1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1989, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * This code is derived from software contributed to Berkeley by
8  * Rick Macklem at The University of Guelph.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the University nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  *
34  */
35 
36 #include <sys/cdefs.h>
37 __FBSDID("$FreeBSD$");
38 
39 /*
40  * Rpc op calls, generally called from the vnode op calls or through the
41  * buffer cache, for NFS v2, 3 and 4.
42  * These do not normally make any changes to vnode arguments or use
43  * structures that might change between the VFS variants. The returned
44  * arguments are all at the end, after the NFSPROC_T *p one.
45  */
46 
47 #include "opt_inet6.h"
48 
49 #include <fs/nfs/nfsport.h>
50 #include <fs/nfsclient/nfs.h>
51 #include <sys/extattr.h>
52 #include <sys/sysctl.h>
53 #include <sys/taskqueue.h>
54 
55 SYSCTL_DECL(_vfs_nfs);
56 
57 static int	nfsignore_eexist = 0;
58 SYSCTL_INT(_vfs_nfs, OID_AUTO, ignore_eexist, CTLFLAG_RW,
59     &nfsignore_eexist, 0, "NFS ignore EEXIST replies for mkdir/symlink");
60 
61 static int	nfscl_dssameconn = 0;
62 SYSCTL_INT(_vfs_nfs, OID_AUTO, dssameconn, CTLFLAG_RW,
63     &nfscl_dssameconn, 0, "Use same TCP connection to multiple DSs");
64 
65 static uint64_t nfs_maxcopyrange = SSIZE_MAX;
66 SYSCTL_U64(_vfs_nfs, OID_AUTO, maxcopyrange, CTLFLAG_RW,
67     &nfs_maxcopyrange, 0, "Max size of a Copy so RPC times reasonable");
68 
69 /*
70  * Global variables
71  */
72 extern struct nfsstatsv1 nfsstatsv1;
73 extern int nfs_numnfscbd;
74 extern struct timeval nfsboottime;
75 extern u_int32_t newnfs_false, newnfs_true;
76 extern nfstype nfsv34_type[9];
77 extern int nfsrv_useacl;
78 extern char nfsv4_callbackaddr[INET6_ADDRSTRLEN];
79 extern int nfscl_debuglevel;
80 extern int nfs_pnfsiothreads;
81 extern u_long sb_max_adj;
82 NFSCLSTATEMUTEX;
83 int nfstest_outofseq = 0;
84 int nfscl_assumeposixlocks = 1;
85 int nfscl_enablecallb = 0;
86 short nfsv4_cbport = NFSV4_CBPORT;
87 int nfstest_openallsetattr = 0;
88 
89 #define	DIRHDSIZ	offsetof(struct dirent, d_name)
90 
91 /*
92  * nfscl_getsameserver() can return one of three values:
93  * NFSDSP_USETHISSESSION - Use this session for the DS.
94  * NFSDSP_SEQTHISSESSION - Use the nfsclds_sequence field of this dsp for new
95  *     session.
96  * NFSDSP_NOTFOUND - No matching server was found.
97  */
98 enum nfsclds_state {
99 	NFSDSP_USETHISSESSION = 0,
100 	NFSDSP_SEQTHISSESSION = 1,
101 	NFSDSP_NOTFOUND = 2,
102 };
103 
104 /*
105  * Do a write RPC on a DS data file, using this structure for the arguments,
106  * so that this function can be executed by a separate kernel process.
107  */
108 struct nfsclwritedsdorpc {
109 	int			done;
110 	int			inprog;
111 	struct task		tsk;
112 	struct vnode		*vp;
113 	int			iomode;
114 	int			must_commit;
115 	nfsv4stateid_t		*stateidp;
116 	struct nfsclds		*dsp;
117 	uint64_t		off;
118 	int			len;
119 #ifdef notyet
120 	int			advise;
121 #endif
122 	struct nfsfh		*fhp;
123 	struct mbuf		*m;
124 	int			vers;
125 	int			minorvers;
126 	struct ucred		*cred;
127 	NFSPROC_T		*p;
128 	int			err;
129 };
130 
131 static int nfsrpc_setattrrpc(vnode_t , struct vattr *, nfsv4stateid_t *,
132     struct ucred *, NFSPROC_T *, struct nfsvattr *, int *, void *);
133 static int nfsrpc_readrpc(vnode_t , struct uio *, struct ucred *,
134     nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *, void *);
135 static int nfsrpc_writerpc(vnode_t , struct uio *, int *, int *,
136     struct ucred *, nfsv4stateid_t *, NFSPROC_T *, struct nfsvattr *, int *,
137     void *);
138 static int nfsrpc_createv23(vnode_t , char *, int, struct vattr *,
139     nfsquad_t, int, struct ucred *, NFSPROC_T *, struct nfsvattr *,
140     struct nfsvattr *, struct nfsfh **, int *, int *, void *);
141 static int nfsrpc_createv4(vnode_t , char *, int, struct vattr *,
142     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *,
143     NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *,
144     int *, void *, int *);
145 static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *,
146     struct nfscllockowner *, u_int64_t, u_int64_t,
147     u_int32_t, struct ucred *, NFSPROC_T *, int);
148 static int nfsrpc_setaclrpc(vnode_t, struct ucred *, NFSPROC_T *,
149     struct acl *, nfsv4stateid_t *, void *);
150 static int nfsrpc_layouterror(struct nfsmount *, uint8_t *, int, uint64_t,
151     uint64_t, nfsv4stateid_t *, struct ucred *, NFSPROC_T *, uint32_t,
152     uint32_t, char *);
153 static int nfsrpc_getlayout(struct nfsmount *, vnode_t, struct nfsfh *, int,
154     uint32_t, uint32_t *, nfsv4stateid_t *, uint64_t, struct nfscllayout **,
155     struct ucred *, NFSPROC_T *);
156 static int nfsrpc_fillsa(struct nfsmount *, struct sockaddr_in *,
157     struct sockaddr_in6 *, sa_family_t, int, int, struct nfsclds **,
158     NFSPROC_T *);
159 static void nfscl_initsessionslots(struct nfsclsession *);
160 static int nfscl_doflayoutio(vnode_t, struct uio *, int *, int *, int *,
161     nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
162     struct nfsclflayout *, uint64_t, uint64_t, int, struct ucred *,
163     NFSPROC_T *);
164 static int nfscl_dofflayoutio(vnode_t, struct uio *, int *, int *, int *,
165     nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
166     struct nfsclflayout *, uint64_t, uint64_t, int, int, struct mbuf *,
167     struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *);
168 static int nfsrpc_readds(vnode_t, struct uio *, nfsv4stateid_t *, int *,
169     struct nfsclds *, uint64_t, int, struct nfsfh *, int, int, int,
170     struct ucred *, NFSPROC_T *);
171 static int nfsrpc_writeds(vnode_t, struct uio *, int *, int *,
172     nfsv4stateid_t *, struct nfsclds *, uint64_t, int,
173     struct nfsfh *, int, int, int, int, struct ucred *, NFSPROC_T *);
174 static int nfsio_writedsmir(vnode_t, int *, int *, nfsv4stateid_t *,
175     struct nfsclds *, uint64_t, int, struct nfsfh *, struct mbuf *, int, int,
176     struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *);
177 static int nfsrpc_writedsmir(vnode_t, int *, int *, nfsv4stateid_t *,
178     struct nfsclds *, uint64_t, int, struct nfsfh *, struct mbuf *, int, int,
179     struct ucred *, NFSPROC_T *);
180 static enum nfsclds_state nfscl_getsameserver(struct nfsmount *,
181     struct nfsclds *, struct nfsclds **, uint32_t *);
182 static int nfsio_commitds(vnode_t, uint64_t, int, struct nfsclds *,
183     struct nfsfh *, int, int, struct nfsclwritedsdorpc *, struct ucred *,
184     NFSPROC_T *);
185 static int nfsrpc_commitds(vnode_t, uint64_t, int, struct nfsclds *,
186     struct nfsfh *, int, int, struct ucred *, NFSPROC_T *);
187 #ifdef notyet
188 static int nfsio_adviseds(vnode_t, uint64_t, int, int, struct nfsclds *,
189     struct nfsfh *, int, int, struct nfsclwritedsdorpc *, struct ucred *,
190     NFSPROC_T *);
191 static int nfsrpc_adviseds(vnode_t, uint64_t, int, int, struct nfsclds *,
192     struct nfsfh *, int, int, struct ucred *, NFSPROC_T *);
193 #endif
194 static int nfsrpc_allocaterpc(vnode_t, off_t, off_t, nfsv4stateid_t *,
195     struct nfsvattr *, int *, struct ucred *, NFSPROC_T *, void *);
196 static void nfsrv_setuplayoutget(struct nfsrv_descript *, int, uint64_t,
197     uint64_t, uint64_t, nfsv4stateid_t *, int, int, int);
198 static int nfsrv_parseug(struct nfsrv_descript *, int, uid_t *, gid_t *,
199     NFSPROC_T *);
200 static int nfsrv_parselayoutget(struct nfsmount *, struct nfsrv_descript *,
201     nfsv4stateid_t *, int *, struct nfsclflayouthead *);
202 static int nfsrpc_getopenlayout(struct nfsmount *, vnode_t, u_int8_t *,
203     int, uint8_t *, int, uint32_t, struct nfsclopen *, uint8_t *, int,
204     struct nfscldeleg **, struct ucred *, NFSPROC_T *);
205 static int nfsrpc_getcreatelayout(vnode_t, char *, int, struct vattr *,
206     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **,
207     struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *,
208     struct nfsfh **, int *, int *, void *, int *);
209 static int nfsrpc_openlayoutrpc(struct nfsmount *, vnode_t, u_int8_t *,
210     int, uint8_t *, int, uint32_t, struct nfsclopen *, uint8_t *, int,
211     struct nfscldeleg **, nfsv4stateid_t *, int, int, int, int *,
212     struct nfsclflayouthead *, int *, struct ucred *, NFSPROC_T *);
213 static int nfsrpc_createlayout(vnode_t, char *, int, struct vattr *,
214     nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **,
215     struct ucred *, NFSPROC_T *, struct nfsvattr *, struct nfsvattr *,
216     struct nfsfh **, int *, int *, void *, int *, nfsv4stateid_t *,
217     int, int, int, int *, struct nfsclflayouthead *, int *);
218 static int nfsrpc_layoutget(struct nfsmount *, uint8_t *, int, int, uint64_t,
219     uint64_t, uint64_t, int, int, nfsv4stateid_t *, int *,
220     struct nfsclflayouthead *, struct ucred *, NFSPROC_T *, void *);
221 static int nfsrpc_layoutgetres(struct nfsmount *, vnode_t, uint8_t *,
222     int, nfsv4stateid_t *, int, uint32_t *, struct nfscllayout **,
223     struct nfsclflayouthead *, int, int, int *, struct ucred *, NFSPROC_T *);
224 static int nfsrpc_copyrpc(vnode_t, off_t, vnode_t, off_t, size_t *,
225     nfsv4stateid_t *, nfsv4stateid_t *, struct nfsvattr *, int *,
226     struct nfsvattr *, int *, bool, int *, struct ucred *, NFSPROC_T *);
227 static int nfsrpc_seekrpc(vnode_t, off_t *, nfsv4stateid_t *, bool *,
228     int, struct nfsvattr *, int *, struct ucred *);
229 static struct mbuf *nfsm_split(struct mbuf *, uint64_t);
230 
231 int nfs_pnfsio(task_fn_t *, void *);
232 
233 /*
234  * nfs null call from vfs.
235  */
236 int
nfsrpc_null(vnode_t vp,struct ucred * cred,NFSPROC_T * p)237 nfsrpc_null(vnode_t vp, struct ucred *cred, NFSPROC_T *p)
238 {
239 	int error;
240 	struct nfsrv_descript nfsd, *nd = &nfsd;
241 
242 	NFSCL_REQSTART(nd, NFSPROC_NULL, vp);
243 	error = nfscl_request(nd, vp, p, cred, NULL);
244 	if (nd->nd_repstat && !error)
245 		error = nd->nd_repstat;
246 	m_freem(nd->nd_mrep);
247 	return (error);
248 }
249 
250 /*
251  * nfs access rpc op.
252  * For nfs version 3 and 4, use the access rpc to check accessibility. If file
253  * modes are changed on the server, accesses might still fail later.
254  */
255 int
nfsrpc_access(vnode_t vp,int acmode,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp)256 nfsrpc_access(vnode_t vp, int acmode, struct ucred *cred,
257     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp)
258 {
259 	int error;
260 	u_int32_t mode, rmode;
261 
262 	if (acmode & VREAD)
263 		mode = NFSACCESS_READ;
264 	else
265 		mode = 0;
266 	if (vnode_vtype(vp) == VDIR) {
267 		if (acmode & VWRITE)
268 			mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND |
269 				 NFSACCESS_DELETE);
270 		if (acmode & VEXEC)
271 			mode |= NFSACCESS_LOOKUP;
272 	} else {
273 		if (acmode & VWRITE)
274 			mode |= (NFSACCESS_MODIFY | NFSACCESS_EXTEND);
275 		if (acmode & VEXEC)
276 			mode |= NFSACCESS_EXECUTE;
277 	}
278 
279 	/*
280 	 * Now, just call nfsrpc_accessrpc() to do the actual RPC.
281 	 */
282 	error = nfsrpc_accessrpc(vp, mode, cred, p, nap, attrflagp, &rmode,
283 	    NULL);
284 
285 	/*
286 	 * The NFS V3 spec does not clarify whether or not
287 	 * the returned access bits can be a superset of
288 	 * the ones requested, so...
289 	 */
290 	if (!error && (rmode & mode) != mode)
291 		error = EACCES;
292 	return (error);
293 }
294 
295 /*
296  * The actual rpc, separated out for Darwin.
297  */
298 int
nfsrpc_accessrpc(vnode_t vp,u_int32_t mode,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,u_int32_t * rmodep,void * stuff)299 nfsrpc_accessrpc(vnode_t vp, u_int32_t mode, struct ucred *cred,
300     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, u_int32_t *rmodep,
301     void *stuff)
302 {
303 	u_int32_t *tl;
304 	u_int32_t supported, rmode;
305 	int error;
306 	struct nfsrv_descript nfsd, *nd = &nfsd;
307 	nfsattrbit_t attrbits;
308 
309 	*attrflagp = 0;
310 	supported = mode;
311 	NFSCL_REQSTART(nd, NFSPROC_ACCESS, vp);
312 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
313 	*tl = txdr_unsigned(mode);
314 	if (nd->nd_flag & ND_NFSV4) {
315 		/*
316 		 * And do a Getattr op.
317 		 */
318 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
319 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
320 		NFSGETATTR_ATTRBIT(&attrbits);
321 		(void) nfsrv_putattrbit(nd, &attrbits);
322 	}
323 	error = nfscl_request(nd, vp, p, cred, stuff);
324 	if (error)
325 		return (error);
326 	if (nd->nd_flag & ND_NFSV3) {
327 		error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
328 		if (error)
329 			goto nfsmout;
330 	}
331 	if (!nd->nd_repstat) {
332 		if (nd->nd_flag & ND_NFSV4) {
333 			NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
334 			supported = fxdr_unsigned(u_int32_t, *tl++);
335 		} else {
336 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
337 		}
338 		rmode = fxdr_unsigned(u_int32_t, *tl);
339 		if (nd->nd_flag & ND_NFSV4)
340 			error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
341 
342 		/*
343 		 * It's not obvious what should be done about
344 		 * unsupported access modes. For now, be paranoid
345 		 * and clear the unsupported ones.
346 		 */
347 		rmode &= supported;
348 		*rmodep = rmode;
349 	} else
350 		error = nd->nd_repstat;
351 nfsmout:
352 	m_freem(nd->nd_mrep);
353 	return (error);
354 }
355 
356 /*
357  * nfs open rpc
358  */
359 int
nfsrpc_open(vnode_t vp,int amode,struct ucred * cred,NFSPROC_T * p)360 nfsrpc_open(vnode_t vp, int amode, struct ucred *cred, NFSPROC_T *p)
361 {
362 	struct nfsclopen *op;
363 	struct nfscldeleg *dp;
364 	struct nfsfh *nfhp;
365 	struct nfsnode *np = VTONFS(vp);
366 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
367 	u_int32_t mode, clidrev;
368 	int ret, newone, error, expireret = 0, retrycnt;
369 
370 	/*
371 	 * For NFSv4, Open Ops are only done on Regular Files.
372 	 */
373 	if (vnode_vtype(vp) != VREG)
374 		return (0);
375 	mode = 0;
376 	if (amode & FREAD)
377 		mode |= NFSV4OPEN_ACCESSREAD;
378 	if (amode & FWRITE)
379 		mode |= NFSV4OPEN_ACCESSWRITE;
380 	nfhp = np->n_fhp;
381 
382 	retrycnt = 0;
383 #ifdef notdef
384 { char name[100]; int namel;
385 namel = (np->n_v4->n4_namelen < 100) ? np->n_v4->n4_namelen : 99;
386 bcopy(NFS4NODENAME(np->n_v4), name, namel);
387 name[namel] = '\0';
388 printf("rpcopen p=0x%x name=%s",p->p_pid,name);
389 if (nfhp->nfh_len > 0) printf(" fh=0x%x\n",nfhp->nfh_fh[12]);
390 else printf(" fhl=0\n");
391 }
392 #endif
393 	do {
394 	    dp = NULL;
395 	    error = nfscl_open(vp, nfhp->nfh_fh, nfhp->nfh_len, mode, 1,
396 		cred, p, NULL, &op, &newone, &ret, 1, true);
397 	    if (error) {
398 		return (error);
399 	    }
400 	    if (nmp->nm_clp != NULL)
401 		clidrev = nmp->nm_clp->nfsc_clientidrev;
402 	    else
403 		clidrev = 0;
404 	    if (ret == NFSCLOPEN_DOOPEN) {
405 		if (np->n_v4 != NULL) {
406 			/*
407 			 * For the first attempt, try and get a layout, if
408 			 * pNFS is enabled for the mount.
409 			 */
410 			if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
411 			    nfs_numnfscbd == 0 ||
412 			    (np->n_flag & NNOLAYOUT) != 0 || retrycnt > 0)
413 				error = nfsrpc_openrpc(nmp, vp,
414 				    np->n_v4->n4_data,
415 				    np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
416 				    np->n_fhp->nfh_len, mode, op,
417 				    NFS4NODENAME(np->n_v4),
418 				    np->n_v4->n4_namelen,
419 				    &dp, 0, 0x0, cred, p, 0, 0);
420 			else
421 				error = nfsrpc_getopenlayout(nmp, vp,
422 				    np->n_v4->n4_data,
423 				    np->n_v4->n4_fhlen, np->n_fhp->nfh_fh,
424 				    np->n_fhp->nfh_len, mode, op,
425 				    NFS4NODENAME(np->n_v4),
426 				    np->n_v4->n4_namelen, &dp, cred, p);
427 			if (dp != NULL) {
428 #ifdef APPLE
429 				OSBitAndAtomic((int32_t)~NDELEGMOD, (UInt32 *)&np->n_flag);
430 #else
431 				NFSLOCKNODE(np);
432 				np->n_flag &= ~NDELEGMOD;
433 				/*
434 				 * Invalidate the attribute cache, so that
435 				 * attributes that pre-date the issue of a
436 				 * delegation are not cached, since the
437 				 * cached attributes will remain valid while
438 				 * the delegation is held.
439 				 */
440 				NFSINVALATTRCACHE(np);
441 				NFSUNLOCKNODE(np);
442 #endif
443 				(void) nfscl_deleg(nmp->nm_mountp,
444 				    op->nfso_own->nfsow_clp,
445 				    nfhp->nfh_fh, nfhp->nfh_len, cred, p, &dp);
446 			}
447 		} else {
448 			error = EIO;
449 		}
450 		newnfs_copyincred(cred, &op->nfso_cred);
451 	    } else if (ret == NFSCLOPEN_SETCRED)
452 		/*
453 		 * This is a new local open on a delegation. It needs
454 		 * to have credentials so that an open can be done
455 		 * against the server during recovery.
456 		 */
457 		newnfs_copyincred(cred, &op->nfso_cred);
458 
459 	    /*
460 	     * nfso_opencnt is the count of how many VOP_OPEN()s have
461 	     * been done on this Open successfully and a VOP_CLOSE()
462 	     * is expected for each of these.
463 	     * If error is non-zero, don't increment it, since the Open
464 	     * hasn't succeeded yet.
465 	     */
466 	    if (!error) {
467 		op->nfso_opencnt++;
468 		if (NFSHASNFSV4N(nmp) && NFSHASONEOPENOWN(nmp)) {
469 		    NFSLOCKNODE(np);
470 		    np->n_openstateid = op;
471 		    NFSUNLOCKNODE(np);
472 		}
473 	    }
474 	    nfscl_openrelease(nmp, op, error, newone);
475 	    if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
476 		error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
477 		error == NFSERR_BADSESSION) {
478 		(void) nfs_catnap(PZERO, error, "nfs_open");
479 	    } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
480 		&& clidrev != 0) {
481 		expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
482 		retrycnt++;
483 	    }
484 	} while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
485 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
486 	    error == NFSERR_BADSESSION ||
487 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
488 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
489 	if (error && retrycnt >= 4)
490 		error = EIO;
491 	return (error);
492 }
493 
494 /*
495  * the actual open rpc
496  */
497 int
nfsrpc_openrpc(struct nfsmount * nmp,vnode_t vp,u_int8_t * nfhp,int fhlen,u_int8_t * newfhp,int newfhlen,u_int32_t mode,struct nfsclopen * op,u_int8_t * name,int namelen,struct nfscldeleg ** dpp,int reclaim,u_int32_t delegtype,struct ucred * cred,NFSPROC_T * p,int syscred,int recursed)498 nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp, int fhlen,
499     u_int8_t *newfhp, int newfhlen, u_int32_t mode, struct nfsclopen *op,
500     u_int8_t *name, int namelen, struct nfscldeleg **dpp,
501     int reclaim, u_int32_t delegtype, struct ucred *cred, NFSPROC_T *p,
502     int syscred, int recursed)
503 {
504 	u_int32_t *tl;
505 	struct nfsrv_descript nfsd, *nd = &nfsd;
506 	struct nfscldeleg *dp, *ndp = NULL;
507 	struct nfsvattr nfsva;
508 	u_int32_t rflags, deleg;
509 	nfsattrbit_t attrbits;
510 	int error, ret, acesize, limitby;
511 	struct nfsclsession *tsep;
512 
513 	dp = *dpp;
514 	*dpp = NULL;
515 	nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL, 0, 0);
516 	NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
517 	*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
518 	*tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
519 	*tl++ = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
520 	tsep = nfsmnt_mdssession(nmp);
521 	*tl++ = tsep->nfsess_clientid.lval[0];
522 	*tl = tsep->nfsess_clientid.lval[1];
523 	(void) nfsm_strtom(nd, op->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN);
524 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
525 	*tl++ = txdr_unsigned(NFSV4OPEN_NOCREATE);
526 	if (reclaim) {
527 		*tl = txdr_unsigned(NFSV4OPEN_CLAIMPREVIOUS);
528 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
529 		*tl = txdr_unsigned(delegtype);
530 	} else {
531 		if (dp != NULL) {
532 			*tl = txdr_unsigned(NFSV4OPEN_CLAIMDELEGATECUR);
533 			NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
534 			if (NFSHASNFSV4N(nmp))
535 				*tl++ = 0;
536 			else
537 				*tl++ = dp->nfsdl_stateid.seqid;
538 			*tl++ = dp->nfsdl_stateid.other[0];
539 			*tl++ = dp->nfsdl_stateid.other[1];
540 			*tl = dp->nfsdl_stateid.other[2];
541 		} else {
542 			*tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
543 		}
544 		(void) nfsm_strtom(nd, name, namelen);
545 	}
546 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
547 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
548 	NFSZERO_ATTRBIT(&attrbits);
549 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_CHANGE);
550 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFY);
551 	(void) nfsrv_putattrbit(nd, &attrbits);
552 	if (syscred)
553 		nd->nd_flag |= ND_USEGSSNAME;
554 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
555 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
556 	if (error)
557 		return (error);
558 	NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
559 	if (!nd->nd_repstat) {
560 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
561 		    6 * NFSX_UNSIGNED);
562 		op->nfso_stateid.seqid = *tl++;
563 		op->nfso_stateid.other[0] = *tl++;
564 		op->nfso_stateid.other[1] = *tl++;
565 		op->nfso_stateid.other[2] = *tl;
566 		rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
567 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
568 		if (error)
569 			goto nfsmout;
570 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
571 		deleg = fxdr_unsigned(u_int32_t, *tl);
572 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
573 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
574 			if (!(op->nfso_own->nfsow_clp->nfsc_flags &
575 			      NFSCLFLAGS_FIRSTDELEG))
576 				op->nfso_own->nfsow_clp->nfsc_flags |=
577 				  (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
578 			ndp = malloc(
579 			    sizeof (struct nfscldeleg) + newfhlen,
580 			    M_NFSCLDELEG, M_WAITOK);
581 			LIST_INIT(&ndp->nfsdl_owner);
582 			LIST_INIT(&ndp->nfsdl_lock);
583 			ndp->nfsdl_clp = op->nfso_own->nfsow_clp;
584 			ndp->nfsdl_fhlen = newfhlen;
585 			NFSBCOPY(newfhp, ndp->nfsdl_fh, newfhlen);
586 			newnfs_copyincred(cred, &ndp->nfsdl_cred);
587 			nfscl_lockinit(&ndp->nfsdl_rwlock);
588 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
589 			    NFSX_UNSIGNED);
590 			ndp->nfsdl_stateid.seqid = *tl++;
591 			ndp->nfsdl_stateid.other[0] = *tl++;
592 			ndp->nfsdl_stateid.other[1] = *tl++;
593 			ndp->nfsdl_stateid.other[2] = *tl++;
594 			ret = fxdr_unsigned(int, *tl);
595 			if (deleg == NFSV4OPEN_DELEGATEWRITE) {
596 				ndp->nfsdl_flags = NFSCLDL_WRITE;
597 				/*
598 				 * Indicates how much the file can grow.
599 				 */
600 				NFSM_DISSECT(tl, u_int32_t *,
601 				    3 * NFSX_UNSIGNED);
602 				limitby = fxdr_unsigned(int, *tl++);
603 				switch (limitby) {
604 				case NFSV4OPEN_LIMITSIZE:
605 					ndp->nfsdl_sizelimit = fxdr_hyper(tl);
606 					break;
607 				case NFSV4OPEN_LIMITBLOCKS:
608 					ndp->nfsdl_sizelimit =
609 					    fxdr_unsigned(u_int64_t, *tl++);
610 					ndp->nfsdl_sizelimit *=
611 					    fxdr_unsigned(u_int64_t, *tl);
612 					break;
613 				default:
614 					error = NFSERR_BADXDR;
615 					goto nfsmout;
616 				}
617 			} else {
618 				ndp->nfsdl_flags = NFSCLDL_READ;
619 			}
620 			if (ret)
621 				ndp->nfsdl_flags |= NFSCLDL_RECALL;
622 			error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false,
623 			    &ret, &acesize, p);
624 			if (error)
625 				goto nfsmout;
626 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
627 			error = NFSERR_BADXDR;
628 			goto nfsmout;
629 		}
630 		NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
631 		error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
632 		    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
633 		    NULL, NULL, NULL, p, cred);
634 		if (error)
635 			goto nfsmout;
636 		if (ndp != NULL) {
637 			ndp->nfsdl_change = nfsva.na_filerev;
638 			ndp->nfsdl_modtime = nfsva.na_mtime;
639 			ndp->nfsdl_flags |= NFSCLDL_MODTIMESET;
640 		}
641 		if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM)) {
642 		    do {
643 			ret = nfsrpc_openconfirm(vp, newfhp, newfhlen, op,
644 			    cred, p);
645 			if (ret == NFSERR_DELAY)
646 			    (void) nfs_catnap(PZERO, ret, "nfs_open");
647 		    } while (ret == NFSERR_DELAY);
648 		    error = ret;
649 		}
650 		if ((rflags & NFSV4OPEN_LOCKTYPEPOSIX) ||
651 		    nfscl_assumeposixlocks)
652 		    op->nfso_posixlock = 1;
653 		else
654 		    op->nfso_posixlock = 0;
655 
656 		/*
657 		 * If the server is handing out delegations, but we didn't
658 		 * get one because an OpenConfirm was required, try the
659 		 * Open again, to get a delegation. This is a harmless no-op,
660 		 * from a server's point of view.
661 		 */
662 		if (!reclaim && (rflags & NFSV4OPEN_RESULTCONFIRM) &&
663 		    (op->nfso_own->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG)
664 		    && !error && dp == NULL && ndp == NULL && !recursed) {
665 		    do {
666 			ret = nfsrpc_openrpc(nmp, vp, nfhp, fhlen, newfhp,
667 			    newfhlen, mode, op, name, namelen, &ndp, 0, 0x0,
668 			    cred, p, syscred, 1);
669 			if (ret == NFSERR_DELAY)
670 			    (void) nfs_catnap(PZERO, ret, "nfs_open2");
671 		    } while (ret == NFSERR_DELAY);
672 		    if (ret) {
673 			if (ndp != NULL) {
674 				free(ndp, M_NFSCLDELEG);
675 				ndp = NULL;
676 			}
677 			if (ret == NFSERR_STALECLIENTID ||
678 			    ret == NFSERR_STALEDONTRECOVER ||
679 			    ret == NFSERR_BADSESSION)
680 				error = ret;
681 		    }
682 		}
683 	}
684 	if (nd->nd_repstat != 0 && error == 0)
685 		error = nd->nd_repstat;
686 	if (error == NFSERR_STALECLIENTID)
687 		nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
688 nfsmout:
689 	if (!error)
690 		*dpp = ndp;
691 	else if (ndp != NULL)
692 		free(ndp, M_NFSCLDELEG);
693 	m_freem(nd->nd_mrep);
694 	return (error);
695 }
696 
697 /*
698  * open downgrade rpc
699  */
700 int
nfsrpc_opendowngrade(vnode_t vp,u_int32_t mode,struct nfsclopen * op,struct ucred * cred,NFSPROC_T * p)701 nfsrpc_opendowngrade(vnode_t vp, u_int32_t mode, struct nfsclopen *op,
702     struct ucred *cred, NFSPROC_T *p)
703 {
704 	u_int32_t *tl;
705 	struct nfsrv_descript nfsd, *nd = &nfsd;
706 	int error;
707 
708 	NFSCL_REQSTART(nd, NFSPROC_OPENDOWNGRADE, vp);
709 	NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 3 * NFSX_UNSIGNED);
710 	if (NFSHASNFSV4N(VFSTONFS(vp->v_mount)))
711 		*tl++ = 0;
712 	else
713 		*tl++ = op->nfso_stateid.seqid;
714 	*tl++ = op->nfso_stateid.other[0];
715 	*tl++ = op->nfso_stateid.other[1];
716 	*tl++ = op->nfso_stateid.other[2];
717 	*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
718 	*tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
719 	*tl = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
720 	error = nfscl_request(nd, vp, p, cred, NULL);
721 	if (error)
722 		return (error);
723 	NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
724 	if (!nd->nd_repstat) {
725 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
726 		op->nfso_stateid.seqid = *tl++;
727 		op->nfso_stateid.other[0] = *tl++;
728 		op->nfso_stateid.other[1] = *tl++;
729 		op->nfso_stateid.other[2] = *tl;
730 	}
731 	if (nd->nd_repstat && error == 0)
732 		error = nd->nd_repstat;
733 	if (error == NFSERR_STALESTATEID)
734 		nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
735 nfsmout:
736 	m_freem(nd->nd_mrep);
737 	return (error);
738 }
739 
740 /*
741  * V4 Close operation.
742  */
743 int
nfsrpc_close(vnode_t vp,int doclose,NFSPROC_T * p)744 nfsrpc_close(vnode_t vp, int doclose, NFSPROC_T *p)
745 {
746 	struct nfsclclient *clp;
747 	int error;
748 
749 	if (vnode_vtype(vp) != VREG)
750 		return (0);
751 	if (doclose)
752 		error = nfscl_doclose(vp, &clp, p);
753 	else {
754 		error = nfscl_getclose(vp, &clp);
755 		if (error == 0)
756 			nfscl_clientrelease(clp);
757 	}
758 	return (error);
759 }
760 
761 /*
762  * Close the open.
763  */
764 int
nfsrpc_doclose(struct nfsmount * nmp,struct nfsclopen * op,NFSPROC_T * p,bool loop_on_delayed,bool freeop)765 nfsrpc_doclose(struct nfsmount *nmp, struct nfsclopen *op, NFSPROC_T *p,
766     bool loop_on_delayed, bool freeop)
767 {
768 	struct nfsrv_descript nfsd, *nd = &nfsd;
769 	struct nfscllockowner *lp, *nlp;
770 	struct nfscllock *lop, *nlop;
771 	struct ucred *tcred;
772 	u_int64_t off = 0, len = 0;
773 	u_int32_t type = NFSV4LOCKT_READ;
774 	int error, do_unlock, trycnt;
775 
776 	tcred = newnfs_getcred();
777 	newnfs_copycred(&op->nfso_cred, tcred);
778 	/*
779 	 * (Theoretically this could be done in the same
780 	 *  compound as the close, but having multiple
781 	 *  sequenced Ops in the same compound might be
782 	 *  too scary for some servers.)
783 	 */
784 	if (op->nfso_posixlock) {
785 		off = 0;
786 		len = NFS64BITSSET;
787 		type = NFSV4LOCKT_READ;
788 	}
789 
790 	/*
791 	 * Since this function is only called from VOP_INACTIVE(), no
792 	 * other thread will be manipulating this Open. As such, the
793 	 * lock lists are not being changed by other threads, so it should
794 	 * be safe to do this without locking.
795 	 */
796 	LIST_FOREACH(lp, &op->nfso_lock, nfsl_list) {
797 		do_unlock = 1;
798 		LIST_FOREACH_SAFE(lop, &lp->nfsl_lock, nfslo_list, nlop) {
799 			if (op->nfso_posixlock == 0) {
800 				off = lop->nfslo_first;
801 				len = lop->nfslo_end - lop->nfslo_first;
802 				if (lop->nfslo_type == F_WRLCK)
803 					type = NFSV4LOCKT_WRITE;
804 				else
805 					type = NFSV4LOCKT_READ;
806 			}
807 			if (do_unlock) {
808 				trycnt = 0;
809 				do {
810 					error = nfsrpc_locku(nd, nmp, lp, off,
811 					    len, type, tcred, p, 0);
812 					if ((nd->nd_repstat == NFSERR_GRACE ||
813 					    nd->nd_repstat == NFSERR_DELAY) &&
814 					    error == 0)
815 						(void) nfs_catnap(PZERO,
816 						    (int)nd->nd_repstat,
817 						    "nfs_close");
818 				} while ((nd->nd_repstat == NFSERR_GRACE ||
819 				    nd->nd_repstat == NFSERR_DELAY) &&
820 				    error == 0 && trycnt++ < 5);
821 				if (op->nfso_posixlock)
822 					do_unlock = 0;
823 			}
824 			nfscl_freelock(lop, 0);
825 		}
826 		/*
827 		 * Do a ReleaseLockOwner.
828 		 * The lock owner name nfsl_owner may be used by other opens for
829 		 * other files but the lock_owner4 name that nfsrpc_rellockown()
830 		 * puts on the wire has the file handle for this file appended
831 		 * to it, so it can be done now.
832 		 */
833 		(void)nfsrpc_rellockown(nmp, lp, lp->nfsl_open->nfso_fh,
834 		    lp->nfsl_open->nfso_fhlen, tcred, p);
835 	}
836 
837 	/*
838 	 * There could be other Opens for different files on the same
839 	 * OpenOwner, so locking is required.
840 	 */
841 	NFSLOCKCLSTATE();
842 	nfscl_lockexcl(&op->nfso_own->nfsow_rwlock, NFSCLSTATEMUTEXPTR);
843 	NFSUNLOCKCLSTATE();
844 	do {
845 		error = nfscl_tryclose(op, tcred, nmp, p, loop_on_delayed);
846 		if (error == NFSERR_GRACE)
847 			(void) nfs_catnap(PZERO, error, "nfs_close");
848 	} while (error == NFSERR_GRACE);
849 	NFSLOCKCLSTATE();
850 	nfscl_lockunlock(&op->nfso_own->nfsow_rwlock);
851 
852 	LIST_FOREACH_SAFE(lp, &op->nfso_lock, nfsl_list, nlp)
853 		nfscl_freelockowner(lp, 0);
854 	if (freeop && error != NFSERR_DELAY)
855 		nfscl_freeopen(op, 0, true);
856 	NFSUNLOCKCLSTATE();
857 	NFSFREECRED(tcred);
858 	return (error);
859 }
860 
861 /*
862  * The actual Close RPC.
863  */
864 int
nfsrpc_closerpc(struct nfsrv_descript * nd,struct nfsmount * nmp,struct nfsclopen * op,struct ucred * cred,NFSPROC_T * p,int syscred)865 nfsrpc_closerpc(struct nfsrv_descript *nd, struct nfsmount *nmp,
866     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p,
867     int syscred)
868 {
869 	u_int32_t *tl;
870 	int error;
871 
872 	nfscl_reqstart(nd, NFSPROC_CLOSE, nmp, op->nfso_fh,
873 	    op->nfso_fhlen, NULL, NULL, 0, 0);
874 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
875 	if (NFSHASNFSV4N(nmp)) {
876 		*tl++ = 0;
877 		*tl++ = 0;
878 	} else {
879 		*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
880 		*tl++ = op->nfso_stateid.seqid;
881 	}
882 	*tl++ = op->nfso_stateid.other[0];
883 	*tl++ = op->nfso_stateid.other[1];
884 	*tl = op->nfso_stateid.other[2];
885 	if (syscred)
886 		nd->nd_flag |= ND_USEGSSNAME;
887 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
888 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
889 	if (error)
890 		return (error);
891 	if (!NFSHASNFSV4N(nmp))
892 		NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
893 	if (nd->nd_repstat == 0)
894 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
895 	error = nd->nd_repstat;
896 	if (!NFSHASNFSV4N(nmp) && error == NFSERR_STALESTATEID)
897 		nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
898 nfsmout:
899 	m_freem(nd->nd_mrep);
900 	return (error);
901 }
902 
903 /*
904  * V4 Open Confirm RPC.
905  */
906 int
nfsrpc_openconfirm(vnode_t vp,u_int8_t * nfhp,int fhlen,struct nfsclopen * op,struct ucred * cred,NFSPROC_T * p)907 nfsrpc_openconfirm(vnode_t vp, u_int8_t *nfhp, int fhlen,
908     struct nfsclopen *op, struct ucred *cred, NFSPROC_T *p)
909 {
910 	u_int32_t *tl;
911 	struct nfsrv_descript nfsd, *nd = &nfsd;
912 	struct nfsmount *nmp;
913 	int error;
914 
915 	nmp = VFSTONFS(vp->v_mount);
916 	if (NFSHASNFSV4N(nmp))
917 		return (0);		/* No confirmation for NFSv4.1. */
918 	nfscl_reqstart(nd, NFSPROC_OPENCONFIRM, nmp, nfhp, fhlen, NULL, NULL,
919 	    0, 0);
920 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
921 	*tl++ = op->nfso_stateid.seqid;
922 	*tl++ = op->nfso_stateid.other[0];
923 	*tl++ = op->nfso_stateid.other[1];
924 	*tl++ = op->nfso_stateid.other[2];
925 	*tl = txdr_unsigned(op->nfso_own->nfsow_seqid);
926 	error = nfscl_request(nd, vp, p, cred, NULL);
927 	if (error)
928 		return (error);
929 	NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
930 	if (!nd->nd_repstat) {
931 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
932 		op->nfso_stateid.seqid = *tl++;
933 		op->nfso_stateid.other[0] = *tl++;
934 		op->nfso_stateid.other[1] = *tl++;
935 		op->nfso_stateid.other[2] = *tl;
936 	}
937 	error = nd->nd_repstat;
938 	if (error == NFSERR_STALESTATEID)
939 		nfscl_initiate_recovery(op->nfso_own->nfsow_clp);
940 nfsmout:
941 	m_freem(nd->nd_mrep);
942 	return (error);
943 }
944 
945 /*
946  * Do the setclientid and setclientid confirm RPCs. Called from nfs_statfs()
947  * when a mount has just occurred and when the server replies NFSERR_EXPIRED.
948  */
949 int
nfsrpc_setclient(struct nfsmount * nmp,struct nfsclclient * clp,int reclaim,bool * retokp,struct ucred * cred,NFSPROC_T * p)950 nfsrpc_setclient(struct nfsmount *nmp, struct nfsclclient *clp, int reclaim,
951     bool *retokp, struct ucred *cred, NFSPROC_T *p)
952 {
953 	u_int32_t *tl;
954 	struct nfsrv_descript nfsd;
955 	struct nfsrv_descript *nd = &nfsd;
956 	u_int8_t *cp = NULL, *cp2, addr[INET6_ADDRSTRLEN + 9];
957 	u_short port;
958 	int error, isinet6 = 0, callblen;
959 	nfsquad_t confirm;
960 	static u_int32_t rev = 0;
961 	struct nfsclds *dsp, *odsp;
962 	struct in6_addr a6;
963 	struct nfsclsession *tsep;
964 	struct rpc_reconupcall recon;
965 	struct nfscl_reconarg *rcp;
966 
967 	if (nfsboottime.tv_sec == 0)
968 		NFSSETBOOTTIME(nfsboottime);
969 	if (NFSHASNFSV4N(nmp)) {
970 		error = NFSERR_BADSESSION;
971 		odsp = dsp = NULL;
972 		if (retokp != NULL) {
973 			NFSLOCKMNT(nmp);
974 			odsp = TAILQ_FIRST(&nmp->nm_sess);
975 			NFSUNLOCKMNT(nmp);
976 		}
977 		if (odsp != NULL) {
978 			/*
979 			 * When a session already exists, first try a
980 			 * CreateSession with the extant ClientID.
981 			 */
982 			dsp = malloc(sizeof(struct nfsclds) +
983 			    odsp->nfsclds_servownlen + 1, M_NFSCLDS,
984 			    M_WAITOK | M_ZERO);
985 			dsp->nfsclds_expire = NFSD_MONOSEC + clp->nfsc_renew;
986 			dsp->nfsclds_servownlen = odsp->nfsclds_servownlen;
987 			dsp->nfsclds_sess.nfsess_clientid =
988 			    odsp->nfsclds_sess.nfsess_clientid;
989 			dsp->nfsclds_sess.nfsess_sequenceid =
990 			    odsp->nfsclds_sess.nfsess_sequenceid;
991 			dsp->nfsclds_flags = odsp->nfsclds_flags;
992 			if (dsp->nfsclds_servownlen > 0)
993 				memcpy(dsp->nfsclds_serverown,
994 				    odsp->nfsclds_serverown,
995 				    dsp->nfsclds_servownlen + 1);
996 			mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
997 			mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
998 			    NULL, MTX_DEF);
999 			nfscl_initsessionslots(&dsp->nfsclds_sess);
1000 			error = nfsrpc_createsession(nmp, &dsp->nfsclds_sess,
1001 			    &nmp->nm_sockreq, NULL,
1002 			    dsp->nfsclds_sess.nfsess_sequenceid, 1, cred, p);
1003 			NFSCL_DEBUG(1, "create session for extant "
1004 			    "ClientID=%d\n", error);
1005 			if (error != 0) {
1006 				nfscl_freenfsclds(dsp);
1007 				dsp = NULL;
1008 				/*
1009 				 * If *retokp is true, return any error other
1010 				 * than NFSERR_STALECLIENTID,
1011 				 * NFSERR_BADSESSION or NFSERR_STALEDONTRECOVER
1012 				 * so that nfscl_recover() will not loop.
1013 				 */
1014 				if (*retokp)
1015 					return (NFSERR_IO);
1016 			} else
1017 				*retokp = true;
1018 		} else if (retokp != NULL && *retokp)
1019 			return (NFSERR_IO);
1020 		if (error != 0) {
1021 			/*
1022 			 * Either there was no previous session or the
1023 			 * CreateSession attempt failed, so...
1024 			 * do an ExchangeID followed by the CreateSession.
1025 			 */
1026 			clp->nfsc_rev = rev++;
1027 			error = nfsrpc_exchangeid(nmp, clp, &nmp->nm_sockreq, 0,
1028 			    NFSV4EXCH_USEPNFSMDS | NFSV4EXCH_USENONPNFS, &dsp,
1029 			    cred, p);
1030 			NFSCL_DEBUG(1, "aft exch=%d\n", error);
1031 			if (error == 0)
1032 				error = nfsrpc_createsession(nmp,
1033 				    &dsp->nfsclds_sess, &nmp->nm_sockreq, NULL,
1034 				    dsp->nfsclds_sess.nfsess_sequenceid, 1,
1035 				    cred, p);
1036 			NFSCL_DEBUG(1, "aft createsess=%d\n", error);
1037 		}
1038 		if (error == 0) {
1039 			/*
1040 			 * If the session supports a backchannel, set up
1041 			 * the BindConnectionToSession call in the krpc
1042 			 * so that it is done on a reconnection.
1043 			 */
1044 			if (nfscl_enablecallb != 0 && nfs_numnfscbd > 0) {
1045 				rcp = mem_alloc(sizeof(*rcp));
1046 				rcp->minorvers = nmp->nm_minorvers;
1047 				memcpy(rcp->sessionid,
1048 				    dsp->nfsclds_sess.nfsess_sessionid,
1049 				    NFSX_V4SESSIONID);
1050 				recon.call = nfsrpc_bindconnsess;
1051 				recon.arg = rcp;
1052 				CLNT_CONTROL(nmp->nm_client, CLSET_RECONUPCALL,
1053 				    &recon);
1054 			}
1055 
1056 			NFSLOCKMNT(nmp);
1057 			/*
1058 			 * The old sessions cannot be safely free'd
1059 			 * here, since they may still be used by
1060 			 * in-progress RPCs.
1061 			 */
1062 			tsep = NULL;
1063 			if (TAILQ_FIRST(&nmp->nm_sess) != NULL)
1064 				tsep = NFSMNT_MDSSESSION(nmp);
1065 			TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp,
1066 			    nfsclds_list);
1067 			/*
1068 			 * Wake up RPCs waiting for a slot on the
1069 			 * old session. These will then fail with
1070 			 * NFSERR_BADSESSION and be retried with the
1071 			 * new session by nfsv4_setsequence().
1072 			 * Also wakeup() processes waiting for the
1073 			 * new session.
1074 			 */
1075 			if (tsep != NULL)
1076 				wakeup(&tsep->nfsess_slots);
1077 			wakeup(&nmp->nm_sess);
1078 			NFSUNLOCKMNT(nmp);
1079 		} else if (dsp != NULL)
1080 			nfscl_freenfsclds(dsp);
1081 		if (error == 0 && reclaim == 0) {
1082 			error = nfsrpc_reclaimcomplete(nmp, cred, p);
1083 			NFSCL_DEBUG(1, "aft reclaimcomp=%d\n", error);
1084 			if (error == NFSERR_COMPLETEALREADY ||
1085 			    error == NFSERR_NOTSUPP)
1086 				/* Ignore this error. */
1087 				error = 0;
1088 		}
1089 		return (error);
1090 	} else if (retokp != NULL && *retokp)
1091 		return (NFSERR_IO);
1092 	clp->nfsc_rev = rev++;
1093 
1094 	/*
1095 	 * Allocate a single session structure for NFSv4.0, because some of
1096 	 * the fields are used by NFSv4.0 although it doesn't do a session.
1097 	 */
1098 	dsp = malloc(sizeof(struct nfsclds), M_NFSCLDS, M_WAITOK | M_ZERO);
1099 	mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
1100 	mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession", NULL, MTX_DEF);
1101 	NFSLOCKMNT(nmp);
1102 	TAILQ_INSERT_HEAD(&nmp->nm_sess, dsp, nfsclds_list);
1103 	tsep = NFSMNT_MDSSESSION(nmp);
1104 	NFSUNLOCKMNT(nmp);
1105 
1106 	nfscl_reqstart(nd, NFSPROC_SETCLIENTID, nmp, NULL, 0, NULL, NULL, 0, 0);
1107 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
1108 	*tl++ = txdr_unsigned(nfsboottime.tv_sec);
1109 	*tl = txdr_unsigned(clp->nfsc_rev);
1110 	(void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
1111 
1112 	/*
1113 	 * set up the callback address
1114 	 */
1115 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1116 	*tl = txdr_unsigned(NFS_CALLBCKPROG);
1117 	callblen = strlen(nfsv4_callbackaddr);
1118 	if (callblen == 0)
1119 		cp = nfscl_getmyip(nmp, &a6, &isinet6);
1120 	if (nfscl_enablecallb && nfs_numnfscbd > 0 &&
1121 	    (callblen > 0 || cp != NULL)) {
1122 		port = htons(nfsv4_cbport);
1123 		cp2 = (u_int8_t *)&port;
1124 #ifdef INET6
1125 		if ((callblen > 0 &&
1126 		     strchr(nfsv4_callbackaddr, ':')) || isinet6) {
1127 			char ip6buf[INET6_ADDRSTRLEN], *ip6add;
1128 
1129 			(void) nfsm_strtom(nd, "tcp6", 4);
1130 			if (callblen == 0) {
1131 				ip6_sprintf(ip6buf, (struct in6_addr *)cp);
1132 				ip6add = ip6buf;
1133 			} else {
1134 				ip6add = nfsv4_callbackaddr;
1135 			}
1136 			snprintf(addr, INET6_ADDRSTRLEN + 9, "%s.%d.%d",
1137 			    ip6add, cp2[0], cp2[1]);
1138 		} else
1139 #endif
1140 		{
1141 			(void) nfsm_strtom(nd, "tcp", 3);
1142 			if (callblen == 0)
1143 				snprintf(addr, INET6_ADDRSTRLEN + 9,
1144 				    "%d.%d.%d.%d.%d.%d", cp[0], cp[1],
1145 				    cp[2], cp[3], cp2[0], cp2[1]);
1146 			else
1147 				snprintf(addr, INET6_ADDRSTRLEN + 9,
1148 				    "%s.%d.%d", nfsv4_callbackaddr,
1149 				    cp2[0], cp2[1]);
1150 		}
1151 		(void) nfsm_strtom(nd, addr, strlen(addr));
1152 	} else {
1153 		(void) nfsm_strtom(nd, "tcp", 3);
1154 		(void) nfsm_strtom(nd, "0.0.0.0.0.0", 11);
1155 	}
1156 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1157 	*tl = txdr_unsigned(clp->nfsc_cbident);
1158 	nd->nd_flag |= ND_USEGSSNAME;
1159 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
1160 		NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
1161 	if (error)
1162 		return (error);
1163 	if (nd->nd_repstat == 0) {
1164 	    NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1165 	    tsep->nfsess_clientid.lval[0] = *tl++;
1166 	    tsep->nfsess_clientid.lval[1] = *tl++;
1167 	    confirm.lval[0] = *tl++;
1168 	    confirm.lval[1] = *tl;
1169 	    m_freem(nd->nd_mrep);
1170 	    nd->nd_mrep = NULL;
1171 
1172 	    /*
1173 	     * and confirm it.
1174 	     */
1175 	    nfscl_reqstart(nd, NFSPROC_SETCLIENTIDCFRM, nmp, NULL, 0, NULL,
1176 		NULL, 0, 0);
1177 	    NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1178 	    *tl++ = tsep->nfsess_clientid.lval[0];
1179 	    *tl++ = tsep->nfsess_clientid.lval[1];
1180 	    *tl++ = confirm.lval[0];
1181 	    *tl = confirm.lval[1];
1182 	    nd->nd_flag |= ND_USEGSSNAME;
1183 	    error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p,
1184 		cred, NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
1185 	    if (error)
1186 		return (error);
1187 	    m_freem(nd->nd_mrep);
1188 	    nd->nd_mrep = NULL;
1189 	}
1190 	error = nd->nd_repstat;
1191 nfsmout:
1192 	m_freem(nd->nd_mrep);
1193 	return (error);
1194 }
1195 
1196 /*
1197  * nfs getattr call.
1198  */
1199 int
nfsrpc_getattr(vnode_t vp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,void * stuff)1200 nfsrpc_getattr(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
1201     struct nfsvattr *nap, void *stuff)
1202 {
1203 	struct nfsrv_descript nfsd, *nd = &nfsd;
1204 	int error;
1205 	nfsattrbit_t attrbits;
1206 
1207 	NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
1208 	if (nd->nd_flag & ND_NFSV4) {
1209 		NFSGETATTR_ATTRBIT(&attrbits);
1210 		(void) nfsrv_putattrbit(nd, &attrbits);
1211 	}
1212 	error = nfscl_request(nd, vp, p, cred, stuff);
1213 	if (error)
1214 		return (error);
1215 	if (!nd->nd_repstat)
1216 		error = nfsm_loadattr(nd, nap);
1217 	else
1218 		error = nd->nd_repstat;
1219 	m_freem(nd->nd_mrep);
1220 	return (error);
1221 }
1222 
1223 /*
1224  * nfs getattr call with non-vnode arguments.
1225  */
1226 int
nfsrpc_getattrnovp(struct nfsmount * nmp,u_int8_t * fhp,int fhlen,int syscred,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,u_int64_t * xidp,uint32_t * leasep)1227 nfsrpc_getattrnovp(struct nfsmount *nmp, u_int8_t *fhp, int fhlen, int syscred,
1228     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, u_int64_t *xidp,
1229     uint32_t *leasep)
1230 {
1231 	struct nfsrv_descript nfsd, *nd = &nfsd;
1232 	int error, vers = NFS_VER2;
1233 	nfsattrbit_t attrbits;
1234 
1235 	nfscl_reqstart(nd, NFSPROC_GETATTR, nmp, fhp, fhlen, NULL, NULL, 0, 0);
1236 	if (nd->nd_flag & ND_NFSV4) {
1237 		vers = NFS_VER4;
1238 		NFSGETATTR_ATTRBIT(&attrbits);
1239 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_LEASETIME);
1240 		(void) nfsrv_putattrbit(nd, &attrbits);
1241 	} else if (nd->nd_flag & ND_NFSV3) {
1242 		vers = NFS_VER3;
1243 	}
1244 	if (syscred)
1245 		nd->nd_flag |= ND_USEGSSNAME;
1246 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
1247 	    NFS_PROG, vers, NULL, 1, xidp, NULL);
1248 	if (error)
1249 		return (error);
1250 	if (nd->nd_repstat == 0) {
1251 		if ((nd->nd_flag & ND_NFSV4) != 0)
1252 			error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
1253 			    NULL, NULL, NULL, NULL, NULL, 0, NULL, leasep, NULL,
1254 			    NULL, NULL);
1255 		else
1256 			error = nfsm_loadattr(nd, nap);
1257 	} else
1258 		error = nd->nd_repstat;
1259 	m_freem(nd->nd_mrep);
1260 	return (error);
1261 }
1262 
1263 /*
1264  * Do an nfs setattr operation.
1265  */
1266 int
nfsrpc_setattr(vnode_t vp,struct vattr * vap,NFSACL_T * aclp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * rnap,int * attrflagp,void * stuff)1267 nfsrpc_setattr(vnode_t vp, struct vattr *vap, NFSACL_T *aclp,
1268     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *rnap, int *attrflagp,
1269     void *stuff)
1270 {
1271 	int error, expireret = 0, openerr, retrycnt;
1272 	u_int32_t clidrev = 0, mode;
1273 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1274 	struct nfsfh *nfhp;
1275 	nfsv4stateid_t stateid;
1276 	void *lckp;
1277 
1278 	if (nmp->nm_clp != NULL)
1279 		clidrev = nmp->nm_clp->nfsc_clientidrev;
1280 	if (vap != NULL && NFSATTRISSET(u_quad_t, vap, va_size))
1281 		mode = NFSV4OPEN_ACCESSWRITE;
1282 	else
1283 		mode = NFSV4OPEN_ACCESSREAD;
1284 	retrycnt = 0;
1285 	do {
1286 		lckp = NULL;
1287 		openerr = 1;
1288 		if (NFSHASNFSV4(nmp)) {
1289 			nfhp = VTONFS(vp)->n_fhp;
1290 			error = nfscl_getstateid(vp, nfhp->nfh_fh,
1291 			    nfhp->nfh_len, mode, 0, cred, p, &stateid, &lckp);
1292 			if (error && vnode_vtype(vp) == VREG &&
1293 			    (mode == NFSV4OPEN_ACCESSWRITE ||
1294 			     nfstest_openallsetattr)) {
1295 				/*
1296 				 * No Open stateid, so try and open the file
1297 				 * now.
1298 				 */
1299 				if (mode == NFSV4OPEN_ACCESSWRITE)
1300 					openerr = nfsrpc_open(vp, FWRITE, cred,
1301 					    p);
1302 				else
1303 					openerr = nfsrpc_open(vp, FREAD, cred,
1304 					    p);
1305 				if (!openerr)
1306 					(void) nfscl_getstateid(vp,
1307 					    nfhp->nfh_fh, nfhp->nfh_len,
1308 					    mode, 0, cred, p, &stateid, &lckp);
1309 			}
1310 		}
1311 		if (vap != NULL)
1312 			error = nfsrpc_setattrrpc(vp, vap, &stateid, cred, p,
1313 			    rnap, attrflagp, stuff);
1314 		else
1315 			error = nfsrpc_setaclrpc(vp, cred, p, aclp, &stateid,
1316 			    stuff);
1317 		if (error == NFSERR_OPENMODE && mode == NFSV4OPEN_ACCESSREAD) {
1318 			NFSLOCKMNT(nmp);
1319 			nmp->nm_state |= NFSSTA_OPENMODE;
1320 			NFSUNLOCKMNT(nmp);
1321 		}
1322 		if (error == NFSERR_STALESTATEID)
1323 			nfscl_initiate_recovery(nmp->nm_clp);
1324 		if (lckp != NULL)
1325 			nfscl_lockderef(lckp);
1326 		if (!openerr)
1327 			(void) nfsrpc_close(vp, 0, p);
1328 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1329 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1330 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
1331 			(void) nfs_catnap(PZERO, error, "nfs_setattr");
1332 		} else if ((error == NFSERR_EXPIRED ||
1333 		    error == NFSERR_BADSTATEID) && clidrev != 0) {
1334 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
1335 		}
1336 		retrycnt++;
1337 	} while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1338 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1339 	    error == NFSERR_BADSESSION ||
1340 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
1341 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
1342 	     expireret == 0 && clidrev != 0 && retrycnt < 4) ||
1343 	    (error == NFSERR_OPENMODE && mode == NFSV4OPEN_ACCESSREAD &&
1344 	     retrycnt < 4));
1345 	if (error && retrycnt >= 4)
1346 		error = EIO;
1347 	return (error);
1348 }
1349 
1350 static int
nfsrpc_setattrrpc(vnode_t vp,struct vattr * vap,nfsv4stateid_t * stateidp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * rnap,int * attrflagp,void * stuff)1351 nfsrpc_setattrrpc(vnode_t vp, struct vattr *vap,
1352     nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
1353     struct nfsvattr *rnap, int *attrflagp, void *stuff)
1354 {
1355 	u_int32_t *tl;
1356 	struct nfsrv_descript nfsd, *nd = &nfsd;
1357 	int error;
1358 	nfsattrbit_t attrbits;
1359 
1360 	*attrflagp = 0;
1361 	NFSCL_REQSTART(nd, NFSPROC_SETATTR, vp);
1362 	if (nd->nd_flag & ND_NFSV4)
1363 		nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
1364 	vap->va_type = vnode_vtype(vp);
1365 	nfscl_fillsattr(nd, vap, vp, NFSSATTR_FULL, 0);
1366 	if (nd->nd_flag & ND_NFSV3) {
1367 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1368 		*tl = newnfs_false;
1369 	} else if (nd->nd_flag & ND_NFSV4) {
1370 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1371 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
1372 		NFSGETATTR_ATTRBIT(&attrbits);
1373 		(void) nfsrv_putattrbit(nd, &attrbits);
1374 	}
1375 	error = nfscl_request(nd, vp, p, cred, stuff);
1376 	if (error)
1377 		return (error);
1378 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
1379 		error = nfscl_wcc_data(nd, vp, rnap, attrflagp, NULL, stuff);
1380 	if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 && !error)
1381 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
1382 	if (!(nd->nd_flag & ND_NFSV3) && !nd->nd_repstat && !error)
1383 		error = nfscl_postop_attr(nd, rnap, attrflagp, stuff);
1384 	m_freem(nd->nd_mrep);
1385 	if (nd->nd_repstat && !error)
1386 		error = nd->nd_repstat;
1387 	return (error);
1388 }
1389 
1390 /*
1391  * nfs lookup rpc
1392  */
1393 int
nfsrpc_lookup(vnode_t dvp,char * name,int len,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * stuff)1394 nfsrpc_lookup(vnode_t dvp, char *name, int len, struct ucred *cred,
1395     NFSPROC_T *p, struct nfsvattr *dnap, struct nfsvattr *nap,
1396     struct nfsfh **nfhpp, int *attrflagp, int *dattrflagp, void *stuff)
1397 {
1398 	u_int32_t *tl;
1399 	struct nfsrv_descript nfsd, *nd = &nfsd;
1400 	struct nfsmount *nmp;
1401 	struct nfsnode *np;
1402 	struct nfsfh *nfhp;
1403 	nfsattrbit_t attrbits;
1404 	int error = 0, lookupp = 0;
1405 
1406 	*attrflagp = 0;
1407 	*dattrflagp = 0;
1408 	if (vnode_vtype(dvp) != VDIR)
1409 		return (ENOTDIR);
1410 	nmp = VFSTONFS(dvp->v_mount);
1411 	if (len > NFS_MAXNAMLEN)
1412 		return (ENAMETOOLONG);
1413 	if (NFSHASNFSV4(nmp) && len == 1 &&
1414 		name[0] == '.') {
1415 		/*
1416 		 * Just return the current dir's fh.
1417 		 */
1418 		np = VTONFS(dvp);
1419 		nfhp = malloc(sizeof (struct nfsfh) +
1420 			np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
1421 		nfhp->nfh_len = np->n_fhp->nfh_len;
1422 		NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
1423 		*nfhpp = nfhp;
1424 		return (0);
1425 	}
1426 	if (NFSHASNFSV4(nmp) && len == 2 &&
1427 		name[0] == '.' && name[1] == '.') {
1428 		lookupp = 1;
1429 		NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, dvp);
1430 	} else {
1431 		NFSCL_REQSTART(nd, NFSPROC_LOOKUP, dvp);
1432 		(void) nfsm_strtom(nd, name, len);
1433 	}
1434 	if (nd->nd_flag & ND_NFSV4) {
1435 		NFSGETATTR_ATTRBIT(&attrbits);
1436 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
1437 		*tl++ = txdr_unsigned(NFSV4OP_GETFH);
1438 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
1439 		(void) nfsrv_putattrbit(nd, &attrbits);
1440 	}
1441 	error = nfscl_request(nd, dvp, p, cred, stuff);
1442 	if (error)
1443 		return (error);
1444 	if (nd->nd_repstat) {
1445 		/*
1446 		 * When an NFSv4 Lookupp returns ENOENT, it means that
1447 		 * the lookup is at the root of an fs, so return this dir.
1448 		 */
1449 		if (nd->nd_repstat == NFSERR_NOENT && lookupp) {
1450 		    np = VTONFS(dvp);
1451 		    nfhp = malloc(sizeof (struct nfsfh) +
1452 			np->n_fhp->nfh_len, M_NFSFH, M_WAITOK);
1453 		    nfhp->nfh_len = np->n_fhp->nfh_len;
1454 		    NFSBCOPY(np->n_fhp->nfh_fh, nfhp->nfh_fh, nfhp->nfh_len);
1455 		    *nfhpp = nfhp;
1456 		    m_freem(nd->nd_mrep);
1457 		    return (0);
1458 		}
1459 		if (nd->nd_flag & ND_NFSV3)
1460 		    error = nfscl_postop_attr(nd, dnap, dattrflagp, stuff);
1461 		else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
1462 		    ND_NFSV4) {
1463 			/* Load the directory attributes. */
1464 			error = nfsm_loadattr(nd, dnap);
1465 			if (error == 0)
1466 				*dattrflagp = 1;
1467 		}
1468 		goto nfsmout;
1469 	}
1470 	if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
1471 		/* Load the directory attributes. */
1472 		error = nfsm_loadattr(nd, dnap);
1473 		if (error != 0)
1474 			goto nfsmout;
1475 		*dattrflagp = 1;
1476 		/* Skip over the Lookup and GetFH operation status values. */
1477 		NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1478 	}
1479 	error = nfsm_getfh(nd, nfhpp);
1480 	if (error)
1481 		goto nfsmout;
1482 
1483 	error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
1484 	if ((nd->nd_flag & ND_NFSV3) && !error)
1485 		error = nfscl_postop_attr(nd, dnap, dattrflagp, stuff);
1486 nfsmout:
1487 	m_freem(nd->nd_mrep);
1488 	if (!error && nd->nd_repstat)
1489 		error = nd->nd_repstat;
1490 	return (error);
1491 }
1492 
1493 /*
1494  * Do a readlink rpc.
1495  */
1496 int
nfsrpc_readlink(vnode_t vp,struct uio * uiop,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff)1497 nfsrpc_readlink(vnode_t vp, struct uio *uiop, struct ucred *cred,
1498     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
1499 {
1500 	u_int32_t *tl;
1501 	struct nfsrv_descript nfsd, *nd = &nfsd;
1502 	struct nfsnode *np = VTONFS(vp);
1503 	nfsattrbit_t attrbits;
1504 	int error, len, cangetattr = 1;
1505 
1506 	*attrflagp = 0;
1507 	NFSCL_REQSTART(nd, NFSPROC_READLINK, vp);
1508 	if (nd->nd_flag & ND_NFSV4) {
1509 		/*
1510 		 * And do a Getattr op.
1511 		 */
1512 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1513 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
1514 		NFSGETATTR_ATTRBIT(&attrbits);
1515 		(void) nfsrv_putattrbit(nd, &attrbits);
1516 	}
1517 	error = nfscl_request(nd, vp, p, cred, stuff);
1518 	if (error)
1519 		return (error);
1520 	if (nd->nd_flag & ND_NFSV3)
1521 		error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
1522 	if (!nd->nd_repstat && !error) {
1523 		NFSM_STRSIZ(len, NFS_MAXPATHLEN);
1524 		/*
1525 		 * This seems weird to me, but must have been added to
1526 		 * FreeBSD for some reason. The only thing I can think of
1527 		 * is that there was/is some server that replies with
1528 		 * more link data than it should?
1529 		 */
1530 		if (len == NFS_MAXPATHLEN) {
1531 			NFSLOCKNODE(np);
1532 			if (np->n_size > 0 && np->n_size < NFS_MAXPATHLEN) {
1533 				len = np->n_size;
1534 				cangetattr = 0;
1535 			}
1536 			NFSUNLOCKNODE(np);
1537 		}
1538 		error = nfsm_mbufuio(nd, uiop, len);
1539 		if ((nd->nd_flag & ND_NFSV4) && !error && cangetattr)
1540 			error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
1541 	}
1542 	if (nd->nd_repstat && !error)
1543 		error = nd->nd_repstat;
1544 nfsmout:
1545 	m_freem(nd->nd_mrep);
1546 	return (error);
1547 }
1548 
1549 /*
1550  * Read operation.
1551  */
1552 int
nfsrpc_read(vnode_t vp,struct uio * uiop,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff)1553 nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
1554     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
1555 {
1556 	int error, expireret = 0, retrycnt;
1557 	u_int32_t clidrev = 0;
1558 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1559 	struct nfsnode *np = VTONFS(vp);
1560 	struct ucred *newcred;
1561 	struct nfsfh *nfhp = NULL;
1562 	nfsv4stateid_t stateid;
1563 	void *lckp;
1564 
1565 	if (nmp->nm_clp != NULL)
1566 		clidrev = nmp->nm_clp->nfsc_clientidrev;
1567 	newcred = cred;
1568 	if (NFSHASNFSV4(nmp)) {
1569 		nfhp = np->n_fhp;
1570 		newcred = NFSNEWCRED(cred);
1571 	}
1572 	retrycnt = 0;
1573 	do {
1574 		lckp = NULL;
1575 		if (NFSHASNFSV4(nmp))
1576 			(void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
1577 			    NFSV4OPEN_ACCESSREAD, 0, newcred, p, &stateid,
1578 			    &lckp);
1579 		error = nfsrpc_readrpc(vp, uiop, newcred, &stateid, p, nap,
1580 		    attrflagp, stuff);
1581 		if (error == NFSERR_OPENMODE) {
1582 			NFSLOCKMNT(nmp);
1583 			nmp->nm_state |= NFSSTA_OPENMODE;
1584 			NFSUNLOCKMNT(nmp);
1585 		}
1586 		if (error == NFSERR_STALESTATEID)
1587 			nfscl_initiate_recovery(nmp->nm_clp);
1588 		if (lckp != NULL)
1589 			nfscl_lockderef(lckp);
1590 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1591 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1592 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
1593 			(void) nfs_catnap(PZERO, error, "nfs_read");
1594 		} else if ((error == NFSERR_EXPIRED ||
1595 		    error == NFSERR_BADSTATEID) && clidrev != 0) {
1596 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
1597 		}
1598 		retrycnt++;
1599 	} while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1600 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1601 	    error == NFSERR_BADSESSION ||
1602 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
1603 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
1604 	     expireret == 0 && clidrev != 0 && retrycnt < 4) ||
1605 	    (error == NFSERR_OPENMODE && retrycnt < 4));
1606 	if (error && retrycnt >= 4)
1607 		error = EIO;
1608 	if (NFSHASNFSV4(nmp))
1609 		NFSFREECRED(newcred);
1610 	return (error);
1611 }
1612 
1613 /*
1614  * The actual read RPC.
1615  */
1616 static int
nfsrpc_readrpc(vnode_t vp,struct uio * uiop,struct ucred * cred,nfsv4stateid_t * stateidp,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff)1617 nfsrpc_readrpc(vnode_t vp, struct uio *uiop, struct ucred *cred,
1618     nfsv4stateid_t *stateidp, NFSPROC_T *p, struct nfsvattr *nap,
1619     int *attrflagp, void *stuff)
1620 {
1621 	u_int32_t *tl;
1622 	int error = 0, len, retlen, tsiz, eof = 0;
1623 	struct nfsrv_descript nfsd;
1624 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1625 	struct nfsrv_descript *nd = &nfsd;
1626 	int rsize;
1627 	off_t tmp_off;
1628 
1629 	*attrflagp = 0;
1630 	tsiz = uiop->uio_resid;
1631 	tmp_off = uiop->uio_offset + tsiz;
1632 	NFSLOCKMNT(nmp);
1633 	if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
1634 		NFSUNLOCKMNT(nmp);
1635 		return (EFBIG);
1636 	}
1637 	rsize = nmp->nm_rsize;
1638 	NFSUNLOCKMNT(nmp);
1639 	nd->nd_mrep = NULL;
1640 	while (tsiz > 0) {
1641 		*attrflagp = 0;
1642 		len = (tsiz > rsize) ? rsize : tsiz;
1643 		NFSCL_REQSTART(nd, NFSPROC_READ, vp);
1644 		if (nd->nd_flag & ND_NFSV4)
1645 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
1646 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED * 3);
1647 		if (nd->nd_flag & ND_NFSV2) {
1648 			*tl++ = txdr_unsigned(uiop->uio_offset);
1649 			*tl++ = txdr_unsigned(len);
1650 			*tl = 0;
1651 		} else {
1652 			txdr_hyper(uiop->uio_offset, tl);
1653 			*(tl + 2) = txdr_unsigned(len);
1654 		}
1655 		/*
1656 		 * Since I can't do a Getattr for NFSv4 for Write, there
1657 		 * doesn't seem any point in doing one here, either.
1658 		 * (See the comment in nfsrpc_writerpc() for more info.)
1659 		 */
1660 		error = nfscl_request(nd, vp, p, cred, stuff);
1661 		if (error)
1662 			return (error);
1663 		if (nd->nd_flag & ND_NFSV3) {
1664 			error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
1665 		} else if (!nd->nd_repstat && (nd->nd_flag & ND_NFSV2)) {
1666 			error = nfsm_loadattr(nd, nap);
1667 			if (!error)
1668 				*attrflagp = 1;
1669 		}
1670 		if (nd->nd_repstat || error) {
1671 			if (!error)
1672 				error = nd->nd_repstat;
1673 			goto nfsmout;
1674 		}
1675 		if (nd->nd_flag & ND_NFSV3) {
1676 			NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
1677 			eof = fxdr_unsigned(int, *(tl + 1));
1678 		} else if (nd->nd_flag & ND_NFSV4) {
1679 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
1680 			eof = fxdr_unsigned(int, *tl);
1681 		}
1682 		NFSM_STRSIZ(retlen, len);
1683 		error = nfsm_mbufuio(nd, uiop, retlen);
1684 		if (error)
1685 			goto nfsmout;
1686 		m_freem(nd->nd_mrep);
1687 		nd->nd_mrep = NULL;
1688 		tsiz -= retlen;
1689 		if (!(nd->nd_flag & ND_NFSV2)) {
1690 			if (eof || retlen == 0)
1691 				tsiz = 0;
1692 		} else if (retlen < len)
1693 			tsiz = 0;
1694 	}
1695 	return (0);
1696 nfsmout:
1697 	if (nd->nd_mrep != NULL)
1698 		m_freem(nd->nd_mrep);
1699 	return (error);
1700 }
1701 
1702 /*
1703  * nfs write operation
1704  * When called_from_strategy != 0, it should return EIO for an error that
1705  * indicates recovery is in progress, so that the buffer will be left
1706  * dirty and be written back to the server later. If it loops around,
1707  * the recovery thread could get stuck waiting for the buffer and recovery
1708  * will then deadlock.
1709  */
1710 int
nfsrpc_write(vnode_t vp,struct uio * uiop,int * iomode,int * must_commit,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff,int called_from_strategy)1711 nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
1712     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
1713     void *stuff, int called_from_strategy)
1714 {
1715 	int error, expireret = 0, retrycnt, nostateid;
1716 	u_int32_t clidrev = 0;
1717 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1718 	struct nfsnode *np = VTONFS(vp);
1719 	struct ucred *newcred;
1720 	struct nfsfh *nfhp = NULL;
1721 	nfsv4stateid_t stateid;
1722 	void *lckp;
1723 
1724 	KASSERT(*must_commit >= 0 && *must_commit <= 2,
1725 	    ("nfsrpc_write: must_commit out of range=%d", *must_commit));
1726 	if (nmp->nm_clp != NULL)
1727 		clidrev = nmp->nm_clp->nfsc_clientidrev;
1728 	newcred = cred;
1729 	if (NFSHASNFSV4(nmp)) {
1730 		newcred = NFSNEWCRED(cred);
1731 		nfhp = np->n_fhp;
1732 	}
1733 	retrycnt = 0;
1734 	do {
1735 		lckp = NULL;
1736 		nostateid = 0;
1737 		if (NFSHASNFSV4(nmp)) {
1738 			(void)nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
1739 			    NFSV4OPEN_ACCESSWRITE, 0, newcred, p, &stateid,
1740 			    &lckp);
1741 			if (stateid.other[0] == 0 && stateid.other[1] == 0 &&
1742 			    stateid.other[2] == 0) {
1743 				nostateid = 1;
1744 				NFSCL_DEBUG(1, "stateid0 in write\n");
1745 			}
1746 		}
1747 
1748 		/*
1749 		 * If there is no stateid for NFSv4, it means this is an
1750 		 * extraneous write after close. Basically a poorly
1751 		 * implemented buffer cache. Just don't do the write.
1752 		 */
1753 		if (nostateid)
1754 			error = 0;
1755 		else
1756 			error = nfsrpc_writerpc(vp, uiop, iomode, must_commit,
1757 			    newcred, &stateid, p, nap, attrflagp, stuff);
1758 		if (error == NFSERR_STALESTATEID)
1759 			nfscl_initiate_recovery(nmp->nm_clp);
1760 		if (lckp != NULL)
1761 			nfscl_lockderef(lckp);
1762 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
1763 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
1764 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
1765 			(void) nfs_catnap(PZERO, error, "nfs_write");
1766 		} else if ((error == NFSERR_EXPIRED ||
1767 		    error == NFSERR_BADSTATEID) && clidrev != 0) {
1768 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
1769 		}
1770 		retrycnt++;
1771 	} while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
1772 	    ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
1773 	      error == NFSERR_STALEDONTRECOVER) && called_from_strategy == 0) ||
1774 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
1775 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
1776 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
1777 	if (error != 0 && (retrycnt >= 4 ||
1778 	    ((error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
1779 	      error == NFSERR_STALEDONTRECOVER) && called_from_strategy != 0)))
1780 		error = EIO;
1781 	if (NFSHASNFSV4(nmp))
1782 		NFSFREECRED(newcred);
1783 	return (error);
1784 }
1785 
1786 /*
1787  * The actual write RPC.
1788  */
1789 static int
nfsrpc_writerpc(vnode_t vp,struct uio * uiop,int * iomode,int * must_commit,struct ucred * cred,nfsv4stateid_t * stateidp,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff)1790 nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iomode,
1791     int *must_commit, struct ucred *cred, nfsv4stateid_t *stateidp,
1792     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
1793 {
1794 	u_int32_t *tl;
1795 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
1796 	struct nfsnode *np = VTONFS(vp);
1797 	int error = 0, len, tsiz, rlen, commit, committed = NFSWRITE_FILESYNC;
1798 	int wccflag = 0, wsize;
1799 	int32_t backup;
1800 	struct nfsrv_descript nfsd;
1801 	struct nfsrv_descript *nd = &nfsd;
1802 	nfsattrbit_t attrbits;
1803 	off_t tmp_off;
1804 
1805 	KASSERT(uiop->uio_iovcnt == 1, ("nfs: writerpc iovcnt > 1"));
1806 	*attrflagp = 0;
1807 	tsiz = uiop->uio_resid;
1808 	tmp_off = uiop->uio_offset + tsiz;
1809 	NFSLOCKMNT(nmp);
1810 	if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
1811 		NFSUNLOCKMNT(nmp);
1812 		return (EFBIG);
1813 	}
1814 	wsize = nmp->nm_wsize;
1815 	NFSUNLOCKMNT(nmp);
1816 	nd->nd_mrep = NULL;	/* NFSv2 sometimes does a write with */
1817 	nd->nd_repstat = 0;	/* uio_resid == 0, so the while is not done */
1818 	while (tsiz > 0) {
1819 		*attrflagp = 0;
1820 		len = (tsiz > wsize) ? wsize : tsiz;
1821 		NFSCL_REQSTART(nd, NFSPROC_WRITE, vp);
1822 		if (nd->nd_flag & ND_NFSV4) {
1823 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
1824 			NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+2*NFSX_UNSIGNED);
1825 			txdr_hyper(uiop->uio_offset, tl);
1826 			tl += 2;
1827 			*tl++ = txdr_unsigned(*iomode);
1828 			*tl = txdr_unsigned(len);
1829 		} else if (nd->nd_flag & ND_NFSV3) {
1830 			NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER+3*NFSX_UNSIGNED);
1831 			txdr_hyper(uiop->uio_offset, tl);
1832 			tl += 2;
1833 			*tl++ = txdr_unsigned(len);
1834 			*tl++ = txdr_unsigned(*iomode);
1835 			*tl = txdr_unsigned(len);
1836 		} else {
1837 			u_int32_t x;
1838 
1839 			NFSM_BUILD(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1840 			/*
1841 			 * Not sure why someone changed this, since the
1842 			 * RFC clearly states that "beginoffset" and
1843 			 * "totalcount" are ignored, but it wouldn't
1844 			 * surprise me if there's a busted server out there.
1845 			 */
1846 			/* Set both "begin" and "current" to non-garbage. */
1847 			x = txdr_unsigned((u_int32_t)uiop->uio_offset);
1848 			*tl++ = x;      /* "begin offset" */
1849 			*tl++ = x;      /* "current offset" */
1850 			x = txdr_unsigned(len);
1851 			*tl++ = x;      /* total to this offset */
1852 			*tl = x;        /* size of this write */
1853 		}
1854 		nfsm_uiombuf(nd, uiop, len);
1855 		/*
1856 		 * Although it is tempting to do a normal Getattr Op in the
1857 		 * NFSv4 compound, the result can be a nearly hung client
1858 		 * system if the Getattr asks for Owner and/or OwnerGroup.
1859 		 * It occurs when the client can't map either the Owner or
1860 		 * Owner_group name in the Getattr reply to a uid/gid. When
1861 		 * there is a cache miss, the kernel does an upcall to the
1862 		 * nfsuserd. Then, it can try and read the local /etc/passwd
1863 		 * or /etc/group file. It can then block in getnewbuf(),
1864 		 * waiting for dirty writes to be pushed to the NFS server.
1865 		 * The only reason this doesn't result in a complete
1866 		 * deadlock, is that the upcall times out and allows
1867 		 * the write to complete. However, progress is so slow
1868 		 * that it might just as well be deadlocked.
1869 		 * As such, we get the rest of the attributes, but not
1870 		 * Owner or Owner_group.
1871 		 * nb: nfscl_loadattrcache() needs to be told that these
1872 		 *     partial attributes from a write rpc are being
1873 		 *     passed in, via a argument flag.
1874 		 */
1875 		if (nd->nd_flag & ND_NFSV4) {
1876 			NFSWRITEGETATTR_ATTRBIT(&attrbits);
1877 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
1878 			*tl = txdr_unsigned(NFSV4OP_GETATTR);
1879 			(void) nfsrv_putattrbit(nd, &attrbits);
1880 		}
1881 		error = nfscl_request(nd, vp, p, cred, stuff);
1882 		if (error)
1883 			return (error);
1884 		if (nd->nd_repstat) {
1885 			/*
1886 			 * In case the rpc gets retried, roll
1887 			 * the uio fileds changed by nfsm_uiombuf()
1888 			 * back.
1889 			 */
1890 			uiop->uio_offset -= len;
1891 			uiop->uio_resid += len;
1892 			uiop->uio_iov->iov_base =
1893 			    (char *)uiop->uio_iov->iov_base - len;
1894 			uiop->uio_iov->iov_len += len;
1895 		}
1896 		if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
1897 			error = nfscl_wcc_data(nd, vp, nap, attrflagp,
1898 			    &wccflag, stuff);
1899 			if (error)
1900 				goto nfsmout;
1901 		}
1902 		if (!nd->nd_repstat) {
1903 			if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
1904 				NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED
1905 					+ NFSX_VERF);
1906 				rlen = fxdr_unsigned(int, *tl++);
1907 				if (rlen == 0) {
1908 					error = NFSERR_IO;
1909 					goto nfsmout;
1910 				} else if (rlen < len) {
1911 					backup = len - rlen;
1912 					uiop->uio_iov->iov_base =
1913 					    (char *)uiop->uio_iov->iov_base -
1914 					    backup;
1915 					uiop->uio_iov->iov_len += backup;
1916 					uiop->uio_offset -= backup;
1917 					uiop->uio_resid += backup;
1918 					len = rlen;
1919 				}
1920 				commit = fxdr_unsigned(int, *tl++);
1921 
1922 				/*
1923 				 * Return the lowest commitment level
1924 				 * obtained by any of the RPCs.
1925 				 */
1926 				if (committed == NFSWRITE_FILESYNC)
1927 					committed = commit;
1928 				else if (committed == NFSWRITE_DATASYNC &&
1929 					commit == NFSWRITE_UNSTABLE)
1930 					committed = commit;
1931 				NFSLOCKMNT(nmp);
1932 				if (!NFSHASWRITEVERF(nmp)) {
1933 					NFSBCOPY((caddr_t)tl,
1934 					    (caddr_t)&nmp->nm_verf[0],
1935 					    NFSX_VERF);
1936 					NFSSETWRITEVERF(nmp);
1937 	    			} else if (NFSBCMP(tl, nmp->nm_verf,
1938 				    NFSX_VERF) && *must_commit != 2) {
1939 					*must_commit = 1;
1940 					NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
1941 				}
1942 				NFSUNLOCKMNT(nmp);
1943 			}
1944 			if (nd->nd_flag & ND_NFSV4)
1945 				NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
1946 			if (nd->nd_flag & (ND_NFSV2 | ND_NFSV4)) {
1947 				error = nfsm_loadattr(nd, nap);
1948 				if (!error)
1949 					*attrflagp = NFS_LATTR_NOSHRINK;
1950 			}
1951 		} else {
1952 			error = nd->nd_repstat;
1953 		}
1954 		if (error)
1955 			goto nfsmout;
1956 		NFSWRITERPC_SETTIME(wccflag, np, nap, (nd->nd_flag & ND_NFSV4));
1957 		m_freem(nd->nd_mrep);
1958 		nd->nd_mrep = NULL;
1959 		tsiz -= len;
1960 	}
1961 nfsmout:
1962 	if (nd->nd_mrep != NULL)
1963 		m_freem(nd->nd_mrep);
1964 	*iomode = committed;
1965 	if (nd->nd_repstat && !error)
1966 		error = nd->nd_repstat;
1967 	return (error);
1968 }
1969 
1970 /*
1971  * nfs mknod rpc
1972  * For NFS v2 this is a kludge. Use a create rpc but with the IFMT bits of the
1973  * mode set to specify the file type and the size field for rdev.
1974  */
1975 int
nfsrpc_mknod(vnode_t dvp,char * name,int namelen,struct vattr * vap,u_int32_t rdev,enum vtype vtyp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nnap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * dstuff)1976 nfsrpc_mknod(vnode_t dvp, char *name, int namelen, struct vattr *vap,
1977     u_int32_t rdev, enum vtype vtyp, struct ucred *cred, NFSPROC_T *p,
1978     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
1979     int *attrflagp, int *dattrflagp, void *dstuff)
1980 {
1981 	u_int32_t *tl;
1982 	int error = 0;
1983 	struct nfsrv_descript nfsd, *nd = &nfsd;
1984 	nfsattrbit_t attrbits;
1985 
1986 	*nfhpp = NULL;
1987 	*attrflagp = 0;
1988 	*dattrflagp = 0;
1989 	if (namelen > NFS_MAXNAMLEN)
1990 		return (ENAMETOOLONG);
1991 	NFSCL_REQSTART(nd, NFSPROC_MKNOD, dvp);
1992 	if (nd->nd_flag & ND_NFSV4) {
1993 		if (vtyp == VBLK || vtyp == VCHR) {
1994 			NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
1995 			*tl++ = vtonfsv34_type(vtyp);
1996 			*tl++ = txdr_unsigned(NFSMAJOR(rdev));
1997 			*tl = txdr_unsigned(NFSMINOR(rdev));
1998 		} else {
1999 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2000 			*tl = vtonfsv34_type(vtyp);
2001 		}
2002 	}
2003 	(void) nfsm_strtom(nd, name, namelen);
2004 	if (nd->nd_flag & ND_NFSV3) {
2005 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2006 		*tl = vtonfsv34_type(vtyp);
2007 	}
2008 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
2009 		nfscl_fillsattr(nd, vap, dvp, 0, 0);
2010 	if ((nd->nd_flag & ND_NFSV3) &&
2011 	    (vtyp == VCHR || vtyp == VBLK)) {
2012 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2013 		*tl++ = txdr_unsigned(NFSMAJOR(rdev));
2014 		*tl = txdr_unsigned(NFSMINOR(rdev));
2015 	}
2016 	if (nd->nd_flag & ND_NFSV4) {
2017 		NFSGETATTR_ATTRBIT(&attrbits);
2018 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2019 		*tl++ = txdr_unsigned(NFSV4OP_GETFH);
2020 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
2021 		(void) nfsrv_putattrbit(nd, &attrbits);
2022 	}
2023 	if (nd->nd_flag & ND_NFSV2)
2024 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZERDEV, rdev);
2025 	error = nfscl_request(nd, dvp, p, cred, dstuff);
2026 	if (error)
2027 		return (error);
2028 	if (nd->nd_flag & ND_NFSV4)
2029 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2030 	if (!nd->nd_repstat) {
2031 		if (nd->nd_flag & ND_NFSV4) {
2032 			NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
2033 			error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
2034 			if (error)
2035 				goto nfsmout;
2036 		}
2037 		error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
2038 		if (error)
2039 			goto nfsmout;
2040 	}
2041 	if (nd->nd_flag & ND_NFSV3)
2042 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2043 	if (!error && nd->nd_repstat)
2044 		error = nd->nd_repstat;
2045 nfsmout:
2046 	m_freem(nd->nd_mrep);
2047 	return (error);
2048 }
2049 
2050 /*
2051  * nfs file create call
2052  * Mostly just call the approriate routine. (I separated out v4, so that
2053  * error recovery wouldn't be as difficult.)
2054  */
2055 int
nfsrpc_create(vnode_t dvp,char * name,int namelen,struct vattr * vap,nfsquad_t cverf,int fmode,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nnap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * dstuff)2056 nfsrpc_create(vnode_t dvp, char *name, int namelen, struct vattr *vap,
2057     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
2058     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
2059     int *attrflagp, int *dattrflagp, void *dstuff)
2060 {
2061 	int error = 0, newone, expireret = 0, retrycnt, unlocked;
2062 	struct nfsclowner *owp;
2063 	struct nfscldeleg *dp;
2064 	struct nfsmount *nmp = VFSTONFS(dvp->v_mount);
2065 	u_int32_t clidrev;
2066 
2067 	if (NFSHASNFSV4(nmp)) {
2068 	    retrycnt = 0;
2069 	    do {
2070 		dp = NULL;
2071 		error = nfscl_open(dvp, NULL, 0, (NFSV4OPEN_ACCESSWRITE |
2072 		    NFSV4OPEN_ACCESSREAD), 0, cred, p, &owp, NULL, &newone,
2073 		    NULL, 1, true);
2074 		if (error)
2075 			return (error);
2076 		if (nmp->nm_clp != NULL)
2077 			clidrev = nmp->nm_clp->nfsc_clientidrev;
2078 		else
2079 			clidrev = 0;
2080 		if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 ||
2081 		    nfs_numnfscbd == 0 || retrycnt > 0)
2082 			error = nfsrpc_createv4(dvp, name, namelen, vap, cverf,
2083 			  fmode, owp, &dp, cred, p, dnap, nnap, nfhpp,
2084 			  attrflagp, dattrflagp, dstuff, &unlocked);
2085 		else
2086 			error = nfsrpc_getcreatelayout(dvp, name, namelen, vap,
2087 			  cverf, fmode, owp, &dp, cred, p, dnap, nnap, nfhpp,
2088 			  attrflagp, dattrflagp, dstuff, &unlocked);
2089 		/*
2090 		 * There is no need to invalidate cached attributes here,
2091 		 * since new post-delegation issue attributes are always
2092 		 * returned by nfsrpc_createv4() and these will update the
2093 		 * attribute cache.
2094 		 */
2095 		if (dp != NULL)
2096 			(void) nfscl_deleg(nmp->nm_mountp, owp->nfsow_clp,
2097 			    (*nfhpp)->nfh_fh, (*nfhpp)->nfh_len, cred, p, &dp);
2098 		nfscl_ownerrelease(nmp, owp, error, newone, unlocked);
2099 		if (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
2100 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
2101 		    error == NFSERR_BADSESSION) {
2102 			(void) nfs_catnap(PZERO, error, "nfs_open");
2103 		} else if ((error == NFSERR_EXPIRED ||
2104 		    error == NFSERR_BADSTATEID) && clidrev != 0) {
2105 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
2106 			retrycnt++;
2107 		}
2108 	    } while (error == NFSERR_GRACE || error == NFSERR_STALECLIENTID ||
2109 		error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
2110 		error == NFSERR_BADSESSION ||
2111 		((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
2112 		 expireret == 0 && clidrev != 0 && retrycnt < 4));
2113 	    if (error && retrycnt >= 4)
2114 		    error = EIO;
2115 	} else {
2116 		error = nfsrpc_createv23(dvp, name, namelen, vap, cverf,
2117 		    fmode, cred, p, dnap, nnap, nfhpp, attrflagp, dattrflagp,
2118 		    dstuff);
2119 	}
2120 	return (error);
2121 }
2122 
2123 /*
2124  * The create rpc for v2 and 3.
2125  */
2126 static int
nfsrpc_createv23(vnode_t dvp,char * name,int namelen,struct vattr * vap,nfsquad_t cverf,int fmode,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nnap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * dstuff)2127 nfsrpc_createv23(vnode_t dvp, char *name, int namelen, struct vattr *vap,
2128     nfsquad_t cverf, int fmode, struct ucred *cred, NFSPROC_T *p,
2129     struct nfsvattr *dnap, struct nfsvattr *nnap, struct nfsfh **nfhpp,
2130     int *attrflagp, int *dattrflagp, void *dstuff)
2131 {
2132 	u_int32_t *tl;
2133 	int error = 0;
2134 	struct nfsrv_descript nfsd, *nd = &nfsd;
2135 
2136 	*nfhpp = NULL;
2137 	*attrflagp = 0;
2138 	*dattrflagp = 0;
2139 	if (namelen > NFS_MAXNAMLEN)
2140 		return (ENAMETOOLONG);
2141 	NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp);
2142 	(void) nfsm_strtom(nd, name, namelen);
2143 	if (nd->nd_flag & ND_NFSV3) {
2144 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2145 		if (fmode & O_EXCL) {
2146 			*tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
2147 			NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
2148 			*tl++ = cverf.lval[0];
2149 			*tl = cverf.lval[1];
2150 		} else {
2151 			*tl = txdr_unsigned(NFSCREATE_UNCHECKED);
2152 			nfscl_fillsattr(nd, vap, dvp, 0, 0);
2153 		}
2154 	} else {
2155 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZE0, 0);
2156 	}
2157 	error = nfscl_request(nd, dvp, p, cred, dstuff);
2158 	if (error)
2159 		return (error);
2160 	if (nd->nd_repstat == 0) {
2161 		error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
2162 		if (error)
2163 			goto nfsmout;
2164 	}
2165 	if (nd->nd_flag & ND_NFSV3)
2166 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2167 	if (nd->nd_repstat != 0 && error == 0)
2168 		error = nd->nd_repstat;
2169 nfsmout:
2170 	m_freem(nd->nd_mrep);
2171 	return (error);
2172 }
2173 
2174 static int
nfsrpc_createv4(vnode_t dvp,char * name,int namelen,struct vattr * vap,nfsquad_t cverf,int fmode,struct nfsclowner * owp,struct nfscldeleg ** dpp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nnap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * dstuff,int * unlockedp)2175 nfsrpc_createv4(vnode_t dvp, char *name, int namelen, struct vattr *vap,
2176     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
2177     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
2178     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
2179     int *dattrflagp, void *dstuff, int *unlockedp)
2180 {
2181 	u_int32_t *tl;
2182 	int error = 0, deleg, newone, ret, acesize, limitby;
2183 	struct nfsrv_descript nfsd, *nd = &nfsd;
2184 	struct nfsclopen *op;
2185 	struct nfscldeleg *dp = NULL;
2186 	struct nfsnode *np;
2187 	struct nfsfh *nfhp;
2188 	nfsattrbit_t attrbits;
2189 	nfsv4stateid_t stateid;
2190 	u_int32_t rflags;
2191 	struct nfsmount *nmp;
2192 	struct nfsclsession *tsep;
2193 
2194 	nmp = VFSTONFS(dvp->v_mount);
2195 	np = VTONFS(dvp);
2196 	*unlockedp = 0;
2197 	*nfhpp = NULL;
2198 	*dpp = NULL;
2199 	*attrflagp = 0;
2200 	*dattrflagp = 0;
2201 	if (namelen > NFS_MAXNAMLEN)
2202 		return (ENAMETOOLONG);
2203 	NFSCL_REQSTART(nd, NFSPROC_CREATE, dvp);
2204 	/*
2205 	 * For V4, this is actually an Open op.
2206 	 */
2207 	NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
2208 	*tl++ = txdr_unsigned(owp->nfsow_seqid);
2209 	*tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
2210 	    NFSV4OPEN_ACCESSREAD);
2211 	*tl++ = txdr_unsigned(NFSV4OPEN_DENYNONE);
2212 	tsep = nfsmnt_mdssession(nmp);
2213 	*tl++ = tsep->nfsess_clientid.lval[0];
2214 	*tl = tsep->nfsess_clientid.lval[1];
2215 	(void) nfsm_strtom(nd, owp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
2216 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2217 	*tl++ = txdr_unsigned(NFSV4OPEN_CREATE);
2218 	if (fmode & O_EXCL) {
2219 		if (NFSHASNFSV4N(nmp)) {
2220 			if (NFSHASSESSPERSIST(nmp)) {
2221 				/* Use GUARDED for persistent sessions. */
2222 				*tl = txdr_unsigned(NFSCREATE_GUARDED);
2223 				nfscl_fillsattr(nd, vap, dvp, 0, 0);
2224 			} else {
2225 				/* Otherwise, use EXCLUSIVE4_1. */
2226 				*tl = txdr_unsigned(NFSCREATE_EXCLUSIVE41);
2227 				NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
2228 				*tl++ = cverf.lval[0];
2229 				*tl = cverf.lval[1];
2230 				nfscl_fillsattr(nd, vap, dvp, 0, 0);
2231 			}
2232 		} else {
2233 			/* NFSv4.0 */
2234 			*tl = txdr_unsigned(NFSCREATE_EXCLUSIVE);
2235 			NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
2236 			*tl++ = cverf.lval[0];
2237 			*tl = cverf.lval[1];
2238 		}
2239 	} else {
2240 		*tl = txdr_unsigned(NFSCREATE_UNCHECKED);
2241 		nfscl_fillsattr(nd, vap, dvp, 0, 0);
2242 	}
2243 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2244 	*tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
2245 	(void) nfsm_strtom(nd, name, namelen);
2246 	/* Get the new file's handle and attributes. */
2247 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2248 	*tl++ = txdr_unsigned(NFSV4OP_GETFH);
2249 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
2250 	NFSGETATTR_ATTRBIT(&attrbits);
2251 	(void) nfsrv_putattrbit(nd, &attrbits);
2252 	/* Get the directory's post-op attributes. */
2253 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2254 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
2255 	(void) nfsm_fhtom(nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
2256 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2257 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
2258 	(void) nfsrv_putattrbit(nd, &attrbits);
2259 	error = nfscl_request(nd, dvp, p, cred, dstuff);
2260 	if (error)
2261 		return (error);
2262 	NFSCL_INCRSEQID(owp->nfsow_seqid, nd);
2263 	if (nd->nd_repstat == 0) {
2264 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
2265 		    6 * NFSX_UNSIGNED);
2266 		stateid.seqid = *tl++;
2267 		stateid.other[0] = *tl++;
2268 		stateid.other[1] = *tl++;
2269 		stateid.other[2] = *tl;
2270 		rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
2271 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
2272 		if (error)
2273 			goto nfsmout;
2274 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
2275 		deleg = fxdr_unsigned(int, *tl);
2276 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
2277 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
2278 			if (!(owp->nfsow_clp->nfsc_flags &
2279 			      NFSCLFLAGS_FIRSTDELEG))
2280 				owp->nfsow_clp->nfsc_flags |=
2281 				  (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
2282 			dp = malloc(
2283 			    sizeof (struct nfscldeleg) + NFSX_V4FHMAX,
2284 			    M_NFSCLDELEG, M_WAITOK);
2285 			LIST_INIT(&dp->nfsdl_owner);
2286 			LIST_INIT(&dp->nfsdl_lock);
2287 			dp->nfsdl_clp = owp->nfsow_clp;
2288 			newnfs_copyincred(cred, &dp->nfsdl_cred);
2289 			nfscl_lockinit(&dp->nfsdl_rwlock);
2290 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
2291 			    NFSX_UNSIGNED);
2292 			dp->nfsdl_stateid.seqid = *tl++;
2293 			dp->nfsdl_stateid.other[0] = *tl++;
2294 			dp->nfsdl_stateid.other[1] = *tl++;
2295 			dp->nfsdl_stateid.other[2] = *tl++;
2296 			ret = fxdr_unsigned(int, *tl);
2297 			if (deleg == NFSV4OPEN_DELEGATEWRITE) {
2298 				dp->nfsdl_flags = NFSCLDL_WRITE;
2299 				/*
2300 				 * Indicates how much the file can grow.
2301 				 */
2302 				NFSM_DISSECT(tl, u_int32_t *,
2303 				    3 * NFSX_UNSIGNED);
2304 				limitby = fxdr_unsigned(int, *tl++);
2305 				switch (limitby) {
2306 				case NFSV4OPEN_LIMITSIZE:
2307 					dp->nfsdl_sizelimit = fxdr_hyper(tl);
2308 					break;
2309 				case NFSV4OPEN_LIMITBLOCKS:
2310 					dp->nfsdl_sizelimit =
2311 					    fxdr_unsigned(u_int64_t, *tl++);
2312 					dp->nfsdl_sizelimit *=
2313 					    fxdr_unsigned(u_int64_t, *tl);
2314 					break;
2315 				default:
2316 					error = NFSERR_BADXDR;
2317 					goto nfsmout;
2318 				}
2319 			} else {
2320 				dp->nfsdl_flags = NFSCLDL_READ;
2321 			}
2322 			if (ret)
2323 				dp->nfsdl_flags |= NFSCLDL_RECALL;
2324 			error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false,
2325 			    &ret, &acesize, p);
2326 			if (error)
2327 				goto nfsmout;
2328 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
2329 			error = NFSERR_BADXDR;
2330 			goto nfsmout;
2331 		}
2332 		error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
2333 		if (error)
2334 			goto nfsmout;
2335 		/* Get rid of the PutFH and Getattr status values. */
2336 		NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
2337 		/* Load the directory attributes. */
2338 		error = nfsm_loadattr(nd, dnap);
2339 		if (error)
2340 			goto nfsmout;
2341 		*dattrflagp = 1;
2342 		if (dp != NULL && *attrflagp) {
2343 			dp->nfsdl_change = nnap->na_filerev;
2344 			dp->nfsdl_modtime = nnap->na_mtime;
2345 			dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
2346 		}
2347 		/*
2348 		 * We can now complete the Open state.
2349 		 */
2350 		nfhp = *nfhpp;
2351 		if (dp != NULL) {
2352 			dp->nfsdl_fhlen = nfhp->nfh_len;
2353 			NFSBCOPY(nfhp->nfh_fh, dp->nfsdl_fh, nfhp->nfh_len);
2354 		}
2355 		/*
2356 		 * Get an Open structure that will be
2357 		 * attached to the OpenOwner, acquired already.
2358 		 */
2359 		error = nfscl_open(dvp, nfhp->nfh_fh, nfhp->nfh_len,
2360 		    (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), 0,
2361 		    cred, p, NULL, &op, &newone, NULL, 0, false);
2362 		if (error)
2363 			goto nfsmout;
2364 		op->nfso_stateid = stateid;
2365 		newnfs_copyincred(cred, &op->nfso_cred);
2366 		if ((rflags & NFSV4OPEN_RESULTCONFIRM)) {
2367 		    do {
2368 			ret = nfsrpc_openconfirm(dvp, nfhp->nfh_fh,
2369 			    nfhp->nfh_len, op, cred, p);
2370 			if (ret == NFSERR_DELAY)
2371 			    (void) nfs_catnap(PZERO, ret, "nfs_create");
2372 		    } while (ret == NFSERR_DELAY);
2373 		    error = ret;
2374 		}
2375 
2376 		/*
2377 		 * If the server is handing out delegations, but we didn't
2378 		 * get one because an OpenConfirm was required, try the
2379 		 * Open again, to get a delegation. This is a harmless no-op,
2380 		 * from a server's point of view.
2381 		 */
2382 		if ((rflags & NFSV4OPEN_RESULTCONFIRM) &&
2383 		    (owp->nfsow_clp->nfsc_flags & NFSCLFLAGS_GOTDELEG) &&
2384 		    !error && dp == NULL) {
2385 		    do {
2386 			ret = nfsrpc_openrpc(VFSTONFS(dvp->v_mount), dvp,
2387 			    np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
2388 			    nfhp->nfh_fh, nfhp->nfh_len,
2389 			    (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), op,
2390 			    name, namelen, &dp, 0, 0x0, cred, p, 0, 1);
2391 			if (ret == NFSERR_DELAY)
2392 			    (void) nfs_catnap(PZERO, ret, "nfs_crt2");
2393 		    } while (ret == NFSERR_DELAY);
2394 		    if (ret) {
2395 			if (dp != NULL) {
2396 				free(dp, M_NFSCLDELEG);
2397 				dp = NULL;
2398 			}
2399 			if (ret == NFSERR_STALECLIENTID ||
2400 			    ret == NFSERR_STALEDONTRECOVER ||
2401 			    ret == NFSERR_BADSESSION)
2402 				error = ret;
2403 		    }
2404 		}
2405 		nfscl_openrelease(nmp, op, error, newone);
2406 		*unlockedp = 1;
2407 	}
2408 	if (nd->nd_repstat != 0 && error == 0)
2409 		error = nd->nd_repstat;
2410 	if (error == NFSERR_STALECLIENTID)
2411 		nfscl_initiate_recovery(owp->nfsow_clp);
2412 nfsmout:
2413 	if (!error)
2414 		*dpp = dp;
2415 	else if (dp != NULL)
2416 		free(dp, M_NFSCLDELEG);
2417 	m_freem(nd->nd_mrep);
2418 	return (error);
2419 }
2420 
2421 /*
2422  * Nfs remove rpc
2423  */
2424 int
nfsrpc_remove(vnode_t dvp,char * name,int namelen,vnode_t vp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,int * dattrflagp,void * dstuff)2425 nfsrpc_remove(vnode_t dvp, char *name, int namelen, vnode_t vp,
2426     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp,
2427     void *dstuff)
2428 {
2429 	u_int32_t *tl;
2430 	struct nfsrv_descript nfsd, *nd = &nfsd;
2431 	struct nfsnode *np;
2432 	struct nfsmount *nmp;
2433 	nfsv4stateid_t dstateid;
2434 	int error, ret = 0, i;
2435 
2436 	*dattrflagp = 0;
2437 	if (namelen > NFS_MAXNAMLEN)
2438 		return (ENAMETOOLONG);
2439 	nmp = VFSTONFS(dvp->v_mount);
2440 tryagain:
2441 	if (NFSHASNFSV4(nmp) && ret == 0) {
2442 		ret = nfscl_removedeleg(vp, p, &dstateid);
2443 		if (ret == 1) {
2444 			NFSCL_REQSTART(nd, NFSPROC_RETDELEGREMOVE, vp);
2445 			NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
2446 			    NFSX_UNSIGNED);
2447 			if (NFSHASNFSV4N(nmp))
2448 				*tl++ = 0;
2449 			else
2450 				*tl++ = dstateid.seqid;
2451 			*tl++ = dstateid.other[0];
2452 			*tl++ = dstateid.other[1];
2453 			*tl++ = dstateid.other[2];
2454 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
2455 			np = VTONFS(dvp);
2456 			(void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
2457 			    np->n_fhp->nfh_len, 0);
2458 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2459 			*tl = txdr_unsigned(NFSV4OP_REMOVE);
2460 		}
2461 	} else {
2462 		ret = 0;
2463 	}
2464 	if (ret == 0)
2465 		NFSCL_REQSTART(nd, NFSPROC_REMOVE, dvp);
2466 	(void) nfsm_strtom(nd, name, namelen);
2467 	error = nfscl_request(nd, dvp, p, cred, dstuff);
2468 	if (error)
2469 		return (error);
2470 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
2471 		/* For NFSv4, parse out any Delereturn replies. */
2472 		if (ret > 0 && nd->nd_repstat != 0 &&
2473 		    (nd->nd_flag & ND_NOMOREDATA)) {
2474 			/*
2475 			 * If the Delegreturn failed, try again without
2476 			 * it. The server will Recall, as required.
2477 			 */
2478 			m_freem(nd->nd_mrep);
2479 			goto tryagain;
2480 		}
2481 		for (i = 0; i < (ret * 2); i++) {
2482 			if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
2483 			    ND_NFSV4) {
2484 			    NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2485 			    if (*(tl + 1))
2486 				nd->nd_flag |= ND_NOMOREDATA;
2487 			}
2488 		}
2489 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2490 	}
2491 	if (nd->nd_repstat && !error)
2492 		error = nd->nd_repstat;
2493 nfsmout:
2494 	m_freem(nd->nd_mrep);
2495 	return (error);
2496 }
2497 
2498 /*
2499  * Do an nfs rename rpc.
2500  */
2501 int
nfsrpc_rename(vnode_t fdvp,vnode_t fvp,char * fnameptr,int fnamelen,vnode_t tdvp,vnode_t tvp,char * tnameptr,int tnamelen,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * fnap,struct nfsvattr * tnap,int * fattrflagp,int * tattrflagp,void * fstuff,void * tstuff)2502 nfsrpc_rename(vnode_t fdvp, vnode_t fvp, char *fnameptr, int fnamelen,
2503     vnode_t tdvp, vnode_t tvp, char *tnameptr, int tnamelen, struct ucred *cred,
2504     NFSPROC_T *p, struct nfsvattr *fnap, struct nfsvattr *tnap,
2505     int *fattrflagp, int *tattrflagp, void *fstuff, void *tstuff)
2506 {
2507 	u_int32_t *tl;
2508 	struct nfsrv_descript nfsd, *nd = &nfsd;
2509 	struct nfsmount *nmp;
2510 	struct nfsnode *np;
2511 	nfsattrbit_t attrbits;
2512 	nfsv4stateid_t fdstateid, tdstateid;
2513 	int error = 0, ret = 0, gottd = 0, gotfd = 0, i;
2514 
2515 	*fattrflagp = 0;
2516 	*tattrflagp = 0;
2517 	nmp = VFSTONFS(fdvp->v_mount);
2518 	if (fnamelen > NFS_MAXNAMLEN || tnamelen > NFS_MAXNAMLEN)
2519 		return (ENAMETOOLONG);
2520 tryagain:
2521 	if (NFSHASNFSV4(nmp) && ret == 0) {
2522 		ret = nfscl_renamedeleg(fvp, &fdstateid, &gotfd, tvp,
2523 		    &tdstateid, &gottd, p);
2524 		if (gotfd && gottd) {
2525 			NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME2, fvp);
2526 		} else if (gotfd) {
2527 			NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, fvp);
2528 		} else if (gottd) {
2529 			NFSCL_REQSTART(nd, NFSPROC_RETDELEGRENAME1, tvp);
2530 		}
2531 		if (gotfd) {
2532 			NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
2533 			if (NFSHASNFSV4N(nmp))
2534 				*tl++ = 0;
2535 			else
2536 				*tl++ = fdstateid.seqid;
2537 			*tl++ = fdstateid.other[0];
2538 			*tl++ = fdstateid.other[1];
2539 			*tl = fdstateid.other[2];
2540 			if (gottd) {
2541 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2542 				*tl = txdr_unsigned(NFSV4OP_PUTFH);
2543 				np = VTONFS(tvp);
2544 				(void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
2545 				    np->n_fhp->nfh_len, 0);
2546 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2547 				*tl = txdr_unsigned(NFSV4OP_DELEGRETURN);
2548 			}
2549 		}
2550 		if (gottd) {
2551 			NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
2552 			if (NFSHASNFSV4N(nmp))
2553 				*tl++ = 0;
2554 			else
2555 				*tl++ = tdstateid.seqid;
2556 			*tl++ = tdstateid.other[0];
2557 			*tl++ = tdstateid.other[1];
2558 			*tl = tdstateid.other[2];
2559 		}
2560 		if (ret > 0) {
2561 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2562 			*tl = txdr_unsigned(NFSV4OP_PUTFH);
2563 			np = VTONFS(fdvp);
2564 			(void) nfsm_fhtom(nd, np->n_fhp->nfh_fh,
2565 			    np->n_fhp->nfh_len, 0);
2566 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2567 			*tl = txdr_unsigned(NFSV4OP_SAVEFH);
2568 		}
2569 	} else {
2570 		ret = 0;
2571 	}
2572 	if (ret == 0)
2573 		NFSCL_REQSTART(nd, NFSPROC_RENAME, fdvp);
2574 	if (nd->nd_flag & ND_NFSV4) {
2575 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2576 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
2577 		NFSWCCATTR_ATTRBIT(&attrbits);
2578 		(void) nfsrv_putattrbit(nd, &attrbits);
2579 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2580 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
2581 		(void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
2582 		    VTONFS(tdvp)->n_fhp->nfh_len, 0);
2583 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2584 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
2585 		(void) nfsrv_putattrbit(nd, &attrbits);
2586 		nd->nd_flag |= ND_V4WCCATTR;
2587 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2588 		*tl = txdr_unsigned(NFSV4OP_RENAME);
2589 	}
2590 	(void) nfsm_strtom(nd, fnameptr, fnamelen);
2591 	if (!(nd->nd_flag & ND_NFSV4))
2592 		(void) nfsm_fhtom(nd, VTONFS(tdvp)->n_fhp->nfh_fh,
2593 			VTONFS(tdvp)->n_fhp->nfh_len, 0);
2594 	(void) nfsm_strtom(nd, tnameptr, tnamelen);
2595 	error = nfscl_request(nd, fdvp, p, cred, fstuff);
2596 	if (error)
2597 		return (error);
2598 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
2599 		/* For NFSv4, parse out any Delereturn replies. */
2600 		if (ret > 0 && nd->nd_repstat != 0 &&
2601 		    (nd->nd_flag & ND_NOMOREDATA)) {
2602 			/*
2603 			 * If the Delegreturn failed, try again without
2604 			 * it. The server will Recall, as required.
2605 			 */
2606 			m_freem(nd->nd_mrep);
2607 			goto tryagain;
2608 		}
2609 		for (i = 0; i < (ret * 2); i++) {
2610 			if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) ==
2611 			    ND_NFSV4) {
2612 			    NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2613 			    if (*(tl + 1)) {
2614 				if (i == 0 && ret > 1) {
2615 				    /*
2616 				     * If the Delegreturn failed, try again
2617 				     * without it. The server will Recall, as
2618 				     * required.
2619 				     * If ret > 1, the first iteration of this
2620 				     * loop is the second DelegReturn result.
2621 				     */
2622 				    m_freem(nd->nd_mrep);
2623 				    goto tryagain;
2624 				} else {
2625 				    nd->nd_flag |= ND_NOMOREDATA;
2626 				}
2627 			    }
2628 			}
2629 		}
2630 		/* Now, the first wcc attribute reply. */
2631 		if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
2632 			NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2633 			if (*(tl + 1))
2634 				nd->nd_flag |= ND_NOMOREDATA;
2635 		}
2636 		error = nfscl_wcc_data(nd, fdvp, fnap, fattrflagp, NULL,
2637 		    fstuff);
2638 		/* and the second wcc attribute reply. */
2639 		if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4 &&
2640 		    !error) {
2641 			NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2642 			if (*(tl + 1))
2643 				nd->nd_flag |= ND_NOMOREDATA;
2644 		}
2645 		if (!error)
2646 			error = nfscl_wcc_data(nd, tdvp, tnap, tattrflagp,
2647 			    NULL, tstuff);
2648 	}
2649 	if (nd->nd_repstat && !error)
2650 		error = nd->nd_repstat;
2651 nfsmout:
2652 	m_freem(nd->nd_mrep);
2653 	return (error);
2654 }
2655 
2656 /*
2657  * nfs hard link create rpc
2658  */
2659 int
nfsrpc_link(vnode_t dvp,vnode_t vp,char * name,int namelen,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nap,int * attrflagp,int * dattrflagp,void * dstuff)2660 nfsrpc_link(vnode_t dvp, vnode_t vp, char *name, int namelen,
2661     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
2662     struct nfsvattr *nap, int *attrflagp, int *dattrflagp, void *dstuff)
2663 {
2664 	u_int32_t *tl;
2665 	struct nfsrv_descript nfsd, *nd = &nfsd;
2666 	nfsattrbit_t attrbits;
2667 	int error = 0;
2668 
2669 	*attrflagp = 0;
2670 	*dattrflagp = 0;
2671 	if (namelen > NFS_MAXNAMLEN)
2672 		return (ENAMETOOLONG);
2673 	NFSCL_REQSTART(nd, NFSPROC_LINK, vp);
2674 	if (nd->nd_flag & ND_NFSV4) {
2675 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2676 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
2677 	}
2678 	(void) nfsm_fhtom(nd, VTONFS(dvp)->n_fhp->nfh_fh,
2679 		VTONFS(dvp)->n_fhp->nfh_len, 0);
2680 	if (nd->nd_flag & ND_NFSV4) {
2681 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2682 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
2683 		NFSWCCATTR_ATTRBIT(&attrbits);
2684 		(void) nfsrv_putattrbit(nd, &attrbits);
2685 		nd->nd_flag |= ND_V4WCCATTR;
2686 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2687 		*tl = txdr_unsigned(NFSV4OP_LINK);
2688 	}
2689 	(void) nfsm_strtom(nd, name, namelen);
2690 	error = nfscl_request(nd, vp, p, cred, dstuff);
2691 	if (error)
2692 		return (error);
2693 	if (nd->nd_flag & ND_NFSV3) {
2694 		error = nfscl_postop_attr(nd, nap, attrflagp, dstuff);
2695 		if (!error)
2696 			error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
2697 			    NULL, dstuff);
2698 	} else if ((nd->nd_flag & (ND_NFSV4 | ND_NOMOREDATA)) == ND_NFSV4) {
2699 		/*
2700 		 * First, parse out the PutFH and Getattr result.
2701 		 */
2702 		NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2703 		if (!(*(tl + 1)))
2704 			NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2705 		if (*(tl + 1))
2706 			nd->nd_flag |= ND_NOMOREDATA;
2707 		/*
2708 		 * Get the pre-op attributes.
2709 		 */
2710 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2711 	}
2712 	if (nd->nd_repstat && !error)
2713 		error = nd->nd_repstat;
2714 nfsmout:
2715 	m_freem(nd->nd_mrep);
2716 	return (error);
2717 }
2718 
2719 /*
2720  * nfs symbolic link create rpc
2721  */
2722 int
nfsrpc_symlink(vnode_t dvp,char * name,int namelen,const char * target,struct vattr * vap,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nnap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * dstuff)2723 nfsrpc_symlink(vnode_t dvp, char *name, int namelen, const char *target,
2724     struct vattr *vap, struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
2725     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
2726     int *dattrflagp, void *dstuff)
2727 {
2728 	u_int32_t *tl;
2729 	struct nfsrv_descript nfsd, *nd = &nfsd;
2730 	struct nfsmount *nmp;
2731 	int slen, error = 0;
2732 
2733 	*nfhpp = NULL;
2734 	*attrflagp = 0;
2735 	*dattrflagp = 0;
2736 	nmp = VFSTONFS(dvp->v_mount);
2737 	slen = strlen(target);
2738 	if (slen > NFS_MAXPATHLEN || namelen > NFS_MAXNAMLEN)
2739 		return (ENAMETOOLONG);
2740 	NFSCL_REQSTART(nd, NFSPROC_SYMLINK, dvp);
2741 	if (nd->nd_flag & ND_NFSV4) {
2742 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2743 		*tl = txdr_unsigned(NFLNK);
2744 		(void) nfsm_strtom(nd, target, slen);
2745 	}
2746 	(void) nfsm_strtom(nd, name, namelen);
2747 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
2748 		nfscl_fillsattr(nd, vap, dvp, 0, 0);
2749 	if (!(nd->nd_flag & ND_NFSV4))
2750 		(void) nfsm_strtom(nd, target, slen);
2751 	if (nd->nd_flag & ND_NFSV2)
2752 		nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
2753 	error = nfscl_request(nd, dvp, p, cred, dstuff);
2754 	if (error)
2755 		return (error);
2756 	if (nd->nd_flag & ND_NFSV4)
2757 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2758 	if ((nd->nd_flag & ND_NFSV3) && !error) {
2759 		if (!nd->nd_repstat)
2760 			error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
2761 		if (!error)
2762 			error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp,
2763 			    NULL, dstuff);
2764 	}
2765 	if (nd->nd_repstat && !error)
2766 		error = nd->nd_repstat;
2767 	m_freem(nd->nd_mrep);
2768 	/*
2769 	 * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
2770 	 * Only do this if vfs.nfs.ignore_eexist is set.
2771 	 * Never do this for NFSv4.1 or later minor versions, since sessions
2772 	 * should guarantee "exactly once" RPC semantics.
2773 	 */
2774 	if (error == EEXIST && nfsignore_eexist != 0 && (!NFSHASNFSV4(nmp) ||
2775 	    nmp->nm_minorvers == 0))
2776 		error = 0;
2777 	return (error);
2778 }
2779 
2780 /*
2781  * nfs make dir rpc
2782  */
2783 int
nfsrpc_mkdir(vnode_t dvp,char * name,int namelen,struct vattr * vap,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nnap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * dstuff)2784 nfsrpc_mkdir(vnode_t dvp, char *name, int namelen, struct vattr *vap,
2785     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
2786     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
2787     int *dattrflagp, void *dstuff)
2788 {
2789 	u_int32_t *tl;
2790 	struct nfsrv_descript nfsd, *nd = &nfsd;
2791 	nfsattrbit_t attrbits;
2792 	int error = 0;
2793 	struct nfsfh *fhp;
2794 	struct nfsmount *nmp;
2795 
2796 	*nfhpp = NULL;
2797 	*attrflagp = 0;
2798 	*dattrflagp = 0;
2799 	nmp = VFSTONFS(dvp->v_mount);
2800 	fhp = VTONFS(dvp)->n_fhp;
2801 	if (namelen > NFS_MAXNAMLEN)
2802 		return (ENAMETOOLONG);
2803 	NFSCL_REQSTART(nd, NFSPROC_MKDIR, dvp);
2804 	if (nd->nd_flag & ND_NFSV4) {
2805 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2806 		*tl = txdr_unsigned(NFDIR);
2807 	}
2808 	(void) nfsm_strtom(nd, name, namelen);
2809 	nfscl_fillsattr(nd, vap, dvp, NFSSATTR_SIZENEG1, 0);
2810 	if (nd->nd_flag & ND_NFSV4) {
2811 		NFSGETATTR_ATTRBIT(&attrbits);
2812 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2813 		*tl++ = txdr_unsigned(NFSV4OP_GETFH);
2814 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
2815 		(void) nfsrv_putattrbit(nd, &attrbits);
2816 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2817 		*tl = txdr_unsigned(NFSV4OP_PUTFH);
2818 		(void) nfsm_fhtom(nd, fhp->nfh_fh, fhp->nfh_len, 0);
2819 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
2820 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
2821 		(void) nfsrv_putattrbit(nd, &attrbits);
2822 	}
2823 	error = nfscl_request(nd, dvp, p, cred, dstuff);
2824 	if (error)
2825 		return (error);
2826 	if (nd->nd_flag & ND_NFSV4)
2827 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2828 	if (!nd->nd_repstat && !error) {
2829 		if (nd->nd_flag & ND_NFSV4) {
2830 			NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
2831 			error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
2832 		}
2833 		if (!error)
2834 			error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
2835 		if (error == 0 && (nd->nd_flag & ND_NFSV4) != 0) {
2836 			/* Get rid of the PutFH and Getattr status values. */
2837 			NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
2838 			/* Load the directory attributes. */
2839 			error = nfsm_loadattr(nd, dnap);
2840 			if (error == 0)
2841 				*dattrflagp = 1;
2842 		}
2843 	}
2844 	if ((nd->nd_flag & ND_NFSV3) && !error)
2845 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2846 	if (nd->nd_repstat && !error)
2847 		error = nd->nd_repstat;
2848 nfsmout:
2849 	m_freem(nd->nd_mrep);
2850 	/*
2851 	 * Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
2852 	 * Only do this if vfs.nfs.ignore_eexist is set.
2853 	 * Never do this for NFSv4.1 or later minor versions, since sessions
2854 	 * should guarantee "exactly once" RPC semantics.
2855 	 */
2856 	if (error == EEXIST && nfsignore_eexist != 0 && (!NFSHASNFSV4(nmp) ||
2857 	    nmp->nm_minorvers == 0))
2858 		error = 0;
2859 	return (error);
2860 }
2861 
2862 /*
2863  * nfs remove directory call
2864  */
2865 int
nfsrpc_rmdir(vnode_t dvp,char * name,int namelen,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,int * dattrflagp,void * dstuff)2866 nfsrpc_rmdir(vnode_t dvp, char *name, int namelen, struct ucred *cred,
2867     NFSPROC_T *p, struct nfsvattr *dnap, int *dattrflagp, void *dstuff)
2868 {
2869 	struct nfsrv_descript nfsd, *nd = &nfsd;
2870 	int error = 0;
2871 
2872 	*dattrflagp = 0;
2873 	if (namelen > NFS_MAXNAMLEN)
2874 		return (ENAMETOOLONG);
2875 	NFSCL_REQSTART(nd, NFSPROC_RMDIR, dvp);
2876 	(void) nfsm_strtom(nd, name, namelen);
2877 	error = nfscl_request(nd, dvp, p, cred, dstuff);
2878 	if (error)
2879 		return (error);
2880 	if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4))
2881 		error = nfscl_wcc_data(nd, dvp, dnap, dattrflagp, NULL, dstuff);
2882 	if (nd->nd_repstat && !error)
2883 		error = nd->nd_repstat;
2884 	m_freem(nd->nd_mrep);
2885 	/*
2886 	 * Kludge: Map ENOENT => 0 assuming that you have a reply to a retry.
2887 	 */
2888 	if (error == ENOENT)
2889 		error = 0;
2890 	return (error);
2891 }
2892 
2893 /*
2894  * Readdir rpc.
2895  * Always returns with either uio_resid unchanged, if you are at the
2896  * end of the directory, or uio_resid == 0, with all DIRBLKSIZ chunks
2897  * filled in.
2898  * I felt this would allow caching of directory blocks more easily
2899  * than returning a pertially filled block.
2900  * Directory offset cookies:
2901  * Oh my, what to do with them...
2902  * I can think of three ways to deal with them:
2903  * 1 - have the layer above these RPCs maintain a map between logical
2904  *     directory byte offsets and the NFS directory offset cookies
2905  * 2 - pass the opaque directory offset cookies up into userland
2906  *     and let the libc functions deal with them, via the system call
2907  * 3 - return them to userland in the "struct dirent", so future versions
2908  *     of libc can use them and do whatever is necessary to make things work
2909  *     above these rpc calls, in the meantime
2910  * For now, I do #3 by "hiding" the directory offset cookies after the
2911  * d_name field in struct dirent. This is space inside d_reclen that
2912  * will be ignored by anything that doesn't know about them.
2913  * The directory offset cookies are filled in as the last 8 bytes of
2914  * each directory entry, after d_name. Someday, the userland libc
2915  * functions may be able to use these. In the meantime, it satisfies
2916  * OpenBSD's requirements for cookies being returned.
2917  * If expects the directory offset cookie for the read to be in uio_offset
2918  * and returns the one for the next entry after this directory block in
2919  * there, as well.
2920  */
2921 int
nfsrpc_readdir(vnode_t vp,struct uio * uiop,nfsuint64 * cookiep,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,int * eofp,void * stuff)2922 nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
2923     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
2924     int *eofp, void *stuff)
2925 {
2926 	int len, left;
2927 	struct dirent *dp = NULL;
2928 	u_int32_t *tl;
2929 	nfsquad_t cookie, ncookie;
2930 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
2931 	struct nfsnode *dnp = VTONFS(vp);
2932 	struct nfsvattr nfsva;
2933 	struct nfsrv_descript nfsd, *nd = &nfsd;
2934 	int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
2935 	int reqsize, tryformoredirs = 1, readsize, eof = 0, gotmnton = 0;
2936 	u_int64_t dotfileid, dotdotfileid = 0, fakefileno = UINT64_MAX;
2937 	char *cp;
2938 	nfsattrbit_t attrbits, dattrbits;
2939 	u_int32_t rderr, *tl2 = NULL;
2940 	size_t tresid;
2941 
2942 	KASSERT(uiop->uio_iovcnt == 1 &&
2943 	    (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0,
2944 	    ("nfs readdirrpc bad uio"));
2945 	ncookie.lval[0] = ncookie.lval[1] = 0;
2946 	/*
2947 	 * There is no point in reading a lot more than uio_resid, however
2948 	 * adding one additional DIRBLKSIZ makes sense. Since uio_resid
2949 	 * and nm_readdirsize are both exact multiples of DIRBLKSIZ, this
2950 	 * will never make readsize > nm_readdirsize.
2951 	 */
2952 	readsize = nmp->nm_readdirsize;
2953 	if (readsize > uiop->uio_resid)
2954 		readsize = uiop->uio_resid + DIRBLKSIZ;
2955 
2956 	*attrflagp = 0;
2957 	if (eofp)
2958 		*eofp = 0;
2959 	tresid = uiop->uio_resid;
2960 	cookie.lval[0] = cookiep->nfsuquad[0];
2961 	cookie.lval[1] = cookiep->nfsuquad[1];
2962 	nd->nd_mrep = NULL;
2963 
2964 	/*
2965 	 * For NFSv4, first create the "." and ".." entries.
2966 	 */
2967 	if (NFSHASNFSV4(nmp)) {
2968 		reqsize = 6 * NFSX_UNSIGNED;
2969 		NFSGETATTR_ATTRBIT(&dattrbits);
2970 		NFSZERO_ATTRBIT(&attrbits);
2971 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
2972 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TYPE);
2973 		if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
2974 		    NFSATTRBIT_MOUNTEDONFILEID)) {
2975 			NFSSETBIT_ATTRBIT(&attrbits,
2976 			    NFSATTRBIT_MOUNTEDONFILEID);
2977 			gotmnton = 1;
2978 		} else {
2979 			/*
2980 			 * Must fake it. Use the fileno, except when the
2981 			 * fsid is != to that of the directory. For that
2982 			 * case, generate a fake fileno that is not the same.
2983 			 */
2984 			NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
2985 			gotmnton = 0;
2986 		}
2987 
2988 		/*
2989 		 * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
2990 		 */
2991 		if (uiop->uio_offset == 0) {
2992 			NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp);
2993 			NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2994 			*tl++ = txdr_unsigned(NFSV4OP_GETFH);
2995 			*tl = txdr_unsigned(NFSV4OP_GETATTR);
2996 			(void) nfsrv_putattrbit(nd, &attrbits);
2997 			error = nfscl_request(nd, vp, p, cred, stuff);
2998 			if (error)
2999 			    return (error);
3000 			dotfileid = 0;	/* Fake out the compiler. */
3001 			if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
3002 			    error = nfsm_loadattr(nd, &nfsva);
3003 			    if (error != 0)
3004 				goto nfsmout;
3005 			    dotfileid = nfsva.na_fileid;
3006 			}
3007 			if (nd->nd_repstat == 0) {
3008 			    NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
3009 			    len = fxdr_unsigned(int, *(tl + 4));
3010 			    if (len > 0 && len <= NFSX_V4FHMAX)
3011 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
3012 			    else
3013 				error = EPERM;
3014 			    if (!error) {
3015 				NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
3016 				nfsva.na_mntonfileno = UINT64_MAX;
3017 				error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
3018 				    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
3019 				    NULL, NULL, NULL, p, cred);
3020 				if (error) {
3021 				    dotdotfileid = dotfileid;
3022 				} else if (gotmnton) {
3023 				    if (nfsva.na_mntonfileno != UINT64_MAX)
3024 					dotdotfileid = nfsva.na_mntonfileno;
3025 				    else
3026 					dotdotfileid = nfsva.na_fileid;
3027 				} else if (nfsva.na_filesid[0] ==
3028 				    dnp->n_vattr.na_filesid[0] &&
3029 				    nfsva.na_filesid[1] ==
3030 				    dnp->n_vattr.na_filesid[1]) {
3031 				    dotdotfileid = nfsva.na_fileid;
3032 				} else {
3033 				    do {
3034 					fakefileno--;
3035 				    } while (fakefileno ==
3036 					nfsva.na_fileid);
3037 				    dotdotfileid = fakefileno;
3038 				}
3039 			    }
3040 			} else if (nd->nd_repstat == NFSERR_NOENT) {
3041 			    /*
3042 			     * Lookupp returns NFSERR_NOENT when we are
3043 			     * at the root, so just use the current dir.
3044 			     */
3045 			    nd->nd_repstat = 0;
3046 			    dotdotfileid = dotfileid;
3047 			} else {
3048 			    error = nd->nd_repstat;
3049 			}
3050 			m_freem(nd->nd_mrep);
3051 			if (error)
3052 			    return (error);
3053 			nd->nd_mrep = NULL;
3054 			dp = (struct dirent *)uiop->uio_iov->iov_base;
3055 			dp->d_pad0 = dp->d_pad1 = 0;
3056 			dp->d_off = 0;
3057 			dp->d_type = DT_DIR;
3058 			dp->d_fileno = dotfileid;
3059 			dp->d_namlen = 1;
3060 			*((uint64_t *)dp->d_name) = 0;	/* Zero pad it. */
3061 			dp->d_name[0] = '.';
3062 			dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
3063 			/*
3064 			 * Just make these offset cookie 0.
3065 			 */
3066 			tl = (u_int32_t *)&dp->d_name[8];
3067 			*tl++ = 0;
3068 			*tl = 0;
3069 			blksiz += dp->d_reclen;
3070 			uiop->uio_resid -= dp->d_reclen;
3071 			uiop->uio_offset += dp->d_reclen;
3072 			uiop->uio_iov->iov_base =
3073 			    (char *)uiop->uio_iov->iov_base + dp->d_reclen;
3074 			uiop->uio_iov->iov_len -= dp->d_reclen;
3075 			dp = (struct dirent *)uiop->uio_iov->iov_base;
3076 			dp->d_pad0 = dp->d_pad1 = 0;
3077 			dp->d_off = 0;
3078 			dp->d_type = DT_DIR;
3079 			dp->d_fileno = dotdotfileid;
3080 			dp->d_namlen = 2;
3081 			*((uint64_t *)dp->d_name) = 0;
3082 			dp->d_name[0] = '.';
3083 			dp->d_name[1] = '.';
3084 			dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
3085 			/*
3086 			 * Just make these offset cookie 0.
3087 			 */
3088 			tl = (u_int32_t *)&dp->d_name[8];
3089 			*tl++ = 0;
3090 			*tl = 0;
3091 			blksiz += dp->d_reclen;
3092 			uiop->uio_resid -= dp->d_reclen;
3093 			uiop->uio_offset += dp->d_reclen;
3094 			uiop->uio_iov->iov_base =
3095 			    (char *)uiop->uio_iov->iov_base + dp->d_reclen;
3096 			uiop->uio_iov->iov_len -= dp->d_reclen;
3097 		}
3098 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_RDATTRERROR);
3099 	} else {
3100 		reqsize = 5 * NFSX_UNSIGNED;
3101 	}
3102 
3103 	/*
3104 	 * Loop around doing readdir rpc's of size readsize.
3105 	 * The stopping criteria is EOF or buffer full.
3106 	 */
3107 	while (more_dirs && bigenough) {
3108 		*attrflagp = 0;
3109 		NFSCL_REQSTART(nd, NFSPROC_READDIR, vp);
3110 		if (nd->nd_flag & ND_NFSV2) {
3111 			NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
3112 			*tl++ = cookie.lval[1];
3113 			*tl = txdr_unsigned(readsize);
3114 		} else {
3115 			NFSM_BUILD(tl, u_int32_t *, reqsize);
3116 			*tl++ = cookie.lval[0];
3117 			*tl++ = cookie.lval[1];
3118 			if (cookie.qval == 0) {
3119 				*tl++ = 0;
3120 				*tl++ = 0;
3121 			} else {
3122 				NFSLOCKNODE(dnp);
3123 				*tl++ = dnp->n_cookieverf.nfsuquad[0];
3124 				*tl++ = dnp->n_cookieverf.nfsuquad[1];
3125 				NFSUNLOCKNODE(dnp);
3126 			}
3127 			if (nd->nd_flag & ND_NFSV4) {
3128 				*tl++ = txdr_unsigned(readsize);
3129 				*tl = txdr_unsigned(readsize);
3130 				(void) nfsrv_putattrbit(nd, &attrbits);
3131 				NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3132 				*tl = txdr_unsigned(NFSV4OP_GETATTR);
3133 				(void) nfsrv_putattrbit(nd, &dattrbits);
3134 			} else {
3135 				*tl = txdr_unsigned(readsize);
3136 			}
3137 		}
3138 		error = nfscl_request(nd, vp, p, cred, stuff);
3139 		if (error)
3140 			return (error);
3141 		if (!(nd->nd_flag & ND_NFSV2)) {
3142 			if (nd->nd_flag & ND_NFSV3)
3143 				error = nfscl_postop_attr(nd, nap, attrflagp,
3144 				    stuff);
3145 			if (!nd->nd_repstat && !error) {
3146 				NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
3147 				NFSLOCKNODE(dnp);
3148 				dnp->n_cookieverf.nfsuquad[0] = *tl++;
3149 				dnp->n_cookieverf.nfsuquad[1] = *tl;
3150 				NFSUNLOCKNODE(dnp);
3151 			}
3152 		}
3153 		if (nd->nd_repstat || error) {
3154 			if (!error)
3155 				error = nd->nd_repstat;
3156 			goto nfsmout;
3157 		}
3158 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3159 		more_dirs = fxdr_unsigned(int, *tl);
3160 		if (!more_dirs)
3161 			tryformoredirs = 0;
3162 
3163 		/* loop through the dir entries, doctoring them to 4bsd form */
3164 		while (more_dirs && bigenough) {
3165 			if (nd->nd_flag & ND_NFSV4) {
3166 				NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
3167 				ncookie.lval[0] = *tl++;
3168 				ncookie.lval[1] = *tl++;
3169 				len = fxdr_unsigned(int, *tl);
3170 			} else if (nd->nd_flag & ND_NFSV3) {
3171 				NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
3172 				nfsva.na_fileid = fxdr_hyper(tl);
3173 				tl += 2;
3174 				len = fxdr_unsigned(int, *tl);
3175 			} else {
3176 				NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
3177 				nfsva.na_fileid = fxdr_unsigned(uint64_t,
3178 				    *tl++);
3179 				len = fxdr_unsigned(int, *tl);
3180 			}
3181 			if (len <= 0 || len > NFS_MAXNAMLEN) {
3182 				error = EBADRPC;
3183 				goto nfsmout;
3184 			}
3185 			tlen = roundup2(len, 8);
3186 			if (tlen == len)
3187 				tlen += 8;  /* To ensure null termination. */
3188 			left = DIRBLKSIZ - blksiz;
3189 			if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) {
3190 				NFSBZERO(uiop->uio_iov->iov_base, left);
3191 				dp->d_reclen += left;
3192 				uiop->uio_iov->iov_base =
3193 				    (char *)uiop->uio_iov->iov_base + left;
3194 				uiop->uio_iov->iov_len -= left;
3195 				uiop->uio_resid -= left;
3196 				uiop->uio_offset += left;
3197 				blksiz = 0;
3198 			}
3199 			if (_GENERIC_DIRLEN(len) + NFSX_HYPER >
3200 			    uiop->uio_resid)
3201 				bigenough = 0;
3202 			if (bigenough) {
3203 				dp = (struct dirent *)uiop->uio_iov->iov_base;
3204 				dp->d_pad0 = dp->d_pad1 = 0;
3205 				dp->d_off = 0;
3206 				dp->d_namlen = len;
3207 				dp->d_reclen = _GENERIC_DIRLEN(len) +
3208 				    NFSX_HYPER;
3209 				dp->d_type = DT_UNKNOWN;
3210 				blksiz += dp->d_reclen;
3211 				if (blksiz == DIRBLKSIZ)
3212 					blksiz = 0;
3213 				uiop->uio_resid -= DIRHDSIZ;
3214 				uiop->uio_offset += DIRHDSIZ;
3215 				uiop->uio_iov->iov_base =
3216 				    (char *)uiop->uio_iov->iov_base + DIRHDSIZ;
3217 				uiop->uio_iov->iov_len -= DIRHDSIZ;
3218 				error = nfsm_mbufuio(nd, uiop, len);
3219 				if (error)
3220 					goto nfsmout;
3221 				cp = uiop->uio_iov->iov_base;
3222 				tlen -= len;
3223 				NFSBZERO(cp, tlen);
3224 				cp += tlen;	/* points to cookie storage */
3225 				tl2 = (u_int32_t *)cp;
3226 				uiop->uio_iov->iov_base =
3227 				    (char *)uiop->uio_iov->iov_base + tlen +
3228 				    NFSX_HYPER;
3229 				uiop->uio_iov->iov_len -= tlen + NFSX_HYPER;
3230 				uiop->uio_resid -= tlen + NFSX_HYPER;
3231 				uiop->uio_offset += (tlen + NFSX_HYPER);
3232 			} else {
3233 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
3234 				if (error)
3235 					goto nfsmout;
3236 			}
3237 			if (nd->nd_flag & ND_NFSV4) {
3238 				rderr = 0;
3239 				nfsva.na_mntonfileno = UINT64_MAX;
3240 				error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
3241 				    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
3242 				    NULL, NULL, &rderr, p, cred);
3243 				if (error)
3244 					goto nfsmout;
3245 				NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3246 			} else if (nd->nd_flag & ND_NFSV3) {
3247 				NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
3248 				ncookie.lval[0] = *tl++;
3249 				ncookie.lval[1] = *tl++;
3250 			} else {
3251 				NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
3252 				ncookie.lval[0] = 0;
3253 				ncookie.lval[1] = *tl++;
3254 			}
3255 			if (bigenough) {
3256 			    if (nd->nd_flag & ND_NFSV4) {
3257 				if (rderr) {
3258 				    dp->d_fileno = 0;
3259 				} else {
3260 				    if (gotmnton) {
3261 					if (nfsva.na_mntonfileno != UINT64_MAX)
3262 					    dp->d_fileno = nfsva.na_mntonfileno;
3263 					else
3264 					    dp->d_fileno = nfsva.na_fileid;
3265 				    } else if (nfsva.na_filesid[0] ==
3266 					dnp->n_vattr.na_filesid[0] &&
3267 					nfsva.na_filesid[1] ==
3268 					dnp->n_vattr.na_filesid[1]) {
3269 					dp->d_fileno = nfsva.na_fileid;
3270 				    } else {
3271 					do {
3272 					    fakefileno--;
3273 					} while (fakefileno ==
3274 					    nfsva.na_fileid);
3275 					dp->d_fileno = fakefileno;
3276 				    }
3277 				    dp->d_type = vtonfs_dtype(nfsva.na_type);
3278 				}
3279 			    } else {
3280 				dp->d_fileno = nfsva.na_fileid;
3281 			    }
3282 			    *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
3283 				ncookie.lval[0];
3284 			    *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
3285 				ncookie.lval[1];
3286 			}
3287 			more_dirs = fxdr_unsigned(int, *tl);
3288 		}
3289 		/*
3290 		 * If at end of rpc data, get the eof boolean
3291 		 */
3292 		if (!more_dirs) {
3293 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3294 			eof = fxdr_unsigned(int, *tl);
3295 			if (tryformoredirs)
3296 				more_dirs = !eof;
3297 			if (nd->nd_flag & ND_NFSV4) {
3298 				error = nfscl_postop_attr(nd, nap, attrflagp,
3299 				    stuff);
3300 				if (error)
3301 					goto nfsmout;
3302 			}
3303 		}
3304 		m_freem(nd->nd_mrep);
3305 		nd->nd_mrep = NULL;
3306 	}
3307 	/*
3308 	 * Fill last record, iff any, out to a multiple of DIRBLKSIZ
3309 	 * by increasing d_reclen for the last record.
3310 	 */
3311 	if (blksiz > 0) {
3312 		left = DIRBLKSIZ - blksiz;
3313 		NFSBZERO(uiop->uio_iov->iov_base, left);
3314 		dp->d_reclen += left;
3315 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base +
3316 		    left;
3317 		uiop->uio_iov->iov_len -= left;
3318 		uiop->uio_resid -= left;
3319 		uiop->uio_offset += left;
3320 	}
3321 
3322 	/*
3323 	 * If returning no data, assume end of file.
3324 	 * If not bigenough, return not end of file, since you aren't
3325 	 *    returning all the data
3326 	 * Otherwise, return the eof flag from the server.
3327 	 */
3328 	if (eofp) {
3329 		if (tresid == ((size_t)(uiop->uio_resid)))
3330 			*eofp = 1;
3331 		else if (!bigenough)
3332 			*eofp = 0;
3333 		else
3334 			*eofp = eof;
3335 	}
3336 
3337 	/*
3338 	 * Add extra empty records to any remaining DIRBLKSIZ chunks.
3339 	 */
3340 	while (uiop->uio_resid > 0 && uiop->uio_resid != tresid) {
3341 		dp = (struct dirent *)uiop->uio_iov->iov_base;
3342 		NFSBZERO(dp, DIRBLKSIZ);
3343 		dp->d_type = DT_UNKNOWN;
3344 		tl = (u_int32_t *)&dp->d_name[4];
3345 		*tl++ = cookie.lval[0];
3346 		*tl = cookie.lval[1];
3347 		dp->d_reclen = DIRBLKSIZ;
3348 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base +
3349 		    DIRBLKSIZ;
3350 		uiop->uio_iov->iov_len -= DIRBLKSIZ;
3351 		uiop->uio_resid -= DIRBLKSIZ;
3352 		uiop->uio_offset += DIRBLKSIZ;
3353 	}
3354 
3355 nfsmout:
3356 	if (nd->nd_mrep != NULL)
3357 		m_freem(nd->nd_mrep);
3358 	return (error);
3359 }
3360 
3361 #ifndef APPLE
3362 /*
3363  * NFS V3 readdir plus RPC. Used in place of nfsrpc_readdir().
3364  * (Also used for NFS V4 when mount flag set.)
3365  * (ditto above w.r.t. multiple of DIRBLKSIZ, etc.)
3366  */
3367 int
nfsrpc_readdirplus(vnode_t vp,struct uio * uiop,nfsuint64 * cookiep,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,int * eofp,void * stuff)3368 nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsuint64 *cookiep,
3369     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
3370     int *eofp, void *stuff)
3371 {
3372 	int len, left;
3373 	struct dirent *dp = NULL;
3374 	u_int32_t *tl;
3375 	vnode_t newvp = NULLVP;
3376 	struct nfsrv_descript nfsd, *nd = &nfsd;
3377 	struct nameidata nami, *ndp = &nami;
3378 	struct componentname *cnp = &ndp->ni_cnd;
3379 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
3380 	struct nfsnode *dnp = VTONFS(vp), *np;
3381 	struct nfsvattr nfsva;
3382 	struct nfsfh *nfhp;
3383 	nfsquad_t cookie, ncookie;
3384 	int error = 0, tlen, more_dirs = 1, blksiz = 0, bigenough = 1;
3385 	int attrflag, tryformoredirs = 1, eof = 0, gotmnton = 0;
3386 	int isdotdot = 0, unlocknewvp = 0;
3387 	u_int64_t dotfileid, dotdotfileid = 0, fakefileno = UINT64_MAX;
3388 	u_int64_t fileno = 0;
3389 	char *cp;
3390 	nfsattrbit_t attrbits, dattrbits;
3391 	size_t tresid;
3392 	u_int32_t *tl2 = NULL, rderr;
3393 	struct timespec dctime, ts;
3394 	bool attr_ok;
3395 
3396 	KASSERT(uiop->uio_iovcnt == 1 &&
3397 	    (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0,
3398 	    ("nfs readdirplusrpc bad uio"));
3399 	ncookie.lval[0] = ncookie.lval[1] = 0;
3400 	timespecclear(&dctime);
3401 	*attrflagp = 0;
3402 	if (eofp != NULL)
3403 		*eofp = 0;
3404 	ndp->ni_dvp = vp;
3405 	nd->nd_mrep = NULL;
3406 	cookie.lval[0] = cookiep->nfsuquad[0];
3407 	cookie.lval[1] = cookiep->nfsuquad[1];
3408 	tresid = uiop->uio_resid;
3409 
3410 	/*
3411 	 * For NFSv4, first create the "." and ".." entries.
3412 	 */
3413 	if (NFSHASNFSV4(nmp)) {
3414 		NFSGETATTR_ATTRBIT(&dattrbits);
3415 		NFSZERO_ATTRBIT(&attrbits);
3416 		NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FILEID);
3417 		if (NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
3418 		    NFSATTRBIT_MOUNTEDONFILEID)) {
3419 			NFSSETBIT_ATTRBIT(&attrbits,
3420 			    NFSATTRBIT_MOUNTEDONFILEID);
3421 			gotmnton = 1;
3422 		} else {
3423 			/*
3424 			 * Must fake it. Use the fileno, except when the
3425 			 * fsid is != to that of the directory. For that
3426 			 * case, generate a fake fileno that is not the same.
3427 			 */
3428 			NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_FSID);
3429 			gotmnton = 0;
3430 		}
3431 
3432 		/*
3433 		 * Joy, oh joy. For V4 we get to hand craft '.' and '..'.
3434 		 */
3435 		if (uiop->uio_offset == 0) {
3436 			NFSCL_REQSTART(nd, NFSPROC_LOOKUPP, vp);
3437 			NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
3438 			*tl++ = txdr_unsigned(NFSV4OP_GETFH);
3439 			*tl = txdr_unsigned(NFSV4OP_GETATTR);
3440 			(void) nfsrv_putattrbit(nd, &attrbits);
3441 			error = nfscl_request(nd, vp, p, cred, stuff);
3442 			if (error)
3443 			    return (error);
3444 			dotfileid = 0;	/* Fake out the compiler. */
3445 			if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
3446 			    error = nfsm_loadattr(nd, &nfsva);
3447 			    if (error != 0)
3448 				goto nfsmout;
3449 			    dctime = nfsva.na_ctime;
3450 			    dotfileid = nfsva.na_fileid;
3451 			}
3452 			if (nd->nd_repstat == 0) {
3453 			    NFSM_DISSECT(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
3454 			    len = fxdr_unsigned(int, *(tl + 4));
3455 			    if (len > 0 && len <= NFSX_V4FHMAX)
3456 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
3457 			    else
3458 				error = EPERM;
3459 			    if (!error) {
3460 				NFSM_DISSECT(tl, u_int32_t *, 2*NFSX_UNSIGNED);
3461 				nfsva.na_mntonfileno = UINT64_MAX;
3462 				error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
3463 				    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
3464 				    NULL, NULL, NULL, p, cred);
3465 				if (error) {
3466 				    dotdotfileid = dotfileid;
3467 				} else if (gotmnton) {
3468 				    if (nfsva.na_mntonfileno != UINT64_MAX)
3469 					dotdotfileid = nfsva.na_mntonfileno;
3470 				    else
3471 					dotdotfileid = nfsva.na_fileid;
3472 				} else if (nfsva.na_filesid[0] ==
3473 				    dnp->n_vattr.na_filesid[0] &&
3474 				    nfsva.na_filesid[1] ==
3475 				    dnp->n_vattr.na_filesid[1]) {
3476 				    dotdotfileid = nfsva.na_fileid;
3477 				} else {
3478 				    do {
3479 					fakefileno--;
3480 				    } while (fakefileno ==
3481 					nfsva.na_fileid);
3482 				    dotdotfileid = fakefileno;
3483 				}
3484 			    }
3485 			} else if (nd->nd_repstat == NFSERR_NOENT) {
3486 			    /*
3487 			     * Lookupp returns NFSERR_NOENT when we are
3488 			     * at the root, so just use the current dir.
3489 			     */
3490 			    nd->nd_repstat = 0;
3491 			    dotdotfileid = dotfileid;
3492 			} else {
3493 			    error = nd->nd_repstat;
3494 			}
3495 			m_freem(nd->nd_mrep);
3496 			if (error)
3497 			    return (error);
3498 			nd->nd_mrep = NULL;
3499 			dp = (struct dirent *)uiop->uio_iov->iov_base;
3500 			dp->d_pad0 = dp->d_pad1 = 0;
3501 			dp->d_off = 0;
3502 			dp->d_type = DT_DIR;
3503 			dp->d_fileno = dotfileid;
3504 			dp->d_namlen = 1;
3505 			*((uint64_t *)dp->d_name) = 0;	/* Zero pad it. */
3506 			dp->d_name[0] = '.';
3507 			dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
3508 			/*
3509 			 * Just make these offset cookie 0.
3510 			 */
3511 			tl = (u_int32_t *)&dp->d_name[8];
3512 			*tl++ = 0;
3513 			*tl = 0;
3514 			blksiz += dp->d_reclen;
3515 			uiop->uio_resid -= dp->d_reclen;
3516 			uiop->uio_offset += dp->d_reclen;
3517 			uiop->uio_iov->iov_base =
3518 			    (char *)uiop->uio_iov->iov_base + dp->d_reclen;
3519 			uiop->uio_iov->iov_len -= dp->d_reclen;
3520 			dp = (struct dirent *)uiop->uio_iov->iov_base;
3521 			dp->d_pad0 = dp->d_pad1 = 0;
3522 			dp->d_off = 0;
3523 			dp->d_type = DT_DIR;
3524 			dp->d_fileno = dotdotfileid;
3525 			dp->d_namlen = 2;
3526 			*((uint64_t *)dp->d_name) = 0;
3527 			dp->d_name[0] = '.';
3528 			dp->d_name[1] = '.';
3529 			dp->d_reclen = _GENERIC_DIRSIZ(dp) + NFSX_HYPER;
3530 			/*
3531 			 * Just make these offset cookie 0.
3532 			 */
3533 			tl = (u_int32_t *)&dp->d_name[8];
3534 			*tl++ = 0;
3535 			*tl = 0;
3536 			blksiz += dp->d_reclen;
3537 			uiop->uio_resid -= dp->d_reclen;
3538 			uiop->uio_offset += dp->d_reclen;
3539 			uiop->uio_iov->iov_base =
3540 			    (char *)uiop->uio_iov->iov_base + dp->d_reclen;
3541 			uiop->uio_iov->iov_len -= dp->d_reclen;
3542 		}
3543 		NFSREADDIRPLUS_ATTRBIT(&attrbits);
3544 		if (gotmnton)
3545 			NFSSETBIT_ATTRBIT(&attrbits,
3546 			    NFSATTRBIT_MOUNTEDONFILEID);
3547 		if (!NFSISSET_ATTRBIT(&dnp->n_vattr.na_suppattr,
3548 		    NFSATTRBIT_TIMECREATE))
3549 			NFSCLRBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMECREATE);
3550 	}
3551 
3552 	/*
3553 	 * Loop around doing readdir rpc's of size nm_readdirsize.
3554 	 * The stopping criteria is EOF or buffer full.
3555 	 */
3556 	while (more_dirs && bigenough) {
3557 		*attrflagp = 0;
3558 		NFSCL_REQSTART(nd, NFSPROC_READDIRPLUS, vp);
3559  		NFSM_BUILD(tl, u_int32_t *, 6 * NFSX_UNSIGNED);
3560 		*tl++ = cookie.lval[0];
3561 		*tl++ = cookie.lval[1];
3562 		if (cookie.qval == 0) {
3563 			*tl++ = 0;
3564 			*tl++ = 0;
3565 		} else {
3566 			NFSLOCKNODE(dnp);
3567 			*tl++ = dnp->n_cookieverf.nfsuquad[0];
3568 			*tl++ = dnp->n_cookieverf.nfsuquad[1];
3569 			NFSUNLOCKNODE(dnp);
3570 		}
3571 		*tl++ = txdr_unsigned(nmp->nm_readdirsize);
3572 		*tl = txdr_unsigned(nmp->nm_readdirsize);
3573 		if (nd->nd_flag & ND_NFSV4) {
3574 			(void) nfsrv_putattrbit(nd, &attrbits);
3575 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3576 			*tl = txdr_unsigned(NFSV4OP_GETATTR);
3577 			(void) nfsrv_putattrbit(nd, &dattrbits);
3578 		}
3579 		nanouptime(&ts);
3580 		error = nfscl_request(nd, vp, p, cred, stuff);
3581 		if (error)
3582 			return (error);
3583 		if (nd->nd_flag & ND_NFSV3)
3584 			error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
3585 		if (nd->nd_repstat || error) {
3586 			if (!error)
3587 				error = nd->nd_repstat;
3588 			goto nfsmout;
3589 		}
3590 		if ((nd->nd_flag & ND_NFSV3) != 0 && *attrflagp != 0)
3591 			dctime = nap->na_ctime;
3592 		NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
3593 		NFSLOCKNODE(dnp);
3594 		dnp->n_cookieverf.nfsuquad[0] = *tl++;
3595 		dnp->n_cookieverf.nfsuquad[1] = *tl++;
3596 		NFSUNLOCKNODE(dnp);
3597 		more_dirs = fxdr_unsigned(int, *tl);
3598 		if (!more_dirs)
3599 			tryformoredirs = 0;
3600 
3601 		/* loop through the dir entries, doctoring them to 4bsd form */
3602 		while (more_dirs && bigenough) {
3603 			NFSM_DISSECT(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
3604 			if (nd->nd_flag & ND_NFSV4) {
3605 				ncookie.lval[0] = *tl++;
3606 				ncookie.lval[1] = *tl++;
3607 			} else {
3608 				fileno = fxdr_hyper(tl);
3609 				tl += 2;
3610 			}
3611 			len = fxdr_unsigned(int, *tl);
3612 			if (len <= 0 || len > NFS_MAXNAMLEN) {
3613 				error = EBADRPC;
3614 				goto nfsmout;
3615 			}
3616 			tlen = roundup2(len, 8);
3617 			if (tlen == len)
3618 				tlen += 8;  /* To ensure null termination. */
3619 			left = DIRBLKSIZ - blksiz;
3620 			if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) {
3621 				NFSBZERO(uiop->uio_iov->iov_base, left);
3622 				dp->d_reclen += left;
3623 				uiop->uio_iov->iov_base =
3624 				    (char *)uiop->uio_iov->iov_base + left;
3625 				uiop->uio_iov->iov_len -= left;
3626 				uiop->uio_resid -= left;
3627 				uiop->uio_offset += left;
3628 				blksiz = 0;
3629 			}
3630 			if (_GENERIC_DIRLEN(len) + NFSX_HYPER >
3631 			    uiop->uio_resid)
3632 				bigenough = 0;
3633 			if (bigenough) {
3634 				dp = (struct dirent *)uiop->uio_iov->iov_base;
3635 				dp->d_pad0 = dp->d_pad1 = 0;
3636 				dp->d_off = 0;
3637 				dp->d_namlen = len;
3638 				dp->d_reclen = _GENERIC_DIRLEN(len) +
3639 				    NFSX_HYPER;
3640 				dp->d_type = DT_UNKNOWN;
3641 				blksiz += dp->d_reclen;
3642 				if (blksiz == DIRBLKSIZ)
3643 					blksiz = 0;
3644 				uiop->uio_resid -= DIRHDSIZ;
3645 				uiop->uio_offset += DIRHDSIZ;
3646 				uiop->uio_iov->iov_base =
3647 				    (char *)uiop->uio_iov->iov_base + DIRHDSIZ;
3648 				uiop->uio_iov->iov_len -= DIRHDSIZ;
3649 				cnp->cn_nameptr = uiop->uio_iov->iov_base;
3650 				cnp->cn_namelen = len;
3651 				NFSCNHASHZERO(cnp);
3652 				error = nfsm_mbufuio(nd, uiop, len);
3653 				if (error)
3654 					goto nfsmout;
3655 				cp = uiop->uio_iov->iov_base;
3656 				tlen -= len;
3657 				NFSBZERO(cp, tlen);
3658 				cp += tlen;	/* points to cookie storage */
3659 				tl2 = (u_int32_t *)cp;
3660 				if (len == 2 && cnp->cn_nameptr[0] == '.' &&
3661 				    cnp->cn_nameptr[1] == '.')
3662 					isdotdot = 1;
3663 				else
3664 					isdotdot = 0;
3665 				uiop->uio_iov->iov_base =
3666 				    (char *)uiop->uio_iov->iov_base + tlen +
3667 				    NFSX_HYPER;
3668 				uiop->uio_iov->iov_len -= tlen + NFSX_HYPER;
3669 				uiop->uio_resid -= tlen + NFSX_HYPER;
3670 				uiop->uio_offset += (tlen + NFSX_HYPER);
3671 			} else {
3672 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
3673 				if (error)
3674 					goto nfsmout;
3675 			}
3676 			nfhp = NULL;
3677 			if (nd->nd_flag & ND_NFSV3) {
3678 				NFSM_DISSECT(tl, u_int32_t *, 3*NFSX_UNSIGNED);
3679 				ncookie.lval[0] = *tl++;
3680 				ncookie.lval[1] = *tl++;
3681 				attrflag = fxdr_unsigned(int, *tl);
3682 				if (attrflag) {
3683 				  error = nfsm_loadattr(nd, &nfsva);
3684 				  if (error)
3685 					goto nfsmout;
3686 				}
3687 				NFSM_DISSECT(tl,u_int32_t *,NFSX_UNSIGNED);
3688 				if (*tl) {
3689 					error = nfsm_getfh(nd, &nfhp);
3690 					if (error)
3691 					    goto nfsmout;
3692 				}
3693 				if (!attrflag && nfhp != NULL) {
3694 					free(nfhp, M_NFSFH);
3695 					nfhp = NULL;
3696 				}
3697 			} else {
3698 				rderr = 0;
3699 				nfsva.na_mntonfileno = 0xffffffff;
3700 				error = nfsv4_loadattr(nd, NULL, &nfsva, &nfhp,
3701 				    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
3702 				    NULL, NULL, &rderr, p, cred);
3703 				if (error)
3704 					goto nfsmout;
3705 			}
3706 
3707 			if (bigenough) {
3708 			    if (nd->nd_flag & ND_NFSV4) {
3709 				if (rderr) {
3710 				    dp->d_fileno = 0;
3711 				} else if (gotmnton) {
3712 				    if (nfsva.na_mntonfileno != 0xffffffff)
3713 					dp->d_fileno = nfsva.na_mntonfileno;
3714 				    else
3715 					dp->d_fileno = nfsva.na_fileid;
3716 				} else if (nfsva.na_filesid[0] ==
3717 				    dnp->n_vattr.na_filesid[0] &&
3718 				    nfsva.na_filesid[1] ==
3719 				    dnp->n_vattr.na_filesid[1]) {
3720 				    dp->d_fileno = nfsva.na_fileid;
3721 				} else {
3722 				    do {
3723 					fakefileno--;
3724 				    } while (fakefileno ==
3725 					nfsva.na_fileid);
3726 				    dp->d_fileno = fakefileno;
3727 				}
3728 			    } else {
3729 				dp->d_fileno = fileno;
3730 			    }
3731 			    *tl2++ = cookiep->nfsuquad[0] = cookie.lval[0] =
3732 				ncookie.lval[0];
3733 			    *tl2 = cookiep->nfsuquad[1] = cookie.lval[1] =
3734 				ncookie.lval[1];
3735 
3736 			    if (nfhp != NULL) {
3737 				attr_ok = true;
3738 				if (NFSRV_CMPFH(nfhp->nfh_fh, nfhp->nfh_len,
3739 				    dnp->n_fhp->nfh_fh, dnp->n_fhp->nfh_len)) {
3740 				    VREF(vp);
3741 				    newvp = vp;
3742 				    unlocknewvp = 0;
3743 				    free(nfhp, M_NFSFH);
3744 				    np = dnp;
3745 				} else if (isdotdot != 0) {
3746 				    /*
3747 				     * Skip doing a nfscl_nget() call for "..".
3748 				     * There's a race between acquiring the nfs
3749 				     * node here and lookups that look for the
3750 				     * directory being read (in the parent).
3751 				     * It would try to get a lock on ".." here,
3752 				     * owning the lock on the directory being
3753 				     * read. Lookup will hold the lock on ".."
3754 				     * and try to acquire the lock on the
3755 				     * directory being read.
3756 				     * If the directory is unlocked/relocked,
3757 				     * then there is a LOR with the buflock
3758 				     * vp is relocked.
3759 				     */
3760 				    free(nfhp, M_NFSFH);
3761 				} else {
3762 				    error = nfscl_nget(vp->v_mount, vp,
3763 				      nfhp, cnp, p, &np, NULL, LK_EXCLUSIVE);
3764 				    if (!error) {
3765 					newvp = NFSTOV(np);
3766 					unlocknewvp = 1;
3767 					/*
3768 					 * If n_localmodtime >= time before RPC,
3769 					 * then a file modification operation,
3770 					 * such as VOP_SETATTR() of size, has
3771 					 * occurred while the Lookup RPC and
3772 					 * acquisition of the vnode happened. As
3773 					 * such, the attributes might be stale,
3774 					 * with possibly an incorrect size.
3775 					 */
3776 					NFSLOCKNODE(np);
3777 					if (timespecisset(
3778 					    &np->n_localmodtime) &&
3779 					    timespeccmp(&np->n_localmodtime,
3780 					    &ts, >=)) {
3781 					    NFSCL_DEBUG(4, "nfsrpc_readdirplus:"
3782 						" localmod stale attributes\n");
3783 					    attr_ok = false;
3784 					}
3785 					NFSUNLOCKNODE(np);
3786 				    }
3787 				}
3788 				nfhp = NULL;
3789 				if (newvp != NULLVP) {
3790 				    if (attr_ok)
3791 					error = nfscl_loadattrcache(&newvp,
3792 					    &nfsva, NULL, NULL, 0, 0);
3793 				    if (error) {
3794 					if (unlocknewvp)
3795 					    vput(newvp);
3796 					else
3797 					    vrele(newvp);
3798 					goto nfsmout;
3799 				    }
3800 				    dp->d_type =
3801 					vtonfs_dtype(np->n_vattr.na_type);
3802 				    ndp->ni_vp = newvp;
3803 				    NFSCNHASH(cnp, HASHINIT);
3804 				    if (cnp->cn_namelen <= NCHNAMLEN &&
3805 					ndp->ni_dvp != ndp->ni_vp &&
3806 					(newvp->v_type != VDIR ||
3807 					 dctime.tv_sec != 0)) {
3808 					cache_enter_time_flags(ndp->ni_dvp,
3809 					    ndp->ni_vp, cnp,
3810 					    &nfsva.na_ctime,
3811 					    newvp->v_type != VDIR ? NULL :
3812 					    &dctime, VFS_CACHE_DROPOLD);
3813 				    }
3814 				    if (unlocknewvp)
3815 					vput(newvp);
3816 				    else
3817 					vrele(newvp);
3818 				    newvp = NULLVP;
3819 				}
3820 			    }
3821 			} else if (nfhp != NULL) {
3822 			    free(nfhp, M_NFSFH);
3823 			}
3824 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3825 			more_dirs = fxdr_unsigned(int, *tl);
3826 		}
3827 		/*
3828 		 * If at end of rpc data, get the eof boolean
3829 		 */
3830 		if (!more_dirs) {
3831 			NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
3832 			eof = fxdr_unsigned(int, *tl);
3833 			if (tryformoredirs)
3834 				more_dirs = !eof;
3835 			if (nd->nd_flag & ND_NFSV4) {
3836 				error = nfscl_postop_attr(nd, nap, attrflagp,
3837 				    stuff);
3838 				if (error)
3839 					goto nfsmout;
3840 			}
3841 		}
3842 		m_freem(nd->nd_mrep);
3843 		nd->nd_mrep = NULL;
3844 	}
3845 	/*
3846 	 * Fill last record, iff any, out to a multiple of DIRBLKSIZ
3847 	 * by increasing d_reclen for the last record.
3848 	 */
3849 	if (blksiz > 0) {
3850 		left = DIRBLKSIZ - blksiz;
3851 		NFSBZERO(uiop->uio_iov->iov_base, left);
3852 		dp->d_reclen += left;
3853 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base +
3854 		    left;
3855 		uiop->uio_iov->iov_len -= left;
3856 		uiop->uio_resid -= left;
3857 		uiop->uio_offset += left;
3858 	}
3859 
3860 	/*
3861 	 * If returning no data, assume end of file.
3862 	 * If not bigenough, return not end of file, since you aren't
3863 	 *    returning all the data
3864 	 * Otherwise, return the eof flag from the server.
3865 	 */
3866 	if (eofp != NULL) {
3867 		if (tresid == uiop->uio_resid)
3868 			*eofp = 1;
3869 		else if (!bigenough)
3870 			*eofp = 0;
3871 		else
3872 			*eofp = eof;
3873 	}
3874 
3875 	/*
3876 	 * Add extra empty records to any remaining DIRBLKSIZ chunks.
3877 	 */
3878 	while (uiop->uio_resid > 0 && uiop->uio_resid != tresid) {
3879 		dp = (struct dirent *)uiop->uio_iov->iov_base;
3880 		NFSBZERO(dp, DIRBLKSIZ);
3881 		dp->d_type = DT_UNKNOWN;
3882 		tl = (u_int32_t *)&dp->d_name[4];
3883 		*tl++ = cookie.lval[0];
3884 		*tl = cookie.lval[1];
3885 		dp->d_reclen = DIRBLKSIZ;
3886 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base +
3887 		    DIRBLKSIZ;
3888 		uiop->uio_iov->iov_len -= DIRBLKSIZ;
3889 		uiop->uio_resid -= DIRBLKSIZ;
3890 		uiop->uio_offset += DIRBLKSIZ;
3891 	}
3892 
3893 nfsmout:
3894 	if (nd->nd_mrep != NULL)
3895 		m_freem(nd->nd_mrep);
3896 	return (error);
3897 }
3898 #endif	/* !APPLE */
3899 
3900 /*
3901  * Nfs commit rpc
3902  */
3903 int
nfsrpc_commit(vnode_t vp,u_quad_t offset,int cnt,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff)3904 nfsrpc_commit(vnode_t vp, u_quad_t offset, int cnt, struct ucred *cred,
3905     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
3906 {
3907 	u_int32_t *tl;
3908 	struct nfsrv_descript nfsd, *nd = &nfsd;
3909 	nfsattrbit_t attrbits;
3910 	int error;
3911 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
3912 
3913 	*attrflagp = 0;
3914 	NFSCL_REQSTART(nd, NFSPROC_COMMIT, vp);
3915 	NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
3916 	txdr_hyper(offset, tl);
3917 	tl += 2;
3918 	*tl = txdr_unsigned(cnt);
3919 	if (nd->nd_flag & ND_NFSV4) {
3920 		/*
3921 		 * And do a Getattr op.
3922 		 */
3923 		NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
3924 		*tl = txdr_unsigned(NFSV4OP_GETATTR);
3925 		NFSGETATTR_ATTRBIT(&attrbits);
3926 		(void) nfsrv_putattrbit(nd, &attrbits);
3927 	}
3928 	error = nfscl_request(nd, vp, p, cred, stuff);
3929 	if (error)
3930 		return (error);
3931 	error = nfscl_wcc_data(nd, vp, nap, attrflagp, NULL, stuff);
3932 	if (!error && !nd->nd_repstat) {
3933 		NFSM_DISSECT(tl, u_int32_t *, NFSX_VERF);
3934 		NFSLOCKMNT(nmp);
3935 		if (NFSBCMP(nmp->nm_verf, tl, NFSX_VERF)) {
3936 			NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
3937 			nd->nd_repstat = NFSERR_STALEWRITEVERF;
3938 		}
3939 		NFSUNLOCKMNT(nmp);
3940 		if (nd->nd_flag & ND_NFSV4)
3941 			error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
3942 	}
3943 nfsmout:
3944 	if (!error && nd->nd_repstat)
3945 		error = nd->nd_repstat;
3946 	m_freem(nd->nd_mrep);
3947 	return (error);
3948 }
3949 
3950 /*
3951  * NFS byte range lock rpc.
3952  * (Mostly just calls one of the three lower level RPC routines.)
3953  */
3954 int
nfsrpc_advlock(vnode_t vp,off_t size,int op,struct flock * fl,int reclaim,struct ucred * cred,NFSPROC_T * p,void * id,int flags)3955 nfsrpc_advlock(vnode_t vp, off_t size, int op, struct flock *fl,
3956     int reclaim, struct ucred *cred, NFSPROC_T *p, void *id, int flags)
3957 {
3958 	struct nfscllockowner *lp;
3959 	struct nfsclclient *clp;
3960 	struct nfsfh *nfhp;
3961 	struct nfsrv_descript nfsd, *nd = &nfsd;
3962 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
3963 	u_int64_t off, len;
3964 	off_t start, end;
3965 	u_int32_t clidrev = 0;
3966 	int error = 0, newone = 0, expireret = 0, retrycnt, donelocally;
3967 	int callcnt, dorpc;
3968 
3969 	/*
3970 	 * Convert the flock structure into a start and end and do POSIX
3971 	 * bounds checking.
3972 	 */
3973 	switch (fl->l_whence) {
3974 	case SEEK_SET:
3975 	case SEEK_CUR:
3976 		/*
3977 		 * Caller is responsible for adding any necessary offset
3978 		 * when SEEK_CUR is used.
3979 		 */
3980 		start = fl->l_start;
3981 		off = fl->l_start;
3982 		break;
3983 	case SEEK_END:
3984 		start = size + fl->l_start;
3985 		off = size + fl->l_start;
3986 		break;
3987 	default:
3988 		return (EINVAL);
3989 	}
3990 	if (start < 0)
3991 		return (EINVAL);
3992 	if (fl->l_len != 0) {
3993 		end = start + fl->l_len - 1;
3994 		if (end < start)
3995 			return (EINVAL);
3996 	}
3997 
3998 	len = fl->l_len;
3999 	if (len == 0)
4000 		len = NFS64BITSSET;
4001 	retrycnt = 0;
4002 	do {
4003 	    nd->nd_repstat = 0;
4004 	    if (op == F_GETLK) {
4005 		error = nfscl_getcl(vp->v_mount, cred, p, false, true, &clp);
4006 		if (error)
4007 			return (error);
4008 		error = nfscl_lockt(vp, clp, off, len, fl, p, id, flags);
4009 		if (!error) {
4010 			clidrev = clp->nfsc_clientidrev;
4011 			error = nfsrpc_lockt(nd, vp, clp, off, len, fl, cred,
4012 			    p, id, flags);
4013 		} else if (error == -1) {
4014 			error = 0;
4015 		}
4016 		nfscl_clientrelease(clp);
4017 	    } else if (op == F_UNLCK && fl->l_type == F_UNLCK) {
4018 		/*
4019 		 * We must loop around for all lockowner cases.
4020 		 */
4021 		callcnt = 0;
4022 		error = nfscl_getcl(vp->v_mount, cred, p, false, true, &clp);
4023 		if (error)
4024 			return (error);
4025 		do {
4026 		    error = nfscl_relbytelock(vp, off, len, cred, p, callcnt,
4027 			clp, id, flags, &lp, &dorpc);
4028 		    /*
4029 		     * If it returns a NULL lp, we're done.
4030 		     */
4031 		    if (lp == NULL) {
4032 			if (callcnt == 0)
4033 			    nfscl_clientrelease(clp);
4034 			else
4035 			    nfscl_releasealllocks(clp, vp, p, id, flags);
4036 			return (error);
4037 		    }
4038 		    if (nmp->nm_clp != NULL)
4039 			clidrev = nmp->nm_clp->nfsc_clientidrev;
4040 		    else
4041 			clidrev = 0;
4042 		    /*
4043 		     * If the server doesn't support Posix lock semantics,
4044 		     * only allow locks on the entire file, since it won't
4045 		     * handle overlapping byte ranges.
4046 		     * There might still be a problem when a lock
4047 		     * upgrade/downgrade (read<->write) occurs, since the
4048 		     * server "might" expect an unlock first?
4049 		     */
4050 		    if (dorpc && (lp->nfsl_open->nfso_posixlock ||
4051 			(off == 0 && len == NFS64BITSSET))) {
4052 			/*
4053 			 * Since the lock records will go away, we must
4054 			 * wait for grace and delay here.
4055 			 */
4056 			do {
4057 			    error = nfsrpc_locku(nd, nmp, lp, off, len,
4058 				NFSV4LOCKT_READ, cred, p, 0);
4059 			    if ((nd->nd_repstat == NFSERR_GRACE ||
4060 				 nd->nd_repstat == NFSERR_DELAY) &&
4061 				error == 0)
4062 				(void) nfs_catnap(PZERO, (int)nd->nd_repstat,
4063 				    "nfs_advlock");
4064 			} while ((nd->nd_repstat == NFSERR_GRACE ||
4065 			    nd->nd_repstat == NFSERR_DELAY) && error == 0);
4066 		    }
4067 		    callcnt++;
4068 		} while (error == 0 && nd->nd_repstat == 0);
4069 		nfscl_releasealllocks(clp, vp, p, id, flags);
4070 	    } else if (op == F_SETLK) {
4071 		error = nfscl_getbytelock(vp, off, len, fl->l_type, cred, p,
4072 		    NULL, 0, id, flags, NULL, NULL, &lp, &newone, &donelocally);
4073 		if (error || donelocally) {
4074 			return (error);
4075 		}
4076 		if (nmp->nm_clp != NULL)
4077 			clidrev = nmp->nm_clp->nfsc_clientidrev;
4078 		else
4079 			clidrev = 0;
4080 		nfhp = VTONFS(vp)->n_fhp;
4081 		if (!lp->nfsl_open->nfso_posixlock &&
4082 		    (off != 0 || len != NFS64BITSSET)) {
4083 			error = EINVAL;
4084 		} else {
4085 			error = nfsrpc_lock(nd, nmp, vp, nfhp->nfh_fh,
4086 			    nfhp->nfh_len, lp, newone, reclaim, off,
4087 			    len, fl->l_type, cred, p, 0);
4088 		}
4089 		if (!error)
4090 			error = nd->nd_repstat;
4091 		nfscl_lockrelease(lp, error, newone);
4092 	    } else {
4093 		error = EINVAL;
4094 	    }
4095 	    if (!error)
4096 	        error = nd->nd_repstat;
4097 	    if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
4098 		error == NFSERR_STALEDONTRECOVER ||
4099 		error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
4100 		error == NFSERR_BADSESSION) {
4101 		(void) nfs_catnap(PZERO, error, "nfs_advlock");
4102 	    } else if ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID)
4103 		&& clidrev != 0) {
4104 		expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
4105 		retrycnt++;
4106 	    }
4107 	} while (error == NFSERR_GRACE ||
4108 	    error == NFSERR_STALECLIENTID || error == NFSERR_DELAY ||
4109 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_STALESTATEID ||
4110 	    error == NFSERR_BADSESSION ||
4111 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
4112 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
4113 	if (error && retrycnt >= 4)
4114 		error = EIO;
4115 	return (error);
4116 }
4117 
4118 /*
4119  * The lower level routine for the LockT case.
4120  */
4121 int
nfsrpc_lockt(struct nfsrv_descript * nd,vnode_t vp,struct nfsclclient * clp,u_int64_t off,u_int64_t len,struct flock * fl,struct ucred * cred,NFSPROC_T * p,void * id,int flags)4122 nfsrpc_lockt(struct nfsrv_descript *nd, vnode_t vp,
4123     struct nfsclclient *clp, u_int64_t off, u_int64_t len, struct flock *fl,
4124     struct ucred *cred, NFSPROC_T *p, void *id, int flags)
4125 {
4126 	u_int32_t *tl;
4127 	int error, type, size;
4128 	uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
4129 	struct nfsnode *np;
4130 	struct nfsmount *nmp;
4131 	struct nfsclsession *tsep;
4132 
4133 	nmp = VFSTONFS(vp->v_mount);
4134 	NFSCL_REQSTART(nd, NFSPROC_LOCKT, vp);
4135 	NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
4136 	if (fl->l_type == F_RDLCK)
4137 		*tl++ = txdr_unsigned(NFSV4LOCKT_READ);
4138 	else
4139 		*tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
4140 	txdr_hyper(off, tl);
4141 	tl += 2;
4142 	txdr_hyper(len, tl);
4143 	tl += 2;
4144 	tsep = nfsmnt_mdssession(nmp);
4145 	*tl++ = tsep->nfsess_clientid.lval[0];
4146 	*tl = tsep->nfsess_clientid.lval[1];
4147 	nfscl_filllockowner(id, own, flags);
4148 	np = VTONFS(vp);
4149 	NFSBCOPY(np->n_fhp->nfh_fh, &own[NFSV4CL_LOCKNAMELEN],
4150 	    np->n_fhp->nfh_len);
4151 	(void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + np->n_fhp->nfh_len);
4152 	error = nfscl_request(nd, vp, p, cred, NULL);
4153 	if (error)
4154 		return (error);
4155 	if (nd->nd_repstat == 0) {
4156 		fl->l_type = F_UNLCK;
4157 	} else if (nd->nd_repstat == NFSERR_DENIED) {
4158 		nd->nd_repstat = 0;
4159 		fl->l_whence = SEEK_SET;
4160 		NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
4161 		fl->l_start = fxdr_hyper(tl);
4162 		tl += 2;
4163 		len = fxdr_hyper(tl);
4164 		tl += 2;
4165 		if (len == NFS64BITSSET)
4166 			fl->l_len = 0;
4167 		else
4168 			fl->l_len = len;
4169 		type = fxdr_unsigned(int, *tl++);
4170 		if (type == NFSV4LOCKT_WRITE)
4171 			fl->l_type = F_WRLCK;
4172 		else
4173 			fl->l_type = F_RDLCK;
4174 		/*
4175 		 * XXX For now, I have no idea what to do with the
4176 		 * conflicting lock_owner, so I'll just set the pid == 0
4177 		 * and skip over the lock_owner.
4178 		 */
4179 		fl->l_pid = (pid_t)0;
4180 		tl += 2;
4181 		size = fxdr_unsigned(int, *tl);
4182 		if (size < 0 || size > NFSV4_OPAQUELIMIT)
4183 			error = EBADRPC;
4184 		if (!error)
4185 			error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
4186 	} else if (nd->nd_repstat == NFSERR_STALECLIENTID)
4187 		nfscl_initiate_recovery(clp);
4188 nfsmout:
4189 	m_freem(nd->nd_mrep);
4190 	return (error);
4191 }
4192 
4193 /*
4194  * Lower level function that performs the LockU RPC.
4195  */
4196 static int
nfsrpc_locku(struct nfsrv_descript * nd,struct nfsmount * nmp,struct nfscllockowner * lp,u_int64_t off,u_int64_t len,u_int32_t type,struct ucred * cred,NFSPROC_T * p,int syscred)4197 nfsrpc_locku(struct nfsrv_descript *nd, struct nfsmount *nmp,
4198     struct nfscllockowner *lp, u_int64_t off, u_int64_t len,
4199     u_int32_t type, struct ucred *cred, NFSPROC_T *p, int syscred)
4200 {
4201 	u_int32_t *tl;
4202 	int error;
4203 
4204 	nfscl_reqstart(nd, NFSPROC_LOCKU, nmp, lp->nfsl_open->nfso_fh,
4205 	    lp->nfsl_open->nfso_fhlen, NULL, NULL, 0, 0);
4206 	NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + 6 * NFSX_UNSIGNED);
4207 	*tl++ = txdr_unsigned(type);
4208 	*tl = txdr_unsigned(lp->nfsl_seqid);
4209 	if (nfstest_outofseq &&
4210 	    (arc4random() % nfstest_outofseq) == 0)
4211 		*tl = txdr_unsigned(lp->nfsl_seqid + 1);
4212 	tl++;
4213 	if (NFSHASNFSV4N(nmp))
4214 		*tl++ = 0;
4215 	else
4216 		*tl++ = lp->nfsl_stateid.seqid;
4217 	*tl++ = lp->nfsl_stateid.other[0];
4218 	*tl++ = lp->nfsl_stateid.other[1];
4219 	*tl++ = lp->nfsl_stateid.other[2];
4220 	txdr_hyper(off, tl);
4221 	tl += 2;
4222 	txdr_hyper(len, tl);
4223 	if (syscred)
4224 		nd->nd_flag |= ND_USEGSSNAME;
4225 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
4226 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4227 	NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
4228 	if (error)
4229 		return (error);
4230 	if (nd->nd_repstat == 0) {
4231 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
4232 		lp->nfsl_stateid.seqid = *tl++;
4233 		lp->nfsl_stateid.other[0] = *tl++;
4234 		lp->nfsl_stateid.other[1] = *tl++;
4235 		lp->nfsl_stateid.other[2] = *tl;
4236 	} else if (nd->nd_repstat == NFSERR_STALESTATEID)
4237 		nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
4238 nfsmout:
4239 	m_freem(nd->nd_mrep);
4240 	return (error);
4241 }
4242 
4243 /*
4244  * The actual Lock RPC.
4245  */
4246 int
nfsrpc_lock(struct nfsrv_descript * nd,struct nfsmount * nmp,vnode_t vp,u_int8_t * nfhp,int fhlen,struct nfscllockowner * lp,int newone,int reclaim,u_int64_t off,u_int64_t len,short type,struct ucred * cred,NFSPROC_T * p,int syscred)4247 nfsrpc_lock(struct nfsrv_descript *nd, struct nfsmount *nmp, vnode_t vp,
4248     u_int8_t *nfhp, int fhlen, struct nfscllockowner *lp, int newone,
4249     int reclaim, u_int64_t off, u_int64_t len, short type, struct ucred *cred,
4250     NFSPROC_T *p, int syscred)
4251 {
4252 	u_int32_t *tl;
4253 	int error, size;
4254 	uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
4255 	struct nfsclsession *tsep;
4256 
4257 	nfscl_reqstart(nd, NFSPROC_LOCK, nmp, nfhp, fhlen, NULL, NULL, 0, 0);
4258 	NFSM_BUILD(tl, u_int32_t *, 7 * NFSX_UNSIGNED);
4259 	if (type == F_RDLCK)
4260 		*tl++ = txdr_unsigned(NFSV4LOCKT_READ);
4261 	else
4262 		*tl++ = txdr_unsigned(NFSV4LOCKT_WRITE);
4263 	*tl++ = txdr_unsigned(reclaim);
4264 	txdr_hyper(off, tl);
4265 	tl += 2;
4266 	txdr_hyper(len, tl);
4267 	tl += 2;
4268 	if (newone) {
4269 	    *tl = newnfs_true;
4270 	    NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID +
4271 		2 * NFSX_UNSIGNED + NFSX_HYPER);
4272 	    *tl++ = txdr_unsigned(lp->nfsl_open->nfso_own->nfsow_seqid);
4273 	    if (NFSHASNFSV4N(nmp))
4274 		*tl++ = 0;
4275 	    else
4276 		*tl++ = lp->nfsl_open->nfso_stateid.seqid;
4277 	    *tl++ = lp->nfsl_open->nfso_stateid.other[0];
4278 	    *tl++ = lp->nfsl_open->nfso_stateid.other[1];
4279 	    *tl++ = lp->nfsl_open->nfso_stateid.other[2];
4280 	    *tl++ = txdr_unsigned(lp->nfsl_seqid);
4281 	    tsep = nfsmnt_mdssession(nmp);
4282 	    *tl++ = tsep->nfsess_clientid.lval[0];
4283 	    *tl = tsep->nfsess_clientid.lval[1];
4284 	    NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
4285 	    NFSBCOPY(nfhp, &own[NFSV4CL_LOCKNAMELEN], fhlen);
4286 	    (void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
4287 	} else {
4288 	    *tl = newnfs_false;
4289 	    NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID + NFSX_UNSIGNED);
4290 	    if (NFSHASNFSV4N(nmp))
4291 		*tl++ = 0;
4292 	    else
4293 		*tl++ = lp->nfsl_stateid.seqid;
4294 	    *tl++ = lp->nfsl_stateid.other[0];
4295 	    *tl++ = lp->nfsl_stateid.other[1];
4296 	    *tl++ = lp->nfsl_stateid.other[2];
4297 	    *tl = txdr_unsigned(lp->nfsl_seqid);
4298 	    if (nfstest_outofseq &&
4299 		(arc4random() % nfstest_outofseq) == 0)
4300 		    *tl = txdr_unsigned(lp->nfsl_seqid + 1);
4301 	}
4302 	if (syscred)
4303 		nd->nd_flag |= ND_USEGSSNAME;
4304 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
4305 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4306 	if (error)
4307 		return (error);
4308 	if (newone)
4309 	    NFSCL_INCRSEQID(lp->nfsl_open->nfso_own->nfsow_seqid, nd);
4310 	NFSCL_INCRSEQID(lp->nfsl_seqid, nd);
4311 	if (nd->nd_repstat == 0) {
4312 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID);
4313 		lp->nfsl_stateid.seqid = *tl++;
4314 		lp->nfsl_stateid.other[0] = *tl++;
4315 		lp->nfsl_stateid.other[1] = *tl++;
4316 		lp->nfsl_stateid.other[2] = *tl;
4317 	} else if (nd->nd_repstat == NFSERR_DENIED) {
4318 		NFSM_DISSECT(tl, u_int32_t *, 8 * NFSX_UNSIGNED);
4319 		size = fxdr_unsigned(int, *(tl + 7));
4320 		if (size < 0 || size > NFSV4_OPAQUELIMIT)
4321 			error = EBADRPC;
4322 		if (!error)
4323 			error = nfsm_advance(nd, NFSM_RNDUP(size), -1);
4324 	} else if (nd->nd_repstat == NFSERR_STALESTATEID)
4325 		nfscl_initiate_recovery(lp->nfsl_open->nfso_own->nfsow_clp);
4326 nfsmout:
4327 	m_freem(nd->nd_mrep);
4328 	return (error);
4329 }
4330 
4331 /*
4332  * nfs statfs rpc
4333  * (always called with the vp for the mount point)
4334  */
4335 int
nfsrpc_statfs(vnode_t vp,struct nfsstatfs * sbp,struct nfsfsinfo * fsp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff)4336 nfsrpc_statfs(vnode_t vp, struct nfsstatfs *sbp, struct nfsfsinfo *fsp,
4337     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
4338     void *stuff)
4339 {
4340 	u_int32_t *tl = NULL;
4341 	struct nfsrv_descript nfsd, *nd = &nfsd;
4342 	struct nfsmount *nmp;
4343 	nfsattrbit_t attrbits;
4344 	int error;
4345 
4346 	*attrflagp = 0;
4347 	nmp = VFSTONFS(vp->v_mount);
4348 	if (NFSHASNFSV4(nmp)) {
4349 		/*
4350 		 * For V4, you actually do a getattr.
4351 		 */
4352 		NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
4353 		NFSSTATFS_GETATTRBIT(&attrbits);
4354 		(void) nfsrv_putattrbit(nd, &attrbits);
4355 		nd->nd_flag |= ND_USEGSSNAME;
4356 		error = nfscl_request(nd, vp, p, cred, stuff);
4357 		if (error)
4358 			return (error);
4359 		if (nd->nd_repstat == 0) {
4360 			error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
4361 			    NULL, NULL, sbp, fsp, NULL, 0, NULL, NULL, NULL, p,
4362 			    cred);
4363 			if (!error) {
4364 				nmp->nm_fsid[0] = nap->na_filesid[0];
4365 				nmp->nm_fsid[1] = nap->na_filesid[1];
4366 				NFSSETHASSETFSID(nmp);
4367 				*attrflagp = 1;
4368 			}
4369 		} else {
4370 			error = nd->nd_repstat;
4371 		}
4372 		if (error)
4373 			goto nfsmout;
4374 	} else {
4375 		NFSCL_REQSTART(nd, NFSPROC_FSSTAT, vp);
4376 		error = nfscl_request(nd, vp, p, cred, stuff);
4377 		if (error)
4378 			return (error);
4379 		if (nd->nd_flag & ND_NFSV3) {
4380 			error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
4381 			if (error)
4382 				goto nfsmout;
4383 		}
4384 		if (nd->nd_repstat) {
4385 			error = nd->nd_repstat;
4386 			goto nfsmout;
4387 		}
4388 		NFSM_DISSECT(tl, u_int32_t *,
4389 		    NFSX_STATFS(nd->nd_flag & ND_NFSV3));
4390 	}
4391 	if (NFSHASNFSV3(nmp)) {
4392 		sbp->sf_tbytes = fxdr_hyper(tl); tl += 2;
4393 		sbp->sf_fbytes = fxdr_hyper(tl); tl += 2;
4394 		sbp->sf_abytes = fxdr_hyper(tl); tl += 2;
4395 		sbp->sf_tfiles = fxdr_hyper(tl); tl += 2;
4396 		sbp->sf_ffiles = fxdr_hyper(tl); tl += 2;
4397 		sbp->sf_afiles = fxdr_hyper(tl); tl += 2;
4398 		sbp->sf_invarsec = fxdr_unsigned(u_int32_t, *tl);
4399 	} else if (NFSHASNFSV4(nmp) == 0) {
4400 		sbp->sf_tsize = fxdr_unsigned(u_int32_t, *tl++);
4401 		sbp->sf_bsize = fxdr_unsigned(u_int32_t, *tl++);
4402 		sbp->sf_blocks = fxdr_unsigned(u_int32_t, *tl++);
4403 		sbp->sf_bfree = fxdr_unsigned(u_int32_t, *tl++);
4404 		sbp->sf_bavail = fxdr_unsigned(u_int32_t, *tl);
4405 	}
4406 nfsmout:
4407 	m_freem(nd->nd_mrep);
4408 	return (error);
4409 }
4410 
4411 /*
4412  * nfs pathconf rpc
4413  */
4414 int
nfsrpc_pathconf(vnode_t vp,struct nfsv3_pathconf * pc,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff)4415 nfsrpc_pathconf(vnode_t vp, struct nfsv3_pathconf *pc,
4416     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp,
4417     void *stuff)
4418 {
4419 	struct nfsrv_descript nfsd, *nd = &nfsd;
4420 	struct nfsmount *nmp;
4421 	u_int32_t *tl;
4422 	nfsattrbit_t attrbits;
4423 	int error;
4424 
4425 	*attrflagp = 0;
4426 	nmp = VFSTONFS(vp->v_mount);
4427 	if (NFSHASNFSV4(nmp)) {
4428 		/*
4429 		 * For V4, you actually do a getattr.
4430 		 */
4431 		NFSCL_REQSTART(nd, NFSPROC_GETATTR, vp);
4432 		NFSPATHCONF_GETATTRBIT(&attrbits);
4433 		(void) nfsrv_putattrbit(nd, &attrbits);
4434 		nd->nd_flag |= ND_USEGSSNAME;
4435 		error = nfscl_request(nd, vp, p, cred, stuff);
4436 		if (error)
4437 			return (error);
4438 		if (nd->nd_repstat == 0) {
4439 			error = nfsv4_loadattr(nd, NULL, nap, NULL, NULL, 0,
4440 			    pc, NULL, NULL, NULL, NULL, 0, NULL, NULL, NULL, p,
4441 			    cred);
4442 			if (!error)
4443 				*attrflagp = 1;
4444 		} else {
4445 			error = nd->nd_repstat;
4446 		}
4447 	} else {
4448 		NFSCL_REQSTART(nd, NFSPROC_PATHCONF, vp);
4449 		error = nfscl_request(nd, vp, p, cred, stuff);
4450 		if (error)
4451 			return (error);
4452 		error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
4453 		if (nd->nd_repstat && !error)
4454 			error = nd->nd_repstat;
4455 		if (!error) {
4456 			NFSM_DISSECT(tl, u_int32_t *, NFSX_V3PATHCONF);
4457 			pc->pc_linkmax = fxdr_unsigned(u_int32_t, *tl++);
4458 			pc->pc_namemax = fxdr_unsigned(u_int32_t, *tl++);
4459 			pc->pc_notrunc = fxdr_unsigned(u_int32_t, *tl++);
4460 			pc->pc_chownrestricted =
4461 			    fxdr_unsigned(u_int32_t, *tl++);
4462 			pc->pc_caseinsensitive =
4463 			    fxdr_unsigned(u_int32_t, *tl++);
4464 			pc->pc_casepreserving = fxdr_unsigned(u_int32_t, *tl);
4465 		}
4466 	}
4467 nfsmout:
4468 	m_freem(nd->nd_mrep);
4469 	return (error);
4470 }
4471 
4472 /*
4473  * nfs version 3 fsinfo rpc call
4474  */
4475 int
nfsrpc_fsinfo(vnode_t vp,struct nfsfsinfo * fsp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * nap,int * attrflagp,void * stuff)4476 nfsrpc_fsinfo(vnode_t vp, struct nfsfsinfo *fsp, struct ucred *cred,
4477     NFSPROC_T *p, struct nfsvattr *nap, int *attrflagp, void *stuff)
4478 {
4479 	u_int32_t *tl;
4480 	struct nfsrv_descript nfsd, *nd = &nfsd;
4481 	int error;
4482 
4483 	*attrflagp = 0;
4484 	NFSCL_REQSTART(nd, NFSPROC_FSINFO, vp);
4485 	error = nfscl_request(nd, vp, p, cred, stuff);
4486 	if (error)
4487 		return (error);
4488 	error = nfscl_postop_attr(nd, nap, attrflagp, stuff);
4489 	if (nd->nd_repstat && !error)
4490 		error = nd->nd_repstat;
4491 	if (!error) {
4492 		NFSM_DISSECT(tl, u_int32_t *, NFSX_V3FSINFO);
4493 		fsp->fs_rtmax = fxdr_unsigned(u_int32_t, *tl++);
4494 		fsp->fs_rtpref = fxdr_unsigned(u_int32_t, *tl++);
4495 		fsp->fs_rtmult = fxdr_unsigned(u_int32_t, *tl++);
4496 		fsp->fs_wtmax = fxdr_unsigned(u_int32_t, *tl++);
4497 		fsp->fs_wtpref = fxdr_unsigned(u_int32_t, *tl++);
4498 		fsp->fs_wtmult = fxdr_unsigned(u_int32_t, *tl++);
4499 		fsp->fs_dtpref = fxdr_unsigned(u_int32_t, *tl++);
4500 		fsp->fs_maxfilesize = fxdr_hyper(tl);
4501 		tl += 2;
4502 		fxdr_nfsv3time(tl, &fsp->fs_timedelta);
4503 		tl += 2;
4504 		fsp->fs_properties = fxdr_unsigned(u_int32_t, *tl);
4505 	}
4506 nfsmout:
4507 	m_freem(nd->nd_mrep);
4508 	return (error);
4509 }
4510 
4511 /*
4512  * This function performs the Renew RPC.
4513  */
4514 int
nfsrpc_renew(struct nfsclclient * clp,struct nfsclds * dsp,struct ucred * cred,NFSPROC_T * p)4515 nfsrpc_renew(struct nfsclclient *clp, struct nfsclds *dsp, struct ucred *cred,
4516     NFSPROC_T *p)
4517 {
4518 	u_int32_t *tl;
4519 	struct nfsrv_descript nfsd;
4520 	struct nfsrv_descript *nd = &nfsd;
4521 	struct nfsmount *nmp;
4522 	int error;
4523 	struct nfssockreq *nrp;
4524 	struct nfsclsession *tsep;
4525 
4526 	nmp = clp->nfsc_nmp;
4527 	if (nmp == NULL)
4528 		return (0);
4529 	if (dsp == NULL)
4530 		nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL, NULL, 0,
4531 		    0);
4532 	else
4533 		nfscl_reqstart(nd, NFSPROC_RENEW, nmp, NULL, 0, NULL,
4534 		    &dsp->nfsclds_sess, 0, 0);
4535 	if (!NFSHASNFSV4N(nmp)) {
4536 		/* NFSv4.1 just uses a Sequence Op and not a Renew. */
4537 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
4538 		tsep = nfsmnt_mdssession(nmp);
4539 		*tl++ = tsep->nfsess_clientid.lval[0];
4540 		*tl = tsep->nfsess_clientid.lval[1];
4541 	}
4542 	nrp = NULL;
4543 	if (dsp != NULL)
4544 		nrp = dsp->nfsclds_sockp;
4545 	if (nrp == NULL)
4546 		/* If NULL, use the MDS socket. */
4547 		nrp = &nmp->nm_sockreq;
4548 	nd->nd_flag |= ND_USEGSSNAME;
4549 	if (dsp == NULL)
4550 		error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
4551 		    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4552 	else {
4553 		error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
4554 		    NFS_PROG, NFS_VER4, NULL, 1, NULL, &dsp->nfsclds_sess);
4555 		if (error == ENXIO)
4556 			nfscl_cancelreqs(dsp);
4557 	}
4558 	if (error)
4559 		return (error);
4560 	error = nd->nd_repstat;
4561 	m_freem(nd->nd_mrep);
4562 	return (error);
4563 }
4564 
4565 /*
4566  * This function performs the Releaselockowner RPC.
4567  */
4568 int
nfsrpc_rellockown(struct nfsmount * nmp,struct nfscllockowner * lp,uint8_t * fh,int fhlen,struct ucred * cred,NFSPROC_T * p)4569 nfsrpc_rellockown(struct nfsmount *nmp, struct nfscllockowner *lp,
4570     uint8_t *fh, int fhlen, struct ucred *cred, NFSPROC_T *p)
4571 {
4572 	struct nfsrv_descript nfsd, *nd = &nfsd;
4573 	u_int32_t *tl;
4574 	int error;
4575 	uint8_t own[NFSV4CL_LOCKNAMELEN + NFSX_V4FHMAX];
4576 	struct nfsclsession *tsep;
4577 
4578 	if (NFSHASNFSV4N(nmp)) {
4579 		/* For NFSv4.1, do a FreeStateID. */
4580 		nfscl_reqstart(nd, NFSPROC_FREESTATEID, nmp, NULL, 0, NULL,
4581 		    NULL, 0, 0);
4582 		nfsm_stateidtom(nd, &lp->nfsl_stateid, NFSSTATEID_PUTSTATEID);
4583 	} else {
4584 		nfscl_reqstart(nd, NFSPROC_RELEASELCKOWN, nmp, NULL, 0, NULL,
4585 		    NULL, 0, 0);
4586 		NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
4587 		tsep = nfsmnt_mdssession(nmp);
4588 		*tl++ = tsep->nfsess_clientid.lval[0];
4589 		*tl = tsep->nfsess_clientid.lval[1];
4590 		NFSBCOPY(lp->nfsl_owner, own, NFSV4CL_LOCKNAMELEN);
4591 		NFSBCOPY(fh, &own[NFSV4CL_LOCKNAMELEN], fhlen);
4592 		(void)nfsm_strtom(nd, own, NFSV4CL_LOCKNAMELEN + fhlen);
4593 	}
4594 	nd->nd_flag |= ND_USEGSSNAME;
4595 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
4596 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4597 	if (error)
4598 		return (error);
4599 	error = nd->nd_repstat;
4600 	m_freem(nd->nd_mrep);
4601 	return (error);
4602 }
4603 
4604 /*
4605  * This function performs the Compound to get the mount pt FH.
4606  */
4607 int
nfsrpc_getdirpath(struct nfsmount * nmp,u_char * dirpath,struct ucred * cred,NFSPROC_T * p)4608 nfsrpc_getdirpath(struct nfsmount *nmp, u_char *dirpath, struct ucred *cred,
4609     NFSPROC_T *p)
4610 {
4611 	u_int32_t *tl;
4612 	struct nfsrv_descript nfsd;
4613 	struct nfsrv_descript *nd = &nfsd;
4614 	u_char *cp, *cp2;
4615 	int error, cnt, len, setnil;
4616 	u_int32_t *opcntp;
4617 
4618 	nfscl_reqstart(nd, NFSPROC_PUTROOTFH, nmp, NULL, 0, &opcntp, NULL, 0,
4619 	    0);
4620 	cp = dirpath;
4621 	cnt = 0;
4622 	do {
4623 		setnil = 0;
4624 		while (*cp == '/')
4625 			cp++;
4626 		cp2 = cp;
4627 		while (*cp2 != '\0' && *cp2 != '/')
4628 			cp2++;
4629 		if (*cp2 == '/') {
4630 			setnil = 1;
4631 			*cp2 = '\0';
4632 		}
4633 		if (cp2 != cp) {
4634 			NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
4635 			*tl = txdr_unsigned(NFSV4OP_LOOKUP);
4636 			nfsm_strtom(nd, cp, strlen(cp));
4637 			cnt++;
4638 		}
4639 		if (setnil)
4640 			*cp2++ = '/';
4641 		cp = cp2;
4642 	} while (*cp != '\0');
4643 	if (NFSHASNFSV4N(nmp))
4644 		/* Has a Sequence Op done by nfscl_reqstart(). */
4645 		*opcntp = txdr_unsigned(3 + cnt);
4646 	else
4647 		*opcntp = txdr_unsigned(2 + cnt);
4648 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
4649 	*tl = txdr_unsigned(NFSV4OP_GETFH);
4650 	nd->nd_flag |= ND_USEGSSNAME;
4651 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
4652 		NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4653 	if (error)
4654 		return (error);
4655 	if (nd->nd_repstat == 0) {
4656 		NFSM_DISSECT(tl, u_int32_t *, (3 + 2 * cnt) * NFSX_UNSIGNED);
4657 		tl += (2 + 2 * cnt);
4658 		if ((len = fxdr_unsigned(int, *tl)) <= 0 ||
4659 			len > NFSX_FHMAX) {
4660 			nd->nd_repstat = NFSERR_BADXDR;
4661 		} else {
4662 			nd->nd_repstat = nfsrv_mtostr(nd, nmp->nm_fh, len);
4663 			if (nd->nd_repstat == 0)
4664 				nmp->nm_fhsize = len;
4665 		}
4666 	}
4667 	error = nd->nd_repstat;
4668 nfsmout:
4669 	m_freem(nd->nd_mrep);
4670 	return (error);
4671 }
4672 
4673 /*
4674  * This function performs the Delegreturn RPC.
4675  */
4676 int
nfsrpc_delegreturn(struct nfscldeleg * dp,struct ucred * cred,struct nfsmount * nmp,NFSPROC_T * p,int syscred)4677 nfsrpc_delegreturn(struct nfscldeleg *dp, struct ucred *cred,
4678     struct nfsmount *nmp, NFSPROC_T *p, int syscred)
4679 {
4680 	u_int32_t *tl;
4681 	struct nfsrv_descript nfsd;
4682 	struct nfsrv_descript *nd = &nfsd;
4683 	int error;
4684 
4685 	nfscl_reqstart(nd, NFSPROC_DELEGRETURN, nmp, dp->nfsdl_fh,
4686 	    dp->nfsdl_fhlen, NULL, NULL, 0, 0);
4687 	NFSM_BUILD(tl, u_int32_t *, NFSX_STATEID);
4688 	if (NFSHASNFSV4N(nmp))
4689 		*tl++ = 0;
4690 	else
4691 		*tl++ = dp->nfsdl_stateid.seqid;
4692 	*tl++ = dp->nfsdl_stateid.other[0];
4693 	*tl++ = dp->nfsdl_stateid.other[1];
4694 	*tl = dp->nfsdl_stateid.other[2];
4695 	if (syscred)
4696 		nd->nd_flag |= ND_USEGSSNAME;
4697 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
4698 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4699 	if (error)
4700 		return (error);
4701 	error = nd->nd_repstat;
4702 	m_freem(nd->nd_mrep);
4703 	return (error);
4704 }
4705 
4706 /*
4707  * nfs getacl call.
4708  */
4709 int
nfsrpc_getacl(vnode_t vp,struct ucred * cred,NFSPROC_T * p,struct acl * aclp,void * stuff)4710 nfsrpc_getacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
4711     struct acl *aclp, void *stuff)
4712 {
4713 	struct nfsrv_descript nfsd, *nd = &nfsd;
4714 	int error;
4715 	nfsattrbit_t attrbits;
4716 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
4717 
4718 	if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
4719 		return (EOPNOTSUPP);
4720 	NFSCL_REQSTART(nd, NFSPROC_GETACL, vp);
4721 	NFSZERO_ATTRBIT(&attrbits);
4722 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
4723 	(void) nfsrv_putattrbit(nd, &attrbits);
4724 	error = nfscl_request(nd, vp, p, cred, stuff);
4725 	if (error)
4726 		return (error);
4727 	if (!nd->nd_repstat)
4728 		error = nfsv4_loadattr(nd, vp, NULL, NULL, NULL, 0, NULL,
4729 		    NULL, NULL, NULL, aclp, 0, NULL, NULL, NULL, p, cred);
4730 	else
4731 		error = nd->nd_repstat;
4732 	m_freem(nd->nd_mrep);
4733 	return (error);
4734 }
4735 
4736 /*
4737  * nfs setacl call.
4738  */
4739 int
nfsrpc_setacl(vnode_t vp,struct ucred * cred,NFSPROC_T * p,struct acl * aclp,void * stuff)4740 nfsrpc_setacl(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
4741     struct acl *aclp, void *stuff)
4742 {
4743 	int error;
4744 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
4745 
4746 	if (nfsrv_useacl == 0 || !NFSHASNFSV4(nmp))
4747 		return (EOPNOTSUPP);
4748 	error = nfsrpc_setattr(vp, NULL, aclp, cred, p, NULL, NULL, stuff);
4749 	return (error);
4750 }
4751 
4752 /*
4753  * nfs setacl call.
4754  */
4755 static int
nfsrpc_setaclrpc(vnode_t vp,struct ucred * cred,NFSPROC_T * p,struct acl * aclp,nfsv4stateid_t * stateidp,void * stuff)4756 nfsrpc_setaclrpc(vnode_t vp, struct ucred *cred, NFSPROC_T *p,
4757     struct acl *aclp, nfsv4stateid_t *stateidp, void *stuff)
4758 {
4759 	struct nfsrv_descript nfsd, *nd = &nfsd;
4760 	int error;
4761 	nfsattrbit_t attrbits;
4762 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
4763 
4764 	if (!NFSHASNFSV4(nmp))
4765 		return (EOPNOTSUPP);
4766 	NFSCL_REQSTART(nd, NFSPROC_SETACL, vp);
4767 	nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
4768 	NFSZERO_ATTRBIT(&attrbits);
4769 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_ACL);
4770 	(void) nfsv4_fillattr(nd, vp->v_mount, vp, aclp, NULL, NULL, 0,
4771 	    &attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0, NULL);
4772 	error = nfscl_request(nd, vp, p, cred, stuff);
4773 	if (error)
4774 		return (error);
4775 	/* Don't care about the pre/postop attributes */
4776 	m_freem(nd->nd_mrep);
4777 	return (nd->nd_repstat);
4778 }
4779 
4780 /*
4781  * Do the NFSv4.1 Exchange ID.
4782  */
4783 int
nfsrpc_exchangeid(struct nfsmount * nmp,struct nfsclclient * clp,struct nfssockreq * nrp,int minorvers,uint32_t exchflags,struct nfsclds ** dspp,struct ucred * cred,NFSPROC_T * p)4784 nfsrpc_exchangeid(struct nfsmount *nmp, struct nfsclclient *clp,
4785     struct nfssockreq *nrp, int minorvers, uint32_t exchflags,
4786     struct nfsclds **dspp, struct ucred *cred, NFSPROC_T *p)
4787 {
4788 	uint32_t *tl, v41flags;
4789 	struct nfsrv_descript nfsd;
4790 	struct nfsrv_descript *nd = &nfsd;
4791 	struct nfsclds *dsp;
4792 	struct timespec verstime;
4793 	int error, len;
4794 
4795 	*dspp = NULL;
4796 	if (minorvers == 0)
4797 		minorvers = nmp->nm_minorvers;
4798 	nfscl_reqstart(nd, NFSPROC_EXCHANGEID, nmp, NULL, 0, NULL, NULL,
4799 	    NFS_VER4, minorvers);
4800 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
4801 	*tl++ = txdr_unsigned(nfsboottime.tv_sec);	/* Client owner */
4802 	*tl = txdr_unsigned(clp->nfsc_rev);
4803 	(void) nfsm_strtom(nd, clp->nfsc_id, clp->nfsc_idlen);
4804 
4805 	NFSM_BUILD(tl, uint32_t *, 3 * NFSX_UNSIGNED);
4806 	*tl++ = txdr_unsigned(exchflags);
4807 	*tl++ = txdr_unsigned(NFSV4EXCH_SP4NONE);
4808 
4809 	/* Set the implementation id4 */
4810 	*tl = txdr_unsigned(1);
4811 	(void) nfsm_strtom(nd, "freebsd.org", strlen("freebsd.org"));
4812 	(void) nfsm_strtom(nd, version, strlen(version));
4813 	NFSM_BUILD(tl, uint32_t *, NFSX_V4TIME);
4814 	verstime.tv_sec = 1293840000;		/* Jan 1, 2011 */
4815 	verstime.tv_nsec = 0;
4816 	txdr_nfsv4time(&verstime, tl);
4817 	nd->nd_flag |= ND_USEGSSNAME;
4818 	error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred,
4819 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
4820 	NFSCL_DEBUG(1, "exchangeid err=%d reps=%d\n", error,
4821 	    (int)nd->nd_repstat);
4822 	if (error != 0)
4823 		return (error);
4824 	if (nd->nd_repstat == 0) {
4825 		NFSM_DISSECT(tl, uint32_t *, 6 * NFSX_UNSIGNED + NFSX_HYPER);
4826 		len = fxdr_unsigned(int, *(tl + 7));
4827 		if (len < 0 || len > NFSV4_OPAQUELIMIT) {
4828 			error = NFSERR_BADXDR;
4829 			goto nfsmout;
4830 		}
4831 		dsp = malloc(sizeof(struct nfsclds) + len + 1, M_NFSCLDS,
4832 		    M_WAITOK | M_ZERO);
4833 		dsp->nfsclds_expire = NFSD_MONOSEC + clp->nfsc_renew;
4834 		dsp->nfsclds_servownlen = len;
4835 		dsp->nfsclds_sess.nfsess_clientid.lval[0] = *tl++;
4836 		dsp->nfsclds_sess.nfsess_clientid.lval[1] = *tl++;
4837 		dsp->nfsclds_sess.nfsess_sequenceid =
4838 		    fxdr_unsigned(uint32_t, *tl++);
4839 		v41flags = fxdr_unsigned(uint32_t, *tl);
4840 		if ((v41flags & NFSV4EXCH_USEPNFSMDS) != 0 &&
4841 		    NFSHASPNFSOPT(nmp)) {
4842 			NFSCL_DEBUG(1, "set PNFS\n");
4843 			NFSLOCKMNT(nmp);
4844 			nmp->nm_state |= NFSSTA_PNFS;
4845 			NFSUNLOCKMNT(nmp);
4846 			dsp->nfsclds_flags |= NFSCLDS_MDS;
4847 		}
4848 		if ((v41flags & NFSV4EXCH_USEPNFSDS) != 0)
4849 			dsp->nfsclds_flags |= NFSCLDS_DS;
4850 		if (minorvers == NFSV42_MINORVERSION)
4851 			dsp->nfsclds_flags |= NFSCLDS_MINORV2;
4852 		if (len > 0)
4853 			nd->nd_repstat = nfsrv_mtostr(nd,
4854 			    dsp->nfsclds_serverown, len);
4855 		if (nd->nd_repstat == 0) {
4856 			mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
4857 			mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
4858 			    NULL, MTX_DEF);
4859 			nfscl_initsessionslots(&dsp->nfsclds_sess);
4860 			*dspp = dsp;
4861 		} else
4862 			free(dsp, M_NFSCLDS);
4863 	}
4864 	error = nd->nd_repstat;
4865 nfsmout:
4866 	m_freem(nd->nd_mrep);
4867 	return (error);
4868 }
4869 
4870 /*
4871  * Do the NFSv4.1 Create Session.
4872  */
4873 int
nfsrpc_createsession(struct nfsmount * nmp,struct nfsclsession * sep,struct nfssockreq * nrp,struct nfsclds * dsp,uint32_t sequenceid,int mds,struct ucred * cred,NFSPROC_T * p)4874 nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep,
4875     struct nfssockreq *nrp, struct nfsclds *dsp, uint32_t sequenceid, int mds,
4876     struct ucred *cred, NFSPROC_T *p)
4877 {
4878 	uint32_t crflags, maxval, *tl;
4879 	struct nfsrv_descript nfsd;
4880 	struct nfsrv_descript *nd = &nfsd;
4881 	int error, irdcnt, minorvers;
4882 
4883 	/* Make sure nm_rsize, nm_wsize is set. */
4884 	if (nmp->nm_rsize > NFS_MAXBSIZE || nmp->nm_rsize == 0)
4885 		nmp->nm_rsize = NFS_MAXBSIZE;
4886 	if (nmp->nm_wsize > NFS_MAXBSIZE || nmp->nm_wsize == 0)
4887 		nmp->nm_wsize = NFS_MAXBSIZE;
4888 	if (dsp == NULL)
4889 		minorvers = nmp->nm_minorvers;
4890 	else if ((dsp->nfsclds_flags & NFSCLDS_MINORV2) != 0)
4891 		minorvers = NFSV42_MINORVERSION;
4892 	else
4893 		minorvers = NFSV41_MINORVERSION;
4894 	nfscl_reqstart(nd, NFSPROC_CREATESESSION, nmp, NULL, 0, NULL, NULL,
4895 	    NFS_VER4, minorvers);
4896 	NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED);
4897 	*tl++ = sep->nfsess_clientid.lval[0];
4898 	*tl++ = sep->nfsess_clientid.lval[1];
4899 	*tl++ = txdr_unsigned(sequenceid);
4900 	crflags = (NFSMNT_RDONLY(nmp->nm_mountp) ? 0 : NFSV4CRSESS_PERSIST);
4901 	if (nfscl_enablecallb != 0 && nfs_numnfscbd > 0 && mds != 0)
4902 		crflags |= NFSV4CRSESS_CONNBACKCHAN;
4903 	*tl = txdr_unsigned(crflags);
4904 
4905 	/* Fill in fore channel attributes. */
4906 	NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
4907 	*tl++ = 0;				/* Header pad size */
4908 	if ((nd->nd_flag & ND_NFSV42) != 0 && mds != 0 && sb_max_adj >=
4909 	    nmp->nm_wsize && sb_max_adj >= nmp->nm_rsize) {
4910 		/*
4911 		 * NFSv4.2 Extended Attribute operations may want to do
4912 		 * requests/replies that are larger than nm_rsize/nm_wsize.
4913 		 */
4914 		*tl++ = txdr_unsigned(sb_max_adj - NFS_MAXXDR);
4915 		*tl++ = txdr_unsigned(sb_max_adj - NFS_MAXXDR);
4916 	} else {
4917 		*tl++ = txdr_unsigned(nmp->nm_wsize + NFS_MAXXDR);
4918 		*tl++ = txdr_unsigned(nmp->nm_rsize + NFS_MAXXDR);
4919 	}
4920 	*tl++ = txdr_unsigned(4096);		/* Max response size cached */
4921 	*tl++ = txdr_unsigned(20);		/* Max operations */
4922 	*tl++ = txdr_unsigned(64);		/* Max slots */
4923 	*tl = 0;				/* No rdma ird */
4924 
4925 	/* Fill in back channel attributes. */
4926 	NFSM_BUILD(tl, uint32_t *, 7 * NFSX_UNSIGNED);
4927 	*tl++ = 0;				/* Header pad size */
4928 	*tl++ = txdr_unsigned(10000);		/* Max request size */
4929 	*tl++ = txdr_unsigned(10000);		/* Max response size */
4930 	*tl++ = txdr_unsigned(4096);		/* Max response size cached */
4931 	*tl++ = txdr_unsigned(4);		/* Max operations */
4932 	*tl++ = txdr_unsigned(NFSV4_CBSLOTS);	/* Max slots */
4933 	*tl = 0;				/* No rdma ird */
4934 
4935 	NFSM_BUILD(tl, uint32_t *, 8 * NFSX_UNSIGNED);
4936 	*tl++ = txdr_unsigned(NFS_CALLBCKPROG);	/* Call back prog # */
4937 
4938 	/* Allow AUTH_SYS callbacks as uid, gid == 0. */
4939 	*tl++ = txdr_unsigned(1);		/* Auth_sys only */
4940 	*tl++ = txdr_unsigned(AUTH_SYS);	/* AUTH_SYS type */
4941 	*tl++ = txdr_unsigned(nfsboottime.tv_sec); /* time stamp */
4942 	*tl++ = 0;				/* Null machine name */
4943 	*tl++ = 0;				/* Uid == 0 */
4944 	*tl++ = 0;				/* Gid == 0 */
4945 	*tl = 0;				/* No additional gids */
4946 	nd->nd_flag |= ND_USEGSSNAME;
4947 	error = newnfs_request(nd, nmp, NULL, nrp, NULL, p, cred, NFS_PROG,
4948 	    NFS_VER4, NULL, 1, NULL, NULL);
4949 	if (error != 0)
4950 		return (error);
4951 	if (nd->nd_repstat == 0) {
4952 		NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
4953 		    2 * NFSX_UNSIGNED);
4954 		bcopy(tl, sep->nfsess_sessionid, NFSX_V4SESSIONID);
4955 		tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
4956 		sep->nfsess_sequenceid = fxdr_unsigned(uint32_t, *tl++);
4957 		crflags = fxdr_unsigned(uint32_t, *tl);
4958 		if ((crflags & NFSV4CRSESS_PERSIST) != 0 && mds != 0) {
4959 			NFSLOCKMNT(nmp);
4960 			nmp->nm_state |= NFSSTA_SESSPERSIST;
4961 			NFSUNLOCKMNT(nmp);
4962 		}
4963 
4964 		/* Get the fore channel slot count. */
4965 		NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
4966 		tl++;			/* Skip the header pad size. */
4967 
4968 		/* Make sure nm_wsize is small enough. */
4969 		maxval = fxdr_unsigned(uint32_t, *tl++);
4970 		while (maxval < nmp->nm_wsize + NFS_MAXXDR) {
4971 			if (nmp->nm_wsize > 8096)
4972 				nmp->nm_wsize /= 2;
4973 			else
4974 				break;
4975 		}
4976 		sep->nfsess_maxreq = maxval;
4977 
4978 		/* Make sure nm_rsize is small enough. */
4979 		maxval = fxdr_unsigned(uint32_t, *tl++);
4980 		while (maxval < nmp->nm_rsize + NFS_MAXXDR) {
4981 			if (nmp->nm_rsize > 8096)
4982 				nmp->nm_rsize /= 2;
4983 			else
4984 				break;
4985 		}
4986 		sep->nfsess_maxresp = maxval;
4987 
4988 		sep->nfsess_maxcache = fxdr_unsigned(int, *tl++);
4989 		tl++;
4990 		sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++);
4991 		NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots);
4992 		irdcnt = fxdr_unsigned(int, *tl);
4993 		if (irdcnt < 0 || irdcnt > 1) {
4994 			error = NFSERR_BADXDR;
4995 			goto nfsmout;
4996 		}
4997 		if (irdcnt > 0)
4998 			NFSM_DISSECT(tl, uint32_t *, irdcnt * NFSX_UNSIGNED);
4999 
5000 		/* and the back channel slot count. */
5001 		NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED);
5002 		tl += 5;
5003 		sep->nfsess_backslots = fxdr_unsigned(uint16_t, *tl);
5004 		NFSCL_DEBUG(4, "back slots=%d\n", (int)sep->nfsess_backslots);
5005 	}
5006 	error = nd->nd_repstat;
5007 nfsmout:
5008 	m_freem(nd->nd_mrep);
5009 	return (error);
5010 }
5011 
5012 /*
5013  * Do the NFSv4.1 Destroy Session.
5014  */
5015 int
nfsrpc_destroysession(struct nfsmount * nmp,struct nfsclclient * clp,struct ucred * cred,NFSPROC_T * p)5016 nfsrpc_destroysession(struct nfsmount *nmp, struct nfsclclient *clp,
5017     struct ucred *cred, NFSPROC_T *p)
5018 {
5019 	uint32_t *tl;
5020 	struct nfsrv_descript nfsd;
5021 	struct nfsrv_descript *nd = &nfsd;
5022 	int error;
5023 	struct nfsclsession *tsep;
5024 
5025 	nfscl_reqstart(nd, NFSPROC_DESTROYSESSION, nmp, NULL, 0, NULL, NULL, 0,
5026 	    0);
5027 	NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID);
5028 	tsep = nfsmnt_mdssession(nmp);
5029 	bcopy(tsep->nfsess_sessionid, tl, NFSX_V4SESSIONID);
5030 	nd->nd_flag |= ND_USEGSSNAME;
5031 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5032 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5033 	if (error != 0)
5034 		return (error);
5035 	error = nd->nd_repstat;
5036 	m_freem(nd->nd_mrep);
5037 	return (error);
5038 }
5039 
5040 /*
5041  * Do the NFSv4.1 Destroy Client.
5042  */
5043 int
nfsrpc_destroyclient(struct nfsmount * nmp,struct nfsclclient * clp,struct ucred * cred,NFSPROC_T * p)5044 nfsrpc_destroyclient(struct nfsmount *nmp, struct nfsclclient *clp,
5045     struct ucred *cred, NFSPROC_T *p)
5046 {
5047 	uint32_t *tl;
5048 	struct nfsrv_descript nfsd;
5049 	struct nfsrv_descript *nd = &nfsd;
5050 	int error;
5051 	struct nfsclsession *tsep;
5052 
5053 	nfscl_reqstart(nd, NFSPROC_DESTROYCLIENT, nmp, NULL, 0, NULL, NULL, 0,
5054 	    0);
5055 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
5056 	tsep = nfsmnt_mdssession(nmp);
5057 	*tl++ = tsep->nfsess_clientid.lval[0];
5058 	*tl = tsep->nfsess_clientid.lval[1];
5059 	nd->nd_flag |= ND_USEGSSNAME;
5060 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5061 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5062 	if (error != 0)
5063 		return (error);
5064 	error = nd->nd_repstat;
5065 	m_freem(nd->nd_mrep);
5066 	return (error);
5067 }
5068 
5069 /*
5070  * Do the NFSv4.1 LayoutGet.
5071  */
5072 static int
nfsrpc_layoutget(struct nfsmount * nmp,uint8_t * fhp,int fhlen,int iomode,uint64_t offset,uint64_t len,uint64_t minlen,int layouttype,int layoutlen,nfsv4stateid_t * stateidp,int * retonclosep,struct nfsclflayouthead * flhp,struct ucred * cred,NFSPROC_T * p,void * stuff)5073 nfsrpc_layoutget(struct nfsmount *nmp, uint8_t *fhp, int fhlen, int iomode,
5074     uint64_t offset, uint64_t len, uint64_t minlen, int layouttype,
5075     int layoutlen, nfsv4stateid_t *stateidp, int *retonclosep,
5076     struct nfsclflayouthead *flhp, struct ucred *cred, NFSPROC_T *p,
5077     void *stuff)
5078 {
5079 	struct nfsrv_descript nfsd, *nd = &nfsd;
5080 	int error;
5081 
5082 	nfscl_reqstart(nd, NFSPROC_LAYOUTGET, nmp, fhp, fhlen, NULL, NULL, 0,
5083 	    0);
5084 	nfsrv_setuplayoutget(nd, iomode, offset, len, minlen, stateidp,
5085 	    layouttype, layoutlen, 0);
5086 	nd->nd_flag |= ND_USEGSSNAME;
5087 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5088 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5089 	NFSCL_DEBUG(4, "layget err=%d st=%d\n", error, nd->nd_repstat);
5090 	if (error != 0)
5091 		return (error);
5092 	if (nd->nd_repstat == 0)
5093 		error = nfsrv_parselayoutget(nmp, nd, stateidp, retonclosep,
5094 		    flhp);
5095 	if (error == 0 && nd->nd_repstat != 0)
5096 		error = nd->nd_repstat;
5097 	m_freem(nd->nd_mrep);
5098 	return (error);
5099 }
5100 
5101 /*
5102  * Do the NFSv4.1 Get Device Info.
5103  */
5104 int
nfsrpc_getdeviceinfo(struct nfsmount * nmp,uint8_t * deviceid,int layouttype,uint32_t * notifybitsp,struct nfscldevinfo ** ndip,struct ucred * cred,NFSPROC_T * p)5105 nfsrpc_getdeviceinfo(struct nfsmount *nmp, uint8_t *deviceid, int layouttype,
5106     uint32_t *notifybitsp, struct nfscldevinfo **ndip, struct ucred *cred,
5107     NFSPROC_T *p)
5108 {
5109 	uint32_t cnt, *tl, vers, minorvers;
5110 	struct nfsrv_descript nfsd;
5111 	struct nfsrv_descript *nd = &nfsd;
5112 	struct sockaddr_in sin, ssin;
5113 	struct sockaddr_in6 sin6, ssin6;
5114 	struct nfsclds *dsp = NULL, **dspp, **gotdspp;
5115 	struct nfscldevinfo *ndi;
5116 	int addrcnt = 0, bitcnt, error, gotminor, gotvers, i, isudp, j;
5117 	int stripecnt;
5118 	uint8_t stripeindex;
5119 	sa_family_t af, safilled;
5120 
5121 	ssin.sin_port = 0;		/* To shut up compiler. */
5122 	ssin.sin_addr.s_addr = 0;	/* ditto */
5123 	*ndip = NULL;
5124 	ndi = NULL;
5125 	gotdspp = NULL;
5126 	nfscl_reqstart(nd, NFSPROC_GETDEVICEINFO, nmp, NULL, 0, NULL, NULL, 0,
5127 	    0);
5128 	NFSM_BUILD(tl, uint32_t *, NFSX_V4DEVICEID + 3 * NFSX_UNSIGNED);
5129 	NFSBCOPY(deviceid, tl, NFSX_V4DEVICEID);
5130 	tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
5131 	*tl++ = txdr_unsigned(layouttype);
5132 	*tl++ = txdr_unsigned(100000);
5133 	if (notifybitsp != NULL && *notifybitsp != 0) {
5134 		*tl = txdr_unsigned(1);		/* One word of bits. */
5135 		NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
5136 		*tl = txdr_unsigned(*notifybitsp);
5137 	} else
5138 		*tl = txdr_unsigned(0);
5139 	nd->nd_flag |= ND_USEGSSNAME;
5140 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5141 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5142 	if (error != 0)
5143 		return (error);
5144 	if (nd->nd_repstat == 0) {
5145 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
5146 		if (layouttype != fxdr_unsigned(int, *tl))
5147 			printf("EEK! devinfo layout type not same!\n");
5148 		if (layouttype == NFSLAYOUT_NFSV4_1_FILES) {
5149 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5150 			stripecnt = fxdr_unsigned(int, *tl);
5151 			NFSCL_DEBUG(4, "stripecnt=%d\n", stripecnt);
5152 			if (stripecnt < 1 || stripecnt > 4096) {
5153 				printf("pNFS File layout devinfo stripecnt %d:"
5154 				    " out of range\n", stripecnt);
5155 				error = NFSERR_BADXDR;
5156 				goto nfsmout;
5157 			}
5158 			NFSM_DISSECT(tl, uint32_t *, (stripecnt + 1) *
5159 			    NFSX_UNSIGNED);
5160 			addrcnt = fxdr_unsigned(int, *(tl + stripecnt));
5161 			NFSCL_DEBUG(4, "addrcnt=%d\n", addrcnt);
5162 			if (addrcnt < 1 || addrcnt > 128) {
5163 				printf("NFS devinfo addrcnt %d: out of range\n",
5164 				    addrcnt);
5165 				error = NFSERR_BADXDR;
5166 				goto nfsmout;
5167 			}
5168 
5169 			/*
5170 			 * Now we know how many stripe indices and addresses, so
5171 			 * we can allocate the structure the correct size.
5172 			 */
5173 			i = (stripecnt * sizeof(uint8_t)) /
5174 			    sizeof(struct nfsclds *) + 1;
5175 			NFSCL_DEBUG(4, "stripeindices=%d\n", i);
5176 			ndi = malloc(sizeof(*ndi) + (addrcnt + i) *
5177 			    sizeof(struct nfsclds *), M_NFSDEVINFO, M_WAITOK |
5178 			    M_ZERO);
5179 			NFSBCOPY(deviceid, ndi->nfsdi_deviceid,
5180 			    NFSX_V4DEVICEID);
5181 			ndi->nfsdi_refcnt = 0;
5182 			ndi->nfsdi_flags = NFSDI_FILELAYOUT;
5183 			ndi->nfsdi_stripecnt = stripecnt;
5184 			ndi->nfsdi_addrcnt = addrcnt;
5185 			/* Fill in the stripe indices. */
5186 			for (i = 0; i < stripecnt; i++) {
5187 				stripeindex = fxdr_unsigned(uint8_t, *tl++);
5188 				NFSCL_DEBUG(4, "stripeind=%d\n", stripeindex);
5189 				if (stripeindex >= addrcnt) {
5190 					printf("pNFS File Layout devinfo"
5191 					    " stripeindex %d: too big\n",
5192 					    (int)stripeindex);
5193 					error = NFSERR_BADXDR;
5194 					goto nfsmout;
5195 				}
5196 				nfsfldi_setstripeindex(ndi, i, stripeindex);
5197 			}
5198 		} else if (layouttype == NFSLAYOUT_FLEXFILE) {
5199 			/* For Flex File, we only get one address list. */
5200 			ndi = malloc(sizeof(*ndi) + sizeof(struct nfsclds *),
5201 			    M_NFSDEVINFO, M_WAITOK | M_ZERO);
5202 			NFSBCOPY(deviceid, ndi->nfsdi_deviceid,
5203 			    NFSX_V4DEVICEID);
5204 			ndi->nfsdi_refcnt = 0;
5205 			ndi->nfsdi_flags = NFSDI_FLEXFILE;
5206 			addrcnt = ndi->nfsdi_addrcnt = 1;
5207 		}
5208 
5209 		/* Now, dissect the server address(es). */
5210 		safilled = AF_UNSPEC;
5211 		for (i = 0; i < addrcnt; i++) {
5212 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5213 			cnt = fxdr_unsigned(uint32_t, *tl);
5214 			if (cnt == 0) {
5215 				printf("NFS devinfo 0 len addrlist\n");
5216 				error = NFSERR_BADXDR;
5217 				goto nfsmout;
5218 			}
5219 			dspp = nfsfldi_addr(ndi, i);
5220 			safilled = AF_UNSPEC;
5221 			for (j = 0; j < cnt; j++) {
5222 				error = nfsv4_getipaddr(nd, &sin, &sin6, &af,
5223 				    &isudp);
5224 				if (error != 0 && error != EPERM) {
5225 					error = NFSERR_BADXDR;
5226 					goto nfsmout;
5227 				}
5228 				if (error == 0 && isudp == 0) {
5229 					/*
5230 					 * The priority is:
5231 					 * - Same address family.
5232 					 * Save the address and dspp, so that
5233 					 * the connection can be done after
5234 					 * parsing is complete.
5235 					 */
5236 					if (safilled == AF_UNSPEC ||
5237 					    (af == nmp->nm_nam->sa_family &&
5238 					     safilled != nmp->nm_nam->sa_family)
5239 					   ) {
5240 						if (af == AF_INET)
5241 							ssin = sin;
5242 						else
5243 							ssin6 = sin6;
5244 						safilled = af;
5245 						gotdspp = dspp;
5246 					}
5247 				}
5248 			}
5249 		}
5250 
5251 		gotvers = NFS_VER4;	/* Default NFSv4.1 for File Layout. */
5252 		gotminor = NFSV41_MINORVERSION;
5253 		/* For Flex File, we will take one of the versions to use. */
5254 		if (layouttype == NFSLAYOUT_FLEXFILE) {
5255 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5256 			j = fxdr_unsigned(int, *tl);
5257 			if (j < 1 || j > NFSDEV_MAXVERS) {
5258 				printf("pNFS: too many versions\n");
5259 				error = NFSERR_BADXDR;
5260 				goto nfsmout;
5261 			}
5262 			gotvers = 0;
5263 			gotminor = 0;
5264 			for (i = 0; i < j; i++) {
5265 				NFSM_DISSECT(tl, uint32_t *, 5 * NFSX_UNSIGNED);
5266 				vers = fxdr_unsigned(uint32_t, *tl++);
5267 				minorvers = fxdr_unsigned(uint32_t, *tl++);
5268 				if (vers == NFS_VER3)
5269 					minorvers = 0;
5270 				if ((vers == NFS_VER4 && ((minorvers ==
5271 				    NFSV41_MINORVERSION && gotminor == 0) ||
5272 				    minorvers == NFSV42_MINORVERSION)) ||
5273 				    (vers == NFS_VER3 && gotvers == 0)) {
5274 					gotvers = vers;
5275 					gotminor = minorvers;
5276 					/* We'll take this one. */
5277 					ndi->nfsdi_versindex = i;
5278 					ndi->nfsdi_vers = vers;
5279 					ndi->nfsdi_minorvers = minorvers;
5280 					ndi->nfsdi_rsize = fxdr_unsigned(
5281 					    uint32_t, *tl++);
5282 					ndi->nfsdi_wsize = fxdr_unsigned(
5283 					    uint32_t, *tl++);
5284 					if (*tl == newnfs_true)
5285 						ndi->nfsdi_flags |=
5286 						    NFSDI_TIGHTCOUPLED;
5287 					else
5288 						ndi->nfsdi_flags &=
5289 						    ~NFSDI_TIGHTCOUPLED;
5290 				}
5291 			}
5292 			if (gotvers == 0) {
5293 				printf("pNFS: no NFSv3, NFSv4.1 or NFSv4.2\n");
5294 				error = NFSERR_BADXDR;
5295 				goto nfsmout;
5296 			}
5297 		}
5298 
5299 		/* And the notify bits. */
5300 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5301 		bitcnt = fxdr_unsigned(int, *tl);
5302 		if (bitcnt > 0) {
5303 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5304 			if (notifybitsp != NULL)
5305 				*notifybitsp =
5306 				    fxdr_unsigned(uint32_t, *tl);
5307 		}
5308 		if (safilled != AF_UNSPEC) {
5309 			KASSERT(ndi != NULL, ("ndi is NULL"));
5310 			*ndip = ndi;
5311 		} else
5312 			error = EPERM;
5313 		if (error == 0) {
5314 			/*
5315 			 * Now we can do a TCP connection for the correct
5316 			 * NFS version and IP address.
5317 			 */
5318 			error = nfsrpc_fillsa(nmp, &ssin, &ssin6, safilled,
5319 			    gotvers, gotminor, &dsp, p);
5320 		}
5321 		if (error == 0) {
5322 			KASSERT(gotdspp != NULL, ("gotdspp is NULL"));
5323 			*gotdspp = dsp;
5324 		}
5325 	}
5326 	if (nd->nd_repstat != 0 && error == 0)
5327 		error = nd->nd_repstat;
5328 nfsmout:
5329 	if (error != 0 && ndi != NULL)
5330 		nfscl_freedevinfo(ndi);
5331 	m_freem(nd->nd_mrep);
5332 	return (error);
5333 }
5334 
5335 /*
5336  * Do the NFSv4.1 LayoutCommit.
5337  */
5338 int
nfsrpc_layoutcommit(struct nfsmount * nmp,uint8_t * fh,int fhlen,int reclaim,uint64_t off,uint64_t len,uint64_t lastbyte,nfsv4stateid_t * stateidp,int layouttype,struct ucred * cred,NFSPROC_T * p,void * stuff)5339 nfsrpc_layoutcommit(struct nfsmount *nmp, uint8_t *fh, int fhlen, int reclaim,
5340     uint64_t off, uint64_t len, uint64_t lastbyte, nfsv4stateid_t *stateidp,
5341     int layouttype, struct ucred *cred, NFSPROC_T *p, void *stuff)
5342 {
5343 	uint32_t *tl;
5344 	struct nfsrv_descript nfsd, *nd = &nfsd;
5345 	int error;
5346 
5347 	nfscl_reqstart(nd, NFSPROC_LAYOUTCOMMIT, nmp, fh, fhlen, NULL, NULL,
5348 	    0, 0);
5349 	NFSM_BUILD(tl, uint32_t *, 5 * NFSX_UNSIGNED + 3 * NFSX_HYPER +
5350 	    NFSX_STATEID);
5351 	txdr_hyper(off, tl);
5352 	tl += 2;
5353 	txdr_hyper(len, tl);
5354 	tl += 2;
5355 	if (reclaim != 0)
5356 		*tl++ = newnfs_true;
5357 	else
5358 		*tl++ = newnfs_false;
5359 	*tl++ = txdr_unsigned(stateidp->seqid);
5360 	*tl++ = stateidp->other[0];
5361 	*tl++ = stateidp->other[1];
5362 	*tl++ = stateidp->other[2];
5363 	*tl++ = newnfs_true;
5364 	if (lastbyte < off)
5365 		lastbyte = off;
5366 	else if (lastbyte >= (off + len))
5367 		lastbyte = off + len - 1;
5368 	txdr_hyper(lastbyte, tl);
5369 	tl += 2;
5370 	*tl++ = newnfs_false;
5371 	*tl++ = txdr_unsigned(layouttype);
5372 	/* All supported layouts are 0 length. */
5373 	*tl = txdr_unsigned(0);
5374 	nd->nd_flag |= ND_USEGSSNAME;
5375 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5376 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5377 	if (error != 0)
5378 		return (error);
5379 	error = nd->nd_repstat;
5380 	m_freem(nd->nd_mrep);
5381 	return (error);
5382 }
5383 
5384 /*
5385  * Do the NFSv4.1 LayoutReturn.
5386  */
5387 int
nfsrpc_layoutreturn(struct nfsmount * nmp,uint8_t * fh,int fhlen,int reclaim,int layouttype,uint32_t iomode,int layoutreturn,uint64_t offset,uint64_t len,nfsv4stateid_t * stateidp,struct ucred * cred,NFSPROC_T * p,uint32_t stat,uint32_t op,char * devid)5388 nfsrpc_layoutreturn(struct nfsmount *nmp, uint8_t *fh, int fhlen, int reclaim,
5389     int layouttype, uint32_t iomode, int layoutreturn, uint64_t offset,
5390     uint64_t len, nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
5391     uint32_t stat, uint32_t op, char *devid)
5392 {
5393 	uint32_t *tl;
5394 	struct nfsrv_descript nfsd, *nd = &nfsd;
5395 	uint64_t tu64;
5396 	int error;
5397 
5398 	nfscl_reqstart(nd, NFSPROC_LAYOUTRETURN, nmp, fh, fhlen, NULL, NULL,
5399 	    0, 0);
5400 	NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED);
5401 	if (reclaim != 0)
5402 		*tl++ = newnfs_true;
5403 	else
5404 		*tl++ = newnfs_false;
5405 	*tl++ = txdr_unsigned(layouttype);
5406 	*tl++ = txdr_unsigned(iomode);
5407 	*tl = txdr_unsigned(layoutreturn);
5408 	if (layoutreturn == NFSLAYOUTRETURN_FILE) {
5409 		NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER + NFSX_STATEID +
5410 		    NFSX_UNSIGNED);
5411 		txdr_hyper(offset, tl);
5412 		tl += 2;
5413 		txdr_hyper(len, tl);
5414 		tl += 2;
5415 		NFSCL_DEBUG(4, "layoutret stseq=%d\n", (int)stateidp->seqid);
5416 		*tl++ = txdr_unsigned(stateidp->seqid);
5417 		*tl++ = stateidp->other[0];
5418 		*tl++ = stateidp->other[1];
5419 		*tl++ = stateidp->other[2];
5420 		if (layouttype == NFSLAYOUT_NFSV4_1_FILES)
5421 			*tl = txdr_unsigned(0);
5422 		else if (layouttype == NFSLAYOUT_FLEXFILE) {
5423 			if (stat != 0) {
5424 				*tl = txdr_unsigned(2 * NFSX_HYPER +
5425 				    NFSX_STATEID + NFSX_V4DEVICEID + 5 *
5426 				    NFSX_UNSIGNED);
5427 				NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER +
5428 				    NFSX_STATEID + NFSX_V4DEVICEID + 5 *
5429 				    NFSX_UNSIGNED);
5430 				*tl++ = txdr_unsigned(1);	/* One error. */
5431 				tu64 = 0;			/* Offset. */
5432 				txdr_hyper(tu64, tl); tl += 2;
5433 				tu64 = UINT64_MAX;		/* Length. */
5434 				txdr_hyper(tu64, tl); tl += 2;
5435 				NFSBCOPY(stateidp, tl, NFSX_STATEID);
5436 				tl += (NFSX_STATEID / NFSX_UNSIGNED);
5437 				*tl++ = txdr_unsigned(1);	/* One error. */
5438 				NFSBCOPY(devid, tl, NFSX_V4DEVICEID);
5439 				tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
5440 				*tl++ = txdr_unsigned(stat);
5441 				*tl++ = txdr_unsigned(op);
5442 			} else {
5443 				*tl = txdr_unsigned(2 * NFSX_UNSIGNED);
5444 				NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
5445 				/* No ioerrs. */
5446 				*tl++ = 0;
5447 			}
5448 			*tl = 0;	/* No stats yet. */
5449 		}
5450 	}
5451 	nd->nd_flag |= ND_USEGSSNAME;
5452 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5453 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5454 	if (error != 0)
5455 		return (error);
5456 	if (nd->nd_repstat == 0) {
5457 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
5458 		if (*tl != 0) {
5459 			NFSM_DISSECT(tl, uint32_t *, NFSX_STATEID);
5460 			stateidp->seqid = fxdr_unsigned(uint32_t, *tl++);
5461 			stateidp->other[0] = *tl++;
5462 			stateidp->other[1] = *tl++;
5463 			stateidp->other[2] = *tl;
5464 		}
5465 	} else
5466 		error = nd->nd_repstat;
5467 nfsmout:
5468 	m_freem(nd->nd_mrep);
5469 	return (error);
5470 }
5471 
5472 /*
5473  * Do the NFSv4.2 LayoutError.
5474  */
5475 static int
nfsrpc_layouterror(struct nfsmount * nmp,uint8_t * fh,int fhlen,uint64_t offset,uint64_t len,nfsv4stateid_t * stateidp,struct ucred * cred,NFSPROC_T * p,uint32_t stat,uint32_t op,char * devid)5476 nfsrpc_layouterror(struct nfsmount *nmp, uint8_t *fh, int fhlen, uint64_t offset,
5477     uint64_t len, nfsv4stateid_t *stateidp, struct ucred *cred, NFSPROC_T *p,
5478     uint32_t stat, uint32_t op, char *devid)
5479 {
5480 	uint32_t *tl;
5481 	struct nfsrv_descript nfsd, *nd = &nfsd;
5482 	int error;
5483 
5484 	nfscl_reqstart(nd, NFSPROC_LAYOUTERROR, nmp, fh, fhlen, NULL, NULL,
5485 	    0, 0);
5486 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER + NFSX_STATEID +
5487 	    NFSX_V4DEVICEID + 3 * NFSX_UNSIGNED);
5488 	txdr_hyper(offset, tl); tl += 2;
5489 	txdr_hyper(len, tl); tl += 2;
5490 	*tl++ = txdr_unsigned(stateidp->seqid);
5491 	*tl++ = stateidp->other[0];
5492 	*tl++ = stateidp->other[1];
5493 	*tl++ = stateidp->other[2];
5494 	*tl++ = txdr_unsigned(1);
5495 	NFSBCOPY(devid, tl, NFSX_V4DEVICEID);
5496 	tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
5497 	*tl++ = txdr_unsigned(stat);
5498 	*tl = txdr_unsigned(op);
5499 	nd->nd_flag |= ND_USEGSSNAME;
5500 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5501 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5502 	if (error != 0)
5503 		return (error);
5504 	if (nd->nd_repstat != 0)
5505 		error = nd->nd_repstat;
5506 	m_freem(nd->nd_mrep);
5507 	return (error);
5508 }
5509 
5510 /*
5511  * Acquire a layout and devinfo, if possible. The caller must have acquired
5512  * a reference count on the nfsclclient structure before calling this.
5513  * Return the layout in lypp with a reference count on it, if successful.
5514  */
5515 static int
nfsrpc_getlayout(struct nfsmount * nmp,vnode_t vp,struct nfsfh * nfhp,int iomode,uint32_t rw,uint32_t * notifybitsp,nfsv4stateid_t * stateidp,uint64_t off,struct nfscllayout ** lypp,struct ucred * cred,NFSPROC_T * p)5516 nfsrpc_getlayout(struct nfsmount *nmp, vnode_t vp, struct nfsfh *nfhp,
5517     int iomode, uint32_t rw, uint32_t *notifybitsp, nfsv4stateid_t *stateidp,
5518     uint64_t off, struct nfscllayout **lypp, struct ucred *cred, NFSPROC_T *p)
5519 {
5520 	struct nfscllayout *lyp;
5521 	struct nfsclflayout *flp;
5522 	struct nfsclflayouthead flh;
5523 	int error = 0, islocked, layoutlen, layouttype, recalled, retonclose;
5524 	nfsv4stateid_t stateid;
5525 	struct nfsclsession *tsep;
5526 
5527 	*lypp = NULL;
5528 	if (NFSHASFLEXFILE(nmp))
5529 		layouttype = NFSLAYOUT_FLEXFILE;
5530 	else
5531 		layouttype = NFSLAYOUT_NFSV4_1_FILES;
5532 	/*
5533 	 * If lyp is returned non-NULL, there will be a refcnt (shared lock)
5534 	 * on it, iff flp != NULL or a lock (exclusive lock) on it iff
5535 	 * flp == NULL.
5536 	 */
5537 	lyp = nfscl_getlayout(nmp->nm_clp, nfhp->nfh_fh, nfhp->nfh_len,
5538 	    off, rw, &flp, &recalled);
5539 	islocked = 0;
5540 	if (lyp == NULL || flp == NULL) {
5541 		if (recalled != 0)
5542 			return (EIO);
5543 		LIST_INIT(&flh);
5544 		tsep = nfsmnt_mdssession(nmp);
5545 		layoutlen = tsep->nfsess_maxcache -
5546 		    (NFSX_STATEID + 3 * NFSX_UNSIGNED);
5547 		if (lyp == NULL) {
5548 			stateid.seqid = 0;
5549 			stateid.other[0] = stateidp->other[0];
5550 			stateid.other[1] = stateidp->other[1];
5551 			stateid.other[2] = stateidp->other[2];
5552 			error = nfsrpc_layoutget(nmp, nfhp->nfh_fh,
5553 			    nfhp->nfh_len, iomode, (uint64_t)0, UINT64_MAX,
5554 			    (uint64_t)0, layouttype, layoutlen, &stateid,
5555 			    &retonclose, &flh, cred, p, NULL);
5556 		} else {
5557 			islocked = 1;
5558 			stateid.seqid = lyp->nfsly_stateid.seqid;
5559 			stateid.other[0] = lyp->nfsly_stateid.other[0];
5560 			stateid.other[1] = lyp->nfsly_stateid.other[1];
5561 			stateid.other[2] = lyp->nfsly_stateid.other[2];
5562 			error = nfsrpc_layoutget(nmp, nfhp->nfh_fh,
5563 			    nfhp->nfh_len, iomode, off, UINT64_MAX,
5564 			    (uint64_t)0, layouttype, layoutlen, &stateid,
5565 			    &retonclose, &flh, cred, p, NULL);
5566 		}
5567 		error = nfsrpc_layoutgetres(nmp, vp, nfhp->nfh_fh,
5568 		    nfhp->nfh_len, &stateid, retonclose, notifybitsp, &lyp,
5569 		    &flh, layouttype, error, NULL, cred, p);
5570 		if (error == 0)
5571 			*lypp = lyp;
5572 		else if (islocked != 0)
5573 			nfscl_rellayout(lyp, 1);
5574 	} else
5575 		*lypp = lyp;
5576 	return (error);
5577 }
5578 
5579 /*
5580  * Do a TCP connection plus exchange id and create session.
5581  * If successful, a "struct nfsclds" is linked into the list for the
5582  * mount point and a pointer to it is returned.
5583  */
5584 static int
nfsrpc_fillsa(struct nfsmount * nmp,struct sockaddr_in * sin,struct sockaddr_in6 * sin6,sa_family_t af,int vers,int minorvers,struct nfsclds ** dspp,NFSPROC_T * p)5585 nfsrpc_fillsa(struct nfsmount *nmp, struct sockaddr_in *sin,
5586     struct sockaddr_in6 *sin6, sa_family_t af, int vers, int minorvers,
5587     struct nfsclds **dspp, NFSPROC_T *p)
5588 {
5589 	struct sockaddr_in *msad, *sad;
5590 	struct sockaddr_in6 *msad6, *sad6;
5591 	struct nfsclclient *clp;
5592 	struct nfssockreq *nrp;
5593 	struct nfsclds *dsp, *tdsp;
5594 	int error, firsttry;
5595 	enum nfsclds_state retv;
5596 	uint32_t sequenceid = 0;
5597 
5598 	KASSERT(nmp->nm_sockreq.nr_cred != NULL,
5599 	    ("nfsrpc_fillsa: NULL nr_cred"));
5600 	NFSLOCKCLSTATE();
5601 	clp = nmp->nm_clp;
5602 	NFSUNLOCKCLSTATE();
5603 	if (clp == NULL)
5604 		return (EPERM);
5605 	if (af == AF_INET) {
5606 		NFSLOCKMNT(nmp);
5607 		/*
5608 		 * Check to see if we already have a session for this
5609 		 * address that is usable for a DS.
5610 		 * Note that the MDS's address is in a different place
5611 		 * than the sessions already acquired for DS's.
5612 		 */
5613 		msad = (struct sockaddr_in *)nmp->nm_sockreq.nr_nam;
5614 		tdsp = TAILQ_FIRST(&nmp->nm_sess);
5615 		while (tdsp != NULL) {
5616 			if (msad != NULL && msad->sin_family == AF_INET &&
5617 			    sin->sin_addr.s_addr == msad->sin_addr.s_addr &&
5618 			    sin->sin_port == msad->sin_port &&
5619 			    (tdsp->nfsclds_flags & NFSCLDS_DS) != 0 &&
5620 			    tdsp->nfsclds_sess.nfsess_defunct == 0) {
5621 				*dspp = tdsp;
5622 				NFSUNLOCKMNT(nmp);
5623 				NFSCL_DEBUG(4, "fnd same addr\n");
5624 				return (0);
5625 			}
5626 			tdsp = TAILQ_NEXT(tdsp, nfsclds_list);
5627 			if (tdsp != NULL && tdsp->nfsclds_sockp != NULL)
5628 				msad = (struct sockaddr_in *)
5629 				    tdsp->nfsclds_sockp->nr_nam;
5630 			else
5631 				msad = NULL;
5632 		}
5633 		NFSUNLOCKMNT(nmp);
5634 
5635 		/* No IP address match, so look for new/trunked one. */
5636 		sad = malloc(sizeof(*sad), M_SONAME, M_WAITOK | M_ZERO);
5637 		sad->sin_len = sizeof(*sad);
5638 		sad->sin_family = AF_INET;
5639 		sad->sin_port = sin->sin_port;
5640 		sad->sin_addr.s_addr = sin->sin_addr.s_addr;
5641 		nrp = malloc(sizeof(*nrp), M_NFSSOCKREQ, M_WAITOK | M_ZERO);
5642 		nrp->nr_nam = (struct sockaddr *)sad;
5643 	} else if (af == AF_INET6) {
5644 		NFSLOCKMNT(nmp);
5645 		/*
5646 		 * Check to see if we already have a session for this
5647 		 * address that is usable for a DS.
5648 		 * Note that the MDS's address is in a different place
5649 		 * than the sessions already acquired for DS's.
5650 		 */
5651 		msad6 = (struct sockaddr_in6 *)nmp->nm_sockreq.nr_nam;
5652 		tdsp = TAILQ_FIRST(&nmp->nm_sess);
5653 		while (tdsp != NULL) {
5654 			if (msad6 != NULL && msad6->sin6_family == AF_INET6 &&
5655 			    IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
5656 			    &msad6->sin6_addr) &&
5657 			    sin6->sin6_port == msad6->sin6_port &&
5658 			    (tdsp->nfsclds_flags & NFSCLDS_DS) != 0 &&
5659 			    tdsp->nfsclds_sess.nfsess_defunct == 0) {
5660 				*dspp = tdsp;
5661 				NFSUNLOCKMNT(nmp);
5662 				return (0);
5663 			}
5664 			tdsp = TAILQ_NEXT(tdsp, nfsclds_list);
5665 			if (tdsp != NULL && tdsp->nfsclds_sockp != NULL)
5666 				msad6 = (struct sockaddr_in6 *)
5667 				    tdsp->nfsclds_sockp->nr_nam;
5668 			else
5669 				msad6 = NULL;
5670 		}
5671 		NFSUNLOCKMNT(nmp);
5672 
5673 		/* No IP address match, so look for new/trunked one. */
5674 		sad6 = malloc(sizeof(*sad6), M_SONAME, M_WAITOK | M_ZERO);
5675 		sad6->sin6_len = sizeof(*sad6);
5676 		sad6->sin6_family = AF_INET6;
5677 		sad6->sin6_port = sin6->sin6_port;
5678 		NFSBCOPY(&sin6->sin6_addr, &sad6->sin6_addr,
5679 		    sizeof(struct in6_addr));
5680 		nrp = malloc(sizeof(*nrp), M_NFSSOCKREQ, M_WAITOK | M_ZERO);
5681 		nrp->nr_nam = (struct sockaddr *)sad6;
5682 	} else
5683 		return (EPERM);
5684 
5685 	nrp->nr_sotype = SOCK_STREAM;
5686 	mtx_init(&nrp->nr_mtx, "nfssock", NULL, MTX_DEF);
5687 	nrp->nr_prog = NFS_PROG;
5688 	nrp->nr_vers = vers;
5689 
5690 	/*
5691 	 * Use the credentials that were used for the mount, which are
5692 	 * in nmp->nm_sockreq.nr_cred for newnfs_connect() etc.
5693 	 * Ref. counting the credentials with crhold() is probably not
5694 	 * necessary, since nm_sockreq.nr_cred won't be crfree()'d until
5695 	 * unmount, but I did it anyhow.
5696 	 */
5697 	nrp->nr_cred = crhold(nmp->nm_sockreq.nr_cred);
5698 	error = newnfs_connect(nmp, nrp, NULL, p, 0, false, &nrp->nr_client);
5699 	NFSCL_DEBUG(3, "DS connect=%d\n", error);
5700 
5701 	dsp = NULL;
5702 	/* Now, do the exchangeid and create session. */
5703 	if (error == 0) {
5704 		if (vers == NFS_VER4) {
5705 			firsttry = 0;
5706 			do {
5707 				error = nfsrpc_exchangeid(nmp, clp, nrp,
5708 				    minorvers, NFSV4EXCH_USEPNFSDS, &dsp,
5709 				    nrp->nr_cred, p);
5710 				NFSCL_DEBUG(3, "DS exchangeid=%d\n", error);
5711 				if (error == NFSERR_MINORVERMISMATCH)
5712 					minorvers = NFSV42_MINORVERSION;
5713 			} while (error == NFSERR_MINORVERMISMATCH &&
5714 			    firsttry++ == 0);
5715 			if (error != 0)
5716 				newnfs_disconnect(NULL, nrp);
5717 		} else {
5718 			dsp = malloc(sizeof(struct nfsclds), M_NFSCLDS,
5719 			    M_WAITOK | M_ZERO);
5720 			dsp->nfsclds_flags |= NFSCLDS_DS;
5721 			dsp->nfsclds_expire = INT32_MAX; /* No renews needed. */
5722 			mtx_init(&dsp->nfsclds_mtx, "nfsds", NULL, MTX_DEF);
5723 			mtx_init(&dsp->nfsclds_sess.nfsess_mtx, "nfssession",
5724 			    NULL, MTX_DEF);
5725 		}
5726 	}
5727 	if (error == 0) {
5728 		dsp->nfsclds_sockp = nrp;
5729 		if (vers == NFS_VER4) {
5730 			NFSLOCKMNT(nmp);
5731 			retv = nfscl_getsameserver(nmp, dsp, &tdsp,
5732 			    &sequenceid);
5733 			NFSCL_DEBUG(3, "getsame ret=%d\n", retv);
5734 			if (retv == NFSDSP_USETHISSESSION &&
5735 			    nfscl_dssameconn != 0) {
5736 				NFSLOCKDS(tdsp);
5737 				tdsp->nfsclds_flags |= NFSCLDS_SAMECONN;
5738 				NFSUNLOCKDS(tdsp);
5739 				NFSUNLOCKMNT(nmp);
5740 				/*
5741 				 * If there is already a session for this
5742 				 * server, use it.
5743 				 */
5744 				newnfs_disconnect(NULL, nrp);
5745 				nfscl_freenfsclds(dsp);
5746 				*dspp = tdsp;
5747 				return (0);
5748 			}
5749 			if (retv == NFSDSP_NOTFOUND)
5750 				sequenceid =
5751 				    dsp->nfsclds_sess.nfsess_sequenceid;
5752 			NFSUNLOCKMNT(nmp);
5753 			error = nfsrpc_createsession(nmp, &dsp->nfsclds_sess,
5754 			    nrp, dsp, sequenceid, 0, nrp->nr_cred, p);
5755 			NFSCL_DEBUG(3, "DS createsess=%d\n", error);
5756 		}
5757 	} else {
5758 		NFSFREECRED(nrp->nr_cred);
5759 		NFSFREEMUTEX(&nrp->nr_mtx);
5760 		free(nrp->nr_nam, M_SONAME);
5761 		free(nrp, M_NFSSOCKREQ);
5762 	}
5763 	if (error == 0) {
5764 		NFSCL_DEBUG(3, "add DS session\n");
5765 		/*
5766 		 * Put it at the end of the list. That way the list
5767 		 * is ordered by when the entry was added. This matters
5768 		 * since the one done first is the one that should be
5769 		 * used for sequencid'ing any subsequent create sessions.
5770 		 */
5771 		NFSLOCKMNT(nmp);
5772 		TAILQ_INSERT_TAIL(&nmp->nm_sess, dsp, nfsclds_list);
5773 		NFSUNLOCKMNT(nmp);
5774 		*dspp = dsp;
5775 	} else if (dsp != NULL) {
5776 		newnfs_disconnect(NULL, nrp);
5777 		nfscl_freenfsclds(dsp);
5778 	}
5779 	return (error);
5780 }
5781 
5782 /*
5783  * Do the NFSv4.1 Reclaim Complete.
5784  */
5785 int
nfsrpc_reclaimcomplete(struct nfsmount * nmp,struct ucred * cred,NFSPROC_T * p)5786 nfsrpc_reclaimcomplete(struct nfsmount *nmp, struct ucred *cred, NFSPROC_T *p)
5787 {
5788 	uint32_t *tl;
5789 	struct nfsrv_descript nfsd;
5790 	struct nfsrv_descript *nd = &nfsd;
5791 	int error;
5792 
5793 	nfscl_reqstart(nd, NFSPROC_RECLAIMCOMPL, nmp, NULL, 0, NULL, NULL, 0,
5794 	    0);
5795 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
5796 	*tl = newnfs_false;
5797 	nd->nd_flag |= ND_USEGSSNAME;
5798 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
5799 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
5800 	if (error != 0)
5801 		return (error);
5802 	error = nd->nd_repstat;
5803 	m_freem(nd->nd_mrep);
5804 	return (error);
5805 }
5806 
5807 /*
5808  * Initialize the slot tables for a session.
5809  */
5810 static void
nfscl_initsessionslots(struct nfsclsession * sep)5811 nfscl_initsessionslots(struct nfsclsession *sep)
5812 {
5813 	int i;
5814 
5815 	for (i = 0; i < NFSV4_CBSLOTS; i++) {
5816 		if (sep->nfsess_cbslots[i].nfssl_reply != NULL)
5817 			m_freem(sep->nfsess_cbslots[i].nfssl_reply);
5818 		NFSBZERO(&sep->nfsess_cbslots[i], sizeof(struct nfsslot));
5819 	}
5820 	for (i = 0; i < 64; i++)
5821 		sep->nfsess_slotseq[i] = 0;
5822 	sep->nfsess_slots = 0;
5823 }
5824 
5825 /*
5826  * Called to try and do an I/O operation via an NFSv4.1 Data Server (DS).
5827  */
5828 int
nfscl_doiods(vnode_t vp,struct uio * uiop,int * iomode,int * must_commit,uint32_t rwaccess,int docommit,struct ucred * cred,NFSPROC_T * p)5829 nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
5830     uint32_t rwaccess, int docommit, struct ucred *cred, NFSPROC_T *p)
5831 {
5832 	struct nfsnode *np = VTONFS(vp);
5833 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
5834 	struct nfscllayout *layp;
5835 	struct nfscldevinfo *dip;
5836 	struct nfsclflayout *rflp;
5837 	struct mbuf *m, *m2;
5838 	struct nfsclwritedsdorpc *drpc, *tdrpc;
5839 	nfsv4stateid_t stateid;
5840 	struct ucred *newcred;
5841 	uint64_t lastbyte, len, off, oresid, xfer;
5842 	int eof, error, firstmirror, i, iolaymode, mirrorcnt, recalled, timo;
5843 	void *lckp;
5844 	uint8_t *dev;
5845 	void *iovbase = NULL;
5846 	size_t iovlen = 0;
5847 	off_t offs = 0;
5848 	ssize_t resid = 0;
5849 	uint32_t op;
5850 
5851 	if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 || nfs_numnfscbd == 0 ||
5852 	    (np->n_flag & NNOLAYOUT) != 0)
5853 		return (EIO);
5854 	/* Now, get a reference cnt on the clientid for this mount. */
5855 	if (nfscl_getref(nmp) == 0)
5856 		return (EIO);
5857 
5858 	/* Find an appropriate stateid. */
5859 	newcred = NFSNEWCRED(cred);
5860 	error = nfscl_getstateid(vp, np->n_fhp->nfh_fh, np->n_fhp->nfh_len,
5861 	    rwaccess, 1, newcred, p, &stateid, &lckp);
5862 	if (error != 0) {
5863 		NFSFREECRED(newcred);
5864 		nfscl_relref(nmp);
5865 		return (error);
5866 	}
5867 	/* Search for a layout for this file. */
5868 	off = uiop->uio_offset;
5869 	layp = nfscl_getlayout(nmp->nm_clp, np->n_fhp->nfh_fh,
5870 	    np->n_fhp->nfh_len, off, rwaccess, &rflp, &recalled);
5871 	if (layp == NULL || rflp == NULL) {
5872 		if (recalled != 0) {
5873 			NFSFREECRED(newcred);
5874 			if (lckp != NULL)
5875 				nfscl_lockderef(lckp);
5876 			nfscl_relref(nmp);
5877 			return (EIO);
5878 		}
5879 		if (layp != NULL) {
5880 			nfscl_rellayout(layp, (rflp == NULL) ? 1 : 0);
5881 			layp = NULL;
5882 		}
5883 		/* Try and get a Layout, if it is supported. */
5884 		if (rwaccess == NFSV4OPEN_ACCESSWRITE ||
5885 		    (np->n_flag & NWRITEOPENED) != 0)
5886 			iolaymode = NFSLAYOUTIOMODE_RW;
5887 		else
5888 			iolaymode = NFSLAYOUTIOMODE_READ;
5889 		error = nfsrpc_getlayout(nmp, vp, np->n_fhp, iolaymode,
5890 		    rwaccess, NULL, &stateid, off, &layp, newcred, p);
5891 		if (error != 0) {
5892 			NFSLOCKNODE(np);
5893 			np->n_flag |= NNOLAYOUT;
5894 			NFSUNLOCKNODE(np);
5895 			if (lckp != NULL)
5896 				nfscl_lockderef(lckp);
5897 			NFSFREECRED(newcred);
5898 			if (layp != NULL)
5899 				nfscl_rellayout(layp, 0);
5900 			nfscl_relref(nmp);
5901 			return (error);
5902 		}
5903 	}
5904 
5905 	/*
5906 	 * Loop around finding a layout that works for the first part of
5907 	 * this I/O operation, and then call the function that actually
5908 	 * does the RPC.
5909 	 */
5910 	eof = 0;
5911 	len = (uint64_t)uiop->uio_resid;
5912 	while (len > 0 && error == 0 && eof == 0) {
5913 		off = uiop->uio_offset;
5914 		error = nfscl_findlayoutforio(layp, off, rwaccess, &rflp);
5915 		if (error == 0) {
5916 			oresid = xfer = (uint64_t)uiop->uio_resid;
5917 			if (xfer > (rflp->nfsfl_end - rflp->nfsfl_off))
5918 				xfer = rflp->nfsfl_end - rflp->nfsfl_off;
5919 			/*
5920 			 * For Flex File layout with mirrored DSs, select one
5921 			 * of them at random for reads. For writes and commits,
5922 			 * do all mirrors.
5923 			 */
5924 			m = NULL;
5925 			tdrpc = drpc = NULL;
5926 			firstmirror = 0;
5927 			mirrorcnt = 1;
5928 			if ((layp->nfsly_flags & NFSLY_FLEXFILE) != 0 &&
5929 			    (mirrorcnt = rflp->nfsfl_mirrorcnt) > 1) {
5930 				if (rwaccess == NFSV4OPEN_ACCESSREAD) {
5931 					firstmirror = arc4random() % mirrorcnt;
5932 					mirrorcnt = firstmirror + 1;
5933 				} else {
5934 					if (docommit == 0) {
5935 						/*
5936 						 * Save values, so uiop can be
5937 						 * rolled back upon a write
5938 						 * error.
5939 						 */
5940 						offs = uiop->uio_offset;
5941 						resid = uiop->uio_resid;
5942 						iovbase =
5943 						    uiop->uio_iov->iov_base;
5944 						iovlen = uiop->uio_iov->iov_len;
5945 						m = nfsm_uiombuflist(uiop, len,
5946 						    0);
5947 					}
5948 					tdrpc = drpc = malloc(sizeof(*drpc) *
5949 					    (mirrorcnt - 1), M_TEMP, M_WAITOK |
5950 					    M_ZERO);
5951 				}
5952 			}
5953 			for (i = firstmirror; i < mirrorcnt && error == 0; i++){
5954 				m2 = NULL;
5955 				if (m != NULL && i < mirrorcnt - 1)
5956 					m2 = m_copym(m, 0, M_COPYALL, M_WAITOK);
5957 				else {
5958 					m2 = m;
5959 					m = NULL;
5960 				}
5961 				if ((layp->nfsly_flags & NFSLY_FLEXFILE) != 0) {
5962 					dev = rflp->nfsfl_ffm[i].dev;
5963 					dip = nfscl_getdevinfo(nmp->nm_clp, dev,
5964 					    rflp->nfsfl_ffm[i].devp);
5965 				} else {
5966 					dev = rflp->nfsfl_dev;
5967 					dip = nfscl_getdevinfo(nmp->nm_clp, dev,
5968 					    rflp->nfsfl_devp);
5969 				}
5970 				if (dip != NULL) {
5971 					if ((rflp->nfsfl_flags & NFSFL_FLEXFILE)
5972 					    != 0)
5973 						error = nfscl_dofflayoutio(vp,
5974 						    uiop, iomode, must_commit,
5975 						    &eof, &stateid, rwaccess,
5976 						    dip, layp, rflp, off, xfer,
5977 						    i, docommit, m2, tdrpc,
5978 						    newcred, p);
5979 					else
5980 						error = nfscl_doflayoutio(vp,
5981 						    uiop, iomode, must_commit,
5982 						    &eof, &stateid, rwaccess,
5983 						    dip, layp, rflp, off, xfer,
5984 						    docommit, newcred, p);
5985 					nfscl_reldevinfo(dip);
5986 				} else {
5987 					if (m2 != NULL)
5988 						m_freem(m2);
5989 					error = EIO;
5990 				}
5991 				tdrpc++;
5992 			}
5993 			if (m != NULL)
5994 				m_freem(m);
5995 			tdrpc = drpc;
5996 			timo = hz / 50;		/* Wait for 20msec. */
5997 			if (timo < 1)
5998 				timo = 1;
5999 			for (i = firstmirror; i < mirrorcnt - 1 &&
6000 			    tdrpc != NULL; i++, tdrpc++) {
6001 				/*
6002 				 * For the unused drpc entries, both inprog and
6003 				 * err == 0, so this loop won't break.
6004 				 */
6005 				while (tdrpc->inprog != 0 && tdrpc->done == 0)
6006 					tsleep(&tdrpc->tsk, PVFS, "clrpcio",
6007 					    timo);
6008 				if (error == 0 && tdrpc->err != 0)
6009 					error = tdrpc->err;
6010 				if (rwaccess != NFSV4OPEN_ACCESSREAD &&
6011 				    docommit == 0 && *must_commit == 0 &&
6012 				    tdrpc->must_commit == 1)
6013 					*must_commit = 1;
6014 			}
6015 			free(drpc, M_TEMP);
6016 			if (error == 0) {
6017 				if (mirrorcnt > 1 && rwaccess ==
6018 				    NFSV4OPEN_ACCESSWRITE && docommit == 0) {
6019 					NFSLOCKCLSTATE();
6020 					layp->nfsly_flags |= NFSLY_WRITTEN;
6021 					NFSUNLOCKCLSTATE();
6022 				}
6023 				lastbyte = off + xfer - 1;
6024 				NFSLOCKCLSTATE();
6025 				if (lastbyte > layp->nfsly_lastbyte)
6026 					layp->nfsly_lastbyte = lastbyte;
6027 				NFSUNLOCKCLSTATE();
6028 			} else if (error == NFSERR_OPENMODE &&
6029 			    rwaccess == NFSV4OPEN_ACCESSREAD) {
6030 				NFSLOCKMNT(nmp);
6031 				nmp->nm_state |= NFSSTA_OPENMODE;
6032 				NFSUNLOCKMNT(nmp);
6033 			} else if ((error == NFSERR_NOSPC ||
6034 			    error == NFSERR_IO || error == NFSERR_NXIO) &&
6035 			    nmp->nm_minorvers == NFSV42_MINORVERSION) {
6036 				if (docommit != 0)
6037 					op = NFSV4OP_COMMIT;
6038 				else if (rwaccess == NFSV4OPEN_ACCESSREAD)
6039 					op = NFSV4OP_READ;
6040 				else
6041 					op = NFSV4OP_WRITE;
6042 				nfsrpc_layouterror(nmp, np->n_fhp->nfh_fh,
6043 				    np->n_fhp->nfh_len, off, xfer,
6044 				    &layp->nfsly_stateid, newcred, p, error, op,
6045 				    dip->nfsdi_deviceid);
6046 				error = EIO;
6047 			} else
6048 				error = EIO;
6049 			if (error == 0)
6050 				len -= (oresid - (uint64_t)uiop->uio_resid);
6051 			else if (mirrorcnt > 1 && rwaccess ==
6052 			    NFSV4OPEN_ACCESSWRITE && docommit == 0) {
6053 				/*
6054 				 * In case the rpc gets retried, roll the
6055 				 * uio fields changed by nfsm_uiombuflist()
6056 				 * back.
6057 				 */
6058 				uiop->uio_offset = offs;
6059 				uiop->uio_resid = resid;
6060 				uiop->uio_iov->iov_base = iovbase;
6061 				uiop->uio_iov->iov_len = iovlen;
6062 			}
6063 		}
6064 	}
6065 	if (lckp != NULL)
6066 		nfscl_lockderef(lckp);
6067 	NFSFREECRED(newcred);
6068 	nfscl_rellayout(layp, 0);
6069 	nfscl_relref(nmp);
6070 	return (error);
6071 }
6072 
6073 /*
6074  * Find a file layout that will handle the first bytes of the requested
6075  * range and return the information from it needed to the I/O operation.
6076  */
6077 int
nfscl_findlayoutforio(struct nfscllayout * lyp,uint64_t off,uint32_t rwaccess,struct nfsclflayout ** retflpp)6078 nfscl_findlayoutforio(struct nfscllayout *lyp, uint64_t off, uint32_t rwaccess,
6079     struct nfsclflayout **retflpp)
6080 {
6081 	struct nfsclflayout *flp, *nflp, *rflp;
6082 	uint32_t rw;
6083 
6084 	rflp = NULL;
6085 	rw = rwaccess;
6086 	/* For reading, do the Read list first and then the Write list. */
6087 	do {
6088 		if (rw == NFSV4OPEN_ACCESSREAD)
6089 			flp = LIST_FIRST(&lyp->nfsly_flayread);
6090 		else
6091 			flp = LIST_FIRST(&lyp->nfsly_flayrw);
6092 		while (flp != NULL) {
6093 			nflp = LIST_NEXT(flp, nfsfl_list);
6094 			if (flp->nfsfl_off > off)
6095 				break;
6096 			if (flp->nfsfl_end > off &&
6097 			    (rflp == NULL || rflp->nfsfl_end < flp->nfsfl_end))
6098 				rflp = flp;
6099 			flp = nflp;
6100 		}
6101 		if (rw == NFSV4OPEN_ACCESSREAD)
6102 			rw = NFSV4OPEN_ACCESSWRITE;
6103 		else
6104 			rw = 0;
6105 	} while (rw != 0);
6106 	if (rflp != NULL) {
6107 		/* This one covers the most bytes starting at off. */
6108 		*retflpp = rflp;
6109 		return (0);
6110 	}
6111 	return (EIO);
6112 }
6113 
6114 /*
6115  * Do I/O using an NFSv4.1 or NFSv4.2 file layout.
6116  */
6117 static int
nfscl_doflayoutio(vnode_t vp,struct uio * uiop,int * iomode,int * must_commit,int * eofp,nfsv4stateid_t * stateidp,int rwflag,struct nfscldevinfo * dp,struct nfscllayout * lyp,struct nfsclflayout * flp,uint64_t off,uint64_t len,int docommit,struct ucred * cred,NFSPROC_T * p)6118 nfscl_doflayoutio(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
6119     int *eofp, nfsv4stateid_t *stateidp, int rwflag, struct nfscldevinfo *dp,
6120     struct nfscllayout *lyp, struct nfsclflayout *flp, uint64_t off,
6121     uint64_t len, int docommit, struct ucred *cred, NFSPROC_T *p)
6122 {
6123 	uint64_t io_off, rel_off, stripe_unit_size, transfer, xfer;
6124 	int commit_thru_mds, error, stripe_index, stripe_pos, minorvers;
6125 	struct nfsnode *np;
6126 	struct nfsfh *fhp;
6127 	struct nfsclds **dspp;
6128 
6129 	np = VTONFS(vp);
6130 	rel_off = off - flp->nfsfl_patoff;
6131 	stripe_unit_size = flp->nfsfl_util & NFSFLAYUTIL_STRIPE_MASK;
6132 	stripe_pos = (rel_off / stripe_unit_size + flp->nfsfl_stripe1) %
6133 	    dp->nfsdi_stripecnt;
6134 	transfer = stripe_unit_size - (rel_off % stripe_unit_size);
6135 	error = 0;
6136 
6137 	/* Loop around, doing I/O for each stripe unit. */
6138 	while (len > 0 && error == 0) {
6139 		stripe_index = nfsfldi_stripeindex(dp, stripe_pos);
6140 		dspp = nfsfldi_addr(dp, stripe_index);
6141 		if (((*dspp)->nfsclds_flags & NFSCLDS_MINORV2) != 0)
6142 			minorvers = NFSV42_MINORVERSION;
6143 		else
6144 			minorvers = NFSV41_MINORVERSION;
6145 		if (len > transfer && docommit == 0)
6146 			xfer = transfer;
6147 		else
6148 			xfer = len;
6149 		if ((flp->nfsfl_util & NFSFLAYUTIL_DENSE) != 0) {
6150 			/* Dense layout. */
6151 			if (stripe_pos >= flp->nfsfl_fhcnt)
6152 				return (EIO);
6153 			fhp = flp->nfsfl_fh[stripe_pos];
6154 			io_off = (rel_off / (stripe_unit_size *
6155 			    dp->nfsdi_stripecnt)) * stripe_unit_size +
6156 			    rel_off % stripe_unit_size;
6157 		} else {
6158 			/* Sparse layout. */
6159 			if (flp->nfsfl_fhcnt > 1) {
6160 				if (stripe_index >= flp->nfsfl_fhcnt)
6161 					return (EIO);
6162 				fhp = flp->nfsfl_fh[stripe_index];
6163 			} else if (flp->nfsfl_fhcnt == 1)
6164 				fhp = flp->nfsfl_fh[0];
6165 			else
6166 				fhp = np->n_fhp;
6167 			io_off = off;
6168 		}
6169 		if ((flp->nfsfl_util & NFSFLAYUTIL_COMMIT_THRU_MDS) != 0) {
6170 			commit_thru_mds = 1;
6171 			if (docommit != 0)
6172 				error = EIO;
6173 		} else {
6174 			commit_thru_mds = 0;
6175 			NFSLOCKNODE(np);
6176 			np->n_flag |= NDSCOMMIT;
6177 			NFSUNLOCKNODE(np);
6178 		}
6179 		if (docommit != 0) {
6180 			if (error == 0)
6181 				error = nfsrpc_commitds(vp, io_off, xfer,
6182 				    *dspp, fhp, NFS_VER4, minorvers, cred, p);
6183 			if (error == 0) {
6184 				/*
6185 				 * Set both eof and uio_resid = 0 to end any
6186 				 * loops.
6187 				 */
6188 				*eofp = 1;
6189 				uiop->uio_resid = 0;
6190 			} else {
6191 				NFSLOCKNODE(np);
6192 				np->n_flag &= ~NDSCOMMIT;
6193 				NFSUNLOCKNODE(np);
6194 			}
6195 		} else if (rwflag == NFSV4OPEN_ACCESSREAD)
6196 			error = nfsrpc_readds(vp, uiop, stateidp, eofp, *dspp,
6197 			    io_off, xfer, fhp, 0, NFS_VER4, minorvers, cred, p);
6198 		else {
6199 			error = nfsrpc_writeds(vp, uiop, iomode, must_commit,
6200 			    stateidp, *dspp, io_off, xfer, fhp, commit_thru_mds,
6201 			    0, NFS_VER4, minorvers, cred, p);
6202 			if (error == 0) {
6203 				NFSLOCKCLSTATE();
6204 				lyp->nfsly_flags |= NFSLY_WRITTEN;
6205 				NFSUNLOCKCLSTATE();
6206 			}
6207 		}
6208 		if (error == 0) {
6209 			transfer = stripe_unit_size;
6210 			stripe_pos = (stripe_pos + 1) % dp->nfsdi_stripecnt;
6211 			len -= xfer;
6212 			off += xfer;
6213 		}
6214 	}
6215 	return (error);
6216 }
6217 
6218 /*
6219  * Do I/O using an NFSv4.1 flex file layout.
6220  */
6221 static int
nfscl_dofflayoutio(vnode_t vp,struct uio * uiop,int * iomode,int * must_commit,int * eofp,nfsv4stateid_t * stateidp,int rwflag,struct nfscldevinfo * dp,struct nfscllayout * lyp,struct nfsclflayout * flp,uint64_t off,uint64_t len,int mirror,int docommit,struct mbuf * mp,struct nfsclwritedsdorpc * drpc,struct ucred * cred,NFSPROC_T * p)6222 nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
6223     int *eofp, nfsv4stateid_t *stateidp, int rwflag, struct nfscldevinfo *dp,
6224     struct nfscllayout *lyp, struct nfsclflayout *flp, uint64_t off,
6225     uint64_t len, int mirror, int docommit, struct mbuf *mp,
6226     struct nfsclwritedsdorpc *drpc, struct ucred *cred, NFSPROC_T *p)
6227 {
6228 	uint64_t xfer;
6229 	int error;
6230 	struct nfsnode *np;
6231 	struct nfsfh *fhp;
6232 	struct nfsclds **dspp;
6233 	struct ucred *tcred;
6234 	struct mbuf *m, *m2;
6235 	uint32_t copylen;
6236 
6237 	np = VTONFS(vp);
6238 	error = 0;
6239 	NFSCL_DEBUG(4, "nfscl_dofflayoutio: off=%ju len=%ju\n", (uintmax_t)off,
6240 	    (uintmax_t)len);
6241 	/* Loop around, doing I/O for each stripe unit. */
6242 	while (len > 0 && error == 0) {
6243 		dspp = nfsfldi_addr(dp, 0);
6244 		fhp = flp->nfsfl_ffm[mirror].fh[dp->nfsdi_versindex];
6245 		stateidp = &flp->nfsfl_ffm[mirror].st;
6246 		NFSCL_DEBUG(4, "mirror=%d vind=%d fhlen=%d st.seqid=0x%x\n",
6247 		    mirror, dp->nfsdi_versindex, fhp->nfh_len, stateidp->seqid);
6248 		if ((dp->nfsdi_flags & NFSDI_TIGHTCOUPLED) == 0) {
6249 			tcred = NFSNEWCRED(cred);
6250 			tcred->cr_uid = flp->nfsfl_ffm[mirror].user;
6251 			tcred->cr_groups[0] = flp->nfsfl_ffm[mirror].group;
6252 			tcred->cr_ngroups = 1;
6253 		} else
6254 			tcred = cred;
6255 		if (rwflag == NFSV4OPEN_ACCESSREAD)
6256 			copylen = dp->nfsdi_rsize;
6257 		else {
6258 			copylen = dp->nfsdi_wsize;
6259 			if (len > copylen && mp != NULL) {
6260 				/*
6261 				 * When a mirrored configuration needs to do
6262 				 * multiple writes to each mirror, all writes
6263 				 * except the last one must be a multiple of
6264 				 * 4 bytes.  This is required so that the XDR
6265 				 * does not need padding.
6266 				 * If possible, clip the size to an exact
6267 				 * multiple of the mbuf length, so that the
6268 				 * split will be on an mbuf boundary.
6269 				 */
6270 				copylen &= 0xfffffffc;
6271 				if (copylen > mp->m_len)
6272 					copylen = copylen / mp->m_len *
6273 					    mp->m_len;
6274 			}
6275 		}
6276 		NFSLOCKNODE(np);
6277 		np->n_flag |= NDSCOMMIT;
6278 		NFSUNLOCKNODE(np);
6279 		if (len > copylen && docommit == 0)
6280 			xfer = copylen;
6281 		else
6282 			xfer = len;
6283 		if (docommit != 0) {
6284 			if (error == 0) {
6285 				/*
6286 				 * Do last mirrored DS commit with this thread.
6287 				 */
6288 				if (mirror < flp->nfsfl_mirrorcnt - 1)
6289 					error = nfsio_commitds(vp, off, xfer,
6290 					    *dspp, fhp, dp->nfsdi_vers,
6291 					    dp->nfsdi_minorvers, drpc, tcred,
6292 					    p);
6293 				else
6294 					error = nfsrpc_commitds(vp, off, xfer,
6295 					    *dspp, fhp, dp->nfsdi_vers,
6296 					    dp->nfsdi_minorvers, tcred, p);
6297 				NFSCL_DEBUG(4, "commitds=%d\n", error);
6298 				if (error != 0 && error != EACCES && error !=
6299 				    ESTALE) {
6300 					NFSCL_DEBUG(4,
6301 					    "DS layreterr for commit\n");
6302 					nfscl_dserr(NFSV4OP_COMMIT, error, dp,
6303 					    lyp, *dspp);
6304 				}
6305 			}
6306 			NFSCL_DEBUG(4, "aft nfsio_commitds=%d\n", error);
6307 			if (error == 0) {
6308 				/*
6309 				 * Set both eof and uio_resid = 0 to end any
6310 				 * loops.
6311 				 */
6312 				*eofp = 1;
6313 				uiop->uio_resid = 0;
6314 			} else {
6315 				NFSLOCKNODE(np);
6316 				np->n_flag &= ~NDSCOMMIT;
6317 				NFSUNLOCKNODE(np);
6318 			}
6319 		} else if (rwflag == NFSV4OPEN_ACCESSREAD) {
6320 			error = nfsrpc_readds(vp, uiop, stateidp, eofp, *dspp,
6321 			    off, xfer, fhp, 1, dp->nfsdi_vers,
6322 			    dp->nfsdi_minorvers, tcred, p);
6323 			NFSCL_DEBUG(4, "readds=%d\n", error);
6324 			if (error != 0 && error != EACCES && error != ESTALE) {
6325 				NFSCL_DEBUG(4, "DS layreterr for read\n");
6326 				nfscl_dserr(NFSV4OP_READ, error, dp, lyp,
6327 				    *dspp);
6328 			}
6329 		} else {
6330 			if (flp->nfsfl_mirrorcnt == 1) {
6331 				error = nfsrpc_writeds(vp, uiop, iomode,
6332 				    must_commit, stateidp, *dspp, off, xfer,
6333 				    fhp, 0, 1, dp->nfsdi_vers,
6334 				    dp->nfsdi_minorvers, tcred, p);
6335 				if (error == 0) {
6336 					NFSLOCKCLSTATE();
6337 					lyp->nfsly_flags |= NFSLY_WRITTEN;
6338 					NFSUNLOCKCLSTATE();
6339 				}
6340 			} else {
6341 				m = mp;
6342 				if (xfer < len) {
6343 					/* The mbuf list must be split. */
6344 					m2 = nfsm_split(mp, xfer);
6345 					if (m2 != NULL)
6346 						mp = m2;
6347 					else {
6348 						m_freem(mp);
6349 						error = EIO;
6350 					}
6351 				}
6352 				NFSCL_DEBUG(4, "mcopy len=%jd xfer=%jd\n",
6353 				    (uintmax_t)len, (uintmax_t)xfer);
6354 				/*
6355 				 * Do last write to a mirrored DS with this
6356 				 * thread.
6357 				 */
6358 				if (error == 0) {
6359 					if (mirror < flp->nfsfl_mirrorcnt - 1)
6360 						error = nfsio_writedsmir(vp,
6361 						    iomode, must_commit,
6362 						    stateidp, *dspp, off,
6363 						    xfer, fhp, m,
6364 						    dp->nfsdi_vers,
6365 						    dp->nfsdi_minorvers, drpc,
6366 						    tcred, p);
6367 					else
6368 						error = nfsrpc_writedsmir(vp,
6369 						    iomode, must_commit,
6370 						    stateidp, *dspp, off,
6371 						    xfer, fhp, m,
6372 						    dp->nfsdi_vers,
6373 						    dp->nfsdi_minorvers, tcred,
6374 						    p);
6375 				}
6376 				NFSCL_DEBUG(4, "nfsio_writedsmir=%d\n", error);
6377 				if (error != 0 && error != EACCES && error !=
6378 				    ESTALE) {
6379 					NFSCL_DEBUG(4,
6380 					    "DS layreterr for write\n");
6381 					nfscl_dserr(NFSV4OP_WRITE, error, dp,
6382 					    lyp, *dspp);
6383 				}
6384 			}
6385 		}
6386 		NFSCL_DEBUG(4, "aft read/writeds=%d\n", error);
6387 		if (error == 0) {
6388 			len -= xfer;
6389 			off += xfer;
6390 		}
6391 		if ((dp->nfsdi_flags & NFSDI_TIGHTCOUPLED) == 0)
6392 			NFSFREECRED(tcred);
6393 	}
6394 	NFSCL_DEBUG(4, "eo nfscl_dofflayoutio=%d\n", error);
6395 	return (error);
6396 }
6397 
6398 /*
6399  * The actual read RPC done to a DS.
6400  */
6401 static int
nfsrpc_readds(vnode_t vp,struct uio * uiop,nfsv4stateid_t * stateidp,int * eofp,struct nfsclds * dsp,uint64_t io_off,int len,struct nfsfh * fhp,int flex,int vers,int minorvers,struct ucred * cred,NFSPROC_T * p)6402 nfsrpc_readds(vnode_t vp, struct uio *uiop, nfsv4stateid_t *stateidp, int *eofp,
6403     struct nfsclds *dsp, uint64_t io_off, int len, struct nfsfh *fhp, int flex,
6404     int vers, int minorvers, struct ucred *cred, NFSPROC_T *p)
6405 {
6406 	uint32_t *tl;
6407 	int attrflag, error, retlen;
6408 	struct nfsrv_descript nfsd;
6409 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
6410 	struct nfsrv_descript *nd = &nfsd;
6411 	struct nfssockreq *nrp;
6412 	struct nfsvattr na;
6413 
6414 	nd->nd_mrep = NULL;
6415 	if (vers == 0 || vers == NFS_VER4) {
6416 		nfscl_reqstart(nd, NFSPROC_READDS, nmp, fhp->nfh_fh,
6417 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
6418 		vers = NFS_VER4;
6419 		NFSCL_DEBUG(4, "nfsrpc_readds: vers4 minvers=%d\n", minorvers);
6420 		if (flex != 0)
6421 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
6422 		else
6423 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSEQIDZERO);
6424 	} else {
6425 		nfscl_reqstart(nd, NFSPROC_READ, nmp, fhp->nfh_fh,
6426 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
6427 		NFSDECRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_READ]);
6428 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_READDS]);
6429 		NFSCL_DEBUG(4, "nfsrpc_readds: vers3\n");
6430 	}
6431 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED * 3);
6432 	txdr_hyper(io_off, tl);
6433 	*(tl + 2) = txdr_unsigned(len);
6434 	nrp = dsp->nfsclds_sockp;
6435 	NFSCL_DEBUG(4, "nfsrpc_readds: nrp=%p\n", nrp);
6436 	if (nrp == NULL)
6437 		/* If NULL, use the MDS socket. */
6438 		nrp = &nmp->nm_sockreq;
6439 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
6440 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
6441 	NFSCL_DEBUG(4, "nfsrpc_readds: stat=%d err=%d\n", nd->nd_repstat,
6442 	    error);
6443 	if (error != 0)
6444 		return (error);
6445 	if (vers == NFS_VER3) {
6446 		error = nfscl_postop_attr(nd, &na, &attrflag, NULL);
6447 		NFSCL_DEBUG(4, "nfsrpc_readds: postop=%d\n", error);
6448 		if (error != 0)
6449 			goto nfsmout;
6450 	}
6451 	if (nd->nd_repstat != 0) {
6452 		error = nd->nd_repstat;
6453 		goto nfsmout;
6454 	}
6455 	if (vers == NFS_VER3) {
6456 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
6457 		*eofp = fxdr_unsigned(int, *(tl + 1));
6458 	} else {
6459 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
6460 		*eofp = fxdr_unsigned(int, *tl);
6461 	}
6462 	NFSM_STRSIZ(retlen, len);
6463 	NFSCL_DEBUG(4, "nfsrpc_readds: retlen=%d eof=%d\n", retlen, *eofp);
6464 	error = nfsm_mbufuio(nd, uiop, retlen);
6465 nfsmout:
6466 	if (nd->nd_mrep != NULL)
6467 		m_freem(nd->nd_mrep);
6468 	return (error);
6469 }
6470 
6471 /*
6472  * The actual write RPC done to a DS.
6473  */
6474 static int
nfsrpc_writeds(vnode_t vp,struct uio * uiop,int * iomode,int * must_commit,nfsv4stateid_t * stateidp,struct nfsclds * dsp,uint64_t io_off,int len,struct nfsfh * fhp,int commit_thru_mds,int flex,int vers,int minorvers,struct ucred * cred,NFSPROC_T * p)6475 nfsrpc_writeds(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
6476     nfsv4stateid_t *stateidp, struct nfsclds *dsp, uint64_t io_off, int len,
6477     struct nfsfh *fhp, int commit_thru_mds, int flex, int vers, int minorvers,
6478     struct ucred *cred, NFSPROC_T *p)
6479 {
6480 	uint32_t *tl;
6481 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
6482 	int attrflag, error, rlen, commit, committed = NFSWRITE_FILESYNC;
6483 	int32_t backup;
6484 	struct nfsrv_descript nfsd;
6485 	struct nfsrv_descript *nd = &nfsd;
6486 	struct nfssockreq *nrp;
6487 	struct nfsvattr na;
6488 
6489 	KASSERT(uiop->uio_iovcnt == 1, ("nfs: writerpc iovcnt > 1"));
6490 	nd->nd_mrep = NULL;
6491 	if (vers == 0 || vers == NFS_VER4) {
6492 		nfscl_reqstart(nd, NFSPROC_WRITEDS, nmp, fhp->nfh_fh,
6493 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
6494 		NFSCL_DEBUG(4, "nfsrpc_writeds: vers4 minvers=%d\n", minorvers);
6495 		vers = NFS_VER4;
6496 		if (flex != 0)
6497 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
6498 		else
6499 			nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSEQIDZERO);
6500 		NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 * NFSX_UNSIGNED);
6501 	} else {
6502 		nfscl_reqstart(nd, NFSPROC_WRITE, nmp, fhp->nfh_fh,
6503 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
6504 		NFSDECRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_WRITE]);
6505 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_WRITEDS]);
6506 		NFSCL_DEBUG(4, "nfsrpc_writeds: vers3\n");
6507 		NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 3 * NFSX_UNSIGNED);
6508 	}
6509 	txdr_hyper(io_off, tl);
6510 	tl += 2;
6511 	if (vers == NFS_VER3)
6512 		*tl++ = txdr_unsigned(len);
6513 	*tl++ = txdr_unsigned(*iomode);
6514 	*tl = txdr_unsigned(len);
6515 	nfsm_uiombuf(nd, uiop, len);
6516 	nrp = dsp->nfsclds_sockp;
6517 	if (nrp == NULL)
6518 		/* If NULL, use the MDS socket. */
6519 		nrp = &nmp->nm_sockreq;
6520 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
6521 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
6522 	NFSCL_DEBUG(4, "nfsrpc_writeds: err=%d stat=%d\n", error,
6523 	    nd->nd_repstat);
6524 	if (error != 0)
6525 		return (error);
6526 	if (nd->nd_repstat != 0) {
6527 		/*
6528 		 * In case the rpc gets retried, roll
6529 		 * the uio fileds changed by nfsm_uiombuf()
6530 		 * back.
6531 		 */
6532 		uiop->uio_offset -= len;
6533 		uiop->uio_resid += len;
6534 		uiop->uio_iov->iov_base = (char *)uiop->uio_iov->iov_base - len;
6535 		uiop->uio_iov->iov_len += len;
6536 		error = nd->nd_repstat;
6537 	} else {
6538 		if (vers == NFS_VER3) {
6539 			error = nfscl_wcc_data(nd, vp, &na, &attrflag, NULL,
6540 			    NULL);
6541 			NFSCL_DEBUG(4, "nfsrpc_writeds: wcc_data=%d\n", error);
6542 			if (error != 0)
6543 				goto nfsmout;
6544 		}
6545 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED + NFSX_VERF);
6546 		rlen = fxdr_unsigned(int, *tl++);
6547 		NFSCL_DEBUG(4, "nfsrpc_writeds: len=%d rlen=%d\n", len, rlen);
6548 		if (rlen == 0) {
6549 			error = NFSERR_IO;
6550 			goto nfsmout;
6551 		} else if (rlen < len) {
6552 			backup = len - rlen;
6553 			uiop->uio_iov->iov_base =
6554 			    (char *)uiop->uio_iov->iov_base - backup;
6555 			uiop->uio_iov->iov_len += backup;
6556 			uiop->uio_offset -= backup;
6557 			uiop->uio_resid += backup;
6558 			len = rlen;
6559 		}
6560 		commit = fxdr_unsigned(int, *tl++);
6561 
6562 		/*
6563 		 * Return the lowest commitment level
6564 		 * obtained by any of the RPCs.
6565 		 */
6566 		if (committed == NFSWRITE_FILESYNC)
6567 			committed = commit;
6568 		else if (committed == NFSWRITE_DATASYNC &&
6569 		    commit == NFSWRITE_UNSTABLE)
6570 			committed = commit;
6571 		if (commit_thru_mds != 0) {
6572 			NFSLOCKMNT(nmp);
6573 			if (!NFSHASWRITEVERF(nmp)) {
6574 				NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
6575 				NFSSETWRITEVERF(nmp);
6576 			} else if (NFSBCMP(tl, nmp->nm_verf, NFSX_VERF) &&
6577 			    *must_commit != 2) {
6578 				*must_commit = 1;
6579 				NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
6580 			}
6581 			NFSUNLOCKMNT(nmp);
6582 		} else {
6583 			NFSLOCKDS(dsp);
6584 			if ((dsp->nfsclds_flags & NFSCLDS_HASWRITEVERF) == 0) {
6585 				NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
6586 				dsp->nfsclds_flags |= NFSCLDS_HASWRITEVERF;
6587 			} else if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF) &&
6588 			    *must_commit != 2) {
6589 				*must_commit = 1;
6590 				NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
6591 			}
6592 			NFSUNLOCKDS(dsp);
6593 		}
6594 	}
6595 nfsmout:
6596 	if (nd->nd_mrep != NULL)
6597 		m_freem(nd->nd_mrep);
6598 	*iomode = committed;
6599 	if (nd->nd_repstat != 0 && error == 0)
6600 		error = nd->nd_repstat;
6601 	return (error);
6602 }
6603 
6604 /*
6605  * The actual write RPC done to a DS.
6606  * This variant is called from a separate kernel process for mirrors.
6607  * Any short write is considered an IO error.
6608  */
6609 static int
nfsrpc_writedsmir(vnode_t vp,int * iomode,int * must_commit,nfsv4stateid_t * stateidp,struct nfsclds * dsp,uint64_t io_off,int len,struct nfsfh * fhp,struct mbuf * m,int vers,int minorvers,struct ucred * cred,NFSPROC_T * p)6610 nfsrpc_writedsmir(vnode_t vp, int *iomode, int *must_commit,
6611     nfsv4stateid_t *stateidp, struct nfsclds *dsp, uint64_t io_off, int len,
6612     struct nfsfh *fhp, struct mbuf *m, int vers, int minorvers,
6613     struct ucred *cred, NFSPROC_T *p)
6614 {
6615 	uint32_t *tl;
6616 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
6617 	int attrflag, error, commit, committed = NFSWRITE_FILESYNC, rlen;
6618 	struct nfsrv_descript nfsd;
6619 	struct nfsrv_descript *nd = &nfsd;
6620 	struct nfssockreq *nrp;
6621 	struct nfsvattr na;
6622 
6623 	nd->nd_mrep = NULL;
6624 	if (vers == 0 || vers == NFS_VER4) {
6625 		nfscl_reqstart(nd, NFSPROC_WRITEDS, nmp, fhp->nfh_fh,
6626 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
6627 		vers = NFS_VER4;
6628 		NFSCL_DEBUG(4, "nfsrpc_writedsmir: vers4 minvers=%d\n",
6629 		    minorvers);
6630 		nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
6631 		NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 * NFSX_UNSIGNED);
6632 	} else {
6633 		nfscl_reqstart(nd, NFSPROC_WRITE, nmp, fhp->nfh_fh,
6634 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
6635 		NFSDECRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_WRITE]);
6636 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_WRITEDS]);
6637 		NFSCL_DEBUG(4, "nfsrpc_writedsmir: vers3\n");
6638 		NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 3 * NFSX_UNSIGNED);
6639 	}
6640 	txdr_hyper(io_off, tl);
6641 	tl += 2;
6642 	if (vers == NFS_VER3)
6643 		*tl++ = txdr_unsigned(len);
6644 	*tl++ = txdr_unsigned(*iomode);
6645 	*tl = txdr_unsigned(len);
6646 	if (len > 0) {
6647 		/* Put data in mbuf chain. */
6648 		nd->nd_mb->m_next = m;
6649 	}
6650 	nrp = dsp->nfsclds_sockp;
6651 	if (nrp == NULL)
6652 		/* If NULL, use the MDS socket. */
6653 		nrp = &nmp->nm_sockreq;
6654 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
6655 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
6656 	NFSCL_DEBUG(4, "nfsrpc_writedsmir: err=%d stat=%d\n", error,
6657 	    nd->nd_repstat);
6658 	if (error != 0)
6659 		return (error);
6660 	if (nd->nd_repstat != 0)
6661 		error = nd->nd_repstat;
6662 	else {
6663 		if (vers == NFS_VER3) {
6664 			error = nfscl_wcc_data(nd, vp, &na, &attrflag, NULL,
6665 			    NULL);
6666 			NFSCL_DEBUG(4, "nfsrpc_writedsmir: wcc_data=%d\n",
6667 			    error);
6668 			if (error != 0)
6669 				goto nfsmout;
6670 		}
6671 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED + NFSX_VERF);
6672 		rlen = fxdr_unsigned(int, *tl++);
6673 		NFSCL_DEBUG(4, "nfsrpc_writedsmir: len=%d rlen=%d\n", len,
6674 		    rlen);
6675 		if (rlen != len) {
6676 			error = NFSERR_IO;
6677 			NFSCL_DEBUG(4, "nfsrpc_writedsmir: len=%d rlen=%d\n",
6678 			    len, rlen);
6679 			goto nfsmout;
6680 		}
6681 		commit = fxdr_unsigned(int, *tl++);
6682 
6683 		/*
6684 		 * Return the lowest commitment level
6685 		 * obtained by any of the RPCs.
6686 		 */
6687 		if (committed == NFSWRITE_FILESYNC)
6688 			committed = commit;
6689 		else if (committed == NFSWRITE_DATASYNC &&
6690 		    commit == NFSWRITE_UNSTABLE)
6691 			committed = commit;
6692 		NFSLOCKDS(dsp);
6693 		if ((dsp->nfsclds_flags & NFSCLDS_HASWRITEVERF) == 0) {
6694 			NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
6695 			dsp->nfsclds_flags |= NFSCLDS_HASWRITEVERF;
6696 		} else if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF) &&
6697 		    *must_commit != 2) {
6698 			*must_commit = 1;
6699 			NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
6700 		}
6701 		NFSUNLOCKDS(dsp);
6702 	}
6703 nfsmout:
6704 	if (nd->nd_mrep != NULL)
6705 		m_freem(nd->nd_mrep);
6706 	*iomode = committed;
6707 	if (nd->nd_repstat != 0 && error == 0)
6708 		error = nd->nd_repstat;
6709 	return (error);
6710 }
6711 
6712 /*
6713  * Start up the thread that will execute nfsrpc_writedsmir().
6714  */
6715 static void
start_writedsmir(void * arg,int pending)6716 start_writedsmir(void *arg, int pending)
6717 {
6718 	struct nfsclwritedsdorpc *drpc;
6719 
6720 	drpc = (struct nfsclwritedsdorpc *)arg;
6721 	drpc->err = nfsrpc_writedsmir(drpc->vp, &drpc->iomode,
6722 	    &drpc->must_commit, drpc->stateidp, drpc->dsp, drpc->off, drpc->len,
6723 	    drpc->fhp, drpc->m, drpc->vers, drpc->minorvers, drpc->cred,
6724 	    drpc->p);
6725 	drpc->done = 1;
6726 	NFSCL_DEBUG(4, "start_writedsmir: err=%d\n", drpc->err);
6727 }
6728 
6729 /*
6730  * Set up the write DS mirror call for the pNFS I/O thread.
6731  */
6732 static int
nfsio_writedsmir(vnode_t vp,int * iomode,int * must_commit,nfsv4stateid_t * stateidp,struct nfsclds * dsp,uint64_t off,int len,struct nfsfh * fhp,struct mbuf * m,int vers,int minorvers,struct nfsclwritedsdorpc * drpc,struct ucred * cred,NFSPROC_T * p)6733 nfsio_writedsmir(vnode_t vp, int *iomode, int *must_commit,
6734     nfsv4stateid_t *stateidp, struct nfsclds *dsp, uint64_t off, int len,
6735     struct nfsfh *fhp, struct mbuf *m, int vers, int minorvers,
6736     struct nfsclwritedsdorpc *drpc, struct ucred *cred, NFSPROC_T *p)
6737 {
6738 	int error, ret;
6739 
6740 	error = 0;
6741 	drpc->done = 0;
6742 	drpc->vp = vp;
6743 	drpc->iomode = *iomode;
6744 	drpc->must_commit = *must_commit;
6745 	drpc->stateidp = stateidp;
6746 	drpc->dsp = dsp;
6747 	drpc->off = off;
6748 	drpc->len = len;
6749 	drpc->fhp = fhp;
6750 	drpc->m = m;
6751 	drpc->vers = vers;
6752 	drpc->minorvers = minorvers;
6753 	drpc->cred = cred;
6754 	drpc->p = p;
6755 	drpc->inprog = 0;
6756 	ret = EIO;
6757 	if (nfs_pnfsiothreads != 0) {
6758 		ret = nfs_pnfsio(start_writedsmir, drpc);
6759 		NFSCL_DEBUG(4, "nfsio_writedsmir: nfs_pnfsio=%d\n", ret);
6760 	}
6761 	if (ret != 0)
6762 		error = nfsrpc_writedsmir(vp, iomode, &drpc->must_commit,
6763 		    stateidp, dsp, off, len, fhp, m, vers, minorvers, cred, p);
6764 	NFSCL_DEBUG(4, "nfsio_writedsmir: error=%d\n", error);
6765 	return (error);
6766 }
6767 
6768 /*
6769  * Free up the nfsclds structure.
6770  */
6771 void
nfscl_freenfsclds(struct nfsclds * dsp)6772 nfscl_freenfsclds(struct nfsclds *dsp)
6773 {
6774 	int i;
6775 
6776 	if (dsp == NULL)
6777 		return;
6778 	if (dsp->nfsclds_sockp != NULL) {
6779 		NFSFREECRED(dsp->nfsclds_sockp->nr_cred);
6780 		NFSFREEMUTEX(&dsp->nfsclds_sockp->nr_mtx);
6781 		free(dsp->nfsclds_sockp->nr_nam, M_SONAME);
6782 		free(dsp->nfsclds_sockp, M_NFSSOCKREQ);
6783 	}
6784 	NFSFREEMUTEX(&dsp->nfsclds_mtx);
6785 	NFSFREEMUTEX(&dsp->nfsclds_sess.nfsess_mtx);
6786 	for (i = 0; i < NFSV4_CBSLOTS; i++) {
6787 		if (dsp->nfsclds_sess.nfsess_cbslots[i].nfssl_reply != NULL)
6788 			m_freem(
6789 			    dsp->nfsclds_sess.nfsess_cbslots[i].nfssl_reply);
6790 	}
6791 	free(dsp, M_NFSCLDS);
6792 }
6793 
6794 static enum nfsclds_state
nfscl_getsameserver(struct nfsmount * nmp,struct nfsclds * newdsp,struct nfsclds ** retdspp,uint32_t * sequencep)6795 nfscl_getsameserver(struct nfsmount *nmp, struct nfsclds *newdsp,
6796     struct nfsclds **retdspp, uint32_t *sequencep)
6797 {
6798 	struct nfsclds *dsp;
6799 	int fndseq;
6800 
6801 	/*
6802 	 * Search the list of nfsclds structures for one with the same
6803 	 * server.
6804 	 */
6805 	fndseq = 0;
6806 	TAILQ_FOREACH(dsp, &nmp->nm_sess, nfsclds_list) {
6807 		if (dsp->nfsclds_servownlen == newdsp->nfsclds_servownlen &&
6808 		    dsp->nfsclds_servownlen != 0 &&
6809 		    !NFSBCMP(dsp->nfsclds_serverown, newdsp->nfsclds_serverown,
6810 		    dsp->nfsclds_servownlen) &&
6811 		    dsp->nfsclds_sess.nfsess_defunct == 0) {
6812 			NFSCL_DEBUG(4, "fnd same fdsp=%p dsp=%p flg=0x%x\n",
6813 			    TAILQ_FIRST(&nmp->nm_sess), dsp,
6814 			    dsp->nfsclds_flags);
6815 			if (fndseq == 0) {
6816 				/* Get sequenceid# from first entry. */
6817 				*sequencep =
6818 				    dsp->nfsclds_sess.nfsess_sequenceid;
6819 				fndseq = 1;
6820 			}
6821 			/* Server major id matches. */
6822 			if ((dsp->nfsclds_flags & NFSCLDS_DS) != 0) {
6823 				*retdspp = dsp;
6824 				return (NFSDSP_USETHISSESSION);
6825 			}
6826 		}
6827 	}
6828 	if (fndseq != 0)
6829 		return (NFSDSP_SEQTHISSESSION);
6830 	return (NFSDSP_NOTFOUND);
6831 }
6832 
6833 /*
6834  * NFS commit rpc to a NFSv4.1 DS.
6835  */
6836 static int
nfsrpc_commitds(vnode_t vp,uint64_t offset,int cnt,struct nfsclds * dsp,struct nfsfh * fhp,int vers,int minorvers,struct ucred * cred,NFSPROC_T * p)6837 nfsrpc_commitds(vnode_t vp, uint64_t offset, int cnt, struct nfsclds *dsp,
6838     struct nfsfh *fhp, int vers, int minorvers, struct ucred *cred,
6839     NFSPROC_T *p)
6840 {
6841 	uint32_t *tl;
6842 	struct nfsrv_descript nfsd, *nd = &nfsd;
6843 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
6844 	struct nfssockreq *nrp;
6845 	struct nfsvattr na;
6846 	int attrflag, error;
6847 
6848 	nd->nd_mrep = NULL;
6849 	if (vers == 0 || vers == NFS_VER4) {
6850 		nfscl_reqstart(nd, NFSPROC_COMMITDS, nmp, fhp->nfh_fh,
6851 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
6852 		vers = NFS_VER4;
6853 	} else {
6854 		nfscl_reqstart(nd, NFSPROC_COMMIT, nmp, fhp->nfh_fh,
6855 		    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
6856 		NFSDECRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_COMMIT]);
6857 		NFSINCRGLOBAL(nfsstatsv1.rpccnt[NFSPROC_COMMITDS]);
6858 	}
6859 	NFSCL_DEBUG(4, "nfsrpc_commitds: vers=%d minvers=%d\n", vers,
6860 	    minorvers);
6861 	NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + NFSX_UNSIGNED);
6862 	txdr_hyper(offset, tl);
6863 	tl += 2;
6864 	*tl = txdr_unsigned(cnt);
6865 	nrp = dsp->nfsclds_sockp;
6866 	if (nrp == NULL)
6867 		/* If NULL, use the MDS socket. */
6868 		nrp = &nmp->nm_sockreq;
6869 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
6870 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
6871 	NFSCL_DEBUG(4, "nfsrpc_commitds: err=%d stat=%d\n", error,
6872 	    nd->nd_repstat);
6873 	if (error != 0)
6874 		return (error);
6875 	if (nd->nd_repstat == 0) {
6876 		if (vers == NFS_VER3) {
6877 			error = nfscl_wcc_data(nd, vp, &na, &attrflag, NULL,
6878 			    NULL);
6879 			NFSCL_DEBUG(4, "nfsrpc_commitds: wccdata=%d\n", error);
6880 			if (error != 0)
6881 				goto nfsmout;
6882 		}
6883 		NFSM_DISSECT(tl, u_int32_t *, NFSX_VERF);
6884 		NFSLOCKDS(dsp);
6885 		if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF)) {
6886 			NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
6887 			error = NFSERR_STALEWRITEVERF;
6888 		}
6889 		NFSUNLOCKDS(dsp);
6890 	}
6891 nfsmout:
6892 	if (error == 0 && nd->nd_repstat != 0)
6893 		error = nd->nd_repstat;
6894 	m_freem(nd->nd_mrep);
6895 	return (error);
6896 }
6897 
6898 /*
6899  * Start up the thread that will execute nfsrpc_commitds().
6900  */
6901 static void
start_commitds(void * arg,int pending)6902 start_commitds(void *arg, int pending)
6903 {
6904 	struct nfsclwritedsdorpc *drpc;
6905 
6906 	drpc = (struct nfsclwritedsdorpc *)arg;
6907 	drpc->err = nfsrpc_commitds(drpc->vp, drpc->off, drpc->len,
6908 	    drpc->dsp, drpc->fhp, drpc->vers, drpc->minorvers, drpc->cred,
6909 	    drpc->p);
6910 	drpc->done = 1;
6911 	NFSCL_DEBUG(4, "start_commitds: err=%d\n", drpc->err);
6912 }
6913 
6914 /*
6915  * Set up the commit DS mirror call for the pNFS I/O thread.
6916  */
6917 static int
nfsio_commitds(vnode_t vp,uint64_t offset,int cnt,struct nfsclds * dsp,struct nfsfh * fhp,int vers,int minorvers,struct nfsclwritedsdorpc * drpc,struct ucred * cred,NFSPROC_T * p)6918 nfsio_commitds(vnode_t vp, uint64_t offset, int cnt, struct nfsclds *dsp,
6919     struct nfsfh *fhp, int vers, int minorvers,
6920     struct nfsclwritedsdorpc *drpc, struct ucred *cred, NFSPROC_T *p)
6921 {
6922 	int error, ret;
6923 
6924 	error = 0;
6925 	drpc->done = 0;
6926 	drpc->vp = vp;
6927 	drpc->off = offset;
6928 	drpc->len = cnt;
6929 	drpc->dsp = dsp;
6930 	drpc->fhp = fhp;
6931 	drpc->vers = vers;
6932 	drpc->minorvers = minorvers;
6933 	drpc->cred = cred;
6934 	drpc->p = p;
6935 	drpc->inprog = 0;
6936 	ret = EIO;
6937 	if (nfs_pnfsiothreads != 0) {
6938 		ret = nfs_pnfsio(start_commitds, drpc);
6939 		NFSCL_DEBUG(4, "nfsio_commitds: nfs_pnfsio=%d\n", ret);
6940 	}
6941 	if (ret != 0)
6942 		error = nfsrpc_commitds(vp, offset, cnt, dsp, fhp, vers,
6943 		    minorvers, cred, p);
6944 	NFSCL_DEBUG(4, "nfsio_commitds: error=%d\n", error);
6945 	return (error);
6946 }
6947 
6948 /*
6949  * NFS Advise rpc
6950  */
6951 int
nfsrpc_advise(vnode_t vp,off_t offset,uint64_t cnt,int advise,struct ucred * cred,NFSPROC_T * p)6952 nfsrpc_advise(vnode_t vp, off_t offset, uint64_t cnt, int advise,
6953     struct ucred *cred, NFSPROC_T *p)
6954 {
6955 	u_int32_t *tl;
6956 	struct nfsrv_descript nfsd, *nd = &nfsd;
6957 	nfsattrbit_t hints;
6958 	int error;
6959 
6960 	NFSZERO_ATTRBIT(&hints);
6961 	if (advise == POSIX_FADV_WILLNEED)
6962 		NFSSETBIT_ATTRBIT(&hints, NFSV4IOHINT_WILLNEED);
6963 	else if (advise == POSIX_FADV_DONTNEED)
6964 		NFSSETBIT_ATTRBIT(&hints, NFSV4IOHINT_DONTNEED);
6965 	else
6966 		return (0);
6967 	NFSCL_REQSTART(nd, NFSPROC_IOADVISE, vp);
6968 	nfsm_stateidtom(nd, NULL, NFSSTATEID_PUTALLZERO);
6969 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER);
6970 	txdr_hyper(offset, tl);
6971 	tl += 2;
6972 	txdr_hyper(cnt, tl);
6973 	nfsrv_putattrbit(nd, &hints);
6974 	error = nfscl_request(nd, vp, p, cred, NULL);
6975 	if (error != 0)
6976 		return (error);
6977 	if (nd->nd_repstat != 0)
6978 		error = nd->nd_repstat;
6979 	m_freem(nd->nd_mrep);
6980 	return (error);
6981 }
6982 
6983 #ifdef notyet
6984 /*
6985  * NFS advise rpc to a NFSv4.2 DS.
6986  */
6987 static int
nfsrpc_adviseds(vnode_t vp,uint64_t offset,int cnt,int advise,struct nfsclds * dsp,struct nfsfh * fhp,int vers,int minorvers,struct ucred * cred,NFSPROC_T * p)6988 nfsrpc_adviseds(vnode_t vp, uint64_t offset, int cnt, int advise,
6989     struct nfsclds *dsp, struct nfsfh *fhp, int vers, int minorvers,
6990     struct ucred *cred, NFSPROC_T *p)
6991 {
6992 	uint32_t *tl;
6993 	struct nfsrv_descript nfsd, *nd = &nfsd;
6994 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
6995 	struct nfssockreq *nrp;
6996 	nfsattrbit_t hints;
6997 	int error;
6998 
6999 	/* For NFS DSs prior to NFSv4.2, just return OK. */
7000 	if (vers == NFS_VER3 || minorversion < NFSV42_MINORVERSION)
7001 		return (0);
7002 	NFSZERO_ATTRBIT(&hints);
7003 	if (advise == POSIX_FADV_WILLNEED)
7004 		NFSSETBIT_ATTRBIT(&hints, NFSV4IOHINT_WILLNEED);
7005 	else if (advise == POSIX_FADV_DONTNEED)
7006 		NFSSETBIT_ATTRBIT(&hints, NFSV4IOHINT_DONTNEED);
7007 	else
7008 		return (0);
7009 	nd->nd_mrep = NULL;
7010 	nfscl_reqstart(nd, NFSPROC_IOADVISEDS, nmp, fhp->nfh_fh,
7011 	    fhp->nfh_len, NULL, &dsp->nfsclds_sess, vers, minorvers);
7012 	vers = NFS_VER4;
7013 	NFSCL_DEBUG(4, "nfsrpc_adviseds: vers=%d minvers=%d\n", vers,
7014 	    minorvers);
7015 	nfsm_stateidtom(nd, NULL, NFSSTATEID_PUTALLZERO);
7016 	NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + NFSX_UNSIGNED);
7017 	txdr_hyper(offset, tl);
7018 	tl += 2;
7019 	*tl = txdr_unsigned(cnt);
7020 	nfsrv_putattrbit(nd, &hints);
7021 	nrp = dsp->nfsclds_sockp;
7022 	if (nrp == NULL)
7023 		/* If NULL, use the MDS socket. */
7024 		nrp = &nmp->nm_sockreq;
7025 	error = newnfs_request(nd, nmp, NULL, nrp, vp, p, cred,
7026 	    NFS_PROG, vers, NULL, 1, NULL, &dsp->nfsclds_sess);
7027 	NFSCL_DEBUG(4, "nfsrpc_adviseds: err=%d stat=%d\n", error,
7028 	    nd->nd_repstat);
7029 	if (error != 0)
7030 		return (error);
7031 	if (nd->nd_repstat != 0)
7032 		error = nd->nd_repstat;
7033 	m_freem(nd->nd_mrep);
7034 	return (error);
7035 }
7036 
7037 /*
7038  * Start up the thread that will execute nfsrpc_commitds().
7039  */
7040 static void
start_adviseds(void * arg,int pending)7041 start_adviseds(void *arg, int pending)
7042 {
7043 	struct nfsclwritedsdorpc *drpc;
7044 
7045 	drpc = (struct nfsclwritedsdorpc *)arg;
7046 	drpc->err = nfsrpc_adviseds(drpc->vp, drpc->off, drpc->len,
7047 	    drpc->advise, drpc->dsp, drpc->fhp, drpc->vers, drpc->minorvers,
7048 	    drpc->cred, drpc->p);
7049 	drpc->done = 1;
7050 	NFSCL_DEBUG(4, "start_adviseds: err=%d\n", drpc->err);
7051 }
7052 
7053 /*
7054  * Set up the commit DS mirror call for the pNFS I/O thread.
7055  */
7056 static int
nfsio_adviseds(vnode_t vp,uint64_t offset,int cnt,int advise,struct nfsclds * dsp,struct nfsfh * fhp,int vers,int minorvers,struct nfsclwritedsdorpc * drpc,struct ucred * cred,NFSPROC_T * p)7057 nfsio_adviseds(vnode_t vp, uint64_t offset, int cnt, int advise,
7058     struct nfsclds *dsp, struct nfsfh *fhp, int vers, int minorvers,
7059     struct nfsclwritedsdorpc *drpc, struct ucred *cred, NFSPROC_T *p)
7060 {
7061 	int error, ret;
7062 
7063 	error = 0;
7064 	drpc->done = 0;
7065 	drpc->vp = vp;
7066 	drpc->off = offset;
7067 	drpc->len = cnt;
7068 	drpc->advise = advise;
7069 	drpc->dsp = dsp;
7070 	drpc->fhp = fhp;
7071 	drpc->vers = vers;
7072 	drpc->minorvers = minorvers;
7073 	drpc->cred = cred;
7074 	drpc->p = p;
7075 	drpc->inprog = 0;
7076 	ret = EIO;
7077 	if (nfs_pnfsiothreads != 0) {
7078 		ret = nfs_pnfsio(start_adviseds, drpc);
7079 		NFSCL_DEBUG(4, "nfsio_adviseds: nfs_pnfsio=%d\n", ret);
7080 	}
7081 	if (ret != 0)
7082 		error = nfsrpc_adviseds(vp, offset, cnt, advise, dsp, fhp, vers,
7083 		    minorvers, cred, p);
7084 	NFSCL_DEBUG(4, "nfsio_adviseds: error=%d\n", error);
7085 	return (error);
7086 }
7087 #endif	/* notyet */
7088 
7089 /*
7090  * Do the Allocate operation, retrying for recovery.
7091  */
7092 int
nfsrpc_allocate(vnode_t vp,off_t off,off_t len,struct nfsvattr * nap,int * attrflagp,struct ucred * cred,NFSPROC_T * p,void * stuff)7093 nfsrpc_allocate(vnode_t vp, off_t off, off_t len, struct nfsvattr *nap,
7094     int *attrflagp, struct ucred *cred, NFSPROC_T *p, void *stuff)
7095 {
7096 	int error, expireret = 0, retrycnt, nostateid;
7097 	uint32_t clidrev = 0;
7098 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
7099 	struct nfsfh *nfhp = NULL;
7100 	nfsv4stateid_t stateid;
7101 	off_t tmp_off;
7102 	void *lckp;
7103 
7104 	if (len < 0)
7105 		return (EINVAL);
7106 	if (len == 0)
7107 		return (0);
7108 	tmp_off = off + len;
7109 	NFSLOCKMNT(nmp);
7110 	if (tmp_off > nmp->nm_maxfilesize || tmp_off < off) {
7111 		NFSUNLOCKMNT(nmp);
7112 		return (EFBIG);
7113 	}
7114 	if (nmp->nm_clp != NULL)
7115 		clidrev = nmp->nm_clp->nfsc_clientidrev;
7116 	NFSUNLOCKMNT(nmp);
7117 	nfhp = VTONFS(vp)->n_fhp;
7118 	retrycnt = 0;
7119 	do {
7120 		lckp = NULL;
7121 		nostateid = 0;
7122 		nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
7123 		    NFSV4OPEN_ACCESSWRITE, 0, cred, p, &stateid, &lckp);
7124 		if (stateid.other[0] == 0 && stateid.other[1] == 0 &&
7125 		    stateid.other[2] == 0) {
7126 			nostateid = 1;
7127 			NFSCL_DEBUG(1, "stateid0 in allocate\n");
7128 		}
7129 
7130 		/*
7131 		 * Not finding a stateid should probably never happen,
7132 		 * but just return an error for this case.
7133 		 */
7134 		if (nostateid != 0)
7135 			error = EIO;
7136 		else
7137 			error = nfsrpc_allocaterpc(vp, off, len, &stateid,
7138 			    nap, attrflagp, cred, p, stuff);
7139 		if (error == NFSERR_STALESTATEID)
7140 			nfscl_initiate_recovery(nmp->nm_clp);
7141 		if (lckp != NULL)
7142 			nfscl_lockderef(lckp);
7143 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
7144 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
7145 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
7146 			(void) nfs_catnap(PZERO, error, "nfs_allocate");
7147 		} else if ((error == NFSERR_EXPIRED ||
7148 		    error == NFSERR_BADSTATEID) && clidrev != 0) {
7149 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev, p);
7150 		}
7151 		retrycnt++;
7152 	} while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
7153 	    error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
7154 	    error == NFSERR_STALEDONTRECOVER ||
7155 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
7156 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
7157 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
7158 	if (error != 0 && retrycnt >= 4)
7159 		error = EIO;
7160 	return (error);
7161 }
7162 
7163 /*
7164  * The allocate RPC.
7165  */
7166 static int
nfsrpc_allocaterpc(vnode_t vp,off_t off,off_t len,nfsv4stateid_t * stateidp,struct nfsvattr * nap,int * attrflagp,struct ucred * cred,NFSPROC_T * p,void * stuff)7167 nfsrpc_allocaterpc(vnode_t vp, off_t off, off_t len, nfsv4stateid_t *stateidp,
7168     struct nfsvattr *nap, int *attrflagp, struct ucred *cred, NFSPROC_T *p,
7169     void *stuff)
7170 {
7171 	uint32_t *tl;
7172 	int error;
7173 	struct nfsrv_descript nfsd;
7174 	struct nfsrv_descript *nd = &nfsd;
7175 	nfsattrbit_t attrbits;
7176 
7177 	*attrflagp = 0;
7178 	NFSCL_REQSTART(nd, NFSPROC_ALLOCATE, vp);
7179 	nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
7180 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_HYPER + NFSX_UNSIGNED);
7181 	txdr_hyper(off, tl); tl += 2;
7182 	txdr_hyper(len, tl); tl += 2;
7183 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
7184 	NFSGETATTR_ATTRBIT(&attrbits);
7185 	nfsrv_putattrbit(nd, &attrbits);
7186 	error = nfscl_request(nd, vp, p, cred, stuff);
7187 	if (error != 0)
7188 		return (error);
7189 	if (nd->nd_repstat == 0) {
7190 		NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
7191 		error = nfsm_loadattr(nd, nap);
7192 		if (error == 0)
7193 			*attrflagp = NFS_LATTR_NOSHRINK;
7194 	} else
7195 		error = nd->nd_repstat;
7196 nfsmout:
7197 	m_freem(nd->nd_mrep);
7198 	return (error);
7199 }
7200 
7201 /*
7202  * Set up the XDR arguments for the LayoutGet operation.
7203  */
7204 static void
nfsrv_setuplayoutget(struct nfsrv_descript * nd,int iomode,uint64_t offset,uint64_t len,uint64_t minlen,nfsv4stateid_t * stateidp,int layouttype,int layoutlen,int usecurstateid)7205 nfsrv_setuplayoutget(struct nfsrv_descript *nd, int iomode, uint64_t offset,
7206     uint64_t len, uint64_t minlen, nfsv4stateid_t *stateidp, int layouttype,
7207     int layoutlen, int usecurstateid)
7208 {
7209 	uint32_t *tl;
7210 
7211 	NFSM_BUILD(tl, uint32_t *, 4 * NFSX_UNSIGNED + 3 * NFSX_HYPER +
7212 	    NFSX_STATEID);
7213 	*tl++ = newnfs_false;		/* Don't signal availability. */
7214 	*tl++ = txdr_unsigned(layouttype);
7215 	*tl++ = txdr_unsigned(iomode);
7216 	txdr_hyper(offset, tl);
7217 	tl += 2;
7218 	txdr_hyper(len, tl);
7219 	tl += 2;
7220 	txdr_hyper(minlen, tl);
7221 	tl += 2;
7222 	if (usecurstateid != 0) {
7223 		/* Special stateid for Current stateid. */
7224 		*tl++ = txdr_unsigned(1);
7225 		*tl++ = 0;
7226 		*tl++ = 0;
7227 		*tl++ = 0;
7228 	} else {
7229 		*tl++ = txdr_unsigned(stateidp->seqid);
7230 		NFSCL_DEBUG(4, "layget seq=%d\n", (int)stateidp->seqid);
7231 		*tl++ = stateidp->other[0];
7232 		*tl++ = stateidp->other[1];
7233 		*tl++ = stateidp->other[2];
7234 	}
7235 	*tl = txdr_unsigned(layoutlen);
7236 }
7237 
7238 /*
7239  * Parse the reply for a successful LayoutGet operation.
7240  */
7241 static int
nfsrv_parselayoutget(struct nfsmount * nmp,struct nfsrv_descript * nd,nfsv4stateid_t * stateidp,int * retonclosep,struct nfsclflayouthead * flhp)7242 nfsrv_parselayoutget(struct nfsmount *nmp, struct nfsrv_descript *nd,
7243     nfsv4stateid_t *stateidp, int *retonclosep, struct nfsclflayouthead *flhp)
7244 {
7245 	uint32_t *tl;
7246 	struct nfsclflayout *flp, *prevflp, *tflp;
7247 	int cnt, error, fhcnt, gotiomode, i, iomode, j, k, l, laytype, nfhlen;
7248 	int m, mirrorcnt;
7249 	uint64_t retlen, off;
7250 	struct nfsfh *nfhp;
7251 	uint8_t *cp;
7252 	uid_t user;
7253 	gid_t grp;
7254 
7255 	NFSCL_DEBUG(4, "in nfsrv_parselayoutget\n");
7256 	error = 0;
7257 	flp = NULL;
7258 	gotiomode = -1;
7259 	NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED + NFSX_STATEID);
7260 	if (*tl++ != 0)
7261 		*retonclosep = 1;
7262 	else
7263 		*retonclosep = 0;
7264 	stateidp->seqid = fxdr_unsigned(uint32_t, *tl++);
7265 	NFSCL_DEBUG(4, "retoncls=%d stseq=%d\n", *retonclosep,
7266 	    (int)stateidp->seqid);
7267 	stateidp->other[0] = *tl++;
7268 	stateidp->other[1] = *tl++;
7269 	stateidp->other[2] = *tl++;
7270 	cnt = fxdr_unsigned(int, *tl);
7271 	NFSCL_DEBUG(4, "layg cnt=%d\n", cnt);
7272 	if (cnt <= 0 || cnt > 10000) {
7273 		/* Don't accept more than 10000 layouts in reply. */
7274 		error = NFSERR_BADXDR;
7275 		goto nfsmout;
7276 	}
7277 	for (i = 0; i < cnt; i++) {
7278 		/* Dissect to the layout type. */
7279 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_HYPER +
7280 		    3 * NFSX_UNSIGNED);
7281 		off = fxdr_hyper(tl); tl += 2;
7282 		retlen = fxdr_hyper(tl); tl += 2;
7283 		iomode = fxdr_unsigned(int, *tl++);
7284 		laytype = fxdr_unsigned(int, *tl);
7285 		NFSCL_DEBUG(4, "layt=%d off=%ju len=%ju iom=%d\n", laytype,
7286 		    (uintmax_t)off, (uintmax_t)retlen, iomode);
7287 		/* Ignore length of layout body for now. */
7288 		if (laytype == NFSLAYOUT_NFSV4_1_FILES) {
7289 			/* Parse the File layout up to fhcnt. */
7290 			NFSM_DISSECT(tl, uint32_t *, 3 * NFSX_UNSIGNED +
7291 			    NFSX_HYPER + NFSX_V4DEVICEID);
7292 			fhcnt = fxdr_unsigned(int, *(tl + 4 +
7293 			    NFSX_V4DEVICEID / NFSX_UNSIGNED));
7294 			NFSCL_DEBUG(4, "fhcnt=%d\n", fhcnt);
7295 			if (fhcnt < 0 || fhcnt > 100) {
7296 				/* Don't accept more than 100 file handles. */
7297 				error = NFSERR_BADXDR;
7298 				goto nfsmout;
7299 			}
7300 			if (fhcnt > 0)
7301 				flp = malloc(sizeof(*flp) + fhcnt *
7302 				    sizeof(struct nfsfh *), M_NFSFLAYOUT,
7303 				    M_WAITOK);
7304 			else
7305 				flp = malloc(sizeof(*flp), M_NFSFLAYOUT,
7306 				    M_WAITOK);
7307 			flp->nfsfl_flags = NFSFL_FILE;
7308 			flp->nfsfl_fhcnt = 0;
7309 			flp->nfsfl_devp = NULL;
7310 			flp->nfsfl_off = off;
7311 			if (flp->nfsfl_off + retlen < flp->nfsfl_off)
7312 				flp->nfsfl_end = UINT64_MAX - flp->nfsfl_off;
7313 			else
7314 				flp->nfsfl_end = flp->nfsfl_off + retlen;
7315 			flp->nfsfl_iomode = iomode;
7316 			if (gotiomode == -1)
7317 				gotiomode = flp->nfsfl_iomode;
7318 			/* Ignore layout body length for now. */
7319 			NFSBCOPY(tl, flp->nfsfl_dev, NFSX_V4DEVICEID);
7320 			tl += (NFSX_V4DEVICEID / NFSX_UNSIGNED);
7321 			flp->nfsfl_util = fxdr_unsigned(uint32_t, *tl++);
7322 			NFSCL_DEBUG(4, "flutil=0x%x\n", flp->nfsfl_util);
7323 			mtx_lock(&nmp->nm_mtx);
7324 			if (nmp->nm_minorvers > 1 && (flp->nfsfl_util &
7325 			    NFSFLAYUTIL_IOADVISE_THRU_MDS) != 0)
7326 				nmp->nm_privflag |= NFSMNTP_IOADVISETHRUMDS;
7327 			mtx_unlock(&nmp->nm_mtx);
7328 			flp->nfsfl_stripe1 = fxdr_unsigned(uint32_t, *tl++);
7329 			flp->nfsfl_patoff = fxdr_hyper(tl); tl += 2;
7330 			NFSCL_DEBUG(4, "stripe1=%u poff=%ju\n",
7331 			    flp->nfsfl_stripe1, (uintmax_t)flp->nfsfl_patoff);
7332 			for (j = 0; j < fhcnt; j++) {
7333 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
7334 				nfhlen = fxdr_unsigned(int, *tl);
7335 				if (nfhlen <= 0 || nfhlen > NFSX_V4FHMAX) {
7336 					error = NFSERR_BADXDR;
7337 					goto nfsmout;
7338 				}
7339 				nfhp = malloc(sizeof(*nfhp) + nfhlen - 1,
7340 				    M_NFSFH, M_WAITOK);
7341 				flp->nfsfl_fh[j] = nfhp;
7342 				flp->nfsfl_fhcnt++;
7343 				nfhp->nfh_len = nfhlen;
7344 				NFSM_DISSECT(cp, uint8_t *, NFSM_RNDUP(nfhlen));
7345 				NFSBCOPY(cp, nfhp->nfh_fh, nfhlen);
7346 			}
7347 		} else if (laytype == NFSLAYOUT_FLEXFILE) {
7348 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED +
7349 			    NFSX_HYPER);
7350 			mirrorcnt = fxdr_unsigned(int, *(tl + 2));
7351 			NFSCL_DEBUG(4, "mirrorcnt=%d\n", mirrorcnt);
7352 			if (mirrorcnt < 1 || mirrorcnt > NFSDEV_MAXMIRRORS) {
7353 				error = NFSERR_BADXDR;
7354 				goto nfsmout;
7355 			}
7356 			flp = malloc(sizeof(*flp) + mirrorcnt *
7357 			    sizeof(struct nfsffm), M_NFSFLAYOUT, M_WAITOK);
7358 			flp->nfsfl_flags = NFSFL_FLEXFILE;
7359 			flp->nfsfl_mirrorcnt = mirrorcnt;
7360 			for (j = 0; j < mirrorcnt; j++)
7361 				flp->nfsfl_ffm[j].devp = NULL;
7362 			flp->nfsfl_off = off;
7363 			if (flp->nfsfl_off + retlen < flp->nfsfl_off)
7364 				flp->nfsfl_end = UINT64_MAX - flp->nfsfl_off;
7365 			else
7366 				flp->nfsfl_end = flp->nfsfl_off + retlen;
7367 			flp->nfsfl_iomode = iomode;
7368 			if (gotiomode == -1)
7369 				gotiomode = flp->nfsfl_iomode;
7370 			flp->nfsfl_stripeunit = fxdr_hyper(tl);
7371 			NFSCL_DEBUG(4, "stripeunit=%ju\n",
7372 			    (uintmax_t)flp->nfsfl_stripeunit);
7373 			for (j = 0; j < mirrorcnt; j++) {
7374 				NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
7375 				k = fxdr_unsigned(int, *tl);
7376 				if (k < 1 || k > 128) {
7377 					error = NFSERR_BADXDR;
7378 					goto nfsmout;
7379 				}
7380 				NFSCL_DEBUG(4, "servercnt=%d\n", k);
7381 				for (l = 0; l < k; l++) {
7382 					NFSM_DISSECT(tl, uint32_t *,
7383 					    NFSX_V4DEVICEID + NFSX_STATEID +
7384 					    2 * NFSX_UNSIGNED);
7385 					if (l == 0) {
7386 						/* Just use the first server. */
7387 						NFSBCOPY(tl,
7388 						    flp->nfsfl_ffm[j].dev,
7389 						    NFSX_V4DEVICEID);
7390 						tl += (NFSX_V4DEVICEID /
7391 						    NFSX_UNSIGNED);
7392 						tl++;
7393 						flp->nfsfl_ffm[j].st.seqid =
7394 						    *tl++;
7395 						flp->nfsfl_ffm[j].st.other[0] =
7396 						    *tl++;
7397 						flp->nfsfl_ffm[j].st.other[1] =
7398 						    *tl++;
7399 						flp->nfsfl_ffm[j].st.other[2] =
7400 						    *tl++;
7401 						NFSCL_DEBUG(4, "st.seqid=%u "
7402 						 "st.o0=0x%x st.o1=0x%x "
7403 						 "st.o2=0x%x\n",
7404 						 flp->nfsfl_ffm[j].st.seqid,
7405 						 flp->nfsfl_ffm[j].st.other[0],
7406 						 flp->nfsfl_ffm[j].st.other[1],
7407 						 flp->nfsfl_ffm[j].st.other[2]);
7408 					} else
7409 						tl += ((NFSX_V4DEVICEID +
7410 						    NFSX_STATEID +
7411 						    NFSX_UNSIGNED) /
7412 						    NFSX_UNSIGNED);
7413 					fhcnt = fxdr_unsigned(int, *tl);
7414 					NFSCL_DEBUG(4, "fhcnt=%d\n", fhcnt);
7415 					if (fhcnt < 1 ||
7416 					    fhcnt > NFSDEV_MAXVERS) {
7417 						error = NFSERR_BADXDR;
7418 						goto nfsmout;
7419 					}
7420 					for (m = 0; m < fhcnt; m++) {
7421 						NFSM_DISSECT(tl, uint32_t *,
7422 						    NFSX_UNSIGNED);
7423 						nfhlen = fxdr_unsigned(int,
7424 						    *tl);
7425 						NFSCL_DEBUG(4, "nfhlen=%d\n",
7426 						    nfhlen);
7427 						if (nfhlen <= 0 || nfhlen >
7428 						    NFSX_V4FHMAX) {
7429 							error = NFSERR_BADXDR;
7430 							goto nfsmout;
7431 						}
7432 						NFSM_DISSECT(cp, uint8_t *,
7433 						    NFSM_RNDUP(nfhlen));
7434 						if (l == 0) {
7435 							flp->nfsfl_ffm[j].fhcnt
7436 							    = fhcnt;
7437 							nfhp = malloc(
7438 							    sizeof(*nfhp) +
7439 							    nfhlen - 1, M_NFSFH,
7440 							    M_WAITOK);
7441 							flp->nfsfl_ffm[j].fh[m]
7442 							    = nfhp;
7443 							nfhp->nfh_len = nfhlen;
7444 							NFSBCOPY(cp,
7445 							    nfhp->nfh_fh,
7446 							    nfhlen);
7447 							NFSCL_DEBUG(4,
7448 							    "got fh\n");
7449 						}
7450 					}
7451 					/* Now, get the ffsd_user/ffds_group. */
7452 					error = nfsrv_parseug(nd, 0, &user,
7453 					    &grp, curthread);
7454 					NFSCL_DEBUG(4, "after parseu=%d\n",
7455 					    error);
7456 					if (error == 0)
7457 						error = nfsrv_parseug(nd, 1,
7458 						    &user, &grp, curthread);
7459 					NFSCL_DEBUG(4, "aft parseg=%d\n",
7460 					    grp);
7461 					if (error != 0)
7462 						goto nfsmout;
7463 					NFSCL_DEBUG(4, "user=%d group=%d\n",
7464 					    user, grp);
7465 					if (l == 0) {
7466 						flp->nfsfl_ffm[j].user = user;
7467 						flp->nfsfl_ffm[j].group = grp;
7468 						NFSCL_DEBUG(4,
7469 						    "usr=%d grp=%d\n", user,
7470 						    grp);
7471 					}
7472 				}
7473 			}
7474 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
7475 			flp->nfsfl_fflags = fxdr_unsigned(uint32_t, *tl++);
7476 #ifdef notnow
7477 			/*
7478 			 * At this time, there is no flag.
7479 			 * NFSFLEXFLAG_IOADVISE_THRU_MDS might need to be
7480 			 * added, or it may never exist?
7481 			 */
7482 			mtx_lock(&nmp->nm_mtx);
7483 			if (nmp->nm_minorvers > 1 && (flp->nfsfl_fflags &
7484 			    NFSFLEXFLAG_IOADVISE_THRU_MDS) != 0)
7485 				nmp->nm_privflag |= NFSMNTP_IOADVISETHRUMDS;
7486 			mtx_unlock(&nmp->nm_mtx);
7487 #endif
7488 			flp->nfsfl_statshint = fxdr_unsigned(uint32_t, *tl);
7489 			NFSCL_DEBUG(4, "fflags=0x%x statshint=%d\n",
7490 			    flp->nfsfl_fflags, flp->nfsfl_statshint);
7491 		} else {
7492 			error = NFSERR_BADXDR;
7493 			goto nfsmout;
7494 		}
7495 		if (flp->nfsfl_iomode == gotiomode) {
7496 			/* Keep the list in increasing offset order. */
7497 			tflp = LIST_FIRST(flhp);
7498 			prevflp = NULL;
7499 			while (tflp != NULL &&
7500 			    tflp->nfsfl_off < flp->nfsfl_off) {
7501 				prevflp = tflp;
7502 				tflp = LIST_NEXT(tflp, nfsfl_list);
7503 			}
7504 			if (prevflp == NULL)
7505 				LIST_INSERT_HEAD(flhp, flp, nfsfl_list);
7506 			else
7507 				LIST_INSERT_AFTER(prevflp, flp,
7508 				    nfsfl_list);
7509 			NFSCL_DEBUG(4, "flp inserted\n");
7510 		} else {
7511 			printf("nfscl_layoutget(): got wrong iomode\n");
7512 			nfscl_freeflayout(flp);
7513 		}
7514 		flp = NULL;
7515 	}
7516 nfsmout:
7517 	NFSCL_DEBUG(4, "eo nfsrv_parselayoutget=%d\n", error);
7518 	if (error != 0 && flp != NULL)
7519 		nfscl_freeflayout(flp);
7520 	return (error);
7521 }
7522 
7523 /*
7524  * Parse a user/group digit string.
7525  */
7526 static int
nfsrv_parseug(struct nfsrv_descript * nd,int dogrp,uid_t * uidp,gid_t * gidp,NFSPROC_T * p)7527 nfsrv_parseug(struct nfsrv_descript *nd, int dogrp, uid_t *uidp, gid_t *gidp,
7528     NFSPROC_T *p)
7529 {
7530 	uint32_t *tl;
7531 	char *cp, *str, str0[NFSV4_SMALLSTR + 1];
7532 	uint32_t len = 0;
7533 	int error = 0;
7534 
7535 	NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
7536 	len = fxdr_unsigned(uint32_t, *tl);
7537 	str = NULL;
7538 	if (len > NFSV4_OPAQUELIMIT) {
7539 		error = NFSERR_BADXDR;
7540 		goto nfsmout;
7541 	}
7542 	NFSCL_DEBUG(4, "nfsrv_parseug: len=%d\n", len);
7543 	if (len == 0) {
7544 		if (dogrp != 0)
7545 			*gidp = GID_NOGROUP;
7546 		else
7547 			*uidp = UID_NOBODY;
7548 		return (0);
7549 	}
7550 	if (len > NFSV4_SMALLSTR)
7551 		str = malloc(len + 1, M_TEMP, M_WAITOK);
7552 	else
7553 		str = str0;
7554 	NFSM_DISSECT(cp, char *, NFSM_RNDUP(len));
7555 	NFSBCOPY(cp, str, len);
7556 	str[len] = '\0';
7557 	NFSCL_DEBUG(4, "nfsrv_parseug: str=%s\n", str);
7558 	if (dogrp != 0)
7559 		error = nfsv4_strtogid(nd, str, len, gidp);
7560 	else
7561 		error = nfsv4_strtouid(nd, str, len, uidp);
7562 nfsmout:
7563 	if (len > NFSV4_SMALLSTR)
7564 		free(str, M_TEMP);
7565 	NFSCL_DEBUG(4, "eo nfsrv_parseug=%d\n", error);
7566 	return (error);
7567 }
7568 
7569 /*
7570  * Similar to nfsrpc_getlayout(), except that it uses nfsrpc_openlayget(),
7571  * so that it does both an Open and a Layoutget.
7572  */
7573 static int
nfsrpc_getopenlayout(struct nfsmount * nmp,vnode_t vp,u_int8_t * nfhp,int fhlen,uint8_t * newfhp,int newfhlen,uint32_t mode,struct nfsclopen * op,uint8_t * name,int namelen,struct nfscldeleg ** dpp,struct ucred * cred,NFSPROC_T * p)7574 nfsrpc_getopenlayout(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp,
7575     int fhlen, uint8_t *newfhp, int newfhlen, uint32_t mode,
7576     struct nfsclopen *op, uint8_t *name, int namelen, struct nfscldeleg **dpp,
7577     struct ucred *cred, NFSPROC_T *p)
7578 {
7579 	struct nfscllayout *lyp;
7580 	struct nfsclflayout *flp;
7581 	struct nfsclflayouthead flh;
7582 	int error, islocked, layoutlen, recalled, retonclose, usecurstateid;
7583 	int layouttype, laystat;
7584 	nfsv4stateid_t stateid;
7585 	struct nfsclsession *tsep;
7586 
7587 	error = 0;
7588 	if (NFSHASFLEXFILE(nmp))
7589 		layouttype = NFSLAYOUT_FLEXFILE;
7590 	else
7591 		layouttype = NFSLAYOUT_NFSV4_1_FILES;
7592 	/*
7593 	 * If lyp is returned non-NULL, there will be a refcnt (shared lock)
7594 	 * on it, iff flp != NULL or a lock (exclusive lock) on it iff
7595 	 * flp == NULL.
7596 	 */
7597 	lyp = nfscl_getlayout(nmp->nm_clp, newfhp, newfhlen, 0, mode, &flp,
7598 	    &recalled);
7599 	NFSCL_DEBUG(4, "nfsrpc_getopenlayout nfscl_getlayout lyp=%p\n", lyp);
7600 	if (lyp == NULL)
7601 		islocked = 0;
7602 	else if (flp != NULL)
7603 		islocked = 1;
7604 	else
7605 		islocked = 2;
7606 	if ((lyp == NULL || flp == NULL) && recalled == 0) {
7607 		LIST_INIT(&flh);
7608 		tsep = nfsmnt_mdssession(nmp);
7609 		layoutlen = tsep->nfsess_maxcache - (NFSX_STATEID +
7610 		    3 * NFSX_UNSIGNED);
7611 		if (lyp == NULL)
7612 			usecurstateid = 1;
7613 		else {
7614 			usecurstateid = 0;
7615 			stateid.seqid = lyp->nfsly_stateid.seqid;
7616 			stateid.other[0] = lyp->nfsly_stateid.other[0];
7617 			stateid.other[1] = lyp->nfsly_stateid.other[1];
7618 			stateid.other[2] = lyp->nfsly_stateid.other[2];
7619 		}
7620 		error = nfsrpc_openlayoutrpc(nmp, vp, nfhp, fhlen,
7621 		    newfhp, newfhlen, mode, op, name, namelen,
7622 		    dpp, &stateid, usecurstateid, layouttype, layoutlen,
7623 		    &retonclose, &flh, &laystat, cred, p);
7624 		NFSCL_DEBUG(4, "aft nfsrpc_openlayoutrpc laystat=%d err=%d\n",
7625 		    laystat, error);
7626 		laystat = nfsrpc_layoutgetres(nmp, vp, newfhp, newfhlen,
7627 		    &stateid, retonclose, NULL, &lyp, &flh, layouttype, laystat,
7628 		    &islocked, cred, p);
7629 	} else
7630 		error = nfsrpc_openrpc(nmp, vp, nfhp, fhlen, newfhp, newfhlen,
7631 		    mode, op, name, namelen, dpp, 0, 0, cred, p, 0, 0);
7632 	if (islocked == 2)
7633 		nfscl_rellayout(lyp, 1);
7634 	else if (islocked == 1)
7635 		nfscl_rellayout(lyp, 0);
7636 	return (error);
7637 }
7638 
7639 /*
7640  * This function does an Open+LayoutGet for an NFSv4.1 mount with pNFS
7641  * enabled, only for the CLAIM_NULL case.  All other NFSv4 Opens are
7642  * handled by nfsrpc_openrpc().
7643  * For the case where op == NULL, dvp is the directory.  When op != NULL, it
7644  * can be NULL.
7645  */
7646 static int
nfsrpc_openlayoutrpc(struct nfsmount * nmp,vnode_t vp,u_int8_t * nfhp,int fhlen,uint8_t * newfhp,int newfhlen,uint32_t mode,struct nfsclopen * op,uint8_t * name,int namelen,struct nfscldeleg ** dpp,nfsv4stateid_t * stateidp,int usecurstateid,int layouttype,int layoutlen,int * retonclosep,struct nfsclflayouthead * flhp,int * laystatp,struct ucred * cred,NFSPROC_T * p)7647 nfsrpc_openlayoutrpc(struct nfsmount *nmp, vnode_t vp, u_int8_t *nfhp,
7648     int fhlen, uint8_t *newfhp, int newfhlen, uint32_t mode,
7649     struct nfsclopen *op, uint8_t *name, int namelen, struct nfscldeleg **dpp,
7650     nfsv4stateid_t *stateidp, int usecurstateid, int layouttype,
7651     int layoutlen, int *retonclosep, struct nfsclflayouthead *flhp,
7652     int *laystatp, struct ucred *cred, NFSPROC_T *p)
7653 {
7654 	uint32_t *tl;
7655 	struct nfsrv_descript nfsd, *nd = &nfsd;
7656 	struct nfscldeleg *ndp = NULL;
7657 	struct nfsvattr nfsva;
7658 	struct nfsclsession *tsep;
7659 	uint32_t rflags, deleg;
7660 	nfsattrbit_t attrbits;
7661 	int error, ret, acesize, limitby, iomode;
7662 
7663 	*dpp = NULL;
7664 	*laystatp = ENXIO;
7665 	nfscl_reqstart(nd, NFSPROC_OPENLAYGET, nmp, nfhp, fhlen, NULL, NULL,
7666 	    0, 0);
7667 	NFSM_BUILD(tl, uint32_t *, 5 * NFSX_UNSIGNED);
7668 	*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
7669 	*tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
7670 	*tl++ = txdr_unsigned((mode >> NFSLCK_SHIFT) & NFSV4OPEN_DENYBOTH);
7671 	tsep = nfsmnt_mdssession(nmp);
7672 	*tl++ = tsep->nfsess_clientid.lval[0];
7673 	*tl = tsep->nfsess_clientid.lval[1];
7674 	nfsm_strtom(nd, op->nfso_own->nfsow_owner, NFSV4CL_LOCKNAMELEN);
7675 	NFSM_BUILD(tl, uint32_t *, 2 * NFSX_UNSIGNED);
7676 	*tl++ = txdr_unsigned(NFSV4OPEN_NOCREATE);
7677 	*tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
7678 	nfsm_strtom(nd, name, namelen);
7679 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
7680 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
7681 	NFSZERO_ATTRBIT(&attrbits);
7682 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_CHANGE);
7683 	NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFY);
7684 	nfsrv_putattrbit(nd, &attrbits);
7685 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
7686 	*tl = txdr_unsigned(NFSV4OP_LAYOUTGET);
7687 	if ((mode & NFSV4OPEN_ACCESSWRITE) != 0)
7688 		iomode = NFSLAYOUTIOMODE_RW;
7689 	else
7690 		iomode = NFSLAYOUTIOMODE_READ;
7691 	nfsrv_setuplayoutget(nd, iomode, 0, UINT64_MAX, 0, stateidp,
7692 	    layouttype, layoutlen, usecurstateid);
7693 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, vp, p, cred,
7694 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);
7695 	if (error != 0)
7696 		return (error);
7697 	NFSCL_INCRSEQID(op->nfso_own->nfsow_seqid, nd);
7698 	if (nd->nd_repstat != 0)
7699 		*laystatp = nd->nd_repstat;
7700 	if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
7701 		/* ND_NOMOREDATA will be set if the Open operation failed. */
7702 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
7703 		    6 * NFSX_UNSIGNED);
7704 		op->nfso_stateid.seqid = *tl++;
7705 		op->nfso_stateid.other[0] = *tl++;
7706 		op->nfso_stateid.other[1] = *tl++;
7707 		op->nfso_stateid.other[2] = *tl;
7708 		rflags = fxdr_unsigned(u_int32_t, *(tl + 6));
7709 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
7710 		if (error != 0)
7711 			goto nfsmout;
7712 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
7713 		deleg = fxdr_unsigned(u_int32_t, *tl);
7714 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
7715 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
7716 			if (!(op->nfso_own->nfsow_clp->nfsc_flags &
7717 			      NFSCLFLAGS_FIRSTDELEG))
7718 				op->nfso_own->nfsow_clp->nfsc_flags |=
7719 				  (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
7720 			ndp = malloc(sizeof(struct nfscldeleg) + newfhlen,
7721 			    M_NFSCLDELEG, M_WAITOK);
7722 			LIST_INIT(&ndp->nfsdl_owner);
7723 			LIST_INIT(&ndp->nfsdl_lock);
7724 			ndp->nfsdl_clp = op->nfso_own->nfsow_clp;
7725 			ndp->nfsdl_fhlen = newfhlen;
7726 			NFSBCOPY(newfhp, ndp->nfsdl_fh, newfhlen);
7727 			newnfs_copyincred(cred, &ndp->nfsdl_cred);
7728 			nfscl_lockinit(&ndp->nfsdl_rwlock);
7729 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
7730 			    NFSX_UNSIGNED);
7731 			ndp->nfsdl_stateid.seqid = *tl++;
7732 			ndp->nfsdl_stateid.other[0] = *tl++;
7733 			ndp->nfsdl_stateid.other[1] = *tl++;
7734 			ndp->nfsdl_stateid.other[2] = *tl++;
7735 			ret = fxdr_unsigned(int, *tl);
7736 			if (deleg == NFSV4OPEN_DELEGATEWRITE) {
7737 				ndp->nfsdl_flags = NFSCLDL_WRITE;
7738 				/*
7739 				 * Indicates how much the file can grow.
7740 				 */
7741 				NFSM_DISSECT(tl, u_int32_t *,
7742 				    3 * NFSX_UNSIGNED);
7743 				limitby = fxdr_unsigned(int, *tl++);
7744 				switch (limitby) {
7745 				case NFSV4OPEN_LIMITSIZE:
7746 					ndp->nfsdl_sizelimit = fxdr_hyper(tl);
7747 					break;
7748 				case NFSV4OPEN_LIMITBLOCKS:
7749 					ndp->nfsdl_sizelimit =
7750 					    fxdr_unsigned(u_int64_t, *tl++);
7751 					ndp->nfsdl_sizelimit *=
7752 					    fxdr_unsigned(u_int64_t, *tl);
7753 					break;
7754 				default:
7755 					error = NFSERR_BADXDR;
7756 					goto nfsmout;
7757 				};
7758 			} else
7759 				ndp->nfsdl_flags = NFSCLDL_READ;
7760 			if (ret != 0)
7761 				ndp->nfsdl_flags |= NFSCLDL_RECALL;
7762 			error = nfsrv_dissectace(nd, &ndp->nfsdl_ace, false,
7763 			    &ret, &acesize, p);
7764 			if (error != 0)
7765 				goto nfsmout;
7766 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
7767 			error = NFSERR_BADXDR;
7768 			goto nfsmout;
7769 		}
7770 		if ((rflags & NFSV4OPEN_LOCKTYPEPOSIX) != 0 ||
7771 		    nfscl_assumeposixlocks)
7772 			op->nfso_posixlock = 1;
7773 		else
7774 			op->nfso_posixlock = 0;
7775 		NFSM_DISSECT(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
7776 		/* If the 2nd element == NFS_OK, the Getattr succeeded. */
7777 		if (*++tl == 0) {
7778 			error = nfsv4_loadattr(nd, NULL, &nfsva, NULL,
7779 			    NULL, 0, NULL, NULL, NULL, NULL, NULL, 0,
7780 			    NULL, NULL, NULL, p, cred);
7781 			if (error != 0)
7782 				goto nfsmout;
7783 			if (ndp != NULL) {
7784 				ndp->nfsdl_change = nfsva.na_filerev;
7785 				ndp->nfsdl_modtime = nfsva.na_mtime;
7786 				ndp->nfsdl_flags |= NFSCLDL_MODTIMESET;
7787 				*dpp = ndp;
7788 				ndp = NULL;
7789 			}
7790 			/*
7791 			 * At this point, the Open has succeeded, so set
7792 			 * nd_repstat = NFS_OK.  If the Layoutget failed,
7793 			 * this function just won't return a layout.
7794 			 */
7795 			if (nd->nd_repstat == 0) {
7796 				NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
7797 				*laystatp = fxdr_unsigned(int, *++tl);
7798 				if (*laystatp == 0) {
7799 					error = nfsrv_parselayoutget(nmp, nd,
7800 					    stateidp, retonclosep, flhp);
7801 					if (error != 0)
7802 						*laystatp = error;
7803 				}
7804 			} else
7805 				nd->nd_repstat = 0;	/* Return 0 for Open. */
7806 		}
7807 	}
7808 	if (nd->nd_repstat != 0 && error == 0)
7809 		error = nd->nd_repstat;
7810 nfsmout:
7811 	free(ndp, M_NFSCLDELEG);
7812 	m_freem(nd->nd_mrep);
7813 	return (error);
7814 }
7815 
7816 /*
7817  * Similar nfsrpc_createv4(), but also does the LayoutGet operation.
7818  * Used only for mounts with pNFS enabled.
7819  */
7820 static int
nfsrpc_createlayout(vnode_t dvp,char * name,int namelen,struct vattr * vap,nfsquad_t cverf,int fmode,struct nfsclowner * owp,struct nfscldeleg ** dpp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nnap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * dstuff,int * unlockedp,nfsv4stateid_t * stateidp,int usecurstateid,int layouttype,int layoutlen,int * retonclosep,struct nfsclflayouthead * flhp,int * laystatp)7821 nfsrpc_createlayout(vnode_t dvp, char *name, int namelen, struct vattr *vap,
7822     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
7823     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
7824     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
7825     int *dattrflagp, void *dstuff, int *unlockedp, nfsv4stateid_t *stateidp,
7826     int usecurstateid, int layouttype, int layoutlen, int *retonclosep,
7827     struct nfsclflayouthead *flhp, int *laystatp)
7828 {
7829 	uint32_t *tl;
7830 	int error = 0, deleg, newone, ret, acesize, limitby;
7831 	struct nfsrv_descript nfsd, *nd = &nfsd;
7832 	struct nfsclopen *op;
7833 	struct nfscldeleg *dp = NULL;
7834 	struct nfsnode *np;
7835 	struct nfsfh *nfhp;
7836 	struct nfsclsession *tsep;
7837 	nfsattrbit_t attrbits;
7838 	nfsv4stateid_t stateid;
7839 	struct nfsmount *nmp;
7840 
7841 	nmp = VFSTONFS(dvp->v_mount);
7842 	np = VTONFS(dvp);
7843 	*laystatp = ENXIO;
7844 	*unlockedp = 0;
7845 	*nfhpp = NULL;
7846 	*dpp = NULL;
7847 	*attrflagp = 0;
7848 	*dattrflagp = 0;
7849 	if (namelen > NFS_MAXNAMLEN)
7850 		return (ENAMETOOLONG);
7851 	NFSCL_REQSTART(nd, NFSPROC_CREATELAYGET, dvp);
7852 	/*
7853 	 * For V4, this is actually an Open op.
7854 	 */
7855 	NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
7856 	*tl++ = txdr_unsigned(owp->nfsow_seqid);
7857 	*tl++ = txdr_unsigned(NFSV4OPEN_ACCESSWRITE |
7858 	    NFSV4OPEN_ACCESSREAD);
7859 	*tl++ = txdr_unsigned(NFSV4OPEN_DENYNONE);
7860 	tsep = nfsmnt_mdssession(nmp);
7861 	*tl++ = tsep->nfsess_clientid.lval[0];
7862 	*tl = tsep->nfsess_clientid.lval[1];
7863 	nfsm_strtom(nd, owp->nfsow_owner, NFSV4CL_LOCKNAMELEN);
7864 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
7865 	*tl++ = txdr_unsigned(NFSV4OPEN_CREATE);
7866 	if ((fmode & O_EXCL) != 0) {
7867 		if (NFSHASSESSPERSIST(nmp)) {
7868 			/* Use GUARDED for persistent sessions. */
7869 			*tl = txdr_unsigned(NFSCREATE_GUARDED);
7870 			nfscl_fillsattr(nd, vap, dvp, 0, 0);
7871 		} else {
7872 			/* Otherwise, use EXCLUSIVE4_1. */
7873 			*tl = txdr_unsigned(NFSCREATE_EXCLUSIVE41);
7874 			NFSM_BUILD(tl, u_int32_t *, NFSX_VERF);
7875 			*tl++ = cverf.lval[0];
7876 			*tl = cverf.lval[1];
7877 			nfscl_fillsattr(nd, vap, dvp, 0, 0);
7878 		}
7879 	} else {
7880 		*tl = txdr_unsigned(NFSCREATE_UNCHECKED);
7881 		nfscl_fillsattr(nd, vap, dvp, 0, 0);
7882 	}
7883 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
7884 	*tl = txdr_unsigned(NFSV4OPEN_CLAIMNULL);
7885 	nfsm_strtom(nd, name, namelen);
7886 	/* Get the new file's handle and attributes, plus save the FH. */
7887 	NFSM_BUILD(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
7888 	*tl++ = txdr_unsigned(NFSV4OP_SAVEFH);
7889 	*tl++ = txdr_unsigned(NFSV4OP_GETFH);
7890 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
7891 	NFSGETATTR_ATTRBIT(&attrbits);
7892 	nfsrv_putattrbit(nd, &attrbits);
7893 	/* Get the directory's post-op attributes. */
7894 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
7895 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
7896 	nfsm_fhtom(nd, np->n_fhp->nfh_fh, np->n_fhp->nfh_len, 0);
7897 	NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
7898 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
7899 	nfsrv_putattrbit(nd, &attrbits);
7900 	NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
7901 	*tl++ = txdr_unsigned(NFSV4OP_RESTOREFH);
7902 	*tl = txdr_unsigned(NFSV4OP_LAYOUTGET);
7903 	nfsrv_setuplayoutget(nd, NFSLAYOUTIOMODE_RW, 0, UINT64_MAX, 0, stateidp,
7904 	    layouttype, layoutlen, usecurstateid);
7905 	error = nfscl_request(nd, dvp, p, cred, dstuff);
7906 	if (error != 0)
7907 		return (error);
7908 	NFSCL_DEBUG(4, "nfsrpc_createlayout stat=%d err=%d\n", nd->nd_repstat,
7909 	    error);
7910 	if (nd->nd_repstat != 0)
7911 		*laystatp = nd->nd_repstat;
7912 	NFSCL_INCRSEQID(owp->nfsow_seqid, nd);
7913 	if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
7914 		NFSCL_DEBUG(4, "nfsrpc_createlayout open succeeded\n");
7915 		NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
7916 		    6 * NFSX_UNSIGNED);
7917 		stateid.seqid = *tl++;
7918 		stateid.other[0] = *tl++;
7919 		stateid.other[1] = *tl++;
7920 		stateid.other[2] = *tl;
7921 		error = nfsrv_getattrbits(nd, &attrbits, NULL, NULL);
7922 		if (error != 0)
7923 			goto nfsmout;
7924 		NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
7925 		deleg = fxdr_unsigned(int, *tl);
7926 		if (deleg == NFSV4OPEN_DELEGATEREAD ||
7927 		    deleg == NFSV4OPEN_DELEGATEWRITE) {
7928 			if (!(owp->nfsow_clp->nfsc_flags &
7929 			      NFSCLFLAGS_FIRSTDELEG))
7930 				owp->nfsow_clp->nfsc_flags |=
7931 				  (NFSCLFLAGS_FIRSTDELEG | NFSCLFLAGS_GOTDELEG);
7932 			dp = malloc(sizeof(struct nfscldeleg) + NFSX_V4FHMAX,
7933 			    M_NFSCLDELEG, M_WAITOK);
7934 			LIST_INIT(&dp->nfsdl_owner);
7935 			LIST_INIT(&dp->nfsdl_lock);
7936 			dp->nfsdl_clp = owp->nfsow_clp;
7937 			newnfs_copyincred(cred, &dp->nfsdl_cred);
7938 			nfscl_lockinit(&dp->nfsdl_rwlock);
7939 			NFSM_DISSECT(tl, u_int32_t *, NFSX_STATEID +
7940 			    NFSX_UNSIGNED);
7941 			dp->nfsdl_stateid.seqid = *tl++;
7942 			dp->nfsdl_stateid.other[0] = *tl++;
7943 			dp->nfsdl_stateid.other[1] = *tl++;
7944 			dp->nfsdl_stateid.other[2] = *tl++;
7945 			ret = fxdr_unsigned(int, *tl);
7946 			if (deleg == NFSV4OPEN_DELEGATEWRITE) {
7947 				dp->nfsdl_flags = NFSCLDL_WRITE;
7948 				/*
7949 				 * Indicates how much the file can grow.
7950 				 */
7951 				NFSM_DISSECT(tl, u_int32_t *,
7952 				    3 * NFSX_UNSIGNED);
7953 				limitby = fxdr_unsigned(int, *tl++);
7954 				switch (limitby) {
7955 				case NFSV4OPEN_LIMITSIZE:
7956 					dp->nfsdl_sizelimit = fxdr_hyper(tl);
7957 					break;
7958 				case NFSV4OPEN_LIMITBLOCKS:
7959 					dp->nfsdl_sizelimit =
7960 					    fxdr_unsigned(u_int64_t, *tl++);
7961 					dp->nfsdl_sizelimit *=
7962 					    fxdr_unsigned(u_int64_t, *tl);
7963 					break;
7964 				default:
7965 					error = NFSERR_BADXDR;
7966 					goto nfsmout;
7967 				};
7968 			} else {
7969 				dp->nfsdl_flags = NFSCLDL_READ;
7970 			}
7971 			if (ret != 0)
7972 				dp->nfsdl_flags |= NFSCLDL_RECALL;
7973 			error = nfsrv_dissectace(nd, &dp->nfsdl_ace, false,
7974 			    &ret, &acesize, p);
7975 			if (error != 0)
7976 				goto nfsmout;
7977 		} else if (deleg != NFSV4OPEN_DELEGATENONE) {
7978 			error = NFSERR_BADXDR;
7979 			goto nfsmout;
7980 		}
7981 
7982 		/* Now, we should have the status for the SaveFH. */
7983 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
7984 		if (*++tl == 0) {
7985 			NFSCL_DEBUG(4, "nfsrpc_createlayout SaveFH ok\n");
7986 			/*
7987 			 * Now, process the GetFH and Getattr for the newly
7988 			 * created file. nfscl_mtofh() will set
7989 			 * ND_NOMOREDATA if these weren't successful.
7990 			 */
7991 			error = nfscl_mtofh(nd, nfhpp, nnap, attrflagp);
7992 			NFSCL_DEBUG(4, "aft nfscl_mtofh err=%d\n", error);
7993 			if (error != 0)
7994 				goto nfsmout;
7995 		} else
7996 			nd->nd_flag |= ND_NOMOREDATA;
7997 		/* Now we have the PutFH and Getattr for the directory. */
7998 		if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
7999 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8000 			if (*++tl != 0)
8001 				nd->nd_flag |= ND_NOMOREDATA;
8002 			else {
8003 				NFSM_DISSECT(tl, uint32_t *, 2 *
8004 				    NFSX_UNSIGNED);
8005 				if (*++tl != 0)
8006 					nd->nd_flag |= ND_NOMOREDATA;
8007 			}
8008 		}
8009 		if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
8010 			/* Load the directory attributes. */
8011 			error = nfsm_loadattr(nd, dnap);
8012 			NFSCL_DEBUG(4, "aft nfsm_loadattr err=%d\n", error);
8013 			if (error != 0)
8014 				goto nfsmout;
8015 			*dattrflagp = 1;
8016 			if (dp != NULL && *attrflagp != 0) {
8017 				dp->nfsdl_change = nnap->na_filerev;
8018 				dp->nfsdl_modtime = nnap->na_mtime;
8019 				dp->nfsdl_flags |= NFSCLDL_MODTIMESET;
8020 			}
8021 			/*
8022 			 * We can now complete the Open state.
8023 			 */
8024 			nfhp = *nfhpp;
8025 			if (dp != NULL) {
8026 				dp->nfsdl_fhlen = nfhp->nfh_len;
8027 				NFSBCOPY(nfhp->nfh_fh, dp->nfsdl_fh,
8028 				    nfhp->nfh_len);
8029 			}
8030 			/*
8031 			 * Get an Open structure that will be
8032 			 * attached to the OpenOwner, acquired already.
8033 			 */
8034 			error = nfscl_open(dvp, nfhp->nfh_fh, nfhp->nfh_len,
8035 			    (NFSV4OPEN_ACCESSWRITE | NFSV4OPEN_ACCESSREAD), 0,
8036 			    cred, p, NULL, &op, &newone, NULL, 0, false);
8037 			if (error != 0)
8038 				goto nfsmout;
8039 			op->nfso_stateid = stateid;
8040 			newnfs_copyincred(cred, &op->nfso_cred);
8041 
8042 			nfscl_openrelease(nmp, op, error, newone);
8043 			*unlockedp = 1;
8044 
8045 			/* Now, handle the RestoreFH and LayoutGet. */
8046 			if (nd->nd_repstat == 0) {
8047 				NFSM_DISSECT(tl, uint32_t *, 4 * NFSX_UNSIGNED);
8048 				*laystatp = fxdr_unsigned(int, *(tl + 3));
8049 				if (*laystatp == 0) {
8050 					error = nfsrv_parselayoutget(nmp, nd,
8051 					    stateidp, retonclosep, flhp);
8052 					if (error != 0)
8053 						*laystatp = error;
8054 				}
8055 				NFSCL_DEBUG(4, "aft nfsrv_parselayout err=%d\n",
8056 				    error);
8057 			} else
8058 				nd->nd_repstat = 0;
8059 		}
8060 	}
8061 	if (nd->nd_repstat != 0 && error == 0)
8062 		error = nd->nd_repstat;
8063 	if (error == NFSERR_STALECLIENTID || error == NFSERR_BADSESSION)
8064 		nfscl_initiate_recovery(owp->nfsow_clp);
8065 nfsmout:
8066 	NFSCL_DEBUG(4, "eo nfsrpc_createlayout err=%d\n", error);
8067 	if (error == 0)
8068 		*dpp = dp;
8069 	else
8070 		free(dp, M_NFSCLDELEG);
8071 	m_freem(nd->nd_mrep);
8072 	return (error);
8073 }
8074 
8075 /*
8076  * Similar to nfsrpc_getopenlayout(), except that it used for the Create case.
8077  */
8078 static int
nfsrpc_getcreatelayout(vnode_t dvp,char * name,int namelen,struct vattr * vap,nfsquad_t cverf,int fmode,struct nfsclowner * owp,struct nfscldeleg ** dpp,struct ucred * cred,NFSPROC_T * p,struct nfsvattr * dnap,struct nfsvattr * nnap,struct nfsfh ** nfhpp,int * attrflagp,int * dattrflagp,void * dstuff,int * unlockedp)8079 nfsrpc_getcreatelayout(vnode_t dvp, char *name, int namelen, struct vattr *vap,
8080     nfsquad_t cverf, int fmode, struct nfsclowner *owp, struct nfscldeleg **dpp,
8081     struct ucred *cred, NFSPROC_T *p, struct nfsvattr *dnap,
8082     struct nfsvattr *nnap, struct nfsfh **nfhpp, int *attrflagp,
8083     int *dattrflagp, void *dstuff, int *unlockedp)
8084 {
8085 	struct nfscllayout *lyp;
8086 	struct nfsclflayouthead flh;
8087 	struct nfsfh *nfhp;
8088 	struct nfsclsession *tsep;
8089 	struct nfsmount *nmp;
8090 	nfsv4stateid_t stateid;
8091 	int error, layoutlen, layouttype, retonclose, laystat;
8092 
8093 	error = 0;
8094 	nmp = VFSTONFS(dvp->v_mount);
8095 	if (NFSHASFLEXFILE(nmp))
8096 		layouttype = NFSLAYOUT_FLEXFILE;
8097 	else
8098 		layouttype = NFSLAYOUT_NFSV4_1_FILES;
8099 	LIST_INIT(&flh);
8100 	tsep = nfsmnt_mdssession(nmp);
8101 	layoutlen = tsep->nfsess_maxcache - (NFSX_STATEID + 3 * NFSX_UNSIGNED);
8102 	error = nfsrpc_createlayout(dvp, name, namelen, vap, cverf, fmode,
8103 	    owp, dpp, cred, p, dnap, nnap, nfhpp, attrflagp, dattrflagp,
8104 	    dstuff, unlockedp, &stateid, 1, layouttype, layoutlen, &retonclose,
8105 	    &flh, &laystat);
8106 	NFSCL_DEBUG(4, "aft nfsrpc_createlayoutrpc laystat=%d err=%d\n",
8107 	    laystat, error);
8108 	lyp = NULL;
8109 	if (laystat == 0) {
8110 		nfhp = *nfhpp;
8111 		laystat = nfsrpc_layoutgetres(nmp, dvp, nfhp->nfh_fh,
8112 		    nfhp->nfh_len, &stateid, retonclose, NULL, &lyp, &flh,
8113 		    layouttype, laystat, NULL, cred, p);
8114 	} else
8115 		laystat = nfsrpc_layoutgetres(nmp, dvp, NULL, 0, &stateid,
8116 		    retonclose, NULL, &lyp, &flh, layouttype, laystat, NULL,
8117 		    cred, p);
8118 	if (laystat == 0)
8119 		nfscl_rellayout(lyp, 0);
8120 	return (error);
8121 }
8122 
8123 /*
8124  * Process the results of a layoutget() operation.
8125  */
8126 static int
nfsrpc_layoutgetres(struct nfsmount * nmp,vnode_t vp,uint8_t * newfhp,int newfhlen,nfsv4stateid_t * stateidp,int retonclose,uint32_t * notifybit,struct nfscllayout ** lypp,struct nfsclflayouthead * flhp,int layouttype,int laystat,int * islockedp,struct ucred * cred,NFSPROC_T * p)8127 nfsrpc_layoutgetres(struct nfsmount *nmp, vnode_t vp, uint8_t *newfhp,
8128     int newfhlen, nfsv4stateid_t *stateidp, int retonclose, uint32_t *notifybit,
8129     struct nfscllayout **lypp, struct nfsclflayouthead *flhp, int layouttype,
8130     int laystat, int *islockedp, struct ucred *cred, NFSPROC_T *p)
8131 {
8132 	struct nfsclflayout *tflp;
8133 	struct nfscldevinfo *dip;
8134 	uint8_t *dev;
8135 	int i, mirrorcnt;
8136 
8137 	if (laystat == NFSERR_UNKNLAYOUTTYPE) {
8138 		NFSLOCKMNT(nmp);
8139 		if (!NFSHASFLEXFILE(nmp)) {
8140 			/* Switch to using Flex File Layout. */
8141 			nmp->nm_state |= NFSSTA_FLEXFILE;
8142 		} else if (layouttype == NFSLAYOUT_FLEXFILE) {
8143 			/* Disable pNFS. */
8144 			NFSCL_DEBUG(1, "disable PNFS\n");
8145 			nmp->nm_state &= ~(NFSSTA_PNFS | NFSSTA_FLEXFILE);
8146 		}
8147 		NFSUNLOCKMNT(nmp);
8148 	}
8149 	if (laystat == 0) {
8150 		NFSCL_DEBUG(4, "nfsrpc_layoutgetres at FOREACH\n");
8151 		LIST_FOREACH(tflp, flhp, nfsfl_list) {
8152 			if (layouttype == NFSLAYOUT_FLEXFILE)
8153 				mirrorcnt = tflp->nfsfl_mirrorcnt;
8154 			else
8155 				mirrorcnt = 1;
8156 			for (i = 0; i < mirrorcnt; i++) {
8157 				laystat = nfscl_adddevinfo(nmp, NULL, i, tflp);
8158 				NFSCL_DEBUG(4, "aft adddev=%d\n", laystat);
8159 				if (laystat != 0) {
8160 					if (layouttype == NFSLAYOUT_FLEXFILE)
8161 						dev = tflp->nfsfl_ffm[i].dev;
8162 					else
8163 						dev = tflp->nfsfl_dev;
8164 					laystat = nfsrpc_getdeviceinfo(nmp, dev,
8165 					    layouttype, notifybit, &dip, cred,
8166 					    p);
8167 					NFSCL_DEBUG(4, "aft nfsrpc_gdi=%d\n",
8168 					    laystat);
8169 					if (laystat != 0)
8170 						goto out;
8171 					laystat = nfscl_adddevinfo(nmp, dip, i,
8172 					    tflp);
8173 					if (laystat != 0)
8174 						printf("nfsrpc_layoutgetresout"
8175 						    ": cannot add\n");
8176 				}
8177 			}
8178 		}
8179 	}
8180 out:
8181 	if (laystat == 0) {
8182 		/*
8183 		 * nfscl_layout() always returns with the nfsly_lock
8184 		 * set to a refcnt (shared lock).
8185 		 * Passing in dvp is sufficient, since it is only used to
8186 		 * get the fsid for the file system.
8187 		 */
8188 		laystat = nfscl_layout(nmp, vp, newfhp, newfhlen, stateidp,
8189 		    layouttype, retonclose, flhp, lypp, cred, p);
8190 		NFSCL_DEBUG(4, "nfsrpc_layoutgetres: aft nfscl_layout=%d\n",
8191 		    laystat);
8192 		if (laystat == 0 && islockedp != NULL)
8193 			*islockedp = 1;
8194 	}
8195 	return (laystat);
8196 }
8197 
8198 /*
8199  * nfs copy_file_range operation.
8200  */
8201 int
nfsrpc_copy_file_range(vnode_t invp,off_t * inoffp,vnode_t outvp,off_t * outoffp,size_t * lenp,unsigned int flags,int * inattrflagp,struct nfsvattr * innap,int * outattrflagp,struct nfsvattr * outnap,struct ucred * cred,bool consecutive,bool * must_commitp)8202 nfsrpc_copy_file_range(vnode_t invp, off_t *inoffp, vnode_t outvp,
8203     off_t *outoffp, size_t *lenp, unsigned int flags, int *inattrflagp,
8204     struct nfsvattr *innap, int *outattrflagp, struct nfsvattr *outnap,
8205     struct ucred *cred, bool consecutive, bool *must_commitp)
8206 {
8207 	int commit, error, expireret = 0, retrycnt;
8208 	u_int32_t clidrev = 0;
8209 	struct nfsmount *nmp = VFSTONFS(invp->v_mount);
8210 	struct nfsfh *innfhp = NULL, *outnfhp = NULL;
8211 	nfsv4stateid_t instateid, outstateid;
8212 	void *inlckp, *outlckp;
8213 
8214 	if (nmp->nm_clp != NULL)
8215 		clidrev = nmp->nm_clp->nfsc_clientidrev;
8216 	innfhp = VTONFS(invp)->n_fhp;
8217 	outnfhp = VTONFS(outvp)->n_fhp;
8218 	retrycnt = 0;
8219 	do {
8220 		/* Get both stateids. */
8221 		inlckp = NULL;
8222 		nfscl_getstateid(invp, innfhp->nfh_fh, innfhp->nfh_len,
8223 		    NFSV4OPEN_ACCESSREAD, 0, NULL, curthread, &instateid,
8224 		    &inlckp);
8225 		outlckp = NULL;
8226 		nfscl_getstateid(outvp, outnfhp->nfh_fh, outnfhp->nfh_len,
8227 		    NFSV4OPEN_ACCESSWRITE, 0, NULL, curthread, &outstateid,
8228 		    &outlckp);
8229 
8230 		error = nfsrpc_copyrpc(invp, *inoffp, outvp, *outoffp, lenp,
8231 		    &instateid, &outstateid, innap, inattrflagp, outnap,
8232 		    outattrflagp, consecutive, &commit, cred, curthread);
8233 		if (error == 0) {
8234 			if (commit != NFSWRITE_FILESYNC)
8235 				*must_commitp = true;
8236 			*inoffp += *lenp;
8237 			*outoffp += *lenp;
8238 		} else if (error == NFSERR_STALESTATEID)
8239 			nfscl_initiate_recovery(nmp->nm_clp);
8240 		if (inlckp != NULL)
8241 			nfscl_lockderef(inlckp);
8242 		if (outlckp != NULL)
8243 			nfscl_lockderef(outlckp);
8244 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
8245 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
8246 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
8247 			(void) nfs_catnap(PZERO, error, "nfs_cfr");
8248 		} else if ((error == NFSERR_EXPIRED ||
8249 		    error == NFSERR_BADSTATEID) && clidrev != 0) {
8250 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev,
8251 			    curthread);
8252 		}
8253 		retrycnt++;
8254 	} while (error == NFSERR_GRACE || error == NFSERR_DELAY ||
8255 	    error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
8256 	      error == NFSERR_STALEDONTRECOVER ||
8257 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
8258 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
8259 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
8260 	if (error != 0 && (retrycnt >= 4 ||
8261 	    error == NFSERR_STALESTATEID || error == NFSERR_BADSESSION ||
8262 	      error == NFSERR_STALEDONTRECOVER))
8263 		error = EIO;
8264 	return (error);
8265 }
8266 
8267 /*
8268  * The copy RPC.
8269  */
8270 static int
nfsrpc_copyrpc(vnode_t invp,off_t inoff,vnode_t outvp,off_t outoff,size_t * lenp,nfsv4stateid_t * instateidp,nfsv4stateid_t * outstateidp,struct nfsvattr * innap,int * inattrflagp,struct nfsvattr * outnap,int * outattrflagp,bool consecutive,int * commitp,struct ucred * cred,NFSPROC_T * p)8271 nfsrpc_copyrpc(vnode_t invp, off_t inoff, vnode_t outvp, off_t outoff,
8272     size_t *lenp, nfsv4stateid_t *instateidp, nfsv4stateid_t *outstateidp,
8273     struct nfsvattr *innap, int *inattrflagp, struct nfsvattr *outnap,
8274     int *outattrflagp, bool consecutive, int *commitp, struct ucred *cred,
8275     NFSPROC_T *p)
8276 {
8277 	uint32_t *tl;
8278 	int error;
8279 	struct nfsrv_descript nfsd;
8280 	struct nfsrv_descript *nd = &nfsd;
8281 	struct nfsmount *nmp;
8282 	nfsattrbit_t attrbits;
8283 	uint64_t len;
8284 
8285 	nmp = VFSTONFS(outvp->v_mount);
8286 	*inattrflagp = *outattrflagp = 0;
8287 	*commitp = NFSWRITE_UNSTABLE;
8288 	len = *lenp;
8289 	*lenp = 0;
8290 	if (len > nfs_maxcopyrange)
8291 		len = nfs_maxcopyrange;
8292 	NFSCL_REQSTART(nd, NFSPROC_COPY, invp);
8293 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8294 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8295 	NFSGETATTR_ATTRBIT(&attrbits);
8296 	nfsrv_putattrbit(nd, &attrbits);
8297 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8298 	*tl = txdr_unsigned(NFSV4OP_PUTFH);
8299 	nfsm_fhtom(nd, VTONFS(outvp)->n_fhp->nfh_fh,
8300 	    VTONFS(outvp)->n_fhp->nfh_len, 0);
8301 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8302 	*tl = txdr_unsigned(NFSV4OP_COPY);
8303 	nfsm_stateidtom(nd, instateidp, NFSSTATEID_PUTSTATEID);
8304 	nfsm_stateidtom(nd, outstateidp, NFSSTATEID_PUTSTATEID);
8305 	NFSM_BUILD(tl, uint32_t *, 3 * NFSX_HYPER + 4 * NFSX_UNSIGNED);
8306 	txdr_hyper(inoff, tl); tl += 2;
8307 	txdr_hyper(outoff, tl); tl += 2;
8308 	txdr_hyper(len, tl); tl += 2;
8309 	if (consecutive)
8310 		*tl++ = newnfs_true;
8311 	else
8312 		*tl++ = newnfs_false;
8313 	*tl++ = newnfs_true;
8314 	*tl++ = 0;
8315 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8316 	NFSWRITEGETATTR_ATTRBIT(&attrbits);
8317 	nfsrv_putattrbit(nd, &attrbits);
8318 	error = nfscl_request(nd, invp, p, cred, NULL);
8319 	if (error != 0)
8320 		return (error);
8321 	if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
8322 		/* Get the input file's attributes. */
8323 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8324 		if (*(tl + 1) == 0) {
8325 			error = nfsm_loadattr(nd, innap);
8326 			if (error != 0)
8327 				goto nfsmout;
8328 			*inattrflagp = 1;
8329 		} else
8330 			nd->nd_flag |= ND_NOMOREDATA;
8331 	}
8332 	/* Skip over return stat for PutFH. */
8333 	if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
8334 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8335 		if (*++tl != 0)
8336 			nd->nd_flag |= ND_NOMOREDATA;
8337 	}
8338 	/* Skip over return stat for Copy. */
8339 	if ((nd->nd_flag & ND_NOMOREDATA) == 0)
8340 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8341 	if (nd->nd_repstat == 0) {
8342 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8343 		if (*tl != 0) {
8344 			/* There should be no callback ids. */
8345 			error = NFSERR_BADXDR;
8346 			goto nfsmout;
8347 		}
8348 		NFSM_DISSECT(tl, uint32_t *, NFSX_HYPER + 3 * NFSX_UNSIGNED +
8349 		    NFSX_VERF);
8350 		len = fxdr_hyper(tl); tl += 2;
8351 		*commitp = fxdr_unsigned(int, *tl++);
8352 		NFSLOCKMNT(nmp);
8353 		if (!NFSHASWRITEVERF(nmp)) {
8354 			NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
8355 			NFSSETWRITEVERF(nmp);
8356 	    	} else if (NFSBCMP(tl, nmp->nm_verf, NFSX_VERF)) {
8357 			NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
8358 			nd->nd_repstat = NFSERR_STALEWRITEVERF;
8359 		}
8360 		NFSUNLOCKMNT(nmp);
8361 		tl += (NFSX_VERF / NFSX_UNSIGNED);
8362 		if (nd->nd_repstat == 0 && *++tl != newnfs_true)
8363 			/* Must be a synchronous copy. */
8364 			nd->nd_repstat = NFSERR_NOTSUPP;
8365 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8366 		error = nfsm_loadattr(nd, outnap);
8367 		if (error == 0)
8368 			*outattrflagp = NFS_LATTR_NOSHRINK;
8369 		if (nd->nd_repstat == 0)
8370 			*lenp = len;
8371 	} else if (nd->nd_repstat == NFSERR_OFFLOADNOREQS) {
8372 		/*
8373 		 * For the case where consecutive is not supported, but
8374 		 * synchronous is supported, we can try consecutive == false
8375 		 * by returning this error.  Otherwise, return NFSERR_NOTSUPP,
8376 		 * since Copy cannot be done.
8377 		 */
8378 		if ((nd->nd_flag & ND_NOMOREDATA) == 0) {
8379 			NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8380 			if (!consecutive || *++tl == newnfs_false)
8381 				nd->nd_repstat = NFSERR_NOTSUPP;
8382 		} else
8383 			nd->nd_repstat = NFSERR_BADXDR;
8384 	}
8385 	if (error == 0)
8386 		error = nd->nd_repstat;
8387 nfsmout:
8388 	m_freem(nd->nd_mrep);
8389 	return (error);
8390 }
8391 
8392 /*
8393  * Seek operation.
8394  */
8395 int
nfsrpc_seek(vnode_t vp,off_t * offp,bool * eofp,int content,struct ucred * cred,struct nfsvattr * nap,int * attrflagp)8396 nfsrpc_seek(vnode_t vp, off_t *offp, bool *eofp, int content,
8397     struct ucred *cred, struct nfsvattr *nap, int *attrflagp)
8398 {
8399 	int error, expireret = 0, retrycnt;
8400 	u_int32_t clidrev = 0;
8401 	struct nfsmount *nmp = VFSTONFS(vp->v_mount);
8402 	struct nfsnode *np = VTONFS(vp);
8403 	struct nfsfh *nfhp = NULL;
8404 	nfsv4stateid_t stateid;
8405 	void *lckp;
8406 
8407 	if (nmp->nm_clp != NULL)
8408 		clidrev = nmp->nm_clp->nfsc_clientidrev;
8409 	nfhp = np->n_fhp;
8410 	retrycnt = 0;
8411 	do {
8412 		lckp = NULL;
8413 		nfscl_getstateid(vp, nfhp->nfh_fh, nfhp->nfh_len,
8414 		    NFSV4OPEN_ACCESSREAD, 0, cred, curthread, &stateid, &lckp);
8415 		error = nfsrpc_seekrpc(vp, offp, &stateid, eofp, content,
8416 		    nap, attrflagp, cred);
8417 		if (error == NFSERR_STALESTATEID)
8418 			nfscl_initiate_recovery(nmp->nm_clp);
8419 		if (lckp != NULL)
8420 			nfscl_lockderef(lckp);
8421 		if (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
8422 		    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
8423 		    error == NFSERR_OLDSTATEID || error == NFSERR_BADSESSION) {
8424 			(void) nfs_catnap(PZERO, error, "nfs_seek");
8425 		} else if ((error == NFSERR_EXPIRED ||
8426 		    error == NFSERR_BADSTATEID) && clidrev != 0) {
8427 			expireret = nfscl_hasexpired(nmp->nm_clp, clidrev,
8428 			    curthread);
8429 		}
8430 		retrycnt++;
8431 	} while (error == NFSERR_GRACE || error == NFSERR_STALESTATEID ||
8432 	    error == NFSERR_STALEDONTRECOVER || error == NFSERR_DELAY ||
8433 	    error == NFSERR_BADSESSION ||
8434 	    (error == NFSERR_OLDSTATEID && retrycnt < 20) ||
8435 	    ((error == NFSERR_EXPIRED || error == NFSERR_BADSTATEID) &&
8436 	     expireret == 0 && clidrev != 0 && retrycnt < 4) ||
8437 	    (error == NFSERR_OPENMODE && retrycnt < 4));
8438 	if (error && retrycnt >= 4)
8439 		error = EIO;
8440 	return (error);
8441 }
8442 
8443 /*
8444  * The seek RPC.
8445  */
8446 static int
nfsrpc_seekrpc(vnode_t vp,off_t * offp,nfsv4stateid_t * stateidp,bool * eofp,int content,struct nfsvattr * nap,int * attrflagp,struct ucred * cred)8447 nfsrpc_seekrpc(vnode_t vp, off_t *offp, nfsv4stateid_t *stateidp, bool *eofp,
8448     int content, struct nfsvattr *nap, int *attrflagp, struct ucred *cred)
8449 {
8450 	uint32_t *tl;
8451 	int error;
8452 	struct nfsrv_descript nfsd;
8453 	struct nfsrv_descript *nd = &nfsd;
8454 	nfsattrbit_t attrbits;
8455 
8456 	*attrflagp = 0;
8457 	NFSCL_REQSTART(nd, NFSPROC_SEEK, vp);
8458 	nfsm_stateidtom(nd, stateidp, NFSSTATEID_PUTSTATEID);
8459 	NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 * NFSX_UNSIGNED);
8460 	txdr_hyper(*offp, tl); tl += 2;
8461 	*tl++ = txdr_unsigned(content);
8462 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8463 	NFSGETATTR_ATTRBIT(&attrbits);
8464 	nfsrv_putattrbit(nd, &attrbits);
8465 	error = nfscl_request(nd, vp, curthread, cred, NULL);
8466 	if (error != 0)
8467 		return (error);
8468 	if (nd->nd_repstat == 0) {
8469 		NFSM_DISSECT(tl, uint32_t *, 3 * NFSX_UNSIGNED + NFSX_HYPER);
8470 		if (*tl++ == newnfs_true)
8471 			*eofp = true;
8472 		else
8473 			*eofp = false;
8474 		*offp = fxdr_hyper(tl);
8475 		/* Just skip over Getattr op status. */
8476 		error = nfsm_loadattr(nd, nap);
8477 		if (error == 0)
8478 			*attrflagp = 1;
8479 	}
8480 	error = nd->nd_repstat;
8481 nfsmout:
8482 	m_freem(nd->nd_mrep);
8483 	return (error);
8484 }
8485 
8486 /*
8487  * The getextattr RPC.
8488  */
8489 int
nfsrpc_getextattr(vnode_t vp,const char * name,struct uio * uiop,ssize_t * lenp,struct nfsvattr * nap,int * attrflagp,struct ucred * cred,NFSPROC_T * p)8490 nfsrpc_getextattr(vnode_t vp, const char *name, struct uio *uiop, ssize_t *lenp,
8491     struct nfsvattr *nap, int *attrflagp, struct ucred *cred, NFSPROC_T *p)
8492 {
8493 	uint32_t *tl;
8494 	int error;
8495 	struct nfsrv_descript nfsd;
8496 	struct nfsrv_descript *nd = &nfsd;
8497 	nfsattrbit_t attrbits;
8498 	uint32_t len, len2;
8499 
8500 	*attrflagp = 0;
8501 	NFSCL_REQSTART(nd, NFSPROC_GETEXTATTR, vp);
8502 	nfsm_strtom(nd, name, strlen(name));
8503 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8504 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8505 	NFSGETATTR_ATTRBIT(&attrbits);
8506 	nfsrv_putattrbit(nd, &attrbits);
8507 	error = nfscl_request(nd, vp, p, cred, NULL);
8508 	if (error != 0)
8509 		return (error);
8510 	if (nd->nd_repstat == 0) {
8511 		NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8512 		len = fxdr_unsigned(uint32_t, *tl);
8513 		/* Sanity check lengths. */
8514 		if (uiop != NULL && len > 0 && len <= IOSIZE_MAX &&
8515 		    uiop->uio_resid <= UINT32_MAX) {
8516 			len2 = uiop->uio_resid;
8517 			if (len2 >= len)
8518 				error = nfsm_mbufuio(nd, uiop, len);
8519 			else {
8520 				error = nfsm_mbufuio(nd, uiop, len2);
8521 				if (error == 0) {
8522 					/*
8523 					 * nfsm_mbufuio() advances to a multiple
8524 					 * of 4, so round up len2 as well.  Then
8525 					 * we need to advance over the rest of
8526 					 * the data, rounding up the remaining
8527 					 * length.
8528 					 */
8529 					len2 = NFSM_RNDUP(len2);
8530 					len2 = NFSM_RNDUP(len - len2);
8531 					if (len2 > 0)
8532 						error = nfsm_advance(nd, len2,
8533 						    -1);
8534 				}
8535 			}
8536 		} else if (uiop == NULL && len > 0) {
8537 			/* Just wants the length and not the data. */
8538 			error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
8539 		} else if (len > 0)
8540 			error = ENOATTR;
8541 		if (error != 0)
8542 			goto nfsmout;
8543 		*lenp = len;
8544 		/* Just skip over Getattr op status. */
8545 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8546 		error = nfsm_loadattr(nd, nap);
8547 		if (error == 0)
8548 			*attrflagp = 1;
8549 	}
8550 	if (error == 0)
8551 		error = nd->nd_repstat;
8552 nfsmout:
8553 	m_freem(nd->nd_mrep);
8554 	return (error);
8555 }
8556 
8557 /*
8558  * The setextattr RPC.
8559  */
8560 int
nfsrpc_setextattr(vnode_t vp,const char * name,struct uio * uiop,struct nfsvattr * nap,int * attrflagp,struct ucred * cred,NFSPROC_T * p)8561 nfsrpc_setextattr(vnode_t vp, const char *name, struct uio *uiop,
8562     struct nfsvattr *nap, int *attrflagp, struct ucred *cred, NFSPROC_T *p)
8563 {
8564 	uint32_t *tl;
8565 	int error;
8566 	struct nfsrv_descript nfsd;
8567 	struct nfsrv_descript *nd = &nfsd;
8568 	nfsattrbit_t attrbits;
8569 
8570 	*attrflagp = 0;
8571 	NFSCL_REQSTART(nd, NFSPROC_SETEXTATTR, vp);
8572 	if (uiop->uio_resid > nd->nd_maxreq) {
8573 		/* nd_maxreq is set by NFSCL_REQSTART(). */
8574 		m_freem(nd->nd_mreq);
8575 		return (EINVAL);
8576 	}
8577 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8578 	*tl = txdr_unsigned(NFSV4SXATTR_EITHER);
8579 	nfsm_strtom(nd, name, strlen(name));
8580 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8581 	*tl = txdr_unsigned(uiop->uio_resid);
8582 	nfsm_uiombuf(nd, uiop, uiop->uio_resid);
8583 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8584 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8585 	NFSGETATTR_ATTRBIT(&attrbits);
8586 	nfsrv_putattrbit(nd, &attrbits);
8587 	error = nfscl_request(nd, vp, p, cred, NULL);
8588 	if (error != 0)
8589 		return (error);
8590 	if (nd->nd_repstat == 0) {
8591 		/* Just skip over the reply and Getattr op status. */
8592 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_HYPER + 3 *
8593 		    NFSX_UNSIGNED);
8594 		error = nfsm_loadattr(nd, nap);
8595 		if (error == 0)
8596 			*attrflagp = 1;
8597 	}
8598 	if (error == 0)
8599 		error = nd->nd_repstat;
8600 nfsmout:
8601 	m_freem(nd->nd_mrep);
8602 	return (error);
8603 }
8604 
8605 /*
8606  * The removeextattr RPC.
8607  */
8608 int
nfsrpc_rmextattr(vnode_t vp,const char * name,struct nfsvattr * nap,int * attrflagp,struct ucred * cred,NFSPROC_T * p)8609 nfsrpc_rmextattr(vnode_t vp, const char *name, struct nfsvattr *nap,
8610     int *attrflagp, struct ucred *cred, NFSPROC_T *p)
8611 {
8612 	uint32_t *tl;
8613 	int error;
8614 	struct nfsrv_descript nfsd;
8615 	struct nfsrv_descript *nd = &nfsd;
8616 	nfsattrbit_t attrbits;
8617 
8618 	*attrflagp = 0;
8619 	NFSCL_REQSTART(nd, NFSPROC_RMEXTATTR, vp);
8620 	nfsm_strtom(nd, name, strlen(name));
8621 	NFSM_BUILD(tl, uint32_t *, NFSX_UNSIGNED);
8622 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8623 	NFSGETATTR_ATTRBIT(&attrbits);
8624 	nfsrv_putattrbit(nd, &attrbits);
8625 	error = nfscl_request(nd, vp, p, cred, NULL);
8626 	if (error != 0)
8627 		return (error);
8628 	if (nd->nd_repstat == 0) {
8629 		/* Just skip over the reply and Getattr op status. */
8630 		NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_HYPER + 3 *
8631 		    NFSX_UNSIGNED);
8632 		error = nfsm_loadattr(nd, nap);
8633 		if (error == 0)
8634 			*attrflagp = 1;
8635 	}
8636 	if (error == 0)
8637 		error = nd->nd_repstat;
8638 nfsmout:
8639 	m_freem(nd->nd_mrep);
8640 	return (error);
8641 }
8642 
8643 /*
8644  * The listextattr RPC.
8645  */
8646 int
nfsrpc_listextattr(vnode_t vp,uint64_t * cookiep,struct uio * uiop,size_t * lenp,bool * eofp,struct nfsvattr * nap,int * attrflagp,struct ucred * cred,NFSPROC_T * p)8647 nfsrpc_listextattr(vnode_t vp, uint64_t *cookiep, struct uio *uiop,
8648     size_t *lenp, bool *eofp, struct nfsvattr *nap, int *attrflagp,
8649     struct ucred *cred, NFSPROC_T *p)
8650 {
8651 	uint32_t *tl;
8652 	int cnt, error, i, len;
8653 	struct nfsrv_descript nfsd;
8654 	struct nfsrv_descript *nd = &nfsd;
8655 	nfsattrbit_t attrbits;
8656 	u_char c;
8657 
8658 	*attrflagp = 0;
8659 	NFSCL_REQSTART(nd, NFSPROC_LISTEXTATTR, vp);
8660 	NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 * NFSX_UNSIGNED);
8661 	txdr_hyper(*cookiep, tl); tl += 2;
8662 	*tl++ = txdr_unsigned(*lenp);
8663 	*tl = txdr_unsigned(NFSV4OP_GETATTR);
8664 	NFSGETATTR_ATTRBIT(&attrbits);
8665 	nfsrv_putattrbit(nd, &attrbits);
8666 	error = nfscl_request(nd, vp, p, cred, NULL);
8667 	if (error != 0)
8668 		return (error);
8669 	*eofp = true;
8670 	*lenp = 0;
8671 	if (nd->nd_repstat == 0) {
8672 		NFSM_DISSECT(tl, uint32_t *, NFSX_HYPER + NFSX_UNSIGNED);
8673 		*cookiep = fxdr_hyper(tl); tl += 2;
8674 		cnt = fxdr_unsigned(int, *tl);
8675 		if (cnt < 0) {
8676 			error = EBADRPC;
8677 			goto nfsmout;
8678 		}
8679 		for (i = 0; i < cnt; i++) {
8680 			NFSM_DISSECT(tl, uint32_t *, NFSX_UNSIGNED);
8681 			len = fxdr_unsigned(int, *tl);
8682 			if (len <= 0 || len > EXTATTR_MAXNAMELEN) {
8683 				error = EBADRPC;
8684 				goto nfsmout;
8685 			}
8686 			if (uiop == NULL)
8687 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
8688 			else if (uiop->uio_resid >= len + 1) {
8689 				c = len;
8690 				error = uiomove(&c, sizeof(c), uiop);
8691 				if (error == 0)
8692 					error = nfsm_mbufuio(nd, uiop, len);
8693 			} else {
8694 				error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
8695 				*eofp = false;
8696 			}
8697 			if (error != 0)
8698 				goto nfsmout;
8699 			*lenp += (len + 1);
8700 		}
8701 		/* Get the eof and skip over the Getattr op status. */
8702 		NFSM_DISSECT(tl, uint32_t *, 3 * NFSX_UNSIGNED);
8703 		/*
8704 		 * *eofp is set false above, because it wasn't able to copy
8705 		 * all of the reply.
8706 		 */
8707 		if (*eofp && *tl == 0)
8708 			*eofp = false;
8709 		error = nfsm_loadattr(nd, nap);
8710 		if (error == 0)
8711 			*attrflagp = 1;
8712 	}
8713 	if (error == 0)
8714 		error = nd->nd_repstat;
8715 nfsmout:
8716 	m_freem(nd->nd_mrep);
8717 	return (error);
8718 }
8719 
8720 /*
8721  * Split an mbuf list.  For non-M_EXTPG mbufs, just use m_split().
8722  */
8723 static struct mbuf *
nfsm_split(struct mbuf * mp,uint64_t xfer)8724 nfsm_split(struct mbuf *mp, uint64_t xfer)
8725 {
8726 	struct mbuf *m, *m2;
8727 	vm_page_t pg;
8728 	int i, j, left, pgno, plen, trim;
8729 	char *cp, *cp2;
8730 
8731 	if ((mp->m_flags & M_EXTPG) == 0) {
8732 		m = m_split(mp, xfer, M_WAITOK);
8733 		return (m);
8734 	}
8735 
8736 	/* Find the correct mbuf to split at. */
8737 	for (m = mp; m != NULL && xfer > m->m_len; m = m->m_next)
8738 		xfer -= m->m_len;
8739 	if (m == NULL)
8740 		return (NULL);
8741 
8742 	/* If xfer == m->m_len, we can just split the mbuf list. */
8743 	if (xfer == m->m_len) {
8744 		m2 = m->m_next;
8745 		m->m_next = NULL;
8746 		return (m2);
8747 	}
8748 
8749 	/* Find the page to split at. */
8750 	pgno = 0;
8751 	left = xfer;
8752 	do {
8753 		if (pgno == 0)
8754 			plen = m_epg_pagelen(m, 0, m->m_epg_1st_off);
8755 		else
8756 			plen = m_epg_pagelen(m, pgno, 0);
8757 		if (left <= plen)
8758 			break;
8759 		left -= plen;
8760 		pgno++;
8761 	} while (pgno < m->m_epg_npgs);
8762 	if (pgno == m->m_epg_npgs)
8763 		panic("nfsm_split: eroneous ext_pgs mbuf");
8764 
8765 	m2 = mb_alloc_ext_pgs(M_WAITOK, mb_free_mext_pgs);
8766 	m2->m_epg_flags |= EPG_FLAG_ANON;
8767 
8768 	/*
8769 	 * If left < plen, allocate a new page for the new mbuf
8770 	 * and copy the data after left in the page to this new
8771 	 * page.
8772 	 */
8773 	if (left < plen) {
8774 		pg = vm_page_alloc_noobj(VM_ALLOC_WAITOK | VM_ALLOC_NODUMP |
8775 		    VM_ALLOC_WIRED);
8776 		m2->m_epg_pa[0] = VM_PAGE_TO_PHYS(pg);
8777 		m2->m_epg_npgs = 1;
8778 
8779 		/* Copy the data after left to the new page. */
8780 		trim = plen - left;
8781 		cp = (char *)(void *)PHYS_TO_DMAP(m->m_epg_pa[pgno]);
8782 		if (pgno == 0)
8783 			cp += m->m_epg_1st_off;
8784 		cp += left;
8785 		cp2 = (char *)(void *)PHYS_TO_DMAP(m2->m_epg_pa[0]);
8786 		if (pgno == m->m_epg_npgs - 1)
8787 			m2->m_epg_last_len = trim;
8788 		else {
8789 			cp2 += PAGE_SIZE - trim;
8790 			m2->m_epg_1st_off = PAGE_SIZE - trim;
8791 			m2->m_epg_last_len = m->m_epg_last_len;
8792 		}
8793 		memcpy(cp2, cp, trim);
8794 		m2->m_len = trim;
8795 	} else {
8796 		m2->m_len = 0;
8797 		m2->m_epg_last_len = m->m_epg_last_len;
8798 	}
8799 
8800 	/* Move the pages beyond pgno to the new mbuf. */
8801 	for (i = pgno + 1, j = m2->m_epg_npgs; i < m->m_epg_npgs; i++, j++) {
8802 		m2->m_epg_pa[j] = m->m_epg_pa[i];
8803 		/* Never moves page 0. */
8804 		m2->m_len += m_epg_pagelen(m, i, 0);
8805 	}
8806 	m2->m_epg_npgs = j;
8807 	m->m_epg_npgs = pgno + 1;
8808 	m->m_epg_last_len = left;
8809 	m->m_len = xfer;
8810 
8811 	m2->m_next = m->m_next;
8812 	m->m_next = NULL;
8813 	return (m2);
8814 }
8815 
8816 /*
8817  * Do the NFSv4.1 Bind Connection to Session.
8818  * Called from the reconnect layer of the krpc (sys/rpc/clnt_rc.c).
8819  */
8820 void
nfsrpc_bindconnsess(CLIENT * cl,void * arg,struct ucred * cr)8821 nfsrpc_bindconnsess(CLIENT *cl, void *arg, struct ucred *cr)
8822 {
8823 	struct nfscl_reconarg *rcp = (struct nfscl_reconarg *)arg;
8824 	uint32_t res, *tl;
8825 	struct nfsrv_descript nfsd;
8826 	struct nfsrv_descript *nd = &nfsd;
8827 	struct rpc_callextra ext;
8828 	struct timeval utimeout;
8829 	enum clnt_stat stat;
8830 	int error;
8831 
8832 	nfscl_reqstart(nd, NFSPROC_BINDCONNTOSESS, NULL, NULL, 0, NULL, NULL,
8833 	    NFS_VER4, rcp->minorvers);
8834 	NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID + 2 * NFSX_UNSIGNED);
8835 	memcpy(tl, rcp->sessionid, NFSX_V4SESSIONID);
8836 	tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
8837 	*tl++ = txdr_unsigned(NFSCDFC4_FORE_OR_BOTH);
8838 	*tl = newnfs_false;
8839 
8840 	memset(&ext, 0, sizeof(ext));
8841 	utimeout.tv_sec = 30;
8842 	utimeout.tv_usec = 0;
8843 	ext.rc_auth = authunix_create(cr);
8844 	nd->nd_mrep = NULL;
8845 	stat = CLNT_CALL_MBUF(cl, &ext, NFSV4PROC_COMPOUND, nd->nd_mreq,
8846 	    &nd->nd_mrep, utimeout);
8847 	AUTH_DESTROY(ext.rc_auth);
8848 	if (stat != RPC_SUCCESS) {
8849 		printf("nfsrpc_bindconnsess: call failed stat=%d\n", stat);
8850 		return;
8851 	}
8852 	if (nd->nd_mrep == NULL) {
8853 		printf("nfsrpc_bindconnsess: no reply args\n");
8854 		return;
8855 	}
8856 	error = 0;
8857 	newnfs_realign(&nd->nd_mrep, M_WAITOK);
8858 	nd->nd_md = nd->nd_mrep;
8859 	nd->nd_dpos = mtod(nd->nd_md, char *);
8860 	NFSM_DISSECT(tl, uint32_t *, 2 * NFSX_UNSIGNED);
8861 	nd->nd_repstat = fxdr_unsigned(uint32_t, *tl++);
8862 	if (nd->nd_repstat == NFSERR_OK) {
8863 		res = fxdr_unsigned(uint32_t, *tl);
8864 		if (res > 0 && (error = nfsm_advance(nd, NFSM_RNDUP(res),
8865 		    -1)) != 0)
8866 			goto nfsmout;
8867 		NFSM_DISSECT(tl, uint32_t *, NFSX_V4SESSIONID +
8868 		    4 * NFSX_UNSIGNED);
8869 		tl += 3;
8870 		if (!NFSBCMP(tl, rcp->sessionid, NFSX_V4SESSIONID)) {
8871 			tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
8872 			res = fxdr_unsigned(uint32_t, *tl);
8873 			if (res != NFSCDFS4_BOTH)
8874 				printf("nfsrpc_bindconnsess: did not "
8875 				    "return FS4_BOTH\n");
8876 		} else
8877 			printf("nfsrpc_bindconnsess: not same "
8878 			    "sessionid\n");
8879 	} else if (nd->nd_repstat != NFSERR_BADSESSION)
8880 		printf("nfsrpc_bindconnsess: returned %d\n", nd->nd_repstat);
8881 nfsmout:
8882 	if (error != 0)
8883 		printf("nfsrpc_bindconnsess: reply bad xdr\n");
8884 	m_freem(nd->nd_mrep);
8885 }
8886