Commit Graph

56 Commits

Author SHA1 Message Date
Doug Rabson
9719301922 Use the correct creds when reconnecting so that we have enough privilege to
bind reserved ports (if necessary).

Submitted by:	Jaakko Heinonen <jh at saualaht dot fi>
2009-02-05 11:48:10 +00:00
Doug Rabson
a9ccfd56e3 Add a missing call to mtx_destroy(). 2008-11-12 12:21:18 +00:00
Doug Rabson
a9148abd9d Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager.  I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by:	Isilon Systems
MFC after:	1 month
2008-11-03 10:38:00 +00:00
Dag-Erling Smørgrav
1ede983cc9 Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after:	3 months
2008-10-23 15:53:51 +00:00
Marko Zec
8b615593fc Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit

Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.

Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().

Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).

All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).

(*) netipsec/keysock.c did not validate depending on compile time options.

Implemented by:	julian, bz, brooks, zec
Reviewed by:	julian, bz, brooks, kris, rwatson, ...
Approved by:	julian (mentor)
Obtained from:	//depot/projects/vimage-commit2/...
X-MFC after:	never
Sponsored by:	NLnet Foundation, The FreeBSD Foundation
2008-10-02 15:37:58 +00:00
Doug Rabson
710668615a Rename RPC's 'struct pmap' to 'struct portmap' to avoid confusing it with
the other 'struct pmap'.

Pointed out by:	kmacy
MFC after:	2 weeks
2008-08-25 09:36:17 +00:00
Kris Kennaway
59e6665b4f Rename the static M_RPC defined here to M_RPCCLNT, since a global M_RPC
now optionally exists.

Reviewed by:	dfr
MFC after:	3 days
2008-08-18 12:11:47 +00:00
Bjoern A. Zeeb
603724d3ab Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).

This is the first in a series of commits over the course
of the next few weeks.

Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.

We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.

Obtained from:	//depot/projects/vimage-commit2/...
Reviewed by:	brooks, des, ed, mav, julian,
		jamie, kris, rwatson, zec, ...
		(various people I forgot, different versions)
		md5 (with a bit of help)
Sponsored by:	NLnet Foundation, The FreeBSD Foundation
X-MFC after:	never
V_Commit_Message_Reviewed_By:	more people than the patch
2008-08-17 23:27:27 +00:00
Doug Rabson
8082cff418 Add a missing call to mtx_destroy() in clnt_reconnect_destroy().
Submitted by:	zachary.loafman at isilon.com
MFC after:	2 weeks
2008-08-13 12:04:54 +00:00
Doug Rabson
6dc0afa896 Re-work the code slightly to avoid a possible livelock.
MFC after:	2 weeks
2008-07-23 09:18:08 +00:00
Ed Schouten
8c2ceafebf Move the NFS/RPC code away from lbolt.
The kernel has a special wchan called `lbolt', which is triggered each
second. It doesn't seem to be used a lot and it seems pretty redundant,
because we can specify a timeout value to the *sleep() routines. In an
attempt to eventually remove lbolt, make the NFS/RPC code use a timeout
of `hz' when trying to reconnect.

Only the TTY code (not MPSAFE TTY) and the VFS syncer seem to use lbolt
now.

Reviewed by:	attilio, jhb
Approved by:	philip (mentor), alfred, dfr
2008-07-22 21:27:22 +00:00
Robert Watson
4f7d1876d5 Introduce a new lock, hostname_mtx, and use it to synchronize access
to global hostname and domainname variables.  Where necessary, copy
to or from a stack-local buffer before performing copyin() or
copyout().  A few uses, such as in cd9660 and daemon_saver, remain
under-synchronized and will require further updates.

Correct a bug in which a failed copyin() of domainname would leave
domainname potentially corrupted.

MFC after:	3 weeks
2008-07-05 13:10:10 +00:00
Julian Elischer
316151d290 It may be #if 0'd out code, but change a varname to not shadow a global. 2008-06-29 01:04:48 +00:00
Doug Rabson
9458af1853 Include <sys/pcpu.h> for curthread. 2008-06-27 14:35:05 +00:00
Doug Rabson
c675522fc4 Re-implement the client side of rpc.lockd in the kernel. This implementation
provides the correct semantics for flock(2) style locks which are used by the
lockf(1) command line tool and the pidfile(3) library. It also implements
recovery from server restarts and ensures that dirty cache blocks are written
to the server before obtaining locks (allowing multiple clients to use file
locking to safely share data).

Sponsored by:	Isilon Systems
PR:		94256
MFC after:	2 weeks
2008-06-26 10:21:54 +00:00
Doug Rabson
8d9278ba1c Fix some issues that showed up during Kris' testing.
Reported by:	kris
MFC after:	3 days
2008-04-11 10:34:59 +00:00
Doug Rabson
ee31b83a3a Minor changes to improve compatibility with older FreeBSD releases. 2008-03-28 09:50:32 +00:00
Doug Rabson
fa9d9930ca Add kernel module support for nfslockd and krpc. Use the module system
to detect (or load) kernel NLM support in rpc.lockd. Remove the '-k'
option to rpc.lockd and make kernel NLM the default. A user can still
force the use of the old user NLM by building a kernel without NFSLOCKD
and/or removing the nfslockd.ko module.
2008-03-27 11:54:20 +00:00
Doug Rabson
dfdcada31e Add the new kernel-mode NFS Lock Manager. To use it instead of the
user-mode lock manager, build a kernel with the NFSLOCKD option and
add '-k' to 'rpc_lockd_flags' in rc.conf.

Highlights include:

* Thread-safe kernel RPC client - many threads can use the same RPC
  client handle safely with replies being de-multiplexed at the socket
  upcall (typically driven directly by the NIC interrupt) and handed
  off to whichever thread matches the reply. For UDP sockets, many RPC
  clients can share the same socket. This allows the use of a single
  privileged UDP port number to talk to an arbitrary number of remote
  hosts.

* Single-threaded kernel RPC server. Adding support for multi-threaded
  server would be relatively straightforward and would follow
  approximately the Solaris KPI. A single thread should be sufficient
  for the NLM since it should rarely block in normal operation.

* Kernel mode NLM server supporting cancel requests and granted
  callbacks. I've tested the NLM server reasonably extensively - it
  passes both my own tests and the NFS Connectathon locking tests
  running on Solaris, Mac OS X and Ubuntu Linux.

* Userland NLM client supported. While the NLM server doesn't have
  support for the local NFS client's locking needs, it does have to
  field async replies and granted callbacks from remote NLMs that the
  local client has contacted. We relay these replies to the userland
  rpc.lockd over a local domain RPC socket.

* Robust deadlock detection for the local lock manager. In particular
  it will detect deadlocks caused by a lock request that covers more
  than one blocking request. As required by the NLM protocol, all
  deadlock detection happens synchronously - a user is guaranteed that
  if a lock request isn't rejected immediately, the lock will
  eventually be granted. The old system allowed for a 'deferred
  deadlock' condition where a blocked lock request could wake up and
  find that some other deadlock-causing lock owner had beaten them to
  the lock.

* Since both local and remote locks are managed by the same kernel
  locking code, local and remote processes can safely use file locks
  for mutual exclusion. Local processes have no fairness advantage
  compared to remote processes when contending to lock a region that
  has just been unlocked - the local lock manager enforces a strict
  first-come first-served model for both local and remote lockers.

Sponsored by:	Isilon Systems
PR:		95247 107555 115524 116679
MFC after:	2 weeks
2008-03-26 15:23:12 +00:00
Ruslan Ermilov
ea26d58729 Replaced the misleading uses of a historical artefact M_TRYWAIT with M_WAIT.
Removed dead code that assumed that M_TRYWAIT can return NULL; it's not true
since the advent of MBUMA.

Reviewed by:	arch

There are ongoing disputes as to whether we want to switch to directly using
UMA flags M_WAITOK/M_NOWAIT for mbuf(9) allocation.
2008-03-25 09:39:02 +00:00
Robert Watson
0bf686c125 Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which
previously conditionally acquired Giant based on debug.mpsafenet.  As that
has now been removed, they are no longer required.  Removing them
significantly simplifies error-handling in the socket layer, eliminated
quite a bit of unwinding of locking in error cases.

While here clean up the now unneeded opt_net.h, which previously was used
for the NET_WITH_GIANT kernel option.  Clean up some related gotos for
consistency.

Reviewed by:	bz, csjp
Tested by:	kris
Approved by:	re (kensmith)
2007-08-06 14:26:03 +00:00
Matt Jacob
a5a65afc6d Check for a NULL return from rpcclnt_buildheader- it can fail if
the passed in auth_type is unacceptable to rpcauth_buildheader-
this avoids a null pointer panic. Clean up allocations if this
happens. This also quiets a gcc 4.2 complaint about ussing mheadend
without it being initialized.

Reviewed by:	alfred
2007-06-16 05:42:26 +00:00
Pawel Jakub Dawidek
7f64b05f79 Move rpc/types.h under sys/, as this is used by ZFS kernel module.
Repo-copied by:	simon
2007-04-10 22:10:16 +00:00
Robert Watson
26ded85445 Replace GIANT_REQUIRED's present for socket locking with NET_LOCK_GIANT().
If/when someone does the necessary MPSAFEty locking for the NFSv4 client,
the socket code is generally MPSAFE now.

Spotted by:	kris
2007-03-25 21:44:24 +00:00
Jim Rees
23350221ac Fix up some cut-n-paste damage and some out-of-date comments.
No code changes.

Submitted by:	cel@citi.umich.edu
2006-01-20 15:20:41 +00:00
Jim Rees
c99880b289 Use thread0 instead of user's thread for sobind.
This fixes reconnect after, for example, tcp idle disconnection.
Previously this would fail if a normal user tried to bind to a privileged
port.

Submitted by:	cel@citi.umich.edu
MFC after:	1 week
2006-01-20 15:17:46 +00:00
Ruslan Ermilov
f4e9888107 Fix -Wundef. 2005-12-04 02:12:43 +00:00
Robert Watson
84d2b7df26 Add GIANT_REQUIRED and WITNESS sleep warnings to uprintf() and tprintf(),
as they both interact with the tty code (!MPSAFE) and may sleep if the
tty buffer is full (per comment).

Modify all consumers of uprintf() and tprintf() to hold Giant around
calls into these functions.  In most cases, this means adding an
acquisition of Giant immediately around the function.  In some cases
(nfs_timer()), it means acquiring Giant higher up in the callout.

With these changes, UFS no longer panics on SMP when either blocks are
exhausted or inodes are exhausted under load due to races in the tty
code when running without Giant.

NB: Some reduction in calls to uprintf() in the svr4 code is probably
desirable.

NB: In the case of nfs_timer(), calling uprintf() while holding a mutex,
or even in a callout at all, is a bad idea, and will generate warnings
and potential upset.  This needs to be fixed, but was a problem before
this change.

NB: uprintf()/tprintf() sleeping is generally a bad ideas, as is having
non-MPSAFE tty code.

MFC after:	1 week
2005-09-19 16:51:43 +00:00
David Schultz
c0a3c58e99 - Don't call rpcclnt_realign() if we don't have any mbufs to realign.
- Remove a bogus and unneeded null pointer check.

Found by:	Coverity Prevent analysis tool
Approved by:	alfred
2005-03-19 01:16:25 +00:00
Warner Losh
60727d8b86 /* -> /*- for license, minor formatting changes 2005-01-07 02:29:27 +00:00
Stefan Farfeleder
a9da2faf34 Prefer C99's __func__ over GCC's __FUNCTION__.
Approved by:	alfred
2004-09-23 18:25:46 +00:00
Jim Rees
af341d82c4 fix array index out of bounds in rpc->rc_srtt[], rpc->rc_sdrtt[]
Noticed by: tedu
Approved by: alfred
2004-07-15 22:21:25 +00:00
Robert Watson
f3ce707a18 Constify 'rpcclnt_backoff'. 2004-07-12 19:37:08 +00:00
Warner Losh
2fcbca0d85 Remove advertising clause from University of California Regent's
license, per letter dated July 22, 1999 and email from Peter Wemm,
Alan Cox and Robert Watson.

Approved by: core, peter, alc, rwatson
2004-04-07 05:00:01 +00:00
Alexander Kabaev
186c0bc04b Reset callout if in nfs_timeout and rpcclnt_timeout functions. Timer
are supposed to continue firing as long as there is work to do, not
stop after the first invocation.

This is damage control after a patch that has been committed prematurely.

Tested by:	kris
2004-03-28 05:55:27 +00:00
Jim Rees
f9955a5f53 only do nfs rpc callouts if there is work to do.
Submitted by:	kan
Approved by:	alfred
2004-03-25 21:48:09 +00:00
Peter Wemm
6df0617286 Calculate NFS timeouts in units of 10ms, not 5ms. This matches the default
clock precision on i386.  This is a NOP change on i386.  But this stops
the mount_nfs units from suddenly changing to units of 1/20 of a second
(vs the normal 1/10 of a second) if HZ is increased.
2004-03-14 06:21:56 +00:00
Alexander Kabaev
bc9d2845f4 Convert from timeout to callout API. 2004-03-07 16:23:03 +00:00
Alfred Perlstein
95f94a7ff7 Don't panic because of RPC proto mismatches. Whitespace cleanup.
Submitted by: Jim Rees <rees@umich.edu>
2004-01-17 21:25:05 +00:00
Alfred Perlstein
b0d8e5b388 Prevent a panic when mounting a v2/v3 only server with mount_nfs4.
Submitted by: Jim Rees <rees@umich.edu>
Reported/testing: Florian C. Smeets <flo@kasimir.com>
2004-01-13 01:04:36 +00:00
Alfred Perlstein
3f5c95f772 Fix a panic when attempting a v4 op against a v3/v2-only server.
It happens because rpcclnt_request is incorrectly returning 0 in the case
of an rpc mismatch or auth error.

Submitted by: Jim Rees <rees@umich.edu>
2004-01-10 02:59:54 +00:00
Marcel Moolenaar
12eb46c8bb Change the definition of NULL on ia64 (for LP64 compilations) from
an int constant to a long constant. This change improves consistency
in the following two ways:
1. The first 8 arguments are always passed in registers on ia64, which
   by virtue of the generated code implicitly widens ints to longs and
   allows the use of an 32-bit integral type for 64-bit arguments.
   Subsequent arguments are passed onto the memory stack, which does
   not exhibit the same behaviour and consequently do not allow this.
   In practice this means that variadic functions taking pointers
   and given NULL (without cast) work as long as the NULL is passed
   in one of the first 8 arguments. A SIGSEGV is more likely the
   result if such would be done for stack-based arguments. This is
   due to the fact that the upper 4 bytes remain undefined.
2. All 64-bit platforms that FreeBSD supports, with the obvious
   exception of ia64, allow 32-bit integral types (specifically NULL)
   when 64-bit pointers are expected in variadic functions by way of
   how the compiler generates code. As such, code that works correctly
   (whether rightfully so or not) on any platform other than ia64, may
   fail on ia64.

To more easily allow tweaking of the definition of NULL, this commit
removes the 12 definitions in the various headers and puts it in a
new header that can be included whenever NULL is to be made visible.

This commit fixes GNOME, emacs, xemacs and a whole bunch of ports
that I don't particularly care about at this time...
2003-12-07 21:10:06 +00:00
Alfred Perlstein
1672bb6710 Remove unneeded file. (could be repo removed as nothing ever referenced it.)
Submitted by: Jim Rees <rees@umich.edu>
2003-11-20 04:42:50 +00:00
Alfred Perlstein
ce98b952c4 Use %zu to printf a size_t instead of an int cast.
Requested by: jmallett, wollman
2003-11-15 01:58:47 +00:00
Alfred Perlstein
d4346413c3 Fix compilation warnings on sparc.
Cast sizeof to int for printing with %d.
2003-11-15 01:24:46 +00:00
Alfred Perlstein
1bf8720450 University of Michigan's Citi NFSv4 kernel client code.
Submitted by: Jim Rees <rees@umich.edu>
2003-11-14 20:54:10 +00:00
Alfred Perlstein
8360efbd6c Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

  Bring in required TLI library routines to support this.

  Since we don't support TLI we've essentially copied what NetBSD
  has done, adding a thin layer to emulate direct the TLI calls
  into BSD socket calls.

  This is mostly from Sun's tirpc release that was made in 1994,
  however some fixes were backported from the 1999 release (supposedly
  only made available after this porting effort was underway).

  The submitter has agreed to continue on and bring us up to the
  1999 release.

  Several key features are introduced with this update:
    Client calls are thread safe. (1999 code has server side thread
    safe)
    Updated, a more modern interface.

  Many userland updates were done to bring the code up to par with
  the recent RPC API.

  There is an update to the pthreads library, a function
  pthread_main_np() was added to emulate a function of Sun's threads
  library.

  While we're at it, bring in NetBSD's lockd, it's been far too
  long of a wait.

  New rpcbind(8) replaces portmap(8) (supporting communication over
  an authenticated Unix-domain socket, and by default only allowing
  set and unset requests over that channel). It's much more secure
  than the old portmapper.

  Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
  to support TI-RPC and to support IPV6.

  Umount(8) is also fixed to unmount pathnames longer than 80 chars,
  which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
Peter Wemm
a4add9a9b1 $Id$ -> $FreeBSD$ 1999-08-27 23:45:13 +00:00
Bill Paul
f26dae2bb4 Resolve conflicts. 1997-05-28 04:45:15 +00:00
Peter Wemm
79403fe300 Revert $FreeBSD$ to $Id$ 1997-02-23 09:21:14 +00:00