xref: /titanic_50/usr/src/uts/common/fs/autofs/auto_subr.c (revision a237e38e9161f0acd6451439d4a7dd597e66291d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/param.h>
29 #include <sys/kmem.h>
30 #include <sys/errno.h>
31 #include <sys/proc.h>
32 #include <sys/disp.h>
33 #include <sys/vfs.h>
34 #include <sys/vnode.h>
35 #include <sys/pathname.h>
36 #include <sys/cred.h>
37 #include <sys/mount.h>
38 #include <sys/cmn_err.h>
39 #include <sys/debug.h>
40 #include <sys/systm.h>
41 #include <sys/dirent.h>
42 #include <fs/fs_subr.h>
43 #include <sys/fs/autofs.h>
44 #include <sys/callb.h>
45 #include <sys/sysmacros.h>
46 #include <sys/zone.h>
47 #include <sys/door.h>
48 #include <sys/fs/mntdata.h>
49 #include <nfs/mount.h>
50 #include <rpc/clnt.h>
51 #include <rpcsvc/autofs_prot.h>
52 #include <nfs/rnode.h>
53 #include <sys/utsname.h>
54 
55 /*
56  * Autofs and Zones:
57  *
58  * Zones are delegated the responsibility of managing their own autofs mounts
59  * and maps.  Each zone runs its own copy of automountd, with its own timeouts,
60  * and other logically "global" parameters.  kRPC and virtualization in the
61  * loopback transport (tl) will prevent a zone from communicating with another
62  * zone's automountd.
63  *
64  * Each zone has its own "rootfnnode" and associated tree of auto nodes.
65  *
66  * Each zone also has its own set of "unmounter" kernel threads; these are
67  * created and run within the zone's context (ie, they are created via
68  * zthread_create()).
69  *
70  * Cross-zone mount triggers are disallowed.  There is a check in
71  * auto_trigger_mount() to this effect; EPERM is returned to indicate that the
72  * mount is not owned by the caller.
73  *
74  * autofssys() enables a caller in the global zone to clean up in-kernel (as
75  * well as regular) autofs mounts via the unmount_tree() mechanism.  This is
76  * routinely done when all mounts are removed as part of zone shutdown.
77  */
78 #define	TYPICALMAXPATHLEN	64
79 
80 static kmutex_t autofs_nodeid_lock;
81 
82 static int auto_perform_link(fnnode_t *, struct linka *, cred_t *);
83 static int auto_perform_actions(fninfo_t *, fnnode_t *,
84     action_list *, cred_t *);
85 static int auto_getmntpnt(vnode_t *, char *, vnode_t **, cred_t *);
86 static int auto_lookup_request(fninfo_t *, char *, struct linka *,
87     bool_t, bool_t *, cred_t *);
88 static int auto_mount_request(fninfo_t *, char *, action_list **, cred_t *,
89     bool_t);
90 
91 extern struct autofs_globals *autofs_zone_init(void);
92 
93 /*
94  * Clears the MF_INPROG flag, and wakes up those threads sleeping on
95  * fn_cv_mount if MF_WAITING is set.
96  */
97 void
98 auto_unblock_others(
99 	fnnode_t *fnp,
100 	uint_t operation)		/* either MF_INPROG or MF_LOOKUP */
101 {
102 	ASSERT(operation & (MF_INPROG | MF_LOOKUP));
103 	fnp->fn_flags &= ~operation;
104 	if (fnp->fn_flags & MF_WAITING) {
105 		fnp->fn_flags &= ~MF_WAITING;
106 		cv_broadcast(&fnp->fn_cv_mount);
107 	}
108 }
109 
110 int
111 auto_wait4mount(fnnode_t *fnp)
112 {
113 	int error;
114 	k_sigset_t smask;
115 
116 	AUTOFS_DPRINT((4, "auto_wait4mount: fnp=%p\n", (void *)fnp));
117 
118 	mutex_enter(&fnp->fn_lock);
119 	while (fnp->fn_flags & (MF_INPROG | MF_LOOKUP)) {
120 		/*
121 		 * There is a mount or a lookup in progress.
122 		 */
123 		fnp->fn_flags |= MF_WAITING;
124 		sigintr(&smask, 1);
125 		if (!cv_wait_sig(&fnp->fn_cv_mount, &fnp->fn_lock)) {
126 			/*
127 			 * Decided not to wait for operation to
128 			 * finish after all.
129 			 */
130 			sigunintr(&smask);
131 			mutex_exit(&fnp->fn_lock);
132 			return (EINTR);
133 		}
134 		sigunintr(&smask);
135 	}
136 	error = fnp->fn_error;
137 
138 	if (error == EINTR) {
139 		/*
140 		 * The thread doing the mount got interrupted, we need to
141 		 * try again, by returning EAGAIN.
142 		 */
143 		error = EAGAIN;
144 	}
145 	mutex_exit(&fnp->fn_lock);
146 
147 	AUTOFS_DPRINT((5, "auto_wait4mount: fnp=%p error=%d\n", (void *)fnp,
148 	    error));
149 	return (error);
150 }
151 
152 int
153 auto_lookup_aux(fnnode_t *fnp, char *name, cred_t *cred)
154 {
155 	struct fninfo *fnip;
156 	struct linka link;
157 	bool_t mountreq = FALSE;
158 	int error = 0;
159 
160 	fnip = vfstofni(fntovn(fnp)->v_vfsp);
161 	bzero(&link, sizeof (link));
162 	error = auto_lookup_request(fnip, name, &link, TRUE, &mountreq, cred);
163 	if (!error) {
164 		if (link.link != NULL || link.link != '\0') {
165 			/*
166 			 * This node should be a symlink
167 			 */
168 			error = auto_perform_link(fnp, &link, cred);
169 		} else if (mountreq) {
170 			/*
171 			 * The automount daemon is requesting a mount,
172 			 * implying this entry must be a wildcard match and
173 			 * therefore in need of verification that the entry
174 			 * exists on the server.
175 			 */
176 			mutex_enter(&fnp->fn_lock);
177 			AUTOFS_BLOCK_OTHERS(fnp, MF_INPROG);
178 			fnp->fn_error = 0;
179 
180 			/*
181 			 * Unblock other lookup requests on this node,
182 			 * this is needed to let the lookup generated by
183 			 * the mount call to complete. The caveat is
184 			 * other lookups on this node can also get by,
185 			 * i.e., another lookup on this node that occurs
186 			 * while this lookup is attempting the mount
187 			 * would return a positive result no matter what.
188 			 * Therefore two lookups on the this node could
189 			 * potentially get disparate results.
190 			 */
191 			AUTOFS_UNBLOCK_OTHERS(fnp, MF_LOOKUP);
192 			mutex_exit(&fnp->fn_lock);
193 			/*
194 			 * auto_new_mount_thread fires up a new thread which
195 			 * calls automountd finishing up the work
196 			 */
197 			auto_new_mount_thread(fnp, name, cred);
198 
199 			/*
200 			 * At this point, we are simply another thread
201 			 * waiting for the mount to complete
202 			 */
203 			error = auto_wait4mount(fnp);
204 			if (error == AUTOFS_SHUTDOWN)
205 				error = ENOENT;
206 		}
207 	}
208 
209 	if (link.link)
210 		kmem_free(link.link, strlen(link.link) + 1);
211 	if (link.dir)
212 		kmem_free(link.dir, strlen(link.dir) + 1);
213 	mutex_enter(&fnp->fn_lock);
214 	fnp->fn_error = error;
215 
216 	/*
217 	 * Notify threads waiting for lookup/mount that
218 	 * it's done.
219 	 */
220 	if (mountreq) {
221 		AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
222 	} else {
223 		AUTOFS_UNBLOCK_OTHERS(fnp, MF_LOOKUP);
224 	}
225 	mutex_exit(&fnp->fn_lock);
226 	return (error);
227 }
228 
229 /*
230  * Starting point for thread to handle mount requests with automountd.
231  * XXX auto_mount_thread() is not suspend-safe within the scope of
232  * the present model defined for cpr to suspend the system. Calls
233  * made by the auto_mount_thread() that have been identified to be unsafe
234  * are (1) RPC client handle setup and client calls to automountd which
235  * can block deep down in the RPC library, (2) kmem_alloc() calls with the
236  * KM_SLEEP flag which can block if memory is low, and (3) VFS_*(), and
237  * lookuppnvp() calls which can result in over the wire calls to servers.
238  * The thread should be completely reevaluated to make it suspend-safe in
239  * case of future updates to the cpr model.
240  */
241 static void
242 auto_mount_thread(struct autofs_callargs *argsp)
243 {
244 	struct fninfo 		*fnip;
245 	fnnode_t 		*fnp;
246 	vnode_t 		*vp;
247 	char 			*name;
248 	size_t 			namelen;
249 	cred_t 			*cred;
250 	action_list		*alp = NULL;
251 	int 			error;
252 	callb_cpr_t 		cprinfo;
253 	kmutex_t 		auto_mount_thread_cpr_lock;
254 
255 	mutex_init(&auto_mount_thread_cpr_lock, NULL, MUTEX_DEFAULT, NULL);
256 	CALLB_CPR_INIT(&cprinfo, &auto_mount_thread_cpr_lock,
257 		callb_generic_cpr, "auto_mount_thread");
258 
259 	fnp = argsp->fnc_fnp;
260 	vp = fntovn(fnp);
261 	fnip = vfstofni(vp->v_vfsp);
262 	name = argsp->fnc_name;
263 	cred = argsp->fnc_cred;
264 	ASSERT(crgetzoneid(argsp->fnc_cred) == fnip->fi_zoneid);
265 
266 	error = auto_mount_request(fnip, name, &alp, cred, TRUE);
267 	if (!error)
268 		error = auto_perform_actions(fnip, fnp, alp, cred);
269 	mutex_enter(&fnp->fn_lock);
270 	fnp->fn_error = error;
271 
272 	/*
273 	 * Notify threads waiting for mount that
274 	 * it's done.
275 	 */
276 	AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
277 	mutex_exit(&fnp->fn_lock);
278 
279 	VN_RELE(vp);
280 	crfree(argsp->fnc_cred);
281 	namelen = strlen(argsp->fnc_name) + 1;
282 	kmem_free(argsp->fnc_name, namelen);
283 	kmem_free(argsp, sizeof (*argsp));
284 
285 	mutex_enter(&auto_mount_thread_cpr_lock);
286 	CALLB_CPR_EXIT(&cprinfo);
287 	mutex_destroy(&auto_mount_thread_cpr_lock);
288 	zthread_exit();
289 	/* NOTREACHED */
290 }
291 
292 static int autofs_thr_success = 0;
293 
294 /*
295  * Creates new thread which calls auto_mount_thread which does
296  * the bulk of the work calling automountd, via 'auto_perform_actions'.
297  */
298 void
299 auto_new_mount_thread(fnnode_t *fnp, char *name, cred_t *cred)
300 {
301 	struct autofs_callargs *argsp;
302 
303 	argsp = kmem_alloc(sizeof (*argsp), KM_SLEEP);
304 	VN_HOLD(fntovn(fnp));
305 	argsp->fnc_fnp = fnp;
306 	argsp->fnc_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
307 	(void) strcpy(argsp->fnc_name, name);
308 	argsp->fnc_origin = curthread;
309 	crhold(cred);
310 	argsp->fnc_cred = cred;
311 
312 	(void) zthread_create(NULL, 0, auto_mount_thread, argsp, 0,
313 	    minclsyspri);
314 	autofs_thr_success++;
315 }
316 
317 
318 int
319 auto_calldaemon(
320 	zoneid_t 		zoneid,
321 	int			which,
322 	xdrproc_t		xarg_func,
323 	void 			*argsp,
324 	xdrproc_t		xresp_func,
325 	void 			*resp,
326 	int			reslen,
327 	bool_t 			hard)	/* retry forever? */
328 {
329 
330 	int 			retry, error = 0;
331 	k_sigset_t 		smask;
332 	door_arg_t		door_args;
333 	door_handle_t		dh;
334 	XDR			xdrarg, xdrres;
335 	struct autofs_globals 	*fngp = NULL;
336 	void			*orig_resp = NULL;
337 	int			orig_reslen = reslen;
338 	autofs_door_args_t	*xdr_argsp;
339 	int			xdr_len = 0;
340 
341 	/*
342 	 * We know that the current thread is doing work on
343 	 * behalf of its own zone, so it's ok to use
344 	 * curproc->p_zone.
345 	 */
346 	ASSERT(zoneid == getzoneid());
347 	if (zone_status_get(curproc->p_zone) >=
348 			ZONE_IS_SHUTTING_DOWN) {
349 		/*
350 		 * There's no point in trying to talk to
351 		 * automountd.  Plus, zone_shutdown() is
352 		 * waiting for us.
353 		 */
354 		return (ECONNREFUSED);
355 	}
356 
357 	if ((fngp = zone_getspecific(autofs_key, curproc->p_zone)) ==
358 	    NULL) {
359 		fngp = autofs_zone_init();
360 		(void) zone_setspecific(autofs_key, curproc->p_zone, fngp);
361 	}
362 
363 	ASSERT(fngp != NULL);
364 
365 	if (argsp != NULL && (xdr_len = xdr_sizeof(xarg_func, argsp)) == 0)
366 		return (EINVAL);
367 	xdr_argsp = kmem_zalloc(xdr_len + sizeof (*xdr_argsp), KM_SLEEP);
368 	xdr_argsp->xdr_len = xdr_len;
369 	xdr_argsp->cmd = which;
370 
371 	if (argsp) {
372 		xdrmem_create(&xdrarg, (char *)&xdr_argsp->xdr_arg,
373 			xdr_argsp->xdr_len, XDR_ENCODE);
374 
375 		if (!(*xarg_func)(&xdrarg, argsp)) {
376 			kmem_free(xdr_argsp, xdr_len + sizeof (*xdr_argsp));
377 			return (EINVAL);
378 		}
379 	}
380 
381 	/*
382 	 * We're saving off the original pointer and length due to the
383 	 * possibility that the results buffer returned by the door
384 	 * upcall can be different then what we passed in. This is because
385 	 * the door will allocate new memory if the results buffer passed
386 	 * in isn't large enough to hold what we need to send back.
387 	 * In this case we need to free the memory originally allocated
388 	 * for that buffer.
389 	 */
390 	if (orig_reslen)
391 		orig_resp = kmem_zalloc(orig_reslen, KM_SLEEP);
392 
393 	do {
394 		retry = 0;
395 		mutex_enter(&fngp->fng_autofs_daemon_lock);
396 		dh = fngp->fng_autofs_daemon_dh;
397 		if (dh)
398 			door_ki_hold(dh);
399 		mutex_exit(&fngp->fng_autofs_daemon_lock);
400 
401 		if (dh == NULL) {
402 			if (orig_resp)
403 				kmem_free(orig_resp, orig_reslen);
404 			kmem_free(xdr_argsp, xdr_len + sizeof (*xdr_argsp));
405 			return (ENOENT);
406 		}
407 		door_args.data_ptr = (char *)xdr_argsp;
408 		door_args.data_size = sizeof (*xdr_argsp) + xdr_argsp->xdr_len;
409 		door_args.desc_ptr = NULL;
410 		door_args.desc_num = 0;
411 		door_args.rbuf = orig_resp ? (char *)orig_resp : NULL;
412 		door_args.rsize = reslen;
413 
414 		sigintr(&smask, 1);
415 		error = door_ki_upcall(dh, &door_args);
416 		sigunintr(&smask);
417 
418 		door_ki_rele(dh);
419 
420 		if (!error) {
421 			autofs_door_res_t *adr =
422 				(autofs_door_res_t *)door_args.rbuf;
423 			if (door_args.rbuf != NULL &&
424 				(error = adr->res_status)) {
425 				kmem_free(xdr_argsp,
426 					xdr_len + sizeof (*xdr_argsp));
427 				if (orig_resp)
428 					kmem_free(orig_resp, orig_reslen);
429 				return (error);
430 			}
431 			continue;
432 		}
433 		switch (error) {
434 		case EINTR:
435 			/*
436 			 * interrupts should be handled properly by the
437 			 * door upcall.
438 			 *
439 			 * We may have gotten EINTR for other reasons
440 			 * like the door being revoked on us. Instead
441 			 * of trying to extract this out of the door
442 			 * handle, sleep and try again, if still
443 			 * revoked we will get EBADF next time
444 			 * through.
445 			 */
446 		case EAGAIN:    /* process may be forking */
447 			/*
448 			 * Back off for a bit
449 			 */
450 			delay(hz);
451 			retry = 1;
452 			break;
453 		case EBADF:	/* Invalid door */
454 		case EINVAL:    /* Not a door, wrong target */
455 			/*
456 			 * A fatal door error, if our failing door
457 			 * handle is the current door handle, clean
458 			 * up our state.
459 			 */
460 			mutex_enter(&fngp->fng_autofs_daemon_lock);
461 			if (dh == fngp->fng_autofs_daemon_dh) {
462 				door_ki_rele(fngp->fng_autofs_daemon_dh);
463 				fngp->fng_autofs_daemon_dh = NULL;
464 			}
465 			mutex_exit(&fngp->fng_autofs_daemon_lock);
466 			AUTOFS_DPRINT((5,
467 				"auto_calldaemon error=%d\n", error));
468 			if (hard) {
469 				if (!fngp->fng_printed_not_running_msg) {
470 				    fngp->fng_printed_not_running_msg = 1;
471 				    zprintf(zoneid, "automountd not "\
472 					"running, retrying\n");
473 				}
474 				delay(hz);
475 				retry = 1;
476 				break;
477 			} else {
478 				error = ECONNREFUSED;
479 				kmem_free(xdr_argsp,
480 					xdr_len + sizeof (*xdr_argsp));
481 				if (orig_resp)
482 					kmem_free(orig_resp, orig_reslen);
483 				return (error);
484 			}
485 		default:	/* Unknown must be fatal */
486 			error = ENOENT;
487 			kmem_free(xdr_argsp, xdr_len + sizeof (*xdr_argsp));
488 			if (orig_resp)
489 				kmem_free(orig_resp, orig_reslen);
490 			return (error);
491 		}
492 	} while (retry);
493 
494 	if (fngp->fng_printed_not_running_msg == 1) {
495 		fngp->fng_printed_not_running_msg = 0;
496 		zprintf(zoneid, "automountd OK\n");
497 	}
498 
499 	if (orig_resp && orig_reslen) {
500 		autofs_door_res_t	*door_resp;
501 		door_resp =
502 			(autofs_door_res_t *)door_args.rbuf;
503 		if ((void *)door_args.rbuf != orig_resp)
504 			kmem_free(orig_resp, orig_reslen);
505 		xdrmem_create(&xdrres, (char *)&door_resp->xdr_res,
506 			door_resp->xdr_len, XDR_DECODE);
507 		if (!((*xresp_func)(&xdrres, resp)))
508 			error = EINVAL;
509 		kmem_free(door_args.rbuf, door_args.rsize);
510 	}
511 	kmem_free(xdr_argsp, xdr_len + sizeof (*xdr_argsp));
512 	return (error);
513 }
514 
515 static int
516 auto_null_request(fninfo_t *fnip, bool_t hard)
517 {
518 	int error;
519 	struct autofs_globals *fngp = vntofn(fnip->fi_rootvp)->fn_globals;
520 
521 	AUTOFS_DPRINT((4, "\tauto_null_request\n"));
522 
523 	error = auto_calldaemon(fngp->fng_zoneid,
524 		NULLPROC,
525 		xdr_void,
526 		NULL,
527 		xdr_void,
528 		NULL,
529 		0,
530 		hard);
531 
532 	AUTOFS_DPRINT((5, "\tauto_null_request: error=%d\n", error));
533 	return (error);
534 }
535 
536 static int
537 auto_lookup_request(
538 	fninfo_t *fnip,
539 	char *key,
540 	struct linka *lnp,
541 	bool_t hard,
542 	bool_t *mountreq,
543 	cred_t *cred)
544 {
545 	int 				error;
546 	struct autofs_globals 		*fngp;
547 	struct autofs_lookupargs	reqst;
548 	autofs_lookupres 		*resp;
549 	struct linka 			*p;
550 
551 
552 	AUTOFS_DPRINT((4, "auto_lookup_equest: path=%s name=%s\n",
553 	    fnip->fi_path, key));
554 
555 	fngp = vntofn(fnip->fi_rootvp)->fn_globals;
556 
557 	reqst.map = fnip->fi_map;
558 	reqst.path = fnip->fi_path;
559 
560 	if (fnip->fi_flags & MF_DIRECT)
561 		reqst.name = fnip->fi_key;
562 	else
563 		reqst.name = key;
564 	AUTOFS_DPRINT((4, "auto_lookup_request: using key=%s\n", reqst.name));
565 
566 	reqst.subdir = fnip->fi_subdir;
567 	reqst.opts = fnip->fi_opts;
568 	reqst.isdirect = fnip->fi_flags & MF_DIRECT ? TRUE : FALSE;
569 	reqst.uid = crgetuid(cred);
570 
571 	resp = kmem_zalloc(sizeof (*resp), KM_SLEEP);
572 
573 	error = auto_calldaemon(fngp->fng_zoneid,
574 		AUTOFS_LOOKUP,
575 		xdr_autofs_lookupargs,
576 		&reqst,
577 		xdr_autofs_lookupres,
578 		(void *)resp,
579 		sizeof (autofs_lookupres),
580 		hard);
581 
582 
583 	if (error) {
584 		xdr_free(xdr_autofs_lookupres, (char *)resp);
585 		kmem_free(resp, sizeof (*resp));
586 		return (error);
587 	}
588 
589 	if (!error) {
590 		fngp->fng_verbose = resp->lu_verbose;
591 		switch (resp->lu_res) {
592 		case AUTOFS_OK:
593 			switch (resp->lu_type.action) {
594 			case AUTOFS_MOUNT_RQ:
595 				lnp->link = NULL;
596 				lnp->dir = NULL;
597 				*mountreq = TRUE;
598 				break;
599 			case AUTOFS_LINK_RQ:
600 				p =
601 				&resp->lu_type.lookup_result_type_u.lt_linka;
602 				lnp->dir = kmem_alloc(strlen(p->dir) + 1,
603 					KM_SLEEP);
604 				(void) strcpy(lnp->dir, p->dir);
605 				lnp->link = kmem_alloc(strlen(p->link) + 1,
606 					KM_SLEEP);
607 				(void) strcpy(lnp->link, p->link);
608 				break;
609 			case AUTOFS_NONE:
610 				lnp->link = NULL;
611 				lnp->dir = NULL;
612 				break;
613 			default:
614 				auto_log(fngp->fng_verbose,
615 					fngp->fng_zoneid, CE_WARN,
616 				    "auto_lookup_request: bad action type %d",
617 				    resp->lu_res);
618 				error = ENOENT;
619 			}
620 			break;
621 		case AUTOFS_NOENT:
622 			error = ENOENT;
623 			break;
624 		default:
625 			error = ENOENT;
626 			auto_log(fngp->fng_verbose, fngp->fng_zoneid, CE_WARN,
627 			    "auto_lookup_request: unknown result: %d",
628 			    resp->lu_res);
629 			break;
630 		}
631 	}
632 done:
633 	xdr_free(xdr_autofs_lookupres, (char *)resp);
634 	kmem_free(resp, sizeof (*resp));
635 	AUTOFS_DPRINT((5, "auto_lookup_request: path=%s name=%s error=%d\n",
636 	    fnip->fi_path, key, error));
637 	return (error);
638 }
639 
640 static int
641 auto_mount_request(
642 	fninfo_t *fnip,
643 	char *key,
644 	action_list **alpp,
645 	cred_t *cred,
646 	bool_t hard)
647 {
648 	int 			error;
649 	struct autofs_globals 	*fngp;
650 	autofs_lookupargs 	reqst;
651 	autofs_mountres		*xdrres = NULL;
652 
653 	AUTOFS_DPRINT((4, "auto_mount_request: path=%s name=%s\n",
654 	    fnip->fi_path, key));
655 
656 	fngp = vntofn(fnip->fi_rootvp)->fn_globals;
657 	reqst.map = fnip->fi_map;
658 	reqst.path = fnip->fi_path;
659 
660 	if (fnip->fi_flags & MF_DIRECT)
661 		reqst.name = fnip->fi_key;
662 	else
663 		reqst.name = key;
664 
665 	AUTOFS_DPRINT((4, "auto_mount_request: using key=%s\n", reqst.name));
666 
667 	reqst.subdir = fnip->fi_subdir;
668 	reqst.opts = fnip->fi_opts;
669 	reqst.isdirect = fnip->fi_flags & MF_DIRECT ? TRUE : FALSE;
670 	reqst.uid = crgetuid(cred);
671 
672 	xdrres = kmem_zalloc(sizeof (*xdrres), KM_SLEEP);
673 
674 	error = auto_calldaemon(fngp->fng_zoneid,
675 		AUTOFS_MNTINFO,
676 		xdr_autofs_lookupargs,
677 		&reqst,
678 		xdr_autofs_mountres,
679 		(void *)xdrres,
680 		sizeof (autofs_mountres),
681 		hard);
682 
683 	if (!error) {
684 		fngp->fng_verbose = xdrres->mr_verbose;
685 		switch (xdrres->mr_type.status) {
686 		case AUTOFS_ACTION:
687 			error = 0;
688 			/*
689 			 * Save the action list since it is used by
690 			 * the caller. We NULL the action list pointer
691 			 * in 'result' so that xdr_free() will not free
692 			 * the list.
693 			 */
694 			*alpp = xdrres->mr_type.mount_result_type_u.list;
695 			xdrres->mr_type.mount_result_type_u.list = NULL;
696 			break;
697 		case AUTOFS_DONE:
698 			error = xdrres->mr_type.mount_result_type_u.error;
699 			break;
700 		default:
701 			error = ENOENT;
702 			auto_log(fngp->fng_verbose, fngp->fng_zoneid, CE_WARN,
703 			    "auto_mount_request: unknown status %d",
704 			    xdrres->mr_type.status);
705 			break;
706 		}
707 	}
708 
709 	xdr_free(xdr_autofs_mountres, (char *)xdrres);
710 	kmem_free(xdrres, sizeof (*xdrres));
711 
712 
713 	AUTOFS_DPRINT((5, "auto_mount_request: path=%s name=%s error=%d\n",
714 	    fnip->fi_path, key, error));
715 	return (error);
716 }
717 
718 
719 static int
720 auto_send_unmount_request(
721 	fninfo_t *fnip,
722 	umntrequest *ul,
723 	bool_t hard)
724 {
725 	int 	error;
726 	umntres	xdrres;
727 
728 	struct autofs_globals *fngp = vntofn(fnip->fi_rootvp)->fn_globals;
729 
730 	AUTOFS_DPRINT((4, "\tauto_send_unmount_request: fstype=%s "
731 			" mntpnt=%s\n", ul->fstype, ul->mntpnt));
732 
733 	bzero(&xdrres, sizeof (umntres));
734 	error = auto_calldaemon(fngp->fng_zoneid,
735 		AUTOFS_UNMOUNT,
736 		xdr_umntrequest,
737 		(void *)ul,
738 		xdr_umntres,
739 		(void *)&xdrres,
740 		sizeof (umntres),
741 		hard);
742 
743 	if (!error)
744 		error = xdrres.status;
745 
746 	AUTOFS_DPRINT((5, "\tauto_send_unmount_request: error=%d\n", error));
747 
748 	return (error);
749 }
750 
751 static int
752 auto_perform_link(fnnode_t *fnp, struct linka *linkp, cred_t *cred)
753 {
754 	vnode_t *vp;
755 	size_t len;
756 	char *tmp;
757 
758 	AUTOFS_DPRINT((3, "auto_perform_link: fnp=%p dir=%s link=%s\n",
759 	    (void *)fnp, linkp->dir, linkp->link));
760 
761 	len = strlen(linkp->link) + 1;		/* include '\0' */
762 	tmp = kmem_zalloc(len, KM_SLEEP);
763 	(void) kcopy(linkp->link, tmp, len);
764 	mutex_enter(&fnp->fn_lock);
765 	fnp->fn_symlink = tmp;
766 	fnp->fn_symlinklen = (uint_t)len;
767 	fnp->fn_flags |= MF_THISUID_MATCH_RQD;
768 	crhold(cred);
769 	fnp->fn_cred = cred;
770 	mutex_exit(&fnp->fn_lock);
771 
772 	vp = fntovn(fnp);
773 	vp->v_type = VLNK;
774 
775 	return (0);
776 }
777 
778 static boolean_t
779 auto_invalid_autofs(fninfo_t *dfnip, fnnode_t *dfnp, action_list *p)
780 {
781 	struct mounta *m;
782 	struct autofs_args *argsp;
783 	vnode_t *dvp;
784 	char buff[AUTOFS_MAXPATHLEN];
785 	size_t len;
786 	struct autofs_globals *fngp;
787 	fngp = dfnp->fn_globals;
788 	dvp = fntovn(dfnp);
789 
790 	m = &p->action.action_list_entry_u.mounta;
791 	/*
792 	 * Make sure we aren't geting passed NULL values or a "dir" that
793 	 * isn't "." and doesn't begin with "./".
794 	 *
795 	 * We also only want to perform autofs mounts, so make sure
796 	 * no-one is trying to trick us into doing anything else.
797 	 */
798 	if (m->dir[0] != '.' ||
799 	    (m->dir[1] != '/' && m->dir[1] != '\0') ||
800 	    strcmp(m->fstype, "autofs") != 0 ||
801 	    m->datalen != sizeof (struct autofs_args) ||
802 	    m->optptr == NULL)
803 		return (B_TRUE);
804 	/*
805 	 * We also don't like ".."s in the pathname.  Symlinks are
806 	 * handled by the fact that we'll use NOFOLLOW when we do
807 	 * lookup()s.
808 	 */
809 	if (strstr(m->dir, "/../") != NULL ||
810 	    (len = strlen(m->dir)) > sizeof ("/..") - 1 &&
811 	    m->dir[len] == '.' && m->dir[len - 1] == '.' &&
812 	    m->dir[len - 2] == '/')
813 		return (B_TRUE);
814 	argsp = (struct autofs_args *)m->dataptr;
815 	/*
816 	 * We don't want NULL values here either.
817 	 */
818 	if (argsp->addr.buf == NULL || argsp->path == NULL ||
819 	    argsp->opts == NULL || argsp->map == NULL || argsp->subdir == NULL)
820 		return (B_TRUE);
821 	/*
822 	 * We know what the claimed pathname *should* look like:
823 	 *
824 	 * If the parent (dfnp) is a mount point (VROOT), then
825 	 * the path should be (dfnip->fi_path + m->dir).
826 	 *
827 	 * Else, we know we're only two levels deep, so we use
828 	 * (dfnip->fi_path + dfnp->fn_name + m->dir).
829 	 *
830 	 * Furthermore, "." only makes sense if dfnp is a
831 	 * trigger node.
832 	 *
833 	 * At this point it seems like the passed-in path is
834 	 * redundant.
835 	 */
836 	if (dvp->v_flag & VROOT) {
837 		if (m->dir[1] == '\0' && !(dfnp->fn_flags & MF_TRIGGER))
838 			return (B_TRUE);
839 		(void) snprintf(buff, sizeof (buff), "%s%s",
840 		    dfnip->fi_path, m->dir + 1);
841 	} else {
842 		(void) snprintf(buff, sizeof (buff), "%s/%s%s",
843 		    dfnip->fi_path, dfnp->fn_name, m->dir + 1);
844 	}
845 	if (strcmp(argsp->path, buff) != 0) {
846 		auto_log(fngp->fng_verbose, fngp->fng_zoneid,
847 		    CE_WARN, "autofs: expected path of '%s', "
848 		    "got '%s' instead.", buff, argsp->path);
849 		return (B_TRUE);
850 	}
851 	return (B_FALSE); /* looks OK */
852 }
853 
854 /*
855  * auto_invalid_action will validate the action_list received.  If all is good
856  * this function returns FALSE, if there is a problem it returned TRUE.
857  * Based on the mount type, autofs or nfs, it dispatchs to auto_invalid_autofs
858  * or validates the fstype is nfs.  For nfs mounts, the spec, dir, datalen
859  * etc should all either be good here, or have already been checked.
860  */
861 
862 static boolean_t
863 auto_invalid_action(fninfo_t *dfnip, fnnode_t *dfnp, action_list *alistpp)
864 {
865 	struct mounta	*m;
866 
867 	/*
868 	 * Before we go any further, this better be a mount request.
869 	 */
870 	if (alistpp->action.action != AUTOFS_MOUNT_RQ)
871 		return (B_TRUE);
872 
873 	m = &alistpp->action.action_list_entry_u.mounta;
874 	/*
875 	 * Make sure we aren't geting passed NULL values or a "dir" that
876 	 * isn't "." and doesn't begin with "./".
877 	 *
878 	 * We also only want to perform autofs mounts, so make sure
879 	 * no-one is trying to trick us into doing anything else.
880 	 */
881 	if (m->spec == NULL || m->dir == NULL ||
882 	    m->fstype == NULL || m->dataptr == NULL)
883 		return (B_TRUE);
884 
885 	/*
886 	 * Dispatch to the appropriate validation routine based
887 	 * on the filesystem type.
888 	 */
889 	if (strncmp(alistpp->action.action_list_entry_u.mounta.fstype,
890 		"autofs", 6) == 0) {
891 		return (auto_invalid_autofs(dfnip, dfnp, alistpp));
892 	} else if (strncmp(alistpp->action.action_list_entry_u.mounta.fstype,
893 		"nfs", 3) == 0) {
894 		return (B_FALSE);
895 	}
896 	return (B_TRUE);
897 }
898 
899 static int
900 auto_perform_actions(
901 	fninfo_t *dfnip,
902 	fnnode_t *dfnp,
903 	action_list *alp,
904 	cred_t *cred)	/* Credentials of the caller */
905 {
906 
907 	action_list *p;
908 	struct mounta		*m, margs;
909 	struct autofs_args 		*argsp;
910 	int 			error, success = 0;
911 	vnode_t 		*mvp, *dvp, *newvp;
912 	fnnode_t 		*newfnp, *mfnp;
913 	int 			auto_mount = 0;
914 	int 			save_triggers = 0;
915 	int 			update_times = 0;
916 	char 			*mntpnt;
917 	char 			buff[AUTOFS_MAXPATHLEN];
918 	timestruc_t 		now;
919 	struct autofs_globals 	*fngp;
920 	cred_t 			*zcred;
921 
922 	AUTOFS_DPRINT((4, "auto_perform_actions: alp=%p\n",
923 		(void *)alp));
924 
925 	fngp = dfnp->fn_globals;
926 	dvp = fntovn(dfnp);
927 
928 	/*
929 	 * As automountd running in a zone may be compromised, and this may be
930 	 * an attack, we can't trust everything passed in by automountd, and we
931 	 * need to do argument verification.  We'll issue a warning and drop
932 	 * the request if it doesn't seem right.
933 	 */
934 
935 	for (p = alp; p != NULL; p = p->next) {
936 		if (auto_invalid_action(dfnip, dfnp, p)) {
937 			/*
938 			 * This warning should be sent to the global zone,
939 			 * since presumably the zone administrator is the same
940 			 * as the attacker.
941 			 */
942 			cmn_err(CE_WARN, "autofs: invalid action list received "
943 			    "by automountd in zone %s.",
944 			    curproc->p_zone->zone_name);
945 			/*
946 			 * This conversation is over.
947 			 */
948 			xdr_free(xdr_action_list, (char *)alp);
949 			kmem_free(alp, sizeof (*alp));
950 			return (EINVAL);
951 		}
952 	}
953 
954 	zcred = zone_get_kcred(getzoneid());
955 	ASSERT(zcred != NULL);
956 
957 	/*
958 	 * Clear MF_MOUNTPOINT, if the NFS mount is required and
959 	 * completes successfully, we will then set MF_MOUNTPOINT.
960 	 */
961 	mutex_enter(&dfnp->fn_lock);
962 	if (dfnp->fn_flags & MF_MOUNTPOINT) {
963 		AUTOFS_DPRINT((10, "autofs: clearing mountpoint "
964 			"flag on %s.", dfnp->fn_name));
965 		ASSERT(dfnp->fn_dirents == NULL);
966 		ASSERT(dfnp->fn_trigger == NULL);
967 	}
968 	dfnp->fn_flags &= ~MF_MOUNTPOINT;
969 	mutex_exit(&dfnp->fn_lock);
970 
971 
972 	if (vn_mountedvfs(dvp) != NULL) {
973 		/*
974 		 * The daemon successfully mounted a filesystem
975 		 * on the AUTOFS root node.
976 		 */
977 		mutex_enter(&dfnp->fn_lock);
978 		dfnp->fn_flags |= MF_MOUNTPOINT;
979 		ASSERT(dfnp->fn_dirents == NULL);
980 		mutex_exit(&dfnp->fn_lock);
981 		success++;
982 	} else {
983 		/*
984 		 * Clear MF_MOUNTPOINT.
985 		 */
986 		mutex_enter(&dfnp->fn_lock);
987 		if (dfnp->fn_flags & MF_MOUNTPOINT) {
988 			AUTOFS_DPRINT((10, "autofs: clearing mountpoint "
989 				"flag on %s.", dfnp->fn_name));
990 			ASSERT(dfnp->fn_dirents == NULL);
991 			ASSERT(dfnp->fn_trigger == NULL);
992 		}
993 		dfnp->fn_flags &= ~MF_MOUNTPOINT;
994 		mutex_exit(&dfnp->fn_lock);
995 	}
996 
997 	for (p = alp; p != NULL; p = p->next) {
998 
999 		vfs_t *vfsp;	/* dummy argument */
1000 		vfs_t *mvfsp;
1001 
1002 		auto_mount = 0;
1003 
1004 		m = &p->action.action_list_entry_u.mounta;
1005 		argsp = (struct autofs_args *)m->dataptr;
1006 		if (strncmp(m->fstype, "nfs", 3) == 0) {
1007 			if (vn_mountedvfs(dvp) != NULL) {
1008 				/*
1009 				 * Its possible that the filesystem is
1010 				 * already mounted if nfs because we are
1011 				 * being called from unmount_tree when
1012 				 * if failed to unmount a node from a
1013 				 * trigger point, and is remounting again and
1014 				 * this particular filesystem was not
1015 				 * unmounted.
1016 				 */
1017 				mutex_enter(&dfnp->fn_lock);
1018 				dfnp->fn_flags |= MF_MOUNTPOINT;
1019 				mutex_exit(&dfnp->fn_lock);
1020 			} else {
1021 				m->flags |= MS_SYSSPACE;
1022 				VN_HOLD(dvp);
1023 				error = domount(NULL, m, dvp, zcred, &vfsp);
1024 				if (!error) {
1025 					VFS_RELE(vfsp);
1026 					mutex_enter(&dfnp->fn_lock);
1027 					dfnp->fn_flags |= MF_MOUNTPOINT;
1028 					ASSERT(dfnp->fn_dirents == NULL);
1029 					mutex_exit(&dfnp->fn_lock);
1030 					success++;
1031 				}
1032 				VN_RELE(dvp);
1033 			}
1034 		} else {
1035 			ASSERT(strcmp(m->fstype, "autofs") == 0);
1036 			/*
1037 			 * use the parent directory's timeout since it's the
1038 			 * one specified/inherited by automount.
1039 			 */
1040 			argsp->mount_to = dfnip->fi_mount_to;
1041 			/*
1042 			 * The mountpoint is relative, and it is guaranteed to
1043 			 * begin with "."
1044 			 *
1045 			 */
1046 			ASSERT(m->dir[0] == '.');
1047 			if (m->dir[0] == '.' && m->dir[1] == '\0') {
1048 				/*
1049 				 * mounting on the trigger node
1050 				 */
1051 				mvp = dvp;
1052 				VN_HOLD(mvp);
1053 				goto mount;
1054 			}
1055 			/*
1056 			 * ignore "./" in front of mountpoint
1057 			 */
1058 			ASSERT(m->dir[1] == '/');
1059 			mntpnt = m->dir + 2;
1060 
1061 			AUTOFS_DPRINT((10, "\tdfnip->fi_path=%s\n",
1062 				dfnip->fi_path));
1063 			AUTOFS_DPRINT((10, "\tdfnip->fi_flags=%x\n",
1064 				dfnip->fi_flags));
1065 			AUTOFS_DPRINT((10, "\tmntpnt=%s\n", mntpnt));
1066 
1067 			if (dfnip->fi_flags & MF_DIRECT) {
1068 				AUTOFS_DPRINT((10, "\tDIRECT\n"));
1069 				(void) sprintf(buff, "%s/%s", dfnip->fi_path,
1070 					mntpnt);
1071 			} else {
1072 				AUTOFS_DPRINT((10, "\tINDIRECT\n"));
1073 				(void) sprintf(buff, "%s/%s/%s",
1074 					dfnip->fi_path,
1075 					dfnp->fn_name, mntpnt);
1076 			}
1077 
1078 			if (vn_mountedvfs(dvp) == NULL) {
1079 				/*
1080 				 * Daemon didn't mount anything on the root
1081 				 * We have to create the mountpoint if it
1082 				 * doesn't exist already
1083 				 *
1084 				 * We use the caller's credentials in case a
1085 				 * UID-match is required
1086 				 * (MF_THISUID_MATCH_RQD).
1087 				 */
1088 				rw_enter(&dfnp->fn_rwlock, RW_WRITER);
1089 				error = auto_search(dfnp, mntpnt, &mfnp, cred);
1090 				if (error == 0) {
1091 					/*
1092 					 * AUTOFS mountpoint exists
1093 					 */
1094 					if (vn_mountedvfs(fntovn(mfnp))
1095 						!= NULL) {
1096 						cmn_err(CE_PANIC,
1097 							"auto_perform_actions:"
1098 							" mfnp=%p covered",
1099 							(void *)mfnp);
1100 					}
1101 				} else {
1102 					/*
1103 					 * Create AUTOFS mountpoint
1104 					 */
1105 					ASSERT((dfnp->fn_flags &
1106 						MF_MOUNTPOINT) == 0);
1107 					error = auto_enter(dfnp, mntpnt,
1108 						&mfnp, cred);
1109 					ASSERT(mfnp->fn_linkcnt == 1);
1110 					mfnp->fn_linkcnt++;
1111 				}
1112 				if (!error)
1113 					update_times = 1;
1114 				rw_exit(&dfnp->fn_rwlock);
1115 				ASSERT(error != EEXIST);
1116 				if (!error) {
1117 					/*
1118 					 * mfnp is already held.
1119 					 */
1120 					mvp = fntovn(mfnp);
1121 				} else {
1122 					auto_log(fngp->fng_verbose,
1123 						fngp->fng_zoneid,
1124 						CE_WARN, "autofs: mount of %s "
1125 						"failed - can't create"
1126 						" mountpoint.", buff);
1127 					continue;
1128 				}
1129 			} else {
1130 				/*
1131 				 * Find mountpoint in VFS mounted here. If not
1132 				 * found, fail the submount, though the overall
1133 				 * mount has succeeded since the root is
1134 				 * mounted.
1135 				 */
1136 				if (error = auto_getmntpnt(dvp, mntpnt, &mvp,
1137 					kcred)) {
1138 					auto_log(fngp->fng_verbose,
1139 						fngp->fng_zoneid,
1140 						CE_WARN, "autofs: mount of %s "
1141 						"failed - mountpoint doesn't"
1142 						" exist.", buff);
1143 					continue;
1144 				}
1145 				if (mvp->v_type == VLNK) {
1146 					auto_log(fngp->fng_verbose,
1147 						fngp->fng_zoneid,
1148 						CE_WARN, "autofs: %s symbolic "
1149 						"link: not a valid mountpoint "
1150 						"- mount failed", buff);
1151 					VN_RELE(mvp);
1152 					error = ENOENT;
1153 					continue;
1154 				}
1155 			}
1156 mount:
1157 			m->flags |= MS_SYSSPACE | MS_OPTIONSTR;
1158 
1159 			/*
1160 			 * Copy mounta struct here so we can substitute a
1161 			 * buffer that is large enough to hold the returned
1162 			 * option string, if that string is longer than the
1163 			 * input option string.
1164 			 * This can happen if there are default options enabled
1165 			 * that were not in the input option string.
1166 			 */
1167 			bcopy(m, &margs, sizeof (*m));
1168 			margs.optptr = kmem_alloc(MAX_MNTOPT_STR, KM_SLEEP);
1169 			margs.optlen = MAX_MNTOPT_STR;
1170 			(void) strcpy(margs.optptr, m->optptr);
1171 			margs.dir = argsp->path;
1172 
1173 			/*
1174 			 * We use the zone's kcred because we don't want the
1175 			 * zone to be able to thus do something it wouldn't
1176 			 * normally be able to.
1177 			 */
1178 			error = domount(NULL, &margs, mvp, zcred, &vfsp);
1179 			kmem_free(margs.optptr, MAX_MNTOPT_STR);
1180 			if (error != 0) {
1181 				auto_log(fngp->fng_verbose, fngp->fng_zoneid,
1182 					CE_WARN,
1183 					"autofs: domount of %s failed "
1184 					"error=%d", buff, error);
1185 				VN_RELE(mvp);
1186 				continue;
1187 			}
1188 			VFS_RELE(vfsp);
1189 
1190 			/*
1191 			 * If mountpoint is an AUTOFS node, then I'm going to
1192 			 * flag it that the Filesystem mounted on top was
1193 			 * mounted in the kernel so that the unmount can be
1194 			 * done inside the kernel as well.
1195 			 * I don't care to flag non-AUTOFS mountpoints when an
1196 			 * AUTOFS in-kernel mount was done on top, because the
1197 			 * unmount routine already knows that such case was
1198 			 * done in the kernel.
1199 			 */
1200 			if (vfs_matchops(dvp->v_vfsp,
1201 				vfs_getops(mvp->v_vfsp))) {
1202 				mfnp = vntofn(mvp);
1203 				mutex_enter(&mfnp->fn_lock);
1204 				mfnp->fn_flags |= MF_IK_MOUNT;
1205 				mutex_exit(&mfnp->fn_lock);
1206 			}
1207 
1208 			(void) vn_vfswlock_wait(mvp);
1209 			mvfsp = vn_mountedvfs(mvp);
1210 			if (mvfsp != NULL) {
1211 				vfs_lock_wait(mvfsp);
1212 				vn_vfsunlock(mvp);
1213 				error = VFS_ROOT(mvfsp, &newvp);
1214 				vfs_unlock(mvfsp);
1215 				if (error) {
1216 					/*
1217 					 * We've dropped the locks, so let's
1218 					 * get the mounted vfs again in case
1219 					 * it changed.
1220 					 */
1221 					(void) vn_vfswlock_wait(mvp);
1222 					mvfsp = vn_mountedvfs(mvp);
1223 					if (mvfsp != NULL) {
1224 						error = dounmount(mvfsp, 0,
1225 							CRED());
1226 						if (error) {
1227 							cmn_err(CE_WARN,
1228 								"autofs: could"
1229 								" not unmount"
1230 								" vfs=%p",
1231 								(void *)mvfsp);
1232 						}
1233 					} else
1234 						vn_vfsunlock(mvp);
1235 					VN_RELE(mvp);
1236 					continue;
1237 				}
1238 			} else {
1239 				vn_vfsunlock(mvp);
1240 				VN_RELE(mvp);
1241 				continue;
1242 			}
1243 
1244 			auto_mount = vfs_matchops(dvp->v_vfsp,
1245 				vfs_getops(newvp->v_vfsp));
1246 			newfnp = vntofn(newvp);
1247 			newfnp->fn_parent = dfnp;
1248 
1249 			/*
1250 			 * At this time we want to save the AUTOFS filesystem
1251 			 * as a trigger node. (We only do this if the mount
1252 			 * occurred on a node different from the root.
1253 			 * We look at the trigger nodes during
1254 			 * the automatic unmounting to make sure we remove them
1255 			 * as a unit and remount them as a unit if the
1256 			 * filesystem mounted at the root could not be
1257 			 * unmounted.
1258 			 */
1259 			if (auto_mount && (error == 0) && (mvp != dvp)) {
1260 				save_triggers++;
1261 				/*
1262 				 * Add AUTOFS mount to hierarchy
1263 				 */
1264 				newfnp->fn_flags |= MF_TRIGGER;
1265 				rw_enter(&newfnp->fn_rwlock, RW_WRITER);
1266 				newfnp->fn_next = dfnp->fn_trigger;
1267 				rw_exit(&newfnp->fn_rwlock);
1268 				rw_enter(&dfnp->fn_rwlock, RW_WRITER);
1269 				dfnp->fn_trigger = newfnp;
1270 				rw_exit(&dfnp->fn_rwlock);
1271 				/*
1272 				 * Don't VN_RELE(newvp) here since dfnp now
1273 				 * holds reference to it as its trigger node.
1274 				 */
1275 				AUTOFS_DPRINT((10,
1276 					"\tadding trigger %s to %s\n",
1277 				newfnp->fn_name, dfnp->fn_name));
1278 				AUTOFS_DPRINT((10, "\tfirst trigger is %s\n",
1279 					dfnp->fn_trigger->fn_name));
1280 				if (newfnp->fn_next != NULL)
1281 					AUTOFS_DPRINT((10,
1282 						"\tnext trigger is %s\n",
1283 						newfnp->fn_next->fn_name));
1284 				else
1285 					AUTOFS_DPRINT((10,
1286 						"\tno next trigger\n"));
1287 			} else
1288 				VN_RELE(newvp);
1289 
1290 			if (!error)
1291 				success++;
1292 
1293 			if (update_times) {
1294 				gethrestime(&now);
1295 				dfnp->fn_atime = dfnp->fn_mtime = now;
1296 			}
1297 
1298 			VN_RELE(mvp);
1299 		}
1300 	}
1301 
1302 	if (save_triggers) {
1303 		/*
1304 		 * Make sure the parent can't be freed while it has triggers.
1305 		 */
1306 		VN_HOLD(dvp);
1307 	}
1308 
1309 	crfree(zcred);
1310 
1311 done:
1312 	/*
1313 	 * Return failure if daemon didn't mount anything, and all
1314 	 * kernel mounts attempted failed.
1315 	 */
1316 	error = success ? 0 : ENOENT;
1317 
1318 	if (alp != NULL) {
1319 		if ((error == 0) && save_triggers) {
1320 			/*
1321 			 * Save action_list information, so that we can use it
1322 			 * when it comes time to remount the trigger nodes
1323 			 * The action list is freed when the directory node
1324 			 * containing the reference to it is unmounted in
1325 			 * unmount_tree().
1326 			 */
1327 			mutex_enter(&dfnp->fn_lock);
1328 			ASSERT(dfnp->fn_alp == NULL);
1329 			dfnp->fn_alp = alp;
1330 			mutex_exit(&dfnp->fn_lock);
1331 		} else {
1332 			/*
1333 			 * free the action list now,
1334 			 */
1335 			xdr_free(xdr_action_list, (char *)alp);
1336 			kmem_free(alp, sizeof (*alp));
1337 		}
1338 	}
1339 	AUTOFS_DPRINT((5, "auto_perform_actions: error=%d\n", error));
1340 	return (error);
1341 }
1342 
1343 fnnode_t *
1344 auto_makefnnode(
1345 	vtype_t type,
1346 	vfs_t *vfsp,
1347 	char *name,
1348 	cred_t *cred,
1349 	struct autofs_globals *fngp)
1350 {
1351 	fnnode_t *fnp;
1352 	vnode_t *vp;
1353 	char *tmpname;
1354 	timestruc_t now;
1355 	/*
1356 	 * autofs uses odd inode numbers
1357 	 * automountd uses even inode numbers
1358 	 *
1359 	 * To preserve the age-old semantics that inum+devid is unique across
1360 	 * the system, this variable must be global across zones.
1361 	 */
1362 	static ino_t nodeid = 3;
1363 
1364 	fnp = kmem_zalloc(sizeof (*fnp), KM_SLEEP);
1365 	fnp->fn_vnode = vn_alloc(KM_SLEEP);
1366 
1367 	vp = fntovn(fnp);
1368 	tmpname = kmem_alloc(strlen(name) + 1, KM_SLEEP);
1369 	(void) strcpy(tmpname, name);
1370 	fnp->fn_name = &tmpname[0];
1371 	fnp->fn_namelen = (int)strlen(tmpname) + 1;	/* include '\0' */
1372 	fnp->fn_uid = crgetuid(cred);
1373 	fnp->fn_gid = crgetgid(cred);
1374 	/*
1375 	 * ".." is added in auto_enter and auto_mount.
1376 	 * "." is added in auto_mkdir and auto_mount.
1377 	 */
1378 	/*
1379 	 * Note that fn_size and fn_linkcnt are already 0 since
1380 	 * we used kmem_zalloc to allocated fnp
1381 	 */
1382 	fnp->fn_mode = AUTOFS_MODE;
1383 	gethrestime(&now);
1384 	fnp->fn_atime = fnp->fn_mtime = fnp->fn_ctime = now;
1385 	fnp->fn_ref_time = now.tv_sec;
1386 	mutex_enter(&autofs_nodeid_lock);
1387 	fnp->fn_nodeid = nodeid;
1388 	nodeid += 2;
1389 	fnp->fn_globals = fngp;
1390 	fngp->fng_fnnode_count++;
1391 	mutex_exit(&autofs_nodeid_lock);
1392 	vn_setops(vp, auto_vnodeops);
1393 	vp->v_type = type;
1394 	vp->v_data = (void *)fnp;
1395 	vp->v_vfsp = vfsp;
1396 	mutex_init(&fnp->fn_lock, NULL, MUTEX_DEFAULT, NULL);
1397 	rw_init(&fnp->fn_rwlock, NULL, RW_DEFAULT, NULL);
1398 	cv_init(&fnp->fn_cv_mount, NULL, CV_DEFAULT, NULL);
1399 	vn_exists(vp);
1400 	return (fnp);
1401 }
1402 
1403 
1404 void
1405 auto_freefnnode(fnnode_t *fnp)
1406 {
1407 	vnode_t *vp = fntovn(fnp);
1408 
1409 	AUTOFS_DPRINT((4, "auto_freefnnode: fnp=%p\n", (void *)fnp));
1410 
1411 	ASSERT(fnp->fn_linkcnt == 0);
1412 	ASSERT(vp->v_count == 0);
1413 	ASSERT(fnp->fn_dirents == NULL);
1414 	ASSERT(fnp->fn_parent == NULL);
1415 
1416 	vn_invalid(vp);
1417 	kmem_free(fnp->fn_name, fnp->fn_namelen);
1418 	if (fnp->fn_symlink) {
1419 		ASSERT(fnp->fn_flags & MF_THISUID_MATCH_RQD);
1420 		kmem_free(fnp->fn_symlink, fnp->fn_symlinklen);
1421 	}
1422 	if (fnp->fn_cred)
1423 		crfree(fnp->fn_cred);
1424 	mutex_destroy(&fnp->fn_lock);
1425 	rw_destroy(&fnp->fn_rwlock);
1426 	cv_destroy(&fnp->fn_cv_mount);
1427 	vn_free(vp);
1428 
1429 	mutex_enter(&autofs_nodeid_lock);
1430 	fnp->fn_globals->fng_fnnode_count--;
1431 	mutex_exit(&autofs_nodeid_lock);
1432 	kmem_free(fnp, sizeof (*fnp));
1433 }
1434 
1435 void
1436 auto_disconnect(
1437 	fnnode_t *dfnp,
1438 	fnnode_t *fnp)
1439 {
1440 	fnnode_t *tmp, **fnpp;
1441 	vnode_t *vp = fntovn(fnp);
1442 	timestruc_t now;
1443 
1444 	AUTOFS_DPRINT((4,
1445 	    "auto_disconnect: dfnp=%p fnp=%p linkcnt=%d\n v_count=%d",
1446 	    (void *)dfnp, (void *)fnp, fnp->fn_linkcnt, vp->v_count));
1447 
1448 	ASSERT(RW_WRITE_HELD(&dfnp->fn_rwlock));
1449 	ASSERT(fnp->fn_linkcnt == 1);
1450 
1451 	if (vn_mountedvfs(vp) != NULL) {
1452 		cmn_err(CE_PANIC, "auto_disconnect: vp %p mounted on",
1453 		    (void *)vp);
1454 	}
1455 
1456 	/*
1457 	 * Decrement by 1 because we're removing the entry in dfnp.
1458 	 */
1459 	fnp->fn_linkcnt--;
1460 	fnp->fn_size--;
1461 
1462 	/*
1463 	 * only changed while holding parent's (dfnp) rw_lock
1464 	 */
1465 	fnp->fn_parent = NULL;
1466 
1467 	fnpp = &dfnp->fn_dirents;
1468 	for (;;) {
1469 		tmp = *fnpp;
1470 		if (tmp == NULL) {
1471 			cmn_err(CE_PANIC,
1472 			    "auto_disconnect: %p not in %p dirent list",
1473 			    (void *)fnp, (void *)dfnp);
1474 		}
1475 		if (tmp == fnp) {
1476 			*fnpp = tmp->fn_next; 	/* remove it from the list */
1477 			ASSERT(vp->v_count == 0);
1478 			/* child had a pointer to parent ".." */
1479 			dfnp->fn_linkcnt--;
1480 			dfnp->fn_size--;
1481 			break;
1482 		}
1483 		fnpp = &tmp->fn_next;
1484 	}
1485 
1486 	mutex_enter(&fnp->fn_lock);
1487 	gethrestime(&now);
1488 	fnp->fn_atime = fnp->fn_mtime = now;
1489 	mutex_exit(&fnp->fn_lock);
1490 
1491 	AUTOFS_DPRINT((5, "auto_disconnect: done\n"));
1492 }
1493 
1494 int
1495 auto_enter(fnnode_t *dfnp, char *name, fnnode_t **fnpp, cred_t *cred)
1496 {
1497 	struct fnnode *cfnp, **spp;
1498 	vnode_t *dvp = fntovn(dfnp);
1499 	ushort_t offset = 0;
1500 	ushort_t diff;
1501 
1502 	AUTOFS_DPRINT((4, "auto_enter: dfnp=%p, name=%s ", (void *)dfnp, name));
1503 
1504 	ASSERT(RW_WRITE_HELD(&dfnp->fn_rwlock));
1505 
1506 	cfnp = dfnp->fn_dirents;
1507 	if (cfnp == NULL) {
1508 		/*
1509 		 * offset = 0 for '.' and offset = 1 for '..'
1510 		 */
1511 		spp = &dfnp->fn_dirents;
1512 		offset = 2;
1513 	}
1514 
1515 	for (; cfnp; cfnp = cfnp->fn_next) {
1516 		if (strcmp(cfnp->fn_name, name) == 0) {
1517 			mutex_enter(&cfnp->fn_lock);
1518 			if (cfnp->fn_flags & MF_THISUID_MATCH_RQD) {
1519 				/*
1520 				 * "thisuser" kind of node, need to
1521 				 * match CREDs as well
1522 				 */
1523 				mutex_exit(&cfnp->fn_lock);
1524 				if (crcmp(cfnp->fn_cred, cred) == 0)
1525 					return (EEXIST);
1526 			} else {
1527 				mutex_exit(&cfnp->fn_lock);
1528 				return (EEXIST);
1529 			}
1530 		}
1531 
1532 		if (cfnp->fn_next != NULL) {
1533 			diff = (ushort_t)
1534 			    (cfnp->fn_next->fn_offset - cfnp->fn_offset);
1535 			ASSERT(diff != 0);
1536 			if (diff > 1 && offset == 0) {
1537 				offset = (ushort_t)cfnp->fn_offset + 1;
1538 				spp = &cfnp->fn_next;
1539 			}
1540 		} else if (offset == 0) {
1541 			offset = (ushort_t)cfnp->fn_offset + 1;
1542 			spp = &cfnp->fn_next;
1543 		}
1544 	}
1545 
1546 	*fnpp = auto_makefnnode(VDIR, dvp->v_vfsp, name, cred,
1547 	    dfnp->fn_globals);
1548 	if (*fnpp == NULL)
1549 		return (ENOMEM);
1550 
1551 	/*
1552 	 * I don't hold the mutex on fnpp because I created it, and
1553 	 * I'm already holding the writers lock for it's parent
1554 	 * directory, therefore nobody can reference it without me first
1555 	 * releasing the writers lock.
1556 	 */
1557 	(*fnpp)->fn_offset = offset;
1558 	(*fnpp)->fn_next = *spp;
1559 	*spp = *fnpp;
1560 	(*fnpp)->fn_parent = dfnp;
1561 	(*fnpp)->fn_linkcnt++;	/* parent now holds reference to entry */
1562 	(*fnpp)->fn_size++;
1563 
1564 	/*
1565 	 * dfnp->fn_linkcnt and dfnp->fn_size protected by dfnp->rw_lock
1566 	 */
1567 	dfnp->fn_linkcnt++;	/* child now holds reference to parent '..' */
1568 	dfnp->fn_size++;
1569 
1570 	dfnp->fn_ref_time = gethrestime_sec();
1571 
1572 	AUTOFS_DPRINT((5, "*fnpp=%p\n", (void *)*fnpp));
1573 	return (0);
1574 }
1575 
1576 int
1577 auto_search(fnnode_t *dfnp, char *name, fnnode_t **fnpp, cred_t *cred)
1578 {
1579 	vnode_t *dvp;
1580 	fnnode_t *p;
1581 	int error = ENOENT, match = 0;
1582 
1583 	AUTOFS_DPRINT((4, "auto_search: dfnp=%p, name=%s...\n",
1584 	    (void *)dfnp, name));
1585 
1586 	dvp = fntovn(dfnp);
1587 	if (dvp->v_type != VDIR) {
1588 		cmn_err(CE_PANIC, "auto_search: dvp=%p not a directory",
1589 		    (void *)dvp);
1590 	}
1591 
1592 	ASSERT(RW_LOCK_HELD(&dfnp->fn_rwlock));
1593 	for (p = dfnp->fn_dirents; p != NULL; p = p->fn_next) {
1594 		if (strcmp(p->fn_name, name) == 0) {
1595 			mutex_enter(&p->fn_lock);
1596 			if (p->fn_flags & MF_THISUID_MATCH_RQD) {
1597 				/*
1598 				 * "thisuser" kind of node
1599 				 * Need to match CREDs as well
1600 				 */
1601 				mutex_exit(&p->fn_lock);
1602 				match = crcmp(p->fn_cred, cred) == 0;
1603 			} else {
1604 				/*
1605 				 * No need to check CRED
1606 				 */
1607 				mutex_exit(&p->fn_lock);
1608 				match = 1;
1609 			}
1610 		}
1611 		if (match) {
1612 			error = 0;
1613 			if (fnpp) {
1614 				*fnpp = p;
1615 				VN_HOLD(fntovn(*fnpp));
1616 			}
1617 			break;
1618 		}
1619 	}
1620 
1621 	AUTOFS_DPRINT((5, "auto_search: error=%d\n", error));
1622 	return (error);
1623 }
1624 
1625 /*
1626  * If dvp is mounted on, get path's vnode in the mounted on
1627  * filesystem.  Path is relative to dvp, ie "./path".
1628  * If successful, *mvp points to a the held mountpoint vnode.
1629  */
1630 /* ARGSUSED */
1631 static int
1632 auto_getmntpnt(
1633 	vnode_t *dvp,
1634 	char *path,
1635 	vnode_t **mvpp,		/* vnode for mountpoint */
1636 	cred_t *cred)
1637 {
1638 	int error = 0;
1639 	vnode_t *newvp;
1640 	char namebuf[TYPICALMAXPATHLEN];
1641 	struct pathname lookpn;
1642 	vfs_t *vfsp;
1643 
1644 	AUTOFS_DPRINT((4, "auto_getmntpnt: path=%s\n", path));
1645 
1646 	if (error = vn_vfsrlock_wait(dvp))
1647 		return (error);
1648 
1649 	/*
1650 	 * Now that we have the vfswlock, check to see if dvp
1651 	 * is still mounted on.  If not, then just bail out as
1652 	 * there is no need to remount the triggers since the
1653 	 * higher level mount point has gotten unmounted.
1654 	 */
1655 	vfsp = vn_mountedvfs(dvp);
1656 	if (vfsp == NULL) {
1657 		vn_vfsunlock(dvp);
1658 		error = EBUSY;
1659 		goto done;
1660 	}
1661 	/*
1662 	 * Since mounted on, lookup "path" in the new filesystem,
1663 	 * it is important that we do the filesystem jump here to
1664 	 * avoid lookuppn() calling auto_lookup on dvp and deadlock.
1665 	 */
1666 	error = VFS_ROOT(vfsp, &newvp);
1667 	vn_vfsunlock(dvp);
1668 	if (error)
1669 		goto done;
1670 
1671 	/*
1672 	 * We do a VN_HOLD on newvp just in case the first call to
1673 	 * lookuppnvp() fails with ENAMETOOLONG.  We should still have a
1674 	 * reference to this vnode for the second call to lookuppnvp().
1675 	 */
1676 	VN_HOLD(newvp);
1677 
1678 	/*
1679 	 * Now create the pathname struct so we can make use of lookuppnvp,
1680 	 * and pn_getcomponent.
1681 	 * This code is similar to lookupname() in fs/lookup.c.
1682 	 */
1683 	error = pn_get_buf(path, UIO_SYSSPACE, &lookpn,
1684 		namebuf, sizeof (namebuf));
1685 	if (error == 0) {
1686 		error = lookuppnvp(&lookpn, NULL, NO_FOLLOW, NULLVPP,
1687 		    mvpp, rootdir, newvp, cred);
1688 	} else
1689 		VN_RELE(newvp);
1690 	if (error == ENAMETOOLONG) {
1691 		/*
1692 		 * This thread used a pathname > TYPICALMAXPATHLEN bytes long.
1693 		 * newvp is VN_RELE'd by this call to lookuppnvp.
1694 		 *
1695 		 * Using 'rootdir' in a zone's context is OK here: we already
1696 		 * ascertained that there are no '..'s in the path, and we're
1697 		 * not following symlinks.
1698 		 */
1699 		if ((error = pn_get(path, UIO_SYSSPACE, &lookpn)) == 0) {
1700 			error = lookuppnvp(&lookpn, NULL, NO_FOLLOW, NULLVPP,
1701 			    mvpp, rootdir, newvp, cred);
1702 			pn_free(&lookpn);
1703 		} else
1704 			VN_RELE(newvp);
1705 	} else {
1706 		/*
1707 		 * Need to release newvp here since we held it.
1708 		 */
1709 		VN_RELE(newvp);
1710 	}
1711 
1712 done:
1713 	AUTOFS_DPRINT((5, "auto_getmntpnt: path=%s *mvpp=%p error=%d\n",
1714 	    path, (void *)*mvpp, error));
1715 	return (error);
1716 }
1717 
1718 #define	DEEPER(x) (((x)->fn_dirents != NULL) || \
1719 			(vn_mountedvfs(fntovn((x)))) != NULL)
1720 
1721 /*
1722  * The caller, should have already VN_RELE'd its reference to the
1723  * root vnode of this filesystem.
1724  */
1725 static int
1726 auto_inkernel_unmount(vfs_t *vfsp)
1727 {
1728 	vnode_t *cvp = vfsp->vfs_vnodecovered;
1729 	int error;
1730 
1731 	AUTOFS_DPRINT((4,
1732 	    "auto_inkernel_unmount: devid=%lx mntpnt(%p) count %u\n",
1733 	    vfsp->vfs_dev, (void *)cvp, cvp->v_count));
1734 
1735 	ASSERT(vn_vfswlock_held(cvp));
1736 
1737 	/*
1738 	 * Perform the unmount
1739 	 * The mountpoint has already been locked by the caller.
1740 	 */
1741 	error = dounmount(vfsp, 0, kcred);
1742 
1743 	AUTOFS_DPRINT((5, "auto_inkernel_unmount: exit count %u\n",
1744 	    cvp->v_count));
1745 	return (error);
1746 }
1747 
1748 /*
1749  * unmounts trigger nodes in the kernel.
1750  */
1751 static void
1752 unmount_triggers(fnnode_t *fnp, action_list **alp)
1753 {
1754 	fnnode_t *tp, *next;
1755 	int error = 0;
1756 	vfs_t *vfsp;
1757 	vnode_t *tvp;
1758 
1759 	AUTOFS_DPRINT((4, "unmount_triggers: fnp=%p\n", (void *)fnp));
1760 	ASSERT(RW_WRITE_HELD(&fnp->fn_rwlock));
1761 
1762 	*alp = fnp->fn_alp;
1763 	next = fnp->fn_trigger;
1764 	while ((tp = next) != NULL) {
1765 		tvp = fntovn(tp);
1766 		ASSERT(tvp->v_count >= 2);
1767 		next = tp->fn_next;
1768 		/*
1769 		 * drop writer's lock since the unmount will end up
1770 		 * disconnecting this node from fnp and needs to acquire
1771 		 * the writer's lock again.
1772 		 * next has at least a reference count >= 2 since it's
1773 		 * a trigger node, therefore can not be accidentally freed
1774 		 * by a VN_RELE
1775 		 */
1776 		rw_exit(&fnp->fn_rwlock);
1777 
1778 		vfsp = tvp->v_vfsp;
1779 
1780 		/*
1781 		 * Its parent was holding a reference to it, since this
1782 		 * is a trigger vnode.
1783 		 */
1784 		VN_RELE(tvp);
1785 		if (error = auto_inkernel_unmount(vfsp)) {
1786 			cmn_err(CE_PANIC, "unmount_triggers: "
1787 			    "unmount of vp=%p failed error=%d",
1788 			    (void *)tvp, error);
1789 		}
1790 		/*
1791 		 * reacquire writer's lock
1792 		 */
1793 		rw_enter(&fnp->fn_rwlock, RW_WRITER);
1794 	}
1795 
1796 	/*
1797 	 * We were holding a reference to our parent.  Drop that.
1798 	 */
1799 	VN_RELE(fntovn(fnp));
1800 	fnp->fn_trigger = NULL;
1801 	fnp->fn_alp = NULL;
1802 
1803 	AUTOFS_DPRINT((5, "unmount_triggers: finished\n"));
1804 }
1805 
1806 /*
1807  * This routine locks the mountpoint of every trigger node if they're
1808  * not busy, or returns EBUSY if any node is busy. If a trigger node should
1809  * be unmounted first, then it sets nfnp to point to it, otherwise nfnp
1810  * points to NULL.
1811  */
1812 static int
1813 triggers_busy(fnnode_t *fnp, fnnode_t **nfnp)
1814 {
1815 	int error = 0, done;
1816 	int lck_error = 0;
1817 	fnnode_t *tp, *t1p;
1818 	vfs_t *vfsp;
1819 
1820 	ASSERT(RW_WRITE_HELD(&fnp->fn_rwlock));
1821 
1822 	*nfnp = NULL;
1823 	for (tp = fnp->fn_trigger; tp != NULL; tp = tp->fn_next) {
1824 		AUTOFS_DPRINT((10, "\ttrigger: %s\n", tp->fn_name));
1825 		vfsp = fntovn(tp)->v_vfsp;
1826 		error = 0;
1827 		/*
1828 		 * The vn_vfsunlock will be done in auto_inkernel_unmount.
1829 		 */
1830 		lck_error = vn_vfswlock(vfsp->vfs_vnodecovered);
1831 		if (lck_error == 0) {
1832 			mutex_enter(&tp->fn_lock);
1833 			ASSERT((tp->fn_flags & MF_LOOKUP) == 0);
1834 			if (tp->fn_flags & MF_INPROG) {
1835 				/*
1836 				 * a mount is in progress
1837 				 */
1838 				error = EBUSY;
1839 			}
1840 			mutex_exit(&tp->fn_lock);
1841 		}
1842 		if (lck_error || error || DEEPER(tp) ||
1843 		    ((fntovn(tp))->v_count) > 2) {
1844 			/*
1845 			 * couldn't lock it because it's busy,
1846 			 * It is mounted on or has dirents?
1847 			 * If reference count is greater than two, then
1848 			 * somebody else is holding a reference to this vnode.
1849 			 * One reference is for the mountpoint, and the second
1850 			 * is for the trigger node.
1851 			 */
1852 			AUTOFS_DPRINT((10, "\ttrigger busy\n"));
1853 			if ((lck_error == 0) && (error == 0)) {
1854 				*nfnp = tp;
1855 				/*
1856 				 * The matching VN_RELE is done in
1857 				 * unmount_tree().
1858 				 */
1859 				VN_HOLD(fntovn(*nfnp));
1860 			}
1861 			/*
1862 			 * Unlock previously locked mountpoints
1863 			 */
1864 			for (done = 0, t1p = fnp->fn_trigger; !done;
1865 			    t1p = t1p->fn_next) {
1866 				/*
1867 				 * Unlock all nodes previously
1868 				 * locked. All nodes up to 'tp'
1869 				 * were successfully locked. If 'lck_err' is
1870 				 * set, then 'tp' was not locked, and thus
1871 				 * should not be unlocked. If
1872 				 * 'lck_err' is not set, then 'tp' was
1873 				 * successfully locked, and it should
1874 				 * be unlocked.
1875 				 */
1876 				if (t1p != tp || !lck_error) {
1877 					vfsp = fntovn(t1p)->v_vfsp;
1878 					vn_vfsunlock(vfsp->vfs_vnodecovered);
1879 				}
1880 				done = (t1p == tp);
1881 			}
1882 			error = EBUSY;
1883 			break;
1884 		}
1885 	}
1886 
1887 	AUTOFS_DPRINT((4, "triggers_busy: error=%d\n", error));
1888 	return (error);
1889 }
1890 
1891 /*
1892  * Unlock previously locked trigger nodes.
1893  */
1894 static int
1895 triggers_unlock(fnnode_t *fnp)
1896 {
1897 	fnnode_t *tp;
1898 	vfs_t *vfsp;
1899 
1900 	ASSERT(RW_WRITE_HELD(&fnp->fn_rwlock));
1901 
1902 	for (tp = fnp->fn_trigger; tp != NULL; tp = tp->fn_next) {
1903 		AUTOFS_DPRINT((10, "\tunlock trigger: %s\n", tp->fn_name));
1904 		vfsp = fntovn(tp)->v_vfsp;
1905 		vn_vfsunlock(vfsp->vfs_vnodecovered);
1906 	}
1907 
1908 	return (0);
1909 }
1910 
1911 /*
1912  * It is the caller's responsibility to grab the VVFSLOCK.
1913  * Releases the VVFSLOCK upon return.
1914  */
1915 static int
1916 unmount_node(vnode_t *cvp, int force)
1917 {
1918 	int error = 0;
1919 	fnnode_t *cfnp;
1920 	vfs_t *vfsp;
1921 	umntrequest ul;
1922 	fninfo_t *fnip;
1923 
1924 	AUTOFS_DPRINT((4, "\tunmount_node cvp=%p\n", (void *)cvp));
1925 
1926 	ASSERT(vn_vfswlock_held(cvp));
1927 	cfnp = vntofn(cvp);
1928 	vfsp = vn_mountedvfs(cvp);
1929 
1930 	if (force || cfnp->fn_flags & MF_IK_MOUNT) {
1931 		/*
1932 		 * Mount was performed in the kernel, so
1933 		 * do an in-kernel unmount. auto_inkernel_unmount()
1934 		 * will vn_vfsunlock(cvp).
1935 		 */
1936 		error = auto_inkernel_unmount(vfsp);
1937 	} else {
1938 		zone_t *zone = NULL;
1939 		refstr_t *mntpt, *resource;
1940 		size_t mntoptslen;
1941 
1942 		/*
1943 		 * Get the mnttab information of the node
1944 		 * and ask the daemon to unmount it.
1945 		 */
1946 		bzero(&ul, sizeof (ul));
1947 		mntfs_getmntopts(vfsp, &ul.mntopts, &mntoptslen);
1948 		if (ul.mntopts == NULL) {
1949 			auto_log(cfnp->fn_globals->fng_verbose,
1950 				cfnp->fn_globals->fng_zoneid,
1951 				CE_WARN, "unmount_node: "
1952 			    "no memory");
1953 			vn_vfsunlock(cvp);
1954 			error = ENOMEM;
1955 			goto done;
1956 		}
1957 		if (mntoptslen > AUTOFS_MAXOPTSLEN)
1958 			ul.mntopts[AUTOFS_MAXOPTSLEN - 1] = '\0';
1959 
1960 		mntpt = vfs_getmntpoint(vfsp);
1961 		ul.mntpnt = (char *)refstr_value(mntpt);
1962 		resource = vfs_getresource(vfsp);
1963 		ul.mntresource = (char *)refstr_value(resource);
1964 
1965 		fnip = vfstofni(cvp->v_vfsp);
1966 		ul.isdirect = fnip->fi_flags & MF_DIRECT ? TRUE : FALSE;
1967 
1968 		/*
1969 		 * Since a zone'd automountd's view of the autofs mount points
1970 		 * differs from those in the kernel, we need to make sure we
1971 		 * give it consistent mount points.
1972 		 */
1973 		ASSERT(fnip->fi_zoneid == getzoneid());
1974 		zone = curproc->p_zone;
1975 
1976 		if (fnip->fi_zoneid != GLOBAL_ZONEID) {
1977 			if (ZONE_PATH_VISIBLE(ul.mntpnt, zone)) {
1978 				ul.mntpnt =
1979 				    ZONE_PATH_TRANSLATE(ul.mntpnt, zone);
1980 			}
1981 			if (ZONE_PATH_VISIBLE(ul.mntresource, zone)) {
1982 				ul.mntresource =
1983 				    ZONE_PATH_TRANSLATE(ul.mntresource, zone);
1984 			}
1985 		}
1986 
1987 		ul.fstype = vfssw[vfsp->vfs_fstype].vsw_name;
1988 		vn_vfsunlock(cvp);
1989 
1990 		error = auto_send_unmount_request(fnip, &ul, FALSE);
1991 		kmem_free(ul.mntopts, mntoptslen);
1992 		refstr_rele(mntpt);
1993 		refstr_rele(resource);
1994 	}
1995 
1996 done:
1997 	AUTOFS_DPRINT((5, "\tunmount_node cvp=%p error=%d\n", (void *)cvp,
1998 	    error));
1999 	return (error);
2000 }
2001 
2002 /*
2003  * vp is the "root" of the AUTOFS filesystem.
2004  * return EBUSY if any thread is holding a reference to this vnode
2005  * other than us.
2006  */
2007 static int
2008 check_auto_node(vnode_t *vp)
2009 {
2010 	fnnode_t *fnp;
2011 	int error = 0;
2012 	/*
2013 	 * number of references to expect for
2014 	 * a non-busy vnode.
2015 	 */
2016 	uint_t count;
2017 
2018 	AUTOFS_DPRINT((4, "\tcheck_auto_node vp=%p ", (void *)vp));
2019 	fnp = vntofn(vp);
2020 	ASSERT(fnp->fn_flags & MF_INPROG);
2021 	ASSERT((fnp->fn_flags & MF_LOOKUP) == 0);
2022 
2023 	count = 1;		/* we are holding a reference to vp */
2024 	if (fnp->fn_flags & MF_TRIGGER) {
2025 		/*
2026 		 * parent holds a pointer to us (trigger)
2027 		 */
2028 		count++;
2029 	}
2030 	if (fnp->fn_trigger != NULL) {
2031 		/*
2032 		 * The trigger nodes have a hold on us.
2033 		 */
2034 		count++;
2035 	}
2036 	mutex_enter(&vp->v_lock);
2037 	if (vp->v_flag & VROOT)
2038 		count++;
2039 	ASSERT(vp->v_count > 0);
2040 	AUTOFS_DPRINT((10, "\tcount=%u ", vp->v_count));
2041 	if (vp->v_count > count)
2042 		error = EBUSY;
2043 	mutex_exit(&vp->v_lock);
2044 
2045 	AUTOFS_DPRINT((5, "\tcheck_auto_node error=%d ", error));
2046 	return (error);
2047 }
2048 
2049 /*
2050  * rootvp is the root of the AUTOFS filesystem.
2051  * If rootvp is busy (v_count > 1) returns EBUSY.
2052  * else removes every vnode under this tree.
2053  * ASSUMPTION: Assumes that the only node which can be busy is
2054  * the root vnode. This filesystem better be two levels deep only,
2055  * the root and its immediate subdirs.
2056  * The daemon will "AUTOFS direct-mount" only one level below the root.
2057  */
2058 static int
2059 unmount_autofs(vnode_t *rootvp)
2060 {
2061 	fnnode_t *fnp, *rootfnp, *nfnp;
2062 	int error;
2063 
2064 	AUTOFS_DPRINT((4, "\tunmount_autofs rootvp=%p ", (void *)rootvp));
2065 
2066 	error = check_auto_node(rootvp);
2067 	if (error == 0) {
2068 		/*
2069 		 * Remove all its immediate subdirectories.
2070 		 */
2071 		rootfnp = vntofn(rootvp);
2072 		rw_enter(&rootfnp->fn_rwlock, RW_WRITER);
2073 		nfnp = NULL;	/* lint clean */
2074 		for (fnp = rootfnp->fn_dirents; fnp != NULL; fnp = nfnp) {
2075 			ASSERT(fntovn(fnp)->v_count == 0);
2076 			ASSERT(fnp->fn_dirents == NULL);
2077 			ASSERT(fnp->fn_linkcnt == 2);
2078 			fnp->fn_linkcnt--;
2079 			auto_disconnect(rootfnp, fnp);
2080 			nfnp = fnp->fn_next;
2081 			auto_freefnnode(fnp);
2082 		}
2083 		rw_exit(&rootfnp->fn_rwlock);
2084 	}
2085 	AUTOFS_DPRINT((5, "\tunmount_autofs error=%d ", error));
2086 	return (error);
2087 }
2088 
2089 /*
2090  * max number of unmount threads running
2091  */
2092 static int autofs_unmount_threads = 5;
2093 
2094 /*
2095  * XXX unmount_tree() is not suspend-safe within the scope of
2096  * the present model defined for cpr to suspend the system. Calls made
2097  * by the unmount_tree() that have been identified to be unsafe are
2098  * (1) RPC client handle setup and client calls to automountd which can
2099  * block deep down in the RPC library, (2) kmem_alloc() calls with the
2100  * KM_SLEEP flag which can block if memory is low, and (3) VFS_*() and
2101  * VOP_*() calls which can result in over the wire calls to servers.
2102  * The thread should be completely reevaluated to make it suspend-safe in
2103  * case of future updates to the cpr model.
2104  */
2105 void
2106 unmount_tree(struct autofs_globals *fngp, int force)
2107 {
2108 	vnode_t *vp, *newvp;
2109 	vfs_t *vfsp;
2110 	fnnode_t *fnp, *nfnp, *pfnp;
2111 	action_list *alp;
2112 	int error, ilocked_it = 0;
2113 	fninfo_t *fnip;
2114 	time_t ref_time;
2115 	int autofs_busy_root, unmount_as_unit, unmount_done = 0;
2116 	timestruc_t now;
2117 
2118 	callb_cpr_t cprinfo;
2119 	kmutex_t unmount_tree_cpr_lock;
2120 
2121 	mutex_init(&unmount_tree_cpr_lock, NULL, MUTEX_DEFAULT, NULL);
2122 	CALLB_CPR_INIT(&cprinfo, &unmount_tree_cpr_lock, callb_generic_cpr,
2123 		"unmount_tree");
2124 
2125 	/*
2126 	 * Got to release lock before attempting unmount in case
2127 	 * it hangs.
2128 	 */
2129 	rw_enter(&fngp->fng_rootfnnodep->fn_rwlock, RW_READER);
2130 	if ((fnp = fngp->fng_rootfnnodep->fn_dirents) == NULL) {
2131 		ASSERT(fngp->fng_fnnode_count == 1);
2132 		/*
2133 		 * no autofs mounted, done.
2134 		 */
2135 		rw_exit(&fngp->fng_rootfnnodep->fn_rwlock);
2136 		goto done;
2137 	}
2138 	VN_HOLD(fntovn(fnp));
2139 	rw_exit(&fngp->fng_rootfnnodep->fn_rwlock);
2140 
2141 	vp = fntovn(fnp);
2142 	fnip = vfstofni(vp->v_vfsp);
2143 	/*
2144 	 * autofssys() will be calling in from the global zone and doing
2145 	 * work on the behalf of the given zone, hence we can't always assert
2146 	 * that we have the right credentials, nor that the caller is always in
2147 	 * the correct zone.
2148 	 *
2149 	 * We do, however, know that if this is a "forced unmount" operation
2150 	 * (which autofssys() does), then we won't go down to the krpc layers,
2151 	 * so we don't need to fudge with the credentials.
2152 	 */
2153 	ASSERT(force || fnip->fi_zoneid == getzoneid());
2154 	if (!force && auto_null_request(fnip, FALSE) != 0) {
2155 		/*
2156 		 * automountd not running in this zone,
2157 		 * don't attempt unmounting this round.
2158 		 */
2159 		VN_RELE(vp);
2160 		goto done;
2161 	}
2162 	/* reference time for this unmount round */
2163 	ref_time = gethrestime_sec();
2164 	/*
2165 	 * If this an autofssys() call, we need to make sure we don't skip
2166 	 * nodes because we think we saw them recently.
2167 	 */
2168 	mutex_enter(&fnp->fn_lock);
2169 	if (force && fnp->fn_unmount_ref_time >= ref_time)
2170 		ref_time = fnp->fn_unmount_ref_time + 1;
2171 	mutex_exit(&fnp->fn_lock);
2172 
2173 	AUTOFS_DPRINT((4, "unmount_tree (ID=%ld)\n", ref_time));
2174 top:
2175 	AUTOFS_DPRINT((10, "unmount_tree: %s\n", fnp->fn_name));
2176 	ASSERT(fnp);
2177 	vp = fntovn(fnp);
2178 	if (vp->v_type == VLNK) {
2179 		/*
2180 		 * can't unmount symbolic links
2181 		 */
2182 		goto next;
2183 	}
2184 	fnip = vfstofni(vp->v_vfsp);
2185 	ASSERT(vp->v_count > 0);
2186 	error = 0;
2187 	autofs_busy_root = unmount_as_unit = 0;
2188 	alp = NULL;
2189 
2190 	ilocked_it = 0;
2191 	mutex_enter(&fnp->fn_lock);
2192 	if (fnp->fn_flags & (MF_INPROG | MF_LOOKUP)) {
2193 		/*
2194 		 * Either a mount, lookup or another unmount of this
2195 		 * subtree is in progress, don't attempt to unmount at
2196 		 * this time.
2197 		 */
2198 		mutex_exit(&fnp->fn_lock);
2199 		error = EBUSY;
2200 		goto next;
2201 	}
2202 	if (fnp->fn_unmount_ref_time >= ref_time) {
2203 		/*
2204 		 * Already been here, try next node.
2205 		 */
2206 		mutex_exit(&fnp->fn_lock);
2207 		error = EBUSY;
2208 		goto next;
2209 	}
2210 	fnp->fn_unmount_ref_time = ref_time;
2211 
2212 	/*
2213 	 * If forced operation ignore timeout values
2214 	 */
2215 	if (!force && fnp->fn_ref_time + fnip->fi_mount_to >
2216 	    gethrestime_sec()) {
2217 		/*
2218 		 * Node has been referenced recently, try the
2219 		 * unmount of its children if any.
2220 		 */
2221 		mutex_exit(&fnp->fn_lock);
2222 		AUTOFS_DPRINT((10, "fn_ref_time within range\n"));
2223 		rw_enter(&fnp->fn_rwlock, RW_READER);
2224 		if (fnp->fn_dirents) {
2225 			/*
2226 			 * Has subdirectory, attempt their
2227 			 * unmount first
2228 			 */
2229 			nfnp = fnp->fn_dirents;
2230 			VN_HOLD(fntovn(nfnp));
2231 			rw_exit(&fnp->fn_rwlock);
2232 
2233 			VN_RELE(vp);
2234 			fnp = nfnp;
2235 			goto top;
2236 		}
2237 		rw_exit(&fnp->fn_rwlock);
2238 		/*
2239 		 * No children, try next node.
2240 		 */
2241 		error = EBUSY;
2242 		goto next;
2243 	}
2244 
2245 	AUTOFS_BLOCK_OTHERS(fnp, MF_INPROG);
2246 	fnp->fn_error = 0;
2247 	mutex_exit(&fnp->fn_lock);
2248 	ilocked_it = 1;
2249 
2250 	rw_enter(&fnp->fn_rwlock, RW_WRITER);
2251 	if (fnp->fn_trigger != NULL) {
2252 		unmount_as_unit = 1;
2253 		if ((vn_mountedvfs(vp) == NULL) && (check_auto_node(vp))) {
2254 			/*
2255 			 * AUTOFS mountpoint is busy, there's
2256 			 * no point trying to unmount. Fall through
2257 			 * to attempt to unmount subtrees rooted
2258 			 * at a possible trigger node, but remember
2259 			 * not to unmount this tree.
2260 			 */
2261 			autofs_busy_root = 1;
2262 		}
2263 
2264 		if (triggers_busy(fnp, &nfnp)) {
2265 			rw_exit(&fnp->fn_rwlock);
2266 			if (nfnp == NULL) {
2267 				error = EBUSY;
2268 				goto next;
2269 			}
2270 			/*
2271 			 * nfnp is busy, try to unmount it first
2272 			 */
2273 			mutex_enter(&fnp->fn_lock);
2274 			AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
2275 			mutex_exit(&fnp->fn_lock);
2276 			VN_RELE(vp);
2277 			ASSERT(fntovn(nfnp)->v_count > 1);
2278 			fnp = nfnp;
2279 			goto top;
2280 		}
2281 
2282 		/*
2283 		 * At this point, we know all trigger nodes are locked,
2284 		 * and they're not busy or mounted on.
2285 		 */
2286 
2287 		if (autofs_busy_root) {
2288 			/*
2289 			 * Got to unlock the the trigger nodes since
2290 			 * I'm not really going to unmount the filesystem.
2291 			 */
2292 			(void) triggers_unlock(fnp);
2293 		} else {
2294 			/*
2295 			 * Attempt to unmount all the trigger nodes,
2296 			 * save the action_list in case we need to
2297 			 * remount them later. The action_list will be
2298 			 * freed later if there was no need to remount the
2299 			 * trigger nodes.
2300 			 */
2301 			unmount_triggers(fnp, &alp);
2302 		}
2303 	}
2304 	rw_exit(&fnp->fn_rwlock);
2305 
2306 	if (autofs_busy_root)
2307 		goto next;
2308 
2309 	(void) vn_vfswlock_wait(vp);
2310 
2311 	vfsp = vn_mountedvfs(vp);
2312 	if (vfsp != NULL) {
2313 		/*
2314 		 * Node is mounted on.
2315 		 */
2316 		AUTOFS_DPRINT((10, "\tNode is mounted on\n"));
2317 
2318 		/*
2319 		 * Deal with /xfn/host/jurassic alikes here...
2320 		 */
2321 		if (vfs_matchops(vfsp, vfs_getops(vp->v_vfsp))) {
2322 			/*
2323 			 * If the filesystem mounted here is AUTOFS, and it
2324 			 * is busy, try to unmount the tree rooted on it
2325 			 * first. We know this call to VFS_ROOT is safe to
2326 			 * call while holding VVFSLOCK, since it resolves
2327 			 * to a call to auto_root().
2328 			 */
2329 			AUTOFS_DPRINT((10, "\t\tAUTOFS mounted here\n"));
2330 			if (VFS_ROOT(vfsp, &newvp)) {
2331 				cmn_err(CE_PANIC,
2332 				    "unmount_tree: VFS_ROOT(vfs=%p) failed",
2333 				    (void *)vfsp);
2334 			}
2335 			nfnp = vntofn(newvp);
2336 			if (DEEPER(nfnp)) {
2337 				vn_vfsunlock(vp);
2338 				mutex_enter(&fnp->fn_lock);
2339 				AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
2340 				mutex_exit(&fnp->fn_lock);
2341 				VN_RELE(vp);
2342 				fnp = nfnp;
2343 				goto top;
2344 			}
2345 			/*
2346 			 * Fall through to unmount this filesystem
2347 			 */
2348 			VN_RELE(newvp);
2349 		}
2350 
2351 		/*
2352 		 * vn_vfsunlock(vp) is done inside unmount_node()
2353 		 */
2354 		error = unmount_node(vp, force);
2355 		if (error == ECONNRESET) {
2356 			AUTOFS_DPRINT((10, "\tConnection dropped\n"));
2357 			if (vn_mountedvfs(vp) == NULL) {
2358 				/*
2359 				 * The filesystem was unmounted before the
2360 				 * daemon died. Unfortunately we can not
2361 				 * determine whether all the cleanup work was
2362 				 * successfully finished (i.e. update mnttab,
2363 				 * or notify NFS server of the unmount).
2364 				 * We should not retry the operation since the
2365 				 * filesystem has already been unmounted, and
2366 				 * may have already been removed from mnttab,
2367 				 * in such case the devid/rdevid we send to
2368 				 * the daemon will not be matched. So we have
2369 				 * to be content with the partial unmount.
2370 				 * Since the mountpoint is no longer covered, we
2371 				 * clear the error condition.
2372 				 */
2373 				error = 0;
2374 				auto_log(fngp->fng_verbose, fngp->fng_zoneid,
2375 					CE_WARN,
2376 				    "unmount_tree: automountd connection "
2377 				    "dropped");
2378 				if (fnip->fi_flags & MF_DIRECT) {
2379 					auto_log(fngp->fng_verbose,
2380 						fngp->fng_zoneid, CE_WARN,
2381 						"unmount_tree: "
2382 					    "%s successfully unmounted - "
2383 					    "do not remount triggers",
2384 					    fnip->fi_path);
2385 				} else {
2386 					auto_log(fngp->fng_verbose,
2387 						fngp->fng_zoneid, CE_WARN,
2388 						"unmount_tree: "
2389 					    "%s/%s successfully unmounted - "
2390 					    "do not remount triggers",
2391 					    fnip->fi_path, fnp->fn_name);
2392 				}
2393 			}
2394 		}
2395 	} else {
2396 		vn_vfsunlock(vp);
2397 		AUTOFS_DPRINT((10, "\tNode is AUTOFS\n"));
2398 		if (unmount_as_unit) {
2399 			AUTOFS_DPRINT((10, "\tunmount as unit\n"));
2400 			error = unmount_autofs(vp);
2401 		} else {
2402 			AUTOFS_DPRINT((10, "\tunmount one at a time\n"));
2403 			rw_enter(&fnp->fn_rwlock, RW_READER);
2404 			if (fnp->fn_dirents != NULL) {
2405 				/*
2406 				 * Has subdirectory, attempt their
2407 				 * unmount first
2408 				 */
2409 				nfnp = fnp->fn_dirents;
2410 				VN_HOLD(fntovn(nfnp));
2411 				rw_exit(&fnp->fn_rwlock);
2412 
2413 				mutex_enter(&fnp->fn_lock);
2414 				AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
2415 				mutex_exit(&fnp->fn_lock);
2416 				VN_RELE(vp);
2417 				fnp = nfnp;
2418 				goto top;
2419 			}
2420 			rw_exit(&fnp->fn_rwlock);
2421 			goto next;
2422 		}
2423 	}
2424 
2425 	if (error) {
2426 		AUTOFS_DPRINT((10, "\tUnmount failed\n"));
2427 		if (alp != NULL) {
2428 			/*
2429 			 * Unmount failed, got to remount triggers.
2430 			 */
2431 			ASSERT((fnp->fn_flags & MF_THISUID_MATCH_RQD) == 0);
2432 			error = auto_perform_actions(fnip, fnp, alp,
2433 				CRED());
2434 			if (error) {
2435 				auto_log(fngp->fng_verbose,
2436 					fngp->fng_zoneid, CE_WARN,
2437 					"autofs: can't remount "
2438 				    "triggers fnp=%p error=%d", (void *)fnp,
2439 				    error);
2440 				error = 0;
2441 				/*
2442 				 * The action list should have been
2443 				 * free'd by auto_perform_actions
2444 				 * since an error occured
2445 				 */
2446 				alp = NULL;
2447 
2448 			}
2449 		}
2450 	} else {
2451 		/*
2452 		 * The unmount succeeded, which will cause this node to
2453 		 * be removed from its parent if its an indirect mount,
2454 		 * therefore update the parent's atime and mtime now.
2455 		 * I don't update them in auto_disconnect() because I
2456 		 * don't want atime and mtime changing every time a
2457 		 * lookup goes to the daemon and creates a new node.
2458 		 */
2459 		unmount_done = 1;
2460 		if ((fnip->fi_flags & MF_DIRECT) == 0) {
2461 			gethrestime(&now);
2462 			if (fnp->fn_parent == fngp->fng_rootfnnodep)
2463 				fnp->fn_atime = fnp->fn_mtime = now;
2464 			else
2465 				fnp->fn_parent->fn_atime =
2466 					fnp->fn_parent->fn_mtime = now;
2467 		}
2468 
2469 		/*
2470 		 * Free the action list here
2471 		 */
2472 		if (alp != NULL) {
2473 			xdr_free(xdr_action_list, (char *)alp);
2474 			kmem_free(alp, sizeof (*alp));
2475 			alp = NULL;
2476 		}
2477 	}
2478 
2479 	fnp->fn_ref_time = gethrestime_sec();
2480 
2481 next:
2482 	/*
2483 	 * Obtain parent's readers lock before grabbing
2484 	 * reference to next sibling.
2485 	 * XXX Note that nodes in the top level list (mounted
2486 	 * in user space not by the daemon in the kernel) parent is itself,
2487 	 * therefore grabbing the lock makes no sense, but doesn't
2488 	 * hurt either.
2489 	 */
2490 	pfnp = fnp->fn_parent;
2491 	ASSERT(pfnp != NULL);
2492 	rw_enter(&pfnp->fn_rwlock, RW_READER);
2493 	if ((nfnp = fnp->fn_next) != NULL)
2494 		VN_HOLD(fntovn(nfnp));
2495 	rw_exit(&pfnp->fn_rwlock);
2496 
2497 	if (ilocked_it) {
2498 		mutex_enter(&fnp->fn_lock);
2499 		if (unmount_done) {
2500 			/*
2501 			 * Other threads may be waiting for this unmount to
2502 			 * finish. We must let it know that in order to
2503 			 * proceed, it must trigger the mount itself.
2504 			 */
2505 			fnp->fn_flags &= ~MF_IK_MOUNT;
2506 			if (fnp->fn_flags & MF_WAITING)
2507 				fnp->fn_error = EAGAIN;
2508 			unmount_done = 0;
2509 		}
2510 		AUTOFS_UNBLOCK_OTHERS(fnp, MF_INPROG);
2511 		mutex_exit(&fnp->fn_lock);
2512 		ilocked_it = 0;
2513 	}
2514 
2515 	if (nfnp != NULL) {
2516 		VN_RELE(vp);
2517 		fnp = nfnp;
2518 		/*
2519 		 * Unmount next element
2520 		 */
2521 		goto top;
2522 	}
2523 
2524 	/*
2525 	 * We don't want to unmount rootfnnodep, so the check is made here
2526 	 */
2527 	ASSERT(pfnp != fnp);
2528 	if (pfnp != fngp->fng_rootfnnodep) {
2529 		/*
2530 		 * Now attempt to unmount my parent
2531 		 */
2532 		VN_HOLD(fntovn(pfnp));
2533 		VN_RELE(vp);
2534 		fnp = pfnp;
2535 
2536 		goto top;
2537 	}
2538 
2539 	VN_RELE(vp);
2540 
2541 	/*
2542 	 * At this point we've walked the entire tree and attempted to unmount
2543 	 * as much as we can one level at a time.
2544 	 */
2545 done:
2546 	mutex_enter(&unmount_tree_cpr_lock);
2547 	CALLB_CPR_EXIT(&cprinfo);
2548 	mutex_destroy(&unmount_tree_cpr_lock);
2549 }
2550 
2551 static void
2552 unmount_zone_tree(struct autofs_globals *fngp)
2553 {
2554 	unmount_tree(fngp, 0);
2555 	mutex_enter(&fngp->fng_unmount_threads_lock);
2556 	fngp->fng_unmount_threads--;
2557 	mutex_exit(&fngp->fng_unmount_threads_lock);
2558 
2559 	AUTOFS_DPRINT((5, "unmount_tree done. Thread exiting.\n"));
2560 
2561 	zthread_exit();
2562 	/* NOTREACHED */
2563 }
2564 
2565 static int autofs_unmount_thread_timer = 120;	/* in seconds */
2566 
2567 void
2568 auto_do_unmount(struct autofs_globals *fngp)
2569 {
2570 	callb_cpr_t cprinfo;
2571 	clock_t timeleft;
2572 	zone_t *zone = curproc->p_zone;
2573 
2574 	CALLB_CPR_INIT(&cprinfo, &fngp->fng_unmount_threads_lock,
2575 		callb_generic_cpr, "auto_do_unmount");
2576 
2577 	for (;;) {	/* forever */
2578 		mutex_enter(&fngp->fng_unmount_threads_lock);
2579 		CALLB_CPR_SAFE_BEGIN(&cprinfo);
2580 newthread:
2581 		mutex_exit(&fngp->fng_unmount_threads_lock);
2582 		timeleft = zone_status_timedwait(zone, lbolt +
2583 		    autofs_unmount_thread_timer * hz, ZONE_IS_SHUTTING_DOWN);
2584 		mutex_enter(&fngp->fng_unmount_threads_lock);
2585 
2586 		if (timeleft != -1) {	/* didn't time out */
2587 			ASSERT(zone_status_get(zone) >= ZONE_IS_SHUTTING_DOWN);
2588 			/*
2589 			 * zone is exiting... don't create any new threads.
2590 			 * fng_unmount_threads_lock is released implicitly by
2591 			 * the below.
2592 			 */
2593 			CALLB_CPR_SAFE_END(&cprinfo,
2594 				&fngp->fng_unmount_threads_lock);
2595 			CALLB_CPR_EXIT(&cprinfo);
2596 			zthread_exit();
2597 			/* NOTREACHED */
2598 		}
2599 		if (fngp->fng_unmount_threads < autofs_unmount_threads) {
2600 			fngp->fng_unmount_threads++;
2601 			CALLB_CPR_SAFE_END(&cprinfo,
2602 				&fngp->fng_unmount_threads_lock);
2603 			mutex_exit(&fngp->fng_unmount_threads_lock);
2604 
2605 			(void) zthread_create(NULL, 0, unmount_zone_tree, fngp,
2606 			    0, minclsyspri);
2607 		} else
2608 			goto newthread;
2609 	}
2610 	/* NOTREACHED */
2611 }
2612 
2613 /*
2614  * Is nobrowse specified in option string?
2615  * opts should be a null ('\0') terminated string.
2616  * Returns non-zero if nobrowse has been specified.
2617  */
2618 int
2619 auto_nobrowse_option(char *opts)
2620 {
2621 	char *buf;
2622 	char *p;
2623 	char *t;
2624 	int nobrowse = 0;
2625 	int last_opt = 0;
2626 	size_t len;
2627 
2628 	len = strlen(opts) + 1;
2629 	p = buf = kmem_alloc(len, KM_SLEEP);
2630 	(void) strcpy(buf, opts);
2631 	do {
2632 		if (t = strchr(p, ','))
2633 			*t++ = '\0';
2634 		else
2635 			last_opt++;
2636 		if (strcmp(p, MNTOPT_NOBROWSE) == 0)
2637 			nobrowse = 1;
2638 		else if (strcmp(p, MNTOPT_BROWSE) == 0)
2639 			nobrowse = 0;
2640 		p = t;
2641 	} while (!last_opt);
2642 	kmem_free(buf, len);
2643 
2644 	return (nobrowse);
2645 }
2646 
2647 /*
2648  * used to log warnings only if automountd is running
2649  * with verbose mode set
2650  */
2651 
2652 void
2653 auto_log(int verbose, zoneid_t zoneid, int level, const char *fmt, ...)
2654 {
2655 	va_list	args;
2656 
2657 	if (verbose) {
2658 		va_start(args, fmt);
2659 		vzcmn_err(zoneid, level, fmt, args);
2660 		va_end(args);
2661 	}
2662 }
2663 
2664 #ifdef DEBUG
2665 static int autofs_debug = 0;
2666 
2667 /*
2668  * Utilities used by both client and server
2669  * Standard levels:
2670  * 0) no debugging
2671  * 1) hard failures
2672  * 2) soft failures
2673  * 3) current test software
2674  * 4) main procedure entry points
2675  * 5) main procedure exit points
2676  * 6) utility procedure entry points
2677  * 7) utility procedure exit points
2678  * 8) obscure procedure entry points
2679  * 9) obscure procedure exit points
2680  * 10) random stuff
2681  * 11) all <= 1
2682  * 12) all <= 2
2683  * 13) all <= 3
2684  * ...
2685  */
2686 /* PRINTFLIKE2 */
2687 void
2688 auto_dprint(int level, const char *fmt, ...)
2689 {
2690 	va_list args;
2691 
2692 	if (autofs_debug == level ||
2693 	    (autofs_debug > 10 && (autofs_debug - 10) >= level)) {
2694 		va_start(args, fmt);
2695 		(void) vprintf(fmt, args);
2696 		va_end(args);
2697 	}
2698 }
2699 #endif /* DEBUG */
2700