		if (newclp == NULL) {
817 			NFSUNLOCKCLSTATE();
818 			return (EACCES);
819 		}
820 		clp = newclp;
821 		clp->nfsc_idlen = idlen;
822 		LIST_INIT(&clp->nfsc_owner);
823 		TAILQ_INIT(&clp->nfsc_deleg);
824 		TAILQ_INIT(&clp->nfsc_layout);
825 		LIST_INIT(&clp->nfsc_devinfo);
826 		for (i = 0; i < NFSCLDELEGHASHSIZE; i++)
827 			LIST_INIT(&clp->nfsc_deleghash[i]);
828 		for (i = 0; i < NFSCLLAYOUTHASHSIZE; i++)
829 			LIST_INIT(&clp->nfsc_layouthash[i]);
830 		clp->nfsc_flags = NFSCLFLAGS_INITED;
831 		clp->nfsc_clientidrev = 1;
832 		clp->nfsc_cbident = nfscl_nextcbident();
833 		nfscl_fillclid(nmp->nm_clval, uuid, clp->nfsc_id,
834 		    clp->nfsc_idlen);
835 		LIST_INSERT_HEAD(&nfsclhead, clp, nfsc_list);
836 		nmp->nm_clp = clp;
837 		clp->nfsc_nmp = nmp;
838 		NFSUNLOCKCLSTATE();
839 		if (start_renewthread != 0)
840 			nfscl_start_renewthread(clp);
841 	} else {
842 		NFSUNLOCKCLSTATE();
843 		if (newclp != NULL)
844 			free(newclp, M_NFSCLCLIENT);
845 	}
846 	NFSLOCKCLSTATE();
847 	while ((clp->nfsc_flags & NFSCLFLAGS_HASCLIENTID) == 0 && !igotlock &&
848 	    !NFSCL_FORCEDISM(mp))
849 		igotlock = nfsv4_lock(&clp->nfsc_lock, 1, NULL,
850 		    NFSCLSTATEMUTEXPTR, mp);
851 	if (igotlock == 0) {
852 		/*
853 		 * Call nfsv4_lock() with "iwantlock == 0" so that it will
854 		 * wait for a pending exclusive lock request.  This gives the
855 		 * exclusive lock request priority over this shared lock
856 		 * request.
857 		 * An exclusive lock on nfsc_lock is used mainly for server
858 		 * crash recoveries.
859 		 */
860 		nfsv4_lock(&clp->nfsc_lock, 0, NULL, NFSCLSTATEMUTEXPTR, mp);
861 		nfsv4_getref(&clp->nfsc_lock, NULL, NFSCLSTATEMUTEXPTR, mp);
862 	}
863 	if (igotlock == 0 && NFSCL_FORCEDISM(mp)) {
864 		/*
865 		 * Both nfsv4_lock() and nfsv4_getref() know to check
866 		 * for NFSCL_FORCEDISM() and return without sleeping to
867 		 * wait for the exclusive lock to be released, since it
868 		 * might be held by nfscl_umount() and we need to get out
869 		 * now for that case and not wait until nfscl_umount()
870 		 * releases it.
871 		 */
872 		NFSUNLOCKCLSTATE();
873 		return (EBADF);
874 	}
875 	NFSUNLOCKCLSTATE();
876 
877 	/*
878 	 * If it needs a clientid, do the setclientid now.
879 	 */
880 	if ((clp->nfsc_flags & NFSCLFLAGS_HASCLIENTID) == 0) {
881 		if (!igotlock)
882 			panic("nfscl_clget");
883 		if (p == NULL || cred == NULL) {
884 			NFSLOCKCLSTATE();
885 			nfsv4_unlock(&clp->nfsc_lock, 0);
886 			NFSUNLOCKCLSTATE();
887 			return (EACCES);
888 		}
889 		/*
890 		 * If RFC3530 Sec. 14.2.33 is taken literally,
891 		 * NFSERR_CLIDINUSE will be returned persistently for the
892 		 * case where a new mount of the same file system is using
893 		 * a different principal. In practice, NFSERR_CLIDINUSE is
894 		 * only returned when there is outstanding unexpired state
895 		 * on the clientid. As such, try for twice the lease
896 		 * interval, if we know what that is. Otherwise, make a
897 		 * wild ass guess.
898 		 * The case of returning NFSERR_STALECLIENTID is far less
899 		 * likely, but might occur if there is a significant delay
900 		 * between doing the SetClientID and SetClientIDConfirm Ops,
901 		 * such that the server throws away the clientid before
902 		 * receiving the SetClientIDConfirm.
903 		 */
904 		if (clp->nfsc_renew > 0)
905 			clidinusedelay = NFSCL_LEASE(clp->nfsc_renew) * 2;
906 		else
907 			clidinusedelay = 120;
908 		trystalecnt = 3;
909 		do {
910 			error = nfsrpc_setclient(nmp, clp, 0, cred, p);
911 			if (error == NFSERR_STALECLIENTID ||
912 			    error == NFSERR_STALEDONTRECOVER ||
913 			    error == NFSERR_BADSESSION ||
914 			    error == NFSERR_CLIDINUSE) {
915 				(void) nfs_catnap(PZERO, error, "nfs_setcl");
916 			}
917 		} while (((error == NFSERR_STALECLIENTID ||
918 		     error == NFSERR_BADSESSION ||
919 		     error == NFSERR_STALEDONTRECOVER) && --trystalecnt > 0) ||
920 		    (error == NFSERR_CLIDINUSE && --clidinusedelay > 0));
921 		if (error) {
922 			NFSLOCKCLSTATE();
923 			nfsv4_unlock(&clp->nfsc_lock, 0);
924 			NFSUNLOCKCLSTATE();
925 			return (error);
926 		}
927 		clp->nfsc_flags |= NFSCLFLAGS_HASCLIENTID;
928 	}
929 	if (igotlock) {
930 		NFSLOCKCLSTATE();
931 		nfsv4_unlock(&clp->nfsc_lock, 1);
932 		NFSUNLOCKCLSTATE();
933 	}
934 
935 	*clpp = clp;
936 	return (0);
937 }
938 
939 /*
940  * Get a reference to a clientid and return it, if valid.
941  */
942 APPLESTATIC struct nfsclclient *
943 nfscl_findcl(struct nfsmount *nmp)
944 {
945 	struct nfsclclient *clp;
946 
947 	clp = nmp->nm_clp;
948 	if (clp == NULL || !(clp->nfsc_flags & NFSCLFLAGS_HASCLIENTID))
949 		return (NULL);
950 	return (clp);
951 }
952 
953 /*
954  * Release the clientid structure. It may be locked or reference counted.
955  */
956 static void
957 nfscl_clrelease(struct nfsclclient *clp)
958 {
959 
960 	if (clp->nfsc_lock.nfslock_lock & NFSV4LOCK_LOCK)
961 		nfsv4_unlock(&clp->nfsc_lock, 0);
962 	else
963 		nfsv4_relref(&clp->nfsc_lock);
964 }
965 
966 /*
967  * External call for nfscl_clrelease.
968  */
969 APPLESTATIC void
970 nfscl_clientrelease(struct nfsclclient *clp)
971 {
972 
973 	NFSLOCKCLSTATE();
974 	if (clp->nfsc_lock.nfslock_lock & NFSV4LOCK_LOCK)
975 		nfsv4_unlock(&clp->nfsc_lock, 0);
976 	else
977 		nfsv4_relref(&clp->nfsc_lock);
978 	NFSUNLOCKCLSTATE();
979 }
980 
981 /*
982  * Called when wanting to lock a byte region.
983  */
984 APPLESTATIC int
985 nfscl_getbytelock(vnode_t vp, u_int64_t off, u_int64_t len,
986     short type, struct ucred *cred, NFSPROC_T *p, struct nfsclclient *rclp,
987     int recovery, void *id, int flags, u_int8_t *rownp, u_int8_t *ropenownp,
988     struct nfscllockowner **lpp, int *newonep, int *donelocallyp)
989 {
990 	struct nfscllockowner *lp;
991 	struct nfsclopen *op;
992 	struct nfsclclient *clp;
993 	struct nfscllockowner *nlp;
994 	struct nfscllock *nlop, *otherlop;
995 	struct nfscldeleg *dp = NULL, *ldp = NULL;
996 	struct nfscllockownerhead *lhp = NULL;
997 	struct nfsnode *np;
998 	u_int8_t own[NFSV4CL_LOCKNAMELEN], *ownp, openown[NFSV4CL_LOCKNAMELEN];
999 	u_int8_t *openownp;
1000 	int error = 0, ret, donelocally = 0;
1001 	u_int32_t mode;
1002 
1003 	/* For Lock Ops, the open mode doesn't matter, so use 0 to match any. */
1004 	mode = 0;
1005 	np = VTONFS(vp);
1006 	*lpp = NULL;
1007 	lp = NULL;
1008 	*newonep = 0;
1009 	*donelocallyp = 0;
1010 
1011 	/*
1012 	 * Might need these, so MALLOC them now, to
1013 	 * avoid a tsleep() in MALLOC later.
1014 	 */
1015 	MALLOC(nlp, struct nfscllockowner *,
1016 	    sizeof (struct nfscllockowner), M_NFSCLLOCKOWNER, M_WAITOK);
1017 	MALLOC(otherlop, struct nfscllock *,
1018 	    sizeof (struct nfscllock), M_NFSCLLOCK, M_WAITOK);
1019 	MALLOC(nlop, struct nfscllock *,
1020 	    sizeof (struct nfscllock), M_NFSCLLOCK, M_WAITOK);
1021 	nlop->nfslo_type = type;
1022 	nlop->nfslo_first = off;
1023 	if (len == NFS64BITSSET) {
1024 		nlop->nfslo_end = NFS64BITSSET;
1025 	} else {
1026 		nlop->nfslo_end = off + len;
1027 		if (nlop->nfslo_end <= nlop->nfslo_first)
1028 			error = NFSERR_INVAL;
1029 	}
1030 
1031 	if (!error) {
1032 		if (recovery)
1033 			clp = rclp;
1034 		else
1035 			error = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
1036 	}
1037 	if (error) {
1038 		FREE((caddr_t)nlp, M_NFSCLLOCKOWNER);
1039 		FREE((caddr_t)otherlop, M_NFSCLLOCK);
1040 		FREE((caddr_t)nlop, M_NFSCLLOCK);
1041 		return (error);
1042 	}
1043 
1044 	op = NULL;
1045 	if (recovery) {
1046 		ownp = rownp;
1047 		openownp = ropenownp;
1048 	} else {
1049 		nfscl_filllockowner(id, own, flags);
1050 		ownp = own;
1051 		if (NFSHASONEOPENOWN(VFSTONFS(vnode_mount(vp))))
1052 			nfscl_filllockowner(NULL, openown, F_POSIX);
1053 		else
1054 			nfscl_filllockowner(p->td_proc, openown, F_POSIX);
1055 		openownp = openown;
1056 	}
1057 	if (!recovery) {
1058 		NFSLOCKCLSTATE();
1059 		/*
1060 		 * First, search for a delegation. If one exists for this file,
1061 		 * the lock can be done locally against it, so long as there
1062 		 * isn't a local lock conflict.
1063 		 */
1064 		ldp = dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
1065 		    np->n_fhp->nfh_len);
1066 		/* Just sanity check for correct type of delegation */
1067 		if (dp != NULL && ((dp->nfsdl_flags &
1068 		    (NFSCLDL_RECALL | NFSCLDL_DELEGRET)) != 0 ||
1069 		     (type == F_WRLCK &&
1070 		      (dp->nfsdl_flags & NFSCLDL_WRITE) == 0)))
1071 			dp = NULL;
1072 	}
1073 	if (dp != NULL) {
1074 		/* Now, find an open and maybe a lockowner. */
1075 		ret = nfscl_getopen(&dp->nfsdl_owner, np->n_fhp->nfh_fh,
1076 		    np->n_fhp->nfh_len, openownp, ownp, mode, NULL, &op);
1077 		if (ret)
1078 			ret = nfscl_getopen(&clp->nfsc_owner,
1079 			    np->n_fhp->nfh_fh, np->n_fhp->nfh_len, openownp,
1080 			    ownp, mode, NULL, &op);
1081 		if (!ret) {
1082 			lhp = &dp->nfsdl_lock;
1083 			TAILQ_REMOVE(&clp->nfsc_deleg, dp, nfsdl_list);
1084 			TAILQ_INSERT_HEAD(&clp->nfsc_deleg, dp, nfsdl_list);
1085 			dp->nfsdl_timestamp = NFSD_MONOSEC + 120;
1086 			donelocally = 1;
1087 		} else {
1088 			dp = NULL;
1089 		}
1090 	}
1091 	if (!donelocally) {
1092 		/*
1093 		 * Get the related Open and maybe lockowner.
1094 		 */
1095 		error = nfscl_getopen(&clp->nfsc_owner,
1096 		    np->n_fhp->nfh_fh, np->n_fhp->nfh_len, openownp,
1097 		    ownp, mode, &lp, &op);
1098 		if (!error)
1099 			lhp = &op->nfso_lock;
1100 	}
1101 	if (!error && !recovery)
1102 		error = nfscl_localconflict(clp, np->n_fhp->nfh_fh,
1103 		    np->n_fhp->nfh_len, nlop, ownp, ldp, NULL);
1104 	if (error) {
1105 		if (!recovery) {
1106 			nfscl_clrelease(clp);
1107 			NFSUNLOCKCLSTATE();
1108 		}
1109 		FREE((caddr_t)nlp, M_NFSCLLOCKOWNER);
1110 		FREE((caddr_t)otherlop, M_NFSCLLOCK);
1111 		FREE((caddr_t)nlop, M_NFSCLLOCK);
1112 		return (error);
1113 	}
1114 
1115 	/*
1116 	 * Ok, see if a lockowner exists and create one, as required.
1117 	 */
1118 	if (lp == NULL)
1119 		LIST_FOREACH(lp, lhp, nfsl_list) {
1120 			if (!NFSBCMP(lp->nfsl_owner, ownp, NFSV4CL_LOCKNAMELEN))
1121 				break;
1122 		}
1123 	if (lp == NULL) {
1124 		NFSBCOPY(ownp, nlp->nfsl_owner, NFSV4CL_LOCKNAMELEN);
1125 		if (recovery)
1126 			NFSBCOPY(ropenownp, nlp->nfsl_openowner,
1127 			    NFSV4CL_LOCKNAMELEN);
1128 		else
1129 			NFSBCOPY(op->nfso_own->nfsow_owner, nlp->nfsl_openowner,
1130 			    NFSV4CL_LOCKNAMELEN);
1131 		nlp->nfsl_seqid = 0;
1132 		nlp->nfsl_lockflags = flags;
1133 		nlp->nfsl_inprog = NULL;
1134 		nfscl_lockinit(&nlp->nfsl_rwlock);
1135 		LIST_INIT(&nlp->nfsl_lock);
1136 		if (donelocally) {
1137 			nlp->nfsl_open = NULL;
1138 			nfsstatsv1.cllocallockowners++;
1139 		} else {
1140 			nlp->nfsl_open = op;
1141 			nfsstatsv1.cllockowners++;
1142 		}
1143 		LIST_INSERT_HEAD(lhp, nlp, nfsl_list);
1144 		lp = nlp;
1145 		nlp = NULL;
1146 		*newonep = 1;
1147 	}
1148 
1149 	/*
1150 	 * Now, update the byte ranges for locks.
1151 	 */
1152 	ret = nfscl_updatelock(lp, &nlop, &otherlop, donelocally);
1153 	if (!ret)
1154 		donelocally = 1;
1155 	if (donelocally) {
1156 		*donelocallyp = 1;
1157 		if (!recovery)
1158 			nfscl_clrelease(clp);
1159 	} else {
1160 		/*
1161 		 * Serial modifications on the lock owner for multiple threads
1162 		 * for the same process using a read/write lock.
1163 		 */
1164 		if (!recovery)
1165 			nfscl_lockexcl(&lp->nfsl_rwlock, NFSCLSTATEMUTEXPTR);
1166 	}
1167 	if (!recovery)
1168 		NFSUNLOCKCLSTATE();
1169 
1170 	if (nlp)
1171 		FREE((caddr_t)nlp, M_NFSCLLOCKOWNER);
1172 	if (nlop)
1173 		FREE((caddr_t)nlop, M_NFSCLLOCK);
1174 	if (otherlop)
1175 		FREE((caddr_t)otherlop, M_NFSCLLOCK);
1176 
1177 	*lpp = lp;
1178 	return (0);
1179 }
1180 
1181 /*
1182  * Called to unlock a byte range, for LockU.
1183  */
1184 APPLESTATIC int
1185 nfscl_relbytelock(vnode_t vp, u_int64_t off, u_int64_t len,
1186     __unused struct ucred *cred, NFSPROC_T *p, int callcnt,
1187     struct nfsclclient *clp, void *id, int flags,
1188     struct nfscllockowner **lpp, int *dorpcp)
1189 {
1190 	struct nfscllockowner *lp;
1191 	struct nfsclowner *owp;
1192 	struct nfsclopen *op;
1193 	struct nfscllock *nlop, *other_lop = NULL;
1194 	struct nfscldeleg *dp;
1195 	struct nfsnode *np;
1196 	u_int8_t own[NFSV4CL_LOCKNAMELEN];
1197 	int ret = 0, fnd;
1198 
1199 	np = VTONFS(vp);
1200 	*lpp = NULL;
1201 	*dorpcp = 0;
1202 
1203 	/*
1204 	 * Might need these, so MALLOC them now, to
1205 	 * avoid a tsleep() in MALLOC later.
1206 	 */
1207 	MALLOC(nlop, struct nfscllock *,
1208 	    sizeof (struct nfscllock), M_NFSCLLOCK, M_WAITOK);
1209 	nlop->nfslo_type = F_UNLCK;
1210 	nlop->nfslo_first = off;
1211 	if (len == NFS64BITSSET) {
1212 		nlop->nfslo_end = NFS64BITSSET;
1213 	} else {
1214 		nlop->nfslo_end = off + len;
1215 		if (nlop->nfslo_end <= nlop->nfslo_first) {
1216 			FREE((caddr_t)nlop, M_NFSCLLOCK);
1217 			return (NFSERR_INVAL);
1218 		}
1219 	}
1220 	if (callcnt == 0) {
1221 		MALLOC(other_lop, struct nfscllock *,
1222 		    sizeof (struct nfscllock), M_NFSCLLOCK, M_WAITOK);
1223 		*other_lop = *nlop;
1224 	}
1225 	nfscl_filllockowner(id, own, flags);
1226 	dp = NULL;
1227 	NFSLOCKCLSTATE();
1228 	if (callcnt == 0)
1229 		dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
1230 		    np->n_fhp->nfh_len);
1231 
1232 	/*
1233 	 * First, unlock any local regions on a delegation.
1234 	 */
1235 	if (dp != NULL) {
1236 		/* Look for this lockowner. */
1237 		LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
1238 			if (!NFSBCMP(lp->nfsl_owner, own,
1239 			    NFSV4CL_LOCKNAMELEN))
1240 				break;
1241 		}
1242 		if (lp != NULL)
1243 			/* Use other_lop, so nlop is still available */
1244 			(void)nfscl_updatelock(lp, &other_lop, NULL, 1);
1245 	}
1246 
1247 	/*
1248 	 * Now, find a matching open/lockowner that hasn't already been done,
1249 	 * as marked by nfsl_inprog.
1250 	 */
1251 	lp = NULL;
1252 	fnd = 0;
1253 	LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
1254 	    LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
1255 		if (op->nfso_fhlen == np->n_fhp->nfh_len &&
1256 		    !NFSBCMP(op->nfso_fh, np->n_fhp->nfh_fh, op->nfso_fhlen)) {
1257 		    LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
1258 			if (lp->nfsl_inprog == NULL &&
1259 			    !NFSBCMP(lp->nfsl_owner, own,
1260 			     NFSV4CL_LOCKNAMELEN)) {
1261 				fnd = 1;
1262 				break;
1263 			}
1264 		    }
1265 		    if (fnd)
1266 			break;
1267 		}
1268 	    }
1269 	    if (fnd)
1270 		break;
1271 	}
1272 
1273 	if (lp != NULL) {
1274 		ret = nfscl_updatelock(lp, &nlop, NULL, 0);
1275 		if (ret)
1276 			*dorpcp = 1;
1277 		/*
1278 		 * Serial modifications on the lock owner for multiple
1279 		 * threads for the same process using a read/write lock.
1280 		 */
1281 		lp->nfsl_inprog = p;
1282 		nfscl_lockexcl(&lp->nfsl_rwlock, NFSCLSTATEMUTEXPTR);
1283 		*lpp = lp;
1284 	}
1285 	NFSUNLOCKCLSTATE();
1286 	if (nlop)
1287 		FREE((caddr_t)nlop, M_NFSCLLOCK);
1288 	if (other_lop)
1289 		FREE((caddr_t)other_lop, M_NFSCLLOCK);
1290 	return (0);
1291 }
1292 
1293 /*
1294  * Release all lockowners marked in progess for this process and file.
1295  */
1296 APPLESTATIC void
1297 nfscl_releasealllocks(struct nfsclclient *clp, vnode_t vp, NFSPROC_T *p,
1298     void *id, int flags)
1299 {
1300 	struct nfsclowner *owp;
1301 	struct nfsclopen *op;
1302 	struct nfscllockowner *lp;
1303 	struct nfsnode *np;
1304 	u_int8_t own[NFSV4CL_LOCKNAMELEN];
1305 
1306 	np = VTONFS(vp);
1307 	nfscl_filllockowner(id, own, flags);
1308 	NFSLOCKCLSTATE();
1309 	LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
1310 	    LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
1311 		if (op->nfso_fhlen == np->n_fhp->nfh_len &&
1312 		    !NFSBCMP(op->nfso_fh, np->n_fhp->nfh_fh, op->nfso_fhlen)) {
1313 		    LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
1314 			if (lp->nfsl_inprog == p &&
1315 			    !NFSBCMP(lp->nfsl_owner, own,
1316 			    NFSV4CL_LOCKNAMELEN)) {
1317 			    lp->nfsl_inprog = NULL;
1318 			    nfscl_lockunlock(&lp->nfsl_rwlock);
1319 			}
1320 		    }
1321 		}
1322 	    }
1323 	}
1324 	nfscl_clrelease(clp);
1325 	NFSUNLOCKCLSTATE();
1326 }
1327 
1328 /*
1329  * Called to find out if any bytes within the byte range specified are
1330  * write locked by the calling process. Used to determine if flushing
1331  * is required before a LockU.
1332  * If in doubt, return 1, so the flush will occur.
1333  */
1334 APPLESTATIC int
1335 nfscl_checkwritelocked(vnode_t vp, struct flock *fl,
1336     struct ucred *cred, NFSPROC_T *p, void *id, int flags)
1337 {
1338 	struct nfsclowner *owp;
1339 	struct nfscllockowner *lp;
1340 	struct nfsclopen *op;
1341 	struct nfsclclient *clp;
1342 	struct nfscllock *lop;
1343 	struct nfscldeleg *dp;
1344 	struct nfsnode *np;
1345 	u_int64_t off, end;
1346 	u_int8_t own[NFSV4CL_LOCKNAMELEN];
1347 	int error = 0;
1348 
1349 	np = VTONFS(vp);
1350 	switch (fl->l_whence) {
1351 	case SEEK_SET:
1352 	case SEEK_CUR:
1353 		/*
1354 		 * Caller is responsible for adding any necessary offset
1355 		 * when SEEK_CUR is used.
1356 		 */
1357 		off = fl->l_start;
1358 		break;
1359 	case SEEK_END:
1360 		off = np->n_size + fl->l_start;
1361 		break;
1362 	default:
1363 		return (1);
1364 	}
1365 	if (fl->l_len != 0) {
1366 		end = off + fl->l_len;
1367 		if (end < off)
1368 			return (1);
1369 	} else {
1370 		end = NFS64BITSSET;
1371 	}
1372 
1373 	error = nfscl_getcl(vnode_mount(vp), cred, p, 1, &clp);
1374 	if (error)
1375 		return (1);
1376 	nfscl_filllockowner(id, own, flags);
1377 	NFSLOCKCLSTATE();
1378 
1379 	/*
1380 	 * First check the delegation locks.
1381 	 */
1382 	dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
1383 	if (dp != NULL) {
1384 		LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
1385 			if (!NFSBCMP(lp->nfsl_owner, own,
1386 			    NFSV4CL_LOCKNAMELEN))
1387 				break;
1388 		}
1389 		if (lp != NULL) {
1390 			LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
1391 				if (lop->nfslo_first >= end)
1392 					break;
1393 				if (lop->nfslo_end <= off)
1394 					continue;
1395 				if (lop->nfslo_type == F_WRLCK) {
1396 					nfscl_clrelease(clp);
1397 					NFSUNLOCKCLSTATE();
1398 					return (1);
1399 				}
1400 			}
1401 		}
1402 	}
1403 
1404 	/*
1405 	 * Now, check state against the server.
1406 	 */
1407 	LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
1408 	    LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
1409 		if (op->nfso_fhlen == np->n_fhp->nfh_len &&
1410 		    !NFSBCMP(op->nfso_fh, np->n_fhp->nfh_fh, op->nfso_fhlen)) {
1411 		    LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
1412 			if (!NFSBCMP(lp->nfsl_owner, own,
1413 			    NFSV4CL_LOCKNAMELEN))
1414 			    break;
1415 		    }
1416 		    if (lp != NULL) {
1417 			LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
1418 			    if (lop->nfslo_first >= end)
1419 				break;
1420 			    if (lop->nfslo_end <= off)
1421 				continue;
1422 			    if (lop->nfslo_type == F_WRLCK) {
1423 				nfscl_clrelease(clp);
1424 				NFSUNLOCKCLSTATE();
1425 				return (1);
1426 			    }
1427 			}
1428 		    }
1429 		}
1430 	    }
1431 	}
1432 	nfscl_clrelease(clp);
1433 	NFSUNLOCKCLSTATE();
1434 	return (0);
1435 }
1436 
1437 /*
1438  * Release a byte range lock owner structure.
1439  */
1440 APPLESTATIC void
1441 nfscl_lockrelease(struct nfscllockowner *lp, int error, int candelete)
1442 {
1443 	struct nfsclclient *clp;
1444 
1445 	if (lp == NULL)
1446 		return;
1447 	NFSLOCKCLSTATE();
1448 	clp = lp->nfsl_open->nfso_own->nfsow_clp;
1449 	if (error != 0 && candelete &&
1450 	    (lp->nfsl_rwlock.nfslock_lock & NFSV4LOCK_WANTED) == 0)
1451 		nfscl_freelockowner(lp, 0);
1452 	else
1453 		nfscl_lockunlock(&lp->nfsl_rwlock);
1454 	nfscl_clrelease(clp);
1455 	NFSUNLOCKCLSTATE();
1456 }
1457 
1458 /*
1459  * Free up an open structure and any associated byte range lock structures.
1460  */
1461 APPLESTATIC void
1462 nfscl_freeopen(struct nfsclopen *op, int local)
1463 {
1464 
1465 	LIST_REMOVE(op, nfso_list);
1466 	nfscl_freealllocks(&op->nfso_lock, local);
1467 	FREE((caddr_t)op, M_NFSCLOPEN);
1468 	if (local)
1469 		nfsstatsv1.cllocalopens--;
1470 	else
1471 		nfsstatsv1.clopens--;
1472 }
1473 
1474 /*
1475  * Free up all lock owners and associated locks.
1476  */
1477 static void
1478 nfscl_freealllocks(struct nfscllockownerhead *lhp, int local)
1479 {
1480 	struct nfscllockowner *lp, *nlp;
1481 
1482 	LIST_FOREACH_SAFE(lp, lhp, nfsl_list, nlp) {
1483 		if ((lp->nfsl_rwlock.nfslock_lock & NFSV4LOCK_WANTED))
1484 			panic("nfscllckw");
1485 		nfscl_freelockowner(lp, local);
1486 	}
1487 }
1488 
1489 /*
1490  * Called for an Open when NFSERR_EXPIRED is received from the server.
1491  * If there are no byte range locks nor a Share Deny lost, try to do a
1492  * fresh Open. Otherwise, free the open.
1493  */
1494 static int
1495 nfscl_expireopen(struct nfsclclient *clp, struct nfsclopen *op,
1496     struct nfsmount *nmp, struct ucred *cred, NFSPROC_T *p)
1497 {
1498 	struct nfscllockowner *lp;
1499 	struct nfscldeleg *dp;
1500 	int mustdelete = 0, error;
1501 
1502 	/*
1503 	 * Look for any byte range lock(s).
1504 	 */
1505 	LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
1506 		if (!LIST_EMPTY(&lp->nfsl_lock)) {
1507 			mustdelete = 1;
1508 			break;
1509 		}
1510 	}
1511 
1512 	/*
1513 	 * If no byte range lock(s) nor a Share deny, try to re-open.
1514 	 */
1515 	if (!mustdelete && (op->nfso_mode & NFSLCK_DENYBITS) == 0) {
1516 		newnfs_copycred(&op->nfso_cred, cred);
1517 		dp = NULL;
1518 		error = nfsrpc_reopen(nmp, op->nfso_fh,
1519 		    op->nfso_fhlen, op->nfso_mode, op, &dp, cred, p);
1520 		if (error) {
1521 			mustdelete = 1;
1522 			if (dp != NULL) {
1523 				FREE((caddr_t)dp, M_NFSCLDELEG);
1524 				dp = NULL;
1525 			}
1526 		}
1527 		if (dp != NULL)
1528 			nfscl_deleg(nmp->nm_mountp, clp, op->nfso_fh,
1529 			    op->nfso_fhlen, cred, p, &dp);
1530 	}
1531 
1532 	/*
1533 	 * If a byte range lock or Share deny or couldn't re-open, free it.
1534 	 */
1535 	if (mustdelete)
1536 		nfscl_freeopen(op, 0);
1537 	return (mustdelete);
1538 }
1539 
1540 /*
1541  * Free up an open owner structure.
1542  */
1543 static void
1544 nfscl_freeopenowner(struct nfsclowner *owp, int local)
1545 {
1546 
1547 	LIST_REMOVE(owp, nfsow_list);
1548 	FREE((caddr_t)owp, M_NFSCLOWNER);
1549 	if (local)
1550 		nfsstatsv1.cllocalopenowners--;
1551 	else
1552 		nfsstatsv1.clopenowners--;
1553 }
1554 
1555 /*
1556  * Free up a byte range lock owner structure.
1557  */
1558 APPLESTATIC void
1559 nfscl_freelockowner(struct nfscllockowner *lp, int local)
1560 {
1561 	struct nfscllock *lop, *nlop;
1562 
1563 	LIST_REMOVE(lp, nfsl_list);
1564 	LIST_FOREACH_SAFE(lop, &lp->nfsl_lock, nfslo_list, nlop) {
1565 		nfscl_freelock(lop, local);
1566 	}
1567 	FREE((caddr_t)lp, M_NFSCLLOCKOWNER);
1568 	if (local)
1569 		nfsstatsv1.cllocallockowners--;
1570 	else
1571 		nfsstatsv1.cllockowners--;
1572 }
1573 
1574 /*
1575  * Free up a byte range lock structure.
1576  */
1577 APPLESTATIC void
1578 nfscl_freelock(struct nfscllock *lop, int local)
1579 {
1580 
1581 	LIST_REMOVE(lop, nfslo_list);
1582 	FREE((caddr_t)lop, M_NFSCLLOCK);
1583 	if (local)
1584 		nfsstatsv1.cllocallocks--;
1585 	else
1586 		nfsstatsv1.cllocks--;
1587 }
1588 
1589 /*
1590  * Clean out the state related to a delegation.
1591  */
1592 static void
1593 nfscl_cleandeleg(struct nfscldeleg *dp)
1594 {
1595 	struct nfsclowner *owp, *nowp;
1596 	struct nfsclopen *op;
1597 
1598 	LIST_FOREACH_SAFE(owp, &dp->nfsdl_owner, nfsow_list, nowp) {
1599 		op = LIST_FIRST(&owp->nfsow_open);
1600 		if (op != NULL) {
1601 			if (LIST_NEXT(op, nfso_list) != NULL)
1602 				panic("nfscleandel");
1603 			nfscl_freeopen(op, 1);
1604 		}
1605 		nfscl_freeopenowner(owp, 1);
1606 	}
1607 	nfscl_freealllocks(&dp->nfsdl_lock, 1);
1608 }
1609 
1610 /*
1611  * Free a delegation.
1612  */
1613 static void
1614 nfscl_freedeleg(struct nfscldeleghead *hdp, struct nfscldeleg *dp)
1615 {
1616 
1617 	TAILQ_REMOVE(hdp, dp, nfsdl_list);
1618 	LIST_REMOVE(dp, nfsdl_hash);
1619 	FREE((caddr_t)dp, M_NFSCLDELEG);
1620 	nfsstatsv1.cldelegates--;
1621 	nfscl_delegcnt--;
1622 }
1623 
1624 /*
1625  * Free up all state related to this client structure.
1626  */
1627 static void
1628 nfscl_cleanclient(struct nfsclclient *clp)
1629 {
1630 	struct nfsclowner *owp, *nowp;
1631 	struct nfsclopen *op, *nop;
1632 	struct nfscllayout *lyp, *nlyp;
1633 	struct nfscldevinfo *dip, *ndip;
1634 
1635 	TAILQ_FOREACH_SAFE(lyp, &clp->nfsc_layout, nfsly_list, nlyp)
1636 		nfscl_freelayout(lyp);
1637 
1638 	LIST_FOREACH_SAFE(dip, &clp->nfsc_devinfo, nfsdi_list, ndip)
1639 		nfscl_freedevinfo(dip);
1640 
1641 	/* Now, all the OpenOwners, etc. */
1642 	LIST_FOREACH_SAFE(owp, &clp->nfsc_owner, nfsow_list, nowp) {
1643 		LIST_FOREACH_SAFE(op, &owp->nfsow_open, nfso_list, nop) {
1644 			nfscl_freeopen(op, 0);
1645 		}
1646 		nfscl_freeopenowner(owp, 0);
1647 	}
1648 }
1649 
1650 /*
1651  * Called when an NFSERR_EXPIRED is received from the server.
1652  */
1653 static void
1654 nfscl_expireclient(struct nfsclclient *clp, struct nfsmount *nmp,
1655     struct ucred *cred, NFSPROC_T *p)
1656 {
1657 	struct nfsclowner *owp, *nowp, *towp;
1658 	struct nfsclopen *op, *nop, *top;
1659 	struct nfscldeleg *dp, *ndp;
1660 	int ret, printed = 0;
1661 
1662 	/*
1663 	 * First, merge locally issued Opens into the list for the server.
1664 	 */
1665 	dp = TAILQ_FIRST(&clp->nfsc_deleg);
1666 	while (dp != NULL) {
1667 	    ndp = TAILQ_NEXT(dp, nfsdl_list);
1668 	    owp = LIST_FIRST(&dp->nfsdl_owner);
1669 	    while (owp != NULL) {
1670 		nowp = LIST_NEXT(owp, nfsow_list);
1671 		op = LIST_FIRST(&owp->nfsow_open);
1672 		if (op != NULL) {
1673 		    if (LIST_NEXT(op, nfso_list) != NULL)
1674 			panic("nfsclexp");
1675 		    LIST_FOREACH(towp, &clp->nfsc_owner, nfsow_list) {
1676 			if (!NFSBCMP(towp->nfsow_owner, owp->nfsow_owner,
1677 			    NFSV4CL_LOCKNAMELEN))
1678 			    break;
1679 		    }
1680 		    if (towp != NULL) {
1681 			/* Merge opens in */
1682 			LIST_FOREACH(top, &towp->nfsow_open, nfso_list) {
1683 			    if (top->nfso_fhlen == op->nfso_fhlen &&
1684 				!NFSBCMP(top->nfso_fh, op->nfso_fh,
1685 				 op->nfso_fhlen)) {
1686 				top->nfso_mode |= op->nfso_mode;
1687 				top->nfso_opencnt += op->nfso_opencnt;
1688 				break;
1689 			    }
1690 			}
1691 			if (top == NULL) {
1692 			    /* Just add the open to the owner list */
1693 			    LIST_REMOVE(op, nfso_list);
1694 			    op->nfso_own = towp;
1695 			    LIST_INSERT_HEAD(&towp->nfsow_open, op, nfso_list);
1696 			    nfsstatsv1.cllocalopens--;
1697 			    nfsstatsv1.clopens++;
1698 			}
1699 		    } else {
1700 			/* Just add the openowner to the client list */
1701 			LIST_REMOVE(owp, nfsow_list);
1702 			owp->nfsow_clp = clp;
1703 			LIST_INSERT_HEAD(&clp->nfsc_owner, owp, nfsow_list);
1704 			nfsstatsv1.cllocalopenowners--;
1705 			nfsstatsv1.clopenowners++;
1706 			nfsstatsv1.cllocalopens--;
1707 			nfsstatsv1.clopens++;
1708 		    }
1709 		}
1710 		owp = nowp;
1711 	    }
1712 	    if (!printed && !LIST_EMPTY(&dp->nfsdl_lock)) {
1713 		printed = 1;
1714 		printf("nfsv4 expired locks lost\n");
1715 	    }
1716 	    nfscl_cleandeleg(dp);
1717 	    nfscl_freedeleg(&clp->nfsc_deleg, dp);
1718 	    dp = ndp;
1719 	}
1720 	if (!TAILQ_EMPTY(&clp->nfsc_deleg))
1721 	    panic("nfsclexp");
1722 
1723 	/*
1724 	 * Now, try and reopen against the server.
1725 	 */
1726 	LIST_FOREACH_SAFE(owp, &clp->nfsc_owner, nfsow_list, nowp) {
1727 		owp->nfsow_seqid = 0;
1728 		LIST_FOREACH_SAFE(op, &owp->nfsow_open, nfso_list, nop) {
1729 			ret = nfscl_expireopen(clp, op, nmp, cred, p);
1730 			if (ret && !printed) {
1731 				printed = 1;
1732 				printf("nfsv4 expired locks lost\n");
1733 			}
1734 		}
1735 		if (LIST_EMPTY(&owp->nfsow_open))
1736 			nfscl_freeopenowner(owp, 0);
1737 	}
1738 }
1739 
1740 /*
1741  * This function must be called after the process represented by "own" has
1742  * exited. Must be called with CLSTATE lock held.
1743  */
1744 static void
1745 nfscl_cleanup_common(struct nfsclclient *clp, u_int8_t *own)
1746 {
1747 	struct nfsclowner *owp, *nowp;
1748 	struct nfscllockowner *lp, *nlp;
1749 	struct nfscldeleg *dp;
1750 
1751 	/* First, get rid of local locks on delegations. */
1752 	TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
1753 		LIST_FOREACH_SAFE(lp, &dp->nfsdl_lock, nfsl_list, nlp) {
1754 		    if (!NFSBCMP(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN)) {
1755 			if ((lp->nfsl_rwlock.nfslock_lock & NFSV4LOCK_WANTED))
1756 			    panic("nfscllckw");
1757 			nfscl_freelockowner(lp, 1);
1758 		    }
1759 		}
1760 	}
1761 	owp = LIST_FIRST(&clp->nfsc_owner);
1762 	while (owp != NULL) {
1763 		nowp = LIST_NEXT(owp, nfsow_list);
1764 		if (!NFSBCMP(owp->nfsow_owner, own,
1765 		    NFSV4CL_LOCKNAMELEN)) {
1766 			/*
1767 			 * If there are children that haven't closed the
1768 			 * file descriptors yet, the opens will still be
1769 			 * here. For that case, let the renew thread clear
1770 			 * out the OpenOwner later.
1771 			 */
1772 			if (LIST_EMPTY(&owp->nfsow_open))
1773 				nfscl_freeopenowner(owp, 0);
1774 			else
1775 				owp->nfsow_defunct = 1;
1776 		}
1777 		owp = nowp;
1778 	}
1779 }
1780 
1781 /*
1782  * Find open/lock owners for processes that have exited.
1783  */
1784 static void
1785 nfscl_cleanupkext(struct nfsclclient *clp, struct nfscllockownerfhhead *lhp)
1786 {
1787 	struct nfsclowner *owp, *nowp;
1788 	struct nfsclopen *op;
1789 	struct nfscllockowner *lp, *nlp;
1790 	struct nfscldeleg *dp;
1791 
1792 	NFSPROCLISTLOCK();
1793 	NFSLOCKCLSTATE();
1794 	LIST_FOREACH_SAFE(owp, &clp->nfsc_owner, nfsow_list, nowp) {
1795 		LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
1796 			LIST_FOREACH_SAFE(lp, &op->nfso_lock, nfsl_list, nlp) {
1797 				if (LIST_EMPTY(&lp->nfsl_lock))
1798 					nfscl_emptylockowner(lp, lhp);
1799 			}
1800 		}
1801 		if (nfscl_procdoesntexist(owp->nfsow_owner))
1802 			nfscl_cleanup_common(clp, owp->nfsow_owner);
1803 	}
1804 
1805 	/*
1806 	 * For the single open_owner case, these lock owners need to be
1807 	 * checked to see if they still exist separately.
1808 	 * This is because nfscl_procdoesntexist() never returns true for
1809 	 * the single open_owner so that the above doesn't ever call
1810 	 * nfscl_cleanup_common().
1811 	 */
1812 	TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
1813 		LIST_FOREACH_SAFE(lp, &dp->nfsdl_lock, nfsl_list, nlp) {
1814 			if (nfscl_procdoesntexist(lp->nfsl_owner))
1815 				nfscl_cleanup_common(clp, lp->nfsl_owner);
1816 		}
1817 	}
1818 	NFSUNLOCKCLSTATE();
1819 	NFSPROCLISTUNLOCK();
1820 }
1821 
1822 /*
1823  * Take the empty lock owner and move it to the local lhp list if the
1824  * associated process no longer exists.
1825  */
1826 static void
1827 nfscl_emptylockowner(struct nfscllockowner *lp,
1828     struct nfscllockownerfhhead *lhp)
1829 {
1830 	struct nfscllockownerfh *lfhp, *mylfhp;
1831 	struct nfscllockowner *nlp;
1832 	int fnd_it;
1833 
1834 	/* If not a Posix lock owner, just return. */
1835 	if ((lp->nfsl_lockflags & F_POSIX) == 0)
1836 		return;
1837 
1838 	fnd_it = 0;
1839 	mylfhp = NULL;
1840 	/*
1841 	 * First, search to see if this lock owner is already in the list.
1842 	 * If it is, then the associated process no longer exists.
1843 	 */
1844 	SLIST_FOREACH(lfhp, lhp, nfslfh_list) {
1845 		if (lfhp->nfslfh_len == lp->nfsl_open->nfso_fhlen &&
1846 		    !NFSBCMP(lfhp->nfslfh_fh, lp->nfsl_open->nfso_fh,
1847 		    lfhp->nfslfh_len))
1848 			mylfhp = lfhp;
1849 		LIST_FOREACH(nlp, &lfhp->nfslfh_lock, nfsl_list)
1850 			if (!NFSBCMP(nlp->nfsl_owner, lp->nfsl_owner,
1851 			    NFSV4CL_LOCKNAMELEN))
1852 				fnd_it = 1;
1853 	}
1854 	/* If not found, check if process still exists. */
1855 	if (fnd_it == 0 && nfscl_procdoesntexist(lp->nfsl_owner) == 0)
1856 		return;
1857 
1858 	/* Move the lock owner over to the local list. */
1859 	if (mylfhp == NULL) {
1860 		mylfhp = malloc(sizeof(struct nfscllockownerfh), M_TEMP,
1861 		    M_NOWAIT);
1862 		if (mylfhp == NULL)
1863 			return;
1864 		mylfhp->nfslfh_len = lp->nfsl_open->nfso_fhlen;
1865 		NFSBCOPY(lp->nfsl_open->nfso_fh, mylfhp->nfslfh_fh,
1866 		    mylfhp->nfslfh_len);
1867 		LIST_INIT(&mylfhp->nfslfh_lock);
1868 		SLIST_INSERT_HEAD(lhp, mylfhp, nfslfh_list);
1869 	}
1870 	LIST_REMOVE(lp, nfsl_list);
1871 	LIST_INSERT_HEAD(&mylfhp->nfslfh_lock, lp, nfsl_list);
1872 }
1873 
1874 static int	fake_global;	/* Used to force visibility of MNTK_UNMOUNTF */
1875 /*
1876  * Called from nfs umount to free up the clientid.
1877  */
1878 APPLESTATIC void
1879 nfscl_umount(struct nfsmount *nmp, NFSPROC_T *p)
1880 {
1881 	struct nfsclclient *clp;
1882 	struct ucred *cred;
1883 	int igotlock;
1884 
1885 	/*
1886 	 * For the case that matters, this is the thread that set
1887 	 * MNTK_UNMOUNTF, so it will see it set. The code that follows is
1888 	 * done to ensure that any thread executing nfscl_getcl() after
1889 	 * this time, will see MNTK_UNMOUNTF set. nfscl_getcl() uses the
1890 	 * mutex for NFSLOCKCLSTATE(), so it is "m" for the following
1891 	 * explanation, courtesy of Alan Cox.
1892 	 * What follows is a snippet from Alan Cox's email at:
1893 	 * http://docs.FreeBSD.org/cgi/
1894 	 *     mid.cgi?BANLkTikR3d65zPHo9==08ZfJ2vmqZucEvw
1895 	 *
1896 	 * 1. Set MNTK_UNMOUNTF
1897 	 * 2. Acquire a standard FreeBSD mutex "m".
1898 	 * 3. Update some data structures.
1899 	 * 4. Release mutex "m".
1900 	 *
1901 	 * Then, other threads that acquire "m" after step 4 has occurred will
1902 	 * see MNTK_UNMOUNTF as set.  But, other threads that beat thread X to
1903 	 * step 2 may or may not see MNTK_UNMOUNTF as set.
1904 	 */
1905 	NFSLOCKCLSTATE();
1906 	if ((nmp->nm_mountp->mnt_kern_flag & MNTK_UNMOUNTF) != 0) {
1907 		fake_global++;
1908 		NFSUNLOCKCLSTATE();
1909 		NFSLOCKCLSTATE();
1910 	}
1911 
1912 	clp = nmp->nm_clp;
1913 	if (clp != NULL) {
1914 		if ((clp->nfsc_flags & NFSCLFLAGS_INITED) == 0)
1915 			panic("nfscl umount");
1916 
1917 		/*
1918 		 * First, handshake with the nfscl renew thread, to terminate
1919 		 * it.
1920 		 */
1921 		clp->nfsc_flags |= NFSCLFLAGS_UMOUNT;
1922 		while (clp->nfsc_flags & NFSCLFLAGS_HASTHREAD)
1923 			(void)mtx_sleep(clp, NFSCLSTATEMUTEXPTR, PWAIT,
1924 			    "nfsclumnt", hz);
1925 
1926 		/*
1927 		 * Now, get the exclusive lock on the client state, so
1928 		 * that no uses of the state are still in progress.
1929 		 */
1930 		do {
1931 			igotlock = nfsv4_lock(&clp->nfsc_lock, 1, NULL,
1932 			    NFSCLSTATEMUTEXPTR, NULL);
1933 		} while (!igotlock);
1934 		NFSUNLOCKCLSTATE();
1935 
1936 		/*
1937 		 * Free up all the state. It will expire on the server, but
1938 		 * maybe we should do a SetClientId/SetClientIdConfirm so
1939 		 * the server throws it away?
1940 		 */
1941 		LIST_REMOVE(clp, nfsc_list);
1942 		nfscl_delegreturnall(clp, p);
1943 		cred = newnfs_getcred();
1944 		if (NFSHASNFSV4N(nmp)) {
1945 			(void)nfsrpc_destroysession(nmp, clp, cred, p);
1946 			(void)nfsrpc_destroyclient(nmp, clp, cred, p);
1947 		} else
1948 			(void)nfsrpc_setclient(nmp, clp, 0, cred, p);
1949 		nfscl_cleanclient(clp);
1950 		nmp->nm_clp = NULL;
1951 		NFSFREECRED(cred);
1952 		free(clp, M_NFSCLCLIENT);
1953 	} else
1954 		NFSUNLOCKCLSTATE();
1955 }
1956 
1957 /*
1958  * This function is called when a server replies with NFSERR_STALECLIENTID
1959  * NFSERR_STALESTATEID or NFSERR_BADSESSION. It traverses the clientid lists,
1960  * doing Opens and Locks with reclaim. If these fail, it deletes the
1961  * corresponding state.
1962  */
1963 static void
1964 nfscl_recover(struct nfsclclient *clp, struct ucred *cred, NFSPROC_T *p)
1965 {
1966 	struct nfsclowner *owp, *nowp;
1967 	struct nfsclopen *op, *nop;
1968 	struct nfscllockowner *lp, *nlp;
1969 	struct nfscllock *lop, *nlop;
1970 	struct nfscldeleg *dp, *ndp, *tdp;
1971 	struct nfsmount *nmp;
1972 	struct ucred *tcred;
1973 	struct nfsclopenhead extra_open;
1974 	struct nfscldeleghead extra_deleg;
1975 	struct nfsreq *rep;
1976 	u_int64_t len;
1977 	u_int32_t delegtype = NFSV4OPEN_DELEGATEWRITE, mode;
1978 	int i, igotlock = 0, error, trycnt, firstlock;
1979 	struct nfscllayout *lyp, *nlyp;
1980 
1981 	/*
1982 	 * First, lock the client structure, so everyone else will
1983 	 * block when trying to use state.
1984 	 */
1985 	NFSLOCKCLSTATE();
1986 	clp->nfsc_flags |= NFSCLFLAGS_RECVRINPROG;
1987 	do {
1988 		igotlock = nfsv4_lock(&clp->nfsc_lock, 1, NULL,
1989 		    NFSCLSTATEMUTEXPTR, NULL);
1990 	} while (!igotlock);
1991 	NFSUNLOCKCLSTATE();
1992 
1993 	nmp = clp->nfsc_nmp;
1994 	if (nmp == NULL)
1995 		panic("nfscl recover");
1996 
1997 	/*
1998 	 * For now, just get rid of all layouts. There may be a need
1999 	 * to do LayoutCommit Ops with reclaim == true later.
2000 	 */
2001 	TAILQ_FOREACH_SAFE(lyp, &clp->nfsc_layout, nfsly_list, nlyp)
2002 		nfscl_freelayout(lyp);
2003 	TAILQ_INIT(&clp->nfsc_layout);
2004 	for (i = 0; i < NFSCLLAYOUTHASHSIZE; i++)
2005 		LIST_INIT(&clp->nfsc_layouthash[i]);
2006 
2007 	trycnt = 5;
2008 	do {
2009 		error = nfsrpc_setclient(nmp, clp, 1, cred, p);
2010 	} while ((error == NFSERR_STALECLIENTID ||
2011 	     error == NFSERR_BADSESSION ||
2012 	     error == NFSERR_STALEDONTRECOVER) && --trycnt > 0);
2013 	if (error) {
2014 		NFSLOCKCLSTATE();
2015 		clp->nfsc_flags &= ~(NFSCLFLAGS_RECOVER |
2016 		    NFSCLFLAGS_RECVRINPROG);
2017 		wakeup(&clp->nfsc_flags);
2018 		nfsv4_unlock(&clp->nfsc_lock, 0);
2019 		NFSUNLOCKCLSTATE();
2020 		return;
2021 	}
2022 	clp->nfsc_flags |= NFSCLFLAGS_HASCLIENTID;
2023 	clp->nfsc_flags &= ~NFSCLFLAGS_RECOVER;
2024 
2025 	/*
2026 	 * Mark requests already queued on the server, so that they don't
2027 	 * initiate another recovery cycle. Any requests already in the
2028 	 * queue that handle state information will have the old stale
2029 	 * clientid/stateid and will get a NFSERR_STALESTATEID,
2030 	 * NFSERR_STALECLIENTID or NFSERR_BADSESSION reply from the server.
2031 	 * This will be translated to NFSERR_STALEDONTRECOVER when
2032 	 * R_DONTRECOVER is set.
2033 	 */
2034 	NFSLOCKREQ();
2035 	TAILQ_FOREACH(rep, &nfsd_reqq, r_chain) {
2036 		if (rep->r_nmp == nmp)
2037 			rep->r_flags |= R_DONTRECOVER;
2038 	}
2039 	NFSUNLOCKREQ();
2040 
2041 	/*
2042 	 * Now, mark all delegations "need reclaim".
2043 	 */
2044 	TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list)
2045 		dp->nfsdl_flags |= NFSCLDL_NEEDRECLAIM;
2046 
2047 	TAILQ_INIT(&extra_deleg);
2048 	LIST_INIT(&extra_open);
2049 	/*
2050 	 * Now traverse the state lists, doing Open and Lock Reclaims.
2051 	 */
2052 	tcred = newnfs_getcred();
2053 	owp = LIST_FIRST(&clp->nfsc_owner);
2054 	while (owp != NULL) {
2055 	    nowp = LIST_NEXT(owp, nfsow_list);
2056 	    owp->nfsow_seqid = 0;
2057 	    op = LIST_FIRST(&owp->nfsow_open);
2058 	    while (op != NULL) {
2059 		nop = LIST_NEXT(op, nfso_list);
2060 		if (error != NFSERR_NOGRACE && error != NFSERR_BADSESSION) {
2061 		    /* Search for a delegation to reclaim with the open */
2062 		    TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
2063 			if (!(dp->nfsdl_flags & NFSCLDL_NEEDRECLAIM))
2064 			    continue;
2065 			if ((dp->nfsdl_flags & NFSCLDL_WRITE)) {
2066 			    mode = NFSV4OPEN_ACCESSWRITE;
2067 			    delegtype = NFSV4OPEN_DELEGATEWRITE;
2068 			} else {
2069 			    mode = NFSV4OPEN_ACCESSREAD;
2070 			    delegtype = NFSV4OPEN_DELEGATEREAD;
2071 			}
2072 			if ((op->nfso_mode & mode) == mode &&
2073 			    op->nfso_fhlen == dp->nfsdl_fhlen &&
2074 			    !NFSBCMP(op->nfso_fh, dp->nfsdl_fh, op->nfso_fhlen))
2075 			    break;
2076 		    }
2077 		    ndp = dp;
2078 		    if (dp == NULL)
2079 			delegtype = NFSV4OPEN_DELEGATENONE;
2080 		    newnfs_copycred(&op->nfso_cred, tcred);
2081 		    error = nfscl_tryopen(nmp, NULL, op->nfso_fh,
2082 			op->nfso_fhlen, op->nfso_fh, op->nfso_fhlen,
2083 			op->nfso_mode, op, NULL, 0, &ndp, 1, delegtype,
2084 			tcred, p);
2085 		    if (!error) {
2086 			/* Handle any replied delegation */
2087 			if (ndp != NULL && ((ndp->nfsdl_flags & NFSCLDL_WRITE)
2088 			    || NFSMNT_RDONLY(nmp->nm_mountp))) {
2089 			    if ((ndp->nfsdl_flags & NFSCLDL_WRITE))
2090 				mode = NFSV4OPEN_ACCESSWRITE;
2091 			    else
2092 				mode = NFSV4OPEN_ACCESSREAD;
2093 			    TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
2094 				if (!(dp->nfsdl_flags & NFSCLDL_NEEDRECLAIM))
2095 				    continue;
2096 				if ((op->nfso_mode & mode) == mode &&
2097 				    op->nfso_fhlen == dp->nfsdl_fhlen &&
2098 				    !NFSBCMP(op->nfso_fh, dp->nfsdl_fh,
2099 				    op->nfso_fhlen)) {
2100 				    dp->nfsdl_stateid = ndp->nfsdl_stateid;
2101 				    dp->nfsdl_sizelimit = ndp->nfsdl_sizelimit;
2102 				    dp->nfsdl_ace = ndp->nfsdl_ace;
2103 				    dp->nfsdl_change = ndp->nfsdl_change;
2104 				    dp->nfsdl_flags &= ~NFSCLDL_NEEDRECLAIM;
2105 				    if ((ndp->nfsdl_flags & NFSCLDL_RECALL))
2106 					dp->nfsdl_flags |= NFSCLDL_RECALL;
2107 				    FREE((caddr_t)ndp, M_NFSCLDELEG);
2108 				    ndp = NULL;
2109 				    break;
2110 				}
2111 			    }
2112 			}
2113 			if (ndp != NULL)
2114 			    TAILQ_INSERT_HEAD(&extra_deleg, ndp, nfsdl_list);
2115 
2116 			/* and reclaim all byte range locks */
2117 			lp = LIST_FIRST(&op->nfso_lock);
2118 			while (lp != NULL) {
2119 			    nlp = LIST_NEXT(lp, nfsl_list);
2120 			    lp->nfsl_seqid = 0;
2121 			    firstlock = 1;
2122 			    lop = LIST_FIRST(&lp->nfsl_lock);
2123 			    while (lop != NULL) {
2124 				nlop = LIST_NEXT(lop, nfslo_list);
2125 				if (lop->nfslo_end == NFS64BITSSET)
2126 				    len = NFS64BITSSET;
2127 				else
2128 				    len = lop->nfslo_end - lop->nfslo_first;
2129 				error = nfscl_trylock(nmp, NULL,
2130 				    op->nfso_fh, op->nfso_fhlen, lp,
2131 				    firstlock, 1, lop->nfslo_first, len,
2132 				    lop->nfslo_type, tcred, p);
2133 				if (error != 0)
2134 				    nfscl_freelock(lop, 0);
2135 				else
2136 				    firstlock = 0;
2137 				lop = nlop;
2138 			    }
2139 			    /* If no locks, but a lockowner, just delete it. */
2140 			    if (LIST_EMPTY(&lp->nfsl_lock))
2141 				nfscl_freelockowner(lp, 0);
2142 			    lp = nlp;
2143 			}
2144 		    }
2145 		}
2146 		if (error != 0 && error != NFSERR_BADSESSION)
2147 		    nfscl_freeopen(op, 0);
2148 		op = nop;
2149 	    }
2150 	    owp = nowp;
2151 	}
2152 
2153 	/*
2154 	 * Now, try and get any delegations not yet reclaimed by cobbling
2155 	 * to-gether an appropriate open.
2156 	 */
2157 	nowp = NULL;
2158 	dp = TAILQ_FIRST(&clp->nfsc_deleg);
2159 	while (dp != NULL) {
2160 	    ndp = TAILQ_NEXT(dp, nfsdl_list);
2161 	    if ((dp->nfsdl_flags & NFSCLDL_NEEDRECLAIM)) {
2162 		if (nowp == NULL) {
2163 		    MALLOC(nowp, struct nfsclowner *,
2164 			sizeof (struct nfsclowner), M_NFSCLOWNER, M_WAITOK);
2165 		    /*
2166 		     * Name must be as long an largest possible
2167 		     * NFSV4CL_LOCKNAMELEN. 12 for now.
2168 		     */
2169 		    NFSBCOPY("RECLAIMDELEG", nowp->nfsow_owner,
2170 			NFSV4CL_LOCKNAMELEN);
2171 		    LIST_INIT(&nowp->nfsow_open);
2172 		    nowp->nfsow_clp = clp;
2173 		    nowp->nfsow_seqid = 0;
2174 		    nowp->nfsow_defunct = 0;
2175 		    nfscl_lockinit(&nowp->nfsow_rwlock);
2176 		}
2177 		nop = NULL;
2178 		if (error != NFSERR_NOGRACE && error != NFSERR_BADSESSION) {
2179 		    MALLOC(nop, struct nfsclopen *, sizeof (struct nfsclopen) +
2180 			dp->nfsdl_fhlen - 1, M_NFSCLOPEN, M_WAITOK);
2181 		    nop->nfso_own = nowp;
2182 		    if ((dp->nfsdl_flags & NFSCLDL_WRITE)) {
2183 			nop->nfso_mode = NFSV4OPEN_ACCESSWRITE;
2184 			delegtype = NFSV4OPEN_DELEGATEWRITE;
2185 		    } else {
2186 			nop->nfso_mode = NFSV4OPEN_ACCESSREAD;
2187 			delegtype = NFSV4OPEN_DELEGATEREAD;
2188 		    }
2189 		    nop->nfso_opencnt = 0;
2190 		    nop->nfso_posixlock = 1;
2191 		    nop->nfso_fhlen = dp->nfsdl_fhlen;
2192 		    NFSBCOPY(dp->nfsdl_fh, nop->nfso_fh, dp->nfsdl_fhlen);
2193 		    LIST_INIT(&nop->nfso_lock);
2194 		    nop->nfso_stateid.seqid = 0;
2195 		    nop->nfso_stateid.other[0] = 0;
2196 		    nop->nfso_stateid.other[1] = 0;
2197 		    nop->nfso_stateid.other[2] = 0;
2198 		    newnfs_copycred(&dp->nfsdl_cred, tcred);
2199 		    newnfs_copyincred(tcred, &nop->nfso_cred);
2200 		    tdp = NULL;
2201 		    error = nfscl_tryopen(nmp, NULL, nop->nfso_fh,
2202 			nop->nfso_fhlen, nop->nfso_fh, nop->nfso_fhlen,
2203 			nop->nfso_mode, nop, NULL, 0, &tdp, 1,
2204 			delegtype, tcred, p);
2205 		    if (tdp != NULL) {
2206 			if ((tdp->nfsdl_flags & NFSCLDL_WRITE))
2207 			    mode = NFSV4OPEN_ACCESSWRITE;
2208 			else
2209 			    mode = NFSV4OPEN_ACCESSREAD;
2210 			if ((nop->nfso_mode & mode) == mode &&
2211 			    nop->nfso_fhlen == tdp->nfsdl_fhlen &&
2212 			    !NFSBCMP(nop->nfso_fh, tdp->nfsdl_fh,
2213 			    nop->nfso_fhlen)) {
2214 			    dp->nfsdl_stateid = tdp->nfsdl_stateid;
2215 			    dp->nfsdl_sizelimit = tdp->nfsdl_sizelimit;
2216 			    dp->nfsdl_ace = tdp->nfsdl_ace;
2217 			    dp->nfsdl_change = tdp->nfsdl_change;
2218 			    dp->nfsdl_flags &= ~NFSCLDL_NEEDRECLAIM;
2219 			    if ((tdp->nfsdl_flags & NFSCLDL_RECALL))
2220 				dp->nfsdl_flags |= NFSCLDL_RECALL;
2221 			    FREE((caddr_t)tdp, M_NFSCLDELEG);
2222 			} else {
2223 			    TAILQ_INSERT_HEAD(&extra_deleg, tdp, nfsdl_list);
2224 			}
2225 		    }
2226 		}
2227 		if (error) {
2228 		    if (nop != NULL)
2229 			FREE((caddr_t)nop, M_NFSCLOPEN);
2230 		    /*
2231 		     * Couldn't reclaim it, so throw the state
2232 		     * away. Ouch!!
2233 		     */
2234 		    nfscl_cleandeleg(dp);
2235 		    nfscl_freedeleg(&clp->nfsc_deleg, dp);
2236 		} else {
2237 		    LIST_INSERT_HEAD(&extra_open, nop, nfso_list);
2238 		}
2239 	    }
2240 	    dp = ndp;
2241 	}
2242 
2243 	/*
2244 	 * Now, get rid of extra Opens and Delegations.
2245 	 */
2246 	LIST_FOREACH_SAFE(op, &extra_open, nfso_list, nop) {
2247 		do {
2248 			newnfs_copycred(&op->nfso_cred, tcred);
2249 			error = nfscl_tryclose(op, tcred, nmp, p);
2250 			if (error == NFSERR_GRACE)
2251 				(void) nfs_catnap(PZERO, error, "nfsexcls");
2252 		} while (error == NFSERR_GRACE);
2253 		LIST_REMOVE(op, nfso_list);
2254 		FREE((caddr_t)op, M_NFSCLOPEN);
2255 	}
2256 	if (nowp != NULL)
2257 		FREE((caddr_t)nowp, M_NFSCLOWNER);
2258 
2259 	TAILQ_FOREACH_SAFE(dp, &extra_deleg, nfsdl_list, ndp) {
2260 		do {
2261 			newnfs_copycred(&dp->nfsdl_cred, tcred);
2262 			error = nfscl_trydelegreturn(dp, tcred, nmp, p);
2263 			if (error == NFSERR_GRACE)
2264 				(void) nfs_catnap(PZERO, error, "nfsexdlg");
2265 		} while (error == NFSERR_GRACE);
2266 		TAILQ_REMOVE(&extra_deleg, dp, nfsdl_list);
2267 		FREE((caddr_t)dp, M_NFSCLDELEG);
2268 	}
2269 
2270 	/* For NFSv4.1 or later, do a RECLAIM_COMPLETE. */
2271 	if (NFSHASNFSV4N(nmp))
2272 		(void)nfsrpc_reclaimcomplete(nmp, cred, p);
2273 
2274 	NFSLOCKCLSTATE();
2275 	clp->nfsc_flags &= ~NFSCLFLAGS_RECVRINPROG;
2276 	wakeup(&clp->nfsc_flags);
2277 	nfsv4_unlock(&clp->nfsc_lock, 0);
2278 	NFSUNLOCKCLSTATE();
2279 	NFSFREECRED(tcred);
2280 }
2281 
2282 /*
2283  * This function is called when a server replies with NFSERR_EXPIRED.
2284  * It deletes all state for the client and does a fresh SetClientId/confirm.
2285  * XXX Someday it should post a signal to the process(es) that hold the
2286  * state, so they know that lock state has been lost.
2287  */
2288 APPLESTATIC int
2289 nfscl_hasexpired(struct nfsclclient *clp, u_int32_t clidrev, NFSPROC_T *p)
2290 {
2291 	struct nfsmount *nmp;
2292 	struct ucred *cred;
2293 	int igotlock = 0, error, trycnt;
2294 
2295 	/*
2296 	 * If the clientid has gone away or a new SetClientid has already
2297 	 * been done, just return ok.
2298 	 */
2299 	if (clp == NULL || clidrev != clp->nfsc_clientidrev)
2300 		return (0);
2301 
2302 	/*
2303 	 * First, lock the client structure, so everyone else will
2304 	 * block when trying to use state. Also, use NFSCLFLAGS_EXPIREIT so
2305 	 * that only one thread does the work.
2306 	 */
2307 	NFSLOCKCLSTATE();
2308 	clp->nfsc_flags |= NFSCLFLAGS_EXPIREIT;
2309 	do {
2310 		igotlock = nfsv4_lock(&clp->nfsc_lock, 1, NULL,
2311 		    NFSCLSTATEMUTEXPTR, NULL);
2312 	} while (!igotlock && (clp->nfsc_flags & NFSCLFLAGS_EXPIREIT));
2313 	if ((clp->nfsc_flags & NFSCLFLAGS_EXPIREIT) == 0) {
2314 		if (igotlock)
2315 			nfsv4_unlock(&clp->nfsc_lock, 0);
2316 		NFSUNLOCKCLSTATE();
2317 		return (0);
2318 	}
2319 	clp->nfsc_flags |= NFSCLFLAGS_RECVRINPROG;
2320 	NFSUNLOCKCLSTATE();
2321 
2322 	nmp = clp->nfsc_nmp;
2323 	if (nmp == NULL)
2324 		panic("nfscl expired");
2325 	cred = newnfs_getcred();
2326 	trycnt = 5;
2327 	do {
2328 		error = nfsrpc_setclient(nmp, clp, 0, cred, p);
2329 	} while ((error == NFSERR_STALECLIENTID ||
2330 	     error == NFSERR_BADSESSION ||
2331 	     error == NFSERR_STALEDONTRECOVER) && --trycnt > 0);
2332 	if (error) {
2333 		NFSLOCKCLSTATE();
2334 		clp->nfsc_flags &= ~NFSCLFLAGS_RECOVER;
2335 	} else {
2336 		/*
2337 		 * Expire the state for the client.
2338 		 */
2339 		nfscl_expireclient(clp, nmp, cred, p);
2340 		NFSLOCKCLSTATE();
2341 		clp->nfsc_flags |= NFSCLFLAGS_HASCLIENTID;
2342 		clp->nfsc_flags &= ~NFSCLFLAGS_RECOVER;
2343 	}
2344 	clp->nfsc_flags &= ~(NFSCLFLAGS_EXPIREIT | NFSCLFLAGS_RECVRINPROG);
2345 	wakeup(&clp->nfsc_flags);
2346 	nfsv4_unlock(&clp->nfsc_lock, 0);
2347 	NFSUNLOCKCLSTATE();
2348 	NFSFREECRED(cred);
2349 	return (error);
2350 }
2351 
2352 /*
2353  * This function inserts a lock in the list after insert_lop.
2354  */
2355 static void
2356 nfscl_insertlock(struct nfscllockowner *lp, struct nfscllock *new_lop,
2357     struct nfscllock *insert_lop, int local)
2358 {
2359 
2360 	if ((struct nfscllockowner *)insert_lop == lp)
2361 		LIST_INSERT_HEAD(&lp->nfsl_lock, new_lop, nfslo_list);
2362 	else
2363 		LIST_INSERT_AFTER(insert_lop, new_lop, nfslo_list);
2364 	if (local)
2365 		nfsstatsv1.cllocallocks++;
2366 	else
2367 		nfsstatsv1.cllocks++;
2368 }
2369 
2370 /*
2371  * This function updates the locking for a lock owner and given file. It
2372  * maintains a list of lock ranges ordered on increasing file offset that
2373  * are NFSCLLOCK_READ or NFSCLLOCK_WRITE and non-overlapping (aka POSIX style).
2374  * It always adds new_lop to the list and sometimes uses the one pointed
2375  * at by other_lopp.
2376  * Returns 1 if the locks were modified, 0 otherwise.
2377  */
2378 static int
2379 nfscl_updatelock(struct nfscllockowner *lp, struct nfscllock **new_lopp,
2380     struct nfscllock **other_lopp, int local)
2381 {
2382 	struct nfscllock *new_lop = *new_lopp;
2383 	struct nfscllock *lop, *tlop, *ilop;
2384 	struct nfscllock *other_lop;
2385 	int unlock = 0, modified = 0;
2386 	u_int64_t tmp;
2387 
2388 	/*
2389 	 * Work down the list until the lock is merged.
2390 	 */
2391 	if (new_lop->nfslo_type == F_UNLCK)
2392 		unlock = 1;
2393 	ilop = (struct nfscllock *)lp;
2394 	lop = LIST_FIRST(&lp->nfsl_lock);
2395 	while (lop != NULL) {
2396 	    /*
2397 	     * Only check locks for this file that aren't before the start of
2398 	     * new lock's range.
2399 	     */
2400 	    if (lop->nfslo_end >= new_lop->nfslo_first) {
2401 		if (new_lop->nfslo_end < lop->nfslo_first) {
2402 		    /*
2403 		     * If the new lock ends before the start of the
2404 		     * current lock's range, no merge, just insert
2405 		     * the new lock.
2406 		     */
2407 		    break;
2408 		}
2409 		if (new_lop->nfslo_type == lop->nfslo_type ||
2410 		    (new_lop->nfslo_first <= lop->nfslo_first &&
2411 		     new_lop->nfslo_end >= lop->nfslo_end)) {
2412 		    /*
2413 		     * This lock can be absorbed by the new lock/unlock.
2414 		     * This happens when it covers the entire range
2415 		     * of the old lock or is contiguous
2416 		     * with the old lock and is of the same type or an
2417 		     * unlock.
2418 		     */
2419 		    if (new_lop->nfslo_type != lop->nfslo_type ||
2420 			new_lop->nfslo_first != lop->nfslo_first ||
2421 			new_lop->nfslo_end != lop->nfslo_end)
2422 			modified = 1;
2423 		    if (lop->nfslo_first < new_lop->nfslo_first)
2424 			new_lop->nfslo_first = lop->nfslo_first;
2425 		    if (lop->nfslo_end > new_lop->nfslo_end)
2426 			new_lop->nfslo_end = lop->nfslo_end;
2427 		    tlop = lop;
2428 		    lop = LIST_NEXT(lop, nfslo_list);
2429 		    nfscl_freelock(tlop, local);
2430 		    continue;
2431 		}
2432 
2433 		/*
2434 		 * All these cases are for contiguous locks that are not the
2435 		 * same type, so they can't be merged.
2436 		 */
2437 		if (new_lop->nfslo_first <= lop->nfslo_first) {
2438 		    /*
2439 		     * This case is where the new lock overlaps with the
2440 		     * first part of the old lock. Move the start of the
2441 		     * old lock to just past the end of the new lock. The
2442 		     * new lock will be inserted in front of the old, since
2443 		     * ilop hasn't been updated. (We are done now.)
2444 		     */
2445 		    if (lop->nfslo_first != new_lop->nfslo_end) {
2446 			lop->nfslo_first = new_lop->nfslo_end;
2447 			modified = 1;
2448 		    }
2449 		    break;
2450 		}
2451 		if (new_lop->nfslo_end >= lop->nfslo_end) {
2452 		    /*
2453 		     * This case is where the new lock overlaps with the
2454 		     * end of the old lock's range. Move the old lock's
2455 		     * end to just before the new lock's first and insert
2456 		     * the new lock after the old lock.
2457 		     * Might not be done yet, since the new lock could
2458 		     * overlap further locks with higher ranges.
2459 		     */
2460 		    if (lop->nfslo_end != new_lop->nfslo_first) {
2461 			lop->nfslo_end = new_lop->nfslo_first;
2462 			modified = 1;
2463 		    }
2464 		    ilop = lop;
2465 		    lop = LIST_NEXT(lop, nfslo_list);
2466 		    continue;
2467 		}
2468 		/*
2469 		 * The final case is where the new lock's range is in the
2470 		 * middle of the current lock's and splits the current lock
2471 		 * up. Use *other_lopp to handle the second part of the
2472 		 * split old lock range. (We are done now.)
2473 		 * For unlock, we use new_lop as other_lop and tmp, since
2474 		 * other_lop and new_lop are the same for this case.
2475 		 * We noted the unlock case above, so we don't need
2476 		 * new_lop->nfslo_type any longer.
2477 		 */
2478 		tmp = new_lop->nfslo_first;
2479 		if (unlock) {
2480 		    other_lop = new_lop;
2481 		    *new_lopp = NULL;
2482 		} else {
2483 		    other_lop = *other_lopp;
2484 		    *other_lopp = NULL;
2485 		}
2486 		other_lop->nfslo_first = new_lop->nfslo_end;
2487 		other_lop->nfslo_end = lop->nfslo_end;
2488 		other_lop->nfslo_type = lop->nfslo_type;
2489 		lop->nfslo_end = tmp;
2490 		nfscl_insertlock(lp, other_lop, lop, local);
2491 		ilop = lop;
2492 		modified = 1;
2493 		break;
2494 	    }
2495 	    ilop = lop;
2496 	    lop = LIST_NEXT(lop, nfslo_list);
2497 	    if (lop == NULL)
2498 		break;
2499 	}
2500 
2501 	/*
2502 	 * Insert the new lock in the list at the appropriate place.
2503 	 */
2504 	if (!unlock) {
2505 		nfscl_insertlock(lp, new_lop, ilop, local);
2506 		*new_lopp = NULL;
2507 		modified = 1;
2508 	}
2509 	return (modified);
2510 }
2511 
2512 /*
2513  * This function must be run as a kernel thread.
2514  * It does Renew Ops and recovery, when required.
2515  */
2516 APPLESTATIC void
2517 nfscl_renewthread(struct nfsclclient *clp, NFSPROC_T *p)
2518 {
2519 	struct nfsclowner *owp, *nowp;
2520 	struct nfsclopen *op;
2521 	struct nfscllockowner *lp, *nlp;
2522 	struct nfscldeleghead dh;
2523 	struct nfscldeleg *dp, *ndp;
2524 	struct ucred *cred;
2525 	u_int32_t clidrev;
2526 	int error, cbpathdown, islept, igotlock, ret, clearok;
2527 	uint32_t recover_done_time = 0;
2528 	time_t mytime;
2529 	static time_t prevsec = 0;
2530 	struct nfscllockownerfh *lfhp, *nlfhp;
2531 	struct nfscllockownerfhhead lfh;
2532 	struct nfscllayout *lyp, *nlyp;
2533 	struct nfscldevinfo *dip, *ndip;
2534 	struct nfscllayouthead rlh;
2535 	struct nfsclrecalllayout *recallp;
2536 	struct nfsclds *dsp;
2537 
2538 	cred = newnfs_getcred();
2539 	NFSLOCKCLSTATE();
2540 	clp->nfsc_flags |= NFSCLFLAGS_HASTHREAD;
2541 	NFSUNLOCKCLSTATE();
2542 	for(;;) {
2543 		newnfs_setroot(cred);
2544 		cbpathdown = 0;
2545 		if (clp->nfsc_flags & NFSCLFLAGS_RECOVER) {
2546 			/*
2547 			 * Only allow one recover within 1/2 of the lease
2548 			 * duration (nfsc_renew).
2549 			 */
2550 			if (recover_done_time < NFSD_MONOSEC) {
2551 				recover_done_time = NFSD_MONOSEC +
2552 				    clp->nfsc_renew;
2553 				NFSCL_DEBUG(1, "Doing recovery..\n");
2554 				nfscl_recover(clp, cred, p);
2555 			} else {
2556 				NFSCL_DEBUG(1, "Clear Recovery dt=%u ms=%jd\n",
2557 				    recover_done_time, (intmax_t)NFSD_MONOSEC);
2558 				NFSLOCKCLSTATE();
2559 				clp->nfsc_flags &= ~NFSCLFLAGS_RECOVER;
2560 				NFSUNLOCKCLSTATE();
2561 			}
2562 		}
2563 		if (clp->nfsc_expire <= NFSD_MONOSEC &&
2564 		    (clp->nfsc_flags & NFSCLFLAGS_HASCLIENTID)) {
2565 			clp->nfsc_expire = NFSD_MONOSEC + clp->nfsc_renew;
2566 			clidrev = clp->nfsc_clientidrev;
2567 			error = nfsrpc_renew(clp, NULL, cred, p);
2568 			if (error == NFSERR_CBPATHDOWN)
2569 			    cbpathdown = 1;
2570 			else if (error == NFSERR_STALECLIENTID ||
2571 			    error == NFSERR_BADSESSION) {
2572 			    NFSLOCKCLSTATE();
2573 			    clp->nfsc_flags |= NFSCLFLAGS_RECOVER;
2574 			    NFSUNLOCKCLSTATE();
2575 			} else if (error == NFSERR_EXPIRED)
2576 			    (void) nfscl_hasexpired(clp, clidrev, p);
2577 		}
2578 
2579 checkdsrenew:
2580 		if (NFSHASNFSV4N(clp->nfsc_nmp)) {
2581 			/* Do renews for any DS sessions. */
2582 			NFSLOCKMNT(clp->nfsc_nmp);
2583 			/* Skip first entry, since the MDS is handled above. */
2584 			dsp = TAILQ_FIRST(&clp->nfsc_nmp->nm_sess);
2585 			if (dsp != NULL)
2586 				dsp = TAILQ_NEXT(dsp, nfsclds_list);
2587 			while (dsp != NULL) {
2588 				if (dsp->nfsclds_expire <= NFSD_MONOSEC &&
2589 				    dsp->nfsclds_sess.nfsess_defunct == 0) {
2590 					dsp->nfsclds_expire = NFSD_MONOSEC +
2591 					    clp->nfsc_renew;
2592 					NFSUNLOCKMNT(clp->nfsc_nmp);
2593 					(void)nfsrpc_renew(clp, dsp, cred, p);
2594 					goto checkdsrenew;
2595 				}
2596 				dsp = TAILQ_NEXT(dsp, nfsclds_list);
2597 			}
2598 			NFSUNLOCKMNT(clp->nfsc_nmp);
2599 		}
2600 
2601 		TAILQ_INIT(&dh);
2602 		NFSLOCKCLSTATE();
2603 		if (cbpathdown)
2604 			/* It's a Total Recall! */
2605 			nfscl_totalrecall(clp);
2606 
2607 		/*
2608 		 * Now, handle defunct owners.
2609 		 */
2610 		LIST_FOREACH_SAFE(owp, &clp->nfsc_owner, nfsow_list, nowp) {
2611 			if (LIST_EMPTY(&owp->nfsow_open)) {
2612 				if (owp->nfsow_defunct != 0)
2613 					nfscl_freeopenowner(owp, 0);
2614 			}
2615 		}
2616 
2617 		/*
2618 		 * Do the recall on any delegations. To avoid trouble, always
2619 		 * come back up here after having slept.
2620 		 */
2621 		igotlock = 0;
2622 tryagain:
2623 		dp = TAILQ_FIRST(&clp->nfsc_deleg);
2624 		while (dp != NULL) {
2625 			ndp = TAILQ_NEXT(dp, nfsdl_list);
2626 			if ((dp->nfsdl_flags & NFSCLDL_RECALL)) {
2627 				/*
2628 				 * Wait for outstanding I/O ops to be done.
2629 				 */
2630 				if (dp->nfsdl_rwlock.nfslock_usecnt > 0) {
2631 				    if (igotlock) {
2632 					nfsv4_unlock(&clp->nfsc_lock, 0);
2633 					igotlock = 0;
2634 				    }
2635 				    dp->nfsdl_rwlock.nfslock_lock |=
2636 					NFSV4LOCK_WANTED;
2637 				    (void) nfsmsleep(&dp->nfsdl_rwlock,
2638 					NFSCLSTATEMUTEXPTR, PZERO, "nfscld",
2639 					NULL);
2640 				    goto tryagain;
2641 				}
2642 				while (!igotlock) {
2643 				    igotlock = nfsv4_lock(&clp->nfsc_lock, 1,
2644 					&islept, NFSCLSTATEMUTEXPTR, NULL);
2645 				    if (islept)
2646 					goto tryagain;
2647 				}
2648 				NFSUNLOCKCLSTATE();
2649 				newnfs_copycred(&dp->nfsdl_cred, cred);
2650 				ret = nfscl_recalldeleg(clp, clp->nfsc_nmp, dp,
2651 				    NULL, cred, p, 1);
2652 				if (!ret) {
2653 				    nfscl_cleandeleg(dp);
2654 				    TAILQ_REMOVE(&clp->nfsc_deleg, dp,
2655 					nfsdl_list);
2656 				    LIST_REMOVE(dp, nfsdl_hash);
2657 				    TAILQ_INSERT_HEAD(&dh, dp, nfsdl_list);
2658 				    nfscl_delegcnt--;
2659 				    nfsstatsv1.cldelegates--;
2660 				}
2661 				NFSLOCKCLSTATE();
2662 			}
2663 			dp = ndp;
2664 		}
2665 
2666 		/*
2667 		 * Clear out old delegations, if we are above the high water
2668 		 * mark. Only clear out ones with no state related to them.
2669 		 * The tailq list is in LRU order.
2670 		 */
2671 		dp = TAILQ_LAST(&clp->nfsc_deleg, nfscldeleghead);
2672 		while (nfscl_delegcnt > nfscl_deleghighwater && dp != NULL) {
2673 		    ndp = TAILQ_PREV(dp, nfscldeleghead, nfsdl_list);
2674 		    if (dp->nfsdl_rwlock.nfslock_usecnt == 0 &&
2675 			dp->nfsdl_rwlock.nfslock_lock == 0 &&
2676 			dp->nfsdl_timestamp < NFSD_MONOSEC &&
2677 			(dp->nfsdl_flags & (NFSCLDL_RECALL | NFSCLDL_ZAPPED |
2678 			  NFSCLDL_NEEDRECLAIM | NFSCLDL_DELEGRET)) == 0) {
2679 			clearok = 1;
2680 			LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
2681 			    op = LIST_FIRST(&owp->nfsow_open);
2682 			    if (op != NULL) {
2683 				clearok = 0;
2684 				break;
2685 			    }
2686 			}
2687 			if (clearok) {
2688 			    LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
2689 				if (!LIST_EMPTY(&lp->nfsl_lock)) {
2690 				    clearok = 0;
2691 				    break;
2692 				}
2693 			    }
2694 			}
2695 			if (clearok) {
2696 			    TAILQ_REMOVE(&clp->nfsc_deleg, dp, nfsdl_list);
2697 			    LIST_REMOVE(dp, nfsdl_hash);
2698 			    TAILQ_INSERT_HEAD(&dh, dp, nfsdl_list);
2699 			    nfscl_delegcnt--;
2700 			    nfsstatsv1.cldelegates--;
2701 			}
2702 		    }
2703 		    dp = ndp;
2704 		}
2705 		if (igotlock)
2706 			nfsv4_unlock(&clp->nfsc_lock, 0);
2707 
2708 		/*
2709 		 * Do the recall on any layouts. To avoid trouble, always
2710 		 * come back up here after having slept.
2711 		 */
2712 		TAILQ_INIT(&rlh);
2713 tryagain2:
2714 		TAILQ_FOREACH_SAFE(lyp, &clp->nfsc_layout, nfsly_list, nlyp) {
2715 			if ((lyp->nfsly_flags & NFSLY_RECALL) != 0) {
2716 				/*
2717 				 * Wait for outstanding I/O ops to be done.
2718 				 */
2719 				if (lyp->nfsly_lock.nfslock_usecnt > 0 ||
2720 				    (lyp->nfsly_lock.nfslock_lock &
2721 				     NFSV4LOCK_LOCK) != 0) {
2722 					lyp->nfsly_lock.nfslock_lock |=
2723 					    NFSV4LOCK_WANTED;
2724 					(void)nfsmsleep(&lyp->nfsly_lock,
2725 					    NFSCLSTATEMUTEXPTR, PZERO, "nfslyp",
2726 					    NULL);
2727 					goto tryagain2;
2728 				}
2729 				/* Move the layout to the recall list. */
2730 				TAILQ_REMOVE(&clp->nfsc_layout, lyp,
2731 				    nfsly_list);
2732 				LIST_REMOVE(lyp, nfsly_hash);
2733 				TAILQ_INSERT_HEAD(&rlh, lyp, nfsly_list);
2734 
2735 				/* Handle any layout commits. */
2736 				if (!NFSHASNOLAYOUTCOMMIT(clp->nfsc_nmp) &&
2737 				    (lyp->nfsly_flags & NFSLY_WRITTEN) != 0) {
2738 					lyp->nfsly_flags &= ~NFSLY_WRITTEN;
2739 					NFSUNLOCKCLSTATE();
2740 					NFSCL_DEBUG(3, "do layoutcommit\n");
2741 					nfscl_dolayoutcommit(clp->nfsc_nmp, lyp,
2742 					    cred, p);
2743 					NFSLOCKCLSTATE();
2744 					goto tryagain2;
2745 				}
2746 			}
2747 		}
2748 
2749 		/* Now, look for stale layouts. */
2750 		lyp = TAILQ_LAST(&clp->nfsc_layout, nfscllayouthead);
2751 		while (lyp != NULL) {
2752 			nlyp = TAILQ_PREV(lyp, nfscllayouthead, nfsly_list);
2753 			if (lyp->nfsly_timestamp < NFSD_MONOSEC &&
2754 			    (lyp->nfsly_flags & NFSLY_RECALL) == 0 &&
2755 			    lyp->nfsly_lock.nfslock_usecnt == 0 &&
2756 			    lyp->nfsly_lock.nfslock_lock == 0) {
2757 				NFSCL_DEBUG(4, "ret stale lay=%d\n",
2758 				    nfscl_layoutcnt);
2759 				recallp = malloc(sizeof(*recallp),
2760 				    M_NFSLAYRECALL, M_NOWAIT);
2761 				if (recallp == NULL)
2762 					break;
2763 				(void)nfscl_layoutrecall(NFSLAYOUTRETURN_FILE,
2764 				    lyp, NFSLAYOUTIOMODE_ANY, 0, UINT64_MAX,
2765 				    lyp->nfsly_stateid.seqid, recallp);
2766 			}
2767 			lyp = nlyp;
2768 		}
2769 
2770 		/*
2771 		 * Free up any unreferenced device info structures.
2772 		 */
2773 		LIST_FOREACH_SAFE(dip, &clp->nfsc_devinfo, nfsdi_list, ndip) {
2774 			if (dip->nfsdi_layoutrefs == 0 &&
2775 			    dip->nfsdi_refcnt == 0) {
2776 				NFSCL_DEBUG(4, "freeing devinfo\n");
2777 				LIST_REMOVE(dip, nfsdi_list);
2778 				nfscl_freedevinfo(dip);
2779 			}
2780 		}
2781 		NFSUNLOCKCLSTATE();
2782 
2783 		/* Do layout return(s), as required. */
2784 		TAILQ_FOREACH_SAFE(lyp, &rlh, nfsly_list, nlyp) {
2785 			TAILQ_REMOVE(&rlh, lyp, nfsly_list);
2786 			NFSCL_DEBUG(4, "ret layout\n");
2787 			nfscl_layoutreturn(clp->nfsc_nmp, lyp, cred, p);
2788 			nfscl_freelayout(lyp);
2789 		}
2790 
2791 		/*
2792 		 * Delegreturn any delegations cleaned out or recalled.
2793 		 */
2794 		TAILQ_FOREACH_SAFE(dp, &dh, nfsdl_list, ndp) {
2795 			newnfs_copycred(&dp->nfsdl_cred, cred);
2796 			(void) nfscl_trydelegreturn(dp, cred, clp->nfsc_nmp, p);
2797 			TAILQ_REMOVE(&dh, dp, nfsdl_list);
2798 			FREE((caddr_t)dp, M_NFSCLDELEG);
2799 		}
2800 
2801 		SLIST_INIT(&lfh);
2802 		/*
2803 		 * Call nfscl_cleanupkext() once per second to check for
2804 		 * open/lock owners where the process has exited.
2805 		 */
2806 		mytime = NFSD_MONOSEC;
2807 		if (prevsec != mytime) {
2808 			prevsec = mytime;
2809 			nfscl_cleanupkext(clp, &lfh);
2810 		}
2811 
2812 		/*
2813 		 * Do a ReleaseLockOwner for all lock owners where the
2814 		 * associated process no longer exists, as found by
2815 		 * nfscl_cleanupkext().
2816 		 */
2817 		newnfs_setroot(cred);
2818 		SLIST_FOREACH_SAFE(lfhp, &lfh, nfslfh_list, nlfhp) {
2819 			LIST_FOREACH_SAFE(lp, &lfhp->nfslfh_lock, nfsl_list,
2820 			    nlp) {
2821 				(void)nfsrpc_rellockown(clp->nfsc_nmp, lp,
2822 				    lfhp->nfslfh_fh, lfhp->nfslfh_len, cred,
2823 				    p);
2824 				nfscl_freelockowner(lp, 0);
2825 			}
2826 			free(lfhp, M_TEMP);
2827 		}
2828 		SLIST_INIT(&lfh);
2829 
2830 		NFSLOCKCLSTATE();
2831 		if ((clp->nfsc_flags & NFSCLFLAGS_RECOVER) == 0)
2832 			(void)mtx_sleep(clp, NFSCLSTATEMUTEXPTR, PWAIT, "nfscl",
2833 			    hz);
2834 		if (clp->nfsc_flags & NFSCLFLAGS_UMOUNT) {
2835 			clp->nfsc_flags &= ~NFSCLFLAGS_HASTHREAD;
2836 			NFSUNLOCKCLSTATE();
2837 			NFSFREECRED(cred);
2838 			wakeup((caddr_t)clp);
2839 			return;
2840 		}
2841 		NFSUNLOCKCLSTATE();
2842 	}
2843 }
2844 
2845 /*
2846  * Initiate state recovery. Called when NFSERR_STALECLIENTID,
2847  * NFSERR_STALESTATEID or NFSERR_BADSESSION is received.
2848  */
2849 APPLESTATIC void
2850 nfscl_initiate_recovery(struct nfsclclient *clp)
2851 {
2852 
2853 	if (clp == NULL)
2854 		return;
2855 	NFSLOCKCLSTATE();
2856 	clp->nfsc_flags |= NFSCLFLAGS_RECOVER;
2857 	NFSUNLOCKCLSTATE();
2858 	wakeup((caddr_t)clp);
2859 }
2860 
2861 /*
2862  * Dump out the state stuff for debugging.
2863  */
2864 APPLESTATIC void
2865 nfscl_dumpstate(struct nfsmount *nmp, int openowner, int opens,
2866     int lockowner, int locks)
2867 {
2868 	struct nfsclclient *clp;
2869 	struct nfsclowner *owp;
2870 	struct nfsclopen *op;
2871 	struct nfscllockowner *lp;
2872 	struct nfscllock *lop;
2873 	struct nfscldeleg *dp;
2874 
2875 	clp = nmp->nm_clp;
2876 	if (clp == NULL) {
2877 		printf("nfscl dumpstate NULL clp\n");
2878 		return;
2879 	}
2880 	NFSLOCKCLSTATE();
2881 	TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
2882 	  LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
2883 	    if (openowner && !LIST_EMPTY(&owp->nfsow_open))
2884 		printf("owner=0x%x 0x%x 0x%x 0x%x seqid=%d\n",
2885 		    owp->nfsow_owner[0], owp->nfsow_owner[1],
2886 		    owp->nfsow_owner[2], owp->nfsow_owner[3],
2887 		    owp->nfsow_seqid);
2888 	    LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
2889 		if (opens)
2890 		    printf("open st=0x%x 0x%x 0x%x cnt=%d fh12=0x%x\n",
2891 			op->nfso_stateid.other[0], op->nfso_stateid.other[1],
2892 			op->nfso_stateid.other[2], op->nfso_opencnt,
2893 			op->nfso_fh[12]);
2894 		LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
2895 		    if (lockowner)
2896 			printf("lckown=0x%x 0x%x 0x%x 0x%x seqid=%d st=0x%x 0x%x 0x%x\n",
2897 			    lp->nfsl_owner[0], lp->nfsl_owner[1],
2898 			    lp->nfsl_owner[2], lp->nfsl_owner[3],
2899 			    lp->nfsl_seqid,
2900 			    lp->nfsl_stateid.other[0], lp->nfsl_stateid.other[1],
2901 			    lp->nfsl_stateid.other[2]);
2902 		    LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
2903 			if (locks)
2904 #ifdef __FreeBSD__
2905 			    printf("lck typ=%d fst=%ju end=%ju\n",
2906 				lop->nfslo_type, (intmax_t)lop->nfslo_first,
2907 				(intmax_t)lop->nfslo_end);
2908 #else
2909 			    printf("lck typ=%d fst=%qd end=%qd\n",
2910 				lop->nfslo_type, lop->nfslo_first,
2911 				lop->nfslo_end);
2912 #endif
2913 		    }
2914 		}
2915 	    }
2916 	  }
2917 	}
2918 	LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
2919 	    if (openowner && !LIST_EMPTY(&owp->nfsow_open))
2920 		printf("owner=0x%x 0x%x 0x%x 0x%x seqid=%d\n",
2921 		    owp->nfsow_owner[0], owp->nfsow_owner[1],
2922 		    owp->nfsow_owner[2], owp->nfsow_owner[3],
2923 		    owp->nfsow_seqid);
2924 	    LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
2925 		if (opens)
2926 		    printf("open st=0x%x 0x%x 0x%x cnt=%d fh12=0x%x\n",
2927 			op->nfso_stateid.other[0], op->nfso_stateid.other[1],
2928 			op->nfso_stateid.other[2], op->nfso_opencnt,
2929 			op->nfso_fh[12]);
2930 		LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
2931 		    if (lockowner)
2932 			printf("lckown=0x%x 0x%x 0x%x 0x%x seqid=%d st=0x%x 0x%x 0x%x\n",
2933 			    lp->nfsl_owner[0], lp->nfsl_owner[1],
2934 			    lp->nfsl_owner[2], lp->nfsl_owner[3],
2935 			    lp->nfsl_seqid,
2936 			    lp->nfsl_stateid.other[0], lp->nfsl_stateid.other[1],
2937 			    lp->nfsl_stateid.other[2]);
2938 		    LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
2939 			if (locks)
2940 #ifdef __FreeBSD__
2941 			    printf("lck typ=%d fst=%ju end=%ju\n",
2942 				lop->nfslo_type, (intmax_t)lop->nfslo_first,
2943 				(intmax_t)lop->nfslo_end);
2944 #else
2945 			    printf("lck typ=%d fst=%qd end=%qd\n",
2946 				lop->nfslo_type, lop->nfslo_first,
2947 				lop->nfslo_end);
2948 #endif
2949 		    }
2950 		}
2951 	    }
2952 	}
2953 	NFSUNLOCKCLSTATE();
2954 }
2955 
2956 /*
2957  * Check for duplicate open owners and opens.
2958  * (Only used as a diagnostic aid.)
2959  */
2960 APPLESTATIC void
2961 nfscl_dupopen(vnode_t vp, int dupopens)
2962 {
2963 	struct nfsclclient *clp;
2964 	struct nfsclowner *owp, *owp2;
2965 	struct nfsclopen *op, *op2;
2966 	struct nfsfh *nfhp;
2967 
2968 	clp = VFSTONFS(vnode_mount(vp))->nm_clp;
2969 	if (clp == NULL) {
2970 		printf("nfscl dupopen NULL clp\n");
2971 		return;
2972 	}
2973 	nfhp = VTONFS(vp)->n_fhp;
2974 	NFSLOCKCLSTATE();
2975 
2976 	/*
2977 	 * First, search for duplicate owners.
2978 	 * These should never happen!
2979 	 */
2980 	LIST_FOREACH(owp2, &clp->nfsc_owner, nfsow_list) {
2981 	    LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
2982 		if (owp != owp2 &&
2983 		    !NFSBCMP(owp->nfsow_owner, owp2->nfsow_owner,
2984 		    NFSV4CL_LOCKNAMELEN)) {
2985 			NFSUNLOCKCLSTATE();
2986 			printf("DUP OWNER\n");
2987 			nfscl_dumpstate(VFSTONFS(vnode_mount(vp)), 1, 1, 0, 0);
2988 			return;
2989 		}
2990 	    }
2991 	}
2992 
2993 	/*
2994 	 * Now, search for duplicate stateids.
2995 	 * These shouldn't happen, either.
2996 	 */
2997 	LIST_FOREACH(owp2, &clp->nfsc_owner, nfsow_list) {
2998 	    LIST_FOREACH(op2, &owp2->nfsow_open, nfso_list) {
2999 		LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
3000 		    LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
3001 			if (op != op2 &&
3002 			    (op->nfso_stateid.other[0] != 0 ||
3003 			     op->nfso_stateid.other[1] != 0 ||
3004 			     op->nfso_stateid.other[2] != 0) &&
3005 			    op->nfso_stateid.other[0] == op2->nfso_stateid.other[0] &&
3006 			    op->nfso_stateid.other[1] == op2->nfso_stateid.other[1] &&
3007 			    op->nfso_stateid.other[2] == op2->nfso_stateid.other[2]) {
3008 			    NFSUNLOCKCLSTATE();
3009 			    printf("DUP STATEID\n");
3010 			    nfscl_dumpstate(VFSTONFS(vnode_mount(vp)), 1, 1, 0,
3011 				0);
3012 			    return;
3013 			}
3014 		    }
3015 		}
3016 	    }
3017 	}
3018 
3019 	/*
3020 	 * Now search for duplicate opens.
3021 	 * Duplicate opens for the same owner
3022 	 * should never occur. Other duplicates are
3023 	 * possible and are checked for if "dupopens"
3024 	 * is true.
3025 	 */
3026 	LIST_FOREACH(owp2, &clp->nfsc_owner, nfsow_list) {
3027 	    LIST_FOREACH(op2, &owp2->nfsow_open, nfso_list) {
3028 		if (nfhp->nfh_len == op2->nfso_fhlen &&
3029 		    !NFSBCMP(nfhp->nfh_fh, op2->nfso_fh, nfhp->nfh_len)) {
3030 		    LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
3031 			LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
3032 			    if (op != op2 && nfhp->nfh_len == op->nfso_fhlen &&
3033 				!NFSBCMP(nfhp->nfh_fh, op->nfso_fh, nfhp->nfh_len) &&
3034 				(!NFSBCMP(op->nfso_own->nfsow_owner,
3035 				 op2->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN) ||
3036 				 dupopens)) {
3037 				if (!NFSBCMP(op->nfso_own->nfsow_owner,
3038 				    op2->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN)) {
3039 				    NFSUNLOCKCLSTATE();
3040 				    printf("BADDUP OPEN\n");
3041 				} else {
3042 				    NFSUNLOCKCLSTATE();
3043 				    printf("DUP OPEN\n");
3044 				}
3045 				nfscl_dumpstate(VFSTONFS(vnode_mount(vp)), 1, 1,
3046 				    0, 0);
3047 				return;
3048 			    }
3049 			}
3050 		    }
3051 		}
3052 	    }
3053 	}
3054 	NFSUNLOCKCLSTATE();
3055 }
3056 
3057 /*
3058  * During close, find an open that needs to be dereferenced and
3059  * dereference it. If there are no more opens for this file,
3060  * log a message to that effect.
3061  * Opens aren't actually Close'd until VOP_INACTIVE() is performed
3062  * on the file's vnode.
3063  * This is the safe way, since it is difficult to identify
3064  * which open the close is for and I/O can be performed after the
3065  * close(2) system call when a file is mmap'd.
3066  * If it returns 0 for success, there will be a referenced
3067  * clp returned via clpp.
3068  */
3069 APPLESTATIC int
3070 nfscl_getclose(vnode_t vp, struct nfsclclient **clpp)
3071 {
3072 	struct nfsclclient *clp;
3073 	struct nfsclowner *owp;
3074 	struct nfsclopen *op;
3075 	struct nfscldeleg *dp;
3076 	struct nfsfh *nfhp;
3077 	int error, notdecr;
3078 
3079 	error = nfscl_getcl(vnode_mount(vp), NULL, NULL, 1, &clp);
3080 	if (error)
3081 		return (error);
3082 	*clpp = clp;
3083 
3084 	nfhp = VTONFS(vp)->n_fhp;
3085 	notdecr = 1;
3086 	NFSLOCKCLSTATE();
3087 	/*
3088 	 * First, look for one under a delegation that was locally issued
3089 	 * and just decrement the opencnt for it. Since all my Opens against
3090 	 * the server are DENY_NONE, I don't see a problem with hanging
3091 	 * onto them. (It is much easier to use one of the extant Opens
3092 	 * that I already have on the server when a Delegation is recalled
3093 	 * than to do fresh Opens.) Someday, I might need to rethink this, but.
3094 	 */
3095 	dp = nfscl_finddeleg(clp, nfhp->nfh_fh, nfhp->nfh_len);
3096 	if (dp != NULL) {
3097 		LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
3098 			op = LIST_FIRST(&owp->nfsow_open);
3099 			if (op != NULL) {
3100 				/*
3101 				 * Since a delegation is for a file, there
3102 				 * should never be more than one open for
3103 				 * each openowner.
3104 				 */
3105 				if (LIST_NEXT(op, nfso_list) != NULL)
3106 					panic("nfscdeleg opens");
3107 				if (notdecr && op->nfso_opencnt > 0) {
3108 					notdecr = 0;
3109 					op->nfso_opencnt--;
3110 					break;
3111 				}
3112 			}
3113 		}
3114 	}
3115 
3116 	/* Now process the opens against the server. */
3117 	LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
3118 		LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
3119 			if (op->nfso_fhlen == nfhp->nfh_len &&
3120 			    !NFSBCMP(op->nfso_fh, nfhp->nfh_fh,
3121 			    nfhp->nfh_len)) {
3122 				/* Found an open, decrement cnt if possible */
3123 				if (notdecr && op->nfso_opencnt > 0) {
3124 					notdecr = 0;
3125 					op->nfso_opencnt--;
3126 				}
3127 				/*
3128 				 * There are more opens, so just return.
3129 				 */
3130 				if (op->nfso_opencnt > 0) {
3131 					NFSUNLOCKCLSTATE();
3132 					return (0);
3133 				}
3134 			}
3135 		}
3136 	}
3137 	NFSUNLOCKCLSTATE();
3138 	if (notdecr)
3139 		printf("nfscl: never fnd open\n");
3140 	return (0);
3141 }
3142 
3143 APPLESTATIC int
3144 nfscl_doclose(vnode_t vp, struct nfsclclient **clpp, NFSPROC_T *p)
3145 {
3146 	struct nfsclclient *clp;
3147 	struct nfsclowner *owp, *nowp;
3148 	struct nfsclopen *op;
3149 	struct nfscldeleg *dp;
3150 	struct nfsfh *nfhp;
3151 	struct nfsclrecalllayout *recallp;
3152 	int error;
3153 
3154 	error = nfscl_getcl(vnode_mount(vp), NULL, NULL, 1, &clp);
3155 	if (error)
3156 		return (error);
3157 	*clpp = clp;
3158 
3159 	nfhp = VTONFS(vp)->n_fhp;
3160 	recallp = malloc(sizeof(*recallp), M_NFSLAYRECALL, M_WAITOK);
3161 	NFSLOCKCLSTATE();
3162 	/*
3163 	 * First get rid of the local Open structures, which should be no
3164 	 * longer in use.
3165 	 */
3166 	dp = nfscl_finddeleg(clp, nfhp->nfh_fh, nfhp->nfh_len);
3167 	if (dp != NULL) {
3168 		LIST_FOREACH_SAFE(owp, &dp->nfsdl_owner, nfsow_list, nowp) {
3169 			op = LIST_FIRST(&owp->nfsow_open);
3170 			if (op != NULL) {
3171 				KASSERT((op->nfso_opencnt == 0),
3172 				    ("nfscl: bad open cnt on deleg"));
3173 				nfscl_freeopen(op, 1);
3174 			}
3175 			nfscl_freeopenowner(owp, 1);
3176 		}
3177 	}
3178 
3179 	/* Return any layouts marked return on close. */
3180 	nfscl_retoncloselayout(vp, clp, nfhp->nfh_fh, nfhp->nfh_len, &recallp);
3181 
3182 	/* Now process the opens against the server. */
3183 lookformore:
3184 	LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
3185 		op = LIST_FIRST(&owp->nfsow_open);
3186 		while (op != NULL) {
3187 			if (op->nfso_fhlen == nfhp->nfh_len &&
3188 			    !NFSBCMP(op->nfso_fh, nfhp->nfh_fh,
3189 			    nfhp->nfh_len)) {
3190 				/* Found an open, close it. */
3191 				KASSERT((op->nfso_opencnt == 0),
3192 				    ("nfscl: bad open cnt on server"));
3193 				NFSUNLOCKCLSTATE();
3194 				nfsrpc_doclose(VFSTONFS(vnode_mount(vp)), op,
3195 				    p);
3196 				NFSLOCKCLSTATE();
3197 				goto lookformore;
3198 			}
3199 			op = LIST_NEXT(op, nfso_list);
3200 		}
3201 	}
3202 	NFSUNLOCKCLSTATE();
3203 	/*
3204 	 * recallp has been set NULL by nfscl_retoncloselayout() if it was
3205 	 * used by the function, but calling free() with a NULL pointer is ok.
3206 	 */
3207 	free(recallp, M_NFSLAYRECALL);
3208 	return (0);
3209 }
3210 
3211 /*
3212  * Return all delegations on this client.
3213  * (Must be called with client sleep lock.)
3214  */
3215 static void
3216 nfscl_delegreturnall(struct nfsclclient *clp, NFSPROC_T *p)
3217 {
3218 	struct nfscldeleg *dp, *ndp;
3219 	struct ucred *cred;
3220 
3221 	cred = newnfs_getcred();
3222 	TAILQ_FOREACH_SAFE(dp, &clp->nfsc_deleg, nfsdl_list, ndp) {
3223 		nfscl_cleandeleg(dp);
3224 		(void) nfscl_trydelegreturn(dp, cred, clp->nfsc_nmp, p);
3225 		nfscl_freedeleg(&clp->nfsc_deleg, dp);
3226 	}
3227 	NFSFREECRED(cred);
3228 }
3229 
3230 /*
3231  * Do a callback RPC.
3232  */
3233 APPLESTATIC void
3234 nfscl_docb(struct nfsrv_descript *nd, NFSPROC_T *p)
3235 {
3236 	int clist, gotseq_ok, i, j, k, op, rcalls;
3237 	u_int32_t *tl;
3238 	struct nfsclclient *clp;
3239 	struct nfscldeleg *dp = NULL;
3240 	int numops, taglen = -1, error = 0, trunc;
3241 	u_int32_t minorvers = 0, retops = 0, *retopsp = NULL, *repp, cbident;
3242 	u_char tag[NFSV4_SMALLSTR + 1], *tagstr;
3243 	vnode_t vp = NULL;
3244 	struct nfsnode *np;
3245 	struct vattr va;
3246 	struct nfsfh *nfhp;
3247 	mount_t mp;
3248 	nfsattrbit_t attrbits, rattrbits;
3249 	nfsv4stateid_t stateid;
3250 	uint32_t seqid, slotid = 0, highslot, cachethis;
3251 	uint8_t sessionid[NFSX_V4SESSIONID];
3252 	struct mbuf *rep;
3253 	struct nfscllayout *lyp;
3254 	uint64_t filesid[2], len, off;
3255 	int changed, gotone, laytype, recalltype;
3256 	uint32_t iomode;
3257 	struct nfsclrecalllayout *recallp = NULL;
3258 	struct nfsclsession *tsep;
3259 
3260 	gotseq_ok = 0;
3261 	nfsrvd_rephead(nd);
3262 	NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3263 	taglen = fxdr_unsigned(int, *tl);
3264 	if (taglen < 0) {
3265 		error = EBADRPC;
3266 		goto nfsmout;
3267 	}
3268 	if (taglen <= NFSV4_SMALLSTR)
3269 		tagstr = tag;
3270 	else
3271 		tagstr = malloc(taglen + 1, M_TEMP, M_WAITOK);
3272 	error = nfsrv_mtostr(nd, tagstr, taglen);
3273 	if (error) {
3274 		if (taglen > NFSV4_SMALLSTR)
3275 			free(tagstr, M_TEMP);
3276 		taglen = -1;
3277 		goto nfsmout;
3278 	}
3279 	(void) nfsm_strtom(nd, tag, taglen);
3280 	if (taglen > NFSV4_SMALLSTR) {
3281 		free(tagstr, M_TEMP);
3282 	}
3283 	NFSM_BUILD(retopsp, u_int32_t *, NFSX_UNSIGNED);
3284 	NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
3285 	minorvers = fxdr_unsigned(u_int32_t, *tl++);
3286 	if (minorvers != NFSV4_MINORVERSION && minorvers != NFSV41_MINORVERSION)
3287 		nd->nd_repstat = NFSERR_MINORVERMISMATCH;
3288 	cbident = fxdr_unsigned(u_int32_t, *tl++);
3289 	if (nd->nd_repstat)
3290 		numops = 0;
3291 	else
3292 		numops = fxdr_unsigned(int, *tl);
3293 	/*
3294 	 * Loop around doing the sub ops.
3295 	 */
3296 	for (i = 0; i < numops; i++) {
3297 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3298 		NFSM_BUILD(repp, u_int32_t *, 2 * NFSX_UNSIGNED);
3299 		*repp++ = *tl;
3300 		op = fxdr_unsigned(int, *tl);
3301 		if (op < NFSV4OP_CBGETATTR ||
3302 		   (op > NFSV4OP_CBRECALL && minorvers == NFSV4_MINORVERSION) ||
3303 		   (op > NFSV4OP_CBNOTIFYDEVID &&
3304 		    minorvers == NFSV41_MINORVERSION)) {
3305 		    nd->nd_repstat = NFSERR_OPILLEGAL;
3306 		    *repp = nfscl_errmap(nd, minorvers);
3307 		    retops++;
3308 		    break;
3309 		}
3310 		nd->nd_procnum = op;
3311 		if (op < NFSV41_CBNOPS)
3312 			nfsstatsv1.cbrpccnt[nd->nd_procnum]++;
3313 		switch (op) {
3314 		case NFSV4OP_CBGETATTR:
3315 			NFSCL_DEBUG(4, "cbgetattr\n");
3316 			mp = NULL;
3317 			vp = NULL;
3318 			error = nfsm_getfh(nd, &nfhp);
3319 			if (!error)
3320 				error = nfsrv_getattrbits(nd, &attrbits,
3321 				    NULL, NULL);
3322 			if (error == 0 && i == 0 &&
3323 			    minorvers != NFSV4_MINORVERSION)
3324 				error = NFSERR_OPNOTINSESS;
3325 			if (!error) {
3326 				mp = nfscl_getmnt(minorvers, sessionid, cbident,
3327 				    &clp);
3328 				if (mp == NULL)
3329 					error = NFSERR_SERVERFAULT;
3330 			}
3331 			if (!error) {
3332 				error = nfscl_ngetreopen(mp, nfhp->nfh_fh,
3333 				    nfhp->nfh_len, p, &np);
3334 				if (!error)
3335 					vp = NFSTOV(np);
3336 			}
3337 			if (!error) {
3338 				NFSZERO_ATTRBIT(&rattrbits);
3339 				NFSLOCKCLSTATE();
3340 				dp = nfscl_finddeleg(clp, nfhp->nfh_fh,
3341 				    nfhp->nfh_len);
3342 				if (dp != NULL) {
3343 					if (NFSISSET_ATTRBIT(&attrbits,
3344 					    NFSATTRBIT_SIZE)) {
3345 						if (vp != NULL)
3346 							va.va_size = np->n_size;
3347 						else
3348 							va.va_size =
3349 							    dp->nfsdl_size;
3350 						NFSSETBIT_ATTRBIT(&rattrbits,
3351 						    NFSATTRBIT_SIZE);
3352 					}
3353 					if (NFSISSET_ATTRBIT(&attrbits,
3354 					    NFSATTRBIT_CHANGE)) {
3355 						va.va_filerev =
3356 						    dp->nfsdl_change;
3357 						if (vp == NULL ||
3358 						    (np->n_flag & NDELEGMOD))
3359 							va.va_filerev++;
3360 						NFSSETBIT_ATTRBIT(&rattrbits,
3361 						    NFSATTRBIT_CHANGE);
3362 					}
3363 				} else
3364 					error = NFSERR_SERVERFAULT;
3365 				NFSUNLOCKCLSTATE();
3366 			}
3367 			if (vp != NULL)
3368 				vrele(vp);
3369 			if (mp != NULL)
3370 				vfs_unbusy(mp);
3371 			if (nfhp != NULL)
3372 				FREE((caddr_t)nfhp, M_NFSFH);
3373 			if (!error)
3374 				(void) nfsv4_fillattr(nd, NULL, NULL, NULL, &va,
3375 				    NULL, 0, &rattrbits, NULL, p, 0, 0, 0, 0,
3376 				    (uint64_t)0);
3377 			break;
3378 		case NFSV4OP_CBRECALL:
3379 			NFSCL_DEBUG(4, "cbrecall\n");
3380 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
3381 			    NFSX_UNSIGNED);
3382 			stateid.seqid = *tl++;
3383 			NFSBCOPY((caddr_t)tl, (caddr_t)stateid.other,
3384 			    NFSX_STATEIDOTHER);
3385 			tl += (NFSX_STATEIDOTHER / NFSX_UNSIGNED);
3386 			trunc = fxdr_unsigned(int, *tl);
3387 			error = nfsm_getfh(nd, &nfhp);
3388 			if (error == 0 && i == 0 &&
3389 			    minorvers != NFSV4_MINORVERSION)
3390 				error = NFSERR_OPNOTINSESS;
3391 			if (!error) {
3392 				NFSLOCKCLSTATE();
3393 				if (minorvers == NFSV4_MINORVERSION)
3394 					clp = nfscl_getclnt(cbident);
3395 				else
3396 					clp = nfscl_getclntsess(sessionid);
3397 				if (clp != NULL) {
3398 					dp = nfscl_finddeleg(clp, nfhp->nfh_fh,
3399 					    nfhp->nfh_len);
3400 					if (dp != NULL && (dp->nfsdl_flags &
3401 					    NFSCLDL_DELEGRET) == 0) {
3402 						dp->nfsdl_flags |=
3403 						    NFSCLDL_RECALL;
3404 						wakeup((caddr_t)clp);
3405 					}
3406 				} else {
3407 					error = NFSERR_SERVERFAULT;
3408 				}
3409 				NFSUNLOCKCLSTATE();
3410 			}
3411 			if (nfhp != NULL)
3412 				FREE((caddr_t)nfhp, M_NFSFH);
3413 			break;
3414 		case NFSV4OP_CBLAYOUTRECALL:
3415 			NFSCL_DEBUG(4, "cblayrec\n");
3416 			nfhp = NULL;
3417 			NFSM_DISSECT(tl, uint32_t *, 4 * NFSX_UNSIGNED);
3418 			laytype = fxdr_unsigned(int, *tl++);
3419 			iomode = fxdr_unsigned(uint32_t, *tl++);
3420 			if (newnfs_true == *tl++)
3421 				changed = 1;
3422 			else
3423 				changed = 0;
3424 			recalltype = fxdr_unsigned(int, *tl);
3425 			recallp = malloc(sizeof(*recallp), M_NFSLAYRECALL,
3426 			    M_WAITOK);
3427 			if (laytype != NFSLAYOUT_NFSV4_1_FILES)
3428 				error = NFSERR_NOMATCHLAYOUT;
3429 			else if (recalltype == NFSLAYOUTRETURN_FILE) {
3430 				error = nfsm_getfh(nd, &nfhp);
3431 				NFSCL_DEBUG(4, "retfile getfh=%d\n", error);
3432 				if (error != 0)
3433 					goto nfsmout;
3434 				NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_HYPER +
3435 				    NFSX_STATEID);
3436 				off = fxdr_hyper(tl); tl += 2;
3437 				len = fxdr_hyper(tl); tl += 2;
3438 				stateid.seqid = fxdr_unsigned(uint32_t, *tl++);
3439 				NFSBCOPY(tl, stateid.other, NFSX_STATEIDOTHER);
3440 				if (minorvers == NFSV4_MINORVERSION)
3441 					error = NFSERR_NOTSUPP;
3442 				else if (i == 0)
3443 					error = NFSERR_OPNOTINSESS;
3444 				if (error == 0) {
3445 					NFSLOCKCLSTATE();
3446 					clp = nfscl_getclntsess(sessionid);
3447 					NFSCL_DEBUG(4, "cbly clp=%p\n", clp);
3448 					if (clp != NULL) {
3449 						lyp = nfscl_findlayout(clp,
3450 						    nfhp->nfh_fh,
3451 						    nfhp->nfh_len);
3452 						NFSCL_DEBUG(4, "cblyp=%p\n",
3453 						    lyp);
3454 						if (lyp != NULL &&
3455 						    (lyp->nfsly_flags &
3456 						     NFSLY_FILES) != 0 &&
3457 						    !NFSBCMP(stateid.other,
3458 						    lyp->nfsly_stateid.other,
3459 						    NFSX_STATEIDOTHER)) {
3460 							error =
3461 							    nfscl_layoutrecall(
3462 							    recalltype,
3463 							    lyp, iomode, off,
3464 							    len, stateid.seqid,
3465 							    recallp);
3466 							recallp = NULL;
3467 							wakeup(clp);
3468 							NFSCL_DEBUG(4,
3469 							    "aft layrcal=%d\n",
3470 							    error);
3471 						} else
3472 							error =
3473 							  NFSERR_NOMATCHLAYOUT;
3474 					} else
3475 						error = NFSERR_NOMATCHLAYOUT;
3476 					NFSUNLOCKCLSTATE();
3477 				}
3478 				free(nfhp, M_NFSFH);
3479 			} else if (recalltype == NFSLAYOUTRETURN_FSID) {
3480 				NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_HYPER);
3481 				filesid[0] = fxdr_hyper(tl); tl += 2;
3482 				filesid[1] = fxdr_hyper(tl); tl += 2;
3483 				gotone = 0;
3484 				NFSLOCKCLSTATE();
3485 				clp = nfscl_getclntsess(sessionid);
3486 				if (clp != NULL) {
3487 					TAILQ_FOREACH(lyp, &clp->nfsc_layout,
3488 					    nfsly_list) {
3489 						if (lyp->nfsly_filesid[0] ==
3490 						    filesid[0] &&
3491 						    lyp->nfsly_filesid[1] ==
3492 						    filesid[1]) {
3493 							error =
3494 							    nfscl_layoutrecall(
3495 							    recalltype,
3496 							    lyp, iomode, 0,
3497 							    UINT64_MAX,
3498 							    lyp->nfsly_stateid.seqid,
3499 							    recallp);
3500 							recallp = NULL;
3501 							gotone = 1;
3502 						}
3503 					}
3504 					if (gotone != 0)
3505 						wakeup(clp);
3506 					else
3507 						error = NFSERR_NOMATCHLAYOUT;
3508 				} else
3509 					error = NFSERR_NOMATCHLAYOUT;
3510 				NFSUNLOCKCLSTATE();
3511 			} else if (recalltype == NFSLAYOUTRETURN_ALL) {
3512 				gotone = 0;
3513 				NFSLOCKCLSTATE();
3514 				clp = nfscl_getclntsess(sessionid);
3515 				if (clp != NULL) {
3516 					TAILQ_FOREACH(lyp, &clp->nfsc_layout,
3517 					    nfsly_list) {
3518 						error = nfscl_layoutrecall(
3519 						    recalltype, lyp, iomode, 0,
3520 						    UINT64_MAX,
3521 						    lyp->nfsly_stateid.seqid,
3522 						    recallp);
3523 						recallp = NULL;
3524 						gotone = 1;
3525 					}
3526 					if (gotone != 0)
3527 						wakeup(clp);
3528 					else
3529 						error = NFSERR_NOMATCHLAYOUT;
3530 				} else
3531 					error = NFSERR_NOMATCHLAYOUT;
3532 				NFSUNLOCKCLSTATE();
3533 			} else
3534 				error = NFSERR_NOMATCHLAYOUT;
3535 			if (recallp != NULL) {
3536 				free(recallp, M_NFSLAYRECALL);
3537 				recallp = NULL;
3538 			}
3539 			break;
3540 		case NFSV4OP_CBSEQUENCE:
3541 			NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
3542 			    5 * NFSX_UNSIGNED);
3543 			bcopy(tl, sessionid, NFSX_V4SESSIONID);
3544 			tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
3545 			seqid = fxdr_unsigned(uint32_t, *tl++);
3546 			slotid = fxdr_unsigned(uint32_t, *tl++);
3547 			highslot = fxdr_unsigned(uint32_t, *tl++);
3548 			cachethis = *tl++;
3549 			/* Throw away the referring call stuff. */
3550 			clist = fxdr_unsigned(int, *tl);
3551 			for (j = 0; j < clist; j++) {
3552 				NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
3553 				    NFSX_UNSIGNED);
3554 				tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
3555 				rcalls = fxdr_unsigned(int, *tl);
3556 				for (k = 0; k < rcalls; k++) {
3557 					NFSM_DISSECT(tl, uint32_t *,
3558 					    2 * NFSX_UNSIGNED);
3559 				}
3560 			}
3561 			NFSLOCKCLSTATE();
3562 			if (i == 0) {
3563 				clp = nfscl_getclntsess(sessionid);
3564 				if (clp == NULL)
3565 					error = NFSERR_SERVERFAULT;
3566 			} else
3567 				error = NFSERR_SEQUENCEPOS;
3568 			if (error == 0) {
3569 				tsep = nfsmnt_mdssession(clp->nfsc_nmp);
3570 				error = nfsv4_seqsession(seqid, slotid,
3571 				    highslot, tsep->nfsess_cbslots, &rep,
3572 				    tsep->nfsess_backslots);
3573 			}
3574 			NFSUNLOCKCLSTATE();
3575 			if (error == 0 || error == NFSERR_REPLYFROMCACHE) {
3576 				gotseq_ok = 1;
3577 				if (rep != NULL) {
3578 					/*
3579 					 * Handle a reply for a retried
3580 					 * callback.  The reply will be
3581 					 * re-inserted in the session cache
3582 					 * by the nfsv4_seqsess_cacherep() call
3583 					 * after out:
3584 					 */
3585 					KASSERT(error == NFSERR_REPLYFROMCACHE,
3586 					    ("cbsequence: non-NULL rep"));
3587 					NFSCL_DEBUG(4, "Got cbretry\n");
3588 					m_freem(nd->nd_mreq);
3589 					nd->nd_mreq = rep;
3590 					rep = NULL;
3591 					goto out;
3592 				}
3593 				NFSM_BUILD(tl, uint32_t *,
3594 				    NFSX_V4SESSIONID + 4 * NFSX_UNSIGNED);
3595 				bcopy(sessionid, tl, NFSX_V4SESSIONID);
3596 				tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
3597 				*tl++ = txdr_unsigned(seqid);
3598 				*tl++ = txdr_unsigned(slotid);
3599 				*tl++ = txdr_unsigned(NFSV4_CBSLOTS - 1);
3600 				*tl = txdr_unsigned(NFSV4_CBSLOTS - 1);
3601 			}
3602 			break;
3603 		default:
3604 			if (i == 0 && minorvers == NFSV41_MINORVERSION)
3605 				error = NFSERR_OPNOTINSESS;
3606 			else {
3607 				NFSCL_DEBUG(1, "unsupp callback %d\n", op);
3608 				error = NFSERR_NOTSUPP;
3609 			}
3610 			break;
3611 		}
3612 		if (error) {
3613 			if (error == EBADRPC || error == NFSERR_BADXDR) {
3614 				nd->nd_repstat = NFSERR_BADXDR;
3615 			} else {
3616 				nd->nd_repstat = error;
3617 			}
3618 			error = 0;
3619 		}
3620 		retops++;
3621 		if (nd->nd_repstat) {
3622 			*repp = nfscl_errmap(nd, minorvers);
3623 			break;
3624 		} else
3625 			*repp = 0;	/* NFS4_OK */
3626 	}
3627 nfsmout:
3628 	if (recallp != NULL)
3629 		free(recallp, M_NFSLAYRECALL);
3630 	if (error) {
3631 		if (error == EBADRPC || error == NFSERR_BADXDR)
3632 			nd->nd_repstat = NFSERR_BADXDR;
3633 		else
3634 			printf("nfsv4 comperr1=%d\n", error);
3635 	}
3636 	if (taglen == -1) {
3637 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
3638 		*tl++ = 0;
3639 		*tl = 0;
3640 	} else {
3641 		*retopsp = txdr_unsigned(retops);
3642 	}
3643 	*nd->nd_errp = nfscl_errmap(nd, minorvers);
3644 out:
3645 	if (gotseq_ok != 0) {
3646 		rep = m_copym(nd->nd_mreq, 0, M_COPYALL, M_WAITOK);
3647 		NFSLOCKCLSTATE();
3648 		clp = nfscl_getclntsess(sessionid);
3649 		if (clp != NULL) {
3650 			tsep = nfsmnt_mdssession(clp->nfsc_nmp);
3651 			nfsv4_seqsess_cacherep(slotid, tsep->nfsess_cbslots,
3652 			    NFSERR_OK, &rep);
3653 			NFSUNLOCKCLSTATE();
3654 		} else {
3655 			NFSUNLOCKCLSTATE();
3656 			m_freem(rep);
3657 		}
3658 	}
3659 }
3660 
3661 /*
3662  * Generate the next cbident value. Basically just increment a static value
3663  * and then check that it isn't already in the list, if it has wrapped around.
3664  */
3665 static u_int32_t
3666 nfscl_nextcbident(void)
3667 {
3668 	struct nfsclclient *clp;
3669 	int matched;
3670 	static u_int32_t nextcbident = 0;
3671 	static int haswrapped = 0;
3672 
3673 	nextcbident++;
3674 	if (nextcbident == 0)
3675 		haswrapped = 1;
3676 	if (haswrapped) {
3677 		/*
3678 		 * Search the clientid list for one already using this cbident.
3679 		 */
3680 		do {
3681 			matched = 0;
3682 			NFSLOCKCLSTATE();
3683 			LIST_FOREACH(clp, &nfsclhead, nfsc_list) {
3684 				if (clp->nfsc_cbident == nextcbident) {
3685 					matched = 1;
3686 					break;
3687 				}
3688 			}
3689 			NFSUNLOCKCLSTATE();
3690 			if (matched == 1)
3691 				nextcbident++;
3692 		} while (matched);
3693 	}
3694 	return (nextcbident);
3695 }
3696 
3697 /*
3698  * Get the mount point related to a given cbident or session and busy it.
3699  */
3700 static mount_t
3701 nfscl_getmnt(int minorvers, uint8_t *sessionid, u_int32_t cbident,
3702     struct nfsclclient **clpp)
3703 {
3704 	struct nfsclclient *clp;
3705 	mount_t mp;
3706 	int error;
3707 	struct nfsclsession *tsep;
3708 
3709 	*clpp = NULL;
3710 	NFSLOCKCLSTATE();
3711 	LIST_FOREACH(clp, &nfsclhead, nfsc_list) {
3712 		tsep = nfsmnt_mdssession(clp->nfsc_nmp);
3713 		if (minorvers == NFSV4_MINORVERSION) {
3714 			if (clp->nfsc_cbident == cbident)
3715 				break;
3716 		} else if (!NFSBCMP(tsep->nfsess_sessionid, sessionid,
3717 		    NFSX_V4SESSIONID))
3718 			break;
3719 	}
3720 	if (clp == NULL) {
3721 		NFSUNLOCKCLSTATE();
3722 		return (NULL);
3723 	}
3724 	mp = clp->nfsc_nmp->nm_mountp;
3725 	vfs_ref(mp);
3726 	NFSUNLOCKCLSTATE();
3727 	error = vfs_busy(mp, 0);
3728 	vfs_rel(mp);
3729 	if (error != 0)
3730 		return (NULL);
3731 	*clpp = clp;
3732 	return (mp);
3733 }
3734 
3735 /*
3736  * Get the clientid pointer related to a given cbident.
3737  */
3738 static struct nfsclclient *
3739 nfscl_getclnt(u_int32_t cbident)
3740 {
3741 	struct nfsclclient *clp;
3742 
3743 	LIST_FOREACH(clp, &nfsclhead, nfsc_list)
3744 		if (clp->nfsc_cbident == cbident)
3745 			break;
3746 	return (clp);
3747 }
3748 
3749 /*
3750  * Get the clientid pointer related to a given sessionid.
3751  */
3752 static struct nfsclclient *
3753 nfscl_getclntsess(uint8_t *sessionid)
3754 {
3755 	struct nfsclclient *clp;
3756 	struct nfsclsession *tsep;
3757 
3758 	LIST_FOREACH(clp, &nfsclhead, nfsc_list) {
3759 		tsep = nfsmnt_mdssession(clp->nfsc_nmp);
3760 		if (!NFSBCMP(tsep->nfsess_sessionid, sessionid,
3761 		    NFSX_V4SESSIONID))
3762 			break;
3763 	}
3764 	return (clp);
3765 }
3766 
3767 /*
3768  * Search for a lock conflict locally on the client. A conflict occurs if
3769  * - not same owner and overlapping byte range and at least one of them is
3770  *   a write lock or this is an unlock.
3771  */
3772 static int
3773 nfscl_localconflict(struct nfsclclient *clp, u_int8_t *fhp, int fhlen,
3774     struct nfscllock *nlop, u_int8_t *own, struct nfscldeleg *dp,
3775     struct nfscllock **lopp)
3776 {
3777 	struct nfsclowner *owp;
3778 	struct nfsclopen *op;
3779 	int ret;
3780 
3781 	if (dp != NULL) {
3782 		ret = nfscl_checkconflict(&dp->nfsdl_lock, nlop, own, lopp);
3783 		if (ret)
3784 			return (ret);
3785 	}
3786 	LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
3787 		LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
3788 			if (op->nfso_fhlen == fhlen &&
3789 			    !NFSBCMP(op->nfso_fh, fhp, fhlen)) {
3790 				ret = nfscl_checkconflict(&op->nfso_lock, nlop,
3791 				    own, lopp);
3792 				if (ret)
3793 					return (ret);
3794 			}
3795 		}
3796 	}
3797 	return (0);
3798 }
3799 
3800 static int
3801 nfscl_checkconflict(struct nfscllockownerhead *lhp, struct nfscllock *nlop,
3802     u_int8_t *own, struct nfscllock **lopp)
3803 {
3804 	struct nfscllockowner *lp;
3805 	struct nfscllock *lop;
3806 
3807 	LIST_FOREACH(lp, lhp, nfsl_list) {
3808 		if (NFSBCMP(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN)) {
3809 			LIST_FOREACH(lop, &lp->nfsl_lock, nfslo_list) {
3810 				if (lop->nfslo_first >= nlop->nfslo_end)
3811 					break;
3812 				if (lop->nfslo_end <= nlop->nfslo_first)
3813 					continue;
3814 				if (lop->nfslo_type == F_WRLCK ||
3815 				    nlop->nfslo_type == F_WRLCK ||
3816 				    nlop->nfslo_type == F_UNLCK) {
3817 					if (lopp != NULL)
3818 						*lopp = lop;
3819 					return (NFSERR_DENIED);
3820 				}
3821 			}
3822 		}
3823 	}
3824 	return (0);
3825 }
3826 
3827 /*
3828  * Check for a local conflicting lock.
3829  */
3830 APPLESTATIC int
3831 nfscl_lockt(vnode_t vp, struct nfsclclient *clp, u_int64_t off,
3832     u_int64_t len, struct flock *fl, NFSPROC_T *p, void *id, int flags)
3833 {
3834 	struct nfscllock *lop, nlck;
3835 	struct nfscldeleg *dp;
3836 	struct nfsnode *np;
3837 	u_int8_t own[NFSV4CL_LOCKNAMELEN];
3838 	int error;
3839 
3840 	nlck.nfslo_type = fl->l_type;
3841 	nlck.nfslo_first = off;
3842 	if (len == NFS64BITSSET) {
3843 		nlck.nfslo_end = NFS64BITSSET;
3844 	} else {
3845 		nlck.nfslo_end = off + len;
3846 		if (nlck.nfslo_end <= nlck.nfslo_first)
3847 			return (NFSERR_INVAL);
3848 	}
3849 	np = VTONFS(vp);
3850 	nfscl_filllockowner(id, own, flags);
3851 	NFSLOCKCLSTATE();
3852 	dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
3853 	error = nfscl_localconflict(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
3854 	    &nlck, own, dp, &lop);
3855 	if (error != 0) {
3856 		fl->l_whence = SEEK_SET;
3857 		fl->l_start = lop->nfslo_first;
3858 		if (lop->nfslo_end == NFS64BITSSET)
3859 			fl->l_len = 0;
3860 		else
3861 			fl->l_len = lop->nfslo_end - lop->nfslo_first;
3862 		fl->l_pid = (pid_t)0;
3863 		fl->l_type = lop->nfslo_type;
3864 		error = -1;			/* no RPC required */
3865 	} else if (dp != NULL && ((dp->nfsdl_flags & NFSCLDL_WRITE) ||
3866 	    fl->l_type == F_RDLCK)) {
3867 		/*
3868 		 * The delegation ensures that there isn't a conflicting
3869 		 * lock on the server, so return -1 to indicate an RPC
3870 		 * isn't required.
3871 		 */
3872 		fl->l_type = F_UNLCK;
3873 		error = -1;
3874 	}
3875 	NFSUNLOCKCLSTATE();
3876 	return (error);
3877 }
3878 
3879 /*
3880  * Handle Recall of a delegation.
3881  * The clp must be exclusive locked when this is called.
3882  */
3883 static int
3884 nfscl_recalldeleg(struct nfsclclient *clp, struct nfsmount *nmp,
3885     struct nfscldeleg *dp, vnode_t vp, struct ucred *cred, NFSPROC_T *p,
3886     int called_from_renewthread)
3887 {
3888 	struct nfsclowner *owp, *lowp, *nowp;
3889 	struct nfsclopen *op, *lop;
3890 	struct nfscllockowner *lp;
3891 	struct nfscllock *lckp;
3892 	struct nfsnode *np;
3893 	int error = 0, ret, gotvp = 0;
3894 
3895 	if (vp == NULL) {
3896 		/*
3897 		 * First, get a vnode for the file. This is needed to do RPCs.
3898 		 */
3899 		ret = nfscl_ngetreopen(nmp->nm_mountp, dp->nfsdl_fh,
3900 		    dp->nfsdl_fhlen, p, &np);
3901 		if (ret) {
3902 			/*
3903 			 * File isn't open, so nothing to move over to the
3904 			 * server.
3905 			 */
3906 			return (0);
3907 		}
3908 		vp = NFSTOV(np);
3909 		gotvp = 1;
3910 	} else {
3911 		np = VTONFS(vp);
3912 	}
3913 	dp->nfsdl_flags &= ~NFSCLDL_MODTIMESET;
3914 
3915 	/*
3916 	 * Ok, if it's a write delegation, flush data to the server, so
3917 	 * that close/open consistency is retained.
3918 	 */
3919 	ret = 0;
3920 	NFSLOCKNODE(np);
3921 	if ((dp->nfsdl_flags & NFSCLDL_WRITE) && (np->n_flag & NMODIFIED)) {
3922 		np->n_flag |= NDELEGRECALL;
3923 		NFSUNLOCKNODE(np);
3924 		ret = ncl_flush(vp, MNT_WAIT, p, 1, called_from_renewthread);
3925 		NFSLOCKNODE(np);
3926 		np->n_flag &= ~NDELEGRECALL;
3927 	}
3928 	NFSINVALATTRCACHE(np);
3929 	NFSUNLOCKNODE(np);
3930 	if (ret == EIO && called_from_renewthread != 0) {
3931 		/*
3932 		 * If the flush failed with EIO for the renew thread,
3933 		 * return now, so that the dirty buffer will be flushed
3934 		 * later.
3935 		 */
3936 		if (gotvp != 0)
3937 			vrele(vp);
3938 		return (ret);
3939 	}
3940 
3941 	/*
3942 	 * Now, for each openowner with opens issued locally, move them
3943 	 * over to state against the server.
3944 	 */
3945 	LIST_FOREACH(lowp, &dp->nfsdl_owner, nfsow_list) {
3946 		lop = LIST_FIRST(&lowp->nfsow_open);
3947 		if (lop != NULL) {
3948 			if (LIST_NEXT(lop, nfso_list) != NULL)
3949 				panic("nfsdlg mult opens");
3950 			/*
3951 			 * Look for the same openowner against the server.
3952 			 */
3953 			LIST_FOREACH(owp, &clp->nfsc_owner, nfsow_list) {
3954 				if (!NFSBCMP(lowp->nfsow_owner,
3955 				    owp->nfsow_owner, NFSV4CL_LOCKNAMELEN)) {
3956 					newnfs_copycred(&dp->nfsdl_cred, cred);
3957 					ret = nfscl_moveopen(vp, clp, nmp, lop,
3958 					    owp, dp, cred, p);
3959 					if (ret == NFSERR_STALECLIENTID ||
3960 					    ret == NFSERR_STALEDONTRECOVER ||
3961 					    ret == NFSERR_BADSESSION) {
3962 						if (gotvp)
3963 							vrele(vp);
3964 						return (ret);
3965 					}
3966 					if (ret) {
3967 						nfscl_freeopen(lop, 1);
3968 						if (!error)
3969 							error = ret;
3970 					}
3971 					break;
3972 				}
3973 			}
3974 
3975 			/*
3976 			 * If no openowner found, create one and get an open
3977 			 * for it.
3978 			 */
3979 			if (owp == NULL) {
3980 				MALLOC(nowp, struct nfsclowner *,
3981 				    sizeof (struct nfsclowner), M_NFSCLOWNER,
3982 				    M_WAITOK);
3983 				nfscl_newopen(clp, NULL, &owp, &nowp, &op,
3984 				    NULL, lowp->nfsow_owner, dp->nfsdl_fh,
3985 				    dp->nfsdl_fhlen, NULL, NULL);
3986 				newnfs_copycred(&dp->nfsdl_cred, cred);
3987 				ret = nfscl_moveopen(vp, clp, nmp, lop,
3988 				    owp, dp, cred, p);
3989 				if (ret) {
3990 					nfscl_freeopenowner(owp, 0);
3991 					if (ret == NFSERR_STALECLIENTID ||
3992 					    ret == NFSERR_STALEDONTRECOVER ||
3993 					    ret == NFSERR_BADSESSION) {
3994 						if (gotvp)
3995 							vrele(vp);
3996 						return (ret);
3997 					}
3998 					if (ret) {
3999 						nfscl_freeopen(lop, 1);
4000 						if (!error)
4001 							error = ret;
4002 					}
4003 				}
4004 			}
4005 		}
4006 	}
4007 
4008 	/*
4009 	 * Now, get byte range locks for any locks done locally.
4010 	 */
4011 	LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
4012 		LIST_FOREACH(lckp, &lp->nfsl_lock, nfslo_list) {
4013 			newnfs_copycred(&dp->nfsdl_cred, cred);
4014 			ret = nfscl_relock(vp, clp, nmp, lp, lckp, cred, p);
4015 			if (ret == NFSERR_STALESTATEID ||
4016 			    ret == NFSERR_STALEDONTRECOVER ||
4017 			    ret == NFSERR_STALECLIENTID ||
4018 			    ret == NFSERR_BADSESSION) {
4019 				if (gotvp)
4020 					vrele(vp);
4021 				return (ret);
4022 			}
4023 			if (ret && !error)
4024 				error = ret;
4025 		}
4026 	}
4027 	if (gotvp)
4028 		vrele(vp);
4029 	return (error);
4030 }
4031 
4032 /*
4033  * Move a locally issued open over to an owner on the state list.
4034  * SIDE EFFECT: If it needs to sleep (do an rpc), it unlocks clstate and
4035  * returns with it unlocked.
4036  */
4037 static int
4038 nfscl_moveopen(vnode_t vp, struct nfsclclient *clp, struct nfsmount *nmp,
4039     struct nfsclopen *lop, struct nfsclowner *owp, struct nfscldeleg *dp,
4040     struct ucred *cred, NFSPROC_T *p)
4041 {
4042 	struct nfsclopen *op, *nop;
4043 	struct nfscldeleg *ndp;
4044 	struct nfsnode *np;
4045 	int error = 0, newone;
4046 
4047 	/*
4048 	 * First, look for an appropriate open, If found, just increment the
4049 	 * opencnt in it.
4050 	 */
4051 	LIST_FOREACH(op, &owp->nfsow_open, nfso_list) {
4052 		if ((op->nfso_mode & lop->nfso_mode) == lop->nfso_mode &&
4053 		    op->nfso_fhlen == lop->nfso_fhlen &&
4054 		    !NFSBCMP(op->nfso_fh, lop->nfso_fh, op->nfso_fhlen)) {
4055 			op->nfso_opencnt += lop->nfso_opencnt;
4056 			nfscl_freeopen(lop, 1);
4057 			return (0);
4058 		}
4059 	}
4060 
4061 	/* No appropriate open, so we have to do one against the server. */
4062 	np = VTONFS(vp);
4063 	MALLOC(nop, struct nfsclopen *, sizeof (struct nfsclopen) +
4064 	    lop->nfso_fhlen - 1, M_NFSCLOPEN, M_WAITOK);
4065 	newone = 0;
4066 	nfscl_newopen(clp, NULL, &owp, NULL, &op, &nop, owp->nfsow_owner,
4067 	    lop->nfso_fh, lop->nfso_fhlen, cred, &newone);
4068 	ndp = dp;
4069 	error = nfscl_tryopen(nmp, vp, np->n_v4->n4_data, np->n_v4->n4_fhlen,
4070 	    lop->nfso_fh, lop->nfso_fhlen, lop->nfso_mode, op,
4071 	    NFS4NODENAME(np->n_v4), np->n_v4->n4_namelen, &ndp, 0, 0, cred, p);
4072 	if (error) {
4073 		if (newone)
4074 			nfscl_freeopen(op, 0);
4075 	} else {
4076 		op->nfso_mode |= lop->nfso_mode;
4077 		op->nfso_opencnt += lop->nfso_opencnt;
4078 		nfscl_freeopen(lop, 1);
4079 	}
4080 	if (nop != NULL)
4081 		FREE((caddr_t)nop, M_NFSCLOPEN);
4082 	if (ndp != NULL) {
4083 		/*
4084 		 * What should I do with the returned delegation, since the
4085 		 * delegation is being recalled? For now, just printf and
4086 		 * through it away.
4087 		 */
4088 		printf("Moveopen returned deleg\n");
4089 		FREE((caddr_t)ndp, M_NFSCLDELEG);
4090 	}
4091 	return (error);
4092 }
4093 
4094 /*
4095  * Recall all delegations on this client.
4096  */
4097 static void
4098 nfscl_totalrecall(struct nfsclclient *clp)
4099 {
4100 	struct nfscldeleg *dp;
4101 
4102 	TAILQ_FOREACH(dp, &clp->nfsc_deleg, nfsdl_list) {
4103 		if ((dp->nfsdl_flags & NFSCLDL_DELEGRET) == 0)
4104 			dp->nfsdl_flags |= NFSCLDL_RECALL;
4105 	}
4106 }
4107 
4108 /*
4109  * Relock byte ranges. Called for delegation recall and state expiry.
4110  */
4111 static int
4112 nfscl_relock(vnode_t vp, struct nfsclclient *clp, struct nfsmount *nmp,
4113     struct nfscllockowner *lp, struct nfscllock *lop, struct ucred *cred,
4114     NFSPROC_T *p)
4115 {
4116 	struct nfscllockowner *nlp;
4117 	struct nfsfh *nfhp;
4118 	u_int64_t off, len;
4119 	u_int32_t clidrev = 0;
4120 	int error, newone, donelocally;
4121 
4122 	off = lop->nfslo_first;
4123 	len = lop->nfslo_end - lop->nfslo_first;
4124 	error = nfscl_getbytelock(vp, off, len, lop->nfslo_type, cred, p,
4125 	    clp, 1, NULL, lp->nfsl_lockflags, lp->nfsl_owner,
4126 	    lp->nfsl_openowner, &nlp, &newone, &donelocally);
4127 	if (error || donelocally)
4128 		return (error);
4129 	if (nmp->nm_clp != NULL)
4130 		clidrev = nmp->nm_clp->nfsc_clientidrev;
4131 	else
4132 		clidrev = 0;
4133 	nfhp = VTONFS(vp)->n_fhp;
4134 	error = nfscl_trylock(nmp, vp, nfhp->nfh_fh,
4135 	    nfhp->nfh_len, nlp, newone, 0, off,
4136 	    len, lop->nfslo_type, cred, p);
4137 	if (error)
4138 		nfscl_freelockowner(nlp, 0);
4139 	return (error);
4140 }
4141 
4142 /*
4143  * Called to re-open a file. Basically get a vnode for the file handle
4144  * and then call nfsrpc_openrpc() to do the rest.
4145  */
4146 static int
4147 nfsrpc_reopen(struct nfsmount *nmp, u_int8_t *fhp, int fhlen,
4148     u_int32_t mode, struct nfsclopen *op, struct nfscldeleg **dpp,
4149     struct ucred *cred, NFSPROC_T *p)
4150 {
4151 	struct nfsnode *np;
4152 	vnode_t vp;
4153 	int error;
4154 
4155 	error = nfscl_ngetreopen(nmp->nm_mountp, fhp, fhlen, p, &np);
4156 	if (error)
4157 		return (error);
4158 	vp = NFSTOV(np);
4159 	if (np->n_v4 != NULL) {
4160 		error = nfscl_tryopen(nmp, vp, np->n_v4->n4_data,
4161 		    np->n_v4->n4_fhlen, fhp, fhlen, mode, op,
4162 		    NFS4NODENAME(np->n_v4), np->n_v4->n4_namelen, dpp, 0, 0,
4163 		    cred, p);
4164 	} else {
4165 		error = EINVAL;
4166 	}
4167 	vrele(vp);
4168 	return (error);
4169 }
4170 
4171 /*
4172  * Try an open against the server. Just call nfsrpc_openrpc(), retrying while
4173  * NFSERR_DELAY. Also, try system credentials, if the passed in credentials
4174  * fail.
4175  */
4176 static int
4177 nfscl_tryopen(struct nfsmount *nmp, vnode_t vp, u_int8_t *fhp, int fhlen,
4178     u_int8_t *newfhp, int newfhlen, u_int32_t mode, struct nfsclopen *op,
4179     u_int8_t *name, int namelen, struct nfscldeleg **ndpp,
4180     int reclaim, u_int32_t delegtype, struct ucred *cred, NFSPROC_T *p)
4181 {
4182 	int error;
4183 
4184 	do {
4185 		error = nfsrpc_openrpc(nmp, vp, fhp, fhlen, newfhp, newfhlen,
4186 		    mode, op, name, namelen, ndpp, reclaim, delegtype, cred, p,
4187 		    0, 0);
4188 		if (error == NFSERR_DELAY)
4189 			(void) nfs_catnap(PZERO, error, "nfstryop");
4190 	} while (error == NFSERR_DELAY);
4191 	if (error == EAUTH || error == EACCES) {
4192 		/* Try again using system credentials */
4193 		newnfs_setroot(cred);
4194 		do {
4195 		    error = nfsrpc_openrpc(nmp, vp, fhp, fhlen, newfhp,
4196 			newfhlen, mode, op, name, namelen, ndpp, reclaim,
4197 			delegtype, cred, p, 1, 0);
4198 		    if (error == NFSERR_DELAY)
4199 			(void) nfs_catnap(PZERO, error, "nfstryop");
4200 		} while (error == NFSERR_DELAY);
4201 	}
4202 	return (error);
4203 }
4204 
4205 /*
4206  * Try a byte range lock. Just loop on nfsrpc_lock() while it returns
4207  * NFSERR_DELAY. Also, retry with system credentials, if the provided
4208  * cred don't work.
4209  */
4210 static int
4211 nfscl_trylock(struct nfsmount *nmp, vnode_t vp, u_int8_t *fhp,
4212     int fhlen, struct nfscllockowner *nlp, int newone, int reclaim,
4213     u_int64_t off, u_int64_t len, short type, struct ucred *cred, NFSPROC_T *p)
4214 {
4215 	struct nfsrv_descript nfsd, *nd = &nfsd;
4216 	int error;
4217 
4218 	do {
4219 		error = nfsrpc_lock(nd, nmp, vp, fhp, fhlen, nlp, newone,
4220 		    reclaim, off, len, type, cred, p, 0);
4221 		if (!error && nd->nd_repstat == NFSERR_DELAY)
4222 			(void) nfs_catnap(PZERO, (int)nd->nd_repstat,
4223 			    "nfstrylck");
4224 	} while (!error && nd->nd_repstat == NFSERR_DELAY);
4225 	if (!error)
4226 		error = nd->nd_repstat;
4227 	if (error == EAUTH || error == EACCES) {
4228 		/* Try again using root credentials */
4229 		newnfs_setroot(cred);
4230 		do {
4231 			error = nfsrpc_lock(nd, nmp, vp, fhp, fhlen, nlp,
4232 			    newone, reclaim, off, len, type, cred, p, 1);
4233 			if (!error && nd->nd_repstat == NFSERR_DELAY)
4234 				(void) nfs_catnap(PZERO, (int)nd->nd_repstat,
4235 				    "nfstrylck");
4236 		} while (!error && nd->nd_repstat == NFSERR_DELAY);
4237 		if (!error)
4238 			error = nd->nd_repstat;
4239 	}
4240 	return (error);
4241 }
4242 
4243 /*
4244  * Try a delegreturn against the server. Just call nfsrpc_delegreturn(),
4245  * retrying while NFSERR_DELAY. Also, try system credentials, if the passed in
4246  * credentials fail.
4247  */
4248 static int
4249 nfscl_trydelegreturn(struct nfscldeleg *dp, struct ucred *cred,
4250     struct nfsmount *nmp, NFSPROC_T *p)
4251 {
4252 	int error;
4253 
4254 	do {
4255 		error = nfsrpc_delegreturn(dp, cred, nmp, p, 0);
4256 		if (error == NFSERR_DELAY)
4257 			(void) nfs_catnap(PZERO, error, "nfstrydp");
4258 	} while (error == NFSERR_DELAY);
4259 	if (error == EAUTH || error == EACCES) {
4260 		/* Try again using system credentials */
4261 		newnfs_setroot(cred);
4262 		do {
4263 			error = nfsrpc_delegreturn(dp, cred, nmp, p, 1);
4264 			if (error == NFSERR_DELAY)
4265 				(void) nfs_catnap(PZERO, error, "nfstrydp");
4266 		} while (error == NFSERR_DELAY);
4267 	}
4268 	return (error);
4269 }
4270 
4271 /*
4272  * Try a close against the server. Just call nfsrpc_closerpc(),
4273  * retrying while NFSERR_DELAY. Also, try system credentials, if the passed in
4274  * credentials fail.
4275  */
4276 APPLESTATIC int
4277 nfscl_tryclose(struct nfsclopen *op, struct ucred *cred,
4278     struct nfsmount *nmp, NFSPROC_T *p)
4279 {
4280 	struct nfsrv_descript nfsd, *nd = &nfsd;
4281 	int error;
4282 
4283 	do {
4284 		error = nfsrpc_closerpc(nd, nmp, op, cred, p, 0);
4285 		if (error == NFSERR_DELAY)
4286 			(void) nfs_catnap(PZERO, error, "nfstrycl");
4287 	} while (error == NFSERR_DELAY);
4288 	if (error == EAUTH || error == EACCES) {
4289 		/* Try again using system credentials */
4290 		newnfs_setroot(cred);
4291 		do {
4292 			error = nfsrpc_closerpc(nd, nmp, op, cred, p, 1);
4293 			if (error == NFSERR_DELAY)
4294 				(void) nfs_catnap(PZERO, error, "nfstrycl");
4295 		} while (error == NFSERR_DELAY);
4296 	}
4297 	return (error);
4298 }
4299 
4300 /*
4301  * Decide if a delegation on a file permits close without flushing writes
4302  * to the server. This might be a big performance win in some environments.
4303  * (Not useful until the client does caching on local stable storage.)
4304  */
4305 APPLESTATIC int
4306 nfscl_mustflush(vnode_t vp)
4307 {
4308 	struct nfsclclient *clp;
4309 	struct nfscldeleg *dp;
4310 	struct nfsnode *np;
4311 	struct nfsmount *nmp;
4312 
4313 	np = VTONFS(vp);
4314 	nmp = VFSTONFS(vnode_mount(vp));
4315 	if (!NFSHASNFSV4(nmp))
4316 		return (1);
4317 	NFSLOCKCLSTATE();
4318 	clp = nfscl_findcl(nmp);
4319 	if (clp == NULL) {
4320 		NFSUNLOCKCLSTATE();
4321 		return (1);
4322 	}
4323 	dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
4324 	if (dp != NULL && (dp->nfsdl_flags &
4325 	    (NFSCLDL_WRITE | NFSCLDL_RECALL | NFSCLDL_DELEGRET)) ==
4326 	     NFSCLDL_WRITE &&
4327 	    (dp->nfsdl_sizelimit >= np->n_size ||
4328 	     !NFSHASSTRICT3530(nmp))) {
4329 		NFSUNLOCKCLSTATE();
4330 		return (0);
4331 	}
4332 	NFSUNLOCKCLSTATE();
4333 	return (1);
4334 }
4335 
4336 /*
4337  * See if a (write) delegation exists for this file.
4338  */
4339 APPLESTATIC int
4340 nfscl_nodeleg(vnode_t vp, int writedeleg)
4341 {
4342 	struct nfsclclient *clp;
4343 	struct nfscldeleg *dp;
4344 	struct nfsnode *np;
4345 	struct nfsmount *nmp;
4346 
4347 	np = VTONFS(vp);
4348 	nmp = VFSTONFS(vnode_mount(vp));
4349 	if (!NFSHASNFSV4(nmp))
4350 		return (1);
4351 	NFSLOCKCLSTATE();
4352 	clp = nfscl_findcl(nmp);
4353 	if (clp == NULL) {
4354 		NFSUNLOCKCLSTATE();
4355 		return (1);
4356 	}
4357 	dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
4358 	if (dp != NULL &&
4359 	    (dp->nfsdl_flags & (NFSCLDL_RECALL | NFSCLDL_DELEGRET)) == 0 &&
4360 	    (writedeleg == 0 || (dp->nfsdl_flags & NFSCLDL_WRITE) ==
4361 	     NFSCLDL_WRITE)) {
4362 		NFSUNLOCKCLSTATE();
4363 		return (0);
4364 	}
4365 	NFSUNLOCKCLSTATE();
4366 	return (1);
4367 }
4368 
4369 /*
4370  * Look for an associated delegation that should be DelegReturned.
4371  */
4372 APPLESTATIC int
4373 nfscl_removedeleg(vnode_t vp, NFSPROC_T *p, nfsv4stateid_t *stp)
4374 {
4375 	struct nfsclclient *clp;
4376 	struct nfscldeleg *dp;
4377 	struct nfsclowner *owp;
4378 	struct nfscllockowner *lp;
4379 	struct nfsmount *nmp;
4380 	struct ucred *cred;
4381 	struct nfsnode *np;
4382 	int igotlock = 0, triedrecall = 0, needsrecall, retcnt = 0, islept;
4383 
4384 	nmp = VFSTONFS(vnode_mount(vp));
4385 	np = VTONFS(vp);
4386 	NFSLOCKCLSTATE();
4387 	/*
4388 	 * Loop around waiting for:
4389 	 * - outstanding I/O operations on delegations to complete
4390 	 * - for a delegation on vp that has state, lock the client and
4391 	 *   do a recall
4392 	 * - return delegation with no state
4393 	 */
4394 	while (1) {
4395 		clp = nfscl_findcl(nmp);
4396 		if (clp == NULL) {
4397 			NFSUNLOCKCLSTATE();
4398 			return (retcnt);
4399 		}
4400 		dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
4401 		    np->n_fhp->nfh_len);
4402 		if (dp != NULL) {
4403 		    /*
4404 		     * Wait for outstanding I/O ops to be done.
4405 		     */
4406 		    if (dp->nfsdl_rwlock.nfslock_usecnt > 0) {
4407 			if (igotlock) {
4408 			    nfsv4_unlock(&clp->nfsc_lock, 0);
4409 			    igotlock = 0;
4410 			}
4411 			dp->nfsdl_rwlock.nfslock_lock |= NFSV4LOCK_WANTED;
4412 			(void) nfsmsleep(&dp->nfsdl_rwlock,
4413 			    NFSCLSTATEMUTEXPTR, PZERO, "nfscld", NULL);
4414 			continue;
4415 		    }
4416 		    needsrecall = 0;
4417 		    LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
4418 			if (!LIST_EMPTY(&owp->nfsow_open)) {
4419 			    needsrecall = 1;
4420 			    break;
4421 			}
4422 		    }
4423 		    if (!needsrecall) {
4424 			LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
4425 			    if (!LIST_EMPTY(&lp->nfsl_lock)) {
4426 				needsrecall = 1;
4427 				break;
4428 			    }
4429 			}
4430 		    }
4431 		    if (needsrecall && !triedrecall) {
4432 			dp->nfsdl_flags |= NFSCLDL_DELEGRET;
4433 			islept = 0;
4434 			while (!igotlock) {
4435 			    igotlock = nfsv4_lock(&clp->nfsc_lock, 1,
4436 				&islept, NFSCLSTATEMUTEXPTR, NULL);
4437 			    if (islept)
4438 				break;
4439 			}
4440 			if (islept)
4441 			    continue;
4442 			NFSUNLOCKCLSTATE();
4443 			cred = newnfs_getcred();
4444 			newnfs_copycred(&dp->nfsdl_cred, cred);
4445 			(void) nfscl_recalldeleg(clp, nmp, dp, vp, cred, p, 0);
4446 			NFSFREECRED(cred);
4447 			triedrecall = 1;
4448 			NFSLOCKCLSTATE();
4449 			nfsv4_unlock(&clp->nfsc_lock, 0);
4450 			igotlock = 0;
4451 			continue;
4452 		    }
4453 		    *stp = dp->nfsdl_stateid;
4454 		    retcnt = 1;
4455 		    nfscl_cleandeleg(dp);
4456 		    nfscl_freedeleg(&clp->nfsc_deleg, dp);
4457 		}
4458 		if (igotlock)
4459 		    nfsv4_unlock(&clp->nfsc_lock, 0);
4460 		NFSUNLOCKCLSTATE();
4461 		return (retcnt);
4462 	}
4463 }
4464 
4465 /*
4466  * Look for associated delegation(s) that should be DelegReturned.
4467  */
4468 APPLESTATIC int
4469 nfscl_renamedeleg(vnode_t fvp, nfsv4stateid_t *fstp, int *gotfdp, vnode_t tvp,
4470     nfsv4stateid_t *tstp, int *gottdp, NFSPROC_T *p)
4471 {
4472 	struct nfsclclient *clp;
4473 	struct nfscldeleg *dp;
4474 	struct nfsclowner *owp;
4475 	struct nfscllockowner *lp;
4476 	struct nfsmount *nmp;
4477 	struct ucred *cred;
4478 	struct nfsnode *np;
4479 	int igotlock = 0, triedrecall = 0, needsrecall, retcnt = 0, islept;
4480 
4481 	nmp = VFSTONFS(vnode_mount(fvp));
4482 	*gotfdp = 0;
4483 	*gottdp = 0;
4484 	NFSLOCKCLSTATE();
4485 	/*
4486 	 * Loop around waiting for:
4487 	 * - outstanding I/O operations on delegations to complete
4488 	 * - for a delegation on fvp that has state, lock the client and
4489 	 *   do a recall
4490 	 * - return delegation(s) with no state.
4491 	 */
4492 	while (1) {
4493 		clp = nfscl_findcl(nmp);
4494 		if (clp == NULL) {
4495 			NFSUNLOCKCLSTATE();
4496 			return (retcnt);
4497 		}
4498 		np = VTONFS(fvp);
4499 		dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
4500 		    np->n_fhp->nfh_len);
4501 		if (dp != NULL && *gotfdp == 0) {
4502 		    /*
4503 		     * Wait for outstanding I/O ops to be done.
4504 		     */
4505 		    if (dp->nfsdl_rwlock.nfslock_usecnt > 0) {
4506 			if (igotlock) {
4507 			    nfsv4_unlock(&clp->nfsc_lock, 0);
4508 			    igotlock = 0;
4509 			}
4510 			dp->nfsdl_rwlock.nfslock_lock |= NFSV4LOCK_WANTED;
4511 			(void) nfsmsleep(&dp->nfsdl_rwlock,
4512 			    NFSCLSTATEMUTEXPTR, PZERO, "nfscld", NULL);
4513 			continue;
4514 		    }
4515 		    needsrecall = 0;
4516 		    LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
4517 			if (!LIST_EMPTY(&owp->nfsow_open)) {
4518 			    needsrecall = 1;
4519 			    break;
4520 			}
4521 		    }
4522 		    if (!needsrecall) {
4523 			LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
4524 			    if (!LIST_EMPTY(&lp->nfsl_lock)) {
4525 				needsrecall = 1;
4526 				break;
4527 			    }
4528 			}
4529 		    }
4530 		    if (needsrecall && !triedrecall) {
4531 			dp->nfsdl_flags |= NFSCLDL_DELEGRET;
4532 			islept = 0;
4533 			while (!igotlock) {
4534 			    igotlock = nfsv4_lock(&clp->nfsc_lock, 1,
4535 				&islept, NFSCLSTATEMUTEXPTR, NULL);
4536 			    if (islept)
4537 				break;
4538 			}
4539 			if (islept)
4540 			    continue;
4541 			NFSUNLOCKCLSTATE();
4542 			cred = newnfs_getcred();
4543 			newnfs_copycred(&dp->nfsdl_cred, cred);
4544 			(void) nfscl_recalldeleg(clp, nmp, dp, fvp, cred, p, 0);
4545 			NFSFREECRED(cred);
4546 			triedrecall = 1;
4547 			NFSLOCKCLSTATE();
4548 			nfsv4_unlock(&clp->nfsc_lock, 0);
4549 			igotlock = 0;
4550 			continue;
4551 		    }
4552 		    *fstp = dp->nfsdl_stateid;
4553 		    retcnt++;
4554 		    *gotfdp = 1;
4555 		    nfscl_cleandeleg(dp);
4556 		    nfscl_freedeleg(&clp->nfsc_deleg, dp);
4557 		}
4558 		if (igotlock) {
4559 		    nfsv4_unlock(&clp->nfsc_lock, 0);
4560 		    igotlock = 0;
4561 		}
4562 		if (tvp != NULL) {
4563 		    np = VTONFS(tvp);
4564 		    dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh,
4565 			np->n_fhp->nfh_len);
4566 		    if (dp != NULL && *gottdp == 0) {
4567 			/*
4568 			 * Wait for outstanding I/O ops to be done.
4569 			 */
4570 			if (dp->nfsdl_rwlock.nfslock_usecnt > 0) {
4571 			    dp->nfsdl_rwlock.nfslock_lock |= NFSV4LOCK_WANTED;
4572 			    (void) nfsmsleep(&dp->nfsdl_rwlock,
4573 				NFSCLSTATEMUTEXPTR, PZERO, "nfscld", NULL);
4574 			    continue;
4575 			}
4576 			LIST_FOREACH(owp, &dp->nfsdl_owner, nfsow_list) {
4577 			    if (!LIST_EMPTY(&owp->nfsow_open)) {
4578 				NFSUNLOCKCLSTATE();
4579 				return (retcnt);
4580 			    }
4581 			}
4582 			LIST_FOREACH(lp, &dp->nfsdl_lock, nfsl_list) {
4583 			    if (!LIST_EMPTY(&lp->nfsl_lock)) {
4584 				NFSUNLOCKCLSTATE();
4585 				return (retcnt);
4586 			    }
4587 			}
4588 			*tstp = dp->nfsdl_stateid;
4589 			retcnt++;
4590 			*gottdp = 1;
4591 			nfscl_cleandeleg(dp);
4592 			nfscl_freedeleg(&clp->nfsc_deleg, dp);
4593 		    }
4594 		}
4595 		NFSUNLOCKCLSTATE();
4596 		return (retcnt);
4597 	}
4598 }
4599 
4600 /*
4601  * Get a reference on the clientid associated with the mount point.
4602  * Return 1 if success, 0 otherwise.
4603  */
4604 APPLESTATIC int
4605 nfscl_getref(struct nfsmount *nmp)
4606 {
4607 	struct nfsclclient *clp;
4608 
4609 	NFSLOCKCLSTATE();
4610 	clp = nfscl_findcl(nmp);
4611 	if (clp == NULL) {
4612 		NFSUNLOCKCLSTATE();
4613 		return (0);
4614 	}
4615 	nfsv4_getref(&clp->nfsc_lock, NULL, NFSCLSTATEMUTEXPTR, NULL);
4616 	NFSUNLOCKCLSTATE();
4617 	return (1);
4618 }
4619 
4620 /*
4621  * Release a reference on a clientid acquired with the above call.
4622  */
4623 APPLESTATIC void
4624 nfscl_relref(struct nfsmount *nmp)
4625 {
4626 	struct nfsclclient *clp;
4627 
4628 	NFSLOCKCLSTATE();
4629 	clp = nfscl_findcl(nmp);
4630 	if (clp == NULL) {
4631 		NFSUNLOCKCLSTATE();
4632 		return;
4633 	}
4634 	nfsv4_relref(&clp->nfsc_lock);
4635 	NFSUNLOCKCLSTATE();
4636 }
4637 
4638 /*
4639  * Save the size attribute in the delegation, since the nfsnode
4640  * is going away.
4641  */
4642 APPLESTATIC void
4643 nfscl_reclaimnode(vnode_t vp)
4644 {
4645 	struct nfsclclient *clp;
4646 	struct nfscldeleg *dp;
4647 	struct nfsnode *np = VTONFS(vp);
4648 	struct nfsmount *nmp;
4649 
4650 	nmp = VFSTONFS(vnode_mount(vp));
4651 	if (!NFSHASNFSV4(nmp))
4652 		return;
4653 	NFSLOCKCLSTATE();
4654 	clp = nfscl_findcl(nmp);
4655 	if (clp == NULL) {
4656 		NFSUNLOCKCLSTATE();
4657 		return;
4658 	}
4659 	dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
4660 	if (dp != NULL && (dp->nfsdl_flags & NFSCLDL_WRITE))
4661 		dp->nfsdl_size = np->n_size;
4662 	NFSUNLOCKCLSTATE();
4663 }
4664 
4665 /*
4666  * Get the saved size attribute in the delegation, since it is a
4667  * newly allocated nfsnode.
4668  */
4669 APPLESTATIC void
4670 nfscl_newnode(vnode_t vp)
4671 {
4672 	struct nfsclclient *clp;
4673 	struct nfscldeleg *dp;
4674 	struct nfsnode *np = VTONFS(vp);
4675 	struct nfsmount *nmp;
4676 
4677 	nmp = VFSTONFS(vnode_mount(vp));
4678 	if (!NFSHASNFSV4(nmp))
4679 		return;
4680 	NFSLOCKCLSTATE();
4681 	clp = nfscl_findcl(nmp);
4682 	if (clp == NULL) {
4683 		NFSUNLOCKCLSTATE();
4684 		return;
4685 	}
4686 	dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
4687 	if (dp != NULL && (dp->nfsdl_flags & NFSCLDL_WRITE))
4688 		np->n_size = dp->nfsdl_size;
4689 	NFSUNLOCKCLSTATE();
4690 }
4691 
4692 /*
4693  * If there is a valid write delegation for this file, set the modtime
4694  * to the local clock time.
4695  */
4696 APPLESTATIC void
4697 nfscl_delegmodtime(vnode_t vp)
4698 {
4699 	struct nfsclclient *clp;
4700 	struct nfscldeleg *dp;
4701 	struct nfsnode *np = VTONFS(vp);
4702 	struct nfsmount *nmp;
4703 
4704 	nmp = VFSTONFS(vnode_mount(vp));
4705 	if (!NFSHASNFSV4(nmp))
4706 		return;
4707 	NFSLOCKCLSTATE();
4708 	clp = nfscl_findcl(nmp);
4709 	if (clp == NULL) {
4710 		NFSUNLOCKCLSTATE();
4711 		return;
4712 	}
4713 	dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
4714 	if (dp != NULL && (dp->nfsdl_flags & NFSCLDL_WRITE)) {
4715 		nanotime(&dp->nfsdl_modtime);
4716 		dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
4717 	}
4718 	NFSUNLOCKCLSTATE();
4719 }
4720 
4721 /*
4722  * If there is a valid write delegation for this file with a modtime set,
4723  * put that modtime in mtime.
4724  */
4725 APPLESTATIC void
4726 nfscl_deleggetmodtime(vnode_t vp, struct timespec *mtime)
4727 {
4728 	struct nfsclclient *clp;
4729 	struct nfscldeleg *dp;
4730 	struct nfsnode *np = VTONFS(vp);
4731 	struct nfsmount *nmp;
4732 
4733 	nmp = VFSTONFS(vnode_mount(vp));
4734 	if (!NFSHASNFSV4(nmp))
4735 		return;
4736 	NFSLOCKCLSTATE();
4737 	clp = nfscl_findcl(nmp);
4738 	if (clp == NULL) {
4739 		NFSUNLOCKCLSTATE();
4740 		return;
4741 	}
4742 	dp = nfscl_finddeleg(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
4743 	if (dp != NULL &&
4744 	    (dp->nfsdl_flags & (NFSCLDL_WRITE | NFSCLDL_MODTIMESET)) ==
4745 	    (NFSCLDL_WRITE | NFSCLDL_MODTIMESET))
4746 		*mtime = dp->nfsdl_modtime;
4747 	NFSUNLOCKCLSTATE();
4748 }
4749 
4750 static int
4751 nfscl_errmap(struct nfsrv_descript *nd, u_int32_t minorvers)
4752 {
4753 	short *defaulterrp, *errp;
4754 
4755 	if (!nd->nd_repstat)
4756 		return (0);
4757 	if (nd->nd_procnum == NFSPROC_NOOP)
4758 		return (txdr_unsigned(nd->nd_repstat & 0xffff));
4759 	if (nd->nd_repstat == EBADRPC)
4760 		return (txdr_unsigned(NFSERR_BADXDR));
4761 	if (nd->nd_repstat == NFSERR_MINORVERMISMATCH ||
4762 	    nd->nd_repstat == NFSERR_OPILLEGAL)
4763 		return (txdr_unsigned(nd->nd_repstat));
4764 	if (nd->nd_repstat >= NFSERR_BADIOMODE && nd->nd_repstat < 20000 &&
4765 	    minorvers > NFSV4_MINORVERSION) {
4766 		/* NFSv4.n error. */
4767 		return (txdr_unsigned(nd->nd_repstat));
4768 	}
4769 	if (nd->nd_procnum < NFSV4OP_CBNOPS)
4770 		errp = defaulterrp = nfscl_cberrmap[nd->nd_procnum];
4771 	else
4772 		return (txdr_unsigned(nd->nd_repstat));
4773 	while (*++errp)
4774 		if (*errp == (short)nd->nd_repstat)
4775 			return (txdr_unsigned(nd->nd_repstat));
4776 	return (txdr_unsigned(*defaulterrp));
4777 }
4778 
4779 /*
4780  * Called to find/add a layout to a client.
4781  * This function returns the layout with a refcnt (shared lock) upon
4782  * success (returns 0) or with no lock/refcnt on the layout when an
4783  * error is returned.
4784  * If a layout is passed in via lypp, it is locked (exclusively locked).
4785  */
4786 APPLESTATIC int
4787 nfscl_layout(struct nfsmount *nmp, vnode_t vp, u_int8_t *fhp, int fhlen,
4788     nfsv4stateid_t *stateidp, int layouttype, int retonclose,
4789     struct nfsclflayouthead *fhlp, struct nfscllayout **lypp,
4790     struct ucred *cred, NFSPROC_T *p)
4791 {
4792 	struct nfsclclient *clp;
4793 	struct nfscllayout *lyp, *tlyp;
4794 	struct nfsclflayout *flp;
4795 	struct nfsnode *np = VTONFS(vp);
4796 	mount_t mp;
4797 	int layout_passed_in;
4798 
4799 	mp = nmp->nm_mountp;
4800 	layout_passed_in = 1;
4801 	tlyp = NULL;
4802 	lyp = *lypp;
4803 	if (lyp == NULL) {
4804 		layout_passed_in = 0;
4805 		tlyp = malloc(sizeof(*tlyp) + fhlen - 1, M_NFSLAYOUT,
4806 		    M_WAITOK | M_ZERO);
4807 	}
4808 
4809 	NFSLOCKCLSTATE();
4810 	clp = nmp->nm_clp;
4811 	if (clp == NULL) {
4812 		if (layout_passed_in != 0)
4813 			nfsv4_unlock(&lyp->nfsly_lock, 0);
4814 		NFSUNLOCKCLSTATE();
4815 		if (tlyp != NULL)
4816 			free(tlyp, M_NFSLAYOUT);
4817 		return (EPERM);
4818 	}
4819 	if (lyp == NULL) {
4820 		/*
4821 		 * Although no lyp was passed in, another thread might have
4822 		 * allocated one. If one is found, just increment it's ref
4823 		 * count and return it.
4824 		 */
4825 		lyp = nfscl_findlayout(clp, fhp, fhlen);
4826 		if (lyp == NULL) {
4827 			lyp = tlyp;
4828 			tlyp = NULL;
4829 			lyp->nfsly_stateid.seqid = stateidp->seqid;
4830 			lyp->nfsly_stateid.other[0] = stateidp->other[0];
4831 			lyp->nfsly_stateid.other[1] = stateidp->other[1];
4832 			lyp->nfsly_stateid.other[2] = stateidp->other[2];
4833 			lyp->nfsly_lastbyte = 0;
4834 			LIST_INIT(&lyp->nfsly_flayread);
4835 			LIST_INIT(&lyp->nfsly_flayrw);
4836 			LIST_INIT(&lyp->nfsly_recall);
4837 			lyp->nfsly_filesid[0] = np->n_vattr.na_filesid[0];
4838 			lyp->nfsly_filesid[1] = np->n_vattr.na_filesid[1];
4839 			lyp->nfsly_clp = clp;
4840 			if (layouttype == NFSLAYOUT_FLEXFILE)
4841 				lyp->nfsly_flags = NFSLY_FLEXFILE;
4842 			else
4843 				lyp->nfsly_flags = NFSLY_FILES;
4844 			if (retonclose != 0)
4845 				lyp->nfsly_flags |= NFSLY_RETONCLOSE;
4846 			lyp->nfsly_fhlen = fhlen;
4847 			NFSBCOPY(fhp, lyp->nfsly_fh, fhlen);
4848 			TAILQ_INSERT_HEAD(&clp->nfsc_layout, lyp, nfsly_list);
4849 			LIST_INSERT_HEAD(NFSCLLAYOUTHASH(clp, fhp, fhlen), lyp,
4850 			    nfsly_hash);
4851 			lyp->nfsly_timestamp = NFSD_MONOSEC + 120;
4852 			nfscl_layoutcnt++;
4853 		} else {
4854 			if (retonclose != 0)
4855 				lyp->nfsly_flags |= NFSLY_RETONCLOSE;
4856 			TAILQ_REMOVE(&clp->nfsc_layout, lyp, nfsly_list);
4857 			TAILQ_INSERT_HEAD(&clp->nfsc_layout, lyp, nfsly_list);
4858 			lyp->nfsly_timestamp = NFSD_MONOSEC + 120;
4859 		}
4860 		nfsv4_getref(&lyp->nfsly_lock, NULL, NFSCLSTATEMUTEXPTR, mp);
4861 		if (NFSCL_FORCEDISM(mp)) {
4862 			NFSUNLOCKCLSTATE();
4863 			if (tlyp != NULL)
4864 				free(tlyp, M_NFSLAYOUT);
4865 			return (EPERM);
4866 		}
4867 		*lypp = lyp;
4868 	} else
4869 		lyp->nfsly_stateid.seqid = stateidp->seqid;
4870 
4871 	/* Merge the new list of File Layouts into the list. */
4872 	flp = LIST_FIRST(fhlp);
4873 	if (flp != NULL) {
4874 		if (flp->nfsfl_iomode == NFSLAYOUTIOMODE_READ)
4875 			nfscl_mergeflayouts(&lyp->nfsly_flayread, fhlp);
4876 		else
4877 			nfscl_mergeflayouts(&lyp->nfsly_flayrw, fhlp);
4878 	}
4879 	if (layout_passed_in != 0)
4880 		nfsv4_unlock(&lyp->nfsly_lock, 1);
4881 	NFSUNLOCKCLSTATE();
4882 	if (tlyp != NULL)
4883 		free(tlyp, M_NFSLAYOUT);
4884 	return (0);
4885 }
4886 
4887 /*
4888  * Search for a layout by MDS file handle.
4889  * If one is found, it is returned with a refcnt (shared lock) iff
4890  * retflpp returned non-NULL and locked (exclusive locked) iff retflpp is
4891  * returned NULL.
4892  */
4893 struct nfscllayout *
4894 nfscl_getlayout(struct nfsclclient *clp, uint8_t *fhp, int fhlen,
4895     uint64_t off, struct nfsclflayout **retflpp, int *recalledp)
4896 {
4897 	struct nfscllayout *lyp;
4898 	mount_t mp;
4899 	int error, igotlock;
4900 
4901 	mp = clp->nfsc_nmp->nm_mountp;
4902 	*recalledp = 0;
4903 	*retflpp = NULL;
4904 	NFSLOCKCLSTATE();
4905 	lyp = nfscl_findlayout(clp, fhp, fhlen);
4906 	if (lyp != NULL) {
4907 		if ((lyp->nfsly_flags & NFSLY_RECALL) == 0) {
4908 			TAILQ_REMOVE(&clp->nfsc_layout, lyp, nfsly_list);
4909 			TAILQ_INSERT_HEAD(&clp->nfsc_layout, lyp, nfsly_list);
4910 			lyp->nfsly_timestamp = NFSD_MONOSEC + 120;
4911 			error = nfscl_findlayoutforio(lyp, off,
4912 			    NFSV4OPEN_ACCESSREAD, retflpp);
4913 			if (error == 0)
4914 				nfsv4_getref(&lyp->nfsly_lock, NULL,
4915 				    NFSCLSTATEMUTEXPTR, mp);
4916 			else {
4917 				do {
4918 					igotlock = nfsv4_lock(&lyp->nfsly_lock,
4919 					    1, NULL, NFSCLSTATEMUTEXPTR, mp);
4920 				} while (igotlock == 0 && !NFSCL_FORCEDISM(mp));
4921 				*retflpp = NULL;
4922 			}
4923 			if (NFSCL_FORCEDISM(mp)) {
4924 				lyp = NULL;
4925 				*recalledp = 1;
4926 			}
4927 		} else {
4928 			lyp = NULL;
4929 			*recalledp = 1;
4930 		}
4931 	}
4932 	NFSUNLOCKCLSTATE();
4933 	return (lyp);
4934 }
4935 
4936 /*
4937  * Search for a layout by MDS file handle. If one is found, mark in to be
4938  * recalled, if it already marked "return on close".
4939  */
4940 static void
4941 nfscl_retoncloselayout(vnode_t vp, struct nfsclclient *clp, uint8_t *fhp,
4942     int fhlen, struct nfsclrecalllayout **recallpp)
4943 {
4944 	struct nfscllayout *lyp;
4945 	uint32_t iomode;
4946 
4947 	if (vp->v_type != VREG || !NFSHASPNFS(VFSTONFS(vnode_mount(vp))) ||
4948 	    nfscl_enablecallb == 0 || nfs_numnfscbd == 0 ||
4949 	    (VTONFS(vp)->n_flag & NNOLAYOUT) != 0)
4950 		return;
4951 	lyp = nfscl_findlayout(clp, fhp, fhlen);
4952 	if (lyp != NULL && (lyp->nfsly_flags & (NFSLY_RETONCLOSE |
4953 	    NFSLY_RECALL)) == NFSLY_RETONCLOSE) {
4954 		iomode = 0;
4955 		if (!LIST_EMPTY(&lyp->nfsly_flayread))
4956 			iomode |= NFSLAYOUTIOMODE_READ;
4957 		if (!LIST_EMPTY(&lyp->nfsly_flayrw))
4958 			iomode |= NFSLAYOUTIOMODE_RW;
4959 		(void)nfscl_layoutrecall(NFSLAYOUTRETURN_FILE, lyp, iomode,
4960 		    0, UINT64_MAX, lyp->nfsly_stateid.seqid, *recallpp);
4961 		NFSCL_DEBUG(4, "retoncls recall iomode=%d\n", iomode);
4962 		*recallpp = NULL;
4963 	}
4964 }
4965 
4966 /*
4967  * Dereference a layout.
4968  */
4969 void
4970 nfscl_rellayout(struct nfscllayout *lyp, int exclocked)
4971 {
4972 
4973 	NFSLOCKCLSTATE();
4974 	if (exclocked != 0)
4975 		nfsv4_unlock(&lyp->nfsly_lock, 0);
4976 	else
4977 		nfsv4_relref(&lyp->nfsly_lock);
4978 	NFSUNLOCKCLSTATE();
4979 }
4980 
4981 /*
4982  * Search for a devinfo by deviceid. If one is found, return it after
4983  * acquiring a reference count on it.
4984  */
4985 struct nfscldevinfo *
4986 nfscl_getdevinfo(struct nfsclclient *clp, uint8_t *deviceid,
4987     struct nfscldevinfo *dip)
4988 {
4989 
4990 	NFSLOCKCLSTATE();
4991 	if (dip == NULL)
4992 		dip = nfscl_finddevinfo(clp, deviceid);
4993 	if (dip != NULL)
4994 		dip->nfsdi_refcnt++;
4995 	NFSUNLOCKCLSTATE();
4996 	return (dip);
4997 }
4998 
4999 /*
5000  * Dereference a devinfo structure.
5001  */
5002 static void
5003 nfscl_reldevinfo_locked(struct nfscldevinfo *dip)
5004 {
5005 
5006 	dip->nfsdi_refcnt--;
5007 	if (dip->nfsdi_refcnt == 0)
5008 		wakeup(&dip->nfsdi_refcnt);
5009 }
5010 
5011 /*
5012  * Dereference a devinfo structure.
5013  */
5014 void
5015 nfscl_reldevinfo(struct nfscldevinfo *dip)
5016 {
5017 
5018 	NFSLOCKCLSTATE();
5019 	nfscl_reldevinfo_locked(dip);
5020 	NFSUNLOCKCLSTATE();
5021 }
5022 
5023 /*
5024  * Find a layout for this file handle. Return NULL upon failure.
5025  */
5026 static struct nfscllayout *
5027 nfscl_findlayout(struct nfsclclient *clp, u_int8_t *fhp, int fhlen)
5028 {
5029 	struct nfscllayout *lyp;
5030 
5031 	LIST_FOREACH(lyp, NFSCLLAYOUTHASH(clp, fhp, fhlen), nfsly_hash)
5032 		if (lyp->nfsly_fhlen == fhlen &&
5033 		    !NFSBCMP(lyp->nfsly_fh, fhp, fhlen))
5034 			break;
5035 	return (lyp);
5036 }
5037 
5038 /*
5039  * Find a devinfo for this deviceid. Return NULL upon failure.
5040  */
5041 static struct nfscldevinfo *
5042 nfscl_finddevinfo(struct nfsclclient *clp, uint8_t *deviceid)
5043 {
5044 	struct nfscldevinfo *dip;
5045 
5046 	LIST_FOREACH(dip, &clp->nfsc_devinfo, nfsdi_list)
5047 		if (NFSBCMP(dip->nfsdi_deviceid, deviceid, NFSX_V4DEVICEID)
5048 		    == 0)
5049 			break;
5050 	return (dip);
5051 }
5052 
5053 /*
5054  * Merge the new file layout list into the main one, maintaining it in
5055  * increasing offset order.
5056  */
5057 static void
5058 nfscl_mergeflayouts(struct nfsclflayouthead *fhlp,
5059     struct nfsclflayouthead *newfhlp)
5060 {
5061 	struct nfsclflayout *flp, *nflp, *prevflp, *tflp;
5062 
5063 	flp = LIST_FIRST(fhlp);
5064 	prevflp = NULL;
5065 	LIST_FOREACH_SAFE(nflp, newfhlp, nfsfl_list, tflp) {
5066 		while (flp != NULL && flp->nfsfl_off < nflp->nfsfl_off) {
5067 			prevflp = flp;
5068 			flp = LIST_NEXT(flp, nfsfl_list);
5069 		}
5070 		if (prevflp == NULL)
5071 			LIST_INSERT_HEAD(fhlp, nflp, nfsfl_list);
5072 		else
5073 			LIST_INSERT_AFTER(prevflp, nflp, nfsfl_list);
5074 		prevflp = nflp;
5075 	}
5076 }
5077 
5078 /*
5079  * Add this nfscldevinfo to the client, if it doesn't already exist.
5080  * This function consumes the structure pointed at by dip, if not NULL.
5081  */
5082 APPLESTATIC int
5083 nfscl_adddevinfo(struct nfsmount *nmp, struct nfscldevinfo *dip,
5084     struct nfsclflayout *flp)
5085 {
5086 	struct nfsclclient *clp;
5087 	struct nfscldevinfo *tdip;
5088 	uint8_t *dev;
5089 
5090 	NFSLOCKCLSTATE();
5091 	clp = nmp->nm_clp;
5092 	if (clp == NULL) {
5093 		NFSUNLOCKCLSTATE();
5094 		if (dip != NULL)
5095 			free(dip, M_NFSDEVINFO);
5096 		return (ENODEV);
5097 	}
5098 	if ((flp->nfsfl_flags & NFSFL_FILE) != 0)
5099 		dev = flp->nfsfl_dev;
5100 	else
5101 		dev = flp->nfsfl_ffm[0].dev;
5102 	tdip = nfscl_finddevinfo(clp, dev);
5103 	if (tdip != NULL) {
5104 		tdip->nfsdi_layoutrefs++;
5105 		flp->nfsfl_devp = tdip;
5106 		nfscl_reldevinfo_locked(tdip);
5107 		NFSUNLOCKCLSTATE();
5108 		if (dip != NULL)
5109 			free(dip, M_NFSDEVINFO);
5110 		return (0);
5111 	}
5112 	if (dip != NULL) {
5113 		LIST_INSERT_HEAD(&clp->nfsc_devinfo, dip, nfsdi_list);
5114 		dip->nfsdi_layoutrefs = 1;
5115 		flp->nfsfl_devp = dip;
5116 	}
5117 	NFSUNLOCKCLSTATE();
5118 	if (dip == NULL)
5119 		return (ENODEV);
5120 	return (0);
5121 }
5122 
5123 /*
5124  * Free up a layout structure and associated file layout structure(s).
5125  */
5126 APPLESTATIC void
5127 nfscl_freelayout(struct nfscllayout *layp)
5128 {
5129 	struct nfsclflayout *flp, *nflp;
5130 	struct nfsclrecalllayout *rp, *nrp;
5131 
5132 	LIST_FOREACH_SAFE(flp, &layp->nfsly_flayread, nfsfl_list, nflp) {
5133 		LIST_REMOVE(flp, nfsfl_list);
5134 		nfscl_freeflayout(flp);
5135 	}
5136 	LIST_FOREACH_SAFE(flp, &layp->nfsly_flayrw, nfsfl_list, nflp) {
5137 		LIST_REMOVE(flp, nfsfl_list);
5138 		nfscl_freeflayout(flp);
5139 	}
5140 	LIST_FOREACH_SAFE(rp, &layp->nfsly_recall, nfsrecly_list, nrp) {
5141 		LIST_REMOVE(rp, nfsrecly_list);
5142 		free(rp, M_NFSLAYRECALL);
5143 	}
5144 	nfscl_layoutcnt--;
5145 	free(layp, M_NFSLAYOUT);
5146 }
5147 
5148 /*
5149  * Free up a file layout structure.
5150  */
5151 APPLESTATIC void
5152 nfscl_freeflayout(struct nfsclflayout *flp)
5153 {
5154 	int i, j;
5155 
5156 	if ((flp->nfsfl_flags & NFSFL_FILE) != 0)
5157 		for (i = 0; i < flp->nfsfl_fhcnt; i++)
5158 			free(flp->nfsfl_fh[i], M_NFSFH);
5159 	if ((flp->nfsfl_flags & NFSFL_FLEXFILE) != 0)
5160 		for (i = 0; i < flp->nfsfl_mirrorcnt; i++)
5161 			for (j = 0; j < flp->nfsfl_ffm[i].fhcnt; j++)
5162 				free(flp->nfsfl_ffm[i].fh[j], M_NFSFH);
5163 	if (flp->nfsfl_devp != NULL)
5164 		flp->nfsfl_devp->nfsdi_layoutrefs--;
5165 	free(flp, M_NFSFLAYOUT);
5166 }
5167 
5168 /*
5169  * Free up a file layout devinfo structure.
5170  */
5171 APPLESTATIC void
5172 nfscl_freedevinfo(struct nfscldevinfo *dip)
5173 {
5174 
5175 	free(dip, M_NFSDEVINFO);
5176 }
5177 
5178 /*
5179  * Mark any layouts that match as recalled.
5180  */
5181 static int
5182 nfscl_layoutrecall(int recalltype, struct nfscllayout *lyp, uint32_t iomode,
5183     uint64_t off, uint64_t len, uint32_t stateseqid,
5184     struct nfsclrecalllayout *recallp)
5185 {
5186 	struct nfsclrecalllayout *rp, *orp;
5187 
5188 	recallp->nfsrecly_recalltype = recalltype;
5189 	recallp->nfsrecly_iomode = iomode;
5190 	recallp->nfsrecly_stateseqid = stateseqid;
5191 	recallp->nfsrecly_off = off;
5192 	recallp->nfsrecly_len = len;
5193 	/*
5194 	 * Order the list as file returns first, followed by fsid and any
5195 	 * returns, both in increasing stateseqid order.
5196 	 * Note that the seqids wrap around, so 1 is after 0xffffffff.
5197 	 * (I'm not sure this is correct because I find RFC5661 confusing
5198 	 *  on this, but hopefully it will work ok.)
5199 	 */
5200 	orp = NULL;
5201 	LIST_FOREACH(rp, &lyp->nfsly_recall, nfsrecly_list) {
5202 		orp = rp;
5203 		if ((recalltype == NFSLAYOUTRETURN_FILE &&
5204 		     (rp->nfsrecly_recalltype != NFSLAYOUTRETURN_FILE ||
5205 		      nfscl_seq(stateseqid, rp->nfsrecly_stateseqid) != 0)) ||
5206 		    (recalltype != NFSLAYOUTRETURN_FILE &&
5207 		     rp->nfsrecly_recalltype != NFSLAYOUTRETURN_FILE &&
5208 		     nfscl_seq(stateseqid, rp->nfsrecly_stateseqid) != 0)) {
5209 			LIST_INSERT_BEFORE(rp, recallp, nfsrecly_list);
5210 			break;
5211 		}
5212 	}
5213 	if (rp == NULL) {
5214 		if (orp == NULL)
5215 			LIST_INSERT_HEAD(&lyp->nfsly_recall, recallp,
5216 			    nfsrecly_list);
5217 		else
5218 			LIST_INSERT_AFTER(orp, recallp, nfsrecly_list);
5219 	}
5220 	lyp->nfsly_flags |= NFSLY_RECALL;
5221 	return (0);
5222 }
5223 
5224 /*
5225  * Compare the two seqids for ordering. The trick is that the seqids can
5226  * wrap around from 0xffffffff->0, so check for the cases where one
5227  * has wrapped around.
5228  * Return 1 if seqid1 comes before seqid2, 0 otherwise.
5229  */
5230 static int
5231 nfscl_seq(uint32_t seqid1, uint32_t seqid2)
5232 {
5233 
5234 	if (seqid2 > seqid1 && (seqid2 - seqid1) >= 0x7fffffff)
5235 		/* seqid2 has wrapped around. */
5236 		return (0);
5237 	if (seqid1 > seqid2 && (seqid1 - seqid2) >= 0x7fffffff)
5238 		/* seqid1 has wrapped around. */
5239 		return (1);
5240 	if (seqid1 <= seqid2)
5241 		return (1);
5242 	return (0);
5243 }
5244 
5245 /*
5246  * Do a layout return for each of the recalls.
5247  */
5248 static void
5249 nfscl_layoutreturn(struct nfsmount *nmp, struct nfscllayout *lyp,
5250     struct ucred *cred, NFSPROC_T *p)
5251 {
5252 	struct nfsclrecalllayout *rp;
5253 	nfsv4stateid_t stateid;
5254 	int layouttype;
5255 
5256 	NFSBCOPY(lyp->nfsly_stateid.other, stateid.other, NFSX_STATEIDOTHER);
5257 	stateid.seqid = lyp->nfsly_stateid.seqid;
5258 	if ((lyp->nfsly_flags & NFSLY_FILES) != 0)
5259 		layouttype = NFSLAYOUT_NFSV4_1_FILES;
5260 	else
5261 		layouttype = NFSLAYOUT_FLEXFILE;
5262 	LIST_FOREACH(rp, &lyp->nfsly_recall, nfsrecly_list) {
5263 		(void)nfsrpc_layoutreturn(nmp, lyp->nfsly_fh,
5264 		    lyp->nfsly_fhlen, 0, layouttype,
5265 		    rp->nfsrecly_iomode, rp->nfsrecly_recalltype,
5266 		    rp->nfsrecly_off, rp->nfsrecly_len,
5267 		    &stateid, cred, p, NULL);
5268 	}
5269 }
5270 
5271 /*
5272  * Do the layout commit for a file layout.
5273  */
5274 static void
5275 nfscl_dolayoutcommit(struct nfsmount *nmp, struct nfscllayout *lyp,
5276     struct ucred *cred, NFSPROC_T *p)
5277 {
5278 	struct nfsclflayout *flp;
5279 	uint64_t len;
5280 	int error, layouttype;
5281 
5282 	if ((lyp->nfsly_flags & NFSLY_FILES) != 0)
5283 		layouttype = NFSLAYOUT_NFSV4_1_FILES;
5284 	else
5285 		layouttype = NFSLAYOUT_FLEXFILE;
5286 	LIST_FOREACH(flp, &lyp->nfsly_flayrw, nfsfl_list) {
5287 		if (layouttype == NFSLAYOUT_FLEXFILE &&
5288 		    (flp->nfsfl_fflags & NFSFLEXFLAG_NO_LAYOUTCOMMIT) != 0) {
5289 			NFSCL_DEBUG(4, "Flex file: no layoutcommit\n");
5290 			/* If not supported, don't bother doing it. */
5291 			NFSLOCKMNT(nmp);
5292 			nmp->nm_state |= NFSSTA_NOLAYOUTCOMMIT;
5293 			NFSUNLOCKMNT(nmp);
5294 			break;
5295 		} else if (flp->nfsfl_off <= lyp->nfsly_lastbyte) {
5296 			len = flp->nfsfl_end - flp->nfsfl_off;
5297 			error = nfsrpc_layoutcommit(nmp, lyp->nfsly_fh,
5298 			    lyp->nfsly_fhlen, 0, flp->nfsfl_off, len,
5299 			    lyp->nfsly_lastbyte, &lyp->nfsly_stateid,
5300 			    layouttype, cred, p, NULL);
5301 			NFSCL_DEBUG(4, "layoutcommit err=%d\n", error);
5302 			if (error == NFSERR_NOTSUPP) {
5303 				/* If not supported, don't bother doing it. */
5304 				NFSLOCKMNT(nmp);
5305 				nmp->nm_state |= NFSSTA_NOLAYOUTCOMMIT;
5306 				NFSUNLOCKMNT(nmp);
5307 				break;
5308 			}
5309 		}
5310 	}
5311 }
5312 
5313 /*
5314  * Commit all layouts for a file (vnode).
5315  */
5316 int
5317 nfscl_layoutcommit(vnode_t vp, NFSPROC_T *p)
5318 {
5319 	struct nfsclclient *clp;
5320 	struct nfscllayout *lyp;
5321 	struct nfsnode *np = VTONFS(vp);
5322 	mount_t mp;
5323 	struct nfsmount *nmp;
5324 
5325 	mp = vnode_mount(vp);
5326 	nmp = VFSTONFS(mp);
5327 	if (NFSHASNOLAYOUTCOMMIT(nmp))
5328 		return (0);
5329 	NFSLOCKCLSTATE();
5330 	clp = nmp->nm_clp;
5331 	if (clp == NULL) {
5332 		NFSUNLOCKCLSTATE();
5333 		return (EPERM);
5334 	}
5335 	lyp = nfscl_findlayout(clp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len);
5336 	if (lyp == NULL) {
5337 		NFSUNLOCKCLSTATE();
5338 		return (EPERM);
5339 	}
5340 	nfsv4_getref(&lyp->nfsly_lock, NULL, NFSCLSTATEMUTEXPTR, mp);
5341 	if (NFSCL_FORCEDISM(mp)) {
5342 		NFSUNLOCKCLSTATE();
5343 		return (EPERM);
5344 	}
5345 tryagain:
5346 	if ((lyp->nfsly_flags & NFSLY_WRITTEN) != 0) {
5347 		lyp->nfsly_flags &= ~NFSLY_WRITTEN;
5348 		NFSUNLOCKCLSTATE();
5349 		NFSCL_DEBUG(4, "do layoutcommit2\n");
5350 		nfscl_dolayoutcommit(clp->nfsc_nmp, lyp, NFSPROCCRED(p), p);
5351 		NFSLOCKCLSTATE();
5352 		goto tryagain;
5353 	}
5354 	nfsv4_relref(&lyp->nfsly_lock);
5355 	NFSUNLOCKCLSTATE();
5356 	return (0);
5357 }
5358 
5359