Commit Graph

2565 Commits

Author SHA1 Message Date
Konstantin Belousov
5673e3cb08 The cache_enter(9) function shall not be called for doomed dvp.
Assert this.

In the reported panic, vdestroy() fired the assertion "vp has namecache
for ..", because pseudofs may end up doing cache_enter() with reclaimed
dvp, after dotdot lookup temporary unlocked dvp.
Similar problem exists in ufs_lookup() for "." lookup, when vnode
lock needs to be upgraded.

Verify that dvp is not reclaimed before calling cache_enter().

Reported and tested by:	pho
Reviewed by:	kan
MFC after:	2 weeks
2010-04-20 10:19:27 +00:00
Rick Macklem
a318bc273d For the experimental NFS client doing an NFSv4 mount,
set the NFSCLFLAGS_RECVRINPROG while doing recovery from an expired
lease in a manner similar to r206818 for server reboot recovery.
This will prevent the function that acquires stateids for I/O
operations from acquiring out of date stateids during recovery.
Also, fix up mutex locking on the nfsc_flags field.

MFC after:	1 week
2010-04-20 01:02:39 +00:00
Rick Macklem
7ea710b3b1 Avoid extraneous recovery cycles in the experimental NFS client
when an NFSv4 server reboots, by doing two things.
1 - Make the function that acquires a stateid for I/O operations
    block until recovery is complete, so that it doesn't acquire
    out of date stateids.
2 - Only allow a recovery once every 1/2 of a lease duration, since
    the NFSv4 server must provide a recovery grace period of at
    least a lease duration. This should avoid recoveries caused
    by an out of date stateid that was acquired for an I/O op.
    just before a recovery cycle started.

MFC after:	1 week
2010-04-18 22:21:23 +00:00
Jaakko Heinonen
17f820725e Revert r206560. The change doesn't work correctly in all cases with
multiple devfs mounts.
2010-04-16 07:02:28 +00:00
Rick Macklem
0ac68bd339 Add mutex lock calls to 2 cases in the experimental NFS client's
renew thread where they were missing.

MFC after:	1 week
2010-04-15 23:56:05 +00:00
Rick Macklem
55909abf07 The experimental NFS client was not filling in recovery credentials
for opens done locally in the client when a delegation for the file
was held. This could cause the client to crash in crsetgroups() when
recovering from a server crash/reboot. This patch fills in the
recovery credentials for this case, in order to avoid the client crash.
Also, add KASSERT()s to the credential copy functions, to catch any
other cases where the credentials aren't filled in correctly.

MFC after:	1 week
2010-04-15 22:57:30 +00:00
Jaakko Heinonen
70781bf94e - Ignore and report duplicate and empty device names in devfs_populate_loop()
instead of causing erratic behavior. Currently make_dev(9) can't fail, so
  there is no way to report an error to make_dev(9) callers.
- Disallow using "." and ".." in device path names. It didn't work previously
  but now it is reported rather than panicing.
- Treat multiple sequential slashes as single in device path names.

Discussed with:	pjd
2010-04-13 18:53:39 +00:00
Joel Dahl
d122d78412 Switch to our preferred 2-clause BSD license.
Approved by:	bp
2010-04-07 16:50:38 +00:00
Rick Macklem
2a45247c7a Harden the experimental NFS server a little, by adding range
checks on the length of the client's open/lock owner name. Also,
add free()'s for one case where they were missing and would
have caused a leak if NFSERR_BADXDR had been replied. Probably
never happens, but the leak is now plugged, just in case.

MFC after:	2 weeks
2010-04-06 01:14:49 +00:00
Robert Watson
f1853d0fc2 Synchronize Coda kernel module definitions in our coda.h to Coda 6's
coda.h:

- CodaFid typdef -> struct CodaFid throughout.
- Use unsigned int instead of unsigned long for venus_dirent and other
  cosmetic fixes.
- Introduce cuid_t and cgid_t and use instead of uid_t and gid_t in RPCs.
- Synchronize comments and macros.
- Use u_int32_t instead of unsigned long for coda_out_hdr.

With these changes, a 64-bit Coda kernel module now works with
coda6_client, whereas previous userspace and kernel versions of RPCs
differed sufficiently to prevent using the file system.  This has been
verified only with casual testing, but /coda is now usable for at least
basic operations on amd64.

MFC after:	1 week
2010-04-05 20:12:54 +00:00
Robert Watson
1c482201ef Correct definition of CIOC_KERNEL_VERSION Coda ioctl() for systems
where sizeof(int) != sizeof(sizeof(int)), or the ioctl will return
EINVAL.

MFC after:	3 days
2010-04-05 19:40:13 +00:00
Rick Macklem
54bde1faa5 Harden the experimental NFS server a little, by adding extra checks
in the readdir functions for non-positive byte count arguments.
For the negative case, set it to the maximum allowable, since it
was actually a large positive value (unsigned) on the wire.
Also, fix up the readdir function comment a bit.

Suggested by:	dillon AT apollo.backplane.com
MFC after:	2 weeks
2010-04-04 23:19:11 +00:00
Andriy Gapon
423b0fb7ad mountmsdosfs: reject too high value of bytes per cluster
Bytes per cluster are calcuated as bytes per sector times sectors per
cluster.  Too high value can overflow an internal variable with type
that can hold only values in valid range.  Trying to use a wider type
results in an attempt to read more than MAXBSIZE at once, a panic.
Unfortunately, it is FreeBSD newfs_msdos that  produces filesystems
with invalid parameters for certain types of media.

Reported by:	Fabian Keil <freebsd-listen@fabiankeil.de>,
		Paul B. Mahol <onemda@gmail.com>
Discussed with:	bde, kib
MFC after:	1 week
X-ToDo:		fix newfs_msdos
2010-04-02 15:22:23 +00:00
Konstantin Belousov
ea01588095 Add function vop_rename_fail(9) that performs needed cleanup for locks
and references of the VOP_RENAME(9) arguments. Use vop_rename_fail()
in deadfs_rename().

Tested by:	Mikolaj Golub
MFC after:	1 week
2010-04-02 14:03:01 +00:00
Rick Macklem
15b28cb82d For the experimental NFS server, add a call to free the lookup
path buffer for one case where it was missing when doing mkdir.
This could have conceivably resulted in a leak of a buffer, but
a leak was never observed during testing, so I suspect it would
have occurred rarely, if ever, in practice.

MFC after:	2 weeks
2010-04-02 02:19:28 +00:00
Rick Macklem
f61786cb60 Add SAVENAME to the cn_flags for all cases in the experimental
NFS server for the CREATE cn_nameiop where SAVESTART isn't set.
I was not aware that this needed to be done by the caller until
recently.

Tested by:	lampa AT fit.vutbr.cz (link case)
Submitted by:	lampa AT fit.vutbr.cz (link case)
MFC after:	2 weeks
2010-04-02 01:53:48 +00:00
Rick Macklem
a43fcbe34d This patch should fix handling of byte range locks locally
on the server for the experimental nfs server. When enabled
by setting vfs.newnfs.locallocks_enable to non-zero, the
experimental nfs server will now acquire byte range locks
on the file on behalf of NFSv4 clients, such that lock
conflicts between the NFSv4 clients and processes running
locally on the server, will be recognized and handled correctly.

MFC after:	2 weeks
2010-03-30 23:11:50 +00:00
Rick Macklem
7482701cd4 Patch the experimental NFS server in a manner analagous to r205661
for the regular NFS server, to ensure that ESTALE is
returned to the client for all errors returned by VFS_FHTOVP().

MFC after:	2 weeks
2010-03-26 01:35:19 +00:00
Rick Macklem
3dfe81c650 Fix the experimental NFS subsystem so that it uses the correct
preprocessor macro name for not requiring strict data alignment.

Suggested by:	marius
MFC after:	2 weeks
2010-03-24 02:02:02 +00:00
Jung-uk Kim
d04be5775f Fix a long standing regression of readdir(3) in fdescfs(5) introduced
in r1.48.  We were stopping at the first null pointer when multiple file
descriptors were opened and one in the middle was closed.  This restores
traditional behaviour of fdescfs.

MFC after:	3 days
2010-03-16 19:59:14 +00:00
Nathan Whitehorn
841c0c7ec7 Provide groundwork for 32-bit binary compatibility on non-x86 platforms,
for upcoming 64-bit PowerPC and MIPS support. This renames the COMPAT_IA32
option to COMPAT_FREEBSD32, removes some IA32-specific code from MI parts
of the kernel and enhances the freebsd32 compatibility code to support
big-endian platforms.

Reviewed by:	kib, jhb
2010-03-11 14:49:06 +00:00
Robert Watson
2684bef615 Update nfsrv_getsocksndseq() for changes in TCP internals since FreeBSD 6.x:
- so_pcb is now guaranteed to be non-NULL and valid if a valid socket
  reference is held.

- Need to check INP_TIMEWAIT and INP_DROPPED before assuming inp_ppcb is a
  tcpcb, as it might be a tcptw or NULL otherwise.

- tp can never be NULL by the end of the function, so only check
  TCPS_ESTABLISHED before extracting tcpcb fields.

The NFS server arguably incorporates too many assumptions about TCP
internals, but fixing that is left for nother day.

MFC after:		1 week
Reviewed by:		bz
Reviewed and tested by:	rmacklem
Sponsored by:		Juniper Networks
2010-03-11 11:33:04 +00:00
Konstantin Belousov
84caee6bbb When returning error from msdosfs_lookup(), make sure that *vpp is NULL.
lookup() KASSERTs this condition.

Reported and tested by:	pho
MFC after:	3 weeks
2010-03-03 21:59:45 +00:00
Konstantin Belousov
6c0358cc98 Do not leak vnode lock when msdosfs mount is updated and specified
device is different from the device used to the original mount.

Note that update_mp does not need devvp locked, and pmp->pm_devvp cannot
be freed meantime.

Reported and tested by:	pho
MFC after:	3 weeks
2010-03-02 17:24:33 +00:00
Konstantin Belousov
a84ec05f56 Only destroy pm_fatlock on error if it was initialized.
MFC after:	3 weeks
2010-03-02 11:02:59 +00:00
Konstantin Belousov
f0147e0a46 Mark msdosfs as mpsafe.
Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:19:22 +00:00
Konstantin Belousov
db811dd724 Fix the race between dotdot lookup and forced unmount, by using
msdosfs-specific variant of vn_vget_ino(), msdosfs_deget_dotdot().

As was done for UFS, relookup the dotdot denode after the call to
msdosfs_deget_dotdot(), because vnode lock is dropped and directory
might be moved.

Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:17:29 +00:00
Konstantin Belousov
30e65ad1bb Use pm_fatlock to protect per-filesystem rb tree used to allocate fileno
on the large FAT volumes. Previously, a single global mutex was used.

Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:16:43 +00:00
Konstantin Belousov
eb739c7cd5 Add assertions for FAT bitmap state.
Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:15:45 +00:00
Konstantin Belousov
6be1a4cc5f Use pm_fatlock to protect fat bitmap.
Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:13:59 +00:00
Konstantin Belousov
23b6c23084 Add per-mountpoint lockmgr lock for msdosfs. It is intended to be used
as fat bitmap lock and to replace global mutex protecting fileno rbtree.

Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:13:07 +00:00
Konstantin Belousov
0bdbd6270f In msdosfs deget(), properly handle the case when the vnode is found in hash.
Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:11:31 +00:00
Konstantin Belousov
740a720142 In msdosfs_inactive(), reclaim the vnodes both for SLOT_DELETED and
SLOT_EMPTY deName[0] values. Besides conforming to FAT specification, it
also clears the issue where vfs_hash_insert found the vnode in hash, and
newly allocated vnode is vput()ed. There, deName[0] == 0, and vnode is
not reclaimed, indefinitely kept on mountlist.

Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:10:41 +00:00
Konstantin Belousov
2e45cc5bf6 Remove seemingly unneeded unlock/relock of the dvp in msdosfs_rmdir,
causing LOR.

Reported and tested by:	pho
MFC after:	3 weeks
2010-02-28 17:09:09 +00:00
Konstantin Belousov
ef6a2be307 Assert that the msdosfs vnode is (e)locked in several places.
The plan is to use vnode lock to protect denode and fat cache,
and having separate lock for block use map.

Change the check and return on impossible condition into KASSERT().

Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:07:49 +00:00
Konstantin Belousov
35fcc0662b Remove unused global statistic about fat cache usage.
Tested by:	pho
MFC after:	3 weeks
2010-02-28 17:06:42 +00:00
Ulrich Spörlein
8fa03d08ca Fix common misspelling of hierarchy
Pointed out by:		bf1783 at gmail
Approved by:		np (cxgb), kientzle (tar, etc.), philip (mentor)
2010-02-20 10:19:19 +00:00
Konstantin Belousov
3c8b687fe1 Invalid filesystem might cause the bp to be never read.
Noted by:	Pedro F. Giffuni <giffunip tutopia com>
Obtanined from:	NetBSD
MFC after:	1 week
2010-02-14 12:10:49 +00:00
Rick Macklem
9c360f222d Change the default value for vfs.newnfs.enable_locallocks to 0 for
the experimental NFS server, since local locking is known to be
broken and the patch to fix it is still a work in progress.

MFC after:	5 days
2010-02-14 00:18:32 +00:00
Rick Macklem
d5ad662523 This fixes the experimental NFS server so that it won't crash in the
caching code for IPv6 by fixing a typo that used the incorrect variable.
It also fixes the indentation of the statement above it.

Reported by:	simon AT comsys.ntu-kpi.kiev.ua
MFC after:	5 days
2010-02-13 23:56:19 +00:00
Konstantin Belousov
699d124f23 Fix function name in the comment in the second location too.
Submitted by:	ed
MFC after:	1 week
2010-02-13 12:50:09 +00:00
Konstantin Belousov
48d1bcf8e0 - Add idempotency guards so the structures can be used in other utilities.
- Update bpb structs with reserved fields.
- In direntry struct join deName with deExtension. Although a
  fix was attempted in the past, these fields were being overflowed,
  Now this is consistent with the spec, and we can now share the
  WinChksum code with NetBSD.

Submitted by:	Pedro F. Giffuni <giffunip tutopia com>
Mostly obtained from:	NetBSD
Reviewed by:	bde
MFC after:	2 weeks
2010-02-13 12:41:07 +00:00
Konstantin Belousov
8b36e81367 Use M_ZERO instead of calling bzero().
Fix function name in the comment.

MFC after:	1 week
2010-02-13 12:11:03 +00:00
Konstantin Belousov
4f160a1c59 Remove unused macros.
MFC after:	1 week
2010-02-13 11:34:25 +00:00
Rick Macklem
dd5b5a9431 Patch the experimental NFS client so that there is a timeout
for negative name cache entries in a manner analogous to
r202767 for the regular NFS client. Also, make the code in
nfs_lookup() compatible with that of the regular client
and replace the sysctl variable that enabled negative name
caching with the mount point option.

MFC after:	2 weeks
2010-01-31 19:12:24 +00:00
Ed Schouten
bf2296be8b Properly use dev_refl()/dev_rel() in kern.devname.
While there, perform some clean-up fixes. Update some stale comments on
struct cdev * instead of dev_t and devfs_random(). Also add some missing
whitespace.

MFC after:	1 week
2010-01-31 15:19:16 +00:00
Jaakko Heinonen
dec3772ee4 Add "maxfilesize" mount option for tmpfs to allow specifying the
maximum file size limit. Default is UINT64_MAX when the option is
not specified. It was useless to set the limit to the total amount of
memory and swap in the system.

Use tmpfs_mem_info() rather than get_swpgtotal() in tmpfs_mount() to
check if there is enough memory available.

Remove now unused get_swpgtotal().

Reviewed by:	Gleb Kurtsou
Approved by:	trasz (mentor)
2010-01-29 12:09:14 +00:00
Rick Macklem
80169e41d6 Patch the experimental NFS client in a manner analogous to
r203072 for the regular NFS client. Also, delete two fields
of struct nfsmount that are not used by the FreeBSD port of
the client.

MFC after:	2 weeks
2010-01-28 16:17:24 +00:00
Edward Tomasz Napierala
678a6d7a4a Don't touch v_interlock; use VI_* macros instead. 2010-01-27 19:30:44 +00:00
Marius Strobl
9251d56f5f On LP64 struct ifid is 64-bit aligned while struct fid is 32-bit aligned
so on architectures with strict alignment requirements we can't just simply
cast the latter to the former but need to copy it bytewise instead.

PR:		143010
MFC after:	3 days
2010-01-23 22:38:01 +00:00
Jaakko Heinonen
e48fbf26e8 Truncate read request rather than returning EIO if the request is
larger than MAXPHYS + 1. This fixes a problem with cat(1) when it
uses a large I/O buffer.

Reported by:	Fernando Apesteguía
Suggested by:	jilles
Reviewed by:	des
Approved by:	trasz (mentor)
2010-01-22 08:45:12 +00:00
Jaakko Heinonen
189ee6be40 - Change the type of nodes_max to u_int and use "%u" format string to
convert its value. [1]
- Set default tm_nodes_max to min(pages + 3, UINT32_MAX). It's more
  reasonable than the old four nodes per page (with page size 4096) because
  non-empty regular files always use at least one page. This fixes possible
  overflow in the calculation. [2]
- Don't allow more than tm_nodes_max nodes allocated in tmpfs_alloc_node().

PR:		kern/138367
Suggested by:	bde [1], Gleb Kurtsou [2]
Approved by:	trasz (mentor)
2010-01-20 16:56:20 +00:00
Ulf Lilleengen
2ab38c399e Revert parts of r202283:
- Return EOPNOTSUPP before EROFS to be consistent with other filesystems.
- Fix setting of the nodump flag for users without PRIV_VFS_SYSFLAGS privilege.

Submitted by:	jh@
2010-01-18 19:09:16 +00:00
Ulf Lilleengen
e09c00cada Bring in the ext2fs work done by Aditya Sarawgi during and after Google Summer
of Code 2009:

- BSDL block and inode allocation policies for ext2fs. This involves the use
  FFS1 style block and inode allocation for ext2fs. Preallocation was removed
  since it was GPL'd.
- Make ext2fs MPSAFE by introducing locks to per-mount datastructures.
- Fixes for kern/122047 PR.
- Various small bugfixes.
- Move out of gnu/ directory.

Sponsored by:   Google Inc.
Submitted by:	Aditya Sarawgi <sarawgi.aditya AT SPAMFREE gmail DOT com>
2010-01-14 14:30:54 +00:00
Jaakko Heinonen
5364a38dba - Fix some style bugs in tmpfs_mount(). [1]
- Remove a stale comment about tmpfs_mem_info() 'total' argument.

Reported by:	bde [1]
2010-01-13 14:17:21 +00:00
Brooks Davis
646063122d Update the comment on printing group membership to reflect that fact
that each groupt the process is a member of is printed rather than an
entry for each group the user could be a member of.

MFC after:	3 days
2010-01-09 23:23:52 +00:00
Edward Tomasz Napierala
f92a68eec3 Remove unused smbfs_smb_qpathinfo(). 2010-01-08 15:53:07 +00:00
Jaakko Heinonen
720c50b339 - Change the type of size_max to u_quad_t because its value is converted
with vfs_scanopt(9) using the "%qu" format string.
- Limit the maximum value of size_max to (SIZE_MAX - PAGE_SIZE) to
  prevent overflow in howmany() macro.

PR:		kern/141194
Approved by:	trasz (mentor)
MFC after:	2 weeks
2010-01-08 07:57:43 +00:00
Rick Macklem
3968293472 The test for "same client" for the experimental nfs server over NFSv4
was broken w.r.t. byte range lock conflicts when it was the same client
and the request used the open_to_lock_owner4 case, since lckstp->ls_clp
was not set. This patch fixes it by using "clp" instead of "lckstp->ls_clp".

MFC after:	2 weeks
2010-01-03 20:08:10 +00:00
Rick Macklem
b04b4acda0 Fix three related problems in the experimental nfs client when
checking for conflicts w.r.t. byte range locks for NFSv4.
1 - Return 0 instead of EACCES when a conflict is found, for F_GETLK.
2 - Check for "same file" when checking for a conflict.
3 - Don't check for a conflict for the F_UNLCK case.
2010-01-03 18:27:10 +00:00
Rick Macklem
5d60668c70 Fix the experimental NFS client so that it can create Unix
domain sockets on an NFSv4 mount point. It was generating
incorrect XDR in the request for this case.

Tested by:	infofarmer
MFC after:	2 weeks
2009-12-31 18:02:48 +00:00
Rick Macklem
4a8e21764d When porting the experimental nfs subsystem to the FreeBSD8 krpc,
I added 3 functions that were already in the experimental client
under different names. This patch deletes the functions in the
experimental client and renames the calls to use the other set.
(This is just removal of duplicated code and does not fix any bug.)

MFC after:	2 weeks
2009-12-26 19:15:15 +00:00
Rick Macklem
8da45f2c6e Modify the experimental server so that it uses VOP_ACCESSX().
This is necessary in order to enable NFSv4 ACL support. The
argument to nfsvno_accchk() was changed to an accmode_t and
the function nfsrv_aclaccess() was no longer needed and,
therefore, deleted.

Reviewed by:	trasz
MFC after:	2 weeks
2009-12-25 20:44:19 +00:00
Ed Schouten
8dc9b4cf04 Let access overriding to TTYs depend on the cdev_priv, not the vnode.
Basically this commit changes two things, which improves access to TTYs
in exceptional conditions. Basically the problem was that when you ran
jexec(8) to attach to a jail, you couldn't use /dev/tty (well, also the
node of the actual TTY, e.g. /dev/pts/X). This is very inconvenient if
you want to attach to screens quickly, use ssh(1), etc.

The fixes:

- Cache the cdev_priv of the controlling TTY in struct session. Change
  devfs_access() to compare against the cdev_priv instead of the vnode.
  This allows you to bypass UNIX permissions, even across different
  mounts of devfs.

- Extend devfs_prison_check() to unconditionally expose the device node
  of the controlling TTY, even if normal prison nesting rules normally
  don't allow this. This actually allows you to interact with this
  device node.

To be honest, I'm not really happy with this solution. We now have to
store three pointers to a controlling TTY (s_ttyp, s_ttyvp, s_ttydp).
In an ideal world, we should just get rid of the latter two and only use
s_ttyp, but this makes certian pieces of code very impractical (e.g.
devfs, kern_exit.c).

Reported by:	Many people
2009-12-19 18:42:12 +00:00
Xin LI
d9cf8753e3 Allow using IPv6 in nfsrvd_sentcache() callback.
PR:		kern/141289
Submitted by:	Petr Lampa <lampa fit vutbr cz>
Approved by:	rmacklem
MFC after:	1 week
2009-12-08 23:43:50 +00:00
Guido van Rooij
c53a28102a Fix ntfs such that it understand media with a non-512-bytes sector size:
1. Fixups are always done on 512 byte chunks (in stead of sectors). This
is kind of stupid.
2. Conevrt between NTFS blocknumbers (the blocksize equals the media
sector size) and the bread() and getblk() blocknr (which are 512-byte
sized)

NB: this change should not affect ntfs for 512-byte sector sizes.
2009-12-07 15:15:08 +00:00
Edward Tomasz Napierala
74991298d9 Remove unneeded ifdefs.
Reviewed by:	rmacklem
2009-12-03 18:03:42 +00:00
Edward Tomasz Napierala
92bd961f62 Don't use ap->a_td->td_ucred when we were passed ap->a_cred. 2009-12-02 18:09:22 +00:00
Rick Macklem
38e3ea69d4 Modify the experimental nfs server so that it falls back to
using VOP_LOOKUP() when VFS_VGET() returns EOPNOTSUPP in the
ReaddirPlus RPC. This patch is based upon one by pjd@ for the
regular nfs server which has not yet been committed. It is needed
when a ZFS volume is exported and ReaddirPlus (which almost
always happens for NFSv4) is performed by a client. The patch
also simplifies vnode lock handling somewhat.

MFC after:	2 weeks
2009-11-23 16:08:15 +00:00
Rick Macklem
086f6e0cc7 Patch the experimental NFS server is a manner analagous to
r197525, so that the creation verifier is handled correctly
in va_atime for 64bit architectures. There were two problems.
One was that the code incorrectly assumed that
sizeof (struct timespec) == 8 and the other was that the tv_sec
field needs to be assigned from a signed 32bit integer, so that
sign extension occurs on 64bit architectures. This is required
for correct operation when exporting ZFS volumes.

Reviewed by:	pjd
MFC after:	2 weeks
2009-11-20 21:21:13 +00:00
Jaakko Heinonen
1bb015c07c Create verifier used by FreeBSD NFS client is suboptimal because the
first part of a verifier is set to the first IP address from
V_in_ifaddrhead list. This address is typically the loopback address
making the first part of the verifier practically non-unique. The second
part of the verifier is initialized to zero making its initial value
non-unique too.

This commit changes the strategy for create verifier initialization:
just initialize it to a random value. Also move verifier handling into
its own function and use a mutex to protect the variable.

This change is a candidate for porting to sys/nfsclient.

Reviewed by:	jhb, rmacklem
Approved by:	trasz (mentor)
2009-11-11 15:43:07 +00:00
Attilio Rao
9c76640868 - Improve comments about locking of the "struct fifoinfo" which is a bit
unclear.
- Fix a memory leak [0]

[0] Diagnosed by:	Dorr H. Clark <dclark at engr dot scu dot edu>
MFC:	1 week
2009-11-06 22:29:46 +00:00
Alan Cox
4afcae9ba3 There is no need to "busy" a page when the object is locked for the duration
of the operation.
2009-10-26 18:02:05 +00:00
Ruslan Ermilov
90147b7506 Spell DIAGNOSTIC correctly. 2009-10-24 18:49:17 +00:00
Jaakko Heinonen
dd697cbf66 Unloading of the nfscl module is unsupported because newnfslock doesn't
support unloading. It's not trivial to implement newnfslock unloading so
for now just admit that unloading is unsupported and refuse to attempt
unload in all nfscl module event handlers.

Reviewed by:	rmacklem
Approved by:	trasz (mentor)
2009-10-20 15:06:18 +00:00
Jaakko Heinonen
349af4de7d Fix ordering of nfscl_modevent() and ncl_uninit(). nfscl_modevent() must
be called after ncl_uninit() when unloading the nfscl module because
ncl_uninit() uses ncl_iod_mutex which is destroyed in nfscl_modevent().

Reviewed by:	rmacklem
Approved by:	trasz (mentor)
2009-10-20 15:01:46 +00:00
Jaakko Heinonen
417612e0e4 Fix comment typos.
Reviewed by:	rmacklem
Approved by:	trasz (mentor)
2009-10-20 14:57:26 +00:00
Xin LI
82cf92d483 Add locking around access to parent node, and bail out when the parent
node is already freed rather than panicking the system.

PR:		kern/122038
Submitted by:	gk
Tested by:	pho
MFC after:	1 week
2009-10-11 07:03:56 +00:00
Xin LI
3fa0694aaa Add a special workaround to handle UIO_NOCOPY case. This fixes data
corruption observed when sendfile() is being used.

PR:		kern/127213
Submitted by:	gk
MFC after:	2 weeks
2009-10-07 23:17:15 +00:00
Xin LI
7441ac4618 Fix a bug that causes the fsx test case of mmap'ed page being out of sync
of read/write, inspired by ZFS's counterpart.

PR:		kern/139312
Submitted by:	gk@
MFC after:	1 week
2009-10-04 10:38:04 +00:00
Edward Tomasz Napierala
2c29cfa083 Provide default implementation for VOP_ACCESS(9), so that filesystems which
want to provide VOP_ACCESSX(9) don't have to implement both.  Note that
this commit makes implementation of either of these two mandatory.

Reviewed by:	kib
2009-10-01 17:22:03 +00:00
Edward Tomasz Napierala
5aea82db46 Fix typo in the comment. 2009-09-30 18:50:50 +00:00
Konstantin Belousov
17dfbc1c43 Add per-process osrel node to the procfs, to allow read and set p_osrel
value for the process.

Approved by:	des (procfs maintainer)
MFC after:	3 weeks
2009-09-23 12:08:08 +00:00
Robert Watson
e76d823b81 Use C99 initialization for struct filterops.
Obtained from:	Mac OS X
Sponsored by:	Apple Inc.
MFC after:	3 weeks
2009-09-12 20:03:45 +00:00
Rick Macklem
8f63187ec1 Add LK_NOWITNESS to the vn_lock() calls done on newly created nfs
vnodes, since these nodes are not linked into the mount queue and,
as such, the vn_lock() cannot cause a deadlock so LORs are harmless.

Suggested by:	kib
Approved by:	kib (mentor)
MFC after:	3 days
2009-09-09 20:37:49 +00:00
Poul-Henning Kamp
6778431478 Revert previous commit and add myself to the list of people who should
know better than to commit with a cat in the area.
2009-09-08 13:19:05 +00:00
Poul-Henning Kamp
b34421bf9c Add necessary include. 2009-09-08 13:16:55 +00:00
Konstantin Belousov
481208a815 If a race is detected, pfs_vncache_alloc() may reclaim a vnode that had
never been inserted into the pfs_vncache list. Since pfs_vncache_free()
does not anticipate this case, it decrements pfs_vncache_entries
unconditionally; if the vnode was not in the list, pfs_vncache_entries
will no longer reflect the actual number of list entries. This may cause
size of the cache to exceed the configured maximum. It may also trigger
a panic during module unload or system shutdown.

Do not decrement pfs_vncache_entries for the vnode that was not in the
list.

Submitted by:	tegge
Reviewed by:	des
MFC after:	1 week
2009-09-07 12:10:41 +00:00
Konstantin Belousov
6cc745d2d7 insmntque_stddtr() clears vp->v_data and resets vp->v_op to
dead_vnodeops before calling vgone(). Revert r189706 and corresponding
part of the r186560.

Noted and reviewed by:	tegge
Approved by:	des (pseudofs part)
MFC after:	3 days
2009-09-07 11:55:34 +00:00
Konstantin Belousov
34f83c86f6 Remove spurious pfs_unlock().
PR:	kern/137310
Reviewed by:	des
MFC after:	3 days
2009-08-31 09:26:04 +00:00
Jilles Tjoelker
74d1c4927a Fix poll() on half-closed sockets, while retaining POLLHUP for fifos.
This reverts part of r196460, so that sockets only return POLLHUP if both
directions are closed/error. Fifos get POLLHUP by closing the unused
direction immediately after creating the sockets.

The tools/regression/poll/*poll.c tests now pass except for two other things:
- if POLLHUP is returned, POLLIN is always returned as well instead of only
  when there is data left in the buffer to be read
- fifo old/new reader distinction does not work the way POSIX specs it

Reviewed by:	kib, bde
2009-08-25 21:44:14 +00:00
Marko Zec
0348c661d1 Fix NFS panics with options VIMAGE kernels by apropriately setting curvnet
context inside the RPC code.

Temporarily set td's cred to mount's cred before calling socreate() via
__rpc_nconf2socket().

Submitted by:	rmacklem (in part)
Reviewed by:	rmacklem, rwatson
Discussed with:	dfr, bz
Approved by:	re (rwatson), julian (mentor)
MFC after:	3 days
2009-08-24 10:09:30 +00:00
Rick Macklem
60f04e38ca Apply the same patch as r196205 for nfs_upgrade_lock() and
nfs_downgrade_lock() to the experimental nfs client.

Approved by:	re (kensmith), kib (mentor)
2009-08-17 16:12:28 +00:00
Robert Watson
530c006014 Merge the remainder of kern_vimage.c and vimage.h into vnet.c and
vnet.h, we now use jails (rather than vimages) as the abstraction
for virtualization management, and what remained was specific to
virtual network stacks.  Minor cleanups are done in the process,
and comments updated to reflect these changes.

Reviewed by:	bz
Approved by:	re (vimage blanket)
2009-08-01 19:26:27 +00:00
John Baldwin
87eca70e0c Fix some LORs between vnode locks and filedescriptor table locks.
- Don't grab the filedesc lock just to read fd_cmask.
- Drop vnode locks earlier when mounting the root filesystem and before
  sanitizing stdin/out/err file descriptors during execve().

Submitted by:	kib
Approved by:	re (rwatson)
MFC after:	1 week
2009-07-31 13:40:06 +00:00
Rick Macklem
6a795918c1 Fix the experimental nfs client so that it only calls ncl_vinvalbuf()
for NFSv2 and not NFSv4 when nfscl_mustflush() returns 0. Since
nfscl_mustflush() only returns 0 when there is a valid write delegation
issued to the client, it only affects the case of an NFSv4 mount with
callbacks/delegations enabled.

Approved by:	 re (kensmith), kib (mentor)
2009-07-29 14:50:31 +00:00
John Baldwin
013818111a Add a new type of VM object: OBJT_SG. An OBJT_SG object is very similar to
a device pager (OBJT_DEVICE) object in that it uses fictitious pages to
provide aliases to other memory addresses.  The primary difference is that
it uses an sglist(9) to determine the physical addresses for a given offset
into the object instead of invoking the d_mmap() method in a device driver.

Reviewed by:	alc
Approved by:	re (kensmith)
MFC after:	2 weeks
2009-07-24 13:50:29 +00:00
Rick Macklem
93a15e2054 When vfs.newnfs.callback_addr is set to an IPv4 address, the
experimental NFSv4 client might try and use it as an IPv6 address,
breaking callbacks. The fix simply initializes the isinet6 variable
for this case.

Approved by:	re (kensmith), kib (mentor)
2009-07-22 18:10:44 +00:00
Rick Macklem
c79e697621 Add changes to the experimental nfs client to use the PBDRY flag for
msleep(9) when a vnode lock or similar may be held. The changes are
just a clone of the changes applied to the regular nfs client by
r195703.

Approved by:	re (kensmith), kib (mentor)
2009-07-22 14:37:53 +00:00
Rick Macklem
7f1968ba10 When using an NFSv4 mount in the experimental nfs client with delegations
being issued from the server, there was a case where an Open issued locally
based on the delegation would be released before the associated vnode
became inactive. If the delegation was recalled after the open was released,
an Open against the server would not have been acquired and subsequent I/O
operations would need to use the special stateid of all zeros. This patch
fixes that case.

Approved by:	re (kensmith), kib (mentor)
2009-07-22 14:32:28 +00:00
Rick Macklem
80e556956e Fix two bugs in the experimental nfs client:
- When the root vnode was acquired during mounting, mnt_stat.f_iosize was
  still set to 0, so getnewvnode() would set bo_bsize == 0. This would
  confuse getblk(), so that it always returned the first block causing
  the problem when the root directory of the mount point was greater
  than one block in size. It was fixed by setting mnt_stat.f_iosize to
  NFS_DIRBLKSIZ before calling ncl_nget() to acquire the root vnode.
- NFSMNT_INT was being set temporarily while the initial connect to a
  server was being done. This erroneously configured the krpc for
  interruptible RPCs, which caused problems because signals weren't
  being masked off as they would have been for interruptible mounts.
  This code was deleted to fix the problem. Since mount_nfs does an
  NFS null RPC before the mount system call, connections to the server
  should work ok.

Tested by:	swell dot k at gmail dot com
Approved by:	re (kensmith), kib (mentor)
2009-07-19 16:44:26 +00:00
Rick Macklem
405229f913 Fix the experimental nfs client so that it does not cause a
"share->excl" panic when doing a lookup of dotdot at the root
of a server's file system. The patch avoids calling vn_lock()
for that case, since nfscl_nget() has already acquired a lock
for the vnode.

Approved by:	re (kensmith), kib (mentor)
2009-07-14 23:10:23 +00:00
Robert Watson
eddfbb763d Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator.  Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...).  This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.

Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack.  Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory.  Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.

Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy.  Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address.  When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.

This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.

Bump __FreeBSD_version and update UPDATING.

Portions submitted by:  bz
Reviewed by:            bz, zec
Discussed with:         gnn, jamie, jeff, jhb, julian, sam
Suggested by:           peter
Approved by:            re (kensmith)
2009-07-14 22:48:30 +00:00
Rick Macklem
089f366ab0 Add calls to the experimental nfs client for the case of an "intr" mount,
so that signals that aren't supposed to terminate RPCs in progress are
masked off during the RPC.

Approved by:	re (kensmith), kib (mentor)
2009-07-12 17:07:35 +00:00
Rick Macklem
ad86aef9af Fix the handling of dotdot in lookup for the experimental nfs client
in a manner analagous to the change in r195294 for the regular nfs client.

Approved by:	re (kensmith), kib (mentor)
2009-07-12 17:02:17 +00:00
Rick Macklem
9ca27b565b Since the nfscl_getclose() function both decremented open counts and,
optionally, created a separate list of NFSv4 opens to be closed, it
was possible for the associated OpenOwner to be free'd before the Open
was closed. The problem was that the Open was taken off the OpenOwner
list before the Close RPC was done and OpenOwners can be free'd once the
list is empty. This patch separates out the case of doing the Close RPC
into a separate function called nfscl_doclose() and simplifies nfsrpc_doclose()
so that it closes a single open instead of a list of them. This avoids
removing the Open from the OpenOwner list before doing the Close RPC.

Approved by:	re (kensmith), kib (mentor)
2009-07-09 19:00:29 +00:00
Konstantin Belousov
7f5dff5064 Fix poll(2) and select(2) for named pipes to return "ready for read"
when all writers, observed by reader, exited. Use writer generation
counter for fifo, and store the snapshot of the fifo generation in the
f_seqcount field of struct file, that is otherwise unused for fifos.
Set FreeBSD-undocumented POLLINIGNEOF flag only when file f_seqcount is
equal to fifo' fi_wgen, and revert r89376.

Fix POLLINIGNEOF for sockets and pipes, and return POLLHUP for them.
Note that the patch does not fix not returning POLLHUP for fifos.

PR:	kern/94772
Submitted by:	bde (original version)
Reviewed by:	rwatson, jilles
Approved by:	re (kensmith)
MFC after:	6 weeks (might be)
2009-07-07 09:43:44 +00:00
Konstantin Belousov
f1eccd05ec In vn_vget_ino() and their inline equivalents, mnt_ref() the mount point
around the sequence that drop vnode lock and then busies the mount point.
Not having vlocked node or direct reference to the mp allows for the
forced unmount to proceed, making mp unmounted or reused.

Tested by:	pho
Reviewed by:	jeff
Approved by:	re (kensmith)
MFC after:	2 weeks
2009-07-02 18:02:55 +00:00
Konstantin Belousov
9f80ce043d Change the type of uio_resid member of struct uio from int to ssize_t.
Note that this does not actually enable full-range i/o requests for
64 architectures, and is done now to update KBI only.

Tested by:	pho
Reviewed by:	jhb, bde (as part of the review of the bigger patch)
2009-06-25 18:46:30 +00:00
Robert Watson
2d9cfabad4 Add a new global rwlock, in_ifaddr_lock, which will synchronize use of the
in_ifaddrhead and INADDR_HASH address lists.

Previously, these lists were used unsynchronized as they were effectively
never changed in steady state, but we've seen increasing reports of
writer-writer races on very busy VPN servers as core count has gone up
(and similar configurations where address lists change frequently and
concurrently).

For the time being, use rwlocks rather than rmlocks in order to take
advantage of their better lock debugging support.  As a result, we don't
enable ip_input()'s read-locking of INADDR_HASH until an rmlock conversion
is complete and a performance analysis has been done.  This means that one
class of reader-writer races still exists.

MFC after:      6 weeks
Reviewed by:    bz
2009-06-25 11:52:33 +00:00
Konstantin Belousov
3364c323e6 Implement global and per-uid accounting of the anonymous memory. Add
rlimit RLIMIT_SWAP that limits the amount of swap that may be reserved
for the uid.

The accounting information (charge) is associated with either map entry,
or vm object backing the entry, assuming the object is the first one
in the shadow chain and entry does not require COW. Charge is moved
from entry to object on allocation of the object, e.g. during the mmap,
assuming the object is allocated, or on the first page fault on the
entry. It moves back to the entry on forks due to COW setup.

The per-entry granularity of accounting makes the charge process fair
for processes that change uid during lifetime, and decrements charge
for proper uid when region is unmapped.

The interface of vm_pager_allocate(9) is extended by adding struct ucred *,
that is used to charge appropriate uid when allocation if performed by
kernel, e.g. md(4).

Several syscalls, among them is fork(2), may now return ENOMEM when
global or per-uid limits are enforced.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:45:22 +00:00
Konstantin Belousov
c808c9632d Add explicit struct ucred * argument for VOP_VPTOCNP, to be used by
vn_open_cred in default implementation. Valid struct ucred is needed for
audit and MAC, and curthread credentials may be wrong.

This further requires modifying the interface of vn_fullpath(9), but it
is out of scope of this change.

Reviewed by:	rwatson
2009-06-21 19:21:01 +00:00
Roman Divacky
23057f089b In non-debugging mode make this define (void)0 instead of nothing. This
helps to catch bugs like the below with clang.

	if (cond);		<--- note the trailing ;
	   something();

Approved by:	ed (mentor)
Discussed on:	current@
2009-06-21 08:36:30 +00:00
Rick Macklem
65cc6600c5 Replace RPCAUTH_UNIXGIDS with NFS_MAXGRPS so that nfscbd.c will build.
Approved by:	kib (mentor)
2009-06-20 17:11:07 +00:00
Ed Schouten
f8f6146082 Improve nested jail awareness of devfs by handling credentials.
Now that we start to use credentials on character devices more often
(because of MPSAFE TTY), move the prison-checks that are in place in the
TTY code into devfs.

Instead of strictly comparing the prisons, use the more common
prison_check() function to compare credentials. This means that
pseudo-terminals are only visible in devfs by processes within the same
jail and parent jails.

Even though regular users in parent jails can now interact with
pseudo-terminals from child jails, this seems to be the right approach.
These processes are also capable of interacting with the jailed
processes anyway, through signals for example.

Reviewed by:	kib, rwatson (older version)
2009-06-20 14:50:32 +00:00
Rick Macklem
2c1e6cce5b Change the size of the nfsc_groups[] array in the experimental nfs
client to RPCAUTH_UNIXGIDS + 1 (17), since that is what can go on
the wire for AUTH_SYS authentication.

Reviewed by:	brooks
Approved by:	kib (mentor)
2009-06-20 00:54:57 +00:00
Brooks Davis
838d985825 Rework the credential code to support larger values of NGROUPS and
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively.  (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)

The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer.  Do the equivalent in
kinfo_proc.

Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively.  Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary.  In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.

Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups.  When feasible, truncate
the group list rather than generating an error.

Minor changes:
  - Reduce the number of hand rolled versions of groupmember().
  - Do not assign to both cr_gid and cr_groups[0].
  - Modify ipfw to cache ucreds instead of part of their contents since
    they are immutable once referenced by more than one entity.

Submitted by:	Isilon Systems (initial implementation)
X-MFC after:	never
PR:		bin/113398 kern/133867
2009-06-19 17:10:35 +00:00
Alan Cox
57a7e73261 Fix some of the style errors in *getpages(). 2009-06-18 05:56:24 +00:00
Rick Macklem
76b30a0cd4 Add the SVC_RELEASE(xprt), as required by r194407.
Approved by:	kib (mentor)
2009-06-17 22:55:59 +00:00
Bjoern A. Zeeb
ebd8672cc3 Add explicit includes for jail.h to the files that need them and
remove the "hidden" one from vimage.h.
2009-06-17 15:01:01 +00:00
Rick Macklem
81e3c4fc8e Fix handling of ".." in nfs_lookup() for the forced dismount case
by cribbing the change made to the regular nfs client in r194358.

Approved by:	kib (mentor)
2009-06-17 14:10:18 +00:00
Bjoern A. Zeeb
7654a365db Add the explicit include of vimage.h to another five .c files still
missing it.

Remove the "hidden" kernel only include of vimage.h from ip_var.h added
with the very first Vimage commit r181803 to avoid further kernel poisoning.
2009-06-17 12:44:11 +00:00
Rick Macklem
47b7dc9933 Remove the "int *" typecast for the aresid argument to vn_rdwr()
and change the type of the argument from size_t to int. This
should avoid issues on 64bit architectures.

Suggested by:	kib
Approved by:	kib (mentor)
2009-06-16 13:52:21 +00:00
Alan Cox
47f11d9a46 Eliminate unnecessary variables. 2009-06-13 20:21:08 +00:00
Jamie Gritton
c1f192193d Rename the host-related prison fields to be the same as the host.*
parameters they represent, and the variables they replaced, instead of
abbreviated versions of them.

Approved by:	bz (mentor)
2009-06-13 15:39:12 +00:00
Jamie Gritton
01de879ac7 Use getcredhostuuid instead of accessing the prison directly.
Approved by:	bz (mentor)
2009-06-13 15:35:22 +00:00
John Baldwin
04f7f4636f Update the inline version of vn_get_ino() for ".." lookups to match the
recentish changes to vn_get_ino().

MFC after:	1 week
2009-06-12 21:19:57 +00:00
Rick Macklem
934a309971 This commit is analagous to r193952, but for the experimental nfs
subsystem. Add a test for VI_DOOMED just after ncl_upgrade_vnlock() in
ncl_bioread_check_cons(). This is required since it is possible
for the vnode to be vgonel()'d while in ncl_upgrade_vnlock() when
a forced dismount is in progress. Also, move the check for VI_DOOMED
in ncl_vinvalbuf() down to after ncl_upgrade_vnlock() and replace the
out of date comment for it.

Approved by:	kib (mentor)
2009-06-10 21:16:39 +00:00
Konstantin Belousov
93bc76dc3e For cd9660_ioctl, check for recycled vnode after locking it.
Noted by:	Jaakko Heinonen <jh saunalahti fi>
MFC after:	2 weeks
2009-06-10 15:48:34 +00:00
Konstantin Belousov
d6da640860 Fix r193923 by noting that type of a_fp is struct file *, not int.
It was assumed that r193923 was trivial change that cannot be done
wrong.

MFC after:	2 weeks
2009-06-10 14:24:31 +00:00
Konstantin Belousov
e4d9bdc105 s/a_fdidx/a_fp/ for VOP_OPEN comments that inline struct vop_open_args
definition.

Discussed with:	bde
MFC after:	2 weeks
2009-06-10 14:09:05 +00:00
Konstantin Belousov
c4702e66f4 Remove unused VOP_IOCTL and VOP_KQFILTER implementations for fifofs.
MFC after:	2 weeks
2009-06-10 14:02:22 +00:00
Konstantin Belousov
c4df27d5c8 VOP_IOCTL takes unlocked vnode as an argument. Due to this, v_data may
be NULL or derefenced memory may become free at arbitrary moment.

Lock the vnode in cd9660, devfs and pseudofs implementation of VOP_IOCTL
to prevent reclaim; check whether the vnode was already reclaimed after
the lock is granted.

Reported by:	georg at dts su
Reviewed by:	des (pseudofs)
MFC after:	2 weeks
2009-06-10 13:57:36 +00:00
Rick Macklem
410654ec1b Since vn_lock() with the LK_RETRY flag never returns an error
for FreeBSD-CURRENT, the code that checked for and returned the
error was broken. Change it to check for VI_DOOMED set after
vn_lock() and return an error for that case. I believe this
should only happen for forced dismounts.

Approved by:	kib (mentor)
2009-06-09 15:18:01 +00:00
Rick Macklem
2fa32154e4 Fix nfscl_getcl() so that it doesn't crash when it is called to
do an NFSv4 Close operation with the cred argument NULL. Also,
clarify what NULL arguments mean in the function's comment.

Approved by:	kib (mentor)
2009-06-08 18:41:23 +00:00
Robert Watson
dde155e95a Use #ifdef APPLE_MAC instead of #ifdef MAC to conditionalize Apple-specific
behavior for unicode support in UDF so as not to conflict with the MAC
Framework.

Note that Apple's XNU kernel also uses #ifdef MAC for the MAC Framework.

Suggested by:	pjd
MFC after:	3 days
2009-06-06 07:13:57 +00:00
Dag-Erling Smørgrav
c097b30885 Drop Giant.
MFC after:	1 week
2009-06-06 00:44:13 +00:00
Robert Watson
bcf11e8d00 Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC
and used in a large number of files, but also because an increasing number
of incorrect uses of MAC calls were sneaking in due to copy-and-paste of
MAC-aware code without the associated opt_mac.h include.

Discussed with:	pjd
2009-06-05 14:55:22 +00:00
Robert Watson
37ba986a5f Don't check MAC in the NFS server ACL set path, right now we aren't
enforcing MAC for NFS clients.
2009-06-05 14:15:00 +00:00
Robert Watson
927e0a56ce Re-add opt_mac.h include, which is required in order for MNT_MULTILABEL
to be set properly on devfs.  Otherwise, it isn't possible to set labels
on /dev nodes.

Reported by:	Sergio Rodriguez <sergiorr at yahoo.com>
MFC after:	3 days
2009-06-04 10:30:18 +00:00
Alan Cox
1f17689408 nfs_write() can use the recently introduced vfs_bio_set_valid() instead of
vfs_bio_set_validclean(), thereby avoiding the page queues lock.

Garbage collect vfs_bio_set_validclean().  Nothing uses it any longer.
2009-05-31 20:18:02 +00:00
Konstantin Belousov
b00098d164 Unlock the pseudofs vnode before calling fill method for pfs_readlink().
The fill code may need to lock another vnode, e.g. procfs file
implementation.

Reviewed by:	des
Tested by:	pho
MFC after:	2 weeks
2009-05-31 15:01:50 +00:00
Konstantin Belousov
b0f34bb643 Implement the bypass routine for VOP_VPTOCNP in nullfs.
Among other things, this makes procfs <pid>/file working for executables
started from nullfs mount.

Tested by:	pho
PR:	94269, 104938
2009-05-31 14:58:43 +00:00
Konstantin Belousov
b9131889d2 Do not drop vnode interlock in null_checkvp(). null_lock() verifies that
v_data is not-null before calling NULLVPTOLOWERVP(), and dropping the
interlock allows for reclaim to clean v_data and free the memory.

While there, remove unneeded semicolons and convert the infinite loops
to panics. I have a will to remove null_checkvp() altogether, or leave
it as a trivial stub, but not now.

Reported and tested by:	pho
2009-05-31 14:54:20 +00:00
Konstantin Belousov
cec9ed6d7f Lock the real null vnode lock before substitution of vp->v_vnlock.
This should not really matter for correctness, since vp->v_lock is
not locked before the call, and null_lock() holds the interlock,
but makes the control flow for reclaim more clear.

Tested by:	pho
2009-05-31 14:52:45 +00:00
Marko Zec
705fe7ce35 Unbreak options VIMAGE kernel builds.
Approved by:	julian (mentor)
2009-05-31 11:57:51 +00:00
Rick Macklem
d00a615a98 Add a check to v_type == VREG for the recently modified code that
does NFSv4 Closes in the experimental client's VOP_INACTIVE().
I also replaced a bunch of ap->a_vp with a local copy of vp,
because I thought that made it more readable.

Approved by:	kib (mentor)
2009-05-30 22:11:12 +00:00
Edward Tomasz Napierala
c97fcdba57 Add VOP_ACCESSX, which can be used to query for newly added V*
permissions, such as VWRITE_ACL.  For a filsystems that don't
implement it, there is a default implementation, which works
as a wrapper around VOP_ACCESS.

Reviewed by:	rwatson@
2009-05-30 13:59:05 +00:00
Jamie Gritton
76ca6f88da Place hostnames and similar information fully under the prison system.
The system hostname is now stored in prison0, and the global variable
"hostname" has been removed, as has the hostname_mtx mutex.  Jails may
have their own host information, or they may inherit it from the
parent/system.  The proper way to read the hostname is via
getcredhostname(), which will copy either the hostname associated with
the passed cred, or the system hostname if you pass NULL.  The system
hostname can still be accessed directly (and without locking) at
prison0.pr_host, but that should be avoided where possible.

The "similar information" referred to is domainname, hostid, and
hostuuid, which have also become prison parameters and had their
associated global variables removed.

Approved by:	bz (mentor)
2009-05-29 21:27:12 +00:00
Alan Cox
3933ec4d15 Make *getpages()s' assertion on the state of each page's dirty bits
stricter.
2009-05-28 18:11:09 +00:00
Dag-Erling Smørgrav
26088b9d4d Use a temporary variable to avoid a duplicate strlen().
Submitted by:	kib
MFC after:	1 week
2009-05-28 10:24:26 +00:00
Rick Macklem
fdd88deeba Fix handling of NFSv4 Close operations in ncl_inactive(). Only
do them for NFSv4 and flush writes to the server before doing
the Close(s), as required. Also, use the a_td argument instead of
curthread.

Approved by:	kib (mentor)
2009-05-27 19:41:29 +00:00
Alan Cox
e2d0be0172 Eliminate redundant setting of a page's valid bits and pointless clearing
of the same page's dirty bits.
2009-05-27 18:12:10 +00:00
Rick Macklem
ee1c1433e3 Add a function to the experimental nfs subsystem that tests to see
if a local file system supports NFSv4 ACLs. This allows the
NFSHASNFS4ACL() macro to be correctly implemented. The NFSv4 ACL
support should now work when the server exports a ZFS volume.

Approved by:	kib (mentor)
2009-05-27 15:16:56 +00:00
Jamie Gritton
0304c73163 Add hierarchical jails. A jail may further virtualize its environment
by creating a child jail, which is visible to that jail and to any
parent jails.  Child jails may be restricted more than their parents,
but never less.  Jail names reflect this hierarchy, being MIB-style
dot-separated strings.

Every thread now points to a jail, the default being prison0, which
contains information about the physical system.  Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().

Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings.  The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.

Approved by:	bz (mentor)
2009-05-27 14:11:23 +00:00
Rick Macklem
c3e22f831f Fix the experimental nfs subsystem so that it builds with the
current NFSv4 ACLs, as defined in sys/acl.h. It still needs a
way to test a mount point for NFSv4 ACL support before it will
work. Until then, the NFSHASNFS4ACL() macro just always returns 0.

Approved by:	kib (mentor)
2009-05-26 22:21:53 +00:00
Edward Tomasz Napierala
ff392a1d87 Adapt to the new ACL #define names.
Reviewed by:	rmacklem@
2009-05-26 17:01:00 +00:00
Rick Macklem
10a5a16efa Add two sysctl variables to the experimental nfs server, so
that the range of versions of NFS handled by the server can
be limited. The nfsd daemon must be restarted after these
sysctl variables are changed, in order for the change to take
effect.

Approved by:	kib (mentor)
2009-05-26 01:47:37 +00:00
Rick Macklem
9183a2a33e Fix the handling of NFSv4 Illegal Operation number to conform
to RFC3530 (the operation number in the reply must be set to
the value for OP_ILLEGAL). Also cleaned up some indentation.

Approved by:	kib (mentor)
2009-05-26 01:16:09 +00:00
Rick Macklem
415670e4c2 Fix the experimental nfs server's interface to the new krpc so
that it handles the case of a non-exported NFSv4 root correctly.
Also, delete handling for the case where nd_repstat is already
set in nfs_proc(), since that no longer happens.

Approved by:	kib (mentor)
2009-05-26 01:09:33 +00:00
Rick Macklem
b1cfc0d961 Add NFSv4 root export checks to the DelegPurge, Renew and
ReleaseLockOwner operations analagous to what is already
in place for SetClientID and SetClientIDConfirm. These are
the five NFSv4 operations that do not use file handle(s),
so the checks are done using the NFSv4 root export entries
in /etc/exports.

Approved by:	kib (mentor)
2009-05-25 01:00:09 +00:00
Rick Macklem
6098ac23c1 Temporarily #undef NFS4_ACL_EXTATTR_NAME, so that the
experimental nfs subsystem will build while the NFSv4 ACL
support is going into the kernel.

Approved by:	kib (mentor)
2009-05-24 23:47:22 +00:00
Rick Macklem
05c965a221 Crib the realign function out of nfs_krpc.c and add a call
to it for the client side reply. Hopefully this fixes the
problem with using the new krpc for arm for the experimental
nfs client.

Approved by:	kib (mentor)
2009-05-24 19:46:12 +00:00
Rick Macklem
c1edc4480e Fix the experimental NFSv4 server so that it handles the case
where a client is not allowed NFSv4 access correctly. This
restriction is specified in the "V4: ..." line(s) in
/etc/exports.

Approved by:	kib (mentor)
2009-05-24 18:49:53 +00:00
Rick Macklem
63bde62e9a Fix the experimental nfsv4 client so that it works for the
case of a kerberized mount without a host based principal
name. This will only work for mounts being done by a user
other than root. Support for a host based principal name
will not work until proposed changes to the rpcsec_gss part
of the krpc are committed. It now builds for "options KGSSAPI".

Approved by:	kib (mentor)
2009-05-24 03:22:49 +00:00
Alan Cox
5662349ed5 Eliminate the unnecessary clearing of a page's dirty bits from
nwfs_getpages().
2009-05-23 18:25:11 +00:00
Rick Macklem
e2b84e0308 Fix the rpc_gss_secfind() call in nfs_commonkrpc.c so that
the code will build when "options KGSSAPI" is specified
without requiring the proposed changes that add host based
initiator principal support. It will not handle the case where
the client uses a host based initiator principal until those
changes are committed. The code that uses those changes is
#ifdef'd notyet until the krpc rpcsec_changes are committed.

Approved by:	kib (mentor)
2009-05-23 00:40:17 +00:00
Rick Macklem
b66124f314 Change the sysctl_base argument to svcpool_create() to NULL for
client side callbacks so that leaf names are not re-used,
since they are already being used by the server.

Approved by:	kib (mentor)
2009-05-22 23:22:56 +00:00
Rick Macklem
9dd7554f09 Fix the name of the module common to the client and server
in the experimental nfs subsystem to the correct one for
the MODULE_DEPEND() macro.

Approved by:	kib (mentor)
2009-05-22 20:55:29 +00:00
Rick Macklem
ed41a7ccee Change the printf of r192595 to identify the function,
as requested by Sam.

Approved by:	kib (mentor)
2009-05-22 19:05:48 +00:00
Rick Macklem
476174008c Modified the printf message of r192590 to remove the
possible DOS attack, as suggested by Sam.

Approved by:	kib (mentor)
2009-05-22 18:10:39 +00:00
Rick Macklem
8757104e6b Change the comment at the beginning of the function to reflect the
change from panic() to printf() done by r192588.
2009-05-22 16:46:01 +00:00
Rick Macklem
199685bca9 Change the reboot panic that would have occurred if clientid
numbers wrapped around to a printf() warning of a possible
DOS attack, in the experimental nfsv4 server.

Approved by:	kib (mentor)
2009-05-22 16:41:33 +00:00
Rick Macklem
682eec57c4 Modify the mount handling code in the experimental nfs client to
use the newer nmount() style arguments, as is used by mount_nfs.c.
This prepares the kernel code for the use of a mount_nfs.c with
changes for the experimental client integrated into it.

Approved by:	kib (mentor)
2009-05-22 15:08:12 +00:00
Rick Macklem
6ffb637d4a Change the code in the experimental nfs client to avoid flushing
writes upon close when a write delegation is held by the client.
This should be safe to do, now that nfsv4 Close operations are
delayed until ncl_inactive() is called for the vnode.

Approved by:	kib (mentor)
2009-05-22 15:01:47 +00:00
Rick Macklem
7951235502 Fix the comment in sys/fs/nfs/nfs.h to correctly reflect the
current use of the R_xxx flags. This changed when the
NFS_LEGACYRPC code was removed from the subsystem.

Approved by:	kib (mentor)
2009-05-22 14:53:26 +00:00
Robert Watson
86ce6a83d1 Remove the unmaintained University of Michigan NFSv4 client from 8.x
prior to 8.0-RELEASE.  Rick Macklem's new and more feature-rich NFSv234
client and server are replacing it.

Discussed with:	rmacklem
2009-05-22 12:35:12 +00:00
Rick Macklem
92f7f12bca Fix the experimental nfs server so that it depends on the nlm,
since it now calls nlm_acquire_next_sysid().

Approved by:	kib (mentor)
2009-05-22 01:15:07 +00:00
Rick Macklem
bac9ff3446 Fix the comment at line 3711 to be consistent with the change
applied for r192537.

Approved by:	kib (mentor)
2009-05-21 14:52:36 +00:00
Rick Macklem
b839e625b0 Modify sys/fs/nfsserver/nfs_nfsdport.c to use nlm_acquire_next_sysid()
to set the l_sysid for locks correctly.

Approved by:	kib (mentor)
2009-05-21 01:50:27 +00:00
Rick Macklem
29e890f126 Although it should never happen, all the nfsv4 server can do
when it runs out of clientids is reboot. I had replaced cpu_reboot()
with printf(), since cpu_reboot() doesn't exist for sparc64.
This change replaces the printf() with panic(), so the reboot
would occur for this highly unlikely occurrence.

Approved by:	kib (mentor)
2009-05-20 18:58:07 +00:00
Rick Macklem
47a598563d Change the experimental NFSv4 client so that it does not do
the NFSv4 Close operations until ncl_inactive(). This is
necessary so that the Open StateIDs are available for doing
I/O on mmap'd files after VOP_CLOSE(). I also changed some
indentation for the nfscl_getclose() function.

Approved by:	kib (mentor)
2009-05-18 21:22:03 +00:00
Rick Macklem
2c1b26b976 Fix the acquisition of local locks via VOP_ADVLOCK() by the
experimental nfsv4 server. It was setting the a_id argument
to a fixed value, but that wasn't sufficient for FreeBSD8.
Instead, set l_pid and l_sysid to 0 plus set the F_REMOTE
flag to indicate that these fields are used to check for
same lock owner. Since, for NFSv4, a lockowner is a ClientID plus
an up to 1024byte name, it can't be put in l_sysid easily.
I also renamed the p variable to td, since it's a thread ptr.

Approved by:	kib (mentor)
2009-05-17 19:33:48 +00:00
Rick Macklem
57d1e46484 Added a SYSCTL to sys/fs/nfsserver/nfs_nfsdport.c so that the value of
nfsrv_dolocallocks can be changed via sysctl. I also added some non-empty
descriptor strings and reformatted some overly long lines.

Approved by:	kib (mentor)
2009-05-17 17:54:01 +00:00
Alan Cox
f2eb372e02 Merge r191964: Eliminate a case of unnecessary page queues locking. 2009-05-17 06:45:30 +00:00
Rick Macklem
72d1bbba52 Changed sys/fs/nfs_clbio.c in the same way Alan Cox changed
sys/nfsclient/nfs_bio.c for r192134, so that the sources stay
in sync.

Approved by:	kib (mentor)
2009-05-16 22:31:38 +00:00
Rick Macklem
15e8331f0e Fixed the Null callback RPCs so that they work with the new krpc. This
required two changes: setting the program and version numbers before
connect and fixing the handling of the Null Rpc case in newnfs_request().

Approved by:	kib (mentor)
2009-05-16 03:12:55 +00:00
Rick Macklem
0c794c5db1 Move the nfsstat structure and proc/op number definitions on the
experimental nfs subsystem from sys/fs/nfs/nfs.h and sys/fs/nfs/nfsproto.h
to sys/fs/nfs/nfsport.h and rename nfsstat to ext_nfsstat. This was done
so that src/usr.bin/nfsstat.c could use it alongside the regular nfs
include files and struct nfsstat.

Approved by:	kib (mentor)
2009-05-15 19:33:59 +00:00
Konstantin Belousov
0e9bd89d7d Devfs replaces file ops vector with devfs-specific one in devfs_open(),
before the struct file is fully initialized in vn_open(), in particular,
fp->f_vnode is NULL. Other thread calling file operation before f_vnode
is set results in NULL pointer dereference in devvn_refthread().

Initialize f_vnode before calling d_fdopen() cdevsw method, that might
set file ops too.

Reported and tested by:	Chris Timmons <cwt networks cwu edu>
	(RELENG_7 version)
MFC after:	3 days
2009-05-15 19:23:05 +00:00
Rick Macklem
d34b41c9c2 Modify the diskless booting code in sys/fs/nfsclient to be compatible
with what is in sys/nfsclient, so that it will at least build now.

Approved by:	kib (mentor)
2009-05-15 16:03:11 +00:00
Alan Cox
42eb41087c Eliminate unnecessary clearing of the page's dirty mask from various
getpages functions.

Eliminate a stale comment.
2009-05-15 04:33:35 +00:00
Rick Macklem
98ad44534e Apply changes to the experimental nfs server so that it uses the security
flavors as exported in FreeBSD-CURRENT. This allows it to use a
slightly modified mountd.c instead of a different utility.

Approved by:	kib (mentor)
2009-05-14 21:39:08 +00:00
Rick Macklem
cec6336717 Change the file names in the comments in sys/fs/nfs/nfs_var.h so
that they are the names used in FreeBSD-CURRENT. Also shuffled a
few entries around, so that they under the correct comment.

Approved by:	kib (mentor)
2009-05-14 20:39:09 +00:00
Rick Macklem
a770e183dd Apply a one line change to nfs_clbio.c (which is largely a copy
of sys/nfsclient/nfs_bio.c) to track the change recently committed
by acl for nfs_bio.c.

Approved by:	kib (mentor)
2009-05-13 21:18:34 +00:00
Rick Macklem
7e74551956 Modify the experimental nfs server to use the new nfsd_nfsd_args
structure for nfsd. Includes a change that clarifies the use of
an empty principal name string to indicate AUTH_SYS only.

Approved by:	kib (mentor)
2009-05-12 16:04:51 +00:00
Konstantin Belousov
3fe65eb8fe Report all fdescfs vnodes as VCHR for stat(2). Fake the unique
major/minor numbers of the devices.

Pretending that the vnodes are character devices prevents file tree
walkers from descending into the directories opened by current process.
Also, not doing stat on the filedescriptors prevents the recursive entry
into the VFS.

Requested by:	kientzle
Discussed with:	Jilles Tjoelker <jilles stack nl>
2009-05-12 09:28:45 +00:00
Konstantin Belousov
ada3b6a9ea Return controlled EINVAL when the fdescfs lookup routine is given string
representing too large integer, instead of overflowing and possibly
returning a random but valid vnode.

Noted by:	Jilles Tjoelker <jilles stack nl>
MFC after:	3 days
2009-05-12 09:22:33 +00:00
Alan Cox
12aa4fdca9 Eliminate gratuitous clearing of the page's dirty mask. 2009-05-12 05:49:02 +00:00
Rick Macklem
1c6c0ed937 Change the name of the nfs server addsock structure from nfsd_args
to nfsd_addsock_args, so that it is consistent with the one in
	sys/nfsserver/nfs.h.

Approved by:	kib (mentor)
2009-05-11 19:37:05 +00:00
Rick Macklem
70839889c6 Modify nfsvno_fhtovp() to ensure that it always sets the credp
argument. Returning without credp set could result in a caller
	doing crfree() on garbage.

Reviewed by:	kan
Approved by:	kib (mentor)
2009-05-11 18:45:04 +00:00