xref: /illumos-gate/usr/src/uts/common/fs/autofs/auto_subr.c (revision fb2a9bae0030340ad72b9c26ba1ffee2ee3cafec)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <sys/param.h>
28 #include <sys/kmem.h>
29 #include <sys/errno.h>
30 #include <sys/proc.h>
31 #include <sys/disp.h>
32 #include <sys/vfs.h>
33 #include <sys/vnode.h>
34 #include <sys/pathname.h>
35 #include <sys/cred.h>
36 #include <sys/mount.h>
37 #include <sys/cmn_err.h>
38 #include <sys/debug.h>
39 #include <sys/systm.h>
40 #include <sys/dirent.h>
41 #include <fs/fs_subr.h>
42 #include <sys/fs/autofs.h>
43 #include <sys/callb.h>
44 #include <sys/sysmacros.h>
45 #include <sys/zone.h>
46 #include <sys/door.h>
47 #include <sys/fs/mntdata.h>
48 #include <nfs/mount.h>
49 #include <rpc/clnt.h>
50 #include <rpcsvc/autofs_prot.h>
51 #include <nfs/rnode.h>
52 #include <sys/utsname.h>
53 #include <sys/schedctl.h>
54 
55 /*
56  * Autofs and Zones:
57  *
58  * Zones are delegated the responsibility of managing their own autofs mounts
59  * and maps.  Each zone runs its own copy of automountd, with its own timeouts,
60  * and other logically "global" parameters.  kRPC and virtualization in the
61  * loopback transport (tl) will prevent a zone from communicating with another
62  * zone's automountd.
63  *
64  * Each zone has its own "rootfnnode" and associated tree of auto nodes.
65  *
66  * Each zone also has its own set of "unmounter" kernel threads; these are
67  * created and run within the zone's context (ie, they are created via
68  * zthread_create()).
69  *
70  * Cross-zone mount triggers are disallowed.  There is a check in
71  * auto_trigger_mount() to this effect; EPERM is returned to indicate that the
72  * mount is not owned by the caller.
73  *
74  * autofssys() enables a caller in the global zone to clean up in-kernel (as
75  * well as regular) autofs mounts via the unmount_tree() mechanism.  This is
76  * routinely done when all mounts are removed as part of zone shutdown.
77  */
78 #define	TYPICALMAXPATHLEN	64
79 
80 static kmutex_t autofs_nodeid_lock;
81 
82 static int auto_perform_link(fnnode_t *, struct linka *, cred_t *);
83 static int auto_perform_actions(fninfo_t *, fnnode_t *,
84     action_list *, cred_t *);
85 static int auto_getmntpnt(vnode_t *, char *, vnode_t **, cred_t *);
86 static int auto_lookup_request(fninfo_t *, char *, struct linka *,
87     bool_t, bool_t *, cred_t *);
88 static int auto_mount_request(fninfo_t *, char *, action_list **, cred_t *,
89     bool_t);
90 
91 /*
92  * Clears the MF_INPROG flag, and wakes up those threads sleeping on
93  * fn_cv_mount if MF_WAITING is set.
94  */
95 void
96 auto_unblock_others(
97 	fnnode_t *fnp,
98 	uint_t operation)		/* either MF_INPROG or MF_LOOKUP */
99 {
100 	ASSERT(operation & (MF_INPROG | MF_LOOKUP));
101 	fnp->fn_flags &= ~operation;
102 	if (fnp->fn_flags & MF_WAITING) {
103 		fnp->fn_flags &= ~MF_WAITING;
104 		cv_broadcast(&fnp->fn_cv_mount);
105 	}
106 }
107 
108 int
109 auto_wait4mount(fnnode_t *fnp)
110 {
111 	int error;
112 	k_sigset_t smask;
113 
114 	AUTOFS_DPRINT((4, "auto_wait4mount: fnp=%p\n", (void *)fnp));
115 
116 	mutex_enter(&fnp->fn_lock);
117 	while (fnp->fn_flags & (MF_INPROG | MF_LOOKUP)) {
118 		/*
119 		 * There is a mount or a lookup in progress.
120 		 */
121 		fnp->fn_flags |= MF_WAITING;
122 		sigintr(&smask, 1);
123 		if (!cv_wait_sig(&fnp->fn_cv_mount, &fnp->fn_lock)) {
124 			/*
125 			 * Decided not to wait for operation to
126 			 * finish after all.
127 			 */
128 			sigunintr(&smask);
129 			mutex_exit(&fnp->fn_lock);
130 			return (EINTR);
131 		}
132 		sigunintr(&smask);
133 	}
134 	error = fnp->fn_error;
135 
136 	if (error == EINTR) {
137 		/*
138 		 * The thread doing the mount got interrupted, we need to
139 		 * try again, by returning EAGAIN.
140 		 */
141 		error = EAGAIN;
142 	}
143 	mutex_exit(&fnp->fn_lock);
144 
145 	AUTOFS_DPRINT((5, "auto_wait4mount: fnp=%p error=%d\n", (void *)fnp,
146 	    error));
147 	return (error);
148 }
149 
150 int
151 auto_lookup_aux(fnnode_t *fnp, char *name, cred_t *cred)
152 {
153 	struct fninfo *fnip;
154 	struct linka link;
155 	bool_t mountreq = FALSE;
156 	int error = 0;
157 
158 	fnip = vfstofni(fntovn(fnp)->v_vfsp);
159 	bzero(&link, sizeof (link));
160 	error = auto_lookup_request(fnip, name, &link, TRUE, &mountreq, cred);
161 	if (!error) {
162 		if (link.link != NULL || link.link != '\0') {
163 			/*
164 			 * This node should be a symlink
165 			 */
166 			error = auto_perform_link(fnp, &link, cred);
167 		} else if (mountreq) {
168 			/*
169 			 * The automount daemon is requesting a mount,
170 			 * implying this entry must be a wildcard match and
171 			 * therefore in need of verification that the entry
172 			 * exists on the server.
173 			 */
174 			mutex_enter(&fnp->fn_lock);
175 			AUTOFS_BLOCK_OTHERS(fnp, MF_INPROG);
176 			fnp->fn_error = 0;
177 
178 			/*
179 			 * Unblock other lookup requests on this node,
180 			 * this is needed to let the lookup generated by
181 			 * the mount call to complete. The caveat is
182 			 * other lookups on this node can also get by,
183 			 * i.e., another lookup on this node that occurs
184 			 * while this lookup is attempting the mount
185 			 * would return a positive result no matter what.
186 			 * Therefore two lookups on the this node could
187 			 * potentially get disparate results.
188 			 */
189 			AUTOFS_UNBLOCK_OTHERS(fnp, MF_LOOKUP);
190 			mutex_exit(&fnp->fn_lock);
191 			/*
192 			 * auto_new_mount_thread fires up a new thread which
193 			 * calls automountd finishing up the work
194 			 */
195 			auto_new_mount_thread(fnp, name, cred);
196 
197 			/*
198 			 * At this point, we are simply another thread
199 			 * waiting for the mount to complete
200 			 */
201 			error = auto_wait4mount(fnp);
202 			if (error == AUTOFS_SHUTDOWN)
203 				error = ENOENT;
204 		}
205 	}
206 
207 	if (link.link)
208 		kmem_free(link.link, strlen(link.link) + 1);
209 	if (link.dir)
210 		kmem_free(link.dir, strlen(link.dir) + 1);
211 	mutex_enter(&fnp->fn_lock);
212 	fnp->fn_error = error;
213 
214 	/*
215 	 * Notify threads waiting for lookup/mount that
216 	 * it's done.
217 	 */
218 	if (mountreq) {
219 		AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
220 	} else {
221 		AUTOFS_UNBLOCK_OTHERS(fnp, MF_LOOKUP);
222 	}
223 	mutex_exit(&fnp->fn_lock);
224 	return (error);
225 }
226 
227 /*
228  * Starting point for thread to handle mount requests with automountd.
229  * XXX auto_mount_thread() is not suspend-safe within the scope of
230  * the present model defined for cpr to suspend the system. Calls
231  * made by the auto_mount_thread() that have been identified to be unsafe
232  * are (1) RPC client handle setup and client calls to automountd which
233  * can block deep down in the RPC library, (2) kmem_alloc() calls with the
234  * KM_SLEEP flag which can block if memory is low, and (3) VFS_*(), and
235  * lookuppnvp() calls which can result in over the wire calls to servers.
236  * The thread should be completely reevaluated to make it suspend-safe in
237  * case of future updates to the cpr model.
238  */
239 static void
240 auto_mount_thread(struct autofs_callargs *argsp)
241 {
242 	struct fninfo 		*fnip;
243 	fnnode_t 		*fnp;
244 	vnode_t 		*vp;
245 	char 			*name;
246 	size_t 			namelen;
247 	cred_t 			*cred;
248 	action_list		*alp = NULL;
249 	int 			error;
250 	callb_cpr_t 		cprinfo;
251 	kmutex_t 		auto_mount_thread_cpr_lock;
252 
253 	mutex_init(&auto_mount_thread_cpr_lock, NULL, MUTEX_DEFAULT, NULL);
254 	CALLB_CPR_INIT(&cprinfo, &auto_mount_thread_cpr_lock,
255 	    callb_generic_cpr, "auto_mount_thread");
256 
257 	fnp = argsp->fnc_fnp;
258 	vp = fntovn(fnp);
259 	fnip = vfstofni(vp->v_vfsp);
260 	name = argsp->fnc_name;
261 	cred = argsp->fnc_cred;
262 	ASSERT(crgetzoneid(argsp->fnc_cred) == fnip->fi_zoneid);
263 
264 	error = auto_mount_request(fnip, name, &alp, cred, TRUE);
265 	if (!error)
266 		error = auto_perform_actions(fnip, fnp, alp, cred);
267 	mutex_enter(&fnp->fn_lock);
268 	fnp->fn_error = error;
269 
270 	/*
271 	 * Notify threads waiting for mount that
272 	 * it's done.
273 	 */
274 	AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
275 	mutex_exit(&fnp->fn_lock);
276 
277 	VN_RELE(vp);
278 	crfree(argsp->fnc_cred);
279 	namelen = strlen(argsp->fnc_name) + 1;
280 	kmem_free(argsp->fnc_name, namelen);
281 	kmem_free(argsp, sizeof (*argsp));
282 
283 	mutex_enter(&auto_mount_thread_cpr_lock);
284 	CALLB_CPR_EXIT(&cprinfo);
285 	mutex_destroy(&auto_mount_thread_cpr_lock);
286 	zthread_exit();
287 	/* NOTREACHED */
288 }
289 
290 static int autofs_thr_success = 0;
291 
292 /*
293  * Creates new thread which calls auto_mount_thread which does
294  * the bulk of the work calling automountd, via 'auto_perform_actions'.
295  */
296 void
297 auto_new_mount_thread(fnnode_t *fnp, char *name, cred_t *cred)
298 {
299 	struct autofs_callargs *argsp;
300 
301 	argsp = kmem_alloc(sizeof (*argsp), KM_SLEEP);
302 	VN_HOLD(fntovn(fnp));
303 	argsp->fnc_fnp = fnp;
304 	argsp->fnc_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
305 	(void) strcpy(argsp->fnc_name, name);
306 	argsp->fnc_origin = curthread;
307 	crhold(cred);
308 	argsp->fnc_cred = cred;
309 
310 	(void) zthread_create(NULL, 0, auto_mount_thread, argsp, 0,
311 	    minclsyspri);
312 	autofs_thr_success++;
313 }
314 
315 #define	DOOR_BUF_ALIGN		(1024*1024)
316 #define	DOOR_BUF_MULTIPLIER	3
317 #define	DOOR_BUF_DEFAULT_SZ	(DOOR_BUF_MULTIPLIER * DOOR_BUF_ALIGN)
318 int	doorbuf_defsz = DOOR_BUF_DEFAULT_SZ;
319 
320 /*ARGSUSED*/
321 int
322 auto_calldaemon(
323 	zoneid_t 		zoneid,
324 	int			which,
325 	xdrproc_t		xarg_func,
326 	void 			*argsp,
327 	xdrproc_t		xresp_func,
328 	void 			*resp,
329 	int			reslen,
330 	bool_t 			hard)	/* retry forever? */
331 {
332 	int			 retry;
333 	int			 error = 0;
334 	k_sigset_t		 smask;
335 	door_arg_t		 door_args;
336 	door_handle_t		 dh;
337 	XDR			 xdrarg;
338 	XDR			 xdrres;
339 	struct autofs_globals 	*fngp = NULL;
340 	void			*orp = NULL;
341 	int			 orl;
342 	int			 rlen = 0;	/* MUST be initialized */
343 	autofs_door_args_t	*xdr_argsp;
344 	int			 xdr_len = 0;
345 	int			 printed_not_running_msg = 0;
346 	klwp_t			*lwp = ttolwp(curthread);
347 
348 	/*
349 	 * We know that the current thread is doing work on
350 	 * behalf of its own zone, so it's ok to use
351 	 * curproc->p_zone.
352 	 */
353 	ASSERT(zoneid == getzoneid());
354 	if (zone_status_get(curproc->p_zone) >= ZONE_IS_SHUTTING_DOWN) {
355 		/*
356 		 * There's no point in trying to talk to
357 		 * automountd.  Plus, zone_shutdown() is
358 		 * waiting for us.
359 		 */
360 		return (ECONNREFUSED);
361 	}
362 
363 	do {
364 		retry = 0;
365 		mutex_enter(&autofs_minor_lock);
366 		fngp = zone_getspecific(autofs_key, curproc->p_zone);
367 		mutex_exit(&autofs_minor_lock);
368 		if (fngp == NULL) {
369 			if (hard) {
370 				AUTOFS_DPRINT((5,
371 				    "auto_calldaemon: "\
372 				    "failed to get door handle\n"));
373 				if (!printed_not_running_msg) {
374 					printed_not_running_msg = 1;
375 					zprintf(zoneid, "automountd not "\
376 					    "running, retrying\n");
377 				}
378 				delay(hz);
379 				retry = 1;
380 			} else {
381 				/*
382 				 * There is no global data so no door.
383 				 * There's no point in attempting to talk
384 				 * to automountd if we can't get the door
385 				 * handle.
386 				 */
387 				return (ECONNREFUSED);
388 			}
389 		}
390 	} while (retry);
391 
392 	if (printed_not_running_msg) {
393 		fngp->fng_printed_not_running_msg = printed_not_running_msg;
394 	}
395 
396 	ASSERT(fngp != NULL);
397 
398 	if (argsp != NULL && (xdr_len = xdr_sizeof(xarg_func, argsp)) == 0)
399 		return (EINVAL);
400 	xdr_argsp = kmem_zalloc(xdr_len + sizeof (*xdr_argsp), KM_SLEEP);
401 	xdr_argsp->xdr_len = xdr_len;
402 	xdr_argsp->cmd = which;
403 
404 	if (argsp) {
405 		xdrmem_create(&xdrarg, (char *)&xdr_argsp->xdr_arg,
406 		    xdr_argsp->xdr_len, XDR_ENCODE);
407 
408 		if (!(*xarg_func)(&xdrarg, argsp)) {
409 			kmem_free(xdr_argsp, xdr_len + sizeof (*xdr_argsp));
410 			return (EINVAL);
411 		}
412 	}
413 
414 	/*
415 	 * We're saving off the original pointer and length due to the
416 	 * possibility that the results buffer returned by the door
417 	 * upcall can be different then what we passed in. This is because
418 	 * the door will allocate new memory if the results buffer passed
419 	 * in isn't large enough to hold what we need to send back.
420 	 * In this case we need to free the memory originally allocated
421 	 * for that buffer.
422 	 */
423 	if (resp)
424 		rlen = xdr_sizeof(xresp_func, resp);
425 	orl = (rlen == 0) ? doorbuf_defsz : MAX(rlen, doorbuf_defsz);
426 	orp = kmem_zalloc(orl, KM_SLEEP);
427 
428 	do {
429 		retry = 0;
430 		mutex_enter(&fngp->fng_autofs_daemon_lock);
431 		dh = fngp->fng_autofs_daemon_dh;
432 		if (dh)
433 			door_ki_hold(dh);
434 		mutex_exit(&fngp->fng_autofs_daemon_lock);
435 
436 		if (dh == NULL) {
437 			if (orp)
438 				kmem_free(orp, orl);
439 			kmem_free(xdr_argsp, xdr_len + sizeof (*xdr_argsp));
440 			return (ENOENT);
441 		}
442 		door_args.data_ptr = (char *)xdr_argsp;
443 		door_args.data_size = sizeof (*xdr_argsp) + xdr_argsp->xdr_len;
444 		door_args.desc_ptr = NULL;
445 		door_args.desc_num = 0;
446 		door_args.rbuf = orp ? (char *)orp : NULL;
447 		door_args.rsize = orl;
448 
449 		sigintr(&smask, 1);
450 		error =
451 		    door_ki_upcall_limited(dh, &door_args, NULL, SIZE_MAX, 0);
452 		sigunintr(&smask);
453 
454 		door_ki_rele(dh);
455 
456 		/*
457 		 * Handle daemon errors
458 		 */
459 		if (!error) {
460 			/*
461 			 * Upcall successful. Let's check for soft errors
462 			 * from the daemon. We only recover from overflow
463 			 * type scenarios. Any other errors, we return to
464 			 * the caller.
465 			 */
466 			autofs_door_res_t *adr =
467 			    (autofs_door_res_t *)door_args.rbuf;
468 
469 			if (door_args.rbuf != NULL) {
470 				int	 nl;
471 
472 				switch (error = adr->res_status) {
473 				case 0:	/* no error; continue */
474 					break;
475 
476 				case EOVERFLOW:
477 					/*
478 					 * orig landing buf not big enough.
479 					 * xdr_len in XDR_BYTES_PER_UNIT
480 					 */
481 					if ((nl = adr->xdr_len) > 0 &&
482 					    (btopr(nl) < freemem/64)) {
483 						if (orp)
484 							kmem_free(orp, orl);
485 						orp = kmem_zalloc(nl, KM_SLEEP);
486 						orl = nl;
487 						retry = 1;
488 						break;
489 					}
490 					/*FALLTHROUGH*/
491 
492 				default:
493 					kmem_free(xdr_argsp,
494 					    xdr_len + sizeof (*xdr_argsp));
495 					if (orp)
496 						kmem_free(orp, orl);
497 					return (error);
498 				}
499 			}
500 			continue;
501 		}
502 
503 		/*
504 		 * no daemon errors; now process door/comm errors (if any)
505 		 */
506 		switch (error) {
507 		case EINTR:
508 			/*
509 			 * interrupts should be handled properly by the
510 			 * door upcall. If the door doesn't handle the
511 			 * interupt completely then we need to bail out.
512 			 */
513 			if (lwp && (ISSIG(curthread,
514 			    JUSTLOOKING) || MUSTRETURN(curproc, curthread))) {
515 				if (ISSIG(curthread, FORREAL) ||
516 				    lwp->lwp_sysabort ||
517 				    MUSTRETURN(curproc, curthread)) {
518 					lwp->lwp_sysabort = 0;
519 					return (EINTR);
520 				}
521 			}
522 			/*
523 			 * We may have gotten EINTR for other reasons
524 			 * like the door being revoked on us. Instead
525 			 * of trying to extract this out of the door
526 			 * handle, sleep and try again, if still
527 			 * revoked we will get EBADF next time
528 			 * through.
529 			 *
530 			 * If we have a pending cancellation and we don't
531 			 * have cancellation disabled, we will get EINTR
532 			 * forever, no matter how many times we retry,
533 			 * so just get out now if this is the case.
534 			 */
535 			if (schedctl_cancel_pending())
536 				break;
537 			/* FALLTHROUGH */
538 		case EAGAIN:    /* process may be forking */
539 			/*
540 			 * Back off for a bit
541 			 */
542 			delay(hz);
543 			retry = 1;
544 			break;
545 		case EBADF:	/* Invalid door */
546 		case EINVAL:    /* Not a door, wrong target */
547 			/*
548 			 * A fatal door error, if our failing door
549 			 * handle is the current door handle, clean
550 			 * up our state.
551 			 */
552 			mutex_enter(&fngp->fng_autofs_daemon_lock);
553 			if (dh == fngp->fng_autofs_daemon_dh) {
554 				door_ki_rele(fngp->fng_autofs_daemon_dh);
555 				fngp->fng_autofs_daemon_dh = NULL;
556 			}
557 			mutex_exit(&fngp->fng_autofs_daemon_lock);
558 			AUTOFS_DPRINT((5, "auto_calldaemon error=%d\n", error));
559 			if (hard) {
560 				if (!fngp->fng_printed_not_running_msg) {
561 					fngp->fng_printed_not_running_msg = 1;
562 					zprintf(zoneid, "automountd not "
563 					    "running, retrying\n");
564 				}
565 				delay(hz);
566 				retry = 1;
567 				break;
568 			} else {
569 				error = ECONNREFUSED;
570 				kmem_free(xdr_argsp,
571 				    xdr_len + sizeof (*xdr_argsp));
572 				if (orp)
573 					kmem_free(orp, orl);
574 				return (error);
575 			}
576 		default:	/* Unknown must be fatal */
577 			error = ENOENT;
578 			kmem_free(xdr_argsp, xdr_len + sizeof (*xdr_argsp));
579 			if (orp)
580 				kmem_free(orp, orl);
581 			return (error);
582 		}
583 	} while (retry);
584 
585 	if (fngp->fng_printed_not_running_msg == 1) {
586 		fngp->fng_printed_not_running_msg = 0;
587 		zprintf(zoneid, "automountd OK\n");
588 	}
589 
590 	if (orp && orl) {
591 		autofs_door_res_t	*door_resp;
592 		door_resp = (autofs_door_res_t *)door_args.rbuf;
593 
594 		if ((void *)door_args.rbuf != orp)
595 			kmem_free(orp, orl);
596 
597 		xdrmem_create(&xdrres, (char *)&door_resp->xdr_res,
598 		    door_resp->xdr_len, XDR_DECODE);
599 
600 		if (!((*xresp_func)(&xdrres, resp)))
601 			error = EINVAL;
602 		kmem_free(door_args.rbuf, door_args.rsize);
603 	}
604 	kmem_free(xdr_argsp, xdr_len + sizeof (*xdr_argsp));
605 	return (error);
606 }
607 
608 static int
609 auto_null_request(fninfo_t *fnip, bool_t hard)
610 {
611 	int error;
612 	struct autofs_globals *fngp = vntofn(fnip->fi_rootvp)->fn_globals;
613 
614 	AUTOFS_DPRINT((4, "\tauto_null_request\n"));
615 
616 	error = auto_calldaemon(fngp->fng_zoneid, NULLPROC,
617 	    xdr_void, NULL, xdr_void, NULL, 0, hard);
618 
619 	AUTOFS_DPRINT((5, "\tauto_null_request: error=%d\n", error));
620 	return (error);
621 }
622 
623 static int
624 auto_lookup_request(
625 	fninfo_t *fnip,
626 	char *key,
627 	struct linka *lnp,
628 	bool_t hard,
629 	bool_t *mountreq,
630 	cred_t *cred)
631 {
632 	int 				error;
633 	struct autofs_globals 		*fngp;
634 	struct autofs_lookupargs	 reqst;
635 	autofs_lookupres 		*resp;
636 	struct linka 			*p;
637 
638 
639 	AUTOFS_DPRINT((4, "auto_lookup_equest: path=%s name=%s\n",
640 	    fnip->fi_path, key));
641 
642 	fngp = vntofn(fnip->fi_rootvp)->fn_globals;
643 
644 	reqst.map = fnip->fi_map;
645 	reqst.path = fnip->fi_path;
646 
647 	if (fnip->fi_flags & MF_DIRECT)
648 		reqst.name = fnip->fi_key;
649 	else
650 		reqst.name = key;
651 	AUTOFS_DPRINT((4, "auto_lookup_request: using key=%s\n", reqst.name));
652 
653 	reqst.subdir = fnip->fi_subdir;
654 	reqst.opts = fnip->fi_opts;
655 	reqst.isdirect = fnip->fi_flags & MF_DIRECT ? TRUE : FALSE;
656 	reqst.uid = crgetuid(cred);
657 
658 	resp = kmem_zalloc(sizeof (*resp), KM_SLEEP);
659 
660 	error = auto_calldaemon(fngp->fng_zoneid, AUTOFS_LOOKUP,
661 	    xdr_autofs_lookupargs, &reqst, xdr_autofs_lookupres,
662 	    (void *)resp, sizeof (autofs_lookupres), hard);
663 
664 	if (error) {
665 		xdr_free(xdr_autofs_lookupres, (char *)resp);
666 		kmem_free(resp, sizeof (*resp));
667 		return (error);
668 	}
669 
670 	if (!error) {
671 		fngp->fng_verbose = resp->lu_verbose;
672 		switch (resp->lu_res) {
673 		case AUTOFS_OK:
674 			switch (resp->lu_type.action) {
675 			case AUTOFS_MOUNT_RQ:
676 				lnp->link = NULL;
677 				lnp->dir = NULL;
678 				*mountreq = TRUE;
679 				break;
680 
681 			case AUTOFS_LINK_RQ:
682 			p = &resp->lu_type.lookup_result_type_u.lt_linka;
683 				lnp->dir = kmem_alloc(strlen(p->dir) + 1,
684 				    KM_SLEEP);
685 				(void) strcpy(lnp->dir, p->dir);
686 				lnp->link = kmem_alloc(strlen(p->link) + 1,
687 				    KM_SLEEP);
688 				(void) strcpy(lnp->link, p->link);
689 				break;
690 
691 			case AUTOFS_NONE:
692 				lnp->link = NULL;
693 				lnp->dir = NULL;
694 				break;
695 
696 			default:
697 				auto_log(fngp->fng_verbose, fngp->fng_zoneid,
698 				    CE_WARN, "auto_lookup_request: bad action "
699 				    "type %d", resp->lu_res);
700 				error = ENOENT;
701 			}
702 			break;
703 
704 		case AUTOFS_NOENT:
705 			error = ENOENT;
706 			break;
707 
708 		default:
709 			error = ENOENT;
710 			auto_log(fngp->fng_verbose, fngp->fng_zoneid, CE_WARN,
711 			    "auto_lookup_request: unknown result: %d",
712 			    resp->lu_res);
713 			break;
714 		}
715 	}
716 done:
717 	xdr_free(xdr_autofs_lookupres, (char *)resp);
718 	kmem_free(resp, sizeof (*resp));
719 	AUTOFS_DPRINT((5, "auto_lookup_request: path=%s name=%s error=%d\n",
720 	    fnip->fi_path, key, error));
721 	return (error);
722 }
723 
724 static int
725 auto_mount_request(
726 	fninfo_t *fnip,
727 	char *key,
728 	action_list **alpp,
729 	cred_t *cred,
730 	bool_t hard)
731 {
732 	int 			error;
733 	struct autofs_globals 	*fngp;
734 	autofs_lookupargs 	reqst;
735 	autofs_mountres		*xdrres = NULL;
736 
737 	AUTOFS_DPRINT((4, "auto_mount_request: path=%s name=%s\n",
738 	    fnip->fi_path, key));
739 
740 	fngp = vntofn(fnip->fi_rootvp)->fn_globals;
741 	reqst.map = fnip->fi_map;
742 	reqst.path = fnip->fi_path;
743 
744 	if (fnip->fi_flags & MF_DIRECT)
745 		reqst.name = fnip->fi_key;
746 	else
747 		reqst.name = key;
748 
749 	AUTOFS_DPRINT((4, "auto_mount_request: using key=%s\n", reqst.name));
750 
751 	reqst.subdir = fnip->fi_subdir;
752 	reqst.opts = fnip->fi_opts;
753 	reqst.isdirect = fnip->fi_flags & MF_DIRECT ? TRUE : FALSE;
754 	reqst.uid = crgetuid(cred);
755 
756 	xdrres = kmem_zalloc(sizeof (*xdrres), KM_SLEEP);
757 
758 	error = auto_calldaemon(fngp->fng_zoneid, AUTOFS_MNTINFO,
759 	    xdr_autofs_lookupargs, &reqst, xdr_autofs_mountres,
760 	    (void *)xdrres, sizeof (autofs_mountres), hard);
761 
762 	if (!error) {
763 		fngp->fng_verbose = xdrres->mr_verbose;
764 		switch (xdrres->mr_type.status) {
765 		case AUTOFS_ACTION:
766 			error = 0;
767 			/*
768 			 * Save the action list since it is used by
769 			 * the caller. We NULL the action list pointer
770 			 * in 'result' so that xdr_free() will not free
771 			 * the list.
772 			 */
773 			*alpp = xdrres->mr_type.mount_result_type_u.list;
774 			xdrres->mr_type.mount_result_type_u.list = NULL;
775 			break;
776 		case AUTOFS_DONE:
777 			error = xdrres->mr_type.mount_result_type_u.error;
778 			break;
779 		default:
780 			error = ENOENT;
781 			auto_log(fngp->fng_verbose, fngp->fng_zoneid, CE_WARN,
782 			    "auto_mount_request: unknown status %d",
783 			    xdrres->mr_type.status);
784 			break;
785 		}
786 	}
787 
788 	xdr_free(xdr_autofs_mountres, (char *)xdrres);
789 	kmem_free(xdrres, sizeof (*xdrres));
790 
791 
792 	AUTOFS_DPRINT((5, "auto_mount_request: path=%s name=%s error=%d\n",
793 	    fnip->fi_path, key, error));
794 	return (error);
795 }
796 
797 
798 static int
799 auto_send_unmount_request(
800 	fninfo_t *fnip,
801 	umntrequest *ul,
802 	bool_t hard)
803 {
804 	int 	error;
805 	umntres	xdrres;
806 
807 	struct autofs_globals *fngp = vntofn(fnip->fi_rootvp)->fn_globals;
808 
809 	AUTOFS_DPRINT((4, "\tauto_send_unmount_request: fstype=%s "
810 	    " mntpnt=%s\n", ul->fstype, ul->mntpnt));
811 
812 	bzero(&xdrres, sizeof (umntres));
813 	error = auto_calldaemon(fngp->fng_zoneid, AUTOFS_UNMOUNT,
814 	    xdr_umntrequest, (void *)ul, xdr_umntres, (void *)&xdrres,
815 	    sizeof (umntres), hard);
816 
817 	if (!error)
818 		error = xdrres.status;
819 
820 	AUTOFS_DPRINT((5, "\tauto_send_unmount_request: error=%d\n", error));
821 
822 	return (error);
823 }
824 
825 static int
826 auto_perform_link(fnnode_t *fnp, struct linka *linkp, cred_t *cred)
827 {
828 	vnode_t *vp;
829 	size_t len;
830 	char *tmp;
831 
832 	AUTOFS_DPRINT((3, "auto_perform_link: fnp=%p dir=%s link=%s\n",
833 	    (void *)fnp, linkp->dir, linkp->link));
834 
835 	len = strlen(linkp->link) + 1;		/* include '\0' */
836 	tmp = kmem_zalloc(len, KM_SLEEP);
837 	(void) kcopy(linkp->link, tmp, len);
838 	mutex_enter(&fnp->fn_lock);
839 	fnp->fn_symlink = tmp;
840 	fnp->fn_symlinklen = (uint_t)len;
841 	fnp->fn_flags |= MF_THISUID_MATCH_RQD;
842 	crhold(cred);
843 	fnp->fn_cred = cred;
844 	mutex_exit(&fnp->fn_lock);
845 
846 	vp = fntovn(fnp);
847 	vp->v_type = VLNK;
848 
849 	return (0);
850 }
851 
852 static void
853 auto_free_autofs_args(struct mounta *m)
854 {
855 	autofs_args	*aargs = (autofs_args *)m->dataptr;
856 
857 	if (aargs->addr.buf)
858 		kmem_free(aargs->addr.buf, aargs->addr.len);
859 	if (aargs->path)
860 		kmem_free(aargs->path, strlen(aargs->path) + 1);
861 	if (aargs->opts)
862 		kmem_free(aargs->opts, strlen(aargs->opts) + 1);
863 	if (aargs->map)
864 		kmem_free(aargs->map, strlen(aargs->map) + 1);
865 	if (aargs->subdir)
866 		kmem_free(aargs->subdir, strlen(aargs->subdir) + 1);
867 	if (aargs->key)
868 		kmem_free(aargs->key, strlen(aargs->key) + 1);
869 	kmem_free(aargs, sizeof (*aargs));
870 }
871 
872 static void
873 auto_free_action_list(action_list *alp)
874 {
875 	struct	mounta	*m;
876 	action_list	*lastalp;
877 	char		*fstype;
878 
879 	m = &alp->action.action_list_entry_u.mounta;
880 	while (alp != NULL) {
881 		fstype = alp->action.action_list_entry_u.mounta.fstype;
882 		m = &alp->action.action_list_entry_u.mounta;
883 		if (m->dataptr) {
884 			if (strcmp(fstype, "autofs") == 0) {
885 				auto_free_autofs_args(m);
886 			}
887 		}
888 		if (m->spec)
889 			kmem_free(m->spec, strlen(m->spec) + 1);
890 		if (m->dir)
891 			kmem_free(m->dir, strlen(m->dir) + 1);
892 		if (m->fstype)
893 			kmem_free(m->fstype, strlen(m->fstype) + 1);
894 		if (m->optptr)
895 			kmem_free(m->optptr, m->optlen);
896 		lastalp = alp;
897 		alp = alp->next;
898 		kmem_free(lastalp, sizeof (*lastalp));
899 	}
900 }
901 
902 static boolean_t
903 auto_invalid_autofs(fninfo_t *dfnip, fnnode_t *dfnp, action_list *p)
904 {
905 	struct mounta *m;
906 	struct autofs_args *argsp;
907 	vnode_t *dvp;
908 	char buff[AUTOFS_MAXPATHLEN];
909 	size_t len;
910 	struct autofs_globals *fngp;
911 
912 	fngp = dfnp->fn_globals;
913 	dvp = fntovn(dfnp);
914 
915 	m = &p->action.action_list_entry_u.mounta;
916 	/*
917 	 * Make sure we aren't geting passed NULL values or a "dir" that
918 	 * isn't "." and doesn't begin with "./".
919 	 *
920 	 * We also only want to perform autofs mounts, so make sure
921 	 * no-one is trying to trick us into doing anything else.
922 	 */
923 	if (m->spec == NULL || m->dir == NULL || m->dir[0] != '.' ||
924 	    (m->dir[1] != '/' && m->dir[1] != '\0') ||
925 	    m->fstype == NULL || strcmp(m->fstype, "autofs") != 0 ||
926 	    m->dataptr == NULL || m->datalen != sizeof (struct autofs_args) ||
927 	    m->optptr == NULL)
928 		return (B_TRUE);
929 	/*
930 	 * We also don't like ".."s in the pathname.  Symlinks are
931 	 * handled by the fact that we'll use NOFOLLOW when we do
932 	 * lookup()s.
933 	 */
934 	if (strstr(m->dir, "/../") != NULL ||
935 	    (len = strlen(m->dir)) > sizeof ("/..") - 1 &&
936 	    m->dir[len] == '.' && m->dir[len - 1] == '.' &&
937 	    m->dir[len - 2] == '/')
938 		return (B_TRUE);
939 	argsp = (struct autofs_args *)m->dataptr;
940 	/*
941 	 * We don't want NULL values here either.
942 	 */
943 	if (argsp->addr.buf == NULL || argsp->path == NULL ||
944 	    argsp->opts == NULL || argsp->map == NULL || argsp->subdir == NULL)
945 		return (B_TRUE);
946 	/*
947 	 * We know what the claimed pathname *should* look like:
948 	 *
949 	 * If the parent (dfnp) is a mount point (VROOT), then
950 	 * the path should be (dfnip->fi_path + m->dir).
951 	 *
952 	 * Else, we know we're only two levels deep, so we use
953 	 * (dfnip->fi_path + dfnp->fn_name + m->dir).
954 	 *
955 	 * Furthermore, "." only makes sense if dfnp is a
956 	 * trigger node.
957 	 *
958 	 * At this point it seems like the passed-in path is
959 	 * redundant.
960 	 */
961 	if (dvp->v_flag & VROOT) {
962 		if (m->dir[1] == '\0' && !(dfnp->fn_flags & MF_TRIGGER))
963 			return (B_TRUE);
964 		(void) snprintf(buff, sizeof (buff), "%s%s",
965 		    dfnip->fi_path, m->dir + 1);
966 	} else {
967 		(void) snprintf(buff, sizeof (buff), "%s/%s%s",
968 		    dfnip->fi_path, dfnp->fn_name, m->dir + 1);
969 	}
970 	if (strcmp(argsp->path, buff) != 0) {
971 		auto_log(fngp->fng_verbose, fngp->fng_zoneid,
972 		    CE_WARN, "autofs: expected path of '%s', "
973 		    "got '%s' instead.", buff, argsp->path);
974 		return (B_TRUE);
975 	}
976 	return (B_FALSE); /* looks OK */
977 }
978 
979 /*
980  * auto_invalid_action will validate the action_list received.  If all is good
981  * this function returns FALSE, if there is a problem it returns TRUE.
982  */
983 static boolean_t
984 auto_invalid_action(fninfo_t *dfnip, fnnode_t *dfnp, action_list *alistpp)
985 {
986 
987 	/*
988 	 * Before we go any further, this better be a mount request.
989 	 */
990 	if (alistpp->action.action != AUTOFS_MOUNT_RQ)
991 		return (B_TRUE);
992 	return (auto_invalid_autofs(dfnip, dfnp, alistpp));
993 
994 }
995 
996 static int
997 auto_perform_actions(
998 	fninfo_t *dfnip,
999 	fnnode_t *dfnp,
1000 	action_list *alp,
1001 	cred_t *cred)	/* Credentials of the caller */
1002 {
1003 
1004 	action_list *p;
1005 	struct mounta		*m, margs;
1006 	struct autofs_args 		*argsp;
1007 	int 			error, success = 0;
1008 	vnode_t 		*mvp, *dvp, *newvp;
1009 	fnnode_t 		*newfnp, *mfnp;
1010 	int 			auto_mount = 0;
1011 	int 			save_triggers = 0;
1012 	int 			update_times = 0;
1013 	char 			*mntpnt;
1014 	char 			buff[AUTOFS_MAXPATHLEN];
1015 	timestruc_t 		now;
1016 	struct autofs_globals 	*fngp;
1017 	cred_t 			*zcred;
1018 
1019 	AUTOFS_DPRINT((4, "auto_perform_actions: alp=%p\n", (void *)alp));
1020 
1021 	fngp = dfnp->fn_globals;
1022 	dvp = fntovn(dfnp);
1023 
1024 	/*
1025 	 * As automountd running in a zone may be compromised, and this may be
1026 	 * an attack, we can't trust everything passed in by automountd, and we
1027 	 * need to do argument verification.  We'll issue a warning and drop
1028 	 * the request if it doesn't seem right.
1029 	 */
1030 
1031 	for (p = alp; p != NULL; p = p->next) {
1032 		if (auto_invalid_action(dfnip, dfnp, p)) {
1033 			/*
1034 			 * This warning should be sent to the global zone,
1035 			 * since presumably the zone administrator is the same
1036 			 * as the attacker.
1037 			 */
1038 			cmn_err(CE_WARN, "autofs: invalid action list received "
1039 			    "by automountd in zone %s.",
1040 			    curproc->p_zone->zone_name);
1041 			/*
1042 			 * This conversation is over.
1043 			 */
1044 			xdr_free(xdr_action_list, (char *)alp);
1045 			return (EINVAL);
1046 		}
1047 	}
1048 
1049 	zcred = zone_get_kcred(getzoneid());
1050 	ASSERT(zcred != NULL);
1051 
1052 	if (vn_mountedvfs(dvp) != NULL) {
1053 		/*
1054 		 * The daemon successfully mounted a filesystem
1055 		 * on the AUTOFS root node.
1056 		 */
1057 		mutex_enter(&dfnp->fn_lock);
1058 		dfnp->fn_flags |= MF_MOUNTPOINT;
1059 		ASSERT(dfnp->fn_dirents == NULL);
1060 		mutex_exit(&dfnp->fn_lock);
1061 		success++;
1062 	} else {
1063 		/*
1064 		 * Clear MF_MOUNTPOINT.
1065 		 */
1066 		mutex_enter(&dfnp->fn_lock);
1067 		if (dfnp->fn_flags & MF_MOUNTPOINT) {
1068 			AUTOFS_DPRINT((10, "autofs: clearing mountpoint "
1069 			    "flag on %s.", dfnp->fn_name));
1070 			ASSERT(dfnp->fn_dirents == NULL);
1071 			ASSERT(dfnp->fn_trigger == NULL);
1072 		}
1073 		dfnp->fn_flags &= ~MF_MOUNTPOINT;
1074 		mutex_exit(&dfnp->fn_lock);
1075 	}
1076 
1077 	for (p = alp; p != NULL; p = p->next) {
1078 
1079 		vfs_t *vfsp;	/* dummy argument */
1080 		vfs_t *mvfsp;
1081 
1082 		auto_mount = 0;
1083 
1084 		m = &p->action.action_list_entry_u.mounta;
1085 		argsp = (struct autofs_args *)m->dataptr;
1086 		ASSERT(strcmp(m->fstype, "autofs") == 0);
1087 		/*
1088 		 * use the parent directory's timeout since it's the
1089 		 * one specified/inherited by automount.
1090 		 */
1091 		argsp->mount_to = dfnip->fi_mount_to;
1092 		/*
1093 		 * The mountpoint is relative, and it is guaranteed to
1094 		 * begin with "."
1095 		 *
1096 		 */
1097 		ASSERT(m->dir[0] == '.');
1098 		if (m->dir[0] == '.' && m->dir[1] == '\0') {
1099 			/*
1100 			 * mounting on the trigger node
1101 			 */
1102 			mvp = dvp;
1103 			VN_HOLD(mvp);
1104 			goto mount;
1105 		}
1106 		/*
1107 		 * ignore "./" in front of mountpoint
1108 		 */
1109 		ASSERT(m->dir[1] == '/');
1110 		mntpnt = m->dir + 2;
1111 
1112 		AUTOFS_DPRINT((10, "\tdfnip->fi_path=%s\n", dfnip->fi_path));
1113 		AUTOFS_DPRINT((10, "\tdfnip->fi_flags=%x\n", dfnip->fi_flags));
1114 		AUTOFS_DPRINT((10, "\tmntpnt=%s\n", mntpnt));
1115 
1116 		if (dfnip->fi_flags & MF_DIRECT) {
1117 			AUTOFS_DPRINT((10, "\tDIRECT\n"));
1118 			(void) sprintf(buff, "%s/%s", dfnip->fi_path, mntpnt);
1119 		} else {
1120 			AUTOFS_DPRINT((10, "\tINDIRECT\n"));
1121 			(void) sprintf(buff, "%s/%s/%s",
1122 			    dfnip->fi_path, dfnp->fn_name, mntpnt);
1123 		}
1124 
1125 		if (vn_mountedvfs(dvp) == NULL) {
1126 			/*
1127 			 * Daemon didn't mount anything on the root
1128 			 * We have to create the mountpoint if it
1129 			 * doesn't exist already
1130 			 *
1131 			 * We use the caller's credentials in case a
1132 			 * UID-match is required
1133 			 * (MF_THISUID_MATCH_RQD).
1134 			 */
1135 			rw_enter(&dfnp->fn_rwlock, RW_WRITER);
1136 			error = auto_search(dfnp, mntpnt, &mfnp, cred);
1137 			if (error == 0) {
1138 				/*
1139 				 * AUTOFS mountpoint exists
1140 				 */
1141 				if (vn_mountedvfs(fntovn(mfnp)) != NULL) {
1142 					cmn_err(CE_PANIC,
1143 					    "auto_perform_actions:"
1144 					    " mfnp=%p covered", (void *)mfnp);
1145 				}
1146 			} else {
1147 				/*
1148 				 * Create AUTOFS mountpoint
1149 				 */
1150 				ASSERT((dfnp->fn_flags & MF_MOUNTPOINT) == 0);
1151 				error = auto_enter(dfnp, mntpnt, &mfnp, cred);
1152 				ASSERT(mfnp->fn_linkcnt == 1);
1153 				mfnp->fn_linkcnt++;
1154 			}
1155 			if (!error)
1156 				update_times = 1;
1157 			rw_exit(&dfnp->fn_rwlock);
1158 			ASSERT(error != EEXIST);
1159 			if (!error) {
1160 				/*
1161 				 * mfnp is already held.
1162 				 */
1163 				mvp = fntovn(mfnp);
1164 			} else {
1165 				auto_log(fngp->fng_verbose, fngp->fng_zoneid,
1166 				    CE_WARN, "autofs: mount of %s "
1167 				    "failed - can't create"
1168 				    " mountpoint.", buff);
1169 				continue;
1170 			}
1171 		} else {
1172 			/*
1173 			 * Find mountpoint in VFS mounted here. If not
1174 			 * found, fail the submount, though the overall
1175 			 * mount has succeeded since the root is
1176 			 * mounted.
1177 			 */
1178 			if (error = auto_getmntpnt(dvp, mntpnt, &mvp, kcred)) {
1179 				auto_log(fngp->fng_verbose, fngp->fng_zoneid,
1180 				    CE_WARN, "autofs: mount of %s "
1181 				    "failed - mountpoint doesn't"
1182 				    " exist.", buff);
1183 				continue;
1184 			}
1185 			if (mvp->v_type == VLNK) {
1186 				auto_log(fngp->fng_verbose, fngp->fng_zoneid,
1187 				    CE_WARN, "autofs: %s symbolic "
1188 				    "link: not a valid mountpoint "
1189 				    "- mount failed", buff);
1190 				VN_RELE(mvp);
1191 				error = ENOENT;
1192 				continue;
1193 			}
1194 		}
1195 mount:
1196 		m->flags |= MS_SYSSPACE | MS_OPTIONSTR;
1197 
1198 		/*
1199 		 * Copy mounta struct here so we can substitute a
1200 		 * buffer that is large enough to hold the returned
1201 		 * option string, if that string is longer than the
1202 		 * input option string.
1203 		 * This can happen if there are default options enabled
1204 		 * that were not in the input option string.
1205 		 */
1206 		bcopy(m, &margs, sizeof (*m));
1207 		margs.optptr = kmem_alloc(MAX_MNTOPT_STR, KM_SLEEP);
1208 		margs.optlen = MAX_MNTOPT_STR;
1209 		(void) strcpy(margs.optptr, m->optptr);
1210 		margs.dir = argsp->path;
1211 
1212 		/*
1213 		 * We use the zone's kcred because we don't want the
1214 		 * zone to be able to thus do something it wouldn't
1215 		 * normally be able to.
1216 		 */
1217 		error = domount(NULL, &margs, mvp, zcred, &vfsp);
1218 		kmem_free(margs.optptr, MAX_MNTOPT_STR);
1219 		if (error != 0) {
1220 			auto_log(fngp->fng_verbose, fngp->fng_zoneid,
1221 			    CE_WARN, "autofs: domount of %s failed "
1222 			    "error=%d", buff, error);
1223 			VN_RELE(mvp);
1224 			continue;
1225 		}
1226 		VFS_RELE(vfsp);
1227 
1228 		/*
1229 		 * If mountpoint is an AUTOFS node, then I'm going to
1230 		 * flag it that the Filesystem mounted on top was
1231 		 * mounted in the kernel so that the unmount can be
1232 		 * done inside the kernel as well.
1233 		 * I don't care to flag non-AUTOFS mountpoints when an
1234 		 * AUTOFS in-kernel mount was done on top, because the
1235 		 * unmount routine already knows that such case was
1236 		 * done in the kernel.
1237 		 */
1238 		if (vfs_matchops(dvp->v_vfsp, vfs_getops(mvp->v_vfsp))) {
1239 			mfnp = vntofn(mvp);
1240 			mutex_enter(&mfnp->fn_lock);
1241 			mfnp->fn_flags |= MF_IK_MOUNT;
1242 			mutex_exit(&mfnp->fn_lock);
1243 		}
1244 
1245 		(void) vn_vfswlock_wait(mvp);
1246 		mvfsp = vn_mountedvfs(mvp);
1247 		if (mvfsp != NULL) {
1248 			vfs_lock_wait(mvfsp);
1249 			vn_vfsunlock(mvp);
1250 			error = VFS_ROOT(mvfsp, &newvp);
1251 			vfs_unlock(mvfsp);
1252 			if (error) {
1253 				/*
1254 				 * We've dropped the locks, so let's
1255 				 * get the mounted vfs again in case
1256 				 * it changed.
1257 				 */
1258 				(void) vn_vfswlock_wait(mvp);
1259 				mvfsp = vn_mountedvfs(mvp);
1260 				if (mvfsp != NULL) {
1261 					error = dounmount(mvfsp, 0, CRED());
1262 					if (error) {
1263 						cmn_err(CE_WARN,
1264 						    "autofs: could not unmount"
1265 						    " vfs=%p", (void *)mvfsp);
1266 					}
1267 				} else
1268 					vn_vfsunlock(mvp);
1269 				VN_RELE(mvp);
1270 				continue;
1271 			}
1272 		} else {
1273 			vn_vfsunlock(mvp);
1274 			VN_RELE(mvp);
1275 			continue;
1276 		}
1277 
1278 		auto_mount = vfs_matchops(dvp->v_vfsp,
1279 		    vfs_getops(newvp->v_vfsp));
1280 		newfnp = vntofn(newvp);
1281 		newfnp->fn_parent = dfnp;
1282 
1283 		/*
1284 		 * At this time we want to save the AUTOFS filesystem
1285 		 * as a trigger node. (We only do this if the mount
1286 		 * occurred on a node different from the root.
1287 		 * We look at the trigger nodes during
1288 		 * the automatic unmounting to make sure we remove them
1289 		 * as a unit and remount them as a unit if the
1290 		 * filesystem mounted at the root could not be
1291 		 * unmounted.
1292 		 */
1293 		if (auto_mount && (error == 0) && (mvp != dvp)) {
1294 			save_triggers++;
1295 			/*
1296 			 * Add AUTOFS mount to hierarchy
1297 			 */
1298 			newfnp->fn_flags |= MF_TRIGGER;
1299 			rw_enter(&newfnp->fn_rwlock, RW_WRITER);
1300 			newfnp->fn_next = dfnp->fn_trigger;
1301 			rw_exit(&newfnp->fn_rwlock);
1302 			rw_enter(&dfnp->fn_rwlock, RW_WRITER);
1303 			dfnp->fn_trigger = newfnp;
1304 			rw_exit(&dfnp->fn_rwlock);
1305 			/*
1306 			 * Don't VN_RELE(newvp) here since dfnp now
1307 			 * holds reference to it as its trigger node.
1308 			 */
1309 			AUTOFS_DPRINT((10, "\tadding trigger %s to %s\n",
1310 			    newfnp->fn_name, dfnp->fn_name));
1311 			AUTOFS_DPRINT((10, "\tfirst trigger is %s\n",
1312 			    dfnp->fn_trigger->fn_name));
1313 			if (newfnp->fn_next != NULL)
1314 				AUTOFS_DPRINT((10, "\tnext trigger is %s\n",
1315 				    newfnp->fn_next->fn_name));
1316 			else
1317 				AUTOFS_DPRINT((10, "\tno next trigger\n"));
1318 		} else
1319 			VN_RELE(newvp);
1320 
1321 		if (!error)
1322 			success++;
1323 
1324 		if (update_times) {
1325 			gethrestime(&now);
1326 			dfnp->fn_atime = dfnp->fn_mtime = now;
1327 		}
1328 
1329 		VN_RELE(mvp);
1330 	}
1331 
1332 	if (save_triggers) {
1333 		/*
1334 		 * Make sure the parent can't be freed while it has triggers.
1335 		 */
1336 		VN_HOLD(dvp);
1337 	}
1338 
1339 	crfree(zcred);
1340 
1341 done:
1342 	/*
1343 	 * Return failure if daemon didn't mount anything, and all
1344 	 * kernel mounts attempted failed.
1345 	 */
1346 	error = success ? 0 : ENOENT;
1347 
1348 	if (alp != NULL) {
1349 		if ((error == 0) && save_triggers) {
1350 			/*
1351 			 * Save action_list information, so that we can use it
1352 			 * when it comes time to remount the trigger nodes
1353 			 * The action list is freed when the directory node
1354 			 * containing the reference to it is unmounted in
1355 			 * unmount_tree().
1356 			 */
1357 			mutex_enter(&dfnp->fn_lock);
1358 			ASSERT(dfnp->fn_alp == NULL);
1359 			dfnp->fn_alp = alp;
1360 			mutex_exit(&dfnp->fn_lock);
1361 		} else {
1362 			/*
1363 			 * free the action list now,
1364 			 */
1365 			xdr_free(xdr_action_list, (char *)alp);
1366 		}
1367 	}
1368 	AUTOFS_DPRINT((5, "auto_perform_actions: error=%d\n", error));
1369 	return (error);
1370 }
1371 
1372 fnnode_t *
1373 auto_makefnnode(
1374 	vtype_t type,
1375 	vfs_t *vfsp,
1376 	char *name,
1377 	cred_t *cred,
1378 	struct autofs_globals *fngp)
1379 {
1380 	fnnode_t *fnp;
1381 	vnode_t *vp;
1382 	char *tmpname;
1383 	timestruc_t now;
1384 	/*
1385 	 * autofs uses odd inode numbers
1386 	 * automountd uses even inode numbers
1387 	 *
1388 	 * To preserve the age-old semantics that inum+devid is unique across
1389 	 * the system, this variable must be global across zones.
1390 	 */
1391 	static ino_t nodeid = 3;
1392 
1393 	fnp = kmem_zalloc(sizeof (*fnp), KM_SLEEP);
1394 	fnp->fn_vnode = vn_alloc(KM_SLEEP);
1395 
1396 	vp = fntovn(fnp);
1397 	tmpname = kmem_alloc(strlen(name) + 1, KM_SLEEP);
1398 	(void) strcpy(tmpname, name);
1399 	fnp->fn_name = &tmpname[0];
1400 	fnp->fn_namelen = (int)strlen(tmpname) + 1;	/* include '\0' */
1401 	fnp->fn_uid = crgetuid(cred);
1402 	fnp->fn_gid = crgetgid(cred);
1403 	/*
1404 	 * ".." is added in auto_enter and auto_mount.
1405 	 * "." is added in auto_mkdir and auto_mount.
1406 	 */
1407 	/*
1408 	 * Note that fn_size and fn_linkcnt are already 0 since
1409 	 * we used kmem_zalloc to allocated fnp
1410 	 */
1411 	fnp->fn_mode = AUTOFS_MODE;
1412 	gethrestime(&now);
1413 	fnp->fn_atime = fnp->fn_mtime = fnp->fn_ctime = now;
1414 	fnp->fn_ref_time = now.tv_sec;
1415 	mutex_enter(&autofs_nodeid_lock);
1416 	fnp->fn_nodeid = nodeid;
1417 	nodeid += 2;
1418 	fnp->fn_globals = fngp;
1419 	fngp->fng_fnnode_count++;
1420 	mutex_exit(&autofs_nodeid_lock);
1421 	vn_setops(vp, auto_vnodeops);
1422 	vp->v_type = type;
1423 	vp->v_data = (void *)fnp;
1424 	vp->v_vfsp = vfsp;
1425 	mutex_init(&fnp->fn_lock, NULL, MUTEX_DEFAULT, NULL);
1426 	rw_init(&fnp->fn_rwlock, NULL, RW_DEFAULT, NULL);
1427 	cv_init(&fnp->fn_cv_mount, NULL, CV_DEFAULT, NULL);
1428 	vn_exists(vp);
1429 	return (fnp);
1430 }
1431 
1432 
1433 void
1434 auto_freefnnode(fnnode_t *fnp)
1435 {
1436 	vnode_t *vp = fntovn(fnp);
1437 
1438 	AUTOFS_DPRINT((4, "auto_freefnnode: fnp=%p\n", (void *)fnp));
1439 
1440 	ASSERT(fnp->fn_linkcnt == 0);
1441 	ASSERT(vp->v_count == 0);
1442 	ASSERT(fnp->fn_dirents == NULL);
1443 	ASSERT(fnp->fn_parent == NULL);
1444 
1445 	vn_invalid(vp);
1446 	kmem_free(fnp->fn_name, fnp->fn_namelen);
1447 	if (fnp->fn_symlink) {
1448 		ASSERT(fnp->fn_flags & MF_THISUID_MATCH_RQD);
1449 		kmem_free(fnp->fn_symlink, fnp->fn_symlinklen);
1450 	}
1451 	if (fnp->fn_cred)
1452 		crfree(fnp->fn_cred);
1453 	mutex_destroy(&fnp->fn_lock);
1454 	rw_destroy(&fnp->fn_rwlock);
1455 	cv_destroy(&fnp->fn_cv_mount);
1456 	vn_free(vp);
1457 
1458 	mutex_enter(&autofs_nodeid_lock);
1459 	fnp->fn_globals->fng_fnnode_count--;
1460 	mutex_exit(&autofs_nodeid_lock);
1461 	kmem_free(fnp, sizeof (*fnp));
1462 }
1463 
1464 void
1465 auto_disconnect(
1466 	fnnode_t *dfnp,
1467 	fnnode_t *fnp)
1468 {
1469 	fnnode_t *tmp, **fnpp;
1470 	vnode_t *vp = fntovn(fnp);
1471 	timestruc_t now;
1472 
1473 	AUTOFS_DPRINT((4,
1474 	    "auto_disconnect: dfnp=%p fnp=%p linkcnt=%d\n v_count=%d",
1475 	    (void *)dfnp, (void *)fnp, fnp->fn_linkcnt, vp->v_count));
1476 
1477 	ASSERT(RW_WRITE_HELD(&dfnp->fn_rwlock));
1478 	ASSERT(fnp->fn_linkcnt == 1);
1479 
1480 	if (vn_mountedvfs(vp) != NULL) {
1481 		cmn_err(CE_PANIC, "auto_disconnect: vp %p mounted on",
1482 		    (void *)vp);
1483 	}
1484 
1485 	/*
1486 	 * Decrement by 1 because we're removing the entry in dfnp.
1487 	 */
1488 	fnp->fn_linkcnt--;
1489 	fnp->fn_size--;
1490 
1491 	/*
1492 	 * only changed while holding parent's (dfnp) rw_lock
1493 	 */
1494 	fnp->fn_parent = NULL;
1495 
1496 	fnpp = &dfnp->fn_dirents;
1497 	for (;;) {
1498 		tmp = *fnpp;
1499 		if (tmp == NULL) {
1500 			cmn_err(CE_PANIC,
1501 			    "auto_disconnect: %p not in %p dirent list",
1502 			    (void *)fnp, (void *)dfnp);
1503 		}
1504 		if (tmp == fnp) {
1505 			*fnpp = tmp->fn_next; 	/* remove it from the list */
1506 			ASSERT(vp->v_count == 0);
1507 			/* child had a pointer to parent ".." */
1508 			dfnp->fn_linkcnt--;
1509 			dfnp->fn_size--;
1510 			break;
1511 		}
1512 		fnpp = &tmp->fn_next;
1513 	}
1514 
1515 	mutex_enter(&fnp->fn_lock);
1516 	gethrestime(&now);
1517 	fnp->fn_atime = fnp->fn_mtime = now;
1518 	mutex_exit(&fnp->fn_lock);
1519 
1520 	AUTOFS_DPRINT((5, "auto_disconnect: done\n"));
1521 }
1522 
1523 int
1524 auto_enter(fnnode_t *dfnp, char *name, fnnode_t **fnpp, cred_t *cred)
1525 {
1526 	struct fnnode *cfnp, **spp;
1527 	vnode_t *dvp = fntovn(dfnp);
1528 	ushort_t offset = 0;
1529 	ushort_t diff;
1530 
1531 	AUTOFS_DPRINT((4, "auto_enter: dfnp=%p, name=%s ", (void *)dfnp, name));
1532 
1533 	ASSERT(RW_WRITE_HELD(&dfnp->fn_rwlock));
1534 
1535 	cfnp = dfnp->fn_dirents;
1536 	if (cfnp == NULL) {
1537 		/*
1538 		 * offset = 0 for '.' and offset = 1 for '..'
1539 		 */
1540 		spp = &dfnp->fn_dirents;
1541 		offset = 2;
1542 	}
1543 
1544 	for (; cfnp; cfnp = cfnp->fn_next) {
1545 		if (strcmp(cfnp->fn_name, name) == 0) {
1546 			mutex_enter(&cfnp->fn_lock);
1547 			if (cfnp->fn_flags & MF_THISUID_MATCH_RQD) {
1548 				/*
1549 				 * "thisuser" kind of node, need to
1550 				 * match CREDs as well
1551 				 */
1552 				mutex_exit(&cfnp->fn_lock);
1553 				if (crcmp(cfnp->fn_cred, cred) == 0)
1554 					return (EEXIST);
1555 			} else {
1556 				mutex_exit(&cfnp->fn_lock);
1557 				return (EEXIST);
1558 			}
1559 		}
1560 
1561 		if (cfnp->fn_next != NULL) {
1562 			diff = (ushort_t)
1563 			    (cfnp->fn_next->fn_offset - cfnp->fn_offset);
1564 			ASSERT(diff != 0);
1565 			if (diff > 1 && offset == 0) {
1566 				offset = (ushort_t)cfnp->fn_offset + 1;
1567 				spp = &cfnp->fn_next;
1568 			}
1569 		} else if (offset == 0) {
1570 			offset = (ushort_t)cfnp->fn_offset + 1;
1571 			spp = &cfnp->fn_next;
1572 		}
1573 	}
1574 
1575 	*fnpp = auto_makefnnode(VDIR, dvp->v_vfsp, name, cred,
1576 	    dfnp->fn_globals);
1577 	if (*fnpp == NULL)
1578 		return (ENOMEM);
1579 
1580 	/*
1581 	 * I don't hold the mutex on fnpp because I created it, and
1582 	 * I'm already holding the writers lock for it's parent
1583 	 * directory, therefore nobody can reference it without me first
1584 	 * releasing the writers lock.
1585 	 */
1586 	(*fnpp)->fn_offset = offset;
1587 	(*fnpp)->fn_next = *spp;
1588 	*spp = *fnpp;
1589 	(*fnpp)->fn_parent = dfnp;
1590 	(*fnpp)->fn_linkcnt++;	/* parent now holds reference to entry */
1591 	(*fnpp)->fn_size++;
1592 
1593 	/*
1594 	 * dfnp->fn_linkcnt and dfnp->fn_size protected by dfnp->rw_lock
1595 	 */
1596 	dfnp->fn_linkcnt++;	/* child now holds reference to parent '..' */
1597 	dfnp->fn_size++;
1598 
1599 	dfnp->fn_ref_time = gethrestime_sec();
1600 
1601 	AUTOFS_DPRINT((5, "*fnpp=%p\n", (void *)*fnpp));
1602 	return (0);
1603 }
1604 
1605 int
1606 auto_search(fnnode_t *dfnp, char *name, fnnode_t **fnpp, cred_t *cred)
1607 {
1608 	vnode_t *dvp;
1609 	fnnode_t *p;
1610 	int error = ENOENT, match = 0;
1611 
1612 	AUTOFS_DPRINT((4, "auto_search: dfnp=%p, name=%s...\n",
1613 	    (void *)dfnp, name));
1614 
1615 	dvp = fntovn(dfnp);
1616 	if (dvp->v_type != VDIR) {
1617 		cmn_err(CE_PANIC, "auto_search: dvp=%p not a directory",
1618 		    (void *)dvp);
1619 	}
1620 
1621 	ASSERT(RW_LOCK_HELD(&dfnp->fn_rwlock));
1622 	for (p = dfnp->fn_dirents; p != NULL; p = p->fn_next) {
1623 		if (strcmp(p->fn_name, name) == 0) {
1624 			mutex_enter(&p->fn_lock);
1625 			if (p->fn_flags & MF_THISUID_MATCH_RQD) {
1626 				/*
1627 				 * "thisuser" kind of node
1628 				 * Need to match CREDs as well
1629 				 */
1630 				mutex_exit(&p->fn_lock);
1631 				match = crcmp(p->fn_cred, cred) == 0;
1632 			} else {
1633 				/*
1634 				 * No need to check CRED
1635 				 */
1636 				mutex_exit(&p->fn_lock);
1637 				match = 1;
1638 			}
1639 		}
1640 		if (match) {
1641 			error = 0;
1642 			if (fnpp) {
1643 				*fnpp = p;
1644 				VN_HOLD(fntovn(*fnpp));
1645 			}
1646 			break;
1647 		}
1648 	}
1649 
1650 	AUTOFS_DPRINT((5, "auto_search: error=%d\n", error));
1651 	return (error);
1652 }
1653 
1654 /*
1655  * If dvp is mounted on, get path's vnode in the mounted on
1656  * filesystem.  Path is relative to dvp, ie "./path".
1657  * If successful, *mvp points to a the held mountpoint vnode.
1658  */
1659 /* ARGSUSED */
1660 static int
1661 auto_getmntpnt(
1662 	vnode_t *dvp,
1663 	char *path,
1664 	vnode_t **mvpp,		/* vnode for mountpoint */
1665 	cred_t *cred)
1666 {
1667 	int error = 0;
1668 	vnode_t *newvp;
1669 	char namebuf[TYPICALMAXPATHLEN];
1670 	struct pathname lookpn;
1671 	vfs_t *vfsp;
1672 
1673 	AUTOFS_DPRINT((4, "auto_getmntpnt: path=%s\n", path));
1674 
1675 	if (error = vn_vfsrlock_wait(dvp))
1676 		return (error);
1677 
1678 	/*
1679 	 * Now that we have the vfswlock, check to see if dvp
1680 	 * is still mounted on.  If not, then just bail out as
1681 	 * there is no need to remount the triggers since the
1682 	 * higher level mount point has gotten unmounted.
1683 	 */
1684 	vfsp = vn_mountedvfs(dvp);
1685 	if (vfsp == NULL) {
1686 		vn_vfsunlock(dvp);
1687 		error = EBUSY;
1688 		goto done;
1689 	}
1690 	/*
1691 	 * Since mounted on, lookup "path" in the new filesystem,
1692 	 * it is important that we do the filesystem jump here to
1693 	 * avoid lookuppn() calling auto_lookup on dvp and deadlock.
1694 	 */
1695 	error = VFS_ROOT(vfsp, &newvp);
1696 	vn_vfsunlock(dvp);
1697 	if (error)
1698 		goto done;
1699 
1700 	/*
1701 	 * We do a VN_HOLD on newvp just in case the first call to
1702 	 * lookuppnvp() fails with ENAMETOOLONG.  We should still have a
1703 	 * reference to this vnode for the second call to lookuppnvp().
1704 	 */
1705 	VN_HOLD(newvp);
1706 
1707 	/*
1708 	 * Now create the pathname struct so we can make use of lookuppnvp,
1709 	 * and pn_getcomponent.
1710 	 * This code is similar to lookupname() in fs/lookup.c.
1711 	 */
1712 	error = pn_get_buf(path, UIO_SYSSPACE, &lookpn,
1713 	    namebuf, sizeof (namebuf));
1714 	if (error == 0) {
1715 		error = lookuppnvp(&lookpn, NULL, NO_FOLLOW, NULLVPP,
1716 		    mvpp, rootdir, newvp, cred);
1717 	} else
1718 		VN_RELE(newvp);
1719 	if (error == ENAMETOOLONG) {
1720 		/*
1721 		 * This thread used a pathname > TYPICALMAXPATHLEN bytes long.
1722 		 * newvp is VN_RELE'd by this call to lookuppnvp.
1723 		 *
1724 		 * Using 'rootdir' in a zone's context is OK here: we already
1725 		 * ascertained that there are no '..'s in the path, and we're
1726 		 * not following symlinks.
1727 		 */
1728 		if ((error = pn_get(path, UIO_SYSSPACE, &lookpn)) == 0) {
1729 			error = lookuppnvp(&lookpn, NULL, NO_FOLLOW, NULLVPP,
1730 			    mvpp, rootdir, newvp, cred);
1731 			pn_free(&lookpn);
1732 		} else
1733 			VN_RELE(newvp);
1734 	} else {
1735 		/*
1736 		 * Need to release newvp here since we held it.
1737 		 */
1738 		VN_RELE(newvp);
1739 	}
1740 
1741 done:
1742 	AUTOFS_DPRINT((5, "auto_getmntpnt: path=%s *mvpp=%p error=%d\n",
1743 	    path, (void *)*mvpp, error));
1744 	return (error);
1745 }
1746 
1747 #define	DEEPER(x) (((x)->fn_dirents != NULL) || \
1748 			(vn_mountedvfs(fntovn((x)))) != NULL)
1749 
1750 /*
1751  * The caller, should have already VN_RELE'd its reference to the
1752  * root vnode of this filesystem.
1753  */
1754 static int
1755 auto_inkernel_unmount(vfs_t *vfsp)
1756 {
1757 	vnode_t *cvp = vfsp->vfs_vnodecovered;
1758 	int error;
1759 
1760 	AUTOFS_DPRINT((4,
1761 	    "auto_inkernel_unmount: devid=%lx mntpnt(%p) count %u\n",
1762 	    vfsp->vfs_dev, (void *)cvp, cvp->v_count));
1763 
1764 	ASSERT(vn_vfswlock_held(cvp));
1765 
1766 	/*
1767 	 * Perform the unmount
1768 	 * The mountpoint has already been locked by the caller.
1769 	 */
1770 	error = dounmount(vfsp, 0, kcred);
1771 
1772 	AUTOFS_DPRINT((5, "auto_inkernel_unmount: exit count %u\n",
1773 	    cvp->v_count));
1774 	return (error);
1775 }
1776 
1777 /*
1778  * unmounts trigger nodes in the kernel.
1779  */
1780 static void
1781 unmount_triggers(fnnode_t *fnp, action_list **alp)
1782 {
1783 	fnnode_t *tp, *next;
1784 	int error = 0;
1785 	vfs_t *vfsp;
1786 	vnode_t *tvp;
1787 
1788 	AUTOFS_DPRINT((4, "unmount_triggers: fnp=%p\n", (void *)fnp));
1789 	ASSERT(RW_WRITE_HELD(&fnp->fn_rwlock));
1790 
1791 	*alp = fnp->fn_alp;
1792 	next = fnp->fn_trigger;
1793 	while ((tp = next) != NULL) {
1794 		tvp = fntovn(tp);
1795 		ASSERT(tvp->v_count >= 2);
1796 		next = tp->fn_next;
1797 		/*
1798 		 * drop writer's lock since the unmount will end up
1799 		 * disconnecting this node from fnp and needs to acquire
1800 		 * the writer's lock again.
1801 		 * next has at least a reference count >= 2 since it's
1802 		 * a trigger node, therefore can not be accidentally freed
1803 		 * by a VN_RELE
1804 		 */
1805 		rw_exit(&fnp->fn_rwlock);
1806 
1807 		vfsp = tvp->v_vfsp;
1808 
1809 		/*
1810 		 * Its parent was holding a reference to it, since this
1811 		 * is a trigger vnode.
1812 		 */
1813 		VN_RELE(tvp);
1814 		if (error = auto_inkernel_unmount(vfsp)) {
1815 			cmn_err(CE_PANIC, "unmount_triggers: "
1816 			    "unmount of vp=%p failed error=%d",
1817 			    (void *)tvp, error);
1818 		}
1819 		/*
1820 		 * reacquire writer's lock
1821 		 */
1822 		rw_enter(&fnp->fn_rwlock, RW_WRITER);
1823 	}
1824 
1825 	/*
1826 	 * We were holding a reference to our parent.  Drop that.
1827 	 */
1828 	VN_RELE(fntovn(fnp));
1829 	fnp->fn_trigger = NULL;
1830 	fnp->fn_alp = NULL;
1831 
1832 	AUTOFS_DPRINT((5, "unmount_triggers: finished\n"));
1833 }
1834 
1835 /*
1836  * This routine locks the mountpoint of every trigger node if they're
1837  * not busy, or returns EBUSY if any node is busy. If a trigger node should
1838  * be unmounted first, then it sets nfnp to point to it, otherwise nfnp
1839  * points to NULL.
1840  */
1841 static int
1842 triggers_busy(fnnode_t *fnp, fnnode_t **nfnp)
1843 {
1844 	int error = 0, done;
1845 	int lck_error = 0;
1846 	fnnode_t *tp, *t1p;
1847 	vfs_t *vfsp;
1848 
1849 	ASSERT(RW_WRITE_HELD(&fnp->fn_rwlock));
1850 
1851 	*nfnp = NULL;
1852 	for (tp = fnp->fn_trigger; tp != NULL; tp = tp->fn_next) {
1853 		AUTOFS_DPRINT((10, "\ttrigger: %s\n", tp->fn_name));
1854 		vfsp = fntovn(tp)->v_vfsp;
1855 		error = 0;
1856 		/*
1857 		 * The vn_vfsunlock will be done in auto_inkernel_unmount.
1858 		 */
1859 		lck_error = vn_vfswlock(vfsp->vfs_vnodecovered);
1860 		if (lck_error == 0) {
1861 			mutex_enter(&tp->fn_lock);
1862 			ASSERT((tp->fn_flags & MF_LOOKUP) == 0);
1863 			if (tp->fn_flags & MF_INPROG) {
1864 				/*
1865 				 * a mount is in progress
1866 				 */
1867 				error = EBUSY;
1868 			}
1869 			mutex_exit(&tp->fn_lock);
1870 		}
1871 		if (lck_error || error || DEEPER(tp) ||
1872 		    ((fntovn(tp))->v_count) > 2) {
1873 			/*
1874 			 * couldn't lock it because it's busy,
1875 			 * It is mounted on or has dirents?
1876 			 * If reference count is greater than two, then
1877 			 * somebody else is holding a reference to this vnode.
1878 			 * One reference is for the mountpoint, and the second
1879 			 * is for the trigger node.
1880 			 */
1881 			AUTOFS_DPRINT((10, "\ttrigger busy\n"));
1882 			if ((lck_error == 0) && (error == 0)) {
1883 				*nfnp = tp;
1884 				/*
1885 				 * The matching VN_RELE is done in
1886 				 * unmount_tree().
1887 				 */
1888 				VN_HOLD(fntovn(*nfnp));
1889 			}
1890 			/*
1891 			 * Unlock previously locked mountpoints
1892 			 */
1893 			for (done = 0, t1p = fnp->fn_trigger; !done;
1894 			    t1p = t1p->fn_next) {
1895 				/*
1896 				 * Unlock all nodes previously
1897 				 * locked. All nodes up to 'tp'
1898 				 * were successfully locked. If 'lck_err' is
1899 				 * set, then 'tp' was not locked, and thus
1900 				 * should not be unlocked. If
1901 				 * 'lck_err' is not set, then 'tp' was
1902 				 * successfully locked, and it should
1903 				 * be unlocked.
1904 				 */
1905 				if (t1p != tp || !lck_error) {
1906 					vfsp = fntovn(t1p)->v_vfsp;
1907 					vn_vfsunlock(vfsp->vfs_vnodecovered);
1908 				}
1909 				done = (t1p == tp);
1910 			}
1911 			error = EBUSY;
1912 			break;
1913 		}
1914 	}
1915 
1916 	AUTOFS_DPRINT((4, "triggers_busy: error=%d\n", error));
1917 	return (error);
1918 }
1919 
1920 /*
1921  * Unlock previously locked trigger nodes.
1922  */
1923 static int
1924 triggers_unlock(fnnode_t *fnp)
1925 {
1926 	fnnode_t *tp;
1927 	vfs_t *vfsp;
1928 
1929 	ASSERT(RW_WRITE_HELD(&fnp->fn_rwlock));
1930 
1931 	for (tp = fnp->fn_trigger; tp != NULL; tp = tp->fn_next) {
1932 		AUTOFS_DPRINT((10, "\tunlock trigger: %s\n", tp->fn_name));
1933 		vfsp = fntovn(tp)->v_vfsp;
1934 		vn_vfsunlock(vfsp->vfs_vnodecovered);
1935 	}
1936 
1937 	return (0);
1938 }
1939 
1940 /*
1941  * It is the caller's responsibility to grab the VVFSLOCK.
1942  * Releases the VVFSLOCK upon return.
1943  */
1944 static int
1945 unmount_node(vnode_t *cvp, int force)
1946 {
1947 	int error = 0;
1948 	fnnode_t *cfnp;
1949 	vfs_t *vfsp;
1950 	umntrequest ul;
1951 	fninfo_t *fnip;
1952 
1953 	AUTOFS_DPRINT((4, "\tunmount_node cvp=%p\n", (void *)cvp));
1954 
1955 	ASSERT(vn_vfswlock_held(cvp));
1956 	cfnp = vntofn(cvp);
1957 	vfsp = vn_mountedvfs(cvp);
1958 
1959 	if (force || cfnp->fn_flags & MF_IK_MOUNT) {
1960 		/*
1961 		 * Mount was performed in the kernel, so
1962 		 * do an in-kernel unmount. auto_inkernel_unmount()
1963 		 * will vn_vfsunlock(cvp).
1964 		 */
1965 		error = auto_inkernel_unmount(vfsp);
1966 	} else {
1967 		zone_t *zone = NULL;
1968 		refstr_t *mntpt, *resource;
1969 		size_t mntoptslen;
1970 
1971 		/*
1972 		 * Get the mnttab information of the node
1973 		 * and ask the daemon to unmount it.
1974 		 */
1975 		bzero(&ul, sizeof (ul));
1976 		mntfs_getmntopts(vfsp, &ul.mntopts, &mntoptslen);
1977 		if (ul.mntopts == NULL) {
1978 			auto_log(cfnp->fn_globals->fng_verbose,
1979 			    cfnp->fn_globals->fng_zoneid, CE_WARN,
1980 			    "unmount_node: no memory");
1981 			vn_vfsunlock(cvp);
1982 			error = ENOMEM;
1983 			goto done;
1984 		}
1985 		if (mntoptslen > AUTOFS_MAXOPTSLEN)
1986 			ul.mntopts[AUTOFS_MAXOPTSLEN - 1] = '\0';
1987 
1988 		mntpt = vfs_getmntpoint(vfsp);
1989 		ul.mntpnt = (char *)refstr_value(mntpt);
1990 		resource = vfs_getresource(vfsp);
1991 		ul.mntresource = (char *)refstr_value(resource);
1992 
1993 		fnip = vfstofni(cvp->v_vfsp);
1994 		ul.isdirect = fnip->fi_flags & MF_DIRECT ? TRUE : FALSE;
1995 
1996 		/*
1997 		 * Since a zone'd automountd's view of the autofs mount points
1998 		 * differs from those in the kernel, we need to make sure we
1999 		 * give it consistent mount points.
2000 		 */
2001 		ASSERT(fnip->fi_zoneid == getzoneid());
2002 		zone = curproc->p_zone;
2003 
2004 		if (fnip->fi_zoneid != GLOBAL_ZONEID) {
2005 			if (ZONE_PATH_VISIBLE(ul.mntpnt, zone)) {
2006 				ul.mntpnt =
2007 				    ZONE_PATH_TRANSLATE(ul.mntpnt, zone);
2008 			}
2009 			if (ZONE_PATH_VISIBLE(ul.mntresource, zone)) {
2010 				ul.mntresource =
2011 				    ZONE_PATH_TRANSLATE(ul.mntresource, zone);
2012 			}
2013 		}
2014 
2015 		ul.fstype = vfssw[vfsp->vfs_fstype].vsw_name;
2016 		vn_vfsunlock(cvp);
2017 
2018 		error = auto_send_unmount_request(fnip, &ul, FALSE);
2019 		kmem_free(ul.mntopts, mntoptslen);
2020 		refstr_rele(mntpt);
2021 		refstr_rele(resource);
2022 	}
2023 
2024 done:
2025 	AUTOFS_DPRINT((5, "\tunmount_node cvp=%p error=%d\n", (void *)cvp,
2026 	    error));
2027 	return (error);
2028 }
2029 
2030 /*
2031  * vp is the "root" of the AUTOFS filesystem.
2032  * return EBUSY if any thread is holding a reference to this vnode
2033  * other than us.
2034  */
2035 static int
2036 check_auto_node(vnode_t *vp)
2037 {
2038 	fnnode_t *fnp;
2039 	int error = 0;
2040 	/*
2041 	 * number of references to expect for
2042 	 * a non-busy vnode.
2043 	 */
2044 	uint_t count;
2045 
2046 	AUTOFS_DPRINT((4, "\tcheck_auto_node vp=%p ", (void *)vp));
2047 	fnp = vntofn(vp);
2048 	ASSERT(fnp->fn_flags & MF_INPROG);
2049 	ASSERT((fnp->fn_flags & MF_LOOKUP) == 0);
2050 
2051 	count = 1;		/* we are holding a reference to vp */
2052 	if (fnp->fn_flags & MF_TRIGGER) {
2053 		/*
2054 		 * parent holds a pointer to us (trigger)
2055 		 */
2056 		count++;
2057 	}
2058 	if (fnp->fn_trigger != NULL) {
2059 		/*
2060 		 * The trigger nodes have a hold on us.
2061 		 */
2062 		count++;
2063 	}
2064 	mutex_enter(&vp->v_lock);
2065 	if (vp->v_flag & VROOT)
2066 		count++;
2067 	ASSERT(vp->v_count > 0);
2068 	AUTOFS_DPRINT((10, "\tcount=%u ", vp->v_count));
2069 	if (vp->v_count > count)
2070 		error = EBUSY;
2071 	mutex_exit(&vp->v_lock);
2072 
2073 	AUTOFS_DPRINT((5, "\tcheck_auto_node error=%d ", error));
2074 	return (error);
2075 }
2076 
2077 /*
2078  * rootvp is the root of the AUTOFS filesystem.
2079  * If rootvp is busy (v_count > 1) returns EBUSY.
2080  * else removes every vnode under this tree.
2081  * ASSUMPTION: Assumes that the only node which can be busy is
2082  * the root vnode. This filesystem better be two levels deep only,
2083  * the root and its immediate subdirs.
2084  * The daemon will "AUTOFS direct-mount" only one level below the root.
2085  */
2086 static int
2087 unmount_autofs(vnode_t *rootvp)
2088 {
2089 	fnnode_t *fnp, *rootfnp, *nfnp;
2090 	int error;
2091 
2092 	AUTOFS_DPRINT((4, "\tunmount_autofs rootvp=%p ", (void *)rootvp));
2093 
2094 	error = check_auto_node(rootvp);
2095 	if (error == 0) {
2096 		/*
2097 		 * Remove all its immediate subdirectories.
2098 		 */
2099 		rootfnp = vntofn(rootvp);
2100 		rw_enter(&rootfnp->fn_rwlock, RW_WRITER);
2101 		nfnp = NULL;	/* lint clean */
2102 		for (fnp = rootfnp->fn_dirents; fnp != NULL; fnp = nfnp) {
2103 			ASSERT(fntovn(fnp)->v_count == 0);
2104 			ASSERT(fnp->fn_dirents == NULL);
2105 			ASSERT(fnp->fn_linkcnt == 2);
2106 			fnp->fn_linkcnt--;
2107 			auto_disconnect(rootfnp, fnp);
2108 			nfnp = fnp->fn_next;
2109 			auto_freefnnode(fnp);
2110 		}
2111 		rw_exit(&rootfnp->fn_rwlock);
2112 	}
2113 	AUTOFS_DPRINT((5, "\tunmount_autofs error=%d ", error));
2114 	return (error);
2115 }
2116 
2117 /*
2118  * max number of unmount threads running
2119  */
2120 static int autofs_unmount_threads = 5;
2121 
2122 /*
2123  * XXX unmount_tree() is not suspend-safe within the scope of
2124  * the present model defined for cpr to suspend the system. Calls made
2125  * by the unmount_tree() that have been identified to be unsafe are
2126  * (1) RPC client handle setup and client calls to automountd which can
2127  * block deep down in the RPC library, (2) kmem_alloc() calls with the
2128  * KM_SLEEP flag which can block if memory is low, and (3) VFS_*() and
2129  * VOP_*() calls which can result in over the wire calls to servers.
2130  * The thread should be completely reevaluated to make it suspend-safe in
2131  * case of future updates to the cpr model.
2132  */
2133 void
2134 unmount_tree(struct autofs_globals *fngp, int force)
2135 {
2136 	vnode_t *vp, *newvp;
2137 	vfs_t *vfsp;
2138 	fnnode_t *fnp, *nfnp, *pfnp;
2139 	action_list *alp;
2140 	int error, ilocked_it = 0;
2141 	fninfo_t *fnip;
2142 	time_t ref_time;
2143 	int autofs_busy_root, unmount_as_unit, unmount_done = 0;
2144 	timestruc_t now;
2145 
2146 	callb_cpr_t cprinfo;
2147 	kmutex_t unmount_tree_cpr_lock;
2148 
2149 	mutex_init(&unmount_tree_cpr_lock, NULL, MUTEX_DEFAULT, NULL);
2150 	CALLB_CPR_INIT(&cprinfo, &unmount_tree_cpr_lock, callb_generic_cpr,
2151 	    "unmount_tree");
2152 
2153 	/*
2154 	 * Got to release lock before attempting unmount in case
2155 	 * it hangs.
2156 	 */
2157 	rw_enter(&fngp->fng_rootfnnodep->fn_rwlock, RW_READER);
2158 	if ((fnp = fngp->fng_rootfnnodep->fn_dirents) == NULL) {
2159 		ASSERT(fngp->fng_fnnode_count == 1);
2160 		/*
2161 		 * no autofs mounted, done.
2162 		 */
2163 		rw_exit(&fngp->fng_rootfnnodep->fn_rwlock);
2164 		goto done;
2165 	}
2166 	VN_HOLD(fntovn(fnp));
2167 	rw_exit(&fngp->fng_rootfnnodep->fn_rwlock);
2168 
2169 	vp = fntovn(fnp);
2170 	fnip = vfstofni(vp->v_vfsp);
2171 	/*
2172 	 * autofssys() will be calling in from the global zone and doing
2173 	 * work on the behalf of the given zone, hence we can't always assert
2174 	 * that we have the right credentials, nor that the caller is always in
2175 	 * the correct zone.
2176 	 *
2177 	 * We do, however, know that if this is a "forced unmount" operation
2178 	 * (which autofssys() does), then we won't go down to the krpc layers,
2179 	 * so we don't need to fudge with the credentials.
2180 	 */
2181 	ASSERT(force || fnip->fi_zoneid == getzoneid());
2182 	if (!force && auto_null_request(fnip, FALSE) != 0) {
2183 		/*
2184 		 * automountd not running in this zone,
2185 		 * don't attempt unmounting this round.
2186 		 */
2187 		VN_RELE(vp);
2188 		goto done;
2189 	}
2190 	/* reference time for this unmount round */
2191 	ref_time = gethrestime_sec();
2192 	/*
2193 	 * If this an autofssys() call, we need to make sure we don't skip
2194 	 * nodes because we think we saw them recently.
2195 	 */
2196 	mutex_enter(&fnp->fn_lock);
2197 	if (force && fnp->fn_unmount_ref_time >= ref_time)
2198 		ref_time = fnp->fn_unmount_ref_time + 1;
2199 	mutex_exit(&fnp->fn_lock);
2200 
2201 	AUTOFS_DPRINT((4, "unmount_tree (ID=%ld)\n", ref_time));
2202 top:
2203 	AUTOFS_DPRINT((10, "unmount_tree: %s\n", fnp->fn_name));
2204 	ASSERT(fnp);
2205 	vp = fntovn(fnp);
2206 	if (vp->v_type == VLNK) {
2207 		/*
2208 		 * can't unmount symbolic links
2209 		 */
2210 		goto next;
2211 	}
2212 	fnip = vfstofni(vp->v_vfsp);
2213 	ASSERT(vp->v_count > 0);
2214 	error = 0;
2215 	autofs_busy_root = unmount_as_unit = 0;
2216 	alp = NULL;
2217 
2218 	ilocked_it = 0;
2219 	mutex_enter(&fnp->fn_lock);
2220 	if (fnp->fn_flags & (MF_INPROG | MF_LOOKUP)) {
2221 		/*
2222 		 * Either a mount, lookup or another unmount of this
2223 		 * subtree is in progress, don't attempt to unmount at
2224 		 * this time.
2225 		 */
2226 		mutex_exit(&fnp->fn_lock);
2227 		error = EBUSY;
2228 		goto next;
2229 	}
2230 	if (fnp->fn_unmount_ref_time >= ref_time) {
2231 		/*
2232 		 * Already been here, try next node.
2233 		 */
2234 		mutex_exit(&fnp->fn_lock);
2235 		error = EBUSY;
2236 		goto next;
2237 	}
2238 	fnp->fn_unmount_ref_time = ref_time;
2239 
2240 	/*
2241 	 * If forced operation ignore timeout values
2242 	 */
2243 	if (!force && fnp->fn_ref_time + fnip->fi_mount_to >
2244 	    gethrestime_sec()) {
2245 		/*
2246 		 * Node has been referenced recently, try the
2247 		 * unmount of its children if any.
2248 		 */
2249 		mutex_exit(&fnp->fn_lock);
2250 		AUTOFS_DPRINT((10, "fn_ref_time within range\n"));
2251 		rw_enter(&fnp->fn_rwlock, RW_READER);
2252 		if (fnp->fn_dirents) {
2253 			/*
2254 			 * Has subdirectory, attempt their
2255 			 * unmount first
2256 			 */
2257 			nfnp = fnp->fn_dirents;
2258 			VN_HOLD(fntovn(nfnp));
2259 			rw_exit(&fnp->fn_rwlock);
2260 
2261 			VN_RELE(vp);
2262 			fnp = nfnp;
2263 			goto top;
2264 		}
2265 		rw_exit(&fnp->fn_rwlock);
2266 		/*
2267 		 * No children, try next node.
2268 		 */
2269 		error = EBUSY;
2270 		goto next;
2271 	}
2272 
2273 	AUTOFS_BLOCK_OTHERS(fnp, MF_INPROG);
2274 	fnp->fn_error = 0;
2275 	mutex_exit(&fnp->fn_lock);
2276 	ilocked_it = 1;
2277 
2278 	rw_enter(&fnp->fn_rwlock, RW_WRITER);
2279 	if (fnp->fn_trigger != NULL) {
2280 		unmount_as_unit = 1;
2281 		if ((vn_mountedvfs(vp) == NULL) && (check_auto_node(vp))) {
2282 			/*
2283 			 * AUTOFS mountpoint is busy, there's
2284 			 * no point trying to unmount. Fall through
2285 			 * to attempt to unmount subtrees rooted
2286 			 * at a possible trigger node, but remember
2287 			 * not to unmount this tree.
2288 			 */
2289 			autofs_busy_root = 1;
2290 		}
2291 
2292 		if (triggers_busy(fnp, &nfnp)) {
2293 			rw_exit(&fnp->fn_rwlock);
2294 			if (nfnp == NULL) {
2295 				error = EBUSY;
2296 				goto next;
2297 			}
2298 			/*
2299 			 * nfnp is busy, try to unmount it first
2300 			 */
2301 			mutex_enter(&fnp->fn_lock);
2302 			AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
2303 			mutex_exit(&fnp->fn_lock);
2304 			VN_RELE(vp);
2305 			ASSERT(fntovn(nfnp)->v_count > 1);
2306 			fnp = nfnp;
2307 			goto top;
2308 		}
2309 
2310 		/*
2311 		 * At this point, we know all trigger nodes are locked,
2312 		 * and they're not busy or mounted on.
2313 		 */
2314 
2315 		if (autofs_busy_root) {
2316 			/*
2317 			 * Got to unlock the the trigger nodes since
2318 			 * I'm not really going to unmount the filesystem.
2319 			 */
2320 			(void) triggers_unlock(fnp);
2321 		} else {
2322 			/*
2323 			 * Attempt to unmount all the trigger nodes,
2324 			 * save the action_list in case we need to
2325 			 * remount them later. The action_list will be
2326 			 * freed later if there was no need to remount the
2327 			 * trigger nodes.
2328 			 */
2329 			unmount_triggers(fnp, &alp);
2330 		}
2331 	}
2332 	rw_exit(&fnp->fn_rwlock);
2333 
2334 	if (autofs_busy_root)
2335 		goto next;
2336 
2337 	(void) vn_vfswlock_wait(vp);
2338 
2339 	vfsp = vn_mountedvfs(vp);
2340 	if (vfsp != NULL) {
2341 		/*
2342 		 * Node is mounted on.
2343 		 */
2344 		AUTOFS_DPRINT((10, "\tNode is mounted on\n"));
2345 
2346 		/*
2347 		 * Deal with /xfn/host/jurassic alikes here...
2348 		 */
2349 		if (vfs_matchops(vfsp, vfs_getops(vp->v_vfsp))) {
2350 			/*
2351 			 * If the filesystem mounted here is AUTOFS, and it
2352 			 * is busy, try to unmount the tree rooted on it
2353 			 * first. We know this call to VFS_ROOT is safe to
2354 			 * call while holding VVFSLOCK, since it resolves
2355 			 * to a call to auto_root().
2356 			 */
2357 			AUTOFS_DPRINT((10, "\t\tAUTOFS mounted here\n"));
2358 			if (VFS_ROOT(vfsp, &newvp)) {
2359 				cmn_err(CE_PANIC,
2360 				    "unmount_tree: VFS_ROOT(vfs=%p) failed",
2361 				    (void *)vfsp);
2362 			}
2363 			nfnp = vntofn(newvp);
2364 			if (DEEPER(nfnp)) {
2365 				vn_vfsunlock(vp);
2366 				mutex_enter(&fnp->fn_lock);
2367 				AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
2368 				mutex_exit(&fnp->fn_lock);
2369 				VN_RELE(vp);
2370 				fnp = nfnp;
2371 				goto top;
2372 			}
2373 			/*
2374 			 * Fall through to unmount this filesystem
2375 			 */
2376 			VN_RELE(newvp);
2377 		}
2378 
2379 		/*
2380 		 * vn_vfsunlock(vp) is done inside unmount_node()
2381 		 */
2382 		error = unmount_node(vp, force);
2383 		if (error == ECONNRESET) {
2384 			AUTOFS_DPRINT((10, "\tConnection dropped\n"));
2385 			if (vn_mountedvfs(vp) == NULL) {
2386 				/*
2387 				 * The filesystem was unmounted before the
2388 				 * daemon died. Unfortunately we can not
2389 				 * determine whether all the cleanup work was
2390 				 * successfully finished (i.e. update mnttab,
2391 				 * or notify NFS server of the unmount).
2392 				 * We should not retry the operation since the
2393 				 * filesystem has already been unmounted, and
2394 				 * may have already been removed from mnttab,
2395 				 * in such case the devid/rdevid we send to
2396 				 * the daemon will not be matched. So we have
2397 				 * to be content with the partial unmount.
2398 				 * Since the mountpoint is no longer covered, we
2399 				 * clear the error condition.
2400 				 */
2401 				error = 0;
2402 				auto_log(fngp->fng_verbose, fngp->fng_zoneid,
2403 				    CE_WARN, "unmount_tree: automountd "
2404 				    "connection dropped");
2405 				if (fnip->fi_flags & MF_DIRECT) {
2406 					auto_log(fngp->fng_verbose,
2407 					    fngp->fng_zoneid, CE_WARN,
2408 					    "unmount_tree: "
2409 					    "%s successfully unmounted - "
2410 					    "do not remount triggers",
2411 					    fnip->fi_path);
2412 				} else {
2413 					auto_log(fngp->fng_verbose,
2414 					    fngp->fng_zoneid, CE_WARN,
2415 					    "unmount_tree: "
2416 					    "%s/%s successfully unmounted - "
2417 					    "do not remount triggers",
2418 					    fnip->fi_path, fnp->fn_name);
2419 				}
2420 			}
2421 		}
2422 	} else {
2423 		vn_vfsunlock(vp);
2424 		AUTOFS_DPRINT((10, "\tNode is AUTOFS\n"));
2425 		if (unmount_as_unit) {
2426 			AUTOFS_DPRINT((10, "\tunmount as unit\n"));
2427 			error = unmount_autofs(vp);
2428 		} else {
2429 			AUTOFS_DPRINT((10, "\tunmount one at a time\n"));
2430 			rw_enter(&fnp->fn_rwlock, RW_READER);
2431 			if (fnp->fn_dirents != NULL) {
2432 				/*
2433 				 * Has subdirectory, attempt their
2434 				 * unmount first
2435 				 */
2436 				nfnp = fnp->fn_dirents;
2437 				VN_HOLD(fntovn(nfnp));
2438 				rw_exit(&fnp->fn_rwlock);
2439 
2440 				mutex_enter(&fnp->fn_lock);
2441 				AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
2442 				mutex_exit(&fnp->fn_lock);
2443 				VN_RELE(vp);
2444 				fnp = nfnp;
2445 				goto top;
2446 			}
2447 			rw_exit(&fnp->fn_rwlock);
2448 			goto next;
2449 		}
2450 	}
2451 
2452 	if (error) {
2453 		AUTOFS_DPRINT((10, "\tUnmount failed\n"));
2454 		if (alp != NULL) {
2455 			/*
2456 			 * Unmount failed, got to remount triggers.
2457 			 */
2458 			ASSERT((fnp->fn_flags & MF_THISUID_MATCH_RQD) == 0);
2459 			error = auto_perform_actions(fnip, fnp, alp, CRED());
2460 			if (error) {
2461 				auto_log(fngp->fng_verbose, fngp->fng_zoneid,
2462 				    CE_WARN, "autofs: can't remount triggers "
2463 				    "fnp=%p error=%d", (void *)fnp, error);
2464 				error = 0;
2465 				/*
2466 				 * The action list should have been
2467 				 * free'd by auto_perform_actions
2468 				 * since an error occured
2469 				 */
2470 				alp = NULL;
2471 			}
2472 		}
2473 	} else {
2474 		/*
2475 		 * The unmount succeeded, which will cause this node to
2476 		 * be removed from its parent if its an indirect mount,
2477 		 * therefore update the parent's atime and mtime now.
2478 		 * I don't update them in auto_disconnect() because I
2479 		 * don't want atime and mtime changing every time a
2480 		 * lookup goes to the daemon and creates a new node.
2481 		 */
2482 		unmount_done = 1;
2483 		if ((fnip->fi_flags & MF_DIRECT) == 0) {
2484 			gethrestime(&now);
2485 			if (fnp->fn_parent == fngp->fng_rootfnnodep)
2486 				fnp->fn_atime = fnp->fn_mtime = now;
2487 			else {
2488 				fnp->fn_parent->fn_atime = now;
2489 				fnp->fn_parent->fn_mtime = now;
2490 			}
2491 		}
2492 
2493 		/*
2494 		 * Free the action list here
2495 		 */
2496 		if (alp != NULL) {
2497 			xdr_free(xdr_action_list, (char *)alp);
2498 			alp = NULL;
2499 		}
2500 	}
2501 
2502 	fnp->fn_ref_time = gethrestime_sec();
2503 
2504 next:
2505 	/*
2506 	 * Obtain parent's readers lock before grabbing
2507 	 * reference to next sibling.
2508 	 * XXX Note that nodes in the top level list (mounted
2509 	 * in user space not by the daemon in the kernel) parent is itself,
2510 	 * therefore grabbing the lock makes no sense, but doesn't
2511 	 * hurt either.
2512 	 */
2513 	pfnp = fnp->fn_parent;
2514 	ASSERT(pfnp != NULL);
2515 	rw_enter(&pfnp->fn_rwlock, RW_READER);
2516 	if ((nfnp = fnp->fn_next) != NULL)
2517 		VN_HOLD(fntovn(nfnp));
2518 	rw_exit(&pfnp->fn_rwlock);
2519 
2520 	if (ilocked_it) {
2521 		mutex_enter(&fnp->fn_lock);
2522 		if (unmount_done) {
2523 			/*
2524 			 * Other threads may be waiting for this unmount to
2525 			 * finish. We must let it know that in order to
2526 			 * proceed, it must trigger the mount itself.
2527 			 */
2528 			fnp->fn_flags &= ~MF_IK_MOUNT;
2529 			if (fnp->fn_flags & MF_WAITING)
2530 				fnp->fn_error = EAGAIN;
2531 			unmount_done = 0;
2532 		}
2533 		AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
2534 		mutex_exit(&fnp->fn_lock);
2535 		ilocked_it = 0;
2536 	}
2537 
2538 	if (nfnp != NULL) {
2539 		VN_RELE(vp);
2540 		fnp = nfnp;
2541 		/*
2542 		 * Unmount next element
2543 		 */
2544 		goto top;
2545 	}
2546 
2547 	/*
2548 	 * We don't want to unmount rootfnnodep, so the check is made here
2549 	 */
2550 	ASSERT(pfnp != fnp);
2551 	if (pfnp != fngp->fng_rootfnnodep) {
2552 		/*
2553 		 * Now attempt to unmount my parent
2554 		 */
2555 		VN_HOLD(fntovn(pfnp));
2556 		VN_RELE(vp);
2557 		fnp = pfnp;
2558 
2559 		goto top;
2560 	}
2561 
2562 	VN_RELE(vp);
2563 
2564 	/*
2565 	 * At this point we've walked the entire tree and attempted to unmount
2566 	 * as much as we can one level at a time.
2567 	 */
2568 done:
2569 	mutex_enter(&unmount_tree_cpr_lock);
2570 	CALLB_CPR_EXIT(&cprinfo);
2571 	mutex_destroy(&unmount_tree_cpr_lock);
2572 }
2573 
2574 static void
2575 unmount_zone_tree(struct autofs_globals *fngp)
2576 {
2577 	unmount_tree(fngp, 0);
2578 	mutex_enter(&fngp->fng_unmount_threads_lock);
2579 	fngp->fng_unmount_threads--;
2580 	mutex_exit(&fngp->fng_unmount_threads_lock);
2581 
2582 	AUTOFS_DPRINT((5, "unmount_tree done. Thread exiting.\n"));
2583 
2584 	zthread_exit();
2585 	/* NOTREACHED */
2586 }
2587 
2588 static int autofs_unmount_thread_timer = 120;	/* in seconds */
2589 
2590 void
2591 auto_do_unmount(struct autofs_globals *fngp)
2592 {
2593 	callb_cpr_t cprinfo;
2594 	clock_t timeleft;
2595 	zone_t *zone = curproc->p_zone;
2596 
2597 	CALLB_CPR_INIT(&cprinfo, &fngp->fng_unmount_threads_lock,
2598 	    callb_generic_cpr, "auto_do_unmount");
2599 
2600 	for (;;) {	/* forever */
2601 		mutex_enter(&fngp->fng_unmount_threads_lock);
2602 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
2603 newthread:
2604 		mutex_exit(&fngp->fng_unmount_threads_lock);
2605 		timeleft = zone_status_timedwait(zone, ddi_get_lbolt() +
2606 		    autofs_unmount_thread_timer * hz, ZONE_IS_SHUTTING_DOWN);
2607 		mutex_enter(&fngp->fng_unmount_threads_lock);
2608 
2609 		if (timeleft != -1) {	/* didn't time out */
2610 			ASSERT(zone_status_get(zone) >= ZONE_IS_SHUTTING_DOWN);
2611 			/*
2612 			 * zone is exiting... don't create any new threads.
2613 			 * fng_unmount_threads_lock is released implicitly by
2614 			 * the below.
2615 			 */
2616 			CALLB_CPR_SAFE_END(&cprinfo,
2617 			    &fngp->fng_unmount_threads_lock);
2618 			CALLB_CPR_EXIT(&cprinfo);
2619 			zthread_exit();
2620 			/* NOTREACHED */
2621 		}
2622 		if (fngp->fng_unmount_threads < autofs_unmount_threads) {
2623 			fngp->fng_unmount_threads++;
2624 			CALLB_CPR_SAFE_END(&cprinfo,
2625 			    &fngp->fng_unmount_threads_lock);
2626 			mutex_exit(&fngp->fng_unmount_threads_lock);
2627 
2628 			(void) zthread_create(NULL, 0, unmount_zone_tree, fngp,
2629 			    0, minclsyspri);
2630 		} else
2631 			goto newthread;
2632 	}
2633 	/* NOTREACHED */
2634 }
2635 
2636 /*
2637  * Is nobrowse specified in option string?
2638  * opts should be a null ('\0') terminated string.
2639  * Returns non-zero if nobrowse has been specified.
2640  */
2641 int
2642 auto_nobrowse_option(char *opts)
2643 {
2644 	char *buf;
2645 	char *p;
2646 	char *t;
2647 	int nobrowse = 0;
2648 	int last_opt = 0;
2649 	size_t len;
2650 
2651 	len = strlen(opts) + 1;
2652 	p = buf = kmem_alloc(len, KM_SLEEP);
2653 	(void) strcpy(buf, opts);
2654 	do {
2655 		if (t = strchr(p, ','))
2656 			*t++ = '\0';
2657 		else
2658 			last_opt++;
2659 		if (strcmp(p, MNTOPT_NOBROWSE) == 0)
2660 			nobrowse = 1;
2661 		else if (strcmp(p, MNTOPT_BROWSE) == 0)
2662 			nobrowse = 0;
2663 		p = t;
2664 	} while (!last_opt);
2665 	kmem_free(buf, len);
2666 
2667 	return (nobrowse);
2668 }
2669 
2670 /*
2671  * used to log warnings only if automountd is running
2672  * with verbose mode set
2673  */
2674 
2675 void
2676 auto_log(int verbose, zoneid_t zoneid, int level, const char *fmt, ...)
2677 {
2678 	va_list	args;
2679 
2680 	if (verbose) {
2681 		va_start(args, fmt);
2682 		vzcmn_err(zoneid, level, fmt, args);
2683 		va_end(args);
2684 	}
2685 }
2686 
2687 #ifdef DEBUG
2688 static int autofs_debug = 0;
2689 
2690 /*
2691  * Utilities used by both client and server
2692  * Standard levels:
2693  * 0) no debugging
2694  * 1) hard failures
2695  * 2) soft failures
2696  * 3) current test software
2697  * 4) main procedure entry points
2698  * 5) main procedure exit points
2699  * 6) utility procedure entry points
2700  * 7) utility procedure exit points
2701  * 8) obscure procedure entry points
2702  * 9) obscure procedure exit points
2703  * 10) random stuff
2704  * 11) all <= 1
2705  * 12) all <= 2
2706  * 13) all <= 3
2707  * ...
2708  */
2709 /* PRINTFLIKE2 */
2710 void
2711 auto_dprint(int level, const char *fmt, ...)
2712 {
2713 	va_list args;
2714 
2715 	if (autofs_debug == level ||
2716 	    (autofs_debug > 10 && (autofs_debug - 10) >= level)) {
2717 		va_start(args, fmt);
2718 		(void) vprintf(fmt, args);
2719 		va_end(args);
2720 	}
2721 }
2722 #endif /* DEBUG */
2723