svn commit: r368710 - head/libexec/rc/rc.d
Author: rmacklem Date: Thu Dec 17 00:20:57 2020 New Revision: 368710 URL: https://svnweb.freebsd.org/changeset/base/368710 Log: Make mountcritremote dependent upon nfscbd. Although it is not often needed, the nfscbd(8) should be running when NFSv4 mounts are done if callback functionality is required. Callback functionality is required for the NFSv4 server to issue delegations or pNFS layouts. This patch adds nfscbd to the mountcritremote's REQUIRED line to ensure it is started before NFS mounts specified in /etc/fstab are done. Reviewed by: 0mp Differential Revision:https://reviews.freebsd.org/D27506 Modified: head/libexec/rc/rc.d/mountcritremote Modified: head/libexec/rc/rc.d/mountcritremote == --- head/libexec/rc/rc.d/mountcritremoteThu Dec 17 00:00:21 2020 (r368709) +++ head/libexec/rc/rc.d/mountcritremoteThu Dec 17 00:20:57 2020 (r368710) @@ -4,7 +4,7 @@ # # PROVIDE: mountcritremote -# REQUIRE: NETWORKING FILESYSTEMS ipsec netwait +# REQUIRE: NETWORKING FILESYSTEMS ipsec netwait nfscbd # KEYWORD: nojail . /etc/rc.subr ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368466 - stable/12/sbin/mount_nfs
Author: rmacklem Date: Tue Dec 8 22:37:30 2020 New Revision: 368466 URL: https://svnweb.freebsd.org/changeset/base/368466 Log: MFC: r368268 Improve man page for AmazonEFS mounts. PR#250770 was actually just a misunderstanding of what NFS mount options are needed for AmazonEFS mounts. This patch attempts to clarify the manpage to clarify this. This is a content change. PR: 250770 Modified: stable/12/sbin/mount_nfs/mount_nfs.8 Directory Properties: stable/12/ (props changed) Modified: stable/12/sbin/mount_nfs/mount_nfs.8 == --- stable/12/sbin/mount_nfs/mount_nfs.8Tue Dec 8 21:24:24 2020 (r368465) +++ stable/12/sbin/mount_nfs/mount_nfs.8Tue Dec 8 22:37:30 2020 (r368466) @@ -28,7 +28,7 @@ .\"@(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 .\" $FreeBSD$ .\" -.Dd April 13, 2017 +.Dd November 30, 2020 .Dt MOUNT_NFS 8 .Os .Sh NAME @@ -215,9 +215,17 @@ Make a minor version 1 of the NFS Version 4 protocol m for all Opens. This may be useful for a server with a very low limit on OpenOwners, such as AmazonEFS. -It can only be used with an NFSv4.1 mount. +This option cannot be used for an NFS Version 4, minor version 0 mount. +As such, this option requires the +.Cm minorversion +option be specified with a value of 1 for AmazonEFS. It may not work correctly when Delegations are being issued by a server, but note that the AmazonEFS server does not issued delegations at this time. +This option is only meaningful when used with the +.Cm nfsv4 +and +.Cm minorversion +options. .It Cm pnfs Enable support for parallel NFS (pNFS) for minor version 1 of the NFS Version 4 protocol. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368268 - head/sbin/mount_nfs
Author: rmacklem Date: Tue Dec 1 23:33:10 2020 New Revision: 368268 URL: https://svnweb.freebsd.org/changeset/base/368268 Log: Improve man page for AmazonEFS mounts. PR#250770 was actually just a misunderstanding of what NFS mount options are needed for AmazonEFS mounts. This patch attempts to clarify the manpage to clarify this. This is a content change. PR: 250770 Reviewed by: bcr MFC after:1 week Differential Revision:https://reviews.freebsd.org/D27430 Modified: head/sbin/mount_nfs/mount_nfs.8 Modified: head/sbin/mount_nfs/mount_nfs.8 == --- head/sbin/mount_nfs/mount_nfs.8 Tue Dec 1 23:25:21 2020 (r368267) +++ head/sbin/mount_nfs/mount_nfs.8 Tue Dec 1 23:33:10 2020 (r368268) @@ -28,7 +28,7 @@ .\"@(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 .\" $FreeBSD$ .\" -.Dd November 20, 2020 +.Dd November 30, 2020 .Dt MOUNT_NFS 8 .Os .Sh NAME @@ -217,9 +217,18 @@ Make a minor version 1 or 2 of the NFS Version 4 proto OpenOwner for all Opens. This may be useful for a server with a very low limit on OpenOwners, such as AmazonEFS. -It ca only be used with an NFSv4.1 or NFSv4.2 mount. +This option cannot be used for an NFS Version 4, minor version 0 mount. +As such, this option requires the +.Cm minorversion +option be specified with a value of 1 for AmazonEFS, because AmazonEFS does +not support minor version 2 at this time. It may not work correctly when Delegations are being issued by a server, but note that the AmazonEFS server does not issued delegations at this time. +This option is only meaningful when used with the +.Cm nfsv4 +and +.Cm minorversion +options. .It Cm pnfs Enable support for parallel NFS (pNFS) for minor version 1 or 2 of the NFS Version 4 protocol. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368166 - stable/12/libexec/rc/rc.d
Author: rmacklem Date: Sun Nov 29 23:37:18 2020 New Revision: 368166 URL: https://svnweb.freebsd.org/changeset/base/368166 Log: Fix startup of gssd when /usr is a separately mounted local file system. meowth...@gmail.com reported that the gssd daemon was not starting, because /etc/rc.d/gssd was executed before his local /usr file system was mounted. He fixed the problem by adding mountcritlocal to the REQUIRED line. This fix seems safe and works for a separately mounted /usr file system on a local disk. The case of a separately mounted remote /usr file system (such as NFS) is still broken, but there is no obvious solution for that. Adding mountcritremote would fix the problem, but it would cause a POLA violation, because all kerberized NFS mounts in /etc/fstab would need the "late" option specified to work. Modified: stable/12/libexec/rc/rc.d/gssd Directory Properties: stable/12/ (props changed) Modified: stable/12/libexec/rc/rc.d/gssd == --- stable/12/libexec/rc/rc.d/gssd Sun Nov 29 23:23:08 2020 (r368165) +++ stable/12/libexec/rc/rc.d/gssd Sun Nov 29 23:37:18 2020 (r368166) @@ -4,7 +4,7 @@ # # PROVIDE: gssd -# REQUIRE: root +# REQUIRE: root mountcritlocal # KEYWORD: nojail shutdown . /etc/rc.subr ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368165 - in stable/12/libexec/rc: . rc.d
Author: rmacklem Date: Sun Nov 29 23:23:08 2020 New Revision: 368165 URL: https://svnweb.freebsd.org/changeset/base/368165 Log: MFC: r367423 Add support for the new mountd -R option. r376026 added a new "-R" option to mountd, which tells it to not support the Mount protocol (not used by NFSv4) and not register with rpcbind. Rpcbind is considered a security issue by some sites now. This patch adds a new yes/no variable called nfsv4_server_only. When that is set, make vfs.nfsd.server_min_vers=4 and set "=R" for mountd. Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind. While here, add a check for "load_kld nfsd" failing to nfsd. Modified: stable/12/libexec/rc/rc.conf stable/12/libexec/rc/rc.d/mountd stable/12/libexec/rc/rc.d/nfsd Directory Properties: stable/12/ (props changed) Modified: stable/12/libexec/rc/rc.conf == --- stable/12/libexec/rc/rc.confSun Nov 29 19:43:33 2020 (r368164) +++ stable/12/libexec/rc/rc.confSun Nov 29 23:23:08 2020 (r368165) @@ -375,6 +375,7 @@ rpc_ypupdated_enable="NO" # Run if NIS master and Secu keyserv_enable="NO"# Run the SecureRPC keyserver (or NO). keyserv_flags="" # Flags to keyserv (if enabled). nfsv4_server_enable="NO" # Enable support for NFSv4 +nfsv4_server_only="NO" # Set NFS server to NFSv4 only nfscbd_enable="NO" # NFSv4 client side callback daemon nfscbd_flags=""# Flags for nfscbd nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon Modified: stable/12/libexec/rc/rc.d/mountd == --- stable/12/libexec/rc/rc.d/mountdSun Nov 29 19:43:33 2020 (r368164) +++ stable/12/libexec/rc/rc.d/mountdSun Nov 29 23:23:08 2020 (r368165) @@ -20,13 +20,33 @@ extra_commands="reload" mountd_precmd() { - force_depend rpcbind || return 1 + # Load the modules now, so that the vfs.nfsd sysctl + # oids are available. + load_kld nfsd || return 1 + + # Do not force rpcbind to be running for an NFSv4 only server. + # + if checkyesno nfsv4_server_only; then + echo 'NFSv4 only server' + sysctl vfs.nfsd.server_min_nfsvers=4 > /dev/null + sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null + rc_flags="${rc_flags} -R" + else + force_depend rpcbind || return 1 + fi + # mountd flags will differ depending on rc.conf settings # - if checkyesno nfs_server_enable ; then + if checkyesno nfs_server_enable || checkyesno nfsv4_server_only; then if checkyesno weak_mountd_authentication; then - rc_flags="${mountd_flags} -n" + if checkyesno nfsv4_server_only; then + echo -n 'weak_mountd_authentication ' + echo -n 'incompatible with nfsv4_server_only, ' + echo 'ignored' + else + rc_flags="${rc_flags} -n" + fi fi else if checkyesno mountd_enable; then Modified: stable/12/libexec/rc/rc.d/nfsd == --- stable/12/libexec/rc/rc.d/nfsd Sun Nov 29 19:43:33 2020 (r368164) +++ stable/12/libexec/rc/rc.d/nfsd Sun Nov 29 23:23:08 2020 (r368165) @@ -26,7 +26,7 @@ nfsd_precmd() # Load the modules now, so that the vfs.nfsd sysctl # oids are available. - load_kld nfsd + load_kld nfsd || return 1 if checkyesno nfs_reserved_port_only; then echo 'NFS on reserved port only=YES' @@ -41,12 +41,15 @@ nfsd_precmd() if checkyesno nfsv4_server_enable; then sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null - else + elif ! checkyesno nfsv4_server_only; then echo 'NFSv4 is disabled' sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null fi - force_depend rpcbind || return 1 + if ! checkyesno nfsv4_server_only; then + force_depend rpcbind || return 1 + fi + force_depend mountd || return 1 if [ -n "${nfs_server_vhost}" ]; then command_args="-V \"${nfs_server_vhost}\"" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368139 - stable/12/usr.sbin/mountd
Author: rmacklem Date: Sun Nov 29 01:32:53 2020 New Revision: 368139 URL: https://svnweb.freebsd.org/changeset/base/368139 Log: MFC: r367027 Update man page for -R option added by r376026. This is a content change. Modified: stable/12/usr.sbin/mountd/mountd.8 Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/mountd/mountd.8 == --- stable/12/usr.sbin/mountd/mountd.8 Sun Nov 29 01:30:17 2020 (r368138) +++ stable/12/usr.sbin/mountd/mountd.8 Sun Nov 29 01:32:53 2020 (r368139) @@ -28,7 +28,7 @@ .\" @(#)mountd.8 8.4 (Berkeley) 4/28/95 .\" $FreeBSD$ .\" -.Dd August 1, 2019 +.Dd October 11, 2020 .Dt MOUNTD 8 .Os .Sh NAME @@ -38,7 +38,7 @@ mount requests .Sh SYNOPSIS .Nm -.Op Fl 2delnrS +.Op Fl 2delnRrS .Op Fl h Ar bindip .Op Fl p Ar port .Op Ar exportsfile ... @@ -112,6 +112,17 @@ If .Nm cannot bind to this port, an appropriate error will be recorded in the system log, and the daemon will then exit. +.It Fl R +Do not support the Mount protocol and do not register with +.Xr rpcbind 8 . +This can be done for NFSv4 only servers, since the Mount protocol is not +used by NFSv4. +Useful for NFSv4 only servers that do not wish to run +.Xr rpcbind 8 . +.Xr showmount 8 +will not work, however since NFSv4 mounts are not shown by +.Xr showmount 8 , +this should not be an issue for an NFSv4 only server. .It Fl r Allow mount RPCs requests for regular files to be served. Although this seems to violate the mount protocol specification, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r368137 - stable/12/usr.sbin/mountd
Author: rmacklem Date: Sun Nov 29 01:22:30 2020 New Revision: 368137 URL: https://svnweb.freebsd.org/changeset/base/368137 Log: MFC: r367026 Add "-R" option to tell mountd to not register with rpcbind. rpcbind is now considered a security risk for some sites. Since an NFSv4 only NFS server does not need rpcbind, it makes sense to have an option that implements this. This patch adds a "-R" option that disables the Mount protocol (not used by NFSv4) and does not register with rpcbind. Changes are required to /etc/rc.d/mountd and /etc/rc.d/nfsd. Those will be in a separate commit. Modified: stable/12/usr.sbin/mountd/mountd.c Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/mountd/mountd.c == --- stable/12/usr.sbin/mountd/mountd.c Sun Nov 29 00:57:19 2020 (r368136) +++ stable/12/usr.sbin/mountd/mountd.c Sun Nov 29 01:22:30 2020 (r368137) @@ -419,8 +419,10 @@ main(int argc, char **argv) uint64_t curtime, nexttime; struct timeval tv; struct timespec tp; - sigset_t sighup_mask; + sigset_t sig_mask, sighup_mask; + int enable_rpcbind; + enable_rpcbind = 1; /* Check that another mountd isn't already running. */ pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid); if (pfh == NULL) { @@ -435,7 +437,7 @@ main(int argc, char **argv) else close(s); - while ((c = getopt(argc, argv, "2deh:lnp:rS")) != -1) + while ((c = getopt(argc, argv, "2deh:lnp:RrS")) != -1) switch (c) { case '2': force_v2 = 1; @@ -446,6 +448,10 @@ main(int argc, char **argv) case 'n': resvport_only = 0; break; + case 'R': + /* Do not support Mount protocol */ + enable_rpcbind = 0; + break; case 'r': dir_only = 0; break; @@ -490,6 +496,21 @@ main(int argc, char **argv) default: usage(); } + if (enable_rpcbind == 0) { + if (svcport_str != NULL) { + warnx("-p option not compatible with -R, ignored"); + free(svcport_str); + svcport_str = NULL; + } + if (nhosts > 0) { + warnx("-h option not compatible with -R, ignored"); + for (k = 0; k < nhosts; k++) + free(hosts[k]); + free(hosts); + hosts = NULL; + nhosts = 0; + } + } if (modfind("nfsd") < 0) { /* Not present in kernel, try loading it */ @@ -523,58 +544,61 @@ main(int argc, char **argv) pidfile_write(pfh); - rpcb_unset(MOUNTPROG, MOUNTVERS, NULL); - rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL); - rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); + if (enable_rpcbind != 0) { + rpcb_unset(MOUNTPROG, MOUNTVERS, NULL); + rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL); + rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); - if (!resvport_only) { - if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL, - &resvport_only, sizeof(resvport_only)) != 0 && - errno != ENOENT) { - syslog(LOG_ERR, "sysctl: %m"); - exit(1); + if (!resvport_only) { + if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL, + &resvport_only, sizeof(resvport_only)) != 0 && + errno != ENOENT) { + syslog(LOG_ERR, "sysctl: %m"); + exit(1); + } } - } - /* -* If no hosts were specified, add a wildcard entry to bind to -* INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the -* list. -*/ - if (nhosts == 0) { - hosts = malloc(sizeof(char *)); - if (hosts == NULL) - out_of_mem(); - hosts[0] = "*"; - nhosts = 1; - } else { - hosts_bak = hosts; - if (have_v6) { - hosts_bak = realloc(hosts, (nhosts + 2) * - sizeof(char *)); - if (hosts_bak == NULL) { - for (k = 0; k < nhosts; k++) - free(hosts[k]); - free(hosts); - out_of_mem(); - } else -
svn commit: r367913 - head/sbin/mount_nfs
Author: rmacklem Date: Fri Nov 20 22:29:38 2020 New Revision: 367913 URL: https://svnweb.freebsd.org/changeset/base/367913 Log: Document the new "tls" NFS mount option. Recent commits to head have added support for NFS over TLS to the FreeBSD kernel. To enable use of this for an NFS mount, the "tls" mount_nfs option has been added. Once the IETF has assigned an RFC number, I will replace "" with the number. This is a content change. Reviewed by: gbe Differential Revision:https://reviews.freebsd.org/D26262 Modified: head/sbin/mount_nfs/mount_nfs.8 Modified: head/sbin/mount_nfs/mount_nfs.8 == --- head/sbin/mount_nfs/mount_nfs.8 Fri Nov 20 22:14:51 2020 (r367912) +++ head/sbin/mount_nfs/mount_nfs.8 Fri Nov 20 22:29:38 2020 (r367913) @@ -28,7 +28,7 @@ .\"@(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 .\" $FreeBSD$ .\" -.Dd December 14, 2019 +.Dd November 20, 2020 .Dt MOUNT_NFS 8 .Os .Sh NAME @@ -403,6 +403,12 @@ interval.) .It Cm timeo Ns = Ns Aq Ar value Alias for .Cm timeout . +.It Cm tls +This option specifies that the connection to the server must use TLS +per RFC . +TLS is only supported for TCP connections and the +.Xr rpc.tlsclntd 8 +daemon must be running for an NFS over TCP connection to use TLS. .It Cm udp Use UDP transport. .It Cm vers Ns = Ns Aq Ar vers_number @@ -537,6 +543,7 @@ Same as .Xr mount 8 , .Xr nfsd 8 , .Xr nfsiod 8 , +.Xr rpc.tlsclntd 8 , .Xr showmount 8 .Sh HISTORY A version of the ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367912 - head/usr.sbin/mountd
Author: rmacklem Date: Fri Nov 20 22:14:51 2020 New Revision: 367912 URL: https://svnweb.freebsd.org/changeset/base/367912 Log: Update man page for new TLS export options. NFS over TLS uses three new export options, added by r364979. This patch updates the exports.5 man page for these new options. Once assigned by IETF, "" will be replaced with the RFC number. This is a content change. Reviewed by: gbe Differential Revision:https://review.freebsd.org/D26241 Modified: head/usr.sbin/mountd/exports.5 Modified: head/usr.sbin/mountd/exports.5 == --- head/usr.sbin/mountd/exports.5 Fri Nov 20 20:22:01 2020 (r367911) +++ head/usr.sbin/mountd/exports.5 Fri Nov 20 22:14:51 2020 (r367912) @@ -28,7 +28,7 @@ .\" @(#)exports.5 8.3 (Berkeley) 3/29/95 .\" $FreeBSD$ .\" -.Dd February 11, 2019 +.Dd November 20, 2020 .Dt EXPORTS 5 .Os .Sh NAME @@ -117,9 +117,13 @@ exported to the host set. The option flags specify whether the file system is exported read-only or read-write and how the client UID is mapped to user credentials on the server. -For the NFSv4 tree root, the only option that can be specified in this -section is -.Fl sec . +For the NFSv4 tree root, the only options that can be specified in this +section are ones related to security: +.Fl sec , +.Fl tls , +.Fl tlscert +and +.Fl tlscertuser . .Pp Export options are specified as follows: .Pp @@ -241,6 +245,48 @@ or .Fl webnfs flags. .Pp +The +.Fl tls , +.Fl tlscert +and +.Fl tlscertuser +export options are used to require the client to use TLS for the mount(s) +per RFC . +For NFS mounts using TLS to work, +.Xr rpc.tlsservd 8 +must be running on the server. +.Bd -filled -offset indent +.Fl tls +requires that the client use TLS. +.br +.Fl tlscert +requires that the client use TLS and provide a verifiable X.509 certificate +during TLS handshake. +.br +.Fl tlscertuser +requires that the client use TLS and provide a verifiable X.509 certificate. +The otherName component of the certificate's subjAltName must have a +an OID of 1.3.6.1.4.1.2238.1.1.1 and a UTF8 string of the form +.Dq user@domain . +.Dq user@domain +will be translated to the credentials of the specified user in the same +manner as +.Xr nfsuserd 8 , +where +.Dq user +is normally a username is the server's password database and +.Dq domain +is the DNS domain name for the server. +All RPCs will be performed using these credentials instead of the +ones in the RPC header in a manner similar to +.Sm off +.Fl mapall Li = Sy user . +.Sm on +.Ed +.Pp +If none of these three flags are specified, TLS mounts are permitted but +not required. +.Pp Specifying the .Fl quiet option will inhibit some of the syslog diagnostics for bad lines in @@ -541,7 +587,15 @@ afterwards, whereas NFSv3 rejects the mount request. .Xr netgroup 5 , .Xr mountd 8 , .Xr nfsd 8 , +.Xr rpc.tlsservd 8 , .Xr showmount 8 +.Sh STANDARDS +The implementation is based on the specification in +.Rs +.%T "Network File System Protocol Specification, Appendix A, RFC 1094" +.%T "NFS: Network File System Version 3, Appendix I, RFC 1813" +.%T "Towards Remote Procedure Call Encryption By Default, RFC " +.Re .Sh BUGS The export options are tied to the local mount points in the kernel and must be non-contradictory for any exported subdirectory of the local ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367661 - head
Author: rmacklem Date: Sat Nov 14 01:55:02 2020 New Revision: 367661 URL: https://svnweb.freebsd.org/changeset/base/367661 Log: Add a entry for r367660. Modified: head/RELNOTES Modified: head/RELNOTES == --- head/RELNOTES Sat Nov 14 01:49:49 2020(r367660) +++ head/RELNOTES Sat Nov 14 01:55:02 2020(r367661) @@ -10,6 +10,16 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +r367660: + Fixes the case where gssd will not startup because /usr is a separate + local file system that is not yet mounted. It does not fix the case + where /usr is a separately mounted remote file system (such as NFS). + This latter case can be fixed by adding mountcritremote to the + REQUIRED line. Unfortunately doing so implies that all Kerberized + NFS mounts in /etc/fstab will need the "late" mount option. + This was not done, since the requirement for "late" would introduce + a POLA violation. + r367423: This commit added a new startup scripts variable called nfsv4_server_only which uses the -R option on mountd added by r367026. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367660 - head/libexec/rc/rc.d
Author: rmacklem Date: Sat Nov 14 01:49:49 2020 New Revision: 367660 URL: https://svnweb.freebsd.org/changeset/base/367660 Log: Fix startup of gssd when /usr is a separately mounted local file system. meowth...@gmail.com reported that the gssd daemon was not starting, because /etc/rc.d/gssd was executed before his local /usr file system was mounted. He fixed the problem by adding mountcritlocal to the REQUIRED line. This fix seems safe and works for a separately mounted /usr file system on a local disk. The case of a separately mounted remote /usr file system (such as NFS) is still broken, but there is no obvious solution for that. Adding mountcritremote would fix the problem, but it would cause a POLA violation, because all kerberized NFS mounts in /etc/fstab would need the "late" option specified to work. Submitted by: meowth...@gmail.com Reported by: meowth...@gmail.com Reviewed by: 0mp MFC after:2 weeks Relnotes: yes Differential Revision:https://reviews.freebsd.org/D27203 Modified: head/libexec/rc/rc.d/gssd Modified: head/libexec/rc/rc.d/gssd == --- head/libexec/rc/rc.d/gssd Sat Nov 14 01:45:34 2020(r367659) +++ head/libexec/rc/rc.d/gssd Sat Nov 14 01:49:49 2020(r367660) @@ -4,7 +4,7 @@ # # PROVIDE: gssd -# REQUIRE: root +# REQUIRE: root mountcritlocal # KEYWORD: nojail shutdown . /etc/rc.subr ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367658 - head
Author: rmacklem Date: Sat Nov 14 01:39:27 2020 New Revision: 367658 URL: https://svnweb.freebsd.org/changeset/base/367658 Log: Add an entry for r367026, r367423. Modified: head/RELNOTES Modified: head/RELNOTES == --- head/RELNOTES Sat Nov 14 01:28:04 2020(r367657) +++ head/RELNOTES Sat Nov 14 01:39:27 2020(r367658) @@ -10,6 +10,14 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +r367423: + This commit added a new startup scripts variable called + nfsv4_server_only which uses the -R option on mountd added by r367026. + When nfsv4_server_only is set to "YES" in /etc/rc.conf, the NFS server + only handles NFSv4 and does not register with rpcbind. As such, rpcbind + does not need to be running. Useful for sites which consider rpcbind a + security issue. + r366267: Kernel option ACPI_DMAR was renamed to IOMMU. amd64's IOMMU subsystem was split out from amd64 DMAR support and is now generic, i.e., it can ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367423 - in head/libexec/rc: . rc.d
Author: rmacklem Date: Fri Nov 6 16:33:42 2020 New Revision: 367423 URL: https://svnweb.freebsd.org/changeset/base/367423 Log: Add support for the new mountd -R option. r376026 added a new "-R" option to mountd, which tells it to not support the Mount protocol (not used by NFSv4) and not register with rpcbind. Rpcbind is considered a security issue by some sites now. This patch adds a new yes/no variable called nfsv4_server_only. When that is set, make vfs.nfsd.server_min_vers=4 and set "=R" for mountd. Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind. While here, add a check for "load_kld nfsd" failing to nfsd. Reviewed by: 0mp MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D26938 Modified: head/libexec/rc/rc.conf head/libexec/rc/rc.d/mountd head/libexec/rc/rc.d/nfsd Modified: head/libexec/rc/rc.conf == --- head/libexec/rc/rc.conf Fri Nov 6 16:12:06 2020(r367422) +++ head/libexec/rc/rc.conf Fri Nov 6 16:33:42 2020(r367423) @@ -380,6 +380,7 @@ rpc_ypupdated_enable="NO" # Run if NIS master and Secu keyserv_enable="NO"# Run the SecureRPC keyserver (or NO). keyserv_flags="" # Flags to keyserv (if enabled). nfsv4_server_enable="NO" # Enable support for NFSv4 +nfsv4_server_only="NO" # Set NFS server to NFSv4 only nfscbd_enable="NO" # NFSv4 client side callback daemon nfscbd_flags=""# Flags for nfscbd nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon Modified: head/libexec/rc/rc.d/mountd == --- head/libexec/rc/rc.d/mountd Fri Nov 6 16:12:06 2020(r367422) +++ head/libexec/rc/rc.d/mountd Fri Nov 6 16:33:42 2020(r367423) @@ -20,13 +20,33 @@ extra_commands="reload" mountd_precmd() { - force_depend rpcbind || return 1 + # Load the modules now, so that the vfs.nfsd sysctl + # oids are available. + load_kld nfsd || return 1 + + # Do not force rpcbind to be running for an NFSv4 only server. + # + if checkyesno nfsv4_server_only; then + echo 'NFSv4 only server' + sysctl vfs.nfsd.server_min_nfsvers=4 > /dev/null + sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null + rc_flags="${rc_flags} -R" + else + force_depend rpcbind || return 1 + fi + # mountd flags will differ depending on rc.conf settings # - if checkyesno nfs_server_enable ; then + if checkyesno nfs_server_enable || checkyesno nfsv4_server_only; then if checkyesno weak_mountd_authentication; then - rc_flags="${mountd_flags} -n" + if checkyesno nfsv4_server_only; then + echo -n 'weak_mountd_authentication ' + echo -n 'incompatible with nfsv4_server_only, ' + echo 'ignored' + else + rc_flags="${rc_flags} -n" + fi fi else if checkyesno mountd_enable; then Modified: head/libexec/rc/rc.d/nfsd == --- head/libexec/rc/rc.d/nfsd Fri Nov 6 16:12:06 2020(r367422) +++ head/libexec/rc/rc.d/nfsd Fri Nov 6 16:33:42 2020(r367423) @@ -26,7 +26,7 @@ nfsd_precmd() # Load the modules now, so that the vfs.nfsd sysctl # oids are available. - load_kld nfsd + load_kld nfsd || return 1 if checkyesno nfs_reserved_port_only; then echo 'NFS on reserved port only=YES' @@ -41,12 +41,15 @@ nfsd_precmd() if checkyesno nfsv4_server_enable; then sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null - else + elif ! checkyesno nfsv4_server_only; then echo 'NFSv4 is disabled' sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null fi - force_depend rpcbind || return 1 + if ! checkyesno nfsv4_server_only; then + force_depend rpcbind || return 1 + fi + force_depend mountd || return 1 if [ -n "${nfs_server_vhost}" ]; then command_args="-V \"${nfs_server_vhost}\"" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367027 - head/usr.sbin/mountd
Author: rmacklem Date: Sat Oct 24 22:52:29 2020 New Revision: 367027 URL: https://svnweb.freebsd.org/changeset/base/367027 Log: Update man page for -R option added by r376026. This is a content change. Reviewed by: bcr MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D26746 Modified: head/usr.sbin/mountd/mountd.8 Modified: head/usr.sbin/mountd/mountd.8 == --- head/usr.sbin/mountd/mountd.8 Sat Oct 24 22:48:28 2020 (r367026) +++ head/usr.sbin/mountd/mountd.8 Sat Oct 24 22:52:29 2020 (r367027) @@ -28,7 +28,7 @@ .\" @(#)mountd.8 8.4 (Berkeley) 4/28/95 .\" $FreeBSD$ .\" -.Dd August 1, 2019 +.Dd October 11, 2020 .Dt MOUNTD 8 .Os .Sh NAME @@ -38,7 +38,7 @@ mount requests .Sh SYNOPSIS .Nm -.Op Fl 2delnrS +.Op Fl 2delnRrS .Op Fl h Ar bindip .Op Fl p Ar port .Op Ar exportsfile ... @@ -112,6 +112,17 @@ If .Nm cannot bind to this port, an appropriate error will be recorded in the system log, and the daemon will then exit. +.It Fl R +Do not support the Mount protocol and do not register with +.Xr rpcbind 8 . +This can be done for NFSv4 only servers, since the Mount protocol is not +used by NFSv4. +Useful for NFSv4 only servers that do not wish to run +.Xr rpcbind 8 . +.Xr showmount 8 +will not work, however since NFSv4 mounts are not shown by +.Xr showmount 8 , +this should not be an issue for an NFSv4 only server. .It Fl r Allow mount RPCs requests for regular files to be served. Although this seems to violate the mount protocol specification, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r367026 - head/usr.sbin/mountd
Author: rmacklem Date: Sat Oct 24 22:48:28 2020 New Revision: 367026 URL: https://svnweb.freebsd.org/changeset/base/367026 Log: Add "-R" option to tell mountd to not register with rpcbind. rpcbind is now considered a security risk for some sites. Since an NFSv4 only NFS server does not need rpcbind, it makes sense to have an option that implements this. This patch adds a "-R" option that disables the Mount protocol (not used by NFSv4) and does not register with rpcbind. Changes are required to /etc/rc.d/mountd and /etc/rc.d/nfsd. Those will be in a separate commit. Reviewed by: freqlabs, asomers MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D26746 Modified: head/usr.sbin/mountd/mountd.c Modified: head/usr.sbin/mountd/mountd.c == --- head/usr.sbin/mountd/mountd.c Sat Oct 24 22:36:20 2020 (r367025) +++ head/usr.sbin/mountd/mountd.c Sat Oct 24 22:48:28 2020 (r367026) @@ -427,8 +427,10 @@ main(int argc, char **argv) uint64_t curtime, nexttime; struct timeval tv; struct timespec tp; - sigset_t sighup_mask; + sigset_t sig_mask, sighup_mask; + int enable_rpcbind; + enable_rpcbind = 1; /* Check that another mountd isn't already running. */ pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid); if (pfh == NULL) { @@ -443,7 +445,7 @@ main(int argc, char **argv) else close(s); - while ((c = getopt(argc, argv, "2deh:lnp:rS")) != -1) + while ((c = getopt(argc, argv, "2deh:lnp:RrS")) != -1) switch (c) { case '2': force_v2 = 1; @@ -454,6 +456,10 @@ main(int argc, char **argv) case 'n': resvport_only = 0; break; + case 'R': + /* Do not support Mount protocol */ + enable_rpcbind = 0; + break; case 'r': dir_only = 0; break; @@ -498,6 +504,21 @@ main(int argc, char **argv) default: usage(); } + if (enable_rpcbind == 0) { + if (svcport_str != NULL) { + warnx("-p option not compatible with -R, ignored"); + free(svcport_str); + svcport_str = NULL; + } + if (nhosts > 0) { + warnx("-h option not compatible with -R, ignored"); + for (k = 0; k < nhosts; k++) + free(hosts[k]); + free(hosts); + hosts = NULL; + nhosts = 0; + } + } if (modfind("nfsd") < 0) { /* Not present in kernel, try loading it */ @@ -531,58 +552,61 @@ main(int argc, char **argv) pidfile_write(pfh); - rpcb_unset(MOUNTPROG, MOUNTVERS, NULL); - rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL); - rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); + if (enable_rpcbind != 0) { + rpcb_unset(MOUNTPROG, MOUNTVERS, NULL); + rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL); + rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); - if (!resvport_only) { - if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL, - &resvport_only, sizeof(resvport_only)) != 0 && - errno != ENOENT) { - syslog(LOG_ERR, "sysctl: %m"); - exit(1); + if (!resvport_only) { + if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL, + &resvport_only, sizeof(resvport_only)) != 0 && + errno != ENOENT) { + syslog(LOG_ERR, "sysctl: %m"); + exit(1); + } } - } - /* -* If no hosts were specified, add a wildcard entry to bind to -* INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the -* list. -*/ - if (nhosts == 0) { - hosts = malloc(sizeof(char *)); - if (hosts == NULL) - out_of_mem(); - hosts[0] = "*"; - nhosts = 1; - } else { - hosts_bak = hosts; - if (have_v6) { - hosts_bak = realloc(hosts, (nhosts + 2) * - sizeof(char *)); - if (hosts_bak == NULL) { - for (k = 0; k < nhosts; k++) - free(hosts[k]); - free(hosts); - out_of_
svn commit: r366595 - head/usr.sbin/mountd
Author: rmacklem Date: Sat Oct 10 00:01:40 2020 New Revision: 366595 URL: https://svnweb.freebsd.org/changeset/base/366595 Log: Modify mountd.c so that it does not always malloc 4K for the map credentials. r362163 upgraded mountd so that it could handle MAX_NGROUPS groups for the anonymous user credentials (the ones provided by -maproot and -mapall exports options). The problem is that this resulted in every export structure growing by about 4Kbytes, because the cr_groups field went from 16->MAX_NGROUPS. This patch fixes this by only including a small 32 element cr_groups in the structure and then malloc()'ng cr_groups when a larger one is needed. The value of SMALLNGROUPS is arbitrarily set to 32, assuming most users used by -maproot or -mapall will be in <= 32 groups. Reviewed by: kib, freqlabs Differential Revision:https://reviews.freebsd.org/D26521 Modified: head/usr.sbin/mountd/mountd.c Modified: head/usr.sbin/mountd/mountd.c == --- head/usr.sbin/mountd/mountd.c Fri Oct 9 23:49:42 2020 (r366594) +++ head/usr.sbin/mountd/mountd.c Sat Oct 10 00:01:40 2020 (r366595) @@ -115,11 +115,15 @@ struct dirlist { /* * maproot/mapall credentials. + * cr_smallgrps can be used for a group list up to SMALLNGROUPS in size. + * Larger group lists are malloc'd/free'd. */ +#defineSMALLNGROUPS32 struct expcred { uid_t cr_uid; int cr_ngroups; - gid_t cr_groups[NGROUPS_MAX + 1]; + gid_t cr_smallgrps[SMALLNGROUPS]; + gid_t *cr_groups; }; struct exportlist { @@ -1514,6 +1518,7 @@ get_exportlist_one(int passno) uint64_t exflags; v4root_phase = 0; + anon.cr_groups = NULL; dirhead = (struct dirlist *)NULL; while (get_line()) { if (debug) @@ -1527,6 +1532,7 @@ get_exportlist_one(int passno) * Set defaults. */ has_host = FALSE; + anon.cr_groups = anon.cr_smallgrps; anon.cr_uid = UID_NOBODY; anon.cr_ngroups = 1; anon.cr_groups[0] = GID_NOGROUP; @@ -1822,6 +1828,10 @@ nextline: free_dir(dirhead); dirhead = (struct dirlist *)NULL; } + if (anon.cr_groups != anon.cr_smallgrps) { + free(anon.cr_groups); + anon.cr_groups = NULL; + } } } @@ -2905,6 +2915,8 @@ free_exp(struct exportlist *ep) grp = grp->gr_next; free_grp(tgrp); } + if (ep->ex_defanon.cr_groups != ep->ex_defanon.cr_smallgrps) + free(ep->ex_defanon.cr_groups); free((caddr_t)ep); } @@ -3457,14 +3469,17 @@ static void parsecred(char *namelist, struct expcred *cr) { char *name; - int cnt; + int inpos; char *names; struct passwd *pw; struct group *gr; + gid_t groups[NGROUPS_MAX + 1]; + int ngroups; /* * Set up the unprivileged user. */ + cr->cr_groups = cr->cr_smallgrps; cr->cr_uid = UID_NOBODY; cr->cr_groups[0] = GID_NOGROUP; cr->cr_ngroups = 1; @@ -3487,24 +3502,28 @@ parsecred(char *namelist, struct expcred *cr) return; } cr->cr_uid = pw->pw_uid; - cr->cr_ngroups = NGROUPS_MAX + 1; - if (getgrouplist(pw->pw_name, pw->pw_gid, cr->cr_groups, - &cr->cr_ngroups)) { + ngroups = NGROUPS_MAX + 1; + if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) { syslog(LOG_ERR, "too many groups"); - cr->cr_ngroups = NGROUPS_MAX + 1; + ngroups = NGROUPS_MAX + 1; } /* * Compress out duplicate. */ - if (cr->cr_ngroups > 1 && cr->cr_groups[0] == - cr->cr_groups[1]) { - for (cnt = 2; cnt < cr->cr_ngroups; cnt++) - cr->cr_groups[cnt - 1] = cr->cr_groups[cnt]; - cr->cr_ngroups--; - } - if (cr->cr_ngroups > NGROUPS_MAX) - cr->cr_ngroups = NGROUPS_MAX; + if (ngroups > 1 && groups[0] == groups[1]) { + ngroups--; + inpos = 2; + } else + inpos = 1; + if (ngroups > NGROUPS_MAX) + ngroups = NGROUPS_MAX; + if (ngroups > SMALLNGROUPS) + cr->cr_groups = malloc(ngroups * sizeof(gid_t)); + cr->cr_ngroups = ngroups; + cr->cr_groups[0] = groups[0]; +
svn commit: r366557 - head/sys/kern
Author: rmacklem Date: Fri Oct 9 01:04:28 2020 New Revision: 366557 URL: https://svnweb.freebsd.org/changeset/base/366557 Log: Make vn_generic_copy_file_range() interruptible via a signal. Without this patch, when vn_generic_copy_file_range() is doing a large copy, it will remain in the function for a considerable amount of time, delaying handling of any outstanding signals until the copy completes. This patch adds checks for signals that need to be processed after each successful data copy cycle. When sig_intr() returns non-zero, vn_generic_copy_file_range() will return. The check "if (len < savlen)" ensures that some data has been copied, so that progress will be made. Note that, since copy_file_range(2) is allowed to return fewer bytes copied than requested, it will never return EINTR/ERESTART when sig_intr() returns non-zero. Reviewed by: kib, asomers Differential Revision:https://reviews.freebsd.org/D26620 Modified: head/sys/kern/vfs_vnops.c Modified: head/sys/kern/vfs_vnops.c == --- head/sys/kern/vfs_vnops.c Fri Oct 9 00:27:45 2020(r366556) +++ head/sys/kern/vfs_vnops.c Fri Oct 9 01:04:28 2020(r366557) @@ -3017,7 +3017,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t * struct uio io; off_t startoff, endoff, xfer, xfer2; u_long blksize; - int error; + int error, interrupted; bool cantseek, readzeros, eof, lastblock; ssize_t aresid; size_t copylen, len, rem, savlen; @@ -3027,6 +3027,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t * holein = holeout = 0; savlen = len = *lenp; error = 0; + interrupted = 0; dat = NULL; error = vn_lock(invp, LK_SHARED); @@ -3116,7 +3117,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t * * support holes on the server, but do not support FIOSEEKHOLE. */ eof = false; - while (len > 0 && error == 0 && !eof) { + while (len > 0 && error == 0 && !eof && interrupted == 0) { endoff = 0; /* To shut up compilers. */ cantseek = true; startoff = *inoffp; @@ -3177,6 +3178,8 @@ vn_generic_copy_file_range(struct vnode *invp, off_t * *inoffp += xfer; *outoffp += xfer; len -= xfer; + if (len < savlen) + interrupted = sig_intr(); } } copylen = MIN(len, endoff - startoff); @@ -3198,7 +3201,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t * xfer -= (*inoffp % blksize); } /* Loop copying the data block. */ - while (copylen > 0 && error == 0 && !eof) { + while (copylen > 0 && error == 0 && !eof && interrupted == 0) { if (copylen < xfer) xfer = copylen; error = vn_lock(invp, LK_SHARED); @@ -3239,6 +3242,8 @@ vn_generic_copy_file_range(struct vnode *invp, off_t * *outoffp += xfer; copylen -= xfer; len -= xfer; + if (len < savlen) + interrupted = sig_intr(); } } xfer = blksize; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r366429 - in head/sys: kern sys
Mateusz Guzik wrote: >Why is the process lock always taken? It looks like both routines just >check a thread-local flag, so perhaps this can get away without >serializing this process-wide? I did spot this slight difference between the initial version of sig_intr() and this one. At least w.r.t. copy_file_range(2), the call happens infrequently enough that the overhead of acquiring the lock is not significant. rick On 10/4/20, Konstantin Belousov wrote: > Author: kib > Date: Sun Oct 4 16:33:42 2020 > New Revision: 366429 > URL: https://svnweb.freebsd.org/changeset/base/366429 > > Log: > Add sig_intr(9). > > It gives the answer would the thread sleep according to current state > of signals and suspensions. Of course the answer is racy and allows > for false-negatives (no sleep when signal is delivered after process > lock is dropped). Also the answer might change due to signal > rescheduling among threads in multi-threaded process. > > Still it is the best approximation I can provide, to answering the > question was the thread interrupted. > > Reviewed by:markj > Tested by: pho, rmacklem > Sponsored by: The FreeBSD Foundation > MFC after: 2 weeks > Differential revision: https://reviews.freebsd.org/D26628 > > Modified: > head/sys/kern/kern_sig.c > head/sys/sys/signalvar.h > > Modified: head/sys/kern/kern_sig.c > == > --- head/sys/kern/kern_sig.c Sun Oct 4 16:30:05 2020(r366428) > +++ head/sys/kern/kern_sig.c Sun Oct 4 16:33:42 2020(r366429) > @@ -3204,6 +3204,24 @@ sig_ast_needsigchk(struct thread *td) > return (ret); > } > > +int > +sig_intr(void) > +{ > + struct thread *td; > + struct proc *p; > + int ret; > + > + td = curthread; > + p = td->td_proc; > + > + PROC_LOCK(p); > + ret = sig_ast_checksusp(td); > + if (ret == 0) > + ret = sig_ast_needsigchk(td); > + PROC_UNLOCK(p); > + return (ret); > +} > + > void > proc_wkilled(struct proc *p) > { > > Modified: head/sys/sys/signalvar.h > == > --- head/sys/sys/signalvar.h Sun Oct 4 16:30:05 2020(r366428) > +++ head/sys/sys/signalvar.h Sun Oct 4 16:33:42 2020(r366429) > @@ -408,6 +408,7 @@ int sig_ffs(sigset_t *set); > void sigfastblock_clear(struct thread *td); > void sigfastblock_fetch(struct thread *td); > void sigfastblock_setpend(struct thread *td, bool resched); > +int sig_intr(void); > void siginit(struct proc *p); > void signotify(struct thread *td); > void sigqueue_delete(struct sigqueue *queue, int sig); > ___ > svn-src-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org" > -- Mateusz Guzik ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366303 - head/sys/fs/nfsclient
Author: rmacklem Date: Thu Oct 1 00:47:35 2020 New Revision: 366303 URL: https://svnweb.freebsd.org/changeset/base/366303 Log: Modify the NFSv4.2 VOP_COPY_FILE_RANGE() client call to return after one successful RPC. Without this patch, the NFSv4.2 VOP_COPY_FILE_RANGE() client call would loop until the copy "len" was completed. The problem with doing this is that it might take a considerable time to complete for a large "len". By returning after a single successful Copy RPC that copied some of the data, the application that did the copy_file_range(2) syscall will be more responsive to signal delivery for large "len" copies. Modified: head/sys/fs/nfsclient/nfs_clvnops.c Modified: head/sys/fs/nfsclient/nfs_clvnops.c == --- head/sys/fs/nfsclient/nfs_clvnops.c Thu Oct 1 00:33:44 2020 (r366302) +++ head/sys/fs/nfsclient/nfs_clvnops.c Thu Oct 1 00:47:35 2020 (r366303) @@ -3638,7 +3638,7 @@ nfs_copy_file_range(struct vop_copy_file_range_args *a struct vattr *vap; struct uio io; struct nfsmount *nmp; - size_t len, len2, copiedlen; + size_t len, len2; int error, inattrflag, outattrflag, ret, ret2; off_t inoff, outoff; bool consecutive, must_commit, tryoutcred; @@ -3731,7 +3731,11 @@ nfs_copy_file_range(struct vop_copy_file_range_args *a } else error = 0; } - copiedlen = 0; + + /* +* len will be set to 0 upon a successful Copy RPC. +* As such, this only loops when the Copy RPC needs to be retried. +*/ while (len > 0 && error == 0) { inattrflag = outattrflag = 0; len2 = len; @@ -3761,18 +3765,9 @@ nfs_copy_file_range(struct vop_copy_file_range_args *a } else error = NFSERR_OFFLOADNOREQS; } - /* -* If the Copy returns a length == 0, it hit the -* EOF on the input file. -*/ - if (len2 == 0) { - *ap->a_lenp = copiedlen; - len = 0; - } else { - len -= len2; - copiedlen += len2; - } - if (len == 0 && must_commit && error == 0) + *ap->a_lenp = len2; + len = 0; + if (len2 > 0 && must_commit && error == 0) error = ncl_commit(outvp, outoff, *ap->a_lenp, ap->a_outcred, curthread); if (error == 0 && ret != 0) @@ -3783,6 +3778,9 @@ nfs_copy_file_range(struct vop_copy_file_range_args *a /* * Try consecutive == false, which is ok only if all * bytes are copied. +* If only some bytes were copied when consecutive +* is false, there is no way to know which bytes +* still need to be written. */ consecutive = false; error = 0; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366302 - head/sys/kern
Author: rmacklem Date: Thu Oct 1 00:33:44 2020 New Revision: 366302 URL: https://svnweb.freebsd.org/changeset/base/366302 Log: Clip the "len" argument to vn_generic_copy_file_range() at a hole size boundary. By clipping the len argument of vn_generic_copy_file_range() to end at an exact multiple of hole size, holes are more likely to be maintained during the copy. A hole can still straddle the boundary at the end of the copy range, resulting in a block being allocated in the output file as it is being grown in size, but this will reduce the likelyhood of this happening. While here, also modify setting of blksize to better handle the case where _PC_MIN_HOLE_SIZE is returned as 1. Reviewed by: asomers Differential Revision:https://reviews.freebsd.org/D26570 Modified: head/sys/kern/vfs_vnops.c Modified: head/sys/kern/vfs_vnops.c == --- head/sys/kern/vfs_vnops.c Wed Sep 30 22:41:24 2020(r366301) +++ head/sys/kern/vfs_vnops.c Thu Oct 1 00:33:44 2020(r366302) @@ -3020,7 +3020,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t * int error; bool cantseek, readzeros, eof, lastblock; ssize_t aresid; - size_t copylen, len, savlen; + size_t copylen, len, rem, savlen; char *dat; long holein, holeout; @@ -3089,7 +3089,17 @@ vn_generic_copy_file_range(struct vnode *invp, off_t * * This value is clipped at 4Kbytes and 1Mbyte. */ blksize = MAX(holein, holeout); - if (blksize == 0) + + /* Clip len to end at an exact multiple of hole size. */ + if (blksize > 1) { + rem = *inoffp % blksize; + if (rem > 0) + rem = blksize - rem; + if (len - rem > blksize) + len = savlen = rounddown(len - rem, blksize) + rem; + } + + if (blksize <= 1) blksize = MAX(invp->v_mount->mnt_stat.f_iosize, outvp->v_mount->mnt_stat.f_iosize); if (blksize < 4096) ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366278 - head/sys/kern
Author: rmacklem Date: Wed Sep 30 02:18:09 2020 New Revision: 366278 URL: https://svnweb.freebsd.org/changeset/base/366278 Log: Make copy_file_range(2) Linux compatible for overflow of offset + len. Without this patch, if a call to copy_file_range(2) specifies an input file offset + len that would wrap around, EINVAL is returned. I thought that was the Linux behaviour, but recent testing showed that Linux accepts this case and does the copy_file_range() to EOF. This patch changes the FreeBSD code to exhibit the same behaviour as Linux for this case. Reviewed by: asomers, kib Differential Revision:https://reviews.freebsd.org/D26569 Modified: head/sys/kern/vfs_vnops.c Modified: head/sys/kern/vfs_vnops.c == --- head/sys/kern/vfs_vnops.c Wed Sep 30 00:56:08 2020(r366277) +++ head/sys/kern/vfs_vnops.c Wed Sep 30 02:18:09 2020(r366278) @@ -2790,25 +2790,31 @@ vn_copy_file_range(struct vnode *invp, off_t *inoffp, { int error; size_t len; - uint64_t uvalin, uvalout; + uint64_t uval; len = *lenp; *lenp = 0; /* For error returns. */ error = 0; /* Do some sanity checks on the arguments. */ - uvalin = *inoffp; - uvalin += len; - uvalout = *outoffp; - uvalout += len; if (invp->v_type == VDIR || outvp->v_type == VDIR) error = EISDIR; - else if (*inoffp < 0 || uvalin > INT64_MAX || uvalin < - (uint64_t)*inoffp || *outoffp < 0 || uvalout > INT64_MAX || - uvalout < (uint64_t)*outoffp || invp->v_type != VREG || - outvp->v_type != VREG) + else if (*inoffp < 0 || *outoffp < 0 || + invp->v_type != VREG || outvp->v_type != VREG) error = EINVAL; if (error != 0) + goto out; + + /* Ensure offset + len does not wrap around. */ + uval = *inoffp; + uval += len; + if (uval > INT64_MAX) + len = INT64_MAX - *inoffp; + uval = *outoffp; + uval += len; + if (uval > INT64_MAX) + len = INT64_MAX - *outoffp; + if (len == 0) goto out; /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366256 - releng/12.2/sys/fs/nfsserver
Author: rmacklem Date: Tue Sep 29 15:09:38 2020 New Revision: 366256 URL: https://svnweb.freebsd.org/changeset/base/366256 Log: MFS: r366238 Bjorn reported a problem where the Linux NFSv4.1 client is using an open_to_lock_owner4 when that lock_owner4 has already been created by a previous open_to_lock_owner4. This caused the NFS server to reply NFSERR_INVAL. For NFSv4.0, this is an error, although the updated NFSv4.0 RFC7530 notes that the correct error reply is NFSERR_BADSEQID (RFC3530 did not specify what error to return). For NFSv4.1, it is not obvious whether or not this is allowed by RFC5661, but the NFSv4.1 server can handle this case without error. This patch changes the NFSv4.1 (and NFSv4.2) server to handle multiple uses of the same lock_owner in open_to_lock_owner so that it now correctly interoperates with the Linux NFS client. It also changes the error returned for NFSv4.0 to be NFSERR_BADSEQID. Thanks go to Bjorn for diagnosing this and testing the patch. He also provided a program that I could use to reproduce the problem. PR: 249567 Approved by: re (gjb) Modified: releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: releng/12.2/ (props changed) Modified: releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.c == --- releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.cTue Sep 29 14:59:41 2020(r366255) +++ releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.cTue Sep 29 15:09:38 2020(r366256) @@ -1871,14 +1871,20 @@ tryagain: } if (!error) nfsrv_getowner(&stp->ls_open, new_stp, &lckstp); - if (lckstp) + if (lckstp) { /* -* I believe this should be an error, but it -* isn't obvious what NFSERR_xxx would be -* appropriate, so I'll use NFSERR_INVAL for now. +* For NFSv4.1 and NFSv4.2 allow an +* open_to_lock_owner when the lock_owner already +* exists. Just clear NFSLCK_OPENTOLOCK so that +* a new lock_owner will not be created. +* RFC7530 states that the error for NFSv4.0 +* is NFS4ERR_BAD_SEQID. */ - error = NFSERR_INVAL; - else + if ((nd->nd_flag & ND_NFSV41) != 0) + new_stp->ls_flags &= ~NFSLCK_OPENTOLOCK; + else + error = NFSERR_BADSEQID; + } else lckstp = new_stp; } else if (new_stp->ls_flags&(NFSLCK_LOCK|NFSLCK_UNLOCK)) { /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366241 - stable/11/sys/fs/nfsserver
Author: rmacklem Date: Tue Sep 29 02:03:24 2020 New Revision: 366241 URL: https://svnweb.freebsd.org/changeset/base/366241 Log: MFC: r366189 Bjorn reported a problem where the Linux NFSv4.1 client is using an open_to_lock_owner4 when that lock_owner4 has already been created by a previous open_to_lock_owner4. This caused the NFS server to reply NFSERR_INVAL. For NFSv4.0, this is an error, although the updated NFSv4.0 RFC7530 notes that the correct error reply is NFSERR_BADSEQID (RFC3530 did not specify what error to return). For NFSv4.1, it is not obvious whether or not this is allowed by RFC5661, but the NFSv4.1 server can handle this case without error. This patch changes the NFSv4.1 (and NFSv4.2) server to handle multiple uses of the same lock_owner in open_to_lock_owner so that it now correctly interoperates with the Linux NFS client. It also changes the error returned for NFSv4.0 to be NFSERR_BADSEQID. Thanks go to Bjorn for diagnosing this and testing the patch. He also provided a program that I could use to reproduce the problem. PR: 249567 Reported by: b...@cebitec.uni-bielefeld.de Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Tue Sep 29 01:56:21 2020 (r366240) +++ stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Tue Sep 29 02:03:24 2020 (r366241) @@ -1799,14 +1799,20 @@ tryagain: } if (!error) nfsrv_getowner(&stp->ls_open, new_stp, &lckstp); - if (lckstp) + if (lckstp) { /* -* I believe this should be an error, but it -* isn't obvious what NFSERR_xxx would be -* appropriate, so I'll use NFSERR_INVAL for now. +* For NFSv4.1 and NFSv4.2 allow an +* open_to_lock_owner when the lock_owner already +* exists. Just clear NFSLCK_OPENTOLOCK so that +* a new lock_owner will not be created. +* RFC7530 states that the error for NFSv4.0 +* is NFS4ERR_BAD_SEQID. */ - error = NFSERR_INVAL; - else + if ((nd->nd_flag & ND_NFSV41) != 0) + new_stp->ls_flags &= ~NFSLCK_OPENTOLOCK; + else + error = NFSERR_BADSEQID; + } else lckstp = new_stp; } else if (new_stp->ls_flags&(NFSLCK_LOCK|NFSLCK_UNLOCK)) { /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366238 - stable/12/sys/fs/nfsserver
Author: rmacklem Date: Tue Sep 29 01:52:53 2020 New Revision: 366238 URL: https://svnweb.freebsd.org/changeset/base/366238 Log: MFC: r366189 Bjorn reported a problem where the Linux NFSv4.1 client is using an open_to_lock_owner4 when that lock_owner4 has already been created by a previous open_to_lock_owner4. This caused the NFS server to reply NFSERR_INVAL. For NFSv4.0, this is an error, although the updated NFSv4.0 RFC7530 notes that the correct error reply is NFSERR_BADSEQID (RFC3530 did not specify what error to return). For NFSv4.1, it is not obvious whether or not this is allowed by RFC5661, but the NFSv4.1 server can handle this case without error. This patch changes the NFSv4.1 (and NFSv4.2) server to handle multiple uses of the same lock_owner in open_to_lock_owner so that it now correctly interoperates with the Linux NFS client. It also changes the error returned for NFSv4.0 to be NFSERR_BADSEQID. Thanks go to Bjorn for diagnosing this and testing the patch. He also provided a program that I could use to reproduce the problem. PR: 249567 Reported by: b...@cebitec.uni-bielefeld.de Modified: stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Tue Sep 29 00:20:58 2020 (r366237) +++ stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Tue Sep 29 01:52:53 2020 (r366238) @@ -1871,14 +1871,20 @@ tryagain: } if (!error) nfsrv_getowner(&stp->ls_open, new_stp, &lckstp); - if (lckstp) + if (lckstp) { /* -* I believe this should be an error, but it -* isn't obvious what NFSERR_xxx would be -* appropriate, so I'll use NFSERR_INVAL for now. +* For NFSv4.1 and NFSv4.2 allow an +* open_to_lock_owner when the lock_owner already +* exists. Just clear NFSLCK_OPENTOLOCK so that +* a new lock_owner will not be created. +* RFC7530 states that the error for NFSv4.0 +* is NFS4ERR_BAD_SEQID. */ - error = NFSERR_INVAL; - else + if ((nd->nd_flag & ND_NFSV41) != 0) + new_stp->ls_flags &= ~NFSLCK_OPENTOLOCK; + else + error = NFSERR_BADSEQID; + } else lckstp = new_stp; } else if (new_stp->ls_flags&(NFSLCK_LOCK|NFSLCK_UNLOCK)) { /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366189 - head/sys/fs/nfsserver
Author: rmacklem Date: Sat Sep 26 23:05:38 2020 New Revision: 366189 URL: https://svnweb.freebsd.org/changeset/base/366189 Log: Bjorn reported a problem where the Linux NFSv4.1 client is using an open_to_lock_owner4 when that lock_owner4 has already been created by a previous open_to_lock_owner4. This caused the NFS server to reply NFSERR_INVAL. For NFSv4.0, this is an error, although the updated NFSv4.0 RFC7530 notes that the correct error reply is NFSERR_BADSEQID (RFC3530 did not specify what error to return). For NFSv4.1, it is not obvious whether or not this is allowed by RFC5661, but the NFSv4.1 server can handle this case without error. This patch changes the NFSv4.1 (and NFSv4.2) server to handle multiple uses of the same lock_owner in open_to_lock_owner so that it now correctly interoperates with the Linux NFS client. It also changes the error returned for NFSv4.0 to be NFSERR_BADSEQID. Thanks go to Bjorn for diagnosing this and testing the patch. He also provided a program that I could use to reproduce the problem. Tested by:b...@cebitec.uni-bielefeld.de (Bjorn Fischer) PR: 249567 Reported by: b...@cebitec.uni-bielefeld.de (Bjorn Fischer) MFC after:3 days Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c == --- head/sys/fs/nfsserver/nfs_nfsdstate.c Sat Sep 26 21:47:11 2020 (r366188) +++ head/sys/fs/nfsserver/nfs_nfsdstate.c Sat Sep 26 23:05:38 2020 (r366189) @@ -1870,14 +1870,20 @@ tryagain: } if (!error) nfsrv_getowner(&stp->ls_open, new_stp, &lckstp); - if (lckstp) + if (lckstp) { /* -* I believe this should be an error, but it -* isn't obvious what NFSERR_xxx would be -* appropriate, so I'll use NFSERR_INVAL for now. +* For NFSv4.1 and NFSv4.2 allow an +* open_to_lock_owner when the lock_owner already +* exists. Just clear NFSLCK_OPENTOLOCK so that +* a new lock_owner will not be created. +* RFC7530 states that the error for NFSv4.0 +* is NFS4ERR_BAD_SEQID. */ - error = NFSERR_INVAL; - else + if ((nd->nd_flag & ND_NFSV41) != 0) + new_stp->ls_flags &= ~NFSLCK_OPENTOLOCK; + else + error = NFSERR_BADSEQID; + } else lckstp = new_stp; } else if (new_stp->ls_flags&(NFSLCK_LOCK|NFSLCK_UNLOCK)) { /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366134 - stable/11/sys/fs/nfsserver
Author: rmacklem Date: Fri Sep 25 00:58:10 2020 New Revision: 366134 URL: https://svnweb.freebsd.org/changeset/base/366134 Log: MFC: r365895 Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures in nfsrv_checksequence(). This was fixed by r365789. A similar bug exists in nfsrv_bindconnsess(), where SVC_RELEASE() is called while mutexes are held. This patch applies a fix similar to r365789, moving the SVC_RELEASE() call down to after the mutexes are released. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_bindconnsess() down a few lines to below where the mutex is released. Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Fri Sep 25 00:36:59 2020 (r366133) +++ stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Fri Sep 25 00:58:10 2020 (r366134) @@ -6282,6 +6282,7 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t int error; error = 0; + savxprt = NULL; shp = NFSSESSIONHASH(sessionid); NFSLOCKSTATE(); NFSLOCKSESSION(shp); @@ -6309,8 +6310,6 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t /* Disable idle timeout. */ nd->nd_xprt->xp_idletimeout = 0; sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); sep->sess_crflags |= NFSV4CRSESS_CONNBACKCHAN; clp->lc_flags |= LCL_DONEBINDCONN; if (*foreaftp == NFSCDFS4_BACK) @@ -6337,6 +6336,8 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t error = NFSERR_BADSESSION; NFSUNLOCKSESSION(shp); NFSUNLOCKSTATE(); + if (savxprt != NULL) + SVC_RELEASE(savxprt); return (error); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366120 - releng/12.2/sys/fs/nfsserver
Author: rmacklem Date: Thu Sep 24 16:21:30 2020 New Revision: 366120 URL: https://svnweb.freebsd.org/changeset/base/366120 Log: MFS: r366050, r366117 Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures. The code in nfsrv_checksequence() and nfsrv_bindconnsess() would call SVC_RELEASE() with mutex(es) held. Normally this is ok, since all that happens is SVC_RELEASE() decrements the reference count. However, if the socket has just been shut down, SVC_RELEASE() drops the reference count to 0 and acquires a sleep lock during destruction of the server side krpc structure. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_checksequence() and nfsrv_bindconnsess() down a few lines to below where the mutex(es) are released. Approved by: re (gjb) Modified: releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: releng/12.2/ (props changed) Modified: releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.c == --- releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.cThu Sep 24 16:11:53 2020(r366119) +++ releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.cThu Sep 24 16:21:30 2020(r366120) @@ -6214,6 +6214,7 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_ * bound as well, do the implicit binding unless a * BindConnectiontoSession has already been done on the session. */ + savxprt = NULL; if (sep->sess_clp->lc_req.nr_client != NULL && sep->sess_cbsess.nfsess_xprt != nd->nd_xprt && (sep->sess_crflags & NFSV4CRSESS_CONNBACKCHAN) != 0 && @@ -6226,14 +6227,14 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_ sep->sess_clp->lc_req.nr_client->cl_private; nd->nd_xprt->xp_idletimeout = 0;/* Disable timeout. */ sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); } *sflagsp = 0; if (sep->sess_clp->lc_req.nr_client == NULL) *sflagsp |= NFSV4SEQ_CBPATHDOWN; NFSUNLOCKSESSION(shp); + if (savxprt != NULL) + SVC_RELEASE(savxprt); if (error == NFSERR_EXPIRED) { *sflagsp |= NFSV4SEQ_EXPIREDALLSTATEREVOKED; error = 0; @@ -6404,6 +6405,7 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t int error; error = 0; + savxprt = NULL; shp = NFSSESSIONHASH(sessionid); NFSLOCKSTATE(); NFSLOCKSESSION(shp); @@ -6431,8 +6433,6 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t /* Disable idle timeout. */ nd->nd_xprt->xp_idletimeout = 0; sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); sep->sess_crflags |= NFSV4CRSESS_CONNBACKCHAN; clp->lc_flags |= LCL_DONEBINDCONN; if (*foreaftp == NFSCDFS4_BACK) @@ -6459,6 +6459,8 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t error = NFSERR_BADSESSION; NFSUNLOCKSESSION(shp); NFSUNLOCKSTATE(); + if (savxprt != NULL) + SVC_RELEASE(savxprt); return (error); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366117 - stable/12/sys/fs/nfsserver
Author: rmacklem Date: Thu Sep 24 15:34:47 2020 New Revision: 366117 URL: https://svnweb.freebsd.org/changeset/base/366117 Log: MFC: r365895 Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures in nfsrv_checksequence(). This was fixed by r365789. A similar bug exists in nfsrv_bindconnsess(), where SVC_RELEASE() is called while mutexes are held. This patch applies a fix similar to r365789, moving the SVC_RELEASE() call down to after the mutexes are released. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_bindconnsess() down a few lines to below where the mutexes are released. Modified: stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Thu Sep 24 14:59:10 2020 (r366116) +++ stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Thu Sep 24 15:34:47 2020 (r366117) @@ -6405,6 +6405,7 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t int error; error = 0; + savxprt = NULL; shp = NFSSESSIONHASH(sessionid); NFSLOCKSTATE(); NFSLOCKSESSION(shp); @@ -6432,8 +6433,6 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t /* Disable idle timeout. */ nd->nd_xprt->xp_idletimeout = 0; sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); sep->sess_crflags |= NFSV4CRSESS_CONNBACKCHAN; clp->lc_flags |= LCL_DONEBINDCONN; if (*foreaftp == NFSCDFS4_BACK) @@ -6460,6 +6459,8 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t error = NFSERR_BADSESSION; NFSUNLOCKSESSION(shp); NFSUNLOCKSTATE(); + if (savxprt != NULL) + SVC_RELEASE(savxprt); return (error); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366116 - releng/12.2/sys/fs/nfsserver
Author: rmacklem Date: Thu Sep 24 14:59:10 2020 New Revision: 366116 URL: https://svnweb.freebsd.org/changeset/base/366116 Log: MFS: r365703 Fix a case where the NFSv4.0 server might crash if delegations are enabled. asomers@ reported a crash on an NFSv4.0 server with a backtrace of: kdb_backtrace vpanic panic nfsrv_docallback nfsrv_checkgetattr nfsrvd_getattr nfsrvd_dorpc nfssvc_program svc_run_internal svc_thread_start fork_exit fork_trampoline where the panic message was "docallb", which indicates that a callback was attempted when the ClientID is unconfirmed. This would not normally occur, but it is possible to have an unconfirmed ClientID structure with delegation structure(s) chained off it if the client were to issue a SetClientID with the same "id" but different "verifier" after acquiring delegations on the previously confirmed ClientID. The bug appears to be that nfsrv_checkgetattr() failed to check for this uncommon case of an unconfirmed ClientID with a delegation structure that no longer refers to a delegation the client knows about. This patch adds a check for this case, handling it as if no delegation exists, which is the case when the above occurs. Although difficult to reproduce, this change should avoid the panic(). PR: 249127 Approved by: re (gjb) Modified: releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: releng/12.2/ (props changed) Modified: releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.c == --- releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.cThu Sep 24 14:42:22 2020(r366115) +++ releng/12.2/sys/fs/nfsserver/nfs_nfsdstate.cThu Sep 24 14:59:10 2020(r366116) @@ -5692,8 +5692,14 @@ nfsrv_checkgetattr(struct nfsrv_descript *nd, vnode_t goto out; } clp = stp->ls_clp; - delegfilerev = stp->ls_filerev; + /* If the clientid is not confirmed, ignore the delegation. */ + if (clp->lc_flags & LCL_NEEDSCONFIRM) { + NFSUNLOCKSTATE(); + goto out; + } + + delegfilerev = stp->ls_filerev; /* * If the Write delegation was issued as a part of this Compound RPC * or if we have an Implied Clientid (used in a previous Op in this ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366052 - stable/11/sys/fs/nfsserver
Author: rmacklem Date: Wed Sep 23 01:56:21 2020 New Revision: 366052 URL: https://svnweb.freebsd.org/changeset/base/366052 Log: MFC: r365789 Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures. The code in nfsrv_checksequence() would call SVC_RELEASE() with the mutex held. Normally this is ok, since all that happens is SVC_RELEASE() decrements a reference count. However, if the socket has just been shut down, SVC_RELEASE() drops the reference count to 0 and acquires a sleep lock during destruction of the server side krpc structure. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_checksequence() down a few lines to below where the mutex is released. Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Wed Sep 23 01:51:01 2020 (r366051) +++ stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Wed Sep 23 01:56:21 2020 (r366052) @@ -6091,6 +6091,7 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_ * bound as well, do the implicit binding unless a * BindConnectiontoSession has already been done on the session. */ + savxprt = NULL; if (sep->sess_clp->lc_req.nr_client != NULL && sep->sess_cbsess.nfsess_xprt != nd->nd_xprt && (sep->sess_crflags & NFSV4CRSESS_CONNBACKCHAN) != 0 && @@ -6103,14 +6104,14 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_ sep->sess_clp->lc_req.nr_client->cl_private; nd->nd_xprt->xp_idletimeout = 0;/* Disable timeout. */ sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); } *sflagsp = 0; if (sep->sess_clp->lc_req.nr_client == NULL) *sflagsp |= NFSV4SEQ_CBPATHDOWN; NFSUNLOCKSESSION(shp); + if (savxprt != NULL) + SVC_RELEASE(savxprt); if (error == NFSERR_EXPIRED) { *sflagsp |= NFSV4SEQ_EXPIREDALLSTATEREVOKED; error = 0; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r366050 - stable/12/sys/fs/nfsserver
Author: rmacklem Date: Wed Sep 23 01:49:50 2020 New Revision: 366050 URL: https://svnweb.freebsd.org/changeset/base/366050 Log: MFC: r365789 Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures. The code in nfsrv_checksequence() would call SVC_RELEASE() with the mutex held. Normally this is ok, since all that happens is SVC_RELEASE() decrements a reference count. However, if the socket has just been shut down, SVC_RELEASE() drops the reference count to 0 and acquires a sleep lock during destruction of the server side krpc structure. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_checksequence() down a few lines to below where the mutex is released. Modified: stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Wed Sep 23 01:49:37 2020 (r366049) +++ stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Wed Sep 23 01:49:50 2020 (r366050) @@ -6214,6 +6214,7 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_ * bound as well, do the implicit binding unless a * BindConnectiontoSession has already been done on the session. */ + savxprt = NULL; if (sep->sess_clp->lc_req.nr_client != NULL && sep->sess_cbsess.nfsess_xprt != nd->nd_xprt && (sep->sess_crflags & NFSV4CRSESS_CONNBACKCHAN) != 0 && @@ -6226,14 +6227,14 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_ sep->sess_clp->lc_req.nr_client->cl_private; nd->nd_xprt->xp_idletimeout = 0;/* Disable timeout. */ sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); } *sflagsp = 0; if (sep->sess_clp->lc_req.nr_client == NULL) *sflagsp |= NFSV4SEQ_CBPATHDOWN; NFSUNLOCKSESSION(shp); + if (savxprt != NULL) + SVC_RELEASE(savxprt); if (error == NFSERR_EXPIRED) { *sflagsp |= NFSV4SEQ_EXPIREDALLSTATEREVOKED; error = 0; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365935 - stable/11/sys/fs/nfsserver
Author: rmacklem Date: Mon Sep 21 01:39:00 2020 New Revision: 365935 URL: https://svnweb.freebsd.org/changeset/base/365935 Log: MFC: r365703 Fix a case where the NFSv4.0 server might crash if delegations are enabled. asomers@ reported a crash on an NFSv4.0 server with a backtrace of: kdb_backtrace vpanic panic nfsrv_docallback nfsrv_checkgetattr nfsrvd_getattr nfsrvd_dorpc nfssvc_program svc_run_internal svc_thread_start fork_exit fork_trampoline where the panic message was "docallb", which indicates that a callback was attempted when the ClientID is unconfirmed. This would not normally occur, but it is possible to have an unconfirmed ClientID structure with delegation structure(s) chained off it if the client were to issue a SetClientID with the same "id" but different "verifier" after acquiring delegations on the previously confirmed ClientID. The bug appears to be that nfsrv_checkgetattr() failed to check for this uncommon case of an unconfirmed ClientID with a delegation structure that no longer refers to a delegation the client knows about. This patch adds a check for this case, handling it as if no delegation exists, which is the case when the above occurs. Although difficult to reproduce, this change should avoid the panic(). PR: 249127 Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Mon Sep 21 00:50:32 2020 (r365934) +++ stable/11/sys/fs/nfsserver/nfs_nfsdstate.c Mon Sep 21 01:39:00 2020 (r365935) @@ -5572,8 +5572,14 @@ nfsrv_checkgetattr(struct nfsrv_descript *nd, vnode_t goto out; } clp = stp->ls_clp; - delegfilerev = stp->ls_filerev; + /* If the clientid is not confirmed, ignore the delegation. */ + if (clp->lc_flags & LCL_NEEDSCONFIRM) { + NFSUNLOCKSTATE(); + goto out; + } + + delegfilerev = stp->ls_filerev; /* * If the Write delegation was issued as a part of this Compound RPC * or if we have an Implied Clientid (used in a previous Op in this ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365934 - stable/12/sys/fs/nfsserver
Author: rmacklem Date: Mon Sep 21 00:50:32 2020 New Revision: 365934 URL: https://svnweb.freebsd.org/changeset/base/365934 Log: MFC: r365703 Fix a case where the NFSv4.0 server might crash if delegations are enabled. asomers@ reported a crash on an NFSv4.0 server with a backtrace of: kdb_backtrace vpanic panic nfsrv_docallback nfsrv_checkgetattr nfsrvd_getattr nfsrvd_dorpc nfssvc_program svc_run_internal svc_thread_start fork_exit fork_trampoline where the panic message was "docallb", which indicates that a callback was attempted when the ClientID is unconfirmed. This would not normally occur, but it is possible to have an unconfirmed ClientID structure with delegation structure(s) chained off it if the client were to issue a SetClientID with the same "id" but different "verifier" after acquiring delegations on the previously confirmed ClientID. The bug appears to be that nfsrv_checkgetattr() failed to check for this uncommon case of an unconfirmed ClientID with a delegation structure that no longer refers to a delegation the client knows about. This patch adds a check for this case, handling it as if no delegation exists, which is the case when the above occurs. Although difficult to reproduce, this change should avoid the panic(). PR: 249127 Modified: stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/fs/nfsserver/nfs_nfsdstate.c == --- stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Mon Sep 21 00:31:06 2020 (r365933) +++ stable/12/sys/fs/nfsserver/nfs_nfsdstate.c Mon Sep 21 00:50:32 2020 (r365934) @@ -5692,8 +5692,14 @@ nfsrv_checkgetattr(struct nfsrv_descript *nd, vnode_t goto out; } clp = stp->ls_clp; - delegfilerev = stp->ls_filerev; + /* If the clientid is not confirmed, ignore the delegation. */ + if (clp->lc_flags & LCL_NEEDSCONFIRM) { + NFSUNLOCKSTATE(); + goto out; + } + + delegfilerev = stp->ls_filerev; /* * If the Write delegation was issued as a part of this Compound RPC * or if we have an Implied Clientid (used in a previous Op in this ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r365643 - head/bin/cp
Alan Somers wrote: >On Sat, Sep 19, 2020 at 5:32 PM Konstantin Belousov >mailto:kostik...@gmail.com>> wrote: >On Sat, Sep 19, 2020 at 11:18:56PM +0000, Rick Macklem wrote: >> Alan Somers wrote: >> >On Fri, Sep 11, 2020 at 3:52 PM Rick Macklem >> >mailto:rmack...@uoguelph.ca><mailto:rmack...@uoguelph.ca<mailto:rmack...@uoguelph.ca>>> >> > wrote: >> >Konstantin Belousov wrote: >> >>On Fri, Sep 11, 2020 at 08:49:36PM +, Alan Somers wrote: >> >>> Author: asomers >> >>> Date: Fri Sep 11 20:49:36 2020 >> >>> New Revision: 365643 >> >>> URL: https://svnweb.freebsd.org/changeset/base/365643 >> >>> >> >>> Log: >> >>> cp: fall back to read/write if copy_file_range fails >> >>> >> >>> Even though copy_file_range has a file-system agnostic version, it >> >>> still >> >>> fails on devfs (perhaps because the file descriptor is non-seekable?) >> >>> In >> >>> that case, fallback to old-fashioned read/write. Fixes >> >>> "cp /dev/null /tmp/null" >> >> >> >>Devices are seekable. >> >> >> >>The reason for EINVAL is that vn_copy_file_range() checks that both in and >> >>out >> >>vnodes are VREG. For devfs, they are VCHR. >> > >> >I coded the syscall to the Linux man page, which states that EINVAL is >> >returned >> >if either fd does not refer to a regular file. >> >Having said that, I do not recall testing the VCHR case under Linux. (ie. >> >It might >> >actually work and the man page turns out to be incorrect?) >> > >> >I will test this case under Linux when I get home next week, rick >> I'll admit I haven't tested this in Linux to see if they do return EINVAL. >> >> >Since there's no standard, I think it's fine for us to support devfs if >> >possible. >> 1 - I think this is a good question for a mailing list like freebsd-current@. >> 2 - I see Linux as the de-facto standard these days and consider POSIX no >> longer relevant, but that's just mho. >> 3 - For NFSv4.2, the Copy operation will fail for non-regular files, so if >> you >> do this, you will need to handle the fall-back to using the generic >> code. >> (Should be doable, but you need to be aware of this case.) >> >> Having said the above, it is up to the "collective" and not me and, as such, >> I suggest #1, to see whether others think doing a non-Linux compatible >> version makes sense for FreeBSD? > >I believe that allowing devfs nodes for vn_copy_file() is not very good >idea. For /dev/null driver returns EOF, but think about real devices or >even better, /dev/zero that never EOF its output. > >Is vn_copy_file() interruptible ? I think not. So if insane range is >specified, we have unstoppable copier that fills the disk (at best). I think this is a serious problem, but the code could clip the "len" argument at K Mbytes for non-VREG files to avoid it (and document that FreeBSD specific behaviour in the man page). >I can think of good use cases for copy_file_range on a device: > >1) Network block devices. I don't know if the iSCSI, NBD, or Ceph RBD >protocols >currently support server-side copies, but it's reasonable that they >might. If they >ever do, FreeBSD would need copy_file_range to take advantage. >2) CUSE. I think Linux's CUSE already supports copy_file_range, since a CUSE >>device on Linux is basically just a single-file FUSE file system. We might >add >support to our CUSE driver someday. >3) zvols. This is the use case that matters the most to me. I have a large >amount >of data stored in plain files that I would like to convert to zvols. >dd should be able >to do that using copy_file_range. > >In my opinion, the utility of those cases outweighs the risk of a long-running >>interruptible syscall. And in any case, it is documented that >copy_file_range may >return EINTR. I believe that the only case where EINTR would be returned is for NFS mounts with the "intr" option. The generic code uses vn_rdwr()->VOP_READ()/VOP_WRITE() and I think the behaviour w.r.t. signal handling is the same as read(2)/write(2). Is reducing the number of syscalls really going to speed up the above cases? (I did copy_file_range(2) because the copy could be done locally on the NFSv4.2 server. I didn't intend the generic code to be used over read(2)/write(2) to improve performance.) --> I'd suggest you try benchmarking a pre-patched vs current "cp" to copy regular files (not a NFSv4.2 mount) and see if there really is a significant benefit. I'll admit I would prefer a Linux-compatible syscall and think this should be asked on an open mailing list instead of here. rick -Alan ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r365643 - head/bin/cp
Kyle Evans wrote: [stuff snipped] >Testing on Debian I seem to get back an EINVAL, but I think it's maybe >a little surprising: > > EXDEV The files referred to by file_in and file_out are > not on the same mounted filesystem. Well, as Alan noted, Linux is not a standard and they've also changed the semantics of copy_file_range(2) significantly since it was introduced. Here's what the most current man page I have says: EXDEV The files referred to by fd_in and fd_out are not on the same mounted filesystem (pre Linux 5.3). Note the change as of Linux5.3. They also initially did not allow it to work across multiple file systems and then changed to allowing that. --> All I could do was try and be compatible with the most up to date man page I had, which does also state: EINVAL Either fd_in or fd_out is not a regular file. So, I guess the surprising part for me is how quickly (and wthout concerns w.r.t. backwards compatibility) the Linux kernel folk change things.;-) All part of the fun, rick Thanks, Kyle Evans ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r365643 - head/bin/cp
Alan Somers wrote: >On Fri, Sep 11, 2020 at 3:52 PM Rick Macklem >mailto:rmack...@uoguelph.ca>> wrote: >Konstantin Belousov wrote: >>On Fri, Sep 11, 2020 at 08:49:36PM +, Alan Somers wrote: >>> Author: asomers >>> Date: Fri Sep 11 20:49:36 2020 >>> New Revision: 365643 >>> URL: https://svnweb.freebsd.org/changeset/base/365643 >>> >>> Log: >>> cp: fall back to read/write if copy_file_range fails >>> >>> Even though copy_file_range has a file-system agnostic version, it still >>> fails on devfs (perhaps because the file descriptor is non-seekable?) In >>> that case, fallback to old-fashioned read/write. Fixes >>> "cp /dev/null /tmp/null" >> >>Devices are seekable. >> >>The reason for EINVAL is that vn_copy_file_range() checks that both in and out >>vnodes are VREG. For devfs, they are VCHR. > >I coded the syscall to the Linux man page, which states that EINVAL is returned >if either fd does not refer to a regular file. >Having said that, I do not recall testing the VCHR case under Linux. (ie. It >might >actually work and the man page turns out to be incorrect?) > >I will test this case under Linux when I get home next week, rick I'll admit I haven't tested this in Linux to see if they do return EINVAL. >Since there's no standard, I think it's fine for us to support devfs if >possible. 1 - I think this is a good question for a mailing list like freebsd-current@. 2 - I see Linux as the de-facto standard these days and consider POSIX no longer relevant, but that's just mho. 3 - For NFSv4.2, the Copy operation will fail for non-regular files, so if you do this, you will need to handle the fall-back to using the generic code. (Should be doable, but you need to be aware of this case.) Having said the above, it is up to the "collective" and not me and, as such, I suggest #1, to see whether others think doing a non-Linux compatible version makes sense for FreeBSD? rick ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365895 - head/sys/fs/nfsserver
Author: rmacklem Date: Fri Sep 18 23:52:56 2020 New Revision: 365895 URL: https://svnweb.freebsd.org/changeset/base/365895 Log: Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures in nfsrv_checksequence(). This was fixed by r365789. A similar bug exists in nfsrv_bindconnsess(), where SVC_RELEASE() is called while mutexes are held. This patch applies a fix similar to r365789, moving the SVC_RELEASE() call down to after the mutexes are released. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_checksequence() down a few lines to below where the mutex is released. MFC after:1 week Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c == --- head/sys/fs/nfsserver/nfs_nfsdstate.c Fri Sep 18 23:21:24 2020 (r365894) +++ head/sys/fs/nfsserver/nfs_nfsdstate.c Fri Sep 18 23:52:56 2020 (r365895) @@ -6424,6 +6424,7 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t int error; error = 0; + savxprt = NULL; shp = NFSSESSIONHASH(sessionid); NFSLOCKSTATE(); NFSLOCKSESSION(shp); @@ -6451,8 +6452,6 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t /* Disable idle timeout. */ nd->nd_xprt->xp_idletimeout = 0; sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); sep->sess_crflags |= NFSV4CRSESS_CONNBACKCHAN; clp->lc_flags |= LCL_DONEBINDCONN; if (*foreaftp == NFSCDFS4_BACK) @@ -6479,6 +6478,8 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t error = NFSERR_BADSESSION; NFSUNLOCKSESSION(shp); NFSUNLOCKSTATE(); + if (savxprt != NULL) + SVC_RELEASE(savxprt); return (error); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365789 - head/sys/fs/nfsserver
Author: rmacklem Date: Wed Sep 16 02:25:18 2020 New Revision: 365789 URL: https://svnweb.freebsd.org/changeset/base/365789 Log: Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures. The code in nfsrv_checksequence() would call SVC_RELEASE() with the mutex held. Normally this is ok, since all that happens is SVC_RELEASE() decrements a reference count. However, if the socket has just been shut down, SVC_RELEASE() drops the reference count to 0 and acquires a sleep lock during destruction of the server side krpc structure. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_checksequence() down a few lines to below where the mutex is released. MFC after:1 week Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c == --- head/sys/fs/nfsserver/nfs_nfsdstate.c Tue Sep 15 23:03:56 2020 (r365788) +++ head/sys/fs/nfsserver/nfs_nfsdstate.c Wed Sep 16 02:25:18 2020 (r365789) @@ -6233,6 +6233,7 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_ * bound as well, do the implicit binding unless a * BindConnectiontoSession has already been done on the session. */ + savxprt = NULL; if (sep->sess_clp->lc_req.nr_client != NULL && sep->sess_cbsess.nfsess_xprt != nd->nd_xprt && (sep->sess_crflags & NFSV4CRSESS_CONNBACKCHAN) != 0 && @@ -6245,14 +6246,14 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_ sep->sess_clp->lc_req.nr_client->cl_private; nd->nd_xprt->xp_idletimeout = 0;/* Disable timeout. */ sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); } *sflagsp = 0; if (sep->sess_clp->lc_req.nr_client == NULL) *sflagsp |= NFSV4SEQ_CBPATHDOWN; NFSUNLOCKSESSION(shp); + if (savxprt != NULL) + SVC_RELEASE(savxprt); if (error == NFSERR_EXPIRED) { *sflagsp |= NFSV4SEQ_EXPIREDALLSTATEREVOKED; error = 0; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365703 - head/sys/fs/nfsserver
Author: rmacklem Date: Mon Sep 14 00:44:50 2020 New Revision: 365703 URL: https://svnweb.freebsd.org/changeset/base/365703 Log: Fix a case where the NFSv4.0 server might crash if delegations are enabled. asomers@ reported a crash on an NFSv4.0 server with a backtrace of: kdb_backtrace vpanic panic nfsrv_docallback nfsrv_checkgetattr nfsrvd_getattr nfsrvd_dorpc nfssvc_program svc_run_internal svc_thread_start fork_exit fork_trampoline where the panic message was "docallb", which indicates that a callback was attempted when the ClientID is unconfirmed. This would not normally occur, but it is possible to have an unconfirmed ClientID structure with delegation structure(s) chained off it if the client were to issue a SetClientID with the same "id" but different "verifier" after acquiring delegations on the previously confirmed ClientID. The bug appears to be that nfsrv_checkgetattr() failed to check for this uncommon case of an unconfirmed ClientID with a delegation structure that no longer refers to a delegation the client knows about. This patch adds a check for this case, handling it as if no delegation exists, which is the case when the above occurs. Although difficult to reproduce, this change should avoid the panic(). PR: 249127 Reported by: asomers Reviewed by: asomers MFC after:1 week Differential Revision:https://reviews.freebbsd.org/D26342 Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c == --- head/sys/fs/nfsserver/nfs_nfsdstate.c Sun Sep 13 23:51:07 2020 (r365702) +++ head/sys/fs/nfsserver/nfs_nfsdstate.c Mon Sep 14 00:44:50 2020 (r365703) @@ -5707,8 +5707,14 @@ nfsrv_checkgetattr(struct nfsrv_descript *nd, vnode_t goto out; } clp = stp->ls_clp; - delegfilerev = stp->ls_filerev; + /* If the clientid is not confirmed, ignore the delegation. */ + if (clp->lc_flags & LCL_NEEDSCONFIRM) { + NFSUNLOCKSTATE(); + goto out; + } + + delegfilerev = stp->ls_filerev; /* * If the Write delegation was issued as a part of this Compound RPC * or if we have an Implied Clientid (used in a previous Op in this ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r365643 - head/bin/cp
Konstantin Belousov wrote: >On Fri, Sep 11, 2020 at 08:49:36PM +, Alan Somers wrote: >> Author: asomers >> Date: Fri Sep 11 20:49:36 2020 >> New Revision: 365643 >> URL: https://svnweb.freebsd.org/changeset/base/365643 >> >> Log: >> cp: fall back to read/write if copy_file_range fails >> >> Even though copy_file_range has a file-system agnostic version, it still >> fails on devfs (perhaps because the file descriptor is non-seekable?) In >> that case, fallback to old-fashioned read/write. Fixes >> "cp /dev/null /tmp/null" > >Devices are seekable. > >The reason for EINVAL is that vn_copy_file_range() checks that both in and out >vnodes are VREG. For devfs, they are VCHR. I coded the syscall to the Linux man page, which states that EINVAL is returned if either fd does not refer to a regular file. Having said that, I do not recall testing the VCHR case under Linux. (ie. It might actually work and the man page turns out to be incorrect?) I will test this case under Linux when I get home next week, rick ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365355 - head/sys/rpc
Author: rmacklem Date: Sat Sep 5 00:50:52 2020 New Revision: 365355 URL: https://svnweb.freebsd.org/changeset/base/365355 Log: Fix a potential memory leak in the NFS over TLS handling code. For the TLS case where there is a "user@domain" name specified in the X.509 v3 certificate presented by the client in the otherName component of subjectAltName, a gid list is allocated via mem_alloc(). This needs to be free'd. Otherwise xp_gidp == NULL and free() handles that. (The size argument to mem_free() is not used by FreeBSD, so it can be 0.) This leak would not have occurred for any other case than NFS over TLS with the "user@domain" in the client's certificate. Modified: head/sys/rpc/svc.c Modified: head/sys/rpc/svc.c == --- head/sys/rpc/svc.c Sat Sep 5 00:45:46 2020(r365354) +++ head/sys/rpc/svc.c Sat Sep 5 00:50:52 2020(r365355) @@ -902,6 +902,8 @@ svc_xprt_free(SVCXPRT *xprt) { mem_free(xprt->xp_p3, sizeof(SVCXPRT_EXT)); + /* The size argument is ignored, so 0 is ok. */ + mem_free(xprt->xp_gidp, 0); mem_free(xprt, sizeof(SVCXPRT)); } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365309 - head/share/snmp/mibs
Author: rmacklem Date: Thu Sep 3 20:42:30 2020 New Revision: 365309 URL: https://svnweb.freebsd.org/changeset/base/365309 Log: Add entries for the OID used for NFS-over-TLS "user@domain". The NFS-over-TLS server daemon (rpc.tlsservd) can optionally replace user credentials in the RPC header with ones derived from a username specified by the form "user@domain", if this exists in the client's X.509 v3 certificate. Specifically, "user@domain" needs to be in the "otherName" component of subjectjAltName, with a unique OID as assigned by this update. This patch adds a subtree for the "otherName" component of subjectAltName in X.509 v3 cerificates and a value for "user@domain" as used by NFS-over-TLS. Reviewed by: phk, gordon Differential Revision:https://reviews.freebsd.org/D26225 Modified: head/share/snmp/mibs/FREEBSD-MIB.txt Modified: head/share/snmp/mibs/FREEBSD-MIB.txt == --- head/share/snmp/mibs/FREEBSD-MIB.txtThu Sep 3 20:30:52 2020 (r365308) +++ head/share/snmp/mibs/FREEBSD-MIB.txtThu Sep 3 20:42:30 2020 (r365309) @@ -16,7 +16,7 @@ IMPORTS FROM SNMPv2-SMI; freeBSD MODULE-IDENTITY - LAST-UPDATED "200610311000Z" + LAST-UPDATED "202009032030Z" ORGANIZATION "The FreeBSD Project." CONTACT-INFO "p...@freebsd.org is contact person for this file. @@ -24,6 +24,9 @@ freeBSD MODULE-IDENTITY DESCRIPTION "The Structure of Management Information for the FreeBSD Project enterprise MIB subtree." + REVISION "202009031900Z" + DESCRIPTION + "Added entries for the otherName component of a X.509 cert" REVISION "200610310800Z" DESCRIPTION "Initial version of this MIB module." @@ -35,6 +38,21 @@ freeBSDsrc OBJECT-IDENTITY DESCRIPTION "Subtree for things which lives in the src tree." ::= { freeBSD 1 } + +freeBSDsrcCertOtherName OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Subtree for X.509 Certificate otherName entries" + ::= { freeBSDsrc 1 } + +-- +-- For NFS over TLS, a user@domain can optionally be handled by rpc.tlsservd +-- +freeBSDsrcCertNFSuser OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Entry for X.509 Certificate for NFS user@domain name" + ::= { freeBSDsrcCertOtherName 1 } freeBSDports OBJECT-IDENTITY STATUS current ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365232 - in head/sys/modules: nfscl nfsd
Author: rmacklem Date: Wed Sep 2 01:29:33 2020 New Revision: 365232 URL: https://svnweb.freebsd.org/changeset/base/365232 Log: Fix the standalone build of the nfscl and nfsd modules. Reported by: j...@berklix.com Modified: head/sys/modules/nfscl/Makefile head/sys/modules/nfsd/Makefile Modified: head/sys/modules/nfscl/Makefile == --- head/sys/modules/nfscl/Makefile Tue Sep 1 23:16:38 2020 (r365231) +++ head/sys/modules/nfscl/Makefile Wed Sep 2 01:29:33 2020 (r365232) @@ -17,6 +17,7 @@ SRCS= vnode_if.h \ opt_bootp.h \ opt_inet.h \ opt_inet6.h \ + opt_kern_tls.h \ opt_kgssapi.h \ opt_nfs.h \ opt_nfsroot.h \ Modified: head/sys/modules/nfsd/Makefile == --- head/sys/modules/nfsd/Makefile Tue Sep 1 23:16:38 2020 (r365231) +++ head/sys/modules/nfsd/Makefile Wed Sep 2 01:29:33 2020 (r365232) @@ -15,6 +15,7 @@ SRCS= vnode_if.h \ opt_nfs.h \ opt_inet.h \ opt_inet6.h \ + opt_kern_tls.h \ opt_kgssapi.h .include ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r365019 - head/sys/fs/nfsclient
Author: rmacklem Date: Tue Sep 1 01:10:16 2020 New Revision: 365019 URL: https://svnweb.freebsd.org/changeset/base/365019 Log: Add a check to test for the case of the "tls" option being used with "udp". The KERN_TLS only supports TCP, so use of the "tls" option with "udp" will not work. This patch adds a test for this case, so that the mount is not attempted when both "tls" and "udp" are specified. Modified: head/sys/fs/nfsclient/nfs_clvfsops.c Modified: head/sys/fs/nfsclient/nfs_clvfsops.c == --- head/sys/fs/nfsclient/nfs_clvfsops.cTue Sep 1 00:14:40 2020 (r365018) +++ head/sys/fs/nfsclient/nfs_clvfsops.cTue Sep 1 01:10:16 2020 (r365019) @@ -1419,7 +1419,9 @@ mountnfs(struct nfs_args *argp, struct mount *mp, stru if ((newflag & NFSMNT_TLS) != 0) { error = EINVAL; #ifdef KERN_TLS - if (rpctls_getinfo(&maxlen, true, false)) + /* KERN_TLS is only supported for TCP. */ + if (argp->sotype == SOCK_STREAM && + rpctls_getinfo(&maxlen, true, false)) error = 0; #endif if (error != 0) { ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364980 - head
Author: rmacklem Date: Sun Aug 30 21:46:29 2020 New Revision: 364980 URL: https://svnweb.freebsd.org/changeset/base/364980 Log: Add an entry to RELNOTES for the NFS over TLS kernel support. Modified: head/RELNOTES Modified: head/RELNOTES == --- head/RELNOTES Sun Aug 30 21:21:58 2020(r364979) +++ head/RELNOTES Sun Aug 30 21:46:29 2020(r364980) @@ -10,6 +10,17 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +r364896: + A series of commits ending with r364896 added NFS over TLS + to the kernel. This is believed to be compatible with + the Internet Draft titled "Towards Remote Procedure Call Encryption + By Default" (expected to soon become an RFC). + The mount_nfs(8) and exports(5) man pages describe the mount and + export option(s) related to NFS over TLS. + For NFS over TLS to work, the rpctlscd(8) { client } or rpctlssd(8) + { server } must be running on a kernel built with "options KERN_TLS" + on an architecture where PMAP_HAS_DMAP != 0. + r364725: Changes to one obscure devd event generated on resume need to be documented. The old form will still be generated in 13, but not ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364979 - head/usr.sbin/mountd
Author: rmacklem Date: Sun Aug 30 21:21:58 2020 New Revision: 364979 URL: https://svnweb.freebsd.org/changeset/base/364979 Log: Add support for the NFS over TLS exports to mountd. Three new export flags are added to mountd that will restrict exported file system mounts to use TLS. Without these flags, TLS is allowed, but not required. The exports(5) man page will be updated in a future commit. Modified: head/usr.sbin/mountd/mountd.c Modified: head/usr.sbin/mountd/mountd.c == --- head/usr.sbin/mountd/mountd.c Sun Aug 30 18:21:54 2020 (r364978) +++ head/usr.sbin/mountd/mountd.c Sun Aug 30 21:21:58 2020 (r364979) @@ -2795,6 +2795,13 @@ do_opt(char **cpp, char **endcpp, struct exportlist *e return (1); opt_flags |= OP_SEC; usedarg++; + } else if (!strcmp(cpopt, "tls")) { + *exflagsp |= MNT_EXTLS; + } else if (!strcmp(cpopt, "tlscert")) { + *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT); + } else if (!strcmp(cpopt, "tlscertuser")) { + *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT | + MNT_EXTLSCERTUSER); } else { syslog(LOG_ERR, "bad opt %s", cpopt); return (1); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364896 - in head/sys/fs: nfs nfsclient nfsserver
Author: rmacklem Date: Thu Aug 27 23:57:30 2020 New Revision: 364896 URL: https://svnweb.freebsd.org/changeset/base/364896 Log: Add flags to enable NFS over TLS to the NFS client and server. An Internet Draft titled "Towards Remote Procedure Call Encryption By Default" (soon to be an RFC I think) describes how Sun RPC is to use TLS with NFS as a specific application case. Various commits prepared the NFS code to use KERN_TLS, mainly enabling use of ext_pgs mbufs for large RPC messages. r364475 added TLS support to the kernel RPC. This commit (which is the final one for kernel changes required to do NFS over TLS) adds support for three export flags: MNT_EXTLS - Requires a TLS connection. MNT_EXTLSCERT - Requires a TLS connection where the client presents a valid X.509 certificate during TLS handshake. MNT_EXTLSCERTUSER - Requires a TLS connection where the client presents a valid X.509 certificate with "user@domain" in the otherName field of the SubjectAltName during TLS handshake. Without these export options, clients are permitted, but not required, to use TLS. For the client, a new nmount(2) option called "tls" makes the client do a STARTTLS Null RPC and TLS handshake for all TCP connections used for the mount. The CLSET_TLS client control option is used to indicate to the kernel RPC that this should be done. Unless the above export flags or "tls" option is used, semantics should not change for the NFS client nor server. For NFS over TLS to work, the userspace daemons rpctlscd(8) { for client } or rpctlssd(8) daemon { for server } must be running. Modified: head/sys/fs/nfs/nfs_commonkrpc.c head/sys/fs/nfs/nfsdport.h head/sys/fs/nfs/nfsport.h head/sys/fs/nfsclient/nfs_clkrpc.c head/sys/fs/nfsclient/nfs_clvfsops.c head/sys/fs/nfsclient/nfsmount.h head/sys/fs/nfsserver/nfs_nfsdkrpc.c head/sys/fs/nfsserver/nfs_nfsdport.c head/sys/fs/nfsserver/nfs_nfsdserv.c head/sys/fs/nfsserver/nfs_nfsdsubs.c Modified: head/sys/fs/nfs/nfs_commonkrpc.c == --- head/sys/fs/nfs/nfs_commonkrpc.cThu Aug 27 22:14:58 2020 (r364895) +++ head/sys/fs/nfs/nfs_commonkrpc.cThu Aug 27 23:57:30 2020 (r364896) @@ -281,6 +281,8 @@ newnfs_connect(struct nfsmount *nmp, struct nfssockreq CLNT_CONTROL(client, CLSET_INTERRUPTIBLE, &one); if ((nmp->nm_flag & NFSMNT_RESVPORT)) CLNT_CONTROL(client, CLSET_PRIVPORT, &one); + if (NFSHASTLS(nmp)) + CLNT_CONTROL(client, CLSET_TLS, &one); if (NFSHASSOFT(nmp)) { if (nmp->nm_sotype == SOCK_DGRAM) /* Modified: head/sys/fs/nfs/nfsdport.h == --- head/sys/fs/nfs/nfsdport.h Thu Aug 27 22:14:58 2020(r364895) +++ head/sys/fs/nfs/nfsdport.h Thu Aug 27 23:57:30 2020(r364896) @@ -81,6 +81,9 @@ struct nfsexstuff { #defineNFSVNO_EXPORTANON(e)((e)->nes_exflag & MNT_EXPORTANON) #defineNFSVNO_EXSTRICTACCESS(e)((e)->nes_exflag & MNT_EXSTRICTACCESS) #defineNFSVNO_EXV4ONLY(e) ((e)->nes_exflag & MNT_EXV4ONLY) +#defineNFSVNO_EXTLS(e) ((e)->nes_exflag & MNT_EXTLS) +#defineNFSVNO_EXTLSCERT(e) ((e)->nes_exflag & MNT_EXTLSCERT) +#defineNFSVNO_EXTLSCERTUSER(e) ((e)->nes_exflag & MNT_EXTLSCERTUSER) #defineNFSVNO_SETEXRDONLY(e) ((e)->nes_exflag = (MNT_EXPORTED|MNT_EXRDONLY)) Modified: head/sys/fs/nfs/nfsport.h == --- head/sys/fs/nfs/nfsport.h Thu Aug 27 22:14:58 2020(r364895) +++ head/sys/fs/nfs/nfsport.h Thu Aug 27 23:57:30 2020(r364896) @@ -1055,6 +1055,7 @@ bool ncl_pager_setsize(struct vnode *vp, u_quad_t *nsi #defineNFSHASOPENMODE(n) ((n)->nm_state & NFSSTA_OPENMODE) #defineNFSHASONEOPENOWN(n) (((n)->nm_flag & NFSMNT_ONEOPENOWN) != 0 && \ (n)->nm_minorvers > 0) +#defineNFSHASTLS(n)(((n)->nm_newflag & NFSMNT_TLS) != 0) /* * Set boottime. Modified: head/sys/fs/nfsclient/nfs_clkrpc.c == --- head/sys/fs/nfsclient/nfs_clkrpc.c Thu Aug 27 22:14:58 2020 (r364895) +++ head/sys/fs/nfsclient/nfs_clkrpc.c Thu Aug 27 23:57:30 2020 (r364896) @@ -37,12 +37,14 @@ __FBSDID("$FreeBSD$"); #include "opt_kgssapi.h" +#include "opt_kern_tls.h" #include #include -#include #include +#include +#include NFSDLOCKMUTEX; @@ -67,6 +69,9 @@ nfscb_program(struct svc_req *rqst, SVCXPRT *xprt) { struct nfsrv_descript nd; in
svn commit: r364844 - head/sys/kern
Author: rmacklem Date: Wed Aug 26 21:49:43 2020 New Revision: 364844 URL: https://svnweb.freebsd.org/changeset/base/364844 Log: Fix a "v_seqc_users == 0 not met" panic when VFS_STATFS() fails during mount. r363210 introduced v_seqc_users to the vnodes. This change requires a vn_seqc_write_end() to match the vn_seqc_write_begin() in vfs_cache_root_clear(). mjg@ provided this patch which seems to fix the panic. Tested for an NFS mount where the VFS_STATFS() call will fail. Submitted by: mjg Reviewed by: mjg Differential Revision:https://reviews.freebsd.org/D26160 Modified: head/sys/kern/vfs_mount.c Modified: head/sys/kern/vfs_mount.c == --- head/sys/kern/vfs_mount.c Wed Aug 26 21:41:14 2020(r364843) +++ head/sys/kern/vfs_mount.c Wed Aug 26 21:49:43 2020(r364844) @@ -969,11 +969,14 @@ vfs_domount_first( if ((error = VFS_MOUNT(mp)) != 0 || (error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 || (error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) { + rootvp = NULL; if (error1 != 0) { error = error1; rootvp = vfs_cache_root_clear(mp); - if (rootvp != NULL) + if (rootvp != NULL) { + vhold(rootvp); vrele(rootvp); + } if ((error1 = VFS_UNMOUNT(mp, 0)) != 0) printf("VFS_UNMOUNT returned %d\n", error1); } @@ -983,6 +986,10 @@ vfs_domount_first( VI_LOCK(vp); vp->v_iflag &= ~VI_MOUNT; VI_UNLOCK(vp); + if (rootvp != NULL) { + vn_seqc_write_end(rootvp); + vdrop(rootvp); + } vn_seqc_write_end(vp); vrele(vp); return (error); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364836 - head/sys/sys
Author: rmacklem Date: Wed Aug 26 20:56:05 2020 New Revision: 364836 URL: https://svnweb.freebsd.org/changeset/base/364836 Log: Add MNT_EXTLSxxx flags that will be used for NFS over TLS exports. These flags are not currently used, but will be used by future commits to implement export(5) requirements for the use of NFS over TLS by clients. Reviewed by: kib Differential Revision:https://reviews.freebsd.org/D26180 Modified: head/sys/sys/mount.h Modified: head/sys/sys/mount.h == --- head/sys/sys/mount.hWed Aug 26 20:30:00 2020(r364835) +++ head/sys/sys/mount.hWed Aug 26 20:56:05 2020(r364836) @@ -365,6 +365,9 @@ struct mntoptnames { #defineMNT_EXPORTANON 0x0400ULL /* anon uid mapping for all */ #defineMNT_EXKERB 0x0800ULL /* exported with Kerberos */ #defineMNT_EXPUBLIC0x2000ULL /* public export (WebNFS) */ +#defineMNT_EXTLS 0x0040ULL /* require TLS */ +#defineMNT_EXTLSCERT 0x0080ULL /* require TLS with client cert */ +#defineMNT_EXTLSCERTUSER 0x0100ULL /* require TLS with user cert */ /* * Flags set by internal operations, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364744 - head/sys/kern
Author: rmacklem Date: Tue Aug 25 00:58:14 2020 New Revision: 364744 URL: https://svnweb.freebsd.org/changeset/base/364744 Log: Fix hangs with processes stuck sleeping on btalloc on i386. r358097 introduced a problem for i386, where kernel builds will intermittently get hung, typically with many processes sleeping on "btalloc". I know nothing about VM, but received assistance from rlibby@ and markj@. rlibby@ stated the following: It looks like the problem is that for systems that do not have UMA_MD_SMALL_ALLOC, we do uma_zone_set_allocf(vmem_bt_zone, vmem_bt_alloc); but we haven't set an appropriate free function. This is probably why UMA_ZONE_NOFREE was originally there. When NOFREE was removed, it was appropriate for systems with uma_small_alloc. So by default we get page_free as our free function. That calls kmem_free, which calls vmem_free ... but we do our allocs with vmem_xalloc. I'm not positive, but I think the problem is that in effect we vmem_xalloc -> vmem_free, not vmem_xfree. Three possible fixes: 1: The one you tested, but this is not best for systems with uma_small_alloc. 2: Pass UMA_ZONE_NOFREE conditional on UMA_MD_SMALL_ALLOC. 3: Actually provide an appropriate vmem_bt_free function. I think we should just do option 2 with a comment, it's simple and it's what we used to do. I'm not sure how much benefit we would see from option 3, but it's more work. This patch implements #2. I haven't done a comment, since I don't know what the problem is. markj@ noted the following: I think the suggested patch is ok, but not for the reason stated. On platforms without a direct map the problem is: to allocate btags we need a slab, and to allocate a slab we need to map a page, and to map a page we need to allocate btags. We handle this recursion using a custom slab allocator which specifies M_USE_RESERVE, allowing it to dip into a reserve of free btags. Because the returned slab can be used to keep the reserve populated, this ensures that there are always enough free btags available to handle the recursion. UMA_ZONE_NOFREE ensures that we never reclaim free slabs from the zone. However, when it was removed, an apparent bug in UMA was exposed: keg_drain() ignores the reservation set by uma_zone_reserve() in vmem_startup(). So under memory pressure we reclaim the free btags that are needed to break the recursion. That's why adding _NOFREE back fixes the problem: it disables the reclamation. We could perhaps fix it more cleverly, by modifying keg_drain() to always leave uk_reserve slabs available. markj@'s initial patch failed testing, so committing this patch was agreed upon as the interim solution. Either rlibby@ or markj@ might choose to add a comment to it. PR: 248008 Reviewed by: rlibby, markj Modified: head/sys/kern/subr_vmem.c Modified: head/sys/kern/subr_vmem.c == --- head/sys/kern/subr_vmem.c Tue Aug 25 00:49:57 2020(r364743) +++ head/sys/kern/subr_vmem.c Tue Aug 25 00:58:14 2020(r364744) @@ -668,10 +668,14 @@ vmem_startup(void) vmem_zone = uma_zcreate("vmem", sizeof(struct vmem), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); +#ifdef UMA_MD_SMALL_ALLOC vmem_bt_zone = uma_zcreate("vmem btag", sizeof(struct vmem_btag), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM); -#ifndef UMA_MD_SMALL_ALLOC +#else + vmem_bt_zone = uma_zcreate("vmem btag", + sizeof(struct vmem_btag), NULL, NULL, NULL, NULL, + UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE); mtx_init(&vmem_bt_lock, "btag lock", NULL, MTX_DEF); uma_prealloc(vmem_bt_zone, BT_MAXALLOC); /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364477 - head
Author: rmacklem Date: Sat Aug 22 04:07:44 2020 New Revision: 364477 URL: https://svnweb.freebsd.org/changeset/base/364477 Log: Add an entry for r364475. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Sat Aug 22 04:01:05 2020(r364476) +++ head/UPDATING Sat Aug 22 04:07:44 2020(r364477) @@ -26,6 +26,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200821: + r362275 changed the internal API between the kernel RPC and the + NFS modules. As such, all the modules must be recompiled from + sources. + 20200817: r364330 modified the internal API used between the NFS modules. As such, all the NFS modules must be re-compiled from sources. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364476 - head/sys/sys
Author: rmacklem Date: Sat Aug 22 04:01:05 2020 New Revision: 364476 URL: https://svnweb.freebsd.org/changeset/base/364476 Log: r364475 changed the internal API between the kernel RPC and NFS, so bump version. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hSat Aug 22 03:57:55 2020(r364475) +++ head/sys/sys/param.hSat Aug 22 04:01:05 2020(r364476) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300110 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300111 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364475 - in head/sys: conf modules/krpc rpc rpc/rpcsec_tls
Author: rmacklem Date: Sat Aug 22 03:57:55 2020 New Revision: 364475 URL: https://svnweb.freebsd.org/changeset/base/364475 Log: Add TLS support to the kernel RPC. An internet draft titled "Towards Remote Procedure Call Encryption By Default" describes how TLS is to be used for Sun RPC, with NFS as an intended use case. This patch adds client and server support for this to the kernel RPC, using KERN_TLS and upcalls to daemons for the handshake, peer reset and other non-application data record cases. The upcalls to the daemons use three fields to uniquely identify the TCP connection. They are the time.tv_sec, time.tv_usec of the connection establshment, plus a 64bit sequence number. The time fields avoid problems with re-use of the sequence number after a daemon restart. For the server side, once a Null RPC with AUTH_TLS is received, kernel reception on the socket is blocked and an upcall to the rpctlssd(8) daemon is done to perform the TLS handshake. Upon completion, the completion status of the handshake is stored in xp_tls as flag bits and the reply to the Null RPC is sent. For the client, if CLSET_TLS has been set, a new TCP connection will send the Null RPC with AUTH_TLS to initiate the handshake. The client kernel RPC code will then block kernel I/O on the socket and do an upcall to the rpctlscd(8) daemon to perform the handshake. If the upcall is successful, ct_rcvstate will be maintained to indicate if/when an upcall is being done. If non-application data records are received, the code does an upcall to the appropriate daemon, which will do a SSL_read() of 0 length to handle the record(s). When the socket is being shut down, upcalls are done to the daemons, so that they can perform SSL_shutdown() calls to perform the "peer reset". The rpctlssd(8) and rpctlscd(8) daemons require a patched version of the openssl library and, as such, will not be committed to head at this time. Although the changes done by this patch are fairly numerous, there should be no semantics change to the kernel RPC at this time. A future commit to the NFS code will optionally enable use of TLS for NFS. Added: head/sys/rpc/rpcsec_tls/ head/sys/rpc/rpcsec_tls/auth_tls.c (contents, props changed) head/sys/rpc/rpcsec_tls/rpctls_impl.c (contents, props changed) head/sys/rpc/rpcsec_tls/rpctlscd.x (contents, props changed) head/sys/rpc/rpcsec_tls/rpctlssd.x (contents, props changed) Modified: head/sys/conf/files head/sys/modules/krpc/Makefile head/sys/rpc/auth.h head/sys/rpc/clnt_bck.c head/sys/rpc/clnt_rc.c head/sys/rpc/clnt_vc.c head/sys/rpc/krpc.h head/sys/rpc/rpc_generic.c head/sys/rpc/rpcsec_tls.h head/sys/rpc/svc.h head/sys/rpc/svc_auth.c head/sys/rpc/svc_vc.c Modified: head/sys/conf/files == --- head/sys/conf/files Sat Aug 22 01:10:59 2020(r364474) +++ head/sys/conf/files Sat Aug 22 03:57:55 2020(r364475) @@ -4868,6 +4868,41 @@ rpc/svc_auth_unix.c optional krpc | nfslockd | nfscl rpc/svc_dg.c optional krpc | nfslockd | nfscl | nfsd rpc/svc_generic.c optional krpc | nfslockd | nfscl | nfsd rpc/svc_vc.c optional krpc | nfslockd | nfscl | nfsd +# +# Kernel RPC-over-TLS +# +rpctlscd.h optional krpc | nfslockd | nfscl | nfsd \ + dependency "$S/rpc/rpcsec_tls/rpctlscd.x" \ + compile-with"RPCGEN_CPP='${CPP}' rpcgen -hM $S/rpc/rpcsec_tls/rpctlscd.x | grep -v pthread.h > rpctlscd.h" \ + no-obj no-implicit-rule before-depend local \ + clean "rpctlscd.h" +rpctlscd_xdr.c optional krpc | nfslockd | nfscl | nfsd \ + dependency "$S/rpc/rpcsec_tls/rpctlscd.x rpctlscd.h" \ + compile-with"RPCGEN_CPP='${CPP}' rpcgen -c $S/rpc/rpcsec_tls/rpctlscd.x -o rpctlscd_xdr.c" no-ctfconvert \ + no-implicit-rule before-depend local\ + clean "rpctlscd_xdr.c" +rpctlscd_clnt.coptional krpc | nfslockd | nfscl | nfsd \ + dependency "$S/rpc/rpcsec_tls/rpctlscd.x rpctlscd.h" \ + compile-with"RPCGEN_CPP='${CPP}' rpcgen -lM $S/rpc/rpcsec_tls/rpctlscd.x | grep -v string.h > rpctlscd_clnt.c" no-ctfconvert \ + no-implicit-rule before-depend local\ + clean "rpctlscd_clnt.c" +rpctlssd.h optional krpc | nfslockd | nfscl | nfsd \ + dependency "$S/rpc/rpcsec_tls/rpctlssd.x" \ + compile-with"RPCGEN_CPP='${CPP}' rpcgen -hM $S/rpc/rpcsec_tls/rpctlssd.x | grep -v pthread.h > rpctlssd.h" \ + no-obj no-implicit-rule before-depend local
Re: svn commit: r364409 - in head/sys: kern sys
Done, I guess? I had never ever heard of this until now, but. by inspection, it seems to want the kernel only MSG_xxx flags listed, so I added MSG_TLSAPPDATA. If this is not correct, please let me know what needs to be done, rick From: Brandon Bergren Sent: Wednesday, August 19, 2020 9:14 PM To: Rick Macklem; src-committ...@freebsd.org; svn-src-all@freebsd.org; svn-src-h...@freebsd.org Subject: Re: svn commit: r364409 - in head/sys: kern sys CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to ith...@uoguelph.ca This broke world build. Please update the blacklist in lib/sysdecode/mktables. On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote: > Author: rmacklem > Date: Wed Aug 19 23:42:33 2020 > New Revision: 364409 > URL: https://svnweb.freebsd.org/changeset/base/364409 > > Log: > Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application > TLS > data records. > > The kernel RPC cannot process non-application data records when > using TLS. It must to an upcall to a userspace daemon that will > call SSL_read() to process them. > > This patch adds a new flag called MSG_TLSAPPDATA that the kernel > RPC can use to tell sorecieve() to return ENXIO instead of a non-application > data record, when that is what is at the top of the receive queue. > I put the code in #ifdef KERN_TLS/#endif, although it will build without > that, so that it is recognized as only useful when KERN_TLS is enabled. > The alternative to doing this is to have the kernel RPC re-queue the > non-application data message after receiving it, but that seems more > complicated and might introduce message ordering issues when there > are multiple non-application data records one after another. > > I do not know what, if any, changes will be required to support TLS1.3. > > Reviewed by:glebius > Differential Revision: https://reviews.freebsd.org/D25923 > > Modified: > head/sys/kern/uipc_socket.c > head/sys/sys/socket.h > > Modified: head/sys/kern/uipc_socket.c > == > --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020 > (r364408) > +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020 > (r364409) > @@ -2056,6 +2056,32 @@ dontblock: > if (m != NULL && m->m_type == MT_CONTROL) { > struct mbuf *cm = NULL, *cmn; > struct mbuf **cme = &cm; > +#ifdef KERN_TLS > + struct cmsghdr *cmsg; > + struct tls_get_record tgr; > + > + /* > + * For MSG_TLSAPPDATA, check for a non-application data > + * record. If found, return ENXIO without removing > + * it from the receive queue. This allows a subsequent > + * call without MSG_TLSAPPDATA to receive it. > + * Note that, for TLS, there should only be a single > + * control mbuf with the TLS_GET_RECORD message in it. > + */ > + if (flags & MSG_TLSAPPDATA) { > + cmsg = mtod(m, struct cmsghdr *); > + if (cmsg->cmsg_type == TLS_GET_RECORD && > + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) { > + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); > + /* This will need to change for TLS 1.3. */ > + if (tgr.tls_type != TLS_RLTYPE_APP) { > + SOCKBUF_UNLOCK(&so->so_rcv); > + error = ENXIO; > + goto release; > + } > + } > + } > +#endif > > do { > if (flags & MSG_PEEK) { > > Modified: head/sys/sys/socket.h > == > --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408) > +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409) > @@ -468,6 +468,7 @@ struct msghdr { > #endif > #ifdef _KERNEL > #define MSG_MORETOCOME 0x0010 /* additional data pending */ > +#define MSG_TLSAPPDATA 0x0020 /* only soreceive() app. data > (TLS) */ > #endif > > /* > -- Brandon Bergren bdra...@imap.cc ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364415 - head/lib/libsysdecode
Author: rmacklem Date: Thu Aug 20 03:53:18 2020 New Revision: 364415 URL: https://svnweb.freebsd.org/changeset/base/364415 Log: Add MSG_TLSAPPDATA to lib/libsysdecode/mktables. I have no idea what this does (and until now that it even existed), but apparently it needs this entry changed for the MSG_TLSAPPDATA, since it is kernel only. Modified: head/lib/libsysdecode/mktables Modified: head/lib/libsysdecode/mktables == --- head/lib/libsysdecode/mktables Thu Aug 20 02:54:44 2020 (r364414) +++ head/lib/libsysdecode/mktables Thu Aug 20 03:53:18 2020 (r364415) @@ -153,7 +153,7 @@ gen_table "seekwhence" "SEEK_[A-Z]+[[:space:]]+[0 gen_table "fcntlcmd""F_[A-Z0-9_]+[[:space:]]+[0-9]+[[:space:]]+" "sys/fcntl.h" "F_CANCEL|F_..LCK" gen_table "mmapflags" "MAP_[A-Z_]+[[:space:]]+0x[0-9A-Fa-f]+" "sys/mman.h" gen_table "rtpriofuncs" "RTP_[A-Z]+[[:space:]]+[0-9]+" "sys/rtprio.h" -gen_table "msgflags""MSG_[A-Z]+[[:space:]]+0x[0-9]+" "sys/socket.h" "MSG_SOCALLBCK|MSG_MORETOCOME" +gen_table "msgflags""MSG_[A-Z]+[[:space:]]+0x[0-9]+" "sys/socket.h" "MSG_SOCALLBCK|MSG_MORETOCOME|MSG_TLSAPPDATA" gen_table "sigcode" "SI_[A-Z]+[[:space:]]+0(x[0-9abcdef]+)?" "sys/signal.h" gen_table "umtxcvwaitflags" "CVWAIT_[A-Z_]+[[:space:]]+0x[0-9]+" "sys/umtx.h" gen_table "umtxrwlockflags" "URWLOCK_PREFER_READER[[:space:]]+0x[0-9]+" "sys/umtx.h" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364409 - in head/sys: kern sys
Author: rmacklem Date: Wed Aug 19 23:42:33 2020 New Revision: 364409 URL: https://svnweb.freebsd.org/changeset/base/364409 Log: Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application TLS data records. The kernel RPC cannot process non-application data records when using TLS. It must to an upcall to a userspace daemon that will call SSL_read() to process them. This patch adds a new flag called MSG_TLSAPPDATA that the kernel RPC can use to tell sorecieve() to return ENXIO instead of a non-application data record, when that is what is at the top of the receive queue. I put the code in #ifdef KERN_TLS/#endif, although it will build without that, so that it is recognized as only useful when KERN_TLS is enabled. The alternative to doing this is to have the kernel RPC re-queue the non-application data message after receiving it, but that seems more complicated and might introduce message ordering issues when there are multiple non-application data records one after another. I do not know what, if any, changes will be required to support TLS1.3. Reviewed by: glebius Differential Revision:https://reviews.freebsd.org/D25923 Modified: head/sys/kern/uipc_socket.c head/sys/sys/socket.h Modified: head/sys/kern/uipc_socket.c == --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020(r364408) +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020(r364409) @@ -2056,6 +2056,32 @@ dontblock: if (m != NULL && m->m_type == MT_CONTROL) { struct mbuf *cm = NULL, *cmn; struct mbuf **cme = &cm; +#ifdef KERN_TLS + struct cmsghdr *cmsg; + struct tls_get_record tgr; + + /* +* For MSG_TLSAPPDATA, check for a non-application data +* record. If found, return ENXIO without removing +* it from the receive queue. This allows a subsequent +* call without MSG_TLSAPPDATA to receive it. +* Note that, for TLS, there should only be a single +* control mbuf with the TLS_GET_RECORD message in it. +*/ + if (flags & MSG_TLSAPPDATA) { + cmsg = mtod(m, struct cmsghdr *); + if (cmsg->cmsg_type == TLS_GET_RECORD && + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) { + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); + /* This will need to change for TLS 1.3. */ + if (tgr.tls_type != TLS_RLTYPE_APP) { + SOCKBUF_UNLOCK(&so->so_rcv); + error = ENXIO; + goto release; + } + } + } +#endif do { if (flags & MSG_PEEK) { Modified: head/sys/sys/socket.h == --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408) +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409) @@ -468,6 +468,7 @@ struct msghdr { #endif #ifdef _KERNEL #defineMSG_MORETOCOME 0x0010 /* additional data pending */ +#defineMSG_TLSAPPDATA 0x0020 /* only soreceive() app. data (TLS) */ #endif /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364332 - head
Author: rmacklem Date: Tue Aug 18 02:02:36 2020 New Revision: 364332 URL: https://svnweb.freebsd.org/changeset/base/364332 Log: Add an entry to UPDATING for r364330. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Tue Aug 18 01:57:48 2020(r364331) +++ head/UPDATING Tue Aug 18 02:02:36 2020(r364332) @@ -26,6 +26,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200817: + r364330 modified the internal API used between the NFS modules. + As such, all the NFS modules must be re-compiled from sources. + 20200816: Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have been upgraded to 11.0.0. Please see the 20141231 entry below for ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364331 - head/sys/sys
Author: rmacklem Date: Tue Aug 18 01:57:48 2020 New Revision: 364331 URL: https://svnweb.freebsd.org/changeset/base/364331 Log: Bump __FreeBSD_version for r364330, since it changed the internal API between the NFS modules such that they all need to be re-compiled from sources. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hTue Aug 18 01:41:12 2020(r364330) +++ head/sys/sys/param.hTue Aug 18 01:57:48 2020(r364331) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300109 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300110 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364330 - in head/sys/fs: nfs nfsclient nfsserver
Author: rmacklem Date: Tue Aug 18 01:41:12 2020 New Revision: 364330 URL: https://svnweb.freebsd.org/changeset/base/364330 Log: Delete the unused "use_ext" argument to nfscl_reqstart(). This is a partial revert of r363210, since the "use_ext" argument added by that commit is not actually useful. This patch should not result in any semantics change. Modified: head/sys/fs/nfs/nfs_commonsubs.c head/sys/fs/nfs/nfs_var.h head/sys/fs/nfs/nfscl.h head/sys/fs/nfsclient/nfs_clrpcops.c head/sys/fs/nfsserver/nfs_nfsdport.c Modified: head/sys/fs/nfs/nfs_commonsubs.c == --- head/sys/fs/nfs/nfs_commonsubs.cMon Aug 17 21:30:49 2020 (r364329) +++ head/sys/fs/nfs/nfs_commonsubs.cTue Aug 18 01:41:12 2020 (r364330) @@ -319,7 +319,7 @@ static int nfs_bigrequest[NFSV42_NPROCS] = { void nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp, u_int8_t *nfhp, int fhlen, u_int32_t **opcntpp, struct nfsclsession *sep, -int vers, int minorvers, bool use_ext) +int vers, int minorvers) { struct mbuf *mb; u_int32_t *tl; @@ -352,26 +352,18 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, } nd->nd_procnum = procnum; nd->nd_repstat = 0; - nd->nd_maxextsiz = 16384; - if (use_ext && mb_use_ext_pgs && PMAP_HAS_DMAP != 0) - nd->nd_flag |= ND_EXTPG; + nd->nd_maxextsiz = 0; /* * Get the first mbuf for the request. */ - if ((nd->nd_flag & ND_EXTPG) != 0) { - mb = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK); - nd->nd_mreq = nd->nd_mb = mb; - nfsm_set(nd, 0); - } else { - if (nfs_bigrequest[procnum]) - NFSMCLGET(mb, M_WAITOK); - else - NFSMGET(mb); - mb->m_len = 0; - nd->nd_mreq = nd->nd_mb = mb; - nd->nd_bpos = mtod(mb, char *); - } + if (nfs_bigrequest[procnum]) + NFSMCLGET(mb, M_WAITOK); + else + NFSMGET(mb); + mb->m_len = 0; + nd->nd_mreq = nd->nd_mb = mb; + nd->nd_bpos = mtod(mb, char *); /* * And fill the first file handle into the request. Modified: head/sys/fs/nfs/nfs_var.h == --- head/sys/fs/nfs/nfs_var.h Mon Aug 17 21:30:49 2020(r364329) +++ head/sys/fs/nfs/nfs_var.h Tue Aug 18 01:41:12 2020(r364330) @@ -312,7 +312,7 @@ void nfsrc_trimcache(uint64_t, uint32_t, int); /* nfs_commonsubs.c */ void nfscl_reqstart(struct nfsrv_descript *, int, struct nfsmount *, -u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int, bool); +u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int); void nfsm_stateidtom(struct nfsrv_descript *, nfsv4stateid_t *, int); void nfscl_fillsattr(struct nfsrv_descript *, struct vattr *, vnode_t, int, u_int32_t); Modified: head/sys/fs/nfs/nfscl.h == --- head/sys/fs/nfs/nfscl.h Mon Aug 17 21:30:49 2020(r364329) +++ head/sys/fs/nfs/nfscl.h Tue Aug 18 01:41:12 2020(r364330) @@ -52,7 +52,7 @@ struct nfsv4node { #defineNFSCL_REQSTART(n, p, v) \ nfscl_reqstart((n), (p), VFSTONFS((v)->v_mount),\ VTONFS(v)->n_fhp->nfh_fh, VTONFS(v)->n_fhp->nfh_len, NULL, \ - NULL, 0, 0, false) + NULL, 0, 0) /* * These two macros convert between a lease duration and renew interval. Modified: head/sys/fs/nfsclient/nfs_clrpcops.c == --- head/sys/fs/nfsclient/nfs_clrpcops.cMon Aug 17 21:30:49 2020 (r364329) +++ head/sys/fs/nfsclient/nfs_clrpcops.cTue Aug 18 01:41:12 2020 (r364330) @@ -499,8 +499,7 @@ nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int dp = *dpp; *dpp = NULL; - nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL, 0, 0, - false); + nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL, 0, 0); NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED); *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid); *tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH); @@ -856,7 +855,7 @@ nfsrpc_closerpc(struct nfsrv_descript *nd, struct nfsm int error; nfscl_reqstart(nd, NFSPROC_CLOSE, nmp, op->nfso_fh, - op->nfso_fhlen, NULL, NULL, 0, 0, false); + op->nfso_fhlen, NULL, NULL, 0, 0); NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID); *tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid); if (NFSHASNFSV4N(nmp)) @@ -899,7 +898,7 @@ nfsrpc_openconfir
svn commit: r364138 - head/sys/fs/nfsclient
Author: rmacklem Date: Wed Aug 12 04:35:49 2020 New Revision: 364138 URL: https://svnweb.freebsd.org/changeset/base/364138 Log: Fix a bug introduced by r363001 for the ext_pgs case. r363001 added support for ext_pgs mbufs to nfsm_uiombuf(). By inspection, I noticed that "mlen" was not set non-zero and, as such, there would be an iteration of the loop that did nothing. This patch sets it. This bug would have no effect on the system, since the ext_pgs mbuf code is not yet enabled. Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c == --- head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Aug 12 03:00:17 2020 (r364137) +++ head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Aug 12 04:35:49 2020 (r364138) @@ -92,7 +92,7 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui nd->nd_maxextsiz, &nd->nd_bextpg); mcp = (char *)(void *)PHYS_TO_DMAP( mp->m_epg_pa[nd->nd_bextpg]); - nd->nd_bextpgsiz = PAGE_SIZE; + nd->nd_bextpgsiz = mlen = PAGE_SIZE; } else { if (clflg) NFSMCLGET(mp, M_WAITOK); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364097 - stable/12/sys/fs/nfsclient
Author: rmacklem Date: Tue Aug 11 05:10:01 2020 New Revision: 364097 URL: https://svnweb.freebsd.org/changeset/base/364097 Log: MFC: r363210 Fix the pNFS flexible file layout client for servers with small write size. The code in nfscl_dofflayout() loops when a flexible file layout server provides a small write data limit (no extant server is known to do this). If/when it looped, it erroneously reused the "drpc" argument for the mirror worker thread, corrupting it. This patch fixes the problem by only using the calling thread after the first loop iteration. Found during testing by simulating a server with a small write size. Since no extant pNFS server is known to provide a small write size, this fix it not needed in practice at this time. Modified: stable/12/sys/fs/nfsclient/nfs_clrpcops.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/fs/nfsclient/nfs_clrpcops.c == --- stable/12/sys/fs/nfsclient/nfs_clrpcops.c Tue Aug 11 02:05:09 2020 (r364096) +++ stable/12/sys/fs/nfsclient/nfs_clrpcops.c Tue Aug 11 05:10:01 2020 (r364097) @@ -6103,10 +6103,17 @@ nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int * NFSCL_DEBUG(4, "mcopy reloff=%d xfer=%jd\n", rel_off, (uintmax_t)xfer); /* -* Do last write to a mirrored DS with this +* Do the writes after the first loop iteration +* and the write for the last mirror via this * thread. +* This loop only iterates for small values +* of nfsdi_wsize, which may never occur in +* practice. However, the drpc is completely +* used by the first iteration and, as such, +* cannot be used after that. */ - if (mirror < flp->nfsfl_mirrorcnt - 1) + if (mirror < flp->nfsfl_mirrorcnt - 1 && + rel_off == 0) error = nfsio_writedsmir(vp, iomode, must_commit, stateidp, *dspp, off, xfer, fhp, m, dp->nfsdi_vers, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364096 - head
Author: rmacklem Date: Tue Aug 11 02:05:09 2020 New Revision: 364096 URL: https://svnweb.freebsd.org/changeset/base/364096 Log: Add an UPDATING entry for r364092, since it did a version bump. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Tue Aug 11 01:34:40 2020(r364095) +++ head/UPDATING Tue Aug 11 02:05:09 2020(r364096) @@ -26,6 +26,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200810: + r364092 modified the internal ABI used between the kernel NFS + modules. As such, all of these modules need to be rebuilt + from sources, so a version bump was done. + 20200807: Makefile.inc has been updated to work around the issue documented in 20200729. It was a case where the optimization of using symbolic links ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364092 - in head/sys: fs/nfs fs/nfsclient fs/nfsserver rpc sys
Author: rmacklem Date: Tue Aug 11 00:26:45 2020 New Revision: 364092 URL: https://svnweb.freebsd.org/changeset/base/364092 Log: Add an argument to newnfs_connect() that indicates use TLS for the connection. For NFSv4.0, the server creates a server->client TCP connection for callbacks. If the client mount on the server is using TLS, enable TLS for this callback TCP connection. TLS connections from clients will not be supported until the kernel RPC changes are committed. Since this changes the internal ABI between the NFS kernel modules that will require a version bump, delete newnfs_trimtrailing(), which is no longer used. Since LCL_TLSCB is not yet set, these changes should not have any semantic affect at this time. Modified: head/sys/fs/nfs/nfs.h head/sys/fs/nfs/nfs_commonkrpc.c head/sys/fs/nfs/nfs_commonsubs.c head/sys/fs/nfs/nfs_var.h head/sys/fs/nfsclient/nfs_clrpcops.c head/sys/fs/nfsclient/nfs_clvfsops.c head/sys/fs/nfsserver/nfs_nfsdstate.c head/sys/rpc/clnt.h head/sys/sys/param.h Modified: head/sys/fs/nfs/nfs.h == --- head/sys/fs/nfs/nfs.h Mon Aug 10 21:41:49 2020(r364091) +++ head/sys/fs/nfs/nfs.h Tue Aug 11 00:26:45 2020(r364092) @@ -336,6 +336,7 @@ struct nfsreferral { #defineLCL_DONEBINDCONN0x0004 #defineLCL_RECLAIMONEFS0x0008 #defineLCL_NFSV42 0x0010 +#defineLCL_TLSCB 0x0020 #defineLCL_GSS LCL_KERBV /* Or of all mechs */ Modified: head/sys/fs/nfs/nfs_commonkrpc.c == --- head/sys/fs/nfs/nfs_commonkrpc.cMon Aug 10 21:41:49 2020 (r364091) +++ head/sys/fs/nfs/nfs_commonkrpc.cTue Aug 11 00:26:45 2020 (r364092) @@ -167,7 +167,7 @@ static int nfsv2_procid[NFS_V3NPROCS] = { */ int newnfs_connect(struct nfsmount *nmp, struct nfssockreq *nrp, -struct ucred *cred, NFSPROC_T *p, int callback_retry_mult) +struct ucred *cred, NFSPROC_T *p, int callback_retry_mult, bool dotls) { int rcvreserve, sndreserve; int pktscale, pktscalesav; @@ -374,6 +374,8 @@ newnfs_connect(struct nfsmount *nmp, struct nfssockreq } else { retries = NFSV4_CALLBACKRETRY * callback_retry_mult; } + if (dotls) + CLNT_CONTROL(client, CLSET_TLS, &one); } CLNT_CONTROL(client, CLSET_RETRIES, &retries); @@ -586,7 +588,7 @@ newnfs_request(struct nfsrv_descript *nd, struct nfsmo * and let clnt_reconnect_create handle reconnects. */ if (nrp->nr_client == NULL) - newnfs_connect(nmp, nrp, cred, td, 0); + newnfs_connect(nmp, nrp, cred, td, 0, false); /* * For a client side mount, nmp is != NULL and clp == NULL. For Modified: head/sys/fs/nfs/nfs_commonsubs.c == --- head/sys/fs/nfs/nfs_commonsubs.cMon Aug 10 21:41:49 2020 (r364091) +++ head/sys/fs/nfs/nfs_commonsubs.cTue Aug 11 00:26:45 2020 (r364092) @@ -1058,25 +1058,6 @@ nfsaddr2_match(NFSSOCKADDR_T nam1, NFSSOCKADDR_T nam2) } /* - * Trim trailing data off the mbuf list being built. - */ -void -newnfs_trimtrailing(nd, mb, bpos) - struct nfsrv_descript *nd; - struct mbuf *mb; - caddr_t bpos; -{ - - if (mb->m_next) { - m_freem(mb->m_next); - mb->m_next = NULL; - } - mb->m_len = bpos - mtod(mb, caddr_t); - nd->nd_mb = mb; - nd->nd_bpos = bpos; -} - -/* * Dissect a file handle on the client. */ int @@ -3650,7 +3631,7 @@ nfsrv_nfsuserdport(struct nfsuserd_args *nargs, NFSPRO } rp->nr_vers = RPCNFSUSERD_VERS; if (error == 0) - error = newnfs_connect(NULL, rp, NFSPROCCRED(p), p, 0); + error = newnfs_connect(NULL, rp, NFSPROCCRED(p), p, 0, false); if (error == 0) { NFSLOCKNAMEID(); nfsrv_nfsuserd = RUNNING; Modified: head/sys/fs/nfs/nfs_var.h == --- head/sys/fs/nfs/nfs_var.h Mon Aug 10 21:41:49 2020(r364091) +++ head/sys/fs/nfs/nfs_var.h Tue Aug 11 00:26:45 2020(r364092) @@ -324,8 +324,6 @@ int nfsm_mbufuio(struct nfsrv_descript *, struct uio * int nfsm_fhtom(struct nfsrv_descript *, u_int8_t *, int, int); int nfsm_advance(struct nfsrv_descript *, int, int); void *nfsm_dissct(struct nfsrv_descript *, int, int); -void newnfs_trimtrailing(struct nfsrv_descript *, struct mbuf *, -caddr_t); void newnfs_copycred(struct nfscred *, struct ucred *); void newnfs_copyincred(struct ucred *, struct nfscred *); int nfsrv_dissectacl(struct nfsrv_descript *, NFSA
svn commit: r363748 - in head/sys/fs: nfs nfsserver
Author: rmacklem Date: Fri Jul 31 23:35:49 2020 New Revision: 363748 URL: https://svnweb.freebsd.org/changeset/base/363748 Log: Add optional support for ext_pgs mbufs to the NFS server's read, readlink and getxattr operations. This patch optionally enables generation of read, readlink and getxattr replies in ext_pgs mbufs. Since neither of ND_EXTPG or ND_TLS are currently ever set, there is no change in semantics at this time. It also corrects the message in a couple of panic()s that should never occur. This is another in the series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. Use of ext_pgs mbufs will not be enabled until the kernel RPC is updated to handle TLS. Modified: head/sys/fs/nfs/nfs_var.h head/sys/fs/nfsserver/nfs_nfsdport.c head/sys/fs/nfsserver/nfs_nfsdserv.c Modified: head/sys/fs/nfs/nfs_var.h == --- head/sys/fs/nfs/nfs_var.h Fri Jul 31 23:02:17 2020(r363747) +++ head/sys/fs/nfs/nfs_var.h Fri Jul 31 23:35:49 2020(r363748) @@ -680,9 +680,9 @@ int nfsvno_namei(struct nfsrv_descript *, struct namei vnode_t, int, struct nfsexstuff *, NFSPROC_T *, vnode_t *); void nfsvno_setpathbuf(struct nameidata *, char **, u_long **); void nfsvno_relpathbuf(struct nameidata *); -int nfsvno_readlink(vnode_t, struct ucred *, NFSPROC_T *, struct mbuf **, +int nfsvno_readlink(vnode_t, struct ucred *, int, NFSPROC_T *, struct mbuf **, struct mbuf **, int *); -int nfsvno_read(vnode_t, off_t, int, struct ucred *, NFSPROC_T *, +int nfsvno_read(vnode_t, off_t, int, struct ucred *, int, NFSPROC_T *, struct mbuf **, struct mbuf **); int nfsvno_write(vnode_t, off_t, int, int *, struct mbuf *, char *, struct ucred *, NFSPROC_T *); @@ -748,7 +748,7 @@ int nfsvno_seek(struct nfsrv_descript *, struct vnode bool *, struct ucred *, NFSPROC_T *); int nfsvno_allocate(struct vnode *, off_t, off_t, struct ucred *, NFSPROC_T *); int nfsvno_getxattr(struct vnode *, char *, uint32_t, struct ucred *, -struct thread *, struct mbuf **, struct mbuf **, int *); +uint64_t, int, struct thread *, struct mbuf **, struct mbuf **, int *); int nfsvno_setxattr(struct vnode *, char *, int, struct mbuf *, char *, struct ucred *, struct thread *); int nfsvno_rmxattr(struct nfsrv_descript *, struct vnode *, char *, Modified: head/sys/fs/nfsserver/nfs_nfsdport.c == --- head/sys/fs/nfsserver/nfs_nfsdport.cFri Jul 31 23:02:17 2020 (r363747) +++ head/sys/fs/nfsserver/nfs_nfsdport.cFri Jul 31 23:35:49 2020 (r363748) @@ -108,6 +108,8 @@ extern struct nfsdevicehead nfsrv_devidhead; static int nfsrv_createiovec(int, struct mbuf **, struct mbuf **, struct iovec **); +static int nfsrv_createiovec_extpgs(int, int, struct mbuf **, +struct mbuf **, struct iovec **); static int nfsrv_createiovecw(int, struct mbuf *, char *, struct iovec **, int *); static void nfsrv_pnfscreate(struct vnode *, struct vattr *, struct ucred *, @@ -738,8 +740,8 @@ nfsvno_relpathbuf(struct nameidata *ndp) * Readlink vnode op into an mbuf list. */ int -nfsvno_readlink(struct vnode *vp, struct ucred *cred, struct thread *p, -struct mbuf **mpp, struct mbuf **mpendp, int *lenp) +nfsvno_readlink(struct vnode *vp, struct ucred *cred, int maxextsiz, +struct thread *p, struct mbuf **mpp, struct mbuf **mpendp, int *lenp) { struct iovec *iv; struct uio io, *uiop = &io; @@ -747,7 +749,11 @@ nfsvno_readlink(struct vnode *vp, struct ucred *cred, int len, tlen, error = 0; len = NFS_MAXPATHLEN; - uiop->uio_iovcnt = nfsrv_createiovec(len, &mp3, &mp, &iv); + if (maxextsiz > 0) + uiop->uio_iovcnt = nfsrv_createiovec_extpgs(len, maxextsiz, + &mp3, &mp, &iv); + else + uiop->uio_iovcnt = nfsrv_createiovec(len, &mp3, &mp, &iv); uiop->uio_iov = iv; uiop->uio_offset = 0; uiop->uio_resid = len; @@ -819,7 +825,7 @@ nfsrv_createiovec(int len, struct mbuf **mpp, struct m i = 0; while (left > 0) { if (m == NULL) - panic("nfsvno_read iov"); + panic("nfsrv_createiovec iov"); siz = min(M_TRAILINGSPACE(m), left); if (siz > 0) { iv->iov_base = mtod(m, caddr_t) + m->m_len; @@ -837,11 +843,76 @@ nfsrv_createiovec(int len, struct mbuf **mpp, struct m } /* + * Create an mbuf chain and an associated iovec that can be used to Read + * or Getextattr of data. + * Upon success, return pointers to the first and last mbufs in the chain + * plus the malloc'd
Re: svn commit: r363625 - stable/12/usr.sbin/mountd
Brooks Davis wrote: >On Thu, Jul 30, 2020 at 03:48:34PM +0000, Rick Macklem wrote: >> Rick Macklem wrote: >> >Ian Lepore wrote: >> >>On Thu, 2020-07-30 at 01:52 +, Rick Macklem wrote: >> >>> Brooks Davis wrote: >> >>> > Author: brooks >> >>> > Date: Mon Jul 27 23:18:14 2020 >> >>> > New Revision: 363625 >> >>> > URL: https://svnweb.freebsd.org/changeset/base/363625 >> >>> > >> >>> > Log: >> >>> > MFC r363439: >> >>> > >> >>> > Correct a type-mismatch between xdr_long and the variable "bad". >> >>> > >> >>> > [...] >> >>> --> I can't see how the xdr.c code would work for a machine that is >> >>> BIG_ENDIAN and where "long" is 64bits, but we don't have any of >> >>> those. >> >>> >> >> >> >>mips64 and powerpc64 are both big endian with 64-bit long. >> >Oops, I didn't know that. In the past, I've run PowerPC and MIPS, but >> >thought >> >they both were little endian. (I recall the arches can be run either way.) >> > >> >Anyhow, take a look at head/lib/libc/xdr/xdr.c and it looks to me like it >> >has been broken "forever" (ever since we stopped using a K&R compiler >> >that would have always made "long" 32bits). >> OK, I took another look at xdr.c and it isn't broken as I thought. >> >> xdr_long() takes a "long *" argument ("long" in Sun XDR is 32bits), >> but then it only passes it as an argument to XDR_PUTLONG(), which is actually >> a call to xdrmem_putlong_aligned() or xdrmem_putlong_unaligned(). >> For xdrmem_putlong_aligned(), the line is: >>*(u_int32_t *)xdrs->x_private = htonl((u_int32_t)*lp); >> --> where lp is a "long *" >> >> I'll admit I'm not 100% sure if "(u_int32_t)*lp" gets the correct 32bits of >> a 64bit >> long pointer for all arches? (I'm not very good at knowing what type casts >> do.) >> If this is the equivalent of "u_int32_t t; t = *lp; htonl(t); then I think >> the code is ok? >> (At least it makes it clear that it is using 32bits of the value pointed to >> by the >> argument.) >> >> For xdrmem_putlong_unaligned(), it does the same thing via: >> u_int32_t l; >> ?. >> l = htonl((u_int32_t)*lp); >> >> --> At least the man page for xdr_long() should be clarified to note it >> puts a 32bit quantity on the wire. I think I will try and come up with a man page patch, noting that xdr_long() always puts 32bits on the wire, even if long is 64bits for the arch. >> >> >If anyone has either of these and can set up an NFS server on one of >> >them and then try and do an NFSv3 mount that is not allowed, it would >> >be interesting to see the packet trace and if the MNT RPC fails, because >> >it looks like it will put the high order 32bits on the wire and they'll >> >always be 0? >> It would still be interesting to test this on a 64bit big endian, but so >> long as >> the above cast works, it does look like it works for all arches. >> >> >Just to clarify. The behaviour wasn't broken by this commit. I just >> >don't see how the commit fixes anything? >> My mistake. Sorry for the noise. >> >> I now think the commit is correct since it uses "*lp" to get the value before >> casting it down to 32bits. Passing in an "int *" was incorrect. >> >> The code does seem to handle "long *" for 64bit arches, although it >> only puts 32bits "on-the-wire". >> >> rick, who was confused because he knew there was only supposed to be >> 32bits go on the wire. > >Thank you for all the analysis. I'd initially changed all the uses >of bad to use xdr_int(), but switched to this "fix" because it's what >NetBSD and OpenBSD have been using for over a decade (and there was >less churn). I'm happy to flip it the other way if that seems more >correct/less confusing. I think your current patch is fine. The confusion is w.r.t. what xdr_long() does for a 64bit long and I think a man page update may be the way to go. --> If you look in xdr.c, xdr_int() assigns the value to a long and then ends up truncating it back down, similar to xdr_long(). --> Some of the stuff in xdr.c is pretty scary for 64bit longs, but it all seems to work, once you look at it for a while.;-) >The previous code does in fact cause a 64-bit load of a pointer to an >int on 64-bit platforms. I hit this in CheriBSD because that pointer >had 4-byte bounds. Yes. The first time I looked at the code (it was late evening), I misread ((u_int32_t)*lp) as *((u_int32_t *)lp) and that was why I thought your patch was broken. Thanks for doing this and sorry about the noise, rick ps: Personally, I've never understood why ANSI C allowed "long" to be 64bits on some arches. I still bump into hassles because the old K&R code was written assuming long to be 32bits. -- Brooks ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r363625 - stable/12/usr.sbin/mountd
Rick Macklem wrote: >Ian Lepore wrote: >>On Thu, 2020-07-30 at 01:52 +0000, Rick Macklem wrote: >>> Brooks Davis wrote: >>> > Author: brooks >>> > Date: Mon Jul 27 23:18:14 2020 >>> > New Revision: 363625 >>> > URL: https://svnweb.freebsd.org/changeset/base/363625 >>> > >>> > Log: >>> > MFC r363439: >>> > >>> > Correct a type-mismatch between xdr_long and the variable "bad". >>> > >>> > [...] >>> --> I can't see how the xdr.c code would work for a machine that is >>> BIG_ENDIAN and where "long" is 64bits, but we don't have any of >>> those. >>> >> >>mips64 and powerpc64 are both big endian with 64-bit long. >Oops, I didn't know that. In the past, I've run PowerPC and MIPS, but thought >they both were little endian. (I recall the arches can be run either way.) > >Anyhow, take a look at head/lib/libc/xdr/xdr.c and it looks to me like it >has been broken "forever" (ever since we stopped using a K&R compiler >that would have always made "long" 32bits). OK, I took another look at xdr.c and it isn't broken as I thought. xdr_long() takes a "long *" argument ("long" in Sun XDR is 32bits), but then it only passes it as an argument to XDR_PUTLONG(), which is actually a call to xdrmem_putlong_aligned() or xdrmem_putlong_unaligned(). For xdrmem_putlong_aligned(), the line is: *(u_int32_t *)xdrs->x_private = htonl((u_int32_t)*lp); --> where lp is a "long *" I'll admit I'm not 100% sure if "(u_int32_t)*lp" gets the correct 32bits of a 64bit long pointer for all arches? (I'm not very good at knowing what type casts do.) If this is the equivalent of "u_int32_t t; t = *lp; htonl(t); then I think the code is ok? (At least it makes it clear that it is using 32bits of the value pointed to by the argument.) For xdrmem_putlong_unaligned(), it does the same thing via: u_int32_t l; …. l = htonl((u_int32_t)*lp); --> At least the man page for xdr_long() should be clarified to note it puts a 32bit quantity on the wire. >If anyone has either of these and can set up an NFS server on one of >them and then try and do an NFSv3 mount that is not allowed, it would >be interesting to see the packet trace and if the MNT RPC fails, because >it looks like it will put the high order 32bits on the wire and they'll >always be 0? It would still be interesting to test this on a 64bit big endian, but so long as the above cast works, it does look like it works for all arches. >Just to clarify. The behaviour wasn't broken by this commit. I just >don't see how the commit fixes anything? My mistake. Sorry for the noise. I now think the commit is correct since it uses "*lp" to get the value before casting it down to 32bits. Passing in an "int *" was incorrect. The code does seem to handle "long *" for 64bit arches, although it only puts 32bits "on-the-wire". rick, who was confused because he knew there was only supposed to be 32bits go on the wire. -- Ian ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r363625 - stable/12/usr.sbin/mountd
Ian Lepore wrote: >On Thu, 2020-07-30 at 01:52 +0000, Rick Macklem wrote: >> Brooks Davis wrote: >> > Author: brooks >> > Date: Mon Jul 27 23:18:14 2020 >> > New Revision: 363625 >> > URL: https://svnweb.freebsd.org/changeset/base/363625 >> > >> > Log: >> > MFC r363439: >> > >> > Correct a type-mismatch between xdr_long and the variable "bad". >> > >> > [...] >> --> I can't see how the xdr.c code would work for a machine that is >> BIG_ENDIAN and where "long" is 64bits, but we don't have any of >> those. >> > >mips64 and powerpc64 are both big endian with 64-bit long. Oops, I didn't know that. In the past, I've run PowerPC and MIPS, but thought they both were little endian. (I recall the arches can be run either way.) Anyhow, take a look at head/lib/libc/xdr/xdr.c and it looks to me like it has been broken "forever" (ever since we stopped using a K&R compiler that would have always made "long" 32bits). If anyone has either of these and can set up an NFS server on one of them and then try and do an NFSv3 mount that is not allowed, it would be interesting to see the packet trace and if the MNT RPC fails, because it looks like it will put the high order 32bits on the wire and they'll always be 0? Just to clarify. The behaviour wasn't broken by this commit. I just don't see how the commit fixes anything? rick, who doesn't have these arches to test on. -- Ian ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r363625 - stable/12/usr.sbin/mountd
Brooks Davis wrote: >Author: brooks >Date: Mon Jul 27 23:18:14 2020 >New Revision: 363625 >URL: https://svnweb.freebsd.org/changeset/base/363625 > >Log: > MFC r363439: > > Correct a type-mismatch between xdr_long and the variable "bad". > > Way back in r28911 (August 1997, CVS rev 1.22) we imported a NetBSD > information leak fix via OpenBSD. Unfortunatly we failed to track the > followup commit that fixed the type of the error code. Apply the change > from int to long now. I don't think this is correct. RFC-1813 defines the error return for a MNT RPC as a 32bit quantity. Way back when this stuff was written it was in K&R days and "long" was always a 32bit integer. If you look at head/lib/libc/xdr/xdr.c you'll see "long" used to refer to 32bit numbers throughout it. Look near the end, where it does a "longlong" (64bits) using 2 longs. The good news w.r.t. this ancient code is that XDR_PUTLONG() assumes 32bits. Also, note that xdr_int() and xdr_long() do exactly the same thing. I support int32_t would be preferred to "int" to make sure "bad" is 32bits and then you can use xdr_int32_t(), which does exactly the same thing as xdr_int() and about the same thing as xdr_long(). { They all assume a "long" is 32bits. Scary to look at now that "long" isn't always 32bits. } --> I can't see how the xdr.c code would work for a machine that is BIG_ENDIAN and where "long" is 64bits, but we don't have any of those. I don't think "int bad" was wrong and "long bad" definitely seems wrong for 64bit systems, although the xdr.c code simply ends up putting the low order 32bits on the wire, I think? rick Reviewed by: emaste Reported by: CHERI Obtained from:CheriBSD Sponsored by: DARPA Differential Revision:https://reviews.freebsd.org/D25779 Modified: stable/12/usr.sbin/mountd/mountd.c Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/mountd/mountd.c == --- stable/12/usr.sbin/mountd/mountd.c Mon Jul 27 21:19:41 2020 (r363624) +++ stable/12/usr.sbin/mountd/mountd.c Mon Jul 27 23:18:14 2020 (r363625) @@ -1087,7 +1087,8 @@ mntsrv(struct svc_req *rqstp, SVCXPRT *transp) struct sockaddr *saddr; u_short sport; char rpcpath[MNTPATHLEN + 1], dirpath[MAXPATHLEN]; - int bad = 0, defset, hostset; + int defset, hostset; + long bad = 0; sigset_t sighup_mask; int numsecflavors, *secflavorsp; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363677 - head/sys/fs/nfsserver
Author: rmacklem Date: Wed Jul 29 22:58:08 2020 New Revision: 363677 URL: https://svnweb.freebsd.org/changeset/base/363677 Log: Add support for ext_pgs mbufs to nfsrvd_readdir() and nfsrvd_readdirplus(). This patch code that optionally (based on ND_TLS, never set yet) generates readdir replies in ext_pgs mbufs. To trim the list back, a new function that is ext_pgs aware called nfsm_trimtrailing() replaces newnfs_trimtrailing(). newnfs_trimtrailing() is no longer used, but will be removed in a future commit, since its removal does modify the internal kpi between the NFS modules. This is another in the series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. Use of ext_pgs mbufs will not be enabled until the kernel RPC is updated to handle TLS. Modified: head/sys/fs/nfsserver/nfs_nfsdport.c Modified: head/sys/fs/nfsserver/nfs_nfsdport.c == --- head/sys/fs/nfsserver/nfs_nfsdport.cWed Jul 29 22:10:25 2020 (r363676) +++ head/sys/fs/nfsserver/nfs_nfsdport.cWed Jul 29 22:58:08 2020 (r363677) @@ -144,6 +144,8 @@ static int nfsrv_dsremove(struct vnode *, char *, stru static int nfsrv_dssetacl(struct vnode *, struct acl *, struct ucred *, NFSPROC_T *); static int nfsrv_pnfsstatfs(struct statfs *, struct mount *); +static void nfsm_trimtrailing(struct nfsrv_descript *, struct mbuf *, +char *, int, int); int nfs_pnfsio(task_fn_t *, void *); @@ -2043,6 +2045,17 @@ again: vput(vp); /* +* If cnt > MCLBYTES and the reply will not be saved, use +* ext_pgs mbufs for TLS. +* For NFSv4.0, we do not know for sure if the reply will +* be saved, so do not use ext_pgs mbufs for NFSv4.0. +*/ + if (cnt > MCLBYTES && siz > MCLBYTES && + (nd->nd_flag & (ND_TLS | ND_EXTPG | ND_SAVEREPLY)) == ND_TLS && + (nd->nd_flag & (ND_NFSV4 | ND_NFSV41)) != ND_NFSV4) + nd->nd_flag |= ND_EXTPG; + + /* * dirlen is the size of the reply, including all XDR and must * not exceed cnt. For NFSv2, RFC1094 didn't clearly indicate * if the XDR should be included in "count", but to be safe, we do. @@ -2146,6 +2159,7 @@ nfsrvd_readdirplus(struct nfsrv_descript *nd, int isdg struct mount *mp, *new_mp; uint64_t mounted_on_fileno; struct thread *p = curthread; + int bextpg0, bextpg1, bextpgsiz0, bextpgsiz1; if (nd->nd_repstat) { nfsrv_postopattr(nd, getret, &at); @@ -2359,11 +2373,27 @@ again: } /* +* If the reply is likely to exceed MCLBYTES and the reply will +* not be saved, use ext_pgs mbufs for TLS. +* It is difficult to predict how large each entry will be and +* how many entries have been read, so just assume the directory +* entries grow by a factor of 4 when attributes are included. +* For NFSv4.0, we do not know for sure if the reply will +* be saved, so do not use ext_pgs mbufs for NFSv4.0. +*/ + if (cnt > MCLBYTES && siz > MCLBYTES / 4 && + (nd->nd_flag & (ND_TLS | ND_EXTPG | ND_SAVEREPLY)) == ND_TLS && + (nd->nd_flag & (ND_NFSV4 | ND_NFSV41)) != ND_NFSV4) + nd->nd_flag |= ND_EXTPG; + + /* * Save this position, in case there is an error before one entry * is created. */ mb0 = nd->nd_mb; bpos0 = nd->nd_bpos; + bextpg0 = nd->nd_bextpg; + bextpgsiz0 = nd->nd_bextpgsiz; /* * Fill in the first part of the reply. @@ -2385,6 +2415,8 @@ again: */ mb1 = nd->nd_mb; bpos1 = nd->nd_bpos; + bextpg1 = nd->nd_bextpg; + bextpgsiz1 = nd->nd_bextpgsiz; /* Loop through the records and build reply */ entrycnt = 0; @@ -2401,6 +2433,8 @@ again: */ mb1 = nd->nd_mb; bpos1 = nd->nd_bpos; + bextpg1 = nd->nd_bextpg; + bextpgsiz1 = nd->nd_bextpgsiz; /* * For readdir_and_lookup get the vnode using @@ -2626,11 +2660,11 @@ invalid: if (!nd->nd_repstat && entrycnt == 0) nd->nd_repstat = NFSERR_TOOSMALL; if (nd->nd_repstat) { - newnfs_trimtrailing(nd, mb0, bpos0); + nfsm_trimtrailing(nd, mb0, bpos0, bextpg0, bextpgsiz0); if (nd->nd_flag & ND_NFSV3) nfsrv_postopattr(nd, getret, &at); } else - newnfs_trimtrailing(nd, mb1, bpos1); +
svn commit: r363587 - head/sys/fs/nfs
Author: rmacklem Date: Sun Jul 26 23:13:10 2020 New Revision: 363587 URL: https://svnweb.freebsd.org/changeset/base/363587 Log: Fix the NFSv4 client so that it checks for support of TimeCreate before trying to set it. r362490 added support for setting of the TimeCreate (va_birthtime) attribute, but it does so without checking to see if the server supports the attribute. This could result in NFSERR_ATTRNOTSUPP error replies to the Setattr operation. This patch adds code to check that the server supports TimeCreate before attempting to do a Setattr of it to avoid these error returns. Modified: head/sys/fs/nfs/nfs_commonsubs.c Modified: head/sys/fs/nfs/nfs_commonsubs.c == --- head/sys/fs/nfs/nfs_commonsubs.cSun Jul 26 23:03:41 2020 (r363586) +++ head/sys/fs/nfs/nfs_commonsubs.cSun Jul 26 23:13:10 2020 (r363587) @@ -504,6 +504,7 @@ nfscl_fillsattr(struct nfsrv_descript *nd, struct vatt u_int32_t *tl; struct nfsv2_sattr *sp; nfsattrbit_t attrbits; + struct nfsnode *np; switch (nd->nd_flag & (ND_NFSV2 | ND_NFSV3 | ND_NFSV4)) { case ND_NFSV2: @@ -605,8 +606,18 @@ nfscl_fillsattr(struct nfsrv_descript *nd, struct vatt NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEACCESSSET); if (vap->va_mtime.tv_sec != VNOVAL) NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFYSET); - if (vap->va_birthtime.tv_sec != VNOVAL) - NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMECREATE); + if (vap->va_birthtime.tv_sec != VNOVAL && + strcmp(vp->v_mount->mnt_vfc->vfc_name, "nfs") == 0) { + /* +* We can only test for support of TimeCreate if +* the "vp" argument is for an NFS vnode. +*/ + np = VTONFS(vp); + if (NFSISSET_ATTRBIT(&np->n_vattr.na_suppattr, + NFSATTRBIT_TIMECREATE)) + NFSSETBIT_ATTRBIT(&attrbits, + NFSATTRBIT_TIMECREATE); + } (void) nfsv4_fillattr(nd, vp->v_mount, vp, NULL, vap, NULL, 0, &attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0, NULL); break; ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363586 - head/sys/fs/nfsserver
Author: rmacklem Date: Sun Jul 26 23:03:41 2020 New Revision: 363586 URL: https://svnweb.freebsd.org/changeset/base/363586 Log: Fix the NFS server so that it sets va_birthtime. r362490 marked that the NFSv4 attribute TimeCreate (va_birthtime) is supported, but it did not change the NFS server code to actually do it. As such, errors could occur when unrolling a tarball onto an NFSv4 mounted volume, since setting TimeCreate would fail with a NFSERR_ATTRNOTSUPP reply. This patch fixes the server so that it does TimeCreate and also makes sure that TimeCreate will not be set for a DS file for a pNFS server. A separate commit will add a check to the NFSv4 client for support of the TimeCreate attribute before attempting to set it, to avoid a problem when mounting a server that does not support the attribute. The failures will still occur for r362490 or later kernels that do not have this patch, since they indicate support for the attribute, but do not actually support the attribute. Modified: head/sys/fs/nfsserver/nfs_nfsdport.c Modified: head/sys/fs/nfsserver/nfs_nfsdport.c == --- head/sys/fs/nfsserver/nfs_nfsdport.cSun Jul 26 22:30:55 2020 (r363585) +++ head/sys/fs/nfsserver/nfs_nfsdport.cSun Jul 26 23:03:41 2020 (r363586) @@ -459,6 +459,7 @@ nfsvno_setattr(struct vnode *vp, struct nfsvattr *nvap { u_quad_t savsize = 0; int error, savedit; + time_t savbtime; /* * If this is an exported file system and a pNFS service is running, @@ -490,9 +491,13 @@ nfsvno_setattr(struct vnode *vp, struct nfsvattr *nvap nvap->na_vattr.va_mode != (mode_t)VNOVAL || nvap->na_vattr.va_atime.tv_sec != VNOVAL || nvap->na_vattr.va_mtime.tv_sec != VNOVAL)) { + /* Never modify birthtime on a DS file. */ + savbtime = nvap->na_vattr.va_birthtime.tv_sec; + nvap->na_vattr.va_birthtime.tv_sec = VNOVAL; /* For a pNFS server, set the attributes on the DS file. */ error = nfsrv_proxyds(vp, 0, 0, cred, p, NFSPROC_SETATTR, NULL, NULL, NULL, nvap, NULL, NULL, 0, NULL); + nvap->na_vattr.va_birthtime.tv_sec = savbtime; if (error == ENOENT) error = 0; } @@ -2914,8 +2919,7 @@ nfsv4_sattr(struct nfsrv_descript *nd, vnode_t vp, str break; case NFSATTRBIT_TIMECREATE: NFSM_DISSECT(tl, u_int32_t *, NFSX_V4TIME); - if (!nd->nd_repstat) - nd->nd_repstat = NFSERR_ATTRNOTSUPP; + fxdr_nfsv4time(tl, &nvap->na_btime); attrsum += NFSX_V4TIME; break; case NFSATTRBIT_TIMEMODIFYSET: ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363541 - in head/sys/fs: nfs nfsserver
Author: rmacklem Date: Sun Jul 26 02:42:09 2020 New Revision: 363541 URL: https://svnweb.freebsd.org/changeset/base/363541 Log: Add support for ext_pgs mbufs to nfsrv_adj(). This patch uses a slightly different algorithm for nfsrv_adj() since ext_pgs mbuf lists are not permitted to have m_len == 0 mbufs. As such, the code now frees mbufs after the adjustment in the list instead of setting their m_len field to 0. Since mbuf(s) may be trimmed off the tail of the list, the function now returns a pointer to the last mbuf in the list. This saves the caller from needing to use m_last() to find the last mbuf. It also implies that it might return a nul list, which required a check for that in nfsrvd_readlink(). This is another in the series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. Use of ext_pgs mbufs will not be enabled until the kernel RPC is updated to handle TLS. Modified: head/sys/fs/nfs/nfs_var.h head/sys/fs/nfsserver/nfs_nfsdport.c head/sys/fs/nfsserver/nfs_nfsdserv.c head/sys/fs/nfsserver/nfs_nfsdsubs.c Modified: head/sys/fs/nfs/nfs_var.h == --- head/sys/fs/nfs/nfs_var.h Sun Jul 26 01:45:26 2020(r363540) +++ head/sys/fs/nfs/nfs_var.h Sun Jul 26 02:42:09 2020(r363541) @@ -391,7 +391,7 @@ int nfsv4_fillattr(struct nfsrv_descript *, struct mou struct vattr *, fhandle_t *, int, nfsattrbit_t *, struct ucred *, NFSPROC_T *, int, int, int, int, uint64_t, struct statfs *); void nfsrv_fillattr(struct nfsrv_descript *, struct nfsvattr *); -void nfsrv_adj(struct mbuf *, int, int); +struct mbuf *nfsrv_adj(struct mbuf *, int, int); void nfsrv_postopattr(struct nfsrv_descript *, int, struct nfsvattr *); int nfsd_errmap(struct nfsrv_descript *); void nfsv4_uidtostr(uid_t, u_char **, int *); Modified: head/sys/fs/nfsserver/nfs_nfsdport.c == --- head/sys/fs/nfsserver/nfs_nfsdport.cSun Jul 26 01:45:26 2020 (r363540) +++ head/sys/fs/nfsserver/nfs_nfsdport.cSun Jul 26 02:42:09 2020 (r363541) @@ -757,7 +757,12 @@ nfsvno_readlink(struct vnode *vp, struct ucred *cred, if (uiop->uio_resid > 0) { len -= uiop->uio_resid; tlen = NFSM_RNDUP(len); - nfsrv_adj(mp3, NFS_MAXPATHLEN - tlen, tlen - len); + if (tlen == 0) { + m_freem(mp3); + mp3 = mp = NULL; + } else if (tlen != NFS_MAXPATHLEN || tlen != len) + mp = nfsrv_adj(mp3, NFS_MAXPATHLEN - tlen, + tlen - len); } *lenp = len; *mpp = mp3; @@ -872,9 +877,9 @@ nfsvno_read(struct vnode *vp, off_t off, int cnt, stru tlen = NFSM_RNDUP(cnt); if (tlen == 0) { m_freem(m3); - m3 = NULL; + m3 = m = NULL; } else if (len != tlen || tlen != cnt) - nfsrv_adj(m3, len - tlen, tlen - cnt); + m = nfsrv_adj(m3, len - tlen, tlen - cnt); *mpp = m3; *mpendp = m; @@ -6247,7 +6252,11 @@ nfsvno_getxattr(struct vnode *vp, char *name, uint32_t tlen = NFSM_RNDUP(len); if (alen != tlen) printf("nfsvno_getxattr: weird size read\n"); - nfsrv_adj(m, alen - tlen, tlen - len); + if (tlen == 0) { + m_freem(m); + m = m2 = NULL; + } else if (alen != tlen || tlen != len) + m2 = nfsrv_adj(m, alen - tlen, tlen - len); } *lenp = len; *mpp = m; Modified: head/sys/fs/nfsserver/nfs_nfsdserv.c == --- head/sys/fs/nfsserver/nfs_nfsdserv.cSun Jul 26 01:45:26 2020 (r363540) +++ head/sys/fs/nfsserver/nfs_nfsdserv.cSun Jul 26 02:42:09 2020 (r363541) @@ -690,9 +690,11 @@ nfsrvd_readlink(struct nfsrv_descript *nd, __unused in goto out; NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED); *tl = txdr_unsigned(len); - nd->nd_mb->m_next = mp; - nd->nd_mb = mpend; - nd->nd_bpos = mtod(mpend, caddr_t) + mpend->m_len; + if (mp != NULL) { + nd->nd_mb->m_next = mp; + nd->nd_mb = mpend; + nd->nd_bpos = mtod(mpend, caddr_t) + mpend->m_len; + } out: NFSEXITCODE2(0, nd); Modified: head/sys/fs/nfsserver/nfs_nfsdsubs.c == --- head/sys/fs/nfsserver/nfs_nfsdsubs.cSun Jul 26 01:45:26 2020 (r
svn commit: r363499 - in head/sys/fs: nfs nfsclient
Author: rmacklem Date: Fri Jul 24 23:17:09 2020 New Revision: 363499 URL: https://svnweb.freebsd.org/changeset/base/363499 Log: Add support for ext_pgs mbufs to nfsm_uiombuflist() and nfsm_split(). This patch uses a slightly different algorithm for nfsm_uiombuflist() for the non-ext_pgs case, where a variable called "mcp" is maintained, pointing to the current location that mbuf data can be filled into. This avoids use of mtod(mp, char *) + mp->m_len to calculate the location, since this does not work for ext_pgs mbufs and I think it makes the algorithm more readable. This change should not result in semantic changes for the non-ext_pgs case. The patch also deletes come unneeded code. It also adds support for anonymous page ext_pgs mbufs to nfsm_split(). This is another in the series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. At this time for this case, use of ext_pgs mbufs cannot be enabled, since ktls_encrypt() replaces the unencrypted data with encrypted data in place. Until such time as this can be enabled, there should be no semantic change. Also, note that this code is only used by the NFS client for a mirrored pNFS server. Modified: head/sys/fs/nfs/nfs_var.h head/sys/fs/nfsclient/nfs_clcomsubs.c head/sys/fs/nfsclient/nfs_clrpcops.c Modified: head/sys/fs/nfs/nfs_var.h == --- head/sys/fs/nfs/nfs_var.h Fri Jul 24 23:15:42 2020(r363498) +++ head/sys/fs/nfs/nfs_var.h Fri Jul 24 23:17:09 2020(r363499) @@ -365,7 +365,7 @@ struct mbuf *nfsm_add_ext_pgs(struct mbuf *, int, int /* nfs_clcomsubs.c */ void nfsm_uiombuf(struct nfsrv_descript *, struct uio *, int); -struct mbuf *nfsm_uiombuflist(struct uio *, int, struct mbuf **, char **); +struct mbuf *nfsm_uiombuflist(struct uio *, int, u_int); nfsuint64 *nfscl_getcookie(struct nfsnode *, off_t off, int); u_int8_t *nfscl_getmyip(struct nfsmount *, struct in6_addr *, int *); int nfsm_getfh(struct nfsrv_descript *, struct nfsfh **); Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c == --- head/sys/fs/nfsclient/nfs_clcomsubs.c Fri Jul 24 23:15:42 2020 (r363498) +++ head/sys/fs/nfsclient/nfs_clcomsubs.c Fri Jul 24 23:17:09 2020 (r363499) @@ -160,26 +160,33 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui * NOTE: can ony handle iovcnt == 1 */ struct mbuf * -nfsm_uiombuflist(struct uio *uiop, int siz, struct mbuf **mbp, char **cpp) +nfsm_uiombuflist(struct uio *uiop, int siz, u_int maxext) { char *uiocp; struct mbuf *mp, *mp2, *firstmp; - int i, left, mlen, rem, xfer; + int extpg, extpgsiz = 0, i, left, mlen, rem, xfer; int uiosiz, clflg; char *mcp, *tcp; KASSERT(uiop->uio_iovcnt == 1, ("nfsm_uiotombuf: iovcnt != 1")); - if (siz > ncl_mbuf_mlen)/* or should it >= MCLBYTES ?? */ - clflg = 1; - else - clflg = 0; - if (clflg != 0) - NFSMCLGET(mp, M_WAITOK); - else - NFSMGET(mp); + if (maxext > 0) { + mp = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK); + mcp = (char *)(void *)PHYS_TO_DMAP(mp->m_epg_pa[0]); + extpg = 0; + extpgsiz = PAGE_SIZE; + } else { + if (siz > ncl_mbuf_mlen) /* or should it >= MCLBYTES ?? */ + clflg = 1; + else + clflg = 0; + if (clflg != 0) + NFSMCLGET(mp, M_WAITOK); + else + NFSMGET(mp); + mcp = mtod(mp, char *); + } mp->m_len = 0; - mcp = mtod(mp, char *); firstmp = mp2 = mp; rem = NFSM_RNDUP(siz) - siz; while (siz > 0) { @@ -189,17 +196,28 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu left = siz; uiosiz = left; while (left > 0) { - mlen = M_TRAILINGSPACE(mp); - if (mlen == 0) { - if (clflg) - NFSMCLGET(mp, M_WAITOK); - else - NFSMGET(mp); - mp->m_len = 0; - mcp = mtod(mp, char *); - mp2->m_next = mp; - mp2 = mp; + if (maxext > 0) + mlen = extpgsiz; + else mlen = M_TRAILINGSPACE(mp); +
svn commit: r363437 - head/sys/fs/nfsclient
Author: rmacklem Date: Wed Jul 22 23:33:37 2020 New Revision: 363437 URL: https://svnweb.freebsd.org/changeset/base/363437 Log: Modify writing to mirrored pNFS DSs to prepare for use of ext_pgs mbufs. This patch modifies writing to mirrored pNFS DSs slightly so that there is only one m_copym() call for a mirrored pair instead of two of them. This call replaces the custom nfsm_copym() call, which is no longer needed and deleted by this patch. The patch does introduce a new nfsm_split() function that only calls m_split() for the non-ext_pgs case. The semantics of nfsm_uiombuflist() is changed to include code that nul pads the generated mbuf list. This was done by nfsm_copym() prior to this patch. The main reason for this change is that it allows the data to be a list of ext_pgs mbufs, since the m_copym() is for the entire mbuf list. This support will be added in a future commit. This patch only affects writing to mirrored flexible file layout pNFS servers. Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c head/sys/fs/nfsclient/nfs_clrpcops.c Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c == --- head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Jul 22 22:51:14 2020 (r363436) +++ head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Jul 22 23:33:37 2020 (r363437) @@ -164,9 +164,9 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu { char *uiocp; struct mbuf *mp, *mp2, *firstmp; - int xfer, left, mlen; + int i, left, mlen, rem, xfer; int uiosiz, clflg; - char *tcp; + char *mcp, *tcp; KASSERT(uiop->uio_iovcnt == 1, ("nfsm_uiotombuf: iovcnt != 1")); @@ -179,7 +179,9 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu else NFSMGET(mp); mp->m_len = 0; + mcp = mtod(mp, char *); firstmp = mp2 = mp; + rem = NFSM_RNDUP(siz) - siz; while (siz > 0) { left = uiop->uio_iov->iov_len; uiocp = uiop->uio_iov->iov_base; @@ -194,18 +196,18 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu else NFSMGET(mp); mp->m_len = 0; + mcp = mtod(mp, char *); mp2->m_next = mp; mp2 = mp; mlen = M_TRAILINGSPACE(mp); } xfer = (left > mlen) ? mlen : left; if (uiop->uio_segflg == UIO_SYSSPACE) - NFSBCOPY(uiocp, mtod(mp, caddr_t) + - mp->m_len, xfer); + NFSBCOPY(uiocp, mcp, xfer); else - copyin(uiocp, mtod(mp, caddr_t) + - mp->m_len, xfer); + copyin(uiocp, mcp, xfer); mp->m_len += xfer; + mcp += xfer; left -= xfer; uiocp += xfer; uiop->uio_offset += xfer; @@ -216,6 +218,13 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu uiop->uio_iov->iov_base = (void *)tcp; uiop->uio_iov->iov_len -= uiosiz; siz -= uiosiz; + } + if (rem > 0) { + KASSERT(rem <= M_TRAILINGSPACE(mp), + ("nfsm_uiombuflist: no space for padding")); + for (i = 0; i < rem; i++) + *mcp++ = '\0'; + mp->m_len += rem; } if (cpp != NULL) *cpp = mtod(mp, caddr_t) + mp->m_len; Modified: head/sys/fs/nfsclient/nfs_clrpcops.c == --- head/sys/fs/nfsclient/nfs_clrpcops.cWed Jul 22 22:51:14 2020 (r363436) +++ head/sys/fs/nfsclient/nfs_clrpcops.cWed Jul 22 23:33:37 2020 (r363437) @@ -158,7 +158,6 @@ static int nfscl_dofflayoutio(vnode_t, struct uio *, i nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *, struct nfsclflayout *, uint64_t, uint64_t, int, int, struct mbuf *, struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *); -static struct mbuf *nfsm_copym(struct mbuf *, int, int); static int nfsrpc_readds(vnode_t, struct uio *, nfsv4stateid_t *, int *, struct nfsclds *, uint64_t, int, struct nfsfh *, int, int, int, struct ucred *, NFSPROC_T *); @@ -220,6 +219,7 @@ static int nfsrpc_copyrpc(vnode_t, off_t, vnode_t, off struct nfsvattr *, int *, bool, int *, struct ucred *, NFSPROC_T *); static int nfsrpc_seekrpc(vnode_t, off_t *, nfsv4stateid_t *, bool *, int, struct nfsvattr *, int *, struct ucred *); +static struct mbuf *nfsm_split(struct mbuf *,
svn commit: r363210 - head/sys/fs/nfsclient
Author: rmacklem Date: Wed Jul 15 01:26:28 2020 New Revision: 363210 URL: https://svnweb.freebsd.org/changeset/base/363210 Log: Fix the pNFS flexible file layout client for servers with small write size. The code in nfscl_dofflayout() loops when a flexible file layout server provides a small write data limit (no extant server is known to do this). If/when it looped, it erroneously reused the "drpc" argument for the mirror worker thread, corrupting it. This patch fixes the problem by only using the calling thread after the first loop iteration. Found during testing by simulating a server with a small write size. Since no extant pNFS server is known to provide a small write size, this fix it not needed in practice at this time. MFC after:2 weeks Modified: head/sys/fs/nfsclient/nfs_clrpcops.c Modified: head/sys/fs/nfsclient/nfs_clrpcops.c == --- head/sys/fs/nfsclient/nfs_clrpcops.cWed Jul 15 00:13:15 2020 (r363209) +++ head/sys/fs/nfsclient/nfs_clrpcops.cWed Jul 15 01:26:28 2020 (r363210) @@ -6248,10 +6248,17 @@ nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int * NFSCL_DEBUG(4, "mcopy reloff=%d xfer=%jd\n", rel_off, (uintmax_t)xfer); /* -* Do last write to a mirrored DS with this +* Do the writes after the first loop iteration +* and the write for the last mirror via this * thread. +* This loop only iterates for small values +* of nfsdi_wsize, which may never occur in +* practice. However, the drpc is completely +* used by the first iteration and, as such, +* cannot be used after that. */ - if (mirror < flp->nfsfl_mirrorcnt - 1) + if (mirror < flp->nfsfl_mirrorcnt - 1 && + rel_off == 0) error = nfsio_writedsmir(vp, iomode, must_commit, stateidp, *dspp, off, xfer, fhp, m, dp->nfsdi_vers, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363137 - head/sys/fs/nfsclient
Author: rmacklem Date: Mon Jul 13 01:28:45 2020 New Revision: 363137 URL: https://svnweb.freebsd.org/changeset/base/363137 Log: Minor code cleanup that removes "nd->nd_bpos = mcp;" in both if and else. The statement "nd->nd_bpos = mcp;" was in both the if and else. Correct, but potentially confusing. This patch fixes this. There should be no semantics change caused by this commit. Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c == --- head/sys/fs/nfsclient/nfs_clcomsubs.c Sun Jul 12 20:59:52 2020 (r363136) +++ head/sys/fs/nfsclient/nfs_clcomsubs.c Mon Jul 13 01:28:45 2020 (r363137) @@ -145,13 +145,12 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui for (left = 0; left < rem; left++) *mcp++ = '\0'; mp->m_len += rem; - nd->nd_bpos = mcp; if ((nd->nd_flag & ND_EXTPG) != 0) { nd->nd_bextpgsiz -= rem; mp->m_epg_last_len += rem; } - } else - nd->nd_bpos = mcp; + } + nd->nd_bpos = mcp; nd->nd_mb = mp; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r363001 - head/sys/fs/nfsclient
Author: rmacklem Date: Wed Jul 8 02:28:08 2020 New Revision: 363001 URL: https://svnweb.freebsd.org/changeset/base/363001 Log: Add support for ext_pgs mbufs to nfsm_uiombuf(). This patch uses a slightly different algorithm for the non-ext_pgs case, where a variable called "mcp" is maintained, pointing to the current location that mbuf data can be filled into. This avoids use of mtod(mp, char *) + mp->m_len to calculate the location, since this does not work for ext_pgs mbufs and I think it makes the algorithm more readable. This change should not result in semantic changes for the non-ext_pgs case. This is another in the series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. Since ND_EXTPG is never set yet, there is no semantic change at this time. Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c == --- head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Jul 8 01:47:20 2020 (r363000) +++ head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Jul 8 02:28:08 2020 (r363001) @@ -62,7 +62,7 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui struct mbuf *mp, *mp2; int xfer, left, mlen; int uiosiz, clflg, rem; - char *cp, *tcp; + char *mcp, *tcp; KASSERT(uiop->uio_iovcnt == 1, ("nfsm_uiotombuf: iovcnt != 1")); @@ -72,41 +72,52 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui clflg = 0; rem = NFSM_RNDUP(siz) - siz; mp = mp2 = nd->nd_mb; + mcp = nd->nd_bpos; while (siz > 0) { + KASSERT((nd->nd_flag & ND_EXTPG) != 0 || mcp == + mtod(mp, char *) + mp->m_len, ("nfsm_uiombuf: mcp wrong")); left = uiop->uio_iov->iov_len; uiocp = uiop->uio_iov->iov_base; if (left > siz) left = siz; uiosiz = left; while (left > 0) { - mlen = M_TRAILINGSPACE(mp); - if (mlen == 0) { - if (clflg) - NFSMCLGET(mp, M_WAITOK); - else - NFSMGET(mp); - mp->m_len = 0; - mp2->m_next = mp; - mp2 = mp; + if ((nd->nd_flag & ND_EXTPG) != 0) + mlen = nd->nd_bextpgsiz; + else mlen = M_TRAILINGSPACE(mp); + if (mlen == 0) { + if ((nd->nd_flag & ND_EXTPG) != 0) { + mp = nfsm_add_ext_pgs(mp, + nd->nd_maxextsiz, &nd->nd_bextpg); + mcp = (char *)(void *)PHYS_TO_DMAP( + mp->m_epg_pa[nd->nd_bextpg]); + nd->nd_bextpgsiz = PAGE_SIZE; + } else { + if (clflg) + NFSMCLGET(mp, M_WAITOK); + else + NFSMGET(mp); + mp->m_len = 0; + mlen = M_TRAILINGSPACE(mp); + mcp = mtod(mp, char *); + mp2->m_next = mp; + mp2 = mp; + } } xfer = (left > mlen) ? mlen : left; -#ifdef notdef - /* Not Yet.. */ - if (uiop->uio_iov->iov_op != NULL) - (*(uiop->uio_iov->iov_op)) - (uiocp, mtod(mp, caddr_t) + mp->m_len, - xfer); - else -#endif if (uiop->uio_segflg == UIO_SYSSPACE) - NFSBCOPY(uiocp, mtod(mp, caddr_t) + mp->m_len, - xfer); + NFSBCOPY(uiocp, mcp, xfer); else - copyin(uiocp, mtod(mp, caddr_t) + mp->m_len, xfer); + copyin(uiocp, mcp, xfer); mp->m_len += xfer; left -= xfer; uiocp += xfer; + mcp += xfer; + if ((nd->nd_flag & ND_EXTPG) != 0) { +
svn commit: r362980 - head/sys/fs/nfs
Author: rmacklem Date: Tue Jul 7 00:42:23 2020 New Revision: 362980 URL: https://svnweb.freebsd.org/changeset/base/362980 Log: Add support for ext_pgs mbufs to nfsrvd_rephead(). This is another in the series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. Since ND_EXTPG is never set yet, there is no semantic change at this time. Modified: head/sys/fs/nfs/nfs_commonsubs.c Modified: head/sys/fs/nfs/nfs_commonsubs.c == --- head/sys/fs/nfs/nfs_commonsubs.cMon Jul 6 22:39:42 2020 (r362979) +++ head/sys/fs/nfs/nfs_commonsubs.cTue Jul 7 00:42:23 2020 (r362980) @@ -4443,21 +4443,30 @@ nfsrvd_rephead(struct nfsrv_descript *nd) { struct mbuf *mreq; - /* -* If this is a big reply, use a cluster. -*/ - if ((nd->nd_flag & ND_GSSINITREPLY) == 0 && - nfs_bigreply[nd->nd_procnum]) { - NFSMCLGET(mreq, M_WAITOK); - nd->nd_mreq = mreq; - nd->nd_mb = mreq; + if ((nd->nd_flag & ND_EXTPG) != 0) { + mreq = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK); + nd->nd_mreq = nd->nd_mb = mreq; + nd->nd_bpos = (char *)(void *) + PHYS_TO_DMAP(mreq->m_epg_pa[0]); + nd->nd_bextpg = 0; + nd->nd_bextpgsiz = PAGE_SIZE; } else { - NFSMGET(mreq); - nd->nd_mreq = mreq; - nd->nd_mb = mreq; + /* +* If this is a big reply, use a cluster. +*/ + if ((nd->nd_flag & ND_GSSINITREPLY) == 0 && + nfs_bigreply[nd->nd_procnum]) { + NFSMCLGET(mreq, M_WAITOK); + nd->nd_mreq = mreq; + nd->nd_mb = mreq; + } else { + NFSMGET(mreq); + nd->nd_mreq = mreq; + nd->nd_mb = mreq; + } + nd->nd_bpos = mtod(mreq, char *); + mreq->m_len = 0; } - nd->nd_bpos = mtod(mreq, caddr_t); - mreq->m_len = 0; if ((nd->nd_flag & ND_GSSINITREPLY) == 0) NFSM_BUILD(nd->nd_errp, int *, NFSX_UNSIGNED); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362949 - head/sys/fs/nfs
Author: rmacklem Date: Sun Jul 5 21:55:16 2020 New Revision: 362949 URL: https://svnweb.freebsd.org/changeset/base/362949 Log: Add support for ext_pgs mbufs to nfsm_strtom(). Also, add a new function nfsm_add_ext_pgs() which will either add a page or add a new ext_pgs mbuf with a page to the mbuf list. Used by nfsm_strtom(). This is another in the series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. Since ND_EXTPG is never set yet, there is no semantic change at this time. Modified: head/sys/fs/nfs/nfs_commonsubs.c head/sys/fs/nfs/nfs_var.h Modified: head/sys/fs/nfs/nfs_commonsubs.c == --- head/sys/fs/nfs/nfs_commonsubs.cSun Jul 5 20:54:01 2020 (r362948) +++ head/sys/fs/nfs/nfs_commonsubs.cSun Jul 5 21:55:16 2020 (r362949) @@ -832,22 +832,38 @@ nfsm_strtom(struct nfsrv_descript *nd, const char *cp, bytesize = NFSX_UNSIGNED + siz + rem; m2 = nd->nd_mb; cp2 = nd->nd_bpos; - left = M_TRAILINGSPACE(m2); + if ((nd->nd_flag & ND_EXTPG) != 0) + left = nd->nd_bextpgsiz; + else + left = M_TRAILINGSPACE(m2); + KASSERT(((m2->m_flags & (M_EXT | M_EXTPG)) == + (M_EXT | M_EXTPG) && (nd->nd_flag & ND_EXTPG) != 0) || + ((m2->m_flags & (M_EXT | M_EXTPG)) != + (M_EXT | M_EXTPG) && (nd->nd_flag & ND_EXTPG) == 0), + ("nfsm_strtom: ext_pgs and non-ext_pgs mbufs mixed")); /* * Loop around copying the string to mbuf(s). */ while (siz > 0) { if (left == 0) { - if (siz > ncl_mbuf_mlen) - NFSMCLGET(m1, M_WAITOK); - else - NFSMGET(m1); - m1->m_len = 0; - m2->m_next = m1; - m2 = m1; - cp2 = mtod(m2, caddr_t); - left = M_TRAILINGSPACE(m2); + if ((nd->nd_flag & ND_EXTPG) != 0) { + m2 = nfsm_add_ext_pgs(m2, + nd->nd_maxextsiz, &nd->nd_bextpg); + cp2 = (char *)(void *)PHYS_TO_DMAP( + m2->m_epg_pa[nd->nd_bextpg]); + nd->nd_bextpgsiz = left = PAGE_SIZE; + } else { + if (siz > ncl_mbuf_mlen) + NFSMCLGET(m1, M_WAITOK); + else + NFSMGET(m1); + m1->m_len = 0; + cp2 = mtod(m1, char *); + left = M_TRAILINGSPACE(m1); + m2->m_next = m1; + m2 = m1; + } } if (left >= siz) xfer = siz; @@ -855,18 +871,31 @@ nfsm_strtom(struct nfsrv_descript *nd, const char *cp, xfer = left; NFSBCOPY(cp, cp2, xfer); cp += xfer; + cp2 += xfer; m2->m_len += xfer; siz -= xfer; left -= xfer; + if ((nd->nd_flag & ND_EXTPG) != 0) { + nd->nd_bextpgsiz -= xfer; + m2->m_epg_last_len += xfer; + } if (siz == 0 && rem) { if (left < rem) panic("nfsm_strtom"); - NFSBZERO(cp2 + xfer, rem); + NFSBZERO(cp2, rem); m2->m_len += rem; + cp2 += rem; + if ((nd->nd_flag & ND_EXTPG) != 0) { + nd->nd_bextpgsiz -= rem; + m2->m_epg_last_len += rem; + } } } nd->nd_mb = m2; - nd->nd_bpos = mtod(m2, caddr_t) + m2->m_len; + if ((nd->nd_flag & ND_EXTPG) != 0) + nd->nd_bpos = cp2; + else + nd->nd_bpos = mtod(m2, char *) + m2->m_len; return (bytesize); } @@ -4844,4 +4873,35 @@ nfsm_set(struct nfsrv_descript *nd, u_int offs) nd->nd_bextpgsiz = PAGE_SIZE; } else nd->nd_bpos = mtod(m, char *) + offs; +} + +/* + * Grow a ext_pgs mbuf list. Either allocate another page or add + * an mbuf to the list. + */ +struct mbuf * +nfsm_add_ext_pgs(struct mbuf *m, int maxextsiz, int *bextpg) +{ + struct mbuf *mp; + vm_page_t pg; + + if ((m->m_epg_npgs + 1) * PAGE
svn commit: r362917 - head/sys/fs/nfs
Author: rmacklem Date: Sat Jul 4 03:28:13 2020 New Revision: 362917 URL: https://svnweb.freebsd.org/changeset/base/362917 Log: Add support for ext_pgs mbufs to nfscl_reqstart() and nfsm_set(). This is another in the series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. Since ND_EXTPG is never set yet, there is no semantic change at this time. Modified: head/sys/fs/nfs/nfs_commonsubs.c Modified: head/sys/fs/nfs/nfs_commonsubs.c == --- head/sys/fs/nfs/nfs_commonsubs.cSat Jul 4 03:27:51 2020 (r362916) +++ head/sys/fs/nfs/nfs_commonsubs.cSat Jul 4 03:28:13 2020 (r362917) @@ -359,13 +359,19 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, /* * Get the first mbuf for the request. */ - if (nfs_bigrequest[procnum]) - NFSMCLGET(mb, M_WAITOK); - else - NFSMGET(mb); - mb->m_len = 0; - nd->nd_mreq = nd->nd_mb = mb; - nd->nd_bpos = mtod(mb, char *); + if ((nd->nd_flag & ND_EXTPG) != 0) { + mb = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK); + nd->nd_mreq = nd->nd_mb = mb; + nfsm_set(nd, 0); + } else { + if (nfs_bigrequest[procnum]) + NFSMCLGET(mb, M_WAITOK); + else + NFSMGET(mb); + mb->m_len = 0; + nd->nd_mreq = nd->nd_mb = mb; + nd->nd_bpos = mtod(mb, char *); + } /* * And fill the first file handle into the request. @@ -4804,7 +4810,38 @@ void nfsm_set(struct nfsrv_descript *nd, u_int offs) { struct mbuf *m; + int rlen; m = nd->nd_mb; - nd->nd_bpos = mtod(m, char *) + offs; + if ((m->m_flags & M_EXTPG) != 0) { + nd->nd_bextpg = 0; + while (offs > 0) { + if (nd->nd_bextpg == 0) + rlen = m_epg_pagelen(m, 0, m->m_epg_1st_off); + else + rlen = m_epg_pagelen(m, nd->nd_bextpg, 0); + if (offs <= rlen) + break; + offs -= rlen; + nd->nd_bextpg++; + if (nd->nd_bextpg == m->m_epg_npgs) { + printf("nfsm_set: build offs " + "out of range\n"); + nd->nd_bextpg--; + break; + } + } + nd->nd_bpos = (char *)(void *) + PHYS_TO_DMAP(m->m_epg_pa[nd->nd_bextpg]); + if (nd->nd_bextpg == 0) + nd->nd_bpos += m->m_epg_1st_off; + if (offs > 0) { + nd->nd_bpos += offs; + nd->nd_bextpgsiz = rlen - offs; + } else if (nd->nd_bextpg == 0) + nd->nd_bextpgsiz = PAGE_SIZE - m->m_epg_1st_off; + else + nd->nd_bextpgsiz = PAGE_SIZE; + } else + nd->nd_bpos = mtod(m, char *) + offs; } ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362906 - head/sys/fs/nfs
Author: rmacklem Date: Fri Jul 3 05:21:05 2020 New Revision: 362906 URL: https://svnweb.freebsd.org/changeset/base/362906 Log: Fix build breakage caused by r362903. Only pmap.h is needed now, but vm_page.h and vm_pageout.h is needed later, so put them in now. Pointy hat goes on me. Modified: head/sys/fs/nfs/nfsport.h Modified: head/sys/fs/nfs/nfsport.h == --- head/sys/fs/nfs/nfsport.h Fri Jul 3 04:44:23 2020(r362905) +++ head/sys/fs/nfs/nfsport.h Fri Jul 3 05:21:05 2020(r362906) @@ -109,8 +109,11 @@ #include #include #include +#include #include #include +#include +#include #include #include #include "opt_nfs.h" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362903 - head/sys/fs/nfs
Author: rmacklem Date: Fri Jul 3 01:19:29 2020 New Revision: 362903 URL: https://svnweb.freebsd.org/changeset/base/362903 Log: Add support for ext_pgs mbufs to nfsm_build(). This is the first of a series of commits that add support to the NFS client and server for building RPC messages in ext_pgs mbufs with anonymous pages. This is useful so that the entire mbuf list does not need to be copied before calling sosend() when NFS over TLS is enabled. Since ND_EXTPG is never set yet, there is no semantic change at this time. Modified: head/sys/fs/nfs/nfsm_subs.h head/sys/fs/nfs/nfsport.h Modified: head/sys/fs/nfs/nfsm_subs.h == --- head/sys/fs/nfs/nfsm_subs.h Fri Jul 3 00:09:41 2020(r362902) +++ head/sys/fs/nfs/nfsm_subs.h Fri Jul 3 01:19:29 2020(r362903) @@ -64,14 +64,27 @@ nfsm_build(struct nfsrv_descript *nd, int siz) void *retp; struct mbuf *mb2; - if (siz > M_TRAILINGSPACE(nd->nd_mb)) { + if ((nd->nd_flag & ND_EXTPG) == 0 && + siz > M_TRAILINGSPACE(nd->nd_mb)) { NFSMCLGET(mb2, M_NOWAIT); if (siz > MLEN) panic("build > MLEN"); mb2->m_len = 0; - nd->nd_bpos = mtod(mb2, caddr_t); + nd->nd_bpos = mtod(mb2, char *); nd->nd_mb->m_next = mb2; nd->nd_mb = mb2; + } else if ((nd->nd_flag & ND_EXTPG) != 0) { + if (siz > nd->nd_bextpgsiz) { + mb2 = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK); + nd->nd_bpos = (char *)(void *) + PHYS_TO_DMAP(mb2->m_epg_pa[0]); + nd->nd_bextpg = 0; + nd->nd_bextpgsiz = PAGE_SIZE - siz; + nd->nd_mb->m_next = mb2; + nd->nd_mb = mb2; + } else + nd->nd_bextpgsiz -= siz; + nd->nd_mb->m_epg_last_len += siz; } retp = (void *)(nd->nd_bpos); nd->nd_mb->m_len += siz; Modified: head/sys/fs/nfs/nfsport.h == --- head/sys/fs/nfs/nfsport.h Fri Jul 3 00:09:41 2020(r362902) +++ head/sys/fs/nfs/nfsport.h Fri Jul 3 01:19:29 2020(r362903) @@ -109,8 +109,9 @@ #include #include #include -#include #include +#include +#include #include #include "opt_nfs.h" #include "opt_ufs.h" ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362717 - stable/11/usr.sbin/mountd
Author: rmacklem Date: Sun Jun 28 04:08:42 2020 New Revision: 362717 URL: https://svnweb.freebsd.org/changeset/base/362717 Log: MFC: r361854 Fix mountd so that it will not lose SIGHUPs that indicate "reload exports". Without this patch, if a SIGHUP is handled while the process is executing get_exportlist(), that SIGHUP is essentially ignored because the got_sighup variable is reset to 0 after get_exportlist(). This results in the exports file(s) not being reloaded until another SIGHUP signal is sent to mountd. This patch fixes this by resetting got_sighup to zero before the get_exportlist() call while SIGHUP is blocked. It also defines a delay time of 250msec before doing another exports reload if there are RPC request(s) to process. This prevents repeated exports reloads from delaying handling of RPC requests significantly. PR: 246597 Modified: stable/11/usr.sbin/mountd/mountd.c Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/mountd/mountd.c == --- stable/11/usr.sbin/mountd/mountd.c Sun Jun 28 03:28:28 2020 (r362716) +++ stable/11/usr.sbin/mountd/mountd.c Sun Jun 28 04:08:42 2020 (r362717) @@ -182,6 +182,12 @@ struct fhreturn { #defineGETPORT_MAXTRY 20 /* Max tries to get a port # */ +/* + * How long to delay a reload of exports when there are RPC request(s) + * to process, in usec. Must be less than 1second. + */ +#defineRELOADDELAY 25 + /* Global defs */ static char*add_expdir(struct dirlist **, char *, int); static voidadd_dlist(struct dirlist **, struct dirlist *, @@ -408,6 +414,10 @@ main(int argc, char **argv) int maxrec = RPC_MAXDATASIZE; int attempt_cnt, port_len, port_pos, ret; char **port_list; + uint64_t curtime, nexttime; + struct timeval tv; + struct timespec tp; + sigset_t sighup_mask; /* Check that another mountd isn't already running. */ pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid); @@ -663,19 +673,49 @@ main(int argc, char **argv) } /* Expand svc_run() here so that we can call get_exportlist(). */ + curtime = nexttime = 0; + sigemptyset(&sighup_mask); + sigaddset(&sighup_mask, SIGHUP); for (;;) { - if (got_sighup) { - get_exportlist(1); + clock_gettime(CLOCK_MONOTONIC, &tp); + curtime = tp.tv_sec; + curtime = curtime * 100 + tp.tv_nsec / 1000; + sigprocmask(SIG_BLOCK, &sighup_mask, NULL); + if (got_sighup && curtime >= nexttime) { got_sighup = 0; - } + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); + get_exportlist(1); + clock_gettime(CLOCK_MONOTONIC, &tp); + nexttime = tp.tv_sec; + nexttime = nexttime * 100 + tp.tv_nsec / 1000 + + RELOADDELAY; + } else + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); + + /* +* If a reload is pending, poll for received request(s), +* otherwise set a RELOADDELAY timeout, since a SIGHUP +* could be processed between the got_sighup test and +* the select() system call. +*/ + tv.tv_sec = 0; + if (got_sighup) + tv.tv_usec = 0; + else + tv.tv_usec = RELOADDELAY; readfds = svc_fdset; - switch (select(svc_maxfd + 1, &readfds, NULL, NULL, NULL)) { + switch (select(svc_maxfd + 1, &readfds, NULL, NULL, &tv)) { case -1: - if (errno == EINTR) -continue; + if (errno == EINTR) { + /* Allow a reload now. */ + nexttime = 0; + continue; + } syslog(LOG_ERR, "mountd died: select: %m"); exit(1); case 0: + /* Allow a reload now. */ + nexttime = 0; continue; default: svc_getreqset(&readfds); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362713 - stable/12/usr.sbin/mountd
Author: rmacklem Date: Sun Jun 28 01:29:14 2020 New Revision: 362713 URL: https://svnweb.freebsd.org/changeset/base/362713 Log: MFC: r361854 Fix mountd so that it will not lose SIGHUPs that indicate "reload exports". Without this patch, if a SIGHUP is handled while the process is executing get_exportlist(), that SIGHUP is essentially ignored because the got_sighup variable is reset to 0 after get_exportlist(). This results in the exports file(s) not being reloaded until another SIGHUP signal is sent to mountd. This patch fixes this by resetting got_sighup to zero before the get_exportlist() call while SIGHUP is blocked. It also defines a delay time of 250msec before doing another exports reload if there are RPC request(s) to process. This prevents repeated exports reloads from delaying handling of RPC requests significantly. PR: 246597 Modified: stable/12/usr.sbin/mountd/mountd.c Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/mountd/mountd.c == --- stable/12/usr.sbin/mountd/mountd.c Sun Jun 28 00:55:17 2020 (r362712) +++ stable/12/usr.sbin/mountd/mountd.c Sun Jun 28 01:29:14 2020 (r362713) @@ -184,6 +184,12 @@ struct fhreturn { #defineGETPORT_MAXTRY 20 /* Max tries to get a port # */ +/* + * How long to delay a reload of exports when there are RPC request(s) + * to process, in usec. Must be less than 1second. + */ +#defineRELOADDELAY 25 + /* Global defs */ static char*add_expdir(struct dirlist **, char *, int); static voidadd_dlist(struct dirlist **, struct dirlist *, @@ -410,6 +416,10 @@ main(int argc, char **argv) int maxrec = RPC_MAXDATASIZE; int attempt_cnt, port_len, port_pos, ret; char **port_list; + uint64_t curtime, nexttime; + struct timeval tv; + struct timespec tp; + sigset_t sighup_mask; /* Check that another mountd isn't already running. */ pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid); @@ -665,19 +675,49 @@ main(int argc, char **argv) } /* Expand svc_run() here so that we can call get_exportlist(). */ + curtime = nexttime = 0; + sigemptyset(&sighup_mask); + sigaddset(&sighup_mask, SIGHUP); for (;;) { - if (got_sighup) { - get_exportlist(1); + clock_gettime(CLOCK_MONOTONIC, &tp); + curtime = tp.tv_sec; + curtime = curtime * 100 + tp.tv_nsec / 1000; + sigprocmask(SIG_BLOCK, &sighup_mask, NULL); + if (got_sighup && curtime >= nexttime) { got_sighup = 0; - } + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); + get_exportlist(1); + clock_gettime(CLOCK_MONOTONIC, &tp); + nexttime = tp.tv_sec; + nexttime = nexttime * 100 + tp.tv_nsec / 1000 + + RELOADDELAY; + } else + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); + + /* +* If a reload is pending, poll for received request(s), +* otherwise set a RELOADDELAY timeout, since a SIGHUP +* could be processed between the got_sighup test and +* the select() system call. +*/ + tv.tv_sec = 0; + if (got_sighup) + tv.tv_usec = 0; + else + tv.tv_usec = RELOADDELAY; readfds = svc_fdset; - switch (select(svc_maxfd + 1, &readfds, NULL, NULL, NULL)) { + switch (select(svc_maxfd + 1, &readfds, NULL, NULL, &tv)) { case -1: - if (errno == EINTR) -continue; + if (errno == EINTR) { + /* Allow a reload now. */ + nexttime = 0; + continue; + } syslog(LOG_ERR, "mountd died: select: %m"); exit(1); case 0: + /* Allow a reload now. */ + nexttime = 0; continue; default: svc_getreqset(&readfds); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362712 - stable/11/usr.sbin/mountd
Author: rmacklem Date: Sun Jun 28 00:55:17 2020 New Revision: 362712 URL: https://svnweb.freebsd.org/changeset/base/362712 Log: MFC: r361780, r361956 Fix mountd to handle getgrouplist() not returning groups[0] == groups[1]. Prior to r174547, getgrouplist(3) always returned a groups list with element 0 and 1 set to the basegid argument, so long as ngroups was > 1. Post-r174547 this is not the case. r328304 disabled the deduplication that removed the duplicate, but the duplicate still does not occur unless the group for a user in the password database is also entered in the group database. This patch fixes mountd so that it handles the case where a user specified with the -maproot or -mapall exports option has a getgrouplist(3) groups list where groups[0] != groups[1]. Modified: stable/11/usr.sbin/mountd/mountd.c Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/mountd/mountd.c == --- stable/11/usr.sbin/mountd/mountd.c Sun Jun 28 00:29:21 2020 (r362711) +++ stable/11/usr.sbin/mountd/mountd.c Sun Jun 28 00:55:17 2020 (r362712) @@ -3437,10 +3437,18 @@ parsecred(char *namelist, struct xucred *cr) /* * Compress out duplicate. */ - cr->cr_ngroups = ngroups - 1; cr->cr_groups[0] = groups[0]; - for (cnt = 2; cnt < ngroups; cnt++) - cr->cr_groups[cnt - 1] = groups[cnt]; + if (ngroups > 1 && groups[0] == groups[1]) { + cr->cr_ngroups = ngroups - 1; + for (cnt = 2; cnt < ngroups; cnt++) + cr->cr_groups[cnt - 1] = groups[cnt]; + } else { + cr->cr_ngroups = ngroups; + if (cr->cr_ngroups > XU_NGROUPS) + cr->cr_ngroups = XU_NGROUPS; + for (cnt = 1; cnt < cr->cr_ngroups; cnt++) + cr->cr_groups[cnt] = groups[cnt]; + } return; } /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362709 - head/share/man/man9
Author: rmacklem Date: Sat Jun 27 21:37:48 2020 New Revision: 362709 URL: https://svnweb.freebsd.org/changeset/base/362709 Log: Update VFS_CHECKEXP.9 to reflect how it is currently used by the NFS server. Reported by: pluknet Reviewed by: bcr Differential Revision:https://reviews.freebsd.org/D25333 Modified: head/share/man/man9/VFS_CHECKEXP.9 Modified: head/share/man/man9/VFS_CHECKEXP.9 == --- head/share/man/man9/VFS_CHECKEXP.9 Sat Jun 27 20:55:47 2020 (r362708) +++ head/share/man/man9/VFS_CHECKEXP.9 Sat Jun 27 21:37:48 2020 (r362709) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 16, 2020 +.Dd June 17, 2020 .Dt VFS_CHECKEXP 9 .Os .Sh NAME @@ -49,7 +49,7 @@ macro is used by the NFS server to check if a mount po to a client. .Pp The arguments it expects are: -.Bl -tag -width credanonp +.Bl -tag -width numsecflavors .It Fa mp The mount point to be checked. .It Fa nam @@ -71,21 +71,17 @@ macro should be called on a file system's mount struct is exported to a client whose address is contained in .Fa nam . .Pp -It is generally called before -.Xr VFS_FHTOVP 9 -to validate that a client has access to the file system. +It is called in the NFS server once a vnode for a file handle has been +acquired, in order to determine what access the client is allowed on +the file system the vnode resides in. +For NFSv4, it is also called whenever the lookup operation crosses a +server file system mount point, to update the access information. .Pp -The file system should call -.Xr vfs_export_lookup 9 -with the address of an appropriate -.Vt netexport -structure and the address of the client, -.Fa nam , -to verify that the client can access this file system. +The operation is file system specific, but is normally handled by +the default ``vfs_stdcheckexp''. .Sh RETURN VALUES The export flags, anonymous credentials and security flavors specific to the -client (returned by -.Xr vfs_export_lookup 9 ) +client will be returned in .Fa *exflagsp , .Fa *credanonp , ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362641 - head
Author: rmacklem Date: Fri Jun 26 03:18:10 2020 New Revision: 362641 URL: https://svnweb.freebsd.org/changeset/base/362641 Log: Add an entry for r362639. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Fri Jun 26 03:14:30 2020(r362640) +++ head/UPDATING Fri Jun 26 03:18:10 2020(r362641) @@ -26,6 +26,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200625: + r362639 changed the internal API used between the NFS kernel modules. + As such, they all need to be rebuilt from sources. + 20200613: r362158 changed the arguments for VFS_CHECKEXP(). As such, any out of tree file systems need to be modified and rebuilt. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362640 - head/sys/sys
Author: rmacklem Date: Fri Jun 26 03:14:30 2020 New Revision: 362640 URL: https://svnweb.freebsd.org/changeset/base/362640 Log: Bump the version since r362639 changed the internal API between the NFS kernel modules so they must all be rebuilt. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hFri Jun 26 03:11:54 2020(r362639) +++ head/sys/sys/param.hFri Jun 26 03:14:30 2020(r362640) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300099 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300100 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362639 - in head/sys/fs: nfs nfsclient nfsserver
Author: rmacklem Date: Fri Jun 26 03:11:54 2020 New Revision: 362639 URL: https://svnweb.freebsd.org/changeset/base/362639 Log: Add a boolean argument to nfscl_reqstart() to indicate that ext_pgs mbufs should be used. For KERN_TLS (and possibly some other future network interface) the mbuf list passed into sosend() must be ext_pgs mbufs. The krpc could simply copy all the mbuf data into ext_pgs mbufs before calling sosend(), but that would be inefficient for large RPC messages. This patch adds an argument to nfscl_reqstart() to indicate that it should fill the RPC message into ext_pgs mbufs. It also adds fields to "struct nfsrv_descript" needed for building NFS RPC messages in ext_pgs mbufs, along with new flags for this. Since the argument is always "false", this commit should not result in any semantic change. However, this commit prepares the code for future commits that will add support for building of NFS RPC messages in ext_pgs mbufs. Modified: head/sys/fs/nfs/nfs.h head/sys/fs/nfs/nfs_commonsubs.c head/sys/fs/nfs/nfs_var.h head/sys/fs/nfs/nfscl.h head/sys/fs/nfsclient/nfs_clrpcops.c head/sys/fs/nfsserver/nfs_nfsdport.c Modified: head/sys/fs/nfs/nfs.h == --- head/sys/fs/nfs/nfs.h Fri Jun 26 00:58:59 2020(r362638) +++ head/sys/fs/nfs/nfs.h Fri Jun 26 03:11:54 2020(r362639) @@ -670,6 +670,9 @@ struct nfsrv_descript { nfsv4stateid_t nd_savedcurstateid; /* Saved Current StateID */ uint32_tnd_maxreq; /* Max. request (session). */ uint32_tnd_maxresp; /* Max. reply (session). */ + int nd_bextpg; /* Current ext_pgs page */ + int nd_bextpgsiz; /* Bytes left in page */ + int nd_maxextsiz; /* Max ext_pgs mbuf size */ }; #definend_princlen nd_gssnamelen @@ -711,6 +714,13 @@ struct nfsrv_descript { #defineND_SAVEDCURSTATEID 0x1 #defineND_HASSLOTID0x2 #defineND_NFSV42 0x4 +#defineND_EXTPG0x8 +#defineND_TLS 0x10 +#defineND_TLSCERT 0x20 +#defineND_TLSCERTUSER 0x40 +#defineND_EXTLS0x80 +#defineND_EXTLSCERT0x100 +#defineND_EXTLSCERTUSER0x200 /* * ND_GSS should be the "or" of all GSS type authentications. Modified: head/sys/fs/nfs/nfs_commonsubs.c == --- head/sys/fs/nfs/nfs_commonsubs.cFri Jun 26 00:58:59 2020 (r362638) +++ head/sys/fs/nfs/nfs_commonsubs.cFri Jun 26 03:11:54 2020 (r362639) @@ -50,6 +50,8 @@ __FBSDID("$FreeBSD$"); #include +#include + /* * Data items converted to xdr at startup, since they are constant * This is kinda hokey, but may save a little time doing byte swaps @@ -317,7 +319,7 @@ static int nfs_bigrequest[NFSV42_NPROCS] = { void nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp, u_int8_t *nfhp, int fhlen, u_int32_t **opcntpp, struct nfsclsession *sep, -int vers, int minorvers) +int vers, int minorvers, bool use_ext) { struct mbuf *mb; u_int32_t *tl; @@ -350,6 +352,9 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, } nd->nd_procnum = procnum; nd->nd_repstat = 0; + nd->nd_maxextsiz = 16384; + if (use_ext && mb_use_ext_pgs && PMAP_HAS_DMAP != 0) + nd->nd_flag |= ND_EXTPG; /* * Get the first mbuf for the request. @@ -360,7 +365,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, NFSMGET(mb); mb->m_len = 0; nd->nd_mreq = nd->nd_mb = mb; - nd->nd_bpos = mtod(mb, caddr_t); + nd->nd_bpos = mtod(mb, char *); /* * And fill the first file handle into the request. Modified: head/sys/fs/nfs/nfs_var.h == --- head/sys/fs/nfs/nfs_var.h Fri Jun 26 00:58:59 2020(r362638) +++ head/sys/fs/nfs/nfs_var.h Fri Jun 26 03:11:54 2020(r362639) @@ -312,7 +312,7 @@ void nfsrc_trimcache(uint64_t, uint32_t, int); /* nfs_commonsubs.c */ void nfscl_reqstart(struct nfsrv_descript *, int, struct nfsmount *, -u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int); +u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int, bool); void nfsm_stateidtom(struct nfsrv_descript *, nfsv4stateid_t *, int); void nfscl_fillsattr(struct nfsrv_descript *, struct vattr *, vnode_t, int, u_int32_t); Modified: head/sys/fs/nfs/nfscl.h ===
svn commit: r362602 - stable/12/usr.sbin/mountd
Author: rmacklem Date: Thu Jun 25 02:45:49 2020 New Revision: 362602 URL: https://svnweb.freebsd.org/changeset/base/362602 Log: MFC: r361780, r361956 Fix mountd to handle getgrouplist() not returning groups[0] == groups[1]. Prior to r174547, getgrouplist(3) always returned a groups list with element 0 and 1 set to the basegid argument, so long as ngroups was > 1. Post-r174547 this is not the case. r328304 disabled the deduplication that removed the duplicate, but the duplicate still does not occur unless the group for a user in the password database is also entered in the group database. This patch fixes mountd so that it handles the case where a user specified with the -maproot or -mapall exports option has a getgrouplist(3) groups list where groups[0] != groups[1]. Relnotes: yes Modified: stable/12/usr.sbin/mountd/mountd.c Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/mountd/mountd.c == --- stable/12/usr.sbin/mountd/mountd.c Thu Jun 25 02:00:51 2020 (r362601) +++ stable/12/usr.sbin/mountd/mountd.c Thu Jun 25 02:45:49 2020 (r362602) @@ -3434,10 +3434,18 @@ parsecred(char *namelist, struct xucred *cr) /* * Compress out duplicate. */ - cr->cr_ngroups = ngroups - 1; cr->cr_groups[0] = groups[0]; - for (cnt = 2; cnt < ngroups; cnt++) - cr->cr_groups[cnt - 1] = groups[cnt]; + if (ngroups > 1 && groups[0] == groups[1]) { + cr->cr_ngroups = ngroups - 1; + for (cnt = 2; cnt < ngroups; cnt++) + cr->cr_groups[cnt - 1] = groups[cnt]; + } else { + cr->cr_ngroups = ngroups; + if (cr->cr_ngroups > XU_NGROUPS) + cr->cr_ngroups = XU_NGROUPS; + for (cnt = 1; cnt < cr->cr_ngroups; cnt++) + cr->cr_groups[cnt] = groups[cnt]; + } return; } /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362457 - head/sys/rpc
Author: rmacklem Date: Sun Jun 21 02:49:56 2020 New Revision: 362457 URL: https://svnweb.freebsd.org/changeset/base/362457 Log: Fix up a comment added by r362455. Modified: head/sys/rpc/clnt_vc.c Modified: head/sys/rpc/clnt_vc.c == --- head/sys/rpc/clnt_vc.c Sun Jun 21 02:47:37 2020(r362456) +++ head/sys/rpc/clnt_vc.c Sun Jun 21 02:49:56 2020(r362457) @@ -985,7 +985,7 @@ clnt_vc_soupcall(struct socket *so, void *arg, int wai * valid RPC message to parse. * I think it best to close this * connection and allow -* clnt_reconnect_XXX() to try +* clnt_reconnect_call() to try * and establish a new one. */ printf("clnt_vc_soupcall: " ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362455 - head/sys/rpc
Author: rmacklem Date: Sun Jun 21 00:06:04 2020 New Revision: 362455 URL: https://svnweb.freebsd.org/changeset/base/362455 Log: Modify the way the client side krpc does soreceive() for TCP. Without this patch, clnt_vc_soupcall() first does a soreceive() for 4 bytes (the Sun RPC over TCP record mark) and then soreceive(s) for the RPC message. This first soreceive() almost always results in an mbuf allocation, since having the 4byte record mark in a separate mbuf in the socket rcv queue is unlikely. This is somewhat inefficient and rather odd. It also will not work for the ktls rx, since the latter returns a TLS record for each soreceive(). This patch replaces the above with code similar to what the server side of the krpc does for TCP, where it does a soreceive() for as much data as possible and then parses RPC messages out of the received data. A new field of the TCP socket structure called ct_raw is the list of received mbufs that the RPC message(s) are parsed from. I think this results in cleaner code and is needed for support of nfs-over-tls. It also fixes the code for the case where a server sends an RPC message in multiple RPC message fragments. Although this is allowed by RFC5531, no extant NFS server does this. However, it is probably good to fix this in case some future NFS server does do this. Modified: head/sys/rpc/clnt_vc.c head/sys/rpc/krpc.h Modified: head/sys/rpc/clnt_vc.c == --- head/sys/rpc/clnt_vc.c Sat Jun 20 23:48:57 2020(r362454) +++ head/sys/rpc/clnt_vc.c Sun Jun 21 00:06:04 2020(r362455) @@ -269,6 +269,7 @@ clnt_vc_create( soupcall_set(ct->ct_socket, SO_RCV, clnt_vc_soupcall, ct); SOCKBUF_UNLOCK(&ct->ct_socket->so_rcv); + ct->ct_raw = NULL; ct->ct_record = NULL; ct->ct_record_resid = 0; TAILQ_INIT(&ct->ct_pending); @@ -826,6 +827,8 @@ clnt_vc_destroy(CLIENT *cl) soshutdown(so, SHUT_WR); soclose(so); } + m_freem(ct->ct_record); + m_freem(ct->ct_raw); mem_free(ct, sizeof(struct ct_data)); if (cl->cl_netid && cl->cl_netid[0]) mem_free(cl->cl_netid, strlen(cl->cl_netid) +1); @@ -854,122 +857,118 @@ clnt_vc_soupcall(struct socket *so, void *arg, int wai struct ct_request *cr; int error, rcvflag, foundreq; uint32_t xid_plus_direction[2], header; - bool_t do_read; SVCXPRT *xprt; struct cf_conn *cd; + u_int rawlen; - CTASSERT(sizeof(xid_plus_direction) == 2 * sizeof(uint32_t)); + /* +* If another thread is already here, it must be in +* soreceive(), so just return to avoid races with it. +* ct_upcallrefs is protected by the SOCKBUF_LOCK(), +* which is held in this function, except when +* soreceive() is called. +*/ + if (ct->ct_upcallrefs > 0) + return (SU_OK); ct->ct_upcallrefs++; - uio.uio_td = curthread; - do { - /* -* If ct_record_resid is zero, we are waiting for a -* record mark. -*/ - if (ct->ct_record_resid == 0) { + /* +* Read as much as possible off the socket and link it +* onto ct_raw. +*/ + for (;;) { + uio.uio_resid = 10; + uio.uio_td = curthread; + m2 = m = NULL; + rcvflag = MSG_DONTWAIT | MSG_SOCALLBCK; + SOCKBUF_UNLOCK(&so->so_rcv); + error = soreceive(so, NULL, &uio, &m, NULL, &rcvflag); + SOCKBUF_LOCK(&so->so_rcv); + + if (error == EWOULDBLOCK) { /* -* Make sure there is either a whole record -* mark in the buffer or there is some other -* error condition +* We must re-test for readability after +* taking the lock to protect us in the case +* where a new packet arrives on the socket +* after our call to soreceive fails with +* EWOULDBLOCK. */ - do_read = FALSE; - if (sbavail(&so->so_rcv) >= sizeof(uint32_t) - || (so->so_rcv.sb_state & SBS_CANTRCVMORE) - || so->so_error) - do_read = TRUE; - - if (!do_read) + error = 0; + if (!soreadable(so)) break; + continue; + } + if (error == 0 && m == NULL) { + /* +* We must have got EOF trying +* to
svn commit: r362247 - head
Author: rmacklem Date: Tue Jun 16 20:55:22 2020 New Revision: 362247 URL: https://svnweb.freebsd.org/changeset/base/362247 Log: Add an entry for r362158, r362163, which changes struct export_args. Modified: head/RELNOTES Modified: head/RELNOTES == --- head/RELNOTES Tue Jun 16 20:51:28 2020(r362246) +++ head/RELNOTES Tue Jun 16 20:55:22 2020(r362247) @@ -10,6 +10,11 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +r362158, r362163: + struct export_args has changed so that the "user" specified for + the -maproot and -mapall exports(5) options may be in more than + 16 groups. + r361884: sed(1) has learned about hex escapes (e.g. \x27) and will now do the right thing with them, removing the need for printf magic or obnoxious ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362246 - head/share/man/man9
Author: rmacklem Date: Tue Jun 16 20:51:28 2020 New Revision: 362246 URL: https://svnweb.freebsd.org/changeset/base/362246 Log: Update VFS_CHECKEXP.9 for the argument changes done by r362158. The arguments for VFS_CHECKEXP() were changed by r362158. Also, the numsecflavors and secflavors arguments were not documented, so add these as well. This is a content change. Modified: head/share/man/man9/VFS_CHECKEXP.9 Modified: head/share/man/man9/VFS_CHECKEXP.9 == --- head/share/man/man9/VFS_CHECKEXP.9 Tue Jun 16 20:44:51 2020 (r362245) +++ head/share/man/man9/VFS_CHECKEXP.9 Tue Jun 16 20:51:28 2020 (r362246) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 4, 2010 +.Dd June 16, 2020 .Dt VFS_CHECKEXP 9 .Os .Sh NAME @@ -34,7 +34,13 @@ .In sys/param.h .In sys/mount.h .Ft int -.Fn VFS_CHECKEXP "struct mount *mp" "struct sockaddr *nam" "int *exflagsp" "struct ucred **credanonp" +.Fo VFS_CHECKEXP +.Fa "struct mount *mp" +.Fa "struct sockaddr *nam" +.Fa "uint64_t *exflagsp" +.Fa "struct ucred **credanonp" +.Fa "int *numsecflavor" +.Fa "int *secflavors" .Sh DESCRIPTION The .Fn VFS_CHECKEXP @@ -51,6 +57,11 @@ An mbuf containing the network address of the client. Return parameter for the export flags for this client. .It Fa credanonp Return parameter for the anonymous credentials for this client. +.It Fa numsecflavors +Return value for the number of security flavors for this client. +.It Fa secflavors +Must be an array of size MAXSECFLAVORS, in which the security flavors +for this client are returned. .El .Pp The @@ -71,13 +82,15 @@ structure and the address of the client, .Fa nam , to verify that the client can access this file system. .Sh RETURN VALUES -The export flags and anonymous credentials specific to the client (returned -by +The export flags, anonymous credentials and security flavors specific to the +client (returned by .Xr vfs_export_lookup 9 ) will be returned in -.Fa *exflagsp +.Fa *exflagsp , +.Fa *credanonp , +.Fa *numsecflavors and -.Fa *credanonp . +.Fa *secflavors . .Sh SEE ALSO .Xr VFS 9 , .Xr VFS_FHTOVP 9 , ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362215 - head/usr.sbin/mountd
Author: rmacklem Date: Tue Jun 16 02:35:30 2020 New Revision: 362215 URL: https://svnweb.freebsd.org/changeset/base/362215 Log: Make use of the UID_NOBODY and GID_NOGROUP definitions in sys/conf.h. r362214 exposed UID_NOBODY and GID_NOGROUP to userspace, so use them instead of the numbers. Reviewed by: kib Differential Revision:https://reviews.freebsd.org/D25281 Modified: head/usr.sbin/mountd/mountd.c Modified: head/usr.sbin/mountd/mountd.c == --- head/usr.sbin/mountd/mountd.c Tue Jun 16 02:31:22 2020 (r362214) +++ head/usr.sbin/mountd/mountd.c Tue Jun 16 02:35:30 2020 (r362215) @@ -48,6 +48,7 @@ static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5 __FBSDID("$FreeBSD$"); #include +#include #include #include #include @@ -1525,9 +1526,9 @@ get_exportlist_one(int passno) * Set defaults. */ has_host = FALSE; - anon.cr_uid = 65534; + anon.cr_uid = UID_NOBODY; anon.cr_ngroups = 1; - anon.cr_groups[0] = 65533; + anon.cr_groups[0] = GID_NOGROUP; exflags = MNT_EXPORTED; got_nondir = 0; opt_flags = 0; @@ -3456,8 +3457,8 @@ parsecred(char *namelist, struct expcred *cr) /* * Set up the unprivileged user. */ - cr->cr_uid = 65534; - cr->cr_groups[0] = 65533; + cr->cr_uid = UID_NOBODY; + cr->cr_groups[0] = GID_NOGROUP; cr->cr_ngroups = 1; /* * Get the user's password table entry. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362214 - head/sys/sys
Author: rmacklem Date: Tue Jun 16 02:31:22 2020 New Revision: 362214 URL: https://svnweb.freebsd.org/changeset/base/362214 Log: Expose UID_xxx and GID_xxx definitions to userspace. This patch moves the UID_xxx and GID_xxx definitions out of the #ifdef _KERNEL section, so that userspace programs like mountd can use them. There are a couple of userspace programs that do define UID_ROOT, but they do not include sys/conf.h. Since they are defined as the same value, maybe they should be changed to include sys/conf.h. Reviewed by: kib Differential Revision:https:/reviews.freebsd.org/D25281 Modified: head/sys/sys/conf.h Modified: head/sys/sys/conf.h == --- head/sys/sys/conf.h Tue Jun 16 01:11:40 2020(r362213) +++ head/sys/sys/conf.h Tue Jun 16 02:31:22 2020(r362214) @@ -147,6 +147,23 @@ typedef int dumper_hdr_t(struct dumperinfo *di, struct #defineD_TTY 0x0004 #defineD_MEM 0x0008 /* /dev/(k)mem */ +/* Defined uid and gid values. */ +#defineUID_ROOT0 +#defineUID_BIN 3 +#defineUID_UUCP66 +#defineUID_NOBODY 65534 + +#defineGID_WHEEL 0 +#defineGID_KMEM2 +#defineGID_TTY 4 +#defineGID_OPERATOR5 +#defineGID_BIN 7 +#defineGID_GAMES 13 +#defineGID_VIDEO 44 +#defineGID_DIALER 68 +#defineGID_NOGROUP 65533 +#defineGID_NOBODY 65534 + #ifdef _KERNEL #defineD_TYPEMASK 0x @@ -308,22 +325,6 @@ void devfs_clear_cdevpriv(void); ino_t devfs_alloc_cdp_inode(void); void devfs_free_cdp_inode(ino_t ino); - -#defineUID_ROOT0 -#defineUID_BIN 3 -#defineUID_UUCP66 -#defineUID_NOBODY 65534 - -#defineGID_WHEEL 0 -#defineGID_KMEM2 -#defineGID_TTY 4 -#defineGID_OPERATOR5 -#defineGID_BIN 7 -#defineGID_GAMES 13 -#defineGID_VIDEO 44 -#defineGID_DIALER 68 -#defineGID_NOGROUP 65533 -#defineGID_NOBODY 65534 typedef void (*dev_clone_fn)(void *arg, struct ucred *cred, char *name, int namelen, struct cdev **result); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362164 - head/sys/sys
Author: rmacklem Date: Sun Jun 14 01:22:19 2020 New Revision: 362164 URL: https://svnweb.freebsd.org/changeset/base/362164 Log: Oops, r362158 committed a duplicate definition of MAXSECFLAVORS. This patch gets rid of the duplicate. Modified: head/sys/sys/mount.h Modified: head/sys/sys/mount.h == --- head/sys/sys/mount.hSun Jun 14 00:40:00 2020(r362163) +++ head/sys/sys/mount.hSun Jun 14 01:22:19 2020(r362164) @@ -518,7 +518,6 @@ struct o2export_args { /* * Export arguments for local filesystem mount calls. */ -#defineMAXSECFLAVORS 5 struct export_args { uint64_t ex_flags; /* export related flags */ uid_t ex_root;/* mapping for root uid */ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362163 - head/usr.sbin/mountd
Author: rmacklem Date: Sun Jun 14 00:40:00 2020 New Revision: 362163 URL: https://svnweb.freebsd.org/changeset/base/362163 Log: Modify mountd to use the new struct export_args committed by r362158. r362158 modified struct export_args for make the ex_flags field 64bits and also changed the anonymous credentials to allow more than 16 groups. This patch fixes mountd.c to use the new structure. It does allocate larger exportlist and grouplist structures now. That will be fixed in a future commit. The only visible change will be that the credentials provided for the -maproot and -mapall exports options can now have more than 16 groups. Reviewed by: kib, freqlabs Relnotes: yes Differential Revision:https://reviews.freebsd.org/D25088 Modified: head/usr.sbin/mountd/mountd.c Modified: head/usr.sbin/mountd/mountd.c == --- head/usr.sbin/mountd/mountd.c Sun Jun 14 00:23:06 2020 (r362162) +++ head/usr.sbin/mountd/mountd.c Sun Jun 14 00:40:00 2020 (r362163) @@ -112,6 +112,15 @@ struct dirlist { #defineDP_DEFSET 0x1 #define DP_HOSTSET 0x2 +/* + * maproot/mapall credentials. + */ +struct expcred { + uid_t cr_uid; + int cr_ngroups; + gid_t cr_groups[NGROUPS_MAX + 1]; +}; + struct exportlist { struct dirlist *ex_dirl; struct dirlist *ex_defdir; @@ -120,8 +129,8 @@ struct exportlist { fsid_t ex_fs; char*ex_fsdir; char*ex_indexfile; - struct xucred ex_defanon; - int ex_defexflags; + struct expcred ex_defanon; + uint64_tex_defexflags; int ex_numsecflavors; int ex_secflavors[MAXSECFLAVORS]; int ex_defnumsecflavors; @@ -152,8 +161,8 @@ struct grouplist { int gr_type; union grouptypes gr_ptr; struct grouplist *gr_next; - struct xucred gr_anon; - int gr_exflags; + struct expcred gr_anon; + uint64_t gr_exflags; int gr_flag; int gr_numsecflavors; int gr_secflavors[MAXSECFLAVORS]; @@ -194,7 +203,7 @@ struct fhreturn { static char*add_expdir(struct dirlist **, char *, int); static voidadd_dlist(struct dirlist **, struct dirlist *, struct grouplist *, int, struct exportlist *, - struct xucred *, int); + struct expcred *, uint64_t); static voidadd_mlist(char *, char *); static int check_dirpath(char *); static int check_options(struct dirlist *); @@ -208,10 +217,10 @@ static void clearout_service(void); static voiddel_mlist(char *hostp, char *dirp); static struct dirlist *dirp_search(struct dirlist *, char *); static int do_export_mount(struct exportlist *, struct statfs *); -static int do_mount(struct exportlist *, struct grouplist *, int, - struct xucred *, char *, int, struct statfs *, int, int *); +static int do_mount(struct exportlist *, struct grouplist *, uint64_t, + struct expcred *, char *, int, struct statfs *, int, int *); static int do_opt(char **, char **, struct exportlist *, - struct grouplist *, int *, int *, struct xucred *); + struct grouplist *, int *, uint64_t *, struct expcred *); static struct exportlist *ex_search(fsid_t *, struct exportlisthead *); static struct exportlist *get_exp(void); static voidfree_dir(struct dirlist *); @@ -226,7 +235,7 @@ static void free_exports(struct exportlisthead *); static voidread_exportfile(int); static int compare_nmount_exportlist(struct iovec *, int, char *); static int compare_export(struct exportlist *, struct exportlist *); -static int compare_cred(struct xucred *, struct xucred *); +static int compare_cred(struct expcred *, struct expcred *); static int compare_secflavor(int *, int *, int); static voiddelete_export(struct iovec *, int, struct statfs *, char *); static int get_host(char *, struct grouplist *, struct grouplist *); @@ -237,13 +246,13 @@ static intget_net(char *, struct netmsk *, int); static voidgetexp_err(struct exportlist *, struct grouplist *, const char *); static struct grouplist*get_grp(void); static voidhang_dirp(struct dirlist *, struct grouplist *, - struct exportlist *, int, struct xucred *, int); + struct exportlist *, int, struct expcred *, uint64_t); static voidhuphandler(int sig); static int makemask(struct sockaddr_storage *ssp, int bitlen); static voidmntsrv(struct svc_req *, SVCXPRT *); static voidnextfield(char **, char **); static voidout_of_mem(void); -static voidparsecred(char *, struct xucred *); +static voidparsecred(char *, struct expcre
svn commit: r362160 - head
Author: rmacklem Date: Sun Jun 14 00:15:44 2020 New Revision: 362160 URL: https://svnweb.freebsd.org/changeset/base/362160 Log: Add an entry to UPDATING for r362158. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Sun Jun 14 00:12:29 2020(r362159) +++ head/UPDATING Sun Jun 14 00:15:44 2020(r362160) @@ -26,6 +26,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200613: + r362158 changed the arguments for VFS_CHECKEXP(). As such, any + out of tree file systems need to be modified and rebuilt. + Also, any file systems that are modules must be rebuilt. + 20200604: read(2) of a directory fd is now rejected by default. root may re-enable it for system root only on non-ZFS filesystems with the ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r362159 - head/sys/sys
Author: rmacklem Date: Sun Jun 14 00:12:29 2020 New Revision: 362159 URL: https://svnweb.freebsd.org/changeset/base/362159 Log: Version bump for r362158, since the arguments for vfs_checkexp() changed. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hSun Jun 14 00:10:18 2020(r362158) +++ head/sys/sys/param.hSun Jun 14 00:12:29 2020(r362159) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300097 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300098 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"