1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-25 11:37:56 +00:00
Commit Graph

2487 Commits

Author SHA1 Message Date
Rick Macklem
2c6d0e01f8 This patch applies one of the two fixes suggested by
zack.kirsch at isilon.com for a race between nfsrv_freeopen()
and nfsrv_getlockfile() in the experimental NFS server that
he found during testing. Although nfsrv_freeopen() holds a
sleep lock on the lock file structure when called with
cansleep != 0, nfsrv_getlockfile() could still search the
list, once it acquired the NFSLOCKSTATE() mutex. I believe
that acquiring the mutex in nfsrv_freeopen() fixes the race.

MFC after:	2 weeks
2010-09-10 23:49:33 +00:00
Rick Macklem
37fe683250 Fix the NFSVNO_CMPFH() macro in the experimental NFS server so
that it works correctly for ZFS file handles. It is possible to
have two ZFS file handles that differ only in the bytes in the
fid_reserved field of the generic "struct fid" and comparing the
bytes in fid_data didn't catch this case. This patch changes the
macro to compare all bytes of "struct fid".

Tested by:	gull at gull.us
MFC after:	2 weeks
2010-09-10 23:18:45 +00:00
Rick Macklem
a8c0af5906 Fix the experimental NFS client so that it doesn't panic when
NFSv2,3 byte range locking is attempted. A fix that allows the
nlm_advlock() to work with both clients is in progress, but
may take a while. As such, I am doing this commit so that
the kernel doesn't panic in the meantime.

Submitted by:	jh
MFC after:	2 weeks
2010-09-09 15:45:11 +00:00
Ivan Voras
b2143ecb99 Avoid "Entry can disappear before we lock fdvp" panic.
PR:		150143
Submitted by:	Gleb Kurtsou <gk at FreeBSD.org>
Pretty sure it won't blow up: mckusick
MFC after:	2 weeks
2010-09-07 22:40:45 +00:00
John Baldwin
8e27c18282 Store the full timestamp when caching timestamps of files and
directories for purposes of validating name cache entries.  This
closes races where two updates to a file or directory within the same
second could result in stale entries in the name cache.  While here,
remove the 'n_expiry' field as it is no longer used.

Reviewed by:	rmacklem
MFC after:	1 week
2010-09-07 14:29:45 +00:00
Daichi GOTO
21f9b7b28a Allowed unionfs to use whiteout not supporting file system as
upper layer. Until now, unionfs prevents to use that kind of
file system as upper layer. This time, I changed to allow
that kind of file system as upper layer. By this change, you
can use whiteout not supporting file system (e.g., especially
for tmpfs) as upper layer. It's very useful for combination of
tmpfs as upper layer and read only file system as lower layer.

By difinition, without whiteout support from the file system
backing the upper layer, there is no way that delete and rename
operations on lower layer objects can be done.  EOPNOTSUPP is
returned for this kind of operations as generated by VOP_WHITEOUT()
along with any others which would make modifica tions to the
lower layer, such as chmod(1).

This change is suggested by ed.

Submitted by:	ed
2010-09-05 04:58:16 +00:00
Rick Macklem
848fd2c0e2 Change the code in ncl_bioread() in the experimental NFS
client to return an error when rabp is not set, so it
behaves the same way as the regular NFS client for this
case. It does not affect NFSv4, since nfs_getcacheblk()
only fails for "intr" mounts and NFSv4 can't use the
"intr" mount option.

MFC after:	2 weeks
2010-09-05 00:47:44 +00:00
Rick Macklem
0372f5f411 Disable use of the NLM in the experimental NFS client, since
it will crash the kernel because it uses the nfsmount and
nfsnode structures of the regular NFS client.

MFC after:	2 weeks
2010-09-05 00:10:18 +00:00
Ulf Lilleengen
0cc17ce608 - Remove duplicate comment.
PR:		kern/148820
Submitted by:	pluknet <pluknet - at - gmail.com>
2010-09-01 05:34:17 +00:00
Rick Macklem
2d0c83b139 Add a null_remove() function to nullfs, so that the v_usecount
of the lower level vnode is incremented to greater than 1 when
the upper level vnode's v_usecount is greater than one. This
is necessary for the NFS clients, so that they will do a silly
rename of the file instead of actually removing it when the
file is still in use. It is "racy", since the v_usecount is
incremented in many places in the kernel with
minimal synchronization, but an extraneous silly rename is
preferred to not doing a silly rename when it is required.
The only other file systems that currently check the value
of v_usecount in their VOP_REMOVE() functions are nwfs and
smbfs. These file systems choose to fail a remove when the
v_usecount is greater than 1 and I believe will function
more correctly with this patch, as well.

Tested by:	to.my.trociny at gmail.com
Submitted by:	to.my.trociny at gmail.com (earlier version)
Reviewed by:	kib
MFC after:	2 weeks
2010-08-31 01:16:45 +00:00
Rick Macklem
b5cb66df25 Add acquisition of a reference count on nfsv4root_lock to the
nfsd_recalldelegation() function, since this function is called
by nfsd threads when they are handling NFSv2 or NFSv3 RPCs, where
no reference count would have been acquired.

MFC after:	2 weeks
2010-08-28 23:50:09 +00:00
Rick Macklem
2ec3f92528 The timer routine in the experimental NFS server did not acquire
the correct mutex when checking nfsv4root_lock. Although this
could be fixed by adding mutex lock/unlock calls, zack.kirsch at
isilon.com suggested a better fix that uses a non-blocking
acquisition of a reference count on nfsv4root_lock. This fix
allows the weird NFSLOCKSTATE(); NFSUNLOCKSTATE(); synchronization
to be deleted. This patch applies this fix.

Tested by:	zack.kirsch at isilon.com
MFC after:	2 weeks
2010-08-28 21:41:18 +00:00
Jaakko Heinonen
4136388a18 Set de_dir for user created symbolic links. This will be needed to be
able to resolve their parent directories.
2010-08-26 16:01:29 +00:00
Edward Tomasz Napierala
81f6480d42 Revert r210194, adding a comment explaining why calls to chgproccnt()
in unionfs are actually needed.  I have a better fix in trasz_hrl p4 branch,
but now is not a good moment to commit it.

Reported by:	Alex Kozlov
2010-08-25 21:32:08 +00:00
Jaakko Heinonen
f5efcd64f4 Call devfs_populate_vp() from devfs_getattr(). It was possible that
fstat(2) returned stale information through an open file descriptor.
2010-08-25 15:29:12 +00:00
Jaakko Heinonen
0f6bb099ae Introduce and use devfs_populate_vp() to unlock a vnode before calling
devfs_populate(). This is a prerequisite for the automatic removal of
empty directories which will be committed in the future.

Reviewed by:	kib (previous version)
2010-08-22 16:08:12 +00:00
Ed Schouten
99d57a6bd8 Add support for whiteouts on tmpfs.
Right now unionfs only allows filesystems to be mounted on top of
another if it supports whiteouts. Even though I have sent a patch to
daichi@ to let unionfs work without it, we'd better also add support for
whiteouts to tmpfs.

This patch implements .vop_whiteout and makes necessary changes to
lookup() and readdir() to take them into account. We must also make sure
that when adding or removing a file, we honour the componentname's
DOWHITEOUT and ISWHITEOUT, to prevent duplicate filenames.

MFC after:	1 month
2010-08-22 05:36:06 +00:00
John Baldwin
3634d5b241 Add dedicated routines to toggle lockmgr flags such as LK_NOSHARE and
LK_CANRECURSE after a lock is created.  Use them to implement macros that
otherwise manipulated the flags directly.  Assert that the associated
lockmgr lock is exclusively locked by the current thread when manipulating
these flags to ensure the flag updates are safe.  This last change required
some minor shuffling in a few filesystems to exclusively lock a brand new
vnode slightly earlier.

Reviewed by:	kib
MFC after:	3 days
2010-08-20 19:46:50 +00:00
Jaakko Heinonen
96835d61b6 Call dev_rel() in error paths.
Reported by:	kib
Reviewed by:	kib
MFC after:	2 weeks
2010-08-19 16:39:00 +00:00
Jaakko Heinonen
64040d3978 Allow user created symbolic links to cover device files and directories
if the device file appears during or after the link creation.

User created symbolic links are now inserted at the head of the
directory entry list after the "." and ".." entries. A new directory
entry flag DE_COVERED indicates that an entry is covered by a symbolic
link.

PR:		kern/114057
Reviewed by:	kib
Idea from:	kib
Discussed on:	freebsd-current (mostly silence)
2010-08-12 15:29:07 +00:00
Robert Watson
be80264279 Properly bounds check ioctl/pioctl data arguments for Coda:
1. Use unsigned rather than signed lengths
2. Bound messages to/from Venus to VC_MAXMSGSIZE
3. Bound messages to/from general user processes to VC_MAXDATASIZE
4. Update comment regarding data limits for pioctl

Without (1) and (3), it may be possible for unprivileged user processes to
read sensitive portions of kernel memory.  This issue is only present if
the Coda kernel module is loaded and venus (the userspace Coda daemon) is
running and has /coda mounted.

As Coda is considered experimental and production use is warned against in
the coda(4) man page, and because Coda must be explicitly configured for a
configuration to be vulnerable, we won't be issuing a security advisory.
However, if you are using Coda, then you are advised to apply these fixes.

Reported by:	Dan J. Rosenberg <drosenberg at vsecurity.com>
Obtained from:	NetBSD (Christos Zoulas)
Security:	Kernel memory disclosure; no advisory as feature experimental
MFC after:	3 days
2010-08-07 08:08:14 +00:00
Konstantin Belousov
d3c5a40780 Enable shared lookups and externed shared ops for devfs.
In collaboration with:	pho
MFC after:	1 month
2010-08-06 09:46:53 +00:00
Konstantin Belousov
3979450b4c Add new make_dev_p(9) flag MAKEDEV_ETERNAL to inform devfs that created
cdev will never be destroyed. Propagate the flag to devfs vnodes as
VV_ETERNVALDEV. Use the flags to avoid acquiring devmtx and taking a
thread reference on such nodes.

In collaboration with:	pho
MFC after:	1 month
2010-08-06 09:42:15 +00:00
Konstantin Belousov
9968a42675 Enable shared locks for the devfs vnodes. Honor the locking mode
requested by lookup(). This should be a nop at the moment.

In collaboration with:	pho
MFC after:	1 month
2010-08-06 09:23:47 +00:00
Konstantin Belousov
3a6fc63c9f Initialize VV_ISTTY vnode flag on the devfs vnode creation instead of
doing it on each open.

In collaboration with:	pho
MFC after:	1 month
2010-08-06 09:06:55 +00:00
Rick Macklem
e3649d5a2f Modify the return value for nfscl_mustflush() from boolean_t,
which I mistakenly thought was correct w.r.t. style(9), back
to int and add the checks for != 0. This is just a stylistic
modification.

MFC after:	1 week
2010-08-03 01:49:28 +00:00
Rick Macklem
f92bbff248 Move sys/nfsclient/nfs_lock.c into sys/nfs and build it as a separate
module that can be used by both the regular and experimental nfs
clients. This fixes the problem reported by jh@ where /dev/nfslock
would be registered twice when both nfs clients were used.
I also defined the size of the lm_fh field to be the correct value,
as it should be the maximum size of an NFSv3 file handle.

Reviewed by:	jh
MFC after:	2 weeks
2010-07-24 22:11:11 +00:00
Rick Macklem
66c0f45a3d For the experimental NFSv4 server's dumplocks operation, add the
MPSAFE flag to cn_flags so that it doesn't panic. The panics weren't
seen since nfsdumpstate(8) is broken for the "-l" case, so this
was never done. I'll do a separate commit to fix nfsdumpstate(8).

Submitted by:	zack.kirsch at isilon.com
MFC after:	2 weeks
2010-07-19 23:33:42 +00:00
Rick Macklem
6ec1ef63d1 Add a call to nfscl_mustflush() in nfs_close() of the experimental
NFSv4 client, so that attributes are not acquired from the server
when a delegation for the file is held. This can reduce the number
of Getattr Ops significantly.

MFC after:	2 weeks
2010-07-18 22:35:46 +00:00
Edward Tomasz Napierala
dce36a0159 Fix build.
Submitted by:	Andreas Tobler <andreast-list at fgznet.ch>
2010-07-18 07:55:22 +00:00
Rick Macklem
5813b99c83 Change the nfscl_mustflush() function in the experimental NFSv4
client to return a boolean_t in order to make it more compatible
with style(9).

MFC after:	2 weeks
2010-07-18 00:24:01 +00:00
Edward Tomasz Napierala
b29d02f258 Remove updating process count by unionfs. It serves no purpose, unionfs just
needs root credentials for a moment.
2010-07-17 15:45:20 +00:00
Rick Macklem
2cf552b115 Patch the experimental NFSv4 server so that it acquires a reference
count on nfsv4rootfs_lock when dumping state, since these functions
are not called by nfsd threads. Without this reference count, it
is possible for an nfsd thread to acquire an exclusive lock on
nfsv4rootfs_lock while the dump is in progress and then change the
lists, potentially causing a crash.

Reported by:	zack.kirsch at isilon.com
MFC after:	2 weeks
2010-07-16 23:17:05 +00:00
John Baldwin
61e1c19319 Revert the previous commit. The race is not applicable to the lockmgr
implementation in 8.0 and later as its flags field does not hold dynamic
state such as waiters flags, but is only modified in lockinit() aside
from VN_LOCK_*().

Discussed with:	attilio
2010-07-16 19:52:03 +00:00
John Baldwin
dbfcf8cfea When the MNTK_EXTENDED_SHARED mount option was added, some filesystems were
changed to defer the setting of VN_LOCK_ASHARE() (which clears LK_NOSHARE
in the vnode lock's flags) until after they had determined if the vnode was
a FIFO.  This occurs after the vnode has been inserted a VFS hash or some
similar table, so it is possible for another thread to find this vnode via
vget() on an i-node number and block on the vnode lock.  If the lockmgr
interlock (vnode interlock for vnode locks) is not held when clearing the
LK_NOSHARE flag, then the lk_flags field can be clobbered.  As a result
the thread blocked on the vnode lock may never get woken up.  Fix this by
holding the vnode interlock while modifying the lock flags in this case.

MFC after:	3 days
2010-07-16 19:20:20 +00:00
Rick Macklem
866e6c5adb Delete comments related to soft clock interrupts that don't apply
to the FreeBSD port of the experimental NFSv4 server.

Submitted by:	zack.kirsch at isilon.com
MFC after:	2 weeks
2010-07-16 01:44:49 +00:00
John Baldwin
3c497facfb Retire the NFS access cache timestamp structure. It was used in VOP_OPEN()
to avoid sending multiple ACCESS/GETATTR RPCs during a single open()
between VOP_LOOKUP() and VOP_OPEN().  Now we always send the RPC in
VOP_LOOKUP() and not VOP_OPEN() in the cases that multiple RPCs could be
sent.

MFC after:	2 weeks
2010-07-15 19:40:48 +00:00
John Baldwin
f9b1a4a3b6 Merge 208603, 209946, and 209948 to the new NFS client:
Move attribute cache flushes from VOP_OPEN() to VOP_LOOKUP() to provide
more graceful recovery for stale filehandles and eliminate the need for
conditionally clearing the attribute cache in the !NMODIFIED case in
VOP_OPEN().

Reviewed by:	rmacklem
MFC after:	2 weeks
2010-07-15 19:21:48 +00:00
Rick Macklem
63f6e5bf6f This patch fixes a bug in the experimental NFSv4 server where it
released a reference count on nfsv4rootfs_lock erroneously when
administrative revocation of state was done.

Submitted by:	zack.kirsch at isilon.com
MFC after:	2 weeks
2010-07-15 03:02:10 +00:00
Rick Macklem
86836fcf1f For the experimental NFSv4 client, make sure that attributes that
predate the issue of a delegation are not cached once the delegation
is held. This is necessary, since cached attributes remain valid
while the delegation is held.

MFC after:	2 weeks
2010-07-13 23:14:39 +00:00
Rick Macklem
4bc59a660c For the experimental NFSv4 client, do not use cached attributes
that were invalidated, even when a delegation for the file is held.

MFC after:	2 weeks
2010-07-13 23:07:32 +00:00
Rick Macklem
95b1c51b6c Fix a bogus comment that mentions lru lists that don't exist.
Reported by:	zack.kirsch at isilon.com
MFC after:	2 weeks
2010-07-13 22:44:14 +00:00
Andriy Gapon
12b3a08d09 udf_vnops: cosmetic followup to r208671 - better looking code
Suggested by:	jhb
MFC after:	3 days
2010-06-22 08:22:25 +00:00
Alan Cox
61a2a5dcd2 Eliminate unnecessary page queues locking. 2010-06-18 22:12:12 +00:00
Alan Cox
8393d186b9 Eliminate unnecessary page queues locking. 2010-06-16 00:41:21 +00:00
Rick Macklem
a8437c97f1 Add MODULE_DEPEND() macros to the experimental NFS client and
server so that the modules will load when kernels are built with
none of the NFS* configuration options specified. I believe this
resolves the problems reported by PR kern/144458 and the email on
freebsd-stable@ posted by Dmitry Pryanishnikov on June 13.

Tested by:	kib
PR:		kern/144458
Reviewed by:	kib
MFC after:	1 week
2010-06-15 00:25:04 +00:00
Konstantin Belousov
b38f7723eb In NFS clients, instead of inconsistently using #ifdef
DIAGNOSTIC and #ifndef DIAGNOSTIC for debug assertions, prefer
KASSERT(). Also change one #ifdef DIAGNOSTIC in the new nfs server.

Submitted by:	Mikolaj Golub <to.my.trociny gmail com>
MFC after:	2 weeks
2010-06-13 05:24:27 +00:00
Andriy Gapon
1bdfff2252 fix a few cases where a string is passed via format argument instead of
via %s

Most of the cases looked harmless, but this is done for the sake of
correctness.  In one case it even allowed to drop an intermediate buffer.

Found by:	clang
MFC after:	2 week
2010-06-11 19:27:21 +00:00
Jaakko Heinonen
f40645c83d Add a new function devfs_parent_dirent() for resolving devfs parent
directory entry. Use the new function in devfs_fqpn(), devfs_lookupx()
and devfs_vptocnp() instead of manually resolving the parent entry.

Reviewed by:	kib
2010-06-09 15:29:12 +00:00
Jaakko Heinonen
59e0452e82 Don't try to call cdevsw d_close() method when devfs_close() is called
because of insmntque1() failure.

Found with:	stress2
Suggested and reviewed by:	kib
2010-06-01 18:57:21 +00:00