xref: /titanic_44/usr/src/uts/common/rpc/clnt_cots.c (revision 5bbb4db2c3f208d12bf0fd11769728f9e5ba66a2)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T
28  *		All Rights Reserved
29  */
30 
31 /*
32  * Portions of this source code were derived from Berkeley 4.3 BSD
33  * under license from the Regents of the University of California.
34  */
35 
36 
37 /*
38  * Implements a kernel based, client side RPC over Connection Oriented
39  * Transports (COTS).
40  */
41 
42 /*
43  * Much of this file has been re-written to let NFS work better over slow
44  * transports. A description follows.
45  *
46  * One of the annoying things about kRPC/COTS is that it will temporarily
47  * create more than one connection between a client and server. This
48  * happens because when a connection is made, the end-points entry in the
49  * linked list of connections (headed by cm_hd), is removed so that other
50  * threads don't mess with it. Went ahead and bit the bullet by keeping
51  * the endpoint on the connection list and introducing state bits,
52  * condition variables etc. to the connection entry data structure (struct
53  * cm_xprt).
54  *
55  * Here is a summary of the changes to cm-xprt:
56  *
57  *	x_ctime is the timestamp of when the endpoint was last
58  *	connected or disconnected. If an end-point is ever disconnected
59  *	or re-connected, then any outstanding RPC request is presumed
60  *	lost, telling clnt_cots_kcallit that it needs to re-send the
61  *	request, not just wait for the original request's reply to
62  *	arrive.
63  *
64  *	x_thread flag which tells us if a thread is doing a connection attempt.
65  *
66  *	x_waitdis flag which tells us we are waiting a disconnect ACK.
67  *
68  *	x_needdis flag which tells us we need to send a T_DISCONN_REQ
69  *	to kill the connection.
70  *
71  *	x_needrel flag which tells us we need to send a T_ORDREL_REQ to
72  *	gracefully close the connection.
73  *
74  *	#defined bitmasks for the all the b_* bits so that more
75  *	efficient (and at times less clumsy) masks can be used to
76  *	manipulated state in cases where multiple bits have to
77  *	set/cleared/checked in the same critical section.
78  *
79  *	x_conn_cv and x_dis-_cv are new condition variables to let
80  *	threads knows when the connection attempt is done, and to let
81  *	the connecting thread know when the disconnect handshake is
82  *	done.
83  *
84  * Added the CONN_HOLD() macro so that all reference holds have the same
85  * look and feel.
86  *
87  * In the private (cku_private) portion of the client handle,
88  *
89  *	cku_flags replaces the cku_sent a boolean. cku_flags keeps
90  *	track of whether a request as been sent, and whether the
91  *	client's handles call record is on the dispatch list (so that
92  *	the reply can be matched by XID to the right client handle).
93  *	The idea of CKU_ONQUEUE is that we can exit clnt_cots_kcallit()
94  *	and still have the response find the right client handle so
95  *	that the retry of CLNT_CALL() gets the result. Testing, found
96  *	situations where if the timeout was increased, performance
97  *	degraded. This was due to us hitting a window where the thread
98  *	was back in rfscall() (probably printing server not responding)
99  *	while the response came back but no place to put it.
100  *
101  *	cku_ctime is just a cache of x_ctime. If they match,
102  *	clnt_cots_kcallit() won't to send a retry (unless the maximum
103  *	receive count limit as been reached). If the don't match, then
104  *	we assume the request has been lost, and a retry of the request
105  *	is needed.
106  *
107  *	cku_recv_attempts counts the number of receive count attempts
108  *	after one try is sent on the wire.
109  *
110  * Added the clnt_delay() routine so that interruptible and
111  * noninterruptible delays are possible.
112  *
113  * CLNT_MIN_TIMEOUT has been bumped to 10 seconds from 3. This is used to
114  * control how long the client delays before returned after getting
115  * ECONNREFUSED. At 3 seconds, 8 client threads per mount really does bash
116  * a server that may be booting and not yet started nfsd.
117  *
118  * CLNT_MAXRECV_WITHOUT_RETRY is a new macro (value of 3) (with a tunable)
119  * Why don't we just wait forever (receive an infinite # of times)?
120  * Because the server may have rebooted. More insidious is that some
121  * servers (ours) will drop NFS/TCP requests in some cases. This is bad,
122  * but it is a reality.
123  *
124  * The case of a server doing orderly release really messes up the
125  * client's recovery, especially if the server's TCP implementation is
126  * buggy.  It was found was that the kRPC/COTS client was breaking some
127  * TPI rules, such as not waiting for the acknowledgement of a
128  * T_DISCON_REQ (hence the added case statements T_ERROR_ACK, T_OK_ACK and
129  * T_DISCON_REQ in clnt_dispatch_notifyall()).
130  *
131  * One of things that we've seen is that a kRPC TCP endpoint goes into
132  * TIMEWAIT and a thus a reconnect takes a long time to satisfy because
133  * that the TIMEWAIT state takes a while to finish.  If a server sends a
134  * T_ORDREL_IND, there is little point in an RPC client doing a
135  * T_ORDREL_REQ, because the RPC request isn't going to make it (the
136  * server is saying that it won't accept any more data). So kRPC was
137  * changed to send a T_DISCON_REQ when we get a T_ORDREL_IND. So now the
138  * connection skips the TIMEWAIT state and goes straight to a bound state
139  * that kRPC can quickly switch to connected.
140  *
141  * Code that issues TPI request must use waitforack() to wait for the
142  * corresponding ack (assuming there is one) in any future modifications.
143  * This works around problems that may be introduced by breaking TPI rules
144  * (by submitting new calls before earlier requests have been acked) in the
145  * case of a signal or other early return.  waitforack() depends on
146  * clnt_dispatch_notifyconn() to issue the wakeup when the ack
147  * arrives, so adding new TPI calls may require corresponding changes
148  * to clnt_dispatch_notifyconn(). Presently, the timeout period is based on
149  * CLNT_MIN_TIMEOUT which is 10 seconds. If you modify this value, be sure
150  * not to set it too low or TPI ACKS will be lost.
151  */
152 
153 #include <sys/param.h>
154 #include <sys/types.h>
155 #include <sys/user.h>
156 #include <sys/systm.h>
157 #include <sys/sysmacros.h>
158 #include <sys/proc.h>
159 #include <sys/socket.h>
160 #include <sys/file.h>
161 #include <sys/stream.h>
162 #include <sys/strsubr.h>
163 #include <sys/stropts.h>
164 #include <sys/strsun.h>
165 #include <sys/timod.h>
166 #include <sys/tiuser.h>
167 #include <sys/tihdr.h>
168 #include <sys/t_kuser.h>
169 #include <sys/fcntl.h>
170 #include <sys/errno.h>
171 #include <sys/kmem.h>
172 #include <sys/debug.h>
173 #include <sys/systm.h>
174 #include <sys/kstat.h>
175 #include <sys/t_lock.h>
176 #include <sys/ddi.h>
177 #include <sys/cmn_err.h>
178 #include <sys/time.h>
179 #include <sys/isa_defs.h>
180 #include <sys/callb.h>
181 #include <sys/sunddi.h>
182 #include <sys/atomic.h>
183 #include <sys/sdt.h>
184 
185 #include <netinet/in.h>
186 #include <netinet/tcp.h>
187 
188 #include <rpc/types.h>
189 #include <rpc/xdr.h>
190 #include <rpc/auth.h>
191 #include <rpc/clnt.h>
192 #include <rpc/rpc_msg.h>
193 
194 #define	COTS_DEFAULT_ALLOCSIZE	2048
195 
196 #define	WIRE_HDR_SIZE	20	/* serialized call header, sans proc number */
197 #define	MSG_OFFSET	128	/* offset of call into the mblk */
198 
199 const char *kinet_ntop6(uchar_t *, char *, size_t);
200 
201 static int	clnt_cots_ksettimers(CLIENT *, struct rpc_timers *,
202     struct rpc_timers *, int, void(*)(int, int, caddr_t), caddr_t, uint32_t);
203 static enum clnt_stat	clnt_cots_kcallit(CLIENT *, rpcproc_t, xdrproc_t,
204     caddr_t, xdrproc_t, caddr_t, struct timeval);
205 static void	clnt_cots_kabort(CLIENT *);
206 static void	clnt_cots_kerror(CLIENT *, struct rpc_err *);
207 static bool_t	clnt_cots_kfreeres(CLIENT *, xdrproc_t, caddr_t);
208 static void	clnt_cots_kdestroy(CLIENT *);
209 static bool_t	clnt_cots_kcontrol(CLIENT *, int, char *);
210 
211 
212 /* List of transports managed by the connection manager. */
213 struct cm_xprt {
214 	TIUSER		*x_tiptr;	/* transport handle */
215 	queue_t		*x_wq;		/* send queue */
216 	clock_t		x_time;		/* last time we handed this xprt out */
217 	clock_t		x_ctime;	/* time we went to CONNECTED */
218 	int		x_tidu_size;    /* TIDU size of this transport */
219 	union {
220 	    struct {
221 		unsigned int
222 #ifdef	_BIT_FIELDS_HTOL
223 		b_closing:	1,	/* we've sent a ord rel on this conn */
224 		b_dead:		1,	/* transport is closed or disconn */
225 		b_doomed:	1,	/* too many conns, let this go idle */
226 		b_connected:	1,	/* this connection is connected */
227 
228 		b_ordrel:	1,	/* do an orderly release? */
229 		b_thread:	1,	/* thread doing connect */
230 		b_waitdis:	1,	/* waiting for disconnect ACK */
231 		b_needdis:	1,	/* need T_DISCON_REQ */
232 
233 		b_needrel:	1,	/* need T_ORDREL_REQ */
234 		b_early_disc:	1,	/* got a T_ORDREL_IND or T_DISCON_IND */
235 					/* disconnect during connect */
236 
237 		b_pad:		22;
238 
239 #endif
240 
241 #ifdef	_BIT_FIELDS_LTOH
242 		b_pad:		22,
243 
244 		b_early_disc:	1,	/* got a T_ORDREL_IND or T_DISCON_IND */
245 					/* disconnect during connect */
246 		b_needrel:	1,	/* need T_ORDREL_REQ */
247 
248 		b_needdis:	1,	/* need T_DISCON_REQ */
249 		b_waitdis:	1,	/* waiting for disconnect ACK */
250 		b_thread:	1,	/* thread doing connect */
251 		b_ordrel:	1,	/* do an orderly release? */
252 
253 		b_connected:	1,	/* this connection is connected */
254 		b_doomed:	1,	/* too many conns, let this go idle */
255 		b_dead:		1,	/* transport is closed or disconn */
256 		b_closing:	1;	/* we've sent a ord rel on this conn */
257 #endif
258 	    } bit;	    unsigned int word;
259 
260 #define	x_closing	x_state.bit.b_closing
261 #define	x_dead		x_state.bit.b_dead
262 #define	x_doomed	x_state.bit.b_doomed
263 #define	x_connected	x_state.bit.b_connected
264 
265 #define	x_ordrel	x_state.bit.b_ordrel
266 #define	x_thread	x_state.bit.b_thread
267 #define	x_waitdis	x_state.bit.b_waitdis
268 #define	x_needdis	x_state.bit.b_needdis
269 
270 #define	x_needrel	x_state.bit.b_needrel
271 #define	x_early_disc    x_state.bit.b_early_disc
272 
273 #define	x_state_flags	x_state.word
274 
275 #define	X_CLOSING	0x80000000
276 #define	X_DEAD		0x40000000
277 #define	X_DOOMED	0x20000000
278 #define	X_CONNECTED	0x10000000
279 
280 #define	X_ORDREL	0x08000000
281 #define	X_THREAD	0x04000000
282 #define	X_WAITDIS	0x02000000
283 #define	X_NEEDDIS	0x01000000
284 
285 #define	X_NEEDREL	0x00800000
286 #define	X_EARLYDISC	0x00400000
287 
288 #define	X_BADSTATES	(X_CLOSING | X_DEAD | X_DOOMED)
289 
290 	}		x_state;
291 	int		x_ref;		/* number of users of this xprt */
292 	int		x_family;	/* address family of transport */
293 	dev_t		x_rdev;		/* device number of transport */
294 	struct cm_xprt	*x_next;
295 
296 	struct netbuf	x_server;	/* destination address */
297 	struct netbuf	x_src;		/* src address (for retries) */
298 	kmutex_t	x_lock;		/* lock on this entry */
299 	kcondvar_t	x_cv;		/* to signal when can be closed */
300 	kcondvar_t	x_conn_cv;	/* to signal when connection attempt */
301 					/* is complete */
302 	kstat_t		*x_ksp;
303 
304 	kcondvar_t	x_dis_cv;	/* to signal when disconnect attempt */
305 					/* is complete */
306 	zoneid_t	x_zoneid;	/* zone this xprt belongs to */
307 };
308 
309 typedef struct cm_kstat_xprt {
310 	kstat_named_t	x_wq;
311 	kstat_named_t	x_server;
312 	kstat_named_t	x_family;
313 	kstat_named_t	x_rdev;
314 	kstat_named_t	x_time;
315 	kstat_named_t	x_state;
316 	kstat_named_t	x_ref;
317 	kstat_named_t	x_port;
318 } cm_kstat_xprt_t;
319 
320 static cm_kstat_xprt_t cm_kstat_template = {
321 	{ "write_queue", KSTAT_DATA_UINT32 },
322 	{ "server",	KSTAT_DATA_STRING },
323 	{ "addr_family", KSTAT_DATA_UINT32 },
324 	{ "device",	KSTAT_DATA_UINT32 },
325 	{ "time_stamp",	KSTAT_DATA_UINT32 },
326 	{ "status",	KSTAT_DATA_UINT32 },
327 	{ "ref_count",	KSTAT_DATA_INT32 },
328 	{ "port",	KSTAT_DATA_UINT32 },
329 };
330 
331 /*
332  * The inverse of this is connmgr_release().
333  */
334 #define	CONN_HOLD(Cm_entry)	{\
335 	mutex_enter(&(Cm_entry)->x_lock);	\
336 	(Cm_entry)->x_ref++;	\
337 	mutex_exit(&(Cm_entry)->x_lock);	\
338 }
339 
340 
341 /*
342  * Private data per rpc handle.  This structure is allocated by
343  * clnt_cots_kcreate, and freed by clnt_cots_kdestroy.
344  */
345 typedef struct cku_private_s {
346 	CLIENT			cku_client;	/* client handle */
347 	calllist_t		cku_call;	/* for dispatching calls */
348 	struct rpc_err		cku_err;	/* error status */
349 
350 	struct netbuf		cku_srcaddr;	/* source address for retries */
351 	int			cku_addrfmly;  /* for binding port */
352 	struct netbuf		cku_addr;	/* remote address */
353 	dev_t			cku_device;	/* device to use */
354 	uint_t			cku_flags;
355 #define	CKU_ONQUEUE		0x1
356 #define	CKU_SENT		0x2
357 
358 	bool_t			cku_progress;	/* for CLSET_PROGRESS */
359 	uint32_t		cku_xid;	/* current XID */
360 	clock_t			cku_ctime;	/* time stamp of when */
361 						/* connection was created */
362 	uint_t			cku_recv_attempts;
363 	XDR			cku_outxdr;	/* xdr routine for output */
364 	XDR			cku_inxdr;	/* xdr routine for input */
365 	char			cku_rpchdr[WIRE_HDR_SIZE + 4];
366 						/* pre-serialized rpc header */
367 
368 	uint_t			cku_outbuflen;	/* default output mblk length */
369 	struct cred		*cku_cred;	/* credentials */
370 	bool_t			cku_nodelayonerr;
371 						/* for CLSET_NODELAYONERR */
372 	int			cku_useresvport; /* Use reserved port */
373 	struct rpc_cots_client	*cku_stats;	/* stats for zone */
374 } cku_private_t;
375 
376 static struct cm_xprt *connmgr_wrapconnect(struct cm_xprt *,
377 	const struct timeval *, struct netbuf *, int, struct netbuf *,
378 	struct rpc_err *, bool_t, bool_t, cred_t *);
379 
380 static bool_t	connmgr_connect(struct cm_xprt *, queue_t *, struct netbuf *,
381 				int, calllist_t *, int *, bool_t reconnect,
382 				const struct timeval *, bool_t, cred_t *);
383 
384 static void	*connmgr_opt_getoff(mblk_t *mp, t_uscalar_t offset,
385 				t_uscalar_t length, uint_t align_size);
386 static bool_t	connmgr_setbufsz(calllist_t *e, queue_t *wq, cred_t *cr);
387 static bool_t	connmgr_getopt_int(queue_t *wq, int level, int name, int *val,
388 				calllist_t *e, cred_t *cr);
389 static bool_t	connmgr_setopt_int(queue_t *wq, int level, int name, int val,
390 				calllist_t *e, cred_t *cr);
391 static bool_t	connmgr_setopt(queue_t *, int, int, calllist_t *, cred_t *cr);
392 static void	connmgr_sndrel(struct cm_xprt *);
393 static void	connmgr_snddis(struct cm_xprt *);
394 static void	connmgr_close(struct cm_xprt *);
395 static void	connmgr_release(struct cm_xprt *);
396 static struct cm_xprt *connmgr_wrapget(struct netbuf *, const struct timeval *,
397 	cku_private_t *);
398 
399 static struct cm_xprt *connmgr_get(struct netbuf *, const struct timeval *,
400 	struct netbuf *, int, struct netbuf *, struct rpc_err *, dev_t,
401 	bool_t, int, cred_t *);
402 
403 static void connmgr_cancelconn(struct cm_xprt *);
404 static enum clnt_stat connmgr_cwait(struct cm_xprt *, const struct timeval *,
405 	bool_t);
406 static void connmgr_dis_and_wait(struct cm_xprt *);
407 
408 static int	clnt_dispatch_send(queue_t *, mblk_t *, calllist_t *, uint_t,
409 					uint_t);
410 
411 static int clnt_delay(clock_t, bool_t);
412 
413 static int waitforack(calllist_t *, t_scalar_t, const struct timeval *, bool_t);
414 
415 /*
416  * Operations vector for TCP/IP based RPC
417  */
418 static struct clnt_ops tcp_ops = {
419 	clnt_cots_kcallit,	/* do rpc call */
420 	clnt_cots_kabort,	/* abort call */
421 	clnt_cots_kerror,	/* return error status */
422 	clnt_cots_kfreeres,	/* free results */
423 	clnt_cots_kdestroy,	/* destroy rpc handle */
424 	clnt_cots_kcontrol,	/* the ioctl() of rpc */
425 	clnt_cots_ksettimers,	/* set retry timers */
426 };
427 
428 static int rpc_kstat_instance = 0;  /* keeps the current instance */
429 				/* number for the next kstat_create */
430 
431 static struct cm_xprt *cm_hd = NULL;
432 static kmutex_t connmgr_lock;	/* for connection mngr's list of transports */
433 
434 extern kmutex_t clnt_max_msg_lock;
435 
436 static calllist_t *clnt_pending = NULL;
437 extern kmutex_t clnt_pending_lock;
438 
439 static int clnt_cots_hash_size = DEFAULT_HASH_SIZE;
440 
441 static call_table_t *cots_call_ht;
442 
443 static const struct rpc_cots_client {
444 	kstat_named_t	rccalls;
445 	kstat_named_t	rcbadcalls;
446 	kstat_named_t	rcbadxids;
447 	kstat_named_t	rctimeouts;
448 	kstat_named_t	rcnewcreds;
449 	kstat_named_t	rcbadverfs;
450 	kstat_named_t	rctimers;
451 	kstat_named_t	rccantconn;
452 	kstat_named_t	rcnomem;
453 	kstat_named_t	rcintrs;
454 } cots_rcstat_tmpl = {
455 	{ "calls",	KSTAT_DATA_UINT64 },
456 	{ "badcalls",	KSTAT_DATA_UINT64 },
457 	{ "badxids",	KSTAT_DATA_UINT64 },
458 	{ "timeouts",	KSTAT_DATA_UINT64 },
459 	{ "newcreds",	KSTAT_DATA_UINT64 },
460 	{ "badverfs",	KSTAT_DATA_UINT64 },
461 	{ "timers",	KSTAT_DATA_UINT64 },
462 	{ "cantconn",	KSTAT_DATA_UINT64 },
463 	{ "nomem",	KSTAT_DATA_UINT64 },
464 	{ "interrupts", KSTAT_DATA_UINT64 }
465 };
466 
467 #define	COTSRCSTAT_INCR(p, x)	\
468 	atomic_add_64(&(p)->x.value.ui64, 1)
469 
470 #define	CLNT_MAX_CONNS	1	/* concurrent connections between clnt/srvr */
471 int clnt_max_conns = CLNT_MAX_CONNS;
472 
473 #define	CLNT_MIN_TIMEOUT	10	/* seconds to wait after we get a */
474 					/* connection reset */
475 #define	CLNT_MIN_CONNTIMEOUT	5	/* seconds to wait for a connection */
476 
477 
478 int clnt_cots_min_tout = CLNT_MIN_TIMEOUT;
479 int clnt_cots_min_conntout = CLNT_MIN_CONNTIMEOUT;
480 
481 /*
482  * Limit the number of times we will attempt to receive a reply without
483  * re-sending a response.
484  */
485 #define	CLNT_MAXRECV_WITHOUT_RETRY	3
486 uint_t clnt_cots_maxrecv	= CLNT_MAXRECV_WITHOUT_RETRY;
487 
488 uint_t *clnt_max_msg_sizep;
489 void (*clnt_stop_idle)(queue_t *wq);
490 
491 #define	ptoh(p)		(&((p)->cku_client))
492 #define	htop(h)		((cku_private_t *)((h)->cl_private))
493 
494 /*
495  * Times to retry
496  */
497 #define	REFRESHES	2	/* authentication refreshes */
498 
499 /*
500  * The following is used to determine the global default behavior for
501  * COTS when binding to a local port.
502  *
503  * If the value is set to 1 the default will be to select a reserved
504  * (aka privileged) port, if the value is zero the default will be to
505  * use non-reserved ports.  Users of kRPC may override this by using
506  * CLNT_CONTROL() and CLSET_BINDRESVPORT.
507  */
508 int clnt_cots_do_bindresvport = 1;
509 
510 static zone_key_t zone_cots_key;
511 
512 /*
513  * Defaults TCP send and receive buffer size for RPC connections.
514  * These values can be tuned by /etc/system.
515  */
516 int rpc_send_bufsz = 1024*1024;
517 int rpc_recv_bufsz = 1024*1024;
518 /*
519  * To use system-wide default for TCP send and receive buffer size,
520  * use /etc/system to set rpc_default_tcp_bufsz to 1:
521  *
522  * set rpcmod:rpc_default_tcp_bufsz=1
523  */
524 int rpc_default_tcp_bufsz = 0;
525 
526 /*
527  * We need to do this after all kernel threads in the zone have exited.
528  */
529 /* ARGSUSED */
530 static void
531 clnt_zone_destroy(zoneid_t zoneid, void *unused)
532 {
533 	struct cm_xprt **cmp;
534 	struct cm_xprt *cm_entry;
535 	struct cm_xprt *freelist = NULL;
536 
537 	mutex_enter(&connmgr_lock);
538 	cmp = &cm_hd;
539 	while ((cm_entry = *cmp) != NULL) {
540 		if (cm_entry->x_zoneid == zoneid) {
541 			*cmp = cm_entry->x_next;
542 			cm_entry->x_next = freelist;
543 			freelist = cm_entry;
544 		} else {
545 			cmp = &cm_entry->x_next;
546 		}
547 	}
548 	mutex_exit(&connmgr_lock);
549 	while ((cm_entry = freelist) != NULL) {
550 		freelist = cm_entry->x_next;
551 		connmgr_close(cm_entry);
552 	}
553 }
554 
555 int
556 clnt_cots_kcreate(dev_t dev, struct netbuf *addr, int family, rpcprog_t prog,
557 	rpcvers_t vers, uint_t max_msgsize, cred_t *cred, CLIENT **ncl)
558 {
559 	CLIENT *h;
560 	cku_private_t *p;
561 	struct rpc_msg call_msg;
562 	struct rpcstat *rpcstat;
563 
564 	RPCLOG(8, "clnt_cots_kcreate: prog %u\n", prog);
565 
566 	rpcstat = zone_getspecific(rpcstat_zone_key, rpc_zone());
567 	ASSERT(rpcstat != NULL);
568 
569 	/* Allocate and intialize the client handle. */
570 	p = kmem_zalloc(sizeof (*p), KM_SLEEP);
571 
572 	h = ptoh(p);
573 
574 	h->cl_private = (caddr_t)p;
575 	h->cl_auth = authkern_create();
576 	h->cl_ops = &tcp_ops;
577 
578 	cv_init(&p->cku_call.call_cv, NULL, CV_DEFAULT, NULL);
579 	mutex_init(&p->cku_call.call_lock, NULL, MUTEX_DEFAULT, NULL);
580 
581 	/*
582 	 * If the current sanity check size in rpcmod is smaller
583 	 * than the size needed, then increase the sanity check.
584 	 */
585 	if (max_msgsize != 0 && clnt_max_msg_sizep != NULL &&
586 	    max_msgsize > *clnt_max_msg_sizep) {
587 		mutex_enter(&clnt_max_msg_lock);
588 		if (max_msgsize > *clnt_max_msg_sizep)
589 			*clnt_max_msg_sizep = max_msgsize;
590 		mutex_exit(&clnt_max_msg_lock);
591 	}
592 
593 	p->cku_outbuflen = COTS_DEFAULT_ALLOCSIZE;
594 
595 	/* Preserialize the call message header */
596 
597 	call_msg.rm_xid = 0;
598 	call_msg.rm_direction = CALL;
599 	call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
600 	call_msg.rm_call.cb_prog = prog;
601 	call_msg.rm_call.cb_vers = vers;
602 
603 	xdrmem_create(&p->cku_outxdr, p->cku_rpchdr, WIRE_HDR_SIZE, XDR_ENCODE);
604 
605 	if (!xdr_callhdr(&p->cku_outxdr, &call_msg)) {
606 		RPCLOG0(1, "clnt_cots_kcreate - Fatal header serialization "
607 		    "error\n");
608 		auth_destroy(h->cl_auth);
609 		kmem_free(p, sizeof (cku_private_t));
610 		RPCLOG0(1, "clnt_cots_kcreate: create failed error EINVAL\n");
611 		return (EINVAL);		/* XXX */
612 	}
613 
614 	/*
615 	 * The zalloc initialized the fields below.
616 	 * p->cku_xid = 0;
617 	 * p->cku_flags = 0;
618 	 * p->cku_srcaddr.len = 0;
619 	 * p->cku_srcaddr.maxlen = 0;
620 	 */
621 
622 	p->cku_cred = cred;
623 	p->cku_device = dev;
624 	p->cku_addrfmly = family;
625 	p->cku_addr.buf = kmem_zalloc(addr->maxlen, KM_SLEEP);
626 	p->cku_addr.maxlen = addr->maxlen;
627 	p->cku_addr.len = addr->len;
628 	bcopy(addr->buf, p->cku_addr.buf, addr->len);
629 	p->cku_stats = rpcstat->rpc_cots_client;
630 	p->cku_useresvport = -1; /* value is has not been set */
631 
632 	*ncl = h;
633 	return (0);
634 }
635 
636 /*ARGSUSED*/
637 static void
638 clnt_cots_kabort(CLIENT *h)
639 {
640 }
641 
642 /*
643  * Return error info on this handle.
644  */
645 static void
646 clnt_cots_kerror(CLIENT *h, struct rpc_err *err)
647 {
648 	/* LINTED pointer alignment */
649 	cku_private_t *p = htop(h);
650 
651 	*err = p->cku_err;
652 }
653 
654 static bool_t
655 clnt_cots_kfreeres(CLIENT *h, xdrproc_t xdr_res, caddr_t res_ptr)
656 {
657 	/* LINTED pointer alignment */
658 	cku_private_t *p = htop(h);
659 	XDR *xdrs;
660 
661 	xdrs = &(p->cku_outxdr);
662 	xdrs->x_op = XDR_FREE;
663 	return ((*xdr_res)(xdrs, res_ptr));
664 }
665 
666 static bool_t
667 clnt_cots_kcontrol(CLIENT *h, int cmd, char *arg)
668 {
669 	cku_private_t *p = htop(h);
670 
671 	switch (cmd) {
672 	case CLSET_PROGRESS:
673 		p->cku_progress = TRUE;
674 		return (TRUE);
675 
676 	case CLSET_XID:
677 		if (arg == NULL)
678 			return (FALSE);
679 
680 		p->cku_xid = *((uint32_t *)arg);
681 		return (TRUE);
682 
683 	case CLGET_XID:
684 		if (arg == NULL)
685 			return (FALSE);
686 
687 		*((uint32_t *)arg) = p->cku_xid;
688 		return (TRUE);
689 
690 	case CLSET_NODELAYONERR:
691 		if (arg == NULL)
692 			return (FALSE);
693 
694 		if (*((bool_t *)arg) == TRUE) {
695 			p->cku_nodelayonerr = TRUE;
696 			return (TRUE);
697 		}
698 		if (*((bool_t *)arg) == FALSE) {
699 			p->cku_nodelayonerr = FALSE;
700 			return (TRUE);
701 		}
702 		return (FALSE);
703 
704 	case CLGET_NODELAYONERR:
705 		if (arg == NULL)
706 			return (FALSE);
707 
708 		*((bool_t *)arg) = p->cku_nodelayonerr;
709 		return (TRUE);
710 
711 	case CLSET_BINDRESVPORT:
712 		if (arg == NULL)
713 			return (FALSE);
714 
715 		if (*(int *)arg != 1 && *(int *)arg != 0)
716 			return (FALSE);
717 
718 		p->cku_useresvport = *(int *)arg;
719 
720 		return (TRUE);
721 
722 	case CLGET_BINDRESVPORT:
723 		if (arg == NULL)
724 			return (FALSE);
725 
726 		*(int *)arg = p->cku_useresvport;
727 
728 		return (TRUE);
729 
730 	default:
731 		return (FALSE);
732 	}
733 }
734 
735 /*
736  * Destroy rpc handle.  Frees the space used for output buffer,
737  * private data, and handle structure.
738  */
739 static void
740 clnt_cots_kdestroy(CLIENT *h)
741 {
742 	/* LINTED pointer alignment */
743 	cku_private_t *p = htop(h);
744 	calllist_t *call = &p->cku_call;
745 
746 	RPCLOG(8, "clnt_cots_kdestroy h: %p\n", (void *)h);
747 	RPCLOG(8, "clnt_cots_kdestroy h: xid=0x%x\n", p->cku_xid);
748 
749 	if (p->cku_flags & CKU_ONQUEUE) {
750 		RPCLOG(64, "clnt_cots_kdestroy h: removing call for xid 0x%x "
751 		    "from dispatch list\n", p->cku_xid);
752 		call_table_remove(call);
753 	}
754 
755 	if (call->call_reply)
756 		freemsg(call->call_reply);
757 	cv_destroy(&call->call_cv);
758 	mutex_destroy(&call->call_lock);
759 
760 	kmem_free(p->cku_srcaddr.buf, p->cku_srcaddr.maxlen);
761 	kmem_free(p->cku_addr.buf, p->cku_addr.maxlen);
762 	kmem_free(p, sizeof (*p));
763 }
764 
765 static int clnt_cots_pulls;
766 #define	RM_HDR_SIZE	4	/* record mark header size */
767 
768 /*
769  * Call remote procedure.
770  */
771 static enum clnt_stat
772 clnt_cots_kcallit(CLIENT *h, rpcproc_t procnum, xdrproc_t xdr_args,
773     caddr_t argsp, xdrproc_t xdr_results, caddr_t resultsp, struct timeval wait)
774 {
775 	/* LINTED pointer alignment */
776 	cku_private_t *p = htop(h);
777 	calllist_t *call = &p->cku_call;
778 	XDR *xdrs;
779 	struct rpc_msg reply_msg;
780 	mblk_t *mp;
781 #ifdef	RPCDEBUG
782 	clock_t time_sent;
783 #endif
784 	struct netbuf *retryaddr;
785 	struct cm_xprt *cm_entry = NULL;
786 	queue_t *wq;
787 	int len, waitsecs, max_waitsecs;
788 	int mpsize;
789 	int refreshes = REFRESHES;
790 	int interrupted;
791 	int tidu_size;
792 	enum clnt_stat status;
793 	struct timeval cwait;
794 	bool_t delay_first = FALSE;
795 	clock_t ticks;
796 
797 	RPCLOG(2, "clnt_cots_kcallit, procnum %u\n", procnum);
798 	COTSRCSTAT_INCR(p->cku_stats, rccalls);
799 
800 	RPCLOG(2, "clnt_cots_kcallit: wait.tv_sec: %ld\n", wait.tv_sec);
801 	RPCLOG(2, "clnt_cots_kcallit: wait.tv_usec: %ld\n", wait.tv_usec);
802 	/*
803 	 * Bug ID 1240234:
804 	 * Look out for zero length timeouts. We don't want to
805 	 * wait zero seconds for a connection to be established.
806 	 */
807 	if (wait.tv_sec < clnt_cots_min_conntout) {
808 		cwait.tv_sec = clnt_cots_min_conntout;
809 		cwait.tv_usec = 0;
810 		RPCLOG(8, "clnt_cots_kcallit: wait.tv_sec (%ld) too low,",
811 		    wait.tv_sec);
812 		RPCLOG(8, " setting to: %d\n", clnt_cots_min_conntout);
813 	} else {
814 		cwait = wait;
815 	}
816 
817 call_again:
818 	if (cm_entry) {
819 		connmgr_release(cm_entry);
820 		cm_entry = NULL;
821 	}
822 
823 	mp = NULL;
824 
825 	/*
826 	 * If the call is not a retry, allocate a new xid and cache it
827 	 * for future retries.
828 	 * Bug ID 1246045:
829 	 * Treat call as a retry for purposes of binding the source
830 	 * port only if we actually attempted to send anything on
831 	 * the previous call.
832 	 */
833 	if (p->cku_xid == 0) {
834 		p->cku_xid = alloc_xid();
835 		call->call_zoneid = rpc_zoneid();
836 
837 		/*
838 		 * We need to ASSERT here that our xid != 0 because this
839 		 * determines whether or not our call record gets placed on
840 		 * the hash table or the linked list.  By design, we mandate
841 		 * that RPC calls over cots must have xid's != 0, so we can
842 		 * ensure proper management of the hash table.
843 		 */
844 		ASSERT(p->cku_xid != 0);
845 
846 		retryaddr = NULL;
847 		p->cku_flags &= ~CKU_SENT;
848 
849 		if (p->cku_flags & CKU_ONQUEUE) {
850 			RPCLOG(8, "clnt_cots_kcallit: new call, dequeuing old"
851 			    " one (%p)\n", (void *)call);
852 			call_table_remove(call);
853 			p->cku_flags &= ~CKU_ONQUEUE;
854 			RPCLOG(64, "clnt_cots_kcallit: removing call from "
855 			    "dispatch list because xid was zero (now 0x%x)\n",
856 			    p->cku_xid);
857 		}
858 
859 		if (call->call_reply != NULL) {
860 			freemsg(call->call_reply);
861 			call->call_reply = NULL;
862 		}
863 	} else if (p->cku_srcaddr.buf == NULL || p->cku_srcaddr.len == 0) {
864 		retryaddr = NULL;
865 
866 	} else if (p->cku_flags & CKU_SENT) {
867 		retryaddr = &p->cku_srcaddr;
868 
869 	} else {
870 		/*
871 		 * Bug ID 1246045: Nothing was sent, so set retryaddr to
872 		 * NULL and let connmgr_get() bind to any source port it
873 		 * can get.
874 		 */
875 		retryaddr = NULL;
876 	}
877 
878 	RPCLOG(64, "clnt_cots_kcallit: xid = 0x%x", p->cku_xid);
879 	RPCLOG(64, " flags = 0x%x\n", p->cku_flags);
880 
881 	p->cku_err.re_status = RPC_TIMEDOUT;
882 	p->cku_err.re_errno = p->cku_err.re_terrno = 0;
883 
884 	cm_entry = connmgr_wrapget(retryaddr, &cwait, p);
885 
886 	if (cm_entry == NULL) {
887 		RPCLOG(1, "clnt_cots_kcallit: can't connect status %s\n",
888 		    clnt_sperrno(p->cku_err.re_status));
889 
890 		/*
891 		 * The reasons why we fail to create a connection are
892 		 * varied. In most cases we don't want the caller to
893 		 * immediately retry. This could have one or more
894 		 * bad effects. This includes flooding the net with
895 		 * connect requests to ports with no listener; a hard
896 		 * kernel loop due to all the "reserved" TCP ports being
897 		 * in use.
898 		 */
899 		delay_first = TRUE;
900 
901 		/*
902 		 * Even if we end up returning EINTR, we still count a
903 		 * a "can't connect", because the connection manager
904 		 * might have been committed to waiting for or timing out on
905 		 * a connection.
906 		 */
907 		COTSRCSTAT_INCR(p->cku_stats, rccantconn);
908 		switch (p->cku_err.re_status) {
909 		case RPC_INTR:
910 			p->cku_err.re_errno = EINTR;
911 
912 			/*
913 			 * No need to delay because a UNIX signal(2)
914 			 * interrupted us. The caller likely won't
915 			 * retry the CLNT_CALL() and even if it does,
916 			 * we assume the caller knows what it is doing.
917 			 */
918 			delay_first = FALSE;
919 			break;
920 
921 		case RPC_TIMEDOUT:
922 			p->cku_err.re_errno = ETIMEDOUT;
923 
924 			/*
925 			 * No need to delay because timed out already
926 			 * on the connection request and assume that the
927 			 * transport time out is longer than our minimum
928 			 * timeout, or least not too much smaller.
929 			 */
930 			delay_first = FALSE;
931 			break;
932 
933 		case RPC_SYSTEMERROR:
934 		case RPC_TLIERROR:
935 			/*
936 			 * We want to delay here because a transient
937 			 * system error has a better chance of going away
938 			 * if we delay a bit. If it's not transient, then
939 			 * we don't want end up in a hard kernel loop
940 			 * due to retries.
941 			 */
942 			ASSERT(p->cku_err.re_errno != 0);
943 			break;
944 
945 
946 		case RPC_CANTCONNECT:
947 			/*
948 			 * RPC_CANTCONNECT is set on T_ERROR_ACK which
949 			 * implies some error down in the TCP layer or
950 			 * below. If cku_nodelayonerror is set then we
951 			 * assume the caller knows not to try too hard.
952 			 */
953 			RPCLOG0(8, "clnt_cots_kcallit: connection failed,");
954 			RPCLOG0(8, " re_status=RPC_CANTCONNECT,");
955 			RPCLOG(8, " re_errno=%d,", p->cku_err.re_errno);
956 			RPCLOG(8, " cku_nodelayonerr=%d", p->cku_nodelayonerr);
957 			if (p->cku_nodelayonerr == TRUE)
958 				delay_first = FALSE;
959 
960 			p->cku_err.re_errno = EIO;
961 
962 			break;
963 
964 		case RPC_XPRTFAILED:
965 			/*
966 			 * We want to delay here because we likely
967 			 * got a refused connection.
968 			 */
969 			if (p->cku_err.re_errno == 0)
970 				p->cku_err.re_errno = EIO;
971 
972 			RPCLOG(1, "clnt_cots_kcallit: transport failed: %d\n",
973 			    p->cku_err.re_errno);
974 
975 			break;
976 
977 		default:
978 			/*
979 			 * We delay here because it is better to err
980 			 * on the side of caution. If we got here then
981 			 * status could have been RPC_SUCCESS, but we
982 			 * know that we did not get a connection, so
983 			 * force the rpc status to RPC_CANTCONNECT.
984 			 */
985 			p->cku_err.re_status = RPC_CANTCONNECT;
986 			p->cku_err.re_errno = EIO;
987 			break;
988 		}
989 		if (delay_first == TRUE)
990 			ticks = clnt_cots_min_tout * drv_usectohz(1000000);
991 		goto cots_done;
992 	}
993 
994 	/*
995 	 * If we've never sent any request on this connection (send count
996 	 * is zero, or the connection has been reset), cache the
997 	 * the connection's create time and send a request (possibly a retry)
998 	 */
999 	if ((p->cku_flags & CKU_SENT) == 0 ||
1000 	    p->cku_ctime != cm_entry->x_ctime) {
1001 		p->cku_ctime = cm_entry->x_ctime;
1002 
1003 	} else if ((p->cku_flags & CKU_SENT) && (p->cku_flags & CKU_ONQUEUE) &&
1004 	    (call->call_reply != NULL ||
1005 	    p->cku_recv_attempts < clnt_cots_maxrecv)) {
1006 
1007 		/*
1008 		 * If we've sent a request and our call is on the dispatch
1009 		 * queue and we haven't made too many receive attempts, then
1010 		 * don't re-send, just receive.
1011 		 */
1012 		p->cku_recv_attempts++;
1013 		goto read_again;
1014 	}
1015 
1016 	/*
1017 	 * Now we create the RPC request in a STREAMS message.  We have to do
1018 	 * this after the call to connmgr_get so that we have the correct
1019 	 * TIDU size for the transport.
1020 	 */
1021 	tidu_size = cm_entry->x_tidu_size;
1022 	len = MSG_OFFSET + MAX(tidu_size, RM_HDR_SIZE + WIRE_HDR_SIZE);
1023 
1024 	while ((mp = allocb(len, BPRI_MED)) == NULL) {
1025 		if (strwaitbuf(len, BPRI_MED)) {
1026 			p->cku_err.re_status = RPC_SYSTEMERROR;
1027 			p->cku_err.re_errno = ENOSR;
1028 			COTSRCSTAT_INCR(p->cku_stats, rcnomem);
1029 			goto cots_done;
1030 		}
1031 	}
1032 	xdrs = &p->cku_outxdr;
1033 	xdrmblk_init(xdrs, mp, XDR_ENCODE, tidu_size);
1034 	mpsize = MBLKSIZE(mp);
1035 	ASSERT(mpsize >= len);
1036 	ASSERT(mp->b_rptr == mp->b_datap->db_base);
1037 
1038 	/*
1039 	 * If the size of mblk is not appreciably larger than what we
1040 	 * asked, then resize the mblk to exactly len bytes. The reason for
1041 	 * this: suppose len is 1600 bytes, the tidu is 1460 bytes
1042 	 * (from TCP over ethernet), and the arguments to the RPC require
1043 	 * 2800 bytes. Ideally we want the protocol to render two
1044 	 * ~1400 byte segments over the wire. However if allocb() gives us a 2k
1045 	 * mblk, and we allocate a second mblk for the remainder, the protocol
1046 	 * module may generate 3 segments over the wire:
1047 	 * 1460 bytes for the first, 448 (2048 - 1600) for the second, and
1048 	 * 892 for the third. If we "waste" 448 bytes in the first mblk,
1049 	 * the XDR encoding will generate two ~1400 byte mblks, and the
1050 	 * protocol module is more likely to produce properly sized segments.
1051 	 */
1052 	if ((mpsize >> 1) <= len)
1053 		mp->b_rptr += (mpsize - len);
1054 
1055 	/*
1056 	 * Adjust b_rptr to reserve space for the non-data protocol headers
1057 	 * any downstream modules might like to add, and for the
1058 	 * record marking header.
1059 	 */
1060 	mp->b_rptr += (MSG_OFFSET + RM_HDR_SIZE);
1061 
1062 	if (h->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) {
1063 		/* Copy in the preserialized RPC header information. */
1064 		bcopy(p->cku_rpchdr, mp->b_rptr, WIRE_HDR_SIZE);
1065 
1066 		/* Use XDR_SETPOS() to set the b_wptr to past the RPC header. */
1067 		XDR_SETPOS(xdrs, (uint_t)(mp->b_rptr - mp->b_datap->db_base +
1068 		    WIRE_HDR_SIZE));
1069 
1070 		ASSERT((mp->b_wptr - mp->b_rptr) == WIRE_HDR_SIZE);
1071 
1072 		/* Serialize the procedure number and the arguments. */
1073 		if ((!XDR_PUTINT32(xdrs, (int32_t *)&procnum)) ||
1074 		    (!AUTH_MARSHALL(h->cl_auth, xdrs, p->cku_cred)) ||
1075 		    (!(*xdr_args)(xdrs, argsp))) {
1076 			p->cku_err.re_status = RPC_CANTENCODEARGS;
1077 			p->cku_err.re_errno = EIO;
1078 			goto cots_done;
1079 		}
1080 
1081 		(*(uint32_t *)(mp->b_rptr)) = p->cku_xid;
1082 	} else {
1083 		uint32_t *uproc = (uint32_t *)&p->cku_rpchdr[WIRE_HDR_SIZE];
1084 		IXDR_PUT_U_INT32(uproc, procnum);
1085 
1086 		(*(uint32_t *)(&p->cku_rpchdr[0])) = p->cku_xid;
1087 
1088 		/* Use XDR_SETPOS() to set the b_wptr. */
1089 		XDR_SETPOS(xdrs, (uint_t)(mp->b_rptr - mp->b_datap->db_base));
1090 
1091 		/* Serialize the procedure number and the arguments. */
1092 		if (!AUTH_WRAP(h->cl_auth, p->cku_rpchdr, WIRE_HDR_SIZE+4,
1093 		    xdrs, xdr_args, argsp)) {
1094 			p->cku_err.re_status = RPC_CANTENCODEARGS;
1095 			p->cku_err.re_errno = EIO;
1096 			goto cots_done;
1097 		}
1098 	}
1099 
1100 	RPCLOG(2, "clnt_cots_kcallit: connected, sending call, tidu_size %d\n",
1101 	    tidu_size);
1102 
1103 	wq = cm_entry->x_wq;
1104 	waitsecs = 0;
1105 
1106 dispatch_again:
1107 	status = clnt_dispatch_send(wq, mp, call, p->cku_xid,
1108 	    (p->cku_flags & CKU_ONQUEUE));
1109 
1110 	if ((status == RPC_CANTSEND) && (call->call_reason == ENOBUFS)) {
1111 		/*
1112 		 * QFULL condition, allow some time for queue to drain
1113 		 * and try again. Give up after waiting for all timeout
1114 		 * specified for the call, or zone is going away.
1115 		 */
1116 		max_waitsecs = wait.tv_sec ? wait.tv_sec : clnt_cots_min_tout;
1117 		if ((waitsecs++ < max_waitsecs) &&
1118 		    !(zone_status_get(curproc->p_zone) >=
1119 		    ZONE_IS_SHUTTING_DOWN)) {
1120 
1121 			/* wait 1 sec for queue to drain */
1122 			if (clnt_delay(drv_usectohz(1000000),
1123 			    h->cl_nosignal) == EINTR) {
1124 				p->cku_err.re_errno = EINTR;
1125 				p->cku_err.re_status = RPC_INTR;
1126 
1127 				goto cots_done;
1128 			}
1129 
1130 			/* and try again */
1131 			goto dispatch_again;
1132 		}
1133 		p->cku_err.re_status = status;
1134 		p->cku_err.re_errno = call->call_reason;
1135 		DTRACE_PROBE(krpc__e__clntcots__kcallit__cantsend);
1136 
1137 		goto cots_done;
1138 	}
1139 
1140 	if (waitsecs) {
1141 		/* adjust timeout to account for time wait to send */
1142 		wait.tv_sec -= waitsecs;
1143 		if (wait.tv_sec < 0) {
1144 			/* pick up reply on next retry */
1145 			wait.tv_sec = 0;
1146 		}
1147 		DTRACE_PROBE2(clnt_cots__sendwait, CLIENT *, h,
1148 		    int, waitsecs);
1149 	}
1150 
1151 	RPCLOG(64, "clnt_cots_kcallit: sent call for xid 0x%x\n",
1152 	    (uint_t)p->cku_xid);
1153 	p->cku_flags = (CKU_ONQUEUE|CKU_SENT);
1154 	p->cku_recv_attempts = 1;
1155 
1156 #ifdef	RPCDEBUG
1157 	time_sent = lbolt;
1158 #endif
1159 
1160 	/*
1161 	 * Wait for a reply or a timeout.  If there is no error or timeout,
1162 	 * (both indicated by call_status), call->call_reply will contain
1163 	 * the RPC reply message.
1164 	 */
1165 read_again:
1166 	mutex_enter(&call->call_lock);
1167 	interrupted = 0;
1168 	if (call->call_status == RPC_TIMEDOUT) {
1169 		/*
1170 		 * Indicate that the lwp is not to be stopped while waiting
1171 		 * for this network traffic.  This is to avoid deadlock while
1172 		 * debugging a process via /proc and also to avoid recursive
1173 		 * mutex_enter()s due to NFS page faults while stopping
1174 		 * (NFS holds locks when it calls here).
1175 		 */
1176 		clock_t cv_wait_ret;
1177 		clock_t timout;
1178 		clock_t oldlbolt;
1179 
1180 		klwp_t *lwp = ttolwp(curthread);
1181 
1182 		if (lwp != NULL)
1183 			lwp->lwp_nostop++;
1184 
1185 		oldlbolt = lbolt;
1186 		timout = wait.tv_sec * drv_usectohz(1000000) +
1187 		    drv_usectohz(wait.tv_usec) + oldlbolt;
1188 		/*
1189 		 * Iterate until the call_status is changed to something
1190 		 * other that RPC_TIMEDOUT, or if cv_timedwait_sig() returns
1191 		 * something <=0 zero. The latter means that we timed
1192 		 * out.
1193 		 */
1194 		if (h->cl_nosignal)
1195 			while ((cv_wait_ret = cv_timedwait(&call->call_cv,
1196 			    &call->call_lock, timout)) > 0 &&
1197 			    call->call_status == RPC_TIMEDOUT)
1198 				;
1199 		else
1200 			while ((cv_wait_ret = cv_timedwait_sig(
1201 			    &call->call_cv,
1202 			    &call->call_lock, timout)) > 0 &&
1203 			    call->call_status == RPC_TIMEDOUT)
1204 				;
1205 
1206 		switch (cv_wait_ret) {
1207 		case 0:
1208 			/*
1209 			 * If we got out of the above loop with
1210 			 * cv_timedwait_sig() returning 0, then we were
1211 			 * interrupted regardless what call_status is.
1212 			 */
1213 			interrupted = 1;
1214 			break;
1215 		case -1:
1216 			/* cv_timedwait_sig() timed out */
1217 			break;
1218 		default:
1219 
1220 			/*
1221 			 * We were cv_signaled(). If we didn't
1222 			 * get a successful call_status and returned
1223 			 * before time expired, delay up to clnt_cots_min_tout
1224 			 * seconds so that the caller doesn't immediately
1225 			 * try to call us again and thus force the
1226 			 * same condition that got us here (such
1227 			 * as a RPC_XPRTFAILED due to the server not
1228 			 * listening on the end-point.
1229 			 */
1230 			if (call->call_status != RPC_SUCCESS) {
1231 				clock_t curlbolt;
1232 				clock_t diff;
1233 
1234 				curlbolt = ddi_get_lbolt();
1235 				ticks = clnt_cots_min_tout *
1236 				    drv_usectohz(1000000);
1237 				diff = curlbolt - oldlbolt;
1238 				if (diff < ticks) {
1239 					delay_first = TRUE;
1240 					if (diff > 0)
1241 						ticks -= diff;
1242 				}
1243 			}
1244 			break;
1245 		}
1246 
1247 		if (lwp != NULL)
1248 			lwp->lwp_nostop--;
1249 	}
1250 	/*
1251 	 * Get the reply message, if any.  This will be freed at the end
1252 	 * whether or not an error occurred.
1253 	 */
1254 	mp = call->call_reply;
1255 	call->call_reply = NULL;
1256 
1257 	/*
1258 	 * call_err is the error info when the call is on dispatch queue.
1259 	 * cku_err is the error info returned to the caller.
1260 	 * Sync cku_err with call_err for local message processing.
1261 	 */
1262 
1263 	status = call->call_status;
1264 	p->cku_err = call->call_err;
1265 	mutex_exit(&call->call_lock);
1266 
1267 	if (status != RPC_SUCCESS) {
1268 		switch (status) {
1269 		case RPC_TIMEDOUT:
1270 			if (interrupted) {
1271 				COTSRCSTAT_INCR(p->cku_stats, rcintrs);
1272 				p->cku_err.re_status = RPC_INTR;
1273 				p->cku_err.re_errno = EINTR;
1274 				RPCLOG(1, "clnt_cots_kcallit: xid 0x%x",
1275 				    p->cku_xid);
1276 				RPCLOG(1, "signal interrupted at %ld", lbolt);
1277 				RPCLOG(1, ", was sent at %ld\n", time_sent);
1278 			} else {
1279 				COTSRCSTAT_INCR(p->cku_stats, rctimeouts);
1280 				p->cku_err.re_errno = ETIMEDOUT;
1281 				RPCLOG(1, "clnt_cots_kcallit: timed out at %ld",
1282 				    lbolt);
1283 				RPCLOG(1, ", was sent at %ld\n", time_sent);
1284 			}
1285 			break;
1286 
1287 		case RPC_XPRTFAILED:
1288 			if (p->cku_err.re_errno == 0)
1289 				p->cku_err.re_errno = EIO;
1290 
1291 			RPCLOG(1, "clnt_cots_kcallit: transport failed: %d\n",
1292 			    p->cku_err.re_errno);
1293 			break;
1294 
1295 		case RPC_SYSTEMERROR:
1296 			ASSERT(p->cku_err.re_errno);
1297 			RPCLOG(1, "clnt_cots_kcallit: system error: %d\n",
1298 			    p->cku_err.re_errno);
1299 			break;
1300 
1301 		default:
1302 			p->cku_err.re_status = RPC_SYSTEMERROR;
1303 			p->cku_err.re_errno = EIO;
1304 			RPCLOG(1, "clnt_cots_kcallit: error: %s\n",
1305 			    clnt_sperrno(status));
1306 			break;
1307 		}
1308 		if (p->cku_err.re_status != RPC_TIMEDOUT) {
1309 
1310 			if (p->cku_flags & CKU_ONQUEUE) {
1311 				call_table_remove(call);
1312 				p->cku_flags &= ~CKU_ONQUEUE;
1313 			}
1314 
1315 			RPCLOG(64, "clnt_cots_kcallit: non TIMEOUT so xid 0x%x "
1316 			    "taken off dispatch list\n", p->cku_xid);
1317 			if (call->call_reply) {
1318 				freemsg(call->call_reply);
1319 				call->call_reply = NULL;
1320 			}
1321 		} else if (wait.tv_sec != 0) {
1322 			/*
1323 			 * We've sent the request over TCP and so we have
1324 			 * every reason to believe it will get
1325 			 * delivered. In which case returning a timeout is not
1326 			 * appropriate.
1327 			 */
1328 			if (p->cku_progress == TRUE &&
1329 			    p->cku_recv_attempts < clnt_cots_maxrecv) {
1330 				p->cku_err.re_status = RPC_INPROGRESS;
1331 			}
1332 		}
1333 		goto cots_done;
1334 	}
1335 
1336 	xdrs = &p->cku_inxdr;
1337 	xdrmblk_init(xdrs, mp, XDR_DECODE, 0);
1338 
1339 	reply_msg.rm_direction = REPLY;
1340 	reply_msg.rm_reply.rp_stat = MSG_ACCEPTED;
1341 	reply_msg.acpted_rply.ar_stat = SUCCESS;
1342 
1343 	reply_msg.acpted_rply.ar_verf = _null_auth;
1344 	/*
1345 	 *  xdr_results will be done in AUTH_UNWRAP.
1346 	 */
1347 	reply_msg.acpted_rply.ar_results.where = NULL;
1348 	reply_msg.acpted_rply.ar_results.proc = xdr_void;
1349 
1350 	if (xdr_replymsg(xdrs, &reply_msg)) {
1351 		enum clnt_stat re_status;
1352 
1353 		_seterr_reply(&reply_msg, &p->cku_err);
1354 
1355 		re_status = p->cku_err.re_status;
1356 		if (re_status == RPC_SUCCESS) {
1357 			/*
1358 			 * Reply is good, check auth.
1359 			 */
1360 			if (!AUTH_VALIDATE(h->cl_auth,
1361 			    &reply_msg.acpted_rply.ar_verf)) {
1362 				COTSRCSTAT_INCR(p->cku_stats, rcbadverfs);
1363 				RPCLOG0(1, "clnt_cots_kcallit: validation "
1364 				    "failure\n");
1365 				freemsg(mp);
1366 				(void) xdr_rpc_free_verifier(xdrs, &reply_msg);
1367 				mutex_enter(&call->call_lock);
1368 				if (call->call_reply == NULL)
1369 					call->call_status = RPC_TIMEDOUT;
1370 				mutex_exit(&call->call_lock);
1371 				goto read_again;
1372 			} else if (!AUTH_UNWRAP(h->cl_auth, xdrs,
1373 			    xdr_results, resultsp)) {
1374 				RPCLOG0(1, "clnt_cots_kcallit: validation "
1375 				    "failure (unwrap)\n");
1376 				p->cku_err.re_status = RPC_CANTDECODERES;
1377 				p->cku_err.re_errno = EIO;
1378 			}
1379 		} else {
1380 			/* set errno in case we can't recover */
1381 			if (re_status != RPC_VERSMISMATCH &&
1382 			    re_status != RPC_AUTHERROR &&
1383 			    re_status != RPC_PROGVERSMISMATCH)
1384 				p->cku_err.re_errno = EIO;
1385 
1386 			if (re_status == RPC_AUTHERROR) {
1387 				/*
1388 				 * Maybe our credential need to be refreshed
1389 				 */
1390 				if (cm_entry) {
1391 					/*
1392 					 * There is the potential that the
1393 					 * cm_entry has/will be marked dead,
1394 					 * so drop the connection altogether,
1395 					 * force REFRESH to establish new
1396 					 * connection.
1397 					 */
1398 					connmgr_cancelconn(cm_entry);
1399 					cm_entry = NULL;
1400 				}
1401 
1402 				if ((refreshes > 0) &&
1403 				    AUTH_REFRESH(h->cl_auth, &reply_msg,
1404 				    p->cku_cred)) {
1405 					refreshes--;
1406 					(void) xdr_rpc_free_verifier(xdrs,
1407 					    &reply_msg);
1408 					freemsg(mp);
1409 					mp = NULL;
1410 
1411 					if (p->cku_flags & CKU_ONQUEUE) {
1412 						call_table_remove(call);
1413 						p->cku_flags &= ~CKU_ONQUEUE;
1414 					}
1415 
1416 					RPCLOG(64,
1417 					    "clnt_cots_kcallit: AUTH_ERROR, xid"
1418 					    " 0x%x removed off dispatch list\n",
1419 					    p->cku_xid);
1420 					if (call->call_reply) {
1421 						freemsg(call->call_reply);
1422 						call->call_reply = NULL;
1423 					}
1424 
1425 					COTSRCSTAT_INCR(p->cku_stats,
1426 					    rcbadcalls);
1427 					COTSRCSTAT_INCR(p->cku_stats,
1428 					    rcnewcreds);
1429 					goto call_again;
1430 				}
1431 
1432 				/*
1433 				 * We have used the client handle to
1434 				 * do an AUTH_REFRESH and the RPC status may
1435 				 * be set to RPC_SUCCESS; Let's make sure to
1436 				 * set it to RPC_AUTHERROR.
1437 				 */
1438 				p->cku_err.re_status = RPC_AUTHERROR;
1439 
1440 				/*
1441 				 * Map recoverable and unrecoverable
1442 				 * authentication errors to appropriate errno
1443 				 */
1444 				switch (p->cku_err.re_why) {
1445 				case AUTH_TOOWEAK:
1446 					/*
1447 					 * This could be a failure where the
1448 					 * server requires use of a reserved
1449 					 * port,  check and optionally set the
1450 					 * client handle useresvport trying
1451 					 * one more time. Next go round we
1452 					 * fall out with the tooweak error.
1453 					 */
1454 					if (p->cku_useresvport != 1) {
1455 						p->cku_useresvport = 1;
1456 						p->cku_xid = 0;
1457 						(void) xdr_rpc_free_verifier
1458 						    (xdrs, &reply_msg);
1459 						freemsg(mp);
1460 						goto call_again;
1461 					}
1462 					/* FALLTHRU */
1463 				case AUTH_BADCRED:
1464 				case AUTH_BADVERF:
1465 				case AUTH_INVALIDRESP:
1466 				case AUTH_FAILED:
1467 				case RPCSEC_GSS_NOCRED:
1468 				case RPCSEC_GSS_FAILED:
1469 						p->cku_err.re_errno = EACCES;
1470 						break;
1471 				case AUTH_REJECTEDCRED:
1472 				case AUTH_REJECTEDVERF:
1473 				default:	p->cku_err.re_errno = EIO;
1474 						break;
1475 				}
1476 				RPCLOG(1, "clnt_cots_kcallit : authentication"
1477 				    " failed with RPC_AUTHERROR of type %d\n",
1478 				    (int)p->cku_err.re_why);
1479 			}
1480 		}
1481 	} else {
1482 		/* reply didn't decode properly. */
1483 		p->cku_err.re_status = RPC_CANTDECODERES;
1484 		p->cku_err.re_errno = EIO;
1485 		RPCLOG0(1, "clnt_cots_kcallit: decode failure\n");
1486 	}
1487 
1488 	(void) xdr_rpc_free_verifier(xdrs, &reply_msg);
1489 
1490 	if (p->cku_flags & CKU_ONQUEUE) {
1491 		call_table_remove(call);
1492 		p->cku_flags &= ~CKU_ONQUEUE;
1493 	}
1494 
1495 	RPCLOG(64, "clnt_cots_kcallit: xid 0x%x taken off dispatch list",
1496 	    p->cku_xid);
1497 	RPCLOG(64, " status is %s\n", clnt_sperrno(p->cku_err.re_status));
1498 cots_done:
1499 	if (cm_entry)
1500 		connmgr_release(cm_entry);
1501 
1502 	if (mp != NULL)
1503 		freemsg(mp);
1504 	if ((p->cku_flags & CKU_ONQUEUE) == 0 && call->call_reply) {
1505 		freemsg(call->call_reply);
1506 		call->call_reply = NULL;
1507 	}
1508 	if (p->cku_err.re_status != RPC_SUCCESS) {
1509 		RPCLOG0(1, "clnt_cots_kcallit: tail-end failure\n");
1510 		COTSRCSTAT_INCR(p->cku_stats, rcbadcalls);
1511 	}
1512 
1513 	/*
1514 	 * No point in delaying if the zone is going away.
1515 	 */
1516 	if (delay_first == TRUE &&
1517 	    !(zone_status_get(curproc->p_zone) >= ZONE_IS_SHUTTING_DOWN)) {
1518 		if (clnt_delay(ticks, h->cl_nosignal) == EINTR) {
1519 			p->cku_err.re_errno = EINTR;
1520 			p->cku_err.re_status = RPC_INTR;
1521 		}
1522 	}
1523 	return (p->cku_err.re_status);
1524 }
1525 
1526 /*
1527  * Kinit routine for cots.  This sets up the correct operations in
1528  * the client handle, as the handle may have previously been a clts
1529  * handle, and clears the xid field so there is no way a new call
1530  * could be mistaken for a retry.  It also sets in the handle the
1531  * information that is passed at create/kinit time but needed at
1532  * call time, as cots creates the transport at call time - device,
1533  * address of the server, protocol family.
1534  */
1535 void
1536 clnt_cots_kinit(CLIENT *h, dev_t dev, int family, struct netbuf *addr,
1537 	int max_msgsize, cred_t *cred)
1538 {
1539 	/* LINTED pointer alignment */
1540 	cku_private_t *p = htop(h);
1541 	calllist_t *call = &p->cku_call;
1542 
1543 	h->cl_ops = &tcp_ops;
1544 	if (p->cku_flags & CKU_ONQUEUE) {
1545 		call_table_remove(call);
1546 		p->cku_flags &= ~CKU_ONQUEUE;
1547 		RPCLOG(64, "clnt_cots_kinit: removing call for xid 0x%x from"
1548 		    " dispatch list\n", p->cku_xid);
1549 	}
1550 
1551 	if (call->call_reply != NULL) {
1552 		freemsg(call->call_reply);
1553 		call->call_reply = NULL;
1554 	}
1555 
1556 	call->call_bucket = NULL;
1557 	call->call_hash = 0;
1558 
1559 	/*
1560 	 * We don't clear cku_flags here, because clnt_cots_kcallit()
1561 	 * takes care of handling the cku_flags reset.
1562 	 */
1563 	p->cku_xid = 0;
1564 	p->cku_device = dev;
1565 	p->cku_addrfmly = family;
1566 	p->cku_cred = cred;
1567 
1568 	if (p->cku_addr.maxlen < addr->len) {
1569 		if (p->cku_addr.maxlen != 0 && p->cku_addr.buf != NULL)
1570 			kmem_free(p->cku_addr.buf, p->cku_addr.maxlen);
1571 		p->cku_addr.buf = kmem_zalloc(addr->maxlen, KM_SLEEP);
1572 		p->cku_addr.maxlen = addr->maxlen;
1573 	}
1574 
1575 	p->cku_addr.len = addr->len;
1576 	bcopy(addr->buf, p->cku_addr.buf, addr->len);
1577 
1578 	/*
1579 	 * If the current sanity check size in rpcmod is smaller
1580 	 * than the size needed, then increase the sanity check.
1581 	 */
1582 	if (max_msgsize != 0 && clnt_max_msg_sizep != NULL &&
1583 	    max_msgsize > *clnt_max_msg_sizep) {
1584 		mutex_enter(&clnt_max_msg_lock);
1585 		if (max_msgsize > *clnt_max_msg_sizep)
1586 			*clnt_max_msg_sizep = max_msgsize;
1587 		mutex_exit(&clnt_max_msg_lock);
1588 	}
1589 }
1590 
1591 /*
1592  * ksettimers is a no-op for cots, with the exception of setting the xid.
1593  */
1594 /* ARGSUSED */
1595 static int
1596 clnt_cots_ksettimers(CLIENT *h, struct rpc_timers *t, struct rpc_timers *all,
1597 	int minimum, void (*feedback)(int, int, caddr_t), caddr_t arg,
1598 	uint32_t xid)
1599 {
1600 	/* LINTED pointer alignment */
1601 	cku_private_t *p = htop(h);
1602 
1603 	if (xid)
1604 		p->cku_xid = xid;
1605 	COTSRCSTAT_INCR(p->cku_stats, rctimers);
1606 	return (0);
1607 }
1608 
1609 extern void rpc_poptimod(struct vnode *);
1610 extern int kstr_push(struct vnode *, char *);
1611 
1612 int
1613 conn_kstat_update(kstat_t *ksp, int rw)
1614 {
1615 	struct cm_xprt *cm_entry;
1616 	struct cm_kstat_xprt *cm_ksp_data;
1617 	uchar_t *b;
1618 	char *fbuf;
1619 
1620 	if (rw == KSTAT_WRITE)
1621 		return (EACCES);
1622 	if (ksp == NULL || ksp->ks_private == NULL)
1623 		return (EIO);
1624 	cm_entry  = (struct cm_xprt *)ksp->ks_private;
1625 	cm_ksp_data = (struct cm_kstat_xprt *)ksp->ks_data;
1626 
1627 	cm_ksp_data->x_wq.value.ui32 = (uint32_t)(uintptr_t)cm_entry->x_wq;
1628 	cm_ksp_data->x_family.value.ui32 = cm_entry->x_family;
1629 	cm_ksp_data->x_rdev.value.ui32 = (uint32_t)cm_entry->x_rdev;
1630 	cm_ksp_data->x_time.value.ui32 = cm_entry->x_time;
1631 	cm_ksp_data->x_ref.value.ui32 = cm_entry->x_ref;
1632 	cm_ksp_data->x_state.value.ui32 = cm_entry->x_state_flags;
1633 
1634 	if (cm_entry->x_server.buf) {
1635 		fbuf = cm_ksp_data->x_server.value.str.addr.ptr;
1636 		if (cm_entry->x_family == AF_INET &&
1637 		    cm_entry->x_server.len ==
1638 		    sizeof (struct sockaddr_in)) {
1639 			struct sockaddr_in  *sa;
1640 			sa = (struct sockaddr_in *)
1641 				cm_entry->x_server.buf;
1642 			b = (uchar_t *)&sa->sin_addr;
1643 			(void) sprintf(fbuf,
1644 			    "%03d.%03d.%03d.%03d", b[0] & 0xFF, b[1] & 0xFF,
1645 			    b[2] & 0xFF, b[3] & 0xFF);
1646 			cm_ksp_data->x_port.value.ui32 =
1647 				(uint32_t)sa->sin_port;
1648 		} else if (cm_entry->x_family == AF_INET6 &&
1649 				cm_entry->x_server.len >=
1650 				sizeof (struct sockaddr_in6)) {
1651 			/* extract server IP address & port */
1652 			struct sockaddr_in6 *sin6;
1653 			sin6 = (struct sockaddr_in6 *)cm_entry->x_server.buf;
1654 			(void) kinet_ntop6((uchar_t *)&sin6->sin6_addr, fbuf,
1655 				INET6_ADDRSTRLEN);
1656 			cm_ksp_data->x_port.value.ui32 = sin6->sin6_port;
1657 		} else {
1658 			struct sockaddr_in  *sa;
1659 
1660 			sa = (struct sockaddr_in *)cm_entry->x_server.buf;
1661 			b = (uchar_t *)&sa->sin_addr;
1662 			(void) sprintf(fbuf,
1663 			    "%03d.%03d.%03d.%03d", b[0] & 0xFF, b[1] & 0xFF,
1664 			    b[2] & 0xFF, b[3] & 0xFF);
1665 		}
1666 		KSTAT_NAMED_STR_BUFLEN(&cm_ksp_data->x_server) =
1667 		    strlen(fbuf) + 1;
1668 	}
1669 
1670 	return (0);
1671 }
1672 
1673 
1674 /*
1675  * We want a version of delay which is interruptible by a UNIX signal
1676  * Return EINTR if an interrupt occured.
1677  */
1678 static int
1679 clnt_delay(clock_t ticks, bool_t nosignal)
1680 {
1681 	if (nosignal == TRUE) {
1682 		delay(ticks);
1683 		return (0);
1684 	}
1685 	return (delay_sig(ticks));
1686 }
1687 
1688 /*
1689  * Wait for a connection until a timeout, or until we are
1690  * signalled that there has been a connection state change.
1691  */
1692 static enum clnt_stat
1693 connmgr_cwait(struct cm_xprt *cm_entry, const struct timeval *waitp,
1694 	bool_t nosignal)
1695 {
1696 	bool_t interrupted;
1697 	clock_t timout, cv_stat;
1698 	enum clnt_stat clstat;
1699 	unsigned int old_state;
1700 
1701 	ASSERT(MUTEX_HELD(&connmgr_lock));
1702 	/*
1703 	 * We wait for the transport connection to be made, or an
1704 	 * indication that it could not be made.
1705 	 */
1706 	clstat = RPC_TIMEDOUT;
1707 	interrupted = FALSE;
1708 
1709 	old_state = cm_entry->x_state_flags;
1710 	/*
1711 	 * Now loop until cv_timedwait{_sig} returns because of
1712 	 * a signal(0) or timeout(-1) or cv_signal(>0). But it may be
1713 	 * cv_signalled for various other reasons too. So loop
1714 	 * until there is a state change on the connection.
1715 	 */
1716 
1717 	timout = waitp->tv_sec * drv_usectohz(1000000) +
1718 	    drv_usectohz(waitp->tv_usec) + lbolt;
1719 
1720 	if (nosignal) {
1721 		while ((cv_stat = cv_timedwait(&cm_entry->x_conn_cv,
1722 		    &connmgr_lock, timout)) > 0 &&
1723 		    cm_entry->x_state_flags == old_state)
1724 			;
1725 	} else {
1726 		while ((cv_stat = cv_timedwait_sig(&cm_entry->x_conn_cv,
1727 		    &connmgr_lock, timout)) > 0 &&
1728 		    cm_entry->x_state_flags == old_state)
1729 			;
1730 
1731 		if (cv_stat == 0) /* got intr signal? */
1732 			interrupted = TRUE;
1733 	}
1734 
1735 	if ((cm_entry->x_state_flags & (X_BADSTATES|X_CONNECTED)) ==
1736 	    X_CONNECTED) {
1737 		clstat = RPC_SUCCESS;
1738 	} else {
1739 		if (interrupted == TRUE)
1740 			clstat = RPC_INTR;
1741 		RPCLOG(1, "connmgr_cwait: can't connect, error: %s\n",
1742 		    clnt_sperrno(clstat));
1743 	}
1744 
1745 	return (clstat);
1746 }
1747 
1748 /*
1749  * Primary interface for how RPC grabs a connection.
1750  */
1751 static struct cm_xprt *
1752 connmgr_wrapget(
1753 	struct netbuf *retryaddr,
1754 	const struct timeval *waitp,
1755 	cku_private_t *p)
1756 {
1757 	struct cm_xprt *cm_entry;
1758 
1759 	cm_entry = connmgr_get(retryaddr, waitp, &p->cku_addr, p->cku_addrfmly,
1760 	    &p->cku_srcaddr, &p->cku_err, p->cku_device,
1761 	    p->cku_client.cl_nosignal, p->cku_useresvport, p->cku_cred);
1762 
1763 	if (cm_entry == NULL) {
1764 		/*
1765 		 * Re-map the call status to RPC_INTR if the err code is
1766 		 * EINTR. This can happen if calls status is RPC_TLIERROR.
1767 		 * However, don't re-map if signalling has been turned off.
1768 		 * XXX Really need to create a separate thread whenever
1769 		 * there isn't an existing connection.
1770 		 */
1771 		if (p->cku_err.re_errno == EINTR) {
1772 			if (p->cku_client.cl_nosignal == TRUE)
1773 				p->cku_err.re_errno = EIO;
1774 			else
1775 				p->cku_err.re_status = RPC_INTR;
1776 		}
1777 	}
1778 
1779 	return (cm_entry);
1780 }
1781 
1782 /*
1783  * Obtains a transport to the server specified in addr.  If a suitable transport
1784  * does not already exist in the list of cached transports, a new connection
1785  * is created, connected, and added to the list. The connection is for sending
1786  * only - the reply message may come back on another transport connection.
1787  *
1788  * To implement round-robin load balancing with multiple client connections,
1789  * the last entry on the list is always selected. Once the entry is selected
1790  * it's re-inserted to the head of the list.
1791  */
1792 static struct cm_xprt *
1793 connmgr_get(
1794 	struct netbuf	*retryaddr,
1795 	const struct timeval	*waitp,	/* changed to a ptr to converse stack */
1796 	struct netbuf	*destaddr,
1797 	int		addrfmly,
1798 	struct netbuf	*srcaddr,
1799 	struct rpc_err	*rpcerr,
1800 	dev_t		device,
1801 	bool_t		nosignal,
1802 	int		useresvport,
1803 	cred_t		*cr)
1804 {
1805 	struct cm_xprt *cm_entry;
1806 	struct cm_xprt *lru_entry;
1807 	struct cm_xprt **cmp, **prev;
1808 	queue_t *wq;
1809 	TIUSER *tiptr;
1810 	int i;
1811 	int retval;
1812 	int tidu_size;
1813 	bool_t	connected;
1814 	zoneid_t zoneid = rpc_zoneid();
1815 
1816 	/*
1817 	 * If the call is not a retry, look for a transport entry that
1818 	 * goes to the server of interest.
1819 	 */
1820 	mutex_enter(&connmgr_lock);
1821 
1822 	if (retryaddr == NULL) {
1823 use_new_conn:
1824 		i = 0;
1825 		cm_entry = lru_entry = NULL;
1826 
1827 		prev = cmp = &cm_hd;
1828 		while ((cm_entry = *cmp) != NULL) {
1829 			ASSERT(cm_entry != cm_entry->x_next);
1830 			/*
1831 			 * Garbage collect conections that are marked
1832 			 * for needs disconnect.
1833 			 */
1834 			if (cm_entry->x_needdis) {
1835 				CONN_HOLD(cm_entry);
1836 				connmgr_dis_and_wait(cm_entry);
1837 				connmgr_release(cm_entry);
1838 				/*
1839 				 * connmgr_lock could have been
1840 				 * dropped for the disconnect
1841 				 * processing so start over.
1842 				 */
1843 				goto use_new_conn;
1844 			}
1845 
1846 			/*
1847 			 * Garbage collect the dead connections that have
1848 			 * no threads working on them.
1849 			 */
1850 			if ((cm_entry->x_state_flags & (X_DEAD|X_THREAD)) ==
1851 			    X_DEAD) {
1852 				mutex_enter(&cm_entry->x_lock);
1853 				if (cm_entry->x_ref != 0) {
1854 					/*
1855 					 * Currently in use.
1856 					 * Cleanup later.
1857 					 */
1858 					cmp = &cm_entry->x_next;
1859 					mutex_exit(&cm_entry->x_lock);
1860 					continue;
1861 				}
1862 				mutex_exit(&cm_entry->x_lock);
1863 				*cmp = cm_entry->x_next;
1864 				mutex_exit(&connmgr_lock);
1865 				connmgr_close(cm_entry);
1866 				mutex_enter(&connmgr_lock);
1867 				goto use_new_conn;
1868 			}
1869 
1870 
1871 			if ((cm_entry->x_state_flags & X_BADSTATES) == 0 &&
1872 			    cm_entry->x_zoneid == zoneid &&
1873 			    cm_entry->x_rdev == device &&
1874 			    destaddr->len == cm_entry->x_server.len &&
1875 			    bcmp(destaddr->buf, cm_entry->x_server.buf,
1876 			    destaddr->len) == 0) {
1877 				/*
1878 				 * If the matching entry isn't connected,
1879 				 * attempt to reconnect it.
1880 				 */
1881 				if (cm_entry->x_connected == FALSE) {
1882 					/*
1883 					 * We don't go through trying
1884 					 * to find the least recently
1885 					 * used connected because
1886 					 * connmgr_reconnect() briefly
1887 					 * dropped the connmgr_lock,
1888 					 * allowing a window for our
1889 					 * accounting to be messed up.
1890 					 * In any case, a re-connected
1891 					 * connection is as good as
1892 					 * a LRU connection.
1893 					 */
1894 					return (connmgr_wrapconnect(cm_entry,
1895 					    waitp, destaddr, addrfmly, srcaddr,
1896 					    rpcerr, TRUE, nosignal, cr));
1897 				}
1898 				i++;
1899 
1900 				/* keep track of the last entry */
1901 				lru_entry = cm_entry;
1902 				prev = cmp;
1903 			}
1904 			cmp = &cm_entry->x_next;
1905 		}
1906 
1907 		if (i > clnt_max_conns) {
1908 			RPCLOG(8, "connmgr_get: too many conns, dooming entry"
1909 			    " %p\n", (void *)lru_entry->x_tiptr);
1910 			lru_entry->x_doomed = TRUE;
1911 			goto use_new_conn;
1912 		}
1913 
1914 		/*
1915 		 * If we are at the maximum number of connections to
1916 		 * the server, hand back the least recently used one.
1917 		 */
1918 		if (i == clnt_max_conns) {
1919 			/*
1920 			 * Copy into the handle the source address of
1921 			 * the connection, which we will use in case of
1922 			 * a later retry.
1923 			 */
1924 			if (srcaddr->len != lru_entry->x_src.len) {
1925 				if (srcaddr->len > 0)
1926 					kmem_free(srcaddr->buf,
1927 					    srcaddr->maxlen);
1928 				srcaddr->buf = kmem_zalloc(
1929 				    lru_entry->x_src.len, KM_SLEEP);
1930 				srcaddr->maxlen = srcaddr->len =
1931 				    lru_entry->x_src.len;
1932 			}
1933 			bcopy(lru_entry->x_src.buf, srcaddr->buf, srcaddr->len);
1934 			RPCLOG(2, "connmgr_get: call going out on %p\n",
1935 			    (void *)lru_entry);
1936 			lru_entry->x_time = lbolt;
1937 			CONN_HOLD(lru_entry);
1938 
1939 			if ((i > 1) && (prev != &cm_hd)) {
1940 				/*
1941 				 * remove and re-insert entry at head of list.
1942 				 */
1943 				*prev = lru_entry->x_next;
1944 				lru_entry->x_next = cm_hd;
1945 				cm_hd = lru_entry;
1946 			}
1947 
1948 			mutex_exit(&connmgr_lock);
1949 			return (lru_entry);
1950 		}
1951 
1952 	} else {
1953 		/*
1954 		 * This is the retry case (retryaddr != NULL).  Retries must
1955 		 * be sent on the same source port as the original call.
1956 		 */
1957 
1958 		/*
1959 		 * Walk the list looking for a connection with a source address
1960 		 * that matches the retry address.
1961 		 */
1962 start_retry_loop:
1963 		cmp = &cm_hd;
1964 		while ((cm_entry = *cmp) != NULL) {
1965 			ASSERT(cm_entry != cm_entry->x_next);
1966 
1967 			/*
1968 			 * determine if this connection matches the passed
1969 			 * in retry address.  If it does not match, advance
1970 			 * to the next element on the list.
1971 			 */
1972 			if (zoneid != cm_entry->x_zoneid ||
1973 			    device != cm_entry->x_rdev ||
1974 			    retryaddr->len != cm_entry->x_src.len ||
1975 			    bcmp(retryaddr->buf, cm_entry->x_src.buf,
1976 			    retryaddr->len) != 0) {
1977 				cmp = &cm_entry->x_next;
1978 				continue;
1979 			}
1980 			/*
1981 			 * Garbage collect conections that are marked
1982 			 * for needs disconnect.
1983 			 */
1984 			if (cm_entry->x_needdis) {
1985 				CONN_HOLD(cm_entry);
1986 				connmgr_dis_and_wait(cm_entry);
1987 				connmgr_release(cm_entry);
1988 				/*
1989 				 * connmgr_lock could have been
1990 				 * dropped for the disconnect
1991 				 * processing so start over.
1992 				 */
1993 				goto start_retry_loop;
1994 			}
1995 			/*
1996 			 * Garbage collect the dead connections that have
1997 			 * no threads working on them.
1998 			 */
1999 			if ((cm_entry->x_state_flags & (X_DEAD|X_THREAD)) ==
2000 			    X_DEAD) {
2001 				mutex_enter(&cm_entry->x_lock);
2002 				if (cm_entry->x_ref != 0) {
2003 					/*
2004 					 * Currently in use.
2005 					 * Cleanup later.
2006 					 */
2007 					cmp = &cm_entry->x_next;
2008 					mutex_exit(&cm_entry->x_lock);
2009 					continue;
2010 				}
2011 				mutex_exit(&cm_entry->x_lock);
2012 				*cmp = cm_entry->x_next;
2013 				mutex_exit(&connmgr_lock);
2014 				connmgr_close(cm_entry);
2015 				mutex_enter(&connmgr_lock);
2016 				goto start_retry_loop;
2017 			}
2018 
2019 			/*
2020 			 * Sanity check: if the connection with our source
2021 			 * port is going to some other server, something went
2022 			 * wrong, as we never delete connections (i.e. release
2023 			 * ports) unless they have been idle.  In this case,
2024 			 * it is probably better to send the call out using
2025 			 * a new source address than to fail it altogether,
2026 			 * since that port may never be released.
2027 			 */
2028 			if (destaddr->len != cm_entry->x_server.len ||
2029 			    bcmp(destaddr->buf, cm_entry->x_server.buf,
2030 			    destaddr->len) != 0) {
2031 				RPCLOG(1, "connmgr_get: tiptr %p"
2032 				    " is going to a different server"
2033 				    " with the port that belongs"
2034 				    " to us!\n", (void *)cm_entry->x_tiptr);
2035 				retryaddr = NULL;
2036 				goto use_new_conn;
2037 			}
2038 
2039 			/*
2040 			 * If the connection of interest is not connected and we
2041 			 * can't reconnect it, then the server is probably
2042 			 * still down.  Return NULL to the caller and let it
2043 			 * retry later if it wants to.  We have a delay so the
2044 			 * machine doesn't go into a tight retry loop.  If the
2045 			 * entry was already connected, or the reconnected was
2046 			 * successful, return this entry.
2047 			 */
2048 			if (cm_entry->x_connected == FALSE) {
2049 				return (connmgr_wrapconnect(cm_entry,
2050 				    waitp, destaddr, addrfmly, NULL,
2051 				    rpcerr, TRUE, nosignal, cr));
2052 			} else {
2053 				CONN_HOLD(cm_entry);
2054 
2055 				cm_entry->x_time = lbolt;
2056 				mutex_exit(&connmgr_lock);
2057 				RPCLOG(2, "connmgr_get: found old "
2058 				    "transport %p for retry\n",
2059 				    (void *)cm_entry);
2060 				return (cm_entry);
2061 			}
2062 		}
2063 
2064 		/*
2065 		 * We cannot find an entry in the list for this retry.
2066 		 * Either the entry has been removed temporarily to be
2067 		 * reconnected by another thread, or the original call
2068 		 * got a port but never got connected,
2069 		 * and hence the transport never got put in the
2070 		 * list.  Fall through to the "create new connection" code -
2071 		 * the former case will fail there trying to rebind the port,
2072 		 * and the later case (and any other pathological cases) will
2073 		 * rebind and reconnect and not hang the client machine.
2074 		 */
2075 		RPCLOG0(8, "connmgr_get: no entry in list for retry\n");
2076 	}
2077 	/*
2078 	 * Set up a transport entry in the connection manager's list.
2079 	 */
2080 	cm_entry = (struct cm_xprt *)
2081 	    kmem_zalloc(sizeof (struct cm_xprt), KM_SLEEP);
2082 
2083 	cm_entry->x_server.buf = kmem_zalloc(destaddr->len, KM_SLEEP);
2084 	bcopy(destaddr->buf, cm_entry->x_server.buf, destaddr->len);
2085 	cm_entry->x_server.len = cm_entry->x_server.maxlen = destaddr->len;
2086 
2087 	cm_entry->x_state_flags = X_THREAD;
2088 	cm_entry->x_ref = 1;
2089 	cm_entry->x_family = addrfmly;
2090 	cm_entry->x_rdev = device;
2091 	cm_entry->x_zoneid = zoneid;
2092 	mutex_init(&cm_entry->x_lock, NULL, MUTEX_DEFAULT, NULL);
2093 	cv_init(&cm_entry->x_cv, NULL, CV_DEFAULT, NULL);
2094 	cv_init(&cm_entry->x_conn_cv, NULL, CV_DEFAULT, NULL);
2095 	cv_init(&cm_entry->x_dis_cv, NULL, CV_DEFAULT, NULL);
2096 
2097 	/*
2098 	 * Note that we add this partially initialized entry to the
2099 	 * connection list. This is so that we don't have connections to
2100 	 * the same server.
2101 	 *
2102 	 * Note that x_src is not initialized at this point. This is because
2103 	 * retryaddr might be NULL in which case x_src is whatever
2104 	 * t_kbind/bindresvport gives us. If another thread wants a
2105 	 * connection to the same server, seemingly we have an issue, but we
2106 	 * don't. If the other thread comes in with retryaddr == NULL, then it
2107 	 * will never look at x_src, and it will end up waiting in
2108 	 * connmgr_cwait() for the first thread to finish the connection
2109 	 * attempt. If the other thread comes in with retryaddr != NULL, then
2110 	 * that means there was a request sent on a connection, in which case
2111 	 * the the connection should already exist. Thus the first thread
2112 	 * never gets here ... it finds the connection it its server in the
2113 	 * connection list.
2114 	 *
2115 	 * But even if theory is wrong, in the retryaddr != NULL case, the 2nd
2116 	 * thread will skip us because x_src.len == 0.
2117 	 */
2118 	cm_entry->x_next = cm_hd;
2119 	cm_hd = cm_entry;
2120 	mutex_exit(&connmgr_lock);
2121 
2122 	/*
2123 	 * Either we didn't find an entry to the server of interest, or we
2124 	 * don't have the maximum number of connections to that server -
2125 	 * create a new connection.
2126 	 */
2127 	RPCLOG0(8, "connmgr_get: creating new connection\n");
2128 	rpcerr->re_status = RPC_TLIERROR;
2129 
2130 	i = t_kopen(NULL, device, FREAD|FWRITE|FNDELAY, &tiptr, zone_kcred());
2131 	if (i) {
2132 		RPCLOG(1, "connmgr_get: can't open cots device, error %d\n", i);
2133 		rpcerr->re_errno = i;
2134 		connmgr_cancelconn(cm_entry);
2135 		return (NULL);
2136 	}
2137 	rpc_poptimod(tiptr->fp->f_vnode);
2138 
2139 	if (i = strioctl(tiptr->fp->f_vnode, I_PUSH, (intptr_t)"rpcmod", 0,
2140 	    K_TO_K, kcred, &retval)) {
2141 		RPCLOG(1, "connmgr_get: can't push cots module, %d\n", i);
2142 		(void) t_kclose(tiptr, 1);
2143 		rpcerr->re_errno = i;
2144 		connmgr_cancelconn(cm_entry);
2145 		return (NULL);
2146 	}
2147 
2148 	if (i = strioctl(tiptr->fp->f_vnode, RPC_CLIENT, 0, 0, K_TO_K,
2149 	    kcred, &retval)) {
2150 		RPCLOG(1, "connmgr_get: can't set client status with cots "
2151 		    "module, %d\n", i);
2152 		(void) t_kclose(tiptr, 1);
2153 		rpcerr->re_errno = i;
2154 		connmgr_cancelconn(cm_entry);
2155 		return (NULL);
2156 	}
2157 
2158 	mutex_enter(&connmgr_lock);
2159 
2160 	wq = tiptr->fp->f_vnode->v_stream->sd_wrq->q_next;
2161 	cm_entry->x_wq = wq;
2162 
2163 	mutex_exit(&connmgr_lock);
2164 
2165 	if (i = strioctl(tiptr->fp->f_vnode, I_PUSH, (intptr_t)"timod", 0,
2166 	    K_TO_K, kcred, &retval)) {
2167 		RPCLOG(1, "connmgr_get: can't push timod, %d\n", i);
2168 		(void) t_kclose(tiptr, 1);
2169 		rpcerr->re_errno = i;
2170 		connmgr_cancelconn(cm_entry);
2171 		return (NULL);
2172 	}
2173 
2174 	/*
2175 	 * If the caller has not specified reserved port usage then
2176 	 * take the system default.
2177 	 */
2178 	if (useresvport == -1)
2179 		useresvport = clnt_cots_do_bindresvport;
2180 
2181 	if ((useresvport || retryaddr != NULL) &&
2182 	    (addrfmly == AF_INET || addrfmly == AF_INET6)) {
2183 		bool_t alloc_src = FALSE;
2184 
2185 		if (srcaddr->len != destaddr->len) {
2186 			kmem_free(srcaddr->buf, srcaddr->maxlen);
2187 			srcaddr->buf = kmem_zalloc(destaddr->len, KM_SLEEP);
2188 			srcaddr->maxlen = destaddr->len;
2189 			srcaddr->len = destaddr->len;
2190 			alloc_src = TRUE;
2191 		}
2192 
2193 		if ((i = bindresvport(tiptr, retryaddr, srcaddr, TRUE)) != 0) {
2194 			(void) t_kclose(tiptr, 1);
2195 			RPCLOG(1, "connmgr_get: couldn't bind, retryaddr: "
2196 			    "%p\n", (void *)retryaddr);
2197 
2198 			/*
2199 			 * 1225408: If we allocated a source address, then it
2200 			 * is either garbage or all zeroes. In that case
2201 			 * we need to clear srcaddr.
2202 			 */
2203 			if (alloc_src == TRUE) {
2204 				kmem_free(srcaddr->buf, srcaddr->maxlen);
2205 				srcaddr->maxlen = srcaddr->len = 0;
2206 				srcaddr->buf = NULL;
2207 			}
2208 			rpcerr->re_errno = i;
2209 			connmgr_cancelconn(cm_entry);
2210 			return (NULL);
2211 		}
2212 	} else {
2213 		if ((i = t_kbind(tiptr, NULL, NULL)) != 0) {
2214 			RPCLOG(1, "clnt_cots_kcreate: t_kbind: %d\n", i);
2215 			(void) t_kclose(tiptr, 1);
2216 			rpcerr->re_errno = i;
2217 			connmgr_cancelconn(cm_entry);
2218 			return (NULL);
2219 		}
2220 	}
2221 
2222 	{
2223 		/*
2224 		 * Keep the kernel stack lean. Don't move this call
2225 		 * declaration to the top of this function because a
2226 		 * call is declared in connmgr_wrapconnect()
2227 		 */
2228 		calllist_t call;
2229 
2230 		bzero(&call, sizeof (call));
2231 		cv_init(&call.call_cv, NULL, CV_DEFAULT, NULL);
2232 
2233 		/*
2234 		 * This is a bound end-point so don't close it's stream.
2235 		 */
2236 		connected = connmgr_connect(cm_entry, wq, destaddr, addrfmly,
2237 		    &call, &tidu_size, FALSE, waitp, nosignal, cr);
2238 		*rpcerr = call.call_err;
2239 		cv_destroy(&call.call_cv);
2240 
2241 	}
2242 
2243 	mutex_enter(&connmgr_lock);
2244 
2245 	/*
2246 	 * Set up a transport entry in the connection manager's list.
2247 	 */
2248 	cm_entry->x_src.buf = kmem_zalloc(srcaddr->len, KM_SLEEP);
2249 	bcopy(srcaddr->buf, cm_entry->x_src.buf, srcaddr->len);
2250 	cm_entry->x_src.len = cm_entry->x_src.maxlen = srcaddr->len;
2251 
2252 	cm_entry->x_tiptr = tiptr;
2253 	cm_entry->x_time = lbolt;
2254 
2255 	if (tiptr->tp_info.servtype == T_COTS_ORD)
2256 		cm_entry->x_ordrel = TRUE;
2257 	else
2258 		cm_entry->x_ordrel = FALSE;
2259 
2260 	cm_entry->x_tidu_size = tidu_size;
2261 
2262 	if (cm_entry->x_early_disc) {
2263 		/*
2264 		 * We need to check if a disconnect request has come
2265 		 * while we are connected, if so, then we need to
2266 		 * set rpcerr->re_status appropriately before returning
2267 		 * NULL to caller.
2268 		 */
2269 		if (rpcerr->re_status == RPC_SUCCESS)
2270 			rpcerr->re_status = RPC_XPRTFAILED;
2271 		cm_entry->x_connected = FALSE;
2272 	} else
2273 		cm_entry->x_connected = connected;
2274 
2275 	/*
2276 	 * There could be a discrepancy here such that
2277 	 * x_early_disc is TRUE yet connected is TRUE as well
2278 	 * and the connection is actually connected. In that case
2279 	 * lets be conservative and declare the connection as not
2280 	 * connected.
2281 	 */
2282 	cm_entry->x_early_disc = FALSE;
2283 	cm_entry->x_needdis = (cm_entry->x_connected == FALSE);
2284 	cm_entry->x_ctime = lbolt;
2285 
2286 	/*
2287 	 * Notify any threads waiting that the connection attempt is done.
2288 	 */
2289 	cm_entry->x_thread = FALSE;
2290 	cv_broadcast(&cm_entry->x_conn_cv);
2291 
2292 	if (cm_entry->x_connected == FALSE) {
2293 		mutex_exit(&connmgr_lock);
2294 		connmgr_release(cm_entry);
2295 		return (NULL);
2296 	}
2297 
2298 	mutex_exit(&connmgr_lock);
2299 
2300 	return (cm_entry);
2301 }
2302 
2303 /*
2304  * Keep the cm_xprt entry on the connecton list when making a connection. This
2305  * is to prevent multiple connections to a slow server from appearing.
2306  * We use the bit field x_thread to tell if a thread is doing a connection
2307  * which keeps other interested threads from messing with connection.
2308  * Those other threads just wait if x_thread is set.
2309  *
2310  * If x_thread is not set, then we do the actual work of connecting via
2311  * connmgr_connect().
2312  *
2313  * mutex convention: called with connmgr_lock held, returns with it released.
2314  */
2315 static struct cm_xprt *
2316 connmgr_wrapconnect(
2317 	struct cm_xprt	*cm_entry,
2318 	const struct timeval	*waitp,
2319 	struct netbuf	*destaddr,
2320 	int		addrfmly,
2321 	struct netbuf	*srcaddr,
2322 	struct rpc_err	*rpcerr,
2323 	bool_t		reconnect,
2324 	bool_t		nosignal,
2325 	cred_t		*cr)
2326 {
2327 	ASSERT(MUTEX_HELD(&connmgr_lock));
2328 	/*
2329 	 * Hold this entry as we are about to drop connmgr_lock.
2330 	 */
2331 	CONN_HOLD(cm_entry);
2332 
2333 	/*
2334 	 * If there is a thread already making a connection for us, then
2335 	 * wait for it to complete the connection.
2336 	 */
2337 	if (cm_entry->x_thread == TRUE) {
2338 		rpcerr->re_status = connmgr_cwait(cm_entry, waitp, nosignal);
2339 
2340 		if (rpcerr->re_status != RPC_SUCCESS) {
2341 			mutex_exit(&connmgr_lock);
2342 			connmgr_release(cm_entry);
2343 			return (NULL);
2344 		}
2345 	} else {
2346 		bool_t connected;
2347 		calllist_t call;
2348 
2349 		cm_entry->x_thread = TRUE;
2350 
2351 		while (cm_entry->x_needrel == TRUE) {
2352 			cm_entry->x_needrel = FALSE;
2353 
2354 			connmgr_sndrel(cm_entry);
2355 			delay(drv_usectohz(1000000));
2356 
2357 			mutex_enter(&connmgr_lock);
2358 		}
2359 
2360 		/*
2361 		 * If we need to send a T_DISCON_REQ, send one.
2362 		 */
2363 		connmgr_dis_and_wait(cm_entry);
2364 
2365 		mutex_exit(&connmgr_lock);
2366 
2367 		bzero(&call, sizeof (call));
2368 		cv_init(&call.call_cv, NULL, CV_DEFAULT, NULL);
2369 
2370 		connected = connmgr_connect(cm_entry, cm_entry->x_wq,
2371 		    destaddr, addrfmly, &call, &cm_entry->x_tidu_size,
2372 		    reconnect, waitp, nosignal, cr);
2373 
2374 		*rpcerr = call.call_err;
2375 		cv_destroy(&call.call_cv);
2376 
2377 		mutex_enter(&connmgr_lock);
2378 
2379 
2380 		if (cm_entry->x_early_disc) {
2381 			/*
2382 			 * We need to check if a disconnect request has come
2383 			 * while we are connected, if so, then we need to
2384 			 * set rpcerr->re_status appropriately before returning
2385 			 * NULL to caller.
2386 			 */
2387 			if (rpcerr->re_status == RPC_SUCCESS)
2388 				rpcerr->re_status = RPC_XPRTFAILED;
2389 			cm_entry->x_connected = FALSE;
2390 		} else
2391 			cm_entry->x_connected = connected;
2392 
2393 		/*
2394 		 * There could be a discrepancy here such that
2395 		 * x_early_disc is TRUE yet connected is TRUE as well
2396 		 * and the connection is actually connected. In that case
2397 		 * lets be conservative and declare the connection as not
2398 		 * connected.
2399 		 */
2400 
2401 		cm_entry->x_early_disc = FALSE;
2402 		cm_entry->x_needdis = (cm_entry->x_connected == FALSE);
2403 
2404 
2405 		/*
2406 		 * connmgr_connect() may have given up before the connection
2407 		 * actually timed out. So ensure that before the next
2408 		 * connection attempt we do a disconnect.
2409 		 */
2410 		cm_entry->x_ctime = lbolt;
2411 		cm_entry->x_thread = FALSE;
2412 
2413 		cv_broadcast(&cm_entry->x_conn_cv);
2414 
2415 		if (cm_entry->x_connected == FALSE) {
2416 			mutex_exit(&connmgr_lock);
2417 			connmgr_release(cm_entry);
2418 			return (NULL);
2419 		}
2420 	}
2421 
2422 	if (srcaddr != NULL) {
2423 		/*
2424 		 * Copy into the handle the
2425 		 * source address of the
2426 		 * connection, which we will use
2427 		 * in case of a later retry.
2428 		 */
2429 		if (srcaddr->len != cm_entry->x_src.len) {
2430 			if (srcaddr->maxlen > 0)
2431 				kmem_free(srcaddr->buf, srcaddr->maxlen);
2432 			srcaddr->buf = kmem_zalloc(cm_entry->x_src.len,
2433 			    KM_SLEEP);
2434 			srcaddr->maxlen = srcaddr->len =
2435 			    cm_entry->x_src.len;
2436 		}
2437 		bcopy(cm_entry->x_src.buf, srcaddr->buf, srcaddr->len);
2438 	}
2439 	cm_entry->x_time = lbolt;
2440 	mutex_exit(&connmgr_lock);
2441 	return (cm_entry);
2442 }
2443 
2444 /*
2445  * If we need to send a T_DISCON_REQ, send one.
2446  */
2447 static void
2448 connmgr_dis_and_wait(struct cm_xprt *cm_entry)
2449 {
2450 	ASSERT(MUTEX_HELD(&connmgr_lock));
2451 	for (;;) {
2452 		while (cm_entry->x_needdis == TRUE) {
2453 			RPCLOG(8, "connmgr_dis_and_wait: need "
2454 			    "T_DISCON_REQ for connection 0x%p\n",
2455 			    (void *)cm_entry);
2456 			cm_entry->x_needdis = FALSE;
2457 			cm_entry->x_waitdis = TRUE;
2458 
2459 			connmgr_snddis(cm_entry);
2460 
2461 			mutex_enter(&connmgr_lock);
2462 		}
2463 
2464 		if (cm_entry->x_waitdis == TRUE) {
2465 			clock_t curlbolt;
2466 			clock_t timout;
2467 
2468 			RPCLOG(8, "connmgr_dis_and_wait waiting for "
2469 			    "T_DISCON_REQ's ACK for connection %p\n",
2470 			    (void *)cm_entry);
2471 			curlbolt = ddi_get_lbolt();
2472 
2473 			timout = clnt_cots_min_conntout *
2474 			    drv_usectohz(1000000) + curlbolt;
2475 
2476 			/*
2477 			 * The TPI spec says that the T_DISCON_REQ
2478 			 * will get acknowledged, but in practice
2479 			 * the ACK may never get sent. So don't
2480 			 * block forever.
2481 			 */
2482 			(void) cv_timedwait(&cm_entry->x_dis_cv,
2483 			    &connmgr_lock, timout);
2484 		}
2485 		/*
2486 		 * If we got the ACK, break. If we didn't,
2487 		 * then send another T_DISCON_REQ.
2488 		 */
2489 		if (cm_entry->x_waitdis == FALSE) {
2490 			break;
2491 		} else {
2492 			RPCLOG(8, "connmgr_dis_and_wait: did"
2493 			    "not get T_DISCON_REQ's ACK for "
2494 			    "connection  %p\n", (void *)cm_entry);
2495 			cm_entry->x_needdis = TRUE;
2496 		}
2497 	}
2498 }
2499 
2500 static void
2501 connmgr_cancelconn(struct cm_xprt *cm_entry)
2502 {
2503 	/*
2504 	 * Mark the connection table entry as dead; the next thread that
2505 	 * goes through connmgr_release() will notice this and deal with it.
2506 	 */
2507 	mutex_enter(&connmgr_lock);
2508 	cm_entry->x_dead = TRUE;
2509 
2510 	/*
2511 	 * Notify any threads waiting for the connection that it isn't
2512 	 * going to happen.
2513 	 */
2514 	cm_entry->x_thread = FALSE;
2515 	cv_broadcast(&cm_entry->x_conn_cv);
2516 	mutex_exit(&connmgr_lock);
2517 
2518 	connmgr_release(cm_entry);
2519 }
2520 
2521 static void
2522 connmgr_close(struct cm_xprt *cm_entry)
2523 {
2524 	mutex_enter(&cm_entry->x_lock);
2525 	while (cm_entry->x_ref != 0) {
2526 		/*
2527 		 * Must be a noninterruptible wait.
2528 		 */
2529 		cv_wait(&cm_entry->x_cv, &cm_entry->x_lock);
2530 	}
2531 
2532 	if (cm_entry->x_tiptr != NULL)
2533 		(void) t_kclose(cm_entry->x_tiptr, 1);
2534 
2535 	mutex_exit(&cm_entry->x_lock);
2536 	if (cm_entry->x_ksp != NULL) {
2537 		mutex_enter(&connmgr_lock);
2538 		cm_entry->x_ksp->ks_private = NULL;
2539 		mutex_exit(&connmgr_lock);
2540 
2541 		/*
2542 		 * Must free the buffer we allocated for the
2543 		 * server address in the update function
2544 		 */
2545 		if (((struct cm_kstat_xprt *)(cm_entry->x_ksp->ks_data))->
2546 		    x_server.value.str.addr.ptr != NULL)
2547 			kmem_free(((struct cm_kstat_xprt *)(cm_entry->x_ksp->
2548 			    ks_data))->x_server.value.str.addr.ptr,
2549 			    INET6_ADDRSTRLEN);
2550 		kmem_free(cm_entry->x_ksp->ks_data,
2551 		    cm_entry->x_ksp->ks_data_size);
2552 		kstat_delete(cm_entry->x_ksp);
2553 	}
2554 
2555 	mutex_destroy(&cm_entry->x_lock);
2556 	cv_destroy(&cm_entry->x_cv);
2557 	cv_destroy(&cm_entry->x_conn_cv);
2558 	cv_destroy(&cm_entry->x_dis_cv);
2559 
2560 	if (cm_entry->x_server.buf != NULL)
2561 		kmem_free(cm_entry->x_server.buf, cm_entry->x_server.maxlen);
2562 	if (cm_entry->x_src.buf != NULL)
2563 		kmem_free(cm_entry->x_src.buf, cm_entry->x_src.maxlen);
2564 	kmem_free(cm_entry, sizeof (struct cm_xprt));
2565 }
2566 
2567 /*
2568  * Called by KRPC after sending the call message to release the connection
2569  * it was using.
2570  */
2571 static void
2572 connmgr_release(struct cm_xprt *cm_entry)
2573 {
2574 	mutex_enter(&cm_entry->x_lock);
2575 	cm_entry->x_ref--;
2576 	if (cm_entry->x_ref == 0)
2577 		cv_signal(&cm_entry->x_cv);
2578 	mutex_exit(&cm_entry->x_lock);
2579 }
2580 
2581 /*
2582  * Set TCP receive and xmit buffer size for RPC connections.
2583  */
2584 static bool_t
2585 connmgr_setbufsz(calllist_t *e, queue_t *wq, cred_t *cr)
2586 {
2587 	int ok = FALSE;
2588 	int val;
2589 
2590 	if (rpc_default_tcp_bufsz)
2591 		return (FALSE);
2592 
2593 	/*
2594 	 * Only set new buffer size if it's larger than the system
2595 	 * default buffer size. If smaller buffer size is needed
2596 	 * then use /etc/system to set rpc_default_tcp_bufsz to 1.
2597 	 */
2598 	ok = connmgr_getopt_int(wq, SOL_SOCKET, SO_RCVBUF, &val, e, cr);
2599 	if ((ok == TRUE) && (val < rpc_send_bufsz)) {
2600 		ok = connmgr_setopt_int(wq, SOL_SOCKET, SO_RCVBUF,
2601 		    rpc_send_bufsz, e, cr);
2602 		DTRACE_PROBE2(krpc__i__connmgr_rcvbufsz,
2603 		    int, ok, calllist_t *, e);
2604 	}
2605 
2606 	ok = connmgr_getopt_int(wq, SOL_SOCKET, SO_SNDBUF, &val, e, cr);
2607 	if ((ok == TRUE) && (val < rpc_recv_bufsz)) {
2608 		ok = connmgr_setopt_int(wq, SOL_SOCKET, SO_SNDBUF,
2609 		    rpc_recv_bufsz, e, cr);
2610 		DTRACE_PROBE2(krpc__i__connmgr_sndbufsz,
2611 		    int, ok, calllist_t *, e);
2612 	}
2613 	return (TRUE);
2614 }
2615 
2616 /*
2617  * Given an open stream, connect to the remote.  Returns true if connected,
2618  * false otherwise.
2619  */
2620 static bool_t
2621 connmgr_connect(
2622 	struct cm_xprt		*cm_entry,
2623 	queue_t			*wq,
2624 	struct netbuf		*addr,
2625 	int			addrfmly,
2626 	calllist_t 		*e,
2627 	int 			*tidu_ptr,
2628 	bool_t 			reconnect,
2629 	const struct timeval 	*waitp,
2630 	bool_t 			nosignal,
2631 	cred_t			*cr)
2632 {
2633 	mblk_t *mp;
2634 	struct T_conn_req *tcr;
2635 	struct T_info_ack *tinfo;
2636 	int interrupted, error;
2637 	int tidu_size, kstat_instance;
2638 
2639 	/* if it's a reconnect, flush any lingering data messages */
2640 	if (reconnect)
2641 		(void) putctl1(wq, M_FLUSH, FLUSHRW);
2642 
2643 	/*
2644 	 * Note: if the receiver uses SCM_UCRED/getpeerucred the pid will
2645 	 * appear as -1.
2646 	 */
2647 	mp = allocb_cred(sizeof (*tcr) + addr->len, cr, NOPID);
2648 	if (mp == NULL) {
2649 		/*
2650 		 * This is unfortunate, but we need to look up the stats for
2651 		 * this zone to increment the "memory allocation failed"
2652 		 * counter.  curproc->p_zone is safe since we're initiating a
2653 		 * connection and not in some strange streams context.
2654 		 */
2655 		struct rpcstat *rpcstat;
2656 
2657 		rpcstat = zone_getspecific(rpcstat_zone_key, rpc_zone());
2658 		ASSERT(rpcstat != NULL);
2659 
2660 		RPCLOG0(1, "connmgr_connect: cannot alloc mp for "
2661 		    "sending conn request\n");
2662 		COTSRCSTAT_INCR(rpcstat->rpc_cots_client, rcnomem);
2663 		e->call_status = RPC_SYSTEMERROR;
2664 		e->call_reason = ENOSR;
2665 		return (FALSE);
2666 	}
2667 
2668 	/* Set TCP buffer size for RPC connections if needed */
2669 	if (addrfmly == AF_INET || addrfmly == AF_INET6)
2670 		(void) connmgr_setbufsz(e, wq, cr);
2671 
2672 	mp->b_datap->db_type = M_PROTO;
2673 	tcr = (struct T_conn_req *)mp->b_rptr;
2674 	bzero(tcr, sizeof (*tcr));
2675 	tcr->PRIM_type = T_CONN_REQ;
2676 	tcr->DEST_length = addr->len;
2677 	tcr->DEST_offset = sizeof (struct T_conn_req);
2678 	mp->b_wptr = mp->b_rptr + sizeof (*tcr);
2679 
2680 	bcopy(addr->buf, mp->b_wptr, tcr->DEST_length);
2681 	mp->b_wptr += tcr->DEST_length;
2682 
2683 	RPCLOG(8, "connmgr_connect: sending conn request on queue "
2684 	    "%p", (void *)wq);
2685 	RPCLOG(8, " call %p\n", (void *)wq);
2686 	/*
2687 	 * We use the entry in the handle that is normally used for
2688 	 * waiting for RPC replies to wait for the connection accept.
2689 	 */
2690 	if (clnt_dispatch_send(wq, mp, e, 0, 0) != RPC_SUCCESS) {
2691 		DTRACE_PROBE(krpc__e__connmgr__connect__cantsend);
2692 		freemsg(mp);
2693 		return (FALSE);
2694 	}
2695 
2696 	mutex_enter(&clnt_pending_lock);
2697 
2698 	/*
2699 	 * We wait for the transport connection to be made, or an
2700 	 * indication that it could not be made.
2701 	 */
2702 	interrupted = 0;
2703 
2704 	/*
2705 	 * waitforack should have been called with T_OK_ACK, but the
2706 	 * present implementation needs to be passed T_INFO_ACK to
2707 	 * work correctly.
2708 	 */
2709 	error = waitforack(e, T_INFO_ACK, waitp, nosignal);
2710 	if (error == EINTR)
2711 		interrupted = 1;
2712 	if (zone_status_get(curproc->p_zone) >= ZONE_IS_EMPTY) {
2713 		/*
2714 		 * No time to lose; we essentially have been signaled to
2715 		 * quit.
2716 		 */
2717 		interrupted = 1;
2718 	}
2719 #ifdef RPCDEBUG
2720 	if (error == ETIME)
2721 		RPCLOG0(8, "connmgr_connect: giving up "
2722 		    "on connection attempt; "
2723 		    "clnt_dispatch notifyconn "
2724 		    "diagnostic 'no one waiting for "
2725 		    "connection' should not be "
2726 		    "unexpected\n");
2727 #endif
2728 	if (e->call_prev)
2729 		e->call_prev->call_next = e->call_next;
2730 	else
2731 		clnt_pending = e->call_next;
2732 	if (e->call_next)
2733 		e->call_next->call_prev = e->call_prev;
2734 	mutex_exit(&clnt_pending_lock);
2735 
2736 	if (e->call_status != RPC_SUCCESS || error != 0) {
2737 		if (interrupted)
2738 			e->call_status = RPC_INTR;
2739 		else if (error == ETIME)
2740 			e->call_status = RPC_TIMEDOUT;
2741 		else if (error == EPROTO) {
2742 			e->call_status = RPC_SYSTEMERROR;
2743 			e->call_reason = EPROTO;
2744 		}
2745 
2746 		RPCLOG(8, "connmgr_connect: can't connect, status: "
2747 		    "%s\n", clnt_sperrno(e->call_status));
2748 
2749 		if (e->call_reply) {
2750 			freemsg(e->call_reply);
2751 			e->call_reply = NULL;
2752 		}
2753 
2754 		return (FALSE);
2755 	}
2756 	/*
2757 	 * The result of the "connection accept" is a T_info_ack
2758 	 * in the call_reply field.
2759 	 */
2760 	ASSERT(e->call_reply != NULL);
2761 	mp = e->call_reply;
2762 	e->call_reply = NULL;
2763 	tinfo = (struct T_info_ack *)mp->b_rptr;
2764 
2765 	tidu_size = tinfo->TIDU_size;
2766 	tidu_size -= (tidu_size % BYTES_PER_XDR_UNIT);
2767 	if (tidu_size > COTS_DEFAULT_ALLOCSIZE || (tidu_size <= 0))
2768 		tidu_size = COTS_DEFAULT_ALLOCSIZE;
2769 	*tidu_ptr = tidu_size;
2770 
2771 	freemsg(mp);
2772 
2773 	/*
2774 	 * Set up the pertinent options.  NODELAY is so the transport doesn't
2775 	 * buffer up RPC messages on either end.  This may not be valid for
2776 	 * all transports.  Failure to set this option is not cause to
2777 	 * bail out so we return success anyway.  Note that lack of NODELAY
2778 	 * or some other way to flush the message on both ends will cause
2779 	 * lots of retries and terrible performance.
2780 	 */
2781 	if (addrfmly == AF_INET || addrfmly == AF_INET6) {
2782 		(void) connmgr_setopt(wq, IPPROTO_TCP, TCP_NODELAY, e, cr);
2783 		if (e->call_status == RPC_XPRTFAILED)
2784 			return (FALSE);
2785 	}
2786 
2787 	/*
2788 	 * Since we have a connection, we now need to figure out if
2789 	 * we need to create a kstat. If x_ksp is not NULL then we
2790 	 * are reusing a connection and so we do not need to create
2791 	 * another kstat -- lets just return.
2792 	 */
2793 	if (cm_entry->x_ksp != NULL)
2794 		return (TRUE);
2795 
2796 	/*
2797 	 * We need to increment rpc_kstat_instance atomically to prevent
2798 	 * two kstats being created with the same instance.
2799 	 */
2800 	kstat_instance = atomic_add_32_nv((uint32_t *)&rpc_kstat_instance, 1);
2801 
2802 	if ((cm_entry->x_ksp = kstat_create_zone("unix", kstat_instance,
2803 	    "rpc_cots_connections", "rpc", KSTAT_TYPE_NAMED,
2804 	    (uint_t)(sizeof (cm_kstat_xprt_t) / sizeof (kstat_named_t)),
2805 	    KSTAT_FLAG_VIRTUAL, cm_entry->x_zoneid)) == NULL) {
2806 		return (TRUE);
2807 	}
2808 
2809 	cm_entry->x_ksp->ks_lock = &connmgr_lock;
2810 	cm_entry->x_ksp->ks_private = cm_entry;
2811 	cm_entry->x_ksp->ks_data_size = ((INET6_ADDRSTRLEN * sizeof (char))
2812 	    + sizeof (cm_kstat_template));
2813 	cm_entry->x_ksp->ks_data = kmem_alloc(cm_entry->x_ksp->ks_data_size,
2814 	    KM_SLEEP);
2815 	bcopy(&cm_kstat_template, cm_entry->x_ksp->ks_data,
2816 	    cm_entry->x_ksp->ks_data_size);
2817 	((struct cm_kstat_xprt *)(cm_entry->x_ksp->ks_data))->
2818 	    x_server.value.str.addr.ptr =
2819 	    kmem_alloc(INET6_ADDRSTRLEN, KM_SLEEP);
2820 
2821 	cm_entry->x_ksp->ks_update = conn_kstat_update;
2822 	kstat_install(cm_entry->x_ksp);
2823 	return (TRUE);
2824 }
2825 
2826 /*
2827  * Verify that the specified offset falls within the mblk and
2828  * that the resulting pointer is aligned.
2829  * Returns NULL if not.
2830  *
2831  * code from fs/sockfs/socksubr.c
2832  */
2833 static void *
2834 connmgr_opt_getoff(mblk_t *mp, t_uscalar_t offset,
2835     t_uscalar_t length, uint_t align_size)
2836 {
2837 	uintptr_t ptr1, ptr2;
2838 
2839 	ASSERT(mp && mp->b_wptr >= mp->b_rptr);
2840 	ptr1 = (uintptr_t)mp->b_rptr + offset;
2841 	ptr2 = (uintptr_t)ptr1 + length;
2842 	if (ptr1 < (uintptr_t)mp->b_rptr || ptr2 > (uintptr_t)mp->b_wptr) {
2843 		return (NULL);
2844 	}
2845 	if ((ptr1 & (align_size - 1)) != 0) {
2846 		return (NULL);
2847 	}
2848 	return ((void *)ptr1);
2849 }
2850 
2851 static bool_t
2852 connmgr_getopt_int(queue_t *wq, int level, int name, int *val,
2853     calllist_t *e, cred_t *cr)
2854 {
2855 	mblk_t *mp;
2856 	struct opthdr *opt, *opt_res;
2857 	struct T_optmgmt_req *tor;
2858 	struct T_optmgmt_ack *opt_ack;
2859 	struct timeval waitp;
2860 	int error;
2861 
2862 	mp = allocb_cred(sizeof (struct T_optmgmt_req) +
2863 	    sizeof (struct opthdr) + sizeof (int), cr, NOPID);
2864 	if (mp == NULL)
2865 		return (FALSE);
2866 
2867 	mp->b_datap->db_type = M_PROTO;
2868 	tor = (struct T_optmgmt_req *)(mp->b_rptr);
2869 	tor->PRIM_type = T_SVR4_OPTMGMT_REQ;
2870 	tor->MGMT_flags = T_CURRENT;
2871 	tor->OPT_length = sizeof (struct opthdr) + sizeof (int);
2872 	tor->OPT_offset = sizeof (struct T_optmgmt_req);
2873 
2874 	opt = (struct opthdr *)(mp->b_rptr + sizeof (struct T_optmgmt_req));
2875 	opt->level = level;
2876 	opt->name = name;
2877 	opt->len = sizeof (int);
2878 	mp->b_wptr += sizeof (struct T_optmgmt_req) + sizeof (struct opthdr) +
2879 	    sizeof (int);
2880 
2881 	/*
2882 	 * We will use this connection regardless
2883 	 * of whether or not the option is readable.
2884 	 */
2885 	if (clnt_dispatch_send(wq, mp, e, 0, 0) != RPC_SUCCESS) {
2886 		DTRACE_PROBE(krpc__e__connmgr__getopt__cantsend);
2887 		freemsg(mp);
2888 		return (FALSE);
2889 	}
2890 
2891 	mutex_enter(&clnt_pending_lock);
2892 
2893 	waitp.tv_sec = clnt_cots_min_conntout;
2894 	waitp.tv_usec = 0;
2895 	error = waitforack(e, T_OPTMGMT_ACK, &waitp, 1);
2896 
2897 	if (e->call_prev)
2898 		e->call_prev->call_next = e->call_next;
2899 	else
2900 		clnt_pending = e->call_next;
2901 	if (e->call_next)
2902 		e->call_next->call_prev = e->call_prev;
2903 	mutex_exit(&clnt_pending_lock);
2904 
2905 	/* get reply message */
2906 	mp = e->call_reply;
2907 	e->call_reply = NULL;
2908 
2909 	if ((!mp) || (e->call_status != RPC_SUCCESS) || (error != 0)) {
2910 
2911 		DTRACE_PROBE4(krpc__e__connmgr_getopt, int, name,
2912 		    int, e->call_status, int, error, mblk_t *, mp);
2913 
2914 		if (mp)
2915 			freemsg(mp);
2916 		return (FALSE);
2917 	}
2918 
2919 	opt_ack = (struct T_optmgmt_ack *)mp->b_rptr;
2920 	opt_res = (struct opthdr *)connmgr_opt_getoff(mp, opt_ack->OPT_offset,
2921 	    opt_ack->OPT_length, __TPI_ALIGN_SIZE);
2922 
2923 	if (!opt_res) {
2924 		DTRACE_PROBE4(krpc__e__connmgr_optres, mblk_t *, mp, int, name,
2925 		    int, opt_ack->OPT_offset, int, opt_ack->OPT_length);
2926 		freemsg(mp);
2927 		return (FALSE);
2928 	}
2929 	*val = *(int *)&opt_res[1];
2930 
2931 	DTRACE_PROBE2(connmgr_getopt__ok, int, name, int, *val);
2932 
2933 	freemsg(mp);
2934 	return (TRUE);
2935 }
2936 
2937 /*
2938  * Called by connmgr_connect to set an option on the new stream.
2939  */
2940 static bool_t
2941 connmgr_setopt_int(queue_t *wq, int level, int name, int val,
2942     calllist_t *e, cred_t *cr)
2943 {
2944 	mblk_t *mp;
2945 	struct opthdr *opt;
2946 	struct T_optmgmt_req *tor;
2947 	struct timeval waitp;
2948 	int error;
2949 
2950 	mp = allocb_cred(sizeof (struct T_optmgmt_req) +
2951 	    sizeof (struct opthdr) + sizeof (int), cr, NOPID);
2952 	if (mp == NULL) {
2953 		RPCLOG0(1, "connmgr_setopt: cannot alloc mp for option "
2954 		    "request\n");
2955 		return (FALSE);
2956 	}
2957 
2958 	mp->b_datap->db_type = M_PROTO;
2959 	tor = (struct T_optmgmt_req *)(mp->b_rptr);
2960 	tor->PRIM_type = T_SVR4_OPTMGMT_REQ;
2961 	tor->MGMT_flags = T_NEGOTIATE;
2962 	tor->OPT_length = sizeof (struct opthdr) + sizeof (int);
2963 	tor->OPT_offset = sizeof (struct T_optmgmt_req);
2964 
2965 	opt = (struct opthdr *)(mp->b_rptr + sizeof (struct T_optmgmt_req));
2966 	opt->level = level;
2967 	opt->name = name;
2968 	opt->len = sizeof (int);
2969 	*(int *)((char *)opt + sizeof (*opt)) = val;
2970 	mp->b_wptr += sizeof (struct T_optmgmt_req) + sizeof (struct opthdr) +
2971 	    sizeof (int);
2972 
2973 	/*
2974 	 * We will use this connection regardless
2975 	 * of whether or not the option is settable.
2976 	 */
2977 	if (clnt_dispatch_send(wq, mp, e, 0, 0) != RPC_SUCCESS) {
2978 		DTRACE_PROBE(krpc__e__connmgr__setopt__cantsend);
2979 		freemsg(mp);
2980 		return (FALSE);
2981 	}
2982 
2983 	mutex_enter(&clnt_pending_lock);
2984 
2985 	waitp.tv_sec = clnt_cots_min_conntout;
2986 	waitp.tv_usec = 0;
2987 	error = waitforack(e, T_OPTMGMT_ACK, &waitp, 1);
2988 
2989 	if (e->call_prev)
2990 		e->call_prev->call_next = e->call_next;
2991 	else
2992 		clnt_pending = e->call_next;
2993 	if (e->call_next)
2994 		e->call_next->call_prev = e->call_prev;
2995 	mutex_exit(&clnt_pending_lock);
2996 
2997 	if (e->call_reply != NULL) {
2998 		freemsg(e->call_reply);
2999 		e->call_reply = NULL;
3000 	}
3001 
3002 	if (e->call_status != RPC_SUCCESS || error != 0) {
3003 		RPCLOG(1, "connmgr_setopt: can't set option: %d\n", name);
3004 		return (FALSE);
3005 	}
3006 	RPCLOG(8, "connmgr_setopt: successfully set option: %d\n", name);
3007 	return (TRUE);
3008 }
3009 
3010 static bool_t
3011 connmgr_setopt(queue_t *wq, int level, int name, calllist_t *e, cred_t *cr)
3012 {
3013 	return (connmgr_setopt_int(wq, level, name, 1, e, cr));
3014 }
3015 
3016 #ifdef	DEBUG
3017 
3018 /*
3019  * This is a knob to let us force code coverage in allocation failure
3020  * case.
3021  */
3022 static int	connmgr_failsnd;
3023 #define	CONN_SND_ALLOC(Size, Pri)	\
3024 	((connmgr_failsnd-- > 0) ? NULL : allocb(Size, Pri))
3025 
3026 #else
3027 
3028 #define	CONN_SND_ALLOC(Size, Pri)	allocb(Size, Pri)
3029 
3030 #endif
3031 
3032 /*
3033  * Sends an orderly release on the specified queue.
3034  * Entered with connmgr_lock. Exited without connmgr_lock
3035  */
3036 static void
3037 connmgr_sndrel(struct cm_xprt *cm_entry)
3038 {
3039 	struct T_ordrel_req *torr;
3040 	mblk_t *mp;
3041 	queue_t *q = cm_entry->x_wq;
3042 	ASSERT(MUTEX_HELD(&connmgr_lock));
3043 	mp = CONN_SND_ALLOC(sizeof (struct T_ordrel_req), BPRI_LO);
3044 	if (mp == NULL) {
3045 		cm_entry->x_needrel = TRUE;
3046 		mutex_exit(&connmgr_lock);
3047 		RPCLOG(1, "connmgr_sndrel: cannot alloc mp for sending ordrel "
3048 		    "to queue %p\n", (void *)q);
3049 		return;
3050 	}
3051 	mutex_exit(&connmgr_lock);
3052 
3053 	mp->b_datap->db_type = M_PROTO;
3054 	torr = (struct T_ordrel_req *)(mp->b_rptr);
3055 	torr->PRIM_type = T_ORDREL_REQ;
3056 	mp->b_wptr = mp->b_rptr + sizeof (struct T_ordrel_req);
3057 
3058 	RPCLOG(8, "connmgr_sndrel: sending ordrel to queue %p\n", (void *)q);
3059 	put(q, mp);
3060 }
3061 
3062 /*
3063  * Sends an disconnect on the specified queue.
3064  * Entered with connmgr_lock. Exited without connmgr_lock
3065  */
3066 static void
3067 connmgr_snddis(struct cm_xprt *cm_entry)
3068 {
3069 	struct T_discon_req *tdis;
3070 	mblk_t *mp;
3071 	queue_t *q = cm_entry->x_wq;
3072 
3073 	ASSERT(MUTEX_HELD(&connmgr_lock));
3074 	mp = CONN_SND_ALLOC(sizeof (*tdis), BPRI_LO);
3075 	if (mp == NULL) {
3076 		cm_entry->x_needdis = TRUE;
3077 		mutex_exit(&connmgr_lock);
3078 		RPCLOG(1, "connmgr_snddis: cannot alloc mp for sending discon "
3079 		    "to queue %p\n", (void *)q);
3080 		return;
3081 	}
3082 	mutex_exit(&connmgr_lock);
3083 
3084 	mp->b_datap->db_type = M_PROTO;
3085 	tdis = (struct T_discon_req *)mp->b_rptr;
3086 	tdis->PRIM_type = T_DISCON_REQ;
3087 	mp->b_wptr = mp->b_rptr + sizeof (*tdis);
3088 
3089 	RPCLOG(8, "connmgr_snddis: sending discon to queue %p\n", (void *)q);
3090 	put(q, mp);
3091 }
3092 
3093 /*
3094  * Sets up the entry for receiving replies, and calls rpcmod's write put proc
3095  * (through put) to send the call.
3096  */
3097 static int
3098 clnt_dispatch_send(queue_t *q, mblk_t *mp, calllist_t *e, uint_t xid,
3099 			uint_t queue_flag)
3100 {
3101 	ASSERT(e != NULL);
3102 
3103 	e->call_status = RPC_TIMEDOUT;	/* optimistic, eh? */
3104 	e->call_reason = 0;
3105 	e->call_wq = q;
3106 	e->call_xid = xid;
3107 	e->call_notified = FALSE;
3108 
3109 	if (!canput(q)) {
3110 		e->call_status = RPC_CANTSEND;
3111 		e->call_reason = ENOBUFS;
3112 		return (RPC_CANTSEND);
3113 	}
3114 
3115 	/*
3116 	 * If queue_flag is set then the calllist_t is already on the hash
3117 	 * queue.  In this case just send the message and return.
3118 	 */
3119 	if (queue_flag) {
3120 		put(q, mp);
3121 		return (RPC_SUCCESS);
3122 
3123 	}
3124 
3125 	/*
3126 	 * Set up calls for RPC requests (with XID != 0) on the hash
3127 	 * queue for fast lookups and place other calls (i.e.
3128 	 * connection management) on the linked list.
3129 	 */
3130 	if (xid != 0) {
3131 		RPCLOG(64, "clnt_dispatch_send: putting xid 0x%x on "
3132 		    "dispatch list\n", xid);
3133 		e->call_hash = call_hash(xid, clnt_cots_hash_size);
3134 		e->call_bucket = &cots_call_ht[e->call_hash];
3135 		call_table_enter(e);
3136 	} else {
3137 		mutex_enter(&clnt_pending_lock);
3138 		if (clnt_pending)
3139 			clnt_pending->call_prev = e;
3140 		e->call_next = clnt_pending;
3141 		e->call_prev = NULL;
3142 		clnt_pending = e;
3143 		mutex_exit(&clnt_pending_lock);
3144 	}
3145 
3146 	put(q, mp);
3147 	return (RPC_SUCCESS);
3148 }
3149 
3150 /*
3151  * Called by rpcmod to notify a client with a clnt_pending call that its reply
3152  * has arrived.  If we can't find a client waiting for this reply, we log
3153  * the error and return.
3154  */
3155 bool_t
3156 clnt_dispatch_notify(mblk_t *mp, zoneid_t zoneid)
3157 {
3158 	calllist_t *e = NULL;
3159 	call_table_t *chtp;
3160 	uint32_t xid;
3161 	uint_t hash;
3162 
3163 	if ((IS_P2ALIGNED(mp->b_rptr, sizeof (uint32_t))) &&
3164 	    (mp->b_wptr - mp->b_rptr) >= sizeof (xid))
3165 		xid = *((uint32_t *)mp->b_rptr);
3166 	else {
3167 		int i = 0;
3168 		unsigned char *p = (unsigned char *)&xid;
3169 		unsigned char *rptr;
3170 		mblk_t *tmp = mp;
3171 
3172 		/*
3173 		 * Copy the xid, byte-by-byte into xid.
3174 		 */
3175 		while (tmp) {
3176 			rptr = tmp->b_rptr;
3177 			while (rptr < tmp->b_wptr) {
3178 				*p++ = *rptr++;
3179 				if (++i >= sizeof (xid))
3180 					goto done_xid_copy;
3181 			}
3182 			tmp = tmp->b_cont;
3183 		}
3184 
3185 		/*
3186 		 * If we got here, we ran out of mblk space before the
3187 		 * xid could be copied.
3188 		 */
3189 		ASSERT(tmp == NULL && i < sizeof (xid));
3190 
3191 		RPCLOG0(1,
3192 		    "clnt_dispatch_notify: message less than size of xid\n");
3193 		return (FALSE);
3194 
3195 	}
3196 done_xid_copy:
3197 
3198 	hash = call_hash(xid, clnt_cots_hash_size);
3199 	chtp = &cots_call_ht[hash];
3200 	/* call_table_find returns with the hash bucket locked */
3201 	call_table_find(chtp, xid, e);
3202 
3203 	if (e != NULL) {
3204 		/*
3205 		 * Found thread waiting for this reply
3206 		 */
3207 		mutex_enter(&e->call_lock);
3208 
3209 		/*
3210 		 * verify that the reply is coming in on
3211 		 * the same zone that it was sent from.
3212 		 */
3213 		if (e->call_zoneid != zoneid) {
3214 			mutex_exit(&e->call_lock);
3215 			mutex_exit(&chtp->ct_lock);
3216 			RPCLOG0(1, "clnt_dispatch_notify: incorrect zoneid\n");
3217 			return (FALSE);
3218 		}
3219 
3220 		if (e->call_reply)
3221 			/*
3222 			 * This can happen under the following scenario:
3223 			 * clnt_cots_kcallit() times out on the response,
3224 			 * rfscall() repeats the CLNT_CALL() with
3225 			 * the same xid, clnt_cots_kcallit() sends the retry,
3226 			 * thereby putting the clnt handle on the pending list,
3227 			 * the first response arrives, signalling the thread
3228 			 * in clnt_cots_kcallit(). Before that thread is
3229 			 * dispatched, the second response arrives as well,
3230 			 * and clnt_dispatch_notify still finds the handle on
3231 			 * the pending list, with call_reply set. So free the
3232 			 * old reply now.
3233 			 *
3234 			 * It is also possible for a response intended for
3235 			 * an RPC call with a different xid to reside here.
3236 			 * This can happen if the thread that owned this
3237 			 * client handle prior to the current owner bailed
3238 			 * out and left its call record on the dispatch
3239 			 * queue.  A window exists where the response can
3240 			 * arrive before the current owner dispatches its
3241 			 * RPC call.
3242 			 *
3243 			 * In any case, this is the very last point where we
3244 			 * can safely check the call_reply field before
3245 			 * placing the new response there.
3246 			 */
3247 			freemsg(e->call_reply);
3248 		e->call_reply = mp;
3249 		e->call_status = RPC_SUCCESS;
3250 		e->call_notified = TRUE;
3251 		cv_signal(&e->call_cv);
3252 		mutex_exit(&e->call_lock);
3253 		mutex_exit(&chtp->ct_lock);
3254 		return (TRUE);
3255 	} else {
3256 		zone_t *zone;
3257 		struct rpcstat *rpcstat;
3258 
3259 		mutex_exit(&chtp->ct_lock);
3260 		RPCLOG(65, "clnt_dispatch_notify: no caller for reply 0x%x\n",
3261 		    xid);
3262 		/*
3263 		 * This is unfortunate, but we need to lookup the zone so we
3264 		 * can increment its "rcbadxids" counter.
3265 		 */
3266 		zone = zone_find_by_id(zoneid);
3267 		if (zone == NULL) {
3268 			/*
3269 			 * The zone went away...
3270 			 */
3271 			return (FALSE);
3272 		}
3273 		rpcstat = zone_getspecific(rpcstat_zone_key, zone);
3274 		if (zone_status_get(zone) >= ZONE_IS_SHUTTING_DOWN) {
3275 			/*
3276 			 * Not interested
3277 			 */
3278 			zone_rele(zone);
3279 			return (FALSE);
3280 		}
3281 		COTSRCSTAT_INCR(rpcstat->rpc_cots_client, rcbadxids);
3282 		zone_rele(zone);
3283 	}
3284 	return (FALSE);
3285 }
3286 
3287 /*
3288  * Called by rpcmod when a non-data indication arrives.  The ones in which we
3289  * are interested are connection indications and options acks.  We dispatch
3290  * based on the queue the indication came in on.  If we are not interested in
3291  * what came in, we return false to rpcmod, who will then pass it upstream.
3292  */
3293 bool_t
3294 clnt_dispatch_notifyconn(queue_t *q, mblk_t *mp)
3295 {
3296 	calllist_t *e;
3297 	int type;
3298 
3299 	ASSERT((q->q_flag & QREADR) == 0);
3300 
3301 	type = ((union T_primitives *)mp->b_rptr)->type;
3302 	RPCLOG(8, "clnt_dispatch_notifyconn: prim type: [%s]\n",
3303 	    rpc_tpiprim2name(type));
3304 	mutex_enter(&clnt_pending_lock);
3305 	for (e = clnt_pending; /* NO CONDITION */; e = e->call_next) {
3306 		if (e == NULL) {
3307 			mutex_exit(&clnt_pending_lock);
3308 			RPCLOG(1, "clnt_dispatch_notifyconn: no one waiting "
3309 			    "for connection on queue 0x%p\n", (void *)q);
3310 			return (FALSE);
3311 		}
3312 		if (e->call_wq == q)
3313 			break;
3314 	}
3315 
3316 	switch (type) {
3317 	case T_CONN_CON:
3318 		/*
3319 		 * The transport is now connected, send a T_INFO_REQ to get
3320 		 * the tidu size.
3321 		 */
3322 		mutex_exit(&clnt_pending_lock);
3323 		ASSERT(mp->b_datap->db_lim - mp->b_datap->db_base >=
3324 		    sizeof (struct T_info_req));
3325 		mp->b_rptr = mp->b_datap->db_base;
3326 		((union T_primitives *)mp->b_rptr)->type = T_INFO_REQ;
3327 		mp->b_wptr = mp->b_rptr + sizeof (struct T_info_req);
3328 		mp->b_datap->db_type = M_PCPROTO;
3329 		put(q, mp);
3330 		return (TRUE);
3331 	case T_INFO_ACK:
3332 	case T_OPTMGMT_ACK:
3333 		e->call_status = RPC_SUCCESS;
3334 		e->call_reply = mp;
3335 		e->call_notified = TRUE;
3336 		cv_signal(&e->call_cv);
3337 		break;
3338 	case T_ERROR_ACK:
3339 		e->call_status = RPC_CANTCONNECT;
3340 		e->call_reply = mp;
3341 		e->call_notified = TRUE;
3342 		cv_signal(&e->call_cv);
3343 		break;
3344 	case T_OK_ACK:
3345 		/*
3346 		 * Great, but we are really waiting for a T_CONN_CON
3347 		 */
3348 		freemsg(mp);
3349 		break;
3350 	default:
3351 		mutex_exit(&clnt_pending_lock);
3352 		RPCLOG(1, "clnt_dispatch_notifyconn: bad type %d\n", type);
3353 		return (FALSE);
3354 	}
3355 
3356 	mutex_exit(&clnt_pending_lock);
3357 	return (TRUE);
3358 }
3359 
3360 /*
3361  * Called by rpcmod when the transport is (or should be) going away.  Informs
3362  * all callers waiting for replies and marks the entry in the connection
3363  * manager's list as unconnected, and either closing (close handshake in
3364  * progress) or dead.
3365  */
3366 void
3367 clnt_dispatch_notifyall(queue_t *q, int32_t msg_type, int32_t reason)
3368 {
3369 	calllist_t *e;
3370 	call_table_t *ctp;
3371 	struct cm_xprt *cm_entry;
3372 	int have_connmgr_lock;
3373 	int i;
3374 
3375 	ASSERT((q->q_flag & QREADR) == 0);
3376 
3377 	RPCLOG(1, "clnt_dispatch_notifyall on queue %p", (void *)q);
3378 	RPCLOG(1, " received a notifcation prim type [%s]",
3379 	    rpc_tpiprim2name(msg_type));
3380 	RPCLOG(1, " and reason %d\n", reason);
3381 
3382 	/*
3383 	 * Find the transport entry in the connection manager's list, close
3384 	 * the transport and delete the entry.  In the case where rpcmod's
3385 	 * idle timer goes off, it sends us a T_ORDREL_REQ, indicating we
3386 	 * should gracefully close the connection.
3387 	 */
3388 	have_connmgr_lock = 1;
3389 	mutex_enter(&connmgr_lock);
3390 	for (cm_entry = cm_hd; cm_entry; cm_entry = cm_entry->x_next) {
3391 		ASSERT(cm_entry != cm_entry->x_next);
3392 		if (cm_entry->x_wq == q) {
3393 			ASSERT(MUTEX_HELD(&connmgr_lock));
3394 			ASSERT(have_connmgr_lock == 1);
3395 			switch (msg_type) {
3396 			case T_ORDREL_REQ:
3397 
3398 				if (cm_entry->x_dead) {
3399 					RPCLOG(1, "idle timeout on dead "
3400 					    "connection: %p\n",
3401 					    (void *)cm_entry);
3402 					if (clnt_stop_idle != NULL)
3403 						(*clnt_stop_idle)(q);
3404 					break;
3405 				}
3406 
3407 				/*
3408 				 * Only mark the connection as dead if it is
3409 				 * connected and idle.
3410 				 * An unconnected connection has probably
3411 				 * gone idle because the server is down,
3412 				 * and when it comes back up there will be
3413 				 * retries that need to use that connection.
3414 				 */
3415 				if (cm_entry->x_connected ||
3416 				    cm_entry->x_doomed) {
3417 					if (cm_entry->x_ordrel) {
3418 						if (cm_entry->x_closing ==
3419 						    TRUE) {
3420 							/*
3421 							 * The connection is
3422 							 * obviously wedged due
3423 							 * to a bug or problem
3424 							 * with the transport.
3425 							 * Mark it as dead.
3426 							 * Otherwise we can
3427 							 * leak connections.
3428 							 */
3429 							cm_entry->x_dead = TRUE;
3430 							mutex_exit(
3431 							    &connmgr_lock);
3432 							have_connmgr_lock = 0;
3433 							if (clnt_stop_idle !=
3434 							    NULL)
3435 							(*clnt_stop_idle)(q);
3436 							break;
3437 						}
3438 						cm_entry->x_closing = TRUE;
3439 						connmgr_sndrel(cm_entry);
3440 						have_connmgr_lock = 0;
3441 					} else {
3442 						cm_entry->x_dead = TRUE;
3443 						mutex_exit(&connmgr_lock);
3444 						have_connmgr_lock = 0;
3445 						if (clnt_stop_idle != NULL)
3446 							(*clnt_stop_idle)(q);
3447 					}
3448 				} else {
3449 					/*
3450 					 * We don't mark the connection
3451 					 * as dead, but we turn off the
3452 					 * idle timer.
3453 					 */
3454 					mutex_exit(&connmgr_lock);
3455 					have_connmgr_lock = 0;
3456 					if (clnt_stop_idle != NULL)
3457 						(*clnt_stop_idle)(q);
3458 					RPCLOG(1, "clnt_dispatch_notifyall:"
3459 					    " ignoring timeout from rpcmod"
3460 					    " (q %p) because we are not "
3461 					    " connected\n", (void *)q);
3462 				}
3463 				break;
3464 			case T_ORDREL_IND:
3465 				/*
3466 				 * If this entry is marked closing, then we are
3467 				 * completing a close handshake, and the
3468 				 * connection is dead.  Otherwise, the server is
3469 				 * trying to close. Since the server will not
3470 				 * be sending any more RPC replies, we abort
3471 				 * the connection, including flushing
3472 				 * any RPC requests that are in-transit.
3473 				 * In either case, mark the entry as dead so
3474 				 * that it can be closed by the connection
3475 				 * manager's garbage collector.
3476 				 */
3477 				cm_entry->x_dead = TRUE;
3478 				if (cm_entry->x_closing) {
3479 					mutex_exit(&connmgr_lock);
3480 					have_connmgr_lock = 0;
3481 					if (clnt_stop_idle != NULL)
3482 						(*clnt_stop_idle)(q);
3483 				} else {
3484 					/*
3485 					 * if we're getting a disconnect
3486 					 * before we've finished our
3487 					 * connect attempt, mark it for
3488 					 * later processing
3489 					 */
3490 					if (cm_entry->x_thread)
3491 						cm_entry->x_early_disc = TRUE;
3492 					else
3493 						cm_entry->x_connected = FALSE;
3494 					cm_entry->x_waitdis = TRUE;
3495 					connmgr_snddis(cm_entry);
3496 					have_connmgr_lock = 0;
3497 				}
3498 				break;
3499 
3500 			case T_ERROR_ACK:
3501 			case T_OK_ACK:
3502 				cm_entry->x_waitdis = FALSE;
3503 				cv_signal(&cm_entry->x_dis_cv);
3504 				mutex_exit(&connmgr_lock);
3505 				return;
3506 
3507 			case T_DISCON_REQ:
3508 				if (cm_entry->x_thread)
3509 					cm_entry->x_early_disc = TRUE;
3510 				else
3511 					cm_entry->x_connected = FALSE;
3512 				cm_entry->x_waitdis = TRUE;
3513 
3514 				connmgr_snddis(cm_entry);
3515 				have_connmgr_lock = 0;
3516 				break;
3517 
3518 			case T_DISCON_IND:
3519 			default:
3520 				/*
3521 				 * if we're getting a disconnect before
3522 				 * we've finished our connect attempt,
3523 				 * mark it for later processing
3524 				 */
3525 				if (cm_entry->x_closing) {
3526 					cm_entry->x_dead = TRUE;
3527 					mutex_exit(&connmgr_lock);
3528 					have_connmgr_lock = 0;
3529 					if (clnt_stop_idle != NULL)
3530 						(*clnt_stop_idle)(q);
3531 				} else {
3532 					if (cm_entry->x_thread) {
3533 						cm_entry->x_early_disc = TRUE;
3534 					} else {
3535 						cm_entry->x_dead = TRUE;
3536 						cm_entry->x_connected = FALSE;
3537 					}
3538 				}
3539 				break;
3540 			}
3541 			break;
3542 		}
3543 	}
3544 
3545 	if (have_connmgr_lock)
3546 		mutex_exit(&connmgr_lock);
3547 
3548 	if (msg_type == T_ERROR_ACK || msg_type == T_OK_ACK) {
3549 		RPCLOG(1, "clnt_dispatch_notifyall: (wq %p) could not find "
3550 		    "connmgr entry for discon ack\n", (void *)q);
3551 		return;
3552 	}
3553 
3554 	/*
3555 	 * Then kick all the clnt_pending calls out of their wait.  There
3556 	 * should be no clnt_pending calls in the case of rpcmod's idle
3557 	 * timer firing.
3558 	 */
3559 	for (i = 0; i < clnt_cots_hash_size; i++) {
3560 		ctp = &cots_call_ht[i];
3561 		mutex_enter(&ctp->ct_lock);
3562 		for (e = ctp->ct_call_next;
3563 		    e != (calllist_t *)ctp;
3564 		    e = e->call_next) {
3565 			if (e->call_wq == q && e->call_notified == FALSE) {
3566 				RPCLOG(1,
3567 				    "clnt_dispatch_notifyall for queue %p ",
3568 				    (void *)q);
3569 				RPCLOG(1, "aborting clnt_pending call %p\n",
3570 				    (void *)e);
3571 
3572 				if (msg_type == T_DISCON_IND)
3573 					e->call_reason = reason;
3574 				e->call_notified = TRUE;
3575 				e->call_status = RPC_XPRTFAILED;
3576 				cv_signal(&e->call_cv);
3577 			}
3578 		}
3579 		mutex_exit(&ctp->ct_lock);
3580 	}
3581 
3582 	mutex_enter(&clnt_pending_lock);
3583 	for (e = clnt_pending; e; e = e->call_next) {
3584 		/*
3585 		 * Only signal those RPC handles that haven't been
3586 		 * signalled yet. Otherwise we can get a bogus call_reason.
3587 		 * This can happen if thread A is making a call over a
3588 		 * connection. If the server is killed, it will cause
3589 		 * reset, and reason will default to EIO as a result of
3590 		 * a T_ORDREL_IND. Thread B then attempts to recreate
3591 		 * the connection but gets a T_DISCON_IND. If we set the
3592 		 * call_reason code for all threads, then if thread A
3593 		 * hasn't been dispatched yet, it will get the wrong
3594 		 * reason. The bogus call_reason can make it harder to
3595 		 * discriminate between calls that fail because the
3596 		 * connection attempt failed versus those where the call
3597 		 * may have been executed on the server.
3598 		 */
3599 		if (e->call_wq == q && e->call_notified == FALSE) {
3600 			RPCLOG(1, "clnt_dispatch_notifyall for queue %p ",
3601 			    (void *)q);
3602 			RPCLOG(1, " aborting clnt_pending call %p\n",
3603 			    (void *)e);
3604 
3605 			if (msg_type == T_DISCON_IND)
3606 				e->call_reason = reason;
3607 			e->call_notified = TRUE;
3608 			/*
3609 			 * Let the caller timeout, else he will retry
3610 			 * immediately.
3611 			 */
3612 			e->call_status = RPC_XPRTFAILED;
3613 
3614 			/*
3615 			 * We used to just signal those threads
3616 			 * waiting for a connection, (call_xid = 0).
3617 			 * That meant that threads waiting for a response
3618 			 * waited till their timeout expired. This
3619 			 * could be a long time if they've specified a
3620 			 * maximum timeout. (2^31 - 1). So we
3621 			 * Signal all threads now.
3622 			 */
3623 			cv_signal(&e->call_cv);
3624 		}
3625 	}
3626 	mutex_exit(&clnt_pending_lock);
3627 }
3628 
3629 
3630 /*ARGSUSED*/
3631 /*
3632  * after resuming a system that's been suspended for longer than the
3633  * NFS server's idle timeout (svc_idle_timeout for Solaris 2), rfscall()
3634  * generates "NFS server X not responding" and "NFS server X ok" messages;
3635  * here we reset inet connections to cause a re-connect and avoid those
3636  * NFS messages.  see 4045054
3637  */
3638 boolean_t
3639 connmgr_cpr_reset(void *arg, int code)
3640 {
3641 	struct cm_xprt *cxp;
3642 
3643 	if (code == CB_CODE_CPR_CHKPT)
3644 		return (B_TRUE);
3645 
3646 	if (mutex_tryenter(&connmgr_lock) == 0)
3647 		return (B_FALSE);
3648 	for (cxp = cm_hd; cxp; cxp = cxp->x_next) {
3649 		if ((cxp->x_family == AF_INET || cxp->x_family == AF_INET6) &&
3650 		    cxp->x_connected == TRUE) {
3651 			if (cxp->x_thread)
3652 				cxp->x_early_disc = TRUE;
3653 			else
3654 				cxp->x_connected = FALSE;
3655 			cxp->x_needdis = TRUE;
3656 		}
3657 	}
3658 	mutex_exit(&connmgr_lock);
3659 	return (B_TRUE);
3660 }
3661 
3662 void
3663 clnt_cots_stats_init(zoneid_t zoneid, struct rpc_cots_client **statsp)
3664 {
3665 
3666 	*statsp = (struct rpc_cots_client *)rpcstat_zone_init_common(zoneid,
3667 	    "unix", "rpc_cots_client", (const kstat_named_t *)&cots_rcstat_tmpl,
3668 	    sizeof (cots_rcstat_tmpl));
3669 }
3670 
3671 void
3672 clnt_cots_stats_fini(zoneid_t zoneid, struct rpc_cots_client **statsp)
3673 {
3674 	rpcstat_zone_fini_common(zoneid, "unix", "rpc_cots_client");
3675 	kmem_free(*statsp, sizeof (cots_rcstat_tmpl));
3676 }
3677 
3678 void
3679 clnt_cots_init(void)
3680 {
3681 	mutex_init(&connmgr_lock, NULL, MUTEX_DEFAULT, NULL);
3682 	mutex_init(&clnt_pending_lock, NULL, MUTEX_DEFAULT, NULL);
3683 
3684 	if (clnt_cots_hash_size < DEFAULT_MIN_HASH_SIZE)
3685 		clnt_cots_hash_size = DEFAULT_MIN_HASH_SIZE;
3686 
3687 	cots_call_ht = call_table_init(clnt_cots_hash_size);
3688 	zone_key_create(&zone_cots_key, NULL, NULL, clnt_zone_destroy);
3689 }
3690 
3691 void
3692 clnt_cots_fini(void)
3693 {
3694 	(void) zone_key_delete(zone_cots_key);
3695 }
3696 
3697 /*
3698  * Wait for TPI ack, returns success only if expected ack is received
3699  * within timeout period.
3700  */
3701 
3702 static int
3703 waitforack(calllist_t *e, t_scalar_t ack_prim, const struct timeval *waitp,
3704     bool_t nosignal)
3705 {
3706 	union T_primitives *tpr;
3707 	clock_t timout;
3708 	int cv_stat = 1;
3709 
3710 	ASSERT(MUTEX_HELD(&clnt_pending_lock));
3711 	while (e->call_reply == NULL) {
3712 		if (waitp != NULL) {
3713 			timout = waitp->tv_sec * drv_usectohz(MICROSEC) +
3714 			    drv_usectohz(waitp->tv_usec) + lbolt;
3715 			if (nosignal)
3716 				cv_stat = cv_timedwait(&e->call_cv,
3717 				    &clnt_pending_lock, timout);
3718 			else
3719 				cv_stat = cv_timedwait_sig(&e->call_cv,
3720 				    &clnt_pending_lock, timout);
3721 		} else {
3722 			if (nosignal)
3723 				cv_wait(&e->call_cv, &clnt_pending_lock);
3724 			else
3725 				cv_stat = cv_wait_sig(&e->call_cv,
3726 				    &clnt_pending_lock);
3727 		}
3728 		if (cv_stat == -1)
3729 			return (ETIME);
3730 		if (cv_stat == 0)
3731 			return (EINTR);
3732 		/*
3733 		 * if we received an error from the server and we know a reply
3734 		 * is not going to be sent, do not wait for the full timeout,
3735 		 * return now.
3736 		 */
3737 		if (e->call_status == RPC_XPRTFAILED)
3738 			return (e->call_reason);
3739 	}
3740 	tpr = (union T_primitives *)e->call_reply->b_rptr;
3741 	if (tpr->type == ack_prim)
3742 		return (0); /* Success */
3743 
3744 	if (tpr->type == T_ERROR_ACK) {
3745 		if (tpr->error_ack.TLI_error == TSYSERR)
3746 			return (tpr->error_ack.UNIX_error);
3747 		else
3748 			return (t_tlitosyserr(tpr->error_ack.TLI_error));
3749 	}
3750 
3751 	return (EPROTO); /* unknown or unexpected primitive */
3752 }
3753