#
361236 |
|
19-May-2020 |
freqlabs |
MFC r360960:
nfs: Remove APPLESTATIC macro
It is no longer useful.
Reviewed by: rmacklem Approved by: mav (mentor) Sponsored by: iXsystems, Inc. Differential Revision: https://reviews.freebsd.org/D24811
|
#
361070 |
|
15-May-2020 |
freqlabs |
MFC r360813:
Remove APPLEKEXT ifndefs
They are no longer useful.
Reviewed by: rmacklem Approved by: mav (mentor) Sponsored by: iXsystems, Inc. Differential Revision: https://reviews.freebsd.org/D24752
|
#
360208 |
|
22-Apr-2020 |
rmacklem |
MFC: r359720 Fix an interoperability issue w.r.t. the Linux client and the NFSv4 server.
Luoqi Chen reported a problem on freebsd-fs@ where a Linux NFSv4 client was able to open and write to a file when the file's permissions were not set to allow the owner write access.
Since NFS servers check file permissions on every write RPC, it is standard practice to allow the owner of the file to do writes, regardless of file permissions. This provides POSIX like behaviour, since POSIX only checks permissions upon open(2). The traditional way NFS clients handle this is to check access via the Access operation/RPC and use that to determine if an open(2) on the client is allowed.
It appears that, for NFSv4, the Linux client expects the NFSv4 Open (not a POSIX open) operation to fail with NFSERR_ACCES if the file is not being created and file permissions do not allow owner access, unlike NFSv3. Since both the Linux and OpenSolaris NFSv4 servers seem to exhibit this behaviour, this patch changes the FreeBSD NFSv4 server to do the same. A sysctl called vfs.nfsd.v4openaccess can be set to 0 to return the NFSv4 server to its previous behaviour.
Since both the Linux and FreeBSD NFSv4 clients seem to exhibit correct behaviour with the access check for file owner in Open enabled, it is enabled by default.
Reported by: luoqi.chen@gmail.com
|
#
347045 |
|
03-May-2019 |
rmacklem |
MFC: r346424 Add support for the ModeSetMasked attribute to the NFSv4.1 server.
I do not know of an extant NFSv4.1 client that currently does a Setattr operation for the ModeSetMasked, but it has been discussed on the linux-nfs mailing list. This patch adds support for doing a Setattr of ModeSetMasked, so that it will work for any future NFSv4.1 client that chooses to do so. Tested via a hacked FreeBSD NFSv4.1 client.
|
#
347042 |
|
03-May-2019 |
rmacklem |
MFC: r346423 Replace "vp" with NULL to make the code more readable.
At the time of this nfsv4_sattr() call, "vp == NULL", so this patch doesn't change the semantics, but I think it makes the code more readable. It also makes it consistent with the nfsv4_sattr() call a few lines above this one. Found during code inspection.
|
#
346776 |
|
27-Apr-2019 |
rmacklem |
MFC: r346191 Add support for INET6 addresses to the kernel code that dumps open/lock state.
PR#223036 reported that INET6 callback addresses were not printed by nfsdumpstate(8). This kernel patch adds INET6 addresses to the dump structure, so that nfsdumpstate(8) can print them out, post-r346190.
|
#
338131 |
|
21-Aug-2018 |
rmacklem |
MFC: r336839 Modify the NFSv4.1 server so that it allows ReclaimComplete as done by ESXi 6.7.
I believe that a ReclaimComplete with rca_one_fs == TRUE is only to be used after a file system has been transferred to a different file server. However, RFC5661 is somewhat vague w.r.t. this and the ESXi 6.7 client does both a ReclaimComplete with rca_one_fs == TRUE and one with ReclaimComplete with rca_one_fs == FALSE. Therefore, just ignore the rca_one_fs == TRUE operation and return NFS_OK without doing anything instead of replying NFS4ERR_NOTSUPP. This allows the ESXi 6.7 NFSv4.1 client to do a mount. After discussion on the NFSv4 IETF working group mailing list, doing this along with setting a flag to note that a ReclaimComplete with rca_one_fs TRUE was an appropriate way to handle this. The flag that indicates that a ReclaimComplete with rca_one_fs == TRUE was done may be used to disable replies of NFS4ERR_GRACE for non-reclaim state operations in a future commit.
This patch along with r332790, r334492 and r336357 allow ESXi 6.7 NFSv4.1 mounts work ok. ESX 6.5 NFSv4.1 mounts do not work well, due to what I believe are violations of RFC-5661 and should not be used.
|
#
337064 |
|
02-Aug-2018 |
rmacklem |
MFC: r336357 Modify the reasons for not issuing a delegation in the NFSv4.1 server.
The ESXi NFSv4.1 client will generate warning messages when the reason for not issuing a delegation is two. Two refers to a resource limit and I do not see why it would be considered invalid. However it probably was not the best choice of reason for not issuing a delegation. This patch changes the reasons used to ones that the ESXi client doesn't complain about. This change does not affect the FreeBSD client and does not appear to affect behaviour of the Linux NFSv4.1 client. RFC5661 defines these "reasons" but does not give any guidance w.r.t. which ones are more appropriate to return to a client.
|
#
336842 |
|
28-Jul-2018 |
rmacklem |
MFC: r334492 Add the BindConnectiontoSession operation to the NFSv4.1 server.
Under some fairly unusual circumstances, the Linux NFSv4.1 client is doing a BindConnectiontoSession operation for TCP connections. It is also used by the ESXi6.5 NFSv4.1 client. This patch adds this operation to the NFSv4.1 server.
PR: 226493
|
#
336178 |
|
10-Jul-2018 |
rmacklem |
MFC: r333508 Add support for the TestStateID operation to the NFSv4.1 server.
The Linux client now uses the TestStateID operation, so this patch adds support for it to the NFSv4.1 server. The FreeBSD client never uses this operation, so it should not be affected.
|
#
334629 |
|
04-Jun-2018 |
rmacklem |
MFC: r333592 Fix the eir_server_scope reply argument for NFSv4.1 ExchangeID.
In the reply to an ExchangeID operation, the NFSv4.1 server returns a "scope" value (eir_server_scope). If this value is the same, it indicates that two servers share state, which is never the case for FreeBSD servers. As such, the value needs to be unique and it was without this patch. However, I just found out that it is not supposed to change when the server reboots and without this patch, it did change. This patch fixes eir_server_scope so that it does not change when the server is rebooted. The only affect not having this patch has is that Linux clients don't reclaim opens and locks after a server reboot, which meant they lost any byte range locks held before the server rebooted. It only affects NFSv4.1 mounts and the FreeBSD NFSv4.1 client was not affected by this bug.
|
#
333060 |
|
27-Apr-2018 |
rmacklem |
MFC: r332790 Fix OpenDowngrade for NFSv4.1 if a client sets the OPEN_SHARE_ACCESS_WANT* bits.
The NFSv4.1 RFC specifies that the OPEN_SHARE_ACCESS_WANT bits can be set in the OpenDowngrade share_access argument and are basically ignored. I do not know of a extant NFSv4.1 client that does this, but this little patch fixes it just in case. It also changes the error from NFSERR_BADXDR to NFSERR_INVAL since the NFSv4.1 RFC specifies this as the error to be returned if bogus bits are set. (The NFSv4.0 RFC didn't specify any error for this, so the error reply can be changed for NFSv4.0 as well.) Found by inspection while looking at a problem with OpenDowngrade reported for the ESXi 6.5 NFSv4.1 client.
|
#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
325341 |
|
02-Nov-2017 |
rmacklem |
MFC: r324639 Fix the client IP address reported by nfsdumpstate for 64bit arch and NFSv4.1.
The client IP address was not being reported for some NFSv4 mounts by nfsdumpstate. Upon investigation, two problems were found for mounts using IPv4. One was that the code (originally written and tested on i386) assumed that a "u_long" was a "uint32_t" and would exactly store an IPv4 host address. Not correct for 64bit arches. Also, for NFSv4.1 mounts, the field was not being filled in. This was basically correct, because NFSv4.1 does not use a callback address. However, it meant that nfsdumpstate could not report the client IP addr. This patch should fix both of these issues. For IPv6, the address will still not be reported. The original NFSv4 RFC only specified IPv4 callback addresses. I think this has changed and, if so, a future commit to fix reporting of IPv6 addresses will be needed.
|
#
324419 |
|
08-Oct-2017 |
rmacklem |
MFC: r323978 Change a panic to an error return.
There was a panic() in the NFS server's write operation that didn't need to be a panic() and could just be an error return. This patch makes that change. Found by code inspection during development of the pNFS service.
|
#
311957 |
|
12-Jan-2017 |
kib |
MFC r311452: Do not allocate struct statfs on kernel stack.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
299514 |
|
12-May-2016 |
cem |
nfsd: Fix use-after-free in NFS4 lock test service
Trivial use-after-free where stp was freed too soon in the non-error path. To fix, simply move its release to the end of the routine.
Reported by: Coverity CID: 1006105 Sponsored by: EMC / Isilon Storage Division
|
#
297793 |
|
10-Apr-2016 |
pfg |
Cleanup unnecessary semicolons from the kernel.
Found with devel/coccinelle.
|
#
283635 |
|
27-May-2015 |
rmacklem |
Make the size of the hash tables used by the NFSv4 server tunable. No appreciable change in performance was observed after increasing the sizes of these tables and then testing with a single client. However, there was an email that indicated high CPU overheads for a heavily loaded NFSv4 and it is hoped that increasing the sizes of the hash tables via these tunables might help. The tables remain the same size by default.
Differential Revision: https://reviews.freebsd.org/D2596 MFC after: 2 weeks
|
#
281628 |
|
16-Apr-2015 |
rmacklem |
mav@ has found that NFS servers exporting ZFS file systems can perform better when using a 128K read/write data size. This patch changes NFS_MAXDATA from 64K to 128K so that clients can use 128K for NFS mounts to allow this. The patch also renames NFS_MAXDATA to NFS_SRVMAXIO so that it is clear that it applies to the NFS server side only. It also avoids a name conflict with the NFS_MAXDATA defined in rpcsvc/nfs_prot.h, that is used for userland RPC.
Tested by: mav Reviewed by: mav MFC after: 2 weeks
|
#
275897 |
|
18-Dec-2014 |
kib |
The VOP_LOOKUP() implementations for CREATE op do not put the name into namecache, to avoid cache trashing when doing large operations. E.g., tar archive extraction is not usually followed by access to many of the files created.
Right now, each VOP_LOOKUP() implementation explicitely knowns about this quirk and tests for both MAKEENTRY flag presence and op != CREATE to make the call to cache_enter(). Centralize the handling of the quirk into VFS, by deciding to cache only by MAKEENTRY flag in VOP. VFS now sets NOCACHE flag for CREATE namei() calls.
Note that the change in semantic is backward-compatible and could be merged to the stable branch, and is compatible with non-changed third-party filesystems which correctly handle MAKEENTRY.
Suggested by: Chris Torek <torek@pi-coral.com> Reviewed by: mckusick Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 2 weeks
|
#
272467 |
|
03-Oct-2014 |
araujo |
Fix failures and warnings reported by newpynfs20090424 test tool. This fix addresses only issues with the pynfs reports, none of these issues are know to create problems for extant real clients.
Submitted by: Bart Hsiao <bart.hsiao@gmail.com> Reworked by: myself Reviewed by: rmacklem Approved by: rmacklem Sponsored by: QNAP Systems Inc.
|
#
268115 |
|
01-Jul-2014 |
rmacklem |
Merge the NFSv4.1 server code in projects/nfsv4.1-server over into head. The code is not believed to have any effect on the semantics of non-NFSv4.1 server behaviour. It is a rather large merge, but I am hoping that there will not be any regressions for the NFS server.
MFC after: 1 month
|
#
267191 |
|
06-Jun-2014 |
rmacklem |
The new NFS server would not allow a hard link to be created to a symlink. This restriction (which was inherited from OpenBSD) is not required by the NFS RFCs. Since this is allowed by the old NFS server, it is a POLA violation to not allow it. This patch modifies the new NFS server to allow this.
Reported by: jhb Reviewed by: jhb MFC after: 3 days
|
#
264265 |
|
08-Apr-2014 |
delphij |
Fix NFS deadlock vulnerability. [SA-14:05]
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
|
#
245613 |
|
18-Jan-2013 |
delphij |
Make it possible to force async at server side on new NFS server, similar to the old one's nfs.nfsrv.async.
Please note that by enabling this option (default is disabled), the system could potentionally have silent data corruption if the server crashes before write is committed to non-volatile storage, as the client side have no way to tell if the data is already written.
Submitted by: rmacklem MFC after: 2 weeks
|
#
225049 |
|
20-Aug-2011 |
rmacklem |
Fix the NFSv4 server so that it returns NFSERR_SYMLINK when an attempt to do an Open operation on any type of file other than VREG is done. A recent discussion on the IETF working group's mailing list (nfsv4@ietf.org) decided that NFSERR_SYMLINK should be returned for all non-regular files and not just symlinks, so that the Linux client would work correctly. This change does not affect the FreeBSD NFSv4 client and is not believed to have a negative effect on other NFSv4 clients.
Reviewed by: zkirsch Approved by: re (kib) MFC after: 2 weeks
|
#
224637 |
|
03-Aug-2011 |
zack |
Fix an NFS server issue where it was not correctly setting the eof flag when a READ had hit the end of the file. Also, clean up some cruft in the code.
Approved by: re (kib) Reviewed by: rmacklem MFC after: 2 weeks
|
#
224554 |
|
31-Jul-2011 |
rmacklem |
Fix rename in the new NFS server so that it does not require a recursive vnode lock on the directory for the case where the new file name is in the same directory as the old one. The patch handles this as a special case, recognized by the new directory having the same file handle as the old one and just VREF()s the old dir vnode for this case, instead of doing a second VFS_FHTOVP() to get it. This is required so that the server will work for file systems like msdosfs, that do not support recursive vnode locking. This problem was discovered during recent testing by pho@ when exporting an msdosfs file system via the new NFS server.
Tested by: pho Reviewed by: zkirsch Approved by: re (kib) MFC after: 2 weeks
|
#
224086 |
|
16-Jul-2011 |
zack |
Add DEXITCODE plumbing to NFS.
Isilon has the concept of an in-memory exit-code ring that saves the last exit code of a function and allows for stack tracing. This is very helpful when debugging tough issues.
This patch is essentially a no-op for BSD at this point, until we upstream the dexitcode logic itself. The patch adds DEXITCODE calls to every NFS function that returns an errno error code. A number of code paths were also reorganized to have single exit paths, to reduce code duplication.
Submitted by: David Kwan <dkwan@isilon.com> Reviewed by: rmacklem Approved by: zml (mentor) MFC after: 2 weeks
|
#
224082 |
|
16-Jul-2011 |
zack |
Simple find/replace of VOP_UNLOCK -> NFSVOPUNLOCK. This is done so that NFSVOPUNLOCK can be modified later to add enhanced logging and assertions.
Reviewed by: rmacklem Approved by: zml (mentor) MFC after: 2 weeks
|
#
224081 |
|
16-Jul-2011 |
zack |
Simple find/replace of vn_lock -> NFSVOPLOCK. This is done so that NFSVOPLOCK can be modified later to add enhanced logging and assertions.
Reviewed by: rmacklem Approved by: zml (mentor) MFC after: 2 weeks
|
#
224080 |
|
16-Jul-2011 |
zack |
Remove unnecessary thread pointer from VOPLOCK macros and current users.
Reviewed by: rmacklem Approved by: zml (mentor) MFC after: 2 weeks
|
#
223373 |
|
21-Jun-2011 |
rmacklem |
Fix the new NFSv4 server so that it checks for VREAD_ACL when a client does a Getattr for an ACL and not VREAD_ATTRIBUTES. This was found during the recent NFSv4 interoperability Bakeathon.
MFC after: 2 weeks
|
#
223349 |
|
20-Jun-2011 |
rmacklem |
Fix the new NFSv4 server so that it only allows Lookup of directories and symbolic links when traversing non-exported file systems. Found during the recent NFSv4 interoperability Bakeathon.
MFC after: 2 weeks
|
#
220648 |
|
14-Apr-2011 |
rmacklem |
Fix the experimental NFSv4 server so that it uses VOP_PATHCONF() to determine if a file system supports NFSv4 ACLs. Since VOP_PATHCONF() must be called with a locked vnode, the function is called before nfsvno_fillattr() and the result is passed in as an extra argument.
MFC after: 2 weeks
|
#
220645 |
|
14-Apr-2011 |
rmacklem |
Modify the experimental NFSv4 server so that it handles crossing of server mount points properly. The functions nfsvno_fillattr() and nfsv4_fillattr() were modified to take the extra arguments that are the mount point, a flag to indicate that it is a file system root and the mounted on fileno. The mount point argument needs to be busy when nfsvno_fillattr() is called, since the vp argument is not locked.
Reviewed by: kib MFC after: 2 weeks
|
#
217063 |
|
06-Jan-2011 |
rmacklem |
Since the VFS_LOCK_GIANT() code in the experimental NFS server is broken and the major file systems are now all mpsafe, modify the server so that it will only export mpsafe file systems. This was discussed on freebsd-fs@ and removes a fair bit of crufty code.
MFC after: 12 days
|
#
216897 |
|
02-Jan-2011 |
rmacklem |
Modify the experimental NFSv4 server so that the lookup ops return a locked vnode. This ensures that the associated mount point will always be valid for the code that follows the operation. Also add a couple of additional checks for non-error to the other functions that create file objects.
MFC after: 2 weeks
|
#
216894 |
|
02-Jan-2011 |
rmacklem |
Delete some cruft from the experimental NFS server that was only used by the OpenBSD port for its pseudo-fs.
MFC after: 2 weeks
|
#
216893 |
|
02-Jan-2011 |
rmacklem |
Add checks for VI_DOOMED and vn_lock() failures to the experimental NFS server, to handle the case where an exported file system is forced dismounted while an RPC is in progress. Further commits will fix the cases where a mount point is used when the associated vnode isn't locked.
Reviewed by: kib MFC after: 2 weeks
|
#
216700 |
|
25-Dec-2010 |
rmacklem |
Modify the experimental NFS server so that it uses LK_SHARED for RPC operations when it can. Since VFS_FHTOVP() currently always gets an exclusively locked vnode and is usually called at the beginning of each RPC, the RPCs for a given vnode will still be serialized. As such, passing a lock type argument to VFS_FHTOVP() would be preferable to doing the vn_lock() with LK_DOWNGRADE after the VFS_FHTOVP() call.
Reviewed by: kib MFC after: 2 weeks
|
#
216693 |
|
24-Dec-2010 |
rmacklem |
Add an argument to nfsvno_getattr() in the experimental NFS server, so that it can avoid calling VOP_ISLOCKED() when the vnode is known to be locked. This will allow LK_SHARED to be used for these cases, which happen to be all the cases that can use LK_SHARED. This does not fix any bug, but it reduces the number of calls to VOP_ISLOCKED() and prepares the code so that it can be switched to using LK_SHARED in a future patch.
Reviewed by: kib MFC after: 2 weeks
|
#
206236 |
|
05-Apr-2010 |
rmacklem |
Harden the experimental NFS server a little, by adding range checks on the length of the client's open/lock owner name. Also, add free()'s for one case where they were missing and would have caused a leak if NFSERR_BADXDR had been replied. Probably never happens, but the leak is now plugged, just in case.
MFC after: 2 weeks
|
#
206061 |
|
02-Apr-2010 |
rmacklem |
Add SAVENAME to the cn_flags for all cases in the experimental NFS server for the CREATE cn_nameiop where SAVESTART isn't set. I was not aware that this needed to be done by the caller until recently.
Tested by: lampa AT fit.vutbr.cz (link case) Submitted by: lampa AT fit.vutbr.cz (link case) MFC after: 2 weeks
|
#
200999 |
|
25-Dec-2009 |
rmacklem |
Modify the experimental server so that it uses VOP_ACCESSX(). This is necessary in order to enable NFSv4 ACL support. The argument to nfsvno_accchk() was changed to an accmode_t and the function nfsrv_aclaccess() was no longer needed and, therefore, deleted.
Reviewed by: trasz MFC after: 2 weeks
|
#
199616 |
|
20-Nov-2009 |
rmacklem |
Patch the experimental NFS server is a manner analagous to r197525, so that the creation verifier is handled correctly in va_atime for 64bit architectures. There were two problems. One was that the code incorrectly assumed that sizeof (struct timespec) == 8 and the other was that the tv_sec field needs to be assigned from a signed 32bit integer, so that sign extension occurs on 64bit architectures. This is required for correct operation when exporting ZFS volumes.
Reviewed by: pjd MFC after: 2 weeks
|
#
192861 |
|
26-May-2009 |
rmacklem |
Fix the experimental nfs subsystem so that it builds with the current NFSv4 ACLs, as defined in sys/acl.h. It still needs a way to test a mount point for NFSv4 ACL support before it will work. Until then, the NFSHASNFS4ACL() macro just always returns 0.
Approved by: kib (mentor)
|
#
192707 |
|
24-May-2009 |
rmacklem |
Add NFSv4 root export checks to the DelegPurge, Renew and ReleaseLockOwner operations analagous to what is already in place for SetClientID and SetClientIDConfirm. These are the five NFSv4 operations that do not use file handle(s), so the checks are done using the NFSv4 root export entries in /etc/exports.
Approved by: kib (mentor)
|
#
192121 |
|
14-May-2009 |
rmacklem |
Apply changes to the experimental nfs server so that it uses the security flavors as exported in FreeBSD-CURRENT. This allows it to use a slightly modified mountd.c instead of a different utility.
Approved by: kib (mentor)
|
#
191990 |
|
11-May-2009 |
attilio |
Remove the thread argument from the FSD (File-System Dependent) parts of the VFS. Now all the VFS_* functions and relating parts don't want the context as long as it always refers to curthread.
In some points, in particular when dealing with VOPs and functions living in the same namespace (eg. vflush) which still need to be converted, pass curthread explicitly in order to retain the old behaviour. Such loose ends will be fixed ASAP.
While here fix a bug: now, UFS_EXTATTR can be compiled alone without the UFS_EXTATTR_AUTOSTART option.
VFS KPI is heavilly changed by this commit so thirdy parts modules needs to be recompiled. Bump __FreeBSD_version in order to signal such situation.
|
#
191783 |
|
04-May-2009 |
rmacklem |
Add the experimental nfs subtree to the kernel, that includes support for NFSv4 as well as NFSv2 and 3. It lives in 3 subdirs under sys/fs: nfs - functions that are common to the client and server nfsclient - a mutation of sys/nfsclient that call generic functions to do RPCs and handle state. As such, it retains the buffer cache handling characteristics and vnode semantics that are found in sys/nfsclient, for the most part. nfsserver - the server. It includes a DRC designed specifically for NFSv4, that is used instead of the generic DRC in sys/rpc. The build glue will be checked in later, so at this point, it consists of 3 new subdirs that should not affect kernel building.
Approved by: kib (mentor)
|