diff --git a/sys/fs/nfs/nfs_commonport.c.vnetnfsuserd b/sys/fs/nfs/nfs_commonport.c --- a/sys/fs/nfs/nfs_commonport.c.vnetnfsuserd +++ b/sys/fs/nfs/nfs_commonport.c @@ -42,6 +42,7 @@ * to this BSD variant. */ #include +#include #include #include #include @@ -56,8 +57,6 @@ #include extern int nfscl_ticks; -extern nfsuserd_state nfsrv_nfsuserd; -extern struct nfssockreq nfsrv_nfsuserdsock; extern void (*nfsd_call_recall)(struct vnode *, int, struct ucred *, struct thread *); extern int nfsrv_useacl; @@ -75,6 +74,14 @@ vop_reclaim_t *nfs_reclaim_p = NULL; uint32_t nfs_srvmaxio = NFS_SRVMAXIO; +NFSD_VNET_DECLARE(struct nfsrv_lughash *, nfsuserhash); +NFSD_VNET_DECLARE(struct nfsrv_lughash *, nfsusernamehash); +NFSD_VNET_DECLARE(struct nfsrv_lughash *, nfsgrouphash); +NFSD_VNET_DECLARE(struct nfsrv_lughash *, nfsgroupnamehash); +NFSD_VNET_DECLARE(u_char *, nfsrv_dnsname); +NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock); +NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd); + NFSDSTATSDEFINE(nfsstatsv1); int nfs_pnfsio(task_fn_t *, void *); @@ -150,6 +157,7 @@ /* local functions */ static int nfssvc_call(struct thread *, struct nfssvc_args *, struct ucred *); +static void nfsrv_cleanusergroup(struct prison *); #ifdef __NO_STRICT_ALIGNMENT /* @@ -451,10 +459,6 @@ struct nfsstatsv1 *outstats; if (uap->flag & NFSSVC_IDNAME) { - if (jailed(p->td_ucred)) { - error = EPERM; - goto out; - } if ((uap->flag & NFSSVC_NEWSTRUCT) != 0) error = copyin(uap->argp, &nid, sizeof(nid)); else { @@ -754,10 +758,6 @@ u_short sockport; struct nfsuserd_args nargs; - if (jailed(p->td_ucred)) { - error = EPERM; - goto out; - } if ((uap->flag & NFSSVC_NEWSTRUCT) == 0) { error = copyin(uap->argp, (caddr_t)&sockport, sizeof (u_short)); @@ -775,10 +775,6 @@ if (!error) error = nfsrv_nfsuserdport(&nargs, p); } else if (uap->flag & NFSSVC_NFSUSERDDELPORT) { - if (jailed(p->td_ucred)) { - error = EPERM; - goto out; - } nfsrv_nfsuserddelport(); error = 0; } @@ -872,6 +868,87 @@ return (ret); } +/* + * Free up all the allocations related to the name<-->id cache. + * This function should only be called when the nfsuserd daemon isn't + * running, since it doesn't do any locking. + * This function is meant to be called when a vnet jail is destroyed. + */ +static void +nfsrv_cleanusergroup(struct prison *pr) +{ + struct nfsrv_lughash *hp, *hp2; + struct nfsusrgrp *nusrp, *usrp; + int i; + + NFSD_CURVNET_SET(pr->pr_vnet); + mtx_destroy(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx); + if (NFSD_VNET(nfsuserhash) == NULL) { + NFSD_CURVNET_RESTORE(); + return; + } + + for (i = 0; i < nfsrv_lughashsize; i++) { + hp = &NFSD_VNET(nfsuserhash)[i]; + TAILQ_FOREACH_SAFE(usrp, &hp->lughead, lug_numhash, nusrp) { + TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash); + hp2 = NFSUSERNAMEHASH(usrp->lug_name, + usrp->lug_namelen); + TAILQ_REMOVE(&hp2->lughead, usrp, lug_namehash); + if (usrp->lug_cred != NULL) + crfree(usrp->lug_cred); + free(usrp, M_NFSUSERGROUP); + } + hp = &NFSD_VNET(nfsgrouphash)[i]; + TAILQ_FOREACH_SAFE(usrp, &hp->lughead, lug_numhash, nusrp) { + TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash); + hp2 = NFSGROUPNAMEHASH(usrp->lug_name, + usrp->lug_namelen); + TAILQ_REMOVE(&hp2->lughead, usrp, lug_namehash); + if (usrp->lug_cred != NULL) + crfree(usrp->lug_cred); + free(usrp, M_NFSUSERGROUP); + } + mtx_destroy(&NFSD_VNET(nfsuserhash)[i].mtx); + mtx_destroy(&NFSD_VNET(nfsusernamehash)[i].mtx); + mtx_destroy(&NFSD_VNET(nfsgroupnamehash)[i].mtx); + mtx_destroy(&NFSD_VNET(nfsgrouphash)[i].mtx); + } + free(NFSD_VNET(nfsuserhash), M_NFSUSERGROUP); + free(NFSD_VNET(nfsusernamehash), M_NFSUSERGROUP); + free(NFSD_VNET(nfsgrouphash), M_NFSUSERGROUP); + free(NFSD_VNET(nfsgroupnamehash), M_NFSUSERGROUP); + free(NFSD_VNET(nfsrv_dnsname), M_NFSSTRING); + NFSD_CURVNET_RESTORE(); +} + +#ifdef VNET_NFSD +/* + * Initialize everything that needs to be initialized for a vnet. + */ +static void +nfs_vnetinit(const void *unused __unused) +{ + + mtx_init(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx, "nfsuserd", + NULL, MTX_DEF); +} +VNET_SYSINIT(nfs_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY, + nfs_vnetinit, NULL); + +/* Osd entry for nfsrv_cleanup. */ +static int +nfs_prison_cleanup(void *obj, void *data __unused) +{ + struct prison *pr = obj; + + if ((pr->pr_flags & PR_VNET) == 0) + return (0); + nfsrv_cleanusergroup(pr); + return (0); +} +#endif /* VNET_NFSD */ + extern int (*nfsd_call_nfscommon)(struct thread *, struct nfssvc_args *); /* @@ -881,6 +958,11 @@ nfscommon_modevent(module_t mod, int type, void *data) { int error = 0; +#ifdef VNET_NFSD + osd_method_t methods[PR_MAXMETHOD] = { + [PR_METHOD_REMOVE] = nfs_prison_cleanup, + }; +#endif static int loaded = 0; switch (type) { @@ -892,8 +974,13 @@ mtx_init(&nfs_sockl_mutex, "nfs_sockl_mutex", NULL, MTX_DEF); mtx_init(&nfs_slock_mutex, "nfs_slock_mutex", NULL, MTX_DEF); mtx_init(&nfs_req_mutex, "nfs_req_mutex", NULL, MTX_DEF); - mtx_init(&nfsrv_nfsuserdsock.nr_mtx, "nfsuserd", NULL, - MTX_DEF); +#ifdef VNET_NFSD + /* XXX-BZ OSD to VNET? */ + osd_jail_register(NULL, methods); +#else + mtx_init(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx, "nfsuserd", + NULL, MTX_DEF); +#endif mtx_init(&nfsrv_dslock_mtx, "nfs4ds", NULL, MTX_DEF); TAILQ_INIT(&nfsrv_devidhead); newnfs_init(); @@ -902,7 +989,8 @@ break; case MOD_UNLOAD: - if (newnfs_numnfsd != 0 || nfsrv_nfsuserd != NOTRUNNING || + if (newnfs_numnfsd != 0 || + NFSD_VNET(nfsrv_nfsuserd) != NOTRUNNING || nfs_numnfscbd != 0) { error = EBUSY; break; @@ -910,7 +998,7 @@ nfsd_call_nfscommon = NULL; /* Clean out the name<-->id cache. */ - nfsrv_cleanusergroup(); + nfsrv_cleanusergroup(&prison0); /* and get rid of the mutexes */ mtx_destroy(&nfs_nameid_mutex); mtx_destroy(&newnfsd_mtx); @@ -919,7 +1007,6 @@ mtx_destroy(&nfs_sockl_mutex); mtx_destroy(&nfs_slock_mutex); mtx_destroy(&nfs_req_mutex); - mtx_destroy(&nfsrv_nfsuserdsock.nr_mtx); mtx_destroy(&nfsrv_dslock_mtx); loaded = 0; break; diff --git a/sys/fs/nfs/nfs_commonsubs.c.vnetnfsuserd b/sys/fs/nfs/nfs_commonsubs.c --- a/sys/fs/nfs/nfs_commonsubs.c.vnetnfsuserd +++ b/sys/fs/nfs/nfs_commonsubs.c @@ -66,17 +66,10 @@ struct timeval nfsboottime; /* Copy boottime once, so it never changes */ int nfscl_ticks; int nfsrv_useacl = 1; -struct nfssockreq nfsrv_nfsuserdsock; -nfsuserd_state nfsrv_nfsuserd = NOTRUNNING; -static int nfsrv_userdupcalls = 0; struct nfsreqhead nfsd_reqq; -uid_t nfsrv_defaultuid = UID_NOBODY; -gid_t nfsrv_defaultgid = GID_NOGROUP; int nfsrv_lease = NFSRV_LEASE; int ncl_mbuf_mlen = MLEN; -int nfsd_enable_stringtouid = 0; int nfsrv_doflexfile = 0; -static int nfs_enable_uidtostring = 0; NFSNAMEIDMUTEX; NFSSOCKMUTEX; extern int nfsrv_lughashsize; @@ -87,10 +80,21 @@ extern struct nfsstatsv1 nfsstatsv1; extern uint32_t nfs_srvmaxio; +NFSD_VNET_DEFINE(int, nfsd_enable_stringtouid) = 0; +NFSD_VNET_DEFINE(struct nfssockreq, nfsrv_nfsuserdsock); +NFSD_VNET_DEFINE(nfsuserd_state, nfsrv_nfsuserd) = NOTRUNNING; +NFSD_VNET_DEFINE(uid_t, nfsrv_defaultuid) = UID_NOBODY; +NFSD_VNET_DEFINE(gid_t, nfsrv_defaultgid) = GID_NOGROUP; + +NFSD_VNET_DEFINE_STATIC(int, nfsrv_userdupcalls) = 0; + SYSCTL_DECL(_vfs_nfs); -SYSCTL_INT(_vfs_nfs, OID_AUTO, enable_uidtostring, CTLFLAG_RW, - &nfs_enable_uidtostring, 0, "Make nfs always send numeric owner_names"); +NFSD_VNET_DEFINE_STATIC(int, nfs_enable_uidtostring) = 0; +SYSCTL_INT(_vfs_nfs, OID_AUTO, enable_uidtostring, + CTLFLAG_NFSD_VNET | CTLFLAG_RW, &NFSD_VNET_NAME(nfs_enable_uidtostring), 0, + "Make nfs always send numeric owner_names"); + int nfsrv_maxpnfsmirror = 1; SYSCTL_INT(_vfs_nfs, OID_AUTO, pnfsmirror, CTLFLAG_RD, &nfsrv_maxpnfsmirror, 0, "Mirror level for pNFS service"); @@ -192,19 +196,16 @@ }; static int ncl_mbuf_mhlen = MHLEN; -static int nfsrv_usercnt = 0; -static int nfsrv_dnsnamelen; -static u_char *nfsrv_dnsname = NULL; -static int nfsrv_usermax = 999999999; -struct nfsrv_lughash { - struct mtx mtx; - struct nfsuserhashhead lughead; -}; -static struct nfsrv_lughash *nfsuserhash; -static struct nfsrv_lughash *nfsusernamehash; -static struct nfsrv_lughash *nfsgrouphash; -static struct nfsrv_lughash *nfsgroupnamehash; +NFSD_VNET_DEFINE_STATIC(int, nfsrv_usercnt) = 0; +NFSD_VNET_DEFINE_STATIC(int, nfsrv_dnsnamelen) = 0; +NFSD_VNET_DEFINE_STATIC(int, nfsrv_usermax) = 999999999; +NFSD_VNET_DEFINE(struct nfsrv_lughash *, nfsuserhash) = NULL; +NFSD_VNET_DEFINE(struct nfsrv_lughash *, nfsusernamehash) = NULL; +NFSD_VNET_DEFINE(struct nfsrv_lughash *, nfsgrouphash) = NULL; +NFSD_VNET_DEFINE(struct nfsrv_lughash *, nfsgroupnamehash) = NULL; +NFSD_VNET_DEFINE(u_char *, nfsrv_dnsname) = NULL; + /* * This static array indicates whether or not the RPC generates a large * reply. This is used by nfs_reply() to decide whether or not an mbuf @@ -1245,6 +1246,7 @@ #endif CTASSERT(sizeof(ino_t) == sizeof(uint64_t)); + NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread)); if (compare) { retnotsup = 0; error = nfsrv_getattrbits(nd, &attrbits, NULL, &retnotsup); @@ -1870,7 +1872,8 @@ } } else if (nap != NULL) { if (nfsv4_strtouid(nd, cp, j, &uid)) - nap->na_uid = nfsrv_defaultuid; + nap->na_uid = + NFSD_VNET(nfsrv_defaultuid); else nap->na_uid = uid; } @@ -1903,7 +1906,8 @@ } } else if (nap != NULL) { if (nfsv4_strtogid(nd, cp, j, &gid)) - nap->na_gid = nfsrv_defaultgid; + nap->na_gid = + NFSD_VNET(nfsrv_defaultgid); else nap->na_gid = gid; } @@ -2266,6 +2270,7 @@ error = nfsm_advance(nd, attrsize - attrsum, -1); } nfsmout: + NFSD_CURVNET_RESTORE(); NFSEXITCODE2(error, nd); return (error); } @@ -3142,14 +3147,16 @@ int cnt, hasampersand, len = NFSV4_SMALLSTR, ret; struct nfsrv_lughash *hp; + NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread)); cnt = 0; tryagain: - if (nfsrv_dnsnamelen > 0 && !nfs_enable_uidtostring) { + if (NFSD_VNET(nfsrv_dnsnamelen) > 0 && + !NFSD_VNET(nfs_enable_uidtostring)) { /* * Always map nfsrv_defaultuid to "nobody". */ - if (uid == nfsrv_defaultuid) { - i = nfsrv_dnsnamelen + 7; + if (uid == NFSD_VNET(nfsrv_defaultuid)) { + i = NFSD_VNET(nfsrv_dnsnamelen) + 7; if (i > len) { if (len > NFSV4_SMALLSTR) free(cp, M_NFSSTRING); @@ -3161,7 +3168,9 @@ *retlenp = i; NFSBCOPY("nobody@", cp, 7); cp += 7; - NFSBCOPY(nfsrv_dnsname, cp, nfsrv_dnsnamelen); + NFSBCOPY(NFSD_VNET(nfsrv_dnsname), cp, + NFSD_VNET(nfsrv_dnsnamelen)); + NFSD_CURVNET_RESTORE(); return; } hasampersand = 0; @@ -3185,7 +3194,7 @@ i = usrp->lug_namelen; else i = usrp->lug_namelen + - nfsrv_dnsnamelen + 1; + NFSD_VNET(nfsrv_dnsnamelen) + 1; if (i > len) { mtx_unlock(&hp->mtx); if (len > NFSV4_SMALLSTR) @@ -3200,12 +3209,14 @@ if (!hasampersand) { cp += usrp->lug_namelen; *cp++ = '@'; - NFSBCOPY(nfsrv_dnsname, cp, nfsrv_dnsnamelen); + NFSBCOPY(NFSD_VNET(nfsrv_dnsname), cp, + NFSD_VNET(nfsrv_dnsnamelen)); } TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash); TAILQ_INSERT_TAIL(&hp->lughead, usrp, lug_numhash); mtx_unlock(&hp->mtx); + NFSD_CURVNET_RESTORE(); return; } } @@ -3233,6 +3244,7 @@ *cp-- = '0' + (tmp % 10); tmp /= 10; } + NFSD_CURVNET_RESTORE(); return; } @@ -3253,7 +3265,7 @@ cnt = 0; uid = oldcred->cr_uid; tryagain: - if (nfsrv_dnsnamelen > 0) { + if (NFSD_VNET(nfsrv_dnsnamelen) > 0) { hp = NFSUSERHASH(uid); mtx_lock(&hp->mtx); TAILQ_FOREACH(usrp, &hp->lughead, lug_numhash) { @@ -3300,6 +3312,7 @@ uid_t tuid; struct nfsrv_lughash *hp, *hp2; + NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread)); if (len == 0) { error = NFSERR_BADOWNER; goto out; @@ -3311,7 +3324,7 @@ /* A numeric string. */ if ((nd->nd_flag & ND_KERBV) == 0 && ((nd->nd_flag & ND_NFSCL) != 0 || - nfsd_enable_stringtouid != 0)) + NFSD_VNET(nfsd_enable_stringtouid) != 0)) *uidp = tuid; else error = NFSERR_BADOWNER; @@ -3328,7 +3341,7 @@ cnt = 0; tryagain: - if (nfsrv_dnsnamelen > 0) { + if (NFSD_VNET(nfsrv_dnsnamelen) > 0) { /* * If an '@' is found and the domain name matches, search for * the name with dns stripped off. @@ -3336,9 +3349,10 @@ * all upper case will not. */ if (cnt == 0 && i < len && i > 0 && - (len - 1 - i) == nfsrv_dnsnamelen && - !nfsrv_cmpmixedcase(cp, nfsrv_dnsname, nfsrv_dnsnamelen)) { - len -= (nfsrv_dnsnamelen + 1); + (len - 1 - i) == NFSD_VNET(nfsrv_dnsnamelen) && + !nfsrv_cmpmixedcase(cp, + NFSD_VNET(nfsrv_dnsname), NFSD_VNET(nfsrv_dnsnamelen))) { + len -= (NFSD_VNET(nfsrv_dnsnamelen) + 1); *(cp - 1) = '\0'; } @@ -3346,7 +3360,7 @@ * Check for the special case of "nobody". */ if (len == 6 && !NFSBCMP(str, "nobody", 6)) { - *uidp = nfsrv_defaultuid; + *uidp = NFSD_VNET(nfsrv_defaultuid); error = 0; goto out; } @@ -3380,6 +3394,7 @@ error = NFSERR_BADOWNER; out: + NFSD_CURVNET_RESTORE(); NFSEXITCODE(error); return (error); } @@ -3401,14 +3416,16 @@ int cnt, hasampersand, len = NFSV4_SMALLSTR, ret; struct nfsrv_lughash *hp; + NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread)); cnt = 0; tryagain: - if (nfsrv_dnsnamelen > 0 && !nfs_enable_uidtostring) { + if (NFSD_VNET(nfsrv_dnsnamelen) > 0 && + !NFSD_VNET(nfs_enable_uidtostring)) { /* * Always map nfsrv_defaultgid to "nogroup". */ - if (gid == nfsrv_defaultgid) { - i = nfsrv_dnsnamelen + 8; + if (gid == NFSD_VNET(nfsrv_defaultgid)) { + i = NFSD_VNET(nfsrv_dnsnamelen) + 8; if (i > len) { if (len > NFSV4_SMALLSTR) free(cp, M_NFSSTRING); @@ -3420,7 +3437,9 @@ *retlenp = i; NFSBCOPY("nogroup@", cp, 8); cp += 8; - NFSBCOPY(nfsrv_dnsname, cp, nfsrv_dnsnamelen); + NFSBCOPY(NFSD_VNET(nfsrv_dnsname), cp, + NFSD_VNET(nfsrv_dnsnamelen)); + NFSD_CURVNET_RESTORE(); return; } hasampersand = 0; @@ -3444,7 +3463,7 @@ i = usrp->lug_namelen; else i = usrp->lug_namelen + - nfsrv_dnsnamelen + 1; + NFSD_VNET(nfsrv_dnsnamelen) + 1; if (i > len) { mtx_unlock(&hp->mtx); if (len > NFSV4_SMALLSTR) @@ -3459,12 +3478,14 @@ if (!hasampersand) { cp += usrp->lug_namelen; *cp++ = '@'; - NFSBCOPY(nfsrv_dnsname, cp, nfsrv_dnsnamelen); + NFSBCOPY(NFSD_VNET(nfsrv_dnsname), cp, + NFSD_VNET(nfsrv_dnsnamelen)); } TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash); TAILQ_INSERT_TAIL(&hp->lughead, usrp, lug_numhash); mtx_unlock(&hp->mtx); + NFSD_CURVNET_RESTORE(); return; } } @@ -3492,6 +3513,7 @@ *cp-- = '0' + (tmp % 10); tmp /= 10; } + NFSD_CURVNET_RESTORE(); return; } @@ -3514,6 +3536,7 @@ gid_t tgid; struct nfsrv_lughash *hp, *hp2; + NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread)); if (len == 0) { error = NFSERR_BADOWNER; goto out; @@ -3525,7 +3548,7 @@ /* A numeric string. */ if ((nd->nd_flag & ND_KERBV) == 0 && ((nd->nd_flag & ND_NFSCL) != 0 || - nfsd_enable_stringtouid != 0)) + NFSD_VNET(nfsd_enable_stringtouid) != 0)) *gidp = tgid; else error = NFSERR_BADOWNER; @@ -3542,15 +3565,16 @@ cnt = 0; tryagain: - if (nfsrv_dnsnamelen > 0) { + if (NFSD_VNET(nfsrv_dnsnamelen) > 0) { /* * If an '@' is found and the dns name matches, search for the * name with the dns stripped off. */ if (cnt == 0 && i < len && i > 0 && - (len - 1 - i) == nfsrv_dnsnamelen && - !nfsrv_cmpmixedcase(cp, nfsrv_dnsname, nfsrv_dnsnamelen)) { - len -= (nfsrv_dnsnamelen + 1); + (len - 1 - i) == NFSD_VNET(nfsrv_dnsnamelen) && + !nfsrv_cmpmixedcase(cp, + NFSD_VNET(nfsrv_dnsname), NFSD_VNET(nfsrv_dnsnamelen))) { + len -= (NFSD_VNET(nfsrv_dnsnamelen) + 1); *(cp - 1) = '\0'; } @@ -3558,7 +3582,7 @@ * Check for the special case of "nogroup". */ if (len == 7 && !NFSBCMP(str, "nogroup", 7)) { - *gidp = nfsrv_defaultgid; + *gidp = NFSD_VNET(nfsrv_defaultgid); error = 0; goto out; } @@ -3592,6 +3616,7 @@ error = NFSERR_BADOWNER; out: + NFSD_CURVNET_RESTORE(); NFSEXITCODE(error); return (error); } @@ -3642,12 +3667,12 @@ int error; NFSLOCKNAMEID(); - if (nfsrv_nfsuserd != NOTRUNNING) { + if (NFSD_VNET(nfsrv_nfsuserd) != NOTRUNNING) { NFSUNLOCKNAMEID(); error = EPERM; goto out; } - nfsrv_nfsuserd = STARTSTOP; + NFSD_VNET(nfsrv_nfsuserd) = STARTSTOP; /* * Set up the socket record and connect. * Set nr_client NULL before unlocking, just to ensure that no other @@ -3655,7 +3680,7 @@ * occur if the use of the nameid lock to protect nfsrv_nfsuserd is * broken. */ - rp = &nfsrv_nfsuserdsock; + rp = &NFSD_VNET(nfsrv_nfsuserdsock); rp->nr_client = NULL; NFSUNLOCKNAMEID(); rp->nr_sotype = SOCK_DGRAM; @@ -3696,12 +3721,12 @@ &rp->nr_client); if (error == 0) { NFSLOCKNAMEID(); - nfsrv_nfsuserd = RUNNING; + NFSD_VNET(nfsrv_nfsuserd) = RUNNING; NFSUNLOCKNAMEID(); } else { free(rp->nr_nam, M_SONAME); NFSLOCKNAMEID(); - nfsrv_nfsuserd = NOTRUNNING; + NFSD_VNET(nfsrv_nfsuserd) = NOTRUNNING; NFSUNLOCKNAMEID(); } out: @@ -3717,20 +3742,20 @@ { NFSLOCKNAMEID(); - if (nfsrv_nfsuserd != RUNNING) { + if (NFSD_VNET(nfsrv_nfsuserd) != RUNNING) { NFSUNLOCKNAMEID(); return; } - nfsrv_nfsuserd = STARTSTOP; + NFSD_VNET(nfsrv_nfsuserd) = STARTSTOP; /* Wait for all upcalls to complete. */ - while (nfsrv_userdupcalls > 0) - msleep(&nfsrv_userdupcalls, NFSNAMEIDMUTEXPTR, PVFS, + while (NFSD_VNET(nfsrv_userdupcalls) > 0) + msleep(&NFSD_VNET(nfsrv_userdupcalls), NFSNAMEIDMUTEXPTR, PVFS, "nfsupcalls", 0); NFSUNLOCKNAMEID(); - newnfs_disconnect(NULL, &nfsrv_nfsuserdsock); - free(nfsrv_nfsuserdsock.nr_nam, M_SONAME); + newnfs_disconnect(NULL, &NFSD_VNET(nfsrv_nfsuserdsock)); + free(NFSD_VNET(nfsrv_nfsuserdsock).nr_nam, M_SONAME); NFSLOCKNAMEID(); - nfsrv_nfsuserd = NOTRUNNING; + NFSD_VNET(nfsrv_nfsuserd) = NOTRUNNING; NFSUNLOCKNAMEID(); } @@ -3750,7 +3775,7 @@ int error; NFSLOCKNAMEID(); - if (nfsrv_nfsuserd != RUNNING) { + if (NFSD_VNET(nfsrv_nfsuserd) != RUNNING) { NFSUNLOCKNAMEID(); error = EPERM; goto out; @@ -3759,9 +3784,9 @@ * Maintain a count of upcalls in progress, so that nfsrv_X() * can wait until no upcalls are in progress. */ - nfsrv_userdupcalls++; + NFSD_VNET(nfsrv_userdupcalls)++; NFSUNLOCKNAMEID(); - KASSERT(nfsrv_userdupcalls > 0, + KASSERT(NFSD_VNET(nfsrv_userdupcalls) > 0, ("nfsrv_getuser: non-positive upcalls")); nd = &nfsd; cred = newnfs_getcred(); @@ -3779,11 +3804,13 @@ len = strlen(name); (void) nfsm_strtom(nd, name, len); } - error = newnfs_request(nd, NULL, NULL, &nfsrv_nfsuserdsock, NULL, NULL, - cred, RPCPROG_NFSUSERD, RPCNFSUSERD_VERS, NULL, 0, NULL, NULL); + error = newnfs_request(nd, NULL, NULL, &NFSD_VNET(nfsrv_nfsuserdsock), + NULL, NULL, cred, RPCPROG_NFSUSERD, RPCNFSUSERD_VERS, NULL, 0, + NULL, NULL); NFSLOCKNAMEID(); - if (--nfsrv_userdupcalls == 0 && nfsrv_nfsuserd == STARTSTOP) - wakeup(&nfsrv_userdupcalls); + if (--NFSD_VNET(nfsrv_userdupcalls) == 0 && + NFSD_VNET(nfsrv_nfsuserd) == STARTSTOP) + wakeup(&NFSD_VNET(nfsrv_userdupcalls)); NFSUNLOCKNAMEID(); NFSFREECRED(cred); if (!error) { @@ -3823,7 +3850,8 @@ free(cp, M_NFSSTRING); goto out; } - if (atomic_cmpset_acq_int(&nfsrv_dnsnamelen, 0, 0) == 0) { + if (atomic_cmpset_acq_int(&NFSD_VNET(nfsrv_dnsnamelen), 0, 0) == + 0) { /* * Free up all the old stuff and reinitialize hash * lists. All mutexes for both lists must be locked, @@ -3831,80 +3859,81 @@ * ones, to avoid a LOR. */ for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsusernamehash[i].mtx); + mtx_lock(&NFSD_VNET(nfsusernamehash)[i].mtx); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsuserhash[i].mtx); + mtx_lock(&NFSD_VNET(nfsuserhash)[i].mtx); for (i = 0; i < nfsrv_lughashsize; i++) TAILQ_FOREACH_SAFE(usrp, - &nfsuserhash[i].lughead, lug_numhash, nusrp) + &NFSD_VNET(nfsuserhash)[i].lughead, lug_numhash, nusrp) nfsrv_removeuser(usrp, 1); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_unlock(&nfsuserhash[i].mtx); + mtx_unlock(&NFSD_VNET(nfsuserhash)[i].mtx); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_unlock(&nfsusernamehash[i].mtx); + mtx_unlock(&NFSD_VNET(nfsusernamehash)[i].mtx); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsgroupnamehash[i].mtx); + mtx_lock(&NFSD_VNET(nfsgroupnamehash)[i].mtx); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsgrouphash[i].mtx); + mtx_lock(&NFSD_VNET(nfsgrouphash)[i].mtx); for (i = 0; i < nfsrv_lughashsize; i++) TAILQ_FOREACH_SAFE(usrp, - &nfsgrouphash[i].lughead, lug_numhash, + &NFSD_VNET(nfsgrouphash)[i].lughead, lug_numhash, nusrp) nfsrv_removeuser(usrp, 0); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_unlock(&nfsgrouphash[i].mtx); + mtx_unlock(&NFSD_VNET(nfsgrouphash)[i].mtx); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_unlock(&nfsgroupnamehash[i].mtx); - free(nfsrv_dnsname, M_NFSSTRING); - nfsrv_dnsname = NULL; + mtx_unlock(&NFSD_VNET(nfsgroupnamehash)[i].mtx); + free(NFSD_VNET(nfsrv_dnsname), M_NFSSTRING); + NFSD_VNET(nfsrv_dnsname) = NULL; } - if (nfsuserhash == NULL) { + if (NFSD_VNET(nfsuserhash) == NULL) { /* Allocate the hash tables. */ - nfsuserhash = malloc(sizeof(struct nfsrv_lughash) * + NFSD_VNET(nfsuserhash) = malloc(sizeof(struct nfsrv_lughash) * nfsrv_lughashsize, M_NFSUSERGROUP, M_WAITOK | M_ZERO); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_init(&nfsuserhash[i].mtx, "nfsuidhash", + mtx_init(&NFSD_VNET(nfsuserhash)[i].mtx, "nfsuidhash", NULL, MTX_DEF | MTX_DUPOK); - nfsusernamehash = malloc(sizeof(struct nfsrv_lughash) * + NFSD_VNET(nfsusernamehash) = malloc(sizeof(struct nfsrv_lughash) * nfsrv_lughashsize, M_NFSUSERGROUP, M_WAITOK | M_ZERO); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_init(&nfsusernamehash[i].mtx, + mtx_init(&NFSD_VNET(nfsusernamehash)[i].mtx, "nfsusrhash", NULL, MTX_DEF | MTX_DUPOK); - nfsgrouphash = malloc(sizeof(struct nfsrv_lughash) * + NFSD_VNET(nfsgrouphash) = malloc(sizeof(struct nfsrv_lughash) * nfsrv_lughashsize, M_NFSUSERGROUP, M_WAITOK | M_ZERO); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_init(&nfsgrouphash[i].mtx, "nfsgidhash", + mtx_init(&NFSD_VNET(nfsgrouphash)[i].mtx, "nfsgidhash", NULL, MTX_DEF | MTX_DUPOK); - nfsgroupnamehash = malloc(sizeof(struct nfsrv_lughash) * + NFSD_VNET(nfsgroupnamehash) = malloc(sizeof(struct nfsrv_lughash) * nfsrv_lughashsize, M_NFSUSERGROUP, M_WAITOK | M_ZERO); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_init(&nfsgroupnamehash[i].mtx, + mtx_init(&NFSD_VNET(nfsgroupnamehash)[i].mtx, "nfsgrphash", NULL, MTX_DEF | MTX_DUPOK); } /* (Re)initialize the list heads. */ for (i = 0; i < nfsrv_lughashsize; i++) - TAILQ_INIT(&nfsuserhash[i].lughead); + TAILQ_INIT(&NFSD_VNET(nfsuserhash)[i].lughead); for (i = 0; i < nfsrv_lughashsize; i++) - TAILQ_INIT(&nfsusernamehash[i].lughead); + TAILQ_INIT(&NFSD_VNET(nfsusernamehash)[i].lughead); for (i = 0; i < nfsrv_lughashsize; i++) - TAILQ_INIT(&nfsgrouphash[i].lughead); + TAILQ_INIT(&NFSD_VNET(nfsgrouphash)[i].lughead); for (i = 0; i < nfsrv_lughashsize; i++) - TAILQ_INIT(&nfsgroupnamehash[i].lughead); + TAILQ_INIT(&NFSD_VNET(nfsgroupnamehash)[i].lughead); /* * Put name in "DNS" string. */ - nfsrv_dnsname = cp; - nfsrv_defaultuid = nidp->nid_uid; - nfsrv_defaultgid = nidp->nid_gid; - nfsrv_usercnt = 0; - nfsrv_usermax = nidp->nid_usermax; - atomic_store_rel_int(&nfsrv_dnsnamelen, nidp->nid_namelen); + NFSD_VNET(nfsrv_dnsname) = cp; + NFSD_VNET(nfsrv_defaultuid) = nidp->nid_uid; + NFSD_VNET(nfsrv_defaultgid) = nidp->nid_gid; + NFSD_VNET(nfsrv_usercnt) = 0; + NFSD_VNET(nfsrv_usermax) = nidp->nid_usermax; + atomic_store_rel_int(&NFSD_VNET(nfsrv_dnsnamelen), + nidp->nid_namelen); goto out; } @@ -3968,7 +3997,7 @@ if (nidp->nid_flag & (NFSID_DELUID | NFSID_ADDUID)) { /* Must lock all username hash lists first, to avoid a LOR. */ for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsusernamehash[i].mtx); + mtx_lock(&NFSD_VNET(nfsusernamehash)[i].mtx); username_locked = 1; hp_idnum = NFSUSERHASH(nidp->nid_uid); mtx_lock(&hp_idnum->mtx); @@ -3997,7 +4026,7 @@ } else if (nidp->nid_flag & (NFSID_DELGID | NFSID_ADDGID)) { /* Must lock all groupname hash lists first, to avoid a LOR. */ for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsgroupnamehash[i].mtx); + mtx_lock(&NFSD_VNET(nfsgroupnamehash)[i].mtx); groupname_locked = 1; hp_idnum = NFSGROUPHASH(nidp->nid_gid); mtx_lock(&hp_idnum->mtx); @@ -4040,7 +4069,7 @@ thp = NFSUSERNAMEHASH(newusrp->lug_name, newusrp->lug_namelen); mtx_assert(&thp->mtx, MA_OWNED); TAILQ_INSERT_TAIL(&thp->lughead, newusrp, lug_namehash); - atomic_add_int(&nfsrv_usercnt, 1); + atomic_add_int(&NFSD_VNET(nfsrv_usercnt), 1); } else if (nidp->nid_flag & (NFSID_ADDGID | NFSID_ADDGROUPNAME)) { newusrp->lug_gid = nidp->nid_gid; thp = NFSGROUPHASH(newusrp->lug_gid); @@ -4049,7 +4078,7 @@ thp = NFSGROUPNAMEHASH(newusrp->lug_name, newusrp->lug_namelen); mtx_assert(&thp->mtx, MA_OWNED); TAILQ_INSERT_TAIL(&thp->lughead, newusrp, lug_namehash); - atomic_add_int(&nfsrv_usercnt, 1); + atomic_add_int(&NFSD_VNET(nfsrv_usercnt), 1); } else { if (newusrp->lug_cred != NULL) crfree(newusrp->lug_cred); @@ -4078,17 +4107,17 @@ NFSID_DELUSERNAME | NFSID_ADDUSERNAME)) != 0) { if (username_locked == 0) { for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsusernamehash[i].mtx); + mtx_lock(&NFSD_VNET(nfsusernamehash)[i].mtx); username_locked = 1; } KASSERT(user_locked == 0, ("nfssvc_idname: user_locked")); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsuserhash[i].mtx); + mtx_lock(&NFSD_VNET(nfsuserhash)[i].mtx); user_locked = 1; for (i = 0; i < nfsrv_lughashsize; i++) { TAILQ_FOREACH_SAFE(usrp, - &nfsuserhash[i].lughead, lug_numhash, + &NFSD_VNET(nfsuserhash)[i].lughead, lug_numhash, nusrp) if (usrp->lug_expiry < NFSD_MONOSEC) nfsrv_removeuser(usrp, 1); @@ -4099,26 +4128,26 @@ * algorithm. This code deletes the least * recently used entry on each hash list. */ - if (nfsrv_usercnt <= nfsrv_usermax) + if (NFSD_VNET(nfsrv_usercnt) <= NFSD_VNET(nfsrv_usermax)) break; - usrp = TAILQ_FIRST(&nfsuserhash[i].lughead); + usrp = TAILQ_FIRST(&NFSD_VNET(nfsuserhash)[i].lughead); if (usrp != NULL) nfsrv_removeuser(usrp, 1); } } else { if (groupname_locked == 0) { for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsgroupnamehash[i].mtx); + mtx_lock(&NFSD_VNET(nfsgroupnamehash)[i].mtx); groupname_locked = 1; } KASSERT(group_locked == 0, ("nfssvc_idname: group_locked")); for (i = 0; i < nfsrv_lughashsize; i++) - mtx_lock(&nfsgrouphash[i].mtx); + mtx_lock(&NFSD_VNET(nfsgrouphash)[i].mtx); group_locked = 1; for (i = 0; i < nfsrv_lughashsize; i++) { TAILQ_FOREACH_SAFE(usrp, - &nfsgrouphash[i].lughead, lug_numhash, + &NFSD_VNET(nfsgrouphash)[i].lughead, lug_numhash, nusrp) if (usrp->lug_expiry < NFSD_MONOSEC) nfsrv_removeuser(usrp, 0); @@ -4129,9 +4158,9 @@ * algorithm. This code deletes the least * recently user entry on each hash list. */ - if (nfsrv_usercnt <= nfsrv_usermax) + if (NFSD_VNET(nfsrv_usercnt) <= NFSD_VNET(nfsrv_usermax)) break; - usrp = TAILQ_FIRST(&nfsgrouphash[i].lughead); + usrp = TAILQ_FIRST(&NFSD_VNET(nfsgrouphash)[i].lughead); if (usrp != NULL) nfsrv_removeuser(usrp, 0); } @@ -4147,16 +4176,16 @@ mtx_unlock(&hp_name->mtx); if (user_locked != 0) for (i = 0; i < nfsrv_lughashsize; i++) - mtx_unlock(&nfsuserhash[i].mtx); + mtx_unlock(&NFSD_VNET(nfsuserhash)[i].mtx); if (username_locked != 0) for (i = 0; i < nfsrv_lughashsize; i++) - mtx_unlock(&nfsusernamehash[i].mtx); + mtx_unlock(&NFSD_VNET(nfsusernamehash)[i].mtx); if (group_locked != 0) for (i = 0; i < nfsrv_lughashsize; i++) - mtx_unlock(&nfsgrouphash[i].mtx); + mtx_unlock(&NFSD_VNET(nfsgrouphash)[i].mtx); if (groupname_locked != 0) for (i = 0; i < nfsrv_lughashsize; i++) - mtx_unlock(&nfsgroupnamehash[i].mtx); + mtx_unlock(&NFSD_VNET(nfsgroupnamehash)[i].mtx); out: NFSEXITCODE(error); return (error); @@ -4185,59 +4214,10 @@ mtx_assert(&hp->mtx, MA_OWNED); TAILQ_REMOVE(&hp->lughead, usrp, lug_namehash); } - atomic_add_int(&nfsrv_usercnt, -1); + atomic_add_int(&NFSD_VNET(nfsrv_usercnt), -1); if (usrp->lug_cred != NULL) crfree(usrp->lug_cred); free(usrp, M_NFSUSERGROUP); -} - -/* - * Free up all the allocations related to the name<-->id cache. - * This function should only be called when the nfsuserd daemon isn't - * running, since it doesn't do any locking. - * This function is meant to be used when the nfscommon module is unloaded. - */ -void -nfsrv_cleanusergroup(void) -{ - struct nfsrv_lughash *hp, *hp2; - struct nfsusrgrp *nusrp, *usrp; - int i; - - if (nfsuserhash == NULL) - return; - - for (i = 0; i < nfsrv_lughashsize; i++) { - hp = &nfsuserhash[i]; - TAILQ_FOREACH_SAFE(usrp, &hp->lughead, lug_numhash, nusrp) { - TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash); - hp2 = NFSUSERNAMEHASH(usrp->lug_name, - usrp->lug_namelen); - TAILQ_REMOVE(&hp2->lughead, usrp, lug_namehash); - if (usrp->lug_cred != NULL) - crfree(usrp->lug_cred); - free(usrp, M_NFSUSERGROUP); - } - hp = &nfsgrouphash[i]; - TAILQ_FOREACH_SAFE(usrp, &hp->lughead, lug_numhash, nusrp) { - TAILQ_REMOVE(&hp->lughead, usrp, lug_numhash); - hp2 = NFSGROUPNAMEHASH(usrp->lug_name, - usrp->lug_namelen); - TAILQ_REMOVE(&hp2->lughead, usrp, lug_namehash); - if (usrp->lug_cred != NULL) - crfree(usrp->lug_cred); - free(usrp, M_NFSUSERGROUP); - } - mtx_destroy(&nfsuserhash[i].mtx); - mtx_destroy(&nfsusernamehash[i].mtx); - mtx_destroy(&nfsgroupnamehash[i].mtx); - mtx_destroy(&nfsgrouphash[i].mtx); - } - free(nfsuserhash, M_NFSUSERGROUP); - free(nfsusernamehash, M_NFSUSERGROUP); - free(nfsgrouphash, M_NFSUSERGROUP); - free(nfsgroupnamehash, M_NFSUSERGROUP); - free(nfsrv_dnsname, M_NFSSTRING); } /* diff --git a/sys/fs/nfs/nfs_var.h.vnetnfsuserd b/sys/fs/nfs/nfs_var.h --- a/sys/fs/nfs/nfs_var.h.vnetnfsuserd +++ b/sys/fs/nfs/nfs_var.h @@ -348,7 +348,6 @@ int nfsv4_getref_nonblock(struct nfsv4lock *); int nfsv4_testlock(struct nfsv4lock *); int nfsrv_mtostr(struct nfsrv_descript *, char *, int); -void nfsrv_cleanusergroup(void); int nfsrv_checkutf8(u_int8_t *, int); int newnfs_sndlock(int *); void newnfs_sndunlock(int *); diff --git a/sys/fs/nfs/nfsport.h.vnetnfsuserd b/sys/fs/nfs/nfsport.h --- a/sys/fs/nfs/nfsport.h.vnetnfsuserd +++ b/sys/fs/nfs/nfsport.h @@ -1280,6 +1280,12 @@ #define NFS_MAXBSIZE (maxbcachebuf) #endif +/* User/group hash structure for nfsuserhash and friends. */ +struct nfsrv_lughash { + struct mtx mtx; + struct nfsuserhashhead lughead; +}; + /* * This macro checks to see if issuing of delegations is allowed for this * vnode. diff --git a/sys/fs/nfs/nfsrvstate.h.vnetnfsuserd b/sys/fs/nfs/nfsrvstate.h --- a/sys/fs/nfs/nfsrvstate.h.vnetnfsuserd +++ b/sys/fs/nfs/nfsrvstate.h @@ -62,14 +62,14 @@ #define NFSSTATEHASH(clp, id) \ (&((clp)->lc_stateid[(id).other[2] % nfsrv_statehashsize])) #define NFSUSERHASH(id) \ - (&nfsuserhash[(id) % nfsrv_lughashsize]) + (&NFSD_VNET(nfsuserhash)[(id) % nfsrv_lughashsize]) #define NFSUSERNAMEHASH(p, l) \ - (&nfsusernamehash[((l)>=4?(*(p)+*((p)+1)+*((p)+2)+*((p)+3)):*(p)) \ + (&NFSD_VNET(nfsusernamehash)[((l)>=4?(*(p)+*((p)+1)+*((p)+2)+*((p)+3)):*(p)) \ % nfsrv_lughashsize]) #define NFSGROUPHASH(id) \ - (&nfsgrouphash[(id) % nfsrv_lughashsize]) + (&NFSD_VNET(nfsgrouphash)[(id) % nfsrv_lughashsize]) #define NFSGROUPNAMEHASH(p, l) \ - (&nfsgroupnamehash[((l)>=4?(*(p)+*((p)+1)+*((p)+2)+*((p)+3)):*(p)) \ + (&NFSD_VNET(nfsgroupnamehash)[((l)>=4?(*(p)+*((p)+1)+*((p)+2)+*((p)+3)):*(p)) \ % nfsrv_lughashsize]) struct nfssessionhash { diff --git a/sys/fs/nfsserver/nfs_nfsdport.c.vnetnfsuserd b/sys/fs/nfsserver/nfs_nfsdport.c --- a/sys/fs/nfsserver/nfs_nfsdport.c.vnetnfsuserd +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -124,7 +124,6 @@ static int nfs_commit_miss; extern int nfsrv_issuedelegs; extern int nfsrv_dolocallocks; -extern int nfsd_enable_stringtouid; extern struct nfsdevicehead nfsrv_devidhead; static int nfsrv_createiovec(int, struct mbuf **, struct mbuf **, @@ -186,8 +185,10 @@ &nfsrv_dolocallocks, 0, "Enable nfsd to acquire local locks on files"); SYSCTL_INT(_vfs_nfsd, OID_AUTO, debuglevel, CTLFLAG_RW, &nfsd_debuglevel, 0, "Debug level for NFS server"); -SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_stringtouid, CTLFLAG_RW, - &nfsd_enable_stringtouid, 0, "Enable nfsd to accept numeric owner_names"); +NFSD_VNET_DECLARE(int, nfsd_enable_stringtouid); +SYSCTL_INT(_vfs_nfsd, OID_AUTO, enable_stringtouid, + CTLFLAG_NFSD_VNET | CTLFLAG_RW, &NFSD_VNET_NAME(nfsd_enable_stringtouid), + 0, "Enable nfsd to accept numeric owner_names"); static int nfsrv_pnfsgetdsattr = 1; SYSCTL_INT(_vfs_nfsd, OID_AUTO, pnfsgetdsattr, CTLFLAG_RW, &nfsrv_pnfsgetdsattr, 0, "When set getattr gets DS attributes via RPC"); diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c.vnetnfsuserd b/sys/fs/nfsserver/nfs_nfsdsubs.c --- a/sys/fs/nfsserver/nfs_nfsdsubs.c.vnetnfsuserd +++ b/sys/fs/nfsserver/nfs_nfsdsubs.c @@ -56,6 +56,8 @@ NFSD_VNET_DECLARE(struct nfslockhashhead *, nfslockhash); NFSD_VNET_DECLARE(struct nfssessionhash *, nfssessionhash); NFSD_VNET_DECLARE(int, nfs_rootfhset); +NFSD_VNET_DECLARE(uid_t, nfsrv_defaultuid); +NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); NFSD_VNET_DEFINE(struct nfsdontlisthead, nfsrv_dontlisthead); @@ -1611,10 +1613,12 @@ */ if (NFSVNO_NOTSETUID(nvap) && NFSVNO_NOTSETGID(nvap)) goto out; - if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid == nfsrv_defaultuid && - enable_nobodycheck == 1) - || (NFSVNO_ISSETGID(nvap) && nvap->na_gid == nfsrv_defaultgid && - enable_nogroupcheck == 1)) { + if ((NFSVNO_ISSETUID(nvap) && + nvap->na_uid == NFSD_VNET(nfsrv_defaultuid) && + enable_nobodycheck == 1) || + (NFSVNO_ISSETGID(nvap) && + nvap->na_gid == NFSD_VNET(nfsrv_defaultgid) && + enable_nogroupcheck == 1)) { error = NFSERR_BADOWNER; goto out; }