Page MenuHomeFreeBSD
Files F108594025

D37519.id113897.diff
No OneTemporary
Actions

D37519.id113897.diff
View Options

diff --git a/sys/conf/NOTES.vnet b/sys/conf/NOTES
--- a/sys/conf/NOTES.vnet
+++ b/sys/conf/NOTES
@@ -849,6 +849,7 @@
# Network stack virtualization.
options VIMAGE
options VNET_DEBUG # debug for VIMAGE
+options VNET_NFSD # nfsd in VIMAGE
#
# Network interfaces:
diff --git a/sys/conf/options.vnet b/sys/conf/options
--- a/sys/conf/options.vnet
+++ b/sys/conf/options
@@ -929,6 +929,7 @@
# Network stack virtualization options
VIMAGE opt_global.h
VNET_DEBUG opt_global.h
+VNET_NFSD opt_global.h
# Common Flash Interface (CFI) options
CFI_SUPPORT_STRATAFLASH opt_cfi.h
diff --git a/sys/fs/nfs/nfs_commonport.c.vnetmnt b/sys/fs/nfs/nfs_commonport.c
--- a/sys/fs/nfs/nfs_commonport.c.vnetmnt
+++ b/sys/fs/nfs/nfs_commonport.c
@@ -61,7 +61,6 @@
extern void (*nfsd_call_recall)(struct vnode *, int, struct ucred *,
struct thread *);
extern int nfsrv_useacl;
-struct mount nfsv4root_mnt;
int newnfs_numnfsd = 0;
struct nfsstatsv1 nfsstatsv1;
int nfs_numnfscbd = 0;
@@ -76,6 +75,8 @@
vop_reclaim_t *nfs_reclaim_p = NULL;
uint32_t nfs_srvmaxio = NFS_SRVMAXIO;
+NFSDSTATSDEFINE(nfsstatsv1);
+
int nfs_pnfsio(task_fn_t *, void *);
static int nfs_realign_test;
@@ -447,8 +448,13 @@
struct {
int vers; /* Just the first field of nfsstats. */
} nfsstatver;
+ struct nfsstatsv1 *outstats;
if (uap->flag & NFSSVC_IDNAME) {
+ if (jailed(p->td_ucred)) {
+ error = EPERM;
+ goto out;
+ }
if ((uap->flag & NFSSVC_NEWSTRUCT) != 0)
error = copyin(uap->argp, &nid, sizeof(nid));
else {
@@ -470,90 +476,96 @@
error = nfssvc_idname(&nid);
goto out;
} else if (uap->flag & NFSSVC_GETSTATS) {
+#ifdef VNET_NFSD
+ outstats = malloc(sizeof(*outstats), M_TEMP, M_WAITOK | M_ZERO);
+#else
+ outstats = &nfsstatsv1;
+#endif
+ nfsd_copy_vnetstats();
if ((uap->flag & NFSSVC_NEWSTRUCT) == 0) {
/* Copy fields to the old ext_nfsstat structure. */
oldnfsstats.attrcache_hits =
- nfsstatsv1.attrcache_hits;
+ outstats->attrcache_hits;
oldnfsstats.attrcache_misses =
- nfsstatsv1.attrcache_misses;
+ outstats->attrcache_misses;
oldnfsstats.lookupcache_hits =
- nfsstatsv1.lookupcache_hits;
+ outstats->lookupcache_hits;
oldnfsstats.lookupcache_misses =
- nfsstatsv1.lookupcache_misses;
+ outstats->lookupcache_misses;
oldnfsstats.direofcache_hits =
- nfsstatsv1.direofcache_hits;
+ outstats->direofcache_hits;
oldnfsstats.direofcache_misses =
- nfsstatsv1.direofcache_misses;
+ outstats->direofcache_misses;
oldnfsstats.accesscache_hits =
- nfsstatsv1.accesscache_hits;
+ outstats->accesscache_hits;
oldnfsstats.accesscache_misses =
- nfsstatsv1.accesscache_misses;
+ outstats->accesscache_misses;
oldnfsstats.biocache_reads =
- nfsstatsv1.biocache_reads;
+ outstats->biocache_reads;
oldnfsstats.read_bios =
- nfsstatsv1.read_bios;
+ outstats->read_bios;
oldnfsstats.read_physios =
- nfsstatsv1.read_physios;
+ outstats->read_physios;
oldnfsstats.biocache_writes =
- nfsstatsv1.biocache_writes;
+ outstats->biocache_writes;
oldnfsstats.write_bios =
- nfsstatsv1.write_bios;
+ outstats->write_bios;
oldnfsstats.write_physios =
- nfsstatsv1.write_physios;
+ outstats->write_physios;
oldnfsstats.biocache_readlinks =
- nfsstatsv1.biocache_readlinks;
+ outstats->biocache_readlinks;
oldnfsstats.readlink_bios =
- nfsstatsv1.readlink_bios;
+ outstats->readlink_bios;
oldnfsstats.biocache_readdirs =
- nfsstatsv1.biocache_readdirs;
+ outstats->biocache_readdirs;
oldnfsstats.readdir_bios =
- nfsstatsv1.readdir_bios;
+ outstats->readdir_bios;
for (i = 0; i < NFSV4_NPROCS; i++)
- oldnfsstats.rpccnt[i] = nfsstatsv1.rpccnt[i];
- oldnfsstats.rpcretries = nfsstatsv1.rpcretries;
+ oldnfsstats.rpccnt[i] = outstats->rpccnt[i];
+ oldnfsstats.rpcretries = outstats->rpcretries;
for (i = 0; i < NFSV4OP_NOPS; i++)
oldnfsstats.srvrpccnt[i] =
- nfsstatsv1.srvrpccnt[i];
+ outstats->srvrpccnt[i];
for (i = NFSV42_NOPS, j = NFSV4OP_NOPS;
i < NFSV42_NOPS + NFSV4OP_FAKENOPS; i++, j++)
oldnfsstats.srvrpccnt[j] =
- nfsstatsv1.srvrpccnt[i];
+ outstats->srvrpccnt[i];
oldnfsstats.reserved_0 = 0;
oldnfsstats.reserved_1 = 0;
- oldnfsstats.rpcrequests = nfsstatsv1.rpcrequests;
- oldnfsstats.rpctimeouts = nfsstatsv1.rpctimeouts;
- oldnfsstats.rpcunexpected = nfsstatsv1.rpcunexpected;
- oldnfsstats.rpcinvalid = nfsstatsv1.rpcinvalid;
+ oldnfsstats.rpcrequests = outstats->rpcrequests;
+ oldnfsstats.rpctimeouts = outstats->rpctimeouts;
+ oldnfsstats.rpcunexpected = outstats->rpcunexpected;
+ oldnfsstats.rpcinvalid = outstats->rpcinvalid;
oldnfsstats.srvcache_inproghits =
- nfsstatsv1.srvcache_inproghits;
+ outstats->srvcache_inproghits;
oldnfsstats.reserved_2 = 0;
oldnfsstats.srvcache_nonidemdonehits =
- nfsstatsv1.srvcache_nonidemdonehits;
+ outstats->srvcache_nonidemdonehits;
oldnfsstats.srvcache_misses =
- nfsstatsv1.srvcache_misses;
+ outstats->srvcache_misses;
oldnfsstats.srvcache_tcppeak =
- nfsstatsv1.srvcache_tcppeak;
- oldnfsstats.srvcache_size = nfsstatsv1.srvcache_size;
- oldnfsstats.srvclients = nfsstatsv1.srvclients;
- oldnfsstats.srvopenowners = nfsstatsv1.srvopenowners;
- oldnfsstats.srvopens = nfsstatsv1.srvopens;
- oldnfsstats.srvlockowners = nfsstatsv1.srvlockowners;
- oldnfsstats.srvlocks = nfsstatsv1.srvlocks;
- oldnfsstats.srvdelegates = nfsstatsv1.srvdelegates;
+ outstats->srvcache_tcppeak;
+ oldnfsstats.srvcache_size = outstats->srvcache_size;
+ oldnfsstats.srvclients = outstats->srvclients;
+ oldnfsstats.srvopenowners = outstats->srvopenowners;
+ oldnfsstats.srvopens = outstats->srvopens;
+ oldnfsstats.srvlockowners = outstats->srvlockowners;
+ oldnfsstats.srvlocks = outstats->srvlocks;
+ oldnfsstats.srvdelegates = outstats->srvdelegates;
for (i = 0; i < NFSV4OP_CBNOPS; i++)
oldnfsstats.cbrpccnt[i] =
- nfsstatsv1.cbrpccnt[i];
- oldnfsstats.clopenowners = nfsstatsv1.clopenowners;
- oldnfsstats.clopens = nfsstatsv1.clopens;
- oldnfsstats.cllockowners = nfsstatsv1.cllockowners;
- oldnfsstats.cllocks = nfsstatsv1.cllocks;
- oldnfsstats.cldelegates = nfsstatsv1.cldelegates;
+ outstats->cbrpccnt[i];
+ oldnfsstats.clopenowners = outstats->clopenowners;
+ oldnfsstats.clopens = outstats->clopens;
+ oldnfsstats.cllockowners = outstats->cllockowners;
+ oldnfsstats.cllocks = outstats->cllocks;
+ oldnfsstats.cldelegates = outstats->cldelegates;
oldnfsstats.cllocalopenowners =
- nfsstatsv1.cllocalopenowners;
- oldnfsstats.cllocalopens = nfsstatsv1.cllocalopens;
+ outstats->cllocalopenowners;
+ oldnfsstats.cllocalopens = outstats->cllocalopens;
oldnfsstats.cllocallockowners =
- nfsstatsv1.cllocallockowners;
- oldnfsstats.cllocallocks = nfsstatsv1.cllocallocks;
+ outstats->cllocallockowners;
+ oldnfsstats.cllocallocks = outstats->cllocallocks;
error = copyout(&oldnfsstats, uap->argp,
sizeof (oldnfsstats));
} else {
@@ -561,141 +573,142 @@
sizeof(nfsstatver));
if (error == 0) {
if (nfsstatver.vers == NFSSTATS_OV1) {
- /* Copy nfsstatsv1 to nfsstatsov1. */
+ /* Copy outstats to nfsstatsov1. */
nfsstatsov1.attrcache_hits =
- nfsstatsv1.attrcache_hits;
+ outstats->attrcache_hits;
nfsstatsov1.attrcache_misses =
- nfsstatsv1.attrcache_misses;
+ outstats->attrcache_misses;
nfsstatsov1.lookupcache_hits =
- nfsstatsv1.lookupcache_hits;
+ outstats->lookupcache_hits;
nfsstatsov1.lookupcache_misses =
- nfsstatsv1.lookupcache_misses;
+ outstats->lookupcache_misses;
nfsstatsov1.direofcache_hits =
- nfsstatsv1.direofcache_hits;
+ outstats->direofcache_hits;
nfsstatsov1.direofcache_misses =
- nfsstatsv1.direofcache_misses;
+ outstats->direofcache_misses;
nfsstatsov1.accesscache_hits =
- nfsstatsv1.accesscache_hits;
+ outstats->accesscache_hits;
nfsstatsov1.accesscache_misses =
- nfsstatsv1.accesscache_misses;
+ outstats->accesscache_misses;
nfsstatsov1.biocache_reads =
- nfsstatsv1.biocache_reads;
+ outstats->biocache_reads;
nfsstatsov1.read_bios =
- nfsstatsv1.read_bios;
+ outstats->read_bios;
nfsstatsov1.read_physios =
- nfsstatsv1.read_physios;
+ outstats->read_physios;
nfsstatsov1.biocache_writes =
- nfsstatsv1.biocache_writes;
+ outstats->biocache_writes;
nfsstatsov1.write_bios =
- nfsstatsv1.write_bios;
+ outstats->write_bios;
nfsstatsov1.write_physios =
- nfsstatsv1.write_physios;
+ outstats->write_physios;
nfsstatsov1.biocache_readlinks =
- nfsstatsv1.biocache_readlinks;
+ outstats->biocache_readlinks;
nfsstatsov1.readlink_bios =
- nfsstatsv1.readlink_bios;
+ outstats->readlink_bios;
nfsstatsov1.biocache_readdirs =
- nfsstatsv1.biocache_readdirs;
+ outstats->biocache_readdirs;
nfsstatsov1.readdir_bios =
- nfsstatsv1.readdir_bios;
+ outstats->readdir_bios;
for (i = 0; i < NFSV42_OLDNPROCS; i++)
nfsstatsov1.rpccnt[i] =
- nfsstatsv1.rpccnt[i];
+ outstats->rpccnt[i];
nfsstatsov1.rpcretries =
- nfsstatsv1.rpcretries;
+ outstats->rpcretries;
for (i = 0; i < NFSV42_PURENOPS; i++)
nfsstatsov1.srvrpccnt[i] =
- nfsstatsv1.srvrpccnt[i];
+ outstats->srvrpccnt[i];
for (i = NFSV42_NOPS,
j = NFSV42_PURENOPS;
i < NFSV42_NOPS + NFSV4OP_FAKENOPS;
i++, j++)
nfsstatsov1.srvrpccnt[j] =
- nfsstatsv1.srvrpccnt[i];
+ outstats->srvrpccnt[i];
nfsstatsov1.reserved_0 = 0;
nfsstatsov1.reserved_1 = 0;
nfsstatsov1.rpcrequests =
- nfsstatsv1.rpcrequests;
+ outstats->rpcrequests;
nfsstatsov1.rpctimeouts =
- nfsstatsv1.rpctimeouts;
+ outstats->rpctimeouts;
nfsstatsov1.rpcunexpected =
- nfsstatsv1.rpcunexpected;
+ outstats->rpcunexpected;
nfsstatsov1.rpcinvalid =
- nfsstatsv1.rpcinvalid;
+ outstats->rpcinvalid;
nfsstatsov1.srvcache_inproghits =
- nfsstatsv1.srvcache_inproghits;
+ outstats->srvcache_inproghits;
nfsstatsov1.reserved_2 = 0;
nfsstatsov1.srvcache_nonidemdonehits =
- nfsstatsv1.srvcache_nonidemdonehits;
+ outstats->srvcache_nonidemdonehits;
nfsstatsov1.srvcache_misses =
- nfsstatsv1.srvcache_misses;
+ outstats->srvcache_misses;
nfsstatsov1.srvcache_tcppeak =
- nfsstatsv1.srvcache_tcppeak;
+ outstats->srvcache_tcppeak;
nfsstatsov1.srvcache_size =
- nfsstatsv1.srvcache_size;
+ outstats->srvcache_size;
nfsstatsov1.srvclients =
- nfsstatsv1.srvclients;
+ outstats->srvclients;
nfsstatsov1.srvopenowners =
- nfsstatsv1.srvopenowners;
+ outstats->srvopenowners;
nfsstatsov1.srvopens =
- nfsstatsv1.srvopens;
+ outstats->srvopens;
nfsstatsov1.srvlockowners =
- nfsstatsv1.srvlockowners;
+ outstats->srvlockowners;
nfsstatsov1.srvlocks =
- nfsstatsv1.srvlocks;
+ outstats->srvlocks;
nfsstatsov1.srvdelegates =
- nfsstatsv1.srvdelegates;
+ outstats->srvdelegates;
for (i = 0; i < NFSV42_CBNOPS; i++)
nfsstatsov1.cbrpccnt[i] =
- nfsstatsv1.cbrpccnt[i];
+ outstats->cbrpccnt[i];
nfsstatsov1.clopenowners =
- nfsstatsv1.clopenowners;
+ outstats->clopenowners;
nfsstatsov1.clopens =
- nfsstatsv1.clopens;
+ outstats->clopens;
nfsstatsov1.cllockowners =
- nfsstatsv1.cllockowners;
+ outstats->cllockowners;
nfsstatsov1.cllocks =
- nfsstatsv1.cllocks;
+ outstats->cllocks;
nfsstatsov1.cldelegates =
- nfsstatsv1.cldelegates;
+ outstats->cldelegates;
nfsstatsov1.cllocalopenowners =
- nfsstatsv1.cllocalopenowners;
+ outstats->cllocalopenowners;
nfsstatsov1.cllocalopens =
- nfsstatsv1.cllocalopens;
+ outstats->cllocalopens;
nfsstatsov1.cllocallockowners =
- nfsstatsv1.cllocallockowners;
+ outstats->cllocallockowners;
nfsstatsov1.cllocallocks =
- nfsstatsv1.cllocallocks;
+ outstats->cllocallocks;
nfsstatsov1.srvstartcnt =
- nfsstatsv1.srvstartcnt;
+ outstats->srvstartcnt;
nfsstatsov1.srvdonecnt =
- nfsstatsv1.srvdonecnt;
+ outstats->srvdonecnt;
for (i = NFSV42_NOPS,
j = NFSV42_PURENOPS;
i < NFSV42_NOPS + NFSV4OP_FAKENOPS;
i++, j++) {
nfsstatsov1.srvbytes[j] =
- nfsstatsv1.srvbytes[i];
+ outstats->srvbytes[i];
nfsstatsov1.srvops[j] =
- nfsstatsv1.srvops[i];
+ outstats->srvops[i];
nfsstatsov1.srvduration[j] =
- nfsstatsv1.srvduration[i];
+ outstats->srvduration[i];
}
nfsstatsov1.busyfrom =
- nfsstatsv1.busyfrom;
+ outstats->busyfrom;
nfsstatsov1.busyfrom =
- nfsstatsv1.busyfrom;
+ outstats->busyfrom;
error = copyout(&nfsstatsov1, uap->argp,
sizeof(nfsstatsov1));
} else if (nfsstatver.vers != NFSSTATS_V1)
error = EPERM;
else
- error = copyout(&nfsstatsv1, uap->argp,
+ error = copyout(outstats, uap->argp,
sizeof(nfsstatsv1));
}
}
if (error == 0) {
if ((uap->flag & NFSSVC_ZEROCLTSTATS) != 0) {
+ nfsd_zero_vnetstats();
nfsstatsv1.attrcache_hits = 0;
nfsstatsv1.attrcache_misses = 0;
nfsstatsv1.lookupcache_hits = 0;
@@ -733,11 +746,18 @@
sizeof(nfsstatsv1.cbrpccnt));
}
}
+#ifdef VNET_NFSD
+ free(outstats, M_TEMP);
+#endif
goto out;
} else if (uap->flag & NFSSVC_NFSUSERDPORT) {
u_short sockport;
struct nfsuserd_args nargs;
+ if (jailed(p->td_ucred)) {
+ error = EPERM;
+ goto out;
+ }
if ((uap->flag & NFSSVC_NEWSTRUCT) == 0) {
error = copyin(uap->argp, (caddr_t)&sockport,
sizeof (u_short));
@@ -755,6 +775,10 @@
if (!error)
error = nfsrv_nfsuserdport(&nargs, p);
} else if (uap->flag & NFSSVC_NFSUSERDDELPORT) {
+ if (jailed(p->td_ucred)) {
+ error = EPERM;
+ goto out;
+ }
nfsrv_nfsuserddelport();
error = 0;
}
diff --git a/sys/fs/nfs/nfs_commonsubs.c.vnet b/sys/fs/nfs/nfs_commonsubs.c
--- a/sys/fs/nfs/nfs_commonsubs.c.vnet
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -3931,7 +3931,7 @@
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid;
crsetgroups(cr, nidp->nid_ngroup, grps);
cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
- cr->cr_prison = &prison0;
+ cr->cr_prison = curthread->td_ucred->cr_prison;
prison_hold(cr->cr_prison);
#ifdef MAC
mac_cred_associate_nfsd(cr);
diff --git a/sys/fs/nfs/nfsdport.h.vnetdcl b/sys/fs/nfs/nfsdport.h
--- a/sys/fs/nfs/nfsdport.h.vnetdcl
+++ b/sys/fs/nfs/nfsdport.h
@@ -92,7 +92,7 @@
bcmp(&(f1)->fh_fid, &(f2)->fh_fid, sizeof(struct fid)) == 0)
#define NFSLOCKHASH(f) \
- (&nfslockhash[nfsrv_hashfh(f) % nfsrv_lockhashsize])
+ (&VNET(nfslockhash)[nfsrv_hashfh(f) % nfsrv_lockhashsize])
#define NFSFPVNODE(f) ((f)->f_vnode)
#define NFSFPCRED(f) ((f)->f_cred)
diff --git a/sys/fs/nfs/nfsport.h.vnetstats b/sys/fs/nfs/nfsport.h
--- a/sys/fs/nfs/nfsport.h.vnetstats
+++ b/sys/fs/nfs/nfsport.h
@@ -181,6 +181,87 @@
*/
#define NFSMUTEX_T struct mtx
+/* Macros for VNET_NFSD. */
+#ifdef VNET_NFSD
+#define NFSDSTATS(s) VNET(nfsstatsv1_vnet)
+#define NFSDSTATSDECLARE(s) VNET_DECLARE(struct nfsstatsv1_vnet, nfsstatsv1_vnet)
+#define NFSDSTATSDEFINE(s) VNET_DEFINE(struct nfsstatsv1_vnet, nfsstatsv1_vnet)
+#define nfsd_copy_vnetstats() do { \
+ int iii; \
+ NFSBCOPY(&nfsstatsv1, outstats, sizeof(nfsstatsv1)); \
+ for (iii = 0; iii < NFSV42_NOPS + NFSV4OP_FAKENOPS; iii++) { \
+ outstats->srvrpccnt[iii] = VNET(nfsstatsv1_vnet).srvrpccnt[iii]; \
+ outstats->srvbytes[iii] = VNET(nfsstatsv1_vnet).srvbytes[iii]; \
+ outstats->srvops[iii] = VNET(nfsstatsv1_vnet).srvops[iii]; \
+ outstats->srvduration[iii] = VNET(nfsstatsv1_vnet).srvduration[iii]; \
+ } \
+ outstats->srvlayouts = VNET(nfsstatsv1_vnet).srvlayouts; \
+ outstats->srvcache_inproghits = VNET(nfsstatsv1_vnet).srvcache_inproghits; \
+ outstats->srvcache_nonidemdonehits = VNET(nfsstatsv1_vnet).srvcache_nonidemdonehits; \
+ outstats->srvcache_misses = VNET(nfsstatsv1_vnet).srvcache_misses; \
+ outstats->srvcache_tcppeak = VNET(nfsstatsv1_vnet).srvcache_tcppeak; \
+ outstats->srvcache_size = VNET(nfsstatsv1_vnet).srvcache_size; \
+ outstats->srvclients = VNET(nfsstatsv1_vnet).srvclients; \
+ outstats->srvopenowners = VNET(nfsstatsv1_vnet).srvopenowners; \
+ outstats->srvopens = VNET(nfsstatsv1_vnet).srvopens; \
+ outstats->srvlockowners = VNET(nfsstatsv1_vnet).srvlockowners; \
+ outstats->srvlocks = VNET(nfsstatsv1_vnet).srvlocks; \
+ outstats->srvdelegates = VNET(nfsstatsv1_vnet).srvdelegates; \
+ outstats->srvstartcnt = VNET(nfsstatsv1_vnet).srvstartcnt; \
+ outstats->srvdonecnt = VNET(nfsstatsv1_vnet).srvdonecnt; \
+ outstats->busyfrom = VNET(nfsstatsv1_vnet).busyfrom; \
+ outstats->busytime = VNET(nfsstatsv1_vnet).busytime; \
+ } while (0)
+#define nfsd_zero_vnetstats() do { \
+ int iii; \
+ for (iii = 0; iii < NFSV42_NOPS + NFSV4OP_FAKENOPS; iii++) { \
+ VNET(nfsstatsv1_vnet).srvrpccnt[iii] = 0; \
+ VNET(nfsstatsv1_vnet).srvbytes[iii] = 0; \
+ VNET(nfsstatsv1_vnet).srvops[iii] = 0; \
+ NFSBZERO(&VNET(nfsstatsv1_vnet).srvduration[iii], sizeof(struct bintime)); \
+ } \
+ VNET(nfsstatsv1_vnet).srvlayouts = 0; \
+ VNET(nfsstatsv1_vnet).srvcache_inproghits = 0; \
+ VNET(nfsstatsv1_vnet).srvcache_nonidemdonehits = 0; \
+ VNET(nfsstatsv1_vnet).srvcache_misses = 0; \
+ VNET(nfsstatsv1_vnet).srvcache_tcppeak = 0; \
+ VNET(nfsstatsv1_vnet).srvcache_size = 0; \
+ VNET(nfsstatsv1_vnet).srvclients = 0; \
+ VNET(nfsstatsv1_vnet).srvopenowners = 0; \
+ VNET(nfsstatsv1_vnet).srvopens = 0; \
+ VNET(nfsstatsv1_vnet).srvlockowners = 0; \
+ VNET(nfsstatsv1_vnet).srvlocks = 0; \
+ VNET(nfsstatsv1_vnet).srvdelegates = 0; \
+ VNET(nfsstatsv1_vnet).srvstartcnt = 0; \
+ VNET(nfsstatsv1_vnet).srvdonecnt = 0; \
+ NFSBZERO(&VNET(nfsstatsv1_vnet).busyfrom, sizeof(struct bintime)); \
+ NFSBZERO(&VNET(nfsstatsv1_vnet).busytime, sizeof(struct bintime)); \
+ } while (0)
+#else /* !VNET_NFSD */
+#define NFSDSTATS(s) s
+#define NFSDSTATSDECLARE(s) extern struct s s
+#define NFSDSTATSDEFINE(s)
+#define nfsd_copy_vnetstats()
+#define nfsd_zero_vnetstats()
+
+#ifdef VIMAGE
+/* Don't allocate variables to the vnet. */
+#undef VNET_NAME
+#undef VNET_DECLARE
+#undef VNET_DEFINE
+#undef VNET_DEFINE_STATIC
+#undef VNET
+#define VNET_NAME(n) n
+#define VNET_DECLARE(t, n) extern t n
+#define VNET_DEFINE(t, n) struct _hack; t n
+#define VNET_DEFINE_STATIC(t, n) static t n
+#define VNET(n) (n)
+
+#undef VNET_SYSUNINIT
+#define VNET_SYSUNINIT(ident, subsystem, order, func, arg)
+#endif /* VIMAGE */
+#endif /* VNET_NFSD */
+
#endif /* _KERNEL */
/*
@@ -493,6 +574,33 @@
uint64_t cllocalopens;
uint64_t cllocallockowners;
uint64_t cllocallocks;
+ uint64_t srvstartcnt;
+ uint64_t srvdonecnt;
+ uint64_t srvbytes[NFSV42_NOPS + NFSV4OP_FAKENOPS + 15];
+ uint64_t srvops[NFSV42_NOPS + NFSV4OP_FAKENOPS + 15];
+ struct bintime srvduration[NFSV42_NOPS + NFSV4OP_FAKENOPS + 15];
+ struct bintime busyfrom;
+ struct bintime busytime;
+};
+
+/*
+ * Subset of above structure that needs to be vnet'd for the case
+ * of VNET_NFSD.
+ */
+struct nfsstatsv1_vnet {
+ uint64_t srvrpccnt[NFSV42_NOPS + NFSV4OP_FAKENOPS + 15];
+ uint64_t srvlayouts;
+ uint64_t srvcache_inproghits;
+ uint64_t srvcache_nonidemdonehits;
+ uint64_t srvcache_misses;
+ uint64_t srvcache_tcppeak;
+ int srvcache_size; /* Updated by atomic_xx_int(). */
+ uint64_t srvclients;
+ uint64_t srvopenowners;
+ uint64_t srvopens;
+ uint64_t srvlockowners;
+ uint64_t srvlocks;
+ uint64_t srvdelegates;
uint64_t srvstartcnt;
uint64_t srvdonecnt;
uint64_t srvbytes[NFSV42_NOPS + NFSV4OP_FAKENOPS + 15];
diff --git a/sys/fs/nfs/nfsrvstate.h.vnetdcl b/sys/fs/nfs/nfsrvstate.h
--- a/sys/fs/nfs/nfsrvstate.h.vnetdcl
+++ b/sys/fs/nfs/nfsrvstate.h
@@ -58,7 +58,7 @@
TAILQ_HEAD(nfsuserhashhead, nfsusrgrp);
#define NFSCLIENTHASH(id) \
- (&nfsclienthash[(id).lval[1] % nfsrv_clienthashsize])
+ (&VNET(nfsclienthash)[(id).lval[1] % nfsrv_clienthashsize])
#define NFSSTATEHASH(clp, id) \
(&((clp)->lc_stateid[(id).other[2] % nfsrv_statehashsize]))
#define NFSUSERHASH(id) \
@@ -77,7 +77,7 @@
struct nfssessionhashhead list;
};
#define NFSSESSIONHASH(f) \
- (&nfssessionhash[nfsrv_hashsessionid(f) % nfsrv_sessionhashsize])
+ (&VNET(nfssessionhash)[nfsrv_hashsessionid(f) % nfsrv_sessionhashsize])
struct nfslayouthash {
struct mtx mtx;
diff --git a/sys/fs/nfsserver/nfs_fha_new.c.vnetdcl b/sys/fs/nfsserver/nfs_fha_new.c
--- a/sys/fs/nfsserver/nfs_fha_new.c.vnetdcl
+++ b/sys/fs/nfsserver/nfs_fha_new.c
@@ -61,8 +61,9 @@
SYSCTL_DECL(_vfs_nfsd);
extern int newnfs_nfsv3_procid[];
-extern SVCPOOL *nfsrvd_pool;
+VNET_DECLARE(SVCPOOL *, nfsrvd_pool);
+
SYSINIT(nfs_fhanew, SI_SUB_ROOT_CONF, SI_ORDER_ANY, fhanew_init, NULL);
SYSUNINIT(nfs_fhanew, SI_SUB_ROOT_CONF, SI_ORDER_ANY, fhanew_uninit, NULL);
@@ -79,7 +80,7 @@
snprintf(softc->server_name, sizeof(softc->server_name),
FHANEW_SERVER_NAME);
- softc->pool = &nfsrvd_pool;
+ softc->pool = &VNET(nfsrvd_pool);
/*
* Initialize the sysctl context list for the fha module.
diff --git a/sys/fs/nfsserver/nfs_nfsdcache.c.vnetdcl b/sys/fs/nfsserver/nfs_nfsdcache.c
--- a/sys/fs/nfsserver/nfs_nfsdcache.c.vnetdcl
+++ b/sys/fs/nfsserver/nfs_nfsdcache.c
@@ -160,12 +160,16 @@
*/
#include <fs/nfs/nfsport.h>
-extern struct nfsstatsv1 nfsstatsv1;
extern struct mtx nfsrc_udpmtx;
-extern struct nfsrchash_bucket nfsrchash_table[NFSRVCACHE_HASHSIZE];
-extern struct nfsrchash_bucket nfsrcahash_table[NFSRVCACHE_HASHSIZE];
-int nfsrc_floodlevel = NFSRVCACHE_FLOODLEVEL, nfsrc_tcpsavedreplies = 0;
+NFSDSTATSDECLARE(nfsstatsv1);
+
+VNET_DECLARE(struct nfsrchash_bucket, nfsrchash_table[NFSRVCACHE_HASHSIZE]);
+VNET_DECLARE(struct nfsrchash_bucket, nfsrcahash_table[NFSRVCACHE_HASHSIZE]);
+
+VNET_DEFINE(int, nfsrc_floodlevel) = NFSRVCACHE_FLOODLEVEL;
+VNET_DEFINE(int, nfsrc_tcpsavedreplies) = 0;
+
SYSCTL_DECL(_vfs_nfsd);
static u_int nfsrc_tcphighwater = 0;
@@ -180,8 +184,8 @@
return (error);
if (newhighwater < 0)
return (EINVAL);
- if (newhighwater >= nfsrc_floodlevel)
- nfsrc_floodlevel = newhighwater + newhighwater / 5;
+ if (newhighwater >= VNET(nfsrc_floodlevel))
+ VNET(nfsrc_floodlevel) = newhighwater + newhighwater / 5;
nfsrc_tcphighwater = newhighwater;
return (0);
}
@@ -202,9 +206,9 @@
&nfsrc_tcpnonidempotent, 0,
"Enable the DRC for NFS over TCP");
-static int nfsrc_udpcachesize = 0;
-static TAILQ_HEAD(, nfsrvcache) nfsrvudplru;
-static struct nfsrvhashhead nfsrvudphashtbl[NFSRVCACHE_HASHSIZE];
+VNET_DEFINE_STATIC(int, nfsrc_udpcachesize) = 0;
+VNET_DEFINE_STATIC(TAILQ_HEAD(, nfsrvcache), nfsrvudplru);
+VNET_DEFINE_STATIC(struct nfsrvhashhead, nfsrvudphashtbl[NFSRVCACHE_HASHSIZE]);
/*
* and the reverse mapping from generic to Version 2 procedure numbers
@@ -236,10 +240,10 @@
#define nfsrc_hash(xid) (((xid) + ((xid) >> 24)) % NFSRVCACHE_HASHSIZE)
#define NFSRCUDPHASH(xid) \
- (&nfsrvudphashtbl[nfsrc_hash(xid)])
+ (&VNET(nfsrvudphashtbl)[nfsrc_hash(xid)])
#define NFSRCHASH(xid) \
- (&nfsrchash_table[nfsrc_hash(xid)].tbl)
-#define NFSRCAHASH(xid) (&nfsrcahash_table[nfsrc_hash(xid)])
+ (&VNET(nfsrchash_table)[nfsrc_hash(xid)].tbl)
+#define NFSRCAHASH(xid) (&VNET(nfsrcahash_table)[nfsrc_hash(xid)])
#define TRUE 1
#define FALSE 0
#define NFSRVCACHE_CHECKLEN 100
@@ -295,7 +299,7 @@
if ((rp->rc_flag & RC_UDP) != 0)
return (&nfsrc_udpmtx);
- return (&nfsrchash_table[nfsrc_hash(rp->rc_xid)].mtx);
+ return (&VNET(nfsrchash_table)[nfsrc_hash(rp->rc_xid)].mtx);
}
/*
@@ -305,21 +309,21 @@
nfsrvd_initcache(void)
{
int i;
- static int inited = 0;
- if (inited)
- return;
- inited = 1;
for (i = 0; i < NFSRVCACHE_HASHSIZE; i++) {
- LIST_INIT(&nfsrvudphashtbl[i]);
- LIST_INIT(&nfsrchash_table[i].tbl);
- LIST_INIT(&nfsrcahash_table[i].tbl);
+ mtx_init(&VNET(nfsrchash_table)[i].mtx, "nfsrtc", NULL,
+ MTX_DEF);
+ mtx_init(&VNET(nfsrcahash_table)[i].mtx, "nfsrtca", NULL,
+ MTX_DEF);
}
- TAILQ_INIT(&nfsrvudplru);
- nfsrc_tcpsavedreplies = 0;
- nfsrc_udpcachesize = 0;
- nfsstatsv1.srvcache_tcppeak = 0;
- nfsstatsv1.srvcache_size = 0;
+ for (i = 0; i < NFSRVCACHE_HASHSIZE; i++) {
+ LIST_INIT(&VNET(nfsrvudphashtbl)[i]);
+ LIST_INIT(&VNET(nfsrchash_table)[i].tbl);
+ LIST_INIT(&VNET(nfsrcahash_table)[i].tbl);
+ }
+ TAILQ_INIT(&VNET(nfsrvudplru));
+ VNET(nfsrc_tcpsavedreplies) = 0;
+ VNET(nfsrc_udpcachesize) = 0;
}
/*
@@ -392,17 +396,17 @@
if (rp->rc_flag == 0)
panic("nfs udp cache0");
rp->rc_flag |= RC_LOCKED;
- TAILQ_REMOVE(&nfsrvudplru, rp, rc_lru);
- TAILQ_INSERT_TAIL(&nfsrvudplru, rp, rc_lru);
+ TAILQ_REMOVE(&VNET(nfsrvudplru), rp, rc_lru);
+ TAILQ_INSERT_TAIL(&VNET(nfsrvudplru), rp, rc_lru);
if (rp->rc_flag & RC_INPROG) {
- nfsstatsv1.srvcache_inproghits++;
+ NFSDSTATS(nfsstatsv1).srvcache_inproghits++;
mtx_unlock(mutex);
ret = RC_DROPIT;
} else if (rp->rc_flag & RC_REPSTATUS) {
/*
* V2 only.
*/
- nfsstatsv1.srvcache_nonidemdonehits++;
+ NFSDSTATS(nfsstatsv1).srvcache_nonidemdonehits++;
mtx_unlock(mutex);
nfsrvd_rephead(nd);
*(nd->nd_errp) = rp->rc_status;
@@ -410,7 +414,7 @@
rp->rc_timestamp = NFSD_MONOSEC +
NFSRVCACHE_UDPTIMEOUT;
} else if (rp->rc_flag & RC_REPMBUF) {
- nfsstatsv1.srvcache_nonidemdonehits++;
+ NFSDSTATS(nfsstatsv1).srvcache_nonidemdonehits++;
mtx_unlock(mutex);
nd->nd_mreq = m_copym(rp->rc_reply, 0,
M_COPYALL, M_WAITOK);
@@ -425,9 +429,9 @@
goto out;
}
}
- nfsstatsv1.srvcache_misses++;
- atomic_add_int(&nfsstatsv1.srvcache_size, 1);
- nfsrc_udpcachesize++;
+ NFSDSTATS(nfsstatsv1).srvcache_misses++;
+ atomic_add_int(&NFSDSTATS(nfsstatsv1).srvcache_size, 1);
+ VNET(nfsrc_udpcachesize)++;
newrp->rc_flag |= RC_INPROG;
saddr = NFSSOCKADDR(nd->nd_nam, struct sockaddr_in *);
@@ -440,7 +444,7 @@
newrp->rc_flag |= RC_INETIPV6;
}
LIST_INSERT_HEAD(hp, newrp, rc_hash);
- TAILQ_INSERT_TAIL(&nfsrvudplru, newrp, rc_lru);
+ TAILQ_INSERT_TAIL(&VNET(nfsrvudplru), newrp, rc_lru);
mtx_unlock(mutex);
nd->nd_rp = newrp;
ret = RC_DOIT;
@@ -472,15 +476,15 @@
panic("nfsrvd_updatecache not inprog");
rp->rc_flag &= ~RC_INPROG;
if (rp->rc_flag & RC_UDP) {
- TAILQ_REMOVE(&nfsrvudplru, rp, rc_lru);
- TAILQ_INSERT_TAIL(&nfsrvudplru, rp, rc_lru);
+ TAILQ_REMOVE(&VNET(nfsrvudplru), rp, rc_lru);
+ TAILQ_INSERT_TAIL(&VNET(nfsrvudplru), rp, rc_lru);
}
/*
* Reply from cache is a special case returned by nfsrv_checkseqid().
*/
if (nd->nd_repstat == NFSERR_REPLYFROMCACHE) {
- nfsstatsv1.srvcache_nonidemdonehits++;
+ NFSDSTATS(nfsstatsv1).srvcache_nonidemdonehits++;
mtx_unlock(mutex);
nd->nd_repstat = 0;
if (nd->nd_mreq)
@@ -503,7 +507,7 @@
(rp->rc_refcnt > 0 ||
((nd->nd_flag & ND_SAVEREPLY) && (rp->rc_flag & RC_UDP)) ||
((nd->nd_flag & ND_SAVEREPLY) && !(rp->rc_flag & RC_UDP) &&
- nfsrc_tcpsavedreplies <= nfsrc_floodlevel &&
+ VNET(nfsrc_tcpsavedreplies) <= VNET(nfsrc_floodlevel) &&
nfsrc_tcpnonidempotent))) {
if (rp->rc_refcnt > 0) {
if (!(rp->rc_flag & RC_NFSV4))
@@ -517,11 +521,11 @@
mtx_unlock(mutex);
} else {
if (!(rp->rc_flag & RC_UDP)) {
- atomic_add_int(&nfsrc_tcpsavedreplies, 1);
- if (nfsrc_tcpsavedreplies >
- nfsstatsv1.srvcache_tcppeak)
- nfsstatsv1.srvcache_tcppeak =
- nfsrc_tcpsavedreplies;
+ atomic_add_int(&VNET(nfsrc_tcpsavedreplies), 1);
+ if (VNET(nfsrc_tcpsavedreplies) >
+ NFSDSTATS(nfsstatsv1).srvcache_tcppeak)
+ NFSDSTATS(nfsstatsv1).srvcache_tcppeak =
+ VNET(nfsrc_tcpsavedreplies);
}
mtx_unlock(mutex);
m = m_copym(nd->nd_mreq, 0, M_COPYALL, M_WAITOK);
@@ -678,7 +682,7 @@
panic("nfs tcp cache0");
rp->rc_flag |= RC_LOCKED;
if (rp->rc_flag & RC_INPROG) {
- nfsstatsv1.srvcache_inproghits++;
+ NFSDSTATS(nfsstatsv1).srvcache_inproghits++;
mtx_unlock(mutex);
if (newrp->rc_sockref == rp->rc_sockref)
nfsrc_marksametcpconn(rp->rc_sockref);
@@ -687,7 +691,7 @@
/*
* V2 only.
*/
- nfsstatsv1.srvcache_nonidemdonehits++;
+ NFSDSTATS(nfsstatsv1).srvcache_nonidemdonehits++;
mtx_unlock(mutex);
if (newrp->rc_sockref == rp->rc_sockref)
nfsrc_marksametcpconn(rp->rc_sockref);
@@ -696,7 +700,7 @@
*(nd->nd_errp) = rp->rc_status;
rp->rc_timestamp = NFSD_MONOSEC + nfsrc_tcptimeout;
} else if (rp->rc_flag & RC_REPMBUF) {
- nfsstatsv1.srvcache_nonidemdonehits++;
+ NFSDSTATS(nfsstatsv1).srvcache_nonidemdonehits++;
mtx_unlock(mutex);
if (newrp->rc_sockref == rp->rc_sockref)
nfsrc_marksametcpconn(rp->rc_sockref);
@@ -711,8 +715,8 @@
free(newrp, M_NFSRVCACHE);
goto out;
}
- nfsstatsv1.srvcache_misses++;
- atomic_add_int(&nfsstatsv1.srvcache_size, 1);
+ NFSDSTATS(nfsstatsv1).srvcache_misses++;
+ atomic_add_int(&NFSDSTATS(nfsstatsv1).srvcache_size, 1);
/*
* For TCP, multiple entries for a key are allowed, so don't
@@ -785,8 +789,8 @@
LIST_REMOVE(rp, rc_hash);
if (rp->rc_flag & RC_UDP) {
- TAILQ_REMOVE(&nfsrvudplru, rp, rc_lru);
- nfsrc_udpcachesize--;
+ TAILQ_REMOVE(&VNET(nfsrvudplru), rp, rc_lru);
+ VNET(nfsrc_udpcachesize)--;
} else if (rp->rc_acked != RC_NO_SEQ) {
hbp = NFSRCAHASH(rp->rc_sockref);
mtx_lock(&hbp->mtx);
@@ -798,10 +802,10 @@
if (rp->rc_flag & RC_REPMBUF) {
m_freem(rp->rc_reply);
if (!(rp->rc_flag & RC_UDP))
- atomic_add_int(&nfsrc_tcpsavedreplies, -1);
+ atomic_add_int(&VNET(nfsrc_tcpsavedreplies), -1);
}
free(rp, M_NFSRVCACHE);
- atomic_add_int(&nfsstatsv1.srvcache_size, -1);
+ atomic_add_int(&NFSDSTATS(nfsstatsv1).srvcache_size, -1);
}
/*
@@ -814,20 +818,20 @@
int i;
for (i = 0; i < NFSRVCACHE_HASHSIZE; i++) {
- mtx_lock(&nfsrchash_table[i].mtx);
- LIST_FOREACH_SAFE(rp, &nfsrchash_table[i].tbl, rc_hash, nextrp)
+ mtx_lock(&VNET(nfsrchash_table)[i].mtx);
+ LIST_FOREACH_SAFE(rp, &VNET(nfsrchash_table)[i].tbl, rc_hash, nextrp)
nfsrc_freecache(rp);
- mtx_unlock(&nfsrchash_table[i].mtx);
+ mtx_unlock(&VNET(nfsrchash_table)[i].mtx);
}
mtx_lock(&nfsrc_udpmtx);
for (i = 0; i < NFSRVCACHE_HASHSIZE; i++) {
- LIST_FOREACH_SAFE(rp, &nfsrvudphashtbl[i], rc_hash, nextrp) {
+ LIST_FOREACH_SAFE(rp, &VNET(nfsrvudphashtbl)[i], rc_hash, nextrp) {
nfsrc_freecache(rp);
}
}
- nfsstatsv1.srvcache_size = 0;
+ NFSDSTATS(nfsstatsv1).srvcache_size = 0;
mtx_unlock(&nfsrc_udpmtx);
- nfsrc_tcpsavedreplies = 0;
+ VNET(nfsrc_tcpsavedreplies) = 0;
}
#define HISTSIZE 16
@@ -864,25 +868,25 @@
if (atomic_cmpset_acq_int(&onethread, 0, 1) == 0)
return;
if (NFSD_MONOSEC != udp_lasttrim ||
- nfsrc_udpcachesize >= (nfsrc_udphighwater +
+ VNET(nfsrc_udpcachesize) >= (nfsrc_udphighwater +
nfsrc_udphighwater / 2)) {
mtx_lock(&nfsrc_udpmtx);
udp_lasttrim = NFSD_MONOSEC;
- TAILQ_FOREACH_SAFE(rp, &nfsrvudplru, rc_lru, nextrp) {
+ TAILQ_FOREACH_SAFE(rp, &VNET(nfsrvudplru), rc_lru, nextrp) {
if (!(rp->rc_flag & (RC_INPROG|RC_LOCKED|RC_WANTED))
&& rp->rc_refcnt == 0
&& ((rp->rc_flag & RC_REFCNT) ||
udp_lasttrim > rp->rc_timestamp ||
- nfsrc_udpcachesize > nfsrc_udphighwater))
+ VNET(nfsrc_udpcachesize) > nfsrc_udphighwater))
nfsrc_freecache(rp);
}
mtx_unlock(&nfsrc_udpmtx);
}
if (NFSD_MONOSEC != tcp_lasttrim ||
- nfsrc_tcpsavedreplies >= nfsrc_tcphighwater) {
+ VNET(nfsrc_tcpsavedreplies) >= nfsrc_tcphighwater) {
force = nfsrc_tcphighwater / 4;
if (force > 0 &&
- nfsrc_tcpsavedreplies + force >= nfsrc_tcphighwater) {
+ VNET(nfsrc_tcpsavedreplies) + force >= nfsrc_tcphighwater) {
for (i = 0; i < HISTSIZE; i++)
time_histo[i] = 0;
i = 0;
@@ -901,8 +905,8 @@
tto = nfsrc_tcptimeout;
tcp_lasttrim = NFSD_MONOSEC;
for (; i <= lastslot; i++) {
- mtx_lock(&nfsrchash_table[i].mtx);
- LIST_FOREACH_SAFE(rp, &nfsrchash_table[i].tbl, rc_hash,
+ mtx_lock(&VNET(nfsrchash_table)[i].mtx);
+ LIST_FOREACH_SAFE(rp, &VNET(nfsrchash_table)[i].tbl, rc_hash,
nextrp) {
if (!(rp->rc_flag &
(RC_INPROG|RC_LOCKED|RC_WANTED))
@@ -932,7 +936,7 @@
time_histo[j]++;
}
}
- mtx_unlock(&nfsrchash_table[i].mtx);
+ mtx_unlock(&VNET(nfsrchash_table)[i].mtx);
}
if (force) {
/*
@@ -951,8 +955,8 @@
k = 1;
thisstamp = tcp_lasttrim + k;
for (i = 0; i < NFSRVCACHE_HASHSIZE; i++) {
- mtx_lock(&nfsrchash_table[i].mtx);
- LIST_FOREACH_SAFE(rp, &nfsrchash_table[i].tbl,
+ mtx_lock(&VNET(nfsrchash_table)[i].mtx);
+ LIST_FOREACH_SAFE(rp, &VNET(nfsrchash_table)[i].tbl,
rc_hash, nextrp) {
if (!(rp->rc_flag &
(RC_INPROG|RC_LOCKED|RC_WANTED))
@@ -962,7 +966,7 @@
rp->rc_acked == RC_ACK))
nfsrc_freecache(rp);
}
- mtx_unlock(&nfsrchash_table[i].mtx);
+ mtx_unlock(&VNET(nfsrchash_table)[i].mtx);
}
}
}
diff --git a/sys/fs/nfsserver/nfs_nfsdkrpc.c.vnetdcl b/sys/fs/nfsserver/nfs_nfsdkrpc.c
--- a/sys/fs/nfsserver/nfs_nfsdkrpc.c.vnetdcl
+++ b/sys/fs/nfsserver/nfs_nfsdkrpc.c
@@ -52,7 +52,6 @@
NFSDLOCKMUTEX;
NFSV4ROOTLOCKMUTEX;
-struct nfsv4lock nfsd_suspend_lock;
char *nfsrv_zeropnfsdat = NULL;
/*
@@ -85,32 +84,39 @@
SYSCTL_DECL(_vfs_nfsd);
-SVCPOOL *nfsrvd_pool;
-
-static int nfs_privport = 0;
-SYSCTL_INT(_vfs_nfsd, OID_AUTO, nfs_privport, CTLFLAG_RWTUN,
- &nfs_privport, 0,
+VNET_DEFINE_STATIC(int, nfs_privport) = 0;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, nfs_privport, CTLFLAG_VNET | CTLFLAG_RWTUN,
+ &VNET_NAME(nfs_privport), 0,
"Only allow clients using a privileged port for NFSv2, 3 and 4");
-static int nfs_minvers = NFS_VER2;
-SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_min_nfsvers, CTLFLAG_RWTUN,
- &nfs_minvers, 0, "The lowest version of NFS handled by the server");
+VNET_DEFINE_STATIC(int, nfs_minvers) = NFS_VER2;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_min_nfsvers,
+ CTLFLAG_VNET | CTLFLAG_RWTUN, &VNET_NAME(nfs_minvers), 0,
+ "The lowest version of NFS handled by the server");
-static int nfs_maxvers = NFS_VER4;
-SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_max_nfsvers, CTLFLAG_RWTUN,
- &nfs_maxvers, 0, "The highest version of NFS handled by the server");
+VNET_DEFINE_STATIC(int, nfs_maxvers) = NFS_VER4;
+SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_max_nfsvers,
+ CTLFLAG_VNET | CTLFLAG_RWTUN, &VNET_NAME(nfs_maxvers), 0,
+ "The highest version of NFS handled by the server");
static int nfs_proc(struct nfsrv_descript *, u_int32_t, SVCXPRT *xprt,
struct nfsrvcache **);
extern u_long sb_max_adj;
extern int newnfs_numnfsd;
-extern struct proc *nfsd_master_proc;
extern time_t nfsdev_time;
extern int nfsrv_writerpc[NFS_NPROCS];
extern volatile int nfsrv_devidcnt;
extern struct nfsv4_opflag nfsv4_opflag[NFSV42_NOPS];
+VNET_DECLARE(struct proc *, nfsd_master_proc);
+
+VNET_DEFINE(SVCPOOL *, nfsrvd_pool);
+VNET_DEFINE(int, nfsrv_numnfsd) = 0;
+VNET_DEFINE(struct nfsv4lock, nfsd_suspend_lock);
+
+VNET_DEFINE_STATIC(bool, nfsrvd_inited) = false;
+
/*
* NFS server system calls
*/
@@ -125,6 +131,7 @@
u_int maxlen;
#endif
+ CURVNET_SET(TD_TO_VNET(curthread));
memset(&nd, 0, sizeof(nd));
if (rqst->rq_vers == NFS_VER2) {
if (rqst->rq_proc > NFSV2PROC_STATFS ||
@@ -169,7 +176,7 @@
nd.nd_mreq = NULL;
nd.nd_cred = NULL;
- if (nfs_privport != 0) {
+ if (VNET(nfs_privport) != 0) {
/* Check if source port is privileged */
u_short port;
struct sockaddr *nam = nd.nd_nam;
@@ -261,9 +268,9 @@
* nfsv4root exports by nfsvno_v4rootexport().
*/
NFSLOCKV4ROOTMUTEX();
- nfsv4_lock(&nfsd_suspend_lock, 0, NULL, NFSV4ROOTLOCKMUTEXPTR,
+ nfsv4_lock(&VNET(nfsd_suspend_lock), 0, NULL, NFSV4ROOTLOCKMUTEXPTR,
NULL);
- nfsv4_getref(&nfsd_suspend_lock, NULL, NFSV4ROOTLOCKMUTEXPTR,
+ nfsv4_getref(&VNET(nfsd_suspend_lock), NULL, NFSV4ROOTLOCKMUTEXPTR,
NULL);
NFSUNLOCKV4ROOTMUTEX();
@@ -271,7 +278,7 @@
nd.nd_repstat = nfsvno_v4rootexport(&nd);
if (nd.nd_repstat != 0) {
NFSLOCKV4ROOTMUTEX();
- nfsv4_relref(&nfsd_suspend_lock);
+ nfsv4_relref(&VNET(nfsd_suspend_lock));
NFSUNLOCKV4ROOTMUTEX();
svcerr_weakauth(rqst);
svc_freereq(rqst);
@@ -287,7 +294,7 @@
#endif
cacherep = nfs_proc(&nd, rqst->rq_xid, xprt, &rp);
NFSLOCKV4ROOTMUTEX();
- nfsv4_relref(&nfsd_suspend_lock);
+ nfsv4_relref(&VNET(nfsd_suspend_lock));
NFSUNLOCKV4ROOTMUTEX();
} else {
NFSMGET(nd.nd_mreq);
@@ -327,6 +334,7 @@
svc_freereq(rqst);
out:
+ CURVNET_RESTORE();
ast_kclear(curthread);
NFSEXITCODE(0);
}
@@ -467,26 +475,28 @@
* unexpectedly.
*/
if (so->so_type == SOCK_DGRAM)
- xprt = svc_dg_create(nfsrvd_pool, so, 0, 0);
+ xprt = svc_dg_create(VNET(nfsrvd_pool), so, 0, 0);
else
- xprt = svc_vc_create(nfsrvd_pool, so, 0, 0);
+ xprt = svc_vc_create(VNET(nfsrvd_pool), so, 0, 0);
if (xprt) {
fp->f_ops = &badfileops;
fp->f_data = NULL;
xprt->xp_sockref = ++sockref;
- if (nfs_minvers == NFS_VER2)
+ if (VNET(nfs_minvers) == NFS_VER2)
svc_reg(xprt, NFS_PROG, NFS_VER2, nfssvc_program,
NULL);
- if (nfs_minvers <= NFS_VER3 && nfs_maxvers >= NFS_VER3)
+ if (VNET(nfs_minvers) <= NFS_VER3 &&
+ VNET(nfs_maxvers) >= NFS_VER3)
svc_reg(xprt, NFS_PROG, NFS_VER3, nfssvc_program,
NULL);
- if (nfs_maxvers >= NFS_VER4)
+ if (VNET(nfs_maxvers) >= NFS_VER4)
svc_reg(xprt, NFS_PROG, NFS_VER4, nfssvc_program,
NULL);
if (so->so_type == SOCK_STREAM)
svc_loss_reg(xprt, nfssvc_loss);
SVC_RELEASE(xprt);
- }
+ } else
+ error = EPERM;
out:
NFSEXITCODE(error);
@@ -518,13 +528,15 @@
* use.
*/
NFSD_LOCK();
- if (newnfs_numnfsd == 0) {
+ if (VNET(nfsrv_numnfsd) == 0) {
+ nfsrvd_init(0);
nfsdev_time = time_second;
p = td->td_proc;
PROC_LOCK(p);
p->p_flag2 |= P2_AST_SU;
PROC_UNLOCK(p);
- newnfs_numnfsd++;
+ newnfs_numnfsd++; /* Total num for all vnets. */
+ VNET(nfsrv_numnfsd)++; /* Num for this vnet. */
NFSD_UNLOCK();
error = nfsrv_createdevids(args, td);
@@ -546,8 +558,8 @@
"nfsd: can't register svc name\n");
}
- nfsrvd_pool->sp_minthreads = args->minthreads;
- nfsrvd_pool->sp_maxthreads = args->maxthreads;
+ VNET(nfsrvd_pool)->sp_minthreads = args->minthreads;
+ VNET(nfsrvd_pool)->sp_maxthreads = args->maxthreads;
/*
* If this is a pNFS service, make Getattr do a
@@ -558,7 +570,7 @@
nfsv4_opflag[NFSV4OP_GETATTR].modifyfs = 1;
}
- svc_run(nfsrvd_pool);
+ svc_run(VNET(nfsrvd_pool));
/* Reset Getattr to not do a vn_start_write(). */
nfsrv_writerpc[NFSPROC_GETATTR] = 0;
@@ -572,6 +584,7 @@
}
NFSD_LOCK();
newnfs_numnfsd--;
+ VNET(nfsrv_numnfsd)--;
nfsrvd_init(1);
PROC_LOCK(p);
p->p_flag2 &= ~P2_AST_SU;
@@ -596,21 +609,28 @@
NFSD_LOCK_ASSERT();
if (terminating) {
- nfsd_master_proc = NULL;
+ VNET(nfsd_master_proc) = NULL;
NFSD_UNLOCK();
nfsrv_freealllayoutsanddevids();
nfsrv_freeallbackchannel_xprts();
- svcpool_close(nfsrvd_pool);
+ svcpool_close(VNET(nfsrvd_pool));
free(nfsrv_zeropnfsdat, M_TEMP);
nfsrv_zeropnfsdat = NULL;
NFSD_LOCK();
} else {
+ /* Initialize per-vnet globals once per vnet. */
+ if (VNET(nfsrvd_inited))
+ return;
+ VNET(nfsrvd_inited) = true;
NFSD_UNLOCK();
- nfsrvd_pool = svcpool_create("nfsd",
+ nfsrvd_initcache();
+ nfsd_init();
+ nfsd_mntinit();
+ VNET(nfsrvd_pool) = svcpool_create("nfsd",
SYSCTL_STATIC_CHILDREN(_vfs_nfsd));
- nfsrvd_pool->sp_rcache = NULL;
- nfsrvd_pool->sp_assign = fhanew_assign;
- nfsrvd_pool->sp_done = fhanew_nd_complete;
+ VNET(nfsrvd_pool)->sp_rcache = NULL;
+ VNET(nfsrvd_pool)->sp_assign = fhanew_assign;
+ VNET(nfsrvd_pool)->sp_done = fhanew_nd_complete;
NFSD_LOCK();
}
}
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c.vnet b/sys/fs/nfsserver/nfs_nfsdport.c
--- a/sys/fs/nfsserver/nfs_nfsdport.c.vnet
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -59,38 +59,35 @@
extern u_int32_t newnfs_true, newnfs_false, newnfs_xdrneg1;
extern int nfsrv_useacl;
extern int newnfs_numnfsd;
-extern struct mount nfsv4root_mnt;
-extern struct nfsrv_stablefirst nfsrv_stablefirst;
-extern SVCPOOL *nfsrvd_pool;
-extern struct nfsv4lock nfsd_suspend_lock;
-extern struct nfsclienthashhead *nfsclienthash;
-extern struct nfslockhashhead *nfslockhash;
-extern struct nfssessionhash *nfssessionhash;
extern int nfsrv_sessionhashsize;
-extern struct nfsstatsv1 nfsstatsv1;
extern struct nfslayouthash *nfslayouthash;
extern int nfsrv_layouthashsize;
extern struct mtx nfsrv_dslock_mtx;
extern int nfs_pnfsiothreads;
-extern struct nfsdontlisthead nfsrv_dontlisthead;
-extern volatile int nfsrv_dontlistlen;
extern volatile int nfsrv_devidcnt;
extern int nfsrv_maxpnfsmirror;
extern uint32_t nfs_srvmaxio;
extern int nfs_bufpackets;
extern u_long sb_max_adj;
-struct vfsoptlist nfsv4root_opt, nfsv4root_newopt;
+
+NFSDSTATSDECLARE(nfsstatsv1);
+
+VNET_DECLARE(int, nfsrv_numnfsd);
+VNET_DECLARE(struct nfsrv_stablefirst, nfsrv_stablefirst);
+VNET_DECLARE(SVCPOOL *, nfsrvd_pool);
+VNET_DECLARE(struct nfsclienthashhead *, nfsclienthash);
+VNET_DECLARE(struct nfslockhashhead *, nfslockhash);
+VNET_DECLARE(struct nfssessionhash *, nfssessionhash);
+VNET_DECLARE(struct nfsv4lock, nfsd_suspend_lock);
+
NFSDLOCKMUTEX;
NFSSTATESPINLOCK;
-struct nfsrchash_bucket nfsrchash_table[NFSRVCACHE_HASHSIZE];
-struct nfsrchash_bucket nfsrcahash_table[NFSRVCACHE_HASHSIZE];
struct mtx nfsrc_udpmtx;
struct mtx nfs_v4root_mutex;
struct mtx nfsrv_dontlistlock_mtx;
struct mtx nfsrv_recalllock_mtx;
-struct nfsrvfh nfs_rootfh, nfs_pubfh;
-int nfs_pubfhset = 0, nfs_rootfhset = 0;
-struct proc *nfsd_master_proc = NULL;
+struct nfsrvfh nfs_pubfh;
+int nfs_pubfhset = 0;
int nfsd_debuglevel = 0;
static pid_t nfsd_master_pid = (pid_t)-1;
static char nfsd_master_comm[MAXCOMLEN + 1];
@@ -99,6 +96,18 @@
static fhandle_t zerofh;
struct callout nfsd_callout;
+VNET_DEFINE(struct proc *, nfsd_master_proc) = NULL;
+VNET_DEFINE(struct nfsrchash_bucket, nfsrchash_table[NFSRVCACHE_HASHSIZE]);
+VNET_DEFINE(struct nfsrchash_bucket, nfsrcahash_table[NFSRVCACHE_HASHSIZE]);
+VNET_DEFINE(struct nfsrvfh, nfs_rootfh);
+VNET_DEFINE(int, nfs_rootfhset) = 0;
+
+VNET_DEFINE_STATIC(struct mount, nfsv4root_mnt);
+VNET_DEFINE_STATIC(struct vfsoptlist, nfsv4root_opt);
+VNET_DEFINE_STATIC(struct vfsoptlist, nfsv4root_newopt);
+VNET_DEFINE_STATIC(bool, nfsrv_suspend_nfsd) = false;
+VNET_DEFINE_STATIC(bool, nfsrv_mntinited) = false;
+
static int nfssvc_srvcall(struct thread *, struct nfssvc_args *,
struct ucred *);
static void nfsvno_updateds(struct vnode *, struct ucred *, struct thread *);
@@ -1026,7 +1035,7 @@
nh = nfsrv_sequential_heuristic(uiop, vp);
ioflag |= nh->nh_seqcount << IO_SEQSHIFT;
/* XXX KDM make this more systematic? */
- nfsstatsv1.srvbytes[NFSV4OP_READ] += uiop->uio_resid;
+ NFSDSTATS(nfsstatsv1).srvbytes[NFSV4OP_READ] += uiop->uio_resid;
error = VOP_READ(vp, uiop, IO_NODELOCKED | ioflag, cred);
free(iv, M_TEMP);
if (error) {
@@ -1151,7 +1160,7 @@
nh = nfsrv_sequential_heuristic(uiop, vp);
ioflags |= nh->nh_seqcount << IO_SEQSHIFT;
/* XXX KDM make this more systematic? */
- nfsstatsv1.srvbytes[NFSV4OP_WRITE] += uiop->uio_resid;
+ NFSDSTATS(nfsstatsv1).srvbytes[NFSV4OP_WRITE] += uiop->uio_resid;
error = VOP_WRITE(vp, uiop, ioflags, cred);
if (error == 0)
nh->nh_nextoff = uiop->uio_offset;
@@ -3255,7 +3264,7 @@
error = VFS_CHECKEXP(mp, nam, &exp->nes_exflag, credp,
&exp->nes_numsecflavor, exp->nes_secflavors);
if (error) {
- if (nfs_rootfhset) {
+ if (VNET(nfs_rootfhset)) {
exp->nes_exflag = 0;
exp->nes_numsecflavor = 0;
error = 0;
@@ -3290,7 +3299,7 @@
error = VFS_CHECKEXP(mp, nam, &exp->nes_exflag, credp,
&exp->nes_numsecflavor, exp->nes_secflavors);
if (error) {
- if (nfs_rootfhset) {
+ if (VNET(nfs_rootfhset)) {
exp->nes_exflag = 0;
exp->nes_numsecflavor = 0;
error = 0;
@@ -3458,9 +3467,9 @@
struct nameidata nd;
fhandle_t fh;
- error = vfs_export(&nfsv4root_mnt, &nfsexargp->export);
+ error = vfs_export(&VNET(nfsv4root_mnt), &nfsexargp->export);
if ((nfsexargp->export.ex_flags & MNT_DELEXPORT) != 0)
- nfs_rootfhset = 0;
+ VNET(nfs_rootfhset) = 0;
else if (error == 0) {
if (nfsexargp->fspec == NULL) {
error = EPERM;
@@ -3475,11 +3484,11 @@
error = nfsvno_getfh(nd.ni_vp, &fh, p);
vrele(nd.ni_vp);
if (!error) {
- nfs_rootfh.nfsrvfh_len = NFSX_MYFH;
+ VNET(nfs_rootfh).nfsrvfh_len = NFSX_MYFH;
NFSBCOPY((caddr_t)&fh,
- nfs_rootfh.nfsrvfh_data,
+ VNET(nfs_rootfh).nfsrvfh_data,
sizeof (fhandle_t));
- nfs_rootfhset = 1;
+ VNET(nfs_rootfhset) = 1;
}
}
@@ -3515,29 +3524,34 @@
void
nfsd_mntinit(void)
{
- static int inited = 0;
- if (inited)
+ if (VNET(nfsrv_mntinited))
return;
- inited = 1;
- nfsv4root_mnt.mnt_flag = (MNT_RDONLY | MNT_EXPORTED);
- TAILQ_INIT(&nfsv4root_mnt.mnt_nvnodelist);
- TAILQ_INIT(&nfsv4root_mnt.mnt_lazyvnodelist);
- nfsv4root_mnt.mnt_export = NULL;
- TAILQ_INIT(&nfsv4root_opt);
- TAILQ_INIT(&nfsv4root_newopt);
- nfsv4root_mnt.mnt_opt = &nfsv4root_opt;
- nfsv4root_mnt.mnt_optnew = &nfsv4root_newopt;
- nfsv4root_mnt.mnt_nvnodelistsize = 0;
- nfsv4root_mnt.mnt_lazyvnodelistsize = 0;
+ VNET(nfsrv_mntinited) = true;
+ VNET(nfsv4root_mnt).mnt_flag = (MNT_RDONLY | MNT_EXPORTED);
+ mtx_init(&VNET(nfsv4root_mnt).mnt_mtx, "nfs4mnt", NULL, MTX_DEF);
+ lockinit(&VNET(nfsv4root_mnt).mnt_explock, PVFS, "explock", 0, 0);
+ TAILQ_INIT(&VNET(nfsv4root_mnt).mnt_nvnodelist);
+ TAILQ_INIT(&VNET(nfsv4root_mnt).mnt_lazyvnodelist);
+ VNET(nfsv4root_mnt).mnt_export = NULL;
+ TAILQ_INIT(&VNET(nfsv4root_opt));
+ TAILQ_INIT(&VNET(nfsv4root_newopt));
+ VNET(nfsv4root_mnt).mnt_opt = &VNET(nfsv4root_opt);
+ VNET(nfsv4root_mnt).mnt_optnew = &VNET(nfsv4root_newopt);
+ VNET(nfsv4root_mnt).mnt_nvnodelistsize = 0;
+ VNET(nfsv4root_mnt).mnt_lazyvnodelistsize = 0;
}
static void
nfsd_timer(void *arg)
{
+ struct vnet *vnetp;
+ vnetp = (struct vnet *)arg;
+ CURVNET_SET(vnetp);
nfsrv_servertimer();
- callout_reset_sbt(&nfsd_callout, SBT_1S, SBT_1S, nfsd_timer, NULL, 0);
+ CURVNET_RESTORE();
+ callout_reset_sbt(&nfsd_callout, SBT_1S, SBT_1S, nfsd_timer, arg, 0);
}
/*
@@ -3619,7 +3633,7 @@
int error = 0, numsecflavor, secflavors[MAXSECFLAVORS], i;
uint64_t exflags;
- error = vfs_stdcheckexp(&nfsv4root_mnt, nd->nd_nam, &exflags,
+ error = vfs_stdcheckexp(&VNET(nfsv4root_mnt), nd->nd_nam, &exflags,
&credanon, &numsecflavor, secflavors);
if (error) {
error = NFSERR_PROGUNAVAIL;
@@ -3674,6 +3688,12 @@
char *buf, *cp, *cp2, *cp3;
char fname[PNFS_FILENAME_LEN + 1];
+printf("VNET_NFSD=%d\n", VNET_NFSD);
+ if (jailed(td->td_ucred) && !prison_check_nfsd(td->td_ucred)) {
+ error = EPERM;
+ goto out;
+ }
+ nfsd_mntinit();
if (uap->flag & NFSSVC_NFSDADDSOCK) {
error = copyin(uap->argp, (caddr_t)&sockarg, sizeof (sockarg));
if (error)
@@ -3781,7 +3801,7 @@
nfsdarg.mdspathlen = 0;
nfsdarg.mirrorcnt = 1;
}
- nfsd_timer(NULL);
+ nfsd_timer(TD_TO_VNET(td));
error = nfsrvd_nfsd(td, &nfsdarg);
free(nfsdarg.addr, M_TEMP);
free(nfsdarg.dnshost, M_TEMP);
@@ -3881,7 +3901,6 @@
int error = EINVAL, igotlock;
struct proc *procp;
gid_t *grps;
- static int suspend_nfsd = 0;
if (uap->flag & NFSSVC_PUBLICFH) {
NFSBZERO((caddr_t)&nfs_pubfh.nfsrvfh_data,
@@ -3965,10 +3984,10 @@
error = fp_getfvp(p, stablefd, &fp, &vp);
if (!error && (NFSFPFLAG(fp) & (FREAD | FWRITE)) != (FREAD | FWRITE))
error = EBADF;
- if (!error && newnfs_numnfsd != 0)
+ if (!error && VNET(nfsrv_numnfsd) != 0)
error = EPERM;
if (!error) {
- nfsrv_stablefirst.nsf_fp = fp;
+ VNET(nfsrv_stablefirst).nsf_fp = fp;
nfsrv_setupstable(p);
}
} else if (uap->flag & NFSSVC_ADMINREVOKE) {
@@ -4015,25 +4034,25 @@
nfsd_master_pid = procp->p_pid;
bcopy(procp->p_comm, nfsd_master_comm, MAXCOMLEN + 1);
nfsd_master_start = procp->p_stats->p_start;
- nfsd_master_proc = procp;
+ VNET(nfsd_master_proc) = procp;
PROC_UNLOCK(procp);
} else if ((uap->flag & NFSSVC_SUSPENDNFSD) != 0) {
NFSLOCKV4ROOTMUTEX();
- if (suspend_nfsd == 0) {
+ if (!VNET(nfsrv_suspend_nfsd)) {
/* Lock out all nfsd threads */
do {
- igotlock = nfsv4_lock(&nfsd_suspend_lock, 1,
+ igotlock = nfsv4_lock(&VNET(nfsd_suspend_lock), 1,
NULL, NFSV4ROOTLOCKMUTEXPTR, NULL);
- } while (igotlock == 0 && suspend_nfsd == 0);
- suspend_nfsd = 1;
+ } while (igotlock == 0 && !VNET(nfsrv_suspend_nfsd));
+ VNET(nfsrv_suspend_nfsd) = true;
}
NFSUNLOCKV4ROOTMUTEX();
error = 0;
} else if ((uap->flag & NFSSVC_RESUMENFSD) != 0) {
NFSLOCKV4ROOTMUTEX();
- if (suspend_nfsd != 0) {
- nfsv4_unlock(&nfsd_suspend_lock, 0);
- suspend_nfsd = 0;
+ if (VNET(nfsrv_suspend_nfsd)) {
+ nfsv4_unlock(&VNET(nfsd_suspend_lock), 0);
+ VNET(nfsrv_suspend_nfsd) = false;
}
NFSUNLOCKV4ROOTMUTEX();
error = 0;
@@ -4141,10 +4160,10 @@
{
struct proc *procp;
- if (nfsd_master_proc != NULL) {
+ if (VNET(nfsd_master_proc) != NULL) {
procp = pfind(nfsd_master_pid);
/* Try to make sure it is the correct process. */
- if (procp == nfsd_master_proc &&
+ if (procp == VNET(nfsd_master_proc) &&
procp->p_stats->p_start.tv_sec ==
nfsd_master_start.tv_sec &&
procp->p_stats->p_start.tv_usec ==
@@ -4152,7 +4171,7 @@
strcmp(procp->p_comm, nfsd_master_comm) == 0)
kern_psignal(procp, SIGUSR2);
else
- nfsd_master_proc = NULL;
+ VNET(nfsd_master_proc) = NULL;
if (procp != NULL)
PROC_UNLOCK(procp);
@@ -7079,24 +7098,13 @@
if (loaded)
goto out;
newnfs_portinit();
- for (i = 0; i < NFSRVCACHE_HASHSIZE; i++) {
- mtx_init(&nfsrchash_table[i].mtx, "nfsrtc", NULL,
- MTX_DEF);
- mtx_init(&nfsrcahash_table[i].mtx, "nfsrtca", NULL,
- MTX_DEF);
- }
mtx_init(&nfsrc_udpmtx, "nfsuc", NULL, MTX_DEF);
mtx_init(&nfs_v4root_mutex, "nfs4rt", NULL, MTX_DEF);
- mtx_init(&nfsv4root_mnt.mnt_mtx, "nfs4mnt", NULL, MTX_DEF);
mtx_init(&nfsrv_dontlistlock_mtx, "nfs4dnl", NULL, MTX_DEF);
mtx_init(&nfsrv_recalllock_mtx, "nfs4rec", NULL, MTX_DEF);
- lockinit(&nfsv4root_mnt.mnt_explock, PVFS, "explock", 0, 0);
callout_init(&nfsd_callout, 1);
- nfsrvd_initcache();
- nfsd_init();
- NFSD_LOCK();
- nfsrvd_init(0);
- NFSD_UNLOCK();
+ NFSDSTATS(nfsstatsv1).srvcache_tcppeak = 0;
+ NFSDSTATS(nfsstatsv1).srvcache_size = 0;
nfsd_mntinit();
#ifdef VV_DISABLEDELEG
vn_deleg_ops.vndeleg_recall = nfsd_recalldelegation;
@@ -7126,30 +7134,30 @@
nfsrvd_cleancache();
/* Free up the krpc server pool. */
- if (nfsrvd_pool != NULL)
- svcpool_destroy(nfsrvd_pool);
+ if (VNET(nfsrvd_pool) != NULL)
+ svcpool_destroy(VNET(nfsrvd_pool));
/* and get rid of the locks */
for (i = 0; i < NFSRVCACHE_HASHSIZE; i++) {
- mtx_destroy(&nfsrchash_table[i].mtx);
- mtx_destroy(&nfsrcahash_table[i].mtx);
+ mtx_destroy(&VNET(nfsrchash_table)[i].mtx);
+ mtx_destroy(&VNET(nfsrcahash_table)[i].mtx);
}
mtx_destroy(&nfsrc_udpmtx);
mtx_destroy(&nfs_v4root_mutex);
- mtx_destroy(&nfsv4root_mnt.mnt_mtx);
+ mtx_destroy(&VNET(nfsv4root_mnt).mnt_mtx);
mtx_destroy(&nfsrv_dontlistlock_mtx);
mtx_destroy(&nfsrv_recalllock_mtx);
for (i = 0; i < nfsrv_sessionhashsize; i++)
- mtx_destroy(&nfssessionhash[i].mtx);
+ mtx_destroy(&VNET(nfssessionhash)[i].mtx);
if (nfslayouthash != NULL) {
for (i = 0; i < nfsrv_layouthashsize; i++)
mtx_destroy(&nfslayouthash[i].mtx);
free(nfslayouthash, M_NFSDSESSION);
}
- lockdestroy(&nfsv4root_mnt.mnt_explock);
- free(nfsclienthash, M_NFSDCLIENT);
- free(nfslockhash, M_NFSDLOCKFILE);
- free(nfssessionhash, M_NFSDSESSION);
+ lockdestroy(&VNET(nfsv4root_mnt).mnt_explock);
+ free(VNET(nfsclienthash), M_NFSDCLIENT);
+ free(VNET(nfslockhash), M_NFSDLOCKFILE);
+ free(VNET(nfssessionhash), M_NFSDSESSION);
loaded = 0;
break;
default:
diff --git a/sys/fs/nfsserver/nfs_nfsdsocket.c.vnet b/sys/fs/nfsserver/nfs_nfsdsocket.c
--- a/sys/fs/nfsserver/nfs_nfsdsocket.c.vnet
+++ b/sys/fs/nfsserver/nfs_nfsdsocket.c
@@ -42,20 +42,25 @@
#include <fs/nfs/nfsport.h>
-extern struct nfsstatsv1 nfsstatsv1;
-extern struct nfsrvfh nfs_pubfh, nfs_rootfh;
-extern int nfs_pubfhset, nfs_rootfhset;
+extern struct nfsrvfh nfs_pubfh;
+extern int nfs_pubfhset;
extern struct nfsv4lock nfsv4rootfs_lock;
-extern struct nfsrv_stablefirst nfsrv_stablefirst;
-extern struct nfsclienthashhead *nfsclienthash;
extern int nfsrv_clienthashsize;
-extern int nfsrc_floodlevel, nfsrc_tcpsavedreplies;
extern int nfsd_debuglevel;
extern int nfsrv_layouthighwater;
extern volatile int nfsrv_layoutcnt;
NFSV4ROOTLOCKMUTEX;
NFSSTATESPINLOCK;
+NFSDSTATSDECLARE(nfsstatsv1);
+
+VNET_DECLARE(struct nfsrv_stablefirst, nfsrv_stablefirst);
+VNET_DECLARE(struct nfsclienthashhead *, nfsclienthash);
+VNET_DECLARE(int, nfsrc_floodlevel);
+VNET_DECLARE(int, nfsrc_tcpsavedreplies);
+VNET_DECLARE(struct nfsrvfh, nfs_rootfh);
+VNET_DECLARE(int, nfs_rootfhset);
+
int (*nfsrv3_procs0[NFS_V3NPROCS])(struct nfsrv_descript *,
int, vnode_t , struct nfsexstuff *) = {
(int (*)(struct nfsrv_descript *, int, vnode_t , struct nfsexstuff *))0,
@@ -471,15 +476,15 @@
}
mtx_lock(&nfsrvd_statmtx);
- if (nfsstatsv1.srvstartcnt == nfsstatsv1.srvdonecnt) {
+ if (NFSDSTATS(nfsstatsv1).srvstartcnt == NFSDSTATS(nfsstatsv1).srvdonecnt) {
if (now != NULL)
- nfsstatsv1.busyfrom = *now;
+ NFSDSTATS(nfsstatsv1).busyfrom = *now;
else
- binuptime(&nfsstatsv1.busyfrom);
+ binuptime(&NFSDSTATS(nfsstatsv1).busyfrom);
}
- nfsstatsv1.srvrpccnt[op]++;
- nfsstatsv1.srvstartcnt++;
+ NFSDSTATS(nfsstatsv1).srvrpccnt[op]++;
+ NFSDSTATS(nfsstatsv1).srvstartcnt++;
mtx_unlock(&nfsrvd_statmtx);
}
@@ -502,21 +507,21 @@
mtx_lock(&nfsrvd_statmtx);
- nfsstatsv1.srvbytes[op] += bytes;
- nfsstatsv1.srvops[op]++;
+ NFSDSTATS(nfsstatsv1).srvbytes[op] += bytes;
+ NFSDSTATS(nfsstatsv1).srvops[op]++;
if (then != NULL) {
dt = *now;
bintime_sub(&dt, then);
- bintime_add(&nfsstatsv1.srvduration[op], &dt);
+ bintime_add(&NFSDSTATS(nfsstatsv1).srvduration[op], &dt);
}
dt = *now;
- bintime_sub(&dt, &nfsstatsv1.busyfrom);
- bintime_add(&nfsstatsv1.busytime, &dt);
- nfsstatsv1.busyfrom = *now;
+ bintime_sub(&dt, &NFSDSTATS(nfsstatsv1).busyfrom);
+ bintime_add(&NFSDSTATS(nfsstatsv1).busytime, &dt);
+ NFSDSTATS(nfsstatsv1).busyfrom = *now;
- nfsstatsv1.srvdonecnt++;
+ NFSDSTATS(nfsstatsv1).srvdonecnt++;
mtx_unlock(&nfsrvd_statmtx);
}
@@ -753,7 +758,7 @@
*/
igotlock = 0;
NFSLOCKV4ROOTMUTEX();
- if (nfsrv_stablefirst.nsf_flags & NFSNSF_NEEDLOCK)
+ if (VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_NEEDLOCK)
igotlock = nfsv4_lock(&nfsv4rootfs_lock, 1, NULL,
NFSV4ROOTLOCKMUTEXPTR, NULL);
else
@@ -766,8 +771,8 @@
* Done when the grace period is over or a client has long
* since expired.
*/
- nfsrv_stablefirst.nsf_flags &= ~NFSNSF_NEEDLOCK;
- if ((nfsrv_stablefirst.nsf_flags &
+ VNET(nfsrv_stablefirst).nsf_flags &= ~NFSNSF_NEEDLOCK;
+ if ((VNET(nfsrv_stablefirst).nsf_flags &
(NFSNSF_GRACEOVER | NFSNSF_UPDATEDONE)) == NFSNSF_GRACEOVER)
nfsrv_updatestable(p);
@@ -777,10 +782,10 @@
* stable storage file and then remove them from the client
* list.
*/
- if (nfsrv_stablefirst.nsf_flags & NFSNSF_EXPIREDCLIENT) {
- nfsrv_stablefirst.nsf_flags &= ~NFSNSF_EXPIREDCLIENT;
+ if (VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_EXPIREDCLIENT) {
+ VNET(nfsrv_stablefirst).nsf_flags &= ~NFSNSF_EXPIREDCLIENT;
for (i = 0; i < nfsrv_clienthashsize; i++) {
- LIST_FOREACH_SAFE(clp, &nfsclienthash[i], lc_hash,
+ LIST_FOREACH_SAFE(clp, &VNET(nfsclienthash)[i], lc_hash,
nclp) {
if (clp->lc_flags & LCL_EXPIREIT) {
if (!LIST_EMPTY(&clp->lc_open) ||
@@ -814,7 +819,7 @@
* If flagged, search for open owners that haven't had any opens
* for a long time.
*/
- if (nfsrv_stablefirst.nsf_flags & NFSNSF_NOOPENS) {
+ if (VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_NOOPENS) {
nfsrv_throwawayopens(p);
}
@@ -941,8 +946,8 @@
if (i == 0 && (nd->nd_rp == NULL ||
nd->nd_rp->rc_refcnt == 0) &&
(nfsrv_mallocmget_limit() ||
- nfsrc_tcpsavedreplies > nfsrc_floodlevel)) {
- if (nfsrc_tcpsavedreplies > nfsrc_floodlevel)
+ VNET(nfsrc_tcpsavedreplies) > VNET(nfsrc_floodlevel))) {
+ if (VNET(nfsrc_tcpsavedreplies) > VNET(nfsrc_floodlevel))
printf("nfsd server cache flooded, try "
"increasing vfs.nfsd.tcphighwater\n");
nd->nd_repstat = NFSERR_RESOURCE;
@@ -1033,7 +1038,7 @@
}
break;
case NFSV4OP_PUTROOTFH:
- if (nfs_rootfhset) {
+ if (VNET(nfs_rootfhset)) {
if ((nd->nd_flag & ND_LASTOP) == 0) {
/*
* Pre-parse the next op#. If it is
@@ -1054,7 +1059,7 @@
} while (nextop == NFSV4OP_SAVEFH &&
i < numops - 1);
}
- nfsd_fhtovp(nd, &nfs_rootfh, LK_SHARED, &nvp,
+ nfsd_fhtovp(nd, &VNET(nfs_rootfh), LK_SHARED, &nvp,
&nes, NULL, 0, nextop);
if (!nd->nd_repstat) {
if (vp)
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c.vnetdcl b/sys/fs/nfsserver/nfs_nfsdstate.c
--- a/sys/fs/nfsserver/nfs_nfsdstate.c.vnetdcl
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@@ -35,17 +35,19 @@
#include <sys/extattr.h>
#include <fs/nfs/nfsport.h>
-struct nfsrv_stablefirst nfsrv_stablefirst;
int nfsrv_issuedelegs = 0;
int nfsrv_dolocallocks = 0;
struct nfsv4lock nfsv4rootfs_lock;
time_t nfsdev_time = 0;
int nfsrv_layouthashsize;
volatile int nfsrv_layoutcnt = 0;
-extern uint32_t nfs_srvmaxio;
-extern int newnfs_numnfsd;
-extern struct nfsstatsv1 nfsstatsv1;
+VNET_DEFINE(struct nfsrv_stablefirst, nfsrv_stablefirst);
+
+VNET_DECLARE(int, nfsrv_numnfsd);
+VNET_DECLARE(struct nfsdontlisthead, nfsrv_dontlisthead);
+
+extern uint32_t nfs_srvmaxio;
extern int nfsrv_lease;
extern struct timeval nfsboottime;
extern u_int32_t newnfs_true, newnfs_false;
@@ -59,11 +61,12 @@
extern int nfsrv_maxpnfsmirror;
NFSV4ROOTLOCKMUTEX;
NFSSTATESPINLOCK;
-extern struct nfsdontlisthead nfsrv_dontlisthead;
extern volatile int nfsrv_devidcnt;
extern struct nfslayouthead nfsrv_recalllisthead;
extern char *nfsrv_zeropnfsdat;
+NFSDSTATSDECLARE(nfsstatsv1);
+
SYSCTL_DECL(_vfs_nfsd);
int nfsrv_statehashsize = NFSSTATEHASHSIZE;
SYSCTL_INT(_vfs_nfsd, OID_AUTO, statehashsize, CTLFLAG_RDTUN,
@@ -118,20 +121,22 @@
/*
* Hash lists for nfs V4.
*/
-struct nfsclienthashhead *nfsclienthash;
-struct nfslockhashhead *nfslockhash;
-struct nfssessionhash *nfssessionhash;
+VNET_DEFINE(struct nfsclienthashhead *, nfsclienthash);
+VNET_DEFINE(struct nfslockhashhead *, nfslockhash);
+VNET_DEFINE(struct nfssessionhash *, nfssessionhash);
+VNET_DEFINE(volatile int, nfsrv_dontlistlen) = 0;
+
struct nfslayouthash *nfslayouthash;
-volatile int nfsrv_dontlistlen = 0;
static u_int32_t nfsrv_openpluslock = 0, nfsrv_delegatecnt = 0;
-static time_t nfsrvboottime;
static int nfsrv_returnoldstateid = 0, nfsrv_clients = 0;
static int nfsrv_clienthighwater = NFSRV_CLIENTHIGHWATER;
static int nfsrv_nogsscallback = 0;
static volatile int nfsrv_writedelegcnt = 0;
static int nfsrv_faildscnt;
+VNET_DEFINE_STATIC(time_t, nfsrvboottime);
+
/* local functions */
static void nfsrv_dumpaclient(struct nfsclient *clp,
struct nfsd_dumpclients *dumpp);
@@ -298,7 +303,7 @@
*/
gotit = i = 0;
while (i < nfsrv_clienthashsize && !gotit) {
- LIST_FOREACH(clp, &nfsclienthash[i], lc_hash) {
+ LIST_FOREACH(clp, &VNET(nfsclienthash)[i], lc_hash) {
if (new_clp->lc_idlen == clp->lc_idlen &&
!NFSBCMP(new_clp->lc_id, clp->lc_id, clp->lc_idlen)) {
gotit = 1;
@@ -343,7 +348,7 @@
confirmp->qval = new_clp->lc_confirm.qval =
++confirm_index;
clientidp->lval[0] = new_clp->lc_clientid.lval[0] =
- (u_int32_t)nfsrvboottime;
+ VNET(nfsrvboottime);
clientidp->lval[1] = new_clp->lc_clientid.lval[1] =
nfsrv_nextclientindex();
new_clp->lc_stateindex = 0;
@@ -359,7 +364,7 @@
LIST_INIT(&new_clp->lc_stateid[i]);
LIST_INSERT_HEAD(NFSCLIENTHASH(new_clp->lc_clientid), new_clp,
lc_hash);
- nfsstatsv1.srvclients++;
+ NFSDSTATS(nfsstatsv1).srvclients++;
nfsrv_openpluslock++;
nfsrv_clients++;
NFSLOCKV4ROOTMUTEX();
@@ -457,7 +462,7 @@
confirmp->qval = new_clp->lc_confirm.qval =
++confirm_index;
clientidp->lval[0] = new_clp->lc_clientid.lval[0] =
- nfsrvboottime;
+ VNET(nfsrvboottime);
clientidp->lval[1] = new_clp->lc_clientid.lval[1] =
nfsrv_nextclientindex();
new_clp->lc_stateindex = 0;
@@ -488,7 +493,7 @@
LIST_INIT(&new_clp->lc_session);
LIST_INSERT_HEAD(NFSCLIENTHASH(new_clp->lc_clientid), new_clp,
lc_hash);
- nfsstatsv1.srvclients++;
+ NFSDSTATS(nfsstatsv1).srvclients++;
nfsrv_openpluslock++;
nfsrv_clients++;
NFSLOCKV4ROOTMUTEX();
@@ -553,7 +558,7 @@
LIST_INIT(&new_clp->lc_session);
LIST_INSERT_HEAD(NFSCLIENTHASH(new_clp->lc_clientid), new_clp,
lc_hash);
- nfsstatsv1.srvclients++;
+ NFSDSTATS(nfsstatsv1).srvclients++;
nfsrv_openpluslock++;
nfsrv_clients++;
}
@@ -604,7 +609,7 @@
if (clpp)
*clpp = NULL;
if ((nd == NULL || (nd->nd_flag & ND_NFSV41) == 0 ||
- opflags != CLOPS_RENEW) && nfsrvboottime != clientid.lval[0]) {
+ opflags != CLOPS_RENEW) && VNET(nfsrvboottime) != clientid.lval[0]) {
error = NFSERR_STALECLIENTID;
goto out;
}
@@ -820,7 +825,7 @@
struct nfsclienthashhead *hp;
int error = 0, i, igotlock;
- if (nfsrvboottime != clientid.lval[0]) {
+ if (VNET(nfsrvboottime) != clientid.lval[0]) {
error = NFSERR_STALECLIENTID;
goto out;
}
@@ -912,7 +917,7 @@
*/
gotit = i = 0;
while (i < nfsrv_clienthashsize && !gotit) {
- LIST_FOREACH(clp, &nfsclienthash[i], lc_hash) {
+ LIST_FOREACH(clp, &VNET(nfsclienthash)[i], lc_hash) {
if (revokep->nclid_idlen == clp->lc_idlen &&
!NFSBCMP(revokep->nclid_id, clp->lc_id, clp->lc_idlen)) {
gotit = 1;
@@ -974,8 +979,8 @@
* Rattle through the client lists until done.
*/
while (i < nfsrv_clienthashsize && cnt < maxcnt) {
- clp = LIST_FIRST(&nfsclienthash[i]);
- while (clp != LIST_END(&nfsclienthash[i]) && cnt < maxcnt) {
+ clp = LIST_FIRST(&VNET(nfsclienthash)[i]);
+ while (clp != LIST_END(&VNET(nfsclienthash)[i]) && cnt < maxcnt) {
nfsrv_dumpaclient(clp, &dumpp[cnt]);
cnt++;
clp = LIST_NEXT(clp, lc_hash);
@@ -1251,14 +1256,14 @@
* If server hasn't started yet, just return.
*/
NFSLOCKSTATE();
- if (nfsrv_stablefirst.nsf_eograce == 0) {
+ if (VNET(nfsrv_stablefirst).nsf_eograce == 0) {
NFSUNLOCKSTATE();
return;
}
- if (!(nfsrv_stablefirst.nsf_flags & NFSNSF_UPDATEDONE)) {
- if (!(nfsrv_stablefirst.nsf_flags & NFSNSF_GRACEOVER) &&
- NFSD_MONOSEC > nfsrv_stablefirst.nsf_eograce)
- nfsrv_stablefirst.nsf_flags |=
+ if (!(VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_UPDATEDONE)) {
+ if (!(VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_GRACEOVER) &&
+ NFSD_MONOSEC > VNET(nfsrv_stablefirst).nsf_eograce)
+ VNET(nfsrv_stablefirst).nsf_flags |=
(NFSNSF_GRACEOVER | NFSNSF_NEEDLOCK);
NFSUNLOCKSTATE();
return;
@@ -1281,8 +1286,8 @@
* For each client...
*/
for (i = 0; i < nfsrv_clienthashsize; i++) {
- clp = LIST_FIRST(&nfsclienthash[i]);
- while (clp != LIST_END(&nfsclienthash[i])) {
+ clp = LIST_FIRST(&VNET(nfsclienthash)[i]);
+ while (clp != LIST_END(&VNET(nfsclienthash)[i])) {
nclp = LIST_NEXT(clp, lc_hash);
if (!(clp->lc_flags & LCL_EXPIREIT)) {
if (((clp->lc_expiry + NFSRV_STALELEASE) < NFSD_MONOSEC
@@ -1313,7 +1318,7 @@
* by an nfsd sometime soon.
*/
clp->lc_flags |= LCL_EXPIREIT;
- nfsrv_stablefirst.nsf_flags |=
+ VNET(nfsrv_stablefirst).nsf_flags |=
(NFSNSF_NEEDLOCK | NFSNSF_EXPIREDCLIENT);
} else {
/*
@@ -1331,7 +1336,7 @@
if (stp->ls_noopens > NFSNOOPEN ||
(nfsrv_openpluslock * 2) >
nfsrv_v4statelimit)
- nfsrv_stablefirst.nsf_flags |=
+ VNET(nfsrv_stablefirst).nsf_flags |=
NFSNSF_NOOPENS;
} else {
stp->ls_noopens = 0;
@@ -1397,7 +1402,7 @@
free(clp->lc_stateid, M_NFSDCLIENT);
free(clp, M_NFSDCLIENT);
NFSLOCKSTATE();
- nfsstatsv1.srvclients--;
+ NFSDSTATS(nfsstatsv1).srvclients--;
nfsrv_openpluslock--;
nfsrv_clients--;
NFSUNLOCKSTATE();
@@ -1440,7 +1445,7 @@
nfsv4_testlock(&lfp->lf_locallock_lck) == 0)
nfsrv_freenfslockfile(lfp);
free(stp, M_NFSDSTATE);
- nfsstatsv1.srvdelegates--;
+ NFSDSTATS(nfsstatsv1).srvdelegates--;
nfsrv_openpluslock--;
nfsrv_delegatecnt--;
}
@@ -1466,7 +1471,7 @@
if (stp->ls_op)
nfsrvd_derefcache(stp->ls_op);
free(stp, M_NFSDSTATE);
- nfsstatsv1.srvopenowners--;
+ NFSDSTATS(nfsstatsv1).srvopenowners--;
nfsrv_openpluslock--;
}
@@ -1516,7 +1521,7 @@
if (cansleep != 0)
NFSUNLOCKSTATE();
free(stp, M_NFSDSTATE);
- nfsstatsv1.srvopens--;
+ NFSDSTATS(nfsstatsv1).srvopens--;
nfsrv_openpluslock--;
return (ret);
}
@@ -1535,7 +1540,7 @@
if (stp->ls_op)
nfsrvd_derefcache(stp->ls_op);
free(stp, M_NFSDSTATE);
- nfsstatsv1.srvlockowners--;
+ NFSDSTATS(nfsstatsv1).srvlockowners--;
nfsrv_openpluslock--;
}
@@ -1611,7 +1616,7 @@
if (lop->lo_lckfile.le_prev != NULL) {
LIST_REMOVE(lop, lo_lckfile);
- nfsstatsv1.srvlocks--;
+ NFSDSTATS(nfsstatsv1).srvlocks--;
nfsrv_openpluslock--;
}
LIST_REMOVE(lop, lo_lckowner);
@@ -2388,7 +2393,7 @@
LIST_INSERT_HEAD(&stp->ls_open, new_stp, ls_list);
*new_lopp = NULL;
*new_stpp = NULL;
- nfsstatsv1.srvlockowners++;
+ NFSDSTATS(nfsstatsv1).srvlockowners++;
nfsrv_openpluslock++;
}
if (filestruct_locked != 0) {
@@ -3040,12 +3045,12 @@
LIST_INSERT_HEAD(&new_stp->ls_open, new_open, ls_list);
LIST_INSERT_HEAD(&clp->lc_open, new_stp, ls_list);
*new_stpp = NULL;
- nfsstatsv1.srvopenowners++;
+ NFSDSTATS(nfsstatsv1).srvopenowners++;
nfsrv_openpluslock++;
}
openstp = new_open;
new_open = NULL;
- nfsstatsv1.srvopens++;
+ NFSDSTATS(nfsstatsv1).srvopens++;
nfsrv_openpluslock++;
break;
}
@@ -3106,7 +3111,7 @@
NFSRV_V4DELEGLIMIT(nfsrv_delegatecnt) ||
!NFSVNO_DELEGOK(vp))
*rflagsp |= NFSV4OPEN_RECALL;
- nfsstatsv1.srvdelegates++;
+ NFSDSTATS(nfsstatsv1).srvdelegates++;
nfsrv_openpluslock++;
nfsrv_delegatecnt++;
@@ -3146,12 +3151,12 @@
LIST_INSERT_HEAD(&new_stp->ls_open, new_open, ls_list);
LIST_INSERT_HEAD(&clp->lc_open, new_stp, ls_list);
*new_stpp = NULL;
- nfsstatsv1.srvopenowners++;
+ NFSDSTATS(nfsstatsv1).srvopenowners++;
nfsrv_openpluslock++;
}
openstp = new_open;
new_open = NULL;
- nfsstatsv1.srvopens++;
+ NFSDSTATS(nfsstatsv1).srvopens++;
nfsrv_openpluslock++;
} else {
error = NFSERR_RECLAIMCONFLICT;
@@ -3223,7 +3228,7 @@
new_deleg->ls_stateid), new_deleg, ls_hash);
LIST_INSERT_HEAD(&clp->lc_deleg, new_deleg, ls_list);
new_deleg = NULL;
- nfsstatsv1.srvdelegates++;
+ NFSDSTATS(nfsstatsv1).srvdelegates++;
nfsrv_openpluslock++;
nfsrv_delegatecnt++;
}
@@ -3245,7 +3250,7 @@
new_open, ls_hash);
openstp = new_open;
new_open = NULL;
- nfsstatsv1.srvopens++;
+ NFSDSTATS(nfsstatsv1).srvopens++;
nfsrv_openpluslock++;
/*
@@ -3293,7 +3298,7 @@
new_deleg->ls_stateid), new_deleg, ls_hash);
LIST_INSERT_HEAD(&clp->lc_deleg, new_deleg, ls_list);
new_deleg = NULL;
- nfsstatsv1.srvdelegates++;
+ NFSDSTATS(nfsstatsv1).srvdelegates++;
nfsrv_openpluslock++;
nfsrv_delegatecnt++;
}
@@ -3374,7 +3379,7 @@
LIST_INSERT_HEAD(&clp->lc_deleg, new_deleg,
ls_list);
new_deleg = NULL;
- nfsstatsv1.srvdelegates++;
+ NFSDSTATS(nfsstatsv1).srvdelegates++;
nfsrv_openpluslock++;
nfsrv_delegatecnt++;
}
@@ -3402,9 +3407,9 @@
openstp = new_open;
new_open = NULL;
*new_stpp = NULL;
- nfsstatsv1.srvopens++;
+ NFSDSTATS(nfsstatsv1).srvopens++;
nfsrv_openpluslock++;
- nfsstatsv1.srvopenowners++;
+ NFSDSTATS(nfsstatsv1).srvopenowners++;
nfsrv_openpluslock++;
}
if (!error) {
@@ -3880,7 +3885,7 @@
else
LIST_INSERT_AFTER(insert_lop, new_lop, lo_lckowner);
if (stp != NULL) {
- nfsstatsv1.srvlocks++;
+ NFSDSTATS(nfsstatsv1).srvlocks++;
nfsrv_openpluslock++;
}
}
@@ -4357,11 +4362,11 @@
*/
if (flags &
(NFSLCK_OPEN | NFSLCK_TEST | NFSLCK_RELEASE | NFSLCK_DELEGPURGE)) {
- if (clientid.lval[0] != nfsrvboottime) {
+ if (clientid.lval[0] != VNET(nfsrvboottime)) {
ret = NFSERR_STALECLIENTID;
goto out;
}
- } else if (stateidp->other[0] != nfsrvboottime &&
+ } else if (stateidp->other[0] != VNET(nfsrvboottime) &&
specialid == 0) {
ret = NFSERR_STALESTATEID;
goto out;
@@ -4394,25 +4399,25 @@
int error = 0, notreclaimed;
struct nfsrv_stable *sp;
- if ((nfsrv_stablefirst.nsf_flags & (NFSNSF_UPDATEDONE |
+ if ((VNET(nfsrv_stablefirst).nsf_flags & (NFSNSF_UPDATEDONE |
NFSNSF_GRACEOVER)) == 0) {
/*
* First, check to see if all of the clients have done a
* ReclaimComplete. If so, grace can end now.
*/
notreclaimed = 0;
- LIST_FOREACH(sp, &nfsrv_stablefirst.nsf_head, nst_list) {
+ LIST_FOREACH(sp, &VNET(nfsrv_stablefirst).nsf_head, nst_list) {
if ((sp->nst_flag & NFSNST_RECLAIMED) == 0) {
notreclaimed = 1;
break;
}
}
if (notreclaimed == 0)
- nfsrv_stablefirst.nsf_flags |= (NFSNSF_GRACEOVER |
+ VNET(nfsrv_stablefirst).nsf_flags |= (NFSNSF_GRACEOVER |
NFSNSF_NEEDLOCK);
}
- if ((nfsrv_stablefirst.nsf_flags & NFSNSF_GRACEOVER) != 0) {
+ if ((VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_GRACEOVER) != 0) {
if (flags & NFSLCK_RECLAIM) {
error = NFSERR_NOGRACE;
goto out;
@@ -4434,8 +4439,8 @@
* extend grace a bit.
*/
if ((NFSD_MONOSEC + NFSRV_LEASEDELTA) >
- nfsrv_stablefirst.nsf_eograce)
- nfsrv_stablefirst.nsf_eograce = NFSD_MONOSEC +
+ VNET(nfsrv_stablefirst).nsf_eograce)
+ VNET(nfsrv_stablefirst).nsf_eograce = NFSD_MONOSEC +
NFSRV_LEASEDELTA;
}
@@ -4870,7 +4875,7 @@
void
nfsrv_setupstable(NFSPROC_T *p)
{
- struct nfsrv_stablefirst *sf = &nfsrv_stablefirst;
+ struct nfsrv_stablefirst *sf = &VNET(nfsrv_stablefirst);
struct nfsrv_stable *sp, *nsp;
struct nfst_rec *tsp;
int error, i, tryagain;
@@ -4886,7 +4891,7 @@
/*
* Set Grace over just until the file reads successfully.
*/
- nfsrvboottime = time_second;
+ VNET(nfsrvboottime) = time_second;
LIST_INIT(&sf->nsf_head);
sf->nsf_flags = (NFSNSF_GRACEOVER | NFSNSF_NEEDLOCK);
sf->nsf_eograce = NFSD_MONOSEC + NFSRV_LEASEDELTA;
@@ -4903,7 +4908,7 @@
* Now, read in the boottimes.
*/
sf->nsf_bootvals = (time_t *)malloc((sf->nsf_numboots + 1) *
- sizeof (time_t), M_TEMP, M_WAITOK);
+ sizeof(time_t), M_TEMP, M_WAITOK);
off = sizeof (struct nfsf_rec);
error = NFSD_RDWR(UIO_READ, NFSFPVNODE(sf->nsf_fp),
(caddr_t)sf->nsf_bootvals, sf->nsf_numboots * sizeof (time_t), off,
@@ -4921,8 +4926,8 @@
do {
tryagain = 0;
for (i = 0; i < sf->nsf_numboots; i++) {
- if (nfsrvboottime == sf->nsf_bootvals[i]) {
- nfsrvboottime++;
+ if (VNET(nfsrvboottime) == sf->nsf_bootvals[i]) {
+ VNET(nfsrvboottime)++;
tryagain = 1;
break;
}
@@ -5005,7 +5010,7 @@
void
nfsrv_updatestable(NFSPROC_T *p)
{
- struct nfsrv_stablefirst *sf = &nfsrv_stablefirst;
+ struct nfsrv_stablefirst *sf = &VNET(nfsrv_stablefirst);
struct nfsrv_stable *sp, *nsp;
int i;
struct nfsvattr nva;
@@ -5031,10 +5036,10 @@
sf->nsf_bootvals[i + 1] = sf->nsf_bootvals[i];
} else {
sf->nsf_numboots = 1;
- sf->nsf_bootvals = (time_t *)malloc(sizeof (time_t),
+ sf->nsf_bootvals = (time_t *)malloc(sizeof(time_t),
M_TEMP, M_WAITOK);
}
- sf->nsf_bootvals[0] = nfsrvboottime;
+ sf->nsf_bootvals[0] = VNET(nfsrvboottime);
sf->nsf_lease = nfsrv_lease;
NFSVNO_ATTRINIT(&nva);
NFSVNO_SETATTRVAL(&nva, size, 0);
@@ -5088,7 +5093,7 @@
void
nfsrv_writestable(u_char *client, int len, int flag, NFSPROC_T *p)
{
- struct nfsrv_stablefirst *sf = &nfsrv_stablefirst;
+ struct nfsrv_stablefirst *sf = &VNET(nfsrv_stablefirst);
struct nfst_rec *sp;
int error;
@@ -5121,12 +5126,12 @@
/*
* First find the client structure.
*/
- LIST_FOREACH(sp, &nfsrv_stablefirst.nsf_head, nst_list) {
+ LIST_FOREACH(sp, &VNET(nfsrv_stablefirst).nsf_head, nst_list) {
if (sp->nst_len == clp->lc_idlen &&
!NFSBCMP(sp->nst_client, clp->lc_id, sp->nst_len))
break;
}
- if (sp == LIST_END(&nfsrv_stablefirst.nsf_head))
+ if (sp == LIST_END(&VNET(nfsrv_stablefirst).nsf_head))
return;
/*
@@ -5148,12 +5153,12 @@
/*
* First find the client structure.
*/
- LIST_FOREACH(sp, &nfsrv_stablefirst.nsf_head, nst_list) {
+ LIST_FOREACH(sp, &VNET(nfsrv_stablefirst).nsf_head, nst_list) {
if (sp->nst_len == clp->lc_idlen &&
!NFSBCMP(sp->nst_client, clp->lc_id, sp->nst_len))
break;
}
- if (sp == LIST_END(&nfsrv_stablefirst.nsf_head))
+ if (sp == LIST_END(&VNET(nfsrv_stablefirst).nsf_head))
return;
/*
@@ -5174,7 +5179,7 @@
/*
* First, find the entry for the client.
*/
- LIST_FOREACH(sp, &nfsrv_stablefirst.nsf_head, nst_list) {
+ LIST_FOREACH(sp, &VNET(nfsrv_stablefirst).nsf_head, nst_list) {
if (sp->nst_len == clp->lc_idlen &&
!NFSBCMP(sp->nst_client, clp->lc_id, sp->nst_len))
break;
@@ -5184,9 +5189,9 @@
* If not in the list, state was revoked or no state was issued
* since the previous reboot, a reclaim is denied.
*/
- if (sp == LIST_END(&nfsrv_stablefirst.nsf_head) ||
+ if (sp == LIST_END(&VNET(nfsrv_stablefirst).nsf_head) ||
(sp->nst_flag & NFSNST_REVOKE) ||
- !(nfsrv_stablefirst.nsf_flags & NFSNSF_OK))
+ !(VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_OK))
return (1);
return (0);
}
@@ -5214,7 +5219,7 @@
* If lease hasn't expired, we can't fix it.
*/
if (clp->lc_expiry >= NFSD_MONOSEC ||
- !(nfsrv_stablefirst.nsf_flags & NFSNSF_UPDATEDONE))
+ !(VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_UPDATEDONE))
return (0);
if (*haslockp == 0) {
NFSUNLOCKSTATE();
@@ -5613,7 +5618,7 @@
* First, check to see if the server is currently running and it has
* been called for a regular file when issuing delegations.
*/
- if (newnfs_numnfsd == 0 || vp->v_type != VREG ||
+ if (VNET(nfsrv_numnfsd) == 0 || vp->v_type != VREG ||
nfsrv_issuedelegs == 0)
return;
@@ -5847,12 +5852,12 @@
int i;
NFSLOCKSTATE();
- nfsrv_stablefirst.nsf_flags &= ~NFSNSF_NOOPENS;
+ VNET(nfsrv_stablefirst).nsf_flags &= ~NFSNSF_NOOPENS;
/*
* For each client...
*/
for (i = 0; i < nfsrv_clienthashsize; i++) {
- LIST_FOREACH_SAFE(clp, &nfsclienthash[i], lc_hash, nclp) {
+ LIST_FOREACH_SAFE(clp, &VNET(nfsclienthash)[i], lc_hash, nclp) {
LIST_FOREACH_SAFE(stp, &clp->lc_open, ls_list, nstp) {
if (LIST_EMPTY(&stp->ls_open) &&
(stp->ls_noopens > NFSNOOPEN ||
@@ -5908,7 +5913,7 @@
nfsrv_leaseexpiry(void)
{
- if (nfsrv_stablefirst.nsf_eograce > NFSD_MONOSEC)
+ if (VNET(nfsrv_stablefirst).nsf_eograce > NFSD_MONOSEC)
return (NFSD_MONOSEC + 2 * (nfsrv_lease + NFSRV_LEASEDELTA));
return (NFSD_MONOSEC + nfsrv_lease + NFSRV_LEASEDELTA);
}
@@ -6229,7 +6234,7 @@
* For each client, clean out the state and then free the structure.
*/
for (i = 0; i < nfsrv_clienthashsize; i++) {
- LIST_FOREACH_SAFE(clp, &nfsclienthash[i], lc_hash, nclp) {
+ LIST_FOREACH_SAFE(clp, &VNET(nfsclienthash)[i], lc_hash, nclp) {
nfsrv_cleanclient(clp, p);
nfsrv_freedeleglist(&clp->lc_deleg);
nfsrv_freedeleglist(&clp->lc_olddeleg);
@@ -6242,7 +6247,7 @@
* Also, free up any remaining lock file structures.
*/
for (i = 0; i < nfsrv_lockhashsize; i++) {
- LIST_FOREACH_SAFE(lfp, &nfslockhash[i], lf_hash, nlfp) {
+ LIST_FOREACH_SAFE(lfp, &VNET(nfslockhash)[i], lf_hash, nlfp) {
printf("nfsd unload: fnd a lock file struct\n");
nfsrv_freenfslockfile(lfp);
}
@@ -6360,7 +6365,7 @@
sep = nfsrv_findsession(nd->nd_sessionid);
if (sep == NULL) {
NFSUNLOCKSESSION(shp);
- if ((nfsrv_stablefirst.nsf_flags & NFSNSF_GRACEOVER) != 0) {
+ if ((VNET(nfsrv_stablefirst).nsf_flags & NFSNSF_GRACEOVER) != 0) {
buf = malloc(INET6_ADDRSTRLEN, M_TEMP, M_WAITOK);
switch (nd->nd_nam->sa_family) {
#ifdef INET
@@ -6722,7 +6727,7 @@
int i;
for (i = 0; i < nfsrv_clienthashsize; i++) {
- LIST_FOREACH(clp, &nfsclienthash[i], lc_hash) {
+ LIST_FOREACH(clp, &VNET(nfsclienthash)[i], lc_hash) {
LIST_FOREACH(sep, &clp->lc_session, sess_list) {
xprt = sep->sess_cbsess.nfsess_xprt;
sep->sess_cbsess.nfsess_xprt = NULL;
@@ -7438,7 +7443,7 @@
/* Insert the new layout in the lists. */
*lypp = NULL;
atomic_add_int(&nfsrv_layoutcnt, 1);
- nfsstatsv1.srvlayouts++;
+ NFSDSTATS(nfsstatsv1).srvlayouts++;
NFSBCOPY(lyp->lay_xdr, layp, lyp->lay_layoutlen);
*layoutlenp = lyp->lay_layoutlen;
TAILQ_INSERT_HEAD(&lhyp->list, lyp, lay_list);
@@ -7531,7 +7536,7 @@
NFSD_DEBUG(4, "Freelayout=%p\n", lyp);
atomic_add_int(&nfsrv_layoutcnt, -1);
- nfsstatsv1.srvlayouts--;
+ NFSDSTATS(nfsstatsv1).srvlayouts--;
TAILQ_REMOVE(lhp, lyp, lay_list);
free(lyp, M_NFSDSTATE);
}
@@ -7586,10 +7591,10 @@
nfsrv_freealllayouts();
/* Get rid of any nfsdontlist entries. */
- LIST_FOREACH_SAFE(mrp, &nfsrv_dontlisthead, nfsmr_list, nmrp)
+ LIST_FOREACH_SAFE(mrp, &VNET(nfsrv_dontlisthead), nfsmr_list, nmrp)
free(mrp, M_NFSDSTATE);
- LIST_INIT(&nfsrv_dontlisthead);
- nfsrv_dontlistlen = 0;
+ LIST_INIT(&VNET(nfsrv_dontlisthead));
+ VNET(nfsrv_dontlistlen) = 0;
/* Free layouts in the recall list. */
TAILQ_FOREACH_SAFE(lyp, &nfsrv_recalllisthead, lay_list, nlyp)
@@ -8229,11 +8234,11 @@
struct nfsdontlist *mrp;
int ret;
- if (nfsrv_dontlistlen == 0)
+ if (VNET(nfsrv_dontlistlen) == 0)
return (0);
ret = 0;
NFSDDONTLISTLOCK();
- LIST_FOREACH(mrp, &nfsrv_dontlisthead, nfsmr_list) {
+ LIST_FOREACH(mrp, &VNET(nfsrv_dontlisthead), nfsmr_list) {
if (NFSBCMP(fhp, &mrp->nfsmr_fh, sizeof(*fhp)) == 0 &&
(mrp->nfsmr_flags & NFSMR_DONTLAYOUT) != 0) {
ret = 1;
@@ -8307,15 +8312,15 @@
nmrp->nfsmr_flags = NFSMR_DONTLAYOUT;
NFSBCOPY(&fh, &nmrp->nfsmr_fh, sizeof(fh));
NFSDDONTLISTLOCK();
- LIST_FOREACH(mrp, &nfsrv_dontlisthead, nfsmr_list) {
+ LIST_FOREACH(mrp, &VNET(nfsrv_dontlisthead), nfsmr_list) {
if (NFSBCMP(&fh, &mrp->nfsmr_fh, sizeof(fh)) == 0)
break;
}
if (mrp == NULL) {
- LIST_INSERT_HEAD(&nfsrv_dontlisthead, nmrp, nfsmr_list);
+ LIST_INSERT_HEAD(&VNET(nfsrv_dontlisthead), nmrp, nfsmr_list);
mrp = nmrp;
nmrp = NULL;
- nfsrv_dontlistlen++;
+ VNET(nfsrv_dontlistlen)++;
NFSD_DEBUG(4, "nfsrv_copymr: in dontlist\n");
} else {
NFSDDONTLISTUNLOCK();
diff --git a/sys/fs/nfsserver/nfs_nfsdsubs.c.vnetdcl b/sys/fs/nfsserver/nfs_nfsdsubs.c
--- a/sys/fs/nfsserver/nfs_nfsdsubs.c.vnetdcl
+++ b/sys/fs/nfsserver/nfs_nfsdsubs.c
@@ -44,20 +44,23 @@
#include <fs/nfs/nfsport.h>
extern u_int32_t newnfs_true, newnfs_false;
-extern int nfs_rootfhset;
extern int nfs_pubfhset;
-extern struct nfsclienthashhead *nfsclienthash;
extern int nfsrv_clienthashsize;
-extern struct nfslockhashhead *nfslockhash;
extern int nfsrv_lockhashsize;
-extern struct nfssessionhash *nfssessionhash;
extern int nfsrv_sessionhashsize;
extern int nfsrv_useacl;
extern uid_t nfsrv_defaultuid;
extern gid_t nfsrv_defaultgid;
+VNET_DECLARE(struct nfsclienthashhead *, nfsclienthash);
+VNET_DECLARE(struct nfslockhashhead *, nfslockhash);
+VNET_DECLARE(struct nfssessionhash *, nfssessionhash);
+VNET_DECLARE(int, nfs_rootfhset);
+
+VNET_DEFINE(struct nfsdontlisthead, nfsrv_dontlisthead);
+
+
char nfs_v2pubfh[NFSX_V2FH];
-struct nfsdontlisthead nfsrv_dontlisthead;
struct nfslayouthead nfsrv_recalllisthead;
static nfstype newnfsv2_type[9] = { NFNON, NFREG, NFDIR, NFBLK, NFCHR, NFLNK,
NFNON, NFCHR, NFNON };
@@ -2080,31 +2083,27 @@
nfsd_init(void)
{
int i;
- static int inited = 0;
- if (inited)
- return;
- inited = 1;
/*
* Initialize client queues. Don't free/reinitialize
* them when nfsds are restarted.
*/
- nfsclienthash = malloc(sizeof(struct nfsclienthashhead) *
+ VNET(nfsclienthash) = malloc(sizeof(struct nfsclienthashhead) *
nfsrv_clienthashsize, M_NFSDCLIENT, M_WAITOK | M_ZERO);
for (i = 0; i < nfsrv_clienthashsize; i++)
- LIST_INIT(&nfsclienthash[i]);
- nfslockhash = malloc(sizeof(struct nfslockhashhead) *
+ LIST_INIT(&VNET(nfsclienthash)[i]);
+ VNET(nfslockhash) = malloc(sizeof(struct nfslockhashhead) *
nfsrv_lockhashsize, M_NFSDLOCKFILE, M_WAITOK | M_ZERO);
for (i = 0; i < nfsrv_lockhashsize; i++)
- LIST_INIT(&nfslockhash[i]);
- nfssessionhash = malloc(sizeof(struct nfssessionhash) *
+ LIST_INIT(&VNET(nfslockhash)[i]);
+ VNET(nfssessionhash) = malloc(sizeof(struct nfssessionhash) *
nfsrv_sessionhashsize, M_NFSDSESSION, M_WAITOK | M_ZERO);
for (i = 0; i < nfsrv_sessionhashsize; i++) {
- mtx_init(&nfssessionhash[i].mtx, "nfssm", NULL, MTX_DEF);
- LIST_INIT(&nfssessionhash[i].list);
+ mtx_init(&VNET(nfssessionhash)[i].mtx, "nfssm", NULL, MTX_DEF);
+ LIST_INIT(&VNET(nfssessionhash)[i].list);
}
- LIST_INIT(&nfsrv_dontlisthead);
+ LIST_INIT(&VNET(nfsrv_dontlisthead));
TAILQ_INIT(&nfsrv_recalllisthead);
/* and the v2 pubfh should be all zeros */
@@ -2119,7 +2118,7 @@
nfsd_checkrootexp(struct nfsrv_descript *nd)
{
- if (nfs_rootfhset == 0)
+ if (VNET(nfs_rootfhset) == 0)
return (NFSERR_AUTHERR | AUTH_FAILED);
if ((nd->nd_flag & (ND_GSS | ND_EXAUTHSYS)) == ND_EXAUTHSYS)
goto checktls;
diff --git a/sys/kern/kern_jail.c.vnet b/sys/kern/kern_jail.c
--- a/sys/kern/kern_jail.c.vnet
+++ b/sys/kern/kern_jail.c
@@ -218,6 +218,7 @@
{"allow.unprivileged_proc_debug", "allow.nounprivileged_proc_debug",
PR_ALLOW_UNPRIV_DEBUG},
{"allow.suser", "allow.nosuser", PR_ALLOW_SUSER},
+ {"allow.nfsd", "allow.nonfsd", PR_ALLOW_NFSD},
};
static unsigned pr_allow_all = PR_ALLOW_ALL_STATIC;
const size_t pr_flag_allow_size = sizeof(pr_flag_allow);
@@ -3464,6 +3465,29 @@
}
/*
+ * For mountd/nfsd to run within a prison, it must be:
+ * - A vnet prison.
+ * - PR_ALLOW_NFSD must be set on it.
+ * - The root directory (pr_root) of the prison must be
+ * a file system mount point, so the mountd can hang
+ * export information on it.
+ */
+bool
+prison_check_nfsd(struct ucred *cred)
+{
+
+ if (!jailed(cred))
+ return (false);
+ if (jailed_without_vnet(cred))
+ return (false);
+ if (!prison_allow(cred, PR_ALLOW_NFSD))
+ return (false);
+ if ((cred->cr_prison->pr_root->v_vflag & VV_ROOT) == 0)
+ return (false);
+ return (true);
+}
+
+/*
* Return 1 if p2 is a child of p1, otherwise 0.
*/
int
@@ -3717,11 +3741,17 @@
* is only granted conditionally in the legacy jail case.
*/
switch (priv) {
-#ifdef notyet
/*
* NFS-specific privileges.
*/
+#ifdef VNET_NFSD
case PRIV_NFS_DAEMON:
+ case PRIV_VFS_GETFH:
+ if (!prison_allow(cred, PR_ALLOW_NFSD) ||
+ (cred->cr_prison->pr_root->v_vflag & VV_ROOT) == 0)
+ return (EPERM);
+#endif
+#ifdef notyet
case PRIV_NFS_LOCKD:
#endif
/*
@@ -4472,6 +4502,8 @@
"B", "Unprivileged processes may use process debugging facilities");
SYSCTL_JAIL_PARAM(_allow, suser, CTLTYPE_INT | CTLFLAG_RW,
"B", "Processes in jail with uid 0 have privilege");
+SYSCTL_JAIL_PARAM(_allow, nfsd, CTLTYPE_INT | CTLFLAG_RW,
+ "B", "Mountd/nfsd may run in the jail");
SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");
SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW,
diff --git a/sys/kern/vfs_mount.c.vnetmnt b/sys/kern/vfs_mount.c
--- a/sys/kern/vfs_mount.c.vnetmnt
+++ b/sys/kern/vfs_mount.c
@@ -924,6 +924,16 @@
fsflags |= MNT_SYNCHRONOUS;
else if (strcmp(opt->name, "union") == 0)
fsflags |= MNT_UNION;
+#ifdef VNET_NFSD
+ else if (strcmp(opt->name, "export") == 0) {
+ /*
+ * Set MNT_EXPORTED for the specific case of a
+ * vnet jailed call with the "export" option,
+ * so that mountd can run within that jail.
+ */
+ fsflags |= MNT_EXPORTED;
+ }
+#endif
else if (strcmp(opt->name, "automounted") == 0) {
fsflags |= MNT_AUTOMOUNTED;
do_freeopt = 1;
@@ -1285,7 +1295,17 @@
* Only privileged root, or (if MNT_USER is set) the user that
* did the original mount is permitted to update it.
*/
- error = vfs_suser(mp, td);
+#ifdef VNET_NFSD
+ if ((fsflags & MNT_EXPORTED) != 0 && prison_check_nfsd(td->td_ucred)) {
+ /* For mountd running in a prison, just check uid == 0. */
+ error = 0;
+ if (td->td_ucred->cr_uid != 0)
+ error = EPERM;
+ } else
+#endif
+ {
+ error = vfs_suser(mp, td);
+ }
if (error != 0) {
vput(vp);
return (error);
@@ -1330,7 +1350,18 @@
* XXX The final recipients of VFS_MOUNT just overwrite the ndp they
* get. No freeing of cn_pnbuf.
*/
- error = VFS_MOUNT(mp);
+ error = 0;
+#ifdef VNET_NFSD
+ /*
+ * For the case of mountd doing exports from within a vnet prison,
+ * "from" is not set correctly such that VFS_MOUNT() will return ENOENT.
+ * It is not obvious that VFS_MOUNT() ever needs to be called when
+ * mountd is doing exports, but this check only applies to the
+ * specific case where it is running inside a vnet prison, for now.
+ */
+ if ((fsflags & MNT_EXPORTED) == 0 || !prison_check_nfsd(td->td_ucred))
+ error = VFS_MOUNT(mp);
+#endif
export_error = 0;
/* Process the export option. */
@@ -1485,18 +1516,37 @@
if (strlen(fstype) >= MFSNAMELEN || strlen(fspath) >= MNAMELEN)
return (ENAMETOOLONG);
- if (jailed(td->td_ucred) || usermount == 0) {
- if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0)
- return (error);
- }
-
- /*
- * Do not allow NFS export or MNT_SUIDDIR by unprivileged users.
- */
- if (fsflags & MNT_EXPORTED) {
- error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED);
+#ifdef VNET_NFSD
+ if ((fsflags & MNT_EXPORTED) != 0 && prison_check_nfsd(td->td_ucred)) {
+ error = priv_check(td, PRIV_NFS_DAEMON);
if (error)
return (error);
+ } else
+#endif
+ {
+ if (jailed(td->td_ucred) || usermount == 0) {
+ if ((error = priv_check(td, PRIV_VFS_MOUNT)) != 0)
+ return (error);
+ }
+
+ /*
+ * Do not allow NFS export or MNT_SUIDDIR by unprivileged users.
+ */
+#ifdef notnow
+ /*
+ * This test was never done before the nfsd in a vnet
+ * prison patch, since MNT_EXPORTED was never set.
+ * Since kern_priv.c never checks PRIV_VFS_MOUNT_EXPORTED,
+ * it is not obvious to me what the check was supposed
+ * to do?
+ * As such, I have #ifded'd it notnow.
+ */
+ if (fsflags & MNT_EXPORTED) {
+ error = priv_check(td, PRIV_VFS_MOUNT_EXPORTED);
+ if (error)
+ return (error);
+ }
+#endif
}
if (fsflags & MNT_SUIDDIR) {
error = priv_check(td, PRIV_VFS_MOUNT_SUIDDIR);
diff --git a/sys/nfs/nfs_nfssvc.c.vnet b/sys/nfs/nfs_nfssvc.c
--- a/sys/nfs/nfs_nfssvc.c.vnet
+++ b/sys/nfs/nfs_nfssvc.c
@@ -43,6 +43,7 @@
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
+#include <sys/jail.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/lock.h>
@@ -52,6 +53,8 @@
#include <sys/syscall.h>
#include <sys/sysproto.h>
+#include <net/vnet.h>
+
#include <security/audit/audit.h>
#include <nfs/nfssvc.h>
@@ -90,6 +93,9 @@
if (error != 0)
return (error);
}
+
+ CURVNET_SET(TD_TO_VNET(td));
+
error = EINVAL;
if ((uap->flag & (NFSSVC_ADDSOCK | NFSSVC_OLDNFSD | NFSSVC_NFSD)) &&
nfsd_call_nfsserver != NULL)
@@ -111,6 +117,7 @@
error = (*nfsd_call_nfsd)(td, uap);
if (error == EINTR || error == ERESTART)
error = 0;
+ CURVNET_RESTORE();
return (error);
}
diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c.vnet b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
--- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c.vnet
+++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
@@ -478,7 +478,7 @@
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
cr->cr_rgid = cr->cr_svgid = uc->gid;
crsetgroups(cr, uc->gidlen, uc->gidlist);
- cr->cr_prison = &prison0;
+ cr->cr_prison = curthread->td_ucred->cr_prison;
prison_hold(cr->cr_prison);
*crp = crhold(cr);
diff --git a/sys/rpc/svc.c.vnetdcl b/sys/rpc/svc.c
--- a/sys/rpc/svc.c.vnetdcl
+++ b/sys/rpc/svc.c
@@ -125,53 +125,55 @@
pool->sp_space_high = (u_long)nmbclusters * MCLBYTES / 4;
pool->sp_space_low = (pool->sp_space_high / 3) * 2;
- sysctl_ctx_init(&pool->sp_sysctl);
- if (sysctl_base) {
- SYSCTL_ADD_PROC(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "minthreads", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
- pool, 0, svcpool_minthread_sysctl, "I",
- "Minimal number of threads");
- SYSCTL_ADD_PROC(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "maxthreads", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
- pool, 0, svcpool_maxthread_sysctl, "I",
- "Maximal number of threads");
- SYSCTL_ADD_PROC(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "threads", CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE,
- pool, 0, svcpool_threads_sysctl, "I",
- "Current number of threads");
- SYSCTL_ADD_INT(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "groups", CTLFLAG_RD, &pool->sp_groupcount, 0,
- "Number of thread groups");
-
- SYSCTL_ADD_ULONG(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "request_space_used", CTLFLAG_RD,
- &pool->sp_space_used,
- "Space in parsed but not handled requests.");
-
- SYSCTL_ADD_ULONG(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "request_space_used_highest", CTLFLAG_RD,
- &pool->sp_space_used_highest,
- "Highest space used since reboot.");
-
- SYSCTL_ADD_ULONG(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "request_space_high", CTLFLAG_RW,
- &pool->sp_space_high,
- "Maximum space in parsed but not handled requests.");
-
- SYSCTL_ADD_ULONG(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "request_space_low", CTLFLAG_RW,
- &pool->sp_space_low,
- "Low water mark for request space.");
-
- SYSCTL_ADD_INT(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "request_space_throttled", CTLFLAG_RD,
- &pool->sp_space_throttled, 0,
- "Whether nfs requests are currently throttled");
-
- SYSCTL_ADD_INT(&pool->sp_sysctl, sysctl_base, OID_AUTO,
- "request_space_throttle_count", CTLFLAG_RD,
- &pool->sp_space_throttle_count, 0,
- "Count of times throttling based on request space has occurred");
+ if (IS_DEFAULT_VNET(curvnet)) {
+ sysctl_ctx_init(&pool->sp_sysctl);
+ if (sysctl_base) {
+ SYSCTL_ADD_PROC(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "minthreads", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+ pool, 0, svcpool_minthread_sysctl, "I",
+ "Minimal number of threads");
+ SYSCTL_ADD_PROC(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "maxthreads", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+ pool, 0, svcpool_maxthread_sysctl, "I",
+ "Maximal number of threads");
+ SYSCTL_ADD_PROC(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "threads", CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE,
+ pool, 0, svcpool_threads_sysctl, "I",
+ "Current number of threads");
+ SYSCTL_ADD_INT(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "groups", CTLFLAG_RD, &pool->sp_groupcount, 0,
+ "Number of thread groups");
+
+ SYSCTL_ADD_ULONG(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "request_space_used", CTLFLAG_RD,
+ &pool->sp_space_used,
+ "Space in parsed but not handled requests.");
+
+ SYSCTL_ADD_ULONG(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "request_space_used_highest", CTLFLAG_RD,
+ &pool->sp_space_used_highest,
+ "Highest space used since reboot.");
+
+ SYSCTL_ADD_ULONG(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "request_space_high", CTLFLAG_RW,
+ &pool->sp_space_high,
+ "Maximum space in parsed but not handled requests.");
+
+ SYSCTL_ADD_ULONG(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "request_space_low", CTLFLAG_RW,
+ &pool->sp_space_low,
+ "Low water mark for request space.");
+
+ SYSCTL_ADD_INT(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "request_space_throttled", CTLFLAG_RD,
+ &pool->sp_space_throttled, 0,
+ "Whether nfs requests are currently throttled");
+
+ SYSCTL_ADD_INT(&pool->sp_sysctl, sysctl_base, OID_AUTO,
+ "request_space_throttle_count", CTLFLAG_RD,
+ &pool->sp_space_throttle_count, 0,
+ "Count of times throttling based on request space has occurred");
+ }
}
return pool;
diff --git a/sys/rpc/svc_auth.c.vnet b/sys/rpc/svc_auth.c
--- a/sys/rpc/svc_auth.c.vnet
+++ b/sys/rpc/svc_auth.c
@@ -197,7 +197,7 @@
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xprt->xp_uid;
crsetgroups(cr, xprt->xp_ngrps, xprt->xp_gidp);
cr->cr_rgid = cr->cr_svgid = xprt->xp_gidp[0];
- cr->cr_prison = &prison0;
+ cr->cr_prison = curthread->td_ucred->cr_prison;
prison_hold(cr->cr_prison);
*crp = cr;
return (TRUE);
@@ -210,7 +210,7 @@
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid;
crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups);
cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
- cr->cr_prison = &prison0;
+ cr->cr_prison = curthread->td_ucred->cr_prison;
prison_hold(cr->cr_prison);
*crp = cr;
return (TRUE);
diff --git a/sys/rpc/svc_dg.c.vnet b/sys/rpc/svc_dg.c
--- a/sys/rpc/svc_dg.c.vnet
+++ b/sys/rpc/svc_dg.c
@@ -45,6 +45,7 @@
*/
#include <sys/param.h>
+#include <sys/jail.h>
#include <sys/lock.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
@@ -104,6 +105,8 @@
struct sockaddr* sa;
int error;
+ if (jailed(curthread->td_ucred))
+ return (NULL);
if (!__rpc_socket2sockinfo(so, &si)) {
printf(svc_dg_str, svc_dg_err1);
return (NULL);
diff --git a/sys/sys/jail.h.vnet b/sys/sys/jail.h
--- a/sys/sys/jail.h.vnet
+++ b/sys/sys/jail.h
@@ -253,7 +253,8 @@
#define PR_ALLOW_SUSER 0x00000400
#define PR_ALLOW_RESERVED_PORTS 0x00008000
#define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */
-#define PR_ALLOW_ALL_STATIC 0x000187ff
+#define PR_ALLOW_NFSD 0x00020000
+#define PR_ALLOW_ALL_STATIC 0x000387ff
/*
* PR_ALLOW_DIFFERENCES determines which flags are able to be
@@ -420,6 +421,7 @@
void prison0_init(void);
int prison_allow(struct ucred *, unsigned);
int prison_check(struct ucred *cred1, struct ucred *cred2);
+bool prison_check_nfsd(struct ucred *cred);
int prison_owns_vnet(struct ucred *);
int prison_canseemount(struct ucred *cred, struct mount *mp);
void prison_enforce_statfs(struct ucred *cred, struct mount *mp,

File Metadata

Mime Type
text/plain
Expires
Mon, Jan 27, 6:14 PM (6 h, 12 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16203476
Default Alt Text
D37519.id113897.diff (93 KB)

Event Timeline