xref: /illumos-gate/usr/src/uts/common/fs/nfs/nfs4_srv.c (revision 7c478bd9)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 *	Copyright (c) 1983,1984,1985,1986,1987,1988,1989  AT&T.
 *	All Rights Reserved
 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <sys/param.h>
#include <sys/types.h>
#include <sys/systm.h>
#include <sys/cred.h>
#include <sys/buf.h>
#include <sys/vfs.h>
#include <sys/vnode.h>
#include <sys/uio.h>
#include <sys/errno.h>
#include <sys/sysmacros.h>
#include <sys/statvfs.h>
#include <sys/kmem.h>
#include <sys/dirent.h>
#include <sys/cmn_err.h>
#include <sys/debug.h>
#include <sys/systeminfo.h>
#include <sys/flock.h>
#include <sys/pathname.h>
#include <sys/nbmlock.h>
#include <sys/share.h>
#include <sys/atomic.h>
#include <sys/policy.h>
#include <sys/fem.h>

#include <rpc/types.h>
#include <rpc/auth.h>
#include <rpc/rpcsec_gss.h>
#include <rpc/svc.h>

#include <nfs/nfs.h>
#include <nfs/export.h>
#include <nfs/lm.h>
#include <nfs/nfs4.h>

#include <sys/strsubr.h>
#include <sys/strsun.h>

#include <inet/common.h>
#include <inet/ip.h>
#include <inet/ip6.h>

#define	RFS4_MAXLOCK_TRIES 4	/* Try to get the lock this many times */
static int rfs4_maxlock_tries = RFS4_MAXLOCK_TRIES;
#define	RFS4_LOCK_DELAY 10	/* Milliseconds */
static clock_t rfs4_lock_delay = RFS4_LOCK_DELAY;

/* End of Tunables */

/*
 * Used to bump the stateid4.seqid value and show changes in the stateid
 */
#define	next_stateid(sp) (++(sp)->bits.chgseq)

/*
 * RFS4_MINLEN_ENTRY4: XDR-encoded size of smallest possible dirent.
 *	This is used to return NFS4ERR_TOOSMALL when clients specify
 *	maxcount that isn't large enough to hold the smallest possible
 *	XDR encoded dirent.
 *
 *	    sizeof cookie (8 bytes) +
 *	    sizeof name_len (4 bytes) +
 *	    sizeof smallest (padded) name (4 bytes) +
 *	    sizeof bitmap4_len (12 bytes) +   NOTE: we always encode len=2 bm4
 *	    sizeof attrlist4_len (4 bytes) +
 *	    sizeof next boolean (4 bytes)
 *
 * RFS4_MINLEN_RDDIR4: XDR-encoded size of READDIR op reply containing
 * the smallest possible entry4 (assumes no attrs requested).
 *	sizeof nfsstat4 (4 bytes) +
 *	sizeof verifier4 (8 bytes) +
 *	sizeof entry4list bool (4 bytes) +
 *	sizeof entry4 	(36 bytes) +
 *	sizeof eof bool  (4 bytes)
 *
 * RFS4_MINLEN_RDDIR_BUF: minimum length of buffer server will provide to
 *	VOP_READDIR.  Its value is the size of the maximum possible dirent
 *	for solaris.  The DIRENT64_RECLEN macro returns	the size of dirent
 *	required for a given name length.  MAXNAMELEN is the maximum
 *	filename length allowed in Solaris.  The first two DIRENT64_RECLEN()
 *	macros are to allow for . and .. entries -- just a minor tweak to try
 *	and guarantee that buffer we give to VOP_READDIR will be large enough
 *	to hold ., .., and the largest possible solaris dirent64.
 */
#define	RFS4_MINLEN_ENTRY4 36
#define	RFS4_MINLEN_RDDIR4 (4 + NFS4_VERIFIER_SIZE + 4 + RFS4_MINLEN_ENTRY4 + 4)
#define	RFS4_MINLEN_RDDIR_BUF \
	(DIRENT64_RECLEN(1) + DIRENT64_RECLEN(2) + DIRENT64_RECLEN(MAXNAMELEN))

/*
 * It would be better to pad to 4 bytes since that's what XDR would do,
 * but the dirents UFS gives us are already padded to 8, so just take
 * what we're given.  Dircount is only a hint anyway.  Currently the
 * solaris kernel is ASCII only, so there's no point in calling the
 * UTF8 functions.
 *
 * dirent64: named padded to provide 8 byte struct alignment
 *	d_ino(8) + d_off(8) + d_reclen(2) + d_name(namelen + null(1) + pad)
 *
 * cookie: uint64_t   +  utf8namelen: uint_t  +   utf8name padded to 8 bytes
 *
 */
#define	DIRENT64_TO_DIRCOUNT(dp) \
	(3 * BYTES_PER_XDR_UNIT + DIRENT64_NAMELEN((dp)->d_reclen))

time_t rfs4_start_time;			/* Initialized in rfs4_srvrinit */

static sysid_t lockt_sysid;		/* dummy sysid for all LOCKT calls */

u_longlong_t nfs4_srv_caller_id;

verifier4	Write4verf;
verifier4	Readdir4verf;

void		rfs4_init_compound_state(struct compound_state *);

static void	nullfree(caddr_t);
static void	rfs4_op_inval(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_access(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_close(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_commit(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_create(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_create_free(nfs_resop4 *resop);
static void	rfs4_op_delegreturn(nfs_argop4 *, nfs_resop4 *,
				    struct svc_req *, struct compound_state *);
static void	rfs4_op_getattr(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_getattr_free(nfs_resop4 *);
static void	rfs4_op_getfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_getfh_free(nfs_resop4 *);
static void	rfs4_op_illegal(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_link(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_lock(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	lock_denied_free(nfs_resop4 *);
static void	rfs4_op_locku(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_lockt(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_lookup(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_lookupp(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_openattr(nfs_argop4 *argop, nfs_resop4 *resop,
				struct svc_req *req, struct compound_state *cs);
static void	rfs4_op_nverify(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_open(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_open_confirm(nfs_argop4 *, nfs_resop4 *,
			struct svc_req *, struct compound_state *);
static void	rfs4_op_open_downgrade(nfs_argop4 *, nfs_resop4 *,
			struct svc_req *, struct compound_state *);
static void	rfs4_op_putfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_putpubfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_putrootfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_read(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_read_free(nfs_resop4 *);
static void	rfs4_op_readdir_free(nfs_resop4 *resop);
static void	rfs4_op_readlink(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_readlink_free(nfs_resop4 *);
static void	rfs4_op_release_lockowner(nfs_argop4 *, nfs_resop4 *,
			struct svc_req *, struct compound_state *);
static void	rfs4_op_remove(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_rename(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_renew(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_restorefh(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_savefh(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_setattr(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_verify(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_write(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_setclientid(nfs_argop4 *, nfs_resop4 *,
			struct svc_req *, struct compound_state *);
static void	rfs4_op_setclientid_confirm(nfs_argop4 *, nfs_resop4 *,
			struct svc_req *req, struct compound_state *);
static void	rfs4_op_secinfo(nfs_argop4 *, nfs_resop4 *, struct svc_req *,
			struct compound_state *);
static void	rfs4_op_secinfo_free(nfs_resop4 *);

static nfsstat4 check_open_access(uint32_t,
				struct compound_state *, struct svc_req *);
nfsstat4 rfs4_client_sysid(rfs4_client_t *, sysid_t *);
static int	vop_shrlock(vnode_t *, int, struct shrlock *, int);
static int 	rfs4_shrlock(rfs4_state_t *, int);
static int	rfs4_share(rfs4_state_t *);
void rfs4_ss_clid(rfs4_client_t *, struct svc_req *);

/*
 * translation table for attrs
 */
struct nfs4_ntov_table {
	union nfs4_attr_u *na;
	uint8_t amap[NFS4_MAXNUM_ATTRS];
	int attrcnt;
	bool_t vfsstat;
};

static void	nfs4_ntov_table_init(struct nfs4_ntov_table *ntovp);
static void	nfs4_ntov_table_free(struct nfs4_ntov_table *ntovp,
				    struct nfs4_svgetit_arg *sargp);

static nfsstat4	do_rfs4_set_attrs(bitmap4 *resp, fattr4 *fattrp,
		    struct compound_state *cs, struct nfs4_svgetit_arg *sargp,
		    struct nfs4_ntov_table *ntovp, nfs4_attr_cmd_t cmd);

fem_t	*deleg_rdops;
fem_t	*deleg_wrops;

rfs4_servinst_t	*rfs4_cur_servinst = NULL;	/* current server instance */
kmutex_t	rfs4_servinst_lock;		/* protects linked list */
int		rfs4_seen_first_compound;	/* set first time we see one */

#ifdef DEBUG
int	rfs4_servinst_debug = 0;
#endif

/*
 * NFS4 op dispatch table
 */

struct rfsv4disp {
	void	(*dis_proc)();		/* proc to call */
	void	(*dis_resfree)();	/* frees space allocated by proc */
	int	dis_flags;		/* RPC_IDEMPOTENT, etc... */
};

static struct rfsv4disp rfsv4disptab[] = {
	/*
	 * NFS VERSION 4
	 */

	/* RFS_NULL = 0 */
	{rfs4_op_illegal, nullfree, 0},

	/* UNUSED = 1 */
	{rfs4_op_illegal, nullfree, 0},

	/* UNUSED = 2 */
	{rfs4_op_illegal, nullfree, 0},

	/* OP_ACCESS = 3 */
	{rfs4_op_access, nullfree, RPC_IDEMPOTENT},

	/* OP_CLOSE = 4 */
	{rfs4_op_close, nullfree, 0},

	/* OP_COMMIT = 5 */
	{rfs4_op_commit, nullfree, RPC_IDEMPOTENT},

	/* OP_CREATE = 6 */
	{rfs4_op_create, nullfree, 0},

	/* OP_DELEGPURGE = 7 */
	{rfs4_op_inval, nullfree, 0},

	/* OP_DELEGRETURN = 8 */
	{rfs4_op_delegreturn, nullfree, 0},

	/* OP_GETATTR = 9 */
	{rfs4_op_getattr, rfs4_op_getattr_free, RPC_IDEMPOTENT},

	/* OP_GETFH = 10 */
	{rfs4_op_getfh, rfs4_op_getfh_free, RPC_ALL},

	/* OP_LINK = 11 */
	{rfs4_op_link, nullfree, 0},

	/* OP_LOCK = 12 */
	{rfs4_op_lock, lock_denied_free, 0},

	/* OP_LOCKT = 13 */
	{rfs4_op_lockt, lock_denied_free, 0},

	/* OP_LOCKU = 14 */
	{rfs4_op_locku, nullfree, 0},

	/* OP_LOOKUP = 15 */
	{rfs4_op_lookup, nullfree, (RPC_IDEMPOTENT|RPC_PUBLICFH_OK)},

	/* OP_LOOKUPP = 16 */
	{rfs4_op_lookupp, nullfree, (RPC_IDEMPOTENT|RPC_PUBLICFH_OK)},

	/* OP_NVERIFY = 17 */
	{rfs4_op_nverify, nullfree, RPC_IDEMPOTENT},

	/* OP_OPEN = 18 */
	{rfs4_op_open, rfs4_free_reply, 0},

	/* OP_OPENATTR = 19 */
	{rfs4_op_openattr, nullfree, 0},

	/* OP_OPEN_CONFIRM = 20 */
	{rfs4_op_open_confirm, nullfree, 0},

	/* OP_OPEN_DOWNGRADE = 21 */
	{rfs4_op_open_downgrade, nullfree, 0},

	/* OP_OPEN_PUTFH = 22 */
	{rfs4_op_putfh, nullfree, RPC_ALL},

	/* OP_PUTPUBFH = 23 */
	{rfs4_op_putpubfh, nullfree, RPC_ALL},

	/* OP_PUTROOTFH = 24 */
	{rfs4_op_putrootfh, nullfree, RPC_ALL},

	/* OP_READ = 25 */
	{rfs4_op_read, rfs4_op_read_free, RPC_IDEMPOTENT},

	/* OP_READDIR = 26 */
	{rfs4_op_readdir, rfs4_op_readdir_free, RPC_IDEMPOTENT},

	/* OP_READLINK = 27 */
	{rfs4_op_readlink, rfs4_op_readlink_free, RPC_IDEMPOTENT},

	/* OP_REMOVE = 28 */
	{rfs4_op_remove, nullfree, 0},

	/* OP_RENAME = 29 */
	{rfs4_op_rename, nullfree, 0},

	/* OP_RENEW = 30 */
	{rfs4_op_renew, nullfree, 0},

	/* OP_RESTOREFH = 31 */
	{rfs4_op_restorefh, nullfree, RPC_ALL},

	/* OP_SAVEFH = 32 */
	{rfs4_op_savefh, nullfree, RPC_ALL},

	/* OP_SECINFO = 33 */
	{rfs4_op_secinfo, rfs4_op_secinfo_free, 0},

	/* OP_SETATTR = 34 */
	{rfs4_op_setattr, nullfree, 0},

	/* OP_SETCLIENTID = 35 */
	{rfs4_op_setclientid, nullfree, 0},

	/* OP_SETCLIENTID_CONFIRM = 36 */
	{rfs4_op_setclientid_confirm, nullfree, 0},

	/* OP_VERIFY = 37 */
	{rfs4_op_verify, nullfree, RPC_IDEMPOTENT},

	/* OP_WRITE = 38 */
	{rfs4_op_write, nullfree, 0},

	/* OP_RELEASE_LOCKOWNER = 39 */
	{rfs4_op_release_lockowner, nullfree, 0},
};

static uint_t rfsv4disp_cnt = sizeof (rfsv4disptab) / sizeof (rfsv4disptab[0]);

#define	OP_ILLEGAL_IDX (rfsv4disp_cnt)

#ifdef DEBUG

int rfs4_fillone_debug = 0;
int rfs4_shrlock_debug = 0;
int rfs4_no_stub_access = 1;
int rfs4_rddir_debug = 0;

static char *rfs4_op_string[] = {
	"rfs4_op_null",
	"rfs4_op_1 unused",
	"rfs4_op_2 unused",
	"rfs4_op_access",
	"rfs4_op_close",
	"rfs4_op_commit",
	"rfs4_op_create",
	"rfs4_op_delegpurge",
	"rfs4_op_delegreturn",
	"rfs4_op_getattr",
	"rfs4_op_getfh",
	"rfs4_op_link",
	"rfs4_op_lock",
	"rfs4_op_lockt",
	"rfs4_op_locku",
	"rfs4_op_lookup",
	"rfs4_op_lookupp",
	"rfs4_op_nverify",
	"rfs4_op_open",
	"rfs4_op_openattr",
	"rfs4_op_open_confirm",
	"rfs4_op_open_downgrade",
	"rfs4_op_putfh",
	"rfs4_op_putpubfh",
	"rfs4_op_putrootfh",
	"rfs4_op_read",
	"rfs4_op_readdir",
	"rfs4_op_readlink",
	"rfs4_op_remove",
	"rfs4_op_rename",
	"rfs4_op_renew",
	"rfs4_op_restorefh",
	"rfs4_op_savefh",
	"rfs4_op_secinfo",
	"rfs4_op_setattr",
	"rfs4_op_setclientid",
	"rfs4_op_setclient_confirm",
	"rfs4_op_verify",
	"rfs4_op_write",
	"rfs4_op_release_lockowner",
	"rfs4_op_illegal"
};
#endif

void rfs4_ss_chkclid(rfs4_client_t *);

#ifdef	nextdp
#undef nextdp
#endif
#define	nextdp(dp)	((struct dirent64 *)((char *)(dp) + (dp)->d_reclen))

static const fs_operation_def_t nfs4_rd_deleg_tmpl[] = {
	VOPNAME_OPEN, deleg_rdopen,
	VOPNAME_WRITE, deleg_write,
	VOPNAME_SETATTR, deleg_setattr,
	VOPNAME_RWLOCK, deleg_rd_rwlock,
	VOPNAME_SPACE, deleg_space,
	VOPNAME_SETSECATTR, deleg_setsecattr,
	VOPNAME_VNEVENT, deleg_vnevent,
	NULL, NULL
};
static const fs_operation_def_t nfs4_wr_deleg_tmpl[] = {
	VOPNAME_OPEN, deleg_wropen,
	VOPNAME_READ, deleg_read,
	VOPNAME_WRITE, deleg_write,
	VOPNAME_SETATTR, deleg_setattr,
	VOPNAME_RWLOCK, deleg_wr_rwlock,
	VOPNAME_SPACE, deleg_space,
	VOPNAME_SETSECATTR, deleg_setsecattr,
	VOPNAME_VNEVENT, deleg_vnevent,
	NULL, NULL
};

int
rfs4_srvrinit(void)
{
	timespec32_t verf;
	int error;
	extern void rfs4_attr_init();
	extern krwlock_t rfs4_deleg_policy_lock;

	/*
	 * The following algorithm attempts to find a unique verifier
	 * to be used as the write verifier returned from the server
	 * to the client.  It is important that this verifier change
	 * whenever the server reboots.  Of secondary importance, it
	 * is important for the verifier to be unique between two
	 * different servers.
	 *
	 * Thus, an attempt is made to use the system hostid and the
	 * current time in seconds when the nfssrv kernel module is
	 * loaded.  It is assumed that an NFS server will not be able
	 * to boot and then to reboot in less than a second.  If the
	 * hostid has not been set, then the current high resolution
	 * time is used.  This will ensure different verifiers each
	 * time the server reboots and minimize the chances that two
	 * different servers will have the same verifier.
	 * XXX - this is broken on LP64 kernels.
	 */
	verf.tv_sec = (time_t)nfs_atoi(hw_serial);
	if (verf.tv_sec != 0) {
		verf.tv_nsec = gethrestime_sec();
	} else {
		timespec_t tverf;

		gethrestime(&tverf);
		verf.tv_sec = (time_t)tverf.tv_sec;
		verf.tv_nsec = tverf.tv_nsec;
	}

	Write4verf = *(uint64_t *)&verf;

	rfs4_attr_init();
	mutex_init(&rfs4_deleg_lock, NULL, MUTEX_DEFAULT, NULL);

	/* Used to manage create/destroy of server state */
	mutex_init(&rfs4_state_lock, NULL, MUTEX_DEFAULT, NULL);

	/* Used to manage access to server instance linked list */
	mutex_init(&rfs4_servinst_lock, NULL, MUTEX_DEFAULT, NULL);

	/* Used to manage access to rfs4_deleg_policy */
	rw_init(&rfs4_deleg_policy_lock, NULL, RW_DEFAULT, NULL);

	error = fem_create("deleg_rdops", nfs4_rd_deleg_tmpl, &deleg_rdops);
	if (error != 0) {
		rfs4_disable_delegation();
	} else {
		error = fem_create("deleg_wrops", nfs4_wr_deleg_tmpl,
				&deleg_wrops);
		if (error != 0) {
			rfs4_disable_delegation();
			fem_free(deleg_rdops);
		}
	}

	nfs4_srv_caller_id = fs_new_caller_id();

	lockt_sysid = lm_alloc_sysidt();

	return (0);
}

void
rfs4_srvrfini(void)
{
	extern krwlock_t rfs4_deleg_policy_lock;

	if (lockt_sysid != LM_NOSYSID) {
		lm_free_sysidt(lockt_sysid);
		lockt_sysid = LM_NOSYSID;
	}

	mutex_destroy(&rfs4_deleg_lock);
	mutex_destroy(&rfs4_state_lock);
	rw_destroy(&rfs4_deleg_policy_lock);

	fem_free(deleg_rdops);
	fem_free(deleg_wrops);
}

void
rfs4_init_compound_state(struct compound_state *cs)
{
	bzero(cs, sizeof (*cs));
	cs->cont = TRUE;
	cs->access = CS_ACCESS_DENIED;
	cs->deleg = FALSE;
	cs->mandlock = FALSE;
	cs->fh.nfs_fh4_val = cs->fhbuf;
}

void
rfs4_grace_start(rfs4_servinst_t *sip)
{
	time_t now = gethrestime_sec();

	NFS4_DEBUG(rfs4_servinst_debug, (CE_NOTE,
	    "rfs4_grace_start: inst %p: 0x%lx", (void *)sip, now));

	rw_enter(&sip->rwlock, RW_WRITER);
	sip->start_time = now;
	sip->grace_period = rfs4_grace_period;
	rw_exit(&sip->rwlock);
}

/*
 * returns true if the instance's grace period has never been started
 */
int
rfs4_servinst_grace_new(rfs4_servinst_t *sip)
{
	time_t start_time;

	rw_enter(&sip->rwlock, RW_READER);
	start_time = sip->start_time;
	rw_exit(&sip->rwlock);

	return (start_time == 0);
}

/*
 * Indicates if server instance is within the
 * grace period.
 */
int
rfs4_servinst_in_grace(rfs4_servinst_t *sip)
{
	time_t grace_expiry;

	rw_enter(&sip->rwlock, RW_READER);
	grace_expiry = sip->start_time + sip->grace_period;
	rw_exit(&sip->rwlock);

	return (gethrestime_sec() < grace_expiry);
}

int
rfs4_clnt_in_grace(rfs4_client_t *cp)
{
	ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0);

	return (rfs4_servinst_in_grace(cp->server_instance));
}

/*
 * reset all currently active grace periods
 */
void
rfs4_grace_reset_all(void)
{
#ifdef DEBUG
	int n = 0;
#endif
	rfs4_servinst_t *sip;

	mutex_enter(&rfs4_servinst_lock);
	for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) {
		if (rfs4_servinst_in_grace(sip)) {
			rfs4_grace_start(sip);
#ifdef DEBUG
			n++;
#endif
		}
	}
	mutex_exit(&rfs4_servinst_lock);

	NFS4_DEBUG(rfs4_servinst_debug, (CE_NOTE,
	    "rfs4_grace_reset_all: reset %d instances", n));
}

/*
 * start any new instances' grace periods
 */
void
rfs4_grace_start_new(void)
{
#ifdef DEBUG
	int n = 0;
#endif
	rfs4_servinst_t *sip;

	mutex_enter(&rfs4_servinst_lock);
	for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) {
		if (rfs4_servinst_grace_new(sip))
			rfs4_grace_start(sip);
#ifdef DEBUG
		n++;
#endif
	}
	mutex_exit(&rfs4_servinst_lock);

	NFS4_DEBUG(rfs4_servinst_debug, (CE_NOTE,
	    "rfs4_grace_start_new: started %d new instances", n));
}

/*
 * Create a new server instance, and make it the currently active instance.
 * Note that starting the grace period too early will reduce the clients'
 * recovery window.
 */
void
rfs4_servinst_create(int start_grace)
{
	rfs4_servinst_t *sip;

	sip = kmem_alloc(sizeof (rfs4_servinst_t), KM_SLEEP);
	rw_init(&sip->rwlock, NULL, RW_DEFAULT, NULL);

	sip->start_time = (time_t)0;
	sip->grace_period = (time_t)0;
	sip->next = NULL;
	sip->prev = NULL;

	mutex_enter(&rfs4_servinst_lock);
	if (rfs4_cur_servinst == NULL) {
		NFS4_DEBUG(rfs4_servinst_debug, (CE_NOTE,
		    "rfs4_servinst_create: creating first instance"));
	} else {
		/* add to linked list */
		sip->prev = rfs4_cur_servinst;
		rfs4_cur_servinst->next = sip;
	}
	if (start_grace)
		rfs4_grace_start(sip);
	/* make the new instance "current" */
	rfs4_cur_servinst = sip;
	mutex_exit(&rfs4_servinst_lock);

	NFS4_DEBUG(rfs4_servinst_debug, (CE_NOTE,
	    "rfs4_servinst_create: new current instance: %p; start_grace: %d",
	    (void *)sip, start_grace));
}

/*
 * In future, we might add a rfs4_servinst_destroy(sip) but, for now, destroy
 * all instances directly.
 */
void
rfs4_servinst_destroy_all(void)
{
	rfs4_servinst_t *sip, *prev, *current;
#ifdef DEBUG
	int n = 0;
#endif

	mutex_enter(&rfs4_servinst_lock);
	ASSERT(rfs4_cur_servinst != NULL);
	current = rfs4_cur_servinst;
	rfs4_cur_servinst = NULL;
	for (sip = current; sip != NULL; sip = prev) {
		prev = sip->prev;
		rw_destroy(&sip->rwlock);
		kmem_free(sip, sizeof (rfs4_servinst_t));
#ifdef DEBUG
		n++;
#endif
	}
	mutex_exit(&rfs4_servinst_lock);

	NFS4_DEBUG(rfs4_servinst_debug, (CE_NOTE,
	    "rfs4_servinst_destroy_all: destroyed %d instances", n));
}

/*
 * Assign the current server instance to a client_t.
 * Should be called with cp->dbe held.
 */
void
rfs4_servinst_assign(rfs4_client_t *cp, rfs4_servinst_t *sip)
{
	ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0);

	NFS4_DEBUG(rfs4_servinst_debug, (CE_NOTE,
	    "rfs4_servinst_assign: client: %p, old: %p, new: %p", (void *)cp,
	    (void *)cp->server_instance, (void *)sip));

	/*
	 * The lock ensures that if the current instance is in the process
	 * of changing, we will see the new one.
	 */
	mutex_enter(&rfs4_servinst_lock);
	cp->server_instance = sip;
	mutex_exit(&rfs4_servinst_lock);
}

rfs4_servinst_t *
rfs4_servinst(rfs4_client_t *cp)
{
	ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0);

	return (cp->server_instance);
}

/* ARGSUSED */
static void
nullfree(caddr_t resop)
{
}

/*
 * This is a fall-through for invalid or not implemented (yet) ops
 */
/* ARGSUSED */
static void
rfs4_op_inval(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	*cs->statusp = *((nfsstat4 *)&(resop)->nfs_resop4_u) = NFS4ERR_INVAL;
}

/*
 * Check if the security flavor, nfsnum, is in the flavor_list.
 */
bool_t
in_flavor_list(int nfsnum, int *flavor_list, int count)
{
	int i;

	for (i = 0; i < count; i++) {
		if (nfsnum == flavor_list[i])
			return (TRUE);
	}
	return (FALSE);
}

/*
 * Used by rfs4_op_secinfo to get the security information from the
 * export structure associated with the component.
 */
/* ARGSUSED */
static nfsstat4
do_rfs4_op_secinfo(struct compound_state *cs, char *nm, SECINFO4res *resp)
{
	int error, different_export = 0;
	vnode_t *dvp, *vp, *tvp;
	struct exportinfo *exi = NULL;
	fid_t fid;
	uint_t count, i;
	secinfo4 *resok_val;
	struct secinfo *secp;
	bool_t did_traverse;
	int dotdot, walk;

	dvp = cs->vp;
	dotdot = (nm[0] == '.' && nm[1] == '.' && nm[2] == '\0');

	/*
	 * If dotdotting, then need to check whether it's above the
	 * root of a filesystem, or above an export point.
	 */
	if (dotdot) {

		/*
		 * If dotdotting at the root of a filesystem, then
		 * need to traverse back to the mounted-on filesystem
		 * and do the dotdot lookup there.
		 */
		if (cs->vp->v_flag & VROOT) {

			/*
			 * If at the system root, then can
			 * go up no further.
			 */
			if (VN_CMP(dvp, rootdir))
				return (puterrno4(ENOENT));

			/*
			 * Traverse back to the mounted-on filesystem
			 */
			dvp = untraverse(cs->vp);

			/*
			 * Set the different_export flag so we remember
			 * to pick up a new exportinfo entry for
			 * this new filesystem.
			 */
			different_export = 1;
		} else {

			/*
			 * If dotdotting above an export point then set
			 * the different_export to get new export info.
			 */
			different_export = nfs_exported(cs->exi, cs->vp);
		}
	}

	/*
	 * Get the vnode for the component "nm".
	 */
	error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cs->cr);
	if (error)
		return (puterrno4(error));

	VN_SETPATH(rootdir, dvp, vp, nm, strlen(nm));

	/*
	 * If the vnode is in a pseudo filesystem, or if the security flavor
	 * used in the request is valid but not an explicitly shared flavor,
	 * or the access bit indicates that this is a limited access,
	 * check whether this vnode is visible.
	 */
	if (!different_export &&
	    (PSEUDO(cs->exi) || ! is_exported_sec(cs->nfsflavor, cs->exi) ||
	    cs->access & CS_ACCESS_LIMITED)) {
		if (! nfs_visible(cs->exi, vp, &different_export)) {
			VN_RELE(vp);
			return (puterrno4(ENOENT));
		}
	}

	/*
	 * If it's a mountpoint, then traverse it.
	 */
	if (vn_ismntpt(vp)) {
		tvp = vp;
		if ((error = traverse(&tvp)) != 0) {
			VN_RELE(vp);
			return (puterrno4(error));
		}
		/* remember that we had to traverse mountpoint */
		did_traverse = TRUE;
		vp = tvp;
		different_export = 1;
	} else if (vp->v_vfsp != dvp->v_vfsp) {
		/*
		 * If vp isn't a mountpoint and the vfs ptrs aren't the same,
		 * then vp is probably an LOFS object.  We don't need the
		 * realvp, we just need to know that we might have crossed
		 * a server fs boundary and need to call checkexport4.
		 * (LOFS lookup hides server fs mountpoints, and actually calls
		 * traverse)
		 */
		different_export = 1;
		did_traverse = FALSE;
	}

	/*
	 * Get the export information for it.
	 */
	if (different_export) {

		bzero(&fid, sizeof (fid));
		fid.fid_len = MAXFIDSZ;
		error = vop_fid_pseudo(vp, &fid);
		if (error) {
			VN_RELE(vp);
			return (puterrno4(error));
		}

		if (dotdot)
			exi = nfs_vptoexi(NULL, vp, cs->cr, &walk, NULL, TRUE);
		else
			exi = checkexport4(&vp->v_vfsp->vfs_fsid, &fid, vp);

		if (exi == NULL) {
			if (did_traverse == TRUE) {
				/*
				 * If this vnode is a mounted-on vnode,
				 * but the mounted-on file system is not
				 * exported, send back the secinfo for
				 * the exported node that the mounted-on
				 * vnode lives in.
				 */
				exi = cs->exi;
			} else {
				VN_RELE(vp);
				return (puterrno4(EACCES));
			}
		}
	} else {
		exi = cs->exi;
	}
	ASSERT(exi != NULL);


	/*
	 * Create the secinfo result based on the security information
	 * from the exportinfo structure (exi).
	 *
	 * Return all flavors for a pseudo node.
	 * For a real export node, return the flavor that the client
	 * has access with.
	 */
	ASSERT(RW_LOCK_HELD(&exported_lock));
	if (PSEUDO(exi)) {
		count = exi->exi_export.ex_seccnt; /* total sec count */
		resok_val = kmem_alloc(count * sizeof (secinfo4), KM_SLEEP);
		secp = exi->exi_export.ex_secinfo;

		for (i = 0; i < count; i++) {
		    resok_val[i].flavor = secp[i].s_secinfo.sc_rpcnum;
		    if (resok_val[i].flavor == RPCSEC_GSS) {
			rpcsec_gss_info *info;

			info = &resok_val[i].flavor_info;
			info->qop = secp[i].s_secinfo.sc_qop;
			info->service =
				(rpc_gss_svc_t)secp[i].s_secinfo.sc_service;

			/* get oid opaque data */
			info->oid.sec_oid4_len =
				secp[i].s_secinfo.sc_gss_mech_type->length;
			info->oid.sec_oid4_val =
				kmem_alloc(
				    secp[i].s_secinfo.sc_gss_mech_type->length,
				    KM_SLEEP);
			bcopy(secp[i].s_secinfo.sc_gss_mech_type->elements,
				info->oid.sec_oid4_val, info->oid.sec_oid4_len);
		    }
		}
		resp->SECINFO4resok_len = count;
		resp->SECINFO4resok_val = resok_val;
	} else {
		int ret_cnt = 0, k = 0;
		int *flavor_list;

		count = exi->exi_export.ex_seccnt; /* total sec count */
		secp = exi->exi_export.ex_secinfo;

		flavor_list = kmem_alloc(count * sizeof (int), KM_SLEEP);
		/* find out which flavors to return */
		for (i = 0; i < count; i ++) {
			int access, flavor, perm;

			flavor = secp[i].s_secinfo.sc_nfsnum;
			perm = secp[i].s_flags;

			access = nfsauth4_secinfo_access(exi, cs->req,
						flavor, perm);

			if (! (access & NFSAUTH_DENIED) &&
			    ! (access & NFSAUTH_WRONGSEC)) {
				flavor_list[ret_cnt] = flavor;
				ret_cnt++;
			}
		}

		/* Create the returning SECINFO value */
		resok_val = kmem_alloc(ret_cnt * sizeof (secinfo4), KM_SLEEP);

		for (i = 0; i < count; i++) {
		/* If the flavor is in the flavor list, fill in resok_val. */
		    if (in_flavor_list(secp[i].s_secinfo.sc_nfsnum,
						flavor_list, ret_cnt)) {
			resok_val[k].flavor = secp[i].s_secinfo.sc_rpcnum;
			if (resok_val[k].flavor == RPCSEC_GSS) {
			    rpcsec_gss_info *info;

			    info = &resok_val[k].flavor_info;
			    info->qop = secp[i].s_secinfo.sc_qop;
			    info->service =
				(rpc_gss_svc_t)secp[i].s_secinfo.sc_service;

			    /* get oid opaque data */
			    info->oid.sec_oid4_len =
				secp[i].s_secinfo.sc_gss_mech_type->length;
			    info->oid.sec_oid4_val =
				kmem_alloc(
				    secp[i].s_secinfo.sc_gss_mech_type->length,
				    KM_SLEEP);
			    bcopy(secp[i].s_secinfo.sc_gss_mech_type->elements,
				info->oid.sec_oid4_val, info->oid.sec_oid4_len);
			}
			k++;
		    }
		    if (k >= ret_cnt)
			break;
		}
		resp->SECINFO4resok_len = ret_cnt;
		resp->SECINFO4resok_val = resok_val;
		kmem_free(flavor_list, count * sizeof (int));
	}

	VN_RELE(vp);
	return (NFS4_OK);
}

/*
 * SECINFO (Operation 33): Obtain required security information on
 * the component name in the format of (security-mechanism-oid, qop, service)
 * triplets.
 */
/* ARGSUSED */
static void
rfs4_op_secinfo(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	SECINFO4res *resp = &resop->nfs_resop4_u.opsecinfo;
	utf8string *utfnm = &argop->nfs_argop4_u.opsecinfo.name;
	uint_t len;
	char *nm;

	/*
	 * Current file handle (cfh) should have been set before getting
	 * into this function. If not, return error.
	 */
	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if (cs->vp->v_type != VDIR) {
		*cs->statusp = resp->status = NFS4ERR_NOTDIR;
		return;
	}

	/*
	 * Verify the component name. If failed, error out, but
	 * do not error out if the component name is a "..".
	 * SECINFO will return its parents secinfo data for SECINFO "..".
	 */
	if (!utf8_dir_verify(utfnm)) {
		if (utfnm->utf8string_len != 2 ||
				utfnm->utf8string_val[0] != '.' ||
				utfnm->utf8string_val[1] != '.') {
			*cs->statusp = resp->status = NFS4ERR_INVAL;
			return;
		}
	}

	nm = utf8_to_str(utfnm, &len, NULL);
	if (nm == NULL) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	if (len > MAXNAMELEN) {
		*cs->statusp = resp->status = NFS4ERR_NAMETOOLONG;
		kmem_free(nm, len);
		return;
	}

	*cs->statusp = resp->status = do_rfs4_op_secinfo(cs, nm, resp);

	kmem_free(nm, len);
}

/*
 * Free SECINFO result.
 */
/* ARGSUSED */
static void
rfs4_op_secinfo_free(nfs_resop4 *resop)
{
	SECINFO4res *resp = &resop->nfs_resop4_u.opsecinfo;
	int count, i;
	secinfo4 *resok_val;

	/* If this is not an Ok result, nothing to free. */
	if (resp->status != NFS4_OK) {
		return;
	}

	count = resp->SECINFO4resok_len;
	resok_val = resp->SECINFO4resok_val;

	for (i = 0; i < count; i++) {
	    if (resok_val[i].flavor == RPCSEC_GSS) {
		rpcsec_gss_info *info;

		info = &resok_val[i].flavor_info;
		kmem_free(info->oid.sec_oid4_val, info->oid.sec_oid4_len);
	    }
	}
	kmem_free(resok_val, count * sizeof (secinfo4));
	resp->SECINFO4resok_len = 0;
	resp->SECINFO4resok_val = NULL;
}

/* ARGSUSED */
static void
rfs4_op_access(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	ACCESS4args *args = &argop->nfs_argop4_u.opaccess;
	ACCESS4res *resp = &resop->nfs_resop4_u.opaccess;
	int error;
	vnode_t *vp;
	struct vattr va;
	int checkwriteperm;
	cred_t *cr = cs->cr;

#if 0	/* XXX allow access even if !cs->access. Eventually only pseudo fs */
	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}
#endif
	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	ASSERT(cr != NULL);

	vp = cs->vp;

	/*
	 * If the file system is exported read only, it is not appropriate
	 * to check write permissions for regular files and directories.
	 * Special files are interpreted by the client, so the underlying
	 * permissions are sent back to the client for interpretation.
	 */
	if (rdonly4(cs->exi, cs->vp, req) &&
		(vp->v_type == VREG || vp->v_type == VDIR))
		checkwriteperm = 0;
	else
		checkwriteperm = 1;

	/*
	 * XXX
	 * We need the mode so that we can correctly determine access
	 * permissions relative to a mandatory lock file.  Access to
	 * mandatory lock files is denied on the server, so it might
	 * as well be reflected to the server during the open.
	 */
	va.va_mask = AT_MODE;
	error = VOP_GETATTR(vp, &va, 0, cr);
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	resp->access = 0;
	resp->supported = 0;

	if (args->access & ACCESS4_READ) {
		error = VOP_ACCESS(vp, VREAD, 0, cr);
		if (!error && !MANDLOCK(vp, va.va_mode))
			resp->access |= ACCESS4_READ;
		resp->supported |= ACCESS4_READ;
	}
	if ((args->access & ACCESS4_LOOKUP) && vp->v_type == VDIR) {
		error = VOP_ACCESS(vp, VEXEC, 0, cr);
		if (!error)
			resp->access |= ACCESS4_LOOKUP;
		resp->supported |= ACCESS4_LOOKUP;
	}
	if (checkwriteperm &&
	    (args->access & (ACCESS4_MODIFY|ACCESS4_EXTEND))) {
		error = VOP_ACCESS(vp, VWRITE, 0, cr);
		if (!error && !MANDLOCK(vp, va.va_mode))
			resp->access |=
			    (args->access & (ACCESS4_MODIFY|ACCESS4_EXTEND));
		resp->supported |= (ACCESS4_MODIFY|ACCESS4_EXTEND);
	}

	if (checkwriteperm &&
	    (args->access & ACCESS4_DELETE) && vp->v_type == VDIR) {
		error = VOP_ACCESS(vp, VWRITE, 0, cr);
		if (!error)
			resp->access |= ACCESS4_DELETE;
		resp->supported |= ACCESS4_DELETE;
	}
	if (args->access & ACCESS4_EXECUTE && vp->v_type != VDIR) {
		error = VOP_ACCESS(vp, VEXEC, 0, cr);
		if (!error && !MANDLOCK(vp, va.va_mode))
			resp->access |= ACCESS4_EXECUTE;
		resp->supported |= ACCESS4_EXECUTE;
	}

	*cs->statusp = resp->status = NFS4_OK;
}

/* ARGSUSED */
static void
rfs4_op_commit(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	COMMIT4args *args = &argop->nfs_argop4_u.opcommit;
	COMMIT4res *resp = &resop->nfs_resop4_u.opcommit;
	int error;
	vnode_t *vp = cs->vp;
	cred_t *cr = cs->cr;
	vattr_t va;

	if (vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}
	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	if (args->offset + args->count < args->offset) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	va.va_mask = AT_UID;
	error = VOP_GETATTR(vp, &va, 0, cr);

	/*
	 * If we can't get the attributes, then we can't do the
	 * right access checking.  So, we'll fail the request.
	 */
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}
	if (rdonly4(cs->exi, cs->vp, req)) {
		*cs->statusp = resp->status = NFS4ERR_ROFS;
		return;
	}

	if (vp->v_type != VREG) {
		if (vp->v_type == VDIR)
			resp->status = NFS4ERR_ISDIR;
		else
			resp->status = NFS4ERR_INVAL;
		*cs->statusp = resp->status;
		return;
	}

	if (crgetuid(cr) != va.va_uid &&
	    (error = VOP_ACCESS(vp, VWRITE, 0, cs->cr))) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	error = VOP_PUTPAGE(vp, args->offset, args->count, 0, cr);
	if (!error)
		error = VOP_FSYNC(vp, FNODSYNC, cr);

	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	*cs->statusp = resp->status = NFS4_OK;
	resp->writeverf = Write4verf;
}

/*
 * rfs4_op_mknod is called from rfs4_op_create after all initial verification
 * was completed. It does the nfsv4 create for special files.
 */
/* ARGSUSED */
static vnode_t *
do_rfs4_op_mknod(CREATE4args *args, CREATE4res *resp, struct svc_req *req,
	struct compound_state *cs, vattr_t *vap, char *nm)
{
	int error;
	cred_t *cr = cs->cr;
	vnode_t *dvp = cs->vp;
	vnode_t *vp = NULL;
	int mode;
	enum vcexcl excl;

	switch (args->type) {
	case NF4CHR:
	case NF4BLK:
		if (secpolicy_sys_devices(cr) != 0) {
			*cs->statusp = resp->status = NFS4ERR_PERM;
			return (NULL);
		}
		if (args->type == NF4CHR)
			vap->va_type = VCHR;
		else
			vap->va_type = VBLK;
		vap->va_rdev = makedevice(args->ftype4_u.devdata.specdata1,
					args->ftype4_u.devdata.specdata2);
		vap->va_mask |= AT_RDEV;
		break;
	case NF4SOCK:
		vap->va_type = VSOCK;
		break;
	case NF4FIFO:
		vap->va_type = VFIFO;
		break;
	default:
		*cs->statusp = resp->status = NFS4ERR_BADTYPE;
		return (NULL);
	}

	/*
	 * Must specify the mode.
	 */
	if (!(vap->va_mask & AT_MODE)) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return (NULL);
	}

	excl = EXCL;

	mode = 0;

	error = VOP_CREATE(dvp, nm, vap, excl, mode, &vp, cr, 0);
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		return (NULL);
	}
	return (vp);
}

/*
 * nfsv4 create is used to create non-regular files. For regular files,
 * use nfsv4 open.
 */
/* ARGSUSED */
static void
rfs4_op_create(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	CREATE4args *args = &argop->nfs_argop4_u.opcreate;
	CREATE4res *resp = &resop->nfs_resop4_u.opcreate;
	int error;
	struct vattr bva, iva, iva2, ava, *vap;
	cred_t *cr = cs->cr;
	vnode_t *dvp = cs->vp;
	vnode_t *vp = NULL;
	char *nm, *lnm;
	uint_t len, llen;
	int syncval = 0;
	struct nfs4_svgetit_arg sarg;
	struct nfs4_ntov_table ntov;
	struct statvfs64 sb;
	nfsstat4 status;

	resp->attrset = 0;

	if (dvp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	/*
	 * If there is an unshared filesystem mounted on this vnode,
	 * do not allow to create an object in this directory.
	 */
	if (vn_ismntpt(dvp)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	/* Verify that type is correct */
	switch (args->type) {
	case NF4LNK:
	case NF4BLK:
	case NF4CHR:
	case NF4SOCK:
	case NF4FIFO:
	case NF4DIR:
		break;
	default:
		*cs->statusp = resp->status = NFS4ERR_BADTYPE;
		return;
	};

	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}
	if (dvp->v_type != VDIR) {
		*cs->statusp = resp->status = NFS4ERR_NOTDIR;
		return;
	}
	if (!utf8_dir_verify(&args->objname)) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	if (rdonly4(cs->exi, cs->vp, req)) {
		*cs->statusp = resp->status = NFS4ERR_ROFS;
		return;
	}

	/*
	 * Name of newly created object
	 */
	nm = utf8_to_fn(&args->objname, &len, NULL);
	if (nm == NULL) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	if (len > MAXNAMELEN) {
		*cs->statusp = resp->status = NFS4ERR_NAMETOOLONG;
		kmem_free(nm, len);
		return;
	}

	resp->attrset = 0;

	sarg.sbp = &sb;
	nfs4_ntov_table_init(&ntov);

	status = do_rfs4_set_attrs(&resp->attrset,
					&args->createattrs, cs, &sarg,
					&ntov, NFS4ATTR_SETIT);

	if (sarg.vap->va_mask == 0 && status == NFS4_OK)
		status = NFS4ERR_INVAL;

	if (status != NFS4_OK) {
		*cs->statusp = resp->status = status;
		kmem_free(nm, len);
		nfs4_ntov_table_free(&ntov, &sarg);
		resp->attrset = 0;
		return;
	}

	/* Get "before" change value */
	bva.va_mask = AT_CTIME|AT_SEQ;
	error = VOP_GETATTR(dvp, &bva, 0, cr);
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		kmem_free(nm, len);
		nfs4_ntov_table_free(&ntov, &sarg);
		resp->attrset = 0;
		return;
	}
	NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bva.va_ctime)

	vap = sarg.vap;

	/*
	 * Set default initial values for attributes when not specified
	 * in createattrs.
	 */
	if ((vap->va_mask & AT_UID) == 0) {
		vap->va_uid = crgetuid(cr);
		vap->va_mask |= AT_UID;
	}
	if ((vap->va_mask & AT_GID) == 0) {
		vap->va_gid = crgetgid(cr);
		vap->va_mask |= AT_GID;
	}

	vap->va_mask |= AT_TYPE;
	switch (args->type) {
	case NF4DIR:
		vap->va_type = VDIR;
		if ((vap->va_mask & AT_MODE) == 0) {
			vap->va_mode = 0700;	/* default: owner rwx only */
			vap->va_mask |= AT_MODE;
		}
		error = VOP_MKDIR(dvp, nm, vap, &vp, cr);
		if (error)
			break;

		/*
		 * Get the initial "after" sequence number, if it fails,
		 * set to zero
		 */
		iva.va_mask = AT_SEQ;
		if (VOP_GETATTR(dvp, &iva, 0, cs->cr))
			iva.va_seq = 0;
		break;
	case NF4LNK:
		vap->va_type = VLNK;
		if ((vap->va_mask & AT_MODE) == 0) {
			vap->va_mode = 0700;	/* default: owner rwx only */
			vap->va_mask |= AT_MODE;
		}

		/*
		 * symlink names must be treated as data
		 */
		lnm = utf8_to_str(&args->ftype4_u.linkdata, &llen, NULL);

		if (lnm == NULL) {
			*cs->statusp = resp->status = NFS4ERR_INVAL;
			kmem_free(nm, len);
			nfs4_ntov_table_free(&ntov, &sarg);
			resp->attrset = 0;
			return;
		}

		if (llen > MAXPATHLEN) {
			*cs->statusp = resp->status = NFS4ERR_NAMETOOLONG;
			kmem_free(nm, len);
			kmem_free(lnm, llen);
			nfs4_ntov_table_free(&ntov, &sarg);
			resp->attrset = 0;
			return;
		}

		error = VOP_SYMLINK(dvp, nm, vap, lnm, cr);
		if (lnm != NULL)
			kmem_free(lnm, llen);
		if (error)
			break;

		/*
		 * Get the initial "after" sequence number, if it fails,
		 * set to zero
		 */
		iva.va_mask = AT_SEQ;
		if (VOP_GETATTR(dvp, &iva, 0, cs->cr))
			iva.va_seq = 0;

		error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cr);
		if (error)
			break;

		VN_SETPATH(rootdir, dvp, vp, nm, strlen(nm));

		/*
		 * va_seq is not safe over VOP calls, check it again
		 * if it has changed zero out iva to force atomic = FALSE.
		 */
		iva2.va_mask = AT_SEQ;
		if (VOP_GETATTR(dvp, &iva2, 0, cs->cr) ||
						iva2.va_seq != iva.va_seq)
			iva.va_seq = 0;
		break;
	default:
		/*
		 * probably a special file.
		 */
		if ((vap->va_mask & AT_MODE) == 0) {
			vap->va_mode = 0600;	/* default: owner rw only */
			vap->va_mask |= AT_MODE;
		}
		syncval = FNODSYNC;
		/*
		 * We know this will only generate one VOP call
		 */
		vp = do_rfs4_op_mknod(args, resp, req, cs, vap, nm);

		if (vp == NULL) {
			kmem_free(nm, len);
			nfs4_ntov_table_free(&ntov, &sarg);
			resp->attrset = 0;
			return;
		}

		/*
		 * Get the initial "after" sequence number, if it fails,
		 * set to zero
		 */
		iva.va_mask = AT_SEQ;
		if (VOP_GETATTR(dvp, &iva, 0, cs->cr))
			iva.va_seq = 0;

		break;
	}
	kmem_free(nm, len);

	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
	}

	/*
	 * Force modified data and metadata out to stable storage.
	 */
	(void) VOP_FSYNC(dvp, 0, cr);

	if (resp->status != NFS4_OK) {
		if (vp != NULL)
			VN_RELE(vp);
		nfs4_ntov_table_free(&ntov, &sarg);
		resp->attrset = 0;
		return;
	}

	/*
	 * Finish setup of cinfo response, "before" value already set.
	 * Get "after" change value, if it fails, simply return the
	 * before value.
	 */
	ava.va_mask = AT_CTIME|AT_SEQ;
	if (VOP_GETATTR(dvp, &ava, 0, cr)) {
		ava.va_ctime = bva.va_ctime;
		ava.va_seq = 0;
	}
	NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, ava.va_ctime);

	/*
	 * True verification that object was created with correct
	 * attrs is impossible.  The attrs could have been changed
	 * immediately after object creation.  If attributes did
	 * not verify, the only recourse for the server is to
	 * destroy the object.  Maybe if some attrs (like gid)
	 * are set incorrectly, the object should be destroyed;
	 * however, seems bad as a default policy.  Do we really
	 * want to destroy an object over one of the times not
	 * verifying correctly?  For these reasons, the server
	 * currently sets bits in attrset for createattrs
	 * that were set; however, no verification is done.
	 *
	 * vmask_to_nmask accounts for vattr bits set on create
	 *	[do_rfs4_set_attrs() only sets resp bits for
	 *	 non-vattr/vfs bits.]
	 * Mask off any bits set by default so as not to return
	 * more attrset bits than were requested in createattrs
	 */
	nfs4_vmask_to_nmask(sarg.vap->va_mask, &resp->attrset);
	resp->attrset &= args->createattrs.attrmask;
	nfs4_ntov_table_free(&ntov, &sarg);

	error = makefh4(&cs->fh, vp, cs->exi);
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
	}

	/*
	 * The cinfo.atomic = TRUE only if we got no errors, we have
	 * non-zero va_seq's, and it has incremented by exactly one
	 * during the creation and it didn't change during the VOP_LOOKUP
	 * or VOP_FSYNC.
	 */
	if (!error && bva.va_seq && iva.va_seq && ava.va_seq &&
			iva.va_seq == (bva.va_seq + 1) &&
			iva.va_seq == ava.va_seq)
		resp->cinfo.atomic = TRUE;
	else
		resp->cinfo.atomic = FALSE;

	(void) VOP_FSYNC(vp, syncval, cr);

	if (resp->status != NFS4_OK) {
		VN_RELE(vp);
		return;
	}
	if (cs->vp)
		VN_RELE(cs->vp);

	cs->vp = vp;
	*cs->statusp = resp->status = NFS4_OK;
}


/*ARGSUSED*/
static void
rfs4_op_delegreturn(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	DELEGRETURN4args *args = &argop->nfs_argop4_u.opdelegreturn;
	DELEGRETURN4res *resp = &resop->nfs_resop4_u.opdelegreturn;
	rfs4_deleg_state_t *dsp;
	nfsstat4 status;

	status = rfs4_get_deleg_state(&args->deleg_stateid, &dsp);
	resp->status = *cs->statusp = status;
	if (status != NFS4_OK)
		return;

	/* Ensure specified filehandle matches */
	if (cs->vp != dsp->finfo->vp) {
		resp->status = *cs->statusp = NFS4ERR_BAD_STATEID;
	} else
		rfs4_return_deleg(dsp, FALSE);

	rfs4_update_lease(dsp->client);

	rfs4_deleg_state_rele(dsp);
}

/*
 * Check to see if a given "flavor" is an explicitly shared flavor.
 * The assumption of this routine is the "flavor" is already a valid
 * flavor in the secinfo list of "exi".
 *
 *	e.g.
 *		# share -o sec=flavor1 /export
 *		# share -o sec=flavor2 /export/home
 *
 *		flavor2 is not an explicitly shared flavor for /export,
 *		however it is in the secinfo list for /export thru the
 *		server namespace setup.
 */
int
is_exported_sec(int flavor, struct exportinfo *exi)
{
	int	i;
	struct secinfo *sp;

	sp = exi->exi_export.ex_secinfo;
	for (i = 0; i < exi->exi_export.ex_seccnt; i++) {
		if (flavor == sp[i].s_secinfo.sc_nfsnum ||
		    sp[i].s_secinfo.sc_nfsnum == AUTH_NONE) {
			return (SEC_REF_EXPORTED(&sp[i]));
		}
	}

	/* Should not reach this point based on the assumption */
	return (0);
}

/*
 * Check if the security flavor used in the request matches what is
 * required at the export point or at the root pseudo node (exi_root).
 *
 * returns 1 if there's a match or if exported with AUTH_NONE; 0 otherwise.
 *
 */
static int
secinfo_match_or_authnone(struct compound_state *cs)
{
	int	i;
	struct secinfo *sp;

	/*
	 * Check cs->nfsflavor (from the request) against
	 * the current export data in cs->exi.
	 */
	sp = cs->exi->exi_export.ex_secinfo;
	for (i = 0; i < cs->exi->exi_export.ex_seccnt; i++) {
		if (cs->nfsflavor == sp[i].s_secinfo.sc_nfsnum ||
		    sp[i].s_secinfo.sc_nfsnum == AUTH_NONE)
			return (1);
	}

	return (0);
}

/*
 * Check the access authority for the client and return the correct error.
 */
nfsstat4
call_checkauth4(struct compound_state *cs, struct svc_req *req)
{
	int	authres;

	/*
	 * First, check if the security flavor used in the request
	 * are among the flavors set in the server namespace.
	 */
	if (!secinfo_match_or_authnone(cs)) {
		*cs->statusp = NFS4ERR_WRONGSEC;
		return (*cs->statusp);
	}

	authres = checkauth4(cs, req);

	if (authres > 0) {
		*cs->statusp = NFS4_OK;
		if (! (cs->access & CS_ACCESS_LIMITED))
			cs->access = CS_ACCESS_OK;
	} else if (authres == 0) {
		*cs->statusp = NFS4ERR_ACCESS;
	} else if (authres == -2) {
		*cs->statusp = NFS4ERR_WRONGSEC;
	} else {
		*cs->statusp = NFS4ERR_DELAY;
	}
	return (*cs->statusp);
}

/*
 * bitmap4_to_attrmask is called by getattr and readdir.
 * It sets up the vattr mask and determines whether vfsstat call is needed
 * based on the input bitmap.
 * Returns nfsv4 status.
 */
static nfsstat4
bitmap4_to_attrmask(bitmap4 breq, struct nfs4_svgetit_arg *sargp)
{
	int i;
	uint_t	va_mask;
	struct statvfs64 *sbp = sargp->sbp;

	sargp->sbp = NULL;
	sargp->flag = 0;
	sargp->rdattr_error = NFS4_OK;
	sargp->mntdfid_set = FALSE;
	if (sargp->cs->vp)
		sargp->xattr = get_fh4_flag(&sargp->cs->fh,
					    FH4_ATTRDIR | FH4_NAMEDATTR);
	else
		sargp->xattr = 0;

	/*
	 * Set rdattr_error_req to true if return error per
	 * failed entry rather than fail the readdir.
	 */
	if (breq & FATTR4_RDATTR_ERROR_MASK)
		sargp->rdattr_error_req = 1;
	else
		sargp->rdattr_error_req = 0;

	/*
	 * generate the va_mask
	 * Handle the easy cases first
	 */
	switch (breq) {
	case NFS4_NTOV_ATTR_MASK:
		sargp->vap->va_mask = NFS4_NTOV_ATTR_AT_MASK;
		return (NFS4_OK);

	case NFS4_FS_ATTR_MASK:
		sargp->vap->va_mask = NFS4_FS_ATTR_AT_MASK;
		sargp->sbp = sbp;
		return (NFS4_OK);

	case NFS4_NTOV_ATTR_CACHE_MASK:
		sargp->vap->va_mask = NFS4_NTOV_ATTR_CACHE_AT_MASK;
		return (NFS4_OK);

	case FATTR4_LEASE_TIME_MASK:
		sargp->vap->va_mask = 0;
		return (NFS4_OK);

	default:
		va_mask = 0;
		for (i = 0; i < nfs4_ntov_map_size; i++) {
			if ((breq & nfs4_ntov_map[i].fbit) &&
							nfs4_ntov_map[i].vbit)
				va_mask |= nfs4_ntov_map[i].vbit;
		}

		/*
		 * Check is vfsstat is needed
		 */
		if (breq & NFS4_FS_ATTR_MASK)
			sargp->sbp = sbp;

		sargp->vap->va_mask = va_mask;
		return (NFS4_OK);
	}
	/* NOTREACHED */
}

/*
 * bitmap4_get_sysattrs is called by getattr and readdir.
 * It calls both VOP_GETATTR and VFS_STATVFS calls to get the attrs.
 * Returns nfsv4 status.
 */
static nfsstat4
bitmap4_get_sysattrs(struct nfs4_svgetit_arg *sargp)
{
	int error;
	struct compound_state *cs = sargp->cs;
	vnode_t *vp = cs->vp;

	if (sargp->sbp != NULL) {
		if (error = VFS_STATVFS(vp->v_vfsp, sargp->sbp)) {
			sargp->sbp = NULL;	/* to identify error */
			return (puterrno4(error));
		}
	}

	return (rfs4_vop_getattr(vp, sargp->vap, 0, cs->cr));
}

static void
nfs4_ntov_table_init(struct nfs4_ntov_table *ntovp)
{
	ntovp->na = kmem_zalloc(sizeof (union nfs4_attr_u) * nfs4_ntov_map_size,
			KM_SLEEP);
	ntovp->attrcnt = 0;
	ntovp->vfsstat = FALSE;
}

static void
nfs4_ntov_table_free(struct nfs4_ntov_table *ntovp,
	struct nfs4_svgetit_arg *sargp)
{
	int i;
	union nfs4_attr_u *na;
	uint8_t *amap;

	/*
	 * XXX Should do the same checks for whether the bit is set
	 */
	for (i = 0, na = ntovp->na, amap = ntovp->amap;
		i < ntovp->attrcnt; i++, na++, amap++) {
		(void) (*nfs4_ntov_map[*amap].sv_getit)(
			NFS4ATTR_FREEIT, sargp, na);
	}
	if ((sargp->op == NFS4ATTR_SETIT) || (sargp->op == NFS4ATTR_VERIT)) {
		/*
		 * xdr_free for getattr will be done later
		 */
		for (i = 0, na = ntovp->na, amap = ntovp->amap;
			i < ntovp->attrcnt; i++, na++, amap++) {
			xdr_free(nfs4_ntov_map[*amap].xfunc, (caddr_t)na);
		}
	}
	kmem_free(ntovp->na, sizeof (union nfs4_attr_u) * nfs4_ntov_map_size);
}

/*
 * do_rfs4_op_getattr gets the system attrs and converts into fattr4.
 */
static nfsstat4
do_rfs4_op_getattr(bitmap4 breq, fattr4 *fattrp,
	struct nfs4_svgetit_arg *sargp)
{
	int error = 0;
	int i, k;
	struct nfs4_ntov_table ntov;
	XDR xdr;
	ulong_t xdr_size;
	char *xdr_attrs;
	nfsstat4 status = NFS4_OK;
	nfsstat4 prev_rdattr_error = sargp->rdattr_error;
	union nfs4_attr_u *na;
	uint8_t *amap;

	sargp->op = NFS4ATTR_GETIT;
	sargp->flag = 0;

	fattrp->attrmask = 0;
	/* if no bits requested, then return empty fattr4 */
	if (breq == 0) {
		fattrp->attrlist4_len = 0;
		fattrp->attrlist4 = NULL;
		return (NFS4_OK);
	}

	/*
	 * return NFS4ERR_INVAL when client requests write-only attrs
	 */
	if (breq & (FATTR4_TIME_ACCESS_SET_MASK | FATTR4_TIME_MODIFY_SET_MASK))
		return (NFS4ERR_INVAL);

	nfs4_ntov_table_init(&ntov);
	na = ntov.na;
	amap = ntov.amap;

	/*
	 * Now loop to get or verify the attrs
	 */
	for (i = 0; i < nfs4_ntov_map_size; i++) {
		if (breq & nfs4_ntov_map[i].fbit) {
			if ((*nfs4_ntov_map[i].sv_getit)(
				    NFS4ATTR_SUPPORTED, sargp, NULL) == 0) {

				error = (*nfs4_ntov_map[i].sv_getit)(
						NFS4ATTR_GETIT, sargp, na);

				/*
				 * Possible error values:
				 * >0 if sv_getit failed to
				 * get the attr; 0 if succeeded;
				 * <0 if rdattr_error and the
				 * attribute cannot be returned.
				 */
				if (error && !(sargp->rdattr_error_req))
					goto done;
				/*
				 * If error then just for entry
				 */
				if (error == 0) {
					fattrp->attrmask |=
						nfs4_ntov_map[i].fbit;
					*amap++ =
						(uint8_t)nfs4_ntov_map[i].nval;
					na++;
					(ntov.attrcnt)++;
				} else if ((error > 0) &&
					(sargp->rdattr_error == NFS4_OK)) {
					sargp->rdattr_error = puterrno4(error);
				}
				error = 0;
			}
		}
	}

	/*
	 * If rdattr_error was set after the return value for it was assigned,
	 * update it.
	 */
	if (prev_rdattr_error != sargp->rdattr_error) {
		na = ntov.na;
		amap = ntov.amap;
		for (i = 0; i < ntov.attrcnt; i++, na++, amap++) {
			k = *amap;
			if (k < FATTR4_RDATTR_ERROR) {
				continue;
			}
			if ((k == FATTR4_RDATTR_ERROR) &&
			    ((*nfs4_ntov_map[k].sv_getit)(
				NFS4ATTR_SUPPORTED, sargp, NULL) == 0)) {

				(void) (*nfs4_ntov_map[k].sv_getit)(
						NFS4ATTR_GETIT, sargp, na);
			}
			break;
		}
	}

	xdr_size = 0;
	na = ntov.na;
	amap = ntov.amap;
	for (i = 0; i < ntov.attrcnt; i++, na++, amap++) {
		xdr_size += xdr_sizeof(nfs4_ntov_map[*amap].xfunc, na);
	}

	fattrp->attrlist4_len = xdr_size;
	if (xdr_size) {
		/* freed by rfs4_op_getattr_free() */
		fattrp->attrlist4 = xdr_attrs = kmem_zalloc(xdr_size, KM_SLEEP);

		xdrmem_create(&xdr, xdr_attrs, xdr_size, XDR_ENCODE);

		na = ntov.na;
		amap = ntov.amap;
		for (i = 0; i < ntov.attrcnt; i++, na++, amap++) {
			if (!(*nfs4_ntov_map[*amap].xfunc)(&xdr, na)) {
				cmn_err(CE_WARN, "do_rfs4_op_getattr: xdr "
					"encode of attribute %d failed\n",
					*amap);
				status = NFS4ERR_SERVERFAULT;
				break;
			}
		}
		/* xdrmem_destroy(&xdrs); */	/* NO-OP */
	} else {
		fattrp->attrlist4 = NULL;
	}
done:

	nfs4_ntov_table_free(&ntov, sargp);

	if (error != 0)
		status = puterrno4(error);

	return (status);
}

/* ARGSUSED */
static void
rfs4_op_getattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	GETATTR4args *args = &argop->nfs_argop4_u.opgetattr;
	GETATTR4res *resp = &resop->nfs_resop4_u.opgetattr;
	struct nfs4_svgetit_arg sarg;
	struct statvfs64 sb;
	nfsstat4 status;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	sarg.sbp = &sb;
	sarg.cs = cs;

	status = bitmap4_to_attrmask(args->attr_request, &sarg);
	if (status == NFS4_OK) {
		status = bitmap4_get_sysattrs(&sarg);
		if (status == NFS4_OK)
			status = do_rfs4_op_getattr(args->attr_request,
				&resp->obj_attributes, &sarg);
	}
	*cs->statusp = resp->status = status;
}

static void
rfs4_op_getattr_free(nfs_resop4 *resop)
{
	GETATTR4res *resp = &resop->nfs_resop4_u.opgetattr;

	nfs4_fattr4_free(&resp->obj_attributes);
}

/* ARGSUSED */
static void
rfs4_op_getfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	GETFH4res *resp = &resop->nfs_resop4_u.opgetfh;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}
	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	resp->object.nfs_fh4_val =
		kmem_alloc(cs->fh.nfs_fh4_len, KM_SLEEP);
	nfs_fh4_copy(&cs->fh, &resp->object);
	*cs->statusp = resp->status = NFS4_OK;
}

static void
rfs4_op_getfh_free(nfs_resop4 *resop)
{
	GETFH4res *resp = &resop->nfs_resop4_u.opgetfh;

	if (resp->status == NFS4_OK &&
	    resp->object.nfs_fh4_val != NULL) {
		kmem_free(resp->object.nfs_fh4_val, resp->object.nfs_fh4_len);
		resp->object.nfs_fh4_val = NULL;
		resp->object.nfs_fh4_len = 0;
	}
}

/*
 * illegal: args: void
 *	    res : status (NFS4ERR_OP_ILLEGAL)
 */
/* ARGSUSED */
static void
rfs4_op_illegal(nfs_argop4 *argop, nfs_resop4 *resop,
	struct svc_req *req, struct compound_state *cs)
{
	ILLEGAL4res *resp = &resop->nfs_resop4_u.opillegal;

	resop->resop = OP_ILLEGAL;
	*cs->statusp = resp->status = NFS4ERR_OP_ILLEGAL;
}

/*
 * link: args: SAVED_FH: file, CURRENT_FH: target directory
 *	 res: status. If success - CURRENT_FH unchanged, return change_info
 */
/* ARGSUSED */
static void
rfs4_op_link(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	LINK4args *args = &argop->nfs_argop4_u.oplink;
	LINK4res *resp = &resop->nfs_resop4_u.oplink;
	int error;
	vnode_t *vp;
	vnode_t *dvp;
	struct vattr bdva, idva, adva;
	char *nm;
	uint_t  len;

	/* SAVED_FH: source object */
	vp = cs->saved_vp;
	if (vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	/* CURRENT_FH: target directory */
	dvp = cs->vp;
	if (dvp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	/*
	 * If there is a non-shared filesystem mounted on this vnode,
	 * do not allow to link any file in this directory.
	 */
	if (vn_ismntpt(dvp)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	/* Check source object's type validity */
	if (vp->v_type == VDIR) {
		*cs->statusp = resp->status = NFS4ERR_ISDIR;
		return;
	}

	/* Check target directory's type */
	if (dvp->v_type != VDIR) {
		*cs->statusp = resp->status = NFS4ERR_NOTDIR;
		return;
	}

	if (cs->saved_exi != cs->exi) {
		*cs->statusp = resp->status = NFS4ERR_XDEV;
		return;
	}

	if (!utf8_dir_verify(&args->newname)) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	nm = utf8_to_fn(&args->newname, &len, NULL);
	if (nm == NULL) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	if (len > MAXNAMELEN) {
		*cs->statusp = resp->status = NFS4ERR_NAMETOOLONG;
		kmem_free(nm, len);
		return;
	}

	if (rdonly4(cs->exi, cs->vp, req)) {
		*cs->statusp = resp->status = NFS4ERR_ROFS;
		kmem_free(nm, len);
		return;
	}

	/* Get "before" change value */
	bdva.va_mask = AT_CTIME|AT_SEQ;
	error = VOP_GETATTR(dvp, &bdva, 0, cs->cr);
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		kmem_free(nm, len);
		return;
	}

	NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bdva.va_ctime)

	error = VOP_LINK(dvp, vp, nm, cs->cr);

	kmem_free(nm, len);

	/*
	 * Get the initial "after" sequence number, if it fails, set to zero
	 */
	idva.va_mask = AT_SEQ;
	if (VOP_GETATTR(dvp, &idva, 0, cs->cr))
		idva.va_seq = 0;

	/*
	 * Force modified data and metadata out to stable storage.
	 */
	(void) VOP_FSYNC(vp, FNODSYNC, cs->cr);
	(void) VOP_FSYNC(dvp, 0, cs->cr);

	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	/*
	 * Get "after" change value, if it fails, simply return the
	 * before value.
	 */
	adva.va_mask = AT_CTIME|AT_SEQ;
	if (VOP_GETATTR(dvp, &adva, 0, cs->cr)) {
		adva.va_ctime = bdva.va_ctime;
		adva.va_seq = 0;
	}

	NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, adva.va_ctime)

	/*
	 * The cinfo.atomic = TRUE only if we have
	 * non-zero va_seq's, and it has incremented by exactly one
	 * during the VOP_LINK and it didn't change during the VOP_FSYNC.
	 */
	if (bdva.va_seq && idva.va_seq && adva.va_seq &&
			idva.va_seq == (bdva.va_seq + 1) &&
			idva.va_seq == adva.va_seq)
		resp->cinfo.atomic = TRUE;
	else
		resp->cinfo.atomic = FALSE;

	*cs->statusp = resp->status = NFS4_OK;
}

/*
 * Used by rfs4_op_lookup and rfs4_op_lookupp to do the actual work.
 */

/* ARGSUSED */
static nfsstat4
do_rfs4_op_lookup(char *nm, uint_t buflen, struct svc_req *req,
	struct compound_state *cs)
{
	int error;
	int different_export = 0;
	vnode_t *vp, *tvp, *pre_tvp = NULL, *oldvp = NULL;
	struct exportinfo *exi = NULL, *pre_exi = NULL;
	nfsstat4 stat;
	fid_t fid;
	int attrdir, dotdot, walk;
	bool_t is_newvp = FALSE;

	if (cs->vp->v_flag & V_XATTRDIR) {
		attrdir = 1;
		ASSERT(get_fh4_flag(&cs->fh, FH4_ATTRDIR));
	} else {
		attrdir = 0;
		ASSERT(! get_fh4_flag(&cs->fh, FH4_ATTRDIR));
	}

	dotdot = (nm[0] == '.' && nm[1] == '.' && nm[2] == '\0');

	/*
	 * If dotdotting, then need to check whether it's
	 * above the root of a filesystem, or above an
	 * export point.
	 */
	if (dotdot) {

		/*
		 * If dotdotting at the root of a filesystem, then
		 * need to traverse back to the mounted-on filesystem
		 * and do the dotdot lookup there.
		 */
		if (cs->vp->v_flag & VROOT) {

			/*
			 * If at the system root, then can
			 * go up no further.
			 */
			if (VN_CMP(cs->vp, rootdir))
				return (puterrno4(ENOENT));

			/*
			 * Traverse back to the mounted-on filesystem
			 */
			cs->vp = untraverse(cs->vp);

			/*
			 * Set the different_export flag so we remember
			 * to pick up a new exportinfo entry for
			 * this new filesystem.
			 */
			different_export = 1;
		} else {

			/*
			 * If dotdotting above an export point then set
			 * the different_export to get new export info.
			 */
			different_export = nfs_exported(cs->exi, cs->vp);
		}
	}

	error = VOP_LOOKUP(cs->vp, nm, &vp, NULL, 0, NULL, cs->cr);
	if (error)
		return (puterrno4(error));

	VN_SETPATH(rootdir, cs->vp, vp, nm, strlen(nm));

	/*
	 * If the vnode is in a pseudo filesystem, check whether it is visible.
	 *
	 * XXX if the vnode is a symlink and it is not visible in
	 * a pseudo filesystem, return ENOENT (not following symlink).
	 * V4 client can not mount such symlink. This is a regression
	 * from V2/V3.
	 *
	 * In the same exported filesystem, if the security flavor used
	 * is not an explicitly shared flavor, limit the view to the visible
	 * list entries only. This is not a WRONGSEC case because it's already
	 * checked via PUTROOTFH/PUTPUBFH or PUTFH.
	 */
	if (!different_export &&
	    (PSEUDO(cs->exi) || ! is_exported_sec(cs->nfsflavor, cs->exi) ||
	    cs->access & CS_ACCESS_LIMITED)) {
		if (! nfs_visible(cs->exi, vp, &different_export)) {
			VN_RELE(vp);
			return (puterrno4(ENOENT));
		}
	}

	/*
	 * If it's a mountpoint, then traverse it.
	 */
	if (vn_ismntpt(vp)) {
		pre_exi = cs->exi;	/* save pre-traversed exportinfo */
		pre_tvp = vp;		/* save pre-traversed vnode	*/

		/*
		 * hold pre_tvp to counteract rele by traverse.  We will
		 * need pre_tvp below if checkexport4 fails
		 */
		VN_HOLD(pre_tvp);
		tvp = vp;
		if ((error = traverse(&tvp)) != 0) {
			VN_RELE(vp);
			VN_RELE(pre_tvp);
			return (puterrno4(error));
		}
		vp = tvp;
		different_export = 1;
	} else if (vp->v_vfsp != cs->vp->v_vfsp) {
		/*
		 * The vfsp comparison is to handle the case where
		 * a LOFS mount is shared.  lo_lookup traverses mount points,
		 * and NFS is unaware of local fs transistions because
		 * v_vfsmountedhere isn't set.  For this special LOFS case,
		 * the dir and the obj returned by lookup will have different
		 * vfs ptrs.
		 */
		different_export = 1;
	}

	if (different_export) {

		bzero(&fid, sizeof (fid));
		fid.fid_len = MAXFIDSZ;
		error = vop_fid_pseudo(vp, &fid);
		if (error) {
			VN_RELE(vp);
			if (pre_tvp)
				VN_RELE(pre_tvp);
			return (puterrno4(error));
		}

		if (dotdot)
			exi = nfs_vptoexi(NULL, vp, cs->cr, &walk, NULL, TRUE);
		else
			exi = checkexport4(&vp->v_vfsp->vfs_fsid, &fid, vp);

		if (exi == NULL) {
			if (pre_tvp) {
				/*
				 * If this vnode is a mounted-on vnode,
				 * but the mounted-on file system is not
				 * exported, send back the filehandle for
				 * the mounted-on vnode, not the root of
				 * the mounted-on file system.
				 */
				VN_RELE(vp);
				vp = pre_tvp;
				exi = pre_exi;
			} else {
				VN_RELE(vp);
				return (puterrno4(EACCES));
			}
		} else if (pre_tvp) {
			/* we're done with pre_tvp now. release extra hold */
			VN_RELE(pre_tvp);
		}

		cs->exi = exi;

		/*
		 * Now we do a checkauth4. The reason is that
		 * this client/user may not have access to the new
		 * exported file system, and if he does,
		 * the client/user may be mapped to a different uid.
		 *
		 * We start with a new cr, because the checkauth4 done
		 * in the PUT*FH operation over wrote the cred's uid,
		 * gid, etc, and we want the real thing before calling
		 * checkauth4()
		 */
		crfree(cs->cr);
		cs->cr = crdup(cs->basecr);

		if (cs->vp)
			oldvp = cs->vp;
		cs->vp = vp;
		is_newvp = TRUE;

		stat = call_checkauth4(cs, req);
		if (stat != NFS4_OK) {
			VN_RELE(cs->vp);
			cs->vp = oldvp;
			return (stat);
		}
	}

	error = makefh4(&cs->fh, vp, cs->exi);

	if (error) {
		if (is_newvp) {
			VN_RELE(cs->vp);
			cs->vp = oldvp;
		} else
			VN_RELE(vp);
		return (puterrno4(error));
	}

	if (!is_newvp) {
		if (cs->vp)
			VN_RELE(cs->vp);
		cs->vp = vp;
	} else if (oldvp)
		VN_RELE(oldvp);

	/*
	 * if did lookup on attrdir and didn't lookup .., set named
	 * attr fh flag
	 */
	if (attrdir && ! dotdot)
		set_fh4_flag(&cs->fh, FH4_NAMEDATTR);

	/* Assume false for now, open proc will set this */
	cs->mandlock = FALSE;

	return (NFS4_OK);
}

/* ARGSUSED */
static void
rfs4_op_lookup(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	LOOKUP4args *args = &argop->nfs_argop4_u.oplookup;
	LOOKUP4res *resp = &resop->nfs_resop4_u.oplookup;
	char *nm;
	uint_t len;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if (cs->vp->v_type == VLNK) {
		*cs->statusp = resp->status = NFS4ERR_SYMLINK;
		return;
	}

	if (cs->vp->v_type != VDIR) {
		*cs->statusp = resp->status = NFS4ERR_NOTDIR;
		return;
	}

	if (!utf8_dir_verify(&args->objname)) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	nm = utf8_to_str(&args->objname, &len, NULL);
	if (nm == NULL) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	if (len > MAXNAMELEN) {
		*cs->statusp = resp->status = NFS4ERR_NAMETOOLONG;
		kmem_free(nm, len);
		return;
	}

	*cs->statusp = resp->status = do_rfs4_op_lookup(nm, len, req, cs);

	kmem_free(nm, len);
}

/* ARGSUSED */
static void
rfs4_op_lookupp(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	LOOKUPP4res *resp = &resop->nfs_resop4_u.oplookupp;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if (cs->vp->v_type != VDIR) {
		*cs->statusp = resp->status = NFS4ERR_NOTDIR;
		return;
	}

	*cs->statusp = resp->status = do_rfs4_op_lookup("..", 3, req, cs);

	/*
	 * From NFSV4 Specification, LOOKUPP should not check for
	 * NFS4ERR_WRONGSEC. Retrun NFS4_OK instead.
	 */
	if (resp->status == NFS4ERR_WRONGSEC) {
		*cs->statusp = resp->status = NFS4_OK;
	}
}


/*ARGSUSED2*/
static void
rfs4_op_openattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	OPENATTR4args	*args = &argop->nfs_argop4_u.opopenattr;
	OPENATTR4res	*resp = &resop->nfs_resop4_u.opopenattr;
	vnode_t		*avp = NULL;
	int		lookup_flags = LOOKUP_XATTR, error;
	int		exp_ro = 0;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	/*
	 * Make a couple of checks made by copen()
	 *
	 * Check to make sure underlying fs supports xattrs.  This
	 * is required because solaris filesystem implementations
	 * (UFS/TMPFS) don't enforce the noxattr mount option
	 * in VOP_LOOKUP(LOOKUP_XATTR).  If fs doesn't support this
	 * pathconf cmd or if fs supports cmd but doesn't claim
	 * support for xattr, return NOTSUPP.  It would be better
	 * to use VOP_PATHCONF( _PC_XATTR_ENABLED) for this; however,
	 * that cmd is not available to VOP_PATHCONF interface
	 * (it's only implemented inside pathconf syscall)...
	 *
	 * Verify permission to put attributes on files (access
	 * checks from copen).
	 */

	if ((cs->vp->v_vfsp->vfs_flag & VFS_XATTR) == 0) {
		error = ENOTSUP;
		goto error_out;
	}

	if ((VOP_ACCESS(cs->vp, VREAD, 0, cs->cr) != 0) &&
	    (VOP_ACCESS(cs->vp, VWRITE, 0, cs->cr) != 0) &&
	    (VOP_ACCESS(cs->vp, VEXEC, 0, cs->cr) != 0)) {
		error = EACCES;
		goto error_out;
	}

	/*
	 * The CREATE_XATTR_DIR VOP flag cannot be specified if
	 * the file system is exported read-only -- regardless of
	 * createdir flag.  Otherwise the attrdir would be created
	 * (assuming server fs isn't mounted readonly locally).  If
	 * VOP_LOOKUP returns ENOENT in this case, the error will
	 * be translated into EROFS.  ENOSYS is mapped to ENOTSUP
	 * because specfs has no VOP_LOOKUP op, so the macro would
	 * return ENOSYS.  EINVAL is returned by all (current)
	 * Solaris file system implementations when any of their
	 * restrictions are violated (xattr(dir) can't have xattrdir).
	 * Returning NOTSUPP is more appropriate in this case
	 * because the object will never be able to have an attrdir.
	 */
	if (args->createdir && ! (exp_ro = rdonly4(cs->exi, cs->vp, req)))
		lookup_flags |= CREATE_XATTR_DIR;

	error = VOP_LOOKUP(cs->vp, "", &avp, NULL, lookup_flags, NULL, cs->cr);

	if (error) {
		if (error == ENOENT && args->createdir && exp_ro)
			error = EROFS;
		else if (error == EINVAL || error == ENOSYS)
			error = ENOTSUP;
		goto error_out;
	}

	ASSERT(avp->v_flag & V_XATTRDIR);

	error = makefh4(&cs->fh, avp, cs->exi);

	if (error) {
		VN_RELE(avp);
		goto error_out;
	}

	VN_RELE(cs->vp);
	cs->vp = avp;

	/*
	 * There is no requirement for an attrdir fh flag
	 * because the attrdir has a vnode flag to distinguish
	 * it from regular (non-xattr) directories.  The
	 * FH4_ATTRDIR flag is set for future sanity checks.
	 */
	set_fh4_flag(&cs->fh, FH4_ATTRDIR);
	*cs->statusp = resp->status = NFS4_OK;
	return;

error_out:

	*cs->statusp = resp->status = puterrno4(error);
}

static int
do_io(int direction, vnode_t *vp, struct uio *uio, int ioflag, cred_t *cred)
{
	int error;
	int i;
	clock_t delaytime;
	caller_context_t ct;

	delaytime = MSEC_TO_TICK_ROUNDUP(rfs4_lock_delay);

	/*
	 * Don't block on mandatory locks. If this routine returns
	 * EAGAIN, the caller should return NFS4ERR_LOCKED.
	 */
	uio->uio_fmode = FNONBLOCK;

	ct.cc_sysid = 0;
	ct.cc_pid = 0;
	ct.cc_caller_id = nfs4_srv_caller_id;

	for (i = 0; i < rfs4_maxlock_tries; i++) {


		if (direction == FREAD) {
			(void) VOP_RWLOCK(vp, V_WRITELOCK_FALSE, &ct);
			error = VOP_READ(vp, uio, ioflag, cred, &ct);
			VOP_RWUNLOCK(vp, V_WRITELOCK_FALSE, &ct);
		} else {
			(void) VOP_RWLOCK(vp, V_WRITELOCK_TRUE, &ct);
			error = VOP_WRITE(vp, uio, ioflag, cred, &ct);
			VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, &ct);
		}

		if (error != EAGAIN)
			break;

		if (i < rfs4_maxlock_tries - 1) {
			delay(delaytime);
			delaytime *= 2;
		}
	}

	return (error);
}

/* ARGSUSED */
static void
rfs4_op_read(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	READ4args *args = &argop->nfs_argop4_u.opread;
	READ4res *resp = &resop->nfs_resop4_u.opread;
	int error;
	int verror;
	vnode_t *vp;
	struct vattr va;
	struct iovec iov;
	struct uio uio;
	u_offset_t offset;
	bool_t *deleg = &cs->deleg;
	nfsstat4 stat;
	int in_crit = 0;
	mblk_t *mp;
	int alloc_err = 0;

	vp = cs->vp;
	if (vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}
	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	/*
	 * Enter the critical region before calling VOP_RWLOCK
	 * to avoid a deadlock with write requests.
	 */
	if (nbl_need_check(vp)) {
		nbl_start_crit(vp, RW_READER);
		in_crit = 1;
		if (nbl_conflict(vp, NBL_READ, args->offset, args->count, 0)) {
			*cs->statusp = resp->status = NFS4ERR_LOCKED;
			goto out;
		}
	}

	if ((stat = rfs4_check_stateid(FREAD, vp, &args->stateid, FALSE,
					deleg, TRUE)) != NFS4_OK) {
		*cs->statusp = resp->status = stat;
		goto out;
	}

	va.va_mask = AT_MODE|AT_SIZE|AT_UID;
	verror = VOP_GETATTR(vp, &va, 0, cs->cr);

	/*
	 * If we can't get the attributes, then we can't do the
	 * right access checking.  So, we'll fail the request.
	 */
	if (verror) {
		*cs->statusp = resp->status = puterrno4(verror);
		goto out;
	}

	if (vp->v_type != VREG) {
		*cs->statusp = resp->status =
			((vp->v_type == VDIR) ? NFS4ERR_ISDIR : NFS4ERR_INVAL);
		goto out;
	}

	if (crgetuid(cs->cr) != va.va_uid &&
	    (error = VOP_ACCESS(vp, VREAD, 0, cs->cr)) &&
	    (error = VOP_ACCESS(vp, VEXEC, 0, cs->cr))) {
		*cs->statusp = resp->status = puterrno4(error);
		goto out;
	}

	if (MANDLOCK(vp, va.va_mode)) { /* XXX - V4 supports mand locking */
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		goto out;
	}

	offset = args->offset;
	if (offset >= va.va_size) {
		*cs->statusp = resp->status = NFS4_OK;
		resp->eof = TRUE;
		resp->data_len = 0;
		resp->data_val = NULL;
		resp->mblk = NULL;
		*cs->statusp = resp->status = NFS4_OK;
		goto out;
	}

	if (args->count == 0) {
		*cs->statusp = resp->status = NFS4_OK;
		resp->eof = FALSE;
		resp->data_len = 0;
		resp->data_val = NULL;
		resp->mblk = NULL;
		goto out;
	}

	/*
	 * Do not allocate memory more than maximum allowed
	 * transfer size
	 */
	if (args->count > rfs4_tsize(req))
		args->count = rfs4_tsize(req);

	/*
	 * mp will contain the data to be sent out in the read reply.
	 * It will be freed after the reply has been sent.
	 * Let's roundup the data to a BYTES_PER_XDR_UNIT multiple,
	 * so that the call to xdrmblk_putmblk() never fails.
	 * If the first alloc of the requested size fails, then
	 * decrease the size to something more reasonable and wait
	 * for the allocation to occur.
	 */
	mp = allocb(RNDUP(args->count), BPRI_MED);
	if (mp == NULL) {
		if (args->count > MAXBSIZE)
			args->count = MAXBSIZE;
		mp = allocb_wait(RNDUP(args->count), BPRI_MED,
				STR_NOSIG, &alloc_err);
	}
	ASSERT(mp != NULL);
	ASSERT(alloc_err == 0);

	iov.iov_base = (caddr_t)mp->b_datap->db_base;
	iov.iov_len = args->count;
	uio.uio_iov = &iov;
	uio.uio_iovcnt = 1;
	uio.uio_segflg = UIO_SYSSPACE;
	uio.uio_extflg = UIO_COPY_CACHED;
	uio.uio_loffset = args->offset;
	uio.uio_resid = args->count;

	error = do_io(FREAD, vp, &uio, 0, cs->cr);

	va.va_mask = AT_SIZE;
	verror = VOP_GETATTR(vp, &va, 0, cs->cr);

	if (error) {
		freeb(mp);
		*cs->statusp = resp->status = puterrno4(error);
		goto out;
	}

	*cs->statusp = resp->status = NFS4_OK;

	ASSERT(uio.uio_resid >= 0);
	resp->data_len = args->count - uio.uio_resid;
	resp->data_val = (char *)mp->b_datap->db_base;
	resp->mblk = mp;

	if (!verror && offset + resp->data_len == va.va_size)
		resp->eof = TRUE;
	else
		resp->eof = FALSE;

out:
	if (in_crit)
		nbl_end_crit(vp);
}

static void
rfs4_op_read_free(nfs_resop4 *resop)
{
	READ4res *resp = &resop->nfs_resop4_u.opread;

	if (resp->status == NFS4_OK && resp->mblk != NULL) {
		freeb(resp->mblk);
		resp->mblk = NULL;
		resp->data_val = NULL;
		resp->data_len = 0;
	}
}

static void
rfs4_op_readdir_free(nfs_resop4 *resop)
{
	READDIR4res *resp = &resop->nfs_resop4_u.opreaddir;

	if (resp->status == NFS4_OK && resp->mblk != NULL) {
		freeb(resp->mblk);
		resp->mblk = NULL;
		resp->data_len = 0;
	}
}


/* ARGSUSED */
static void
rfs4_op_putpubfh(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	PUTPUBFH4res *resp = &resop->nfs_resop4_u.opputpubfh;
	int error;
	vnode_t *vp;
	struct exportinfo *exi, *sav_exi;
	nfs_fh4_fmt_t *fh_fmtp;

	if (cs->vp) {
		VN_RELE(cs->vp);
		cs->vp = NULL;
	}

	if (cs->cr)
		crfree(cs->cr);

	cs->cr = crdup(cs->basecr);

	vp = exi_public->exi_vp;
	if (vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_SERVERFAULT;
		return;
	}

	error = makefh4(&cs->fh, vp, exi_public);
	if (error != 0) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}
	sav_exi = cs->exi;
	if (exi_public == exi_root) {
		/*
		 * No filesystem is actually shared public, so we default
		 * to exi_root. In this case, we must check whether root
		 * is exported.
		 */
		fh_fmtp = (nfs_fh4_fmt_t *)cs->fh.nfs_fh4_val;

		/*
		 * if root filesystem is exported, the exportinfo struct that we
		 * should use is what checkexport4 returns, because root_exi is
		 * actually a mostly empty struct.
		 */
		exi = checkexport4(&fh_fmtp->fh4_fsid,
			(fid_t *)&fh_fmtp->fh4_xlen, NULL);
		cs->exi = ((exi != NULL) ? exi : exi_public);
	} else {
		/*
		 * it's a properly shared filesystem
		 */
		cs->exi = exi_public;
	}

	VN_HOLD(vp);
	cs->vp = vp;

	if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) {
		VN_RELE(cs->vp);
		cs->vp = NULL;
		cs->exi = sav_exi;
		return;
	}

	*cs->statusp = resp->status = NFS4_OK;
}

/*
 * XXX - issue with put*fh operations. Suppose /export/home is exported.
 * Suppose an NFS client goes to mount /export/home/joe. If /export, home,
 * or joe have restrictive search permissions, then we shouldn't let
 * the client get a file handle. This is easy to enforce. However, we
 * don't know what security flavor should be used until we resolve the
 * path name. Another complication is uid mapping. If root is
 * the user, then it will be mapped to the anonymous user by default,
 * but we won't know that till we've resolved the path name. And we won't
 * know what the anonymous user is.
 * Luckily, SECINFO is specified to take a full filename.
 * So what we will have to in rfs4_op_lookup is check that flavor of
 * the target object matches that of the request, and if root was the
 * caller, check for the root= and anon= options, and if necessary,
 * repeat the lookup using the right cred_t. But that's not done yet.
 */
/* ARGSUSED */
static void
rfs4_op_putfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	PUTFH4args *args = &argop->nfs_argop4_u.opputfh;
	PUTFH4res *resp = &resop->nfs_resop4_u.opputfh;
	nfs_fh4_fmt_t *fh_fmtp;

	if (cs->vp) {
		VN_RELE(cs->vp);
		cs->vp = NULL;
	}

	if (cs->cr) {
		crfree(cs->cr);
		cs->cr = NULL;
	}


	if (args->object.nfs_fh4_len < NFS_FH4_LEN) {
		*cs->statusp = resp->status = NFS4ERR_BADHANDLE;
		return;
	}

	fh_fmtp = (nfs_fh4_fmt_t *)args->object.nfs_fh4_val;
	cs->exi = checkexport4(&fh_fmtp->fh4_fsid, (fid_t *)&fh_fmtp->fh4_xlen,
				NULL);

	if (cs->exi == NULL) {
		*cs->statusp = resp->status = NFS4ERR_STALE;
		return;
	}

	cs->cr = crdup(cs->basecr);

	ASSERT(cs->cr != NULL);

	if (! (cs->vp = nfs4_fhtovp(&args->object, cs->exi, &resp->status))) {
		*cs->statusp = resp->status;
		return;
	}

	if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) {
		VN_RELE(cs->vp);
		cs->vp = NULL;
		return;
	}

	nfs_fh4_copy(&args->object, &cs->fh);
	*cs->statusp = resp->status = NFS4_OK;
	cs->deleg = FALSE;
}

/* ARGSUSED */
static void
rfs4_op_putrootfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)

{
	PUTROOTFH4res *resp = &resop->nfs_resop4_u.opputrootfh;
	int error;
	fid_t fid;
	struct exportinfo *exi, *sav_exi;

	if (cs->vp) {
		VN_RELE(cs->vp);
		cs->vp = NULL;
	}

	if (cs->cr)
		crfree(cs->cr);

	cs->cr = crdup(cs->basecr);

	/*
	 * Using rootdir, the system root vnode,
	 * get its fid.
	 */
	bzero(&fid, sizeof (fid));
	fid.fid_len = MAXFIDSZ;
	error = vop_fid_pseudo(rootdir, &fid);
	if (error != 0) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	/*
	 * Then use the root fsid & fid it to find out if it's exported
	 *
	 * If the server root isn't exported directly, then
	 * it should at least be a pseudo export based on
	 * one or more exports further down in the server's
	 * file tree.
	 */
	exi = checkexport4(&rootdir->v_vfsp->vfs_fsid, &fid, NULL);
	if (exi == NULL || exi->exi_export.ex_flags & EX_PUBLIC) {
		NFS4_DEBUG(rfs4_debug,
			(CE_WARN, "rfs4_op_putrootfh: export check failure"));
		*cs->statusp = resp->status = NFS4ERR_SERVERFAULT;
		return;
	}

	/*
	 * Now make a filehandle based on the root
	 * export and root vnode.
	 */
	error = makefh4(&cs->fh, rootdir, exi);
	if (error != 0) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	sav_exi = cs->exi;
	cs->exi = exi;

	VN_HOLD(rootdir);
	cs->vp = rootdir;

	if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) {
		VN_RELE(rootdir);
		cs->vp = NULL;
		cs->exi = sav_exi;
		return;
	}

	*cs->statusp = resp->status = NFS4_OK;
	cs->deleg = FALSE;
}

/*
 * A directory entry is a valid nfsv4 entry if
 * - it has a non-zero ino
 * - it is not a dot or dotdot name
 * - it is visible in a pseudo export or in a real export that can
 *   only have a limited view.
 */
static bool_t
valid_nfs4_entry(struct exportinfo *exi, struct dirent64 *dp,
		int *expseudo, int check_visible)
{
	if (dp->d_ino == 0 || NFS_IS_DOTNAME(dp->d_name)) {
		*expseudo = 0;
		return (FALSE);
	}

	if (! check_visible) {
		*expseudo = 0;
		return (TRUE);
	}

	return (nfs_visible_inode(exi, dp->d_ino, expseudo));
}

/*
 * set_rdattr_params sets up the variables used to manage what information
 * to get for each directory entry.
 */
static nfsstat4
set_rdattr_params(struct nfs4_svgetit_arg *sargp,
		bitmap4 attrs, bool_t *need_to_lookup)
{
	uint_t	va_mask;
	nfsstat4 status;
	bitmap4 objbits;

	status = bitmap4_to_attrmask(attrs, sargp);
	if (status != NFS4_OK) {
		/*
		 * could not even figure attr mask
		 */
		return (status);
	}
	va_mask = sargp->vap->va_mask;

	/*
	 * dirent's d_ino is always correct value for mounted_on_fileid.
	 * mntdfid_set is set once here, but mounted_on_fileid is
	 * set in main dirent processing loop for each dirent.
	 * The mntdfid_set is a simple optimization that lets the
	 * server attr code avoid work when caller is readdir.
	 */
	sargp->mntdfid_set = TRUE;

	/*
	 * Lookup entry only if client asked for any of the following:
	 * a) vattr attrs
	 * b) vfs attrs
	 * c) attrs w/per-object scope requested (change, filehandle, etc)
	 *    other than mounted_on_fileid (which we can take from dirent)
	 */
	objbits = attrs ? attrs & NFS4_VP_ATTR_MASK : 0;

	if (va_mask || sargp->sbp || (objbits & ~FATTR4_MOUNTED_ON_FILEID_MASK))
		*need_to_lookup = TRUE;
	else
		*need_to_lookup = FALSE;

	if (sargp->sbp == NULL)
		return (NFS4_OK);

	/*
	 * If filesystem attrs are requested, get them now from the
	 * directory vp, as most entries will have same filesystem. The only
	 * exception are mounted over entries but we handle
	 * those as we go (XXX mounted over detection not yet implemented).
	 */
	sargp->vap->va_mask = 0;	/* to avoid VOP_GETATTR */
	status = bitmap4_get_sysattrs(sargp);
	sargp->vap->va_mask = va_mask;

	if ((status != NFS4_OK) && sargp->rdattr_error_req) {
		/*
		 * Failed to get filesystem attributes.
		 * Return a rdattr_error for each entry, but don't fail.
		 * However, don't get any obj-dependent attrs.
		 */
		sargp->rdattr_error = status;	/* for rdattr_error */
		*need_to_lookup = FALSE;
		/*
		 * At least get fileid for regular readdir output
		 */
		sargp->vap->va_mask &= AT_NODEID;
		status = NFS4_OK;
	}

	return (status);
}

/*
 * readlink: args: CURRENT_FH.
 *	res: status. If success - CURRENT_FH unchanged, return linktext.
 */

/* ARGSUSED */
static void
rfs4_op_readlink(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	READLINK4res *resp = &resop->nfs_resop4_u.opreadlink;
	int error;
	vnode_t *vp;
	struct iovec iov;
	struct vattr va;
	struct uio uio;
	char *data;

	/* CURRENT_FH: directory */
	vp = cs->vp;
	if (vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	if (vp->v_type == VDIR) {
		*cs->statusp = resp->status = NFS4ERR_ISDIR;
		return;
	}

	if (vp->v_type != VLNK) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	va.va_mask = AT_MODE;
	error = VOP_GETATTR(vp, &va, 0, cs->cr);
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	if (MANDLOCK(vp, va.va_mode)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	data = kmem_alloc(MAXPATHLEN + 1, KM_SLEEP);

	iov.iov_base = data;
	iov.iov_len = MAXPATHLEN;
	uio.uio_iov = &iov;
	uio.uio_iovcnt = 1;
	uio.uio_segflg = UIO_SYSSPACE;
	uio.uio_extflg = UIO_COPY_CACHED;
	uio.uio_loffset = 0;
	uio.uio_resid = MAXPATHLEN;

	error = VOP_READLINK(vp, &uio, cs->cr);

	if (error) {
		kmem_free((caddr_t)data, (uint_t)MAXPATHLEN + 1);
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	*(data + MAXPATHLEN - uio.uio_resid) = '\0';

	/*
	 * treat link name as data
	 */
	(void) str_to_utf8(data, &resp->link);

	kmem_free((caddr_t)data, (uint_t)MAXPATHLEN + 1);
	*cs->statusp = resp->status = NFS4_OK;
}

static void
rfs4_op_readlink_free(nfs_resop4 *resop)
{
	READLINK4res *resp = &resop->nfs_resop4_u.opreadlink;
	utf8string *symlink = &resp->link;

	if (symlink->utf8string_val) {
		UTF8STRING_FREE(*symlink)
	}
}

/*
 * release_lockowner:
 *	Release any state associated with the supplied
 *	lockowner. Note if any lo_state is holding locks we will not
 *	rele that lo_state and thus the lockowner will not be destroyed.
 *	A client using lock after the lock owner stateid has been released
 *	will suffer the consequence of NFS4ERR_BAD_STATEID and would have
 *	to reissue the lock with new_lock_owner set to TRUE.
 *	args: lock_owner
 *	res:  status
 */
/* ARGSUSED */
static void
rfs4_op_release_lockowner(nfs_argop4 *argop, nfs_resop4 *resop,
	struct svc_req *req, struct compound_state *cs)
{
	RELEASE_LOCKOWNER4args *ap = &argop->nfs_argop4_u.oprelease_lockowner;
	RELEASE_LOCKOWNER4res *resp = &resop->nfs_resop4_u.oprelease_lockowner;
	rfs4_lockowner_t *lo;
	rfs4_openowner_t *oop;
	rfs4_state_t *sp;
	rfs4_lo_state_t *lsp;
	rfs4_client_t *cp;
	bool_t create = FALSE;
	locklist_t *llist;
	sysid_t sysid;

	/* Make sure there is a clientid around for this request */
	cp = rfs4_findclient_by_id(ap->lock_owner.clientid, FALSE);

	if (cp == NULL) {
		*cs->statusp = resp->status =
			rfs4_check_clientid(&ap->lock_owner.clientid, 0);
		return;
	}
	rfs4_client_rele(cp);

	lo = rfs4_findlockowner(&ap->lock_owner, &create);
	if (lo == NULL) {
		*cs->statusp = resp->status = NFS4_OK;
		return;
	}
	ASSERT(lo->client != NULL);

	/*
	 * Check for EXPIRED client. If so will reap state with in a lease
	 * period or on next set_clientid_confirm step
	 */
	if (rfs4_lease_expired(lo->client)) {
		rfs4_lockowner_rele(lo);
		*cs->statusp = resp->status = NFS4ERR_EXPIRED;
		return;
	}

	/*
	 * If no sysid has been assigned, then no locks exist; just return.
	 */
	rfs4_dbe_lock(lo->client->dbe);
	if (lo->client->sysidt == LM_NOSYSID) {
		rfs4_lockowner_rele(lo);
		rfs4_dbe_unlock(lo->client->dbe);
		return;
	}

	sysid = lo->client->sysidt;
	rfs4_dbe_unlock(lo->client->dbe);

	/*
	 * Mark the lockowner invalid.
	 */
	rfs4_dbe_hide(lo->dbe);

	/*
	 * sysid-pid pair should now not be used since the lockowner is
	 * invalid. If the client were to instantiate the lockowner again
	 * it would be assigned a new pid. Thus we can get the list of
	 * current locks.
	 */

	llist = flk_get_active_locks(sysid, lo->pid);
	/* If we are still holding locks fail */
	if (llist != NULL) {

		*cs->statusp = resp->status = NFS4ERR_LOCKS_HELD;

		flk_free_locklist(llist);
		/*
		 * We need to unhide the lockowner so the client can
		 * try it again. The bad thing here is if the client
		 * has a logic error that took it here in the first place
		 * he probably has lost accounting of the locks that it
		 * is holding. So we may have dangling state until the
		 * open owner state is reaped via close. One scenario
		 * that could possibly occur is that the client has
		 * sent the unlock request(s) in separate threads
		 * and has not waited for the replies before sending the
		 * RELEASE_LOCKOWNER request. Presumably, it would expect
		 * and deal appropriately with NFS4ERR_LOCKS_HELD, by
		 * reissuing the request.
		 */
		rfs4_dbe_unhide(lo->dbe);
		rfs4_lockowner_rele(lo);
		return;
	}

	/*
	 * For the corresponding client we need to check each open
	 * owner for any opens that have lockowner state associated
	 * with this lockowner.
	 */

	rfs4_dbe_lock(lo->client->dbe);
	for (oop = lo->client->openownerlist.next->oop; oop != NULL;
	    oop = oop->openownerlist.next->oop) {

		rfs4_dbe_lock(oop->dbe);
		for (sp = oop->ownerstateids.next->sp; sp != NULL;
		    sp = sp->ownerstateids.next->sp) {

			rfs4_dbe_lock(sp->dbe);
			for (lsp = sp->lockownerlist.next->lsp;
			    lsp != NULL; lsp = lsp->lockownerlist.next->lsp) {
				if (lsp->locker == lo) {
					rfs4_dbe_lock(lsp->dbe);
					rfs4_dbe_invalidate(lsp->dbe);
					rfs4_dbe_unlock(lsp->dbe);
				}
			}
			rfs4_dbe_unlock(sp->dbe);
		}
		rfs4_dbe_unlock(oop->dbe);
	}
	rfs4_dbe_unlock(lo->client->dbe);

	rfs4_lockowner_rele(lo);

	*cs->statusp = resp->status = NFS4_OK;
}

/*
 * short utility function to lookup a file and recall the delegation
 */
static rfs4_file_t *
rfs4_lookup_and_findfile(vnode_t *dvp, char *nm, vnode_t **vpp,
	int *lkup_error, cred_t *cr)
{
	vnode_t *vp;
	rfs4_file_t *fp = NULL;
	bool_t fcreate = FALSE;
	int error;

	if (vpp)
		*vpp = NULL;

	if ((error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cr)) == 0) {
		VN_SETPATH(rootdir, dvp, vp, nm, strlen(nm));
		if (vp->v_type == VREG)
			fp = rfs4_findfile(vp, NULL, &fcreate);
		if (vpp)
			*vpp = vp;
		else
			VN_RELE(vp);
	}

	if (lkup_error)
		*lkup_error = error;

	return (fp);
}

/*
 * remove: args: CURRENT_FH: directory; name.
 *	res: status. If success - CURRENT_FH unchanged, return change_info
 *		for directory.
 */
/* ARGSUSED */
static void
rfs4_op_remove(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	REMOVE4args *args = &argop->nfs_argop4_u.opremove;
	REMOVE4res *resp = &resop->nfs_resop4_u.opremove;
	int error;
	vnode_t *dvp, *vp;
	struct vattr bdva, idva, adva;
	char *nm;
	uint_t len;
	rfs4_file_t *fp;
	int in_crit = 0;

	/* CURRENT_FH: directory */
	dvp = cs->vp;
	if (dvp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	/*
	 * If there is an unshared filesystem mounted on this vnode,
	 * Do not allow to remove anything in this directory.
	 */
	if (vn_ismntpt(dvp)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	if (dvp->v_type != VDIR) {
		*cs->statusp = resp->status = NFS4ERR_NOTDIR;
		return;
	}

	if (!utf8_dir_verify(&args->target)) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	/*
	 * Lookup the file so that we can check if it's a directory
	 */
	nm = utf8_to_fn(&args->target, &len, NULL);
	if (nm == NULL) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	if (len > MAXNAMELEN) {
		*cs->statusp = resp->status = NFS4ERR_NAMETOOLONG;
		kmem_free(nm, len);
		return;
	}

	if (rdonly4(cs->exi, cs->vp, req)) {
		*cs->statusp = resp->status = NFS4ERR_ROFS;
		kmem_free(nm, len);
		return;
	}

	/*
	 * Lookup the file to determine type and while we are see if
	 * there is a file struct around and check for delegation.
	 * We don't need to acquire va_seq before this lookup, if
	 * it causes an update, cinfo.before will not match, which will
	 * trigger a cache flush even if atomic is TRUE.
	 */
	if (fp = rfs4_lookup_and_findfile(dvp, nm, &vp, &error, cs->cr)) {
		if (rfs4_check_delegated_byfp(FWRITE, fp, TRUE, TRUE, TRUE,
						NULL)) {
			VN_RELE(vp);
			rfs4_file_rele(fp);
			*cs->statusp = resp->status = NFS4ERR_DELAY;
			kmem_free(nm, len);
			return;
		}
	}

	/* Didn't find anything to remove */
	if (vp == NULL) {
		*cs->statusp = resp->status = error;
		kmem_free(nm, len);
		return;
	}

	if (nbl_need_check(vp)) {
		nbl_start_crit(vp, RW_READER);
		in_crit = 1;
		if (nbl_conflict(vp, NBL_REMOVE, 0, 0, 0)) {
			*cs->statusp = resp->status = NFS4ERR_FILE_OPEN;
			kmem_free(nm, len);
			nbl_end_crit(vp);
			VN_RELE(vp);
			if (fp) {
				rfs4_clear_dont_grant(fp);
				rfs4_file_rele(fp);
			}
			return;
		}
	}

	/* Get dir "before" change value */
	bdva.va_mask = AT_CTIME|AT_SEQ;
	error = VOP_GETATTR(dvp, &bdva, 0, cs->cr);
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		kmem_free(nm, len);
		return;
	}
	NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bdva.va_ctime)

	/* Actually do the REMOVE operation */
	if (vp->v_type == VDIR) {
		/*
		 * Can't remove a directory that has a mounted-on filesystem.
		 */
		if (vn_ismntpt(vp)) {
			error = EACCES;
		} else {
			/*
			 * System V defines rmdir to return EEXIST,
			 * not * ENOTEMPTY, if the directory is not
			 * empty.  A System V NFS server needs to map
			 * NFS4ERR_EXIST to NFS4ERR_NOTEMPTY to
			 * transmit over the wire.
			 */
			if ((error = VOP_RMDIR(dvp, nm, rootdir, cs->cr))
				== EEXIST)
				error = ENOTEMPTY;
		}
	} else {
		if ((error = VOP_REMOVE(dvp, nm, cs->cr)) == 0 &&
			fp != NULL) {
			struct vattr va;

			/*
			 * This is va_seq safe because we are not
			 * manipulating dvp.
			 */
			va.va_mask = AT_NLINK;
			if (!VOP_GETATTR(fp->vp, &va, 0, cs->cr) &&
				va.va_nlink == 0) {
				/* The file is gone and so should the state */
				if (in_crit) {
					nbl_end_crit(vp);
					in_crit = 0;
				}
				rfs4_close_all_state(fp);
			}
		}
	}

	if (in_crit)
		nbl_end_crit(vp);
	VN_RELE(vp);

	if (fp) {
		rfs4_clear_dont_grant(fp);
		rfs4_file_rele(fp);
	}
	kmem_free(nm, len);

	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	/*
	 * Get the initial "after" sequence number, if it fails, set to zero
	 */
	idva.va_mask = AT_SEQ;
	if (VOP_GETATTR(dvp, &idva, 0, cs->cr))
		idva.va_seq = 0;

	/*
	 * Force modified data and metadata out to stable storage.
	 */
	(void) VOP_FSYNC(dvp, 0, cs->cr);

	/*
	 * Get "after" change value, if it fails, simply return the
	 * before value.
	 */
	adva.va_mask = AT_CTIME|AT_SEQ;
	if (VOP_GETATTR(dvp, &adva, 0, cs->cr)) {
		adva.va_ctime = bdva.va_ctime;
		adva.va_seq = 0;
	}

	NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, adva.va_ctime)

	/*
	 * The cinfo.atomic = TRUE only if we have
	 * non-zero va_seq's, and it has incremented by exactly one
	 * during the VOP_REMOVE/RMDIR and it didn't change during
	 * the VOP_FSYNC.
	 */
	if (bdva.va_seq && idva.va_seq && adva.va_seq &&
			idva.va_seq == (bdva.va_seq + 1) &&
			idva.va_seq == adva.va_seq)
		resp->cinfo.atomic = TRUE;
	else
		resp->cinfo.atomic = FALSE;

	*cs->statusp = resp->status = NFS4_OK;
}

/*
 * rename: args: SAVED_FH: from directory, CURRENT_FH: target directory,
 *		oldname and newname.
 *	res: status. If success - CURRENT_FH unchanged, return change_info
 *		for both from and target directories.
 */
/* ARGSUSED */
static void
rfs4_op_rename(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	RENAME4args *args = &argop->nfs_argop4_u.oprename;
	RENAME4res *resp = &resop->nfs_resop4_u.oprename;
	int error;
	vnode_t *odvp;
	vnode_t *ndvp;
	vnode_t *srcvp, *targvp;
	struct vattr obdva, oidva, oadva;
	struct vattr nbdva, nidva, nadva;
	char *onm, *nnm;
	uint_t olen, nlen;
	rfs4_file_t *fp, *sfp;
	int in_crit_src, in_crit_targ;
	int fp_rele_grant_hold, sfp_rele_grant_hold;

	fp = sfp = NULL;
	srcvp = targvp = NULL;
	in_crit_src = in_crit_targ = 0;
	fp_rele_grant_hold = sfp_rele_grant_hold = 0;

	/* CURRENT_FH: target directory */
	ndvp = cs->vp;
	if (ndvp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	/* SAVED_FH: from directory */
	odvp = cs->saved_vp;
	if (odvp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	/*
	 * If there is an unshared filesystem mounted on this vnode,
	 * do not allow to rename objects in this directory.
	 */
	if (vn_ismntpt(odvp)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	/*
	 * If there is an unshared filesystem mounted on this vnode,
	 * do not allow to rename to this directory.
	 */
	if (vn_ismntpt(ndvp)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	if (odvp->v_type != VDIR || ndvp->v_type != VDIR) {
		*cs->statusp = resp->status = NFS4ERR_NOTDIR;
		return;
	}

	if (cs->saved_exi != cs->exi) {
		*cs->statusp = resp->status = NFS4ERR_XDEV;
		return;
	}

	if (!utf8_dir_verify(&args->oldname)) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	if (!utf8_dir_verify(&args->newname)) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	onm = utf8_to_fn(&args->oldname, &olen, NULL);
	if (onm == NULL) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	}

	nnm = utf8_to_fn(&args->newname, &nlen, NULL);
	if (nnm == NULL) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		kmem_free(onm, olen);
		return;
	}

	if (olen > MAXNAMELEN || nlen > MAXNAMELEN) {
		*cs->statusp = resp->status = NFS4ERR_NAMETOOLONG;
		kmem_free(onm, olen);
		kmem_free(nnm, nlen);
		return;
	}


	if (rdonly4(cs->exi, cs->vp, req)) {
		*cs->statusp = resp->status = NFS4ERR_ROFS;
		kmem_free(onm, olen);
		kmem_free(nnm, nlen);
		return;
	}

	/*
	 * Is the source a file and have a delegation?
	 * We don't need to acquire va_seq before these lookups, if
	 * it causes an update, cinfo.before will not match, which will
	 * trigger a cache flush even if atomic is TRUE.
	 */
	if (sfp = rfs4_lookup_and_findfile(odvp, onm, &srcvp, &error, cs->cr)) {
		if (rfs4_check_delegated_byfp(FWRITE, sfp, TRUE, TRUE, TRUE,
						NULL)) {
			*cs->statusp = resp->status = NFS4ERR_DELAY;
			goto err_out;
		}
	}

	if (srcvp == NULL) {
		*cs->statusp = resp->status = puterrno4(error);
		kmem_free(onm, olen);
		kmem_free(nnm, nlen);
		return;
	}

	sfp_rele_grant_hold = 1;

	/* Does the destination exist and a file and have a delegation? */
	if (fp = rfs4_lookup_and_findfile(ndvp, nnm, &targvp, NULL, cs->cr)) {
		if (rfs4_check_delegated_byfp(FWRITE, fp, TRUE, TRUE, TRUE,
						NULL)) {
			*cs->statusp = resp->status = NFS4ERR_DELAY;
			goto err_out;
		}
	}
	fp_rele_grant_hold = 1;


	/* Check for NBMAND lock on both source and target */
	if (nbl_need_check(srcvp)) {
		nbl_start_crit(srcvp, RW_READER);
		in_crit_src = 1;
		if (nbl_conflict(srcvp, NBL_RENAME, 0, 0, 0)) {
			*cs->statusp = resp->status = NFS4ERR_FILE_OPEN;
			goto err_out;
		}
	}

	if (targvp && nbl_need_check(targvp)) {
		nbl_start_crit(targvp, RW_READER);
		in_crit_targ = 1;
		if (nbl_conflict(targvp, NBL_REMOVE, 0, 0, 0)) {
			*cs->statusp = resp->status = NFS4ERR_FILE_OPEN;
			goto err_out;
		}
	}

	/* Get source "before" change value */
	obdva.va_mask = AT_CTIME|AT_SEQ;
	error = VOP_GETATTR(odvp, &obdva, 0, cs->cr);
	if (!error) {
		nbdva.va_mask = AT_CTIME|AT_SEQ;
		error = VOP_GETATTR(ndvp, &nbdva, 0, cs->cr);
	}
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		goto err_out;
	}

	NFS4_SET_FATTR4_CHANGE(resp->source_cinfo.before, obdva.va_ctime)
	NFS4_SET_FATTR4_CHANGE(resp->target_cinfo.before, nbdva.va_ctime)

	if ((error = VOP_RENAME(odvp, onm, ndvp, nnm, cs->cr)) == 0 &&
		fp != NULL) {
		struct vattr va;

		va.va_mask = AT_NLINK;
		if (!VOP_GETATTR(fp->vp, &va, 0, cs->cr) &&
			va.va_nlink == 0) {
			/* The file is gone and so should the state */
			if (in_crit_targ) {
				nbl_end_crit(targvp);
				in_crit_targ = 0;
			}
			rfs4_close_all_state(fp);
		}
	}

	if (in_crit_src)
		nbl_end_crit(srcvp);
	if (srcvp)
		VN_RELE(srcvp);
	if (in_crit_targ)
		nbl_end_crit(targvp);
	if (targvp)
		VN_RELE(targvp);

	if (sfp) {
		rfs4_clear_dont_grant(sfp);
		rfs4_file_rele(sfp);
	}
	if (fp) {
		rfs4_clear_dont_grant(fp);
		rfs4_file_rele(fp);
	}

	kmem_free(onm, olen);
	kmem_free(nnm, nlen);

	/*
	 * Get the initial "after" sequence number, if it fails, set to zero
	 */
	oidva.va_mask = AT_SEQ;
	if (VOP_GETATTR(odvp, &oidva, 0, cs->cr))
		oidva.va_seq = 0;

	nidva.va_mask = AT_SEQ;
	if (VOP_GETATTR(ndvp, &nidva, 0, cs->cr))
		nidva.va_seq = 0;

	/*
	 * Force modified data and metadata out to stable storage.
	 */
	(void) VOP_FSYNC(odvp, 0, cs->cr);
	(void) VOP_FSYNC(ndvp, 0, cs->cr);

	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	/*
	 * Get "after" change values, if it fails, simply return the
	 * before value.
	 */
	oadva.va_mask = AT_CTIME|AT_SEQ;
	if (VOP_GETATTR(odvp, &oadva, 0, cs->cr)) {
		oadva.va_ctime = obdva.va_ctime;
		oadva.va_seq = 0;
	}

	nadva.va_mask = AT_CTIME|AT_SEQ;
	if (VOP_GETATTR(odvp, &nadva, 0, cs->cr)) {
		nadva.va_ctime = nbdva.va_ctime;
		nadva.va_seq = 0;
	}

	NFS4_SET_FATTR4_CHANGE(resp->source_cinfo.after, oadva.va_ctime)
	NFS4_SET_FATTR4_CHANGE(resp->target_cinfo.after, nadva.va_ctime)

	/*
	 * The cinfo.atomic = TRUE only if we have
	 * non-zero va_seq's, and it has incremented by exactly one
	 * during the VOP_RENAME and it didn't change during the VOP_FSYNC.
	 */
	if (obdva.va_seq && oidva.va_seq && oadva.va_seq &&
			oidva.va_seq == (obdva.va_seq + 1) &&
			oidva.va_seq == oadva.va_seq)
		resp->source_cinfo.atomic = TRUE;
	else
		resp->source_cinfo.atomic = FALSE;

	if (nbdva.va_seq && nidva.va_seq && nadva.va_seq &&
			nidva.va_seq == (nbdva.va_seq + 1) &&
			nidva.va_seq == nadva.va_seq)
		resp->target_cinfo.atomic = TRUE;
	else
		resp->target_cinfo.atomic = FALSE;

#ifdef	VOLATILE_FH_TEST
	{
	extern void add_volrnm_fh(struct exportinfo *, vnode_t *);

	/*
	 * Add the renamed file handle to the volatile rename list
	 */
	if (cs->exi->exi_export.ex_flags & EX_VOLRNM) {
		/* file handles may expire on rename */
		vnode_t *vp;

		nnm = utf8_to_fn(&args->newname, &nlen, NULL);
		/*
		 * Already know that nnm will be a valid string
		 */
		error = VOP_LOOKUP(ndvp, nnm, &vp, NULL, 0, NULL, cs->cr);
		kmem_free(nnm, nlen);
		if (!error) {
			add_volrnm_fh(cs->exi, vp);
			VN_RELE(vp);
		}
	}
	}
#endif	/* VOLATILE_FH_TEST */

	*cs->statusp = resp->status = NFS4_OK;
	return;

err_out:
	kmem_free(onm, olen);
	kmem_free(nnm, nlen);

	if (in_crit_src) nbl_end_crit(srcvp);
	if (in_crit_targ) nbl_end_crit(targvp);
	if (targvp) VN_RELE(targvp);
	if (srcvp) VN_RELE(srcvp);
	if (sfp) {
		if (sfp_rele_grant_hold) rfs4_clear_dont_grant(sfp);
		rfs4_file_rele(sfp);
	}
	if (fp) {
		if (fp_rele_grant_hold) rfs4_clear_dont_grant(fp);
		rfs4_file_rele(fp);
	}
}

/* ARGSUSED */
static void
rfs4_op_renew(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	RENEW4args *args = &argop->nfs_argop4_u.oprenew;
	RENEW4res *resp = &resop->nfs_resop4_u.oprenew;
	rfs4_client_t *cp;

	if ((cp = rfs4_findclient_by_id(args->clientid, FALSE)) == NULL) {
		*cs->statusp = resp->status =
			rfs4_check_clientid(&args->clientid, 0);
		return;
	}

	if (rfs4_lease_expired(cp)) {
		rfs4_client_rele(cp);
		*cs->statusp = resp->status = NFS4ERR_EXPIRED;
		return;
	}

	rfs4_update_lease(cp);

	mutex_enter(cp->cbinfo.cb_lock);
	if (cp->cbinfo.cb_notified_of_cb_path_down == FALSE) {
		cp->cbinfo.cb_notified_of_cb_path_down = TRUE;
		*cs->statusp = resp->status = NFS4ERR_CB_PATH_DOWN;
	} else {
		*cs->statusp = resp->status = NFS4_OK;
	}
	mutex_exit(cp->cbinfo.cb_lock);

	rfs4_client_rele(cp);

}

/* ARGSUSED */
static void
rfs4_op_restorefh(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	RESTOREFH4res *resp = &resop->nfs_resop4_u.oprestorefh;

	/* No need to check cs->access - we are not accessing any object */
	if ((cs->saved_vp == NULL) || (cs->saved_fh.nfs_fh4_val == NULL)) {
		*cs->statusp = resp->status = NFS4ERR_RESTOREFH;
		return;
	}
	if (cs->vp != NULL) {
		VN_RELE(cs->vp);
	}
	cs->vp = cs->saved_vp;
	cs->saved_vp = NULL;
	cs->exi = cs->saved_exi;
	nfs_fh4_copy(&cs->saved_fh, &cs->fh);
	*cs->statusp = resp->status = NFS4_OK;
	cs->deleg = FALSE;
}

/* ARGSUSED */
static void
rfs4_op_savefh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	SAVEFH4res *resp = &resop->nfs_resop4_u.opsavefh;

	/* No need to check cs->access - we are not accessing any object */
	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}
	if (cs->saved_vp != NULL) {
		VN_RELE(cs->saved_vp);
	}
	cs->saved_vp = cs->vp;
	VN_HOLD(cs->saved_vp);
	cs->saved_exi = cs->exi;
	/*
	 * since SAVEFH is fairly rare, don't alloc space for its fh
	 * unless necessary.
	 */
	if (cs->saved_fh.nfs_fh4_val == NULL) {
		cs->saved_fh.nfs_fh4_val = kmem_alloc(NFS4_FHSIZE, KM_SLEEP);
	}
	nfs_fh4_copy(&cs->fh, &cs->saved_fh);
	*cs->statusp = resp->status = NFS4_OK;
}

/*
 * rfs4_verify_attr is called when nfsv4 Setattr failed, but we wish to
 * return the bitmap of attrs that were set successfully. It is also
 * called by Verify/Nverify to test the vattr/vfsstat attrs. It should
 * always be called only after rfs4_do_set_attrs().
 *
 * Verify that the attributes are same as the expected ones. sargp->vap
 * and sargp->sbp contain the input attributes as translated from fattr4.
 *
 * This function verifies only the attrs that correspond to a vattr or
 * vfsstat struct. That is because of the extra step needed to get the
 * corresponding system structs. Other attributes have already been set or
 * verified by do_rfs4_set_attrs.
 *
 * Return 0 if all attrs match, -1 if some don't, error if error processing.
 */
static int
rfs4_verify_attr(struct nfs4_svgetit_arg *sargp,
	bitmap4 *resp, struct nfs4_ntov_table *ntovp)
{
	int error, ret_error = 0;
	int i, k;
	uint_t sva_mask = sargp->vap->va_mask;
	uint_t vbit;
	union nfs4_attr_u *na;
	uint8_t *amap;
	bool_t getsb = ntovp->vfsstat;

	if (sva_mask != 0) {
		/*
		 * Okay to overwrite sargp->vap because we verify based
		 * on the incoming values.
		 */
		ret_error = VOP_GETATTR(sargp->cs->vp, sargp->vap, 0,
				sargp->cs->cr);
		if (ret_error) {
			if (resp == NULL)
				return (ret_error);
			/*
			 * Must return bitmap of successful attrs
			 */
			sva_mask = 0;	/* to prevent checking vap later */
		} else {
			/*
			 * Some file systems clobber va_mask. it is probably
			 * wrong of them to do so, nonethless we practice
			 * defensive coding.
			 * See bug id 4276830.
			 */
			sargp->vap->va_mask = sva_mask;
		}
	}

	if (getsb) {
		/*
		 * Now get the superblock and loop on the bitmap, as there is
		 * no simple way of translating from superblock to bitmap4.
		 */
		ret_error = VFS_STATVFS(sargp->cs->vp->v_vfsp, sargp->sbp);
		if (ret_error) {
			if (resp == NULL)
				goto errout;
			getsb = FALSE;
		}
	}

	/*
	 * Now loop and verify each attribute which getattr returned
	 * whether it's the same as the input.
	 */
	if (resp == NULL && !getsb && (sva_mask == 0))
		goto errout;

	na = ntovp->na;
	amap = ntovp->amap;
	k = 0;
	for (i = 0; i < ntovp->attrcnt; i++, na++, amap++) {
		k = *amap;
		ASSERT(nfs4_ntov_map[k].nval == k);
		vbit = nfs4_ntov_map[k].vbit;

		/*
		 * If vattr attribute but VOP_GETATTR failed, or it's
		 * superblock attribute but VFS_STATVFS failed, skip
		 */
		if (vbit) {
			if ((vbit & sva_mask) == 0)
				continue;
		} else if (!(getsb && nfs4_ntov_map[k].vfsstat)) {
			continue;
		}
		error = (*nfs4_ntov_map[k].sv_getit)(
				NFS4ATTR_VERIT, sargp, na);
		if (resp != NULL) {
			if (error)
				ret_error = -1;	/* not all match */
			else	/* update response bitmap */
				*resp |= nfs4_ntov_map[k].fbit;
			continue;
		}
		if (error) {
			ret_error = -1;	/* not all match */
			break;
		}
	}
errout:
	return (ret_error);
}

/*
 * Decode the attribute to be set/verified. If the attr requires a sys op
 * (VOP_GETATTR, VFS_VFSSTAT), and the request is to verify, then don't
 * call the sv_getit function for it, because the sys op hasn't yet been done.
 * Return 0 for success, error code if failed.
 *
 * Note: the decoded arg is not freed here but in nfs4_ntov_table_free.
 */
static int
decode_fattr4_attr(nfs4_attr_cmd_t cmd, struct nfs4_svgetit_arg *sargp,
	int k, XDR *xdrp, bitmap4 *resp_bval, union nfs4_attr_u *nap)
{
	int error = 0;
	bool_t set_later;

	sargp->vap->va_mask |= nfs4_ntov_map[k].vbit;

	if ((*nfs4_ntov_map[k].xfunc)(xdrp, nap)) {
		set_later = nfs4_ntov_map[k].vbit || nfs4_ntov_map[k].vfsstat;
		/*
		 * don't verify yet if a vattr or sb dependent attr,
		 * because we don't have their sys values yet.
		 * Will be done later.
		 */
		if (! (set_later && (cmd == NFS4ATTR_VERIT))) {
			/*
			 * ACLs are a special case, since setting the MODE
			 * conflicts with setting the ACL.  We delay setting
			 * the ACL until all other attributes have been set.
			 * The ACL gets set in do_rfs4_op_setattr().
			 */
			if (nfs4_ntov_map[k].fbit != FATTR4_ACL_MASK) {
				error = (*nfs4_ntov_map[k].sv_getit)(cmd,
				    sargp, nap);
				if (error) {
					xdr_free(nfs4_ntov_map[k].xfunc,
					    (caddr_t)nap);
				}
			}
		}
	} else {
#ifdef  DEBUG
		cmn_err(CE_NOTE, "decode_fattr4_attr: error "
			"decoding attribute %d\n", k);
#endif
		error = EINVAL;
	}
	if (!error && resp_bval && !set_later) {
		*resp_bval |= nfs4_ntov_map[k].fbit;
	}

	return (error);
}

/*
 * Set vattr based on incoming fattr4 attrs - used by setattr.
 * Set response mask. Ignore any values that are not writable vattr attrs.
 */
static nfsstat4
do_rfs4_set_attrs(bitmap4 *resp, fattr4 *fattrp, struct compound_state *cs,
		struct nfs4_svgetit_arg *sargp, struct nfs4_ntov_table *ntovp,
		nfs4_attr_cmd_t cmd)
{
	int error = 0;
	int i;
	char *attrs = fattrp->attrlist4;
	uint32_t attrslen = fattrp->attrlist4_len;
	XDR xdr;
	nfsstat4 status = NFS4_OK;
	vnode_t *vp = cs->vp;
	union nfs4_attr_u *na;
	uint8_t *amap;

#ifndef lint
	/*
	 * Make sure that maximum attribute number can be expressed as an
	 * 8 bit quantity.
	 */
	ASSERT(NFS4_MAXNUM_ATTRS <= (UINT8_MAX + 1));
#endif

	if (vp == NULL) {
		if (resp)
			*resp = 0;
		return (NFS4ERR_NOFILEHANDLE);
	}
	if (cs->access == CS_ACCESS_DENIED) {
		if (resp)
			*resp = 0;
		return (NFS4ERR_ACCESS);
	}

	sargp->op = cmd;
	sargp->cs = cs;
	sargp->flag = 0;	/* may be set later */
	sargp->vap->va_mask = 0;
	sargp->rdattr_error = NFS4_OK;
	sargp->rdattr_error_req = FALSE;
	/* sargp->sbp is set by the caller */

	xdrmem_create(&xdr, attrs, attrslen, XDR_DECODE);

	na = ntovp->na;
	amap = ntovp->amap;

	/*
	 * The following loop iterates on the nfs4_ntov_map checking
	 * if the fbit is set in the requested bitmap.
	 * If set then we process the arguments using the
	 * rfs4_fattr4 conversion functions to populate the setattr
	 * vattr and va_mask. Any settable attrs that are not using vattr
	 * will be set in this loop.
	 */
	for (i = 0; i < nfs4_ntov_map_size; i++) {
		if (!(fattrp->attrmask & nfs4_ntov_map[i].fbit)) {
			continue;
		}
		/*
		 * If setattr, must be a writable attr.
		 * If verify/nverify, must be a readable attr.
		 */
		if ((error = (*nfs4_ntov_map[i].sv_getit)(
				    NFS4ATTR_SUPPORTED, sargp, NULL)) != 0) {
			/*
			 * Client tries to set/verify an
			 * unsupported attribute, tries to set
			 * a read only attr or verify a write
			 * only one - error!
			 */
			break;
		}
		/*
		 * Decode the attribute to set/verify
		 */
		error = decode_fattr4_attr(cmd, sargp, nfs4_ntov_map[i].nval,
					&xdr, resp ? resp : NULL, na);
		if (error)
			break;
		*amap++ = (uint8_t)nfs4_ntov_map[i].nval;
		na++;
		(ntovp->attrcnt)++;
		if (nfs4_ntov_map[i].vfsstat)
			ntovp->vfsstat = TRUE;
	}

	if (error != 0)
		status = (error == ENOTSUP ?	NFS4ERR_ATTRNOTSUPP :
						puterrno4(error));
	/* xdrmem_destroy(&xdrs); */	/* NO-OP */
	return (status);
}

static nfsstat4
do_rfs4_op_setattr(bitmap4 *resp, fattr4 *fattrp, struct compound_state *cs,
		stateid4 *stateid)
{
	int error = 0;
	struct nfs4_svgetit_arg sarg;
	bool_t trunc;

	nfsstat4 status = NFS4_OK;
	cred_t *cr = cs->cr;
	vnode_t *vp = cs->vp;
	struct nfs4_ntov_table ntov;
	struct statvfs64 sb;
	struct vattr bva;
	struct flock64 bf;
	int in_crit = 0;
	uint_t saved_mask = 0;
	caller_context_t ct;

	*resp = 0;
	sarg.sbp = &sb;
	nfs4_ntov_table_init(&ntov);
	status = do_rfs4_set_attrs(resp, fattrp, cs, &sarg, &ntov,
			NFS4ATTR_SETIT);
	if (status != NFS4_OK) {
		/*
		 * failed set attrs
		 */
		goto done;
	}
	if ((sarg.vap->va_mask == 0) &&
	    (! (fattrp->attrmask & FATTR4_ACL_MASK))) {
		/*
		 * no further work to be done
		 */
		goto done;
	}

	/*
	 * If we got a request to set the ACL and the MODE, only
	 * allow changing VSUID, VSGID, and VSVTX.  Attempting
	 * to change any other bits, along with setting an ACL,
	 * gives NFS4ERR_INVAL.
	 */
	if ((fattrp->attrmask & FATTR4_ACL_MASK) &&
	    (fattrp->attrmask & FATTR4_MODE_MASK)) {
		vattr_t va;

		va.va_mask = AT_MODE;
		error = VOP_GETATTR(vp, &va, 0, cs->cr);
		if (error) {
			status = puterrno4(error);
			goto done;
		}
		if ((sarg.vap->va_mode ^ va.va_mode) &
		    ~(VSUID | VSGID | VSVTX)) {
			status = NFS4ERR_INVAL;
			goto done;
		}
	}


	/* Check stateid only if size has been set */
	if (sarg.vap->va_mask & AT_SIZE) {
		trunc = (sarg.vap->va_size == 0);
		status = rfs4_check_stateid(FWRITE, cs->vp, stateid,
			trunc, &cs->deleg, sarg.vap->va_mask & AT_SIZE);
		if (status != NFS4_OK)
			goto done;
	}

	ct.cc_sysid = 0;
	ct.cc_pid = 0;
	ct.cc_caller_id = nfs4_srv_caller_id;

	/* XXX start of possible race with delegations */

	/*
	 * We need to specially handle size changes because it is
	 * possible for the client to create a file with read-only
	 * modes, but with the file opened for writing. If the client
	 * then tries to set the file size, e.g. ftruncate(3C),
	 * fcntl(F_FREESP), the normal access checking done in
	 * VOP_SETATTR would prevent the client from doing it even though
	 * it should be allowed to do so.  To get around this, we do the
	 * access checking for ourselves and use VOP_SPACE which doesn't
	 * do the access checking.
	 * Also the client should not be allowed to change the file
	 * size if there is a conflicting non-blocking mandatory lock in
	 * the region of the change.
	 */
	if (vp->v_type == VREG && (sarg.vap->va_mask & AT_SIZE)) {
		u_offset_t offset;
		ssize_t length;

		/*
		 * Check any possible conflict due to NBMAND locks.
		 * Get into critical region before VOP_GETATTR, so the
		 * size attribute is valid when checking conflicts.
		 */
		if (nbl_need_check(vp)) {
			nbl_start_crit(vp, RW_READER);
			in_crit = 1;
		}

		bva.va_mask = AT_UID|AT_SIZE;
		if (error = VOP_GETATTR(vp, &bva, 0, cr)) {
			status = puterrno4(error);
			goto done;
		}

		if (in_crit) {
			if (sarg.vap->va_size < bva.va_size) {
				offset = sarg.vap->va_size;
				length = bva.va_size - sarg.vap->va_size;
			} else {
				offset = bva.va_size;
				length = sarg.vap->va_size - bva.va_size;
			}
			if (nbl_conflict(vp, NBL_WRITE, offset, length, 0)) {
				status = NFS4ERR_LOCKED;
				goto done;
			}
		}

		if (crgetuid(cr) == bva.va_uid) {
			saved_mask = sarg.vap->va_mask;
			sarg.vap->va_mask &= ~AT_SIZE;
			bf.l_type = F_WRLCK;
			bf.l_whence = 0;
			bf.l_start = (off64_t)sarg.vap->va_size;
			bf.l_len = 0;
			bf.l_sysid = 0;
			bf.l_pid = 0;
			error = VOP_SPACE(vp, F_FREESP, &bf, FWRITE,
					(offset_t)sarg.vap->va_size, cr, &ct);
		}
	}

	if (!error && sarg.vap->va_mask != 0)
		error = VOP_SETATTR(vp, sarg.vap, sarg.flag, cr, &ct);

	/* restore AT_SIZE */
	if (saved_mask & AT_SIZE)
		sarg.vap->va_mask |= AT_SIZE;

	/*
	 * If an ACL was being set, it has been delayed until now,
	 * in order to set the mode (via the VOP_SETATTR() above) first.
	 */
	if ((! error) && (fattrp->attrmask & FATTR4_ACL_MASK)) {
		int i;

		for (i = 0; i < NFS4_MAXNUM_ATTRS; i++)
			if (ntov.amap[i] == FATTR4_ACL)
				break;
		if (i < NFS4_MAXNUM_ATTRS) {
			error = (*nfs4_ntov_map[FATTR4_ACL].sv_getit)(
			    NFS4ATTR_SETIT, &sarg, &ntov.na[i]);
			if (error == 0) {
				*resp |= FATTR4_ACL_MASK;
			} else if (error == ENOTSUP) {
				(void) rfs4_verify_attr(&sarg, resp, &ntov);
				status = NFS4ERR_ATTRNOTSUPP;
				goto done;
			}
		} else {
			NFS4_DEBUG(rfs4_debug,
			    (CE_NOTE, "do_rfs4_op_setattr: "
			    "unable to find ACL in fattr4"));
			error = EINVAL;
		}
	}

	if (error) {
		status = puterrno4(error);

		/*
		 * Set the response bitmap when setattr failed.
		 * If VOP_SETATTR partially succeeded, test by doing a
		 * VOP_GETATTR on the object and comparing the data
		 * to the setattr arguments.
		 */
		(void) rfs4_verify_attr(&sarg, resp, &ntov);
	} else {
		/*
		 * Force modified metadata out to stable storage.
		 */
		(void) VOP_FSYNC(vp, FNODSYNC, cr);
		/*
		 * Set response bitmap
		 */
		nfs4_vmask_to_nmask(sarg.vap->va_mask, resp);
	}

/* Return early and already have a NFSv4 error */
done:
	if (in_crit)
		nbl_end_crit(vp);

	nfs4_ntov_table_free(&ntov, &sarg);

	return (status);
}

/* ARGSUSED */
static void
rfs4_op_setattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	SETATTR4args *args = &argop->nfs_argop4_u.opsetattr;
	SETATTR4res *resp = &resop->nfs_resop4_u.opsetattr;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	/*
	 * If there is an unshared filesystem mounted on this vnode,
	 * do not allow to setattr on this vnode.
	 */
	if (vn_ismntpt(cs->vp)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	resp->attrsset = 0;

	if (rdonly4(cs->exi, cs->vp, req)) {
		*cs->statusp = resp->status = NFS4ERR_ROFS;
		return;
	}

	*cs->statusp = resp->status =
		do_rfs4_op_setattr(&resp->attrsset, &args->obj_attributes, cs,
			&args->stateid);
}

/* ARGSUSED */
static void
rfs4_op_verify(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	/*
	 * verify and nverify are exactly the same, except that nverify
	 * succeeds when some argument changed, and verify succeeds when
	 * when none changed.
	 */

	VERIFY4args  *args = &argop->nfs_argop4_u.opverify;
	VERIFY4res *resp = &resop->nfs_resop4_u.opverify;

	int error;
	struct nfs4_svgetit_arg sarg;
	struct statvfs64 sb;
	struct nfs4_ntov_table ntov;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	sarg.sbp = &sb;
	nfs4_ntov_table_init(&ntov);
	resp->status = do_rfs4_set_attrs(NULL, &args->obj_attributes, cs,
				&sarg, &ntov, NFS4ATTR_VERIT);
	if (resp->status != NFS4_OK) {
		/*
		 * do_rfs4_set_attrs will try to verify systemwide attrs,
		 * so could return -1 for "no match".
		 */
		if (resp->status == -1)
			resp->status = NFS4ERR_NOT_SAME;
		goto done;
	}
	error = rfs4_verify_attr(&sarg, NULL, &ntov);
	switch (error) {
	case 0:
		resp->status = NFS4_OK;
		break;
	case -1:
		resp->status = NFS4ERR_NOT_SAME;
		break;
	default:
		resp->status = puterrno4(error);
		break;
	}
done:
	*cs->statusp = resp->status;
	nfs4_ntov_table_free(&ntov, &sarg);
}

/* ARGSUSED */
static void
rfs4_op_nverify(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	/*
	 * verify and nverify are exactly the same, except that nverify
	 * succeeds when some argument changed, and verify succeeds when
	 * when none changed.
	 */

	NVERIFY4args  *args = &argop->nfs_argop4_u.opnverify;
	NVERIFY4res *resp = &resop->nfs_resop4_u.opnverify;

	int error;
	struct nfs4_svgetit_arg sarg;
	struct statvfs64 sb;
	struct nfs4_ntov_table ntov;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}
	sarg.sbp = &sb;
	nfs4_ntov_table_init(&ntov);
	resp->status = do_rfs4_set_attrs(NULL, &args->obj_attributes, cs,
				&sarg, &ntov, NFS4ATTR_VERIT);
	if (resp->status != NFS4_OK) {
		/*
		 * do_rfs4_set_attrs will try to verify systemwide attrs,
		 * so could return -1 for "no match".
		 */
		if (resp->status == -1)
			resp->status = NFS4_OK;
		goto done;
	}
	error = rfs4_verify_attr(&sarg, NULL, &ntov);
	switch (error) {
	case 0:
		resp->status = NFS4ERR_SAME;
		break;
	case -1:
		resp->status = NFS4_OK;
		break;
	default:
		resp->status = puterrno4(error);
		break;
	}
done:
	*cs->statusp = resp->status;
	nfs4_ntov_table_free(&ntov, &sarg);
}

/*
 * XXX - This should live in an NFS header file.
 */
#define	MAX_IOVECS	12

/* ARGSUSED */
static void
rfs4_op_write(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req,
	struct compound_state *cs)
{
	WRITE4args  *args = &argop->nfs_argop4_u.opwrite;
	WRITE4res *resp = &resop->nfs_resop4_u.opwrite;
	int error;
	vnode_t *vp;
	struct vattr bva;
	u_offset_t rlimit;
	struct uio uio;
	struct iovec iov[MAX_IOVECS];
	struct iovec *iovp;
	int iovcnt;
	int ioflag;
	cred_t *savecred, *cr;
	bool_t *deleg = &cs->deleg;
	nfsstat4 stat;
	int in_crit = 0;

	vp = cs->vp;
	if (vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}
	if (cs->access == CS_ACCESS_DENIED) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		return;
	}

	cr = cs->cr;

	/*
	 * We have to enter the critical region before calling VOP_RWLOCK
	 * to avoid a deadlock with ufs.
	 */
	if (nbl_need_check(vp)) {
		nbl_start_crit(vp, RW_READER);
		in_crit = 1;
		if (nbl_conflict(vp, NBL_WRITE,
				args->offset, args->data_len, 0)) {
			*cs->statusp = resp->status = NFS4ERR_LOCKED;
			goto out;
		}
	}

	if ((stat = rfs4_check_stateid(FWRITE, vp, &args->stateid, FALSE,
					deleg, TRUE)) != NFS4_OK) {
		*cs->statusp = resp->status = stat;
		goto out;
	}

	bva.va_mask = AT_MODE | AT_UID;
	error = VOP_GETATTR(vp, &bva, 0, cr);

	/*
	 * If we can't get the attributes, then we can't do the
	 * right access checking.  So, we'll fail the request.
	 */
	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		goto out;
	}

	if (rdonly4(cs->exi, cs->vp, req)) {
		*cs->statusp = resp->status = NFS4ERR_ROFS;
		goto out;
	}

	if (vp->v_type != VREG) {
		*cs->statusp = resp->status =
			((vp->v_type == VDIR) ? NFS4ERR_ISDIR : NFS4ERR_INVAL);
		goto out;
	}

	if (crgetuid(cr) != bva.va_uid &&
	    (error = VOP_ACCESS(vp, VWRITE, 0, cr))) {
		*cs->statusp = resp->status = puterrno4(error);
		goto out;
	}

	if (MANDLOCK(vp, bva.va_mode)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		goto out;
	}

	if (args->data_len == 0) {
		*cs->statusp = resp->status = NFS4_OK;
		resp->count = 0;
		resp->committed = args->stable;
		resp->writeverf = Write4verf;
		goto out;
	}

	if (args->mblk != NULL) {
		mblk_t *m;
		uint_t bytes, round_len;

		iovcnt = 0;
		bytes = 0;
		round_len = roundup(args->data_len, BYTES_PER_XDR_UNIT);
		for (m = args->mblk;
		    m != NULL && bytes < round_len;
		    m = m->b_cont) {
			iovcnt++;
			bytes += MBLKL(m);
		}
#ifdef DEBUG
		/* should have ended on an mblk boundary */
		if (bytes != round_len) {
			printf("bytes=0x%x, round_len=0x%x, req len=0x%x\n",
			    bytes, round_len, args->data_len);
			printf("args=%p, args->mblk=%p, m=%p", (void *)args,
			    (void *)args->mblk, (void *)m);
			ASSERT(bytes == round_len);
		}
#endif
		if (iovcnt <= MAX_IOVECS) {
			iovp = iov;
		} else {
			iovp = kmem_alloc(sizeof (*iovp) * iovcnt, KM_SLEEP);
		}
		mblk_to_iov(args->mblk, iovcnt, iovp);
	} else {
		iovcnt = 1;
		iovp = iov;
		iovp->iov_base = args->data_val;
		iovp->iov_len = args->data_len;
	}

	uio.uio_iov = iovp;
	uio.uio_iovcnt = iovcnt;

	uio.uio_segflg = UIO_SYSSPACE;
	uio.uio_extflg = UIO_COPY_DEFAULT;
	uio.uio_loffset = args->offset;
	uio.uio_resid = args->data_len;
	uio.uio_llimit = curproc->p_fsz_ctl;
	rlimit = uio.uio_llimit - args->offset;
	if (rlimit < (u_offset_t)uio.uio_resid)
		uio.uio_resid = (int)rlimit;

	if (args->stable == UNSTABLE4)
		ioflag = 0;
	else if (args->stable == FILE_SYNC4)
		ioflag = FSYNC;
	else if (args->stable == DATA_SYNC4)
		ioflag = FDSYNC;
	else {
		if (iovp != iov)
			kmem_free(iovp, sizeof (*iovp) * iovcnt);
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		goto out;
	}

	/*
	 * We're changing creds because VM may fault and we need
	 * the cred of the current thread to be used if quota
	 * checking is enabled.
	 */
	savecred = curthread->t_cred;
	curthread->t_cred = cr;
	error = do_io(FWRITE, vp, &uio, ioflag, cr);
	curthread->t_cred = savecred;

	if (iovp != iov)
		kmem_free(iovp, sizeof (*iovp) * iovcnt);

	if (error) {
		*cs->statusp = resp->status = puterrno4(error);
		goto out;
	}

	*cs->statusp = resp->status = NFS4_OK;
	resp->count = args->data_len - uio.uio_resid;

	if (ioflag == 0)
		resp->committed = UNSTABLE4;
	else
		resp->committed = FILE_SYNC4;

	resp->writeverf = Write4verf;

out:
	if (in_crit)
		nbl_end_crit(vp);
}


/* XXX put in a header file */
extern int	sec_svc_getcred(struct svc_req *, cred_t *,  caddr_t *, int *);

void
rfs4_compound(COMPOUND4args *args, COMPOUND4res *resp, struct exportinfo *exi,
	struct svc_req *req, cred_t *cr)
{
	uint_t i;
	struct compound_state cs;

	rfs4_init_compound_state(&cs);
	/*
	 * Form a reply tag by copying over the reqeuest tag.
	 */
	resp->tag.utf8string_val =
				kmem_alloc(args->tag.utf8string_len, KM_SLEEP);
	resp->tag.utf8string_len = args->tag.utf8string_len;
	bcopy(args->tag.utf8string_val, resp->tag.utf8string_val,
					resp->tag.utf8string_len);

	cs.statusp = &resp->status;

	/*
	 * XXX for now, minorversion should be zero
	 */
	if (args->minorversion != NFS4_MINORVERSION) {
		resp->array_len = 0;
		resp->array = NULL;
		resp->status = NFS4ERR_MINOR_VERS_MISMATCH;
		return;
	}

	resp->array_len = args->array_len;
	resp->array = kmem_zalloc(args->array_len * sizeof (nfs_resop4),
		KM_SLEEP);

	ASSERT(exi == NULL);
	ASSERT(cr == NULL);

	cr = crget();
	ASSERT(cr != NULL);

	if (sec_svc_getcred(req, cr, &cs.principal, &cs.nfsflavor) == 0) {
		crfree(cr);
		return;
	}

	cs.basecr = cr;

	cs.req = req;

	/*
	 * For now, NFS4 compound processing must be protected by
	 * exported_lock because it can access more than one exportinfo
	 * per compound and share/unshare can now change multiple
	 * exinfo structs.  The NFS2/3 code only refs 1 exportinfo
	 * per proc (excluding public exinfo), and exi_count design
	 * is sufficient to protect concurrent execution of NFS2/3
	 * ops along with unexport.  This lock will be removed as
	 * part of the NFSv4 phase 2 namespace redesign work.
	 */
	rw_enter(&exported_lock, RW_READER);

	/*
	 * If this is the first compound we've seen, we need to start all
	 * new instances' grace periods.
	 */
	if (rfs4_seen_first_compound == 0) {
		rfs4_grace_start_new();
		/*
		 * This must be set after rfs4_grace_start_new(), otherwise
		 * another thread could proceed past here before the former
		 * is finished.
		 */
		rfs4_seen_first_compound = 1;
	}

	for (i = 0; i < args->array_len && cs.cont; i++) {
		nfs_argop4 *argop;
		nfs_resop4 *resop;
		uint_t op;

		argop = &args->array[i];
		resop = &resp->array[i];
		resop->resop = argop->argop;
		op = (uint_t)resop->resop;

		if (op < rfsv4disp_cnt) {
			/*
			 * Count the individual ops here; NULL and COMPOUND
			 * are counted in common_dispatch()
			 */
			rfsproccnt_v4_ptr[op].value.ui64++;

			NFS4_DEBUG(rfs4_debug > 1,
				(CE_NOTE, "Executing %s", rfs4_op_string[op]));
			(*rfsv4disptab[op].dis_proc)(argop, resop, req, &cs);
			NFS4_DEBUG(rfs4_debug > 1,
				(CE_NOTE, "%s returned %d",
				rfs4_op_string[op], *cs.statusp));
			if (*cs.statusp != NFS4_OK)
				cs.cont = FALSE;
		} else {
			/*
			 * This is effectively dead code since XDR code
			 * will have already returned BADXDR if op doesn't
			 * decode to legal value.  This only done for a
			 * day when XDR code doesn't verify v4 opcodes.
			 */
			op = OP_ILLEGAL;
			rfsproccnt_v4_ptr[OP_ILLEGAL_IDX].value.ui64++;

			rfs4_op_illegal(argop, resop, req, &cs);
			cs.cont = FALSE;
		}

		/*
		 * If not at last op, and if we are to stop, then
		 * compact the results array.
		 */
		if ((i + 1) < args->array_len && !cs.cont) {
			nfs_resop4 *new_res = kmem_alloc(
				(i+1) * sizeof (nfs_resop4), KM_SLEEP);
			bcopy(resp->array,
				new_res, (i+1) * sizeof (nfs_resop4));
			kmem_free(resp->array,
				args->array_len * sizeof (nfs_resop4));

			resp->array_len =  i + 1;
			resp->array = new_res;
		}
	}

	rw_exit(&exported_lock);

	if (cs.vp)
		VN_RELE(cs.vp);
	if (cs.saved_vp)
		VN_RELE(cs.saved_vp);
	if (cs.saved_fh.nfs_fh4_val)
		kmem_free(cs.saved_fh.nfs_fh4_val, NFS4_FHSIZE);

	if (cs.basecr)
		crfree(cs.basecr);
	if (cs.cr)
		crfree(cs.cr);
}

/*
 * XXX because of what appears to be duplicate calls to rfs4_compound_free
 * XXX zero out the tag and array values. Need to investigate why the
 * XXX calls occur, but at least prevent the panic for now.
 */
void
rfs4_compound_free(COMPOUND4res *resp)
{
	uint_t i;

	if (resp->tag.utf8string_val) {
		UTF8STRING_FREE(resp->tag)
	}

	for (i = 0; i < resp->array_len; i++) {
		nfs_resop4 *resop;
		uint_t op;

		resop = &resp->array[i];
		op = (uint_t)resop->resop;
		if (op < rfsv4disp_cnt) {
			(*rfsv4disptab[op].dis_resfree)(resop);
		}
	}
	if (resp->array != NULL) {
		kmem_free(resp->array, resp->array_len * sizeof (nfs_resop4));
	}
}

/*
 * Process the value of the compound request rpc flags, as a bit-AND
 * of the individual per-op flags (idempotent, allowork, publicfh_ok)
 */
void
rfs4_compound_flagproc(COMPOUND4args *args, int *flagp)
{
	int i;
	int flag = RPC_ALL;

	for (i = 0; flag && i < args->array_len; i++) {
		uint_t op;

		op = (uint_t)args->array[i].argop;

		if (op < rfsv4disp_cnt)
			flag &= rfsv4disptab[op].dis_flags;
		else
			flag = 0;
	}
	*flagp = flag;
}

nfsstat4
rfs4_client_sysid(rfs4_client_t *cp, sysid_t *sp)
{
	nfsstat4 e;

	rfs4_dbe_lock(cp->dbe);

	if (cp->sysidt != LM_NOSYSID) {
		*sp = cp->sysidt;
		e = NFS4_OK;

	} else if ((cp->sysidt = lm_alloc_sysidt()) != LM_NOSYSID) {
		*sp = cp->sysidt;
		e = NFS4_OK;

		NFS4_DEBUG(rfs4_debug, (CE_NOTE,
			"rfs4_client_sysid: allocated 0x%x\n", *sp));
	} else
		e = NFS4ERR_DELAY;

	rfs4_dbe_unlock(cp->dbe);
	return (e);
}

#if defined(DEBUG) && ! defined(lint)
static void lock_print(char *str, int operation, struct flock64 *flk)
{
	char *op, *type;

	switch (operation) {
	case F_GETLK: op = "F_GETLK";
		break;
	case F_SETLK: op = "F_SETLK";
		break;
	default: op = "F_UNKNOWN";
		break;
	}
	switch (flk->l_type) {
	case F_UNLCK: type = "F_UNLCK";
		break;
	case F_RDLCK: type = "F_RDLCK";
		break;
	case F_WRLCK: type = "F_WRLCK";
		break;
	default: type = "F_UNKNOWN";
		break;
	}

	ASSERT(flk->l_whence == 0);
	cmn_err(CE_NOTE, "%s:  %s, type = %s, off = %llx len = %llx pid = %d",
		str, op, type,
		(longlong_t)flk->l_start,
		flk->l_len ? (longlong_t)flk->l_len : ~0LL,
		flk->l_pid);
}

#define	LOCK_PRINT(d, s, t, f) if (d) lock_print(s, t, f)
#else
#define	LOCK_PRINT(d, s, t, f)
#endif

/*ARGSUSED*/
static bool_t
creds_ok(cred_set_t cr_set, struct svc_req *req, struct compound_state *cs)
{
	return (TRUE);
}

/*
 * Look up the pathname using the vp in cs as the directory vnode.
 * cs->vp will be the vnode for the file on success
 */

static nfsstat4
rfs4_lookup(component4 *component, struct svc_req *req,
	    struct compound_state *cs)
{
	char *nm;
	uint32_t len;
	nfsstat4 status;

	if (cs->vp == NULL) {
		return (NFS4ERR_NOFILEHANDLE);
	}
	if (cs->vp->v_type != VDIR) {
		return (NFS4ERR_NOTDIR);
	}

	if (!utf8_dir_verify(component))
		return (NFS4ERR_INVAL);

	nm = utf8_to_fn(component, &len, NULL);
	if (nm == NULL) {
		return (NFS4ERR_INVAL);
	}

	if (len > MAXNAMELEN) {
		kmem_free(nm, len);
		return (NFS4ERR_NAMETOOLONG);
	}

	status = do_rfs4_op_lookup(nm, len, req, cs);

	kmem_free(nm, len);

	return (status);
}

static nfsstat4
rfs4_lookupfile(component4 *component, struct svc_req *req,
		struct compound_state *cs, uint32_t access,
		change_info4 *cinfo)
{
	nfsstat4 status;
	vnode_t *dvp = cs->vp;
	vattr_t bva, ava, fva;
	int error;

	/* Get "before" change value */
	bva.va_mask = AT_CTIME|AT_SEQ;
	error = VOP_GETATTR(dvp, &bva, 0, cs->cr);
	if (error)
		return (puterrno4(error));

	/* rfs4_lookup may VN_RELE directory */
	VN_HOLD(dvp);

	status = rfs4_lookup(component, req, cs);
	if (status != NFS4_OK) {
		VN_RELE(dvp);
		return (status);
	}

	/*
	 * Get "after" change value, if it fails, simply return the
	 * before value.
	 */
	ava.va_mask = AT_CTIME|AT_SEQ;
	if (VOP_GETATTR(dvp, &ava, 0, cs->cr)) {
		ava.va_ctime = bva.va_ctime;
		ava.va_seq = 0;
	}
	VN_RELE(dvp);

	/*
	 * Validate the file is a file
	 */
	fva.va_mask = AT_TYPE|AT_MODE;
	error = VOP_GETATTR(cs->vp, &fva, 0, cs->cr);
	if (error)
		return (puterrno4(error));

	if (fva.va_type != VREG) {
		if (fva.va_type == VDIR)
			return (NFS4ERR_ISDIR);
		if (fva.va_type == VLNK)
			return (NFS4ERR_SYMLINK);
		return (NFS4ERR_INVAL);
	}

	NFS4_SET_FATTR4_CHANGE(cinfo->before, bva.va_ctime);
	NFS4_SET_FATTR4_CHANGE(cinfo->after, ava.va_ctime);

	/*
	 * It is undefined if VOP_LOOKUP will change va_seq, so
	 * cinfo.atomic = TRUE only if we have
	 * non-zero va_seq's, and they have not changed.
	 */
	if (bva.va_seq && ava.va_seq && ava.va_seq == bva.va_seq)
		cinfo->atomic = TRUE;
	else
		cinfo->atomic = FALSE;

	/* Check for mandatory locking */
	cs->mandlock = MANDLOCK(cs->vp, fva.va_mode);
	return (check_open_access(access, cs, req));
}

static nfsstat4
create_vnode(vnode_t *dvp, char *nm,  vattr_t *vap, createmode4 mode,
	    timespec32_t *mtime, cred_t *cr, vnode_t **vpp, bool_t *created)
{
	int error;
	nfsstat4 status = NFS4_OK;
	vattr_t va;

tryagain:

	/*
	 * The file open mode used is VWRITE.  If the client needs
	 * some other semantic, then it should do the access checking
	 * itself.  It would have been nice to have the file open mode
	 * passed as part of the arguments.
	 */

	*created = TRUE;
	error = VOP_CREATE(dvp, nm, vap, EXCL, VWRITE, vpp, cr, 0);

	if (error) {
		*created = FALSE;

		/*
		 * If we got something other than file already exists
		 * then just return this error.  Otherwise, we got
		 * EEXIST.  If we were doing a GUARDED create, then
		 * just return this error.  Otherwise, we need to
		 * make sure that this wasn't a duplicate of an
		 * exclusive create request.
		 *
		 * The assumption is made that a non-exclusive create
		 * request will never return EEXIST.
		 */

		if (error != EEXIST || mode == GUARDED4) {
			status = puterrno4(error);
			return (status);
		}
		error = VOP_LOOKUP(dvp, nm, vpp, NULL, 0, NULL, cr);

		if (error) {
			/*
			 * We couldn't find the file that we thought that
			 * we just created.  So, we'll just try creating
			 * it again.
			 */
			if (error == ENOENT)
				goto tryagain;

			status = puterrno4(error);
			return (status);
		}

		VN_SETPATH(rootdir, dvp, *vpp, nm, strlen(nm));

		if (mode == UNCHECKED4) {
			/* existing object must be regular file */
			if ((*vpp)->v_type != VREG) {
				if ((*vpp)->v_type == VDIR)
					status = NFS4ERR_ISDIR;
				else if ((*vpp)->v_type == VLNK)
					status = NFS4ERR_SYMLINK;
				else
					status = NFS4ERR_INVAL;
				VN_RELE(*vpp);
				return (status);
			}

			return (NFS4_OK);
		}

		/* Check for duplicate request */
		ASSERT(mtime != 0);
		va.va_mask = AT_MTIME;
		error = VOP_GETATTR(*vpp, &va, 0, cr);
		if (!error) {
			/* We found the file */
			if (va.va_mtime.tv_sec != mtime->tv_sec ||
			    va.va_mtime.tv_nsec != mtime->tv_nsec) {
				/* but its not our creation */
				VN_RELE(*vpp);
				return (NFS4ERR_EXIST);
			}
			*created = TRUE; /* retrans of create == created */
			return (NFS4_OK);
		}
		VN_RELE(*vpp);
		return (NFS4ERR_EXIST);
	}

	return (NFS4_OK);
}

static nfsstat4
check_open_access(uint32_t access,
		struct compound_state *cs, struct svc_req *req)
{
	int error;
	vnode_t *vp;
	bool_t readonly;
	cred_t *cr = cs->cr;

	/* For now we don't allow mandatory locking as per V2/V3 */
	if (cs->access == CS_ACCESS_DENIED || cs->mandlock) {
		return (NFS4ERR_ACCESS);
	}

	vp = cs->vp;
	ASSERT(cr != NULL && vp->v_type == VREG);

	/*
	 * If the file system is exported read only and we are trying
	 * to open for write, then return NFS4ERR_ROFS
	 */

	readonly = rdonly4(cs->exi, cs->vp, req);

	if ((access & OPEN4_SHARE_ACCESS_WRITE) && readonly)
		return (NFS4ERR_ROFS);

	if (access & OPEN4_SHARE_ACCESS_READ) {
		if ((VOP_ACCESS(vp, VREAD, 0, cr) != 0) &&
		    (VOP_ACCESS(vp, VEXEC, 0, cr) != 0)) {
			return (NFS4ERR_ACCESS);
		}
	}

	if (access & OPEN4_SHARE_ACCESS_WRITE) {
		error = VOP_ACCESS(vp, VWRITE, 0, cr);
		if (error)
			return (NFS4ERR_ACCESS);
	}

	return (NFS4_OK);
}

static nfsstat4
rfs4_createfile(OPEN4args *args, struct svc_req *req, struct compound_state *cs,
		change_info4 *cinfo, bitmap4 *attrset, clientid4 clientid)
{
	struct nfs4_svgetit_arg sarg;
	struct nfs4_ntov_table ntov;

	bool_t ntov_table_init = FALSE;
	struct statvfs64 sb;
	nfsstat4 status;
	vnode_t *vp;
	vattr_t bva, ava, iva, cva, *vap;
	vnode_t *dvp;
	timespec32_t *mtime;
	char *nm = NULL;
	uint_t buflen;
	bool_t created;
	bool_t setsize = FALSE;
	len_t reqsize;
	int error;
	bool_t trunc;
	caller_context_t ct;
	component4 *component;

	sarg.sbp = &sb;

	dvp = cs->vp;

	/* Check if the file system is read only */
	if (rdonly4(cs->exi, dvp, req))
		return (NFS4ERR_ROFS);

	/*
	 * Get the last component of path name in nm. cs will reference
	 * the including directory on success.
	 */
	component = &args->open_claim4_u.file;
	if (!utf8_dir_verify(component))
		return (NFS4ERR_INVAL);

	nm = utf8_to_fn(component, &buflen, NULL);

	if (nm == NULL)
		return (NFS4ERR_RESOURCE);

	if (buflen > MAXNAMELEN) {
		kmem_free(nm, buflen);
		return (NFS4ERR_NAMETOOLONG);
	}

	bva.va_mask = AT_TYPE|AT_CTIME|AT_SEQ;
	error = VOP_GETATTR(dvp, &bva, 0, cs->cr);
	if (error) {
		kmem_free(nm, buflen);
		return (puterrno4(error));
	}

	if (bva.va_type != VDIR) {
		kmem_free(nm, buflen);
		return (NFS4ERR_NOTDIR);
	}

	NFS4_SET_FATTR4_CHANGE(cinfo->before, bva.va_ctime)

	switch (args->mode) {
	case GUARDED4:
		/*FALLTHROUGH*/
	case UNCHECKED4:
		nfs4_ntov_table_init(&ntov);
		ntov_table_init = TRUE;

		*attrset = 0;
		status = do_rfs4_set_attrs(attrset,
					&args->createhow4_u.createattrs,
					cs, &sarg, &ntov, NFS4ATTR_SETIT);

		if (status == NFS4_OK && (sarg.vap->va_mask & AT_TYPE) &&
		    sarg.vap->va_type != VREG) {
			if (sarg.vap->va_type == VDIR)
				status = NFS4ERR_ISDIR;
			else if (sarg.vap->va_type == VLNK)
				status = NFS4ERR_SYMLINK;
			else
				status = NFS4ERR_INVAL;
		}

		if (status != NFS4_OK) {
			kmem_free(nm, buflen);
			nfs4_ntov_table_free(&ntov, &sarg);
			*attrset = 0;
			return (status);
		}

		vap = sarg.vap;
		vap->va_type = VREG;
		vap->va_mask |= AT_TYPE;

		if ((vap->va_mask & AT_MODE) == 0) {
			vap->va_mask |= AT_MODE;
			vap->va_mode = (mode_t)0600;
		}

		if (vap->va_mask & AT_SIZE) {

			/* Disallow create with a non-zero size */

			if ((reqsize = sarg.vap->va_size) != 0) {
				kmem_free(nm, buflen);
				nfs4_ntov_table_free(&ntov, &sarg);
				*attrset = 0;
				return (NFS4ERR_INVAL);
			}
			setsize = TRUE;
		}
		break;

	case EXCLUSIVE4:
		/* prohibit EXCL create of named attributes */
		if (dvp->v_flag & V_XATTRDIR) {
			kmem_free(nm, buflen);
			*attrset = 0;
			return (NFS4ERR_INVAL);
		}

		cva.va_mask = AT_TYPE | AT_MTIME | AT_MODE;
		cva.va_type = VREG;
		/*
		 * Ensure no time overflows. Assumes underlying
		 * filesystem supports at least 32 bits.
		 * Truncate nsec to usec resolution to allow valid
		 * compares even if the underlying filesystem truncates.
		 */
		mtime = (timespec32_t *)&args->createhow4_u.createverf;
		cva.va_mtime.tv_sec = mtime->tv_sec % TIME32_MAX;
		cva.va_mtime.tv_nsec = (mtime->tv_nsec / 1000) * 1000;
		cva.va_mode = (mode_t)0;
		vap = &cva;
		break;
	}

	status = create_vnode(dvp, nm, vap, args->mode, mtime,
						cs->cr, &vp, &created);
	kmem_free(nm, buflen);

	if (status != NFS4_OK) {
		if (ntov_table_init)
			nfs4_ntov_table_free(&ntov, &sarg);
		*attrset = 0;
		return (status);
	}

	trunc = (setsize && !created);

	if (args->mode != EXCLUSIVE4) {
		bitmap4 createmask = args->createhow4_u.createattrs.attrmask;

		/*
		 * True verification that object was created with correct
		 * attrs is impossible.  The attrs could have been changed
		 * immediately after object creation.  If attributes did
		 * not verify, the only recourse for the server is to
		 * destroy the object.  Maybe if some attrs (like gid)
		 * are set incorrectly, the object should be destroyed;
		 * however, seems bad as a default policy.  Do we really
		 * want to destroy an object over one of the times not
		 * verifying correctly?  For these reasons, the server
		 * currently sets bits in attrset for createattrs
		 * that were set; however, no verification is done.
		 *
		 * vmask_to_nmask accounts for vattr bits set on create
		 *	[do_rfs4_set_attrs() only sets resp bits for
		 *	 non-vattr/vfs bits.]
		 * Mask off any bits we set by default so as not to return
		 * more attrset bits than were requested in createattrs
		 */
		if (created) {
			nfs4_vmask_to_nmask(sarg.vap->va_mask, attrset);
			*attrset &= createmask;
		} else {
			/*
			 * We did not create the vnode (we tried but it
			 * already existed).  In this case, the only createattr
			 * that the spec allows the server to set is size,
			 * and even then, it can only be set if it is 0.
			 */
			*attrset = 0;
			if (trunc)
				*attrset = FATTR4_SIZE_MASK;
		}
	}
	if (ntov_table_init)
		nfs4_ntov_table_free(&ntov, &sarg);

	/*
	 * Get the initial "after" sequence number, if it fails,
	 * set to zero, time to before.
	 */
	iva.va_mask = AT_CTIME|AT_SEQ;
	if (VOP_GETATTR(dvp, &iva, 0, cs->cr)) {
		iva.va_seq = 0;
		iva.va_ctime = bva.va_ctime;
	}

	/*
	 * create_vnode attempts to create the file exclusive,
	 * if it already exists the VOP_CREATE will fail and
	 * may not increase va_seq. It is atomic if
	 * we haven't changed the directory, but if it has changed
	 * we don't know what changed it.
	 */
	if (!created) {
		if (bva.va_seq && iva.va_seq &&
			bva.va_seq == iva.va_seq)
			cinfo->atomic = TRUE;
		else
			cinfo->atomic = FALSE;
		NFS4_SET_FATTR4_CHANGE(cinfo->after, iva.va_ctime);
	} else {
		/*
		 * The entry was created, we need to sync the
		 * directory metadata.
		 */
		(void) VOP_FSYNC(dvp, 0, cs->cr);

		/*
		 * Get "after" change value, if it fails, simply return the
		 * before value.
		 */
		ava.va_mask = AT_CTIME|AT_SEQ;
		if (VOP_GETATTR(dvp, &ava, 0, cs->cr)) {
			ava.va_ctime = bva.va_ctime;
			ava.va_seq = 0;
		}

		NFS4_SET_FATTR4_CHANGE(cinfo->after, ava.va_ctime);

		/*
		 * The cinfo->atomic = TRUE only if we have
		 * non-zero va_seq's, and it has incremented by exactly one
		 * during the create_vnode and it didn't
		 * change during the VOP_FSYNC.
		 */
		if (bva.va_seq && iva.va_seq && ava.va_seq &&
				iva.va_seq == (bva.va_seq + 1) &&
				iva.va_seq == ava.va_seq)
			cinfo->atomic = TRUE;
		else
			cinfo->atomic = FALSE;
	}

	/* Check for mandatory locking and that the size gets set. */
	cva.va_mask = AT_MODE;
	if (setsize)
		cva.va_mask |= AT_SIZE;

	/* Assume the worst */
	cs->mandlock = TRUE;

	if (VOP_GETATTR(vp, &cva, 0, cs->cr) == 0) {
		cs->mandlock = MANDLOCK(cs->vp, cva.va_mode);

		/*
		 * Truncate the file if necessary; this would be
		 * the case for create over an existing file.
		 */

		if (trunc) {
			int in_crit = 0;
			rfs4_file_t *fp;
			bool_t create = FALSE;

			/*
			 * We are writing over an existing file.
			 * Check to see if we need to recall a delegation.
			 */
			rfs4_hold_deleg_policy();
			if ((fp = rfs4_findfile(vp, NULL, &create)) != NULL) {
				if (rfs4_check_delegated_byfp(FWRITE, fp,
					(reqsize == 0), FALSE, FALSE,
							&clientid)) {

					rfs4_file_rele(fp);
					rfs4_rele_deleg_policy();
					VN_RELE(vp);
					*attrset = 0;
					return (NFS4ERR_DELAY);
				}
				rfs4_file_rele(fp);
			}
			rfs4_rele_deleg_policy();

			if (nbl_need_check(vp)) {
				in_crit = 1;

				ASSERT(reqsize == 0);

				nbl_start_crit(vp, RW_READER);
				if (nbl_conflict(vp, NBL_WRITE, 0,
						cva.va_size, 0)) {
					in_crit = 0;
					nbl_end_crit(vp);
					VN_RELE(vp);
					*attrset = 0;
					return (NFS4ERR_ACCESS);
				}
			}
			ct.cc_sysid = 0;
			ct.cc_pid = 0;
			ct.cc_caller_id = nfs4_srv_caller_id;

			cva.va_mask = AT_SIZE;
			cva.va_size = reqsize;
			(void) VOP_SETATTR(vp, &cva, 0, cs->cr, &ct);
			if (in_crit)
				nbl_end_crit(vp);
		}
	}

	error = makefh4(&cs->fh, vp, cs->exi);

	/*
	 * Force modified data and metadata out to stable storage.
	 */
	(void) VOP_FSYNC(vp, FNODSYNC, cs->cr);

	if (error) {
		VN_RELE(vp);
		*attrset = 0;
		return (puterrno4(error));
	}

	/* if parent dir is attrdir, set namedattr fh flag */
	if (dvp->v_flag & V_XATTRDIR)
		set_fh4_flag(&cs->fh, FH4_NAMEDATTR);

	if (cs->vp)
		VN_RELE(cs->vp);

	cs->vp = vp;

	/*
	 * if we did not create the file, we will need to check
	 * the access bits on the file
	 */

	if (!created) {
		if (setsize)
			args->share_access |= OPEN4_SHARE_ACCESS_WRITE;
		status = check_open_access(args->share_access, cs, req);
		if (status != NFS4_OK)
			*attrset = 0;
	}
	return (status);
}

/*ARGSUSED*/
static void
rfs4_do_open(struct compound_state *cs, struct svc_req *req,
		rfs4_openowner_t *oo, delegreq_t deleg,
		uint32_t access, uint32_t deny,
		OPEN4res *resp)
{
	/* XXX Currently not using req  */
	rfs4_state_t *state;
	rfs4_file_t *file;
	bool_t screate = TRUE;
	bool_t fcreate = TRUE;
	uint32_t amodes;
	uint32_t dmodes;
	rfs4_deleg_state_t *dsp;
	struct shrlock shr;
	struct shr_locowner shr_loco;
	sysid_t sysid;
	nfsstat4 status;
	int fflags = 0;
	int recall = 0;
	int err;

	/* get the file struct and hold a lock on it during initial open */
	file = rfs4_findfile_withlock(cs->vp, &cs->fh, &fcreate);
	if (file == NULL) {
		NFS4_DEBUG(rfs4_debug,
			(CE_NOTE, "rfs4_do_open: can't find file"));
		resp->status = NFS4ERR_SERVERFAULT;
		return;
	}

	state = rfs4_findstate_by_owner_file(oo, file, &screate);
	if (state == NULL) {
		NFS4_DEBUG(rfs4_debug,
			(CE_NOTE, "rfs4_do_open: can't find state"));
		resp->status = NFS4ERR_RESOURCE;
		/* No need to keep any reference */
		rfs4_file_rele_withunlock(file);
		return;
	}

	/*
	 * Check for conflicts in deny and access before checking for
	 * conflicts in delegation.  We don't want to recall a
	 * delegation based on an open that will eventually fail based
	 * on shares modes.
	 */

	shr.s_access = (short)access;
	shr.s_deny = (short)deny;
	shr.s_pid = rfs4_dbe_getid(oo->dbe);

	if ((status = rfs4_client_sysid(oo->client, &sysid)) != NFS4_OK) {
		resp->status = status;
		rfs4_file_rele(file);
		/* Not a fully formed open; "close" it */
		if (screate == TRUE)
			rfs4_state_close(state, FALSE, FALSE, cs->cr);
		rfs4_state_rele(state);
		return;
	}
	shr.s_sysid = sysid;
	shr_loco.sl_pid = shr.s_pid;
	shr_loco.sl_id = shr.s_sysid;
	shr.s_owner = (caddr_t)&shr_loco;
	shr.s_own_len = sizeof (shr_loco);

	fflags = 0;
	if (access & OPEN4_SHARE_ACCESS_READ)
		fflags |= FREAD;
	if (access & OPEN4_SHARE_ACCESS_WRITE)
		fflags |= FWRITE;

	if ((err = vop_shrlock(cs->vp, F_SHARE, &shr, fflags)) != 0) {

		resp->status = err == EAGAIN ?
			NFS4ERR_SHARE_DENIED : puterrno4(err);

		rfs4_file_rele(file);
		/* Not a fully formed open; "close" it */
		if (screate == TRUE)
			rfs4_state_close(state, FALSE, FALSE, cs->cr);
		rfs4_state_rele(state);
		return;
	}

	rfs4_dbe_lock(state->dbe);
	rfs4_dbe_lock(file->dbe);

	/*
	 * Calculate the new deny and access mode that this open is adding to
	 * the file for this open owner;
	 */
	dmodes = (deny & ~state->share_deny);
	amodes = (access & ~state->share_access);

	/*
	 * Check to see if this file is delegated and if so, if a
	 * recall needs to be done.
	 */
	if (rfs4_check_recall(state, access)) {
		rfs4_dbe_unlock(file->dbe);
		rfs4_dbe_unlock(state->dbe);
		rfs4_recall_deleg(file, FALSE, state->owner->client);
		delay(NFS4_DELEGATION_CONFLICT_DELAY);
		rfs4_dbe_lock(state->dbe);
		rfs4_dbe_lock(file->dbe);
		/* Let's see if the delegation was returned */
		if (rfs4_check_recall(state, access)) {
			rfs4_dbe_unlock(file->dbe);
			rfs4_dbe_unlock(state->dbe);
			rfs4_file_rele(file);
			rfs4_update_lease(state->owner->client);
			/* recalculate flags to match what was added */
			fflags = 0;
			if (amodes & OPEN4_SHARE_ACCESS_READ)
				fflags |= FREAD;
			if (amodes & OPEN4_SHARE_ACCESS_WRITE)
				fflags |= FWRITE;
			(void) vop_shrlock(cs->vp, F_UNSHARE, &shr, fflags);
			/* Not a fully formed open; "close" it */
			if (screate == TRUE)
				rfs4_state_close(state, FALSE, FALSE, cs->cr);
			rfs4_state_rele(state);
			resp->status = NFS4ERR_DELAY;
			return;
		}
	}

	if (dmodes & OPEN4_SHARE_DENY_READ)
		file->deny_read++;
	if (dmodes & OPEN4_SHARE_DENY_WRITE)
		file->deny_write++;
	file->share_deny |= deny;
	state->share_deny |= deny;

	if (amodes & OPEN4_SHARE_ACCESS_READ)
		file->access_read++;
	if (amodes & OPEN4_SHARE_ACCESS_WRITE)
		file->access_write++;
	file->share_access |= access;
	state->share_access |= access;

	/*
	 * Check for delegation here. if the deleg argument is not
	 * DELEG_ANY, then this is a reclaim from a client and
	 * we must honor the delegation requested. If necessary we can
	 * set the recall flag.
	 */

	dsp = rfs4_grant_delegation(deleg, state, &recall);

	cs->deleg = (file->dinfo->dtype == OPEN_DELEGATE_WRITE);

	next_stateid(&state->stateid);

	resp->stateid = state->stateid.stateid;

	rfs4_dbe_unlock(file->dbe);
	rfs4_dbe_unlock(state->dbe);

	if (dsp) {
		rfs4_set_deleg_response(dsp, &resp->delegation, NULL, recall);
		rfs4_deleg_state_rele(dsp);
	}

	rfs4_file_rele(file);
	rfs4_state_rele(state);

	resp->status = NFS4_OK;
}

/*ARGSUSED*/
static void
rfs4_do_opennull(struct compound_state *cs, struct svc_req *req,
		OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp)
{
	change_info4 *cinfo = &resp->cinfo;
	bitmap4 *attrset = &resp->attrset;

	if (args->opentype == OPEN4_NOCREATE)
		resp->status = rfs4_lookupfile(&args->open_claim4_u.file,
					req, cs, args->share_access, cinfo);
	else {
		/* inhibit delegation grants during exclusive create */

		if (args->mode == EXCLUSIVE4)
			rfs4_disable_delegation();

		resp->status = rfs4_createfile(args, req, cs, cinfo, attrset,
					oo->client->clientid);
	}

	if (resp->status == NFS4_OK) {

		/* cs->vp cs->fh now reference the desired file */

		rfs4_do_open(cs, req, oo, DELEG_ANY, args->share_access,
						args->share_deny, resp);

		/*
		 * If rfs4_createfile set attrset, we must
		 * clear this attrset before the response is copied.
		 */
		if (resp->status != NFS4_OK && resp->attrset) {
			resp->attrset = 0;
		}
	}
	else
		*cs->statusp = resp->status;

	if (args->mode == EXCLUSIVE4)
		rfs4_enable_delegation();
}

/*ARGSUSED*/
static void
rfs4_do_openprev(struct compound_state *cs, struct svc_req *req,
		OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp)
{
	change_info4 *cinfo = &resp->cinfo;
	vattr_t va;
	vtype_t v_type = cs->vp->v_type;
	int error = 0;

	/* Verify that we have a regular file */
	if (v_type != VREG) {
		if (v_type == VDIR)
			resp->status = NFS4ERR_ISDIR;
		else if (v_type == VLNK)
			resp->status = NFS4ERR_SYMLINK;
		else
			resp->status = NFS4ERR_INVAL;
		return;
	}

	va.va_mask = AT_MODE|AT_UID;
	error = VOP_GETATTR(cs->vp, &va, 0, cs->cr);
	if (error) {
		resp->status = puterrno4(error);
		return;
	}

	cs->mandlock = MANDLOCK(cs->vp, va.va_mode);

	/*
	 * Check if we have access to the file, Note the the file
	 * could have originally been open UNCHECKED or GUARDED
	 * with mode bits that will now fail, but there is nothing
	 * we can really do about that except in the case that the
	 * owner of the file is the one requesting the open.
	 */
	if (crgetuid(cs->cr) != va.va_uid) {
		resp->status = check_open_access(args->share_access, cs, req);
		if (resp->status != NFS4_OK) {
			return;
		}
	}

	/*
	 * cinfo on a CLAIM_PREVIOUS is undefined, initialize to zero
	 */
	cinfo->before = 0;
	cinfo->after = 0;
	cinfo->atomic = FALSE;

	rfs4_do_open(cs, req, oo,
		NFS4_DELEG4TYPE2REQTYPE(args->open_claim4_u.delegate_type),
		args->share_access, args->share_deny, resp);
}

static void
rfs4_do_opendelcur(struct compound_state *cs, struct svc_req *req,
		OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp)
{
	int error;
	nfsstat4 status;
	stateid4 stateid =
			args->open_claim4_u.delegate_cur_info.delegate_stateid;
	rfs4_deleg_state_t *dsp;

	/*
	 * Find the state info from the stateid and confirm that the
	 * file is delegated.  If the state openowner is the same as
	 * the supplied openowner we're done. If not, get the file
	 * info from the found state info. Use that file info to
	 * create the state for this lock owner. Note solaris doen't
	 * really need the pathname to find the file. We may want to
	 * lookup the pathname and make sure that the vp exist and
	 * matches the vp in the file structure. However it is
	 * possible that the pathname nolonger exists (local process
	 * unlinks the file), so this may not be that useful.
	 */

	status = rfs4_get_deleg_state(&stateid, &dsp);
	if (status != NFS4_OK) {
		resp->status = status;
		return;
	}

	ASSERT(dsp->finfo->dinfo->dtype != OPEN_DELEGATE_NONE);

	/*
	 * New lock owner, create state. Since this was probably called
	 * in response to a CB_RECALL we set deleg to DELEG_NONE
	 */

	ASSERT(cs->vp != NULL);
	VN_RELE(cs->vp);
	VN_HOLD(dsp->finfo->vp);
	cs->vp = dsp->finfo->vp;

	if (error = makefh4(&cs->fh, cs->vp, cs->exi)) {
		rfs4_deleg_state_rele(dsp);
		*cs->statusp = resp->status = puterrno4(error);
		return;
	}

	/* Mark progress for delegation returns */
	dsp->finfo->dinfo->time_lastwrite = gethrestime_sec();
	rfs4_deleg_state_rele(dsp);
	rfs4_do_open(cs, req, oo, DELEG_NONE,
				args->share_access, args->share_deny, resp);
}

/*ARGSUSED*/
static void
rfs4_do_opendelprev(struct compound_state *cs, struct svc_req *req,
			OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp)
{
	/*
	 * Lookup the pathname, it must already exist since this file
	 * was delegated.
	 *
	 * Find the file and state info for this vp and open owner pair.
	 *	check that they are in fact delegated.
	 *	check that the state access and deny modes are the same.
	 *
	 * Return the delgation possibly seting the recall flag.
	 */
	rfs4_file_t *file;
	rfs4_state_t *state;
	bool_t create = FALSE;
	bool_t dcreate = FALSE;
	rfs4_deleg_state_t *dsp;
	nfsace4 *ace;


	/* Note we ignore oflags */
	resp->status = rfs4_lookupfile(&args->open_claim4_u.file_delegate_prev,
				req, cs, args->share_access, &resp->cinfo);

	if (resp->status != NFS4_OK) {
		return;
	}

	/* get the file struct and hold a lock on it during initial open */
	file = rfs4_findfile_withlock(cs->vp, NULL, &create);
	if (file == NULL) {
		NFS4_DEBUG(rfs4_debug,
			(CE_NOTE, "rfs4_do_opendelprev: can't find file"));
		resp->status = NFS4ERR_SERVERFAULT;
		return;
	}

	state = rfs4_findstate_by_owner_file(oo, file, &create);
	if (state == NULL) {
		NFS4_DEBUG(rfs4_debug,
			(CE_NOTE, "rfs4_do_opendelprev: can't find state"));
		resp->status = NFS4ERR_SERVERFAULT;
		rfs4_file_rele_withunlock(file);
		return;
	}

	rfs4_dbe_lock(state->dbe);
	rfs4_dbe_lock(file->dbe);
	if (args->share_access != state->share_access ||
			args->share_deny != state->share_deny ||
			state->finfo->dinfo->dtype == OPEN_DELEGATE_NONE) {
		NFS4_DEBUG(rfs4_debug,
			(CE_NOTE, "rfs4_do_opendelprev: state mixup"));
		rfs4_dbe_unlock(file->dbe);
		rfs4_dbe_unlock(state->dbe);
		rfs4_file_rele(file);
		rfs4_state_rele(state);
		resp->status = NFS4ERR_SERVERFAULT;
		return;
	}
	rfs4_dbe_unlock(file->dbe);
	rfs4_dbe_unlock(state->dbe);

	dsp = rfs4_finddeleg(state, &dcreate);
	if (dsp == NULL) {
		rfs4_state_rele(state);
		rfs4_file_rele(file);
		resp->status = NFS4ERR_SERVERFAULT;
		return;
	}

	next_stateid(&state->stateid);

	resp->stateid = state->stateid.stateid;

	resp->delegation.delegation_type = dsp->dtype;

	if (dsp->dtype == OPEN_DELEGATE_READ) {
		open_read_delegation4 *rv =
			&resp->delegation.open_delegation4_u.read;

		rv->stateid = dsp->delegid.stateid;
		rv->recall = FALSE; /* no policy in place to set to TRUE */
		ace = &rv->permissions;
	} else {
		open_write_delegation4 *rv =
			&resp->delegation.open_delegation4_u.write;

		rv->stateid = dsp->delegid.stateid;
		rv->recall = FALSE;  /* no policy in place to set to TRUE */
		ace = &rv->permissions;
		rv->space_limit.limitby = NFS_LIMIT_SIZE;
		rv->space_limit.nfs_space_limit4_u.filesize = UINT64_MAX;
	}

	/* XXX For now */
	ace->type = ACE4_ACCESS_ALLOWED_ACE_TYPE;
	ace->flag = 0;
	ace->access_mask = 0;
	ace->who.utf8string_len = 0;
	ace->who.utf8string_val = 0;

	rfs4_deleg_state_rele(dsp);
	rfs4_state_rele(state);
	rfs4_file_rele(file);
}

typedef enum {
	NFS4_CHKSEQ_OKAY = 0,
	NFS4_CHKSEQ_REPLAY = 1,
	NFS4_CHKSEQ_BAD = 2
} rfs4_chkseq_t;

/*
 * Generic function for sequence number checks.
 */
static rfs4_chkseq_t
rfs4_check_seqid(seqid4 seqid, nfs_resop4 *lastop,
		seqid4 rqst_seq, nfs_resop4 *resop, bool_t copyres)
{
	/* Same sequence ids and matching operations? */
	if (seqid == rqst_seq && resop->resop == lastop->resop) {
		if (copyres == TRUE) {
			rfs4_free_reply(resop);
			rfs4_copy_reply(resop, lastop);
		}
		NFS4_DEBUG(rfs4_debug, (CE_NOTE,
			"Replayed SEQID %d\n", seqid));
		return (NFS4_CHKSEQ_REPLAY);
	}

	/* If the incoming sequence is not the next expected then it is bad */
	if (rqst_seq != seqid + 1) {
		if (rqst_seq == seqid) {
			NFS4_DEBUG(rfs4_debug,
				(CE_NOTE, "BAD SEQID: Replayed sequence id "
				"but last op was %d current op is %d\n",
				lastop->resop, resop->resop));
			return (NFS4_CHKSEQ_BAD);
		}
		NFS4_DEBUG(rfs4_debug,
			(CE_NOTE, "BAD SEQID: got %u expecting %u\n",
				rqst_seq, seqid));
		return (NFS4_CHKSEQ_BAD);
	}

	/* Everything okay -- next expected */
	return (NFS4_CHKSEQ_OKAY);
}


static rfs4_chkseq_t
rfs4_check_open_seqid(seqid4 seqid, rfs4_openowner_t *op, nfs_resop4 *resop)
{
	rfs4_chkseq_t rc;

	rfs4_dbe_lock(op->dbe);
	rc = rfs4_check_seqid(op->open_seqid, op->reply, seqid, resop, TRUE);
	rfs4_dbe_unlock(op->dbe);

	if (rc == NFS4_CHKSEQ_OKAY)
		rfs4_update_lease(op->client);

	return (rc);
}

static rfs4_chkseq_t
rfs4_check_olo_seqid(seqid4 olo_seqid, rfs4_openowner_t *op,
	nfs_resop4 *resop)
{
	rfs4_chkseq_t rc;

	rfs4_dbe_lock(op->dbe);
	rc = rfs4_check_seqid(op->open_seqid, op->reply,
		olo_seqid, resop, FALSE);
	rfs4_dbe_unlock(op->dbe);

	return (rc);
}

static rfs4_chkseq_t
rfs4_check_lock_seqid(seqid4 seqid, rfs4_lo_state_t *lp, nfs_resop4 *resop)
{
	rfs4_chkseq_t rc = NFS4_CHKSEQ_OKAY;

	rfs4_dbe_lock(lp->dbe);
	if (!lp->skip_seqid_check)
		rc = rfs4_check_seqid(lp->seqid, lp->reply,
			seqid, resop, TRUE);
	rfs4_dbe_unlock(lp->dbe);

	return (rc);
}

static void
rfs4_op_open(nfs_argop4 *argop, nfs_resop4 *resop,
	    struct svc_req *req, struct compound_state *cs)
{
	OPEN4args *args = &argop->nfs_argop4_u.opopen;
	OPEN4res *resp = &resop->nfs_resop4_u.opopen;
	open_owner4 *owner = &args->owner;
	open_claim_type4 claim = args->claim;
	rfs4_client_t *cp;
	rfs4_openowner_t *oo;
	bool_t create;
	bool_t replay = FALSE;
	int can_reclaim;


	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	/*
	 * Need to check clientid and lease expiration first based on
	 * error ordering and incrementing sequence id.
	 */
	cp = rfs4_findclient_by_id(owner->clientid, FALSE);
	if (cp == NULL) {
		*cs->statusp = resp->status =
			rfs4_check_clientid(&owner->clientid, 0);
		return;
	}

	if (rfs4_lease_expired(cp)) {
		rfs4_client_close(cp);
		*cs->statusp = resp->status = NFS4ERR_EXPIRED;
		return;
	}
	can_reclaim = cp->can_reclaim;

	/*
	 * Find the open_owner for use from this point forward.  Take
	 * care in updating the sequence id based on the type of error
	 * being returned.
	 */
retry:
	create = TRUE;
	oo = rfs4_findopenowner(owner, &create, args->seqid);
	if (oo == NULL) {
		*cs->statusp = resp->status = NFS4ERR_STALE_CLIENTID;
		rfs4_client_rele(cp);
		return;
	}

	/* Hold off access to the sequence space while the open is done */
	rfs4_sw_enter(&oo->oo_sw);

	/*
	 * If the open_owner existed before at the server, then check
	 * the sequence id.
	 */
	if (!create && !oo->postpone_confirm) {
		switch (rfs4_check_open_seqid(args->seqid, oo, resop)) {
		case NFS4_CHKSEQ_BAD:
			if ((args->seqid > oo->open_seqid) &&
				oo->need_confirm) {
				rfs4_free_opens(oo, TRUE, FALSE);
				rfs4_sw_exit(&oo->oo_sw);
				rfs4_openowner_rele(oo);
				goto retry;
			}
			resp->status = NFS4ERR_BAD_SEQID;
			goto out;
		case NFS4_CHKSEQ_REPLAY: /* replay of previous request */
			replay = TRUE;
			goto out;
		default:
			break;
		}

		/*
		 * Sequence was ok and open owner exists
		 * check to see if we have yet to see an
		 * open_confirm.
		 */
		if (oo->need_confirm) {
			rfs4_free_opens(oo, TRUE, FALSE);
			rfs4_sw_exit(&oo->oo_sw);
			rfs4_openowner_rele(oo);
			goto retry;
		}
	}
	/* Grace only applies to regular-type OPENs */
	if (rfs4_clnt_in_grace(cp) &&
	    (claim == CLAIM_NULL || claim == CLAIM_DELEGATE_CUR)) {
		*cs->statusp = resp->status = NFS4ERR_GRACE;
		goto out;
	}

	/*
	 * If previous state at the server existed then can_reclaim
	 * will be set. If not reply NFS4ERR_NO_GRACE to the
	 * client.
	 */
	if (rfs4_clnt_in_grace(cp) && claim == CLAIM_PREVIOUS && !can_reclaim) {
		*cs->statusp = resp->status = NFS4ERR_NO_GRACE;
		goto out;
	}


	/*
	 * Reject the open if the client has missed the grace period
	 */
	if (!rfs4_clnt_in_grace(cp) && claim == CLAIM_PREVIOUS) {
		*cs->statusp = resp->status = NFS4ERR_NO_GRACE;
		goto out;
	}

	/* Couple of up-front bookkeeping items */
	if (oo->need_confirm) {
		/*
		 * If this is a reclaim OPEN then we should not ask
		 * for a confirmation of the open_owner per the
		 * protocol specification.
		 */
		if (claim == CLAIM_PREVIOUS)
			oo->need_confirm = FALSE;
		else
			resp->rflags |= OPEN4_RESULT_CONFIRM;
	}
	resp->rflags |= OPEN4_RESULT_LOCKTYPE_POSIX;

	/*
	 * If there is an unshared filesystem mounted on this vnode,
	 * do not allow to open/create in this directory.
	 */
	if (vn_ismntpt(cs->vp)) {
		*cs->statusp = resp->status = NFS4ERR_ACCESS;
		goto out;
	}

	/*
	 * access must READ, WRITE, or BOTH.  No access is invalid.
	 * deny can be READ, WRITE, BOTH, or NONE.
	 * bits not defined for access/deny are invalid.
	 */
	if (! (args->share_access & OPEN4_SHARE_ACCESS_BOTH) ||
	    (args->share_access & ~OPEN4_SHARE_ACCESS_BOTH) ||
	    (args->share_deny & ~OPEN4_SHARE_DENY_BOTH)) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		goto out;
	}


	/*
	 * make sure attrset is zero before response is built.
	 */
	resp->attrset = 0;

	switch (claim) {
	case CLAIM_NULL:
		rfs4_do_opennull(cs, req, args, oo, resp);
	    break;
	case CLAIM_PREVIOUS:
		rfs4_do_openprev(cs, req, args, oo, resp);
	    break;
	case CLAIM_DELEGATE_CUR:
		rfs4_do_opendelcur(cs, req, args, oo, resp);
	    break;
	case CLAIM_DELEGATE_PREV:
		rfs4_do_opendelprev(cs, req, args, oo, resp);
	    break;
	default:
		resp->status = NFS4ERR_INVAL;
		break;
	}

out:
	rfs4_client_rele(cp);

	/* Catch sequence id handling here to make it a little easier */
	switch (resp->status) {
	case NFS4ERR_BADXDR:
	case NFS4ERR_BAD_SEQID:
	case NFS4ERR_BAD_STATEID:
	case NFS4ERR_NOFILEHANDLE:
	case NFS4ERR_RESOURCE:
	case NFS4ERR_STALE_CLIENTID:
	case NFS4ERR_STALE_STATEID:
		/*
		 * The protocol states that if any of these errors are
		 * being returned, the sequence id should not be
		 * incremented.  Any other return requires an
		 * increment.
		 */
		break;
	default:
		/* Always update the lease in this case */
		rfs4_update_lease(oo->client);

		/* Regular response - copy the result */
		if (!replay)
			rfs4_update_open_resp(oo, resop, &cs->fh);

		/*
		 * REPLAY case: Only if the previous response was OK
		 * do we copy the filehandle.  If not OK, no
		 * filehandle to copy.
		 */
		if (replay == TRUE &&
		    resp->status == NFS4_OK &&
		    oo->reply_fh.nfs_fh4_val) {
			/*
			 * If this is a replay, we must restore the
			 * current filehandle/vp to that of what was
			 * returned originally.  Try our best to do
			 * it.
			 */
			nfs_fh4_fmt_t *fh_fmtp =
				(nfs_fh4_fmt_t *)oo->reply_fh.nfs_fh4_val;

			cs->exi = checkexport4(&fh_fmtp->fh4_fsid,
				(fid_t *)&fh_fmtp->fh4_xlen, NULL);

			if (cs->exi == NULL) {
				resp->status = NFS4ERR_STALE;
				goto finish;
			}

			VN_RELE(cs->vp);

			cs->vp = nfs4_fhtovp(&oo->reply_fh, cs->exi,
				&resp->status);

			if (cs->vp == NULL)
				goto finish;

			nfs_fh4_copy(&oo->reply_fh, &cs->fh);
		}

		/*
		 * If this was a replay, no need to update the
		 * sequence id. If the open_owner was not created on
		 * this pass, then update.  The first use of an
		 * open_owner will not bump the sequence id.
		 */
		if (replay == FALSE && !create)
			rfs4_update_open_sequence(oo);
		/*
		 * If the client is receiving an error and the
		 * open_owner needs to be confirmed, there is no way
		 * to notify the client of this fact ignoring the fact
		 * that the server has no method of returning a
		 * stateid to confirm.  Therefore, the server needs to
		 * mark this open_owner in a way as to avoid the
		 * sequence id checking the next time the client uses
		 * this open_owner.
		 */
		if (resp->status != NFS4_OK && oo->need_confirm)
			oo->postpone_confirm = TRUE;
		/*
		 * If OK response then clear the postpone flag and
		 * reset the sequence id to keep in sync with the
		 * client.
		 */
		if (resp->status == NFS4_OK && oo->postpone_confirm) {
			oo->postpone_confirm = FALSE;
			oo->open_seqid = args->seqid;
		}
		break;
	}

finish:
	*cs->statusp = resp->status;

	rfs4_sw_exit(&oo->oo_sw);
	rfs4_openowner_rele(oo);
}

/*ARGSUSED*/
void
rfs4_op_open_confirm(nfs_argop4 *argop, nfs_resop4 *resop,
		    struct svc_req *req, struct compound_state *cs)
{
	OPEN_CONFIRM4args *args = &argop->nfs_argop4_u.opopen_confirm;
	OPEN_CONFIRM4res *resp = &resop->nfs_resop4_u.opopen_confirm;
	rfs4_state_t *sp;
	nfsstat4 status;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_VALID);
	if (status != NFS4_OK) {
		*cs->statusp = resp->status = status;
		return;
	}

	/* Ensure specified filehandle matches */
	if (cs->vp != sp->finfo->vp) {
		rfs4_state_rele(sp);
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		return;
	}

	/* hold off other access to open_owner while we tinker */
	rfs4_sw_enter(&sp->owner->oo_sw);

	switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) {
	case NFS4_CHECK_STATEID_OKAY:
		if (rfs4_check_open_seqid(args->seqid, sp->owner,
			resop) != 0) {
			*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			break;
		}
		/*
		 * If it is the appropriate stateid and determined to
		 * be "OKAY" then this means that the stateid does not
		 * need to be confirmed and the client is in error for
		 * sending an OPEN_CONFIRM.
		 */
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		break;
	case NFS4_CHECK_STATEID_OLD:
		*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
		break;
	case NFS4_CHECK_STATEID_BAD:
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		break;
	case NFS4_CHECK_STATEID_EXPIRED:
		*cs->statusp = resp->status = NFS4ERR_EXPIRED;
		break;
	case NFS4_CHECK_STATEID_CLOSED:
		*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
		break;
	case NFS4_CHECK_STATEID_REPLAY:
		switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) {
		case NFS4_CHKSEQ_OKAY:
			/*
			 * This is replayed stateid; if seqid matches
			 * next expected, then client is using wrong seqid.
			 */
			/* fall through */
		case NFS4_CHKSEQ_BAD:
			*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			break;
		case NFS4_CHKSEQ_REPLAY:
			/*
			 * Note this case is the duplicate case so
			 * resp->status is already set.
			 */
			*cs->statusp = resp->status;
			rfs4_update_lease(sp->owner->client);
			break;
		}
		break;
	case NFS4_CHECK_STATEID_UNCONFIRMED:
		if (rfs4_check_open_seqid(args->seqid, sp->owner,
			resop) != NFS4_CHKSEQ_OKAY) {
			*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			break;
		}
		*cs->statusp = resp->status = NFS4_OK;

		next_stateid(&sp->stateid);
		resp->open_stateid = sp->stateid.stateid;
		sp->owner->need_confirm = FALSE;
		rfs4_update_lease(sp->owner->client);
		rfs4_update_open_sequence(sp->owner);
		rfs4_update_open_resp(sp->owner, resop, NULL);
		break;
	default:
		ASSERT(FALSE);
		*cs->statusp = resp->status = NFS4ERR_SERVERFAULT;
		break;
	}
	rfs4_sw_exit(&sp->owner->oo_sw);
	rfs4_state_rele(sp);
}

/*ARGSUSED*/
void
rfs4_op_open_downgrade(nfs_argop4 *argop, nfs_resop4 *resop,
		    struct svc_req *req, struct compound_state *cs)
{
	OPEN_DOWNGRADE4args *args = &argop->nfs_argop4_u.opopen_downgrade;
	OPEN_DOWNGRADE4res *resp = &resop->nfs_resop4_u.opopen_downgrade;
	uint32_t access = args->share_access;
	uint32_t deny = args->share_deny;
	nfsstat4 status;
	rfs4_state_t *sp;
	rfs4_file_t *fp;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_VALID);
	if (status != NFS4_OK) {
		*cs->statusp = resp->status = status;
		return;
	}

	/* Ensure specified filehandle matches */
	if (cs->vp != sp->finfo->vp) {
		rfs4_state_rele(sp);
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		return;
	}

	/* hold off other access to open_owner while we tinker */
	rfs4_sw_enter(&sp->owner->oo_sw);

	switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) {
	case NFS4_CHECK_STATEID_OKAY:
		if (rfs4_check_open_seqid(args->seqid, sp->owner,
			resop) != NFS4_CHKSEQ_OKAY) {
			*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			goto end;
		}
		break;
	case NFS4_CHECK_STATEID_OLD:
		*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_BAD:
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_EXPIRED:
		*cs->statusp = resp->status = NFS4ERR_EXPIRED;
		goto end;
	case NFS4_CHECK_STATEID_CLOSED:
		*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_UNCONFIRMED:
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_REPLAY:
		/* Check the sequence id for the open owner */
		switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) {
		case NFS4_CHKSEQ_OKAY:
			/*
			 * This is replayed stateid; if seqid matches
			 * next expected, then client is using wrong seqid.
			 */
			/* fall through */
		case NFS4_CHKSEQ_BAD:
			*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			goto end;
		case NFS4_CHKSEQ_REPLAY:
			/*
			 * Note this case is the duplicate case so
			 * resp->status is already set.
			 */
			*cs->statusp = resp->status;
			rfs4_update_lease(sp->owner->client);
			goto end;
		}
		break;
	default:
		ASSERT(FALSE);
		break;
	}

	rfs4_dbe_lock(sp->dbe);
	/*
	 * Check that the new access modes and deny modes are valid.
	 * Check that no invalid bits are set.
	 */
	if ((access & ~(OPEN4_SHARE_ACCESS_READ | OPEN4_SHARE_ACCESS_WRITE)) ||
	    (deny & ~(OPEN4_SHARE_DENY_READ | OPEN4_SHARE_DENY_READ))) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		rfs4_update_open_sequence(sp->owner);
		rfs4_dbe_unlock(sp->dbe);
		goto end;
	}

	/*
	 * The new modes must be a subset of the current modes and
	 * the access must specify at least one mode. To test that
	 * the new mode is a subset of the current modes we bitwise
	 * AND them together and check that the result equals the new
	 * mode. For example:
	 * New mode, access == R and current mode, sp->share_access  == RW
	 * access & sp->share_access == R == access, so the new access mode
	 * is valid. Consider access == RW, sp->share_access = R
	 * access & sp->share_access == R != access, so the new access mode
	 * is invalid.
	 */
	if ((access & sp->share_access) != access ||
	    (deny & sp->share_deny) != deny ||
	    (access &
	    (OPEN4_SHARE_ACCESS_READ | OPEN4_SHARE_ACCESS_WRITE)) == 0) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		rfs4_update_open_sequence(sp->owner);
		rfs4_dbe_unlock(sp->dbe);
		goto end;
	}

	/*
	 * Release any share locks associated with this stateID.
	 * Strictly speaking, this violates the spec because the
	 * spec effectively requires that open downgrade be atomic.
	 * At present, fs_shrlock does not have this capability.
	 */
	rfs4_dbe_unlock(sp->dbe);
	rfs4_unshare(sp);
	rfs4_dbe_lock(sp->dbe);

	fp = sp->finfo;
	rfs4_dbe_lock(fp->dbe);

	/*
	 * If the current mode has deny read and the new mode
	 * does not, decrement the number of deny read mode bits
	 * and if it goes to zero turn off the deny read bit
	 * on the file.
	 */
	if ((sp->share_deny & OPEN4_SHARE_DENY_READ) &&
	    (deny & OPEN4_SHARE_DENY_READ) == 0) {
		fp->deny_read--;
		if (fp->deny_read == 0)
			fp->share_deny &= ~OPEN4_SHARE_DENY_READ;
	}

	/*
	 * If the current mode has deny write and the new mode
	 * does not, decrement the number of deny write mode bits
	 * and if it goes to zero turn off the deny write bit
	 * on the file.
	 */
	if ((sp->share_deny & OPEN4_SHARE_DENY_WRITE) &&
	    (deny & OPEN4_SHARE_DENY_WRITE) == 0) {
		fp->deny_write--;
		if (fp->deny_write == 0)
			fp->share_deny &= ~OPEN4_SHARE_DENY_WRITE;
	}

	/*
	 * If the current mode has access read and the new mode
	 * does not, decrement the number of access read mode bits
	 * and if it goes to zero turn off the access read bit
	 * on the file.
	 */
	if ((sp->share_access & OPEN4_SHARE_ACCESS_READ) &&
	    (access & OPEN4_SHARE_ACCESS_READ) == 0) {
		fp->access_read--;
		if (fp->access_read == 0)
			fp->share_access &= ~OPEN4_SHARE_ACCESS_READ;
	}

	/*
	 * If the current mode has access write and the new mode
	 * does not, decrement the number of access write mode bits
	 * and if it goes to zero turn off the access write bit
	 * on the file.
	 */
	if ((sp->share_access & OPEN4_SHARE_ACCESS_WRITE) &&
	    (access & OPEN4_SHARE_ACCESS_WRITE) == 0) {
		fp->access_write--;
		if (fp->access_write == 0)
			fp->share_deny &= ~OPEN4_SHARE_ACCESS_WRITE;
	}

	/* Set the new access and deny modes */
	sp->share_access = access;
	sp->share_deny = deny;
	/* Check that the file is still accessible */
	ASSERT(fp->share_access);

	rfs4_dbe_unlock(fp->dbe);

	rfs4_dbe_unlock(sp->dbe);
	if ((status = rfs4_share(sp)) != NFS4_OK) {
		*cs->statusp = resp->status = NFS4ERR_SERVERFAULT;
		rfs4_update_open_sequence(sp->owner);
		goto end;
	}

	rfs4_dbe_lock(sp->dbe);

	/* Update the stateid */
	next_stateid(&sp->stateid);
	resp->open_stateid = sp->stateid.stateid;

	rfs4_dbe_unlock(sp->dbe);

	*cs->statusp = resp->status = NFS4_OK;
	/* Update the lease */
	rfs4_update_lease(sp->owner->client);
	/* And the sequence */
	rfs4_update_open_sequence(sp->owner);
	rfs4_update_open_resp(sp->owner, resop, NULL);

end:
	rfs4_sw_exit(&sp->owner->oo_sw);
	rfs4_state_rele(sp);
}

/*
 * The logic behind this function is detailed in the NFSv4 RFC in the
 * SETCLIENTID operation description under IMPLEMENTATION.  Refer to
 * that section for explicit guidance to server behavior for
 * SETCLIENTID.
 */
void
rfs4_op_setclientid(nfs_argop4 *argop, nfs_resop4 *resop,
		    struct svc_req *req, struct compound_state *cs)
{
	SETCLIENTID4args *args = &argop->nfs_argop4_u.opsetclientid;
	SETCLIENTID4res *res = &resop->nfs_resop4_u.opsetclientid;
	rfs4_client_t *cp, *newcp, *cp_confirmed, *cp_unconfirmed;
	bool_t create = TRUE;
	char *addr, *netid;
	int len;

retry:
	newcp = cp_confirmed = cp_unconfirmed = NULL;

	/*
	 * In search of an EXISTING client matching the incoming
	 * request to establish a new client identifier at the server
	 */
	create = TRUE;
	cp = rfs4_findclient(&args->client, &create, NULL);

	/* Should never happen */
	ASSERT(cp != NULL);

	if (cp == NULL) {
		*cs->statusp = res->status = NFS4ERR_SERVERFAULT;
		return;
	}

	/*
	 * Easiest case. Client identifier is newly created and is
	 * unconfirmed.  Also note that for this case, no other
	 * entries exist for the client identifier.  Nothing else to
	 * check.  Just setup the response and respond.
	 */
	if (create) {
		*cs->statusp = res->status = NFS4_OK;
		res->SETCLIENTID4res_u.resok4.clientid = cp->clientid;
		res->SETCLIENTID4res_u.resok4.setclientid_confirm =
							cp->confirm_verf;
		/* Setup callback information; CB_NULL confirmation later */
		rfs4_client_setcb(cp, &args->callback, args->callback_ident);

		rfs4_client_rele(cp);
		return;
	}

	/*
	 * An existing, confirmed client may exist but it may not have
	 * been active for at least one lease period.  If so, then
	 * "close" the client and create a new client identifier
	 */
	if (rfs4_lease_expired(cp)) {
		rfs4_client_close(cp);
		goto retry;
	}

	if (cp->need_confirm == TRUE)
		cp_unconfirmed = cp;
	else
		cp_confirmed = cp;

	cp = NULL;

	/*
	 * We have a confirmed client, now check for an
	 * unconfimred entry
	 */
	if (cp_confirmed) {
		/* If creds don't match then client identifier is inuse */
		if (!creds_ok(cp_confirmed->cr_set, req, cs)) {
			rfs4_cbinfo_t *cbp;
			/*
			 * Some one else has established this client
			 * id. Try and say * who they are. We will use
			 * the call back address supplied by * the
			 * first client.
			 */
			*cs->statusp = res->status = NFS4ERR_CLID_INUSE;

			addr = netid = NULL;

			cbp = &cp_confirmed->cbinfo;
			if (cbp->cb_callback.cb_location.r_addr &&
			    cbp->cb_callback.cb_location.r_netid) {
				cb_client4 *cbcp = &cbp->cb_callback;

				len = strlen(cbcp->cb_location.r_addr)+1;
				addr = kmem_alloc(len, KM_SLEEP);
				bcopy(cbcp->cb_location.r_addr, addr, len);
				len = strlen(cbcp->cb_location.r_netid)+1;
				netid = kmem_alloc(len, KM_SLEEP);
				bcopy(cbcp->cb_location.r_netid, netid, len);
			}

			res->SETCLIENTID4res_u.client_using.r_addr = addr;
			res->SETCLIENTID4res_u.client_using.r_netid = netid;

			rfs4_client_rele(cp_confirmed);
		}

		/*
		 * Confirmed, creds match, and verifier matches; must
		 * be an update of the callback info
		 */
		if (cp_confirmed->nfs_client.verifier ==
						args->client.verifier) {
			/* Setup callback information */
			rfs4_client_setcb(cp_confirmed, &args->callback,
						args->callback_ident);

			/* everything okay -- move ahead */
			*cs->statusp = res->status = NFS4_OK;
			res->SETCLIENTID4res_u.resok4.clientid =
				cp_confirmed->clientid;

			/* update the confirm_verifier and return it */
			rfs4_client_scv_next(cp_confirmed);
			res->SETCLIENTID4res_u.resok4.setclientid_confirm =
						cp_confirmed->confirm_verf;

			rfs4_client_rele(cp_confirmed);
			return;
		}

		/*
		 * Creds match but the verifier doesn't.  Must search
		 * for an unconfirmed client that would be replaced by
		 * this request.
		 */
		create = FALSE;
		cp_unconfirmed = rfs4_findclient(&args->client, &create,
						cp_confirmed);
	}

	/*
	 * At this point, we have taken care of the brand new client
	 * struct, INUSE case, update of an existing, and confirmed
	 * client struct.
	 */

	/*
	 * check to see if things have changed while we originally
	 * picked up the client struct.  If they have, then return and
	 * retry the processing of this SETCLIENTID request.
	 */
	if (cp_unconfirmed) {
		rfs4_dbe_lock(cp_unconfirmed->dbe);
		if (!cp_unconfirmed->need_confirm) {
			rfs4_dbe_unlock(cp_unconfirmed->dbe);
			rfs4_client_rele(cp_unconfirmed);
			if (cp_confirmed)
				rfs4_client_rele(cp_confirmed);
			goto retry;
		}
		/* do away with the old unconfirmed one */
		rfs4_dbe_invalidate(cp_unconfirmed->dbe);
		rfs4_dbe_unlock(cp_unconfirmed->dbe);
		rfs4_client_rele(cp_unconfirmed);
		cp_unconfirmed = NULL;
	}

	/*
	 * This search will temporarily hide the confirmed client
	 * struct while a new client struct is created as the
	 * unconfirmed one.
	 */
	create = TRUE;
	newcp = rfs4_findclient(&args->client, &create, cp_confirmed);

	ASSERT(newcp != NULL);

	if (newcp == NULL) {
		*cs->statusp = res->status = NFS4ERR_SERVERFAULT;
		rfs4_client_rele(cp_confirmed);
		return;
	}

	/*
	 * If one was not created, then a similar request must be in
	 * process so release and start over with this one
	 */
	if (create != TRUE) {
		rfs4_client_rele(newcp);
		if (cp_confirmed)
			rfs4_client_rele(cp_confirmed);
		goto retry;
	}

	*cs->statusp = res->status = NFS4_OK;
	res->SETCLIENTID4res_u.resok4.clientid = newcp->clientid;
	res->SETCLIENTID4res_u.resok4.setclientid_confirm =
							newcp->confirm_verf;
	/* Setup callback information; CB_NULL confirmation later */
	rfs4_client_setcb(newcp, &args->callback,
				args->callback_ident);

	newcp->cp_confirmed = cp_confirmed;

	rfs4_client_rele(newcp);
}

/*ARGSUSED*/
void
rfs4_op_setclientid_confirm(nfs_argop4 *argop, nfs_resop4 *resop,
			    struct svc_req *req, struct compound_state *cs)
{
	SETCLIENTID_CONFIRM4args *args =
		&argop->nfs_argop4_u.opsetclientid_confirm;
	SETCLIENTID_CONFIRM4res *res =
		&resop->nfs_resop4_u.opsetclientid_confirm;
	rfs4_client_t *cp, *cptoclose = NULL;

	*cs->statusp = res->status = NFS4_OK;

	cp = rfs4_findclient_by_id(args->clientid, TRUE);

	if (cp == NULL) {
		*cs->statusp = res->status =
			rfs4_check_clientid(&args->clientid, 1);
		return;
	}

	if (!creds_ok(cp, req, cs)) {
		*cs->statusp = res->status = NFS4ERR_CLID_INUSE;
		rfs4_client_rele(cp);
		return;
	}

	/* If the verifier doesn't match, the record doesn't match */
	if (cp->confirm_verf != args->setclientid_confirm) {
		*cs->statusp = res->status = NFS4ERR_STALE_CLIENTID;
		rfs4_client_rele(cp);
		return;
	}

	rfs4_dbe_lock(cp->dbe);
	cp->need_confirm = FALSE;
	if (cp->cp_confirmed) {
		cptoclose = cp->cp_confirmed;
		cptoclose->ss_remove = 1;
		cp->cp_confirmed = NULL;
	}

	/*
	 * Record clientid in stable storage
	 */
	rfs4_ss_clid(cp, req);

	rfs4_dbe_unlock(cp->dbe);

	if (cptoclose)
		/* don't need to rele, client_close does it */
		rfs4_client_close(cptoclose);

	/* If needed, initiate CB_NULL call for callback path */
	rfs4_deleg_cb_check(cp);
	rfs4_update_lease(cp);

	/*
	 * Update the client's associated server instance, if it's changed
	 * since the client was created.
	 */
	if (rfs4_servinst(cp) != rfs4_cur_servinst)
		rfs4_servinst_assign(cp, rfs4_cur_servinst);

	/*
	 * Check to see if client can perform reclaims
	 */
	rfs4_ss_chkclid(cp);

	rfs4_client_rele(cp);
}


/*ARGSUSED*/
void
rfs4_op_close(nfs_argop4 *argop, nfs_resop4 *resop,
	    struct svc_req *req, struct compound_state *cs)
{
	/* XXX Currently not using req arg */
	CLOSE4args *args = &argop->nfs_argop4_u.opclose;
	CLOSE4res *resp = &resop->nfs_resop4_u.opclose;
	rfs4_state_t *sp;
	nfsstat4 status;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_INVALID);
	if (status != NFS4_OK) {
		*cs->statusp = resp->status = status;
		return;
	}

	/* Ensure specified filehandle matches */
	if (cs->vp != sp->finfo->vp) {
		rfs4_state_rele(sp);
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		return;
	}

	/* hold off other access to open_owner while we tinker */
	rfs4_sw_enter(&sp->owner->oo_sw);

	switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) {
	case NFS4_CHECK_STATEID_OKAY:
		if (rfs4_check_open_seqid(args->seqid, sp->owner,
			resop) != NFS4_CHKSEQ_OKAY) {
			*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			goto end;
		}
		break;
	case NFS4_CHECK_STATEID_OLD:
		*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_BAD:
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_EXPIRED:
		*cs->statusp = resp->status = NFS4ERR_EXPIRED;
		goto end;
	case NFS4_CHECK_STATEID_CLOSED:
		*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_UNCONFIRMED:
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_REPLAY:
		/* Check the sequence id for the open owner */
		switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) {
		case NFS4_CHKSEQ_OKAY:
			/*
			 * This is replayed stateid; if seqid matches
			 * next expected, then client is using wrong seqid.
			 */
			/* FALL THROUGH */
		case NFS4_CHKSEQ_BAD:
			*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			goto end;
		case NFS4_CHKSEQ_REPLAY:
			/*
			 * Note this case is the duplicate case so
			 * resp->status is already set.
			 */
			*cs->statusp = resp->status;
			rfs4_update_lease(sp->owner->client);
			goto end;
		}
		break;
	default:
		ASSERT(FALSE);
		break;
	}

	rfs4_dbe_lock(sp->dbe);

	/* Update the stateid. */
	next_stateid(&sp->stateid);
	resp->open_stateid = sp->stateid.stateid;

	rfs4_dbe_unlock(sp->dbe);

	rfs4_update_lease(sp->owner->client);
	rfs4_update_open_sequence(sp->owner);
	rfs4_update_open_resp(sp->owner, resop, NULL);

	rfs4_state_close(sp, FALSE, FALSE, cs->cr);

	*cs->statusp = resp->status = status;

end:
	rfs4_sw_exit(&sp->owner->oo_sw);
	rfs4_state_rele(sp);
}

/*
 * Manage the counts on the file struct and close all file locks
 */
/*ARGSUSED*/
void
rfs4_release_share_lock_state(rfs4_state_t *sp, cred_t *cr,
	bool_t close_of_client)
{
	rfs4_file_t *fp = sp->finfo;
	rfs4_lo_state_t *lsp;
	struct shrlock shr;
	struct shr_locowner shr_loco;
	int fflags, s_access, s_deny;

	fflags = s_access = s_deny = 0;
	/*
	 * Decrement the count for each access and deny bit that this
	 * state has contributed to the file. If the file counts go to zero
	 * clear the appropriate bit in the appropriate mask.
	 */

	if (sp->share_access & OPEN4_SHARE_ACCESS_READ) {
		fp->access_read--;
		fflags |= FREAD;
		s_access |= F_RDACC;
		if (fp->access_read == 0)
			fp->share_access &= ~OPEN4_SHARE_ACCESS_READ;
	}
	if (sp->share_access & OPEN4_SHARE_ACCESS_WRITE) {
		fp->access_write--;
		fflags |= FWRITE;
		s_access |= F_WRACC;
		if (fp->access_write == 0)
			fp->share_access &= ~OPEN4_SHARE_ACCESS_WRITE;
	}
	if (sp->share_deny & OPEN4_SHARE_DENY_READ) {
		fp->deny_read--;
		s_deny |= F_RDDNY;
		if (fp->deny_read == 0)
			fp->share_deny &= ~OPEN4_SHARE_DENY_READ;
	}
	if (sp->share_deny & OPEN4_SHARE_DENY_WRITE) {
		fp->deny_write--;
		s_deny |= F_WRDNY;
		if (fp->deny_write == 0)
			fp->share_deny &= ~OPEN4_SHARE_DENY_WRITE;
	}

	/*
	 * If this call is part of the larger closing down of client
	 * state then it is just easier to release all locks
	 * associated with this client instead of going through each
	 * individual file and cleaning locks there.
	 */
	if (close_of_client) {
		if (sp->owner->client->unlksys_completed == FALSE &&
		    sp->lockownerlist.next->lsp != NULL &&
			sp->owner->client->sysidt != LM_NOSYSID) {
			/* Is the PxFS kernel module loaded? */
			if (lm_remove_file_locks != NULL) {
				int new_sysid;

				/* Encode the cluster nodeid in new sysid */
				new_sysid = sp->owner->client->sysidt;
				lm_set_nlmid_flk(&new_sysid);

				/*
				 * This PxFS routine removes file locks for a
				 * client over all nodes of a cluster.
				 */
				NFS4_DEBUG(rfs4_debug, (CE_NOTE,
				    "lm_remove_file_locks(sysid=0x%x)\n",
				    new_sysid));
				(*lm_remove_file_locks)(new_sysid);
			} else {
				struct flock64 flk;

				/* Release all locks for this client */
				flk.l_type = F_UNLKSYS;
				flk.l_whence = 0;
				flk.l_start = 0;
				flk.l_len = 0;
				flk.l_sysid = sp->owner->client->sysidt;
				flk.l_pid = 0;
				(void) VOP_FRLOCK(sp->finfo->vp, F_SETLK, &flk,
				    F_REMOTELOCK | FREAD | FWRITE,
				    (u_offset_t)0, NULL, CRED());
			}

			sp->owner->client->unlksys_completed = TRUE;
		}
	}

	/*
	 * Release all locks on this file by this lock owner or at
	 * least mark the locks as having been released
	 */
	for (lsp = sp->lockownerlist.next->lsp; lsp != NULL;
		lsp = lsp->lockownerlist.next->lsp) {

		lsp->locks_cleaned = TRUE;

		/* Was this already taken care of above? */
		if (!close_of_client &&
		    sp->owner->client->sysidt != LM_NOSYSID)
			(void) cleanlocks(sp->finfo->vp, lsp->locker->pid,
				lsp->locker->client->sysidt);
	}

	/*
	 * Release any shrlocks associated with this open state ID.
	 * This must be done before the rfs4_state gets marked closed.
	 */
	if (sp->owner->client->sysidt != LM_NOSYSID) {
		shr.s_access = s_access;
		shr.s_deny = s_deny;
		shr.s_pid = rfs4_dbe_getid(sp->owner->dbe);
		shr.s_sysid = sp->owner->client->sysidt;
		shr_loco.sl_pid = shr.s_pid;
		shr_loco.sl_id = shr.s_sysid;
		shr.s_owner = (caddr_t)&shr_loco;
		shr.s_own_len = sizeof (shr_loco);
		(void) vop_shrlock(sp->finfo->vp, F_UNSHARE, &shr, fflags);
	}
}

/*
 * lock_denied: Fill in a LOCK4deneid structure given an flock64 structure.
 */
static nfsstat4
lock_denied(LOCK4denied *dp, struct flock64 *flk)
{
	rfs4_lockowner_t *lo;
	rfs4_client_t *cp;
	uint32_t len;

	lo = rfs4_findlockowner_by_pid(flk->l_pid);
	if (lo != NULL) {
		cp = lo->client;
		if (rfs4_lease_expired(cp)) {
			rfs4_lockowner_rele(lo);
			rfs4_dbe_hold(cp->dbe);
			rfs4_client_close(cp);
			return (NFS4ERR_EXPIRED);
		}
		dp->owner.clientid = lo->owner.clientid;
		len = lo->owner.owner_len;
		dp->owner.owner_val = kmem_alloc(len, KM_SLEEP);
		bcopy(lo->owner.owner_val, dp->owner.owner_val, len);
		dp->owner.owner_len = len;
		rfs4_lockowner_rele(lo);
		goto finish;
	}

	/*
	 * Its not a NFS4 lock. We take advantage that the upper 32 bits
	 * of the client id contain the boot time for a NFS4 lock. So we
	 * fabricate and identity by setting clientid to the sysid, and
	 * the lock owner to the pid.
	 */
	dp->owner.clientid = flk->l_sysid;
	len = sizeof (pid_t);
	dp->owner.owner_len = len;
	dp->owner.owner_val = kmem_alloc(len, KM_SLEEP);
	bcopy(&flk->l_pid, dp->owner.owner_val, len);
finish:
	dp->offset = flk->l_start;
	dp->length = flk->l_len;

	if (flk->l_type == F_RDLCK)
		dp->locktype = READ_LT;
	else if (flk->l_type == F_WRLCK)
		dp->locktype = WRITE_LT;
	else
		return (NFS4ERR_INVAL);	/* no mapping from POSIX ltype to v4 */

	return (NFS4_OK);
}

static int
setlock(vnode_t *vp, struct flock64 *flock, int flag, cred_t *cred)
{
	int error;
	struct flock64 flk;
	int i;
	clock_t delaytime;

retry:
	delaytime = MSEC_TO_TICK_ROUNDUP(rfs4_lock_delay);

	for (i = 0; i < rfs4_maxlock_tries; i++) {
		LOCK_PRINT(rfs4_debug, "setlock", F_SETLK, flock);
		error = VOP_FRLOCK(vp, F_SETLK,
				flock, flag, (u_offset_t)0, NULL, cred);

		if (error != EAGAIN && error != EACCES)
			break;

		if (i < rfs4_maxlock_tries - 1) {
			delay(delaytime);
			delaytime *= 2;
		}
	}

	if (error == EAGAIN || error == EACCES) {
		/* Get the owner of the lock */
		flk = *flock;
		LOCK_PRINT(rfs4_debug, "setlock", F_GETLK, &flk);
		if (VOP_FRLOCK(vp, F_GETLK,
			    &flk,  flag, (u_offset_t)0, NULL, cred) == 0) {
			if (flk.l_type == F_UNLCK) {
				/* No longer locked, retry */
				goto retry;
			}
			*flock = flk;
			LOCK_PRINT(rfs4_debug, "setlock(blocking lock)",
				F_GETLK, &flk);
		}
	}

	return (error);
}

/*ARGSUSED*/
static nfsstat4
rfs4_do_lock(rfs4_lo_state_t *lp, nfs_lock_type4 locktype,
	    seqid4 seqid, offset4 offset,
	    length4 length, cred_t *cred, nfs_resop4 *resop)
{
	nfsstat4 status;
	rfs4_lockowner_t *lo = lp->locker;
	rfs4_state_t *sp = lp->state;
	struct flock64 flock;
	int16_t ltype;
	int flag;
	int error;
	sysid_t sysid;
	LOCK4res *lres;

	if (rfs4_lease_expired(lo->client)) {
		return (NFS4ERR_EXPIRED);
	}

	if ((status = rfs4_client_sysid(lo->client, &sysid)) != NFS4_OK)
		return (status);

	/* Check for zero length. To lock to end of file use all ones for V4 */
	if (length == 0)
		return (NFS4ERR_INVAL);
	else if (length == (length4)(~0))
		length = 0;		/* Posix to end of file  */

retry:
	rfs4_dbe_lock(sp->dbe);


	if (resop->resop != OP_LOCKU) {
		switch (locktype) {
		case READ_LT:
		case READW_LT:
			if ((sp->share_access
			    & OPEN4_SHARE_ACCESS_READ) == 0) {
				rfs4_dbe_unlock(sp->dbe);

				return (NFS4ERR_OPENMODE);
			}
			ltype = F_RDLCK;
			break;
		case WRITE_LT:
		case WRITEW_LT:
			if ((sp->share_access
			    & OPEN4_SHARE_ACCESS_WRITE) == 0) {
				rfs4_dbe_unlock(sp->dbe);

				return (NFS4ERR_OPENMODE);
			}
			ltype = F_WRLCK;
			break;
		}
	} else
		ltype = F_UNLCK;

	flock.l_type = ltype;
	flock.l_whence = 0;		/* SEEK_SET */
	flock.l_start = offset;
	flock.l_len = length;
	flock.l_sysid = sysid;
	flock.l_pid = lp->locker->pid;

	/* Note that length4 is uint64_t but l_len and l_start are off64_t */
	if (flock.l_len < 0 || flock.l_start < 0) {
		rfs4_dbe_unlock(sp->dbe);
		return (NFS4ERR_INVAL);
	}

	/*
	 * N.B. FREAD has the same value as OPEN4_SHARE_ACCESS_READ and
	 * FWRITE has the same value as OPEN4_SHARE_ACCESS_WRITE.
	 */
	flag = (int)sp->share_access | F_REMOTELOCK;

	error = setlock(sp->finfo->vp, &flock, flag, cred);
	if (error == 0) {
		rfs4_dbe_lock(lp->dbe);
		next_stateid(&lp->lockid);
		rfs4_dbe_unlock(lp->dbe);
	}

	rfs4_dbe_unlock(sp->dbe);

	/*
	 * N.B. We map error values to nfsv4 errors. This is differrent
	 * than puterrno4 routine.
	 */
	switch (error) {
	case 0:
		status = NFS4_OK;
		break;
	case EAGAIN:
	case EACCES:		/* Old value */
		/* Can only get here if op is OP_LOCK */
		ASSERT(resop->resop == OP_LOCK);
		lres = &resop->nfs_resop4_u.oplock;
		status = NFS4ERR_DENIED;
		if (lock_denied(&lres->LOCK4res_u.denied, &flock)
			== NFS4ERR_EXPIRED)
			goto retry;
		break;
	case ENOLCK:
		status = NFS4ERR_DELAY;
		break;
	case EOVERFLOW:
		status = NFS4ERR_INVAL;
		break;
	case EINVAL:
		status = NFS4ERR_NOTSUPP;
		break;
	default:
		cmn_err(CE_WARN, "rfs4_do_lock: unexpected errno (%d)",
			error);
		status = NFS4ERR_SERVERFAULT;
		break;
	}

	return (status);
}

/*ARGSUSED*/
void
rfs4_op_lock(nfs_argop4 *argop, nfs_resop4 *resop,
	    struct svc_req *req, struct compound_state *cs)
{
	/* XXX Currently not using req arg */
	LOCK4args *args = &argop->nfs_argop4_u.oplock;
	LOCK4res *resp = &resop->nfs_resop4_u.oplock;
	nfsstat4 status;
	stateid4 *stateid;
	rfs4_lockowner_t *lo;
	rfs4_client_t *cp;
	rfs4_state_t *sp = NULL;
	rfs4_lo_state_t *lsp = NULL;
	bool_t ls_sw_held = FALSE;
	bool_t create = TRUE;
	bool_t lcreate = TRUE;
	bool_t dup_lock = FALSE;
	int rc;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if (args->locker.new_lock_owner) {
		/* Create a new lockowner for this instance */
		open_to_lock_owner4 *olo = &args->locker.locker4_u.open_owner;

		NFS4_DEBUG(rfs4_debug, (CE_NOTE, "Creating new lock owner"));

		stateid = &olo->open_stateid;
		status = rfs4_get_state(stateid, &sp, RFS4_DBS_VALID);
		if (status != NFS4_OK) {
			NFS4_DEBUG(rfs4_debug,
				(CE_NOTE, "Get state failed in lock %d",
				status));
			*cs->statusp = resp->status = status;
			return;
		}

		/* Ensure specified filehandle matches */
		if (cs->vp != sp->finfo->vp) {
			rfs4_state_rele(sp);
			*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
			return;
		}

		/* hold off other access to open_owner while we tinker */
		rfs4_sw_enter(&sp->owner->oo_sw);

		switch (rc = rfs4_check_stateid_seqid(sp, stateid)) {
		case NFS4_CHECK_STATEID_OLD:
			*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
			goto end;
		case NFS4_CHECK_STATEID_BAD:
			*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
			goto end;
		case NFS4_CHECK_STATEID_EXPIRED:
			*cs->statusp = resp->status = NFS4ERR_EXPIRED;
			goto end;
		case NFS4_CHECK_STATEID_UNCONFIRMED:
			*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
			goto end;
		case NFS4_CHECK_STATEID_CLOSED:
			*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
			goto end;
		case NFS4_CHECK_STATEID_OKAY:
		case NFS4_CHECK_STATEID_REPLAY:
			switch (rfs4_check_olo_seqid(olo->open_seqid,
				sp->owner, resop)) {
			case NFS4_CHKSEQ_OKAY:
				if (rc == NFS4_CHECK_STATEID_OKAY)
					break;
				/*
				 * This is replayed stateid; if seqid
				 * matches next expected, then client
				 * is using wrong seqid.
				 */
				/* FALLTHROUGH */
			case NFS4_CHKSEQ_BAD:
				*cs->statusp = resp->status =
					NFS4ERR_BAD_SEQID;
				goto end;
			case NFS4_CHKSEQ_REPLAY:
				/* This is a duplicate LOCK request */
				dup_lock = TRUE;

				/*
				 * For a duplicate we do not want to
				 * create a new lockowner as it should
				 * already exist.
				 * Turn off the lockowner create flag.
				 */
				lcreate = FALSE;
			}
			break;
		}

		lo = rfs4_findlockowner(&olo->lock_owner, &lcreate);
		if (lo == NULL) {
			NFS4_DEBUG(rfs4_debug,
				(CE_NOTE, "rfs4_op_lock: no lock owner"));
			*cs->statusp = resp->status = NFS4ERR_RESOURCE;
			goto end;
		}

		lsp = rfs4_findlo_state_by_owner(lo, sp, &create);
		if (lsp == NULL) {
			rfs4_update_lease(sp->owner->client);
			/*
			 * Only update theh open_seqid if this is not
			 * a duplicate request
			 */
			if (dup_lock == FALSE) {
				rfs4_update_open_sequence(sp->owner);
			}

			NFS4_DEBUG(rfs4_debug,
				(CE_NOTE, "rfs4_op_lock: no state"));
			*cs->statusp = resp->status = NFS4ERR_SERVERFAULT;
			rfs4_update_open_resp(sp->owner, resop, NULL);
			rfs4_lockowner_rele(lo);
			goto end;
		}

		/*
		 * This is the new_lock_owner branch and the client is
		 * supposed to be associating a new lock_owner with
		 * the open file at this point.  If we find that a
		 * lock_owner/state association already exists and a
		 * successful LOCK request was returned to the client,
		 * an error is returned to the client since this is
		 * not appropriate.  The client should be using the
		 * existing lock_owner branch.
		 */
		if (dup_lock == FALSE && create == FALSE) {
			if (lsp->lock_completed == TRUE) {
				*cs->statusp =
					resp->status = NFS4ERR_BAD_SEQID;
				rfs4_lockowner_rele(lo);
				goto end;
			}
		}

		rfs4_update_lease(sp->owner->client);

		/*
		 * Only update theh open_seqid if this is not
		 * a duplicate request
		 */
		if (dup_lock == FALSE) {
			rfs4_update_open_sequence(sp->owner);
		}

		/*
		 * If this is a duplicate lock request, just copy the
		 * previously saved reply and return.
		 */
		if (dup_lock == TRUE) {
			/* verify that lock_seqid's match */
			if (lsp->seqid != olo->lock_seqid) {
				NFS4_DEBUG(rfs4_debug,
				(CE_NOTE, "rfs4_op_lock: Dup-Lock seqid bad"
				"lsp->seqid=%d old->seqid=%d",
				lsp->seqid, olo->lock_seqid));
				*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			} else {
				rfs4_copy_reply(resop, lsp->reply);
				/*
				 * Make sure to copy the just
				 * retrieved reply status into the
				 * overall compound status
				 */
				*cs->statusp = resp->status;
			}
			rfs4_lockowner_rele(lo);
			goto end;
		}

		rfs4_dbe_lock(lsp->dbe);

		/* Make sure to update the lock sequence id */
		lsp->seqid = olo->lock_seqid;

		NFS4_DEBUG(rfs4_debug,
			(CE_NOTE, "Lock seqid established as %d", lsp->seqid));

		/*
		 * This is used to signify the newly created lockowner
		 * stateid and its sequence number.  The checks for
		 * sequence number and increment don't occur on the
		 * very first lock request for a lockowner.
		 */
		lsp->skip_seqid_check = TRUE;

		/* hold off other access to lsp while we tinker */
		rfs4_sw_enter(&lsp->ls_sw);
		ls_sw_held = TRUE;

		rfs4_dbe_unlock(lsp->dbe);

		rfs4_lockowner_rele(lo);
	} else {
		stateid = &args->locker.locker4_u.lock_owner.lock_stateid;
		/* get lsp and hold the lock on the underlying file struct */
		if ((status = rfs4_get_lo_state(stateid, &lsp, TRUE))
		    != NFS4_OK) {
			*cs->statusp = resp->status = status;
			return;
		}
		create = FALSE;	/* We didn't create lsp */

		/* Ensure specified filehandle matches */
		if (cs->vp != lsp->state->finfo->vp) {
			rfs4_lo_state_rele(lsp, TRUE);
			*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
			return;
		}

		/* hold off other access to lsp while we tinker */
		rfs4_sw_enter(&lsp->ls_sw);
		ls_sw_held = TRUE;

		switch (rfs4_check_lo_stateid_seqid(lsp, stateid)) {
		/*
		 * The stateid looks like it was okay (expected to be
		 * the next one)
		 */
		case NFS4_CHECK_STATEID_OKAY:
			/*
			 * The sequence id is now checked.  Determine
			 * if this is a replay or if it is in the
			 * expected (next) sequence.  In the case of a
			 * replay, there are two replay conditions
			 * that may occur.  The first is the normal
			 * condition where a LOCK is done with a
			 * NFS4_OK response and the stateid is
			 * updated.  That case is handled below when
			 * the stateid is identified as a REPLAY.  The
			 * second is the case where an error is
			 * returned, like NFS4ERR_DENIED, and the
			 * sequence number is updated but the stateid
			 * is not updated.  This second case is dealt
			 * with here.  So it may seem odd that the
			 * stateid is okay but the sequence id is a
			 * replay but it is okay.
			 */
			switch (rfs4_check_lock_seqid(
				args->locker.locker4_u.lock_owner.lock_seqid,
				lsp, resop)) {
			case NFS4_CHKSEQ_REPLAY:
				if (resp->status != NFS4_OK) {
					/*
					 * Here is our replay and need
					 * to verify that the last
					 * response was an error.
					 */
					*cs->statusp = resp->status;
					goto end;
				}
				/*
				 * This is done since the sequence id
				 * looked like a replay but it didn't
				 * pass our check so a BAD_SEQID is
				 * returned as a result.
				 */
				/*FALLTHROUGH*/
			case NFS4_CHKSEQ_BAD:
				*cs->statusp = resp->status =
					NFS4ERR_BAD_SEQID;
				goto end;
			case NFS4_CHKSEQ_OKAY:
				/* Everything looks okay move ahead */
				break;
			}
			break;
		case NFS4_CHECK_STATEID_OLD:
			*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
			goto end;
		case NFS4_CHECK_STATEID_BAD:
			*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
			goto end;
		case NFS4_CHECK_STATEID_EXPIRED:
			*cs->statusp = resp->status = NFS4ERR_EXPIRED;
			goto end;
		case NFS4_CHECK_STATEID_CLOSED:
			*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
			goto end;
		case NFS4_CHECK_STATEID_REPLAY:
			switch (rfs4_check_lock_seqid(
				args->locker.locker4_u.lock_owner.lock_seqid,
				lsp, resop)) {
			case NFS4_CHKSEQ_OKAY:
				/*
				 * This is a replayed stateid; if
				 * seqid matches the next expected,
				 * then client is using wrong seqid.
				 */
			case NFS4_CHKSEQ_BAD:
				*cs->statusp = resp->status =
					NFS4ERR_BAD_SEQID;
				goto end;
			case NFS4_CHKSEQ_REPLAY:
				rfs4_update_lease(lsp->locker->client);
				*cs->statusp = status = resp->status;
				goto end;
			}
			break;
		default:
			ASSERT(FALSE);
			break;
		}

		rfs4_update_lock_sequence(lsp);
		rfs4_update_lease(lsp->locker->client);
	}

	/*
	 * NFS4 only allows locking on regular files, so
	 * verify type of object.
	 */
	if (cs->vp->v_type != VREG) {
		if (cs->vp->v_type == VDIR)
			status = NFS4ERR_ISDIR;
		else
			status = NFS4ERR_INVAL;
		goto out;
	}

	cp = lsp->state->owner->client;

	if (rfs4_clnt_in_grace(cp) && !args->reclaim) {
		status = NFS4ERR_GRACE;
		goto out;
	}

	if (rfs4_clnt_in_grace(cp) && args->reclaim && !cp->can_reclaim) {
		status = NFS4ERR_NO_GRACE;
		goto out;
	}

	if (!rfs4_clnt_in_grace(cp) && args->reclaim) {
		status = NFS4ERR_NO_GRACE;
		goto out;
	}

	if (lsp->state->finfo->dinfo->dtype == OPEN_DELEGATE_WRITE)
		cs->deleg = TRUE;

	status = rfs4_do_lock(lsp, args->locktype,
				args->locker.locker4_u.lock_owner.lock_seqid,
				args->offset,
				args->length, cs->cr, resop);

out:
	lsp->skip_seqid_check = FALSE;

	*cs->statusp = resp->status = status;

	if (status == NFS4_OK) {
		resp->LOCK4res_u.lock_stateid = lsp->lockid.stateid;
		lsp->lock_completed = TRUE;
	}
	/*
	 * Only update the "OPEN" response here if this was a new
	 * lock_owner
	 */
	if (sp)
		rfs4_update_open_resp(sp->owner, resop, NULL);

	rfs4_update_lock_resp(lsp, resop);

end:
	if (lsp) {
		if (ls_sw_held)
			rfs4_sw_exit(&lsp->ls_sw);
		/*
		 * If an sp obtained, then the lsp does not represent
		 * a lock on the file struct.
		 */
		if (sp != NULL)
			rfs4_lo_state_rele(lsp, FALSE);
		else
			rfs4_lo_state_rele(lsp, TRUE);
	}
	if (sp) {
		rfs4_sw_exit(&sp->owner->oo_sw);
		rfs4_state_rele(sp);
	}
}

/* free function for LOCK/LOCKT */
static void
lock_denied_free(nfs_resop4 *resop)
{
	LOCK4denied *dp = NULL;

	switch (resop->resop) {
	case OP_LOCK:
		if (resop->nfs_resop4_u.oplock.status == NFS4ERR_DENIED)
			dp = &resop->nfs_resop4_u.oplock.LOCK4res_u.denied;
		break;
	case OP_LOCKT:
		if (resop->nfs_resop4_u.oplockt.status == NFS4ERR_DENIED)
			dp = &resop->nfs_resop4_u.oplockt.denied;
		break;
	default:
		break;
	}

	if (dp)
		kmem_free(dp->owner.owner_val, dp->owner.owner_len);
}

/*ARGSUSED*/
void
rfs4_op_locku(nfs_argop4 *argop, nfs_resop4 *resop,
	    struct svc_req *req, struct compound_state *cs)
{
	/* XXX Currently not using req arg */
	LOCKU4args *args = &argop->nfs_argop4_u.oplocku;
	LOCKU4res *resp = &resop->nfs_resop4_u.oplocku;
	nfsstat4 status;
	stateid4 *stateid = &args->lock_stateid;
	rfs4_lo_state_t *lsp;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	if ((status = rfs4_get_lo_state(stateid, &lsp, TRUE)) != NFS4_OK) {
		*cs->statusp = resp->status = status;
		return;
	}

	/* Ensure specified filehandle matches */
	if (cs->vp != lsp->state->finfo->vp) {
		rfs4_lo_state_rele(lsp, TRUE);
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		return;
	}

	/* hold off other access to lsp while we tinker */
	rfs4_sw_enter(&lsp->ls_sw);

	switch (rfs4_check_lo_stateid_seqid(lsp, stateid)) {
	case NFS4_CHECK_STATEID_OKAY:
		if (rfs4_check_lock_seqid(args->seqid, lsp, resop)
		    != NFS4_CHKSEQ_OKAY) {
			*cs->statusp = resp->status = NFS4ERR_BAD_SEQID;
			goto end;
		}
		break;
	case NFS4_CHECK_STATEID_OLD:
		*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_BAD:
		*cs->statusp = resp->status = NFS4ERR_BAD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_EXPIRED:
		*cs->statusp = resp->status = NFS4ERR_EXPIRED;
		goto end;
	case NFS4_CHECK_STATEID_CLOSED:
		*cs->statusp = resp->status = NFS4ERR_OLD_STATEID;
		goto end;
	case NFS4_CHECK_STATEID_REPLAY:
		switch (rfs4_check_lock_seqid(args->seqid, lsp, resop)) {
		case NFS4_CHKSEQ_OKAY:
				/*
				 * This is a replayed stateid; if
				 * seqid matches the next expected,
				 * then client is using wrong seqid.
				 */
		case NFS4_CHKSEQ_BAD:
			*cs->statusp = resp->status =
				NFS4ERR_BAD_SEQID;
			goto end;
		case NFS4_CHKSEQ_REPLAY:
			rfs4_update_lease(lsp->locker->client);
			*cs->statusp = status = resp->status;
			goto end;
		}
		break;
	default:
		ASSERT(FALSE);
		break;
	}

	rfs4_update_lock_sequence(lsp);
	rfs4_update_lease(lsp->locker->client);

	/*
	 * NFS4 only allows locking on regular files, so
	 * verify type of object.
	 */
	if (cs->vp->v_type != VREG) {
		if (cs->vp->v_type == VDIR)
			status = NFS4ERR_ISDIR;
		else
			status = NFS4ERR_INVAL;
		goto out;
	}

	if (rfs4_clnt_in_grace(lsp->state->owner->client)) {
		status = NFS4ERR_GRACE;
		goto out;
	}

	status = rfs4_do_lock(lsp, args->locktype,
			    args->seqid, args->offset,
			    args->length, cs->cr, resop);

out:
	*cs->statusp = resp->status = status;

	if (status == NFS4_OK)
		resp->lock_stateid = lsp->lockid.stateid;

	rfs4_update_lock_resp(lsp, resop);

end:
	rfs4_sw_exit(&lsp->ls_sw);
	rfs4_lo_state_rele(lsp, TRUE);
}

/*
 * LOCKT is a best effort routine, the client can not be guaranteed that
 * the status return is still in effect by the time the reply is received.
 * They are numerous race conditions in this routine, but we are not required
 * and can not be accurate.
 */
/*ARGSUSED*/
void
rfs4_op_lockt(nfs_argop4 *argop, nfs_resop4 *resop,
	    struct svc_req *req, struct compound_state *cs)
{
	LOCKT4args *args = &argop->nfs_argop4_u.oplockt;
	LOCKT4res *resp = &resop->nfs_resop4_u.oplockt;
	rfs4_lockowner_t *lo;
	rfs4_client_t *cp;
	bool_t create = FALSE;
	struct flock64 flk;
	int error;
	int flag = FREAD | FWRITE;
	int ltype;
	length4 posix_length;
	sysid_t sysid;
	pid_t pid;

	if (cs->vp == NULL) {
		*cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE;
		return;
	}

	/*
	 * NFS4 only allows locking on regular files, so
	 * verify type of object.
	 */
	if (cs->vp->v_type != VREG) {
		if (cs->vp->v_type == VDIR)
			*cs->statusp = resp->status = NFS4ERR_ISDIR;
		else
			*cs->statusp = resp->status =  NFS4ERR_INVAL;
		return;
	}

	/*
	 * Check out the clientid to ensure the server knows about it
	 * so that we correctly inform the client of a server reboot.
	 */
	if ((cp = rfs4_findclient_by_id(args->owner.clientid, FALSE))
	    == NULL) {
		*cs->statusp = resp->status =
			rfs4_check_clientid(&args->owner.clientid, 0);
		return;
	}
	if (rfs4_lease_expired(cp)) {
		rfs4_client_close(cp);
		/*
		 * Protocol doesn't allow returning NFS4ERR_STALE as
		 * other operations do on this check so STALE_CLIENTID
		 * is returned instead
		 */
		*cs->statusp = resp->status = NFS4ERR_STALE_CLIENTID;
		return;
	}

	if (rfs4_clnt_in_grace(cp)) {
		*cs->statusp = resp->status = NFS4ERR_GRACE;
		return;
	}
	rfs4_client_rele(cp);

	resp->status = NFS4_OK;

	switch (args->locktype) {
	case READ_LT:
	case READW_LT:
		ltype = F_RDLCK;
		break;
	case WRITE_LT:
	case WRITEW_LT:
		ltype = F_WRLCK;
		break;
	}

	posix_length = args->length;
	/* Check for zero length. To lock to end of file use all ones for V4 */
	if (posix_length == 0) {
		*cs->statusp = resp->status = NFS4ERR_INVAL;
		return;
	} else if (posix_length == (length4)(~0)) {
		posix_length = 0;	/* Posix to end of file  */
	}

	/* Find or create a lockowner */
	lo = rfs4_findlockowner(&args->owner, &create);

	if (lo) {
		pid = lo->pid;
		if ((resp->status =
			rfs4_client_sysid(lo->client, &sysid)) != NFS4_OK)
		goto out;
	} else {
		pid = 0;
		sysid = lockt_sysid;
	}
retry:
	flk.l_type = ltype;
	flk.l_whence = 0;		/* SEEK_SET */
	flk.l_start = args->offset;
	flk.l_len = posix_length;
	flk.l_sysid = sysid;
	flk.l_pid = pid;
	flag |= F_REMOTELOCK;

	LOCK_PRINT(rfs4_debug, "rfs4_op_lockt", F_GETLK, &flk);

	/* Note that length4 is uint64_t but l_len and l_start are off64_t */
	if (flk.l_len < 0 || flk.l_start < 0) {
		resp->status = NFS4ERR_INVAL;
		goto out;
	}
	error = VOP_FRLOCK(cs->vp, F_GETLK, &flk, flag, (u_offset_t)0,
	    NULL, cs->cr);

	/*
	 * N.B. We map error values to nfsv4 errors. This is differrent
	 * than puterrno4 routine.
	 */
	switch (error) {
	case 0:
		if (flk.l_type == F_UNLCK)
			resp->status = NFS4_OK;
		else {
			if (lock_denied(&resp->denied, &flk) == NFS4ERR_EXPIRED)
				goto retry;
			resp->status = NFS4ERR_DENIED;
		}
		break;
	case EOVERFLOW:
		resp->status = NFS4ERR_INVAL;
		break;
	case EINVAL:
		resp->status = NFS4ERR_NOTSUPP;
		break;
	default:
		cmn_err(CE_WARN, "rfs4_op_lockt: unexpected errno (%d)",
			error);
		resp->status = NFS4ERR_SERVERFAULT;
		break;
	}

out:
	if (lo)
		rfs4_lockowner_rele(lo);
	*cs->statusp = resp->status;
}

static int
vop_shrlock(vnode_t *vp, int cmd, struct shrlock *sp, int fflags)
{
	int err;

	if (cmd == F_UNSHARE && sp->s_deny == 0 && sp->s_access == 0)
		return (0);

	err = VOP_SHRLOCK(vp, cmd, sp, fflags, CRED());

	NFS4_DEBUG(rfs4_shrlock_debug,
		(CE_NOTE, "rfs4_shrlock %s vp=%p acc=%d dny=%d sysid=%d "
		"pid=%d err=%d\n", cmd == F_SHARE ? "SHARE" : "UNSHR",
		(void *) vp, sp->s_access, sp->s_deny, sp->s_sysid, sp->s_pid,
		err));

	return (err);
}

static int
rfs4_shrlock(rfs4_state_t *sp, int cmd)
{
	struct shrlock shr;
	struct shr_locowner shr_loco;
	int fflags;

	fflags = shr.s_access = shr.s_deny = 0;

	if (sp->share_access & OPEN4_SHARE_ACCESS_READ) {
		fflags |= FREAD;
		shr.s_access |= F_RDACC;
	}
	if (sp->share_access & OPEN4_SHARE_ACCESS_WRITE) {
		fflags |= FWRITE;
		shr.s_access |= F_WRACC;
	}
	if (sp->share_deny & OPEN4_SHARE_DENY_READ)
		shr.s_deny |= F_RDDNY;
	if (sp->share_deny & OPEN4_SHARE_DENY_WRITE)
		shr.s_deny |= F_WRDNY;

	shr.s_pid = rfs4_dbe_getid(sp->owner->dbe);
	shr.s_sysid = sp->owner->client->sysidt;
	shr_loco.sl_pid = shr.s_pid;
	shr_loco.sl_id = shr.s_sysid;
	shr.s_owner = (caddr_t)&shr_loco;
	shr.s_own_len = sizeof (shr_loco);
	return (vop_shrlock(sp->finfo->vp, cmd, &shr, fflags));
}

static int
rfs4_share(rfs4_state_t *sp)
{
	return (rfs4_shrlock(sp, F_SHARE));
}

void
rfs4_unshare(rfs4_state_t *sp)
{
	(void) rfs4_shrlock(sp, F_UNSHARE);
}