Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F107105748
D37880.id114703.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
34 KB
Referenced Files
None
Subscribers
None
D37880.id114703.diff
View Options
diff --git a/sys/fs/nfs/nfs_commonport.c.vnetnfsuserd b/sys/fs/nfs/nfs_commonport.c
--- a/sys/fs/nfs/nfs_commonport.c.vnetnfsuserd
+++ b/sys/fs/nfs/nfs_commonport.c
@@ -42,6 +42,7 @@
* to this BSD variant.
*/
#include <fs/nfs/nfsport.h>
+#include <sys/osd.h>
#include <sys/smp.h>
#include <sys/sysctl.h>
#include <sys/taskqueue.h>
@@ -56,8 +57,6 @@
#include <vm/uma.h>
extern int nfscl_ticks;
-extern nfsuserd_state nfsrv_nfsuserd;
-extern struct nfssockreq nfsrv_nfsuserdsock;
extern void (*nfsd_call_recall)(struct vnode *, int, struct ucred *,
struct thread *);
extern int nfsrv_useacl;
@@ -75,6 +74,14 @@
vop_reclaim_t *nfs_reclaim_p = NULL;
uint32_t nfs_srvmaxio = NFS_SRVMAXIO;
+NFSD_VNET_DECLARE(struct nfsrv_lughash *, nfsuserhash);
+NFSD_VNET_DECLARE(struct nfsrv_lughash *, nfsusernamehash);
+NFSD_VNET_DECLARE(struct nfsrv_lughash *, nfsgrouphash);
+NFSD_VNET_DECLARE(struct nfsrv_lughash *, nfsgroupnamehash);
+NFSD_VNET_DECLARE(u_char *, nfsrv_dnsname);
+NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock);
+NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd);
+
NFSDSTATSDEFINE(nfsstatsv1);
int nfs_pnfsio(task_fn_t *, void *);
@@ -150,6 +157,7 @@
/* local functions */
static int nfssvc_call(struct thread *, struct nfssvc_args *, struct ucred *);
+static void nfsrv_cleanusergroup(struct prison *);
#ifdef __NO_STRICT_ALIGNMENT
/*
@@ -451,10 +459,6 @@
struct nfsstatsv1 *outstats;
if (uap->flag & NFSSVC_IDNAME) {
- if (jailed(p->td_ucred)) {
- error = EPERM;
- goto out;
- }
if ((uap->flag & NFSSVC_NEWSTRUCT) != 0)
error = copyin(uap->argp, &nid, sizeof(nid));
else {
@@ -754,10 +758,6 @@
u_short sockport;
struct nfsuserd_args nargs;
- if (jailed(p->td_ucred)) {
- error = EPERM;
- goto out;
- }
if ((uap->flag & NFSSVC_NEWSTRUCT) == 0) {
error = copyin(uap->argp, (caddr_t)&sockport,
sizeof (u_short));
@@ -775,10 +775,6 @@
if (!error)
error = nfsrv_nfsuserdport(&nargs, p);
} else if (uap->flag & NFSSVC_NFSUSERDDELPORT) {
- if (jailed(p->td_ucred)) {
- error = EPERM;
- goto out;
- }
nfsrv_nfsuserddelport();
error = 0;
}
@@ -872,6 +868,87 @@
return (ret);
}
+/*
+ * Free up all the allocations related to the name<-->id cache.
+ * This function should only be called when the nfsuserd daemon isn't
+ * running, since it doesn't do any locking.
+ * This function is meant to be called when a vnet jail is destroyed.
+ */
+static void
+nfsrv_cleanusergroup(struct prison *pr)
+{
+ struct nfsrv_lughash *hp, *hp2;
+ struct nfsusrgrp *nusrp, *usrp;
+ int i;
+
+ NFSD_CURVNET_SET(pr->pr_vnet);
+ mtx_destroy(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx);
+ if (NFSD_VNET(nfsuserhash) == NULL) {
+ NFSD_CURVNET_RESTORE();
+ return;
+ }
+
+ for (i = 0; i < nfsrv_lughashsize; i++) {
+ hp = &NFSD_VNET(nfsuserhash)[i];
+ TAILQ_FOREACH_SAFE(usrp, &hp->lughead, lug_numhash, nusrp) {
+ TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash);
+ hp2 = NFSUSERNAMEHASH(usrp->lug_name,
+ usrp->lug_namelen);
+ TAILQ_REMOVE(&hp2->lughead, usrp, lug_namehash);
+ if (usrp->lug_cred != NULL)
+ crfree(usrp->lug_cred);
+ free(usrp, M_NFSUSERGROUP);
+ }
+ hp = &NFSD_VNET(nfsgrouphash)[i];
+ TAILQ_FOREACH_SAFE(usrp, &hp->lughead, lug_numhash, nusrp) {
+ TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash);
+ hp2 = NFSGROUPNAMEHASH(usrp->lug_name,
+ usrp->lug_namelen);
+ TAILQ_REMOVE(&hp2->lughead, usrp, lug_namehash);
+ if (usrp->lug_cred != NULL)
+ crfree(usrp->lug_cred);
+ free(usrp, M_NFSUSERGROUP);
+ }
+ mtx_destroy(&NFSD_VNET(nfsuserhash)[i].mtx);
+ mtx_destroy(&NFSD_VNET(nfsusernamehash)[i].mtx);
+ mtx_destroy(&NFSD_VNET(nfsgroupnamehash)[i].mtx);
+ mtx_destroy(&NFSD_VNET(nfsgrouphash)[i].mtx);
+ }
+ free(NFSD_VNET(nfsuserhash), M_NFSUSERGROUP);
+ free(NFSD_VNET(nfsusernamehash), M_NFSUSERGROUP);
+ free(NFSD_VNET(nfsgrouphash), M_NFSUSERGROUP);
+ free(NFSD_VNET(nfsgroupnamehash), M_NFSUSERGROUP);
+ free(NFSD_VNET(nfsrv_dnsname), M_NFSSTRING);
+ NFSD_CURVNET_RESTORE();
+}
+
+#ifdef VNET_NFSD
+/*
+ * Initialize everything that needs to be initialized for a vnet.
+ */
+static void
+nfs_vnetinit(const void *unused __unused)
+{
+
+ mtx_init(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx, "nfsuserd",
+ NULL, MTX_DEF);
+}
+VNET_SYSINIT(nfs_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
+ nfs_vnetinit, NULL);
+
+/* Osd entry for nfsrv_cleanup. */
+static int
+nfs_prison_cleanup(void *obj, void *data __unused)
+{
+ struct prison *pr = obj;
+
+ if ((pr->pr_flags & PR_VNET) == 0)
+ return (0);
+ nfsrv_cleanusergroup(pr);
+ return (0);
+}
+#endif /* VNET_NFSD */
+
extern int (*nfsd_call_nfscommon)(struct thread *, struct nfssvc_args *);
/*
@@ -881,6 +958,11 @@
nfscommon_modevent(module_t mod, int type, void *data)
{
int error = 0;
+#ifdef VNET_NFSD
+ osd_method_t methods[PR_MAXMETHOD] = {
+ [PR_METHOD_REMOVE] = nfs_prison_cleanup,
+ };
+#endif
static int loaded = 0;
switch (type) {
@@ -892,8 +974,13 @@
mtx_init(&nfs_sockl_mutex, "nfs_sockl_mutex", NULL, MTX_DEF);
mtx_init(&nfs_slock_mutex, "nfs_slock_mutex", NULL, MTX_DEF);
mtx_init(&nfs_req_mutex, "nfs_req_mutex", NULL, MTX_DEF);
- mtx_init(&nfsrv_nfsuserdsock.nr_mtx, "nfsuserd", NULL,
- MTX_DEF);
+#ifdef VNET_NFSD
+ /* XXX-BZ OSD to VNET? */
+ osd_jail_register(NULL, methods);
+#else
+ mtx_init(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx, "nfsuserd",
+ NULL, MTX_DEF);
+#endif
mtx_init(&nfsrv_dslock_mtx, "nfs4ds", NULL, MTX_DEF);
TAILQ_INIT(&nfsrv_devidhead);
newnfs_init();
@@ -902,7 +989,8 @@
break;
case MOD_UNLOAD:
- if (newnfs_numnfsd != 0 || nfsrv_nfsuserd != NOTRUNNING ||
+ if (newnfs_numnfsd != 0 ||
+ NFSD_VNET(nfsrv_nfsuserd) != NOTRUNNING ||
nfs_numnfscbd != 0) {
error = EBUSY;
break;
@@ -910,7 +998,7 @@
nfsd_call_nfscommon = NULL;
/* Clean out the name<-->id cache. */
- nfsrv_cleanusergroup();
+ nfsrv_cleanusergroup(&prison0);
/* and get rid of the mutexes */
mtx_destroy(&nfs_nameid_mutex);
mtx_destroy(&newnfsd_mtx);
@@ -919,7 +1007,6 @@
mtx_destroy(&nfs_sockl_mutex);
mtx_destroy(&nfs_slock_mutex);
mtx_destroy(&nfs_req_mutex);
- mtx_destroy(&nfsrv_nfsuserdsock.nr_mtx);
mtx_destroy(&nfsrv_dslock_mtx);
loaded = 0;
break;
diff --git a/sys/fs/nfs/nfs_commonsubs.c.vnetnfsuserd b/sys/fs/nfs/nfs_commonsubs.c
--- a/sys/fs/nfs/nfs_commonsubs.c.vnetnfsuserd
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -66,17 +66,10 @@
struct timeval nfsboottime; /* Copy boottime once, so it never changes */
int nfscl_ticks;
int nfsrv_useacl = 1;
-struct nfssockreq nfsrv_nfsuserdsock;
-nfsuserd_state nfsrv_nfsuserd = NOTRUNNING;
-static int nfsrv_userdupcalls = 0;
struct nfsreqhead nfsd_reqq;
-uid_t nfsrv_defaultuid = UID_NOBODY;
-gid_t nfsrv_defaultgid = GID_NOGROUP;
int nfsrv_lease = NFSRV_LEASE;
int ncl_mbuf_mlen = MLEN;
-int nfsd_enable_stringtouid = 0;
int nfsrv_doflexfile = 0;
-static int nfs_enable_uidtostring = 0;
NFSNAMEIDMUTEX;
NFSSOCKMUTEX;
extern int nfsrv_lughashsize;
@@ -87,10 +80,21 @@
extern struct nfsstatsv1 nfsstatsv1;
extern uint32_t nfs_srvmaxio;
+NFSD_VNET_DEFINE(int, nfsd_enable_stringtouid) = 0;
+NFSD_VNET_DEFINE(struct nfssockreq, nfsrv_nfsuserdsock);
+NFSD_VNET_DEFINE(nfsuserd_state, nfsrv_nfsuserd) = NOTRUNNING;
+NFSD_VNET_DEFINE(uid_t, nfsrv_defaultuid) = UID_NOBODY;
+NFSD_VNET_DEFINE(gid_t, nfsrv_defaultgid) = GID_NOGROUP;
+
+NFSD_VNET_DEFINE_STATIC(int, nfsrv_userdupcalls) = 0;
+
SYSCTL_DECL(_vfs_nfs);
-SYSCTL_INT(_vfs_nfs, OID_AUTO, enable_uidtostring, CTLFLAG_RW,
- &nfs_enable_uidtostring, 0, "Make nfs always send numeric owner_names");
+NFSD_VNET_DEFINE_STATIC(int, nfs_enable_uidtostring) = 0;
+SYSCTL_INT(_vfs_nfs, OID_AUTO, enable_uidtostring,
+ CTLFLAG_NFSD_VNET | CTLFLAG_RW, &NFSD_VNET_NAME(nfs_enable_uidtostring), 0,
+ "Make nfs always send numeric owner_names");
+
int nfsrv_maxpnfsmirror = 1;
SYSCTL_INT(_vfs_nfs, OID_AUTO, pnfsmirror, CTLFLAG_RD,
&nfsrv_maxpnfsmirror, 0, "Mirror level for pNFS service");
@@ -192,19 +196,16 @@
};
static int ncl_mbuf_mhlen = MHLEN;
-static int nfsrv_usercnt = 0;
-static int nfsrv_dnsnamelen;
-static u_char *nfsrv_dnsname = NULL;
-static int nfsrv_usermax = 999999999;
-struct nfsrv_lughash {
- struct mtx mtx;
- struct nfsuserhashhead lughead;
-};
-static struct nfsrv_lughash *nfsuserhash;
-static struct nfsrv_lughash *nfsusernamehash;
-static struct nfsrv_lughash *nfsgrouphash;
-static struct nfsrv_lughash *nfsgroupnamehash;
+NFSD_VNET_DEFINE_STATIC(int, nfsrv_usercnt) = 0;
+NFSD_VNET_DEFINE_STATIC(int, nfsrv_dnsnamelen) = 0;
+NFSD_VNET_DEFINE_STATIC(int, nfsrv_usermax) = 999999999;
+NFSD_VNET_DEFINE(struct nfsrv_lughash *, nfsuserhash) = NULL;
+NFSD_VNET_DEFINE(struct nfsrv_lughash *, nfsusernamehash) = NULL;
+NFSD_VNET_DEFINE(struct nfsrv_lughash *, nfsgrouphash) = NULL;
+NFSD_VNET_DEFINE(struct nfsrv_lughash *, nfsgroupnamehash) = NULL;
+NFSD_VNET_DEFINE(u_char *, nfsrv_dnsname) = NULL;
+
/*
* This static array indicates whether or not the RPC generates a large
* reply. This is used by nfs_reply() to decide whether or not an mbuf
@@ -1245,6 +1246,7 @@
#endif
CTASSERT(sizeof(ino_t) == sizeof(uint64_t));
+ NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread));
if (compare) {
retnotsup = 0;
error = nfsrv_getattrbits(nd, &attrbits, NULL, &retnotsup);
@@ -1870,7 +1872,8 @@
}
} else if (nap != NULL) {
if (nfsv4_strtouid(nd, cp, j, &uid))
- nap->na_uid = nfsrv_defaultuid;
+ nap->na_uid =
+ NFSD_VNET(nfsrv_defaultuid);
else
nap->na_uid = uid;
}
@@ -1903,7 +1906,8 @@
}
} else if (nap != NULL) {
if (nfsv4_strtogid(nd, cp, j, &gid))
- nap->na_gid = nfsrv_defaultgid;
+ nap->na_gid =
+ NFSD_VNET(nfsrv_defaultgid);
else
nap->na_gid = gid;
}
@@ -2266,6 +2270,7 @@
error = nfsm_advance(nd, attrsize - attrsum, -1);
}
nfsmout:
+ NFSD_CURVNET_RESTORE();
NFSEXITCODE2(error, nd);
return (error);
}
@@ -3142,14 +3147,16 @@
int cnt, hasampersand, len = NFSV4_SMALLSTR, ret;
struct nfsrv_lughash *hp;
+ NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread));
cnt = 0;
tryagain:
- if (nfsrv_dnsnamelen > 0 && !nfs_enable_uidtostring) {
+ if (NFSD_VNET(nfsrv_dnsnamelen) > 0 &&
+ !NFSD_VNET(nfs_enable_uidtostring)) {
/*
* Always map nfsrv_defaultuid to "nobody".
*/
- if (uid == nfsrv_defaultuid) {
- i = nfsrv_dnsnamelen + 7;
+ if (uid == NFSD_VNET(nfsrv_defaultuid)) {
+ i = NFSD_VNET(nfsrv_dnsnamelen) + 7;
if (i > len) {
if (len > NFSV4_SMALLSTR)
free(cp, M_NFSSTRING);
@@ -3161,7 +3168,9 @@
*retlenp = i;
NFSBCOPY("nobody@", cp, 7);
cp += 7;
- NFSBCOPY(nfsrv_dnsname, cp, nfsrv_dnsnamelen);
+ NFSBCOPY(NFSD_VNET(nfsrv_dnsname), cp,
+ NFSD_VNET(nfsrv_dnsnamelen));
+ NFSD_CURVNET_RESTORE();
return;
}
hasampersand = 0;
@@ -3185,7 +3194,7 @@
i = usrp->lug_namelen;
else
i = usrp->lug_namelen +
- nfsrv_dnsnamelen + 1;
+ NFSD_VNET(nfsrv_dnsnamelen) + 1;
if (i > len) {
mtx_unlock(&hp->mtx);
if (len > NFSV4_SMALLSTR)
@@ -3200,12 +3209,14 @@
if (!hasampersand) {
cp += usrp->lug_namelen;
*cp++ = '@';
- NFSBCOPY(nfsrv_dnsname, cp, nfsrv_dnsnamelen);
+ NFSBCOPY(NFSD_VNET(nfsrv_dnsname), cp,
+ NFSD_VNET(nfsrv_dnsnamelen));
}
TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash);
TAILQ_INSERT_TAIL(&hp->lughead, usrp,
lug_numhash);
mtx_unlock(&hp->mtx);
+ NFSD_CURVNET_RESTORE();
return;
}
}
@@ -3233,6 +3244,7 @@
*cp-- = '0' + (tmp % 10);
tmp /= 10;
}
+ NFSD_CURVNET_RESTORE();
return;
}
@@ -3253,7 +3265,7 @@
cnt = 0;
uid = oldcred->cr_uid;
tryagain:
- if (nfsrv_dnsnamelen > 0) {
+ if (NFSD_VNET(nfsrv_dnsnamelen) > 0) {
hp = NFSUSERHASH(uid);
mtx_lock(&hp->mtx);
TAILQ_FOREACH(usrp, &hp->lughead, lug_numhash) {
@@ -3300,6 +3312,7 @@
uid_t tuid;
struct nfsrv_lughash *hp, *hp2;
+ NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread));
if (len == 0) {
error = NFSERR_BADOWNER;
goto out;
@@ -3311,7 +3324,7 @@
/* A numeric string. */
if ((nd->nd_flag & ND_KERBV) == 0 &&
((nd->nd_flag & ND_NFSCL) != 0 ||
- nfsd_enable_stringtouid != 0))
+ NFSD_VNET(nfsd_enable_stringtouid) != 0))
*uidp = tuid;
else
error = NFSERR_BADOWNER;
@@ -3328,7 +3341,7 @@
cnt = 0;
tryagain:
- if (nfsrv_dnsnamelen > 0) {
+ if (NFSD_VNET(nfsrv_dnsnamelen) > 0) {
/*
* If an '@' is found and the domain name matches, search for
* the name with dns stripped off.
@@ -3336,9 +3349,10 @@
* all upper case will not.
*/
if (cnt == 0 && i < len && i > 0 &&
- (len - 1 - i) == nfsrv_dnsnamelen &&
- !nfsrv_cmpmixedcase(cp, nfsrv_dnsname, nfsrv_dnsnamelen)) {
- len -= (nfsrv_dnsnamelen + 1);
+ (len - 1 - i) == NFSD_VNET(nfsrv_dnsnamelen) &&
+ !nfsrv_cmpmixedcase(cp,
+ NFSD_VNET(nfsrv_dnsname), NFSD_VNET(nfsrv_dnsnamelen))) {
+ len -= (NFSD_VNET(nfsrv_dnsnamelen) + 1);
*(cp - 1) = '\0';
}
@@ -3346,7 +3360,7 @@
* Check for the special case of "nobody".
*/
if (len == 6 && !NFSBCMP(str, "nobody", 6)) {
- *uidp = nfsrv_defaultuid;
+ *uidp = NFSD_VNET(nfsrv_defaultuid);
error = 0;
goto out;
}
@@ -3380,6 +3394,7 @@
error = NFSERR_BADOWNER;
out:
+ NFSD_CURVNET_RESTORE();
NFSEXITCODE(error);
return (error);
}
@@ -3401,14 +3416,16 @@
int cnt, hasampersand, len = NFSV4_SMALLSTR, ret;
struct nfsrv_lughash *hp;
+ NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread));
cnt = 0;
tryagain:
- if (nfsrv_dnsnamelen > 0 && !nfs_enable_uidtostring) {
+ if (NFSD_VNET(nfsrv_dnsnamelen) > 0 &&
+ !NFSD_VNET(nfs_enable_uidtostring)) {
/*
* Always map nfsrv_defaultgid to "nogroup".
*/
- if (gid == nfsrv_defaultgid) {
- i = nfsrv_dnsnamelen + 8;
+ if (gid == NFSD_VNET(nfsrv_defaultgid)) {
+ i = NFSD_VNET(nfsrv_dnsnamelen) + 8;
if (i > len) {
if (len > NFSV4_SMALLSTR)
free(cp, M_NFSSTRING);
@@ -3420,7 +3437,9 @@
*retlenp = i;
NFSBCOPY("nogroup@", cp, 8);
cp += 8;
- NFSBCOPY(nfsrv_dnsname, cp, nfsrv_dnsnamelen);
+ NFSBCOPY(NFSD_VNET(nfsrv_dnsname), cp,
+ NFSD_VNET(nfsrv_dnsnamelen));
+ NFSD_CURVNET_RESTORE();
return;
}
hasampersand = 0;
@@ -3444,7 +3463,7 @@
i = usrp->lug_namelen;
else
i = usrp->lug_namelen +
- nfsrv_dnsnamelen + 1;
+ NFSD_VNET(nfsrv_dnsnamelen) + 1;
if (i > len) {
mtx_unlock(&hp->mtx);
if (len > NFSV4_SMALLSTR)
@@ -3459,12 +3478,14 @@
if (!hasampersand) {
cp += usrp->lug_namelen;
*cp++ = '@';
- NFSBCOPY(nfsrv_dnsname, cp, nfsrv_dnsnamelen);
+ NFSBCOPY(NFSD_VNET(nfsrv_dnsname), cp,
+ NFSD_VNET(nfsrv_dnsnamelen));
}
TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash);
TAILQ_INSERT_TAIL(&hp->lughead, usrp,
lug_numhash);
mtx_unlock(&hp->mtx);
+ NFSD_CURVNET_RESTORE();
return;
}
}
@@ -3492,6 +3513,7 @@
*cp-- = '0' + (tmp % 10);
tmp /= 10;
}
+ NFSD_CURVNET_RESTORE();
return;
}
@@ -3514,6 +3536,7 @@
gid_t tgid;
struct nfsrv_lughash *hp, *hp2;
+ NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread));
if (len == 0) {
error = NFSERR_BADOWNER;
goto out;
@@ -3525,7 +3548,7 @@
/* A numeric string. */
if ((nd->nd_flag & ND_KERBV) == 0 &&
((nd->nd_flag & ND_NFSCL) != 0 ||
- nfsd_enable_stringtouid != 0))
+ NFSD_VNET(nfsd_enable_stringtouid) != 0))
*gidp = tgid;
else
error = NFSERR_BADOWNER;
@@ -3542,15 +3565,16 @@
cnt = 0;
tryagain:
- if (nfsrv_dnsnamelen > 0) {
+ if (NFSD_VNET(nfsrv_dnsnamelen) > 0) {
/*
* If an '@' is found and the dns name matches, search for the
* name with the dns stripped off.
*/
if (cnt == 0 && i < len && i > 0 &&
- (len - 1 - i) == nfsrv_dnsnamelen &&
- !nfsrv_cmpmixedcase(cp, nfsrv_dnsname, nfsrv_dnsnamelen)) {
- len -= (nfsrv_dnsnamelen + 1);
+ (len - 1 - i) == NFSD_VNET(nfsrv_dnsnamelen) &&
+ !nfsrv_cmpmixedcase(cp,
+ NFSD_VNET(nfsrv_dnsname), NFSD_VNET(nfsrv_dnsnamelen))) {
+ len -= (NFSD_VNET(nfsrv_dnsnamelen) + 1);
*(cp - 1) = '\0';
}
@@ -3558,7 +3582,7 @@
* Check for the special case of "nogroup".
*/
if (len == 7 && !NFSBCMP(str, "nogroup", 7)) {
- *gidp = nfsrv_defaultgid;
+ *gidp = NFSD_VNET(nfsrv_defaultgid);
error = 0;
goto out;
}
@@ -3592,6 +3616,7 @@
error = NFSERR_BADOWNER;
out:
+ NFSD_CURVNET_RESTORE();
NFSEXITCODE(error);
return (error);
}
@@ -3642,12 +3667,12 @@
int error;
NFSLOCKNAMEID();
- if (nfsrv_nfsuserd != NOTRUNNING) {
+ if (NFSD_VNET(nfsrv_nfsuserd) != NOTRUNNING) {
NFSUNLOCKNAMEID();
error = EPERM;
goto out;
}
- nfsrv_nfsuserd = STARTSTOP;
+ NFSD_VNET(nfsrv_nfsuserd) = STARTSTOP;
/*
* Set up the socket record and connect.
* Set nr_client NULL before unlocking, just to ensure that no other
@@ -3655,7 +3680,7 @@
* occur if the use of the nameid lock to protect nfsrv_nfsuserd is
* broken.
*/
- rp = &nfsrv_nfsuserdsock;
+ rp = &NFSD_VNET(nfsrv_nfsuserdsock);
rp->nr_client = NULL;
NFSUNLOCKNAMEID();
rp->nr_sotype = SOCK_DGRAM;
@@ -3696,12 +3721,12 @@
&rp->nr_client);
if (error == 0) {
NFSLOCKNAMEID();
- nfsrv_nfsuserd = RUNNING;
+ NFSD_VNET(nfsrv_nfsuserd) = RUNNING;
NFSUNLOCKNAMEID();
} else {
free(rp->nr_nam, M_SONAME);
NFSLOCKNAMEID();
- nfsrv_nfsuserd = NOTRUNNING;
+ NFSD_VNET(nfsrv_nfsuserd) = NOTRUNNING;
NFSUNLOCKNAMEID();
}
out:
@@ -3717,20 +3742,20 @@
{
NFSLOCKNAMEID();
- if (nfsrv_nfsuserd != RUNNING) {
+ if (NFSD_VNET(nfsrv_nfsuserd) != RUNNING) {
NFSUNLOCKNAMEID();
return;
}
- nfsrv_nfsuserd = STARTSTOP;
+ NFSD_VNET(nfsrv_nfsuserd) = STARTSTOP;
/* Wait for all upcalls to complete. */
- while (nfsrv_userdupcalls > 0)
- msleep(&nfsrv_userdupcalls, NFSNAMEIDMUTEXPTR, PVFS,
+ while (NFSD_VNET(nfsrv_userdupcalls) > 0)
+ msleep(&NFSD_VNET(nfsrv_userdupcalls), NFSNAMEIDMUTEXPTR, PVFS,
"nfsupcalls", 0);
NFSUNLOCKNAMEID();
- newnfs_disconnect(NULL, &nfsrv_nfsuserdsock);
- free(nfsrv_nfsuserdsock.nr_nam, M_SONAME);
+ newnfs_disconnect(NULL, &NFSD_VNET(nfsrv_nfsuserdsock));
+ free(NFSD_VNET(nfsrv_nfsuserdsock).nr_nam, M_SONAME);
NFSLOCKNAMEID();
- nfsrv_nfsuserd = NOTRUNNING;
+ NFSD_VNET(nfsrv_nfsuserd) = NOTRUNNING;
NFSUNLOCKNAMEID();
}
@@ -3750,7 +3775,7 @@
int error;
NFSLOCKNAMEID();
- if (nfsrv_nfsuserd != RUNNING) {
+ if (NFSD_VNET(nfsrv_nfsuserd) != RUNNING) {
NFSUNLOCKNAMEID();
error = EPERM;
goto out;
@@ -3759,9 +3784,9 @@
* Maintain a count of upcalls in progress, so that nfsrv_X()
* can wait until no upcalls are in progress.
*/
- nfsrv_userdupcalls++;
+ NFSD_VNET(nfsrv_userdupcalls)++;
NFSUNLOCKNAMEID();
- KASSERT(nfsrv_userdupcalls > 0,
+ KASSERT(NFSD_VNET(nfsrv_userdupcalls) > 0,
("nfsrv_getuser: non-positive upcalls"));
nd = &nfsd;
cred = newnfs_getcred();
@@ -3779,11 +3804,13 @@
len = strlen(name);
(void) nfsm_strtom(nd, name, len);
}
- error = newnfs_request(nd, NULL, NULL, &nfsrv_nfsuserdsock, NULL, NULL,
- cred, RPCPROG_NFSUSERD, RPCNFSUSERD_VERS, NULL, 0, NULL, NULL);
+ error = newnfs_request(nd, NULL, NULL, &NFSD_VNET(nfsrv_nfsuserdsock),
+ NULL, NULL, cred, RPCPROG_NFSUSERD, RPCNFSUSERD_VERS, NULL, 0,
+ NULL, NULL);
NFSLOCKNAMEID();
- if (--nfsrv_userdupcalls == 0 && nfsrv_nfsuserd == STARTSTOP)
- wakeup(&nfsrv_userdupcalls);
+ if (--NFSD_VNET(nfsrv_userdupcalls) == 0 &&
+ NFSD_VNET(nfsrv_nfsuserd) == STARTSTOP)
+ wakeup(&NFSD_VNET(nfsrv_userdupcalls));
NFSUNLOCKNAMEID();
NFSFREECRED(cred);
if (!error) {
@@ -3823,7 +3850,8 @@
free(cp, M_NFSSTRING);
goto out;
}
- if (atomic_cmpset_acq_int(&nfsrv_dnsnamelen, 0, 0) == 0) {
+ if (atomic_cmpset_acq_int(&NFSD_VNET(nfsrv_dnsnamelen), 0, 0) ==
+ 0) {
/*
* Free up all the old stuff and reinitialize hash
* lists. All mutexes for both lists must be locked,
@@ -3831,80 +3859,81 @@
* ones, to avoid a LOR.
*/
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsusernamehash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsusernamehash)[i].mtx);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsuserhash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsuserhash)[i].mtx);
for (i = 0; i < nfsrv_lughashsize; i++)
TAILQ_FOREACH_SAFE(usrp,
- &nfsuserhash[i].lughead, lug_numhash, nusrp)
+ &NFSD_VNET(nfsuserhash)[i].lughead, lug_numhash, nusrp)
nfsrv_removeuser(usrp, 1);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_unlock(&nfsuserhash[i].mtx);
+ mtx_unlock(&NFSD_VNET(nfsuserhash)[i].mtx);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_unlock(&nfsusernamehash[i].mtx);
+ mtx_unlock(&NFSD_VNET(nfsusernamehash)[i].mtx);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsgroupnamehash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsgroupnamehash)[i].mtx);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsgrouphash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsgrouphash)[i].mtx);
for (i = 0; i < nfsrv_lughashsize; i++)
TAILQ_FOREACH_SAFE(usrp,
- &nfsgrouphash[i].lughead, lug_numhash,
+ &NFSD_VNET(nfsgrouphash)[i].lughead, lug_numhash,
nusrp)
nfsrv_removeuser(usrp, 0);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_unlock(&nfsgrouphash[i].mtx);
+ mtx_unlock(&NFSD_VNET(nfsgrouphash)[i].mtx);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_unlock(&nfsgroupnamehash[i].mtx);
- free(nfsrv_dnsname, M_NFSSTRING);
- nfsrv_dnsname = NULL;
+ mtx_unlock(&NFSD_VNET(nfsgroupnamehash)[i].mtx);
+ free(NFSD_VNET(nfsrv_dnsname), M_NFSSTRING);
+ NFSD_VNET(nfsrv_dnsname) = NULL;
}
- if (nfsuserhash == NULL) {
+ if (NFSD_VNET(nfsuserhash) == NULL) {
/* Allocate the hash tables. */
- nfsuserhash = malloc(sizeof(struct nfsrv_lughash) *
+ NFSD_VNET(nfsuserhash) = malloc(sizeof(struct nfsrv_lughash) *
nfsrv_lughashsize, M_NFSUSERGROUP, M_WAITOK |
M_ZERO);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_init(&nfsuserhash[i].mtx, "nfsuidhash",
+ mtx_init(&NFSD_VNET(nfsuserhash)[i].mtx, "nfsuidhash",
NULL, MTX_DEF | MTX_DUPOK);
- nfsusernamehash = malloc(sizeof(struct nfsrv_lughash) *
+ NFSD_VNET(nfsusernamehash) = malloc(sizeof(struct nfsrv_lughash) *
nfsrv_lughashsize, M_NFSUSERGROUP, M_WAITOK |
M_ZERO);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_init(&nfsusernamehash[i].mtx,
+ mtx_init(&NFSD_VNET(nfsusernamehash)[i].mtx,
"nfsusrhash", NULL, MTX_DEF |
MTX_DUPOK);
- nfsgrouphash = malloc(sizeof(struct nfsrv_lughash) *
+ NFSD_VNET(nfsgrouphash) = malloc(sizeof(struct nfsrv_lughash) *
nfsrv_lughashsize, M_NFSUSERGROUP, M_WAITOK |
M_ZERO);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_init(&nfsgrouphash[i].mtx, "nfsgidhash",
+ mtx_init(&NFSD_VNET(nfsgrouphash)[i].mtx, "nfsgidhash",
NULL, MTX_DEF | MTX_DUPOK);
- nfsgroupnamehash = malloc(sizeof(struct nfsrv_lughash) *
+ NFSD_VNET(nfsgroupnamehash) = malloc(sizeof(struct nfsrv_lughash) *
nfsrv_lughashsize, M_NFSUSERGROUP, M_WAITOK |
M_ZERO);
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_init(&nfsgroupnamehash[i].mtx,
+ mtx_init(&NFSD_VNET(nfsgroupnamehash)[i].mtx,
"nfsgrphash", NULL, MTX_DEF | MTX_DUPOK);
}
/* (Re)initialize the list heads. */
for (i = 0; i < nfsrv_lughashsize; i++)
- TAILQ_INIT(&nfsuserhash[i].lughead);
+ TAILQ_INIT(&NFSD_VNET(nfsuserhash)[i].lughead);
for (i = 0; i < nfsrv_lughashsize; i++)
- TAILQ_INIT(&nfsusernamehash[i].lughead);
+ TAILQ_INIT(&NFSD_VNET(nfsusernamehash)[i].lughead);
for (i = 0; i < nfsrv_lughashsize; i++)
- TAILQ_INIT(&nfsgrouphash[i].lughead);
+ TAILQ_INIT(&NFSD_VNET(nfsgrouphash)[i].lughead);
for (i = 0; i < nfsrv_lughashsize; i++)
- TAILQ_INIT(&nfsgroupnamehash[i].lughead);
+ TAILQ_INIT(&NFSD_VNET(nfsgroupnamehash)[i].lughead);
/*
* Put name in "DNS" string.
*/
- nfsrv_dnsname = cp;
- nfsrv_defaultuid = nidp->nid_uid;
- nfsrv_defaultgid = nidp->nid_gid;
- nfsrv_usercnt = 0;
- nfsrv_usermax = nidp->nid_usermax;
- atomic_store_rel_int(&nfsrv_dnsnamelen, nidp->nid_namelen);
+ NFSD_VNET(nfsrv_dnsname) = cp;
+ NFSD_VNET(nfsrv_defaultuid) = nidp->nid_uid;
+ NFSD_VNET(nfsrv_defaultgid) = nidp->nid_gid;
+ NFSD_VNET(nfsrv_usercnt) = 0;
+ NFSD_VNET(nfsrv_usermax) = nidp->nid_usermax;
+ atomic_store_rel_int(&NFSD_VNET(nfsrv_dnsnamelen),
+ nidp->nid_namelen);
goto out;
}
@@ -3968,7 +3997,7 @@
if (nidp->nid_flag & (NFSID_DELUID | NFSID_ADDUID)) {
/* Must lock all username hash lists first, to avoid a LOR. */
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsusernamehash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsusernamehash)[i].mtx);
username_locked = 1;
hp_idnum = NFSUSERHASH(nidp->nid_uid);
mtx_lock(&hp_idnum->mtx);
@@ -3997,7 +4026,7 @@
} else if (nidp->nid_flag & (NFSID_DELGID | NFSID_ADDGID)) {
/* Must lock all groupname hash lists first, to avoid a LOR. */
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsgroupnamehash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsgroupnamehash)[i].mtx);
groupname_locked = 1;
hp_idnum = NFSGROUPHASH(nidp->nid_gid);
mtx_lock(&hp_idnum->mtx);
@@ -4040,7 +4069,7 @@
thp = NFSUSERNAMEHASH(newusrp->lug_name, newusrp->lug_namelen);
mtx_assert(&thp->mtx, MA_OWNED);
TAILQ_INSERT_TAIL(&thp->lughead, newusrp, lug_namehash);
- atomic_add_int(&nfsrv_usercnt, 1);
+ atomic_add_int(&NFSD_VNET(nfsrv_usercnt), 1);
} else if (nidp->nid_flag & (NFSID_ADDGID | NFSID_ADDGROUPNAME)) {
newusrp->lug_gid = nidp->nid_gid;
thp = NFSGROUPHASH(newusrp->lug_gid);
@@ -4049,7 +4078,7 @@
thp = NFSGROUPNAMEHASH(newusrp->lug_name, newusrp->lug_namelen);
mtx_assert(&thp->mtx, MA_OWNED);
TAILQ_INSERT_TAIL(&thp->lughead, newusrp, lug_namehash);
- atomic_add_int(&nfsrv_usercnt, 1);
+ atomic_add_int(&NFSD_VNET(nfsrv_usercnt), 1);
} else {
if (newusrp->lug_cred != NULL)
crfree(newusrp->lug_cred);
@@ -4078,17 +4107,17 @@
NFSID_DELUSERNAME | NFSID_ADDUSERNAME)) != 0) {
if (username_locked == 0) {
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsusernamehash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsusernamehash)[i].mtx);
username_locked = 1;
}
KASSERT(user_locked == 0,
("nfssvc_idname: user_locked"));
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsuserhash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsuserhash)[i].mtx);
user_locked = 1;
for (i = 0; i < nfsrv_lughashsize; i++) {
TAILQ_FOREACH_SAFE(usrp,
- &nfsuserhash[i].lughead, lug_numhash,
+ &NFSD_VNET(nfsuserhash)[i].lughead, lug_numhash,
nusrp)
if (usrp->lug_expiry < NFSD_MONOSEC)
nfsrv_removeuser(usrp, 1);
@@ -4099,26 +4128,26 @@
* algorithm. This code deletes the least
* recently used entry on each hash list.
*/
- if (nfsrv_usercnt <= nfsrv_usermax)
+ if (NFSD_VNET(nfsrv_usercnt) <= NFSD_VNET(nfsrv_usermax))
break;
- usrp = TAILQ_FIRST(&nfsuserhash[i].lughead);
+ usrp = TAILQ_FIRST(&NFSD_VNET(nfsuserhash)[i].lughead);
if (usrp != NULL)
nfsrv_removeuser(usrp, 1);
}
} else {
if (groupname_locked == 0) {
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsgroupnamehash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsgroupnamehash)[i].mtx);
groupname_locked = 1;
}
KASSERT(group_locked == 0,
("nfssvc_idname: group_locked"));
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_lock(&nfsgrouphash[i].mtx);
+ mtx_lock(&NFSD_VNET(nfsgrouphash)[i].mtx);
group_locked = 1;
for (i = 0; i < nfsrv_lughashsize; i++) {
TAILQ_FOREACH_SAFE(usrp,
- &nfsgrouphash[i].lughead, lug_numhash,
+ &NFSD_VNET(nfsgrouphash)[i].lughead, lug_numhash,
nusrp)
if (usrp->lug_expiry < NFSD_MONOSEC)
nfsrv_removeuser(usrp, 0);
@@ -4129,9 +4158,9 @@
* algorithm. This code deletes the least
* recently user entry on each hash list.
*/
- if (nfsrv_usercnt <= nfsrv_usermax)
+ if (NFSD_VNET(nfsrv_usercnt) <= NFSD_VNET(nfsrv_usermax))
break;
- usrp = TAILQ_FIRST(&nfsgrouphash[i].lughead);
+ usrp = TAILQ_FIRST(&NFSD_VNET(nfsgrouphash)[i].lughead);
if (usrp != NULL)
nfsrv_removeuser(usrp, 0);
}
@@ -4147,16 +4176,16 @@
mtx_unlock(&hp_name->mtx);
if (user_locked != 0)
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_unlock(&nfsuserhash[i].mtx);
+ mtx_unlock(&NFSD_VNET(nfsuserhash)[i].mtx);
if (username_locked != 0)
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_unlock(&nfsusernamehash[i].mtx);
+ mtx_unlock(&NFSD_VNET(nfsusernamehash)[i].mtx);
if (group_locked != 0)
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_unlock(&nfsgrouphash[i].mtx);
+ mtx_unlock(&NFSD_VNET(nfsgrouphash)[i].mtx);
if (groupname_locked != 0)
for (i = 0; i < nfsrv_lughashsize; i++)
- mtx_unlock(&nfsgroupnamehash[i].mtx);
+ mtx_unlock(&NFSD_VNET(nfsgroupnamehash)[i].mtx);
out:
NFSEXITCODE(error);
return (error);
@@ -4185,59 +4214,10 @@
mtx_assert(&hp->mtx, MA_OWNED);
TAILQ_REMOVE(&hp->lughead, usrp, lug_namehash);
}
- atomic_add_int(&nfsrv_usercnt, -1);
+ atomic_add_int(&NFSD_VNET(nfsrv_usercnt), -1);
if (usrp->lug_cred != NULL)
crfree(usrp->lug_cred);
free(usrp, M_NFSUSERGROUP);
-}
-
-/*
- * Free up all the allocations related to the name<-->id cache.
- * This function should only be called when the nfsuserd daemon isn't
- * running, since it doesn't do any locking.
- * This function is meant to be used when the nfscommon module is unloaded.
- */
-void
-nfsrv_cleanusergroup(void)
-{
- struct nfsrv_lughash *hp, *hp2;
- struct nfsusrgrp *nusrp, *usrp;
- int i;
-
- if (nfsuserhash == NULL)
- return;
-
- for (i = 0; i < nfsrv_lughashsize; i++) {
- hp = &nfsuserhash[i];
- TAILQ_FOREACH_SAFE(usrp, &hp->lughead, lug_numhash, nusrp) {
- TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash);
- hp2 = NFSUSERNAMEHASH(usrp->lug_name,
- usrp->lug_namelen);
- TAILQ_REMOVE(&hp2->lughead, usrp, lug_namehash);
- if (usrp->lug_cred != NULL)
- crfree(usrp->lug_cred);
- free(usrp, M_NFSUSERGROUP);
- }
- hp = &nfsgrouphash[i];
- TAILQ_FOREACH_SAFE(usrp, &hp->lughead, lug_numhash, nusrp) {
- TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash);
- hp2 = NFSGROUPNAMEHASH(usrp->lug_name,
- usrp->lug_namelen);
- TAILQ_REMOVE(&hp2->lughead, usrp, lug_namehash);
- if (usrp->lug_cred != NULL)
- crfree(usrp->lug_cred);
- free(usrp, M_NFSUSERGROUP);
- }
- mtx_destroy(&nfsuserhash[i].mtx);
- mtx_destroy(&nfsusernamehash[i].mtx);
- mtx_destroy(&nfsgroupnamehash[i].mtx);
- mtx_destroy(&nfsgrouphash[i].mtx);
- }
- free(nfsuserhash, M_NFSUSERGROUP);
- free(nfsusernamehash, M_NFSUSERGROUP);
- free(nfsgrouphash, M_NFSUSERGROUP);
- free(nfsgroupnamehash, M_NFSUSERGROUP);
- free(nfsrv_dnsname, M_NFSSTRING);
}
/*
diff --git a/sys/fs/nfs/nfs_var.h.vnetnfsuserd b/sys/fs/nfs/nfs_var.h
--- a/sys/fs/nfs/nfs_var.h.vnetnfsuserd
+++ b/sys/fs/nfs/nfs_var.h
@@ -348,7 +348,6 @@
int nfsv4_getref_nonblock(struct nfsv4lock *);
int nfsv4_testlock(struct nfsv4lock *);
int nfsrv_mtostr(struct nfsrv_descript *, char *, int);
-void nfsrv_cleanusergroup(void);
int nfsrv_checkutf8(u_int8_t *, int);
int newnfs_sndlock(int *);
void newnfs_sndunlock(int *);
diff --git a/sys/fs/nfs/nfsport.h.vnetnfsuserd b/sys/fs/nfs/nfsport.h
--- a/sys/fs/nfs/nfsport.h.vnetnfsuserd
+++ b/sys/fs/nfs/nfsport.h
@@ -1280,6 +1280,12 @@
#define NFS_MAXBSIZE (maxbcachebuf)
#endif
+/* User/group hash structure for nfsuserhash and friends. */
+struct nfsrv_lughash {
+ struct mtx mtx;
+ struct nfsuserhashhead lughead;
+};
+
/*
* This macro checks to see if issuing of delegations is allowed for this
* vnode.
diff --git a/sys/fs/nfs/nfsrvstate.h.vnetnfsuserd b/sys/fs/nfs/nfsrvstate.h
--- a/sys/fs/nfs/nfsrvstate.h.vnetnfsuserd
+++ b/sys/fs/nfs/nfsrvstate.h
@@ -62,14 +62,14 @@
#define NFSSTATEHASH(clp, id) \
(&((clp)->lc_stateid[(id).other[2] % nfsrv_statehashsize]))
#define NFSUSERHASH(id) \
- (&nfsuserhash[(id) % nfsrv_lughashsize])
+ (&NFSD_VNET(nfsuserhash)[(id) % nfsrv_lughashsize])
#define NFSUSERNAMEHASH(p, l) \
- (&nfsusernamehash[((l)>=4?(*(p)+*((p)+1)+*((p)+2)+*((p)+3)):*(p)) \
+ (&NFSD_VNET(nfsusernamehash)[((l)>=4?(*(p)+*((p)+1)+*((p)+2)+*((p)+3)):*(p)) \
% nfsrv_lughashsize])
#define NFSGROUPHASH(id) \
- (&nfsgrouphash[(id) % nfsrv_lughashsize])
+ (&NFSD_VNET(nfsgrouphash)[(id) % nfsrv_lughashsize])
#define NFSGROUPNAMEHASH(p, l) \
- (&nfsgroupnamehash[((l)>=4?(*(p)+*((p)+1)+*((p)+2)+*((p)+3)):*(p)) \
+ (&NFSD_VNET(nfsgroupnamehash)[((l)>=4?(*(p)+*((p)+1)+*((p)+2)+*((p)+3)):*(p)) \
% nfsrv_lughashsize])
struct nfssessionhash {
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c.vnetnfsuserd b/sys/fs/nfsserver/nfs_nfsdport.c
--- a/sys/fs/nfsserver/nfs_nfsdport.c.vnetnfsuserd
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -124,7 +124,6 @@
static int nfs_commit_miss;
extern int nfsrv_issuedelegs;
extern int nfsrv_dolocallocks;
-extern int nfsd_enable_stringtouid;
extern struct nfsdevicehead nfsrv_devidhead;
static int nfsrv_createiovec(int, struct mbuf **, struct mbuf **,
@@ -186,8 +185,10 @@
&nfsrv_dolocallocks, 0, "Enable nfsd to acquire local locks on files");
SYSCTL_INT(_vfs_nfsd, OID_AUTO, debuglevel, CTLFLAG_RW, &nfsd_debuglevel,
0, "Debug level for NFS server");
-SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_stringtouid, CTLFLAG_RW,
- &nfsd_enable_stringtouid, 0, "Enable nfsd to accept numeric owner_names");
+NFSD_VNET_DECLARE(int, nfsd_enable_stringtouid);
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_stringtouid,
+ CTLFLAG_NFSD_VNET | CTLFLAG_RW, &NFSD_VNET_NAME(nfsd_enable_stringtouid),
+ 0, "Enable nfsd to accept numeric owner_names");
static int nfsrv_pnfsgetdsattr = 1;
SYSCTL_INT(_vfs_nfsd, OID_AUTO, pnfsgetdsattr, CTLFLAG_RW,
&nfsrv_pnfsgetdsattr, 0, "When set getattr gets DS attributes via RPC");
diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c.vnetnfsuserd b/sys/fs/nfsserver/nfs_nfsdsubs.c
--- a/sys/fs/nfsserver/nfs_nfsdsubs.c.vnetnfsuserd
+++ b/sys/fs/nfsserver/nfs_nfsdsubs.c
@@ -56,6 +56,8 @@
NFSD_VNET_DECLARE(struct nfslockhashhead *, nfslockhash);
NFSD_VNET_DECLARE(struct nfssessionhash *, nfssessionhash);
NFSD_VNET_DECLARE(int, nfs_rootfhset);
+NFSD_VNET_DECLARE(uid_t, nfsrv_defaultuid);
+NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid);
NFSD_VNET_DEFINE(struct nfsdontlisthead, nfsrv_dontlisthead);
@@ -1611,10 +1613,12 @@
*/
if (NFSVNO_NOTSETUID(nvap) && NFSVNO_NOTSETGID(nvap))
goto out;
- if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid &&
- enable_nobodycheck == 1)
- || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid &&
- enable_nogroupcheck == 1)) {
+ if ((NFSVNO_ISSETUID(nvap) &&
+ nvap->na_uid == NFSD_VNET(nfsrv_defaultuid) &&
+ enable_nobodycheck == 1) ||
+ (NFSVNO_ISSETGID(nvap) &&
+ nvap->na_gid == NFSD_VNET(nfsrv_defaultgid) &&
+ enable_nogroupcheck == 1)) {
error = NFSERR_BADOWNER;
goto out;
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Jan 11, 5:00 AM (10 h, 16 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15750438
Default Alt Text
D37880.id114703.diff (34 KB)
Attached To
Mode
D37880: Allow nfsuserd(8) to optionally run in vnet prison
Attached
Detach File
Event Timeline
Log In to Comment