xref: /titanic_50/usr/src/uts/common/fs/nfs/nfs4_vfsops.c (revision d62bc4badc1c1f1549c961cfb8b420e650e1272b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  *	Copyright (c) 1983,1984,1985,1986,1987,1988,1989  AT&T.
28  *	All Rights Reserved
29  */
30 
31 #pragma ident	"%Z%%M%	%I%	%E% SMI"
32 
33 #include <sys/param.h>
34 #include <sys/types.h>
35 #include <sys/systm.h>
36 #include <sys/cred.h>
37 #include <sys/vfs.h>
38 #include <sys/vfs_opreg.h>
39 #include <sys/vnode.h>
40 #include <sys/pathname.h>
41 #include <sys/sysmacros.h>
42 #include <sys/kmem.h>
43 #include <sys/mkdev.h>
44 #include <sys/mount.h>
45 #include <sys/statvfs.h>
46 #include <sys/errno.h>
47 #include <sys/debug.h>
48 #include <sys/cmn_err.h>
49 #include <sys/utsname.h>
50 #include <sys/bootconf.h>
51 #include <sys/modctl.h>
52 #include <sys/acl.h>
53 #include <sys/flock.h>
54 #include <sys/time.h>
55 #include <sys/disp.h>
56 #include <sys/policy.h>
57 #include <sys/socket.h>
58 #include <sys/netconfig.h>
59 #include <sys/dnlc.h>
60 #include <sys/list.h>
61 #include <sys/mntent.h>
62 #include <sys/tsol/label.h>
63 
64 #include <rpc/types.h>
65 #include <rpc/auth.h>
66 #include <rpc/rpcsec_gss.h>
67 #include <rpc/clnt.h>
68 
69 #include <nfs/nfs.h>
70 #include <nfs/nfs_clnt.h>
71 #include <nfs/mount.h>
72 #include <nfs/nfs_acl.h>
73 
74 #include <fs/fs_subr.h>
75 
76 #include <nfs/nfs4.h>
77 #include <nfs/rnode4.h>
78 #include <nfs/nfs4_clnt.h>
79 #include <sys/fs/autofs.h>
80 
81 
82 /*
83  * Arguments passed to thread to free data structures from forced unmount.
84  */
85 
86 typedef struct {
87 	vfs_t	*fm_vfsp;
88 	int	fm_flag;
89 	cred_t	*fm_cr;
90 } freemountargs_t;
91 
92 static void	async_free_mount(vfs_t *, int, cred_t *);
93 static void	nfs4_free_mount(vfs_t *, int, cred_t *);
94 static void	nfs4_free_mount_thread(freemountargs_t *);
95 static int nfs4_chkdup_servinfo4(servinfo4_t *, servinfo4_t *);
96 
97 /*
98  * From rpcsec module (common/rpcsec).
99  */
100 extern int sec_clnt_loadinfo(struct sec_data *, struct sec_data **, model_t);
101 extern void sec_clnt_freeinfo(struct sec_data *);
102 
103 /*
104  * The order and contents of this structure must be kept in sync with that of
105  * rfsreqcnt_v4_tmpl in nfs_stats.c
106  */
107 static char *rfsnames_v4[] = {
108 	"null", "compound", "reserved",	"access", "close", "commit", "create",
109 	"delegpurge", "delegreturn", "getattr",	"getfh", "link", "lock",
110 	"lockt", "locku", "lookup", "lookupp", "nverify", "open", "openattr",
111 	"open_confirm",	"open_downgrade", "putfh", "putpubfh", "putrootfh",
112 	"read", "readdir", "readlink", "remove", "rename", "renew",
113 	"restorefh", "savefh", "secinfo", "setattr", "setclientid",
114 	"setclientid_confirm", "verify", "write"
115 };
116 
117 /*
118  * nfs4_max_mount_retry is the number of times the client will redrive
119  * a mount compound before giving up and returning failure.  The intent
120  * is to redrive mount compounds which fail NFS4ERR_STALE so that
121  * if a component of the server path being mounted goes stale, it can
122  * "recover" by redriving the mount compund (LOOKUP ops).  This recovery
123  * code is needed outside of the recovery framework because mount is a
124  * special case.  The client doesn't create vnodes/rnodes for components
125  * of the server path being mounted.  The recovery code recovers real
126  * client objects, not STALE FHs which map to components of the server
127  * path being mounted.
128  *
129  * We could just fail the mount on the first time, but that would
130  * instantly trigger failover (from nfs4_mount), and the client should
131  * try to re-lookup the STALE FH before doing failover.  The easiest
132  * way to "re-lookup" is to simply redrive the mount compound.
133  */
134 static int nfs4_max_mount_retry = 2;
135 
136 /*
137  * nfs4 vfs operations.
138  */
139 int		nfs4_mount(vfs_t *, vnode_t *, struct mounta *, cred_t *);
140 static int	nfs4_unmount(vfs_t *, int, cred_t *);
141 static int	nfs4_root(vfs_t *, vnode_t **);
142 static int	nfs4_statvfs(vfs_t *, struct statvfs64 *);
143 static int	nfs4_sync(vfs_t *, short, cred_t *);
144 static int	nfs4_vget(vfs_t *, vnode_t **, fid_t *);
145 static int	nfs4_mountroot(vfs_t *, whymountroot_t);
146 static void	nfs4_freevfs(vfs_t *);
147 
148 static int	nfs4rootvp(vnode_t **, vfs_t *, struct servinfo4 *,
149 		    int, cred_t *, zone_t *);
150 
151 vfsops_t	*nfs4_vfsops;
152 
153 int nfs4_vfsinit(void);
154 void nfs4_vfsfini(void);
155 static void nfs4setclientid_init(void);
156 static void nfs4setclientid_fini(void);
157 static void nfs4setclientid_otw(mntinfo4_t *, servinfo4_t *,  cred_t *,
158 		struct nfs4_server *, nfs4_error_t *, int *);
159 static void	destroy_nfs4_server(nfs4_server_t *);
160 static void	remove_mi(nfs4_server_t *, mntinfo4_t *);
161 
162 extern void nfs4_ephemeral_init(void);
163 extern void nfs4_ephemeral_fini(void);
164 
165 /*
166  * Initialize the vfs structure
167  */
168 
169 static int nfs4fstyp;
170 
171 
172 /*
173  * Debug variable to check for rdma based
174  * transport startup and cleanup. Controlled
175  * through /etc/system. Off by default.
176  */
177 extern int rdma_debug;
178 
179 int
180 nfs4init(int fstyp, char *name)
181 {
182 	static const fs_operation_def_t nfs4_vfsops_template[] = {
183 		VFSNAME_MOUNT,		{ .vfs_mount = nfs4_mount },
184 		VFSNAME_UNMOUNT,	{ .vfs_unmount = nfs4_unmount },
185 		VFSNAME_ROOT,		{ .vfs_root = nfs4_root },
186 		VFSNAME_STATVFS,	{ .vfs_statvfs = nfs4_statvfs },
187 		VFSNAME_SYNC,		{ .vfs_sync = nfs4_sync },
188 		VFSNAME_VGET,		{ .vfs_vget = nfs4_vget },
189 		VFSNAME_MOUNTROOT,	{ .vfs_mountroot = nfs4_mountroot },
190 		VFSNAME_FREEVFS,	{ .vfs_freevfs = nfs4_freevfs },
191 		NULL,			NULL
192 	};
193 	int error;
194 
195 	nfs4_vfsops = NULL;
196 	nfs4_vnodeops = NULL;
197 	nfs4_trigger_vnodeops = NULL;
198 
199 	error = vfs_setfsops(fstyp, nfs4_vfsops_template, &nfs4_vfsops);
200 	if (error != 0) {
201 		zcmn_err(GLOBAL_ZONEID, CE_WARN,
202 		    "nfs4init: bad vfs ops template");
203 		goto out;
204 	}
205 
206 	error = vn_make_ops(name, nfs4_vnodeops_template, &nfs4_vnodeops);
207 	if (error != 0) {
208 		zcmn_err(GLOBAL_ZONEID, CE_WARN,
209 		    "nfs4init: bad vnode ops template");
210 		goto out;
211 	}
212 
213 	error = vn_make_ops("nfs4_trigger", nfs4_trigger_vnodeops_template,
214 	    &nfs4_trigger_vnodeops);
215 	if (error != 0) {
216 		zcmn_err(GLOBAL_ZONEID, CE_WARN,
217 		    "nfs4init: bad trigger vnode ops template");
218 		goto out;
219 	}
220 
221 	nfs4fstyp = fstyp;
222 	(void) nfs4_vfsinit();
223 	(void) nfs4_init_dot_entries();
224 
225 out:
226 	if (error) {
227 		if (nfs4_trigger_vnodeops != NULL)
228 			vn_freevnodeops(nfs4_trigger_vnodeops);
229 
230 		if (nfs4_vnodeops != NULL)
231 			vn_freevnodeops(nfs4_vnodeops);
232 
233 		(void) vfs_freevfsops_by_type(fstyp);
234 	}
235 
236 	return (error);
237 }
238 
239 void
240 nfs4fini(void)
241 {
242 	(void) nfs4_destroy_dot_entries();
243 	nfs4_vfsfini();
244 }
245 
246 /*
247  * Create a new sec_data structure to store AUTH_DH related data:
248  * netname, syncaddr, knetconfig. There is no AUTH_F_RPCTIMESYNC
249  * flag set for NFS V4 since we are avoiding to contact the rpcbind
250  * daemon and is using the IP time service (IPPORT_TIMESERVER).
251  *
252  * sec_data can be freed by sec_clnt_freeinfo().
253  */
254 static struct sec_data *
255 create_authdh_data(char *netname, int nlen, struct netbuf *syncaddr,
256 		struct knetconfig *knconf) {
257 	struct sec_data *secdata;
258 	dh_k4_clntdata_t *data;
259 	char *pf, *p;
260 
261 	if (syncaddr == NULL || syncaddr->buf == NULL || nlen == 0)
262 		return (NULL);
263 
264 	secdata = kmem_alloc(sizeof (*secdata), KM_SLEEP);
265 	secdata->flags = 0;
266 
267 	data = kmem_alloc(sizeof (*data), KM_SLEEP);
268 
269 	data->syncaddr.maxlen = syncaddr->maxlen;
270 	data->syncaddr.len = syncaddr->len;
271 	data->syncaddr.buf = (char *)kmem_alloc(syncaddr->len, KM_SLEEP);
272 	bcopy(syncaddr->buf, data->syncaddr.buf, syncaddr->len);
273 
274 	/*
275 	 * duplicate the knconf information for the
276 	 * new opaque data.
277 	 */
278 	data->knconf = kmem_alloc(sizeof (*knconf), KM_SLEEP);
279 	*data->knconf = *knconf;
280 	pf = kmem_alloc(KNC_STRSIZE, KM_SLEEP);
281 	p = kmem_alloc(KNC_STRSIZE, KM_SLEEP);
282 	bcopy(knconf->knc_protofmly, pf, KNC_STRSIZE);
283 	bcopy(knconf->knc_proto, p, KNC_STRSIZE);
284 	data->knconf->knc_protofmly = pf;
285 	data->knconf->knc_proto = p;
286 
287 	/* move server netname to the sec_data structure */
288 	data->netname = kmem_alloc(nlen, KM_SLEEP);
289 	bcopy(netname, data->netname, nlen);
290 	data->netnamelen = (int)nlen;
291 
292 	secdata->secmod = AUTH_DH;
293 	secdata->rpcflavor = AUTH_DH;
294 	secdata->data = (caddr_t)data;
295 
296 	return (secdata);
297 }
298 
299 /*
300  * Returns (deep) copy of sec_data_t. Allocates all memory required; caller
301  * is responsible for freeing.
302  */
303 sec_data_t *
304 copy_sec_data(sec_data_t *fsecdata) {
305 	sec_data_t *tsecdata;
306 
307 	if (fsecdata == NULL)
308 		return (NULL);
309 
310 	if (fsecdata->rpcflavor == AUTH_DH) {
311 		dh_k4_clntdata_t *fdata = (dh_k4_clntdata_t *)fsecdata->data;
312 
313 		if (fdata == NULL)
314 			return (NULL);
315 
316 		tsecdata = (sec_data_t *)create_authdh_data(fdata->netname,
317 		    fdata->netnamelen, &fdata->syncaddr, fdata->knconf);
318 
319 		return (tsecdata);
320 	}
321 
322 	tsecdata = kmem_zalloc(sizeof (sec_data_t), KM_SLEEP);
323 
324 	tsecdata->secmod = fsecdata->secmod;
325 	tsecdata->rpcflavor = fsecdata->rpcflavor;
326 	tsecdata->flags = fsecdata->flags;
327 	tsecdata->uid = fsecdata->uid;
328 
329 	if (fsecdata->rpcflavor == RPCSEC_GSS) {
330 		gss_clntdata_t *gcd = (gss_clntdata_t *)fsecdata->data;
331 
332 		tsecdata->data = (caddr_t)copy_sec_data_gss(gcd);
333 	} else {
334 		tsecdata->data = NULL;
335 	}
336 
337 	return (tsecdata);
338 }
339 
340 gss_clntdata_t *
341 copy_sec_data_gss(gss_clntdata_t *fdata)
342 {
343 	gss_clntdata_t *tdata;
344 
345 	if (fdata == NULL)
346 		return (NULL);
347 
348 	tdata = kmem_zalloc(sizeof (gss_clntdata_t), KM_SLEEP);
349 
350 	tdata->mechanism.length = fdata->mechanism.length;
351 	tdata->mechanism.elements = kmem_zalloc(fdata->mechanism.length,
352 	    KM_SLEEP);
353 	bcopy(fdata->mechanism.elements, tdata->mechanism.elements,
354 	    fdata->mechanism.length);
355 
356 	tdata->service = fdata->service;
357 
358 	(void) strcpy(tdata->uname, fdata->uname);
359 	(void) strcpy(tdata->inst, fdata->inst);
360 	(void) strcpy(tdata->realm, fdata->realm);
361 
362 	tdata->qop = fdata->qop;
363 
364 	return (tdata);
365 }
366 
367 static int
368 nfs4_chkdup_servinfo4(servinfo4_t *svp_head, servinfo4_t *svp)
369 {
370 	servinfo4_t *si;
371 
372 	/*
373 	 * Iterate over the servinfo4 list to make sure
374 	 * we do not have a duplicate. Skip any servinfo4
375 	 * that has been marked "NOT IN USE"
376 	 */
377 	for (si = svp_head; si; si = si->sv_next) {
378 		(void) nfs_rw_enter_sig(&si->sv_lock, RW_READER, 0);
379 		if (si->sv_flags & SV4_NOTINUSE) {
380 			nfs_rw_exit(&si->sv_lock);
381 			continue;
382 		}
383 		nfs_rw_exit(&si->sv_lock);
384 		if (si == svp)
385 			continue;
386 		if (si->sv_addr.len == svp->sv_addr.len &&
387 		    strcmp(si->sv_knconf->knc_protofmly,
388 		    svp->sv_knconf->knc_protofmly) == 0 &&
389 		    bcmp(si->sv_addr.buf, svp->sv_addr.buf,
390 		    si->sv_addr.len) == 0) {
391 			/* it's a duplicate */
392 			return (1);
393 		}
394 	}
395 	/* it's not a duplicate */
396 	return (0);
397 }
398 
399 void
400 nfs4_free_args(struct nfs_args *nargs)
401 {
402 	if (nargs->knconf) {
403 		if (nargs->knconf->knc_protofmly)
404 			kmem_free(nargs->knconf->knc_protofmly,
405 			    KNC_STRSIZE);
406 		if (nargs->knconf->knc_proto)
407 			kmem_free(nargs->knconf->knc_proto, KNC_STRSIZE);
408 		kmem_free(nargs->knconf, sizeof (*nargs->knconf));
409 		nargs->knconf = NULL;
410 	}
411 
412 	if (nargs->fh) {
413 		kmem_free(nargs->fh, strlen(nargs->fh) + 1);
414 		nargs->fh = NULL;
415 	}
416 
417 	if (nargs->hostname) {
418 		kmem_free(nargs->hostname, strlen(nargs->hostname) + 1);
419 		nargs->hostname = NULL;
420 	}
421 
422 	if (nargs->addr) {
423 		if (nargs->addr->buf) {
424 			ASSERT(nargs->addr->len);
425 			kmem_free(nargs->addr->buf, nargs->addr->len);
426 		}
427 		kmem_free(nargs->addr, sizeof (struct netbuf));
428 		nargs->addr = NULL;
429 	}
430 
431 	if (nargs->syncaddr) {
432 		ASSERT(nargs->syncaddr->len);
433 		if (nargs->syncaddr->buf) {
434 			ASSERT(nargs->syncaddr->len);
435 			kmem_free(nargs->syncaddr->buf, nargs->syncaddr->len);
436 		}
437 		kmem_free(nargs->syncaddr, sizeof (struct netbuf));
438 		nargs->syncaddr = NULL;
439 	}
440 
441 	if (nargs->netname) {
442 		kmem_free(nargs->netname, strlen(nargs->netname) + 1);
443 		nargs->netname = NULL;
444 	}
445 
446 	if (nargs->nfs_ext_u.nfs_extA.secdata) {
447 		sec_clnt_freeinfo(
448 		    nargs->nfs_ext_u.nfs_extA.secdata);
449 		nargs->nfs_ext_u.nfs_extA.secdata = NULL;
450 	}
451 }
452 
453 
454 int
455 nfs4_copyin(char *data, int datalen, struct nfs_args *nargs)
456 {
457 
458 	int error;
459 	size_t hlen;			/* length of hostname */
460 	size_t nlen;			/* length of netname */
461 	char netname[MAXNETNAMELEN+1];	/* server's netname */
462 	struct netbuf addr;		/* server's address */
463 	struct netbuf syncaddr;		/* AUTH_DES time sync addr */
464 	struct knetconfig *knconf;		/* transport structure */
465 	struct sec_data *secdata = NULL;	/* security data */
466 	STRUCT_DECL(nfs_args, args);		/* nfs mount arguments */
467 	STRUCT_DECL(knetconfig, knconf_tmp);
468 	STRUCT_DECL(netbuf, addr_tmp);
469 	int flags;
470 	char *p, *pf;
471 	struct pathname pn;
472 	char *userbufptr;
473 
474 
475 	bzero(nargs, sizeof (*nargs));
476 
477 	STRUCT_INIT(args, get_udatamodel());
478 	bzero(STRUCT_BUF(args), SIZEOF_STRUCT(nfs_args, DATAMODEL_NATIVE));
479 	if (copyin(data, STRUCT_BUF(args), MIN(datalen,
480 	    STRUCT_SIZE(args))))
481 		return (EFAULT);
482 
483 	nargs->wsize = STRUCT_FGET(args, wsize);
484 	nargs->rsize = STRUCT_FGET(args, rsize);
485 	nargs->timeo = STRUCT_FGET(args, timeo);
486 	nargs->retrans = STRUCT_FGET(args, retrans);
487 	nargs->acregmin = STRUCT_FGET(args, acregmin);
488 	nargs->acregmax = STRUCT_FGET(args, acregmax);
489 	nargs->acdirmin = STRUCT_FGET(args, acdirmin);
490 	nargs->acdirmax = STRUCT_FGET(args, acdirmax);
491 
492 	flags = STRUCT_FGET(args, flags);
493 	nargs->flags = flags;
494 
495 	addr.buf = NULL;
496 	syncaddr.buf = NULL;
497 
498 
499 	/*
500 	 * Allocate space for a knetconfig structure and
501 	 * its strings and copy in from user-land.
502 	 */
503 	knconf = kmem_zalloc(sizeof (*knconf), KM_SLEEP);
504 	STRUCT_INIT(knconf_tmp, get_udatamodel());
505 	if (copyin(STRUCT_FGETP(args, knconf), STRUCT_BUF(knconf_tmp),
506 	    STRUCT_SIZE(knconf_tmp))) {
507 		kmem_free(knconf, sizeof (*knconf));
508 		return (EFAULT);
509 	}
510 
511 	knconf->knc_semantics = STRUCT_FGET(knconf_tmp, knc_semantics);
512 	knconf->knc_protofmly = STRUCT_FGETP(knconf_tmp, knc_protofmly);
513 	knconf->knc_proto = STRUCT_FGETP(knconf_tmp, knc_proto);
514 	if (get_udatamodel() != DATAMODEL_LP64) {
515 		knconf->knc_rdev = expldev(STRUCT_FGET(knconf_tmp, knc_rdev));
516 	} else {
517 		knconf->knc_rdev = STRUCT_FGET(knconf_tmp, knc_rdev);
518 	}
519 
520 	pf = kmem_alloc(KNC_STRSIZE, KM_SLEEP);
521 	p = kmem_alloc(KNC_STRSIZE, KM_SLEEP);
522 	error = copyinstr(knconf->knc_protofmly, pf, KNC_STRSIZE, NULL);
523 	if (error) {
524 		kmem_free(pf, KNC_STRSIZE);
525 		kmem_free(p, KNC_STRSIZE);
526 		kmem_free(knconf, sizeof (*knconf));
527 		return (error);
528 	}
529 
530 	error = copyinstr(knconf->knc_proto, p, KNC_STRSIZE, NULL);
531 	if (error) {
532 		kmem_free(pf, KNC_STRSIZE);
533 		kmem_free(p, KNC_STRSIZE);
534 		kmem_free(knconf, sizeof (*knconf));
535 		return (error);
536 	}
537 
538 
539 	knconf->knc_protofmly = pf;
540 	knconf->knc_proto = p;
541 
542 	nargs->knconf = knconf;
543 
544 	/*
545 	 * Get server address
546 	 */
547 	STRUCT_INIT(addr_tmp, get_udatamodel());
548 	if (copyin(STRUCT_FGETP(args, addr), STRUCT_BUF(addr_tmp),
549 	    STRUCT_SIZE(addr_tmp))) {
550 		error = EFAULT;
551 		goto errout;
552 	}
553 
554 	nargs->addr = kmem_alloc(sizeof (struct netbuf), KM_SLEEP);
555 	userbufptr = STRUCT_FGETP(addr_tmp, buf);
556 	addr.len = STRUCT_FGET(addr_tmp, len);
557 	addr.buf = kmem_alloc(addr.len, KM_SLEEP);
558 	addr.maxlen = addr.len;
559 	if (copyin(userbufptr, addr.buf, addr.len)) {
560 		kmem_free(addr.buf, addr.len);
561 		error = EFAULT;
562 		goto errout;
563 	}
564 	bcopy(&addr, nargs->addr, sizeof (struct netbuf));
565 
566 	/*
567 	 * Get the root fhandle
568 	 */
569 	error = pn_get(STRUCT_FGETP(args, fh), UIO_USERSPACE, &pn);
570 	if (error)
571 		goto errout;
572 
573 	/* Volatile fh: keep server paths, so use actual-size strings */
574 	nargs->fh = kmem_alloc(pn.pn_pathlen + 1, KM_SLEEP);
575 	bcopy(pn.pn_path, nargs->fh, pn.pn_pathlen);
576 	nargs->fh[pn.pn_pathlen] = '\0';
577 	pn_free(&pn);
578 
579 
580 	/*
581 	 * Get server's hostname
582 	 */
583 	if (flags & NFSMNT_HOSTNAME) {
584 		error = copyinstr(STRUCT_FGETP(args, hostname),
585 		    netname, sizeof (netname), &hlen);
586 		if (error)
587 			goto errout;
588 		nargs->hostname = kmem_zalloc(hlen, KM_SLEEP);
589 		(void) strcpy(nargs->hostname, netname);
590 
591 	} else {
592 		nargs->hostname = NULL;
593 	}
594 
595 
596 	/*
597 	 * If there are syncaddr and netname data, load them in. This is
598 	 * to support data needed for NFSV4 when AUTH_DH is the negotiated
599 	 * flavor via SECINFO. (instead of using MOUNT protocol in V3).
600 	 */
601 	netname[0] = '\0';
602 	if (flags & NFSMNT_SECURE) {
603 
604 		/* get syncaddr */
605 		STRUCT_INIT(addr_tmp, get_udatamodel());
606 		if (copyin(STRUCT_FGETP(args, syncaddr), STRUCT_BUF(addr_tmp),
607 		    STRUCT_SIZE(addr_tmp))) {
608 			error = EINVAL;
609 			goto errout;
610 		}
611 		userbufptr = STRUCT_FGETP(addr_tmp, buf);
612 		syncaddr.len = STRUCT_FGET(addr_tmp, len);
613 		syncaddr.buf = kmem_alloc(syncaddr.len, KM_SLEEP);
614 		syncaddr.maxlen = syncaddr.len;
615 		if (copyin(userbufptr, syncaddr.buf, syncaddr.len)) {
616 			kmem_free(syncaddr.buf, syncaddr.len);
617 			error = EFAULT;
618 			goto errout;
619 		}
620 
621 		nargs->syncaddr = kmem_alloc(sizeof (struct netbuf), KM_SLEEP);
622 		bcopy(&syncaddr, nargs->syncaddr, sizeof (struct netbuf));
623 
624 		/* get server's netname */
625 		if (copyinstr(STRUCT_FGETP(args, netname), netname,
626 		    sizeof (netname), &nlen)) {
627 			error = EFAULT;
628 			goto errout;
629 		}
630 
631 		netname[nlen] = '\0';
632 		nargs->netname = kmem_zalloc(nlen, KM_SLEEP);
633 		(void) strcpy(nargs->netname, netname);
634 	}
635 
636 	/*
637 	 * Get the extention data which has the security data structure.
638 	 * This includes data for AUTH_SYS as well.
639 	 */
640 	if (flags & NFSMNT_NEWARGS) {
641 		nargs->nfs_args_ext = STRUCT_FGET(args, nfs_args_ext);
642 		if (nargs->nfs_args_ext == NFS_ARGS_EXTA ||
643 		    nargs->nfs_args_ext == NFS_ARGS_EXTB) {
644 			/*
645 			 * Indicating the application is using the new
646 			 * sec_data structure to pass in the security
647 			 * data.
648 			 */
649 			if (STRUCT_FGETP(args,
650 			    nfs_ext_u.nfs_extA.secdata) != NULL) {
651 				error = sec_clnt_loadinfo(
652 				    (struct sec_data *)STRUCT_FGETP(args,
653 				    nfs_ext_u.nfs_extA.secdata),
654 				    &secdata, get_udatamodel());
655 			}
656 			nargs->nfs_ext_u.nfs_extA.secdata = secdata;
657 		}
658 	}
659 
660 	if (error)
661 		goto errout;
662 
663 	/*
664 	 * Failover support:
665 	 *
666 	 * We may have a linked list of nfs_args structures,
667 	 * which means the user is looking for failover.  If
668 	 * the mount is either not "read-only" or "soft",
669 	 * we want to bail out with EINVAL.
670 	 */
671 	if (nargs->nfs_args_ext == NFS_ARGS_EXTB)
672 		nargs->nfs_ext_u.nfs_extB.next =
673 		    STRUCT_FGETP(args, nfs_ext_u.nfs_extB.next);
674 
675 errout:
676 	if (error)
677 		nfs4_free_args(nargs);
678 
679 	return (error);
680 }
681 
682 
683 /*
684  * nfs mount vfsop
685  * Set up mount info record and attach it to vfs struct.
686  */
687 int
688 nfs4_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
689 {
690 	char *data = uap->dataptr;
691 	int error;
692 	vnode_t *rtvp;			/* the server's root */
693 	mntinfo4_t *mi;			/* mount info, pointed at by vfs */
694 	struct knetconfig *rdma_knconf;	/* rdma transport structure */
695 	rnode4_t *rp;
696 	struct servinfo4 *svp;		/* nfs server info */
697 	struct servinfo4 *svp_tail = NULL; /* previous nfs server info */
698 	struct servinfo4 *svp_head;	/* first nfs server info */
699 	struct servinfo4 *svp_2ndlast;	/* 2nd last in server info list */
700 	struct sec_data *secdata;	/* security data */
701 	struct nfs_args *args = NULL;
702 	int flags, addr_type, removed;
703 	zone_t *zone = nfs_zone();
704 	nfs4_error_t n4e;
705 	zone_t *mntzone = NULL;
706 
707 	if (secpolicy_fs_mount(cr, mvp, vfsp) != 0)
708 		return (EPERM);
709 	if (mvp->v_type != VDIR)
710 		return (ENOTDIR);
711 
712 	/*
713 	 * get arguments
714 	 *
715 	 * nfs_args is now versioned and is extensible, so
716 	 * uap->datalen might be different from sizeof (args)
717 	 * in a compatible situation.
718 	 */
719 more:
720 	if (!(uap->flags & MS_SYSSPACE)) {
721 		if (args == NULL)
722 			args = kmem_zalloc(sizeof (struct nfs_args), KM_SLEEP);
723 		else
724 			nfs4_free_args(args);
725 		error = nfs4_copyin(data, uap->datalen, args);
726 		if (error) {
727 			if (args) {
728 				kmem_free(args, sizeof (*args));
729 			}
730 			return (error);
731 		}
732 	} else {
733 		args = (struct nfs_args *)data;
734 	}
735 
736 	flags = args->flags;
737 
738 	/*
739 	 * If the request changes the locking type, disallow the remount,
740 	 * because it's questionable whether we can transfer the
741 	 * locking state correctly.
742 	 */
743 	if (uap->flags & MS_REMOUNT) {
744 		if (!(uap->flags & MS_SYSSPACE)) {
745 			nfs4_free_args(args);
746 			kmem_free(args, sizeof (*args));
747 		}
748 		if ((mi = VFTOMI4(vfsp)) != NULL) {
749 			uint_t new_mi_llock;
750 			uint_t old_mi_llock;
751 			new_mi_llock = (flags & NFSMNT_LLOCK) ? 1 : 0;
752 			old_mi_llock = (mi->mi_flags & MI4_LLOCK) ? 1 : 0;
753 			if (old_mi_llock != new_mi_llock)
754 				return (EBUSY);
755 		}
756 		return (0);
757 	}
758 
759 	/*
760 	 * For ephemeral mount trigger stub vnodes, we have two problems
761 	 * to solve: racing threads will likely fail the v_count check, and
762 	 * we want only one to proceed with the mount.
763 	 *
764 	 * For stubs, if the mount has already occurred (via a racing thread),
765 	 * just return success. If not, skip the v_count check and proceed.
766 	 * Note that we are already serialised at this point.
767 	 */
768 	mutex_enter(&mvp->v_lock);
769 	if (vn_matchops(mvp, nfs4_trigger_vnodeops)) {
770 		/* mntpt is a v4 stub vnode */
771 		ASSERT(RP_ISSTUB(VTOR4(mvp)));
772 		ASSERT(!(uap->flags & MS_OVERLAY));
773 		ASSERT(!(mvp->v_flag & VROOT));
774 		if (vn_mountedvfs(mvp) != NULL) {
775 			/* ephemeral mount has already occurred */
776 			ASSERT(uap->flags & MS_SYSSPACE);
777 			mutex_exit(&mvp->v_lock);
778 			return (0);
779 		}
780 	} else {
781 		/* mntpt is a non-v4 or v4 non-stub vnode */
782 		if (!(uap->flags & MS_OVERLAY) &&
783 		    (mvp->v_count != 1 || (mvp->v_flag & VROOT))) {
784 			mutex_exit(&mvp->v_lock);
785 			if (!(uap->flags & MS_SYSSPACE)) {
786 				nfs4_free_args(args);
787 				kmem_free(args, sizeof (*args));
788 			}
789 			return (EBUSY);
790 		}
791 	}
792 	mutex_exit(&mvp->v_lock);
793 
794 	/* make sure things are zeroed for errout: */
795 	rtvp = NULL;
796 	mi = NULL;
797 	secdata = NULL;
798 
799 	/*
800 	 * A valid knetconfig structure is required.
801 	 */
802 	if (!(flags & NFSMNT_KNCONF) ||
803 	    args->knconf == NULL || args->knconf->knc_protofmly == NULL ||
804 	    args->knconf->knc_proto == NULL ||
805 	    (strcmp(args->knconf->knc_proto, NC_UDP) == 0)) {
806 		if (!(uap->flags & MS_SYSSPACE)) {
807 			nfs4_free_args(args);
808 			kmem_free(args, sizeof (*args));
809 		}
810 		return (EINVAL);
811 	}
812 
813 	if ((strlen(args->knconf->knc_protofmly) >= KNC_STRSIZE) ||
814 	    (strlen(args->knconf->knc_proto) >= KNC_STRSIZE)) {
815 		if (!(uap->flags & MS_SYSSPACE)) {
816 			nfs4_free_args(args);
817 			kmem_free(args, sizeof (*args));
818 		}
819 		return (EINVAL);
820 	}
821 
822 	/*
823 	 * Allocate a servinfo4 struct.
824 	 */
825 	svp = kmem_zalloc(sizeof (*svp), KM_SLEEP);
826 	nfs_rw_init(&svp->sv_lock, NULL, RW_DEFAULT, NULL);
827 	if (svp_tail) {
828 		svp_2ndlast = svp_tail;
829 		svp_tail->sv_next = svp;
830 	} else {
831 		svp_head = svp;
832 		svp_2ndlast = svp;
833 	}
834 
835 	svp_tail = svp;
836 	svp->sv_knconf = args->knconf;
837 	args->knconf = NULL;
838 
839 	/*
840 	 * Get server address
841 	 */
842 	if (args->addr == NULL || args->addr->buf == NULL) {
843 		error = EINVAL;
844 		goto errout;
845 	}
846 
847 	svp->sv_addr.maxlen = args->addr->maxlen;
848 	svp->sv_addr.len = args->addr->len;
849 	svp->sv_addr.buf = args->addr->buf;
850 	args->addr->buf = NULL;
851 
852 	/*
853 	 * Get the root fhandle
854 	 */
855 	if (args->fh == NULL || (strlen(args->fh) >= MAXPATHLEN)) {
856 		error = EINVAL;
857 		goto errout;
858 	}
859 
860 	svp->sv_path = args->fh;
861 	svp->sv_pathlen = strlen(args->fh) + 1;
862 	args->fh = NULL;
863 
864 	/*
865 	 * Get server's hostname
866 	 */
867 	if (flags & NFSMNT_HOSTNAME) {
868 		if (args->hostname == NULL || (strlen(args->hostname) >
869 		    MAXNETNAMELEN)) {
870 			error = EINVAL;
871 			goto errout;
872 		}
873 		svp->sv_hostnamelen = strlen(args->hostname) + 1;
874 		svp->sv_hostname = args->hostname;
875 		args->hostname = NULL;
876 	} else {
877 		char *p = "unknown-host";
878 		svp->sv_hostnamelen = strlen(p) + 1;
879 		svp->sv_hostname = kmem_zalloc(svp->sv_hostnamelen, KM_SLEEP);
880 		(void) strcpy(svp->sv_hostname, p);
881 	}
882 
883 	/*
884 	 * RDMA MOUNT SUPPORT FOR NFS v4.
885 	 * Establish, is it possible to use RDMA, if so overload the
886 	 * knconf with rdma specific knconf and free the orignal knconf.
887 	 */
888 	if ((flags & NFSMNT_TRYRDMA) || (flags & NFSMNT_DORDMA)) {
889 		/*
890 		 * Determine the addr type for RDMA, IPv4 or v6.
891 		 */
892 		if (strcmp(svp->sv_knconf->knc_protofmly, NC_INET) == 0)
893 			addr_type = AF_INET;
894 		else if (strcmp(svp->sv_knconf->knc_protofmly, NC_INET6) == 0)
895 			addr_type = AF_INET6;
896 
897 		if (rdma_reachable(addr_type, &svp->sv_addr,
898 		    &rdma_knconf) == 0) {
899 			/*
900 			 * If successful, hijack the orignal knconf and
901 			 * replace with the new one, depending on the flags.
902 			 */
903 			svp->sv_origknconf = svp->sv_knconf;
904 			svp->sv_knconf = rdma_knconf;
905 		} else {
906 			if (flags & NFSMNT_TRYRDMA) {
907 #ifdef	DEBUG
908 				if (rdma_debug)
909 					zcmn_err(getzoneid(), CE_WARN,
910 					    "no RDMA onboard, revert\n");
911 #endif
912 			}
913 
914 			if (flags & NFSMNT_DORDMA) {
915 				/*
916 				 * If proto=rdma is specified and no RDMA
917 				 * path to this server is avialable then
918 				 * ditch this server.
919 				 * This is not included in the mountable
920 				 * server list or the replica list.
921 				 * Check if more servers are specified;
922 				 * Failover case, otherwise bail out of mount.
923 				 */
924 				if (args->nfs_args_ext == NFS_ARGS_EXTB &&
925 				    args->nfs_ext_u.nfs_extB.next != NULL) {
926 					data = (char *)
927 					    args->nfs_ext_u.nfs_extB.next;
928 					if (uap->flags & MS_RDONLY &&
929 					    !(flags & NFSMNT_SOFT)) {
930 						if (svp_head->sv_next == NULL) {
931 							svp_tail = NULL;
932 							svp_2ndlast = NULL;
933 							sv4_free(svp_head);
934 							goto more;
935 						} else {
936 							svp_tail = svp_2ndlast;
937 							svp_2ndlast->sv_next =
938 							    NULL;
939 							sv4_free(svp);
940 							goto more;
941 						}
942 					}
943 				} else {
944 					/*
945 					 * This is the last server specified
946 					 * in the nfs_args list passed down
947 					 * and its not rdma capable.
948 					 */
949 					if (svp_head->sv_next == NULL) {
950 						/*
951 						 * Is this the only one
952 						 */
953 						error = EINVAL;
954 #ifdef	DEBUG
955 						if (rdma_debug)
956 							zcmn_err(getzoneid(),
957 							    CE_WARN,
958 							    "No RDMA srv");
959 #endif
960 						goto errout;
961 					} else {
962 						/*
963 						 * There is list, since some
964 						 * servers specified before
965 						 * this passed all requirements
966 						 */
967 						svp_tail = svp_2ndlast;
968 						svp_2ndlast->sv_next = NULL;
969 						sv4_free(svp);
970 						goto proceed;
971 					}
972 				}
973 			}
974 		}
975 	}
976 
977 	/*
978 	 * If there are syncaddr and netname data, load them in. This is
979 	 * to support data needed for NFSV4 when AUTH_DH is the negotiated
980 	 * flavor via SECINFO. (instead of using MOUNT protocol in V3).
981 	 */
982 	if (args->flags & NFSMNT_SECURE) {
983 		svp->sv_dhsec = create_authdh_data(args->netname,
984 		    strlen(args->netname),
985 		    args->syncaddr, svp->sv_knconf);
986 	}
987 
988 	/*
989 	 * Get the extention data which has the security data structure.
990 	 * This includes data for AUTH_SYS as well.
991 	 */
992 	if (flags & NFSMNT_NEWARGS) {
993 		switch (args->nfs_args_ext) {
994 		case NFS_ARGS_EXTA:
995 		case NFS_ARGS_EXTB:
996 			/*
997 			 * Indicating the application is using the new
998 			 * sec_data structure to pass in the security
999 			 * data.
1000 			 */
1001 			secdata = args->nfs_ext_u.nfs_extA.secdata;
1002 			if (secdata == NULL) {
1003 				error = EINVAL;
1004 			} else if (uap->flags & MS_SYSSPACE) {
1005 				/*
1006 				 * Need to validate the flavor here if
1007 				 * sysspace, userspace was already
1008 				 * validate from the nfs_copyin function.
1009 				 */
1010 				switch (secdata->rpcflavor) {
1011 				case AUTH_NONE:
1012 				case AUTH_UNIX:
1013 				case AUTH_LOOPBACK:
1014 				case AUTH_DES:
1015 				case RPCSEC_GSS:
1016 					break;
1017 				default:
1018 					error = EINVAL;
1019 					goto errout;
1020 				}
1021 			}
1022 			args->nfs_ext_u.nfs_extA.secdata = NULL;
1023 			break;
1024 
1025 		default:
1026 			error = EINVAL;
1027 			break;
1028 		}
1029 
1030 	} else if (flags & NFSMNT_SECURE) {
1031 		/*
1032 		 * NFSMNT_SECURE is deprecated but we keep it
1033 		 * to support the rogue user-generated application
1034 		 * that may use this undocumented interface to do
1035 		 * AUTH_DH security, e.g. our own rexd.
1036 		 *
1037 		 * Also note that NFSMNT_SECURE is used for passing
1038 		 * AUTH_DH info to be used in negotiation.
1039 		 */
1040 		secdata = create_authdh_data(args->netname,
1041 		    strlen(args->netname), args->syncaddr, svp->sv_knconf);
1042 
1043 	} else {
1044 		secdata = kmem_alloc(sizeof (*secdata), KM_SLEEP);
1045 		secdata->secmod = secdata->rpcflavor = AUTH_SYS;
1046 		secdata->data = NULL;
1047 	}
1048 
1049 	svp->sv_secdata = secdata;
1050 
1051 	/*
1052 	 * User does not explictly specify a flavor, and a user
1053 	 * defined default flavor is passed down.
1054 	 */
1055 	if (flags & NFSMNT_SECDEFAULT) {
1056 		(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
1057 		svp->sv_flags |= SV4_TRYSECDEFAULT;
1058 		nfs_rw_exit(&svp->sv_lock);
1059 	}
1060 
1061 	/*
1062 	 * Failover support:
1063 	 *
1064 	 * We may have a linked list of nfs_args structures,
1065 	 * which means the user is looking for failover.  If
1066 	 * the mount is either not "read-only" or "soft",
1067 	 * we want to bail out with EINVAL.
1068 	 */
1069 	if (args->nfs_args_ext == NFS_ARGS_EXTB &&
1070 	    args->nfs_ext_u.nfs_extB.next != NULL) {
1071 		if (uap->flags & MS_RDONLY && !(flags & NFSMNT_SOFT)) {
1072 			data = (char *)args->nfs_ext_u.nfs_extB.next;
1073 			goto more;
1074 		}
1075 		error = EINVAL;
1076 		goto errout;
1077 	}
1078 
1079 	/*
1080 	 * Determine the zone we're being mounted into.
1081 	 */
1082 	zone_hold(mntzone = zone);		/* start with this assumption */
1083 	if (getzoneid() == GLOBAL_ZONEID) {
1084 		zone_rele(mntzone);
1085 		mntzone = zone_find_by_path(refstr_value(vfsp->vfs_mntpt));
1086 		ASSERT(mntzone != NULL);
1087 		if (mntzone != zone) {
1088 			error = EBUSY;
1089 			goto errout;
1090 		}
1091 	}
1092 
1093 	if (is_system_labeled()) {
1094 		error = nfs_mount_label_policy(vfsp, &svp->sv_addr,
1095 		    svp->sv_knconf, cr);
1096 
1097 		if (error > 0)
1098 			goto errout;
1099 
1100 		if (error == -1) {
1101 			/* change mount to read-only to prevent write-down */
1102 			vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
1103 		}
1104 	}
1105 
1106 	/*
1107 	 * Stop the mount from going any further if the zone is going away.
1108 	 */
1109 	if (zone_status_get(mntzone) >= ZONE_IS_SHUTTING_DOWN) {
1110 		error = EBUSY;
1111 		goto errout;
1112 	}
1113 
1114 	/*
1115 	 * Get root vnode.
1116 	 */
1117 proceed:
1118 	error = nfs4rootvp(&rtvp, vfsp, svp_head, flags, cr, mntzone);
1119 	if (error) {
1120 		/* if nfs4rootvp failed, it will free svp_head */
1121 		svp_head = NULL;
1122 		goto errout;
1123 	}
1124 
1125 	mi = VTOMI4(rtvp);
1126 
1127 	/*
1128 	 * Send client id to the server, if necessary
1129 	 */
1130 	nfs4_error_zinit(&n4e);
1131 	nfs4setclientid(mi, cr, FALSE, &n4e);
1132 
1133 	error = n4e.error;
1134 
1135 	if (error)
1136 		goto errout;
1137 
1138 	/*
1139 	 * Set option fields in the mount info record
1140 	 */
1141 
1142 	if (svp_head->sv_next) {
1143 		mutex_enter(&mi->mi_lock);
1144 		mi->mi_flags |= MI4_LLOCK;
1145 		mutex_exit(&mi->mi_lock);
1146 	}
1147 	error = nfs4_setopts(rtvp, DATAMODEL_NATIVE, args);
1148 	if (error)
1149 		goto errout;
1150 
1151 	/*
1152 	 * Time to tie in the mirror mount info at last!
1153 	 */
1154 	if (flags & NFSMNT_EPHEMERAL)
1155 		nfs4_record_ephemeral_mount(mi, mvp);
1156 
1157 errout:
1158 	if (error) {
1159 		if (rtvp != NULL) {
1160 			rp = VTOR4(rtvp);
1161 			if (rp->r_flags & R4HASHED)
1162 				rp4_rmhash(rp);
1163 		}
1164 		if (mi != NULL) {
1165 			nfs4_async_stop(vfsp);
1166 			nfs4_async_manager_stop(vfsp);
1167 			nfs4_remove_mi_from_server(mi, NULL);
1168 			if (rtvp != NULL)
1169 				VN_RELE(rtvp);
1170 			if (mntzone != NULL)
1171 				zone_rele(mntzone);
1172 			/* need to remove it from the zone */
1173 			removed = nfs4_mi_zonelist_remove(mi);
1174 			if (removed)
1175 				zone_rele(mi->mi_zone);
1176 			MI4_RELE(mi);
1177 			if (!(uap->flags & MS_SYSSPACE) && args) {
1178 				nfs4_free_args(args);
1179 				kmem_free(args, sizeof (*args));
1180 			}
1181 			return (error);
1182 		}
1183 		if (svp_head)
1184 			sv4_free(svp_head);
1185 	}
1186 
1187 	if (!(uap->flags & MS_SYSSPACE) && args) {
1188 		nfs4_free_args(args);
1189 		kmem_free(args, sizeof (*args));
1190 	}
1191 	if (rtvp != NULL)
1192 		VN_RELE(rtvp);
1193 
1194 	if (mntzone != NULL)
1195 		zone_rele(mntzone);
1196 
1197 	return (error);
1198 }
1199 
1200 #ifdef  DEBUG
1201 #define	VERS_MSG	"NFS4 server "
1202 #else
1203 #define	VERS_MSG	"NFS server "
1204 #endif
1205 
1206 #define	READ_MSG        \
1207 	VERS_MSG "%s returned 0 for read transfer size"
1208 #define	WRITE_MSG       \
1209 	VERS_MSG "%s returned 0 for write transfer size"
1210 #define	SIZE_MSG        \
1211 	VERS_MSG "%s returned 0 for maximum file size"
1212 
1213 /*
1214  * Get the symbolic link text from the server for a given filehandle
1215  * of that symlink.
1216  *
1217  *      (get symlink text) PUTFH READLINK
1218  */
1219 static int
1220 getlinktext_otw(mntinfo4_t *mi, nfs_fh4 *fh, char **linktextp, cred_t *cr,
1221     int flags)
1222 {
1223 	COMPOUND4args_clnt args;
1224 	COMPOUND4res_clnt res;
1225 	int doqueue;
1226 	nfs_argop4 argop[2];
1227 	nfs_resop4 *resop;
1228 	READLINK4res *lr_res;
1229 	uint_t len;
1230 	bool_t needrecov = FALSE;
1231 	nfs4_recov_state_t recov_state;
1232 	nfs4_sharedfh_t *sfh;
1233 	nfs4_error_t e;
1234 	int num_retry = nfs4_max_mount_retry;
1235 	int recovery = !(flags & NFS4_GETFH_NEEDSOP);
1236 
1237 	sfh = sfh4_get(fh, mi);
1238 	recov_state.rs_flags = 0;
1239 	recov_state.rs_num_retry_despite_err = 0;
1240 
1241 recov_retry:
1242 	nfs4_error_zinit(&e);
1243 
1244 	args.array_len = 2;
1245 	args.array = argop;
1246 	args.ctag = TAG_GET_SYMLINK;
1247 
1248 	if (! recovery) {
1249 		e.error = nfs4_start_op(mi, NULL, NULL, &recov_state);
1250 		if (e.error) {
1251 			sfh4_rele(&sfh);
1252 			return (e.error);
1253 		}
1254 	}
1255 
1256 	/* 0. putfh symlink fh */
1257 	argop[0].argop = OP_CPUTFH;
1258 	argop[0].nfs_argop4_u.opcputfh.sfh = sfh;
1259 
1260 	/* 1. readlink */
1261 	argop[1].argop = OP_READLINK;
1262 
1263 	doqueue = 1;
1264 
1265 	rfs4call(mi, &args, &res, cr, &doqueue, 0, &e);
1266 
1267 	needrecov = nfs4_needs_recovery(&e, FALSE, mi->mi_vfsp);
1268 
1269 	if (needrecov && !recovery && num_retry-- > 0) {
1270 
1271 		NFS4_DEBUG(nfs4_client_recov_debug, (CE_NOTE,
1272 		    "getlinktext_otw: initiating recovery\n"));
1273 
1274 		if (nfs4_start_recovery(&e, mi, NULL, NULL, NULL, NULL,
1275 		    OP_READLINK, NULL) == FALSE) {
1276 			nfs4_end_op(mi, NULL, NULL, &recov_state, needrecov);
1277 			if (!e.error)
1278 				(void) xdr_free(xdr_COMPOUND4res_clnt,
1279 				    (caddr_t)&res);
1280 			goto recov_retry;
1281 		}
1282 	}
1283 
1284 	/*
1285 	 * If non-NFS4 pcol error and/or we weren't able to recover.
1286 	 */
1287 	if (e.error != 0) {
1288 		if (! recovery)
1289 			nfs4_end_op(mi, NULL, NULL, &recov_state, needrecov);
1290 		sfh4_rele(&sfh);
1291 		return (e.error);
1292 	}
1293 
1294 	if (res.status) {
1295 		e.error = geterrno4(res.status);
1296 		(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
1297 		if (! recovery)
1298 			nfs4_end_op(mi, NULL, NULL, &recov_state, needrecov);
1299 		sfh4_rele(&sfh);
1300 		return (e.error);
1301 	}
1302 
1303 	/* res.status == NFS4_OK */
1304 	ASSERT(res.status == NFS4_OK);
1305 
1306 	resop = &res.array[1];  /* readlink res */
1307 	lr_res = &resop->nfs_resop4_u.opreadlink;
1308 
1309 	/* treat symlink name as data */
1310 	*linktextp = utf8_to_str(&lr_res->link, &len, NULL);
1311 
1312 	if (! recovery)
1313 		nfs4_end_op(mi, NULL, NULL, &recov_state, needrecov);
1314 	sfh4_rele(&sfh);
1315 	(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
1316 	return (0);
1317 }
1318 
1319 /*
1320  * Skip over consecutive slashes and "/./" in a pathname.
1321  */
1322 void
1323 pathname_skipslashdot(struct pathname *pnp)
1324 {
1325 	char *c1, *c2;
1326 
1327 	while (pnp->pn_pathlen > 0 && *pnp->pn_path == '/') {
1328 
1329 		c1 = pnp->pn_path + 1;
1330 		c2 = pnp->pn_path + 2;
1331 
1332 		if (*c1 == '.' && (*c2 == '/' || *c2 == '\0')) {
1333 			pnp->pn_path = pnp->pn_path + 2; /* skip "/." */
1334 			pnp->pn_pathlen = pnp->pn_pathlen - 2;
1335 		} else {
1336 			pnp->pn_path++;
1337 			pnp->pn_pathlen--;
1338 		}
1339 	}
1340 }
1341 
1342 /*
1343  * Resolve a symbolic link path. The symlink is in the nth component of
1344  * svp->sv_path and has an nfs4 file handle "fh".
1345  * Upon return, the sv_path will point to the new path that has the nth
1346  * component resolved to its symlink text.
1347  */
1348 int
1349 resolve_sympath(mntinfo4_t *mi, servinfo4_t *svp, int nth, nfs_fh4 *fh,
1350     cred_t *cr, int flags)
1351 {
1352 	char *oldpath;
1353 	char *symlink, *newpath;
1354 	struct pathname oldpn, newpn;
1355 	char component[MAXNAMELEN];
1356 	int i, addlen, error = 0;
1357 	int oldpathlen;
1358 
1359 	/* Get the symbolic link text over the wire. */
1360 	error = getlinktext_otw(mi, fh, &symlink, cr, flags);
1361 
1362 	if (error || symlink == NULL || strlen(symlink) == 0)
1363 		return (error);
1364 
1365 	/*
1366 	 * Compose the new pathname.
1367 	 * Note:
1368 	 *    - only the nth component is resolved for the pathname.
1369 	 *    - pathname.pn_pathlen does not count the ending null byte.
1370 	 */
1371 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
1372 	oldpath = svp->sv_path;
1373 	oldpathlen = svp->sv_pathlen;
1374 	if (error = pn_get(oldpath, UIO_SYSSPACE, &oldpn)) {
1375 		nfs_rw_exit(&svp->sv_lock);
1376 		kmem_free(symlink, strlen(symlink) + 1);
1377 		return (error);
1378 	}
1379 	nfs_rw_exit(&svp->sv_lock);
1380 	pn_alloc(&newpn);
1381 
1382 	/*
1383 	 * Skip over previous components from the oldpath so that the
1384 	 * oldpn.pn_path will point to the symlink component. Skip
1385 	 * leading slashes and "/./" (no OP_LOOKUP on ".") so that
1386 	 * pn_getcompnent can get the component.
1387 	 */
1388 	for (i = 1; i < nth; i++) {
1389 		pathname_skipslashdot(&oldpn);
1390 		error = pn_getcomponent(&oldpn, component);
1391 		if (error)
1392 			goto out;
1393 	}
1394 
1395 	/*
1396 	 * Copy the old path upto the component right before the symlink
1397 	 * if the symlink is not an absolute path.
1398 	 */
1399 	if (symlink[0] != '/') {
1400 		addlen = oldpn.pn_path - oldpn.pn_buf;
1401 		bcopy(oldpn.pn_buf, newpn.pn_path, addlen);
1402 		newpn.pn_pathlen += addlen;
1403 		newpn.pn_path += addlen;
1404 		newpn.pn_buf[newpn.pn_pathlen] = '/';
1405 		newpn.pn_pathlen++;
1406 		newpn.pn_path++;
1407 	}
1408 
1409 	/* copy the resolved symbolic link text */
1410 	addlen = strlen(symlink);
1411 	if (newpn.pn_pathlen + addlen >= newpn.pn_bufsize) {
1412 		error = ENAMETOOLONG;
1413 		goto out;
1414 	}
1415 	bcopy(symlink, newpn.pn_path, addlen);
1416 	newpn.pn_pathlen += addlen;
1417 	newpn.pn_path += addlen;
1418 
1419 	/*
1420 	 * Check if there is any remaining path after the symlink component.
1421 	 * First, skip the symlink component.
1422 	 */
1423 	pathname_skipslashdot(&oldpn);
1424 	if (error = pn_getcomponent(&oldpn, component))
1425 		goto out;
1426 
1427 	addlen = pn_pathleft(&oldpn); /* includes counting the slash */
1428 
1429 	/*
1430 	 * Copy the remaining path to the new pathname if there is any.
1431 	 */
1432 	if (addlen > 0) {
1433 		if (newpn.pn_pathlen + addlen >= newpn.pn_bufsize) {
1434 			error = ENAMETOOLONG;
1435 			goto out;
1436 		}
1437 		bcopy(oldpn.pn_path, newpn.pn_path, addlen);
1438 		newpn.pn_pathlen += addlen;
1439 	}
1440 	newpn.pn_buf[newpn.pn_pathlen] = '\0';
1441 
1442 	/* get the newpath and store it in the servinfo4_t */
1443 	newpath = kmem_alloc(newpn.pn_pathlen + 1, KM_SLEEP);
1444 	bcopy(newpn.pn_buf, newpath, newpn.pn_pathlen);
1445 	newpath[newpn.pn_pathlen] = '\0';
1446 
1447 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
1448 	svp->sv_path = newpath;
1449 	svp->sv_pathlen = strlen(newpath) + 1;
1450 	nfs_rw_exit(&svp->sv_lock);
1451 
1452 	kmem_free(oldpath, oldpathlen);
1453 out:
1454 	kmem_free(symlink, strlen(symlink) + 1);
1455 	pn_free(&newpn);
1456 	pn_free(&oldpn);
1457 
1458 	return (error);
1459 }
1460 
1461 /*
1462  * Get the root filehandle for the given filesystem and server, and update
1463  * svp.
1464  *
1465  * If NFS4_GETFH_NEEDSOP is set, then use nfs4_start_fop and nfs4_end_fop
1466  * to coordinate with recovery.  Otherwise, the caller is assumed to be
1467  * the recovery thread or have already done a start_fop.
1468  *
1469  * Errors are returned by the nfs4_error_t parameter.
1470  */
1471 
1472 static void
1473 nfs4getfh_otw(struct mntinfo4 *mi, servinfo4_t *svp, vtype_t *vtp,
1474     int flags, cred_t *cr, nfs4_error_t *ep)
1475 {
1476 	COMPOUND4args_clnt args;
1477 	COMPOUND4res_clnt res;
1478 	int doqueue = 1;
1479 	nfs_argop4 *argop;
1480 	nfs_resop4 *resop;
1481 	nfs4_ga_res_t *garp;
1482 	int num_argops;
1483 	lookup4_param_t lookuparg;
1484 	nfs_fh4 *tmpfhp;
1485 	nfs_fh4 *resfhp;
1486 	bool_t needrecov = FALSE;
1487 	nfs4_recov_state_t recov_state;
1488 	int llndx;
1489 	int nthcomp;
1490 	int recovery = !(flags & NFS4_GETFH_NEEDSOP);
1491 
1492 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
1493 	ASSERT(svp->sv_path != NULL);
1494 	if (svp->sv_path[0] == '\0') {
1495 		nfs_rw_exit(&svp->sv_lock);
1496 		nfs4_error_init(ep, EINVAL);
1497 		return;
1498 	}
1499 	nfs_rw_exit(&svp->sv_lock);
1500 
1501 	recov_state.rs_flags = 0;
1502 	recov_state.rs_num_retry_despite_err = 0;
1503 recov_retry:
1504 	nfs4_error_zinit(ep);
1505 
1506 	if (!recovery) {
1507 		ep->error = nfs4_start_fop(mi, NULL, NULL, OH_MOUNT,
1508 		    &recov_state, NULL);
1509 
1510 		/*
1511 		 * If recovery has been started and this request as
1512 		 * initiated by a mount, then we must wait for recovery
1513 		 * to finish before proceeding, otherwise, the error
1514 		 * cleanup would remove data structures needed by the
1515 		 * recovery thread.
1516 		 */
1517 		if (ep->error) {
1518 			mutex_enter(&mi->mi_lock);
1519 			if (mi->mi_flags & MI4_MOUNTING) {
1520 				mi->mi_flags |= MI4_RECOV_FAIL;
1521 				mi->mi_error = EIO;
1522 
1523 				NFS4_DEBUG(nfs4_client_recov_debug, (CE_NOTE,
1524 				    "nfs4getfh_otw: waiting 4 recovery\n"));
1525 
1526 				while (mi->mi_flags & MI4_RECOV_ACTIV)
1527 					cv_wait(&mi->mi_failover_cv,
1528 					    &mi->mi_lock);
1529 			}
1530 			mutex_exit(&mi->mi_lock);
1531 			return;
1532 		}
1533 
1534 		/*
1535 		 * If the client does not specify a specific flavor to use
1536 		 * and has not gotten a secinfo list from the server yet,
1537 		 * retrieve the secinfo list from the server and use a
1538 		 * flavor from the list to mount.
1539 		 *
1540 		 * If fail to get the secinfo list from the server, then
1541 		 * try the default flavor.
1542 		 */
1543 		if ((svp->sv_flags & SV4_TRYSECDEFAULT) &&
1544 		    svp->sv_secinfo == NULL) {
1545 			(void) nfs4_secinfo_path(mi, cr, FALSE);
1546 		}
1547 	}
1548 
1549 	if (recovery)
1550 		args.ctag = TAG_REMAP_MOUNT;
1551 	else
1552 		args.ctag = TAG_MOUNT;
1553 
1554 	lookuparg.l4_getattrs = LKP4_ALL_ATTRIBUTES;
1555 	lookuparg.argsp = &args;
1556 	lookuparg.resp = &res;
1557 	lookuparg.header_len = 2;	/* Putrootfh, getfh */
1558 	lookuparg.trailer_len = 0;
1559 	lookuparg.ga_bits = FATTR4_FSINFO_MASK;
1560 	lookuparg.mi = mi;
1561 
1562 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
1563 	ASSERT(svp->sv_path != NULL);
1564 	llndx = nfs4lookup_setup(svp->sv_path, &lookuparg, 0);
1565 	nfs_rw_exit(&svp->sv_lock);
1566 
1567 	argop = args.array;
1568 	num_argops = args.array_len;
1569 
1570 	/* choose public or root filehandle */
1571 	if (flags & NFS4_GETFH_PUBLIC)
1572 		argop[0].argop = OP_PUTPUBFH;
1573 	else
1574 		argop[0].argop = OP_PUTROOTFH;
1575 
1576 	/* get fh */
1577 	argop[1].argop = OP_GETFH;
1578 
1579 	NFS4_DEBUG(nfs4_client_call_debug, (CE_NOTE,
1580 	    "nfs4getfh_otw: %s call, mi 0x%p",
1581 	    needrecov ? "recov" : "first", (void *)mi));
1582 
1583 	rfs4call(mi, &args, &res, cr, &doqueue, RFSCALL_SOFT, ep);
1584 
1585 	needrecov = nfs4_needs_recovery(ep, FALSE, mi->mi_vfsp);
1586 
1587 	if (needrecov) {
1588 		bool_t abort;
1589 
1590 		if (recovery) {
1591 			nfs4args_lookup_free(argop, num_argops);
1592 			kmem_free(argop,
1593 			    lookuparg.arglen * sizeof (nfs_argop4));
1594 			if (!ep->error)
1595 				(void) xdr_free(xdr_COMPOUND4res_clnt,
1596 				    (caddr_t)&res);
1597 			return;
1598 		}
1599 
1600 		NFS4_DEBUG(nfs4_client_recov_debug,
1601 		    (CE_NOTE, "nfs4getfh_otw: initiating recovery\n"));
1602 
1603 		abort = nfs4_start_recovery(ep, mi, NULL,
1604 		    NULL, NULL, NULL, OP_GETFH, NULL);
1605 		if (!ep->error) {
1606 			ep->error = geterrno4(res.status);
1607 			(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
1608 		}
1609 		nfs4args_lookup_free(argop, num_argops);
1610 		kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
1611 		nfs4_end_fop(mi, NULL, NULL, OH_MOUNT, &recov_state, needrecov);
1612 		/* have another go? */
1613 		if (abort == FALSE)
1614 			goto recov_retry;
1615 		return;
1616 	}
1617 
1618 	/*
1619 	 * No recovery, but check if error is set.
1620 	 */
1621 	if (ep->error)  {
1622 		nfs4args_lookup_free(argop, num_argops);
1623 		kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
1624 		if (!recovery)
1625 			nfs4_end_fop(mi, NULL, NULL, OH_MOUNT, &recov_state,
1626 			    needrecov);
1627 		return;
1628 	}
1629 
1630 is_link_err:
1631 
1632 	/* for non-recovery errors */
1633 	if (res.status && res.status != NFS4ERR_SYMLINK) {
1634 		if (!recovery) {
1635 			nfs4_end_fop(mi, NULL, NULL, OH_MOUNT, &recov_state,
1636 			    needrecov);
1637 		}
1638 		nfs4args_lookup_free(argop, num_argops);
1639 		kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
1640 		(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
1641 		return;
1642 	}
1643 
1644 	/*
1645 	 * If any intermediate component in the path is a symbolic link,
1646 	 * resolve the symlink, then try mount again using the new path.
1647 	 */
1648 	if (res.status == NFS4ERR_SYMLINK) {
1649 		int where;
1650 
1651 		/*
1652 		 * This must be from OP_LOOKUP failure. The (cfh) for this
1653 		 * OP_LOOKUP is a symlink node. Found out where the
1654 		 * OP_GETFH is for the (cfh) that is a symlink node.
1655 		 *
1656 		 * Example:
1657 		 * (mount) PUTROOTFH, GETFH, LOOKUP comp1, GETFH, GETATTR,
1658 		 * LOOKUP comp2, GETFH, GETATTR, LOOKUP comp3, GETFH, GETATTR
1659 		 *
1660 		 * LOOKUP comp3 fails with SYMLINK because comp2 is a symlink.
1661 		 * In this case, where = 7, nthcomp = 2.
1662 		 */
1663 		where = res.array_len - 2;
1664 		ASSERT(where > 0);
1665 
1666 		resop = &res.array[where - 1];
1667 		ASSERT(resop->resop == OP_GETFH);
1668 		tmpfhp = &resop->nfs_resop4_u.opgetfh.object;
1669 		nthcomp = res.array_len/3 - 1;
1670 
1671 		/*
1672 		 * Need to call nfs4_end_op before resolve_sympath to avoid
1673 		 * potential nfs4_start_op deadlock.
1674 		 */
1675 		if (!recovery)
1676 			nfs4_end_fop(mi, NULL, NULL, OH_MOUNT, &recov_state,
1677 			    needrecov);
1678 
1679 		ep->error = resolve_sympath(mi, svp, nthcomp, tmpfhp, cr,
1680 		    flags);
1681 
1682 		nfs4args_lookup_free(argop, num_argops);
1683 		kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
1684 		(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
1685 
1686 		if (ep->error)
1687 			return;
1688 
1689 		goto recov_retry;
1690 	}
1691 
1692 	/* getfh */
1693 	resop = &res.array[res.array_len - 2];
1694 	ASSERT(resop->resop == OP_GETFH);
1695 	resfhp = &resop->nfs_resop4_u.opgetfh.object;
1696 
1697 	/* getattr fsinfo res */
1698 	resop++;
1699 	garp = &resop->nfs_resop4_u.opgetattr.ga_res;
1700 
1701 	*vtp = garp->n4g_va.va_type;
1702 
1703 	mi->mi_fh_expire_type = garp->n4g_ext_res->n4g_fet;
1704 
1705 	mutex_enter(&mi->mi_lock);
1706 	if (garp->n4g_ext_res->n4g_pc4.pc4_link_support)
1707 		mi->mi_flags |= MI4_LINK;
1708 	if (garp->n4g_ext_res->n4g_pc4.pc4_symlink_support)
1709 		mi->mi_flags |= MI4_SYMLINK;
1710 	if (garp->n4g_ext_res->n4g_suppattrs & FATTR4_ACL_MASK)
1711 		mi->mi_flags |= MI4_ACL;
1712 	mutex_exit(&mi->mi_lock);
1713 
1714 	if (garp->n4g_ext_res->n4g_maxread == 0)
1715 		mi->mi_tsize =
1716 		    MIN(MAXBSIZE, mi->mi_tsize);
1717 	else
1718 		mi->mi_tsize =
1719 		    MIN(garp->n4g_ext_res->n4g_maxread,
1720 		    mi->mi_tsize);
1721 
1722 	if (garp->n4g_ext_res->n4g_maxwrite == 0)
1723 		mi->mi_stsize =
1724 		    MIN(MAXBSIZE, mi->mi_stsize);
1725 	else
1726 		mi->mi_stsize =
1727 		    MIN(garp->n4g_ext_res->n4g_maxwrite,
1728 		    mi->mi_stsize);
1729 
1730 	if (garp->n4g_ext_res->n4g_maxfilesize != 0)
1731 		mi->mi_maxfilesize =
1732 		    MIN(garp->n4g_ext_res->n4g_maxfilesize,
1733 		    mi->mi_maxfilesize);
1734 
1735 	/*
1736 	 * If the final component is a a symbolic link, resolve the symlink,
1737 	 * then try mount again using the new path.
1738 	 *
1739 	 * Assume no symbolic link for root filesysm "/".
1740 	 */
1741 	if (*vtp == VLNK) {
1742 		/*
1743 		 * nthcomp is the total result length minus
1744 		 * the 1st 2 OPs (PUTROOTFH, GETFH),
1745 		 * then divided by 3 (LOOKUP,GETFH,GETATTR)
1746 		 *
1747 		 * e.g. PUTROOTFH GETFH LOOKUP 1st-comp GETFH GETATTR
1748 		 *	LOOKUP 2nd-comp GETFH GETATTR
1749 		 *
1750 		 *	(8 - 2)/3 = 2
1751 		 */
1752 		nthcomp = (res.array_len - 2)/3;
1753 
1754 		/*
1755 		 * Need to call nfs4_end_op before resolve_sympath to avoid
1756 		 * potential nfs4_start_op deadlock. See RFE 4777612.
1757 		 */
1758 		if (!recovery)
1759 			nfs4_end_fop(mi, NULL, NULL, OH_MOUNT, &recov_state,
1760 			    needrecov);
1761 
1762 		ep->error = resolve_sympath(mi, svp, nthcomp, resfhp, cr,
1763 		    flags);
1764 
1765 		nfs4args_lookup_free(argop, num_argops);
1766 		kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
1767 		(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
1768 
1769 		if (ep->error)
1770 			return;
1771 
1772 		goto recov_retry;
1773 	}
1774 
1775 	/*
1776 	 * We need to figure out where in the compound the getfh
1777 	 * for the parent directory is. If the object to be mounted is
1778 	 * the root, then there is no lookup at all:
1779 	 * PUTROOTFH, GETFH.
1780 	 * If the object to be mounted is in the root, then the compound is:
1781 	 * PUTROOTFH, GETFH, LOOKUP, GETFH, GETATTR.
1782 	 * In either of these cases, the index of the GETFH is 1.
1783 	 * If it is not at the root, then it's something like:
1784 	 * PUTROOTFH, GETFH, LOOKUP, GETFH, GETATTR,
1785 	 * LOOKUP, GETFH, GETATTR
1786 	 * In this case, the index is llndx (last lookup index) - 2.
1787 	 */
1788 	if (llndx == -1 || llndx == 2)
1789 		resop = &res.array[1];
1790 	else {
1791 		ASSERT(llndx > 2);
1792 		resop = &res.array[llndx-2];
1793 	}
1794 
1795 	ASSERT(resop->resop == OP_GETFH);
1796 	tmpfhp = &resop->nfs_resop4_u.opgetfh.object;
1797 
1798 	/* save the filehandles for the replica */
1799 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
1800 	ASSERT(tmpfhp->nfs_fh4_len <= NFS4_FHSIZE);
1801 	svp->sv_pfhandle.fh_len = tmpfhp->nfs_fh4_len;
1802 	bcopy(tmpfhp->nfs_fh4_val, svp->sv_pfhandle.fh_buf,
1803 	    tmpfhp->nfs_fh4_len);
1804 	ASSERT(resfhp->nfs_fh4_len <= NFS4_FHSIZE);
1805 	svp->sv_fhandle.fh_len = resfhp->nfs_fh4_len;
1806 	bcopy(resfhp->nfs_fh4_val, svp->sv_fhandle.fh_buf, resfhp->nfs_fh4_len);
1807 
1808 	/* initialize fsid and supp_attrs for server fs */
1809 	svp->sv_fsid = garp->n4g_fsid;
1810 	svp->sv_supp_attrs =
1811 	    garp->n4g_ext_res->n4g_suppattrs | FATTR4_MANDATTR_MASK;
1812 
1813 	nfs_rw_exit(&svp->sv_lock);
1814 
1815 	nfs4args_lookup_free(argop, num_argops);
1816 	kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
1817 	(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
1818 	if (!recovery)
1819 		nfs4_end_fop(mi, NULL, NULL, OH_MOUNT, &recov_state, needrecov);
1820 }
1821 
1822 static ushort_t nfs4_max_threads = 8;	/* max number of active async threads */
1823 static uint_t nfs4_bsize = 32 * 1024;	/* client `block' size */
1824 static uint_t nfs4_async_clusters = 1;	/* # of reqs from each async queue */
1825 static uint_t nfs4_cots_timeo = NFS_COTS_TIMEO;
1826 
1827 /*
1828  * Remap the root filehandle for the given filesystem.
1829  *
1830  * results returned via the nfs4_error_t parameter.
1831  */
1832 void
1833 nfs4_remap_root(mntinfo4_t *mi, nfs4_error_t *ep, int flags)
1834 {
1835 	struct servinfo4 *svp;
1836 	vtype_t vtype;
1837 	nfs_fh4 rootfh;
1838 	int getfh_flags;
1839 	char *orig_sv_path;
1840 	int orig_sv_pathlen, num_retry;
1841 
1842 	mutex_enter(&mi->mi_lock);
1843 
1844 remap_retry:
1845 	svp = mi->mi_curr_serv;
1846 	getfh_flags =
1847 	    (flags & NFS4_REMAP_NEEDSOP) ? NFS4_GETFH_NEEDSOP : 0;
1848 	getfh_flags |=
1849 	    (mi->mi_flags & MI4_PUBLIC) ? NFS4_GETFH_PUBLIC : 0;
1850 	mutex_exit(&mi->mi_lock);
1851 
1852 	/*
1853 	 * Just in case server path being mounted contains
1854 	 * symlinks and fails w/STALE, save the initial sv_path
1855 	 * so we can redrive the initial mount compound with the
1856 	 * initial sv_path -- not a symlink-expanded version.
1857 	 *
1858 	 * This could only happen if a symlink was expanded
1859 	 * and the expanded mount compound failed stale.  Because
1860 	 * it could be the case that the symlink was removed at
1861 	 * the server (and replaced with another symlink/dir,
1862 	 * we need to use the initial sv_path when attempting
1863 	 * to re-lookup everything and recover.
1864 	 */
1865 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
1866 	orig_sv_pathlen = svp->sv_pathlen;
1867 	orig_sv_path = kmem_alloc(orig_sv_pathlen, KM_SLEEP);
1868 	bcopy(svp->sv_path, orig_sv_path, orig_sv_pathlen);
1869 	nfs_rw_exit(&svp->sv_lock);
1870 
1871 	num_retry = nfs4_max_mount_retry;
1872 
1873 	do {
1874 		/*
1875 		 * Get the root fh from the server.  Retry nfs4_max_mount_retry
1876 		 * (2) times if it fails with STALE since the recovery
1877 		 * infrastructure doesn't do STALE recovery for components
1878 		 * of the server path to the object being mounted.
1879 		 */
1880 		nfs4getfh_otw(mi, svp, &vtype, getfh_flags, CRED(), ep);
1881 
1882 		if (ep->error == 0 && ep->stat == NFS4_OK)
1883 			break;
1884 
1885 		/*
1886 		 * For some reason, the mount compound failed.  Before
1887 		 * retrying, we need to restore the original sv_path
1888 		 * because it might have contained symlinks that were
1889 		 * expanded by nfsgetfh_otw before the failure occurred.
1890 		 * replace current sv_path with orig sv_path -- just in case
1891 		 * it changed due to embedded symlinks.
1892 		 */
1893 		(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
1894 		if (orig_sv_pathlen != svp->sv_pathlen) {
1895 			kmem_free(svp->sv_path, svp->sv_pathlen);
1896 			svp->sv_path = kmem_alloc(orig_sv_pathlen, KM_SLEEP);
1897 			svp->sv_pathlen = orig_sv_pathlen;
1898 		}
1899 		bcopy(orig_sv_path, svp->sv_path, orig_sv_pathlen);
1900 		nfs_rw_exit(&svp->sv_lock);
1901 
1902 	} while (num_retry-- > 0);
1903 
1904 	kmem_free(orig_sv_path, orig_sv_pathlen);
1905 
1906 	if (ep->error != 0 || ep->stat != 0) {
1907 		return;
1908 	}
1909 
1910 	if (vtype != VNON && vtype != mi->mi_type) {
1911 		/* shouldn't happen */
1912 		zcmn_err(mi->mi_zone->zone_id, CE_WARN,
1913 		    "nfs4_remap_root: server root vnode type (%d) doesn't "
1914 		    "match mount info (%d)", vtype, mi->mi_type);
1915 	}
1916 
1917 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
1918 	rootfh.nfs_fh4_val = svp->sv_fhandle.fh_buf;
1919 	rootfh.nfs_fh4_len = svp->sv_fhandle.fh_len;
1920 	nfs_rw_exit(&svp->sv_lock);
1921 	sfh4_update(mi->mi_rootfh, &rootfh);
1922 
1923 	/*
1924 	 * It's possible that recovery took place on the filesystem
1925 	 * and the server has been updated between the time we did
1926 	 * the nfs4getfh_otw and now. Re-drive the otw operation
1927 	 * to make sure we have a good fh.
1928 	 */
1929 	mutex_enter(&mi->mi_lock);
1930 	if (mi->mi_curr_serv != svp)
1931 		goto remap_retry;
1932 
1933 	mutex_exit(&mi->mi_lock);
1934 }
1935 
1936 static int
1937 nfs4rootvp(vnode_t **rtvpp, vfs_t *vfsp, struct servinfo4 *svp_head,
1938     int flags, cred_t *cr, zone_t *zone)
1939 {
1940 	vnode_t *rtvp = NULL;
1941 	mntinfo4_t *mi;
1942 	dev_t nfs_dev;
1943 	int error = 0;
1944 	rnode4_t *rp;
1945 	int i;
1946 	struct vattr va;
1947 	vtype_t vtype = VNON;
1948 	vtype_t tmp_vtype = VNON;
1949 	struct servinfo4 *firstsvp = NULL, *svp = svp_head;
1950 	nfs4_oo_hash_bucket_t *bucketp;
1951 	nfs_fh4 fh;
1952 	char *droptext = "";
1953 	struct nfs_stats *nfsstatsp;
1954 	nfs4_fname_t *mfname;
1955 	nfs4_error_t e;
1956 	char *orig_sv_path;
1957 	int orig_sv_pathlen, num_retry, removed;
1958 	cred_t *lcr = NULL, *tcr = cr;
1959 
1960 	nfsstatsp = zone_getspecific(nfsstat_zone_key, nfs_zone());
1961 	ASSERT(nfsstatsp != NULL);
1962 
1963 	ASSERT(nfs_zone() == zone);
1964 	ASSERT(crgetref(cr));
1965 
1966 	/*
1967 	 * Create a mount record and link it to the vfs struct.
1968 	 */
1969 	mi = kmem_zalloc(sizeof (*mi), KM_SLEEP);
1970 	mutex_init(&mi->mi_lock, NULL, MUTEX_DEFAULT, NULL);
1971 	nfs_rw_init(&mi->mi_recovlock, NULL, RW_DEFAULT, NULL);
1972 	nfs_rw_init(&mi->mi_rename_lock, NULL, RW_DEFAULT, NULL);
1973 	nfs_rw_init(&mi->mi_fh_lock, NULL, RW_DEFAULT, NULL);
1974 
1975 	if (!(flags & NFSMNT_SOFT))
1976 		mi->mi_flags |= MI4_HARD;
1977 	if ((flags & NFSMNT_NOPRINT))
1978 		mi->mi_flags |= MI4_NOPRINT;
1979 	if (flags & NFSMNT_INT)
1980 		mi->mi_flags |= MI4_INT;
1981 	if (flags & NFSMNT_PUBLIC)
1982 		mi->mi_flags |= MI4_PUBLIC;
1983 	if (flags & NFSMNT_MIRRORMOUNT)
1984 		mi->mi_flags |= MI4_MIRRORMOUNT;
1985 	mi->mi_retrans = NFS_RETRIES;
1986 	if (svp->sv_knconf->knc_semantics == NC_TPI_COTS_ORD ||
1987 	    svp->sv_knconf->knc_semantics == NC_TPI_COTS)
1988 		mi->mi_timeo = nfs4_cots_timeo;
1989 	else
1990 		mi->mi_timeo = NFS_TIMEO;
1991 	mi->mi_prog = NFS_PROGRAM;
1992 	mi->mi_vers = NFS_V4;
1993 	mi->mi_rfsnames = rfsnames_v4;
1994 	mi->mi_reqs = nfsstatsp->nfs_stats_v4.rfsreqcnt_ptr;
1995 	cv_init(&mi->mi_failover_cv, NULL, CV_DEFAULT, NULL);
1996 	mi->mi_servers = svp;
1997 	mi->mi_curr_serv = svp;
1998 	mi->mi_acregmin = SEC2HR(ACREGMIN);
1999 	mi->mi_acregmax = SEC2HR(ACREGMAX);
2000 	mi->mi_acdirmin = SEC2HR(ACDIRMIN);
2001 	mi->mi_acdirmax = SEC2HR(ACDIRMAX);
2002 	mi->mi_fh_expire_type = FH4_PERSISTENT;
2003 	mi->mi_clientid_next = NULL;
2004 	mi->mi_clientid_prev = NULL;
2005 	mi->mi_grace_wait = 0;
2006 	mi->mi_error = 0;
2007 	mi->mi_srvsettime = 0;
2008 
2009 	mi->mi_count = 1;
2010 
2011 	mi->mi_tsize = nfs4_tsize(svp->sv_knconf);
2012 	mi->mi_stsize = mi->mi_tsize;
2013 
2014 	if (flags & NFSMNT_DIRECTIO)
2015 		mi->mi_flags |= MI4_DIRECTIO;
2016 
2017 	mi->mi_flags |= MI4_MOUNTING;
2018 
2019 	/*
2020 	 * Make a vfs struct for nfs.  We do this here instead of below
2021 	 * because rtvp needs a vfs before we can do a getattr on it.
2022 	 *
2023 	 * Assign a unique device id to the mount
2024 	 */
2025 	mutex_enter(&nfs_minor_lock);
2026 	do {
2027 		nfs_minor = (nfs_minor + 1) & MAXMIN32;
2028 		nfs_dev = makedevice(nfs_major, nfs_minor);
2029 	} while (vfs_devismounted(nfs_dev));
2030 	mutex_exit(&nfs_minor_lock);
2031 
2032 	vfsp->vfs_dev = nfs_dev;
2033 	vfs_make_fsid(&vfsp->vfs_fsid, nfs_dev, nfs4fstyp);
2034 	vfsp->vfs_data = (caddr_t)mi;
2035 	vfsp->vfs_fstype = nfsfstyp;
2036 	vfsp->vfs_bsize = nfs4_bsize;
2037 
2038 	/*
2039 	 * Initialize fields used to support async putpage operations.
2040 	 */
2041 	for (i = 0; i < NFS4_ASYNC_TYPES; i++)
2042 		mi->mi_async_clusters[i] = nfs4_async_clusters;
2043 	mi->mi_async_init_clusters = nfs4_async_clusters;
2044 	mi->mi_async_curr = &mi->mi_async_reqs[0];
2045 	mi->mi_max_threads = nfs4_max_threads;
2046 	mutex_init(&mi->mi_async_lock, NULL, MUTEX_DEFAULT, NULL);
2047 	cv_init(&mi->mi_async_reqs_cv, NULL, CV_DEFAULT, NULL);
2048 	cv_init(&mi->mi_async_work_cv, NULL, CV_DEFAULT, NULL);
2049 	cv_init(&mi->mi_async_cv, NULL, CV_DEFAULT, NULL);
2050 	cv_init(&mi->mi_inact_req_cv, NULL, CV_DEFAULT, NULL);
2051 
2052 	mi->mi_vfsp = vfsp;
2053 	zone_hold(mi->mi_zone = zone);
2054 	nfs4_mi_zonelist_add(mi);
2055 
2056 	/*
2057 	 * Initialize the <open owner/cred> hash table.
2058 	 */
2059 	for (i = 0; i < NFS4_NUM_OO_BUCKETS; i++) {
2060 		bucketp = &(mi->mi_oo_list[i]);
2061 		mutex_init(&bucketp->b_lock, NULL, MUTEX_DEFAULT, NULL);
2062 		list_create(&bucketp->b_oo_hash_list,
2063 		    sizeof (nfs4_open_owner_t),
2064 		    offsetof(nfs4_open_owner_t, oo_hash_node));
2065 	}
2066 
2067 	/*
2068 	 * Initialize the freed open owner list.
2069 	 */
2070 	mi->mi_foo_num = 0;
2071 	mi->mi_foo_max = NFS4_NUM_FREED_OPEN_OWNERS;
2072 	list_create(&mi->mi_foo_list, sizeof (nfs4_open_owner_t),
2073 	    offsetof(nfs4_open_owner_t, oo_foo_node));
2074 
2075 	list_create(&mi->mi_lost_state, sizeof (nfs4_lost_rqst_t),
2076 	    offsetof(nfs4_lost_rqst_t, lr_node));
2077 
2078 	list_create(&mi->mi_bseqid_list, sizeof (nfs4_bseqid_entry_t),
2079 	    offsetof(nfs4_bseqid_entry_t, bs_node));
2080 
2081 	/*
2082 	 * Initialize the msg buffer.
2083 	 */
2084 	list_create(&mi->mi_msg_list, sizeof (nfs4_debug_msg_t),
2085 	    offsetof(nfs4_debug_msg_t, msg_node));
2086 	mi->mi_msg_count = 0;
2087 	mutex_init(&mi->mi_msg_list_lock, NULL, MUTEX_DEFAULT, NULL);
2088 
2089 	/*
2090 	 * Initialize kstats
2091 	 */
2092 	nfs4_mnt_kstat_init(vfsp);
2093 
2094 	/*
2095 	 * Initialize the shared filehandle pool, and get the fname for
2096 	 * the filesystem root.
2097 	 */
2098 	sfh4_createtab(&mi->mi_filehandles);
2099 	mi->mi_fname = fn_get(NULL, ".");
2100 
2101 	/*
2102 	 * Save server path we're attempting to mount.
2103 	 */
2104 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
2105 	orig_sv_pathlen = svp_head->sv_pathlen;
2106 	orig_sv_path = kmem_alloc(svp_head->sv_pathlen, KM_SLEEP);
2107 	bcopy(svp_head->sv_path, orig_sv_path, svp_head->sv_pathlen);
2108 	nfs_rw_exit(&svp->sv_lock);
2109 
2110 	/*
2111 	 * Make the GETFH call to get root fh for each replica.
2112 	 */
2113 	if (svp_head->sv_next)
2114 		droptext = ", dropping replica";
2115 
2116 	/*
2117 	 * If the uid is set then set the creds for secure mounts
2118 	 * by proxy processes such as automountd.
2119 	 */
2120 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
2121 	if (svp->sv_secdata->uid != 0) {
2122 		lcr = crdup(cr);
2123 		(void) crsetugid(lcr, svp->sv_secdata->uid, crgetgid(cr));
2124 		tcr = lcr;
2125 	}
2126 	nfs_rw_exit(&svp->sv_lock);
2127 	for (svp = svp_head; svp; svp = svp->sv_next) {
2128 		if (nfs4_chkdup_servinfo4(svp_head, svp)) {
2129 			nfs_cmn_err(error, CE_WARN,
2130 			    VERS_MSG "Host %s is a duplicate%s",
2131 			    svp->sv_hostname, droptext);
2132 			(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
2133 			svp->sv_flags |= SV4_NOTINUSE;
2134 			nfs_rw_exit(&svp->sv_lock);
2135 			continue;
2136 		}
2137 		mi->mi_curr_serv = svp;
2138 
2139 		/*
2140 		 * Just in case server path being mounted contains
2141 		 * symlinks and fails w/STALE, save the initial sv_path
2142 		 * so we can redrive the initial mount compound with the
2143 		 * initial sv_path -- not a symlink-expanded version.
2144 		 *
2145 		 * This could only happen if a symlink was expanded
2146 		 * and the expanded mount compound failed stale.  Because
2147 		 * it could be the case that the symlink was removed at
2148 		 * the server (and replaced with another symlink/dir,
2149 		 * we need to use the initial sv_path when attempting
2150 		 * to re-lookup everything and recover.
2151 		 *
2152 		 * Other mount errors should evenutally be handled here also
2153 		 * (NFS4ERR_DELAY, NFS4ERR_RESOURCE).  For now, all mount
2154 		 * failures will result in mount being redriven a few times.
2155 		 */
2156 		num_retry = nfs4_max_mount_retry;
2157 		do {
2158 			nfs4getfh_otw(mi, svp, &tmp_vtype,
2159 			    ((flags & NFSMNT_PUBLIC) ? NFS4_GETFH_PUBLIC : 0) |
2160 			    NFS4_GETFH_NEEDSOP, tcr, &e);
2161 
2162 			if (e.error == 0 && e.stat == NFS4_OK)
2163 				break;
2164 
2165 			/*
2166 			 * replace current sv_path with orig sv_path -- just in
2167 			 * case it changed due to embedded symlinks.
2168 			 */
2169 			(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
2170 			if (orig_sv_pathlen != svp->sv_pathlen) {
2171 				kmem_free(svp->sv_path, svp->sv_pathlen);
2172 				svp->sv_path = kmem_alloc(orig_sv_pathlen,
2173 				    KM_SLEEP);
2174 				svp->sv_pathlen = orig_sv_pathlen;
2175 			}
2176 			bcopy(orig_sv_path, svp->sv_path, orig_sv_pathlen);
2177 			nfs_rw_exit(&svp->sv_lock);
2178 
2179 		} while (num_retry-- > 0);
2180 
2181 		error = e.error ? e.error : geterrno4(e.stat);
2182 		if (error) {
2183 			nfs_cmn_err(error, CE_WARN,
2184 			    VERS_MSG "initial call to %s failed%s: %m",
2185 			    svp->sv_hostname, droptext);
2186 			(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
2187 			svp->sv_flags |= SV4_NOTINUSE;
2188 			nfs_rw_exit(&svp->sv_lock);
2189 			mi->mi_flags &= ~MI4_RECOV_FAIL;
2190 			mi->mi_error = 0;
2191 			continue;
2192 		}
2193 
2194 		if (tmp_vtype == VBAD) {
2195 			zcmn_err(mi->mi_zone->zone_id, CE_WARN,
2196 			    VERS_MSG "%s returned a bad file type for "
2197 			    "root%s", svp->sv_hostname, droptext);
2198 			(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
2199 			svp->sv_flags |= SV4_NOTINUSE;
2200 			nfs_rw_exit(&svp->sv_lock);
2201 			continue;
2202 		}
2203 
2204 		if (vtype == VNON) {
2205 			vtype = tmp_vtype;
2206 		} else if (vtype != tmp_vtype) {
2207 			zcmn_err(mi->mi_zone->zone_id, CE_WARN,
2208 			    VERS_MSG "%s returned a different file type "
2209 			    "for root%s", svp->sv_hostname, droptext);
2210 			(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
2211 			svp->sv_flags |= SV4_NOTINUSE;
2212 			nfs_rw_exit(&svp->sv_lock);
2213 			continue;
2214 		}
2215 		if (firstsvp == NULL)
2216 			firstsvp = svp;
2217 	}
2218 
2219 	kmem_free(orig_sv_path, orig_sv_pathlen);
2220 
2221 	if (firstsvp == NULL) {
2222 		if (error == 0)
2223 			error = ENOENT;
2224 		goto bad;
2225 	}
2226 
2227 	mi->mi_curr_serv = svp = firstsvp;
2228 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
2229 	ASSERT((mi->mi_curr_serv->sv_flags & SV4_NOTINUSE) == 0);
2230 	fh.nfs_fh4_len = svp->sv_fhandle.fh_len;
2231 	fh.nfs_fh4_val = svp->sv_fhandle.fh_buf;
2232 	mi->mi_rootfh = sfh4_get(&fh, mi);
2233 	fh.nfs_fh4_len = svp->sv_pfhandle.fh_len;
2234 	fh.nfs_fh4_val = svp->sv_pfhandle.fh_buf;
2235 	mi->mi_srvparentfh = sfh4_get(&fh, mi);
2236 	nfs_rw_exit(&svp->sv_lock);
2237 
2238 	/*
2239 	 * Make the root vnode without attributes.
2240 	 */
2241 	mfname = mi->mi_fname;
2242 	fn_hold(mfname);
2243 	rtvp = makenfs4node_by_fh(mi->mi_rootfh, NULL,
2244 	    &mfname, NULL, mi, cr, gethrtime());
2245 	rtvp->v_type = vtype;
2246 
2247 	mi->mi_curread = mi->mi_tsize;
2248 	mi->mi_curwrite = mi->mi_stsize;
2249 
2250 	/*
2251 	 * Start the manager thread responsible for handling async worker
2252 	 * threads.
2253 	 */
2254 	MI4_HOLD(mi);
2255 	VFS_HOLD(vfsp);	/* add reference for thread */
2256 	mi->mi_manager_thread = zthread_create(NULL, 0, nfs4_async_manager,
2257 	    vfsp, 0, minclsyspri);
2258 	ASSERT(mi->mi_manager_thread != NULL);
2259 
2260 	/*
2261 	 * Create the thread that handles over-the-wire calls for
2262 	 * VOP_INACTIVE.
2263 	 * This needs to happen after the manager thread is created.
2264 	 */
2265 	MI4_HOLD(mi);
2266 	mi->mi_inactive_thread = zthread_create(NULL, 0, nfs4_inactive_thread,
2267 	    mi, 0, minclsyspri);
2268 	ASSERT(mi->mi_inactive_thread != NULL);
2269 
2270 	/* If we didn't get a type, get one now */
2271 	if (rtvp->v_type == VNON) {
2272 		va.va_mask = AT_TYPE;
2273 		error = nfs4getattr(rtvp, &va, tcr);
2274 		if (error)
2275 			goto bad;
2276 		rtvp->v_type = va.va_type;
2277 	}
2278 
2279 	mi->mi_type = rtvp->v_type;
2280 
2281 	mutex_enter(&mi->mi_lock);
2282 	mi->mi_flags &= ~MI4_MOUNTING;
2283 	mutex_exit(&mi->mi_lock);
2284 
2285 	*rtvpp = rtvp;
2286 	if (lcr != NULL)
2287 		crfree(lcr);
2288 
2289 	return (0);
2290 bad:
2291 	/*
2292 	 * An error occurred somewhere, need to clean up...
2293 	 */
2294 	if (lcr != NULL)
2295 		crfree(lcr);
2296 
2297 	if (rtvp != NULL) {
2298 		/*
2299 		 * We need to release our reference to the root vnode and
2300 		 * destroy the mntinfo4 struct that we just created.
2301 		 */
2302 		rp = VTOR4(rtvp);
2303 		if (rp->r_flags & R4HASHED)
2304 			rp4_rmhash(rp);
2305 		VN_RELE(rtvp);
2306 	}
2307 	nfs4_async_stop(vfsp);
2308 	nfs4_async_manager_stop(vfsp);
2309 	removed = nfs4_mi_zonelist_remove(mi);
2310 	if (removed)
2311 		zone_rele(mi->mi_zone);
2312 
2313 	/*
2314 	 * This releases the initial "hold" of the mi since it will never
2315 	 * be referenced by the vfsp.  Also, when mount returns to vfs.c
2316 	 * with an error, the vfsp will be destroyed, not rele'd.
2317 	 */
2318 	MI4_RELE(mi);
2319 
2320 	*rtvpp = NULL;
2321 	return (error);
2322 }
2323 
2324 /*
2325  * vfs operations
2326  */
2327 static int
2328 nfs4_unmount(vfs_t *vfsp, int flag, cred_t *cr)
2329 {
2330 	mntinfo4_t		*mi;
2331 	ushort_t		omax;
2332 	int			removed;
2333 
2334 	bool_t			must_unlock = FALSE;
2335 
2336 	nfs4_ephemeral_tree_t	*eph_tree;
2337 
2338 	if (secpolicy_fs_unmount(cr, vfsp) != 0)
2339 		return (EPERM);
2340 
2341 	mi = VFTOMI4(vfsp);
2342 
2343 	if (flag & MS_FORCE) {
2344 		vfsp->vfs_flag |= VFS_UNMOUNTED;
2345 		if (nfs_zone() != mi->mi_zone) {
2346 			/*
2347 			 * If the request is coming from the wrong zone,
2348 			 * we don't want to create any new threads, and
2349 			 * performance is not a concern.  Do everything
2350 			 * inline.
2351 			 */
2352 			NFS4_DEBUG(nfs4_client_zone_debug, (CE_NOTE,
2353 			    "nfs4_unmount x-zone forced unmount of vfs %p\n",
2354 			    (void *)vfsp));
2355 			nfs4_free_mount(vfsp, flag, cr);
2356 		} else {
2357 			/*
2358 			 * Free data structures asynchronously, to avoid
2359 			 * blocking the current thread (for performance
2360 			 * reasons only).
2361 			 */
2362 			async_free_mount(vfsp, flag, cr);
2363 		}
2364 
2365 		return (0);
2366 	}
2367 
2368 	/*
2369 	 * Wait until all asynchronous putpage operations on
2370 	 * this file system are complete before flushing rnodes
2371 	 * from the cache.
2372 	 */
2373 	omax = mi->mi_max_threads;
2374 	if (nfs4_async_stop_sig(vfsp))
2375 		return (EINTR);
2376 
2377 	r4flush(vfsp, cr);
2378 
2379 	(void) nfs4_ephemeral_umount(mi, flag, cr,
2380 	    &must_unlock, &eph_tree);
2381 
2382 	/*
2383 	 * If there are any active vnodes on this file system,
2384 	 * then the file system is busy and can't be unmounted.
2385 	 */
2386 	if (check_rtable4(vfsp)) {
2387 		nfs4_ephemeral_umount_unlock(&must_unlock, &eph_tree);
2388 
2389 		mutex_enter(&mi->mi_async_lock);
2390 		mi->mi_max_threads = omax;
2391 		mutex_exit(&mi->mi_async_lock);
2392 
2393 		return (EBUSY);
2394 	}
2395 
2396 	/*
2397 	 * The unmount can't fail from now on, so record any
2398 	 * ephemeral changes.
2399 	 */
2400 	nfs4_ephemeral_umount_activate(mi, &must_unlock, &eph_tree);
2401 
2402 	/*
2403 	 * There are no active files that could require over-the-wire
2404 	 * calls to the server, so stop the async manager and the
2405 	 * inactive thread.
2406 	 */
2407 	nfs4_async_manager_stop(vfsp);
2408 
2409 	/*
2410 	 * Destroy all rnodes belonging to this file system from the
2411 	 * rnode hash queues and purge any resources allocated to
2412 	 * them.
2413 	 */
2414 	destroy_rtable4(vfsp, cr);
2415 	vfsp->vfs_flag |= VFS_UNMOUNTED;
2416 
2417 	nfs4_remove_mi_from_server(mi, NULL);
2418 	removed = nfs4_mi_zonelist_remove(mi);
2419 	if (removed)
2420 		zone_rele(mi->mi_zone);
2421 
2422 	return (0);
2423 }
2424 
2425 /*
2426  * find root of nfs
2427  */
2428 static int
2429 nfs4_root(vfs_t *vfsp, vnode_t **vpp)
2430 {
2431 	mntinfo4_t *mi;
2432 	vnode_t *vp;
2433 	nfs4_fname_t *mfname;
2434 	servinfo4_t *svp;
2435 
2436 	mi = VFTOMI4(vfsp);
2437 
2438 	if (nfs_zone() != mi->mi_zone)
2439 		return (EPERM);
2440 
2441 	svp = mi->mi_curr_serv;
2442 	if (svp) {
2443 		(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
2444 		if (svp->sv_flags & SV4_ROOT_STALE) {
2445 			nfs_rw_exit(&svp->sv_lock);
2446 
2447 			(void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
2448 			if (svp->sv_flags & SV4_ROOT_STALE) {
2449 				svp->sv_flags &= ~SV4_ROOT_STALE;
2450 				nfs_rw_exit(&svp->sv_lock);
2451 				return (ENOENT);
2452 			}
2453 			nfs_rw_exit(&svp->sv_lock);
2454 		} else
2455 			nfs_rw_exit(&svp->sv_lock);
2456 	}
2457 
2458 	mfname = mi->mi_fname;
2459 	fn_hold(mfname);
2460 	vp = makenfs4node_by_fh(mi->mi_rootfh, NULL, &mfname, NULL,
2461 	    VFTOMI4(vfsp), CRED(), gethrtime());
2462 
2463 	if (VTOR4(vp)->r_flags & R4STALE) {
2464 		VN_RELE(vp);
2465 		return (ENOENT);
2466 	}
2467 
2468 	ASSERT(vp->v_type == VNON || vp->v_type == mi->mi_type);
2469 
2470 	vp->v_type = mi->mi_type;
2471 
2472 	*vpp = vp;
2473 
2474 	return (0);
2475 }
2476 
2477 static int
2478 nfs4_statfs_otw(vnode_t *vp, struct statvfs64 *sbp, cred_t *cr)
2479 {
2480 	int error;
2481 	nfs4_ga_res_t gar;
2482 	nfs4_ga_ext_res_t ger;
2483 
2484 	gar.n4g_ext_res = &ger;
2485 
2486 	if (error = nfs4_attr_otw(vp, TAG_FSINFO, &gar,
2487 	    NFS4_STATFS_ATTR_MASK, cr))
2488 		return (error);
2489 
2490 	*sbp = gar.n4g_ext_res->n4g_sb;
2491 
2492 	return (0);
2493 }
2494 
2495 /*
2496  * Get file system statistics.
2497  */
2498 static int
2499 nfs4_statvfs(vfs_t *vfsp, struct statvfs64 *sbp)
2500 {
2501 	int error;
2502 	vnode_t *vp;
2503 	cred_t *cr;
2504 
2505 	error = nfs4_root(vfsp, &vp);
2506 	if (error)
2507 		return (error);
2508 
2509 	cr = CRED();
2510 
2511 	error = nfs4_statfs_otw(vp, sbp, cr);
2512 	if (!error) {
2513 		(void) strncpy(sbp->f_basetype,
2514 		    vfssw[vfsp->vfs_fstype].vsw_name, FSTYPSZ);
2515 		sbp->f_flag = vf_to_stf(vfsp->vfs_flag);
2516 	} else {
2517 		nfs4_purge_stale_fh(error, vp, cr);
2518 	}
2519 
2520 	VN_RELE(vp);
2521 
2522 	return (error);
2523 }
2524 
2525 static kmutex_t nfs4_syncbusy;
2526 
2527 /*
2528  * Flush dirty nfs files for file system vfsp.
2529  * If vfsp == NULL, all nfs files are flushed.
2530  *
2531  * SYNC_CLOSE in flag is passed to us to
2532  * indicate that we are shutting down and or
2533  * rebooting.
2534  */
2535 static int
2536 nfs4_sync(vfs_t *vfsp, short flag, cred_t *cr)
2537 {
2538 	/*
2539 	 * Cross-zone calls are OK here, since this translates to a
2540 	 * VOP_PUTPAGE(B_ASYNC), which gets picked up by the right zone.
2541 	 */
2542 	if (!(flag & SYNC_ATTR) && mutex_tryenter(&nfs4_syncbusy) != 0) {
2543 		r4flush(vfsp, cr);
2544 		mutex_exit(&nfs4_syncbusy);
2545 	}
2546 
2547 	/*
2548 	 * if SYNC_CLOSE is set then we know that
2549 	 * the system is rebooting, mark the mntinfo
2550 	 * for later examination.
2551 	 */
2552 	if (vfsp && (flag & SYNC_CLOSE)) {
2553 		mntinfo4_t *mi;
2554 
2555 		mi = VFTOMI4(vfsp);
2556 		if (!(mi->mi_flags & MI4_SHUTDOWN)) {
2557 			mutex_enter(&mi->mi_lock);
2558 			mi->mi_flags |= MI4_SHUTDOWN;
2559 			mutex_exit(&mi->mi_lock);
2560 		}
2561 	}
2562 	return (0);
2563 }
2564 
2565 /*
2566  * vget is difficult, if not impossible, to support in v4 because we don't
2567  * know the parent directory or name, which makes it impossible to create a
2568  * useful shadow vnode.  And we need the shadow vnode for things like
2569  * OPEN.
2570  */
2571 
2572 /* ARGSUSED */
2573 /*
2574  * XXX Check nfs4_vget_pseudo() for dependency.
2575  */
2576 static int
2577 nfs4_vget(vfs_t *vfsp, vnode_t **vpp, fid_t *fidp)
2578 {
2579 	return (EREMOTE);
2580 }
2581 
2582 /*
2583  * nfs4_mountroot get called in the case where we are diskless booting.  All
2584  * we need from here is the ability to get the server info and from there we
2585  * can simply call nfs4_rootvp.
2586  */
2587 /* ARGSUSED */
2588 static int
2589 nfs4_mountroot(vfs_t *vfsp, whymountroot_t why)
2590 {
2591 	vnode_t *rtvp;
2592 	char root_hostname[SYS_NMLN+1];
2593 	struct servinfo4 *svp;
2594 	int error;
2595 	int vfsflags;
2596 	size_t size;
2597 	char *root_path;
2598 	struct pathname pn;
2599 	char *name;
2600 	cred_t *cr;
2601 	mntinfo4_t *mi;
2602 	struct nfs_args args;		/* nfs mount arguments */
2603 	static char token[10];
2604 	nfs4_error_t n4e;
2605 
2606 	bzero(&args, sizeof (args));
2607 
2608 	/* do this BEFORE getfile which causes xid stamps to be initialized */
2609 	clkset(-1L);		/* hack for now - until we get time svc? */
2610 
2611 	if (why == ROOT_REMOUNT) {
2612 		/*
2613 		 * Shouldn't happen.
2614 		 */
2615 		panic("nfs4_mountroot: why == ROOT_REMOUNT");
2616 	}
2617 
2618 	if (why == ROOT_UNMOUNT) {
2619 		/*
2620 		 * Nothing to do for NFS.
2621 		 */
2622 		return (0);
2623 	}
2624 
2625 	/*
2626 	 * why == ROOT_INIT
2627 	 */
2628 
2629 	name = token;
2630 	*name = 0;
2631 	(void) getfsname("root", name, sizeof (token));
2632 
2633 	pn_alloc(&pn);
2634 	root_path = pn.pn_path;
2635 
2636 	svp = kmem_zalloc(sizeof (*svp), KM_SLEEP);
2637 	nfs_rw_init(&svp->sv_lock, NULL, RW_DEFAULT, NULL);
2638 	svp->sv_knconf = kmem_zalloc(sizeof (*svp->sv_knconf), KM_SLEEP);
2639 	svp->sv_knconf->knc_protofmly = kmem_alloc(KNC_STRSIZE, KM_SLEEP);
2640 	svp->sv_knconf->knc_proto = kmem_alloc(KNC_STRSIZE, KM_SLEEP);
2641 
2642 	/*
2643 	 * Get server address
2644 	 * Get the root path
2645 	 * Get server's transport
2646 	 * Get server's hostname
2647 	 * Get options
2648 	 */
2649 	args.addr = &svp->sv_addr;
2650 	(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
2651 	args.fh = (char *)&svp->sv_fhandle;
2652 	args.knconf = svp->sv_knconf;
2653 	args.hostname = root_hostname;
2654 	vfsflags = 0;
2655 	if (error = mount_root(*name ? name : "root", root_path, NFS_V4,
2656 	    &args, &vfsflags)) {
2657 		if (error == EPROTONOSUPPORT)
2658 			nfs_cmn_err(error, CE_WARN, "nfs4_mountroot: "
2659 			    "mount_root failed: server doesn't support NFS V4");
2660 		else
2661 			nfs_cmn_err(error, CE_WARN,
2662 			    "nfs4_mountroot: mount_root failed: %m");
2663 		nfs_rw_exit(&svp->sv_lock);
2664 		sv4_free(svp);
2665 		pn_free(&pn);
2666 		return (error);
2667 	}
2668 	nfs_rw_exit(&svp->sv_lock);
2669 	svp->sv_hostnamelen = (int)(strlen(root_hostname) + 1);
2670 	svp->sv_hostname = kmem_alloc(svp->sv_hostnamelen, KM_SLEEP);
2671 	(void) strcpy(svp->sv_hostname, root_hostname);
2672 
2673 	svp->sv_pathlen = (int)(strlen(root_path) + 1);
2674 	svp->sv_path = kmem_alloc(svp->sv_pathlen, KM_SLEEP);
2675 	(void) strcpy(svp->sv_path, root_path);
2676 
2677 	/*
2678 	 * Force root partition to always be mounted with AUTH_UNIX for now
2679 	 */
2680 	svp->sv_secdata = kmem_alloc(sizeof (*svp->sv_secdata), KM_SLEEP);
2681 	svp->sv_secdata->secmod = AUTH_UNIX;
2682 	svp->sv_secdata->rpcflavor = AUTH_UNIX;
2683 	svp->sv_secdata->data = NULL;
2684 
2685 	cr = crgetcred();
2686 	rtvp = NULL;
2687 
2688 	error = nfs4rootvp(&rtvp, vfsp, svp, args.flags, cr, global_zone);
2689 
2690 	if (error) {
2691 		crfree(cr);
2692 		pn_free(&pn);
2693 		sv4_free(svp);
2694 		return (error);
2695 	}
2696 
2697 	mi = VTOMI4(rtvp);
2698 
2699 	/*
2700 	 * Send client id to the server, if necessary
2701 	 */
2702 	nfs4_error_zinit(&n4e);
2703 	nfs4setclientid(mi, cr, FALSE, &n4e);
2704 	error = n4e.error;
2705 
2706 	crfree(cr);
2707 
2708 	if (error) {
2709 		pn_free(&pn);
2710 		goto errout;
2711 	}
2712 
2713 	error = nfs4_setopts(rtvp, DATAMODEL_NATIVE, &args);
2714 	if (error) {
2715 		nfs_cmn_err(error, CE_WARN,
2716 		    "nfs4_mountroot: invalid root mount options");
2717 		pn_free(&pn);
2718 		goto errout;
2719 	}
2720 
2721 	(void) vfs_lock_wait(vfsp);
2722 	vfs_add(NULL, vfsp, vfsflags);
2723 	vfs_unlock(vfsp);
2724 
2725 	size = strlen(svp->sv_hostname);
2726 	(void) strcpy(rootfs.bo_name, svp->sv_hostname);
2727 	rootfs.bo_name[size] = ':';
2728 	(void) strcpy(&rootfs.bo_name[size + 1], root_path);
2729 
2730 	pn_free(&pn);
2731 
2732 errout:
2733 	if (error) {
2734 		sv4_free(svp);
2735 		nfs4_async_stop(vfsp);
2736 		nfs4_async_manager_stop(vfsp);
2737 	}
2738 
2739 	if (rtvp != NULL)
2740 		VN_RELE(rtvp);
2741 
2742 	return (error);
2743 }
2744 
2745 /*
2746  * Initialization routine for VFS routines.  Should only be called once
2747  */
2748 int
2749 nfs4_vfsinit(void)
2750 {
2751 	mutex_init(&nfs4_syncbusy, NULL, MUTEX_DEFAULT, NULL);
2752 	nfs4setclientid_init();
2753 	nfs4_ephemeral_init();
2754 	return (0);
2755 }
2756 
2757 void
2758 nfs4_vfsfini(void)
2759 {
2760 	nfs4_ephemeral_fini();
2761 	nfs4setclientid_fini();
2762 	mutex_destroy(&nfs4_syncbusy);
2763 }
2764 
2765 void
2766 nfs4_freevfs(vfs_t *vfsp)
2767 {
2768 	mntinfo4_t *mi;
2769 
2770 	/* need to release the initial hold */
2771 	mi = VFTOMI4(vfsp);
2772 	MI4_RELE(mi);
2773 }
2774 
2775 /*
2776  * Client side SETCLIENTID and SETCLIENTID_CONFIRM
2777  */
2778 struct nfs4_server nfs4_server_lst =
2779 	{ &nfs4_server_lst, &nfs4_server_lst };
2780 
2781 kmutex_t nfs4_server_lst_lock;
2782 
2783 static void
2784 nfs4setclientid_init(void)
2785 {
2786 	mutex_init(&nfs4_server_lst_lock, NULL, MUTEX_DEFAULT, NULL);
2787 }
2788 
2789 static void
2790 nfs4setclientid_fini(void)
2791 {
2792 	mutex_destroy(&nfs4_server_lst_lock);
2793 }
2794 
2795 int nfs4_retry_sclid_delay = NFS4_RETRY_SCLID_DELAY;
2796 int nfs4_num_sclid_retries = NFS4_NUM_SCLID_RETRIES;
2797 
2798 /*
2799  * Set the clientid for the server for "mi".  No-op if the clientid is
2800  * already set.
2801  *
2802  * The recovery boolean should be set to TRUE if this function was called
2803  * by the recovery code, and FALSE otherwise.  This is used to determine
2804  * if we need to call nfs4_start/end_op as well as grab the mi_recovlock
2805  * for adding a mntinfo4_t to a nfs4_server_t.
2806  *
2807  * Error is returned via 'n4ep'.  If there was a 'n4ep->stat' error, then
2808  * 'n4ep->error' is set to geterrno4(n4ep->stat).
2809  */
2810 void
2811 nfs4setclientid(mntinfo4_t *mi, cred_t *cr, bool_t recovery, nfs4_error_t *n4ep)
2812 {
2813 	struct nfs4_server *np;
2814 	struct servinfo4 *svp = mi->mi_curr_serv;
2815 	nfs4_recov_state_t recov_state;
2816 	int num_retries = 0;
2817 	bool_t retry;
2818 	cred_t *lcr = NULL;
2819 	int retry_inuse = 1; /* only retry once on NFS4ERR_CLID_INUSE */
2820 	time_t lease_time = 0;
2821 
2822 	recov_state.rs_flags = 0;
2823 	recov_state.rs_num_retry_despite_err = 0;
2824 	ASSERT(n4ep != NULL);
2825 
2826 recov_retry:
2827 	retry = FALSE;
2828 	nfs4_error_zinit(n4ep);
2829 	if (!recovery)
2830 		(void) nfs_rw_enter_sig(&mi->mi_recovlock, RW_READER, 0);
2831 
2832 	mutex_enter(&nfs4_server_lst_lock);
2833 	np = servinfo4_to_nfs4_server(svp); /* This locks np if it is found */
2834 	mutex_exit(&nfs4_server_lst_lock);
2835 	if (!np) {
2836 		struct nfs4_server *tnp;
2837 		np = new_nfs4_server(svp, cr);
2838 		mutex_enter(&np->s_lock);
2839 
2840 		mutex_enter(&nfs4_server_lst_lock);
2841 		tnp = servinfo4_to_nfs4_server(svp);
2842 		if (tnp) {
2843 			/*
2844 			 * another thread snuck in and put server on list.
2845 			 * since we aren't adding it to the nfs4_server_list
2846 			 * we need to set the ref count to 0 and destroy it.
2847 			 */
2848 			np->s_refcnt = 0;
2849 			destroy_nfs4_server(np);
2850 			np = tnp;
2851 		} else {
2852 			/*
2853 			 * do not give list a reference until everything
2854 			 * succeeds
2855 			 */
2856 			insque(np, &nfs4_server_lst);
2857 		}
2858 		mutex_exit(&nfs4_server_lst_lock);
2859 	}
2860 	ASSERT(MUTEX_HELD(&np->s_lock));
2861 	/*
2862 	 * If we find the server already has N4S_CLIENTID_SET, then
2863 	 * just return, we've already done SETCLIENTID to that server
2864 	 */
2865 	if (np->s_flags & N4S_CLIENTID_SET) {
2866 		/* add mi to np's mntinfo4_list */
2867 		nfs4_add_mi_to_server(np, mi);
2868 		if (!recovery)
2869 			nfs_rw_exit(&mi->mi_recovlock);
2870 		mutex_exit(&np->s_lock);
2871 		nfs4_server_rele(np);
2872 		return;
2873 	}
2874 	mutex_exit(&np->s_lock);
2875 
2876 
2877 	/*
2878 	 * Drop the mi_recovlock since nfs4_start_op will
2879 	 * acquire it again for us.
2880 	 */
2881 	if (!recovery) {
2882 		nfs_rw_exit(&mi->mi_recovlock);
2883 
2884 		n4ep->error = nfs4_start_op(mi, NULL, NULL, &recov_state);
2885 		if (n4ep->error) {
2886 			nfs4_server_rele(np);
2887 			return;
2888 		}
2889 	}
2890 
2891 	mutex_enter(&np->s_lock);
2892 	while (np->s_flags & N4S_CLIENTID_PEND) {
2893 		if (!cv_wait_sig(&np->s_clientid_pend, &np->s_lock)) {
2894 			mutex_exit(&np->s_lock);
2895 			nfs4_server_rele(np);
2896 			if (!recovery)
2897 				nfs4_end_op(mi, NULL, NULL, &recov_state,
2898 				    recovery);
2899 			n4ep->error = EINTR;
2900 			return;
2901 		}
2902 	}
2903 
2904 	if (np->s_flags & N4S_CLIENTID_SET) {
2905 		/* XXX copied/pasted from above */
2906 		/* add mi to np's mntinfo4_list */
2907 		nfs4_add_mi_to_server(np, mi);
2908 		mutex_exit(&np->s_lock);
2909 		nfs4_server_rele(np);
2910 		if (!recovery)
2911 			nfs4_end_op(mi, NULL, NULL, &recov_state, recovery);
2912 		return;
2913 	}
2914 
2915 	/*
2916 	 * Reset the N4S_CB_PINGED flag. This is used to
2917 	 * indicate if we have received a CB_NULL from the
2918 	 * server. Also we reset the waiter flag.
2919 	 */
2920 	np->s_flags &= ~(N4S_CB_PINGED | N4S_CB_WAITER);
2921 	/* any failure must now clear this flag */
2922 	np->s_flags |= N4S_CLIENTID_PEND;
2923 	mutex_exit(&np->s_lock);
2924 	nfs4setclientid_otw(mi, svp, cr, np, n4ep, &retry_inuse);
2925 
2926 	if (n4ep->error == EACCES) {
2927 		/*
2928 		 * If the uid is set then set the creds for secure mounts
2929 		 * by proxy processes such as automountd.
2930 		 */
2931 		(void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
2932 		if (svp->sv_secdata->uid != 0) {
2933 			lcr = crdup(cr);
2934 			(void) crsetugid(lcr, svp->sv_secdata->uid,
2935 			    crgetgid(cr));
2936 		}
2937 		nfs_rw_exit(&svp->sv_lock);
2938 
2939 		if (lcr != NULL) {
2940 			mutex_enter(&np->s_lock);
2941 			crfree(np->s_cred);
2942 			np->s_cred = lcr;
2943 			mutex_exit(&np->s_lock);
2944 			nfs4setclientid_otw(mi, svp, lcr, np, n4ep,
2945 			    &retry_inuse);
2946 		}
2947 	}
2948 	mutex_enter(&np->s_lock);
2949 	lease_time = np->s_lease_time;
2950 	np->s_flags &= ~N4S_CLIENTID_PEND;
2951 	mutex_exit(&np->s_lock);
2952 
2953 	if (n4ep->error != 0 || n4ep->stat != NFS4_OK) {
2954 		/*
2955 		 * Start recovery if failover is a possibility.  If
2956 		 * invoked by the recovery thread itself, then just
2957 		 * return and let it handle the failover first.  NB:
2958 		 * recovery is not allowed if the mount is in progress
2959 		 * since the infrastructure is not sufficiently setup
2960 		 * to allow it.  Just return the error (after suitable
2961 		 * retries).
2962 		 */
2963 		if (FAILOVER_MOUNT4(mi) && nfs4_try_failover(n4ep)) {
2964 			(void) nfs4_start_recovery(n4ep, mi, NULL,
2965 			    NULL, NULL, NULL, OP_SETCLIENTID, NULL);
2966 			/*
2967 			 * Don't retry here, just return and let
2968 			 * recovery take over.
2969 			 */
2970 			if (recovery)
2971 				retry = FALSE;
2972 		} else if (nfs4_rpc_retry_error(n4ep->error) ||
2973 		    n4ep->stat == NFS4ERR_RESOURCE ||
2974 		    n4ep->stat == NFS4ERR_STALE_CLIENTID) {
2975 
2976 			retry = TRUE;
2977 			/*
2978 			 * Always retry if in recovery or once had
2979 			 * contact with the server (but now it's
2980 			 * overloaded).
2981 			 */
2982 			if (recovery == TRUE ||
2983 			    n4ep->error == ETIMEDOUT ||
2984 			    n4ep->error == ECONNRESET)
2985 				num_retries = 0;
2986 		} else if (retry_inuse && n4ep->error == 0 &&
2987 		    n4ep->stat == NFS4ERR_CLID_INUSE) {
2988 			retry = TRUE;
2989 			num_retries = 0;
2990 		}
2991 	} else {
2992 		/*
2993 		 * Since everything succeeded give the list a reference count if
2994 		 * it hasn't been given one by add_new_nfs4_server() or if this
2995 		 * is not a recovery situation in which case it is already on
2996 		 * the list.
2997 		 */
2998 		mutex_enter(&np->s_lock);
2999 		if ((np->s_flags & N4S_INSERTED) == 0) {
3000 			np->s_refcnt++;
3001 			np->s_flags |= N4S_INSERTED;
3002 		}
3003 		mutex_exit(&np->s_lock);
3004 	}
3005 
3006 	if (!recovery)
3007 		nfs4_end_op(mi, NULL, NULL, &recov_state, recovery);
3008 
3009 
3010 	if (retry && num_retries++ < nfs4_num_sclid_retries) {
3011 		if (retry_inuse) {
3012 			delay(SEC_TO_TICK(lease_time + nfs4_retry_sclid_delay));
3013 			retry_inuse = 0;
3014 		} else
3015 			delay(SEC_TO_TICK(nfs4_retry_sclid_delay));
3016 
3017 		nfs4_server_rele(np);
3018 		goto recov_retry;
3019 	}
3020 
3021 
3022 	if (n4ep->error == 0)
3023 		n4ep->error = geterrno4(n4ep->stat);
3024 
3025 	/* broadcast before release in case no other threads are waiting */
3026 	cv_broadcast(&np->s_clientid_pend);
3027 	nfs4_server_rele(np);
3028 }
3029 
3030 int nfs4setclientid_otw_debug = 0;
3031 
3032 /*
3033  * This function handles the recovery of STALE_CLIENTID for SETCLIENTID_CONFRIM,
3034  * but nothing else; the calling function must be designed to handle those
3035  * other errors.
3036  */
3037 static void
3038 nfs4setclientid_otw(mntinfo4_t *mi, struct servinfo4 *svp,  cred_t *cr,
3039     struct nfs4_server *np, nfs4_error_t *ep, int *retry_inusep)
3040 {
3041 	COMPOUND4args_clnt args;
3042 	COMPOUND4res_clnt res;
3043 	nfs_argop4 argop[3];
3044 	SETCLIENTID4args *s_args;
3045 	SETCLIENTID4resok *s_resok;
3046 	int doqueue = 1;
3047 	nfs4_ga_res_t *garp = NULL;
3048 	timespec_t prop_time, after_time;
3049 	verifier4 verf;
3050 	clientid4 tmp_clientid;
3051 
3052 	ASSERT(!MUTEX_HELD(&np->s_lock));
3053 
3054 	args.ctag = TAG_SETCLIENTID;
3055 
3056 	args.array = argop;
3057 	args.array_len = 3;
3058 
3059 	/* PUTROOTFH */
3060 	argop[0].argop = OP_PUTROOTFH;
3061 
3062 	/* GETATTR */
3063 	argop[1].argop = OP_GETATTR;
3064 	argop[1].nfs_argop4_u.opgetattr.attr_request = FATTR4_LEASE_TIME_MASK;
3065 	argop[1].nfs_argop4_u.opgetattr.mi = mi;
3066 
3067 	/* SETCLIENTID */
3068 	argop[2].argop = OP_SETCLIENTID;
3069 
3070 	s_args = &argop[2].nfs_argop4_u.opsetclientid;
3071 
3072 	mutex_enter(&np->s_lock);
3073 
3074 	s_args->client.verifier = np->clidtosend.verifier;
3075 	s_args->client.id_len = np->clidtosend.id_len;
3076 	ASSERT(s_args->client.id_len <= NFS4_OPAQUE_LIMIT);
3077 	s_args->client.id_val = np->clidtosend.id_val;
3078 
3079 	/*
3080 	 * Callback needs to happen on non-RDMA transport
3081 	 * Check if we have saved the original knetconfig
3082 	 * if so, use that instead.
3083 	 */
3084 	if (svp->sv_origknconf != NULL)
3085 		nfs4_cb_args(np, svp->sv_origknconf, s_args);
3086 	else
3087 		nfs4_cb_args(np, svp->sv_knconf, s_args);
3088 
3089 	mutex_exit(&np->s_lock);
3090 
3091 	rfs4call(mi, &args, &res, cr, &doqueue, 0, ep);
3092 
3093 	if (ep->error)
3094 		return;
3095 
3096 	/* getattr lease_time res */
3097 	if (res.array_len >= 2) {
3098 		garp = &res.array[1].nfs_resop4_u.opgetattr.ga_res;
3099 
3100 #ifndef _LP64
3101 		/*
3102 		 * The 32 bit client cannot handle a lease time greater than
3103 		 * (INT32_MAX/1000000).  This is due to the use of the
3104 		 * lease_time in calls to drv_usectohz() in
3105 		 * nfs4_renew_lease_thread().  The problem is that
3106 		 * drv_usectohz() takes a time_t (which is just a long = 4
3107 		 * bytes) as its parameter.  The lease_time is multiplied by
3108 		 * 1000000 to convert seconds to usecs for the parameter.  If
3109 		 * a number bigger than (INT32_MAX/1000000) is used then we
3110 		 * overflow on the 32bit client.
3111 		 */
3112 		if (garp->n4g_ext_res->n4g_leasetime > (INT32_MAX/1000000)) {
3113 			garp->n4g_ext_res->n4g_leasetime = INT32_MAX/1000000;
3114 		}
3115 #endif
3116 
3117 		mutex_enter(&np->s_lock);
3118 		np->s_lease_time = garp->n4g_ext_res->n4g_leasetime;
3119 
3120 		/*
3121 		 * Keep track of the lease period for the mi's
3122 		 * mi_msg_list.  We need an appropiate time
3123 		 * bound to associate past facts with a current
3124 		 * event.  The lease period is perfect for this.
3125 		 */
3126 		mutex_enter(&mi->mi_msg_list_lock);
3127 		mi->mi_lease_period = np->s_lease_time;
3128 		mutex_exit(&mi->mi_msg_list_lock);
3129 		mutex_exit(&np->s_lock);
3130 	}
3131 
3132 
3133 	if (res.status == NFS4ERR_CLID_INUSE) {
3134 		clientaddr4 *clid_inuse;
3135 
3136 		if (!(*retry_inusep)) {
3137 			clid_inuse = &res.array->nfs_resop4_u.
3138 			    opsetclientid.SETCLIENTID4res_u.client_using;
3139 
3140 			zcmn_err(mi->mi_zone->zone_id, CE_NOTE,
3141 			    "NFS4 mount (SETCLIENTID failed)."
3142 			    "  nfs4_client_id.id is in"
3143 			    "use already by: r_netid<%s> r_addr<%s>",
3144 			    clid_inuse->r_netid, clid_inuse->r_addr);
3145 		}
3146 
3147 		/*
3148 		 * XXX - The client should be more robust in its
3149 		 * handling of clientid in use errors (regen another
3150 		 * clientid and try again?)
3151 		 */
3152 		(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
3153 		return;
3154 	}
3155 
3156 	if (res.status) {
3157 		(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
3158 		return;
3159 	}
3160 
3161 	s_resok = &res.array[2].nfs_resop4_u.
3162 	    opsetclientid.SETCLIENTID4res_u.resok4;
3163 
3164 	tmp_clientid = s_resok->clientid;
3165 
3166 	verf = s_resok->setclientid_confirm;
3167 
3168 #ifdef	DEBUG
3169 	if (nfs4setclientid_otw_debug) {
3170 		union {
3171 			clientid4	clientid;
3172 			int		foo[2];
3173 		} cid;
3174 
3175 		cid.clientid = s_resok->clientid;
3176 
3177 		zcmn_err(mi->mi_zone->zone_id, CE_NOTE,
3178 		"nfs4setclientid_otw: OK, clientid = %x,%x, "
3179 		"verifier = %" PRIx64 "\n", cid.foo[0], cid.foo[1], verf);
3180 	}
3181 #endif
3182 
3183 	(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
3184 
3185 	/* Confirm the client id and get the lease_time attribute */
3186 
3187 	args.ctag = TAG_SETCLIENTID_CF;
3188 
3189 	args.array = argop;
3190 	args.array_len = 1;
3191 
3192 	argop[0].argop = OP_SETCLIENTID_CONFIRM;
3193 
3194 	argop[0].nfs_argop4_u.opsetclientid_confirm.clientid = tmp_clientid;
3195 	argop[0].nfs_argop4_u.opsetclientid_confirm.setclientid_confirm = verf;
3196 
3197 	/* used to figure out RTT for np */
3198 	gethrestime(&prop_time);
3199 
3200 	NFS4_DEBUG(nfs4_client_lease_debug, (CE_NOTE, "nfs4setlientid_otw: "
3201 	    "start time: %ld sec %ld nsec", prop_time.tv_sec,
3202 	    prop_time.tv_nsec));
3203 
3204 	rfs4call(mi, &args, &res, cr, &doqueue, 0, ep);
3205 
3206 	gethrestime(&after_time);
3207 	mutex_enter(&np->s_lock);
3208 	np->propagation_delay.tv_sec =
3209 	    MAX(1, after_time.tv_sec - prop_time.tv_sec);
3210 	mutex_exit(&np->s_lock);
3211 
3212 	NFS4_DEBUG(nfs4_client_lease_debug, (CE_NOTE, "nfs4setlcientid_otw: "
3213 	    "finish time: %ld sec ", after_time.tv_sec));
3214 
3215 	NFS4_DEBUG(nfs4_client_lease_debug, (CE_NOTE, "nfs4setclientid_otw: "
3216 	    "propagation delay set to %ld sec",
3217 	    np->propagation_delay.tv_sec));
3218 
3219 	if (ep->error)
3220 		return;
3221 
3222 	if (res.status == NFS4ERR_CLID_INUSE) {
3223 		clientaddr4 *clid_inuse;
3224 
3225 		if (!(*retry_inusep)) {
3226 			clid_inuse = &res.array->nfs_resop4_u.
3227 			    opsetclientid.SETCLIENTID4res_u.client_using;
3228 
3229 			zcmn_err(mi->mi_zone->zone_id, CE_NOTE,
3230 			    "SETCLIENTID_CONFIRM failed.  "
3231 			    "nfs4_client_id.id is in use already by: "
3232 			    "r_netid<%s> r_addr<%s>",
3233 			    clid_inuse->r_netid, clid_inuse->r_addr);
3234 		}
3235 
3236 		(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
3237 		return;
3238 	}
3239 
3240 	if (res.status) {
3241 		(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
3242 		return;
3243 	}
3244 
3245 	mutex_enter(&np->s_lock);
3246 	np->clientid = tmp_clientid;
3247 	np->s_flags |= N4S_CLIENTID_SET;
3248 
3249 	/* Add mi to np's mntinfo4 list */
3250 	nfs4_add_mi_to_server(np, mi);
3251 
3252 	if (np->lease_valid == NFS4_LEASE_NOT_STARTED) {
3253 		/*
3254 		 * Start lease management thread.
3255 		 * Keep trying until we succeed.
3256 		 */
3257 
3258 		np->s_refcnt++;		/* pass reference to thread */
3259 		(void) zthread_create(NULL, 0, nfs4_renew_lease_thread, np, 0,
3260 		    minclsyspri);
3261 	}
3262 	mutex_exit(&np->s_lock);
3263 
3264 	(void) xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
3265 }
3266 
3267 /*
3268  * Add mi to sp's mntinfo4_list if it isn't already in the list.  Makes
3269  * mi's clientid the same as sp's.
3270  * Assumes sp is locked down.
3271  */
3272 void
3273 nfs4_add_mi_to_server(nfs4_server_t *sp, mntinfo4_t *mi)
3274 {
3275 	mntinfo4_t *tmi;
3276 	int in_list = 0;
3277 
3278 	ASSERT(nfs_rw_lock_held(&mi->mi_recovlock, RW_READER) ||
3279 	    nfs_rw_lock_held(&mi->mi_recovlock, RW_WRITER));
3280 	ASSERT(sp != &nfs4_server_lst);
3281 	ASSERT(MUTEX_HELD(&sp->s_lock));
3282 
3283 	NFS4_DEBUG(nfs4_client_lease_debug, (CE_NOTE,
3284 	    "nfs4_add_mi_to_server: add mi %p to sp %p",
3285 	    (void*)mi, (void*)sp));
3286 
3287 	for (tmi = sp->mntinfo4_list;
3288 	    tmi != NULL;
3289 	    tmi = tmi->mi_clientid_next) {
3290 		if (tmi == mi) {
3291 			NFS4_DEBUG(nfs4_client_lease_debug,
3292 			    (CE_NOTE,
3293 			    "nfs4_add_mi_to_server: mi in list"));
3294 			in_list = 1;
3295 		}
3296 	}
3297 
3298 	/*
3299 	 * First put a hold on the mntinfo4's vfsp so that references via
3300 	 * mntinfo4_list will be valid.
3301 	 */
3302 	if (!in_list)
3303 		VFS_HOLD(mi->mi_vfsp);
3304 
3305 	NFS4_DEBUG(nfs4_client_lease_debug, (CE_NOTE, "nfs4_add_mi_to_server: "
3306 	    "hold vfs %p for mi: %p", (void*)mi->mi_vfsp, (void*)mi));
3307 
3308 	if (!in_list) {
3309 		if (sp->mntinfo4_list)
3310 			sp->mntinfo4_list->mi_clientid_prev = mi;
3311 		mi->mi_clientid_next = sp->mntinfo4_list;
3312 		sp->mntinfo4_list = mi;
3313 		mi->mi_srvsettime = gethrestime_sec();
3314 	}
3315 
3316 	/* set mi's clientid to that of sp's for later matching */
3317 	mi->mi_clientid = sp->clientid;
3318 
3319 	/*
3320 	 * Update the clientid for any other mi's belonging to sp.  This
3321 	 * must be done here while we hold sp->s_lock, so that
3322 	 * find_nfs4_server() continues to work.
3323 	 */
3324 
3325 	for (tmi = sp->mntinfo4_list;
3326 	    tmi != NULL;
3327 	    tmi = tmi->mi_clientid_next) {
3328 		if (tmi != mi) {
3329 			tmi->mi_clientid = sp->clientid;
3330 		}
3331 	}
3332 }
3333 
3334 /*
3335  * Remove the mi from sp's mntinfo4_list and release its reference.
3336  * Exception: if mi still has open files, flag it for later removal (when
3337  * all the files are closed).
3338  *
3339  * If this is the last mntinfo4 in sp's list then tell the lease renewal
3340  * thread to exit.
3341  */
3342 static void
3343 nfs4_remove_mi_from_server_nolock(mntinfo4_t *mi, nfs4_server_t *sp)
3344 {
3345 	NFS4_DEBUG(nfs4_client_lease_debug, (CE_NOTE,
3346 	    "nfs4_remove_mi_from_server_nolock: remove mi %p from sp %p",
3347 	    (void*)mi, (void*)sp));
3348 
3349 	ASSERT(sp != NULL);
3350 	ASSERT(MUTEX_HELD(&sp->s_lock));
3351 	ASSERT(mi->mi_open_files >= 0);
3352 
3353 	/*
3354 	 * First make sure this mntinfo4 can be taken off of the list,
3355 	 * ie: it doesn't have any open files remaining.
3356 	 */
3357 	if (mi->mi_open_files > 0) {
3358 		NFS4_DEBUG(nfs4_client_lease_debug, (CE_NOTE,
3359 		    "nfs4_remove_mi_from_server_nolock: don't "
3360 		    "remove mi since it still has files open"));
3361 
3362 		mutex_enter(&mi->mi_lock);
3363 		mi->mi_flags |= MI4_REMOVE_ON_LAST_CLOSE;
3364 		mutex_exit(&mi->mi_lock);
3365 		return;
3366 	}
3367 
3368 	VFS_HOLD(mi->mi_vfsp);
3369 	remove_mi(sp, mi);
3370 	VFS_RELE(mi->mi_vfsp);
3371 
3372 	if (sp->mntinfo4_list == NULL) {
3373 		/* last fs unmounted, kill the thread */
3374 		NFS4_DEBUG(nfs4_client_lease_debug, (CE_NOTE,
3375 		    "remove_mi_from_nfs4_server_nolock: kill the thread"));
3376 		nfs4_mark_srv_dead(sp);
3377 	}
3378 }
3379 
3380 /*
3381  * Remove mi from sp's mntinfo4_list and release the vfs reference.
3382  */
3383 static void
3384 remove_mi(nfs4_server_t *sp, mntinfo4_t *mi)
3385 {
3386 	ASSERT(MUTEX_HELD(&sp->s_lock));
3387 
3388 	/*
3389 	 * We release a reference, and the caller must still have a
3390 	 * reference.
3391 	 */
3392 	ASSERT(mi->mi_vfsp->vfs_count >= 2);
3393 
3394 	if (mi->mi_clientid_prev) {
3395 		mi->mi_clientid_prev->mi_clientid_next = mi->mi_clientid_next;
3396 	} else {
3397 		/* This is the first mi in sp's mntinfo4_list */
3398 		/*
3399 		 * Make sure the first mntinfo4 in the list is the actual
3400 		 * mntinfo4 passed in.
3401 		 */
3402 		ASSERT(sp->mntinfo4_list == mi);
3403 
3404 		sp->mntinfo4_list = mi->mi_clientid_next;
3405 	}
3406 	if (mi->mi_clientid_next)
3407 		mi->mi_clientid_next->mi_clientid_prev = mi->mi_clientid_prev;
3408 
3409 	/* Now mark the mntinfo4's links as being removed */
3410 	mi->mi_clientid_prev = mi->mi_clientid_next = NULL;
3411 
3412 	VFS_RELE(mi->mi_vfsp);
3413 }
3414 
3415 /*
3416  * Free all the entries in sp's mntinfo4_list.
3417  */
3418 static void
3419 remove_all_mi(nfs4_server_t *sp)
3420 {
3421 	mntinfo4_t *mi;
3422 
3423 	ASSERT(MUTEX_HELD(&sp->s_lock));
3424 
3425 	while (sp->mntinfo4_list != NULL) {
3426 		mi = sp->mntinfo4_list;
3427 		/*
3428 		 * Grab a reference in case there is only one left (which
3429 		 * remove_mi() frees).
3430 		 */
3431 		VFS_HOLD(mi->mi_vfsp);
3432 		remove_mi(sp, mi);
3433 		VFS_RELE(mi->mi_vfsp);
3434 	}
3435 }
3436 
3437 /*
3438  * Remove the mi from sp's mntinfo4_list as above, and rele the vfs.
3439  *
3440  * This version can be called with a null nfs4_server_t arg,
3441  * and will either find the right one and handle locking, or
3442  * do nothing because the mi wasn't added to an sp's mntinfo4_list.
3443  */
3444 void
3445 nfs4_remove_mi_from_server(mntinfo4_t *mi, nfs4_server_t *esp)
3446 {
3447 	nfs4_server_t	*sp;
3448 
3449 	if (esp == NULL) {
3450 		(void) nfs_rw_enter_sig(&mi->mi_recovlock, RW_READER, 0);
3451 		sp = find_nfs4_server_all(mi, 1);
3452 	} else
3453 		sp = esp;
3454 
3455 	if (sp != NULL)
3456 		nfs4_remove_mi_from_server_nolock(mi, sp);
3457 
3458 	/*
3459 	 * If we had a valid esp as input, the calling function will be
3460 	 * responsible for unlocking the esp nfs4_server.
3461 	 */
3462 	if (esp == NULL) {
3463 		if (sp != NULL)
3464 			mutex_exit(&sp->s_lock);
3465 		nfs_rw_exit(&mi->mi_recovlock);
3466 		if (sp != NULL)
3467 			nfs4_server_rele(sp);
3468 	}
3469 }
3470 
3471 /*
3472  * Return TRUE if the given server has any non-unmounted filesystems.
3473  */
3474 
3475 bool_t
3476 nfs4_fs_active(nfs4_server_t *sp)
3477 {
3478 	mntinfo4_t *mi;
3479 
3480 	ASSERT(MUTEX_HELD(&sp->s_lock));
3481 
3482 	for (mi = sp->mntinfo4_list; mi != NULL; mi = mi->mi_clientid_next) {
3483 		if (!(mi->mi_vfsp->vfs_flag & VFS_UNMOUNTED))
3484 			return (TRUE);
3485 	}
3486 
3487 	return (FALSE);
3488 }
3489 
3490 /*
3491  * Mark sp as finished and notify any waiters.
3492  */
3493 
3494 void
3495 nfs4_mark_srv_dead(nfs4_server_t *sp)
3496 {
3497 	ASSERT(MUTEX_HELD(&sp->s_lock));
3498 
3499 	sp->s_thread_exit = NFS4_THREAD_EXIT;
3500 	cv_broadcast(&sp->cv_thread_exit);
3501 }
3502 
3503 /*
3504  * Create a new nfs4_server_t structure.
3505  * Returns new node unlocked and not in list, but with a reference count of
3506  * 1.
3507  */
3508 struct nfs4_server *
3509 new_nfs4_server(struct servinfo4 *svp, cred_t *cr)
3510 {
3511 	struct nfs4_server *np;
3512 	timespec_t tt;
3513 	union {
3514 		struct {
3515 			uint32_t sec;
3516 			uint32_t subsec;
3517 		} un_curtime;
3518 		verifier4	un_verifier;
3519 	} nfs4clientid_verifier;
3520 	char id_val[] = "Solaris: %s, NFSv4 kernel client";
3521 	int len;
3522 
3523 	np = kmem_zalloc(sizeof (struct nfs4_server), KM_SLEEP);
3524 	np->saddr.len = svp->sv_addr.len;
3525 	np->saddr.maxlen = svp->sv_addr.maxlen;
3526 	np->saddr.buf = kmem_alloc(svp->sv_addr.maxlen, KM_SLEEP);
3527 	bcopy(svp->sv_addr.buf, np->saddr.buf, svp->sv_addr.len);
3528 	np->s_refcnt = 1;
3529 
3530 	/*
3531 	 * Build the nfs_client_id4 for this server mount.  Ensure
3532 	 * the verifier is useful and that the identification is
3533 	 * somehow based on the server's address for the case of
3534 	 * multi-homed servers.
3535 	 */
3536 	nfs4clientid_verifier.un_verifier = 0;
3537 	gethrestime(&tt);
3538 	nfs4clientid_verifier.un_curtime.sec = (uint32_t)tt.tv_sec;
3539 	nfs4clientid_verifier.un_curtime.subsec = (uint32_t)tt.tv_nsec;
3540 	np->clidtosend.verifier = nfs4clientid_verifier.un_verifier;
3541 
3542 	/*
3543 	 * calculate the length of the opaque identifier.  Subtract 2
3544 	 * for the "%s" and add the traditional +1 for null
3545 	 * termination.
3546 	 */
3547 	len = strlen(id_val) - 2 + strlen(uts_nodename()) + 1;
3548 	np->clidtosend.id_len = len + np->saddr.maxlen;
3549 
3550 	np->clidtosend.id_val = kmem_alloc(np->clidtosend.id_len, KM_SLEEP);
3551 	(void) sprintf(np->clidtosend.id_val, id_val, uts_nodename());
3552 	bcopy(np->saddr.buf, &np->clidtosend.id_val[len], np->saddr.len);
3553 
3554 	np->s_flags = 0;
3555 	np->mntinfo4_list = NULL;
3556 	/* save cred for issuing rfs4calls inside the renew thread */
3557 	crhold(cr);
3558 	np->s_cred = cr;
3559 	cv_init(&np->cv_thread_exit, NULL, CV_DEFAULT, NULL);
3560 	mutex_init(&np->s_lock, NULL, MUTEX_DEFAULT, NULL);
3561 	nfs_rw_init(&np->s_recovlock, NULL, RW_DEFAULT, NULL);
3562 	list_create(&np->s_deleg_list, sizeof (rnode4_t),
3563 	    offsetof(rnode4_t, r_deleg_link));
3564 	np->s_thread_exit = 0;
3565 	np->state_ref_count = 0;
3566 	np->lease_valid = NFS4_LEASE_NOT_STARTED;
3567 	cv_init(&np->s_cv_otw_count, NULL, CV_DEFAULT, NULL);
3568 	cv_init(&np->s_clientid_pend, NULL, CV_DEFAULT, NULL);
3569 	np->s_otw_call_count = 0;
3570 	cv_init(&np->wait_cb_null, NULL, CV_DEFAULT, NULL);
3571 	np->zoneid = getzoneid();
3572 	np->zone_globals = nfs4_get_callback_globals();
3573 	ASSERT(np->zone_globals != NULL);
3574 	return (np);
3575 }
3576 
3577 /*
3578  * Create a new nfs4_server_t structure and add it to the list.
3579  * Returns new node locked; reference must eventually be freed.
3580  */
3581 static struct nfs4_server *
3582 add_new_nfs4_server(struct servinfo4 *svp, cred_t *cr)
3583 {
3584 	nfs4_server_t *sp;
3585 
3586 	ASSERT(MUTEX_HELD(&nfs4_server_lst_lock));
3587 	sp = new_nfs4_server(svp, cr);
3588 	mutex_enter(&sp->s_lock);
3589 	insque(sp, &nfs4_server_lst);
3590 	sp->s_refcnt++;			/* list gets a reference */
3591 	sp->s_flags |= N4S_INSERTED;
3592 	sp->clientid = 0;
3593 	return (sp);
3594 }
3595 
3596 int nfs4_server_t_debug = 0;
3597 
3598 #ifdef lint
3599 extern void
3600 dumpnfs4slist(char *, mntinfo4_t *, clientid4, servinfo4_t *);
3601 #endif
3602 
3603 #ifndef lint
3604 #ifdef DEBUG
3605 void
3606 dumpnfs4slist(char *txt, mntinfo4_t *mi, clientid4 clientid, servinfo4_t *srv_p)
3607 {
3608 	int hash16(void *p, int len);
3609 	nfs4_server_t *np;
3610 
3611 	NFS4_DEBUG(nfs4_server_t_debug, (CE_NOTE,
3612 	    "dumping nfs4_server_t list in %s", txt));
3613 	NFS4_DEBUG(nfs4_server_t_debug, (CE_CONT,
3614 	    "mi 0x%p, want clientid %llx, addr %d/%04X",
3615 	    mi, (longlong_t)clientid, srv_p->sv_addr.len,
3616 	    hash16((void *)srv_p->sv_addr.buf, srv_p->sv_addr.len)));
3617 	for (np = nfs4_server_lst.forw; np != &nfs4_server_lst;
3618 	    np = np->forw) {
3619 		NFS4_DEBUG(nfs4_server_t_debug, (CE_CONT,
3620 		    "node 0x%p,    clientid %llx, addr %d/%04X, cnt %d",
3621 		    np, (longlong_t)np->clientid, np->saddr.len,
3622 		    hash16((void *)np->saddr.buf, np->saddr.len),
3623 		    np->state_ref_count));
3624 		if (np->saddr.len == srv_p->sv_addr.len &&
3625 		    bcmp(np->saddr.buf, srv_p->sv_addr.buf,
3626 		    np->saddr.len) == 0)
3627 			NFS4_DEBUG(nfs4_server_t_debug, (CE_CONT,
3628 			    " - address matches"));
3629 		if (np->clientid == clientid || np->clientid == 0)
3630 			NFS4_DEBUG(nfs4_server_t_debug, (CE_CONT,
3631 			    " - clientid matches"));
3632 		if (np->s_thread_exit != NFS4_THREAD_EXIT)
3633 			NFS4_DEBUG(nfs4_server_t_debug, (CE_CONT,
3634 			    " - thread not exiting"));
3635 	}
3636 	delay(hz);
3637 }
3638 #endif
3639 #endif
3640 
3641 
3642 /*
3643  * Move a mntinfo4_t from one server list to another.
3644  * Locking of the two nfs4_server_t nodes will be done in list order.
3645  *
3646  * Returns NULL if the current nfs4_server_t for the filesystem could not
3647  * be found (e.g., due to forced unmount).  Otherwise returns a reference
3648  * to the new nfs4_server_t, which must eventually be freed.
3649  */
3650 nfs4_server_t *
3651 nfs4_move_mi(mntinfo4_t *mi, servinfo4_t *old, servinfo4_t *new)
3652 {
3653 	nfs4_server_t *p, *op = NULL, *np = NULL;
3654 	int num_open;
3655 	zoneid_t zoneid = nfs_zoneid();
3656 
3657 	ASSERT(nfs_zone() == mi->mi_zone);
3658 
3659 	mutex_enter(&nfs4_server_lst_lock);
3660 #ifdef DEBUG
3661 	if (nfs4_server_t_debug)
3662 		dumpnfs4slist("nfs4_move_mi", mi, (clientid4)0, new);
3663 #endif
3664 	for (p = nfs4_server_lst.forw; p != &nfs4_server_lst; p = p->forw) {
3665 		if (p->zoneid != zoneid)
3666 			continue;
3667 		if (p->saddr.len == old->sv_addr.len &&
3668 		    bcmp(p->saddr.buf, old->sv_addr.buf, p->saddr.len) == 0 &&
3669 		    p->s_thread_exit != NFS4_THREAD_EXIT) {
3670 			op = p;
3671 			mutex_enter(&op->s_lock);
3672 			op->s_refcnt++;
3673 		}
3674 		if (p->saddr.len == new->sv_addr.len &&
3675 		    bcmp(p->saddr.buf, new->sv_addr.buf, p->saddr.len) == 0 &&
3676 		    p->s_thread_exit != NFS4_THREAD_EXIT) {
3677 			np = p;
3678 			mutex_enter(&np->s_lock);
3679 		}
3680 		if (op != NULL && np != NULL)
3681 			break;
3682 	}
3683 	if (op == NULL) {
3684 		/*
3685 		 * Filesystem has been forcibly unmounted.  Bail out.
3686 		 */
3687 		if (np != NULL)
3688 			mutex_exit(&np->s_lock);
3689 		mutex_exit(&nfs4_server_lst_lock);
3690 		return (NULL);
3691 	}
3692 	if (np != NULL) {
3693 		np->s_refcnt++;
3694 	} else {
3695 #ifdef DEBUG
3696 		NFS4_DEBUG(nfs4_client_failover_debug, (CE_NOTE,
3697 		    "nfs4_move_mi: no target nfs4_server, will create."));
3698 #endif
3699 		np = add_new_nfs4_server(new, kcred);
3700 	}
3701 	mutex_exit(&nfs4_server_lst_lock);
3702 
3703 	NFS4_DEBUG(nfs4_client_failover_debug, (CE_NOTE,
3704 	    "nfs4_move_mi: for mi 0x%p, "
3705 	    "old servinfo4 0x%p, new servinfo4 0x%p, "
3706 	    "old nfs4_server 0x%p, new nfs4_server 0x%p, ",
3707 	    (void*)mi, (void*)old, (void*)new,
3708 	    (void*)op, (void*)np));
3709 	ASSERT(op != NULL && np != NULL);
3710 
3711 	/* discard any delegations */
3712 	nfs4_deleg_discard(mi, op);
3713 
3714 	num_open = mi->mi_open_files;
3715 	mi->mi_open_files = 0;
3716 	op->state_ref_count -= num_open;
3717 	ASSERT(op->state_ref_count >= 0);
3718 	np->state_ref_count += num_open;
3719 	nfs4_remove_mi_from_server_nolock(mi, op);
3720 	mi->mi_open_files = num_open;
3721 	NFS4_DEBUG(nfs4_client_failover_debug, (CE_NOTE,
3722 	    "nfs4_move_mi: mi_open_files %d, op->cnt %d, np->cnt %d",
3723 	    mi->mi_open_files, op->state_ref_count, np->state_ref_count));
3724 
3725 	nfs4_add_mi_to_server(np, mi);
3726 
3727 	mutex_exit(&op->s_lock);
3728 	nfs4_server_rele(op);
3729 	mutex_exit(&np->s_lock);
3730 
3731 	return (np);
3732 }
3733 
3734 /*
3735  * Need to have the nfs4_server_lst_lock.
3736  * Search the nfs4_server list to find a match on this servinfo4
3737  * based on its address.
3738  *
3739  * Returns NULL if no match is found.  Otherwise returns a reference (which
3740  * must eventually be freed) to a locked nfs4_server.
3741  */
3742 nfs4_server_t *
3743 servinfo4_to_nfs4_server(servinfo4_t *srv_p)
3744 {
3745 	nfs4_server_t *np;
3746 	zoneid_t zoneid = nfs_zoneid();
3747 
3748 	ASSERT(MUTEX_HELD(&nfs4_server_lst_lock));
3749 	for (np = nfs4_server_lst.forw; np != &nfs4_server_lst; np = np->forw) {
3750 		if (np->zoneid == zoneid &&
3751 		    np->saddr.len == srv_p->sv_addr.len &&
3752 		    bcmp(np->saddr.buf, srv_p->sv_addr.buf,
3753 		    np->saddr.len) == 0 &&
3754 		    np->s_thread_exit != NFS4_THREAD_EXIT) {
3755 			mutex_enter(&np->s_lock);
3756 			np->s_refcnt++;
3757 			return (np);
3758 		}
3759 	}
3760 	return (NULL);
3761 }
3762 
3763 /*
3764  * Search the nfs4_server_lst to find a match based on clientid and
3765  * addr.
3766  * Locks the nfs4_server down if it is found and returns a reference that
3767  * must eventually be freed.
3768  *
3769  * Returns NULL it no match is found.  This means one of two things: either
3770  * mi is in the process of being mounted, or mi has been unmounted.
3771  *
3772  * The caller should be holding mi->mi_recovlock, and it should continue to
3773  * hold the lock until done with the returned nfs4_server_t.  Once
3774  * mi->mi_recovlock is released, there is no guarantee that the returned
3775  * mi->nfs4_server_t will continue to correspond to mi.
3776  */
3777 nfs4_server_t *
3778 find_nfs4_server(mntinfo4_t *mi)
3779 {
3780 	return (find_nfs4_server_all(mi, 0));
3781 }
3782 
3783 /*
3784  * Same as above, but takes an "all" parameter which can be
3785  * set to 1 if the caller wishes to find nfs4_server_t's which
3786  * have been marked for termination by the exit of the renew
3787  * thread.  This should only be used by operations which are
3788  * cleaning up and will not cause an OTW op.
3789  */
3790 nfs4_server_t *
3791 find_nfs4_server_all(mntinfo4_t *mi, int all)
3792 {
3793 	nfs4_server_t *np;
3794 	servinfo4_t *svp;
3795 	zoneid_t zoneid = mi->mi_zone->zone_id;
3796 
3797 	ASSERT(nfs_rw_lock_held(&mi->mi_recovlock, RW_READER) ||
3798 	    nfs_rw_lock_held(&mi->mi_recovlock, RW_WRITER));
3799 	/*
3800 	 * This can be called from nfs4_unmount() which can be called from the
3801 	 * global zone, hence it's legal for the global zone to muck with
3802 	 * another zone's server list, as long as it doesn't try to contact
3803 	 * them.
3804 	 */
3805 	ASSERT(zoneid == getzoneid() || getzoneid() == GLOBAL_ZONEID ||
3806 	    nfs_global_client_only != 0);
3807 
3808 	/*
3809 	 * The nfs4_server_lst_lock global lock is held when we get a new
3810 	 * clientid (via SETCLIENTID OTW).  Holding this global lock and
3811 	 * mi_recovlock (READER is fine) ensures that the nfs4_server
3812 	 * and this mntinfo4 can't get out of sync, so the following search is
3813 	 * always valid.
3814 	 */
3815 	mutex_enter(&nfs4_server_lst_lock);
3816 #ifdef DEBUG
3817 	if (nfs4_server_t_debug) {
3818 		/* mi->mi_clientid is unprotected, ok for debug output */
3819 		dumpnfs4slist("find_nfs4_server", mi, mi->mi_clientid,
3820 		    mi->mi_curr_serv);
3821 	}
3822 #endif
3823 	for (np = nfs4_server_lst.forw; np != &nfs4_server_lst; np = np->forw) {
3824 		mutex_enter(&np->s_lock);
3825 		svp = mi->mi_curr_serv;
3826 
3827 		if (np->zoneid == zoneid &&
3828 		    np->clientid == mi->mi_clientid &&
3829 		    np->saddr.len == svp->sv_addr.len &&
3830 		    bcmp(np->saddr.buf, svp->sv_addr.buf, np->saddr.len) == 0 &&
3831 		    (np->s_thread_exit != NFS4_THREAD_EXIT || all != 0)) {
3832 			mutex_exit(&nfs4_server_lst_lock);
3833 			np->s_refcnt++;
3834 			return (np);
3835 		}
3836 		mutex_exit(&np->s_lock);
3837 	}
3838 	mutex_exit(&nfs4_server_lst_lock);
3839 
3840 	return (NULL);
3841 }
3842 
3843 /*
3844  * Release the reference to sp and destroy it if that's the last one.
3845  */
3846 
3847 void
3848 nfs4_server_rele(nfs4_server_t *sp)
3849 {
3850 	mutex_enter(&sp->s_lock);
3851 	ASSERT(sp->s_refcnt > 0);
3852 	sp->s_refcnt--;
3853 	if (sp->s_refcnt > 0) {
3854 		mutex_exit(&sp->s_lock);
3855 		return;
3856 	}
3857 	mutex_exit(&sp->s_lock);
3858 
3859 	mutex_enter(&nfs4_server_lst_lock);
3860 	mutex_enter(&sp->s_lock);
3861 	if (sp->s_refcnt > 0) {
3862 		mutex_exit(&sp->s_lock);
3863 		mutex_exit(&nfs4_server_lst_lock);
3864 		return;
3865 	}
3866 	remque(sp);
3867 	sp->forw = sp->back = NULL;
3868 	mutex_exit(&nfs4_server_lst_lock);
3869 	destroy_nfs4_server(sp);
3870 }
3871 
3872 static void
3873 destroy_nfs4_server(nfs4_server_t *sp)
3874 {
3875 	ASSERT(MUTEX_HELD(&sp->s_lock));
3876 	ASSERT(sp->s_refcnt == 0);
3877 	ASSERT(sp->s_otw_call_count == 0);
3878 
3879 	remove_all_mi(sp);
3880 
3881 	crfree(sp->s_cred);
3882 	kmem_free(sp->saddr.buf, sp->saddr.maxlen);
3883 	kmem_free(sp->clidtosend.id_val, sp->clidtosend.id_len);
3884 	mutex_exit(&sp->s_lock);
3885 
3886 	/* destroy the nfs4_server */
3887 	nfs4callback_destroy(sp);
3888 	list_destroy(&sp->s_deleg_list);
3889 	mutex_destroy(&sp->s_lock);
3890 	cv_destroy(&sp->cv_thread_exit);
3891 	cv_destroy(&sp->s_cv_otw_count);
3892 	cv_destroy(&sp->s_clientid_pend);
3893 	cv_destroy(&sp->wait_cb_null);
3894 	nfs_rw_destroy(&sp->s_recovlock);
3895 	kmem_free(sp, sizeof (*sp));
3896 }
3897 
3898 /*
3899  * Lock sp, but only if it's still active (in the list and hasn't been
3900  * flagged as exiting) or 'all' is non-zero.
3901  * Returns TRUE if sp got locked and adds a reference to sp.
3902  */
3903 bool_t
3904 nfs4_server_vlock(nfs4_server_t *sp, int all)
3905 {
3906 	nfs4_server_t *np;
3907 
3908 	mutex_enter(&nfs4_server_lst_lock);
3909 	for (np = nfs4_server_lst.forw; np != &nfs4_server_lst; np = np->forw) {
3910 		if (sp == np && (np->s_thread_exit != NFS4_THREAD_EXIT ||
3911 		    all != 0)) {
3912 			mutex_enter(&np->s_lock);
3913 			np->s_refcnt++;
3914 			mutex_exit(&nfs4_server_lst_lock);
3915 			return (TRUE);
3916 		}
3917 	}
3918 	mutex_exit(&nfs4_server_lst_lock);
3919 	return (FALSE);
3920 }
3921 
3922 /*
3923  * Fork off a thread to free the data structures for a mount.
3924  */
3925 
3926 static void
3927 async_free_mount(vfs_t *vfsp, int flag, cred_t *cr)
3928 {
3929 	freemountargs_t *args;
3930 	args = kmem_alloc(sizeof (freemountargs_t), KM_SLEEP);
3931 	args->fm_vfsp = vfsp;
3932 	VFS_HOLD(vfsp);
3933 	MI4_HOLD(VFTOMI4(vfsp));
3934 	args->fm_flag = flag;
3935 	args->fm_cr = cr;
3936 	crhold(cr);
3937 	(void) zthread_create(NULL, 0, nfs4_free_mount_thread, args, 0,
3938 	    minclsyspri);
3939 }
3940 
3941 static void
3942 nfs4_free_mount_thread(freemountargs_t *args)
3943 {
3944 	mntinfo4_t *mi;
3945 	nfs4_free_mount(args->fm_vfsp, args->fm_flag, args->fm_cr);
3946 	mi = VFTOMI4(args->fm_vfsp);
3947 	crfree(args->fm_cr);
3948 	VFS_RELE(args->fm_vfsp);
3949 	MI4_RELE(mi);
3950 	kmem_free(args, sizeof (freemountargs_t));
3951 	zthread_exit();
3952 	/* NOTREACHED */
3953 }
3954 
3955 /*
3956  * Thread to free the data structures for a given filesystem.
3957  */
3958 static void
3959 nfs4_free_mount(vfs_t *vfsp, int flag, cred_t *cr)
3960 {
3961 	mntinfo4_t		*mi = VFTOMI4(vfsp);
3962 	nfs4_server_t		*sp;
3963 	callb_cpr_t		cpr_info;
3964 	kmutex_t		cpr_lock;
3965 	boolean_t		async_thread;
3966 	int			removed;
3967 
3968 	bool_t			must_unlock = FALSE;
3969 	nfs4_ephemeral_tree_t	*eph_tree;
3970 
3971 	/*
3972 	 * We need to participate in the CPR framework if this is a kernel
3973 	 * thread.
3974 	 */
3975 	async_thread = (curproc == nfs_zone()->zone_zsched);
3976 	if (async_thread) {
3977 		mutex_init(&cpr_lock, NULL, MUTEX_DEFAULT, NULL);
3978 		CALLB_CPR_INIT(&cpr_info, &cpr_lock, callb_generic_cpr,
3979 		    "nfsv4AsyncUnmount");
3980 	}
3981 
3982 	/*
3983 	 * We need to wait for all outstanding OTW calls
3984 	 * and recovery to finish before we remove the mi
3985 	 * from the nfs4_server_t, as current pending
3986 	 * calls might still need this linkage (in order
3987 	 * to find a nfs4_server_t from a mntinfo4_t).
3988 	 */
3989 	(void) nfs_rw_enter_sig(&mi->mi_recovlock, RW_READER, FALSE);
3990 	sp = find_nfs4_server(mi);
3991 	nfs_rw_exit(&mi->mi_recovlock);
3992 
3993 	if (sp) {
3994 		while (sp->s_otw_call_count != 0) {
3995 			if (async_thread) {
3996 				mutex_enter(&cpr_lock);
3997 				CALLB_CPR_SAFE_BEGIN(&cpr_info);
3998 				mutex_exit(&cpr_lock);
3999 			}
4000 			cv_wait(&sp->s_cv_otw_count, &sp->s_lock);
4001 			if (async_thread) {
4002 				mutex_enter(&cpr_lock);
4003 				CALLB_CPR_SAFE_END(&cpr_info, &cpr_lock);
4004 				mutex_exit(&cpr_lock);
4005 			}
4006 		}
4007 		mutex_exit(&sp->s_lock);
4008 		nfs4_server_rele(sp);
4009 		sp = NULL;
4010 	}
4011 
4012 
4013 	mutex_enter(&mi->mi_lock);
4014 	while (mi->mi_in_recovery != 0) {
4015 		if (async_thread) {
4016 			mutex_enter(&cpr_lock);
4017 			CALLB_CPR_SAFE_BEGIN(&cpr_info);
4018 			mutex_exit(&cpr_lock);
4019 		}
4020 		cv_wait(&mi->mi_cv_in_recov, &mi->mi_lock);
4021 		if (async_thread) {
4022 			mutex_enter(&cpr_lock);
4023 			CALLB_CPR_SAFE_END(&cpr_info, &cpr_lock);
4024 			mutex_exit(&cpr_lock);
4025 		}
4026 	}
4027 	mutex_exit(&mi->mi_lock);
4028 
4029 	(void) nfs4_ephemeral_umount(mi, flag, cr,
4030 	    &must_unlock, &eph_tree);
4031 	nfs4_ephemeral_umount_activate(mi, &must_unlock, &eph_tree);
4032 
4033 	/*
4034 	 * The original purge of the dnlc via 'dounmount'
4035 	 * doesn't guarantee that another dnlc entry was not
4036 	 * added while we waitied for all outstanding OTW
4037 	 * and recovery calls to finish.  So re-purge the
4038 	 * dnlc now.
4039 	 */
4040 	(void) dnlc_purge_vfsp(vfsp, 0);
4041 
4042 	/*
4043 	 * We need to explicitly stop the manager thread; the asyc worker
4044 	 * threads can timeout and exit on their own.
4045 	 */
4046 	mutex_enter(&mi->mi_async_lock);
4047 	mi->mi_max_threads = 0;
4048 	cv_broadcast(&mi->mi_async_work_cv);
4049 	mutex_exit(&mi->mi_async_lock);
4050 	if (mi->mi_manager_thread)
4051 		nfs4_async_manager_stop(vfsp);
4052 
4053 	destroy_rtable4(vfsp, cr);
4054 
4055 	nfs4_remove_mi_from_server(mi, NULL);
4056 
4057 	if (async_thread) {
4058 		mutex_enter(&cpr_lock);
4059 		CALLB_CPR_EXIT(&cpr_info);	/* drops cpr_lock */
4060 		mutex_destroy(&cpr_lock);
4061 	}
4062 
4063 	removed = nfs4_mi_zonelist_remove(mi);
4064 	if (removed)
4065 		zone_rele(mi->mi_zone);
4066 }
4067