xref: /illumos-gate/usr/src/uts/common/fs/nfs/nfs4_state.c (revision aedf2b3bb56b025fcaf87b49ec6c8aeea07f16d7)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <sys/systm.h>
27 #include <sys/kmem.h>
28 #include <sys/cmn_err.h>
29 #include <sys/atomic.h>
30 #include <sys/clconf.h>
31 #include <sys/cladm.h>
32 #include <sys/flock.h>
33 #include <nfs/export.h>
34 #include <nfs/nfs.h>
35 #include <nfs/nfs4.h>
36 #include <nfs/nfssys.h>
37 #include <nfs/lm.h>
38 #include <sys/pathname.h>
39 #include <sys/sdt.h>
40 #include <sys/nvpair.h>
41 
42 extern u_longlong_t nfs4_srv_caller_id;
43 
44 extern time_t rfs4_start_time;
45 extern uint_t nfs4_srv_vkey;
46 
47 stateid4 special0 = {
48 	0,
49 	{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
50 };
51 
52 stateid4 special1 = {
53 	0xffffffff,
54 	{
55 		(char)0xff, (char)0xff, (char)0xff, (char)0xff,
56 		(char)0xff, (char)0xff, (char)0xff, (char)0xff,
57 		(char)0xff, (char)0xff, (char)0xff, (char)0xff
58 	}
59 };
60 
61 
62 #define	ISSPECIAL(id)  (stateid4_cmp(id, &special0) || \
63 			stateid4_cmp(id, &special1))
64 
65 /* For embedding the cluster nodeid into our clientid */
66 #define	CLUSTER_NODEID_SHIFT	24
67 #define	CLUSTER_MAX_NODEID	255
68 
69 #ifdef DEBUG
70 int rfs4_debug;
71 #endif
72 
73 static uint32_t rfs4_database_debug = 0x00;
74 
75 static void rfs4_ss_clid_write(rfs4_client_t *cp, char *leaf);
76 static void rfs4_ss_clid_write_one(rfs4_client_t *cp, char *dir, char *leaf);
77 static void rfs4_dss_clear_oldstate(rfs4_servinst_t *sip);
78 static void rfs4_ss_chkclid_sip(rfs4_client_t *cp, rfs4_servinst_t *sip);
79 
80 /*
81  * Couple of simple init/destroy functions for a general waiter
82  */
83 void
84 rfs4_sw_init(rfs4_state_wait_t *swp)
85 {
86 	mutex_init(swp->sw_cv_lock, NULL, MUTEX_DEFAULT, NULL);
87 	cv_init(swp->sw_cv, NULL, CV_DEFAULT, NULL);
88 	swp->sw_active = FALSE;
89 	swp->sw_wait_count = 0;
90 }
91 
92 void
93 rfs4_sw_destroy(rfs4_state_wait_t *swp)
94 {
95 	mutex_destroy(swp->sw_cv_lock);
96 	cv_destroy(swp->sw_cv);
97 }
98 
99 void
100 rfs4_sw_enter(rfs4_state_wait_t *swp)
101 {
102 	mutex_enter(swp->sw_cv_lock);
103 	while (swp->sw_active) {
104 		swp->sw_wait_count++;
105 		cv_wait(swp->sw_cv, swp->sw_cv_lock);
106 		swp->sw_wait_count--;
107 	}
108 	ASSERT(swp->sw_active == FALSE);
109 	swp->sw_active = TRUE;
110 	mutex_exit(swp->sw_cv_lock);
111 }
112 
113 void
114 rfs4_sw_exit(rfs4_state_wait_t *swp)
115 {
116 	mutex_enter(swp->sw_cv_lock);
117 	ASSERT(swp->sw_active == TRUE);
118 	swp->sw_active = FALSE;
119 	if (swp->sw_wait_count != 0)
120 		cv_broadcast(swp->sw_cv);
121 	mutex_exit(swp->sw_cv_lock);
122 }
123 
124 /*
125  * CPR callback id -- not related to v4 callbacks
126  */
127 static callb_id_t cpr_id = 0;
128 
129 static void
130 deep_lock_copy(LOCK4res *dres, LOCK4res *sres)
131 {
132 	lock_owner4 *slo = &sres->LOCK4res_u.denied.owner;
133 	lock_owner4 *dlo = &dres->LOCK4res_u.denied.owner;
134 
135 	if (sres->status == NFS4ERR_DENIED) {
136 		dlo->owner_val = kmem_alloc(slo->owner_len, KM_SLEEP);
137 		bcopy(slo->owner_val, dlo->owner_val, slo->owner_len);
138 	}
139 }
140 
141 static void
142 deep_lock_free(LOCK4res *res)
143 {
144 	lock_owner4 *lo = &res->LOCK4res_u.denied.owner;
145 
146 	if (res->status == NFS4ERR_DENIED)
147 		kmem_free(lo->owner_val, lo->owner_len);
148 }
149 
150 static void
151 deep_open_copy(OPEN4res *dres, OPEN4res *sres)
152 {
153 	nfsace4 *sacep, *dacep;
154 
155 	if (sres->status != NFS4_OK) {
156 		return;
157 	}
158 
159 	dres->attrset = sres->attrset;
160 
161 	switch (sres->delegation.delegation_type) {
162 	case OPEN_DELEGATE_NONE:
163 		return;
164 	case OPEN_DELEGATE_READ:
165 		sacep = &sres->delegation.open_delegation4_u.read.permissions;
166 		dacep = &dres->delegation.open_delegation4_u.read.permissions;
167 		break;
168 	case OPEN_DELEGATE_WRITE:
169 		sacep = &sres->delegation.open_delegation4_u.write.permissions;
170 		dacep = &dres->delegation.open_delegation4_u.write.permissions;
171 		break;
172 	}
173 	dacep->who.utf8string_val =
174 	    kmem_alloc(sacep->who.utf8string_len, KM_SLEEP);
175 	bcopy(sacep->who.utf8string_val, dacep->who.utf8string_val,
176 	    sacep->who.utf8string_len);
177 }
178 
179 static void
180 deep_open_free(OPEN4res *res)
181 {
182 	nfsace4 *acep;
183 	if (res->status != NFS4_OK)
184 		return;
185 
186 	switch (res->delegation.delegation_type) {
187 	case OPEN_DELEGATE_NONE:
188 		return;
189 	case OPEN_DELEGATE_READ:
190 		acep = &res->delegation.open_delegation4_u.read.permissions;
191 		break;
192 	case OPEN_DELEGATE_WRITE:
193 		acep = &res->delegation.open_delegation4_u.write.permissions;
194 		break;
195 	}
196 
197 	if (acep->who.utf8string_val) {
198 		kmem_free(acep->who.utf8string_val, acep->who.utf8string_len);
199 		acep->who.utf8string_val = NULL;
200 	}
201 }
202 
203 void
204 rfs4_free_reply(nfs_resop4 *rp)
205 {
206 	switch (rp->resop) {
207 	case OP_LOCK:
208 		deep_lock_free(&rp->nfs_resop4_u.oplock);
209 		break;
210 	case OP_OPEN:
211 		deep_open_free(&rp->nfs_resop4_u.opopen);
212 	default:
213 		break;
214 	}
215 }
216 
217 void
218 rfs4_copy_reply(nfs_resop4 *dst, nfs_resop4 *src)
219 {
220 	*dst = *src;
221 
222 	/* Handle responses that need deep copy */
223 	switch (src->resop) {
224 	case OP_LOCK:
225 		deep_lock_copy(&dst->nfs_resop4_u.oplock,
226 		    &src->nfs_resop4_u.oplock);
227 		break;
228 	case OP_OPEN:
229 		deep_open_copy(&dst->nfs_resop4_u.opopen,
230 		    &src->nfs_resop4_u.opopen);
231 		break;
232 	default:
233 		break;
234 	};
235 }
236 
237 /*
238  * This is the implementation of the underlying state engine. The
239  * public interface to this engine is described by
240  * nfs4_state.h. Callers to the engine should hold no state engine
241  * locks when they call in to it. If the protocol needs to lock data
242  * structures it should do so after acquiring all references to them
243  * first and then follow the following lock order:
244  *
245  *	client > openowner > state > lo_state > lockowner > file.
246  *
247  * Internally we only allow a thread to hold one hash bucket lock at a
248  * time and the lock is higher in the lock order (must be acquired
249  * first) than the data structure that is on that hash list.
250  *
251  * If a new reference was acquired by the caller, that reference needs
252  * to be released after releasing all acquired locks with the
253  * corresponding rfs4_*_rele routine.
254  */
255 
256 /*
257  * This code is some what prototypical for now. Its purpose currently is to
258  * implement the interfaces sufficiently to finish the higher protocol
259  * elements. This will be replaced by a dynamically resizeable tables
260  * backed by kmem_cache allocator. However synchronization is handled
261  * correctly (I hope) and will not change by much.  The mutexes for
262  * the hash buckets that can be used to create new instances of data
263  * structures  might be good candidates to evolve into reader writer
264  * locks. If it has to do a creation, it would be holding the
265  * mutex across a kmem_alloc with KM_SLEEP specified.
266  */
267 
268 #ifdef DEBUG
269 #define	TABSIZE 17
270 #else
271 #define	TABSIZE 2047
272 #endif
273 
274 #define	ADDRHASH(key) ((unsigned long)(key) >> 3)
275 
276 /* Used to serialize create/destroy of rfs4_server_state database */
277 kmutex_t	rfs4_state_lock;
278 static rfs4_database_t *rfs4_server_state = NULL;
279 
280 /* Used to serialize lookups of clientids */
281 static	krwlock_t	rfs4_findclient_lock;
282 
283 /*
284  * For now this "table" is exposed so that the CPR callback
285  * function can tromp through it..
286  */
287 rfs4_table_t *rfs4_client_tab;
288 
289 static rfs4_index_t *rfs4_clientid_idx;
290 static rfs4_index_t *rfs4_nfsclnt_idx;
291 static rfs4_table_t *rfs4_openowner_tab;
292 static rfs4_index_t *rfs4_openowner_idx;
293 static rfs4_table_t *rfs4_state_tab;
294 static rfs4_index_t *rfs4_state_idx;
295 static rfs4_index_t *rfs4_state_owner_file_idx;
296 static rfs4_index_t *rfs4_state_file_idx;
297 static rfs4_table_t *rfs4_lo_state_tab;
298 static rfs4_index_t *rfs4_lo_state_idx;
299 static rfs4_index_t *rfs4_lo_state_owner_idx;
300 static rfs4_table_t *rfs4_lockowner_tab;
301 static rfs4_index_t *rfs4_lockowner_idx;
302 static rfs4_index_t *rfs4_lockowner_pid_idx;
303 static rfs4_table_t *rfs4_file_tab;
304 static rfs4_index_t *rfs4_file_idx;
305 static rfs4_table_t *rfs4_deleg_state_tab;
306 static rfs4_index_t *rfs4_deleg_idx;
307 static rfs4_index_t *rfs4_deleg_state_idx;
308 
309 #define	MAXTABSZ 1024*1024
310 
311 /* The values below are rfs4_lease_time units */
312 
313 #ifdef DEBUG
314 #define	CLIENT_CACHE_TIME 1
315 #define	OPENOWNER_CACHE_TIME 1
316 #define	STATE_CACHE_TIME 1
317 #define	LO_STATE_CACHE_TIME 1
318 #define	LOCKOWNER_CACHE_TIME 1
319 #define	FILE_CACHE_TIME 3
320 #define	DELEG_STATE_CACHE_TIME 1
321 #else
322 #define	CLIENT_CACHE_TIME 10
323 #define	OPENOWNER_CACHE_TIME 5
324 #define	STATE_CACHE_TIME 1
325 #define	LO_STATE_CACHE_TIME 1
326 #define	LOCKOWNER_CACHE_TIME 3
327 #define	FILE_CACHE_TIME 40
328 #define	DELEG_STATE_CACHE_TIME 1
329 #endif
330 
331 
332 static time_t rfs4_client_cache_time = 0;
333 static time_t rfs4_openowner_cache_time = 0;
334 static time_t rfs4_state_cache_time = 0;
335 static time_t rfs4_lo_state_cache_time = 0;
336 static time_t rfs4_lockowner_cache_time = 0;
337 static time_t rfs4_file_cache_time = 0;
338 static time_t rfs4_deleg_state_cache_time = 0;
339 
340 static bool_t rfs4_client_create(rfs4_entry_t, void *);
341 static void rfs4_dss_remove_cpleaf(rfs4_client_t *);
342 static void rfs4_dss_remove_leaf(rfs4_servinst_t *, char *, char *);
343 static void rfs4_client_destroy(rfs4_entry_t);
344 static bool_t rfs4_client_expiry(rfs4_entry_t);
345 static uint32_t clientid_hash(void *);
346 static bool_t clientid_compare(rfs4_entry_t, void *);
347 static void *clientid_mkkey(rfs4_entry_t);
348 static uint32_t nfsclnt_hash(void *);
349 static bool_t nfsclnt_compare(rfs4_entry_t, void *);
350 static void *nfsclnt_mkkey(rfs4_entry_t);
351 static bool_t rfs4_openowner_create(rfs4_entry_t, void *);
352 static void rfs4_openowner_destroy(rfs4_entry_t);
353 static bool_t rfs4_openowner_expiry(rfs4_entry_t);
354 static uint32_t openowner_hash(void *);
355 static bool_t openowner_compare(rfs4_entry_t, void *);
356 static void *openowner_mkkey(rfs4_entry_t);
357 static bool_t rfs4_state_create(rfs4_entry_t, void *);
358 static void rfs4_state_destroy(rfs4_entry_t);
359 static bool_t rfs4_state_expiry(rfs4_entry_t);
360 static uint32_t state_hash(void *);
361 static bool_t state_compare(rfs4_entry_t, void *);
362 static void *state_mkkey(rfs4_entry_t);
363 static uint32_t state_owner_file_hash(void *);
364 static bool_t state_owner_file_compare(rfs4_entry_t, void *);
365 static void *state_owner_file_mkkey(rfs4_entry_t);
366 static uint32_t state_file_hash(void *);
367 static bool_t state_file_compare(rfs4_entry_t, void *);
368 static void *state_file_mkkey(rfs4_entry_t);
369 static bool_t rfs4_lo_state_create(rfs4_entry_t, void *);
370 static void rfs4_lo_state_destroy(rfs4_entry_t);
371 static bool_t rfs4_lo_state_expiry(rfs4_entry_t);
372 static uint32_t lo_state_hash(void *);
373 static bool_t lo_state_compare(rfs4_entry_t, void *);
374 static void *lo_state_mkkey(rfs4_entry_t);
375 static uint32_t lo_state_lo_hash(void *);
376 static bool_t lo_state_lo_compare(rfs4_entry_t, void *);
377 static void *lo_state_lo_mkkey(rfs4_entry_t);
378 static bool_t rfs4_lockowner_create(rfs4_entry_t, void *);
379 static void rfs4_lockowner_destroy(rfs4_entry_t);
380 static bool_t rfs4_lockowner_expiry(rfs4_entry_t);
381 static uint32_t lockowner_hash(void *);
382 static bool_t lockowner_compare(rfs4_entry_t, void *);
383 static void *lockowner_mkkey(rfs4_entry_t);
384 static uint32_t pid_hash(void *);
385 static bool_t pid_compare(rfs4_entry_t, void *);
386 static void *pid_mkkey(rfs4_entry_t);
387 static bool_t rfs4_file_create(rfs4_entry_t, void *);
388 static void rfs4_file_destroy(rfs4_entry_t);
389 static uint32_t file_hash(void *);
390 static bool_t file_compare(rfs4_entry_t, void *);
391 static void *file_mkkey(rfs4_entry_t);
392 static bool_t rfs4_deleg_state_create(rfs4_entry_t, void *);
393 static void rfs4_deleg_state_destroy(rfs4_entry_t);
394 static bool_t rfs4_deleg_state_expiry(rfs4_entry_t);
395 static uint32_t deleg_hash(void *);
396 static bool_t deleg_compare(rfs4_entry_t, void *);
397 static void *deleg_mkkey(rfs4_entry_t);
398 static uint32_t deleg_state_hash(void *);
399 static bool_t deleg_state_compare(rfs4_entry_t, void *);
400 static void *deleg_state_mkkey(rfs4_entry_t);
401 
402 static void rfs4_state_rele_nounlock(rfs4_state_t *);
403 
404 static int rfs4_ss_enabled = 0;
405 
406 extern void (*rfs4_client_clrst)(struct nfs4clrst_args *);
407 
408 void
409 rfs4_ss_pnfree(rfs4_ss_pn_t *ss_pn)
410 {
411 	kmem_free(ss_pn, sizeof (rfs4_ss_pn_t));
412 }
413 
414 static rfs4_ss_pn_t *
415 rfs4_ss_pnalloc(char *dir, char *leaf)
416 {
417 	rfs4_ss_pn_t *ss_pn;
418 	int 	dir_len, leaf_len;
419 
420 	/*
421 	 * validate we have a resonable path
422 	 * (account for the '/' and trailing null)
423 	 */
424 	if ((dir_len = strlen(dir)) > MAXPATHLEN ||
425 	    (leaf_len = strlen(leaf)) > MAXNAMELEN ||
426 	    (dir_len + leaf_len + 2) > MAXPATHLEN) {
427 		return (NULL);
428 	}
429 
430 	ss_pn = kmem_alloc(sizeof (rfs4_ss_pn_t), KM_SLEEP);
431 
432 	(void) snprintf(ss_pn->pn, MAXPATHLEN, "%s/%s", dir, leaf);
433 	/* Handy pointer to just the leaf name */
434 	ss_pn->leaf = ss_pn->pn + dir_len + 1;
435 	return (ss_pn);
436 }
437 
438 
439 /*
440  * Move the "leaf" filename from "sdir" directory
441  * to the "ddir" directory. Return the pathname of
442  * the destination unless the rename fails in which
443  * case we need to return the source pathname.
444  */
445 static rfs4_ss_pn_t *
446 rfs4_ss_movestate(char *sdir, char *ddir, char *leaf)
447 {
448 	rfs4_ss_pn_t *src, *dst;
449 
450 	if ((src = rfs4_ss_pnalloc(sdir, leaf)) == NULL)
451 		return (NULL);
452 
453 	if ((dst = rfs4_ss_pnalloc(ddir, leaf)) == NULL) {
454 		rfs4_ss_pnfree(src);
455 		return (NULL);
456 	}
457 
458 	/*
459 	 * If the rename fails we shall return the src
460 	 * pathname and free the dst. Otherwise we need
461 	 * to free the src and return the dst pathanme.
462 	 */
463 	if (vn_rename(src->pn, dst->pn, UIO_SYSSPACE)) {
464 		rfs4_ss_pnfree(dst);
465 		return (src);
466 	}
467 	rfs4_ss_pnfree(src);
468 	return (dst);
469 }
470 
471 
472 static rfs4_oldstate_t *
473 rfs4_ss_getstate(vnode_t *dvp, rfs4_ss_pn_t *ss_pn)
474 {
475 	struct uio uio;
476 	struct iovec iov[3];
477 
478 	rfs4_oldstate_t *cl_ss = NULL;
479 	vnode_t *vp;
480 	vattr_t va;
481 	uint_t id_len;
482 	int err, kill_file, file_vers;
483 
484 	if (ss_pn == NULL)
485 		return (NULL);
486 
487 	/*
488 	 * open the state file.
489 	 */
490 	if (vn_open(ss_pn->pn, UIO_SYSSPACE, FREAD, 0, &vp, 0, 0) != 0) {
491 		return (NULL);
492 	}
493 
494 	if (vp->v_type != VREG) {
495 		(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, CRED(), NULL);
496 		VN_RELE(vp);
497 		return (NULL);
498 	}
499 
500 	err = VOP_ACCESS(vp, VREAD, 0, CRED(), NULL);
501 	if (err) {
502 		/*
503 		 * We don't have read access? better get the heck out.
504 		 */
505 		(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, CRED(), NULL);
506 		VN_RELE(vp);
507 		return (NULL);
508 	}
509 
510 	(void) VOP_RWLOCK(vp, V_WRITELOCK_FALSE, NULL);
511 	/*
512 	 * get the file size to do some basic validation
513 	 */
514 	va.va_mask = AT_SIZE;
515 	err = VOP_GETATTR(vp, &va, 0, CRED(), NULL);
516 
517 	kill_file = (va.va_size == 0 || va.va_size <
518 	    (NFS4_VERIFIER_SIZE + sizeof (uint_t)+1));
519 
520 	if (err || kill_file) {
521 		VOP_RWUNLOCK(vp, V_WRITELOCK_FALSE, NULL);
522 		(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, CRED(), NULL);
523 		VN_RELE(vp);
524 		if (kill_file) {
525 			(void) VOP_REMOVE(dvp, ss_pn->leaf, CRED(), NULL, 0);
526 		}
527 		return (NULL);
528 	}
529 
530 	cl_ss = kmem_alloc(sizeof (rfs4_oldstate_t), KM_SLEEP);
531 
532 	/*
533 	 * build iovecs to read in the file_version, verifier and id_len
534 	 */
535 	iov[0].iov_base = (caddr_t)&file_vers;
536 	iov[0].iov_len = sizeof (int);
537 	iov[1].iov_base = (caddr_t)&cl_ss->cl_id4.verifier;
538 	iov[1].iov_len = NFS4_VERIFIER_SIZE;
539 	iov[2].iov_base = (caddr_t)&id_len;
540 	iov[2].iov_len = sizeof (uint_t);
541 
542 	uio.uio_iov = iov;
543 	uio.uio_iovcnt = 3;
544 	uio.uio_segflg = UIO_SYSSPACE;
545 	uio.uio_loffset = 0;
546 	uio.uio_resid = sizeof (int) + NFS4_VERIFIER_SIZE + sizeof (uint_t);
547 
548 	if (err = VOP_READ(vp, &uio, FREAD, CRED(), NULL)) {
549 		VOP_RWUNLOCK(vp, V_WRITELOCK_FALSE, NULL);
550 		(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, CRED(), NULL);
551 		VN_RELE(vp);
552 		kmem_free(cl_ss, sizeof (rfs4_oldstate_t));
553 		return (NULL);
554 	}
555 
556 	/*
557 	 * if the file_version doesn't match or if the
558 	 * id_len is zero or the combination of the verifier,
559 	 * id_len and id_val is bigger than the file we have
560 	 * a problem. If so ditch the file.
561 	 */
562 	kill_file = (file_vers != NFS4_SS_VERSION || id_len == 0 ||
563 	    (id_len + NFS4_VERIFIER_SIZE + sizeof (uint_t)) > va.va_size);
564 
565 	if (err || kill_file) {
566 		VOP_RWUNLOCK(vp, V_WRITELOCK_FALSE, NULL);
567 		(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, CRED(), NULL);
568 		VN_RELE(vp);
569 		kmem_free(cl_ss, sizeof (rfs4_oldstate_t));
570 		if (kill_file) {
571 			(void) VOP_REMOVE(dvp, ss_pn->leaf, CRED(), NULL, 0);
572 		}
573 		return (NULL);
574 	}
575 
576 	/*
577 	 * now get the client id value
578 	 */
579 	cl_ss->cl_id4.id_val = kmem_alloc(id_len, KM_SLEEP);
580 	iov[0].iov_base = cl_ss->cl_id4.id_val;
581 	iov[0].iov_len = id_len;
582 
583 	uio.uio_iov = iov;
584 	uio.uio_iovcnt = 1;
585 	uio.uio_segflg = UIO_SYSSPACE;
586 	uio.uio_resid = cl_ss->cl_id4.id_len = id_len;
587 
588 	if (err = VOP_READ(vp, &uio, FREAD, CRED(), NULL)) {
589 		VOP_RWUNLOCK(vp, V_WRITELOCK_FALSE, NULL);
590 		(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, CRED(), NULL);
591 		VN_RELE(vp);
592 		kmem_free(cl_ss->cl_id4.id_val, id_len);
593 		kmem_free(cl_ss, sizeof (rfs4_oldstate_t));
594 		return (NULL);
595 	}
596 
597 	VOP_RWUNLOCK(vp, V_WRITELOCK_FALSE, NULL);
598 	(void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, CRED(), NULL);
599 	VN_RELE(vp);
600 	return (cl_ss);
601 }
602 
603 #ifdef	nextdp
604 #undef nextdp
605 #endif
606 #define	nextdp(dp)	((struct dirent64 *)((char *)(dp) + (dp)->d_reclen))
607 
608 /*
609  * Add entries from statedir to supplied oldstate list.
610  * Optionally, move all entries from statedir -> destdir.
611  */
612 void
613 rfs4_ss_oldstate(rfs4_oldstate_t *oldstate, char *statedir, char *destdir)
614 {
615 	rfs4_ss_pn_t *ss_pn;
616 	rfs4_oldstate_t *cl_ss = NULL;
617 	char	*dirt = NULL;
618 	int	err, dir_eof = 0, size = 0;
619 	vnode_t *dvp;
620 	struct iovec iov;
621 	struct uio uio;
622 	struct dirent64 *dep;
623 	offset_t dirchunk_offset = 0;
624 
625 	/*
626 	 * open the state directory
627 	 */
628 	if (vn_open(statedir, UIO_SYSSPACE, FREAD, 0, &dvp, 0, 0))
629 		return;
630 
631 	if (dvp->v_type != VDIR || VOP_ACCESS(dvp, VREAD, 0, CRED(), NULL))
632 		goto out;
633 
634 	dirt = kmem_alloc(RFS4_SS_DIRSIZE, KM_SLEEP);
635 
636 	/*
637 	 * Get and process the directory entries
638 	 */
639 	while (!dir_eof) {
640 		(void) VOP_RWLOCK(dvp, V_WRITELOCK_FALSE, NULL);
641 		iov.iov_base = dirt;
642 		iov.iov_len = RFS4_SS_DIRSIZE;
643 		uio.uio_iov = &iov;
644 		uio.uio_iovcnt = 1;
645 		uio.uio_segflg = UIO_SYSSPACE;
646 		uio.uio_loffset = dirchunk_offset;
647 		uio.uio_resid = RFS4_SS_DIRSIZE;
648 
649 		err = VOP_READDIR(dvp, &uio, CRED(), &dir_eof, NULL, 0);
650 		VOP_RWUNLOCK(dvp, V_WRITELOCK_FALSE, NULL);
651 		if (err)
652 			goto out;
653 
654 		size = RFS4_SS_DIRSIZE - uio.uio_resid;
655 
656 		/*
657 		 * Process all the directory entries in this
658 		 * readdir chunk
659 		 */
660 		for (dep = (struct dirent64 *)dirt; size > 0;
661 		    dep = nextdp(dep)) {
662 
663 			size -= dep->d_reclen;
664 			dirchunk_offset = dep->d_off;
665 
666 			/*
667 			 * Skip '.' and '..'
668 			 */
669 			if (NFS_IS_DOTNAME(dep->d_name))
670 				continue;
671 
672 			ss_pn = rfs4_ss_pnalloc(statedir, dep->d_name);
673 			if (ss_pn == NULL)
674 				continue;
675 
676 			if (cl_ss = rfs4_ss_getstate(dvp, ss_pn)) {
677 				if (destdir != NULL) {
678 					rfs4_ss_pnfree(ss_pn);
679 					cl_ss->ss_pn = rfs4_ss_movestate(
680 					    statedir, destdir, dep->d_name);
681 				} else {
682 					cl_ss->ss_pn = ss_pn;
683 				}
684 				insque(cl_ss, oldstate);
685 			} else {
686 				rfs4_ss_pnfree(ss_pn);
687 			}
688 		}
689 	}
690 
691 out:
692 	(void) VOP_CLOSE(dvp, FREAD, 1, (offset_t)0, CRED(), NULL);
693 	VN_RELE(dvp);
694 	if (dirt)
695 		kmem_free((caddr_t)dirt, RFS4_SS_DIRSIZE);
696 }
697 
698 static void
699 rfs4_ss_init(void)
700 {
701 	int npaths = 1;
702 	char *default_dss_path = NFS4_DSS_VAR_DIR;
703 
704 	/* read the default stable storage state */
705 	rfs4_dss_readstate(npaths, &default_dss_path);
706 
707 	rfs4_ss_enabled = 1;
708 }
709 
710 static void
711 rfs4_ss_fini(void)
712 {
713 	rfs4_servinst_t *sip;
714 
715 	mutex_enter(&rfs4_servinst_lock);
716 	sip = rfs4_cur_servinst;
717 	while (sip != NULL) {
718 		rfs4_dss_clear_oldstate(sip);
719 		sip = sip->next;
720 	}
721 	mutex_exit(&rfs4_servinst_lock);
722 }
723 
724 /*
725  * Remove all oldstate files referenced by this servinst.
726  */
727 static void
728 rfs4_dss_clear_oldstate(rfs4_servinst_t *sip)
729 {
730 	rfs4_oldstate_t *os_head, *osp;
731 
732 	rw_enter(&sip->oldstate_lock, RW_WRITER);
733 	os_head = sip->oldstate;
734 
735 	if (os_head == NULL)
736 		return;
737 
738 	/* skip dummy entry */
739 	osp = os_head->next;
740 	while (osp != os_head) {
741 		char *leaf = osp->ss_pn->leaf;
742 		rfs4_oldstate_t *os_next;
743 
744 		rfs4_dss_remove_leaf(sip, NFS4_DSS_OLDSTATE_LEAF, leaf);
745 
746 		if (osp->cl_id4.id_val)
747 			kmem_free(osp->cl_id4.id_val, osp->cl_id4.id_len);
748 		if (osp->ss_pn)
749 			kmem_free(osp->ss_pn, sizeof (rfs4_ss_pn_t));
750 
751 		os_next = osp->next;
752 		remque(osp);
753 		kmem_free(osp, sizeof (rfs4_oldstate_t));
754 		osp = os_next;
755 	}
756 
757 	/* free dummy entry */
758 	kmem_free(osp, sizeof (rfs4_oldstate_t));
759 
760 	sip->oldstate = NULL;
761 
762 	rw_exit(&sip->oldstate_lock);
763 }
764 
765 /*
766  * Form the state and oldstate paths, and read in the stable storage files.
767  */
768 void
769 rfs4_dss_readstate(int npaths, char **paths)
770 {
771 	int i;
772 	char *state, *oldstate;
773 
774 	state = kmem_alloc(MAXPATHLEN, KM_SLEEP);
775 	oldstate = kmem_alloc(MAXPATHLEN, KM_SLEEP);
776 
777 	for (i = 0; i < npaths; i++) {
778 		char *path = paths[i];
779 
780 		(void) sprintf(state, "%s/%s", path, NFS4_DSS_STATE_LEAF);
781 		(void) sprintf(oldstate, "%s/%s", path, NFS4_DSS_OLDSTATE_LEAF);
782 
783 		/*
784 		 * Populate the current server instance's oldstate list.
785 		 *
786 		 * 1. Read stable storage data from old state directory,
787 		 *    leaving its contents alone.
788 		 *
789 		 * 2. Read stable storage data from state directory,
790 		 *    and move the latter's contents to old state
791 		 *    directory.
792 		 */
793 		rfs4_ss_oldstate(rfs4_cur_servinst->oldstate, oldstate, NULL);
794 		rfs4_ss_oldstate(rfs4_cur_servinst->oldstate, state, oldstate);
795 	}
796 
797 	kmem_free(state, MAXPATHLEN);
798 	kmem_free(oldstate, MAXPATHLEN);
799 }
800 
801 
802 /*
803  * Check if we are still in grace and if the client can be
804  * granted permission to perform reclaims.
805  */
806 void
807 rfs4_ss_chkclid(rfs4_client_t *cp)
808 {
809 	rfs4_servinst_t *sip;
810 
811 	/*
812 	 * It should be sufficient to check the oldstate data for just
813 	 * this client's instance. However, since our per-instance
814 	 * client grouping is solely temporal, HA-NFSv4 RG failover
815 	 * might result in clients of the same RG being partitioned into
816 	 * separate instances.
817 	 *
818 	 * Until the client grouping is improved, we must check the
819 	 * oldstate data for all instances with an active grace period.
820 	 *
821 	 * This also serves as the mechanism to remove stale oldstate data.
822 	 * The first time we check an instance after its grace period has
823 	 * expired, the oldstate data should be cleared.
824 	 *
825 	 * Start at the current instance, and walk the list backwards
826 	 * to the first.
827 	 */
828 	mutex_enter(&rfs4_servinst_lock);
829 	for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) {
830 		rfs4_ss_chkclid_sip(cp, sip);
831 
832 		/* if the above check found this client, we're done */
833 		if (cp->rc_can_reclaim)
834 			break;
835 	}
836 	mutex_exit(&rfs4_servinst_lock);
837 }
838 
839 static void
840 rfs4_ss_chkclid_sip(rfs4_client_t *cp, rfs4_servinst_t *sip)
841 {
842 	rfs4_oldstate_t *osp, *os_head;
843 
844 	/* short circuit everything if this server instance has no oldstate */
845 	rw_enter(&sip->oldstate_lock, RW_READER);
846 	os_head = sip->oldstate;
847 	rw_exit(&sip->oldstate_lock);
848 	if (os_head == NULL)
849 		return;
850 
851 	/*
852 	 * If this server instance is no longer in a grace period then
853 	 * the client won't be able to reclaim. No further need for this
854 	 * instance's oldstate data, so it can be cleared.
855 	 */
856 	if (!rfs4_servinst_in_grace(sip))
857 		return;
858 
859 	/* this instance is still in grace; search for the clientid */
860 
861 	rw_enter(&sip->oldstate_lock, RW_READER);
862 
863 	os_head = sip->oldstate;
864 	/* skip dummy entry */
865 	osp = os_head->next;
866 	while (osp != os_head) {
867 		if (osp->cl_id4.id_len == cp->rc_nfs_client.id_len) {
868 			if (bcmp(osp->cl_id4.id_val, cp->rc_nfs_client.id_val,
869 			    osp->cl_id4.id_len) == 0) {
870 				cp->rc_can_reclaim = 1;
871 				break;
872 			}
873 		}
874 		osp = osp->next;
875 	}
876 
877 	rw_exit(&sip->oldstate_lock);
878 }
879 
880 /*
881  * Place client information into stable storage: 1/3.
882  * First, generate the leaf filename, from the client's IP address and
883  * the server-generated short-hand clientid.
884  */
885 void
886 rfs4_ss_clid(rfs4_client_t *cp, struct svc_req *req)
887 {
888 	const char *kinet_ntop6(uchar_t *, char *, size_t);
889 	char leaf[MAXNAMELEN], buf[INET6_ADDRSTRLEN];
890 	struct sockaddr *ca;
891 	uchar_t *b;
892 
893 	if (rfs4_ss_enabled == 0) {
894 		return;
895 	}
896 
897 	buf[0] = 0;
898 
899 
900 	ca = (struct sockaddr *)svc_getrpccaller(req->rq_xprt)->buf;
901 	if (ca == NULL) {
902 		return;
903 	}
904 
905 	/*
906 	 * Convert the caller's IP address to a dotted string
907 	 */
908 	if (ca->sa_family == AF_INET) {
909 
910 		bcopy(svc_getrpccaller(req->rq_xprt)->buf, &cp->rc_addr,
911 		    sizeof (struct sockaddr_in));
912 		b = (uchar_t *)&((struct sockaddr_in *)ca)->sin_addr;
913 		(void) sprintf(buf, "%03d.%03d.%03d.%03d", b[0] & 0xFF,
914 		    b[1] & 0xFF, b[2] & 0xFF, b[3] & 0xFF);
915 	} else if (ca->sa_family == AF_INET6) {
916 		struct sockaddr_in6 *sin6;
917 
918 		sin6 = (struct sockaddr_in6 *)ca;
919 		bcopy(svc_getrpccaller(req->rq_xprt)->buf, &cp->rc_addr,
920 		    sizeof (struct sockaddr_in6));
921 		(void) kinet_ntop6((uchar_t *)&sin6->sin6_addr,
922 		    buf, INET6_ADDRSTRLEN);
923 	}
924 
925 	(void) snprintf(leaf, MAXNAMELEN, "%s-%llx", buf,
926 	    (longlong_t)cp->rc_clientid);
927 	rfs4_ss_clid_write(cp, leaf);
928 }
929 
930 /*
931  * Place client information into stable storage: 2/3.
932  * DSS: distributed stable storage: the file may need to be written to
933  * multiple directories.
934  */
935 static void
936 rfs4_ss_clid_write(rfs4_client_t *cp, char *leaf)
937 {
938 	rfs4_servinst_t *sip;
939 
940 	/*
941 	 * It should be sufficient to write the leaf file to (all) DSS paths
942 	 * associated with just this client's instance. However, since our
943 	 * per-instance client grouping is solely temporal, HA-NFSv4 RG
944 	 * failover might result in us losing DSS data.
945 	 *
946 	 * Until the client grouping is improved, we must write the DSS data
947 	 * to all instances' paths. Start at the current instance, and
948 	 * walk the list backwards to the first.
949 	 */
950 	mutex_enter(&rfs4_servinst_lock);
951 	for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) {
952 		int i, npaths = sip->dss_npaths;
953 
954 		/* write the leaf file to all DSS paths */
955 		for (i = 0; i < npaths; i++) {
956 			rfs4_dss_path_t *dss_path = sip->dss_paths[i];
957 
958 			/* HA-NFSv4 path might have been failed-away from us */
959 			if (dss_path == NULL)
960 				continue;
961 
962 			rfs4_ss_clid_write_one(cp, dss_path->path, leaf);
963 		}
964 	}
965 	mutex_exit(&rfs4_servinst_lock);
966 }
967 
968 /*
969  * Place client information into stable storage: 3/3.
970  * Write the stable storage data to the requested file.
971  */
972 static void
973 rfs4_ss_clid_write_one(rfs4_client_t *cp, char *dss_path, char *leaf)
974 {
975 	int ioflag;
976 	int file_vers = NFS4_SS_VERSION;
977 	size_t dirlen;
978 	struct uio uio;
979 	struct iovec iov[4];
980 	char *dir;
981 	rfs4_ss_pn_t *ss_pn;
982 	vnode_t *vp;
983 	nfs_client_id4 *cl_id4 = &(cp->rc_nfs_client);
984 
985 	/* allow 2 extra bytes for '/' & NUL */
986 	dirlen = strlen(dss_path) + strlen(NFS4_DSS_STATE_LEAF) + 2;
987 	dir = kmem_alloc(dirlen, KM_SLEEP);
988 	(void) sprintf(dir, "%s/%s", dss_path, NFS4_DSS_STATE_LEAF);
989 
990 	ss_pn = rfs4_ss_pnalloc(dir, leaf);
991 	/* rfs4_ss_pnalloc takes its own copy */
992 	kmem_free(dir, dirlen);
993 	if (ss_pn == NULL)
994 		return;
995 
996 	if (vn_open(ss_pn->pn, UIO_SYSSPACE, FCREAT|FWRITE, 0600, &vp,
997 	    CRCREAT, 0)) {
998 		rfs4_ss_pnfree(ss_pn);
999 		return;
1000 	}
1001 
1002 	/*
1003 	 * We need to record leaf - i.e. the filename - so that we know
1004 	 * what to remove, in the future. However, the dir part of cp->ss_pn
1005 	 * should never be referenced directly, since it's potentially only
1006 	 * one of several paths with this leaf in it.
1007 	 */
1008 	if (cp->rc_ss_pn != NULL) {
1009 		if (strcmp(cp->rc_ss_pn->leaf, leaf) == 0) {
1010 			/* we've already recorded *this* leaf */
1011 			rfs4_ss_pnfree(ss_pn);
1012 		} else {
1013 			/* replace with this leaf */
1014 			rfs4_ss_pnfree(cp->rc_ss_pn);
1015 			cp->rc_ss_pn = ss_pn;
1016 		}
1017 	} else {
1018 		cp->rc_ss_pn = ss_pn;
1019 	}
1020 
1021 	/*
1022 	 * Build a scatter list that points to the nfs_client_id4
1023 	 */
1024 	iov[0].iov_base = (caddr_t)&file_vers;
1025 	iov[0].iov_len = sizeof (int);
1026 	iov[1].iov_base = (caddr_t)&(cl_id4->verifier);
1027 	iov[1].iov_len = NFS4_VERIFIER_SIZE;
1028 	iov[2].iov_base = (caddr_t)&(cl_id4->id_len);
1029 	iov[2].iov_len = sizeof (uint_t);
1030 	iov[3].iov_base = (caddr_t)cl_id4->id_val;
1031 	iov[3].iov_len = cl_id4->id_len;
1032 
1033 	uio.uio_iov = iov;
1034 	uio.uio_iovcnt = 4;
1035 	uio.uio_loffset = 0;
1036 	uio.uio_segflg = UIO_SYSSPACE;
1037 	uio.uio_llimit = (rlim64_t)MAXOFFSET_T;
1038 	uio.uio_resid = cl_id4->id_len + sizeof (int) +
1039 	    NFS4_VERIFIER_SIZE + sizeof (uint_t);
1040 
1041 	ioflag = uio.uio_fmode = (FWRITE|FSYNC);
1042 	uio.uio_extflg = UIO_COPY_DEFAULT;
1043 
1044 	(void) VOP_RWLOCK(vp, V_WRITELOCK_TRUE, NULL);
1045 	/* write the full client id to the file. */
1046 	(void) VOP_WRITE(vp, &uio, ioflag, CRED(), NULL);
1047 	VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, NULL);
1048 
1049 	(void) VOP_CLOSE(vp, FWRITE, 1, (offset_t)0, CRED(), NULL);
1050 	VN_RELE(vp);
1051 }
1052 
1053 /*
1054  * DSS: distributed stable storage.
1055  * Unpack the list of paths passed by nfsd.
1056  * Use nvlist_alloc(9F) to manage the data.
1057  * The caller is responsible for allocating and freeing the buffer.
1058  */
1059 int
1060 rfs4_dss_setpaths(char *buf, size_t buflen)
1061 {
1062 	int error;
1063 
1064 	/*
1065 	 * If this is a "warm start", i.e. we previously had DSS paths,
1066 	 * preserve the old paths.
1067 	 */
1068 	if (rfs4_dss_paths != NULL) {
1069 		/*
1070 		 * Before we lose the ptr, destroy the nvlist and pathnames
1071 		 * array from the warm start before this one.
1072 		 */
1073 		if (rfs4_dss_oldpaths)
1074 			nvlist_free(rfs4_dss_oldpaths);
1075 		rfs4_dss_oldpaths = rfs4_dss_paths;
1076 	}
1077 
1078 	/* unpack the buffer into a searchable nvlist */
1079 	error = nvlist_unpack(buf, buflen, &rfs4_dss_paths, KM_SLEEP);
1080 	if (error)
1081 		return (error);
1082 
1083 	/*
1084 	 * Search the nvlist for the pathnames nvpair (which is the only nvpair
1085 	 * in the list, and record its location.
1086 	 */
1087 	error = nvlist_lookup_string_array(rfs4_dss_paths, NFS4_DSS_NVPAIR_NAME,
1088 	    &rfs4_dss_newpaths, &rfs4_dss_numnewpaths);
1089 	return (error);
1090 }
1091 
1092 /*
1093  * Ultimately the nfssys() call NFS4_CLR_STATE endsup here
1094  * to find and mark the client for forced expire.
1095  */
1096 static void
1097 rfs4_client_scrub(rfs4_entry_t ent, void *arg)
1098 {
1099 	rfs4_client_t *cp = (rfs4_client_t *)ent;
1100 	struct nfs4clrst_args *clr = arg;
1101 	struct sockaddr_in6 *ent_sin6;
1102 	struct in6_addr  clr_in6;
1103 	struct sockaddr_in  *ent_sin;
1104 	struct in_addr   clr_in;
1105 
1106 	if (clr->addr_type != cp->rc_addr.ss_family) {
1107 		return;
1108 	}
1109 
1110 	switch (clr->addr_type) {
1111 
1112 	case AF_INET6:
1113 		/* copyin the address from user space */
1114 		if (copyin(clr->ap, &clr_in6, sizeof (clr_in6))) {
1115 			break;
1116 		}
1117 
1118 		ent_sin6 = (struct sockaddr_in6 *)&cp->rc_addr;
1119 
1120 		/*
1121 		 * now compare, and if equivalent mark entry
1122 		 * for forced expiration
1123 		 */
1124 		if (IN6_ARE_ADDR_EQUAL(&ent_sin6->sin6_addr, &clr_in6)) {
1125 			cp->rc_forced_expire = 1;
1126 		}
1127 		break;
1128 
1129 	case AF_INET:
1130 		/* copyin the address from user space */
1131 		if (copyin(clr->ap, &clr_in, sizeof (clr_in))) {
1132 			break;
1133 		}
1134 
1135 		ent_sin = (struct sockaddr_in *)&cp->rc_addr;
1136 
1137 		/*
1138 		 * now compare, and if equivalent mark entry
1139 		 * for forced expiration
1140 		 */
1141 		if (ent_sin->sin_addr.s_addr == clr_in.s_addr) {
1142 			cp->rc_forced_expire = 1;
1143 		}
1144 		break;
1145 
1146 	default:
1147 		/* force this assert to fail */
1148 		ASSERT(clr->addr_type != clr->addr_type);
1149 	}
1150 }
1151 
1152 /*
1153  * This is called from nfssys() in order to clear server state
1154  * for the specified client IP Address.
1155  */
1156 void
1157 rfs4_clear_client_state(struct nfs4clrst_args *clr)
1158 {
1159 	(void) rfs4_dbe_walk(rfs4_client_tab, rfs4_client_scrub, clr);
1160 }
1161 
1162 /*
1163  * Used to initialize the NFSv4 server's state or database.  All of
1164  * the tables are created and timers are set. Only called when NFSv4
1165  * service is provided.
1166  */
1167 void
1168 rfs4_state_init()
1169 {
1170 	int start_grace;
1171 	extern boolean_t rfs4_cpr_callb(void *, int);
1172 	char *dss_path = NFS4_DSS_VAR_DIR;
1173 
1174 	mutex_enter(&rfs4_state_lock);
1175 
1176 	/*
1177 	 * If the server state database has already been initialized,
1178 	 * skip it
1179 	 */
1180 	if (rfs4_server_state != NULL) {
1181 		mutex_exit(&rfs4_state_lock);
1182 		return;
1183 	}
1184 
1185 	rw_init(&rfs4_findclient_lock, NULL, RW_DEFAULT, NULL);
1186 
1187 	/*
1188 	 * Set the boot time.  If the server
1189 	 * has been restarted quickly and has had the opportunity to
1190 	 * service clients, then the start_time needs to be bumped
1191 	 * regardless.  A small window but it exists...
1192 	 */
1193 	if (rfs4_start_time != gethrestime_sec())
1194 		rfs4_start_time = gethrestime_sec();
1195 	else
1196 		rfs4_start_time++;
1197 
1198 	/* DSS: distributed stable storage: initialise served paths list */
1199 	rfs4_dss_pathlist = NULL;
1200 
1201 	/*
1202 	 * Create the first server instance, or a new one if the server has
1203 	 * been restarted; see above comments on rfs4_start_time. Don't
1204 	 * start its grace period; that will be done later, to maximise the
1205 	 * clients' recovery window.
1206 	 */
1207 	start_grace = 0;
1208 	rfs4_servinst_create(start_grace, 1, &dss_path);
1209 
1210 	/* reset the "first NFSv4 request" status */
1211 	rfs4_seen_first_compound = 0;
1212 
1213 	/*
1214 	 * Add a CPR callback so that we can update client
1215 	 * access times to extend the lease after a suspend
1216 	 * and resume (using the same class as rpcmod/connmgr)
1217 	 */
1218 	cpr_id = callb_add(rfs4_cpr_callb, 0, CB_CL_CPR_RPC, "rfs4");
1219 
1220 	/* set the various cache timers for table creation */
1221 	if (rfs4_client_cache_time == 0)
1222 		rfs4_client_cache_time = CLIENT_CACHE_TIME;
1223 	if (rfs4_openowner_cache_time == 0)
1224 		rfs4_openowner_cache_time = OPENOWNER_CACHE_TIME;
1225 	if (rfs4_state_cache_time == 0)
1226 		rfs4_state_cache_time = STATE_CACHE_TIME;
1227 	if (rfs4_lo_state_cache_time == 0)
1228 		rfs4_lo_state_cache_time = LO_STATE_CACHE_TIME;
1229 	if (rfs4_lockowner_cache_time == 0)
1230 		rfs4_lockowner_cache_time = LOCKOWNER_CACHE_TIME;
1231 	if (rfs4_file_cache_time == 0)
1232 		rfs4_file_cache_time = FILE_CACHE_TIME;
1233 	if (rfs4_deleg_state_cache_time == 0)
1234 		rfs4_deleg_state_cache_time = DELEG_STATE_CACHE_TIME;
1235 
1236 	/* Create the overall database to hold all server state */
1237 	rfs4_server_state = rfs4_database_create(rfs4_database_debug);
1238 
1239 	/* Now create the individual tables */
1240 	rfs4_client_cache_time *= rfs4_lease_time;
1241 	rfs4_client_tab = rfs4_table_create(rfs4_server_state,
1242 	    "Client",
1243 	    rfs4_client_cache_time,
1244 	    2,
1245 	    rfs4_client_create,
1246 	    rfs4_client_destroy,
1247 	    rfs4_client_expiry,
1248 	    sizeof (rfs4_client_t),
1249 	    TABSIZE,
1250 	    MAXTABSZ/8, 100);
1251 	rfs4_nfsclnt_idx = rfs4_index_create(rfs4_client_tab,
1252 	    "nfs_client_id4", nfsclnt_hash,
1253 	    nfsclnt_compare, nfsclnt_mkkey,
1254 	    TRUE);
1255 	rfs4_clientid_idx = rfs4_index_create(rfs4_client_tab,
1256 	    "client_id", clientid_hash,
1257 	    clientid_compare, clientid_mkkey,
1258 	    FALSE);
1259 
1260 	rfs4_openowner_cache_time *= rfs4_lease_time;
1261 	rfs4_openowner_tab = rfs4_table_create(rfs4_server_state,
1262 	    "OpenOwner",
1263 	    rfs4_openowner_cache_time,
1264 	    1,
1265 	    rfs4_openowner_create,
1266 	    rfs4_openowner_destroy,
1267 	    rfs4_openowner_expiry,
1268 	    sizeof (rfs4_openowner_t),
1269 	    TABSIZE,
1270 	    MAXTABSZ, 100);
1271 	rfs4_openowner_idx = rfs4_index_create(rfs4_openowner_tab,
1272 	    "open_owner4", openowner_hash,
1273 	    openowner_compare,
1274 	    openowner_mkkey, TRUE);
1275 
1276 	rfs4_state_cache_time *= rfs4_lease_time;
1277 	rfs4_state_tab = rfs4_table_create(rfs4_server_state,
1278 	    "OpenStateID",
1279 	    rfs4_state_cache_time,
1280 	    3,
1281 	    rfs4_state_create,
1282 	    rfs4_state_destroy,
1283 	    rfs4_state_expiry,
1284 	    sizeof (rfs4_state_t),
1285 	    TABSIZE,
1286 	    MAXTABSZ, 100);
1287 
1288 	rfs4_state_owner_file_idx = rfs4_index_create(rfs4_state_tab,
1289 	    "Openowner-File",
1290 	    state_owner_file_hash,
1291 	    state_owner_file_compare,
1292 	    state_owner_file_mkkey, TRUE);
1293 
1294 	rfs4_state_idx = rfs4_index_create(rfs4_state_tab,
1295 	    "State-id", state_hash,
1296 	    state_compare, state_mkkey, FALSE);
1297 
1298 	rfs4_state_file_idx = rfs4_index_create(rfs4_state_tab,
1299 	    "File", state_file_hash,
1300 	    state_file_compare, state_file_mkkey,
1301 	    FALSE);
1302 
1303 	rfs4_lo_state_cache_time *= rfs4_lease_time;
1304 	rfs4_lo_state_tab = rfs4_table_create(rfs4_server_state,
1305 	    "LockStateID",
1306 	    rfs4_lo_state_cache_time,
1307 	    2,
1308 	    rfs4_lo_state_create,
1309 	    rfs4_lo_state_destroy,
1310 	    rfs4_lo_state_expiry,
1311 	    sizeof (rfs4_lo_state_t),
1312 	    TABSIZE,
1313 	    MAXTABSZ, 100);
1314 
1315 	rfs4_lo_state_owner_idx = rfs4_index_create(rfs4_lo_state_tab,
1316 	    "lockownerxstate",
1317 	    lo_state_lo_hash,
1318 	    lo_state_lo_compare,
1319 	    lo_state_lo_mkkey, TRUE);
1320 
1321 	rfs4_lo_state_idx = rfs4_index_create(rfs4_lo_state_tab,
1322 	    "State-id",
1323 	    lo_state_hash, lo_state_compare,
1324 	    lo_state_mkkey, FALSE);
1325 
1326 	rfs4_lockowner_cache_time *= rfs4_lease_time;
1327 
1328 	rfs4_lockowner_tab = rfs4_table_create(rfs4_server_state,
1329 	    "Lockowner",
1330 	    rfs4_lockowner_cache_time,
1331 	    2,
1332 	    rfs4_lockowner_create,
1333 	    rfs4_lockowner_destroy,
1334 	    rfs4_lockowner_expiry,
1335 	    sizeof (rfs4_lockowner_t),
1336 	    TABSIZE,
1337 	    MAXTABSZ, 100);
1338 
1339 	rfs4_lockowner_idx = rfs4_index_create(rfs4_lockowner_tab,
1340 	    "lock_owner4", lockowner_hash,
1341 	    lockowner_compare,
1342 	    lockowner_mkkey, TRUE);
1343 
1344 	rfs4_lockowner_pid_idx = rfs4_index_create(rfs4_lockowner_tab,
1345 	    "pid", pid_hash,
1346 	    pid_compare, pid_mkkey,
1347 	    FALSE);
1348 
1349 	rfs4_file_cache_time *= rfs4_lease_time;
1350 	rfs4_file_tab = rfs4_table_create(rfs4_server_state,
1351 	    "File",
1352 	    rfs4_file_cache_time,
1353 	    1,
1354 	    rfs4_file_create,
1355 	    rfs4_file_destroy,
1356 	    NULL,
1357 	    sizeof (rfs4_file_t),
1358 	    TABSIZE,
1359 	    MAXTABSZ, -1);
1360 
1361 	rfs4_file_idx = rfs4_index_create(rfs4_file_tab,
1362 	    "Filehandle", file_hash,
1363 	    file_compare, file_mkkey, TRUE);
1364 
1365 	rfs4_deleg_state_cache_time *= rfs4_lease_time;
1366 	rfs4_deleg_state_tab = rfs4_table_create(rfs4_server_state,
1367 	    "DelegStateID",
1368 	    rfs4_deleg_state_cache_time,
1369 	    2,
1370 	    rfs4_deleg_state_create,
1371 	    rfs4_deleg_state_destroy,
1372 	    rfs4_deleg_state_expiry,
1373 	    sizeof (rfs4_deleg_state_t),
1374 	    TABSIZE,
1375 	    MAXTABSZ, 100);
1376 	rfs4_deleg_idx = rfs4_index_create(rfs4_deleg_state_tab,
1377 	    "DelegByFileClient",
1378 	    deleg_hash,
1379 	    deleg_compare,
1380 	    deleg_mkkey, TRUE);
1381 
1382 	rfs4_deleg_state_idx = rfs4_index_create(rfs4_deleg_state_tab,
1383 	    "DelegState",
1384 	    deleg_state_hash,
1385 	    deleg_state_compare,
1386 	    deleg_state_mkkey, FALSE);
1387 
1388 	/*
1389 	 * Init the stable storage.
1390 	 */
1391 	rfs4_ss_init();
1392 
1393 	rfs4_client_clrst = rfs4_clear_client_state;
1394 
1395 	mutex_exit(&rfs4_state_lock);
1396 }
1397 
1398 
1399 /*
1400  * Used at server shutdown to cleanup all of the NFSv4 server's structures
1401  * and other state.
1402  */
1403 void
1404 rfs4_state_fini()
1405 {
1406 	rfs4_database_t *dbp;
1407 
1408 	mutex_enter(&rfs4_state_lock);
1409 
1410 	if (rfs4_server_state == NULL) {
1411 		mutex_exit(&rfs4_state_lock);
1412 		return;
1413 	}
1414 
1415 	rfs4_client_clrst = NULL;
1416 
1417 	rfs4_set_deleg_policy(SRV_NEVER_DELEGATE);
1418 	dbp = rfs4_server_state;
1419 	rfs4_server_state = NULL;
1420 
1421 	/*
1422 	 * Cleanup the CPR callback.
1423 	 */
1424 	if (cpr_id)
1425 		(void) callb_delete(cpr_id);
1426 
1427 	rw_destroy(&rfs4_findclient_lock);
1428 
1429 	/* First stop all of the reaper threads in the database */
1430 	rfs4_database_shutdown(dbp);
1431 	/* clean up any dangling stable storage structures */
1432 	rfs4_ss_fini();
1433 	/* Now actually destroy/release the database and its tables */
1434 	rfs4_database_destroy(dbp);
1435 
1436 	/* Reset the cache timers for next time */
1437 	rfs4_client_cache_time = 0;
1438 	rfs4_openowner_cache_time = 0;
1439 	rfs4_state_cache_time = 0;
1440 	rfs4_lo_state_cache_time = 0;
1441 	rfs4_lockowner_cache_time = 0;
1442 	rfs4_file_cache_time = 0;
1443 	rfs4_deleg_state_cache_time = 0;
1444 
1445 	mutex_exit(&rfs4_state_lock);
1446 
1447 	/* destroy server instances and current instance ptr */
1448 	rfs4_servinst_destroy_all();
1449 
1450 	/* reset the "first NFSv4 request" status */
1451 	rfs4_seen_first_compound = 0;
1452 
1453 	/* DSS: distributed stable storage */
1454 	if (rfs4_dss_oldpaths)
1455 		nvlist_free(rfs4_dss_oldpaths);
1456 	if (rfs4_dss_paths)
1457 		nvlist_free(rfs4_dss_paths);
1458 	rfs4_dss_paths = rfs4_dss_oldpaths = NULL;
1459 }
1460 
1461 typedef union {
1462 	struct {
1463 		uint32_t start_time;
1464 		uint32_t c_id;
1465 	} impl_id;
1466 	clientid4 id4;
1467 } cid;
1468 
1469 static int foreign_stateid(stateid_t *id);
1470 static int foreign_clientid(cid *cidp);
1471 static void embed_nodeid(cid *cidp);
1472 
1473 typedef union {
1474 	struct {
1475 		uint32_t c_id;
1476 		uint32_t gen_num;
1477 	} cv_impl;
1478 	verifier4	confirm_verf;
1479 } scid_confirm_verf;
1480 
1481 static uint32_t
1482 clientid_hash(void *key)
1483 {
1484 	cid *idp = key;
1485 
1486 	return (idp->impl_id.c_id);
1487 }
1488 
1489 static bool_t
1490 clientid_compare(rfs4_entry_t entry, void *key)
1491 {
1492 	rfs4_client_t *cp = (rfs4_client_t *)entry;
1493 	clientid4 *idp = key;
1494 
1495 	return (*idp == cp->rc_clientid);
1496 }
1497 
1498 static void *
1499 clientid_mkkey(rfs4_entry_t entry)
1500 {
1501 	rfs4_client_t *cp = (rfs4_client_t *)entry;
1502 
1503 	return (&cp->rc_clientid);
1504 }
1505 
1506 static uint32_t
1507 nfsclnt_hash(void *key)
1508 {
1509 	nfs_client_id4 *client = key;
1510 	int i;
1511 	uint32_t hash = 0;
1512 
1513 	for (i = 0; i < client->id_len; i++) {
1514 		hash <<= 1;
1515 		hash += (uint_t)client->id_val[i];
1516 	}
1517 	return (hash);
1518 }
1519 
1520 
1521 static bool_t
1522 nfsclnt_compare(rfs4_entry_t entry, void *key)
1523 {
1524 	rfs4_client_t *cp = (rfs4_client_t *)entry;
1525 	nfs_client_id4 *nfs_client = key;
1526 
1527 	if (cp->rc_nfs_client.id_len != nfs_client->id_len)
1528 		return (FALSE);
1529 
1530 	return (bcmp(cp->rc_nfs_client.id_val, nfs_client->id_val,
1531 	    nfs_client->id_len) == 0);
1532 }
1533 
1534 static void *
1535 nfsclnt_mkkey(rfs4_entry_t entry)
1536 {
1537 	rfs4_client_t *cp = (rfs4_client_t *)entry;
1538 
1539 	return (&cp->rc_nfs_client);
1540 }
1541 
1542 static bool_t
1543 rfs4_client_expiry(rfs4_entry_t u_entry)
1544 {
1545 	rfs4_client_t *cp = (rfs4_client_t *)u_entry;
1546 	bool_t cp_expired;
1547 
1548 	if (rfs4_dbe_is_invalid(cp->rc_dbe)) {
1549 		cp->rc_ss_remove = 1;
1550 		return (TRUE);
1551 	}
1552 	/*
1553 	 * If the sysadmin has used clear_locks for this
1554 	 * entry then forced_expire will be set and we
1555 	 * want this entry to be reaped. Or the entry
1556 	 * has exceeded its lease period.
1557 	 */
1558 	cp_expired = (cp->rc_forced_expire ||
1559 	    (gethrestime_sec() - cp->rc_last_access
1560 	    > rfs4_lease_time));
1561 
1562 	if (!cp->rc_ss_remove && cp_expired)
1563 		cp->rc_ss_remove = 1;
1564 	return (cp_expired);
1565 }
1566 
1567 /*
1568  * Remove the leaf file from all distributed stable storage paths.
1569  */
1570 static void
1571 rfs4_dss_remove_cpleaf(rfs4_client_t *cp)
1572 {
1573 	rfs4_servinst_t *sip;
1574 	char *leaf = cp->rc_ss_pn->leaf;
1575 
1576 	/*
1577 	 * since the state files are written to all DSS
1578 	 * paths we must remove this leaf file instance
1579 	 * from all server instances.
1580 	 */
1581 
1582 	mutex_enter(&rfs4_servinst_lock);
1583 	for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) {
1584 		/* remove the leaf file associated with this server instance */
1585 		rfs4_dss_remove_leaf(sip, NFS4_DSS_STATE_LEAF, leaf);
1586 	}
1587 	mutex_exit(&rfs4_servinst_lock);
1588 }
1589 
1590 static void
1591 rfs4_dss_remove_leaf(rfs4_servinst_t *sip, char *dir_leaf, char *leaf)
1592 {
1593 	int i, npaths = sip->dss_npaths;
1594 
1595 	for (i = 0; i < npaths; i++) {
1596 		rfs4_dss_path_t *dss_path = sip->dss_paths[i];
1597 		char *path, *dir;
1598 		size_t pathlen;
1599 
1600 		/* the HA-NFSv4 path might have been failed-over away from us */
1601 		if (dss_path == NULL)
1602 			continue;
1603 
1604 		dir = dss_path->path;
1605 
1606 		/* allow 3 extra bytes for two '/' & a NUL */
1607 		pathlen = strlen(dir) + strlen(dir_leaf) + strlen(leaf) + 3;
1608 		path = kmem_alloc(pathlen, KM_SLEEP);
1609 		(void) sprintf(path, "%s/%s/%s", dir, dir_leaf, leaf);
1610 
1611 		(void) vn_remove(path, UIO_SYSSPACE, RMFILE);
1612 
1613 		kmem_free(path, pathlen);
1614 	}
1615 }
1616 
1617 static void
1618 rfs4_client_destroy(rfs4_entry_t u_entry)
1619 {
1620 	rfs4_client_t *cp = (rfs4_client_t *)u_entry;
1621 
1622 	mutex_destroy(cp->rc_cbinfo.cb_lock);
1623 	cv_destroy(cp->rc_cbinfo.cb_cv);
1624 	cv_destroy(cp->rc_cbinfo.cb_cv_nullcaller);
1625 	list_destroy(&cp->rc_openownerlist);
1626 
1627 	/* free callback info */
1628 	rfs4_cbinfo_free(&cp->rc_cbinfo);
1629 
1630 	if (cp->rc_cp_confirmed)
1631 		rfs4_client_rele(cp->rc_cp_confirmed);
1632 
1633 	if (cp->rc_ss_pn) {
1634 		/* check if the stable storage files need to be removed */
1635 		if (cp->rc_ss_remove)
1636 			rfs4_dss_remove_cpleaf(cp);
1637 		rfs4_ss_pnfree(cp->rc_ss_pn);
1638 	}
1639 
1640 	/* Free the client supplied client id */
1641 	kmem_free(cp->rc_nfs_client.id_val, cp->rc_nfs_client.id_len);
1642 
1643 	if (cp->rc_sysidt != LM_NOSYSID)
1644 		lm_free_sysidt(cp->rc_sysidt);
1645 }
1646 
1647 static bool_t
1648 rfs4_client_create(rfs4_entry_t u_entry, void *arg)
1649 {
1650 	rfs4_client_t *cp = (rfs4_client_t *)u_entry;
1651 	nfs_client_id4 *client = (nfs_client_id4 *)arg;
1652 	cid *cidp;
1653 	scid_confirm_verf *scvp;
1654 
1655 	/* Get a clientid to give to the client */
1656 	cidp = (cid *)&cp->rc_clientid;
1657 	cidp->impl_id.start_time = rfs4_start_time;
1658 	cidp->impl_id.c_id = (uint32_t)rfs4_dbe_getid(cp->rc_dbe);
1659 
1660 	/* If we are booted as a cluster node, embed our nodeid */
1661 	if (cluster_bootflags & CLUSTER_BOOTED)
1662 		embed_nodeid(cidp);
1663 
1664 	/* Allocate and copy client's client id value */
1665 	cp->rc_nfs_client.id_val = kmem_alloc(client->id_len, KM_SLEEP);
1666 	cp->rc_nfs_client.id_len = client->id_len;
1667 	bcopy(client->id_val, cp->rc_nfs_client.id_val, client->id_len);
1668 	cp->rc_nfs_client.verifier = client->verifier;
1669 
1670 	/* Init the value for the SETCLIENTID_CONFIRM verifier */
1671 	scvp = (scid_confirm_verf *)&cp->rc_confirm_verf;
1672 	scvp->cv_impl.c_id = cidp->impl_id.c_id;
1673 	scvp->cv_impl.gen_num = 0;
1674 
1675 	/* An F_UNLKSYS has been done for this client */
1676 	cp->rc_unlksys_completed = FALSE;
1677 
1678 	/* We need the client to ack us */
1679 	cp->rc_need_confirm = TRUE;
1680 	cp->rc_cp_confirmed = NULL;
1681 
1682 	/* TRUE all the time until the callback path actually fails */
1683 	cp->rc_cbinfo.cb_notified_of_cb_path_down = TRUE;
1684 
1685 	/* Initialize the access time to now */
1686 	cp->rc_last_access = gethrestime_sec();
1687 
1688 	cp->rc_cr_set = NULL;
1689 
1690 	cp->rc_sysidt = LM_NOSYSID;
1691 
1692 	list_create(&cp->rc_openownerlist, sizeof (rfs4_openowner_t),
1693 	    offsetof(rfs4_openowner_t, ro_node));
1694 
1695 	/* set up the callback control structure */
1696 	cp->rc_cbinfo.cb_state = CB_UNINIT;
1697 	mutex_init(cp->rc_cbinfo.cb_lock, NULL, MUTEX_DEFAULT, NULL);
1698 	cv_init(cp->rc_cbinfo.cb_cv, NULL, CV_DEFAULT, NULL);
1699 	cv_init(cp->rc_cbinfo.cb_cv_nullcaller, NULL, CV_DEFAULT, NULL);
1700 
1701 	/*
1702 	 * Associate the client_t with the current server instance.
1703 	 * The hold is solely to satisfy the calling requirement of
1704 	 * rfs4_servinst_assign(). In this case it's not strictly necessary.
1705 	 */
1706 	rfs4_dbe_hold(cp->rc_dbe);
1707 	rfs4_servinst_assign(cp, rfs4_cur_servinst);
1708 	rfs4_dbe_rele(cp->rc_dbe);
1709 
1710 	return (TRUE);
1711 }
1712 
1713 /*
1714  * Caller wants to generate/update the setclientid_confirm verifier
1715  * associated with a client.  This is done during the SETCLIENTID
1716  * processing.
1717  */
1718 void
1719 rfs4_client_scv_next(rfs4_client_t *cp)
1720 {
1721 	scid_confirm_verf *scvp;
1722 
1723 	/* Init the value for the SETCLIENTID_CONFIRM verifier */
1724 	scvp = (scid_confirm_verf *)&cp->rc_confirm_verf;
1725 	scvp->cv_impl.gen_num++;
1726 }
1727 
1728 void
1729 rfs4_client_rele(rfs4_client_t *cp)
1730 {
1731 	rfs4_dbe_rele(cp->rc_dbe);
1732 }
1733 
1734 rfs4_client_t *
1735 rfs4_findclient(nfs_client_id4 *client, bool_t *create,	rfs4_client_t *oldcp)
1736 {
1737 	rfs4_client_t *cp;
1738 
1739 
1740 	if (oldcp) {
1741 		rw_enter(&rfs4_findclient_lock, RW_WRITER);
1742 		rfs4_dbe_hide(oldcp->rc_dbe);
1743 	} else {
1744 		rw_enter(&rfs4_findclient_lock, RW_READER);
1745 	}
1746 
1747 	cp = (rfs4_client_t *)rfs4_dbsearch(rfs4_nfsclnt_idx, client,
1748 	    create, (void *)client, RFS4_DBS_VALID);
1749 
1750 	if (oldcp)
1751 		rfs4_dbe_unhide(oldcp->rc_dbe);
1752 
1753 	rw_exit(&rfs4_findclient_lock);
1754 
1755 	return (cp);
1756 }
1757 
1758 rfs4_client_t *
1759 rfs4_findclient_by_id(clientid4 clientid, bool_t find_unconfirmed)
1760 {
1761 	rfs4_client_t *cp;
1762 	bool_t create = FALSE;
1763 	cid *cidp = (cid *)&clientid;
1764 
1765 	/* If we're a cluster and the nodeid isn't right, short-circuit */
1766 	if (cluster_bootflags & CLUSTER_BOOTED && foreign_clientid(cidp))
1767 		return (NULL);
1768 
1769 	rw_enter(&rfs4_findclient_lock, RW_READER);
1770 
1771 	cp = (rfs4_client_t *)rfs4_dbsearch(rfs4_clientid_idx, &clientid,
1772 	    &create, NULL, RFS4_DBS_VALID);
1773 
1774 	rw_exit(&rfs4_findclient_lock);
1775 
1776 	if (cp && cp->rc_need_confirm && find_unconfirmed == FALSE) {
1777 		rfs4_client_rele(cp);
1778 		return (NULL);
1779 	} else {
1780 		return (cp);
1781 	}
1782 }
1783 
1784 bool_t
1785 rfs4_lease_expired(rfs4_client_t *cp)
1786 {
1787 	bool_t rc;
1788 
1789 	rfs4_dbe_lock(cp->rc_dbe);
1790 
1791 	/*
1792 	 * If the admin has executed clear_locks for this
1793 	 * client id, force expire will be set, so no need
1794 	 * to calculate anything because it's "outa here".
1795 	 */
1796 	if (cp->rc_forced_expire) {
1797 		rc = TRUE;
1798 	} else {
1799 		rc = (gethrestime_sec() - cp->rc_last_access > rfs4_lease_time);
1800 	}
1801 
1802 	/*
1803 	 * If the lease has expired we will also want
1804 	 * to remove any stable storage state data. So
1805 	 * mark the client id accordingly.
1806 	 */
1807 	if (!cp->rc_ss_remove)
1808 		cp->rc_ss_remove = (rc == TRUE);
1809 
1810 	rfs4_dbe_unlock(cp->rc_dbe);
1811 
1812 	return (rc);
1813 }
1814 
1815 void
1816 rfs4_update_lease(rfs4_client_t *cp)
1817 {
1818 	rfs4_dbe_lock(cp->rc_dbe);
1819 	if (!cp->rc_forced_expire)
1820 		cp->rc_last_access = gethrestime_sec();
1821 	rfs4_dbe_unlock(cp->rc_dbe);
1822 }
1823 
1824 
1825 static bool_t
1826 EQOPENOWNER(open_owner4 *a, open_owner4 *b)
1827 {
1828 	bool_t rc;
1829 
1830 	if (a->clientid != b->clientid)
1831 		return (FALSE);
1832 
1833 	if (a->owner_len != b->owner_len)
1834 		return (FALSE);
1835 
1836 	rc = (bcmp(a->owner_val, b->owner_val, a->owner_len) == 0);
1837 
1838 	return (rc);
1839 }
1840 
1841 static uint_t
1842 openowner_hash(void *key)
1843 {
1844 	int i;
1845 	open_owner4 *openowner = key;
1846 	uint_t hash = 0;
1847 
1848 	for (i = 0; i < openowner->owner_len; i++) {
1849 		hash <<= 4;
1850 		hash += (uint_t)openowner->owner_val[i];
1851 	}
1852 	hash += (uint_t)openowner->clientid;
1853 	hash |= (openowner->clientid >> 32);
1854 
1855 	return (hash);
1856 }
1857 
1858 static bool_t
1859 openowner_compare(rfs4_entry_t u_entry, void *key)
1860 {
1861 	rfs4_openowner_t *oo = (rfs4_openowner_t *)u_entry;
1862 	open_owner4 *arg = key;
1863 
1864 	return (EQOPENOWNER(&oo->ro_owner, arg));
1865 }
1866 
1867 void *
1868 openowner_mkkey(rfs4_entry_t u_entry)
1869 {
1870 	rfs4_openowner_t *oo = (rfs4_openowner_t *)u_entry;
1871 
1872 	return (&oo->ro_owner);
1873 }
1874 
1875 static bool_t
1876 rfs4_openowner_expiry(rfs4_entry_t u_entry)
1877 {
1878 	rfs4_openowner_t *oo = (rfs4_openowner_t *)u_entry;
1879 
1880 	if (rfs4_dbe_is_invalid(oo->ro_dbe))
1881 		return (TRUE);
1882 	return ((gethrestime_sec() - oo->ro_client->rc_last_access
1883 	    > rfs4_lease_time));
1884 }
1885 
1886 static void
1887 rfs4_openowner_destroy(rfs4_entry_t u_entry)
1888 {
1889 	rfs4_openowner_t *oo = (rfs4_openowner_t *)u_entry;
1890 
1891 	/* Remove open owner from client's lists of open owners */
1892 	rfs4_dbe_lock(oo->ro_client->rc_dbe);
1893 	list_remove(&oo->ro_client->rc_openownerlist, oo);
1894 	rfs4_dbe_unlock(oo->ro_client->rc_dbe);
1895 
1896 	/* One less reference to the client */
1897 	rfs4_client_rele(oo->ro_client);
1898 	oo->ro_client = NULL;
1899 
1900 	/* Free the last reply for this lock owner */
1901 	rfs4_free_reply(&oo->ro_reply);
1902 
1903 	if (oo->ro_reply_fh.nfs_fh4_val) {
1904 		kmem_free(oo->ro_reply_fh.nfs_fh4_val,
1905 		    oo->ro_reply_fh.nfs_fh4_len);
1906 		oo->ro_reply_fh.nfs_fh4_val = NULL;
1907 		oo->ro_reply_fh.nfs_fh4_len = 0;
1908 	}
1909 
1910 	rfs4_sw_destroy(&oo->ro_sw);
1911 	list_destroy(&oo->ro_statelist);
1912 
1913 	/* Free the lock owner id */
1914 	kmem_free(oo->ro_owner.owner_val, oo->ro_owner.owner_len);
1915 }
1916 
1917 void
1918 rfs4_openowner_rele(rfs4_openowner_t *oo)
1919 {
1920 	rfs4_dbe_rele(oo->ro_dbe);
1921 }
1922 
1923 static bool_t
1924 rfs4_openowner_create(rfs4_entry_t u_entry, void *arg)
1925 {
1926 	rfs4_openowner_t *oo = (rfs4_openowner_t *)u_entry;
1927 	rfs4_openowner_t *argp = (rfs4_openowner_t *)arg;
1928 	open_owner4 *openowner = &argp->ro_owner;
1929 	seqid4 seqid = argp->ro_open_seqid;
1930 	rfs4_client_t *cp;
1931 	bool_t create = FALSE;
1932 
1933 	rw_enter(&rfs4_findclient_lock, RW_READER);
1934 
1935 	cp = (rfs4_client_t *)rfs4_dbsearch(rfs4_clientid_idx,
1936 	    &openowner->clientid,
1937 	    &create, NULL, RFS4_DBS_VALID);
1938 
1939 	rw_exit(&rfs4_findclient_lock);
1940 
1941 	if (cp == NULL)
1942 		return (FALSE);
1943 
1944 	oo->ro_reply_fh.nfs_fh4_len = 0;
1945 	oo->ro_reply_fh.nfs_fh4_val = NULL;
1946 
1947 	oo->ro_owner.clientid = openowner->clientid;
1948 	oo->ro_owner.owner_val =
1949 	    kmem_alloc(openowner->owner_len, KM_SLEEP);
1950 
1951 	bcopy(openowner->owner_val,
1952 	    oo->ro_owner.owner_val, openowner->owner_len);
1953 
1954 	oo->ro_owner.owner_len = openowner->owner_len;
1955 
1956 	oo->ro_need_confirm = TRUE;
1957 
1958 	rfs4_sw_init(&oo->ro_sw);
1959 
1960 	oo->ro_open_seqid = seqid;
1961 	bzero(&oo->ro_reply, sizeof (nfs_resop4));
1962 	oo->ro_client = cp;
1963 	oo->ro_cr_set = NULL;
1964 
1965 	list_create(&oo->ro_statelist, sizeof (rfs4_state_t),
1966 	    offsetof(rfs4_state_t, rs_node));
1967 
1968 	/* Insert openowner into client's open owner list */
1969 	rfs4_dbe_lock(cp->rc_dbe);
1970 	list_insert_tail(&cp->rc_openownerlist, oo);
1971 	rfs4_dbe_unlock(cp->rc_dbe);
1972 
1973 	return (TRUE);
1974 }
1975 
1976 rfs4_openowner_t *
1977 rfs4_findopenowner(open_owner4 *openowner, bool_t *create, seqid4 seqid)
1978 {
1979 	rfs4_openowner_t *oo;
1980 	rfs4_openowner_t arg;
1981 
1982 	arg.ro_owner = *openowner;
1983 	arg.ro_open_seqid = seqid;
1984 	oo = (rfs4_openowner_t *)rfs4_dbsearch(rfs4_openowner_idx, openowner,
1985 	    create, &arg, RFS4_DBS_VALID);
1986 
1987 	return (oo);
1988 }
1989 
1990 void
1991 rfs4_update_open_sequence(rfs4_openowner_t *oo)
1992 {
1993 
1994 	rfs4_dbe_lock(oo->ro_dbe);
1995 
1996 	oo->ro_open_seqid++;
1997 
1998 	rfs4_dbe_unlock(oo->ro_dbe);
1999 }
2000 
2001 void
2002 rfs4_update_open_resp(rfs4_openowner_t *oo, nfs_resop4 *resp, nfs_fh4 *fh)
2003 {
2004 
2005 	rfs4_dbe_lock(oo->ro_dbe);
2006 
2007 	rfs4_free_reply(&oo->ro_reply);
2008 
2009 	rfs4_copy_reply(&oo->ro_reply, resp);
2010 
2011 	/* Save the filehandle if provided and free if not used */
2012 	if (resp->nfs_resop4_u.opopen.status == NFS4_OK &&
2013 	    fh && fh->nfs_fh4_len) {
2014 		if (oo->ro_reply_fh.nfs_fh4_val == NULL)
2015 			oo->ro_reply_fh.nfs_fh4_val =
2016 			    kmem_alloc(fh->nfs_fh4_len, KM_SLEEP);
2017 		nfs_fh4_copy(fh, &oo->ro_reply_fh);
2018 	} else {
2019 		if (oo->ro_reply_fh.nfs_fh4_val) {
2020 			kmem_free(oo->ro_reply_fh.nfs_fh4_val,
2021 			    oo->ro_reply_fh.nfs_fh4_len);
2022 			oo->ro_reply_fh.nfs_fh4_val = NULL;
2023 			oo->ro_reply_fh.nfs_fh4_len = 0;
2024 		}
2025 	}
2026 
2027 	rfs4_dbe_unlock(oo->ro_dbe);
2028 }
2029 
2030 static bool_t
2031 lockowner_compare(rfs4_entry_t u_entry, void *key)
2032 {
2033 	rfs4_lockowner_t *lo = (rfs4_lockowner_t *)u_entry;
2034 	lock_owner4 *b = (lock_owner4 *)key;
2035 
2036 	if (lo->rl_owner.clientid != b->clientid)
2037 		return (FALSE);
2038 
2039 	if (lo->rl_owner.owner_len != b->owner_len)
2040 		return (FALSE);
2041 
2042 	return (bcmp(lo->rl_owner.owner_val, b->owner_val,
2043 	    lo->rl_owner.owner_len) == 0);
2044 }
2045 
2046 void *
2047 lockowner_mkkey(rfs4_entry_t u_entry)
2048 {
2049 	rfs4_lockowner_t *lo = (rfs4_lockowner_t *)u_entry;
2050 
2051 	return (&lo->rl_owner);
2052 }
2053 
2054 static uint32_t
2055 lockowner_hash(void *key)
2056 {
2057 	int i;
2058 	lock_owner4 *lockowner = key;
2059 	uint_t hash = 0;
2060 
2061 	for (i = 0; i < lockowner->owner_len; i++) {
2062 		hash <<= 4;
2063 		hash += (uint_t)lockowner->owner_val[i];
2064 	}
2065 	hash += (uint_t)lockowner->clientid;
2066 	hash |= (lockowner->clientid >> 32);
2067 
2068 	return (hash);
2069 }
2070 
2071 static uint32_t
2072 pid_hash(void *key)
2073 {
2074 	return ((uint32_t)(uintptr_t)key);
2075 }
2076 
2077 static void *
2078 pid_mkkey(rfs4_entry_t u_entry)
2079 {
2080 	rfs4_lockowner_t *lo = (rfs4_lockowner_t *)u_entry;
2081 
2082 	return ((void *)(uintptr_t)lo->rl_pid);
2083 }
2084 
2085 static bool_t
2086 pid_compare(rfs4_entry_t u_entry, void *key)
2087 {
2088 	rfs4_lockowner_t *lo = (rfs4_lockowner_t *)u_entry;
2089 
2090 	return (lo->rl_pid == (pid_t)(uintptr_t)key);
2091 }
2092 
2093 static void
2094 rfs4_lockowner_destroy(rfs4_entry_t u_entry)
2095 {
2096 	rfs4_lockowner_t *lo = (rfs4_lockowner_t *)u_entry;
2097 
2098 	/* Free the lock owner id */
2099 	kmem_free(lo->rl_owner.owner_val, lo->rl_owner.owner_len);
2100 	rfs4_client_rele(lo->rl_client);
2101 }
2102 
2103 void
2104 rfs4_lockowner_rele(rfs4_lockowner_t *lo)
2105 {
2106 	rfs4_dbe_rele(lo->rl_dbe);
2107 }
2108 
2109 /* ARGSUSED */
2110 static bool_t
2111 rfs4_lockowner_expiry(rfs4_entry_t u_entry)
2112 {
2113 	/*
2114 	 * Since expiry is called with no other references on
2115 	 * this struct, go ahead and have it removed.
2116 	 */
2117 	return (TRUE);
2118 }
2119 
2120 static bool_t
2121 rfs4_lockowner_create(rfs4_entry_t u_entry, void *arg)
2122 {
2123 	rfs4_lockowner_t *lo = (rfs4_lockowner_t *)u_entry;
2124 	lock_owner4 *lockowner = (lock_owner4 *)arg;
2125 	rfs4_client_t *cp;
2126 	bool_t create = FALSE;
2127 
2128 	rw_enter(&rfs4_findclient_lock, RW_READER);
2129 
2130 	cp = (rfs4_client_t *)rfs4_dbsearch(rfs4_clientid_idx,
2131 	    &lockowner->clientid,
2132 	    &create, NULL, RFS4_DBS_VALID);
2133 
2134 	rw_exit(&rfs4_findclient_lock);
2135 
2136 	if (cp == NULL)
2137 		return (FALSE);
2138 
2139 	/* Reference client */
2140 	lo->rl_client = cp;
2141 	lo->rl_owner.clientid = lockowner->clientid;
2142 	lo->rl_owner.owner_val = kmem_alloc(lockowner->owner_len, KM_SLEEP);
2143 	bcopy(lockowner->owner_val, lo->rl_owner.owner_val,
2144 	    lockowner->owner_len);
2145 	lo->rl_owner.owner_len = lockowner->owner_len;
2146 	lo->rl_pid = rfs4_dbe_getid(lo->rl_dbe);
2147 
2148 	return (TRUE);
2149 }
2150 
2151 rfs4_lockowner_t *
2152 rfs4_findlockowner(lock_owner4 *lockowner, bool_t *create)
2153 {
2154 	rfs4_lockowner_t *lo;
2155 
2156 	lo = (rfs4_lockowner_t *)rfs4_dbsearch(rfs4_lockowner_idx, lockowner,
2157 	    create, lockowner, RFS4_DBS_VALID);
2158 
2159 	return (lo);
2160 }
2161 
2162 rfs4_lockowner_t *
2163 rfs4_findlockowner_by_pid(pid_t pid)
2164 {
2165 	rfs4_lockowner_t *lo;
2166 	bool_t create = FALSE;
2167 
2168 	lo = (rfs4_lockowner_t *)rfs4_dbsearch(rfs4_lockowner_pid_idx,
2169 	    (void *)(uintptr_t)pid, &create, NULL, RFS4_DBS_VALID);
2170 
2171 	return (lo);
2172 }
2173 
2174 
2175 static uint32_t
2176 file_hash(void *key)
2177 {
2178 	return (ADDRHASH(key));
2179 }
2180 
2181 static void *
2182 file_mkkey(rfs4_entry_t u_entry)
2183 {
2184 	rfs4_file_t *fp = (rfs4_file_t *)u_entry;
2185 
2186 	return (fp->rf_vp);
2187 }
2188 
2189 static bool_t
2190 file_compare(rfs4_entry_t u_entry, void *key)
2191 {
2192 	rfs4_file_t *fp = (rfs4_file_t *)u_entry;
2193 
2194 	return (fp->rf_vp == (vnode_t *)key);
2195 }
2196 
2197 static void
2198 rfs4_file_destroy(rfs4_entry_t u_entry)
2199 {
2200 	rfs4_file_t *fp = (rfs4_file_t *)u_entry;
2201 
2202 	list_destroy(&fp->rf_delegstatelist);
2203 
2204 	if (fp->rf_filehandle.nfs_fh4_val)
2205 		kmem_free(fp->rf_filehandle.nfs_fh4_val,
2206 		    fp->rf_filehandle.nfs_fh4_len);
2207 	cv_destroy(fp->rf_dinfo.rd_recall_cv);
2208 	if (fp->rf_vp) {
2209 		vnode_t *vp = fp->rf_vp;
2210 
2211 		mutex_enter(&vp->v_vsd_lock);
2212 		(void) vsd_set(vp, nfs4_srv_vkey, NULL);
2213 		mutex_exit(&vp->v_vsd_lock);
2214 		VN_RELE(vp);
2215 		fp->rf_vp = NULL;
2216 	}
2217 	rw_destroy(&fp->rf_file_rwlock);
2218 }
2219 
2220 /*
2221  * Used to unlock the underlying dbe struct only
2222  */
2223 void
2224 rfs4_file_rele(rfs4_file_t *fp)
2225 {
2226 	rfs4_dbe_rele(fp->rf_dbe);
2227 }
2228 
2229 typedef struct {
2230     vnode_t *vp;
2231     nfs_fh4 *fh;
2232 } rfs4_fcreate_arg;
2233 
2234 static bool_t
2235 rfs4_file_create(rfs4_entry_t u_entry, void *arg)
2236 {
2237 	rfs4_file_t *fp = (rfs4_file_t *)u_entry;
2238 	rfs4_fcreate_arg *ap = (rfs4_fcreate_arg *)arg;
2239 	vnode_t *vp = ap->vp;
2240 	nfs_fh4 *fh = ap->fh;
2241 
2242 	VN_HOLD(vp);
2243 
2244 	fp->rf_filehandle.nfs_fh4_len = 0;
2245 	fp->rf_filehandle.nfs_fh4_val = NULL;
2246 	ASSERT(fh && fh->nfs_fh4_len);
2247 	if (fh && fh->nfs_fh4_len) {
2248 		fp->rf_filehandle.nfs_fh4_val =
2249 		    kmem_alloc(fh->nfs_fh4_len, KM_SLEEP);
2250 		nfs_fh4_copy(fh, &fp->rf_filehandle);
2251 	}
2252 	fp->rf_vp = vp;
2253 
2254 	list_create(&fp->rf_delegstatelist, sizeof (rfs4_deleg_state_t),
2255 	    offsetof(rfs4_deleg_state_t, rds_node));
2256 
2257 	fp->rf_share_deny = fp->rf_share_access = fp->rf_access_read = 0;
2258 	fp->rf_access_write = fp->rf_deny_read = fp->rf_deny_write = 0;
2259 
2260 	mutex_init(fp->rf_dinfo.rd_recall_lock, NULL, MUTEX_DEFAULT, NULL);
2261 	cv_init(fp->rf_dinfo.rd_recall_cv, NULL, CV_DEFAULT, NULL);
2262 
2263 	fp->rf_dinfo.rd_dtype = OPEN_DELEGATE_NONE;
2264 
2265 	rw_init(&fp->rf_file_rwlock, NULL, RW_DEFAULT, NULL);
2266 
2267 	mutex_enter(&vp->v_vsd_lock);
2268 	VERIFY(vsd_set(vp, nfs4_srv_vkey, (void *)fp) == 0);
2269 	mutex_exit(&vp->v_vsd_lock);
2270 
2271 	return (TRUE);
2272 }
2273 
2274 rfs4_file_t *
2275 rfs4_findfile(vnode_t *vp, nfs_fh4 *fh, bool_t *create)
2276 {
2277 	rfs4_file_t *fp;
2278 	rfs4_fcreate_arg arg;
2279 
2280 	arg.vp = vp;
2281 	arg.fh = fh;
2282 
2283 	if (*create == TRUE)
2284 		fp = (rfs4_file_t *)rfs4_dbsearch(rfs4_file_idx, vp, create,
2285 		    &arg, RFS4_DBS_VALID);
2286 	else {
2287 		mutex_enter(&vp->v_vsd_lock);
2288 		fp = (rfs4_file_t *)vsd_get(vp, nfs4_srv_vkey);
2289 		if (fp) {
2290 			rfs4_dbe_lock(fp->rf_dbe);
2291 			if (rfs4_dbe_is_invalid(fp->rf_dbe) ||
2292 			    (rfs4_dbe_refcnt(fp->rf_dbe) == 0)) {
2293 				rfs4_dbe_unlock(fp->rf_dbe);
2294 				fp = NULL;
2295 			} else {
2296 				rfs4_dbe_hold(fp->rf_dbe);
2297 				rfs4_dbe_unlock(fp->rf_dbe);
2298 			}
2299 		}
2300 		mutex_exit(&vp->v_vsd_lock);
2301 	}
2302 	return (fp);
2303 }
2304 
2305 /*
2306  * Find a file in the db and once it is located, take the rw lock.
2307  * Need to check the vnode pointer and if it does not exist (it was
2308  * removed between the db location and check) redo the find.  This
2309  * assumes that a file struct that has a NULL vnode pointer is marked
2310  * at 'invalid' and will not be found in the db the second time
2311  * around.
2312  */
2313 rfs4_file_t *
2314 rfs4_findfile_withlock(vnode_t *vp, nfs_fh4 *fh, bool_t *create)
2315 {
2316 	rfs4_file_t *fp;
2317 	rfs4_fcreate_arg arg;
2318 	bool_t screate = *create;
2319 
2320 	if (screate == FALSE) {
2321 		mutex_enter(&vp->v_vsd_lock);
2322 		fp = (rfs4_file_t *)vsd_get(vp, nfs4_srv_vkey);
2323 		if (fp) {
2324 			rfs4_dbe_lock(fp->rf_dbe);
2325 			if (rfs4_dbe_is_invalid(fp->rf_dbe) ||
2326 			    (rfs4_dbe_refcnt(fp->rf_dbe) == 0)) {
2327 				rfs4_dbe_unlock(fp->rf_dbe);
2328 				mutex_exit(&vp->v_vsd_lock);
2329 				fp = NULL;
2330 			} else {
2331 				rfs4_dbe_hold(fp->rf_dbe);
2332 				rfs4_dbe_unlock(fp->rf_dbe);
2333 				mutex_exit(&vp->v_vsd_lock);
2334 				rw_enter(&fp->rf_file_rwlock, RW_WRITER);
2335 				if (fp->rf_vp == NULL) {
2336 					rw_exit(&fp->rf_file_rwlock);
2337 					rfs4_file_rele(fp);
2338 					fp = NULL;
2339 				}
2340 			}
2341 		} else {
2342 			mutex_exit(&vp->v_vsd_lock);
2343 		}
2344 	} else {
2345 retry:
2346 		arg.vp = vp;
2347 		arg.fh = fh;
2348 
2349 		fp = (rfs4_file_t *)rfs4_dbsearch(rfs4_file_idx, vp, create,
2350 		    &arg, RFS4_DBS_VALID);
2351 		if (fp != NULL) {
2352 			rw_enter(&fp->rf_file_rwlock, RW_WRITER);
2353 			if (fp->rf_vp == NULL) {
2354 				rw_exit(&fp->rf_file_rwlock);
2355 				rfs4_file_rele(fp);
2356 				*create = screate;
2357 				goto retry;
2358 			}
2359 		}
2360 	}
2361 
2362 	return (fp);
2363 }
2364 
2365 static uint32_t
2366 lo_state_hash(void *key)
2367 {
2368 	stateid_t *id = key;
2369 
2370 	return (id->bits.ident+id->bits.pid);
2371 }
2372 
2373 static bool_t
2374 lo_state_compare(rfs4_entry_t u_entry, void *key)
2375 {
2376 	rfs4_lo_state_t *lsp = (rfs4_lo_state_t *)u_entry;
2377 	stateid_t *id = key;
2378 	bool_t rc;
2379 
2380 	rc = (lsp->rls_lockid.bits.boottime == id->bits.boottime &&
2381 	    lsp->rls_lockid.bits.type == id->bits.type &&
2382 	    lsp->rls_lockid.bits.ident == id->bits.ident &&
2383 	    lsp->rls_lockid.bits.pid == id->bits.pid);
2384 
2385 	return (rc);
2386 }
2387 
2388 static void *
2389 lo_state_mkkey(rfs4_entry_t u_entry)
2390 {
2391 	rfs4_lo_state_t *lsp = (rfs4_lo_state_t *)u_entry;
2392 
2393 	return (&lsp->rls_lockid);
2394 }
2395 
2396 static bool_t
2397 rfs4_lo_state_expiry(rfs4_entry_t u_entry)
2398 {
2399 	rfs4_lo_state_t *lsp = (rfs4_lo_state_t *)u_entry;
2400 
2401 	if (rfs4_dbe_is_invalid(lsp->rls_dbe))
2402 		return (TRUE);
2403 	if (lsp->rls_state->rs_closed)
2404 		return (TRUE);
2405 	return ((gethrestime_sec() -
2406 	    lsp->rls_state->rs_owner->ro_client->rc_last_access
2407 	    > rfs4_lease_time));
2408 }
2409 
2410 static void
2411 rfs4_lo_state_destroy(rfs4_entry_t u_entry)
2412 {
2413 	rfs4_lo_state_t *lsp = (rfs4_lo_state_t *)u_entry;
2414 
2415 	rfs4_dbe_lock(lsp->rls_state->rs_dbe);
2416 	list_remove(&lsp->rls_state->rs_lostatelist, lsp);
2417 	rfs4_dbe_unlock(lsp->rls_state->rs_dbe);
2418 
2419 	rfs4_sw_destroy(&lsp->rls_sw);
2420 
2421 	/* Make sure to release the file locks */
2422 	if (lsp->rls_locks_cleaned == FALSE) {
2423 		lsp->rls_locks_cleaned = TRUE;
2424 		if (lsp->rls_locker->rl_client->rc_sysidt != LM_NOSYSID) {
2425 			/* Is the PxFS kernel module loaded? */
2426 			if (lm_remove_file_locks != NULL) {
2427 				int new_sysid;
2428 
2429 				/* Encode the cluster nodeid in new sysid */
2430 				new_sysid =
2431 				    lsp->rls_locker->rl_client->rc_sysidt;
2432 				lm_set_nlmid_flk(&new_sysid);
2433 
2434 				/*
2435 				 * This PxFS routine removes file locks for a
2436 				 * client over all nodes of a cluster.
2437 				 */
2438 				DTRACE_PROBE1(nfss_i_clust_rm_lck,
2439 				    int, new_sysid);
2440 				(*lm_remove_file_locks)(new_sysid);
2441 			} else {
2442 				(void) cleanlocks(
2443 				    lsp->rls_state->rs_finfo->rf_vp,
2444 				    lsp->rls_locker->rl_pid,
2445 				    lsp->rls_locker->rl_client->rc_sysidt);
2446 			}
2447 		}
2448 	}
2449 
2450 	/* Free the last reply for this state */
2451 	rfs4_free_reply(&lsp->rls_reply);
2452 
2453 	rfs4_lockowner_rele(lsp->rls_locker);
2454 	lsp->rls_locker = NULL;
2455 
2456 	rfs4_state_rele_nounlock(lsp->rls_state);
2457 	lsp->rls_state = NULL;
2458 }
2459 
2460 static bool_t
2461 rfs4_lo_state_create(rfs4_entry_t u_entry, void *arg)
2462 {
2463 	rfs4_lo_state_t *lsp = (rfs4_lo_state_t *)u_entry;
2464 	rfs4_lo_state_t *argp = (rfs4_lo_state_t *)arg;
2465 	rfs4_lockowner_t *lo = argp->rls_locker;
2466 	rfs4_state_t *sp = argp->rls_state;
2467 
2468 	lsp->rls_state = sp;
2469 
2470 	lsp->rls_lockid = sp->rs_stateid;
2471 	lsp->rls_lockid.bits.type = LOCKID;
2472 	lsp->rls_lockid.bits.chgseq = 0;
2473 	lsp->rls_lockid.bits.pid = lo->rl_pid;
2474 
2475 	lsp->rls_locks_cleaned = FALSE;
2476 	lsp->rls_lock_completed = FALSE;
2477 
2478 	rfs4_sw_init(&lsp->rls_sw);
2479 
2480 	/* Attached the supplied lock owner */
2481 	rfs4_dbe_hold(lo->rl_dbe);
2482 	lsp->rls_locker = lo;
2483 
2484 	rfs4_dbe_lock(sp->rs_dbe);
2485 	list_insert_tail(&sp->rs_lostatelist, lsp);
2486 	rfs4_dbe_hold(sp->rs_dbe);
2487 	rfs4_dbe_unlock(sp->rs_dbe);
2488 
2489 	return (TRUE);
2490 }
2491 
2492 void
2493 rfs4_lo_state_rele(rfs4_lo_state_t *lsp, bool_t unlock_fp)
2494 {
2495 	if (unlock_fp == TRUE)
2496 		rw_exit(&lsp->rls_state->rs_finfo->rf_file_rwlock);
2497 	rfs4_dbe_rele(lsp->rls_dbe);
2498 }
2499 
2500 static rfs4_lo_state_t *
2501 rfs4_findlo_state(stateid_t *id, bool_t lock_fp)
2502 {
2503 	rfs4_lo_state_t *lsp;
2504 	bool_t create = FALSE;
2505 
2506 	lsp = (rfs4_lo_state_t *)rfs4_dbsearch(rfs4_lo_state_idx, id,
2507 	    &create, NULL, RFS4_DBS_VALID);
2508 	if (lock_fp == TRUE && lsp != NULL)
2509 		rw_enter(&lsp->rls_state->rs_finfo->rf_file_rwlock, RW_READER);
2510 
2511 	return (lsp);
2512 }
2513 
2514 
2515 static uint32_t
2516 lo_state_lo_hash(void *key)
2517 {
2518 	rfs4_lo_state_t *lsp = key;
2519 
2520 	return (ADDRHASH(lsp->rls_locker) ^ ADDRHASH(lsp->rls_state));
2521 }
2522 
2523 static bool_t
2524 lo_state_lo_compare(rfs4_entry_t u_entry, void *key)
2525 {
2526 	rfs4_lo_state_t *lsp = (rfs4_lo_state_t *)u_entry;
2527 	rfs4_lo_state_t *keyp = key;
2528 
2529 	return (keyp->rls_locker == lsp->rls_locker &&
2530 	    keyp->rls_state == lsp->rls_state);
2531 }
2532 
2533 static void *
2534 lo_state_lo_mkkey(rfs4_entry_t u_entry)
2535 {
2536 	return (u_entry);
2537 }
2538 
2539 rfs4_lo_state_t *
2540 rfs4_findlo_state_by_owner(rfs4_lockowner_t *lo, rfs4_state_t *sp,
2541     bool_t *create)
2542 {
2543 	rfs4_lo_state_t *lsp;
2544 	rfs4_lo_state_t arg;
2545 
2546 	arg.rls_locker = lo;
2547 	arg.rls_state = sp;
2548 
2549 	lsp = (rfs4_lo_state_t *)rfs4_dbsearch(rfs4_lo_state_owner_idx, &arg,
2550 	    create, &arg, RFS4_DBS_VALID);
2551 
2552 	return (lsp);
2553 }
2554 
2555 static stateid_t
2556 get_stateid(id_t eid)
2557 {
2558 	stateid_t id;
2559 
2560 	id.bits.boottime = rfs4_start_time;
2561 	id.bits.ident = eid;
2562 	id.bits.chgseq = 0;
2563 	id.bits.type = 0;
2564 	id.bits.pid = 0;
2565 
2566 	/*
2567 	 * If we are booted as a cluster node, embed our nodeid.
2568 	 * We've already done sanity checks in rfs4_client_create() so no
2569 	 * need to repeat them here.
2570 	 */
2571 	id.bits.clnodeid = (cluster_bootflags & CLUSTER_BOOTED) ?
2572 	    clconf_get_nodeid() : 0;
2573 
2574 	return (id);
2575 }
2576 
2577 /*
2578  * For use only when booted as a cluster node.
2579  * Returns TRUE if the embedded nodeid indicates that this stateid was
2580  * generated on another node.
2581  */
2582 static int
2583 foreign_stateid(stateid_t *id)
2584 {
2585 	ASSERT(cluster_bootflags & CLUSTER_BOOTED);
2586 	return (id->bits.clnodeid != (uint32_t)clconf_get_nodeid());
2587 }
2588 
2589 /*
2590  * For use only when booted as a cluster node.
2591  * Returns TRUE if the embedded nodeid indicates that this clientid was
2592  * generated on another node.
2593  */
2594 static int
2595 foreign_clientid(cid *cidp)
2596 {
2597 	ASSERT(cluster_bootflags & CLUSTER_BOOTED);
2598 	return (cidp->impl_id.c_id >> CLUSTER_NODEID_SHIFT !=
2599 	    (uint32_t)clconf_get_nodeid());
2600 }
2601 
2602 /*
2603  * For use only when booted as a cluster node.
2604  * Embed our cluster nodeid into the clientid.
2605  */
2606 static void
2607 embed_nodeid(cid *cidp)
2608 {
2609 	int clnodeid;
2610 	/*
2611 	 * Currently, our state tables are small enough that their
2612 	 * ids will leave enough bits free for the nodeid. If the
2613 	 * tables become larger, we mustn't overwrite the id.
2614 	 * Equally, we only have room for so many bits of nodeid, so
2615 	 * must check that too.
2616 	 */
2617 	ASSERT(cluster_bootflags & CLUSTER_BOOTED);
2618 	ASSERT(cidp->impl_id.c_id >> CLUSTER_NODEID_SHIFT == 0);
2619 	clnodeid = clconf_get_nodeid();
2620 	ASSERT(clnodeid <= CLUSTER_MAX_NODEID);
2621 	ASSERT(clnodeid != NODEID_UNKNOWN);
2622 	cidp->impl_id.c_id |= (clnodeid << CLUSTER_NODEID_SHIFT);
2623 }
2624 
2625 static uint32_t
2626 state_hash(void *key)
2627 {
2628 	stateid_t *ip = (stateid_t *)key;
2629 
2630 	return (ip->bits.ident);
2631 }
2632 
2633 static bool_t
2634 state_compare(rfs4_entry_t u_entry, void *key)
2635 {
2636 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
2637 	stateid_t *id = (stateid_t *)key;
2638 	bool_t rc;
2639 
2640 	rc = (sp->rs_stateid.bits.boottime == id->bits.boottime &&
2641 	    sp->rs_stateid.bits.ident == id->bits.ident);
2642 
2643 	return (rc);
2644 }
2645 
2646 static void *
2647 state_mkkey(rfs4_entry_t u_entry)
2648 {
2649 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
2650 
2651 	return (&sp->rs_stateid);
2652 }
2653 
2654 static void
2655 rfs4_state_destroy(rfs4_entry_t u_entry)
2656 {
2657 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
2658 
2659 	/* remove from openowner list */
2660 	rfs4_dbe_lock(sp->rs_owner->ro_dbe);
2661 	list_remove(&sp->rs_owner->ro_statelist, sp);
2662 	rfs4_dbe_unlock(sp->rs_owner->ro_dbe);
2663 
2664 	list_destroy(&sp->rs_lostatelist);
2665 
2666 	/* release any share locks for this stateid if it's still open */
2667 	if (!sp->rs_closed) {
2668 		rfs4_dbe_lock(sp->rs_dbe);
2669 		(void) rfs4_unshare(sp);
2670 		rfs4_dbe_unlock(sp->rs_dbe);
2671 	}
2672 
2673 	/* Were done with the file */
2674 	rfs4_file_rele(sp->rs_finfo);
2675 	sp->rs_finfo = NULL;
2676 
2677 	/* And now with the openowner */
2678 	rfs4_openowner_rele(sp->rs_owner);
2679 	sp->rs_owner = NULL;
2680 }
2681 
2682 static void
2683 rfs4_state_rele_nounlock(rfs4_state_t *sp)
2684 {
2685 	rfs4_dbe_rele(sp->rs_dbe);
2686 }
2687 
2688 void
2689 rfs4_state_rele(rfs4_state_t *sp)
2690 {
2691 	rw_exit(&sp->rs_finfo->rf_file_rwlock);
2692 	rfs4_dbe_rele(sp->rs_dbe);
2693 }
2694 
2695 static uint32_t
2696 deleg_hash(void *key)
2697 {
2698 	rfs4_deleg_state_t *dsp = (rfs4_deleg_state_t *)key;
2699 
2700 	return (ADDRHASH(dsp->rds_client) ^ ADDRHASH(dsp->rds_finfo));
2701 }
2702 
2703 static bool_t
2704 deleg_compare(rfs4_entry_t u_entry, void *key)
2705 {
2706 	rfs4_deleg_state_t *dsp = (rfs4_deleg_state_t *)u_entry;
2707 	rfs4_deleg_state_t *kdsp = (rfs4_deleg_state_t *)key;
2708 
2709 	return (dsp->rds_client == kdsp->rds_client &&
2710 	    dsp->rds_finfo == kdsp->rds_finfo);
2711 }
2712 
2713 static void *
2714 deleg_mkkey(rfs4_entry_t u_entry)
2715 {
2716 	return (u_entry);
2717 }
2718 
2719 static uint32_t
2720 deleg_state_hash(void *key)
2721 {
2722 	stateid_t *ip = (stateid_t *)key;
2723 
2724 	return (ip->bits.ident);
2725 }
2726 
2727 static bool_t
2728 deleg_state_compare(rfs4_entry_t u_entry, void *key)
2729 {
2730 	rfs4_deleg_state_t *dsp = (rfs4_deleg_state_t *)u_entry;
2731 	stateid_t *id = (stateid_t *)key;
2732 	bool_t rc;
2733 
2734 	if (id->bits.type != DELEGID)
2735 		return (FALSE);
2736 
2737 	rc = (dsp->rds_delegid.bits.boottime == id->bits.boottime &&
2738 	    dsp->rds_delegid.bits.ident == id->bits.ident);
2739 
2740 	return (rc);
2741 }
2742 
2743 static void *
2744 deleg_state_mkkey(rfs4_entry_t u_entry)
2745 {
2746 	rfs4_deleg_state_t *dsp = (rfs4_deleg_state_t *)u_entry;
2747 
2748 	return (&dsp->rds_delegid);
2749 }
2750 
2751 static bool_t
2752 rfs4_deleg_state_expiry(rfs4_entry_t u_entry)
2753 {
2754 	rfs4_deleg_state_t *dsp = (rfs4_deleg_state_t *)u_entry;
2755 
2756 	if (rfs4_dbe_is_invalid(dsp->rds_dbe))
2757 		return (TRUE);
2758 
2759 	if ((gethrestime_sec() - dsp->rds_client->rc_last_access
2760 	    > rfs4_lease_time)) {
2761 		rfs4_dbe_invalidate(dsp->rds_dbe);
2762 		return (TRUE);
2763 	}
2764 
2765 	return (FALSE);
2766 }
2767 
2768 static bool_t
2769 rfs4_deleg_state_create(rfs4_entry_t u_entry, void *argp)
2770 {
2771 	rfs4_deleg_state_t *dsp = (rfs4_deleg_state_t *)u_entry;
2772 	rfs4_file_t *fp = ((rfs4_deleg_state_t *)argp)->rds_finfo;
2773 	rfs4_client_t *cp = ((rfs4_deleg_state_t *)argp)->rds_client;
2774 
2775 	rfs4_dbe_hold(fp->rf_dbe);
2776 	rfs4_dbe_hold(cp->rc_dbe);
2777 
2778 	dsp->rds_delegid = get_stateid(rfs4_dbe_getid(dsp->rds_dbe));
2779 	dsp->rds_delegid.bits.type = DELEGID;
2780 	dsp->rds_finfo = fp;
2781 	dsp->rds_client = cp;
2782 	dsp->rds_dtype = OPEN_DELEGATE_NONE;
2783 
2784 	dsp->rds_time_granted = gethrestime_sec();	/* observability */
2785 	dsp->rds_time_revoked = 0;
2786 
2787 	list_link_init(&dsp->rds_node);
2788 
2789 	return (TRUE);
2790 }
2791 
2792 static void
2793 rfs4_deleg_state_destroy(rfs4_entry_t u_entry)
2794 {
2795 	rfs4_deleg_state_t *dsp = (rfs4_deleg_state_t *)u_entry;
2796 
2797 	/* return delegation if necessary */
2798 	rfs4_return_deleg(dsp, FALSE);
2799 
2800 	/* Were done with the file */
2801 	rfs4_file_rele(dsp->rds_finfo);
2802 	dsp->rds_finfo = NULL;
2803 
2804 	/* And now with the openowner */
2805 	rfs4_client_rele(dsp->rds_client);
2806 	dsp->rds_client = NULL;
2807 }
2808 
2809 rfs4_deleg_state_t *
2810 rfs4_finddeleg(rfs4_state_t *sp, bool_t *create)
2811 {
2812 	rfs4_deleg_state_t ds, *dsp;
2813 
2814 	ds.rds_client = sp->rs_owner->ro_client;
2815 	ds.rds_finfo = sp->rs_finfo;
2816 
2817 	dsp = (rfs4_deleg_state_t *)rfs4_dbsearch(rfs4_deleg_idx, &ds,
2818 	    create, &ds, RFS4_DBS_VALID);
2819 
2820 	return (dsp);
2821 }
2822 
2823 rfs4_deleg_state_t *
2824 rfs4_finddelegstate(stateid_t *id)
2825 {
2826 	rfs4_deleg_state_t *dsp;
2827 	bool_t create = FALSE;
2828 
2829 	dsp = (rfs4_deleg_state_t *)rfs4_dbsearch(rfs4_deleg_state_idx, id,
2830 	    &create, NULL, RFS4_DBS_VALID);
2831 
2832 	return (dsp);
2833 }
2834 
2835 void
2836 rfs4_deleg_state_rele(rfs4_deleg_state_t *dsp)
2837 {
2838 	rfs4_dbe_rele(dsp->rds_dbe);
2839 }
2840 
2841 void
2842 rfs4_update_lock_sequence(rfs4_lo_state_t *lsp)
2843 {
2844 
2845 	rfs4_dbe_lock(lsp->rls_dbe);
2846 
2847 	/*
2848 	 * If we are skipping sequence id checking, this means that
2849 	 * this is the first lock request and therefore the sequence
2850 	 * id does not need to be updated.  This only happens on the
2851 	 * first lock request for a lockowner
2852 	 */
2853 	if (!lsp->rls_skip_seqid_check)
2854 		lsp->rls_seqid++;
2855 
2856 	rfs4_dbe_unlock(lsp->rls_dbe);
2857 }
2858 
2859 void
2860 rfs4_update_lock_resp(rfs4_lo_state_t *lsp, nfs_resop4 *resp)
2861 {
2862 
2863 	rfs4_dbe_lock(lsp->rls_dbe);
2864 
2865 	rfs4_free_reply(&lsp->rls_reply);
2866 
2867 	rfs4_copy_reply(&lsp->rls_reply, resp);
2868 
2869 	rfs4_dbe_unlock(lsp->rls_dbe);
2870 }
2871 
2872 void
2873 rfs4_free_opens(rfs4_openowner_t *oo, bool_t invalidate,
2874     bool_t close_of_client)
2875 {
2876 	rfs4_state_t *sp;
2877 
2878 	rfs4_dbe_lock(oo->ro_dbe);
2879 
2880 	for (sp = list_head(&oo->ro_statelist); sp != NULL;
2881 	    sp = list_next(&oo->ro_statelist, sp)) {
2882 		rfs4_state_close(sp, FALSE, close_of_client, CRED());
2883 		if (invalidate == TRUE)
2884 			rfs4_dbe_invalidate(sp->rs_dbe);
2885 	}
2886 
2887 	rfs4_dbe_invalidate(oo->ro_dbe);
2888 	rfs4_dbe_unlock(oo->ro_dbe);
2889 }
2890 
2891 static uint32_t
2892 state_owner_file_hash(void *key)
2893 {
2894 	rfs4_state_t *sp = key;
2895 
2896 	return (ADDRHASH(sp->rs_owner) ^ ADDRHASH(sp->rs_finfo));
2897 }
2898 
2899 static bool_t
2900 state_owner_file_compare(rfs4_entry_t u_entry, void *key)
2901 {
2902 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
2903 	rfs4_state_t *arg = key;
2904 
2905 	if (sp->rs_closed == TRUE)
2906 		return (FALSE);
2907 
2908 	return (arg->rs_owner == sp->rs_owner && arg->rs_finfo == sp->rs_finfo);
2909 }
2910 
2911 static void *
2912 state_owner_file_mkkey(rfs4_entry_t u_entry)
2913 {
2914 	return (u_entry);
2915 }
2916 
2917 static uint32_t
2918 state_file_hash(void *key)
2919 {
2920 	return (ADDRHASH(key));
2921 }
2922 
2923 static bool_t
2924 state_file_compare(rfs4_entry_t u_entry, void *key)
2925 {
2926 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
2927 	rfs4_file_t *fp = key;
2928 
2929 	if (sp->rs_closed == TRUE)
2930 		return (FALSE);
2931 
2932 	return (fp == sp->rs_finfo);
2933 }
2934 
2935 static void *
2936 state_file_mkkey(rfs4_entry_t u_entry)
2937 {
2938 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
2939 
2940 	return (sp->rs_finfo);
2941 }
2942 
2943 rfs4_state_t *
2944 rfs4_findstate_by_owner_file(rfs4_openowner_t *oo, rfs4_file_t *fp,
2945 	bool_t *create)
2946 {
2947 	rfs4_state_t *sp;
2948 	rfs4_state_t key;
2949 
2950 	key.rs_owner = oo;
2951 	key.rs_finfo = fp;
2952 
2953 	sp = (rfs4_state_t *)rfs4_dbsearch(rfs4_state_owner_file_idx, &key,
2954 	    create, &key, RFS4_DBS_VALID);
2955 
2956 	return (sp);
2957 }
2958 
2959 /* This returns ANY state struct that refers to this file */
2960 static rfs4_state_t *
2961 rfs4_findstate_by_file(rfs4_file_t *fp)
2962 {
2963 	bool_t create = FALSE;
2964 
2965 	return ((rfs4_state_t *)rfs4_dbsearch(rfs4_state_file_idx, fp,
2966 	    &create, fp, RFS4_DBS_VALID));
2967 }
2968 
2969 static bool_t
2970 rfs4_state_expiry(rfs4_entry_t u_entry)
2971 {
2972 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
2973 
2974 	if (rfs4_dbe_is_invalid(sp->rs_dbe))
2975 		return (TRUE);
2976 
2977 	if (sp->rs_closed == TRUE &&
2978 	    ((gethrestime_sec() - rfs4_dbe_get_timerele(sp->rs_dbe))
2979 	    > rfs4_lease_time))
2980 		return (TRUE);
2981 
2982 	return ((gethrestime_sec() - sp->rs_owner->ro_client->rc_last_access
2983 	    > rfs4_lease_time));
2984 }
2985 
2986 static bool_t
2987 rfs4_state_create(rfs4_entry_t u_entry, void *argp)
2988 {
2989 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
2990 	rfs4_file_t *fp = ((rfs4_state_t *)argp)->rs_finfo;
2991 	rfs4_openowner_t *oo = ((rfs4_state_t *)argp)->rs_owner;
2992 
2993 	rfs4_dbe_hold(fp->rf_dbe);
2994 	rfs4_dbe_hold(oo->ro_dbe);
2995 	sp->rs_stateid = get_stateid(rfs4_dbe_getid(sp->rs_dbe));
2996 	sp->rs_stateid.bits.type = OPENID;
2997 	sp->rs_owner = oo;
2998 	sp->rs_finfo = fp;
2999 
3000 	list_create(&sp->rs_lostatelist, sizeof (rfs4_lo_state_t),
3001 	    offsetof(rfs4_lo_state_t, rls_node));
3002 
3003 	/* Insert state on per open owner's list */
3004 	rfs4_dbe_lock(oo->ro_dbe);
3005 	list_insert_tail(&oo->ro_statelist, sp);
3006 	rfs4_dbe_unlock(oo->ro_dbe);
3007 
3008 	return (TRUE);
3009 }
3010 
3011 static rfs4_state_t *
3012 rfs4_findstate(stateid_t *id, rfs4_dbsearch_type_t find_invalid, bool_t lock_fp)
3013 {
3014 	rfs4_state_t *sp;
3015 	bool_t create = FALSE;
3016 
3017 	sp = (rfs4_state_t *)rfs4_dbsearch(rfs4_state_idx, id,
3018 	    &create, NULL, find_invalid);
3019 	if (lock_fp == TRUE && sp != NULL)
3020 		rw_enter(&sp->rs_finfo->rf_file_rwlock, RW_READER);
3021 
3022 	return (sp);
3023 }
3024 
3025 void
3026 rfs4_state_close(rfs4_state_t *sp, bool_t lock_held, bool_t close_of_client,
3027     cred_t *cr)
3028 {
3029 	/* Remove the associated lo_state owners */
3030 	if (!lock_held)
3031 		rfs4_dbe_lock(sp->rs_dbe);
3032 
3033 	/*
3034 	 * If refcnt == 0, the dbe is about to be destroyed.
3035 	 * lock state will be released by the reaper thread.
3036 	 */
3037 
3038 	if (rfs4_dbe_refcnt(sp->rs_dbe) > 0) {
3039 		if (sp->rs_closed == FALSE) {
3040 			rfs4_release_share_lock_state(sp, cr, close_of_client);
3041 			sp->rs_closed = TRUE;
3042 		}
3043 	}
3044 
3045 	if (!lock_held)
3046 		rfs4_dbe_unlock(sp->rs_dbe);
3047 }
3048 
3049 /*
3050  * Remove all state associated with the given client.
3051  */
3052 void
3053 rfs4_client_state_remove(rfs4_client_t *cp)
3054 {
3055 	rfs4_openowner_t *oo;
3056 
3057 	rfs4_dbe_lock(cp->rc_dbe);
3058 
3059 	for (oo = list_head(&cp->rc_openownerlist); oo != NULL;
3060 	    oo = list_next(&cp->rc_openownerlist, oo)) {
3061 		rfs4_free_opens(oo, TRUE, TRUE);
3062 	}
3063 
3064 	rfs4_dbe_unlock(cp->rc_dbe);
3065 }
3066 
3067 void
3068 rfs4_client_close(rfs4_client_t *cp)
3069 {
3070 	/* Mark client as going away. */
3071 	rfs4_dbe_lock(cp->rc_dbe);
3072 	rfs4_dbe_invalidate(cp->rc_dbe);
3073 	rfs4_dbe_unlock(cp->rc_dbe);
3074 
3075 	rfs4_client_state_remove(cp);
3076 
3077 	/* Release the client */
3078 	rfs4_client_rele(cp);
3079 }
3080 
3081 nfsstat4
3082 rfs4_check_clientid(clientid4 *cp, int setclid_confirm)
3083 {
3084 	cid *cidp = (cid *) cp;
3085 
3086 	/*
3087 	 * If we are booted as a cluster node, check the embedded nodeid.
3088 	 * If it indicates that this clientid was generated on another node,
3089 	 * inform the client accordingly.
3090 	 */
3091 	if (cluster_bootflags & CLUSTER_BOOTED && foreign_clientid(cidp))
3092 		return (NFS4ERR_STALE_CLIENTID);
3093 
3094 	/*
3095 	 * If the server start time matches the time provided
3096 	 * by the client (via the clientid) and this is NOT a
3097 	 * setclientid_confirm then return EXPIRED.
3098 	 */
3099 	if (!setclid_confirm && cidp->impl_id.start_time == rfs4_start_time)
3100 		return (NFS4ERR_EXPIRED);
3101 
3102 	return (NFS4ERR_STALE_CLIENTID);
3103 }
3104 
3105 /*
3106  * This is used when a stateid has not been found amongst the
3107  * current server's state.  Check the stateid to see if it
3108  * was from this server instantiation or not.
3109  */
3110 static nfsstat4
3111 what_stateid_error(stateid_t *id, stateid_type_t type)
3112 {
3113 	/* If we are booted as a cluster node, was stateid locally generated? */
3114 	if ((cluster_bootflags & CLUSTER_BOOTED) && foreign_stateid(id))
3115 		return (NFS4ERR_STALE_STATEID);
3116 
3117 	/* If types don't match then no use checking further */
3118 	if (type != id->bits.type)
3119 		return (NFS4ERR_BAD_STATEID);
3120 
3121 	/* From a previous server instantiation, return STALE */
3122 	if (id->bits.boottime < rfs4_start_time)
3123 		return (NFS4ERR_STALE_STATEID);
3124 
3125 	/*
3126 	 * From this server but the state is most likely beyond lease
3127 	 * timeout: return NFS4ERR_EXPIRED.  However, there is the
3128 	 * case of a delegation stateid.  For delegations, there is a
3129 	 * case where the state can be removed without the client's
3130 	 * knowledge/consent: revocation.  In the case of delegation
3131 	 * revocation, the delegation state will be removed and will
3132 	 * not be found.  If the client does something like a
3133 	 * DELEGRETURN or even a READ/WRITE with a delegatoin stateid
3134 	 * that has been revoked, the server should return BAD_STATEID
3135 	 * instead of the more common EXPIRED error.
3136 	 */
3137 	if (id->bits.boottime == rfs4_start_time) {
3138 		if (type == DELEGID)
3139 			return (NFS4ERR_BAD_STATEID);
3140 		else
3141 			return (NFS4ERR_EXPIRED);
3142 	}
3143 
3144 	return (NFS4ERR_BAD_STATEID);
3145 }
3146 
3147 /*
3148  * Used later on to find the various state structs.  When called from
3149  * rfs4_check_stateid()->rfs4_get_all_state(), no file struct lock is
3150  * taken (it is not needed) and helps on the read/write path with
3151  * respect to performance.
3152  */
3153 static nfsstat4
3154 rfs4_get_state_lockit(stateid4 *stateid, rfs4_state_t **spp,
3155     rfs4_dbsearch_type_t find_invalid, bool_t lock_fp)
3156 {
3157 	stateid_t *id = (stateid_t *)stateid;
3158 	rfs4_state_t *sp;
3159 
3160 	*spp = NULL;
3161 
3162 	/* If we are booted as a cluster node, was stateid locally generated? */
3163 	if ((cluster_bootflags & CLUSTER_BOOTED) && foreign_stateid(id))
3164 		return (NFS4ERR_STALE_STATEID);
3165 
3166 	sp = rfs4_findstate(id, find_invalid, lock_fp);
3167 	if (sp == NULL) {
3168 		return (what_stateid_error(id, OPENID));
3169 	}
3170 
3171 	if (rfs4_lease_expired(sp->rs_owner->ro_client)) {
3172 		if (lock_fp == TRUE)
3173 			rfs4_state_rele(sp);
3174 		else
3175 			rfs4_state_rele_nounlock(sp);
3176 		return (NFS4ERR_EXPIRED);
3177 	}
3178 
3179 	*spp = sp;
3180 
3181 	return (NFS4_OK);
3182 }
3183 
3184 nfsstat4
3185 rfs4_get_state(stateid4 *stateid, rfs4_state_t **spp,
3186     rfs4_dbsearch_type_t find_invalid)
3187 {
3188 	return (rfs4_get_state_lockit(stateid, spp, find_invalid, TRUE));
3189 }
3190 
3191 int
3192 rfs4_check_stateid_seqid(rfs4_state_t *sp, stateid4 *stateid)
3193 {
3194 	stateid_t *id = (stateid_t *)stateid;
3195 
3196 	if (rfs4_lease_expired(sp->rs_owner->ro_client))
3197 		return (NFS4_CHECK_STATEID_EXPIRED);
3198 
3199 	/* Stateid is some time in the future - that's bad */
3200 	if (sp->rs_stateid.bits.chgseq < id->bits.chgseq)
3201 		return (NFS4_CHECK_STATEID_BAD);
3202 
3203 	if (sp->rs_stateid.bits.chgseq == id->bits.chgseq + 1)
3204 		return (NFS4_CHECK_STATEID_REPLAY);
3205 
3206 	/* Stateid is some time in the past - that's old */
3207 	if (sp->rs_stateid.bits.chgseq > id->bits.chgseq)
3208 		return (NFS4_CHECK_STATEID_OLD);
3209 
3210 	/* Caller needs to know about confirmation before closure */
3211 	if (sp->rs_owner->ro_need_confirm)
3212 		return (NFS4_CHECK_STATEID_UNCONFIRMED);
3213 
3214 	if (sp->rs_closed == TRUE)
3215 		return (NFS4_CHECK_STATEID_CLOSED);
3216 
3217 	return (NFS4_CHECK_STATEID_OKAY);
3218 }
3219 
3220 int
3221 rfs4_check_lo_stateid_seqid(rfs4_lo_state_t *lsp, stateid4 *stateid)
3222 {
3223 	stateid_t *id = (stateid_t *)stateid;
3224 
3225 	if (rfs4_lease_expired(lsp->rls_state->rs_owner->ro_client))
3226 		return (NFS4_CHECK_STATEID_EXPIRED);
3227 
3228 	/* Stateid is some time in the future - that's bad */
3229 	if (lsp->rls_lockid.bits.chgseq < id->bits.chgseq)
3230 		return (NFS4_CHECK_STATEID_BAD);
3231 
3232 	if (lsp->rls_lockid.bits.chgseq == id->bits.chgseq + 1)
3233 		return (NFS4_CHECK_STATEID_REPLAY);
3234 
3235 	/* Stateid is some time in the past - that's old */
3236 	if (lsp->rls_lockid.bits.chgseq > id->bits.chgseq)
3237 		return (NFS4_CHECK_STATEID_OLD);
3238 
3239 	if (lsp->rls_state->rs_closed == TRUE)
3240 		return (NFS4_CHECK_STATEID_CLOSED);
3241 
3242 	return (NFS4_CHECK_STATEID_OKAY);
3243 }
3244 
3245 nfsstat4
3246 rfs4_get_deleg_state(stateid4 *stateid, rfs4_deleg_state_t **dspp)
3247 {
3248 	stateid_t *id = (stateid_t *)stateid;
3249 	rfs4_deleg_state_t *dsp;
3250 
3251 	*dspp = NULL;
3252 
3253 	/* If we are booted as a cluster node, was stateid locally generated? */
3254 	if ((cluster_bootflags & CLUSTER_BOOTED) && foreign_stateid(id))
3255 		return (NFS4ERR_STALE_STATEID);
3256 
3257 	dsp = rfs4_finddelegstate(id);
3258 	if (dsp == NULL) {
3259 		return (what_stateid_error(id, DELEGID));
3260 	}
3261 
3262 	if (rfs4_lease_expired(dsp->rds_client)) {
3263 		rfs4_deleg_state_rele(dsp);
3264 		return (NFS4ERR_EXPIRED);
3265 	}
3266 
3267 	*dspp = dsp;
3268 
3269 	return (NFS4_OK);
3270 }
3271 
3272 nfsstat4
3273 rfs4_get_lo_state(stateid4 *stateid, rfs4_lo_state_t **lspp, bool_t lock_fp)
3274 {
3275 	stateid_t *id = (stateid_t *)stateid;
3276 	rfs4_lo_state_t *lsp;
3277 
3278 	*lspp = NULL;
3279 
3280 	/* If we are booted as a cluster node, was stateid locally generated? */
3281 	if ((cluster_bootflags & CLUSTER_BOOTED) && foreign_stateid(id))
3282 		return (NFS4ERR_STALE_STATEID);
3283 
3284 	lsp = rfs4_findlo_state(id, lock_fp);
3285 	if (lsp == NULL) {
3286 		return (what_stateid_error(id, LOCKID));
3287 	}
3288 
3289 	if (rfs4_lease_expired(lsp->rls_state->rs_owner->ro_client)) {
3290 		rfs4_lo_state_rele(lsp, lock_fp);
3291 		return (NFS4ERR_EXPIRED);
3292 	}
3293 
3294 	*lspp = lsp;
3295 
3296 	return (NFS4_OK);
3297 }
3298 
3299 static nfsstat4
3300 rfs4_get_all_state(stateid4 *sid, rfs4_state_t **spp,
3301     rfs4_deleg_state_t **dspp, rfs4_lo_state_t **lspp)
3302 {
3303 	rfs4_state_t *sp = NULL;
3304 	rfs4_deleg_state_t *dsp = NULL;
3305 	rfs4_lo_state_t *lsp = NULL;
3306 	stateid_t *id;
3307 	nfsstat4 status;
3308 
3309 	*spp = NULL; *dspp = NULL; *lspp = NULL;
3310 
3311 	id = (stateid_t *)sid;
3312 	switch (id->bits.type) {
3313 	case OPENID:
3314 		status = rfs4_get_state_lockit(sid, &sp, FALSE, FALSE);
3315 		break;
3316 	case DELEGID:
3317 		status = rfs4_get_deleg_state(sid, &dsp);
3318 		break;
3319 	case LOCKID:
3320 		status = rfs4_get_lo_state(sid, &lsp, FALSE);
3321 		if (status == NFS4_OK) {
3322 			sp = lsp->rls_state;
3323 			rfs4_dbe_hold(sp->rs_dbe);
3324 		}
3325 		break;
3326 	default:
3327 		status = NFS4ERR_BAD_STATEID;
3328 	}
3329 
3330 	if (status == NFS4_OK) {
3331 		*spp = sp;
3332 		*dspp = dsp;
3333 		*lspp = lsp;
3334 	}
3335 
3336 	return (status);
3337 }
3338 
3339 /*
3340  * Given the I/O mode (FREAD or FWRITE), this checks whether the
3341  * rfs4_state_t struct has access to do this operation and if so
3342  * return NFS4_OK; otherwise the proper NFSv4 error is returned.
3343  */
3344 nfsstat4
3345 rfs4_state_has_access(rfs4_state_t *sp, int mode, vnode_t *vp)
3346 {
3347 	nfsstat4 stat = NFS4_OK;
3348 	rfs4_file_t *fp;
3349 	bool_t create = FALSE;
3350 
3351 	rfs4_dbe_lock(sp->rs_dbe);
3352 	if (mode == FWRITE) {
3353 		if (!(sp->rs_share_access & OPEN4_SHARE_ACCESS_WRITE)) {
3354 			stat = NFS4ERR_OPENMODE;
3355 		}
3356 	} else if (mode == FREAD) {
3357 		if (!(sp->rs_share_access & OPEN4_SHARE_ACCESS_READ)) {
3358 			/*
3359 			 * If we have OPENed the file with DENYing access
3360 			 * to both READ and WRITE then no one else could
3361 			 * have OPENed the file, hence no conflicting READ
3362 			 * deny.  This check is merely an optimization.
3363 			 */
3364 			if (sp->rs_share_deny == OPEN4_SHARE_DENY_BOTH)
3365 				goto out;
3366 
3367 			/* Check against file struct's DENY mode */
3368 			fp = rfs4_findfile(vp, NULL, &create);
3369 			if (fp != NULL) {
3370 				int deny_read = 0;
3371 				rfs4_dbe_lock(fp->rf_dbe);
3372 				/*
3373 				 * Check if any other open owner has the file
3374 				 * OPENed with deny READ.
3375 				 */
3376 				if (sp->rs_share_deny & OPEN4_SHARE_DENY_READ)
3377 					deny_read = 1;
3378 				ASSERT(fp->rf_deny_read - deny_read >= 0);
3379 				if (fp->rf_deny_read - deny_read > 0)
3380 					stat = NFS4ERR_OPENMODE;
3381 				rfs4_dbe_unlock(fp->rf_dbe);
3382 				rfs4_file_rele(fp);
3383 			}
3384 		}
3385 	} else {
3386 		/* Illegal I/O mode */
3387 		stat = NFS4ERR_INVAL;
3388 	}
3389 out:
3390 	rfs4_dbe_unlock(sp->rs_dbe);
3391 	return (stat);
3392 }
3393 
3394 /*
3395  * Given the I/O mode (FREAD or FWRITE), the vnode, the stateid and whether
3396  * the file is being truncated, return NFS4_OK if allowed or appropriate
3397  * V4 error if not. Note NFS4ERR_DELAY will be returned and a recall on
3398  * the associated file will be done if the I/O is not consistent with any
3399  * delegation in effect on the file. Should be holding VOP_RWLOCK, either
3400  * as reader or writer as appropriate. rfs4_op_open will acquire the
3401  * VOP_RWLOCK as writer when setting up delegation. If the stateid is bad
3402  * this routine will return NFS4ERR_BAD_STATEID. In addition, through the
3403  * deleg parameter, we will return whether a write delegation is held by
3404  * the client associated with this stateid.
3405  * If the server instance associated with the relevant client is in its
3406  * grace period, return NFS4ERR_GRACE.
3407  */
3408 
3409 nfsstat4
3410 rfs4_check_stateid(int mode, vnode_t *vp,
3411     stateid4 *stateid, bool_t trunc, bool_t *deleg,
3412     bool_t do_access, caller_context_t *ct)
3413 {
3414 	rfs4_file_t *fp;
3415 	bool_t create = FALSE;
3416 	rfs4_state_t *sp;
3417 	rfs4_deleg_state_t *dsp;
3418 	rfs4_lo_state_t *lsp;
3419 	stateid_t *id = (stateid_t *)stateid;
3420 	nfsstat4 stat = NFS4_OK;
3421 
3422 	if (ct != NULL) {
3423 		ct->cc_sysid = 0;
3424 		ct->cc_pid = 0;
3425 		ct->cc_caller_id = nfs4_srv_caller_id;
3426 		ct->cc_flags = CC_DONTBLOCK;
3427 	}
3428 
3429 	if (ISSPECIAL(stateid)) {
3430 		fp = rfs4_findfile(vp, NULL, &create);
3431 		if (fp == NULL)
3432 			return (NFS4_OK);
3433 		if (fp->rf_dinfo.rd_dtype == OPEN_DELEGATE_NONE) {
3434 			rfs4_file_rele(fp);
3435 			return (NFS4_OK);
3436 		}
3437 		if (mode == FWRITE ||
3438 		    fp->rf_dinfo.rd_dtype == OPEN_DELEGATE_WRITE) {
3439 			rfs4_recall_deleg(fp, trunc, NULL);
3440 			rfs4_file_rele(fp);
3441 			return (NFS4ERR_DELAY);
3442 		}
3443 		rfs4_file_rele(fp);
3444 		return (NFS4_OK);
3445 	} else {
3446 		stat = rfs4_get_all_state(stateid, &sp, &dsp, &lsp);
3447 		if (stat != NFS4_OK)
3448 			return (stat);
3449 		if (lsp != NULL) {
3450 			/* Is associated server instance in its grace period? */
3451 			if (rfs4_clnt_in_grace(lsp->rls_locker->rl_client)) {
3452 				rfs4_lo_state_rele(lsp, FALSE);
3453 				if (sp != NULL)
3454 					rfs4_state_rele_nounlock(sp);
3455 				return (NFS4ERR_GRACE);
3456 			}
3457 			if (id->bits.type == LOCKID) {
3458 				/* Seqid in the future? - that's bad */
3459 				if (lsp->rls_lockid.bits.chgseq <
3460 				    id->bits.chgseq) {
3461 					rfs4_lo_state_rele(lsp, FALSE);
3462 					if (sp != NULL)
3463 						rfs4_state_rele_nounlock(sp);
3464 					return (NFS4ERR_BAD_STATEID);
3465 				}
3466 				/* Seqid in the past? - that's old */
3467 				if (lsp->rls_lockid.bits.chgseq >
3468 				    id->bits.chgseq) {
3469 					rfs4_lo_state_rele(lsp, FALSE);
3470 					if (sp != NULL)
3471 						rfs4_state_rele_nounlock(sp);
3472 					return (NFS4ERR_OLD_STATEID);
3473 				}
3474 				/* Ensure specified filehandle matches */
3475 				if (lsp->rls_state->rs_finfo->rf_vp != vp) {
3476 					rfs4_lo_state_rele(lsp, FALSE);
3477 					if (sp != NULL)
3478 						rfs4_state_rele_nounlock(sp);
3479 					return (NFS4ERR_BAD_STATEID);
3480 				}
3481 			}
3482 			if (ct != NULL) {
3483 				ct->cc_sysid =
3484 				    lsp->rls_locker->rl_client->rc_sysidt;
3485 				ct->cc_pid = lsp->rls_locker->rl_pid;
3486 			}
3487 			rfs4_lo_state_rele(lsp, FALSE);
3488 		}
3489 
3490 		/* Stateid provided was an "open" stateid */
3491 		if (sp != NULL) {
3492 			/* Is associated server instance in its grace period? */
3493 			if (rfs4_clnt_in_grace(sp->rs_owner->ro_client)) {
3494 				rfs4_state_rele_nounlock(sp);
3495 				return (NFS4ERR_GRACE);
3496 			}
3497 			if (id->bits.type == OPENID) {
3498 				/* Seqid in the future? - that's bad */
3499 				if (sp->rs_stateid.bits.chgseq <
3500 				    id->bits.chgseq) {
3501 					rfs4_state_rele_nounlock(sp);
3502 					return (NFS4ERR_BAD_STATEID);
3503 				}
3504 				/* Seqid in the past - that's old */
3505 				if (sp->rs_stateid.bits.chgseq >
3506 				    id->bits.chgseq) {
3507 					rfs4_state_rele_nounlock(sp);
3508 					return (NFS4ERR_OLD_STATEID);
3509 				}
3510 			}
3511 			/* Ensure specified filehandle matches */
3512 			if (sp->rs_finfo->rf_vp != vp) {
3513 				rfs4_state_rele_nounlock(sp);
3514 				return (NFS4ERR_BAD_STATEID);
3515 			}
3516 
3517 			if (sp->rs_owner->ro_need_confirm) {
3518 				rfs4_state_rele_nounlock(sp);
3519 				return (NFS4ERR_BAD_STATEID);
3520 			}
3521 
3522 			if (sp->rs_closed == TRUE) {
3523 				rfs4_state_rele_nounlock(sp);
3524 				return (NFS4ERR_OLD_STATEID);
3525 			}
3526 
3527 			if (do_access)
3528 				stat = rfs4_state_has_access(sp, mode, vp);
3529 			else
3530 				stat = NFS4_OK;
3531 
3532 			/*
3533 			 * Return whether this state has write
3534 			 * delegation if desired
3535 			 */
3536 			if (deleg && (sp->rs_finfo->rf_dinfo.rd_dtype ==
3537 			    OPEN_DELEGATE_WRITE))
3538 				*deleg = TRUE;
3539 
3540 			/*
3541 			 * We got a valid stateid, so we update the
3542 			 * lease on the client. Ideally we would like
3543 			 * to do this after the calling op succeeds,
3544 			 * but for now this will be good
3545 			 * enough. Callers of this routine are
3546 			 * currently insulated from the state stuff.
3547 			 */
3548 			rfs4_update_lease(sp->rs_owner->ro_client);
3549 
3550 			/*
3551 			 * If a delegation is present on this file and
3552 			 * this is a WRITE, then update the lastwrite
3553 			 * time to indicate that activity is present.
3554 			 */
3555 			if (sp->rs_finfo->rf_dinfo.rd_dtype ==
3556 			    OPEN_DELEGATE_WRITE &&
3557 			    mode == FWRITE) {
3558 				sp->rs_finfo->rf_dinfo.rd_time_lastwrite =
3559 				    gethrestime_sec();
3560 			}
3561 
3562 			rfs4_state_rele_nounlock(sp);
3563 
3564 			return (stat);
3565 		}
3566 
3567 		if (dsp != NULL) {
3568 			/* Is associated server instance in its grace period? */
3569 			if (rfs4_clnt_in_grace(dsp->rds_client)) {
3570 				rfs4_deleg_state_rele(dsp);
3571 				return (NFS4ERR_GRACE);
3572 			}
3573 			if (dsp->rds_delegid.bits.chgseq != id->bits.chgseq) {
3574 				rfs4_deleg_state_rele(dsp);
3575 				return (NFS4ERR_BAD_STATEID);
3576 			}
3577 
3578 			/* Ensure specified filehandle matches */
3579 			if (dsp->rds_finfo->rf_vp != vp) {
3580 				rfs4_deleg_state_rele(dsp);
3581 				return (NFS4ERR_BAD_STATEID);
3582 			}
3583 			/*
3584 			 * Return whether this state has write
3585 			 * delegation if desired
3586 			 */
3587 			if (deleg && (dsp->rds_finfo->rf_dinfo.rd_dtype ==
3588 			    OPEN_DELEGATE_WRITE))
3589 				*deleg = TRUE;
3590 
3591 			rfs4_update_lease(dsp->rds_client);
3592 
3593 			/*
3594 			 * If a delegation is present on this file and
3595 			 * this is a WRITE, then update the lastwrite
3596 			 * time to indicate that activity is present.
3597 			 */
3598 			if (dsp->rds_finfo->rf_dinfo.rd_dtype ==
3599 			    OPEN_DELEGATE_WRITE && mode == FWRITE) {
3600 				dsp->rds_finfo->rf_dinfo.rd_time_lastwrite =
3601 				    gethrestime_sec();
3602 			}
3603 
3604 			/*
3605 			 * XXX - what happens if this is a WRITE and the
3606 			 * delegation type of for READ.
3607 			 */
3608 			rfs4_deleg_state_rele(dsp);
3609 
3610 			return (stat);
3611 		}
3612 		/*
3613 		 * If we got this far, something bad happened
3614 		 */
3615 		return (NFS4ERR_BAD_STATEID);
3616 	}
3617 }
3618 
3619 
3620 /*
3621  * This is a special function in that for the file struct provided the
3622  * server wants to remove/close all current state associated with the
3623  * file.  The prime use of this would be with OP_REMOVE to force the
3624  * release of state and particularly of file locks.
3625  *
3626  * There is an assumption that there is no delegations outstanding on
3627  * this file at this point.  The caller should have waited for those
3628  * to be returned or revoked.
3629  */
3630 void
3631 rfs4_close_all_state(rfs4_file_t *fp)
3632 {
3633 	rfs4_state_t *sp;
3634 
3635 	rfs4_dbe_lock(fp->rf_dbe);
3636 
3637 #ifdef DEBUG
3638 	/* only applies when server is handing out delegations */
3639 	if (rfs4_deleg_policy != SRV_NEVER_DELEGATE)
3640 		ASSERT(fp->rf_dinfo.rd_hold_grant > 0);
3641 #endif
3642 
3643 	/* No delegations for this file */
3644 	ASSERT(list_is_empty(&fp->rf_delegstatelist));
3645 
3646 	/* Make sure that it can not be found */
3647 	rfs4_dbe_invalidate(fp->rf_dbe);
3648 
3649 	if (fp->rf_vp == NULL) {
3650 		rfs4_dbe_unlock(fp->rf_dbe);
3651 		return;
3652 	}
3653 	rfs4_dbe_unlock(fp->rf_dbe);
3654 
3655 	/*
3656 	 * Hold as writer to prevent other server threads from
3657 	 * processing requests related to the file while all state is
3658 	 * being removed.
3659 	 */
3660 	rw_enter(&fp->rf_file_rwlock, RW_WRITER);
3661 
3662 	/* Remove ALL state from the file */
3663 	while (sp = rfs4_findstate_by_file(fp)) {
3664 		rfs4_state_close(sp, FALSE, FALSE, CRED());
3665 		rfs4_state_rele_nounlock(sp);
3666 	}
3667 
3668 	/*
3669 	 * This is only safe since there are no further references to
3670 	 * the file.
3671 	 */
3672 	rfs4_dbe_lock(fp->rf_dbe);
3673 	if (fp->rf_vp) {
3674 		vnode_t *vp = fp->rf_vp;
3675 
3676 		mutex_enter(&vp->v_vsd_lock);
3677 		(void) vsd_set(vp, nfs4_srv_vkey, NULL);
3678 		mutex_exit(&vp->v_vsd_lock);
3679 		VN_RELE(vp);
3680 		fp->rf_vp = NULL;
3681 	}
3682 	rfs4_dbe_unlock(fp->rf_dbe);
3683 
3684 	/* Finally let other references to proceed */
3685 	rw_exit(&fp->rf_file_rwlock);
3686 }
3687 
3688 /*
3689  * This function is used as a target for the rfs4_dbe_walk() call
3690  * below.  The purpose of this function is to see if the
3691  * lockowner_state refers to a file that resides within the exportinfo
3692  * export.  If so, then remove the lock_owner state (file locks and
3693  * share "locks") for this object since the intent is the server is
3694  * unexporting the specified directory.  Be sure to invalidate the
3695  * object after the state has been released
3696  */
3697 static void
3698 rfs4_lo_state_walk_callout(rfs4_entry_t u_entry, void *e)
3699 {
3700 	rfs4_lo_state_t *lsp = (rfs4_lo_state_t *)u_entry;
3701 	struct exportinfo *exi = (struct exportinfo *)e;
3702 	nfs_fh4_fmt_t   fhfmt4, *exi_fhp, *finfo_fhp;
3703 	fhandle_t *efhp;
3704 
3705 	efhp = (fhandle_t *)&exi->exi_fh;
3706 	exi_fhp = (nfs_fh4_fmt_t *)&fhfmt4;
3707 
3708 	FH_TO_FMT4(efhp, exi_fhp);
3709 
3710 	finfo_fhp = (nfs_fh4_fmt_t *)lsp->rls_state->rs_finfo->
3711 	    rf_filehandle.nfs_fh4_val;
3712 
3713 	if (EQFSID(&finfo_fhp->fh4_fsid, &exi_fhp->fh4_fsid) &&
3714 	    bcmp(&finfo_fhp->fh4_xdata, &exi_fhp->fh4_xdata,
3715 	    exi_fhp->fh4_xlen) == 0) {
3716 		rfs4_state_close(lsp->rls_state, FALSE, FALSE, CRED());
3717 		rfs4_dbe_invalidate(lsp->rls_dbe);
3718 		rfs4_dbe_invalidate(lsp->rls_state->rs_dbe);
3719 	}
3720 }
3721 
3722 /*
3723  * This function is used as a target for the rfs4_dbe_walk() call
3724  * below.  The purpose of this function is to see if the state refers
3725  * to a file that resides within the exportinfo export.  If so, then
3726  * remove the open state for this object since the intent is the
3727  * server is unexporting the specified directory.  The main result for
3728  * this type of entry is to invalidate it such it will not be found in
3729  * the future.
3730  */
3731 static void
3732 rfs4_state_walk_callout(rfs4_entry_t u_entry, void *e)
3733 {
3734 	rfs4_state_t *sp = (rfs4_state_t *)u_entry;
3735 	struct exportinfo *exi = (struct exportinfo *)e;
3736 	nfs_fh4_fmt_t   fhfmt4, *exi_fhp, *finfo_fhp;
3737 	fhandle_t *efhp;
3738 
3739 	efhp = (fhandle_t *)&exi->exi_fh;
3740 	exi_fhp = (nfs_fh4_fmt_t *)&fhfmt4;
3741 
3742 	FH_TO_FMT4(efhp, exi_fhp);
3743 
3744 	finfo_fhp =
3745 	    (nfs_fh4_fmt_t *)sp->rs_finfo->rf_filehandle.nfs_fh4_val;
3746 
3747 	if (EQFSID(&finfo_fhp->fh4_fsid, &exi_fhp->fh4_fsid) &&
3748 	    bcmp(&finfo_fhp->fh4_xdata, &exi_fhp->fh4_xdata,
3749 	    exi_fhp->fh4_xlen) == 0) {
3750 		rfs4_state_close(sp, TRUE, FALSE, CRED());
3751 		rfs4_dbe_invalidate(sp->rs_dbe);
3752 	}
3753 }
3754 
3755 /*
3756  * This function is used as a target for the rfs4_dbe_walk() call
3757  * below.  The purpose of this function is to see if the state refers
3758  * to a file that resides within the exportinfo export.  If so, then
3759  * remove the deleg state for this object since the intent is the
3760  * server is unexporting the specified directory.  The main result for
3761  * this type of entry is to invalidate it such it will not be found in
3762  * the future.
3763  */
3764 static void
3765 rfs4_deleg_state_walk_callout(rfs4_entry_t u_entry, void *e)
3766 {
3767 	rfs4_deleg_state_t *dsp = (rfs4_deleg_state_t *)u_entry;
3768 	struct exportinfo *exi = (struct exportinfo *)e;
3769 	nfs_fh4_fmt_t   fhfmt4, *exi_fhp, *finfo_fhp;
3770 	fhandle_t *efhp;
3771 
3772 	efhp = (fhandle_t *)&exi->exi_fh;
3773 	exi_fhp = (nfs_fh4_fmt_t *)&fhfmt4;
3774 
3775 	FH_TO_FMT4(efhp, exi_fhp);
3776 
3777 	finfo_fhp =
3778 	    (nfs_fh4_fmt_t *)dsp->rds_finfo->rf_filehandle.nfs_fh4_val;
3779 
3780 	if (EQFSID(&finfo_fhp->fh4_fsid, &exi_fhp->fh4_fsid) &&
3781 	    bcmp(&finfo_fhp->fh4_xdata, &exi_fhp->fh4_xdata,
3782 	    exi_fhp->fh4_xlen) == 0) {
3783 		rfs4_dbe_invalidate(dsp->rds_dbe);
3784 	}
3785 }
3786 
3787 /*
3788  * This function is used as a target for the rfs4_dbe_walk() call
3789  * below.  The purpose of this function is to see if the state refers
3790  * to a file that resides within the exportinfo export.  If so, then
3791  * release vnode hold for this object since the intent is the server
3792  * is unexporting the specified directory.  Invalidation will prevent
3793  * this struct from being found in the future.
3794  */
3795 static void
3796 rfs4_file_walk_callout(rfs4_entry_t u_entry, void *e)
3797 {
3798 	rfs4_file_t *fp = (rfs4_file_t *)u_entry;
3799 	struct exportinfo *exi = (struct exportinfo *)e;
3800 	nfs_fh4_fmt_t   fhfmt4, *exi_fhp, *finfo_fhp;
3801 	fhandle_t *efhp;
3802 
3803 	efhp = (fhandle_t *)&exi->exi_fh;
3804 	exi_fhp = (nfs_fh4_fmt_t *)&fhfmt4;
3805 
3806 	FH_TO_FMT4(efhp, exi_fhp);
3807 
3808 	finfo_fhp = (nfs_fh4_fmt_t *)fp->rf_filehandle.nfs_fh4_val;
3809 
3810 	if (EQFSID(&finfo_fhp->fh4_fsid, &exi_fhp->fh4_fsid) &&
3811 	    bcmp(&finfo_fhp->fh4_xdata, &exi_fhp->fh4_xdata,
3812 	    exi_fhp->fh4_xlen) == 0) {
3813 		if (fp->rf_vp) {
3814 			vnode_t *vp = fp->rf_vp;
3815 
3816 			/*
3817 			 * don't leak monitors and remove the reference
3818 			 * put on the vnode when the delegation was granted.
3819 			 */
3820 			if (fp->rf_dinfo.rd_dtype == OPEN_DELEGATE_READ) {
3821 				(void) fem_uninstall(vp, deleg_rdops,
3822 				    (void *)fp);
3823 				vn_open_downgrade(vp, FREAD);
3824 			} else if (fp->rf_dinfo.rd_dtype ==
3825 			    OPEN_DELEGATE_WRITE) {
3826 				(void) fem_uninstall(vp, deleg_wrops,
3827 				    (void *)fp);
3828 				vn_open_downgrade(vp, FREAD|FWRITE);
3829 			}
3830 			mutex_enter(&vp->v_vsd_lock);
3831 			(void) vsd_set(vp, nfs4_srv_vkey, NULL);
3832 			mutex_exit(&vp->v_vsd_lock);
3833 			VN_RELE(vp);
3834 			fp->rf_vp = NULL;
3835 		}
3836 		rfs4_dbe_invalidate(fp->rf_dbe);
3837 	}
3838 }
3839 
3840 /*
3841  * Given a directory that is being unexported, cleanup/release all
3842  * state in the server that refers to objects residing underneath this
3843  * particular export.  The ordering of the release is important.
3844  * Lock_owner, then state and then file.
3845  */
3846 void
3847 rfs4_clean_state_exi(struct exportinfo *exi)
3848 {
3849 	mutex_enter(&rfs4_state_lock);
3850 
3851 	if (rfs4_server_state == NULL) {
3852 		mutex_exit(&rfs4_state_lock);
3853 		return;
3854 	}
3855 
3856 	rfs4_dbe_walk(rfs4_lo_state_tab, rfs4_lo_state_walk_callout, exi);
3857 	rfs4_dbe_walk(rfs4_state_tab, rfs4_state_walk_callout, exi);
3858 	rfs4_dbe_walk(rfs4_deleg_state_tab, rfs4_deleg_state_walk_callout, exi);
3859 	rfs4_dbe_walk(rfs4_file_tab, rfs4_file_walk_callout, exi);
3860 
3861 	mutex_exit(&rfs4_state_lock);
3862 }
3863