Old nfs3_vnops.c
  1 /*
  2  * CDDL HEADER START
  3  *
  4  * The contents of this file are subject to the terms of the
  5  * Common Development and Distribution License, Version 1.0 only
  6  * (the "License").  You may not use this file except in compliance
  7  * with the License.
  8  *
  9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 10  * or http://www.opensolaris.org/os/licensing.
 11  * See the License for the specific language governing permissions
 12  * and limitations under the License.
 13  *
 14  * When distributing Covered Code, include this CDDL HEADER in each
 15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 16  * If applicable, add the following below this CDDL HEADER, with the
 17  * fields enclosed by brackets "[]" replaced with your own identifying
 18  * information: Portions Copyright [yyyy] [name of copyright owner]
 19  *
 20  * CDDL HEADER END
 21  */
 22 /*
 23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
 24  * Use is subject to license terms.
 25  */
 26 
 27 /*
 28  *      Copyright (c) 1983,1984,1985,1986,1987,1988,1989 AT&T.
 29  *      All rights reserved.
 30  */
 31 
 32 #pragma ident   "@(#)nfs3_vnops.c       1.272   05/10/11 SMI"
 33 
 34 #include <sys/param.h>
 35 #include <sys/types.h>
 36 #include <sys/systm.h>
 37 #include <sys/cred.h>
 38 #include <sys/time.h>
 39 #include <sys/vnode.h>
 40 #include <sys/vfs.h>
 41 #include <sys/file.h>
 42 #include <sys/filio.h>
 43 #include <sys/uio.h>
 44 #include <sys/buf.h>
 45 #include <sys/mman.h>
 46 #include <sys/pathname.h>
 47 #include <sys/dirent.h>
 48 #include <sys/debug.h>
 49 #include <sys/vmsystm.h>
 50 #include <sys/fcntl.h>
 51 #include <sys/flock.h>
 52 #include <sys/swap.h>
 53 #include <sys/errno.h>
 54 #include <sys/strsubr.h>
 55 #include <sys/sysmacros.h>
 56 #include <sys/kmem.h>
 57 #include <sys/cmn_err.h>
 58 #include <sys/pathconf.h>
 59 #include <sys/utsname.h>
 60 #include <sys/dnlc.h>
 61 #include <sys/acl.h>
 62 #include <sys/systeminfo.h>
 63 #include <sys/atomic.h>
 64 #include <sys/policy.h>
 65 #include <sys/sdt.h>
 66 
 67 #include <rpc/types.h>
 68 #include <rpc/auth.h>
 69 #include <rpc/clnt.h>
 70 
 71 #include <nfs/nfs.h>
 72 #include <nfs/nfs_clnt.h>
 73 #include <nfs/rnode.h>
 74 #include <nfs/nfs_acl.h>
 75 #include <nfs/lm.h>
 76 
 77 #include <vm/hat.h>
 78 #include <vm/as.h>
 79 #include <vm/page.h>
 80 #include <vm/pvn.h>
 81 #include <vm/seg.h>
 82 #include <vm/seg_map.h>
 83 #include <vm/seg_kpm.h>
 84 #include <vm/seg_vn.h>
 85 
 86 #include <fs/fs_subr.h>
 87 
 88 #include <sys/ddi.h>
 89 
 90 static int      nfs3_rdwrlbn(vnode_t *, page_t *, u_offset_t, size_t, int,
 91                         cred_t *);
 92 static int      nfs3write(vnode_t *, caddr_t, u_offset_t, int, cred_t *,
 93                         stable_how *);
 94 static int      nfs3read(vnode_t *, caddr_t, offset_t, int, size_t *, cred_t *);
 95 static int      nfs3setattr(vnode_t *, struct vattr *, int, cred_t *);
 96 static int      nfs3_accessx(void *, int, cred_t *);
 97 static int      nfs3lookup_dnlc(vnode_t *, char *, vnode_t **, cred_t *);
 98 static int      nfs3lookup_otw(vnode_t *, char *, vnode_t **, cred_t *, int);
 99 static int      nfs3create(vnode_t *, char *, struct vattr *, enum vcexcl,
100                         int, vnode_t **, cred_t *, int);
101 static int      nfs3excl_create_settimes(vnode_t *, struct vattr *, cred_t *);
102 static int      nfs3mknod(vnode_t *, char *, struct vattr *, enum vcexcl,
103                         int, vnode_t **, cred_t *);
104 static int      nfs3rename(vnode_t *, char *, vnode_t *, char *, cred_t *);
105 static int      do_nfs3readdir(vnode_t *, rddir_cache *, cred_t *);
106 static void     nfs3readdir(vnode_t *, rddir_cache *, cred_t *);
107 static void     nfs3readdirplus(vnode_t *, rddir_cache *, cred_t *);
108 static int      nfs3_bio(struct buf *, stable_how *, cred_t *);
109 static int      nfs3_getapage(vnode_t *, u_offset_t, size_t, uint_t *,
110                         page_t *[], size_t, struct seg *, caddr_t,
111                         enum seg_rw, cred_t *);
112 static void     nfs3_readahead(vnode_t *, u_offset_t, caddr_t, struct seg *,
113                         cred_t *);
114 static int      nfs3_sync_putapage(vnode_t *, page_t *, u_offset_t, size_t,
115                         int, cred_t *);
116 static int      nfs3_sync_pageio(vnode_t *, page_t *, u_offset_t, size_t,
117                         int, cred_t *);
118 static int      nfs3_commit(vnode_t *, offset3, count3, cred_t *);
119 static void     nfs3_set_mod(vnode_t *);
120 static void     nfs3_get_commit(vnode_t *);
121 static void     nfs3_get_commit_range(vnode_t *, u_offset_t, size_t);
122 #if 0 /* unused */
123 #ifdef DEBUG
124 static int      nfs3_no_uncommitted_pages(vnode_t *);
125 #endif
126 #endif /* unused */
127 static int      nfs3_putpage_commit(vnode_t *, offset_t, size_t, cred_t *);
128 static int      nfs3_commit_vp(vnode_t *, u_offset_t, size_t,  cred_t *);
129 static int      nfs3_sync_commit(vnode_t *, page_t *, offset3, count3,
130                         cred_t *);
131 static void     nfs3_async_commit(vnode_t *, page_t *, offset3, count3,
132                         cred_t *);
133 static void     nfs3_delmap_callback(struct as *, void *, uint_t);
134 
135 /*
136  * Error flags used to pass information about certain special errors
137  * which need to be handled specially.
138  */
139 #define NFS_EOF                 -98
140 #define NFS_VERF_MISMATCH       -97
141 
142 /* ALIGN64 aligns the given buffer and adjust buffer size to 64 bit */
143 #define ALIGN64(x, ptr, sz)                                             \
144         x = ((uintptr_t)(ptr)) & (sizeof (uint64_t) - 1);           \
145         if (x) {                                                        \
146                 x = sizeof (uint64_t) - (x);                            \
147                 sz -= (x);                                              \
148                 ptr += (x);                                             \
149         }
150 
151 /*
152  * These are the vnode ops routines which implement the vnode interface to
153  * the networked file system.  These routines just take their parameters,
154  * make them look networkish by putting the right info into interface structs,
155  * and then calling the appropriate remote routine(s) to do the work.
156  *
157  * Note on directory name lookup cacheing:  If we detect a stale fhandle,
158  * we purge the directory cache relative to that vnode.  This way, the
159  * user won't get burned by the cache repeatedly.  See <nfs/rnode.h> for
160  * more details on rnode locking.
161  */
162 
163 static int      nfs3_open(vnode_t **, int, cred_t *);
164 static int      nfs3_close(vnode_t *, int, int, offset_t, cred_t *);
165 static int      nfs3_read(vnode_t *, struct uio *, int, cred_t *,
166                         caller_context_t *);
167 static int      nfs3_write(vnode_t *, struct uio *, int, cred_t *,
168                         caller_context_t *);
169 static int      nfs3_ioctl(vnode_t *, int, intptr_t, int, cred_t *, int *);
170 static int      nfs3_getattr(vnode_t *, struct vattr *, int, cred_t *);
171 static int      nfs3_setattr(vnode_t *, struct vattr *, int, cred_t *,
172                         caller_context_t *);
173 static int      nfs3_access(vnode_t *, int, int, cred_t *);
174 static int      nfs3_readlink(vnode_t *, struct uio *, cred_t *);
175 static int      nfs3_fsync(vnode_t *, int, cred_t *);
176 static void     nfs3_inactive(vnode_t *, cred_t *);
177 static int      nfs3_lookup(vnode_t *, char *, vnode_t **,
178                         struct pathname *, int, vnode_t *, cred_t *);
179 static int      nfs3_create(vnode_t *, char *, struct vattr *, enum vcexcl,
180                         int, vnode_t **, cred_t *, int);
181 static int      nfs3_remove(vnode_t *, char *, cred_t *);
182 static int      nfs3_link(vnode_t *, vnode_t *, char *, cred_t *);
183 static int      nfs3_rename(vnode_t *, char *, vnode_t *, char *, cred_t *);
184 static int      nfs3_mkdir(vnode_t *, char *, struct vattr *,
185                         vnode_t **, cred_t *);
186 static int      nfs3_rmdir(vnode_t *, char *, vnode_t *, cred_t *);
187 static int      nfs3_symlink(vnode_t *, char *, struct vattr *, char *,
188                         cred_t *);
189 static int      nfs3_readdir(vnode_t *, struct uio *, cred_t *, int *);
190 static int      nfs3_fid(vnode_t *, fid_t *);
191 static int      nfs3_rwlock(vnode_t *, int, caller_context_t *);
192 static void     nfs3_rwunlock(vnode_t *, int, caller_context_t *);
193 static int      nfs3_seek(vnode_t *, offset_t, offset_t *);
194 static int      nfs3_getpage(vnode_t *, offset_t, size_t, uint_t *,
195                         page_t *[], size_t, struct seg *, caddr_t,
196                         enum seg_rw, cred_t *);
197 static int      nfs3_putpage(vnode_t *, offset_t, size_t, int, cred_t *);
198 static int      nfs3_map(vnode_t *, offset_t, struct as *, caddr_t *,
199                         size_t, uchar_t, uchar_t, uint_t, cred_t *);
200 static int      nfs3_addmap(vnode_t *, offset_t, struct as *, caddr_t,
201                         size_t, uchar_t, uchar_t, uint_t, cred_t *);
202 static int      nfs3_frlock(vnode_t *, int, struct flock64 *, int, offset_t,
203                         struct flk_callback *, cred_t *);
204 static int      nfs3_space(vnode_t *, int, struct flock64 *, int, offset_t,
205                         cred_t *, caller_context_t *);
206 static int      nfs3_realvp(vnode_t *, vnode_t **);
207 static int      nfs3_delmap(vnode_t *, offset_t, struct as *, caddr_t,
208                         size_t, uint_t, uint_t, uint_t, cred_t *);
209 static int      nfs3_pathconf(vnode_t *, int, ulong_t *, cred_t *);
210 static int      nfs3_pageio(vnode_t *, page_t *, u_offset_t, size_t, int,
211                         cred_t *);
212 static void     nfs3_dispose(vnode_t *, page_t *, int, int, cred_t *);
213 static int      nfs3_setsecattr(vnode_t *, vsecattr_t *, int, cred_t *);
214 static int      nfs3_getsecattr(vnode_t *, vsecattr_t *, int, cred_t *);
215 static int      nfs3_shrlock(vnode_t *, int, struct shrlock *, int, cred_t *);
216 
217 struct vnodeops *nfs3_vnodeops;
218 
219 const fs_operation_def_t nfs3_vnodeops_template[] = {
220         VOPNAME_OPEN, nfs3_open,
221         VOPNAME_CLOSE, nfs3_close,
222         VOPNAME_READ, nfs3_read,
223         VOPNAME_WRITE, nfs3_write,
224         VOPNAME_IOCTL, nfs3_ioctl,
225         VOPNAME_GETATTR, nfs3_getattr,
226         VOPNAME_SETATTR, nfs3_setattr,
227         VOPNAME_ACCESS, nfs3_access,
228         VOPNAME_LOOKUP, nfs3_lookup,
229         VOPNAME_CREATE, nfs3_create,
230         VOPNAME_REMOVE, nfs3_remove,
231         VOPNAME_LINK, nfs3_link,
232         VOPNAME_RENAME, nfs3_rename,
233         VOPNAME_MKDIR, nfs3_mkdir,
234         VOPNAME_RMDIR, nfs3_rmdir,
235         VOPNAME_READDIR, nfs3_readdir,
236         VOPNAME_SYMLINK, nfs3_symlink,
237         VOPNAME_READLINK, nfs3_readlink,
238         VOPNAME_FSYNC, nfs3_fsync,
239         VOPNAME_INACTIVE, (fs_generic_func_p) nfs3_inactive,
240         VOPNAME_FID, nfs3_fid,
241         VOPNAME_RWLOCK, nfs3_rwlock,
242         VOPNAME_RWUNLOCK, (fs_generic_func_p) nfs3_rwunlock,
243         VOPNAME_SEEK, nfs3_seek,
244         VOPNAME_FRLOCK, nfs3_frlock,
245         VOPNAME_SPACE, nfs3_space,
246         VOPNAME_REALVP, nfs3_realvp,
247         VOPNAME_GETPAGE, nfs3_getpage,
248         VOPNAME_PUTPAGE, nfs3_putpage,
249         VOPNAME_MAP, (fs_generic_func_p) nfs3_map,
250         VOPNAME_ADDMAP, (fs_generic_func_p) nfs3_addmap,
251         VOPNAME_DELMAP, nfs3_delmap,
252         VOPNAME_DUMP, nfs_dump,         /* there is no separate nfs3_dump */
253         VOPNAME_PATHCONF, nfs3_pathconf,
254         VOPNAME_PAGEIO, nfs3_pageio,
255         VOPNAME_DISPOSE, (fs_generic_func_p) nfs3_dispose,
256         VOPNAME_SETSECATTR, nfs3_setsecattr,
257         VOPNAME_GETSECATTR, nfs3_getsecattr,
258         VOPNAME_SHRLOCK, nfs3_shrlock,
259         NULL, NULL
260 };
261 
262 /*
263  * XXX:  This is referenced in modstubs.s
264  */
265 struct vnodeops *
266 nfs3_getvnodeops(void)
267 {
268         return (nfs3_vnodeops);
269 }
270 
271 /* ARGSUSED */
272 static int
273 nfs3_open(vnode_t **vpp, int flag, cred_t *cr)
274 {
275         int error;
276         struct vattr va;
277         rnode_t *rp;
278         vnode_t *vp;
279 
280         vp = *vpp;
281         if (nfs_zone() != VTOMI(vp)->mi_zone)
282                 return (EIO);
283         rp = VTOR(vp);
284         mutex_enter(&rp->r_statelock);
285         if (rp->r_cred == NULL) {
286                 crhold(cr);
287                 rp->r_cred = cr;
288         }
289         mutex_exit(&rp->r_statelock);
290 
291         /*
292          * If there is no cached data or if close-to-open
293          * consistency checking is turned off, we can avoid
294          * the over the wire getattr.  Otherwise, if the
295          * file system is mounted readonly, then just verify
296          * the caches are up to date using the normal mechanism.
297          * Else, if the file is not mmap'd, then just mark
298          * the attributes as timed out.  They will be refreshed
299          * and the caches validated prior to being used.
300          * Else, the file system is mounted writeable so
301          * force an over the wire GETATTR in order to ensure
302          * that all cached data is valid.
303          */
304         if (vp->v_count > 1 ||
305             ((vn_has_cached_data(vp) || HAVE_RDDIR_CACHE(rp)) &&
306             !(VTOMI(vp)->mi_flags & MI_NOCTO))) {
307                 if (vn_is_readonly(vp))
308                         error = nfs3_validate_caches(vp, cr);
309                 else if (rp->r_mapcnt == 0 && vp->v_count == 1) {
310                         PURGE_ATTRCACHE(vp);
311                         error = 0;
312                 } else {
313                         va.va_mask = AT_ALL;
314                         error = nfs3_getattr_otw(vp, &va, cr);
315                 }
316         } else
317                 error = 0;
318 
319         return (error);
320 }
321 
322 static int
323 nfs3_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr)
324 {
325         rnode_t *rp;
326         int error;
327         struct vattr va;
328 
329         /*
330          * zone_enter(2) prevents processes from changing zones with NFS files
331          * open; if we happen to get here from the wrong zone we can't do
332          * anything over the wire.
333          */
334         if (VTOMI(vp)->mi_zone != nfs_zone()) {
335                 /*
336                  * We could attempt to clean up locks, except we're sure
337                  * that the current process didn't acquire any locks on
338                  * the file: any attempt to lock a file belong to another zone
339                  * will fail, and one can't lock an NFS file and then change
340                  * zones, as that fails too.
341                  *
342                  * Returning an error here is the sane thing to do.  A
343                  * subsequent call to VN_RELE() which translates to a
344                  * nfs3_inactive() will clean up state: if the zone of the
345                  * vnode's origin is still alive and kicking, an async worker
346                  * thread will handle the request (from the correct zone), and
347                  * everything (minus the commit and final nfs3_getattr_otw()
348                  * call) should be OK. If the zone is going away
349                  * nfs_async_inactive() will throw away cached pages inline.
350                  */
351                 return (EIO);
352         }
353 
354         /*
355          * If we are using local locking for this filesystem, then
356          * release all of the SYSV style record locks.  Otherwise,
357          * we are doing network locking and we need to release all
358          * of the network locks.  All of the locks held by this
359          * process on this file are released no matter what the
360          * incoming reference count is.
361          */
362         if (VTOMI(vp)->mi_flags & MI_LLOCK) {
363                 cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
364                 cleanshares(vp, ttoproc(curthread)->p_pid);
365         } else
366                 nfs_lockrelease(vp, flag, offset, cr);
367 
368         if (count > 1)
369                 return (0);
370 
371         /*
372          * If the file has been `unlinked', then purge the
373          * DNLC so that this vnode will get reycled quicker
374          * and the .nfs* file on the server will get removed.
375          */
376         rp = VTOR(vp);
377         if (rp->r_unldvp != NULL)
378                 dnlc_purge_vp(vp);
379 
380         /*
381          * If the file was open for write and there are pages,
382          * then if the file system was mounted using the "no-close-
383          *      to-open" semantics, then start an asynchronous flush
384          *      of the all of the pages in the file.
385          * else the file system was not mounted using the "no-close-
386          *      to-open" semantics, then do a synchronous flush and
387          *      commit of all of the dirty and uncommitted pages.
388          *
389          * The asynchronous flush of the pages in the "nocto" path
390          * mostly just associates a cred pointer with the rnode so
391          * writes which happen later will have a better chance of
392          * working.  It also starts the data being written to the
393          * server, but without unnecessarily delaying the application.
394          */
395         if ((flag & FWRITE) && vn_has_cached_data(vp)) {
396                 if (VTOMI(vp)->mi_flags & MI_NOCTO) {
397                         error = nfs3_putpage(vp, (offset_t)0, 0, B_ASYNC, cr);
398                         if (error == EAGAIN)
399                                 error = 0;
400                 } else
401                         error = nfs3_putpage_commit(vp, (offset_t)0, 0, cr);
402                 if (!error) {
403                         mutex_enter(&rp->r_statelock);
404                         error = rp->r_error;
405                         rp->r_error = 0;
406                         mutex_exit(&rp->r_statelock);
407                 }
408         } else {
409                 mutex_enter(&rp->r_statelock);
410                 error = rp->r_error;
411                 rp->r_error = 0;
412                 mutex_exit(&rp->r_statelock);
413         }
414 
415         /*
416          * If RWRITEATTR is set, then issue an over the wire GETATTR to
417          * refresh the attribute cache with a set of attributes which
418          * weren't returned from a WRITE.  This will enable the close-
419          * to-open processing to work.
420          */
421         if (rp->r_flags & RWRITEATTR)
422                 (void) nfs3_getattr_otw(vp, &va, cr);
423 
424         return (error);
425 }
426 
427 /* ARGSUSED */
428 static int
429 nfs3_directio_read(vnode_t *vp, struct uio *uiop, cred_t *cr)
430 {
431         mntinfo_t *mi;
432         READ3args args;
433         READ3uiores res;
434         int tsize;
435         offset_t offset;
436         ssize_t count;
437         int error;
438         int douprintf;
439         failinfo_t fi;
440         char *sv_hostname;
441 
442         mi = VTOMI(vp);
443         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
444         sv_hostname = VTOR(vp)->r_server->sv_hostname;
445 
446         douprintf = 1;
447         args.file = *VTOFH3(vp);
448         fi.vp = vp;
449         fi.fhp = (caddr_t)&args.file;
450         fi.copyproc = nfs3copyfh;
451         fi.lookupproc = nfs3lookup;
452         fi.xattrdirproc = acl_getxattrdir3;
453 
454         res.uiop = uiop;
455 
456         offset = uiop->uio_loffset;
457         count = uiop->uio_resid;
458 
459         do {
460                 if (mi->mi_io_kstats) {
461                         mutex_enter(&mi->mi_lock);
462                         kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
463                         mutex_exit(&mi->mi_lock);
464                 }
465 
466                 do {
467                         tsize = MIN(mi->mi_tsize, count);
468                         args.offset = (offset3)offset;
469                         args.count = (count3)tsize;
470                         res.size = (uint_t)tsize;
471                         error = rfs3call(mi, NFSPROC3_READ,
472                                     xdr_READ3args, (caddr_t)&args,
473                                     xdr_READ3uiores, (caddr_t)&res, cr,
474                                     &douprintf, &res.status, 0, &fi);
475                 } while (error == ENFS_TRYAGAIN);
476 
477                 if (mi->mi_io_kstats) {
478                         mutex_enter(&mi->mi_lock);
479                         kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
480                         mutex_exit(&mi->mi_lock);
481                 }
482 
483                 if (error)
484                         return (error);
485 
486                 error = geterrno3(res.status);
487                 if (error)
488                         return (error);
489 
490                 if (res.count != res.size) {
491                         zcmn_err(getzoneid(), CE_WARN,
492 "nfs3_directio_read: server %s returned incorrect amount",
493                                         sv_hostname);
494                         return (EIO);
495                 }
496                 count -= res.count;
497                 offset += res.count;
498                 if (mi->mi_io_kstats) {
499                         mutex_enter(&mi->mi_lock);
500                         KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
501                         KSTAT_IO_PTR(mi->mi_io_kstats)->nread += res.count;
502                         mutex_exit(&mi->mi_lock);
503                 }
504                 lwp_stat_update(LWP_STAT_INBLK, 1);
505         } while (count && !res.eof);
506 
507         return (0);
508 }
509 
510 /* ARGSUSED */
511 static int
512 nfs3_read(vnode_t *vp, struct uio *uiop, int ioflag, cred_t *cr,
513         caller_context_t *ct)
514 {
515         rnode_t *rp;
516         u_offset_t off;
517         offset_t diff;
518         int on;
519         size_t n;
520         caddr_t base;
521         uint_t flags;
522         int error = 0;
523         mntinfo_t *mi;
524 
525         rp = VTOR(vp);
526         mi = VTOMI(vp);
527 
528         ASSERT(nfs_rw_lock_held(&rp->r_rwlock, RW_READER));
529 
530         if (nfs_zone() != mi->mi_zone)
531                 return (EIO);
532 
533         if (vp->v_type != VREG)
534                 return (EISDIR);
535 
536         if (uiop->uio_resid == 0)
537                 return (0);
538 
539         if (uiop->uio_loffset < 0 || uiop->uio_loffset + uiop->uio_resid < 0)
540                 return (EINVAL);
541 
542         /*
543          * Bypass VM if caching has been disabled (e.g., locking) or if
544          * using client-side direct I/O and the file is not mmap'd and
545          * there are no cached pages.
546          */
547         if ((vp->v_flag & VNOCACHE) ||
548             (((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO)) &&
549             rp->r_mapcnt == 0 && !vn_has_cached_data(vp))) {
550                 return (nfs3_directio_read(vp, uiop, cr));
551         }
552 
553         do {
554                 off = uiop->uio_loffset & MAXBMASK; /* mapping offset */
555                 on = uiop->uio_loffset & MAXBOFFSET; /* Relative offset */
556                 n = MIN(MAXBSIZE - on, uiop->uio_resid);
557 
558                 error = nfs3_validate_caches(vp, cr);
559                 if (error)
560                         break;
561 
562                 mutex_enter(&rp->r_statelock);
563                 diff = rp->r_size - uiop->uio_loffset;
564                 mutex_exit(&rp->r_statelock);
565                 if (diff <= 0)
566                         break;
567                 if (diff < n)
568                         n = (size_t)diff;
569 
570                 base = segmap_getmapflt(segkmap, vp, off + on, n, 1, S_READ);
571 
572                 error = uiomove(base + on, n, UIO_READ, uiop);
573 
574                 if (!error) {
575                         /*
576                          * If read a whole block or read to eof,
577                          * won't need this buffer again soon.
578                          */
579                         mutex_enter(&rp->r_statelock);
580                         if (n + on == MAXBSIZE ||
581                             uiop->uio_loffset == rp->r_size)
582                                 flags = SM_DONTNEED;
583                         else
584                                 flags = 0;
585                         mutex_exit(&rp->r_statelock);
586                         error = segmap_release(segkmap, base, flags);
587                 } else
588                         (void) segmap_release(segkmap, base, 0);
589         } while (!error && uiop->uio_resid > 0);
590 
591         return (error);
592 }
593 
594 /* ARGSUSED */
595 static int
596 nfs3_write(vnode_t *vp, struct uio *uiop, int ioflag, cred_t *cr,
597         caller_context_t *ct)
598 {
599         rlim64_t limit = uiop->uio_llimit;
600         rnode_t *rp;
601         u_offset_t off;
602         caddr_t base;
603         uint_t flags;
604         int remainder;
605         size_t n;
606         int on;
607         int error;
608         int resid;
609         offset_t offset;
610         mntinfo_t *mi;
611         uint_t bsize;
612 
613         rp = VTOR(vp);
614 
615         if (vp->v_type != VREG)
616                 return (EISDIR);
617 
618         mi = VTOMI(vp);
619         if (nfs_zone() != mi->mi_zone)
620                 return (EIO);
621         if (uiop->uio_resid == 0)
622                 return (0);
623 
624         if (ioflag & FAPPEND) {
625                 struct vattr va;
626 
627                 /*
628                  * Must serialize if appending.
629                  */
630                 if (nfs_rw_lock_held(&rp->r_rwlock, RW_READER)) {
631                         nfs_rw_exit(&rp->r_rwlock);
632                         if (nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER,
633                             INTR(vp)))
634                                 return (EINTR);
635                 }
636 
637                 va.va_mask = AT_SIZE;
638                 error = nfs3getattr(vp, &va, cr);
639                 if (error)
640                         return (error);
641                 uiop->uio_loffset = va.va_size;
642         }
643 
644         offset = uiop->uio_loffset + uiop->uio_resid;
645 
646         if (uiop->uio_loffset < 0 || offset < 0)
647                 return (EINVAL);
648 
649         if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
650                 limit = MAXOFFSET_T;
651 
652         /*
653          * Check to make sure that the process will not exceed
654          * its limit on file size.  It is okay to write up to
655          * the limit, but not beyond.  Thus, the write which
656          * reaches the limit will be short and the next write
657          * will return an error.
658          */
659         remainder = 0;
660         if (offset > limit) {
661                 remainder = offset - limit;
662                 uiop->uio_resid = limit - uiop->uio_loffset;
663                 if (uiop->uio_resid <= 0) {
664                         proc_t *p = ttoproc(curthread);
665 
666                         uiop->uio_resid += remainder;
667                         mutex_enter(&p->p_lock);
668                         (void) rctl_action(rctlproc_legacy[RLIMIT_FSIZE],
669                             p->p_rctls, p, RCA_UNSAFE_SIGINFO);
670                         mutex_exit(&p->p_lock);
671                         return (EFBIG);
672                 }
673         }
674 
675         if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_READER, INTR(vp)))
676                 return (EINTR);
677 
678         /*
679          * Bypass VM if caching has been disabled (e.g., locking) or if
680          * using client-side direct I/O and the file is not mmap'd and
681          * there are no cached pages.
682          */
683         if ((vp->v_flag & VNOCACHE) ||
684             (((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO)) &&
685             rp->r_mapcnt == 0 && !vn_has_cached_data(vp))) {
686                 size_t bufsize;
687                 int count;
688                 u_offset_t org_offset;
689                 stable_how stab_comm;
690 
691 nfs3_fwrite:
692                 if (rp->r_flags & RSTALE) {
693                         resid = uiop->uio_resid;
694                         offset = uiop->uio_loffset;
695                         error = rp->r_error;
696                         goto bottom;
697                 }
698                 bufsize = MIN(uiop->uio_resid, mi->mi_stsize);
699                 base = kmem_alloc(bufsize, KM_SLEEP);
700                 do {
701                         if (ioflag & FDSYNC)
702                                 stab_comm = DATA_SYNC;
703                         else
704                                 stab_comm = FILE_SYNC;
705                         resid = uiop->uio_resid;
706                         offset = uiop->uio_loffset;
707                         count = MIN(uiop->uio_resid, bufsize);
708                         org_offset = uiop->uio_loffset;
709                         error = uiomove(base, count, UIO_WRITE, uiop);
710                         if (!error) {
711                                 error = nfs3write(vp, base, org_offset,
712                                     count, cr, &stab_comm);
713                         }
714                 } while (!error && uiop->uio_resid > 0);
715                 kmem_free(base, bufsize);
716                 goto bottom;
717         }
718 
719 
720         bsize = vp->v_vfsp->vfs_bsize;
721 
722         do {
723                 off = uiop->uio_loffset & MAXBMASK; /* mapping offset */
724                 on = uiop->uio_loffset & MAXBOFFSET; /* Relative offset */
725                 n = MIN(MAXBSIZE - on, uiop->uio_resid);
726 
727                 resid = uiop->uio_resid;
728                 offset = uiop->uio_loffset;
729 
730                 if (rp->r_flags & RSTALE) {
731                         error = rp->r_error;
732                         break;
733                 }
734 
735                 /*
736                  * Don't create dirty pages faster than they
737                  * can be cleaned so that the system doesn't
738                  * get imbalanced.  If the async queue is
739                  * maxed out, then wait for it to drain before
740                  * creating more dirty pages.  Also, wait for
741                  * any threads doing pagewalks in the vop_getattr
742                  * entry points so that they don't block for
743                  * long periods.
744                  */
745                 mutex_enter(&rp->r_statelock);
746                 while ((mi->mi_max_threads != 0 &&
747                     rp->r_awcount > 2 * mi->mi_max_threads) ||
748                     rp->r_gcount > 0)
749                         cv_wait(&rp->r_cv, &rp->r_statelock);
750                 mutex_exit(&rp->r_statelock);
751 
752                 if (segmap_kpm) {
753                         int pon = uiop->uio_loffset & PAGEOFFSET;
754                         size_t pn = MIN(PAGESIZE - pon, uiop->uio_resid);
755                         int pagecreate;
756 
757                         mutex_enter(&rp->r_statelock);
758                         pagecreate = (pon == 0) && (pn == PAGESIZE ||
759                                 uiop->uio_loffset + pn >= rp->r_size);
760                         mutex_exit(&rp->r_statelock);
761 
762                         base = segmap_getmapflt(segkmap, vp, off + on,
763                                                 pn, !pagecreate, S_WRITE);
764 
765                         error = writerp(rp, base + pon, n, uiop, pagecreate);
766 
767                 } else {
768                         base = segmap_getmapflt(segkmap, vp, off + on,
769                                                 n, 0, S_READ);
770                         error = writerp(rp, base + on, n, uiop, 0);
771                 }
772 
773                 if (!error) {
774                         if (mi->mi_flags & MI_NOAC)
775                                 flags = SM_WRITE;
776                         else if ((uiop->uio_loffset % bsize) == 0 ||
777                             IS_SWAPVP(vp)) {
778                                 /*
779                                  * Have written a whole block.
780                                  * Start an asynchronous write
781                                  * and mark the buffer to
782                                  * indicate that it won't be
783                                  * needed again soon.
784                                  */
785                                 flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
786                         } else
787                                 flags = 0;
788                         if ((ioflag & (FSYNC|FDSYNC)) ||
789                             (rp->r_flags & ROUTOFSPACE)) {
790                                 flags &= ~SM_ASYNC;
791                                 flags |= SM_WRITE;
792                         }
793                         error = segmap_release(segkmap, base, flags);
794                 } else {
795                         (void) segmap_release(segkmap, base, 0);
796                         /*
797                          * In the event that we got an access error while
798                          * faulting in a page for a write-only file just
799                          * force a write.
800                          */
801                         if (error == EACCES)
802                                 goto nfs3_fwrite;
803                 }
804         } while (!error && uiop->uio_resid > 0);
805 
806 bottom:
807         if (error) {
808                 uiop->uio_resid = resid + remainder;
809                 uiop->uio_loffset = offset;
810         } else
811                 uiop->uio_resid += remainder;
812 
813         nfs_rw_exit(&rp->r_lkserlock);
814 
815         return (error);
816 }
817 
818 /*
819  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
820  */
821 static int
822 nfs3_rdwrlbn(vnode_t *vp, page_t *pp, u_offset_t off, size_t len,
823         int flags, cred_t *cr)
824 {
825         struct buf *bp;
826         int error;
827         page_t *savepp;
828         uchar_t fsdata;
829         stable_how stab_comm;
830 
831         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
832         bp = pageio_setup(pp, len, vp, flags);
833         ASSERT(bp != NULL);
834 
835         /*
836          * pageio_setup should have set b_addr to 0.  This
837          * is correct since we want to do I/O on a page
838          * boundary.  bp_mapin will use this addr to calculate
839          * an offset, and then set b_addr to the kernel virtual
840          * address it allocated for us.
841          */
842         ASSERT(bp->b_un.b_addr == 0);
843 
844         bp->b_edev = 0;
845         bp->b_dev = 0;
846         bp->b_lblkno = lbtodb(off);
847         bp->b_file = vp;
848         bp->b_offset = (offset_t)off;
849         bp_mapin(bp);
850 
851         /*
852          * Calculate the desired level of stability to write data
853          * on the server and then mark all of the pages to reflect
854          * this.
855          */
856         if ((flags & (B_WRITE|B_ASYNC)) == (B_WRITE|B_ASYNC) &&
857             freemem > desfree) {
858                 stab_comm = UNSTABLE;
859                 fsdata = C_DELAYCOMMIT;
860         } else {
861                 stab_comm = FILE_SYNC;
862                 fsdata = C_NOCOMMIT;
863         }
864 
865         savepp = pp;
866         do {
867                 pp->p_fsdata = fsdata;
868         } while ((pp = pp->p_next) != savepp);
869 
870         error = nfs3_bio(bp, &stab_comm, cr);
871 
872         bp_mapout(bp);
873         pageio_done(bp);
874 
875         /*
876          * If the server wrote pages in a more stable fashion than
877          * was requested, then clear all of the marks in the pages
878          * indicating that COMMIT operations were required.
879          */
880         if (stab_comm != UNSTABLE && fsdata == C_DELAYCOMMIT) {
881                 do {
882                         pp->p_fsdata = C_NOCOMMIT;
883                 } while ((pp = pp->p_next) != savepp);
884         }
885 
886         return (error);
887 }
888 
889 /*
890  * Write to file.  Writes to remote server in largest size
891  * chunks that the server can handle.  Write is synchronous.
892  */
893 static int
894 nfs3write(vnode_t *vp, caddr_t base, u_offset_t offset, int count, cred_t *cr,
895         stable_how *stab_comm)
896 {
897         mntinfo_t *mi;
898         WRITE3args args;
899         WRITE3res res;
900         int error;
901         int tsize;
902         rnode_t *rp;
903         int douprintf;
904 
905         rp = VTOR(vp);
906         mi = VTOMI(vp);
907 
908         ASSERT(nfs_zone() == mi->mi_zone);
909 
910         args.file = *VTOFH3(vp);
911         args.stable = *stab_comm;
912 
913         *stab_comm = FILE_SYNC;
914 
915         douprintf = 1;
916 
917         do {
918                 if ((vp->v_flag & VNOCACHE) ||
919                     (rp->r_flags & RDIRECTIO) ||
920                     (mi->mi_flags & MI_DIRECTIO))
921                         tsize = MIN(mi->mi_stsize, count);
922                 else
923                         tsize = MIN(mi->mi_curwrite, count);
924                 args.offset = (offset3)offset;
925                 args.count = (count3)tsize;
926                 args.data.data_len = (uint_t)tsize;
927                 args.data.data_val = base;
928 
929                 if (mi->mi_io_kstats) {
930                         mutex_enter(&mi->mi_lock);
931                         kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
932                         mutex_exit(&mi->mi_lock);
933                 }
934                 args.mblk = NULL;
935                 do {
936                         error = rfs3call(mi, NFSPROC3_WRITE,
937                             xdr_WRITE3args, (caddr_t)&args,
938                             xdr_WRITE3res, (caddr_t)&res, cr,
939                             &douprintf, &res.status, 0, NULL);
940                 } while (error == ENFS_TRYAGAIN);
941                 if (mi->mi_io_kstats) {
942                         mutex_enter(&mi->mi_lock);
943                         kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
944                         mutex_exit(&mi->mi_lock);
945                 }
946 
947                 if (error)
948                         return (error);
949                 error = geterrno3(res.status);
950                 if (!error) {
951                         if (res.resok.count > args.count) {
952                                 zcmn_err(getzoneid(), CE_WARN,
953                                     "nfs3write: server %s wrote %u, "
954                                     "requested was %u",
955                                     rp->r_server->sv_hostname,
956                                     res.resok.count, args.count);
957                                 return (EIO);
958                         }
959                         if (res.resok.committed == UNSTABLE) {
960                                 *stab_comm = UNSTABLE;
961                                 if (args.stable == DATA_SYNC ||
962                                     args.stable == FILE_SYNC) {
963                                         zcmn_err(getzoneid(), CE_WARN,
964                         "nfs3write: server %s did not commit to stable storage",
965                                             rp->r_server->sv_hostname);
966                                         return (EIO);
967                                 }
968                         }
969                         tsize = (int)res.resok.count;
970                         count -= tsize;
971                         base += tsize;
972                         offset += tsize;
973                         if (mi->mi_io_kstats) {
974                                 mutex_enter(&mi->mi_lock);
975                                 KSTAT_IO_PTR(mi->mi_io_kstats)->writes++;
976                                 KSTAT_IO_PTR(mi->mi_io_kstats)->nwritten +=
977                                     tsize;
978                                 mutex_exit(&mi->mi_lock);
979                         }
980                         lwp_stat_update(LWP_STAT_OUBLK, 1);
981                         mutex_enter(&rp->r_statelock);
982                         if (rp->r_flags & RHAVEVERF) {
983                                 if (rp->r_verf != res.resok.verf) {
984                                         nfs3_set_mod(vp);
985                                         rp->r_verf = res.resok.verf;
986                                         /*
987                                          * If the data was written UNSTABLE,
988                                          * then might as well stop because
989                                          * the whole block will have to get
990                                          * rewritten anyway.
991                                          */
992                                         if (*stab_comm == UNSTABLE) {
993                                                 mutex_exit(&rp->r_statelock);
994                                                 break;
995                                         }
996                                 }
997                         } else {
998                                 rp->r_verf = res.resok.verf;
999                                 rp->r_flags |= RHAVEVERF;
1000                         }
1001                         /*
1002                          * Mark the attribute cache as timed out and
1003                          * set RWRITEATTR to indicate that the file
1004                          * was modified with a WRITE operation and
1005                          * that the attributes can not be trusted.
1006                          */
1007                         PURGE_ATTRCACHE_LOCKED(rp);
1008                         rp->r_flags |= RWRITEATTR;
1009                         mutex_exit(&rp->r_statelock);
1010                 }
1011         } while (!error && count);
1012 
1013         return (error);
1014 }
1015 
1016 /*
1017  * Read from a file.  Reads data in largest chunks our interface can handle.
1018  */
1019 static int
1020 nfs3read(vnode_t *vp, caddr_t base, offset_t offset, int count,
1021         size_t *residp, cred_t *cr)
1022 {
1023         mntinfo_t *mi;
1024         READ3args args;
1025         READ3vres res;
1026         int tsize;
1027         int error;
1028         int douprintf;
1029         failinfo_t fi;
1030         rnode_t *rp;
1031         struct vattr va;
1032         hrtime_t t;
1033 
1034         rp = VTOR(vp);
1035         mi = VTOMI(vp);
1036         ASSERT(nfs_zone() == mi->mi_zone);
1037         douprintf = 1;
1038 
1039         args.file = *VTOFH3(vp);
1040         fi.vp = vp;
1041         fi.fhp = (caddr_t)&args.file;
1042         fi.copyproc = nfs3copyfh;
1043         fi.lookupproc = nfs3lookup;
1044         fi.xattrdirproc = acl_getxattrdir3;
1045 
1046         res.pov.fres.vp = vp;
1047         res.pov.fres.vap = &va;
1048 
1049         *residp = count;
1050         do {
1051                 if (mi->mi_io_kstats) {
1052                         mutex_enter(&mi->mi_lock);
1053                         kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
1054                         mutex_exit(&mi->mi_lock);
1055                 }
1056 
1057                 do {
1058                         if ((vp->v_flag & VNOCACHE) ||
1059                             (rp->r_flags & RDIRECTIO) ||
1060                             (mi->mi_flags & MI_DIRECTIO))
1061                                 tsize = MIN(mi->mi_tsize, count);
1062                         else
1063                                 tsize = MIN(mi->mi_curread, count);
1064                         res.data.data_val = base;
1065                         res.data.data_len = tsize;
1066                         args.offset = (offset3)offset;
1067                         args.count = (count3)tsize;
1068                         t = gethrtime();
1069                         error = rfs3call(mi, NFSPROC3_READ,
1070                             xdr_READ3args, (caddr_t)&args,
1071                             xdr_READ3vres, (caddr_t)&res, cr,
1072                             &douprintf, &res.status, 0, &fi);
1073                 } while (error == ENFS_TRYAGAIN);
1074 
1075                 if (mi->mi_io_kstats) {
1076                         mutex_enter(&mi->mi_lock);
1077                         kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
1078                         mutex_exit(&mi->mi_lock);
1079                 }
1080 
1081                 if (error)
1082                         return (error);
1083 
1084                 error = geterrno3(res.status);
1085                 if (error)
1086                         return (error);
1087 
1088                 if (res.count != res.data.data_len) {
1089                         zcmn_err(getzoneid(), CE_WARN,
1090                                 "nfs3read: server %s returned incorrect amount",
1091                                 rp->r_server->sv_hostname);
1092                         return (EIO);
1093                 }
1094 
1095                 count -= res.count;
1096                 *residp = count;
1097                 base += res.count;
1098                 offset += res.count;
1099                 if (mi->mi_io_kstats) {
1100                         mutex_enter(&mi->mi_lock);
1101                         KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
1102                         KSTAT_IO_PTR(mi->mi_io_kstats)->nread += res.count;
1103                         mutex_exit(&mi->mi_lock);
1104                 }
1105                 lwp_stat_update(LWP_STAT_INBLK, 1);
1106         } while (count && !res.eof);
1107 
1108         if (res.pov.attributes) {
1109                 mutex_enter(&rp->r_statelock);
1110                 if (!CACHE_VALID(rp, va.va_mtime, va.va_size)) {
1111                         mutex_exit(&rp->r_statelock);
1112                         PURGE_ATTRCACHE(vp);
1113                 } else {
1114                         if (rp->r_mtime <= t)
1115                                 nfs_attrcache_va(vp, &va);
1116                         mutex_exit(&rp->r_statelock);
1117                 }
1118         }
1119 
1120         return (0);
1121 }
1122 
1123 /* ARGSUSED */
1124 static int
1125 nfs3_ioctl(vnode_t *vp, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
1126 {
1127 
1128         if (nfs_zone() != VTOMI(vp)->mi_zone)
1129                 return (EIO);
1130         switch (cmd) {
1131                 case _FIODIRECTIO:
1132                         return (nfs_directio(vp, (int)arg, cr));
1133                 default:
1134                         return (ENOTTY);
1135         }
1136 }
1137 
1138 static int
1139 nfs3_getattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr)
1140 {
1141         int error;
1142         rnode_t *rp;
1143 
1144         if (nfs_zone() != VTOMI(vp)->mi_zone)
1145                 return (EIO);
1146         /*
1147          * If it has been specified that the return value will
1148          * just be used as a hint, and we are only being asked
1149          * for size, fsid or rdevid, then return the client's
1150          * notion of these values without checking to make sure
1151          * that the attribute cache is up to date.
1152          * The whole point is to avoid an over the wire GETATTR
1153          * call.
1154          */
1155         rp = VTOR(vp);
1156         if (flags & ATTR_HINT) {
1157                 if (vap->va_mask ==
1158                     (vap->va_mask & (AT_SIZE | AT_FSID | AT_RDEV))) {
1159                         mutex_enter(&rp->r_statelock);
1160                         if (vap->va_mask | AT_SIZE)
1161                                 vap->va_size = rp->r_size;
1162                         if (vap->va_mask | AT_FSID)
1163                                 vap->va_fsid = rp->r_attr.va_fsid;
1164                         if (vap->va_mask | AT_RDEV)
1165                                 vap->va_rdev = rp->r_attr.va_rdev;
1166                         mutex_exit(&rp->r_statelock);
1167                         return (0);
1168                 }
1169         }
1170 
1171         /*
1172          * Only need to flush pages if asking for the mtime
1173          * and if there any dirty pages or any outstanding
1174          * asynchronous (write) requests for this file.
1175          */
1176         if (vap->va_mask & AT_MTIME) {
1177                 if (vn_has_cached_data(vp) &&
1178                     ((rp->r_flags & RDIRTY) || rp->r_awcount > 0)) {
1179                         mutex_enter(&rp->r_statelock);
1180                         rp->r_gcount++;
1181                         mutex_exit(&rp->r_statelock);
1182                         error = nfs3_putpage(vp, (offset_t)0, 0, 0, cr);
1183                         mutex_enter(&rp->r_statelock);
1184                         if (error && (error == ENOSPC || error == EDQUOT)) {
1185                                 if (!rp->r_error)
1186                                         rp->r_error = error;
1187                         }
1188                         if (--rp->r_gcount == 0)
1189                                 cv_broadcast(&rp->r_cv);
1190                         mutex_exit(&rp->r_statelock);
1191                 }
1192         }
1193 
1194         return (nfs3getattr(vp, vap, cr));
1195 }
1196 
1197 /*ARGSUSED4*/
1198 static int
1199 nfs3_setattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr,
1200                 caller_context_t *ct)
1201 {
1202         int error;
1203         struct vattr va;
1204 
1205         if (vap->va_mask & AT_NOSET)
1206                 return (EINVAL);
1207         if (nfs_zone() != VTOMI(vp)->mi_zone)
1208                 return (EIO);
1209 
1210         va.va_mask = AT_UID | AT_MODE;
1211         error = nfs3getattr(vp, &va, cr);
1212         if (error)
1213                 return (error);
1214 
1215         error = secpolicy_vnode_setattr(cr, vp, vap, &va, flags, nfs3_accessx,
1216                 vp);
1217         if (error)
1218                 return (error);
1219 
1220         return (nfs3setattr(vp, vap, flags, cr));
1221 }
1222 
1223 static int
1224 nfs3setattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr)
1225 {
1226         int error;
1227         uint_t mask;
1228         SETATTR3args args;
1229         SETATTR3res res;
1230         int douprintf;
1231         rnode_t *rp;
1232         struct vattr va;
1233         mode_t omode;
1234         vsecattr_t *vsp;
1235         hrtime_t t;
1236 
1237         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
1238         mask = vap->va_mask;
1239 
1240         rp = VTOR(vp);
1241 
1242         /*
1243          * Only need to flush pages if there are any pages and
1244          * if the file is marked as dirty in some fashion.  The
1245          * file must be flushed so that we can accurately
1246          * determine the size of the file and the cached data
1247          * after the SETATTR returns.  A file is considered to
1248          * be dirty if it is either marked with RDIRTY, has
1249          * outstanding i/o's active, or is mmap'd.  In this
1250          * last case, we can't tell whether there are dirty
1251          * pages, so we flush just to be sure.
1252          */
1253         if (vn_has_cached_data(vp) &&
1254             ((rp->r_flags & RDIRTY) ||
1255             rp->r_count > 0 ||
1256             rp->r_mapcnt > 0)) {
1257                 ASSERT(vp->v_type != VCHR);
1258                 error = nfs3_putpage(vp, (offset_t)0, 0, 0, cr);
1259                 if (error && (error == ENOSPC || error == EDQUOT)) {
1260                         mutex_enter(&rp->r_statelock);
1261                         if (!rp->r_error)
1262                                 rp->r_error = error;
1263                         mutex_exit(&rp->r_statelock);
1264                 }
1265         }
1266 
1267         args.object = *RTOFH3(rp);
1268         /*
1269          * If the intent is for the server to set the times,
1270          * there is no point in have the mask indicating set mtime or
1271          * atime, because the vap values may be junk, and so result
1272          * in an overflow error. Remove these flags from the vap mask
1273          * before calling in this case, and restore them afterwards.
1274          */
1275         if ((mask & (AT_ATIME | AT_MTIME)) && !(flags & ATTR_UTIME)) {
1276                 /* Use server times, so don't set the args time fields */
1277                 vap->va_mask &= ~(AT_ATIME | AT_MTIME);
1278                 error = vattr_to_sattr3(vap, &args.new_attributes);
1279                 vap->va_mask |= (mask & (AT_ATIME | AT_MTIME));
1280                 if (mask & AT_ATIME) {
1281                         args.new_attributes.atime.set_it = SET_TO_SERVER_TIME;
1282                 }
1283                 if (mask & AT_MTIME) {
1284                         args.new_attributes.mtime.set_it = SET_TO_SERVER_TIME;
1285                 }
1286         } else {
1287                 /* Either do not set times or use the client specified times */
1288                 error = vattr_to_sattr3(vap, &args.new_attributes);
1289         }
1290 
1291         if (error) {
1292                 /* req time field(s) overflow - return immediately */
1293                 return (error);
1294         }
1295 
1296         va.va_mask = AT_MODE | AT_CTIME;
1297         error = nfs3getattr(vp, &va, cr);
1298         if (error)
1299                 return (error);
1300         omode = va.va_mode;
1301 
1302 tryagain:
1303         if (mask & AT_SIZE) {
1304                 args.guard.check = TRUE;
1305                 args.guard.obj_ctime.seconds = va.va_ctime.tv_sec;
1306                 args.guard.obj_ctime.nseconds = va.va_ctime.tv_nsec;
1307         } else
1308                 args.guard.check = FALSE;
1309 
1310         douprintf = 1;
1311 
1312         t = gethrtime();
1313 
1314         error = rfs3call(VTOMI(vp), NFSPROC3_SETATTR,
1315             xdr_SETATTR3args, (caddr_t)&args,
1316             xdr_SETATTR3res, (caddr_t)&res, cr,
1317             &douprintf, &res.status, 0, NULL);
1318 
1319         /*
1320          * Purge the access cache and ACL cache if changing either the
1321          * owner of the file, the group owner, or the mode.  These may
1322          * change the access permissions of the file, so purge old
1323          * information and start over again.
1324          */
1325         if (mask & (AT_UID | AT_GID | AT_MODE)) {
1326                 (void) nfs_access_purge_rp(rp);
1327                 if (rp->r_secattr != NULL) {
1328                         mutex_enter(&rp->r_statelock);
1329                         vsp = rp->r_secattr;
1330                         rp->r_secattr = NULL;
1331                         mutex_exit(&rp->r_statelock);
1332                         if (vsp != NULL)
1333                                 nfs_acl_free(vsp);
1334                 }
1335         }
1336 
1337         if (error) {
1338                 PURGE_ATTRCACHE(vp);
1339                 return (error);
1340         }
1341 
1342         error = geterrno3(res.status);
1343         if (!error) {
1344                 /*
1345                  * If changing the size of the file, invalidate
1346                  * any local cached data which is no longer part
1347                  * of the file.  We also possibly invalidate the
1348                  * last page in the file.  We could use
1349                  * pvn_vpzero(), but this would mark the page as
1350                  * modified and require it to be written back to
1351                  * the server for no particularly good reason.
1352                  * This way, if we access it, then we bring it
1353                  * back in.  A read should be cheaper than a
1354                  * write.
1355                  */
1356                 if (mask & AT_SIZE) {
1357                         nfs_invalidate_pages(vp,
1358                             (vap->va_size & PAGEMASK), cr);
1359                 }
1360                 nfs3_cache_wcc_data(vp, &res.resok.obj_wcc, t, cr);
1361                 /*
1362                  * Some servers will change the mode to clear the setuid
1363                  * and setgid bits when changing the uid or gid.  The
1364                  * client needs to compensate appropriately.
1365                  */
1366                 if (mask & (AT_UID | AT_GID)) {
1367                         int terror;
1368 
1369                         va.va_mask = AT_MODE;
1370                         terror = nfs3getattr(vp, &va, cr);
1371                         if (!terror &&
1372                             (((mask & AT_MODE) && va.va_mode != vap->va_mode) ||
1373                             (!(mask & AT_MODE) && va.va_mode != omode))) {
1374                                 va.va_mask = AT_MODE;
1375                                 if (mask & AT_MODE)
1376                                         va.va_mode = vap->va_mode;
1377                                 else
1378                                         va.va_mode = omode;
1379                                 (void) nfs3setattr(vp, &va, 0, cr);
1380                         }
1381                 }
1382         } else {
1383                 nfs3_cache_wcc_data(vp, &res.resfail.obj_wcc, t, cr);
1384                 /*
1385                  * If we got back a "not synchronized" error, then
1386                  * we need to retry with a new guard value.  The
1387                  * guard value used is the change time.  If the
1388                  * server returned post_op_attr, then we can just
1389                  * retry because we have the latest attributes.
1390                  * Otherwise, we issue a GETATTR to get the latest
1391                  * attributes and then retry.  If we couldn't get
1392                  * the attributes this way either, then we give
1393                  * up because we can't complete the operation as
1394                  * required.
1395                  */
1396                 if (res.status == NFS3ERR_NOT_SYNC) {
1397                         va.va_mask = AT_CTIME;
1398                         if (nfs3getattr(vp, &va, cr) == 0)
1399                                 goto tryagain;
1400                 }
1401                 PURGE_STALE_FH(error, vp, cr);
1402         }
1403 
1404         return (error);
1405 }
1406 
1407 static int
1408 nfs3_accessx(void *vp, int mode, cred_t *cr)
1409 {
1410         ASSERT(nfs_zone() == VTOMI((vnode_t *)vp)->mi_zone);
1411         return (nfs3_access(vp, mode, 0, cr));
1412 }
1413 
1414 /* ARGSUSED */
1415 static int
1416 nfs3_access(vnode_t *vp, int mode, int flags, cred_t *cr)
1417 {
1418         int error;
1419         ACCESS3args args;
1420         ACCESS3res res;
1421         int douprintf;
1422         uint32 acc;
1423         rnode_t *rp;
1424         cred_t *cred, *ncr, *ncrfree = NULL;
1425         failinfo_t fi;
1426         nfs_access_type_t cacc;
1427         hrtime_t t;
1428 
1429         acc = 0;
1430         if (nfs_zone() != VTOMI(vp)->mi_zone)
1431                 return (EIO);
1432         if (mode & VREAD)
1433                 acc |= ACCESS3_READ;
1434         if (mode & VWRITE) {
1435                 if (vn_is_readonly(vp) && !IS_DEVVP(vp))
1436                         return (EROFS);
1437                 if (vp->v_type == VDIR)
1438                         acc |= ACCESS3_DELETE;
1439                 acc |= ACCESS3_MODIFY | ACCESS3_EXTEND;
1440         }
1441         if (mode & VEXEC) {
1442                 if (vp->v_type == VDIR)
1443                         acc |= ACCESS3_LOOKUP;
1444                 else
1445                         acc |= ACCESS3_EXECUTE;
1446         }
1447 
1448         rp = VTOR(vp);
1449         args.object = *VTOFH3(vp);
1450         if (vp->v_type == VDIR) {
1451                 args.access = ACCESS3_READ | ACCESS3_DELETE | ACCESS3_MODIFY |
1452                     ACCESS3_EXTEND | ACCESS3_LOOKUP;
1453         } else {
1454                 args.access = ACCESS3_READ | ACCESS3_MODIFY | ACCESS3_EXTEND |
1455                     ACCESS3_EXECUTE;
1456         }
1457         fi.vp = vp;
1458         fi.fhp = (caddr_t)&args.object;
1459         fi.copyproc = nfs3copyfh;
1460         fi.lookupproc = nfs3lookup;
1461         fi.xattrdirproc = acl_getxattrdir3;
1462 
1463         cred = cr;
1464         /*
1465          * ncr and ncrfree both initially
1466          * point to the memory area returned
1467          * by crnetadjust();
1468          * ncrfree not NULL when exiting means
1469          * that we need to release it
1470          */
1471         ncr = crnetadjust(cred);
1472         ncrfree = ncr;
1473 tryagain:
1474         if (rp->r_acache != NULL) {
1475                 cacc = nfs_access_check(rp, acc, cred);
1476                 if (cacc == NFS_ACCESS_ALLOWED) {
1477                         if (ncrfree != NULL)
1478                                 crfree(ncrfree);
1479                         return (0);
1480                 }
1481                 if (cacc == NFS_ACCESS_DENIED) {
1482                         /*
1483                          * If the cred can be adjusted, try again
1484                          * with the new cred.
1485                          */
1486                         if (ncr != NULL) {
1487                                 cred = ncr;
1488                                 ncr = NULL;
1489                                 goto tryagain;
1490                         }
1491                         if (ncrfree != NULL)
1492                                 crfree(ncrfree);
1493                         return (EACCES);
1494                 }
1495         }
1496 
1497         douprintf = 1;
1498 
1499         t = gethrtime();
1500 
1501         error = rfs3call(VTOMI(vp), NFSPROC3_ACCESS,
1502             xdr_ACCESS3args, (caddr_t)&args,
1503             xdr_ACCESS3res, (caddr_t)&res, cred,
1504             &douprintf, &res.status, 0, &fi);
1505 
1506         if (error) {
1507                 if (ncrfree != NULL)
1508                         crfree(ncrfree);
1509                 return (error);
1510         }
1511 
1512         error = geterrno3(res.status);
1513         if (!error) {
1514                 nfs3_cache_post_op_attr(vp, &res.resok.obj_attributes, t, cr);
1515                 nfs_access_cache(rp, args.access, res.resok.access, cred);
1516                 /*
1517                  * we just cached results with cred; if cred is the
1518                  * adjusted credentials from crnetadjust, we do not want
1519                  * to release them before exiting: hence setting ncrfree
1520                  * to NULL
1521                  */
1522                 if (cred != cr)
1523                         ncrfree = NULL;
1524                 if ((acc & res.resok.access) != acc) {
1525                         /*
1526                          * If the cred can be adjusted, try again
1527                          * with the new cred.
1528                          */
1529                         if (ncr != NULL) {
1530                                 cred = ncr;
1531                                 ncr = NULL;
1532                                 goto tryagain;
1533                         }
1534                         error = EACCES;
1535                 }
1536         } else {
1537                 nfs3_cache_post_op_attr(vp, &res.resfail.obj_attributes, t, cr);
1538                 PURGE_STALE_FH(error, vp, cr);
1539         }
1540 
1541         if (ncrfree != NULL)
1542                 crfree(ncrfree);
1543 
1544         return (error);
1545 }
1546 
1547 static int nfs3_do_symlink_cache = 1;
1548 
1549 static int
1550 nfs3_readlink(vnode_t *vp, struct uio *uiop, cred_t *cr)
1551 {
1552         int error;
1553         READLINK3args args;
1554         READLINK3res res;
1555         nfspath3 resdata_backup;
1556         rnode_t *rp;
1557         int douprintf;
1558         int len;
1559         failinfo_t fi;
1560         hrtime_t t;
1561 
1562         /*
1563          * Can't readlink anything other than a symbolic link.
1564          */
1565         if (vp->v_type != VLNK)
1566                 return (EINVAL);
1567         if (nfs_zone() != VTOMI(vp)->mi_zone)
1568                 return (EIO);
1569 
1570         rp = VTOR(vp);
1571         if (nfs3_do_symlink_cache && rp->r_symlink.contents != NULL) {
1572                 error = nfs3_validate_caches(vp, cr);
1573                 if (error)
1574                         return (error);
1575                 mutex_enter(&rp->r_statelock);
1576                 if (rp->r_symlink.contents != NULL) {
1577                         error = uiomove(rp->r_symlink.contents,
1578                             rp->r_symlink.len, UIO_READ, uiop);
1579                         mutex_exit(&rp->r_statelock);
1580                         return (error);
1581                 }
1582                 mutex_exit(&rp->r_statelock);
1583         }
1584 
1585         args.symlink = *VTOFH3(vp);
1586         fi.vp = vp;
1587         fi.fhp = (caddr_t)&args.symlink;
1588         fi.copyproc = nfs3copyfh;
1589         fi.lookupproc = nfs3lookup;
1590         fi.xattrdirproc = acl_getxattrdir3;
1591 
1592         res.resok.data = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1593 
1594         resdata_backup = res.resok.data;
1595 
1596         douprintf = 1;
1597 
1598         t = gethrtime();
1599 
1600         error = rfs3call(VTOMI(vp), NFSPROC3_READLINK,
1601             xdr_nfs_fh3, (caddr_t)&args,
1602             xdr_READLINK3res, (caddr_t)&res, cr,
1603             &douprintf, &res.status, 0, &fi);
1604 
1605         if (res.resok.data == nfs3nametoolong)
1606                 error = EINVAL;
1607 
1608         if (error) {
1609                 kmem_free(resdata_backup, MAXPATHLEN);
1610                 return (error);
1611         }
1612 
1613         error = geterrno3(res.status);
1614         if (!error) {
1615                 nfs3_cache_post_op_attr(vp, &res.resok.symlink_attributes, t,
1616                     cr);
1617                 len = strlen(res.resok.data);
1618                 error = uiomove(res.resok.data, len, UIO_READ, uiop);
1619                 if (nfs3_do_symlink_cache && rp->r_symlink.contents == NULL) {
1620                         mutex_enter(&rp->r_statelock);
1621                                 if (rp->r_symlink.contents == NULL) {
1622                                 rp->r_symlink.contents = res.resok.data;
1623                                 rp->r_symlink.len = len;
1624                                 rp->r_symlink.size = MAXPATHLEN;
1625                                 mutex_exit(&rp->r_statelock);
1626                         } else {
1627                                 mutex_exit(&rp->r_statelock);
1628 
1629                                 kmem_free((void *)res.resok.data, MAXPATHLEN);
1630                         }
1631                 } else {
1632                         kmem_free((void *)res.resok.data, MAXPATHLEN);
1633                 }
1634         } else {
1635                 nfs3_cache_post_op_attr(vp,
1636                     &res.resfail.symlink_attributes, t, cr);
1637                 PURGE_STALE_FH(error, vp, cr);
1638 
1639                 kmem_free((void *)res.resok.data, MAXPATHLEN);
1640 
1641         }
1642 
1643         /*
1644          * The over the wire error for attempting to readlink something
1645          * other than a symbolic link is ENXIO.  However, we need to
1646          * return EINVAL instead of ENXIO, so we map it here.
1647          */
1648         return (error == ENXIO ? EINVAL : error);
1649 }
1650 
1651 /*
1652  * Flush local dirty pages to stable storage on the server.
1653  *
1654  * If FNODSYNC is specified, then there is nothing to do because
1655  * metadata changes are not cached on the client before being
1656  * sent to the server.
1657  */
1658 static int
1659 nfs3_fsync(vnode_t *vp, int syncflag, cred_t *cr)
1660 {
1661         int error;
1662 
1663         if ((syncflag & FNODSYNC) || IS_SWAPVP(vp))
1664                 return (0);
1665         if (nfs_zone() != VTOMI(vp)->mi_zone)
1666                 return (EIO);
1667 
1668         error = nfs3_putpage_commit(vp, (offset_t)0, 0, cr);
1669         if (!error)
1670                 error = VTOR(vp)->r_error;
1671         return (error);
1672 }
1673 
1674 /*
1675  * Weirdness: if the file was removed or the target of a rename
1676  * operation while it was open, it got renamed instead.  Here we
1677  * remove the renamed file.
1678  */
1679 static void
1680 nfs3_inactive(vnode_t *vp, cred_t *cr)
1681 {
1682         rnode_t *rp;
1683 
1684         ASSERT(vp != DNLC_NO_VNODE);
1685 
1686         /*
1687          * If this is coming from the wrong zone, we let someone in the right
1688          * zone take care of it asynchronously.  We can get here due to
1689          * VN_RELE() being called from pageout() or fsflush().  This call may
1690          * potentially turn into an expensive no-op if, for instance, v_count
1691          * gets incremented in the meantime, but it's still correct.
1692          */
1693         if (nfs_zone() != VTOMI(vp)->mi_zone) {
1694                 nfs_async_inactive(vp, cr, nfs3_inactive);
1695                 return;
1696         }
1697 
1698         rp = VTOR(vp);
1699 redo:
1700         if (rp->r_unldvp != NULL) {
1701                 /*
1702                  * Save the vnode pointer for the directory where the
1703                  * unlinked-open file got renamed, then set it to NULL
1704                  * to prevent another thread from getting here before
1705                  * we're done with the remove.  While we have the
1706                  * statelock, make local copies of the pertinent rnode
1707                  * fields.  If we weren't to do this in an atomic way, the
1708                  * the unl* fields could become inconsistent with respect
1709                  * to each other due to a race condition between this
1710                  * code and nfs_remove().  See bug report 1034328.
1711                  */
1712                 mutex_enter(&rp->r_statelock);
1713                 if (rp->r_unldvp != NULL) {
1714                         vnode_t *unldvp;
1715                         char *unlname;
1716                         cred_t *unlcred;
1717                         REMOVE3args args;
1718                         REMOVE3res res;
1719                         int douprintf;
1720                         int error;
1721                         hrtime_t t;
1722 
1723                         unldvp = rp->r_unldvp;
1724                         rp->r_unldvp = NULL;
1725                         unlname = rp->r_unlname;
1726                         rp->r_unlname = NULL;
1727                         unlcred = rp->r_unlcred;
1728                         rp->r_unlcred = NULL;
1729                         mutex_exit(&rp->r_statelock);
1730 
1731                         /*
1732                          * If there are any dirty pages left, then flush
1733                          * them.  This is unfortunate because they just
1734                          * may get thrown away during the remove operation,
1735                          * but we have to do this for correctness.
1736                          */
1737                         if (vn_has_cached_data(vp) &&
1738                             ((rp->r_flags & RDIRTY) || rp->r_count > 0)) {
1739                                 ASSERT(vp->v_type != VCHR);
1740                                 error = nfs3_putpage(vp, (offset_t)0, 0, 0, cr);
1741                                 if (error) {
1742                                         mutex_enter(&rp->r_statelock);
1743                                         if (!rp->r_error)
1744                                                 rp->r_error = error;
1745                                         mutex_exit(&rp->r_statelock);
1746                                 }
1747                         }
1748 
1749                         /*
1750                          * Do the remove operation on the renamed file
1751                          */
1752                         setdiropargs3(&args.object, unlname, unldvp);
1753 
1754                         douprintf = 1;
1755 
1756                         t = gethrtime();
1757 
1758                         error = rfs3call(VTOMI(unldvp), NFSPROC3_REMOVE,
1759                             xdr_diropargs3, (caddr_t)&args,
1760                             xdr_REMOVE3res, (caddr_t)&res, unlcred,
1761                             &douprintf, &res.status, 0, NULL);
1762 
1763                         if (error) {
1764                                 PURGE_ATTRCACHE(unldvp);
1765                         } else {
1766                                 error = geterrno3(res.status);
1767                                 if (!error) {
1768                                         nfs3_cache_wcc_data(unldvp,
1769                                             &res.resok.dir_wcc, t, cr);
1770                                         if (HAVE_RDDIR_CACHE(VTOR(unldvp)))
1771                                                 nfs_purge_rddir_cache(unldvp);
1772                                 } else {
1773                                         nfs3_cache_wcc_data(unldvp,
1774                                             &res.resfail.dir_wcc, t, cr);
1775                                         PURGE_STALE_FH(error, unldvp, cr);
1776                                 }
1777                         }
1778 
1779                         /*
1780                          * Release stuff held for the remove
1781                          */
1782                         VN_RELE(unldvp);
1783                         kmem_free(unlname, MAXNAMELEN);
1784                         crfree(unlcred);
1785                         goto redo;
1786                 }
1787                 mutex_exit(&rp->r_statelock);
1788         }
1789 
1790         rp_addfree(rp, cr);
1791 }
1792 
1793 /*
1794  * Remote file system operations having to do with directory manipulation.
1795  */
1796 
1797 static int
1798 nfs3_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1799         int flags, vnode_t *rdir, cred_t *cr)
1800 {
1801         int error;
1802         vnode_t *vp;
1803         vnode_t *avp = NULL;
1804         rnode_t *drp;
1805 
1806         if (nfs_zone() != VTOMI(dvp)->mi_zone)
1807                 return (EPERM);
1808 
1809         drp = VTOR(dvp);
1810 
1811         /*
1812          * Are we looking up extended attributes?  If so, "dvp" is
1813          * the file or directory for which we want attributes, and
1814          * we need a lookup of the hidden attribute directory
1815          * before we lookup the rest of the path.
1816          */
1817         if (flags & LOOKUP_XATTR) {
1818                 bool_t cflag = ((flags & CREATE_XATTR_DIR) != 0);
1819                 mntinfo_t *mi;
1820 
1821                 mi = VTOMI(dvp);
1822                 if (!(mi->mi_flags & MI_EXTATTR))
1823                         return (EINVAL);
1824 
1825                 if (nfs_rw_enter_sig(&drp->r_rwlock, RW_READER, INTR(dvp)))
1826                         return (EINTR);
1827 
1828                 (void) nfs3lookup_dnlc(dvp, XATTR_DIR_NAME, &avp, cr);
1829                 if (avp == NULL)
1830                         error = acl_getxattrdir3(dvp, &avp, cflag, cr, 0);
1831                 else
1832                         error = 0;
1833 
1834                 nfs_rw_exit(&drp->r_rwlock);
1835 
1836                 if (error) {
1837                         if (mi->mi_flags & MI_EXTATTR)
1838                                 return (error);
1839                         return (EINVAL);
1840                 }
1841                 dvp = avp;
1842                 drp = VTOR(dvp);
1843         }
1844 
1845         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_READER, INTR(dvp))) {
1846                 error = EINTR;
1847                 goto out;
1848         }
1849 
1850         error = nfs3lookup(dvp, nm, vpp, pnp, flags, rdir, cr, 0);
1851 
1852         nfs_rw_exit(&drp->r_rwlock);
1853 
1854         /*
1855          * If vnode is a device, create special vnode.
1856          */
1857         if (!error && IS_DEVVP(*vpp)) {
1858                 vp = *vpp;
1859                 *vpp = specvp(vp, vp->v_rdev, vp->v_type, cr);
1860                 VN_RELE(vp);
1861         }
1862 
1863 out:
1864         if (avp != NULL)
1865                 VN_RELE(avp);
1866 
1867         return (error);
1868 }
1869 
1870 static int nfs3_lookup_neg_cache = 1;
1871 
1872 #ifdef DEBUG
1873 static int nfs3_lookup_dnlc_hits = 0;
1874 static int nfs3_lookup_dnlc_misses = 0;
1875 static int nfs3_lookup_dnlc_neg_hits = 0;
1876 static int nfs3_lookup_dnlc_disappears = 0;
1877 static int nfs3_lookup_dnlc_lookups = 0;
1878 #endif
1879 
1880 /* ARGSUSED */
1881 int
1882 nfs3lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1883         int flags, vnode_t *rdir, cred_t *cr, int rfscall_flags)
1884 {
1885         int error;
1886         rnode_t *drp;
1887 
1888         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
1889         /*
1890          * If lookup is for "", just return dvp.  Don't need
1891          * to send it over the wire, look it up in the dnlc,
1892          * or perform any access checks.
1893          */
1894         if (*nm == '\0') {
1895                 VN_HOLD(dvp);
1896                 *vpp = dvp;
1897                 return (0);
1898         }
1899 
1900         /*
1901          * Can't do lookups in non-directories.
1902          */
1903         if (dvp->v_type != VDIR)
1904                 return (ENOTDIR);
1905 
1906         /*
1907          * If we're called with RFSCALL_SOFT, it's important that
1908          * the only rfscall is one we make directly; if we permit
1909          * an access call because we're looking up "." or validating
1910          * a dnlc hit, we'll deadlock because that rfscall will not
1911          * have the RFSCALL_SOFT set.
1912          */
1913         if (rfscall_flags & RFSCALL_SOFT)
1914                 goto callit;
1915 
1916         /*
1917          * If lookup is for ".", just return dvp.  Don't need
1918          * to send it over the wire or look it up in the dnlc,
1919          * just need to check access.
1920          */
1921         if (strcmp(nm, ".") == 0) {
1922                 error = nfs3_access(dvp, VEXEC, 0, cr);
1923                 if (error)
1924                         return (error);
1925                 VN_HOLD(dvp);
1926                 *vpp = dvp;
1927                 return (0);
1928         }
1929 
1930         drp = VTOR(dvp);
1931         if (!(drp->r_flags & RLOOKUP)) {
1932                 mutex_enter(&drp->r_statelock);
1933                 drp->r_flags |= RLOOKUP;
1934                 mutex_exit(&drp->r_statelock);
1935         }
1936 
1937         /*
1938          * Lookup this name in the DNLC.  If there was a valid entry,
1939          * then return the results of the lookup.
1940          */
1941         error = nfs3lookup_dnlc(dvp, nm, vpp, cr);
1942         if (error || *vpp != NULL)
1943                 return (error);
1944 
1945 callit:
1946         error = nfs3lookup_otw(dvp, nm, vpp, cr, rfscall_flags);
1947 
1948         return (error);
1949 }
1950 
1951 static int
1952 nfs3lookup_dnlc(vnode_t *dvp, char *nm, vnode_t **vpp, cred_t *cr)
1953 {
1954         int error;
1955         vnode_t *vp;
1956 
1957         ASSERT(*nm != '\0');
1958         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
1959         /*
1960          * Lookup this name in the DNLC.  If successful, then validate
1961          * the caches and then recheck the DNLC.  The DNLC is rechecked
1962          * just in case this entry got invalidated during the call
1963          * to nfs3_validate_caches.
1964          *
1965          * An assumption is being made that it is safe to say that a
1966          * file exists which may not on the server.  Any operations to
1967          * the server will fail with ESTALE.
1968          */
1969 #ifdef DEBUG
1970         nfs3_lookup_dnlc_lookups++;
1971 #endif
1972         vp = dnlc_lookup(dvp, nm);
1973         if (vp != NULL) {
1974                 VN_RELE(vp);
1975                 if (vp == DNLC_NO_VNODE && !vn_is_readonly(dvp)) {
1976                         PURGE_ATTRCACHE(dvp);
1977                 }
1978                 error = nfs3_validate_caches(dvp, cr);
1979                 if (error)
1980                         return (error);
1981                 vp = dnlc_lookup(dvp, nm);
1982                 if (vp != NULL) {
1983                         error = nfs3_access(dvp, VEXEC, 0, cr);
1984                         if (error) {
1985                                 VN_RELE(vp);
1986                                 return (error);
1987                         }
1988                         if (vp == DNLC_NO_VNODE) {
1989                                 VN_RELE(vp);
1990 #ifdef DEBUG
1991                                 nfs3_lookup_dnlc_neg_hits++;
1992 #endif
1993                                 return (ENOENT);
1994                         }
1995                         *vpp = vp;
1996 #ifdef DEBUG
1997                         nfs3_lookup_dnlc_hits++;
1998 #endif
1999                         return (0);
2000                 }
2001 #ifdef DEBUG
2002                 nfs3_lookup_dnlc_disappears++;
2003 #endif
2004         }
2005 #ifdef DEBUG
2006         else
2007                 nfs3_lookup_dnlc_misses++;
2008 #endif
2009 
2010         *vpp = NULL;
2011 
2012         return (0);
2013 }
2014 
2015 static int
2016 nfs3lookup_otw(vnode_t *dvp, char *nm, vnode_t **vpp, cred_t *cr,
2017         int rfscall_flags)
2018 {
2019         int error;
2020         LOOKUP3args args;
2021         LOOKUP3vres res;
2022         int douprintf;
2023         struct vattr vattr;
2024         struct vattr dvattr;
2025         vnode_t *vp;
2026         failinfo_t fi;
2027         hrtime_t t;
2028 
2029         ASSERT(*nm != '\0');
2030         ASSERT(dvp->v_type == VDIR);
2031         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
2032 
2033         setdiropargs3(&args.what, nm, dvp);
2034 
2035         fi.vp = dvp;
2036         fi.fhp = (caddr_t)&args.what.dir;
2037         fi.copyproc = nfs3copyfh;
2038         fi.lookupproc = nfs3lookup;
2039         fi.xattrdirproc = acl_getxattrdir3;
2040         res.obj_attributes.fres.vp = dvp;
2041         res.obj_attributes.fres.vap = &vattr;
2042         res.dir_attributes.fres.vp = dvp;
2043         res.dir_attributes.fres.vap = &dvattr;
2044 
2045         douprintf = 1;
2046 
2047         t = gethrtime();
2048 
2049         error = rfs3call(VTOMI(dvp), NFSPROC3_LOOKUP,
2050             xdr_diropargs3, (caddr_t)&args,
2051             xdr_LOOKUP3vres, (caddr_t)&res, cr,
2052             &douprintf, &res.status, rfscall_flags, &fi);
2053 
2054         if (error)
2055                 return (error);
2056 
2057         nfs3_cache_post_op_vattr(dvp, &res.dir_attributes, t, cr);
2058 
2059         error = geterrno3(res.status);
2060         if (error) {
2061                 PURGE_STALE_FH(error, dvp, cr);
2062                 if (error == ENOENT && nfs3_lookup_neg_cache)
2063                         dnlc_enter(dvp, nm, DNLC_NO_VNODE);
2064                 return (error);
2065         }
2066 
2067         if (res.obj_attributes.attributes) {
2068                 vp = makenfs3node_va(&res.object, res.obj_attributes.fres.vap,
2069                                 dvp->v_vfsp, t, cr, VTOR(dvp)->r_path, nm);
2070         } else {
2071                 vp = makenfs3node_va(&res.object, NULL,
2072                                 dvp->v_vfsp, t, cr, VTOR(dvp)->r_path, nm);
2073                 if (vp->v_type == VNON) {
2074                         vattr.va_mask = AT_TYPE;
2075                         error = nfs3getattr(vp, &vattr, cr);
2076                         if (error) {
2077                                 VN_RELE(vp);
2078                                 return (error);
2079                         }
2080                         vp->v_type = vattr.va_type;
2081                 }
2082         }
2083 
2084         if (!(rfscall_flags & RFSCALL_SOFT))
2085                 dnlc_update(dvp, nm, vp);
2086 
2087         *vpp = vp;
2088 
2089         return (error);
2090 }
2091 
2092 #ifdef DEBUG
2093 static int nfs3_create_misses = 0;
2094 #endif
2095 
2096 /* ARGSUSED */
2097 static int
2098 nfs3_create(vnode_t *dvp, char *nm, struct vattr *va, enum vcexcl exclusive,
2099         int mode, vnode_t **vpp, cred_t *cr, int lfaware)
2100 {
2101         int error;
2102         vnode_t *vp;
2103         rnode_t *rp;
2104         struct vattr vattr;
2105         rnode_t *drp;
2106         vnode_t *tempvp;
2107 
2108         drp = VTOR(dvp);
2109         if (nfs_zone() != VTOMI(dvp)->mi_zone)
2110                 return (EPERM);
2111         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
2112                 return (EINTR);
2113 
2114 top:
2115         /*
2116          * We make a copy of the attributes because the caller does not
2117          * expect us to change what va points to.
2118          */
2119         vattr = *va;
2120 
2121         /*
2122          * If the pathname is "", just use dvp.  Don't need
2123          * to send it over the wire, look it up in the dnlc,
2124          * or perform any access checks.
2125          */
2126         if (*nm == '\0') {
2127                 error = 0;
2128                 VN_HOLD(dvp);
2129                 vp = dvp;
2130         /*
2131          * If the pathname is ".", just use dvp.  Don't need
2132          * to send it over the wire or look it up in the dnlc,
2133          * just need to check access.
2134          */
2135         } else if (strcmp(nm, ".") == 0) {
2136                 error = nfs3_access(dvp, VEXEC, 0, cr);
2137                 if (error) {
2138                         nfs_rw_exit(&drp->r_rwlock);
2139                         return (error);
2140                 }
2141                 VN_HOLD(dvp);
2142                 vp = dvp;
2143         /*
2144          * We need to go over the wire, just to be sure whether the
2145          * file exists or not.  Using the DNLC can be dangerous in
2146          * this case when making a decision regarding existence.
2147          */
2148         } else {
2149                 error = nfs3lookup_otw(dvp, nm, &vp, cr, 0);
2150         }
2151         if (!error) {
2152                 if (exclusive == EXCL)
2153                         error = EEXIST;
2154                 else if (vp->v_type == VDIR && (mode & VWRITE))
2155                         error = EISDIR;
2156                 else {
2157                         /*
2158                          * If vnode is a device, create special vnode.
2159                          */
2160                         if (IS_DEVVP(vp)) {
2161                                 tempvp = vp;
2162                                 vp = specvp(vp, vp->v_rdev, vp->v_type, cr);
2163                                 VN_RELE(tempvp);
2164                         }
2165                         if (!(error = VOP_ACCESS(vp, mode, 0, cr))) {
2166                                 if ((vattr.va_mask & AT_SIZE) &&
2167                                     vp->v_type == VREG) {
2168                                         rp = VTOR(vp);
2169                                         /*
2170                                          * Check here for large file handled
2171                                          * by LF-unaware process (as
2172                                          * ufs_create() does)
2173                                          */
2174                                         if (!(lfaware & FOFFMAX)) {
2175                                                 mutex_enter(&rp->r_statelock);
2176                                                 if (rp->r_size > MAXOFF32_T)
2177                                                         error = EOVERFLOW;
2178                                                 mutex_exit(&rp->r_statelock);
2179                                         }
2180                                         if (!error) {
2181                                                 vattr.va_mask = AT_SIZE;
2182                                                 error = nfs3setattr(vp,
2183                                                     &vattr, 0, cr);
2184                                         }
2185                                 }
2186                         }
2187                 }
2188                 nfs_rw_exit(&drp->r_rwlock);
2189                 if (error) {
2190                         VN_RELE(vp);
2191                 } else
2192                         *vpp = vp;
2193                 return (error);
2194         }
2195 
2196         dnlc_remove(dvp, nm);
2197 
2198         /*
2199          * Decide what the group-id of the created file should be.
2200          * Set it in attribute list as advisory...
2201          */
2202         error = setdirgid(dvp, &vattr.va_gid, cr);
2203         if (error) {
2204                 nfs_rw_exit(&drp->r_rwlock);
2205                 return (error);
2206         }
2207         vattr.va_mask |= AT_GID;
2208 
2209         ASSERT(vattr.va_mask & AT_TYPE);
2210         if (vattr.va_type == VREG) {
2211                 ASSERT(vattr.va_mask & AT_MODE);
2212                 if (MANDMODE(vattr.va_mode)) {
2213                         nfs_rw_exit(&drp->r_rwlock);
2214                         return (EACCES);
2215                 }
2216                 error = nfs3create(dvp, nm, &vattr, exclusive, mode, vpp, cr,
2217                     lfaware);
2218                 /*
2219                  * If this is not an exclusive create, then the CREATE
2220                  * request will be made with the GUARDED mode set.  This
2221                  * means that the server will return EEXIST if the file
2222                  * exists.  The file could exist because of a retransmitted
2223                  * request.  In this case, we recover by starting over and
2224                  * checking to see whether the file exists.  This second
2225                  * time through it should and a CREATE request will not be
2226                  * sent.
2227                  *
2228                  * This handles the problem of a dangling CREATE request
2229                  * which contains attributes which indicate that the file
2230                  * should be truncated.  This retransmitted request could
2231                  * possibly truncate valid data in the file if not caught
2232                  * by the duplicate request mechanism on the server or if
2233                  * not caught by other means.  The scenario is:
2234                  *
2235                  * Client transmits CREATE request with size = 0
2236                  * Client times out, retransmits request.
2237                  * Response to the first request arrives from the server
2238                  *  and the client proceeds on.
2239                  * Client writes data to the file.
2240                  * The server now processes retransmitted CREATE request
2241                  *  and truncates file.
2242                  *
2243                  * The use of the GUARDED CREATE request prevents this from
2244                  * happening because the retransmitted CREATE would fail
2245                  * with EEXIST and would not truncate the file.
2246                  */
2247                 if (error == EEXIST && exclusive == NONEXCL) {
2248 #ifdef DEBUG
2249                         nfs3_create_misses++;
2250 #endif
2251                         goto top;
2252                 }
2253                 nfs_rw_exit(&drp->r_rwlock);
2254                 return (error);
2255         }
2256         error = nfs3mknod(dvp, nm, &vattr, exclusive, mode, vpp, cr);
2257         nfs_rw_exit(&drp->r_rwlock);
2258         return (error);
2259 }
2260 
2261 /* ARGSUSED */
2262 static int
2263 nfs3create(vnode_t *dvp, char *nm, struct vattr *va, enum vcexcl exclusive,
2264         int mode, vnode_t **vpp, cred_t *cr, int lfaware)
2265 {
2266         int error;
2267         CREATE3args args;
2268         CREATE3res res;
2269         int douprintf;
2270         vnode_t *vp;
2271         struct vattr vattr;
2272         nfstime3 *verfp;
2273         rnode_t *rp;
2274         timestruc_t now;
2275         hrtime_t t;
2276 
2277         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
2278         setdiropargs3(&args.where, nm, dvp);
2279         if (exclusive == EXCL) {
2280                 args.how.mode = EXCLUSIVE;
2281                 /*
2282                  * Construct the create verifier.  This verifier needs
2283                  * to be unique between different clients.  It also needs
2284                  * to vary for each exclusive create request generated
2285                  * from the client to the server.
2286                  *
2287                  * The first attempt is made to use the hostid and a
2288                  * unique number on the client.  If the hostid has not
2289                  * been set, the high resolution time that the exclusive
2290                  * create request is being made is used.  This will work
2291                  * unless two different clients, both with the hostid
2292                  * not set, attempt an exclusive create request on the
2293                  * same file, at exactly the same clock time.  The
2294                  * chances of this happening seem small enough to be
2295                  * reasonable.
2296                  */
2297                 verfp = (nfstime3 *)&args.how.createhow3_u.verf;
2298                 verfp->seconds = nfs_atoi(hw_serial);
2299                 if (verfp->seconds != 0)
2300                         verfp->nseconds = newnum();
2301                 else {
2302                         gethrestime(&now);
2303                         verfp->seconds = now.tv_sec;
2304                         verfp->nseconds = now.tv_nsec;
2305                 }
2306                 /*
2307                  * Since the server will use this value for the mtime,
2308                  * make sure that it can't overflow. Zero out the MSB.
2309                  * The actual value does not matter here, only its uniqeness.
2310                  */
2311                 verfp->seconds %= INT32_MAX;
2312         } else {
2313                 /*
2314                  * Issue the non-exclusive create in guarded mode.  This
2315                  * may result in some false EEXIST responses for
2316                  * retransmitted requests, but these will be handled at
2317                  * a higher level.  By using GUARDED, duplicate requests
2318                  * to do file truncation and possible access problems
2319                  * can be avoided.
2320                  */
2321                 args.how.mode = GUARDED;
2322                 error = vattr_to_sattr3(va,
2323                                 &args.how.createhow3_u.obj_attributes);
2324                 if (error) {
2325                         /* req time field(s) overflow - return immediately */
2326                         return (error);
2327                 }
2328         }
2329 
2330         douprintf = 1;
2331 
2332         t = gethrtime();
2333 
2334         error = rfs3call(VTOMI(dvp), NFSPROC3_CREATE,
2335             xdr_CREATE3args, (caddr_t)&args,
2336             xdr_CREATE3res, (caddr_t)&res, cr,
2337             &douprintf, &res.status, 0, NULL);
2338 
2339         if (error) {
2340                 PURGE_ATTRCACHE(dvp);
2341                 return (error);
2342         }
2343 
2344         error = geterrno3(res.status);
2345         if (!error) {
2346                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
2347                 if (HAVE_RDDIR_CACHE(VTOR(dvp)))
2348                         nfs_purge_rddir_cache(dvp);
2349 
2350                 /*
2351                  * On exclusive create the times need to be explicitly
2352                  * set to clear any potential verifier that may be stored
2353                  * in one of these fields (see comment below).  This
2354                  * is done here to cover the case where no post op attrs
2355                  * were returned or a 'invalid' time was returned in
2356                  * the attributes.
2357                  */
2358                 if (exclusive == EXCL)
2359                         va->va_mask |= (AT_MTIME | AT_ATIME);
2360 
2361                 if (!res.resok.obj.handle_follows) {
2362                         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
2363                         if (error)
2364                                 return (error);
2365                 } else {
2366                         if (res.resok.obj_attributes.attributes) {
2367                                 vp = makenfs3node(&res.resok.obj.handle,
2368                                     &res.resok.obj_attributes.attr,
2369                                     dvp->v_vfsp, t, cr, NULL, NULL);
2370                         } else {
2371                                 vp = makenfs3node(&res.resok.obj.handle, NULL,
2372                                     dvp->v_vfsp, t, cr, NULL, NULL);
2373 
2374                                 /*
2375                                  * On an exclusive create, it is possible
2376                                  * that attributes were returned but those
2377                                  * postop attributes failed to decode
2378                                  * properly.  If this is the case,
2379                                  * then most likely the atime or mtime
2380                                  * were invalid for our client; this
2381                                  * is caused by the server storing the
2382                                  * create verifier in one of the time
2383                                  * fields(most likely mtime).
2384                                  * So... we are going to setattr just the
2385                                  * atime/mtime to clear things up.
2386                                  */
2387                                 if (exclusive == EXCL) {
2388                                         if (error =
2389                                                 nfs3excl_create_settimes(vp,
2390                                                         va, cr)) {
2391                                                 /*
2392                                                  * Setting the times failed.
2393                                                  * Remove the file and return
2394                                                  * the error.
2395                                                  */
2396                                                 VN_RELE(vp);
2397                                                 (void) nfs3_remove(dvp,
2398                                                         nm, cr);
2399                                                 return (error);
2400                                         }
2401                                 }
2402 
2403                                 /*
2404                                  * This handles the non-exclusive case
2405                                  * and the exclusive case where no post op
2406                                  * attrs were returned.
2407                                  */
2408                                 if (vp->v_type == VNON) {
2409                                         vattr.va_mask = AT_TYPE;
2410                                         error = nfs3getattr(vp, &vattr, cr);
2411                                         if (error) {
2412                                                 VN_RELE(vp);
2413                                                 return (error);
2414                                         }
2415                                         vp->v_type = vattr.va_type;
2416                                 }
2417                         }
2418                         dnlc_update(dvp, nm, vp);
2419                 }
2420 
2421                 rp = VTOR(vp);
2422 
2423                 /*
2424                  * Check here for large file handled by
2425                  * LF-unaware process (as ufs_create() does)
2426                  */
2427                 if ((va->va_mask & AT_SIZE) && vp->v_type == VREG &&
2428                     !(lfaware & FOFFMAX)) {
2429                         mutex_enter(&rp->r_statelock);
2430                         if (rp->r_size > MAXOFF32_T) {
2431                                 mutex_exit(&rp->r_statelock);
2432                                 VN_RELE(vp);
2433                                 return (EOVERFLOW);
2434                         }
2435                         mutex_exit(&rp->r_statelock);
2436                 }
2437 
2438                 if (exclusive == EXCL &&
2439                         (va->va_mask & ~(AT_GID | AT_SIZE))) {
2440                         /*
2441                          * If doing an exclusive create, then generate
2442                          * a SETATTR to set the initial attributes.
2443                          * Try to set the mtime and the atime to the
2444                          * server's current time.  It is somewhat
2445                          * expected that these fields will be used to
2446                          * store the exclusive create cookie.  If not,
2447                          * server implementors will need to know that
2448                          * a SETATTR will follow an exclusive create
2449                          * and the cookie should be destroyed if
2450                          * appropriate. This work may have been done
2451                          * earlier in this function if post op attrs
2452                          * were not available.
2453                          *
2454                          * The AT_GID and AT_SIZE bits are turned off
2455                          * so that the SETATTR request will not attempt
2456                          * to process these.  The gid will be set
2457                          * separately if appropriate.  The size is turned
2458                          * off because it is assumed that a new file will
2459                          * be created empty and if the file wasn't empty,
2460                          * then the exclusive create will have failed
2461                          * because the file must have existed already.
2462                          * Therefore, no truncate operation is needed.
2463                          */
2464                         va->va_mask &= ~(AT_GID | AT_SIZE);
2465                         error = nfs3setattr(vp, va, 0, cr);
2466                         if (error) {
2467                                 /*
2468                                  * Couldn't correct the attributes of
2469                                  * the newly created file and the
2470                                  * attributes are wrong.  Remove the
2471                                  * file and return an error to the
2472                                  * application.
2473                                  */
2474                                 VN_RELE(vp);
2475                                 (void) nfs3_remove(dvp, nm, cr);
2476                                 return (error);
2477                         }
2478                 }
2479 
2480                 if (va->va_gid != rp->r_attr.va_gid) {
2481                         /*
2482                          * If the gid on the file isn't right, then
2483                          * generate a SETATTR to attempt to change
2484                          * it.  This may or may not work, depending
2485                          * upon the server's semantics for allowing
2486                          * file ownership changes.
2487                          */
2488                         va->va_mask = AT_GID;
2489                         (void) nfs3setattr(vp, va, 0, cr);
2490                 }
2491 
2492                 /*
2493                  * If vnode is a device create special vnode
2494                  */
2495                 if (IS_DEVVP(vp)) {
2496                         *vpp = specvp(vp, vp->v_rdev, vp->v_type, cr);
2497                         VN_RELE(vp);
2498                 } else
2499                         *vpp = vp;
2500         } else {
2501                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
2502                 PURGE_STALE_FH(error, dvp, cr);
2503         }
2504 
2505         return (error);
2506 }
2507 
2508 /*
2509  * Special setattr function to take care of rest of atime/mtime
2510  * after successful exclusive create.  This function exists to avoid
2511  * handling attributes from the server; exclusive the atime/mtime fields
2512  * may be 'invalid' in client's view and therefore can not be trusted.
2513  */
2514 static int
2515 nfs3excl_create_settimes(vnode_t *vp, struct vattr *vap, cred_t *cr)
2516 {
2517         int error;
2518         uint_t mask;
2519         SETATTR3args args;
2520         SETATTR3res res;
2521         int douprintf;
2522         rnode_t *rp;
2523         hrtime_t t;
2524 
2525         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
2526         /* save the caller's mask so that it can be reset later */
2527         mask = vap->va_mask;
2528 
2529         rp = VTOR(vp);
2530 
2531         args.object = *RTOFH3(rp);
2532         args.guard.check = FALSE;
2533 
2534         /* Use the mask to initialize the arguments */
2535         vap->va_mask = 0;
2536         error = vattr_to_sattr3(vap, &args.new_attributes);
2537 
2538         /* We want to set just atime/mtime on this request */
2539         args.new_attributes.atime.set_it = SET_TO_SERVER_TIME;
2540         args.new_attributes.mtime.set_it = SET_TO_SERVER_TIME;
2541 
2542         douprintf = 1;
2543 
2544         t = gethrtime();
2545 
2546         error = rfs3call(VTOMI(vp), NFSPROC3_SETATTR,
2547             xdr_SETATTR3args, (caddr_t)&args,
2548             xdr_SETATTR3res, (caddr_t)&res, cr,
2549             &douprintf, &res.status, 0, NULL);
2550 
2551         if (error) {
2552                 vap->va_mask = mask;
2553                 return (error);
2554         }
2555 
2556         error = geterrno3(res.status);
2557         if (!error) {
2558                 /*
2559                  * It is important to pick up the attributes.
2560                  * Since this is the exclusive create path, the
2561                  * attributes on the initial create were ignored
2562                  * and we need these to have the correct info.
2563                  */
2564                 nfs3_cache_wcc_data(vp, &res.resok.obj_wcc, t, cr);
2565                 /*
2566                  * No need to do the atime/mtime work again so clear
2567                  * the bits.
2568                  */
2569                 mask &= ~(AT_ATIME | AT_MTIME);
2570         } else {
2571                 nfs3_cache_wcc_data(vp, &res.resfail.obj_wcc, t, cr);
2572         }
2573 
2574         vap->va_mask = mask;
2575 
2576         return (error);
2577 }
2578 
2579 /* ARGSUSED */
2580 static int
2581 nfs3mknod(vnode_t *dvp, char *nm, struct vattr *va, enum vcexcl exclusive,
2582         int mode, vnode_t **vpp, cred_t *cr)
2583 {
2584         int error;
2585         MKNOD3args args;
2586         MKNOD3res res;
2587         int douprintf;
2588         vnode_t *vp;
2589         struct vattr vattr;
2590         hrtime_t t;
2591 
2592         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
2593         switch (va->va_type) {
2594         case VCHR:
2595         case VBLK:
2596                 setdiropargs3(&args.where, nm, dvp);
2597                 args.what.type = (va->va_type == VCHR) ? NF3CHR : NF3BLK;
2598                 error = vattr_to_sattr3(va,
2599                     &args.what.mknoddata3_u.device.dev_attributes);
2600                 if (error) {
2601                         /* req time field(s) overflow - return immediately */
2602                         return (error);
2603                 }
2604                 args.what.mknoddata3_u.device.spec.specdata1 =
2605                     getmajor(va->va_rdev);
2606                 args.what.mknoddata3_u.device.spec.specdata2 =
2607                     getminor(va->va_rdev);
2608                 break;
2609 
2610         case VFIFO:
2611         case VSOCK:
2612                 setdiropargs3(&args.where, nm, dvp);
2613                 args.what.type = (va->va_type == VFIFO) ? NF3FIFO : NF3SOCK;
2614                 error = vattr_to_sattr3(va,
2615                                 &args.what.mknoddata3_u.pipe_attributes);
2616                 if (error) {
2617                         /* req time field(s) overflow - return immediately */
2618                         return (error);
2619                 }
2620                 break;
2621 
2622         default:
2623                 return (EINVAL);
2624         }
2625 
2626         douprintf = 1;
2627 
2628         t = gethrtime();
2629 
2630         error = rfs3call(VTOMI(dvp), NFSPROC3_MKNOD,
2631             xdr_MKNOD3args, (caddr_t)&args,
2632             xdr_MKNOD3res, (caddr_t)&res, cr,
2633             &douprintf, &res.status, 0, NULL);
2634 
2635         if (error) {
2636                 PURGE_ATTRCACHE(dvp);
2637                 return (error);
2638         }
2639 
2640         error = geterrno3(res.status);
2641         if (!error) {
2642                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
2643                 if (HAVE_RDDIR_CACHE(VTOR(dvp)))
2644                         nfs_purge_rddir_cache(dvp);
2645 
2646                 if (!res.resok.obj.handle_follows) {
2647                         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
2648                         if (error)
2649                                 return (error);
2650                 } else {
2651                         if (res.resok.obj_attributes.attributes) {
2652                                 vp = makenfs3node(&res.resok.obj.handle,
2653                                     &res.resok.obj_attributes.attr,
2654                                     dvp->v_vfsp, t, cr, NULL, NULL);
2655                         } else {
2656                                 vp = makenfs3node(&res.resok.obj.handle, NULL,
2657                                     dvp->v_vfsp, t, cr, NULL, NULL);
2658                                 if (vp->v_type == VNON) {
2659                                         vattr.va_mask = AT_TYPE;
2660                                         error = nfs3getattr(vp, &vattr, cr);
2661                                         if (error) {
2662                                                 VN_RELE(vp);
2663                                                 return (error);
2664                                         }
2665                                         vp->v_type = vattr.va_type;
2666                                 }
2667 
2668                         }
2669                         dnlc_update(dvp, nm, vp);
2670                 }
2671 
2672                 if (va->va_gid != VTOR(vp)->r_attr.va_gid) {
2673                         va->va_mask = AT_GID;
2674                         (void) nfs3setattr(vp, va, 0, cr);
2675                 }
2676 
2677                 /*
2678                  * If vnode is a device create special vnode
2679                  */
2680                 if (IS_DEVVP(vp)) {
2681                         *vpp = specvp(vp, vp->v_rdev, vp->v_type, cr);
2682                         VN_RELE(vp);
2683                 } else
2684                         *vpp = vp;
2685         } else {
2686                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
2687                 PURGE_STALE_FH(error, dvp, cr);
2688         }
2689         return (error);
2690 }
2691 
2692 /*
2693  * Weirdness: if the vnode to be removed is open
2694  * we rename it instead of removing it and nfs_inactive
2695  * will remove the new name.
2696  */
2697 static int
2698 nfs3_remove(vnode_t *dvp, char *nm, cred_t *cr)
2699 {
2700         int error;
2701         REMOVE3args args;
2702         REMOVE3res res;
2703         vnode_t *vp;
2704         char *tmpname;
2705         int douprintf;
2706         rnode_t *rp;
2707         rnode_t *drp;
2708         hrtime_t t;
2709 
2710         if (nfs_zone() != VTOMI(dvp)->mi_zone)
2711                 return (EPERM);
2712         drp = VTOR(dvp);
2713         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
2714                 return (EINTR);
2715 
2716         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
2717         if (error) {
2718                 nfs_rw_exit(&drp->r_rwlock);
2719                 return (error);
2720         }
2721 
2722         if (vp->v_type == VDIR && secpolicy_fs_linkdir(cr, dvp->v_vfsp)) {
2723                 VN_RELE(vp);
2724                 nfs_rw_exit(&drp->r_rwlock);
2725                 return (EPERM);
2726         }
2727 
2728         /*
2729          * First just remove the entry from the name cache, as it
2730          * is most likely the only entry for this vp.
2731          */
2732         dnlc_remove(dvp, nm);
2733 
2734         /*
2735          * If the file has a v_count > 1 then there may be more than one
2736          * entry in the name cache due multiple links or an open file,
2737          * but we don't have the real reference count so flush all
2738          * possible entries.
2739          */
2740         if (vp->v_count > 1)
2741                 dnlc_purge_vp(vp);
2742 
2743         /*
2744          * Now we have the real reference count on the vnode
2745          */
2746         rp = VTOR(vp);
2747         mutex_enter(&rp->r_statelock);
2748         if (vp->v_count > 1 &&
2749             (rp->r_unldvp == NULL || strcmp(nm, rp->r_unlname) == 0)) {
2750                 mutex_exit(&rp->r_statelock);
2751                 tmpname = newname();
2752                 error = nfs3rename(dvp, nm, dvp, tmpname, cr);
2753                 if (error)
2754                         kmem_free(tmpname, MAXNAMELEN);
2755                 else {
2756                         mutex_enter(&rp->r_statelock);
2757                         if (rp->r_unldvp == NULL) {
2758                                 VN_HOLD(dvp);
2759                                 rp->r_unldvp = dvp;
2760                                 if (rp->r_unlcred != NULL)
2761                                         crfree(rp->r_unlcred);
2762                                 crhold(cr);
2763                                 rp->r_unlcred = cr;
2764                                 rp->r_unlname = tmpname;
2765                         } else {
2766                                 kmem_free(rp->r_unlname, MAXNAMELEN);
2767                                 rp->r_unlname = tmpname;
2768                         }
2769                         mutex_exit(&rp->r_statelock);
2770                 }
2771         } else {
2772                 mutex_exit(&rp->r_statelock);
2773                 /*
2774                  * We need to flush any dirty pages which happen to
2775                  * be hanging around before removing the file.  This
2776                  * shouldn't happen very often and mostly on file
2777                  * systems mounted "nocto".
2778                  */
2779                 if (vn_has_cached_data(vp) &&
2780                     ((rp->r_flags & RDIRTY) || rp->r_count > 0)) {
2781                         error = nfs3_putpage(vp, (offset_t)0, 0, 0, cr);
2782                         if (error && (error == ENOSPC || error == EDQUOT)) {
2783                                 mutex_enter(&rp->r_statelock);
2784                                 if (!rp->r_error)
2785                                         rp->r_error = error;
2786                                 mutex_exit(&rp->r_statelock);
2787                         }
2788                 }
2789 
2790                 setdiropargs3(&args.object, nm, dvp);
2791 
2792                 douprintf = 1;
2793 
2794                 t = gethrtime();
2795 
2796                 error = rfs3call(VTOMI(dvp), NFSPROC3_REMOVE,
2797                     xdr_diropargs3, (caddr_t)&args,
2798                     xdr_REMOVE3res, (caddr_t)&res, cr,
2799                     &douprintf, &res.status, 0, NULL);
2800 
2801                 /*
2802                  * The xattr dir may be gone after last attr is removed,
2803                  * so flush it from dnlc.
2804                  */
2805                 if (dvp->v_flag & V_XATTRDIR)
2806                         dnlc_purge_vp(dvp);
2807 
2808                 PURGE_ATTRCACHE(vp);
2809 
2810                 if (error) {
2811                         PURGE_ATTRCACHE(dvp);
2812                 } else {
2813                         error = geterrno3(res.status);
2814                         if (!error) {
2815                                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t,
2816                                     cr);
2817                                 if (HAVE_RDDIR_CACHE(drp))
2818                                         nfs_purge_rddir_cache(dvp);
2819                         } else {
2820                                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc,
2821                                     t, cr);
2822                                 PURGE_STALE_FH(error, dvp, cr);
2823                         }
2824                 }
2825         }
2826 
2827         VN_RELE(vp);
2828 
2829         nfs_rw_exit(&drp->r_rwlock);
2830 
2831         return (error);
2832 }
2833 
2834 static int
2835 nfs3_link(vnode_t *tdvp, vnode_t *svp, char *tnm, cred_t *cr)
2836 {
2837         int error;
2838         LINK3args args;
2839         LINK3res res;
2840         vnode_t *realvp;
2841         int douprintf;
2842         mntinfo_t *mi;
2843         rnode_t *tdrp;
2844         hrtime_t t;
2845 
2846         if (nfs_zone() != VTOMI(tdvp)->mi_zone)
2847                 return (EPERM);
2848         if (VOP_REALVP(svp, &realvp) == 0)
2849                 svp = realvp;
2850 
2851         mi = VTOMI(svp);
2852 
2853         if (!(mi->mi_flags & MI_LINK))
2854                 return (EOPNOTSUPP);
2855 
2856         args.file = *VTOFH3(svp);
2857         setdiropargs3(&args.link, tnm, tdvp);
2858 
2859         tdrp = VTOR(tdvp);
2860         if (nfs_rw_enter_sig(&tdrp->r_rwlock, RW_WRITER, INTR(tdvp)))
2861                 return (EINTR);
2862 
2863         dnlc_remove(tdvp, tnm);
2864 
2865         douprintf = 1;
2866 
2867         t = gethrtime();
2868 
2869         error = rfs3call(mi, NFSPROC3_LINK,
2870             xdr_LINK3args, (caddr_t)&args,
2871             xdr_LINK3res, (caddr_t)&res, cr,
2872             &douprintf, &res.status, 0, NULL);
2873 
2874         if (error) {
2875                 PURGE_ATTRCACHE(tdvp);
2876                 PURGE_ATTRCACHE(svp);
2877                 nfs_rw_exit(&tdrp->r_rwlock);
2878                 return (error);
2879         }
2880 
2881         error = geterrno3(res.status);
2882 
2883         if (!error) {
2884                 nfs3_cache_post_op_attr(svp, &res.resok.file_attributes, t, cr);
2885                 nfs3_cache_wcc_data(tdvp, &res.resok.linkdir_wcc, t, cr);
2886                 if (HAVE_RDDIR_CACHE(tdrp))
2887                         nfs_purge_rddir_cache(tdvp);
2888                 dnlc_update(tdvp, tnm, svp);
2889         } else {
2890                 nfs3_cache_post_op_attr(svp, &res.resfail.file_attributes, t,
2891                     cr);
2892                 nfs3_cache_wcc_data(tdvp, &res.resfail.linkdir_wcc, t, cr);
2893                 if (error == EOPNOTSUPP) {
2894                         mutex_enter(&mi->mi_lock);
2895                         mi->mi_flags &= ~MI_LINK;
2896                         mutex_exit(&mi->mi_lock);
2897                 }
2898         }
2899 
2900         nfs_rw_exit(&tdrp->r_rwlock);
2901 
2902         return (error);
2903 }
2904 
2905 static int
2906 nfs3_rename(vnode_t *odvp, char *onm, vnode_t *ndvp, char *nnm, cred_t *cr)
2907 {
2908         vnode_t *realvp;
2909 
2910         if (nfs_zone() != VTOMI(odvp)->mi_zone)
2911                 return (EPERM);
2912         if (VOP_REALVP(ndvp, &realvp) == 0)
2913                 ndvp = realvp;
2914 
2915         return (nfs3rename(odvp, onm, ndvp, nnm, cr));
2916 }
2917 
2918 /*
2919  * nfs3rename does the real work of renaming in NFS Version 3.
2920  */
2921 static int
2922 nfs3rename(vnode_t *odvp, char *onm, vnode_t *ndvp, char *nnm, cred_t *cr)
2923 {
2924         int error;
2925         RENAME3args args;
2926         RENAME3res res;
2927         int douprintf;
2928         vnode_t *nvp;
2929         vnode_t *ovp = NULL;
2930         char *tmpname;
2931         rnode_t *rp;
2932         rnode_t *odrp;
2933         rnode_t *ndrp;
2934         hrtime_t t;
2935 
2936         ASSERT(nfs_zone() == VTOMI(odvp)->mi_zone);
2937 
2938         if (strcmp(onm, ".") == 0 || strcmp(onm, "..") == 0 ||
2939             strcmp(nnm, ".") == 0 || strcmp(nnm, "..") == 0)
2940                 return (EINVAL);
2941 
2942         odrp = VTOR(odvp);
2943         ndrp = VTOR(ndvp);
2944         if ((intptr_t)odrp < (intptr_t)ndrp) {
2945                 if (nfs_rw_enter_sig(&odrp->r_rwlock, RW_WRITER, INTR(odvp)))
2946                         return (EINTR);
2947                 if (nfs_rw_enter_sig(&ndrp->r_rwlock, RW_WRITER, INTR(ndvp))) {
2948                         nfs_rw_exit(&odrp->r_rwlock);
2949                         return (EINTR);
2950                 }
2951         } else {
2952                 if (nfs_rw_enter_sig(&ndrp->r_rwlock, RW_WRITER, INTR(ndvp)))
2953                         return (EINTR);
2954                 if (nfs_rw_enter_sig(&odrp->r_rwlock, RW_WRITER, INTR(odvp))) {
2955                         nfs_rw_exit(&ndrp->r_rwlock);
2956                         return (EINTR);
2957                 }
2958         }
2959 
2960         /*
2961          * Lookup the target file.  If it exists, it needs to be
2962          * checked to see whether it is a mount point and whether
2963          * it is active (open).
2964          */
2965         error = nfs3lookup(ndvp, nnm, &nvp, NULL, 0, NULL, cr, 0);
2966         if (!error) {
2967                 /*
2968                  * If this file has been mounted on, then just
2969                  * return busy because renaming to it would remove
2970                  * the mounted file system from the name space.
2971                  */
2972                 if (vn_mountedvfs(nvp) != NULL) {
2973                         VN_RELE(nvp);
2974                         nfs_rw_exit(&odrp->r_rwlock);
2975                         nfs_rw_exit(&ndrp->r_rwlock);
2976                         return (EBUSY);
2977                 }
2978 
2979                 /*
2980                  * Purge the name cache of all references to this vnode
2981                  * so that we can check the reference count to infer
2982                  * whether it is active or not.
2983                  */
2984                 /*
2985                  * First just remove the entry from the name cache, as it
2986                  * is most likely the only entry for this vp.
2987                  */
2988                 dnlc_remove(ndvp, nnm);
2989                 /*
2990                  * If the file has a v_count > 1 then there may be more
2991                  * than one entry in the name cache due multiple links
2992                  * or an open file, but we don't have the real reference
2993                  * count so flush all possible entries.
2994                  */
2995                 if (nvp->v_count > 1)
2996                         dnlc_purge_vp(nvp);
2997 
2998                 /*
2999                  * If the vnode is active and is not a directory,
3000                  * arrange to rename it to a
3001                  * temporary file so that it will continue to be
3002                  * accessible.  This implements the "unlink-open-file"
3003                  * semantics for the target of a rename operation.
3004                  * Before doing this though, make sure that the
3005                  * source and target files are not already the same.
3006                  */
3007                 if (nvp->v_count > 1 && nvp->v_type != VDIR) {
3008                         /*
3009                          * Lookup the source name.
3010                          */
3011                         error = nfs3lookup(odvp, onm, &ovp, NULL, 0, NULL,
3012                             cr, 0);
3013 
3014                         /*
3015                          * The source name *should* already exist.
3016                          */
3017                         if (error) {
3018                                 VN_RELE(nvp);
3019                                 nfs_rw_exit(&odrp->r_rwlock);
3020                                 nfs_rw_exit(&ndrp->r_rwlock);
3021                                 return (error);
3022                         }
3023 
3024                         /*
3025                          * Compare the two vnodes.  If they are the same,
3026                          * just release all held vnodes and return success.
3027                          */
3028                         if (ovp == nvp) {
3029                                 VN_RELE(ovp);
3030                                 VN_RELE(nvp);
3031                                 nfs_rw_exit(&odrp->r_rwlock);
3032                                 nfs_rw_exit(&ndrp->r_rwlock);
3033                                 return (0);
3034                         }
3035 
3036                         /*
3037                          * Can't mix and match directories and non-
3038                          * directories in rename operations.  We already
3039                          * know that the target is not a directory.  If
3040                          * the source is a directory, return an error.
3041                          */
3042                         if (ovp->v_type == VDIR) {
3043                                 VN_RELE(ovp);
3044                                 VN_RELE(nvp);
3045                                 nfs_rw_exit(&odrp->r_rwlock);
3046                                 nfs_rw_exit(&ndrp->r_rwlock);
3047                                 return (ENOTDIR);
3048                         }
3049 
3050                         /*
3051                          * The target file exists, is not the same as
3052                          * the source file, and is active.  Link it
3053                          * to a temporary filename to avoid having
3054                          * the server removing the file completely.
3055                          */
3056                         tmpname = newname();
3057                         error = nfs3_link(ndvp, nvp, tmpname, cr);
3058                         if (error == EOPNOTSUPP) {
3059                                 error = nfs3_rename(ndvp, nnm, ndvp, tmpname,
3060                                     cr);
3061                         }
3062                         if (error) {
3063                                 kmem_free(tmpname, MAXNAMELEN);
3064                                 VN_RELE(ovp);
3065                                 VN_RELE(nvp);
3066                                 nfs_rw_exit(&odrp->r_rwlock);
3067                                 nfs_rw_exit(&ndrp->r_rwlock);
3068                                 return (error);
3069                         }
3070                         rp = VTOR(nvp);
3071                         mutex_enter(&rp->r_statelock);
3072                         if (rp->r_unldvp == NULL) {
3073                                 VN_HOLD(ndvp);
3074                                 rp->r_unldvp = ndvp;
3075                                 if (rp->r_unlcred != NULL)
3076                                         crfree(rp->r_unlcred);
3077                                 crhold(cr);
3078                                 rp->r_unlcred = cr;
3079                                 rp->r_unlname = tmpname;
3080                         } else {
3081                                 kmem_free(rp->r_unlname, MAXNAMELEN);
3082                                 rp->r_unlname = tmpname;
3083                         }
3084                         mutex_exit(&rp->r_statelock);
3085                 }
3086 
3087                 VN_RELE(nvp);
3088         }
3089 
3090         if (ovp == NULL) {
3091                 /*
3092                  * When renaming directories to be a subdirectory of a
3093                  * different parent, the dnlc entry for ".." will no
3094                  * longer be valid, so it must be removed.
3095                  *
3096                  * We do a lookup here to determine whether we are renaming
3097                  * a directory and we need to check if we are renaming
3098                  * an unlinked file.  This might have already been done
3099                  * in previous code, so we check ovp == NULL to avoid
3100                  * doing it twice.
3101                  */
3102 
3103                 error = nfs3lookup(odvp, onm, &ovp, NULL, 0, NULL, cr, 0);
3104                 /*
3105                  * The source name *should* already exist.
3106                  */
3107                 if (error) {
3108                         nfs_rw_exit(&odrp->r_rwlock);
3109                         nfs_rw_exit(&ndrp->r_rwlock);
3110                         return (error);
3111                 }
3112                 ASSERT(ovp != NULL);
3113         }
3114 
3115         dnlc_remove(odvp, onm);
3116         dnlc_remove(ndvp, nnm);
3117 
3118         setdiropargs3(&args.from, onm, odvp);
3119         setdiropargs3(&args.to, nnm, ndvp);
3120 
3121         douprintf = 1;
3122 
3123         t = gethrtime();
3124 
3125         error = rfs3call(VTOMI(odvp), NFSPROC3_RENAME,
3126             xdr_RENAME3args, (caddr_t)&args,
3127             xdr_RENAME3res, (caddr_t)&res, cr,
3128             &douprintf, &res.status, 0, NULL);
3129 
3130         if (error) {
3131                 PURGE_ATTRCACHE(odvp);
3132                 PURGE_ATTRCACHE(ndvp);
3133                 VN_RELE(ovp);
3134                 nfs_rw_exit(&odrp->r_rwlock);
3135                 nfs_rw_exit(&ndrp->r_rwlock);
3136                 return (error);
3137         }
3138 
3139         error = geterrno3(res.status);
3140 
3141         if (!error) {
3142                 nfs3_cache_wcc_data(odvp, &res.resok.fromdir_wcc, t, cr);
3143                 if (HAVE_RDDIR_CACHE(odrp))
3144                         nfs_purge_rddir_cache(odvp);
3145                 if (ndvp != odvp) {
3146                         nfs3_cache_wcc_data(ndvp, &res.resok.todir_wcc, t, cr);
3147                         if (HAVE_RDDIR_CACHE(ndrp))
3148                                 nfs_purge_rddir_cache(ndvp);
3149                 }
3150                 /*
3151                  * when renaming directories to be a subdirectory of a
3152                  * different parent, the dnlc entry for ".." will no
3153                  * longer be valid, so it must be removed
3154                  */
3155                 rp = VTOR(ovp);
3156                 if (ndvp != odvp) {
3157                         if (ovp->v_type == VDIR) {
3158                                 dnlc_remove(ovp, "..");
3159                                 if (HAVE_RDDIR_CACHE(rp))
3160                                         nfs_purge_rddir_cache(ovp);
3161                         }
3162                 }
3163 
3164                 /*
3165                  * If we are renaming the unlinked file, update the
3166                  * r_unldvp and r_unlname as needed.
3167                  */
3168                 mutex_enter(&rp->r_statelock);
3169                 if (rp->r_unldvp != NULL) {
3170                         if (strcmp(rp->r_unlname, onm) == 0) {
3171                                 (void) strncpy(rp->r_unlname, nnm, MAXNAMELEN);
3172                                 rp->r_unlname[MAXNAMELEN - 1] = '\0';
3173 
3174                                 if (ndvp != rp->r_unldvp) {
3175                                         VN_RELE(rp->r_unldvp);
3176                                         rp->r_unldvp = ndvp;
3177                                         VN_HOLD(ndvp);
3178                                 }
3179                         }
3180                 }
3181                 mutex_exit(&rp->r_statelock);
3182         } else {
3183                 nfs3_cache_wcc_data(odvp, &res.resfail.fromdir_wcc, t, cr);
3184                 if (ndvp != odvp) {
3185                         nfs3_cache_wcc_data(ndvp, &res.resfail.todir_wcc, t,
3186                             cr);
3187                 }
3188                 /*
3189                  * System V defines rename to return EEXIST, not
3190                  * ENOTEMPTY if the target directory is not empty.
3191                  * Over the wire, the error is NFSERR_ENOTEMPTY
3192                  * which geterrno maps to ENOTEMPTY.
3193                  */
3194                 if (error == ENOTEMPTY)
3195                         error = EEXIST;
3196         }
3197 
3198         VN_RELE(ovp);
3199 
3200         nfs_rw_exit(&odrp->r_rwlock);
3201         nfs_rw_exit(&ndrp->r_rwlock);
3202 
3203         return (error);
3204 }
3205 
3206 static int
3207 nfs3_mkdir(vnode_t *dvp, char *nm, struct vattr *va, vnode_t **vpp, cred_t *cr)
3208 {
3209         int error;
3210         MKDIR3args args;
3211         MKDIR3res res;
3212         int douprintf;
3213         struct vattr vattr;
3214         vnode_t *vp;
3215         rnode_t *drp;
3216         hrtime_t t;
3217 
3218         if (nfs_zone() != VTOMI(dvp)->mi_zone)
3219                 return (EPERM);
3220         setdiropargs3(&args.where, nm, dvp);
3221 
3222         /*
3223          * Decide what the group-id and set-gid bit of the created directory
3224          * should be.  May have to do a setattr to get the gid right.
3225          */
3226         error = setdirgid(dvp, &va->va_gid, cr);
3227         if (error)
3228                 return (error);
3229         error = setdirmode(dvp, &va->va_mode, cr);
3230         if (error)
3231                 return (error);
3232         va->va_mask |= AT_MODE|AT_GID;
3233 
3234         error = vattr_to_sattr3(va, &args.attributes);
3235         if (error) {
3236                 /* req time field(s) overflow - return immediately */
3237                 return (error);
3238         }
3239 
3240         drp = VTOR(dvp);
3241         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
3242                 return (EINTR);
3243 
3244         dnlc_remove(dvp, nm);
3245 
3246         douprintf = 1;
3247 
3248         t = gethrtime();
3249 
3250         error = rfs3call(VTOMI(dvp), NFSPROC3_MKDIR,
3251             xdr_MKDIR3args, (caddr_t)&args,
3252             xdr_MKDIR3res, (caddr_t)&res, cr,
3253             &douprintf, &res.status, 0, NULL);
3254 
3255         if (error) {
3256                 PURGE_ATTRCACHE(dvp);
3257                 nfs_rw_exit(&drp->r_rwlock);
3258                 return (error);
3259         }
3260 
3261         error = geterrno3(res.status);
3262         if (!error) {
3263                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
3264                 if (HAVE_RDDIR_CACHE(drp))
3265                         nfs_purge_rddir_cache(dvp);
3266 
3267                 if (!res.resok.obj.handle_follows) {
3268                         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
3269                         if (error) {
3270                                 nfs_rw_exit(&drp->r_rwlock);
3271                                 return (error);
3272                         }
3273                 } else {
3274                         if (res.resok.obj_attributes.attributes) {
3275                                 vp = makenfs3node(&res.resok.obj.handle,
3276                                     &res.resok.obj_attributes.attr,
3277                                     dvp->v_vfsp, t, cr, NULL, NULL);
3278                         } else {
3279                                 vp = makenfs3node(&res.resok.obj.handle, NULL,
3280                                     dvp->v_vfsp, t, cr, NULL, NULL);
3281                                 if (vp->v_type == VNON) {
3282                                         vattr.va_mask = AT_TYPE;
3283                                         error = nfs3getattr(vp, &vattr, cr);
3284                                         if (error) {
3285                                                 VN_RELE(vp);
3286                                                 nfs_rw_exit(&drp->r_rwlock);
3287                                                 return (error);
3288                                         }
3289                                         vp->v_type = vattr.va_type;
3290                                 }
3291                         }
3292                         dnlc_update(dvp, nm, vp);
3293                 }
3294                 if (va->va_gid != VTOR(vp)->r_attr.va_gid) {
3295                         va->va_mask = AT_GID;
3296                         (void) nfs3setattr(vp, va, 0, cr);
3297                 }
3298                 *vpp = vp;
3299         } else {
3300                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
3301                 PURGE_STALE_FH(error, dvp, cr);
3302         }
3303 
3304         nfs_rw_exit(&drp->r_rwlock);
3305 
3306         return (error);
3307 }
3308 
3309 static int
3310 nfs3_rmdir(vnode_t *dvp, char *nm, vnode_t *cdir, cred_t *cr)
3311 {
3312         int error;
3313         RMDIR3args args;
3314         RMDIR3res res;
3315         vnode_t *vp;
3316         int douprintf;
3317         rnode_t *drp;
3318         hrtime_t t;
3319 
3320         if (nfs_zone() != VTOMI(dvp)->mi_zone)
3321                 return (EPERM);
3322         drp = VTOR(dvp);
3323         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
3324                 return (EINTR);
3325 
3326         /*
3327          * Attempt to prevent a rmdir(".") from succeeding.
3328          */
3329         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
3330         if (error) {
3331                 nfs_rw_exit(&drp->r_rwlock);
3332                 return (error);
3333         }
3334 
3335         if (vp == cdir) {
3336                 VN_RELE(vp);
3337                 nfs_rw_exit(&drp->r_rwlock);
3338                 return (EINVAL);
3339         }
3340 
3341         setdiropargs3(&args.object, nm, dvp);
3342 
3343         /*
3344          * First just remove the entry from the name cache, as it
3345          * is most likely an entry for this vp.
3346          */
3347         dnlc_remove(dvp, nm);
3348 
3349         /*
3350          * If there vnode reference count is greater than one, then
3351          * there may be additional references in the DNLC which will
3352          * need to be purged.  First, trying removing the entry for
3353          * the parent directory and see if that removes the additional
3354          * reference(s).  If that doesn't do it, then use dnlc_purge_vp
3355          * to completely remove any references to the directory which
3356          * might still exist in the DNLC.
3357          */
3358         if (vp->v_count > 1) {
3359                 dnlc_remove(vp, "..");
3360                 if (vp->v_count > 1)
3361                         dnlc_purge_vp(vp);
3362         }
3363 
3364         douprintf = 1;
3365 
3366         t = gethrtime();
3367 
3368         error = rfs3call(VTOMI(dvp), NFSPROC3_RMDIR,
3369             xdr_diropargs3, (caddr_t)&args,
3370             xdr_RMDIR3res, (caddr_t)&res, cr,
3371             &douprintf, &res.status, 0, NULL);
3372 
3373         PURGE_ATTRCACHE(vp);
3374 
3375         if (error) {
3376                 PURGE_ATTRCACHE(dvp);
3377                 VN_RELE(vp);
3378                 nfs_rw_exit(&drp->r_rwlock);
3379                 return (error);
3380         }
3381 
3382         error = geterrno3(res.status);
3383         if (!error) {
3384                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
3385                 if (HAVE_RDDIR_CACHE(drp))
3386                         nfs_purge_rddir_cache(dvp);
3387                 if (HAVE_RDDIR_CACHE(VTOR(vp)))
3388                         nfs_purge_rddir_cache(vp);
3389         } else {
3390                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
3391                 PURGE_STALE_FH(error, dvp, cr);
3392                 /*
3393                  * System V defines rmdir to return EEXIST, not
3394                  * ENOTEMPTY if the directory is not empty.  Over
3395                  * the wire, the error is NFSERR_ENOTEMPTY which
3396                  * geterrno maps to ENOTEMPTY.
3397                  */
3398                 if (error == ENOTEMPTY)
3399                         error = EEXIST;
3400         }
3401 
3402         VN_RELE(vp);
3403 
3404         nfs_rw_exit(&drp->r_rwlock);
3405 
3406         return (error);
3407 }
3408 
3409 static int
3410 nfs3_symlink(vnode_t *dvp, char *lnm, struct vattr *tva, char *tnm, cred_t *cr)
3411 {
3412         int error;
3413         SYMLINK3args args;
3414         SYMLINK3res res;
3415         int douprintf;
3416         mntinfo_t *mi;
3417         vnode_t *vp;
3418         rnode_t *rp;
3419         char *contents;
3420         rnode_t *drp;
3421         hrtime_t t;
3422 
3423         mi = VTOMI(dvp);
3424 
3425         if (nfs_zone() != mi->mi_zone)
3426                 return (EPERM);
3427         if (!(mi->mi_flags & MI_SYMLINK))
3428                 return (EOPNOTSUPP);
3429 
3430         setdiropargs3(&args.where, lnm, dvp);
3431         error = vattr_to_sattr3(tva, &args.symlink.symlink_attributes);
3432         if (error) {
3433                 /* req time field(s) overflow - return immediately */
3434                 return (error);
3435         }
3436         args.symlink.symlink_data = tnm;
3437 
3438         drp = VTOR(dvp);
3439         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
3440                 return (EINTR);
3441 
3442         dnlc_remove(dvp, lnm);
3443 
3444         douprintf = 1;
3445 
3446         t = gethrtime();
3447 
3448         error = rfs3call(mi, NFSPROC3_SYMLINK,
3449             xdr_SYMLINK3args, (caddr_t)&args,
3450             xdr_SYMLINK3res, (caddr_t)&res, cr,
3451             &douprintf, &res.status, 0, NULL);
3452 
3453         if (error) {
3454                 PURGE_ATTRCACHE(dvp);
3455                 nfs_rw_exit(&drp->r_rwlock);
3456                 return (error);
3457         }
3458 
3459         error = geterrno3(res.status);
3460         if (!error) {
3461                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
3462                 if (HAVE_RDDIR_CACHE(drp))
3463                         nfs_purge_rddir_cache(dvp);
3464 
3465                 if (res.resok.obj.handle_follows) {
3466                         if (res.resok.obj_attributes.attributes) {
3467                                 vp = makenfs3node(&res.resok.obj.handle,
3468                                     &res.resok.obj_attributes.attr,
3469                                     dvp->v_vfsp, t, cr, NULL, NULL);
3470                         } else {
3471                                 vp = makenfs3node(&res.resok.obj.handle, NULL,
3472                                     dvp->v_vfsp, t, cr, NULL, NULL);
3473                                 vp->v_type = VLNK;
3474                                 vp->v_rdev = 0;
3475                         }
3476                         dnlc_update(dvp, lnm, vp);
3477                         rp = VTOR(vp);
3478                         if (nfs3_do_symlink_cache &&
3479                             rp->r_symlink.contents == NULL) {
3480 
3481                                 contents = kmem_alloc(MAXPATHLEN,
3482                                     KM_NOSLEEP);
3483 
3484                                 if (contents != NULL) {
3485                                         mutex_enter(&rp->r_statelock);
3486                                         if (rp->r_symlink.contents == NULL) {
3487                                                 rp->r_symlink.len = strlen(tnm);
3488                                                 bcopy(tnm, contents,
3489                                                     rp->r_symlink.len);
3490                                                 rp->r_symlink.contents =
3491                                                     contents;
3492                                                 rp->r_symlink.size = MAXPATHLEN;
3493                                                 mutex_exit(&rp->r_statelock);
3494                                         } else {
3495                                                 mutex_exit(&rp->r_statelock);
3496                                                 kmem_free((void *)contents,
3497                                                             MAXPATHLEN);
3498                                         }
3499                                 }
3500                         }
3501                         VN_RELE(vp);
3502                 }
3503         } else {
3504                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
3505                 PURGE_STALE_FH(error, dvp, cr);
3506                 if (error == EOPNOTSUPP) {
3507                         mutex_enter(&mi->mi_lock);
3508                         mi->mi_flags &= ~MI_SYMLINK;
3509                         mutex_exit(&mi->mi_lock);
3510                 }
3511         }
3512 
3513         nfs_rw_exit(&drp->r_rwlock);
3514 
3515         return (error);
3516 }
3517 
3518 #ifdef DEBUG
3519 static int nfs3_readdir_cache_hits = 0;
3520 static int nfs3_readdir_cache_shorts = 0;
3521 static int nfs3_readdir_cache_waits = 0;
3522 static int nfs3_readdir_cache_misses = 0;
3523 static int nfs3_readdir_readahead = 0;
3524 #endif
3525 
3526 static int nfs3_shrinkreaddir = 0;
3527 
3528 /*
3529  * Read directory entries.
3530  * There are some weird things to look out for here.  The uio_loffset
3531  * field is either 0 or it is the offset returned from a previous
3532  * readdir.  It is an opaque value used by the server to find the
3533  * correct directory block to read. The count field is the number
3534  * of blocks to read on the server.  This is advisory only, the server
3535  * may return only one block's worth of entries.  Entries may be compressed
3536  * on the server.
3537  */
3538 static int
3539 nfs3_readdir(vnode_t *vp, struct uio *uiop, cred_t *cr, int *eofp)
3540 {
3541         int error;
3542         size_t count;
3543         rnode_t *rp;
3544         rddir_cache *rdc;
3545         rddir_cache *nrdc;
3546         rddir_cache *rrdc;
3547 #ifdef DEBUG
3548         int missed;
3549 #endif
3550         int doreadahead;
3551         rddir_cache srdc;
3552         avl_index_t where;
3553 
3554         if (nfs_zone() != VTOMI(vp)->mi_zone)
3555                 return (EIO);
3556         rp = VTOR(vp);
3557 
3558         ASSERT(nfs_rw_lock_held(&rp->r_rwlock, RW_READER));
3559 
3560         /*
3561          * Make sure that the directory cache is valid.
3562          */
3563         if (HAVE_RDDIR_CACHE(rp)) {
3564                 if (nfs_disable_rddir_cache) {
3565                         /*
3566                          * Setting nfs_disable_rddir_cache in /etc/system
3567                          * allows interoperability with servers that do not
3568                          * properly update the attributes of directories.
3569                          * Any cached information gets purged before an
3570                          * access is made to it.
3571                          */
3572                         nfs_purge_rddir_cache(vp);
3573                 } else {
3574                         error = nfs3_validate_caches(vp, cr);
3575                         if (error)
3576                                 return (error);
3577                 }
3578         }
3579 
3580         /*
3581          * It is possible that some servers may not be able to correctly
3582          * handle a large READDIR or READDIRPLUS request due to bugs in
3583          * their implementation.  In order to continue to interoperate
3584          * with them, this workaround is provided to limit the maximum
3585          * size of a READDIRPLUS request to 1024.  In any case, the request
3586          * size is limited to MAXBSIZE.
3587          */
3588         count = MIN(uiop->uio_iov->iov_len,
3589             nfs3_shrinkreaddir ? 1024 : MAXBSIZE);
3590 
3591         nrdc = NULL;
3592 #ifdef DEBUG
3593         missed = 0;
3594 #endif
3595 top:
3596         /*
3597          * Short circuit last readdir which always returns 0 bytes.
3598          * This can be done after the directory has been read through
3599          * completely at least once.  This will set r_direof which
3600          * can be used to find the value of the last cookie.
3601          */
3602         mutex_enter(&rp->r_statelock);
3603         if (rp->r_direof != NULL &&
3604             uiop->uio_loffset == rp->r_direof->nfs3_ncookie) {
3605                 mutex_exit(&rp->r_statelock);
3606 #ifdef DEBUG
3607                 nfs3_readdir_cache_shorts++;
3608 #endif
3609                 if (eofp)
3610                         *eofp = 1;
3611                 if (nrdc != NULL)
3612                         rddir_cache_rele(nrdc);
3613                 return (0);
3614         }
3615         /*
3616          * Look for a cache entry.  Cache entries are identified
3617          * by the NFS cookie value and the byte count requested.
3618          */
3619         srdc.nfs3_cookie = uiop->uio_loffset;
3620         srdc.buflen = count;
3621         rdc = avl_find(&rp->r_dir, &srdc, &where);
3622         if (rdc != NULL) {
3623                 rddir_cache_hold(rdc);
3624                 /*
3625                  * If the cache entry is in the process of being
3626                  * filled in, wait until this completes.  The
3627                  * RDDIRWAIT bit is set to indicate that someone
3628                  * is waiting and then the thread currently
3629                  * filling the entry is done, it should do a
3630                  * cv_broadcast to wakeup all of the threads
3631                  * waiting for it to finish.
3632                  */
3633                 if (rdc->flags & RDDIR) {
3634                         nfs_rw_exit(&rp->r_rwlock);
3635                         rdc->flags |= RDDIRWAIT;
3636 #ifdef DEBUG
3637                         nfs3_readdir_cache_waits++;
3638 #endif
3639                         if (!cv_wait_sig(&rdc->cv, &rp->r_statelock)) {
3640                                 /*
3641                                  * We got interrupted, probably
3642                                  * the user typed ^C or an alarm
3643                                  * fired.  We free the new entry
3644                                  * if we allocated one.
3645                                  */
3646                                 mutex_exit(&rp->r_statelock);
3647                                 (void) nfs_rw_enter_sig(&rp->r_rwlock,
3648                                         RW_READER, FALSE);
3649                                 rddir_cache_rele(rdc);
3650                                 if (nrdc != NULL)
3651                                         rddir_cache_rele(nrdc);
3652                                 return (EINTR);
3653                         }
3654                         mutex_exit(&rp->r_statelock);
3655                         (void) nfs_rw_enter_sig(&rp->r_rwlock,
3656                                 RW_READER, FALSE);
3657                         rddir_cache_rele(rdc);
3658                         goto top;
3659                 }
3660                 /*
3661                  * Check to see if a readdir is required to
3662                  * fill the entry.  If so, mark this entry
3663                  * as being filled, remove our reference,
3664                  * and branch to the code to fill the entry.
3665                  */
3666                 if (rdc->flags & RDDIRREQ) {
3667                         rdc->flags &= ~RDDIRREQ;
3668                         rdc->flags |= RDDIR;
3669                         if (nrdc != NULL)
3670                                 rddir_cache_rele(nrdc);
3671                         nrdc = rdc;
3672                         mutex_exit(&rp->r_statelock);
3673                         goto bottom;
3674                 }
3675 #ifdef DEBUG
3676                 if (!missed)
3677                         nfs3_readdir_cache_hits++;
3678 #endif
3679                 /*
3680                  * If an error occurred while attempting
3681                  * to fill the cache entry, just return it.
3682                  */
3683                 if (rdc->error) {
3684                         error = rdc->error;
3685                         mutex_exit(&rp->r_statelock);
3686                         rddir_cache_rele(rdc);
3687                         if (nrdc != NULL)
3688                                 rddir_cache_rele(nrdc);
3689                         return (error);
3690                 }
3691 
3692                 /*
3693                  * The cache entry is complete and good,
3694                  * copyout the dirent structs to the calling
3695                  * thread.
3696                  */
3697                 error = uiomove(rdc->entries, rdc->entlen, UIO_READ, uiop);
3698 
3699                 /*
3700                  * If no error occurred during the copyout,
3701                  * update the offset in the uio struct to
3702                  * contain the value of the next cookie
3703                  * and set the eof value appropriately.
3704                  */
3705                 if (!error) {
3706                         uiop->uio_loffset = rdc->nfs3_ncookie;
3707                         if (eofp)
3708                                 *eofp = rdc->eof;
3709                 }
3710 
3711                 /*
3712                  * Decide whether to do readahead.
3713                  *
3714                  * Don't if have already read to the end of
3715                  * directory.  There is nothing more to read.
3716                  *
3717                  * Don't if the application is not doing
3718                  * lookups in the directory.  The readahead
3719                  * is only effective if the application can
3720                  * be doing work while an async thread is
3721                  * handling the over the wire request.
3722                  */
3723                 if (rdc->eof) {
3724                         rp->r_direof = rdc;
3725                         doreadahead = FALSE;
3726                 } else if (!(rp->r_flags & RLOOKUP))
3727                         doreadahead = FALSE;
3728                 else
3729                         doreadahead = TRUE;
3730 
3731                 if (!doreadahead) {
3732                         mutex_exit(&rp->r_statelock);
3733                         rddir_cache_rele(rdc);
3734                         if (nrdc != NULL)
3735                                 rddir_cache_rele(nrdc);
3736                         return (error);
3737                 }
3738 
3739                 /*
3740                  * Check to see whether we found an entry
3741                  * for the readahead.  If so, we don't need
3742                  * to do anything further, so free the new
3743                  * entry if one was allocated.  Otherwise,
3744                  * allocate a new entry, add it to the cache,
3745                  * and then initiate an asynchronous readdir
3746                  * operation to fill it.
3747                  */
3748                 srdc.nfs3_cookie = rdc->nfs3_ncookie;
3749                 srdc.buflen = count;
3750                 rrdc = avl_find(&rp->r_dir, &srdc, &where);
3751                 if (rrdc != NULL) {
3752                         if (nrdc != NULL)
3753                                 rddir_cache_rele(nrdc);
3754                 } else {
3755                         if (nrdc != NULL)
3756                                 rrdc = nrdc;
3757                         else {
3758                                 rrdc = rddir_cache_alloc(KM_NOSLEEP);
3759                         }
3760                         if (rrdc != NULL) {
3761                                 rrdc->nfs3_cookie = rdc->nfs3_ncookie;
3762                                 rrdc->buflen = count;
3763                                 avl_insert(&rp->r_dir, rrdc, where);
3764                                 rddir_cache_hold(rrdc);
3765                                 mutex_exit(&rp->r_statelock);
3766                                 rddir_cache_rele(rdc);
3767 #ifdef DEBUG
3768                                 nfs3_readdir_readahead++;
3769 #endif
3770                                 nfs_async_readdir(vp, rrdc, cr, do_nfs3readdir);
3771                                 return (error);
3772                         }
3773                 }
3774 
3775                 mutex_exit(&rp->r_statelock);
3776                 rddir_cache_rele(rdc);
3777                 return (error);
3778         }
3779 
3780         /*
3781          * Didn't find an entry in the cache.  Construct a new empty
3782          * entry and link it into the cache.  Other processes attempting
3783          * to access this entry will need to wait until it is filled in.
3784          *
3785          * Since kmem_alloc may block, another pass through the cache
3786          * will need to be taken to make sure that another process
3787          * hasn't already added an entry to the cache for this request.
3788          */
3789         if (nrdc == NULL) {
3790                 mutex_exit(&rp->r_statelock);
3791                 nrdc = rddir_cache_alloc(KM_SLEEP);
3792                 nrdc->nfs3_cookie = uiop->uio_loffset;
3793                 nrdc->buflen = count;
3794                 goto top;
3795         }
3796 
3797         /*
3798          * Add this entry to the cache.
3799          */
3800         avl_insert(&rp->r_dir, nrdc, where);
3801         rddir_cache_hold(nrdc);
3802         mutex_exit(&rp->r_statelock);
3803 
3804 bottom:
3805 #ifdef DEBUG
3806         missed = 1;
3807         nfs3_readdir_cache_misses++;
3808 #endif
3809         /*
3810          * Do the readdir.  This routine decides whether to use
3811          * READDIR or READDIRPLUS.
3812          */
3813         error = do_nfs3readdir(vp, nrdc, cr);
3814 
3815         /*
3816          * If this operation failed, just return the error which occurred.
3817          */
3818         if (error != 0)
3819                 return (error);
3820 
3821         /*
3822          * Since the RPC operation will have taken sometime and blocked
3823          * this process, another pass through the cache will need to be
3824          * taken to find the correct cache entry.  It is possible that
3825          * the correct cache entry will not be there (although one was
3826          * added) because the directory changed during the RPC operation
3827          * and the readdir cache was flushed.  In this case, just start
3828          * over.  It is hoped that this will not happen too often... :-)
3829          */
3830         nrdc = NULL;
3831         goto top;
3832         /* NOTREACHED */
3833 }
3834 
3835 static int
3836 do_nfs3readdir(vnode_t *vp, rddir_cache *rdc, cred_t *cr)
3837 {
3838         int error;
3839         rnode_t *rp;
3840         mntinfo_t *mi;
3841 
3842         rp = VTOR(vp);
3843         mi = VTOMI(vp);
3844         ASSERT(nfs_zone() == mi->mi_zone);
3845         /*
3846          * Issue the proper request.
3847          *
3848          * If the server does not support READDIRPLUS, then use READDIR.
3849          *
3850          * Otherwise --
3851          * Issue a READDIRPLUS if reading to fill an empty cache or if
3852          * an application has performed a lookup in the directory which
3853          * required an over the wire lookup.  The use of READDIRPLUS
3854          * will help to (re)populate the DNLC.
3855          */
3856         if (!(mi->mi_flags & MI_READDIRONLY) &&
3857             (rp->r_flags & (RLOOKUP | RREADDIRPLUS))) {
3858                 if (rp->r_flags & RREADDIRPLUS) {
3859                         mutex_enter(&rp->r_statelock);
3860                         rp->r_flags &= ~RREADDIRPLUS;
3861                         mutex_exit(&rp->r_statelock);
3862                 }
3863                 nfs3readdirplus(vp, rdc, cr);
3864                 if (rdc->error == EOPNOTSUPP)
3865                         nfs3readdir(vp, rdc, cr);
3866         } else
3867                 nfs3readdir(vp, rdc, cr);
3868 
3869         mutex_enter(&rp->r_statelock);
3870         rdc->flags &= ~RDDIR;
3871         if (rdc->flags & RDDIRWAIT) {
3872                 rdc->flags &= ~RDDIRWAIT;
3873                 cv_broadcast(&rdc->cv);
3874         }
3875         error = rdc->error;
3876         if (error)
3877                 rdc->flags |= RDDIRREQ;
3878         mutex_exit(&rp->r_statelock);
3879 
3880         rddir_cache_rele(rdc);
3881 
3882         return (error);
3883 }
3884 
3885 static void
3886 nfs3readdir(vnode_t *vp, rddir_cache *rdc, cred_t *cr)
3887 {
3888         int error;
3889         READDIR3args args;
3890         READDIR3vres res;
3891         vattr_t dva;
3892         rnode_t *rp;
3893         int douprintf;
3894         failinfo_t fi, *fip = NULL;
3895         mntinfo_t *mi;
3896         hrtime_t t;
3897 
3898         rp = VTOR(vp);
3899         mi = VTOMI(vp);
3900         ASSERT(nfs_zone() == mi->mi_zone);
3901 
3902         args.dir = *RTOFH3(rp);
3903         args.cookie = (cookie3)rdc->nfs3_cookie;
3904         args.cookieverf = rp->r_cookieverf;
3905         args.count = rdc->buflen;
3906 
3907         /*
3908          * NFS client failover support
3909          * suppress failover unless we have a zero cookie
3910          */
3911         if (args.cookie == (cookie3) 0) {
3912                 fi.vp = vp;
3913                 fi.fhp = (caddr_t)&args.dir;
3914                 fi.copyproc = nfs3copyfh;
3915                 fi.lookupproc = nfs3lookup;
3916                 fi.xattrdirproc = acl_getxattrdir3;
3917                 fip = &fi;
3918         }
3919 
3920 #ifdef DEBUG
3921         rdc->entries = rddir_cache_buf_alloc(rdc->buflen, KM_SLEEP);
3922 #else
3923         rdc->entries = kmem_alloc(rdc->buflen, KM_SLEEP);
3924 #endif
3925 
3926         res.entries = (dirent64_t *)rdc->entries;
3927         res.entries_size = rdc->buflen;
3928         res.dir_attributes.fres.vap = &dva;
3929         res.dir_attributes.fres.vp = vp;
3930         res.loff = rdc->nfs3_cookie;
3931 
3932         douprintf = 1;
3933 
3934         if (mi->mi_io_kstats) {
3935                 mutex_enter(&mi->mi_lock);
3936                 kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
3937                 mutex_exit(&mi->mi_lock);
3938         }
3939 
3940         t = gethrtime();
3941 
3942         error = rfs3call(VTOMI(vp), NFSPROC3_READDIR,
3943             xdr_READDIR3args, (caddr_t)&args,
3944             xdr_READDIR3vres, (caddr_t)&res, cr,
3945             &douprintf, &res.status, 0, fip);
3946 
3947         if (mi->mi_io_kstats) {
3948                 mutex_enter(&mi->mi_lock);
3949                 kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
3950                 mutex_exit(&mi->mi_lock);
3951         }
3952 
3953         if (error)
3954                 goto err;
3955 
3956         nfs3_cache_post_op_vattr(vp, &res.dir_attributes, t, cr);
3957 
3958         error = geterrno3(res.status);
3959         if (error) {
3960                 PURGE_STALE_FH(error, vp, cr);
3961                 goto err;
3962         }
3963 
3964         if (mi->mi_io_kstats) {
3965                 mutex_enter(&mi->mi_lock);
3966                 KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
3967                 KSTAT_IO_PTR(mi->mi_io_kstats)->nread += res.size;
3968                 mutex_exit(&mi->mi_lock);
3969         }
3970 
3971         rdc->nfs3_ncookie = res.loff;
3972         rp->r_cookieverf = res.cookieverf;
3973         rdc->eof = res.eof ? 1 : 0;
3974         rdc->entlen = res.size;
3975         ASSERT(rdc->entlen <= rdc->buflen);
3976         rdc->error = 0;
3977         return;
3978 
3979 err:
3980         kmem_free(rdc->entries, rdc->buflen);
3981         rdc->entries = NULL;
3982         rdc->error = error;
3983 }
3984 
3985 /*
3986  * Read directory entries.
3987  * There are some weird things to look out for here.  The uio_loffset
3988  * field is either 0 or it is the offset returned from a previous
3989  * readdir.  It is an opaque value used by the server to find the
3990  * correct directory block to read. The count field is the number
3991  * of blocks to read on the server.  This is advisory only, the server
3992  * may return only one block's worth of entries.  Entries may be compressed
3993  * on the server.
3994  */
3995 static void
3996 nfs3readdirplus(vnode_t *vp, rddir_cache *rdc, cred_t *cr)
3997 {
3998         int error;
3999         READDIRPLUS3args args;
4000         READDIRPLUS3vres res;
4001         vattr_t dva;
4002         rnode_t *rp;
4003         mntinfo_t *mi;
4004         int douprintf;
4005         failinfo_t fi, *fip = NULL;
4006 
4007         rp = VTOR(vp);
4008         mi = VTOMI(vp);
4009         ASSERT(nfs_zone() == mi->mi_zone);
4010 
4011         args.dir = *RTOFH3(rp);
4012         args.cookie = (cookie3)rdc->nfs3_cookie;
4013         args.cookieverf = rp->r_cookieverf;
4014         args.dircount = rdc->buflen;
4015         args.maxcount = mi->mi_tsize;
4016 
4017         /*
4018          * NFS client failover support
4019          * suppress failover unless we have a zero cookie
4020          */
4021         if (args.cookie == (cookie3)0) {
4022                 fi.vp = vp;
4023                 fi.fhp = (caddr_t)&args.dir;
4024                 fi.copyproc = nfs3copyfh;
4025                 fi.lookupproc = nfs3lookup;
4026                 fi.xattrdirproc = acl_getxattrdir3;
4027                 fip = &fi;
4028         }
4029 
4030 #ifdef DEBUG
4031         rdc->entries = rddir_cache_buf_alloc(rdc->buflen, KM_SLEEP);
4032 #else
4033         rdc->entries = kmem_alloc(rdc->buflen, KM_SLEEP);
4034 #endif
4035 
4036         res.entries = (dirent64_t *)rdc->entries;
4037         res.entries_size = rdc->buflen;
4038         res.dir_attributes.fres.vap = &dva;
4039         res.dir_attributes.fres.vp = vp;
4040         res.loff = rdc->nfs3_cookie;
4041         res.credentials = cr;
4042 
4043         douprintf = 1;
4044 
4045         if (mi->mi_io_kstats) {
4046                 mutex_enter(&mi->mi_lock);
4047                 kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
4048                 mutex_exit(&mi->mi_lock);
4049         }
4050 
4051         res.time = gethrtime();
4052 
4053         error = rfs3call(mi, NFSPROC3_READDIRPLUS,
4054             xdr_READDIRPLUS3args, (caddr_t)&args,
4055             xdr_READDIRPLUS3vres, (caddr_t)&res, cr,
4056             &douprintf, &res.status, 0, fip);
4057 
4058         if (mi->mi_io_kstats) {
4059                 mutex_enter(&mi->mi_lock);
4060                 kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
4061                 mutex_exit(&mi->mi_lock);
4062         }
4063 
4064         if (error) {
4065                 goto err;
4066         }
4067 
4068         nfs3_cache_post_op_vattr(vp, &res.dir_attributes, res.time, cr);
4069 
4070         error = geterrno3(res.status);
4071         if (error) {
4072                 PURGE_STALE_FH(error, vp, cr);
4073                 if (error == EOPNOTSUPP) {
4074                         mutex_enter(&mi->mi_lock);
4075                         mi->mi_flags |= MI_READDIRONLY;
4076                         mutex_exit(&mi->mi_lock);
4077                 }
4078                 goto err;
4079         }
4080 
4081         if (mi->mi_io_kstats) {
4082                 mutex_enter(&mi->mi_lock);
4083                 KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
4084                 KSTAT_IO_PTR(mi->mi_io_kstats)->nread += res.size;
4085                 mutex_exit(&mi->mi_lock);
4086         }
4087 
4088         rdc->nfs3_ncookie = res.loff;
4089         rp->r_cookieverf = res.cookieverf;
4090         rdc->eof = res.eof ? 1 : 0;
4091         rdc->entlen = res.size;
4092         ASSERT(rdc->entlen <= rdc->buflen);
4093         rdc->error = 0;
4094 
4095         return;
4096 
4097 err:
4098         kmem_free(rdc->entries, rdc->buflen);
4099         rdc->entries = NULL;
4100         rdc->error = error;
4101 }
4102 
4103 #ifdef DEBUG
4104 static int nfs3_bio_do_stop = 0;
4105 #endif
4106 
4107 static int
4108 nfs3_bio(struct buf *bp, stable_how *stab_comm, cred_t *cr)
4109 {
4110         rnode_t *rp = VTOR(bp->b_vp);
4111         int count;
4112         int error;
4113         cred_t *cred;
4114         offset_t offset;
4115 
4116         ASSERT(nfs_zone() == VTOMI(bp->b_vp)->mi_zone);
4117         offset = ldbtob(bp->b_lblkno);
4118 
4119         DTRACE_IO1(start, struct buf *, bp);
4120 
4121         if (bp->b_flags & B_READ) {
4122                 mutex_enter(&rp->r_statelock);
4123                 if (rp->r_cred != NULL) {
4124                         cred = rp->r_cred;
4125                         crhold(cred);
4126                 } else {
4127                         rp->r_cred = cr;
4128                         crhold(cr);
4129                         cred = cr;
4130                         crhold(cred);
4131                 }
4132                 mutex_exit(&rp->r_statelock);
4133         read_again:
4134                 error = bp->b_error = nfs3read(bp->b_vp, bp->b_un.b_addr,
4135                     offset, bp->b_bcount, &bp->b_resid, cred);
4136                 crfree(cred);
4137                 if (!error) {
4138                         if (bp->b_resid) {
4139                                 /*
4140                                  * Didn't get it all because we hit EOF,
4141                                  * zero all the memory beyond the EOF.
4142                                  */
4143                                 /* bzero(rdaddr + */
4144                                 bzero(bp->b_un.b_addr +
4145                                     bp->b_bcount - bp->b_resid, bp->b_resid);
4146                         }
4147                         mutex_enter(&rp->r_statelock);
4148                         if (bp->b_resid == bp->b_bcount &&
4149                             offset >= rp->r_size) {
4150                                 /*
4151                                  * We didn't read anything at all as we are
4152                                  * past EOF.  Return an error indicator back
4153                                  * but don't destroy the pages (yet).
4154                                  */
4155                                 error = NFS_EOF;
4156                         }
4157                         mutex_exit(&rp->r_statelock);
4158                 } else if (error == EACCES) {
4159                         mutex_enter(&rp->r_statelock);
4160                         if (cred != cr) {
4161                                 if (rp->r_cred != NULL)
4162                                         crfree(rp->r_cred);
4163                                 rp->r_cred = cr;
4164                                 crhold(cr);
4165                                 cred = cr;
4166                                 crhold(cred);
4167                                 mutex_exit(&rp->r_statelock);
4168                                 goto read_again;
4169                         }
4170                         mutex_exit(&rp->r_statelock);
4171                 }
4172         } else {
4173                 if (!(rp->r_flags & RSTALE)) {
4174                         mutex_enter(&rp->r_statelock);
4175                         if (rp->r_cred != NULL) {
4176                                 cred = rp->r_cred;
4177                                 crhold(cred);
4178                         } else {
4179                                 rp->r_cred = cr;
4180                                 crhold(cr);
4181                                 cred = cr;
4182                                 crhold(cred);
4183                         }
4184                         mutex_exit(&rp->r_statelock);
4185                 write_again:
4186                         mutex_enter(&rp->r_statelock);
4187                         count = MIN(bp->b_bcount, rp->r_size - offset);
4188                         mutex_exit(&rp->r_statelock);
4189                         if (count < 0)
4190                                 cmn_err(CE_PANIC, "nfs3_bio: write count < 0");
4191 #ifdef DEBUG
4192                         if (count == 0) {
4193                                 zcmn_err(getzoneid(), CE_WARN,
4194                                     "nfs3_bio: zero length write at %lld",
4195                                     offset);
4196                                 nfs_printfhandle(&rp->r_fh);
4197                                 if (nfs3_bio_do_stop)
4198                                         debug_enter("nfs3_bio");
4199                         }
4200 #endif
4201                         error = nfs3write(bp->b_vp, bp->b_un.b_addr, offset,
4202                             count, cred, stab_comm);
4203                         if (error == EACCES) {
4204                                 mutex_enter(&rp->r_statelock);
4205                                 if (cred != cr) {
4206                                         if (rp->r_cred != NULL)
4207                                                 crfree(rp->r_cred);
4208                                         rp->r_cred = cr;
4209                                         crhold(cr);
4210                                         crfree(cred);
4211                                         cred = cr;
4212                                         crhold(cred);
4213                                         mutex_exit(&rp->r_statelock);
4214                                         goto write_again;
4215                                 }
4216                                 mutex_exit(&rp->r_statelock);
4217                         }
4218                         bp->b_error = error;
4219                         if (error && error != EINTR) {
4220                                 /*
4221                                  * Don't print EDQUOT errors on the console.
4222                                  * Don't print asynchronous EACCES errors.
4223                                  * Don't print EFBIG errors.
4224                                  * Print all other write errors.
4225                                  */
4226                                 if (error != EDQUOT && error != EFBIG &&
4227                                     (error != EACCES ||
4228                                     !(bp->b_flags & B_ASYNC)))
4229                                         nfs_write_error(bp->b_vp, error, cred);
4230                                 /*
4231                                  * Update r_error and r_flags as appropriate.
4232                                  * If the error was ESTALE, then mark the
4233                                  * rnode as not being writeable and save
4234                                  * the error status.  Otherwise, save any
4235                                  * errors which occur from asynchronous
4236                                  * page invalidations.  Any errors occurring
4237                                  * from other operations should be saved
4238                                  * by the caller.
4239                                  */
4240                                 mutex_enter(&rp->r_statelock);
4241                                 if (error == ESTALE) {
4242                                         rp->r_flags |= RSTALE;
4243                                         if (!rp->r_error)
4244                                                 rp->r_error = error;
4245                                 } else if (!rp->r_error &&
4246                                     (bp->b_flags &
4247                                     (B_INVAL|B_FORCE|B_ASYNC)) ==
4248                                     (B_INVAL|B_FORCE|B_ASYNC)) {
4249                                         rp->r_error = error;
4250                                 }
4251                                 mutex_exit(&rp->r_statelock);
4252                         }
4253                         crfree(cred);
4254                 } else
4255                         error = rp->r_error;
4256         }
4257 
4258         if (error != 0 && error != NFS_EOF)
4259                 bp->b_flags |= B_ERROR;
4260 
4261         DTRACE_IO1(done, struct buf *, bp);
4262 
4263         return (error);
4264 }
4265 
4266 static int
4267 nfs3_fid(vnode_t *vp, fid_t *fidp)
4268 {
4269         rnode_t *rp;
4270 
4271         if (nfs_zone() != VTOMI(vp)->mi_zone)
4272                 return (EIO);
4273         rp = VTOR(vp);
4274 
4275         if (fidp->fid_len < (ushort_t)rp->r_fh.fh_len) {
4276                 fidp->fid_len = rp->r_fh.fh_len;
4277                 return (ENOSPC);
4278         }
4279         fidp->fid_len = rp->r_fh.fh_len;
4280         bcopy(rp->r_fh.fh_buf, fidp->fid_data, fidp->fid_len);
4281         return (0);
4282 }
4283 
4284 /* ARGSUSED2 */
4285 static int
4286 nfs3_rwlock(vnode_t *vp, int write_lock, caller_context_t *ctp)
4287 {
4288         rnode_t *rp = VTOR(vp);
4289 
4290         if (!write_lock) {
4291                 (void) nfs_rw_enter_sig(&rp->r_rwlock, RW_READER, FALSE);
4292                 return (V_WRITELOCK_FALSE);
4293         }
4294 
4295         if ((rp->r_flags & RDIRECTIO) || (VTOMI(vp)->mi_flags & MI_DIRECTIO)) {
4296                 (void) nfs_rw_enter_sig(&rp->r_rwlock, RW_READER, FALSE);
4297                 if (rp->r_mapcnt == 0 && !vn_has_cached_data(vp))
4298                         return (V_WRITELOCK_FALSE);
4299                 nfs_rw_exit(&rp->r_rwlock);
4300         }
4301 
4302         (void) nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER, FALSE);
4303         return (V_WRITELOCK_TRUE);
4304 }
4305 
4306 /* ARGSUSED */
4307 static void
4308 nfs3_rwunlock(vnode_t *vp, int write_lock, caller_context_t *ctp)
4309 {
4310         rnode_t *rp = VTOR(vp);
4311 
4312         nfs_rw_exit(&rp->r_rwlock);
4313 }
4314 
4315 /* ARGSUSED */
4316 static int
4317 nfs3_seek(vnode_t *vp, offset_t ooff, offset_t *noffp)
4318 {
4319 
4320         /*
4321          * Because we stuff the readdir cookie into the offset field
4322          * someone may attempt to do an lseek with the cookie which
4323          * we want to succeed.
4324          */
4325         if (vp->v_type == VDIR)
4326                 return (0);
4327         if (*noffp < 0)
4328                 return (EINVAL);
4329         return (0);
4330 }
4331 
4332 /*
4333  * number of nfs3_bsize blocks to read ahead.
4334  */
4335 static int nfs3_nra = 4;
4336 
4337 #ifdef DEBUG
4338 static int nfs3_lostpage = 0;   /* number of times we lost original page */
4339 #endif
4340 
4341 /*
4342  * Return all the pages from [off..off+len) in file
4343  */
4344 static int
4345 nfs3_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
4346         page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4347         enum seg_rw rw, cred_t *cr)
4348 {
4349         rnode_t *rp;
4350         int error;
4351         mntinfo_t *mi;
4352 
4353         if (vp->v_flag & VNOMAP)
4354                 return (ENOSYS);
4355 
4356         if (nfs_zone() != VTOMI(vp)->mi_zone)
4357                 return (EIO);
4358         if (protp != NULL)
4359                 *protp = PROT_ALL;
4360 
4361         /*
4362          * Now valididate that the caches are up to date.
4363          */
4364         error = nfs3_validate_caches(vp, cr);
4365         if (error)
4366                 return (error);
4367 
4368         rp = VTOR(vp);
4369         mi = VTOMI(vp);
4370 retry:
4371         mutex_enter(&rp->r_statelock);
4372 
4373         /*
4374          * Don't create dirty pages faster than they
4375          * can be cleaned so that the system doesn't
4376          * get imbalanced.  If the async queue is
4377          * maxed out, then wait for it to drain before
4378          * creating more dirty pages.  Also, wait for
4379          * any threads doing pagewalks in the vop_getattr
4380          * entry points so that they don't block for
4381          * long periods.
4382          */
4383         if (rw == S_CREATE) {
4384                 while ((mi->mi_max_threads != 0 &&
4385                     rp->r_awcount > 2 * mi->mi_max_threads) ||
4386                     rp->r_gcount > 0)
4387                         cv_wait(&rp->r_cv, &rp->r_statelock);
4388         }
4389 
4390         /*
4391          * If we are getting called as a side effect of an nfs_write()
4392          * operation the local file size might not be extended yet.
4393          * In this case we want to be able to return pages of zeroes.
4394          */
4395         if (off + len > rp->r_size + PAGEOFFSET && seg != segkmap) {
4396                 mutex_exit(&rp->r_statelock);
4397                 return (EFAULT);                /* beyond EOF */
4398         }
4399 
4400         mutex_exit(&rp->r_statelock);
4401 
4402         if (len <= PAGESIZE) {
4403                 error = nfs3_getapage(vp, off, len, protp, pl, plsz,
4404                     seg, addr, rw, cr);
4405         } else {
4406                 error = pvn_getpages(nfs3_getapage, vp, off, len, protp,
4407                     pl, plsz, seg, addr, rw, cr);
4408         }
4409 
4410         switch (error) {
4411         case NFS_EOF:
4412                 nfs_purge_caches(vp, NFS_NOPURGE_DNLC, cr);
4413                 goto retry;
4414         case ESTALE:
4415                 PURGE_STALE_FH(error, vp, cr);
4416         }
4417 
4418         return (error);
4419 }
4420 
4421 /*
4422  * Called from pvn_getpages or nfs3_getpage to get a particular page.
4423  */
4424 /* ARGSUSED */
4425 static int
4426 nfs3_getapage(vnode_t *vp, u_offset_t off, size_t len, uint_t *protp,
4427         page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4428         enum seg_rw rw, cred_t *cr)
4429 {
4430         rnode_t *rp;
4431         uint_t bsize;
4432         struct buf *bp;
4433         page_t *pp;
4434         u_offset_t lbn;
4435         u_offset_t io_off;
4436         u_offset_t blkoff;
4437         u_offset_t rablkoff;
4438         size_t io_len;
4439         uint_t blksize;
4440         int error;
4441         int readahead;
4442         int readahead_issued = 0;
4443         int ra_window; /* readahead window */
4444         page_t *pagefound;
4445         page_t *savepp;
4446 
4447         if (nfs_zone() != VTOMI(vp)->mi_zone)
4448                 return (EIO);
4449         rp = VTOR(vp);
4450         bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
4451 
4452 reread:
4453         bp = NULL;
4454         pp = NULL;
4455         pagefound = NULL;
4456 
4457         if (pl != NULL)
4458                 pl[0] = NULL;
4459 
4460         error = 0;
4461         lbn = off / bsize;
4462         blkoff = lbn * bsize;
4463 
4464         /*
4465          * Queueing up the readahead before doing the synchronous read
4466          * results in a significant increase in read throughput because
4467          * of the increased parallelism between the async threads and
4468          * the process context.
4469          */
4470         if ((off & ((vp->v_vfsp->vfs_bsize) - 1)) == 0 &&
4471             rw != S_CREATE &&
4472             !(vp->v_flag & VNOCACHE)) {
4473                 mutex_enter(&rp->r_statelock);
4474 
4475                 /*
4476                  * Calculate the number of readaheads to do.
4477                  * a) No readaheads at offset = 0.
4478                  * b) Do maximum(nfs3_nra) readaheads when the readahead
4479                  *    window is closed.
4480                  * c) Do readaheads between 1 to (nfs3_nra - 1) depending
4481                  *    upon how far the readahead window is open or close.
4482                  * d) No readaheads if rp->r_nextr is not within the scope
4483                  *    of the readahead window (random i/o).
4484                  */
4485 
4486                 if (off == 0)
4487                         readahead = 0;
4488                 else if (blkoff == rp->r_nextr)
4489                         readahead = nfs3_nra;
4490                 else if (rp->r_nextr > blkoff &&
4491                                 ((ra_window = (rp->r_nextr - blkoff) / bsize)
4492                                         <= (nfs3_nra - 1)))
4493                         readahead = nfs3_nra - ra_window;
4494                 else
4495                         readahead = 0;
4496 
4497                 rablkoff = rp->r_nextr;
4498                 while (readahead > 0 && rablkoff + bsize < rp->r_size) {
4499                         mutex_exit(&rp->r_statelock);
4500                         if (nfs_async_readahead(vp, rablkoff + bsize,
4501                             addr + (rablkoff + bsize - off), seg, cr,
4502                             nfs3_readahead) < 0) {
4503                                 mutex_enter(&rp->r_statelock);
4504                                 break;
4505                         }
4506                         readahead--;
4507                         rablkoff += bsize;
4508                         /*
4509                          * Indicate that we did a readahead so
4510                          * readahead offset is not updated
4511                          * by the synchronous read below.
4512                          */
4513                         readahead_issued = 1;
4514                         mutex_enter(&rp->r_statelock);
4515                         /*
4516                          * set readahead offset to
4517                          * offset of last async readahead
4518                          * request.
4519                          */
4520                         rp->r_nextr = rablkoff;
4521                 }
4522                 mutex_exit(&rp->r_statelock);
4523         }
4524 
4525 again:
4526         if ((pagefound = page_exists(vp, off)) == NULL) {
4527                 if (pl == NULL) {
4528                         (void) nfs_async_readahead(vp, blkoff, addr, seg, cr,
4529                             nfs3_readahead);
4530                 } else if (rw == S_CREATE) {
4531                         /*
4532                          * Block for this page is not allocated, or the offset
4533                          * is beyond the current allocation size, or we're
4534                          * allocating a swap slot and the page was not found,
4535                          * so allocate it and return a zero page.
4536                          */
4537                         if ((pp = page_create_va(vp, off,
4538                             PAGESIZE, PG_WAIT, seg, addr)) == NULL)
4539                                 cmn_err(CE_PANIC, "nfs3_getapage: page_create");
4540                         io_len = PAGESIZE;
4541                         mutex_enter(&rp->r_statelock);
4542                         rp->r_nextr = off + PAGESIZE;
4543                         mutex_exit(&rp->r_statelock);
4544                 } else {
4545                         /*
4546                          * Need to go to server to get a BLOCK, exception to
4547                          * that being while reading at offset = 0 or doing
4548                          * random i/o, in that case read only a PAGE.
4549                          */
4550                         mutex_enter(&rp->r_statelock);
4551                         if (blkoff < rp->r_size &&
4552                             blkoff + bsize >= rp->r_size) {
4553                                 /*
4554                                  * If only a block or less is left in
4555                                  * the file, read all that is remaining.
4556                                  */
4557                                 if (rp->r_size <= off) {
4558                                         /*
4559                                          * Trying to access beyond EOF,
4560                                          * set up to get at least one page.
4561                                          */
4562                                         blksize = off + PAGESIZE - blkoff;
4563                                 } else
4564                                         blksize = rp->r_size - blkoff;
4565                         } else if ((off == 0) ||
4566                                 (off != rp->r_nextr && !readahead_issued)) {
4567                                 blksize = PAGESIZE;
4568                                 blkoff = off; /* block = page here */
4569                         } else
4570                                 blksize = bsize;
4571                         mutex_exit(&rp->r_statelock);
4572 
4573                         pp = pvn_read_kluster(vp, off, seg, addr, &io_off,
4574                             &io_len, blkoff, blksize, 0);
4575 
4576                         /*
4577                          * Some other thread has entered the page,
4578                          * so just use it.
4579                          */
4580                         if (pp == NULL)
4581                                 goto again;
4582 
4583                         /*
4584                          * Now round the request size up to page boundaries.
4585                          * This ensures that the entire page will be
4586                          * initialized to zeroes if EOF is encountered.
4587                          */
4588                         io_len = ptob(btopr(io_len));
4589 
4590                         bp = pageio_setup(pp, io_len, vp, B_READ);
4591                         ASSERT(bp != NULL);
4592 
4593                         /*
4594                          * pageio_setup should have set b_addr to 0.  This
4595                          * is correct since we want to do I/O on a page
4596                          * boundary.  bp_mapin will use this addr to calculate
4597                          * an offset, and then set b_addr to the kernel virtual
4598                          * address it allocated for us.
4599                          */
4600                         ASSERT(bp->b_un.b_addr == 0);
4601 
4602                         bp->b_edev = 0;
4603                         bp->b_dev = 0;
4604                         bp->b_lblkno = lbtodb(io_off);
4605                         bp->b_file = vp;
4606                         bp->b_offset = (offset_t)off;
4607                         bp_mapin(bp);
4608 
4609                         /*
4610                          * If doing a write beyond what we believe is EOF,
4611                          * don't bother trying to read the pages from the
4612                          * server, we'll just zero the pages here.  We
4613                          * don't check that the rw flag is S_WRITE here
4614                          * because some implementations may attempt a
4615                          * read access to the buffer before copying data.
4616                          */
4617                         mutex_enter(&rp->r_statelock);
4618                         if (io_off >= rp->r_size && seg == segkmap) {
4619                                 mutex_exit(&rp->r_statelock);
4620                                 bzero(bp->b_un.b_addr, io_len);
4621                         } else {
4622                                 mutex_exit(&rp->r_statelock);
4623                                 error = nfs3_bio(bp, NULL, cr);
4624                         }
4625 
4626                         /*
4627                          * Unmap the buffer before freeing it.
4628                          */
4629                         bp_mapout(bp);
4630                         pageio_done(bp);
4631 
4632                         savepp = pp;
4633                         do {
4634                                 pp->p_fsdata = C_NOCOMMIT;
4635                         } while ((pp = pp->p_next) != savepp);
4636 
4637                         if (error == NFS_EOF) {
4638                                 /*
4639                                  * If doing a write system call just return
4640                                  * zeroed pages, else user tried to get pages
4641                                  * beyond EOF, return error.  We don't check
4642                                  * that the rw flag is S_WRITE here because
4643                                  * some implementations may attempt a read
4644                                  * access to the buffer before copying data.
4645                                  */
4646                                 if (seg == segkmap)
4647                                         error = 0;
4648                                 else
4649                                         error = EFAULT;
4650                         }
4651 
4652                         if (!readahead_issued && !error) {
4653                             mutex_enter(&rp->r_statelock);
4654                             rp->r_nextr = io_off + io_len;
4655                             mutex_exit(&rp->r_statelock);
4656                         }
4657                 }
4658         }
4659 
4660 out:
4661         if (pl == NULL)
4662                 return (error);
4663 
4664         if (error) {
4665                 if (pp != NULL)
4666                         pvn_read_done(pp, B_ERROR);
4667                 return (error);
4668         }
4669 
4670         if (pagefound) {
4671                 se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
4672 
4673                 /*
4674                  * Page exists in the cache, acquire the appropriate lock.
4675                  * If this fails, start all over again.
4676                  */
4677                 if ((pp = page_lookup(vp, off, se)) == NULL) {
4678 #ifdef DEBUG
4679                         nfs3_lostpage++;
4680 #endif
4681                         goto reread;
4682                 }
4683                 pl[0] = pp;
4684                 pl[1] = NULL;
4685                 return (0);
4686         }
4687 
4688         if (pp != NULL)
4689                 pvn_plist_init(pp, pl, plsz, off, io_len, rw);
4690 
4691         return (error);
4692 }
4693 
4694 static void
4695 nfs3_readahead(vnode_t *vp, u_offset_t blkoff, caddr_t addr, struct seg *seg,
4696         cred_t *cr)
4697 {
4698         int error;
4699         page_t *pp;
4700         u_offset_t io_off;
4701         size_t io_len;
4702         struct buf *bp;
4703         uint_t bsize, blksize;
4704         rnode_t *rp = VTOR(vp);
4705         page_t *savepp;
4706 
4707         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
4708         bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
4709 
4710         mutex_enter(&rp->r_statelock);
4711         if (blkoff < rp->r_size && blkoff + bsize > rp->r_size) {
4712                 /*
4713                  * If less than a block left in file read less
4714                  * than a block.
4715                  */
4716                 blksize = rp->r_size - blkoff;
4717         } else
4718                 blksize = bsize;
4719         mutex_exit(&rp->r_statelock);
4720 
4721         pp = pvn_read_kluster(vp, blkoff, segkmap, addr,
4722             &io_off, &io_len, blkoff, blksize, 1);
4723         /*
4724          * The isra flag passed to the kluster function is 1, we may have
4725          * gotten a return value of NULL for a variety of reasons (# of free
4726          * pages < minfree, someone entered the page on the vnode etc). In all
4727          * cases, we want to punt on the readahead.
4728          */
4729         if (pp == NULL)
4730                 return;
4731 
4732         /*
4733          * Now round the request size up to page boundaries.
4734          * This ensures that the entire page will be
4735          * initialized to zeroes if EOF is encountered.
4736          */
4737         io_len = ptob(btopr(io_len));
4738 
4739         bp = pageio_setup(pp, io_len, vp, B_READ);
4740         ASSERT(bp != NULL);
4741 
4742         /*
4743          * pageio_setup should have set b_addr to 0.  This is correct since
4744          * we want to do I/O on a page boundary. bp_mapin() will use this addr
4745          * to calculate an offset, and then set b_addr to the kernel virtual
4746          * address it allocated for us.
4747          */
4748         ASSERT(bp->b_un.b_addr == 0);
4749 
4750         bp->b_edev = 0;
4751         bp->b_dev = 0;
4752         bp->b_lblkno = lbtodb(io_off);
4753         bp->b_file = vp;
4754         bp->b_offset = (offset_t)blkoff;
4755         bp_mapin(bp);
4756 
4757         /*
4758          * If doing a write beyond what we believe is EOF, don't bother trying
4759          * to read the pages from the server, we'll just zero the pages here.
4760          * We don't check that the rw flag is S_WRITE here because some
4761          * implementations may attempt a read access to the buffer before
4762          * copying data.
4763          */
4764         mutex_enter(&rp->r_statelock);
4765         if (io_off >= rp->r_size && seg == segkmap) {
4766                 mutex_exit(&rp->r_statelock);
4767                 bzero(bp->b_un.b_addr, io_len);
4768                 error = 0;
4769         } else {
4770                 mutex_exit(&rp->r_statelock);
4771                 error = nfs3_bio(bp, NULL, cr);
4772                 if (error == NFS_EOF)
4773                         error = 0;
4774         }
4775 
4776         /*
4777          * Unmap the buffer before freeing it.
4778          */
4779         bp_mapout(bp);
4780         pageio_done(bp);
4781 
4782         savepp = pp;
4783         do {
4784                 pp->p_fsdata = C_NOCOMMIT;
4785         } while ((pp = pp->p_next) != savepp);
4786 
4787         pvn_read_done(pp, error ? B_READ | B_ERROR : B_READ);
4788 
4789         /*
4790          * In case of error set readahead offset
4791          * to the lowest offset.
4792          * pvn_read_done() calls VN_DISPOSE to destroy the pages
4793          */
4794         if (error && rp->r_nextr > io_off) {
4795                 mutex_enter(&rp->r_statelock);
4796                 if (rp->r_nextr > io_off)
4797                         rp->r_nextr = io_off;
4798                 mutex_exit(&rp->r_statelock);
4799         }
4800 }
4801 
4802 /*
4803  * Flags are composed of {B_INVAL, B_FREE, B_DONTNEED, B_FORCE}
4804  * If len == 0, do from off to EOF.
4805  *
4806  * The normal cases should be len == 0 && off == 0 (entire vp list),
4807  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
4808  * (from pageout).
4809  */
4810 static int
4811 nfs3_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr)
4812 {
4813         int error;
4814         rnode_t *rp;
4815 
4816         ASSERT(cr != NULL);
4817 
4818         /*
4819          * XXX - Why should this check be made here?
4820          */
4821         if (vp->v_flag & VNOMAP)
4822                 return (ENOSYS);
4823         if (len == 0 && !(flags & B_INVAL) && vn_is_readonly(vp))
4824                 return (0);
4825         if (!(flags & B_ASYNC) && nfs_zone() != VTOMI(vp)->mi_zone)
4826                 return (EIO);
4827 
4828         rp = VTOR(vp);
4829         mutex_enter(&rp->r_statelock);
4830         rp->r_count++;
4831         mutex_exit(&rp->r_statelock);
4832         error = nfs_putpages(vp, off, len, flags, cr);
4833         mutex_enter(&rp->r_statelock);
4834         rp->r_count--;
4835         cv_broadcast(&rp->r_cv);
4836         mutex_exit(&rp->r_statelock);
4837 
4838         return (error);
4839 }
4840 
4841 /*
4842  * Write out a single page, possibly klustering adjacent dirty pages.
4843  */
4844 int
4845 nfs3_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp, size_t *lenp,
4846         int flags, cred_t *cr)
4847 {
4848         u_offset_t io_off;
4849         u_offset_t lbn_off;
4850         u_offset_t lbn;
4851         size_t io_len;
4852         uint_t bsize;
4853         int error;
4854         rnode_t *rp;
4855 
4856         ASSERT(!vn_is_readonly(vp));
4857         ASSERT(pp != NULL);
4858         ASSERT(cr != NULL);
4859         ASSERT((flags & B_ASYNC) || nfs_zone() == VTOMI(vp)->mi_zone);
4860 
4861         rp = VTOR(vp);
4862         ASSERT(rp->r_count > 0);
4863 
4864         bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
4865         lbn = pp->p_offset / bsize;
4866         lbn_off = lbn * bsize;
4867 
4868         /*
4869          * Find a kluster that fits in one block, or in
4870          * one page if pages are bigger than blocks.  If
4871          * there is less file space allocated than a whole
4872          * page, we'll shorten the i/o request below.
4873          */
4874         pp = pvn_write_kluster(vp, pp, &io_off, &io_len, lbn_off,
4875             roundup(bsize, PAGESIZE), flags);
4876 
4877         /*
4878          * pvn_write_kluster shouldn't have returned a page with offset
4879          * behind the original page we were given.  Verify that.
4880          */
4881         ASSERT((pp->p_offset / bsize) >= lbn);
4882 
4883         /*
4884          * Now pp will have the list of kept dirty pages marked for
4885          * write back.  It will also handle invalidation and freeing
4886          * of pages that are not dirty.  Check for page length rounding
4887          * problems.
4888          */
4889         if (io_off + io_len > lbn_off + bsize) {
4890                 ASSERT((io_off + io_len) - (lbn_off + bsize) < PAGESIZE);
4891                 io_len = lbn_off + bsize - io_off;
4892         }
4893         /*
4894          * The RMODINPROGRESS flag makes sure that nfs(3)_bio() sees a
4895          * consistent value of r_size. RMODINPROGRESS is set in writerp().
4896          * When RMODINPROGRESS is set it indicates that a uiomove() is in
4897          * progress and the r_size has not been made consistent with the
4898          * new size of the file. When the uiomove() completes the r_size is
4899          * updated and the RMODINPROGRESS flag is cleared.
4900          *
4901          * The RMODINPROGRESS flag makes sure that nfs(3)_bio() sees a
4902          * consistent value of r_size. Without this handshaking, it is
4903          * possible that nfs(3)_bio() picks  up the old value of r_size
4904          * before the uiomove() in writerp() completes. This will result
4905          * in the write through nfs(3)_bio() being dropped.
4906          *
4907          * More precisely, there is a window between the time the uiomove()
4908          * completes and the time the r_size is updated. If a VOP_PUTPAGE()
4909          * operation intervenes in this window, the page will be picked up,
4910          * because it is dirty (it will be unlocked, unless it was
4911          * pagecreate'd). When the page is picked up as dirty, the dirty
4912          * bit is reset (pvn_getdirty()). In nfs(3)write(), r_size is
4913          * checked. This will still be the old size. Therefore the page will
4914          * not be written out. When segmap_release() calls VOP_PUTPAGE(),
4915          * the page will be found to be clean and the write will be dropped.
4916          */
4917         if (rp->r_flags & RMODINPROGRESS) {
4918                 mutex_enter(&rp->r_statelock);
4919                 if ((rp->r_flags & RMODINPROGRESS) &&
4920                     rp->r_modaddr + MAXBSIZE > io_off &&
4921                     rp->r_modaddr < io_off + io_len) {
4922                         page_t *plist;
4923                         /*
4924                          * A write is in progress for this region of the file.
4925                          * If we did not detect RMODINPROGRESS here then this
4926                          * path through nfs_putapage() would eventually go to
4927                          * nfs(3)_bio() and may not write out all of the data
4928                          * in the pages. We end up losing data. So we decide
4929                          * to set the modified bit on each page in the page
4930                          * list and mark the rnode with RDIRTY. This write
4931                          * will be restarted at some later time.
4932                          */
4933                         plist = pp;
4934                         while (plist != NULL) {
4935                                 pp = plist;
4936                                 page_sub(&plist, pp);
4937                                 hat_setmod(pp);
4938                                 page_io_unlock(pp);
4939                                 page_unlock(pp);
4940                         }
4941                         rp->r_flags |= RDIRTY;
4942                         mutex_exit(&rp->r_statelock);
4943                         if (offp)
4944                                 *offp = io_off;
4945                         if (lenp)
4946                                 *lenp = io_len;
4947                         return (0);
4948                 }
4949                 mutex_exit(&rp->r_statelock);
4950         }
4951 
4952         if (flags & B_ASYNC) {
4953                 error = nfs_async_putapage(vp, pp, io_off, io_len, flags, cr,
4954                     nfs3_sync_putapage);
4955         } else
4956                 error = nfs3_sync_putapage(vp, pp, io_off, io_len, flags, cr);
4957 
4958         if (offp)
4959                 *offp = io_off;
4960         if (lenp)
4961                 *lenp = io_len;
4962         return (error);
4963 }
4964 
4965 static int
4966 nfs3_sync_putapage(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
4967         int flags, cred_t *cr)
4968 {
4969         int error;
4970         rnode_t *rp;
4971 
4972         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
4973 
4974         flags |= B_WRITE;
4975 
4976         error = nfs3_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
4977 
4978         rp = VTOR(vp);
4979 
4980         if ((error == ENOSPC || error == EDQUOT || error == EFBIG ||
4981             error == EACCES) &&
4982             (flags & (B_INVAL|B_FORCE)) != (B_INVAL|B_FORCE)) {
4983                 if (!(rp->r_flags & ROUTOFSPACE)) {
4984                         mutex_enter(&rp->r_statelock);
4985                         rp->r_flags |= ROUTOFSPACE;
4986                         mutex_exit(&rp->r_statelock);
4987                 }
4988                 flags |= B_ERROR;
4989                 pvn_write_done(pp, flags);
4990                 /*
4991                  * If this was not an async thread, then try again to
4992                  * write out the pages, but this time, also destroy
4993                  * them whether or not the write is successful.  This
4994                  * will prevent memory from filling up with these
4995                  * pages and destroying them is the only alternative
4996                  * if they can't be written out.
4997                  *
4998                  * Don't do this if this is an async thread because
4999                  * when the pages are unlocked in pvn_write_done,
5000                  * some other thread could have come along, locked
5001                  * them, and queued for an async thread.  It would be
5002                  * possible for all of the async threads to be tied
5003                  * up waiting to lock the pages again and they would
5004                  * all already be locked and waiting for an async
5005                  * thread to handle them.  Deadlock.
5006                  */
5007                 if (!(flags & B_ASYNC)) {
5008                         error = nfs3_putpage(vp, io_off, io_len,
5009                             B_INVAL | B_FORCE, cr);
5010                 }
5011         } else {
5012                 if (error)
5013                         flags |= B_ERROR;
5014                 else if (rp->r_flags & ROUTOFSPACE) {
5015                         mutex_enter(&rp->r_statelock);
5016                         rp->r_flags &= ~ROUTOFSPACE;
5017                         mutex_exit(&rp->r_statelock);
5018                 }
5019                 pvn_write_done(pp, flags);
5020                 if (freemem < desfree)
5021                         (void) nfs3_commit_vp(vp, (u_offset_t)0, 0, cr);
5022         }
5023 
5024         return (error);
5025 }
5026 
5027 static int
5028 nfs3_map(vnode_t *vp, offset_t off, struct as *as, caddr_t *addrp,
5029         size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr)
5030 {
5031         struct segvn_crargs vn_a;
5032         int error;
5033         rnode_t *rp;
5034         struct vattr va;
5035 
5036         if (nfs_zone() != VTOMI(vp)->mi_zone)
5037                 return (EIO);
5038 
5039         if (vp->v_flag & VNOMAP)
5040                 return (ENOSYS);
5041 
5042         if (off < 0 || off + len < 0)
5043                 return (ENXIO);
5044 
5045         if (vp->v_type != VREG)
5046                 return (ENODEV);
5047 
5048         /*
5049          * If there is cached data and if close-to-open consistency
5050          * checking is not turned off and if the file system is not
5051          * mounted readonly, then force an over the wire getattr.
5052          * Otherwise, just invoke nfs3getattr to get a copy of the
5053          * attributes.  The attribute cache will be used unless it
5054          * is timed out and if it is, then an over the wire getattr
5055          * will be issued.
5056          */
5057         va.va_mask = AT_ALL;
5058         if (vn_has_cached_data(vp) &&
5059             !(VTOMI(vp)->mi_flags & MI_NOCTO) && !vn_is_readonly(vp))
5060                 error = nfs3_getattr_otw(vp, &va, cr);
5061         else
5062                 error = nfs3getattr(vp, &va, cr);
5063         if (error)
5064                 return (error);
5065 
5066         /*
5067          * Check to see if the vnode is currently marked as not cachable.
5068          * This means portions of the file are locked (through VOP_FRLOCK).
5069          * In this case the map request must be refused.  We use
5070          * rp->r_lkserlock to avoid a race with concurrent lock requests.
5071          */
5072         rp = VTOR(vp);
5073         if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_READER, INTR(vp)))
5074                 return (EINTR);
5075 
5076         if (vp->v_flag & VNOCACHE) {
5077                 error = EAGAIN;
5078                 goto done;
5079         }
5080 
5081         /*
5082          * Don't allow concurrent locks and mapping if mandatory locking is
5083          * enabled.
5084          */
5085         if ((flk_has_remote_locks(vp) || lm_has_sleep(vp)) &&
5086             MANDLOCK(vp, va.va_mode)) {
5087                 error = EAGAIN;
5088                 goto done;
5089         }
5090 
5091         as_rangelock(as);
5092         if (!(flags & MAP_FIXED)) {
5093                 map_addr(addrp, len, off, 1, flags);
5094                 if (*addrp == NULL) {
5095                         as_rangeunlock(as);
5096                         error = ENOMEM;
5097                         goto done;
5098                 }
5099         } else {
5100                 /*
5101                  * User specified address - blow away any previous mappings
5102                  */
5103                 (void) as_unmap(as, *addrp, len);
5104         }
5105 
5106         vn_a.vp = vp;
5107         vn_a.offset = off;
5108         vn_a.type = (flags & MAP_TYPE);
5109         vn_a.prot = (uchar_t)prot;
5110         vn_a.maxprot = (uchar_t)maxprot;
5111         vn_a.flags = (flags & ~MAP_TYPE);
5112         vn_a.cred = cr;
5113         vn_a.amp = NULL;
5114         vn_a.szc = 0;
5115         vn_a.lgrp_mem_policy_flags = 0;
5116 
5117         error = as_map(as, *addrp, len, segvn_create, &vn_a);
5118         as_rangeunlock(as);
5119 
5120 done:
5121         nfs_rw_exit(&rp->r_lkserlock);
5122         return (error);
5123 }
5124 
5125 /* ARGSUSED */
5126 static int
5127 nfs3_addmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
5128         size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr)
5129 {
5130         rnode_t *rp;
5131 
5132         if (vp->v_flag & VNOMAP)
5133                 return (ENOSYS);
5134         if (nfs_zone() != VTOMI(vp)->mi_zone)
5135                 return (EIO);
5136 
5137         /*
5138          * Need to hold rwlock while incrementing the mapcnt so that
5139          * mmap'ing can be serialized with writes so that the caching
5140          * can be handled correctly.
5141          */
5142         rp = VTOR(vp);
5143         if (nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER, INTR(vp)))
5144                 return (EINTR);
5145         atomic_add_long((ulong_t *)&rp->r_mapcnt, btopr(len));
5146         nfs_rw_exit(&rp->r_rwlock);
5147 
5148         return (0);
5149 }
5150 
5151 static int
5152 nfs3_frlock(vnode_t *vp, int cmd, struct flock64 *bfp, int flag,
5153         offset_t offset, struct flk_callback *flk_cbp, cred_t *cr)
5154 {
5155         netobj lm_fh3;
5156         int rc;
5157         u_offset_t start, end;
5158         rnode_t *rp;
5159         int error = 0, intr = INTR(vp);
5160 
5161         if (nfs_zone() != VTOMI(vp)->mi_zone)
5162                 return (EIO);
5163         /* check for valid cmd parameter */
5164         if (cmd != F_GETLK && cmd != F_SETLK && cmd != F_SETLKW)
5165                 return (EINVAL);
5166 
5167         /* Verify l_type. */
5168         switch (bfp->l_type) {
5169         case F_RDLCK:
5170                 if (cmd != F_GETLK && !(flag & FREAD))
5171                         return (EBADF);
5172                 break;
5173         case F_WRLCK:
5174                 if (cmd != F_GETLK && !(flag & FWRITE))
5175                         return (EBADF);
5176                 break;
5177         case F_UNLCK:
5178                 intr = 0;
5179                 break;
5180 
5181         default:
5182                 return (EINVAL);
5183         }
5184 
5185         /* check the validity of the lock range */
5186         if (rc = flk_convert_lock_data(vp, bfp, &start, &end, offset))
5187                 return (rc);
5188         if (rc = flk_check_lock_data(start, end, MAXEND))
5189                 return (rc);
5190 
5191         /*
5192          * If the filesystem is mounted using local locking, pass the
5193          * request off to the local locking code.
5194          */
5195         if (VTOMI(vp)->mi_flags & MI_LLOCK) {
5196                 if (cmd == F_SETLK || cmd == F_SETLKW) {
5197                         /*
5198                          * For complete safety, we should be holding
5199                          * r_lkserlock.  However, we can't call
5200                          * lm_safelock and then fs_frlock while
5201                          * holding r_lkserlock, so just invoke
5202                          * lm_safelock and expect that this will
5203                          * catch enough of the cases.
5204                          */
5205                         if (!lm_safelock(vp, bfp, cr))
5206                                 return (EAGAIN);
5207                 }
5208                 return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr));
5209         }
5210 
5211         rp = VTOR(vp);
5212 
5213         /*
5214          * Check whether the given lock request can proceed, given the
5215          * current file mappings.
5216          */
5217         if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_WRITER, intr))
5218                 return (EINTR);
5219         if (cmd == F_SETLK || cmd == F_SETLKW) {
5220                 if (!lm_safelock(vp, bfp, cr)) {
5221                         rc = EAGAIN;
5222                         goto done;
5223                 }
5224         }
5225 
5226         /*
5227          * Flush the cache after waiting for async I/O to finish.  For new
5228          * locks, this is so that the process gets the latest bits from the
5229          * server.  For unlocks, this is so that other clients see the
5230          * latest bits once the file has been unlocked.  If currently dirty
5231          * pages can't be flushed, then don't allow a lock to be set.  But
5232          * allow unlocks to succeed, to avoid having orphan locks on the
5233          * server.
5234          */
5235         if (cmd != F_GETLK) {
5236                 mutex_enter(&rp->r_statelock);
5237                 while (rp->r_count > 0) {
5238                     if (intr) {
5239                         klwp_t *lwp = ttolwp(curthread);
5240 
5241                         if (lwp != NULL)
5242                                 lwp->lwp_nostop++;
5243                         if (cv_wait_sig(&rp->r_cv, &rp->r_statelock) == 0) {
5244                                 if (lwp != NULL)
5245                                         lwp->lwp_nostop--;
5246                                 rc = EINTR;
5247                                 break;
5248                         }
5249                         if (lwp != NULL)
5250                                 lwp->lwp_nostop--;
5251                     } else
5252                         cv_wait(&rp->r_cv, &rp->r_statelock);
5253                 }
5254                 mutex_exit(&rp->r_statelock);
5255                 if (rc != 0)
5256                         goto done;
5257                 error = nfs3_putpage(vp, (offset_t)0, 0, B_INVAL, cr);
5258                 if (error) {
5259                         if (error == ENOSPC || error == EDQUOT) {
5260                                 mutex_enter(&rp->r_statelock);
5261                                 if (!rp->r_error)
5262                                         rp->r_error = error;
5263                                 mutex_exit(&rp->r_statelock);
5264                         }
5265                         if (bfp->l_type != F_UNLCK) {
5266                                 rc = ENOLCK;
5267                                 goto done;
5268                         }
5269                 }
5270         }
5271 
5272         lm_fh3.n_len = VTOFH3(vp)->fh3_length;
5273         lm_fh3.n_bytes = (char *)&(VTOFH3(vp)->fh3_u.data);
5274 
5275         /*
5276          * Call the lock manager to do the real work of contacting
5277          * the server and obtaining the lock.
5278          */
5279         rc = lm4_frlock(vp, cmd, bfp, flag, offset, cr, &lm_fh3, flk_cbp);
5280 
5281         if (rc == 0)
5282                 nfs_lockcompletion(vp, cmd);
5283 
5284 done:
5285         nfs_rw_exit(&rp->r_lkserlock);
5286         return (rc);
5287 }
5288 
5289 /*
5290  * Free storage space associated with the specified vnode.  The portion
5291  * to be freed is specified by bfp->l_start and bfp->l_len (already
5292  * normalized to a "whence" of 0).
5293  *
5294  * This is an experimental facility whose continued existence is not
5295  * guaranteed.  Currently, we only support the special case
5296  * of l_len == 0, meaning free to end of file.
5297  */
5298 /* ARGSUSED */
5299 static int
5300 nfs3_space(vnode_t *vp, int cmd, struct flock64 *bfp, int flag,
5301         offset_t offset, cred_t *cr, caller_context_t *ct)
5302 {
5303         int error;
5304 
5305         ASSERT(vp->v_type == VREG);
5306         if (cmd != F_FREESP)
5307                 return (EINVAL);
5308         if (nfs_zone() != VTOMI(vp)->mi_zone)
5309                 return (EIO);
5310 
5311         error = convoff(vp, bfp, 0, offset);
5312         if (!error) {
5313                 ASSERT(bfp->l_start >= 0);
5314                 if (bfp->l_len == 0) {
5315                         struct vattr va;
5316 
5317                         /*
5318                          * ftruncate should not change the ctime and
5319                          * mtime if we truncate the file to its
5320                          * previous size.
5321                          */
5322                         va.va_mask = AT_SIZE;
5323                         error = nfs3getattr(vp, &va, cr);
5324                         if (error || va.va_size == bfp->l_start)
5325                                 return (error);
5326                         va.va_mask = AT_SIZE;
5327                         va.va_size = bfp->l_start;
5328                         error = nfs3setattr(vp, &va, 0, cr);
5329                 } else
5330                         error = EINVAL;
5331         }
5332 
5333         return (error);
5334 }
5335 
5336 /* ARGSUSED */
5337 static int
5338 nfs3_realvp(vnode_t *vp, vnode_t **vpp)
5339 {
5340 
5341         return (EINVAL);
5342 }
5343 
5344 /*
5345  * Setup and add an address space callback to do the work of the delmap call.
5346  * The callback will (and must be) deleted in the actual callback function.
5347  *
5348  * This is done in order to take care of the problem that we have with holding
5349  * the address space's a_lock for a long period of time (e.g. if the NFS server
5350  * is down).  Callbacks will be executed in the address space code while the
5351  * a_lock is not held.  Holding the address space's a_lock causes things such
5352  * as ps and fork to hang because they are trying to acquire this lock as well.
5353  */
5354 /* ARGSUSED */
5355 static int
5356 nfs3_delmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
5357         size_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cr)
5358 {
5359         int                     caller_found;
5360         int                     error;
5361         rnode_t                 *rp;
5362         nfs_delmap_args_t       *dmapp;
5363         nfs_delmapcall_t        *delmap_call;
5364 
5365         if (vp->v_flag & VNOMAP)
5366                 return (ENOSYS);
5367         /*
5368          * A process may not change zones if it has NFS pages mmap'ed
5369          * in, so we can't legitimately get here from the wrong zone.
5370          */
5371         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
5372 
5373         rp = VTOR(vp);
5374 
5375         /*
5376          * The way that the address space of this process deletes its mapping
5377          * of this file is via the following call chains:
5378          * - as_free()->SEGOP_UNMAP()/segvn_unmap()->VOP_DELMAP()/nfs3_delmap()
5379          * - as_unmap()->SEGOP_UNMAP()/segvn_unmap()->VOP_DELMAP()/nfs3_delmap()
5380          *
5381          * With the use of address space callbacks we are allowed to drop the
5382          * address space lock, a_lock, while executing the NFS operations that
5383          * need to go over the wire.  Returning EAGAIN to the caller of this
5384          * function is what drives the execution of the callback that we add
5385          * below.  The callback will be executed by the address space code
5386          * after dropping the a_lock.  When the callback is finished, since
5387          * we dropped the a_lock, it must be re-acquired and segvn_unmap()
5388          * is called again on the same segment to finish the rest of the work
5389          * that needs to happen during unmapping.
5390          *
5391          * This action of calling back into the segment driver causes
5392          * nfs3_delmap() to get called again, but since the callback was
5393          * already executed at this point, it already did the work and there
5394          * is nothing left for us to do.
5395          *
5396          * To Summarize:
5397          * - The first time nfs3_delmap is called by the current thread is when
5398          * we add the caller associated with this delmap to the delmap caller
5399          * list, add the callback, and return EAGAIN.
5400          * - The second time in this call chain when nfs3_delmap is called we
5401          * will find this caller in the delmap caller list and realize there
5402          * is no more work to do thus removing this caller from the list and
5403          * returning the error that was set in the callback execution.
5404          */
5405         caller_found = nfs_find_and_delete_delmapcall(rp, &error);
5406         if (caller_found) {
5407                 /*
5408                  * 'error' is from the actual delmap operations.  To avoid
5409                  * hangs, we need to handle the return of EAGAIN differently
5410                  * since this is what drives the callback execution.
5411                  * In this case, we don't want to return EAGAIN and do the
5412                  * callback execution because there are none to execute.
5413                  */
5414                 if (error == EAGAIN)
5415                         return (0);
5416                 else
5417                         return (error);
5418         }
5419 
5420         /* current caller was not in the list */
5421         delmap_call = nfs_init_delmapcall();
5422 
5423         mutex_enter(&rp->r_statelock);
5424         list_insert_tail(&rp->r_indelmap, delmap_call);
5425         mutex_exit(&rp->r_statelock);
5426 
5427         dmapp = kmem_alloc(sizeof (nfs_delmap_args_t), KM_SLEEP);
5428 
5429         dmapp->vp = vp;
5430         dmapp->off = off;
5431         dmapp->addr = addr;
5432         dmapp->len = len;
5433         dmapp->prot = prot;
5434         dmapp->maxprot = maxprot;
5435         dmapp->flags = flags;
5436         dmapp->cr = cr;
5437         dmapp->caller = delmap_call;
5438 
5439         error = as_add_callback(as, nfs3_delmap_callback, dmapp,
5440         AS_UNMAP_EVENT, addr, len, KM_SLEEP);
5441 
5442         return (error ? error : EAGAIN);
5443 }
5444 
5445 /*
5446  * Remove some pages from an mmap'd vnode.  Just update the
5447  * count of pages.  If doing close-to-open, then flush and
5448  * commit all of the pages associated with this file.
5449  * Otherwise, start an asynchronous page flush to write out
5450  * any dirty pages.  This will also associate a credential
5451  * with the rnode which can be used to write the pages.
5452  */
5453 /* ARGSUSED */
5454 static void
5455 nfs3_delmap_callback(struct as *as, void *arg, uint_t event)
5456 {
5457         int                     error;
5458         rnode_t                 *rp;
5459         mntinfo_t               *mi;
5460         nfs_delmap_args_t       *dmapp = (nfs_delmap_args_t *)arg;
5461 
5462         rp = VTOR(dmapp->vp);
5463         mi = VTOMI(dmapp->vp);
5464 
5465         atomic_add_long((ulong_t *)&rp->r_mapcnt, -btopr(dmapp->len));
5466         ASSERT(rp->r_mapcnt >= 0);
5467 
5468         /*
5469          * Initiate a page flush and potential commit if there are
5470          * pages, the file system was not mounted readonly, the segment
5471          * was mapped shared, and the pages themselves were writeable.
5472          */
5473         if (vn_has_cached_data(dmapp->vp) && !vn_is_readonly(dmapp->vp) &&
5474             dmapp->flags == MAP_SHARED && (dmapp->maxprot & PROT_WRITE)) {
5475                 mutex_enter(&rp->r_statelock);
5476                 rp->r_flags |= RDIRTY;
5477                 mutex_exit(&rp->r_statelock);
5478                 /*
5479                  * If this is a cross-zone access a sync putpage won't work, so
5480                  * the best we can do is try an async putpage.  That seems
5481                  * better than something more draconian such as discarding the
5482                  * dirty pages.
5483                  */
5484                 if ((mi->mi_flags & MI_NOCTO) ||
5485                     nfs_zone() != mi->mi_zone)
5486                         error = nfs3_putpage(dmapp->vp, dmapp->off, dmapp->len,
5487                             B_ASYNC, dmapp->cr);
5488                 else
5489                         error = nfs3_putpage_commit(dmapp->vp, dmapp->off,
5490                             dmapp->len, dmapp->cr);
5491                 if (!error) {
5492                         mutex_enter(&rp->r_statelock);
5493                         error = rp->r_error;
5494                         rp->r_error = 0;
5495                         mutex_exit(&rp->r_statelock);
5496                 }
5497         } else
5498                 error = 0;
5499 
5500         if ((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO))
5501                 (void) nfs3_putpage(dmapp->vp, dmapp->off, dmapp->len,
5502                     B_INVAL, dmapp->cr);
5503 
5504         dmapp->caller->error = error;
5505         (void) as_delete_callback(as, arg);
5506         kmem_free(dmapp, sizeof (nfs_delmap_args_t));
5507 }
5508 
5509 static int nfs3_pathconf_disable_cache = 0;
5510 
5511 #ifdef DEBUG
5512 static int nfs3_pathconf_cache_hits = 0;
5513 static int nfs3_pathconf_cache_misses = 0;
5514 #endif
5515 
5516 static int
5517 nfs3_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr)
5518 {
5519         int error;
5520         PATHCONF3args args;
5521         PATHCONF3res res;
5522         int douprintf;
5523         failinfo_t fi;
5524         rnode_t *rp;
5525         hrtime_t t;
5526 
5527         if (nfs_zone() != VTOMI(vp)->mi_zone)
5528                 return (EIO);
5529         /*
5530          * Large file spec - need to base answer on info stored
5531          * on original FSINFO response.
5532          */
5533         if (cmd == _PC_FILESIZEBITS) {
5534                 unsigned long long ll;
5535                 long l = 1;
5536 
5537                 ll = VTOMI(vp)->mi_maxfilesize;
5538 
5539                 if (ll == 0) {
5540                         *valp = 0;
5541                         return (0);
5542                 }
5543 
5544                 if (ll & 0xffffffff00000000) {
5545                         l += 32; ll >>= 32;
5546                 }
5547                 if (ll & 0xffff0000) {
5548                         l += 16; ll >>= 16;
5549                 }
5550                 if (ll & 0xff00) {
5551                         l += 8; ll >>= 8;
5552                 }
5553                 if (ll & 0xf0) {
5554                         l += 4; ll >>= 4;
5555                 }
5556                 if (ll & 0xc) {
5557                         l += 2; ll >>= 2;
5558                 }
5559                 if (ll & 0x2)
5560                         l += 2;
5561                 else if (ll & 0x1)
5562                         l += 1;
5563                 *valp = l;
5564                 return (0);
5565         }
5566 
5567         if (cmd == _PC_ACL_ENABLED) {
5568                 *valp = _ACL_ACLENT_ENABLED;
5569                 return (0);
5570         }
5571 
5572         if (cmd == _PC_XATTR_EXISTS) {
5573                 error = 0;
5574                 *valp = 0;
5575                 if (vp->v_vfsp->vfs_flag & VFS_XATTR) {
5576                         vnode_t *avp;
5577                         rnode_t *rp;
5578                         int error = 0;
5579                         mntinfo_t *mi = VTOMI(vp);
5580 
5581                         if (!(mi->mi_flags & MI_EXTATTR))
5582                                 return (0);
5583 
5584                         rp = VTOR(vp);
5585                         if (nfs_rw_enter_sig(&rp->r_rwlock, RW_READER,
5586                             INTR(vp)))
5587                                 return (EINTR);
5588 
5589                         error = nfs3lookup_dnlc(vp, XATTR_DIR_NAME, &avp, cr);
5590                         if (error || avp == NULL)
5591                                 error = acl_getxattrdir3(vp, &avp, 0, cr, 0);
5592 
5593                         nfs_rw_exit(&rp->r_rwlock);
5594 
5595                         if (error == 0 && avp != NULL) {
5596                                 VN_RELE(avp);
5597                                 *valp = 1;
5598                         } else if (error == ENOENT)
5599                                 error = 0;
5600                 }
5601                 return (error);
5602         }
5603 
5604         rp = VTOR(vp);
5605         if (rp->r_pathconf != NULL) {
5606                 mutex_enter(&rp->r_statelock);
5607                 if (rp->r_pathconf != NULL && nfs3_pathconf_disable_cache) {
5608                         kmem_free(rp->r_pathconf, sizeof (*rp->r_pathconf));
5609                         rp->r_pathconf = NULL;
5610                 }
5611                 if (rp->r_pathconf != NULL) {
5612                         error = 0;
5613                         switch (cmd) {
5614                         case _PC_LINK_MAX:
5615                                 *valp = rp->r_pathconf->link_max;
5616                                 break;
5617                         case _PC_NAME_MAX:
5618                                 *valp = rp->r_pathconf->name_max;
5619                                 break;
5620                         case _PC_PATH_MAX:
5621                         case _PC_SYMLINK_MAX:
5622                                 *valp = MAXPATHLEN;
5623                                 break;
5624                         case _PC_CHOWN_RESTRICTED:
5625                                 *valp = rp->r_pathconf->chown_restricted;
5626                                 break;
5627                         case _PC_NO_TRUNC:
5628                                 *valp = rp->r_pathconf->no_trunc;
5629                                 break;
5630                         default:
5631                                 error = EINVAL;
5632                                 break;
5633                         }
5634                         mutex_exit(&rp->r_statelock);
5635 #ifdef DEBUG
5636                         nfs3_pathconf_cache_hits++;
5637 #endif
5638                         return (error);
5639                 }
5640                 mutex_exit(&rp->r_statelock);
5641         }
5642 #ifdef DEBUG
5643         nfs3_pathconf_cache_misses++;
5644 #endif
5645 
5646         args.object = *VTOFH3(vp);
5647         fi.vp = vp;
5648         fi.fhp = (caddr_t)&args.object;
5649         fi.copyproc = nfs3copyfh;
5650         fi.lookupproc = nfs3lookup;
5651         fi.xattrdirproc = acl_getxattrdir3;
5652 
5653         douprintf = 1;
5654 
5655         t = gethrtime();
5656 
5657         error = rfs3call(VTOMI(vp), NFSPROC3_PATHCONF,
5658             xdr_nfs_fh3, (caddr_t)&args,
5659             xdr_PATHCONF3res, (caddr_t)&res, cr,
5660             &douprintf, &res.status, 0, &fi);
5661 
5662         if (error)
5663                 return (error);
5664 
5665         error = geterrno3(res.status);
5666 
5667         if (!error) {
5668                 nfs3_cache_post_op_attr(vp, &res.resok.obj_attributes, t, cr);
5669                 if (!nfs3_pathconf_disable_cache) {
5670                         mutex_enter(&rp->r_statelock);
5671                         if (rp->r_pathconf == NULL) {
5672                                 rp->r_pathconf = kmem_alloc(
5673                                     sizeof (*rp->r_pathconf), KM_NOSLEEP);
5674                                 if (rp->r_pathconf != NULL)
5675                                         *rp->r_pathconf = res.resok.info;
5676                         }
5677                         mutex_exit(&rp->r_statelock);
5678                 }
5679                 switch (cmd) {
5680                 case _PC_LINK_MAX:
5681                         *valp = res.resok.info.link_max;
5682                         break;
5683                 case _PC_NAME_MAX:
5684                         *valp = res.resok.info.name_max;
5685                         break;
5686                 case _PC_PATH_MAX:
5687                 case _PC_SYMLINK_MAX:
5688                         *valp = MAXPATHLEN;
5689                         break;
5690                 case _PC_CHOWN_RESTRICTED:
5691                         *valp = res.resok.info.chown_restricted;
5692                         break;
5693                 case _PC_NO_TRUNC:
5694                         *valp = res.resok.info.no_trunc;
5695                         break;
5696                 default:
5697                         return (EINVAL);
5698                 }
5699         } else {
5700                 nfs3_cache_post_op_attr(vp, &res.resfail.obj_attributes, t, cr);
5701                 PURGE_STALE_FH(error, vp, cr);
5702         }
5703 
5704         return (error);
5705 }
5706 
5707 /*
5708  * Called by async thread to do synchronous pageio. Do the i/o, wait
5709  * for it to complete, and cleanup the page list when done.
5710  */
5711 static int
5712 nfs3_sync_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
5713         int flags, cred_t *cr)
5714 {
5715         int error;
5716 
5717         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
5718         error = nfs3_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
5719         if (flags & B_READ)
5720                 pvn_read_done(pp, (error ? B_ERROR : 0) | flags);
5721         else
5722                 pvn_write_done(pp, (error ? B_ERROR : 0) | flags);
5723         return (error);
5724 }
5725 
5726 static int
5727 nfs3_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
5728         int flags, cred_t *cr)
5729 {
5730         int error;
5731         rnode_t *rp;
5732 
5733         if (pp == NULL)
5734                 return (EINVAL);
5735         if (!(flags & B_ASYNC) && nfs_zone() != VTOMI(vp)->mi_zone)
5736                 return (EIO);
5737 
5738         rp = VTOR(vp);
5739         mutex_enter(&rp->r_statelock);
5740         rp->r_count++;
5741         mutex_exit(&rp->r_statelock);
5742 
5743         if (flags & B_ASYNC) {
5744                 error = nfs_async_pageio(vp, pp, io_off, io_len, flags, cr,
5745                     nfs3_sync_pageio);
5746         } else
5747                 error = nfs3_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
5748         mutex_enter(&rp->r_statelock);
5749         rp->r_count--;
5750         cv_broadcast(&rp->r_cv);
5751         mutex_exit(&rp->r_statelock);
5752         return (error);
5753 }
5754 
5755 static void
5756 nfs3_dispose(vnode_t *vp, page_t *pp, int fl, int dn, cred_t *cr)
5757 {
5758         int error;
5759         rnode_t *rp;
5760         page_t *plist;
5761         page_t *pptr;
5762         offset3 offset;
5763         count3 len;
5764         k_sigset_t smask;
5765 
5766         /*
5767          * We should get called with fl equal to either B_FREE or
5768          * B_INVAL.  Any other value is illegal.
5769          *
5770          * The page that we are either supposed to free or destroy
5771          * should be exclusive locked and its io lock should not
5772          * be held.
5773          */
5774         ASSERT(fl == B_FREE || fl == B_INVAL);
5775         ASSERT((PAGE_EXCL(pp) && !page_iolock_assert(pp)) || panicstr);
5776         rp = VTOR(vp);
5777 
5778         /*
5779          * If the page doesn't need to be committed or we shouldn't
5780          * even bother attempting to commit it, then just make sure
5781          * that the p_fsdata byte is clear and then either free or
5782          * destroy the page as appropriate.
5783          */
5784         if (pp->p_fsdata == C_NOCOMMIT || (rp->r_flags & RSTALE)) {
5785                 pp->p_fsdata = C_NOCOMMIT;
5786                 if (fl == B_FREE)
5787                         page_free(pp, dn);
5788                 else
5789                         page_destroy(pp, dn);
5790                 return;
5791         }
5792 
5793         /*
5794          * If there is a page invalidation operation going on, then
5795          * if this is one of the pages being destroyed, then just
5796          * clear the p_fsdata byte and then either free or destroy
5797          * the page as appropriate.
5798          */
5799         mutex_enter(&rp->r_statelock);
5800         if ((rp->r_flags & RTRUNCATE) && pp->p_offset >= rp->r_truncaddr) {
5801                 mutex_exit(&rp->r_statelock);
5802                 pp->p_fsdata = C_NOCOMMIT;
5803                 if (fl == B_FREE)
5804                         page_free(pp, dn);
5805                 else
5806                         page_destroy(pp, dn);
5807                 return;
5808         }
5809 
5810         /*
5811          * If we are freeing this page and someone else is already
5812          * waiting to do a commit, then just unlock the page and
5813          * return.  That other thread will take care of commiting
5814          * this page.  The page can be freed sometime after the
5815          * commit has finished.  Otherwise, if the page is marked
5816          * as delay commit, then we may be getting called from
5817          * pvn_write_done, one page at a time.   This could result
5818          * in one commit per page, so we end up doing lots of small
5819          * commits instead of fewer larger commits.  This is bad,
5820          * we want do as few commits as possible.
5821          */
5822         if (fl == B_FREE) {
5823                 if (rp->r_flags & RCOMMITWAIT) {
5824                         page_unlock(pp);
5825                         mutex_exit(&rp->r_statelock);
5826                         return;
5827                 }
5828                 if (pp->p_fsdata == C_DELAYCOMMIT) {
5829                         pp->p_fsdata = C_COMMIT;
5830                         page_unlock(pp);
5831                         mutex_exit(&rp->r_statelock);
5832                         return;
5833                 }
5834         }
5835 
5836         /*
5837          * Check to see if there is a signal which would prevent an
5838          * attempt to commit the pages from being successful.  If so,
5839          * then don't bother with all of the work to gather pages and
5840          * generate the unsuccessful RPC.  Just return from here and
5841          * let the page be committed at some later time.
5842          */
5843         sigintr(&smask, VTOMI(vp)->mi_flags & MI_INT);
5844         if (ttolwp(curthread) != NULL && ISSIG(curthread, JUSTLOOKING)) {
5845                 sigunintr(&smask);
5846                 page_unlock(pp);
5847                 mutex_exit(&rp->r_statelock);
5848                 return;
5849         }
5850         sigunintr(&smask);
5851 
5852         /*
5853          * We are starting to need to commit pages, so let's try
5854          * to commit as many as possible at once to reduce the
5855          * overhead.
5856          *
5857          * Set the `commit inprogress' state bit.  We must
5858          * first wait until any current one finishes.  Then
5859          * we initialize the c_pages list with this page.
5860          */
5861         while (rp->r_flags & RCOMMIT) {
5862                 rp->r_flags |= RCOMMITWAIT;
5863                 cv_wait(&rp->r_commit.c_cv, &rp->r_statelock);
5864                 rp->r_flags &= ~RCOMMITWAIT;
5865         }
5866         rp->r_flags |= RCOMMIT;
5867         mutex_exit(&rp->r_statelock);
5868         ASSERT(rp->r_commit.c_pages == NULL);
5869         rp->r_commit.c_pages = pp;
5870         rp->r_commit.c_commbase = (offset3)pp->p_offset;
5871         rp->r_commit.c_commlen = PAGESIZE;
5872 
5873         /*
5874          * Gather together all other pages which can be committed.
5875          * They will all be chained off r_commit.c_pages.
5876          */
5877         nfs3_get_commit(vp);
5878 
5879         /*
5880          * Clear the `commit inprogress' status and disconnect
5881          * the list of pages to be committed from the rnode.
5882          * At this same time, we also save the starting offset
5883          * and length of data to be committed on the server.
5884          */
5885         plist = rp->r_commit.c_pages;
5886         rp->r_commit.c_pages = NULL;
5887         offset = rp->r_commit.c_commbase;
5888         len = rp->r_commit.c_commlen;
5889         mutex_enter(&rp->r_statelock);
5890         rp->r_flags &= ~RCOMMIT;
5891         cv_broadcast(&rp->r_commit.c_cv);
5892         mutex_exit(&rp->r_statelock);
5893 
5894         if (curproc == proc_pageout || curproc == proc_fsflush ||
5895             nfs_zone() != VTOMI(vp)->mi_zone) {
5896                 nfs_async_commit(vp, plist, offset, len, cr, nfs3_async_commit);
5897                 return;
5898         }
5899 
5900         /*
5901          * Actually generate the COMMIT3 over the wire operation.
5902          */
5903         error = nfs3_commit(vp, offset, len, cr);
5904 
5905         /*
5906          * If we got an error during the commit, just unlock all
5907          * of the pages.  The pages will get retransmitted to the
5908          * server during a putpage operation.
5909          */
5910         if (error) {
5911                 while (plist != NULL) {
5912                         pptr = plist;
5913                         page_sub(&plist, pptr);
5914                         page_unlock(pptr);
5915                 }
5916                 return;
5917         }
5918 
5919         /*
5920          * We've tried as hard as we can to commit the data to stable
5921          * storage on the server.  We release the rest of the pages
5922          * and clear the commit required state.  They will be put
5923          * onto the tail of the cachelist if they are nolonger
5924          * mapped.
5925          */
5926         while (plist != pp) {
5927                 pptr = plist;
5928                 page_sub(&plist, pptr);
5929                 pptr->p_fsdata = C_NOCOMMIT;
5930                 (void) page_release(pptr, 1);
5931         }
5932 
5933         /*
5934          * It is possible that nfs3_commit didn't return error but
5935          * some other thread has modified the page we are going
5936          * to free/destroy.
5937          *    In this case we need to rewrite the page. Do an explicit check
5938          * before attempting to free/destroy the page. If modified, needs to
5939          * be rewritten so unlock the page and return.
5940          */
5941         if (hat_ismod(pp)) {
5942                 pp->p_fsdata = C_NOCOMMIT;
5943                 page_unlock(pp);
5944                 return;
5945         }
5946 
5947         /*
5948          * Now, as appropriate, either free or destroy the page
5949          * that we were called with.
5950          */
5951         pp->p_fsdata = C_NOCOMMIT;
5952         if (fl == B_FREE)
5953                 page_free(pp, dn);
5954         else
5955                 page_destroy(pp, dn);
5956 }
5957 
5958 static int
5959 nfs3_commit(vnode_t *vp, offset3 offset, count3 count, cred_t *cr)
5960 {
5961         int error;
5962         rnode_t *rp;
5963         COMMIT3args args;
5964         COMMIT3res res;
5965         int douprintf;
5966         cred_t *cred;
5967 
5968         rp = VTOR(vp);
5969         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
5970 
5971         mutex_enter(&rp->r_statelock);
5972         if (rp->r_cred != NULL) {
5973                 cred = rp->r_cred;
5974                 crhold(cred);
5975         } else {
5976                 rp->r_cred = cr;
5977                 crhold(cr);
5978                 cred = cr;
5979                 crhold(cred);
5980         }
5981         mutex_exit(&rp->r_statelock);
5982 
5983         args.file = *VTOFH3(vp);
5984         args.offset = offset;
5985         args.count = count;
5986 
5987 doitagain:
5988         douprintf = 1;
5989         error = rfs3call(VTOMI(vp), NFSPROC3_COMMIT,
5990             xdr_COMMIT3args, (caddr_t)&args,
5991             xdr_COMMIT3res, (caddr_t)&res, cred,
5992             &douprintf, &res.status, 0, NULL);
5993 
5994         crfree(cred);
5995 
5996         if (error)
5997                 return (error);
5998 
5999         error = geterrno3(res.status);
6000         if (!error) {
6001                 ASSERT(rp->r_flags & RHAVEVERF);
6002                 mutex_enter(&rp->r_statelock);
6003                 if (rp->r_verf == res.resok.verf) {
6004                         mutex_exit(&rp->r_statelock);
6005                         return (0);
6006                 }
6007                 nfs3_set_mod(vp);
6008                 rp->r_verf = res.resok.verf;
6009                 mutex_exit(&rp->r_statelock);
6010                 error = NFS_VERF_MISMATCH;
6011         } else {
6012                 if (error == EACCES) {
6013                         mutex_enter(&rp->r_statelock);
6014                         if (cred != cr) {
6015                                 if (rp->r_cred != NULL)
6016                                         crfree(rp->r_cred);
6017                                 rp->r_cred = cr;
6018                                 crhold(cr);
6019                                 cred = cr;
6020                                 crhold(cred);
6021                                 mutex_exit(&rp->r_statelock);
6022                                 goto doitagain;
6023                         }
6024                         mutex_exit(&rp->r_statelock);
6025                 }
6026                 /*
6027                  * Can't do a PURGE_STALE_FH here because this
6028                  * can cause a deadlock.  nfs3_commit can
6029                  * be called from nfs3_dispose which can be called
6030                  * indirectly via pvn_vplist_dirty.  PURGE_STALE_FH
6031                  * can call back to pvn_vplist_dirty.
6032                  */
6033                 if (error == ESTALE) {
6034                         mutex_enter(&rp->r_statelock);
6035                         rp->r_flags |= RSTALE;
6036                         if (!rp->r_error)
6037                                 rp->r_error = error;
6038                         mutex_exit(&rp->r_statelock);
6039                         PURGE_ATTRCACHE(vp);
6040                 } else {
6041                         mutex_enter(&rp->r_statelock);
6042                         if (!rp->r_error)
6043                                 rp->r_error = error;
6044                         mutex_exit(&rp->r_statelock);
6045                 }
6046         }
6047 
6048         return (error);
6049 }
6050 
6051 static void
6052 nfs3_set_mod(vnode_t *vp)
6053 {
6054         page_t *pp;
6055         kmutex_t *vphm;
6056 
6057         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6058         vphm = page_vnode_mutex(vp);
6059         mutex_enter(vphm);
6060         if ((pp = vp->v_pages) != NULL) {
6061                 do {
6062                         if (pp->p_fsdata != C_NOCOMMIT) {
6063                                 hat_setmod(pp);
6064                                 pp->p_fsdata = C_NOCOMMIT;
6065                         }
6066                 } while ((pp = pp->p_vpnext) != vp->v_pages);
6067         }
6068         mutex_exit(vphm);
6069 }
6070 
6071 
6072 /*
6073  * This routine is used to gather together a page list of the pages
6074  * which are to be committed on the server.  This routine must not
6075  * be called if the calling thread holds any locked pages.
6076  *
6077  * The calling thread must have set RCOMMIT.  This bit is used to
6078  * serialize access to the commit structure in the rnode.  As long
6079  * as the thread has set RCOMMIT, then it can manipulate the commit
6080  * structure without requiring any other locks.
6081  */
6082 static void
6083 nfs3_get_commit(vnode_t *vp)
6084 {
6085         rnode_t *rp;
6086         page_t *pp;
6087         kmutex_t *vphm;
6088 
6089         rp = VTOR(vp);
6090 
6091         ASSERT(rp->r_flags & RCOMMIT);
6092 
6093         vphm = page_vnode_mutex(vp);
6094         mutex_enter(vphm);
6095 
6096         /*
6097          * If there are no pages associated with this vnode, then
6098          * just return.
6099          */
6100         if ((pp = vp->v_pages) == NULL) {
6101                 mutex_exit(vphm);
6102                 return;
6103         }
6104 
6105         /*
6106          * Step through all of the pages associated with this vnode
6107          * looking for pages which need to be committed.
6108          */
6109         do {
6110                 /*
6111                  * If this page does not need to be committed or is
6112                  * modified, then just skip it.
6113                  */
6114                 if (pp->p_fsdata == C_NOCOMMIT || hat_ismod(pp))
6115                         continue;
6116 
6117                 /*
6118                  * Attempt to lock the page.  If we can't, then
6119                  * someone else is messing with it and we will
6120                  * just skip it.
6121                  */
6122                 if (!page_trylock(pp, SE_EXCL))
6123                         continue;
6124 
6125                 /*
6126                  * If this page does not need to be committed or is
6127                  * modified, then just skip it.  Recheck now that
6128                  * the page is locked.
6129                  */
6130                 if (pp->p_fsdata == C_NOCOMMIT || hat_ismod(pp)) {
6131                         page_unlock(pp);
6132                         continue;
6133                 }
6134 
6135                 if (PP_ISFREE(pp)) {
6136                         cmn_err(CE_PANIC, "nfs3_get_commit: %p is free",
6137                             (void *)pp);
6138                 }
6139 
6140                 /*
6141                  * The page needs to be committed and we locked it.
6142                  * Update the base and length parameters and add it
6143                  * to r_pages.
6144                  */
6145                 if (rp->r_commit.c_pages == NULL) {
6146                         rp->r_commit.c_commbase = (offset3)pp->p_offset;
6147                         rp->r_commit.c_commlen = PAGESIZE;
6148                 } else if (pp->p_offset < rp->r_commit.c_commbase) {
6149                         rp->r_commit.c_commlen = rp->r_commit.c_commbase -
6150                             (offset3)pp->p_offset + rp->r_commit.c_commlen;
6151                         rp->r_commit.c_commbase = (offset3)pp->p_offset;
6152                 } else if ((rp->r_commit.c_commbase + rp->r_commit.c_commlen)
6153                             <= pp->p_offset) {
6154                         rp->r_commit.c_commlen = (offset3)pp->p_offset -
6155                             rp->r_commit.c_commbase + PAGESIZE;
6156                 }
6157                 page_add(&rp->r_commit.c_pages, pp);
6158         } while ((pp = pp->p_vpnext) != vp->v_pages);
6159 
6160         mutex_exit(vphm);
6161 }
6162 
6163 /*
6164  * This routine is used to gather together a page list of the pages
6165  * which are to be committed on the server.  This routine must not
6166  * be called if the calling thread holds any locked pages.
6167  *
6168  * The calling thread must have set RCOMMIT.  This bit is used to
6169  * serialize access to the commit structure in the rnode.  As long
6170  * as the thread has set RCOMMIT, then it can manipulate the commit
6171  * structure without requiring any other locks.
6172  */
6173 static void
6174 nfs3_get_commit_range(vnode_t *vp, u_offset_t soff, size_t len)
6175 {
6176 
6177         rnode_t *rp;
6178         page_t *pp;
6179         u_offset_t end;
6180         u_offset_t off;
6181 
6182         ASSERT(len != 0);
6183 
6184         rp = VTOR(vp);
6185 
6186         ASSERT(rp->r_flags & RCOMMIT);
6187         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6188 
6189         /*
6190          * If there are no pages associated with this vnode, then
6191          * just return.
6192          */
6193         if ((pp = vp->v_pages) == NULL)
6194                 return;
6195 
6196         /*
6197          * Calculate the ending offset.
6198          */
6199         end = soff + len;
6200 
6201         for (off = soff; off < end; off += PAGESIZE) {
6202                 /*
6203                  * Lookup each page by vp, offset.
6204                  */
6205                 if ((pp = page_lookup_nowait(vp, off, SE_EXCL)) == NULL)
6206                         continue;
6207 
6208                 /*
6209                  * If this page does not need to be committed or is
6210                  * modified, then just skip it.
6211                  */
6212                 if (pp->p_fsdata == C_NOCOMMIT || hat_ismod(pp)) {
6213                         page_unlock(pp);
6214                         continue;
6215                 }
6216 
6217                 ASSERT(PP_ISFREE(pp) == 0);
6218 
6219                 /*
6220                  * The page needs to be committed and we locked it.
6221                  * Update the base and length parameters and add it
6222                  * to r_pages.
6223                  */
6224                 if (rp->r_commit.c_pages == NULL) {
6225                         rp->r_commit.c_commbase = (offset3)pp->p_offset;
6226                         rp->r_commit.c_commlen = PAGESIZE;
6227                 } else {
6228                         rp->r_commit.c_commlen = (offset3)pp->p_offset -
6229                                         rp->r_commit.c_commbase + PAGESIZE;
6230                 }
6231                 page_add(&rp->r_commit.c_pages, pp);
6232         }
6233 }
6234 
6235 #if 0   /* unused */
6236 #ifdef DEBUG
6237 static int
6238 nfs3_no_uncommitted_pages(vnode_t *vp)
6239 {
6240         page_t *pp;
6241         kmutex_t *vphm;
6242 
6243         vphm = page_vnode_mutex(vp);
6244         mutex_enter(vphm);
6245         if ((pp = vp->v_pages) != NULL) {
6246                 do {
6247                         if (pp->p_fsdata != C_NOCOMMIT) {
6248                                 mutex_exit(vphm);
6249                                 return (0);
6250                         }
6251                 } while ((pp = pp->p_vpnext) != vp->v_pages);
6252         }
6253         mutex_exit(vphm);
6254 
6255         return (1);
6256 }
6257 #endif
6258 #endif
6259 
6260 static int
6261 nfs3_putpage_commit(vnode_t *vp, offset_t poff, size_t plen, cred_t *cr)
6262 {
6263         int error;
6264         writeverf3 write_verf;
6265         rnode_t *rp = VTOR(vp);
6266 
6267         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6268         /*
6269          * Flush the data portion of the file and then commit any
6270          * portions which need to be committed.  This may need to
6271          * be done twice if the server has changed state since
6272          * data was last written.  The data will need to be
6273          * rewritten to the server and then a new commit done.
6274          *
6275          * In fact, this may need to be done several times if the
6276          * server is having problems and crashing while we are
6277          * attempting to do this.
6278          */
6279 
6280 top:
6281         /*
6282          * Do a flush based on the poff and plen arguments.  This
6283          * will asynchronously write out any modified pages in the
6284          * range specified by (poff, plen).  This starts all of the
6285          * i/o operations which will be waited for in the next
6286          * call to nfs3_putpage
6287          */
6288 
6289         mutex_enter(&rp->r_statelock);
6290         write_verf = rp->r_verf;
6291         mutex_exit(&rp->r_statelock);
6292 
6293         error = nfs3_putpage(vp, poff, plen, B_ASYNC, cr);
6294         if (error == EAGAIN)
6295                 error = 0;
6296 
6297         /*
6298          * Do a flush based on the poff and plen arguments.  This
6299          * will synchronously write out any modified pages in the
6300          * range specified by (poff, plen) and wait until all of
6301          * the asynchronous i/o's in that range are done as well.
6302          */
6303         if (!error)
6304                 error = nfs3_putpage(vp, poff, plen, 0, cr);
6305 
6306         if (error)
6307                 return (error);
6308 
6309         mutex_enter(&rp->r_statelock);
6310         if (rp->r_verf != write_verf) {
6311                 mutex_exit(&rp->r_statelock);
6312                 goto top;
6313         }
6314         mutex_exit(&rp->r_statelock);
6315 
6316         /*
6317          * Now commit any pages which might need to be committed.
6318          * If the error, NFS_VERF_MISMATCH, is returned, then
6319          * start over with the flush operation.
6320          */
6321 
6322         error = nfs3_commit_vp(vp, poff, plen, cr);
6323 
6324         if (error == NFS_VERF_MISMATCH)
6325                 goto top;
6326 
6327         return (error);
6328 }
6329 
6330 static int
6331 nfs3_commit_vp(vnode_t *vp, u_offset_t poff, size_t plen, cred_t *cr)
6332 {
6333         rnode_t *rp;
6334         page_t *plist;
6335         offset3 offset;
6336         count3 len;
6337 
6338 
6339         rp = VTOR(vp);
6340 
6341         if (nfs_zone() != VTOMI(vp)->mi_zone)
6342                 return (EIO);
6343         /*
6344          * Set the `commit inprogress' state bit.  We must
6345          * first wait until any current one finishes.
6346          */
6347         mutex_enter(&rp->r_statelock);
6348         while (rp->r_flags & RCOMMIT) {
6349                 rp->r_flags |= RCOMMITWAIT;
6350                 cv_wait(&rp->r_commit.c_cv, &rp->r_statelock);
6351                 rp->r_flags &= ~RCOMMITWAIT;
6352         }
6353         rp->r_flags |= RCOMMIT;
6354         mutex_exit(&rp->r_statelock);
6355 
6356         /*
6357          * Gather together all of the pages which need to be
6358          * committed.
6359          */
6360         if (plen == 0)
6361                 nfs3_get_commit(vp);
6362         else
6363                 nfs3_get_commit_range(vp, poff, plen);
6364 
6365         /*
6366          * Clear the `commit inprogress' bit and disconnect the
6367          * page list which was gathered together in nfs3_get_commit.
6368          */
6369         plist = rp->r_commit.c_pages;
6370         rp->r_commit.c_pages = NULL;
6371         offset = rp->r_commit.c_commbase;
6372         len = rp->r_commit.c_commlen;
6373         mutex_enter(&rp->r_statelock);
6374         rp->r_flags &= ~RCOMMIT;
6375         cv_broadcast(&rp->r_commit.c_cv);
6376         mutex_exit(&rp->r_statelock);
6377 
6378         /*
6379          * If any pages need to be committed, commit them and
6380          * then unlock them so that they can be freed some
6381          * time later.
6382          */
6383         if (plist != NULL) {
6384                 /*
6385                  * No error occurred during the flush portion
6386                  * of this operation, so now attempt to commit
6387                  * the data to stable storage on the server.
6388                  *
6389                  * This will unlock all of the pages on the list.
6390                  */
6391                 return (nfs3_sync_commit(vp, plist, offset, len, cr));
6392         }
6393         return (0);
6394 }
6395 
6396 static int
6397 nfs3_sync_commit(vnode_t *vp, page_t *plist, offset3 offset, count3 count,
6398         cred_t *cr)
6399 {
6400         int error;
6401         page_t *pp;
6402 
6403         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6404         error = nfs3_commit(vp, offset, count, cr);
6405 
6406         /*
6407          * If we got an error, then just unlock all of the pages
6408          * on the list.
6409          */
6410         if (error) {
6411                 while (plist != NULL) {
6412                         pp = plist;
6413                         page_sub(&plist, pp);
6414                         page_unlock(pp);
6415                 }
6416                 return (error);
6417         }
6418         /*
6419          * We've tried as hard as we can to commit the data to stable
6420          * storage on the server.  We just unlock the pages and clear
6421          * the commit required state.  They will get freed later.
6422          */
6423         while (plist != NULL) {
6424                 pp = plist;
6425                 page_sub(&plist, pp);
6426                 pp->p_fsdata = C_NOCOMMIT;
6427                 page_unlock(pp);
6428         }
6429 
6430         return (error);
6431 }
6432 
6433 static void
6434 nfs3_async_commit(vnode_t *vp, page_t *plist, offset3 offset, count3 count,
6435         cred_t *cr)
6436 {
6437         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6438         (void) nfs3_sync_commit(vp, plist, offset, count, cr);
6439 }
6440 
6441 static int
6442 nfs3_setsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr)
6443 {
6444         int error;
6445         mntinfo_t *mi;
6446 
6447         mi = VTOMI(vp);
6448 
6449         if (nfs_zone() != mi->mi_zone)
6450                 return (EIO);
6451 
6452         if (mi->mi_flags & MI_ACL) {
6453                 error = acl_setacl3(vp, vsecattr, flag, cr);
6454                 if (mi->mi_flags & MI_ACL)
6455                         return (error);
6456         }
6457 
6458         return (ENOSYS);
6459 }
6460 
6461 static int
6462 nfs3_getsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr)
6463 {
6464         int error;
6465         mntinfo_t *mi;
6466 
6467         mi = VTOMI(vp);
6468 
6469         if (nfs_zone() != mi->mi_zone)
6470                 return (EIO);
6471 
6472         if (mi->mi_flags & MI_ACL) {
6473                 error = acl_getacl3(vp, vsecattr, flag, cr);
6474                 if (mi->mi_flags & MI_ACL)
6475                         return (error);
6476         }
6477 
6478         return (fs_fab_acl(vp, vsecattr, flag, cr));
6479 }
6480 
6481 static int
6482 nfs3_shrlock(vnode_t *vp, int cmd, struct shrlock *shr, int flag, cred_t *cr)
6483 {
6484         int error;
6485         struct shrlock nshr;
6486         struct nfs_owner nfs_owner;
6487         netobj lm_fh3;
6488 
6489         if (nfs_zone() != VTOMI(vp)->mi_zone)
6490                 return (EIO);
6491 
6492         /*
6493          * check for valid cmd parameter
6494          */
6495         if (cmd != F_SHARE && cmd != F_UNSHARE && cmd != F_HASREMOTELOCKS)
6496                 return (EINVAL);
6497 
6498         /*
6499          * Check access permissions
6500          */
6501         if (cmd == F_SHARE &&
6502             (((shr->s_access & F_RDACC) && !(flag & FREAD)) ||
6503             ((shr->s_access & F_WRACC) && !(flag & FWRITE))))
6504                 return (EBADF);
6505 
6506         /*
6507          * If the filesystem is mounted using local locking, pass the
6508          * request off to the local share code.
6509          */
6510         if (VTOMI(vp)->mi_flags & MI_LLOCK)
6511                 return (fs_shrlock(vp, cmd, shr, flag, cr));
6512 
6513         switch (cmd) {
6514         case F_SHARE:
6515         case F_UNSHARE:
6516                 lm_fh3.n_len = VTOFH3(vp)->fh3_length;
6517                 lm_fh3.n_bytes = (char *)&(VTOFH3(vp)->fh3_u.data);
6518 
6519                 /*
6520                  * If passed an owner that is too large to fit in an
6521                  * nfs_owner it is likely a recursive call from the
6522                  * lock manager client and pass it straight through.  If
6523                  * it is not a nfs_owner then simply return an error.
6524                  */
6525                 if (shr->s_own_len > sizeof (nfs_owner.lowner)) {
6526                         if (((struct nfs_owner *)shr->s_owner)->magic !=
6527                             NFS_OWNER_MAGIC)
6528                                 return (EINVAL);
6529 
6530                         if (error = lm4_shrlock(vp, cmd, shr, flag, &lm_fh3)) {
6531                                 error = set_errno(error);
6532                         }
6533                         return (error);
6534                 }
6535                 /*
6536                  * Remote share reservations owner is a combination of
6537                  * a magic number, hostname, and the local owner
6538                  */
6539                 bzero(&nfs_owner, sizeof (nfs_owner));
6540                 nfs_owner.magic = NFS_OWNER_MAGIC;
6541                 (void) strncpy(nfs_owner.hname, uts_nodename(),
6542                     sizeof (nfs_owner.hname));
6543                 bcopy(shr->s_owner, nfs_owner.lowner, shr->s_own_len);
6544                 nshr.s_access = shr->s_access;
6545                 nshr.s_deny = shr->s_deny;
6546                 nshr.s_sysid = 0;
6547                 nshr.s_pid = ttoproc(curthread)->p_pid;
6548                 nshr.s_own_len = sizeof (nfs_owner);
6549                 nshr.s_owner = (caddr_t)&nfs_owner;
6550 
6551                 if (error = lm4_shrlock(vp, cmd, &nshr, flag, &lm_fh3)) {
6552                         error = set_errno(error);
6553                 }
6554 
6555                 break;
6556 
6557         case F_HASREMOTELOCKS:
6558                 /*
6559                  * NFS client can't store remote locks itself
6560                  */
6561                 shr->s_access = 0;
6562                 error = 0;
6563                 break;
6564 
6565         default:
6566                 error = EINVAL;
6567                 break;
6568         }
6569 
6570         return (error);
6571 }