X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/2d21ac55c334faf3a56e5634905ed6987fc787d4..15129b1c8dbb3650c63b70adb1cad9af601c6c17:/bsd/nfs/nfs_syscalls.c?ds=sidebyside

diff --git a/bsd/nfs/nfs_syscalls.c b/bsd/nfs/nfs_syscalls.c
index 1a4f5bb0e..ceeb803ff 100644
--- a/bsd/nfs/nfs_syscalls.c
+++ b/bsd/nfs/nfs_syscalls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2007 Apple Inc.  All rights reserved.
+ * Copyright (c) 2000-2011 Apple Inc.  All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
@@ -101,7 +101,7 @@
 #include <kern/thread_call.h>
 #include <kern/task.h>
 
-#include <bsm/audit_kernel.h>
+#include <security/audit/audit.h>
 
 #include <netinet/in.h>
 #include <netinet/tcp.h>
@@ -133,13 +133,12 @@ extern int nfsrv_wg_delay_v3;
 static int nfsrv_require_resv_port = 0;
 static int nfsrv_deadsock_timer_on = 0;
 
-static int	nfssvc_addsock(socket_t, mbuf_t);
-static int	nfssvc_nfsd(void);
-static int	nfssvc_export(user_addr_t);
-
-static void	nfsrv_zapsock(struct nfsrv_sock *slp);
-static void	nfsrv_slpderef(struct nfsrv_sock *);
-static void	nfsrv_slpfree(struct nfsrv_sock *);
+int	nfssvc_export(user_addr_t argp);
+int	nfssvc_nfsd(void);
+int	nfssvc_addsock(socket_t, mbuf_t);
+void	nfsrv_zapsock(struct nfsrv_sock *);
+void	nfsrv_slpderef(struct nfsrv_sock *);
+void	nfsrv_slpfree(struct nfsrv_sock *);
 
 #endif /* NFSSERVER */
 
@@ -151,30 +150,51 @@ SYSCTL_NODE(_vfs_generic, OID_AUTO, nfs, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "nfs hing
 
 #if NFSCLIENT
 SYSCTL_NODE(_vfs_generic_nfs, OID_AUTO, client, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "nfs client hinge");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, initialdowndelay, CTLFLAG_RW, &nfs_tprintf_initial_delay, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nextdowndelay, CTLFLAG_RW, &nfs_tprintf_delay, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, iosize, CTLFLAG_RW, &nfs_iosize, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_cache_timeout, CTLFLAG_RW, &nfs_access_cache_timeout, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, allow_async, CTLFLAG_RW, &nfs_allow_async, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, statfs_rate_limit, CTLFLAG_RW, &nfs_statfs_rate_limit, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nfsiod_thread_max, CTLFLAG_RW, &nfsiod_thread_max, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nfsiod_thread_count, CTLFLAG_RD, &nfsiod_thread_count, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, lockd_mounts, CTLFLAG_RD, &nfs_lockd_mounts, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, max_async_writes, CTLFLAG_RW, &nfs_max_async_writes, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, initialdowndelay, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_tprintf_initial_delay, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nextdowndelay, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_tprintf_delay, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, iosize, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_iosize, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_cache_timeout, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_access_cache_timeout, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, allow_async, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_allow_async, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, statfs_rate_limit, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_statfs_rate_limit, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nfsiod_thread_max, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsiod_thread_max, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nfsiod_thread_count, CTLFLAG_RD | CTLFLAG_LOCKED, &nfsiod_thread_count, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, lockd_mounts, CTLFLAG_RD | CTLFLAG_LOCKED, &nfs_lockd_mounts, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, max_async_writes, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_max_async_writes, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, single_des, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_single_des, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_delete, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_access_delete, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_dotzfs, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_access_dotzfs, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_for_getattr, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_access_for_getattr, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, idmap_ctrl, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_idmap_ctrl, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, callback_port, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_callback_port, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, is_mobile, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_is_mobile, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, squishy_flags, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_squishy_flags, 0, "");
+SYSCTL_UINT(_vfs_generic_nfs_client, OID_AUTO, debug_ctl, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_debug_ctl, 0, "");
+
+
 #endif /* NFSCLIENT */
 
 #if NFSSERVER
 SYSCTL_NODE(_vfs_generic_nfs, OID_AUTO, server, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "nfs server hinge");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, wg_delay, CTLFLAG_RW, &nfsrv_wg_delay, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, wg_delay_v3, CTLFLAG_RW, &nfsrv_wg_delay_v3, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, require_resv_port, CTLFLAG_RW, &nfsrv_require_resv_port, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, async, CTLFLAG_RW, &nfsrv_async, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, reqcache_size, CTLFLAG_RW, &nfsrv_reqcache_size, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, request_queue_length, CTLFLAG_RW, &nfsrv_sock_max_rec_queue_length, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, user_stats, CTLFLAG_RW, &nfsrv_user_stat_enabled, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, fsevents, CTLFLAG_RW, &nfsrv_fsevents_enabled, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, nfsd_thread_max, CTLFLAG_RW, &nfsd_thread_max, 0, "");
-SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, nfsd_thread_count, CTLFLAG_RD, &nfsd_thread_count, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, wg_delay, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_wg_delay, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, wg_delay_v3, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_wg_delay_v3, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, require_resv_port, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_require_resv_port, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, async, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_async, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, export_hash_size, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_export_hash_size, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, reqcache_size, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_reqcache_size, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, request_queue_length, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_sock_max_rec_queue_length, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, user_stats, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_user_stat_enabled, 0, "");
+SYSCTL_UINT(_vfs_generic_nfs_server, OID_AUTO, gss_context_ttl, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_gss_context_ttl, 0, "");
+#if CONFIG_FSE
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, fsevents, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_fsevents_enabled, 0, "");
+#endif
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, nfsd_thread_max, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsd_thread_max, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, nfsd_thread_count, CTLFLAG_RD | CTLFLAG_LOCKED, &nfsd_thread_count, 0, "");
+#ifdef NFS_UC_Q_DEBUG
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, use_upcall_svc, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_uc_use_proxy, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, upcall_queue_limit, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_uc_queue_limit, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, upcall_queue_max_seen, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_uc_queue_max_seen, 0, "");
+SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, upcall_queue_count, CTLFLAG_RD | CTLFLAG_LOCKED, (int *)&nfsrv_uc_queue_count, 0, "");
+#endif
 #endif /* NFSSERVER */
 
 
@@ -186,11 +206,19 @@ nfsclnt(proc_t p, struct nfsclnt_args *uap, __unused int *retval)
 	struct lockd_ans la;
 	int error;
 
-	if (uap->flag == NFSCLNT_LOCKDANS) {
+	switch (uap->flag) {
+	case NFSCLNT_LOCKDANS:
 		error = copyin(uap->argp, &la, sizeof(la));
-		return (error != 0 ? error : nfslockdans(p, &la));
+		if (!error)
+			error = nfslockdans(p, &la);
+		break;
+	case NFSCLNT_LOCKDNOTIFY:
+		error = nfslockdnotify(p, uap->argp);
+		break;
+	default:
+		error = EINVAL;
 	}
-	return EINVAL;
+	return (error);
 }
 
 /*
@@ -206,7 +234,6 @@ nfsclnt(proc_t p, struct nfsclnt_args *uap, __unused int *retval)
  * Async requests will pull the next struct nfsiod from the head of the free list,
  * put it on the work queue, and wake whatever thread is waiting on that struct.
  */
-static int nfsiod_continue(int);
 
 /*
  * nfsiod thread exit routine
@@ -214,7 +241,7 @@ static int nfsiod_continue(int);
  * Must be called with nfsiod_mutex held so that the
  * decision to terminate is atomic with the termination.
  */
-static void
+void
 nfsiod_terminate(struct nfsiod *niod)
 {
 	nfsiod_thread_count--;
@@ -228,7 +255,7 @@ nfsiod_terminate(struct nfsiod *niod)
 }
 
 /* nfsiod thread startup routine */
-static void
+void
 nfsiod_thread(void)
 {
 	struct nfsiod *niod;
@@ -238,6 +265,7 @@ nfsiod_thread(void)
 	if (!niod) {
 		lck_mtx_lock(nfsiod_mutex);
 		nfsiod_thread_count--;
+		wakeup(current_thread());
 		lck_mtx_unlock(nfsiod_mutex);
 		thread_terminate(current_thread());
 		/*NOTREACHED*/
@@ -263,7 +291,7 @@ nfsiod_thread(void)
 int
 nfsiod_start(void)
 {
-	thread_t thd;
+	thread_t thd = THREAD_NULL;
 
 	lck_mtx_lock(nfsiod_mutex);
 	if ((nfsiod_thread_count >= NFSIOD_MAX) && (nfsiod_thread_count > 0)) {
@@ -271,9 +299,13 @@ nfsiod_start(void)
 		return (EBUSY);
 	}
 	nfsiod_thread_count++;
-	thd = kernel_thread(kernel_task, nfsiod_thread);
+	if (kernel_thread_start((thread_continue_t)nfsiod_thread, NULL, &thd) != KERN_SUCCESS) {
+		lck_mtx_unlock(nfsiod_mutex);
+		return (EBUSY);
+	}
 	/* wait for the thread to complete startup */
 	msleep(thd, nfsiod_mutex, PWAIT | PDROP, "nfsiodw", NULL);
+	thread_deallocate(thd);
 	return (0);
 }
 
@@ -282,7 +314,7 @@ nfsiod_start(void)
  *
  * Grab an nfsiod struct to work on, do some work, then drop it
  */
-static int
+int
 nfsiod_continue(int error)
 {
 	struct nfsiod *niod;
@@ -295,8 +327,6 @@ nfsiod_continue(int error)
 	niod = TAILQ_FIRST(&nfsiodwork);
 	if (!niod) {
 		/* there's no work queued up */
-		if (error != EWOULDBLOCK)
-			printf("nfsiod: error %d work %p\n", error, niod);
 		/* remove an old nfsiod struct and terminate */
 		if ((niod = TAILQ_LAST(&nfsiodfree, nfsiodlist)))
 			TAILQ_REMOVE(&nfsiodfree, niod, niod_link);
@@ -382,10 +412,10 @@ getfh(proc_t p, struct getfh_args *uap, __unused int *retval)
 {
 	vnode_t vp;
 	struct nfs_filehandle nfh;
-	int error;
+	int error, fhlen, fidlen;
 	struct nameidata nd;
 	char path[MAXPATHLEN], *ptr;
-	u_int pathlen;
+	size_t pathlen;
 	struct nfs_exportfs *nxfs;
 	struct nfs_export *nx;
 
@@ -396,14 +426,20 @@ getfh(proc_t p, struct getfh_args *uap, __unused int *retval)
 	if (error)
 		return (error);
 
-	error = copyinstr(uap->fname, path, MAXPATHLEN, (size_t *)&pathlen);
+	error = copyinstr(uap->fname, path, MAXPATHLEN, &pathlen);
+	if (!error)
+		error = copyin(uap->fhp, &fhlen, sizeof(fhlen));
 	if (error)
 		return (error);
+	/* limit fh size to length specified (or v3 size by default) */
+	if ((fhlen != NFSV2_MAX_FH_SIZE) && (fhlen != NFSV3_MAX_FH_SIZE))
+		fhlen = NFSV3_MAX_FH_SIZE;
+	fidlen = fhlen - sizeof(struct nfs_exphandle);
 
 	if (!nfsrv_is_initialized())
 		return (EINVAL);
 
-	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNPATH1, 
+	NDINIT(&nd, LOOKUP, OP_LOOKUP, FOLLOW | LOCKLEAF | AUDITVNPATH1, 
 			UIO_SYSSPACE, CAST_USER_ADDR_T(path), vfs_context_current());
 	error = namei(&nd);
 	if (error)
@@ -445,9 +481,9 @@ getfh(proc_t p, struct getfh_args *uap, __unused int *retval)
 	nfh.nfh_xh.nxh_expid = htonl(nx->nx_id);
 	nfh.nfh_xh.nxh_flags = 0;
 	nfh.nfh_xh.nxh_reserved = 0;
-	nfh.nfh_len = NFSV3_MAX_FID_SIZE;
+	nfh.nfh_len = fidlen;
 	error = VFS_VPTOFH(vp, (int*)&nfh.nfh_len, &nfh.nfh_fid[0], NULL);
-	if (nfh.nfh_len > (int)NFSV3_MAX_FID_SIZE)
+	if (nfh.nfh_len > (uint32_t)fidlen)
 		error = EOVERFLOW;
 	nfh.nfh_xh.nxh_fidlen = nfh.nfh_len;
 	nfh.nfh_len += sizeof(nfh.nfh_xh);
@@ -458,11 +494,11 @@ out:
 	vnode_put(vp);
 	if (error)
 		return (error);
-	error = copyout((caddr_t)&nfh, uap->fhp, sizeof(nfh));
+	error = copyout((caddr_t)&nfh, uap->fhp, sizeof(fhandle_t));
 	return (error);
 }
 
-extern struct fileops vnops;
+extern const struct fileops vnops;
 
 /*
  * syscall for the rpc.lockd to use to translate a NFS file handle into
@@ -474,7 +510,7 @@ extern struct fileops vnops;
 int
 fhopen( proc_t p,
 	struct fhopen_args *uap,
-	register_t *retval)
+	int32_t *retval)
 {
 	vnode_t vp;
 	struct nfs_filehandle nfh;
@@ -557,7 +593,7 @@ fhopen( proc_t p,
 
 	if ((error = VNOP_OPEN(vp, fmode, ctx)))
 		goto bad;
-	if ((error = vnode_ref_ext(vp, fmode)))
+	if ((error = vnode_ref_ext(vp, fmode, 0)))
 		goto bad;
 
 	/*
@@ -572,7 +608,6 @@ fhopen( proc_t p,
 	fp = nfp;
 
 	fp->f_fglob->fg_flag = fmode & FMASK;
-	fp->f_fglob->fg_type = DTYPE_VNODE;
 	fp->f_fglob->fg_ops = &vnops;
 	fp->f_fglob->fg_data = (caddr_t)vp;
 
@@ -588,7 +623,7 @@ fhopen( proc_t p,
 		type = F_FLOCK;
 		if ((fmode & FNONBLOCK) == 0)
 			type |= F_WAIT;
-		if ((error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_SETLK, &lf, type, ctx))) {
+		if ((error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_SETLK, &lf, type, ctx, NULL))) {
 			struct vfs_context context = *vfs_context_current();
 			/* Modify local copy (to not damage thread copy) */
 			context.vc_ucred = fp->f_fglob->fg_cred;
@@ -629,10 +664,9 @@ nfssvc(proc_t p, struct nfssvc_args *uap, __unused int *retval)
 	AUDIT_ARG(cmd, uap->flag);
 
 	/*
-	 * Must be super user
+	 * Must be super user for most operations (export ops checked later).
 	 */
-	error = proc_suser(p);
-	if (error)
+	if ((uap->flag != NFSSVC_EXPORT) && ((error = proc_suser(p))))
 		return (error);
 #if CONFIG_MACF
 	error = mac_system_check_nfsd(kauth_cred_get());
@@ -695,11 +729,12 @@ nfssvc(proc_t p, struct nfssvc_args *uap, __unused int *retval)
 /*
  * Adds a socket to the list for servicing by nfsds.
  */
-static int
+int
 nfssvc_addsock(socket_t so, mbuf_t mynam)
 {
 	struct nfsrv_sock *slp;
 	int error = 0, sodomain, sotype, soprotocol, on = 1;
+	int first;
 	struct timeval timeo;
 
 	/* make sure mbuf constants are set up */
@@ -708,8 +743,12 @@ nfssvc_addsock(socket_t so, mbuf_t mynam)
 
 	sock_gettype(so, &sodomain, &sotype, &soprotocol);
 
-	/* There should be only one UDP socket */
-	if ((soprotocol == IPPROTO_UDP) && nfsrv_udpsock) {
+	/* There should be only one UDP socket for each of IPv4 and IPv6 */
+	if ((sodomain == AF_INET) && (soprotocol == IPPROTO_UDP) && nfsrv_udpsock) {
+		mbuf_freem(mynam);
+		return (EEXIST);
+	}
+	if ((sodomain == AF_INET6) && (soprotocol == IPPROTO_UDP) && nfsrv_udp6sock) {
 		mbuf_freem(mynam);
 		return (EEXIST);
 	}
@@ -757,17 +796,30 @@ nfssvc_addsock(socket_t so, mbuf_t mynam)
 	lck_mtx_lock(nfsd_mutex);
 
 	if (soprotocol == IPPROTO_UDP) {
-		/* There should be only one UDP socket */
-		if (nfsrv_udpsock) {
-			lck_mtx_unlock(nfsd_mutex);
-			nfsrv_slpfree(slp);
-			mbuf_freem(mynam);
-			return (EEXIST);
+		if (sodomain == AF_INET) {
+			/* There should be only one UDP/IPv4 socket */
+			if (nfsrv_udpsock) {
+				lck_mtx_unlock(nfsd_mutex);
+				nfsrv_slpfree(slp);
+				mbuf_freem(mynam);
+				return (EEXIST);
+			}
+			nfsrv_udpsock = slp;
+		}
+		if (sodomain == AF_INET6) {
+			/* There should be only one UDP/IPv6 socket */
+			if (nfsrv_udp6sock) {
+				lck_mtx_unlock(nfsd_mutex);
+				nfsrv_slpfree(slp);
+				mbuf_freem(mynam);
+				return (EEXIST);
+			}
+			nfsrv_udp6sock = slp;
 		}
-		nfsrv_udpsock = slp;
 	}
 
 	/* add the socket to the list */
+	first = TAILQ_EMPTY(&nfsrv_socklist);
 	TAILQ_INSERT_TAIL(&nfsrv_socklist, slp, ns_chain);
 
 	sock_retain(so); /* grab a retain count on the socket */
@@ -775,12 +827,8 @@ nfssvc_addsock(socket_t so, mbuf_t mynam)
 	slp->ns_sotype = sotype;
 	slp->ns_nam = mynam;
 
-	/* set up the socket upcall */
-	socket_lock(so, 1);
-	so->so_upcallarg = (caddr_t)slp;
-	so->so_upcall = nfsrv_rcv;
-	so->so_rcv.sb_flags |= SB_UPCALL;
-	socket_unlock(so, 1);
+	/* set up the socket up-call */
+	nfsrv_uc_addsock(slp, first);
 
 	/* mark that the socket is not in the nfsrv_sockwg list */
 	slp->ns_wgq.tqe_next = SLPNOLIST;
@@ -828,7 +876,7 @@ nfssvc_addsock(socket_t so, mbuf_t mynam)
  *   have any work are simply dropped from the queue.
  *
  */
-static int
+int
 nfssvc_nfsd(void)
 {
 	mbuf_t m, mrep;
@@ -840,6 +888,7 @@ nfssvc_nfsd(void)
 	u_quad_t cur_usec;
 	struct timeval now;
 	struct vfs_context context;
+	struct timespec to;
 
 #ifndef nolint
 	cacherep = RC_DOIT;
@@ -853,11 +902,16 @@ nfssvc_nfsd(void)
 	lck_mtx_lock(nfsd_mutex);
 	if (nfsd_thread_count++ == 0)
 		nfsrv_initcache();		/* Init the server request cache */
+	
 	TAILQ_INSERT_TAIL(&nfsd_head, nfsd, nfsd_chain);
 	lck_mtx_unlock(nfsd_mutex);
 
 	context.vc_thread = current_thread();
 
+	/* Set time out so that nfsd threads can wake up a see if they are still needed. */
+	to.tv_sec = 5;
+	to.tv_nsec = 0;
+
 	/*
 	 * Loop getting rpc requests until SIGKILL.
 	 */
@@ -885,12 +939,14 @@ nfssvc_nfsd(void)
 				}
 				nfsd->nfsd_flag |= NFSD_WAITING;
 				TAILQ_INSERT_HEAD(&nfsd_queue, nfsd, nfsd_queue);
-				error = msleep(nfsd, nfsd_mutex, PSOCK | PCATCH, "nfsd", NULL);
+				error = msleep(nfsd, nfsd_mutex, PSOCK | PCATCH, "nfsd", &to);
 				if (error) {
 					if (nfsd->nfsd_flag & NFSD_WAITING) {
 						TAILQ_REMOVE(&nfsd_queue, nfsd, nfsd_queue);
 						nfsd->nfsd_flag &= ~NFSD_WAITING;
 					}
+					if (error == EWOULDBLOCK)
+						continue;
 					goto done;
 				}
 			}
@@ -970,6 +1026,8 @@ nfssvc_nfsd(void)
 					mbuf_freem(nd->nd_nam2);
 				if (IS_VALID_CRED(nd->nd_cr))
 					kauth_cred_unref(&nd->nd_cr);
+				if (nd->nd_gss_context)
+					nfs_gss_svc_ctx_deref(nd->nd_gss_context);
 				FREE_ZONE(nd, sizeof(*nd), M_NFSRVDESC);
 				nd = NULL;
 			}
@@ -992,21 +1050,17 @@ nfssvc_nfsd(void)
 
 		    if (nfsrv_require_resv_port) {
 			/* Check if source port is a reserved port */
-			u_short port;
-			struct sockaddr *nam = mbuf_data(nd->nd_nam);
-			struct sockaddr_in *sin;
-
-			sin = (struct sockaddr_in *)nam;
-			port = ntohs(sin->sin_port);
-			if (port >= IPPORT_RESERVED && 
-			    nd->nd_procnum != NFSPROC_NULL) {
-			    char strbuf[MAX_IPv4_STR_LEN];
+			in_port_t port = 0;
+			struct sockaddr *saddr = mbuf_data(nd->nd_nam);
+
+			if (saddr->sa_family == AF_INET)
+				port = ntohs(((struct sockaddr_in*)saddr)->sin_port);
+			else if (saddr->sa_family == AF_INET6)
+				port = ntohs(((struct sockaddr_in6*)saddr)->sin6_port);
+			if ((port >= IPPORT_RESERVED) && (nd->nd_procnum != NFSPROC_NULL)) {
 			    nd->nd_procnum = NFSPROC_NOOP;
 			    nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK);
 			    cacherep = RC_DOIT;
-			    printf("NFS request from unprivileged port (%s:%d)\n",
-			    	inet_ntop(AF_INET, &sin->sin_addr, strbuf, sizeof(strbuf)),
-			    	port);
 			}
 		    }
 
@@ -1047,7 +1101,7 @@ nfssvc_nfsd(void)
 
 			}
 			if (error) {
-				OSAddAtomic(1, (SInt32*)&nfsstats.srv_errs);
+				OSAddAtomic64(1, &nfsstats.srv_errs);
 				nfsrv_updatecache(nd, FALSE, mrep);
 				if (nd->nd_nam2) {
 					mbuf_freem(nd->nd_nam2);
@@ -1055,7 +1109,7 @@ nfssvc_nfsd(void)
 				}
 				break;
 			}
-			OSAddAtomic(1, (SInt32*)&nfsstats.srvrpccnt[nd->nd_procnum]);
+			OSAddAtomic64(1, &nfsstats.srvrpccnt[nd->nd_procnum]);
 			nfsrv_updatecache(nd, TRUE, mrep);
 			/* FALLTHRU */
 
@@ -1096,7 +1150,7 @@ nfssvc_nfsd(void)
 			if (slp->ns_sotype == SOCK_STREAM) {
 				error = mbuf_prepend(&m, NFSX_UNSIGNED, MBUF_WAITOK);
 				if (!error)
-					*(u_long*)mbuf_data(m) = htonl(0x80000000 | siz);
+					*(u_int32_t*)mbuf_data(m) = htonl(0x80000000 | siz);
 			}
 			if (!error) {
 				if (slp->ns_flag & SLP_VALID) {
@@ -1122,6 +1176,8 @@ nfssvc_nfsd(void)
 				nfsm_chain_cleanup(&nd->nd_nmreq);
 				if (IS_VALID_CRED(nd->nd_cr))
 					kauth_cred_unref(&nd->nd_cr);
+				if (nd->nd_gss_context)
+					nfs_gss_svc_ctx_deref(nd->nd_gss_context);
 				FREE_ZONE(nd, sizeof(*nd), M_NFSRVDESC);
 				nfsrv_slpderef(slp);
 				lck_mtx_lock(nfsd_mutex);
@@ -1140,6 +1196,8 @@ nfssvc_nfsd(void)
 				mbuf_freem(nd->nd_nam2);
 			if (IS_VALID_CRED(nd->nd_cr))
 				kauth_cred_unref(&nd->nd_cr);
+			if (nd->nd_gss_context)
+				nfs_gss_svc_ctx_deref(nd->nd_gss_context);
 			FREE_ZONE(nd, sizeof(*nd), M_NFSRVDESC);
 			nd = NULL;
 		    }
@@ -1187,7 +1245,7 @@ done:
 	return (error);
 }
 
-static int
+int
 nfssvc_export(user_addr_t argp)
 {
 	int error = 0, is_64bit;
@@ -1228,7 +1286,7 @@ nfssvc_export(user_addr_t argp)
  * will stop using it and clear ns_flag at the end so that it will not be
  * reassigned during cleanup.
  */
-static void
+void
 nfsrv_zapsock(struct nfsrv_sock *slp)
 {
 	socket_t so;
@@ -1242,8 +1300,8 @@ nfsrv_zapsock(struct nfsrv_sock *slp)
 		return;
 
 	/*
-	 * Attempt to deter future upcalls, but leave the
-	 * upcall info in place to avoid a race with the
+	 * Attempt to deter future up-calls, but leave the
+	 * up-call info in place to avoid a race with the
 	 * networking code.
 	 */
 	socket_lock(so, 1);
@@ -1251,12 +1309,17 @@ nfsrv_zapsock(struct nfsrv_sock *slp)
 	socket_unlock(so, 1);
 
 	sock_shutdown(so, SHUT_RDWR);
+
+	/*
+	 * Remove from the up-call queue
+	 */
+	nfsrv_uc_dequeue(slp);
 }
 
 /*
  * cleanup and release a server socket structure.
  */
-static void
+void
 nfsrv_slpfree(struct nfsrv_sock *slp)
 {
 	struct nfsrv_descript *nwp, *nnwp;
@@ -1276,6 +1339,9 @@ nfsrv_slpfree(struct nfsrv_sock *slp)
 	slp->ns_nam = slp->ns_raw = slp->ns_rec = slp->ns_frag = NULL;
 	slp->ns_reccnt = 0;
 
+	if (slp->ns_ua)
+		FREE(slp->ns_ua, M_NFSSVC);
+
 	for (nwp = slp->ns_tq.lh_first; nwp; nwp = nnwp) {
 		nnwp = nwp->nd_tq.le_next;
 		LIST_REMOVE(nwp, nd_tq);
@@ -1286,6 +1352,8 @@ nfsrv_slpfree(struct nfsrv_sock *slp)
 			mbuf_freem(nwp->nd_nam2);
 		if (IS_VALID_CRED(nwp->nd_cr))
 			kauth_cred_unref(&nwp->nd_cr);
+		if (nwp->nd_gss_context)
+			nfs_gss_svc_ctx_deref(nwp->nd_gss_context);
 		FREE_ZONE(nwp, sizeof(*nwp), M_NFSRVDESC);
 	}
 	LIST_INIT(&slp->ns_tq);
@@ -1401,8 +1469,10 @@ nfsrv_cleanup(void)
 {
 	struct nfsrv_sock *slp, *nslp;
 	struct timeval now;
+#if CONFIG_FSE
 	struct nfsrv_fmod *fp, *nfp;
 	int i;
+#endif
 
 	microuptime(&now);
 	for (slp = TAILQ_FIRST(&nfsrv_socklist); slp != 0; slp = nslp) {
@@ -1434,6 +1504,7 @@ nfsrv_cleanup(void)
 		}
 	}
 
+#if CONFIG_FSE
 	/*
 	 * Flush pending file write fsevents
 	 */
@@ -1444,12 +1515,12 @@ nfsrv_cleanup(void)
 			 * Fire off the content modified fsevent for each
 			 * entry, remove it from the list, and free it.
 			 */
-#if CONFIG_FSE
-			if (nfsrv_fsevents_enabled)
+			if (nfsrv_fsevents_enabled) {
+				fp->fm_context.vc_thread = current_thread();
 				add_fsevent(FSE_CONTENT_MODIFIED, &fp->fm_context,
 						FSE_ARG_VNODE, fp->fm_vp,
 						FSE_ARG_DONE);
-#endif
+			}
 			vnode_put(fp->fm_vp);
 			kauth_cred_unref(&fp->fm_context.vc_ucred);
 			nfp = LIST_NEXT(fp, fm_link);
@@ -1459,12 +1530,16 @@ nfsrv_cleanup(void)
 	}
 	nfsrv_fmod_pending = 0;
 	lck_mtx_unlock(nfsrv_fmod_mutex);
+#endif
 
+	nfsrv_uc_cleanup();     /* Stop nfs socket up-call threads */
+	
 	nfs_gss_svc_cleanup();	/* Remove any RPCSEC_GSS contexts */
 
 	nfsrv_cleancache();	/* And clear out server cache */
 
 	nfsrv_udpsock = NULL;
+	nfsrv_udp6sock = NULL;
 }
 
 #endif /* NFS_NOSERVER */