summaryrefslogtreecommitdiffstats
path: root/sys/nfsserver
Commit message (Collapse)AuthorAgeFilesLines
* Fix the NFS servers so that they can do a Lookup of "..",rmacklem2011-09-031-0/+1
| | | | | | | which requires that ni_strictrelative be set to 0, post-r224810. Tested by: swills (earlier version), geo dot liaskos at gmail.com Approved by: re (kib)
* Second-to-last commit implementing Capsicum capabilities in the FreeBSDrwatson2011-08-111-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | kernel for FreeBSD 9.0: Add a new capability mask argument to fget(9) and friends, allowing system call code to declare what capabilities are required when an integer file descriptor is converted into an in-kernel struct file *. With options CAPABILITIES compiled into the kernel, this enforces capability protection; without, this change is effectively a no-op. Some cases require special handling, such as mmap(2), which must preserve information about the maximum rights at the time of mapping in the memory map so that they can later be enforced in mprotect(2) -- this is done by narrowing the rights in the existing max_protection field used for similar purposes with file permissions. In namei(9), we assert that the code is not reached from within capability mode, as we're not yet ready to enforce namespace capabilities there. This will follow in a later commit. Update two capability names: CAP_EVENT and CAP_KEVENT become CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they represent. Approved by: re (bz) Submitted by: jonathan Sponsored by: Google Inc
* Fix the kgssapi so that it can be loaded as a module. Currentlyrmacklem2011-06-191-12/+4
| | | | | | | | | | | | | the NFS subsystems use five of the rpcsec_gss/kgssapi entry points, but since it was not obvious which others might be useful, all nineteen were included. Basically the nineteen entry points are set in a structure called rpc_gss_entries and inline functions defined in sys/rpc/rpcsec_gss.h check for the entry points being non-NULL and then call them. A default value is returned otherwise. Requested by rwatson. Reviewed by: jhb MFC after: 2 weeks
* Add a lock flags argument to the VFS_FHTOVP() file systemrmacklem2011-05-221-1/+1
| | | | | | | | | | | method, so that callers can indicate the minimum vnode locking requirement. This will allow some file systems to choose to return a LK_SHARED locked vnode when LK_SHARED is specified for the flags argument. This patch only adds the flag. It does not change any file system to use it and all callers specify LK_EXCLUSIVE, so file system semantics are not changed. Reviewed by: kib
* Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/netchild2011-02-251-0/+2
| | | | | | | | | | | | | PMC/SYSV/...). No FreeBSD version bump, the userland application to query the features will be committed last and can serve as an indication of the availablility if needed. Sponsored by: Google Summer of Code 2010 Submitted by: kibab Reviewed by: arch@ (parts by rwatson, trasz, jhb) X-MFC after: to be determined in last commit with code from this project
* Unless "cnt" exceeds MAX_COMMIT_COUNT, nfsrv_commit() and nfsvno_fsync() arealc2011-02-051-1/+2
| | | | | | | | | | | incorrectly calling vm_object_page_clean(). They are passing the length of the range rather than the ending offset of the range. Perform the OFF_TO_IDX() conversion in vm_object_page_clean() rather than the callers. Reviewed by: kib MFC after: 3 weeks
* ZFS might not return monotonically increasing directory offset cookies,pjd2010-12-281-3/+10
| | | | | | | | | | | | | so turn off UFS-specific hack that assumes so in ZFS case. Before the change we can miss returning some directory entries to a NFS client. I believe that the hack should be moved to ufs_readdir(), but until we find somebody who will do it, turn it off for ZFS in NFS server code. Submitted by: rmacklem Discussed with: rmacklem, mckusick MFC after: 3 days
* Use newly added NFSRV_FLAG_BUSY flag for nfsrv_fhtovp() to keep mount pointpjd2010-12-211-10/+15
| | | | | | | | | busy. This fixes a race where we can pass invalid mount point to VFS_VGET() via vp->v_mount when exported file system was forcibly unmounted between nfsrv_fhtovp() and VFS_VGET(). Reviewed by: kib MFC after: 5 days
* - Move pubflag and lockflag handling from nfsrv_fhtovp() to nfs_namei() -pjd2010-12-213-40/+37
| | | | | | | | | | | | this is the only place that is different from all the other nfsrv_fhtovp() consumers. This simplifies nfsrv_fhtovp() a bit and also eliminates one vn_lock/VOP_UNLOCK() cycle in case of NFSv3. - Implement NFSRV_FLAG_BUSY flag for nfsrv_fhtovp() that tells it to leave mount point busy. Reviewed by: kib MFC after: 5 days
* On error, unbusy file system and jump to the end, so we won't try to unlockpjd2010-12-211-0/+2
| | | | | | | NULL *vpp. Reviewed by: kib MFC after: 5 days
* After r216626 no extra { } are needed with VFS_UNLOCK_GIANT().pjd2010-12-211-2/+2
|
* Reduce lock scope a little.pjd2010-12-191-2/+2
|
* VOP_ISLOCKED() should not be used to determine if the vnode is locked.kib2010-12-151-2/+11
| | | | | | | | Explicitely track the locked status of the vnode. Reviewed by: pjd Tested by: avg MFC after: 1 week
* Fix a bug in r214049. The nvp == vp case shall be handled speciallykib2010-11-051-1/+1
| | | | | | | | | only for !usevget case. If VFS_VGET is working, the vnode shared lock is obtained recursively and vput() shall be done, not vunref(). Submitted by: rmacklem Tested by: Josh Carroll <josh.carroll gmail com> MFC after: 3 days
* When readdirplus() is handled on the exported filesystem that doeskib2010-10-191-12/+13
| | | | | | | | | not support VFS_VGET, like msdosfs, do not call VOP_LOOKUP() for dotdot on the root directory. Our filesystems expect that VFS handles dotdot lookups on root on its own. Reported and tested by: kevlo MFC after: 2 weeks
* - When VFS_VGET() is not supported, switch to VOP_LOOKUP().pjd2010-08-261-40/+48
| | | | | | | | | - We are fine by only share-locking the vnode. - Remove assertion that doesn't hold for ZFS where we cross mount points boundaries by going into .zfs/snapshot/<name>/. Reviewed by: rmacklem MFC after: 1 month
* Patch the regular NFS server so that it returns ESTALE to the clientrmacklem2010-03-261-0/+3
| | | | | | | | | | for all errors returned by VFS_FHTOVP(). This is required to ensure that EIO doesn't get returned to the client when ZFS is used as the server file system. Tested by: korvus AT comcast.net Reviewed by: jhb MFC after: 2 weeks
* Factor out the code shared between NFS client and server into its ownmarius2010-02-161-0/+1
| | | | | | | | module. With r203732 it became apparent that creating the sysctl nodes twice causes at least a warning, however the whole code shouldn't be present twice in the first place. Discussed with: rmacklem
* - Move nfs_realign() from the NFS client to the shared NFS code andmarius2010-02-093-60/+4
| | | | | | | | | | | | | | | | | remove the NFS server version in order to reduce code duplication. The shared version now uses a second parameter how, which is passed on to m_get(9) and m_getcl(9) as the server used M_WAIT while the client requires M_DONTWAIT, and replaces the the previously unused parameter hsiz. - Change nfs_realign() to use nfsm_aligned() so as with other NFS code the alignment check isn't actually performed on platforms without strict alignment requirements for performance reasons because as the comment suggests unaligned data only occasionally occurs with TCP. - Change fha_extract_info() to use nfs_realign() with M_DONTWAIT rather than M_WAIT because it's called with the RPC sp_lock held. Reviewed by: jhb, rmacklem MFC after: 1 week
* Some style(9) fixes in order to fabricate a commit to denote thatmarius2010-01-093-79/+75
| | | | | | | | | | | | the commit message for r201896 actually should have read: As nfsm_srvmtofh_xx() assumes the 4-byte alignment required by XDR ensure the mbuf data is aligned accordingly by calling nfs_realign() in fha_extract_info(). This fix is orthogonal to the problem solved by r199274/r199284. PR: 142102 (second part) MFC after: 1 week
* Exclude options COMPAT_FREEBSD4 now that the MD freebsd4_sigreturn()marius2010-01-093-3/+8
| | | | | | | | is gone since r201396 and which is also in line with the fact that FreeBSD 4 didn't supported sparc64. PR: 142102 (second part) MFC after: 1 week
* Properly return an error reply if an NFS remove or link operation fails.jhb2009-12-031-4/+3
| | | | | | | | | | | | Previously the failing operation would allocate an mbuf and construct an error reply, but because the function did not return 0, the NFS server assumed it had failed to generate a reply and would leak the reply mbuf as well as not sending the reply to the NFS client. PR: kern/140853 Submitted by: Ted Faber faber at isi edu (remove) Reviewed by: rmacklem (remove) MFC after: 1 week
* Revert previous change and fix misalignment by using bcopy()marcel2009-11-151-6/+1
| | | | | | | to copy the file handle from fid_data into fh. This eliminates conditional compilation. Pointed out by: imp
* Fix an obvious panic by not casting from a pointer that is 4-bytesmarcel2009-11-141-1/+6
| | | | | | | alignment to a type that needs 8-byte alignment, and thus causing misaligned memory references. MFC after: 1 week
* Ensure that tv_sec is between INT32_MIN and INT32_MAX, so ZFS won't object.pjd2009-09-261-1/+1
| | | | | | | | | | This completes the fix from r185586. PR: kern/139059 Reported by: Daniel Braniss <danny@cs.huji.ac.il> Submitted by: Jaakko Heinonen <jh@saunalahti.fi> Tested by: Daniel Braniss <danny@cs.huji.ac.il> MFC after: 3 days
* Correct typo after manual patching.pjd2009-09-091-1/+1
| | | | Noticed by: b. f.
* Fix usecount leak in mknod(2) on file system exported over NFS.pjd2009-09-091-2/+2
| | | | | | | While I'm here, correct typo in comment. Reviewed by: kan, kib MFC after: 3 days
* Remove the old kernel RPC implementation and the NFS_LEGACYRPC option.dfr2009-06-309-2623/+4
| | | | Approved by: re
* Fix build with NFS_LEGACYRPC enabled after the socket upcall lockingjhb2009-06-301-0/+1
| | | | | | changes. Approved by: re (kensmith)
* Rework the credential code to support larger values of NGROUPS andbrooks2009-06-192-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024 and 1023 respectively. (Previously they were equal, but under a close reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it is the number of supplemental groups, not total number of groups.) The bulk of the change consists of converting the struct ucred member cr_groups from a static array to a pointer. Do the equivalent in kinfo_proc. Introduce new interfaces crcopysafe() and crsetgroups() for duplicating a process credential before modifying it and for setting group lists respectively. Both interfaces take care for the details of allocating groups array. crsetgroups() takes care of truncating the group list to the current maximum (NGROUPS) if necessary. In the future, crsetgroups() may be responsible for insuring invariants such as sorting the supplemental groups to allow groupmember() to be implemented as a binary search. Because we can not change struct xucred without breaking application ABIs, we leave it alone and introduce a new XU_NGROUPS value which is always 16 and is to be used or NGRPS as appropriate for things such as NFS which need to use no more than 16 groups. When feasible, truncate the group list rather than generating an error. Minor changes: - Reduce the number of hand rolled versions of groupmember(). - Do not assign to both cr_gid and cr_groups[0]. - Modify ipfw to cache ucreds instead of part of their contents since they are immutable once referenced by more than one entity. Submitted by: Isilon Systems (initial implementation) X-MFC after: never PR: bin/113398 kern/133867
* Since svc_[dg|vc|tli|tp]_create() did not hold a reference count on thermacklem2009-06-171-0/+1
| | | | | | | | | | | | | SVCXPTR structure returned by them, it was possible for the structure to be free'd before svc_reg() had been completed using the structure. This patch acquires a reference count on the newly created structure that is returned by svc_[dg|vc|tli|tp]_create(). It also adds the appropriate SVC_RELEASE() calls to the callers, except the experimental nfs subsystem. The latter will be committed separately. Submitted by: dfr Tested by: pho Approved by: kib (mentor)
* Add a #include <sys/jail.h> so that it builds whenrmacklem2009-06-121-0/+1
| | | | | | options KGSSAPI is specified in the kernel configuration. Approved by: kib (mentor)
* Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERICrwatson2009-06-052-2/+2
| | | | | | | | and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include. Discussed with: pjd
* Rework socket upcalls to close some races with setup/teardown of upcalls.jhb2009-06-013-9/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Each socket upcall is now invoked with the appropriate socket buffer locked. It is not permissible to call soisconnected() with this lock held; however, so socket upcalls now return an integer value. The two possible values are SU_OK and SU_ISCONNECTED. If an upcall returns SU_ISCONNECTED, then the soisconnected() will be invoked on the socket after the socket buffer lock is dropped. - A new API is provided for setting and clearing socket upcalls. The API consists of soupcall_set() and soupcall_clear(). - To simplify locking, each socket buffer now has a separate upcall. - When a socket upcall returns SU_ISCONNECTED, the upcall is cleared from the receive socket buffer automatically. Note that a SO_SND upcall should never return SU_ISCONNECTED. - All this means that accept filters should now return SU_ISCONNECTED instead of calling soisconnected() directly. They also no longer need to explicitly clear the upcall on the new socket. - The HTTP accept filter still uses soupcall_set() to manage its internal state machine, but other accept filters no longer have any explicit knowlege of socket upcall internals aside from their return value. - The various RPC client upcalls currently drop the socket buffer lock while invoking soreceive() as a temporary band-aid. The plan for the future is to add a new flag to allow soreceive() to be called with the socket buffer locked. - The AIO callback for socket I/O is now also invoked with the socket buffer locked. Previously sowakeup() would drop the socket buffer lock only to call aio_swake() which immediately re-acquired the socket buffer lock for the duration of the function call. Discussed with: rwatson, rmacklem
* Place hostnames and similar information fully under the prison system.jamie2009-05-291-2/+3
| | | | | | | | | | | | | | | | | The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
* Add hierarchical jails. A jail may further virtualize its environmentjamie2009-05-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
* Fix build of KGSSAPI bits post-vimage.dfr2009-05-241-1/+2
|
* Remove the thread argument from the FSD (File-System Dependent) parts ofattilio2009-05-111-2/+2
| | | | | | | | | | | | | | | | | the VFS. Now all the VFS_* functions and relating parts don't want the context as long as it always refers to curthread. In some points, in particular when dealing with VOPs and functions living in the same namespace (eg. vflush) which still need to be converted, pass curthread explicitly in order to retain the old behaviour. Such loose ends will be fixed ASAP. While here fix a bug: now, UFS_EXTATTR can be compiled alone without the UFS_EXTATTR_AUTOSTART option. VFS KPI is heavilly changed by this commit so thirdy parts modules needs to be recompiled. Bump __FreeBSD_version in order to signal such situation.
* Do not embed struct ucred into larger netcred parent structures.kan2009-05-091-0/+3
| | | | | | | | | | | | | Credential might need to hang around longer than its parent and be used outside of mnt_explock scope controlling netcred lifetime. Use separate reference-counted ucred allocated separately instead. While there, extend mnt_explock coverage in vfs_stdexpcheck and clean-up some unused declarations in new NFS code. Reported by: John Hickey PR: kern/133439 Reviewed by: dfr, kib
* Change nfsserver so that it uses the nfssvc() system call providedrmacklem2009-04-124-49/+22
| | | | | | | | | | | in sys/nfs/nfs_nfssvc.c by registering with it using the nfsd_call_nfsserver function pointer. Also, add the build glue for nfs_nfssvc.c optionally based on "nfsserver" and also as a loadable module. Submitted by: rmacklem Reviewed by: kib Approved by: kib (mentor)
* Fix an mbuf leak in the error path.dfr2009-03-191-0/+2
| | | | Submitted by: Rick Macklem <rick at snowhite dot cis dot uoguelph dot ca>
* Include audit.h so that the system call path protected by NFS_LEGACYRPCrwatson2009-02-231-0/+2
| | | | | | | | can audit its arguments. Submitted by: Jaakko Heinonen <jh at saunalahti.fi> MFC after: 1 week X-MFC-note: MFC with r188311
* Use shared vnode locks when invoking VOP_READDIR().jhb2009-02-131-2/+2
| | | | MFC after: 1 month
* Audit the flag argument to the nfssvc(2) system call.rwatson2009-02-081-0/+2
| | | | | Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.
* Last step of splitting up minor and unit numbers: remove minor().ed2009-01-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Inside the kernel, the minor() function was responsible for obtaining the device minor number of a character device. Because we made device numbers dynamically allocated and independent of the unit number passed to make_dev() a long time ago, it was actually a misnomer. If you really want to obtain the device number, you should use dev2udev(). We already converted all the drivers to use dev2unit() to obtain the device unit number, which is still used by a lot of drivers. I've noticed not a single driver passes NULL to dev2unit(). Even if they would, its behaviour would make little sense. This is why I've removed the NULL check. Ths commit removes minor(), minor2unit() and unit2minor() from the kernel. Because there was a naming collision with uminor(), we can rename umajor() and uminor() back to major() and minor(). This means that the makedev(3) manual page also applies to kernel space code now. I suspect umajor() and uminor() isn't used that often in external code, but to make it easier for other parties to port their code, I've increased __FreeBSD_version to 800062.
* Handle VFS_VGET() failing with an error other than EOPNOTSUPP in additionkensmith2008-12-161-3/+6
| | | | | | | | | to failing with that error. PR: 125149 Submitted by: Jaakko Heinonen (jh <at> saunalahti <dot> fi) Reviewed by: mohans, kan MFC after: 3 days
* We need to pass a structure with enough space for an NFSv2 filehandle todfr2008-12-101-3/+3
| | | | | nfs_srvmtofh_xx otherwise bad things happen when an NFSv2 client tries to make a request.
* Change nfsserver slightly so that it does not trip over the timestampkan2008-12-031-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | validation code on ZFS. Problem: when opening file with O_CREAT|O_EXCL NFS has to jump through extra hoops to ensure O_EXCL semantics. Namely, client supplies of 8 bytes (NFSX_V3CREATEVERF) bytes of verification data to uniquely identify this create request. Server then creates a new file with access mode 0, copies received 8 bytes into va_atime member of struct vattr and attempt to set the atime on file using VOP_SETATTR. If that succeeds, it fetches file attributes with VOP_GETATTR and verifies that atime timestamps match. If timestamps do not match, NFS server concludes it has probbaly lost the race to another process creating the file with the same name and bails with EEXIST. This scheme works OK when exported FS is FFS, but if underlying filesystem is ZFS _and_ server is running 64bit kernel, it breaks down due to sanity checking in zfs_setattr function, which refuses to accept any timestamps which have tv_sec that cannot be represented as 32bit int. Since struct timespec fields are 64 bit integers on 64bit platforms and server just copies NFSX_V3CREATEVERF bytes info va_atime, all eight bytes supplied by client end up in va_atime.tv_sec, forcing it out of valid 32bit range. The solution this change implements is simple: it treats NFSX_V3CREATEVERF as two 32bit integers and unpacks them separately into va_atime.tv_sec and va_atime.tv_nsec respectively, thus guaranteeing that tv_sec remains in 32 bit range and ZFS remains happy. Reviewed by: kib
* In the nfsrv_fhtovp(), after the vfs_getvfs() function found the pointerkib2008-11-291-3/+6
| | | | | | | | | | | | | | | | | | | to the fs, but before a vnode on the fs is locked, unmount may free fs structures, causing access to destroyed data and freed memory. Introduce a vfs_busymp() function that looks up and busies found fs while mountlist_mtx is held. Use it in nfsrv_fhtovp() and in the implementation of the handle syscalls. Two other uses of the vfs_getvfs() in the vfs_subr.c, namely in sysctl_vfs_ctl and vfs_getnewfsid seems to be ok. In particular, sysctl_vfs_ctl is protected by Giant by being a non-sleeping sysctl handler, that prevents Giant-locked unmount code to interfere with it. Noted by: tegge Reviewed by: dfr Tested by: pho MFC after: 1 month
* Switch the default rpc implementation for NFS back to the new code. I believedfr2008-11-141-4/+0
| | | | | | I have fixed the reported problems - if you still have trouble with it, please contact me with as much detail as possible so that I can track down any other issues as quickly as possible.
OpenPOWER on IntegriCloud