summaryrefslogtreecommitdiffstats
path: root/sys/nfsserver
Commit message (Collapse)AuthorAgeFilesLines
* Move vnode-to-file-handle translation from vfs_vptofh to vop_vptofh method.pjd2007-02-151-6/+6
| | | | | | | | | | | | | | | | This way we may support multiple structures in v_data vnode field within one file system without using black magic. Vnode-to-file-handle should be VOP in the first place, but was made VFS operation to keep interface as compatible as possible with SUN's VFS. BTW. Now Solaris also implements vnode-to-file-handle as VOP operation. VFS_VPTOFH() was left for API backward compatibility, but is marked for removal before 8.0-RELEASE. Approved by: mckusick Discussed with: many (on IRC) Tested with: ufs, msdosfs, cd9660, nullfs and zfs
* Get the vfs giant lock before calling nfs_access.mpp2007-02-131-3/+9
| | | | Reviewed by: mohan
* The nfsm_srvpathsiz() macro in nfsrv_symlink() in nfs_serv.c shouldhrs2007-01-022-1/+20
| | | | | | | | | check length of the pathname in the range 0<=n<=NFS_MAXPATHLEN, not 0<n<=NFS_MAXPATHLEN. This fixes a minor interoperability problem that the FreeBSD NFS server did not allow a symlink pointing the empty pathname. MFC after: 1 week
* MFp4: 92972, 98913 + one more changebz2006-12-121-9/+13
| | | | | | | In ip6_sprintf no longer use and return one of eight static buffers for printing/logging ipv6 addresses. The caller now has to hand in a sufficiently large buffer as first argument.
* Push Giant a bit further off the NFS server in a number of straightrwatson2006-11-243-224/+297
| | | | | | | | | | | | | | | | | | | | | | | | forward cases by converting from unconditional acquisition of Giant around vnode operations to conditional acquisition: - Remove nfsrv_access_withgiant(), and cause nfsrv_access() to now assert that Giant will be held if it is required for the vnode. - Add nfsrv_fhtovp_locked(), which will drop the NFS server lock if required, and modify nfsrv_fhtovp() to conditionally acquire Giant if required. - In the VOP's not dealing with more than one vnode at a time (i.e., not involving a lookup), conditionally acquire Giant. This removes Giant use for MPSAFE file systems for a number of quite important RPCs, including getattr, read, write. It leaves unconditional Giant acquisitions in vnode operations that interact with the name space or more than one vnode at a time as these require further work. Tested by: kris Reviewed by: kib
* Protect nfsm_srvpathsiz() call with the nfsd_mtx lock.pjd2006-11-201-5/+6
| | | | Reviewed by: mohans
* Sweep kernel replacing suser(9) calls with priv(9) calls, assigningrwatson2006-11-061-1/+2
| | | | | | | | | | | | | specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
* Fix leak in NAMEI zone caused by nfs server when VOP_RENAME fails.kib2006-10-261-2/+2
| | | | | | | Submitted by: Padma Bhooma <pbhooma at panasas com> Reviewed by: bde Approved by: pjd (mentor) MFC after: 1 week
* Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.hrwatson2006-10-222-2/+4
| | | | | | | | | | | | | begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead. This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd. Obtained from: TrustedBSD Project Sponsored by: SPARTA
* - Add a new function nfsrv_destroycache() to tear down the server requestjhb2006-08-013-3/+17
| | | | | | | | | cache when unloading the nfsserver module. This fixes a memory leak and a stale pointer. - Use callout_drain() rather than callout_stop() when unloading the nfsserver module. MFC after: 3 days
* Use TAILQ_FOREACH_SAFE() in a couple of places.jhb2006-08-012-5/+2
|
* Now that all system calls are MPSAFE, retire the SYF_MPSAFE flag used tojhb2006-07-281-1/+2
| | | | | | | | | mark system calls as being MPSAFE: - Stop conditionally acquiring Giant around system call invocations. - Remove all of the 'M' prefixes from the master system call files. - Remove support for the 'M' prefix from the script that generates the syscall-related files from the master system call files. - Don't explicitly set SYF_MPSAFE when registering nfssvc.
* soreceive_generic(), and sopoll_generic(). Add new functions sosend(),rwatson2006-07-241-6/+3
| | | | | | | | | | | | | | | | soreceive(), and sopoll(), which are wrappers for pru_sosend, pru_soreceive, and pru_sopoll, and are now used univerally by socket consumers rather than either directly invoking the old so*() functions or directly invoking the protocol switch method (about an even split prior to this commit). This completes an architectural change that was begun in 1996 to permit protocols to provide substitute implementations, as now used by UDP. Consumers now uniformly invoke sosend(), soreceive(), and sopoll() to perform these operations on sockets -- in particular, distributed file systems and socket system calls. Architectural head nod: sam, gnn, wollman
* Size the NFS server dupreq cache on the basis of nmbclusters. On serversmohans2006-06-232-4/+22
| | | | | | | | | | | with low nmbclusters, we tie up too many mbclusters in the NFS duplicate request cache. This change limits the size of the dupreq cache to 1/2 the nmbclusters (and flaots in a range of [64, 2048]). MFC after 2 weeks. Reported by: Steve Kargl, David O'Brien Tested by: Steve Kargl
* Temporary workaround to prevent leak of Giant from nfsd when callingkib2006-06-052-0/+20
| | | | | | | | | lookup(). Reviewed by: tegge Tested by: "Arno J. Klaassen" <arno at heho snv jussieu fr>, "Rong-en Fan" <grafan at gmail com>, Dmitriy Kirhlarov <dimma at higis ru>, Dmitry Pryanishnikov <dmitry at atlantis dp ua> MFC after: 1 week Approved by: kan, pjd (mentors)
* Bump up the NFS server dupreq cache limit to 2K (from 64). With a smallmohans2006-04-251-1/+1
| | | | | | | duplicate request cache, under heavy load a lot of non-idempotent requests were getting served again, resulting in errors. Found by : Kris Kennaway.
* Introduce a new MAC entry point for label initialization of the NFS daemon'scsjp2006-04-061-0/+3
| | | | | | | | | | | | | | | credential: mac_associate_nfsd_label() This entry point can be utilized by various Mandatory Access Control policies so they can properly initialize the label of files which get created as a result of an NFS operation. This work will be useful for fixing kernel panics associated with accessing un-initialized or invalid vnode labels. The implementation of these entry points will come shortly. Obtained from: TrustedBSD Requested by: mdodd MFC after: 3 weeks
* rick says:cel2006-04-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | The following bug was just identified in OpenBSD and it looks like the same bug exists in the other BSDen NFS servers. A Linux client (don't know which version, but you can look at http://bugzilla.kernel.org/show_bug.cgi?id=6256) does a Setattr of mtime to the server's time, where the file is mode 0664 and the client user has group access (ie. caller is not the file owner). The BSD servers fail the Setattr with EPERM, since the VA_UTIMES_NULL flag isn't set before doing the VOP_SETATTR. It seems to me that this should be allowed, since it is allowed for a local utimes(2). If so, the fix is to set VA_UTIMES_NULL for the "set-time-to-server-time" cases of setting atime and/or mtime. Submitted by: rick@snowhite.cis.uoguelph.ca Reviewed by: cel Approved by: silby MFC after: 1 week
* - Release the references acquired by VOP_GETWRITEMOUNT and vfs_getvfs().jeff2006-03-312-2/+15
| | | | | | Discussed with: tegge Tested by: kris Sponsored by: Isilon Systems, Inc.
* - Reorder vrele calls after vput calls to prevent lock order reversalsjeff2006-03-121-26/+17
| | | | | | | between leaf and directory locks. Found by: kris Sponsored by: Isilon Systems, Inc.
* When parsing an RPC request in nfsrv_dorec(), KASSERT that theresimon2006-03-081-0/+1
| | | | | | | | | actually is an mbuf to process. This catches the missing mbuf before it would otherwise causes a NULL pointer dereference, which could be triggered by a 0 length RPC record before the check for such records was added in rev 1.97. Approved by: cperciva (mentor)
* Correct a remote kernel panic when processing zero-length RPC recordssimon2006-03-011-1/+1
| | | | | | | via TCP. [06:10] Security: FreeBSD-SA-06:10.nfs Approved by: cperciva
* - Reorder calls to vrele() after calls to vput() when the vrele is ajeff2006-02-012-39/+38
| | | | | | | | | | | | directory. vrele() may lock the passed vnode, which in these cases would give an invalid lock order of child -> parent. These situations are deadlock prone although do not typically deadlock because the vrele is typically not releasing the last reference to the vnode. Users of vrele must consider it as a call to vn_lock() and order it appropriately. MFC After: 1 week Sponsored by: Isilon Systems, Inc. Tested by: kkenn
* Manage the ucred for the NFS server using the crget/crfree API defined incsjp2006-01-284-39/+47
| | | | | | | | | | | | | | | | | | | | kern_prot.c. This API handles reference counting among many other things. Notably, if MAC is compiled into the kernel, it will properly initialize the MAC labels when the ucred is allocated. This work is in preparation for a new MAC entry point which will be responsible for properly initializing policy specific labels for the NFS server credential. Utilization of the crfree/crget APIs reduce the complexity associated with this label's management. Submitted by: green (with changes) [1] Obtained from: TrustedBSD Project Discussed with: rwatson, alfred [1] I moved the ucred allocation outside the scope of the NFS server lock to prevent M_WAIKOK allocations from occurring with non-sleep-able locks held. Additionally, to reduce complexity, the ucred persist as long as the NFS server descriptor.
* Revert my previous commit.trhodes2006-01-231-0/+11
| | | | Proved I'm not that bright at times: jhb
* Fix indentation.trhodes2006-01-231-7/+7
| | | | Prodded by: stefanf, ru, njl (in that order)
* Remove some dead code.trhodes2006-01-211-18/+7
| | | | Found with: Coverity Prevent(tm)
* Normalize a significant number of kernel malloc type names:rwatson2005-10-311-3/+3
| | | | | | | | | | | | | | | | | | | - Prefer '_' to ' ', as it results in more easily parsed results in memory monitoring tools such as vmstat. - Remove punctuation that is incompatible with using memory type names as file names, such as '/' characters. - Disambiguate some collisions by adding subsystem prefixes to some memory types. - Generally prefer lower case to upper case. - If the same type is defined in multiple architecture directories, attempt to use the same name in additional cases. Not all instances were caught in this change, so more work is required to finish this conversion. Similar changes are required for UMA zone names.
* Keep locks consistent before goto.glebius2005-10-271-0/+4
| | | | | Reported by: pho Reviewed by: mohans
* Use the refcount API to manage the reference count for user credentialsjhb2005-09-272-5/+6
| | | | | | rather than using pool mutexes. Tested on: i386, alpha, sparc64
* NFS write gathering defers execution of NFS server write requests to waitrwatson2005-04-172-5/+23
| | | | | | | | | | | | | | | | | | to see if additional write requests will arrive that can be coalesced and clustered with earlier ones. When doing so, it must determine whether the two requests are made by credentials with the same access writes, so as not to coalesce improperly. NFSW_SAMECRED() implements a test of two credentials using a binary compare. Replace NFSW_SAMECRED() macro with nfsrv_samecred() function, which is aware of the contents and layout of a struct ucred, rather than a simple binary compare. While the binary compare works when ucred is simply a zero'd and embedded 'struct ucred' in the NFS descriptor, it will work less well when the ucred associated with an NFS descriptor is "real", so has defined and populated reference count, mutex, etc. MFC after: 1 week Obtained from: TrustedBSD Project
* avoid potential null ptr deref by free'ing excess mbufs instead ofsam2005-03-281-2/+4
| | | | | | | zero'ing their length (copied from m_adj where this code came from after the equivalent change there has had time to soak) Noticed by: Coverity Prevent analysis tool
* Do not do write gathering for NFSv3, since it makes no sense unlessdelphij2005-03-261-1/+2
| | | | | | | the client is broken and does sync writes all the time. Obtained from: NetBSD (sys/nfs/nfs_syscalls.c,v 1.44) Reviewed by: -arch (bde)
* Don't try to create vnode_pager objects on other filesystems vnodes,phk2005-01-243-18/+0
| | | | either they did it themselves or it won't happen.
* Now that we have a non blocking version of nfsm_dissect(), change all theps2005-01-193-41/+41
| | | | | | nfsm_dissect() calls (done under the NFSD lock) to nfsm_dissect_nonblock(). Submitted by: Mohan Srinivasan
* Ditch vfs_object_create() and make the callers call VOP_CREATEVOBJECT()phk2005-01-131-1/+1
| | | | directly.
* Remove the unused credential argument from VOP_FSYNC() and VFS_SYNC().phk2005-01-111-1/+1
| | | | | | | | | | | | | | | | | | I'm not sure why a credential was added to these in the first place, it is not used anywhere and it doesn't make much sense: The credentials for syncing a file (ability to write to the file) should be checked at the system call level. Credentials for syncing one or more filesystems ("none") should be checked at the system call level as well. If the filesystem implementation needs a particular credential to carry out the syncing it would logically have to the cached mount credential, or a credential cached along with any delayed write data. Discussed with: rwatson
* /* -> /*- for license, minor formatting changesimp2005-01-079-9/+9
|
* Correct a bug in nfsrv_create() where a call to nfsrv_access() mightrwatson2004-11-111-38/+52
| | | | | | | | | | | | | be made holding the NFS server mutex. To clean this up, introduce a version of the function, nfsrv_access_withgiant(), that expects the NFS server mutex to already have been dropped and Giant acquired. Wrap nfsrv_access() around this. This permits callers to more efficiently check access if they're in a code block performing VFS operations, and can be substitited for the nfsrv_access() call that triggered this bug. PR: 73807, 73208 MFC after: 1 week
* Add b_bufobj to struct buf which eventually will eliminate the need for b_vp.phk2004-10-221-1/+1
| | | | | | | | | | | | | | | | | | Initialize b_bufobj for all buffers. Make incore() and gbincore() take a bufobj instead of a vnode. Make inmem() local to vfs_bio.c Change a lot of VI_[UN]LOCK(bp->b_vp) to BO_[UN]LOCK(bp->b_bufobj) also VI_MTX() to BO_MTX(), Make buf_vlist_add() take a bufobj instead of a vnode. Eliminate other uses of bp->b_vp where bp->b_bufobj will do. Various minor polishing: remove "register", turn panic into KASSERT, use new function declarations, TAILQ_FOREACH_SAFE() etc.
* Correct several instances where calls to vfs_getvfs() resulting inrwatson2004-10-181-13/+61
| | | | | | | | | | | failure in the NFS server would result in a leaked instance of the NFS server subsystem lock. Liberally sprinkle assertions in all target labels for error unwinding to assert the desired locking state. RELENG_5_3 candidate. MFC after: 3 days Reported by: Wilkinson, Alex <alex dot wilkinson at dsto dot defence dot gov dot au>
* Convert a mtx_lock(&Giant) to a mtx_unlock(&Giant) in nfsrv_link() torwatson2004-08-251-1/+1
| | | | | | | | | prevent leakage of Giant. With INVARIANTS, this results in an assertion failure following execution of the RPC. Without INVARIANTS, it could result in problems if the NFS server is killed causing nfsd to return to user space holding Giant. Feet provided by: brueffer
* If debug.mpsafenet is non-zero, run the NFS server callout withoutrwatson2004-07-241-1/+4
| | | | Giant.
* Remove spl() use from nfsrv_timer.rwatson2004-07-241-3/+0
|
* Do a pass over all modules in the kernel and make them return EOPNOTSUPPphk2004-07-151-5/+8
| | | | | | | | for unknown events. A number of modules return EINVAL in this instance, and I have left those alone for now and instead taught MOD_QUIESCE to accept this as "didn't do anything".
* Do not call sorecieve() in the context of a socket callback as it causesalfred2004-07-131-3/+5
| | | | | lock order reversals so->inpcb since we're called with the socket lock held.
* Change M_WAITOK argument to sodupsockaddr() to M_NOWAIT. When the callrwatson2004-07-031-1/+5
| | | | | | | | | | | | | to dup_sockaddr() was renamed to sodupsockaddr(), the argument was changed from '1' to 'M_WAITOK', which changed the semantics. This resulted in a WITNESS warning about a potential sleep while holding the NFS server mutex. Now this will no longer happen, restoring a possible bug present in the original code (setting RC_NAM even though the malloc to copy the addres may fail). bde observes that the flag names here should probably not be the same as the malloc flags for name space reasons. Bumped into by: kuriyama
* Merge additional socket buffer locking from rwatson_netperf:rwatson2004-06-171-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | - Lock down low hanging fruit use of sb_flags with socket buffer lock. - Lock down low hanging fruit use of so_state with socket lock. - Lock down low hanging fruit use of so_options. - Lock down low-hanging fruit use of sb_lowwat and sb_hiwat with socket buffer lock. - Annotate situations in which we unlock the socket lock and then grab the receive socket buffer lock, which are currently actually the same lock. Depending on how we want to play our cards, we may want to coallesce these lock uses to reduce overhead. - Convert a if()->panic() into a KASSERT relating to so_state in soaccept(). - Remove a number of splnet()/splx() references. More complex merging of socket and socket buffer locking to follow.
* Second half of the dev_t cleanup.phk2004-06-171-1/+1
| | | | | | | | | | | The big lines are: NODEV -> NULL NOUDEV -> NODEV udev_t -> dev_t udev2dev() -> findcdev() Various minor adjustments including handling of userland access to kernel space struct cdev etc.
* Giant wasn't dropped here if we have to return EBUSY. This is bad.bmilekic2004-05-311-1/+3
|
OpenPOWER on IntegriCloud