xref: /titanic_41/usr/src/uts/common/fs/nfs/nfs_vnops.c (revision 22337b4b3c8a2b9db615e524e0e9e1fbd3dc71bf)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  *	Copyright (c) 1983,1984,1985,1986,1987,1988,1989 AT&T.
26  *	All rights reserved.
27  */
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #include <sys/param.h>
32 #include <sys/types.h>
33 #include <sys/systm.h>
34 #include <sys/cred.h>
35 #include <sys/time.h>
36 #include <sys/vnode.h>
37 #include <sys/vfs.h>
38 #include <sys/vfs_opreg.h>
39 #include <sys/file.h>
40 #include <sys/filio.h>
41 #include <sys/uio.h>
42 #include <sys/buf.h>
43 #include <sys/mman.h>
44 #include <sys/pathname.h>
45 #include <sys/dirent.h>
46 #include <sys/debug.h>
47 #include <sys/vmsystm.h>
48 #include <sys/fcntl.h>
49 #include <sys/flock.h>
50 #include <sys/swap.h>
51 #include <sys/errno.h>
52 #include <sys/strsubr.h>
53 #include <sys/sysmacros.h>
54 #include <sys/kmem.h>
55 #include <sys/cmn_err.h>
56 #include <sys/pathconf.h>
57 #include <sys/utsname.h>
58 #include <sys/dnlc.h>
59 #include <sys/acl.h>
60 #include <sys/atomic.h>
61 #include <sys/policy.h>
62 #include <sys/sdt.h>
63 
64 #include <rpc/types.h>
65 #include <rpc/auth.h>
66 #include <rpc/clnt.h>
67 
68 #include <nfs/nfs.h>
69 #include <nfs/nfs_clnt.h>
70 #include <nfs/rnode.h>
71 #include <nfs/nfs_acl.h>
72 #include <nfs/lm.h>
73 
74 #include <vm/hat.h>
75 #include <vm/as.h>
76 #include <vm/page.h>
77 #include <vm/pvn.h>
78 #include <vm/seg.h>
79 #include <vm/seg_map.h>
80 #include <vm/seg_kpm.h>
81 #include <vm/seg_vn.h>
82 
83 #include <fs/fs_subr.h>
84 
85 #include <sys/ddi.h>
86 
87 static int	nfs_rdwrlbn(vnode_t *, page_t *, u_offset_t, size_t, int,
88 			cred_t *);
89 static int	nfswrite(vnode_t *, caddr_t, uint_t, int, cred_t *);
90 static int	nfsread(vnode_t *, caddr_t, uint_t, int, size_t *, cred_t *);
91 static int	nfssetattr(vnode_t *, struct vattr *, int, cred_t *);
92 static int	nfslookup_dnlc(vnode_t *, char *, vnode_t **, cred_t *);
93 static int	nfslookup_otw(vnode_t *, char *, vnode_t **, cred_t *, int);
94 static int	nfsrename(vnode_t *, char *, vnode_t *, char *, cred_t *,
95 			caller_context_t *);
96 static int	nfsreaddir(vnode_t *, rddir_cache *, cred_t *);
97 static int	nfs_bio(struct buf *, cred_t *);
98 static int	nfs_getapage(vnode_t *, u_offset_t, size_t, uint_t *,
99 			page_t *[], size_t, struct seg *, caddr_t,
100 			enum seg_rw, cred_t *);
101 static void	nfs_readahead(vnode_t *, u_offset_t, caddr_t, struct seg *,
102 			cred_t *);
103 static int	nfs_sync_putapage(vnode_t *, page_t *, u_offset_t, size_t,
104 			int, cred_t *);
105 static int	nfs_sync_pageio(vnode_t *, page_t *, u_offset_t, size_t,
106 			int, cred_t *);
107 static void	nfs_delmap_callback(struct as *, void *, uint_t);
108 
109 /*
110  * Error flags used to pass information about certain special errors
111  * which need to be handled specially.
112  */
113 #define	NFS_EOF			-98
114 
115 /*
116  * These are the vnode ops routines which implement the vnode interface to
117  * the networked file system.  These routines just take their parameters,
118  * make them look networkish by putting the right info into interface structs,
119  * and then calling the appropriate remote routine(s) to do the work.
120  *
121  * Note on directory name lookup cacheing:  If we detect a stale fhandle,
122  * we purge the directory cache relative to that vnode.  This way, the
123  * user won't get burned by the cache repeatedly.  See <nfs/rnode.h> for
124  * more details on rnode locking.
125  */
126 
127 static int	nfs_open(vnode_t **, int, cred_t *, caller_context_t *);
128 static int	nfs_close(vnode_t *, int, int, offset_t, cred_t *,
129 			caller_context_t *);
130 static int	nfs_read(vnode_t *, struct uio *, int, cred_t *,
131 			caller_context_t *);
132 static int	nfs_write(vnode_t *, struct uio *, int, cred_t *,
133 			caller_context_t *);
134 static int	nfs_ioctl(vnode_t *, int, intptr_t, int, cred_t *, int *,
135 			caller_context_t *);
136 static int	nfs_getattr(vnode_t *, struct vattr *, int, cred_t *,
137 			caller_context_t *);
138 static int	nfs_setattr(vnode_t *, struct vattr *, int, cred_t *,
139 			caller_context_t *);
140 static int	nfs_access(vnode_t *, int, int, cred_t *, caller_context_t *);
141 static int	nfs_accessx(void *, int, cred_t *);
142 static int	nfs_readlink(vnode_t *, struct uio *, cred_t *,
143 			caller_context_t *);
144 static int	nfs_fsync(vnode_t *, int, cred_t *, caller_context_t *);
145 static void	nfs_inactive(vnode_t *, cred_t *, caller_context_t *);
146 static int	nfs_lookup(vnode_t *, char *, vnode_t **, struct pathname *,
147 			int, vnode_t *, cred_t *, caller_context_t *,
148 			int *, pathname_t *);
149 static int	nfs_create(vnode_t *, char *, struct vattr *, enum vcexcl,
150 			int, vnode_t **, cred_t *, int, caller_context_t *,
151 			vsecattr_t *);
152 static int	nfs_remove(vnode_t *, char *, cred_t *, caller_context_t *,
153 			int);
154 static int	nfs_link(vnode_t *, vnode_t *, char *, cred_t *,
155 			caller_context_t *, int);
156 static int	nfs_rename(vnode_t *, char *, vnode_t *, char *, cred_t *,
157 			caller_context_t *, int);
158 static int	nfs_mkdir(vnode_t *, char *, struct vattr *, vnode_t **,
159 			cred_t *, caller_context_t *, int, vsecattr_t *);
160 static int	nfs_rmdir(vnode_t *, char *, vnode_t *, cred_t *,
161 			caller_context_t *, int);
162 static int	nfs_symlink(vnode_t *, char *, struct vattr *, char *,
163 			cred_t *, caller_context_t *, int);
164 static int	nfs_readdir(vnode_t *, struct uio *, cred_t *, int *,
165 			caller_context_t *, int);
166 static int	nfs_fid(vnode_t *, fid_t *, caller_context_t *);
167 static int	nfs_rwlock(vnode_t *, int, caller_context_t *);
168 static void	nfs_rwunlock(vnode_t *, int, caller_context_t *);
169 static int	nfs_seek(vnode_t *, offset_t, offset_t *, caller_context_t *);
170 static int	nfs_getpage(vnode_t *, offset_t, size_t, uint_t *,
171 			page_t *[], size_t, struct seg *, caddr_t,
172 			enum seg_rw, cred_t *, caller_context_t *);
173 static int	nfs_putpage(vnode_t *, offset_t, size_t, int, cred_t *,
174 			caller_context_t *);
175 static int	nfs_map(vnode_t *, offset_t, struct as *, caddr_t *, size_t,
176 			uchar_t, uchar_t, uint_t, cred_t *, caller_context_t *);
177 static int	nfs_addmap(vnode_t *, offset_t, struct as *, caddr_t, size_t,
178 			uchar_t, uchar_t, uint_t, cred_t *, caller_context_t *);
179 static int	nfs_frlock(vnode_t *, int, struct flock64 *, int, offset_t,
180 			struct flk_callback *, cred_t *, caller_context_t *);
181 static int	nfs_space(vnode_t *, int, struct flock64 *, int, offset_t,
182 			cred_t *, caller_context_t *);
183 static int	nfs_realvp(vnode_t *, vnode_t **, caller_context_t *);
184 static int	nfs_delmap(vnode_t *, offset_t, struct as *, caddr_t, size_t,
185 			uint_t, uint_t, uint_t, cred_t *, caller_context_t *);
186 static int	nfs_pathconf(vnode_t *, int, ulong_t *, cred_t *,
187 			caller_context_t *);
188 static int	nfs_pageio(vnode_t *, page_t *, u_offset_t, size_t, int,
189 			cred_t *, caller_context_t *);
190 static int	nfs_setsecattr(vnode_t *, vsecattr_t *, int, cred_t *,
191 			caller_context_t *);
192 static int	nfs_getsecattr(vnode_t *, vsecattr_t *, int, cred_t *,
193 			caller_context_t *);
194 static int	nfs_shrlock(vnode_t *, int, struct shrlock *, int, cred_t *,
195 			caller_context_t *);
196 
197 struct vnodeops *nfs_vnodeops;
198 
199 const fs_operation_def_t nfs_vnodeops_template[] = {
200 	VOPNAME_OPEN,		{ .vop_open = nfs_open },
201 	VOPNAME_CLOSE,		{ .vop_close = nfs_close },
202 	VOPNAME_READ,		{ .vop_read = nfs_read },
203 	VOPNAME_WRITE,		{ .vop_write = nfs_write },
204 	VOPNAME_IOCTL,		{ .vop_ioctl = nfs_ioctl },
205 	VOPNAME_GETATTR,	{ .vop_getattr = nfs_getattr },
206 	VOPNAME_SETATTR,	{ .vop_setattr = nfs_setattr },
207 	VOPNAME_ACCESS,		{ .vop_access = nfs_access },
208 	VOPNAME_LOOKUP,		{ .vop_lookup = nfs_lookup },
209 	VOPNAME_CREATE,		{ .vop_create = nfs_create },
210 	VOPNAME_REMOVE,		{ .vop_remove = nfs_remove },
211 	VOPNAME_LINK,		{ .vop_link = nfs_link },
212 	VOPNAME_RENAME,		{ .vop_rename = nfs_rename },
213 	VOPNAME_MKDIR,		{ .vop_mkdir = nfs_mkdir },
214 	VOPNAME_RMDIR,		{ .vop_rmdir = nfs_rmdir },
215 	VOPNAME_READDIR,	{ .vop_readdir = nfs_readdir },
216 	VOPNAME_SYMLINK,	{ .vop_symlink = nfs_symlink },
217 	VOPNAME_READLINK,	{ .vop_readlink = nfs_readlink },
218 	VOPNAME_FSYNC,		{ .vop_fsync = nfs_fsync },
219 	VOPNAME_INACTIVE,	{ .vop_inactive = nfs_inactive },
220 	VOPNAME_FID,		{ .vop_fid = nfs_fid },
221 	VOPNAME_RWLOCK,		{ .vop_rwlock = nfs_rwlock },
222 	VOPNAME_RWUNLOCK,	{ .vop_rwunlock = nfs_rwunlock },
223 	VOPNAME_SEEK,		{ .vop_seek = nfs_seek },
224 	VOPNAME_FRLOCK,		{ .vop_frlock = nfs_frlock },
225 	VOPNAME_SPACE,		{ .vop_space = nfs_space },
226 	VOPNAME_REALVP,		{ .vop_realvp = nfs_realvp },
227 	VOPNAME_GETPAGE,	{ .vop_getpage = nfs_getpage },
228 	VOPNAME_PUTPAGE,	{ .vop_putpage = nfs_putpage },
229 	VOPNAME_MAP,		{ .vop_map = nfs_map },
230 	VOPNAME_ADDMAP,		{ .vop_addmap = nfs_addmap },
231 	VOPNAME_DELMAP,		{ .vop_delmap = nfs_delmap },
232 	VOPNAME_DUMP,		{ .vop_dump = nfs_dump },
233 	VOPNAME_PATHCONF,	{ .vop_pathconf = nfs_pathconf },
234 	VOPNAME_PAGEIO,		{ .vop_pageio = nfs_pageio },
235 	VOPNAME_SETSECATTR,	{ .vop_setsecattr = nfs_setsecattr },
236 	VOPNAME_GETSECATTR,	{ .vop_getsecattr = nfs_getsecattr },
237 	VOPNAME_SHRLOCK,	{ .vop_shrlock = nfs_shrlock },
238 	VOPNAME_VNEVENT, 	{ .vop_vnevent = fs_vnevent_support },
239 	NULL,			NULL
240 };
241 
242 /*
243  * XXX:  This is referenced in modstubs.s
244  */
245 struct vnodeops *
246 nfs_getvnodeops(void)
247 {
248 	return (nfs_vnodeops);
249 }
250 
251 /* ARGSUSED */
252 static int
253 nfs_open(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *ct)
254 {
255 	int error;
256 	struct vattr va;
257 	rnode_t *rp;
258 	vnode_t *vp;
259 
260 	vp = *vpp;
261 	rp = VTOR(vp);
262 	if (nfs_zone() != VTOMI(vp)->mi_zone)
263 		return (EIO);
264 	mutex_enter(&rp->r_statelock);
265 	if (rp->r_cred == NULL) {
266 		crhold(cr);
267 		rp->r_cred = cr;
268 	}
269 	mutex_exit(&rp->r_statelock);
270 
271 	/*
272 	 * If there is no cached data or if close-to-open
273 	 * consistency checking is turned off, we can avoid
274 	 * the over the wire getattr.  Otherwise, if the
275 	 * file system is mounted readonly, then just verify
276 	 * the caches are up to date using the normal mechanism.
277 	 * Else, if the file is not mmap'd, then just mark
278 	 * the attributes as timed out.  They will be refreshed
279 	 * and the caches validated prior to being used.
280 	 * Else, the file system is mounted writeable so
281 	 * force an over the wire GETATTR in order to ensure
282 	 * that all cached data is valid.
283 	 */
284 	if (vp->v_count > 1 ||
285 	    ((vn_has_cached_data(vp) || HAVE_RDDIR_CACHE(rp)) &&
286 	    !(VTOMI(vp)->mi_flags & MI_NOCTO))) {
287 		if (vn_is_readonly(vp))
288 			error = nfs_validate_caches(vp, cr);
289 		else if (rp->r_mapcnt == 0 && vp->v_count == 1) {
290 			PURGE_ATTRCACHE(vp);
291 			error = 0;
292 		} else {
293 			va.va_mask = AT_ALL;
294 			error = nfs_getattr_otw(vp, &va, cr);
295 		}
296 	} else
297 		error = 0;
298 
299 	return (error);
300 }
301 
302 /* ARGSUSED */
303 static int
304 nfs_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
305 	caller_context_t *ct)
306 {
307 	rnode_t *rp;
308 	int error;
309 	struct vattr va;
310 
311 	/*
312 	 * zone_enter(2) prevents processes from changing zones with NFS files
313 	 * open; if we happen to get here from the wrong zone we can't do
314 	 * anything over the wire.
315 	 */
316 	if (VTOMI(vp)->mi_zone != nfs_zone()) {
317 		/*
318 		 * We could attempt to clean up locks, except we're sure
319 		 * that the current process didn't acquire any locks on
320 		 * the file: any attempt to lock a file belong to another zone
321 		 * will fail, and one can't lock an NFS file and then change
322 		 * zones, as that fails too.
323 		 *
324 		 * Returning an error here is the sane thing to do.  A
325 		 * subsequent call to VN_RELE() which translates to a
326 		 * nfs_inactive() will clean up state: if the zone of the
327 		 * vnode's origin is still alive and kicking, an async worker
328 		 * thread will handle the request (from the correct zone), and
329 		 * everything (minus the final nfs_getattr_otw() call) should
330 		 * be OK. If the zone is going away nfs_async_inactive() will
331 		 * throw away cached pages inline.
332 		 */
333 		return (EIO);
334 	}
335 
336 	/*
337 	 * If we are using local locking for this filesystem, then
338 	 * release all of the SYSV style record locks.  Otherwise,
339 	 * we are doing network locking and we need to release all
340 	 * of the network locks.  All of the locks held by this
341 	 * process on this file are released no matter what the
342 	 * incoming reference count is.
343 	 */
344 	if (VTOMI(vp)->mi_flags & MI_LLOCK) {
345 		cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
346 		cleanshares(vp, ttoproc(curthread)->p_pid);
347 	} else
348 		nfs_lockrelease(vp, flag, offset, cr);
349 
350 	if (count > 1)
351 		return (0);
352 
353 	/*
354 	 * If the file has been `unlinked', then purge the
355 	 * DNLC so that this vnode will get reycled quicker
356 	 * and the .nfs* file on the server will get removed.
357 	 */
358 	rp = VTOR(vp);
359 	if (rp->r_unldvp != NULL)
360 		dnlc_purge_vp(vp);
361 
362 	/*
363 	 * If the file was open for write and there are pages,
364 	 * then if the file system was mounted using the "no-close-
365 	 *	to-open" semantics, then start an asynchronous flush
366 	 *	of the all of the pages in the file.
367 	 * else the file system was not mounted using the "no-close-
368 	 *	to-open" semantics, then do a synchronous flush and
369 	 *	commit of all of the dirty and uncommitted pages.
370 	 *
371 	 * The asynchronous flush of the pages in the "nocto" path
372 	 * mostly just associates a cred pointer with the rnode so
373 	 * writes which happen later will have a better chance of
374 	 * working.  It also starts the data being written to the
375 	 * server, but without unnecessarily delaying the application.
376 	 */
377 	if ((flag & FWRITE) && vn_has_cached_data(vp)) {
378 		if ((VTOMI(vp)->mi_flags & MI_NOCTO)) {
379 			error = nfs_putpage(vp, (offset_t)0, 0, B_ASYNC,
380 			    cr, ct);
381 			if (error == EAGAIN)
382 				error = 0;
383 		} else
384 			error = nfs_putpage(vp, (offset_t)0, 0, 0, cr, ct);
385 		if (!error) {
386 			mutex_enter(&rp->r_statelock);
387 			error = rp->r_error;
388 			rp->r_error = 0;
389 			mutex_exit(&rp->r_statelock);
390 		}
391 	} else {
392 		mutex_enter(&rp->r_statelock);
393 		error = rp->r_error;
394 		rp->r_error = 0;
395 		mutex_exit(&rp->r_statelock);
396 	}
397 
398 	/*
399 	 * If RWRITEATTR is set, then issue an over the wire GETATTR to
400 	 * refresh the attribute cache with a set of attributes which
401 	 * weren't returned from a WRITE.  This will enable the close-
402 	 * to-open processing to work.
403 	 */
404 	if (rp->r_flags & RWRITEATTR)
405 		(void) nfs_getattr_otw(vp, &va, cr);
406 
407 	return (error);
408 }
409 
410 /* ARGSUSED */
411 static int
412 nfs_read(vnode_t *vp, struct uio *uiop, int ioflag, cred_t *cr,
413 	caller_context_t *ct)
414 {
415 	rnode_t *rp;
416 	u_offset_t off;
417 	offset_t diff;
418 	int on;
419 	size_t n;
420 	caddr_t base;
421 	uint_t flags;
422 	int error;
423 	mntinfo_t *mi;
424 
425 	rp = VTOR(vp);
426 	mi = VTOMI(vp);
427 
428 	if (nfs_zone() != mi->mi_zone)
429 		return (EIO);
430 
431 	ASSERT(nfs_rw_lock_held(&rp->r_rwlock, RW_READER));
432 
433 	if (vp->v_type != VREG)
434 		return (EISDIR);
435 
436 	if (uiop->uio_resid == 0)
437 		return (0);
438 
439 	if (uiop->uio_loffset > MAXOFF32_T)
440 		return (EFBIG);
441 
442 	if (uiop->uio_loffset < 0 ||
443 	    uiop->uio_loffset + uiop->uio_resid > MAXOFF32_T)
444 		return (EINVAL);
445 
446 	/*
447 	 * Bypass VM if caching has been disabled (e.g., locking) or if
448 	 * using client-side direct I/O and the file is not mmap'd and
449 	 * there are no cached pages.
450 	 */
451 	if ((vp->v_flag & VNOCACHE) ||
452 	    (((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO)) &&
453 	    rp->r_mapcnt == 0 && !vn_has_cached_data(vp))) {
454 		size_t bufsize;
455 		size_t resid = 0;
456 
457 		/*
458 		 * Let's try to do read in as large a chunk as we can
459 		 * (Filesystem (NFS client) bsize if possible/needed).
460 		 * For V3, this is 32K and for V2, this is 8K.
461 		 */
462 		bufsize = MIN(uiop->uio_resid, VTOMI(vp)->mi_curread);
463 		base = kmem_alloc(bufsize, KM_SLEEP);
464 		do {
465 			n = MIN(uiop->uio_resid, bufsize);
466 			error = nfsread(vp, base, uiop->uio_offset, n,
467 			    &resid, cr);
468 			if (!error) {
469 				n -= resid;
470 				error = uiomove(base, n, UIO_READ, uiop);
471 			}
472 		} while (!error && uiop->uio_resid > 0 && n > 0);
473 		kmem_free(base, bufsize);
474 		return (error);
475 	}
476 
477 	error = 0;
478 
479 	do {
480 		off = uiop->uio_loffset & MAXBMASK; /* mapping offset */
481 		on = uiop->uio_loffset & MAXBOFFSET; /* Relative offset */
482 		n = MIN(MAXBSIZE - on, uiop->uio_resid);
483 
484 		error = nfs_validate_caches(vp, cr);
485 		if (error)
486 			break;
487 
488 		mutex_enter(&rp->r_statelock);
489 		while (rp->r_flags & RINCACHEPURGE) {
490 			if (!cv_wait_sig(&rp->r_cv, &rp->r_statelock)) {
491 				mutex_exit(&rp->r_statelock);
492 				return (EINTR);
493 			}
494 		}
495 		diff = rp->r_size - uiop->uio_loffset;
496 		mutex_exit(&rp->r_statelock);
497 		if (diff <= 0)
498 			break;
499 		if (diff < n)
500 			n = (size_t)diff;
501 
502 		if (vpm_enable) {
503 			/*
504 			 * Copy data.
505 			 */
506 			error = vpm_data_copy(vp, off + on, n, uiop,
507 			    1, NULL, 0, S_READ);
508 		} else {
509 			base = segmap_getmapflt(segkmap, vp, off + on, n,
510 			    1, S_READ);
511 			error = uiomove(base + on, n, UIO_READ, uiop);
512 		}
513 
514 		if (!error) {
515 			/*
516 			 * If read a whole block or read to eof,
517 			 * won't need this buffer again soon.
518 			 */
519 			mutex_enter(&rp->r_statelock);
520 			if (n + on == MAXBSIZE ||
521 			    uiop->uio_loffset == rp->r_size)
522 				flags = SM_DONTNEED;
523 			else
524 				flags = 0;
525 			mutex_exit(&rp->r_statelock);
526 			if (vpm_enable) {
527 				error = vpm_sync_pages(vp, off, n, flags);
528 			} else {
529 				error = segmap_release(segkmap, base, flags);
530 			}
531 		} else {
532 			if (vpm_enable) {
533 				(void) vpm_sync_pages(vp, off, n, 0);
534 			} else {
535 				(void) segmap_release(segkmap, base, 0);
536 			}
537 		}
538 	} while (!error && uiop->uio_resid > 0);
539 
540 	return (error);
541 }
542 
543 /* ARGSUSED */
544 static int
545 nfs_write(vnode_t *vp, struct uio *uiop, int ioflag, cred_t *cr,
546 	caller_context_t *ct)
547 {
548 	rnode_t *rp;
549 	u_offset_t off;
550 	caddr_t base;
551 	uint_t flags;
552 	int remainder;
553 	size_t n;
554 	int on;
555 	int error;
556 	int resid;
557 	offset_t offset;
558 	rlim_t limit;
559 	mntinfo_t *mi;
560 
561 	rp = VTOR(vp);
562 
563 	mi = VTOMI(vp);
564 	if (nfs_zone() != mi->mi_zone)
565 		return (EIO);
566 	if (vp->v_type != VREG)
567 		return (EISDIR);
568 
569 	if (uiop->uio_resid == 0)
570 		return (0);
571 
572 	if (ioflag & FAPPEND) {
573 		struct vattr va;
574 
575 		/*
576 		 * Must serialize if appending.
577 		 */
578 		if (nfs_rw_lock_held(&rp->r_rwlock, RW_READER)) {
579 			nfs_rw_exit(&rp->r_rwlock);
580 			if (nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER,
581 			    INTR(vp)))
582 				return (EINTR);
583 		}
584 
585 		va.va_mask = AT_SIZE;
586 		error = nfsgetattr(vp, &va, cr);
587 		if (error)
588 			return (error);
589 		uiop->uio_loffset = va.va_size;
590 	}
591 
592 	if (uiop->uio_loffset > MAXOFF32_T)
593 		return (EFBIG);
594 
595 	offset = uiop->uio_loffset + uiop->uio_resid;
596 
597 	if (uiop->uio_loffset < 0 || offset > MAXOFF32_T)
598 		return (EINVAL);
599 
600 	if (uiop->uio_llimit > (rlim64_t)MAXOFF32_T) {
601 		limit = MAXOFF32_T;
602 	} else {
603 		limit = (rlim_t)uiop->uio_llimit;
604 	}
605 
606 	/*
607 	 * Check to make sure that the process will not exceed
608 	 * its limit on file size.  It is okay to write up to
609 	 * the limit, but not beyond.  Thus, the write which
610 	 * reaches the limit will be short and the next write
611 	 * will return an error.
612 	 */
613 	remainder = 0;
614 	if (offset > limit) {
615 		remainder = offset - limit;
616 		uiop->uio_resid = limit - uiop->uio_offset;
617 		if (uiop->uio_resid <= 0) {
618 			proc_t *p = ttoproc(curthread);
619 
620 			uiop->uio_resid += remainder;
621 			mutex_enter(&p->p_lock);
622 			(void) rctl_action(rctlproc_legacy[RLIMIT_FSIZE],
623 			    p->p_rctls, p, RCA_UNSAFE_SIGINFO);
624 			mutex_exit(&p->p_lock);
625 			return (EFBIG);
626 		}
627 	}
628 
629 	if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_READER, INTR(vp)))
630 		return (EINTR);
631 
632 	/*
633 	 * Bypass VM if caching has been disabled (e.g., locking) or if
634 	 * using client-side direct I/O and the file is not mmap'd and
635 	 * there are no cached pages.
636 	 */
637 	if ((vp->v_flag & VNOCACHE) ||
638 	    (((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO)) &&
639 	    rp->r_mapcnt == 0 && !vn_has_cached_data(vp))) {
640 		size_t bufsize;
641 		int count;
642 		uint_t org_offset;
643 
644 nfs_fwrite:
645 		if (rp->r_flags & RSTALE) {
646 			resid = uiop->uio_resid;
647 			offset = uiop->uio_loffset;
648 			error = rp->r_error;
649 			goto bottom;
650 		}
651 		bufsize = MIN(uiop->uio_resid, mi->mi_curwrite);
652 		base = kmem_alloc(bufsize, KM_SLEEP);
653 		do {
654 			resid = uiop->uio_resid;
655 			offset = uiop->uio_loffset;
656 			count = MIN(uiop->uio_resid, bufsize);
657 			org_offset = uiop->uio_offset;
658 			error = uiomove(base, count, UIO_WRITE, uiop);
659 			if (!error) {
660 				error = nfswrite(vp, base, org_offset,
661 				    count, cr);
662 			}
663 		} while (!error && uiop->uio_resid > 0);
664 		kmem_free(base, bufsize);
665 		goto bottom;
666 	}
667 
668 	do {
669 		off = uiop->uio_loffset & MAXBMASK; /* mapping offset */
670 		on = uiop->uio_loffset & MAXBOFFSET; /* Relative offset */
671 		n = MIN(MAXBSIZE - on, uiop->uio_resid);
672 
673 		resid = uiop->uio_resid;
674 		offset = uiop->uio_loffset;
675 
676 		if (rp->r_flags & RSTALE) {
677 			error = rp->r_error;
678 			break;
679 		}
680 
681 		/*
682 		 * Don't create dirty pages faster than they
683 		 * can be cleaned so that the system doesn't
684 		 * get imbalanced.  If the async queue is
685 		 * maxed out, then wait for it to drain before
686 		 * creating more dirty pages.  Also, wait for
687 		 * any threads doing pagewalks in the vop_getattr
688 		 * entry points so that they don't block for
689 		 * long periods.
690 		 */
691 		mutex_enter(&rp->r_statelock);
692 		while ((mi->mi_max_threads != 0 &&
693 		    rp->r_awcount > 2 * mi->mi_max_threads) ||
694 		    rp->r_gcount > 0)
695 			cv_wait(&rp->r_cv, &rp->r_statelock);
696 		mutex_exit(&rp->r_statelock);
697 
698 		if (vpm_enable) {
699 			/*
700 			 * It will use kpm mappings, so no need to
701 			 * pass an address.
702 			 */
703 			error = writerp(rp, NULL, n, uiop, 0);
704 		} else  {
705 			if (segmap_kpm) {
706 				int pon = uiop->uio_loffset & PAGEOFFSET;
707 				size_t pn = MIN(PAGESIZE - pon,
708 				    uiop->uio_resid);
709 				int pagecreate;
710 
711 				mutex_enter(&rp->r_statelock);
712 				pagecreate = (pon == 0) && (pn == PAGESIZE ||
713 				    uiop->uio_loffset + pn >= rp->r_size);
714 				mutex_exit(&rp->r_statelock);
715 
716 				base = segmap_getmapflt(segkmap, vp, off + on,
717 				    pn, !pagecreate, S_WRITE);
718 
719 				error = writerp(rp, base + pon, n, uiop,
720 				    pagecreate);
721 
722 			} else {
723 				base = segmap_getmapflt(segkmap, vp, off + on,
724 				    n, 0, S_READ);
725 				error = writerp(rp, base + on, n, uiop, 0);
726 			}
727 		}
728 
729 		if (!error) {
730 			if (mi->mi_flags & MI_NOAC)
731 				flags = SM_WRITE;
732 			else if (n + on == MAXBSIZE || IS_SWAPVP(vp)) {
733 				/*
734 				 * Have written a whole block.
735 				 * Start an asynchronous write
736 				 * and mark the buffer to
737 				 * indicate that it won't be
738 				 * needed again soon.
739 				 */
740 				flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
741 			} else
742 				flags = 0;
743 			if ((ioflag & (FSYNC|FDSYNC)) ||
744 			    (rp->r_flags & ROUTOFSPACE)) {
745 				flags &= ~SM_ASYNC;
746 				flags |= SM_WRITE;
747 			}
748 			if (vpm_enable) {
749 				error = vpm_sync_pages(vp, off, n, flags);
750 			} else {
751 				error = segmap_release(segkmap, base, flags);
752 			}
753 		} else {
754 			if (vpm_enable) {
755 				(void) vpm_sync_pages(vp, off, n, 0);
756 			} else {
757 				(void) segmap_release(segkmap, base, 0);
758 			}
759 			/*
760 			 * In the event that we got an access error while
761 			 * faulting in a page for a write-only file just
762 			 * force a write.
763 			 */
764 			if (error == EACCES)
765 				goto nfs_fwrite;
766 		}
767 	} while (!error && uiop->uio_resid > 0);
768 
769 bottom:
770 	if (error) {
771 		uiop->uio_resid = resid + remainder;
772 		uiop->uio_loffset = offset;
773 	} else
774 		uiop->uio_resid += remainder;
775 
776 	nfs_rw_exit(&rp->r_lkserlock);
777 
778 	return (error);
779 }
780 
781 /*
782  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
783  */
784 static int
785 nfs_rdwrlbn(vnode_t *vp, page_t *pp, u_offset_t off, size_t len,
786 	int flags, cred_t *cr)
787 {
788 	struct buf *bp;
789 	int error;
790 
791 	ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
792 	bp = pageio_setup(pp, len, vp, flags);
793 	ASSERT(bp != NULL);
794 
795 	/*
796 	 * pageio_setup should have set b_addr to 0.  This
797 	 * is correct since we want to do I/O on a page
798 	 * boundary.  bp_mapin will use this addr to calculate
799 	 * an offset, and then set b_addr to the kernel virtual
800 	 * address it allocated for us.
801 	 */
802 	ASSERT(bp->b_un.b_addr == 0);
803 
804 	bp->b_edev = 0;
805 	bp->b_dev = 0;
806 	bp->b_lblkno = lbtodb(off);
807 	bp->b_file = vp;
808 	bp->b_offset = (offset_t)off;
809 	bp_mapin(bp);
810 
811 	error = nfs_bio(bp, cr);
812 
813 	bp_mapout(bp);
814 	pageio_done(bp);
815 
816 	return (error);
817 }
818 
819 /*
820  * Write to file.  Writes to remote server in largest size
821  * chunks that the server can handle.  Write is synchronous.
822  */
823 static int
824 nfswrite(vnode_t *vp, caddr_t base, uint_t offset, int count, cred_t *cr)
825 {
826 	rnode_t *rp;
827 	mntinfo_t *mi;
828 	struct nfswriteargs wa;
829 	struct nfsattrstat ns;
830 	int error;
831 	int tsize;
832 	int douprintf;
833 
834 	douprintf = 1;
835 
836 	rp = VTOR(vp);
837 	mi = VTOMI(vp);
838 
839 	ASSERT(nfs_zone() == mi->mi_zone);
840 
841 	wa.wa_args = &wa.wa_args_buf;
842 	wa.wa_fhandle = *VTOFH(vp);
843 
844 	do {
845 		tsize = MIN(mi->mi_curwrite, count);
846 		wa.wa_data = base;
847 		wa.wa_begoff = offset;
848 		wa.wa_totcount = tsize;
849 		wa.wa_count = tsize;
850 		wa.wa_offset = offset;
851 
852 		if (mi->mi_io_kstats) {
853 			mutex_enter(&mi->mi_lock);
854 			kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
855 			mutex_exit(&mi->mi_lock);
856 		}
857 		wa.wa_mblk = NULL;
858 		do {
859 			error = rfs2call(mi, RFS_WRITE,
860 			    xdr_writeargs, (caddr_t)&wa,
861 			    xdr_attrstat, (caddr_t)&ns, cr,
862 			    &douprintf, &ns.ns_status, 0, NULL);
863 		} while (error == ENFS_TRYAGAIN);
864 		if (mi->mi_io_kstats) {
865 			mutex_enter(&mi->mi_lock);
866 			kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
867 			mutex_exit(&mi->mi_lock);
868 		}
869 
870 		if (!error) {
871 			error = geterrno(ns.ns_status);
872 			/*
873 			 * Can't check for stale fhandle and purge caches
874 			 * here because pages are held by nfs_getpage.
875 			 * Just mark the attribute cache as timed out
876 			 * and set RWRITEATTR to indicate that the file
877 			 * was modified with a WRITE operation.
878 			 */
879 			if (!error) {
880 				count -= tsize;
881 				base += tsize;
882 				offset += tsize;
883 				if (mi->mi_io_kstats) {
884 					mutex_enter(&mi->mi_lock);
885 					KSTAT_IO_PTR(mi->mi_io_kstats)->
886 					    writes++;
887 					KSTAT_IO_PTR(mi->mi_io_kstats)->
888 					    nwritten += tsize;
889 					mutex_exit(&mi->mi_lock);
890 				}
891 				lwp_stat_update(LWP_STAT_OUBLK, 1);
892 				mutex_enter(&rp->r_statelock);
893 				PURGE_ATTRCACHE_LOCKED(rp);
894 				rp->r_flags |= RWRITEATTR;
895 				mutex_exit(&rp->r_statelock);
896 			}
897 		}
898 	} while (!error && count);
899 
900 	return (error);
901 }
902 
903 /*
904  * Read from a file.  Reads data in largest chunks our interface can handle.
905  */
906 static int
907 nfsread(vnode_t *vp, caddr_t base, uint_t offset, int count, size_t *residp,
908 	cred_t *cr)
909 {
910 	mntinfo_t *mi;
911 	struct nfsreadargs ra;
912 	struct nfsrdresult rr;
913 	int tsize;
914 	int error;
915 	int douprintf;
916 	failinfo_t fi;
917 	rnode_t *rp;
918 	struct vattr va;
919 	hrtime_t t;
920 
921 	rp = VTOR(vp);
922 	mi = VTOMI(vp);
923 
924 	ASSERT(nfs_zone() == mi->mi_zone);
925 
926 	douprintf = 1;
927 
928 	ra.ra_fhandle = *VTOFH(vp);
929 
930 	fi.vp = vp;
931 	fi.fhp = (caddr_t)&ra.ra_fhandle;
932 	fi.copyproc = nfscopyfh;
933 	fi.lookupproc = nfslookup;
934 	fi.xattrdirproc = acl_getxattrdir2;
935 
936 	do {
937 		if (mi->mi_io_kstats) {
938 			mutex_enter(&mi->mi_lock);
939 			kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
940 			mutex_exit(&mi->mi_lock);
941 		}
942 
943 		do {
944 			tsize = MIN(mi->mi_curread, count);
945 			rr.rr_data = base;
946 			ra.ra_offset = offset;
947 			ra.ra_totcount = tsize;
948 			ra.ra_count = tsize;
949 			t = gethrtime();
950 			error = rfs2call(mi, RFS_READ,
951 			    xdr_readargs, (caddr_t)&ra,
952 			    xdr_rdresult, (caddr_t)&rr, cr,
953 			    &douprintf, &rr.rr_status, 0, &fi);
954 		} while (error == ENFS_TRYAGAIN);
955 
956 		if (mi->mi_io_kstats) {
957 			mutex_enter(&mi->mi_lock);
958 			kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
959 			mutex_exit(&mi->mi_lock);
960 		}
961 
962 		if (!error) {
963 			error = geterrno(rr.rr_status);
964 			if (!error) {
965 				count -= rr.rr_count;
966 				base += rr.rr_count;
967 				offset += rr.rr_count;
968 				if (mi->mi_io_kstats) {
969 					mutex_enter(&mi->mi_lock);
970 					KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
971 					KSTAT_IO_PTR(mi->mi_io_kstats)->nread +=
972 					    rr.rr_count;
973 					mutex_exit(&mi->mi_lock);
974 				}
975 				lwp_stat_update(LWP_STAT_INBLK, 1);
976 			}
977 		}
978 	} while (!error && count && rr.rr_count == tsize);
979 
980 	*residp = count;
981 
982 	if (!error) {
983 		/*
984 		 * Since no error occurred, we have the current
985 		 * attributes and we need to do a cache check and then
986 		 * potentially update the cached attributes.  We can't
987 		 * use the normal attribute check and cache mechanisms
988 		 * because they might cause a cache flush which would
989 		 * deadlock.  Instead, we just check the cache to see
990 		 * if the attributes have changed.  If it is, then we
991 		 * just mark the attributes as out of date.  The next
992 		 * time that the attributes are checked, they will be
993 		 * out of date, new attributes will be fetched, and
994 		 * the page cache will be flushed.  If the attributes
995 		 * weren't changed, then we just update the cached
996 		 * attributes with these attributes.
997 		 */
998 		/*
999 		 * If NFS_ACL is supported on the server, then the
1000 		 * attributes returned by server may have minimal
1001 		 * permissions sometimes denying access to users having
1002 		 * proper access.  To get the proper attributes, mark
1003 		 * the attributes as expired so that they will be
1004 		 * regotten via the NFS_ACL GETATTR2 procedure.
1005 		 */
1006 		error = nattr_to_vattr(vp, &rr.rr_attr, &va);
1007 		mutex_enter(&rp->r_statelock);
1008 		if (error || !CACHE_VALID(rp, va.va_mtime, va.va_size) ||
1009 		    (mi->mi_flags & MI_ACL)) {
1010 			mutex_exit(&rp->r_statelock);
1011 			PURGE_ATTRCACHE(vp);
1012 		} else {
1013 			if (rp->r_mtime <= t) {
1014 				nfs_attrcache_va(vp, &va);
1015 			}
1016 			mutex_exit(&rp->r_statelock);
1017 		}
1018 	}
1019 
1020 	return (error);
1021 }
1022 
1023 /* ARGSUSED */
1024 static int
1025 nfs_ioctl(vnode_t *vp, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp,
1026 	caller_context_t *ct)
1027 {
1028 
1029 	if (nfs_zone() != VTOMI(vp)->mi_zone)
1030 		return (EIO);
1031 	switch (cmd) {
1032 		case _FIODIRECTIO:
1033 			return (nfs_directio(vp, (int)arg, cr));
1034 		default:
1035 			return (ENOTTY);
1036 	}
1037 }
1038 
1039 /* ARGSUSED */
1040 static int
1041 nfs_getattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr,
1042 	caller_context_t *ct)
1043 {
1044 	int error;
1045 	rnode_t *rp;
1046 
1047 	if (nfs_zone() != VTOMI(vp)->mi_zone)
1048 		return (EIO);
1049 	/*
1050 	 * If it has been specified that the return value will
1051 	 * just be used as a hint, and we are only being asked
1052 	 * for size, fsid or rdevid, then return the client's
1053 	 * notion of these values without checking to make sure
1054 	 * that the attribute cache is up to date.
1055 	 * The whole point is to avoid an over the wire GETATTR
1056 	 * call.
1057 	 */
1058 	rp = VTOR(vp);
1059 	if (flags & ATTR_HINT) {
1060 		if (vap->va_mask ==
1061 		    (vap->va_mask & (AT_SIZE | AT_FSID | AT_RDEV))) {
1062 			mutex_enter(&rp->r_statelock);
1063 			if (vap->va_mask | AT_SIZE)
1064 				vap->va_size = rp->r_size;
1065 			if (vap->va_mask | AT_FSID)
1066 				vap->va_fsid = rp->r_attr.va_fsid;
1067 			if (vap->va_mask | AT_RDEV)
1068 				vap->va_rdev = rp->r_attr.va_rdev;
1069 			mutex_exit(&rp->r_statelock);
1070 			return (0);
1071 		}
1072 	}
1073 
1074 	/*
1075 	 * Only need to flush pages if asking for the mtime
1076 	 * and if there any dirty pages or any outstanding
1077 	 * asynchronous (write) requests for this file.
1078 	 */
1079 	if (vap->va_mask & AT_MTIME) {
1080 		if (vn_has_cached_data(vp) &&
1081 		    ((rp->r_flags & RDIRTY) || rp->r_awcount > 0)) {
1082 			mutex_enter(&rp->r_statelock);
1083 			rp->r_gcount++;
1084 			mutex_exit(&rp->r_statelock);
1085 			error = nfs_putpage(vp, (offset_t)0, 0, 0, cr, ct);
1086 			mutex_enter(&rp->r_statelock);
1087 			if (error && (error == ENOSPC || error == EDQUOT)) {
1088 				if (!rp->r_error)
1089 					rp->r_error = error;
1090 			}
1091 			if (--rp->r_gcount == 0)
1092 				cv_broadcast(&rp->r_cv);
1093 			mutex_exit(&rp->r_statelock);
1094 		}
1095 	}
1096 
1097 	return (nfsgetattr(vp, vap, cr));
1098 }
1099 
1100 /*ARGSUSED4*/
1101 static int
1102 nfs_setattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr,
1103 		caller_context_t *ct)
1104 {
1105 	int error;
1106 	uint_t mask;
1107 	struct vattr va;
1108 
1109 	mask = vap->va_mask;
1110 
1111 	if (mask & AT_NOSET)
1112 		return (EINVAL);
1113 
1114 	if ((mask & AT_SIZE) &&
1115 	    vap->va_type == VREG &&
1116 	    vap->va_size > MAXOFF32_T)
1117 		return (EFBIG);
1118 
1119 	if (nfs_zone() != VTOMI(vp)->mi_zone)
1120 		return (EIO);
1121 
1122 	va.va_mask = AT_UID | AT_MODE;
1123 
1124 	error = nfsgetattr(vp, &va, cr);
1125 	if (error)
1126 		return (error);
1127 
1128 	error = secpolicy_vnode_setattr(cr, vp, vap, &va, flags, nfs_accessx,
1129 	    vp);
1130 
1131 	if (error)
1132 		return (error);
1133 
1134 	return (nfssetattr(vp, vap, flags, cr));
1135 }
1136 
1137 static int
1138 nfssetattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr)
1139 {
1140 	int error;
1141 	uint_t mask;
1142 	struct nfssaargs args;
1143 	struct nfsattrstat ns;
1144 	int douprintf;
1145 	rnode_t *rp;
1146 	struct vattr va;
1147 	mode_t omode;
1148 	mntinfo_t *mi;
1149 	vsecattr_t *vsp;
1150 	hrtime_t t;
1151 
1152 	mask = vap->va_mask;
1153 
1154 	ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
1155 
1156 	rp = VTOR(vp);
1157 
1158 	/*
1159 	 * Only need to flush pages if there are any pages and
1160 	 * if the file is marked as dirty in some fashion.  The
1161 	 * file must be flushed so that we can accurately
1162 	 * determine the size of the file and the cached data
1163 	 * after the SETATTR returns.  A file is considered to
1164 	 * be dirty if it is either marked with RDIRTY, has
1165 	 * outstanding i/o's active, or is mmap'd.  In this
1166 	 * last case, we can't tell whether there are dirty
1167 	 * pages, so we flush just to be sure.
1168 	 */
1169 	if (vn_has_cached_data(vp) &&
1170 	    ((rp->r_flags & RDIRTY) ||
1171 	    rp->r_count > 0 ||
1172 	    rp->r_mapcnt > 0)) {
1173 		ASSERT(vp->v_type != VCHR);
1174 		error = nfs_putpage(vp, (offset_t)0, 0, 0, cr, NULL);
1175 		if (error && (error == ENOSPC || error == EDQUOT)) {
1176 			mutex_enter(&rp->r_statelock);
1177 			if (!rp->r_error)
1178 				rp->r_error = error;
1179 			mutex_exit(&rp->r_statelock);
1180 		}
1181 	}
1182 
1183 	/*
1184 	 * If the system call was utime(2) or utimes(2) and the
1185 	 * application did not specify the times, then set the
1186 	 * mtime nanosecond field to 1 billion.  This will get
1187 	 * translated from 1 billion nanoseconds to 1 million
1188 	 * microseconds in the over the wire request.  The
1189 	 * server will use 1 million in the microsecond field
1190 	 * to tell whether both the mtime and atime should be
1191 	 * set to the server's current time.
1192 	 *
1193 	 * This is an overload of the protocol and should be
1194 	 * documented in the NFS Version 2 protocol specification.
1195 	 */
1196 	if ((mask & AT_MTIME) && !(flags & ATTR_UTIME)) {
1197 		vap->va_mtime.tv_nsec = 1000000000;
1198 		if (NFS_TIME_T_OK(vap->va_mtime.tv_sec) &&
1199 		    NFS_TIME_T_OK(vap->va_atime.tv_sec)) {
1200 			error = vattr_to_sattr(vap, &args.saa_sa);
1201 		} else {
1202 			/*
1203 			 * Use server times. vap time values will not be used.
1204 			 * To ensure no time overflow, make sure vap has
1205 			 * valid values, but retain the original values.
1206 			 */
1207 			timestruc_t	mtime = vap->va_mtime;
1208 			timestruc_t	atime = vap->va_atime;
1209 			time_t		now;
1210 
1211 			now = gethrestime_sec();
1212 			if (NFS_TIME_T_OK(now)) {
1213 				/* Just in case server does not know of this */
1214 				vap->va_mtime.tv_sec = now;
1215 				vap->va_atime.tv_sec = now;
1216 			} else {
1217 				vap->va_mtime.tv_sec = 0;
1218 				vap->va_atime.tv_sec = 0;
1219 			}
1220 			error = vattr_to_sattr(vap, &args.saa_sa);
1221 			/* set vap times back on */
1222 			vap->va_mtime = mtime;
1223 			vap->va_atime = atime;
1224 		}
1225 	} else {
1226 		/* Either do not set times or use the client specified times */
1227 		error = vattr_to_sattr(vap, &args.saa_sa);
1228 	}
1229 	if (error) {
1230 		/* req time field(s) overflow - return immediately */
1231 		return (error);
1232 	}
1233 	args.saa_fh = *VTOFH(vp);
1234 
1235 	va.va_mask = AT_MODE;
1236 	error = nfsgetattr(vp, &va, cr);
1237 	if (error)
1238 		return (error);
1239 	omode = va.va_mode;
1240 
1241 	mi = VTOMI(vp);
1242 
1243 	douprintf = 1;
1244 
1245 	t = gethrtime();
1246 
1247 	error = rfs2call(mi, RFS_SETATTR,
1248 	    xdr_saargs, (caddr_t)&args,
1249 	    xdr_attrstat, (caddr_t)&ns, cr,
1250 	    &douprintf, &ns.ns_status, 0, NULL);
1251 
1252 	/*
1253 	 * Purge the access cache and ACL cache if changing either the
1254 	 * owner of the file, the group owner, or the mode.  These may
1255 	 * change the access permissions of the file, so purge old
1256 	 * information and start over again.
1257 	 */
1258 	if ((mask & (AT_UID | AT_GID | AT_MODE)) && (mi->mi_flags & MI_ACL)) {
1259 		(void) nfs_access_purge_rp(rp);
1260 		if (rp->r_secattr != NULL) {
1261 			mutex_enter(&rp->r_statelock);
1262 			vsp = rp->r_secattr;
1263 			rp->r_secattr = NULL;
1264 			mutex_exit(&rp->r_statelock);
1265 			if (vsp != NULL)
1266 				nfs_acl_free(vsp);
1267 		}
1268 	}
1269 
1270 	if (!error) {
1271 		error = geterrno(ns.ns_status);
1272 		if (!error) {
1273 			/*
1274 			 * If changing the size of the file, invalidate
1275 			 * any local cached data which is no longer part
1276 			 * of the file.  We also possibly invalidate the
1277 			 * last page in the file.  We could use
1278 			 * pvn_vpzero(), but this would mark the page as
1279 			 * modified and require it to be written back to
1280 			 * the server for no particularly good reason.
1281 			 * This way, if we access it, then we bring it
1282 			 * back in.  A read should be cheaper than a
1283 			 * write.
1284 			 */
1285 			if (mask & AT_SIZE) {
1286 				nfs_invalidate_pages(vp,
1287 				    (vap->va_size & PAGEMASK), cr);
1288 			}
1289 			(void) nfs_cache_fattr(vp, &ns.ns_attr, &va, t, cr);
1290 			/*
1291 			 * If NFS_ACL is supported on the server, then the
1292 			 * attributes returned by server may have minimal
1293 			 * permissions sometimes denying access to users having
1294 			 * proper access.  To get the proper attributes, mark
1295 			 * the attributes as expired so that they will be
1296 			 * regotten via the NFS_ACL GETATTR2 procedure.
1297 			 */
1298 			if (mi->mi_flags & MI_ACL) {
1299 				PURGE_ATTRCACHE(vp);
1300 			}
1301 			/*
1302 			 * This next check attempts to deal with NFS
1303 			 * servers which can not handle increasing
1304 			 * the size of the file via setattr.  Most
1305 			 * of these servers do not return an error,
1306 			 * but do not change the size of the file.
1307 			 * Hence, this check and then attempt to set
1308 			 * the file size by writing 1 byte at the
1309 			 * offset of the end of the file that we need.
1310 			 */
1311 			if ((mask & AT_SIZE) &&
1312 			    ns.ns_attr.na_size < (uint32_t)vap->va_size) {
1313 				char zb = '\0';
1314 
1315 				error = nfswrite(vp, &zb,
1316 				    vap->va_size - sizeof (zb),
1317 				    sizeof (zb), cr);
1318 			}
1319 			/*
1320 			 * Some servers will change the mode to clear the setuid
1321 			 * and setgid bits when changing the uid or gid.  The
1322 			 * client needs to compensate appropriately.
1323 			 */
1324 			if (mask & (AT_UID | AT_GID)) {
1325 				int terror;
1326 
1327 				va.va_mask = AT_MODE;
1328 				terror = nfsgetattr(vp, &va, cr);
1329 				if (!terror &&
1330 				    (((mask & AT_MODE) &&
1331 				    va.va_mode != vap->va_mode) ||
1332 				    (!(mask & AT_MODE) &&
1333 				    va.va_mode != omode))) {
1334 					va.va_mask = AT_MODE;
1335 					if (mask & AT_MODE)
1336 						va.va_mode = vap->va_mode;
1337 					else
1338 						va.va_mode = omode;
1339 					(void) nfssetattr(vp, &va, 0, cr);
1340 				}
1341 			}
1342 		} else {
1343 			PURGE_ATTRCACHE(vp);
1344 			PURGE_STALE_FH(error, vp, cr);
1345 		}
1346 	} else {
1347 		PURGE_ATTRCACHE(vp);
1348 	}
1349 
1350 	return (error);
1351 }
1352 
1353 static int
1354 nfs_accessx(void *vp, int mode, cred_t *cr)
1355 {
1356 	ASSERT(nfs_zone() == VTOMI((vnode_t *)vp)->mi_zone);
1357 	return (nfs_access(vp, mode, 0, cr, NULL));
1358 }
1359 
1360 /* ARGSUSED */
1361 static int
1362 nfs_access(vnode_t *vp, int mode, int flags, cred_t *cr, caller_context_t *ct)
1363 {
1364 	struct vattr va;
1365 	int error;
1366 	mntinfo_t *mi;
1367 	int shift = 0;
1368 
1369 	mi = VTOMI(vp);
1370 
1371 	if (nfs_zone() != mi->mi_zone)
1372 		return (EIO);
1373 	if (mi->mi_flags & MI_ACL) {
1374 		error = acl_access2(vp, mode, flags, cr);
1375 		if (mi->mi_flags & MI_ACL)
1376 			return (error);
1377 	}
1378 
1379 	va.va_mask = AT_MODE | AT_UID | AT_GID;
1380 	error = nfsgetattr(vp, &va, cr);
1381 	if (error)
1382 		return (error);
1383 
1384 	/*
1385 	 * Disallow write attempts on read-only
1386 	 * file systems, unless the file is a
1387 	 * device node.
1388 	 */
1389 	if ((mode & VWRITE) && vn_is_readonly(vp) && !IS_DEVVP(vp))
1390 		return (EROFS);
1391 
1392 	/*
1393 	 * Disallow attempts to access mandatory lock files.
1394 	 */
1395 	if ((mode & (VWRITE | VREAD | VEXEC)) &&
1396 	    MANDLOCK(vp, va.va_mode))
1397 		return (EACCES);
1398 
1399 	/*
1400 	 * Access check is based on only
1401 	 * one of owner, group, public.
1402 	 * If not owner, then check group.
1403 	 * If not a member of the group,
1404 	 * then check public access.
1405 	 */
1406 	if (crgetuid(cr) != va.va_uid) {
1407 		shift += 3;
1408 		if (!groupmember(va.va_gid, cr))
1409 			shift += 3;
1410 	}
1411 found:
1412 	mode &= ~(va.va_mode << shift);
1413 	if (mode == 0)
1414 		return (0);
1415 
1416 	return (secpolicy_vnode_access(cr, vp, va.va_uid, mode));
1417 }
1418 
1419 static int nfs_do_symlink_cache = 1;
1420 
1421 /* ARGSUSED */
1422 static int
1423 nfs_readlink(vnode_t *vp, struct uio *uiop, cred_t *cr, caller_context_t *ct)
1424 {
1425 	int error;
1426 	struct nfsrdlnres rl;
1427 	rnode_t *rp;
1428 	int douprintf;
1429 	failinfo_t fi;
1430 
1431 	/*
1432 	 * We want to be consistent with UFS semantics so we will return
1433 	 * EINVAL instead of ENXIO. This violates the XNFS spec and
1434 	 * the RFC 1094, which are wrong any way. BUGID 1138002.
1435 	 */
1436 	if (vp->v_type != VLNK)
1437 		return (EINVAL);
1438 
1439 	if (nfs_zone() != VTOMI(vp)->mi_zone)
1440 		return (EIO);
1441 
1442 	rp = VTOR(vp);
1443 	if (nfs_do_symlink_cache && rp->r_symlink.contents != NULL) {
1444 		error = nfs_validate_caches(vp, cr);
1445 		if (error)
1446 			return (error);
1447 		mutex_enter(&rp->r_statelock);
1448 		if (rp->r_symlink.contents != NULL) {
1449 			error = uiomove(rp->r_symlink.contents,
1450 			    rp->r_symlink.len, UIO_READ, uiop);
1451 			mutex_exit(&rp->r_statelock);
1452 			return (error);
1453 		}
1454 		mutex_exit(&rp->r_statelock);
1455 	}
1456 
1457 
1458 	rl.rl_data = kmem_alloc(NFS_MAXPATHLEN, KM_SLEEP);
1459 
1460 	fi.vp = vp;
1461 	fi.fhp = NULL;		/* no need to update, filehandle not copied */
1462 	fi.copyproc = nfscopyfh;
1463 	fi.lookupproc = nfslookup;
1464 	fi.xattrdirproc = acl_getxattrdir2;
1465 
1466 	douprintf = 1;
1467 
1468 	error = rfs2call(VTOMI(vp), RFS_READLINK,
1469 	    xdr_fhandle, (caddr_t)VTOFH(vp),
1470 	    xdr_rdlnres, (caddr_t)&rl, cr,
1471 	    &douprintf, &rl.rl_status, 0, &fi);
1472 
1473 	if (error) {
1474 
1475 		kmem_free((void *)rl.rl_data, NFS_MAXPATHLEN);
1476 		return (error);
1477 	}
1478 
1479 	error = geterrno(rl.rl_status);
1480 	if (!error) {
1481 		error = uiomove(rl.rl_data, (int)rl.rl_count, UIO_READ, uiop);
1482 		if (nfs_do_symlink_cache && rp->r_symlink.contents == NULL) {
1483 			mutex_enter(&rp->r_statelock);
1484 			if (rp->r_symlink.contents == NULL) {
1485 				rp->r_symlink.contents = rl.rl_data;
1486 				rp->r_symlink.len = (int)rl.rl_count;
1487 				rp->r_symlink.size = NFS_MAXPATHLEN;
1488 				mutex_exit(&rp->r_statelock);
1489 			} else {
1490 				mutex_exit(&rp->r_statelock);
1491 
1492 				kmem_free((void *)rl.rl_data,
1493 				    NFS_MAXPATHLEN);
1494 			}
1495 		} else {
1496 
1497 			kmem_free((void *)rl.rl_data, NFS_MAXPATHLEN);
1498 		}
1499 	} else {
1500 		PURGE_STALE_FH(error, vp, cr);
1501 
1502 		kmem_free((void *)rl.rl_data, NFS_MAXPATHLEN);
1503 	}
1504 
1505 	/*
1506 	 * Conform to UFS semantics (see comment above)
1507 	 */
1508 	return (error == ENXIO ? EINVAL : error);
1509 }
1510 
1511 /*
1512  * Flush local dirty pages to stable storage on the server.
1513  *
1514  * If FNODSYNC is specified, then there is nothing to do because
1515  * metadata changes are not cached on the client before being
1516  * sent to the server.
1517  */
1518 /* ARGSUSED */
1519 static int
1520 nfs_fsync(vnode_t *vp, int syncflag, cred_t *cr, caller_context_t *ct)
1521 {
1522 	int error;
1523 
1524 	if ((syncflag & FNODSYNC) || IS_SWAPVP(vp))
1525 		return (0);
1526 
1527 	if (nfs_zone() != VTOMI(vp)->mi_zone)
1528 		return (EIO);
1529 
1530 	error = nfs_putpage(vp, (offset_t)0, 0, 0, cr, ct);
1531 	if (!error)
1532 		error = VTOR(vp)->r_error;
1533 	return (error);
1534 }
1535 
1536 
1537 /*
1538  * Weirdness: if the file was removed or the target of a rename
1539  * operation while it was open, it got renamed instead.  Here we
1540  * remove the renamed file.
1541  */
1542 /* ARGSUSED */
1543 static void
1544 nfs_inactive(vnode_t *vp, cred_t *cr, caller_context_t *ct)
1545 {
1546 	rnode_t *rp;
1547 
1548 	ASSERT(vp != DNLC_NO_VNODE);
1549 
1550 	/*
1551 	 * If this is coming from the wrong zone, we let someone in the right
1552 	 * zone take care of it asynchronously.  We can get here due to
1553 	 * VN_RELE() being called from pageout() or fsflush().  This call may
1554 	 * potentially turn into an expensive no-op if, for instance, v_count
1555 	 * gets incremented in the meantime, but it's still correct.
1556 	 */
1557 	if (nfs_zone() != VTOMI(vp)->mi_zone) {
1558 		nfs_async_inactive(vp, cr, nfs_inactive);
1559 		return;
1560 	}
1561 
1562 	rp = VTOR(vp);
1563 redo:
1564 	if (rp->r_unldvp != NULL) {
1565 		/*
1566 		 * Save the vnode pointer for the directory where the
1567 		 * unlinked-open file got renamed, then set it to NULL
1568 		 * to prevent another thread from getting here before
1569 		 * we're done with the remove.  While we have the
1570 		 * statelock, make local copies of the pertinent rnode
1571 		 * fields.  If we weren't to do this in an atomic way, the
1572 		 * the unl* fields could become inconsistent with respect
1573 		 * to each other due to a race condition between this
1574 		 * code and nfs_remove().  See bug report 1034328.
1575 		 */
1576 		mutex_enter(&rp->r_statelock);
1577 		if (rp->r_unldvp != NULL) {
1578 			vnode_t *unldvp;
1579 			char *unlname;
1580 			cred_t *unlcred;
1581 			struct nfsdiropargs da;
1582 			enum nfsstat status;
1583 			int douprintf;
1584 			int error;
1585 
1586 			unldvp = rp->r_unldvp;
1587 			rp->r_unldvp = NULL;
1588 			unlname = rp->r_unlname;
1589 			rp->r_unlname = NULL;
1590 			unlcred = rp->r_unlcred;
1591 			rp->r_unlcred = NULL;
1592 			mutex_exit(&rp->r_statelock);
1593 
1594 			/*
1595 			 * If there are any dirty pages left, then flush
1596 			 * them.  This is unfortunate because they just
1597 			 * may get thrown away during the remove operation,
1598 			 * but we have to do this for correctness.
1599 			 */
1600 			if (vn_has_cached_data(vp) &&
1601 			    ((rp->r_flags & RDIRTY) || rp->r_count > 0)) {
1602 				ASSERT(vp->v_type != VCHR);
1603 				error = nfs_putpage(vp, (offset_t)0, 0, 0,
1604 				    cr, ct);
1605 				if (error) {
1606 					mutex_enter(&rp->r_statelock);
1607 					if (!rp->r_error)
1608 						rp->r_error = error;
1609 					mutex_exit(&rp->r_statelock);
1610 				}
1611 			}
1612 
1613 			/*
1614 			 * Do the remove operation on the renamed file
1615 			 */
1616 			setdiropargs(&da, unlname, unldvp);
1617 
1618 			douprintf = 1;
1619 
1620 			(void) rfs2call(VTOMI(unldvp), RFS_REMOVE,
1621 			    xdr_diropargs, (caddr_t)&da,
1622 			    xdr_enum, (caddr_t)&status, unlcred,
1623 			    &douprintf, &status, 0, NULL);
1624 
1625 			if (HAVE_RDDIR_CACHE(VTOR(unldvp)))
1626 				nfs_purge_rddir_cache(unldvp);
1627 			PURGE_ATTRCACHE(unldvp);
1628 
1629 			/*
1630 			 * Release stuff held for the remove
1631 			 */
1632 			VN_RELE(unldvp);
1633 			kmem_free(unlname, MAXNAMELEN);
1634 			crfree(unlcred);
1635 			goto redo;
1636 		}
1637 		mutex_exit(&rp->r_statelock);
1638 	}
1639 
1640 	rp_addfree(rp, cr);
1641 }
1642 
1643 /*
1644  * Remote file system operations having to do with directory manipulation.
1645  */
1646 
1647 /* ARGSUSED */
1648 static int
1649 nfs_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1650 	int flags, vnode_t *rdir, cred_t *cr, caller_context_t *ct,
1651 	int *direntflags, pathname_t *realpnp)
1652 {
1653 	int error;
1654 	vnode_t *vp;
1655 	vnode_t *avp = NULL;
1656 	rnode_t *drp;
1657 
1658 	if (nfs_zone() != VTOMI(dvp)->mi_zone)
1659 		return (EPERM);
1660 
1661 	drp = VTOR(dvp);
1662 
1663 	/*
1664 	 * Are we looking up extended attributes?  If so, "dvp" is
1665 	 * the file or directory for which we want attributes, and
1666 	 * we need a lookup of the hidden attribute directory
1667 	 * before we lookup the rest of the path.
1668 	 */
1669 	if (flags & LOOKUP_XATTR) {
1670 		bool_t cflag = ((flags & CREATE_XATTR_DIR) != 0);
1671 		mntinfo_t *mi;
1672 
1673 		mi = VTOMI(dvp);
1674 		if (!(mi->mi_flags & MI_EXTATTR))
1675 			return (EINVAL);
1676 
1677 		if (nfs_rw_enter_sig(&drp->r_rwlock, RW_READER, INTR(dvp)))
1678 			return (EINTR);
1679 
1680 		(void) nfslookup_dnlc(dvp, XATTR_DIR_NAME, &avp, cr);
1681 		if (avp == NULL)
1682 			error = acl_getxattrdir2(dvp, &avp, cflag, cr, 0);
1683 		else
1684 			error = 0;
1685 
1686 		nfs_rw_exit(&drp->r_rwlock);
1687 
1688 		if (error) {
1689 			if (mi->mi_flags & MI_EXTATTR)
1690 				return (error);
1691 			return (EINVAL);
1692 		}
1693 		dvp = avp;
1694 		drp = VTOR(dvp);
1695 	}
1696 
1697 	if (nfs_rw_enter_sig(&drp->r_rwlock, RW_READER, INTR(dvp))) {
1698 		error = EINTR;
1699 		goto out;
1700 	}
1701 
1702 	error = nfslookup(dvp, nm, vpp, pnp, flags, rdir, cr, 0);
1703 
1704 	nfs_rw_exit(&drp->r_rwlock);
1705 
1706 	/*
1707 	 * If vnode is a device, create special vnode.
1708 	 */
1709 	if (!error && IS_DEVVP(*vpp)) {
1710 		vp = *vpp;
1711 		*vpp = specvp(vp, vp->v_rdev, vp->v_type, cr);
1712 		VN_RELE(vp);
1713 	}
1714 
1715 out:
1716 	if (avp != NULL)
1717 		VN_RELE(avp);
1718 
1719 	return (error);
1720 }
1721 
1722 static int nfs_lookup_neg_cache = 1;
1723 
1724 #ifdef DEBUG
1725 static int nfs_lookup_dnlc_hits = 0;
1726 static int nfs_lookup_dnlc_misses = 0;
1727 static int nfs_lookup_dnlc_neg_hits = 0;
1728 static int nfs_lookup_dnlc_disappears = 0;
1729 static int nfs_lookup_dnlc_lookups = 0;
1730 #endif
1731 
1732 /* ARGSUSED */
1733 int
1734 nfslookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1735 	int flags, vnode_t *rdir, cred_t *cr, int rfscall_flags)
1736 {
1737 	int error;
1738 
1739 	ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
1740 
1741 	/*
1742 	 * If lookup is for "", just return dvp.  Don't need
1743 	 * to send it over the wire, look it up in the dnlc,
1744 	 * or perform any access checks.
1745 	 */
1746 	if (*nm == '\0') {
1747 		VN_HOLD(dvp);
1748 		*vpp = dvp;
1749 		return (0);
1750 	}
1751 
1752 	/*
1753 	 * Can't do lookups in non-directories.
1754 	 */
1755 	if (dvp->v_type != VDIR)
1756 		return (ENOTDIR);
1757 
1758 	/*
1759 	 * If we're called with RFSCALL_SOFT, it's important that
1760 	 * the only rfscall is one we make directly; if we permit
1761 	 * an access call because we're looking up "." or validating
1762 	 * a dnlc hit, we'll deadlock because that rfscall will not
1763 	 * have the RFSCALL_SOFT set.
1764 	 */
1765 	if (rfscall_flags & RFSCALL_SOFT)
1766 		goto callit;
1767 
1768 	/*
1769 	 * If lookup is for ".", just return dvp.  Don't need
1770 	 * to send it over the wire or look it up in the dnlc,
1771 	 * just need to check access.
1772 	 */
1773 	if (strcmp(nm, ".") == 0) {
1774 		error = nfs_access(dvp, VEXEC, 0, cr, NULL);
1775 		if (error)
1776 			return (error);
1777 		VN_HOLD(dvp);
1778 		*vpp = dvp;
1779 		return (0);
1780 	}
1781 
1782 	/*
1783 	 * Lookup this name in the DNLC.  If there was a valid entry,
1784 	 * then return the results of the lookup.
1785 	 */
1786 	error = nfslookup_dnlc(dvp, nm, vpp, cr);
1787 	if (error || *vpp != NULL)
1788 		return (error);
1789 
1790 callit:
1791 	error = nfslookup_otw(dvp, nm, vpp, cr, rfscall_flags);
1792 
1793 	return (error);
1794 }
1795 
1796 static int
1797 nfslookup_dnlc(vnode_t *dvp, char *nm, vnode_t **vpp, cred_t *cr)
1798 {
1799 	int error;
1800 	vnode_t *vp;
1801 
1802 	ASSERT(*nm != '\0');
1803 	ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
1804 
1805 	/*
1806 	 * Lookup this name in the DNLC.  If successful, then validate
1807 	 * the caches and then recheck the DNLC.  The DNLC is rechecked
1808 	 * just in case this entry got invalidated during the call
1809 	 * to nfs_validate_caches.
1810 	 *
1811 	 * An assumption is being made that it is safe to say that a
1812 	 * file exists which may not on the server.  Any operations to
1813 	 * the server will fail with ESTALE.
1814 	 */
1815 #ifdef DEBUG
1816 	nfs_lookup_dnlc_lookups++;
1817 #endif
1818 	vp = dnlc_lookup(dvp, nm);
1819 	if (vp != NULL) {
1820 		VN_RELE(vp);
1821 		if (vp == DNLC_NO_VNODE && !vn_is_readonly(dvp)) {
1822 			PURGE_ATTRCACHE(dvp);
1823 		}
1824 		error = nfs_validate_caches(dvp, cr);
1825 		if (error)
1826 			return (error);
1827 		vp = dnlc_lookup(dvp, nm);
1828 		if (vp != NULL) {
1829 			error = nfs_access(dvp, VEXEC, 0, cr, NULL);
1830 			if (error) {
1831 				VN_RELE(vp);
1832 				return (error);
1833 			}
1834 			if (vp == DNLC_NO_VNODE) {
1835 				VN_RELE(vp);
1836 #ifdef DEBUG
1837 				nfs_lookup_dnlc_neg_hits++;
1838 #endif
1839 				return (ENOENT);
1840 			}
1841 			*vpp = vp;
1842 #ifdef DEBUG
1843 			nfs_lookup_dnlc_hits++;
1844 #endif
1845 			return (0);
1846 		}
1847 #ifdef DEBUG
1848 		nfs_lookup_dnlc_disappears++;
1849 #endif
1850 	}
1851 #ifdef DEBUG
1852 	else
1853 		nfs_lookup_dnlc_misses++;
1854 #endif
1855 
1856 	*vpp = NULL;
1857 
1858 	return (0);
1859 }
1860 
1861 static int
1862 nfslookup_otw(vnode_t *dvp, char *nm, vnode_t **vpp, cred_t *cr,
1863 	int rfscall_flags)
1864 {
1865 	int error;
1866 	struct nfsdiropargs da;
1867 	struct nfsdiropres dr;
1868 	int douprintf;
1869 	failinfo_t fi;
1870 	hrtime_t t;
1871 
1872 	ASSERT(*nm != '\0');
1873 	ASSERT(dvp->v_type == VDIR);
1874 	ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
1875 
1876 	setdiropargs(&da, nm, dvp);
1877 
1878 	fi.vp = dvp;
1879 	fi.fhp = NULL;		/* no need to update, filehandle not copied */
1880 	fi.copyproc = nfscopyfh;
1881 	fi.lookupproc = nfslookup;
1882 	fi.xattrdirproc = acl_getxattrdir2;
1883 
1884 	douprintf = 1;
1885 
1886 	t = gethrtime();
1887 
1888 	error = rfs2call(VTOMI(dvp), RFS_LOOKUP,
1889 	    xdr_diropargs, (caddr_t)&da,
1890 	    xdr_diropres, (caddr_t)&dr, cr,
1891 	    &douprintf, &dr.dr_status, rfscall_flags, &fi);
1892 
1893 	if (!error) {
1894 		error = geterrno(dr.dr_status);
1895 		if (!error) {
1896 			*vpp = makenfsnode(&dr.dr_fhandle, &dr.dr_attr,
1897 			    dvp->v_vfsp, t, cr, VTOR(dvp)->r_path, nm);
1898 			/*
1899 			 * If NFS_ACL is supported on the server, then the
1900 			 * attributes returned by server may have minimal
1901 			 * permissions sometimes denying access to users having
1902 			 * proper access.  To get the proper attributes, mark
1903 			 * the attributes as expired so that they will be
1904 			 * regotten via the NFS_ACL GETATTR2 procedure.
1905 			 */
1906 			if (VTOMI(*vpp)->mi_flags & MI_ACL) {
1907 				PURGE_ATTRCACHE(*vpp);
1908 			}
1909 			if (!(rfscall_flags & RFSCALL_SOFT))
1910 				dnlc_update(dvp, nm, *vpp);
1911 		} else {
1912 			PURGE_STALE_FH(error, dvp, cr);
1913 			if (error == ENOENT && nfs_lookup_neg_cache)
1914 				dnlc_enter(dvp, nm, DNLC_NO_VNODE);
1915 		}
1916 	}
1917 
1918 	return (error);
1919 }
1920 
1921 /* ARGSUSED */
1922 static int
1923 nfs_create(vnode_t *dvp, char *nm, struct vattr *va, enum vcexcl exclusive,
1924 	int mode, vnode_t **vpp, cred_t *cr, int lfaware, caller_context_t *ct,
1925 	vsecattr_t *vsecp)
1926 {
1927 	int error;
1928 	struct nfscreatargs args;
1929 	struct nfsdiropres dr;
1930 	int douprintf;
1931 	vnode_t *vp;
1932 	rnode_t *rp;
1933 	struct vattr vattr;
1934 	rnode_t *drp;
1935 	vnode_t *tempvp;
1936 	hrtime_t t;
1937 
1938 	drp = VTOR(dvp);
1939 
1940 	if (nfs_zone() != VTOMI(dvp)->mi_zone)
1941 		return (EPERM);
1942 	if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
1943 		return (EINTR);
1944 
1945 	/*
1946 	 * We make a copy of the attributes because the caller does not
1947 	 * expect us to change what va points to.
1948 	 */
1949 	vattr = *va;
1950 
1951 	/*
1952 	 * If the pathname is "", just use dvp.  Don't need
1953 	 * to send it over the wire, look it up in the dnlc,
1954 	 * or perform any access checks.
1955 	 */
1956 	if (*nm == '\0') {
1957 		error = 0;
1958 		VN_HOLD(dvp);
1959 		vp = dvp;
1960 	/*
1961 	 * If the pathname is ".", just use dvp.  Don't need
1962 	 * to send it over the wire or look it up in the dnlc,
1963 	 * just need to check access.
1964 	 */
1965 	} else if (strcmp(nm, ".") == 0) {
1966 		error = nfs_access(dvp, VEXEC, 0, cr, ct);
1967 		if (error) {
1968 			nfs_rw_exit(&drp->r_rwlock);
1969 			return (error);
1970 		}
1971 		VN_HOLD(dvp);
1972 		vp = dvp;
1973 	/*
1974 	 * We need to go over the wire, just to be sure whether the
1975 	 * file exists or not.  Using the DNLC can be dangerous in
1976 	 * this case when making a decision regarding existence.
1977 	 */
1978 	} else {
1979 		error = nfslookup_otw(dvp, nm, &vp, cr, 0);
1980 	}
1981 	if (!error) {
1982 		if (exclusive == EXCL)
1983 			error = EEXIST;
1984 		else if (vp->v_type == VDIR && (mode & VWRITE))
1985 			error = EISDIR;
1986 		else {
1987 			/*
1988 			 * If vnode is a device, create special vnode.
1989 			 */
1990 			if (IS_DEVVP(vp)) {
1991 				tempvp = vp;
1992 				vp = specvp(vp, vp->v_rdev, vp->v_type, cr);
1993 				VN_RELE(tempvp);
1994 			}
1995 			if (!(error = VOP_ACCESS(vp, mode, 0, cr, ct))) {
1996 				if ((vattr.va_mask & AT_SIZE) &&
1997 				    vp->v_type == VREG) {
1998 					vattr.va_mask = AT_SIZE;
1999 					error = nfssetattr(vp, &vattr, 0, cr);
2000 				}
2001 			}
2002 		}
2003 		nfs_rw_exit(&drp->r_rwlock);
2004 		if (error) {
2005 			VN_RELE(vp);
2006 		} else {
2007 			/*
2008 			 * existing file got truncated, notify.
2009 			 */
2010 			vnevent_create(vp, ct);
2011 			*vpp = vp;
2012 		}
2013 		return (error);
2014 	}
2015 
2016 	ASSERT(vattr.va_mask & AT_TYPE);
2017 	if (vattr.va_type == VREG) {
2018 		ASSERT(vattr.va_mask & AT_MODE);
2019 		if (MANDMODE(vattr.va_mode)) {
2020 			nfs_rw_exit(&drp->r_rwlock);
2021 			return (EACCES);
2022 		}
2023 	}
2024 
2025 	dnlc_remove(dvp, nm);
2026 
2027 	setdiropargs(&args.ca_da, nm, dvp);
2028 
2029 	/*
2030 	 * Decide what the group-id of the created file should be.
2031 	 * Set it in attribute list as advisory...then do a setattr
2032 	 * if the server didn't get it right the first time.
2033 	 */
2034 	error = setdirgid(dvp, &vattr.va_gid, cr);
2035 	if (error) {
2036 		nfs_rw_exit(&drp->r_rwlock);
2037 		return (error);
2038 	}
2039 	vattr.va_mask |= AT_GID;
2040 
2041 	/*
2042 	 * This is a completely gross hack to make mknod
2043 	 * work over the wire until we can wack the protocol
2044 	 */
2045 #define	IFCHR		0020000		/* character special */
2046 #define	IFBLK		0060000		/* block special */
2047 #define	IFSOCK		0140000		/* socket */
2048 
2049 	/*
2050 	 * dev_t is uint_t in 5.x and short in 4.x. Both 4.x
2051 	 * supports 8 bit majors. 5.x supports 14 bit majors. 5.x supports 18
2052 	 * bits in the minor number where 4.x supports 8 bits.  If the 5.x
2053 	 * minor/major numbers <= 8 bits long, compress the device
2054 	 * number before sending it. Otherwise, the 4.x server will not
2055 	 * create the device with the correct device number and nothing can be
2056 	 * done about this.
2057 	 */
2058 	if (vattr.va_type == VCHR || vattr.va_type == VBLK) {
2059 		dev_t d = vattr.va_rdev;
2060 		dev32_t dev32;
2061 
2062 		if (vattr.va_type == VCHR)
2063 			vattr.va_mode |= IFCHR;
2064 		else
2065 			vattr.va_mode |= IFBLK;
2066 
2067 		(void) cmpldev(&dev32, d);
2068 		if (dev32 & ~((SO4_MAXMAJ << L_BITSMINOR32) | SO4_MAXMIN))
2069 			vattr.va_size = (u_offset_t)dev32;
2070 		else
2071 			vattr.va_size = (u_offset_t)nfsv2_cmpdev(d);
2072 
2073 		vattr.va_mask |= AT_MODE|AT_SIZE;
2074 	} else if (vattr.va_type == VFIFO) {
2075 		vattr.va_mode |= IFCHR;		/* xtra kludge for namedpipe */
2076 		vattr.va_size = (u_offset_t)NFS_FIFO_DEV;	/* blech */
2077 		vattr.va_mask |= AT_MODE|AT_SIZE;
2078 	} else if (vattr.va_type == VSOCK) {
2079 		vattr.va_mode |= IFSOCK;
2080 		/*
2081 		 * To avoid triggering bugs in the servers set AT_SIZE
2082 		 * (all other RFS_CREATE calls set this).
2083 		 */
2084 		vattr.va_size = 0;
2085 		vattr.va_mask |= AT_MODE|AT_SIZE;
2086 	}
2087 
2088 	args.ca_sa = &args.ca_sa_buf;
2089 	error = vattr_to_sattr(&vattr, args.ca_sa);
2090 	if (error) {
2091 		/* req time field(s) overflow - return immediately */
2092 		nfs_rw_exit(&drp->r_rwlock);
2093 		return (error);
2094 	}
2095 
2096 	douprintf = 1;
2097 
2098 	t = gethrtime();
2099 
2100 	error = rfs2call(VTOMI(dvp), RFS_CREATE,
2101 	    xdr_creatargs, (caddr_t)&args,
2102 	    xdr_diropres, (caddr_t)&dr, cr,
2103 	    &douprintf, &dr.dr_status, 0, NULL);
2104 
2105 	PURGE_ATTRCACHE(dvp);	/* mod time changed */
2106 
2107 	if (!error) {
2108 		error = geterrno(dr.dr_status);
2109 		if (!error) {
2110 			if (HAVE_RDDIR_CACHE(drp))
2111 				nfs_purge_rddir_cache(dvp);
2112 			vp = makenfsnode(&dr.dr_fhandle, &dr.dr_attr,
2113 			    dvp->v_vfsp, t, cr, NULL, NULL);
2114 			/*
2115 			 * If NFS_ACL is supported on the server, then the
2116 			 * attributes returned by server may have minimal
2117 			 * permissions sometimes denying access to users having
2118 			 * proper access.  To get the proper attributes, mark
2119 			 * the attributes as expired so that they will be
2120 			 * regotten via the NFS_ACL GETATTR2 procedure.
2121 			 */
2122 			if (VTOMI(vp)->mi_flags & MI_ACL) {
2123 				PURGE_ATTRCACHE(vp);
2124 			}
2125 			dnlc_update(dvp, nm, vp);
2126 			rp = VTOR(vp);
2127 			if (vattr.va_size == 0) {
2128 				mutex_enter(&rp->r_statelock);
2129 				rp->r_size = 0;
2130 				mutex_exit(&rp->r_statelock);
2131 				if (vn_has_cached_data(vp)) {
2132 					ASSERT(vp->v_type != VCHR);
2133 					nfs_invalidate_pages(vp,
2134 					    (u_offset_t)0, cr);
2135 				}
2136 			}
2137 
2138 			/*
2139 			 * Make sure the gid was set correctly.
2140 			 * If not, try to set it (but don't lose
2141 			 * any sleep over it).
2142 			 */
2143 			if (vattr.va_gid != rp->r_attr.va_gid) {
2144 				vattr.va_mask = AT_GID;
2145 				(void) nfssetattr(vp, &vattr, 0, cr);
2146 			}
2147 
2148 			/*
2149 			 * If vnode is a device create special vnode
2150 			 */
2151 			if (IS_DEVVP(vp)) {
2152 				*vpp = specvp(vp, vp->v_rdev, vp->v_type, cr);
2153 				VN_RELE(vp);
2154 			} else
2155 				*vpp = vp;
2156 		} else {
2157 			PURGE_STALE_FH(error, dvp, cr);
2158 		}
2159 	}
2160 
2161 	nfs_rw_exit(&drp->r_rwlock);
2162 
2163 	return (error);
2164 }
2165 
2166 /*
2167  * Weirdness: if the vnode to be removed is open
2168  * we rename it instead of removing it and nfs_inactive
2169  * will remove the new name.
2170  */
2171 /* ARGSUSED */
2172 static int
2173 nfs_remove(vnode_t *dvp, char *nm, cred_t *cr, caller_context_t *ct, int flags)
2174 {
2175 	int error;
2176 	struct nfsdiropargs da;
2177 	enum nfsstat status;
2178 	vnode_t *vp;
2179 	char *tmpname;
2180 	int douprintf;
2181 	rnode_t *rp;
2182 	rnode_t *drp;
2183 
2184 	if (nfs_zone() != VTOMI(dvp)->mi_zone)
2185 		return (EPERM);
2186 	drp = VTOR(dvp);
2187 	if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
2188 		return (EINTR);
2189 
2190 	error = nfslookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
2191 	if (error) {
2192 		nfs_rw_exit(&drp->r_rwlock);
2193 		return (error);
2194 	}
2195 
2196 	if (vp->v_type == VDIR && secpolicy_fs_linkdir(cr, dvp->v_vfsp)) {
2197 		VN_RELE(vp);
2198 		nfs_rw_exit(&drp->r_rwlock);
2199 		return (EPERM);
2200 	}
2201 
2202 	/*
2203 	 * First just remove the entry from the name cache, as it
2204 	 * is most likely the only entry for this vp.
2205 	 */
2206 	dnlc_remove(dvp, nm);
2207 
2208 	/*
2209 	 * If the file has a v_count > 1 then there may be more than one
2210 	 * entry in the name cache due multiple links or an open file,
2211 	 * but we don't have the real reference count so flush all
2212 	 * possible entries.
2213 	 */
2214 	if (vp->v_count > 1)
2215 		dnlc_purge_vp(vp);
2216 
2217 	/*
2218 	 * Now we have the real reference count on the vnode
2219 	 */
2220 	rp = VTOR(vp);
2221 	mutex_enter(&rp->r_statelock);
2222 	if (vp->v_count > 1 &&
2223 	    (rp->r_unldvp == NULL || strcmp(nm, rp->r_unlname) == 0)) {
2224 		mutex_exit(&rp->r_statelock);
2225 		tmpname = newname();
2226 		error = nfsrename(dvp, nm, dvp, tmpname, cr, ct);
2227 		if (error)
2228 			kmem_free(tmpname, MAXNAMELEN);
2229 		else {
2230 			mutex_enter(&rp->r_statelock);
2231 			if (rp->r_unldvp == NULL) {
2232 				VN_HOLD(dvp);
2233 				rp->r_unldvp = dvp;
2234 				if (rp->r_unlcred != NULL)
2235 					crfree(rp->r_unlcred);
2236 				crhold(cr);
2237 				rp->r_unlcred = cr;
2238 				rp->r_unlname = tmpname;
2239 			} else {
2240 				kmem_free(rp->r_unlname, MAXNAMELEN);
2241 				rp->r_unlname = tmpname;
2242 			}
2243 			mutex_exit(&rp->r_statelock);
2244 		}
2245 	} else {
2246 		mutex_exit(&rp->r_statelock);
2247 		/*
2248 		 * We need to flush any dirty pages which happen to
2249 		 * be hanging around before removing the file.  This
2250 		 * shouldn't happen very often and mostly on file
2251 		 * systems mounted "nocto".
2252 		 */
2253 		if (vn_has_cached_data(vp) &&
2254 		    ((rp->r_flags & RDIRTY) || rp->r_count > 0)) {
2255 			error = nfs_putpage(vp, (offset_t)0, 0, 0, cr, ct);
2256 			if (error && (error == ENOSPC || error == EDQUOT)) {
2257 				mutex_enter(&rp->r_statelock);
2258 				if (!rp->r_error)
2259 					rp->r_error = error;
2260 				mutex_exit(&rp->r_statelock);
2261 			}
2262 		}
2263 
2264 		setdiropargs(&da, nm, dvp);
2265 
2266 		douprintf = 1;
2267 
2268 		error = rfs2call(VTOMI(dvp), RFS_REMOVE,
2269 		    xdr_diropargs, (caddr_t)&da,
2270 		    xdr_enum, (caddr_t)&status, cr,
2271 		    &douprintf, &status, 0, NULL);
2272 
2273 		/*
2274 		 * The xattr dir may be gone after last attr is removed,
2275 		 * so flush it from dnlc.
2276 		 */
2277 		if (dvp->v_flag & V_XATTRDIR)
2278 			dnlc_purge_vp(dvp);
2279 
2280 		PURGE_ATTRCACHE(dvp);	/* mod time changed */
2281 		PURGE_ATTRCACHE(vp);	/* link count changed */
2282 
2283 		if (!error) {
2284 			error = geterrno(status);
2285 			if (!error) {
2286 				if (HAVE_RDDIR_CACHE(drp))
2287 					nfs_purge_rddir_cache(dvp);
2288 			} else {
2289 				PURGE_STALE_FH(error, dvp, cr);
2290 			}
2291 		}
2292 	}
2293 
2294 	if (error == 0) {
2295 		vnevent_remove(vp, dvp, nm, ct);
2296 	}
2297 	VN_RELE(vp);
2298 
2299 	nfs_rw_exit(&drp->r_rwlock);
2300 
2301 	return (error);
2302 }
2303 
2304 /* ARGSUSED */
2305 static int
2306 nfs_link(vnode_t *tdvp, vnode_t *svp, char *tnm, cred_t *cr,
2307 	caller_context_t *ct, int flags)
2308 {
2309 	int error;
2310 	struct nfslinkargs args;
2311 	enum nfsstat status;
2312 	vnode_t *realvp;
2313 	int douprintf;
2314 	rnode_t *tdrp;
2315 
2316 	if (nfs_zone() != VTOMI(tdvp)->mi_zone)
2317 		return (EPERM);
2318 	if (VOP_REALVP(svp, &realvp, ct) == 0)
2319 		svp = realvp;
2320 
2321 	args.la_from = VTOFH(svp);
2322 	setdiropargs(&args.la_to, tnm, tdvp);
2323 
2324 	tdrp = VTOR(tdvp);
2325 	if (nfs_rw_enter_sig(&tdrp->r_rwlock, RW_WRITER, INTR(tdvp)))
2326 		return (EINTR);
2327 
2328 	dnlc_remove(tdvp, tnm);
2329 
2330 	douprintf = 1;
2331 
2332 	error = rfs2call(VTOMI(svp), RFS_LINK,
2333 	    xdr_linkargs, (caddr_t)&args,
2334 	    xdr_enum, (caddr_t)&status, cr,
2335 	    &douprintf, &status, 0, NULL);
2336 
2337 	PURGE_ATTRCACHE(tdvp);	/* mod time changed */
2338 	PURGE_ATTRCACHE(svp);	/* link count changed */
2339 
2340 	if (!error) {
2341 		error = geterrno(status);
2342 		if (!error) {
2343 			if (HAVE_RDDIR_CACHE(tdrp))
2344 				nfs_purge_rddir_cache(tdvp);
2345 		}
2346 	}
2347 
2348 	nfs_rw_exit(&tdrp->r_rwlock);
2349 
2350 	if (!error) {
2351 		/*
2352 		 * Notify the source file of this link operation.
2353 		 */
2354 		vnevent_link(svp, ct);
2355 	}
2356 	return (error);
2357 }
2358 
2359 /* ARGSUSED */
2360 static int
2361 nfs_rename(vnode_t *odvp, char *onm, vnode_t *ndvp, char *nnm, cred_t *cr,
2362 	caller_context_t *ct, int flags)
2363 {
2364 	vnode_t *realvp;
2365 
2366 	if (nfs_zone() != VTOMI(odvp)->mi_zone)
2367 		return (EPERM);
2368 	if (VOP_REALVP(ndvp, &realvp, ct) == 0)
2369 		ndvp = realvp;
2370 
2371 	return (nfsrename(odvp, onm, ndvp, nnm, cr, ct));
2372 }
2373 
2374 /*
2375  * nfsrename does the real work of renaming in NFS Version 2.
2376  */
2377 static int
2378 nfsrename(vnode_t *odvp, char *onm, vnode_t *ndvp, char *nnm, cred_t *cr,
2379     caller_context_t *ct)
2380 {
2381 	int error;
2382 	enum nfsstat status;
2383 	struct nfsrnmargs args;
2384 	int douprintf;
2385 	vnode_t *nvp = NULL;
2386 	vnode_t *ovp = NULL;
2387 	char *tmpname;
2388 	rnode_t *rp;
2389 	rnode_t *odrp;
2390 	rnode_t *ndrp;
2391 
2392 	ASSERT(nfs_zone() == VTOMI(odvp)->mi_zone);
2393 	if (strcmp(onm, ".") == 0 || strcmp(onm, "..") == 0 ||
2394 	    strcmp(nnm, ".") == 0 || strcmp(nnm, "..") == 0)
2395 		return (EINVAL);
2396 
2397 	odrp = VTOR(odvp);
2398 	ndrp = VTOR(ndvp);
2399 	if ((intptr_t)odrp < (intptr_t)ndrp) {
2400 		if (nfs_rw_enter_sig(&odrp->r_rwlock, RW_WRITER, INTR(odvp)))
2401 			return (EINTR);
2402 		if (nfs_rw_enter_sig(&ndrp->r_rwlock, RW_WRITER, INTR(ndvp))) {
2403 			nfs_rw_exit(&odrp->r_rwlock);
2404 			return (EINTR);
2405 		}
2406 	} else {
2407 		if (nfs_rw_enter_sig(&ndrp->r_rwlock, RW_WRITER, INTR(ndvp)))
2408 			return (EINTR);
2409 		if (nfs_rw_enter_sig(&odrp->r_rwlock, RW_WRITER, INTR(odvp))) {
2410 			nfs_rw_exit(&ndrp->r_rwlock);
2411 			return (EINTR);
2412 		}
2413 	}
2414 
2415 	/*
2416 	 * Lookup the target file.  If it exists, it needs to be
2417 	 * checked to see whether it is a mount point and whether
2418 	 * it is active (open).
2419 	 */
2420 	error = nfslookup(ndvp, nnm, &nvp, NULL, 0, NULL, cr, 0);
2421 	if (!error) {
2422 		/*
2423 		 * If this file has been mounted on, then just
2424 		 * return busy because renaming to it would remove
2425 		 * the mounted file system from the name space.
2426 		 */
2427 		if (vn_mountedvfs(nvp) != NULL) {
2428 			VN_RELE(nvp);
2429 			nfs_rw_exit(&odrp->r_rwlock);
2430 			nfs_rw_exit(&ndrp->r_rwlock);
2431 			return (EBUSY);
2432 		}
2433 
2434 		/*
2435 		 * Purge the name cache of all references to this vnode
2436 		 * so that we can check the reference count to infer
2437 		 * whether it is active or not.
2438 		 */
2439 		/*
2440 		 * First just remove the entry from the name cache, as it
2441 		 * is most likely the only entry for this vp.
2442 		 */
2443 		dnlc_remove(ndvp, nnm);
2444 		/*
2445 		 * If the file has a v_count > 1 then there may be more
2446 		 * than one entry in the name cache due multiple links
2447 		 * or an open file, but we don't have the real reference
2448 		 * count so flush all possible entries.
2449 		 */
2450 		if (nvp->v_count > 1)
2451 			dnlc_purge_vp(nvp);
2452 
2453 		/*
2454 		 * If the vnode is active and is not a directory,
2455 		 * arrange to rename it to a
2456 		 * temporary file so that it will continue to be
2457 		 * accessible.  This implements the "unlink-open-file"
2458 		 * semantics for the target of a rename operation.
2459 		 * Before doing this though, make sure that the
2460 		 * source and target files are not already the same.
2461 		 */
2462 		if (nvp->v_count > 1 && nvp->v_type != VDIR) {
2463 			/*
2464 			 * Lookup the source name.
2465 			 */
2466 			error = nfslookup(odvp, onm, &ovp, NULL, 0, NULL,
2467 			    cr, 0);
2468 
2469 			/*
2470 			 * The source name *should* already exist.
2471 			 */
2472 			if (error) {
2473 				VN_RELE(nvp);
2474 				nfs_rw_exit(&odrp->r_rwlock);
2475 				nfs_rw_exit(&ndrp->r_rwlock);
2476 				return (error);
2477 			}
2478 
2479 			/*
2480 			 * Compare the two vnodes.  If they are the same,
2481 			 * just release all held vnodes and return success.
2482 			 */
2483 			if (ovp == nvp) {
2484 				VN_RELE(ovp);
2485 				VN_RELE(nvp);
2486 				nfs_rw_exit(&odrp->r_rwlock);
2487 				nfs_rw_exit(&ndrp->r_rwlock);
2488 				return (0);
2489 			}
2490 
2491 			/*
2492 			 * Can't mix and match directories and non-
2493 			 * directories in rename operations.  We already
2494 			 * know that the target is not a directory.  If
2495 			 * the source is a directory, return an error.
2496 			 */
2497 			if (ovp->v_type == VDIR) {
2498 				VN_RELE(ovp);
2499 				VN_RELE(nvp);
2500 				nfs_rw_exit(&odrp->r_rwlock);
2501 				nfs_rw_exit(&ndrp->r_rwlock);
2502 				return (ENOTDIR);
2503 			}
2504 
2505 			/*
2506 			 * The target file exists, is not the same as
2507 			 * the source file, and is active.  Link it
2508 			 * to a temporary filename to avoid having
2509 			 * the server removing the file completely.
2510 			 */
2511 			tmpname = newname();
2512 			error = nfs_link(ndvp, nvp, tmpname, cr, NULL, 0);
2513 			if (error == EOPNOTSUPP) {
2514 				error = nfs_rename(ndvp, nnm, ndvp, tmpname,
2515 				    cr, NULL, 0);
2516 			}
2517 			if (error) {
2518 				kmem_free(tmpname, MAXNAMELEN);
2519 				VN_RELE(ovp);
2520 				VN_RELE(nvp);
2521 				nfs_rw_exit(&odrp->r_rwlock);
2522 				nfs_rw_exit(&ndrp->r_rwlock);
2523 				return (error);
2524 			}
2525 			rp = VTOR(nvp);
2526 			mutex_enter(&rp->r_statelock);
2527 			if (rp->r_unldvp == NULL) {
2528 				VN_HOLD(ndvp);
2529 				rp->r_unldvp = ndvp;
2530 				if (rp->r_unlcred != NULL)
2531 					crfree(rp->r_unlcred);
2532 				crhold(cr);
2533 				rp->r_unlcred = cr;
2534 				rp->r_unlname = tmpname;
2535 			} else {
2536 				kmem_free(rp->r_unlname, MAXNAMELEN);
2537 				rp->r_unlname = tmpname;
2538 			}
2539 			mutex_exit(&rp->r_statelock);
2540 		}
2541 	}
2542 
2543 	if (ovp == NULL) {
2544 		/*
2545 		 * When renaming directories to be a subdirectory of a
2546 		 * different parent, the dnlc entry for ".." will no
2547 		 * longer be valid, so it must be removed.
2548 		 *
2549 		 * We do a lookup here to determine whether we are renaming
2550 		 * a directory and we need to check if we are renaming
2551 		 * an unlinked file.  This might have already been done
2552 		 * in previous code, so we check ovp == NULL to avoid
2553 		 * doing it twice.
2554 		 */
2555 
2556 		error = nfslookup(odvp, onm, &ovp, NULL, 0, NULL, cr, 0);
2557 
2558 		/*
2559 		 * The source name *should* already exist.
2560 		 */
2561 		if (error) {
2562 			nfs_rw_exit(&odrp->r_rwlock);
2563 			nfs_rw_exit(&ndrp->r_rwlock);
2564 			if (nvp) {
2565 				VN_RELE(nvp);
2566 			}
2567 			return (error);
2568 		}
2569 		ASSERT(ovp != NULL);
2570 	}
2571 
2572 	dnlc_remove(odvp, onm);
2573 	dnlc_remove(ndvp, nnm);
2574 
2575 	setdiropargs(&args.rna_from, onm, odvp);
2576 	setdiropargs(&args.rna_to, nnm, ndvp);
2577 
2578 	douprintf = 1;
2579 
2580 	error = rfs2call(VTOMI(odvp), RFS_RENAME,
2581 	    xdr_rnmargs, (caddr_t)&args,
2582 	    xdr_enum, (caddr_t)&status, cr,
2583 	    &douprintf, &status, 0, NULL);
2584 
2585 	PURGE_ATTRCACHE(odvp);	/* mod time changed */
2586 	PURGE_ATTRCACHE(ndvp);	/* mod time changed */
2587 
2588 	if (!error) {
2589 		error = geterrno(status);
2590 		if (!error) {
2591 			if (HAVE_RDDIR_CACHE(odrp))
2592 				nfs_purge_rddir_cache(odvp);
2593 			if (HAVE_RDDIR_CACHE(ndrp))
2594 				nfs_purge_rddir_cache(ndvp);
2595 			/*
2596 			 * when renaming directories to be a subdirectory of a
2597 			 * different parent, the dnlc entry for ".." will no
2598 			 * longer be valid, so it must be removed
2599 			 */
2600 			rp = VTOR(ovp);
2601 			if (ndvp != odvp) {
2602 				if (ovp->v_type == VDIR) {
2603 					dnlc_remove(ovp, "..");
2604 					if (HAVE_RDDIR_CACHE(rp))
2605 						nfs_purge_rddir_cache(ovp);
2606 				}
2607 			}
2608 
2609 			/*
2610 			 * If we are renaming the unlinked file, update the
2611 			 * r_unldvp and r_unlname as needed.
2612 			 */
2613 			mutex_enter(&rp->r_statelock);
2614 			if (rp->r_unldvp != NULL) {
2615 				if (strcmp(rp->r_unlname, onm) == 0) {
2616 					(void) strncpy(rp->r_unlname,
2617 					    nnm, MAXNAMELEN);
2618 					rp->r_unlname[MAXNAMELEN - 1] = '\0';
2619 
2620 					if (ndvp != rp->r_unldvp) {
2621 						VN_RELE(rp->r_unldvp);
2622 						rp->r_unldvp = ndvp;
2623 						VN_HOLD(ndvp);
2624 					}
2625 				}
2626 			}
2627 			mutex_exit(&rp->r_statelock);
2628 		} else {
2629 			/*
2630 			 * System V defines rename to return EEXIST, not
2631 			 * ENOTEMPTY if the target directory is not empty.
2632 			 * Over the wire, the error is NFSERR_ENOTEMPTY
2633 			 * which geterrno maps to ENOTEMPTY.
2634 			 */
2635 			if (error == ENOTEMPTY)
2636 				error = EEXIST;
2637 		}
2638 	}
2639 
2640 	if (error == 0) {
2641 		if (nvp)
2642 			vnevent_rename_dest(nvp, ndvp, nnm, ct);
2643 
2644 		if (odvp != ndvp)
2645 			vnevent_rename_dest_dir(ndvp, ct);
2646 
2647 		ASSERT(ovp != NULL);
2648 		vnevent_rename_src(ovp, odvp, onm, ct);
2649 	}
2650 
2651 	if (nvp) {
2652 		VN_RELE(nvp);
2653 	}
2654 	VN_RELE(ovp);
2655 
2656 	nfs_rw_exit(&odrp->r_rwlock);
2657 	nfs_rw_exit(&ndrp->r_rwlock);
2658 
2659 	return (error);
2660 }
2661 
2662 /* ARGSUSED */
2663 static int
2664 nfs_mkdir(vnode_t *dvp, char *nm, struct vattr *va, vnode_t **vpp, cred_t *cr,
2665 	caller_context_t *ct, int flags, vsecattr_t *vsecp)
2666 {
2667 	int error;
2668 	struct nfscreatargs args;
2669 	struct nfsdiropres dr;
2670 	int douprintf;
2671 	rnode_t *drp;
2672 	hrtime_t t;
2673 
2674 	if (nfs_zone() != VTOMI(dvp)->mi_zone)
2675 		return (EPERM);
2676 
2677 	setdiropargs(&args.ca_da, nm, dvp);
2678 
2679 	/*
2680 	 * Decide what the group-id and set-gid bit of the created directory
2681 	 * should be.  May have to do a setattr to get the gid right.
2682 	 */
2683 	error = setdirgid(dvp, &va->va_gid, cr);
2684 	if (error)
2685 		return (error);
2686 	error = setdirmode(dvp, &va->va_mode, cr);
2687 	if (error)
2688 		return (error);
2689 	va->va_mask |= AT_MODE|AT_GID;
2690 
2691 	args.ca_sa = &args.ca_sa_buf;
2692 	error = vattr_to_sattr(va, args.ca_sa);
2693 	if (error) {
2694 		/* req time field(s) overflow - return immediately */
2695 		return (error);
2696 	}
2697 
2698 	drp = VTOR(dvp);
2699 	if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
2700 		return (EINTR);
2701 
2702 	dnlc_remove(dvp, nm);
2703 
2704 	douprintf = 1;
2705 
2706 	t = gethrtime();
2707 
2708 	error = rfs2call(VTOMI(dvp), RFS_MKDIR,
2709 	    xdr_creatargs, (caddr_t)&args,
2710 	    xdr_diropres, (caddr_t)&dr, cr,
2711 	    &douprintf, &dr.dr_status, 0, NULL);
2712 
2713 	PURGE_ATTRCACHE(dvp);	/* mod time changed */
2714 
2715 	if (!error) {
2716 		error = geterrno(dr.dr_status);
2717 		if (!error) {
2718 			if (HAVE_RDDIR_CACHE(drp))
2719 				nfs_purge_rddir_cache(dvp);
2720 			/*
2721 			 * The attributes returned by RFS_MKDIR can not
2722 			 * be depended upon, so mark the attribute cache
2723 			 * as purged.  A subsequent GETATTR will get the
2724 			 * correct attributes from the server.
2725 			 */
2726 			*vpp = makenfsnode(&dr.dr_fhandle, &dr.dr_attr,
2727 			    dvp->v_vfsp, t, cr, NULL, NULL);
2728 			PURGE_ATTRCACHE(*vpp);
2729 			dnlc_update(dvp, nm, *vpp);
2730 
2731 			/*
2732 			 * Make sure the gid was set correctly.
2733 			 * If not, try to set it (but don't lose
2734 			 * any sleep over it).
2735 			 */
2736 			if (va->va_gid != VTOR(*vpp)->r_attr.va_gid) {
2737 				va->va_mask = AT_GID;
2738 				(void) nfssetattr(*vpp, va, 0, cr);
2739 			}
2740 		} else {
2741 			PURGE_STALE_FH(error, dvp, cr);
2742 		}
2743 	}
2744 
2745 	nfs_rw_exit(&drp->r_rwlock);
2746 
2747 	return (error);
2748 }
2749 
2750 /* ARGSUSED */
2751 static int
2752 nfs_rmdir(vnode_t *dvp, char *nm, vnode_t *cdir, cred_t *cr,
2753 	caller_context_t *ct, int flags)
2754 {
2755 	int error;
2756 	enum nfsstat status;
2757 	struct nfsdiropargs da;
2758 	vnode_t *vp;
2759 	int douprintf;
2760 	rnode_t *drp;
2761 
2762 	if (nfs_zone() != VTOMI(dvp)->mi_zone)
2763 		return (EPERM);
2764 	drp = VTOR(dvp);
2765 	if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
2766 		return (EINTR);
2767 
2768 	/*
2769 	 * Attempt to prevent a rmdir(".") from succeeding.
2770 	 */
2771 	error = nfslookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
2772 	if (error) {
2773 		nfs_rw_exit(&drp->r_rwlock);
2774 		return (error);
2775 	}
2776 
2777 	if (vp == cdir) {
2778 		VN_RELE(vp);
2779 		nfs_rw_exit(&drp->r_rwlock);
2780 		return (EINVAL);
2781 	}
2782 
2783 	setdiropargs(&da, nm, dvp);
2784 
2785 	/*
2786 	 * First just remove the entry from the name cache, as it
2787 	 * is most likely an entry for this vp.
2788 	 */
2789 	dnlc_remove(dvp, nm);
2790 
2791 	/*
2792 	 * If there vnode reference count is greater than one, then
2793 	 * there may be additional references in the DNLC which will
2794 	 * need to be purged.  First, trying removing the entry for
2795 	 * the parent directory and see if that removes the additional
2796 	 * reference(s).  If that doesn't do it, then use dnlc_purge_vp
2797 	 * to completely remove any references to the directory which
2798 	 * might still exist in the DNLC.
2799 	 */
2800 	if (vp->v_count > 1) {
2801 		dnlc_remove(vp, "..");
2802 		if (vp->v_count > 1)
2803 			dnlc_purge_vp(vp);
2804 	}
2805 
2806 	douprintf = 1;
2807 
2808 	error = rfs2call(VTOMI(dvp), RFS_RMDIR,
2809 	    xdr_diropargs, (caddr_t)&da,
2810 	    xdr_enum, (caddr_t)&status, cr,
2811 	    &douprintf, &status, 0, NULL);
2812 
2813 	PURGE_ATTRCACHE(dvp);	/* mod time changed */
2814 
2815 	if (error) {
2816 		VN_RELE(vp);
2817 		nfs_rw_exit(&drp->r_rwlock);
2818 		return (error);
2819 	}
2820 
2821 	error = geterrno(status);
2822 	if (!error) {
2823 		if (HAVE_RDDIR_CACHE(drp))
2824 			nfs_purge_rddir_cache(dvp);
2825 		if (HAVE_RDDIR_CACHE(VTOR(vp)))
2826 			nfs_purge_rddir_cache(vp);
2827 	} else {
2828 		PURGE_STALE_FH(error, dvp, cr);
2829 		/*
2830 		 * System V defines rmdir to return EEXIST, not
2831 		 * ENOTEMPTY if the directory is not empty.  Over
2832 		 * the wire, the error is NFSERR_ENOTEMPTY which
2833 		 * geterrno maps to ENOTEMPTY.
2834 		 */
2835 		if (error == ENOTEMPTY)
2836 			error = EEXIST;
2837 	}
2838 
2839 	if (error == 0) {
2840 		vnevent_rmdir(vp, dvp, nm, ct);
2841 	}
2842 	VN_RELE(vp);
2843 
2844 	nfs_rw_exit(&drp->r_rwlock);
2845 
2846 	return (error);
2847 }
2848 
2849 /* ARGSUSED */
2850 static int
2851 nfs_symlink(vnode_t *dvp, char *lnm, struct vattr *tva, char *tnm, cred_t *cr,
2852 	caller_context_t *ct, int flags)
2853 {
2854 	int error;
2855 	struct nfsslargs args;
2856 	enum nfsstat status;
2857 	int douprintf;
2858 	rnode_t *drp;
2859 
2860 	if (nfs_zone() != VTOMI(dvp)->mi_zone)
2861 		return (EPERM);
2862 	setdiropargs(&args.sla_from, lnm, dvp);
2863 	args.sla_sa = &args.sla_sa_buf;
2864 	error = vattr_to_sattr(tva, args.sla_sa);
2865 	if (error) {
2866 		/* req time field(s) overflow - return immediately */
2867 		return (error);
2868 	}
2869 	args.sla_tnm = tnm;
2870 
2871 	drp = VTOR(dvp);
2872 	if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
2873 		return (EINTR);
2874 
2875 	dnlc_remove(dvp, lnm);
2876 
2877 	douprintf = 1;
2878 
2879 	error = rfs2call(VTOMI(dvp), RFS_SYMLINK,
2880 	    xdr_slargs, (caddr_t)&args,
2881 	    xdr_enum, (caddr_t)&status, cr,
2882 	    &douprintf, &status, 0, NULL);
2883 
2884 	PURGE_ATTRCACHE(dvp);	/* mod time changed */
2885 
2886 	if (!error) {
2887 		error = geterrno(status);
2888 		if (!error) {
2889 			if (HAVE_RDDIR_CACHE(drp))
2890 				nfs_purge_rddir_cache(dvp);
2891 		} else {
2892 			PURGE_STALE_FH(error, dvp, cr);
2893 		}
2894 	}
2895 
2896 	nfs_rw_exit(&drp->r_rwlock);
2897 
2898 	return (error);
2899 }
2900 
2901 #ifdef DEBUG
2902 static int nfs_readdir_cache_hits = 0;
2903 static int nfs_readdir_cache_shorts = 0;
2904 static int nfs_readdir_cache_waits = 0;
2905 static int nfs_readdir_cache_misses = 0;
2906 static int nfs_readdir_readahead = 0;
2907 #endif
2908 
2909 static int nfs_shrinkreaddir = 0;
2910 
2911 /*
2912  * Read directory entries.
2913  * There are some weird things to look out for here.  The uio_offset
2914  * field is either 0 or it is the offset returned from a previous
2915  * readdir.  It is an opaque value used by the server to find the
2916  * correct directory block to read. The count field is the number
2917  * of blocks to read on the server.  This is advisory only, the server
2918  * may return only one block's worth of entries.  Entries may be compressed
2919  * on the server.
2920  */
2921 /* ARGSUSED */
2922 static int
2923 nfs_readdir(vnode_t *vp, struct uio *uiop, cred_t *cr, int *eofp,
2924 	caller_context_t *ct, int flags)
2925 {
2926 	int error;
2927 	size_t count;
2928 	rnode_t *rp;
2929 	rddir_cache *rdc;
2930 	rddir_cache *nrdc;
2931 	rddir_cache *rrdc;
2932 #ifdef DEBUG
2933 	int missed;
2934 #endif
2935 	rddir_cache srdc;
2936 	avl_index_t where;
2937 
2938 	rp = VTOR(vp);
2939 
2940 	ASSERT(nfs_rw_lock_held(&rp->r_rwlock, RW_READER));
2941 	if (nfs_zone() != VTOMI(vp)->mi_zone)
2942 		return (EIO);
2943 	/*
2944 	 * Make sure that the directory cache is valid.
2945 	 */
2946 	if (HAVE_RDDIR_CACHE(rp)) {
2947 		if (nfs_disable_rddir_cache) {
2948 			/*
2949 			 * Setting nfs_disable_rddir_cache in /etc/system
2950 			 * allows interoperability with servers that do not
2951 			 * properly update the attributes of directories.
2952 			 * Any cached information gets purged before an
2953 			 * access is made to it.
2954 			 */
2955 			nfs_purge_rddir_cache(vp);
2956 		} else {
2957 			error = nfs_validate_caches(vp, cr);
2958 			if (error)
2959 				return (error);
2960 		}
2961 	}
2962 
2963 	/*
2964 	 * UGLINESS: SunOS 3.2 servers apparently cannot always handle an
2965 	 * RFS_READDIR request with rda_count set to more than 0x400. So
2966 	 * we reduce the request size here purely for compatibility.
2967 	 *
2968 	 * In general, this is no longer required.  However, if a server
2969 	 * is discovered which can not handle requests larger than 1024,
2970 	 * nfs_shrinkreaddir can be set to 1 to enable this backwards
2971 	 * compatibility.
2972 	 *
2973 	 * In any case, the request size is limited to NFS_MAXDATA bytes.
2974 	 */
2975 	count = MIN(uiop->uio_iov->iov_len,
2976 	    nfs_shrinkreaddir ? 0x400 : NFS_MAXDATA);
2977 
2978 	nrdc = NULL;
2979 #ifdef DEBUG
2980 	missed = 0;
2981 #endif
2982 top:
2983 	/*
2984 	 * Short circuit last readdir which always returns 0 bytes.
2985 	 * This can be done after the directory has been read through
2986 	 * completely at least once.  This will set r_direof which
2987 	 * can be used to find the value of the last cookie.
2988 	 */
2989 	mutex_enter(&rp->r_statelock);
2990 	if (rp->r_direof != NULL &&
2991 	    uiop->uio_offset == rp->r_direof->nfs_ncookie) {
2992 		mutex_exit(&rp->r_statelock);
2993 #ifdef DEBUG
2994 		nfs_readdir_cache_shorts++;
2995 #endif
2996 		if (eofp)
2997 			*eofp = 1;
2998 		if (nrdc != NULL)
2999 			rddir_cache_rele(nrdc);
3000 		return (0);
3001 	}
3002 	/*
3003 	 * Look for a cache entry.  Cache entries are identified
3004 	 * by the NFS cookie value and the byte count requested.
3005 	 */
3006 	srdc.nfs_cookie = uiop->uio_offset;
3007 	srdc.buflen = count;
3008 	rdc = avl_find(&rp->r_dir, &srdc, &where);
3009 	if (rdc != NULL) {
3010 		rddir_cache_hold(rdc);
3011 		/*
3012 		 * If the cache entry is in the process of being
3013 		 * filled in, wait until this completes.  The
3014 		 * RDDIRWAIT bit is set to indicate that someone
3015 		 * is waiting and then the thread currently
3016 		 * filling the entry is done, it should do a
3017 		 * cv_broadcast to wakeup all of the threads
3018 		 * waiting for it to finish.
3019 		 */
3020 		if (rdc->flags & RDDIR) {
3021 			nfs_rw_exit(&rp->r_rwlock);
3022 			rdc->flags |= RDDIRWAIT;
3023 #ifdef DEBUG
3024 			nfs_readdir_cache_waits++;
3025 #endif
3026 			if (!cv_wait_sig(&rdc->cv, &rp->r_statelock)) {
3027 				/*
3028 				 * We got interrupted, probably
3029 				 * the user typed ^C or an alarm
3030 				 * fired.  We free the new entry
3031 				 * if we allocated one.
3032 				 */
3033 				mutex_exit(&rp->r_statelock);
3034 				(void) nfs_rw_enter_sig(&rp->r_rwlock,
3035 				    RW_READER, FALSE);
3036 				rddir_cache_rele(rdc);
3037 				if (nrdc != NULL)
3038 					rddir_cache_rele(nrdc);
3039 				return (EINTR);
3040 			}
3041 			mutex_exit(&rp->r_statelock);
3042 			(void) nfs_rw_enter_sig(&rp->r_rwlock,
3043 			    RW_READER, FALSE);
3044 			rddir_cache_rele(rdc);
3045 			goto top;
3046 		}
3047 		/*
3048 		 * Check to see if a readdir is required to
3049 		 * fill the entry.  If so, mark this entry
3050 		 * as being filled, remove our reference,
3051 		 * and branch to the code to fill the entry.
3052 		 */
3053 		if (rdc->flags & RDDIRREQ) {
3054 			rdc->flags &= ~RDDIRREQ;
3055 			rdc->flags |= RDDIR;
3056 			if (nrdc != NULL)
3057 				rddir_cache_rele(nrdc);
3058 			nrdc = rdc;
3059 			mutex_exit(&rp->r_statelock);
3060 			goto bottom;
3061 		}
3062 #ifdef DEBUG
3063 		if (!missed)
3064 			nfs_readdir_cache_hits++;
3065 #endif
3066 		/*
3067 		 * If an error occurred while attempting
3068 		 * to fill the cache entry, just return it.
3069 		 */
3070 		if (rdc->error) {
3071 			error = rdc->error;
3072 			mutex_exit(&rp->r_statelock);
3073 			rddir_cache_rele(rdc);
3074 			if (nrdc != NULL)
3075 				rddir_cache_rele(nrdc);
3076 			return (error);
3077 		}
3078 
3079 		/*
3080 		 * The cache entry is complete and good,
3081 		 * copyout the dirent structs to the calling
3082 		 * thread.
3083 		 */
3084 		error = uiomove(rdc->entries, rdc->entlen, UIO_READ, uiop);
3085 
3086 		/*
3087 		 * If no error occurred during the copyout,
3088 		 * update the offset in the uio struct to
3089 		 * contain the value of the next cookie
3090 		 * and set the eof value appropriately.
3091 		 */
3092 		if (!error) {
3093 			uiop->uio_offset = rdc->nfs_ncookie;
3094 			if (eofp)
3095 				*eofp = rdc->eof;
3096 		}
3097 
3098 		/*
3099 		 * Decide whether to do readahead.  Don't if
3100 		 * have already read to the end of directory.
3101 		 */
3102 		if (rdc->eof) {
3103 			rp->r_direof = rdc;
3104 			mutex_exit(&rp->r_statelock);
3105 			rddir_cache_rele(rdc);
3106 			if (nrdc != NULL)
3107 				rddir_cache_rele(nrdc);
3108 			return (error);
3109 		}
3110 
3111 		/*
3112 		 * Check to see whether we found an entry
3113 		 * for the readahead.  If so, we don't need
3114 		 * to do anything further, so free the new
3115 		 * entry if one was allocated.  Otherwise,
3116 		 * allocate a new entry, add it to the cache,
3117 		 * and then initiate an asynchronous readdir
3118 		 * operation to fill it.
3119 		 */
3120 		srdc.nfs_cookie = rdc->nfs_ncookie;
3121 		srdc.buflen = count;
3122 		rrdc = avl_find(&rp->r_dir, &srdc, &where);
3123 		if (rrdc != NULL) {
3124 			if (nrdc != NULL)
3125 				rddir_cache_rele(nrdc);
3126 		} else {
3127 			if (nrdc != NULL)
3128 				rrdc = nrdc;
3129 			else {
3130 				rrdc = rddir_cache_alloc(KM_NOSLEEP);
3131 			}
3132 			if (rrdc != NULL) {
3133 				rrdc->nfs_cookie = rdc->nfs_ncookie;
3134 				rrdc->buflen = count;
3135 				avl_insert(&rp->r_dir, rrdc, where);
3136 				rddir_cache_hold(rrdc);
3137 				mutex_exit(&rp->r_statelock);
3138 				rddir_cache_rele(rdc);
3139 #ifdef DEBUG
3140 				nfs_readdir_readahead++;
3141 #endif
3142 				nfs_async_readdir(vp, rrdc, cr, nfsreaddir);
3143 				return (error);
3144 			}
3145 		}
3146 
3147 		mutex_exit(&rp->r_statelock);
3148 		rddir_cache_rele(rdc);
3149 		return (error);
3150 	}
3151 
3152 	/*
3153 	 * Didn't find an entry in the cache.  Construct a new empty
3154 	 * entry and link it into the cache.  Other processes attempting
3155 	 * to access this entry will need to wait until it is filled in.
3156 	 *
3157 	 * Since kmem_alloc may block, another pass through the cache
3158 	 * will need to be taken to make sure that another process
3159 	 * hasn't already added an entry to the cache for this request.
3160 	 */
3161 	if (nrdc == NULL) {
3162 		mutex_exit(&rp->r_statelock);
3163 		nrdc = rddir_cache_alloc(KM_SLEEP);
3164 		nrdc->nfs_cookie = uiop->uio_offset;
3165 		nrdc->buflen = count;
3166 		goto top;
3167 	}
3168 
3169 	/*
3170 	 * Add this entry to the cache.
3171 	 */
3172 	avl_insert(&rp->r_dir, nrdc, where);
3173 	rddir_cache_hold(nrdc);
3174 	mutex_exit(&rp->r_statelock);
3175 
3176 bottom:
3177 #ifdef DEBUG
3178 	missed = 1;
3179 	nfs_readdir_cache_misses++;
3180 #endif
3181 	/*
3182 	 * Do the readdir.
3183 	 */
3184 	error = nfsreaddir(vp, nrdc, cr);
3185 
3186 	/*
3187 	 * If this operation failed, just return the error which occurred.
3188 	 */
3189 	if (error != 0)
3190 		return (error);
3191 
3192 	/*
3193 	 * Since the RPC operation will have taken sometime and blocked
3194 	 * this process, another pass through the cache will need to be
3195 	 * taken to find the correct cache entry.  It is possible that
3196 	 * the correct cache entry will not be there (although one was
3197 	 * added) because the directory changed during the RPC operation
3198 	 * and the readdir cache was flushed.  In this case, just start
3199 	 * over.  It is hoped that this will not happen too often... :-)
3200 	 */
3201 	nrdc = NULL;
3202 	goto top;
3203 	/* NOTREACHED */
3204 }
3205 
3206 static int
3207 nfsreaddir(vnode_t *vp, rddir_cache *rdc, cred_t *cr)
3208 {
3209 	int error;
3210 	struct nfsrddirargs rda;
3211 	struct nfsrddirres rd;
3212 	rnode_t *rp;
3213 	mntinfo_t *mi;
3214 	uint_t count;
3215 	int douprintf;
3216 	failinfo_t fi, *fip;
3217 
3218 	ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
3219 	count = rdc->buflen;
3220 
3221 	rp = VTOR(vp);
3222 	mi = VTOMI(vp);
3223 
3224 	rda.rda_fh = *VTOFH(vp);
3225 	rda.rda_offset = rdc->nfs_cookie;
3226 
3227 	/*
3228 	 * NFS client failover support
3229 	 * suppress failover unless we have a zero cookie
3230 	 */
3231 	if (rdc->nfs_cookie == (off_t)0) {
3232 		fi.vp = vp;
3233 		fi.fhp = (caddr_t)&rda.rda_fh;
3234 		fi.copyproc = nfscopyfh;
3235 		fi.lookupproc = nfslookup;
3236 		fi.xattrdirproc = acl_getxattrdir2;
3237 		fip = &fi;
3238 	} else {
3239 		fip = NULL;
3240 	}
3241 
3242 	rd.rd_entries = kmem_alloc(rdc->buflen, KM_SLEEP);
3243 	rd.rd_size = count;
3244 	rd.rd_offset = rda.rda_offset;
3245 
3246 	douprintf = 1;
3247 
3248 	if (mi->mi_io_kstats) {
3249 		mutex_enter(&mi->mi_lock);
3250 		kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
3251 		mutex_exit(&mi->mi_lock);
3252 	}
3253 
3254 	do {
3255 		rda.rda_count = MIN(count, mi->mi_curread);
3256 		error = rfs2call(mi, RFS_READDIR,
3257 		    xdr_rddirargs, (caddr_t)&rda,
3258 		    xdr_getrddirres, (caddr_t)&rd, cr,
3259 		    &douprintf, &rd.rd_status, 0, fip);
3260 	} while (error == ENFS_TRYAGAIN);
3261 
3262 	if (mi->mi_io_kstats) {
3263 		mutex_enter(&mi->mi_lock);
3264 		kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
3265 		mutex_exit(&mi->mi_lock);
3266 	}
3267 
3268 	/*
3269 	 * Since we are actually doing a READDIR RPC, we must have
3270 	 * exclusive access to the cache entry being filled.  Thus,
3271 	 * it is safe to update all fields except for the flags
3272 	 * field.  The r_statelock in the rnode must be held to
3273 	 * prevent two different threads from simultaneously
3274 	 * attempting to update the flags field.  This can happen
3275 	 * if we are turning off RDDIR and the other thread is
3276 	 * trying to set RDDIRWAIT.
3277 	 */
3278 	ASSERT(rdc->flags & RDDIR);
3279 	if (!error) {
3280 		error = geterrno(rd.rd_status);
3281 		if (!error) {
3282 			rdc->nfs_ncookie = rd.rd_offset;
3283 			rdc->eof = rd.rd_eof ? 1 : 0;
3284 			rdc->entlen = rd.rd_size;
3285 			ASSERT(rdc->entlen <= rdc->buflen);
3286 #ifdef DEBUG
3287 			rdc->entries = rddir_cache_buf_alloc(rdc->buflen,
3288 			    KM_SLEEP);
3289 #else
3290 			rdc->entries = kmem_alloc(rdc->buflen, KM_SLEEP);
3291 #endif
3292 			bcopy(rd.rd_entries, rdc->entries, rdc->entlen);
3293 			rdc->error = 0;
3294 			if (mi->mi_io_kstats) {
3295 				mutex_enter(&mi->mi_lock);
3296 				KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
3297 				KSTAT_IO_PTR(mi->mi_io_kstats)->nread +=
3298 				    rd.rd_size;
3299 				mutex_exit(&mi->mi_lock);
3300 			}
3301 		} else {
3302 			PURGE_STALE_FH(error, vp, cr);
3303 		}
3304 	}
3305 	if (error) {
3306 		rdc->entries = NULL;
3307 		rdc->error = error;
3308 	}
3309 	kmem_free(rd.rd_entries, rdc->buflen);
3310 
3311 	mutex_enter(&rp->r_statelock);
3312 	rdc->flags &= ~RDDIR;
3313 	if (rdc->flags & RDDIRWAIT) {
3314 		rdc->flags &= ~RDDIRWAIT;
3315 		cv_broadcast(&rdc->cv);
3316 	}
3317 	if (error)
3318 		rdc->flags |= RDDIRREQ;
3319 	mutex_exit(&rp->r_statelock);
3320 
3321 	rddir_cache_rele(rdc);
3322 
3323 	return (error);
3324 }
3325 
3326 #ifdef DEBUG
3327 static int nfs_bio_do_stop = 0;
3328 #endif
3329 
3330 static int
3331 nfs_bio(struct buf *bp, cred_t *cr)
3332 {
3333 	rnode_t *rp = VTOR(bp->b_vp);
3334 	int count;
3335 	int error;
3336 	cred_t *cred;
3337 	uint_t offset;
3338 
3339 	DTRACE_IO1(start, struct buf *, bp);
3340 
3341 	ASSERT(nfs_zone() == VTOMI(bp->b_vp)->mi_zone);
3342 	offset = dbtob(bp->b_blkno);
3343 
3344 	if (bp->b_flags & B_READ) {
3345 		mutex_enter(&rp->r_statelock);
3346 		if (rp->r_cred != NULL) {
3347 			cred = rp->r_cred;
3348 			crhold(cred);
3349 		} else {
3350 			rp->r_cred = cr;
3351 			crhold(cr);
3352 			cred = cr;
3353 			crhold(cred);
3354 		}
3355 		mutex_exit(&rp->r_statelock);
3356 	read_again:
3357 		error = bp->b_error = nfsread(bp->b_vp, bp->b_un.b_addr,
3358 		    offset, bp->b_bcount, &bp->b_resid, cred);
3359 		crfree(cred);
3360 		if (!error) {
3361 			if (bp->b_resid) {
3362 				/*
3363 				 * Didn't get it all because we hit EOF,
3364 				 * zero all the memory beyond the EOF.
3365 				 */
3366 				/* bzero(rdaddr + */
3367 				bzero(bp->b_un.b_addr +
3368 				    bp->b_bcount - bp->b_resid, bp->b_resid);
3369 			}
3370 			mutex_enter(&rp->r_statelock);
3371 			if (bp->b_resid == bp->b_bcount &&
3372 			    offset >= rp->r_size) {
3373 				/*
3374 				 * We didn't read anything at all as we are
3375 				 * past EOF.  Return an error indicator back
3376 				 * but don't destroy the pages (yet).
3377 				 */
3378 				error = NFS_EOF;
3379 			}
3380 			mutex_exit(&rp->r_statelock);
3381 		} else if (error == EACCES) {
3382 			mutex_enter(&rp->r_statelock);
3383 			if (cred != cr) {
3384 				if (rp->r_cred != NULL)
3385 					crfree(rp->r_cred);
3386 				rp->r_cred = cr;
3387 				crhold(cr);
3388 				cred = cr;
3389 				crhold(cred);
3390 				mutex_exit(&rp->r_statelock);
3391 				goto read_again;
3392 			}
3393 			mutex_exit(&rp->r_statelock);
3394 		}
3395 	} else {
3396 		if (!(rp->r_flags & RSTALE)) {
3397 			mutex_enter(&rp->r_statelock);
3398 			if (rp->r_cred != NULL) {
3399 				cred = rp->r_cred;
3400 				crhold(cred);
3401 			} else {
3402 				rp->r_cred = cr;
3403 				crhold(cr);
3404 				cred = cr;
3405 				crhold(cred);
3406 			}
3407 			mutex_exit(&rp->r_statelock);
3408 		write_again:
3409 			mutex_enter(&rp->r_statelock);
3410 			count = MIN(bp->b_bcount, rp->r_size - offset);
3411 			mutex_exit(&rp->r_statelock);
3412 			if (count < 0)
3413 				cmn_err(CE_PANIC, "nfs_bio: write count < 0");
3414 #ifdef DEBUG
3415 			if (count == 0) {
3416 				zcmn_err(getzoneid(), CE_WARN,
3417 				    "nfs_bio: zero length write at %d",
3418 				    offset);
3419 				nfs_printfhandle(&rp->r_fh);
3420 				if (nfs_bio_do_stop)
3421 					debug_enter("nfs_bio");
3422 			}
3423 #endif
3424 			error = nfswrite(bp->b_vp, bp->b_un.b_addr, offset,
3425 			    count, cred);
3426 			if (error == EACCES) {
3427 				mutex_enter(&rp->r_statelock);
3428 				if (cred != cr) {
3429 					if (rp->r_cred != NULL)
3430 						crfree(rp->r_cred);
3431 					rp->r_cred = cr;
3432 					crhold(cr);
3433 					crfree(cred);
3434 					cred = cr;
3435 					crhold(cred);
3436 					mutex_exit(&rp->r_statelock);
3437 					goto write_again;
3438 				}
3439 				mutex_exit(&rp->r_statelock);
3440 			}
3441 			bp->b_error = error;
3442 			if (error && error != EINTR) {
3443 				/*
3444 				 * Don't print EDQUOT errors on the console.
3445 				 * Don't print asynchronous EACCES errors.
3446 				 * Don't print EFBIG errors.
3447 				 * Print all other write errors.
3448 				 */
3449 				if (error != EDQUOT && error != EFBIG &&
3450 				    (error != EACCES ||
3451 				    !(bp->b_flags & B_ASYNC)))
3452 					nfs_write_error(bp->b_vp, error, cred);
3453 				/*
3454 				 * Update r_error and r_flags as appropriate.
3455 				 * If the error was ESTALE, then mark the
3456 				 * rnode as not being writeable and save
3457 				 * the error status.  Otherwise, save any
3458 				 * errors which occur from asynchronous
3459 				 * page invalidations.  Any errors occurring
3460 				 * from other operations should be saved
3461 				 * by the caller.
3462 				 */
3463 				mutex_enter(&rp->r_statelock);
3464 				if (error == ESTALE) {
3465 					rp->r_flags |= RSTALE;
3466 					if (!rp->r_error)
3467 						rp->r_error = error;
3468 				} else if (!rp->r_error &&
3469 				    (bp->b_flags &
3470 				    (B_INVAL|B_FORCE|B_ASYNC)) ==
3471 				    (B_INVAL|B_FORCE|B_ASYNC)) {
3472 					rp->r_error = error;
3473 				}
3474 				mutex_exit(&rp->r_statelock);
3475 			}
3476 			crfree(cred);
3477 		} else
3478 			error = rp->r_error;
3479 	}
3480 
3481 	if (error != 0 && error != NFS_EOF)
3482 		bp->b_flags |= B_ERROR;
3483 
3484 	DTRACE_IO1(done, struct buf *, bp);
3485 
3486 	return (error);
3487 }
3488 
3489 /* ARGSUSED */
3490 static int
3491 nfs_fid(vnode_t *vp, fid_t *fidp, caller_context_t *ct)
3492 {
3493 	struct nfs_fid *fp;
3494 	rnode_t *rp;
3495 
3496 	rp = VTOR(vp);
3497 
3498 	if (fidp->fid_len < (sizeof (struct nfs_fid) - sizeof (short))) {
3499 		fidp->fid_len = sizeof (struct nfs_fid) - sizeof (short);
3500 		return (ENOSPC);
3501 	}
3502 	fp = (struct nfs_fid *)fidp;
3503 	fp->nf_pad = 0;
3504 	fp->nf_len = sizeof (struct nfs_fid) - sizeof (short);
3505 	bcopy(rp->r_fh.fh_buf, fp->nf_data, NFS_FHSIZE);
3506 	return (0);
3507 }
3508 
3509 /* ARGSUSED2 */
3510 static int
3511 nfs_rwlock(vnode_t *vp, int write_lock, caller_context_t *ctp)
3512 {
3513 	rnode_t *rp = VTOR(vp);
3514 
3515 	if (!write_lock) {
3516 		(void) nfs_rw_enter_sig(&rp->r_rwlock, RW_READER, FALSE);
3517 		return (V_WRITELOCK_FALSE);
3518 	}
3519 
3520 	if ((rp->r_flags & RDIRECTIO) || (VTOMI(vp)->mi_flags & MI_DIRECTIO)) {
3521 		(void) nfs_rw_enter_sig(&rp->r_rwlock, RW_READER, FALSE);
3522 		if (rp->r_mapcnt == 0 && !vn_has_cached_data(vp))
3523 			return (V_WRITELOCK_FALSE);
3524 		nfs_rw_exit(&rp->r_rwlock);
3525 	}
3526 
3527 	(void) nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER, FALSE);
3528 	return (V_WRITELOCK_TRUE);
3529 }
3530 
3531 /* ARGSUSED */
3532 static void
3533 nfs_rwunlock(vnode_t *vp, int write_lock, caller_context_t *ctp)
3534 {
3535 	rnode_t *rp = VTOR(vp);
3536 
3537 	nfs_rw_exit(&rp->r_rwlock);
3538 }
3539 
3540 /* ARGSUSED */
3541 static int
3542 nfs_seek(vnode_t *vp, offset_t ooff, offset_t *noffp, caller_context_t *ct)
3543 {
3544 
3545 	/*
3546 	 * Because we stuff the readdir cookie into the offset field
3547 	 * someone may attempt to do an lseek with the cookie which
3548 	 * we want to succeed.
3549 	 */
3550 	if (vp->v_type == VDIR)
3551 		return (0);
3552 	if (*noffp < 0 || *noffp > MAXOFF32_T)
3553 		return (EINVAL);
3554 	return (0);
3555 }
3556 
3557 /*
3558  * number of NFS_MAXDATA blocks to read ahead
3559  * optimized for 100 base-T.
3560  */
3561 static int nfs_nra = 4;
3562 
3563 #ifdef DEBUG
3564 static int nfs_lostpage = 0;	/* number of times we lost original page */
3565 #endif
3566 
3567 /*
3568  * Return all the pages from [off..off+len) in file
3569  */
3570 /* ARGSUSED */
3571 static int
3572 nfs_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
3573 	page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
3574 	enum seg_rw rw, cred_t *cr, caller_context_t *ct)
3575 {
3576 	rnode_t *rp;
3577 	int error;
3578 	mntinfo_t *mi;
3579 
3580 	if (vp->v_flag & VNOMAP)
3581 		return (ENOSYS);
3582 
3583 	ASSERT(off <= MAXOFF32_T);
3584 	if (nfs_zone() != VTOMI(vp)->mi_zone)
3585 		return (EIO);
3586 	if (protp != NULL)
3587 		*protp = PROT_ALL;
3588 
3589 	/*
3590 	 * Now valididate that the caches are up to date.
3591 	 */
3592 	error = nfs_validate_caches(vp, cr);
3593 	if (error)
3594 		return (error);
3595 
3596 	rp = VTOR(vp);
3597 	mi = VTOMI(vp);
3598 retry:
3599 	mutex_enter(&rp->r_statelock);
3600 
3601 	/*
3602 	 * Don't create dirty pages faster than they
3603 	 * can be cleaned so that the system doesn't
3604 	 * get imbalanced.  If the async queue is
3605 	 * maxed out, then wait for it to drain before
3606 	 * creating more dirty pages.  Also, wait for
3607 	 * any threads doing pagewalks in the vop_getattr
3608 	 * entry points so that they don't block for
3609 	 * long periods.
3610 	 */
3611 	if (rw == S_CREATE) {
3612 		while ((mi->mi_max_threads != 0 &&
3613 		    rp->r_awcount > 2 * mi->mi_max_threads) ||
3614 		    rp->r_gcount > 0)
3615 			cv_wait(&rp->r_cv, &rp->r_statelock);
3616 	}
3617 
3618 	/*
3619 	 * If we are getting called as a side effect of an nfs_write()
3620 	 * operation the local file size might not be extended yet.
3621 	 * In this case we want to be able to return pages of zeroes.
3622 	 */
3623 	if (off + len > rp->r_size + PAGEOFFSET && seg != segkmap) {
3624 		mutex_exit(&rp->r_statelock);
3625 		return (EFAULT);		/* beyond EOF */
3626 	}
3627 
3628 	mutex_exit(&rp->r_statelock);
3629 
3630 	if (len <= PAGESIZE) {
3631 		error = nfs_getapage(vp, off, len, protp, pl, plsz,
3632 		    seg, addr, rw, cr);
3633 	} else {
3634 		error = pvn_getpages(nfs_getapage, vp, off, len, protp,
3635 		    pl, plsz, seg, addr, rw, cr);
3636 	}
3637 
3638 	switch (error) {
3639 	case NFS_EOF:
3640 		nfs_purge_caches(vp, NFS_NOPURGE_DNLC, cr);
3641 		goto retry;
3642 	case ESTALE:
3643 		PURGE_STALE_FH(error, vp, cr);
3644 	}
3645 
3646 	return (error);
3647 }
3648 
3649 /*
3650  * Called from pvn_getpages or nfs_getpage to get a particular page.
3651  */
3652 /* ARGSUSED */
3653 static int
3654 nfs_getapage(vnode_t *vp, u_offset_t off, size_t len, uint_t *protp,
3655 	page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
3656 	enum seg_rw rw, cred_t *cr)
3657 {
3658 	rnode_t *rp;
3659 	uint_t bsize;
3660 	struct buf *bp;
3661 	page_t *pp;
3662 	u_offset_t lbn;
3663 	u_offset_t io_off;
3664 	u_offset_t blkoff;
3665 	u_offset_t rablkoff;
3666 	size_t io_len;
3667 	uint_t blksize;
3668 	int error;
3669 	int readahead;
3670 	int readahead_issued = 0;
3671 	int ra_window; /* readahead window */
3672 	page_t *pagefound;
3673 
3674 	if (nfs_zone() != VTOMI(vp)->mi_zone)
3675 		return (EIO);
3676 	rp = VTOR(vp);
3677 	bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
3678 
3679 reread:
3680 	bp = NULL;
3681 	pp = NULL;
3682 	pagefound = NULL;
3683 
3684 	if (pl != NULL)
3685 		pl[0] = NULL;
3686 
3687 	error = 0;
3688 	lbn = off / bsize;
3689 	blkoff = lbn * bsize;
3690 
3691 	/*
3692 	 * Queueing up the readahead before doing the synchronous read
3693 	 * results in a significant increase in read throughput because
3694 	 * of the increased parallelism between the async threads and
3695 	 * the process context.
3696 	 */
3697 	if ((off & ((vp->v_vfsp->vfs_bsize) - 1)) == 0 &&
3698 	    rw != S_CREATE &&
3699 	    !(vp->v_flag & VNOCACHE)) {
3700 		mutex_enter(&rp->r_statelock);
3701 
3702 		/*
3703 		 * Calculate the number of readaheads to do.
3704 		 * a) No readaheads at offset = 0.
3705 		 * b) Do maximum(nfs_nra) readaheads when the readahead
3706 		 *    window is closed.
3707 		 * c) Do readaheads between 1 to (nfs_nra - 1) depending
3708 		 *    upon how far the readahead window is open or close.
3709 		 * d) No readaheads if rp->r_nextr is not within the scope
3710 		 *    of the readahead window (random i/o).
3711 		 */
3712 
3713 		if (off == 0)
3714 			readahead = 0;
3715 		else if (blkoff == rp->r_nextr)
3716 			readahead = nfs_nra;
3717 		else if (rp->r_nextr > blkoff &&
3718 		    ((ra_window = (rp->r_nextr - blkoff) / bsize)
3719 		    <= (nfs_nra - 1)))
3720 			readahead = nfs_nra - ra_window;
3721 		else
3722 			readahead = 0;
3723 
3724 		rablkoff = rp->r_nextr;
3725 		while (readahead > 0 && rablkoff + bsize < rp->r_size) {
3726 			mutex_exit(&rp->r_statelock);
3727 			if (nfs_async_readahead(vp, rablkoff + bsize,
3728 			    addr + (rablkoff + bsize - off), seg, cr,
3729 			    nfs_readahead) < 0) {
3730 				mutex_enter(&rp->r_statelock);
3731 				break;
3732 			}
3733 			readahead--;
3734 			rablkoff += bsize;
3735 			/*
3736 			 * Indicate that we did a readahead so
3737 			 * readahead offset is not updated
3738 			 * by the synchronous read below.
3739 			 */
3740 			readahead_issued = 1;
3741 			mutex_enter(&rp->r_statelock);
3742 			/*
3743 			 * set readahead offset to
3744 			 * offset of last async readahead
3745 			 * request.
3746 			 */
3747 			rp->r_nextr = rablkoff;
3748 		}
3749 		mutex_exit(&rp->r_statelock);
3750 	}
3751 
3752 again:
3753 	if ((pagefound = page_exists(vp, off)) == NULL) {
3754 		if (pl == NULL) {
3755 			(void) nfs_async_readahead(vp, blkoff, addr, seg, cr,
3756 			    nfs_readahead);
3757 		} else if (rw == S_CREATE) {
3758 			/*
3759 			 * Block for this page is not allocated, or the offset
3760 			 * is beyond the current allocation size, or we're
3761 			 * allocating a swap slot and the page was not found,
3762 			 * so allocate it and return a zero page.
3763 			 */
3764 			if ((pp = page_create_va(vp, off,
3765 			    PAGESIZE, PG_WAIT, seg, addr)) == NULL)
3766 				cmn_err(CE_PANIC, "nfs_getapage: page_create");
3767 			io_len = PAGESIZE;
3768 			mutex_enter(&rp->r_statelock);
3769 			rp->r_nextr = off + PAGESIZE;
3770 			mutex_exit(&rp->r_statelock);
3771 		} else {
3772 			/*
3773 			 * Need to go to server to get a BLOCK, exception to
3774 			 * that being while reading at offset = 0 or doing
3775 			 * random i/o, in that case read only a PAGE.
3776 			 */
3777 			mutex_enter(&rp->r_statelock);
3778 			if (blkoff < rp->r_size &&
3779 			    blkoff + bsize >= rp->r_size) {
3780 				/*
3781 				 * If only a block or less is left in
3782 				 * the file, read all that is remaining.
3783 				 */
3784 				if (rp->r_size <= off) {
3785 					/*
3786 					 * Trying to access beyond EOF,
3787 					 * set up to get at least one page.
3788 					 */
3789 					blksize = off + PAGESIZE - blkoff;
3790 				} else
3791 					blksize = rp->r_size - blkoff;
3792 			} else if ((off == 0) ||
3793 			    (off != rp->r_nextr && !readahead_issued)) {
3794 				blksize = PAGESIZE;
3795 				blkoff = off; /* block = page here */
3796 			} else
3797 				blksize = bsize;
3798 			mutex_exit(&rp->r_statelock);
3799 
3800 			pp = pvn_read_kluster(vp, off, seg, addr, &io_off,
3801 			    &io_len, blkoff, blksize, 0);
3802 
3803 			/*
3804 			 * Some other thread has entered the page,
3805 			 * so just use it.
3806 			 */
3807 			if (pp == NULL)
3808 				goto again;
3809 
3810 			/*
3811 			 * Now round the request size up to page boundaries.
3812 			 * This ensures that the entire page will be
3813 			 * initialized to zeroes if EOF is encountered.
3814 			 */
3815 			io_len = ptob(btopr(io_len));
3816 
3817 			bp = pageio_setup(pp, io_len, vp, B_READ);
3818 			ASSERT(bp != NULL);
3819 
3820 			/*
3821 			 * pageio_setup should have set b_addr to 0.  This
3822 			 * is correct since we want to do I/O on a page
3823 			 * boundary.  bp_mapin will use this addr to calculate
3824 			 * an offset, and then set b_addr to the kernel virtual
3825 			 * address it allocated for us.
3826 			 */
3827 			ASSERT(bp->b_un.b_addr == 0);
3828 
3829 			bp->b_edev = 0;
3830 			bp->b_dev = 0;
3831 			bp->b_lblkno = lbtodb(io_off);
3832 			bp->b_file = vp;
3833 			bp->b_offset = (offset_t)off;
3834 			bp_mapin(bp);
3835 
3836 			/*
3837 			 * If doing a write beyond what we believe is EOF,
3838 			 * don't bother trying to read the pages from the
3839 			 * server, we'll just zero the pages here.  We
3840 			 * don't check that the rw flag is S_WRITE here
3841 			 * because some implementations may attempt a
3842 			 * read access to the buffer before copying data.
3843 			 */
3844 			mutex_enter(&rp->r_statelock);
3845 			if (io_off >= rp->r_size && seg == segkmap) {
3846 				mutex_exit(&rp->r_statelock);
3847 				bzero(bp->b_un.b_addr, io_len);
3848 			} else {
3849 				mutex_exit(&rp->r_statelock);
3850 				error = nfs_bio(bp, cr);
3851 			}
3852 
3853 			/*
3854 			 * Unmap the buffer before freeing it.
3855 			 */
3856 			bp_mapout(bp);
3857 			pageio_done(bp);
3858 
3859 			if (error == NFS_EOF) {
3860 				/*
3861 				 * If doing a write system call just return
3862 				 * zeroed pages, else user tried to get pages
3863 				 * beyond EOF, return error.  We don't check
3864 				 * that the rw flag is S_WRITE here because
3865 				 * some implementations may attempt a read
3866 				 * access to the buffer before copying data.
3867 				 */
3868 				if (seg == segkmap)
3869 					error = 0;
3870 				else
3871 					error = EFAULT;
3872 			}
3873 
3874 			if (!readahead_issued && !error) {
3875 				mutex_enter(&rp->r_statelock);
3876 				rp->r_nextr = io_off + io_len;
3877 				mutex_exit(&rp->r_statelock);
3878 			}
3879 		}
3880 	}
3881 
3882 out:
3883 	if (pl == NULL)
3884 		return (error);
3885 
3886 	if (error) {
3887 		if (pp != NULL)
3888 			pvn_read_done(pp, B_ERROR);
3889 		return (error);
3890 	}
3891 
3892 	if (pagefound) {
3893 		se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
3894 
3895 		/*
3896 		 * Page exists in the cache, acquire the appropriate lock.
3897 		 * If this fails, start all over again.
3898 		 */
3899 		if ((pp = page_lookup(vp, off, se)) == NULL) {
3900 #ifdef DEBUG
3901 			nfs_lostpage++;
3902 #endif
3903 			goto reread;
3904 		}
3905 		pl[0] = pp;
3906 		pl[1] = NULL;
3907 		return (0);
3908 	}
3909 
3910 	if (pp != NULL)
3911 		pvn_plist_init(pp, pl, plsz, off, io_len, rw);
3912 
3913 	return (error);
3914 }
3915 
3916 static void
3917 nfs_readahead(vnode_t *vp, u_offset_t blkoff, caddr_t addr, struct seg *seg,
3918 	cred_t *cr)
3919 {
3920 	int error;
3921 	page_t *pp;
3922 	u_offset_t io_off;
3923 	size_t io_len;
3924 	struct buf *bp;
3925 	uint_t bsize, blksize;
3926 	rnode_t *rp = VTOR(vp);
3927 
3928 	ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
3929 
3930 	bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
3931 
3932 	mutex_enter(&rp->r_statelock);
3933 	if (blkoff < rp->r_size && blkoff + bsize > rp->r_size) {
3934 		/*
3935 		 * If less than a block left in file read less
3936 		 * than a block.
3937 		 */
3938 		blksize = rp->r_size - blkoff;
3939 	} else
3940 		blksize = bsize;
3941 	mutex_exit(&rp->r_statelock);
3942 
3943 	pp = pvn_read_kluster(vp, blkoff, segkmap, addr,
3944 	    &io_off, &io_len, blkoff, blksize, 1);
3945 	/*
3946 	 * The isra flag passed to the kluster function is 1, we may have
3947 	 * gotten a return value of NULL for a variety of reasons (# of free
3948 	 * pages < minfree, someone entered the page on the vnode etc). In all
3949 	 * cases, we want to punt on the readahead.
3950 	 */
3951 	if (pp == NULL)
3952 		return;
3953 
3954 	/*
3955 	 * Now round the request size up to page boundaries.
3956 	 * This ensures that the entire page will be
3957 	 * initialized to zeroes if EOF is encountered.
3958 	 */
3959 	io_len = ptob(btopr(io_len));
3960 
3961 	bp = pageio_setup(pp, io_len, vp, B_READ);
3962 	ASSERT(bp != NULL);
3963 
3964 	/*
3965 	 * pageio_setup should have set b_addr to 0.  This is correct since
3966 	 * we want to do I/O on a page boundary. bp_mapin() will use this addr
3967 	 * to calculate an offset, and then set b_addr to the kernel virtual
3968 	 * address it allocated for us.
3969 	 */
3970 	ASSERT(bp->b_un.b_addr == 0);
3971 
3972 	bp->b_edev = 0;
3973 	bp->b_dev = 0;
3974 	bp->b_lblkno = lbtodb(io_off);
3975 	bp->b_file = vp;
3976 	bp->b_offset = (offset_t)blkoff;
3977 	bp_mapin(bp);
3978 
3979 	/*
3980 	 * If doing a write beyond what we believe is EOF, don't bother trying
3981 	 * to read the pages from the server, we'll just zero the pages here.
3982 	 * We don't check that the rw flag is S_WRITE here because some
3983 	 * implementations may attempt a read access to the buffer before
3984 	 * copying data.
3985 	 */
3986 	mutex_enter(&rp->r_statelock);
3987 	if (io_off >= rp->r_size && seg == segkmap) {
3988 		mutex_exit(&rp->r_statelock);
3989 		bzero(bp->b_un.b_addr, io_len);
3990 		error = 0;
3991 	} else {
3992 		mutex_exit(&rp->r_statelock);
3993 		error = nfs_bio(bp, cr);
3994 		if (error == NFS_EOF)
3995 			error = 0;
3996 	}
3997 
3998 	/*
3999 	 * Unmap the buffer before freeing it.
4000 	 */
4001 	bp_mapout(bp);
4002 	pageio_done(bp);
4003 
4004 	pvn_read_done(pp, error ? B_READ | B_ERROR : B_READ);
4005 
4006 	/*
4007 	 * In case of error set readahead offset
4008 	 * to the lowest offset.
4009 	 * pvn_read_done() calls VN_DISPOSE to destroy the pages
4010 	 */
4011 	if (error && rp->r_nextr > io_off) {
4012 		mutex_enter(&rp->r_statelock);
4013 		if (rp->r_nextr > io_off)
4014 			rp->r_nextr = io_off;
4015 		mutex_exit(&rp->r_statelock);
4016 	}
4017 }
4018 
4019 /*
4020  * Flags are composed of {B_INVAL, B_FREE, B_DONTNEED, B_FORCE}
4021  * If len == 0, do from off to EOF.
4022  *
4023  * The normal cases should be len == 0 && off == 0 (entire vp list),
4024  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
4025  * (from pageout).
4026  */
4027 /* ARGSUSED */
4028 static int
4029 nfs_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr,
4030 	caller_context_t *ct)
4031 {
4032 	int error;
4033 	rnode_t *rp;
4034 
4035 	ASSERT(cr != NULL);
4036 
4037 	/*
4038 	 * XXX - Why should this check be made here?
4039 	 */
4040 	if (vp->v_flag & VNOMAP)
4041 		return (ENOSYS);
4042 
4043 	if (len == 0 && !(flags & B_INVAL) && vn_is_readonly(vp))
4044 		return (0);
4045 
4046 	if (!(flags & B_ASYNC) && nfs_zone() != VTOMI(vp)->mi_zone)
4047 		return (EIO);
4048 	ASSERT(off <= MAXOFF32_T);
4049 
4050 	rp = VTOR(vp);
4051 	mutex_enter(&rp->r_statelock);
4052 	rp->r_count++;
4053 	mutex_exit(&rp->r_statelock);
4054 	error = nfs_putpages(vp, off, len, flags, cr);
4055 	mutex_enter(&rp->r_statelock);
4056 	rp->r_count--;
4057 	cv_broadcast(&rp->r_cv);
4058 	mutex_exit(&rp->r_statelock);
4059 
4060 	return (error);
4061 }
4062 
4063 /*
4064  * Write out a single page, possibly klustering adjacent dirty pages.
4065  */
4066 int
4067 nfs_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp, size_t *lenp,
4068 	int flags, cred_t *cr)
4069 {
4070 	u_offset_t io_off;
4071 	u_offset_t lbn_off;
4072 	u_offset_t lbn;
4073 	size_t io_len;
4074 	uint_t bsize;
4075 	int error;
4076 	rnode_t *rp;
4077 
4078 	ASSERT(!vn_is_readonly(vp));
4079 	ASSERT(pp != NULL);
4080 	ASSERT(cr != NULL);
4081 	ASSERT((flags & B_ASYNC) || nfs_zone() == VTOMI(vp)->mi_zone);
4082 
4083 	rp = VTOR(vp);
4084 	ASSERT(rp->r_count > 0);
4085 
4086 	ASSERT(pp->p_offset <= MAXOFF32_T);
4087 
4088 	bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
4089 	lbn = pp->p_offset / bsize;
4090 	lbn_off = lbn * bsize;
4091 
4092 	/*
4093 	 * Find a kluster that fits in one block, or in
4094 	 * one page if pages are bigger than blocks.  If
4095 	 * there is less file space allocated than a whole
4096 	 * page, we'll shorten the i/o request below.
4097 	 */
4098 	pp = pvn_write_kluster(vp, pp, &io_off, &io_len, lbn_off,
4099 	    roundup(bsize, PAGESIZE), flags);
4100 
4101 	/*
4102 	 * pvn_write_kluster shouldn't have returned a page with offset
4103 	 * behind the original page we were given.  Verify that.
4104 	 */
4105 	ASSERT((pp->p_offset / bsize) >= lbn);
4106 
4107 	/*
4108 	 * Now pp will have the list of kept dirty pages marked for
4109 	 * write back.  It will also handle invalidation and freeing
4110 	 * of pages that are not dirty.  Check for page length rounding
4111 	 * problems.
4112 	 */
4113 	if (io_off + io_len > lbn_off + bsize) {
4114 		ASSERT((io_off + io_len) - (lbn_off + bsize) < PAGESIZE);
4115 		io_len = lbn_off + bsize - io_off;
4116 	}
4117 	/*
4118 	 * The RMODINPROGRESS flag makes sure that nfs(3)_bio() sees a
4119 	 * consistent value of r_size. RMODINPROGRESS is set in writerp().
4120 	 * When RMODINPROGRESS is set it indicates that a uiomove() is in
4121 	 * progress and the r_size has not been made consistent with the
4122 	 * new size of the file. When the uiomove() completes the r_size is
4123 	 * updated and the RMODINPROGRESS flag is cleared.
4124 	 *
4125 	 * The RMODINPROGRESS flag makes sure that nfs(3)_bio() sees a
4126 	 * consistent value of r_size. Without this handshaking, it is
4127 	 * possible that nfs(3)_bio() picks  up the old value of r_size
4128 	 * before the uiomove() in writerp() completes. This will result
4129 	 * in the write through nfs(3)_bio() being dropped.
4130 	 *
4131 	 * More precisely, there is a window between the time the uiomove()
4132 	 * completes and the time the r_size is updated. If a VOP_PUTPAGE()
4133 	 * operation intervenes in this window, the page will be picked up,
4134 	 * because it is dirty (it will be unlocked, unless it was
4135 	 * pagecreate'd). When the page is picked up as dirty, the dirty
4136 	 * bit is reset (pvn_getdirty()). In nfs(3)write(), r_size is
4137 	 * checked. This will still be the old size. Therefore the page will
4138 	 * not be written out. When segmap_release() calls VOP_PUTPAGE(),
4139 	 * the page will be found to be clean and the write will be dropped.
4140 	 */
4141 	if (rp->r_flags & RMODINPROGRESS) {
4142 		mutex_enter(&rp->r_statelock);
4143 		if ((rp->r_flags & RMODINPROGRESS) &&
4144 		    rp->r_modaddr + MAXBSIZE > io_off &&
4145 		    rp->r_modaddr < io_off + io_len) {
4146 			page_t *plist;
4147 			/*
4148 			 * A write is in progress for this region of the file.
4149 			 * If we did not detect RMODINPROGRESS here then this
4150 			 * path through nfs_putapage() would eventually go to
4151 			 * nfs(3)_bio() and may not write out all of the data
4152 			 * in the pages. We end up losing data. So we decide
4153 			 * to set the modified bit on each page in the page
4154 			 * list and mark the rnode with RDIRTY. This write
4155 			 * will be restarted at some later time.
4156 			 */
4157 			plist = pp;
4158 			while (plist != NULL) {
4159 				pp = plist;
4160 				page_sub(&plist, pp);
4161 				hat_setmod(pp);
4162 				page_io_unlock(pp);
4163 				page_unlock(pp);
4164 			}
4165 			rp->r_flags |= RDIRTY;
4166 			mutex_exit(&rp->r_statelock);
4167 			if (offp)
4168 				*offp = io_off;
4169 			if (lenp)
4170 				*lenp = io_len;
4171 			return (0);
4172 		}
4173 		mutex_exit(&rp->r_statelock);
4174 	}
4175 
4176 	if (flags & B_ASYNC) {
4177 		error = nfs_async_putapage(vp, pp, io_off, io_len, flags, cr,
4178 		    nfs_sync_putapage);
4179 	} else
4180 		error = nfs_sync_putapage(vp, pp, io_off, io_len, flags, cr);
4181 
4182 	if (offp)
4183 		*offp = io_off;
4184 	if (lenp)
4185 		*lenp = io_len;
4186 	return (error);
4187 }
4188 
4189 static int
4190 nfs_sync_putapage(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
4191 	int flags, cred_t *cr)
4192 {
4193 	int error;
4194 	rnode_t *rp;
4195 
4196 	flags |= B_WRITE;
4197 
4198 	ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
4199 	error = nfs_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
4200 
4201 	rp = VTOR(vp);
4202 
4203 	if ((error == ENOSPC || error == EDQUOT || error == EACCES) &&
4204 	    (flags & (B_INVAL|B_FORCE)) != (B_INVAL|B_FORCE)) {
4205 		if (!(rp->r_flags & ROUTOFSPACE)) {
4206 			mutex_enter(&rp->r_statelock);
4207 			rp->r_flags |= ROUTOFSPACE;
4208 			mutex_exit(&rp->r_statelock);
4209 		}
4210 		flags |= B_ERROR;
4211 		pvn_write_done(pp, flags);
4212 		/*
4213 		 * If this was not an async thread, then try again to
4214 		 * write out the pages, but this time, also destroy
4215 		 * them whether or not the write is successful.  This
4216 		 * will prevent memory from filling up with these
4217 		 * pages and destroying them is the only alternative
4218 		 * if they can't be written out.
4219 		 *
4220 		 * Don't do this if this is an async thread because
4221 		 * when the pages are unlocked in pvn_write_done,
4222 		 * some other thread could have come along, locked
4223 		 * them, and queued for an async thread.  It would be
4224 		 * possible for all of the async threads to be tied
4225 		 * up waiting to lock the pages again and they would
4226 		 * all already be locked and waiting for an async
4227 		 * thread to handle them.  Deadlock.
4228 		 */
4229 		if (!(flags & B_ASYNC)) {
4230 			error = nfs_putpage(vp, io_off, io_len,
4231 			    B_INVAL | B_FORCE, cr, NULL);
4232 		}
4233 	} else {
4234 		if (error)
4235 			flags |= B_ERROR;
4236 		else if (rp->r_flags & ROUTOFSPACE) {
4237 			mutex_enter(&rp->r_statelock);
4238 			rp->r_flags &= ~ROUTOFSPACE;
4239 			mutex_exit(&rp->r_statelock);
4240 		}
4241 		pvn_write_done(pp, flags);
4242 	}
4243 
4244 	return (error);
4245 }
4246 
4247 /* ARGSUSED */
4248 static int
4249 nfs_map(vnode_t *vp, offset_t off, struct as *as, caddr_t *addrp,
4250 	size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4251 	caller_context_t *ct)
4252 {
4253 	struct segvn_crargs vn_a;
4254 	int error;
4255 	rnode_t *rp;
4256 	struct vattr va;
4257 
4258 	if (nfs_zone() != VTOMI(vp)->mi_zone)
4259 		return (EIO);
4260 
4261 	if (vp->v_flag & VNOMAP)
4262 		return (ENOSYS);
4263 
4264 	if (off > MAXOFF32_T)
4265 		return (EFBIG);
4266 
4267 	if (off < 0 || off + len < 0)
4268 		return (ENXIO);
4269 
4270 	if (vp->v_type != VREG)
4271 		return (ENODEV);
4272 
4273 	/*
4274 	 * If there is cached data and if close-to-open consistency
4275 	 * checking is not turned off and if the file system is not
4276 	 * mounted readonly, then force an over the wire getattr.
4277 	 * Otherwise, just invoke nfsgetattr to get a copy of the
4278 	 * attributes.  The attribute cache will be used unless it
4279 	 * is timed out and if it is, then an over the wire getattr
4280 	 * will be issued.
4281 	 */
4282 	va.va_mask = AT_ALL;
4283 	if (vn_has_cached_data(vp) &&
4284 	    !(VTOMI(vp)->mi_flags & MI_NOCTO) && !vn_is_readonly(vp))
4285 		error = nfs_getattr_otw(vp, &va, cr);
4286 	else
4287 		error = nfsgetattr(vp, &va, cr);
4288 	if (error)
4289 		return (error);
4290 
4291 	/*
4292 	 * Check to see if the vnode is currently marked as not cachable.
4293 	 * This means portions of the file are locked (through VOP_FRLOCK).
4294 	 * In this case the map request must be refused.  We use
4295 	 * rp->r_lkserlock to avoid a race with concurrent lock requests.
4296 	 */
4297 	rp = VTOR(vp);
4298 	if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_READER, INTR(vp)))
4299 		return (EINTR);
4300 
4301 	if (vp->v_flag & VNOCACHE) {
4302 		error = EAGAIN;
4303 		goto done;
4304 	}
4305 
4306 	/*
4307 	 * Don't allow concurrent locks and mapping if mandatory locking is
4308 	 * enabled.
4309 	 */
4310 	if ((flk_has_remote_locks(vp) || lm_has_sleep(vp)) &&
4311 	    MANDLOCK(vp, va.va_mode)) {
4312 		error = EAGAIN;
4313 		goto done;
4314 	}
4315 
4316 	as_rangelock(as);
4317 	if (!(flags & MAP_FIXED)) {
4318 		map_addr(addrp, len, off, 1, flags);
4319 		if (*addrp == NULL) {
4320 			as_rangeunlock(as);
4321 			error = ENOMEM;
4322 			goto done;
4323 		}
4324 	} else {
4325 		/*
4326 		 * User specified address - blow away any previous mappings
4327 		 */
4328 		(void) as_unmap(as, *addrp, len);
4329 	}
4330 
4331 	vn_a.vp = vp;
4332 	vn_a.offset = off;
4333 	vn_a.type = (flags & MAP_TYPE);
4334 	vn_a.prot = (uchar_t)prot;
4335 	vn_a.maxprot = (uchar_t)maxprot;
4336 	vn_a.flags = (flags & ~MAP_TYPE);
4337 	vn_a.cred = cr;
4338 	vn_a.amp = NULL;
4339 	vn_a.szc = 0;
4340 	vn_a.lgrp_mem_policy_flags = 0;
4341 
4342 	error = as_map(as, *addrp, len, segvn_create, &vn_a);
4343 	as_rangeunlock(as);
4344 
4345 done:
4346 	nfs_rw_exit(&rp->r_lkserlock);
4347 	return (error);
4348 }
4349 
4350 /* ARGSUSED */
4351 static int
4352 nfs_addmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4353 	size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr,
4354 	caller_context_t *ct)
4355 {
4356 	rnode_t *rp;
4357 
4358 	if (vp->v_flag & VNOMAP)
4359 		return (ENOSYS);
4360 	if (nfs_zone() != VTOMI(vp)->mi_zone)
4361 		return (EIO);
4362 
4363 	/*
4364 	 * Need to hold rwlock while incrementing the mapcnt so that
4365 	 * mmap'ing can be serialized with writes so that the caching
4366 	 * can be handled correctly.
4367 	 */
4368 	rp = VTOR(vp);
4369 	if (nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER, INTR(vp)))
4370 		return (EINTR);
4371 	atomic_add_long((ulong_t *)&rp->r_mapcnt, btopr(len));
4372 	nfs_rw_exit(&rp->r_rwlock);
4373 
4374 	return (0);
4375 }
4376 
4377 /* ARGSUSED */
4378 static int
4379 nfs_frlock(vnode_t *vp, int cmd, struct flock64 *bfp, int flag, offset_t offset,
4380 	struct flk_callback *flk_cbp, cred_t *cr, caller_context_t *ct)
4381 {
4382 	netobj lm_fh;
4383 	int rc;
4384 	u_offset_t start, end;
4385 	rnode_t *rp;
4386 	int error = 0, intr = INTR(vp);
4387 
4388 	/* check for valid cmd parameter */
4389 	if (cmd != F_GETLK && cmd != F_SETLK && cmd != F_SETLKW)
4390 		return (EINVAL);
4391 	if (nfs_zone() != VTOMI(vp)->mi_zone)
4392 		return (EIO);
4393 
4394 	/* Verify l_type. */
4395 	switch (bfp->l_type) {
4396 	case F_RDLCK:
4397 		if (cmd != F_GETLK && !(flag & FREAD))
4398 			return (EBADF);
4399 		break;
4400 	case F_WRLCK:
4401 		if (cmd != F_GETLK && !(flag & FWRITE))
4402 			return (EBADF);
4403 		break;
4404 	case F_UNLCK:
4405 		intr = 0;
4406 		break;
4407 
4408 	default:
4409 		return (EINVAL);
4410 	}
4411 
4412 	/* check the validity of the lock range */
4413 	if (rc = flk_convert_lock_data(vp, bfp, &start, &end, offset))
4414 		return (rc);
4415 	if (rc = flk_check_lock_data(start, end, MAXOFF32_T))
4416 		return (rc);
4417 
4418 	/*
4419 	 * If the filesystem is mounted using local locking, pass the
4420 	 * request off to the local locking code.
4421 	 */
4422 	if (VTOMI(vp)->mi_flags & MI_LLOCK) {
4423 		if (offset > MAXOFF32_T)
4424 			return (EFBIG);
4425 		if (cmd == F_SETLK || cmd == F_SETLKW) {
4426 			/*
4427 			 * For complete safety, we should be holding
4428 			 * r_lkserlock.  However, we can't call
4429 			 * lm_safelock and then fs_frlock while
4430 			 * holding r_lkserlock, so just invoke
4431 			 * lm_safelock and expect that this will
4432 			 * catch enough of the cases.
4433 			 */
4434 			if (!lm_safelock(vp, bfp, cr))
4435 				return (EAGAIN);
4436 		}
4437 		return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr, ct));
4438 	}
4439 
4440 	rp = VTOR(vp);
4441 
4442 	/*
4443 	 * Check whether the given lock request can proceed, given the
4444 	 * current file mappings.
4445 	 */
4446 	if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_WRITER, intr))
4447 		return (EINTR);
4448 	if (cmd == F_SETLK || cmd == F_SETLKW) {
4449 		if (!lm_safelock(vp, bfp, cr)) {
4450 			rc = EAGAIN;
4451 			goto done;
4452 		}
4453 	}
4454 
4455 	/*
4456 	 * Flush the cache after waiting for async I/O to finish.  For new
4457 	 * locks, this is so that the process gets the latest bits from the
4458 	 * server.  For unlocks, this is so that other clients see the
4459 	 * latest bits once the file has been unlocked.  If currently dirty
4460 	 * pages can't be flushed, then don't allow a lock to be set.  But
4461 	 * allow unlocks to succeed, to avoid having orphan locks on the
4462 	 * server.
4463 	 */
4464 	if (cmd != F_GETLK) {
4465 		mutex_enter(&rp->r_statelock);
4466 		while (rp->r_count > 0) {
4467 			if (intr) {
4468 				klwp_t *lwp = ttolwp(curthread);
4469 
4470 				if (lwp != NULL)
4471 					lwp->lwp_nostop++;
4472 				if (cv_wait_sig(&rp->r_cv, &rp->r_statelock)
4473 				    == 0) {
4474 					if (lwp != NULL)
4475 						lwp->lwp_nostop--;
4476 					rc = EINTR;
4477 					break;
4478 				}
4479 				if (lwp != NULL)
4480 					lwp->lwp_nostop--;
4481 			} else
4482 			cv_wait(&rp->r_cv, &rp->r_statelock);
4483 		}
4484 		mutex_exit(&rp->r_statelock);
4485 		if (rc != 0)
4486 			goto done;
4487 		error = nfs_putpage(vp, (offset_t)0, 0, B_INVAL, cr, ct);
4488 		if (error) {
4489 			if (error == ENOSPC || error == EDQUOT) {
4490 				mutex_enter(&rp->r_statelock);
4491 				if (!rp->r_error)
4492 					rp->r_error = error;
4493 				mutex_exit(&rp->r_statelock);
4494 			}
4495 			if (bfp->l_type != F_UNLCK) {
4496 				rc = ENOLCK;
4497 				goto done;
4498 			}
4499 		}
4500 	}
4501 
4502 	lm_fh.n_len = sizeof (fhandle_t);
4503 	lm_fh.n_bytes = (char *)VTOFH(vp);
4504 
4505 	/*
4506 	 * Call the lock manager to do the real work of contacting
4507 	 * the server and obtaining the lock.
4508 	 */
4509 	rc = lm_frlock(vp, cmd, bfp, flag, offset, cr, &lm_fh, flk_cbp);
4510 
4511 	if (rc == 0)
4512 		nfs_lockcompletion(vp, cmd);
4513 
4514 done:
4515 	nfs_rw_exit(&rp->r_lkserlock);
4516 	return (rc);
4517 }
4518 
4519 /*
4520  * Free storage space associated with the specified vnode.  The portion
4521  * to be freed is specified by bfp->l_start and bfp->l_len (already
4522  * normalized to a "whence" of 0).
4523  *
4524  * This is an experimental facility whose continued existence is not
4525  * guaranteed.  Currently, we only support the special case
4526  * of l_len == 0, meaning free to end of file.
4527  */
4528 /* ARGSUSED */
4529 static int
4530 nfs_space(vnode_t *vp, int cmd, struct flock64 *bfp, int flag,
4531 	offset_t offset, cred_t *cr, caller_context_t *ct)
4532 {
4533 	int error;
4534 
4535 	ASSERT(vp->v_type == VREG);
4536 	if (cmd != F_FREESP)
4537 		return (EINVAL);
4538 
4539 	if (offset > MAXOFF32_T)
4540 		return (EFBIG);
4541 
4542 	if ((bfp->l_start > MAXOFF32_T) || (bfp->l_end > MAXOFF32_T) ||
4543 	    (bfp->l_len > MAXOFF32_T))
4544 		return (EFBIG);
4545 
4546 	if (nfs_zone() != VTOMI(vp)->mi_zone)
4547 		return (EIO);
4548 
4549 	error = convoff(vp, bfp, 0, offset);
4550 	if (!error) {
4551 		ASSERT(bfp->l_start >= 0);
4552 		if (bfp->l_len == 0) {
4553 			struct vattr va;
4554 
4555 			/*
4556 			 * ftruncate should not change the ctime and
4557 			 * mtime if we truncate the file to its
4558 			 * previous size.
4559 			 */
4560 			va.va_mask = AT_SIZE;
4561 			error = nfsgetattr(vp, &va, cr);
4562 			if (error || va.va_size == bfp->l_start)
4563 				return (error);
4564 			va.va_mask = AT_SIZE;
4565 			va.va_size = bfp->l_start;
4566 			error = nfssetattr(vp, &va, 0, cr);
4567 		} else
4568 			error = EINVAL;
4569 	}
4570 
4571 	return (error);
4572 }
4573 
4574 /* ARGSUSED */
4575 static int
4576 nfs_realvp(vnode_t *vp, vnode_t **vpp, caller_context_t *ct)
4577 {
4578 
4579 	return (EINVAL);
4580 }
4581 
4582 /*
4583  * Setup and add an address space callback to do the work of the delmap call.
4584  * The callback will (and must be) deleted in the actual callback function.
4585  *
4586  * This is done in order to take care of the problem that we have with holding
4587  * the address space's a_lock for a long period of time (e.g. if the NFS server
4588  * is down).  Callbacks will be executed in the address space code while the
4589  * a_lock is not held.	Holding the address space's a_lock causes things such
4590  * as ps and fork to hang because they are trying to acquire this lock as well.
4591  */
4592 /* ARGSUSED */
4593 static int
4594 nfs_delmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
4595 	size_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cr,
4596 	caller_context_t *ct)
4597 {
4598 	int			caller_found;
4599 	int			error;
4600 	rnode_t			*rp;
4601 	nfs_delmap_args_t	*dmapp;
4602 	nfs_delmapcall_t	*delmap_call;
4603 
4604 	if (vp->v_flag & VNOMAP)
4605 		return (ENOSYS);
4606 	/*
4607 	 * A process may not change zones if it has NFS pages mmap'ed
4608 	 * in, so we can't legitimately get here from the wrong zone.
4609 	 */
4610 	ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
4611 
4612 	rp = VTOR(vp);
4613 
4614 	/*
4615 	 * The way that the address space of this process deletes its mapping
4616 	 * of this file is via the following call chains:
4617 	 * - as_free()->SEGOP_UNMAP()/segvn_unmap()->VOP_DELMAP()/nfs_delmap()
4618 	 * - as_unmap()->SEGOP_UNMAP()/segvn_unmap()->VOP_DELMAP()/nfs_delmap()
4619 	 *
4620 	 * With the use of address space callbacks we are allowed to drop the
4621 	 * address space lock, a_lock, while executing the NFS operations that
4622 	 * need to go over the wire.  Returning EAGAIN to the caller of this
4623 	 * function is what drives the execution of the callback that we add
4624 	 * below.  The callback will be executed by the address space code
4625 	 * after dropping the a_lock.  When the callback is finished, since
4626 	 * we dropped the a_lock, it must be re-acquired and segvn_unmap()
4627 	 * is called again on the same segment to finish the rest of the work
4628 	 * that needs to happen during unmapping.
4629 	 *
4630 	 * This action of calling back into the segment driver causes
4631 	 * nfs_delmap() to get called again, but since the callback was
4632 	 * already executed at this point, it already did the work and there
4633 	 * is nothing left for us to do.
4634 	 *
4635 	 * To Summarize:
4636 	 * - The first time nfs_delmap is called by the current thread is when
4637 	 * we add the caller associated with this delmap to the delmap caller
4638 	 * list, add the callback, and return EAGAIN.
4639 	 * - The second time in this call chain when nfs_delmap is called we
4640 	 * will find this caller in the delmap caller list and realize there
4641 	 * is no more work to do thus removing this caller from the list and
4642 	 * returning the error that was set in the callback execution.
4643 	 */
4644 	caller_found = nfs_find_and_delete_delmapcall(rp, &error);
4645 	if (caller_found) {
4646 		/*
4647 		 * 'error' is from the actual delmap operations.  To avoid
4648 		 * hangs, we need to handle the return of EAGAIN differently
4649 		 * since this is what drives the callback execution.
4650 		 * In this case, we don't want to return EAGAIN and do the
4651 		 * callback execution because there are none to execute.
4652 		 */
4653 		if (error == EAGAIN)
4654 			return (0);
4655 		else
4656 			return (error);
4657 	}
4658 
4659 	/* current caller was not in the list */
4660 	delmap_call = nfs_init_delmapcall();
4661 
4662 	mutex_enter(&rp->r_statelock);
4663 	list_insert_tail(&rp->r_indelmap, delmap_call);
4664 	mutex_exit(&rp->r_statelock);
4665 
4666 	dmapp = kmem_alloc(sizeof (nfs_delmap_args_t), KM_SLEEP);
4667 
4668 	dmapp->vp = vp;
4669 	dmapp->off = off;
4670 	dmapp->addr = addr;
4671 	dmapp->len = len;
4672 	dmapp->prot = prot;
4673 	dmapp->maxprot = maxprot;
4674 	dmapp->flags = flags;
4675 	dmapp->cr = cr;
4676 	dmapp->caller = delmap_call;
4677 
4678 	error = as_add_callback(as, nfs_delmap_callback, dmapp,
4679 	    AS_UNMAP_EVENT, addr, len, KM_SLEEP);
4680 
4681 	return (error ? error : EAGAIN);
4682 }
4683 
4684 /*
4685  * Remove some pages from an mmap'd vnode.  Just update the
4686  * count of pages.  If doing close-to-open, then flush all
4687  * of the pages associated with this file.  Otherwise, start
4688  * an asynchronous page flush to write out any dirty pages.
4689  * This will also associate a credential with the rnode which
4690  * can be used to write the pages.
4691  */
4692 /* ARGSUSED */
4693 static void
4694 nfs_delmap_callback(struct as *as, void *arg, uint_t event)
4695 {
4696 	int			error;
4697 	rnode_t			*rp;
4698 	mntinfo_t		*mi;
4699 	nfs_delmap_args_t	*dmapp = (nfs_delmap_args_t *)arg;
4700 
4701 	rp = VTOR(dmapp->vp);
4702 	mi = VTOMI(dmapp->vp);
4703 
4704 	atomic_add_long((ulong_t *)&rp->r_mapcnt, -btopr(dmapp->len));
4705 	ASSERT(rp->r_mapcnt >= 0);
4706 
4707 	/*
4708 	 * Initiate a page flush if there are pages, the file system
4709 	 * was not mounted readonly, the segment was mapped shared, and
4710 	 * the pages themselves were writeable.
4711 	 */
4712 	if (vn_has_cached_data(dmapp->vp) && !vn_is_readonly(dmapp->vp) &&
4713 	    dmapp->flags == MAP_SHARED && (dmapp->maxprot & PROT_WRITE)) {
4714 		mutex_enter(&rp->r_statelock);
4715 		rp->r_flags |= RDIRTY;
4716 		mutex_exit(&rp->r_statelock);
4717 		/*
4718 		 * If this is a cross-zone access a sync putpage won't work, so
4719 		 * the best we can do is try an async putpage.  That seems
4720 		 * better than something more draconian such as discarding the
4721 		 * dirty pages.
4722 		 */
4723 		if ((mi->mi_flags & MI_NOCTO) ||
4724 		    nfs_zone() != mi->mi_zone)
4725 			error = nfs_putpage(dmapp->vp, dmapp->off, dmapp->len,
4726 			    B_ASYNC, dmapp->cr, NULL);
4727 		else
4728 			error = nfs_putpage(dmapp->vp, dmapp->off, dmapp->len,
4729 			    0, dmapp->cr, NULL);
4730 		if (!error) {
4731 			mutex_enter(&rp->r_statelock);
4732 			error = rp->r_error;
4733 			rp->r_error = 0;
4734 			mutex_exit(&rp->r_statelock);
4735 		}
4736 	} else
4737 		error = 0;
4738 
4739 	if ((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO))
4740 		(void) nfs_putpage(dmapp->vp, dmapp->off, dmapp->len,
4741 		    B_INVAL, dmapp->cr, NULL);
4742 
4743 	dmapp->caller->error = error;
4744 	(void) as_delete_callback(as, arg);
4745 	kmem_free(dmapp, sizeof (nfs_delmap_args_t));
4746 }
4747 
4748 /* ARGSUSED */
4749 static int
4750 nfs_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr,
4751 	caller_context_t *ct)
4752 {
4753 	int error = 0;
4754 
4755 	if (nfs_zone() != VTOMI(vp)->mi_zone)
4756 		return (EIO);
4757 	/*
4758 	 * This looks a little weird because it's written in a general
4759 	 * manner but we make little use of cases.  If cntl() ever gets
4760 	 * widely used, the outer switch will make more sense.
4761 	 */
4762 
4763 	switch (cmd) {
4764 
4765 	/*
4766 	 * Large file spec - need to base answer new query with
4767 	 * hardcoded constant based on the protocol.
4768 	 */
4769 	case _PC_FILESIZEBITS:
4770 		*valp = 32;
4771 		return (0);
4772 
4773 	case _PC_LINK_MAX:
4774 	case _PC_NAME_MAX:
4775 	case _PC_PATH_MAX:
4776 	case _PC_SYMLINK_MAX:
4777 	case _PC_CHOWN_RESTRICTED:
4778 	case _PC_NO_TRUNC: {
4779 		mntinfo_t *mi;
4780 		struct pathcnf *pc;
4781 
4782 		if ((mi = VTOMI(vp)) == NULL || (pc = mi->mi_pathconf) == NULL)
4783 			return (EINVAL);
4784 		error = _PC_ISSET(cmd, pc->pc_mask);    /* error or bool */
4785 		switch (cmd) {
4786 		case _PC_LINK_MAX:
4787 			*valp = pc->pc_link_max;
4788 			break;
4789 		case _PC_NAME_MAX:
4790 			*valp = pc->pc_name_max;
4791 			break;
4792 		case _PC_PATH_MAX:
4793 		case _PC_SYMLINK_MAX:
4794 			*valp = pc->pc_path_max;
4795 			break;
4796 		case _PC_CHOWN_RESTRICTED:
4797 			/*
4798 			 * if we got here, error is really a boolean which
4799 			 * indicates whether cmd is set or not.
4800 			 */
4801 			*valp = error ? 1 : 0;	/* see above */
4802 			error = 0;
4803 			break;
4804 		case _PC_NO_TRUNC:
4805 			/*
4806 			 * if we got here, error is really a boolean which
4807 			 * indicates whether cmd is set or not.
4808 			 */
4809 			*valp = error ? 1 : 0;	/* see above */
4810 			error = 0;
4811 			break;
4812 		}
4813 		return (error ? EINVAL : 0);
4814 		}
4815 
4816 	case _PC_XATTR_EXISTS:
4817 		*valp = 0;
4818 		if (vp->v_vfsp->vfs_flag & VFS_XATTR) {
4819 			vnode_t *avp;
4820 			rnode_t *rp;
4821 			mntinfo_t *mi = VTOMI(vp);
4822 
4823 			if (!(mi->mi_flags & MI_EXTATTR))
4824 				return (0);
4825 
4826 			rp = VTOR(vp);
4827 			if (nfs_rw_enter_sig(&rp->r_rwlock, RW_READER,
4828 			    INTR(vp)))
4829 				return (EINTR);
4830 
4831 			error = nfslookup_dnlc(vp, XATTR_DIR_NAME, &avp, cr);
4832 			if (error || avp == NULL)
4833 				error = acl_getxattrdir2(vp, &avp, 0, cr, 0);
4834 
4835 			nfs_rw_exit(&rp->r_rwlock);
4836 
4837 			if (error == 0 && avp != NULL) {
4838 				VN_RELE(avp);
4839 				*valp = 1;
4840 			}
4841 		}
4842 		return (error ? EINVAL : 0);
4843 
4844 	case _PC_ACL_ENABLED:
4845 		*valp = _ACL_ACLENT_ENABLED;
4846 		return (0);
4847 
4848 	default:
4849 		return (EINVAL);
4850 	}
4851 }
4852 
4853 /*
4854  * Called by async thread to do synchronous pageio. Do the i/o, wait
4855  * for it to complete, and cleanup the page list when done.
4856  */
4857 static int
4858 nfs_sync_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
4859 	int flags, cred_t *cr)
4860 {
4861 	int error;
4862 
4863 	ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
4864 	error = nfs_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
4865 	if (flags & B_READ)
4866 		pvn_read_done(pp, (error ? B_ERROR : 0) | flags);
4867 	else
4868 		pvn_write_done(pp, (error ? B_ERROR : 0) | flags);
4869 	return (error);
4870 }
4871 
4872 /* ARGSUSED */
4873 static int
4874 nfs_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
4875 	int flags, cred_t *cr, caller_context_t *ct)
4876 {
4877 	int error;
4878 	rnode_t *rp;
4879 
4880 	if (pp == NULL)
4881 		return (EINVAL);
4882 
4883 	if (io_off > MAXOFF32_T)
4884 		return (EFBIG);
4885 	if (nfs_zone() != VTOMI(vp)->mi_zone)
4886 		return (EIO);
4887 	rp = VTOR(vp);
4888 	mutex_enter(&rp->r_statelock);
4889 	rp->r_count++;
4890 	mutex_exit(&rp->r_statelock);
4891 
4892 	if (flags & B_ASYNC) {
4893 		error = nfs_async_pageio(vp, pp, io_off, io_len, flags, cr,
4894 		    nfs_sync_pageio);
4895 	} else
4896 		error = nfs_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
4897 	mutex_enter(&rp->r_statelock);
4898 	rp->r_count--;
4899 	cv_broadcast(&rp->r_cv);
4900 	mutex_exit(&rp->r_statelock);
4901 	return (error);
4902 }
4903 
4904 /* ARGSUSED */
4905 static int
4906 nfs_setsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr,
4907 	caller_context_t *ct)
4908 {
4909 	int error;
4910 	mntinfo_t *mi;
4911 
4912 	mi = VTOMI(vp);
4913 
4914 	if (nfs_zone() != mi->mi_zone)
4915 		return (EIO);
4916 	if (mi->mi_flags & MI_ACL) {
4917 		error = acl_setacl2(vp, vsecattr, flag, cr);
4918 		if (mi->mi_flags & MI_ACL)
4919 			return (error);
4920 	}
4921 
4922 	return (ENOSYS);
4923 }
4924 
4925 /* ARGSUSED */
4926 static int
4927 nfs_getsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr,
4928 	caller_context_t *ct)
4929 {
4930 	int error;
4931 	mntinfo_t *mi;
4932 
4933 	mi = VTOMI(vp);
4934 
4935 	if (nfs_zone() != mi->mi_zone)
4936 		return (EIO);
4937 	if (mi->mi_flags & MI_ACL) {
4938 		error = acl_getacl2(vp, vsecattr, flag, cr);
4939 		if (mi->mi_flags & MI_ACL)
4940 			return (error);
4941 	}
4942 
4943 	return (fs_fab_acl(vp, vsecattr, flag, cr, ct));
4944 }
4945 
4946 /* ARGSUSED */
4947 static int
4948 nfs_shrlock(vnode_t *vp, int cmd, struct shrlock *shr, int flag, cred_t *cr,
4949 	caller_context_t *ct)
4950 {
4951 	int error;
4952 	struct shrlock nshr;
4953 	struct nfs_owner nfs_owner;
4954 	netobj lm_fh;
4955 
4956 	if (nfs_zone() != VTOMI(vp)->mi_zone)
4957 		return (EIO);
4958 
4959 	/*
4960 	 * check for valid cmd parameter
4961 	 */
4962 	if (cmd != F_SHARE && cmd != F_UNSHARE && cmd != F_HASREMOTELOCKS)
4963 		return (EINVAL);
4964 
4965 	/*
4966 	 * Check access permissions
4967 	 */
4968 	if (cmd == F_SHARE &&
4969 	    (((shr->s_access & F_RDACC) && !(flag & FREAD)) ||
4970 	    ((shr->s_access & F_WRACC) && !(flag & FWRITE))))
4971 		return (EBADF);
4972 
4973 	/*
4974 	 * If the filesystem is mounted using local locking, pass the
4975 	 * request off to the local share code.
4976 	 */
4977 	if (VTOMI(vp)->mi_flags & MI_LLOCK)
4978 		return (fs_shrlock(vp, cmd, shr, flag, cr, ct));
4979 
4980 	switch (cmd) {
4981 	case F_SHARE:
4982 	case F_UNSHARE:
4983 		lm_fh.n_len = sizeof (fhandle_t);
4984 		lm_fh.n_bytes = (char *)VTOFH(vp);
4985 
4986 		/*
4987 		 * If passed an owner that is too large to fit in an
4988 		 * nfs_owner it is likely a recursive call from the
4989 		 * lock manager client and pass it straight through.  If
4990 		 * it is not a nfs_owner then simply return an error.
4991 		 */
4992 		if (shr->s_own_len > sizeof (nfs_owner.lowner)) {
4993 			if (((struct nfs_owner *)shr->s_owner)->magic !=
4994 			    NFS_OWNER_MAGIC)
4995 				return (EINVAL);
4996 
4997 			if (error = lm_shrlock(vp, cmd, shr, flag, &lm_fh)) {
4998 				error = set_errno(error);
4999 			}
5000 			return (error);
5001 		}
5002 		/*
5003 		 * Remote share reservations owner is a combination of
5004 		 * a magic number, hostname, and the local owner
5005 		 */
5006 		bzero(&nfs_owner, sizeof (nfs_owner));
5007 		nfs_owner.magic = NFS_OWNER_MAGIC;
5008 		(void) strncpy(nfs_owner.hname, uts_nodename(),
5009 		    sizeof (nfs_owner.hname));
5010 		bcopy(shr->s_owner, nfs_owner.lowner, shr->s_own_len);
5011 		nshr.s_access = shr->s_access;
5012 		nshr.s_deny = shr->s_deny;
5013 		nshr.s_sysid = 0;
5014 		nshr.s_pid = ttoproc(curthread)->p_pid;
5015 		nshr.s_own_len = sizeof (nfs_owner);
5016 		nshr.s_owner = (caddr_t)&nfs_owner;
5017 
5018 		if (error = lm_shrlock(vp, cmd, &nshr, flag, &lm_fh)) {
5019 			error = set_errno(error);
5020 		}
5021 
5022 		break;
5023 
5024 	case F_HASREMOTELOCKS:
5025 		/*
5026 		 * NFS client can't store remote locks itself
5027 		 */
5028 		shr->s_access = 0;
5029 		error = 0;
5030 		break;
5031 
5032 	default:
5033 		error = EINVAL;
5034 		break;
5035 	}
5036 
5037 	return (error);
5038 }
5039