svn commit: r368710 - head/libexec/rc/rc.d
Author: rmacklem Date: Thu Dec 17 00:20:57 2020 New Revision: 368710 URL: https://svnweb.freebsd.org/changeset/base/368710 Log: Make mountcritremote dependent upon nfscbd. Although it is not often needed, the nfscbd(8) should be running when NFSv4 mounts are done if callback functionality is required. Callback functionality is required for the NFSv4 server to issue delegations or pNFS layouts. This patch adds nfscbd to the mountcritremote's REQUIRED line to ensure it is started before NFS mounts specified in /etc/fstab are done. Reviewed by: 0mp Differential Revision:https://reviews.freebsd.org/D27506 Modified: head/libexec/rc/rc.d/mountcritremote Modified: head/libexec/rc/rc.d/mountcritremote == --- head/libexec/rc/rc.d/mountcritremoteThu Dec 17 00:00:21 2020 (r368709) +++ head/libexec/rc/rc.d/mountcritremoteThu Dec 17 00:20:57 2020 (r368710) @@ -4,7 +4,7 @@ # # PROVIDE: mountcritremote -# REQUIRE: NETWORKING FILESYSTEMS ipsec netwait +# REQUIRE: NETWORKING FILESYSTEMS ipsec netwait nfscbd # KEYWORD: nojail . /etc/rc.subr ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r368268 - head/sbin/mount_nfs
Author: rmacklem Date: Tue Dec 1 23:33:10 2020 New Revision: 368268 URL: https://svnweb.freebsd.org/changeset/base/368268 Log: Improve man page for AmazonEFS mounts. PR#250770 was actually just a misunderstanding of what NFS mount options are needed for AmazonEFS mounts. This patch attempts to clarify the manpage to clarify this. This is a content change. PR: 250770 Reviewed by: bcr MFC after:1 week Differential Revision:https://reviews.freebsd.org/D27430 Modified: head/sbin/mount_nfs/mount_nfs.8 Modified: head/sbin/mount_nfs/mount_nfs.8 == --- head/sbin/mount_nfs/mount_nfs.8 Tue Dec 1 23:25:21 2020 (r368267) +++ head/sbin/mount_nfs/mount_nfs.8 Tue Dec 1 23:33:10 2020 (r368268) @@ -28,7 +28,7 @@ .\"@(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 .\" $FreeBSD$ .\" -.Dd November 20, 2020 +.Dd November 30, 2020 .Dt MOUNT_NFS 8 .Os .Sh NAME @@ -217,9 +217,18 @@ Make a minor version 1 or 2 of the NFS Version 4 proto OpenOwner for all Opens. This may be useful for a server with a very low limit on OpenOwners, such as AmazonEFS. -It ca only be used with an NFSv4.1 or NFSv4.2 mount. +This option cannot be used for an NFS Version 4, minor version 0 mount. +As such, this option requires the +.Cm minorversion +option be specified with a value of 1 for AmazonEFS, because AmazonEFS does +not support minor version 2 at this time. It may not work correctly when Delegations are being issued by a server, but note that the AmazonEFS server does not issued delegations at this time. +This option is only meaningful when used with the +.Cm nfsv4 +and +.Cm minorversion +options. .It Cm pnfs Enable support for parallel NFS (pNFS) for minor version 1 or 2 of the NFS Version 4 protocol. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r367913 - head/sbin/mount_nfs
Author: rmacklem Date: Fri Nov 20 22:29:38 2020 New Revision: 367913 URL: https://svnweb.freebsd.org/changeset/base/367913 Log: Document the new "tls" NFS mount option. Recent commits to head have added support for NFS over TLS to the FreeBSD kernel. To enable use of this for an NFS mount, the "tls" mount_nfs option has been added. Once the IETF has assigned an RFC number, I will replace "" with the number. This is a content change. Reviewed by: gbe Differential Revision:https://reviews.freebsd.org/D26262 Modified: head/sbin/mount_nfs/mount_nfs.8 Modified: head/sbin/mount_nfs/mount_nfs.8 == --- head/sbin/mount_nfs/mount_nfs.8 Fri Nov 20 22:14:51 2020 (r367912) +++ head/sbin/mount_nfs/mount_nfs.8 Fri Nov 20 22:29:38 2020 (r367913) @@ -28,7 +28,7 @@ .\"@(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 .\" $FreeBSD$ .\" -.Dd December 14, 2019 +.Dd November 20, 2020 .Dt MOUNT_NFS 8 .Os .Sh NAME @@ -403,6 +403,12 @@ interval.) .It Cm timeo Ns = Ns Aq Ar value Alias for .Cm timeout . +.It Cm tls +This option specifies that the connection to the server must use TLS +per RFC . +TLS is only supported for TCP connections and the +.Xr rpc.tlsclntd 8 +daemon must be running for an NFS over TCP connection to use TLS. .It Cm udp Use UDP transport. .It Cm vers Ns = Ns Aq Ar vers_number @@ -537,6 +543,7 @@ Same as .Xr mount 8 , .Xr nfsd 8 , .Xr nfsiod 8 , +.Xr rpc.tlsclntd 8 , .Xr showmount 8 .Sh HISTORY A version of the ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r367912 - head/usr.sbin/mountd
Author: rmacklem Date: Fri Nov 20 22:14:51 2020 New Revision: 367912 URL: https://svnweb.freebsd.org/changeset/base/367912 Log: Update man page for new TLS export options. NFS over TLS uses three new export options, added by r364979. This patch updates the exports.5 man page for these new options. Once assigned by IETF, "" will be replaced with the RFC number. This is a content change. Reviewed by: gbe Differential Revision:https://review.freebsd.org/D26241 Modified: head/usr.sbin/mountd/exports.5 Modified: head/usr.sbin/mountd/exports.5 == --- head/usr.sbin/mountd/exports.5 Fri Nov 20 20:22:01 2020 (r367911) +++ head/usr.sbin/mountd/exports.5 Fri Nov 20 22:14:51 2020 (r367912) @@ -28,7 +28,7 @@ .\" @(#)exports.5 8.3 (Berkeley) 3/29/95 .\" $FreeBSD$ .\" -.Dd February 11, 2019 +.Dd November 20, 2020 .Dt EXPORTS 5 .Os .Sh NAME @@ -117,9 +117,13 @@ exported to the host set. The option flags specify whether the file system is exported read-only or read-write and how the client UID is mapped to user credentials on the server. -For the NFSv4 tree root, the only option that can be specified in this -section is -.Fl sec . +For the NFSv4 tree root, the only options that can be specified in this +section are ones related to security: +.Fl sec , +.Fl tls , +.Fl tlscert +and +.Fl tlscertuser . .Pp Export options are specified as follows: .Pp @@ -241,6 +245,48 @@ or .Fl webnfs flags. .Pp +The +.Fl tls , +.Fl tlscert +and +.Fl tlscertuser +export options are used to require the client to use TLS for the mount(s) +per RFC . +For NFS mounts using TLS to work, +.Xr rpc.tlsservd 8 +must be running on the server. +.Bd -filled -offset indent +.Fl tls +requires that the client use TLS. +.br +.Fl tlscert +requires that the client use TLS and provide a verifiable X.509 certificate +during TLS handshake. +.br +.Fl tlscertuser +requires that the client use TLS and provide a verifiable X.509 certificate. +The otherName component of the certificate's subjAltName must have a +an OID of 1.3.6.1.4.1.2238.1.1.1 and a UTF8 string of the form +.Dq user@domain . +.Dq user@domain +will be translated to the credentials of the specified user in the same +manner as +.Xr nfsuserd 8 , +where +.Dq user +is normally a username is the server's password database and +.Dq domain +is the DNS domain name for the server. +All RPCs will be performed using these credentials instead of the +ones in the RPC header in a manner similar to +.Sm off +.Fl mapall Li = Sy user . +.Sm on +.Ed +.Pp +If none of these three flags are specified, TLS mounts are permitted but +not required. +.Pp Specifying the .Fl quiet option will inhibit some of the syslog diagnostics for bad lines in @@ -541,7 +587,15 @@ afterwards, whereas NFSv3 rejects the mount request. .Xr netgroup 5 , .Xr mountd 8 , .Xr nfsd 8 , +.Xr rpc.tlsservd 8 , .Xr showmount 8 +.Sh STANDARDS +The implementation is based on the specification in +.Rs +.%T "Network File System Protocol Specification, Appendix A, RFC 1094" +.%T "NFS: Network File System Version 3, Appendix I, RFC 1813" +.%T "Towards Remote Procedure Call Encryption By Default, RFC " +.Re .Sh BUGS The export options are tied to the local mount points in the kernel and must be non-contradictory for any exported subdirectory of the local ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r367661 - head
Author: rmacklem Date: Sat Nov 14 01:55:02 2020 New Revision: 367661 URL: https://svnweb.freebsd.org/changeset/base/367661 Log: Add a entry for r367660. Modified: head/RELNOTES Modified: head/RELNOTES == --- head/RELNOTES Sat Nov 14 01:49:49 2020(r367660) +++ head/RELNOTES Sat Nov 14 01:55:02 2020(r367661) @@ -10,6 +10,16 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +r367660: + Fixes the case where gssd will not startup because /usr is a separate + local file system that is not yet mounted. It does not fix the case + where /usr is a separately mounted remote file system (such as NFS). + This latter case can be fixed by adding mountcritremote to the + REQUIRED line. Unfortunately doing so implies that all Kerberized + NFS mounts in /etc/fstab will need the "late" mount option. + This was not done, since the requirement for "late" would introduce + a POLA violation. + r367423: This commit added a new startup scripts variable called nfsv4_server_only which uses the -R option on mountd added by r367026. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r367660 - head/libexec/rc/rc.d
Author: rmacklem Date: Sat Nov 14 01:49:49 2020 New Revision: 367660 URL: https://svnweb.freebsd.org/changeset/base/367660 Log: Fix startup of gssd when /usr is a separately mounted local file system. meowth...@gmail.com reported that the gssd daemon was not starting, because /etc/rc.d/gssd was executed before his local /usr file system was mounted. He fixed the problem by adding mountcritlocal to the REQUIRED line. This fix seems safe and works for a separately mounted /usr file system on a local disk. The case of a separately mounted remote /usr file system (such as NFS) is still broken, but there is no obvious solution for that. Adding mountcritremote would fix the problem, but it would cause a POLA violation, because all kerberized NFS mounts in /etc/fstab would need the "late" option specified to work. Submitted by: meowth...@gmail.com Reported by: meowth...@gmail.com Reviewed by: 0mp MFC after:2 weeks Relnotes: yes Differential Revision:https://reviews.freebsd.org/D27203 Modified: head/libexec/rc/rc.d/gssd Modified: head/libexec/rc/rc.d/gssd == --- head/libexec/rc/rc.d/gssd Sat Nov 14 01:45:34 2020(r367659) +++ head/libexec/rc/rc.d/gssd Sat Nov 14 01:49:49 2020(r367660) @@ -4,7 +4,7 @@ # # PROVIDE: gssd -# REQUIRE: root +# REQUIRE: root mountcritlocal # KEYWORD: nojail shutdown . /etc/rc.subr ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r367658 - head
Author: rmacklem Date: Sat Nov 14 01:39:27 2020 New Revision: 367658 URL: https://svnweb.freebsd.org/changeset/base/367658 Log: Add an entry for r367026, r367423. Modified: head/RELNOTES Modified: head/RELNOTES == --- head/RELNOTES Sat Nov 14 01:28:04 2020(r367657) +++ head/RELNOTES Sat Nov 14 01:39:27 2020(r367658) @@ -10,6 +10,14 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +r367423: + This commit added a new startup scripts variable called + nfsv4_server_only which uses the -R option on mountd added by r367026. + When nfsv4_server_only is set to "YES" in /etc/rc.conf, the NFS server + only handles NFSv4 and does not register with rpcbind. As such, rpcbind + does not need to be running. Useful for sites which consider rpcbind a + security issue. + r366267: Kernel option ACPI_DMAR was renamed to IOMMU. amd64's IOMMU subsystem was split out from amd64 DMAR support and is now generic, i.e., it can ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r367423 - in head/libexec/rc: . rc.d
Author: rmacklem
Date: Fri Nov 6 16:33:42 2020
New Revision: 367423
URL: https://svnweb.freebsd.org/changeset/base/367423
Log:
Add support for the new mountd -R option.
r376026 added a new "-R" option to mountd, which tells it to
not support the Mount protocol (not used by NFSv4) and not
register with rpcbind.
Rpcbind is considered a security issue by some sites now.
This patch adds a new yes/no variable called nfsv4_server_only.
When that is set, make vfs.nfsd.server_min_vers=4 and set "=R"
for mountd.
Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind.
While here, add a check for "load_kld nfsd" failing to nfsd.
Reviewed by: 0mp
MFC after:2 weeks
Differential Revision:https://reviews.freebsd.org/D26938
Modified:
head/libexec/rc/rc.conf
head/libexec/rc/rc.d/mountd
head/libexec/rc/rc.d/nfsd
Modified: head/libexec/rc/rc.conf
==
--- head/libexec/rc/rc.conf Fri Nov 6 16:12:06 2020(r367422)
+++ head/libexec/rc/rc.conf Fri Nov 6 16:33:42 2020(r367423)
@@ -380,6 +380,7 @@ rpc_ypupdated_enable="NO" # Run if NIS master and Secu
keyserv_enable="NO"# Run the SecureRPC keyserver (or NO).
keyserv_flags="" # Flags to keyserv (if enabled).
nfsv4_server_enable="NO" # Enable support for NFSv4
+nfsv4_server_only="NO" # Set NFS server to NFSv4 only
nfscbd_enable="NO" # NFSv4 client side callback daemon
nfscbd_flags=""# Flags for nfscbd
nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon
Modified: head/libexec/rc/rc.d/mountd
==
--- head/libexec/rc/rc.d/mountd Fri Nov 6 16:12:06 2020(r367422)
+++ head/libexec/rc/rc.d/mountd Fri Nov 6 16:33:42 2020(r367423)
@@ -20,13 +20,33 @@ extra_commands="reload"
mountd_precmd()
{
- force_depend rpcbind || return 1
+ # Load the modules now, so that the vfs.nfsd sysctl
+ # oids are available.
+ load_kld nfsd || return 1
+
+ # Do not force rpcbind to be running for an NFSv4 only server.
+ #
+ if checkyesno nfsv4_server_only; then
+ echo 'NFSv4 only server'
+ sysctl vfs.nfsd.server_min_nfsvers=4 > /dev/null
+ sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
+ rc_flags="${rc_flags} -R"
+ else
+ force_depend rpcbind || return 1
+ fi
+
# mountd flags will differ depending on rc.conf settings
#
- if checkyesno nfs_server_enable ; then
+ if checkyesno nfs_server_enable || checkyesno nfsv4_server_only; then
if checkyesno weak_mountd_authentication; then
- rc_flags="${mountd_flags} -n"
+ if checkyesno nfsv4_server_only; then
+ echo -n 'weak_mountd_authentication '
+ echo -n 'incompatible with nfsv4_server_only, '
+ echo 'ignored'
+ else
+ rc_flags="${rc_flags} -n"
+ fi
fi
else
if checkyesno mountd_enable; then
Modified: head/libexec/rc/rc.d/nfsd
==
--- head/libexec/rc/rc.d/nfsd Fri Nov 6 16:12:06 2020(r367422)
+++ head/libexec/rc/rc.d/nfsd Fri Nov 6 16:33:42 2020(r367423)
@@ -26,7 +26,7 @@ nfsd_precmd()
# Load the modules now, so that the vfs.nfsd sysctl
# oids are available.
- load_kld nfsd
+ load_kld nfsd || return 1
if checkyesno nfs_reserved_port_only; then
echo 'NFS on reserved port only=YES'
@@ -41,12 +41,15 @@ nfsd_precmd()
if checkyesno nfsv4_server_enable; then
sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
- else
+ elif ! checkyesno nfsv4_server_only; then
echo 'NFSv4 is disabled'
sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null
fi
- force_depend rpcbind || return 1
+ if ! checkyesno nfsv4_server_only; then
+ force_depend rpcbind || return 1
+ fi
+
force_depend mountd || return 1
if [ -n "${nfs_server_vhost}" ]; then
command_args="-V \"${nfs_server_vhost}\""
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r367027 - head/usr.sbin/mountd
Author: rmacklem Date: Sat Oct 24 22:52:29 2020 New Revision: 367027 URL: https://svnweb.freebsd.org/changeset/base/367027 Log: Update man page for -R option added by r376026. This is a content change. Reviewed by: bcr MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D26746 Modified: head/usr.sbin/mountd/mountd.8 Modified: head/usr.sbin/mountd/mountd.8 == --- head/usr.sbin/mountd/mountd.8 Sat Oct 24 22:48:28 2020 (r367026) +++ head/usr.sbin/mountd/mountd.8 Sat Oct 24 22:52:29 2020 (r367027) @@ -28,7 +28,7 @@ .\" @(#)mountd.8 8.4 (Berkeley) 4/28/95 .\" $FreeBSD$ .\" -.Dd August 1, 2019 +.Dd October 11, 2020 .Dt MOUNTD 8 .Os .Sh NAME @@ -38,7 +38,7 @@ mount requests .Sh SYNOPSIS .Nm -.Op Fl 2delnrS +.Op Fl 2delnRrS .Op Fl h Ar bindip .Op Fl p Ar port .Op Ar exportsfile ... @@ -112,6 +112,17 @@ If .Nm cannot bind to this port, an appropriate error will be recorded in the system log, and the daemon will then exit. +.It Fl R +Do not support the Mount protocol and do not register with +.Xr rpcbind 8 . +This can be done for NFSv4 only servers, since the Mount protocol is not +used by NFSv4. +Useful for NFSv4 only servers that do not wish to run +.Xr rpcbind 8 . +.Xr showmount 8 +will not work, however since NFSv4 mounts are not shown by +.Xr showmount 8 , +this should not be an issue for an NFSv4 only server. .It Fl r Allow mount RPCs requests for regular files to be served. Although this seems to violate the mount protocol specification, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r367026 - head/usr.sbin/mountd
Author: rmacklem
Date: Sat Oct 24 22:48:28 2020
New Revision: 367026
URL: https://svnweb.freebsd.org/changeset/base/367026
Log:
Add "-R" option to tell mountd to not register with rpcbind.
rpcbind is now considered a security risk for some sites.
Since an NFSv4 only NFS server does not need rpcbind,
it makes sense to have an option that implements this.
This patch adds a "-R" option that disables the Mount
protocol (not used by NFSv4) and does not register
with rpcbind.
Changes are required to /etc/rc.d/mountd and /etc/rc.d/nfsd.
Those will be in a separate commit.
Reviewed by: freqlabs, asomers
MFC after:2 weeks
Differential Revision:https://reviews.freebsd.org/D26746
Modified:
head/usr.sbin/mountd/mountd.c
Modified: head/usr.sbin/mountd/mountd.c
==
--- head/usr.sbin/mountd/mountd.c Sat Oct 24 22:36:20 2020
(r367025)
+++ head/usr.sbin/mountd/mountd.c Sat Oct 24 22:48:28 2020
(r367026)
@@ -427,8 +427,10 @@ main(int argc, char **argv)
uint64_t curtime, nexttime;
struct timeval tv;
struct timespec tp;
- sigset_t sighup_mask;
+ sigset_t sig_mask, sighup_mask;
+ int enable_rpcbind;
+ enable_rpcbind = 1;
/* Check that another mountd isn't already running. */
pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
if (pfh == NULL) {
@@ -443,7 +445,7 @@ main(int argc, char **argv)
else
close(s);
- while ((c = getopt(argc, argv, "2deh:lnp:rS")) != -1)
+ while ((c = getopt(argc, argv, "2deh:lnp:RrS")) != -1)
switch (c) {
case '2':
force_v2 = 1;
@@ -454,6 +456,10 @@ main(int argc, char **argv)
case 'n':
resvport_only = 0;
break;
+ case 'R':
+ /* Do not support Mount protocol */
+ enable_rpcbind = 0;
+ break;
case 'r':
dir_only = 0;
break;
@@ -498,6 +504,21 @@ main(int argc, char **argv)
default:
usage();
}
+ if (enable_rpcbind == 0) {
+ if (svcport_str != NULL) {
+ warnx("-p option not compatible with -R, ignored");
+ free(svcport_str);
+ svcport_str = NULL;
+ }
+ if (nhosts > 0) {
+ warnx("-h option not compatible with -R, ignored");
+ for (k = 0; k < nhosts; k++)
+ free(hosts[k]);
+ free(hosts);
+ hosts = NULL;
+ nhosts = 0;
+ }
+ }
if (modfind("nfsd") < 0) {
/* Not present in kernel, try loading it */
@@ -531,58 +552,61 @@ main(int argc, char **argv)
pidfile_write(pfh);
- rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
- rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
- rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
+ if (enable_rpcbind != 0) {
+ rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
+ rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
+ rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
- if (!resvport_only) {
- if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL,
- &resvport_only, sizeof(resvport_only)) != 0 &&
- errno != ENOENT) {
- syslog(LOG_ERR, "sysctl: %m");
- exit(1);
+ if (!resvport_only) {
+ if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL,
+ &resvport_only, sizeof(resvport_only)) != 0 &&
+ errno != ENOENT) {
+ syslog(LOG_ERR, "sysctl: %m");
+ exit(1);
+ }
}
- }
- /*
-* If no hosts were specified, add a wildcard entry to bind to
-* INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the
-* list.
-*/
- if (nhosts == 0) {
- hosts = malloc(sizeof(char *));
- if (hosts == NULL)
- out_of_mem();
- hosts[0] = "*";
- nhosts = 1;
- } else {
- hosts_bak = hosts;
- if (have_v6) {
- hosts_bak = realloc(hosts, (nhosts + 2) *
- sizeof(char *));
- if (hosts_bak == NULL) {
- for (k = 0; k < nhosts; k++)
- free(hosts[k]);
- free(hosts);
- out_of_
svn commit: r366595 - head/usr.sbin/mountd
Author: rmacklem
Date: Sat Oct 10 00:01:40 2020
New Revision: 366595
URL: https://svnweb.freebsd.org/changeset/base/366595
Log:
Modify mountd.c so that it does not always malloc 4K for the map credentials.
r362163 upgraded mountd so that it could handle MAX_NGROUPS
groups for the anonymous user credentials (the ones provided by
-maproot and -mapall exports options).
The problem is that this resulted in every export structure growing by
about 4Kbytes, because the cr_groups field went from 16->MAX_NGROUPS.
This patch fixes this by only including a small 32 element cr_groups in the
structure and then malloc()'ng cr_groups when a larger one is needed.
The value of SMALLNGROUPS is arbitrarily set to 32, assuming most users
used by -maproot or -mapall will be in <= 32 groups.
Reviewed by: kib, freqlabs
Differential Revision:https://reviews.freebsd.org/D26521
Modified:
head/usr.sbin/mountd/mountd.c
Modified: head/usr.sbin/mountd/mountd.c
==
--- head/usr.sbin/mountd/mountd.c Fri Oct 9 23:49:42 2020
(r366594)
+++ head/usr.sbin/mountd/mountd.c Sat Oct 10 00:01:40 2020
(r366595)
@@ -115,11 +115,15 @@ struct dirlist {
/*
* maproot/mapall credentials.
+ * cr_smallgrps can be used for a group list up to SMALLNGROUPS in size.
+ * Larger group lists are malloc'd/free'd.
*/
+#defineSMALLNGROUPS32
struct expcred {
uid_t cr_uid;
int cr_ngroups;
- gid_t cr_groups[NGROUPS_MAX + 1];
+ gid_t cr_smallgrps[SMALLNGROUPS];
+ gid_t *cr_groups;
};
struct exportlist {
@@ -1514,6 +1518,7 @@ get_exportlist_one(int passno)
uint64_t exflags;
v4root_phase = 0;
+ anon.cr_groups = NULL;
dirhead = (struct dirlist *)NULL;
while (get_line()) {
if (debug)
@@ -1527,6 +1532,7 @@ get_exportlist_one(int passno)
* Set defaults.
*/
has_host = FALSE;
+ anon.cr_groups = anon.cr_smallgrps;
anon.cr_uid = UID_NOBODY;
anon.cr_ngroups = 1;
anon.cr_groups[0] = GID_NOGROUP;
@@ -1822,6 +1828,10 @@ nextline:
free_dir(dirhead);
dirhead = (struct dirlist *)NULL;
}
+ if (anon.cr_groups != anon.cr_smallgrps) {
+ free(anon.cr_groups);
+ anon.cr_groups = NULL;
+ }
}
}
@@ -2905,6 +2915,8 @@ free_exp(struct exportlist *ep)
grp = grp->gr_next;
free_grp(tgrp);
}
+ if (ep->ex_defanon.cr_groups != ep->ex_defanon.cr_smallgrps)
+ free(ep->ex_defanon.cr_groups);
free((caddr_t)ep);
}
@@ -3457,14 +3469,17 @@ static void
parsecred(char *namelist, struct expcred *cr)
{
char *name;
- int cnt;
+ int inpos;
char *names;
struct passwd *pw;
struct group *gr;
+ gid_t groups[NGROUPS_MAX + 1];
+ int ngroups;
/*
* Set up the unprivileged user.
*/
+ cr->cr_groups = cr->cr_smallgrps;
cr->cr_uid = UID_NOBODY;
cr->cr_groups[0] = GID_NOGROUP;
cr->cr_ngroups = 1;
@@ -3487,24 +3502,28 @@ parsecred(char *namelist, struct expcred *cr)
return;
}
cr->cr_uid = pw->pw_uid;
- cr->cr_ngroups = NGROUPS_MAX + 1;
- if (getgrouplist(pw->pw_name, pw->pw_gid, cr->cr_groups,
- &cr->cr_ngroups)) {
+ ngroups = NGROUPS_MAX + 1;
+ if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) {
syslog(LOG_ERR, "too many groups");
- cr->cr_ngroups = NGROUPS_MAX + 1;
+ ngroups = NGROUPS_MAX + 1;
}
/*
* Compress out duplicate.
*/
- if (cr->cr_ngroups > 1 && cr->cr_groups[0] ==
- cr->cr_groups[1]) {
- for (cnt = 2; cnt < cr->cr_ngroups; cnt++)
- cr->cr_groups[cnt - 1] = cr->cr_groups[cnt];
- cr->cr_ngroups--;
- }
- if (cr->cr_ngroups > NGROUPS_MAX)
- cr->cr_ngroups = NGROUPS_MAX;
+ if (ngroups > 1 && groups[0] == groups[1]) {
+ ngroups--;
+ inpos = 2;
+ } else
+ inpos = 1;
+ if (ngroups > NGROUPS_MAX)
+ ngroups = NGROUPS_MAX;
+ if (ngroups > SMALLNGROUPS)
+ cr->cr_groups = malloc(ngroups * sizeof(gid_t));
+ cr->cr_ngroups = ngroups;
+ cr->cr_groups[0] = groups[0];
+
svn commit: r366557 - head/sys/kern
Author: rmacklem
Date: Fri Oct 9 01:04:28 2020
New Revision: 366557
URL: https://svnweb.freebsd.org/changeset/base/366557
Log:
Make vn_generic_copy_file_range() interruptible via a signal.
Without this patch, when vn_generic_copy_file_range() is
doing a large copy, it will remain in the function for a
considerable amount of time, delaying handling of any
outstanding signals until the copy completes.
This patch adds checks for signals that need to be
processed after each successful data copy cycle.
When sig_intr() returns non-zero, vn_generic_copy_file_range()
will return.
The check "if (len < savlen)" ensures that some data
has been copied, so that progress will be made.
Note that, since copy_file_range(2) is allowed to
return fewer bytes copied than requested, it
will never return EINTR/ERESTART when sig_intr()
returns non-zero.
Reviewed by: kib, asomers
Differential Revision:https://reviews.freebsd.org/D26620
Modified:
head/sys/kern/vfs_vnops.c
Modified: head/sys/kern/vfs_vnops.c
==
--- head/sys/kern/vfs_vnops.c Fri Oct 9 00:27:45 2020(r366556)
+++ head/sys/kern/vfs_vnops.c Fri Oct 9 01:04:28 2020(r366557)
@@ -3017,7 +3017,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *
struct uio io;
off_t startoff, endoff, xfer, xfer2;
u_long blksize;
- int error;
+ int error, interrupted;
bool cantseek, readzeros, eof, lastblock;
ssize_t aresid;
size_t copylen, len, rem, savlen;
@@ -3027,6 +3027,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *
holein = holeout = 0;
savlen = len = *lenp;
error = 0;
+ interrupted = 0;
dat = NULL;
error = vn_lock(invp, LK_SHARED);
@@ -3116,7 +3117,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *
* support holes on the server, but do not support FIOSEEKHOLE.
*/
eof = false;
- while (len > 0 && error == 0 && !eof) {
+ while (len > 0 && error == 0 && !eof && interrupted == 0) {
endoff = 0; /* To shut up compilers. */
cantseek = true;
startoff = *inoffp;
@@ -3177,6 +3178,8 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *
*inoffp += xfer;
*outoffp += xfer;
len -= xfer;
+ if (len < savlen)
+ interrupted = sig_intr();
}
}
copylen = MIN(len, endoff - startoff);
@@ -3198,7 +3201,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *
xfer -= (*inoffp % blksize);
}
/* Loop copying the data block. */
- while (copylen > 0 && error == 0 && !eof) {
+ while (copylen > 0 && error == 0 && !eof && interrupted == 0) {
if (copylen < xfer)
xfer = copylen;
error = vn_lock(invp, LK_SHARED);
@@ -3239,6 +3242,8 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *
*outoffp += xfer;
copylen -= xfer;
len -= xfer;
+ if (len < savlen)
+ interrupted = sig_intr();
}
}
xfer = blksize;
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r366429 - in head/sys: kern sys
Mateusz Guzik wrote:
>Why is the process lock always taken? It looks like both routines just
>check a thread-local flag, so perhaps this can get away without
>serializing this process-wide?
I did spot this slight difference between the initial version of sig_intr() and
this one. At least w.r.t. copy_file_range(2), the call happens infrequently
enough that the overhead of acquiring the lock is not significant.
rick
On 10/4/20, Konstantin Belousov wrote:
> Author: kib
> Date: Sun Oct 4 16:33:42 2020
> New Revision: 366429
> URL: https://svnweb.freebsd.org/changeset/base/366429
>
> Log:
> Add sig_intr(9).
>
> It gives the answer would the thread sleep according to current state
> of signals and suspensions. Of course the answer is racy and allows
> for false-negatives (no sleep when signal is delivered after process
> lock is dropped). Also the answer might change due to signal
> rescheduling among threads in multi-threaded process.
>
> Still it is the best approximation I can provide, to answering the
> question was the thread interrupted.
>
> Reviewed by:markj
> Tested by: pho, rmacklem
> Sponsored by: The FreeBSD Foundation
> MFC after: 2 weeks
> Differential revision: https://reviews.freebsd.org/D26628
>
> Modified:
> head/sys/kern/kern_sig.c
> head/sys/sys/signalvar.h
>
> Modified: head/sys/kern/kern_sig.c
> ==
> --- head/sys/kern/kern_sig.c Sun Oct 4 16:30:05 2020(r366428)
> +++ head/sys/kern/kern_sig.c Sun Oct 4 16:33:42 2020(r366429)
> @@ -3204,6 +3204,24 @@ sig_ast_needsigchk(struct thread *td)
> return (ret);
> }
>
> +int
> +sig_intr(void)
> +{
> + struct thread *td;
> + struct proc *p;
> + int ret;
> +
> + td = curthread;
> + p = td->td_proc;
> +
> + PROC_LOCK(p);
> + ret = sig_ast_checksusp(td);
> + if (ret == 0)
> + ret = sig_ast_needsigchk(td);
> + PROC_UNLOCK(p);
> + return (ret);
> +}
> +
> void
> proc_wkilled(struct proc *p)
> {
>
> Modified: head/sys/sys/signalvar.h
> ==
> --- head/sys/sys/signalvar.h Sun Oct 4 16:30:05 2020(r366428)
> +++ head/sys/sys/signalvar.h Sun Oct 4 16:33:42 2020(r366429)
> @@ -408,6 +408,7 @@ int sig_ffs(sigset_t *set);
> void sigfastblock_clear(struct thread *td);
> void sigfastblock_fetch(struct thread *td);
> void sigfastblock_setpend(struct thread *td, bool resched);
> +int sig_intr(void);
> void siginit(struct proc *p);
> void signotify(struct thread *td);
> void sigqueue_delete(struct sigqueue *queue, int sig);
> ___
> svn-src-...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
>
--
Mateusz Guzik
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r366303 - head/sys/fs/nfsclient
Author: rmacklem
Date: Thu Oct 1 00:47:35 2020
New Revision: 366303
URL: https://svnweb.freebsd.org/changeset/base/366303
Log:
Modify the NFSv4.2 VOP_COPY_FILE_RANGE() client call to return after one
successful RPC.
Without this patch, the NFSv4.2 VOP_COPY_FILE_RANGE() client call would
loop until the copy "len" was completed. The problem with doing this is
that it might take a considerable time to complete for a large "len".
By returning after a single successful Copy RPC that copied some of the
data, the application that did the copy_file_range(2) syscall will be
more responsive to signal delivery for large "len" copies.
Modified:
head/sys/fs/nfsclient/nfs_clvnops.c
Modified: head/sys/fs/nfsclient/nfs_clvnops.c
==
--- head/sys/fs/nfsclient/nfs_clvnops.c Thu Oct 1 00:33:44 2020
(r366302)
+++ head/sys/fs/nfsclient/nfs_clvnops.c Thu Oct 1 00:47:35 2020
(r366303)
@@ -3638,7 +3638,7 @@ nfs_copy_file_range(struct vop_copy_file_range_args *a
struct vattr *vap;
struct uio io;
struct nfsmount *nmp;
- size_t len, len2, copiedlen;
+ size_t len, len2;
int error, inattrflag, outattrflag, ret, ret2;
off_t inoff, outoff;
bool consecutive, must_commit, tryoutcred;
@@ -3731,7 +3731,11 @@ nfs_copy_file_range(struct vop_copy_file_range_args *a
} else
error = 0;
}
- copiedlen = 0;
+
+ /*
+* len will be set to 0 upon a successful Copy RPC.
+* As such, this only loops when the Copy RPC needs to be retried.
+*/
while (len > 0 && error == 0) {
inattrflag = outattrflag = 0;
len2 = len;
@@ -3761,18 +3765,9 @@ nfs_copy_file_range(struct vop_copy_file_range_args *a
} else
error = NFSERR_OFFLOADNOREQS;
}
- /*
-* If the Copy returns a length == 0, it hit the
-* EOF on the input file.
-*/
- if (len2 == 0) {
- *ap->a_lenp = copiedlen;
- len = 0;
- } else {
- len -= len2;
- copiedlen += len2;
- }
- if (len == 0 && must_commit && error == 0)
+ *ap->a_lenp = len2;
+ len = 0;
+ if (len2 > 0 && must_commit && error == 0)
error = ncl_commit(outvp, outoff, *ap->a_lenp,
ap->a_outcred, curthread);
if (error == 0 && ret != 0)
@@ -3783,6 +3778,9 @@ nfs_copy_file_range(struct vop_copy_file_range_args *a
/*
* Try consecutive == false, which is ok only if all
* bytes are copied.
+* If only some bytes were copied when consecutive
+* is false, there is no way to know which bytes
+* still need to be written.
*/
consecutive = false;
error = 0;
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r366302 - head/sys/kern
Author: rmacklem
Date: Thu Oct 1 00:33:44 2020
New Revision: 366302
URL: https://svnweb.freebsd.org/changeset/base/366302
Log:
Clip the "len" argument to vn_generic_copy_file_range() at a
hole size boundary.
By clipping the len argument of vn_generic_copy_file_range() to end at
an exact multiple of hole size, holes are more likely to be maintained
during the copy.
A hole can still straddle the boundary at the end of the
copy range, resulting in a block being allocated in the
output file as it is being grown in size, but this will reduce the
likelyhood of this happening.
While here, also modify setting of blksize to better handle the
case where _PC_MIN_HOLE_SIZE is returned as 1.
Reviewed by: asomers
Differential Revision:https://reviews.freebsd.org/D26570
Modified:
head/sys/kern/vfs_vnops.c
Modified: head/sys/kern/vfs_vnops.c
==
--- head/sys/kern/vfs_vnops.c Wed Sep 30 22:41:24 2020(r366301)
+++ head/sys/kern/vfs_vnops.c Thu Oct 1 00:33:44 2020(r366302)
@@ -3020,7 +3020,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *
int error;
bool cantseek, readzeros, eof, lastblock;
ssize_t aresid;
- size_t copylen, len, savlen;
+ size_t copylen, len, rem, savlen;
char *dat;
long holein, holeout;
@@ -3089,7 +3089,17 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *
* This value is clipped at 4Kbytes and 1Mbyte.
*/
blksize = MAX(holein, holeout);
- if (blksize == 0)
+
+ /* Clip len to end at an exact multiple of hole size. */
+ if (blksize > 1) {
+ rem = *inoffp % blksize;
+ if (rem > 0)
+ rem = blksize - rem;
+ if (len - rem > blksize)
+ len = savlen = rounddown(len - rem, blksize) + rem;
+ }
+
+ if (blksize <= 1)
blksize = MAX(invp->v_mount->mnt_stat.f_iosize,
outvp->v_mount->mnt_stat.f_iosize);
if (blksize < 4096)
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r366278 - head/sys/kern
Author: rmacklem
Date: Wed Sep 30 02:18:09 2020
New Revision: 366278
URL: https://svnweb.freebsd.org/changeset/base/366278
Log:
Make copy_file_range(2) Linux compatible for overflow of offset + len.
Without this patch, if a call to copy_file_range(2) specifies an input file
offset + len that would wrap around, EINVAL is returned.
I thought that was the Linux behaviour, but recent testing showed that
Linux accepts this case and does the copy_file_range() to EOF.
This patch changes the FreeBSD code to exhibit the same behaviour as
Linux for this case.
Reviewed by: asomers, kib
Differential Revision:https://reviews.freebsd.org/D26569
Modified:
head/sys/kern/vfs_vnops.c
Modified: head/sys/kern/vfs_vnops.c
==
--- head/sys/kern/vfs_vnops.c Wed Sep 30 00:56:08 2020(r366277)
+++ head/sys/kern/vfs_vnops.c Wed Sep 30 02:18:09 2020(r366278)
@@ -2790,25 +2790,31 @@ vn_copy_file_range(struct vnode *invp, off_t *inoffp,
{
int error;
size_t len;
- uint64_t uvalin, uvalout;
+ uint64_t uval;
len = *lenp;
*lenp = 0; /* For error returns. */
error = 0;
/* Do some sanity checks on the arguments. */
- uvalin = *inoffp;
- uvalin += len;
- uvalout = *outoffp;
- uvalout += len;
if (invp->v_type == VDIR || outvp->v_type == VDIR)
error = EISDIR;
- else if (*inoffp < 0 || uvalin > INT64_MAX || uvalin <
- (uint64_t)*inoffp || *outoffp < 0 || uvalout > INT64_MAX ||
- uvalout < (uint64_t)*outoffp || invp->v_type != VREG ||
- outvp->v_type != VREG)
+ else if (*inoffp < 0 || *outoffp < 0 ||
+ invp->v_type != VREG || outvp->v_type != VREG)
error = EINVAL;
if (error != 0)
+ goto out;
+
+ /* Ensure offset + len does not wrap around. */
+ uval = *inoffp;
+ uval += len;
+ if (uval > INT64_MAX)
+ len = INT64_MAX - *inoffp;
+ uval = *outoffp;
+ uval += len;
+ if (uval > INT64_MAX)
+ len = INT64_MAX - *outoffp;
+ if (len == 0)
goto out;
/*
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r366189 - head/sys/fs/nfsserver
Author: rmacklem
Date: Sat Sep 26 23:05:38 2020
New Revision: 366189
URL: https://svnweb.freebsd.org/changeset/base/366189
Log:
Bjorn reported a problem where the Linux NFSv4.1 client is
using an open_to_lock_owner4 when that lock_owner4 has already
been created by a previous open_to_lock_owner4. This caused the NFS server
to reply NFSERR_INVAL.
For NFSv4.0, this is an error, although the updated NFSv4.0 RFC7530 notes
that the correct error reply is NFSERR_BADSEQID (RFC3530 did not specify
what error to return).
For NFSv4.1, it is not obvious whether or not this is allowed by RFC5661,
but the NFSv4.1 server can handle this case without error.
This patch changes the NFSv4.1 (and NFSv4.2) server to handle multiple
uses of the same lock_owner in open_to_lock_owner so that it now correctly
interoperates with the Linux NFS client.
It also changes the error returned for NFSv4.0 to be NFSERR_BADSEQID.
Thanks go to Bjorn for diagnosing this and testing the patch.
He also provided a program that I could use to reproduce the problem.
Tested by:b...@cebitec.uni-bielefeld.de (Bjorn Fischer)
PR: 249567
Reported by: b...@cebitec.uni-bielefeld.de (Bjorn Fischer)
MFC after:3 days
Modified:
head/sys/fs/nfsserver/nfs_nfsdstate.c
Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c
==
--- head/sys/fs/nfsserver/nfs_nfsdstate.c Sat Sep 26 21:47:11 2020
(r366188)
+++ head/sys/fs/nfsserver/nfs_nfsdstate.c Sat Sep 26 23:05:38 2020
(r366189)
@@ -1870,14 +1870,20 @@ tryagain:
}
if (!error)
nfsrv_getowner(&stp->ls_open, new_stp, &lckstp);
- if (lckstp)
+ if (lckstp) {
/*
-* I believe this should be an error, but it
-* isn't obvious what NFSERR_xxx would be
-* appropriate, so I'll use NFSERR_INVAL for now.
+* For NFSv4.1 and NFSv4.2 allow an
+* open_to_lock_owner when the lock_owner already
+* exists. Just clear NFSLCK_OPENTOLOCK so that
+* a new lock_owner will not be created.
+* RFC7530 states that the error for NFSv4.0
+* is NFS4ERR_BAD_SEQID.
*/
- error = NFSERR_INVAL;
- else
+ if ((nd->nd_flag & ND_NFSV41) != 0)
+ new_stp->ls_flags &= ~NFSLCK_OPENTOLOCK;
+ else
+ error = NFSERR_BADSEQID;
+ } else
lckstp = new_stp;
} else if (new_stp->ls_flags&(NFSLCK_LOCK|NFSLCK_UNLOCK)) {
/*
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r365643 - head/bin/cp
Alan Somers wrote: >On Sat, Sep 19, 2020 at 5:32 PM Konstantin Belousov >mailto:kostik...@gmail.com>> wrote: >On Sat, Sep 19, 2020 at 11:18:56PM +0000, Rick Macklem wrote: >> Alan Somers wrote: >> >On Fri, Sep 11, 2020 at 3:52 PM Rick Macklem >> >mailto:rmack...@uoguelph.ca><mailto:rmack...@uoguelph.ca<mailto:rmack...@uoguelph.ca>>> >> > wrote: >> >Konstantin Belousov wrote: >> >>On Fri, Sep 11, 2020 at 08:49:36PM +, Alan Somers wrote: >> >>> Author: asomers >> >>> Date: Fri Sep 11 20:49:36 2020 >> >>> New Revision: 365643 >> >>> URL: https://svnweb.freebsd.org/changeset/base/365643 >> >>> >> >>> Log: >> >>> cp: fall back to read/write if copy_file_range fails >> >>> >> >>> Even though copy_file_range has a file-system agnostic version, it >> >>> still >> >>> fails on devfs (perhaps because the file descriptor is non-seekable?) >> >>> In >> >>> that case, fallback to old-fashioned read/write. Fixes >> >>> "cp /dev/null /tmp/null" >> >> >> >>Devices are seekable. >> >> >> >>The reason for EINVAL is that vn_copy_file_range() checks that both in and >> >>out >> >>vnodes are VREG. For devfs, they are VCHR. >> > >> >I coded the syscall to the Linux man page, which states that EINVAL is >> >returned >> >if either fd does not refer to a regular file. >> >Having said that, I do not recall testing the VCHR case under Linux. (ie. >> >It might >> >actually work and the man page turns out to be incorrect?) >> > >> >I will test this case under Linux when I get home next week, rick >> I'll admit I haven't tested this in Linux to see if they do return EINVAL. >> >> >Since there's no standard, I think it's fine for us to support devfs if >> >possible. >> 1 - I think this is a good question for a mailing list like freebsd-current@. >> 2 - I see Linux as the de-facto standard these days and consider POSIX no >> longer relevant, but that's just mho. >> 3 - For NFSv4.2, the Copy operation will fail for non-regular files, so if >> you >> do this, you will need to handle the fall-back to using the generic >> code. >> (Should be doable, but you need to be aware of this case.) >> >> Having said the above, it is up to the "collective" and not me and, as such, >> I suggest #1, to see whether others think doing a non-Linux compatible >> version makes sense for FreeBSD? > >I believe that allowing devfs nodes for vn_copy_file() is not very good >idea. For /dev/null driver returns EOF, but think about real devices or >even better, /dev/zero that never EOF its output. > >Is vn_copy_file() interruptible ? I think not. So if insane range is >specified, we have unstoppable copier that fills the disk (at best). I think this is a serious problem, but the code could clip the "len" argument at K Mbytes for non-VREG files to avoid it (and document that FreeBSD specific behaviour in the man page). >I can think of good use cases for copy_file_range on a device: > >1) Network block devices. I don't know if the iSCSI, NBD, or Ceph RBD >protocols >currently support server-side copies, but it's reasonable that they >might. If they >ever do, FreeBSD would need copy_file_range to take advantage. >2) CUSE. I think Linux's CUSE already supports copy_file_range, since a CUSE >>device on Linux is basically just a single-file FUSE file system. We might >add >support to our CUSE driver someday. >3) zvols. This is the use case that matters the most to me. I have a large >amount >of data stored in plain files that I would like to convert to zvols. >dd should be able >to do that using copy_file_range. > >In my opinion, the utility of those cases outweighs the risk of a long-running >>interruptible syscall. And in any case, it is documented that >copy_file_range may >return EINTR. I believe that the only case where EINTR would be returned is for NFS mounts with the "intr" option. The generic code uses vn_rdwr()->VOP_READ()/VOP_WRITE() and I think the behaviour w.r.t. signal handling is the same as read(2)/write(2). Is reducing the number of syscalls really going to speed up the above cases? (I did copy_file_range(2) because the copy could be done locally on the NFSv4.2 server. I didn't intend the generic code to be used over read(2)/write(2) to improve performance.) --> I'd suggest you try benchmarking a pre-patched vs current "cp" to copy regular files (not a NFSv4.2 mount) and see if there really is a significant benefit. I'll admit I would prefer a Linux-compatible syscall and think this should be asked on an open mailing list instead of here. rick -Alan ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r365643 - head/bin/cp
Kyle Evans wrote: [stuff snipped] >Testing on Debian I seem to get back an EINVAL, but I think it's maybe >a little surprising: > > EXDEV The files referred to by file_in and file_out are > not on the same mounted filesystem. Well, as Alan noted, Linux is not a standard and they've also changed the semantics of copy_file_range(2) significantly since it was introduced. Here's what the most current man page I have says: EXDEV The files referred to by fd_in and fd_out are not on the same mounted filesystem (pre Linux 5.3). Note the change as of Linux5.3. They also initially did not allow it to work across multiple file systems and then changed to allowing that. --> All I could do was try and be compatible with the most up to date man page I had, which does also state: EINVAL Either fd_in or fd_out is not a regular file. So, I guess the surprising part for me is how quickly (and wthout concerns w.r.t. backwards compatibility) the Linux kernel folk change things.;-) All part of the fun, rick Thanks, Kyle Evans ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r365643 - head/bin/cp
Alan Somers wrote: >On Fri, Sep 11, 2020 at 3:52 PM Rick Macklem >mailto:rmack...@uoguelph.ca>> wrote: >Konstantin Belousov wrote: >>On Fri, Sep 11, 2020 at 08:49:36PM +, Alan Somers wrote: >>> Author: asomers >>> Date: Fri Sep 11 20:49:36 2020 >>> New Revision: 365643 >>> URL: https://svnweb.freebsd.org/changeset/base/365643 >>> >>> Log: >>> cp: fall back to read/write if copy_file_range fails >>> >>> Even though copy_file_range has a file-system agnostic version, it still >>> fails on devfs (perhaps because the file descriptor is non-seekable?) In >>> that case, fallback to old-fashioned read/write. Fixes >>> "cp /dev/null /tmp/null" >> >>Devices are seekable. >> >>The reason for EINVAL is that vn_copy_file_range() checks that both in and out >>vnodes are VREG. For devfs, they are VCHR. > >I coded the syscall to the Linux man page, which states that EINVAL is returned >if either fd does not refer to a regular file. >Having said that, I do not recall testing the VCHR case under Linux. (ie. It >might >actually work and the man page turns out to be incorrect?) > >I will test this case under Linux when I get home next week, rick I'll admit I haven't tested this in Linux to see if they do return EINVAL. >Since there's no standard, I think it's fine for us to support devfs if >possible. 1 - I think this is a good question for a mailing list like freebsd-current@. 2 - I see Linux as the de-facto standard these days and consider POSIX no longer relevant, but that's just mho. 3 - For NFSv4.2, the Copy operation will fail for non-regular files, so if you do this, you will need to handle the fall-back to using the generic code. (Should be doable, but you need to be aware of this case.) Having said the above, it is up to the "collective" and not me and, as such, I suggest #1, to see whether others think doing a non-Linux compatible version makes sense for FreeBSD? rick ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r365895 - head/sys/fs/nfsserver
Author: rmacklem Date: Fri Sep 18 23:52:56 2020 New Revision: 365895 URL: https://svnweb.freebsd.org/changeset/base/365895 Log: Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures in nfsrv_checksequence(). This was fixed by r365789. A similar bug exists in nfsrv_bindconnsess(), where SVC_RELEASE() is called while mutexes are held. This patch applies a fix similar to r365789, moving the SVC_RELEASE() call down to after the mutexes are released. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_checksequence() down a few lines to below where the mutex is released. MFC after:1 week Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c == --- head/sys/fs/nfsserver/nfs_nfsdstate.c Fri Sep 18 23:21:24 2020 (r365894) +++ head/sys/fs/nfsserver/nfs_nfsdstate.c Fri Sep 18 23:52:56 2020 (r365895) @@ -6424,6 +6424,7 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t int error; error = 0; + savxprt = NULL; shp = NFSSESSIONHASH(sessionid); NFSLOCKSTATE(); NFSLOCKSESSION(shp); @@ -6451,8 +6452,6 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t /* Disable idle timeout. */ nd->nd_xprt->xp_idletimeout = 0; sep->sess_cbsess.nfsess_xprt = nd->nd_xprt; - if (savxprt != NULL) - SVC_RELEASE(savxprt); sep->sess_crflags |= NFSV4CRSESS_CONNBACKCHAN; clp->lc_flags |= LCL_DONEBINDCONN; if (*foreaftp == NFSCDFS4_BACK) @@ -6479,6 +6478,8 @@ nfsrv_bindconnsess(struct nfsrv_descript *nd, uint8_t error = NFSERR_BADSESSION; NFSUNLOCKSESSION(shp); NFSUNLOCKSTATE(); + if (savxprt != NULL) + SVC_RELEASE(savxprt); return (error); } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r365789 - head/sys/fs/nfsserver
Author: rmacklem
Date: Wed Sep 16 02:25:18 2020
New Revision: 365789
URL: https://svnweb.freebsd.org/changeset/base/365789
Log:
Fix a LOR between the NFS server and server side krpc.
Recent testing of the NFS-over-TLS code found a LOR between the mutex lock
used for sessions and the sleep lock used for server side krpc socket
structures.
The code in nfsrv_checksequence() would call SVC_RELEASE() with the mutex
held. Normally this is ok, since all that happens is SVC_RELEASE()
decrements a reference count. However, if the socket has just been shut
down, SVC_RELEASE() drops the reference count to 0 and acquires a sleep
lock during destruction of the server side krpc structure.
This patch fixes the problem by moving the SVC_RELEASE() call in
nfsrv_checksequence() down a few lines to below where the mutex is released.
MFC after:1 week
Modified:
head/sys/fs/nfsserver/nfs_nfsdstate.c
Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c
==
--- head/sys/fs/nfsserver/nfs_nfsdstate.c Tue Sep 15 23:03:56 2020
(r365788)
+++ head/sys/fs/nfsserver/nfs_nfsdstate.c Wed Sep 16 02:25:18 2020
(r365789)
@@ -6233,6 +6233,7 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_
* bound as well, do the implicit binding unless a
* BindConnectiontoSession has already been done on the session.
*/
+ savxprt = NULL;
if (sep->sess_clp->lc_req.nr_client != NULL &&
sep->sess_cbsess.nfsess_xprt != nd->nd_xprt &&
(sep->sess_crflags & NFSV4CRSESS_CONNBACKCHAN) != 0 &&
@@ -6245,14 +6246,14 @@ nfsrv_checksequence(struct nfsrv_descript *nd, uint32_
sep->sess_clp->lc_req.nr_client->cl_private;
nd->nd_xprt->xp_idletimeout = 0;/* Disable timeout. */
sep->sess_cbsess.nfsess_xprt = nd->nd_xprt;
- if (savxprt != NULL)
- SVC_RELEASE(savxprt);
}
*sflagsp = 0;
if (sep->sess_clp->lc_req.nr_client == NULL)
*sflagsp |= NFSV4SEQ_CBPATHDOWN;
NFSUNLOCKSESSION(shp);
+ if (savxprt != NULL)
+ SVC_RELEASE(savxprt);
if (error == NFSERR_EXPIRED) {
*sflagsp |= NFSV4SEQ_EXPIREDALLSTATEREVOKED;
error = 0;
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r365703 - head/sys/fs/nfsserver
Author: rmacklem
Date: Mon Sep 14 00:44:50 2020
New Revision: 365703
URL: https://svnweb.freebsd.org/changeset/base/365703
Log:
Fix a case where the NFSv4.0 server might crash if delegations are enabled.
asomers@ reported a crash on an NFSv4.0 server with a backtrace of:
kdb_backtrace
vpanic
panic
nfsrv_docallback
nfsrv_checkgetattr
nfsrvd_getattr
nfsrvd_dorpc
nfssvc_program
svc_run_internal
svc_thread_start
fork_exit
fork_trampoline
where the panic message was "docallb", which indicates that a callback
was attempted when the ClientID is unconfirmed.
This would not normally occur, but it is possible to have an unconfirmed
ClientID structure with delegation structure(s) chained off it if the
client were to issue a SetClientID with the same "id" but different
"verifier" after acquiring delegations on the previously confirmed ClientID.
The bug appears to be that nfsrv_checkgetattr() failed to check for
this uncommon case of an unconfirmed ClientID with a delegation structure
that no longer refers to a delegation the client knows about.
This patch adds a check for this case, handling it as if no delegation
exists, which is the case when the above occurs.
Although difficult to reproduce, this change should avoid the panic().
PR: 249127
Reported by: asomers
Reviewed by: asomers
MFC after:1 week
Differential Revision:https://reviews.freebbsd.org/D26342
Modified:
head/sys/fs/nfsserver/nfs_nfsdstate.c
Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c
==
--- head/sys/fs/nfsserver/nfs_nfsdstate.c Sun Sep 13 23:51:07 2020
(r365702)
+++ head/sys/fs/nfsserver/nfs_nfsdstate.c Mon Sep 14 00:44:50 2020
(r365703)
@@ -5707,8 +5707,14 @@ nfsrv_checkgetattr(struct nfsrv_descript *nd, vnode_t
goto out;
}
clp = stp->ls_clp;
- delegfilerev = stp->ls_filerev;
+ /* If the clientid is not confirmed, ignore the delegation. */
+ if (clp->lc_flags & LCL_NEEDSCONFIRM) {
+ NFSUNLOCKSTATE();
+ goto out;
+ }
+
+ delegfilerev = stp->ls_filerev;
/*
* If the Write delegation was issued as a part of this Compound RPC
* or if we have an Implied Clientid (used in a previous Op in this
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r365643 - head/bin/cp
Konstantin Belousov wrote: >On Fri, Sep 11, 2020 at 08:49:36PM +, Alan Somers wrote: >> Author: asomers >> Date: Fri Sep 11 20:49:36 2020 >> New Revision: 365643 >> URL: https://svnweb.freebsd.org/changeset/base/365643 >> >> Log: >> cp: fall back to read/write if copy_file_range fails >> >> Even though copy_file_range has a file-system agnostic version, it still >> fails on devfs (perhaps because the file descriptor is non-seekable?) In >> that case, fallback to old-fashioned read/write. Fixes >> "cp /dev/null /tmp/null" > >Devices are seekable. > >The reason for EINVAL is that vn_copy_file_range() checks that both in and out >vnodes are VREG. For devfs, they are VCHR. I coded the syscall to the Linux man page, which states that EINVAL is returned if either fd does not refer to a regular file. Having said that, I do not recall testing the VCHR case under Linux. (ie. It might actually work and the man page turns out to be incorrect?) I will test this case under Linux when I get home next week, rick ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r365355 - head/sys/rpc
Author: rmacklem
Date: Sat Sep 5 00:50:52 2020
New Revision: 365355
URL: https://svnweb.freebsd.org/changeset/base/365355
Log:
Fix a potential memory leak in the NFS over TLS handling code.
For the TLS case where there is a "user@domain" name specified in the
X.509 v3 certificate presented by the client in the otherName component
of subjectAltName, a gid list is allocated via mem_alloc().
This needs to be free'd. Otherwise xp_gidp == NULL and free() handles that.
(The size argument to mem_free() is not used by FreeBSD, so it can be 0.)
This leak would not have occurred for any other case than NFS over TLS
with the "user@domain" in the client's certificate.
Modified:
head/sys/rpc/svc.c
Modified: head/sys/rpc/svc.c
==
--- head/sys/rpc/svc.c Sat Sep 5 00:45:46 2020(r365354)
+++ head/sys/rpc/svc.c Sat Sep 5 00:50:52 2020(r365355)
@@ -902,6 +902,8 @@ svc_xprt_free(SVCXPRT *xprt)
{
mem_free(xprt->xp_p3, sizeof(SVCXPRT_EXT));
+ /* The size argument is ignored, so 0 is ok. */
+ mem_free(xprt->xp_gidp, 0);
mem_free(xprt, sizeof(SVCXPRT));
}
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r365309 - head/share/snmp/mibs
Author: rmacklem
Date: Thu Sep 3 20:42:30 2020
New Revision: 365309
URL: https://svnweb.freebsd.org/changeset/base/365309
Log:
Add entries for the OID used for NFS-over-TLS "user@domain".
The NFS-over-TLS server daemon (rpc.tlsservd) can optionally replace user
credentials in the RPC header with ones derived from a username specified
by the form "user@domain", if this exists in the client's X.509 v3
certificate.
Specifically, "user@domain" needs to be in the "otherName" component of
subjectjAltName, with a unique OID as assigned by this update.
This patch adds a subtree for the "otherName" component of subjectAltName in
X.509 v3 cerificates and a value for "user@domain" as used by NFS-over-TLS.
Reviewed by: phk, gordon
Differential Revision:https://reviews.freebsd.org/D26225
Modified:
head/share/snmp/mibs/FREEBSD-MIB.txt
Modified: head/share/snmp/mibs/FREEBSD-MIB.txt
==
--- head/share/snmp/mibs/FREEBSD-MIB.txtThu Sep 3 20:30:52 2020
(r365308)
+++ head/share/snmp/mibs/FREEBSD-MIB.txtThu Sep 3 20:42:30 2020
(r365309)
@@ -16,7 +16,7 @@ IMPORTS
FROM SNMPv2-SMI;
freeBSD MODULE-IDENTITY
- LAST-UPDATED "200610311000Z"
+ LAST-UPDATED "202009032030Z"
ORGANIZATION "The FreeBSD Project."
CONTACT-INFO
"p...@freebsd.org is contact person for this file.
@@ -24,6 +24,9 @@ freeBSD MODULE-IDENTITY
DESCRIPTION
"The Structure of Management Information for the
FreeBSD Project enterprise MIB subtree."
+ REVISION "202009031900Z"
+ DESCRIPTION
+ "Added entries for the otherName component of a X.509 cert"
REVISION "200610310800Z"
DESCRIPTION
"Initial version of this MIB module."
@@ -35,6 +38,21 @@ freeBSDsrc OBJECT-IDENTITY
DESCRIPTION
"Subtree for things which lives in the src tree."
::= { freeBSD 1 }
+
+freeBSDsrcCertOtherName OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "Subtree for X.509 Certificate otherName entries"
+ ::= { freeBSDsrc 1 }
+
+--
+-- For NFS over TLS, a user@domain can optionally be handled by rpc.tlsservd
+--
+freeBSDsrcCertNFSuser OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "Entry for X.509 Certificate for NFS user@domain name"
+ ::= { freeBSDsrcCertOtherName 1 }
freeBSDports OBJECT-IDENTITY
STATUS current
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r365232 - in head/sys/modules: nfscl nfsd
Author: rmacklem Date: Wed Sep 2 01:29:33 2020 New Revision: 365232 URL: https://svnweb.freebsd.org/changeset/base/365232 Log: Fix the standalone build of the nfscl and nfsd modules. Reported by: j...@berklix.com Modified: head/sys/modules/nfscl/Makefile head/sys/modules/nfsd/Makefile Modified: head/sys/modules/nfscl/Makefile == --- head/sys/modules/nfscl/Makefile Tue Sep 1 23:16:38 2020 (r365231) +++ head/sys/modules/nfscl/Makefile Wed Sep 2 01:29:33 2020 (r365232) @@ -17,6 +17,7 @@ SRCS= vnode_if.h \ opt_bootp.h \ opt_inet.h \ opt_inet6.h \ + opt_kern_tls.h \ opt_kgssapi.h \ opt_nfs.h \ opt_nfsroot.h \ Modified: head/sys/modules/nfsd/Makefile == --- head/sys/modules/nfsd/Makefile Tue Sep 1 23:16:38 2020 (r365231) +++ head/sys/modules/nfsd/Makefile Wed Sep 2 01:29:33 2020 (r365232) @@ -15,6 +15,7 @@ SRCS= vnode_if.h \ opt_nfs.h \ opt_inet.h \ opt_inet6.h \ + opt_kern_tls.h \ opt_kgssapi.h .include ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r365019 - head/sys/fs/nfsclient
Author: rmacklem
Date: Tue Sep 1 01:10:16 2020
New Revision: 365019
URL: https://svnweb.freebsd.org/changeset/base/365019
Log:
Add a check to test for the case of the "tls" option being used with "udp".
The KERN_TLS only supports TCP, so use of the "tls" option with "udp" will
not work. This patch adds a test for this case, so that the mount is not
attempted when both "tls" and "udp" are specified.
Modified:
head/sys/fs/nfsclient/nfs_clvfsops.c
Modified: head/sys/fs/nfsclient/nfs_clvfsops.c
==
--- head/sys/fs/nfsclient/nfs_clvfsops.cTue Sep 1 00:14:40 2020
(r365018)
+++ head/sys/fs/nfsclient/nfs_clvfsops.cTue Sep 1 01:10:16 2020
(r365019)
@@ -1419,7 +1419,9 @@ mountnfs(struct nfs_args *argp, struct mount *mp, stru
if ((newflag & NFSMNT_TLS) != 0) {
error = EINVAL;
#ifdef KERN_TLS
- if (rpctls_getinfo(&maxlen, true, false))
+ /* KERN_TLS is only supported for TCP. */
+ if (argp->sotype == SOCK_STREAM &&
+ rpctls_getinfo(&maxlen, true, false))
error = 0;
#endif
if (error != 0) {
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364980 - head
Author: rmacklem
Date: Sun Aug 30 21:46:29 2020
New Revision: 364980
URL: https://svnweb.freebsd.org/changeset/base/364980
Log:
Add an entry to RELNOTES for the NFS over TLS kernel support.
Modified:
head/RELNOTES
Modified: head/RELNOTES
==
--- head/RELNOTES Sun Aug 30 21:21:58 2020(r364979)
+++ head/RELNOTES Sun Aug 30 21:46:29 2020(r364980)
@@ -10,6 +10,17 @@ newline. Entries should be separated by a newline.
Changes to this file should not be MFCed.
+r364896:
+ A series of commits ending with r364896 added NFS over TLS
+ to the kernel. This is believed to be compatible with
+ the Internet Draft titled "Towards Remote Procedure Call Encryption
+ By Default" (expected to soon become an RFC).
+ The mount_nfs(8) and exports(5) man pages describe the mount and
+ export option(s) related to NFS over TLS.
+ For NFS over TLS to work, the rpctlscd(8) { client } or rpctlssd(8)
+ { server } must be running on a kernel built with "options KERN_TLS"
+ on an architecture where PMAP_HAS_DMAP != 0.
+
r364725:
Changes to one obscure devd event generated on resume need to
be documented. The old form will still be generated in 13, but not
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364979 - head/usr.sbin/mountd
Author: rmacklem
Date: Sun Aug 30 21:21:58 2020
New Revision: 364979
URL: https://svnweb.freebsd.org/changeset/base/364979
Log:
Add support for the NFS over TLS exports to mountd.
Three new export flags are added to mountd that will restrict exported
file system mounts to use TLS. Without these flags, TLS is allowed, but not
required.
The exports(5) man page will be updated in a future commit.
Modified:
head/usr.sbin/mountd/mountd.c
Modified: head/usr.sbin/mountd/mountd.c
==
--- head/usr.sbin/mountd/mountd.c Sun Aug 30 18:21:54 2020
(r364978)
+++ head/usr.sbin/mountd/mountd.c Sun Aug 30 21:21:58 2020
(r364979)
@@ -2795,6 +2795,13 @@ do_opt(char **cpp, char **endcpp, struct exportlist *e
return (1);
opt_flags |= OP_SEC;
usedarg++;
+ } else if (!strcmp(cpopt, "tls")) {
+ *exflagsp |= MNT_EXTLS;
+ } else if (!strcmp(cpopt, "tlscert")) {
+ *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT);
+ } else if (!strcmp(cpopt, "tlscertuser")) {
+ *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT |
+ MNT_EXTLSCERTUSER);
} else {
syslog(LOG_ERR, "bad opt %s", cpopt);
return (1);
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364896 - in head/sys/fs: nfs nfsclient nfsserver
Author: rmacklem
Date: Thu Aug 27 23:57:30 2020
New Revision: 364896
URL: https://svnweb.freebsd.org/changeset/base/364896
Log:
Add flags to enable NFS over TLS to the NFS client and server.
An Internet Draft titled "Towards Remote Procedure Call Encryption By Default"
(soon to be an RFC I think) describes how Sun RPC is to use TLS with NFS
as a specific application case.
Various commits prepared the NFS code to use KERN_TLS, mainly enabling use
of ext_pgs mbufs for large RPC messages.
r364475 added TLS support to the kernel RPC.
This commit (which is the final one for kernel changes required to do
NFS over TLS) adds support for three export flags:
MNT_EXTLS - Requires a TLS connection.
MNT_EXTLSCERT - Requires a TLS connection where the client presents a valid
X.509 certificate during TLS handshake.
MNT_EXTLSCERTUSER - Requires a TLS connection where the client presents a
valid X.509 certificate with "user@domain" in the otherName
field of the SubjectAltName during TLS handshake.
Without these export options, clients are permitted, but not required, to
use TLS.
For the client, a new nmount(2) option called "tls" makes the client do
a STARTTLS Null RPC and TLS handshake for all TCP connections used for the
mount. The CLSET_TLS client control option is used to indicate to the kernel
RPC
that this should be done.
Unless the above export flags or "tls" option is used, semantics should
not change for the NFS client nor server.
For NFS over TLS to work, the userspace daemons rpctlscd(8) { for client }
or rpctlssd(8) daemon { for server } must be running.
Modified:
head/sys/fs/nfs/nfs_commonkrpc.c
head/sys/fs/nfs/nfsdport.h
head/sys/fs/nfs/nfsport.h
head/sys/fs/nfsclient/nfs_clkrpc.c
head/sys/fs/nfsclient/nfs_clvfsops.c
head/sys/fs/nfsclient/nfsmount.h
head/sys/fs/nfsserver/nfs_nfsdkrpc.c
head/sys/fs/nfsserver/nfs_nfsdport.c
head/sys/fs/nfsserver/nfs_nfsdserv.c
head/sys/fs/nfsserver/nfs_nfsdsubs.c
Modified: head/sys/fs/nfs/nfs_commonkrpc.c
==
--- head/sys/fs/nfs/nfs_commonkrpc.cThu Aug 27 22:14:58 2020
(r364895)
+++ head/sys/fs/nfs/nfs_commonkrpc.cThu Aug 27 23:57:30 2020
(r364896)
@@ -281,6 +281,8 @@ newnfs_connect(struct nfsmount *nmp, struct nfssockreq
CLNT_CONTROL(client, CLSET_INTERRUPTIBLE, &one);
if ((nmp->nm_flag & NFSMNT_RESVPORT))
CLNT_CONTROL(client, CLSET_PRIVPORT, &one);
+ if (NFSHASTLS(nmp))
+ CLNT_CONTROL(client, CLSET_TLS, &one);
if (NFSHASSOFT(nmp)) {
if (nmp->nm_sotype == SOCK_DGRAM)
/*
Modified: head/sys/fs/nfs/nfsdport.h
==
--- head/sys/fs/nfs/nfsdport.h Thu Aug 27 22:14:58 2020(r364895)
+++ head/sys/fs/nfs/nfsdport.h Thu Aug 27 23:57:30 2020(r364896)
@@ -81,6 +81,9 @@ struct nfsexstuff {
#defineNFSVNO_EXPORTANON(e)((e)->nes_exflag &
MNT_EXPORTANON)
#defineNFSVNO_EXSTRICTACCESS(e)((e)->nes_exflag &
MNT_EXSTRICTACCESS)
#defineNFSVNO_EXV4ONLY(e) ((e)->nes_exflag & MNT_EXV4ONLY)
+#defineNFSVNO_EXTLS(e) ((e)->nes_exflag & MNT_EXTLS)
+#defineNFSVNO_EXTLSCERT(e) ((e)->nes_exflag &
MNT_EXTLSCERT)
+#defineNFSVNO_EXTLSCERTUSER(e) ((e)->nes_exflag &
MNT_EXTLSCERTUSER)
#defineNFSVNO_SETEXRDONLY(e) ((e)->nes_exflag =
(MNT_EXPORTED|MNT_EXRDONLY))
Modified: head/sys/fs/nfs/nfsport.h
==
--- head/sys/fs/nfs/nfsport.h Thu Aug 27 22:14:58 2020(r364895)
+++ head/sys/fs/nfs/nfsport.h Thu Aug 27 23:57:30 2020(r364896)
@@ -1055,6 +1055,7 @@ bool ncl_pager_setsize(struct vnode *vp, u_quad_t *nsi
#defineNFSHASOPENMODE(n) ((n)->nm_state & NFSSTA_OPENMODE)
#defineNFSHASONEOPENOWN(n) (((n)->nm_flag & NFSMNT_ONEOPENOWN) !=
0 && \
(n)->nm_minorvers > 0)
+#defineNFSHASTLS(n)(((n)->nm_newflag & NFSMNT_TLS) != 0)
/*
* Set boottime.
Modified: head/sys/fs/nfsclient/nfs_clkrpc.c
==
--- head/sys/fs/nfsclient/nfs_clkrpc.c Thu Aug 27 22:14:58 2020
(r364895)
+++ head/sys/fs/nfsclient/nfs_clkrpc.c Thu Aug 27 23:57:30 2020
(r364896)
@@ -37,12 +37,14 @@
__FBSDID("$FreeBSD$");
#include "opt_kgssapi.h"
+#include "opt_kern_tls.h"
#include
#include
-#include
#include
+#include
+#include
NFSDLOCKMUTEX;
@@ -67,6 +69,9 @@ nfscb_program(struct svc_req *rqst, SVCXPRT *xprt)
{
struct nfsrv_descript nd;
in
svn commit: r364844 - head/sys/kern
Author: rmacklem
Date: Wed Aug 26 21:49:43 2020
New Revision: 364844
URL: https://svnweb.freebsd.org/changeset/base/364844
Log:
Fix a "v_seqc_users == 0 not met" panic when VFS_STATFS() fails during mount.
r363210 introduced v_seqc_users to the vnodes. This change requires
a vn_seqc_write_end() to match the vn_seqc_write_begin() in
vfs_cache_root_clear().
mjg@ provided this patch which seems to fix the panic.
Tested for an NFS mount where the VFS_STATFS() call will fail.
Submitted by: mjg
Reviewed by: mjg
Differential Revision:https://reviews.freebsd.org/D26160
Modified:
head/sys/kern/vfs_mount.c
Modified: head/sys/kern/vfs_mount.c
==
--- head/sys/kern/vfs_mount.c Wed Aug 26 21:41:14 2020(r364843)
+++ head/sys/kern/vfs_mount.c Wed Aug 26 21:49:43 2020(r364844)
@@ -969,11 +969,14 @@ vfs_domount_first(
if ((error = VFS_MOUNT(mp)) != 0 ||
(error1 = VFS_STATFS(mp, &mp->mnt_stat)) != 0 ||
(error1 = VFS_ROOT(mp, LK_EXCLUSIVE, &newdp)) != 0) {
+ rootvp = NULL;
if (error1 != 0) {
error = error1;
rootvp = vfs_cache_root_clear(mp);
- if (rootvp != NULL)
+ if (rootvp != NULL) {
+ vhold(rootvp);
vrele(rootvp);
+ }
if ((error1 = VFS_UNMOUNT(mp, 0)) != 0)
printf("VFS_UNMOUNT returned %d\n", error1);
}
@@ -983,6 +986,10 @@ vfs_domount_first(
VI_LOCK(vp);
vp->v_iflag &= ~VI_MOUNT;
VI_UNLOCK(vp);
+ if (rootvp != NULL) {
+ vn_seqc_write_end(rootvp);
+ vdrop(rootvp);
+ }
vn_seqc_write_end(vp);
vrele(vp);
return (error);
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364836 - head/sys/sys
Author: rmacklem
Date: Wed Aug 26 20:56:05 2020
New Revision: 364836
URL: https://svnweb.freebsd.org/changeset/base/364836
Log:
Add MNT_EXTLSxxx flags that will be used for NFS over TLS exports.
These flags are not currently used, but will be used by future commits to
implement export(5) requirements for the use of NFS over TLS by clients.
Reviewed by: kib
Differential Revision:https://reviews.freebsd.org/D26180
Modified:
head/sys/sys/mount.h
Modified: head/sys/sys/mount.h
==
--- head/sys/sys/mount.hWed Aug 26 20:30:00 2020(r364835)
+++ head/sys/sys/mount.hWed Aug 26 20:56:05 2020(r364836)
@@ -365,6 +365,9 @@ struct mntoptnames {
#defineMNT_EXPORTANON 0x0400ULL /* anon uid mapping for
all */
#defineMNT_EXKERB 0x0800ULL /* exported with
Kerberos */
#defineMNT_EXPUBLIC0x2000ULL /* public export
(WebNFS) */
+#defineMNT_EXTLS 0x0040ULL /* require TLS */
+#defineMNT_EXTLSCERT 0x0080ULL /* require TLS with
client cert */
+#defineMNT_EXTLSCERTUSER 0x0100ULL /* require TLS with
user cert */
/*
* Flags set by internal operations,
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364744 - head/sys/kern
Author: rmacklem
Date: Tue Aug 25 00:58:14 2020
New Revision: 364744
URL: https://svnweb.freebsd.org/changeset/base/364744
Log:
Fix hangs with processes stuck sleeping on btalloc on i386.
r358097 introduced a problem for i386, where kernel builds will intermittently
get hung, typically with many processes sleeping on "btalloc".
I know nothing about VM, but received assistance from rlibby@ and markj@.
rlibby@ stated the following:
It looks like the problem is that
for systems that do not have UMA_MD_SMALL_ALLOC, we do
uma_zone_set_allocf(vmem_bt_zone, vmem_bt_alloc);
but we haven't set an appropriate free function. This is probably why
UMA_ZONE_NOFREE was originally there. When NOFREE was removed, it was
appropriate for systems with uma_small_alloc.
So by default we get page_free as our free function. That calls
kmem_free, which calls vmem_free ... but we do our allocs with
vmem_xalloc. I'm not positive, but I think the problem is that in
effect we vmem_xalloc -> vmem_free, not vmem_xfree.
Three possible fixes:
1: The one you tested, but this is not best for systems with
uma_small_alloc.
2: Pass UMA_ZONE_NOFREE conditional on UMA_MD_SMALL_ALLOC.
3: Actually provide an appropriate vmem_bt_free function.
I think we should just do option 2 with a comment, it's simple and it's
what we used to do. I'm not sure how much benefit we would see from
option 3, but it's more work.
This patch implements #2. I haven't done a comment, since I don't know
what the problem is.
markj@ noted the following:
I think the suggested patch is ok, but not for the reason stated.
On platforms without a direct map the problem is:
to allocate btags we need a slab,
and to allocate a slab we need to map a page, and to map a page we need
to allocate btags.
We handle this recursion using a custom slab allocator which specifies
M_USE_RESERVE, allowing it to dip into a reserve of free btags.
Because the returned slab can be used to keep the reserve populated,
this ensures that there are always enough free btags available to
handle the recursion.
UMA_ZONE_NOFREE ensures that we never reclaim free slabs from the zone.
However, when it was removed, an apparent bug in UMA was exposed:
keg_drain() ignores the reservation set by uma_zone_reserve()
in vmem_startup().
So under memory pressure we reclaim the free btags that are needed to
break the recursion.
That's why adding _NOFREE back fixes the problem: it disables the
reclamation.
We could perhaps fix it more cleverly, by modifying keg_drain() to always
leave uk_reserve slabs available.
markj@'s initial patch failed testing, so committing this patch was agreed
upon as the interim solution.
Either rlibby@ or markj@ might choose to add a comment to it.
PR: 248008
Reviewed by: rlibby, markj
Modified:
head/sys/kern/subr_vmem.c
Modified: head/sys/kern/subr_vmem.c
==
--- head/sys/kern/subr_vmem.c Tue Aug 25 00:49:57 2020(r364743)
+++ head/sys/kern/subr_vmem.c Tue Aug 25 00:58:14 2020(r364744)
@@ -668,10 +668,14 @@ vmem_startup(void)
vmem_zone = uma_zcreate("vmem",
sizeof(struct vmem), NULL, NULL, NULL, NULL,
UMA_ALIGN_PTR, 0);
+#ifdef UMA_MD_SMALL_ALLOC
vmem_bt_zone = uma_zcreate("vmem btag",
sizeof(struct vmem_btag), NULL, NULL, NULL, NULL,
UMA_ALIGN_PTR, UMA_ZONE_VM);
-#ifndef UMA_MD_SMALL_ALLOC
+#else
+ vmem_bt_zone = uma_zcreate("vmem btag",
+ sizeof(struct vmem_btag), NULL, NULL, NULL, NULL,
+ UMA_ALIGN_PTR, UMA_ZONE_VM | UMA_ZONE_NOFREE);
mtx_init(&vmem_bt_lock, "btag lock", NULL, MTX_DEF);
uma_prealloc(vmem_bt_zone, BT_MAXALLOC);
/*
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364477 - head
Author: rmacklem Date: Sat Aug 22 04:07:44 2020 New Revision: 364477 URL: https://svnweb.freebsd.org/changeset/base/364477 Log: Add an entry for r364475. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Sat Aug 22 04:01:05 2020(r364476) +++ head/UPDATING Sat Aug 22 04:07:44 2020(r364477) @@ -26,6 +26,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200821: + r362275 changed the internal API between the kernel RPC and the + NFS modules. As such, all the modules must be recompiled from + sources. + 20200817: r364330 modified the internal API used between the NFS modules. As such, all the NFS modules must be re-compiled from sources. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364476 - head/sys/sys
Author: rmacklem Date: Sat Aug 22 04:01:05 2020 New Revision: 364476 URL: https://svnweb.freebsd.org/changeset/base/364476 Log: r364475 changed the internal API between the kernel RPC and NFS, so bump version. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hSat Aug 22 03:57:55 2020(r364475) +++ head/sys/sys/param.hSat Aug 22 04:01:05 2020(r364476) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300110 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300111 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364475 - in head/sys: conf modules/krpc rpc rpc/rpcsec_tls
Author: rmacklem
Date: Sat Aug 22 03:57:55 2020
New Revision: 364475
URL: https://svnweb.freebsd.org/changeset/base/364475
Log:
Add TLS support to the kernel RPC.
An internet draft titled "Towards Remote Procedure Call Encryption By Default"
describes how TLS is to be used for Sun RPC, with NFS as an intended use case.
This patch adds client and server support for this to the kernel RPC,
using KERN_TLS and upcalls to daemons for the handshake, peer reset and
other non-application data record cases.
The upcalls to the daemons use three fields to uniquely identify the
TCP connection. They are the time.tv_sec, time.tv_usec of the connection
establshment, plus a 64bit sequence number. The time fields avoid problems
with re-use of the sequence number after a daemon restart.
For the server side, once a Null RPC with AUTH_TLS is received, kernel
reception on the socket is blocked and an upcall to the rpctlssd(8) daemon
is done to perform the TLS handshake. Upon completion, the completion
status of the handshake is stored in xp_tls as flag bits and the reply to
the Null RPC is sent.
For the client, if CLSET_TLS has been set, a new TCP connection will
send the Null RPC with AUTH_TLS to initiate the handshake. The client
kernel RPC code will then block kernel I/O on the socket and do an upcall
to the rpctlscd(8) daemon to perform the handshake.
If the upcall is successful, ct_rcvstate will be maintained to indicate
if/when an upcall is being done.
If non-application data records are received, the code does an upcall to
the appropriate daemon, which will do a SSL_read() of 0 length to handle
the record(s).
When the socket is being shut down, upcalls are done to the daemons, so
that they can perform SSL_shutdown() calls to perform the "peer reset".
The rpctlssd(8) and rpctlscd(8) daemons require a patched version of the
openssl library and, as such, will not be committed to head at this time.
Although the changes done by this patch are fairly numerous, there should
be no semantics change to the kernel RPC at this time.
A future commit to the NFS code will optionally enable use of TLS for NFS.
Added:
head/sys/rpc/rpcsec_tls/
head/sys/rpc/rpcsec_tls/auth_tls.c (contents, props changed)
head/sys/rpc/rpcsec_tls/rpctls_impl.c (contents, props changed)
head/sys/rpc/rpcsec_tls/rpctlscd.x (contents, props changed)
head/sys/rpc/rpcsec_tls/rpctlssd.x (contents, props changed)
Modified:
head/sys/conf/files
head/sys/modules/krpc/Makefile
head/sys/rpc/auth.h
head/sys/rpc/clnt_bck.c
head/sys/rpc/clnt_rc.c
head/sys/rpc/clnt_vc.c
head/sys/rpc/krpc.h
head/sys/rpc/rpc_generic.c
head/sys/rpc/rpcsec_tls.h
head/sys/rpc/svc.h
head/sys/rpc/svc_auth.c
head/sys/rpc/svc_vc.c
Modified: head/sys/conf/files
==
--- head/sys/conf/files Sat Aug 22 01:10:59 2020(r364474)
+++ head/sys/conf/files Sat Aug 22 03:57:55 2020(r364475)
@@ -4868,6 +4868,41 @@ rpc/svc_auth_unix.c optional krpc |
nfslockd | nfscl
rpc/svc_dg.c optional krpc | nfslockd | nfscl | nfsd
rpc/svc_generic.c optional krpc | nfslockd | nfscl | nfsd
rpc/svc_vc.c optional krpc | nfslockd | nfscl | nfsd
+#
+# Kernel RPC-over-TLS
+#
+rpctlscd.h optional krpc | nfslockd | nfscl | nfsd \
+ dependency "$S/rpc/rpcsec_tls/rpctlscd.x"
\
+ compile-with"RPCGEN_CPP='${CPP}' rpcgen -hM
$S/rpc/rpcsec_tls/rpctlscd.x | grep -v pthread.h > rpctlscd.h" \
+ no-obj no-implicit-rule before-depend local \
+ clean "rpctlscd.h"
+rpctlscd_xdr.c optional krpc | nfslockd | nfscl | nfsd \
+ dependency "$S/rpc/rpcsec_tls/rpctlscd.x rpctlscd.h"
\
+ compile-with"RPCGEN_CPP='${CPP}' rpcgen -c
$S/rpc/rpcsec_tls/rpctlscd.x -o rpctlscd_xdr.c" no-ctfconvert \
+ no-implicit-rule before-depend local\
+ clean "rpctlscd_xdr.c"
+rpctlscd_clnt.coptional krpc | nfslockd | nfscl | nfsd
\
+ dependency "$S/rpc/rpcsec_tls/rpctlscd.x rpctlscd.h"
\
+ compile-with"RPCGEN_CPP='${CPP}' rpcgen -lM
$S/rpc/rpcsec_tls/rpctlscd.x | grep -v string.h > rpctlscd_clnt.c"
no-ctfconvert \
+ no-implicit-rule before-depend local\
+ clean "rpctlscd_clnt.c"
+rpctlssd.h optional krpc | nfslockd | nfscl | nfsd \
+ dependency "$S/rpc/rpcsec_tls/rpctlssd.x"
\
+ compile-with"RPCGEN_CPP='${CPP}' rpcgen -hM
$S/rpc/rpcsec_tls/rpctlssd.x | grep -v pthread.h > rpctlssd.h" \
+ no-obj no-implicit-rule before-depend local
Re: svn commit: r364409 - in head/sys: kern sys
Done, I guess?
I had never ever heard of this until now, but. by inspection,
it seems to want the kernel only MSG_xxx flags listed, so
I added MSG_TLSAPPDATA.
If this is not correct, please let me know what needs to be done, rick
From: Brandon Bergren
Sent: Wednesday, August 19, 2020 9:14 PM
To: Rick Macklem; src-committ...@freebsd.org; svn-src-...@freebsd.org;
svn-src-head@freebsd.org
Subject: Re: svn commit: r364409 - in head/sys: kern sys
CAUTION: This email originated from outside of the University of Guelph. Do not
click links or open attachments unless you recognize the sender and know the
content is safe. If in doubt, forward suspicious emails to ith...@uoguelph.ca
This broke world build.
Please update the blacklist in lib/sysdecode/mktables.
On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote:
> Author: rmacklem
> Date: Wed Aug 19 23:42:33 2020
> New Revision: 364409
> URL: https://svnweb.freebsd.org/changeset/base/364409
>
> Log:
> Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application
> TLS
> data records.
>
> The kernel RPC cannot process non-application data records when
> using TLS. It must to an upcall to a userspace daemon that will
> call SSL_read() to process them.
>
> This patch adds a new flag called MSG_TLSAPPDATA that the kernel
> RPC can use to tell sorecieve() to return ENXIO instead of a non-application
> data record, when that is what is at the top of the receive queue.
> I put the code in #ifdef KERN_TLS/#endif, although it will build without
> that, so that it is recognized as only useful when KERN_TLS is enabled.
> The alternative to doing this is to have the kernel RPC re-queue the
> non-application data message after receiving it, but that seems more
> complicated and might introduce message ordering issues when there
> are multiple non-application data records one after another.
>
> I do not know what, if any, changes will be required to support TLS1.3.
>
> Reviewed by:glebius
> Differential Revision: https://reviews.freebsd.org/D25923
>
> Modified:
> head/sys/kern/uipc_socket.c
> head/sys/sys/socket.h
>
> Modified: head/sys/kern/uipc_socket.c
> ==
> --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020
> (r364408)
> +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020
> (r364409)
> @@ -2056,6 +2056,32 @@ dontblock:
> if (m != NULL && m->m_type == MT_CONTROL) {
> struct mbuf *cm = NULL, *cmn;
> struct mbuf **cme = &cm;
> +#ifdef KERN_TLS
> + struct cmsghdr *cmsg;
> + struct tls_get_record tgr;
> +
> + /*
> + * For MSG_TLSAPPDATA, check for a non-application data
> + * record. If found, return ENXIO without removing
> + * it from the receive queue. This allows a subsequent
> + * call without MSG_TLSAPPDATA to receive it.
> + * Note that, for TLS, there should only be a single
> + * control mbuf with the TLS_GET_RECORD message in it.
> + */
> + if (flags & MSG_TLSAPPDATA) {
> + cmsg = mtod(m, struct cmsghdr *);
> + if (cmsg->cmsg_type == TLS_GET_RECORD &&
> + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
> + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
> + /* This will need to change for TLS 1.3. */
> + if (tgr.tls_type != TLS_RLTYPE_APP) {
> + SOCKBUF_UNLOCK(&so->so_rcv);
> + error = ENXIO;
> + goto release;
> + }
> + }
> + }
> +#endif
>
> do {
> if (flags & MSG_PEEK) {
>
> Modified: head/sys/sys/socket.h
> ==
> --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408)
> +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409)
> @@ -468,6 +468,7 @@ struct msghdr {
> #endif
> #ifdef _KERNEL
> #define MSG_MORETOCOME 0x0010 /* additional data pending */
> +#define MSG_TLSAPPDATA 0x0020 /* only soreceive() app. data
> (TLS) */
> #endif
>
> /*
>
--
Brandon Bergren
bdra...@imap.cc
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364415 - head/lib/libsysdecode
Author: rmacklem Date: Thu Aug 20 03:53:18 2020 New Revision: 364415 URL: https://svnweb.freebsd.org/changeset/base/364415 Log: Add MSG_TLSAPPDATA to lib/libsysdecode/mktables. I have no idea what this does (and until now that it even existed), but apparently it needs this entry changed for the MSG_TLSAPPDATA, since it is kernel only. Modified: head/lib/libsysdecode/mktables Modified: head/lib/libsysdecode/mktables == --- head/lib/libsysdecode/mktables Thu Aug 20 02:54:44 2020 (r364414) +++ head/lib/libsysdecode/mktables Thu Aug 20 03:53:18 2020 (r364415) @@ -153,7 +153,7 @@ gen_table "seekwhence" "SEEK_[A-Z]+[[:space:]]+[0 gen_table "fcntlcmd""F_[A-Z0-9_]+[[:space:]]+[0-9]+[[:space:]]+" "sys/fcntl.h" "F_CANCEL|F_..LCK" gen_table "mmapflags" "MAP_[A-Z_]+[[:space:]]+0x[0-9A-Fa-f]+" "sys/mman.h" gen_table "rtpriofuncs" "RTP_[A-Z]+[[:space:]]+[0-9]+" "sys/rtprio.h" -gen_table "msgflags""MSG_[A-Z]+[[:space:]]+0x[0-9]+" "sys/socket.h" "MSG_SOCALLBCK|MSG_MORETOCOME" +gen_table "msgflags""MSG_[A-Z]+[[:space:]]+0x[0-9]+" "sys/socket.h" "MSG_SOCALLBCK|MSG_MORETOCOME|MSG_TLSAPPDATA" gen_table "sigcode" "SI_[A-Z]+[[:space:]]+0(x[0-9abcdef]+)?" "sys/signal.h" gen_table "umtxcvwaitflags" "CVWAIT_[A-Z_]+[[:space:]]+0x[0-9]+" "sys/umtx.h" gen_table "umtxrwlockflags" "URWLOCK_PREFER_READER[[:space:]]+0x[0-9]+" "sys/umtx.h" ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364409 - in head/sys: kern sys
Author: rmacklem
Date: Wed Aug 19 23:42:33 2020
New Revision: 364409
URL: https://svnweb.freebsd.org/changeset/base/364409
Log:
Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application TLS
data records.
The kernel RPC cannot process non-application data records when
using TLS. It must to an upcall to a userspace daemon that will
call SSL_read() to process them.
This patch adds a new flag called MSG_TLSAPPDATA that the kernel
RPC can use to tell sorecieve() to return ENXIO instead of a non-application
data record, when that is what is at the top of the receive queue.
I put the code in #ifdef KERN_TLS/#endif, although it will build without
that, so that it is recognized as only useful when KERN_TLS is enabled.
The alternative to doing this is to have the kernel RPC re-queue the
non-application data message after receiving it, but that seems more
complicated and might introduce message ordering issues when there
are multiple non-application data records one after another.
I do not know what, if any, changes will be required to support TLS1.3.
Reviewed by: glebius
Differential Revision:https://reviews.freebsd.org/D25923
Modified:
head/sys/kern/uipc_socket.c
head/sys/sys/socket.h
Modified: head/sys/kern/uipc_socket.c
==
--- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020(r364408)
+++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020(r364409)
@@ -2056,6 +2056,32 @@ dontblock:
if (m != NULL && m->m_type == MT_CONTROL) {
struct mbuf *cm = NULL, *cmn;
struct mbuf **cme = &cm;
+#ifdef KERN_TLS
+ struct cmsghdr *cmsg;
+ struct tls_get_record tgr;
+
+ /*
+* For MSG_TLSAPPDATA, check for a non-application data
+* record. If found, return ENXIO without removing
+* it from the receive queue. This allows a subsequent
+* call without MSG_TLSAPPDATA to receive it.
+* Note that, for TLS, there should only be a single
+* control mbuf with the TLS_GET_RECORD message in it.
+*/
+ if (flags & MSG_TLSAPPDATA) {
+ cmsg = mtod(m, struct cmsghdr *);
+ if (cmsg->cmsg_type == TLS_GET_RECORD &&
+ cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
+ memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
+ /* This will need to change for TLS 1.3. */
+ if (tgr.tls_type != TLS_RLTYPE_APP) {
+ SOCKBUF_UNLOCK(&so->so_rcv);
+ error = ENXIO;
+ goto release;
+ }
+ }
+ }
+#endif
do {
if (flags & MSG_PEEK) {
Modified: head/sys/sys/socket.h
==
--- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408)
+++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409)
@@ -468,6 +468,7 @@ struct msghdr {
#endif
#ifdef _KERNEL
#defineMSG_MORETOCOME 0x0010 /* additional data pending */
+#defineMSG_TLSAPPDATA 0x0020 /* only soreceive() app. data
(TLS) */
#endif
/*
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364332 - head
Author: rmacklem Date: Tue Aug 18 02:02:36 2020 New Revision: 364332 URL: https://svnweb.freebsd.org/changeset/base/364332 Log: Add an entry to UPDATING for r364330. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Tue Aug 18 01:57:48 2020(r364331) +++ head/UPDATING Tue Aug 18 02:02:36 2020(r364332) @@ -26,6 +26,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200817: + r364330 modified the internal API used between the NFS modules. + As such, all the NFS modules must be re-compiled from sources. + 20200816: Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have been upgraded to 11.0.0. Please see the 20141231 entry below for ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364331 - head/sys/sys
Author: rmacklem Date: Tue Aug 18 01:57:48 2020 New Revision: 364331 URL: https://svnweb.freebsd.org/changeset/base/364331 Log: Bump __FreeBSD_version for r364330, since it changed the internal API between the NFS modules such that they all need to be re-compiled from sources. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hTue Aug 18 01:41:12 2020(r364330) +++ head/sys/sys/param.hTue Aug 18 01:57:48 2020(r364331) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300109 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300110 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364330 - in head/sys/fs: nfs nfsclient nfsserver
Author: rmacklem
Date: Tue Aug 18 01:41:12 2020
New Revision: 364330
URL: https://svnweb.freebsd.org/changeset/base/364330
Log:
Delete the unused "use_ext" argument to nfscl_reqstart().
This is a partial revert of r363210, since the "use_ext" argument added
by that commit is not actually useful.
This patch should not result in any semantics change.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfs_var.h
head/sys/fs/nfs/nfscl.h
head/sys/fs/nfsclient/nfs_clrpcops.c
head/sys/fs/nfsserver/nfs_nfsdport.c
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cMon Aug 17 21:30:49 2020
(r364329)
+++ head/sys/fs/nfs/nfs_commonsubs.cTue Aug 18 01:41:12 2020
(r364330)
@@ -319,7 +319,7 @@ static int nfs_bigrequest[NFSV42_NPROCS] = {
void
nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
u_int8_t *nfhp, int fhlen, u_int32_t **opcntpp, struct nfsclsession *sep,
-int vers, int minorvers, bool use_ext)
+int vers, int minorvers)
{
struct mbuf *mb;
u_int32_t *tl;
@@ -352,26 +352,18 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum,
}
nd->nd_procnum = procnum;
nd->nd_repstat = 0;
- nd->nd_maxextsiz = 16384;
- if (use_ext && mb_use_ext_pgs && PMAP_HAS_DMAP != 0)
- nd->nd_flag |= ND_EXTPG;
+ nd->nd_maxextsiz = 0;
/*
* Get the first mbuf for the request.
*/
- if ((nd->nd_flag & ND_EXTPG) != 0) {
- mb = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK);
- nd->nd_mreq = nd->nd_mb = mb;
- nfsm_set(nd, 0);
- } else {
- if (nfs_bigrequest[procnum])
- NFSMCLGET(mb, M_WAITOK);
- else
- NFSMGET(mb);
- mb->m_len = 0;
- nd->nd_mreq = nd->nd_mb = mb;
- nd->nd_bpos = mtod(mb, char *);
- }
+ if (nfs_bigrequest[procnum])
+ NFSMCLGET(mb, M_WAITOK);
+ else
+ NFSMGET(mb);
+ mb->m_len = 0;
+ nd->nd_mreq = nd->nd_mb = mb;
+ nd->nd_bpos = mtod(mb, char *);
/*
* And fill the first file handle into the request.
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Mon Aug 17 21:30:49 2020(r364329)
+++ head/sys/fs/nfs/nfs_var.h Tue Aug 18 01:41:12 2020(r364330)
@@ -312,7 +312,7 @@ void nfsrc_trimcache(uint64_t, uint32_t, int);
/* nfs_commonsubs.c */
void nfscl_reqstart(struct nfsrv_descript *, int, struct nfsmount *,
-u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int, bool);
+u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int);
void nfsm_stateidtom(struct nfsrv_descript *, nfsv4stateid_t *, int);
void nfscl_fillsattr(struct nfsrv_descript *, struct vattr *,
vnode_t, int, u_int32_t);
Modified: head/sys/fs/nfs/nfscl.h
==
--- head/sys/fs/nfs/nfscl.h Mon Aug 17 21:30:49 2020(r364329)
+++ head/sys/fs/nfs/nfscl.h Tue Aug 18 01:41:12 2020(r364330)
@@ -52,7 +52,7 @@ struct nfsv4node {
#defineNFSCL_REQSTART(n, p, v)
\
nfscl_reqstart((n), (p), VFSTONFS((v)->v_mount),\
VTONFS(v)->n_fhp->nfh_fh, VTONFS(v)->n_fhp->nfh_len, NULL, \
- NULL, 0, 0, false)
+ NULL, 0, 0)
/*
* These two macros convert between a lease duration and renew interval.
Modified: head/sys/fs/nfsclient/nfs_clrpcops.c
==
--- head/sys/fs/nfsclient/nfs_clrpcops.cMon Aug 17 21:30:49 2020
(r364329)
+++ head/sys/fs/nfsclient/nfs_clrpcops.cTue Aug 18 01:41:12 2020
(r364330)
@@ -499,8 +499,7 @@ nfsrpc_openrpc(struct nfsmount *nmp, vnode_t vp, u_int
dp = *dpp;
*dpp = NULL;
- nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL, 0, 0,
- false);
+ nfscl_reqstart(nd, NFSPROC_OPEN, nmp, nfhp, fhlen, NULL, NULL, 0, 0);
NFSM_BUILD(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
*tl++ = txdr_unsigned(mode & NFSV4OPEN_ACCESSBOTH);
@@ -856,7 +855,7 @@ nfsrpc_closerpc(struct nfsrv_descript *nd, struct nfsm
int error;
nfscl_reqstart(nd, NFSPROC_CLOSE, nmp, op->nfso_fh,
- op->nfso_fhlen, NULL, NULL, 0, 0, false);
+ op->nfso_fhlen, NULL, NULL, 0, 0);
NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED + NFSX_STATEID);
*tl++ = txdr_unsigned(op->nfso_own->nfsow_seqid);
if (NFSHASNFSV4N(nmp))
@@ -899,7 +898,7 @@ nfsrpc_openconfir
svn commit: r364138 - head/sys/fs/nfsclient
Author: rmacklem
Date: Wed Aug 12 04:35:49 2020
New Revision: 364138
URL: https://svnweb.freebsd.org/changeset/base/364138
Log:
Fix a bug introduced by r363001 for the ext_pgs case.
r363001 added support for ext_pgs mbufs to nfsm_uiombuf().
By inspection, I noticed that "mlen" was not set non-zero and, as such, there
would be an iteration of the loop that did nothing.
This patch sets it.
This bug would have no effect on the system, since the ext_pgs mbuf code
is not yet enabled.
Modified:
head/sys/fs/nfsclient/nfs_clcomsubs.c
Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c
==
--- head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Aug 12 03:00:17 2020
(r364137)
+++ head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Aug 12 04:35:49 2020
(r364138)
@@ -92,7 +92,7 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui
nd->nd_maxextsiz, &nd->nd_bextpg);
mcp = (char *)(void *)PHYS_TO_DMAP(
mp->m_epg_pa[nd->nd_bextpg]);
- nd->nd_bextpgsiz = PAGE_SIZE;
+ nd->nd_bextpgsiz = mlen = PAGE_SIZE;
} else {
if (clflg)
NFSMCLGET(mp, M_WAITOK);
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364096 - head
Author: rmacklem Date: Tue Aug 11 02:05:09 2020 New Revision: 364096 URL: https://svnweb.freebsd.org/changeset/base/364096 Log: Add an UPDATING entry for r364092, since it did a version bump. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Tue Aug 11 01:34:40 2020(r364095) +++ head/UPDATING Tue Aug 11 02:05:09 2020(r364096) @@ -26,6 +26,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200810: + r364092 modified the internal ABI used between the kernel NFS + modules. As such, all of these modules need to be rebuilt + from sources, so a version bump was done. + 20200807: Makefile.inc has been updated to work around the issue documented in 20200729. It was a case where the optimization of using symbolic links ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364092 - in head/sys: fs/nfs fs/nfsclient fs/nfsserver rpc sys
Author: rmacklem
Date: Tue Aug 11 00:26:45 2020
New Revision: 364092
URL: https://svnweb.freebsd.org/changeset/base/364092
Log:
Add an argument to newnfs_connect() that indicates use TLS for the connection.
For NFSv4.0, the server creates a server->client TCP connection for callbacks.
If the client mount on the server is using TLS, enable TLS for this callback
TCP connection.
TLS connections from clients will not be supported until the kernel RPC
changes are committed.
Since this changes the internal ABI between the NFS kernel modules that
will require a version bump, delete newnfs_trimtrailing(), which is no
longer used.
Since LCL_TLSCB is not yet set, these changes should not have any semantic
affect at this time.
Modified:
head/sys/fs/nfs/nfs.h
head/sys/fs/nfs/nfs_commonkrpc.c
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfs_var.h
head/sys/fs/nfsclient/nfs_clrpcops.c
head/sys/fs/nfsclient/nfs_clvfsops.c
head/sys/fs/nfsserver/nfs_nfsdstate.c
head/sys/rpc/clnt.h
head/sys/sys/param.h
Modified: head/sys/fs/nfs/nfs.h
==
--- head/sys/fs/nfs/nfs.h Mon Aug 10 21:41:49 2020(r364091)
+++ head/sys/fs/nfs/nfs.h Tue Aug 11 00:26:45 2020(r364092)
@@ -336,6 +336,7 @@ struct nfsreferral {
#defineLCL_DONEBINDCONN0x0004
#defineLCL_RECLAIMONEFS0x0008
#defineLCL_NFSV42 0x0010
+#defineLCL_TLSCB 0x0020
#defineLCL_GSS LCL_KERBV /* Or of all mechs */
Modified: head/sys/fs/nfs/nfs_commonkrpc.c
==
--- head/sys/fs/nfs/nfs_commonkrpc.cMon Aug 10 21:41:49 2020
(r364091)
+++ head/sys/fs/nfs/nfs_commonkrpc.cTue Aug 11 00:26:45 2020
(r364092)
@@ -167,7 +167,7 @@ static int nfsv2_procid[NFS_V3NPROCS] = {
*/
int
newnfs_connect(struct nfsmount *nmp, struct nfssockreq *nrp,
-struct ucred *cred, NFSPROC_T *p, int callback_retry_mult)
+struct ucred *cred, NFSPROC_T *p, int callback_retry_mult, bool dotls)
{
int rcvreserve, sndreserve;
int pktscale, pktscalesav;
@@ -374,6 +374,8 @@ newnfs_connect(struct nfsmount *nmp, struct nfssockreq
} else {
retries = NFSV4_CALLBACKRETRY * callback_retry_mult;
}
+ if (dotls)
+ CLNT_CONTROL(client, CLSET_TLS, &one);
}
CLNT_CONTROL(client, CLSET_RETRIES, &retries);
@@ -586,7 +588,7 @@ newnfs_request(struct nfsrv_descript *nd, struct nfsmo
* and let clnt_reconnect_create handle reconnects.
*/
if (nrp->nr_client == NULL)
- newnfs_connect(nmp, nrp, cred, td, 0);
+ newnfs_connect(nmp, nrp, cred, td, 0, false);
/*
* For a client side mount, nmp is != NULL and clp == NULL. For
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cMon Aug 10 21:41:49 2020
(r364091)
+++ head/sys/fs/nfs/nfs_commonsubs.cTue Aug 11 00:26:45 2020
(r364092)
@@ -1058,25 +1058,6 @@ nfsaddr2_match(NFSSOCKADDR_T nam1, NFSSOCKADDR_T nam2)
}
/*
- * Trim trailing data off the mbuf list being built.
- */
-void
-newnfs_trimtrailing(nd, mb, bpos)
- struct nfsrv_descript *nd;
- struct mbuf *mb;
- caddr_t bpos;
-{
-
- if (mb->m_next) {
- m_freem(mb->m_next);
- mb->m_next = NULL;
- }
- mb->m_len = bpos - mtod(mb, caddr_t);
- nd->nd_mb = mb;
- nd->nd_bpos = bpos;
-}
-
-/*
* Dissect a file handle on the client.
*/
int
@@ -3650,7 +3631,7 @@ nfsrv_nfsuserdport(struct nfsuserd_args *nargs, NFSPRO
}
rp->nr_vers = RPCNFSUSERD_VERS;
if (error == 0)
- error = newnfs_connect(NULL, rp, NFSPROCCRED(p), p, 0);
+ error = newnfs_connect(NULL, rp, NFSPROCCRED(p), p, 0, false);
if (error == 0) {
NFSLOCKNAMEID();
nfsrv_nfsuserd = RUNNING;
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Mon Aug 10 21:41:49 2020(r364091)
+++ head/sys/fs/nfs/nfs_var.h Tue Aug 11 00:26:45 2020(r364092)
@@ -324,8 +324,6 @@ int nfsm_mbufuio(struct nfsrv_descript *, struct uio *
int nfsm_fhtom(struct nfsrv_descript *, u_int8_t *, int, int);
int nfsm_advance(struct nfsrv_descript *, int, int);
void *nfsm_dissct(struct nfsrv_descript *, int, int);
-void newnfs_trimtrailing(struct nfsrv_descript *, struct mbuf *,
-caddr_t);
void newnfs_copycred(struct nfscred *, struct ucred *);
void newnfs_copyincred(struct ucred *, struct nfscred *);
int nfsrv_dissectacl(struct nfsrv_descript *, NFSA
svn commit: r363748 - in head/sys/fs: nfs nfsserver
Author: rmacklem
Date: Fri Jul 31 23:35:49 2020
New Revision: 363748
URL: https://svnweb.freebsd.org/changeset/base/363748
Log:
Add optional support for ext_pgs mbufs to the NFS server's read, readlink
and getxattr operations.
This patch optionally enables generation of read, readlink and getxattr
replies
in ext_pgs mbufs. Since neither of ND_EXTPG or ND_TLS are currently ever set,
there is no change in semantics at this time.
It also corrects the message in a couple of panic()s that should never occur.
This is another in the series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
Use of ext_pgs mbufs will not be enabled until the kernel RPC is updated
to handle TLS.
Modified:
head/sys/fs/nfs/nfs_var.h
head/sys/fs/nfsserver/nfs_nfsdport.c
head/sys/fs/nfsserver/nfs_nfsdserv.c
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Fri Jul 31 23:02:17 2020(r363747)
+++ head/sys/fs/nfs/nfs_var.h Fri Jul 31 23:35:49 2020(r363748)
@@ -680,9 +680,9 @@ int nfsvno_namei(struct nfsrv_descript *, struct namei
vnode_t, int, struct nfsexstuff *, NFSPROC_T *, vnode_t *);
void nfsvno_setpathbuf(struct nameidata *, char **, u_long **);
void nfsvno_relpathbuf(struct nameidata *);
-int nfsvno_readlink(vnode_t, struct ucred *, NFSPROC_T *, struct mbuf **,
+int nfsvno_readlink(vnode_t, struct ucred *, int, NFSPROC_T *, struct mbuf **,
struct mbuf **, int *);
-int nfsvno_read(vnode_t, off_t, int, struct ucred *, NFSPROC_T *,
+int nfsvno_read(vnode_t, off_t, int, struct ucred *, int, NFSPROC_T *,
struct mbuf **, struct mbuf **);
int nfsvno_write(vnode_t, off_t, int, int *, struct mbuf *, char *,
struct ucred *, NFSPROC_T *);
@@ -748,7 +748,7 @@ int nfsvno_seek(struct nfsrv_descript *, struct vnode
bool *, struct ucred *, NFSPROC_T *);
int nfsvno_allocate(struct vnode *, off_t, off_t, struct ucred *, NFSPROC_T *);
int nfsvno_getxattr(struct vnode *, char *, uint32_t, struct ucred *,
-struct thread *, struct mbuf **, struct mbuf **, int *);
+uint64_t, int, struct thread *, struct mbuf **, struct mbuf **, int *);
int nfsvno_setxattr(struct vnode *, char *, int, struct mbuf *, char *,
struct ucred *, struct thread *);
int nfsvno_rmxattr(struct nfsrv_descript *, struct vnode *, char *,
Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
==
--- head/sys/fs/nfsserver/nfs_nfsdport.cFri Jul 31 23:02:17 2020
(r363747)
+++ head/sys/fs/nfsserver/nfs_nfsdport.cFri Jul 31 23:35:49 2020
(r363748)
@@ -108,6 +108,8 @@ extern struct nfsdevicehead nfsrv_devidhead;
static int nfsrv_createiovec(int, struct mbuf **, struct mbuf **,
struct iovec **);
+static int nfsrv_createiovec_extpgs(int, int, struct mbuf **,
+struct mbuf **, struct iovec **);
static int nfsrv_createiovecw(int, struct mbuf *, char *, struct iovec **,
int *);
static void nfsrv_pnfscreate(struct vnode *, struct vattr *, struct ucred *,
@@ -738,8 +740,8 @@ nfsvno_relpathbuf(struct nameidata *ndp)
* Readlink vnode op into an mbuf list.
*/
int
-nfsvno_readlink(struct vnode *vp, struct ucred *cred, struct thread *p,
-struct mbuf **mpp, struct mbuf **mpendp, int *lenp)
+nfsvno_readlink(struct vnode *vp, struct ucred *cred, int maxextsiz,
+struct thread *p, struct mbuf **mpp, struct mbuf **mpendp, int *lenp)
{
struct iovec *iv;
struct uio io, *uiop = &io;
@@ -747,7 +749,11 @@ nfsvno_readlink(struct vnode *vp, struct ucred *cred,
int len, tlen, error = 0;
len = NFS_MAXPATHLEN;
- uiop->uio_iovcnt = nfsrv_createiovec(len, &mp3, &mp, &iv);
+ if (maxextsiz > 0)
+ uiop->uio_iovcnt = nfsrv_createiovec_extpgs(len, maxextsiz,
+ &mp3, &mp, &iv);
+ else
+ uiop->uio_iovcnt = nfsrv_createiovec(len, &mp3, &mp, &iv);
uiop->uio_iov = iv;
uiop->uio_offset = 0;
uiop->uio_resid = len;
@@ -819,7 +825,7 @@ nfsrv_createiovec(int len, struct mbuf **mpp, struct m
i = 0;
while (left > 0) {
if (m == NULL)
- panic("nfsvno_read iov");
+ panic("nfsrv_createiovec iov");
siz = min(M_TRAILINGSPACE(m), left);
if (siz > 0) {
iv->iov_base = mtod(m, caddr_t) + m->m_len;
@@ -837,11 +843,76 @@ nfsrv_createiovec(int len, struct mbuf **mpp, struct m
}
/*
+ * Create an mbuf chain and an associated iovec that can be used to Read
+ * or Getextattr of data.
+ * Upon success, return pointers to the first and last mbufs in the chain
+ * plus the malloc'd
svn commit: r363677 - head/sys/fs/nfsserver
Author: rmacklem
Date: Wed Jul 29 22:58:08 2020
New Revision: 363677
URL: https://svnweb.freebsd.org/changeset/base/363677
Log:
Add support for ext_pgs mbufs to nfsrvd_readdir() and nfsrvd_readdirplus().
This patch code that optionally (based on ND_TLS, never set yet) generates
readdir replies in ext_pgs mbufs.
To trim the list back, a new function that is ext_pgs aware called
nfsm_trimtrailing() replaces newnfs_trimtrailing().
newnfs_trimtrailing() is no longer used, but will be removed in a future
commit, since its removal does modify the internal kpi between the NFS
modules.
This is another in the series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
Use of ext_pgs mbufs will not be enabled until the kernel RPC is updated
to handle TLS.
Modified:
head/sys/fs/nfsserver/nfs_nfsdport.c
Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
==
--- head/sys/fs/nfsserver/nfs_nfsdport.cWed Jul 29 22:10:25 2020
(r363676)
+++ head/sys/fs/nfsserver/nfs_nfsdport.cWed Jul 29 22:58:08 2020
(r363677)
@@ -144,6 +144,8 @@ static int nfsrv_dsremove(struct vnode *, char *, stru
static int nfsrv_dssetacl(struct vnode *, struct acl *, struct ucred *,
NFSPROC_T *);
static int nfsrv_pnfsstatfs(struct statfs *, struct mount *);
+static void nfsm_trimtrailing(struct nfsrv_descript *, struct mbuf *,
+char *, int, int);
int nfs_pnfsio(task_fn_t *, void *);
@@ -2043,6 +2045,17 @@ again:
vput(vp);
/*
+* If cnt > MCLBYTES and the reply will not be saved, use
+* ext_pgs mbufs for TLS.
+* For NFSv4.0, we do not know for sure if the reply will
+* be saved, so do not use ext_pgs mbufs for NFSv4.0.
+*/
+ if (cnt > MCLBYTES && siz > MCLBYTES &&
+ (nd->nd_flag & (ND_TLS | ND_EXTPG | ND_SAVEREPLY)) == ND_TLS &&
+ (nd->nd_flag & (ND_NFSV4 | ND_NFSV41)) != ND_NFSV4)
+ nd->nd_flag |= ND_EXTPG;
+
+ /*
* dirlen is the size of the reply, including all XDR and must
* not exceed cnt. For NFSv2, RFC1094 didn't clearly indicate
* if the XDR should be included in "count", but to be safe, we do.
@@ -2146,6 +2159,7 @@ nfsrvd_readdirplus(struct nfsrv_descript *nd, int isdg
struct mount *mp, *new_mp;
uint64_t mounted_on_fileno;
struct thread *p = curthread;
+ int bextpg0, bextpg1, bextpgsiz0, bextpgsiz1;
if (nd->nd_repstat) {
nfsrv_postopattr(nd, getret, &at);
@@ -2359,11 +2373,27 @@ again:
}
/*
+* If the reply is likely to exceed MCLBYTES and the reply will
+* not be saved, use ext_pgs mbufs for TLS.
+* It is difficult to predict how large each entry will be and
+* how many entries have been read, so just assume the directory
+* entries grow by a factor of 4 when attributes are included.
+* For NFSv4.0, we do not know for sure if the reply will
+* be saved, so do not use ext_pgs mbufs for NFSv4.0.
+*/
+ if (cnt > MCLBYTES && siz > MCLBYTES / 4 &&
+ (nd->nd_flag & (ND_TLS | ND_EXTPG | ND_SAVEREPLY)) == ND_TLS &&
+ (nd->nd_flag & (ND_NFSV4 | ND_NFSV41)) != ND_NFSV4)
+ nd->nd_flag |= ND_EXTPG;
+
+ /*
* Save this position, in case there is an error before one entry
* is created.
*/
mb0 = nd->nd_mb;
bpos0 = nd->nd_bpos;
+ bextpg0 = nd->nd_bextpg;
+ bextpgsiz0 = nd->nd_bextpgsiz;
/*
* Fill in the first part of the reply.
@@ -2385,6 +2415,8 @@ again:
*/
mb1 = nd->nd_mb;
bpos1 = nd->nd_bpos;
+ bextpg1 = nd->nd_bextpg;
+ bextpgsiz1 = nd->nd_bextpgsiz;
/* Loop through the records and build reply */
entrycnt = 0;
@@ -2401,6 +2433,8 @@ again:
*/
mb1 = nd->nd_mb;
bpos1 = nd->nd_bpos;
+ bextpg1 = nd->nd_bextpg;
+ bextpgsiz1 = nd->nd_bextpgsiz;
/*
* For readdir_and_lookup get the vnode using
@@ -2626,11 +2660,11 @@ invalid:
if (!nd->nd_repstat && entrycnt == 0)
nd->nd_repstat = NFSERR_TOOSMALL;
if (nd->nd_repstat) {
- newnfs_trimtrailing(nd, mb0, bpos0);
+ nfsm_trimtrailing(nd, mb0, bpos0, bextpg0, bextpgsiz0);
if (nd->nd_flag & ND_NFSV3)
nfsrv_postopattr(nd, getret, &at);
} else
- newnfs_trimtrailing(nd, mb1, bpos1);
+
svn commit: r363587 - head/sys/fs/nfs
Author: rmacklem
Date: Sun Jul 26 23:13:10 2020
New Revision: 363587
URL: https://svnweb.freebsd.org/changeset/base/363587
Log:
Fix the NFSv4 client so that it checks for support of TimeCreate before
trying to set it.
r362490 added support for setting of the TimeCreate (va_birthtime) attribute,
but it does so without checking to see if the server supports the attribute.
This could result in NFSERR_ATTRNOTSUPP error replies to the Setattr
operation.
This patch adds code to check that the server supports TimeCreate before
attempting to do a Setattr of it to avoid these error returns.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cSun Jul 26 23:03:41 2020
(r363586)
+++ head/sys/fs/nfs/nfs_commonsubs.cSun Jul 26 23:13:10 2020
(r363587)
@@ -504,6 +504,7 @@ nfscl_fillsattr(struct nfsrv_descript *nd, struct vatt
u_int32_t *tl;
struct nfsv2_sattr *sp;
nfsattrbit_t attrbits;
+ struct nfsnode *np;
switch (nd->nd_flag & (ND_NFSV2 | ND_NFSV3 | ND_NFSV4)) {
case ND_NFSV2:
@@ -605,8 +606,18 @@ nfscl_fillsattr(struct nfsrv_descript *nd, struct vatt
NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEACCESSSET);
if (vap->va_mtime.tv_sec != VNOVAL)
NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMEMODIFYSET);
- if (vap->va_birthtime.tv_sec != VNOVAL)
- NFSSETBIT_ATTRBIT(&attrbits, NFSATTRBIT_TIMECREATE);
+ if (vap->va_birthtime.tv_sec != VNOVAL &&
+ strcmp(vp->v_mount->mnt_vfc->vfc_name, "nfs") == 0) {
+ /*
+* We can only test for support of TimeCreate if
+* the "vp" argument is for an NFS vnode.
+*/
+ np = VTONFS(vp);
+ if (NFSISSET_ATTRBIT(&np->n_vattr.na_suppattr,
+ NFSATTRBIT_TIMECREATE))
+ NFSSETBIT_ATTRBIT(&attrbits,
+ NFSATTRBIT_TIMECREATE);
+ }
(void) nfsv4_fillattr(nd, vp->v_mount, vp, NULL, vap, NULL, 0,
&attrbits, NULL, NULL, 0, 0, 0, 0, (uint64_t)0, NULL);
break;
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r363586 - head/sys/fs/nfsserver
Author: rmacklem
Date: Sun Jul 26 23:03:41 2020
New Revision: 363586
URL: https://svnweb.freebsd.org/changeset/base/363586
Log:
Fix the NFS server so that it sets va_birthtime.
r362490 marked that the NFSv4 attribute TimeCreate (va_birthtime) is
supported,
but it did not change the NFS server code to actually do it.
As such, errors could occur when unrolling a tarball onto an NFSv4 mounted
volume, since setting TimeCreate would fail with a NFSERR_ATTRNOTSUPP reply.
This patch fixes the server so that it does TimeCreate and also makes
sure that TimeCreate will not be set for a DS file for a pNFS server.
A separate commit will add a check to the NFSv4 client for support of
the TimeCreate attribute before attempting to set it, to avoid a problem
when mounting a server that does not support the attribute.
The failures will still occur for r362490 or later kernels that do not
have this patch, since they indicate support for the attribute, but do not
actually support the attribute.
Modified:
head/sys/fs/nfsserver/nfs_nfsdport.c
Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
==
--- head/sys/fs/nfsserver/nfs_nfsdport.cSun Jul 26 22:30:55 2020
(r363585)
+++ head/sys/fs/nfsserver/nfs_nfsdport.cSun Jul 26 23:03:41 2020
(r363586)
@@ -459,6 +459,7 @@ nfsvno_setattr(struct vnode *vp, struct nfsvattr *nvap
{
u_quad_t savsize = 0;
int error, savedit;
+ time_t savbtime;
/*
* If this is an exported file system and a pNFS service is running,
@@ -490,9 +491,13 @@ nfsvno_setattr(struct vnode *vp, struct nfsvattr *nvap
nvap->na_vattr.va_mode != (mode_t)VNOVAL ||
nvap->na_vattr.va_atime.tv_sec != VNOVAL ||
nvap->na_vattr.va_mtime.tv_sec != VNOVAL)) {
+ /* Never modify birthtime on a DS file. */
+ savbtime = nvap->na_vattr.va_birthtime.tv_sec;
+ nvap->na_vattr.va_birthtime.tv_sec = VNOVAL;
/* For a pNFS server, set the attributes on the DS file. */
error = nfsrv_proxyds(vp, 0, 0, cred, p, NFSPROC_SETATTR,
NULL, NULL, NULL, nvap, NULL, NULL, 0, NULL);
+ nvap->na_vattr.va_birthtime.tv_sec = savbtime;
if (error == ENOENT)
error = 0;
}
@@ -2914,8 +2919,7 @@ nfsv4_sattr(struct nfsrv_descript *nd, vnode_t vp, str
break;
case NFSATTRBIT_TIMECREATE:
NFSM_DISSECT(tl, u_int32_t *, NFSX_V4TIME);
- if (!nd->nd_repstat)
- nd->nd_repstat = NFSERR_ATTRNOTSUPP;
+ fxdr_nfsv4time(tl, &nvap->na_btime);
attrsum += NFSX_V4TIME;
break;
case NFSATTRBIT_TIMEMODIFYSET:
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r363541 - in head/sys/fs: nfs nfsserver
Author: rmacklem
Date: Sun Jul 26 02:42:09 2020
New Revision: 363541
URL: https://svnweb.freebsd.org/changeset/base/363541
Log:
Add support for ext_pgs mbufs to nfsrv_adj().
This patch uses a slightly different algorithm for nfsrv_adj()
since ext_pgs mbuf lists are not permitted to have m_len == 0 mbufs.
As such, the code now frees mbufs after the adjustment in the list instead
of setting their m_len field to 0.
Since mbuf(s) may be trimmed off the tail of the list, the function now
returns a pointer to the last mbuf in the list. This saves the caller
from needing to use m_last() to find the last mbuf.
It also implies that it might return a nul list, which required a check for
that in nfsrvd_readlink().
This is another in the series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
Use of ext_pgs mbufs will not be enabled until the kernel RPC is updated
to handle TLS.
Modified:
head/sys/fs/nfs/nfs_var.h
head/sys/fs/nfsserver/nfs_nfsdport.c
head/sys/fs/nfsserver/nfs_nfsdserv.c
head/sys/fs/nfsserver/nfs_nfsdsubs.c
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Sun Jul 26 01:45:26 2020(r363540)
+++ head/sys/fs/nfs/nfs_var.h Sun Jul 26 02:42:09 2020(r363541)
@@ -391,7 +391,7 @@ int nfsv4_fillattr(struct nfsrv_descript *, struct mou
struct vattr *, fhandle_t *, int, nfsattrbit_t *,
struct ucred *, NFSPROC_T *, int, int, int, int, uint64_t, struct statfs
*);
void nfsrv_fillattr(struct nfsrv_descript *, struct nfsvattr *);
-void nfsrv_adj(struct mbuf *, int, int);
+struct mbuf *nfsrv_adj(struct mbuf *, int, int);
void nfsrv_postopattr(struct nfsrv_descript *, int, struct nfsvattr *);
int nfsd_errmap(struct nfsrv_descript *);
void nfsv4_uidtostr(uid_t, u_char **, int *);
Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
==
--- head/sys/fs/nfsserver/nfs_nfsdport.cSun Jul 26 01:45:26 2020
(r363540)
+++ head/sys/fs/nfsserver/nfs_nfsdport.cSun Jul 26 02:42:09 2020
(r363541)
@@ -757,7 +757,12 @@ nfsvno_readlink(struct vnode *vp, struct ucred *cred,
if (uiop->uio_resid > 0) {
len -= uiop->uio_resid;
tlen = NFSM_RNDUP(len);
- nfsrv_adj(mp3, NFS_MAXPATHLEN - tlen, tlen - len);
+ if (tlen == 0) {
+ m_freem(mp3);
+ mp3 = mp = NULL;
+ } else if (tlen != NFS_MAXPATHLEN || tlen != len)
+ mp = nfsrv_adj(mp3, NFS_MAXPATHLEN - tlen,
+ tlen - len);
}
*lenp = len;
*mpp = mp3;
@@ -872,9 +877,9 @@ nfsvno_read(struct vnode *vp, off_t off, int cnt, stru
tlen = NFSM_RNDUP(cnt);
if (tlen == 0) {
m_freem(m3);
- m3 = NULL;
+ m3 = m = NULL;
} else if (len != tlen || tlen != cnt)
- nfsrv_adj(m3, len - tlen, tlen - cnt);
+ m = nfsrv_adj(m3, len - tlen, tlen - cnt);
*mpp = m3;
*mpendp = m;
@@ -6247,7 +6252,11 @@ nfsvno_getxattr(struct vnode *vp, char *name, uint32_t
tlen = NFSM_RNDUP(len);
if (alen != tlen)
printf("nfsvno_getxattr: weird size read\n");
- nfsrv_adj(m, alen - tlen, tlen - len);
+ if (tlen == 0) {
+ m_freem(m);
+ m = m2 = NULL;
+ } else if (alen != tlen || tlen != len)
+ m2 = nfsrv_adj(m, alen - tlen, tlen - len);
}
*lenp = len;
*mpp = m;
Modified: head/sys/fs/nfsserver/nfs_nfsdserv.c
==
--- head/sys/fs/nfsserver/nfs_nfsdserv.cSun Jul 26 01:45:26 2020
(r363540)
+++ head/sys/fs/nfsserver/nfs_nfsdserv.cSun Jul 26 02:42:09 2020
(r363541)
@@ -690,9 +690,11 @@ nfsrvd_readlink(struct nfsrv_descript *nd, __unused in
goto out;
NFSM_BUILD(tl, u_int32_t *, NFSX_UNSIGNED);
*tl = txdr_unsigned(len);
- nd->nd_mb->m_next = mp;
- nd->nd_mb = mpend;
- nd->nd_bpos = mtod(mpend, caddr_t) + mpend->m_len;
+ if (mp != NULL) {
+ nd->nd_mb->m_next = mp;
+ nd->nd_mb = mpend;
+ nd->nd_bpos = mtod(mpend, caddr_t) + mpend->m_len;
+ }
out:
NFSEXITCODE2(0, nd);
Modified: head/sys/fs/nfsserver/nfs_nfsdsubs.c
==
--- head/sys/fs/nfsserver/nfs_nfsdsubs.cSun Jul 26 01:45:26 2020
(r
svn commit: r363499 - in head/sys/fs: nfs nfsclient
Author: rmacklem
Date: Fri Jul 24 23:17:09 2020
New Revision: 363499
URL: https://svnweb.freebsd.org/changeset/base/363499
Log:
Add support for ext_pgs mbufs to nfsm_uiombuflist() and nfsm_split().
This patch uses a slightly different algorithm for nfsm_uiombuflist() for
the non-ext_pgs case, where a variable called "mcp" is maintained, pointing to
the current location that mbuf data can be filled into. This avoids use of
mtod(mp, char *) + mp->m_len to calculate the location, since this does
not work for ext_pgs mbufs and I think it makes the algorithm more readable.
This change should not result in semantic changes for the non-ext_pgs case.
The patch also deletes come unneeded code.
It also adds support for anonymous page ext_pgs mbufs to nfsm_split().
This is another in the series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
At this time for this case, use of ext_pgs mbufs cannot be enabled, since
ktls_encrypt() replaces the unencrypted data with encrypted data in place.
Until such time as this can be enabled, there should be no semantic change.
Also, note that this code is only used by the NFS client for a mirrored pNFS
server.
Modified:
head/sys/fs/nfs/nfs_var.h
head/sys/fs/nfsclient/nfs_clcomsubs.c
head/sys/fs/nfsclient/nfs_clrpcops.c
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Fri Jul 24 23:15:42 2020(r363498)
+++ head/sys/fs/nfs/nfs_var.h Fri Jul 24 23:17:09 2020(r363499)
@@ -365,7 +365,7 @@ struct mbuf *nfsm_add_ext_pgs(struct mbuf *, int, int
/* nfs_clcomsubs.c */
void nfsm_uiombuf(struct nfsrv_descript *, struct uio *, int);
-struct mbuf *nfsm_uiombuflist(struct uio *, int, struct mbuf **, char **);
+struct mbuf *nfsm_uiombuflist(struct uio *, int, u_int);
nfsuint64 *nfscl_getcookie(struct nfsnode *, off_t off, int);
u_int8_t *nfscl_getmyip(struct nfsmount *, struct in6_addr *, int *);
int nfsm_getfh(struct nfsrv_descript *, struct nfsfh **);
Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c
==
--- head/sys/fs/nfsclient/nfs_clcomsubs.c Fri Jul 24 23:15:42 2020
(r363498)
+++ head/sys/fs/nfsclient/nfs_clcomsubs.c Fri Jul 24 23:17:09 2020
(r363499)
@@ -160,26 +160,33 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui
* NOTE: can ony handle iovcnt == 1
*/
struct mbuf *
-nfsm_uiombuflist(struct uio *uiop, int siz, struct mbuf **mbp, char **cpp)
+nfsm_uiombuflist(struct uio *uiop, int siz, u_int maxext)
{
char *uiocp;
struct mbuf *mp, *mp2, *firstmp;
- int i, left, mlen, rem, xfer;
+ int extpg, extpgsiz = 0, i, left, mlen, rem, xfer;
int uiosiz, clflg;
char *mcp, *tcp;
KASSERT(uiop->uio_iovcnt == 1, ("nfsm_uiotombuf: iovcnt != 1"));
- if (siz > ncl_mbuf_mlen)/* or should it >= MCLBYTES ?? */
- clflg = 1;
- else
- clflg = 0;
- if (clflg != 0)
- NFSMCLGET(mp, M_WAITOK);
- else
- NFSMGET(mp);
+ if (maxext > 0) {
+ mp = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK);
+ mcp = (char *)(void *)PHYS_TO_DMAP(mp->m_epg_pa[0]);
+ extpg = 0;
+ extpgsiz = PAGE_SIZE;
+ } else {
+ if (siz > ncl_mbuf_mlen) /* or should it >= MCLBYTES ?? */
+ clflg = 1;
+ else
+ clflg = 0;
+ if (clflg != 0)
+ NFSMCLGET(mp, M_WAITOK);
+ else
+ NFSMGET(mp);
+ mcp = mtod(mp, char *);
+ }
mp->m_len = 0;
- mcp = mtod(mp, char *);
firstmp = mp2 = mp;
rem = NFSM_RNDUP(siz) - siz;
while (siz > 0) {
@@ -189,17 +196,28 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu
left = siz;
uiosiz = left;
while (left > 0) {
- mlen = M_TRAILINGSPACE(mp);
- if (mlen == 0) {
- if (clflg)
- NFSMCLGET(mp, M_WAITOK);
- else
- NFSMGET(mp);
- mp->m_len = 0;
- mcp = mtod(mp, char *);
- mp2->m_next = mp;
- mp2 = mp;
+ if (maxext > 0)
+ mlen = extpgsiz;
+ else
mlen = M_TRAILINGSPACE(mp);
+
svn commit: r363437 - head/sys/fs/nfsclient
Author: rmacklem
Date: Wed Jul 22 23:33:37 2020
New Revision: 363437
URL: https://svnweb.freebsd.org/changeset/base/363437
Log:
Modify writing to mirrored pNFS DSs to prepare for use of ext_pgs mbufs.
This patch modifies writing to mirrored pNFS DSs slightly so that there is
only one m_copym() call for a mirrored pair instead of two of them.
This call replaces the custom nfsm_copym() call, which is no longer needed
and deleted by this patch. The patch does introduce a new nfsm_split()
function that only calls m_split() for the non-ext_pgs case.
The semantics of nfsm_uiombuflist() is changed to include code that nul
pads the generated mbuf list. This was done by nfsm_copym() prior to this
patch.
The main reason for this change is that it allows the data to be a list
of ext_pgs mbufs, since the m_copym() is for the entire mbuf list.
This support will be added in a future commit.
This patch only affects writing to mirrored flexible file layout pNFS servers.
Modified:
head/sys/fs/nfsclient/nfs_clcomsubs.c
head/sys/fs/nfsclient/nfs_clrpcops.c
Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c
==
--- head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Jul 22 22:51:14 2020
(r363436)
+++ head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Jul 22 23:33:37 2020
(r363437)
@@ -164,9 +164,9 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu
{
char *uiocp;
struct mbuf *mp, *mp2, *firstmp;
- int xfer, left, mlen;
+ int i, left, mlen, rem, xfer;
int uiosiz, clflg;
- char *tcp;
+ char *mcp, *tcp;
KASSERT(uiop->uio_iovcnt == 1, ("nfsm_uiotombuf: iovcnt != 1"));
@@ -179,7 +179,9 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu
else
NFSMGET(mp);
mp->m_len = 0;
+ mcp = mtod(mp, char *);
firstmp = mp2 = mp;
+ rem = NFSM_RNDUP(siz) - siz;
while (siz > 0) {
left = uiop->uio_iov->iov_len;
uiocp = uiop->uio_iov->iov_base;
@@ -194,18 +196,18 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu
else
NFSMGET(mp);
mp->m_len = 0;
+ mcp = mtod(mp, char *);
mp2->m_next = mp;
mp2 = mp;
mlen = M_TRAILINGSPACE(mp);
}
xfer = (left > mlen) ? mlen : left;
if (uiop->uio_segflg == UIO_SYSSPACE)
- NFSBCOPY(uiocp, mtod(mp, caddr_t) +
- mp->m_len, xfer);
+ NFSBCOPY(uiocp, mcp, xfer);
else
- copyin(uiocp, mtod(mp, caddr_t) +
- mp->m_len, xfer);
+ copyin(uiocp, mcp, xfer);
mp->m_len += xfer;
+ mcp += xfer;
left -= xfer;
uiocp += xfer;
uiop->uio_offset += xfer;
@@ -216,6 +218,13 @@ nfsm_uiombuflist(struct uio *uiop, int siz, struct mbu
uiop->uio_iov->iov_base = (void *)tcp;
uiop->uio_iov->iov_len -= uiosiz;
siz -= uiosiz;
+ }
+ if (rem > 0) {
+ KASSERT(rem <= M_TRAILINGSPACE(mp),
+ ("nfsm_uiombuflist: no space for padding"));
+ for (i = 0; i < rem; i++)
+ *mcp++ = '\0';
+ mp->m_len += rem;
}
if (cpp != NULL)
*cpp = mtod(mp, caddr_t) + mp->m_len;
Modified: head/sys/fs/nfsclient/nfs_clrpcops.c
==
--- head/sys/fs/nfsclient/nfs_clrpcops.cWed Jul 22 22:51:14 2020
(r363436)
+++ head/sys/fs/nfsclient/nfs_clrpcops.cWed Jul 22 23:33:37 2020
(r363437)
@@ -158,7 +158,6 @@ static int nfscl_dofflayoutio(vnode_t, struct uio *, i
nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *,
struct nfsclflayout *, uint64_t, uint64_t, int, int, struct mbuf *,
struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *);
-static struct mbuf *nfsm_copym(struct mbuf *, int, int);
static int nfsrpc_readds(vnode_t, struct uio *, nfsv4stateid_t *, int *,
struct nfsclds *, uint64_t, int, struct nfsfh *, int, int, int,
struct ucred *, NFSPROC_T *);
@@ -220,6 +219,7 @@ static int nfsrpc_copyrpc(vnode_t, off_t, vnode_t, off
struct nfsvattr *, int *, bool, int *, struct ucred *, NFSPROC_T *);
static int nfsrpc_seekrpc(vnode_t, off_t *, nfsv4stateid_t *, bool *,
int, struct nfsvattr *, int *, struct ucred *);
+static struct mbuf *nfsm_split(struct mbuf *,
svn commit: r363210 - head/sys/fs/nfsclient
Author: rmacklem Date: Wed Jul 15 01:26:28 2020 New Revision: 363210 URL: https://svnweb.freebsd.org/changeset/base/363210 Log: Fix the pNFS flexible file layout client for servers with small write size. The code in nfscl_dofflayout() loops when a flexible file layout server provides a small write data limit (no extant server is known to do this). If/when it looped, it erroneously reused the "drpc" argument for the mirror worker thread, corrupting it. This patch fixes the problem by only using the calling thread after the first loop iteration. Found during testing by simulating a server with a small write size. Since no extant pNFS server is known to provide a small write size, this fix it not needed in practice at this time. MFC after:2 weeks Modified: head/sys/fs/nfsclient/nfs_clrpcops.c Modified: head/sys/fs/nfsclient/nfs_clrpcops.c == --- head/sys/fs/nfsclient/nfs_clrpcops.cWed Jul 15 00:13:15 2020 (r363209) +++ head/sys/fs/nfsclient/nfs_clrpcops.cWed Jul 15 01:26:28 2020 (r363210) @@ -6248,10 +6248,17 @@ nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int * NFSCL_DEBUG(4, "mcopy reloff=%d xfer=%jd\n", rel_off, (uintmax_t)xfer); /* -* Do last write to a mirrored DS with this +* Do the writes after the first loop iteration +* and the write for the last mirror via this * thread. +* This loop only iterates for small values +* of nfsdi_wsize, which may never occur in +* practice. However, the drpc is completely +* used by the first iteration and, as such, +* cannot be used after that. */ - if (mirror < flp->nfsfl_mirrorcnt - 1) + if (mirror < flp->nfsfl_mirrorcnt - 1 && + rel_off == 0) error = nfsio_writedsmir(vp, iomode, must_commit, stateidp, *dspp, off, xfer, fhp, m, dp->nfsdi_vers, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r363137 - head/sys/fs/nfsclient
Author: rmacklem
Date: Mon Jul 13 01:28:45 2020
New Revision: 363137
URL: https://svnweb.freebsd.org/changeset/base/363137
Log:
Minor code cleanup that removes "nd->nd_bpos = mcp;" in both if and else.
The statement "nd->nd_bpos = mcp;" was in both the if and else. Correct,
but potentially confusing. This patch fixes this.
There should be no semantics change caused by this commit.
Modified:
head/sys/fs/nfsclient/nfs_clcomsubs.c
Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c
==
--- head/sys/fs/nfsclient/nfs_clcomsubs.c Sun Jul 12 20:59:52 2020
(r363136)
+++ head/sys/fs/nfsclient/nfs_clcomsubs.c Mon Jul 13 01:28:45 2020
(r363137)
@@ -145,13 +145,12 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui
for (left = 0; left < rem; left++)
*mcp++ = '\0';
mp->m_len += rem;
- nd->nd_bpos = mcp;
if ((nd->nd_flag & ND_EXTPG) != 0) {
nd->nd_bextpgsiz -= rem;
mp->m_epg_last_len += rem;
}
- } else
- nd->nd_bpos = mcp;
+ }
+ nd->nd_bpos = mcp;
nd->nd_mb = mp;
}
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r363001 - head/sys/fs/nfsclient
Author: rmacklem
Date: Wed Jul 8 02:28:08 2020
New Revision: 363001
URL: https://svnweb.freebsd.org/changeset/base/363001
Log:
Add support for ext_pgs mbufs to nfsm_uiombuf().
This patch uses a slightly different algorithm for the non-ext_pgs case,
where a variable called "mcp" is maintained, pointing to the current
location that mbuf data can be filled into. This avoids use of
mtod(mp, char *) + mp->m_len to calculate the location, since this does
not work for ext_pgs mbufs and I think it makes the algorithm more readable.
This change should not result in semantic changes for the non-ext_pgs case.
This is another in the series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
Since ND_EXTPG is never set yet, there is no semantic change at this time.
Modified:
head/sys/fs/nfsclient/nfs_clcomsubs.c
Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c
==
--- head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Jul 8 01:47:20 2020
(r363000)
+++ head/sys/fs/nfsclient/nfs_clcomsubs.c Wed Jul 8 02:28:08 2020
(r363001)
@@ -62,7 +62,7 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui
struct mbuf *mp, *mp2;
int xfer, left, mlen;
int uiosiz, clflg, rem;
- char *cp, *tcp;
+ char *mcp, *tcp;
KASSERT(uiop->uio_iovcnt == 1, ("nfsm_uiotombuf: iovcnt != 1"));
@@ -72,41 +72,52 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui
clflg = 0;
rem = NFSM_RNDUP(siz) - siz;
mp = mp2 = nd->nd_mb;
+ mcp = nd->nd_bpos;
while (siz > 0) {
+ KASSERT((nd->nd_flag & ND_EXTPG) != 0 || mcp ==
+ mtod(mp, char *) + mp->m_len, ("nfsm_uiombuf: mcp wrong"));
left = uiop->uio_iov->iov_len;
uiocp = uiop->uio_iov->iov_base;
if (left > siz)
left = siz;
uiosiz = left;
while (left > 0) {
- mlen = M_TRAILINGSPACE(mp);
- if (mlen == 0) {
- if (clflg)
- NFSMCLGET(mp, M_WAITOK);
- else
- NFSMGET(mp);
- mp->m_len = 0;
- mp2->m_next = mp;
- mp2 = mp;
+ if ((nd->nd_flag & ND_EXTPG) != 0)
+ mlen = nd->nd_bextpgsiz;
+ else
mlen = M_TRAILINGSPACE(mp);
+ if (mlen == 0) {
+ if ((nd->nd_flag & ND_EXTPG) != 0) {
+ mp = nfsm_add_ext_pgs(mp,
+ nd->nd_maxextsiz, &nd->nd_bextpg);
+ mcp = (char *)(void *)PHYS_TO_DMAP(
+ mp->m_epg_pa[nd->nd_bextpg]);
+ nd->nd_bextpgsiz = PAGE_SIZE;
+ } else {
+ if (clflg)
+ NFSMCLGET(mp, M_WAITOK);
+ else
+ NFSMGET(mp);
+ mp->m_len = 0;
+ mlen = M_TRAILINGSPACE(mp);
+ mcp = mtod(mp, char *);
+ mp2->m_next = mp;
+ mp2 = mp;
+ }
}
xfer = (left > mlen) ? mlen : left;
-#ifdef notdef
- /* Not Yet.. */
- if (uiop->uio_iov->iov_op != NULL)
- (*(uiop->uio_iov->iov_op))
- (uiocp, mtod(mp, caddr_t) + mp->m_len,
- xfer);
- else
-#endif
if (uiop->uio_segflg == UIO_SYSSPACE)
- NFSBCOPY(uiocp, mtod(mp, caddr_t) + mp->m_len,
- xfer);
+ NFSBCOPY(uiocp, mcp, xfer);
else
- copyin(uiocp, mtod(mp, caddr_t) + mp->m_len, xfer);
+ copyin(uiocp, mcp, xfer);
mp->m_len += xfer;
left -= xfer;
uiocp += xfer;
+ mcp += xfer;
+ if ((nd->nd_flag & ND_EXTPG) != 0) {
+
svn commit: r362980 - head/sys/fs/nfs
Author: rmacklem
Date: Tue Jul 7 00:42:23 2020
New Revision: 362980
URL: https://svnweb.freebsd.org/changeset/base/362980
Log:
Add support for ext_pgs mbufs to nfsrvd_rephead().
This is another in the series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
Since ND_EXTPG is never set yet, there is no semantic change at this time.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cMon Jul 6 22:39:42 2020
(r362979)
+++ head/sys/fs/nfs/nfs_commonsubs.cTue Jul 7 00:42:23 2020
(r362980)
@@ -4443,21 +4443,30 @@ nfsrvd_rephead(struct nfsrv_descript *nd)
{
struct mbuf *mreq;
- /*
-* If this is a big reply, use a cluster.
-*/
- if ((nd->nd_flag & ND_GSSINITREPLY) == 0 &&
- nfs_bigreply[nd->nd_procnum]) {
- NFSMCLGET(mreq, M_WAITOK);
- nd->nd_mreq = mreq;
- nd->nd_mb = mreq;
+ if ((nd->nd_flag & ND_EXTPG) != 0) {
+ mreq = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK);
+ nd->nd_mreq = nd->nd_mb = mreq;
+ nd->nd_bpos = (char *)(void *)
+ PHYS_TO_DMAP(mreq->m_epg_pa[0]);
+ nd->nd_bextpg = 0;
+ nd->nd_bextpgsiz = PAGE_SIZE;
} else {
- NFSMGET(mreq);
- nd->nd_mreq = mreq;
- nd->nd_mb = mreq;
+ /*
+* If this is a big reply, use a cluster.
+*/
+ if ((nd->nd_flag & ND_GSSINITREPLY) == 0 &&
+ nfs_bigreply[nd->nd_procnum]) {
+ NFSMCLGET(mreq, M_WAITOK);
+ nd->nd_mreq = mreq;
+ nd->nd_mb = mreq;
+ } else {
+ NFSMGET(mreq);
+ nd->nd_mreq = mreq;
+ nd->nd_mb = mreq;
+ }
+ nd->nd_bpos = mtod(mreq, char *);
+ mreq->m_len = 0;
}
- nd->nd_bpos = mtod(mreq, caddr_t);
- mreq->m_len = 0;
if ((nd->nd_flag & ND_GSSINITREPLY) == 0)
NFSM_BUILD(nd->nd_errp, int *, NFSX_UNSIGNED);
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362949 - head/sys/fs/nfs
Author: rmacklem
Date: Sun Jul 5 21:55:16 2020
New Revision: 362949
URL: https://svnweb.freebsd.org/changeset/base/362949
Log:
Add support for ext_pgs mbufs to nfsm_strtom().
Also, add a new function nfsm_add_ext_pgs() which will either add a page
or add a new ext_pgs mbuf with a page to the mbuf list. Used by nfsm_strtom().
This is another in the series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
Since ND_EXTPG is never set yet, there is no semantic change at this time.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfs_var.h
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cSun Jul 5 20:54:01 2020
(r362948)
+++ head/sys/fs/nfs/nfs_commonsubs.cSun Jul 5 21:55:16 2020
(r362949)
@@ -832,22 +832,38 @@ nfsm_strtom(struct nfsrv_descript *nd, const char *cp,
bytesize = NFSX_UNSIGNED + siz + rem;
m2 = nd->nd_mb;
cp2 = nd->nd_bpos;
- left = M_TRAILINGSPACE(m2);
+ if ((nd->nd_flag & ND_EXTPG) != 0)
+ left = nd->nd_bextpgsiz;
+ else
+ left = M_TRAILINGSPACE(m2);
+ KASSERT(((m2->m_flags & (M_EXT | M_EXTPG)) ==
+ (M_EXT | M_EXTPG) && (nd->nd_flag & ND_EXTPG) != 0) ||
+ ((m2->m_flags & (M_EXT | M_EXTPG)) !=
+ (M_EXT | M_EXTPG) && (nd->nd_flag & ND_EXTPG) == 0),
+ ("nfsm_strtom: ext_pgs and non-ext_pgs mbufs mixed"));
/*
* Loop around copying the string to mbuf(s).
*/
while (siz > 0) {
if (left == 0) {
- if (siz > ncl_mbuf_mlen)
- NFSMCLGET(m1, M_WAITOK);
- else
- NFSMGET(m1);
- m1->m_len = 0;
- m2->m_next = m1;
- m2 = m1;
- cp2 = mtod(m2, caddr_t);
- left = M_TRAILINGSPACE(m2);
+ if ((nd->nd_flag & ND_EXTPG) != 0) {
+ m2 = nfsm_add_ext_pgs(m2,
+ nd->nd_maxextsiz, &nd->nd_bextpg);
+ cp2 = (char *)(void *)PHYS_TO_DMAP(
+ m2->m_epg_pa[nd->nd_bextpg]);
+ nd->nd_bextpgsiz = left = PAGE_SIZE;
+ } else {
+ if (siz > ncl_mbuf_mlen)
+ NFSMCLGET(m1, M_WAITOK);
+ else
+ NFSMGET(m1);
+ m1->m_len = 0;
+ cp2 = mtod(m1, char *);
+ left = M_TRAILINGSPACE(m1);
+ m2->m_next = m1;
+ m2 = m1;
+ }
}
if (left >= siz)
xfer = siz;
@@ -855,18 +871,31 @@ nfsm_strtom(struct nfsrv_descript *nd, const char *cp,
xfer = left;
NFSBCOPY(cp, cp2, xfer);
cp += xfer;
+ cp2 += xfer;
m2->m_len += xfer;
siz -= xfer;
left -= xfer;
+ if ((nd->nd_flag & ND_EXTPG) != 0) {
+ nd->nd_bextpgsiz -= xfer;
+ m2->m_epg_last_len += xfer;
+ }
if (siz == 0 && rem) {
if (left < rem)
panic("nfsm_strtom");
- NFSBZERO(cp2 + xfer, rem);
+ NFSBZERO(cp2, rem);
m2->m_len += rem;
+ cp2 += rem;
+ if ((nd->nd_flag & ND_EXTPG) != 0) {
+ nd->nd_bextpgsiz -= rem;
+ m2->m_epg_last_len += rem;
+ }
}
}
nd->nd_mb = m2;
- nd->nd_bpos = mtod(m2, caddr_t) + m2->m_len;
+ if ((nd->nd_flag & ND_EXTPG) != 0)
+ nd->nd_bpos = cp2;
+ else
+ nd->nd_bpos = mtod(m2, char *) + m2->m_len;
return (bytesize);
}
@@ -4844,4 +4873,35 @@ nfsm_set(struct nfsrv_descript *nd, u_int offs)
nd->nd_bextpgsiz = PAGE_SIZE;
} else
nd->nd_bpos = mtod(m, char *) + offs;
+}
+
+/*
+ * Grow a ext_pgs mbuf list. Either allocate another page or add
+ * an mbuf to the list.
+ */
+struct mbuf *
+nfsm_add_ext_pgs(struct mbuf *m, int maxextsiz, int *bextpg)
+{
+ struct mbuf *mp;
+ vm_page_t pg;
+
+ if ((m->m_epg_npgs + 1) * PAGE
svn commit: r362917 - head/sys/fs/nfs
Author: rmacklem
Date: Sat Jul 4 03:28:13 2020
New Revision: 362917
URL: https://svnweb.freebsd.org/changeset/base/362917
Log:
Add support for ext_pgs mbufs to nfscl_reqstart() and nfsm_set().
This is another in the series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
Since ND_EXTPG is never set yet, there is no semantic change at this time.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cSat Jul 4 03:27:51 2020
(r362916)
+++ head/sys/fs/nfs/nfs_commonsubs.cSat Jul 4 03:28:13 2020
(r362917)
@@ -359,13 +359,19 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum,
/*
* Get the first mbuf for the request.
*/
- if (nfs_bigrequest[procnum])
- NFSMCLGET(mb, M_WAITOK);
- else
- NFSMGET(mb);
- mb->m_len = 0;
- nd->nd_mreq = nd->nd_mb = mb;
- nd->nd_bpos = mtod(mb, char *);
+ if ((nd->nd_flag & ND_EXTPG) != 0) {
+ mb = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK);
+ nd->nd_mreq = nd->nd_mb = mb;
+ nfsm_set(nd, 0);
+ } else {
+ if (nfs_bigrequest[procnum])
+ NFSMCLGET(mb, M_WAITOK);
+ else
+ NFSMGET(mb);
+ mb->m_len = 0;
+ nd->nd_mreq = nd->nd_mb = mb;
+ nd->nd_bpos = mtod(mb, char *);
+ }
/*
* And fill the first file handle into the request.
@@ -4804,7 +4810,38 @@ void
nfsm_set(struct nfsrv_descript *nd, u_int offs)
{
struct mbuf *m;
+ int rlen;
m = nd->nd_mb;
- nd->nd_bpos = mtod(m, char *) + offs;
+ if ((m->m_flags & M_EXTPG) != 0) {
+ nd->nd_bextpg = 0;
+ while (offs > 0) {
+ if (nd->nd_bextpg == 0)
+ rlen = m_epg_pagelen(m, 0, m->m_epg_1st_off);
+ else
+ rlen = m_epg_pagelen(m, nd->nd_bextpg, 0);
+ if (offs <= rlen)
+ break;
+ offs -= rlen;
+ nd->nd_bextpg++;
+ if (nd->nd_bextpg == m->m_epg_npgs) {
+ printf("nfsm_set: build offs "
+ "out of range\n");
+ nd->nd_bextpg--;
+ break;
+ }
+ }
+ nd->nd_bpos = (char *)(void *)
+ PHYS_TO_DMAP(m->m_epg_pa[nd->nd_bextpg]);
+ if (nd->nd_bextpg == 0)
+ nd->nd_bpos += m->m_epg_1st_off;
+ if (offs > 0) {
+ nd->nd_bpos += offs;
+ nd->nd_bextpgsiz = rlen - offs;
+ } else if (nd->nd_bextpg == 0)
+ nd->nd_bextpgsiz = PAGE_SIZE - m->m_epg_1st_off;
+ else
+ nd->nd_bextpgsiz = PAGE_SIZE;
+ } else
+ nd->nd_bpos = mtod(m, char *) + offs;
}
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362906 - head/sys/fs/nfs
Author: rmacklem Date: Fri Jul 3 05:21:05 2020 New Revision: 362906 URL: https://svnweb.freebsd.org/changeset/base/362906 Log: Fix build breakage caused by r362903. Only pmap.h is needed now, but vm_page.h and vm_pageout.h is needed later, so put them in now. Pointy hat goes on me. Modified: head/sys/fs/nfs/nfsport.h Modified: head/sys/fs/nfs/nfsport.h == --- head/sys/fs/nfs/nfsport.h Fri Jul 3 04:44:23 2020(r362905) +++ head/sys/fs/nfs/nfsport.h Fri Jul 3 05:21:05 2020(r362906) @@ -109,8 +109,11 @@ #include #include #include +#include #include #include +#include +#include #include #include #include "opt_nfs.h" ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362903 - head/sys/fs/nfs
Author: rmacklem
Date: Fri Jul 3 01:19:29 2020
New Revision: 362903
URL: https://svnweb.freebsd.org/changeset/base/362903
Log:
Add support for ext_pgs mbufs to nfsm_build().
This is the first of a series of commits that add support to the NFS client
and server for building RPC messages in ext_pgs mbufs with anonymous pages.
This is useful so that the entire mbuf list does not need to be
copied before calling sosend() when NFS over TLS is enabled.
Since ND_EXTPG is never set yet, there is no semantic change at this time.
Modified:
head/sys/fs/nfs/nfsm_subs.h
head/sys/fs/nfs/nfsport.h
Modified: head/sys/fs/nfs/nfsm_subs.h
==
--- head/sys/fs/nfs/nfsm_subs.h Fri Jul 3 00:09:41 2020(r362902)
+++ head/sys/fs/nfs/nfsm_subs.h Fri Jul 3 01:19:29 2020(r362903)
@@ -64,14 +64,27 @@ nfsm_build(struct nfsrv_descript *nd, int siz)
void *retp;
struct mbuf *mb2;
- if (siz > M_TRAILINGSPACE(nd->nd_mb)) {
+ if ((nd->nd_flag & ND_EXTPG) == 0 &&
+ siz > M_TRAILINGSPACE(nd->nd_mb)) {
NFSMCLGET(mb2, M_NOWAIT);
if (siz > MLEN)
panic("build > MLEN");
mb2->m_len = 0;
- nd->nd_bpos = mtod(mb2, caddr_t);
+ nd->nd_bpos = mtod(mb2, char *);
nd->nd_mb->m_next = mb2;
nd->nd_mb = mb2;
+ } else if ((nd->nd_flag & ND_EXTPG) != 0) {
+ if (siz > nd->nd_bextpgsiz) {
+ mb2 = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK);
+ nd->nd_bpos = (char *)(void *)
+ PHYS_TO_DMAP(mb2->m_epg_pa[0]);
+ nd->nd_bextpg = 0;
+ nd->nd_bextpgsiz = PAGE_SIZE - siz;
+ nd->nd_mb->m_next = mb2;
+ nd->nd_mb = mb2;
+ } else
+ nd->nd_bextpgsiz -= siz;
+ nd->nd_mb->m_epg_last_len += siz;
}
retp = (void *)(nd->nd_bpos);
nd->nd_mb->m_len += siz;
Modified: head/sys/fs/nfs/nfsport.h
==
--- head/sys/fs/nfs/nfsport.h Fri Jul 3 00:09:41 2020(r362902)
+++ head/sys/fs/nfs/nfsport.h Fri Jul 3 01:19:29 2020(r362903)
@@ -109,8 +109,9 @@
#include
#include
#include
-#include
#include
+#include
+#include
#include
#include "opt_nfs.h"
#include "opt_ufs.h"
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362709 - head/share/man/man9
Author: rmacklem Date: Sat Jun 27 21:37:48 2020 New Revision: 362709 URL: https://svnweb.freebsd.org/changeset/base/362709 Log: Update VFS_CHECKEXP.9 to reflect how it is currently used by the NFS server. Reported by: pluknet Reviewed by: bcr Differential Revision:https://reviews.freebsd.org/D25333 Modified: head/share/man/man9/VFS_CHECKEXP.9 Modified: head/share/man/man9/VFS_CHECKEXP.9 == --- head/share/man/man9/VFS_CHECKEXP.9 Sat Jun 27 20:55:47 2020 (r362708) +++ head/share/man/man9/VFS_CHECKEXP.9 Sat Jun 27 21:37:48 2020 (r362709) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 16, 2020 +.Dd June 17, 2020 .Dt VFS_CHECKEXP 9 .Os .Sh NAME @@ -49,7 +49,7 @@ macro is used by the NFS server to check if a mount po to a client. .Pp The arguments it expects are: -.Bl -tag -width credanonp +.Bl -tag -width numsecflavors .It Fa mp The mount point to be checked. .It Fa nam @@ -71,21 +71,17 @@ macro should be called on a file system's mount struct is exported to a client whose address is contained in .Fa nam . .Pp -It is generally called before -.Xr VFS_FHTOVP 9 -to validate that a client has access to the file system. +It is called in the NFS server once a vnode for a file handle has been +acquired, in order to determine what access the client is allowed on +the file system the vnode resides in. +For NFSv4, it is also called whenever the lookup operation crosses a +server file system mount point, to update the access information. .Pp -The file system should call -.Xr vfs_export_lookup 9 -with the address of an appropriate -.Vt netexport -structure and the address of the client, -.Fa nam , -to verify that the client can access this file system. +The operation is file system specific, but is normally handled by +the default ``vfs_stdcheckexp''. .Sh RETURN VALUES The export flags, anonymous credentials and security flavors specific to the -client (returned by -.Xr vfs_export_lookup 9 ) +client will be returned in .Fa *exflagsp , .Fa *credanonp , ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362641 - head
Author: rmacklem Date: Fri Jun 26 03:18:10 2020 New Revision: 362641 URL: https://svnweb.freebsd.org/changeset/base/362641 Log: Add an entry for r362639. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Fri Jun 26 03:14:30 2020(r362640) +++ head/UPDATING Fri Jun 26 03:18:10 2020(r362641) @@ -26,6 +26,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200625: + r362639 changed the internal API used between the NFS kernel modules. + As such, they all need to be rebuilt from sources. + 20200613: r362158 changed the arguments for VFS_CHECKEXP(). As such, any out of tree file systems need to be modified and rebuilt. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362640 - head/sys/sys
Author: rmacklem Date: Fri Jun 26 03:14:30 2020 New Revision: 362640 URL: https://svnweb.freebsd.org/changeset/base/362640 Log: Bump the version since r362639 changed the internal API between the NFS kernel modules so they must all be rebuilt. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hFri Jun 26 03:11:54 2020(r362639) +++ head/sys/sys/param.hFri Jun 26 03:14:30 2020(r362640) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300099 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300100 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362639 - in head/sys/fs: nfs nfsclient nfsserver
Author: rmacklem
Date: Fri Jun 26 03:11:54 2020
New Revision: 362639
URL: https://svnweb.freebsd.org/changeset/base/362639
Log:
Add a boolean argument to nfscl_reqstart() to indicate that ext_pgs mbufs
should be used.
For KERN_TLS (and possibly some other future network interface) the mbuf
list passed into sosend() must be ext_pgs mbufs. The krpc could simply
copy all the mbuf data into ext_pgs mbufs before calling sosend(), but
that would be inefficient for large RPC messages.
This patch adds an argument to nfscl_reqstart() to indicate that it should
fill the RPC message into ext_pgs mbufs.
It also adds fields to "struct nfsrv_descript" needed for building NFS RPC
messages in ext_pgs mbufs, along with new flags for this.
Since the argument is always "false", this commit should not result in any
semantic change. However, this commit prepares the code
for future commits that will add support for building of NFS RPC messages
in ext_pgs mbufs.
Modified:
head/sys/fs/nfs/nfs.h
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfs_var.h
head/sys/fs/nfs/nfscl.h
head/sys/fs/nfsclient/nfs_clrpcops.c
head/sys/fs/nfsserver/nfs_nfsdport.c
Modified: head/sys/fs/nfs/nfs.h
==
--- head/sys/fs/nfs/nfs.h Fri Jun 26 00:58:59 2020(r362638)
+++ head/sys/fs/nfs/nfs.h Fri Jun 26 03:11:54 2020(r362639)
@@ -670,6 +670,9 @@ struct nfsrv_descript {
nfsv4stateid_t nd_savedcurstateid; /* Saved Current StateID */
uint32_tnd_maxreq; /* Max. request (session). */
uint32_tnd_maxresp; /* Max. reply (session). */
+ int nd_bextpg; /* Current ext_pgs page */
+ int nd_bextpgsiz; /* Bytes left in page */
+ int nd_maxextsiz; /* Max ext_pgs mbuf size */
};
#definend_princlen nd_gssnamelen
@@ -711,6 +714,13 @@ struct nfsrv_descript {
#defineND_SAVEDCURSTATEID 0x1
#defineND_HASSLOTID0x2
#defineND_NFSV42 0x4
+#defineND_EXTPG0x8
+#defineND_TLS 0x10
+#defineND_TLSCERT 0x20
+#defineND_TLSCERTUSER 0x40
+#defineND_EXTLS0x80
+#defineND_EXTLSCERT0x100
+#defineND_EXTLSCERTUSER0x200
/*
* ND_GSS should be the "or" of all GSS type authentications.
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cFri Jun 26 00:58:59 2020
(r362638)
+++ head/sys/fs/nfs/nfs_commonsubs.cFri Jun 26 03:11:54 2020
(r362639)
@@ -50,6 +50,8 @@ __FBSDID("$FreeBSD$");
#include
+#include
+
/*
* Data items converted to xdr at startup, since they are constant
* This is kinda hokey, but may save a little time doing byte swaps
@@ -317,7 +319,7 @@ static int nfs_bigrequest[NFSV42_NPROCS] = {
void
nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
u_int8_t *nfhp, int fhlen, u_int32_t **opcntpp, struct nfsclsession *sep,
-int vers, int minorvers)
+int vers, int minorvers, bool use_ext)
{
struct mbuf *mb;
u_int32_t *tl;
@@ -350,6 +352,9 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum,
}
nd->nd_procnum = procnum;
nd->nd_repstat = 0;
+ nd->nd_maxextsiz = 16384;
+ if (use_ext && mb_use_ext_pgs && PMAP_HAS_DMAP != 0)
+ nd->nd_flag |= ND_EXTPG;
/*
* Get the first mbuf for the request.
@@ -360,7 +365,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum,
NFSMGET(mb);
mb->m_len = 0;
nd->nd_mreq = nd->nd_mb = mb;
- nd->nd_bpos = mtod(mb, caddr_t);
+ nd->nd_bpos = mtod(mb, char *);
/*
* And fill the first file handle into the request.
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Fri Jun 26 00:58:59 2020(r362638)
+++ head/sys/fs/nfs/nfs_var.h Fri Jun 26 03:11:54 2020(r362639)
@@ -312,7 +312,7 @@ void nfsrc_trimcache(uint64_t, uint32_t, int);
/* nfs_commonsubs.c */
void nfscl_reqstart(struct nfsrv_descript *, int, struct nfsmount *,
-u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int);
+u_int8_t *, int, u_int32_t **, struct nfsclsession *, int, int, bool);
void nfsm_stateidtom(struct nfsrv_descript *, nfsv4stateid_t *, int);
void nfscl_fillsattr(struct nfsrv_descript *, struct vattr *,
vnode_t, int, u_int32_t);
Modified: head/sys/fs/nfs/nfscl.h
===
svn commit: r362457 - head/sys/rpc
Author: rmacklem
Date: Sun Jun 21 02:49:56 2020
New Revision: 362457
URL: https://svnweb.freebsd.org/changeset/base/362457
Log:
Fix up a comment added by r362455.
Modified:
head/sys/rpc/clnt_vc.c
Modified: head/sys/rpc/clnt_vc.c
==
--- head/sys/rpc/clnt_vc.c Sun Jun 21 02:47:37 2020(r362456)
+++ head/sys/rpc/clnt_vc.c Sun Jun 21 02:49:56 2020(r362457)
@@ -985,7 +985,7 @@ clnt_vc_soupcall(struct socket *so, void *arg, int wai
* valid RPC message to parse.
* I think it best to close this
* connection and allow
-* clnt_reconnect_XXX() to try
+* clnt_reconnect_call() to try
* and establish a new one.
*/
printf("clnt_vc_soupcall: "
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362455 - head/sys/rpc
Author: rmacklem
Date: Sun Jun 21 00:06:04 2020
New Revision: 362455
URL: https://svnweb.freebsd.org/changeset/base/362455
Log:
Modify the way the client side krpc does soreceive() for TCP.
Without this patch, clnt_vc_soupcall() first does a soreceive() for
4 bytes (the Sun RPC over TCP record mark) and then soreceive(s) for
the RPC message.
This first soreceive() almost always results in an mbuf allocation,
since having the 4byte record mark in a separate mbuf in the socket
rcv queue is unlikely.
This is somewhat inefficient and rather odd. It also will not work
for the ktls rx, since the latter returns a TLS record for each
soreceive().
This patch replaces the above with code similar to what the server side
of the krpc does for TCP, where it does a soreceive() for as much data
as possible and then parses RPC messages out of the received data.
A new field of the TCP socket structure called ct_raw is the list of
received mbufs that the RPC message(s) are parsed from.
I think this results in cleaner code and is needed for support of
nfs-over-tls.
It also fixes the code for the case where a server sends an RPC message
in multiple RPC message fragments. Although this is allowed by RFC5531,
no extant NFS server does this. However, it is probably good to fix this
in case some future NFS server does do this.
Modified:
head/sys/rpc/clnt_vc.c
head/sys/rpc/krpc.h
Modified: head/sys/rpc/clnt_vc.c
==
--- head/sys/rpc/clnt_vc.c Sat Jun 20 23:48:57 2020(r362454)
+++ head/sys/rpc/clnt_vc.c Sun Jun 21 00:06:04 2020(r362455)
@@ -269,6 +269,7 @@ clnt_vc_create(
soupcall_set(ct->ct_socket, SO_RCV, clnt_vc_soupcall, ct);
SOCKBUF_UNLOCK(&ct->ct_socket->so_rcv);
+ ct->ct_raw = NULL;
ct->ct_record = NULL;
ct->ct_record_resid = 0;
TAILQ_INIT(&ct->ct_pending);
@@ -826,6 +827,8 @@ clnt_vc_destroy(CLIENT *cl)
soshutdown(so, SHUT_WR);
soclose(so);
}
+ m_freem(ct->ct_record);
+ m_freem(ct->ct_raw);
mem_free(ct, sizeof(struct ct_data));
if (cl->cl_netid && cl->cl_netid[0])
mem_free(cl->cl_netid, strlen(cl->cl_netid) +1);
@@ -854,122 +857,118 @@ clnt_vc_soupcall(struct socket *so, void *arg, int wai
struct ct_request *cr;
int error, rcvflag, foundreq;
uint32_t xid_plus_direction[2], header;
- bool_t do_read;
SVCXPRT *xprt;
struct cf_conn *cd;
+ u_int rawlen;
- CTASSERT(sizeof(xid_plus_direction) == 2 * sizeof(uint32_t));
+ /*
+* If another thread is already here, it must be in
+* soreceive(), so just return to avoid races with it.
+* ct_upcallrefs is protected by the SOCKBUF_LOCK(),
+* which is held in this function, except when
+* soreceive() is called.
+*/
+ if (ct->ct_upcallrefs > 0)
+ return (SU_OK);
ct->ct_upcallrefs++;
- uio.uio_td = curthread;
- do {
- /*
-* If ct_record_resid is zero, we are waiting for a
-* record mark.
-*/
- if (ct->ct_record_resid == 0) {
+ /*
+* Read as much as possible off the socket and link it
+* onto ct_raw.
+*/
+ for (;;) {
+ uio.uio_resid = 10;
+ uio.uio_td = curthread;
+ m2 = m = NULL;
+ rcvflag = MSG_DONTWAIT | MSG_SOCALLBCK;
+ SOCKBUF_UNLOCK(&so->so_rcv);
+ error = soreceive(so, NULL, &uio, &m, NULL, &rcvflag);
+ SOCKBUF_LOCK(&so->so_rcv);
+
+ if (error == EWOULDBLOCK) {
/*
-* Make sure there is either a whole record
-* mark in the buffer or there is some other
-* error condition
+* We must re-test for readability after
+* taking the lock to protect us in the case
+* where a new packet arrives on the socket
+* after our call to soreceive fails with
+* EWOULDBLOCK.
*/
- do_read = FALSE;
- if (sbavail(&so->so_rcv) >= sizeof(uint32_t)
- || (so->so_rcv.sb_state & SBS_CANTRCVMORE)
- || so->so_error)
- do_read = TRUE;
-
- if (!do_read)
+ error = 0;
+ if (!soreadable(so))
break;
+ continue;
+ }
+ if (error == 0 && m == NULL) {
+ /*
+* We must have got EOF trying
+* to
svn commit: r362247 - head
Author: rmacklem Date: Tue Jun 16 20:55:22 2020 New Revision: 362247 URL: https://svnweb.freebsd.org/changeset/base/362247 Log: Add an entry for r362158, r362163, which changes struct export_args. Modified: head/RELNOTES Modified: head/RELNOTES == --- head/RELNOTES Tue Jun 16 20:51:28 2020(r362246) +++ head/RELNOTES Tue Jun 16 20:55:22 2020(r362247) @@ -10,6 +10,11 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +r362158, r362163: + struct export_args has changed so that the "user" specified for + the -maproot and -mapall exports(5) options may be in more than + 16 groups. + r361884: sed(1) has learned about hex escapes (e.g. \x27) and will now do the right thing with them, removing the need for printf magic or obnoxious ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362246 - head/share/man/man9
Author: rmacklem Date: Tue Jun 16 20:51:28 2020 New Revision: 362246 URL: https://svnweb.freebsd.org/changeset/base/362246 Log: Update VFS_CHECKEXP.9 for the argument changes done by r362158. The arguments for VFS_CHECKEXP() were changed by r362158. Also, the numsecflavors and secflavors arguments were not documented, so add these as well. This is a content change. Modified: head/share/man/man9/VFS_CHECKEXP.9 Modified: head/share/man/man9/VFS_CHECKEXP.9 == --- head/share/man/man9/VFS_CHECKEXP.9 Tue Jun 16 20:44:51 2020 (r362245) +++ head/share/man/man9/VFS_CHECKEXP.9 Tue Jun 16 20:51:28 2020 (r362246) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 4, 2010 +.Dd June 16, 2020 .Dt VFS_CHECKEXP 9 .Os .Sh NAME @@ -34,7 +34,13 @@ .In sys/param.h .In sys/mount.h .Ft int -.Fn VFS_CHECKEXP "struct mount *mp" "struct sockaddr *nam" "int *exflagsp" "struct ucred **credanonp" +.Fo VFS_CHECKEXP +.Fa "struct mount *mp" +.Fa "struct sockaddr *nam" +.Fa "uint64_t *exflagsp" +.Fa "struct ucred **credanonp" +.Fa "int *numsecflavor" +.Fa "int *secflavors" .Sh DESCRIPTION The .Fn VFS_CHECKEXP @@ -51,6 +57,11 @@ An mbuf containing the network address of the client. Return parameter for the export flags for this client. .It Fa credanonp Return parameter for the anonymous credentials for this client. +.It Fa numsecflavors +Return value for the number of security flavors for this client. +.It Fa secflavors +Must be an array of size MAXSECFLAVORS, in which the security flavors +for this client are returned. .El .Pp The @@ -71,13 +82,15 @@ structure and the address of the client, .Fa nam , to verify that the client can access this file system. .Sh RETURN VALUES -The export flags and anonymous credentials specific to the client (returned -by +The export flags, anonymous credentials and security flavors specific to the +client (returned by .Xr vfs_export_lookup 9 ) will be returned in -.Fa *exflagsp +.Fa *exflagsp , +.Fa *credanonp , +.Fa *numsecflavors and -.Fa *credanonp . +.Fa *secflavors . .Sh SEE ALSO .Xr VFS 9 , .Xr VFS_FHTOVP 9 , ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362215 - head/usr.sbin/mountd
Author: rmacklem
Date: Tue Jun 16 02:35:30 2020
New Revision: 362215
URL: https://svnweb.freebsd.org/changeset/base/362215
Log:
Make use of the UID_NOBODY and GID_NOGROUP definitions in sys/conf.h.
r362214 exposed UID_NOBODY and GID_NOGROUP to userspace, so use them
instead of the numbers.
Reviewed by: kib
Differential Revision:https://reviews.freebsd.org/D25281
Modified:
head/usr.sbin/mountd/mountd.c
Modified: head/usr.sbin/mountd/mountd.c
==
--- head/usr.sbin/mountd/mountd.c Tue Jun 16 02:31:22 2020
(r362214)
+++ head/usr.sbin/mountd/mountd.c Tue Jun 16 02:35:30 2020
(r362215)
@@ -48,6 +48,7 @@ static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5
__FBSDID("$FreeBSD$");
#include
+#include
#include
#include
#include
@@ -1525,9 +1526,9 @@ get_exportlist_one(int passno)
* Set defaults.
*/
has_host = FALSE;
- anon.cr_uid = 65534;
+ anon.cr_uid = UID_NOBODY;
anon.cr_ngroups = 1;
- anon.cr_groups[0] = 65533;
+ anon.cr_groups[0] = GID_NOGROUP;
exflags = MNT_EXPORTED;
got_nondir = 0;
opt_flags = 0;
@@ -3456,8 +3457,8 @@ parsecred(char *namelist, struct expcred *cr)
/*
* Set up the unprivileged user.
*/
- cr->cr_uid = 65534;
- cr->cr_groups[0] = 65533;
+ cr->cr_uid = UID_NOBODY;
+ cr->cr_groups[0] = GID_NOGROUP;
cr->cr_ngroups = 1;
/*
* Get the user's password table entry.
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362214 - head/sys/sys
Author: rmacklem Date: Tue Jun 16 02:31:22 2020 New Revision: 362214 URL: https://svnweb.freebsd.org/changeset/base/362214 Log: Expose UID_xxx and GID_xxx definitions to userspace. This patch moves the UID_xxx and GID_xxx definitions out of the #ifdef _KERNEL section, so that userspace programs like mountd can use them. There are a couple of userspace programs that do define UID_ROOT, but they do not include sys/conf.h. Since they are defined as the same value, maybe they should be changed to include sys/conf.h. Reviewed by: kib Differential Revision:https:/reviews.freebsd.org/D25281 Modified: head/sys/sys/conf.h Modified: head/sys/sys/conf.h == --- head/sys/sys/conf.h Tue Jun 16 01:11:40 2020(r362213) +++ head/sys/sys/conf.h Tue Jun 16 02:31:22 2020(r362214) @@ -147,6 +147,23 @@ typedef int dumper_hdr_t(struct dumperinfo *di, struct #defineD_TTY 0x0004 #defineD_MEM 0x0008 /* /dev/(k)mem */ +/* Defined uid and gid values. */ +#defineUID_ROOT0 +#defineUID_BIN 3 +#defineUID_UUCP66 +#defineUID_NOBODY 65534 + +#defineGID_WHEEL 0 +#defineGID_KMEM2 +#defineGID_TTY 4 +#defineGID_OPERATOR5 +#defineGID_BIN 7 +#defineGID_GAMES 13 +#defineGID_VIDEO 44 +#defineGID_DIALER 68 +#defineGID_NOGROUP 65533 +#defineGID_NOBODY 65534 + #ifdef _KERNEL #defineD_TYPEMASK 0x @@ -308,22 +325,6 @@ void devfs_clear_cdevpriv(void); ino_t devfs_alloc_cdp_inode(void); void devfs_free_cdp_inode(ino_t ino); - -#defineUID_ROOT0 -#defineUID_BIN 3 -#defineUID_UUCP66 -#defineUID_NOBODY 65534 - -#defineGID_WHEEL 0 -#defineGID_KMEM2 -#defineGID_TTY 4 -#defineGID_OPERATOR5 -#defineGID_BIN 7 -#defineGID_GAMES 13 -#defineGID_VIDEO 44 -#defineGID_DIALER 68 -#defineGID_NOGROUP 65533 -#defineGID_NOBODY 65534 typedef void (*dev_clone_fn)(void *arg, struct ucred *cred, char *name, int namelen, struct cdev **result); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362164 - head/sys/sys
Author: rmacklem
Date: Sun Jun 14 01:22:19 2020
New Revision: 362164
URL: https://svnweb.freebsd.org/changeset/base/362164
Log:
Oops, r362158 committed a duplicate definition of MAXSECFLAVORS.
This patch gets rid of the duplicate.
Modified:
head/sys/sys/mount.h
Modified: head/sys/sys/mount.h
==
--- head/sys/sys/mount.hSun Jun 14 00:40:00 2020(r362163)
+++ head/sys/sys/mount.hSun Jun 14 01:22:19 2020(r362164)
@@ -518,7 +518,6 @@ struct o2export_args {
/*
* Export arguments for local filesystem mount calls.
*/
-#defineMAXSECFLAVORS 5
struct export_args {
uint64_t ex_flags; /* export related flags */
uid_t ex_root;/* mapping for root uid */
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362163 - head/usr.sbin/mountd
Author: rmacklem
Date: Sun Jun 14 00:40:00 2020
New Revision: 362163
URL: https://svnweb.freebsd.org/changeset/base/362163
Log:
Modify mountd to use the new struct export_args committed by r362158.
r362158 modified struct export_args for make the ex_flags field 64bits
and also changed the anonymous credentials to allow more than 16 groups.
This patch fixes mountd.c to use the new structure.
It does allocate larger exportlist and grouplist structures now.
That will be fixed in a future commit.
The only visible change will be that the credentials provided for the
-maproot and -mapall exports options can now have more than 16 groups.
Reviewed by: kib, freqlabs
Relnotes: yes
Differential Revision:https://reviews.freebsd.org/D25088
Modified:
head/usr.sbin/mountd/mountd.c
Modified: head/usr.sbin/mountd/mountd.c
==
--- head/usr.sbin/mountd/mountd.c Sun Jun 14 00:23:06 2020
(r362162)
+++ head/usr.sbin/mountd/mountd.c Sun Jun 14 00:40:00 2020
(r362163)
@@ -112,6 +112,15 @@ struct dirlist {
#defineDP_DEFSET 0x1
#define DP_HOSTSET 0x2
+/*
+ * maproot/mapall credentials.
+ */
+struct expcred {
+ uid_t cr_uid;
+ int cr_ngroups;
+ gid_t cr_groups[NGROUPS_MAX + 1];
+};
+
struct exportlist {
struct dirlist *ex_dirl;
struct dirlist *ex_defdir;
@@ -120,8 +129,8 @@ struct exportlist {
fsid_t ex_fs;
char*ex_fsdir;
char*ex_indexfile;
- struct xucred ex_defanon;
- int ex_defexflags;
+ struct expcred ex_defanon;
+ uint64_tex_defexflags;
int ex_numsecflavors;
int ex_secflavors[MAXSECFLAVORS];
int ex_defnumsecflavors;
@@ -152,8 +161,8 @@ struct grouplist {
int gr_type;
union grouptypes gr_ptr;
struct grouplist *gr_next;
- struct xucred gr_anon;
- int gr_exflags;
+ struct expcred gr_anon;
+ uint64_t gr_exflags;
int gr_flag;
int gr_numsecflavors;
int gr_secflavors[MAXSECFLAVORS];
@@ -194,7 +203,7 @@ struct fhreturn {
static char*add_expdir(struct dirlist **, char *, int);
static voidadd_dlist(struct dirlist **, struct dirlist *,
struct grouplist *, int, struct exportlist *,
- struct xucred *, int);
+ struct expcred *, uint64_t);
static voidadd_mlist(char *, char *);
static int check_dirpath(char *);
static int check_options(struct dirlist *);
@@ -208,10 +217,10 @@ static void clearout_service(void);
static voiddel_mlist(char *hostp, char *dirp);
static struct dirlist *dirp_search(struct dirlist *, char *);
static int do_export_mount(struct exportlist *, struct statfs *);
-static int do_mount(struct exportlist *, struct grouplist *, int,
- struct xucred *, char *, int, struct statfs *, int, int *);
+static int do_mount(struct exportlist *, struct grouplist *, uint64_t,
+ struct expcred *, char *, int, struct statfs *, int, int *);
static int do_opt(char **, char **, struct exportlist *,
- struct grouplist *, int *, int *, struct xucred *);
+ struct grouplist *, int *, uint64_t *, struct expcred *);
static struct exportlist *ex_search(fsid_t *, struct exportlisthead *);
static struct exportlist *get_exp(void);
static voidfree_dir(struct dirlist *);
@@ -226,7 +235,7 @@ static void free_exports(struct exportlisthead *);
static voidread_exportfile(int);
static int compare_nmount_exportlist(struct iovec *, int, char *);
static int compare_export(struct exportlist *, struct exportlist *);
-static int compare_cred(struct xucred *, struct xucred *);
+static int compare_cred(struct expcred *, struct expcred *);
static int compare_secflavor(int *, int *, int);
static voiddelete_export(struct iovec *, int, struct statfs *, char *);
static int get_host(char *, struct grouplist *, struct grouplist *);
@@ -237,13 +246,13 @@ static intget_net(char *, struct netmsk *, int);
static voidgetexp_err(struct exportlist *, struct grouplist *, const char
*);
static struct grouplist*get_grp(void);
static voidhang_dirp(struct dirlist *, struct grouplist *,
- struct exportlist *, int, struct xucred *, int);
+ struct exportlist *, int, struct expcred *, uint64_t);
static voidhuphandler(int sig);
static int makemask(struct sockaddr_storage *ssp, int bitlen);
static voidmntsrv(struct svc_req *, SVCXPRT *);
static voidnextfield(char **, char **);
static voidout_of_mem(void);
-static voidparsecred(char *, struct xucred *);
+static voidparsecred(char *, struct expcre
svn commit: r362160 - head
Author: rmacklem Date: Sun Jun 14 00:15:44 2020 New Revision: 362160 URL: https://svnweb.freebsd.org/changeset/base/362160 Log: Add an entry to UPDATING for r362158. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Sun Jun 14 00:12:29 2020(r362159) +++ head/UPDATING Sun Jun 14 00:15:44 2020(r362160) @@ -26,6 +26,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200613: + r362158 changed the arguments for VFS_CHECKEXP(). As such, any + out of tree file systems need to be modified and rebuilt. + Also, any file systems that are modules must be rebuilt. + 20200604: read(2) of a directory fd is now rejected by default. root may re-enable it for system root only on non-ZFS filesystems with the ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362159 - head/sys/sys
Author: rmacklem Date: Sun Jun 14 00:12:29 2020 New Revision: 362159 URL: https://svnweb.freebsd.org/changeset/base/362159 Log: Version bump for r362158, since the arguments for vfs_checkexp() changed. Modified: head/sys/sys/param.h Modified: head/sys/sys/param.h == --- head/sys/sys/param.hSun Jun 14 00:10:18 2020(r362158) +++ head/sys/sys/param.hSun Jun 14 00:12:29 2020(r362159) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300097 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300098 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362158 - in head/sys: cddl/contrib/opensolaris/uts/common/fs/zfs fs/cd9660 fs/msdosfs fs/nfs fs/nfsserver fs/unionfs kern nlm sys ufs/ffs
Author: rmacklem
Date: Sun Jun 14 00:10:18 2020
New Revision: 362158
URL: https://svnweb.freebsd.org/changeset/base/362158
Log:
Fix export_args ex_flags field so that is 64bits, the same as mnt_flags.
Since mnt_flags was upgraded to 64bits there has been a quirk in
"struct export_args", since it hold a copy of mnt_flags
in ex_flags, which is an "int" (32bits).
This happens to currently work, since all the flag bits used in ex_flags are
defined in the low order 32bits. However, new export flags cannot be defined.
Also, ex_anon is a "struct xucred", which limits it to 16 additional groups.
This patch revises "struct export_args" to make ex_flags 64bits and replaces
ex_anon with ex_uid, ex_ngroups and ex_groups (which points to a
groups list, so it can be malloc'd up to NGROUPS in size.
This requires that the VFS_CHECKEXP() arguments change, so I also modified the
last "secflavors" argument to be an array pointer, so that the
secflavors could be copied in VFS_CHECKEXP() while the export entry is locked.
(Without this patch VFS_CHECKEXP() returns a pointer to the secflavors
array and then it is used after being unlocked, which is potentially
a problem if the exports entry is changed.
In practice this does not occur when mountd is run with "-S",
but I think it is worth fixing.)
This patch also deleted the vfs_oexport_conv() function, since
do_mount_update() does the conversion, as required by the old vfs_cmount()
calls.
Reviewed by: kib, freqlabs
Relnotes: yes
Differential Revision:https://reviews.freebsd.org/D25088
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c
head/sys/fs/cd9660/cd9660_vfsops.c
head/sys/fs/msdosfs/msdosfs_vfsops.c
head/sys/fs/nfs/nfsdport.h
head/sys/fs/nfs/nfsport.h
head/sys/fs/nfsserver/nfs_nfsdport.c
head/sys/fs/unionfs/union_vfsops.c
head/sys/kern/vfs_export.c
head/sys/kern/vfs_init.c
head/sys/kern/vfs_mount.c
head/sys/nlm/nlm_prot_impl.c
head/sys/sys/mount.h
head/sys/ufs/ffs/ffs_vfsops.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c
==
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.cSat Jun
13 23:35:22 2020(r362157)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.cSun Jun
14 00:10:18 2020(r362158)
@@ -101,8 +101,8 @@ static int zfs_root(vfs_t *vfsp, int flags, vnode_t **
static int zfs_statfs(vfs_t *vfsp, struct statfs *statp);
static int zfs_vget(vfs_t *vfsp, ino_t ino, int flags, vnode_t **vpp);
static int zfs_sync(vfs_t *vfsp, int waitfor);
-static int zfs_checkexp(vfs_t *vfsp, struct sockaddr *nam, int *extflagsp,
-struct ucred **credanonp, int *numsecflavors, int **secflavors);
+static int zfs_checkexp(vfs_t *vfsp, struct sockaddr *nam, uint64_t *extflagsp,
+struct ucred **credanonp, int *numsecflavors, int *secflavors);
static int zfs_fhtovp(vfs_t *vfsp, fid_t *fidp, int flags, vnode_t **vpp);
static void zfs_objset_close(zfsvfs_t *zfsvfs);
static void zfs_freevfs(vfs_t *vfsp);
@@ -2268,8 +2268,8 @@ zfs_vget(vfs_t *vfsp, ino_t ino, int flags, vnode_t **
}
static int
-zfs_checkexp(vfs_t *vfsp, struct sockaddr *nam, int *extflagsp,
-struct ucred **credanonp, int *numsecflavors, int **secflavors)
+zfs_checkexp(vfs_t *vfsp, struct sockaddr *nam, uint64_t *extflagsp,
+struct ucred **credanonp, int *numsecflavors, int *secflavors)
{
zfsvfs_t *zfsvfs = vfsp->vfs_data;
Modified: head/sys/fs/cd9660/cd9660_vfsops.c
==
--- head/sys/fs/cd9660/cd9660_vfsops.c Sat Jun 13 23:35:22 2020
(r362157)
+++ head/sys/fs/cd9660/cd9660_vfsops.c Sun Jun 14 00:10:18 2020
(r362158)
@@ -101,16 +101,14 @@ static int
cd9660_cmount(struct mntarg *ma, void *data, uint64_t flags)
{
struct iso_args args;
- struct export_args exp;
int error;
error = copyin(data, &args, sizeof args);
if (error)
return (error);
- vfs_oexport_conv(&args.export, &exp);
ma = mount_argsu(ma, "from", args.fspec, MAXPATHLEN);
- ma = mount_arg(ma, "export", &exp, sizeof(exp));
+ ma = mount_arg(ma, "export", &args.export, sizeof(args.export));
ma = mount_argsu(ma, "cs_disk", args.cs_disk, 64);
ma = mount_argsu(ma, "cs_local", args.cs_local, 64);
ma = mount_argf(ma, "ssector", "%u", args.ssector);
Modified: head/sys/fs/msdosfs/msdosfs_vfsops.c
==
--- head/sys/fs/msdosfs/msdosfs_vfsops.cSat Jun 13 23:35:22 2020
(r362157)
+++ head/sys/fs/msdosfs/msdosfs_vfsops.cSun Jun 14 00:10:18 2020
(r362158)
@@ -190,7 +190,6 @@ static int
msdosfs_cmount(struct mntarg *ma, void *data, uint64_t flags)
{
struct msdosfs
svn commit: r361998 - in head/sys: kern sys
Author: rmacklem
Date: Wed Jun 10 02:51:39 2020
New Revision: 361998
URL: https://svnweb.freebsd.org/changeset/base/361998
Log:
Add two functions that create M_EXTPG mbufs with anonymous pages.
These two functions are needed by nfs-over-tls, but could also be
useful for other purposes.
mb_alloc_ext_plus_pages() - Allocates a M_EXTPG mbuf and enough anonymous
pages to store "len" data bytes.
mb_mapped_to_unmapped() - Copies the data from a list of mapped (non-M_EXTPG)
mbufs into a list of M_EXTPG mbufs allocated with anonymous pages.
This is roughly the inverse of mb_unmapped_to_ext().
Reviewed by: gallatin
Differential Revision:https://reviews.freebsd.org/D25182
Modified:
head/sys/kern/kern_mbuf.c
head/sys/sys/mbuf.h
Modified: head/sys/kern/kern_mbuf.c
==
--- head/sys/kern/kern_mbuf.c Wed Jun 10 02:50:25 2020(r361997)
+++ head/sys/kern/kern_mbuf.c Wed Jun 10 02:51:39 2020(r361998)
@@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
#include
#include
#include
+#include
#include
#include
#include
@@ -1536,4 +1537,105 @@ m_snd_tag_destroy(struct m_snd_tag *mst)
ifp->if_snd_tag_free(mst);
if_rele(ifp);
counter_u64_add(snd_tag_count, -1);
+}
+
+/*
+ * Allocate an mbuf with anonymous external pages.
+ */
+struct mbuf *
+mb_alloc_ext_plus_pages(int len, int how)
+{
+ struct mbuf *m;
+ vm_page_t pg;
+ int i, npgs;
+
+ m = mb_alloc_ext_pgs(how, mb_free_mext_pgs);
+ if (m == NULL)
+ return (NULL);
+ m->m_epg_flags |= EPG_FLAG_ANON;
+ npgs = howmany(len, PAGE_SIZE);
+ for (i = 0; i < npgs; i++) {
+ do {
+ pg = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
+ VM_ALLOC_NOOBJ | VM_ALLOC_NODUMP | VM_ALLOC_WIRED);
+ if (pg == NULL) {
+ if (how == M_NOWAIT) {
+ m->m_epg_npgs = i;
+ m_free(m);
+ return (NULL);
+ }
+ vm_wait(NULL);
+ }
+ } while (pg == NULL);
+ m->m_epg_pa[i] = VM_PAGE_TO_PHYS(pg);
+ }
+ m->m_epg_npgs = npgs;
+ return (m);
+}
+
+/*
+ * Copy the data in the mbuf chain to a chain of mbufs with anonymous external
+ * unmapped pages.
+ * len is the length of data in the input mbuf chain.
+ * mlen is the maximum number of bytes put into each ext_page mbuf.
+ */
+struct mbuf *
+mb_mapped_to_unmapped(struct mbuf *mp, int len, int mlen, int how,
+struct mbuf **mlast)
+{
+ struct mbuf *m, *mout;
+ char *pgpos, *mbpos;
+ int i, mblen, mbufsiz, pglen, xfer;
+
+ if (len == 0)
+ return (NULL);
+ mbufsiz = min(mlen, len);
+ m = mout = mb_alloc_ext_plus_pages(mbufsiz, how);
+ if (m == NULL)
+ return (m);
+ pgpos = (char *)(void *)PHYS_TO_DMAP(m->m_epg_pa[0]);
+ pglen = PAGE_SIZE;
+ mblen = 0;
+ i = 0;
+ do {
+ if (pglen == 0) {
+ if (++i == m->m_epg_npgs) {
+ m->m_epg_last_len = PAGE_SIZE;
+ mbufsiz = min(mlen, len);
+ m->m_next = mb_alloc_ext_plus_pages(mbufsiz,
+ how);
+ m = m->m_next;
+ if (m == NULL) {
+ m_freem(mout);
+ return (m);
+ }
+ i = 0;
+ }
+ pgpos = (char *)(void *)PHYS_TO_DMAP(m->m_epg_pa[i]);
+ pglen = PAGE_SIZE;
+ }
+ while (mblen == 0) {
+ if (mp == NULL) {
+ m_freem(mout);
+ return (NULL);
+ }
+ KASSERT((mp->m_flags & M_EXTPG) == 0,
+ ("mb_copym_ext_pgs: ext_pgs input mbuf"));
+ mbpos = mtod(mp, char *);
+ mblen = mp->m_len;
+ mp = mp->m_next;
+ }
+ xfer = min(mblen, pglen);
+ memcpy(pgpos, mbpos, xfer);
+ pgpos += xfer;
+ mbpos += xfer;
+ pglen -= xfer;
+ mblen -= xfer;
+ len -= xfer;
+ m->m_len += xfer;
+ } while (len > 0);
+ m->m_epg_last_len = PAGE_SIZE - pglen;
+ if (mlast != NULL)
+ *mlast = m;
+ return (mout);
}
Modified: head/sys/sys/mbuf.h
==
svn commit: r361956 - head/usr.sbin/mountd
Author: rmacklem
Date: Tue Jun 9 05:01:23 2020
New Revision: 361956
URL: https://svnweb.freebsd.org/changeset/base/361956
Log:
Fix a bug where XU_NGROUPS + 1 groups might be copied.
r361780 fixed the code so that it would only remove the duplicate when
it actually existed. However, that might have resulted in XU_NGROUPS + 1
groups being copied, running off the end of the array. This patch fixes
the problem.
Spotted during code inspection for other mountd changes.
MFC after:2 weeks
Modified:
head/usr.sbin/mountd/mountd.c
Modified: head/usr.sbin/mountd/mountd.c
==
--- head/usr.sbin/mountd/mountd.c Tue Jun 9 02:07:43 2020
(r361955)
+++ head/usr.sbin/mountd/mountd.c Tue Jun 9 05:01:23 2020
(r361956)
@@ -3481,6 +3481,8 @@ parsecred(char *namelist, struct xucred *cr)
cr->cr_groups[cnt - 1] = groups[cnt];
} else {
cr->cr_ngroups = ngroups;
+ if (cr->cr_ngroups > XU_NGROUPS)
+ cr->cr_ngroups = XU_NGROUPS;
for (cnt = 1; cnt < ngroups; cnt++)
cr->cr_groups[cnt] = groups[cnt];
}
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361854 - head/usr.sbin/mountd
Author: rmacklem
Date: Sat Jun 6 00:40:02 2020
New Revision: 361854
URL: https://svnweb.freebsd.org/changeset/base/361854
Log:
Fix mountd so that it will not lose SIGHUPs that indicate "reload exports".
Without this patch, if a SIGHUP is handled while the process is executing
get_exportlist(), that SIGHUP is essentially ignored because the got_sighup
variable is reset to 0 after get_exportlist().
This results in the exports file(s) not being reloaded until another SIGHUP
signal is sent to mountd.
This patch fixes this by resetting got_sighup to zero before the
get_exportlist() call while SIGHUP is blocked.
It also defines a delay time of 250msec before doing another exports reload
if there are RPC request(s) to process. This prevents repeated exports reloads
from delaying handling of RPC requests significantly.
PR: 246597
Reported by: patrykkotlow...@gmail.com
Tested by:patrykkotlow...@gmail.com
Reviewed by: markj
MFC after:2 weeks
Differential Revision:https://reviews.freebsd.org/D25127
Modified:
head/usr.sbin/mountd/mountd.c
Modified: head/usr.sbin/mountd/mountd.c
==
--- head/usr.sbin/mountd/mountd.c Sat Jun 6 00:35:41 2020
(r361853)
+++ head/usr.sbin/mountd/mountd.c Sat Jun 6 00:40:02 2020
(r361854)
@@ -184,6 +184,12 @@ struct fhreturn {
#defineGETPORT_MAXTRY 20 /* Max tries to get a port # */
+/*
+ * How long to delay a reload of exports when there are RPC request(s)
+ * to process, in usec. Must be less than 1second.
+ */
+#defineRELOADDELAY 25
+
/* Global defs */
static char*add_expdir(struct dirlist **, char *, int);
static voidadd_dlist(struct dirlist **, struct dirlist *,
@@ -410,6 +416,10 @@ main(int argc, char **argv)
int maxrec = RPC_MAXDATASIZE;
int attempt_cnt, port_len, port_pos, ret;
char **port_list;
+ uint64_t curtime, nexttime;
+ struct timeval tv;
+ struct timespec tp;
+ sigset_t sighup_mask;
/* Check that another mountd isn't already running. */
pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
@@ -665,19 +675,49 @@ main(int argc, char **argv)
}
/* Expand svc_run() here so that we can call get_exportlist(). */
+ curtime = nexttime = 0;
+ sigemptyset(&sighup_mask);
+ sigaddset(&sighup_mask, SIGHUP);
for (;;) {
- if (got_sighup) {
- get_exportlist(1);
+ clock_gettime(CLOCK_MONOTONIC, &tp);
+ curtime = tp.tv_sec;
+ curtime = curtime * 100 + tp.tv_nsec / 1000;
+ sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
+ if (got_sighup && curtime >= nexttime) {
got_sighup = 0;
- }
+ sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
+ get_exportlist(1);
+ clock_gettime(CLOCK_MONOTONIC, &tp);
+ nexttime = tp.tv_sec;
+ nexttime = nexttime * 100 + tp.tv_nsec / 1000 +
+ RELOADDELAY;
+ } else
+ sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
+
+ /*
+* If a reload is pending, poll for received request(s),
+* otherwise set a RELOADDELAY timeout, since a SIGHUP
+* could be processed between the got_sighup test and
+* the select() system call.
+*/
+ tv.tv_sec = 0;
+ if (got_sighup)
+ tv.tv_usec = 0;
+ else
+ tv.tv_usec = RELOADDELAY;
readfds = svc_fdset;
- switch (select(svc_maxfd + 1, &readfds, NULL, NULL, NULL)) {
+ switch (select(svc_maxfd + 1, &readfds, NULL, NULL, &tv)) {
case -1:
- if (errno == EINTR)
-continue;
+ if (errno == EINTR) {
+ /* Allow a reload now. */
+ nexttime = 0;
+ continue;
+ }
syslog(LOG_ERR, "mountd died: select: %m");
exit(1);
case 0:
+ /* Allow a reload now. */
+ nexttime = 0;
continue;
default:
svc_getreqset(&readfds);
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361780 - head/usr.sbin/mountd
Author: rmacklem
Date: Thu Jun 4 00:28:20 2020
New Revision: 361780
URL: https://svnweb.freebsd.org/changeset/base/361780
Log:
Fix mountd to handle getgrouplist() not returning groups[0] == groups[1].
Prior to r174547, getgrouplist(3) always returned a groups list with
element 0 and 1 set to the basegid argument, so long as ngroups was > 1.
Post-r174547 this is not the case. r328304 disabled the deduplication that
removed the duplicate, but the duplicate still does not occur unless the
group for a user in the password database is also entered in the group
database.
This patch fixes mountd so that it handles the case where a user specified
with the -maproot or -mapall exports option has a getgrouplist(3) groups
list where groups[0] != groups[1].
Found while testing another mountd patch.
MFC after:2 weeks
Modified:
head/usr.sbin/mountd/mountd.c
Modified: head/usr.sbin/mountd/mountd.c
==
--- head/usr.sbin/mountd/mountd.c Wed Jun 3 23:21:44 2020
(r361779)
+++ head/usr.sbin/mountd/mountd.c Thu Jun 4 00:28:20 2020
(r361780)
@@ -3434,10 +3434,16 @@ parsecred(char *namelist, struct xucred *cr)
/*
* Compress out duplicate.
*/
- cr->cr_ngroups = ngroups - 1;
cr->cr_groups[0] = groups[0];
- for (cnt = 2; cnt < ngroups; cnt++)
- cr->cr_groups[cnt - 1] = groups[cnt];
+ if (ngroups > 1 && groups[0] == groups[1]) {
+ cr->cr_ngroups = ngroups - 1;
+ for (cnt = 2; cnt < ngroups; cnt++)
+ cr->cr_groups[cnt - 1] = groups[cnt];
+ } else {
+ cr->cr_ngroups = ngroups;
+ for (cnt = 1; cnt < ngroups; cnt++)
+ cr->cr_groups[cnt] = groups[cnt];
+ }
return;
}
/*
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361711 - head/sys/kern
Author: rmacklem
Date: Tue Jun 2 00:03:26 2020
New Revision: 361711
URL: https://svnweb.freebsd.org/changeset/base/361711
Log:
Fix build issue introduced by r361699.
Reported by: cy (and others)
Modified:
head/sys/kern/vfs_mount.c
Modified: head/sys/kern/vfs_mount.c
==
--- head/sys/kern/vfs_mount.c Mon Jun 1 23:44:03 2020(r361710)
+++ head/sys/kern/vfs_mount.c Tue Jun 2 00:03:26 2020(r361711)
@@ -70,6 +70,9 @@ __FBSDID("$FreeBSD$");
#include
+#include
+#include
+
#include
#include
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r361682 - head/include
>Author: rmacklem
>Date: Sun May 31 22:46:32 2020
>New Revision: 361682
>URL: https://svnweb.freebsd.org/changeset/base/361682
>
>Log:
> Oops, I didn't notice the "cd" is needed for each install line.
>
>Modified:
> head/include/Makefile
>
>Modified: head/include/Makefile
>=>=
>--- head/include/Makefile Sun May 31 22:40:39 2020(r361681)
>+++ head/include/Makefile Sun May 31 22:46:32 2020(r361682)
>@@ -236,6 +236,7 @@ copies: .PHONY .META
>cd ${SRCTOP}/sys/rpc; \
>${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444
> rpcsec_tls.h \
>${SDESTDIR}${INCLUDEDIR}/rpc
Or would it be preferable to put a line continuation "\" here instead of adding
the second "cd .."?
>+ cd ${SRCTOP}/sys/rpc; \
>${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 types.h \
>${SDESTDIR}${INCLUDEDIR}/rpc
>cd ${SRCTOP}/sys/teken; \
rick
ps: I'll admit I tried to do a "make buildworld" but it was still building clang
after 7 hours, so I gave up...
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361682 - head/include
Author: rmacklem
Date: Sun May 31 22:46:32 2020
New Revision: 361682
URL: https://svnweb.freebsd.org/changeset/base/361682
Log:
Oops, I didn't notice the "cd" is needed for each install line.
Modified:
head/include/Makefile
Modified: head/include/Makefile
==
--- head/include/Makefile Sun May 31 22:40:39 2020(r361681)
+++ head/include/Makefile Sun May 31 22:46:32 2020(r361682)
@@ -236,6 +236,7 @@ copies: .PHONY .META
cd ${SRCTOP}/sys/rpc; \
${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 rpcsec_tls.h
\
${SDESTDIR}${INCLUDEDIR}/rpc
+ cd ${SRCTOP}/sys/rpc; \
${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 types.h \
${SDESTDIR}${INCLUDEDIR}/rpc
cd ${SRCTOP}/sys/teken; \
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361679 - head/include
Author: rmacklem
Date: Sun May 31 22:15:34 2020
New Revision: 361679
URL: https://svnweb.freebsd.org/changeset/base/361679
Log:
Update the Makefile to copy rpcsec_tls.h to /usr/include/rpc.
Modified:
head/include/Makefile
Modified: head/include/Makefile
==
--- head/include/Makefile Sun May 31 22:12:56 2020(r361678)
+++ head/include/Makefile Sun May 31 22:15:34 2020(r361679)
@@ -234,6 +234,8 @@ copies: .PHONY .META
.endif
.endfor
cd ${SRCTOP}/sys/rpc; \
+ ${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 rpcsec_tls.h
\
+ ${SDESTDIR}${INCLUDEDIR}/rpc
${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 types.h \
${SDESTDIR}${INCLUDEDIR}/rpc
cd ${SRCTOP}/sys/teken; \
@@ -367,7 +369,7 @@ symlinks: .PHONY .META
${SDESTDIR}${INCLUDEDIR}/isofs/cd9660; \
done
cd ${SRCTOP}/sys/rpc; \
- for h in types.h; do \
+ for h in rpcsec_tls.h types.h; do \
${INSTALL_SYMLINK} ${TAG_ARGS} ../../../sys/rpc/$$h \
${SDESTDIR}${INCLUDEDIR}/rpc; \
done
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361658 - head/sys/rpc
Author: rmacklem Date: Sun May 31 01:12:52 2020 New Revision: 361658 URL: https://svnweb.freebsd.org/changeset/base/361658 Log: Add the .h file that describes the operations for the rpctls_syscall. This .h file will be used by the nfs-over-tls daemons to do the system call that was added by r361599. Added: head/sys/rpc/rpcsec_tls.h (contents, props changed) Added: head/sys/rpc/rpcsec_tls.h == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/rpc/rpcsec_tls.h Sun May 31 01:12:52 2020(r361658) @@ -0,0 +1,82 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2020 Rick Macklem + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef_RPC_RPCSEC_TLS_H_ +#define_RPC_RPCSEC_TLS_H_ + +/* Operation values for rpctls syscall. */ +#defineRPCTLS_SYSC_CLSETPATH 1 +#defineRPCTLS_SYSC_CLSOCKET2 +#defineRPCTLS_SYSC_CLSHUTDOWN 3 +#defineRPCTLS_SYSC_SRVSETPATH 4 +#defineRPCTLS_SYSC_SRVSOCKET 5 +#defineRPCTLS_SYSC_SRVSHUTDOWN 6 + +/* System call used by the rpctlscd, rpctlssd daemons. */ +intrpctls_syscall(int, const char *); + +/* Flag bits to indicate certificate results. */ +#defineRPCTLS_FLAGS_HANDSHAKE 0x01 +#defineRPCTLS_FLAGS_GOTCERT0x02 +#defineRPCTLS_FLAGS_SELFSIGNED 0x04 +#defineRPCTLS_FLAGS_VERIFIED 0x08 +#defineRPCTLS_FLAGS_DISABLED 0x10 +#defineRPCTLS_FLAGS_CERTUSER 0x20 + +/* Error return values for upcall rpcs. */ +#defineRPCTLSERR_OK0 +#defineRPCTLSERR_NOCLOSE 1 +#defineRPCTLSERR_NOSSL 2 +#defineRPCTLSERR_NOSOCKET 3 + +#ifdef _KERNEL +/* Functions that perform upcalls to the rpctlsd daemon. */ +enum clnt_stat rpctls_connect(CLIENT *newclient, struct socket *so, + uint64_t *sslp, uint32_t *reterr); +enum clnt_stat rpctls_cl_handlerecord(uint64_t sec, uint64_t usec, + uint64_t ssl, uint32_t *reterr); +enum clnt_stat rpctls_srv_handlerecord(uint64_t sec, uint64_t usec, + uint64_t ssl, uint32_t *reterr); +enum clnt_stat rpctls_cl_disconnect(uint64_t sec, uint64_t usec, + uint64_t ssl, uint32_t *reterr); +enum clnt_stat rpctls_srv_disconnect(uint64_t sec, uint64_t usec, + uint64_t ssl, uint32_t *reterr); + +/* Initialization function for rpcsec_tls. */ +intrpctls_init(void); + +/* Get TLS information function. */ +bool rpctls_getinfo(u_int *maxlen); + +/* String for AUTH_TLS reply verifier. */ +#defineRPCTLS_START_STRING "STARTTLS" + +#endif /* _KERNEL */ + +#endif /* _RPC_RPCSEC_TLS_H_ */ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361614 - head/sys/sys
Author: rmacklem Date: Fri May 29 00:10:19 2020 New Revision: 361614 URL: https://svnweb.freebsd.org/changeset/base/361614 Log: Oops two, missed syscall.mk as well. Modified: head/sys/sys/syscall.mk Modified: head/sys/sys/syscall.mk == --- head/sys/sys/syscall.mk Fri May 29 00:09:12 2020(r361613) +++ head/sys/sys/syscall.mk Fri May 29 00:10:19 2020(r361614) @@ -416,4 +416,5 @@ MIASM = \ shm_rename.o \ sigfastblock.o \ __realpathat.o \ - close_range.o + close_range.o \ + rpctls_syscall.o ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361610 - head/sys/sys
Author: rmacklem
Date: Thu May 28 23:57:50 2020
New Revision: 361610
URL: https://svnweb.freebsd.org/changeset/base/361610
Log:
Oops, missed syscall.h and sysproto.h for r361602.
Pointy hat goes on me.
Modified:
head/sys/sys/syscall.h
head/sys/sys/sysproto.h
Modified: head/sys/sys/syscall.h
==
--- head/sys/sys/syscall.h Thu May 28 23:55:46 2020(r361609)
+++ head/sys/sys/syscall.h Thu May 28 23:57:50 2020(r361610)
@@ -511,4 +511,5 @@
#defineSYS_sigfastblock573
#defineSYS___realpathat574
#defineSYS_close_range 575
-#defineSYS_MAXSYSCALL 576
+#defineSYS_rpctls_syscall 576
+#defineSYS_MAXSYSCALL 577
Modified: head/sys/sys/sysproto.h
==
--- head/sys/sys/sysproto.h Thu May 28 23:55:46 2020(r361609)
+++ head/sys/sys/sysproto.h Thu May 28 23:57:50 2020(r361610)
@@ -1832,6 +1832,10 @@ struct close_range_args {
char highfd_l_[PADL_(u_int)]; u_int highfd; char
highfd_r_[PADR_(u_int)];
char flags_l_[PADL_(int)]; int flags; char flags_r_[PADR_(int)];
};
+struct rpctls_syscall_args {
+ char op_l_[PADL_(int)]; int op; char op_r_[PADR_(int)];
+ char path_l_[PADL_(const char *)]; const char * path; char
path_r_[PADR_(const char *)];
+};
intnosys(struct thread *, struct nosys_args *);
void sys_sys_exit(struct thread *, struct sys_exit_args *);
intsys_fork(struct thread *, struct fork_args *);
@@ -,6 +2226,7 @@ int sys_shm_rename(struct thread *, struct
shm_rename_
intsys_sigfastblock(struct thread *, struct sigfastblock_args *);
intsys___realpathat(struct thread *, struct __realpathat_args *);
intsys_close_range(struct thread *, struct close_range_args *);
+intsys_rpctls_syscall(struct thread *, struct rpctls_syscall_args *);
#ifdef COMPAT_43
@@ -3152,6 +3157,7 @@ int freebsd12_closefrom(struct thread *, struct
freebs
#defineSYS_AUE_sigfastblockAUE_NULL
#defineSYS_AUE___realpathatAUE_REALPATHAT
#defineSYS_AUE_close_range AUE_CLOSERANGE
+#defineSYS_AUE_rpctls_syscall AUE_NULL
#undef PAD_
#undef PADL_
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361603 - head/lib/libc/sys
Author: rmacklem
Date: Thu May 28 21:26:26 2020
New Revision: 361603
URL: https://svnweb.freebsd.org/changeset/base/361603
Log:
Add an entry to Symbol.map for the rpctls_syscall added by r361599.
Reviewed by: brooks
Differential Revision:https://reviews.freebsd.org/D24949
Modified:
head/lib/libc/sys/Symbol.map
Modified: head/lib/libc/sys/Symbol.map
==
--- head/lib/libc/sys/Symbol.mapThu May 28 21:23:02 2020
(r361602)
+++ head/lib/libc/sys/Symbol.mapThu May 28 21:26:26 2020
(r361603)
@@ -1033,4 +1033,5 @@ FBSDprivate_1.0 {
__sys_cpuset_getdomain;
_cpuset_setdomain;
__sys_cpuset_setdomain;
+ rpctls_syscall;
};
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361602 - in head/sys: compat/freebsd32 kern
Author: rmacklem
Date: Thu May 28 21:23:02 2020
New Revision: 361602
URL: https://svnweb.freebsd.org/changeset/base/361602
Log:
Update the files created from the new syscalls.master from r361599.
Reviewed by: brooks
Differential Revision:https://reviews.freebsd.org/D24949
Modified:
head/sys/compat/freebsd32/freebsd32_syscall.h
head/sys/compat/freebsd32/freebsd32_syscalls.c
head/sys/compat/freebsd32/freebsd32_sysent.c
head/sys/compat/freebsd32/freebsd32_systrace_args.c
head/sys/kern/init_sysent.c
head/sys/kern/syscalls.c
head/sys/kern/systrace_args.c
Modified: head/sys/compat/freebsd32/freebsd32_syscall.h
==
--- head/sys/compat/freebsd32/freebsd32_syscall.h Thu May 28 21:22:30
2020(r361601)
+++ head/sys/compat/freebsd32/freebsd32_syscall.h Thu May 28 21:23:02
2020(r361602)
@@ -502,4 +502,5 @@
#defineFREEBSD32_SYS_sigfastblock 573
#defineFREEBSD32_SYS___realpathat 574
#defineFREEBSD32_SYS_close_range 575
-#defineFREEBSD32_SYS_MAXSYSCALL576
+#defineFREEBSD32_SYS_rpctls_syscall576
+#defineFREEBSD32_SYS_MAXSYSCALL577
Modified: head/sys/compat/freebsd32/freebsd32_syscalls.c
==
--- head/sys/compat/freebsd32/freebsd32_syscalls.c Thu May 28 21:22:30
2020(r361601)
+++ head/sys/compat/freebsd32/freebsd32_syscalls.c Thu May 28 21:23:02
2020(r361602)
@@ -612,4 +612,5 @@ const char *freebsd32_syscallnames[] = {
"sigfastblock", /* 573 = sigfastblock */
"__realpathat", /* 574 = __realpathat */
"close_range", /* 575 = close_range */
+ "rpctls_syscall", /* 576 = rpctls_syscall */
};
Modified: head/sys/compat/freebsd32/freebsd32_sysent.c
==
--- head/sys/compat/freebsd32/freebsd32_sysent.cThu May 28 21:22:30
2020(r361601)
+++ head/sys/compat/freebsd32/freebsd32_sysent.cThu May 28 21:23:02
2020(r361602)
@@ -665,4 +665,5 @@ struct sysent freebsd32_sysent[] = {
{ AS(sigfastblock_args), (sy_call_t *)sys_sigfastblock, AUE_NULL, NULL,
0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 573 = sigfastblock */
{ AS(__realpathat_args), (sy_call_t *)sys___realpathat, AUE_REALPATHAT,
NULL, 0, 0, 0, SY_THR_STATIC }, /* 574 = __realpathat */
{ AS(close_range_args), (sy_call_t *)sys_close_range, AUE_CLOSERANGE,
NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 575 = close_range */
+ { AS(rpctls_syscall_args), (sy_call_t *)lkmressys, AUE_NULL, NULL, 0,
0, 0, SY_THR_ABSENT },/* 576 = rpctls_syscall */
};
Modified: head/sys/compat/freebsd32/freebsd32_systrace_args.c
==
--- head/sys/compat/freebsd32/freebsd32_systrace_args.c Thu May 28 21:22:30
2020(r361601)
+++ head/sys/compat/freebsd32/freebsd32_systrace_args.c Thu May 28 21:23:02
2020(r361602)
@@ -3376,6 +3376,14 @@ systrace_args(int sysnum, void *params, uint64_t *uarg
*n_args = 3;
break;
}
+ /* rpctls_syscall */
+ case 576: {
+ struct rpctls_syscall_args *p = params;
+ iarg[0] = p->op; /* int */
+ uarg[1] = (intptr_t) p->path; /* const char * */
+ *n_args = 2;
+ break;
+ }
default:
*n_args = 0;
break;
@@ -9103,6 +9111,19 @@ systrace_entry_setargdesc(int sysnum, int ndx, char *d
break;
};
break;
+ /* rpctls_syscall */
+ case 576:
+ switch(ndx) {
+ case 0:
+ p = "int";
+ break;
+ case 1:
+ p = "userland const char *";
+ break;
+ default:
+ break;
+ };
+ break;
default:
break;
};
@@ -10999,6 +11020,11 @@ systrace_return_setargdesc(int sysnum, int ndx, char *
break;
/* close_range */
case 575:
+ if (ndx == 0 || ndx == 1)
+ p = "int";
+ break;
+ /* rpctls_syscall */
+ case 576:
if (ndx == 0 || ndx == 1)
p = "int";
break;
Modified: head/sys/kern/init_sysent.c
==
--- head/sys/kern/init_sysent.c Thu May 28 21:22:30 2020(r361601)
+++ head/sys/kern/init_sysent.c Thu May 28 21:23:02 2020(r361602)
@@ -631,4 +631,5 @@ struct sysent sysent[] = {
svn commit: r361599 - in head/sys: compat/freebsd32 kern
Author: rmacklem
Date: Thu May 28 21:06:10 2020
New Revision: 361599
URL: https://svnweb.freebsd.org/changeset/base/361599
Log:
Add a syscall for the nfs-over-tls daemons to use.
The nfs-over-tls daemons need a system call to perform operations such as
associate a file descriptor with a krpc socket.
The daemons will not be in head for some time, but it will make it
easier for testers of nfs-over-tls to do testing if the system call
is in head (basically the stub for libc which will be commited soon).
Reviewed by: brooks
Differential Revision:https://reviews.freebsd.org/D24949
Modified:
head/sys/compat/freebsd32/syscalls.master
head/sys/kern/syscalls.master
Modified: head/sys/compat/freebsd32/syscalls.master
==
--- head/sys/compat/freebsd32/syscalls.master Thu May 28 21:02:12 2020
(r361598)
+++ head/sys/compat/freebsd32/syscalls.master Thu May 28 21:06:10 2020
(r361599)
@@ -1164,5 +1164,8 @@
char *buf, size_t size, int flags); }
575AUE_CLOSERANGE NOPROTO { int close_range(u_int lowfd, u_int highfd, \
int flags); }
+; 576 is initialised by the krpc code, if present.
+576AUE_NULLNOSTD|NOPROTO { int rpctls_syscall(int op, \
+ const char *path); }
; vim: syntax=off
Modified: head/sys/kern/syscalls.master
==
--- head/sys/kern/syscalls.master Thu May 28 21:02:12 2020
(r361598)
+++ head/sys/kern/syscalls.master Thu May 28 21:06:10 2020
(r361599)
@@ -3234,6 +3234,13 @@
int flags
);
}
+; 576 is initialised by the krpc code, if present.
+576AUE_NULLNOSTD {
+ int rpctls_syscall(
+ int op,
+ _In_z_ const char *path
+ );
+ }
; Please copy any additions and changes to the following compatability tables:
; sys/compat/freebsd32/syscalls.master
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361567 - head/sys/kern
Author: rmacklem
Date: Wed May 27 23:20:35 2020
New Revision: 361567
URL: https://svnweb.freebsd.org/changeset/base/361567
Log:
Fix sosend() for the case where mbufs are passed in while doing ktls.
For kernel tls, sosend() needs to call ktls_frame() on the mbuf list
to be sent. Without this patch, this was only done when sosend()'s
arguments used a uio_iov and not when an mbuf list is passed in.
At this time, sosend() is never called with an mbuf list argument when
kernel tls is in use, but will be once nfs-over-tls has been incorporated
into head.
Reviewed by: gallatin, glebius
Differential Revision:https://reviews.freebsd.org/D24674
Modified:
head/sys/kern/uipc_socket.c
Modified: head/sys/kern/uipc_socket.c
==
--- head/sys/kern/uipc_socket.c Wed May 27 22:48:34 2020(r361566)
+++ head/sys/kern/uipc_socket.c Wed May 27 23:20:35 2020(r361567)
@@ -1678,6 +1678,13 @@ restart:
resid = 0;
if (flags & MSG_EOR)
top->m_flags |= M_EOR;
+#ifdef KERN_TLS
+ if (tls != NULL) {
+ ktls_frame(top, tls, &tls_enq_cnt,
+ tls_rtype);
+ tls_rtype = TLS_RLTYPE_APP;
+ }
+#endif
} else {
/*
* Copy the data from userland into a mbuf
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361146 - in head/sys/fs: nfs nfsserver
Author: rmacklem
Date: Mon May 18 00:07:45 2020
New Revision: 361146
URL: https://svnweb.freebsd.org/changeset/base/361146
Log:
Add a function nfsm_set() to initialize "struct nfsrv_descript" for building
mbuf lists.
This function is currently trivial, but will that will change when
support for building NFS messages in ext_pgs mbufs is added.
Adding support for ext_pgs mbufs is needed for KERN_TLS, which will
be used to implement nfs-over-tls.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfs_var.h
head/sys/fs/nfsserver/nfs_nfsdport.c
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cSun May 17 22:31:38 2020
(r361145)
+++ head/sys/fs/nfs/nfs_commonsubs.cMon May 18 00:07:45 2020
(r361146)
@@ -4778,3 +4778,14 @@ nfsv4_findmirror(struct nfsmount *nmp)
return (ds);
}
+/*
+ * Fill in the fields of "struct nfsrv_descript".
+ */
+void
+nfsm_set(struct nfsrv_descript *nd, u_int offs)
+{
+ struct mbuf *m;
+
+ m = nd->nd_mb;
+ nd->nd_bpos = mtod(m, char *) + offs;
+}
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Sun May 17 22:31:38 2020(r361145)
+++ head/sys/fs/nfs/nfs_var.h Mon May 18 00:07:45 2020(r361146)
@@ -360,6 +360,7 @@ int nfsv4_sequencelookup(struct nfsmount *, struct nfs
void nfsv4_freeslot(struct nfsclsession *, int);
struct ucred *nfsrv_getgrpscred(struct ucred *);
struct nfsdevice *nfsv4_findmirror(struct nfsmount *);
+void nfsm_set(struct nfsrv_descript *, u_int);
/* nfs_clcomsubs.c */
void nfsm_uiombuf(struct nfsrv_descript *, struct uio *, int);
Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
==
--- head/sys/fs/nfsserver/nfs_nfsdport.cSun May 17 22:31:38 2020
(r361145)
+++ head/sys/fs/nfsserver/nfs_nfsdport.cMon May 18 00:07:45 2020
(r361146)
@@ -5080,7 +5080,7 @@ nfsrv_writedsdorpc(struct nfsmount *nmp, fhandle_t *fh
while (m->m_next != NULL)
m = m->m_next;
nd->nd_mb = m;
- nd->nd_bpos = mtod(m, char *) + m->m_len;
+ nfsm_set(nd, m->m_len);
NFSD_DEBUG(4, "nfsrv_writedsdorpc: lastmb len=%d\n", m->m_len);
/* Do a Getattr for the attributes that change upon writing. */
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r360678 - head/sys/fs/nfs
Author: rmacklem
Date: Wed May 6 00:44:03 2020
New Revision: 360678
URL: https://svnweb.freebsd.org/changeset/base/360678
Log:
Delete unused function newnfs_trimleading.
The NFS function called newnfs_trimleading() has not been used by the
code in long time. To give you a clue, it still had a K&R style function
declaration.
Delete it, since it is just cruft, as a part of the NFS mbuf handling
cleanup in preparation for adding ext_pgs mbuf support.
The ext_pgs mbuf support for the build/send side is needed by
nfs-over-tls.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfs_var.h
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cWed May 6 00:25:43 2020
(r360677)
+++ head/sys/fs/nfs/nfs_commonsubs.cWed May 6 00:44:03 2020
(r360678)
@@ -1006,53 +1006,6 @@ nfsaddr2_match(NFSSOCKADDR_T nam1, NFSSOCKADDR_T nam2)
return (0);
}
-
-/*
- * Trim the stuff already dissected off the mbuf list.
- */
-APPLESTATIC void
-newnfs_trimleading(nd)
- struct nfsrv_descript *nd;
-{
- struct mbuf *m, *n;
- int offs;
-
- /*
-* First, free up leading mbufs.
-*/
- if (nd->nd_mrep != nd->nd_md) {
- m = nd->nd_mrep;
- while (m->m_next != nd->nd_md) {
- if (m->m_next == NULL)
- panic("nfsm trim leading");
- m = m->m_next;
- }
- m->m_next = NULL;
- m_freem(nd->nd_mrep);
- }
- m = nd->nd_md;
-
- /*
-* Now, adjust this mbuf, based on nd_dpos.
-*/
- offs = nd->nd_dpos - mtod(m, caddr_t);
- if (offs == m->m_len) {
- n = m;
- m = m->m_next;
- if (m == NULL)
- panic("nfsm trim leading2");
- n->m_next = NULL;
- m_freem(n);
- } else if (offs > 0) {
- m->m_len -= offs;
- m->m_data += offs;
- } else if (offs < 0)
- panic("nfsm trimleading offs");
- nd->nd_mrep = m;
- nd->nd_md = m;
- nd->nd_dpos = mtod(m, caddr_t);
-}
-
/*
* Trim trailing data off the mbuf list being built.
*/
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Wed May 6 00:25:43 2020(r360677)
+++ head/sys/fs/nfs/nfs_var.h Wed May 6 00:44:03 2020(r360678)
@@ -324,7 +324,6 @@ int nfsm_mbufuio(struct nfsrv_descript *, struct uio *
int nfsm_fhtom(struct nfsrv_descript *, u_int8_t *, int, int);
int nfsm_advance(struct nfsrv_descript *, int, int);
void *nfsm_dissct(struct nfsrv_descript *, int, int);
-void newnfs_trimleading(struct nfsrv_descript *);
void newnfs_trimtrailing(struct nfsrv_descript *, struct mbuf *,
caddr_t);
void newnfs_copycred(struct nfscred *, struct ucred *);
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r360650 - head/sys/fs/nfs
Author: rmacklem
Date: Tue May 5 00:58:03 2020
New Revision: 360650
URL: https://svnweb.freebsd.org/changeset/base/360650
Log:
Revert r360514, to avoid unnecessary churn of the sources.
r360514 prepared the NFS code for changes to handle ext_pgs mbufs on
the receive side. However, at this time, KERN_TLS does not pass
ext_pgs mbufs up through soreceive(). As such, as this time, only
the send/build side of the NFS mbuf code needs to handle ext_pgs mbufs.
Revert r360514 since the rather extensive changes required for receive
side ext_pgs mbufs are not yet needed.
This avoids unnecessary churn of the sources.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfs_var.h
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cTue May 5 00:08:41 2020
(r360649)
+++ head/sys/fs/nfs/nfs_commonsubs.cTue May 5 00:58:03 2020
(r360650)
@@ -229,8 +229,6 @@ static void nfsrv_removeuser(struct nfsusrgrp *usrp, i
static int nfsrv_getrefstr(struct nfsrv_descript *, u_char **, u_char **,
int *, int *);
static void nfsrv_refstrbigenough(int, u_char **, u_char **, int *);
-static int nfsm_copyfrommbuf(struct nfsrv_descript *, char *, enum uio_seg,
-int);
static struct {
int op;
@@ -703,49 +701,52 @@ nfsm_dissct(struct nfsrv_descript *nd, int siz, int ho
caddr_t retp;
retp = NULL;
- left = mtod(nd->nd_md, char *) + nd->nd_md->m_len -
- nd->nd_dpos;
+ left = mtod(nd->nd_md, caddr_t) + nd->nd_md->m_len - nd->nd_dpos;
while (left == 0) {
- if (!nfsm_shiftnext(nd, &left))
- return (NULL);
+ nd->nd_md = nd->nd_md->m_next;
+ if (nd->nd_md == NULL)
+ return (retp);
+ left = nd->nd_md->m_len;
+ nd->nd_dpos = mtod(nd->nd_md, caddr_t);
}
if (left >= siz) {
retp = nd->nd_dpos;
nd->nd_dpos += siz;
+ } else if (nd->nd_md->m_next == NULL) {
+ return (retp);
} else if (siz > ncl_mbuf_mhlen) {
panic("nfs S too big");
} else {
- /* Allocate a new mbuf for the "siz" bytes of data. */
MGET(mp2, MT_DATA, how);
if (mp2 == NULL)
return (NULL);
-
- /*
-* Link the new mp2 mbuf into the list then copy left
-* bytes from the mbuf before it and siz - left bytes
-* from the mbuf(s) after it.
-*/
mp2->m_next = nd->nd_md->m_next;
nd->nd_md->m_next = mp2;
nd->nd_md->m_len -= left;
- retp = p = mtod(mp2, char *);
- memcpy(p, nd->nd_dpos, left); /* Copy what was left */
+ nd->nd_md = mp2;
+ retp = p = mtod(mp2, caddr_t);
+ NFSBCOPY(nd->nd_dpos, p, left); /* Copy what was left */
siz2 = siz - left;
p += left;
- mp2->m_len = siz;
- nd->nd_md = mp2->m_next;
+ mp2 = mp2->m_next;
/* Loop around copying up the siz2 bytes */
while (siz2 > 0) {
- if (nd->nd_md == NULL)
+ if (mp2 == NULL)
return (NULL);
- nfsm_set(nd, 0, false);
- xfer = nfsm_copyfrommbuf(nd, p,
- UIO_SYSSPACE, siz2);
- p += xfer;
- siz2 -= xfer;
+ xfer = (siz2 > mp2->m_len) ? mp2->m_len : siz2;
+ if (xfer > 0) {
+ NFSBCOPY(mtod(mp2, caddr_t), p, xfer);
+ mp2->m_data += xfer;
+ mp2->m_len -= xfer;
+ p += xfer;
+ siz2 -= xfer;
+ }
if (siz2 > 0)
- nd->nd_md = nd->nd_md->m_next;
+ mp2 = mp2->m_next;
}
+ nd->nd_md->m_len = siz;
+ nd->nd_md = mp2;
+ nd->nd_dpos = mtod(mp2, caddr_t);
}
return (retp);
}
@@ -4824,76 +4825,5 @@ nfsv4_findmirror(struct nfsmount *nmp)
}
}
return (ds);
-}
-
-/*
- * Fill in the fields of "struct nfsrv_descript" for a new ext_pgs mbuf.
- * The build argument is true for build and false for dissect.
- */
-int
-nfsm_set(struct nfsrv_descript *nd, u_int offs, bool build)
-{
- struct mbuf *m;
- int rlen;
-
- if (build)
- m = nd->nd_mb;
- else
- m = nd->nd_md;
- if (build) {
- nd->nd_bpos = mtod(m, char *) + offs;
-
svn commit: r360514 - head/sys/fs/nfs
Author: rmacklem
Date: Fri May 1 00:36:14 2020
New Revision: 360514
URL: https://svnweb.freebsd.org/changeset/base/360514
Log:
Factor some code out of nfsm_dissct() into separate functions.
Factoring some of the code in nfsm_dissct() out into separate functions
allows these functions to be used elsewhere in the NFS mbuf handling code.
Other uses of these functions will be done in future commits.
It also makes it easier to add support for ext_pgs mbufs, which is needed
for nfs-over-tls under development in base/projects/nfs-over-tls.
Although the algorithm in nfsm_dissct() is somewhat re-written by this
patch, the semantics of nfsm_dissct() should not have changed.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfs_var.h
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cThu Apr 30 23:41:22 2020
(r360513)
+++ head/sys/fs/nfs/nfs_commonsubs.cFri May 1 00:36:14 2020
(r360514)
@@ -229,6 +229,8 @@ static void nfsrv_removeuser(struct nfsusrgrp *usrp, i
static int nfsrv_getrefstr(struct nfsrv_descript *, u_char **, u_char **,
int *, int *);
static void nfsrv_refstrbigenough(int, u_char **, u_char **, int *);
+static int nfsm_copyfrommbuf(struct nfsrv_descript *, char *, enum uio_seg,
+int);
static struct {
int op;
@@ -701,52 +703,49 @@ nfsm_dissct(struct nfsrv_descript *nd, int siz, int ho
caddr_t retp;
retp = NULL;
- left = mtod(nd->nd_md, caddr_t) + nd->nd_md->m_len - nd->nd_dpos;
+ left = mtod(nd->nd_md, char *) + nd->nd_md->m_len -
+ nd->nd_dpos;
while (left == 0) {
- nd->nd_md = nd->nd_md->m_next;
- if (nd->nd_md == NULL)
- return (retp);
- left = nd->nd_md->m_len;
- nd->nd_dpos = mtod(nd->nd_md, caddr_t);
+ if (!nfsm_shiftnext(nd, &left))
+ return (NULL);
}
if (left >= siz) {
retp = nd->nd_dpos;
nd->nd_dpos += siz;
- } else if (nd->nd_md->m_next == NULL) {
- return (retp);
} else if (siz > ncl_mbuf_mhlen) {
panic("nfs S too big");
} else {
+ /* Allocate a new mbuf for the "siz" bytes of data. */
MGET(mp2, MT_DATA, how);
if (mp2 == NULL)
return (NULL);
+
+ /*
+* Link the new mp2 mbuf into the list then copy left
+* bytes from the mbuf before it and siz - left bytes
+* from the mbuf(s) after it.
+*/
mp2->m_next = nd->nd_md->m_next;
nd->nd_md->m_next = mp2;
nd->nd_md->m_len -= left;
- nd->nd_md = mp2;
- retp = p = mtod(mp2, caddr_t);
- NFSBCOPY(nd->nd_dpos, p, left); /* Copy what was left */
+ retp = p = mtod(mp2, char *);
+ memcpy(p, nd->nd_dpos, left); /* Copy what was left */
siz2 = siz - left;
p += left;
- mp2 = mp2->m_next;
+ mp2->m_len = siz;
+ nd->nd_md = mp2->m_next;
/* Loop around copying up the siz2 bytes */
while (siz2 > 0) {
- if (mp2 == NULL)
+ if (nd->nd_md == NULL)
return (NULL);
- xfer = (siz2 > mp2->m_len) ? mp2->m_len : siz2;
- if (xfer > 0) {
- NFSBCOPY(mtod(mp2, caddr_t), p, xfer);
- mp2->m_data += xfer;
- mp2->m_len -= xfer;
- p += xfer;
- siz2 -= xfer;
- }
+ nfsm_set(nd, 0, false);
+ xfer = nfsm_copyfrommbuf(nd, p,
+ UIO_SYSSPACE, siz2);
+ p += xfer;
+ siz2 -= xfer;
if (siz2 > 0)
- mp2 = mp2->m_next;
+ nd->nd_md = nd->nd_md->m_next;
}
- nd->nd_md->m_len = siz;
- nd->nd_md = mp2;
- nd->nd_dpos = mtod(mp2, caddr_t);
}
return (retp);
}
@@ -4825,5 +4824,76 @@ nfsv4_findmirror(struct nfsmount *nmp)
}
}
return (ds);
+}
+
+/*
+ * Fill in the fields of "struct nfsrv_descript" for a new ext_pgs mbuf.
+ * The build argument is true for build and false for dissect.
+ */
+int
+nfsm_set(struct nfsrv_descript *nd, u_int offs, bool build)
+{
+ struct mbuf *m;
+ int rlen;
+
+ if (build)
+ m = nd->nd_mb;
+ else
+ m = nd->nd_md;
+ if (build) {
svn commit: r360424 - in head/sys/fs: nfs nfsclient
Author: rmacklem
Date: Tue Apr 28 02:11:02 2020
New Revision: 360424
URL: https://svnweb.freebsd.org/changeset/base/360424
Log:
Get rid of uio_XXX macros used for the Mac OS/X port.
The NFS code had a bunch of Mac OS/X accessor functions named uio_XXX
left over from the port to Mac OS/X. Since that port is long forgotten,
replace the calls with the code generated by the FreeBSD macros for these
in nfskpiport.h. This allows the macros to be deleted from nfskpiport.h
and I think makes the code more readable.
This patch should not result in any semantic change.
Modified:
head/sys/fs/nfs/nfskpiport.h
head/sys/fs/nfsclient/nfs_clrpcops.c
Modified: head/sys/fs/nfs/nfskpiport.h
==
--- head/sys/fs/nfs/nfskpiport.hTue Apr 28 02:08:55 2020
(r360423)
+++ head/sys/fs/nfs/nfskpiport.hTue Apr 28 02:11:02 2020
(r360424)
@@ -43,20 +43,4 @@ typedef struct vnode * vnode_t;
#definevnode_mount(v) ((v)->v_mount)
#definevnode_vtype(v) ((v)->v_type)
-/*
- * This stuff is needed by Darwin for handling the uio structure.
- */
-#defineuio_uio_resid(p)((p)->uio_resid)
-#defineuio_uio_resid_add(p, v) ((p)->uio_resid += (v))
-#defineuio_uio_resid_set(p, v) ((p)->uio_resid = (v))
-#defineuio_iov_base(p) ((p)->uio_iov->iov_base)
-#defineuio_iov_base_add(p, v) do {
\
- char *pp; \
- pp = (char *)(p)->uio_iov->iov_base;\
- pp += (v); \
- (p)->uio_iov->iov_base = (void *)pp;\
-} while (0)
-#defineuio_iov_len(p) ((p)->uio_iov->iov_len)
-#defineuio_iov_len_add(p, v) ((p)->uio_iov->iov_len += (v))
-
#endif /* _NFS_NFSKPIPORT_H */
Modified: head/sys/fs/nfsclient/nfs_clrpcops.c
==
--- head/sys/fs/nfsclient/nfs_clrpcops.cTue Apr 28 02:08:55 2020
(r360423)
+++ head/sys/fs/nfsclient/nfs_clrpcops.cTue Apr 28 02:11:02 2020
(r360424)
@@ -1617,7 +1617,7 @@ nfsrpc_readrpc(vnode_t vp, struct uio *uiop, struct uc
off_t tmp_off;
*attrflagp = 0;
- tsiz = uio_uio_resid(uiop);
+ tsiz = uiop->uio_resid;
tmp_off = uiop->uio_offset + tsiz;
NFSLOCKMNT(nmp);
if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
@@ -1793,7 +1793,7 @@ nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iom
KASSERT(uiop->uio_iovcnt == 1, ("nfs: writerpc iovcnt > 1"));
*attrflagp = 0;
- tsiz = uio_uio_resid(uiop);
+ tsiz = uiop->uio_resid;
tmp_off = uiop->uio_offset + tsiz;
NFSLOCKMNT(nmp);
if (tmp_off > nmp->nm_maxfilesize || tmp_off < uiop->uio_offset) {
@@ -1878,9 +1878,10 @@ nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iom
* back.
*/
uiop->uio_offset -= len;
- uio_uio_resid_add(uiop, len);
- uio_iov_base_add(uiop, -len);
- uio_iov_len_add(uiop, len);
+ uiop->uio_resid += len;
+ uiop->uio_iov->iov_base =
+ (char *)uiop->uio_iov->iov_base - len;
+ uiop->uio_iov->iov_len += len;
}
if (nd->nd_flag & (ND_NFSV3 | ND_NFSV4)) {
error = nfscl_wcc_data(nd, vp, nap, attrflagp,
@@ -1898,10 +1899,12 @@ nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iom
goto nfsmout;
} else if (rlen < len) {
backup = len - rlen;
- uio_iov_base_add(uiop, -(backup));
- uio_iov_len_add(uiop, backup);
+ uiop->uio_iov->iov_base =
+ (char *)uiop->uio_iov->iov_base -
+ backup;
+ uiop->uio_iov->iov_len += backup;
uiop->uio_offset -= backup;
- uio_uio_resid_add(uiop, backup);
+ uiop->uio_resid += backup;
len = rlen;
}
commit = fxdr_unsigned(int, *tl++);
@@ -2925,7 +2928,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
size_t tresid;
KASSERT(uiop->uio_iovcnt == 1 &&
- (uio_uio_resid(uiop) & (DIRBLKSIZ - 1)) == 0,
+
svn commit: r360416 - head/sys/kern
Author: rmacklem Date: Mon Apr 27 23:55:09 2020 New Revision: 360416 URL: https://svnweb.freebsd.org/changeset/base/360416 Log: Fix sosend_generic() so that it can handle a list of ext_pgs mbufs. Without this patch, sosend_generic() will try to use top->m_pkthdr.len, assuming that the first mbuf has a pkthdr. When a list of ext_pgs mbufs is passed in, the first mbuf is not a pkthdr and cannot be post-r359919. As such, the value of top->m_pkthdr.len is bogus (0 for my testing). This patch fixes sosend_generic() to handle this case, calculating the total length via m_length() for this case. There is currently nothing that hands a list of ext_pgs mbufs to sosend_generic(), but the nfs-over-tls kernel RPC code in projects/nfs-over-tls will do that and was used to test this patch. Reviewed by: gallatin Differential Revision:https://reviews.freebsd.org/D24568 Modified: head/sys/kern/uipc_socket.c Modified: head/sys/kern/uipc_socket.c == --- head/sys/kern/uipc_socket.c Mon Apr 27 23:49:13 2020(r360415) +++ head/sys/kern/uipc_socket.c Mon Apr 27 23:55:09 2020(r360416) @@ -1557,8 +1557,10 @@ sosend_generic(struct socket *so, struct sockaddr *add #endif if (uio != NULL) resid = uio->uio_resid; - else + else if ((top->m_flags & M_PKTHDR) != 0) resid = top->m_pkthdr.len; + else + resid = m_length(top, NULL); /* * In theory resid should be unsigned. However, space must be * signed, as it might be less than 0 if we over-committed, and we ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r360289 - in head/sys/fs: nfs nfsclient nfsserver
Author: rmacklem
Date: Sat Apr 25 02:18:59 2020
New Revision: 360289
URL: https://svnweb.freebsd.org/changeset/base/360289
Log:
Remove Mac OS/X macros that did nothing for FreeBSD.
The macros CAST_USER_ADDR_T() and CAST_DOWN() were used for the Mac OS/X
port. The first of these macros was a no-op for FreeBSD and the second
is no longer used.
This patch gets rid of them. It also deletes the "mbuf_t" typedef which
is no longer used in the FreeBSD code from nfskpiport.h
This patch should not change semantics.
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfs/nfskpiport.h
head/sys/fs/nfsclient/nfs_clcomsubs.c
head/sys/fs/nfsserver/nfs_nfsdport.c
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==
--- head/sys/fs/nfs/nfs_commonsubs.cSat Apr 25 00:57:48 2020
(r360288)
+++ head/sys/fs/nfs/nfs_commonsubs.cSat Apr 25 02:18:59 2020
(r360289)
@@ -652,7 +652,7 @@ nfsm_mbufuio(struct nfsrv_descript *nd, struct uio *ui
if (uiop->uio_segflg == UIO_SYSSPACE)
NFSBCOPY(mbufcp, uiocp, xfer);
else
- copyout(mbufcp, CAST_USER_ADDR_T(uiocp), xfer);
+ copyout(mbufcp, uiocp, xfer);
left -= xfer;
len -= xfer;
mbufcp += xfer;
@@ -3759,8 +3759,7 @@ nfssvc_idname(struct nfsd_idargs *nidp)
}
if (nidp->nid_flag & NFSID_INITIALIZE) {
cp = malloc(nidp->nid_namelen + 1, M_NFSSTRING, M_WAITOK);
- error = copyin(CAST_USER_ADDR_T(nidp->nid_name), cp,
- nidp->nid_namelen);
+ error = copyin(nidp->nid_name, cp, nidp->nid_namelen);
if (error != 0) {
free(cp, M_NFSSTRING);
goto out;
@@ -3856,13 +3855,13 @@ nfssvc_idname(struct nfsd_idargs *nidp)
*/
newusrp = malloc(sizeof(struct nfsusrgrp) + nidp->nid_namelen,
M_NFSUSERGROUP, M_WAITOK | M_ZERO);
- error = copyin(CAST_USER_ADDR_T(nidp->nid_name), newusrp->lug_name,
+ error = copyin(nidp->nid_name, newusrp->lug_name,
nidp->nid_namelen);
if (error == 0 && nidp->nid_ngroup > 0 &&
(nidp->nid_flag & NFSID_ADDUID) != 0) {
grps = malloc(sizeof(gid_t) * nidp->nid_ngroup, M_TEMP,
M_WAITOK);
- error = copyin(CAST_USER_ADDR_T(nidp->nid_grps), grps,
+ error = copyin(nidp->nid_grps, grps,
sizeof(gid_t) * nidp->nid_ngroup);
if (error == 0) {
/*
Modified: head/sys/fs/nfs/nfskpiport.h
==
--- head/sys/fs/nfs/nfskpiport.hSat Apr 25 00:57:48 2020
(r360288)
+++ head/sys/fs/nfs/nfskpiport.hSat Apr 25 02:18:59 2020
(r360289)
@@ -43,13 +43,9 @@ typedef struct vnode * vnode_t;
#definevnode_mount(v) ((v)->v_mount)
#definevnode_vtype(v) ((v)->v_type)
-typedef struct mbuf * mbuf_t;
-
/*
* This stuff is needed by Darwin for handling the uio structure.
*/
-#defineCAST_USER_ADDR_T(a) (a)
-#defineCAST_DOWN(c, a) ((c) (a))
#defineuio_uio_resid(p)((p)->uio_resid)
#defineuio_uio_resid_add(p, v) ((p)->uio_resid += (v))
#defineuio_uio_resid_set(p, v) ((p)->uio_resid = (v))
Modified: head/sys/fs/nfsclient/nfs_clcomsubs.c
==
--- head/sys/fs/nfsclient/nfs_clcomsubs.c Sat Apr 25 00:57:48 2020
(r360288)
+++ head/sys/fs/nfsclient/nfs_clcomsubs.c Sat Apr 25 02:18:59 2020
(r360289)
@@ -105,8 +105,7 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui
NFSBCOPY(uiocp, mtod(mp, caddr_t) + mp->m_len,
xfer);
else
- copyin(CAST_USER_ADDR_T(uiocp), mtod(mp, caddr_t)
- + mp->m_len, xfer);
+ copyin(uiocp, mtod(mp, caddr_t) + mp->m_len, xfer);
mp->m_len += xfer;
left -= xfer;
uiocp += xfer;
Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
==
--- head/sys/fs/nfsserver/nfs_nfsdport.cSat Apr 25 00:57:48 2020
(r360288)
+++ head/sys/fs/nfsserver/nfs_nfsdport.cSat Apr 25 02:18:59 2020
(r360289)
@@ -3712,8 +3712,7 @@ nfssvc_srvcall(struct thread *p, struct nfssvc_args *u
len = sizeof (struct nfsd_dumpclients) * dumplist.ndl_size;
dumpclients = malloc(len, M_TEMP, M_W
svn commit: r360205 - in head/sys/fs: nfs nfsclient
Author: rmacklem
Date: Wed Apr 22 21:00:14 2020
New Revision: 360205
URL: https://svnweb.freebsd.org/changeset/base/360205
Log:
Make the NFSv4.n client's recovery from NFSERR_BADSESSION RFC5661 conformant.
RFC5661 specifies that a client's recovery upon receipt of NFSERR_BADSESSION
should first consist of a CreateSession operation using the extant ClientID.
If that fails, then a full recovery beginning with the ExchangeID operation
is to be done.
Without this patch, the FreeBSD client did not attempt the CreateSession
operation with the extant ClientID and went directly to a full recovery
beginning with ExchangeID. I have had this patch several years, but since
no extant NFSv4.n server required the CreateSession with extant ClientID,
I have never committed it.
I an committing it now, since I suspect some future NFSv4.n server will
require this and it should not negatively impact recovery for extant NFSv4.n
servers, since they should all return NFSERR_STATECLIENTID for this first
CreateSession.
The patched client has been tested for recovery against both the FreeBSD
and Linux NFSv4.n servers and no problems have been observed.
MFC after:1 month
Modified:
head/sys/fs/nfs/nfs_var.h
head/sys/fs/nfsclient/nfs_clrpcops.c
head/sys/fs/nfsclient/nfs_clstate.c
Modified: head/sys/fs/nfs/nfs_var.h
==
--- head/sys/fs/nfs/nfs_var.h Wed Apr 22 20:50:24 2020(r360204)
+++ head/sys/fs/nfs/nfs_var.h Wed Apr 22 21:00:14 2020(r360205)
@@ -454,7 +454,7 @@ int nfsrpc_closerpc(struct nfsrv_descript *, struct nf
int nfsrpc_openconfirm(vnode_t, u_int8_t *, int, struct nfsclopen *,
struct ucred *, NFSPROC_T *);
int nfsrpc_setclient(struct nfsmount *, struct nfsclclient *, int,
-struct ucred *, NFSPROC_T *);
+bool *, struct ucred *, NFSPROC_T *);
int nfsrpc_getattr(vnode_t, struct ucred *, NFSPROC_T *,
struct nfsvattr *, void *);
int nfsrpc_getattrnovp(struct nfsmount *, u_int8_t *, int, int,
Modified: head/sys/fs/nfsclient/nfs_clrpcops.c
==
--- head/sys/fs/nfsclient/nfs_clrpcops.cWed Apr 22 20:50:24 2020
(r360204)
+++ head/sys/fs/nfsclient/nfs_clrpcops.cWed Apr 22 21:00:14 2020
(r360205)
@@ -932,7 +932,7 @@ nfsmout:
*/
APPLESTATIC int
nfsrpc_setclient(struct nfsmount *nmp, struct nfsclclient *clp, int reclaim,
-struct ucred *cred, NFSPROC_T *p)
+bool *retokp, struct ucred *cred, NFSPROC_T *p)
{
u_int32_t *tl;
struct nfsrv_descript nfsd;
@@ -944,26 +944,81 @@ nfsrpc_setclient(struct nfsmount *nmp, struct nfsclcli
nfsquad_t confirm;
u_int32_t lease;
static u_int32_t rev = 0;
- struct nfsclds *dsp;
+ struct nfsclds *dsp, *odsp;
struct in6_addr a6;
struct nfsclsession *tsep;
if (nfsboottime.tv_sec == 0)
NFSSETBOOTTIME(nfsboottime);
- clp->nfsc_rev = rev++;
if (NFSHASNFSV4N(nmp)) {
- /*
-* Either there was no previous session or the
-* previous session has failed, so...
-* do an ExchangeID followed by the CreateSession.
-*/
- error = nfsrpc_exchangeid(nmp, clp, &nmp->nm_sockreq, 0,
- NFSV4EXCH_USEPNFSMDS | NFSV4EXCH_USENONPNFS, &dsp, cred, p);
- NFSCL_DEBUG(1, "aft exch=%d\n", error);
- if (error == 0)
+ error = NFSERR_BADSESSION;
+ odsp = dsp = NULL;
+ if (retokp != NULL) {
+ NFSLOCKMNT(nmp);
+ odsp = TAILQ_FIRST(&nmp->nm_sess);
+ NFSUNLOCKMNT(nmp);
+ }
+ if (odsp != NULL) {
+ /*
+* When a session already exists, first try a
+* CreateSession with the extant ClientID.
+*/
+ dsp = malloc(sizeof(struct nfsclds) +
+ odsp->nfsclds_servownlen + 1, M_NFSCLDS,
+ M_WAITOK | M_ZERO);
+ dsp->nfsclds_expire = NFSD_MONOSEC + clp->nfsc_renew;
+ dsp->nfsclds_servownlen = odsp->nfsclds_servownlen;
+ dsp->nfsclds_sess.nfsess_clientid =
+ odsp->nfsclds_sess.nfsess_clientid;
+ dsp->nfsclds_sess.nfsess_sequenceid =
+ odsp->nfsclds_sess.nfsess_sequenceid;
+ dsp->nfsclds_flags = odsp->nfsclds_flags;
+ if (dsp->nfsclds_servownlen > 0)
+ memcpy(dsp->nfsclds_serverown,
+ odsp->nfsclds_serverown,
+ dsp->nfsclds_servownlen + 1);
+ mtx_
svn commit: r360081 - head/usr.sbin/nfscbd
Author: rmacklem
Date: Sat Apr 18 23:46:58 2020
New Revision: 360081
URL: https://svnweb.freebsd.org/changeset/base/360081
Log:
Change the type of "len" to avoid warnings.
The "len" variable is used as the last argument to getsockname(2) and
accept(2). It was declared an "int" and this patch changes it to "socklen_t".
Modified:
head/usr.sbin/nfscbd/nfscbd.c
Modified: head/usr.sbin/nfscbd/nfscbd.c
==
--- head/usr.sbin/nfscbd/nfscbd.c Sat Apr 18 20:55:43 2020
(r360080)
+++ head/usr.sbin/nfscbd/nfscbd.c Sat Apr 18 23:46:58 2020
(r360081)
@@ -101,13 +101,14 @@ main(int argc, char *argv[])
struct nfsd_nfscbd_args nfscbdargs2;
struct sockaddr_in inetaddr, inetpeer;
fd_set ready, sockbits;
- int ch, connect_type_cnt, len, maxsock, msgsock, error;
+ int ch, connect_type_cnt, maxsock, msgsock, error;
int nfssvc_flag, on, sock, tcpsock, ret, mustfreeai = 0;
char *cp, princname[128];
char myname[MAXHOSTNAMELEN], *myfqdnname = NULL;
struct addrinfo *aip, hints;
pid_t pid;
short myport = NFSV4_CBPORT;
+ socklen_t len;
if (modfind("nfscl") < 0) {
/* Not present in kernel, try loading it */
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
