Commit Graph

215 Commits

Author SHA1 Message Date
kib
a5b858d3fd Temporary workaround to prevent leak of Giant from nfsd when calling
lookup().

Reviewed by:	tegge
Tested by:	"Arno J. Klaassen" <arno at heho snv jussieu fr>, "Rong-en Fan" <grafan at gmail com>, Dmitriy Kirhlarov <dimma at higis ru>, Dmitry Pryanishnikov <dmitry at atlantis dp ua>
MFC after:	1 week
Approved by:	kan, pjd (mentors)
2006-06-05 14:48:02 +00:00
jeff
32b1878006 - Release the references acquired by VOP_GETWRITEMOUNT and vfs_getvfs().
Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:54:20 +00:00
jeff
52c1783c83 - Reorder vrele calls after vput calls to prevent lock order reversals
between leaf and directory locks.

Found by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-12 04:59:04 +00:00
jeff
30a231055b - Reorder calls to vrele() after calls to vput() when the vrele is a
directory.  vrele() may lock the passed vnode, which in these cases would
   give an invalid lock order of child -> parent.  These situations are
   deadlock prone although do not typically deadlock because the vrele
   is typically not releasing the last reference to the vnode.  Users of
   vrele must consider it as a call to vn_lock() and order it appropriately.

MFC After: 	1 week
Sponsored by:	Isilon Systems, Inc.
Tested by:	kkenn
2006-02-01 00:25:26 +00:00
csjp
34b8c6a440 Manage the ucred for the NFS server using the crget/crfree API defined in
kern_prot.c. This API handles reference counting among many other things.
Notably, if MAC is compiled into the kernel, it will properly initialize the
MAC labels when the ucred is allocated.

This work is in preparation for a new MAC entry point which will be responsible
for properly initializing policy specific labels for the NFS server credential.
Utilization of the crfree/crget APIs reduce the complexity associated with
this label's management.

Submitted by:	green (with changes) [1]
Obtained from:	TrustedBSD Project
Discussed with:	rwatson, alfred

[1] I moved the ucred allocation outside the scope of the NFS server lock to
    prevent M_WAIKOK allocations from occurring with non-sleep-able locks held.
    Additionally, to reduce complexity, the ucred persist as long as the NFS
    server descriptor.
2006-01-28 19:24:40 +00:00
trhodes
80610803f5 Revert my previous commit.
Proved I'm not that bright at times:	jhb
2006-01-23 21:06:22 +00:00
trhodes
f927a72593 Fix indentation.
Prodded by:	stefanf, ru, njl (in that order)
2006-01-23 17:41:43 +00:00
trhodes
f9cd8b5d9f Remove some dead code.
Found with:     Coverity Prevent(tm)
2006-01-21 12:10:33 +00:00
glebius
c593d62fd6 Keep locks consistent before goto.
Reported by:	pho
Reviewed by:	mohans
2005-10-27 19:02:34 +00:00
rwatson
21db4509f1 NFS write gathering defers execution of NFS server write requests to wait
to see if additional write requests will arrive that can be coalesced and
clustered with earlier ones.  When doing so, it must determine whether
the two requests are made by credentials with the same access writes, so
as not to coalesce improperly.  NFSW_SAMECRED() implements a test of two
credentials using a binary compare.

Replace NFSW_SAMECRED() macro with nfsrv_samecred() function, which is
aware of the contents and layout of a struct ucred, rather than a simple
binary compare.  While the binary compare works when ucred is simply a
zero'd and embedded 'struct ucred' in the NFS descriptor, it will work
less well when the ucred associated with an NFS descriptor is "real", so
has defined and populated reference count, mutex, etc.

MFC after:	1 week
Obtained from:	TrustedBSD Project
2005-04-17 16:25:36 +00:00
phk
94df41a4f2 Don't try to create vnode_pager objects on other filesystems vnodes,
either they did it themselves or it won't happen.
2005-01-24 22:09:13 +00:00
ps
09169053be Now that we have a non blocking version of nfsm_dissect(), change all the
nfsm_dissect() calls (done under the NFSD lock) to nfsm_dissect_nonblock().

Submitted by:	Mohan Srinivasan
2005-01-19 22:53:40 +00:00
phk
da2718f1af Remove the unused credential argument from VOP_FSYNC() and VFS_SYNC().
I'm not sure why a credential was added to these in the first place, it is
not used anywhere and it doesn't make much sense:

	The credentials for syncing a file (ability to write to the
	file) should be checked at the system call level.

	Credentials for syncing one or more filesystems ("none")
	should be checked at the system call level as well.

	If the filesystem implementation needs a particular credential
	to carry out the syncing it would logically have to the
	cached mount credential, or a credential cached along with
	any delayed write data.

Discussed with:	rwatson
2005-01-11 07:36:22 +00:00
imp
a50ffc2912 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
rwatson
d7f30dee55 Correct a bug in nfsrv_create() where a call to nfsrv_access() might
be made holding the NFS server mutex.  To clean this up, introduce a
version of the function, nfsrv_access_withgiant(), that expects the
NFS server mutex to already have been dropped and Giant acquired.
Wrap nfsrv_access() around this.  This permits callers to more
efficiently check access if they're in a code block performing VFS
operations, and can be substitited for the nfsrv_access() call that
triggered this bug.

PR:		73807, 73208
MFC after:	1 week
2004-11-11 21:30:52 +00:00
phk
52a089c526 Add b_bufobj to struct buf which eventually will eliminate the need for b_vp.
Initialize b_bufobj for all buffers.

Make incore() and gbincore() take a bufobj instead of a vnode.

Make inmem() local to vfs_bio.c

Change a lot of VI_[UN]LOCK(bp->b_vp) to BO_[UN]LOCK(bp->b_bufobj)
also VI_MTX() to BO_MTX(),

Make buf_vlist_add() take a bufobj instead of a vnode.

Eliminate other uses of bp->b_vp where bp->b_bufobj will do.

Various minor polishing: remove "register", turn panic into KASSERT,
use new function declarations, TAILQ_FOREACH_SAFE() etc.
2004-10-22 08:47:20 +00:00
rwatson
b38ba1fa5b Correct several instances where calls to vfs_getvfs() resulting in
failure in the NFS server would result in a leaked instance of the NFS
server subsystem lock.  Liberally sprinkle assertions in all target
labels for error unwinding to assert the desired locking state.

RELENG_5_3 candidate.

MFC after:	3 days
Reported by:	Wilkinson, Alex <alex dot wilkinson at dsto dot defence dot gov dot au>
2004-10-18 11:23:11 +00:00
rwatson
3d2ee0e958 Convert a mtx_lock(&Giant) to a mtx_unlock(&Giant) in nfsrv_link() to
prevent leakage of Giant.  With INVARIANTS, this results in an
assertion failure following execution of the RPC.  Without INVARIANTS,
it could result in problems if the NFS server is killed causing nfsd
to return to user space holding Giant.

Feet provided by:	brueffer
2004-08-25 16:52:59 +00:00
phk
40dd98a3bd Second half of the dev_t cleanup.
The big lines are:
	NODEV -> NULL
	NOUDEV -> NODEV
	udev_t -> dev_t
	udev2dev() -> findcdev()

Various minor adjustments including handling of userland access to kernel
space struct cdev etc.
2004-06-17 17:16:53 +00:00
rwatson
2d231cab68 Release NFS subsystem lock and acquire Giant when calling into
vn_start_write().
2004-05-31 19:08:22 +00:00
rwatson
0f1ef0c8cb One more case where we want to drop the NFS server lock and acquire
Giant when entering VFS.  Discovered by code inspection; still not
hit without debug.mpsafenet=1.

Reported by:	bmilekic
2004-05-30 22:59:54 +00:00
rwatson
49037b244c Acquire Giant around two more cases when calling into VFS to vput()
a vnode.  Not bumped into with asserts in the main tree because we
run the NFS server with Giant by default.  Discovered by inspection.

Complete annotations of Giant acquisition/release to note that it's
only because of VFS that we acquire Giant in most places in the NFS
server.
2004-05-30 22:41:43 +00:00
rwatson
6fd04518a1 Don't release Giant until after the call to vput() in nfsrv_setattr().
Unless running with debug.mpsafenet=1, this was not actually a problem.
2004-05-29 15:52:39 +00:00
rwatson
76f0671ff7 Call nfsm_clget_nolock() instead of nfsm_clget() when holding the NFS
subsystem lock to avoid tripping over an assertion regarding whether
the lock is held or not.  This is likely to be the cause of a panic
tripped over by Andrea Campi.
2004-05-27 20:34:04 +00:00
rwatson
9cd72a8223 The socket code upcalls into the NFS server using the so_upcall
mechanism so that early processing on mbufs can be performed before
a context switch to the NFS server threads.  Because of this, if
the socket code is running without Giant, the NFS server also needs
to be able to run the upcall code without relying on the presence on
Giant.  This change modifies the NFS server to run using a "giant
code lock" covering operation of the whole subsystem.  Work is in
progress to move to data-based locking as part of the NFSv4 server
changes.

Introduce an NFS server subsystem lock, 'nfsd_mtx', and a set of
macros to operate on the lock:

  NFSD_LOCK_ASSERT()    Assert nfsd_mtx owned by current thread
  NFSD_UNLOCK_ASSERT()  Assert nfsd_mtx not owned by current thread
  NFSD_LOCK_DONTCARE()  Advisory: this function doesn't care
  NFSD_LOCK()           Lock nfsd_mtx
  NFSD_UNLOCK()         Unlock nfsd_mtx

Constify a number of global variables/structures in the NFS server
code, as they are not modified and contain constants only:

  nfsrvv2_procid       nfsrv_nfsv3_procid      nonidempotent
  nfsv2_repstat        nfsv2_type              nfsrv_nfsv3_procid
  nfsrvv2_procid       nfsrv_v2errmap          nfsv3err_null
  nfsv3err_getattr     nfsv3err_setattr        nfsv3err_lookup
  nfsv3err_access      nfsv3err_readlink       nfsv3err_read
  nfsv3err_write       nfsv3err_create         nfsv3err_mkdir
  nfsv3err_symlink     nfsv3err_mknod          nfsv3err_remove
  nfsv3err_rmdir       nfsv3err_rename         nfsv3err_link
  nfsv3err_readdir     nfsv3err_readdirplus    nfsv3err_fsstat
  nfsv3err_fsinfo      nfsv3err_pathconf       nfsv3err_commit
  nfsrv_v3errmap

There are additional structures that should be constified but due
to their being passed into general purpose functions without const
arguments, I have not yet converted.

In general, acquire nfsd_mtx when accessing any of the global NFS
structures, including struct nfssvc_sock, struct nfsd, struct
nfsrv_descript.

Release nfsd_mtx whenever calling into VFS, and acquire Giant for
calls into VFS.  Giant is not required for any part of the
operation of the NFS server with the exception of calls into VFS.
Giant will never by acquired in the upcall code path.  However, it
may operate entirely covered by Giant, or not.  If debug.mpsafenet
is set to 0, the system calls will acquire Giant across all
operations, and the upcall will assert Giant.  As such, by default,
this enables locking and allows us to test assertions, but should not
cause any substantial new amount of code to be run without Giant.
Bugs should manifest in the form of lock assertion failures for now.

This approach is similar (but not identical) to modifications to the
BSD/OS NFS server code snapshot provided by BSDi as part of their
SMPng snapshot.  The strategy is almost the same (single lock over
the NFS server), but differs in the following ways:

- Our NFS client and server code bases don't overlap, which means
  both fewer bugs and easier locking (thanks Peter!).  Also means
  NFSD_*() as opposed to NFS_*().

- We make broad use of assertions, whereas the BSD/OS code does not.

- Made slightly different choices about how to handle macros building
  packets but operating with side effects.

- We acquire Giant only when entering VFS from the NFS server daemon
  threads.

- Serious bugs in BSD/OS implementation corrected -- the snapshot we
  received was clearly a work in progress.

Based on ideas from:	BSDi SMPng Snapshot
Reviewed by:		rick@snowhite.cis.uoguelph.ca
Extensive testing by:	kris
2004-05-24 04:06:14 +00:00
mux
006bc4ac4c Don't send the available space as is in the FSSTAT call. Under
FreeBSD, we can have a negative available space value, but the
corresponding fields in the NFS protocol are unsigned.  So
trnucate the value to 0 if it's negative, so that the client
doesn't receive absurdly high values.

Tested by:	cognet
2004-04-12 13:02:21 +00:00
imp
ebf059d1df Remove advertising clause from University of California Regent's
license, per letter dated July 22, 1999 and email from Peter Wemm,
Alan Cox and Robert Watson.

Approved by: core, peter, alc, rwatson
2004-04-07 05:00:01 +00:00
phk
2a5e157787 Properly vector all bwrite() and BUF_WRITE() calls through the same path
and s/BUF_WRITE()/bwrite()/ since it now does the same as bwrite().
2004-03-11 18:02:36 +00:00
phk
88ae416466 When grabbing vnodes to service NFS requests, make sure to call
vn_start_write() early to avoid snapshot deadlocks.

By:	mckusick
2003-10-24 18:36:49 +00:00
iedowse
365585637a Fix a bug in nfsrv_read() that caused the replies to certain NFSv3
short read operations at the end of a file to not have the "eof"
flag set as they should. The problem is that the requested read
count was compared against the rounded-up reply data length instead
of the actual reply data length. This bug appears to have been
introduced in revision 1.78 (June 1999). It causes first-time reads
of certain file sizes (e.g 4094 bytes) to fail with EIO on a RedHat
9.0 NFSv3 client.

MFC after:	1 week
2003-06-24 19:04:26 +00:00
mckusick
6e4d454560 Increase the size of the NFS server hash table to improve performance
when serving up more than about 32 active files. For details see
section 6.3 (pg 111) of Daniel Ellard and Margo Seltzer, ``NFS
Tricks and Benchmarking Traps'' in the Proceedings of the Usenix
2003 Freenix Track, June 9-14, 2003 pg 101-114.

Obtained from:	Daniel Ellard <ellard@eecs.harvard.edu>
Sponsored by:   DARPA & NAI Labs.
2003-06-21 21:01:44 +00:00
truckman
9cf579ad75 Beat vnode locking in the NFS server code into submission. This change
is not pretty, but it fixes the code so that it no longer violates the
vnode locking rules in the VFS API and doesn't trip any of the locking
assertions enabled by the DEBUG_VFS_LOCKS kernel configuration option.
There is one report that this patch fixed a "locking against myself"
panic on an NFS server that was tripped by a diskless client.

Approved by:	re (scottl)
2003-05-25 06:17:33 +00:00
alc
87da2c3cf3 - Acquire the vm_object's lock when performing vm_object_page_clean().
- Add a parameter to vm_pageout_flush() that tells vm_pageout_flush()
   whether its caller has locked the vm_object.  (This is a temporary
   measure to bootstrap vm_object locking.)
2003-04-24 04:31:25 +00:00
jeff
49e05d204e - Lock bufs before inspecting their flags. 2003-03-13 07:05:22 +00:00
jeff
9e4c9a6ce9 - Add an interlock argument to BUF_LOCK and BUF_TIMELOCK.
- Remove the buftimelock mutex and acquire the buf's interlock to protect
   these fields instead.
 - Hold the vnode interlock while locking bufs on the clean/dirty queues.
   This reduces some cases from one BUF_LOCK with a LK_NOWAIT and another
   BUF_LOCK with a LK_TIMEFAIL to a single lock.

Reviewed by:	arch, mckusick
2003-02-25 03:37:48 +00:00
imp
cf874b345d Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
alfred
bf8e8a6e8f Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
schweikh
d3367c5f5d Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
dillon
4ecb4d83e4 Abstract-out the constants for the sequential heuristic.
No operational changes.

MFC after:	1 day
2002-12-28 20:28:10 +00:00
iedowse
aeec108485 In the NFSv3 `fsinfo' procedure reply, don't claim that we support
32k read and write operations on datagram sockets when in fact we
reject requests larger than 16k. It must be the case that virtually
all clients use data sizes of 16k or less for UDP transport (FreeBSD's
client defaults to 8k and never exceeds 16k), as this bug has been
present ever since NFSv3 support was added.

Reported by:	Senthil <lihtnes78@netscape.net>
Reviewed by:	dillon
Approved by:	re
MFC-after:	1 week
2002-12-05 16:58:11 +00:00
jeff
b2bc94cc0d - Introduce a new macro, since that's what nfs loves, called
nfsm_srvpathsiz.  This macro plucks a length out of an rpc request and
   verifies that its size does not exceed NFS_MAXPATHLEN.  If it does
   it generates an ENAMETOOLONG response.
 - Use this macro, and the existing nfsm_srvnamsiz macro in two places
   where we deal with paths passed in by the client.

This fixes a linux interoperability bug.  Linux was sending oversized path
components which would cause us to ignore the request all together.  This
causes linux to hang indefinitly while it waits for a response.  This
could still happen in other cases where we error out with EBADRPC.

Sponsored by:	Isilon Systems, Inc.
Reviewed by:	alfred, fabbri@isilon.com, neal@isilon.com
2002-10-31 22:35:03 +00:00
rwatson
ddb3d2b4ee Correct a problem wherein NFS servers running NFSv2 would not return
certain classes of failure responses to the client during a failed
remove operation.

Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
2002-10-03 21:50:37 +00:00
jeff
004a26186f - Use incore() instead of gbincore() so we don't have to acquire the
vnode interlock.
2002-09-25 02:39:39 +00:00
jeff
02517b6731 - Replace v_flag with v_iflag and v_vflag
- v_vflag is protected by the vnode lock and is used when synchronization
   with VOP calls is needed.
 - v_iflag is protected by interlock and is used for dealing with vnode
   management issues.  These flags include X/O LOCK, FREE, DOOMED, etc.
 - All accesses to v_iflag and v_vflag have either been locked or marked with
   mp_fixme's.
 - Many ASSERT_VOP_LOCKED calls have been added where the locking was not
   clear.
 - Many functions in vfs_subr.c were restructured to provide for stronger
   locking.

Idea stolen from:	BSD/OS
2002-08-04 10:29:36 +00:00
dillon
0b74a2da00 Convert old style (type foo *)0 casts to NULLs
PR:		kern/40360
Requested by:	Hiten PAndya via direct email
2002-07-11 17:54:58 +00:00
dillon
da4e111a55 Replace the global buffer hash table with per-vnode splay trees using a
methodology similar to the vm_map_entry splay and the VM splay that Alan
Cox is working on.  Extensive testing has appeared to have shown no
increase in overhead.

Disadvantages
    Dirties more cache lines during lookups.

    Not as fast as a hash table lookup (but still N log N and optimal
    when there is locality of reference).

Advantages
    vnode->v_dirtyblkhd is now perfectly sorted, making fsync/sync/filesystem
    syncer operate more efficiently.

    I get to rip out all the old hacks (some of which were mine) that tried
    to keep the v_dirtyblkhd tailq sorted.

    The per-vnode splay tree should be easier to lock / SMPng pushdown on
    vnodes will be easier.

    This commit along with another that Alan is working on for the VM page
    global hash table will allow me to implement ranged fsync(), optimize
    server-side nfs commit rpcs, and implement partial syncs by the
    filesystem syncer (aka filesystem syncer would detect that someone is
    trying to get the vnode lock, remembers its place, and skip to the
    next vnode).

Note that the buffer cache splay is somewhat more complex then other splays
due to special handling of background bitmap writes (multiple buffers with
the same lblkno in the same vnode), and B_INVAL discontinuities between the
old hash table and the existence of the buffer on the v_cleanblkhd list.

Suggested by: alc
2002-07-10 17:02:32 +00:00
trhodes
28d42899b7 More s/file system/filesystem/g 2002-05-16 21:28:32 +00:00
iedowse
cb60904294 Limit to the maximum allowed reply size the amount of data that
nfsrv_readdir and nfsrv_readdirplus can return. A client request
containing an over-large `count' field could trigger the "Bad nfs
svc reply" panic in nfs_syscalls.c.

Spotted while trying to reproduce kern/37304, which turned out to
be fixed in FreeBSD a long time ago.

MFC after:	1 week
2002-04-21 16:14:54 +00:00
jhb
dc2e474f79 Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
mckusick
14dd08fd15 Add a flags parameter to VFS_VGET to pass through the desired
locking flags when acquiring a vnode. The immediate purpose is
to allow polling lock requests (LK_NOWAIT) needed by soft updates
to avoid deadlock when enlisting other processes to help with
the background cleanup. For the future it will allow the use of
shared locks for read access to vnodes. This change touches a
lot of files as it affects most filesystems within the system.
It has been well tested on FFS, loopback, and CD-ROM filesystems.
only lightly on the others, so if you find a problem there, please
let me (mckusick@mckusick.com) know.
2002-03-17 01:25:47 +00:00
jhb
3706cd3509 Simple p_ucred -> td_ucred changes to start using the per-thread ucred
reference.
2002-02-27 18:32:23 +00:00
dillon
45630603d0 The vnode was not being vput()'d in the EEXIST mknod case on the nfs
server side.  This can lead to a system deadlock.

Reviewed by:    iedowse
Tested by:      Alexey G Misurenko <mag@caravan.ru>, iedowse
Bug found with help by: Alexey G Misurenko <mag@caravan.ru>
MFC at:         earliest convenience
2002-01-14 19:14:08 +00:00
iedowse
a2d0f7e01a It is required by VOP_CREATE, VOP_MKNOD, VOP_SYMLINK and VOP_MKDIR
that va_mode of the supplied attributes is filled in with a valid
file mode (i.e not VNOVAL, and only ALLPERM bits set). However,
some NFS server op functions didn't guarantee this for all possible
request messages:

If a V3 client chose not include to a mode specification, we could
end up creating an ffs inode with mode 0177777, requiring a manual
fsck on the next reboot. Fix this by setting va_mode to 0 before
calling the VOP if a mode hasn't been supplied by the client.

In nfsrv_symlink(), S_IFMT bits supplied by a V2 client could end
up in the va_mode passed to VOP_SYMLINK with similar effects. We
now use the macro nfstov_mode() to correctly mask the bits.
2002-01-13 05:36:05 +00:00
iedowse
641697c62b Fix a few NFSv2 issues that slipped in during the big cleanup. The
semantics of the nfsm_reply() macro were changed so that the caller
has to explicitly handle the V2 error case, whereas before,
nfsm_reply() did a `goto nfsmout' then. A few server ops (setattr,
readlink, create, mkdir) weren't updated to match, so errors in the
V2 case could cause protocol hangs and leaked mbufs.

Correct some comments that describe the old nfsm_reply behaviour.

[older, harmless nit] Remove the unnecessary `nfsmreply0' label in
nfsrv_create(), since for its users, the main `ereply' label does
the same thing.
2002-01-12 03:57:25 +00:00
msmith
7f06d73491 Rename some variables that end up shadowing their namesakes in the NFS client
code.

Reviewed by:	peter
2002-01-08 19:41:06 +00:00
iedowse
6e9f1df98f Avoid passing the variable `tl' to functions that just use it for
temporary storage. In the old NFS code it wasn't at all clear if
the value of `tl' was used across or after macro calls, but I'm
fairly confident that the convention was to keep its use local.
Each ex-macro function now uses a local version of this variable,
so all of the double-indirection goes away.

The only exception to the `local use' rule for `tl' is nfsm_clget(),
which is left unchanged by this commit.

Reviewed by:	peter
2001-12-18 01:22:09 +00:00
iedowse
e16d92f4df When VOP_SYMLINK fails, the value of *vpp is junk, so we must NULL
out nd.ni_vp to prevent the resource cleanup code at the end of
nfsrv_symlink from trying to vrele it. This fixes a "vrele: negative
ref cnt" panic that can occur when a symlink is attempted on an NFS
filesystem with no free space. Found locally, but the symptoms
correspond to those in the PR referenced below.

PR:		kern/26878
MFC after:	3 days
2001-12-04 16:53:42 +00:00
iedowse
6eb4ba0b09 Now that nfsm_reply() does not usually set 'error' to 0, we need
to do it explicitly in nfsrv_noop so that the reply gets sent back
to the client. This fixes the generation of a selection of RPC
error replies (RPC_PROGMISMATCH, RPC_PROGUNAVAIL, RPC_PROCUNAVAIL
etc.) that are used by some clients to detect support for optional
protocols and features.

Reviewed by:	peter
Reported by:	Thomas Quinot <quinot@inf.enst.fr>
PR:		kern/31479
2001-10-25 19:07:56 +00:00
peter
562ebdfbed Unwind some more macros. NFSMADV() was kinda silly since it was right
next to equivalent m_len adjustments.  Move the nfsm_subs.h macros
into groups depending on which phase they are used in, since that
affects the error recovery requirements.  Collect some of the common error
checking into a single macro as preparation for unwinding some more.
Have nfs_rephead return a value instead of secretly modifying args.
Remove some unused function arguments that were being passed around.
Clarify nfsm_reply()'s error handling (I hope).
2001-09-28 04:37:08 +00:00
peter
2854bb2840 Make nfsm_dissect() have an obvious return value. 2001-09-27 22:40:38 +00:00
peter
bc122022f9 Tidy up nfsm_build usage. This is only partially finished. 2001-09-27 02:33:36 +00:00
peter
85182a8d78 Cleanup and split of nfs client and server code.
This builds on the top of several repo-copies.
2001-09-18 23:32:09 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
grog
4b9d9cbaac Revert consequences of changes to mount.h, part 2.
Requested by:	bde
2001-04-29 02:45:39 +00:00
grog
1f5de30718 Correct #includes to work with fixed sys/mount.h. 2001-04-23 09:05:15 +00:00
asmodai
3065478332 Preceed/preceeding are not english words. Use precede and preceding. 2001-02-18 10:43:53 +00:00
iedowse
769baae5ab Fix some problems that were introduced in revision 1.97. Instead
of returning an error code to the caller, NFS server op routines
must themselves build an error reply and return 0 to the caller.

This is achieved by replacing the erroneous return statements with
code that jumps forward to the op function's reply code. We need
to be careful to ensure that the 'struct mount' pointer is NULL
though, so that the final vn_finished_write() call becomes a no-op.

Reviewed by:	mckusick, dillon
2001-02-09 13:24:06 +00:00
bmilekic
4b6a7bddad * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.
This is because calls with M_WAIT (now M_TRYWAIT) may not wait
  forever when nothing is available for allocation, and may end up
  returning NULL. Hopefully we now communicate more of the right thing
  to developers and make it very clear that it's necessary to check whether
  calls with M_(TRY)WAIT also resulted in a failed allocation.
  M_TRYWAIT basically means "try harder, block if necessary, but don't
  necessarily wait forever." The time spent blocking is tunable with
  the kern.ipc.mbuf_wait sysctl.
  M_WAIT is now deprecated but still defined for the next little while.

* Fix a typo in a comment in mbuf.h

* Fix some code that was actually passing the mbuf subsystem's M_WAIT to
  malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the
  value of the M_WAIT flag, this could have became a big problem.
2000-12-21 21:44:31 +00:00
mckusick
a3d0c189ea Add snapshots to the fast filesystem. Most of the changes support
the gating of system calls that cause modifications to the underlying
filesystem. The gating can be enabled by any filesystem that needs
to consistently suspend operations by adding the vop_stdgetwritemount
to their set of vnops. Once gating is enabled, the function
vfs_write_suspend stops all new write operations to a filesystem,
allows any filesystem modifying system calls already in progress
to complete, then sync's the filesystem to disk and returns. The
function vfs_write_resume allows the suspended write operations to
begin again. Gating is not added by default for all filesystems as
for SMP systems it adds two extra locks to such critical kernel
paths as the write system call. Thus, gating should only be added
as needed.

Details on the use and current status of snapshots in FFS can be
found in /sys/ufs/ffs/README.snapshot so for brevity and timelyness
is not included here. Unless and until you create a snapshot file,
these changes should have no effect on your system (famous last words).
2000-07-11 22:07:57 +00:00
phk
36c3965ff9 Separate the struct bio related stuff out of <sys/buf.h> into
<sys/bio.h>.

<sys/bio.h> is now a prerequisite for <sys/buf.h> but it shall
not be made a nested include according to bdes teachings on the
subject of nested includes.

Diskdrivers and similar stuff below specfs::strategy() should no
longer need to include <sys/buf.> unless they need caching of data.

Still a few bogus uses of struct buf to track down.

Repocopy by:    peter
2000-05-05 09:59:14 +00:00
phk
10914aa708 Remove unneeded #include <vm/vm_zone.h>
Generated by:	src/tools/tools/kerninclude
2000-04-30 18:52:11 +00:00
phk
5df766a0f8 Rename the existing BUF_STRATEGY() to DEV_STRATEGY()
substitute BUF_WRITE(foo) for VOP_BWRITE(foo->b_vp, foo)

substitute BUF_STRATEGY(foo) for VOP_STRATEGY(foo->b_vp, foo)

This patch is machine generated except for the ccd.c and buf.h parts.
2000-03-20 11:29:10 +00:00
dillon
00382428de Fix compilation warning on alpha when converting pointer to integer
to generate hash index.

Reviewed by:	 Andrew Gallatin <gallatin@cs.duke.edu>
1999-12-18 19:20:05 +00:00
dillon
db701263c1 Have NFS use a snapshot of boottime instead of boottime itself to
generate the NFSv3 Version id.  boottime itself may change, sometimes
    once every tick if you are running xntpd, which really throws off
    clients.  Clients will tend to throw away what they believe to be
    stale data too often, and can get into long loops rewriting the same
    data over and over again because they believe the server has rebooted
    over and over again due to the changing version id.

Approved by:	jkh
1999-12-16 17:01:32 +00:00
eivind
87724eb673 Introduce NDFREE (and remove VOP_ABORTOP) 1999-12-15 23:02:35 +00:00
dillon
bab004e729 Add a readahead heuristic to the NFS server side code. While the server
cannot unilaterally pass data to a client it can reduce the physical
    disk transaction overhead by reading larger blocks.  This results in
    better pipelining of requests/responses over the network and an almost
    100% increase in cpu efficiency on the server.  On a 100BaseTX network
    NFS read performance increases from 8.5 MBytes/sec to 10 MB/sec (maxed
    out), and cpu efficiency increases from 72% idle to 80% idle on the server.

Reviewed by:	Alfred Perlstein <bright@wintelcom.net>
1999-12-13 17:34:45 +00:00
dillon
08e8d78b50 Fix a number of server-side issues related to aborting badly formed
NFS packets, mainly initializing structure pointers to NULL which
    are conditionally freed prior to return.

PR:		kern/15249
Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
1999-12-12 07:06:39 +00:00
eivind
4ce73d7096 Remove WILLRELE from VOP_SYMLINK
Note: Previous commit to these files (except coda_vnops and devfs_vnops)
that claimed to remove WILLRELE from VOP_RENAME actually removed it from
VOP_MKNOD.
1999-11-13 20:58:17 +00:00
eivind
21fff7b1c2 Remove WILLRELE from VOP_RENAME 1999-11-12 03:34:28 +00:00
dillon
af7bbb9a33 Make FreeBSD less conservative in determining when to return a cookie
error for a directory.  I have made this change after a great deal of
    review although I cannot be absolutely sure that this meets the spec.

    The issue devolves into whether changes in an underlying (UFS) directory
    can cause NFS directory blocks to be renumbered.  My read of the code
    indicates that NFS directory blocks will not be renumbered, which means
    that the cookies should still remain valid after a change is made to
    the underlying directory.  This being the case, a cookie error should
    not be returned when a change is made to the underlying directory and,
    instead, the NFS client should rely on mtime detection to invalidate and
    reload the directory.

    The use of mtime is problematic in of itself, due to insufficient
    resolution, which is why I believe the original conservative error
    handling was done.  Still, there have been dozens of bug reports by
    people needing solaris<->FreeBSD interoperability and these have to
    be accomodated.
1999-09-29 17:14:58 +00:00
dillon
581716d4df Asynchronized client-side nfs_commit. NFS commit operations were
previously issued synchronously even if async daemons (nfsiod's) were
    available.  The commit has been moved from the strategy code to the doio
    code in order to asynchronize it.

    Removed use of lastr in preparation for removal of vnode->v_lastr.  It
    has been replaced with seqcount, which is already supported by the system
    and, in fact, gives us a better heuristic for sequential detection then
    lastr ever did.

    Made major performance improvements to the server side commit.  The
    server previously fsync'd the entire file for each commit rpc.  The
    server now bawrite()s only those buffers related to the offset/size
    specified in the commit rpc.

    Note that we do not commit the meta-data yet.  This works still needs
    to be done.

    Note that a further optimization can be done (and has not yet been done)
    on the client: we can merge multiple potential commit rpc's into a
    single rpc with a greater file offset/size range and greatly reduce
    rpc traffic.

Reviewed by:	Alan Cox <alc@cs.rice.edu>, David Greenman <dg@root.com>
1999-09-17 05:57:57 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
wpaul
a0ef521585 Correct the sanity test length calculation in nfsrv_readdirplus(): len is
being incremented by 4 bytes too few each time through the loop, which
allows more data into the mbuf chain that we really want. In the worst
case, when we're using 32K read/write sizes with a TCP client, this causes
readdirplus replies to sometimes exceed NFS_MAXPACKET which leads to a
panic. This problem cropped up for me using an IRIX 6.5.4 NFSv3 TCP client
with 32K read/write sizes, however supposedly it can be triggered by
WinNT NFS servers too. In theory, it can probably be triggered by any
NFS v3 implementation using TCP as long as it's using the maxiumum block
size.

Reviewed by: Matthew Dillon <dillon@backplane.com>
1999-07-29 21:42:57 +00:00
alc
1f3845a859 Clear error in nfsrv_create when we have a valid reply so that
that reply is actually transmitted.
Submitted by:	dillon
1999-07-28 08:20:49 +00:00
phk
6c373ff516 I have not one single time remembered the name of this function correctly
so obviously I gave it the wrong name.  s/umakedev/makeudev/g
1999-07-17 18:43:50 +00:00
julian
b242252948 Submitted by: "David E. Cross" <crossd@cs.rpi.edu>
Matt missed a line..
1999-06-30 04:29:13 +00:00
julian
7dc5713bf7 Matt's NFS fixes.
Submitted by: Matt Dillon
Reviewed by: David Cross, Julian Elischer, Mike Smith, Drew Gallatin
  3.2 version to follow when tested
1999-06-23 04:44:14 +00:00
peter
21732dea0c Various changes lifted from the OpenBSD cvs tree:
txdr_hyper and fxdr_hyper tweaks to avoid excessive CPU order knowledge.

nfs_serv.c: don't call nfsm_adj() with negative values, windows clients
could crash servers when doing a readdir of a large directory.

nfs_socket.c: Use IP_PORTRANGE to get a priviliged port without a spin
loop trying to bind().  Don't clobber a mbuf pointer or we get panics
on a NFS3ERR_JUKEBOX error from a server when reusing a freed mbuf.

nfs_subs.c: Don't loose st_blocks on NFSv2 mounts when > 2GB.

Obtained from:  OpenBSD
1999-06-05 05:35:03 +00:00
phk
7e26ca1d1a Divorce "dev_t" from the "major|minor" bitmap, which is now called
udev_t in the kernel but still called dev_t in userland.

Provide functions to manipulate both types:
        major()         umajor()
        minor()         uminor()
        makedev()       umakedev()
        dev2udev()      udev2dev()

For now they're functions, they will become in-line functions
after one of the next two steps in this process.

Return major/minor/makedev to macro-hood for userland.

Register a name in cdevsw[] for the "filedescriptor" driver.

In the kernel the udev_t appears in places where we have the
major/minor number combination, (ie: a potential device: we
may not have the driver nor the device), like in inodes, vattr,
cdevsw registration and so on, whereas the dev_t appears where
we carry around a reference to a actual device.

In the future the cdevsw and the aliased-from vnode will be hung
directly from the dev_t, along with up to two softc pointers for
the device driver and a few houskeeping bits.  This will essentially
replace the current "alias" check code (same buck, bigger bang).

A little stunt has been provided to try to catch places where the
wrong type is being used (dev_t vs udev_t), if you see something
not working, #undef DEVT_FASCIST in kern/kern_conf.c and see if
it makes a difference.  If it does, please try to track it down
(many hands make light work) or at least try to reproduce it
as simply as possible, and describe how to do that.

Without DEVT_FASCIST I belive this patch is a no-op.

Stylistic/posixoid comments about the userland view of the <sys/*.h>
files welcome now, from userland they now contain the end result.

Next planned step: make all dev_t's refer to the same devsw[] which
means convert BLK's to CHR's at the perimeter of the vnodes and
other places where they enter the game (bootdev, mknod, sysctl).
1999-05-11 19:55:07 +00:00
peter
73556bfee1 Add sufficient braces to keep egcs happy about potentially ambiguous
if/else nesting.
1999-05-06 18:13:11 +00:00
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
phk
16e3fbd2c1 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
dfr
22ceb237f0 * Change sysctl from using linker_set to construct its tree using SLISTs.
This makes it possible to change the sysctl tree at runtime.

* Change KLD to find and register any sysctl nodes contained in the loaded
  file and to unregister them when the file is unloaded.

Reviewed by: Archie Cobbs <archie@whistle.com>,
	Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
1999-02-16 10:49:55 +00:00
eivind
56b8c7c844 Remove the if fixed in the last commit; bde quite correctly point out
that it can never fail.
1998-12-09 15:12:53 +00:00
eivind
d74ab3f9f8 Fix typo (; in "if (vp == NULL);"). 1998-12-08 23:11:24 +00:00
peter
052ed056ae vm_object_page_clean() last arg changed from TRUE to OBJPC_SYNC. I'm not
sure that this is necessary to be a sync write here since a VOP_FSYNC()
follows and it will schedule, sort and complete the writes that the
vm_object_page_clean() started (as I think I understand things).
1998-10-31 15:39:31 +00:00
dfr
1d5f38ac22 This commit fixes various 64bit portability problems required for
FreeBSD/alpha.  The most significant item is to change the command
argument to ioctl functions from int to u_long.  This change brings us
inline with various other BSD versions.  Driver writers may like to
use (__FreeBSD_version == 300003) to detect this change.

The prototype FreeBSD/alpha machdep will follow in a couple of days
time.
1998-06-07 17:13:14 +00:00
peter
19ad2aa63b For the on-the-wire protocol, u_long -> u_int32_t; long -> int32_t;
int -> int32_t; u_short -> u_int16_t.  Also, use mode_t instead of u_short
for storing modes (mode_t is a u_int16_t).

Obtained from: NetBSD
1998-05-31 20:09:01 +00:00
peter
5080277e0e Cut-n-paste glitch 1998-05-31 19:43:34 +00:00
peter
7966818099 Hide whiteouts from NFS, since the protocol doesn't support them.
Obtained from:  NetBSD
1998-05-31 19:10:52 +00:00