summaryrefslogtreecommitdiffstats
path: root/sys/nlm
Commit message (Collapse)AuthorAgeFilesLines
* Intermittent crashes in the NLM (rpc.lockd) code during systemrmacklem2013-09-061-75/+52
| | | | | | | | | | | | | | | | | | | shutdown was reporetd via email. The crashes occurred because the client side NLM would attempt to use its socket after it had been destroyed. Looking at the code, it would soclose() once the reference count on the socket handling structure went to 0. Unfortunately, nlm_host_get_rpc() will simply allocate a new socket handling structure when none exists and use the now soclose()d socket. Since there doesn't seem to be a safe way to determine when the socket is no longer needed, this patch modifies the code so that it never soclose()es the socket. Since there is only one socket ever created, this does not introduce a leak when the rpc.lockd is stopped/restarted. The patch also disables unloading of the nfslockd module, since it is not safe to do so (and has never been safe to do so, from what I can see). Reported by: mav Tested by: mav MFC after: 2 weeks
* Remove the support for using non-mpsafe filesystem modules.kib2012-10-221-3/+0
| | | | | | | | | | | | In particular, do not lock Giant conditionally when calling into the filesystem module, remove the VFS_LOCK_GIANT() and related macros. Stop handling buffers belonging to non-mpsafe filesystems. The VFS_VERSION is bumped to indicate the interface change which does not result in the interface signatures changes. Conducted and reviewed by: attilio Tested by: pho
* Fix grammar.kib2012-08-161-1/+1
| | | | | Submitted by: jh MFC after: 1 week
* Add a sysctl kern.pid_max, which limits the maximum pid the system iskib2012-08-151-0/+1
| | | | | | | allowed to allocate, and corresponding tunable with the same name. Note that existing processes with higher pids are left intact. MFC after: 1 week
* jwd@ reported a problem via email to freebsd-fs@ on Aug 25, 2011rmacklem2012-01-311-28/+46
| | | | | | | | | | | | | | | | under the subject "F_RDLCK lock to FreeBSD NFS fails to R/O target file". This occurred because the server side NLM always checked for VWRITE access, irrespective of the type of lock request. This patch replaces VOP_ACCESS(..VWRITE..) with one appropriate to the lock operation. It allows unlock and lock cancellation to be done without a check of VOP_ACCESS(), so that files can't be left locked indefinitely after the file permissions have been changed. Discussed with: zack Submitted by: jwd (earlier version) Reviewed by: dfr MFC after: 2 weeks
* Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.ed2011-11-071-2/+3
| | | | | | The SYSCTL_NODE macro defines a list that stores all child-elements of that node. If there's no SYSCTL_DECL macro anywhere else, there's no reason why it shouldn't be static.
* In order to maximize the re-usability of kernel code in user space thiskmacy2011-09-161-1/+1
| | | | | | | | | | | | | patch modifies makesyscalls.sh to prefix all of the non-compatibility calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel entry points and all places in the code that use them. It also fixes an additional name space collision between the kernel function psignal and the libc function of the same name by renaming the kernel psignal kern_psignal(). By introducing this change now we will ease future MFCs that change syscalls. Reviewed by: rwatson Approved by: re (bz)
* Add a lock flags argument to the VFS_FHTOVP() file systemrmacklem2011-05-221-1/+1
| | | | | | | | | | | method, so that callers can indicate the minimum vnode locking requirement. This will allow some file systems to choose to return a LK_SHARED locked vnode when LK_SHARED is specified for the flags argument. This patch only adds the flag. It does not change any file system to use it and all callers specify LK_EXCLUSIVE, so file system semantics are not changed. Reviewed by: kib
* sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.mdf2011-01-121-2/+2
| | | | Commit the kernel changes.
* Fix the nlm so that it no longer depends on the regularrmacklem2011-01-032-6/+3
| | | | | | | | nfs client and, as such, can be loaded for the experimental nfs client without the regular client. Reviewed by: jhb MFC after: 2 weeks
* Modify the NFS clients and the NLM so that the NLM can be usedrmacklem2010-10-192-12/+7
| | | | | | | | | | | | | by both clients. Since the NLM uses various fields of the nfsmount structure, those fields were extracted and put in a separate nfs_mountcommon structure stored in sys/nfs/nfs_mountcommon.h. This structure also has a function pointer for a function that extracts the required information from the mount point and nfs vnode for that particular client, for information stored differently by the clients. Reviewed by: jhb MFC after: 2 weeks
* Make the RPC specific __rpc_inet_ntop() and __rpc_inet_pton() generalattilio2010-09-241-2/+2
| | | | | | | | | | in the kernel (just as inet_ntoa() and inet_aton()) are and sync their prototype accordingly with already mentioned functions. Sponsored by: Sandvine Incorporated Reviewed by: emaste, rstone Approved by: dfr MFC after: 2 weeks
* Handle GRANTED_RES messages more gracefully: Send along a grant cookiezml2009-10-073-18/+152
| | | | | | | | | to reference the lock, look up the grant cookie when the GRANTED_RES comes back. Properly handle the case of an error on the grant. Add a short expiration window so that granted locks are not freed immediately. Approved by: dfr (mentor) MFC after: 2 weeks
* unifdef NFSCLIENT because the nlm depends on the nfsclient even if NFSCLIENTnyan2009-10-031-13/+0
| | | | | | | | | is not defined. Now the nfslockd module works with the nfsclient module. Reviewed by: kib MFC after: 3 days
* Since svc_[dg|vc|tli|tp]_create() did not hold a reference count on thermacklem2009-06-171-1/+5
| | | | | | | | | | | | | SVCXPTR structure returned by them, it was possible for the structure to be free'd before svc_reg() had been completed using the structure. This patch acquires a reference count on the newly created structure that is returned by svc_[dg|vc|tli|tp]_create(). It also adds the appropriate SVC_RELEASE() calls to the callers, except the experimental nfs subsystem. The latter will be committed separately. Submitted by: dfr Tested by: pho Approved by: kib (mentor)
* Rename the host-related prison fields to be the same as the host.*jamie2009-06-131-1/+1
| | | | | | | parameters they represent, and the variables they replaced, instead of abbreviated versions of them. Approved by: bz (mentor)
* Correct typo; errno => error.ed2009-06-041-1/+1
|
* Don't panic in nlm_record_lock if we get ENOENT from lf_advlockasync. Thisdfr2009-06-041-2/+2
| | | | | is likely to be because the file was just removed and in our context this is harmless.
* Place hostnames and similar information fully under the prison system.jamie2009-05-291-7/+5
| | | | | | | | | | | | | | | | | The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
* Remove the unmaintained University of Michigan NFSv4 client from 8.xrwatson2009-05-221-1/+1
| | | | | | | prior to 8.0-RELEASE. Rick Macklem's new and more feature-rich NFSv234 client and server are replacing it. Discussed with: rmacklem
* Add a function to sys/nlm/nlm_prot_impl.c that returns a uniquermacklem2009-05-212-0/+19
| | | | | | | | | lock sysid to be used for non-nlm remote locking. This is required for the experimental nfsv4 server, so that it can acquire byte range locks correctly on behalf of nfsv4 clients. Reviewed by: dfr Approved by: kib (mentor)
* Do not embed struct ucred into larger netcred parent structures.kan2009-05-091-1/+4
| | | | | | | | | | | | | Credential might need to hang around longer than its parent and be used outside of mnt_explock scope controlling netcred lifetime. Use separate reference-counted ucred allocated separately instead. While there, extend mnt_explock coverage in vfs_stdexpcheck and clean-up some unused declarations in new NFS code. Reported by: John Hickey PR: kern/133439 Reviewed by: dfr, kib
* Work around non-standard behaviour of rpcbind in some versions of Linux (FC4?).dfr2009-05-091-14/+17
| | | | Submitted by: zachary dot loafman at isilon dot com
* Use log(9) for debug and status messages and hide some of the details withdfr2009-05-081-68/+60
| | | | | | macros to allow for future flexibility in logging. Submitted by: zachary dot loafman at isilon dot com
* Introduce a new virtualization container, provisionally named vprocg, to holdzec2009-05-081-2/+3
| | | | | | | | | | | | | | | | | | | | | | virtualized instances of hostname and domainname, as well as a new top-level virtualization struct vimage, which holds pointers to struct vnet and struct vprocg. Struct vprocg is likely to become replaced in the near future with a new jail management API import. As a consequence of this change, change struct ucred to point to a struct vimage, instead of directly pointing to a vnet. Merge vnet / vimage / ucred refcounting infrastructure from p4 / vimage branch. Permit kldload / kldunload operations to be executed only from the default vimage context. This change should have no functional impact on nooptions VIMAGE kernel builds. Reviewed by: bz Approved by: julian (mentor)
* Don't call svc_freereq() before svc_freeargs().dfr2008-11-121-1/+1
|
* Implement support for RPCSEC_GSS authentication to both the NFS clientdfr2008-11-034-78/+121
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
* Rename RPC's 'struct pmap' to 'struct portmap' to avoid confusing it withdfr2008-08-251-2/+2
| | | | | | | the other 'struct pmap'. Pointed out by: kmacy MFC after: 2 weeks
* Add a missing return statement in nlm4_unlock_msg_4_svc which prevented itdfr2008-08-251-0/+1
| | | | | | | | | from returning a reply message in most cases. This in turn caused interoperability problems with Mac OS X clients. PR: 126561 Submitted by: Richard.Conto at gmail.com MFC after: 1 week
* Fix an interop issue with Linux: If you do nothing but TCPdfr2008-08-131-54/+115
| | | | | | | | | | | mounts, Linux won't even bother registering nlockmgr for UDP. This causes nlm_get_rpc to fail, which means any attempts to deliver the GRANTED callback fail. Add code to nlm_get_rpc to try to locate the TCP version as well. If it finds it on TCP, it establishes a clnt_reconnect to the host. Submitted by: zachary.loafman at isilon.com MFC after: 2 weeks
* Introduce a new lock, hostname_mtx, and use it to synchronize accessrwatson2008-07-051-0/+4
| | | | | | | | | | | | to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates. Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted. MFC after: 3 weeks
* Add module dependancy on nfs.dfr2008-07-031-0/+1
|
* Fixing NO_INET6 build.avatar2008-06-271-1/+4
|
* Re-implement the client side of rpc.lockd in the kernel. This implementationdfr2008-06-266-470/+2125
| | | | | | | | | | | | provides the correct semantics for flock(2) style locks which are used by the lockf(1) command line tool and the pidfile(3) library. It also implements recovery from server restarts and ensures that dirty cache blocks are written to the server before obtaining locks (allowing multiple clients to use file locking to safely share data). Sponsored by: Isilon Systems PR: 94256 MFC after: 2 weeks
* Back out the nlm_global_lock part of the last change - I forgot that onlydfr2008-06-031-1/+0
| | | | | | exists in my perforce branch :( Pointy hat: dfr
* When attempting to use the NSM state number in a lock request to detectdfr2008-06-021-8/+10
| | | | | | | | | | a client reboot, do this check before performing the lock otherwise we will trash the new lock along with any other old locks the client held before rebooting. Make sure nlm_check_idle always returns with nlm_global_lock held. MFC after: 1 week
* Don't rely on NSM to help us forget about RPC client handles fordfr2008-05-301-6/+17
| | | | | | | | clients that have rebooted (or otherwise changed port numbers). If the client is broken or has no active locks, it won't notify us. Fall back on the two minute timeout logic used by the userland rpc.lockd code. MFC after: 1 week
* Tighten up the error-handling in nlm_get_rpc. While I'm here, fix adfr2008-04-161-3/+7
| | | | couple of spelling mistakes in comments.
* Fix some issues that showed up during Kris' testing.dfr2008-04-111-14/+28
| | | | | Reported by: kris MFC after: 3 days
* Fix a problem which stopped this from starting up on a kernel compileddfr2008-04-091-3/+4
| | | | without the INET6 option.
* Minor changes to improve compatibility with older FreeBSD releases.dfr2008-03-286-10/+23
|
* Add kernel module support for nfslockd and krpc. Use the module systemdfr2008-03-271-0/+20
| | | | | | | to detect (or load) kernel NLM support in rpc.lockd. Remove the '-k' option to rpc.lockd and make kernel NLM the default. A user can still force the use of the old user NLM by building a kernel without NFSLOCKD and/or removing the nfslockd.ko module.
* Add the new kernel-mode NFS Lock Manager. To use it instead of thedfr2008-03-269-0/+4666
user-mode lock manager, build a kernel with the NFSLOCKD option and add '-k' to 'rpc_lockd_flags' in rc.conf. Highlights include: * Thread-safe kernel RPC client - many threads can use the same RPC client handle safely with replies being de-multiplexed at the socket upcall (typically driven directly by the NIC interrupt) and handed off to whichever thread matches the reply. For UDP sockets, many RPC clients can share the same socket. This allows the use of a single privileged UDP port number to talk to an arbitrary number of remote hosts. * Single-threaded kernel RPC server. Adding support for multi-threaded server would be relatively straightforward and would follow approximately the Solaris KPI. A single thread should be sufficient for the NLM since it should rarely block in normal operation. * Kernel mode NLM server supporting cancel requests and granted callbacks. I've tested the NLM server reasonably extensively - it passes both my own tests and the NFS Connectathon locking tests running on Solaris, Mac OS X and Ubuntu Linux. * Userland NLM client supported. While the NLM server doesn't have support for the local NFS client's locking needs, it does have to field async replies and granted callbacks from remote NLMs that the local client has contacted. We relay these replies to the userland rpc.lockd over a local domain RPC socket. * Robust deadlock detection for the local lock manager. In particular it will detect deadlocks caused by a lock request that covers more than one blocking request. As required by the NLM protocol, all deadlock detection happens synchronously - a user is guaranteed that if a lock request isn't rejected immediately, the lock will eventually be granted. The old system allowed for a 'deferred deadlock' condition where a blocked lock request could wake up and find that some other deadlock-causing lock owner had beaten them to the lock. * Since both local and remote locks are managed by the same kernel locking code, local and remote processes can safely use file locks for mutual exclusion. Local processes have no fairness advantage compared to remote processes when contending to lock a region that has just been unlocked - the local lock manager enforces a strict first-come first-served model for both local and remote lockers. Sponsored by: Isilon Systems PR: 95247 107555 115524 116679 MFC after: 2 weeks
OpenPOWER on IntegriCloud