STABLERESTART(5) BSD File Formats Manual STABLERESTART(5)NAME
nfs-stablerestart — handles restart edge conditions for the NFS V4 server
The nfs-stablerestart file holds information that allows the NFS V4
server to restart without always returning the NFSERR_NOGRACE error, as
described in the NFS V4 server specification; see Network File System
(NFS) Version 4 Protocol RFC 3530, Section 8.6.3.
The first record in the file, as defined by struct nfsf_rec in
/usr/include/fs/nfs/nfsrvstate.h, holds the lease duration of the last
incarnation of the server and the number of boot times that follows.
Following this are the number of previous boot times listed in the first
record. The lease duration is used to set the Grace Period. The boot
times are used to avoid the unlikely occurrence of a boot time being
reused, due to a TOD clock going backwards. This record and the previous
boot times with this boot time added is re-written at the end of the
The rest of the file are appended records, as defined by struct nfst_rec
in /usr/include/fs/nfs/nfsrvstate.h and are used represent one of two
things. There are records which indicate that a client successfully
aquired state and records that indicate a client's state was revoked.
State revoke records indicate that state information for a client was
discarded, due to lease expiry and an otherwise conflicting open or lock
request being made by a different client. These records can be used to
determine if clients might have done either of the edge conditions.
If a client might have done either edge condition or this file is empty
or corrupted, the server returns NFSERR_NOGRACE for any reclaim request
from the client.
For correct operation of the server, it must be ensured that the file is
written to stable storage by the time a write op with IO_SYNC specified
has returned. This might require hardware level caching to be disabled
for a local disk drive that holds the file, or similar.
/var/db/nfs-stablerestart NFS V4 stable restart file
If the file is empty, the NFS V4 server has no choice but to return
NFSERR_NOGRACE for all Reclaim requests. Although correct, this is a
highly undesirable occurrence, so the file should not be lost if at all
possible. Nfsd will not create the file if it does not exist and will
simply log a failure to start, in the hopes that the file can be recov‐
ered from a backup. To move the file, you must edit the nfsd sources and
recompile it. This was done to discourage accidental relocation of the
BSD Sept 7, 2007 BSD