1 /*
  2  * CDDL HEADER START
  3  *
  4  * The contents of this file are subject to the terms of the
  5  * Common Development and Distribution License, Version 1.0 only
  6  * (the "License").  You may not use this file except in compliance
  7  * with the License.
  8  *
  9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 10  * or http://www.opensolaris.org/os/licensing.
 11  * See the License for the specific language governing permissions
 12  * and limitations under the License.
 13  *
 14  * When distributing Covered Code, include this CDDL HEADER in each
 15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 16  * If applicable, add the following below this CDDL HEADER, with the
 17  * fields enclosed by brackets "[]" replaced with your own identifying
 18  * information: Portions Copyright [yyyy] [name of copyright owner]
 19  *
 20  * CDDL HEADER END
 21  */
 22 /*
 23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
 24  * Use is subject to license terms.
 25  */
 26 
 27 /*
 28  *      Copyright (c) 1983,1984,1985,1986,1987,1988,1989 AT&T.
 29  *      All rights reserved.
 30  */
 31 
 32  /* Copyright (c) 2006, The Ohio State University. All rights reserved.
 33   *
 34   * Portions of this source code is developed by the team members of
 35   * The Ohio State University's Network-Based Computing Laboratory (NBCL),
 36   * headed by Professor Dhabaleswar K. (DK) Panda.
 37   *
 38   * Acknowledgements to contributions from developors:
 39   *   Ranjit Noronha: noronha@cse.ohio-state.edu
 40   *   Lei Chai      : chail@cse.ohio-state.edu
 41   *   Weikuan Yu    : yuw@cse.ohio-state.edu
 42   *
 43   */
 44 
 45 #pragma ident   "@(#)nfs3_vnops.c       1.272   05/10/11 SMI"
 46 
 47 #include <sys/param.h>
 48 #include <sys/types.h>
 49 #include <sys/systm.h>
 50 #include <sys/cred.h>
 51 #include <sys/time.h>
 52 #include <sys/vnode.h>
 53 #include <sys/vfs.h>
 54 #include <sys/file.h>
 55 #include <sys/filio.h>
 56 #include <sys/uio.h>
 57 #include <sys/buf.h>
 58 #include <sys/mman.h>
 59 #include <sys/pathname.h>
 60 #include <sys/dirent.h>
 61 #include <sys/debug.h>
 62 #include <sys/vmsystm.h>
 63 #include <sys/fcntl.h>
 64 #include <sys/flock.h>
 65 #include <sys/swap.h>
 66 #include <sys/errno.h>
 67 #include <sys/strsubr.h>
 68 #include <sys/sysmacros.h>
 69 #include <sys/kmem.h>
 70 #include <sys/cmn_err.h>
 71 #include <sys/pathconf.h>
 72 #include <sys/utsname.h>
 73 #include <sys/dnlc.h>
 74 #include <sys/acl.h>
 75 #include <sys/systeminfo.h>
 76 #include <sys/atomic.h>
 77 #include <sys/policy.h>
 78 #include <sys/sdt.h>
 79 
 80 #include <rpc/types.h>
 81 #include <rpc/auth.h>
 82 #include <rpc/clnt.h>
 83 
 84 #include <nfs/nfs.h>
 85 #include <nfs/nfs_clnt.h>
 86 #include <nfs/rnode.h>
 87 #include <nfs/nfs_acl.h>
 88 #include <nfs/lm.h>
 89 
 90 #include <vm/hat.h>
 91 #include <vm/as.h>
 92 #include <vm/page.h>
 93 #include <vm/pvn.h>
 94 #include <vm/seg.h>
 95 #include <vm/seg_map.h>
 96 #include <vm/seg_kpm.h>
 97 #include <vm/seg_vn.h>
 98 
 99 #include <fs/fs_subr.h>
100 
101 #include <sys/ddi.h>
102 #include <rpc/rpc_rdma.h>
103 
104 static int      nfs3_rdwrlbn(vnode_t *, page_t *, u_offset_t, size_t, int,
105                         cred_t *);
106 static int      nfs3write(vnode_t *, caddr_t, u_offset_t, int, cred_t *,
107                         stable_how *);
108 static int      nfs3read(vnode_t *, caddr_t, offset_t, int, size_t *, cred_t *);
109 static int      nfs3setattr(vnode_t *, struct vattr *, int, cred_t *);
110 static int      nfs3_accessx(void *, int, cred_t *);
111 static int      nfs3lookup_dnlc(vnode_t *, char *, vnode_t **, cred_t *);
112 static int      nfs3lookup_otw(vnode_t *, char *, vnode_t **, cred_t *, int);
113 static int      nfs3create(vnode_t *, char *, struct vattr *, enum vcexcl,
114                         int, vnode_t **, cred_t *, int);
115 static int      nfs3excl_create_settimes(vnode_t *, struct vattr *, cred_t *);
116 static int      nfs3mknod(vnode_t *, char *, struct vattr *, enum vcexcl,
117                         int, vnode_t **, cred_t *);
118 static int      nfs3rename(vnode_t *, char *, vnode_t *, char *, cred_t *);
119 static int      do_nfs3readdir(vnode_t *, rddir_cache *, cred_t *);
120 static void     nfs3readdir(vnode_t *, rddir_cache *, cred_t *);
121 static void     nfs3readdirplus(vnode_t *, rddir_cache *, cred_t *);
122 static int      nfs3_bio(struct buf *, stable_how *, cred_t *);
123 static int      nfs3_getapage(vnode_t *, u_offset_t, size_t, uint_t *,
124                         page_t *[], size_t, struct seg *, caddr_t,
125                         enum seg_rw, cred_t *);
126 static void     nfs3_readahead(vnode_t *, u_offset_t, caddr_t, struct seg *,
127                         cred_t *);
128 static int      nfs3_sync_putapage(vnode_t *, page_t *, u_offset_t, size_t,
129                         int, cred_t *);
130 static int      nfs3_sync_pageio(vnode_t *, page_t *, u_offset_t, size_t,
131                         int, cred_t *);
132 static int      nfs3_commit(vnode_t *, offset3, count3, cred_t *);
133 static void     nfs3_set_mod(vnode_t *);
134 static void     nfs3_get_commit(vnode_t *);
135 static void     nfs3_get_commit_range(vnode_t *, u_offset_t, size_t);
136 #if 0 /* unused */
137 #ifdef DEBUG
138 static int      nfs3_no_uncommitted_pages(vnode_t *);
139 #endif
140 #endif /* unused */
141 static int      nfs3_putpage_commit(vnode_t *, offset_t, size_t, cred_t *);
142 static int      nfs3_commit_vp(vnode_t *, u_offset_t, size_t,  cred_t *);
143 static int      nfs3_sync_commit(vnode_t *, page_t *, offset3, count3,
144                         cred_t *);
145 static void     nfs3_async_commit(vnode_t *, page_t *, offset3, count3,
146                         cred_t *);
147 static void     nfs3_delmap_callback(struct as *, void *, uint_t);
148 
149 /*
150  * Error flags used to pass information about certain special errors
151  * which need to be handled specially.
152  */
153 #define NFS_EOF                 -98
154 #define NFS_VERF_MISMATCH       -97
155 
156 /* ALIGN64 aligns the given buffer and adjust buffer size to 64 bit */
157 #define ALIGN64(x, ptr, sz)                                             \
158         x = ((uintptr_t)(ptr)) & (sizeof (uint64_t) - 1);           \
159         if (x) {                                                        \
160                 x = sizeof (uint64_t) - (x);                            \
161                 sz -= (x);                                              \
162                 ptr += (x);                                             \
163         }
164 
165 /*
166  * These are the vnode ops routines which implement the vnode interface to
167  * the networked file system.  These routines just take their parameters,
168  * make them look networkish by putting the right info into interface structs,
169  * and then calling the appropriate remote routine(s) to do the work.
170  *
171  * Note on directory name lookup cacheing:  If we detect a stale fhandle,
172  * we purge the directory cache relative to that vnode.  This way, the
173  * user won't get burned by the cache repeatedly.  See <nfs/rnode.h> for
174  * more details on rnode locking.
175  */
176 
177 static int      nfs3_open(vnode_t **, int, cred_t *);
178 static int      nfs3_close(vnode_t *, int, int, offset_t, cred_t *);
179 static int      nfs3_read(vnode_t *, struct uio *, int, cred_t *,
180                         caller_context_t *);
181 static int      nfs3_write(vnode_t *, struct uio *, int, cred_t *,
182                         caller_context_t *);
183 static int      nfs3_ioctl(vnode_t *, int, intptr_t, int, cred_t *, int *);
184 static int      nfs3_getattr(vnode_t *, struct vattr *, int, cred_t *);
185 static int      nfs3_setattr(vnode_t *, struct vattr *, int, cred_t *,
186                         caller_context_t *);
187 static int      nfs3_access(vnode_t *, int, int, cred_t *);
188 static int      nfs3_readlink(vnode_t *, struct uio *, cred_t *);
189 static int      nfs3_fsync(vnode_t *, int, cred_t *);
190 static void     nfs3_inactive(vnode_t *, cred_t *);
191 static int      nfs3_lookup(vnode_t *, char *, vnode_t **,
192                         struct pathname *, int, vnode_t *, cred_t *);
193 static int      nfs3_create(vnode_t *, char *, struct vattr *, enum vcexcl,
194                         int, vnode_t **, cred_t *, int);
195 static int      nfs3_remove(vnode_t *, char *, cred_t *);
196 static int      nfs3_link(vnode_t *, vnode_t *, char *, cred_t *);
197 static int      nfs3_rename(vnode_t *, char *, vnode_t *, char *, cred_t *);
198 static int      nfs3_mkdir(vnode_t *, char *, struct vattr *,
199                         vnode_t **, cred_t *);
200 static int      nfs3_rmdir(vnode_t *, char *, vnode_t *, cred_t *);
201 static int      nfs3_symlink(vnode_t *, char *, struct vattr *, char *,
202                         cred_t *);
203 static int      nfs3_readdir(vnode_t *, struct uio *, cred_t *, int *);
204 static int      nfs3_fid(vnode_t *, fid_t *);
205 static int      nfs3_rwlock(vnode_t *, int, caller_context_t *);
206 static void     nfs3_rwunlock(vnode_t *, int, caller_context_t *);
207 static int      nfs3_seek(vnode_t *, offset_t, offset_t *);
208 static int      nfs3_getpage(vnode_t *, offset_t, size_t, uint_t *,
209                         page_t *[], size_t, struct seg *, caddr_t,
210                         enum seg_rw, cred_t *);
211 static int      nfs3_putpage(vnode_t *, offset_t, size_t, int, cred_t *);
212 static int      nfs3_map(vnode_t *, offset_t, struct as *, caddr_t *,
213                         size_t, uchar_t, uchar_t, uint_t, cred_t *);
214 static int      nfs3_addmap(vnode_t *, offset_t, struct as *, caddr_t,
215                         size_t, uchar_t, uchar_t, uint_t, cred_t *);
216 static int      nfs3_frlock(vnode_t *, int, struct flock64 *, int, offset_t,
217                         struct flk_callback *, cred_t *);
218 static int      nfs3_space(vnode_t *, int, struct flock64 *, int, offset_t,
219                         cred_t *, caller_context_t *);
220 static int      nfs3_realvp(vnode_t *, vnode_t **);
221 static int      nfs3_delmap(vnode_t *, offset_t, struct as *, caddr_t,
222                         size_t, uint_t, uint_t, uint_t, cred_t *);
223 static int      nfs3_pathconf(vnode_t *, int, ulong_t *, cred_t *);
224 static int      nfs3_pageio(vnode_t *, page_t *, u_offset_t, size_t, int,
225                         cred_t *);
226 static void     nfs3_dispose(vnode_t *, page_t *, int, int, cred_t *);
227 static int      nfs3_setsecattr(vnode_t *, vsecattr_t *, int, cred_t *);
228 static int      nfs3_getsecattr(vnode_t *, vsecattr_t *, int, cred_t *);
229 static int      nfs3_shrlock(vnode_t *, int, struct shrlock *, int, cred_t *);
230 
231 struct vnodeops *nfs3_vnodeops;
232 
233 const fs_operation_def_t nfs3_vnodeops_template[] = {
234         VOPNAME_OPEN, nfs3_open,
235         VOPNAME_CLOSE, nfs3_close,
236         VOPNAME_READ, nfs3_read,
237         VOPNAME_WRITE, nfs3_write,
238         VOPNAME_IOCTL, nfs3_ioctl,
239         VOPNAME_GETATTR, nfs3_getattr,
240         VOPNAME_SETATTR, nfs3_setattr,
241         VOPNAME_ACCESS, nfs3_access,
242         VOPNAME_LOOKUP, nfs3_lookup,
243         VOPNAME_CREATE, nfs3_create,
244         VOPNAME_REMOVE, nfs3_remove,
245         VOPNAME_LINK, nfs3_link,
246         VOPNAME_RENAME, nfs3_rename,
247         VOPNAME_MKDIR, nfs3_mkdir,
248         VOPNAME_RMDIR, nfs3_rmdir,
249         VOPNAME_READDIR, nfs3_readdir,
250         VOPNAME_SYMLINK, nfs3_symlink,
251         VOPNAME_READLINK, nfs3_readlink,
252         VOPNAME_FSYNC, nfs3_fsync,
253         VOPNAME_INACTIVE, (fs_generic_func_p) nfs3_inactive,
254         VOPNAME_FID, nfs3_fid,
255         VOPNAME_RWLOCK, nfs3_rwlock,
256         VOPNAME_RWUNLOCK, (fs_generic_func_p) nfs3_rwunlock,
257         VOPNAME_SEEK, nfs3_seek,
258         VOPNAME_FRLOCK, nfs3_frlock,
259         VOPNAME_SPACE, nfs3_space,
260         VOPNAME_REALVP, nfs3_realvp,
261         VOPNAME_GETPAGE, nfs3_getpage,
262         VOPNAME_PUTPAGE, nfs3_putpage,
263         VOPNAME_MAP, (fs_generic_func_p) nfs3_map,
264         VOPNAME_ADDMAP, (fs_generic_func_p) nfs3_addmap,
265         VOPNAME_DELMAP, nfs3_delmap,
266         VOPNAME_DUMP, nfs_dump,         /* there is no separate nfs3_dump */
267         VOPNAME_PATHCONF, nfs3_pathconf,
268         VOPNAME_PAGEIO, nfs3_pageio,
269         VOPNAME_DISPOSE, (fs_generic_func_p) nfs3_dispose,
270         VOPNAME_SETSECATTR, nfs3_setsecattr,
271         VOPNAME_GETSECATTR, nfs3_getsecattr,
272         VOPNAME_SHRLOCK, nfs3_shrlock,
273         NULL, NULL
274 };
275 
276 /*
277  * XXX:  This is referenced in modstubs.s
278  */
279 struct vnodeops *
280 nfs3_getvnodeops(void)
281 {
282         return (nfs3_vnodeops);
283 }
284 
285 /* ARGSUSED */
286 static int
287 nfs3_open(vnode_t **vpp, int flag, cred_t *cr)
288 {
289         int error;
290         struct vattr va;
291         rnode_t *rp;
292         vnode_t *vp;
293 
294         vp = *vpp;
295         if (nfs_zone() != VTOMI(vp)->mi_zone)
296                 return (EIO);
297         rp = VTOR(vp);
298         mutex_enter(&rp->r_statelock);
299         if (rp->r_cred == NULL) {
300                 crhold(cr);
301                 rp->r_cred = cr;
302         }
303         mutex_exit(&rp->r_statelock);
304 
305         /*
306          * If there is no cached data or if close-to-open
307          * consistency checking is turned off, we can avoid
308          * the over the wire getattr.  Otherwise, if the
309          * file system is mounted readonly, then just verify
310          * the caches are up to date using the normal mechanism.
311          * Else, if the file is not mmap'd, then just mark
312          * the attributes as timed out.  They will be refreshed
313          * and the caches validated prior to being used.
314          * Else, the file system is mounted writeable so
315          * force an over the wire GETATTR in order to ensure
316          * that all cached data is valid.
317          */
318         if (vp->v_count > 1 ||
319             ((vn_has_cached_data(vp) || HAVE_RDDIR_CACHE(rp)) &&
320             !(VTOMI(vp)->mi_flags & MI_NOCTO))) {
321                 if (vn_is_readonly(vp))
322                         error = nfs3_validate_caches(vp, cr);
323                 else if (rp->r_mapcnt == 0 && vp->v_count == 1) {
324                         PURGE_ATTRCACHE(vp);
325                         error = 0;
326                 } else {
327                         va.va_mask = AT_ALL;
328                         error = nfs3_getattr_otw(vp, &va, cr);
329                 }
330         } else
331                 error = 0;
332 
333         return (error);
334 }
335 
336 static int
337 nfs3_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr)
338 {
339         rnode_t *rp;
340         int error;
341         struct vattr va;
342 
343         /*
344          * zone_enter(2) prevents processes from changing zones with NFS files
345          * open; if we happen to get here from the wrong zone we can't do
346          * anything over the wire.
347          */
348         if (VTOMI(vp)->mi_zone != nfs_zone()) {
349                 /*
350                  * We could attempt to clean up locks, except we're sure
351                  * that the current process didn't acquire any locks on
352                  * the file: any attempt to lock a file belong to another zone
353                  * will fail, and one can't lock an NFS file and then change
354                  * zones, as that fails too.
355                  *
356                  * Returning an error here is the sane thing to do.  A
357                  * subsequent call to VN_RELE() which translates to a
358                  * nfs3_inactive() will clean up state: if the zone of the
359                  * vnode's origin is still alive and kicking, an async worker
360                  * thread will handle the request (from the correct zone), and
361                  * everything (minus the commit and final nfs3_getattr_otw()
362                  * call) should be OK. If the zone is going away
363                  * nfs_async_inactive() will throw away cached pages inline.
364                  */
365                 return (EIO);
366         }
367 
368         /*
369          * If we are using local locking for this filesystem, then
370          * release all of the SYSV style record locks.  Otherwise,
371          * we are doing network locking and we need to release all
372          * of the network locks.  All of the locks held by this
373          * process on this file are released no matter what the
374          * incoming reference count is.
375          */
376         if (VTOMI(vp)->mi_flags & MI_LLOCK) {
377                 cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
378                 cleanshares(vp, ttoproc(curthread)->p_pid);
379         } else
380                 nfs_lockrelease(vp, flag, offset, cr);
381 
382         if (count > 1)
383                 return (0);
384 
385         /*
386          * If the file has been `unlinked', then purge the
387          * DNLC so that this vnode will get reycled quicker
388          * and the .nfs* file on the server will get removed.
389          */
390         rp = VTOR(vp);
391         if (rp->r_unldvp != NULL)
392                 dnlc_purge_vp(vp);
393 
394         /*
395          * If the file was open for write and there are pages,
396          * then if the file system was mounted using the "no-close-
397          *      to-open" semantics, then start an asynchronous flush
398          *      of the all of the pages in the file.
399          * else the file system was not mounted using the "no-close-
400          *      to-open" semantics, then do a synchronous flush and
401          *      commit of all of the dirty and uncommitted pages.
402          *
403          * The asynchronous flush of the pages in the "nocto" path
404          * mostly just associates a cred pointer with the rnode so
405          * writes which happen later will have a better chance of
406          * working.  It also starts the data being written to the
407          * server, but without unnecessarily delaying the application.
408          */
409         if ((flag & FWRITE) && vn_has_cached_data(vp)) {
410                 if (VTOMI(vp)->mi_flags & MI_NOCTO) {
411                         error = nfs3_putpage(vp, (offset_t)0, 0, B_ASYNC, cr);
412                         if (error == EAGAIN)
413                                 error = 0;
414                 } else
415                         error = nfs3_putpage_commit(vp, (offset_t)0, 0, cr);
416                 if (!error) {
417                         mutex_enter(&rp->r_statelock);
418                         error = rp->r_error;
419                         rp->r_error = 0;
420                         mutex_exit(&rp->r_statelock);
421                 }
422         } else {
423                 mutex_enter(&rp->r_statelock);
424                 error = rp->r_error;
425                 rp->r_error = 0;
426                 mutex_exit(&rp->r_statelock);
427         }
428 
429         /*
430          * If RWRITEATTR is set, then issue an over the wire GETATTR to
431          * refresh the attribute cache with a set of attributes which
432          * weren't returned from a WRITE.  This will enable the close-
433          * to-open processing to work.
434          */
435         if (rp->r_flags & RWRITEATTR)
436                 (void) nfs3_getattr_otw(vp, &va, cr);
437 
438         return (error);
439 }
440 
441 /* ARGSUSED */
442 static int
443 nfs3_directio_read(vnode_t *vp, struct uio *uiop, cred_t *cr)
444 {
445         mntinfo_t *mi;
446         READ3args args;
447         READ3uiores res;
448         int tsize;
449         offset_t offset;
450         ssize_t count;
451         int error;
452         int douprintf;
453         failinfo_t fi;
454         char *sv_hostname;
455 
456         mi = VTOMI(vp);
457         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
458         sv_hostname = VTOR(vp)->r_server->sv_hostname;
459 
460         douprintf = 1;
461         args.file = *VTOFH3(vp);
462         fi.vp = vp;
463         fi.fhp = (caddr_t)&args.file;
464         fi.copyproc = nfs3copyfh;
465         fi.lookupproc = nfs3lookup;
466         fi.xattrdirproc = acl_getxattrdir3;
467 
468         res.uiop = uiop;
469 
470         res.wlist = NULL;
471 
472         offset = uiop->uio_loffset;
473         count = uiop->uio_resid;
474 
475         do {
476                 if (mi->mi_io_kstats) {
477                         mutex_enter(&mi->mi_lock);
478                         kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
479                         mutex_exit(&mi->mi_lock);
480                 }
481 
482                 do {
483                         tsize = MIN(mi->mi_tsize, count);
484                         args.offset = (offset3)offset;
485                         args.count = (count3)tsize;
486                         res.size = (uint_t)tsize;
487                         error = rfs3call(mi, NFSPROC3_READ,
488                                     xdr_READ3args, (caddr_t)&args,
489                                     xdr_READ3uiores, (caddr_t)&res, cr,
490                                     &douprintf, &res.status, 0, &fi);
491                 } while (error == ENFS_TRYAGAIN);
492 
493                 if (mi->mi_io_kstats) {
494                         mutex_enter(&mi->mi_lock);
495                         kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
496                         mutex_exit(&mi->mi_lock);
497                 }
498 
499                 if (error)
500                         return (error);
501 
502                 error = geterrno3(res.status);
503                 if (error)
504                         return (error);
505 
506                 if (res.count != res.size) {
507                         zcmn_err(getzoneid(), CE_WARN,
508 "nfs3_directio_read: server %s returned incorrect amount",
509                                         sv_hostname);
510                         return (EIO);
511                 }
512                 count -= res.count;
513                 offset += res.count;
514                 if (mi->mi_io_kstats) {
515                         mutex_enter(&mi->mi_lock);
516                         KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
517                         KSTAT_IO_PTR(mi->mi_io_kstats)->nread += res.count;
518                         mutex_exit(&mi->mi_lock);
519                 }
520                 lwp_stat_update(LWP_STAT_INBLK, 1);
521         } while (count && !res.eof);
522 
523         return (0);
524 }
525 
526 /* ARGSUSED */
527 static int
528 nfs3_read(vnode_t *vp, struct uio *uiop, int ioflag, cred_t *cr,
529         caller_context_t *ct)
530 {
531         rnode_t *rp;
532         u_offset_t off;
533         offset_t diff;
534         int on;
535         size_t n;
536         caddr_t base;
537         uint_t flags;
538         int error = 0;
539         mntinfo_t *mi;
540 
541         rp = VTOR(vp);
542         mi = VTOMI(vp);
543 
544         ASSERT(nfs_rw_lock_held(&rp->r_rwlock, RW_READER));
545 
546         if (nfs_zone() != mi->mi_zone)
547                 return (EIO);
548 
549         if (vp->v_type != VREG)
550                 return (EISDIR);
551 
552         if (uiop->uio_resid == 0)
553                 return (0);
554 
555         if (uiop->uio_loffset < 0 || uiop->uio_loffset + uiop->uio_resid < 0)
556                 return (EINVAL);
557 
558         /*
559          * Bypass VM if caching has been disabled (e.g., locking) or if
560          * using client-side direct I/O and the file is not mmap'd and
561          * there are no cached pages.
562          */
563         if ((vp->v_flag & VNOCACHE) ||
564             (((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO)) &&
565             rp->r_mapcnt == 0 && !vn_has_cached_data(vp))) {
566                 return (nfs3_directio_read(vp, uiop, cr));
567         }
568 
569         do {
570                 off = uiop->uio_loffset & MAXBMASK; /* mapping offset */
571                 on = uiop->uio_loffset & MAXBOFFSET; /* Relative offset */
572                 n = MIN(MAXBSIZE - on, uiop->uio_resid);
573 
574                 error = nfs3_validate_caches(vp, cr);
575                 if (error)
576                         break;
577 
578                 mutex_enter(&rp->r_statelock);
579                 diff = rp->r_size - uiop->uio_loffset;
580                 mutex_exit(&rp->r_statelock);
581                 if (diff <= 0)
582                         break;
583                 if (diff < n)
584                         n = (size_t)diff;
585 
586                 base = segmap_getmapflt(segkmap, vp, off + on, n, 1, S_READ);
587 
588                 error = uiomove(base + on, n, UIO_READ, uiop);
589 
590                 if (!error) {
591                         /*
592                          * If read a whole block or read to eof,
593                          * won't need this buffer again soon.
594                          */
595                         mutex_enter(&rp->r_statelock);
596                         if (n + on == MAXBSIZE ||
597                             uiop->uio_loffset == rp->r_size)
598                                 flags = SM_DONTNEED;
599                         else
600                                 flags = 0;
601                         mutex_exit(&rp->r_statelock);
602                         error = segmap_release(segkmap, base, flags);
603                 } else
604                         (void) segmap_release(segkmap, base, 0);
605         } while (!error && uiop->uio_resid > 0);
606 
607         return (error);
608 }
609 
610 /* ARGSUSED */
611 static int
612 nfs3_write(vnode_t *vp, struct uio *uiop, int ioflag, cred_t *cr,
613         caller_context_t *ct)
614 {
615         rlim64_t limit = uiop->uio_llimit;
616         rnode_t *rp;
617         u_offset_t off;
618         caddr_t base;
619         uint_t flags;
620         int remainder;
621         size_t n;
622         int on;
623         int error;
624         int resid;
625         offset_t offset;
626         mntinfo_t *mi;
627         uint_t bsize;
628 
629         rp = VTOR(vp);
630 
631         if (vp->v_type != VREG)
632                 return (EISDIR);
633 
634         mi = VTOMI(vp);
635         if (nfs_zone() != mi->mi_zone)
636                 return (EIO);
637         if (uiop->uio_resid == 0)
638                 return (0);
639 
640         if (ioflag & FAPPEND) {
641                 struct vattr va;
642 
643                 /*
644                  * Must serialize if appending.
645                  */
646                 if (nfs_rw_lock_held(&rp->r_rwlock, RW_READER)) {
647                         nfs_rw_exit(&rp->r_rwlock);
648                         if (nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER,
649                             INTR(vp)))
650                                 return (EINTR);
651                 }
652 
653                 va.va_mask = AT_SIZE;
654                 error = nfs3getattr(vp, &va, cr);
655                 if (error)
656                         return (error);
657                 uiop->uio_loffset = va.va_size;
658         }
659 
660         offset = uiop->uio_loffset + uiop->uio_resid;
661 
662         if (uiop->uio_loffset < 0 || offset < 0)
663                 return (EINVAL);
664 
665         if (limit == RLIM64_INFINITY || limit > MAXOFFSET_T)
666                 limit = MAXOFFSET_T;
667 
668         /*
669          * Check to make sure that the process will not exceed
670          * its limit on file size.  It is okay to write up to
671          * the limit, but not beyond.  Thus, the write which
672          * reaches the limit will be short and the next write
673          * will return an error.
674          */
675         remainder = 0;
676         if (offset > limit) {
677                 remainder = offset - limit;
678                 uiop->uio_resid = limit - uiop->uio_loffset;
679                 if (uiop->uio_resid <= 0) {
680                         proc_t *p = ttoproc(curthread);
681 
682                         uiop->uio_resid += remainder;
683                         mutex_enter(&p->p_lock);
684                         (void) rctl_action(rctlproc_legacy[RLIMIT_FSIZE],
685                             p->p_rctls, p, RCA_UNSAFE_SIGINFO);
686                         mutex_exit(&p->p_lock);
687                         return (EFBIG);
688                 }
689         }
690 
691         if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_READER, INTR(vp)))
692                 return (EINTR);
693 
694         /*
695          * Bypass VM if caching has been disabled (e.g., locking) or if
696          * using client-side direct I/O and the file is not mmap'd and
697          * there are no cached pages.
698          */
699         if ((vp->v_flag & VNOCACHE) ||
700             (((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO)) &&
701             rp->r_mapcnt == 0 && !vn_has_cached_data(vp))) {
702                 size_t bufsize;
703                 int count;
704                 u_offset_t org_offset;
705                 stable_how stab_comm;
706 
707 nfs3_fwrite:
708                 if (rp->r_flags & RSTALE) {
709                         resid = uiop->uio_resid;
710                         offset = uiop->uio_loffset;
711                         error = rp->r_error;
712                         goto bottom;
713                 }
714                 bufsize = MIN(uiop->uio_resid, mi->mi_stsize);
715                 base = kmem_alloc(bufsize, KM_SLEEP);
716                 do {
717                         if (ioflag & FDSYNC)
718                                 stab_comm = DATA_SYNC;
719                         else
720                                 stab_comm = FILE_SYNC;
721                         resid = uiop->uio_resid;
722                         offset = uiop->uio_loffset;
723                         count = MIN(uiop->uio_resid, bufsize);
724                         org_offset = uiop->uio_loffset;
725                         error = uiomove(base, count, UIO_WRITE, uiop);
726                         if (!error) {
727                                 error = nfs3write(vp, base, org_offset,
728                                     count, cr, &stab_comm);
729                         }
730                 } while (!error && uiop->uio_resid > 0);
731                 kmem_free(base, bufsize);
732                 goto bottom;
733         }
734 
735 
736         bsize = vp->v_vfsp->vfs_bsize;
737 
738         do {
739                 off = uiop->uio_loffset & MAXBMASK; /* mapping offset */
740                 on = uiop->uio_loffset & MAXBOFFSET; /* Relative offset */
741                 n = MIN(MAXBSIZE - on, uiop->uio_resid);
742 
743                 resid = uiop->uio_resid;
744                 offset = uiop->uio_loffset;
745 
746                 if (rp->r_flags & RSTALE) {
747                         error = rp->r_error;
748                         break;
749                 }
750 
751                 /*
752                  * Don't create dirty pages faster than they
753                  * can be cleaned so that the system doesn't
754                  * get imbalanced.  If the async queue is
755                  * maxed out, then wait for it to drain before
756                  * creating more dirty pages.  Also, wait for
757                  * any threads doing pagewalks in the vop_getattr
758                  * entry points so that they don't block for
759                  * long periods.
760                  */
761                 mutex_enter(&rp->r_statelock);
762                 while ((mi->mi_max_threads != 0 &&
763                     rp->r_awcount > 2 * mi->mi_max_threads) ||
764                     rp->r_gcount > 0)
765                         cv_wait(&rp->r_cv, &rp->r_statelock);
766                 mutex_exit(&rp->r_statelock);
767 
768                 if (segmap_kpm) {
769                         int pon = uiop->uio_loffset & PAGEOFFSET;
770                         size_t pn = MIN(PAGESIZE - pon, uiop->uio_resid);
771                         int pagecreate;
772 
773                         mutex_enter(&rp->r_statelock);
774                         pagecreate = (pon == 0) && (pn == PAGESIZE ||
775                                 uiop->uio_loffset + pn >= rp->r_size);
776                         mutex_exit(&rp->r_statelock);
777 
778                         base = segmap_getmapflt(segkmap, vp, off + on,
779                                                 pn, !pagecreate, S_WRITE);
780 
781                         error = writerp(rp, base + pon, n, uiop, pagecreate);
782 
783                 } else {
784                         base = segmap_getmapflt(segkmap, vp, off + on,
785                                                 n, 0, S_READ);
786                         error = writerp(rp, base + on, n, uiop, 0);
787                 }
788 
789                 if (!error) {
790                         if (mi->mi_flags & MI_NOAC)
791                                 flags = SM_WRITE;
792                         else if ((uiop->uio_loffset % bsize) == 0 ||
793                             IS_SWAPVP(vp)) {
794                                 /*
795                                  * Have written a whole block.
796                                  * Start an asynchronous write
797                                  * and mark the buffer to
798                                  * indicate that it won't be
799                                  * needed again soon.
800                                  */
801                                 flags = SM_WRITE | SM_ASYNC | SM_DONTNEED;
802                         } else
803                                 flags = 0;
804                         if ((ioflag & (FSYNC|FDSYNC)) ||
805                             (rp->r_flags & ROUTOFSPACE)) {
806                                 flags &= ~SM_ASYNC;
807                                 flags |= SM_WRITE;
808                         }
809                         error = segmap_release(segkmap, base, flags);
810                 } else {
811                         (void) segmap_release(segkmap, base, 0);
812                         /*
813                          * In the event that we got an access error while
814                          * faulting in a page for a write-only file just
815                          * force a write.
816                          */
817                         if (error == EACCES)
818                                 goto nfs3_fwrite;
819                 }
820         } while (!error && uiop->uio_resid > 0);
821 
822 bottom:
823         if (error) {
824                 uiop->uio_resid = resid + remainder;
825                 uiop->uio_loffset = offset;
826         } else
827                 uiop->uio_resid += remainder;
828 
829         nfs_rw_exit(&rp->r_lkserlock);
830 
831         return (error);
832 }
833 
834 /*
835  * Flags are composed of {B_ASYNC, B_INVAL, B_FREE, B_DONTNEED}
836  */
837 static int
838 nfs3_rdwrlbn(vnode_t *vp, page_t *pp, u_offset_t off, size_t len,
839         int flags, cred_t *cr)
840 {
841         struct buf *bp;
842         int error;
843         page_t *savepp;
844         uchar_t fsdata;
845         stable_how stab_comm;
846 
847         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
848         bp = pageio_setup(pp, len, vp, flags);
849         ASSERT(bp != NULL);
850 
851         /*
852          * pageio_setup should have set b_addr to 0.  This
853          * is correct since we want to do I/O on a page
854          * boundary.  bp_mapin will use this addr to calculate
855          * an offset, and then set b_addr to the kernel virtual
856          * address it allocated for us.
857          */
858         ASSERT(bp->b_un.b_addr == 0);
859 
860         bp->b_edev = 0;
861         bp->b_dev = 0;
862         bp->b_lblkno = lbtodb(off);
863         bp->b_file = vp;
864         bp->b_offset = (offset_t)off;
865         bp_mapin(bp);
866 
867         /*
868          * Calculate the desired level of stability to write data
869          * on the server and then mark all of the pages to reflect
870          * this.
871          */
872         if ((flags & (B_WRITE|B_ASYNC)) == (B_WRITE|B_ASYNC) &&
873             freemem > desfree) {
874                 stab_comm = UNSTABLE;
875                 fsdata = C_DELAYCOMMIT;
876         } else {
877                 stab_comm = FILE_SYNC;
878                 fsdata = C_NOCOMMIT;
879         }
880 
881         savepp = pp;
882         do {
883                 pp->p_fsdata = fsdata;
884         } while ((pp = pp->p_next) != savepp);
885 
886         error = nfs3_bio(bp, &stab_comm, cr);
887 
888         bp_mapout(bp);
889         pageio_done(bp);
890 
891         /*
892          * If the server wrote pages in a more stable fashion than
893          * was requested, then clear all of the marks in the pages
894          * indicating that COMMIT operations were required.
895          */
896         if (stab_comm != UNSTABLE && fsdata == C_DELAYCOMMIT) {
897                 do {
898                         pp->p_fsdata = C_NOCOMMIT;
899                 } while ((pp = pp->p_next) != savepp);
900         }
901 
902         return (error);
903 }
904 
905 /*
906  * Write to file.  Writes to remote server in largest size
907  * chunks that the server can handle.  Write is synchronous.
908  */
909 static int
910 nfs3write(vnode_t *vp, caddr_t base, u_offset_t offset, int count, cred_t *cr,
911         stable_how *stab_comm)
912 {
913         mntinfo_t *mi;
914         WRITE3args args;
915         WRITE3res res;
916         int error;
917         int tsize;
918         rnode_t *rp;
919         int douprintf;
920 
921         rp = VTOR(vp);
922         mi = VTOMI(vp);
923 
924         ASSERT(nfs_zone() == mi->mi_zone);
925 
926         args.file = *VTOFH3(vp);
927         args.stable = *stab_comm;
928 
929         *stab_comm = FILE_SYNC;
930 
931         douprintf = 1;
932 
933         do {
934                 if ((vp->v_flag & VNOCACHE) ||
935                     (rp->r_flags & RDIRECTIO) ||
936                     (mi->mi_flags & MI_DIRECTIO))
937                         tsize = MIN(mi->mi_stsize, count);
938                 else
939                         tsize = MIN(mi->mi_curwrite, count);
940                 args.offset = (offset3)offset;
941                 args.count = (count3)tsize;
942                 args.data.data_len = (uint_t)tsize;
943                 args.data.data_val = base;
944 
945                 if (mi->mi_io_kstats) {
946                         mutex_enter(&mi->mi_lock);
947                         kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
948                         mutex_exit(&mi->mi_lock);
949                 }
950                 args.mblk = NULL;
951                 do {
952                         error = rfs3call(mi, NFSPROC3_WRITE,
953                             xdr_WRITE3args, (caddr_t)&args,
954                             xdr_WRITE3res, (caddr_t)&res, cr,
955                             &douprintf, &res.status, 0, NULL);
956                 } while (error == ENFS_TRYAGAIN);
957                 if (mi->mi_io_kstats) {
958                         mutex_enter(&mi->mi_lock);
959                         kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
960                         mutex_exit(&mi->mi_lock);
961                 }
962 
963                 if (error)
964                         return (error);
965                 error = geterrno3(res.status);
966                 if (!error) {
967                         if (res.resok.count > args.count) {
968                                 zcmn_err(getzoneid(), CE_WARN,
969                                     "nfs3write: server %s wrote %u, "
970                                     "requested was %u",
971                                     rp->r_server->sv_hostname,
972                                     res.resok.count, args.count);
973                                 return (EIO);
974                         }
975                         if (res.resok.committed == UNSTABLE) {
976                                 *stab_comm = UNSTABLE;
977                                 if (args.stable == DATA_SYNC ||
978                                     args.stable == FILE_SYNC) {
979                                         zcmn_err(getzoneid(), CE_WARN,
980                         "nfs3write: server %s did not commit to stable storage",
981                                             rp->r_server->sv_hostname);
982                                         return (EIO);
983                                 }
984                         }
985                         tsize = (int)res.resok.count;
986                         count -= tsize;
987                         base += tsize;
988                         offset += tsize;
989                         if (mi->mi_io_kstats) {
990                                 mutex_enter(&mi->mi_lock);
991                                 KSTAT_IO_PTR(mi->mi_io_kstats)->writes++;
992                                 KSTAT_IO_PTR(mi->mi_io_kstats)->nwritten +=
993                                     tsize;
994                                 mutex_exit(&mi->mi_lock);
995                         }
996                         lwp_stat_update(LWP_STAT_OUBLK, 1);
997                         mutex_enter(&rp->r_statelock);
998                         if (rp->r_flags & RHAVEVERF) {
999                                 if (rp->r_verf != res.resok.verf) {
1000                                         nfs3_set_mod(vp);
1001                                         rp->r_verf = res.resok.verf;
1002                                         /*
1003                                          * If the data was written UNSTABLE,
1004                                          * then might as well stop because
1005                                          * the whole block will have to get
1006                                          * rewritten anyway.
1007                                          */
1008                                         if (*stab_comm == UNSTABLE) {
1009                                                 mutex_exit(&rp->r_statelock);
1010                                                 break;
1011                                         }
1012                                 }
1013                         } else {
1014                                 rp->r_verf = res.resok.verf;
1015                                 rp->r_flags |= RHAVEVERF;
1016                         }
1017                         /*
1018                          * Mark the attribute cache as timed out and
1019                          * set RWRITEATTR to indicate that the file
1020                          * was modified with a WRITE operation and
1021                          * that the attributes can not be trusted.
1022                          */
1023                         PURGE_ATTRCACHE_LOCKED(rp);
1024                         rp->r_flags |= RWRITEATTR;
1025                         mutex_exit(&rp->r_statelock);
1026                 }
1027         } while (!error && count);
1028 
1029         return (error);
1030 }
1031 
1032 /*
1033  * Read from a file.  Reads data in largest chunks our interface can handle.
1034  */
1035 static int
1036 nfs3read(vnode_t *vp, caddr_t base, offset_t offset, int count,
1037         size_t *residp, cred_t *cr)
1038 {
1039         mntinfo_t *mi;
1040         READ3args args;
1041         READ3vres res;
1042         int tsize;
1043         int error;
1044         int douprintf;
1045         failinfo_t fi;
1046         rnode_t *rp;
1047         struct vattr va;
1048         hrtime_t t;
1049 
1050         rp = VTOR(vp);
1051         mi = VTOMI(vp);
1052         ASSERT(nfs_zone() == mi->mi_zone);
1053         douprintf = 1;
1054 
1055         args.file = *VTOFH3(vp);
1056         fi.vp = vp;
1057         fi.fhp = (caddr_t)&args.file;
1058         fi.copyproc = nfs3copyfh;
1059         fi.lookupproc = nfs3lookup;
1060         fi.xattrdirproc = acl_getxattrdir3;
1061 
1062         res.pov.fres.vp = vp;
1063         res.pov.fres.vap = &va;
1064 
1065         res.wlist = NULL;
1066 
1067         *residp = count;
1068         do {
1069                 if (mi->mi_io_kstats) {
1070                         mutex_enter(&mi->mi_lock);
1071                         kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
1072                         mutex_exit(&mi->mi_lock);
1073                 }
1074 
1075                 do {
1076                         if ((vp->v_flag & VNOCACHE) ||
1077                             (rp->r_flags & RDIRECTIO) ||
1078                             (mi->mi_flags & MI_DIRECTIO))
1079                                 tsize = MIN(mi->mi_tsize, count);
1080                         else
1081                                 tsize = MIN(mi->mi_curread, count);
1082                         res.data.data_val = base;
1083                         res.data.data_len = tsize;
1084                         args.offset = (offset3)offset;
1085                         args.count = (count3)tsize;
1086                         t = gethrtime();
1087                         error = rfs3call(mi, NFSPROC3_READ,
1088                             xdr_READ3args, (caddr_t)&args,
1089                             xdr_READ3vres, (caddr_t)&res, cr,
1090                             &douprintf, &res.status, 0, &fi);
1091                 } while (error == ENFS_TRYAGAIN);
1092 
1093                 if (mi->mi_io_kstats) {
1094                         mutex_enter(&mi->mi_lock);
1095                         kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
1096                         mutex_exit(&mi->mi_lock);
1097                 }
1098 
1099                 if (error)
1100                         return (error);
1101 
1102                 error = geterrno3(res.status);
1103                 if (error)
1104                         return (error);
1105 
1106                 if (res.count != res.data.data_len) {
1107                         zcmn_err(getzoneid(), CE_WARN,
1108                                 "nfs3read: server %s returned incorrect amount",
1109                                 rp->r_server->sv_hostname);
1110                         return (EIO);
1111                 }
1112 
1113                 count -= res.count;
1114                 *residp = count;
1115                 base += res.count;
1116                 offset += res.count;
1117                 if (mi->mi_io_kstats) {
1118                         mutex_enter(&mi->mi_lock);
1119                         KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
1120                         KSTAT_IO_PTR(mi->mi_io_kstats)->nread += res.count;
1121                         mutex_exit(&mi->mi_lock);
1122                 }
1123                 lwp_stat_update(LWP_STAT_INBLK, 1);
1124         } while (count && !res.eof);
1125 
1126         if (res.pov.attributes) {
1127                 mutex_enter(&rp->r_statelock);
1128                 if (!CACHE_VALID(rp, va.va_mtime, va.va_size)) {
1129                         mutex_exit(&rp->r_statelock);
1130                         PURGE_ATTRCACHE(vp);
1131                 } else {
1132                         if (rp->r_mtime <= t)
1133                                 nfs_attrcache_va(vp, &va);
1134                         mutex_exit(&rp->r_statelock);
1135                 }
1136         }
1137 
1138         return (0);
1139 }
1140 
1141 /* ARGSUSED */
1142 static int
1143 nfs3_ioctl(vnode_t *vp, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp)
1144 {
1145 
1146         if (nfs_zone() != VTOMI(vp)->mi_zone)
1147                 return (EIO);
1148         switch (cmd) {
1149                 case _FIODIRECTIO:
1150                         return (nfs_directio(vp, (int)arg, cr));
1151                 default:
1152                         return (ENOTTY);
1153         }
1154 }
1155 
1156 static int
1157 nfs3_getattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr)
1158 {
1159         int error;
1160         rnode_t *rp;
1161 
1162         if (nfs_zone() != VTOMI(vp)->mi_zone)
1163                 return (EIO);
1164         /*
1165          * If it has been specified that the return value will
1166          * just be used as a hint, and we are only being asked
1167          * for size, fsid or rdevid, then return the client's
1168          * notion of these values without checking to make sure
1169          * that the attribute cache is up to date.
1170          * The whole point is to avoid an over the wire GETATTR
1171          * call.
1172          */
1173         rp = VTOR(vp);
1174         if (flags & ATTR_HINT) {
1175                 if (vap->va_mask ==
1176                     (vap->va_mask & (AT_SIZE | AT_FSID | AT_RDEV))) {
1177                         mutex_enter(&rp->r_statelock);
1178                         if (vap->va_mask | AT_SIZE)
1179                                 vap->va_size = rp->r_size;
1180                         if (vap->va_mask | AT_FSID)
1181                                 vap->va_fsid = rp->r_attr.va_fsid;
1182                         if (vap->va_mask | AT_RDEV)
1183                                 vap->va_rdev = rp->r_attr.va_rdev;
1184                         mutex_exit(&rp->r_statelock);
1185                         return (0);
1186                 }
1187         }
1188 
1189         /*
1190          * Only need to flush pages if asking for the mtime
1191          * and if there any dirty pages or any outstanding
1192          * asynchronous (write) requests for this file.
1193          */
1194         if (vap->va_mask & AT_MTIME) {
1195                 if (vn_has_cached_data(vp) &&
1196                     ((rp->r_flags & RDIRTY) || rp->r_awcount > 0)) {
1197                         mutex_enter(&rp->r_statelock);
1198                         rp->r_gcount++;
1199                         mutex_exit(&rp->r_statelock);
1200                         error = nfs3_putpage(vp, (offset_t)0, 0, 0, cr);
1201                         mutex_enter(&rp->r_statelock);
1202                         if (error && (error == ENOSPC || error == EDQUOT)) {
1203                                 if (!rp->r_error)
1204                                         rp->r_error = error;
1205                         }
1206                         if (--rp->r_gcount == 0)
1207                                 cv_broadcast(&rp->r_cv);
1208                         mutex_exit(&rp->r_statelock);
1209                 }
1210         }
1211 
1212         return (nfs3getattr(vp, vap, cr));
1213 }
1214 
1215 /*ARGSUSED4*/
1216 static int
1217 nfs3_setattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr,
1218                 caller_context_t *ct)
1219 {
1220         int error;
1221         struct vattr va;
1222 
1223         if (vap->va_mask & AT_NOSET)
1224                 return (EINVAL);
1225         if (nfs_zone() != VTOMI(vp)->mi_zone)
1226                 return (EIO);
1227 
1228         va.va_mask = AT_UID | AT_MODE;
1229         error = nfs3getattr(vp, &va, cr);
1230         if (error)
1231                 return (error);
1232 
1233         error = secpolicy_vnode_setattr(cr, vp, vap, &va, flags, nfs3_accessx,
1234                 vp);
1235         if (error)
1236                 return (error);
1237 
1238         return (nfs3setattr(vp, vap, flags, cr));
1239 }
1240 
1241 static int
1242 nfs3setattr(vnode_t *vp, struct vattr *vap, int flags, cred_t *cr)
1243 {
1244         int error;
1245         uint_t mask;
1246         SETATTR3args args;
1247         SETATTR3res res;
1248         int douprintf;
1249         rnode_t *rp;
1250         struct vattr va;
1251         mode_t omode;
1252         vsecattr_t *vsp;
1253         hrtime_t t;
1254 
1255         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
1256         mask = vap->va_mask;
1257 
1258         rp = VTOR(vp);
1259 
1260         /*
1261          * Only need to flush pages if there are any pages and
1262          * if the file is marked as dirty in some fashion.  The
1263          * file must be flushed so that we can accurately
1264          * determine the size of the file and the cached data
1265          * after the SETATTR returns.  A file is considered to
1266          * be dirty if it is either marked with RDIRTY, has
1267          * outstanding i/o's active, or is mmap'd.  In this
1268          * last case, we can't tell whether there are dirty
1269          * pages, so we flush just to be sure.
1270          */
1271         if (vn_has_cached_data(vp) &&
1272             ((rp->r_flags & RDIRTY) ||
1273             rp->r_count > 0 ||
1274             rp->r_mapcnt > 0)) {
1275                 ASSERT(vp->v_type != VCHR);
1276                 error = nfs3_putpage(vp, (offset_t)0, 0, 0, cr);
1277                 if (error && (error == ENOSPC || error == EDQUOT)) {
1278                         mutex_enter(&rp->r_statelock);
1279                         if (!rp->r_error)
1280                                 rp->r_error = error;
1281                         mutex_exit(&rp->r_statelock);
1282                 }
1283         }
1284 
1285         args.object = *RTOFH3(rp);
1286         /*
1287          * If the intent is for the server to set the times,
1288          * there is no point in have the mask indicating set mtime or
1289          * atime, because the vap values may be junk, and so result
1290          * in an overflow error. Remove these flags from the vap mask
1291          * before calling in this case, and restore them afterwards.
1292          */
1293         if ((mask & (AT_ATIME | AT_MTIME)) && !(flags & ATTR_UTIME)) {
1294                 /* Use server times, so don't set the args time fields */
1295                 vap->va_mask &= ~(AT_ATIME | AT_MTIME);
1296                 error = vattr_to_sattr3(vap, &args.new_attributes);
1297                 vap->va_mask |= (mask & (AT_ATIME | AT_MTIME));
1298                 if (mask & AT_ATIME) {
1299                         args.new_attributes.atime.set_it = SET_TO_SERVER_TIME;
1300                 }
1301                 if (mask & AT_MTIME) {
1302                         args.new_attributes.mtime.set_it = SET_TO_SERVER_TIME;
1303                 }
1304         } else {
1305                 /* Either do not set times or use the client specified times */
1306                 error = vattr_to_sattr3(vap, &args.new_attributes);
1307         }
1308 
1309         if (error) {
1310                 /* req time field(s) overflow - return immediately */
1311                 return (error);
1312         }
1313 
1314         va.va_mask = AT_MODE | AT_CTIME;
1315         error = nfs3getattr(vp, &va, cr);
1316         if (error)
1317                 return (error);
1318         omode = va.va_mode;
1319 
1320 tryagain:
1321         if (mask & AT_SIZE) {
1322                 args.guard.check = TRUE;
1323                 args.guard.obj_ctime.seconds = va.va_ctime.tv_sec;
1324                 args.guard.obj_ctime.nseconds = va.va_ctime.tv_nsec;
1325         } else
1326                 args.guard.check = FALSE;
1327 
1328         douprintf = 1;
1329 
1330         t = gethrtime();
1331 
1332         error = rfs3call(VTOMI(vp), NFSPROC3_SETATTR,
1333             xdr_SETATTR3args, (caddr_t)&args,
1334             xdr_SETATTR3res, (caddr_t)&res, cr,
1335             &douprintf, &res.status, 0, NULL);
1336 
1337         /*
1338          * Purge the access cache and ACL cache if changing either the
1339          * owner of the file, the group owner, or the mode.  These may
1340          * change the access permissions of the file, so purge old
1341          * information and start over again.
1342          */
1343         if (mask & (AT_UID | AT_GID | AT_MODE)) {
1344                 (void) nfs_access_purge_rp(rp);
1345                 if (rp->r_secattr != NULL) {
1346                         mutex_enter(&rp->r_statelock);
1347                         vsp = rp->r_secattr;
1348                         rp->r_secattr = NULL;
1349                         mutex_exit(&rp->r_statelock);
1350                         if (vsp != NULL)
1351                                 nfs_acl_free(vsp);
1352                 }
1353         }
1354 
1355         if (error) {
1356                 PURGE_ATTRCACHE(vp);
1357                 return (error);
1358         }
1359 
1360         error = geterrno3(res.status);
1361         if (!error) {
1362                 /*
1363                  * If changing the size of the file, invalidate
1364                  * any local cached data which is no longer part
1365                  * of the file.  We also possibly invalidate the
1366                  * last page in the file.  We could use
1367                  * pvn_vpzero(), but this would mark the page as
1368                  * modified and require it to be written back to
1369                  * the server for no particularly good reason.
1370                  * This way, if we access it, then we bring it
1371                  * back in.  A read should be cheaper than a
1372                  * write.
1373                  */
1374                 if (mask & AT_SIZE) {
1375                         nfs_invalidate_pages(vp,
1376                             (vap->va_size & PAGEMASK), cr);
1377                 }
1378                 nfs3_cache_wcc_data(vp, &res.resok.obj_wcc, t, cr);
1379                 /*
1380                  * Some servers will change the mode to clear the setuid
1381                  * and setgid bits when changing the uid or gid.  The
1382                  * client needs to compensate appropriately.
1383                  */
1384                 if (mask & (AT_UID | AT_GID)) {
1385                         int terror;
1386 
1387                         va.va_mask = AT_MODE;
1388                         terror = nfs3getattr(vp, &va, cr);
1389                         if (!terror &&
1390                             (((mask & AT_MODE) && va.va_mode != vap->va_mode) ||
1391                             (!(mask & AT_MODE) && va.va_mode != omode))) {
1392                                 va.va_mask = AT_MODE;
1393                                 if (mask & AT_MODE)
1394                                         va.va_mode = vap->va_mode;
1395                                 else
1396                                         va.va_mode = omode;
1397                                 (void) nfs3setattr(vp, &va, 0, cr);
1398                         }
1399                 }
1400         } else {
1401                 nfs3_cache_wcc_data(vp, &res.resfail.obj_wcc, t, cr);
1402                 /*
1403                  * If we got back a "not synchronized" error, then
1404                  * we need to retry with a new guard value.  The
1405                  * guard value used is the change time.  If the
1406                  * server returned post_op_attr, then we can just
1407                  * retry because we have the latest attributes.
1408                  * Otherwise, we issue a GETATTR to get the latest
1409                  * attributes and then retry.  If we couldn't get
1410                  * the attributes this way either, then we give
1411                  * up because we can't complete the operation as
1412                  * required.
1413                  */
1414                 if (res.status == NFS3ERR_NOT_SYNC) {
1415                         va.va_mask = AT_CTIME;
1416                         if (nfs3getattr(vp, &va, cr) == 0)
1417                                 goto tryagain;
1418                 }
1419                 PURGE_STALE_FH(error, vp, cr);
1420         }
1421 
1422         return (error);
1423 }
1424 
1425 static int
1426 nfs3_accessx(void *vp, int mode, cred_t *cr)
1427 {
1428         ASSERT(nfs_zone() == VTOMI((vnode_t *)vp)->mi_zone);
1429         return (nfs3_access(vp, mode, 0, cr));
1430 }
1431 
1432 /* ARGSUSED */
1433 static int
1434 nfs3_access(vnode_t *vp, int mode, int flags, cred_t *cr)
1435 {
1436         int error;
1437         ACCESS3args args;
1438         ACCESS3res res;
1439         int douprintf;
1440         uint32 acc;
1441         rnode_t *rp;
1442         cred_t *cred, *ncr, *ncrfree = NULL;
1443         failinfo_t fi;
1444         nfs_access_type_t cacc;
1445         hrtime_t t;
1446 
1447         acc = 0;
1448         if (nfs_zone() != VTOMI(vp)->mi_zone)
1449                 return (EIO);
1450         if (mode & VREAD)
1451                 acc |= ACCESS3_READ;
1452         if (mode & VWRITE) {
1453                 if (vn_is_readonly(vp) && !IS_DEVVP(vp))
1454                         return (EROFS);
1455                 if (vp->v_type == VDIR)
1456                         acc |= ACCESS3_DELETE;
1457                 acc |= ACCESS3_MODIFY | ACCESS3_EXTEND;
1458         }
1459         if (mode & VEXEC) {
1460                 if (vp->v_type == VDIR)
1461                         acc |= ACCESS3_LOOKUP;
1462                 else
1463                         acc |= ACCESS3_EXECUTE;
1464         }
1465 
1466         rp = VTOR(vp);
1467         args.object = *VTOFH3(vp);
1468         if (vp->v_type == VDIR) {
1469                 args.access = ACCESS3_READ | ACCESS3_DELETE | ACCESS3_MODIFY |
1470                     ACCESS3_EXTEND | ACCESS3_LOOKUP;
1471         } else {
1472                 args.access = ACCESS3_READ | ACCESS3_MODIFY | ACCESS3_EXTEND |
1473                     ACCESS3_EXECUTE;
1474         }
1475         fi.vp = vp;
1476         fi.fhp = (caddr_t)&args.object;
1477         fi.copyproc = nfs3copyfh;
1478         fi.lookupproc = nfs3lookup;
1479         fi.xattrdirproc = acl_getxattrdir3;
1480 
1481         cred = cr;
1482         /*
1483          * ncr and ncrfree both initially
1484          * point to the memory area returned
1485          * by crnetadjust();
1486          * ncrfree not NULL when exiting means
1487          * that we need to release it
1488          */
1489         ncr = crnetadjust(cred);
1490         ncrfree = ncr;
1491 tryagain:
1492         if (rp->r_acache != NULL) {
1493                 cacc = nfs_access_check(rp, acc, cred);
1494                 if (cacc == NFS_ACCESS_ALLOWED) {
1495                         if (ncrfree != NULL)
1496                                 crfree(ncrfree);
1497                         return (0);
1498                 }
1499                 if (cacc == NFS_ACCESS_DENIED) {
1500                         /*
1501                          * If the cred can be adjusted, try again
1502                          * with the new cred.
1503                          */
1504                         if (ncr != NULL) {
1505                                 cred = ncr;
1506                                 ncr = NULL;
1507                                 goto tryagain;
1508                         }
1509                         if (ncrfree != NULL)
1510                                 crfree(ncrfree);
1511                         return (EACCES);
1512                 }
1513         }
1514 
1515         douprintf = 1;
1516 
1517         t = gethrtime();
1518 
1519         error = rfs3call(VTOMI(vp), NFSPROC3_ACCESS,
1520             xdr_ACCESS3args, (caddr_t)&args,
1521             xdr_ACCESS3res, (caddr_t)&res, cred,
1522             &douprintf, &res.status, 0, &fi);
1523 
1524         if (error) {
1525                 if (ncrfree != NULL)
1526                         crfree(ncrfree);
1527                 return (error);
1528         }
1529 
1530         error = geterrno3(res.status);
1531         if (!error) {
1532                 nfs3_cache_post_op_attr(vp, &res.resok.obj_attributes, t, cr);
1533                 nfs_access_cache(rp, args.access, res.resok.access, cred);
1534                 /*
1535                  * we just cached results with cred; if cred is the
1536                  * adjusted credentials from crnetadjust, we do not want
1537                  * to release them before exiting: hence setting ncrfree
1538                  * to NULL
1539                  */
1540                 if (cred != cr)
1541                         ncrfree = NULL;
1542                 if ((acc & res.resok.access) != acc) {
1543                         /*
1544                          * If the cred can be adjusted, try again
1545                          * with the new cred.
1546                          */
1547                         if (ncr != NULL) {
1548                                 cred = ncr;
1549                                 ncr = NULL;
1550                                 goto tryagain;
1551                         }
1552                         error = EACCES;
1553                 }
1554         } else {
1555                 nfs3_cache_post_op_attr(vp, &res.resfail.obj_attributes, t, cr);
1556                 PURGE_STALE_FH(error, vp, cr);
1557         }
1558 
1559         if (ncrfree != NULL)
1560                 crfree(ncrfree);
1561 
1562         return (error);
1563 }
1564 
1565 static int nfs3_do_symlink_cache = 1;
1566 
1567 static int
1568 nfs3_readlink(vnode_t *vp, struct uio *uiop, cred_t *cr)
1569 {
1570         int error;
1571         READLINK3args args;
1572         READLINK3res res;
1573         nfspath3 resdata_backup;
1574         rnode_t *rp;
1575         int douprintf;
1576         int len;
1577         failinfo_t fi;
1578         hrtime_t t;
1579 
1580         /*
1581          * Can't readlink anything other than a symbolic link.
1582          */
1583         if (vp->v_type != VLNK)
1584                 return (EINVAL);
1585         if (nfs_zone() != VTOMI(vp)->mi_zone)
1586                 return (EIO);
1587 
1588         rp = VTOR(vp);
1589         if (nfs3_do_symlink_cache && rp->r_symlink.contents != NULL) {
1590                 error = nfs3_validate_caches(vp, cr);
1591                 if (error)
1592                         return (error);
1593                 mutex_enter(&rp->r_statelock);
1594                 if (rp->r_symlink.contents != NULL) {
1595                         error = uiomove(rp->r_symlink.contents,
1596                             rp->r_symlink.len, UIO_READ, uiop);
1597                         mutex_exit(&rp->r_statelock);
1598                         return (error);
1599                 }
1600                 mutex_exit(&rp->r_statelock);
1601         }
1602 
1603         args.symlink = *VTOFH3(vp);
1604         fi.vp = vp;
1605         fi.fhp = (caddr_t)&args.symlink;
1606         fi.copyproc = nfs3copyfh;
1607         fi.lookupproc = nfs3lookup;
1608         fi.xattrdirproc = acl_getxattrdir3;
1609 
1610         res.resok.data = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1611 
1612         resdata_backup = res.resok.data;
1613 
1614         douprintf = 1;
1615 
1616         t = gethrtime();
1617 
1618         error = rfs3call(VTOMI(vp), NFSPROC3_READLINK,
1619             xdr_nfs_fh3, (caddr_t)&args,
1620             xdr_READLINK3res, (caddr_t)&res, cr,
1621             &douprintf, &res.status, 0, &fi);
1622 
1623         if (res.resok.data == nfs3nametoolong)
1624                 error = EINVAL;
1625 
1626         if (error) {
1627                 kmem_free(resdata_backup, MAXPATHLEN);
1628                 return (error);
1629         }
1630 
1631         error = geterrno3(res.status);
1632         if (!error) {
1633                 nfs3_cache_post_op_attr(vp, &res.resok.symlink_attributes, t,
1634                     cr);
1635                 len = strlen(res.resok.data);
1636                 error = uiomove(res.resok.data, len, UIO_READ, uiop);
1637                 if (nfs3_do_symlink_cache && rp->r_symlink.contents == NULL) {
1638                         mutex_enter(&rp->r_statelock);
1639                                 if (rp->r_symlink.contents == NULL) {
1640                                 rp->r_symlink.contents = res.resok.data;
1641                                 rp->r_symlink.len = len;
1642                                 rp->r_symlink.size = MAXPATHLEN;
1643                                 mutex_exit(&rp->r_statelock);
1644                         } else {
1645                                 mutex_exit(&rp->r_statelock);
1646 
1647                                 kmem_free((void *)res.resok.data, MAXPATHLEN);
1648                         }
1649                 } else {
1650                         kmem_free((void *)res.resok.data, MAXPATHLEN);
1651                 }
1652         } else {
1653                 nfs3_cache_post_op_attr(vp,
1654                     &res.resfail.symlink_attributes, t, cr);
1655                 PURGE_STALE_FH(error, vp, cr);
1656 
1657                 kmem_free((void *)res.resok.data, MAXPATHLEN);
1658 
1659         }
1660 
1661         /*
1662          * The over the wire error for attempting to readlink something
1663          * other than a symbolic link is ENXIO.  However, we need to
1664          * return EINVAL instead of ENXIO, so we map it here.
1665          */
1666         return (error == ENXIO ? EINVAL : error);
1667 }
1668 
1669 /*
1670  * Flush local dirty pages to stable storage on the server.
1671  *
1672  * If FNODSYNC is specified, then there is nothing to do because
1673  * metadata changes are not cached on the client before being
1674  * sent to the server.
1675  */
1676 static int
1677 nfs3_fsync(vnode_t *vp, int syncflag, cred_t *cr)
1678 {
1679         int error;
1680 
1681         if ((syncflag & FNODSYNC) || IS_SWAPVP(vp))
1682                 return (0);
1683         if (nfs_zone() != VTOMI(vp)->mi_zone)
1684                 return (EIO);
1685 
1686         error = nfs3_putpage_commit(vp, (offset_t)0, 0, cr);
1687         if (!error)
1688                 error = VTOR(vp)->r_error;
1689         return (error);
1690 }
1691 
1692 /*
1693  * Weirdness: if the file was removed or the target of a rename
1694  * operation while it was open, it got renamed instead.  Here we
1695  * remove the renamed file.
1696  */
1697 static void
1698 nfs3_inactive(vnode_t *vp, cred_t *cr)
1699 {
1700         rnode_t *rp;
1701 
1702         ASSERT(vp != DNLC_NO_VNODE);
1703 
1704         /*
1705          * If this is coming from the wrong zone, we let someone in the right
1706          * zone take care of it asynchronously.  We can get here due to
1707          * VN_RELE() being called from pageout() or fsflush().  This call may
1708          * potentially turn into an expensive no-op if, for instance, v_count
1709          * gets incremented in the meantime, but it's still correct.
1710          */
1711         if (nfs_zone() != VTOMI(vp)->mi_zone) {
1712                 nfs_async_inactive(vp, cr, nfs3_inactive);
1713                 return;
1714         }
1715 
1716         rp = VTOR(vp);
1717 redo:
1718         if (rp->r_unldvp != NULL) {
1719                 /*
1720                  * Save the vnode pointer for the directory where the
1721                  * unlinked-open file got renamed, then set it to NULL
1722                  * to prevent another thread from getting here before
1723                  * we're done with the remove.  While we have the
1724                  * statelock, make local copies of the pertinent rnode
1725                  * fields.  If we weren't to do this in an atomic way, the
1726                  * the unl* fields could become inconsistent with respect
1727                  * to each other due to a race condition between this
1728                  * code and nfs_remove().  See bug report 1034328.
1729                  */
1730                 mutex_enter(&rp->r_statelock);
1731                 if (rp->r_unldvp != NULL) {
1732                         vnode_t *unldvp;
1733                         char *unlname;
1734                         cred_t *unlcred;
1735                         REMOVE3args args;
1736                         REMOVE3res res;
1737                         int douprintf;
1738                         int error;
1739                         hrtime_t t;
1740 
1741                         unldvp = rp->r_unldvp;
1742                         rp->r_unldvp = NULL;
1743                         unlname = rp->r_unlname;
1744                         rp->r_unlname = NULL;
1745                         unlcred = rp->r_unlcred;
1746                         rp->r_unlcred = NULL;
1747                         mutex_exit(&rp->r_statelock);
1748 
1749                         /*
1750                          * If there are any dirty pages left, then flush
1751                          * them.  This is unfortunate because they just
1752                          * may get thrown away during the remove operation,
1753                          * but we have to do this for correctness.
1754                          */
1755                         if (vn_has_cached_data(vp) &&
1756                             ((rp->r_flags & RDIRTY) || rp->r_count > 0)) {
1757                                 ASSERT(vp->v_type != VCHR);
1758                                 error = nfs3_putpage(vp, (offset_t)0, 0, 0, cr);
1759                                 if (error) {
1760                                         mutex_enter(&rp->r_statelock);
1761                                         if (!rp->r_error)
1762                                                 rp->r_error = error;
1763                                         mutex_exit(&rp->r_statelock);
1764                                 }
1765                         }
1766 
1767                         /*
1768                          * Do the remove operation on the renamed file
1769                          */
1770                         setdiropargs3(&args.object, unlname, unldvp);
1771 
1772                         douprintf = 1;
1773 
1774                         t = gethrtime();
1775 
1776                         error = rfs3call(VTOMI(unldvp), NFSPROC3_REMOVE,
1777                             xdr_diropargs3, (caddr_t)&args,
1778                             xdr_REMOVE3res, (caddr_t)&res, unlcred,
1779                             &douprintf, &res.status, 0, NULL);
1780 
1781                         if (error) {
1782                                 PURGE_ATTRCACHE(unldvp);
1783                         } else {
1784                                 error = geterrno3(res.status);
1785                                 if (!error) {
1786                                         nfs3_cache_wcc_data(unldvp,
1787                                             &res.resok.dir_wcc, t, cr);
1788                                         if (HAVE_RDDIR_CACHE(VTOR(unldvp)))
1789                                                 nfs_purge_rddir_cache(unldvp);
1790                                 } else {
1791                                         nfs3_cache_wcc_data(unldvp,
1792                                             &res.resfail.dir_wcc, t, cr);
1793                                         PURGE_STALE_FH(error, unldvp, cr);
1794                                 }
1795                         }
1796 
1797                         /*
1798                          * Release stuff held for the remove
1799                          */
1800                         VN_RELE(unldvp);
1801                         kmem_free(unlname, MAXNAMELEN);
1802                         crfree(unlcred);
1803                         goto redo;
1804                 }
1805                 mutex_exit(&rp->r_statelock);
1806         }
1807 
1808         rp_addfree(rp, cr);
1809 }
1810 
1811 /*
1812  * Remote file system operations having to do with directory manipulation.
1813  */
1814 
1815 static int
1816 nfs3_lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1817         int flags, vnode_t *rdir, cred_t *cr)
1818 {
1819         int error;
1820         vnode_t *vp;
1821         vnode_t *avp = NULL;
1822         rnode_t *drp;
1823 
1824         if (nfs_zone() != VTOMI(dvp)->mi_zone)
1825                 return (EPERM);
1826 
1827         drp = VTOR(dvp);
1828 
1829         /*
1830          * Are we looking up extended attributes?  If so, "dvp" is
1831          * the file or directory for which we want attributes, and
1832          * we need a lookup of the hidden attribute directory
1833          * before we lookup the rest of the path.
1834          */
1835         if (flags & LOOKUP_XATTR) {
1836                 bool_t cflag = ((flags & CREATE_XATTR_DIR) != 0);
1837                 mntinfo_t *mi;
1838 
1839                 mi = VTOMI(dvp);
1840                 if (!(mi->mi_flags & MI_EXTATTR))
1841                         return (EINVAL);
1842 
1843                 if (nfs_rw_enter_sig(&drp->r_rwlock, RW_READER, INTR(dvp)))
1844                         return (EINTR);
1845 
1846                 (void) nfs3lookup_dnlc(dvp, XATTR_DIR_NAME, &avp, cr);
1847                 if (avp == NULL)
1848                         error = acl_getxattrdir3(dvp, &avp, cflag, cr, 0);
1849                 else
1850                         error = 0;
1851 
1852                 nfs_rw_exit(&drp->r_rwlock);
1853 
1854                 if (error) {
1855                         if (mi->mi_flags & MI_EXTATTR)
1856                                 return (error);
1857                         return (EINVAL);
1858                 }
1859                 dvp = avp;
1860                 drp = VTOR(dvp);
1861         }
1862 
1863         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_READER, INTR(dvp))) {
1864                 error = EINTR;
1865                 goto out;
1866         }
1867 
1868         error = nfs3lookup(dvp, nm, vpp, pnp, flags, rdir, cr, 0);
1869 
1870         nfs_rw_exit(&drp->r_rwlock);
1871 
1872         /*
1873          * If vnode is a device, create special vnode.
1874          */
1875         if (!error && IS_DEVVP(*vpp)) {
1876                 vp = *vpp;
1877                 *vpp = specvp(vp, vp->v_rdev, vp->v_type, cr);
1878                 VN_RELE(vp);
1879         }
1880 
1881 out:
1882         if (avp != NULL)
1883                 VN_RELE(avp);
1884 
1885         return (error);
1886 }
1887 
1888 static int nfs3_lookup_neg_cache = 1;
1889 
1890 #ifdef DEBUG
1891 static int nfs3_lookup_dnlc_hits = 0;
1892 static int nfs3_lookup_dnlc_misses = 0;
1893 static int nfs3_lookup_dnlc_neg_hits = 0;
1894 static int nfs3_lookup_dnlc_disappears = 0;
1895 static int nfs3_lookup_dnlc_lookups = 0;
1896 #endif
1897 
1898 /* ARGSUSED */
1899 int
1900 nfs3lookup(vnode_t *dvp, char *nm, vnode_t **vpp, struct pathname *pnp,
1901         int flags, vnode_t *rdir, cred_t *cr, int rfscall_flags)
1902 {
1903         int error;
1904         rnode_t *drp;
1905 
1906         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
1907         /*
1908          * If lookup is for "", just return dvp.  Don't need
1909          * to send it over the wire, look it up in the dnlc,
1910          * or perform any access checks.
1911          */
1912         if (*nm == '\0') {
1913                 VN_HOLD(dvp);
1914                 *vpp = dvp;
1915                 return (0);
1916         }
1917 
1918         /*
1919          * Can't do lookups in non-directories.
1920          */
1921         if (dvp->v_type != VDIR)
1922                 return (ENOTDIR);
1923 
1924         /*
1925          * If we're called with RFSCALL_SOFT, it's important that
1926          * the only rfscall is one we make directly; if we permit
1927          * an access call because we're looking up "." or validating
1928          * a dnlc hit, we'll deadlock because that rfscall will not
1929          * have the RFSCALL_SOFT set.
1930          */
1931         if (rfscall_flags & RFSCALL_SOFT)
1932                 goto callit;
1933 
1934         /*
1935          * If lookup is for ".", just return dvp.  Don't need
1936          * to send it over the wire or look it up in the dnlc,
1937          * just need to check access.
1938          */
1939         if (strcmp(nm, ".") == 0) {
1940                 error = nfs3_access(dvp, VEXEC, 0, cr);
1941                 if (error)
1942                         return (error);
1943                 VN_HOLD(dvp);
1944                 *vpp = dvp;
1945                 return (0);
1946         }
1947 
1948         drp = VTOR(dvp);
1949         if (!(drp->r_flags & RLOOKUP)) {
1950                 mutex_enter(&drp->r_statelock);
1951                 drp->r_flags |= RLOOKUP;
1952                 mutex_exit(&drp->r_statelock);
1953         }
1954 
1955         /*
1956          * Lookup this name in the DNLC.  If there was a valid entry,
1957          * then return the results of the lookup.
1958          */
1959         error = nfs3lookup_dnlc(dvp, nm, vpp, cr);
1960         if (error || *vpp != NULL)
1961                 return (error);
1962 
1963 callit:
1964         error = nfs3lookup_otw(dvp, nm, vpp, cr, rfscall_flags);
1965 
1966         return (error);
1967 }
1968 
1969 static int
1970 nfs3lookup_dnlc(vnode_t *dvp, char *nm, vnode_t **vpp, cred_t *cr)
1971 {
1972         int error;
1973         vnode_t *vp;
1974 
1975         ASSERT(*nm != '\0');
1976         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
1977         /*
1978          * Lookup this name in the DNLC.  If successful, then validate
1979          * the caches and then recheck the DNLC.  The DNLC is rechecked
1980          * just in case this entry got invalidated during the call
1981          * to nfs3_validate_caches.
1982          *
1983          * An assumption is being made that it is safe to say that a
1984          * file exists which may not on the server.  Any operations to
1985          * the server will fail with ESTALE.
1986          */
1987 #ifdef DEBUG
1988         nfs3_lookup_dnlc_lookups++;
1989 #endif
1990         vp = dnlc_lookup(dvp, nm);
1991         if (vp != NULL) {
1992                 VN_RELE(vp);
1993                 if (vp == DNLC_NO_VNODE && !vn_is_readonly(dvp)) {
1994                         PURGE_ATTRCACHE(dvp);
1995                 }
1996                 error = nfs3_validate_caches(dvp, cr);
1997                 if (error)
1998                         return (error);
1999                 vp = dnlc_lookup(dvp, nm);
2000                 if (vp != NULL) {
2001                         error = nfs3_access(dvp, VEXEC, 0, cr);
2002                         if (error) {
2003                                 VN_RELE(vp);
2004                                 return (error);
2005                         }
2006                         if (vp == DNLC_NO_VNODE) {
2007                                 VN_RELE(vp);
2008 #ifdef DEBUG
2009                                 nfs3_lookup_dnlc_neg_hits++;
2010 #endif
2011                                 return (ENOENT);
2012                         }
2013                         *vpp = vp;
2014 #ifdef DEBUG
2015                         nfs3_lookup_dnlc_hits++;
2016 #endif
2017                         return (0);
2018                 }
2019 #ifdef DEBUG
2020                 nfs3_lookup_dnlc_disappears++;
2021 #endif
2022         }
2023 #ifdef DEBUG
2024         else
2025                 nfs3_lookup_dnlc_misses++;
2026 #endif
2027 
2028         *vpp = NULL;
2029 
2030         return (0);
2031 }
2032 
2033 static int
2034 nfs3lookup_otw(vnode_t *dvp, char *nm, vnode_t **vpp, cred_t *cr,
2035         int rfscall_flags)
2036 {
2037         int error;
2038         LOOKUP3args args;
2039         LOOKUP3vres res;
2040         int douprintf;
2041         struct vattr vattr;
2042         struct vattr dvattr;
2043         vnode_t *vp;
2044         failinfo_t fi;
2045         hrtime_t t;
2046 
2047         ASSERT(*nm != '\0');
2048         ASSERT(dvp->v_type == VDIR);
2049         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
2050 
2051         setdiropargs3(&args.what, nm, dvp);
2052 
2053         fi.vp = dvp;
2054         fi.fhp = (caddr_t)&args.what.dir;
2055         fi.copyproc = nfs3copyfh;
2056         fi.lookupproc = nfs3lookup;
2057         fi.xattrdirproc = acl_getxattrdir3;
2058         res.obj_attributes.fres.vp = dvp;
2059         res.obj_attributes.fres.vap = &vattr;
2060         res.dir_attributes.fres.vp = dvp;
2061         res.dir_attributes.fres.vap = &dvattr;
2062 
2063         douprintf = 1;
2064 
2065         t = gethrtime();
2066 
2067         error = rfs3call(VTOMI(dvp), NFSPROC3_LOOKUP,
2068             xdr_diropargs3, (caddr_t)&args,
2069             xdr_LOOKUP3vres, (caddr_t)&res, cr,
2070             &douprintf, &res.status, rfscall_flags, &fi);
2071 
2072         if (error)
2073                 return (error);
2074 
2075         nfs3_cache_post_op_vattr(dvp, &res.dir_attributes, t, cr);
2076 
2077         error = geterrno3(res.status);
2078         if (error) {
2079                 PURGE_STALE_FH(error, dvp, cr);
2080                 if (error == ENOENT && nfs3_lookup_neg_cache)
2081                         dnlc_enter(dvp, nm, DNLC_NO_VNODE);
2082                 return (error);
2083         }
2084 
2085         if (res.obj_attributes.attributes) {
2086                 vp = makenfs3node_va(&res.object, res.obj_attributes.fres.vap,
2087                                 dvp->v_vfsp, t, cr, VTOR(dvp)->r_path, nm);
2088         } else {
2089                 vp = makenfs3node_va(&res.object, NULL,
2090                                 dvp->v_vfsp, t, cr, VTOR(dvp)->r_path, nm);
2091                 if (vp->v_type == VNON) {
2092                         vattr.va_mask = AT_TYPE;
2093                         error = nfs3getattr(vp, &vattr, cr);
2094                         if (error) {
2095                                 VN_RELE(vp);
2096                                 return (error);
2097                         }
2098                         vp->v_type = vattr.va_type;
2099                 }
2100         }
2101 
2102         if (!(rfscall_flags & RFSCALL_SOFT))
2103                 dnlc_update(dvp, nm, vp);
2104 
2105         *vpp = vp;
2106 
2107         return (error);
2108 }
2109 
2110 #ifdef DEBUG
2111 static int nfs3_create_misses = 0;
2112 #endif
2113 
2114 /* ARGSUSED */
2115 static int
2116 nfs3_create(vnode_t *dvp, char *nm, struct vattr *va, enum vcexcl exclusive,
2117         int mode, vnode_t **vpp, cred_t *cr, int lfaware)
2118 {
2119         int error;
2120         vnode_t *vp;
2121         rnode_t *rp;
2122         struct vattr vattr;
2123         rnode_t *drp;
2124         vnode_t *tempvp;
2125 
2126         drp = VTOR(dvp);
2127         if (nfs_zone() != VTOMI(dvp)->mi_zone)
2128                 return (EPERM);
2129         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
2130                 return (EINTR);
2131 
2132 top:
2133         /*
2134          * We make a copy of the attributes because the caller does not
2135          * expect us to change what va points to.
2136          */
2137         vattr = *va;
2138 
2139         /*
2140          * If the pathname is "", just use dvp.  Don't need
2141          * to send it over the wire, look it up in the dnlc,
2142          * or perform any access checks.
2143          */
2144         if (*nm == '\0') {
2145                 error = 0;
2146                 VN_HOLD(dvp);
2147                 vp = dvp;
2148         /*
2149          * If the pathname is ".", just use dvp.  Don't need
2150          * to send it over the wire or look it up in the dnlc,
2151          * just need to check access.
2152          */
2153         } else if (strcmp(nm, ".") == 0) {
2154                 error = nfs3_access(dvp, VEXEC, 0, cr);
2155                 if (error) {
2156                         nfs_rw_exit(&drp->r_rwlock);
2157                         return (error);
2158                 }
2159                 VN_HOLD(dvp);
2160                 vp = dvp;
2161         /*
2162          * We need to go over the wire, just to be sure whether the
2163          * file exists or not.  Using the DNLC can be dangerous in
2164          * this case when making a decision regarding existence.
2165          */
2166         } else {
2167                 error = nfs3lookup_otw(dvp, nm, &vp, cr, 0);
2168         }
2169         if (!error) {
2170                 if (exclusive == EXCL)
2171                         error = EEXIST;
2172                 else if (vp->v_type == VDIR && (mode & VWRITE))
2173                         error = EISDIR;
2174                 else {
2175                         /*
2176                          * If vnode is a device, create special vnode.
2177                          */
2178                         if (IS_DEVVP(vp)) {
2179                                 tempvp = vp;
2180                                 vp = specvp(vp, vp->v_rdev, vp->v_type, cr);
2181                                 VN_RELE(tempvp);
2182                         }
2183                         if (!(error = VOP_ACCESS(vp, mode, 0, cr))) {
2184                                 if ((vattr.va_mask & AT_SIZE) &&
2185                                     vp->v_type == VREG) {
2186                                         rp = VTOR(vp);
2187                                         /*
2188                                          * Check here for large file handled
2189                                          * by LF-unaware process (as
2190                                          * ufs_create() does)
2191                                          */
2192                                         if (!(lfaware & FOFFMAX)) {
2193                                                 mutex_enter(&rp->r_statelock);
2194                                                 if (rp->r_size > MAXOFF32_T)
2195                                                         error = EOVERFLOW;
2196                                                 mutex_exit(&rp->r_statelock);
2197                                         }
2198                                         if (!error) {
2199                                                 vattr.va_mask = AT_SIZE;
2200                                                 error = nfs3setattr(vp,
2201                                                     &vattr, 0, cr);
2202                                         }
2203                                 }
2204                         }
2205                 }
2206                 nfs_rw_exit(&drp->r_rwlock);
2207                 if (error) {
2208                         VN_RELE(vp);
2209                 } else
2210                         *vpp = vp;
2211                 return (error);
2212         }
2213 
2214         dnlc_remove(dvp, nm);
2215 
2216         /*
2217          * Decide what the group-id of the created file should be.
2218          * Set it in attribute list as advisory...
2219          */
2220         error = setdirgid(dvp, &vattr.va_gid, cr);
2221         if (error) {
2222                 nfs_rw_exit(&drp->r_rwlock);
2223                 return (error);
2224         }
2225         vattr.va_mask |= AT_GID;
2226 
2227         ASSERT(vattr.va_mask & AT_TYPE);
2228         if (vattr.va_type == VREG) {
2229                 ASSERT(vattr.va_mask & AT_MODE);
2230                 if (MANDMODE(vattr.va_mode)) {
2231                         nfs_rw_exit(&drp->r_rwlock);
2232                         return (EACCES);
2233                 }
2234                 error = nfs3create(dvp, nm, &vattr, exclusive, mode, vpp, cr,
2235                     lfaware);
2236                 /*
2237                  * If this is not an exclusive create, then the CREATE
2238                  * request will be made with the GUARDED mode set.  This
2239                  * means that the server will return EEXIST if the file
2240                  * exists.  The file could exist because of a retransmitted
2241                  * request.  In this case, we recover by starting over and
2242                  * checking to see whether the file exists.  This second
2243                  * time through it should and a CREATE request will not be
2244                  * sent.
2245                  *
2246                  * This handles the problem of a dangling CREATE request
2247                  * which contains attributes which indicate that the file
2248                  * should be truncated.  This retransmitted request could
2249                  * possibly truncate valid data in the file if not caught
2250                  * by the duplicate request mechanism on the server or if
2251                  * not caught by other means.  The scenario is:
2252                  *
2253                  * Client transmits CREATE request with size = 0
2254                  * Client times out, retransmits request.
2255                  * Response to the first request arrives from the server
2256                  *  and the client proceeds on.
2257                  * Client writes data to the file.
2258                  * The server now processes retransmitted CREATE request
2259                  *  and truncates file.
2260                  *
2261                  * The use of the GUARDED CREATE request prevents this from
2262                  * happening because the retransmitted CREATE would fail
2263                  * with EEXIST and would not truncate the file.
2264                  */
2265                 if (error == EEXIST && exclusive == NONEXCL) {
2266 #ifdef DEBUG
2267                         nfs3_create_misses++;
2268 #endif
2269                         goto top;
2270                 }
2271                 nfs_rw_exit(&drp->r_rwlock);
2272                 return (error);
2273         }
2274         error = nfs3mknod(dvp, nm, &vattr, exclusive, mode, vpp, cr);
2275         nfs_rw_exit(&drp->r_rwlock);
2276         return (error);
2277 }
2278 
2279 /* ARGSUSED */
2280 static int
2281 nfs3create(vnode_t *dvp, char *nm, struct vattr *va, enum vcexcl exclusive,
2282         int mode, vnode_t **vpp, cred_t *cr, int lfaware)
2283 {
2284         int error;
2285         CREATE3args args;
2286         CREATE3res res;
2287         int douprintf;
2288         vnode_t *vp;
2289         struct vattr vattr;
2290         nfstime3 *verfp;
2291         rnode_t *rp;
2292         timestruc_t now;
2293         hrtime_t t;
2294 
2295         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
2296         setdiropargs3(&args.where, nm, dvp);
2297         if (exclusive == EXCL) {
2298                 args.how.mode = EXCLUSIVE;
2299                 /*
2300                  * Construct the create verifier.  This verifier needs
2301                  * to be unique between different clients.  It also needs
2302                  * to vary for each exclusive create request generated
2303                  * from the client to the server.
2304                  *
2305                  * The first attempt is made to use the hostid and a
2306                  * unique number on the client.  If the hostid has not
2307                  * been set, the high resolution time that the exclusive
2308                  * create request is being made is used.  This will work
2309                  * unless two different clients, both with the hostid
2310                  * not set, attempt an exclusive create request on the
2311                  * same file, at exactly the same clock time.  The
2312                  * chances of this happening seem small enough to be
2313                  * reasonable.
2314                  */
2315                 verfp = (nfstime3 *)&args.how.createhow3_u.verf;
2316                 verfp->seconds = nfs_atoi(hw_serial);
2317                 if (verfp->seconds != 0)
2318                         verfp->nseconds = newnum();
2319                 else {
2320                         gethrestime(&now);
2321                         verfp->seconds = now.tv_sec;
2322                         verfp->nseconds = now.tv_nsec;
2323                 }
2324                 /*
2325                  * Since the server will use this value for the mtime,
2326                  * make sure that it can't overflow. Zero out the MSB.
2327                  * The actual value does not matter here, only its uniqeness.
2328                  */
2329                 verfp->seconds %= INT32_MAX;
2330         } else {
2331                 /*
2332                  * Issue the non-exclusive create in guarded mode.  This
2333                  * may result in some false EEXIST responses for
2334                  * retransmitted requests, but these will be handled at
2335                  * a higher level.  By using GUARDED, duplicate requests
2336                  * to do file truncation and possible access problems
2337                  * can be avoided.
2338                  */
2339                 args.how.mode = GUARDED;
2340                 error = vattr_to_sattr3(va,
2341                                 &args.how.createhow3_u.obj_attributes);
2342                 if (error) {
2343                         /* req time field(s) overflow - return immediately */
2344                         return (error);
2345                 }
2346         }
2347 
2348         douprintf = 1;
2349 
2350         t = gethrtime();
2351 
2352         error = rfs3call(VTOMI(dvp), NFSPROC3_CREATE,
2353             xdr_CREATE3args, (caddr_t)&args,
2354             xdr_CREATE3res, (caddr_t)&res, cr,
2355             &douprintf, &res.status, 0, NULL);
2356 
2357         if (error) {
2358                 PURGE_ATTRCACHE(dvp);
2359                 return (error);
2360         }
2361 
2362         error = geterrno3(res.status);
2363         if (!error) {
2364                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
2365                 if (HAVE_RDDIR_CACHE(VTOR(dvp)))
2366                         nfs_purge_rddir_cache(dvp);
2367 
2368                 /*
2369                  * On exclusive create the times need to be explicitly
2370                  * set to clear any potential verifier that may be stored
2371                  * in one of these fields (see comment below).  This
2372                  * is done here to cover the case where no post op attrs
2373                  * were returned or a 'invalid' time was returned in
2374                  * the attributes.
2375                  */
2376                 if (exclusive == EXCL)
2377                         va->va_mask |= (AT_MTIME | AT_ATIME);
2378 
2379                 if (!res.resok.obj.handle_follows) {
2380                         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
2381                         if (error)
2382                                 return (error);
2383                 } else {
2384                         if (res.resok.obj_attributes.attributes) {
2385                                 vp = makenfs3node(&res.resok.obj.handle,
2386                                     &res.resok.obj_attributes.attr,
2387                                     dvp->v_vfsp, t, cr, NULL, NULL);
2388                         } else {
2389                                 vp = makenfs3node(&res.resok.obj.handle, NULL,
2390                                     dvp->v_vfsp, t, cr, NULL, NULL);
2391 
2392                                 /*
2393                                  * On an exclusive create, it is possible
2394                                  * that attributes were returned but those
2395                                  * postop attributes failed to decode
2396                                  * properly.  If this is the case,
2397                                  * then most likely the atime or mtime
2398                                  * were invalid for our client; this
2399                                  * is caused by the server storing the
2400                                  * create verifier in one of the time
2401                                  * fields(most likely mtime).
2402                                  * So... we are going to setattr just the
2403                                  * atime/mtime to clear things up.
2404                                  */
2405                                 if (exclusive == EXCL) {
2406                                         if (error =
2407                                                 nfs3excl_create_settimes(vp,
2408                                                         va, cr)) {
2409                                                 /*
2410                                                  * Setting the times failed.
2411                                                  * Remove the file and return
2412                                                  * the error.
2413                                                  */
2414                                                 VN_RELE(vp);
2415                                                 (void) nfs3_remove(dvp,
2416                                                         nm, cr);
2417                                                 return (error);
2418                                         }
2419                                 }
2420 
2421                                 /*
2422                                  * This handles the non-exclusive case
2423                                  * and the exclusive case where no post op
2424                                  * attrs were returned.
2425                                  */
2426                                 if (vp->v_type == VNON) {
2427                                         vattr.va_mask = AT_TYPE;
2428                                         error = nfs3getattr(vp, &vattr, cr);
2429                                         if (error) {
2430                                                 VN_RELE(vp);
2431                                                 return (error);
2432                                         }
2433                                         vp->v_type = vattr.va_type;
2434                                 }
2435                         }
2436                         dnlc_update(dvp, nm, vp);
2437                 }
2438 
2439                 rp = VTOR(vp);
2440 
2441                 /*
2442                  * Check here for large file handled by
2443                  * LF-unaware process (as ufs_create() does)
2444                  */
2445                 if ((va->va_mask & AT_SIZE) && vp->v_type == VREG &&
2446                     !(lfaware & FOFFMAX)) {
2447                         mutex_enter(&rp->r_statelock);
2448                         if (rp->r_size > MAXOFF32_T) {
2449                                 mutex_exit(&rp->r_statelock);
2450                                 VN_RELE(vp);
2451                                 return (EOVERFLOW);
2452                         }
2453                         mutex_exit(&rp->r_statelock);
2454                 }
2455 
2456                 if (exclusive == EXCL &&
2457                         (va->va_mask & ~(AT_GID | AT_SIZE))) {
2458                         /*
2459                          * If doing an exclusive create, then generate
2460                          * a SETATTR to set the initial attributes.
2461                          * Try to set the mtime and the atime to the
2462                          * server's current time.  It is somewhat
2463                          * expected that these fields will be used to
2464                          * store the exclusive create cookie.  If not,
2465                          * server implementors will need to know that
2466                          * a SETATTR will follow an exclusive create
2467                          * and the cookie should be destroyed if
2468                          * appropriate. This work may have been done
2469                          * earlier in this function if post op attrs
2470                          * were not available.
2471                          *
2472                          * The AT_GID and AT_SIZE bits are turned off
2473                          * so that the SETATTR request will not attempt
2474                          * to process these.  The gid will be set
2475                          * separately if appropriate.  The size is turned
2476                          * off because it is assumed that a new file will
2477                          * be created empty and if the file wasn't empty,
2478                          * then the exclusive create will have failed
2479                          * because the file must have existed already.
2480                          * Therefore, no truncate operation is needed.
2481                          */
2482                         va->va_mask &= ~(AT_GID | AT_SIZE);
2483                         error = nfs3setattr(vp, va, 0, cr);
2484                         if (error) {
2485                                 /*
2486                                  * Couldn't correct the attributes of
2487                                  * the newly created file and the
2488                                  * attributes are wrong.  Remove the
2489                                  * file and return an error to the
2490                                  * application.
2491                                  */
2492                                 VN_RELE(vp);
2493                                 (void) nfs3_remove(dvp, nm, cr);
2494                                 return (error);
2495                         }
2496                 }
2497 
2498                 if (va->va_gid != rp->r_attr.va_gid) {
2499                         /*
2500                          * If the gid on the file isn't right, then
2501                          * generate a SETATTR to attempt to change
2502                          * it.  This may or may not work, depending
2503                          * upon the server's semantics for allowing
2504                          * file ownership changes.
2505                          */
2506                         va->va_mask = AT_GID;
2507                         (void) nfs3setattr(vp, va, 0, cr);
2508                 }
2509 
2510                 /*
2511                  * If vnode is a device create special vnode
2512                  */
2513                 if (IS_DEVVP(vp)) {
2514                         *vpp = specvp(vp, vp->v_rdev, vp->v_type, cr);
2515                         VN_RELE(vp);
2516                 } else
2517                         *vpp = vp;
2518         } else {
2519                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
2520                 PURGE_STALE_FH(error, dvp, cr);
2521         }
2522 
2523         return (error);
2524 }
2525 
2526 /*
2527  * Special setattr function to take care of rest of atime/mtime
2528  * after successful exclusive create.  This function exists to avoid
2529  * handling attributes from the server; exclusive the atime/mtime fields
2530  * may be 'invalid' in client's view and therefore can not be trusted.
2531  */
2532 static int
2533 nfs3excl_create_settimes(vnode_t *vp, struct vattr *vap, cred_t *cr)
2534 {
2535         int error;
2536         uint_t mask;
2537         SETATTR3args args;
2538         SETATTR3res res;
2539         int douprintf;
2540         rnode_t *rp;
2541         hrtime_t t;
2542 
2543         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
2544         /* save the caller's mask so that it can be reset later */
2545         mask = vap->va_mask;
2546 
2547         rp = VTOR(vp);
2548 
2549         args.object = *RTOFH3(rp);
2550         args.guard.check = FALSE;
2551 
2552         /* Use the mask to initialize the arguments */
2553         vap->va_mask = 0;
2554         error = vattr_to_sattr3(vap, &args.new_attributes);
2555 
2556         /* We want to set just atime/mtime on this request */
2557         args.new_attributes.atime.set_it = SET_TO_SERVER_TIME;
2558         args.new_attributes.mtime.set_it = SET_TO_SERVER_TIME;
2559 
2560         douprintf = 1;
2561 
2562         t = gethrtime();
2563 
2564         error = rfs3call(VTOMI(vp), NFSPROC3_SETATTR,
2565             xdr_SETATTR3args, (caddr_t)&args,
2566             xdr_SETATTR3res, (caddr_t)&res, cr,
2567             &douprintf, &res.status, 0, NULL);
2568 
2569         if (error) {
2570                 vap->va_mask = mask;
2571                 return (error);
2572         }
2573 
2574         error = geterrno3(res.status);
2575         if (!error) {
2576                 /*
2577                  * It is important to pick up the attributes.
2578                  * Since this is the exclusive create path, the
2579                  * attributes on the initial create were ignored
2580                  * and we need these to have the correct info.
2581                  */
2582                 nfs3_cache_wcc_data(vp, &res.resok.obj_wcc, t, cr);
2583                 /*
2584                  * No need to do the atime/mtime work again so clear
2585                  * the bits.
2586                  */
2587                 mask &= ~(AT_ATIME | AT_MTIME);
2588         } else {
2589                 nfs3_cache_wcc_data(vp, &res.resfail.obj_wcc, t, cr);
2590         }
2591 
2592         vap->va_mask = mask;
2593 
2594         return (error);
2595 }
2596 
2597 /* ARGSUSED */
2598 static int
2599 nfs3mknod(vnode_t *dvp, char *nm, struct vattr *va, enum vcexcl exclusive,
2600         int mode, vnode_t **vpp, cred_t *cr)
2601 {
2602         int error;
2603         MKNOD3args args;
2604         MKNOD3res res;
2605         int douprintf;
2606         vnode_t *vp;
2607         struct vattr vattr;
2608         hrtime_t t;
2609 
2610         ASSERT(nfs_zone() == VTOMI(dvp)->mi_zone);
2611         switch (va->va_type) {
2612         case VCHR:
2613         case VBLK:
2614                 setdiropargs3(&args.where, nm, dvp);
2615                 args.what.type = (va->va_type == VCHR) ? NF3CHR : NF3BLK;
2616                 error = vattr_to_sattr3(va,
2617                     &args.what.mknoddata3_u.device.dev_attributes);
2618                 if (error) {
2619                         /* req time field(s) overflow - return immediately */
2620                         return (error);
2621                 }
2622                 args.what.mknoddata3_u.device.spec.specdata1 =
2623                     getmajor(va->va_rdev);
2624                 args.what.mknoddata3_u.device.spec.specdata2 =
2625                     getminor(va->va_rdev);
2626                 break;
2627 
2628         case VFIFO:
2629         case VSOCK:
2630                 setdiropargs3(&args.where, nm, dvp);
2631                 args.what.type = (va->va_type == VFIFO) ? NF3FIFO : NF3SOCK;
2632                 error = vattr_to_sattr3(va,
2633                                 &args.what.mknoddata3_u.pipe_attributes);
2634                 if (error) {
2635                         /* req time field(s) overflow - return immediately */
2636                         return (error);
2637                 }
2638                 break;
2639 
2640         default:
2641                 return (EINVAL);
2642         }
2643 
2644         douprintf = 1;
2645 
2646         t = gethrtime();
2647 
2648         error = rfs3call(VTOMI(dvp), NFSPROC3_MKNOD,
2649             xdr_MKNOD3args, (caddr_t)&args,
2650             xdr_MKNOD3res, (caddr_t)&res, cr,
2651             &douprintf, &res.status, 0, NULL);
2652 
2653         if (error) {
2654                 PURGE_ATTRCACHE(dvp);
2655                 return (error);
2656         }
2657 
2658         error = geterrno3(res.status);
2659         if (!error) {
2660                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
2661                 if (HAVE_RDDIR_CACHE(VTOR(dvp)))
2662                         nfs_purge_rddir_cache(dvp);
2663 
2664                 if (!res.resok.obj.handle_follows) {
2665                         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
2666                         if (error)
2667                                 return (error);
2668                 } else {
2669                         if (res.resok.obj_attributes.attributes) {
2670                                 vp = makenfs3node(&res.resok.obj.handle,
2671                                     &res.resok.obj_attributes.attr,
2672                                     dvp->v_vfsp, t, cr, NULL, NULL);
2673                         } else {
2674                                 vp = makenfs3node(&res.resok.obj.handle, NULL,
2675                                     dvp->v_vfsp, t, cr, NULL, NULL);
2676                                 if (vp->v_type == VNON) {
2677                                         vattr.va_mask = AT_TYPE;
2678                                         error = nfs3getattr(vp, &vattr, cr);
2679                                         if (error) {
2680                                                 VN_RELE(vp);
2681                                                 return (error);
2682                                         }
2683                                         vp->v_type = vattr.va_type;
2684                                 }
2685 
2686                         }
2687                         dnlc_update(dvp, nm, vp);
2688                 }
2689 
2690                 if (va->va_gid != VTOR(vp)->r_attr.va_gid) {
2691                         va->va_mask = AT_GID;
2692                         (void) nfs3setattr(vp, va, 0, cr);
2693                 }
2694 
2695                 /*
2696                  * If vnode is a device create special vnode
2697                  */
2698                 if (IS_DEVVP(vp)) {
2699                         *vpp = specvp(vp, vp->v_rdev, vp->v_type, cr);
2700                         VN_RELE(vp);
2701                 } else
2702                         *vpp = vp;
2703         } else {
2704                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
2705                 PURGE_STALE_FH(error, dvp, cr);
2706         }
2707         return (error);
2708 }
2709 
2710 /*
2711  * Weirdness: if the vnode to be removed is open
2712  * we rename it instead of removing it and nfs_inactive
2713  * will remove the new name.
2714  */
2715 static int
2716 nfs3_remove(vnode_t *dvp, char *nm, cred_t *cr)
2717 {
2718         int error;
2719         REMOVE3args args;
2720         REMOVE3res res;
2721         vnode_t *vp;
2722         char *tmpname;
2723         int douprintf;
2724         rnode_t *rp;
2725         rnode_t *drp;
2726         hrtime_t t;
2727 
2728         if (nfs_zone() != VTOMI(dvp)->mi_zone)
2729                 return (EPERM);
2730         drp = VTOR(dvp);
2731         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
2732                 return (EINTR);
2733 
2734         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
2735         if (error) {
2736                 nfs_rw_exit(&drp->r_rwlock);
2737                 return (error);
2738         }
2739 
2740         if (vp->v_type == VDIR && secpolicy_fs_linkdir(cr, dvp->v_vfsp)) {
2741                 VN_RELE(vp);
2742                 nfs_rw_exit(&drp->r_rwlock);
2743                 return (EPERM);
2744         }
2745 
2746         /*
2747          * First just remove the entry from the name cache, as it
2748          * is most likely the only entry for this vp.
2749          */
2750         dnlc_remove(dvp, nm);
2751 
2752         /*
2753          * If the file has a v_count > 1 then there may be more than one
2754          * entry in the name cache due multiple links or an open file,
2755          * but we don't have the real reference count so flush all
2756          * possible entries.
2757          */
2758         if (vp->v_count > 1)
2759                 dnlc_purge_vp(vp);
2760 
2761         /*
2762          * Now we have the real reference count on the vnode
2763          */
2764         rp = VTOR(vp);
2765         mutex_enter(&rp->r_statelock);
2766         if (vp->v_count > 1 &&
2767             (rp->r_unldvp == NULL || strcmp(nm, rp->r_unlname) == 0)) {
2768                 mutex_exit(&rp->r_statelock);
2769                 tmpname = newname();
2770                 error = nfs3rename(dvp, nm, dvp, tmpname, cr);
2771                 if (error)
2772                         kmem_free(tmpname, MAXNAMELEN);
2773                 else {
2774                         mutex_enter(&rp->r_statelock);
2775                         if (rp->r_unldvp == NULL) {
2776                                 VN_HOLD(dvp);
2777                                 rp->r_unldvp = dvp;
2778                                 if (rp->r_unlcred != NULL)
2779                                         crfree(rp->r_unlcred);
2780                                 crhold(cr);
2781                                 rp->r_unlcred = cr;
2782                                 rp->r_unlname = tmpname;
2783                         } else {
2784                                 kmem_free(rp->r_unlname, MAXNAMELEN);
2785                                 rp->r_unlname = tmpname;
2786                         }
2787                         mutex_exit(&rp->r_statelock);
2788                 }
2789         } else {
2790                 mutex_exit(&rp->r_statelock);
2791                 /*
2792                  * We need to flush any dirty pages which happen to
2793                  * be hanging around before removing the file.  This
2794                  * shouldn't happen very often and mostly on file
2795                  * systems mounted "nocto".
2796                  */
2797                 if (vn_has_cached_data(vp) &&
2798                     ((rp->r_flags & RDIRTY) || rp->r_count > 0)) {
2799                         error = nfs3_putpage(vp, (offset_t)0, 0, 0, cr);
2800                         if (error && (error == ENOSPC || error == EDQUOT)) {
2801                                 mutex_enter(&rp->r_statelock);
2802                                 if (!rp->r_error)
2803                                         rp->r_error = error;
2804                                 mutex_exit(&rp->r_statelock);
2805                         }
2806                 }
2807 
2808                 setdiropargs3(&args.object, nm, dvp);
2809 
2810                 douprintf = 1;
2811 
2812                 t = gethrtime();
2813 
2814                 error = rfs3call(VTOMI(dvp), NFSPROC3_REMOVE,
2815                     xdr_diropargs3, (caddr_t)&args,
2816                     xdr_REMOVE3res, (caddr_t)&res, cr,
2817                     &douprintf, &res.status, 0, NULL);
2818 
2819                 /*
2820                  * The xattr dir may be gone after last attr is removed,
2821                  * so flush it from dnlc.
2822                  */
2823                 if (dvp->v_flag & V_XATTRDIR)
2824                         dnlc_purge_vp(dvp);
2825 
2826                 PURGE_ATTRCACHE(vp);
2827 
2828                 if (error) {
2829                         PURGE_ATTRCACHE(dvp);
2830                 } else {
2831                         error = geterrno3(res.status);
2832                         if (!error) {
2833                                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t,
2834                                     cr);
2835                                 if (HAVE_RDDIR_CACHE(drp))
2836                                         nfs_purge_rddir_cache(dvp);
2837                         } else {
2838                                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc,
2839                                     t, cr);
2840                                 PURGE_STALE_FH(error, dvp, cr);
2841                         }
2842                 }
2843         }
2844 
2845         VN_RELE(vp);
2846 
2847         nfs_rw_exit(&drp->r_rwlock);
2848 
2849         return (error);
2850 }
2851 
2852 static int
2853 nfs3_link(vnode_t *tdvp, vnode_t *svp, char *tnm, cred_t *cr)
2854 {
2855         int error;
2856         LINK3args args;
2857         LINK3res res;
2858         vnode_t *realvp;
2859         int douprintf;
2860         mntinfo_t *mi;
2861         rnode_t *tdrp;
2862         hrtime_t t;
2863 
2864         if (nfs_zone() != VTOMI(tdvp)->mi_zone)
2865                 return (EPERM);
2866         if (VOP_REALVP(svp, &realvp) == 0)
2867                 svp = realvp;
2868 
2869         mi = VTOMI(svp);
2870 
2871         if (!(mi->mi_flags & MI_LINK))
2872                 return (EOPNOTSUPP);
2873 
2874         args.file = *VTOFH3(svp);
2875         setdiropargs3(&args.link, tnm, tdvp);
2876 
2877         tdrp = VTOR(tdvp);
2878         if (nfs_rw_enter_sig(&tdrp->r_rwlock, RW_WRITER, INTR(tdvp)))
2879                 return (EINTR);
2880 
2881         dnlc_remove(tdvp, tnm);
2882 
2883         douprintf = 1;
2884 
2885         t = gethrtime();
2886 
2887         error = rfs3call(mi, NFSPROC3_LINK,
2888             xdr_LINK3args, (caddr_t)&args,
2889             xdr_LINK3res, (caddr_t)&res, cr,
2890             &douprintf, &res.status, 0, NULL);
2891 
2892         if (error) {
2893                 PURGE_ATTRCACHE(tdvp);
2894                 PURGE_ATTRCACHE(svp);
2895                 nfs_rw_exit(&tdrp->r_rwlock);
2896                 return (error);
2897         }
2898 
2899         error = geterrno3(res.status);
2900 
2901         if (!error) {
2902                 nfs3_cache_post_op_attr(svp, &res.resok.file_attributes, t, cr);
2903                 nfs3_cache_wcc_data(tdvp, &res.resok.linkdir_wcc, t, cr);
2904                 if (HAVE_RDDIR_CACHE(tdrp))
2905                         nfs_purge_rddir_cache(tdvp);
2906                 dnlc_update(tdvp, tnm, svp);
2907         } else {
2908                 nfs3_cache_post_op_attr(svp, &res.resfail.file_attributes, t,
2909                     cr);
2910                 nfs3_cache_wcc_data(tdvp, &res.resfail.linkdir_wcc, t, cr);
2911                 if (error == EOPNOTSUPP) {
2912                         mutex_enter(&mi->mi_lock);
2913                         mi->mi_flags &= ~MI_LINK;
2914                         mutex_exit(&mi->mi_lock);
2915                 }
2916         }
2917 
2918         nfs_rw_exit(&tdrp->r_rwlock);
2919 
2920         return (error);
2921 }
2922 
2923 static int
2924 nfs3_rename(vnode_t *odvp, char *onm, vnode_t *ndvp, char *nnm, cred_t *cr)
2925 {
2926         vnode_t *realvp;
2927 
2928         if (nfs_zone() != VTOMI(odvp)->mi_zone)
2929                 return (EPERM);
2930         if (VOP_REALVP(ndvp, &realvp) == 0)
2931                 ndvp = realvp;
2932 
2933         return (nfs3rename(odvp, onm, ndvp, nnm, cr));
2934 }
2935 
2936 /*
2937  * nfs3rename does the real work of renaming in NFS Version 3.
2938  */
2939 static int
2940 nfs3rename(vnode_t *odvp, char *onm, vnode_t *ndvp, char *nnm, cred_t *cr)
2941 {
2942         int error;
2943         RENAME3args args;
2944         RENAME3res res;
2945         int douprintf;
2946         vnode_t *nvp;
2947         vnode_t *ovp = NULL;
2948         char *tmpname;
2949         rnode_t *rp;
2950         rnode_t *odrp;
2951         rnode_t *ndrp;
2952         hrtime_t t;
2953 
2954         ASSERT(nfs_zone() == VTOMI(odvp)->mi_zone);
2955 
2956         if (strcmp(onm, ".") == 0 || strcmp(onm, "..") == 0 ||
2957             strcmp(nnm, ".") == 0 || strcmp(nnm, "..") == 0)
2958                 return (EINVAL);
2959 
2960         odrp = VTOR(odvp);
2961         ndrp = VTOR(ndvp);
2962         if ((intptr_t)odrp < (intptr_t)ndrp) {
2963                 if (nfs_rw_enter_sig(&odrp->r_rwlock, RW_WRITER, INTR(odvp)))
2964                         return (EINTR);
2965                 if (nfs_rw_enter_sig(&ndrp->r_rwlock, RW_WRITER, INTR(ndvp))) {
2966                         nfs_rw_exit(&odrp->r_rwlock);
2967                         return (EINTR);
2968                 }
2969         } else {
2970                 if (nfs_rw_enter_sig(&ndrp->r_rwlock, RW_WRITER, INTR(ndvp)))
2971                         return (EINTR);
2972                 if (nfs_rw_enter_sig(&odrp->r_rwlock, RW_WRITER, INTR(odvp))) {
2973                         nfs_rw_exit(&ndrp->r_rwlock);
2974                         return (EINTR);
2975                 }
2976         }
2977 
2978         /*
2979          * Lookup the target file.  If it exists, it needs to be
2980          * checked to see whether it is a mount point and whether
2981          * it is active (open).
2982          */
2983         error = nfs3lookup(ndvp, nnm, &nvp, NULL, 0, NULL, cr, 0);
2984         if (!error) {
2985                 /*
2986                  * If this file has been mounted on, then just
2987                  * return busy because renaming to it would remove
2988                  * the mounted file system from the name space.
2989                  */
2990                 if (vn_mountedvfs(nvp) != NULL) {
2991                         VN_RELE(nvp);
2992                         nfs_rw_exit(&odrp->r_rwlock);
2993                         nfs_rw_exit(&ndrp->r_rwlock);
2994                         return (EBUSY);
2995                 }
2996 
2997                 /*
2998                  * Purge the name cache of all references to this vnode
2999                  * so that we can check the reference count to infer
3000                  * whether it is active or not.
3001                  */
3002                 /*
3003                  * First just remove the entry from the name cache, as it
3004                  * is most likely the only entry for this vp.
3005                  */
3006                 dnlc_remove(ndvp, nnm);
3007                 /*
3008                  * If the file has a v_count > 1 then there may be more
3009                  * than one entry in the name cache due multiple links
3010                  * or an open file, but we don't have the real reference
3011                  * count so flush all possible entries.
3012                  */
3013                 if (nvp->v_count > 1)
3014                         dnlc_purge_vp(nvp);
3015 
3016                 /*
3017                  * If the vnode is active and is not a directory,
3018                  * arrange to rename it to a
3019                  * temporary file so that it will continue to be
3020                  * accessible.  This implements the "unlink-open-file"
3021                  * semantics for the target of a rename operation.
3022                  * Before doing this though, make sure that the
3023                  * source and target files are not already the same.
3024                  */
3025                 if (nvp->v_count > 1 && nvp->v_type != VDIR) {
3026                         /*
3027                          * Lookup the source name.
3028                          */
3029                         error = nfs3lookup(odvp, onm, &ovp, NULL, 0, NULL,
3030                             cr, 0);
3031 
3032                         /*
3033                          * The source name *should* already exist.
3034                          */
3035                         if (error) {
3036                                 VN_RELE(nvp);
3037                                 nfs_rw_exit(&odrp->r_rwlock);
3038                                 nfs_rw_exit(&ndrp->r_rwlock);
3039                                 return (error);
3040                         }
3041 
3042                         /*
3043                          * Compare the two vnodes.  If they are the same,
3044                          * just release all held vnodes and return success.
3045                          */
3046                         if (ovp == nvp) {
3047                                 VN_RELE(ovp);
3048                                 VN_RELE(nvp);
3049                                 nfs_rw_exit(&odrp->r_rwlock);
3050                                 nfs_rw_exit(&ndrp->r_rwlock);
3051                                 return (0);
3052                         }
3053 
3054                         /*
3055                          * Can't mix and match directories and non-
3056                          * directories in rename operations.  We already
3057                          * know that the target is not a directory.  If
3058                          * the source is a directory, return an error.
3059                          */
3060                         if (ovp->v_type == VDIR) {
3061                                 VN_RELE(ovp);
3062                                 VN_RELE(nvp);
3063                                 nfs_rw_exit(&odrp->r_rwlock);
3064                                 nfs_rw_exit(&ndrp->r_rwlock);
3065                                 return (ENOTDIR);
3066                         }
3067 
3068                         /*
3069                          * The target file exists, is not the same as
3070                          * the source file, and is active.  Link it
3071                          * to a temporary filename to avoid having
3072                          * the server removing the file completely.
3073                          */
3074                         tmpname = newname();
3075                         error = nfs3_link(ndvp, nvp, tmpname, cr);
3076                         if (error == EOPNOTSUPP) {
3077                                 error = nfs3_rename(ndvp, nnm, ndvp, tmpname,
3078                                     cr);
3079                         }
3080                         if (error) {
3081                                 kmem_free(tmpname, MAXNAMELEN);
3082                                 VN_RELE(ovp);
3083                                 VN_RELE(nvp);
3084                                 nfs_rw_exit(&odrp->r_rwlock);
3085                                 nfs_rw_exit(&ndrp->r_rwlock);
3086                                 return (error);
3087                         }
3088                         rp = VTOR(nvp);
3089                         mutex_enter(&rp->r_statelock);
3090                         if (rp->r_unldvp == NULL) {
3091                                 VN_HOLD(ndvp);
3092                                 rp->r_unldvp = ndvp;
3093                                 if (rp->r_unlcred != NULL)
3094                                         crfree(rp->r_unlcred);
3095                                 crhold(cr);
3096                                 rp->r_unlcred = cr;
3097                                 rp->r_unlname = tmpname;
3098                         } else {
3099                                 kmem_free(rp->r_unlname, MAXNAMELEN);
3100                                 rp->r_unlname = tmpname;
3101                         }
3102                         mutex_exit(&rp->r_statelock);
3103                 }
3104 
3105                 VN_RELE(nvp);
3106         }
3107 
3108         if (ovp == NULL) {
3109                 /*
3110                  * When renaming directories to be a subdirectory of a
3111                  * different parent, the dnlc entry for ".." will no
3112                  * longer be valid, so it must be removed.
3113                  *
3114                  * We do a lookup here to determine whether we are renaming
3115                  * a directory and we need to check if we are renaming
3116                  * an unlinked file.  This might have already been done
3117                  * in previous code, so we check ovp == NULL to avoid
3118                  * doing it twice.
3119                  */
3120 
3121                 error = nfs3lookup(odvp, onm, &ovp, NULL, 0, NULL, cr, 0);
3122                 /*
3123                  * The source name *should* already exist.
3124                  */
3125                 if (error) {
3126                         nfs_rw_exit(&odrp->r_rwlock);
3127                         nfs_rw_exit(&ndrp->r_rwlock);
3128                         return (error);
3129                 }
3130                 ASSERT(ovp != NULL);
3131         }
3132 
3133         dnlc_remove(odvp, onm);
3134         dnlc_remove(ndvp, nnm);
3135 
3136         setdiropargs3(&args.from, onm, odvp);
3137         setdiropargs3(&args.to, nnm, ndvp);
3138 
3139         douprintf = 1;
3140 
3141         t = gethrtime();
3142 
3143         error = rfs3call(VTOMI(odvp), NFSPROC3_RENAME,
3144             xdr_RENAME3args, (caddr_t)&args,
3145             xdr_RENAME3res, (caddr_t)&res, cr,
3146             &douprintf, &res.status, 0, NULL);
3147 
3148         if (error) {
3149                 PURGE_ATTRCACHE(odvp);
3150                 PURGE_ATTRCACHE(ndvp);
3151                 VN_RELE(ovp);
3152                 nfs_rw_exit(&odrp->r_rwlock);
3153                 nfs_rw_exit(&ndrp->r_rwlock);
3154                 return (error);
3155         }
3156 
3157         error = geterrno3(res.status);
3158 
3159         if (!error) {
3160                 nfs3_cache_wcc_data(odvp, &res.resok.fromdir_wcc, t, cr);
3161                 if (HAVE_RDDIR_CACHE(odrp))
3162                         nfs_purge_rddir_cache(odvp);
3163                 if (ndvp != odvp) {
3164                         nfs3_cache_wcc_data(ndvp, &res.resok.todir_wcc, t, cr);
3165                         if (HAVE_RDDIR_CACHE(ndrp))
3166                                 nfs_purge_rddir_cache(ndvp);
3167                 }
3168                 /*
3169                  * when renaming directories to be a subdirectory of a
3170                  * different parent, the dnlc entry for ".." will no
3171                  * longer be valid, so it must be removed
3172                  */
3173                 rp = VTOR(ovp);
3174                 if (ndvp != odvp) {
3175                         if (ovp->v_type == VDIR) {
3176                                 dnlc_remove(ovp, "..");
3177                                 if (HAVE_RDDIR_CACHE(rp))
3178                                         nfs_purge_rddir_cache(ovp);
3179                         }
3180                 }
3181 
3182                 /*
3183                  * If we are renaming the unlinked file, update the
3184                  * r_unldvp and r_unlname as needed.
3185                  */
3186                 mutex_enter(&rp->r_statelock);
3187                 if (rp->r_unldvp != NULL) {
3188                         if (strcmp(rp->r_unlname, onm) == 0) {
3189                                 (void) strncpy(rp->r_unlname, nnm, MAXNAMELEN);
3190                                 rp->r_unlname[MAXNAMELEN - 1] = '\0';
3191 
3192                                 if (ndvp != rp->r_unldvp) {
3193                                         VN_RELE(rp->r_unldvp);
3194                                         rp->r_unldvp = ndvp;
3195                                         VN_HOLD(ndvp);
3196                                 }
3197                         }
3198                 }
3199                 mutex_exit(&rp->r_statelock);
3200         } else {
3201                 nfs3_cache_wcc_data(odvp, &res.resfail.fromdir_wcc, t, cr);
3202                 if (ndvp != odvp) {
3203                         nfs3_cache_wcc_data(ndvp, &res.resfail.todir_wcc, t,
3204                             cr);
3205                 }
3206                 /*
3207                  * System V defines rename to return EEXIST, not
3208                  * ENOTEMPTY if the target directory is not empty.
3209                  * Over the wire, the error is NFSERR_ENOTEMPTY
3210                  * which geterrno maps to ENOTEMPTY.
3211                  */
3212                 if (error == ENOTEMPTY)
3213                         error = EEXIST;
3214         }
3215 
3216         VN_RELE(ovp);
3217 
3218         nfs_rw_exit(&odrp->r_rwlock);
3219         nfs_rw_exit(&ndrp->r_rwlock);
3220 
3221         return (error);
3222 }
3223 
3224 static int
3225 nfs3_mkdir(vnode_t *dvp, char *nm, struct vattr *va, vnode_t **vpp, cred_t *cr)
3226 {
3227         int error;
3228         MKDIR3args args;
3229         MKDIR3res res;
3230         int douprintf;
3231         struct vattr vattr;
3232         vnode_t *vp;
3233         rnode_t *drp;
3234         hrtime_t t;
3235 
3236         if (nfs_zone() != VTOMI(dvp)->mi_zone)
3237                 return (EPERM);
3238         setdiropargs3(&args.where, nm, dvp);
3239 
3240         /*
3241          * Decide what the group-id and set-gid bit of the created directory
3242          * should be.  May have to do a setattr to get the gid right.
3243          */
3244         error = setdirgid(dvp, &va->va_gid, cr);
3245         if (error)
3246                 return (error);
3247         error = setdirmode(dvp, &va->va_mode, cr);
3248         if (error)
3249                 return (error);
3250         va->va_mask |= AT_MODE|AT_GID;
3251 
3252         error = vattr_to_sattr3(va, &args.attributes);
3253         if (error) {
3254                 /* req time field(s) overflow - return immediately */
3255                 return (error);
3256         }
3257 
3258         drp = VTOR(dvp);
3259         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
3260                 return (EINTR);
3261 
3262         dnlc_remove(dvp, nm);
3263 
3264         douprintf = 1;
3265 
3266         t = gethrtime();
3267 
3268         error = rfs3call(VTOMI(dvp), NFSPROC3_MKDIR,
3269             xdr_MKDIR3args, (caddr_t)&args,
3270             xdr_MKDIR3res, (caddr_t)&res, cr,
3271             &douprintf, &res.status, 0, NULL);
3272 
3273         if (error) {
3274                 PURGE_ATTRCACHE(dvp);
3275                 nfs_rw_exit(&drp->r_rwlock);
3276                 return (error);
3277         }
3278 
3279         error = geterrno3(res.status);
3280         if (!error) {
3281                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
3282                 if (HAVE_RDDIR_CACHE(drp))
3283                         nfs_purge_rddir_cache(dvp);
3284 
3285                 if (!res.resok.obj.handle_follows) {
3286                         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
3287                         if (error) {
3288                                 nfs_rw_exit(&drp->r_rwlock);
3289                                 return (error);
3290                         }
3291                 } else {
3292                         if (res.resok.obj_attributes.attributes) {
3293                                 vp = makenfs3node(&res.resok.obj.handle,
3294                                     &res.resok.obj_attributes.attr,
3295                                     dvp->v_vfsp, t, cr, NULL, NULL);
3296                         } else {
3297                                 vp = makenfs3node(&res.resok.obj.handle, NULL,
3298                                     dvp->v_vfsp, t, cr, NULL, NULL);
3299                                 if (vp->v_type == VNON) {
3300                                         vattr.va_mask = AT_TYPE;
3301                                         error = nfs3getattr(vp, &vattr, cr);
3302                                         if (error) {
3303                                                 VN_RELE(vp);
3304                                                 nfs_rw_exit(&drp->r_rwlock);
3305                                                 return (error);
3306                                         }
3307                                         vp->v_type = vattr.va_type;
3308                                 }
3309                         }
3310                         dnlc_update(dvp, nm, vp);
3311                 }
3312                 if (va->va_gid != VTOR(vp)->r_attr.va_gid) {
3313                         va->va_mask = AT_GID;
3314                         (void) nfs3setattr(vp, va, 0, cr);
3315                 }
3316                 *vpp = vp;
3317         } else {
3318                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
3319                 PURGE_STALE_FH(error, dvp, cr);
3320         }
3321 
3322         nfs_rw_exit(&drp->r_rwlock);
3323 
3324         return (error);
3325 }
3326 
3327 static int
3328 nfs3_rmdir(vnode_t *dvp, char *nm, vnode_t *cdir, cred_t *cr)
3329 {
3330         int error;
3331         RMDIR3args args;
3332         RMDIR3res res;
3333         vnode_t *vp;
3334         int douprintf;
3335         rnode_t *drp;
3336         hrtime_t t;
3337 
3338         if (nfs_zone() != VTOMI(dvp)->mi_zone)
3339                 return (EPERM);
3340         drp = VTOR(dvp);
3341         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
3342                 return (EINTR);
3343 
3344         /*
3345          * Attempt to prevent a rmdir(".") from succeeding.
3346          */
3347         error = nfs3lookup(dvp, nm, &vp, NULL, 0, NULL, cr, 0);
3348         if (error) {
3349                 nfs_rw_exit(&drp->r_rwlock);
3350                 return (error);
3351         }
3352 
3353         if (vp == cdir) {
3354                 VN_RELE(vp);
3355                 nfs_rw_exit(&drp->r_rwlock);
3356                 return (EINVAL);
3357         }
3358 
3359         setdiropargs3(&args.object, nm, dvp);
3360 
3361         /*
3362          * First just remove the entry from the name cache, as it
3363          * is most likely an entry for this vp.
3364          */
3365         dnlc_remove(dvp, nm);
3366 
3367         /*
3368          * If there vnode reference count is greater than one, then
3369          * there may be additional references in the DNLC which will
3370          * need to be purged.  First, trying removing the entry for
3371          * the parent directory and see if that removes the additional
3372          * reference(s).  If that doesn't do it, then use dnlc_purge_vp
3373          * to completely remove any references to the directory which
3374          * might still exist in the DNLC.
3375          */
3376         if (vp->v_count > 1) {
3377                 dnlc_remove(vp, "..");
3378                 if (vp->v_count > 1)
3379                         dnlc_purge_vp(vp);
3380         }
3381 
3382         douprintf = 1;
3383 
3384         t = gethrtime();
3385 
3386         error = rfs3call(VTOMI(dvp), NFSPROC3_RMDIR,
3387             xdr_diropargs3, (caddr_t)&args,
3388             xdr_RMDIR3res, (caddr_t)&res, cr,
3389             &douprintf, &res.status, 0, NULL);
3390 
3391         PURGE_ATTRCACHE(vp);
3392 
3393         if (error) {
3394                 PURGE_ATTRCACHE(dvp);
3395                 VN_RELE(vp);
3396                 nfs_rw_exit(&drp->r_rwlock);
3397                 return (error);
3398         }
3399 
3400         error = geterrno3(res.status);
3401         if (!error) {
3402                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
3403                 if (HAVE_RDDIR_CACHE(drp))
3404                         nfs_purge_rddir_cache(dvp);
3405                 if (HAVE_RDDIR_CACHE(VTOR(vp)))
3406                         nfs_purge_rddir_cache(vp);
3407         } else {
3408                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
3409                 PURGE_STALE_FH(error, dvp, cr);
3410                 /*
3411                  * System V defines rmdir to return EEXIST, not
3412                  * ENOTEMPTY if the directory is not empty.  Over
3413                  * the wire, the error is NFSERR_ENOTEMPTY which
3414                  * geterrno maps to ENOTEMPTY.
3415                  */
3416                 if (error == ENOTEMPTY)
3417                         error = EEXIST;
3418         }
3419 
3420         VN_RELE(vp);
3421 
3422         nfs_rw_exit(&drp->r_rwlock);
3423 
3424         return (error);
3425 }
3426 
3427 static int
3428 nfs3_symlink(vnode_t *dvp, char *lnm, struct vattr *tva, char *tnm, cred_t *cr)
3429 {
3430         int error;
3431         SYMLINK3args args;
3432         SYMLINK3res res;
3433         int douprintf;
3434         mntinfo_t *mi;
3435         vnode_t *vp;
3436         rnode_t *rp;
3437         char *contents;
3438         rnode_t *drp;
3439         hrtime_t t;
3440 
3441         mi = VTOMI(dvp);
3442 
3443         if (nfs_zone() != mi->mi_zone)
3444                 return (EPERM);
3445         if (!(mi->mi_flags & MI_SYMLINK))
3446                 return (EOPNOTSUPP);
3447 
3448         setdiropargs3(&args.where, lnm, dvp);
3449         error = vattr_to_sattr3(tva, &args.symlink.symlink_attributes);
3450         if (error) {
3451                 /* req time field(s) overflow - return immediately */
3452                 return (error);
3453         }
3454         args.symlink.symlink_data = tnm;
3455 
3456         drp = VTOR(dvp);
3457         if (nfs_rw_enter_sig(&drp->r_rwlock, RW_WRITER, INTR(dvp)))
3458                 return (EINTR);
3459 
3460         dnlc_remove(dvp, lnm);
3461 
3462         douprintf = 1;
3463 
3464         t = gethrtime();
3465 
3466         error = rfs3call(mi, NFSPROC3_SYMLINK,
3467             xdr_SYMLINK3args, (caddr_t)&args,
3468             xdr_SYMLINK3res, (caddr_t)&res, cr,
3469             &douprintf, &res.status, 0, NULL);
3470 
3471         if (error) {
3472                 PURGE_ATTRCACHE(dvp);
3473                 nfs_rw_exit(&drp->r_rwlock);
3474                 return (error);
3475         }
3476 
3477         error = geterrno3(res.status);
3478         if (!error) {
3479                 nfs3_cache_wcc_data(dvp, &res.resok.dir_wcc, t, cr);
3480                 if (HAVE_RDDIR_CACHE(drp))
3481                         nfs_purge_rddir_cache(dvp);
3482 
3483                 if (res.resok.obj.handle_follows) {
3484                         if (res.resok.obj_attributes.attributes) {
3485                                 vp = makenfs3node(&res.resok.obj.handle,
3486                                     &res.resok.obj_attributes.attr,
3487                                     dvp->v_vfsp, t, cr, NULL, NULL);
3488                         } else {
3489                                 vp = makenfs3node(&res.resok.obj.handle, NULL,
3490                                     dvp->v_vfsp, t, cr, NULL, NULL);
3491                                 vp->v_type = VLNK;
3492                                 vp->v_rdev = 0;
3493                         }
3494                         dnlc_update(dvp, lnm, vp);
3495                         rp = VTOR(vp);
3496                         if (nfs3_do_symlink_cache &&
3497                             rp->r_symlink.contents == NULL) {
3498 
3499                                 contents = kmem_alloc(MAXPATHLEN,
3500                                     KM_NOSLEEP);
3501 
3502                                 if (contents != NULL) {
3503                                         mutex_enter(&rp->r_statelock);
3504                                         if (rp->r_symlink.contents == NULL) {
3505                                                 rp->r_symlink.len = strlen(tnm);
3506                                                 bcopy(tnm, contents,
3507                                                     rp->r_symlink.len);
3508                                                 rp->r_symlink.contents =
3509                                                     contents;
3510                                                 rp->r_symlink.size = MAXPATHLEN;
3511                                                 mutex_exit(&rp->r_statelock);
3512                                         } else {
3513                                                 mutex_exit(&rp->r_statelock);
3514                                                 kmem_free((void *)contents,
3515                                                             MAXPATHLEN);
3516                                         }
3517                                 }
3518                         }
3519                         VN_RELE(vp);
3520                 }
3521         } else {
3522                 nfs3_cache_wcc_data(dvp, &res.resfail.dir_wcc, t, cr);
3523                 PURGE_STALE_FH(error, dvp, cr);
3524                 if (error == EOPNOTSUPP) {
3525                         mutex_enter(&mi->mi_lock);
3526                         mi->mi_flags &= ~MI_SYMLINK;
3527                         mutex_exit(&mi->mi_lock);
3528                 }
3529         }
3530 
3531         nfs_rw_exit(&drp->r_rwlock);
3532 
3533         return (error);
3534 }
3535 
3536 #ifdef DEBUG
3537 static int nfs3_readdir_cache_hits = 0;
3538 static int nfs3_readdir_cache_shorts = 0;
3539 static int nfs3_readdir_cache_waits = 0;
3540 static int nfs3_readdir_cache_misses = 0;
3541 static int nfs3_readdir_readahead = 0;
3542 #endif
3543 
3544 static int nfs3_shrinkreaddir = 0;
3545 
3546 /*
3547  * Read directory entries.
3548  * There are some weird things to look out for here.  The uio_loffset
3549  * field is either 0 or it is the offset returned from a previous
3550  * readdir.  It is an opaque value used by the server to find the
3551  * correct directory block to read. The count field is the number
3552  * of blocks to read on the server.  This is advisory only, the server
3553  * may return only one block's worth of entries.  Entries may be compressed
3554  * on the server.
3555  */
3556 static int
3557 nfs3_readdir(vnode_t *vp, struct uio *uiop, cred_t *cr, int *eofp)
3558 {
3559         int error;
3560         size_t count;
3561         rnode_t *rp;
3562         rddir_cache *rdc;
3563         rddir_cache *nrdc;
3564         rddir_cache *rrdc;
3565 #ifdef DEBUG
3566         int missed;
3567 #endif
3568         int doreadahead;
3569         rddir_cache srdc;
3570         avl_index_t where;
3571 
3572         if (nfs_zone() != VTOMI(vp)->mi_zone)
3573                 return (EIO);
3574         rp = VTOR(vp);
3575 
3576         ASSERT(nfs_rw_lock_held(&rp->r_rwlock, RW_READER));
3577 
3578         /*
3579          * Make sure that the directory cache is valid.
3580          */
3581         if (HAVE_RDDIR_CACHE(rp)) {
3582                 if (nfs_disable_rddir_cache) {
3583                         /*
3584                          * Setting nfs_disable_rddir_cache in /etc/system
3585                          * allows interoperability with servers that do not
3586                          * properly update the attributes of directories.
3587                          * Any cached information gets purged before an
3588                          * access is made to it.
3589                          */
3590                         nfs_purge_rddir_cache(vp);
3591                 } else {
3592                         error = nfs3_validate_caches(vp, cr);
3593                         if (error)
3594                                 return (error);
3595                 }
3596         }
3597 
3598         /*
3599          * It is possible that some servers may not be able to correctly
3600          * handle a large READDIR or READDIRPLUS request due to bugs in
3601          * their implementation.  In order to continue to interoperate
3602          * with them, this workaround is provided to limit the maximum
3603          * size of a READDIRPLUS request to 1024.  In any case, the request
3604          * size is limited to MAXBSIZE.
3605          */
3606         count = MIN(uiop->uio_iov->iov_len,
3607             nfs3_shrinkreaddir ? 1024 : MAXBSIZE);
3608 
3609         nrdc = NULL;
3610 #ifdef DEBUG
3611         missed = 0;
3612 #endif
3613 top:
3614         /*
3615          * Short circuit last readdir which always returns 0 bytes.
3616          * This can be done after the directory has been read through
3617          * completely at least once.  This will set r_direof which
3618          * can be used to find the value of the last cookie.
3619          */
3620         mutex_enter(&rp->r_statelock);
3621         if (rp->r_direof != NULL &&
3622             uiop->uio_loffset == rp->r_direof->nfs3_ncookie) {
3623                 mutex_exit(&rp->r_statelock);
3624 #ifdef DEBUG
3625                 nfs3_readdir_cache_shorts++;
3626 #endif
3627                 if (eofp)
3628                         *eofp = 1;
3629                 if (nrdc != NULL)
3630                         rddir_cache_rele(nrdc);
3631                 return (0);
3632         }
3633         /*
3634          * Look for a cache entry.  Cache entries are identified
3635          * by the NFS cookie value and the byte count requested.
3636          */
3637         srdc.nfs3_cookie = uiop->uio_loffset;
3638         srdc.buflen = count;
3639         rdc = avl_find(&rp->r_dir, &srdc, &where);
3640         if (rdc != NULL) {
3641                 rddir_cache_hold(rdc);
3642                 /*
3643                  * If the cache entry is in the process of being
3644                  * filled in, wait until this completes.  The
3645                  * RDDIRWAIT bit is set to indicate that someone
3646                  * is waiting and then the thread currently
3647                  * filling the entry is done, it should do a
3648                  * cv_broadcast to wakeup all of the threads
3649                  * waiting for it to finish.
3650                  */
3651                 if (rdc->flags & RDDIR) {
3652                         nfs_rw_exit(&rp->r_rwlock);
3653                         rdc->flags |= RDDIRWAIT;
3654 #ifdef DEBUG
3655                         nfs3_readdir_cache_waits++;
3656 #endif
3657                         if (!cv_wait_sig(&rdc->cv, &rp->r_statelock)) {
3658                                 /*
3659                                  * We got interrupted, probably
3660                                  * the user typed ^C or an alarm
3661                                  * fired.  We free the new entry
3662                                  * if we allocated one.
3663                                  */
3664                                 mutex_exit(&rp->r_statelock);
3665                                 (void) nfs_rw_enter_sig(&rp->r_rwlock,
3666                                         RW_READER, FALSE);
3667                                 rddir_cache_rele(rdc);
3668                                 if (nrdc != NULL)
3669                                         rddir_cache_rele(nrdc);
3670                                 return (EINTR);
3671                         }
3672                         mutex_exit(&rp->r_statelock);
3673                         (void) nfs_rw_enter_sig(&rp->r_rwlock,
3674                                 RW_READER, FALSE);
3675                         rddir_cache_rele(rdc);
3676                         goto top;
3677                 }
3678                 /*
3679                  * Check to see if a readdir is required to
3680                  * fill the entry.  If so, mark this entry
3681                  * as being filled, remove our reference,
3682                  * and branch to the code to fill the entry.
3683                  */
3684                 if (rdc->flags & RDDIRREQ) {
3685                         rdc->flags &= ~RDDIRREQ;
3686                         rdc->flags |= RDDIR;
3687                         if (nrdc != NULL)
3688                                 rddir_cache_rele(nrdc);
3689                         nrdc = rdc;
3690                         mutex_exit(&rp->r_statelock);
3691                         goto bottom;
3692                 }
3693 #ifdef DEBUG
3694                 if (!missed)
3695                         nfs3_readdir_cache_hits++;
3696 #endif
3697                 /*
3698                  * If an error occurred while attempting
3699                  * to fill the cache entry, just return it.
3700                  */
3701                 if (rdc->error) {
3702                         error = rdc->error;
3703                         mutex_exit(&rp->r_statelock);
3704                         rddir_cache_rele(rdc);
3705                         if (nrdc != NULL)
3706                                 rddir_cache_rele(nrdc);
3707                         return (error);
3708                 }
3709 
3710                 /*
3711                  * The cache entry is complete and good,
3712                  * copyout the dirent structs to the calling
3713                  * thread.
3714                  */
3715                 error = uiomove(rdc->entries, rdc->entlen, UIO_READ, uiop);
3716 
3717                 /*
3718                  * If no error occurred during the copyout,
3719                  * update the offset in the uio struct to
3720                  * contain the value of the next cookie
3721                  * and set the eof value appropriately.
3722                  */
3723                 if (!error) {
3724                         uiop->uio_loffset = rdc->nfs3_ncookie;
3725                         if (eofp)
3726                                 *eofp = rdc->eof;
3727                 }
3728 
3729                 /*
3730                  * Decide whether to do readahead.
3731                  *
3732                  * Don't if have already read to the end of
3733                  * directory.  There is nothing more to read.
3734                  *
3735                  * Don't if the application is not doing
3736                  * lookups in the directory.  The readahead
3737                  * is only effective if the application can
3738                  * be doing work while an async thread is
3739                  * handling the over the wire request.
3740                  */
3741                 if (rdc->eof) {
3742                         rp->r_direof = rdc;
3743                         doreadahead = FALSE;
3744                 } else if (!(rp->r_flags & RLOOKUP))
3745                         doreadahead = FALSE;
3746                 else
3747                         doreadahead = TRUE;
3748 
3749                 if (!doreadahead) {
3750                         mutex_exit(&rp->r_statelock);
3751                         rddir_cache_rele(rdc);
3752                         if (nrdc != NULL)
3753                                 rddir_cache_rele(nrdc);
3754                         return (error);
3755                 }
3756 
3757                 /*
3758                  * Check to see whether we found an entry
3759                  * for the readahead.  If so, we don't need
3760                  * to do anything further, so free the new
3761                  * entry if one was allocated.  Otherwise,
3762                  * allocate a new entry, add it to the cache,
3763                  * and then initiate an asynchronous readdir
3764                  * operation to fill it.
3765                  */
3766                 srdc.nfs3_cookie = rdc->nfs3_ncookie;
3767                 srdc.buflen = count;
3768                 rrdc = avl_find(&rp->r_dir, &srdc, &where);
3769                 if (rrdc != NULL) {
3770                         if (nrdc != NULL)
3771                                 rddir_cache_rele(nrdc);
3772                 } else {
3773                         if (nrdc != NULL)
3774                                 rrdc = nrdc;
3775                         else {
3776                                 rrdc = rddir_cache_alloc(KM_NOSLEEP);
3777                         }
3778                         if (rrdc != NULL) {
3779                                 rrdc->nfs3_cookie = rdc->nfs3_ncookie;
3780                                 rrdc->buflen = count;
3781                                 avl_insert(&rp->r_dir, rrdc, where);
3782                                 rddir_cache_hold(rrdc);
3783                                 mutex_exit(&rp->r_statelock);
3784                                 rddir_cache_rele(rdc);
3785 #ifdef DEBUG
3786                                 nfs3_readdir_readahead++;
3787 #endif
3788                                 nfs_async_readdir(vp, rrdc, cr, do_nfs3readdir);
3789                                 return (error);
3790                         }
3791                 }
3792 
3793                 mutex_exit(&rp->r_statelock);
3794                 rddir_cache_rele(rdc);
3795                 return (error);
3796         }
3797 
3798         /*
3799          * Didn't find an entry in the cache.  Construct a new empty
3800          * entry and link it into the cache.  Other processes attempting
3801          * to access this entry will need to wait until it is filled in.
3802          *
3803          * Since kmem_alloc may block, another pass through the cache
3804          * will need to be taken to make sure that another process
3805          * hasn't already added an entry to the cache for this request.
3806          */
3807         if (nrdc == NULL) {
3808                 mutex_exit(&rp->r_statelock);
3809                 nrdc = rddir_cache_alloc(KM_SLEEP);
3810                 nrdc->nfs3_cookie = uiop->uio_loffset;
3811                 nrdc->buflen = count;
3812                 goto top;
3813         }
3814 
3815         /*
3816          * Add this entry to the cache.
3817          */
3818         avl_insert(&rp->r_dir, nrdc, where);
3819         rddir_cache_hold(nrdc);
3820         mutex_exit(&rp->r_statelock);
3821 
3822 bottom:
3823 #ifdef DEBUG
3824         missed = 1;
3825         nfs3_readdir_cache_misses++;
3826 #endif
3827         /*
3828          * Do the readdir.  This routine decides whether to use
3829          * READDIR or READDIRPLUS.
3830          */
3831         error = do_nfs3readdir(vp, nrdc, cr);
3832 
3833         /*
3834          * If this operation failed, just return the error which occurred.
3835          */
3836         if (error != 0)
3837                 return (error);
3838 
3839         /*
3840          * Since the RPC operation will have taken sometime and blocked
3841          * this process, another pass through the cache will need to be
3842          * taken to find the correct cache entry.  It is possible that
3843          * the correct cache entry will not be there (although one was
3844          * added) because the directory changed during the RPC operation
3845          * and the readdir cache was flushed.  In this case, just start
3846          * over.  It is hoped that this will not happen too often... :-)
3847          */
3848         nrdc = NULL;
3849         goto top;
3850         /* NOTREACHED */
3851 }
3852 
3853 static int
3854 do_nfs3readdir(vnode_t *vp, rddir_cache *rdc, cred_t *cr)
3855 {
3856         int error;
3857         rnode_t *rp;
3858         mntinfo_t *mi;
3859 
3860         rp = VTOR(vp);
3861         mi = VTOMI(vp);
3862         ASSERT(nfs_zone() == mi->mi_zone);
3863         /*
3864          * Issue the proper request.
3865          *
3866          * If the server does not support READDIRPLUS, then use READDIR.
3867          *
3868          * Otherwise --
3869          * Issue a READDIRPLUS if reading to fill an empty cache or if
3870          * an application has performed a lookup in the directory which
3871          * required an over the wire lookup.  The use of READDIRPLUS
3872          * will help to (re)populate the DNLC.
3873          */
3874         if (!(mi->mi_flags & MI_READDIRONLY) &&
3875             (rp->r_flags & (RLOOKUP | RREADDIRPLUS))) {
3876                 if (rp->r_flags & RREADDIRPLUS) {
3877                         mutex_enter(&rp->r_statelock);
3878                         rp->r_flags &= ~RREADDIRPLUS;
3879                         mutex_exit(&rp->r_statelock);
3880                 }
3881                 nfs3readdirplus(vp, rdc, cr);
3882                 if (rdc->error == EOPNOTSUPP)
3883                         nfs3readdir(vp, rdc, cr);
3884         } else
3885                 nfs3readdir(vp, rdc, cr);
3886 
3887         mutex_enter(&rp->r_statelock);
3888         rdc->flags &= ~RDDIR;
3889         if (rdc->flags & RDDIRWAIT) {
3890                 rdc->flags &= ~RDDIRWAIT;
3891                 cv_broadcast(&rdc->cv);
3892         }
3893         error = rdc->error;
3894         if (error)
3895                 rdc->flags |= RDDIRREQ;
3896         mutex_exit(&rp->r_statelock);
3897 
3898         rddir_cache_rele(rdc);
3899 
3900         return (error);
3901 }
3902 
3903 static void
3904 nfs3readdir(vnode_t *vp, rddir_cache *rdc, cred_t *cr)
3905 {
3906         int error;
3907         READDIR3args args;
3908         READDIR3vres res;
3909         vattr_t dva;
3910         rnode_t *rp;
3911         int douprintf;
3912         failinfo_t fi, *fip = NULL;
3913         mntinfo_t *mi;
3914         hrtime_t t;
3915 
3916         rp = VTOR(vp);
3917         mi = VTOMI(vp);
3918         ASSERT(nfs_zone() == mi->mi_zone);
3919 
3920         args.dir = *RTOFH3(rp);
3921         args.cookie = (cookie3)rdc->nfs3_cookie;
3922         args.cookieverf = rp->r_cookieverf;
3923         args.count = rdc->buflen;
3924 
3925         /*
3926          * NFS client failover support
3927          * suppress failover unless we have a zero cookie
3928          */
3929         if (args.cookie == (cookie3) 0) {
3930                 fi.vp = vp;
3931                 fi.fhp = (caddr_t)&args.dir;
3932                 fi.copyproc = nfs3copyfh;
3933                 fi.lookupproc = nfs3lookup;
3934                 fi.xattrdirproc = acl_getxattrdir3;
3935                 fip = &fi;
3936         }
3937 
3938 #ifdef DEBUG
3939         rdc->entries = rddir_cache_buf_alloc(rdc->buflen, KM_SLEEP);
3940 #else
3941         rdc->entries = kmem_alloc(rdc->buflen, KM_SLEEP);
3942 #endif
3943 
3944         res.entries = (dirent64_t *)rdc->entries;
3945         res.entries_size = rdc->buflen;
3946         res.dir_attributes.fres.vap = &dva;
3947         res.dir_attributes.fres.vp = vp;
3948         res.loff = rdc->nfs3_cookie;
3949 
3950         douprintf = 1;
3951 
3952         if (mi->mi_io_kstats) {
3953                 mutex_enter(&mi->mi_lock);
3954                 kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
3955                 mutex_exit(&mi->mi_lock);
3956         }
3957 
3958         t = gethrtime();
3959 
3960         error = rfs3call(VTOMI(vp), NFSPROC3_READDIR,
3961             xdr_READDIR3args, (caddr_t)&args,
3962             xdr_READDIR3vres, (caddr_t)&res, cr,
3963             &douprintf, &res.status, 0, fip);
3964 
3965         if (mi->mi_io_kstats) {
3966                 mutex_enter(&mi->mi_lock);
3967                 kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
3968                 mutex_exit(&mi->mi_lock);
3969         }
3970 
3971         if (error)
3972                 goto err;
3973 
3974         nfs3_cache_post_op_vattr(vp, &res.dir_attributes, t, cr);
3975 
3976         error = geterrno3(res.status);
3977         if (error) {
3978                 PURGE_STALE_FH(error, vp, cr);
3979                 goto err;
3980         }
3981 
3982         if (mi->mi_io_kstats) {
3983                 mutex_enter(&mi->mi_lock);
3984                 KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
3985                 KSTAT_IO_PTR(mi->mi_io_kstats)->nread += res.size;
3986                 mutex_exit(&mi->mi_lock);
3987         }
3988 
3989         rdc->nfs3_ncookie = res.loff;
3990         rp->r_cookieverf = res.cookieverf;
3991         rdc->eof = res.eof ? 1 : 0;
3992         rdc->entlen = res.size;
3993         ASSERT(rdc->entlen <= rdc->buflen);
3994         rdc->error = 0;
3995         return;
3996 
3997 err:
3998         kmem_free(rdc->entries, rdc->buflen);
3999         rdc->entries = NULL;
4000         rdc->error = error;
4001 }
4002 
4003 /*
4004  * Read directory entries.
4005  * There are some weird things to look out for here.  The uio_loffset
4006  * field is either 0 or it is the offset returned from a previous
4007  * readdir.  It is an opaque value used by the server to find the
4008  * correct directory block to read. The count field is the number
4009  * of blocks to read on the server.  This is advisory only, the server
4010  * may return only one block's worth of entries.  Entries may be compressed
4011  * on the server.
4012  */
4013 static void
4014 nfs3readdirplus(vnode_t *vp, rddir_cache *rdc, cred_t *cr)
4015 {
4016         int error;
4017         READDIRPLUS3args args;
4018         READDIRPLUS3vres res;
4019         vattr_t dva;
4020         rnode_t *rp;
4021         mntinfo_t *mi;
4022         int douprintf;
4023         failinfo_t fi, *fip = NULL;
4024 
4025         rp = VTOR(vp);
4026         mi = VTOMI(vp);
4027         ASSERT(nfs_zone() == mi->mi_zone);
4028 
4029         args.dir = *RTOFH3(rp);
4030         args.cookie = (cookie3)rdc->nfs3_cookie;
4031         args.cookieverf = rp->r_cookieverf;
4032         args.dircount = rdc->buflen;
4033         args.maxcount = mi->mi_tsize;
4034 
4035         /*
4036          * NFS client failover support
4037          * suppress failover unless we have a zero cookie
4038          */
4039         if (args.cookie == (cookie3)0) {
4040                 fi.vp = vp;
4041                 fi.fhp = (caddr_t)&args.dir;
4042                 fi.copyproc = nfs3copyfh;
4043                 fi.lookupproc = nfs3lookup;
4044                 fi.xattrdirproc = acl_getxattrdir3;
4045                 fip = &fi;
4046         }
4047 
4048 #ifdef DEBUG
4049         rdc->entries = rddir_cache_buf_alloc(rdc->buflen, KM_SLEEP);
4050 #else
4051         rdc->entries = kmem_alloc(rdc->buflen, KM_SLEEP);
4052 #endif
4053 
4054         res.entries = (dirent64_t *)rdc->entries;
4055         res.entries_size = rdc->buflen;
4056         res.dir_attributes.fres.vap = &dva;
4057         res.dir_attributes.fres.vp = vp;
4058         res.loff = rdc->nfs3_cookie;
4059         res.credentials = cr;
4060 
4061         douprintf = 1;
4062 
4063         if (mi->mi_io_kstats) {
4064                 mutex_enter(&mi->mi_lock);
4065                 kstat_runq_enter(KSTAT_IO_PTR(mi->mi_io_kstats));
4066                 mutex_exit(&mi->mi_lock);
4067         }
4068 
4069         res.time = gethrtime();
4070 
4071         error = rfs3call(mi, NFSPROC3_READDIRPLUS,
4072             xdr_READDIRPLUS3args, (caddr_t)&args,
4073             xdr_READDIRPLUS3vres, (caddr_t)&res, cr,
4074             &douprintf, &res.status, 0, fip);
4075 
4076         if (mi->mi_io_kstats) {
4077                 mutex_enter(&mi->mi_lock);
4078                 kstat_runq_exit(KSTAT_IO_PTR(mi->mi_io_kstats));
4079                 mutex_exit(&mi->mi_lock);
4080         }
4081 
4082         if (error) {
4083                 goto err;
4084         }
4085 
4086         nfs3_cache_post_op_vattr(vp, &res.dir_attributes, res.time, cr);
4087 
4088         error = geterrno3(res.status);
4089         if (error) {
4090                 PURGE_STALE_FH(error, vp, cr);
4091                 if (error == EOPNOTSUPP) {
4092                         mutex_enter(&mi->mi_lock);
4093                         mi->mi_flags |= MI_READDIRONLY;
4094                         mutex_exit(&mi->mi_lock);
4095                 }
4096                 goto err;
4097         }
4098 
4099         if (mi->mi_io_kstats) {
4100                 mutex_enter(&mi->mi_lock);
4101                 KSTAT_IO_PTR(mi->mi_io_kstats)->reads++;
4102                 KSTAT_IO_PTR(mi->mi_io_kstats)->nread += res.size;
4103                 mutex_exit(&mi->mi_lock);
4104         }
4105 
4106         rdc->nfs3_ncookie = res.loff;
4107         rp->r_cookieverf = res.cookieverf;
4108         rdc->eof = res.eof ? 1 : 0;
4109         rdc->entlen = res.size;
4110         ASSERT(rdc->entlen <= rdc->buflen);
4111         rdc->error = 0;
4112 
4113         return;
4114 
4115 err:
4116         kmem_free(rdc->entries, rdc->buflen);
4117         rdc->entries = NULL;
4118         rdc->error = error;
4119 }
4120 
4121 #ifdef DEBUG
4122 static int nfs3_bio_do_stop = 0;
4123 #endif
4124 
4125 static int
4126 nfs3_bio(struct buf *bp, stable_how *stab_comm, cred_t *cr)
4127 {
4128         rnode_t *rp = VTOR(bp->b_vp);
4129         int count;
4130         int error;
4131         cred_t *cred;
4132         offset_t offset;
4133 
4134         ASSERT(nfs_zone() == VTOMI(bp->b_vp)->mi_zone);
4135         offset = ldbtob(bp->b_lblkno);
4136 
4137         DTRACE_IO1(start, struct buf *, bp);
4138 
4139         if (bp->b_flags & B_READ) {
4140                 mutex_enter(&rp->r_statelock);
4141                 if (rp->r_cred != NULL) {
4142                         cred = rp->r_cred;
4143                         crhold(cred);
4144                 } else {
4145                         rp->r_cred = cr;
4146                         crhold(cr);
4147                         cred = cr;
4148                         crhold(cred);
4149                 }
4150                 mutex_exit(&rp->r_statelock);
4151         read_again:
4152                 error = bp->b_error = nfs3read(bp->b_vp, bp->b_un.b_addr,
4153                     offset, bp->b_bcount, &bp->b_resid, cred);
4154                 crfree(cred);
4155                 if (!error) {
4156                         if (bp->b_resid) {
4157                                 /*
4158                                  * Didn't get it all because we hit EOF,
4159                                  * zero all the memory beyond the EOF.
4160                                  */
4161                                 /* bzero(rdaddr + */
4162                                 bzero(bp->b_un.b_addr +
4163                                     bp->b_bcount - bp->b_resid, bp->b_resid);
4164                         }
4165                         mutex_enter(&rp->r_statelock);
4166                         if (bp->b_resid == bp->b_bcount &&
4167                             offset >= rp->r_size) {
4168                                 /*
4169                                  * We didn't read anything at all as we are
4170                                  * past EOF.  Return an error indicator back
4171                                  * but don't destroy the pages (yet).
4172                                  */
4173                                 error = NFS_EOF;
4174                         }
4175                         mutex_exit(&rp->r_statelock);
4176                 } else if (error == EACCES) {
4177                         mutex_enter(&rp->r_statelock);
4178                         if (cred != cr) {
4179                                 if (rp->r_cred != NULL)
4180                                         crfree(rp->r_cred);
4181                                 rp->r_cred = cr;
4182                                 crhold(cr);
4183                                 cred = cr;
4184                                 crhold(cred);
4185                                 mutex_exit(&rp->r_statelock);
4186                                 goto read_again;
4187                         }
4188                         mutex_exit(&rp->r_statelock);
4189                 }
4190         } else {
4191                 if (!(rp->r_flags & RSTALE)) {
4192                         mutex_enter(&rp->r_statelock);
4193                         if (rp->r_cred != NULL) {
4194                                 cred = rp->r_cred;
4195                                 crhold(cred);
4196                         } else {
4197                                 rp->r_cred = cr;
4198                                 crhold(cr);
4199                                 cred = cr;
4200                                 crhold(cred);
4201                         }
4202                         mutex_exit(&rp->r_statelock);
4203                 write_again:
4204                         mutex_enter(&rp->r_statelock);
4205                         count = MIN(bp->b_bcount, rp->r_size - offset);
4206                         mutex_exit(&rp->r_statelock);
4207                         if (count < 0)
4208                                 cmn_err(CE_PANIC, "nfs3_bio: write count < 0");
4209 #ifdef DEBUG
4210                         if (count == 0) {
4211                                 zcmn_err(getzoneid(), CE_WARN,
4212                                     "nfs3_bio: zero length write at %lld",
4213                                     offset);
4214                                 nfs_printfhandle(&rp->r_fh);
4215                                 if (nfs3_bio_do_stop)
4216                                         debug_enter("nfs3_bio");
4217                         }
4218 #endif
4219                         error = nfs3write(bp->b_vp, bp->b_un.b_addr, offset,
4220                             count, cred, stab_comm);
4221                         if (error == EACCES) {
4222                                 mutex_enter(&rp->r_statelock);
4223                                 if (cred != cr) {
4224                                         if (rp->r_cred != NULL)
4225                                                 crfree(rp->r_cred);
4226                                         rp->r_cred = cr;
4227                                         crhold(cr);
4228                                         crfree(cred);
4229                                         cred = cr;
4230                                         crhold(cred);
4231                                         mutex_exit(&rp->r_statelock);
4232                                         goto write_again;
4233                                 }
4234                                 mutex_exit(&rp->r_statelock);
4235                         }
4236                         bp->b_error = error;
4237                         if (error && error != EINTR) {
4238                                 /*
4239                                  * Don't print EDQUOT errors on the console.
4240                                  * Don't print asynchronous EACCES errors.
4241                                  * Don't print EFBIG errors.
4242                                  * Print all other write errors.
4243                                  */
4244                                 if (error != EDQUOT && error != EFBIG &&
4245                                     (error != EACCES ||
4246                                     !(bp->b_flags & B_ASYNC)))
4247                                         nfs_write_error(bp->b_vp, error, cred);
4248                                 /*
4249                                  * Update r_error and r_flags as appropriate.
4250                                  * If the error was ESTALE, then mark the
4251                                  * rnode as not being writeable and save
4252                                  * the error status.  Otherwise, save any
4253                                  * errors which occur from asynchronous
4254                                  * page invalidations.  Any errors occurring
4255                                  * from other operations should be saved
4256                                  * by the caller.
4257                                  */
4258                                 mutex_enter(&rp->r_statelock);
4259                                 if (error == ESTALE) {
4260                                         rp->r_flags |= RSTALE;
4261                                         if (!rp->r_error)
4262                                                 rp->r_error = error;
4263                                 } else if (!rp->r_error &&
4264                                     (bp->b_flags &
4265                                     (B_INVAL|B_FORCE|B_ASYNC)) ==
4266                                     (B_INVAL|B_FORCE|B_ASYNC)) {
4267                                         rp->r_error = error;
4268                                 }
4269                                 mutex_exit(&rp->r_statelock);
4270                         }
4271                         crfree(cred);
4272                 } else
4273                         error = rp->r_error;
4274         }
4275 
4276         if (error != 0 && error != NFS_EOF)
4277                 bp->b_flags |= B_ERROR;
4278 
4279         DTRACE_IO1(done, struct buf *, bp);
4280 
4281         return (error);
4282 }
4283 
4284 static int
4285 nfs3_fid(vnode_t *vp, fid_t *fidp)
4286 {
4287         rnode_t *rp;
4288 
4289         if (nfs_zone() != VTOMI(vp)->mi_zone)
4290                 return (EIO);
4291         rp = VTOR(vp);
4292 
4293         if (fidp->fid_len < (ushort_t)rp->r_fh.fh_len) {
4294                 fidp->fid_len = rp->r_fh.fh_len;
4295                 return (ENOSPC);
4296         }
4297         fidp->fid_len = rp->r_fh.fh_len;
4298         bcopy(rp->r_fh.fh_buf, fidp->fid_data, fidp->fid_len);
4299         return (0);
4300 }
4301 
4302 /* ARGSUSED2 */
4303 static int
4304 nfs3_rwlock(vnode_t *vp, int write_lock, caller_context_t *ctp)
4305 {
4306         rnode_t *rp = VTOR(vp);
4307 
4308         if (!write_lock) {
4309                 (void) nfs_rw_enter_sig(&rp->r_rwlock, RW_READER, FALSE);
4310                 return (V_WRITELOCK_FALSE);
4311         }
4312 
4313         if ((rp->r_flags & RDIRECTIO) || (VTOMI(vp)->mi_flags & MI_DIRECTIO)) {
4314                 (void) nfs_rw_enter_sig(&rp->r_rwlock, RW_READER, FALSE);
4315                 if (rp->r_mapcnt == 0 && !vn_has_cached_data(vp))
4316                         return (V_WRITELOCK_FALSE);
4317                 nfs_rw_exit(&rp->r_rwlock);
4318         }
4319 
4320         (void) nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER, FALSE);
4321         return (V_WRITELOCK_TRUE);
4322 }
4323 
4324 /* ARGSUSED */
4325 static void
4326 nfs3_rwunlock(vnode_t *vp, int write_lock, caller_context_t *ctp)
4327 {
4328         rnode_t *rp = VTOR(vp);
4329 
4330         nfs_rw_exit(&rp->r_rwlock);
4331 }
4332 
4333 /* ARGSUSED */
4334 static int
4335 nfs3_seek(vnode_t *vp, offset_t ooff, offset_t *noffp)
4336 {
4337 
4338         /*
4339          * Because we stuff the readdir cookie into the offset field
4340          * someone may attempt to do an lseek with the cookie which
4341          * we want to succeed.
4342          */
4343         if (vp->v_type == VDIR)
4344                 return (0);
4345         if (*noffp < 0)
4346                 return (EINVAL);
4347         return (0);
4348 }
4349 
4350 /*
4351  * number of nfs3_bsize blocks to read ahead.
4352  */
4353 static int nfs3_nra = 4;
4354 
4355 #ifdef DEBUG
4356 static int nfs3_lostpage = 0;   /* number of times we lost original page */
4357 #endif
4358 
4359 /*
4360  * Return all the pages from [off..off+len) in file
4361  */
4362 static int
4363 nfs3_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
4364         page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4365         enum seg_rw rw, cred_t *cr)
4366 {
4367         rnode_t *rp;
4368         int error;
4369         mntinfo_t *mi;
4370 
4371         if (vp->v_flag & VNOMAP)
4372                 return (ENOSYS);
4373 
4374         if (nfs_zone() != VTOMI(vp)->mi_zone)
4375                 return (EIO);
4376         if (protp != NULL)
4377                 *protp = PROT_ALL;
4378 
4379         /*
4380          * Now valididate that the caches are up to date.
4381          */
4382         error = nfs3_validate_caches(vp, cr);
4383         if (error)
4384                 return (error);
4385 
4386         rp = VTOR(vp);
4387         mi = VTOMI(vp);
4388 retry:
4389         mutex_enter(&rp->r_statelock);
4390 
4391         /*
4392          * Don't create dirty pages faster than they
4393          * can be cleaned so that the system doesn't
4394          * get imbalanced.  If the async queue is
4395          * maxed out, then wait for it to drain before
4396          * creating more dirty pages.  Also, wait for
4397          * any threads doing pagewalks in the vop_getattr
4398          * entry points so that they don't block for
4399          * long periods.
4400          */
4401         if (rw == S_CREATE) {
4402                 while ((mi->mi_max_threads != 0 &&
4403                     rp->r_awcount > 2 * mi->mi_max_threads) ||
4404                     rp->r_gcount > 0)
4405                         cv_wait(&rp->r_cv, &rp->r_statelock);
4406         }
4407 
4408         /*
4409          * If we are getting called as a side effect of an nfs_write()
4410          * operation the local file size might not be extended yet.
4411          * In this case we want to be able to return pages of zeroes.
4412          */
4413         if (off + len > rp->r_size + PAGEOFFSET && seg != segkmap) {
4414                 mutex_exit(&rp->r_statelock);
4415                 return (EFAULT);                /* beyond EOF */
4416         }
4417 
4418         mutex_exit(&rp->r_statelock);
4419 
4420         if (len <= PAGESIZE) {
4421                 error = nfs3_getapage(vp, off, len, protp, pl, plsz,
4422                     seg, addr, rw, cr);
4423         } else {
4424                 error = pvn_getpages(nfs3_getapage, vp, off, len, protp,
4425                     pl, plsz, seg, addr, rw, cr);
4426         }
4427 
4428         switch (error) {
4429         case NFS_EOF:
4430                 nfs_purge_caches(vp, NFS_NOPURGE_DNLC, cr);
4431                 goto retry;
4432         case ESTALE:
4433                 PURGE_STALE_FH(error, vp, cr);
4434         }
4435 
4436         return (error);
4437 }
4438 
4439 /*
4440  * Called from pvn_getpages or nfs3_getpage to get a particular page.
4441  */
4442 /* ARGSUSED */
4443 static int
4444 nfs3_getapage(vnode_t *vp, u_offset_t off, size_t len, uint_t *protp,
4445         page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
4446         enum seg_rw rw, cred_t *cr)
4447 {
4448         rnode_t *rp;
4449         uint_t bsize;
4450         struct buf *bp;
4451         page_t *pp;
4452         u_offset_t lbn;
4453         u_offset_t io_off;
4454         u_offset_t blkoff;
4455         u_offset_t rablkoff;
4456         size_t io_len;
4457         uint_t blksize;
4458         int error;
4459         int readahead;
4460         int readahead_issued = 0;
4461         int ra_window; /* readahead window */
4462         page_t *pagefound;
4463         page_t *savepp;
4464 
4465         if (nfs_zone() != VTOMI(vp)->mi_zone)
4466                 return (EIO);
4467         rp = VTOR(vp);
4468         bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
4469 
4470 reread:
4471         bp = NULL;
4472         pp = NULL;
4473         pagefound = NULL;
4474 
4475         if (pl != NULL)
4476                 pl[0] = NULL;
4477 
4478         error = 0;
4479         lbn = off / bsize;
4480         blkoff = lbn * bsize;
4481 
4482         /*
4483          * Queueing up the readahead before doing the synchronous read
4484          * results in a significant increase in read throughput because
4485          * of the increased parallelism between the async threads and
4486          * the process context.
4487          */
4488         if ((off & ((vp->v_vfsp->vfs_bsize) - 1)) == 0 &&
4489             rw != S_CREATE &&
4490             !(vp->v_flag & VNOCACHE)) {
4491                 mutex_enter(&rp->r_statelock);
4492 
4493                 /*
4494                  * Calculate the number of readaheads to do.
4495                  * a) No readaheads at offset = 0.
4496                  * b) Do maximum(nfs3_nra) readaheads when the readahead
4497                  *    window is closed.
4498                  * c) Do readaheads between 1 to (nfs3_nra - 1) depending
4499                  *    upon how far the readahead window is open or close.
4500                  * d) No readaheads if rp->r_nextr is not within the scope
4501                  *    of the readahead window (random i/o).
4502                  */
4503 
4504                 if (off == 0)
4505                         readahead = 0;
4506                 else if (blkoff == rp->r_nextr)
4507                         readahead = nfs3_nra;
4508                 else if (rp->r_nextr > blkoff &&
4509                                 ((ra_window = (rp->r_nextr - blkoff) / bsize)
4510                                         <= (nfs3_nra - 1)))
4511                         readahead = nfs3_nra - ra_window;
4512                 else
4513                         readahead = 0;
4514 
4515                 rablkoff = rp->r_nextr;
4516                 while (readahead > 0 && rablkoff + bsize < rp->r_size) {
4517                         mutex_exit(&rp->r_statelock);
4518                         if (nfs_async_readahead(vp, rablkoff + bsize,
4519                             addr + (rablkoff + bsize - off), seg, cr,
4520                             nfs3_readahead) < 0) {
4521                                 mutex_enter(&rp->r_statelock);
4522                                 break;
4523                         }
4524                         readahead--;
4525                         rablkoff += bsize;
4526                         /*
4527                          * Indicate that we did a readahead so
4528                          * readahead offset is not updated
4529                          * by the synchronous read below.
4530                          */
4531                         readahead_issued = 1;
4532                         mutex_enter(&rp->r_statelock);
4533                         /*
4534                          * set readahead offset to
4535                          * offset of last async readahead
4536                          * request.
4537                          */
4538                         rp->r_nextr = rablkoff;
4539                 }
4540                 mutex_exit(&rp->r_statelock);
4541         }
4542 
4543 again:
4544         if ((pagefound = page_exists(vp, off)) == NULL) {
4545                 if (pl == NULL) {
4546                         (void) nfs_async_readahead(vp, blkoff, addr, seg, cr,
4547                             nfs3_readahead);
4548                 } else if (rw == S_CREATE) {
4549                         /*
4550                          * Block for this page is not allocated, or the offset
4551                          * is beyond the current allocation size, or we're
4552                          * allocating a swap slot and the page was not found,
4553                          * so allocate it and return a zero page.
4554                          */
4555                         if ((pp = page_create_va(vp, off,
4556                             PAGESIZE, PG_WAIT, seg, addr)) == NULL)
4557                                 cmn_err(CE_PANIC, "nfs3_getapage: page_create");
4558                         io_len = PAGESIZE;
4559                         mutex_enter(&rp->r_statelock);
4560                         rp->r_nextr = off + PAGESIZE;
4561                         mutex_exit(&rp->r_statelock);
4562                 } else {
4563                         /*
4564                          * Need to go to server to get a BLOCK, exception to
4565                          * that being while reading at offset = 0 or doing
4566                          * random i/o, in that case read only a PAGE.
4567                          */
4568                         mutex_enter(&rp->r_statelock);
4569                         if (blkoff < rp->r_size &&
4570                             blkoff + bsize >= rp->r_size) {
4571                                 /*
4572                                  * If only a block or less is left in
4573                                  * the file, read all that is remaining.
4574                                  */
4575                                 if (rp->r_size <= off) {
4576                                         /*
4577                                          * Trying to access beyond EOF,
4578                                          * set up to get at least one page.
4579                                          */
4580                                         blksize = off + PAGESIZE - blkoff;
4581                                 } else
4582                                         blksize = rp->r_size - blkoff;
4583                         } else if ((off == 0) ||
4584                                 (off != rp->r_nextr && !readahead_issued)) {
4585                                 blksize = PAGESIZE;
4586                                 blkoff = off; /* block = page here */
4587                         } else
4588                                 blksize = bsize;
4589                         mutex_exit(&rp->r_statelock);
4590 
4591                         pp = pvn_read_kluster(vp, off, seg, addr, &io_off,
4592                             &io_len, blkoff, blksize, 0);
4593 
4594                         /*
4595                          * Some other thread has entered the page,
4596                          * so just use it.
4597                          */
4598                         if (pp == NULL)
4599                                 goto again;
4600 
4601                         /*
4602                          * Now round the request size up to page boundaries.
4603                          * This ensures that the entire page will be
4604                          * initialized to zeroes if EOF is encountered.
4605                          */
4606                         io_len = ptob(btopr(io_len));
4607 
4608                         bp = pageio_setup(pp, io_len, vp, B_READ);
4609                         ASSERT(bp != NULL);
4610 
4611                         /*
4612                          * pageio_setup should have set b_addr to 0.  This
4613                          * is correct since we want to do I/O on a page
4614                          * boundary.  bp_mapin will use this addr to calculate
4615                          * an offset, and then set b_addr to the kernel virtual
4616                          * address it allocated for us.
4617                          */
4618                         ASSERT(bp->b_un.b_addr == 0);
4619 
4620                         bp->b_edev = 0;
4621                         bp->b_dev = 0;
4622                         bp->b_lblkno = lbtodb(io_off);
4623                         bp->b_file = vp;
4624                         bp->b_offset = (offset_t)off;
4625                         bp_mapin(bp);
4626 
4627                         /*
4628                          * If doing a write beyond what we believe is EOF,
4629                          * don't bother trying to read the pages from the
4630                          * server, we'll just zero the pages here.  We
4631                          * don't check that the rw flag is S_WRITE here
4632                          * because some implementations may attempt a
4633                          * read access to the buffer before copying data.
4634                          */
4635                         mutex_enter(&rp->r_statelock);
4636                         if (io_off >= rp->r_size && seg == segkmap) {
4637                                 mutex_exit(&rp->r_statelock);
4638                                 bzero(bp->b_un.b_addr, io_len);
4639                         } else {
4640                                 mutex_exit(&rp->r_statelock);
4641                                 error = nfs3_bio(bp, NULL, cr);
4642                         }
4643 
4644                         /*
4645                          * Unmap the buffer before freeing it.
4646                          */
4647                         bp_mapout(bp);
4648                         pageio_done(bp);
4649 
4650                         savepp = pp;
4651                         do {
4652                                 pp->p_fsdata = C_NOCOMMIT;
4653                         } while ((pp = pp->p_next) != savepp);
4654 
4655                         if (error == NFS_EOF) {
4656                                 /*
4657                                  * If doing a write system call just return
4658                                  * zeroed pages, else user tried to get pages
4659                                  * beyond EOF, return error.  We don't check
4660                                  * that the rw flag is S_WRITE here because
4661                                  * some implementations may attempt a read
4662                                  * access to the buffer before copying data.
4663                                  */
4664                                 if (seg == segkmap)
4665                                         error = 0;
4666                                 else
4667                                         error = EFAULT;
4668                         }
4669 
4670                         if (!readahead_issued && !error) {
4671                             mutex_enter(&rp->r_statelock);
4672                             rp->r_nextr = io_off + io_len;
4673                             mutex_exit(&rp->r_statelock);
4674                         }
4675                 }
4676         }
4677 
4678 out:
4679         if (pl == NULL)
4680                 return (error);
4681 
4682         if (error) {
4683                 if (pp != NULL)
4684                         pvn_read_done(pp, B_ERROR);
4685                 return (error);
4686         }
4687 
4688         if (pagefound) {
4689                 se_t se = (rw == S_CREATE ? SE_EXCL : SE_SHARED);
4690 
4691                 /*
4692                  * Page exists in the cache, acquire the appropriate lock.
4693                  * If this fails, start all over again.
4694                  */
4695                 if ((pp = page_lookup(vp, off, se)) == NULL) {
4696 #ifdef DEBUG
4697                         nfs3_lostpage++;
4698 #endif
4699                         goto reread;
4700                 }
4701                 pl[0] = pp;
4702                 pl[1] = NULL;
4703                 return (0);
4704         }
4705 
4706         if (pp != NULL)
4707                 pvn_plist_init(pp, pl, plsz, off, io_len, rw);
4708 
4709         return (error);
4710 }
4711 
4712 static void
4713 nfs3_readahead(vnode_t *vp, u_offset_t blkoff, caddr_t addr, struct seg *seg,
4714         cred_t *cr)
4715 {
4716         int error;
4717         page_t *pp;
4718         u_offset_t io_off;
4719         size_t io_len;
4720         struct buf *bp;
4721         uint_t bsize, blksize;
4722         rnode_t *rp = VTOR(vp);
4723         page_t *savepp;
4724 
4725         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
4726         bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
4727 
4728         mutex_enter(&rp->r_statelock);
4729         if (blkoff < rp->r_size && blkoff + bsize > rp->r_size) {
4730                 /*
4731                  * If less than a block left in file read less
4732                  * than a block.
4733                  */
4734                 blksize = rp->r_size - blkoff;
4735         } else
4736                 blksize = bsize;
4737         mutex_exit(&rp->r_statelock);
4738 
4739         pp = pvn_read_kluster(vp, blkoff, segkmap, addr,
4740             &io_off, &io_len, blkoff, blksize, 1);
4741         /*
4742          * The isra flag passed to the kluster function is 1, we may have
4743          * gotten a return value of NULL for a variety of reasons (# of free
4744          * pages < minfree, someone entered the page on the vnode etc). In all
4745          * cases, we want to punt on the readahead.
4746          */
4747         if (pp == NULL)
4748                 return;
4749 
4750         /*
4751          * Now round the request size up to page boundaries.
4752          * This ensures that the entire page will be
4753          * initialized to zeroes if EOF is encountered.
4754          */
4755         io_len = ptob(btopr(io_len));
4756 
4757         bp = pageio_setup(pp, io_len, vp, B_READ);
4758         ASSERT(bp != NULL);
4759 
4760         /*
4761          * pageio_setup should have set b_addr to 0.  This is correct since
4762          * we want to do I/O on a page boundary. bp_mapin() will use this addr
4763          * to calculate an offset, and then set b_addr to the kernel virtual
4764          * address it allocated for us.
4765          */
4766         ASSERT(bp->b_un.b_addr == 0);
4767 
4768         bp->b_edev = 0;
4769         bp->b_dev = 0;
4770         bp->b_lblkno = lbtodb(io_off);
4771         bp->b_file = vp;
4772         bp->b_offset = (offset_t)blkoff;
4773         bp_mapin(bp);
4774 
4775         /*
4776          * If doing a write beyond what we believe is EOF, don't bother trying
4777          * to read the pages from the server, we'll just zero the pages here.
4778          * We don't check that the rw flag is S_WRITE here because some
4779          * implementations may attempt a read access to the buffer before
4780          * copying data.
4781          */
4782         mutex_enter(&rp->r_statelock);
4783         if (io_off >= rp->r_size && seg == segkmap) {
4784                 mutex_exit(&rp->r_statelock);
4785                 bzero(bp->b_un.b_addr, io_len);
4786                 error = 0;
4787         } else {
4788                 mutex_exit(&rp->r_statelock);
4789                 error = nfs3_bio(bp, NULL, cr);
4790                 if (error == NFS_EOF)
4791                         error = 0;
4792         }
4793 
4794         /*
4795          * Unmap the buffer before freeing it.
4796          */
4797         bp_mapout(bp);
4798         pageio_done(bp);
4799 
4800         savepp = pp;
4801         do {
4802                 pp->p_fsdata = C_NOCOMMIT;
4803         } while ((pp = pp->p_next) != savepp);
4804 
4805         pvn_read_done(pp, error ? B_READ | B_ERROR : B_READ);
4806 
4807         /*
4808          * In case of error set readahead offset
4809          * to the lowest offset.
4810          * pvn_read_done() calls VN_DISPOSE to destroy the pages
4811          */
4812         if (error && rp->r_nextr > io_off) {
4813                 mutex_enter(&rp->r_statelock);
4814                 if (rp->r_nextr > io_off)
4815                         rp->r_nextr = io_off;
4816                 mutex_exit(&rp->r_statelock);
4817         }
4818 }
4819 
4820 /*
4821  * Flags are composed of {B_INVAL, B_FREE, B_DONTNEED, B_FORCE}
4822  * If len == 0, do from off to EOF.
4823  *
4824  * The normal cases should be len == 0 && off == 0 (entire vp list),
4825  * len == MAXBSIZE (from segmap_release actions), and len == PAGESIZE
4826  * (from pageout).
4827  */
4828 static int
4829 nfs3_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr)
4830 {
4831         int error;
4832         rnode_t *rp;
4833 
4834         ASSERT(cr != NULL);
4835 
4836         /*
4837          * XXX - Why should this check be made here?
4838          */
4839         if (vp->v_flag & VNOMAP)
4840                 return (ENOSYS);
4841         if (len == 0 && !(flags & B_INVAL) && vn_is_readonly(vp))
4842                 return (0);
4843         if (!(flags & B_ASYNC) && nfs_zone() != VTOMI(vp)->mi_zone)
4844                 return (EIO);
4845 
4846         rp = VTOR(vp);
4847         mutex_enter(&rp->r_statelock);
4848         rp->r_count++;
4849         mutex_exit(&rp->r_statelock);
4850         error = nfs_putpages(vp, off, len, flags, cr);
4851         mutex_enter(&rp->r_statelock);
4852         rp->r_count--;
4853         cv_broadcast(&rp->r_cv);
4854         mutex_exit(&rp->r_statelock);
4855 
4856         return (error);
4857 }
4858 
4859 /*
4860  * Write out a single page, possibly klustering adjacent dirty pages.
4861  */
4862 int
4863 nfs3_putapage(vnode_t *vp, page_t *pp, u_offset_t *offp, size_t *lenp,
4864         int flags, cred_t *cr)
4865 {
4866         u_offset_t io_off;
4867         u_offset_t lbn_off;
4868         u_offset_t lbn;
4869         size_t io_len;
4870         uint_t bsize;
4871         int error;
4872         rnode_t *rp;
4873 
4874         ASSERT(!vn_is_readonly(vp));
4875         ASSERT(pp != NULL);
4876         ASSERT(cr != NULL);
4877         ASSERT((flags & B_ASYNC) || nfs_zone() == VTOMI(vp)->mi_zone);
4878 
4879         rp = VTOR(vp);
4880         ASSERT(rp->r_count > 0);
4881 
4882         bsize = MAX(vp->v_vfsp->vfs_bsize, PAGESIZE);
4883         lbn = pp->p_offset / bsize;
4884         lbn_off = lbn * bsize;
4885 
4886         /*
4887          * Find a kluster that fits in one block, or in
4888          * one page if pages are bigger than blocks.  If
4889          * there is less file space allocated than a whole
4890          * page, we'll shorten the i/o request below.
4891          */
4892         pp = pvn_write_kluster(vp, pp, &io_off, &io_len, lbn_off,
4893             roundup(bsize, PAGESIZE), flags);
4894 
4895         /*
4896          * pvn_write_kluster shouldn't have returned a page with offset
4897          * behind the original page we were given.  Verify that.
4898          */
4899         ASSERT((pp->p_offset / bsize) >= lbn);
4900 
4901         /*
4902          * Now pp will have the list of kept dirty pages marked for
4903          * write back.  It will also handle invalidation and freeing
4904          * of pages that are not dirty.  Check for page length rounding
4905          * problems.
4906          */
4907         if (io_off + io_len > lbn_off + bsize) {
4908                 ASSERT((io_off + io_len) - (lbn_off + bsize) < PAGESIZE);
4909                 io_len = lbn_off + bsize - io_off;
4910         }
4911         /*
4912          * The RMODINPROGRESS flag makes sure that nfs(3)_bio() sees a
4913          * consistent value of r_size. RMODINPROGRESS is set in writerp().
4914          * When RMODINPROGRESS is set it indicates that a uiomove() is in
4915          * progress and the r_size has not been made consistent with the
4916          * new size of the file. When the uiomove() completes the r_size is
4917          * updated and the RMODINPROGRESS flag is cleared.
4918          *
4919          * The RMODINPROGRESS flag makes sure that nfs(3)_bio() sees a
4920          * consistent value of r_size. Without this handshaking, it is
4921          * possible that nfs(3)_bio() picks  up the old value of r_size
4922          * before the uiomove() in writerp() completes. This will result
4923          * in the write through nfs(3)_bio() being dropped.
4924          *
4925          * More precisely, there is a window between the time the uiomove()
4926          * completes and the time the r_size is updated. If a VOP_PUTPAGE()
4927          * operation intervenes in this window, the page will be picked up,
4928          * because it is dirty (it will be unlocked, unless it was
4929          * pagecreate'd). When the page is picked up as dirty, the dirty
4930          * bit is reset (pvn_getdirty()). In nfs(3)write(), r_size is
4931          * checked. This will still be the old size. Therefore the page will
4932          * not be written out. When segmap_release() calls VOP_PUTPAGE(),
4933          * the page will be found to be clean and the write will be dropped.
4934          */
4935         if (rp->r_flags & RMODINPROGRESS) {
4936                 mutex_enter(&rp->r_statelock);
4937                 if ((rp->r_flags & RMODINPROGRESS) &&
4938                     rp->r_modaddr + MAXBSIZE > io_off &&
4939                     rp->r_modaddr < io_off + io_len) {
4940                         page_t *plist;
4941                         /*
4942                          * A write is in progress for this region of the file.
4943                          * If we did not detect RMODINPROGRESS here then this
4944                          * path through nfs_putapage() would eventually go to
4945                          * nfs(3)_bio() and may not write out all of the data
4946                          * in the pages. We end up losing data. So we decide
4947                          * to set the modified bit on each page in the page
4948                          * list and mark the rnode with RDIRTY. This write
4949                          * will be restarted at some later time.
4950                          */
4951                         plist = pp;
4952                         while (plist != NULL) {
4953                                 pp = plist;
4954                                 page_sub(&plist, pp);
4955                                 hat_setmod(pp);
4956                                 page_io_unlock(pp);
4957                                 page_unlock(pp);
4958                         }
4959                         rp->r_flags |= RDIRTY;
4960                         mutex_exit(&rp->r_statelock);
4961                         if (offp)
4962                                 *offp = io_off;
4963                         if (lenp)
4964                                 *lenp = io_len;
4965                         return (0);
4966                 }
4967                 mutex_exit(&rp->r_statelock);
4968         }
4969 
4970         if (flags & B_ASYNC) {
4971                 error = nfs_async_putapage(vp, pp, io_off, io_len, flags, cr,
4972                     nfs3_sync_putapage);
4973         } else
4974                 error = nfs3_sync_putapage(vp, pp, io_off, io_len, flags, cr);
4975 
4976         if (offp)
4977                 *offp = io_off;
4978         if (lenp)
4979                 *lenp = io_len;
4980         return (error);
4981 }
4982 
4983 static int
4984 nfs3_sync_putapage(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
4985         int flags, cred_t *cr)
4986 {
4987         int error;
4988         rnode_t *rp;
4989 
4990         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
4991 
4992         flags |= B_WRITE;
4993 
4994         error = nfs3_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
4995 
4996         rp = VTOR(vp);
4997 
4998         if ((error == ENOSPC || error == EDQUOT || error == EFBIG ||
4999             error == EACCES) &&
5000             (flags & (B_INVAL|B_FORCE)) != (B_INVAL|B_FORCE)) {
5001                 if (!(rp->r_flags & ROUTOFSPACE)) {
5002                         mutex_enter(&rp->r_statelock);
5003                         rp->r_flags |= ROUTOFSPACE;
5004                         mutex_exit(&rp->r_statelock);
5005                 }
5006                 flags |= B_ERROR;
5007                 pvn_write_done(pp, flags);
5008                 /*
5009                  * If this was not an async thread, then try again to
5010                  * write out the pages, but this time, also destroy
5011                  * them whether or not the write is successful.  This
5012                  * will prevent memory from filling up with these
5013                  * pages and destroying them is the only alternative
5014                  * if they can't be written out.
5015                  *
5016                  * Don't do this if this is an async thread because
5017                  * when the pages are unlocked in pvn_write_done,
5018                  * some other thread could have come along, locked
5019                  * them, and queued for an async thread.  It would be
5020                  * possible for all of the async threads to be tied
5021                  * up waiting to lock the pages again and they would
5022                  * all already be locked and waiting for an async
5023                  * thread to handle them.  Deadlock.
5024                  */
5025                 if (!(flags & B_ASYNC)) {
5026                         error = nfs3_putpage(vp, io_off, io_len,
5027                             B_INVAL | B_FORCE, cr);
5028                 }
5029         } else {
5030                 if (error)
5031                         flags |= B_ERROR;
5032                 else if (rp->r_flags & ROUTOFSPACE) {
5033                         mutex_enter(&rp->r_statelock);
5034                         rp->r_flags &= ~ROUTOFSPACE;
5035                         mutex_exit(&rp->r_statelock);
5036                 }
5037                 pvn_write_done(pp, flags);
5038                 if (freemem < desfree)
5039                         (void) nfs3_commit_vp(vp, (u_offset_t)0, 0, cr);
5040         }
5041 
5042         return (error);
5043 }
5044 
5045 static int
5046 nfs3_map(vnode_t *vp, offset_t off, struct as *as, caddr_t *addrp,
5047         size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr)
5048 {
5049         struct segvn_crargs vn_a;
5050         int error;
5051         rnode_t *rp;
5052         struct vattr va;
5053 
5054         if (nfs_zone() != VTOMI(vp)->mi_zone)
5055                 return (EIO);
5056 
5057         if (vp->v_flag & VNOMAP)
5058                 return (ENOSYS);
5059 
5060         if (off < 0 || off + len < 0)
5061                 return (ENXIO);
5062 
5063         if (vp->v_type != VREG)
5064                 return (ENODEV);
5065 
5066         /*
5067          * If there is cached data and if close-to-open consistency
5068          * checking is not turned off and if the file system is not
5069          * mounted readonly, then force an over the wire getattr.
5070          * Otherwise, just invoke nfs3getattr to get a copy of the
5071          * attributes.  The attribute cache will be used unless it
5072          * is timed out and if it is, then an over the wire getattr
5073          * will be issued.
5074          */
5075         va.va_mask = AT_ALL;
5076         if (vn_has_cached_data(vp) &&
5077             !(VTOMI(vp)->mi_flags & MI_NOCTO) && !vn_is_readonly(vp))
5078                 error = nfs3_getattr_otw(vp, &va, cr);
5079         else
5080                 error = nfs3getattr(vp, &va, cr);
5081         if (error)
5082                 return (error);
5083 
5084         /*
5085          * Check to see if the vnode is currently marked as not cachable.
5086          * This means portions of the file are locked (through VOP_FRLOCK).
5087          * In this case the map request must be refused.  We use
5088          * rp->r_lkserlock to avoid a race with concurrent lock requests.
5089          */
5090         rp = VTOR(vp);
5091         if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_READER, INTR(vp)))
5092                 return (EINTR);
5093 
5094         if (vp->v_flag & VNOCACHE) {
5095                 error = EAGAIN;
5096                 goto done;
5097         }
5098 
5099         /*
5100          * Don't allow concurrent locks and mapping if mandatory locking is
5101          * enabled.
5102          */
5103         if ((flk_has_remote_locks(vp) || lm_has_sleep(vp)) &&
5104             MANDLOCK(vp, va.va_mode)) {
5105                 error = EAGAIN;
5106                 goto done;
5107         }
5108 
5109         as_rangelock(as);
5110         if (!(flags & MAP_FIXED)) {
5111                 map_addr(addrp, len, off, 1, flags);
5112                 if (*addrp == NULL) {
5113                         as_rangeunlock(as);
5114                         error = ENOMEM;
5115                         goto done;
5116                 }
5117         } else {
5118                 /*
5119                  * User specified address - blow away any previous mappings
5120                  */
5121                 (void) as_unmap(as, *addrp, len);
5122         }
5123 
5124         vn_a.vp = vp;
5125         vn_a.offset = off;
5126         vn_a.type = (flags & MAP_TYPE);
5127         vn_a.prot = (uchar_t)prot;
5128         vn_a.maxprot = (uchar_t)maxprot;
5129         vn_a.flags = (flags & ~MAP_TYPE);
5130         vn_a.cred = cr;
5131         vn_a.amp = NULL;
5132         vn_a.szc = 0;
5133         vn_a.lgrp_mem_policy_flags = 0;
5134 
5135         error = as_map(as, *addrp, len, segvn_create, &vn_a);
5136         as_rangeunlock(as);
5137 
5138 done:
5139         nfs_rw_exit(&rp->r_lkserlock);
5140         return (error);
5141 }
5142 
5143 /* ARGSUSED */
5144 static int
5145 nfs3_addmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
5146         size_t len, uchar_t prot, uchar_t maxprot, uint_t flags, cred_t *cr)
5147 {
5148         rnode_t *rp;
5149 
5150         if (vp->v_flag & VNOMAP)
5151                 return (ENOSYS);
5152         if (nfs_zone() != VTOMI(vp)->mi_zone)
5153                 return (EIO);
5154 
5155         /*
5156          * Need to hold rwlock while incrementing the mapcnt so that
5157          * mmap'ing can be serialized with writes so that the caching
5158          * can be handled correctly.
5159          */
5160         rp = VTOR(vp);
5161         if (nfs_rw_enter_sig(&rp->r_rwlock, RW_WRITER, INTR(vp)))
5162                 return (EINTR);
5163         atomic_add_long((ulong_t *)&rp->r_mapcnt, btopr(len));
5164         nfs_rw_exit(&rp->r_rwlock);
5165 
5166         return (0);
5167 }
5168 
5169 static int
5170 nfs3_frlock(vnode_t *vp, int cmd, struct flock64 *bfp, int flag,
5171         offset_t offset, struct flk_callback *flk_cbp, cred_t *cr)
5172 {
5173         netobj lm_fh3;
5174         int rc;
5175         u_offset_t start, end;
5176         rnode_t *rp;
5177         int error = 0, intr = INTR(vp);
5178 
5179         if (nfs_zone() != VTOMI(vp)->mi_zone)
5180                 return (EIO);
5181         /* check for valid cmd parameter */
5182         if (cmd != F_GETLK && cmd != F_SETLK && cmd != F_SETLKW)
5183                 return (EINVAL);
5184 
5185         /* Verify l_type. */
5186         switch (bfp->l_type) {
5187         case F_RDLCK:
5188                 if (cmd != F_GETLK && !(flag & FREAD))
5189                         return (EBADF);
5190                 break;
5191         case F_WRLCK:
5192                 if (cmd != F_GETLK && !(flag & FWRITE))
5193                         return (EBADF);
5194                 break;
5195         case F_UNLCK:
5196                 intr = 0;
5197                 break;
5198 
5199         default:
5200                 return (EINVAL);
5201         }
5202 
5203         /* check the validity of the lock range */
5204         if (rc = flk_convert_lock_data(vp, bfp, &start, &end, offset))
5205                 return (rc);
5206         if (rc = flk_check_lock_data(start, end, MAXEND))
5207                 return (rc);
5208 
5209         /*
5210          * If the filesystem is mounted using local locking, pass the
5211          * request off to the local locking code.
5212          */
5213         if (VTOMI(vp)->mi_flags & MI_LLOCK) {
5214                 if (cmd == F_SETLK || cmd == F_SETLKW) {
5215                         /*
5216                          * For complete safety, we should be holding
5217                          * r_lkserlock.  However, we can't call
5218                          * lm_safelock and then fs_frlock while
5219                          * holding r_lkserlock, so just invoke
5220                          * lm_safelock and expect that this will
5221                          * catch enough of the cases.
5222                          */
5223                         if (!lm_safelock(vp, bfp, cr))
5224                                 return (EAGAIN);
5225                 }
5226                 return (fs_frlock(vp, cmd, bfp, flag, offset, flk_cbp, cr));
5227         }
5228 
5229         rp = VTOR(vp);
5230 
5231         /*
5232          * Check whether the given lock request can proceed, given the
5233          * current file mappings.
5234          */
5235         if (nfs_rw_enter_sig(&rp->r_lkserlock, RW_WRITER, intr))
5236                 return (EINTR);
5237         if (cmd == F_SETLK || cmd == F_SETLKW) {
5238                 if (!lm_safelock(vp, bfp, cr)) {
5239                         rc = EAGAIN;
5240                         goto done;
5241                 }
5242         }
5243 
5244         /*
5245          * Flush the cache after waiting for async I/O to finish.  For new
5246          * locks, this is so that the process gets the latest bits from the
5247          * server.  For unlocks, this is so that other clients see the
5248          * latest bits once the file has been unlocked.  If currently dirty
5249          * pages can't be flushed, then don't allow a lock to be set.  But
5250          * allow unlocks to succeed, to avoid having orphan locks on the
5251          * server.
5252          */
5253         if (cmd != F_GETLK) {
5254                 mutex_enter(&rp->r_statelock);
5255                 while (rp->r_count > 0) {
5256                     if (intr) {
5257                         klwp_t *lwp = ttolwp(curthread);
5258 
5259                         if (lwp != NULL)
5260                                 lwp->lwp_nostop++;
5261                         if (cv_wait_sig(&rp->r_cv, &rp->r_statelock) == 0) {
5262                                 if (lwp != NULL)
5263                                         lwp->lwp_nostop--;
5264                                 rc = EINTR;
5265                                 break;
5266                         }
5267                         if (lwp != NULL)
5268                                 lwp->lwp_nostop--;
5269                     } else
5270                         cv_wait(&rp->r_cv, &rp->r_statelock);
5271                 }
5272                 mutex_exit(&rp->r_statelock);
5273                 if (rc != 0)
5274                         goto done;
5275                 error = nfs3_putpage(vp, (offset_t)0, 0, B_INVAL, cr);
5276                 if (error) {
5277                         if (error == ENOSPC || error == EDQUOT) {
5278                                 mutex_enter(&rp->r_statelock);
5279                                 if (!rp->r_error)
5280                                         rp->r_error = error;
5281                                 mutex_exit(&rp->r_statelock);
5282                         }
5283                         if (bfp->l_type != F_UNLCK) {
5284                                 rc = ENOLCK;
5285                                 goto done;
5286                         }
5287                 }
5288         }
5289 
5290         lm_fh3.n_len = VTOFH3(vp)->fh3_length;
5291         lm_fh3.n_bytes = (char *)&(VTOFH3(vp)->fh3_u.data);
5292 
5293         /*
5294          * Call the lock manager to do the real work of contacting
5295          * the server and obtaining the lock.
5296          */
5297         rc = lm4_frlock(vp, cmd, bfp, flag, offset, cr, &lm_fh3, flk_cbp);
5298 
5299         if (rc == 0)
5300                 nfs_lockcompletion(vp, cmd);
5301 
5302 done:
5303         nfs_rw_exit(&rp->r_lkserlock);
5304         return (rc);
5305 }
5306 
5307 /*
5308  * Free storage space associated with the specified vnode.  The portion
5309  * to be freed is specified by bfp->l_start and bfp->l_len (already
5310  * normalized to a "whence" of 0).
5311  *
5312  * This is an experimental facility whose continued existence is not
5313  * guaranteed.  Currently, we only support the special case
5314  * of l_len == 0, meaning free to end of file.
5315  */
5316 /* ARGSUSED */
5317 static int
5318 nfs3_space(vnode_t *vp, int cmd, struct flock64 *bfp, int flag,
5319         offset_t offset, cred_t *cr, caller_context_t *ct)
5320 {
5321         int error;
5322 
5323         ASSERT(vp->v_type == VREG);
5324         if (cmd != F_FREESP)
5325                 return (EINVAL);
5326         if (nfs_zone() != VTOMI(vp)->mi_zone)
5327                 return (EIO);
5328 
5329         error = convoff(vp, bfp, 0, offset);
5330         if (!error) {
5331                 ASSERT(bfp->l_start >= 0);
5332                 if (bfp->l_len == 0) {
5333                         struct vattr va;
5334 
5335                         /*
5336                          * ftruncate should not change the ctime and
5337                          * mtime if we truncate the file to its
5338                          * previous size.
5339                          */
5340                         va.va_mask = AT_SIZE;
5341                         error = nfs3getattr(vp, &va, cr);
5342                         if (error || va.va_size == bfp->l_start)
5343                                 return (error);
5344                         va.va_mask = AT_SIZE;
5345                         va.va_size = bfp->l_start;
5346                         error = nfs3setattr(vp, &va, 0, cr);
5347                 } else
5348                         error = EINVAL;
5349         }
5350 
5351         return (error);
5352 }
5353 
5354 /* ARGSUSED */
5355 static int
5356 nfs3_realvp(vnode_t *vp, vnode_t **vpp)
5357 {
5358 
5359         return (EINVAL);
5360 }
5361 
5362 /*
5363  * Setup and add an address space callback to do the work of the delmap call.
5364  * The callback will (and must be) deleted in the actual callback function.
5365  *
5366  * This is done in order to take care of the problem that we have with holding
5367  * the address space's a_lock for a long period of time (e.g. if the NFS server
5368  * is down).  Callbacks will be executed in the address space code while the
5369  * a_lock is not held.  Holding the address space's a_lock causes things such
5370  * as ps and fork to hang because they are trying to acquire this lock as well.
5371  */
5372 /* ARGSUSED */
5373 static int
5374 nfs3_delmap(vnode_t *vp, offset_t off, struct as *as, caddr_t addr,
5375         size_t len, uint_t prot, uint_t maxprot, uint_t flags, cred_t *cr)
5376 {
5377         int                     caller_found;
5378         int                     error;
5379         rnode_t                 *rp;
5380         nfs_delmap_args_t       *dmapp;
5381         nfs_delmapcall_t        *delmap_call;
5382 
5383         if (vp->v_flag & VNOMAP)
5384                 return (ENOSYS);
5385         /*
5386          * A process may not change zones if it has NFS pages mmap'ed
5387          * in, so we can't legitimately get here from the wrong zone.
5388          */
5389         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
5390 
5391         rp = VTOR(vp);
5392 
5393         /*
5394          * The way that the address space of this process deletes its mapping
5395          * of this file is via the following call chains:
5396          * - as_free()->SEGOP_UNMAP()/segvn_unmap()->VOP_DELMAP()/nfs3_delmap()
5397          * - as_unmap()->SEGOP_UNMAP()/segvn_unmap()->VOP_DELMAP()/nfs3_delmap()
5398          *
5399          * With the use of address space callbacks we are allowed to drop the
5400          * address space lock, a_lock, while executing the NFS operations that
5401          * need to go over the wire.  Returning EAGAIN to the caller of this
5402          * function is what drives the execution of the callback that we add
5403          * below.  The callback will be executed by the address space code
5404          * after dropping the a_lock.  When the callback is finished, since
5405          * we dropped the a_lock, it must be re-acquired and segvn_unmap()
5406          * is called again on the same segment to finish the rest of the work
5407          * that needs to happen during unmapping.
5408          *
5409          * This action of calling back into the segment driver causes
5410          * nfs3_delmap() to get called again, but since the callback was
5411          * already executed at this point, it already did the work and there
5412          * is nothing left for us to do.
5413          *
5414          * To Summarize:
5415          * - The first time nfs3_delmap is called by the current thread is when
5416          * we add the caller associated with this delmap to the delmap caller
5417          * list, add the callback, and return EAGAIN.
5418          * - The second time in this call chain when nfs3_delmap is called we
5419          * will find this caller in the delmap caller list and realize there
5420          * is no more work to do thus removing this caller from the list and
5421          * returning the error that was set in the callback execution.
5422          */
5423         caller_found = nfs_find_and_delete_delmapcall(rp, &error);
5424         if (caller_found) {
5425                 /*
5426                  * 'error' is from the actual delmap operations.  To avoid
5427                  * hangs, we need to handle the return of EAGAIN differently
5428                  * since this is what drives the callback execution.
5429                  * In this case, we don't want to return EAGAIN and do the
5430                  * callback execution because there are none to execute.
5431                  */
5432                 if (error == EAGAIN)
5433                         return (0);
5434                 else
5435                         return (error);
5436         }
5437 
5438         /* current caller was not in the list */
5439         delmap_call = nfs_init_delmapcall();
5440 
5441         mutex_enter(&rp->r_statelock);
5442         list_insert_tail(&rp->r_indelmap, delmap_call);
5443         mutex_exit(&rp->r_statelock);
5444 
5445         dmapp = kmem_alloc(sizeof (nfs_delmap_args_t), KM_SLEEP);
5446 
5447         dmapp->vp = vp;
5448         dmapp->off = off;
5449         dmapp->addr = addr;
5450         dmapp->len = len;
5451         dmapp->prot = prot;
5452         dmapp->maxprot = maxprot;
5453         dmapp->flags = flags;
5454         dmapp->cr = cr;
5455         dmapp->caller = delmap_call;
5456 
5457         error = as_add_callback(as, nfs3_delmap_callback, dmapp,
5458         AS_UNMAP_EVENT, addr, len, KM_SLEEP);
5459 
5460         return (error ? error : EAGAIN);
5461 }
5462 
5463 /*
5464  * Remove some pages from an mmap'd vnode.  Just update the
5465  * count of pages.  If doing close-to-open, then flush and
5466  * commit all of the pages associated with this file.
5467  * Otherwise, start an asynchronous page flush to write out
5468  * any dirty pages.  This will also associate a credential
5469  * with the rnode which can be used to write the pages.
5470  */
5471 /* ARGSUSED */
5472 static void
5473 nfs3_delmap_callback(struct as *as, void *arg, uint_t event)
5474 {
5475         int                     error;
5476         rnode_t                 *rp;
5477         mntinfo_t               *mi;
5478         nfs_delmap_args_t       *dmapp = (nfs_delmap_args_t *)arg;
5479 
5480         rp = VTOR(dmapp->vp);
5481         mi = VTOMI(dmapp->vp);
5482 
5483         atomic_add_long((ulong_t *)&rp->r_mapcnt, -btopr(dmapp->len));
5484         ASSERT(rp->r_mapcnt >= 0);
5485 
5486         /*
5487          * Initiate a page flush and potential commit if there are
5488          * pages, the file system was not mounted readonly, the segment
5489          * was mapped shared, and the pages themselves were writeable.
5490          */
5491         if (vn_has_cached_data(dmapp->vp) && !vn_is_readonly(dmapp->vp) &&
5492             dmapp->flags == MAP_SHARED && (dmapp->maxprot & PROT_WRITE)) {
5493                 mutex_enter(&rp->r_statelock);
5494                 rp->r_flags |= RDIRTY;
5495                 mutex_exit(&rp->r_statelock);
5496                 /*
5497                  * If this is a cross-zone access a sync putpage won't work, so
5498                  * the best we can do is try an async putpage.  That seems
5499                  * better than something more draconian such as discarding the
5500                  * dirty pages.
5501                  */
5502                 if ((mi->mi_flags & MI_NOCTO) ||
5503                     nfs_zone() != mi->mi_zone)
5504                         error = nfs3_putpage(dmapp->vp, dmapp->off, dmapp->len,
5505                             B_ASYNC, dmapp->cr);
5506                 else
5507                         error = nfs3_putpage_commit(dmapp->vp, dmapp->off,
5508                             dmapp->len, dmapp->cr);
5509                 if (!error) {
5510                         mutex_enter(&rp->r_statelock);
5511                         error = rp->r_error;
5512                         rp->r_error = 0;
5513                         mutex_exit(&rp->r_statelock);
5514                 }
5515         } else
5516                 error = 0;
5517 
5518         if ((rp->r_flags & RDIRECTIO) || (mi->mi_flags & MI_DIRECTIO))
5519                 (void) nfs3_putpage(dmapp->vp, dmapp->off, dmapp->len,
5520                     B_INVAL, dmapp->cr);
5521 
5522         dmapp->caller->error = error;
5523         (void) as_delete_callback(as, arg);
5524         kmem_free(dmapp, sizeof (nfs_delmap_args_t));
5525 }
5526 
5527 static int nfs3_pathconf_disable_cache = 0;
5528 
5529 #ifdef DEBUG
5530 static int nfs3_pathconf_cache_hits = 0;
5531 static int nfs3_pathconf_cache_misses = 0;
5532 #endif
5533 
5534 static int
5535 nfs3_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr)
5536 {
5537         int error;
5538         PATHCONF3args args;
5539         PATHCONF3res res;
5540         int douprintf;
5541         failinfo_t fi;
5542         rnode_t *rp;
5543         hrtime_t t;
5544 
5545         if (nfs_zone() != VTOMI(vp)->mi_zone)
5546                 return (EIO);
5547         /*
5548          * Large file spec - need to base answer on info stored
5549          * on original FSINFO response.
5550          */
5551         if (cmd == _PC_FILESIZEBITS) {
5552                 unsigned long long ll;
5553                 long l = 1;
5554 
5555                 ll = VTOMI(vp)->mi_maxfilesize;
5556 
5557                 if (ll == 0) {
5558                         *valp = 0;
5559                         return (0);
5560                 }
5561 
5562                 if (ll & 0xffffffff00000000) {
5563                         l += 32; ll >>= 32;
5564                 }
5565                 if (ll & 0xffff0000) {
5566                         l += 16; ll >>= 16;
5567                 }
5568                 if (ll & 0xff00) {
5569                         l += 8; ll >>= 8;
5570                 }
5571                 if (ll & 0xf0) {
5572                         l += 4; ll >>= 4;
5573                 }
5574                 if (ll & 0xc) {
5575                         l += 2; ll >>= 2;
5576                 }
5577                 if (ll & 0x2)
5578                         l += 2;
5579                 else if (ll & 0x1)
5580                         l += 1;
5581                 *valp = l;
5582                 return (0);
5583         }
5584 
5585         if (cmd == _PC_ACL_ENABLED) {
5586                 *valp = _ACL_ACLENT_ENABLED;
5587                 return (0);
5588         }
5589 
5590         if (cmd == _PC_XATTR_EXISTS) {
5591                 error = 0;
5592                 *valp = 0;
5593                 if (vp->v_vfsp->vfs_flag & VFS_XATTR) {
5594                         vnode_t *avp;
5595                         rnode_t *rp;
5596                         int error = 0;
5597                         mntinfo_t *mi = VTOMI(vp);
5598 
5599                         if (!(mi->mi_flags & MI_EXTATTR))
5600                                 return (0);
5601 
5602                         rp = VTOR(vp);
5603                         if (nfs_rw_enter_sig(&rp->r_rwlock, RW_READER,
5604                             INTR(vp)))
5605                                 return (EINTR);
5606 
5607                         error = nfs3lookup_dnlc(vp, XATTR_DIR_NAME, &avp, cr);
5608                         if (error || avp == NULL)
5609                                 error = acl_getxattrdir3(vp, &avp, 0, cr, 0);
5610 
5611                         nfs_rw_exit(&rp->r_rwlock);
5612 
5613                         if (error == 0 && avp != NULL) {
5614                                 VN_RELE(avp);
5615                                 *valp = 1;
5616                         } else if (error == ENOENT)
5617                                 error = 0;
5618                 }
5619                 return (error);
5620         }
5621 
5622         rp = VTOR(vp);
5623         if (rp->r_pathconf != NULL) {
5624                 mutex_enter(&rp->r_statelock);
5625                 if (rp->r_pathconf != NULL && nfs3_pathconf_disable_cache) {
5626                         kmem_free(rp->r_pathconf, sizeof (*rp->r_pathconf));
5627                         rp->r_pathconf = NULL;
5628                 }
5629                 if (rp->r_pathconf != NULL) {
5630                         error = 0;
5631                         switch (cmd) {
5632                         case _PC_LINK_MAX:
5633                                 *valp = rp->r_pathconf->link_max;
5634                                 break;
5635                         case _PC_NAME_MAX:
5636                                 *valp = rp->r_pathconf->name_max;
5637                                 break;
5638                         case _PC_PATH_MAX:
5639                         case _PC_SYMLINK_MAX:
5640                                 *valp = MAXPATHLEN;
5641                                 break;
5642                         case _PC_CHOWN_RESTRICTED:
5643                                 *valp = rp->r_pathconf->chown_restricted;
5644                                 break;
5645                         case _PC_NO_TRUNC:
5646                                 *valp = rp->r_pathconf->no_trunc;
5647                                 break;
5648                         default:
5649                                 error = EINVAL;
5650                                 break;
5651                         }
5652                         mutex_exit(&rp->r_statelock);
5653 #ifdef DEBUG
5654                         nfs3_pathconf_cache_hits++;
5655 #endif
5656                         return (error);
5657                 }
5658                 mutex_exit(&rp->r_statelock);
5659         }
5660 #ifdef DEBUG
5661         nfs3_pathconf_cache_misses++;
5662 #endif
5663 
5664         args.object = *VTOFH3(vp);
5665         fi.vp = vp;
5666         fi.fhp = (caddr_t)&args.object;
5667         fi.copyproc = nfs3copyfh;
5668         fi.lookupproc = nfs3lookup;
5669         fi.xattrdirproc = acl_getxattrdir3;
5670 
5671         douprintf = 1;
5672 
5673         t = gethrtime();
5674 
5675         error = rfs3call(VTOMI(vp), NFSPROC3_PATHCONF,
5676             xdr_nfs_fh3, (caddr_t)&args,
5677             xdr_PATHCONF3res, (caddr_t)&res, cr,
5678             &douprintf, &res.status, 0, &fi);
5679 
5680         if (error)
5681                 return (error);
5682 
5683         error = geterrno3(res.status);
5684 
5685         if (!error) {
5686                 nfs3_cache_post_op_attr(vp, &res.resok.obj_attributes, t, cr);
5687                 if (!nfs3_pathconf_disable_cache) {
5688                         mutex_enter(&rp->r_statelock);
5689                         if (rp->r_pathconf == NULL) {
5690                                 rp->r_pathconf = kmem_alloc(
5691                                     sizeof (*rp->r_pathconf), KM_NOSLEEP);
5692                                 if (rp->r_pathconf != NULL)
5693                                         *rp->r_pathconf = res.resok.info;
5694                         }
5695                         mutex_exit(&rp->r_statelock);
5696                 }
5697                 switch (cmd) {
5698                 case _PC_LINK_MAX:
5699                         *valp = res.resok.info.link_max;
5700                         break;
5701                 case _PC_NAME_MAX:
5702                         *valp = res.resok.info.name_max;
5703                         break;
5704                 case _PC_PATH_MAX:
5705                 case _PC_SYMLINK_MAX:
5706                         *valp = MAXPATHLEN;
5707                         break;
5708                 case _PC_CHOWN_RESTRICTED:
5709                         *valp = res.resok.info.chown_restricted;
5710                         break;
5711                 case _PC_NO_TRUNC:
5712                         *valp = res.resok.info.no_trunc;
5713                         break;
5714                 default:
5715                         return (EINVAL);
5716                 }
5717         } else {
5718                 nfs3_cache_post_op_attr(vp, &res.resfail.obj_attributes, t, cr);
5719                 PURGE_STALE_FH(error, vp, cr);
5720         }
5721 
5722         return (error);
5723 }
5724 
5725 /*
5726  * Called by async thread to do synchronous pageio. Do the i/o, wait
5727  * for it to complete, and cleanup the page list when done.
5728  */
5729 static int
5730 nfs3_sync_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
5731         int flags, cred_t *cr)
5732 {
5733         int error;
5734 
5735         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
5736         error = nfs3_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
5737         if (flags & B_READ)
5738                 pvn_read_done(pp, (error ? B_ERROR : 0) | flags);
5739         else
5740                 pvn_write_done(pp, (error ? B_ERROR : 0) | flags);
5741         return (error);
5742 }
5743 
5744 static int
5745 nfs3_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
5746         int flags, cred_t *cr)
5747 {
5748         int error;
5749         rnode_t *rp;
5750 
5751         if (pp == NULL)
5752                 return (EINVAL);
5753         if (!(flags & B_ASYNC) && nfs_zone() != VTOMI(vp)->mi_zone)
5754                 return (EIO);
5755 
5756         rp = VTOR(vp);
5757         mutex_enter(&rp->r_statelock);
5758         rp->r_count++;
5759         mutex_exit(&rp->r_statelock);
5760 
5761         if (flags & B_ASYNC) {
5762                 error = nfs_async_pageio(vp, pp, io_off, io_len, flags, cr,
5763                     nfs3_sync_pageio);
5764         } else
5765                 error = nfs3_rdwrlbn(vp, pp, io_off, io_len, flags, cr);
5766         mutex_enter(&rp->r_statelock);
5767         rp->r_count--;
5768         cv_broadcast(&rp->r_cv);
5769         mutex_exit(&rp->r_statelock);
5770         return (error);
5771 }
5772 
5773 static void
5774 nfs3_dispose(vnode_t *vp, page_t *pp, int fl, int dn, cred_t *cr)
5775 {
5776         int error;
5777         rnode_t *rp;
5778         page_t *plist;
5779         page_t *pptr;
5780         offset3 offset;
5781         count3 len;
5782         k_sigset_t smask;
5783 
5784         /*
5785          * We should get called with fl equal to either B_FREE or
5786          * B_INVAL.  Any other value is illegal.
5787          *
5788          * The page that we are either supposed to free or destroy
5789          * should be exclusive locked and its io lock should not
5790          * be held.
5791          */
5792         ASSERT(fl == B_FREE || fl == B_INVAL);
5793         ASSERT((PAGE_EXCL(pp) && !page_iolock_assert(pp)) || panicstr);
5794         rp = VTOR(vp);
5795 
5796         /*
5797          * If the page doesn't need to be committed or we shouldn't
5798          * even bother attempting to commit it, then just make sure
5799          * that the p_fsdata byte is clear and then either free or
5800          * destroy the page as appropriate.
5801          */
5802         if (pp->p_fsdata == C_NOCOMMIT || (rp->r_flags & RSTALE)) {
5803                 pp->p_fsdata = C_NOCOMMIT;
5804                 if (fl == B_FREE)
5805                         page_free(pp, dn);
5806                 else
5807                         page_destroy(pp, dn);
5808                 return;
5809         }
5810 
5811         /*
5812          * If there is a page invalidation operation going on, then
5813          * if this is one of the pages being destroyed, then just
5814          * clear the p_fsdata byte and then either free or destroy
5815          * the page as appropriate.
5816          */
5817         mutex_enter(&rp->r_statelock);
5818         if ((rp->r_flags & RTRUNCATE) && pp->p_offset >= rp->r_truncaddr) {
5819                 mutex_exit(&rp->r_statelock);
5820                 pp->p_fsdata = C_NOCOMMIT;
5821                 if (fl == B_FREE)
5822                         page_free(pp, dn);
5823                 else
5824                         page_destroy(pp, dn);
5825                 return;
5826         }
5827 
5828         /*
5829          * If we are freeing this page and someone else is already
5830          * waiting to do a commit, then just unlock the page and
5831          * return.  That other thread will take care of commiting
5832          * this page.  The page can be freed sometime after the
5833          * commit has finished.  Otherwise, if the page is marked
5834          * as delay commit, then we may be getting called from
5835          * pvn_write_done, one page at a time.   This could result
5836          * in one commit per page, so we end up doing lots of small
5837          * commits instead of fewer larger commits.  This is bad,
5838          * we want do as few commits as possible.
5839          */
5840         if (fl == B_FREE) {
5841                 if (rp->r_flags & RCOMMITWAIT) {
5842                         page_unlock(pp);
5843                         mutex_exit(&rp->r_statelock);
5844                         return;
5845                 }
5846                 if (pp->p_fsdata == C_DELAYCOMMIT) {
5847                         pp->p_fsdata = C_COMMIT;
5848                         page_unlock(pp);
5849                         mutex_exit(&rp->r_statelock);
5850                         return;
5851                 }
5852         }
5853 
5854         /*
5855          * Check to see if there is a signal which would prevent an
5856          * attempt to commit the pages from being successful.  If so,
5857          * then don't bother with all of the work to gather pages and
5858          * generate the unsuccessful RPC.  Just return from here and
5859          * let the page be committed at some later time.
5860          */
5861         sigintr(&smask, VTOMI(vp)->mi_flags & MI_INT);
5862         if (ttolwp(curthread) != NULL && ISSIG(curthread, JUSTLOOKING)) {
5863                 sigunintr(&smask);
5864                 page_unlock(pp);
5865                 mutex_exit(&rp->r_statelock);
5866                 return;
5867         }
5868         sigunintr(&smask);
5869 
5870         /*
5871          * We are starting to need to commit pages, so let's try
5872          * to commit as many as possible at once to reduce the
5873          * overhead.
5874          *
5875          * Set the `commit inprogress' state bit.  We must
5876          * first wait until any current one finishes.  Then
5877          * we initialize the c_pages list with this page.
5878          */
5879         while (rp->r_flags & RCOMMIT) {
5880                 rp->r_flags |= RCOMMITWAIT;
5881                 cv_wait(&rp->r_commit.c_cv, &rp->r_statelock);
5882                 rp->r_flags &= ~RCOMMITWAIT;
5883         }
5884         rp->r_flags |= RCOMMIT;
5885         mutex_exit(&rp->r_statelock);
5886         ASSERT(rp->r_commit.c_pages == NULL);
5887         rp->r_commit.c_pages = pp;
5888         rp->r_commit.c_commbase = (offset3)pp->p_offset;
5889         rp->r_commit.c_commlen = PAGESIZE;
5890 
5891         /*
5892          * Gather together all other pages which can be committed.
5893          * They will all be chained off r_commit.c_pages.
5894          */
5895         nfs3_get_commit(vp);
5896 
5897         /*
5898          * Clear the `commit inprogress' status and disconnect
5899          * the list of pages to be committed from the rnode.
5900          * At this same time, we also save the starting offset
5901          * and length of data to be committed on the server.
5902          */
5903         plist = rp->r_commit.c_pages;
5904         rp->r_commit.c_pages = NULL;
5905         offset = rp->r_commit.c_commbase;
5906         len = rp->r_commit.c_commlen;
5907         mutex_enter(&rp->r_statelock);
5908         rp->r_flags &= ~RCOMMIT;
5909         cv_broadcast(&rp->r_commit.c_cv);
5910         mutex_exit(&rp->r_statelock);
5911 
5912         if (curproc == proc_pageout || curproc == proc_fsflush ||
5913             nfs_zone() != VTOMI(vp)->mi_zone) {
5914                 nfs_async_commit(vp, plist, offset, len, cr, nfs3_async_commit);
5915                 return;
5916         }
5917 
5918         /*
5919          * Actually generate the COMMIT3 over the wire operation.
5920          */
5921         error = nfs3_commit(vp, offset, len, cr);
5922 
5923         /*
5924          * If we got an error during the commit, just unlock all
5925          * of the pages.  The pages will get retransmitted to the
5926          * server during a putpage operation.
5927          */
5928         if (error) {
5929                 while (plist != NULL) {
5930                         pptr = plist;
5931                         page_sub(&plist, pptr);
5932                         page_unlock(pptr);
5933                 }
5934                 return;
5935         }
5936 
5937         /*
5938          * We've tried as hard as we can to commit the data to stable
5939          * storage on the server.  We release the rest of the pages
5940          * and clear the commit required state.  They will be put
5941          * onto the tail of the cachelist if they are nolonger
5942          * mapped.
5943          */
5944         while (plist != pp) {
5945                 pptr = plist;
5946                 page_sub(&plist, pptr);
5947                 pptr->p_fsdata = C_NOCOMMIT;
5948                 (void) page_release(pptr, 1);
5949         }
5950 
5951         /*
5952          * It is possible that nfs3_commit didn't return error but
5953          * some other thread has modified the page we are going
5954          * to free/destroy.
5955          *    In this case we need to rewrite the page. Do an explicit check
5956          * before attempting to free/destroy the page. If modified, needs to
5957          * be rewritten so unlock the page and return.
5958          */
5959         if (hat_ismod(pp)) {
5960                 pp->p_fsdata = C_NOCOMMIT;
5961                 page_unlock(pp);
5962                 return;
5963         }
5964 
5965         /*
5966          * Now, as appropriate, either free or destroy the page
5967          * that we were called with.
5968          */
5969         pp->p_fsdata = C_NOCOMMIT;
5970         if (fl == B_FREE)
5971                 page_free(pp, dn);
5972         else
5973                 page_destroy(pp, dn);
5974 }
5975 
5976 static int
5977 nfs3_commit(vnode_t *vp, offset3 offset, count3 count, cred_t *cr)
5978 {
5979         int error;
5980         rnode_t *rp;
5981         COMMIT3args args;
5982         COMMIT3res res;
5983         int douprintf;
5984         cred_t *cred;
5985 
5986         rp = VTOR(vp);
5987         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
5988 
5989         mutex_enter(&rp->r_statelock);
5990         if (rp->r_cred != NULL) {
5991                 cred = rp->r_cred;
5992                 crhold(cred);
5993         } else {
5994                 rp->r_cred = cr;
5995                 crhold(cr);
5996                 cred = cr;
5997                 crhold(cred);
5998         }
5999         mutex_exit(&rp->r_statelock);
6000 
6001         args.file = *VTOFH3(vp);
6002         args.offset = offset;
6003         args.count = count;
6004 
6005 doitagain:
6006         douprintf = 1;
6007         error = rfs3call(VTOMI(vp), NFSPROC3_COMMIT,
6008             xdr_COMMIT3args, (caddr_t)&args,
6009             xdr_COMMIT3res, (caddr_t)&res, cred,
6010             &douprintf, &res.status, 0, NULL);
6011 
6012         crfree(cred);
6013 
6014         if (error)
6015                 return (error);
6016 
6017         error = geterrno3(res.status);
6018         if (!error) {
6019                 ASSERT(rp->r_flags & RHAVEVERF);
6020                 mutex_enter(&rp->r_statelock);
6021                 if (rp->r_verf == res.resok.verf) {
6022                         mutex_exit(&rp->r_statelock);
6023                         return (0);
6024                 }
6025                 nfs3_set_mod(vp);
6026                 rp->r_verf = res.resok.verf;
6027                 mutex_exit(&rp->r_statelock);
6028                 error = NFS_VERF_MISMATCH;
6029         } else {
6030                 if (error == EACCES) {
6031                         mutex_enter(&rp->r_statelock);
6032                         if (cred != cr) {
6033                                 if (rp->r_cred != NULL)
6034                                         crfree(rp->r_cred);
6035                                 rp->r_cred = cr;
6036                                 crhold(cr);
6037                                 cred = cr;
6038                                 crhold(cred);
6039                                 mutex_exit(&rp->r_statelock);
6040                                 goto doitagain;
6041                         }
6042                         mutex_exit(&rp->r_statelock);
6043                 }
6044                 /*
6045                  * Can't do a PURGE_STALE_FH here because this
6046                  * can cause a deadlock.  nfs3_commit can
6047                  * be called from nfs3_dispose which can be called
6048                  * indirectly via pvn_vplist_dirty.  PURGE_STALE_FH
6049                  * can call back to pvn_vplist_dirty.
6050                  */
6051                 if (error == ESTALE) {
6052                         mutex_enter(&rp->r_statelock);
6053                         rp->r_flags |= RSTALE;
6054                         if (!rp->r_error)
6055                                 rp->r_error = error;
6056                         mutex_exit(&rp->r_statelock);
6057                         PURGE_ATTRCACHE(vp);
6058                 } else {
6059                         mutex_enter(&rp->r_statelock);
6060                         if (!rp->r_error)
6061                                 rp->r_error = error;
6062                         mutex_exit(&rp->r_statelock);
6063                 }
6064         }
6065 
6066         return (error);
6067 }
6068 
6069 static void
6070 nfs3_set_mod(vnode_t *vp)
6071 {
6072         page_t *pp;
6073         kmutex_t *vphm;
6074 
6075         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6076         vphm = page_vnode_mutex(vp);
6077         mutex_enter(vphm);
6078         if ((pp = vp->v_pages) != NULL) {
6079                 do {
6080                         if (pp->p_fsdata != C_NOCOMMIT) {
6081                                 hat_setmod(pp);
6082                                 pp->p_fsdata = C_NOCOMMIT;
6083                         }
6084                 } while ((pp = pp->p_vpnext) != vp->v_pages);
6085         }
6086         mutex_exit(vphm);
6087 }
6088 
6089 
6090 /*
6091  * This routine is used to gather together a page list of the pages
6092  * which are to be committed on the server.  This routine must not
6093  * be called if the calling thread holds any locked pages.
6094  *
6095  * The calling thread must have set RCOMMIT.  This bit is used to
6096  * serialize access to the commit structure in the rnode.  As long
6097  * as the thread has set RCOMMIT, then it can manipulate the commit
6098  * structure without requiring any other locks.
6099  */
6100 static void
6101 nfs3_get_commit(vnode_t *vp)
6102 {
6103         rnode_t *rp;
6104         page_t *pp;
6105         kmutex_t *vphm;
6106 
6107         rp = VTOR(vp);
6108 
6109         ASSERT(rp->r_flags & RCOMMIT);
6110 
6111         vphm = page_vnode_mutex(vp);
6112         mutex_enter(vphm);
6113 
6114         /*
6115          * If there are no pages associated with this vnode, then
6116          * just return.
6117          */
6118         if ((pp = vp->v_pages) == NULL) {
6119                 mutex_exit(vphm);
6120                 return;
6121         }
6122 
6123         /*
6124          * Step through all of the pages associated with this vnode
6125          * looking for pages which need to be committed.
6126          */
6127         do {
6128                 /*
6129                  * If this page does not need to be committed or is
6130                  * modified, then just skip it.
6131                  */
6132                 if (pp->p_fsdata == C_NOCOMMIT || hat_ismod(pp))
6133                         continue;
6134 
6135                 /*
6136                  * Attempt to lock the page.  If we can't, then
6137                  * someone else is messing with it and we will
6138                  * just skip it.
6139                  */
6140                 if (!page_trylock(pp, SE_EXCL))
6141                         continue;
6142 
6143                 /*
6144                  * If this page does not need to be committed or is
6145                  * modified, then just skip it.  Recheck now that
6146                  * the page is locked.
6147                  */
6148                 if (pp->p_fsdata == C_NOCOMMIT || hat_ismod(pp)) {
6149                         page_unlock(pp);
6150                         continue;
6151                 }
6152 
6153                 if (PP_ISFREE(pp)) {
6154                         cmn_err(CE_PANIC, "nfs3_get_commit: %p is free",
6155                             (void *)pp);
6156                 }
6157 
6158                 /*
6159                  * The page needs to be committed and we locked it.
6160                  * Update the base and length parameters and add it
6161                  * to r_pages.
6162                  */
6163                 if (rp->r_commit.c_pages == NULL) {
6164                         rp->r_commit.c_commbase = (offset3)pp->p_offset;
6165                         rp->r_commit.c_commlen = PAGESIZE;
6166                 } else if (pp->p_offset < rp->r_commit.c_commbase) {
6167                         rp->r_commit.c_commlen = rp->r_commit.c_commbase -
6168                             (offset3)pp->p_offset + rp->r_commit.c_commlen;
6169                         rp->r_commit.c_commbase = (offset3)pp->p_offset;
6170                 } else if ((rp->r_commit.c_commbase + rp->r_commit.c_commlen)
6171                             <= pp->p_offset) {
6172                         rp->r_commit.c_commlen = (offset3)pp->p_offset -
6173                             rp->r_commit.c_commbase + PAGESIZE;
6174                 }
6175                 page_add(&rp->r_commit.c_pages, pp);
6176         } while ((pp = pp->p_vpnext) != vp->v_pages);
6177 
6178         mutex_exit(vphm);
6179 }
6180 
6181 /*
6182  * This routine is used to gather together a page list of the pages
6183  * which are to be committed on the server.  This routine must not
6184  * be called if the calling thread holds any locked pages.
6185  *
6186  * The calling thread must have set RCOMMIT.  This bit is used to
6187  * serialize access to the commit structure in the rnode.  As long
6188  * as the thread has set RCOMMIT, then it can manipulate the commit
6189  * structure without requiring any other locks.
6190  */
6191 static void
6192 nfs3_get_commit_range(vnode_t *vp, u_offset_t soff, size_t len)
6193 {
6194 
6195         rnode_t *rp;
6196         page_t *pp;
6197         u_offset_t end;
6198         u_offset_t off;
6199 
6200         ASSERT(len != 0);
6201 
6202         rp = VTOR(vp);
6203 
6204         ASSERT(rp->r_flags & RCOMMIT);
6205         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6206 
6207         /*
6208          * If there are no pages associated with this vnode, then
6209          * just return.
6210          */
6211         if ((pp = vp->v_pages) == NULL)
6212                 return;
6213 
6214         /*
6215          * Calculate the ending offset.
6216          */
6217         end = soff + len;
6218 
6219         for (off = soff; off < end; off += PAGESIZE) {
6220                 /*
6221                  * Lookup each page by vp, offset.
6222                  */
6223                 if ((pp = page_lookup_nowait(vp, off, SE_EXCL)) == NULL)
6224                         continue;
6225 
6226                 /*
6227                  * If this page does not need to be committed or is
6228                  * modified, then just skip it.
6229                  */
6230                 if (pp->p_fsdata == C_NOCOMMIT || hat_ismod(pp)) {
6231                         page_unlock(pp);
6232                         continue;
6233                 }
6234 
6235                 ASSERT(PP_ISFREE(pp) == 0);
6236 
6237                 /*
6238                  * The page needs to be committed and we locked it.
6239                  * Update the base and length parameters and add it
6240                  * to r_pages.
6241                  */
6242                 if (rp->r_commit.c_pages == NULL) {
6243                         rp->r_commit.c_commbase = (offset3)pp->p_offset;
6244                         rp->r_commit.c_commlen = PAGESIZE;
6245                 } else {
6246                         rp->r_commit.c_commlen = (offset3)pp->p_offset -
6247                                         rp->r_commit.c_commbase + PAGESIZE;
6248                 }
6249                 page_add(&rp->r_commit.c_pages, pp);
6250         }
6251 }
6252 
6253 #if 0   /* unused */
6254 #ifdef DEBUG
6255 static int
6256 nfs3_no_uncommitted_pages(vnode_t *vp)
6257 {
6258         page_t *pp;
6259         kmutex_t *vphm;
6260 
6261         vphm = page_vnode_mutex(vp);
6262         mutex_enter(vphm);
6263         if ((pp = vp->v_pages) != NULL) {
6264                 do {
6265                         if (pp->p_fsdata != C_NOCOMMIT) {
6266                                 mutex_exit(vphm);
6267                                 return (0);
6268                         }
6269                 } while ((pp = pp->p_vpnext) != vp->v_pages);
6270         }
6271         mutex_exit(vphm);
6272 
6273         return (1);
6274 }
6275 #endif
6276 #endif
6277 
6278 static int
6279 nfs3_putpage_commit(vnode_t *vp, offset_t poff, size_t plen, cred_t *cr)
6280 {
6281         int error;
6282         writeverf3 write_verf;
6283         rnode_t *rp = VTOR(vp);
6284 
6285         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6286         /*
6287          * Flush the data portion of the file and then commit any
6288          * portions which need to be committed.  This may need to
6289          * be done twice if the server has changed state since
6290          * data was last written.  The data will need to be
6291          * rewritten to the server and then a new commit done.
6292          *
6293          * In fact, this may need to be done several times if the
6294          * server is having problems and crashing while we are
6295          * attempting to do this.
6296          */
6297 
6298 top:
6299         /*
6300          * Do a flush based on the poff and plen arguments.  This
6301          * will asynchronously write out any modified pages in the
6302          * range specified by (poff, plen).  This starts all of the
6303          * i/o operations which will be waited for in the next
6304          * call to nfs3_putpage
6305          */
6306 
6307         mutex_enter(&rp->r_statelock);
6308         write_verf = rp->r_verf;
6309         mutex_exit(&rp->r_statelock);
6310 
6311         error = nfs3_putpage(vp, poff, plen, B_ASYNC, cr);
6312         if (error == EAGAIN)
6313                 error = 0;
6314 
6315         /*
6316          * Do a flush based on the poff and plen arguments.  This
6317          * will synchronously write out any modified pages in the
6318          * range specified by (poff, plen) and wait until all of
6319          * the asynchronous i/o's in that range are done as well.
6320          */
6321         if (!error)
6322                 error = nfs3_putpage(vp, poff, plen, 0, cr);
6323 
6324         if (error)
6325                 return (error);
6326 
6327         mutex_enter(&rp->r_statelock);
6328         if (rp->r_verf != write_verf) {
6329                 mutex_exit(&rp->r_statelock);
6330                 goto top;
6331         }
6332         mutex_exit(&rp->r_statelock);
6333 
6334         /*
6335          * Now commit any pages which might need to be committed.
6336          * If the error, NFS_VERF_MISMATCH, is returned, then
6337          * start over with the flush operation.
6338          */
6339 
6340         error = nfs3_commit_vp(vp, poff, plen, cr);
6341 
6342         if (error == NFS_VERF_MISMATCH)
6343                 goto top;
6344 
6345         return (error);
6346 }
6347 
6348 static int
6349 nfs3_commit_vp(vnode_t *vp, u_offset_t poff, size_t plen, cred_t *cr)
6350 {
6351         rnode_t *rp;
6352         page_t *plist;
6353         offset3 offset;
6354         count3 len;
6355 
6356 
6357         rp = VTOR(vp);
6358 
6359         if (nfs_zone() != VTOMI(vp)->mi_zone)
6360                 return (EIO);
6361         /*
6362          * Set the `commit inprogress' state bit.  We must
6363          * first wait until any current one finishes.
6364          */
6365         mutex_enter(&rp->r_statelock);
6366         while (rp->r_flags & RCOMMIT) {
6367                 rp->r_flags |= RCOMMITWAIT;
6368                 cv_wait(&rp->r_commit.c_cv, &rp->r_statelock);
6369                 rp->r_flags &= ~RCOMMITWAIT;
6370         }
6371         rp->r_flags |= RCOMMIT;
6372         mutex_exit(&rp->r_statelock);
6373 
6374         /*
6375          * Gather together all of the pages which need to be
6376          * committed.
6377          */
6378         if (plen == 0)
6379                 nfs3_get_commit(vp);
6380         else
6381                 nfs3_get_commit_range(vp, poff, plen);
6382 
6383         /*
6384          * Clear the `commit inprogress' bit and disconnect the
6385          * page list which was gathered together in nfs3_get_commit.
6386          */
6387         plist = rp->r_commit.c_pages;
6388         rp->r_commit.c_pages = NULL;
6389         offset = rp->r_commit.c_commbase;
6390         len = rp->r_commit.c_commlen;
6391         mutex_enter(&rp->r_statelock);
6392         rp->r_flags &= ~RCOMMIT;
6393         cv_broadcast(&rp->r_commit.c_cv);
6394         mutex_exit(&rp->r_statelock);
6395 
6396         /*
6397          * If any pages need to be committed, commit them and
6398          * then unlock them so that they can be freed some
6399          * time later.
6400          */
6401         if (plist != NULL) {
6402                 /*
6403                  * No error occurred during the flush portion
6404                  * of this operation, so now attempt to commit
6405                  * the data to stable storage on the server.
6406                  *
6407                  * This will unlock all of the pages on the list.
6408                  */
6409                 return (nfs3_sync_commit(vp, plist, offset, len, cr));
6410         }
6411         return (0);
6412 }
6413 
6414 static int
6415 nfs3_sync_commit(vnode_t *vp, page_t *plist, offset3 offset, count3 count,
6416         cred_t *cr)
6417 {
6418         int error;
6419         page_t *pp;
6420 
6421         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6422         error = nfs3_commit(vp, offset, count, cr);
6423 
6424         /*
6425          * If we got an error, then just unlock all of the pages
6426          * on the list.
6427          */
6428         if (error) {
6429                 while (plist != NULL) {
6430                         pp = plist;
6431                         page_sub(&plist, pp);
6432                         page_unlock(pp);
6433                 }
6434                 return (error);
6435         }
6436         /*
6437          * We've tried as hard as we can to commit the data to stable
6438          * storage on the server.  We just unlock the pages and clear
6439          * the commit required state.  They will get freed later.
6440          */
6441         while (plist != NULL) {
6442                 pp = plist;
6443                 page_sub(&plist, pp);
6444                 pp->p_fsdata = C_NOCOMMIT;
6445                 page_unlock(pp);
6446         }
6447 
6448         return (error);
6449 }
6450 
6451 static void
6452 nfs3_async_commit(vnode_t *vp, page_t *plist, offset3 offset, count3 count,
6453         cred_t *cr)
6454 {
6455         ASSERT(nfs_zone() == VTOMI(vp)->mi_zone);
6456         (void) nfs3_sync_commit(vp, plist, offset, count, cr);
6457 }
6458 
6459 static int
6460 nfs3_setsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr)
6461 {
6462         int error;
6463         mntinfo_t *mi;
6464 
6465         mi = VTOMI(vp);
6466 
6467         if (nfs_zone() != mi->mi_zone)
6468                 return (EIO);
6469 
6470         if (mi->mi_flags & MI_ACL) {
6471                 error = acl_setacl3(vp, vsecattr, flag, cr);
6472                 if (mi->mi_flags & MI_ACL)
6473                         return (error);
6474         }
6475 
6476         return (ENOSYS);
6477 }
6478 
6479 static int
6480 nfs3_getsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr)
6481 {
6482         int error;
6483         mntinfo_t *mi;
6484 
6485         mi = VTOMI(vp);
6486 
6487         if (nfs_zone() != mi->mi_zone)
6488                 return (EIO);
6489 
6490         if (mi->mi_flags & MI_ACL) {
6491                 error = acl_getacl3(vp, vsecattr, flag, cr);
6492                 if (mi->mi_flags & MI_ACL)
6493                         return (error);
6494         }
6495 
6496         return (fs_fab_acl(vp, vsecattr, flag, cr));
6497 }
6498 
6499 static int
6500 nfs3_shrlock(vnode_t *vp, int cmd, struct shrlock *shr, int flag, cred_t *cr)
6501 {
6502         int error;
6503         struct shrlock nshr;
6504         struct nfs_owner nfs_owner;
6505         netobj lm_fh3;
6506 
6507         if (nfs_zone() != VTOMI(vp)->mi_zone)
6508                 return (EIO);
6509 
6510         /*
6511          * check for valid cmd parameter
6512          */
6513         if (cmd != F_SHARE && cmd != F_UNSHARE && cmd != F_HASREMOTELOCKS)
6514                 return (EINVAL);
6515 
6516         /*
6517          * Check access permissions
6518          */
6519         if (cmd == F_SHARE &&
6520             (((shr->s_access & F_RDACC) && !(flag & FREAD)) ||
6521             ((shr->s_access & F_WRACC) && !(flag & FWRITE))))
6522                 return (EBADF);
6523 
6524         /*
6525          * If the filesystem is mounted using local locking, pass the
6526          * request off to the local share code.
6527          */
6528         if (VTOMI(vp)->mi_flags & MI_LLOCK)
6529                 return (fs_shrlock(vp, cmd, shr, flag, cr));
6530 
6531         switch (cmd) {
6532         case F_SHARE:
6533         case F_UNSHARE:
6534                 lm_fh3.n_len = VTOFH3(vp)->fh3_length;
6535                 lm_fh3.n_bytes = (char *)&(VTOFH3(vp)->fh3_u.data);
6536 
6537                 /*
6538                  * If passed an owner that is too large to fit in an
6539                  * nfs_owner it is likely a recursive call from the
6540                  * lock manager client and pass it straight through.  If
6541                  * it is not a nfs_owner then simply return an error.
6542                  */
6543                 if (shr->s_own_len > sizeof (nfs_owner.lowner)) {
6544                         if (((struct nfs_owner *)shr->s_owner)->magic !=
6545                             NFS_OWNER_MAGIC)
6546                                 return (EINVAL);
6547 
6548                         if (error = lm4_shrlock(vp, cmd, shr, flag, &lm_fh3)) {
6549                                 error = set_errno(error);
6550                         }
6551                         return (error);
6552                 }
6553                 /*
6554                  * Remote share reservations owner is a combination of
6555                  * a magic number, hostname, and the local owner
6556                  */
6557                 bzero(&nfs_owner, sizeof (nfs_owner));
6558                 nfs_owner.magic = NFS_OWNER_MAGIC;
6559                 (void) strncpy(nfs_owner.hname, uts_nodename(),
6560                     sizeof (nfs_owner.hname));
6561                 bcopy(shr->s_owner, nfs_owner.lowner, shr->s_own_len);
6562                 nshr.s_access = shr->s_access;
6563                 nshr.s_deny = shr->s_deny;
6564                 nshr.s_sysid = 0;
6565                 nshr.s_pid = ttoproc(curthread)->p_pid;
6566                 nshr.s_own_len = sizeof (nfs_owner);
6567                 nshr.s_owner = (caddr_t)&nfs_owner;
6568 
6569                 if (error = lm4_shrlock(vp, cmd, &nshr, flag, &lm_fh3)) {
6570                         error = set_errno(error);
6571                 }
6572 
6573                 break;
6574 
6575         case F_HASREMOTELOCKS:
6576                 /*
6577                  * NFS client can't store remote locks itself
6578                  */
6579                 shr->s_access = 0;
6580                 error = 0;
6581                 break;
6582 
6583         default:
6584                 error = EINVAL;
6585                 break;
6586         }
6587 
6588         return (error);
6589 }
--- EOF ---