Index: head/lib/geom/mountver/geom_mountver.c =================================================================== --- head/lib/geom/mountver/geom_mountver.c (revision 367104) +++ head/lib/geom/mountver/geom_mountver.c (revision 367105) @@ -1,58 +1,57 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2010 Edward Tomasz Napierala - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include "core/geom.h" uint32_t lib_version = G_LIB_VERSION; uint32_t version = G_MOUNTVER_VERSION; struct g_command class_commands[] = { { "create", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL, { G_OPT_SENTINEL }, "[-v] prov ..." }, { "destroy", G_FLAG_VERBOSE, NULL, { { 'f', "force", NULL, G_TYPE_BOOL }, G_OPT_SENTINEL }, "[-fv] name" }, G_CMD_SENTINEL }; Index: head/lib/geom/mountver/gmountver.8 =================================================================== --- head/lib/geom/mountver/gmountver.8 (revision 367104) +++ head/lib/geom/mountver/gmountver.8 (revision 367105) @@ -1,133 +1,132 @@ .\"- .\" Copyright (c) 2010 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd May 18, 2015 .Dt GMOUNTVER 8 .Os .Sh NAME .Nm gmountver .Nd "control utility for disk mount verification GEOM class" .Sh SYNOPSIS .Nm .Cm create .Op Fl v .Ar prov ... .Nm .Cm destroy .Op Fl fv .Ar name .Nm .Cm list .Nm .Cm status .Op Fl s Ar name .Nm .Cm load .Op Fl v .Nm .Cm unload .Op Fl v .Sh DESCRIPTION The .Nm utility is used to control the mount verification GEOM class. When configured, it passes all the I/O requests to the underlying provider. When the underlying provider disappears - for example because the disk device got disconnected - it queues all the I/O requests and waits for the provider to reappear. When that happens, it attaches to it and sends the queued requests. .Pp The first argument to .Nm indicates an action to be performed: .Bl -tag -width ".Cm destroy" .It Cm create Enable mount verification for the given provider. If the operation succeeds, a new GEOM provider will be created using the given provider's name with a .Ql .mountver suffix. The kernel module .Pa geom_mountver.ko will be loaded if it is not loaded already. .It Cm destroy Destroy .Ar name . .It Cm list See .Xr geom 8 . .It Cm status See .Xr geom 8 . .It Cm load See .Xr geom 8 . .It Cm unload See .Xr geom 8 . .El .Pp Additional options: .Bl -tag -width indent .It Fl f Force the removal of the specified mountver device. .It Fl v Be more verbose. .El .Sh SYSCTL VARIABLES The following .Xr sysctl 8 variables can be used to control the behavior of the .Nm MOUNTVER GEOM class. The default value is shown next to each variable. .Bl -tag -width indent .It Va kern.geom.mountver.debug : No 0 Debug level of the .Nm MOUNTVER GEOM class. This can be set to a number between 0 and 3 inclusive. If set to 0 minimal debug information is printed, and if set to 3 the maximum amount of debug information is printed. .It Va kern.geom.mountver.check_ident : No 1 This can be set to 0 or 1. If set to 0, .Nm will reattach to the device even if the device reports a different disk ID. .El .Sh EXIT STATUS Exit status is 0 on success, and 1 if the command fails. .Sh SEE ALSO .Xr geom 4 , .Xr geom 8 .Sh HISTORY The .Nm utility appeared in .Fx 9.0 . .Sh AUTHORS .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org Index: head/lib/libc/posix1e/acl_add_flag_np.3 =================================================================== --- head/lib/libc/posix1e/acl_add_flag_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_add_flag_np.3 (revision 367105) @@ -1,98 +1,97 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd September 4, 2015 .Dt ACL_ADD_FLAG_NP 3 .Os .Sh NAME .Nm acl_add_flag_np .Nd add flags to a flagset .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_add_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag" .Sh DESCRIPTION The .Fn acl_add_flag_np function is a non-portable call that adds the NFSv4 ACL flags contained in .Fa flags to the flagset .Fa flagset_d . .Pp Note: it is not considered an error to attempt to add flags that already exist in the flagset. .Pp Valid values are: .Bl -column -offset 3n "ACL_ENTRY_NO_PROPAGATE_INHERIT" .It ACL_ENTRY_FILE_INHERIT Ta "Will be inherited by files." .It ACL_ENTRY_DIRECTORY_INHERIT Ta "Will be inherited by directories." .It ACL_ENTRY_NO_PROPAGATE_INHERIT Ta "Will not propagate." .It ACL_ENTRY_INHERIT_ONLY Ta "Inherit-only." .It ACL_ENTRY_INHERITED Ta "Inherited from parent" .El .Sh RETURN VALUES .Rv -std acl_add_flag_np .Sh ERRORS The .Fn acl_add_flag_np function fails if: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa flagset_d is not a valid descriptor for a flagset within an ACL entry. Argument .Fa flag does not contain a valid .Vt acl_flag_t value. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_clear_flags_np 3 , .Xr acl_delete_flag_np 3 , .Xr acl_get_flagset_np 3 , .Xr acl_set_flagset_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_add_flag_np function was added in .Fx 8.0 . .Sh AUTHORS The .Fn acl_add_flag_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_branding.c =================================================================== --- head/lib/libc/posix1e/acl_branding.c (revision 367104) +++ head/lib/libc/posix1e/acl_branding.c (revision 367105) @@ -1,171 +1,170 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008, 2009 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include "acl_support.h" /* * An ugly detail of the implementation - fortunately not visible * to the API users - is the "branding": libc needs to keep track * of what "brand" ACL is: NFSv4, POSIX.1e or unknown. It happens * automatically - for example, during acl_get_file(3) ACL gets * branded according to the "type" argument; during acl_set_permset * ACL, if its brand is unknown it gets branded as NFSv4 if any of the * NFSv4 permissions that are not valid for POSIX.1e ACL are set etc. * Branding information is used for printing out the ACL (acl_to_text(3)), * veryfying acl_set_whatever arguments (checking against setting * bits that are valid only for NFSv4 in ACL branded as POSIX.1e) etc. */ static acl_t entry2acl(acl_entry_t entry) { acl_t aclp; aclp = (acl_t)(((long)entry >> _ACL_T_ALIGNMENT_BITS) << _ACL_T_ALIGNMENT_BITS); return (aclp); } /* * Return brand of an ACL. */ int _acl_brand(const acl_t acl) { return (acl->ats_brand); } int _entry_brand(const acl_entry_t entry) { return (_acl_brand(entry2acl(entry))); } /* * Return 1, iff branding ACL as "brand" is ok. */ int _acl_brand_may_be(const acl_t acl, int brand) { if (_acl_brand(acl) == ACL_BRAND_UNKNOWN) return (1); if (_acl_brand(acl) == brand) return (1); return (0); } int _entry_brand_may_be(const acl_entry_t entry, int brand) { return (_acl_brand_may_be(entry2acl(entry), brand)); } /* * Brand ACL as "brand". */ void _acl_brand_as(acl_t acl, int brand) { assert(_acl_brand_may_be(acl, brand)); acl->ats_brand = brand; } void _entry_brand_as(const acl_entry_t entry, int brand) { _acl_brand_as(entry2acl(entry), brand); } int _acl_type_not_valid_for_acl(const acl_t acl, acl_type_t type) { switch (_acl_brand(acl)) { case ACL_BRAND_NFS4: if (type == ACL_TYPE_NFS4) return (0); break; case ACL_BRAND_POSIX: if (type == ACL_TYPE_ACCESS || type == ACL_TYPE_DEFAULT) return (0); break; case ACL_BRAND_UNKNOWN: return (0); } return (-1); } void _acl_brand_from_type(acl_t acl, acl_type_t type) { switch (type) { case ACL_TYPE_NFS4: _acl_brand_as(acl, ACL_BRAND_NFS4); break; case ACL_TYPE_ACCESS: case ACL_TYPE_DEFAULT: _acl_brand_as(acl, ACL_BRAND_POSIX); break; default: /* XXX: What to do here? */ break; } } int acl_get_brand_np(acl_t acl, int *brand_p) { if (acl == NULL || brand_p == NULL) { errno = EINVAL; return (-1); } *brand_p = _acl_brand(acl); return (0); } Index: head/lib/libc/posix1e/acl_clear_flags_np.3 =================================================================== --- head/lib/libc/posix1e/acl_clear_flags_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_clear_flags_np.3 (revision 367105) @@ -1,79 +1,78 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd October 30, 2014 .Dt ACL_CLEAR_FLAGS_NP 3 .Os .Sh NAME .Nm acl_clear_flags_np .Nd clear flags from a flagset .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_clear_flags_np "acl_flagset_t flagset_d" .Sh DESCRIPTION The .Fn acl_clear_flags_np function is a non-portable call that clears all NFSv4 ACL flags from flagset .Fa flagset_d . .Sh RETURN VALUES .Rv -std acl_clear_flags_np .Sh ERRORS The .Fn acl_clear_flags_np function fails if: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa flagset_d is not a valid descriptor for a flagset. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_add_flag_np 3 , .Xr acl_delete_flag_np 3 , .Xr acl_get_flagset_np 3 , .Xr acl_set_flagset_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_clear_flags_np function was added in .Fx 5.0 . .Sh AUTHORS The .Fn acl_clear_flags_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_compat.c =================================================================== --- head/lib/libc/posix1e/acl_compat.c (revision 367104) +++ head/lib/libc/posix1e/acl_compat.c (revision 367105) @@ -1,65 +1,64 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include int __oldacl_get_perm_np(acl_permset_t, oldacl_perm_t); int __oldacl_add_perm(acl_permset_t, oldacl_perm_t); int __oldacl_delete_perm(acl_permset_t, oldacl_perm_t); /* * Compatibility wrappers for applications compiled against libc from before * NFSv4 ACLs were added. */ int __oldacl_get_perm_np(acl_permset_t permset_d, oldacl_perm_t perm) { return (acl_get_perm_np(permset_d, perm)); } int __oldacl_add_perm(acl_permset_t permset_d, oldacl_perm_t perm) { return (acl_add_perm(permset_d, perm)); } int __oldacl_delete_perm(acl_permset_t permset_d, oldacl_perm_t perm) { return (acl_delete_perm(permset_d, perm)); } __sym_compat(acl_get_perm_np, __oldacl_get_perm_np, FBSD_1.0); __sym_compat(acl_add_perm, __oldacl_add_perm, FBSD_1.0); __sym_compat(acl_delete_perm, __oldacl_delete_perm, FBSD_1.0); Index: head/lib/libc/posix1e/acl_delete_flag_np.3 =================================================================== --- head/lib/libc/posix1e/acl_delete_flag_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_delete_flag_np.3 (revision 367105) @@ -1,84 +1,83 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd October 30, 2014 .Dt ACL_DELETE_FLAG_NP 3 .Os .Sh NAME .Nm acl_delete_flag_np .Nd delete flags from a flagset .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_delete_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag" .Sh DESCRIPTION The .Fn acl_delete_flag_np function is a non-portable call that removes specific NFSv4 ACL flags from flagset .Fa flags . .Sh RETURN VALUES .Rv -std acl_delete_flag_np .Sh ERRORS The .Fn acl_delete_flag_np function fails if: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa flagset_d is not a valid descriptor for a flagset. Argument .Fa flag does not contain a valid .Vt acl_flag_t value. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_add_flag_np 3 , .Xr acl_clear_flags_np 3 , .Xr acl_get_flagset_np 3 , .Xr acl_set_flagset_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_delete_flag_np function was added in .Fx 8.0 . .Sh AUTHORS The .Fn acl_delete_flag_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_flag.c =================================================================== --- head/lib/libc/posix1e/acl_flag.c (revision 367104) +++ head/lib/libc/posix1e/acl_flag.c (revision 367105) @@ -1,157 +1,156 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008, 2009 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include "acl_support.h" static int _flag_is_invalid(acl_flag_t flag) { if ((flag & ACL_FLAGS_BITS) == flag) return (0); errno = EINVAL; return (1); } int acl_add_flag_np(acl_flagset_t flagset_d, acl_flag_t flag) { if (flagset_d == NULL) { errno = EINVAL; return (-1); } if (_flag_is_invalid(flag)) return (-1); *flagset_d |= flag; return (0); } int acl_clear_flags_np(acl_flagset_t flagset_d) { if (flagset_d == NULL) { errno = EINVAL; return (-1); } *flagset_d = 0; return (0); } int acl_delete_flag_np(acl_flagset_t flagset_d, acl_flag_t flag) { if (flagset_d == NULL) { errno = EINVAL; return (-1); } if (_flag_is_invalid(flag)) return (-1); *flagset_d &= ~flag; return (0); } int acl_get_flag_np(acl_flagset_t flagset_d, acl_flag_t flag) { if (flagset_d == NULL) { errno = EINVAL; return (-1); } if (_flag_is_invalid(flag)) return (-1); if (*flagset_d & flag) return (1); return (0); } int acl_get_flagset_np(acl_entry_t entry_d, acl_flagset_t *flagset_p) { if (entry_d == NULL || flagset_p == NULL) { errno = EINVAL; return (-1); } if (!_entry_brand_may_be(entry_d, ACL_BRAND_NFS4)) { errno = EINVAL; return (-1); } *flagset_p = &entry_d->ae_flags; return (0); } int acl_set_flagset_np(acl_entry_t entry_d, acl_flagset_t flagset_d) { if (entry_d == NULL) { errno = EINVAL; return (-1); } if (!_entry_brand_may_be(entry_d, ACL_BRAND_NFS4)) { errno = EINVAL; return (-1); } _entry_brand_as(entry_d, ACL_BRAND_NFS4); if (_flag_is_invalid(*flagset_d)) return (-1); entry_d->ae_flags = *flagset_d; return (0); } Index: head/lib/libc/posix1e/acl_from_text_nfs4.c =================================================================== --- head/lib/libc/posix1e/acl_from_text_nfs4.c (revision 367104) +++ head/lib/libc/posix1e/acl_from_text_nfs4.c (revision 367105) @@ -1,285 +1,284 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008, 2009 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include "acl_support.h" #define MAX_ENTRY_LENGTH 512 /* * Parse the tag field of ACL entry passed as "str". If qualifier * needs to follow, then the variable referenced by "need_qualifier" * is set to 1, otherwise it's set to 0. */ static int parse_tag(const char *str, acl_entry_t entry, int *need_qualifier) { assert(need_qualifier != NULL); *need_qualifier = 0; if (strcmp(str, "owner@") == 0) return (acl_set_tag_type(entry, ACL_USER_OBJ)); if (strcmp(str, "group@") == 0) return (acl_set_tag_type(entry, ACL_GROUP_OBJ)); if (strcmp(str, "everyone@") == 0) return (acl_set_tag_type(entry, ACL_EVERYONE)); *need_qualifier = 1; if (strcmp(str, "user") == 0 || strcmp(str, "u") == 0) return (acl_set_tag_type(entry, ACL_USER)); if (strcmp(str, "group") == 0 || strcmp(str, "g") == 0) return (acl_set_tag_type(entry, ACL_GROUP)); warnx("malformed ACL: invalid \"tag\" field"); return (-1); } /* * Parse the qualifier field of ACL entry passed as "str". * If user or group name cannot be resolved, then the variable * referenced by "need_qualifier" is set to 1; it will be checked * later to figure out whether the appended_id is required. */ static int parse_qualifier(char *str, acl_entry_t entry, int *need_qualifier) { int qualifier_length, error; uid_t id; acl_tag_t tag; assert(need_qualifier != NULL); *need_qualifier = 0; qualifier_length = strlen(str); if (qualifier_length == 0) { warnx("malformed ACL: empty \"qualifier\" field"); return (-1); } error = acl_get_tag_type(entry, &tag); if (error) return (error); error = _acl_name_to_id(tag, str, &id); if (error) { *need_qualifier = 1; return (0); } return (acl_set_qualifier(entry, &id)); } static int parse_access_mask(char *str, acl_entry_t entry) { int error; acl_perm_t perm; error = _nfs4_parse_access_mask(str, &perm); if (error) return (error); error = acl_set_permset(entry, &perm); return (error); } static int parse_flags(char *str, acl_entry_t entry) { int error; acl_flag_t flags; error = _nfs4_parse_flags(str, &flags); if (error) return (error); error = acl_set_flagset_np(entry, &flags); return (error); } static int parse_entry_type(const char *str, acl_entry_t entry) { if (strcmp(str, "allow") == 0) return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_ALLOW)); if (strcmp(str, "deny") == 0) return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_DENY)); if (strcmp(str, "audit") == 0) return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_AUDIT)); if (strcmp(str, "alarm") == 0) return (acl_set_entry_type_np(entry, ACL_ENTRY_TYPE_ALARM)); warnx("malformed ACL: invalid \"type\" field"); return (-1); } static int parse_appended_id(char *str, acl_entry_t entry) { int qualifier_length; char *end; id_t id; qualifier_length = strlen(str); if (qualifier_length == 0) { warnx("malformed ACL: \"appended id\" field present, " "but empty"); return (-1); } id = strtod(str, &end); if (end - str != qualifier_length) { warnx("malformed ACL: appended id is not a number"); return (-1); } return (acl_set_qualifier(entry, &id)); } static int number_of_colons(const char *str) { int count = 0; while (*str != '\0') { if (*str == ':') count++; str++; } return (count); } int _nfs4_acl_entry_from_text(acl_t aclp, char *str) { int error, need_qualifier; acl_entry_t entry; char *field, *qualifier_field; error = acl_create_entry(&aclp, &entry); if (error) return (error); assert(_entry_brand(entry) == ACL_BRAND_NFS4); if (str == NULL) goto truncated_entry; field = strsep(&str, ":"); field = string_skip_whitespace(field); if ((*field == '\0') && (!str)) { /* * Is an entirely comment line, skip to next * comma. */ return (0); } error = parse_tag(field, entry, &need_qualifier); if (error) goto malformed_field; if (need_qualifier) { if (str == NULL) goto truncated_entry; qualifier_field = field = strsep(&str, ":"); error = parse_qualifier(field, entry, &need_qualifier); if (error) goto malformed_field; } if (str == NULL) goto truncated_entry; field = strsep(&str, ":"); error = parse_access_mask(field, entry); if (error) goto malformed_field; if (str == NULL) goto truncated_entry; /* Do we have "flags" field? */ if (number_of_colons(str) > 0) { field = strsep(&str, ":"); error = parse_flags(field, entry); if (error) goto malformed_field; } if (str == NULL) goto truncated_entry; field = strsep(&str, ":"); error = parse_entry_type(field, entry); if (error) goto malformed_field; if (need_qualifier) { if (str == NULL) { warnx("malformed ACL: unknown user or group name " "\"%s\"", qualifier_field); goto truncated_entry; } error = parse_appended_id(str, entry); if (error) goto malformed_field; } return (0); truncated_entry: malformed_field: acl_delete_entry(aclp, entry); errno = EINVAL; return (-1); } Index: head/lib/libc/posix1e/acl_get_brand_np.3 =================================================================== --- head/lib/libc/posix1e/acl_get_brand_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_get_brand_np.3 (revision 367105) @@ -1,86 +1,85 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd June 25, 2009 .Dt ACL_GET_BRAND_NP 3 .Os .Sh NAME .Nm acl_get_brand_np .Nd retrieve the ACL brand from an ACL entry .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_get_brand_np "acl_t acl" "int *brand_p" .Sh DESCRIPTION The .Fn acl_get_brand_np function is a non-portable call that returns the ACL brand for the ACL .Fa acl . Upon successful completion, the location referred to by the argument .Fa brand_p will be set to the ACL brand of the ACL .Fa acl . .Pp Branding is an internal mechanism intended to prevent mixing POSIX.1e and NFSv4 entries by mistake. It's also used by the libc to determine how to print out the ACL. The first call to function that is specific for one particular brand - POSIX.1e or NFSv4 - "brands" the ACL. After that, calling function specific to another brand will result in error. .Sh RETURN VALUES .Rv -std acl_get_brand_np .Sh ERRORS The .Fn acl_get_brand_np function fails if: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa acl does not point to a valid ACL. .El .Sh SEE ALSO .Xr acl 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_get_brand_np function was added in .Fx 8.0 . .Sh AUTHORS The .Fn acl_get_brand_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_get_entry_type_np.3 =================================================================== --- head/lib/libc/posix1e/acl_get_entry_type_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_get_entry_type_np.3 (revision 367105) @@ -1,80 +1,79 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd June 25, 2009 .Dt ACL_GET_ENTRY_TYPE_NP 3 .Os .Sh NAME .Nm acl_get_entry_type_np .Nd retrieve the ACL type from an NFSv4 ACL entry .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_get_entry_type_np "acl_entry_t entry_d" "acl_entry_type_t *entry_type_p" .Sh DESCRIPTION The .Fn acl_get_entry_type_np function is a non-portable call that returns the ACL type for the NFSv4 ACL entry .Fa entry_d . Upon successful completion, the location referred to by the argument .Fa entry_type_p will be set to the ACL type of the ACL entry .Fa entry_d . .Sh RETURN VALUES .Rv -std acl_get_entry_type_np .Sh ERRORS The .Fn acl_get_entry_type_np function fails if: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa entry_d is not a valid descriptor for an NFSv4 ACL entry; .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_set_entry_type_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_get_entry_type_np function was added in .Fx 8.0 . .Sh AUTHORS The .Fn acl_get_entry_type_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_get_flag_np.3 =================================================================== --- head/lib/libc/posix1e/acl_get_flag_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_get_flag_np.3 (revision 367105) @@ -1,94 +1,93 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd October 30, 2014 .Dt ACL_GET_FLAG_NP 3 .Os .Sh NAME .Nm acl_get_flag_np .Nd check if a flag is set in a flagset .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_get_flag_np "acl_flagset_t flagset_d" "acl_flag_t flag" .Sh DESCRIPTION The .Fn acl_get_flag_np function is a non-portable function that checks if a NFSv4 ACL flag is set in a flagset. .Sh RETURN VALUES If the flag in .Fa flag is set in the flagset .Fa flagset_d , a value of 1 is returned, otherwise a value of 0 is returned. .Sh ERRORS If any of the following conditions occur, the .Fn acl_get_flag_np function will return a value of \-1 and set global variable .Va errno to the corresponding value: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa flag does not contain a valid ACL flag or argument .Fa flagset_d is not a valid ACL flagset. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_add_flag_np 3 , .Xr acl_clear_flags_np 3 , .Xr acl_delete_flag_np 3 , .Xr acl_get_flagset_np 3 , .Xr acl_set_flagset_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_get_flag_np function was added in .Fx 8.0 . .Sh AUTHORS The .Fn acl_get_flag_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_get_flagset_np.3 =================================================================== --- head/lib/libc/posix1e/acl_get_flagset_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_get_flagset_np.3 (revision 367105) @@ -1,83 +1,82 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd October 30, 2014 .Dt ACL_GET_FLAGSET_NP 3 .Os .Sh NAME .Nm acl_get_flagset_np .Nd retrieve flagset from an NFSv4 ACL entry .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_get_flagset_np "acl_entry_t entry_d" "acl_flagset_t *flagset_p" .Sh DESCRIPTION The .Fn acl_get_flagset_np function is a non-portable call that returns via .Fa flagset_np_p a descriptor to the flagset in the NFSv4 ACL entry .Fa entry_d . Subsequent operations using the returned flagset operate on the flagset within the ACL entry. .Sh RETURN VALUES .Rv -std acl_get_flagset_np .Sh ERRORS The .Fn acl_get_flagset_np function fails if: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa entry_d is not a valid descriptor for an ACL entry. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_add_flag_np 3 , .Xr acl_clear_flags_np 3 , .Xr acl_delete_flag_np 3 , .Xr acl_set_flagset_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_get_flagset_np function was added in .Fx 8.0 . .Sh AUTHORS The .Fn acl_get_flagset_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_is_trivial_np.3 =================================================================== --- head/lib/libc/posix1e/acl_is_trivial_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_is_trivial_np.3 (revision 367105) @@ -1,85 +1,84 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" This software was developed by Robert Watson for the TrustedBSD Project. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd November 12, 2013 .Dt ACL_STRIP_NP 3 .Os .Sh NAME .Nm acl_is_trivial_np .Nd determine whether ACL is trivial .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_is_trivial_np "const acl_t aclp" "int *trivialp" .Sh DESCRIPTION The .Fn acl_is_trivial function determines whether the ACL pointed to by the argument .Va acl is trivial. Upon successful completion, the location referred to by the argument .Fa trivialp will be set to 1, if the ACL .Fa aclp points to is trivial, or 0 if it's not. .Pp ACL is trivial if it can be fully expressed as a file mode without losing any access rules. For POSIX.1e ACLs, ACL is trivial if it has the three required entries, one for owner, one for owning group, and one for other. For NFSv4 ACLs, ACL is trivial if it is identical to the ACL generated by .Fn acl_strip_np 3 . Files that have non-trivial ACL have a plus sign appended after mode bits in "ls -l" output. .Sh RETURN VALUES .Rv -std acl_get_tag_type .Sh SEE ALSO .Xr acl 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion of the draft continues on the cross-platform POSIX.1e implementation mailing list. To join this list, see the .Fx POSIX.1e implementation page for more information. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_is_trivial_np function was added in .Fx 8.0 . .Sh AUTHORS .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org Index: head/lib/libc/posix1e/acl_set_entry_type_np.3 =================================================================== --- head/lib/libc/posix1e/acl_set_entry_type_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_set_entry_type_np.3 (revision 367105) @@ -1,94 +1,93 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd October 30, 2014 .Dt ACL_SET_ENTRY_TYPE_NP 3 .Os .Sh NAME .Nm acl_set_entry_type_np .Nd set NFSv4 ACL entry type .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_set_entry_type_np "acl_entry_t entry_d" "acl_entry_type_t entry_type" .Sh DESCRIPTION The .Fn acl_set_entry_type_np function is a non-portable call that sets the type of the NFSv4 ACL entry .Fa entry_d to the value referred to by .Fa entry_type . .Pp Valid values are: .Bl -column -offset 3n "ACL_ENTRY_TYPE_ALLOW" .It ACL_ENTRY_TYPE_ALLOW Ta "allow" type entry .It ACL_ENTRY_TYPE_DENY Ta "deny" type entry .El .Pp This call brands the ACL as NFSv4. .Sh RETURN VALUES .Rv -std acl_set_entry_type_np .Sh ERRORS The .Fn acl_set_entry_type_np function fails if: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa entry_d is not a valid descriptor for an ACL entry. The value pointed to by .Fa entry_type is not valid. ACL is already branded as POSIX.1e. .It Bq Er ENOMEM The value to be returned requires more memory than is allowed by the hardware or system-imposed memory management constraints. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_get_brand_np 3 , .Xr acl_get_entry_type_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_get_entry_type_np function was added in .Fx 8.0 . .Sh AUTHORS The .Fn acl_get_entry_type_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_set_flagset_np.3 =================================================================== --- head/lib/libc/posix1e/acl_set_flagset_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_set_flagset_np.3 (revision 367105) @@ -1,85 +1,84 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd October 30, 2014 .Dt ACL_SET_FLAGSET_NP 3 .Os .Sh NAME .Nm acl_set_flagset_np .Nd set the flags of an NFSv4 ACL entry .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft int .Fn acl_set_flagset_np "acl_entry_t entry_d" "acl_flagset_t flagset_d" .Sh DESCRIPTION The .Fn acl_set_flagset_np function is a non-portable call that sets the flags of NFSv4 ACL entry .Fa entry_d with the flags contained in .Fa flagset_d . .Pp This call brands the ACL as NFSv4. .Sh RETURN VALUES .Rv -std acl_set_flagset_np .Sh ERRORS The .Fn acl_set_flagset_np function fails if: .Bl -tag -width Er .It Bq Er EINVAL Argument .Fa entry_d is not a valid descriptor for an ACL entry. ACL is already branded as POSIX.1e. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_add_flag_np 3 , .Xr acl_clear_flags_np 3 , .Xr acl_delete_flag_np 3 , .Xr acl_get_brand_np 3 , .Xr acl_get_flagset_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_set_flagset_np function was added in .Fx 8.0 . .Sh AUTHORS The .Fn acl_set_flagset_np function was written by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org . Index: head/lib/libc/posix1e/acl_strip_np.3 =================================================================== --- head/lib/libc/posix1e/acl_strip_np.3 (revision 367104) +++ head/lib/libc/posix1e/acl_strip_np.3 (revision 367105) @@ -1,109 +1,108 @@ .\"- .\" Copyright (c) 2008, 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" This software was developed by Robert Watson for the TrustedBSD Project. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd June 25, 2009 .Dt ACL_STRIP_NP 3 .Os .Sh NAME .Nm acl_strip_np .Nd strip extended entries from an ACL .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In sys/types.h .In sys/acl.h .Ft acl_t .Fn acl_strip_np "const acl_t acl" "int recalculate_mask" .Sh DESCRIPTION The .Fn acl_strip_np function returns a pointer to a trivial ACL computed from the ACL pointed to by the argument .Va acl . .Pp This function may cause memory to be allocated. The caller should free any releasable memory, when the new ACL is no longer required, by calling .Xr acl_free 3 with the .Va (void*)acl_t as an argument. .Pp Any existing ACL pointers that refer to the ACL referred to by .Va acl shall continue to refer to the ACL. .Sh RETURN VALUES Upon successful completion, this function shall return a pointer to the newly allocated ACL. Otherwise, a value of .Va (acl_t)NULL shall be returned, and .Va errno shall be set to indicate the error. .Sh ERRORS If any of the following conditions occur, the .Fn acl_init function shall return a value of .Va (acl_t)NULL and set .Va errno to the corresponding value: .Bl -tag -width Er .It Bq Er EINVAL Argument .Va acl does not point to a valid ACL. .It Bq Er ENOMEM The .Va acl_t to be returned requires more memory than is allowed by the hardware or system-imposed memory management constraints. .El .Sh SEE ALSO .Xr acl 3 , .Xr acl_is_trivial_np 3 , .Xr posix1e 3 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion of the draft continues on the cross-platform POSIX.1e implementation mailing list. To join this list, see the .Fx POSIX.1e implementation page for more information. .Sh HISTORY POSIX.1e support was introduced in .Fx 4.0 . The .Fn acl_strip_np function was added in .Fx 8.0 . .Sh AUTHORS .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org Index: head/lib/libc/posix1e/acl_support_nfs4.c =================================================================== --- head/lib/libc/posix1e/acl_support_nfs4.c (revision 367104) +++ head/lib/libc/posix1e/acl_support_nfs4.c (revision 367105) @@ -1,263 +1,262 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008, 2009 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include "acl_support.h" struct flagnames_struct { uint32_t flag; const char *name; char letter; }; struct flagnames_struct a_flags[] = {{ ACL_ENTRY_FILE_INHERIT, "file_inherit", 'f'}, { ACL_ENTRY_DIRECTORY_INHERIT, "dir_inherit", 'd'}, { ACL_ENTRY_INHERIT_ONLY, "inherit_only", 'i'}, { ACL_ENTRY_NO_PROPAGATE_INHERIT, "no_propagate", 'n'}, { ACL_ENTRY_SUCCESSFUL_ACCESS, "successfull_access", 'S'}, { ACL_ENTRY_FAILED_ACCESS, "failed_access", 'F'}, { ACL_ENTRY_INHERITED, "inherited", 'I' }, /* * There is no ACE_IDENTIFIER_GROUP here - SunOS does not show it * in the "flags" field. There is no ACE_OWNER, ACE_GROUP or * ACE_EVERYONE either, for obvious reasons. */ { 0, 0, 0}}; struct flagnames_struct a_access_masks[] = {{ ACL_READ_DATA, "read_data", 'r'}, { ACL_WRITE_DATA, "write_data", 'w'}, { ACL_EXECUTE, "execute", 'x'}, { ACL_APPEND_DATA, "append_data", 'p'}, { ACL_DELETE_CHILD, "delete_child", 'D'}, { ACL_DELETE, "delete", 'd'}, { ACL_READ_ATTRIBUTES, "read_attributes", 'a'}, { ACL_WRITE_ATTRIBUTES, "write_attributes", 'A'}, { ACL_READ_NAMED_ATTRS, "read_xattr", 'R'}, { ACL_WRITE_NAMED_ATTRS, "write_xattr", 'W'}, { ACL_READ_ACL, "read_acl", 'c'}, { ACL_WRITE_ACL, "write_acl", 'C'}, { ACL_WRITE_OWNER, "write_owner", 'o'}, { ACL_SYNCHRONIZE, "synchronize", 's'}, { ACL_FULL_SET, "full_set", '\0'}, { ACL_MODIFY_SET, "modify_set", '\0'}, { ACL_READ_SET, "read_set", '\0'}, { ACL_WRITE_SET, "write_set", '\0'}, { 0, 0, 0}}; static const char * format_flag(uint32_t *var, const struct flagnames_struct *flags) { for (; flags->name != NULL; flags++) { if ((flags->flag & *var) == 0) continue; *var &= ~flags->flag; return (flags->name); } return (NULL); } static int format_flags_verbose(char *str, size_t size, uint32_t var, const struct flagnames_struct *flags) { size_t off = 0; const char *tmp; while ((tmp = format_flag(&var, flags)) != NULL) { off += snprintf(str + off, size - off, "%s/", tmp); assert (off < size); } /* If there were any flags added... */ if (off > 0) { off--; /* ... then remove the last slash. */ assert(str[off] == '/'); } str[off] = '\0'; return (0); } static int format_flags_compact(char *str, size_t size, uint32_t var, const struct flagnames_struct *flags) { size_t i; for (i = 0; flags[i].letter != '\0'; i++) { assert(i < size); if ((flags[i].flag & var) == 0) str[i] = '-'; else str[i] = flags[i].letter; } str[i] = '\0'; return (0); } static int parse_flags_verbose(const char *strp, uint32_t *var, const struct flagnames_struct *flags, const char *flags_name, int *try_compact) { int i, found, ever_found = 0; char *str, *flag; str = strdup(strp); *try_compact = 0; *var = 0; while (str != NULL) { flag = strsep(&str, "/:"); found = 0; for (i = 0; flags[i].name != NULL; i++) { if (strcmp(flags[i].name, flag) == 0) { *var |= flags[i].flag; found = 1; ever_found = 1; } } if (!found) { if (ever_found) warnx("malformed ACL: \"%s\" field contains " "invalid flag \"%s\"", flags_name, flag); else *try_compact = 1; free(str); return (-1); } } free(str); return (0); } static int parse_flags_compact(const char *str, uint32_t *var, const struct flagnames_struct *flags, const char *flags_name) { int i, j, found; *var = 0; for (i = 0;; i++) { if (str[i] == '\0') return (0); /* Ignore minus signs. */ if (str[i] == '-') continue; found = 0; for (j = 0; flags[j].name != NULL; j++) { if (flags[j].letter == str[i]) { *var |= flags[j].flag; found = 1; break; } } if (!found) { warnx("malformed ACL: \"%s\" field contains " "invalid flag \"%c\"", flags_name, str[i]); return (-1); } } } int _nfs4_format_flags(char *str, size_t size, acl_flag_t var, int verbose) { if (verbose) return (format_flags_verbose(str, size, var, a_flags)); return (format_flags_compact(str, size, var, a_flags)); } int _nfs4_format_access_mask(char *str, size_t size, acl_perm_t var, int verbose) { if (verbose) return (format_flags_verbose(str, size, var, a_access_masks)); return (format_flags_compact(str, size, var, a_access_masks)); } int _nfs4_parse_flags(const char *str, acl_flag_t *flags) { int error, try_compact; int tmpflags; error = parse_flags_verbose(str, &tmpflags, a_flags, "flags", &try_compact); if (error && try_compact) error = parse_flags_compact(str, &tmpflags, a_flags, "flags"); *flags = tmpflags; return (error); } int _nfs4_parse_access_mask(const char *str, acl_perm_t *perms) { int error, try_compact; int tmpperms; error = parse_flags_verbose(str, &tmpperms, a_access_masks, "access permissions", &try_compact); if (error && try_compact) error = parse_flags_compact(str, &tmpperms, a_access_masks, "access permissions"); *perms = tmpperms; return (error); } Index: head/lib/libc/posix1e/acl_to_text_nfs4.c =================================================================== --- head/lib/libc/posix1e/acl_to_text_nfs4.c (revision 367104) +++ head/lib/libc/posix1e/acl_to_text_nfs4.c (revision 367105) @@ -1,266 +1,265 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008, 2009 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include "acl_support.h" #define MAX_ENTRY_LENGTH 512 static int format_who(char *str, size_t size, const acl_entry_t entry, int numeric) { int error; acl_tag_t tag; struct passwd *pwd; struct group *grp; uid_t *id; error = acl_get_tag_type(entry, &tag); if (error) return (error); switch (tag) { case ACL_USER_OBJ: snprintf(str, size, "owner@"); break; case ACL_USER: id = (uid_t *)acl_get_qualifier(entry); if (id == NULL) return (-1); /* XXX: Thread-unsafe. */ if (!numeric) pwd = getpwuid(*id); else pwd = NULL; if (pwd == NULL) snprintf(str, size, "user:%d", (unsigned int)*id); else snprintf(str, size, "user:%s", pwd->pw_name); break; case ACL_GROUP_OBJ: snprintf(str, size, "group@"); break; case ACL_GROUP: id = (uid_t *)acl_get_qualifier(entry); if (id == NULL) return (-1); /* XXX: Thread-unsafe. */ if (!numeric) grp = getgrgid(*id); else grp = NULL; if (grp == NULL) snprintf(str, size, "group:%d", (unsigned int)*id); else snprintf(str, size, "group:%s", grp->gr_name); break; case ACL_EVERYONE: snprintf(str, size, "everyone@"); break; default: return (-1); } return (0); } static int format_entry_type(char *str, size_t size, const acl_entry_t entry) { int error; acl_entry_type_t entry_type; error = acl_get_entry_type_np(entry, &entry_type); if (error) return (error); switch (entry_type) { case ACL_ENTRY_TYPE_ALLOW: snprintf(str, size, "allow"); break; case ACL_ENTRY_TYPE_DENY: snprintf(str, size, "deny"); break; case ACL_ENTRY_TYPE_AUDIT: snprintf(str, size, "audit"); break; case ACL_ENTRY_TYPE_ALARM: snprintf(str, size, "alarm"); break; default: return (-1); } return (0); } static int format_additional_id(char *str, size_t size, const acl_entry_t entry) { int error; acl_tag_t tag; uid_t *id; error = acl_get_tag_type(entry, &tag); if (error) return (error); switch (tag) { case ACL_USER_OBJ: case ACL_GROUP_OBJ: case ACL_EVERYONE: str[0] = '\0'; break; default: id = (uid_t *)acl_get_qualifier(entry); if (id == NULL) return (-1); snprintf(str, size, ":%d", (unsigned int)*id); } return (0); } static int format_entry(char *str, size_t size, const acl_entry_t entry, int flags) { size_t off = 0, min_who_field_length = 18; acl_permset_t permset; acl_flagset_t flagset; int error, len; char buf[MAX_ENTRY_LENGTH + 1]; assert(_entry_brand(entry) == ACL_BRAND_NFS4); error = acl_get_flagset_np(entry, &flagset); if (error) return (error); error = acl_get_permset(entry, &permset); if (error) return (error); error = format_who(buf, sizeof(buf), entry, flags & ACL_TEXT_NUMERIC_IDS); if (error) return (error); len = strlen(buf); if (len < min_who_field_length) len = min_who_field_length; off += snprintf(str + off, size - off, "%*s:", len, buf); error = _nfs4_format_access_mask(buf, sizeof(buf), *permset, flags & ACL_TEXT_VERBOSE); if (error) return (error); off += snprintf(str + off, size - off, "%s:", buf); error = _nfs4_format_flags(buf, sizeof(buf), *flagset, flags & ACL_TEXT_VERBOSE); if (error) return (error); off += snprintf(str + off, size - off, "%s:", buf); error = format_entry_type(buf, sizeof(buf), entry); if (error) return (error); off += snprintf(str + off, size - off, "%s", buf); if (flags & ACL_TEXT_APPEND_ID) { error = format_additional_id(buf, sizeof(buf), entry); if (error) return (error); off += snprintf(str + off, size - off, "%s", buf); } off += snprintf(str + off, size - off, "\n"); /* Make sure we didn't truncate anything. */ assert (off < size); return (0); } char * _nfs4_acl_to_text_np(const acl_t aclp, ssize_t *len_p, int flags) { int error, off = 0, size, entry_id = ACL_FIRST_ENTRY; char *str; acl_entry_t entry; if (aclp->ats_acl.acl_cnt == 0) return strdup(""); size = aclp->ats_acl.acl_cnt * MAX_ENTRY_LENGTH; str = malloc(size); if (str == NULL) return (NULL); while (acl_get_entry(aclp, entry_id, &entry) == 1) { entry_id = ACL_NEXT_ENTRY; assert(off < size); error = format_entry(str + off, size - off, entry, flags); if (error) { free(str); errno = EINVAL; return (NULL); } off = strlen(str); } assert(off < size); str[off] = '\0'; if (len_p != NULL) *len_p = off; return (str); } Index: head/lib/libc/sys/getloginclass.2 =================================================================== --- head/lib/libc/sys/getloginclass.2 (revision 367104) +++ head/lib/libc/sys/getloginclass.2 (revision 367105) @@ -1,100 +1,99 @@ .\"- .\" Copyright (c) 2011 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd July 12, 2016 .Dt GETLOGINCLASS 2 .Os .Sh NAME .Nm getloginclass , .Nm setloginclass .Nd get/set login class .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In unistd.h .Ft int .Fn getloginclass "char *name" "size_t len" .Ft int .Fn setloginclass "const char *name" .Sh DESCRIPTION The .Fn getloginclass routine returns the login class name associated with the calling process, as previously set by .Fn setloginclass . The caller must provide the buffer .Fa name with length .Fa len bytes to hold the result. The buffer should be at least .Dv MAXLOGNAME bytes in length. .Pp The .Fn setloginclass system call sets the login class of the calling process to .Fa name . This system call is restricted to the super-user, and is normally used only when a new session is being created on behalf of the named user (for example, at login time, or when a remote shell is invoked). Processes inherit login class from their parents. .Sh RETURN VALUES .Rv -std .Sh ERRORS The following errors may be returned by these calls: .Bl -tag -width Er .It Bq Er EFAULT The .Fa name argument gave an invalid address. .It Bq Er EINVAL The .Fa name argument pointed to a string that was too long. Login class names are limited to .Dv MAXLOGNAME (from .In sys/param.h ) characters, currently 33 including null. .It Bq Er EPERM The caller tried to set the login class and was not the super-user. .It Bq Er ENAMETOOLONG The size of the buffer is smaller than the result to be returned. .El .Sh SEE ALSO .Xr ps 1 , .Xr setusercontext 3 , .Xr login.conf 5 , .Xr rctl 8 .Sh HISTORY The .Fn getloginclass and .Fn setloginclass system calls first appeared in .Fx 9.0 . Index: head/sbin/mdconfig/tests/mdconfig_test.sh =================================================================== --- head/sbin/mdconfig/tests/mdconfig_test.sh (revision 367104) +++ head/sbin/mdconfig/tests/mdconfig_test.sh (revision 367105) @@ -1,281 +1,280 @@ # Copyright (c) 2012 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # check_diskinfo() { local md=$1 local mediasize_in_bytes=$2 local mediasize_in_sectors=$3 local sectorsize=${4:-512} local stripesize=${5:-0} local stripeoffset=${6:-0} atf_check -s exit:0 \ -o match:"/dev/$md *$sectorsize *$mediasize_in_bytes *$mediasize_in_sectors *$stripesize *$stripeoffset" \ -x "diskinfo /dev/$md | expand" } cleanup_common() { if [ -f mdconfig.out ]; then mdconfig -d -u $(sed -e 's/md//' mdconfig.out) fi } atf_test_case attach_vnode_non_explicit_type cleanup attach_vnode_non_explicit_type_head() { atf_set "descr" "Tests out -a / -f without -t" } attach_vnode_non_explicit_type_body() { local md local size_in_mb=1024 atf_check -s exit:0 -x "truncate -s ${size_in_mb}m xxx" atf_check -s exit:0 -o save:mdconfig.out -x 'mdconfig -af xxx' md=$(cat mdconfig.out) atf_check -s exit:0 -o match:'^md[0-9]+$' -x "echo $md" check_diskinfo "$md" "1073741824" "2097152" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md vnode ${size_in_mb}M$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_vnode_non_explicit_type_cleanup() { cleanup_common } atf_test_case attach_vnode_implicit_a_f cleanup attach_vnode_implicit_a_f_head() { atf_set "descr" "Tests out implied -a / -f without -t" } attach_vnode_implicit_a_f_body() { local md local size_in_mb=1024 atf_check -s exit:0 -x "truncate -s ${size_in_mb}m xxx" atf_check -s exit:0 -o save:mdconfig.out -x 'mdconfig xxx' md=$(cat mdconfig.out) atf_check -s exit:0 -o match:'^md[0-9]+$' -x "echo $md" check_diskinfo "$md" "1073741824" "2097152" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md vnode ${size_in_mb}M$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_vnode_implicit_a_f_cleanup() { cleanup_common } atf_test_case attach_vnode_explicit_type cleanup attach_vnode_explicit_type_head() { atf_set "descr" "Tests out implied -a / -f with -t vnode" } attach_vnode_explicit_type_body() { local md local size_in_mb=1024 atf_check -s exit:0 -x "truncate -s ${size_in_mb}m xxx" atf_check -s exit:0 -o save:mdconfig.out -x 'mdconfig -af xxx -t vnode' md=$(cat mdconfig.out) atf_check -s exit:0 -o match:'^md[0-9]+$' -x "echo $md" check_diskinfo "$md" "1073741824" "2097152" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md vnode ${size_in_mb}M$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_vnode_explicit_type_cleanup() { [ -f mdconfig.out ] && mdconfig -d -u $(sed -e 's/md//' mdconfig.out) rm -f mdconfig.out xxx } atf_test_case attach_vnode_smaller_than_file cleanup attach_vnode_smaller_than_file_head() { atf_set "descr" "Tests mdconfig -s with size less than the file size" } attach_vnode_smaller_than_file_body() { local md local size_in_mb=128 atf_check -s exit:0 -x "truncate -s 1024m xxx" atf_check -s exit:0 -o save:mdconfig.out \ -x "mdconfig -af xxx -s ${size_in_mb}m" md=$(cat mdconfig.out) atf_check -s exit:0 -o match:'^md[0-9]+$' -x "echo $md" check_diskinfo "$md" "134217728" "262144" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md vnode ${size_in_mb}M$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_vnode_smaller_than_file_cleanup() { cleanup_common } atf_test_case attach_vnode_larger_than_file cleanup attach_vnode_larger_than_file_head() { atf_set "descr" "Tests mdconfig -s with size greater than the file size" } attach_vnode_larger_than_file_body() { local md local size_in_gb=128 atf_check -s exit:0 -x "truncate -s 1024m xxx" atf_check -s exit:0 -o save:mdconfig.out \ -x "mdconfig -af xxx -s ${size_in_gb}g" md=$(cat mdconfig.out) atf_check -s exit:0 -o match:'^md[0-9]+$' -x "echo $md" check_diskinfo "$md" "137438953472" "268435456" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md vnode ${size_in_gb}G$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_vnode_larger_than_file_cleanup() { cleanup_common } atf_test_case attach_vnode_sector_size cleanup attach_vnode_sector_size_head() { atf_set "descr" "Tests mdconfig -s with size greater than the file size" } attach_vnode_sector_size_body() { local md local size_in_mb=1024 atf_check -s exit:0 -x "truncate -s ${size_in_mb}m xxx" atf_check -s exit:0 -o save:mdconfig.out \ -x "mdconfig -af xxx -S 2048" md=$(cat mdconfig.out) atf_check -s exit:0 -o match:'^md[0-9]+$' -x "echo $md" check_diskinfo "$md" "1073741824" "524288" "2048" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md vnode ${size_in_mb}M$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_vnode_sector_size_cleanup() { cleanup_common } atf_test_case attach_malloc cleanup attach_malloc_head() { atf_set "descr" "Tests mdconfig with -t malloc" } attach_malloc_body() { local md local size_in_mb=1024 atf_check -s exit:0 -o save:mdconfig.out \ -x 'mdconfig -a -t malloc -s 1g' md=$(cat mdconfig.out) atf_check -s exit:0 -o match:'^md[0-9]+$' -x "echo $md" check_diskinfo "$md" "1073741824" "2097152" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md malloc ${size_in_mb}M$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_malloc_cleanup() { cleanup_common } atf_test_case attach_swap cleanup attach_swap_head() { atf_set "descr" "Tests mdconfig with -t swap" } attach_swap_body() { local md local size_in_mb=1024 atf_check -s exit:0 -o save:mdconfig.out \ -x 'mdconfig -a -t swap -s 1g' md=$(cat mdconfig.out) atf_check -s exit:0 -o match:'^md[0-9]+$' -x "echo $md" check_diskinfo "$md" "1073741824" "2097152" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md swap ${size_in_mb}M$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_swap_cleanup() { cleanup_common } atf_test_case attach_with_specific_unit_number cleanup attach_with_specific_unit_number_head() { atf_set "descr" "Tests mdconfig with a unit specified by -u" } attach_with_specific_unit_number_body() { local md_unit=99 local size_in_mb=10 local md="md${md_unit}" echo "$md" > mdconfig.out atf_check -s exit:0 -o empty \ -x "mdconfig -a -t malloc -s ${size_in_mb}m -u $md_unit" check_diskinfo "$md" "10485760" "20480" # This awk strips the file path. atf_check -s exit:0 -o match:"^$md malloc "$size_in_mb"M$" \ -x "mdconfig -lv | awk '\$1 == \"$md\" { print \$1, \$2, \$3 }'" } attach_with_specific_unit_number_cleanup() { cleanup_common } atf_init_test_cases() { atf_add_test_case attach_vnode_non_explicit_type atf_add_test_case attach_vnode_explicit_type atf_add_test_case attach_vnode_smaller_than_file atf_add_test_case attach_vnode_larger_than_file atf_add_test_case attach_vnode_sector_size atf_add_test_case attach_malloc atf_add_test_case attach_swap atf_add_test_case attach_with_specific_unit_number } Index: head/share/man/man4/cfumass.4 =================================================================== --- head/share/man/man4/cfumass.4 (revision 367104) +++ head/share/man/man4/cfumass.4 (revision 367105) @@ -1,144 +1,143 @@ .\" Copyright (c) 2017 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .Dd April 21, 2018 .Dt CFUMASS 4 .Os .Sh NAME .Nm cfumass .Nd USB device side support for Mass Storage Class Transport .Sh SYNOPSIS This driver can be compiled into the kernel by placing these lines in the kernel configuration file: .Bd -ragged -offset indent .Cd "device usb" .Cd "device usb_template" .Cd "device ctl" .Cd "device cfumass" .Ed .Pp The driver module can also be loaded at boot by adding this line to .Xr loader.conf 5 : .Bd -literal -offset indent cfumass_load="YES" .Ed .Sh DESCRIPTION The .Nm driver provides device side support for emulating an USB mass storage device compliant with the USB Mass Storage Class Bulk-Only (BBB) Transport specification, implemented as a .Xr ctl 4 frontend driver. .Pp To use .Nm : .Bl -bullet .It .Xr cfumass 4 must be loaded as a module or compiled into the kernel. .It The USB Mass Storage template must be chosen by setting the .Va hw.usb.template sysctl to 0. .It The USB OTG port must be working in USB device-side mode. This happens automatically upon connection to a USB host. .It There must be a .Xr ctl 4 LUN configured for the .Pa cfumass port. .El .Pp Upon loading, the driver creates a .Xr ctl 4 port named .Pa cfumass , presenting the first LUN mapped for that port - usually LUN 0 - to the USB host. See .Xr ctl.conf 5 and .Xr ctld 8 for details on configuring the LUN. See the .Cm cfumass_enable and .Cm cfumass_dir .Xr rc 8 variables in .Xr rc.conf 5 for an automated way to configure it at boot. .Sh SYSCTL VARIABLES These variables are available as both .Xr sysctl 8 variables and .Xr loader 8 tunables: .Bl -tag -width indent .It Va hw.usb.cfumass.debug Verbosity level for log messages from the .Nm driver. Set to 0 to disable logging or 1 to warn about potential problems. Larger values enable debugging output. Defaults to 1. .It Va hw.usb.cfumass.ignore_stop Ignore START STOP UNIT SCSI commands with START and LOEJ bits cleared. Some initiators send that command to stop the target when the user attempts to gracefully eject the drive, but fail to start it when the drive is reconnected. Set to 0 to handle the command in a standards-compliant way, 1 to ignore it and log a warning, or 2 to ignore it silently. Defaults to 1. .It Va hw.usb.cfumass.max_lun Max LUN number to report to the initiator (USB host). Must be between 0 and 15. Some initiators incorrectly handle values larger than 0. Defaults to 0. .El .Sh SEE ALSO .Xr ctl 4 , .Xr umass 4 , .Xr usb 4 , .Xr usb_template 4 , .Xr ctl.conf 5 , .Xr ctld 8 .Sh HISTORY The .Nm driver first appeared in .Fx 11.1 . .Sh AUTHORS The .Nm driver was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/share/man/man4/iscsi.4 =================================================================== --- head/share/man/man4/iscsi.4 (revision 367104) +++ head/share/man/man4/iscsi.4 (revision 367105) @@ -1,120 +1,119 @@ .\" Copyright (c) 2014 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .Dd May 28, 2017 .Dt ISCSI 4 .Os .Sh NAME .Nm iscsi .Nd iSCSI initiator .Sh SYNOPSIS To compile this driver into the kernel, place the following line in the kernel configuration file: .Bd -ragged -offset indent .Cd "device iscsi" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent iscsi_load="YES" .Ed .Sh DESCRIPTION The .Nm subsystem provides the kernel component of an iSCSI initiator, responsible for implementing the Full Feature Phase of the iSCSI protocol. The initiator is the iSCSI client, which connects to an iSCSI target, providing local access to a remote block device. The userland component is provided by .Xr iscsid 8 and both the kernel and userland are configured using .Xr iscsictl 8 . .Sh SYSCTL VARIABLES The following variables are available as both .Xr sysctl 8 variables and .Xr loader 8 tunables: .Bl -tag -width indent .It Va kern.iscsi.debug Verbosity level for log messages from the .Nm driver. Set to 0 to disable logging or 1 to warn about potential problems. Larger values enable debugging output. Defaults to 1. .It Va kern.iscsi.ping_timeout The number of seconds to wait for the target to respond to a NOP-Out PDU. In the event that there is no response within that time the session gets forcibly restarted. Set to 0 to disable sending NOP-Out PDUs. Defaults to 5. .It Va kern.iscsi.iscsid_timeout The number of seconds to wait for .Xr iscsid 8 to establish a session. After that time .Nm will abort and retry. Defaults to 60. .It Va kern.iscsi.login_timeout The number of seconds to wait for a login attempt to succeed. After that time .Nm will abort and retry. Defaults to 60. .It Va kern.iscsi.maxtags The maximum number of outstanding IO requests. Defaults to 255. .It Va kern.iscsi.fail_on_disconnection Controls the behavior after an iSCSI connection has been dropped due to network problems. When set to 1, a dropped connection causes the iSCSI device nodes to be destroyed. After reconnecting, they will be created again. By default, the device nodes are left intact. While the connection is down all input/output operations are suspended, to be retried after the connection is reestablished. .El .Sh SEE ALSO .Xr iser 4 , .Xr iscsi.conf 5 , .Xr iscsictl 8 , .Xr iscsid 8 .Sh HISTORY The .Nm subsystem first appeared in .Fx 10.0 . .Sh AUTHORS The .Nm subsystem was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/share/man/man4/rctl.4 =================================================================== --- head/share/man/man4/rctl.4 (revision 367104) +++ head/share/man/man4/rctl.4 (revision 367105) @@ -1,74 +1,73 @@ .\" Copyright (c) 2017 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .Dd May 28, 2017 .Dt RCTL 4 .Os .Sh NAME .Nm rctl .Nd resource limits .Sh SYNOPSIS To compile this driver into the kernel, place the following line in the kernel configuration file: .Bd -ragged -offset indent .Cd "options RACCT" .Cd "options RCTL" .Ed .Sh DESCRIPTION The .Nm subsystem provides a flexible resource limits mechanism, controlled by a set of rules that can be added or removed at runtime using the .Xr rctl 8 management utility. .Sh LOADER TUNABLES Tunables can be set at the .Xr loader 8 prompt, or .Xr loader.conf 5 . .Bl -tag -width indent .It Va kern.racct.enable: No 1 Enable .Nm . This defaults to 1, unless .Cd "options RACCT_DEFAULT_TO_DISABLED" is set in the kernel configuration file. .El .Sh SEE ALSO .Xr rctl.conf 5 , .Xr rctl 8 .Sh HISTORY The .Nm subsystem first appeared in .Fx 9.0 . .Sh AUTHORS The .Nm subsystem was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/share/man/man5/autofs.5 =================================================================== --- head/share/man/man5/autofs.5 (revision 367104) +++ head/share/man/man5/autofs.5 (revision 367105) @@ -1,138 +1,137 @@ .\" Copyright (c) 2014 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd December 2, 2017 .Dt AUTOFS 5 .Os .Sh NAME .Nm autofs .Nd "automounter filesystem" .Sh SYNOPSIS To compile this driver into the kernel, place the following line in the kernel configuration file: .Bd -ragged -offset indent .Cd "options AUTOFS" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent autofs_load="YES" .Ed .Sh DESCRIPTION The .Nm driver is the kernel component of the automounter infrastructure. Its job is to pass mount requests to the .Xr automountd 8 daemon, and pause the processes trying to access the automounted filesystem until the mount is completed. It is mounted by the .Xr automount 8 . .Sh OPTIONS These options are available when mounting .Nm file systems: .Bl -tag -width indent .It Cm master_options Mount options for all filesystems specified in the map entry. .It Cm master_prefix Filesystem mountpoint prefix. .El .Sh SYSCTL VARIABLES The following variables are available as both .Xr sysctl 8 variables and .Xr loader 8 tunables: .Bl -tag -width indent .It Va vfs.autofs.debug Verbosity level for log messages from the .Nm driver. Set to 0 to disable logging or 1 to warn about potential problems. Larger values enable debugging output. Defaults to 1. .It Va vfs.autofs.interruptible Set to 1 to allow mount requests to be interrupted by signal. Defaults to 1. .It Va vfs.autofs.retry_delay Number of seconds before retrying mount requests. Defaults to 1. .It Va vfs.autofs.retry_attempts Number of attempts before failing mount. Defaults to 3. .It Va vfs.autofs.cache Number of seconds to wait before reinvoking .Xr automountd 8 for any given file or directory. Defaults to 600. .It Va vfs.autofs.timeout Number of seconds to wait for .Xr automountd 8 to handle the mount request. Defaults to 30. .It Va vfs.autofs.mount_on_stat Set to 1 to trigger mount on .Xr stat 2 on mountpoint. Defaults to 0. .El .Sh EXAMPLES To unmount all mounted .Nm filesystems: .Pp .Dl "umount -At autofs" .Pp To mount .Nm filesystems specified in .Xr auto_master 5 : .Pp .Dl "automount" .Sh SEE ALSO .Xr auto_master 5 , .Xr automount 8 , .Xr automountd 8 , .Xr autounmountd 8 .Sh HISTORY The .Nm driver first appeared in .Fx 10.1 . .Sh AUTHORS The .Nm was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/share/man/man7/development.7 =================================================================== --- head/share/man/man7/development.7 (revision 367104) +++ head/share/man/man7/development.7 (revision 367105) @@ -1,197 +1,196 @@ .\" Copyright (c) 2018 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd August 19, 2020 .Dt DEVELOPMENT 7 .Os .Sh NAME .Nm development .Nd introduction to .Fx development process .Sh DESCRIPTION .Fx development is split into three major suprojects: doc, ports, and src. Doc is the documentation, such as the .Fx Handbook. To read more, see: .Pp .Lk https://www.FreeBSD.org/doc/en/books/fdp-primer/ .Pp Ports, described further in .Xr ports 7 , are the way to build, package, and install third party software. To read more, see: .Pp .Lk https://www.FreeBSD.org/doc/en/books/porters-handbook/ .Pp The last one, src, revolves around the source code for the base system, consisting of the kernel, and the libraries and utilities commonly called the world. .Pp The Committer's Guide, describing topics relevant to all committers, can be found at: .Pp .Lk https://www.FreeBSD.org/doc/en/articles/committers-guide/ .Pp .Fx src development takes place in the CURRENT branch in Subversion, located at: .Pp .Lk https://svn.FreeBSD.org/base/head .Pp There is also a read-only GitHub mirror at: .Pp .Lk https://github.com/freebsd/freebsd .Pp Changes are first committed to CURRENT and then usually merged back to STABLE. Every few years the CURRENT branch is renamed to STABLE, and a new CURRENT is branched, with an incremented major version number. Releases are then branched off STABLE and numbered with consecutive minor numbers. .Pp Layout of the source tree is described in .Xr hier 7 . Build instructions can be found in .Xr build 7 and .Xr release 7 . Kernel programming interfaces (KPIs) are documented in section 9 manual pages; use .Ql "apropos -s 9 ." for a list. Regression test suite is described in .Xr tests 7 . For coding conventions, see .Xr style 9 . .Pp To ask questions regarding development, use the mailing lists, such as freebsd-arch@ and freebsd-hackers@: .Pp .Lk https://lists.FreeBSD.org .Pp To get your patches integrated into the main .Fx repository use Phabricator; it is a code review tool that allows other developers to review the changes, suggest improvements, and, eventually, allows them to pick up the change and commit it: .Pp .Lk https://reviews.FreeBSD.org .Pp To check the latest .Fx build and test status of CURRENT and STABLE branches, the continuous integration system is at: .Pp .Lk https://ci.FreeBSD.org .Pp .Sh EXAMPLES Check out the CURRENT branch, build it, and install, overwriting the current system: .Bd -literal -offset indent svnlite co https://svn.FreeBSD.org/base/head src cd src make -sj8 buildworld buildkernel installkernel shutdown -r now .Ed .Pp After reboot: .Bd -literal -offset indent cd src make -j8 installworld reboot .Ed .Pp Rebuild and reinstall a single piece of userspace, in this case .Xr ls 1 : .Bd -literal -offset indent cd src/bin/ls make clean all install .Ed .Pp Quickly rebuild and reinstall the kernel, only recompiling the files changed since last build; note that this will only work if the full kernel build has been completed in the past, not on a fresh source tree: .Bd -literal -offset indent cd src make -sj8 kernel KERNFAST=1 .Ed .Pp To rebuild parts of .Fx for another CPU architecture, first prepare your source tree by building the cross-toolchain: .Bd -literal -offset indent cd src make -sj8 toolchain TARGET_ARCH=armv6 .Ed .Pp Afterwards, to build and install a single piece of userspace, use: .Bd -literal -offset indent cd src/bin/ls make buildenv TARGET_ARCH=armv6 make clean all install DESTDIR=/clients/arm .Ed .Pp Likewise, to quickly rebuild and reinstall the kernel, use: .Bd -literal -offset indent cd src make buildenv TARGET_ARCH=armv6 make -sj8 kernel KERNFAST=1 DESTDIR=/clients/arm .Ed .Sh SEE ALSO .Xr svnlite 1 , .Xr witness 4 , .Xr build 7 , .Xr hier 7 , .Xr ports 7 , .Xr release 7 , .Xr tests 7 , .Xr locking 9 , .Xr style 9 .Sh HISTORY The .Nm manual page was originally written by .An Matthew Dillon Aq Mt dillon@FreeBSD.org and first appeared in .Fx 5.0 , December 2002. It was since extensively modified by .An Eitan Adler Aq Mt eadler@FreeBSD.org to reflect the repository conversion from .Xr cvs 1 to .Xr svn 1 . It was rewritten from scratch by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org for .Fx 12.0 . Index: head/sys/amd64/linux/linux_ptrace.c =================================================================== --- head/sys/amd64/linux/linux_ptrace.c (revision 367104) +++ head/sys/amd64/linux/linux_ptrace.c (revision 367105) @@ -1,665 +1,664 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2017 Edward Tomasz Napierala - * All rights reserved. * * This software was developed by SRI International and the University of * Cambridge Computer Laboratory under DARPA/AFRL contract (FA8750-10-C-0237) * ("CTSRD"), as part of the DARPA CRASH research programme. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define LINUX_PTRACE_TRACEME 0 #define LINUX_PTRACE_PEEKTEXT 1 #define LINUX_PTRACE_PEEKDATA 2 #define LINUX_PTRACE_PEEKUSER 3 #define LINUX_PTRACE_POKETEXT 4 #define LINUX_PTRACE_POKEDATA 5 #define LINUX_PTRACE_POKEUSER 6 #define LINUX_PTRACE_CONT 7 #define LINUX_PTRACE_KILL 8 #define LINUX_PTRACE_SINGLESTEP 9 #define LINUX_PTRACE_GETREGS 12 #define LINUX_PTRACE_SETREGS 13 #define LINUX_PTRACE_GETFPREGS 14 #define LINUX_PTRACE_SETFPREGS 15 #define LINUX_PTRACE_ATTACH 16 #define LINUX_PTRACE_DETACH 17 #define LINUX_PTRACE_SYSCALL 24 #define LINUX_PTRACE_SETOPTIONS 0x4200 #define LINUX_PTRACE_GETSIGINFO 0x4202 #define LINUX_PTRACE_GETREGSET 0x4204 #define LINUX_PTRACE_SEIZE 0x4206 #define LINUX_PTRACE_GET_SYSCALL_INFO 0x420e #define LINUX_PTRACE_EVENT_EXIT 6 #define LINUX_PTRACE_O_TRACESYSGOOD 1 #define LINUX_PTRACE_O_TRACEFORK 2 #define LINUX_PTRACE_O_TRACEVFORK 4 #define LINUX_PTRACE_O_TRACECLONE 8 #define LINUX_PTRACE_O_TRACEEXEC 16 #define LINUX_PTRACE_O_TRACEVFORKDONE 32 #define LINUX_PTRACE_O_TRACEEXIT 64 #define LINUX_PTRACE_O_TRACESECCOMP 128 #define LINUX_PTRACE_O_EXITKILL 1048576 #define LINUX_PTRACE_O_SUSPEND_SECCOMP 2097152 #define LINUX_NT_PRSTATUS 1 #define LINUX_PTRACE_O_MASK (LINUX_PTRACE_O_TRACESYSGOOD | \ LINUX_PTRACE_O_TRACEFORK | LINUX_PTRACE_O_TRACEVFORK | \ LINUX_PTRACE_O_TRACECLONE | LINUX_PTRACE_O_TRACEEXEC | \ LINUX_PTRACE_O_TRACEVFORKDONE | LINUX_PTRACE_O_TRACEEXIT | \ LINUX_PTRACE_O_TRACESECCOMP | LINUX_PTRACE_O_EXITKILL | \ LINUX_PTRACE_O_SUSPEND_SECCOMP) static int map_signum(int lsig, int *bsigp) { int bsig; if (lsig == 0) { *bsigp = 0; return (0); } if (lsig < 0 || lsig > LINUX_SIGRTMAX) return (EINVAL); bsig = linux_to_bsd_signal(lsig); if (bsig == SIGSTOP) bsig = 0; *bsigp = bsig; return (0); } int linux_ptrace_status(struct thread *td, pid_t pid, int status) { struct ptrace_lwpinfo lwpinfo; struct linux_pemuldata *pem; register_t saved_retval; int error; saved_retval = td->td_retval[0]; error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo)); td->td_retval[0] = saved_retval; if (error != 0) { linux_msg(td, "PT_LWPINFO failed with error %d", error); return (status); } pem = pem_find(td->td_proc); KASSERT(pem != NULL, ("%s: proc emuldata not found.\n", __func__)); LINUX_PEM_SLOCK(pem); if ((pem->ptrace_flags & LINUX_PTRACE_O_TRACESYSGOOD) && lwpinfo.pl_flags & PL_FLAG_SCE) status |= (LINUX_SIGTRAP | 0x80) << 8; if ((pem->ptrace_flags & LINUX_PTRACE_O_TRACESYSGOOD) && lwpinfo.pl_flags & PL_FLAG_SCX) status |= (LINUX_SIGTRAP | 0x80) << 8; if ((pem->ptrace_flags & LINUX_PTRACE_O_TRACEEXIT) && lwpinfo.pl_flags & PL_FLAG_EXITED) status |= (LINUX_SIGTRAP | LINUX_PTRACE_EVENT_EXIT << 8) << 8; LINUX_PEM_SUNLOCK(pem); return (status); } struct linux_pt_reg { l_ulong r15; l_ulong r14; l_ulong r13; l_ulong r12; l_ulong rbp; l_ulong rbx; l_ulong r11; l_ulong r10; l_ulong r9; l_ulong r8; l_ulong rax; l_ulong rcx; l_ulong rdx; l_ulong rsi; l_ulong rdi; l_ulong orig_rax; l_ulong rip; l_ulong cs; l_ulong eflags; l_ulong rsp; l_ulong ss; }; struct linux_pt_regset { l_ulong r15; l_ulong r14; l_ulong r13; l_ulong r12; l_ulong rbp; l_ulong rbx; l_ulong r11; l_ulong r10; l_ulong r9; l_ulong r8; l_ulong rax; l_ulong rcx; l_ulong rdx; l_ulong rsi; l_ulong rdi; l_ulong orig_rax; l_ulong rip; l_ulong cs; l_ulong eflags; l_ulong rsp; l_ulong ss; l_ulong fs_base; l_ulong gs_base; l_ulong ds; l_ulong es; l_ulong fs; l_ulong gs; }; /* * Translate amd64 ptrace registers between Linux and FreeBSD formats. * The translation is pretty straighforward, for all registers but * orig_rax on Linux side and r_trapno and r_err in FreeBSD. */ static void map_regs_to_linux(struct reg *b_reg, struct linux_pt_reg *l_reg) { l_reg->r15 = b_reg->r_r15; l_reg->r14 = b_reg->r_r14; l_reg->r13 = b_reg->r_r13; l_reg->r12 = b_reg->r_r12; l_reg->rbp = b_reg->r_rbp; l_reg->rbx = b_reg->r_rbx; l_reg->r11 = b_reg->r_r11; l_reg->r10 = b_reg->r_r10; l_reg->r9 = b_reg->r_r9; l_reg->r8 = b_reg->r_r8; l_reg->rax = b_reg->r_rax; l_reg->rcx = b_reg->r_rcx; l_reg->rdx = b_reg->r_rdx; l_reg->rsi = b_reg->r_rsi; l_reg->rdi = b_reg->r_rdi; l_reg->orig_rax = b_reg->r_rax; l_reg->rip = b_reg->r_rip; l_reg->cs = b_reg->r_cs; l_reg->eflags = b_reg->r_rflags; l_reg->rsp = b_reg->r_rsp; l_reg->ss = b_reg->r_ss; } static void map_regs_to_linux_regset(struct reg *b_reg, unsigned long fs_base, unsigned long gs_base, struct linux_pt_regset *l_regset) { l_regset->r15 = b_reg->r_r15; l_regset->r14 = b_reg->r_r14; l_regset->r13 = b_reg->r_r13; l_regset->r12 = b_reg->r_r12; l_regset->rbp = b_reg->r_rbp; l_regset->rbx = b_reg->r_rbx; l_regset->r11 = b_reg->r_r11; l_regset->r10 = b_reg->r_r10; l_regset->r9 = b_reg->r_r9; l_regset->r8 = b_reg->r_r8; l_regset->rax = b_reg->r_rax; l_regset->rcx = b_reg->r_rcx; l_regset->rdx = b_reg->r_rdx; l_regset->rsi = b_reg->r_rsi; l_regset->rdi = b_reg->r_rdi; l_regset->orig_rax = b_reg->r_rax; l_regset->rip = b_reg->r_rip; l_regset->cs = b_reg->r_cs; l_regset->eflags = b_reg->r_rflags; l_regset->rsp = b_reg->r_rsp; l_regset->ss = b_reg->r_ss; l_regset->fs_base = fs_base; l_regset->gs_base = gs_base; l_regset->ds = b_reg->r_ds; l_regset->es = b_reg->r_es; l_regset->fs = b_reg->r_fs; l_regset->gs = b_reg->r_gs; } static void map_regs_from_linux(struct reg *b_reg, struct linux_pt_reg *l_reg) { b_reg->r_r15 = l_reg->r15; b_reg->r_r14 = l_reg->r14; b_reg->r_r13 = l_reg->r13; b_reg->r_r12 = l_reg->r12; b_reg->r_r11 = l_reg->r11; b_reg->r_r10 = l_reg->r10; b_reg->r_r9 = l_reg->r9; b_reg->r_r8 = l_reg->r8; b_reg->r_rdi = l_reg->rdi; b_reg->r_rsi = l_reg->rsi; b_reg->r_rbp = l_reg->rbp; b_reg->r_rbx = l_reg->rbx; b_reg->r_rdx = l_reg->rdx; b_reg->r_rcx = l_reg->rcx; b_reg->r_rax = l_reg->rax; /* * XXX: Are zeroes the right thing to put here? */ b_reg->r_trapno = 0; b_reg->r_fs = 0; b_reg->r_gs = 0; b_reg->r_err = 0; b_reg->r_es = 0; b_reg->r_ds = 0; b_reg->r_rip = l_reg->rip; b_reg->r_cs = l_reg->cs; b_reg->r_rflags = l_reg->eflags; b_reg->r_rsp = l_reg->rsp; b_reg->r_ss = l_reg->ss; } static int linux_ptrace_peek(struct thread *td, pid_t pid, void *addr, void *data) { int error; error = kern_ptrace(td, PT_READ_I, pid, addr, 0); if (error == 0) error = copyout(td->td_retval, data, sizeof(l_int)); td->td_retval[0] = error; return (error); } static int linux_ptrace_peekuser(struct thread *td, pid_t pid, void *addr, void *data) { linux_msg(td, "PTRACE_PEEKUSER not implemented; returning EINVAL"); return (EINVAL); } static int linux_ptrace_pokeuser(struct thread *td, pid_t pid, void *addr, void *data) { linux_msg(td, "PTRACE_POKEUSER not implemented; returning EINVAL"); return (EINVAL); } static int linux_ptrace_setoptions(struct thread *td, pid_t pid, l_ulong data) { struct linux_pemuldata *pem; int mask; mask = 0; if (data & ~LINUX_PTRACE_O_MASK) { linux_msg(td, "unknown ptrace option %lx set; " "returning EINVAL", data & ~LINUX_PTRACE_O_MASK); return (EINVAL); } pem = pem_find(td->td_proc); KASSERT(pem != NULL, ("%s: proc emuldata not found.\n", __func__)); /* * PTRACE_O_EXITKILL is ignored, we do that by default. */ LINUX_PEM_XLOCK(pem); if (data & LINUX_PTRACE_O_TRACESYSGOOD) { pem->ptrace_flags |= LINUX_PTRACE_O_TRACESYSGOOD; } else { pem->ptrace_flags &= ~LINUX_PTRACE_O_TRACESYSGOOD; } LINUX_PEM_XUNLOCK(pem); if (data & LINUX_PTRACE_O_TRACEFORK) mask |= PTRACE_FORK; if (data & LINUX_PTRACE_O_TRACEVFORK) mask |= PTRACE_VFORK; if (data & LINUX_PTRACE_O_TRACECLONE) mask |= PTRACE_VFORK; if (data & LINUX_PTRACE_O_TRACEEXEC) mask |= PTRACE_EXEC; if (data & LINUX_PTRACE_O_TRACEVFORKDONE) mask |= PTRACE_VFORK; /* XXX: Close enough? */ if (data & LINUX_PTRACE_O_TRACEEXIT) { pem->ptrace_flags |= LINUX_PTRACE_O_TRACEEXIT; } else { pem->ptrace_flags &= ~LINUX_PTRACE_O_TRACEEXIT; } return (kern_ptrace(td, PT_SET_EVENT_MASK, pid, &mask, sizeof(mask))); } static int linux_ptrace_getsiginfo(struct thread *td, pid_t pid, l_ulong data) { struct ptrace_lwpinfo lwpinfo; l_siginfo_t l_siginfo; int error, sig; error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo)); if (error != 0) { linux_msg(td, "PT_LWPINFO failed with error %d", error); return (error); } if ((lwpinfo.pl_flags & PL_FLAG_SI) == 0) { error = EINVAL; linux_msg(td, "no PL_FLAG_SI, returning %d", error); return (error); } sig = bsd_to_linux_signal(lwpinfo.pl_siginfo.si_signo); siginfo_to_lsiginfo(&lwpinfo.pl_siginfo, &l_siginfo, sig); error = copyout(&l_siginfo, (void *)data, sizeof(l_siginfo)); return (error); } static int linux_ptrace_getregs(struct thread *td, pid_t pid, void *data) { struct ptrace_lwpinfo lwpinfo; struct reg b_reg; struct linux_pt_reg l_reg; int error; error = kern_ptrace(td, PT_GETREGS, pid, &b_reg, 0); if (error != 0) return (error); map_regs_to_linux(&b_reg, &l_reg); error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo)); if (error != 0) { linux_msg(td, "PT_LWPINFO failed with error %d", error); return (error); } if (lwpinfo.pl_flags & PL_FLAG_SCE) { /* * The strace(1) utility depends on RAX being set to -ENOSYS * on syscall entry; otherwise it loops printing those: * * [ Process PID=928 runs in 64 bit mode. ] * [ Process PID=928 runs in x32 mode. ] */ l_reg.rax = -38; /* -ENOSYS */ /* * Undo the mangling done in exception.S:fast_syscall_common(). */ l_reg.r10 = l_reg.rcx; } error = copyout(&l_reg, (void *)data, sizeof(l_reg)); return (error); } static int linux_ptrace_setregs(struct thread *td, pid_t pid, void *data) { struct reg b_reg; struct linux_pt_reg l_reg; int error; error = copyin(data, &l_reg, sizeof(l_reg)); if (error != 0) return (error); map_regs_from_linux(&b_reg, &l_reg); error = kern_ptrace(td, PT_SETREGS, pid, &b_reg, 0); return (error); } static int linux_ptrace_getregset_prstatus(struct thread *td, pid_t pid, l_ulong data) { struct ptrace_lwpinfo lwpinfo; struct reg b_reg; struct linux_pt_regset l_regset; struct iovec iov; struct pcb *pcb; unsigned long fsbase, gsbase; size_t len; int error; error = copyin((const void *)data, &iov, sizeof(iov)); if (error != 0) { linux_msg(td, "copyin error %d", error); return (error); } error = kern_ptrace(td, PT_GETREGS, pid, &b_reg, 0); if (error != 0) return (error); pcb = td->td_pcb; if (td == curthread) update_pcb_bases(pcb); fsbase = pcb->pcb_fsbase; gsbase = pcb->pcb_gsbase; map_regs_to_linux_regset(&b_reg, fsbase, gsbase, &l_regset); error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo)); if (error != 0) { linux_msg(td, "PT_LWPINFO failed with error %d", error); return (error); } if (lwpinfo.pl_flags & PL_FLAG_SCE) { /* * The strace(1) utility depends on RAX being set to -ENOSYS * on syscall entry; otherwise it loops printing those: * * [ Process PID=928 runs in 64 bit mode. ] * [ Process PID=928 runs in x32 mode. ] */ l_regset.rax = -38; /* -ENOSYS */ /* * Undo the mangling done in exception.S:fast_syscall_common(). */ l_regset.r10 = l_regset.rcx; } len = MIN(iov.iov_len, sizeof(l_regset)); error = copyout(&l_regset, (void *)iov.iov_base, len); if (error != 0) { linux_msg(td, "copyout error %d", error); return (error); } iov.iov_len -= len; error = copyout(&iov, (void *)data, sizeof(iov)); if (error != 0) { linux_msg(td, "iov copyout error %d", error); return (error); } return (error); } static int linux_ptrace_getregset(struct thread *td, pid_t pid, l_ulong addr, l_ulong data) { switch (addr) { case LINUX_NT_PRSTATUS: return (linux_ptrace_getregset_prstatus(td, pid, data)); default: linux_msg(td, "PTRACE_GETREGSET request %ld not implemented; " "returning EINVAL", addr); return (EINVAL); } } static int linux_ptrace_seize(struct thread *td, pid_t pid, l_ulong addr, l_ulong data) { linux_msg(td, "PTRACE_SEIZE not implemented; returning EINVAL"); return (EINVAL); } static int linux_ptrace_get_syscall_info(struct thread *td, pid_t pid, l_ulong addr, l_ulong data) { linux_msg(td, "PTRACE_GET_SYSCALL_INFO not implemented; returning EINVAL"); return (EINVAL); } int linux_ptrace(struct thread *td, struct linux_ptrace_args *uap) { void *addr; pid_t pid; int error, sig; pid = (pid_t)uap->pid; addr = (void *)uap->addr; switch (uap->req) { case LINUX_PTRACE_TRACEME: error = kern_ptrace(td, PT_TRACE_ME, 0, 0, 0); break; case LINUX_PTRACE_PEEKTEXT: case LINUX_PTRACE_PEEKDATA: error = linux_ptrace_peek(td, pid, addr, (void *)uap->data); if (error != 0) return (error); /* * Linux expects this syscall to read 64 bits, not 32. */ error = linux_ptrace_peek(td, pid, (void *)(uap->addr + 4), (void *)(uap->data + 4)); break; case LINUX_PTRACE_PEEKUSER: error = linux_ptrace_peekuser(td, pid, addr, (void *)uap->data); break; case LINUX_PTRACE_POKETEXT: error = kern_ptrace(td, PT_WRITE_I, pid, addr, uap->data); break; case LINUX_PTRACE_POKEDATA: error = kern_ptrace(td, PT_WRITE_D, pid, addr, uap->data); break; case LINUX_PTRACE_POKEUSER: error = linux_ptrace_pokeuser(td, pid, addr, (void *)uap->data); break; case LINUX_PTRACE_CONT: error = map_signum(uap->data, &sig); if (error != 0) break; error = kern_ptrace(td, PT_CONTINUE, pid, (void *)1, sig); break; case LINUX_PTRACE_KILL: error = kern_ptrace(td, PT_KILL, pid, addr, uap->data); break; case LINUX_PTRACE_SINGLESTEP: error = map_signum(uap->data, &sig); if (error != 0) break; error = kern_ptrace(td, PT_STEP, pid, (void *)1, sig); break; case LINUX_PTRACE_GETREGS: error = linux_ptrace_getregs(td, pid, (void *)uap->data); break; case LINUX_PTRACE_SETREGS: error = linux_ptrace_setregs(td, pid, (void *)uap->data); break; case LINUX_PTRACE_ATTACH: error = kern_ptrace(td, PT_ATTACH, pid, addr, uap->data); break; case LINUX_PTRACE_DETACH: error = map_signum(uap->data, &sig); if (error != 0) break; error = kern_ptrace(td, PT_DETACH, pid, (void *)1, sig); break; case LINUX_PTRACE_SYSCALL: error = map_signum(uap->data, &sig); if (error != 0) break; error = kern_ptrace(td, PT_SYSCALL, pid, (void *)1, sig); break; case LINUX_PTRACE_SETOPTIONS: error = linux_ptrace_setoptions(td, pid, uap->data); break; case LINUX_PTRACE_GETSIGINFO: error = linux_ptrace_getsiginfo(td, pid, uap->data); break; case LINUX_PTRACE_GETREGSET: error = linux_ptrace_getregset(td, pid, uap->addr, uap->data); break; case LINUX_PTRACE_SEIZE: error = linux_ptrace_seize(td, pid, uap->addr, uap->data); break; case LINUX_PTRACE_GET_SYSCALL_INFO: error = linux_ptrace_get_syscall_info(td, pid, uap->addr, uap->data); break; default: linux_msg(td, "ptrace(%ld, ...) not implemented; " "returning EINVAL", uap->req); error = EINVAL; break; } return (error); } Index: head/sys/cam/ctl/ctl_frontend_iscsi.c =================================================================== --- head/sys/cam/ctl/ctl_frontend_iscsi.c (revision 367104) +++ head/sys/cam/ctl/ctl_frontend_iscsi.c (revision 367105) @@ -1,3041 +1,3040 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * CTL frontend for the iSCSI protocol. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef ICL_KERNEL_PROXY #include #endif #ifdef ICL_KERNEL_PROXY FEATURE(cfiscsi_kernel_proxy, "iSCSI target built with ICL_KERNEL_PROXY"); #endif static MALLOC_DEFINE(M_CFISCSI, "cfiscsi", "Memory used for CTL iSCSI frontend"); static uma_zone_t cfiscsi_data_wait_zone; SYSCTL_NODE(_kern_cam_ctl, OID_AUTO, iscsi, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "CAM Target Layer iSCSI Frontend"); static int debug = 1; SYSCTL_INT(_kern_cam_ctl_iscsi, OID_AUTO, debug, CTLFLAG_RWTUN, &debug, 1, "Enable debug messages"); static int ping_timeout = 5; SYSCTL_INT(_kern_cam_ctl_iscsi, OID_AUTO, ping_timeout, CTLFLAG_RWTUN, &ping_timeout, 5, "Interval between ping (NOP-Out) requests, in seconds"); static int login_timeout = 60; SYSCTL_INT(_kern_cam_ctl_iscsi, OID_AUTO, login_timeout, CTLFLAG_RWTUN, &login_timeout, 60, "Time to wait for ctld(8) to finish Login Phase, in seconds"); static int maxtags = 256; SYSCTL_INT(_kern_cam_ctl_iscsi, OID_AUTO, maxtags, CTLFLAG_RWTUN, &maxtags, 0, "Max number of requests queued by initiator"); #define CFISCSI_DEBUG(X, ...) \ do { \ if (debug > 1) { \ printf("%s: " X "\n", \ __func__, ## __VA_ARGS__); \ } \ } while (0) #define CFISCSI_WARN(X, ...) \ do { \ if (debug > 0) { \ printf("WARNING: %s: " X "\n", \ __func__, ## __VA_ARGS__); \ } \ } while (0) #define CFISCSI_SESSION_DEBUG(S, X, ...) \ do { \ if (debug > 1) { \ printf("%s: %s (%s): " X "\n", \ __func__, S->cs_initiator_addr, \ S->cs_initiator_name, ## __VA_ARGS__); \ } \ } while (0) #define CFISCSI_SESSION_WARN(S, X, ...) \ do { \ if (debug > 0) { \ printf("WARNING: %s (%s): " X "\n", \ S->cs_initiator_addr, \ S->cs_initiator_name, ## __VA_ARGS__); \ } \ } while (0) #define CFISCSI_SESSION_LOCK(X) mtx_lock(&X->cs_lock) #define CFISCSI_SESSION_UNLOCK(X) mtx_unlock(&X->cs_lock) #define CFISCSI_SESSION_LOCK_ASSERT(X) mtx_assert(&X->cs_lock, MA_OWNED) #define CONN_SESSION(X) ((struct cfiscsi_session *)(X)->ic_prv0) #define PDU_SESSION(X) CONN_SESSION((X)->ip_conn) struct cfiscsi_priv { void *request; uint32_t expdatasn; uint32_t r2tsn; }; #define PRIV(io) \ ((struct cfiscsi_priv *)&(io)->io_hdr.ctl_private[CTL_PRIV_FRONTEND]) #define PRIV_REQUEST(io) PRIV(io)->request #define PRIV_EXPDATASN(io) PRIV(io)->expdatasn #define PRIV_R2TSN(io) PRIV(io)->r2tsn static int cfiscsi_init(void); static int cfiscsi_shutdown(void); static void cfiscsi_online(void *arg); static void cfiscsi_offline(void *arg); static int cfiscsi_info(void *arg, struct sbuf *sb); static int cfiscsi_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td); static void cfiscsi_datamove(union ctl_io *io); static void cfiscsi_datamove_in(union ctl_io *io); static void cfiscsi_datamove_out(union ctl_io *io); static void cfiscsi_done(union ctl_io *io); static bool cfiscsi_pdu_update_cmdsn(const struct icl_pdu *request); static void cfiscsi_pdu_handle_nop_out(struct icl_pdu *request); static void cfiscsi_pdu_handle_scsi_command(struct icl_pdu *request); static void cfiscsi_pdu_handle_task_request(struct icl_pdu *request); static void cfiscsi_pdu_handle_data_out(struct icl_pdu *request); static void cfiscsi_pdu_handle_logout_request(struct icl_pdu *request); static void cfiscsi_session_terminate(struct cfiscsi_session *cs); static struct cfiscsi_data_wait *cfiscsi_data_wait_new( struct cfiscsi_session *cs, union ctl_io *io, uint32_t initiator_task_tag, uint32_t *target_transfer_tagp); static void cfiscsi_data_wait_free(struct cfiscsi_session *cs, struct cfiscsi_data_wait *cdw); static struct cfiscsi_target *cfiscsi_target_find(struct cfiscsi_softc *softc, const char *name, uint16_t tag); static struct cfiscsi_target *cfiscsi_target_find_or_create( struct cfiscsi_softc *softc, const char *name, const char *alias, uint16_t tag); static void cfiscsi_target_release(struct cfiscsi_target *ct); static void cfiscsi_session_delete(struct cfiscsi_session *cs); static struct cfiscsi_softc cfiscsi_softc; static struct ctl_frontend cfiscsi_frontend = { .name = "iscsi", .init = cfiscsi_init, .ioctl = cfiscsi_ioctl, .shutdown = cfiscsi_shutdown, }; CTL_FRONTEND_DECLARE(cfiscsi, cfiscsi_frontend); MODULE_DEPEND(cfiscsi, icl, 1, 1, 1); static struct icl_pdu * cfiscsi_pdu_new_response(struct icl_pdu *request, int flags) { return (icl_pdu_new(request->ip_conn, flags)); } static bool cfiscsi_pdu_update_cmdsn(const struct icl_pdu *request) { const struct iscsi_bhs_scsi_command *bhssc; struct cfiscsi_session *cs; uint32_t cmdsn, curcmdsn; cs = PDU_SESSION(request); /* * Every incoming PDU - not just NOP-Out - resets the ping timer. * The purpose of the timeout is to reset the connection when it stalls; * we don't want this to happen when NOP-In or NOP-Out ends up delayed * in some queue. */ cs->cs_timeout = 0; /* * Immediate commands carry cmdsn, but it is neither incremented nor * verified. */ if (request->ip_bhs->bhs_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) return (false); /* * Data-Out PDUs don't contain CmdSN. */ if (request->ip_bhs->bhs_opcode == ISCSI_BHS_OPCODE_SCSI_DATA_OUT) return (false); /* * We're only using fields common for all the request * (initiator -> target) PDUs. */ bhssc = (const struct iscsi_bhs_scsi_command *)request->ip_bhs; curcmdsn = cmdsn = ntohl(bhssc->bhssc_cmdsn); /* * Increment session cmdsn and exit if we received the expected value. */ do { if (atomic_fcmpset_32(&cs->cs_cmdsn, &curcmdsn, cmdsn + 1)) return (false); } while (curcmdsn == cmdsn); /* * The target MUST silently ignore any non-immediate command outside * of this range. */ if (ISCSI_SNLT(cmdsn, curcmdsn) || ISCSI_SNGT(cmdsn, curcmdsn - 1 + maxtags)) { CFISCSI_SESSION_WARN(cs, "received PDU with CmdSN %u, " "while expected %u", cmdsn, curcmdsn); return (true); } /* * We don't support multiple connections now, so any discontinuity in * CmdSN means lost PDUs. Since we don't support PDU retransmission -- * terminate the connection. */ CFISCSI_SESSION_WARN(cs, "received PDU with CmdSN %u, " "while expected %u; dropping connection", cmdsn, curcmdsn); cfiscsi_session_terminate(cs); return (true); } static void cfiscsi_pdu_handle(struct icl_pdu *request) { struct cfiscsi_session *cs; bool ignore; cs = PDU_SESSION(request); ignore = cfiscsi_pdu_update_cmdsn(request); if (ignore) { icl_pdu_free(request); return; } /* * Handle the PDU; this includes e.g. receiving the remaining * part of PDU and submitting the SCSI command to CTL * or queueing a reply. The handling routine is responsible * for freeing the PDU when it's no longer needed. */ switch (request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) { case ISCSI_BHS_OPCODE_NOP_OUT: cfiscsi_pdu_handle_nop_out(request); break; case ISCSI_BHS_OPCODE_SCSI_COMMAND: cfiscsi_pdu_handle_scsi_command(request); break; case ISCSI_BHS_OPCODE_TASK_REQUEST: cfiscsi_pdu_handle_task_request(request); break; case ISCSI_BHS_OPCODE_SCSI_DATA_OUT: cfiscsi_pdu_handle_data_out(request); break; case ISCSI_BHS_OPCODE_LOGOUT_REQUEST: cfiscsi_pdu_handle_logout_request(request); break; default: CFISCSI_SESSION_WARN(cs, "received PDU with unsupported " "opcode 0x%x; dropping connection", request->ip_bhs->bhs_opcode); icl_pdu_free(request); cfiscsi_session_terminate(cs); } } static void cfiscsi_receive_callback(struct icl_pdu *request) { #ifdef ICL_KERNEL_PROXY struct cfiscsi_session *cs; cs = PDU_SESSION(request); if (cs->cs_waiting_for_ctld || cs->cs_login_phase) { if (cs->cs_login_pdu == NULL) cs->cs_login_pdu = request; else icl_pdu_free(request); cv_signal(&cs->cs_login_cv); return; } #endif cfiscsi_pdu_handle(request); } static void cfiscsi_error_callback(struct icl_conn *ic) { struct cfiscsi_session *cs; cs = CONN_SESSION(ic); CFISCSI_SESSION_WARN(cs, "connection error; dropping connection"); cfiscsi_session_terminate(cs); } static int cfiscsi_pdu_prepare(struct icl_pdu *response) { struct cfiscsi_session *cs; struct iscsi_bhs_scsi_response *bhssr; bool advance_statsn = true; uint32_t cmdsn; cs = PDU_SESSION(response); CFISCSI_SESSION_LOCK_ASSERT(cs); /* * We're only using fields common for all the response * (target -> initiator) PDUs. */ bhssr = (struct iscsi_bhs_scsi_response *)response->ip_bhs; /* * 10.8.3: "The StatSN for this connection is not advanced * after this PDU is sent." */ if (bhssr->bhssr_opcode == ISCSI_BHS_OPCODE_R2T) advance_statsn = false; /* * 10.19.2: "However, when the Initiator Task Tag is set to 0xffffffff, * StatSN for the connection is not advanced after this PDU is sent." */ if (bhssr->bhssr_opcode == ISCSI_BHS_OPCODE_NOP_IN && bhssr->bhssr_initiator_task_tag == 0xffffffff) advance_statsn = false; /* * See the comment below - StatSN is not meaningful and must * not be advanced. */ if (bhssr->bhssr_opcode == ISCSI_BHS_OPCODE_SCSI_DATA_IN && (bhssr->bhssr_flags & BHSDI_FLAGS_S) == 0) advance_statsn = false; /* * 10.7.3: "The fields StatSN, Status, and Residual Count * only have meaningful content if the S bit is set to 1." */ if (bhssr->bhssr_opcode != ISCSI_BHS_OPCODE_SCSI_DATA_IN || (bhssr->bhssr_flags & BHSDI_FLAGS_S)) bhssr->bhssr_statsn = htonl(cs->cs_statsn); cmdsn = cs->cs_cmdsn; bhssr->bhssr_expcmdsn = htonl(cmdsn); bhssr->bhssr_maxcmdsn = htonl(cmdsn - 1 + imax(0, maxtags - cs->cs_outstanding_ctl_pdus)); if (advance_statsn) cs->cs_statsn++; return (0); } static void cfiscsi_pdu_queue(struct icl_pdu *response) { struct cfiscsi_session *cs; cs = PDU_SESSION(response); CFISCSI_SESSION_LOCK(cs); cfiscsi_pdu_prepare(response); icl_pdu_queue(response); CFISCSI_SESSION_UNLOCK(cs); } static void cfiscsi_pdu_queue_cb(struct icl_pdu *response, icl_pdu_cb cb) { struct cfiscsi_session *cs = PDU_SESSION(response); CFISCSI_SESSION_LOCK(cs); cfiscsi_pdu_prepare(response); icl_pdu_queue_cb(response, cb); CFISCSI_SESSION_UNLOCK(cs); } static void cfiscsi_pdu_handle_nop_out(struct icl_pdu *request) { struct cfiscsi_session *cs; struct iscsi_bhs_nop_out *bhsno; struct iscsi_bhs_nop_in *bhsni; struct icl_pdu *response; void *data = NULL; size_t datasize; int error; cs = PDU_SESSION(request); bhsno = (struct iscsi_bhs_nop_out *)request->ip_bhs; if (bhsno->bhsno_initiator_task_tag == 0xffffffff) { /* * Nothing to do, iscsi_pdu_update_statsn() already * zeroed the timeout. */ icl_pdu_free(request); return; } datasize = icl_pdu_data_segment_length(request); if (datasize > 0) { data = malloc(datasize, M_CFISCSI, M_NOWAIT | M_ZERO); if (data == NULL) { CFISCSI_SESSION_WARN(cs, "failed to allocate memory; " "dropping connection"); icl_pdu_free(request); cfiscsi_session_terminate(cs); return; } icl_pdu_get_data(request, 0, data, datasize); } response = cfiscsi_pdu_new_response(request, M_NOWAIT); if (response == NULL) { CFISCSI_SESSION_WARN(cs, "failed to allocate memory; " "droppping connection"); free(data, M_CFISCSI); icl_pdu_free(request); cfiscsi_session_terminate(cs); return; } bhsni = (struct iscsi_bhs_nop_in *)response->ip_bhs; bhsni->bhsni_opcode = ISCSI_BHS_OPCODE_NOP_IN; bhsni->bhsni_flags = 0x80; bhsni->bhsni_initiator_task_tag = bhsno->bhsno_initiator_task_tag; bhsni->bhsni_target_transfer_tag = 0xffffffff; if (datasize > 0) { error = icl_pdu_append_data(response, data, datasize, M_NOWAIT); if (error != 0) { CFISCSI_SESSION_WARN(cs, "failed to allocate memory; " "dropping connection"); free(data, M_CFISCSI); icl_pdu_free(request); icl_pdu_free(response); cfiscsi_session_terminate(cs); return; } free(data, M_CFISCSI); } icl_pdu_free(request); cfiscsi_pdu_queue(response); } static void cfiscsi_pdu_handle_scsi_command(struct icl_pdu *request) { struct iscsi_bhs_scsi_command *bhssc; struct cfiscsi_session *cs; union ctl_io *io; int error; cs = PDU_SESSION(request); bhssc = (struct iscsi_bhs_scsi_command *)request->ip_bhs; //CFISCSI_SESSION_DEBUG(cs, "initiator task tag 0x%x", // bhssc->bhssc_initiator_task_tag); if (request->ip_data_len > 0 && cs->cs_immediate_data == false) { CFISCSI_SESSION_WARN(cs, "unsolicited data with " "ImmediateData=No; dropping connection"); icl_pdu_free(request); cfiscsi_session_terminate(cs); return; } io = ctl_alloc_io(cs->cs_target->ct_port.ctl_pool_ref); ctl_zero_io(io); PRIV_REQUEST(io) = request; io->io_hdr.io_type = CTL_IO_SCSI; io->io_hdr.nexus.initid = cs->cs_ctl_initid; io->io_hdr.nexus.targ_port = cs->cs_target->ct_port.targ_port; io->io_hdr.nexus.targ_lun = ctl_decode_lun(be64toh(bhssc->bhssc_lun)); io->scsiio.priority = (bhssc->bhssc_pri & BHSSC_PRI_MASK) >> BHSSC_PRI_SHIFT; io->scsiio.tag_num = bhssc->bhssc_initiator_task_tag; switch ((bhssc->bhssc_flags & BHSSC_FLAGS_ATTR)) { case BHSSC_FLAGS_ATTR_UNTAGGED: io->scsiio.tag_type = CTL_TAG_UNTAGGED; break; case BHSSC_FLAGS_ATTR_SIMPLE: io->scsiio.tag_type = CTL_TAG_SIMPLE; break; case BHSSC_FLAGS_ATTR_ORDERED: io->scsiio.tag_type = CTL_TAG_ORDERED; break; case BHSSC_FLAGS_ATTR_HOQ: io->scsiio.tag_type = CTL_TAG_HEAD_OF_QUEUE; break; case BHSSC_FLAGS_ATTR_ACA: io->scsiio.tag_type = CTL_TAG_ACA; break; default: io->scsiio.tag_type = CTL_TAG_UNTAGGED; CFISCSI_SESSION_WARN(cs, "unhandled tag type %d", bhssc->bhssc_flags & BHSSC_FLAGS_ATTR); break; } io->scsiio.cdb_len = sizeof(bhssc->bhssc_cdb); /* Which is 16. */ memcpy(io->scsiio.cdb, bhssc->bhssc_cdb, sizeof(bhssc->bhssc_cdb)); refcount_acquire(&cs->cs_outstanding_ctl_pdus); error = ctl_queue(io); if (error != CTL_RETVAL_COMPLETE) { CFISCSI_SESSION_WARN(cs, "ctl_queue() failed; error %d; " "dropping connection", error); ctl_free_io(io); refcount_release(&cs->cs_outstanding_ctl_pdus); icl_pdu_free(request); cfiscsi_session_terminate(cs); } } static void cfiscsi_pdu_handle_task_request(struct icl_pdu *request) { struct iscsi_bhs_task_management_request *bhstmr; struct iscsi_bhs_task_management_response *bhstmr2; struct icl_pdu *response; struct cfiscsi_session *cs; union ctl_io *io; int error; cs = PDU_SESSION(request); bhstmr = (struct iscsi_bhs_task_management_request *)request->ip_bhs; io = ctl_alloc_io(cs->cs_target->ct_port.ctl_pool_ref); ctl_zero_io(io); PRIV_REQUEST(io) = request; io->io_hdr.io_type = CTL_IO_TASK; io->io_hdr.nexus.initid = cs->cs_ctl_initid; io->io_hdr.nexus.targ_port = cs->cs_target->ct_port.targ_port; io->io_hdr.nexus.targ_lun = ctl_decode_lun(be64toh(bhstmr->bhstmr_lun)); io->taskio.tag_type = CTL_TAG_SIMPLE; /* XXX */ switch (bhstmr->bhstmr_function & ~0x80) { case BHSTMR_FUNCTION_ABORT_TASK: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_ABORT_TASK"); #endif io->taskio.task_action = CTL_TASK_ABORT_TASK; io->taskio.tag_num = bhstmr->bhstmr_referenced_task_tag; break; case BHSTMR_FUNCTION_ABORT_TASK_SET: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_ABORT_TASK_SET"); #endif io->taskio.task_action = CTL_TASK_ABORT_TASK_SET; break; case BHSTMR_FUNCTION_CLEAR_TASK_SET: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_CLEAR_TASK_SET"); #endif io->taskio.task_action = CTL_TASK_CLEAR_TASK_SET; break; case BHSTMR_FUNCTION_LOGICAL_UNIT_RESET: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_LOGICAL_UNIT_RESET"); #endif io->taskio.task_action = CTL_TASK_LUN_RESET; break; case BHSTMR_FUNCTION_TARGET_WARM_RESET: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_TARGET_WARM_RESET"); #endif io->taskio.task_action = CTL_TASK_TARGET_RESET; break; case BHSTMR_FUNCTION_TARGET_COLD_RESET: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_TARGET_COLD_RESET"); #endif io->taskio.task_action = CTL_TASK_TARGET_RESET; break; case BHSTMR_FUNCTION_QUERY_TASK: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_QUERY_TASK"); #endif io->taskio.task_action = CTL_TASK_QUERY_TASK; io->taskio.tag_num = bhstmr->bhstmr_referenced_task_tag; break; case BHSTMR_FUNCTION_QUERY_TASK_SET: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_QUERY_TASK_SET"); #endif io->taskio.task_action = CTL_TASK_QUERY_TASK_SET; break; case BHSTMR_FUNCTION_I_T_NEXUS_RESET: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_I_T_NEXUS_RESET"); #endif io->taskio.task_action = CTL_TASK_I_T_NEXUS_RESET; break; case BHSTMR_FUNCTION_QUERY_ASYNC_EVENT: #if 0 CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_QUERY_ASYNC_EVENT"); #endif io->taskio.task_action = CTL_TASK_QUERY_ASYNC_EVENT; break; default: CFISCSI_SESSION_DEBUG(cs, "unsupported function 0x%x", bhstmr->bhstmr_function & ~0x80); ctl_free_io(io); response = cfiscsi_pdu_new_response(request, M_NOWAIT); if (response == NULL) { CFISCSI_SESSION_WARN(cs, "failed to allocate memory; " "dropping connection"); icl_pdu_free(request); cfiscsi_session_terminate(cs); return; } bhstmr2 = (struct iscsi_bhs_task_management_response *) response->ip_bhs; bhstmr2->bhstmr_opcode = ISCSI_BHS_OPCODE_TASK_RESPONSE; bhstmr2->bhstmr_flags = 0x80; bhstmr2->bhstmr_response = BHSTMR_RESPONSE_FUNCTION_NOT_SUPPORTED; bhstmr2->bhstmr_initiator_task_tag = bhstmr->bhstmr_initiator_task_tag; icl_pdu_free(request); cfiscsi_pdu_queue(response); return; } refcount_acquire(&cs->cs_outstanding_ctl_pdus); error = ctl_queue(io); if (error != CTL_RETVAL_COMPLETE) { CFISCSI_SESSION_WARN(cs, "ctl_queue() failed; error %d; " "dropping connection", error); ctl_free_io(io); refcount_release(&cs->cs_outstanding_ctl_pdus); icl_pdu_free(request); cfiscsi_session_terminate(cs); } } static bool cfiscsi_handle_data_segment(struct icl_pdu *request, struct cfiscsi_data_wait *cdw) { struct iscsi_bhs_data_out *bhsdo; struct cfiscsi_session *cs; struct ctl_sg_entry ctl_sg_entry, *ctl_sglist; size_t copy_len, len, off, buffer_offset; int ctl_sg_count; union ctl_io *io; cs = PDU_SESSION(request); KASSERT((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_SCSI_DATA_OUT || (request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_SCSI_COMMAND, ("bad opcode 0x%x", request->ip_bhs->bhs_opcode)); /* * We're only using fields common for Data-Out and SCSI Command PDUs. */ bhsdo = (struct iscsi_bhs_data_out *)request->ip_bhs; io = cdw->cdw_ctl_io; KASSERT((io->io_hdr.flags & CTL_FLAG_DATA_MASK) != CTL_FLAG_DATA_IN, ("CTL_FLAG_DATA_IN")); #if 0 CFISCSI_SESSION_DEBUG(cs, "received %zd bytes out of %d", request->ip_data_len, io->scsiio.kern_total_len); #endif if (io->scsiio.kern_sg_entries > 0) { ctl_sglist = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr; ctl_sg_count = io->scsiio.kern_sg_entries; } else { ctl_sglist = &ctl_sg_entry; ctl_sglist->addr = io->scsiio.kern_data_ptr; ctl_sglist->len = io->scsiio.kern_data_len; ctl_sg_count = 1; } if ((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_SCSI_DATA_OUT) buffer_offset = ntohl(bhsdo->bhsdo_buffer_offset); else buffer_offset = 0; len = icl_pdu_data_segment_length(request); /* * Make sure the offset, as sent by the initiator, matches the offset * we're supposed to be at in the scatter-gather list. */ if (buffer_offset > io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled || buffer_offset + len <= io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled) { CFISCSI_SESSION_WARN(cs, "received bad buffer offset %zd, " "expected %zd; dropping connection", buffer_offset, (size_t)io->scsiio.kern_rel_offset + (size_t)io->scsiio.ext_data_filled); ctl_set_data_phase_error(&io->scsiio); cfiscsi_session_terminate(cs); return (true); } /* * This is the offset within the PDU data segment, as opposed * to buffer_offset, which is the offset within the task (SCSI * command). */ off = io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled - buffer_offset; /* * Iterate over the scatter/gather segments, filling them with data * from the PDU data segment. Note that this can get called multiple * times for one SCSI command; the cdw structure holds state for the * scatter/gather list. */ for (;;) { KASSERT(cdw->cdw_sg_index < ctl_sg_count, ("cdw->cdw_sg_index >= ctl_sg_count")); if (cdw->cdw_sg_len == 0) { cdw->cdw_sg_addr = ctl_sglist[cdw->cdw_sg_index].addr; cdw->cdw_sg_len = ctl_sglist[cdw->cdw_sg_index].len; } KASSERT(off <= len, ("len > off")); copy_len = len - off; if (copy_len > cdw->cdw_sg_len) copy_len = cdw->cdw_sg_len; icl_pdu_get_data(request, off, cdw->cdw_sg_addr, copy_len); cdw->cdw_sg_addr += copy_len; cdw->cdw_sg_len -= copy_len; off += copy_len; io->scsiio.ext_data_filled += copy_len; io->scsiio.kern_data_resid -= copy_len; if (cdw->cdw_sg_len == 0) { /* * End of current segment. */ if (cdw->cdw_sg_index == ctl_sg_count - 1) { /* * Last segment in scatter/gather list. */ break; } cdw->cdw_sg_index++; } if (off == len) { /* * End of PDU payload. */ break; } } if (len > off) { /* * In case of unsolicited data, it's possible that the buffer * provided by CTL is smaller than negotiated FirstBurstLength. * Just ignore the superfluous data; will ask for them with R2T * on next call to cfiscsi_datamove(). * * This obviously can only happen with SCSI Command PDU. */ if ((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_SCSI_COMMAND) return (true); CFISCSI_SESSION_WARN(cs, "received too much data: got %zd bytes, " "expected %zd; dropping connection", icl_pdu_data_segment_length(request), off); ctl_set_data_phase_error(&io->scsiio); cfiscsi_session_terminate(cs); return (true); } if (io->scsiio.ext_data_filled == cdw->cdw_r2t_end && (bhsdo->bhsdo_flags & BHSDO_FLAGS_F) == 0) { CFISCSI_SESSION_WARN(cs, "got the final packet without " "the F flag; flags = 0x%x; dropping connection", bhsdo->bhsdo_flags); ctl_set_data_phase_error(&io->scsiio); cfiscsi_session_terminate(cs); return (true); } if (io->scsiio.ext_data_filled != cdw->cdw_r2t_end && (bhsdo->bhsdo_flags & BHSDO_FLAGS_F) != 0) { if ((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_SCSI_DATA_OUT) { CFISCSI_SESSION_WARN(cs, "got the final packet, but the " "transmitted size was %zd bytes instead of %d; " "dropping connection", (size_t)io->scsiio.ext_data_filled, cdw->cdw_r2t_end); ctl_set_data_phase_error(&io->scsiio); cfiscsi_session_terminate(cs); return (true); } else { /* * For SCSI Command PDU, this just means we need to * solicit more data by sending R2T. */ return (false); } } if (io->scsiio.ext_data_filled == cdw->cdw_r2t_end) { #if 0 CFISCSI_SESSION_DEBUG(cs, "no longer expecting Data-Out with target " "transfer tag 0x%x", cdw->cdw_target_transfer_tag); #endif return (true); } return (false); } static void cfiscsi_pdu_handle_data_out(struct icl_pdu *request) { struct iscsi_bhs_data_out *bhsdo; struct cfiscsi_session *cs; struct cfiscsi_data_wait *cdw = NULL; union ctl_io *io; bool done; cs = PDU_SESSION(request); bhsdo = (struct iscsi_bhs_data_out *)request->ip_bhs; CFISCSI_SESSION_LOCK(cs); TAILQ_FOREACH(cdw, &cs->cs_waiting_for_data_out, cdw_next) { #if 0 CFISCSI_SESSION_DEBUG(cs, "have ttt 0x%x, itt 0x%x; looking for " "ttt 0x%x, itt 0x%x", bhsdo->bhsdo_target_transfer_tag, bhsdo->bhsdo_initiator_task_tag, cdw->cdw_target_transfer_tag, cdw->cdw_initiator_task_tag)); #endif if (bhsdo->bhsdo_target_transfer_tag == cdw->cdw_target_transfer_tag) break; } CFISCSI_SESSION_UNLOCK(cs); if (cdw == NULL) { CFISCSI_SESSION_WARN(cs, "data transfer tag 0x%x, initiator task tag " "0x%x, not found; dropping connection", bhsdo->bhsdo_target_transfer_tag, bhsdo->bhsdo_initiator_task_tag); icl_pdu_free(request); cfiscsi_session_terminate(cs); return; } if (cdw->cdw_datasn != ntohl(bhsdo->bhsdo_datasn)) { CFISCSI_SESSION_WARN(cs, "received Data-Out PDU with " "DataSN %u, while expected %u; dropping connection", ntohl(bhsdo->bhsdo_datasn), cdw->cdw_datasn); icl_pdu_free(request); cfiscsi_session_terminate(cs); return; } cdw->cdw_datasn++; io = cdw->cdw_ctl_io; KASSERT((io->io_hdr.flags & CTL_FLAG_DATA_MASK) != CTL_FLAG_DATA_IN, ("CTL_FLAG_DATA_IN")); done = cfiscsi_handle_data_segment(request, cdw); if (done) { CFISCSI_SESSION_LOCK(cs); TAILQ_REMOVE(&cs->cs_waiting_for_data_out, cdw, cdw_next); CFISCSI_SESSION_UNLOCK(cs); done = (io->scsiio.ext_data_filled != cdw->cdw_r2t_end || io->scsiio.ext_data_filled == io->scsiio.kern_data_len); cfiscsi_data_wait_free(cs, cdw); io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG; if (done) io->scsiio.be_move_done(io); else cfiscsi_datamove_out(io); } icl_pdu_free(request); } static void cfiscsi_pdu_handle_logout_request(struct icl_pdu *request) { struct iscsi_bhs_logout_request *bhslr; struct iscsi_bhs_logout_response *bhslr2; struct icl_pdu *response; struct cfiscsi_session *cs; cs = PDU_SESSION(request); bhslr = (struct iscsi_bhs_logout_request *)request->ip_bhs; switch (bhslr->bhslr_reason & 0x7f) { case BHSLR_REASON_CLOSE_SESSION: case BHSLR_REASON_CLOSE_CONNECTION: response = cfiscsi_pdu_new_response(request, M_NOWAIT); if (response == NULL) { CFISCSI_SESSION_DEBUG(cs, "failed to allocate memory"); icl_pdu_free(request); cfiscsi_session_terminate(cs); return; } bhslr2 = (struct iscsi_bhs_logout_response *)response->ip_bhs; bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE; bhslr2->bhslr_flags = 0x80; bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY; bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag; icl_pdu_free(request); cfiscsi_pdu_queue(response); cfiscsi_session_terminate(cs); break; case BHSLR_REASON_REMOVE_FOR_RECOVERY: response = cfiscsi_pdu_new_response(request, M_NOWAIT); if (response == NULL) { CFISCSI_SESSION_WARN(cs, "failed to allocate memory; dropping connection"); icl_pdu_free(request); cfiscsi_session_terminate(cs); return; } bhslr2 = (struct iscsi_bhs_logout_response *)response->ip_bhs; bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE; bhslr2->bhslr_flags = 0x80; bhslr2->bhslr_response = BHSLR_RESPONSE_RECOVERY_NOT_SUPPORTED; bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag; icl_pdu_free(request); cfiscsi_pdu_queue(response); break; default: CFISCSI_SESSION_WARN(cs, "invalid reason 0%x; dropping connection", bhslr->bhslr_reason); icl_pdu_free(request); cfiscsi_session_terminate(cs); break; } } static void cfiscsi_callout(void *context) { struct icl_pdu *cp; struct iscsi_bhs_nop_in *bhsni; struct cfiscsi_session *cs; cs = context; if (cs->cs_terminating) return; callout_schedule(&cs->cs_callout, 1 * hz); atomic_add_int(&cs->cs_timeout, 1); #ifdef ICL_KERNEL_PROXY if (cs->cs_waiting_for_ctld || cs->cs_login_phase) { if (login_timeout > 0 && cs->cs_timeout > login_timeout) { CFISCSI_SESSION_WARN(cs, "login timed out after " "%d seconds; dropping connection", cs->cs_timeout); cfiscsi_session_terminate(cs); } return; } #endif if (ping_timeout <= 0) { /* * Pings are disabled. Don't send NOP-In in this case; * user might have disabled pings to work around problems * with certain initiators that can't properly handle * NOP-In, such as iPXE. Reset the timeout, to avoid * triggering reconnection, should the user decide to * reenable them. */ cs->cs_timeout = 0; return; } if (cs->cs_timeout >= ping_timeout) { CFISCSI_SESSION_WARN(cs, "no ping reply (NOP-Out) after %d seconds; " "dropping connection", ping_timeout); cfiscsi_session_terminate(cs); return; } /* * If the ping was reset less than one second ago - which means * that we've received some PDU during the last second - assume * the traffic flows correctly and don't bother sending a NOP-Out. * * (It's 2 - one for one second, and one for incrementing is_timeout * earlier in this routine.) */ if (cs->cs_timeout < 2) return; cp = icl_pdu_new(cs->cs_conn, M_NOWAIT); if (cp == NULL) { CFISCSI_SESSION_WARN(cs, "failed to allocate memory"); return; } bhsni = (struct iscsi_bhs_nop_in *)cp->ip_bhs; bhsni->bhsni_opcode = ISCSI_BHS_OPCODE_NOP_IN; bhsni->bhsni_flags = 0x80; bhsni->bhsni_initiator_task_tag = 0xffffffff; cfiscsi_pdu_queue(cp); } static struct cfiscsi_data_wait * cfiscsi_data_wait_new(struct cfiscsi_session *cs, union ctl_io *io, uint32_t initiator_task_tag, uint32_t *target_transfer_tagp) { struct cfiscsi_data_wait *cdw; int error; cdw = uma_zalloc(cfiscsi_data_wait_zone, M_NOWAIT | M_ZERO); if (cdw == NULL) { CFISCSI_SESSION_WARN(cs, "failed to allocate %zd bytes", sizeof(*cdw)); return (NULL); } error = icl_conn_transfer_setup(cs->cs_conn, io, target_transfer_tagp, &cdw->cdw_icl_prv); if (error != 0) { CFISCSI_SESSION_WARN(cs, "icl_conn_transfer_setup() failed with error %d", error); uma_zfree(cfiscsi_data_wait_zone, cdw); return (NULL); } cdw->cdw_ctl_io = io; cdw->cdw_target_transfer_tag = *target_transfer_tagp; cdw->cdw_initiator_task_tag = initiator_task_tag; return (cdw); } static void cfiscsi_data_wait_free(struct cfiscsi_session *cs, struct cfiscsi_data_wait *cdw) { icl_conn_transfer_done(cs->cs_conn, cdw->cdw_icl_prv); uma_zfree(cfiscsi_data_wait_zone, cdw); } static void cfiscsi_session_terminate_tasks(struct cfiscsi_session *cs) { struct cfiscsi_data_wait *cdw; union ctl_io *io; int error, last, wait; if (cs->cs_target == NULL) return; /* No target yet, so nothing to do. */ io = ctl_alloc_io(cs->cs_target->ct_port.ctl_pool_ref); ctl_zero_io(io); PRIV_REQUEST(io) = cs; io->io_hdr.io_type = CTL_IO_TASK; io->io_hdr.nexus.initid = cs->cs_ctl_initid; io->io_hdr.nexus.targ_port = cs->cs_target->ct_port.targ_port; io->io_hdr.nexus.targ_lun = 0; io->taskio.tag_type = CTL_TAG_SIMPLE; /* XXX */ io->taskio.task_action = CTL_TASK_I_T_NEXUS_RESET; wait = cs->cs_outstanding_ctl_pdus; refcount_acquire(&cs->cs_outstanding_ctl_pdus); error = ctl_queue(io); if (error != CTL_RETVAL_COMPLETE) { CFISCSI_SESSION_WARN(cs, "ctl_queue() failed; error %d", error); refcount_release(&cs->cs_outstanding_ctl_pdus); ctl_free_io(io); } CFISCSI_SESSION_LOCK(cs); while ((cdw = TAILQ_FIRST(&cs->cs_waiting_for_data_out)) != NULL) { TAILQ_REMOVE(&cs->cs_waiting_for_data_out, cdw, cdw_next); CFISCSI_SESSION_UNLOCK(cs); /* * Set nonzero port status; this prevents backends from * assuming that the data transfer actually succeeded * and writing uninitialized data to disk. */ cdw->cdw_ctl_io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG; cdw->cdw_ctl_io->scsiio.io_hdr.port_status = 42; cdw->cdw_ctl_io->scsiio.be_move_done(cdw->cdw_ctl_io); cfiscsi_data_wait_free(cs, cdw); CFISCSI_SESSION_LOCK(cs); } CFISCSI_SESSION_UNLOCK(cs); /* * Wait for CTL to terminate all the tasks. */ if (wait > 0) CFISCSI_SESSION_WARN(cs, "waiting for CTL to terminate %d tasks", wait); for (;;) { refcount_acquire(&cs->cs_outstanding_ctl_pdus); last = refcount_release(&cs->cs_outstanding_ctl_pdus); if (last != 0) break; tsleep(__DEVOLATILE(void *, &cs->cs_outstanding_ctl_pdus), 0, "cfiscsi_terminate", hz / 100); } if (wait > 0) CFISCSI_SESSION_WARN(cs, "tasks terminated"); } static void cfiscsi_maintenance_thread(void *arg) { struct cfiscsi_session *cs; cs = arg; for (;;) { CFISCSI_SESSION_LOCK(cs); if (cs->cs_terminating == false || cs->cs_handoff_in_progress) cv_wait(&cs->cs_maintenance_cv, &cs->cs_lock); CFISCSI_SESSION_UNLOCK(cs); if (cs->cs_terminating && cs->cs_handoff_in_progress == false) { /* * We used to wait up to 30 seconds to deliver queued * PDUs to the initiator. We also tried hard to deliver * SCSI Responses for the aborted PDUs. We don't do * that anymore. We might need to revisit that. */ callout_drain(&cs->cs_callout); icl_conn_close(cs->cs_conn); /* * At this point ICL receive thread is no longer * running; no new tasks can be queued. */ cfiscsi_session_terminate_tasks(cs); cfiscsi_session_delete(cs); kthread_exit(); return; } CFISCSI_SESSION_DEBUG(cs, "nothing to do"); } } static void cfiscsi_session_terminate(struct cfiscsi_session *cs) { cs->cs_terminating = true; cv_signal(&cs->cs_maintenance_cv); #ifdef ICL_KERNEL_PROXY cv_signal(&cs->cs_login_cv); #endif } static int cfiscsi_session_register_initiator(struct cfiscsi_session *cs) { struct cfiscsi_target *ct; char *name; int i; KASSERT(cs->cs_ctl_initid == -1, ("already registered")); ct = cs->cs_target; name = strdup(cs->cs_initiator_id, M_CTL); i = ctl_add_initiator(&ct->ct_port, -1, 0, name); if (i < 0) { CFISCSI_SESSION_WARN(cs, "ctl_add_initiator failed with error %d", i); cs->cs_ctl_initid = -1; return (1); } cs->cs_ctl_initid = i; #if 0 CFISCSI_SESSION_DEBUG(cs, "added initiator id %d", i); #endif return (0); } static void cfiscsi_session_unregister_initiator(struct cfiscsi_session *cs) { int error; if (cs->cs_ctl_initid == -1) return; error = ctl_remove_initiator(&cs->cs_target->ct_port, cs->cs_ctl_initid); if (error != 0) { CFISCSI_SESSION_WARN(cs, "ctl_remove_initiator failed with error %d", error); } cs->cs_ctl_initid = -1; } static struct cfiscsi_session * cfiscsi_session_new(struct cfiscsi_softc *softc, const char *offload) { struct cfiscsi_session *cs; int error; cs = malloc(sizeof(*cs), M_CFISCSI, M_NOWAIT | M_ZERO); if (cs == NULL) { CFISCSI_WARN("malloc failed"); return (NULL); } cs->cs_ctl_initid = -1; refcount_init(&cs->cs_outstanding_ctl_pdus, 0); TAILQ_INIT(&cs->cs_waiting_for_data_out); mtx_init(&cs->cs_lock, "cfiscsi_lock", NULL, MTX_DEF); cv_init(&cs->cs_maintenance_cv, "cfiscsi_mt"); #ifdef ICL_KERNEL_PROXY cv_init(&cs->cs_login_cv, "cfiscsi_login"); #endif /* * The purpose of this is to avoid racing with session shutdown. * Otherwise we could have the maintenance thread call icl_conn_close() * before we call icl_conn_handoff(). */ cs->cs_handoff_in_progress = true; cs->cs_conn = icl_new_conn(offload, false, "cfiscsi", &cs->cs_lock); if (cs->cs_conn == NULL) { free(cs, M_CFISCSI); return (NULL); } cs->cs_conn->ic_receive = cfiscsi_receive_callback; cs->cs_conn->ic_error = cfiscsi_error_callback; cs->cs_conn->ic_prv0 = cs; error = kthread_add(cfiscsi_maintenance_thread, cs, NULL, NULL, 0, 0, "cfiscsimt"); if (error != 0) { CFISCSI_SESSION_WARN(cs, "kthread_add(9) failed with error %d", error); free(cs, M_CFISCSI); return (NULL); } mtx_lock(&softc->lock); cs->cs_id = ++softc->last_session_id; TAILQ_INSERT_TAIL(&softc->sessions, cs, cs_next); mtx_unlock(&softc->lock); /* * Start pinging the initiator. */ callout_init(&cs->cs_callout, 1); callout_reset(&cs->cs_callout, 1 * hz, cfiscsi_callout, cs); return (cs); } static void cfiscsi_session_delete(struct cfiscsi_session *cs) { struct cfiscsi_softc *softc; softc = &cfiscsi_softc; KASSERT(cs->cs_outstanding_ctl_pdus == 0, ("destroying session with outstanding CTL pdus")); KASSERT(TAILQ_EMPTY(&cs->cs_waiting_for_data_out), ("destroying session with non-empty queue")); mtx_lock(&softc->lock); TAILQ_REMOVE(&softc->sessions, cs, cs_next); mtx_unlock(&softc->lock); cfiscsi_session_unregister_initiator(cs); if (cs->cs_target != NULL) cfiscsi_target_release(cs->cs_target); icl_conn_close(cs->cs_conn); icl_conn_free(cs->cs_conn); free(cs, M_CFISCSI); cv_signal(&softc->sessions_cv); } static int cfiscsi_init(void) { struct cfiscsi_softc *softc; softc = &cfiscsi_softc; bzero(softc, sizeof(*softc)); mtx_init(&softc->lock, "cfiscsi", NULL, MTX_DEF); cv_init(&softc->sessions_cv, "cfiscsi_sessions"); #ifdef ICL_KERNEL_PROXY cv_init(&softc->accept_cv, "cfiscsi_accept"); #endif TAILQ_INIT(&softc->sessions); TAILQ_INIT(&softc->targets); cfiscsi_data_wait_zone = uma_zcreate("cfiscsi_data_wait", sizeof(struct cfiscsi_data_wait), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); return (0); } static int cfiscsi_shutdown(void) { struct cfiscsi_softc *softc = &cfiscsi_softc; if (!TAILQ_EMPTY(&softc->sessions) || !TAILQ_EMPTY(&softc->targets)) return (EBUSY); uma_zdestroy(cfiscsi_data_wait_zone); #ifdef ICL_KERNEL_PROXY cv_destroy(&softc->accept_cv); #endif cv_destroy(&softc->sessions_cv); mtx_destroy(&softc->lock); return (0); } #ifdef ICL_KERNEL_PROXY static void cfiscsi_accept(struct socket *so, struct sockaddr *sa, int portal_id) { struct cfiscsi_session *cs; cs = cfiscsi_session_new(&cfiscsi_softc, NULL); if (cs == NULL) { CFISCSI_WARN("failed to create session"); return; } icl_conn_handoff_sock(cs->cs_conn, so); cs->cs_initiator_sa = sa; cs->cs_portal_id = portal_id; cs->cs_handoff_in_progress = false; cs->cs_waiting_for_ctld = true; cv_signal(&cfiscsi_softc.accept_cv); CFISCSI_SESSION_LOCK(cs); /* * Wake up the maintenance thread if we got scheduled for termination * somewhere between cfiscsi_session_new() and icl_conn_handoff_sock(). */ if (cs->cs_terminating) cfiscsi_session_terminate(cs); CFISCSI_SESSION_UNLOCK(cs); } #endif static void cfiscsi_online(void *arg) { struct cfiscsi_softc *softc; struct cfiscsi_target *ct; int online; ct = (struct cfiscsi_target *)arg; softc = ct->ct_softc; mtx_lock(&softc->lock); if (ct->ct_online) { mtx_unlock(&softc->lock); return; } ct->ct_online = 1; online = softc->online++; mtx_unlock(&softc->lock); if (online > 0) return; #ifdef ICL_KERNEL_PROXY if (softc->listener != NULL) icl_listen_free(softc->listener); softc->listener = icl_listen_new(cfiscsi_accept); #endif } static void cfiscsi_offline(void *arg) { struct cfiscsi_softc *softc; struct cfiscsi_target *ct; struct cfiscsi_session *cs; int error, online; ct = (struct cfiscsi_target *)arg; softc = ct->ct_softc; mtx_lock(&softc->lock); if (!ct->ct_online) { mtx_unlock(&softc->lock); return; } ct->ct_online = 0; online = --softc->online; do { TAILQ_FOREACH(cs, &softc->sessions, cs_next) { if (cs->cs_target == ct) cfiscsi_session_terminate(cs); } TAILQ_FOREACH(cs, &softc->sessions, cs_next) { if (cs->cs_target == ct) break; } if (cs != NULL) { error = cv_wait_sig(&softc->sessions_cv, &softc->lock); if (error != 0) { CFISCSI_SESSION_DEBUG(cs, "cv_wait failed with error %d\n", error); break; } } } while (cs != NULL && ct->ct_online == 0); mtx_unlock(&softc->lock); if (online > 0) return; #ifdef ICL_KERNEL_PROXY icl_listen_free(softc->listener); softc->listener = NULL; #endif } static int cfiscsi_info(void *arg, struct sbuf *sb) { struct cfiscsi_target *ct = (struct cfiscsi_target *)arg; int retval; retval = sbuf_printf(sb, "\t%d\n", ct->ct_state); return (retval); } static void cfiscsi_ioctl_handoff(struct ctl_iscsi *ci) { struct cfiscsi_softc *softc; struct cfiscsi_session *cs, *cs2; struct cfiscsi_target *ct; struct ctl_iscsi_handoff_params *cihp; int error; cihp = (struct ctl_iscsi_handoff_params *)&(ci->data); softc = &cfiscsi_softc; CFISCSI_DEBUG("new connection from %s (%s) to %s", cihp->initiator_name, cihp->initiator_addr, cihp->target_name); ct = cfiscsi_target_find(softc, cihp->target_name, cihp->portal_group_tag); if (ct == NULL) { ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "%s: target not found", __func__); return; } #ifdef ICL_KERNEL_PROXY if (cihp->socket > 0 && cihp->connection_id > 0) { snprintf(ci->error_str, sizeof(ci->error_str), "both socket and connection_id set"); ci->status = CTL_ISCSI_ERROR; cfiscsi_target_release(ct); return; } if (cihp->socket == 0) { mtx_lock(&cfiscsi_softc.lock); TAILQ_FOREACH(cs, &cfiscsi_softc.sessions, cs_next) { if (cs->cs_id == cihp->connection_id) break; } if (cs == NULL) { mtx_unlock(&cfiscsi_softc.lock); snprintf(ci->error_str, sizeof(ci->error_str), "connection not found"); ci->status = CTL_ISCSI_ERROR; cfiscsi_target_release(ct); return; } mtx_unlock(&cfiscsi_softc.lock); } else { #endif cs = cfiscsi_session_new(softc, cihp->offload); if (cs == NULL) { ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "%s: cfiscsi_session_new failed", __func__); cfiscsi_target_release(ct); return; } #ifdef ICL_KERNEL_PROXY } #endif /* * First PDU of Full Feature phase has the same CmdSN as the last * PDU from the Login Phase received from the initiator. Thus, * the -1 below. */ cs->cs_cmdsn = cihp->cmdsn; cs->cs_statsn = cihp->statsn; cs->cs_max_recv_data_segment_length = cihp->max_recv_data_segment_length; cs->cs_max_send_data_segment_length = cihp->max_send_data_segment_length; cs->cs_max_burst_length = cihp->max_burst_length; cs->cs_first_burst_length = cihp->first_burst_length; cs->cs_immediate_data = !!cihp->immediate_data; if (cihp->header_digest == CTL_ISCSI_DIGEST_CRC32C) cs->cs_conn->ic_header_crc32c = true; if (cihp->data_digest == CTL_ISCSI_DIGEST_CRC32C) cs->cs_conn->ic_data_crc32c = true; strlcpy(cs->cs_initiator_name, cihp->initiator_name, sizeof(cs->cs_initiator_name)); strlcpy(cs->cs_initiator_addr, cihp->initiator_addr, sizeof(cs->cs_initiator_addr)); strlcpy(cs->cs_initiator_alias, cihp->initiator_alias, sizeof(cs->cs_initiator_alias)); memcpy(cs->cs_initiator_isid, cihp->initiator_isid, sizeof(cs->cs_initiator_isid)); snprintf(cs->cs_initiator_id, sizeof(cs->cs_initiator_id), "%s,i,0x%02x%02x%02x%02x%02x%02x", cs->cs_initiator_name, cihp->initiator_isid[0], cihp->initiator_isid[1], cihp->initiator_isid[2], cihp->initiator_isid[3], cihp->initiator_isid[4], cihp->initiator_isid[5]); mtx_lock(&softc->lock); if (ct->ct_online == 0) { mtx_unlock(&softc->lock); CFISCSI_SESSION_LOCK(cs); cs->cs_handoff_in_progress = false; cfiscsi_session_terminate(cs); CFISCSI_SESSION_UNLOCK(cs); cfiscsi_target_release(ct); ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "%s: port offline", __func__); return; } cs->cs_target = ct; mtx_unlock(&softc->lock); restart: if (!cs->cs_terminating) { mtx_lock(&softc->lock); TAILQ_FOREACH(cs2, &softc->sessions, cs_next) { if (cs2 != cs && cs2->cs_tasks_aborted == false && cs->cs_target == cs2->cs_target && strcmp(cs->cs_initiator_id, cs2->cs_initiator_id) == 0) { if (strcmp(cs->cs_initiator_addr, cs2->cs_initiator_addr) != 0) { CFISCSI_SESSION_WARN(cs2, "session reinstatement from " "different address %s", cs->cs_initiator_addr); } else { CFISCSI_SESSION_DEBUG(cs2, "session reinstatement"); } cfiscsi_session_terminate(cs2); mtx_unlock(&softc->lock); pause("cfiscsi_reinstate", 1); goto restart; } } mtx_unlock(&softc->lock); } /* * Register initiator with CTL. */ cfiscsi_session_register_initiator(cs); #ifdef ICL_KERNEL_PROXY if (cihp->socket > 0) { #endif error = icl_conn_handoff(cs->cs_conn, cihp->socket); if (error != 0) { CFISCSI_SESSION_LOCK(cs); cs->cs_handoff_in_progress = false; cfiscsi_session_terminate(cs); CFISCSI_SESSION_UNLOCK(cs); ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "%s: icl_conn_handoff failed with error %d", __func__, error); return; } #ifdef ICL_KERNEL_PROXY } #endif #ifdef ICL_KERNEL_PROXY cs->cs_login_phase = false; /* * First PDU of the Full Feature phase has likely already arrived. * We have to pick it up and execute properly. */ if (cs->cs_login_pdu != NULL) { CFISCSI_SESSION_DEBUG(cs, "picking up first PDU"); cfiscsi_pdu_handle(cs->cs_login_pdu); cs->cs_login_pdu = NULL; } #endif CFISCSI_SESSION_LOCK(cs); cs->cs_handoff_in_progress = false; /* * Wake up the maintenance thread if we got scheduled for termination. */ if (cs->cs_terminating) cfiscsi_session_terminate(cs); CFISCSI_SESSION_UNLOCK(cs); ci->status = CTL_ISCSI_OK; } static void cfiscsi_ioctl_list(struct ctl_iscsi *ci) { struct ctl_iscsi_list_params *cilp; struct cfiscsi_session *cs; struct cfiscsi_softc *softc; struct sbuf *sb; int error; cilp = (struct ctl_iscsi_list_params *)&(ci->data); softc = &cfiscsi_softc; sb = sbuf_new(NULL, NULL, cilp->alloc_len, SBUF_FIXEDLEN); if (sb == NULL) { ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "Unable to allocate %d bytes for iSCSI session list", cilp->alloc_len); return; } sbuf_printf(sb, "\n"); mtx_lock(&softc->lock); TAILQ_FOREACH(cs, &softc->sessions, cs_next) { if (cs->cs_target == NULL) continue; error = sbuf_printf(sb, "" "%s" "%s" "%s" "%s" "%s" "%u" "%s" "%s" "%d" "%d" "%d" "%d" "%d" "%d" "%s" "\n", cs->cs_id, cs->cs_initiator_name, cs->cs_initiator_addr, cs->cs_initiator_alias, cs->cs_target->ct_name, cs->cs_target->ct_alias, cs->cs_target->ct_tag, cs->cs_conn->ic_header_crc32c ? "CRC32C" : "None", cs->cs_conn->ic_data_crc32c ? "CRC32C" : "None", cs->cs_max_recv_data_segment_length, cs->cs_max_send_data_segment_length, cs->cs_max_burst_length, cs->cs_first_burst_length, cs->cs_immediate_data, cs->cs_conn->ic_iser, cs->cs_conn->ic_offload); if (error != 0) break; } mtx_unlock(&softc->lock); error = sbuf_printf(sb, "\n"); if (error != 0) { sbuf_delete(sb); ci->status = CTL_ISCSI_LIST_NEED_MORE_SPACE; snprintf(ci->error_str, sizeof(ci->error_str), "Out of space, %d bytes is too small", cilp->alloc_len); return; } sbuf_finish(sb); error = copyout(sbuf_data(sb), cilp->conn_xml, sbuf_len(sb) + 1); if (error != 0) { sbuf_delete(sb); snprintf(ci->error_str, sizeof(ci->error_str), "copyout failed with error %d", error); ci->status = CTL_ISCSI_ERROR; return; } cilp->fill_len = sbuf_len(sb) + 1; ci->status = CTL_ISCSI_OK; sbuf_delete(sb); } static void cfiscsi_ioctl_logout(struct ctl_iscsi *ci) { struct icl_pdu *response; struct iscsi_bhs_asynchronous_message *bhsam; struct ctl_iscsi_logout_params *cilp; struct cfiscsi_session *cs; struct cfiscsi_softc *softc; int found = 0; cilp = (struct ctl_iscsi_logout_params *)&(ci->data); softc = &cfiscsi_softc; mtx_lock(&softc->lock); TAILQ_FOREACH(cs, &softc->sessions, cs_next) { if (cilp->all == 0 && cs->cs_id != cilp->connection_id && strcmp(cs->cs_initiator_name, cilp->initiator_name) != 0 && strcmp(cs->cs_initiator_addr, cilp->initiator_addr) != 0) continue; response = icl_pdu_new(cs->cs_conn, M_NOWAIT); if (response == NULL) { ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "Unable to allocate memory"); mtx_unlock(&softc->lock); return; } bhsam = (struct iscsi_bhs_asynchronous_message *)response->ip_bhs; bhsam->bhsam_opcode = ISCSI_BHS_OPCODE_ASYNC_MESSAGE; bhsam->bhsam_flags = 0x80; bhsam->bhsam_async_event = BHSAM_EVENT_TARGET_REQUESTS_LOGOUT; bhsam->bhsam_parameter3 = htons(10); cfiscsi_pdu_queue(response); found++; } mtx_unlock(&softc->lock); if (found == 0) { ci->status = CTL_ISCSI_SESSION_NOT_FOUND; snprintf(ci->error_str, sizeof(ci->error_str), "No matching connections found"); return; } ci->status = CTL_ISCSI_OK; } static void cfiscsi_ioctl_terminate(struct ctl_iscsi *ci) { struct icl_pdu *response; struct iscsi_bhs_asynchronous_message *bhsam; struct ctl_iscsi_terminate_params *citp; struct cfiscsi_session *cs; struct cfiscsi_softc *softc; int found = 0; citp = (struct ctl_iscsi_terminate_params *)&(ci->data); softc = &cfiscsi_softc; mtx_lock(&softc->lock); TAILQ_FOREACH(cs, &softc->sessions, cs_next) { if (citp->all == 0 && cs->cs_id != citp->connection_id && strcmp(cs->cs_initiator_name, citp->initiator_name) != 0 && strcmp(cs->cs_initiator_addr, citp->initiator_addr) != 0) continue; response = icl_pdu_new(cs->cs_conn, M_NOWAIT); if (response == NULL) { /* * Oh well. Just terminate the connection. */ } else { bhsam = (struct iscsi_bhs_asynchronous_message *) response->ip_bhs; bhsam->bhsam_opcode = ISCSI_BHS_OPCODE_ASYNC_MESSAGE; bhsam->bhsam_flags = 0x80; bhsam->bhsam_0xffffffff = 0xffffffff; bhsam->bhsam_async_event = BHSAM_EVENT_TARGET_TERMINATES_SESSION; cfiscsi_pdu_queue(response); } cfiscsi_session_terminate(cs); found++; } mtx_unlock(&softc->lock); if (found == 0) { ci->status = CTL_ISCSI_SESSION_NOT_FOUND; snprintf(ci->error_str, sizeof(ci->error_str), "No matching connections found"); return; } ci->status = CTL_ISCSI_OK; } static void cfiscsi_ioctl_limits(struct ctl_iscsi *ci) { struct ctl_iscsi_limits_params *cilp; struct icl_drv_limits idl; int error; cilp = (struct ctl_iscsi_limits_params *)&(ci->data); error = icl_limits(cilp->offload, false, &idl); if (error != 0) { ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "%s: icl_limits failed with error %d", __func__, error); return; } cilp->max_recv_data_segment_length = idl.idl_max_recv_data_segment_length; cilp->max_send_data_segment_length = idl.idl_max_send_data_segment_length; cilp->max_burst_length = idl.idl_max_burst_length; cilp->first_burst_length = idl.idl_first_burst_length; ci->status = CTL_ISCSI_OK; } #ifdef ICL_KERNEL_PROXY static void cfiscsi_ioctl_listen(struct ctl_iscsi *ci) { struct ctl_iscsi_listen_params *cilp; struct sockaddr *sa; int error; cilp = (struct ctl_iscsi_listen_params *)&(ci->data); if (cfiscsi_softc.listener == NULL) { CFISCSI_DEBUG("no listener"); snprintf(ci->error_str, sizeof(ci->error_str), "no listener"); ci->status = CTL_ISCSI_ERROR; return; } error = getsockaddr(&sa, (void *)cilp->addr, cilp->addrlen); if (error != 0) { CFISCSI_DEBUG("getsockaddr, error %d", error); snprintf(ci->error_str, sizeof(ci->error_str), "getsockaddr failed"); ci->status = CTL_ISCSI_ERROR; return; } error = icl_listen_add(cfiscsi_softc.listener, cilp->iser, cilp->domain, cilp->socktype, cilp->protocol, sa, cilp->portal_id); if (error != 0) { free(sa, M_SONAME); CFISCSI_DEBUG("icl_listen_add, error %d", error); snprintf(ci->error_str, sizeof(ci->error_str), "icl_listen_add failed, error %d", error); ci->status = CTL_ISCSI_ERROR; return; } ci->status = CTL_ISCSI_OK; } static void cfiscsi_ioctl_accept(struct ctl_iscsi *ci) { struct ctl_iscsi_accept_params *ciap; struct cfiscsi_session *cs; int error; ciap = (struct ctl_iscsi_accept_params *)&(ci->data); mtx_lock(&cfiscsi_softc.lock); for (;;) { TAILQ_FOREACH(cs, &cfiscsi_softc.sessions, cs_next) { if (cs->cs_waiting_for_ctld) break; } if (cs != NULL) break; error = cv_wait_sig(&cfiscsi_softc.accept_cv, &cfiscsi_softc.lock); if (error != 0) { mtx_unlock(&cfiscsi_softc.lock); snprintf(ci->error_str, sizeof(ci->error_str), "interrupted"); ci->status = CTL_ISCSI_ERROR; return; } } mtx_unlock(&cfiscsi_softc.lock); cs->cs_waiting_for_ctld = false; cs->cs_login_phase = true; ciap->connection_id = cs->cs_id; ciap->portal_id = cs->cs_portal_id; ciap->initiator_addrlen = cs->cs_initiator_sa->sa_len; error = copyout(cs->cs_initiator_sa, ciap->initiator_addr, cs->cs_initiator_sa->sa_len); if (error != 0) { snprintf(ci->error_str, sizeof(ci->error_str), "copyout failed with error %d", error); ci->status = CTL_ISCSI_ERROR; return; } ci->status = CTL_ISCSI_OK; } static void cfiscsi_ioctl_send(struct ctl_iscsi *ci) { struct ctl_iscsi_send_params *cisp; struct cfiscsi_session *cs; struct icl_pdu *ip; size_t datalen; void *data; int error; cisp = (struct ctl_iscsi_send_params *)&(ci->data); mtx_lock(&cfiscsi_softc.lock); TAILQ_FOREACH(cs, &cfiscsi_softc.sessions, cs_next) { if (cs->cs_id == cisp->connection_id) break; } if (cs == NULL) { mtx_unlock(&cfiscsi_softc.lock); snprintf(ci->error_str, sizeof(ci->error_str), "connection not found"); ci->status = CTL_ISCSI_ERROR; return; } mtx_unlock(&cfiscsi_softc.lock); #if 0 if (cs->cs_login_phase == false) return (EBUSY); #endif if (cs->cs_terminating) { snprintf(ci->error_str, sizeof(ci->error_str), "connection is terminating"); ci->status = CTL_ISCSI_ERROR; return; } datalen = cisp->data_segment_len; /* * XXX */ //if (datalen > CFISCSI_MAX_DATA_SEGMENT_LENGTH) { if (datalen > 65535) { snprintf(ci->error_str, sizeof(ci->error_str), "data segment too big"); ci->status = CTL_ISCSI_ERROR; return; } if (datalen > 0) { data = malloc(datalen, M_CFISCSI, M_WAITOK); error = copyin(cisp->data_segment, data, datalen); if (error != 0) { free(data, M_CFISCSI); snprintf(ci->error_str, sizeof(ci->error_str), "copyin error %d", error); ci->status = CTL_ISCSI_ERROR; return; } } ip = icl_pdu_new(cs->cs_conn, M_WAITOK); memcpy(ip->ip_bhs, cisp->bhs, sizeof(*ip->ip_bhs)); if (datalen > 0) { icl_pdu_append_data(ip, data, datalen, M_WAITOK); free(data, M_CFISCSI); } CFISCSI_SESSION_LOCK(cs); icl_pdu_queue(ip); CFISCSI_SESSION_UNLOCK(cs); ci->status = CTL_ISCSI_OK; } static void cfiscsi_ioctl_receive(struct ctl_iscsi *ci) { struct ctl_iscsi_receive_params *cirp; struct cfiscsi_session *cs; struct icl_pdu *ip; void *data; int error; cirp = (struct ctl_iscsi_receive_params *)&(ci->data); mtx_lock(&cfiscsi_softc.lock); TAILQ_FOREACH(cs, &cfiscsi_softc.sessions, cs_next) { if (cs->cs_id == cirp->connection_id) break; } if (cs == NULL) { mtx_unlock(&cfiscsi_softc.lock); snprintf(ci->error_str, sizeof(ci->error_str), "connection not found"); ci->status = CTL_ISCSI_ERROR; return; } mtx_unlock(&cfiscsi_softc.lock); #if 0 if (is->is_login_phase == false) return (EBUSY); #endif CFISCSI_SESSION_LOCK(cs); while (cs->cs_login_pdu == NULL && cs->cs_terminating == false) { error = cv_wait_sig(&cs->cs_login_cv, &cs->cs_lock); if (error != 0) { CFISCSI_SESSION_UNLOCK(cs); snprintf(ci->error_str, sizeof(ci->error_str), "interrupted by signal"); ci->status = CTL_ISCSI_ERROR; return; } } if (cs->cs_terminating) { CFISCSI_SESSION_UNLOCK(cs); snprintf(ci->error_str, sizeof(ci->error_str), "connection terminating"); ci->status = CTL_ISCSI_ERROR; return; } ip = cs->cs_login_pdu; cs->cs_login_pdu = NULL; CFISCSI_SESSION_UNLOCK(cs); if (ip->ip_data_len > cirp->data_segment_len) { icl_pdu_free(ip); snprintf(ci->error_str, sizeof(ci->error_str), "data segment too big"); ci->status = CTL_ISCSI_ERROR; return; } copyout(ip->ip_bhs, cirp->bhs, sizeof(*ip->ip_bhs)); if (ip->ip_data_len > 0) { data = malloc(ip->ip_data_len, M_CFISCSI, M_WAITOK); icl_pdu_get_data(ip, 0, data, ip->ip_data_len); copyout(data, cirp->data_segment, ip->ip_data_len); free(data, M_CFISCSI); } icl_pdu_free(ip); ci->status = CTL_ISCSI_OK; } #endif /* !ICL_KERNEL_PROXY */ static void cfiscsi_ioctl_port_create(struct ctl_req *req) { struct cfiscsi_target *ct; struct ctl_port *port; const char *target, *alias, *val; struct scsi_vpd_id_descriptor *desc; int retval, len, idlen; uint16_t tag; target = dnvlist_get_string(req->args_nvl, "cfiscsi_target", NULL); alias = dnvlist_get_string(req->args_nvl, "cfiscsi_target_alias", NULL); val = dnvlist_get_string(req->args_nvl, "cfiscsi_portal_group_tag", NULL); if (target == NULL || val == NULL) { req->status = CTL_LUN_ERROR; snprintf(req->error_str, sizeof(req->error_str), "Missing required argument"); return; } tag = strtoul(val, NULL, 0); ct = cfiscsi_target_find_or_create(&cfiscsi_softc, target, alias, tag); if (ct == NULL) { req->status = CTL_LUN_ERROR; snprintf(req->error_str, sizeof(req->error_str), "failed to create target \"%s\"", target); return; } if (ct->ct_state == CFISCSI_TARGET_STATE_ACTIVE) { req->status = CTL_LUN_ERROR; snprintf(req->error_str, sizeof(req->error_str), "target \"%s\" for portal group tag %u already exists", target, tag); cfiscsi_target_release(ct); return; } port = &ct->ct_port; // WAT if (ct->ct_state == CFISCSI_TARGET_STATE_DYING) goto done; port->frontend = &cfiscsi_frontend; port->port_type = CTL_PORT_ISCSI; /* XXX KDM what should the real number be here? */ port->num_requested_ctl_io = 4096; port->port_name = "iscsi"; port->physical_port = (int)tag; port->virtual_port = ct->ct_target_id; port->port_online = cfiscsi_online; port->port_offline = cfiscsi_offline; port->port_info = cfiscsi_info; port->onoff_arg = ct; port->fe_datamove = cfiscsi_datamove; port->fe_done = cfiscsi_done; port->targ_port = -1; port->options = nvlist_clone(req->args_nvl); /* Generate Port ID. */ idlen = strlen(target) + strlen(",t,0x0001") + 1; idlen = roundup2(idlen, 4); len = sizeof(struct scsi_vpd_device_id) + idlen; port->port_devid = malloc(sizeof(struct ctl_devid) + len, M_CTL, M_WAITOK | M_ZERO); port->port_devid->len = len; desc = (struct scsi_vpd_id_descriptor *)port->port_devid->data; desc->proto_codeset = (SCSI_PROTO_ISCSI << 4) | SVPD_ID_CODESET_UTF8; desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT | SVPD_ID_TYPE_SCSI_NAME; desc->length = idlen; snprintf(desc->identifier, idlen, "%s,t,0x%4.4x", target, tag); /* Generate Target ID. */ idlen = strlen(target) + 1; idlen = roundup2(idlen, 4); len = sizeof(struct scsi_vpd_device_id) + idlen; port->target_devid = malloc(sizeof(struct ctl_devid) + len, M_CTL, M_WAITOK | M_ZERO); port->target_devid->len = len; desc = (struct scsi_vpd_id_descriptor *)port->target_devid->data; desc->proto_codeset = (SCSI_PROTO_ISCSI << 4) | SVPD_ID_CODESET_UTF8; desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_TARGET | SVPD_ID_TYPE_SCSI_NAME; desc->length = idlen; strlcpy(desc->identifier, target, idlen); retval = ctl_port_register(port); if (retval != 0) { free(port->port_devid, M_CFISCSI); free(port->target_devid, M_CFISCSI); cfiscsi_target_release(ct); req->status = CTL_LUN_ERROR; snprintf(req->error_str, sizeof(req->error_str), "ctl_port_register() failed with error %d", retval); return; } done: ct->ct_state = CFISCSI_TARGET_STATE_ACTIVE; req->status = CTL_LUN_OK; req->result_nvl = nvlist_create(0); nvlist_add_number(req->result_nvl, "port_id", port->targ_port); } static void cfiscsi_ioctl_port_remove(struct ctl_req *req) { struct cfiscsi_target *ct; const char *target, *val; uint16_t tag; target = dnvlist_get_string(req->args_nvl, "cfiscsi_target", NULL); val = dnvlist_get_string(req->args_nvl, "cfiscsi_portal_group_tag", NULL); if (target == NULL || val == NULL) { req->status = CTL_LUN_ERROR; snprintf(req->error_str, sizeof(req->error_str), "Missing required argument"); return; } tag = strtoul(val, NULL, 0); ct = cfiscsi_target_find(&cfiscsi_softc, target, tag); if (ct == NULL) { req->status = CTL_LUN_ERROR; snprintf(req->error_str, sizeof(req->error_str), "can't find target \"%s\"", target); return; } ct->ct_state = CFISCSI_TARGET_STATE_DYING; ctl_port_offline(&ct->ct_port); cfiscsi_target_release(ct); cfiscsi_target_release(ct); req->status = CTL_LUN_OK; } static int cfiscsi_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td) { struct ctl_iscsi *ci; struct ctl_req *req; if (cmd == CTL_PORT_REQ) { req = (struct ctl_req *)addr; switch (req->reqtype) { case CTL_REQ_CREATE: cfiscsi_ioctl_port_create(req); break; case CTL_REQ_REMOVE: cfiscsi_ioctl_port_remove(req); break; default: req->status = CTL_LUN_ERROR; snprintf(req->error_str, sizeof(req->error_str), "Unsupported request type %d", req->reqtype); } return (0); } if (cmd != CTL_ISCSI) return (ENOTTY); ci = (struct ctl_iscsi *)addr; switch (ci->type) { case CTL_ISCSI_HANDOFF: cfiscsi_ioctl_handoff(ci); break; case CTL_ISCSI_LIST: cfiscsi_ioctl_list(ci); break; case CTL_ISCSI_LOGOUT: cfiscsi_ioctl_logout(ci); break; case CTL_ISCSI_TERMINATE: cfiscsi_ioctl_terminate(ci); break; case CTL_ISCSI_LIMITS: cfiscsi_ioctl_limits(ci); break; #ifdef ICL_KERNEL_PROXY case CTL_ISCSI_LISTEN: cfiscsi_ioctl_listen(ci); break; case CTL_ISCSI_ACCEPT: cfiscsi_ioctl_accept(ci); break; case CTL_ISCSI_SEND: cfiscsi_ioctl_send(ci); break; case CTL_ISCSI_RECEIVE: cfiscsi_ioctl_receive(ci); break; #else case CTL_ISCSI_LISTEN: case CTL_ISCSI_ACCEPT: case CTL_ISCSI_SEND: case CTL_ISCSI_RECEIVE: ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "%s: CTL compiled without ICL_KERNEL_PROXY", __func__); break; #endif /* !ICL_KERNEL_PROXY */ default: ci->status = CTL_ISCSI_ERROR; snprintf(ci->error_str, sizeof(ci->error_str), "%s: invalid iSCSI request type %d", __func__, ci->type); break; } return (0); } static void cfiscsi_target_hold(struct cfiscsi_target *ct) { refcount_acquire(&ct->ct_refcount); } static void cfiscsi_target_release(struct cfiscsi_target *ct) { struct cfiscsi_softc *softc; softc = ct->ct_softc; mtx_lock(&softc->lock); if (refcount_release(&ct->ct_refcount)) { TAILQ_REMOVE(&softc->targets, ct, ct_next); mtx_unlock(&softc->lock); if (ct->ct_state != CFISCSI_TARGET_STATE_INVALID) { ct->ct_state = CFISCSI_TARGET_STATE_INVALID; if (ctl_port_deregister(&ct->ct_port) != 0) printf("%s: ctl_port_deregister() failed\n", __func__); } free(ct, M_CFISCSI); return; } mtx_unlock(&softc->lock); } static struct cfiscsi_target * cfiscsi_target_find(struct cfiscsi_softc *softc, const char *name, uint16_t tag) { struct cfiscsi_target *ct; mtx_lock(&softc->lock); TAILQ_FOREACH(ct, &softc->targets, ct_next) { if (ct->ct_tag != tag || strcmp(name, ct->ct_name) != 0 || ct->ct_state != CFISCSI_TARGET_STATE_ACTIVE) continue; cfiscsi_target_hold(ct); mtx_unlock(&softc->lock); return (ct); } mtx_unlock(&softc->lock); return (NULL); } static struct cfiscsi_target * cfiscsi_target_find_or_create(struct cfiscsi_softc *softc, const char *name, const char *alias, uint16_t tag) { struct cfiscsi_target *ct, *newct; if (name[0] == '\0' || strlen(name) >= CTL_ISCSI_NAME_LEN) return (NULL); newct = malloc(sizeof(*newct), M_CFISCSI, M_WAITOK | M_ZERO); mtx_lock(&softc->lock); TAILQ_FOREACH(ct, &softc->targets, ct_next) { if (ct->ct_tag != tag || strcmp(name, ct->ct_name) != 0 || ct->ct_state == CFISCSI_TARGET_STATE_INVALID) continue; cfiscsi_target_hold(ct); mtx_unlock(&softc->lock); free(newct, M_CFISCSI); return (ct); } strlcpy(newct->ct_name, name, sizeof(newct->ct_name)); if (alias != NULL) strlcpy(newct->ct_alias, alias, sizeof(newct->ct_alias)); newct->ct_tag = tag; refcount_init(&newct->ct_refcount, 1); newct->ct_softc = softc; if (TAILQ_EMPTY(&softc->targets)) softc->last_target_id = 0; newct->ct_target_id = ++softc->last_target_id; TAILQ_INSERT_TAIL(&softc->targets, newct, ct_next); mtx_unlock(&softc->lock); return (newct); } static void cfiscsi_pdu_done(struct icl_pdu *ip, int error) { if (error != 0) ; // XXX: Do something on error? ((ctl_ref)ip->ip_prv0)(ip->ip_prv1, -1); } static void cfiscsi_datamove_in(union ctl_io *io) { struct cfiscsi_session *cs; struct icl_pdu *request, *response; const struct iscsi_bhs_scsi_command *bhssc; struct iscsi_bhs_data_in *bhsdi; struct ctl_sg_entry ctl_sg_entry, *ctl_sglist; size_t len, expected_len, sg_len, buffer_offset; const char *sg_addr; icl_pdu_cb cb; int ctl_sg_count, error, i; request = PRIV_REQUEST(io); cs = PDU_SESSION(request); bhssc = (const struct iscsi_bhs_scsi_command *)request->ip_bhs; KASSERT((bhssc->bhssc_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_SCSI_COMMAND, ("bhssc->bhssc_opcode != ISCSI_BHS_OPCODE_SCSI_COMMAND")); if (io->scsiio.kern_sg_entries > 0) { ctl_sglist = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr; ctl_sg_count = io->scsiio.kern_sg_entries; } else { ctl_sglist = &ctl_sg_entry; ctl_sglist->addr = io->scsiio.kern_data_ptr; ctl_sglist->len = io->scsiio.kern_data_len; ctl_sg_count = 1; } /* * This is the offset within the current SCSI command; for the first * call to cfiscsi_datamove() it will be 0, and for subsequent ones * it will be the sum of lengths of previous ones. */ buffer_offset = io->scsiio.kern_rel_offset; /* * This is the transfer length expected by the initiator. It can be * different from the amount of data from the SCSI point of view. */ expected_len = ntohl(bhssc->bhssc_expected_data_transfer_length); /* * If the transfer is outside of expected length -- we are done. */ if (buffer_offset >= expected_len) { #if 0 CFISCSI_SESSION_DEBUG(cs, "buffer_offset = %zd, " "already sent the expected len", buffer_offset); #endif io->scsiio.be_move_done(io); return; } if (io->scsiio.kern_data_ref != NULL) cb = cfiscsi_pdu_done; else cb = NULL; i = 0; sg_addr = NULL; sg_len = 0; response = NULL; bhsdi = NULL; for (;;) { if (response == NULL) { response = cfiscsi_pdu_new_response(request, M_NOWAIT); if (response == NULL) { CFISCSI_SESSION_WARN(cs, "failed to " "allocate memory; dropping connection"); ctl_set_busy(&io->scsiio); io->scsiio.be_move_done(io); cfiscsi_session_terminate(cs); return; } bhsdi = (struct iscsi_bhs_data_in *)response->ip_bhs; bhsdi->bhsdi_opcode = ISCSI_BHS_OPCODE_SCSI_DATA_IN; bhsdi->bhsdi_initiator_task_tag = bhssc->bhssc_initiator_task_tag; bhsdi->bhsdi_target_transfer_tag = 0xffffffff; bhsdi->bhsdi_datasn = htonl(PRIV_EXPDATASN(io)++); bhsdi->bhsdi_buffer_offset = htonl(buffer_offset); } KASSERT(i < ctl_sg_count, ("i >= ctl_sg_count")); if (sg_len == 0) { sg_addr = ctl_sglist[i].addr; sg_len = ctl_sglist[i].len; KASSERT(sg_len > 0, ("sg_len <= 0")); } len = sg_len; /* * Truncate to maximum data segment length. */ KASSERT(response->ip_data_len < cs->cs_max_send_data_segment_length, ("ip_data_len %zd >= max_send_data_segment_length %d", response->ip_data_len, cs->cs_max_send_data_segment_length)); if (response->ip_data_len + len > cs->cs_max_send_data_segment_length) { len = cs->cs_max_send_data_segment_length - response->ip_data_len; KASSERT(len <= sg_len, ("len %zd > sg_len %zd", len, sg_len)); } /* * Truncate to expected data transfer length. */ KASSERT(buffer_offset + response->ip_data_len < expected_len, ("buffer_offset %zd + ip_data_len %zd >= expected_len %zd", buffer_offset, response->ip_data_len, expected_len)); if (buffer_offset + response->ip_data_len + len > expected_len) { CFISCSI_SESSION_DEBUG(cs, "truncating from %zd " "to expected data transfer length %zd", buffer_offset + response->ip_data_len + len, expected_len); len = expected_len - (buffer_offset + response->ip_data_len); KASSERT(len <= sg_len, ("len %zd > sg_len %zd", len, sg_len)); } error = icl_pdu_append_data(response, sg_addr, len, M_NOWAIT | (cb ? ICL_NOCOPY : 0)); if (error != 0) { CFISCSI_SESSION_WARN(cs, "failed to " "allocate memory; dropping connection"); icl_pdu_free(response); ctl_set_busy(&io->scsiio); io->scsiio.be_move_done(io); cfiscsi_session_terminate(cs); return; } sg_addr += len; sg_len -= len; io->scsiio.kern_data_resid -= len; KASSERT(buffer_offset + response->ip_data_len <= expected_len, ("buffer_offset %zd + ip_data_len %zd > expected_len %zd", buffer_offset, response->ip_data_len, expected_len)); if (buffer_offset + response->ip_data_len == expected_len) { /* * Already have the amount of data the initiator wanted. */ break; } if (sg_len == 0) { /* * End of scatter-gather segment; * proceed to the next one... */ if (i == ctl_sg_count - 1) { /* * ... unless this was the last one. */ break; } i++; } if (response->ip_data_len == cs->cs_max_send_data_segment_length) { /* * Can't stuff more data into the current PDU; * queue it. Note that's not enough to check * for kern_data_resid == 0 instead; there * may be several Data-In PDUs for the final * call to cfiscsi_datamove(), and we want * to set the F flag only on the last of them. */ buffer_offset += response->ip_data_len; if (buffer_offset == io->scsiio.kern_total_len || buffer_offset == expected_len) { buffer_offset -= response->ip_data_len; break; } if (cb != NULL) { response->ip_prv0 = io->scsiio.kern_data_ref; response->ip_prv1 = io->scsiio.kern_data_arg; io->scsiio.kern_data_ref(io->scsiio.kern_data_arg, 1); } cfiscsi_pdu_queue_cb(response, cb); response = NULL; bhsdi = NULL; } } if (response != NULL) { buffer_offset += response->ip_data_len; if (buffer_offset == io->scsiio.kern_total_len || buffer_offset == expected_len) { bhsdi->bhsdi_flags |= BHSDI_FLAGS_F; if (io->io_hdr.status == CTL_SUCCESS) { bhsdi->bhsdi_flags |= BHSDI_FLAGS_S; if (io->scsiio.kern_total_len < ntohl(bhssc->bhssc_expected_data_transfer_length)) { bhsdi->bhsdi_flags |= BHSSR_FLAGS_RESIDUAL_UNDERFLOW; bhsdi->bhsdi_residual_count = htonl(ntohl(bhssc->bhssc_expected_data_transfer_length) - io->scsiio.kern_total_len); } else if (io->scsiio.kern_total_len > ntohl(bhssc->bhssc_expected_data_transfer_length)) { bhsdi->bhsdi_flags |= BHSSR_FLAGS_RESIDUAL_OVERFLOW; bhsdi->bhsdi_residual_count = htonl(io->scsiio.kern_total_len - ntohl(bhssc->bhssc_expected_data_transfer_length)); } bhsdi->bhsdi_status = io->scsiio.scsi_status; io->io_hdr.flags |= CTL_FLAG_STATUS_SENT; } } KASSERT(response->ip_data_len > 0, ("sending empty Data-In")); if (cb != NULL) { response->ip_prv0 = io->scsiio.kern_data_ref; response->ip_prv1 = io->scsiio.kern_data_arg; io->scsiio.kern_data_ref(io->scsiio.kern_data_arg, 1); } cfiscsi_pdu_queue_cb(response, cb); } io->scsiio.be_move_done(io); } static void cfiscsi_datamove_out(union ctl_io *io) { struct cfiscsi_session *cs; struct icl_pdu *request, *response; const struct iscsi_bhs_scsi_command *bhssc; struct iscsi_bhs_r2t *bhsr2t; struct cfiscsi_data_wait *cdw; struct ctl_sg_entry ctl_sg_entry, *ctl_sglist; uint32_t expected_len, datamove_len, r2t_off, r2t_len; uint32_t target_transfer_tag; bool done; request = PRIV_REQUEST(io); cs = PDU_SESSION(request); bhssc = (const struct iscsi_bhs_scsi_command *)request->ip_bhs; KASSERT((bhssc->bhssc_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_SCSI_COMMAND, ("bhssc->bhssc_opcode != ISCSI_BHS_OPCODE_SCSI_COMMAND")); /* * Complete write underflow. Not a single byte to read. Return. */ expected_len = ntohl(bhssc->bhssc_expected_data_transfer_length); if (io->scsiio.kern_rel_offset >= expected_len) { io->scsiio.be_move_done(io); return; } datamove_len = MIN(io->scsiio.kern_data_len, expected_len - io->scsiio.kern_rel_offset); target_transfer_tag = atomic_fetchadd_32(&cs->cs_target_transfer_tag, 1); cdw = cfiscsi_data_wait_new(cs, io, bhssc->bhssc_initiator_task_tag, &target_transfer_tag); if (cdw == NULL) { CFISCSI_SESSION_WARN(cs, "failed to " "allocate memory; dropping connection"); ctl_set_busy(&io->scsiio); io->scsiio.be_move_done(io); cfiscsi_session_terminate(cs); return; } #if 0 CFISCSI_SESSION_DEBUG(cs, "expecting Data-Out with initiator " "task tag 0x%x, target transfer tag 0x%x", bhssc->bhssc_initiator_task_tag, target_transfer_tag); #endif cdw->cdw_ctl_io = io; cdw->cdw_target_transfer_tag = target_transfer_tag; cdw->cdw_initiator_task_tag = bhssc->bhssc_initiator_task_tag; cdw->cdw_r2t_end = datamove_len; cdw->cdw_datasn = 0; /* Set initial data pointer for the CDW respecting ext_data_filled. */ if (io->scsiio.kern_sg_entries > 0) { ctl_sglist = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr; } else { ctl_sglist = &ctl_sg_entry; ctl_sglist->addr = io->scsiio.kern_data_ptr; ctl_sglist->len = datamove_len; } cdw->cdw_sg_index = 0; cdw->cdw_sg_addr = ctl_sglist[cdw->cdw_sg_index].addr; cdw->cdw_sg_len = ctl_sglist[cdw->cdw_sg_index].len; r2t_off = io->scsiio.ext_data_filled; while (r2t_off > 0) { if (r2t_off >= cdw->cdw_sg_len) { r2t_off -= cdw->cdw_sg_len; cdw->cdw_sg_index++; cdw->cdw_sg_addr = ctl_sglist[cdw->cdw_sg_index].addr; cdw->cdw_sg_len = ctl_sglist[cdw->cdw_sg_index].len; continue; } cdw->cdw_sg_addr += r2t_off; cdw->cdw_sg_len -= r2t_off; r2t_off = 0; } if (cs->cs_immediate_data && io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled < icl_pdu_data_segment_length(request)) { done = cfiscsi_handle_data_segment(request, cdw); if (done) { cfiscsi_data_wait_free(cs, cdw); io->scsiio.be_move_done(io); return; } } r2t_off = io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled; r2t_len = MIN(datamove_len - io->scsiio.ext_data_filled, cs->cs_max_burst_length); cdw->cdw_r2t_end = io->scsiio.ext_data_filled + r2t_len; CFISCSI_SESSION_LOCK(cs); TAILQ_INSERT_TAIL(&cs->cs_waiting_for_data_out, cdw, cdw_next); CFISCSI_SESSION_UNLOCK(cs); /* * XXX: We should limit the number of outstanding R2T PDUs * per task to MaxOutstandingR2T. */ response = cfiscsi_pdu_new_response(request, M_NOWAIT); if (response == NULL) { CFISCSI_SESSION_WARN(cs, "failed to " "allocate memory; dropping connection"); ctl_set_busy(&io->scsiio); io->scsiio.be_move_done(io); cfiscsi_session_terminate(cs); return; } io->io_hdr.flags |= CTL_FLAG_DMA_INPROG; bhsr2t = (struct iscsi_bhs_r2t *)response->ip_bhs; bhsr2t->bhsr2t_opcode = ISCSI_BHS_OPCODE_R2T; bhsr2t->bhsr2t_flags = 0x80; bhsr2t->bhsr2t_lun = bhssc->bhssc_lun; bhsr2t->bhsr2t_initiator_task_tag = bhssc->bhssc_initiator_task_tag; bhsr2t->bhsr2t_target_transfer_tag = target_transfer_tag; /* * XXX: Here we assume that cfiscsi_datamove() won't ever * be running concurrently on several CPUs for a given * command. */ bhsr2t->bhsr2t_r2tsn = htonl(PRIV_R2TSN(io)++); /* * This is the offset within the current SCSI command; * i.e. for the first call of datamove(), it will be 0, * and for subsequent ones it will be the sum of lengths * of previous ones. * * The ext_data_filled is to account for unsolicited * (immediate) data that might have already arrived. */ bhsr2t->bhsr2t_buffer_offset = htonl(r2t_off); /* * This is the total length (sum of S/G lengths) this call * to cfiscsi_datamove() is supposed to handle, limited by * MaxBurstLength. */ bhsr2t->bhsr2t_desired_data_transfer_length = htonl(r2t_len); cfiscsi_pdu_queue(response); } static void cfiscsi_datamove(union ctl_io *io) { if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) cfiscsi_datamove_in(io); else { /* We hadn't received anything during this datamove yet. */ io->scsiio.ext_data_filled = 0; cfiscsi_datamove_out(io); } } static void cfiscsi_scsi_command_done(union ctl_io *io) { struct icl_pdu *request, *response; struct iscsi_bhs_scsi_command *bhssc; struct iscsi_bhs_scsi_response *bhssr; #ifdef DIAGNOSTIC struct cfiscsi_data_wait *cdw; #endif struct cfiscsi_session *cs; uint16_t sense_length; request = PRIV_REQUEST(io); cs = PDU_SESSION(request); bhssc = (struct iscsi_bhs_scsi_command *)request->ip_bhs; KASSERT((bhssc->bhssc_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_SCSI_COMMAND, ("replying to wrong opcode 0x%x", bhssc->bhssc_opcode)); //CFISCSI_SESSION_DEBUG(cs, "initiator task tag 0x%x", // bhssc->bhssc_initiator_task_tag); #ifdef DIAGNOSTIC CFISCSI_SESSION_LOCK(cs); TAILQ_FOREACH(cdw, &cs->cs_waiting_for_data_out, cdw_next) KASSERT(bhssc->bhssc_initiator_task_tag != cdw->cdw_initiator_task_tag, ("dangling cdw")); CFISCSI_SESSION_UNLOCK(cs); #endif /* * Do not return status for aborted commands. * There are exceptions, but none supported by CTL yet. */ if (((io->io_hdr.flags & CTL_FLAG_ABORT) && (io->io_hdr.flags & CTL_FLAG_ABORT_STATUS) == 0) || (io->io_hdr.flags & CTL_FLAG_STATUS_SENT)) { ctl_free_io(io); icl_pdu_free(request); return; } response = cfiscsi_pdu_new_response(request, M_WAITOK); bhssr = (struct iscsi_bhs_scsi_response *)response->ip_bhs; bhssr->bhssr_opcode = ISCSI_BHS_OPCODE_SCSI_RESPONSE; bhssr->bhssr_flags = 0x80; /* * XXX: We don't deal with bidirectional under/overflows; * does anything actually support those? */ if (io->scsiio.kern_total_len < ntohl(bhssc->bhssc_expected_data_transfer_length)) { bhssr->bhssr_flags |= BHSSR_FLAGS_RESIDUAL_UNDERFLOW; bhssr->bhssr_residual_count = htonl(ntohl(bhssc->bhssc_expected_data_transfer_length) - io->scsiio.kern_total_len); //CFISCSI_SESSION_DEBUG(cs, "underflow; residual count %d", // ntohl(bhssr->bhssr_residual_count)); } else if (io->scsiio.kern_total_len > ntohl(bhssc->bhssc_expected_data_transfer_length)) { bhssr->bhssr_flags |= BHSSR_FLAGS_RESIDUAL_OVERFLOW; bhssr->bhssr_residual_count = htonl(io->scsiio.kern_total_len - ntohl(bhssc->bhssc_expected_data_transfer_length)); //CFISCSI_SESSION_DEBUG(cs, "overflow; residual count %d", // ntohl(bhssr->bhssr_residual_count)); } bhssr->bhssr_response = BHSSR_RESPONSE_COMMAND_COMPLETED; bhssr->bhssr_status = io->scsiio.scsi_status; bhssr->bhssr_initiator_task_tag = bhssc->bhssc_initiator_task_tag; bhssr->bhssr_expdatasn = htonl(PRIV_EXPDATASN(io)); if (io->scsiio.sense_len > 0) { #if 0 CFISCSI_SESSION_DEBUG(cs, "returning %d bytes of sense data", io->scsiio.sense_len); #endif sense_length = htons(io->scsiio.sense_len); icl_pdu_append_data(response, &sense_length, sizeof(sense_length), M_WAITOK); icl_pdu_append_data(response, &io->scsiio.sense_data, io->scsiio.sense_len, M_WAITOK); } ctl_free_io(io); icl_pdu_free(request); cfiscsi_pdu_queue(response); } static void cfiscsi_task_management_done(union ctl_io *io) { struct icl_pdu *request, *response; struct iscsi_bhs_task_management_request *bhstmr; struct iscsi_bhs_task_management_response *bhstmr2; struct cfiscsi_data_wait *cdw, *tmpcdw; struct cfiscsi_session *cs, *tcs; struct cfiscsi_softc *softc; int cold_reset = 0; request = PRIV_REQUEST(io); cs = PDU_SESSION(request); bhstmr = (struct iscsi_bhs_task_management_request *)request->ip_bhs; KASSERT((bhstmr->bhstmr_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) == ISCSI_BHS_OPCODE_TASK_REQUEST, ("replying to wrong opcode 0x%x", bhstmr->bhstmr_opcode)); #if 0 CFISCSI_SESSION_DEBUG(cs, "initiator task tag 0x%x; referenced task tag 0x%x", bhstmr->bhstmr_initiator_task_tag, bhstmr->bhstmr_referenced_task_tag); #endif if ((bhstmr->bhstmr_function & ~0x80) == BHSTMR_FUNCTION_ABORT_TASK) { /* * Make sure we no longer wait for Data-Out for this command. */ CFISCSI_SESSION_LOCK(cs); TAILQ_FOREACH_SAFE(cdw, &cs->cs_waiting_for_data_out, cdw_next, tmpcdw) { if (bhstmr->bhstmr_referenced_task_tag != cdw->cdw_initiator_task_tag) continue; #if 0 CFISCSI_SESSION_DEBUG(cs, "removing csw for initiator task " "tag 0x%x", bhstmr->bhstmr_initiator_task_tag); #endif TAILQ_REMOVE(&cs->cs_waiting_for_data_out, cdw, cdw_next); io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG; cdw->cdw_ctl_io->scsiio.io_hdr.port_status = 43; cdw->cdw_ctl_io->scsiio.be_move_done(cdw->cdw_ctl_io); cfiscsi_data_wait_free(cs, cdw); } CFISCSI_SESSION_UNLOCK(cs); } if ((bhstmr->bhstmr_function & ~0x80) == BHSTMR_FUNCTION_TARGET_COLD_RESET && io->io_hdr.status == CTL_SUCCESS) cold_reset = 1; response = cfiscsi_pdu_new_response(request, M_WAITOK); bhstmr2 = (struct iscsi_bhs_task_management_response *) response->ip_bhs; bhstmr2->bhstmr_opcode = ISCSI_BHS_OPCODE_TASK_RESPONSE; bhstmr2->bhstmr_flags = 0x80; switch (io->taskio.task_status) { case CTL_TASK_FUNCTION_COMPLETE: bhstmr2->bhstmr_response = BHSTMR_RESPONSE_FUNCTION_COMPLETE; break; case CTL_TASK_FUNCTION_SUCCEEDED: bhstmr2->bhstmr_response = BHSTMR_RESPONSE_FUNCTION_SUCCEEDED; break; case CTL_TASK_LUN_DOES_NOT_EXIST: bhstmr2->bhstmr_response = BHSTMR_RESPONSE_LUN_DOES_NOT_EXIST; break; case CTL_TASK_FUNCTION_NOT_SUPPORTED: default: bhstmr2->bhstmr_response = BHSTMR_RESPONSE_FUNCTION_NOT_SUPPORTED; break; } memcpy(bhstmr2->bhstmr_additional_reponse_information, io->taskio.task_resp, sizeof(io->taskio.task_resp)); bhstmr2->bhstmr_initiator_task_tag = bhstmr->bhstmr_initiator_task_tag; ctl_free_io(io); icl_pdu_free(request); cfiscsi_pdu_queue(response); if (cold_reset) { softc = cs->cs_target->ct_softc; mtx_lock(&softc->lock); TAILQ_FOREACH(tcs, &softc->sessions, cs_next) { if (tcs->cs_target == cs->cs_target) cfiscsi_session_terminate(tcs); } mtx_unlock(&softc->lock); } } static void cfiscsi_done(union ctl_io *io) { struct icl_pdu *request; struct cfiscsi_session *cs; KASSERT(((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE), ("invalid CTL status %#x", io->io_hdr.status)); if (io->io_hdr.io_type == CTL_IO_TASK && io->taskio.task_action == CTL_TASK_I_T_NEXUS_RESET) { /* * Implicit task termination has just completed; nothing to do. */ cs = PRIV_REQUEST(io); cs->cs_tasks_aborted = true; refcount_release(&cs->cs_outstanding_ctl_pdus); wakeup(__DEVOLATILE(void *, &cs->cs_outstanding_ctl_pdus)); ctl_free_io(io); return; } request = PRIV_REQUEST(io); cs = PDU_SESSION(request); switch (request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) { case ISCSI_BHS_OPCODE_SCSI_COMMAND: cfiscsi_scsi_command_done(io); break; case ISCSI_BHS_OPCODE_TASK_REQUEST: cfiscsi_task_management_done(io); break; default: panic("cfiscsi_done called with wrong opcode 0x%x", request->ip_bhs->bhs_opcode); } refcount_release(&cs->cs_outstanding_ctl_pdus); } Index: head/sys/cam/ctl/ctl_frontend_iscsi.h =================================================================== --- head/sys/cam/ctl/ctl_frontend_iscsi.h (revision 367104) +++ head/sys/cam/ctl/ctl_frontend_iscsi.h (revision 367105) @@ -1,131 +1,130 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef CTL_FRONTEND_ISCSI_H #define CTL_FRONTEND_ISCSI_H #define CFISCSI_TARGET_STATE_INVALID 0 #define CFISCSI_TARGET_STATE_ACTIVE 1 #define CFISCSI_TARGET_STATE_DYING 2 struct cfiscsi_target { TAILQ_ENTRY(cfiscsi_target) ct_next; struct cfiscsi_softc *ct_softc; volatile u_int ct_refcount; char ct_name[CTL_ISCSI_NAME_LEN]; char ct_alias[CTL_ISCSI_ALIAS_LEN]; uint16_t ct_tag; int ct_state; int ct_online; int ct_target_id; struct ctl_port ct_port; }; struct cfiscsi_data_wait { TAILQ_ENTRY(cfiscsi_data_wait) cdw_next; union ctl_io *cdw_ctl_io; uint32_t cdw_target_transfer_tag; uint32_t cdw_initiator_task_tag; int cdw_sg_index; char *cdw_sg_addr; size_t cdw_sg_len; uint32_t cdw_r2t_end; uint32_t cdw_datasn; void *cdw_icl_prv; }; #define CFISCSI_SESSION_STATE_INVALID 0 #define CFISCSI_SESSION_STATE_BHS 1 #define CFISCSI_SESSION_STATE_AHS 2 #define CFISCSI_SESSION_STATE_HEADER_DIGEST 3 #define CFISCSI_SESSION_STATE_DATA 4 #define CFISCSI_SESSION_STATE_DATA_DIGEST 5 struct cfiscsi_session { TAILQ_ENTRY(cfiscsi_session) cs_next; struct mtx cs_lock; struct icl_conn *cs_conn; uint32_t cs_cmdsn; uint32_t cs_statsn; uint32_t cs_target_transfer_tag; volatile u_int cs_outstanding_ctl_pdus; TAILQ_HEAD(, cfiscsi_data_wait) cs_waiting_for_data_out; struct cfiscsi_target *cs_target; struct callout cs_callout; int cs_timeout; struct cv cs_maintenance_cv; bool cs_terminating; bool cs_handoff_in_progress; bool cs_tasks_aborted; int cs_max_recv_data_segment_length; int cs_max_send_data_segment_length; int cs_max_burst_length; int cs_first_burst_length; bool cs_immediate_data; char cs_initiator_name[CTL_ISCSI_NAME_LEN]; char cs_initiator_addr[CTL_ISCSI_ADDR_LEN]; char cs_initiator_alias[CTL_ISCSI_ALIAS_LEN]; char cs_initiator_isid[6]; char cs_initiator_id[CTL_ISCSI_NAME_LEN + 5 + 6 + 1]; unsigned int cs_id; int cs_ctl_initid; #ifdef ICL_KERNEL_PROXY struct sockaddr *cs_initiator_sa; int cs_portal_id; bool cs_login_phase; bool cs_waiting_for_ctld; struct cv cs_login_cv; struct icl_pdu *cs_login_pdu; #endif }; #ifdef ICL_KERNEL_PROXY struct icl_listen; #endif struct cfiscsi_softc { struct mtx lock; char port_name[32]; int online; int last_target_id; unsigned int last_session_id; TAILQ_HEAD(, cfiscsi_target) targets; TAILQ_HEAD(, cfiscsi_session) sessions; struct cv sessions_cv; #ifdef ICL_KERNEL_PROXY struct icl_listen *listener; struct cv accept_cv; #endif }; #endif /* !CTL_FRONTEND_ISCSI_H */ Index: head/sys/cddl/compat/opensolaris/kern/opensolaris_acl.c =================================================================== --- head/sys/cddl/compat/opensolaris/kern/opensolaris_acl.c (revision 367104) +++ head/sys/cddl/compat/opensolaris/kern/opensolaris_acl.c (revision 367105) @@ -1,221 +1,220 @@ /*- * Copyright (c) 2008, 2009 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include struct zfs2bsd { uint32_t zb_zfs; int zb_bsd; }; struct zfs2bsd perms[] = {{ACE_READ_DATA, ACL_READ_DATA}, {ACE_WRITE_DATA, ACL_WRITE_DATA}, {ACE_EXECUTE, ACL_EXECUTE}, {ACE_APPEND_DATA, ACL_APPEND_DATA}, {ACE_DELETE_CHILD, ACL_DELETE_CHILD}, {ACE_DELETE, ACL_DELETE}, {ACE_READ_ATTRIBUTES, ACL_READ_ATTRIBUTES}, {ACE_WRITE_ATTRIBUTES, ACL_WRITE_ATTRIBUTES}, {ACE_READ_NAMED_ATTRS, ACL_READ_NAMED_ATTRS}, {ACE_WRITE_NAMED_ATTRS, ACL_WRITE_NAMED_ATTRS}, {ACE_READ_ACL, ACL_READ_ACL}, {ACE_WRITE_ACL, ACL_WRITE_ACL}, {ACE_WRITE_OWNER, ACL_WRITE_OWNER}, {ACE_SYNCHRONIZE, ACL_SYNCHRONIZE}, {0, 0}}; struct zfs2bsd flags[] = {{ACE_FILE_INHERIT_ACE, ACL_ENTRY_FILE_INHERIT}, {ACE_DIRECTORY_INHERIT_ACE, ACL_ENTRY_DIRECTORY_INHERIT}, {ACE_NO_PROPAGATE_INHERIT_ACE, ACL_ENTRY_NO_PROPAGATE_INHERIT}, {ACE_INHERIT_ONLY_ACE, ACL_ENTRY_INHERIT_ONLY}, {ACE_INHERITED_ACE, ACL_ENTRY_INHERITED}, {ACE_SUCCESSFUL_ACCESS_ACE_FLAG, ACL_ENTRY_SUCCESSFUL_ACCESS}, {ACE_FAILED_ACCESS_ACE_FLAG, ACL_ENTRY_FAILED_ACCESS}, {0, 0}}; static int _bsd_from_zfs(uint32_t zfs, const struct zfs2bsd *table) { const struct zfs2bsd *tmp; int bsd = 0; for (tmp = table; tmp->zb_zfs != 0; tmp++) { if (zfs & tmp->zb_zfs) bsd |= tmp->zb_bsd; } return (bsd); } static uint32_t _zfs_from_bsd(int bsd, const struct zfs2bsd *table) { const struct zfs2bsd *tmp; uint32_t zfs = 0; for (tmp = table; tmp->zb_bsd != 0; tmp++) { if (bsd & tmp->zb_bsd) zfs |= tmp->zb_zfs; } return (zfs); } int acl_from_aces(struct acl *aclp, const ace_t *aces, int nentries) { int i; struct acl_entry *entry; const ace_t *ace; if (nentries < 1) { printf("acl_from_aces: empty ZFS ACL; returning EINVAL.\n"); return (EINVAL); } if (nentries > ACL_MAX_ENTRIES) { /* * I believe it may happen only when moving a pool * from SunOS to FreeBSD. */ printf("acl_from_aces: ZFS ACL too big to fit " "into 'struct acl'; returning EINVAL.\n"); return (EINVAL); } bzero(aclp, sizeof(*aclp)); aclp->acl_maxcnt = ACL_MAX_ENTRIES; aclp->acl_cnt = nentries; for (i = 0; i < nentries; i++) { entry = &(aclp->acl_entry[i]); ace = &(aces[i]); if (ace->a_flags & ACE_OWNER) entry->ae_tag = ACL_USER_OBJ; else if (ace->a_flags & ACE_GROUP) entry->ae_tag = ACL_GROUP_OBJ; else if (ace->a_flags & ACE_EVERYONE) entry->ae_tag = ACL_EVERYONE; else if (ace->a_flags & ACE_IDENTIFIER_GROUP) entry->ae_tag = ACL_GROUP; else entry->ae_tag = ACL_USER; if (entry->ae_tag == ACL_USER || entry->ae_tag == ACL_GROUP) entry->ae_id = ace->a_who; else entry->ae_id = ACL_UNDEFINED_ID; entry->ae_perm = _bsd_from_zfs(ace->a_access_mask, perms); entry->ae_flags = _bsd_from_zfs(ace->a_flags, flags); switch (ace->a_type) { case ACE_ACCESS_ALLOWED_ACE_TYPE: entry->ae_entry_type = ACL_ENTRY_TYPE_ALLOW; break; case ACE_ACCESS_DENIED_ACE_TYPE: entry->ae_entry_type = ACL_ENTRY_TYPE_DENY; break; case ACE_SYSTEM_AUDIT_ACE_TYPE: entry->ae_entry_type = ACL_ENTRY_TYPE_AUDIT; break; case ACE_SYSTEM_ALARM_ACE_TYPE: entry->ae_entry_type = ACL_ENTRY_TYPE_ALARM; break; default: panic("acl_from_aces: a_type is 0x%x", ace->a_type); } } return (0); } void aces_from_acl(ace_t *aces, int *nentries, const struct acl *aclp) { int i; const struct acl_entry *entry; ace_t *ace; bzero(aces, sizeof(*aces) * aclp->acl_cnt); *nentries = aclp->acl_cnt; for (i = 0; i < aclp->acl_cnt; i++) { entry = &(aclp->acl_entry[i]); ace = &(aces[i]); ace->a_who = entry->ae_id; if (entry->ae_tag == ACL_USER_OBJ) ace->a_flags = ACE_OWNER; else if (entry->ae_tag == ACL_GROUP_OBJ) ace->a_flags = (ACE_GROUP | ACE_IDENTIFIER_GROUP); else if (entry->ae_tag == ACL_GROUP) ace->a_flags = ACE_IDENTIFIER_GROUP; else if (entry->ae_tag == ACL_EVERYONE) ace->a_flags = ACE_EVERYONE; else /* ACL_USER */ ace->a_flags = 0; ace->a_access_mask = _zfs_from_bsd(entry->ae_perm, perms); ace->a_flags |= _zfs_from_bsd(entry->ae_flags, flags); switch (entry->ae_entry_type) { case ACL_ENTRY_TYPE_ALLOW: ace->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE; break; case ACL_ENTRY_TYPE_DENY: ace->a_type = ACE_ACCESS_DENIED_ACE_TYPE; break; case ACL_ENTRY_TYPE_ALARM: ace->a_type = ACE_SYSTEM_ALARM_ACE_TYPE; break; case ACL_ENTRY_TYPE_AUDIT: ace->a_type = ACE_SYSTEM_AUDIT_ACE_TYPE; break; default: panic("aces_from_acl: ae_entry_type is 0x%x", entry->ae_entry_type); } } } Index: head/sys/contrib/openzfs/module/os/freebsd/spl/spl_acl.c =================================================================== --- head/sys/contrib/openzfs/module/os/freebsd/spl/spl_acl.c (revision 367104) +++ head/sys/contrib/openzfs/module/os/freebsd/spl/spl_acl.c (revision 367105) @@ -1,223 +1,222 @@ /* * Copyright (c) 2008, 2009 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include struct zfs2bsd { uint32_t zb_zfs; int zb_bsd; }; struct zfs2bsd perms[] = {{ACE_READ_DATA, ACL_READ_DATA}, {ACE_WRITE_DATA, ACL_WRITE_DATA}, {ACE_EXECUTE, ACL_EXECUTE}, {ACE_APPEND_DATA, ACL_APPEND_DATA}, {ACE_DELETE_CHILD, ACL_DELETE_CHILD}, {ACE_DELETE, ACL_DELETE}, {ACE_READ_ATTRIBUTES, ACL_READ_ATTRIBUTES}, {ACE_WRITE_ATTRIBUTES, ACL_WRITE_ATTRIBUTES}, {ACE_READ_NAMED_ATTRS, ACL_READ_NAMED_ATTRS}, {ACE_WRITE_NAMED_ATTRS, ACL_WRITE_NAMED_ATTRS}, {ACE_READ_ACL, ACL_READ_ACL}, {ACE_WRITE_ACL, ACL_WRITE_ACL}, {ACE_WRITE_OWNER, ACL_WRITE_OWNER}, {ACE_SYNCHRONIZE, ACL_SYNCHRONIZE}, {0, 0}}; struct zfs2bsd flags[] = {{ACE_FILE_INHERIT_ACE, ACL_ENTRY_FILE_INHERIT}, {ACE_DIRECTORY_INHERIT_ACE, ACL_ENTRY_DIRECTORY_INHERIT}, {ACE_NO_PROPAGATE_INHERIT_ACE, ACL_ENTRY_NO_PROPAGATE_INHERIT}, {ACE_INHERIT_ONLY_ACE, ACL_ENTRY_INHERIT_ONLY}, {ACE_INHERITED_ACE, ACL_ENTRY_INHERITED}, {ACE_SUCCESSFUL_ACCESS_ACE_FLAG, ACL_ENTRY_SUCCESSFUL_ACCESS}, {ACE_FAILED_ACCESS_ACE_FLAG, ACL_ENTRY_FAILED_ACCESS}, {0, 0}}; static int _bsd_from_zfs(uint32_t zfs, const struct zfs2bsd *table) { const struct zfs2bsd *tmp; int bsd = 0; for (tmp = table; tmp->zb_zfs != 0; tmp++) { if (zfs & tmp->zb_zfs) bsd |= tmp->zb_bsd; } return (bsd); } static uint32_t _zfs_from_bsd(int bsd, const struct zfs2bsd *table) { const struct zfs2bsd *tmp; uint32_t zfs = 0; for (tmp = table; tmp->zb_bsd != 0; tmp++) { if (bsd & tmp->zb_bsd) zfs |= tmp->zb_zfs; } return (zfs); } int acl_from_aces(struct acl *aclp, const ace_t *aces, int nentries) { int i; struct acl_entry *entry; const ace_t *ace; if (nentries < 1) { printf("acl_from_aces: empty ZFS ACL; returning EINVAL.\n"); return (EINVAL); } if (nentries > ACL_MAX_ENTRIES) { /* * I believe it may happen only when moving a pool * from SunOS to FreeBSD. */ printf("acl_from_aces: ZFS ACL too big to fit " "into 'struct acl'; returning EINVAL.\n"); return (EINVAL); } bzero(aclp, sizeof (*aclp)); aclp->acl_maxcnt = ACL_MAX_ENTRIES; aclp->acl_cnt = nentries; for (i = 0; i < nentries; i++) { entry = &(aclp->acl_entry[i]); ace = &(aces[i]); if (ace->a_flags & ACE_OWNER) entry->ae_tag = ACL_USER_OBJ; else if (ace->a_flags & ACE_GROUP) entry->ae_tag = ACL_GROUP_OBJ; else if (ace->a_flags & ACE_EVERYONE) entry->ae_tag = ACL_EVERYONE; else if (ace->a_flags & ACE_IDENTIFIER_GROUP) entry->ae_tag = ACL_GROUP; else entry->ae_tag = ACL_USER; if (entry->ae_tag == ACL_USER || entry->ae_tag == ACL_GROUP) entry->ae_id = ace->a_who; else entry->ae_id = ACL_UNDEFINED_ID; entry->ae_perm = _bsd_from_zfs(ace->a_access_mask, perms); entry->ae_flags = _bsd_from_zfs(ace->a_flags, flags); switch (ace->a_type) { case ACE_ACCESS_ALLOWED_ACE_TYPE: entry->ae_entry_type = ACL_ENTRY_TYPE_ALLOW; break; case ACE_ACCESS_DENIED_ACE_TYPE: entry->ae_entry_type = ACL_ENTRY_TYPE_DENY; break; case ACE_SYSTEM_AUDIT_ACE_TYPE: entry->ae_entry_type = ACL_ENTRY_TYPE_AUDIT; break; case ACE_SYSTEM_ALARM_ACE_TYPE: entry->ae_entry_type = ACL_ENTRY_TYPE_ALARM; break; default: panic("acl_from_aces: a_type is 0x%x", ace->a_type); } } return (0); } void aces_from_acl(ace_t *aces, int *nentries, const struct acl *aclp) { int i; const struct acl_entry *entry; ace_t *ace; bzero(aces, sizeof (*aces) * aclp->acl_cnt); *nentries = aclp->acl_cnt; for (i = 0; i < aclp->acl_cnt; i++) { entry = &(aclp->acl_entry[i]); ace = &(aces[i]); ace->a_who = entry->ae_id; if (entry->ae_tag == ACL_USER_OBJ) ace->a_flags = ACE_OWNER; else if (entry->ae_tag == ACL_GROUP_OBJ) ace->a_flags = (ACE_GROUP | ACE_IDENTIFIER_GROUP); else if (entry->ae_tag == ACL_GROUP) ace->a_flags = ACE_IDENTIFIER_GROUP; else if (entry->ae_tag == ACL_EVERYONE) ace->a_flags = ACE_EVERYONE; else /* ACL_USER */ ace->a_flags = 0; ace->a_access_mask = _zfs_from_bsd(entry->ae_perm, perms); ace->a_flags |= _zfs_from_bsd(entry->ae_flags, flags); switch (entry->ae_entry_type) { case ACL_ENTRY_TYPE_ALLOW: ace->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE; break; case ACL_ENTRY_TYPE_DENY: ace->a_type = ACE_ACCESS_DENIED_ACE_TYPE; break; case ACL_ENTRY_TYPE_ALARM: ace->a_type = ACE_SYSTEM_ALARM_ACE_TYPE; break; case ACL_ENTRY_TYPE_AUDIT: ace->a_type = ACE_SYSTEM_AUDIT_ACE_TYPE; break; default: panic("aces_from_acl: ae_entry_type is 0x%x", entry->ae_entry_type); } } } Index: head/sys/dev/iscsi/icl.c =================================================================== --- head/sys/dev/iscsi/icl.c (revision 367104) +++ head/sys/dev/iscsi/icl.c (revision 367105) @@ -1,332 +1,331 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * iSCSI Common Layer. It's used by both the initiator and target to send * and receive iSCSI PDUs. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include struct icl_module { TAILQ_ENTRY(icl_module) im_next; char *im_name; bool im_iser; int im_priority; int (*im_limits)(struct icl_drv_limits *idl); struct icl_conn *(*im_new_conn)(const char *name, struct mtx *lock); }; struct icl_softc { struct sx sc_lock; TAILQ_HEAD(, icl_module) sc_modules; }; static int sysctl_kern_icl_offloads(SYSCTL_HANDLER_ARGS); static MALLOC_DEFINE(M_ICL, "icl", "iSCSI Common Layer"); static struct icl_softc *sc; SYSCTL_NODE(_kern, OID_AUTO, icl, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "iSCSI Common Layer"); int icl_debug = 1; SYSCTL_INT(_kern_icl, OID_AUTO, debug, CTLFLAG_RWTUN, &icl_debug, 0, "Enable debug messages"); SYSCTL_PROC(_kern_icl, OID_AUTO, offloads, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, false, sysctl_kern_icl_offloads, "A", "List of ICL modules"); SYSCTL_PROC(_kern_icl, OID_AUTO, iser_offloads, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, true, sysctl_kern_icl_offloads, "A", "List of iSER ICL modules"); static int sysctl_kern_icl_offloads(SYSCTL_HANDLER_ARGS) { const struct icl_module *im; struct sbuf sb; bool iser = arg2; int error; sbuf_new(&sb, NULL, 256, SBUF_AUTOEXTEND | SBUF_INCLUDENUL); sx_slock(&sc->sc_lock); TAILQ_FOREACH(im, &sc->sc_modules, im_next) { if (im->im_iser != iser) continue; if (im != TAILQ_FIRST(&sc->sc_modules)) sbuf_putc(&sb, ' '); sbuf_printf(&sb, "%s", im->im_name); } sx_sunlock(&sc->sc_lock); error = sbuf_finish(&sb); if (error == 0) error = SYSCTL_OUT(req, sbuf_data(&sb), sbuf_len(&sb)); sbuf_delete(&sb); return (error); } static struct icl_module * icl_find(const char *name, bool iser, bool quiet) { struct icl_module *im, *im_max; sx_assert(&sc->sc_lock, SA_LOCKED); /* * If the name was not specified, pick a module with highest * priority. */ if (name == NULL || name[0] == '\0') { im_max = NULL; TAILQ_FOREACH(im, &sc->sc_modules, im_next) { if (im->im_iser != iser) continue; if (im_max == NULL || im->im_priority > im_max->im_priority) im_max = im; } if (iser && im_max == NULL && !quiet) ICL_WARN("no iSER-capable offload found"); return (im_max); } TAILQ_FOREACH(im, &sc->sc_modules, im_next) { if (strcasecmp(im->im_name, name) != 0) continue; if (!im->im_iser && iser && !quiet) { ICL_WARN("offload \"%s\" is not iSER-capable", name); return (NULL); } if (im->im_iser && !iser && !quiet) { ICL_WARN("offload \"%s\" is iSER-only", name); return (NULL); } return (im); } if (!quiet) ICL_WARN("offload \"%s\" not found", name); return (NULL); } struct icl_conn * icl_new_conn(const char *offload, bool iser, const char *name, struct mtx *lock) { struct icl_module *im; struct icl_conn *ic; sx_slock(&sc->sc_lock); im = icl_find(offload, iser, false); if (im == NULL) { sx_sunlock(&sc->sc_lock); return (NULL); } ic = im->im_new_conn(name, lock); sx_sunlock(&sc->sc_lock); return (ic); } int icl_limits(const char *offload, bool iser, struct icl_drv_limits *idl) { struct icl_module *im; int error; bzero(idl, sizeof(*idl)); sx_slock(&sc->sc_lock); im = icl_find(offload, iser, false); if (im == NULL) { sx_sunlock(&sc->sc_lock); return (ENXIO); } error = im->im_limits(idl); sx_sunlock(&sc->sc_lock); /* * Validate the limits provided by the driver against values allowed by * the iSCSI RFC. 0 means iscsid/ctld should pick a reasonable value. * * Note that max_send_dsl is an internal implementation detail and not * part of the RFC. */ #define OUT_OF_RANGE(x, lo, hi) ((x) != 0 && ((x) < (lo) || (x) > (hi))) if (error == 0 && (OUT_OF_RANGE(idl->idl_max_recv_data_segment_length, 512, 16777215) || OUT_OF_RANGE(idl->idl_max_send_data_segment_length, 512, 16777215) || OUT_OF_RANGE(idl->idl_max_burst_length, 512, 16777215) || OUT_OF_RANGE(idl->idl_first_burst_length, 512, 16777215))) { error = EINVAL; } #undef OUT_OF_RANGE /* * If both first_burst and max_burst are provided then first_burst must * not exceed max_burst. */ if (error == 0 && idl->idl_first_burst_length > 0 && idl->idl_max_burst_length > 0 && idl->idl_first_burst_length > idl->idl_max_burst_length) { error = EINVAL; } return (error); } int icl_register(const char *offload, bool iser, int priority, int (*limits)(struct icl_drv_limits *), struct icl_conn *(*new_conn)(const char *, struct mtx *)) { struct icl_module *im; sx_xlock(&sc->sc_lock); im = icl_find(offload, iser, true); if (im != NULL) { ICL_WARN("offload \"%s\" already registered", offload); sx_xunlock(&sc->sc_lock); return (EBUSY); } im = malloc(sizeof(*im), M_ICL, M_ZERO | M_WAITOK); im->im_name = strdup(offload, M_ICL); im->im_iser = iser; im->im_priority = priority; im->im_limits = limits; im->im_new_conn = new_conn; TAILQ_INSERT_HEAD(&sc->sc_modules, im, im_next); sx_xunlock(&sc->sc_lock); ICL_DEBUG("offload \"%s\" registered", offload); return (0); } int icl_unregister(const char *offload, bool rdma) { struct icl_module *im; sx_xlock(&sc->sc_lock); im = icl_find(offload, rdma, true); if (im == NULL) { ICL_WARN("offload \"%s\" not registered", offload); sx_xunlock(&sc->sc_lock); return (ENXIO); } TAILQ_REMOVE(&sc->sc_modules, im, im_next); sx_xunlock(&sc->sc_lock); free(im->im_name, M_ICL); free(im, M_ICL); ICL_DEBUG("offload \"%s\" unregistered", offload); return (0); } static int icl_load(void) { sc = malloc(sizeof(*sc), M_ICL, M_ZERO | M_WAITOK); sx_init(&sc->sc_lock, "icl"); TAILQ_INIT(&sc->sc_modules); return (0); } static int icl_unload(void) { sx_slock(&sc->sc_lock); KASSERT(TAILQ_EMPTY(&sc->sc_modules), ("still have modules")); sx_sunlock(&sc->sc_lock); sx_destroy(&sc->sc_lock); free(sc, M_ICL); return (0); } static int icl_modevent(module_t mod, int what, void *arg) { switch (what) { case MOD_LOAD: return (icl_load()); case MOD_UNLOAD: return (icl_unload()); default: return (EINVAL); } } moduledata_t icl_data = { "icl", icl_modevent, 0 }; DECLARE_MODULE(icl, icl_data, SI_SUB_DRIVERS, SI_ORDER_FIRST); MODULE_VERSION(icl, 1); Index: head/sys/dev/iscsi/icl.h =================================================================== --- head/sys/dev/iscsi/icl.h (revision 367104) +++ head/sys/dev/iscsi/icl.h (revision 367105) @@ -1,176 +1,175 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef ICL_H #define ICL_H /* * iSCSI Common Layer. It's used by both the initiator and target to send * and receive iSCSI PDUs. */ #include #include #include #include SYSCTL_DECL(_kern_icl); extern int icl_debug; #define ICL_DEBUG(X, ...) \ do { \ if (icl_debug > 1) \ printf("%s: " X "\n", __func__, ## __VA_ARGS__);\ } while (0) #define ICL_WARN(X, ...) \ do { \ if (icl_debug > 0) { \ printf("WARNING: %s: " X "\n", \ __func__, ## __VA_ARGS__); \ } \ } while (0) struct icl_conn; struct ccb_scsiio; union ctl_io; struct icl_pdu { STAILQ_ENTRY(icl_pdu) ip_next; struct icl_conn *ip_conn; struct iscsi_bhs *ip_bhs; struct mbuf *ip_bhs_mbuf; size_t ip_ahs_len; struct mbuf *ip_ahs_mbuf; size_t ip_data_len; struct mbuf *ip_data_mbuf; /* * User (initiator or provider) private fields. */ void *ip_prv0; void *ip_prv1; }; #define ICL_CONN_STATE_INVALID 0 #define ICL_CONN_STATE_BHS 1 #define ICL_CONN_STATE_AHS 2 #define ICL_CONN_STATE_HEADER_DIGEST 3 #define ICL_CONN_STATE_DATA 4 #define ICL_CONN_STATE_DATA_DIGEST 5 #define ICL_MAX_DATA_SEGMENT_LENGTH (128 * 1024) #define ICL_NOCOPY (1 << 30) struct icl_conn { KOBJ_FIELDS; struct mtx *ic_lock; struct socket *ic_socket; #ifdef DIAGNOSTIC volatile u_int ic_outstanding_pdus; #endif STAILQ_HEAD(, icl_pdu) ic_to_send; bool ic_check_send_space; size_t ic_receive_len; int ic_receive_state; struct icl_pdu *ic_receive_pdu; struct cv ic_send_cv; struct cv ic_receive_cv; bool ic_header_crc32c; bool ic_data_crc32c; bool ic_send_running; bool ic_receive_running; size_t ic_max_data_segment_length; size_t ic_maxtags; bool ic_disconnecting; bool ic_iser; bool ic_unmapped; const char *ic_name; const char *ic_offload; void (*ic_receive)(struct icl_pdu *); void (*ic_error)(struct icl_conn *); /* * User (initiator or provider) private fields. */ void *ic_prv0; }; struct icl_drv_limits { int idl_max_recv_data_segment_length; int idl_max_send_data_segment_length; int idl_max_burst_length; int idl_first_burst_length; int spare[4]; }; typedef void (*icl_pdu_cb)(struct icl_pdu *, int error); struct icl_conn *icl_new_conn(const char *offload, bool iser, const char *name, struct mtx *lock); int icl_limits(const char *offload, bool iser, struct icl_drv_limits *idl); int icl_register(const char *offload, bool iser, int priority, int (*limits)(struct icl_drv_limits *), struct icl_conn *(*new_conn)(const char *, struct mtx *)); int icl_unregister(const char *offload, bool rdma); #ifdef ICL_KERNEL_PROXY struct sockaddr; struct icl_listen; /* * Target part. */ struct icl_listen *icl_listen_new(void (*accept_cb)(struct socket *, struct sockaddr *, int)); void icl_listen_free(struct icl_listen *il); int icl_listen_add(struct icl_listen *il, bool rdma, int domain, int socktype, int protocol, struct sockaddr *sa, int portal_id); int icl_listen_remove(struct icl_listen *il, struct sockaddr *sa); /* * Those two are not a public API; only to be used between icl_soft.c * and icl_soft_proxy.c. */ int icl_soft_handoff_sock(struct icl_conn *ic, struct socket *so); int icl_soft_proxy_connect(struct icl_conn *ic, int domain, int socktype, int protocol, struct sockaddr *from_sa, struct sockaddr *to_sa); #endif /* ICL_KERNEL_PROXY */ #endif /* !ICL_H */ Index: head/sys/dev/iscsi/icl_conn_if.m =================================================================== --- head/sys/dev/iscsi/icl_conn_if.m (revision 367104) +++ head/sys/dev/iscsi/icl_conn_if.m (revision 367105) @@ -1,139 +1,138 @@ #- # SPDX-License-Identifier: BSD-2-Clause-FreeBSD # # Copyright (c) 2014 The FreeBSD Foundation -# All rights reserved. # # This software was developed by Edward Tomasz Napierala under sponsorship # from the FreeBSD Foundation. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # #include #include INTERFACE icl_conn; CODE { static void null_pdu_queue_cb(struct icl_conn *ic, struct icl_pdu *ip, icl_pdu_cb cb) { ICL_CONN_PDU_QUEUE(ic, ip); if (cb) cb(ip, 0); } }; METHOD size_t pdu_data_segment_length { struct icl_conn *_ic; const struct icl_pdu *_ip; }; METHOD int pdu_append_data { struct icl_conn *_ic; struct icl_pdu *_ip; const void *_addr; size_t _len; int _flags; }; METHOD void pdu_get_data { struct icl_conn *_ic; struct icl_pdu *_ip; size_t _off; void *_addr; size_t _len; }; METHOD void pdu_queue { struct icl_conn *_ic; struct icl_pdu *_ip; }; METHOD void pdu_queue_cb { struct icl_conn *_ic; struct icl_pdu *_ip; icl_pdu_cb cb; } DEFAULT null_pdu_queue_cb; METHOD void pdu_free { struct icl_conn *_ic; struct icl_pdu *_ip; }; METHOD struct icl_pdu * new_pdu { struct icl_conn *_ic; int _flags; }; METHOD void free { struct icl_conn *_ic; }; METHOD int handoff { struct icl_conn *_ic; int _fd; }; METHOD void close { struct icl_conn *_ic; }; METHOD int task_setup { struct icl_conn *_ic; struct icl_pdu *_ip; struct ccb_scsiio *_csio; uint32_t *_task_tag; void **_prvp; }; METHOD void task_done { struct icl_conn *_ic; void *_prv; }; METHOD int transfer_setup { struct icl_conn *_ic; union ctl_io *_io; uint32_t *_transfer_tag; void **_prvp; }; METHOD void transfer_done { struct icl_conn *_ic; void *_prv; }; # # The function below is only used with ICL_KERNEL_PROXY. # METHOD int connect { struct icl_conn *_ic; int _domain; int _socktype; int _protocol; struct sockaddr *_from_sa; struct sockaddr *_to_sa; }; Index: head/sys/dev/iscsi/icl_soft.c =================================================================== --- head/sys/dev/iscsi/icl_soft.c (revision 367104) +++ head/sys/dev/iscsi/icl_soft.c (revision 367105) @@ -1,1636 +1,1635 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * Software implementation of iSCSI Common Layer kobj(9) interface. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include struct icl_soft_pdu { struct icl_pdu ip; /* soft specific stuff goes here. */ u_int ref_cnt; icl_pdu_cb cb; int error; }; static int coalesce = 1; SYSCTL_INT(_kern_icl, OID_AUTO, coalesce, CTLFLAG_RWTUN, &coalesce, 0, "Try to coalesce PDUs before sending"); static int partial_receive_len = 128 * 1024; SYSCTL_INT(_kern_icl, OID_AUTO, partial_receive_len, CTLFLAG_RWTUN, &partial_receive_len, 0, "Minimum read size for partially received " "data segment"); static int sendspace = 1048576; SYSCTL_INT(_kern_icl, OID_AUTO, sendspace, CTLFLAG_RWTUN, &sendspace, 0, "Default send socket buffer size"); static int recvspace = 1048576; SYSCTL_INT(_kern_icl, OID_AUTO, recvspace, CTLFLAG_RWTUN, &recvspace, 0, "Default receive socket buffer size"); static MALLOC_DEFINE(M_ICL_SOFT, "icl_soft", "iSCSI software backend"); static uma_zone_t icl_soft_pdu_zone; static volatile u_int icl_ncons; #define ICL_CONN_LOCK(X) mtx_lock(X->ic_lock) #define ICL_CONN_UNLOCK(X) mtx_unlock(X->ic_lock) #define ICL_CONN_LOCK_ASSERT(X) mtx_assert(X->ic_lock, MA_OWNED) #define ICL_CONN_LOCK_ASSERT_NOT(X) mtx_assert(X->ic_lock, MA_NOTOWNED) STAILQ_HEAD(icl_pdu_stailq, icl_pdu); static icl_conn_new_pdu_t icl_soft_conn_new_pdu; static icl_conn_pdu_free_t icl_soft_conn_pdu_free; static icl_conn_pdu_data_segment_length_t icl_soft_conn_pdu_data_segment_length; static icl_conn_pdu_append_data_t icl_soft_conn_pdu_append_data; static icl_conn_pdu_get_data_t icl_soft_conn_pdu_get_data; static icl_conn_pdu_queue_t icl_soft_conn_pdu_queue; static icl_conn_pdu_queue_cb_t icl_soft_conn_pdu_queue_cb; static icl_conn_handoff_t icl_soft_conn_handoff; static icl_conn_free_t icl_soft_conn_free; static icl_conn_close_t icl_soft_conn_close; static icl_conn_task_setup_t icl_soft_conn_task_setup; static icl_conn_task_done_t icl_soft_conn_task_done; static icl_conn_transfer_setup_t icl_soft_conn_transfer_setup; static icl_conn_transfer_done_t icl_soft_conn_transfer_done; #ifdef ICL_KERNEL_PROXY static icl_conn_connect_t icl_soft_conn_connect; #endif static kobj_method_t icl_soft_methods[] = { KOBJMETHOD(icl_conn_new_pdu, icl_soft_conn_new_pdu), KOBJMETHOD(icl_conn_pdu_free, icl_soft_conn_pdu_free), KOBJMETHOD(icl_conn_pdu_data_segment_length, icl_soft_conn_pdu_data_segment_length), KOBJMETHOD(icl_conn_pdu_append_data, icl_soft_conn_pdu_append_data), KOBJMETHOD(icl_conn_pdu_get_data, icl_soft_conn_pdu_get_data), KOBJMETHOD(icl_conn_pdu_queue, icl_soft_conn_pdu_queue), KOBJMETHOD(icl_conn_pdu_queue_cb, icl_soft_conn_pdu_queue_cb), KOBJMETHOD(icl_conn_handoff, icl_soft_conn_handoff), KOBJMETHOD(icl_conn_free, icl_soft_conn_free), KOBJMETHOD(icl_conn_close, icl_soft_conn_close), KOBJMETHOD(icl_conn_task_setup, icl_soft_conn_task_setup), KOBJMETHOD(icl_conn_task_done, icl_soft_conn_task_done), KOBJMETHOD(icl_conn_transfer_setup, icl_soft_conn_transfer_setup), KOBJMETHOD(icl_conn_transfer_done, icl_soft_conn_transfer_done), #ifdef ICL_KERNEL_PROXY KOBJMETHOD(icl_conn_connect, icl_soft_conn_connect), #endif { 0, 0 } }; DEFINE_CLASS(icl_soft, icl_soft_methods, sizeof(struct icl_conn)); static void icl_conn_fail(struct icl_conn *ic) { if (ic->ic_socket == NULL) return; /* * XXX */ ic->ic_socket->so_error = EDOOFUS; (ic->ic_error)(ic); } static struct mbuf * icl_conn_receive(struct icl_conn *ic, size_t len) { struct uio uio; struct socket *so; struct mbuf *m; int error, flags; so = ic->ic_socket; memset(&uio, 0, sizeof(uio)); uio.uio_resid = len; flags = MSG_DONTWAIT; error = soreceive(so, NULL, &uio, &m, NULL, &flags); if (error != 0) { ICL_DEBUG("soreceive error %d", error); return (NULL); } if (uio.uio_resid != 0) { m_freem(m); ICL_DEBUG("short read"); return (NULL); } return (m); } static int icl_conn_receive_buf(struct icl_conn *ic, void *buf, size_t len) { struct iovec iov[1]; struct uio uio; struct socket *so; int error, flags; so = ic->ic_socket; memset(&uio, 0, sizeof(uio)); iov[0].iov_base = buf; iov[0].iov_len = len; uio.uio_iov = iov; uio.uio_iovcnt = 1; uio.uio_offset = 0; uio.uio_resid = len; uio.uio_segflg = UIO_SYSSPACE; uio.uio_rw = UIO_READ; flags = MSG_DONTWAIT; error = soreceive(so, NULL, &uio, NULL, NULL, &flags); if (error != 0) { ICL_DEBUG("soreceive error %d", error); return (-1); } if (uio.uio_resid != 0) { ICL_DEBUG("short read"); return (-1); } return (0); } static void icl_soft_conn_pdu_free(struct icl_conn *ic, struct icl_pdu *ip) { struct icl_soft_pdu *isp = (struct icl_soft_pdu *)ip; KASSERT(isp->ref_cnt == 0, ("freeing active PDU")); m_freem(ip->ip_bhs_mbuf); m_freem(ip->ip_ahs_mbuf); m_freem(ip->ip_data_mbuf); uma_zfree(icl_soft_pdu_zone, isp); #ifdef DIAGNOSTIC refcount_release(&ic->ic_outstanding_pdus); #endif } static void icl_soft_pdu_call_cb(struct icl_pdu *ip) { struct icl_soft_pdu *isp = (struct icl_soft_pdu *)ip; if (isp->cb != NULL) isp->cb(ip, isp->error); #ifdef DIAGNOSTIC refcount_release(&ip->ip_conn->ic_outstanding_pdus); #endif uma_zfree(icl_soft_pdu_zone, isp); } static void icl_soft_pdu_done(struct icl_pdu *ip, int error) { struct icl_soft_pdu *isp = (struct icl_soft_pdu *)ip; if (error != 0) isp->error = error; m_freem(ip->ip_bhs_mbuf); ip->ip_bhs_mbuf = NULL; m_freem(ip->ip_ahs_mbuf); ip->ip_ahs_mbuf = NULL; m_freem(ip->ip_data_mbuf); ip->ip_data_mbuf = NULL; if (atomic_fetchadd_int(&isp->ref_cnt, -1) == 1) icl_soft_pdu_call_cb(ip); } static void icl_soft_mbuf_done(struct mbuf *mb) { struct icl_soft_pdu *isp = (struct icl_soft_pdu *)mb->m_ext.ext_arg1; icl_soft_pdu_call_cb(&isp->ip); } /* * Allocate icl_pdu with empty BHS to fill up by the caller. */ struct icl_pdu * icl_soft_conn_new_pdu(struct icl_conn *ic, int flags) { struct icl_soft_pdu *isp; struct icl_pdu *ip; #ifdef DIAGNOSTIC refcount_acquire(&ic->ic_outstanding_pdus); #endif isp = uma_zalloc(icl_soft_pdu_zone, flags | M_ZERO); if (isp == NULL) { ICL_WARN("failed to allocate soft PDU"); #ifdef DIAGNOSTIC refcount_release(&ic->ic_outstanding_pdus); #endif return (NULL); } ip = &isp->ip; ip->ip_conn = ic; CTASSERT(sizeof(struct iscsi_bhs) <= MHLEN); ip->ip_bhs_mbuf = m_gethdr(flags, MT_DATA); if (ip->ip_bhs_mbuf == NULL) { ICL_WARN("failed to allocate BHS mbuf"); icl_soft_conn_pdu_free(ic, ip); return (NULL); } ip->ip_bhs = mtod(ip->ip_bhs_mbuf, struct iscsi_bhs *); memset(ip->ip_bhs, 0, sizeof(struct iscsi_bhs)); ip->ip_bhs_mbuf->m_len = sizeof(struct iscsi_bhs); return (ip); } static int icl_pdu_ahs_length(const struct icl_pdu *request) { return (request->ip_bhs->bhs_total_ahs_len * 4); } static size_t icl_pdu_data_segment_length(const struct icl_pdu *request) { uint32_t len = 0; len += request->ip_bhs->bhs_data_segment_len[0]; len <<= 8; len += request->ip_bhs->bhs_data_segment_len[1]; len <<= 8; len += request->ip_bhs->bhs_data_segment_len[2]; return (len); } size_t icl_soft_conn_pdu_data_segment_length(struct icl_conn *ic, const struct icl_pdu *request) { return (icl_pdu_data_segment_length(request)); } static void icl_pdu_set_data_segment_length(struct icl_pdu *response, uint32_t len) { response->ip_bhs->bhs_data_segment_len[2] = len; response->ip_bhs->bhs_data_segment_len[1] = len >> 8; response->ip_bhs->bhs_data_segment_len[0] = len >> 16; } static size_t icl_pdu_padding(const struct icl_pdu *ip) { if ((ip->ip_data_len % 4) != 0) return (4 - (ip->ip_data_len % 4)); return (0); } static size_t icl_pdu_size(const struct icl_pdu *response) { size_t len; KASSERT(response->ip_ahs_len == 0, ("responding with AHS")); len = sizeof(struct iscsi_bhs) + response->ip_data_len + icl_pdu_padding(response); if (response->ip_conn->ic_header_crc32c) len += ISCSI_HEADER_DIGEST_SIZE; if (response->ip_data_len != 0 && response->ip_conn->ic_data_crc32c) len += ISCSI_DATA_DIGEST_SIZE; return (len); } static int icl_pdu_receive_bhs(struct icl_pdu *request, size_t *availablep) { if (icl_conn_receive_buf(request->ip_conn, request->ip_bhs, sizeof(struct iscsi_bhs))) { ICL_DEBUG("failed to receive BHS"); return (-1); } *availablep -= sizeof(struct iscsi_bhs); return (0); } static int icl_pdu_receive_ahs(struct icl_pdu *request, size_t *availablep) { request->ip_ahs_len = icl_pdu_ahs_length(request); if (request->ip_ahs_len == 0) return (0); request->ip_ahs_mbuf = icl_conn_receive(request->ip_conn, request->ip_ahs_len); if (request->ip_ahs_mbuf == NULL) { ICL_DEBUG("failed to receive AHS"); return (-1); } *availablep -= request->ip_ahs_len; return (0); } static uint32_t icl_mbuf_to_crc32c(const struct mbuf *m0) { uint32_t digest = 0xffffffff; const struct mbuf *m; for (m = m0; m != NULL; m = m->m_next) digest = calculate_crc32c(digest, mtod(m, const void *), m->m_len); digest = digest ^ 0xffffffff; return (digest); } static int icl_pdu_check_header_digest(struct icl_pdu *request, size_t *availablep) { uint32_t received_digest, valid_digest; if (request->ip_conn->ic_header_crc32c == false) return (0); CTASSERT(sizeof(received_digest) == ISCSI_HEADER_DIGEST_SIZE); if (icl_conn_receive_buf(request->ip_conn, &received_digest, ISCSI_HEADER_DIGEST_SIZE)) { ICL_DEBUG("failed to receive header digest"); return (-1); } *availablep -= ISCSI_HEADER_DIGEST_SIZE; /* Temporary attach AHS to BHS to calculate header digest. */ request->ip_bhs_mbuf->m_next = request->ip_ahs_mbuf; valid_digest = icl_mbuf_to_crc32c(request->ip_bhs_mbuf); request->ip_bhs_mbuf->m_next = NULL; if (received_digest != valid_digest) { ICL_WARN("header digest check failed; got 0x%x, " "should be 0x%x", received_digest, valid_digest); return (-1); } return (0); } /* * Return the number of bytes that should be waiting in the receive socket * before icl_pdu_receive_data_segment() gets called. */ static size_t icl_pdu_data_segment_receive_len(const struct icl_pdu *request) { size_t len; len = icl_pdu_data_segment_length(request); if (len == 0) return (0); /* * Account for the parts of data segment already read from * the socket buffer. */ KASSERT(len > request->ip_data_len, ("len <= request->ip_data_len")); len -= request->ip_data_len; /* * Don't always wait for the full data segment to be delivered * to the socket; this might badly affect performance due to * TCP window scaling. */ if (len > partial_receive_len) { #if 0 ICL_DEBUG("need %zd bytes of data, limiting to %zd", len, partial_receive_len)); #endif len = partial_receive_len; return (len); } /* * Account for padding. Note that due to the way code is written, * the icl_pdu_receive_data_segment() must always receive padding * along with the last part of data segment, because it would be * impossible to tell whether we've already received the full data * segment including padding, or without it. */ if ((len % 4) != 0) len += 4 - (len % 4); #if 0 ICL_DEBUG("need %zd bytes of data", len)); #endif return (len); } static int icl_pdu_receive_data_segment(struct icl_pdu *request, size_t *availablep, bool *more_neededp) { struct icl_conn *ic; size_t len, padding = 0; struct mbuf *m; ic = request->ip_conn; *more_neededp = false; ic->ic_receive_len = 0; len = icl_pdu_data_segment_length(request); if (len == 0) return (0); if ((len % 4) != 0) padding = 4 - (len % 4); /* * Account for already received parts of data segment. */ KASSERT(len > request->ip_data_len, ("len <= request->ip_data_len")); len -= request->ip_data_len; if (len + padding > *availablep) { /* * Not enough data in the socket buffer. Receive as much * as we can. Don't receive padding, since, obviously, it's * not the end of data segment yet. */ #if 0 ICL_DEBUG("limited from %zd to %zd", len + padding, *availablep - padding)); #endif len = *availablep - padding; *more_neededp = true; padding = 0; } /* * Must not try to receive padding without at least one byte * of actual data segment. */ if (len > 0) { m = icl_conn_receive(request->ip_conn, len + padding); if (m == NULL) { ICL_DEBUG("failed to receive data segment"); return (-1); } if (request->ip_data_mbuf == NULL) request->ip_data_mbuf = m; else m_cat(request->ip_data_mbuf, m); request->ip_data_len += len; *availablep -= len + padding; } else ICL_DEBUG("len 0"); if (*more_neededp) ic->ic_receive_len = icl_pdu_data_segment_receive_len(request); return (0); } static int icl_pdu_check_data_digest(struct icl_pdu *request, size_t *availablep) { uint32_t received_digest, valid_digest; if (request->ip_conn->ic_data_crc32c == false) return (0); if (request->ip_data_len == 0) return (0); CTASSERT(sizeof(received_digest) == ISCSI_DATA_DIGEST_SIZE); if (icl_conn_receive_buf(request->ip_conn, &received_digest, ISCSI_DATA_DIGEST_SIZE)) { ICL_DEBUG("failed to receive data digest"); return (-1); } *availablep -= ISCSI_DATA_DIGEST_SIZE; /* * Note that ip_data_mbuf also contains padding; since digest * calculation is supposed to include that, we iterate over * the entire ip_data_mbuf chain, not just ip_data_len bytes of it. */ valid_digest = icl_mbuf_to_crc32c(request->ip_data_mbuf); if (received_digest != valid_digest) { ICL_WARN("data digest check failed; got 0x%x, " "should be 0x%x", received_digest, valid_digest); return (-1); } return (0); } /* * Somewhat contrary to the name, this attempts to receive only one * "part" of PDU at a time; call it repeatedly until it returns non-NULL. */ static struct icl_pdu * icl_conn_receive_pdu(struct icl_conn *ic, size_t *availablep) { struct icl_pdu *request; struct socket *so; size_t len; int error; bool more_needed; so = ic->ic_socket; if (ic->ic_receive_state == ICL_CONN_STATE_BHS) { KASSERT(ic->ic_receive_pdu == NULL, ("ic->ic_receive_pdu != NULL")); request = icl_soft_conn_new_pdu(ic, M_NOWAIT); if (request == NULL) { ICL_DEBUG("failed to allocate PDU; " "dropping connection"); icl_conn_fail(ic); return (NULL); } ic->ic_receive_pdu = request; } else { KASSERT(ic->ic_receive_pdu != NULL, ("ic->ic_receive_pdu == NULL")); request = ic->ic_receive_pdu; } if (*availablep < ic->ic_receive_len) { #if 0 ICL_DEBUG("not enough data; need %zd, " "have %zd", ic->ic_receive_len, *availablep); #endif return (NULL); } switch (ic->ic_receive_state) { case ICL_CONN_STATE_BHS: //ICL_DEBUG("receiving BHS"); error = icl_pdu_receive_bhs(request, availablep); if (error != 0) { ICL_DEBUG("failed to receive BHS; " "dropping connection"); break; } /* * We don't enforce any limit for AHS length; * its length is stored in 8 bit field. */ len = icl_pdu_data_segment_length(request); if (len > ic->ic_max_data_segment_length) { ICL_WARN("received data segment " "length %zd is larger than negotiated " "MaxDataSegmentLength %zd; " "dropping connection", len, ic->ic_max_data_segment_length); error = EINVAL; break; } ic->ic_receive_state = ICL_CONN_STATE_AHS; ic->ic_receive_len = icl_pdu_ahs_length(request); break; case ICL_CONN_STATE_AHS: //ICL_DEBUG("receiving AHS"); error = icl_pdu_receive_ahs(request, availablep); if (error != 0) { ICL_DEBUG("failed to receive AHS; " "dropping connection"); break; } ic->ic_receive_state = ICL_CONN_STATE_HEADER_DIGEST; if (ic->ic_header_crc32c == false) ic->ic_receive_len = 0; else ic->ic_receive_len = ISCSI_HEADER_DIGEST_SIZE; break; case ICL_CONN_STATE_HEADER_DIGEST: //ICL_DEBUG("receiving header digest"); error = icl_pdu_check_header_digest(request, availablep); if (error != 0) { ICL_DEBUG("header digest failed; " "dropping connection"); break; } ic->ic_receive_state = ICL_CONN_STATE_DATA; ic->ic_receive_len = icl_pdu_data_segment_receive_len(request); break; case ICL_CONN_STATE_DATA: //ICL_DEBUG("receiving data segment"); error = icl_pdu_receive_data_segment(request, availablep, &more_needed); if (error != 0) { ICL_DEBUG("failed to receive data segment;" "dropping connection"); break; } if (more_needed) break; ic->ic_receive_state = ICL_CONN_STATE_DATA_DIGEST; if (request->ip_data_len == 0 || ic->ic_data_crc32c == false) ic->ic_receive_len = 0; else ic->ic_receive_len = ISCSI_DATA_DIGEST_SIZE; break; case ICL_CONN_STATE_DATA_DIGEST: //ICL_DEBUG("receiving data digest"); error = icl_pdu_check_data_digest(request, availablep); if (error != 0) { ICL_DEBUG("data digest failed; " "dropping connection"); break; } /* * We've received complete PDU; reset the receive state machine * and return the PDU. */ ic->ic_receive_state = ICL_CONN_STATE_BHS; ic->ic_receive_len = sizeof(struct iscsi_bhs); ic->ic_receive_pdu = NULL; return (request); default: panic("invalid ic_receive_state %d\n", ic->ic_receive_state); } if (error != 0) { /* * Don't free the PDU; it's pointed to by ic->ic_receive_pdu * and will get freed in icl_soft_conn_close(). */ icl_conn_fail(ic); } return (NULL); } static void icl_conn_receive_pdus(struct icl_conn *ic, size_t available) { struct icl_pdu *response; struct socket *so; so = ic->ic_socket; /* * This can never happen; we're careful to only mess with ic->ic_socket * pointer when the send/receive threads are not running. */ KASSERT(so != NULL, ("NULL socket")); for (;;) { if (ic->ic_disconnecting) return; if (so->so_error != 0) { ICL_DEBUG("connection error %d; " "dropping connection", so->so_error); icl_conn_fail(ic); return; } /* * Loop until we have a complete PDU or there is not enough * data in the socket buffer. */ if (available < ic->ic_receive_len) { #if 0 ICL_DEBUG("not enough data; have %zd, " "need %zd", available, ic->ic_receive_len); #endif return; } response = icl_conn_receive_pdu(ic, &available); if (response == NULL) continue; if (response->ip_ahs_len > 0) { ICL_WARN("received PDU with unsupported " "AHS; opcode 0x%x; dropping connection", response->ip_bhs->bhs_opcode); icl_soft_conn_pdu_free(ic, response); icl_conn_fail(ic); return; } (ic->ic_receive)(response); } } static void icl_receive_thread(void *arg) { struct icl_conn *ic; size_t available; struct socket *so; ic = arg; so = ic->ic_socket; for (;;) { if (ic->ic_disconnecting) { //ICL_DEBUG("terminating"); break; } /* * Set the low watermark, to be checked by * soreadable() in icl_soupcall_receive() * to avoid unnecessary wakeups until there * is enough data received to read the PDU. */ SOCKBUF_LOCK(&so->so_rcv); available = sbavail(&so->so_rcv); if (available < ic->ic_receive_len) { so->so_rcv.sb_lowat = ic->ic_receive_len; cv_wait(&ic->ic_receive_cv, &so->so_rcv.sb_mtx); } else so->so_rcv.sb_lowat = so->so_rcv.sb_hiwat + 1; SOCKBUF_UNLOCK(&so->so_rcv); icl_conn_receive_pdus(ic, available); } ICL_CONN_LOCK(ic); ic->ic_receive_running = false; cv_signal(&ic->ic_send_cv); ICL_CONN_UNLOCK(ic); kthread_exit(); } static int icl_soupcall_receive(struct socket *so, void *arg, int waitflag) { struct icl_conn *ic; if (!soreadable(so)) return (SU_OK); ic = arg; cv_signal(&ic->ic_receive_cv); return (SU_OK); } static int icl_pdu_finalize(struct icl_pdu *request) { size_t padding, pdu_len; uint32_t digest, zero = 0; int ok; struct icl_conn *ic; ic = request->ip_conn; icl_pdu_set_data_segment_length(request, request->ip_data_len); pdu_len = icl_pdu_size(request); if (ic->ic_header_crc32c) { digest = icl_mbuf_to_crc32c(request->ip_bhs_mbuf); ok = m_append(request->ip_bhs_mbuf, sizeof(digest), (void *)&digest); if (ok != 1) { ICL_WARN("failed to append header digest"); return (1); } } if (request->ip_data_len != 0) { padding = icl_pdu_padding(request); if (padding > 0) { ok = m_append(request->ip_data_mbuf, padding, (void *)&zero); if (ok != 1) { ICL_WARN("failed to append padding"); return (1); } } if (ic->ic_data_crc32c) { digest = icl_mbuf_to_crc32c(request->ip_data_mbuf); ok = m_append(request->ip_data_mbuf, sizeof(digest), (void *)&digest); if (ok != 1) { ICL_WARN("failed to append data digest"); return (1); } } m_cat(request->ip_bhs_mbuf, request->ip_data_mbuf); request->ip_data_mbuf = NULL; } request->ip_bhs_mbuf->m_pkthdr.len = pdu_len; return (0); } static void icl_conn_send_pdus(struct icl_conn *ic, struct icl_pdu_stailq *queue) { struct icl_pdu *request, *request2; struct socket *so; long available, size, size2; int coalesced, error; ICL_CONN_LOCK_ASSERT_NOT(ic); so = ic->ic_socket; SOCKBUF_LOCK(&so->so_snd); /* * Check how much space do we have for transmit. We can't just * call sosend() and retry when we get EWOULDBLOCK or EMSGSIZE, * as it always frees the mbuf chain passed to it, even in case * of error. */ available = sbspace(&so->so_snd); /* * Notify the socket upcall that we don't need wakeups * for the time being. */ so->so_snd.sb_lowat = so->so_snd.sb_hiwat + 1; SOCKBUF_UNLOCK(&so->so_snd); while (!STAILQ_EMPTY(queue)) { request = STAILQ_FIRST(queue); size = icl_pdu_size(request); if (available < size) { /* * Set the low watermark, to be checked by * sowriteable() in icl_soupcall_send() * to avoid unnecessary wakeups until there * is enough space for the PDU to fit. */ SOCKBUF_LOCK(&so->so_snd); available = sbspace(&so->so_snd); if (available < size) { #if 1 ICL_DEBUG("no space to send; " "have %ld, need %ld", available, size); #endif so->so_snd.sb_lowat = max(size, so->so_snd.sb_hiwat / 8); SOCKBUF_UNLOCK(&so->so_snd); return; } SOCKBUF_UNLOCK(&so->so_snd); } STAILQ_REMOVE_HEAD(queue, ip_next); error = icl_pdu_finalize(request); if (error != 0) { ICL_DEBUG("failed to finalize PDU; " "dropping connection"); icl_soft_pdu_done(request, EIO); icl_conn_fail(ic); return; } if (coalesce) { coalesced = 1; for (;;) { request2 = STAILQ_FIRST(queue); if (request2 == NULL) break; size2 = icl_pdu_size(request2); if (available < size + size2) break; STAILQ_REMOVE_HEAD(queue, ip_next); error = icl_pdu_finalize(request2); if (error != 0) { ICL_DEBUG("failed to finalize PDU; " "dropping connection"); icl_soft_pdu_done(request, EIO); icl_soft_pdu_done(request2, EIO); icl_conn_fail(ic); return; } m_cat(request->ip_bhs_mbuf, request2->ip_bhs_mbuf); request2->ip_bhs_mbuf = NULL; request->ip_bhs_mbuf->m_pkthdr.len += size2; size += size2; STAILQ_REMOVE_AFTER(queue, request, ip_next); icl_soft_pdu_done(request2, 0); coalesced++; } #if 0 if (coalesced > 1) { ICL_DEBUG("coalesced %d PDUs into %ld bytes", coalesced, size); } #endif } available -= size; error = sosend(so, NULL, NULL, request->ip_bhs_mbuf, NULL, MSG_DONTWAIT, curthread); request->ip_bhs_mbuf = NULL; /* Sosend consumes the mbuf. */ if (error != 0) { ICL_DEBUG("failed to send PDU, error %d; " "dropping connection", error); icl_soft_pdu_done(request, error); icl_conn_fail(ic); return; } icl_soft_pdu_done(request, 0); } } static void icl_send_thread(void *arg) { struct icl_conn *ic; struct icl_pdu_stailq queue; ic = arg; STAILQ_INIT(&queue); ICL_CONN_LOCK(ic); for (;;) { for (;;) { /* * If the local queue is empty, populate it from * the main one. This way the icl_conn_send_pdus() * can go through all the queued PDUs without holding * any locks. */ if (STAILQ_EMPTY(&queue)) STAILQ_SWAP(&ic->ic_to_send, &queue, icl_pdu); ic->ic_check_send_space = false; ICL_CONN_UNLOCK(ic); icl_conn_send_pdus(ic, &queue); ICL_CONN_LOCK(ic); /* * The icl_soupcall_send() was called since the last * call to sbspace(); go around; */ if (ic->ic_check_send_space) continue; /* * Local queue is empty, but we still have PDUs * in the main one; go around. */ if (STAILQ_EMPTY(&queue) && !STAILQ_EMPTY(&ic->ic_to_send)) continue; /* * There might be some stuff in the local queue, * which didn't get sent due to not having enough send * space. Wait for socket upcall. */ break; } if (ic->ic_disconnecting) { //ICL_DEBUG("terminating"); break; } cv_wait(&ic->ic_send_cv, ic->ic_lock); } /* * We're exiting; move PDUs back to the main queue, so they can * get freed properly. At this point ordering doesn't matter. */ STAILQ_CONCAT(&ic->ic_to_send, &queue); ic->ic_send_running = false; cv_signal(&ic->ic_send_cv); ICL_CONN_UNLOCK(ic); kthread_exit(); } static int icl_soupcall_send(struct socket *so, void *arg, int waitflag) { struct icl_conn *ic; if (!sowriteable(so)) return (SU_OK); ic = arg; ICL_CONN_LOCK(ic); ic->ic_check_send_space = true; ICL_CONN_UNLOCK(ic); cv_signal(&ic->ic_send_cv); return (SU_OK); } static int icl_soft_conn_pdu_append_data(struct icl_conn *ic, struct icl_pdu *request, const void *addr, size_t len, int flags) { struct icl_soft_pdu *isp = (struct icl_soft_pdu *)request; struct mbuf *mb, *newmb; size_t copylen, off = 0; KASSERT(len > 0, ("len == 0")); if (flags & ICL_NOCOPY) { newmb = m_get(flags & ~ICL_NOCOPY, MT_DATA); if (newmb == NULL) { ICL_WARN("failed to allocate mbuf"); return (ENOMEM); } newmb->m_flags |= M_RDONLY; m_extaddref(newmb, __DECONST(char *, addr), len, &isp->ref_cnt, icl_soft_mbuf_done, isp, NULL); newmb->m_len = len; } else { newmb = m_getm2(NULL, len, flags, MT_DATA, 0); if (newmb == NULL) { ICL_WARN("failed to allocate mbuf for %zd bytes", len); return (ENOMEM); } for (mb = newmb; mb != NULL; mb = mb->m_next) { copylen = min(M_TRAILINGSPACE(mb), len - off); memcpy(mtod(mb, char *), (const char *)addr + off, copylen); mb->m_len = copylen; off += copylen; } KASSERT(off == len, ("%s: off != len", __func__)); } if (request->ip_data_mbuf == NULL) { request->ip_data_mbuf = newmb; request->ip_data_len = len; } else { m_cat(request->ip_data_mbuf, newmb); request->ip_data_len += len; } return (0); } void icl_soft_conn_pdu_get_data(struct icl_conn *ic, struct icl_pdu *ip, size_t off, void *addr, size_t len) { m_copydata(ip->ip_data_mbuf, off, len, addr); } static void icl_soft_conn_pdu_queue(struct icl_conn *ic, struct icl_pdu *ip) { icl_soft_conn_pdu_queue_cb(ic, ip, NULL); } static void icl_soft_conn_pdu_queue_cb(struct icl_conn *ic, struct icl_pdu *ip, icl_pdu_cb cb) { struct icl_soft_pdu *isp = (struct icl_soft_pdu *)ip; ICL_CONN_LOCK_ASSERT(ic); isp->ref_cnt++; isp->cb = cb; if (ic->ic_disconnecting || ic->ic_socket == NULL) { ICL_DEBUG("icl_pdu_queue on closed connection"); icl_soft_pdu_done(ip, ENOTCONN); return; } if (!STAILQ_EMPTY(&ic->ic_to_send)) { STAILQ_INSERT_TAIL(&ic->ic_to_send, ip, ip_next); /* * If the queue is not empty, someone else had already * signaled the send thread; no need to do that again, * just return. */ return; } STAILQ_INSERT_TAIL(&ic->ic_to_send, ip, ip_next); cv_signal(&ic->ic_send_cv); } static struct icl_conn * icl_soft_new_conn(const char *name, struct mtx *lock) { struct icl_conn *ic; refcount_acquire(&icl_ncons); ic = (struct icl_conn *)kobj_create(&icl_soft_class, M_ICL_SOFT, M_WAITOK | M_ZERO); STAILQ_INIT(&ic->ic_to_send); ic->ic_lock = lock; cv_init(&ic->ic_send_cv, "icl_tx"); cv_init(&ic->ic_receive_cv, "icl_rx"); #ifdef DIAGNOSTIC refcount_init(&ic->ic_outstanding_pdus, 0); #endif ic->ic_max_data_segment_length = ICL_MAX_DATA_SEGMENT_LENGTH; ic->ic_name = name; ic->ic_offload = "None"; ic->ic_unmapped = false; return (ic); } void icl_soft_conn_free(struct icl_conn *ic) { #ifdef DIAGNOSTIC KASSERT(ic->ic_outstanding_pdus == 0, ("destroying session with %d outstanding PDUs", ic->ic_outstanding_pdus)); #endif cv_destroy(&ic->ic_send_cv); cv_destroy(&ic->ic_receive_cv); kobj_delete((struct kobj *)ic, M_ICL_SOFT); refcount_release(&icl_ncons); } static int icl_conn_start(struct icl_conn *ic) { size_t minspace; struct sockopt opt; int error, one = 1; ICL_CONN_LOCK(ic); /* * XXX: Ugly hack. */ if (ic->ic_socket == NULL) { ICL_CONN_UNLOCK(ic); return (EINVAL); } ic->ic_receive_state = ICL_CONN_STATE_BHS; ic->ic_receive_len = sizeof(struct iscsi_bhs); ic->ic_disconnecting = false; ICL_CONN_UNLOCK(ic); /* * For sendspace, this is required because the current code cannot * send a PDU in pieces; thus, the minimum buffer size is equal * to the maximum PDU size. "+4" is to account for possible padding. * * What we should actually do here is to use autoscaling, but set * some minimal buffer size to "minspace". I don't know a way to do * that, though. */ minspace = sizeof(struct iscsi_bhs) + ic->ic_max_data_segment_length + ISCSI_HEADER_DIGEST_SIZE + ISCSI_DATA_DIGEST_SIZE + 4; if (sendspace < minspace) { ICL_WARN("kern.icl.sendspace too low; must be at least %zd", minspace); sendspace = minspace; } if (recvspace < minspace) { ICL_WARN("kern.icl.recvspace too low; must be at least %zd", minspace); recvspace = minspace; } error = soreserve(ic->ic_socket, sendspace, recvspace); if (error != 0) { ICL_WARN("soreserve failed with error %d", error); icl_soft_conn_close(ic); return (error); } ic->ic_socket->so_snd.sb_flags |= SB_AUTOSIZE; ic->ic_socket->so_rcv.sb_flags |= SB_AUTOSIZE; /* * Disable Nagle. */ bzero(&opt, sizeof(opt)); opt.sopt_dir = SOPT_SET; opt.sopt_level = IPPROTO_TCP; opt.sopt_name = TCP_NODELAY; opt.sopt_val = &one; opt.sopt_valsize = sizeof(one); error = sosetopt(ic->ic_socket, &opt); if (error != 0) { ICL_WARN("disabling TCP_NODELAY failed with error %d", error); icl_soft_conn_close(ic); return (error); } /* * Register socket upcall, to get notified about incoming PDUs * and free space to send outgoing ones. */ SOCKBUF_LOCK(&ic->ic_socket->so_snd); soupcall_set(ic->ic_socket, SO_SND, icl_soupcall_send, ic); SOCKBUF_UNLOCK(&ic->ic_socket->so_snd); SOCKBUF_LOCK(&ic->ic_socket->so_rcv); soupcall_set(ic->ic_socket, SO_RCV, icl_soupcall_receive, ic); SOCKBUF_UNLOCK(&ic->ic_socket->so_rcv); /* * Start threads. */ ICL_CONN_LOCK(ic); ic->ic_send_running = ic->ic_receive_running = true; ICL_CONN_UNLOCK(ic); error = kthread_add(icl_send_thread, ic, NULL, NULL, 0, 0, "%stx", ic->ic_name); if (error != 0) { ICL_WARN("kthread_add(9) failed with error %d", error); ICL_CONN_LOCK(ic); ic->ic_send_running = ic->ic_receive_running = false; cv_signal(&ic->ic_send_cv); ICL_CONN_UNLOCK(ic); icl_soft_conn_close(ic); return (error); } error = kthread_add(icl_receive_thread, ic, NULL, NULL, 0, 0, "%srx", ic->ic_name); if (error != 0) { ICL_WARN("kthread_add(9) failed with error %d", error); ICL_CONN_LOCK(ic); ic->ic_receive_running = false; cv_signal(&ic->ic_send_cv); ICL_CONN_UNLOCK(ic); icl_soft_conn_close(ic); return (error); } return (0); } int icl_soft_conn_handoff(struct icl_conn *ic, int fd) { struct file *fp; struct socket *so; cap_rights_t rights; int error; ICL_CONN_LOCK_ASSERT_NOT(ic); #ifdef ICL_KERNEL_PROXY /* * We're transitioning to Full Feature phase, and we don't * really care. */ if (fd == 0) { ICL_CONN_LOCK(ic); if (ic->ic_socket == NULL) { ICL_CONN_UNLOCK(ic); ICL_WARN("proxy handoff without connect"); return (EINVAL); } ICL_CONN_UNLOCK(ic); return (0); } #endif /* * Steal the socket from userland. */ error = fget(curthread, fd, cap_rights_init(&rights, CAP_SOCK_CLIENT), &fp); if (error != 0) return (error); if (fp->f_type != DTYPE_SOCKET) { fdrop(fp, curthread); return (EINVAL); } so = fp->f_data; if (so->so_type != SOCK_STREAM) { fdrop(fp, curthread); return (EINVAL); } ICL_CONN_LOCK(ic); if (ic->ic_socket != NULL) { ICL_CONN_UNLOCK(ic); fdrop(fp, curthread); return (EBUSY); } ic->ic_socket = fp->f_data; fp->f_ops = &badfileops; fp->f_data = NULL; fdrop(fp, curthread); ICL_CONN_UNLOCK(ic); error = icl_conn_start(ic); return (error); } void icl_soft_conn_close(struct icl_conn *ic) { struct icl_pdu *pdu; struct socket *so; ICL_CONN_LOCK(ic); /* * Wake up the threads, so they can properly terminate. */ ic->ic_disconnecting = true; while (ic->ic_receive_running || ic->ic_send_running) { cv_signal(&ic->ic_receive_cv); cv_signal(&ic->ic_send_cv); cv_wait(&ic->ic_send_cv, ic->ic_lock); } /* Some other thread could close the connection same time. */ so = ic->ic_socket; if (so == NULL) { ICL_CONN_UNLOCK(ic); return; } ic->ic_socket = NULL; /* * Deregister socket upcalls. */ ICL_CONN_UNLOCK(ic); SOCKBUF_LOCK(&so->so_snd); if (so->so_snd.sb_upcall != NULL) soupcall_clear(so, SO_SND); SOCKBUF_UNLOCK(&so->so_snd); SOCKBUF_LOCK(&so->so_rcv); if (so->so_rcv.sb_upcall != NULL) soupcall_clear(so, SO_RCV); SOCKBUF_UNLOCK(&so->so_rcv); soclose(so); ICL_CONN_LOCK(ic); if (ic->ic_receive_pdu != NULL) { //ICL_DEBUG("freeing partially received PDU"); icl_soft_conn_pdu_free(ic, ic->ic_receive_pdu); ic->ic_receive_pdu = NULL; } /* * Remove any outstanding PDUs from the send queue. */ while (!STAILQ_EMPTY(&ic->ic_to_send)) { pdu = STAILQ_FIRST(&ic->ic_to_send); STAILQ_REMOVE_HEAD(&ic->ic_to_send, ip_next); icl_soft_pdu_done(pdu, ENOTCONN); } KASSERT(STAILQ_EMPTY(&ic->ic_to_send), ("destroying session with non-empty send queue")); ICL_CONN_UNLOCK(ic); } int icl_soft_conn_task_setup(struct icl_conn *ic, struct icl_pdu *ip, struct ccb_scsiio *csio, uint32_t *task_tagp, void **prvp) { return (0); } void icl_soft_conn_task_done(struct icl_conn *ic, void *prv) { } int icl_soft_conn_transfer_setup(struct icl_conn *ic, union ctl_io *io, uint32_t *transfer_tag, void **prvp) { return (0); } void icl_soft_conn_transfer_done(struct icl_conn *ic, void *prv) { } static int icl_soft_limits(struct icl_drv_limits *idl) { idl->idl_max_recv_data_segment_length = 128 * 1024; idl->idl_max_send_data_segment_length = 128 * 1024; idl->idl_max_burst_length = 262144; idl->idl_first_burst_length = 65536; return (0); } #ifdef ICL_KERNEL_PROXY int icl_soft_conn_connect(struct icl_conn *ic, int domain, int socktype, int protocol, struct sockaddr *from_sa, struct sockaddr *to_sa) { return (icl_soft_proxy_connect(ic, domain, socktype, protocol, from_sa, to_sa)); } int icl_soft_handoff_sock(struct icl_conn *ic, struct socket *so) { int error; ICL_CONN_LOCK_ASSERT_NOT(ic); if (so->so_type != SOCK_STREAM) return (EINVAL); ICL_CONN_LOCK(ic); if (ic->ic_socket != NULL) { ICL_CONN_UNLOCK(ic); return (EBUSY); } ic->ic_socket = so; ICL_CONN_UNLOCK(ic); error = icl_conn_start(ic); return (error); } #endif /* ICL_KERNEL_PROXY */ static int icl_soft_load(void) { int error; icl_soft_pdu_zone = uma_zcreate("icl_soft_pdu", sizeof(struct icl_soft_pdu), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); refcount_init(&icl_ncons, 0); /* * The reason we call this "none" is that to the user, * it's known as "offload driver"; "offload driver: soft" * doesn't make much sense. */ error = icl_register("none", false, 0, icl_soft_limits, icl_soft_new_conn); KASSERT(error == 0, ("failed to register")); #if defined(ICL_KERNEL_PROXY) && 0 /* * Debugging aid for kernel proxy functionality. */ error = icl_register("proxytest", true, 0, icl_soft_limits, icl_soft_new_conn); KASSERT(error == 0, ("failed to register")); #endif return (error); } static int icl_soft_unload(void) { if (icl_ncons != 0) return (EBUSY); icl_unregister("none", false); #if defined(ICL_KERNEL_PROXY) && 0 icl_unregister("proxytest", true); #endif uma_zdestroy(icl_soft_pdu_zone); return (0); } static int icl_soft_modevent(module_t mod, int what, void *arg) { switch (what) { case MOD_LOAD: return (icl_soft_load()); case MOD_UNLOAD: return (icl_soft_unload()); default: return (EINVAL); } } moduledata_t icl_soft_data = { "icl_soft", icl_soft_modevent, 0 }; DECLARE_MODULE(icl_soft, icl_soft_data, SI_SUB_DRIVERS, SI_ORDER_MIDDLE); MODULE_DEPEND(icl_soft, icl, 1, 1, 1); MODULE_VERSION(icl_soft, 1); Index: head/sys/dev/iscsi/icl_soft_proxy.c =================================================================== --- head/sys/dev/iscsi/icl_soft_proxy.c (revision 367104) +++ head/sys/dev/iscsi/icl_soft_proxy.c (revision 367105) @@ -1,344 +1,343 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /*- * Copyright (c) 1982, 1986, 1989, 1990, 1993 * The Regents of the University of California. All rights reserved. * * sendfile(2) and related extensions: * Copyright (c) 1998, David Greenman. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)uipc_syscalls.c 8.4 (Berkeley) 2/21/94 */ /* * iSCSI Common Layer, kernel proxy part. */ #ifdef ICL_KERNEL_PROXY #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include struct icl_listen_sock { TAILQ_ENTRY(icl_listen_sock) ils_next; struct icl_listen *ils_listen; struct socket *ils_socket; bool ils_running; int ils_id; }; struct icl_listen { TAILQ_HEAD(, icl_listen_sock) il_sockets; struct sx il_lock; void (*il_accept)(struct socket *, struct sockaddr *, int); }; static MALLOC_DEFINE(M_ICL_PROXY, "ICL_PROXY", "iSCSI common layer proxy"); int icl_soft_proxy_connect(struct icl_conn *ic, int domain, int socktype, int protocol, struct sockaddr *from_sa, struct sockaddr *to_sa) { struct socket *so; int error; int interrupted = 0; error = socreate(domain, &so, socktype, protocol, curthread->td_ucred, curthread); if (error != 0) return (error); if (from_sa != NULL) { error = sobind(so, from_sa, curthread); if (error != 0) { soclose(so); return (error); } } error = soconnect(so, to_sa, curthread); if (error != 0) { soclose(so); return (error); } SOCK_LOCK(so); while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) { error = msleep(&so->so_timeo, SOCK_MTX(so), PSOCK | PCATCH, "icl_connect", 0); if (error) { if (error == EINTR || error == ERESTART) interrupted = 1; break; } } if (error == 0) { error = so->so_error; so->so_error = 0; } SOCK_UNLOCK(so); if (error != 0) { soclose(so); return (error); } error = icl_soft_handoff_sock(ic, so); if (error != 0) soclose(so); return (error); } struct icl_listen * icl_listen_new(void (*accept_cb)(struct socket *, struct sockaddr *, int)) { struct icl_listen *il; il = malloc(sizeof(*il), M_ICL_PROXY, M_ZERO | M_WAITOK); TAILQ_INIT(&il->il_sockets); sx_init(&il->il_lock, "icl_listen"); il->il_accept = accept_cb; return (il); } void icl_listen_free(struct icl_listen *il) { struct icl_listen_sock *ils; sx_xlock(&il->il_lock); while (!TAILQ_EMPTY(&il->il_sockets)) { ils = TAILQ_FIRST(&il->il_sockets); while (ils->ils_running) { ICL_DEBUG("waiting for accept thread to terminate"); sx_xunlock(&il->il_lock); SOLISTEN_LOCK(ils->ils_socket); ils->ils_socket->so_error = ENOTCONN; SOLISTEN_UNLOCK(ils->ils_socket); wakeup(&ils->ils_socket->so_timeo); pause("icl_unlisten", 1 * hz); sx_xlock(&il->il_lock); } TAILQ_REMOVE(&il->il_sockets, ils, ils_next); soclose(ils->ils_socket); free(ils, M_ICL_PROXY); } sx_xunlock(&il->il_lock); free(il, M_ICL_PROXY); } /* * XXX: Doing accept in a separate thread in each socket might not be the * best way to do stuff, but it's pretty clean and debuggable - and you * probably won't have hundreds of listening sockets anyway. */ static void icl_accept_thread(void *arg) { struct icl_listen_sock *ils; struct socket *head, *so; struct sockaddr *sa; int error; ils = arg; head = ils->ils_socket; ils->ils_running = true; for (;;) { SOLISTEN_LOCK(head); error = solisten_dequeue(head, &so, 0); if (error == ENOTCONN) { /* * XXXGL: ENOTCONN is our mark from icl_listen_free(). * Neither socket code, nor msleep(9) may return it. */ ICL_DEBUG("terminating"); ils->ils_running = false; kthread_exit(); return; } if (error) { ICL_WARN("solisten_dequeue error %d", error); continue; } sa = NULL; error = soaccept(so, &sa); if (error != 0) { ICL_WARN("soaccept error %d", error); if (sa != NULL) free(sa, M_SONAME); soclose(so); continue; } (ils->ils_listen->il_accept)(so, sa, ils->ils_id); } } static int icl_listen_add_tcp(struct icl_listen *il, int domain, int socktype, int protocol, struct sockaddr *sa, int portal_id) { struct icl_listen_sock *ils; struct socket *so; struct sockopt sopt; int error, one = 1; error = socreate(domain, &so, socktype, protocol, curthread->td_ucred, curthread); if (error != 0) { ICL_WARN("socreate failed with error %d", error); return (error); } sopt.sopt_dir = SOPT_SET; sopt.sopt_level = SOL_SOCKET; sopt.sopt_name = SO_REUSEADDR; sopt.sopt_val = &one; sopt.sopt_valsize = sizeof(one); sopt.sopt_td = NULL; error = sosetopt(so, &sopt); if (error != 0) { ICL_WARN("failed to set SO_REUSEADDR with error %d", error); soclose(so); return (error); } error = sobind(so, sa, curthread); if (error != 0) { ICL_WARN("sobind failed with error %d", error); soclose(so); return (error); } error = solisten(so, -1, curthread); if (error != 0) { ICL_WARN("solisten failed with error %d", error); soclose(so); return (error); } ils = malloc(sizeof(*ils), M_ICL_PROXY, M_ZERO | M_WAITOK); ils->ils_listen = il; ils->ils_socket = so; ils->ils_id = portal_id; error = kthread_add(icl_accept_thread, ils, NULL, NULL, 0, 0, "iclacc"); if (error != 0) { ICL_WARN("kthread_add failed with error %d", error); soclose(so); free(ils, M_ICL_PROXY); return (error); } sx_xlock(&il->il_lock); TAILQ_INSERT_TAIL(&il->il_sockets, ils, ils_next); sx_xunlock(&il->il_lock); return (0); } int icl_listen_add(struct icl_listen *il, bool rdma, int domain, int socktype, int protocol, struct sockaddr *sa, int portal_id) { if (rdma) { ICL_DEBUG("RDMA not supported"); return (EOPNOTSUPP); } return (icl_listen_add_tcp(il, domain, socktype, protocol, sa, portal_id)); } int icl_listen_remove(struct icl_listen *il, struct sockaddr *sa) { /* * XXX */ return (EOPNOTSUPP); } #endif /* ICL_KERNEL_PROXY */ Index: head/sys/dev/iscsi/icl_wrappers.h =================================================================== --- head/sys/dev/iscsi/icl_wrappers.h (revision 367104) +++ head/sys/dev/iscsi/icl_wrappers.h (revision 367105) @@ -1,159 +1,158 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * This file is used to provide the initiator and target with a prettier * interface. It must not be included by ICL modules, such as icl_soft.c. */ #ifndef ICL_WRAPPERS_H #define ICL_WRAPPERS_H #include #include #include static inline struct icl_pdu * icl_pdu_new(struct icl_conn *ic, int flags) { return (ICL_CONN_NEW_PDU(ic, flags)); } static inline size_t icl_pdu_data_segment_length(const struct icl_pdu *ip) { return (ICL_CONN_PDU_DATA_SEGMENT_LENGTH(ip->ip_conn, ip)); } static inline int icl_pdu_append_data(struct icl_pdu *ip, const void *addr, size_t len, int flags) { return (ICL_CONN_PDU_APPEND_DATA(ip->ip_conn, ip, addr, len, flags)); } static inline void icl_pdu_get_data(struct icl_pdu *ip, size_t off, void *addr, size_t len) { ICL_CONN_PDU_GET_DATA(ip->ip_conn, ip, off, addr, len); } static inline void icl_pdu_queue(struct icl_pdu *ip) { ICL_CONN_PDU_QUEUE(ip->ip_conn, ip); } static inline void icl_pdu_queue_cb(struct icl_pdu *ip, icl_pdu_cb cb) { ICL_CONN_PDU_QUEUE_CB(ip->ip_conn, ip, cb); } static inline void icl_pdu_free(struct icl_pdu *ip) { ICL_CONN_PDU_FREE(ip->ip_conn, ip); } static inline void icl_conn_free(struct icl_conn *ic) { ICL_CONN_FREE(ic); } static inline int icl_conn_handoff(struct icl_conn *ic, int fd) { return (ICL_CONN_HANDOFF(ic, fd)); } static inline void icl_conn_close(struct icl_conn *ic) { ICL_CONN_CLOSE(ic); } static inline int icl_conn_task_setup(struct icl_conn *ic, struct icl_pdu *ip, struct ccb_scsiio *csio, uint32_t *task_tagp, void **prvp) { return (ICL_CONN_TASK_SETUP(ic, ip, csio, task_tagp, prvp)); } static inline void icl_conn_task_done(struct icl_conn *ic, void *prv) { ICL_CONN_TASK_DONE(ic, prv); } static inline int icl_conn_transfer_setup(struct icl_conn *ic, union ctl_io *io, uint32_t *transfer_tagp, void **prvp) { return (ICL_CONN_TRANSFER_SETUP(ic, io, transfer_tagp, prvp)); } static inline void icl_conn_transfer_done(struct icl_conn *ic, void *prv) { ICL_CONN_TRANSFER_DONE(ic, prv); } /* * The function below is only used with ICL_KERNEL_PROXY. */ static inline int icl_conn_connect(struct icl_conn *ic, int domain, int socktype, int protocol, struct sockaddr *from_sa, struct sockaddr *to_sa) { return (ICL_CONN_CONNECT(ic, domain, socktype, protocol, from_sa, to_sa)); } #endif /* !ICL_WRAPPERS_H */ Index: head/sys/dev/iscsi/iscsi.c =================================================================== --- head/sys/dev/iscsi/iscsi.c (revision 367104) +++ head/sys/dev/iscsi/iscsi.c (revision 367105) @@ -1,2630 +1,2629 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef ICL_KERNEL_PROXY #include #endif #ifdef ICL_KERNEL_PROXY FEATURE(iscsi_kernel_proxy, "iSCSI initiator built with ICL_KERNEL_PROXY"); #endif /* * XXX: This is global so the iscsi_unload() can access it. * Think about how to do this properly. */ static struct iscsi_softc *sc; SYSCTL_NODE(_kern, OID_AUTO, iscsi, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "iSCSI initiator"); static int debug = 1; SYSCTL_INT(_kern_iscsi, OID_AUTO, debug, CTLFLAG_RWTUN, &debug, 0, "Enable debug messages"); static int ping_timeout = 5; SYSCTL_INT(_kern_iscsi, OID_AUTO, ping_timeout, CTLFLAG_RWTUN, &ping_timeout, 0, "Timeout for ping (NOP-Out) requests, in seconds"); static int iscsid_timeout = 60; SYSCTL_INT(_kern_iscsi, OID_AUTO, iscsid_timeout, CTLFLAG_RWTUN, &iscsid_timeout, 0, "Time to wait for iscsid(8) to handle reconnection, in seconds"); static int login_timeout = 60; SYSCTL_INT(_kern_iscsi, OID_AUTO, login_timeout, CTLFLAG_RWTUN, &login_timeout, 0, "Time to wait for iscsid(8) to finish Login Phase, in seconds"); static int maxtags = 255; SYSCTL_INT(_kern_iscsi, OID_AUTO, maxtags, CTLFLAG_RWTUN, &maxtags, 0, "Max number of IO requests queued"); static int fail_on_disconnection = 0; SYSCTL_INT(_kern_iscsi, OID_AUTO, fail_on_disconnection, CTLFLAG_RWTUN, &fail_on_disconnection, 0, "Destroy CAM SIM on connection failure"); static int fail_on_shutdown = 1; SYSCTL_INT(_kern_iscsi, OID_AUTO, fail_on_shutdown, CTLFLAG_RWTUN, &fail_on_shutdown, 0, "Fail disconnected sessions on shutdown"); static MALLOC_DEFINE(M_ISCSI, "iSCSI", "iSCSI initiator"); static uma_zone_t iscsi_outstanding_zone; #define CONN_SESSION(X) ((struct iscsi_session *)X->ic_prv0) #define PDU_SESSION(X) (CONN_SESSION(X->ip_conn)) #define ISCSI_DEBUG(X, ...) \ do { \ if (debug > 1) \ printf("%s: " X "\n", __func__, ## __VA_ARGS__);\ } while (0) #define ISCSI_WARN(X, ...) \ do { \ if (debug > 0) { \ printf("WARNING: %s: " X "\n", \ __func__, ## __VA_ARGS__); \ } \ } while (0) #define ISCSI_SESSION_DEBUG(S, X, ...) \ do { \ if (debug > 1) { \ printf("%s: %s (%s): " X "\n", \ __func__, S->is_conf.isc_target_addr, \ S->is_conf.isc_target, ## __VA_ARGS__); \ } \ } while (0) #define ISCSI_SESSION_WARN(S, X, ...) \ do { \ if (debug > 0) { \ printf("WARNING: %s (%s): " X "\n", \ S->is_conf.isc_target_addr, \ S->is_conf.isc_target, ## __VA_ARGS__); \ } \ } while (0) #define ISCSI_SESSION_LOCK(X) mtx_lock(&X->is_lock) #define ISCSI_SESSION_UNLOCK(X) mtx_unlock(&X->is_lock) #define ISCSI_SESSION_LOCK_ASSERT(X) mtx_assert(&X->is_lock, MA_OWNED) #define ISCSI_SESSION_LOCK_ASSERT_NOT(X) mtx_assert(&X->is_lock, MA_NOTOWNED) static int iscsi_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int mode, struct thread *td); static struct cdevsw iscsi_cdevsw = { .d_version = D_VERSION, .d_ioctl = iscsi_ioctl, .d_name = "iscsi", }; static void iscsi_pdu_queue_locked(struct icl_pdu *request); static void iscsi_pdu_queue(struct icl_pdu *request); static void iscsi_pdu_update_statsn(const struct icl_pdu *response); static void iscsi_pdu_handle_nop_in(struct icl_pdu *response); static void iscsi_pdu_handle_scsi_response(struct icl_pdu *response); static void iscsi_pdu_handle_task_response(struct icl_pdu *response); static void iscsi_pdu_handle_data_in(struct icl_pdu *response); static void iscsi_pdu_handle_logout_response(struct icl_pdu *response); static void iscsi_pdu_handle_r2t(struct icl_pdu *response); static void iscsi_pdu_handle_async_message(struct icl_pdu *response); static void iscsi_pdu_handle_reject(struct icl_pdu *response); static void iscsi_session_reconnect(struct iscsi_session *is); static void iscsi_session_terminate(struct iscsi_session *is); static void iscsi_action(struct cam_sim *sim, union ccb *ccb); static void iscsi_poll(struct cam_sim *sim); static struct iscsi_outstanding *iscsi_outstanding_find(struct iscsi_session *is, uint32_t initiator_task_tag); static struct iscsi_outstanding *iscsi_outstanding_add(struct iscsi_session *is, struct icl_pdu *request, union ccb *ccb, uint32_t *initiator_task_tagp); static void iscsi_outstanding_remove(struct iscsi_session *is, struct iscsi_outstanding *io); static bool iscsi_pdu_prepare(struct icl_pdu *request) { struct iscsi_session *is; struct iscsi_bhs_scsi_command *bhssc; is = PDU_SESSION(request); ISCSI_SESSION_LOCK_ASSERT(is); /* * We're only using fields common for all the request * (initiator -> target) PDUs. */ bhssc = (struct iscsi_bhs_scsi_command *)request->ip_bhs; /* * Data-Out PDU does not contain CmdSN. */ if (bhssc->bhssc_opcode != ISCSI_BHS_OPCODE_SCSI_DATA_OUT) { if (ISCSI_SNGT(is->is_cmdsn, is->is_maxcmdsn) && (bhssc->bhssc_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) { /* * Current MaxCmdSN prevents us from sending any more * SCSI Command PDUs to the target; postpone the PDU. * It will get resent by either iscsi_pdu_queue(), * or by maintenance thread. */ #if 0 ISCSI_SESSION_DEBUG(is, "postponing send, CmdSN %u, " "ExpCmdSN %u, MaxCmdSN %u, opcode 0x%x", is->is_cmdsn, is->is_expcmdsn, is->is_maxcmdsn, bhssc->bhssc_opcode); #endif return (true); } bhssc->bhssc_cmdsn = htonl(is->is_cmdsn); if ((bhssc->bhssc_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) is->is_cmdsn++; } bhssc->bhssc_expstatsn = htonl(is->is_statsn + 1); return (false); } static void iscsi_session_send_postponed(struct iscsi_session *is) { struct icl_pdu *request; bool postpone; ISCSI_SESSION_LOCK_ASSERT(is); if (STAILQ_EMPTY(&is->is_postponed)) return; while ((request = STAILQ_FIRST(&is->is_postponed)) != NULL) { postpone = iscsi_pdu_prepare(request); if (postpone) return; STAILQ_REMOVE_HEAD(&is->is_postponed, ip_next); icl_pdu_queue(request); } xpt_release_simq(is->is_sim, 1); } static void iscsi_pdu_queue_locked(struct icl_pdu *request) { struct iscsi_session *is; bool postpone; is = PDU_SESSION(request); ISCSI_SESSION_LOCK_ASSERT(is); iscsi_session_send_postponed(is); postpone = iscsi_pdu_prepare(request); if (postpone) { if (STAILQ_EMPTY(&is->is_postponed)) xpt_freeze_simq(is->is_sim, 1); STAILQ_INSERT_TAIL(&is->is_postponed, request, ip_next); return; } icl_pdu_queue(request); } static void iscsi_pdu_queue(struct icl_pdu *request) { struct iscsi_session *is; is = PDU_SESSION(request); ISCSI_SESSION_LOCK(is); iscsi_pdu_queue_locked(request); ISCSI_SESSION_UNLOCK(is); } static void iscsi_session_logout(struct iscsi_session *is) { struct icl_pdu *request; struct iscsi_bhs_logout_request *bhslr; request = icl_pdu_new(is->is_conn, M_NOWAIT); if (request == NULL) return; bhslr = (struct iscsi_bhs_logout_request *)request->ip_bhs; bhslr->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_REQUEST; bhslr->bhslr_reason = BHSLR_REASON_CLOSE_SESSION; iscsi_pdu_queue_locked(request); } static void iscsi_session_terminate_task(struct iscsi_session *is, struct iscsi_outstanding *io, cam_status status) { ISCSI_SESSION_LOCK_ASSERT(is); if (io->io_ccb != NULL) { io->io_ccb->ccb_h.status &= ~(CAM_SIM_QUEUED | CAM_STATUS_MASK); io->io_ccb->ccb_h.status |= status; if ((io->io_ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { io->io_ccb->ccb_h.status |= CAM_DEV_QFRZN; xpt_freeze_devq(io->io_ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } xpt_done(io->io_ccb); } iscsi_outstanding_remove(is, io); } static void iscsi_session_terminate_tasks(struct iscsi_session *is, cam_status status) { struct iscsi_outstanding *io, *tmp; ISCSI_SESSION_LOCK_ASSERT(is); TAILQ_FOREACH_SAFE(io, &is->is_outstanding, io_next, tmp) { iscsi_session_terminate_task(is, io, status); } } static void iscsi_session_cleanup(struct iscsi_session *is, bool destroy_sim) { struct icl_pdu *pdu; ISCSI_SESSION_LOCK_ASSERT(is); /* * Don't queue any new PDUs. */ if (is->is_sim != NULL && is->is_simq_frozen == false) { ISCSI_SESSION_DEBUG(is, "freezing"); xpt_freeze_simq(is->is_sim, 1); is->is_simq_frozen = true; } /* * Remove postponed PDUs. */ if (!STAILQ_EMPTY(&is->is_postponed)) xpt_release_simq(is->is_sim, 1); while ((pdu = STAILQ_FIRST(&is->is_postponed)) != NULL) { STAILQ_REMOVE_HEAD(&is->is_postponed, ip_next); icl_pdu_free(pdu); } if (destroy_sim == false) { /* * Terminate SCSI tasks, asking CAM to requeue them. */ iscsi_session_terminate_tasks(is, CAM_REQUEUE_REQ); return; } iscsi_session_terminate_tasks(is, CAM_DEV_NOT_THERE); if (is->is_sim == NULL) return; ISCSI_SESSION_DEBUG(is, "deregistering SIM"); xpt_async(AC_LOST_DEVICE, is->is_path, NULL); if (is->is_simq_frozen) { is->is_simq_frozen = false; xpt_release_simq(is->is_sim, 1); } xpt_free_path(is->is_path); is->is_path = NULL; xpt_bus_deregister(cam_sim_path(is->is_sim)); cam_sim_free(is->is_sim, TRUE /*free_devq*/); is->is_sim = NULL; is->is_devq = NULL; } static void iscsi_maintenance_thread_reconnect(struct iscsi_session *is) { icl_conn_close(is->is_conn); ISCSI_SESSION_LOCK(is); is->is_connected = false; is->is_reconnecting = false; is->is_login_phase = false; #ifdef ICL_KERNEL_PROXY if (is->is_login_pdu != NULL) { icl_pdu_free(is->is_login_pdu); is->is_login_pdu = NULL; } cv_signal(&is->is_login_cv); #endif if (fail_on_disconnection) { ISCSI_SESSION_DEBUG(is, "connection failed, destroying devices"); iscsi_session_cleanup(is, true); } else { iscsi_session_cleanup(is, false); } KASSERT(TAILQ_EMPTY(&is->is_outstanding), ("destroying session with active tasks")); KASSERT(STAILQ_EMPTY(&is->is_postponed), ("destroying session with postponed PDUs")); if (is->is_conf.isc_enable == 0 && is->is_conf.isc_discovery == 0) { ISCSI_SESSION_UNLOCK(is); return; } /* * Request immediate reconnection from iscsid(8). */ //ISCSI_SESSION_DEBUG(is, "waking up iscsid(8)"); is->is_waiting_for_iscsid = true; strlcpy(is->is_reason, "Waiting for iscsid(8)", sizeof(is->is_reason)); is->is_timeout = 0; ISCSI_SESSION_UNLOCK(is); cv_signal(&is->is_softc->sc_cv); } static void iscsi_maintenance_thread_terminate(struct iscsi_session *is) { struct iscsi_softc *sc; sc = is->is_softc; sx_xlock(&sc->sc_lock); TAILQ_REMOVE(&sc->sc_sessions, is, is_next); sx_xunlock(&sc->sc_lock); icl_conn_close(is->is_conn); callout_drain(&is->is_callout); ISCSI_SESSION_LOCK(is); KASSERT(is->is_terminating, ("is_terminating == false")); #ifdef ICL_KERNEL_PROXY if (is->is_login_pdu != NULL) { icl_pdu_free(is->is_login_pdu); is->is_login_pdu = NULL; } cv_signal(&is->is_login_cv); #endif iscsi_session_cleanup(is, true); KASSERT(TAILQ_EMPTY(&is->is_outstanding), ("destroying session with active tasks")); KASSERT(STAILQ_EMPTY(&is->is_postponed), ("destroying session with postponed PDUs")); ISCSI_SESSION_UNLOCK(is); icl_conn_free(is->is_conn); mtx_destroy(&is->is_lock); cv_destroy(&is->is_maintenance_cv); #ifdef ICL_KERNEL_PROXY cv_destroy(&is->is_login_cv); #endif ISCSI_SESSION_DEBUG(is, "terminated"); free(is, M_ISCSI); /* * The iscsi_unload() routine might be waiting. */ cv_signal(&sc->sc_cv); } static void iscsi_maintenance_thread(void *arg) { struct iscsi_session *is = arg; ISCSI_SESSION_LOCK(is); for (;;) { if (is->is_reconnecting == false && is->is_terminating == false && (STAILQ_EMPTY(&is->is_postponed) || ISCSI_SNGT(is->is_cmdsn, is->is_maxcmdsn))) cv_wait(&is->is_maintenance_cv, &is->is_lock); /* Terminate supersedes reconnect. */ if (is->is_terminating) { ISCSI_SESSION_UNLOCK(is); iscsi_maintenance_thread_terminate(is); kthread_exit(); return; } if (is->is_reconnecting) { ISCSI_SESSION_UNLOCK(is); iscsi_maintenance_thread_reconnect(is); ISCSI_SESSION_LOCK(is); continue; } iscsi_session_send_postponed(is); } ISCSI_SESSION_UNLOCK(is); } static void iscsi_session_reconnect(struct iscsi_session *is) { /* * XXX: We can't use locking here, because * it's being called from various contexts. * Hope it doesn't break anything. */ if (is->is_reconnecting) return; is->is_reconnecting = true; cv_signal(&is->is_maintenance_cv); } static void iscsi_session_terminate(struct iscsi_session *is) { if (is->is_terminating) return; is->is_terminating = true; #if 0 iscsi_session_logout(is); #endif cv_signal(&is->is_maintenance_cv); } static void iscsi_callout(void *context) { struct icl_pdu *request; struct iscsi_bhs_nop_out *bhsno; struct iscsi_session *is; bool reconnect_needed = false; is = context; ISCSI_SESSION_LOCK(is); if (is->is_terminating) { ISCSI_SESSION_UNLOCK(is); return; } callout_schedule(&is->is_callout, 1 * hz); if (is->is_conf.isc_enable == 0) goto out; is->is_timeout++; if (is->is_waiting_for_iscsid) { if (iscsid_timeout > 0 && is->is_timeout > iscsid_timeout) { ISCSI_SESSION_WARN(is, "timed out waiting for iscsid(8) " "for %d seconds; reconnecting", is->is_timeout); reconnect_needed = true; } goto out; } if (is->is_login_phase) { if (login_timeout > 0 && is->is_timeout > login_timeout) { ISCSI_SESSION_WARN(is, "login timed out after %d seconds; " "reconnecting", is->is_timeout); reconnect_needed = true; } goto out; } if (ping_timeout <= 0) { /* * Pings are disabled. Don't send NOP-Out in this case. * Reset the timeout, to avoid triggering reconnection, * should the user decide to reenable them. */ is->is_timeout = 0; goto out; } if (is->is_timeout >= ping_timeout) { ISCSI_SESSION_WARN(is, "no ping reply (NOP-In) after %d seconds; " "reconnecting", ping_timeout); reconnect_needed = true; goto out; } ISCSI_SESSION_UNLOCK(is); /* * If the ping was reset less than one second ago - which means * that we've received some PDU during the last second - assume * the traffic flows correctly and don't bother sending a NOP-Out. * * (It's 2 - one for one second, and one for incrementing is_timeout * earlier in this routine.) */ if (is->is_timeout < 2) return; request = icl_pdu_new(is->is_conn, M_NOWAIT); if (request == NULL) { ISCSI_SESSION_WARN(is, "failed to allocate PDU"); return; } bhsno = (struct iscsi_bhs_nop_out *)request->ip_bhs; bhsno->bhsno_opcode = ISCSI_BHS_OPCODE_NOP_OUT | ISCSI_BHS_OPCODE_IMMEDIATE; bhsno->bhsno_flags = 0x80; bhsno->bhsno_target_transfer_tag = 0xffffffff; iscsi_pdu_queue(request); return; out: if (is->is_terminating) { ISCSI_SESSION_UNLOCK(is); return; } ISCSI_SESSION_UNLOCK(is); if (reconnect_needed) iscsi_session_reconnect(is); } static void iscsi_pdu_update_statsn(const struct icl_pdu *response) { const struct iscsi_bhs_data_in *bhsdi; struct iscsi_session *is; uint32_t expcmdsn, maxcmdsn, statsn; is = PDU_SESSION(response); ISCSI_SESSION_LOCK_ASSERT(is); /* * We're only using fields common for all the response * (target -> initiator) PDUs. */ bhsdi = (const struct iscsi_bhs_data_in *)response->ip_bhs; /* * Ok, I lied. In case of Data-In, "The fields StatSN, Status, * and Residual Count only have meaningful content if the S bit * is set to 1", so we also need to check the bit specific for * Data-In PDU. */ if (bhsdi->bhsdi_opcode != ISCSI_BHS_OPCODE_SCSI_DATA_IN || (bhsdi->bhsdi_flags & BHSDI_FLAGS_S) != 0) { statsn = ntohl(bhsdi->bhsdi_statsn); if (statsn != is->is_statsn && statsn != (is->is_statsn + 1)) { /* XXX: This is normal situation for MCS */ ISCSI_SESSION_WARN(is, "PDU 0x%x StatSN %u != " "session ExpStatSN %u (or + 1); reconnecting", bhsdi->bhsdi_opcode, statsn, is->is_statsn); iscsi_session_reconnect(is); } if (ISCSI_SNGT(statsn, is->is_statsn)) is->is_statsn = statsn; } expcmdsn = ntohl(bhsdi->bhsdi_expcmdsn); maxcmdsn = ntohl(bhsdi->bhsdi_maxcmdsn); if (ISCSI_SNLT(maxcmdsn + 1, expcmdsn)) { ISCSI_SESSION_DEBUG(is, "PDU MaxCmdSN %u + 1 < PDU ExpCmdSN %u; ignoring", maxcmdsn, expcmdsn); } else { if (ISCSI_SNGT(maxcmdsn, is->is_maxcmdsn)) { is->is_maxcmdsn = maxcmdsn; /* * Command window increased; kick the maintanance thread * to send out postponed commands. */ if (!STAILQ_EMPTY(&is->is_postponed)) cv_signal(&is->is_maintenance_cv); } else if (ISCSI_SNLT(maxcmdsn, is->is_maxcmdsn)) { /* XXX: This is normal situation for MCS */ ISCSI_SESSION_DEBUG(is, "PDU MaxCmdSN %u < session MaxCmdSN %u; ignoring", maxcmdsn, is->is_maxcmdsn); } if (ISCSI_SNGT(expcmdsn, is->is_expcmdsn)) { is->is_expcmdsn = expcmdsn; } else if (ISCSI_SNLT(expcmdsn, is->is_expcmdsn)) { /* XXX: This is normal situation for MCS */ ISCSI_SESSION_DEBUG(is, "PDU ExpCmdSN %u < session ExpCmdSN %u; ignoring", expcmdsn, is->is_expcmdsn); } } /* * Every incoming PDU - not just NOP-In - resets the ping timer. * The purpose of the timeout is to reset the connection when it stalls; * we don't want this to happen when NOP-In or NOP-Out ends up delayed * in some queue. */ is->is_timeout = 0; } static void iscsi_receive_callback(struct icl_pdu *response) { struct iscsi_session *is; is = PDU_SESSION(response); ISCSI_SESSION_LOCK(is); iscsi_pdu_update_statsn(response); #ifdef ICL_KERNEL_PROXY if (is->is_login_phase) { if (is->is_login_pdu == NULL) is->is_login_pdu = response; else icl_pdu_free(response); ISCSI_SESSION_UNLOCK(is); cv_signal(&is->is_login_cv); return; } #endif /* * The handling routine is responsible for freeing the PDU * when it's no longer needed. */ switch (response->ip_bhs->bhs_opcode) { case ISCSI_BHS_OPCODE_NOP_IN: iscsi_pdu_handle_nop_in(response); ISCSI_SESSION_UNLOCK(is); break; case ISCSI_BHS_OPCODE_SCSI_RESPONSE: iscsi_pdu_handle_scsi_response(response); /* Session lock dropped inside. */ ISCSI_SESSION_LOCK_ASSERT_NOT(is); break; case ISCSI_BHS_OPCODE_TASK_RESPONSE: iscsi_pdu_handle_task_response(response); ISCSI_SESSION_UNLOCK(is); break; case ISCSI_BHS_OPCODE_SCSI_DATA_IN: iscsi_pdu_handle_data_in(response); /* Session lock dropped inside. */ ISCSI_SESSION_LOCK_ASSERT_NOT(is); break; case ISCSI_BHS_OPCODE_LOGOUT_RESPONSE: iscsi_pdu_handle_logout_response(response); ISCSI_SESSION_UNLOCK(is); break; case ISCSI_BHS_OPCODE_R2T: iscsi_pdu_handle_r2t(response); ISCSI_SESSION_UNLOCK(is); break; case ISCSI_BHS_OPCODE_ASYNC_MESSAGE: iscsi_pdu_handle_async_message(response); ISCSI_SESSION_UNLOCK(is); break; case ISCSI_BHS_OPCODE_REJECT: iscsi_pdu_handle_reject(response); ISCSI_SESSION_UNLOCK(is); break; default: ISCSI_SESSION_WARN(is, "received PDU with unsupported " "opcode 0x%x; reconnecting", response->ip_bhs->bhs_opcode); iscsi_session_reconnect(is); ISCSI_SESSION_UNLOCK(is); icl_pdu_free(response); } } static void iscsi_error_callback(struct icl_conn *ic) { struct iscsi_session *is; is = CONN_SESSION(ic); ISCSI_SESSION_WARN(is, "connection error; reconnecting"); iscsi_session_reconnect(is); } static void iscsi_pdu_handle_nop_in(struct icl_pdu *response) { struct iscsi_session *is; struct iscsi_bhs_nop_out *bhsno; struct iscsi_bhs_nop_in *bhsni; struct icl_pdu *request; void *data = NULL; size_t datasize; int error; is = PDU_SESSION(response); bhsni = (struct iscsi_bhs_nop_in *)response->ip_bhs; if (bhsni->bhsni_target_transfer_tag == 0xffffffff) { /* * Nothing to do; iscsi_pdu_update_statsn() already * zeroed the timeout. */ icl_pdu_free(response); return; } datasize = icl_pdu_data_segment_length(response); if (datasize > 0) { data = malloc(datasize, M_ISCSI, M_NOWAIT | M_ZERO); if (data == NULL) { ISCSI_SESSION_WARN(is, "failed to allocate memory; " "reconnecting"); icl_pdu_free(response); iscsi_session_reconnect(is); return; } icl_pdu_get_data(response, 0, data, datasize); } request = icl_pdu_new(response->ip_conn, M_NOWAIT); if (request == NULL) { ISCSI_SESSION_WARN(is, "failed to allocate memory; " "reconnecting"); free(data, M_ISCSI); icl_pdu_free(response); iscsi_session_reconnect(is); return; } bhsno = (struct iscsi_bhs_nop_out *)request->ip_bhs; bhsno->bhsno_opcode = ISCSI_BHS_OPCODE_NOP_OUT | ISCSI_BHS_OPCODE_IMMEDIATE; bhsno->bhsno_flags = 0x80; bhsno->bhsno_initiator_task_tag = 0xffffffff; bhsno->bhsno_target_transfer_tag = bhsni->bhsni_target_transfer_tag; if (datasize > 0) { error = icl_pdu_append_data(request, data, datasize, M_NOWAIT); if (error != 0) { ISCSI_SESSION_WARN(is, "failed to allocate memory; " "reconnecting"); free(data, M_ISCSI); icl_pdu_free(request); icl_pdu_free(response); iscsi_session_reconnect(is); return; } free(data, M_ISCSI); } icl_pdu_free(response); iscsi_pdu_queue_locked(request); } static void iscsi_pdu_handle_scsi_response(struct icl_pdu *response) { struct iscsi_bhs_scsi_response *bhssr; struct iscsi_outstanding *io; struct iscsi_session *is; union ccb *ccb; struct ccb_scsiio *csio; size_t data_segment_len, received; uint16_t sense_len; uint32_t resid; is = PDU_SESSION(response); bhssr = (struct iscsi_bhs_scsi_response *)response->ip_bhs; io = iscsi_outstanding_find(is, bhssr->bhssr_initiator_task_tag); if (io == NULL || io->io_ccb == NULL) { ISCSI_SESSION_WARN(is, "bad itt 0x%x", bhssr->bhssr_initiator_task_tag); icl_pdu_free(response); iscsi_session_reconnect(is); ISCSI_SESSION_UNLOCK(is); return; } ccb = io->io_ccb; /* * With iSER, after getting good response we can be sure * that all the data has been successfully transferred. */ if (is->is_conn->ic_iser) { resid = ntohl(bhssr->bhssr_residual_count); if (bhssr->bhssr_flags & BHSSR_FLAGS_RESIDUAL_UNDERFLOW) { io->io_received = ccb->csio.dxfer_len - resid; } else if (bhssr->bhssr_flags & BHSSR_FLAGS_RESIDUAL_OVERFLOW) { ISCSI_SESSION_WARN(is, "overflow: target indicates %d", resid); } else { io->io_received = ccb->csio.dxfer_len; } } received = io->io_received; iscsi_outstanding_remove(is, io); ISCSI_SESSION_UNLOCK(is); if (bhssr->bhssr_response != BHSSR_RESPONSE_COMMAND_COMPLETED) { ISCSI_SESSION_WARN(is, "service response 0x%x", bhssr->bhssr_response); if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN; } else if (bhssr->bhssr_status == 0) { ccb->ccb_h.status = CAM_REQ_CMP; } else { if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR | CAM_DEV_QFRZN; ccb->csio.scsi_status = bhssr->bhssr_status; } csio = &ccb->csio; data_segment_len = icl_pdu_data_segment_length(response); if (data_segment_len > 0) { if (data_segment_len < sizeof(sense_len)) { ISCSI_SESSION_WARN(is, "truncated data segment (%zd bytes)", data_segment_len); if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN; goto out; } icl_pdu_get_data(response, 0, &sense_len, sizeof(sense_len)); sense_len = ntohs(sense_len); #if 0 ISCSI_SESSION_DEBUG(is, "sense_len %d, data len %zd", sense_len, data_segment_len); #endif if (sizeof(sense_len) + sense_len > data_segment_len) { ISCSI_SESSION_WARN(is, "truncated data segment " "(%zd bytes, should be %zd)", data_segment_len, sizeof(sense_len) + sense_len); if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN; goto out; } else if (sizeof(sense_len) + sense_len < data_segment_len) ISCSI_SESSION_WARN(is, "oversize data segment " "(%zd bytes, should be %zd)", data_segment_len, sizeof(sense_len) + sense_len); if (sense_len > csio->sense_len) { ISCSI_SESSION_DEBUG(is, "truncating sense from %d to %d", sense_len, csio->sense_len); sense_len = csio->sense_len; } icl_pdu_get_data(response, sizeof(sense_len), &csio->sense_data, sense_len); csio->sense_resid = csio->sense_len - sense_len; ccb->ccb_h.status |= CAM_AUTOSNS_VALID; } out: if (bhssr->bhssr_flags & BHSSR_FLAGS_RESIDUAL_UNDERFLOW) csio->resid = ntohl(bhssr->bhssr_residual_count); if ((csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN) { KASSERT(received <= csio->dxfer_len, ("received > csio->dxfer_len")); if (received < csio->dxfer_len) { if (csio->resid != csio->dxfer_len - received) { ISCSI_SESSION_WARN(is, "underflow mismatch: " "target indicates %d, we calculated %zd", csio->resid, csio->dxfer_len - received); } csio->resid = csio->dxfer_len - received; } } xpt_done(ccb); icl_pdu_free(response); } static void iscsi_pdu_handle_task_response(struct icl_pdu *response) { struct iscsi_bhs_task_management_response *bhstmr; struct iscsi_outstanding *io, *aio; struct iscsi_session *is; is = PDU_SESSION(response); bhstmr = (struct iscsi_bhs_task_management_response *)response->ip_bhs; io = iscsi_outstanding_find(is, bhstmr->bhstmr_initiator_task_tag); if (io == NULL || io->io_ccb != NULL) { ISCSI_SESSION_WARN(is, "bad itt 0x%x", bhstmr->bhstmr_initiator_task_tag); icl_pdu_free(response); iscsi_session_reconnect(is); return; } if (bhstmr->bhstmr_response != BHSTMR_RESPONSE_FUNCTION_COMPLETE) { ISCSI_SESSION_WARN(is, "task response 0x%x", bhstmr->bhstmr_response); } else { aio = iscsi_outstanding_find(is, io->io_datasn); if (aio != NULL && aio->io_ccb != NULL) iscsi_session_terminate_task(is, aio, CAM_REQ_ABORTED); } iscsi_outstanding_remove(is, io); icl_pdu_free(response); } static void iscsi_pdu_handle_data_in(struct icl_pdu *response) { struct iscsi_bhs_data_in *bhsdi; struct iscsi_outstanding *io; struct iscsi_session *is; union ccb *ccb; struct ccb_scsiio *csio; size_t data_segment_len, received, oreceived; is = PDU_SESSION(response); bhsdi = (struct iscsi_bhs_data_in *)response->ip_bhs; io = iscsi_outstanding_find(is, bhsdi->bhsdi_initiator_task_tag); if (io == NULL || io->io_ccb == NULL) { ISCSI_SESSION_WARN(is, "bad itt 0x%x", bhsdi->bhsdi_initiator_task_tag); icl_pdu_free(response); iscsi_session_reconnect(is); ISCSI_SESSION_UNLOCK(is); return; } data_segment_len = icl_pdu_data_segment_length(response); if (data_segment_len == 0) { /* * "The sending of 0 length data segments should be avoided, * but initiators and targets MUST be able to properly receive * 0 length data segments." */ ISCSI_SESSION_UNLOCK(is); icl_pdu_free(response); return; } /* * We need to track this for security reasons - without it, malicious target * could respond to SCSI READ without sending Data-In PDUs, which would result * in read operation on the initiator side returning random kernel data. */ if (ntohl(bhsdi->bhsdi_buffer_offset) != io->io_received) { ISCSI_SESSION_WARN(is, "data out of order; expected offset %zd, got %zd", io->io_received, (size_t)ntohl(bhsdi->bhsdi_buffer_offset)); icl_pdu_free(response); iscsi_session_reconnect(is); ISCSI_SESSION_UNLOCK(is); return; } ccb = io->io_ccb; csio = &ccb->csio; if (io->io_received + data_segment_len > csio->dxfer_len) { ISCSI_SESSION_WARN(is, "oversize data segment (%zd bytes " "at offset %zd, buffer is %d)", data_segment_len, io->io_received, csio->dxfer_len); icl_pdu_free(response); iscsi_session_reconnect(is); ISCSI_SESSION_UNLOCK(is); return; } oreceived = io->io_received; io->io_received += data_segment_len; received = io->io_received; if ((bhsdi->bhsdi_flags & BHSDI_FLAGS_S) != 0) iscsi_outstanding_remove(is, io); ISCSI_SESSION_UNLOCK(is); icl_pdu_get_data(response, 0, csio->data_ptr + oreceived, data_segment_len); /* * XXX: Check DataSN. * XXX: Check F. */ if ((bhsdi->bhsdi_flags & BHSDI_FLAGS_S) == 0) { /* * Nothing more to do. */ icl_pdu_free(response); return; } //ISCSI_SESSION_DEBUG(is, "got S flag; status 0x%x", bhsdi->bhsdi_status); if (bhsdi->bhsdi_status == 0) { ccb->ccb_h.status = CAM_REQ_CMP; } else { if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR | CAM_DEV_QFRZN; csio->scsi_status = bhsdi->bhsdi_status; } if ((csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN) { KASSERT(received <= csio->dxfer_len, ("received > csio->dxfer_len")); if (received < csio->dxfer_len) { csio->resid = ntohl(bhsdi->bhsdi_residual_count); if (csio->resid != csio->dxfer_len - received) { ISCSI_SESSION_WARN(is, "underflow mismatch: " "target indicates %d, we calculated %zd", csio->resid, csio->dxfer_len - received); } csio->resid = csio->dxfer_len - received; } } xpt_done(ccb); icl_pdu_free(response); } static void iscsi_pdu_handle_logout_response(struct icl_pdu *response) { ISCSI_SESSION_DEBUG(PDU_SESSION(response), "logout response"); icl_pdu_free(response); } static void iscsi_pdu_handle_r2t(struct icl_pdu *response) { struct icl_pdu *request; struct iscsi_session *is; struct iscsi_bhs_r2t *bhsr2t; struct iscsi_bhs_data_out *bhsdo; struct iscsi_outstanding *io; struct ccb_scsiio *csio; size_t off, len, total_len; int error; is = PDU_SESSION(response); bhsr2t = (struct iscsi_bhs_r2t *)response->ip_bhs; io = iscsi_outstanding_find(is, bhsr2t->bhsr2t_initiator_task_tag); if (io == NULL || io->io_ccb == NULL) { ISCSI_SESSION_WARN(is, "bad itt 0x%x; reconnecting", bhsr2t->bhsr2t_initiator_task_tag); icl_pdu_free(response); iscsi_session_reconnect(is); return; } csio = &io->io_ccb->csio; if ((csio->ccb_h.flags & CAM_DIR_MASK) != CAM_DIR_OUT) { ISCSI_SESSION_WARN(is, "received R2T for read command; reconnecting"); icl_pdu_free(response); iscsi_session_reconnect(is); return; } /* * XXX: Verify R2TSN. */ io->io_datasn = 0; off = ntohl(bhsr2t->bhsr2t_buffer_offset); if (off > csio->dxfer_len) { ISCSI_SESSION_WARN(is, "target requested invalid offset " "%zd, buffer is is %d; reconnecting", off, csio->dxfer_len); icl_pdu_free(response); iscsi_session_reconnect(is); return; } total_len = ntohl(bhsr2t->bhsr2t_desired_data_transfer_length); if (total_len == 0 || total_len > csio->dxfer_len) { ISCSI_SESSION_WARN(is, "target requested invalid length " "%zd, buffer is %d; reconnecting", total_len, csio->dxfer_len); icl_pdu_free(response); iscsi_session_reconnect(is); return; } //ISCSI_SESSION_DEBUG(is, "r2t; off %zd, len %zd", off, total_len); for (;;) { len = total_len; if (len > is->is_max_send_data_segment_length) len = is->is_max_send_data_segment_length; if (off + len > csio->dxfer_len) { ISCSI_SESSION_WARN(is, "target requested invalid " "length/offset %zd, buffer is %d; reconnecting", off + len, csio->dxfer_len); icl_pdu_free(response); iscsi_session_reconnect(is); return; } request = icl_pdu_new(response->ip_conn, M_NOWAIT); if (request == NULL) { icl_pdu_free(response); iscsi_session_reconnect(is); return; } bhsdo = (struct iscsi_bhs_data_out *)request->ip_bhs; bhsdo->bhsdo_opcode = ISCSI_BHS_OPCODE_SCSI_DATA_OUT; bhsdo->bhsdo_lun = bhsr2t->bhsr2t_lun; bhsdo->bhsdo_initiator_task_tag = bhsr2t->bhsr2t_initiator_task_tag; bhsdo->bhsdo_target_transfer_tag = bhsr2t->bhsr2t_target_transfer_tag; bhsdo->bhsdo_datasn = htonl(io->io_datasn++); bhsdo->bhsdo_buffer_offset = htonl(off); error = icl_pdu_append_data(request, csio->data_ptr + off, len, M_NOWAIT); if (error != 0) { ISCSI_SESSION_WARN(is, "failed to allocate memory; " "reconnecting"); icl_pdu_free(request); icl_pdu_free(response); iscsi_session_reconnect(is); return; } off += len; total_len -= len; if (total_len == 0) { bhsdo->bhsdo_flags |= BHSDO_FLAGS_F; //ISCSI_SESSION_DEBUG(is, "setting F, off %zd", off); } else { //ISCSI_SESSION_DEBUG(is, "not finished, off %zd", off); } iscsi_pdu_queue_locked(request); if (total_len == 0) break; } icl_pdu_free(response); } static void iscsi_pdu_handle_async_message(struct icl_pdu *response) { struct iscsi_bhs_asynchronous_message *bhsam; struct iscsi_session *is; is = PDU_SESSION(response); bhsam = (struct iscsi_bhs_asynchronous_message *)response->ip_bhs; switch (bhsam->bhsam_async_event) { case BHSAM_EVENT_TARGET_REQUESTS_LOGOUT: ISCSI_SESSION_WARN(is, "target requests logout; removing session"); iscsi_session_logout(is); iscsi_session_terminate(is); break; case BHSAM_EVENT_TARGET_TERMINATES_CONNECTION: ISCSI_SESSION_WARN(is, "target indicates it will drop the connection"); break; case BHSAM_EVENT_TARGET_TERMINATES_SESSION: ISCSI_SESSION_WARN(is, "target indicates it will drop the session"); break; default: /* * XXX: Technically, we're obligated to also handle * parameter renegotiation. */ ISCSI_SESSION_WARN(is, "ignoring AsyncEvent %d", bhsam->bhsam_async_event); break; } icl_pdu_free(response); } static void iscsi_pdu_handle_reject(struct icl_pdu *response) { struct iscsi_bhs_reject *bhsr; struct iscsi_session *is; is = PDU_SESSION(response); bhsr = (struct iscsi_bhs_reject *)response->ip_bhs; ISCSI_SESSION_WARN(is, "received Reject PDU, reason 0x%x; protocol error?", bhsr->bhsr_reason); icl_pdu_free(response); } static int iscsi_ioctl_daemon_wait(struct iscsi_softc *sc, struct iscsi_daemon_request *request) { struct iscsi_session *is; struct icl_drv_limits idl; int error; sx_slock(&sc->sc_lock); for (;;) { TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { ISCSI_SESSION_LOCK(is); if (is->is_conf.isc_enable == 0 && is->is_conf.isc_discovery == 0) { ISCSI_SESSION_UNLOCK(is); continue; } if (is->is_waiting_for_iscsid) break; ISCSI_SESSION_UNLOCK(is); } if (is == NULL) { /* * No session requires attention from iscsid(8); wait. */ error = cv_wait_sig(&sc->sc_cv, &sc->sc_lock); if (error != 0) { sx_sunlock(&sc->sc_lock); return (error); } continue; } is->is_waiting_for_iscsid = false; is->is_login_phase = true; is->is_reason[0] = '\0'; ISCSI_SESSION_UNLOCK(is); request->idr_session_id = is->is_id; memcpy(&request->idr_isid, &is->is_isid, sizeof(request->idr_isid)); request->idr_tsih = 0; /* New or reinstated session. */ memcpy(&request->idr_conf, &is->is_conf, sizeof(request->idr_conf)); error = icl_limits(is->is_conf.isc_offload, is->is_conf.isc_iser, &idl); if (error != 0) { ISCSI_SESSION_WARN(is, "icl_limits for offload \"%s\" " "failed with error %d", is->is_conf.isc_offload, error); sx_sunlock(&sc->sc_lock); return (error); } request->idr_limits.isl_max_recv_data_segment_length = idl.idl_max_recv_data_segment_length; request->idr_limits.isl_max_send_data_segment_length = idl.idl_max_send_data_segment_length; request->idr_limits.isl_max_burst_length = idl.idl_max_burst_length; request->idr_limits.isl_first_burst_length = idl.idl_first_burst_length; sx_sunlock(&sc->sc_lock); return (0); } } static int iscsi_ioctl_daemon_handoff(struct iscsi_softc *sc, struct iscsi_daemon_handoff *handoff) { struct iscsi_session *is; struct icl_conn *ic; int error; sx_slock(&sc->sc_lock); /* * Find the session to hand off socket to. */ TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { if (is->is_id == handoff->idh_session_id) break; } if (is == NULL) { sx_sunlock(&sc->sc_lock); return (ESRCH); } ISCSI_SESSION_LOCK(is); ic = is->is_conn; if (is->is_conf.isc_discovery || is->is_terminating) { ISCSI_SESSION_UNLOCK(is); sx_sunlock(&sc->sc_lock); return (EINVAL); } if (is->is_connected) { /* * This might have happened because another iscsid(8) * instance handed off the connection in the meantime. * Just return. */ ISCSI_SESSION_WARN(is, "handoff on already connected " "session"); ISCSI_SESSION_UNLOCK(is); sx_sunlock(&sc->sc_lock); return (EBUSY); } strlcpy(is->is_target_alias, handoff->idh_target_alias, sizeof(is->is_target_alias)); is->is_tsih = handoff->idh_tsih; is->is_statsn = handoff->idh_statsn; is->is_protocol_level = handoff->idh_protocol_level; is->is_initial_r2t = handoff->idh_initial_r2t; is->is_immediate_data = handoff->idh_immediate_data; is->is_max_recv_data_segment_length = handoff->idh_max_recv_data_segment_length; is->is_max_send_data_segment_length = handoff->idh_max_send_data_segment_length; is->is_max_burst_length = handoff->idh_max_burst_length; is->is_first_burst_length = handoff->idh_first_burst_length; if (handoff->idh_header_digest == ISCSI_DIGEST_CRC32C) ic->ic_header_crc32c = true; else ic->ic_header_crc32c = false; if (handoff->idh_data_digest == ISCSI_DIGEST_CRC32C) ic->ic_data_crc32c = true; else ic->ic_data_crc32c = false; ic->ic_maxtags = maxtags; is->is_cmdsn = 0; is->is_expcmdsn = 0; is->is_maxcmdsn = 0; is->is_waiting_for_iscsid = false; is->is_login_phase = false; is->is_timeout = 0; is->is_connected = true; is->is_reason[0] = '\0'; ISCSI_SESSION_UNLOCK(is); /* * If we're going through the proxy, the idh_socket will be 0, * and the ICL module can simply ignore this call. It can also * use it to determine it's no longer in the Login phase. */ error = icl_conn_handoff(ic, handoff->idh_socket); if (error != 0) { sx_sunlock(&sc->sc_lock); iscsi_session_terminate(is); return (error); } sx_sunlock(&sc->sc_lock); if (is->is_sim != NULL) { /* * When reconnecting, there already is SIM allocated for the session. */ KASSERT(is->is_simq_frozen, ("reconnect without frozen simq")); ISCSI_SESSION_LOCK(is); ISCSI_SESSION_DEBUG(is, "releasing"); is->is_simq_frozen = false; xpt_release_simq(is->is_sim, 1); ISCSI_SESSION_UNLOCK(is); } else { ISCSI_SESSION_LOCK(is); is->is_devq = cam_simq_alloc(ic->ic_maxtags); if (is->is_devq == NULL) { ISCSI_SESSION_WARN(is, "failed to allocate simq"); iscsi_session_terminate(is); return (ENOMEM); } is->is_sim = cam_sim_alloc(iscsi_action, iscsi_poll, "iscsi", is, is->is_id /* unit */, &is->is_lock, 1, ic->ic_maxtags, is->is_devq); if (is->is_sim == NULL) { ISCSI_SESSION_UNLOCK(is); ISCSI_SESSION_WARN(is, "failed to allocate SIM"); cam_simq_free(is->is_devq); iscsi_session_terminate(is); return (ENOMEM); } error = xpt_bus_register(is->is_sim, NULL, 0); if (error != 0) { ISCSI_SESSION_UNLOCK(is); ISCSI_SESSION_WARN(is, "failed to register bus"); iscsi_session_terminate(is); return (ENOMEM); } error = xpt_create_path(&is->is_path, /*periph*/NULL, cam_sim_path(is->is_sim), CAM_TARGET_WILDCARD, CAM_LUN_WILDCARD); if (error != CAM_REQ_CMP) { ISCSI_SESSION_UNLOCK(is); ISCSI_SESSION_WARN(is, "failed to create path"); iscsi_session_terminate(is); return (ENOMEM); } ISCSI_SESSION_UNLOCK(is); } return (0); } static int iscsi_ioctl_daemon_fail(struct iscsi_softc *sc, struct iscsi_daemon_fail *fail) { struct iscsi_session *is; sx_slock(&sc->sc_lock); TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { if (is->is_id == fail->idf_session_id) break; } if (is == NULL) { sx_sunlock(&sc->sc_lock); return (ESRCH); } ISCSI_SESSION_LOCK(is); ISCSI_SESSION_DEBUG(is, "iscsid(8) failed: %s", fail->idf_reason); strlcpy(is->is_reason, fail->idf_reason, sizeof(is->is_reason)); //is->is_waiting_for_iscsid = false; //is->is_login_phase = true; //iscsi_session_reconnect(is); ISCSI_SESSION_UNLOCK(is); sx_sunlock(&sc->sc_lock); return (0); } #ifdef ICL_KERNEL_PROXY static int iscsi_ioctl_daemon_connect(struct iscsi_softc *sc, struct iscsi_daemon_connect *idc) { struct iscsi_session *is; struct sockaddr *from_sa, *to_sa; int error; sx_slock(&sc->sc_lock); TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { if (is->is_id == idc->idc_session_id) break; } if (is == NULL) { sx_sunlock(&sc->sc_lock); return (ESRCH); } sx_sunlock(&sc->sc_lock); if (idc->idc_from_addrlen > 0) { error = getsockaddr(&from_sa, (void *)idc->idc_from_addr, idc->idc_from_addrlen); if (error != 0) { ISCSI_SESSION_WARN(is, "getsockaddr failed with error %d", error); return (error); } } else { from_sa = NULL; } error = getsockaddr(&to_sa, (void *)idc->idc_to_addr, idc->idc_to_addrlen); if (error != 0) { ISCSI_SESSION_WARN(is, "getsockaddr failed with error %d", error); free(from_sa, M_SONAME); return (error); } ISCSI_SESSION_LOCK(is); is->is_statsn = 0; is->is_cmdsn = 0; is->is_expcmdsn = 0; is->is_maxcmdsn = 0; is->is_waiting_for_iscsid = false; is->is_login_phase = true; is->is_timeout = 0; ISCSI_SESSION_UNLOCK(is); error = icl_conn_connect(is->is_conn, idc->idc_domain, idc->idc_socktype, idc->idc_protocol, from_sa, to_sa); free(from_sa, M_SONAME); free(to_sa, M_SONAME); /* * Digests are always disabled during login phase. */ is->is_conn->ic_header_crc32c = false; is->is_conn->ic_data_crc32c = false; return (error); } static int iscsi_ioctl_daemon_send(struct iscsi_softc *sc, struct iscsi_daemon_send *ids) { struct iscsi_session *is; struct icl_pdu *ip; size_t datalen; void *data; int error; sx_slock(&sc->sc_lock); TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { if (is->is_id == ids->ids_session_id) break; } if (is == NULL) { sx_sunlock(&sc->sc_lock); return (ESRCH); } sx_sunlock(&sc->sc_lock); if (is->is_login_phase == false) return (EBUSY); if (is->is_terminating || is->is_reconnecting) return (EIO); datalen = ids->ids_data_segment_len; if (datalen > is->is_max_send_data_segment_length) return (EINVAL); if (datalen > 0) { data = malloc(datalen, M_ISCSI, M_WAITOK); error = copyin(ids->ids_data_segment, data, datalen); if (error != 0) { free(data, M_ISCSI); return (error); } } ip = icl_pdu_new(is->is_conn, M_WAITOK); memcpy(ip->ip_bhs, ids->ids_bhs, sizeof(*ip->ip_bhs)); if (datalen > 0) { error = icl_pdu_append_data(ip, data, datalen, M_WAITOK); KASSERT(error == 0, ("icl_pdu_append_data(..., M_WAITOK) failed")); free(data, M_ISCSI); } iscsi_pdu_queue(ip); return (0); } static int iscsi_ioctl_daemon_receive(struct iscsi_softc *sc, struct iscsi_daemon_receive *idr) { struct iscsi_session *is; struct icl_pdu *ip; void *data; int error; sx_slock(&sc->sc_lock); TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { if (is->is_id == idr->idr_session_id) break; } if (is == NULL) { sx_sunlock(&sc->sc_lock); return (ESRCH); } sx_sunlock(&sc->sc_lock); if (is->is_login_phase == false) return (EBUSY); ISCSI_SESSION_LOCK(is); while (is->is_login_pdu == NULL && is->is_terminating == false && is->is_reconnecting == false) { error = cv_wait_sig(&is->is_login_cv, &is->is_lock); if (error != 0) { ISCSI_SESSION_UNLOCK(is); return (error); } } if (is->is_terminating || is->is_reconnecting) { ISCSI_SESSION_UNLOCK(is); return (EIO); } ip = is->is_login_pdu; is->is_login_pdu = NULL; ISCSI_SESSION_UNLOCK(is); if (ip->ip_data_len > idr->idr_data_segment_len) { icl_pdu_free(ip); return (EMSGSIZE); } copyout(ip->ip_bhs, idr->idr_bhs, sizeof(*ip->ip_bhs)); if (ip->ip_data_len > 0) { data = malloc(ip->ip_data_len, M_ISCSI, M_WAITOK); icl_pdu_get_data(ip, 0, data, ip->ip_data_len); copyout(data, idr->idr_data_segment, ip->ip_data_len); free(data, M_ISCSI); } icl_pdu_free(ip); return (0); } #endif /* ICL_KERNEL_PROXY */ static void iscsi_sanitize_session_conf(struct iscsi_session_conf *isc) { /* * Just make sure all the fields are null-terminated. * * XXX: This is not particularly secure. We should * create our own conf and then copy in relevant * fields. */ isc->isc_initiator[ISCSI_NAME_LEN - 1] = '\0'; isc->isc_initiator_addr[ISCSI_ADDR_LEN - 1] = '\0'; isc->isc_initiator_alias[ISCSI_ALIAS_LEN - 1] = '\0'; isc->isc_target[ISCSI_NAME_LEN - 1] = '\0'; isc->isc_target_addr[ISCSI_ADDR_LEN - 1] = '\0'; isc->isc_user[ISCSI_NAME_LEN - 1] = '\0'; isc->isc_secret[ISCSI_SECRET_LEN - 1] = '\0'; isc->isc_mutual_user[ISCSI_NAME_LEN - 1] = '\0'; isc->isc_mutual_secret[ISCSI_SECRET_LEN - 1] = '\0'; } static bool iscsi_valid_session_conf(const struct iscsi_session_conf *isc) { if (isc->isc_initiator[0] == '\0') { ISCSI_DEBUG("empty isc_initiator"); return (false); } if (isc->isc_target_addr[0] == '\0') { ISCSI_DEBUG("empty isc_target_addr"); return (false); } if (isc->isc_discovery != 0 && isc->isc_target[0] != 0) { ISCSI_DEBUG("non-empty isc_target for discovery session"); return (false); } if (isc->isc_discovery == 0 && isc->isc_target[0] == 0) { ISCSI_DEBUG("empty isc_target for non-discovery session"); return (false); } return (true); } static int iscsi_ioctl_session_add(struct iscsi_softc *sc, struct iscsi_session_add *isa) { struct iscsi_session *is; const struct iscsi_session *is2; int error; iscsi_sanitize_session_conf(&isa->isa_conf); if (iscsi_valid_session_conf(&isa->isa_conf) == false) return (EINVAL); is = malloc(sizeof(*is), M_ISCSI, M_ZERO | M_WAITOK); memcpy(&is->is_conf, &isa->isa_conf, sizeof(is->is_conf)); /* * Set some default values, from RFC 3720, section 12. * * These values are updated by the handoff IOCTL, but are * needed prior to the handoff to support sending the ISER * login PDU. */ is->is_max_recv_data_segment_length = 8192; is->is_max_send_data_segment_length = 8192; is->is_max_burst_length = 262144; is->is_first_burst_length = 65536; sx_xlock(&sc->sc_lock); /* * Prevent duplicates. */ TAILQ_FOREACH(is2, &sc->sc_sessions, is_next) { if (!!is->is_conf.isc_discovery != !!is2->is_conf.isc_discovery) continue; if (strcmp(is->is_conf.isc_target_addr, is2->is_conf.isc_target_addr) != 0) continue; if (is->is_conf.isc_discovery == 0 && strcmp(is->is_conf.isc_target, is2->is_conf.isc_target) != 0) continue; sx_xunlock(&sc->sc_lock); free(is, M_ISCSI); return (EBUSY); } is->is_conn = icl_new_conn(is->is_conf.isc_offload, is->is_conf.isc_iser, "iscsi", &is->is_lock); if (is->is_conn == NULL) { sx_xunlock(&sc->sc_lock); free(is, M_ISCSI); return (EINVAL); } is->is_conn->ic_receive = iscsi_receive_callback; is->is_conn->ic_error = iscsi_error_callback; is->is_conn->ic_prv0 = is; TAILQ_INIT(&is->is_outstanding); STAILQ_INIT(&is->is_postponed); mtx_init(&is->is_lock, "iscsi_lock", NULL, MTX_DEF); cv_init(&is->is_maintenance_cv, "iscsi_mt"); #ifdef ICL_KERNEL_PROXY cv_init(&is->is_login_cv, "iscsi_login"); #endif is->is_softc = sc; sc->sc_last_session_id++; is->is_id = sc->sc_last_session_id; is->is_isid[0] = 0x80; /* RFC 3720, 10.12.5: 10b, "Random" ISID. */ arc4rand(&is->is_isid[1], 5, 0); is->is_tsih = 0; callout_init(&is->is_callout, 1); error = kthread_add(iscsi_maintenance_thread, is, NULL, NULL, 0, 0, "iscsimt"); if (error != 0) { ISCSI_SESSION_WARN(is, "kthread_add(9) failed with error %d", error); sx_xunlock(&sc->sc_lock); return (error); } callout_reset(&is->is_callout, 1 * hz, iscsi_callout, is); TAILQ_INSERT_TAIL(&sc->sc_sessions, is, is_next); ISCSI_SESSION_LOCK(is); /* * Don't notify iscsid(8) if the session is disabled and it's not * a discovery session, */ if (is->is_conf.isc_enable == 0 && is->is_conf.isc_discovery == 0) { ISCSI_SESSION_UNLOCK(is); sx_xunlock(&sc->sc_lock); return (0); } is->is_waiting_for_iscsid = true; strlcpy(is->is_reason, "Waiting for iscsid(8)", sizeof(is->is_reason)); ISCSI_SESSION_UNLOCK(is); cv_signal(&sc->sc_cv); sx_xunlock(&sc->sc_lock); return (0); } static bool iscsi_session_conf_matches(unsigned int id1, const struct iscsi_session_conf *c1, unsigned int id2, const struct iscsi_session_conf *c2) { if (id2 != 0 && id2 != id1) return (false); if (c2->isc_target[0] != '\0' && strcmp(c1->isc_target, c2->isc_target) != 0) return (false); if (c2->isc_target_addr[0] != '\0' && strcmp(c1->isc_target_addr, c2->isc_target_addr) != 0) return (false); return (true); } static int iscsi_ioctl_session_remove(struct iscsi_softc *sc, struct iscsi_session_remove *isr) { struct iscsi_session *is, *tmp; bool found = false; iscsi_sanitize_session_conf(&isr->isr_conf); sx_xlock(&sc->sc_lock); TAILQ_FOREACH_SAFE(is, &sc->sc_sessions, is_next, tmp) { ISCSI_SESSION_LOCK(is); if (iscsi_session_conf_matches(is->is_id, &is->is_conf, isr->isr_session_id, &isr->isr_conf)) { found = true; iscsi_session_logout(is); iscsi_session_terminate(is); } ISCSI_SESSION_UNLOCK(is); } sx_xunlock(&sc->sc_lock); if (!found) return (ESRCH); return (0); } static int iscsi_ioctl_session_list(struct iscsi_softc *sc, struct iscsi_session_list *isl) { int error; unsigned int i = 0; struct iscsi_session *is; struct iscsi_session_state iss; sx_slock(&sc->sc_lock); TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { if (i >= isl->isl_nentries) { sx_sunlock(&sc->sc_lock); return (EMSGSIZE); } memset(&iss, 0, sizeof(iss)); memcpy(&iss.iss_conf, &is->is_conf, sizeof(iss.iss_conf)); iss.iss_id = is->is_id; strlcpy(iss.iss_target_alias, is->is_target_alias, sizeof(iss.iss_target_alias)); strlcpy(iss.iss_reason, is->is_reason, sizeof(iss.iss_reason)); strlcpy(iss.iss_offload, is->is_conn->ic_offload, sizeof(iss.iss_offload)); if (is->is_conn->ic_header_crc32c) iss.iss_header_digest = ISCSI_DIGEST_CRC32C; else iss.iss_header_digest = ISCSI_DIGEST_NONE; if (is->is_conn->ic_data_crc32c) iss.iss_data_digest = ISCSI_DIGEST_CRC32C; else iss.iss_data_digest = ISCSI_DIGEST_NONE; iss.iss_max_send_data_segment_length = is->is_max_send_data_segment_length; iss.iss_max_recv_data_segment_length = is->is_max_recv_data_segment_length; iss.iss_max_burst_length = is->is_max_burst_length; iss.iss_first_burst_length = is->is_first_burst_length; iss.iss_immediate_data = is->is_immediate_data; iss.iss_connected = is->is_connected; error = copyout(&iss, isl->isl_pstates + i, sizeof(iss)); if (error != 0) { sx_sunlock(&sc->sc_lock); return (error); } i++; } sx_sunlock(&sc->sc_lock); isl->isl_nentries = i; return (0); } static int iscsi_ioctl_session_modify(struct iscsi_softc *sc, struct iscsi_session_modify *ism) { struct iscsi_session *is; const struct iscsi_session *is2; iscsi_sanitize_session_conf(&ism->ism_conf); if (iscsi_valid_session_conf(&ism->ism_conf) == false) return (EINVAL); sx_xlock(&sc->sc_lock); TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { ISCSI_SESSION_LOCK(is); if (is->is_id == ism->ism_session_id) { /* Note that the session remains locked. */ break; } ISCSI_SESSION_UNLOCK(is); } if (is == NULL) { sx_xunlock(&sc->sc_lock); return (ESRCH); } /* * Prevent duplicates. */ TAILQ_FOREACH(is2, &sc->sc_sessions, is_next) { if (is == is2) continue; if (!!ism->ism_conf.isc_discovery != !!is2->is_conf.isc_discovery) continue; if (strcmp(ism->ism_conf.isc_target_addr, is2->is_conf.isc_target_addr) != 0) continue; if (ism->ism_conf.isc_discovery == 0 && strcmp(ism->ism_conf.isc_target, is2->is_conf.isc_target) != 0) continue; ISCSI_SESSION_UNLOCK(is); sx_xunlock(&sc->sc_lock); return (EBUSY); } sx_xunlock(&sc->sc_lock); memcpy(&is->is_conf, &ism->ism_conf, sizeof(is->is_conf)); ISCSI_SESSION_UNLOCK(is); iscsi_session_reconnect(is); return (0); } static int iscsi_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int mode, struct thread *td) { struct iscsi_softc *sc; sc = dev->si_drv1; switch (cmd) { case ISCSIDWAIT: return (iscsi_ioctl_daemon_wait(sc, (struct iscsi_daemon_request *)arg)); case ISCSIDHANDOFF: return (iscsi_ioctl_daemon_handoff(sc, (struct iscsi_daemon_handoff *)arg)); case ISCSIDFAIL: return (iscsi_ioctl_daemon_fail(sc, (struct iscsi_daemon_fail *)arg)); #ifdef ICL_KERNEL_PROXY case ISCSIDCONNECT: return (iscsi_ioctl_daemon_connect(sc, (struct iscsi_daemon_connect *)arg)); case ISCSIDSEND: return (iscsi_ioctl_daemon_send(sc, (struct iscsi_daemon_send *)arg)); case ISCSIDRECEIVE: return (iscsi_ioctl_daemon_receive(sc, (struct iscsi_daemon_receive *)arg)); #endif /* ICL_KERNEL_PROXY */ case ISCSISADD: return (iscsi_ioctl_session_add(sc, (struct iscsi_session_add *)arg)); case ISCSISREMOVE: return (iscsi_ioctl_session_remove(sc, (struct iscsi_session_remove *)arg)); case ISCSISLIST: return (iscsi_ioctl_session_list(sc, (struct iscsi_session_list *)arg)); case ISCSISMODIFY: return (iscsi_ioctl_session_modify(sc, (struct iscsi_session_modify *)arg)); default: return (EINVAL); } } static struct iscsi_outstanding * iscsi_outstanding_find(struct iscsi_session *is, uint32_t initiator_task_tag) { struct iscsi_outstanding *io; ISCSI_SESSION_LOCK_ASSERT(is); TAILQ_FOREACH(io, &is->is_outstanding, io_next) { if (io->io_initiator_task_tag == initiator_task_tag) return (io); } return (NULL); } static struct iscsi_outstanding * iscsi_outstanding_find_ccb(struct iscsi_session *is, union ccb *ccb) { struct iscsi_outstanding *io; ISCSI_SESSION_LOCK_ASSERT(is); TAILQ_FOREACH(io, &is->is_outstanding, io_next) { if (io->io_ccb == ccb) return (io); } return (NULL); } static struct iscsi_outstanding * iscsi_outstanding_add(struct iscsi_session *is, struct icl_pdu *request, union ccb *ccb, uint32_t *initiator_task_tagp) { struct iscsi_outstanding *io; int error; ISCSI_SESSION_LOCK_ASSERT(is); io = uma_zalloc(iscsi_outstanding_zone, M_NOWAIT | M_ZERO); if (io == NULL) { ISCSI_SESSION_WARN(is, "failed to allocate %zd bytes", sizeof(*io)); return (NULL); } error = icl_conn_task_setup(is->is_conn, request, &ccb->csio, initiator_task_tagp, &io->io_icl_prv); if (error != 0) { ISCSI_SESSION_WARN(is, "icl_conn_task_setup() failed with error %d", error); uma_zfree(iscsi_outstanding_zone, io); return (NULL); } KASSERT(iscsi_outstanding_find(is, *initiator_task_tagp) == NULL, ("initiator_task_tag 0x%x already added", *initiator_task_tagp)); io->io_initiator_task_tag = *initiator_task_tagp; io->io_ccb = ccb; TAILQ_INSERT_TAIL(&is->is_outstanding, io, io_next); return (io); } static void iscsi_outstanding_remove(struct iscsi_session *is, struct iscsi_outstanding *io) { ISCSI_SESSION_LOCK_ASSERT(is); icl_conn_task_done(is->is_conn, io->io_icl_prv); TAILQ_REMOVE(&is->is_outstanding, io, io_next); uma_zfree(iscsi_outstanding_zone, io); } static void iscsi_action_abort(struct iscsi_session *is, union ccb *ccb) { struct icl_pdu *request; struct iscsi_bhs_task_management_request *bhstmr; struct ccb_abort *cab = &ccb->cab; struct iscsi_outstanding *io, *aio; uint32_t initiator_task_tag; ISCSI_SESSION_LOCK_ASSERT(is); #if 0 KASSERT(is->is_login_phase == false, ("%s called during Login Phase", __func__)); #else if (is->is_login_phase) { ccb->ccb_h.status = CAM_REQ_ABORTED; xpt_done(ccb); return; } #endif aio = iscsi_outstanding_find_ccb(is, cab->abort_ccb); if (aio == NULL) { ccb->ccb_h.status = CAM_REQ_CMP; xpt_done(ccb); return; } request = icl_pdu_new(is->is_conn, M_NOWAIT); if (request == NULL) { ccb->ccb_h.status = CAM_RESRC_UNAVAIL; xpt_done(ccb); return; } initiator_task_tag = is->is_initiator_task_tag++; io = iscsi_outstanding_add(is, request, NULL, &initiator_task_tag); if (io == NULL) { icl_pdu_free(request); ccb->ccb_h.status = CAM_RESRC_UNAVAIL; xpt_done(ccb); return; } io->io_datasn = aio->io_initiator_task_tag; bhstmr = (struct iscsi_bhs_task_management_request *)request->ip_bhs; bhstmr->bhstmr_opcode = ISCSI_BHS_OPCODE_TASK_REQUEST; bhstmr->bhstmr_function = 0x80 | BHSTMR_FUNCTION_ABORT_TASK; bhstmr->bhstmr_lun = htobe64(CAM_EXTLUN_BYTE_SWIZZLE(ccb->ccb_h.target_lun)); bhstmr->bhstmr_initiator_task_tag = initiator_task_tag; bhstmr->bhstmr_referenced_task_tag = aio->io_initiator_task_tag; iscsi_pdu_queue_locked(request); } static void iscsi_action_scsiio(struct iscsi_session *is, union ccb *ccb) { struct icl_pdu *request; struct iscsi_bhs_scsi_command *bhssc; struct ccb_scsiio *csio; struct iscsi_outstanding *io; size_t len; uint32_t initiator_task_tag; int error; ISCSI_SESSION_LOCK_ASSERT(is); #if 0 KASSERT(is->is_login_phase == false, ("%s called during Login Phase", __func__)); #else if (is->is_login_phase) { ISCSI_SESSION_DEBUG(is, "called during login phase"); if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_REQ_ABORTED | CAM_DEV_QFRZN; xpt_done(ccb); return; } #endif request = icl_pdu_new(is->is_conn, M_NOWAIT); if (request == NULL) { if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_RESRC_UNAVAIL | CAM_DEV_QFRZN; xpt_done(ccb); return; } initiator_task_tag = is->is_initiator_task_tag++; io = iscsi_outstanding_add(is, request, ccb, &initiator_task_tag); if (io == NULL) { icl_pdu_free(request); if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_RESRC_UNAVAIL | CAM_DEV_QFRZN; xpt_done(ccb); return; } csio = &ccb->csio; bhssc = (struct iscsi_bhs_scsi_command *)request->ip_bhs; bhssc->bhssc_opcode = ISCSI_BHS_OPCODE_SCSI_COMMAND; bhssc->bhssc_flags |= BHSSC_FLAGS_F; switch (csio->ccb_h.flags & CAM_DIR_MASK) { case CAM_DIR_IN: bhssc->bhssc_flags |= BHSSC_FLAGS_R; break; case CAM_DIR_OUT: bhssc->bhssc_flags |= BHSSC_FLAGS_W; break; } if ((ccb->ccb_h.flags & CAM_TAG_ACTION_VALID) != 0) { switch (csio->tag_action) { case MSG_HEAD_OF_Q_TAG: bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_HOQ; break; case MSG_ORDERED_Q_TAG: bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_ORDERED; break; case MSG_ACA_TASK: bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_ACA; break; case MSG_SIMPLE_Q_TAG: default: bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_SIMPLE; break; } } else bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_UNTAGGED; if (is->is_protocol_level >= 2) { bhssc->bhssc_pri = (csio->priority << BHSSC_PRI_SHIFT) & BHSSC_PRI_MASK; } bhssc->bhssc_lun = htobe64(CAM_EXTLUN_BYTE_SWIZZLE(ccb->ccb_h.target_lun)); bhssc->bhssc_initiator_task_tag = initiator_task_tag; bhssc->bhssc_expected_data_transfer_length = htonl(csio->dxfer_len); KASSERT(csio->cdb_len <= sizeof(bhssc->bhssc_cdb), ("unsupported CDB size %zd", (size_t)csio->cdb_len)); if (csio->ccb_h.flags & CAM_CDB_POINTER) memcpy(&bhssc->bhssc_cdb, csio->cdb_io.cdb_ptr, csio->cdb_len); else memcpy(&bhssc->bhssc_cdb, csio->cdb_io.cdb_bytes, csio->cdb_len); if (is->is_immediate_data && (csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_OUT) { len = csio->dxfer_len; //ISCSI_SESSION_DEBUG(is, "adding %zd of immediate data", len); if (len > is->is_first_burst_length) { ISCSI_SESSION_DEBUG(is, "len %zd -> %d", len, is->is_first_burst_length); len = is->is_first_burst_length; } if (len > is->is_max_send_data_segment_length) { ISCSI_SESSION_DEBUG(is, "len %zd -> %d", len, is->is_max_send_data_segment_length); len = is->is_max_send_data_segment_length; } error = icl_pdu_append_data(request, csio->data_ptr, len, M_NOWAIT); if (error != 0) { iscsi_outstanding_remove(is, io); icl_pdu_free(request); if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { xpt_freeze_devq(ccb->ccb_h.path, 1); ISCSI_SESSION_DEBUG(is, "freezing devq"); } ccb->ccb_h.status = CAM_RESRC_UNAVAIL | CAM_DEV_QFRZN; xpt_done(ccb); return; } } iscsi_pdu_queue_locked(request); } static void iscsi_action(struct cam_sim *sim, union ccb *ccb) { struct iscsi_session *is; is = cam_sim_softc(sim); ISCSI_SESSION_LOCK_ASSERT(is); if (is->is_terminating || (is->is_connected == false && fail_on_disconnection)) { ccb->ccb_h.status = CAM_DEV_NOT_THERE; xpt_done(ccb); return; } /* * Make sure CAM doesn't sneak in a CCB just after freezing the queue. */ if (is->is_simq_frozen == true) { ccb->ccb_h.status &= ~(CAM_SIM_QUEUED | CAM_STATUS_MASK); ccb->ccb_h.status |= CAM_REQUEUE_REQ; /* Don't freeze the devq - the SIM queue is already frozen. */ xpt_done(ccb); return; } switch (ccb->ccb_h.func_code) { case XPT_PATH_INQ: { struct ccb_pathinq *cpi = &ccb->cpi; cpi->version_num = 1; cpi->hba_inquiry = PI_TAG_ABLE; cpi->target_sprt = 0; cpi->hba_misc = PIM_EXTLUNS; /* * XXX: It shouldn't ever be NULL; this could be turned * into a KASSERT eventually. */ if (is->is_conn == NULL) ISCSI_WARN("NULL conn"); else if (is->is_conn->ic_unmapped) cpi->hba_misc |= PIM_UNMAPPED; cpi->hba_eng_cnt = 0; cpi->max_target = 0; /* * Note that the variable below is only relevant for targets * that don't claim compliance with anything above SPC2, which * means they don't support REPORT_LUNS. */ cpi->max_lun = 255; cpi->initiator_id = ~0; strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN); strlcpy(cpi->hba_vid, "iSCSI", HBA_IDLEN); strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN); cpi->unit_number = cam_sim_unit(sim); cpi->bus_id = cam_sim_bus(sim); cpi->base_transfer_speed = 150000; /* XXX */ cpi->transport = XPORT_ISCSI; cpi->transport_version = 0; cpi->protocol = PROTO_SCSI; cpi->protocol_version = SCSI_REV_SPC3; cpi->maxio = MAXPHYS; cpi->ccb_h.status = CAM_REQ_CMP; break; } case XPT_GET_TRAN_SETTINGS: { struct ccb_trans_settings *cts; struct ccb_trans_settings_scsi *scsi; cts = &ccb->cts; scsi = &cts->proto_specific.scsi; cts->protocol = PROTO_SCSI; cts->protocol_version = SCSI_REV_SPC3; cts->transport = XPORT_ISCSI; cts->transport_version = 0; scsi->valid = CTS_SCSI_VALID_TQ; scsi->flags = CTS_SCSI_FLAGS_TAG_ENB; cts->ccb_h.status = CAM_REQ_CMP; break; } case XPT_CALC_GEOMETRY: cam_calc_geometry(&ccb->ccg, /*extended*/1); ccb->ccb_h.status = CAM_REQ_CMP; break; #if 0 /* * XXX: What's the point? */ case XPT_RESET_BUS: case XPT_TERM_IO: ISCSI_SESSION_DEBUG(is, "faking success for reset, abort, or term_io"); ccb->ccb_h.status = CAM_REQ_CMP; break; #endif case XPT_ABORT: iscsi_action_abort(is, ccb); return; case XPT_SCSI_IO: iscsi_action_scsiio(is, ccb); return; default: #if 0 ISCSI_SESSION_DEBUG(is, "got unsupported code 0x%x", ccb->ccb_h.func_code); #endif ccb->ccb_h.status = CAM_FUNC_NOTAVAIL; break; } xpt_done(ccb); } static void iscsi_poll(struct cam_sim *sim) { KASSERT(0, ("%s: you're not supposed to be here", __func__)); } static void iscsi_terminate_sessions(struct iscsi_softc *sc) { struct iscsi_session *is; sx_slock(&sc->sc_lock); TAILQ_FOREACH(is, &sc->sc_sessions, is_next) iscsi_session_terminate(is); while(!TAILQ_EMPTY(&sc->sc_sessions)) { ISCSI_DEBUG("waiting for sessions to terminate"); cv_wait(&sc->sc_cv, &sc->sc_lock); } ISCSI_DEBUG("all sessions terminated"); sx_sunlock(&sc->sc_lock); } static void iscsi_shutdown_pre(struct iscsi_softc *sc) { struct iscsi_session *is; if (!fail_on_shutdown) return; /* * If we have any sessions waiting for reconnection, request * maintenance thread to fail them immediately instead of waiting * for reconnect timeout. * * This prevents LUNs with mounted filesystems that are supported * by disconnected iSCSI sessions from hanging, however it will * fail all queued BIOs. */ ISCSI_DEBUG("forcing failing all disconnected sessions due to shutdown"); fail_on_disconnection = 1; sx_slock(&sc->sc_lock); TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { ISCSI_SESSION_LOCK(is); if (!is->is_connected) { ISCSI_SESSION_DEBUG(is, "force failing disconnected session early"); iscsi_session_reconnect(is); } ISCSI_SESSION_UNLOCK(is); } sx_sunlock(&sc->sc_lock); } static void iscsi_shutdown_post(struct iscsi_softc *sc) { if (!KERNEL_PANICKED()) { ISCSI_DEBUG("removing all sessions due to shutdown"); iscsi_terminate_sessions(sc); } } static int iscsi_load(void) { int error; sc = malloc(sizeof(*sc), M_ISCSI, M_ZERO | M_WAITOK); sx_init(&sc->sc_lock, "iscsi"); TAILQ_INIT(&sc->sc_sessions); cv_init(&sc->sc_cv, "iscsi_cv"); iscsi_outstanding_zone = uma_zcreate("iscsi_outstanding", sizeof(struct iscsi_outstanding), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); error = make_dev_p(MAKEDEV_CHECKNAME, &sc->sc_cdev, &iscsi_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "iscsi"); if (error != 0) { ISCSI_WARN("failed to create device node, error %d", error); return (error); } sc->sc_cdev->si_drv1 = sc; sc->sc_shutdown_pre_eh = EVENTHANDLER_REGISTER(shutdown_pre_sync, iscsi_shutdown_pre, sc, SHUTDOWN_PRI_FIRST); /* * shutdown_post_sync needs to run after filesystem shutdown and before * CAM shutdown - otherwise when rebooting with an iSCSI session that is * disconnected but has outstanding requests, dashutdown() will hang on * cam_periph_runccb(). */ sc->sc_shutdown_post_eh = EVENTHANDLER_REGISTER(shutdown_post_sync, iscsi_shutdown_post, sc, SHUTDOWN_PRI_DEFAULT - 1); return (0); } static int iscsi_unload(void) { if (sc->sc_cdev != NULL) { ISCSI_DEBUG("removing device node"); destroy_dev(sc->sc_cdev); ISCSI_DEBUG("device node removed"); } if (sc->sc_shutdown_pre_eh != NULL) EVENTHANDLER_DEREGISTER(shutdown_pre_sync, sc->sc_shutdown_pre_eh); if (sc->sc_shutdown_post_eh != NULL) EVENTHANDLER_DEREGISTER(shutdown_post_sync, sc->sc_shutdown_post_eh); iscsi_terminate_sessions(sc); uma_zdestroy(iscsi_outstanding_zone); sx_destroy(&sc->sc_lock); cv_destroy(&sc->sc_cv); free(sc, M_ISCSI); return (0); } static int iscsi_quiesce(void) { sx_slock(&sc->sc_lock); if (!TAILQ_EMPTY(&sc->sc_sessions)) { sx_sunlock(&sc->sc_lock); return (EBUSY); } sx_sunlock(&sc->sc_lock); return (0); } static int iscsi_modevent(module_t mod, int what, void *arg) { int error; switch (what) { case MOD_LOAD: error = iscsi_load(); break; case MOD_UNLOAD: error = iscsi_unload(); break; case MOD_QUIESCE: error = iscsi_quiesce(); break; default: error = EINVAL; break; } return (error); } moduledata_t iscsi_data = { "iscsi", iscsi_modevent, 0 }; DECLARE_MODULE(iscsi, iscsi_data, SI_SUB_DRIVERS, SI_ORDER_MIDDLE); MODULE_DEPEND(iscsi, cam, 1, 1, 1); MODULE_DEPEND(iscsi, icl, 1, 1, 1); Index: head/sys/dev/iscsi/iscsi.h =================================================================== --- head/sys/dev/iscsi/iscsi.h (revision 367104) +++ head/sys/dev/iscsi/iscsi.h (revision 367105) @@ -1,140 +1,139 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef ISCSI_H #define ISCSI_H struct iscsi_softc; struct icl_conn; #define ISCSI_NAME_LEN 224 /* 223 bytes, by RFC 3720, + '\0' */ #define ISCSI_ADDR_LEN 47 /* INET6_ADDRSTRLEN + '\0' */ #define ISCSI_SECRET_LEN 17 /* 16 + '\0' */ struct iscsi_outstanding { TAILQ_ENTRY(iscsi_outstanding) io_next; union ccb *io_ccb; size_t io_received; uint32_t io_initiator_task_tag; uint32_t io_datasn; void *io_icl_prv; }; struct iscsi_session { TAILQ_ENTRY(iscsi_session) is_next; struct icl_conn *is_conn; struct mtx is_lock; uint32_t is_statsn; uint32_t is_cmdsn; uint32_t is_expcmdsn; uint32_t is_maxcmdsn; uint32_t is_initiator_task_tag; int is_protocol_level; int is_initial_r2t; int is_max_burst_length; int is_first_burst_length; uint8_t is_isid[6]; uint16_t is_tsih; bool is_immediate_data; int is_max_recv_data_segment_length; int is_max_send_data_segment_length; char is_target_alias[ISCSI_ALIAS_LEN]; TAILQ_HEAD(, iscsi_outstanding) is_outstanding; STAILQ_HEAD(, icl_pdu) is_postponed; struct callout is_callout; unsigned int is_timeout; /* * XXX: This could be rewritten using a single variable, * but somehow it results in uglier code. */ /* * We're waiting for iscsid(8); after iscsid_timeout * expires, kernel will wake up an iscsid(8) to handle * the session. */ bool is_waiting_for_iscsid; /* * Some iscsid(8) instance is handling the session; * after login_timeout expires, kernel will wake up * another iscsid(8) to handle the session. */ bool is_login_phase; /* * We're in the process of removing the iSCSI session. */ bool is_terminating; /* * We're waiting for the maintenance thread to do some * reconnection tasks. */ bool is_reconnecting; bool is_connected; struct cam_devq *is_devq; struct cam_sim *is_sim; struct cam_path *is_path; struct cv is_maintenance_cv; struct iscsi_softc *is_softc; unsigned int is_id; struct iscsi_session_conf is_conf; bool is_simq_frozen; char is_reason[ISCSI_REASON_LEN]; #ifdef ICL_KERNEL_PROXY struct cv is_login_cv; struct icl_pdu *is_login_pdu; #endif }; struct iscsi_softc { device_t sc_dev; struct sx sc_lock; struct cdev *sc_cdev; TAILQ_HEAD(, iscsi_session) sc_sessions; struct cv sc_cv; unsigned int sc_last_session_id; eventhandler_tag sc_shutdown_pre_eh; eventhandler_tag sc_shutdown_post_eh; }; #endif /* !ISCSI_H */ Index: head/sys/dev/iscsi/iscsi_ioctl.h =================================================================== --- head/sys/dev/iscsi/iscsi_ioctl.h (revision 367104) +++ head/sys/dev/iscsi/iscsi_ioctl.h (revision 367105) @@ -1,241 +1,240 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef ISCSI_IOCTL_H #define ISCSI_IOCTL_H #ifdef ICL_KERNEL_PROXY #include #endif #define ISCSI_PATH "/dev/iscsi" #define ISCSI_MAX_DATA_SEGMENT_LENGTH (128 * 1024) #define ISCSI_NAME_LEN 224 /* 223 bytes, by RFC 3720, + '\0' */ #define ISCSI_ADDR_LEN 47 /* INET6_ADDRSTRLEN + '\0' */ #define ISCSI_ALIAS_LEN 256 /* XXX: Where did it come from? */ #define ISCSI_SECRET_LEN 17 /* 16 + '\0' */ #define ISCSI_OFFLOAD_LEN 8 #define ISCSI_REASON_LEN 64 #define ISCSI_DIGEST_NONE 0 #define ISCSI_DIGEST_CRC32C 1 /* * Session configuration, set when adding the session. */ struct iscsi_session_conf { char isc_initiator[ISCSI_NAME_LEN]; char isc_initiator_addr[ISCSI_ADDR_LEN]; char isc_initiator_alias[ISCSI_ALIAS_LEN]; char isc_target[ISCSI_NAME_LEN]; char isc_target_addr[ISCSI_ADDR_LEN]; char isc_user[ISCSI_NAME_LEN]; char isc_secret[ISCSI_SECRET_LEN]; char isc_mutual_user[ISCSI_NAME_LEN]; char isc_mutual_secret[ISCSI_SECRET_LEN]; int isc_discovery; int isc_header_digest; int isc_data_digest; int isc_iser; char isc_offload[ISCSI_OFFLOAD_LEN]; int isc_enable; int isc_dscp; int isc_pcp; int isc_spare[2]; }; /* * Additional constraints imposed by chosen ICL offload module; * iscsid(8) must obey those when negotiating operational parameters. */ struct iscsi_session_limits { size_t isl_spare0; int isl_max_recv_data_segment_length; int isl_max_send_data_segment_length; int isl_max_burst_length; int isl_first_burst_length; int isl_spare[4]; }; /* * Session state, negotiated by iscsid(8) and queried by iscsictl(8). */ struct iscsi_session_state { struct iscsi_session_conf iss_conf; unsigned int iss_id; char iss_target_alias[ISCSI_ALIAS_LEN]; int iss_header_digest; int iss_data_digest; int iss_max_recv_data_segment_length; int iss_max_burst_length; int iss_first_burst_length; int iss_immediate_data; int iss_connected; char iss_reason[ISCSI_REASON_LEN]; char iss_offload[ISCSI_OFFLOAD_LEN]; int iss_max_send_data_segment_length; int iss_spare[3]; }; /* * The following ioctls are used by iscsid(8). */ struct iscsi_daemon_request { unsigned int idr_session_id; struct iscsi_session_conf idr_conf; uint8_t idr_isid[6]; uint16_t idr_tsih; uint16_t idr_spare_cid; struct iscsi_session_limits idr_limits; int idr_spare[4]; }; struct iscsi_daemon_handoff { unsigned int idh_session_id; int idh_socket; char idh_target_alias[ISCSI_ALIAS_LEN]; int idh_protocol_level; uint16_t idh_spare; uint16_t idh_tsih; uint16_t idh_spare_cid; uint32_t idh_statsn; int idh_header_digest; int idh_data_digest; size_t spare[3]; int idh_immediate_data; int idh_initial_r2t; int idh_max_recv_data_segment_length; int idh_max_send_data_segment_length; int idh_max_burst_length; int idh_first_burst_length; }; struct iscsi_daemon_fail { unsigned int idf_session_id; char idf_reason[ISCSI_REASON_LEN]; int idf_spare[4]; }; #define ISCSIDWAIT _IOR('I', 0x01, struct iscsi_daemon_request) #define ISCSIDHANDOFF _IOW('I', 0x02, struct iscsi_daemon_handoff) #define ISCSIDFAIL _IOW('I', 0x03, struct iscsi_daemon_fail) #ifdef ICL_KERNEL_PROXY /* * When ICL_KERNEL_PROXY is not defined, the iscsid(8) is responsible * for creating the socket, connecting, and performing Login Phase using * the socket in the usual userspace way, and then passing the socket * file descriptor to the kernel part using ISCSIDHANDOFF. * * When ICL_KERNEL_PROXY is defined, the iscsid(8) creates the session * using ISCSICONNECT, performs Login Phase using ISCSISEND/ISCSIRECEIVE * instead of read(2)/write(2), and then calls ISCSIDHANDOFF with * idh_socket set to 0. * * The purpose of ICL_KERNEL_PROXY is to workaround the fact that, * at this time, it's not possible to do iWARP (RDMA) in userspace. */ struct iscsi_daemon_connect { unsigned int idc_session_id; int idc_iser; int idc_domain; int idc_socktype; int idc_protocol; struct sockaddr *idc_from_addr; socklen_t idc_from_addrlen; struct sockaddr *idc_to_addr; socklen_t idc_to_addrlen; int idc_spare[4]; }; struct iscsi_daemon_send { unsigned int ids_session_id; void *ids_bhs; size_t ids_spare; void *ids_spare2; size_t ids_data_segment_len; void *ids_data_segment; int ids_spare3[4]; }; struct iscsi_daemon_receive { unsigned int idr_session_id; void *idr_bhs; size_t idr_spare; void *idr_spare2; size_t idr_data_segment_len; void *idr_data_segment; int idr_spare3[4]; }; #define ISCSIDCONNECT _IOWR('I', 0x04, struct iscsi_daemon_connect) #define ISCSIDSEND _IOWR('I', 0x05, struct iscsi_daemon_send) #define ISCSIDRECEIVE _IOWR('I', 0x06, struct iscsi_daemon_receive) #endif /* ICL_KERNEL_PROXY */ /* * The following ioctls are used by iscsictl(8). */ struct iscsi_session_add { struct iscsi_session_conf isa_conf; int isa_spare[4]; }; struct iscsi_session_remove { unsigned int isr_session_id; struct iscsi_session_conf isr_conf; int isr_spare[4]; }; struct iscsi_session_list { unsigned int isl_nentries; struct iscsi_session_state *isl_pstates; int isl_spare[4]; }; struct iscsi_session_modify { unsigned int ism_session_id; struct iscsi_session_conf ism_conf; int ism_spare[4]; }; #define ISCSISADD _IOW('I', 0x11, struct iscsi_session_add) #define ISCSISREMOVE _IOW('I', 0x12, struct iscsi_session_remove) #define ISCSISLIST _IOWR('I', 0x13, struct iscsi_session_list) #define ISCSISMODIFY _IOWR('I', 0x14, struct iscsi_session_modify) #endif /* !ISCSI_IOCTL_H */ Index: head/sys/dev/iscsi/iscsi_proto.h =================================================================== --- head/sys/dev/iscsi/iscsi_proto.h (revision 367104) +++ head/sys/dev/iscsi/iscsi_proto.h (revision 367105) @@ -1,462 +1,461 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef ISCSI_PROTO_H #define ISCSI_PROTO_H #ifndef CTASSERT #define CTASSERT(x) _CTASSERT(x, __LINE__) #define _CTASSERT(x, y) __CTASSERT(x, y) #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1] #endif #define ISCSI_SNGT(x, y) ((int32_t)(x) - (int32_t)(y) > 0) #define ISCSI_SNLT(x, y) ((int32_t)(x) - (int32_t)(y) < 0) #define ISCSI_BHS_SIZE 48 #define ISCSI_HEADER_DIGEST_SIZE 4 #define ISCSI_DATA_DIGEST_SIZE 4 #define ISCSI_BHS_OPCODE_IMMEDIATE 0x40 #define ISCSI_BHS_OPCODE_NOP_OUT 0x00 #define ISCSI_BHS_OPCODE_SCSI_COMMAND 0x01 #define ISCSI_BHS_OPCODE_TASK_REQUEST 0x02 #define ISCSI_BHS_OPCODE_LOGIN_REQUEST 0x03 #define ISCSI_BHS_OPCODE_TEXT_REQUEST 0x04 #define ISCSI_BHS_OPCODE_SCSI_DATA_OUT 0x05 #define ISCSI_BHS_OPCODE_LOGOUT_REQUEST 0x06 #define ISCSI_BHS_OPCODE_NOP_IN 0x20 #define ISCSI_BHS_OPCODE_SCSI_RESPONSE 0x21 #define ISCSI_BHS_OPCODE_TASK_RESPONSE 0x22 #define ISCSI_BHS_OPCODE_LOGIN_RESPONSE 0x23 #define ISCSI_BHS_OPCODE_TEXT_RESPONSE 0x24 #define ISCSI_BHS_OPCODE_SCSI_DATA_IN 0x25 #define ISCSI_BHS_OPCODE_LOGOUT_RESPONSE 0x26 #define ISCSI_BHS_OPCODE_R2T 0x31 #define ISCSI_BHS_OPCODE_ASYNC_MESSAGE 0x32 #define ISCSI_BHS_OPCODE_REJECT 0x3f struct iscsi_bhs { uint8_t bhs_opcode; uint8_t bhs_opcode_specific1[3]; uint8_t bhs_total_ahs_len; uint8_t bhs_data_segment_len[3]; uint64_t bhs_lun; uint8_t bhs_inititator_task_tag[4]; uint8_t bhs_opcode_specific4[28]; }; CTASSERT(sizeof(struct iscsi_bhs) == ISCSI_BHS_SIZE); #define BHSSC_FLAGS_F 0x80 #define BHSSC_FLAGS_R 0x40 #define BHSSC_FLAGS_W 0x20 #define BHSSC_FLAGS_ATTR 0x07 #define BHSSC_FLAGS_ATTR_UNTAGGED 0 #define BHSSC_FLAGS_ATTR_SIMPLE 1 #define BHSSC_FLAGS_ATTR_ORDERED 2 #define BHSSC_FLAGS_ATTR_HOQ 3 #define BHSSC_FLAGS_ATTR_ACA 4 #define BHSSC_PRI_MASK 0xf0 #define BHSSC_PRI_SHIFT 4 struct iscsi_bhs_scsi_command { uint8_t bhssc_opcode; uint8_t bhssc_flags; uint8_t bhssc_pri; uint8_t bhssc_reserved; uint8_t bhssc_total_ahs_len; uint8_t bhssc_data_segment_len[3]; uint64_t bhssc_lun; uint32_t bhssc_initiator_task_tag; uint32_t bhssc_expected_data_transfer_length; uint32_t bhssc_cmdsn; uint32_t bhssc_expstatsn; uint8_t bhssc_cdb[16]; }; CTASSERT(sizeof(struct iscsi_bhs_scsi_command) == ISCSI_BHS_SIZE); #define BHSSR_FLAGS_RESIDUAL_UNDERFLOW 0x02 #define BHSSR_FLAGS_RESIDUAL_OVERFLOW 0x04 #define BHSSR_RESPONSE_COMMAND_COMPLETED 0x00 struct iscsi_bhs_scsi_response { uint8_t bhssr_opcode; uint8_t bhssr_flags; uint8_t bhssr_response; uint8_t bhssr_status; uint8_t bhssr_total_ahs_len; uint8_t bhssr_data_segment_len[3]; uint16_t bhssr_status_qualifier; uint16_t bhssr_reserved; uint32_t bhssr_reserved2; uint32_t bhssr_initiator_task_tag; uint32_t bhssr_snack_tag; uint32_t bhssr_statsn; uint32_t bhssr_expcmdsn; uint32_t bhssr_maxcmdsn; uint32_t bhssr_expdatasn; uint32_t bhssr_bidirectional_read_residual_count; uint32_t bhssr_residual_count; }; CTASSERT(sizeof(struct iscsi_bhs_scsi_response) == ISCSI_BHS_SIZE); #define BHSTMR_FUNCTION_ABORT_TASK 1 #define BHSTMR_FUNCTION_ABORT_TASK_SET 2 #define BHSTMR_FUNCTION_CLEAR_ACA 3 #define BHSTMR_FUNCTION_CLEAR_TASK_SET 4 #define BHSTMR_FUNCTION_LOGICAL_UNIT_RESET 5 #define BHSTMR_FUNCTION_TARGET_WARM_RESET 6 #define BHSTMR_FUNCTION_TARGET_COLD_RESET 7 #define BHSTMR_FUNCTION_TASK_REASSIGN 8 #define BHSTMR_FUNCTION_QUERY_TASK 9 #define BHSTMR_FUNCTION_QUERY_TASK_SET 10 #define BHSTMR_FUNCTION_I_T_NEXUS_RESET 11 #define BHSTMR_FUNCTION_QUERY_ASYNC_EVENT 12 struct iscsi_bhs_task_management_request { uint8_t bhstmr_opcode; uint8_t bhstmr_function; uint8_t bhstmr_reserved[2]; uint8_t bhstmr_total_ahs_len; uint8_t bhstmr_data_segment_len[3]; uint64_t bhstmr_lun; uint32_t bhstmr_initiator_task_tag; uint32_t bhstmr_referenced_task_tag; uint32_t bhstmr_cmdsn; uint32_t bhstmr_expstatsn; uint32_t bhstmr_refcmdsn; uint32_t bhstmr_expdatasn; uint64_t bhstmr_reserved2; }; CTASSERT(sizeof(struct iscsi_bhs_task_management_request) == ISCSI_BHS_SIZE); #define BHSTMR_RESPONSE_FUNCTION_COMPLETE 0 #define BHSTMR_RESPONSE_TASK_DOES_NOT_EXIST 1 #define BHSTMR_RESPONSE_LUN_DOES_NOT_EXIST 2 #define BHSTMR_RESPONSE_TASK_STILL_ALLEGIANT 3 #define BHSTMR_RESPONSE_TASK_ALL_REASS_NOT_SUPP 4 #define BHSTMR_RESPONSE_FUNCTION_NOT_SUPPORTED 5 #define BHSTMR_RESPONSE_FUNCTION_AUTH_FAIL 6 #define BHSTMR_RESPONSE_FUNCTION_SUCCEEDED 7 #define BHSTMR_RESPONSE_FUNCTION_REJECTED 255 struct iscsi_bhs_task_management_response { uint8_t bhstmr_opcode; uint8_t bhstmr_flags; uint8_t bhstmr_response; uint8_t bhstmr_reserved; uint8_t bhstmr_total_ahs_len; uint8_t bhstmr_data_segment_len[3]; uint8_t bhstmr_additional_reponse_information[3]; uint8_t bhstmr_reserved2[5]; uint32_t bhstmr_initiator_task_tag; uint32_t bhstmr_reserved3; uint32_t bhstmr_statsn; uint32_t bhstmr_expcmdsn; uint32_t bhstmr_maxcmdsn; uint8_t bhstmr_reserved4[12]; }; CTASSERT(sizeof(struct iscsi_bhs_task_management_response) == ISCSI_BHS_SIZE); #define BHSLR_FLAGS_TRANSIT 0x80 #define BHSLR_FLAGS_CONTINUE 0x40 #define BHSLR_STAGE_SECURITY_NEGOTIATION 0 #define BHSLR_STAGE_OPERATIONAL_NEGOTIATION 1 #define BHSLR_STAGE_FULL_FEATURE_PHASE 3 /* Yes, 3. */ struct iscsi_bhs_login_request { uint8_t bhslr_opcode; uint8_t bhslr_flags; uint8_t bhslr_version_max; uint8_t bhslr_version_min; uint8_t bhslr_total_ahs_len; uint8_t bhslr_data_segment_len[3]; uint8_t bhslr_isid[6]; uint16_t bhslr_tsih; uint32_t bhslr_initiator_task_tag; uint16_t bhslr_cid; uint16_t bhslr_reserved; uint32_t bhslr_cmdsn; uint32_t bhslr_expstatsn; uint8_t bhslr_reserved2[16]; }; CTASSERT(sizeof(struct iscsi_bhs_login_request) == ISCSI_BHS_SIZE); struct iscsi_bhs_login_response { uint8_t bhslr_opcode; uint8_t bhslr_flags; uint8_t bhslr_version_max; uint8_t bhslr_version_active; uint8_t bhslr_total_ahs_len; uint8_t bhslr_data_segment_len[3]; uint8_t bhslr_isid[6]; uint16_t bhslr_tsih; uint32_t bhslr_initiator_task_tag; uint32_t bhslr_reserved; uint32_t bhslr_statsn; uint32_t bhslr_expcmdsn; uint32_t bhslr_maxcmdsn; uint8_t bhslr_status_class; uint8_t bhslr_status_detail; uint16_t bhslr_reserved2; uint8_t bhslr_reserved3[8]; }; CTASSERT(sizeof(struct iscsi_bhs_login_response) == ISCSI_BHS_SIZE); #define BHSTR_FLAGS_FINAL 0x80 #define BHSTR_FLAGS_CONTINUE 0x40 struct iscsi_bhs_text_request { uint8_t bhstr_opcode; uint8_t bhstr_flags; uint16_t bhstr_reserved; uint8_t bhstr_total_ahs_len; uint8_t bhstr_data_segment_len[3]; uint64_t bhstr_lun; uint32_t bhstr_initiator_task_tag; uint32_t bhstr_target_transfer_tag; uint32_t bhstr_cmdsn; uint32_t bhstr_expstatsn; uint8_t bhstr_reserved2[16]; }; CTASSERT(sizeof(struct iscsi_bhs_text_request) == ISCSI_BHS_SIZE); struct iscsi_bhs_text_response { uint8_t bhstr_opcode; uint8_t bhstr_flags; uint16_t bhstr_reserved; uint8_t bhstr_total_ahs_len; uint8_t bhstr_data_segment_len[3]; uint64_t bhstr_lun; uint32_t bhstr_initiator_task_tag; uint32_t bhstr_target_transfer_tag; uint32_t bhstr_statsn; uint32_t bhstr_expcmdsn; uint32_t bhstr_maxcmdsn; uint8_t bhstr_reserved2[12]; }; CTASSERT(sizeof(struct iscsi_bhs_text_response) == ISCSI_BHS_SIZE); #define BHSDO_FLAGS_F 0x80 struct iscsi_bhs_data_out { uint8_t bhsdo_opcode; uint8_t bhsdo_flags; uint8_t bhsdo_reserved[2]; uint8_t bhsdo_total_ahs_len; uint8_t bhsdo_data_segment_len[3]; uint64_t bhsdo_lun; uint32_t bhsdo_initiator_task_tag; uint32_t bhsdo_target_transfer_tag; uint32_t bhsdo_reserved2; uint32_t bhsdo_expstatsn; uint32_t bhsdo_reserved3; uint32_t bhsdo_datasn; uint32_t bhsdo_buffer_offset; uint32_t bhsdo_reserved4; }; CTASSERT(sizeof(struct iscsi_bhs_data_out) == ISCSI_BHS_SIZE); #define BHSDI_FLAGS_F 0x80 #define BHSDI_FLAGS_A 0x40 #define BHSDI_FLAGS_O 0x04 #define BHSDI_FLAGS_U 0x02 #define BHSDI_FLAGS_S 0x01 struct iscsi_bhs_data_in { uint8_t bhsdi_opcode; uint8_t bhsdi_flags; uint8_t bhsdi_reserved; uint8_t bhsdi_status; uint8_t bhsdi_total_ahs_len; uint8_t bhsdi_data_segment_len[3]; uint64_t bhsdi_lun; uint32_t bhsdi_initiator_task_tag; uint32_t bhsdi_target_transfer_tag; uint32_t bhsdi_statsn; uint32_t bhsdi_expcmdsn; uint32_t bhsdi_maxcmdsn; uint32_t bhsdi_datasn; uint32_t bhsdi_buffer_offset; uint32_t bhsdi_residual_count; }; CTASSERT(sizeof(struct iscsi_bhs_data_in) == ISCSI_BHS_SIZE); struct iscsi_bhs_r2t { uint8_t bhsr2t_opcode; uint8_t bhsr2t_flags; uint16_t bhsr2t_reserved; uint8_t bhsr2t_total_ahs_len; uint8_t bhsr2t_data_segment_len[3]; uint64_t bhsr2t_lun; uint32_t bhsr2t_initiator_task_tag; uint32_t bhsr2t_target_transfer_tag; uint32_t bhsr2t_statsn; uint32_t bhsr2t_expcmdsn; uint32_t bhsr2t_maxcmdsn; uint32_t bhsr2t_r2tsn; uint32_t bhsr2t_buffer_offset; uint32_t bhsr2t_desired_data_transfer_length; }; CTASSERT(sizeof(struct iscsi_bhs_r2t) == ISCSI_BHS_SIZE); struct iscsi_bhs_nop_out { uint8_t bhsno_opcode; uint8_t bhsno_flags; uint16_t bhsno_reserved; uint8_t bhsno_total_ahs_len; uint8_t bhsno_data_segment_len[3]; uint64_t bhsno_lun; uint32_t bhsno_initiator_task_tag; uint32_t bhsno_target_transfer_tag; uint32_t bhsno_cmdsn; uint32_t bhsno_expstatsn; uint8_t bhsno_reserved2[16]; }; CTASSERT(sizeof(struct iscsi_bhs_nop_out) == ISCSI_BHS_SIZE); struct iscsi_bhs_nop_in { uint8_t bhsni_opcode; uint8_t bhsni_flags; uint16_t bhsni_reserved; uint8_t bhsni_total_ahs_len; uint8_t bhsni_data_segment_len[3]; uint64_t bhsni_lun; uint32_t bhsni_initiator_task_tag; uint32_t bhsni_target_transfer_tag; uint32_t bhsni_statsn; uint32_t bhsni_expcmdsn; uint32_t bhsni_maxcmdsn; uint8_t bhsno_reserved2[12]; }; CTASSERT(sizeof(struct iscsi_bhs_nop_in) == ISCSI_BHS_SIZE); #define BHSLR_REASON_CLOSE_SESSION 0 #define BHSLR_REASON_CLOSE_CONNECTION 1 #define BHSLR_REASON_REMOVE_FOR_RECOVERY 2 struct iscsi_bhs_logout_request { uint8_t bhslr_opcode; uint8_t bhslr_reason; uint16_t bhslr_reserved; uint8_t bhslr_total_ahs_len; uint8_t bhslr_data_segment_len[3]; uint64_t bhslr_reserved2; uint32_t bhslr_initiator_task_tag; uint16_t bhslr_cid; uint16_t bhslr_reserved3; uint32_t bhslr_cmdsn; uint32_t bhslr_expstatsn; uint8_t bhslr_reserved4[16]; }; CTASSERT(sizeof(struct iscsi_bhs_logout_request) == ISCSI_BHS_SIZE); #define BHSLR_RESPONSE_CLOSED_SUCCESSFULLY 0 #define BHSLR_RESPONSE_RECOVERY_NOT_SUPPORTED 2 struct iscsi_bhs_logout_response { uint8_t bhslr_opcode; uint8_t bhslr_flags; uint8_t bhslr_response; uint8_t bhslr_reserved; uint8_t bhslr_total_ahs_len; uint8_t bhslr_data_segment_len[3]; uint64_t bhslr_reserved2; uint32_t bhslr_initiator_task_tag; uint32_t bhslr_reserved3; uint32_t bhslr_statsn; uint32_t bhslr_expcmdsn; uint32_t bhslr_maxcmdsn; uint32_t bhslr_reserved4; uint16_t bhslr_time2wait; uint16_t bhslr_time2retain; uint32_t bhslr_reserved5; }; CTASSERT(sizeof(struct iscsi_bhs_logout_response) == ISCSI_BHS_SIZE); #define BHSAM_EVENT_TARGET_REQUESTS_LOGOUT 1 #define BHSAM_EVENT_TARGET_TERMINATES_CONNECTION 2 #define BHSAM_EVENT_TARGET_TERMINATES_SESSION 3 struct iscsi_bhs_asynchronous_message { uint8_t bhsam_opcode; uint8_t bhsam_flags; uint16_t bhsam_reserved; uint8_t bhsam_total_ahs_len; uint8_t bhsam_data_segment_len[3]; uint64_t bhsam_lun; uint32_t bhsam_0xffffffff; uint32_t bhsam_reserved2; uint32_t bhsam_statsn; uint32_t bhsam_expcmdsn; uint32_t bhsam_maxcmdsn; uint8_t bhsam_async_event; uint8_t bhsam_async_vcode; uint16_t bhsam_parameter1; uint16_t bhsam_parameter2; uint16_t bhsam_parameter3; uint32_t bhsam_reserved3; }; CTASSERT(sizeof(struct iscsi_bhs_asynchronous_message) == ISCSI_BHS_SIZE); #define BHSSR_REASON_DATA_DIGEST_ERROR 0x02 #define BHSSR_PROTOCOL_ERROR 0x04 #define BHSSR_COMMAND_NOT_SUPPORTED 0x05 #define BHSSR_INVALID_PDU_FIELD 0x09 struct iscsi_bhs_reject { uint8_t bhsr_opcode; uint8_t bhsr_flags; uint8_t bhsr_reason; uint8_t bhsr_reserved; uint8_t bhsr_total_ahs_len; uint8_t bhsr_data_segment_len[3]; uint64_t bhsr_reserved2; uint32_t bhsr_0xffffffff; uint32_t bhsr_reserved3; uint32_t bhsr_statsn; uint32_t bhsr_expcmdsn; uint32_t bhsr_maxcmdsn; uint32_t bhsr_datasn_r2tsn; uint32_t bhsr_reserved4; uint32_t bhsr_reserved5; }; CTASSERT(sizeof(struct iscsi_bhs_reject) == ISCSI_BHS_SIZE); #endif /* !ISCSI_PROTO_H */ Index: head/sys/dev/usb/storage/cfumass.c =================================================================== --- head/sys/dev/usb/storage/cfumass.c (revision 367104) +++ head/sys/dev/usb/storage/cfumass.c (revision 367105) @@ -1,998 +1,997 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2016 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * USB Mass Storage Class Bulk-Only (BBB) Transport target. * * http://www.usb.org/developers/docs/devclass_docs/usbmassbulk_10.pdf * * This code implements the USB Mass Storage frontend driver for the CAM * Target Layer (ctl(4)) subsystem. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include "usbdevs.h" #include "usb_if.h" #include #include #include #include #include #include #include #include #include #include #include SYSCTL_NODE(_hw_usb, OID_AUTO, cfumass, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "CAM Target Layer USB Mass Storage Frontend"); static int debug = 1; SYSCTL_INT(_hw_usb_cfumass, OID_AUTO, debug, CTLFLAG_RWTUN, &debug, 1, "Enable debug messages"); static int max_lun = 0; SYSCTL_INT(_hw_usb_cfumass, OID_AUTO, max_lun, CTLFLAG_RWTUN, &max_lun, 1, "Maximum advertised LUN number"); static int ignore_stop = 1; SYSCTL_INT(_hw_usb_cfumass, OID_AUTO, ignore_stop, CTLFLAG_RWTUN, &ignore_stop, 1, "Ignore START STOP UNIT with START and LOEJ bits cleared"); /* * The driver uses a single, global CTL port. It could create its ports * in cfumass_attach() instead, but that would make it impossible to specify * "port cfumass0" in ctl.conf(5), as the port generally wouldn't exist * at the time ctld(8) gets run. */ struct ctl_port cfumass_port; bool cfumass_port_online; volatile u_int cfumass_refcount; #ifndef CFUMASS_BULK_SIZE #define CFUMASS_BULK_SIZE (1U << 17) /* bytes */ #endif /* * USB transfer definitions. */ #define CFUMASS_T_COMMAND 0 #define CFUMASS_T_DATA_OUT 1 #define CFUMASS_T_DATA_IN 2 #define CFUMASS_T_STATUS 3 #define CFUMASS_T_MAX 4 /* * USB interface specific control requests. */ #define UR_RESET 0xff /* Bulk-Only Mass Storage Reset */ #define UR_GET_MAX_LUN 0xfe /* Get Max LUN */ /* * Command Block Wrapper. */ struct cfumass_cbw_t { uDWord dCBWSignature; #define CBWSIGNATURE 0x43425355 /* "USBC" */ uDWord dCBWTag; uDWord dCBWDataTransferLength; uByte bCBWFlags; #define CBWFLAGS_OUT 0x00 #define CBWFLAGS_IN 0x80 uByte bCBWLUN; uByte bCDBLength; #define CBWCBLENGTH 16 uByte CBWCB[CBWCBLENGTH]; } __packed; #define CFUMASS_CBW_SIZE 31 CTASSERT(sizeof(struct cfumass_cbw_t) == CFUMASS_CBW_SIZE); /* * Command Status Wrapper. */ struct cfumass_csw_t { uDWord dCSWSignature; #define CSWSIGNATURE 0x53425355 /* "USBS" */ uDWord dCSWTag; uDWord dCSWDataResidue; uByte bCSWStatus; #define CSWSTATUS_GOOD 0x0 #define CSWSTATUS_FAILED 0x1 #define CSWSTATUS_PHASE 0x2 } __packed; #define CFUMASS_CSW_SIZE 13 CTASSERT(sizeof(struct cfumass_csw_t) == CFUMASS_CSW_SIZE); struct cfumass_softc { device_t sc_dev; struct usb_device *sc_udev; struct usb_xfer *sc_xfer[CFUMASS_T_MAX]; struct cfumass_cbw_t *sc_cbw; struct cfumass_csw_t *sc_csw; struct mtx sc_mtx; int sc_online; int sc_ctl_initid; /* * This is used to communicate between CTL callbacks * and USB callbacks; basically, it holds the state * for the current command ("the" command, since there * is no queueing in USB Mass Storage). */ bool sc_current_stalled; /* * The following are set upon receiving a SCSI command. */ int sc_current_tag; int sc_current_transfer_length; int sc_current_flags; /* * The following are set in ctl_datamove(). */ int sc_current_residue; union ctl_io *sc_ctl_io; /* * The following is set in cfumass_done(). */ int sc_current_status; /* * Number of requests queued to CTL. */ volatile u_int sc_queued; }; /* * USB interface. */ static device_probe_t cfumass_probe; static device_attach_t cfumass_attach; static device_detach_t cfumass_detach; static device_suspend_t cfumass_suspend; static device_resume_t cfumass_resume; static usb_handle_request_t cfumass_handle_request; static usb_callback_t cfumass_t_command_callback; static usb_callback_t cfumass_t_data_callback; static usb_callback_t cfumass_t_status_callback; static device_method_t cfumass_methods[] = { /* USB interface. */ DEVMETHOD(usb_handle_request, cfumass_handle_request), /* Device interface. */ DEVMETHOD(device_probe, cfumass_probe), DEVMETHOD(device_attach, cfumass_attach), DEVMETHOD(device_detach, cfumass_detach), DEVMETHOD(device_suspend, cfumass_suspend), DEVMETHOD(device_resume, cfumass_resume), DEVMETHOD_END }; static driver_t cfumass_driver = { .name = "cfumass", .methods = cfumass_methods, .size = sizeof(struct cfumass_softc), }; static devclass_t cfumass_devclass; DRIVER_MODULE(cfumass, uhub, cfumass_driver, cfumass_devclass, NULL, 0); MODULE_VERSION(cfumass, 0); MODULE_DEPEND(cfumass, usb, 1, 1, 1); MODULE_DEPEND(cfumass, usb_template, 1, 1, 1); static struct usb_config cfumass_config[CFUMASS_T_MAX] = { [CFUMASS_T_COMMAND] = { .type = UE_BULK, .endpoint = UE_ADDR_ANY, .direction = UE_DIR_OUT, .bufsize = sizeof(struct cfumass_cbw_t), .callback = &cfumass_t_command_callback, .usb_mode = USB_MODE_DEVICE, }, [CFUMASS_T_DATA_OUT] = { .type = UE_BULK, .endpoint = UE_ADDR_ANY, .direction = UE_DIR_OUT, .bufsize = CFUMASS_BULK_SIZE, .flags = {.proxy_buffer = 1, .short_xfer_ok = 1, .ext_buffer = 1}, .callback = &cfumass_t_data_callback, .usb_mode = USB_MODE_DEVICE, }, [CFUMASS_T_DATA_IN] = { .type = UE_BULK, .endpoint = UE_ADDR_ANY, .direction = UE_DIR_IN, .bufsize = CFUMASS_BULK_SIZE, .flags = {.proxy_buffer = 1, .short_xfer_ok = 1, .ext_buffer = 1}, .callback = &cfumass_t_data_callback, .usb_mode = USB_MODE_DEVICE, }, [CFUMASS_T_STATUS] = { .type = UE_BULK, .endpoint = UE_ADDR_ANY, .direction = UE_DIR_IN, .bufsize = sizeof(struct cfumass_csw_t), .flags = {.short_xfer_ok = 1}, .callback = &cfumass_t_status_callback, .usb_mode = USB_MODE_DEVICE, }, }; /* * CTL frontend interface. */ static int cfumass_init(void); static int cfumass_shutdown(void); static void cfumass_online(void *arg); static void cfumass_offline(void *arg); static void cfumass_datamove(union ctl_io *io); static void cfumass_done(union ctl_io *io); static struct ctl_frontend cfumass_frontend = { .name = "umass", .init = cfumass_init, .shutdown = cfumass_shutdown, }; CTL_FRONTEND_DECLARE(ctlcfumass, cfumass_frontend); #define CFUMASS_DEBUG(S, X, ...) \ do { \ if (debug > 1) { \ device_printf(S->sc_dev, "%s: " X "\n", \ __func__, ## __VA_ARGS__); \ } \ } while (0) #define CFUMASS_WARN(S, X, ...) \ do { \ if (debug > 0) { \ device_printf(S->sc_dev, "WARNING: %s: " X "\n",\ __func__, ## __VA_ARGS__); \ } \ } while (0) #define CFUMASS_LOCK(X) mtx_lock(&X->sc_mtx) #define CFUMASS_UNLOCK(X) mtx_unlock(&X->sc_mtx) static void cfumass_transfer_start(struct cfumass_softc *sc, uint8_t xfer_index); static void cfumass_terminate(struct cfumass_softc *sc); static int cfumass_probe(device_t dev) { struct usb_attach_arg *uaa; struct usb_interface_descriptor *id; uaa = device_get_ivars(dev); if (uaa->usb_mode != USB_MODE_DEVICE) return (ENXIO); /* * Check for a compliant device. */ id = usbd_get_interface_descriptor(uaa->iface); if ((id == NULL) || (id->bInterfaceClass != UICLASS_MASS) || (id->bInterfaceSubClass != UISUBCLASS_SCSI) || (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) { return (ENXIO); } return (BUS_PROBE_GENERIC); } static int cfumass_attach(device_t dev) { struct cfumass_softc *sc; struct usb_attach_arg *uaa; int error; sc = device_get_softc(dev); uaa = device_get_ivars(dev); sc->sc_dev = dev; sc->sc_udev = uaa->device; CFUMASS_DEBUG(sc, "go"); usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE); device_set_usb_desc(dev); mtx_init(&sc->sc_mtx, "cfumass", NULL, MTX_DEF); refcount_acquire(&cfumass_refcount); error = usbd_transfer_setup(uaa->device, &uaa->info.bIfaceIndex, sc->sc_xfer, cfumass_config, CFUMASS_T_MAX, sc, &sc->sc_mtx); if (error != 0) { CFUMASS_WARN(sc, "usbd_transfer_setup() failed: %s", usbd_errstr(error)); refcount_release(&cfumass_refcount); return (ENXIO); } sc->sc_cbw = usbd_xfer_get_frame_buffer(sc->sc_xfer[CFUMASS_T_COMMAND], 0); sc->sc_csw = usbd_xfer_get_frame_buffer(sc->sc_xfer[CFUMASS_T_STATUS], 0); sc->sc_ctl_initid = ctl_add_initiator(&cfumass_port, -1, 0, NULL); if (sc->sc_ctl_initid < 0) { CFUMASS_WARN(sc, "ctl_add_initiator() failed with error %d", sc->sc_ctl_initid); usbd_transfer_unsetup(sc->sc_xfer, CFUMASS_T_MAX); refcount_release(&cfumass_refcount); return (ENXIO); } refcount_init(&sc->sc_queued, 0); CFUMASS_LOCK(sc); cfumass_transfer_start(sc, CFUMASS_T_COMMAND); CFUMASS_UNLOCK(sc); return (0); } static int cfumass_detach(device_t dev) { struct cfumass_softc *sc; int error; sc = device_get_softc(dev); CFUMASS_DEBUG(sc, "go"); CFUMASS_LOCK(sc); cfumass_terminate(sc); CFUMASS_UNLOCK(sc); usbd_transfer_unsetup(sc->sc_xfer, CFUMASS_T_MAX); if (sc->sc_ctl_initid != -1) { error = ctl_remove_initiator(&cfumass_port, sc->sc_ctl_initid); if (error != 0) { CFUMASS_WARN(sc, "ctl_remove_initiator() failed " "with error %d", error); } sc->sc_ctl_initid = -1; } mtx_destroy(&sc->sc_mtx); refcount_release(&cfumass_refcount); return (0); } static int cfumass_suspend(device_t dev) { struct cfumass_softc *sc; sc = device_get_softc(dev); CFUMASS_DEBUG(sc, "go"); return (0); } static int cfumass_resume(device_t dev) { struct cfumass_softc *sc; sc = device_get_softc(dev); CFUMASS_DEBUG(sc, "go"); return (0); } static void cfumass_transfer_start(struct cfumass_softc *sc, uint8_t xfer_index) { usbd_transfer_start(sc->sc_xfer[xfer_index]); } static void cfumass_transfer_stop_and_drain(struct cfumass_softc *sc, uint8_t xfer_index) { usbd_transfer_stop(sc->sc_xfer[xfer_index]); CFUMASS_UNLOCK(sc); usbd_transfer_drain(sc->sc_xfer[xfer_index]); CFUMASS_LOCK(sc); } static void cfumass_terminate(struct cfumass_softc *sc) { int last; for (;;) { cfumass_transfer_stop_and_drain(sc, CFUMASS_T_COMMAND); cfumass_transfer_stop_and_drain(sc, CFUMASS_T_DATA_IN); cfumass_transfer_stop_and_drain(sc, CFUMASS_T_DATA_OUT); if (sc->sc_ctl_io != NULL) { CFUMASS_DEBUG(sc, "terminating CTL transfer"); ctl_set_data_phase_error(&sc->sc_ctl_io->scsiio); sc->sc_ctl_io->scsiio.be_move_done(sc->sc_ctl_io); sc->sc_ctl_io = NULL; } cfumass_transfer_stop_and_drain(sc, CFUMASS_T_STATUS); refcount_acquire(&sc->sc_queued); last = refcount_release(&sc->sc_queued); if (last != 0) break; CFUMASS_DEBUG(sc, "%d CTL tasks pending", sc->sc_queued); msleep(__DEVOLATILE(void *, &sc->sc_queued), &sc->sc_mtx, 0, "cfumass_reset", hz / 100); } } static int cfumass_handle_request(device_t dev, const void *preq, void **pptr, uint16_t *plen, uint16_t offset, uint8_t *pstate) { static uint8_t max_lun_tmp; struct cfumass_softc *sc; const struct usb_device_request *req; uint8_t is_complete; sc = device_get_softc(dev); req = preq; is_complete = *pstate; CFUMASS_DEBUG(sc, "go"); if (is_complete) return (ENXIO); if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) && (req->bRequest == UR_RESET)) { CFUMASS_WARN(sc, "received Bulk-Only Mass Storage Reset"); *plen = 0; CFUMASS_LOCK(sc); cfumass_terminate(sc); cfumass_transfer_start(sc, CFUMASS_T_COMMAND); CFUMASS_UNLOCK(sc); CFUMASS_DEBUG(sc, "Bulk-Only Mass Storage Reset done"); return (0); } if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) && (req->bRequest == UR_GET_MAX_LUN)) { CFUMASS_DEBUG(sc, "received Get Max LUN"); if (offset == 0) { *plen = 1; /* * The protocol doesn't support LUN numbers higher * than 15. Also, some initiators (namely Windows XP * SP3 Version 2002) can't properly query the number * of LUNs, resulting in inaccessible "fake" ones - thus * the default limit of one LUN. */ if (max_lun < 0 || max_lun > 15) { CFUMASS_WARN(sc, "invalid hw.usb.cfumass.max_lun, must be " "between 0 and 15; defaulting to 0"); max_lun_tmp = 0; } else { max_lun_tmp = max_lun; } *pptr = &max_lun_tmp; } else { *plen = 0; } return (0); } return (ENXIO); } static int cfumass_quirk(struct cfumass_softc *sc, unsigned char *cdb, int cdb_len) { struct scsi_start_stop_unit *sssu; switch (cdb[0]) { case START_STOP_UNIT: /* * Some initiators - eg OSX, Darwin Kernel Version 15.6.0, * root:xnu-3248.60.11~2/RELEASE_X86_64 - attempt to stop * the unit on eject, but fail to start it when it's plugged * back. Just ignore the command. */ if (cdb_len < sizeof(*sssu)) { CFUMASS_DEBUG(sc, "received START STOP UNIT with " "bCDBLength %d, should be %zd", cdb_len, sizeof(*sssu)); break; } sssu = (struct scsi_start_stop_unit *)cdb; if ((sssu->how & SSS_PC_MASK) != 0) break; if ((sssu->how & SSS_START) != 0) break; if ((sssu->how & SSS_LOEJ) != 0) break; if (ignore_stop == 0) { break; } else if (ignore_stop == 1) { CFUMASS_WARN(sc, "ignoring START STOP UNIT request"); } else { CFUMASS_DEBUG(sc, "ignoring START STOP UNIT request"); } sc->sc_current_status = 0; cfumass_transfer_start(sc, CFUMASS_T_STATUS); return (1); default: break; } return (0); } static void cfumass_t_command_callback(struct usb_xfer *xfer, usb_error_t usb_error) { struct cfumass_softc *sc; uint32_t signature; union ctl_io *io; int error = 0; sc = usbd_xfer_softc(xfer); KASSERT(sc->sc_ctl_io == NULL, ("sc_ctl_io is %p, should be NULL", sc->sc_ctl_io)); switch (USB_GET_STATE(xfer)) { case USB_ST_TRANSFERRED: CFUMASS_DEBUG(sc, "USB_ST_TRANSFERRED"); signature = UGETDW(sc->sc_cbw->dCBWSignature); if (signature != CBWSIGNATURE) { CFUMASS_WARN(sc, "wrong dCBWSignature 0x%08x, " "should be 0x%08x", signature, CBWSIGNATURE); break; } if (sc->sc_cbw->bCDBLength <= 0 || sc->sc_cbw->bCDBLength > sizeof(sc->sc_cbw->CBWCB)) { CFUMASS_WARN(sc, "invalid bCDBLength %d, should be <= %zd", sc->sc_cbw->bCDBLength, sizeof(sc->sc_cbw->CBWCB)); break; } sc->sc_current_stalled = false; sc->sc_current_status = 0; sc->sc_current_tag = UGETDW(sc->sc_cbw->dCBWTag); sc->sc_current_transfer_length = UGETDW(sc->sc_cbw->dCBWDataTransferLength); sc->sc_current_flags = sc->sc_cbw->bCBWFlags; /* * Make sure to report proper residue if the datamove wasn't * required, or wasn't called due to SCSI error. */ sc->sc_current_residue = sc->sc_current_transfer_length; if (cfumass_quirk(sc, sc->sc_cbw->CBWCB, sc->sc_cbw->bCDBLength) != 0) break; if (!cfumass_port_online) { CFUMASS_DEBUG(sc, "cfumass port is offline; stalling"); usbd_xfer_set_stall(xfer); break; } /* * Those CTL functions cannot be called with mutex held. */ CFUMASS_UNLOCK(sc); io = ctl_alloc_io(cfumass_port.ctl_pool_ref); ctl_zero_io(io); io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = sc; io->io_hdr.io_type = CTL_IO_SCSI; io->io_hdr.nexus.initid = sc->sc_ctl_initid; io->io_hdr.nexus.targ_port = cfumass_port.targ_port; io->io_hdr.nexus.targ_lun = ctl_decode_lun(sc->sc_cbw->bCBWLUN); io->scsiio.tag_num = UGETDW(sc->sc_cbw->dCBWTag); io->scsiio.tag_type = CTL_TAG_UNTAGGED; io->scsiio.cdb_len = sc->sc_cbw->bCDBLength; memcpy(io->scsiio.cdb, sc->sc_cbw->CBWCB, sc->sc_cbw->bCDBLength); refcount_acquire(&sc->sc_queued); error = ctl_queue(io); if (error != CTL_RETVAL_COMPLETE) { CFUMASS_WARN(sc, "ctl_queue() failed; error %d; stalling", error); ctl_free_io(io); refcount_release(&sc->sc_queued); CFUMASS_LOCK(sc); usbd_xfer_set_stall(xfer); break; } CFUMASS_LOCK(sc); break; case USB_ST_SETUP: tr_setup: CFUMASS_DEBUG(sc, "USB_ST_SETUP"); usbd_xfer_set_frame_len(xfer, 0, sizeof(*sc->sc_cbw)); usbd_transfer_submit(xfer); break; default: if (usb_error == USB_ERR_CANCELLED) { CFUMASS_DEBUG(sc, "USB_ERR_CANCELLED"); break; } CFUMASS_DEBUG(sc, "USB_ST_ERROR: %s", usbd_errstr(usb_error)); goto tr_setup; } } static void cfumass_t_data_callback(struct usb_xfer *xfer, usb_error_t usb_error) { struct cfumass_softc *sc = usbd_xfer_softc(xfer); union ctl_io *io = sc->sc_ctl_io; uint32_t max_bulk; struct ctl_sg_entry sg_entry, *sglist; int actlen, sumlen, sg_count; switch (USB_GET_STATE(xfer)) { case USB_ST_TRANSFERRED: CFUMASS_DEBUG(sc, "USB_ST_TRANSFERRED"); usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); sc->sc_current_residue -= actlen; io->scsiio.ext_data_filled += actlen; io->scsiio.kern_data_resid -= actlen; if (actlen < sumlen || sc->sc_current_residue == 0 || io->scsiio.kern_data_resid == 0) { sc->sc_ctl_io = NULL; io->scsiio.be_move_done(io); break; } /* FALLTHROUGH */ case USB_ST_SETUP: tr_setup: CFUMASS_DEBUG(sc, "USB_ST_SETUP"); if (io->scsiio.kern_sg_entries > 0) { sglist = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr; sg_count = io->scsiio.kern_sg_entries; } else { sglist = &sg_entry; sglist->addr = io->scsiio.kern_data_ptr; sglist->len = io->scsiio.kern_data_len; sg_count = 1; } sumlen = io->scsiio.ext_data_filled - io->scsiio.kern_rel_offset; while (sumlen >= sglist->len && sg_count > 0) { sumlen -= sglist->len; sglist++; sg_count--; } KASSERT(sg_count > 0, ("Run out of S/G list entries")); max_bulk = usbd_xfer_max_len(xfer); actlen = min(sglist->len - sumlen, max_bulk); actlen = min(actlen, sc->sc_current_transfer_length - io->scsiio.ext_data_filled); CFUMASS_DEBUG(sc, "requested %d, done %d, max_bulk %d, " "segment %zd => transfer %d", sc->sc_current_transfer_length, io->scsiio.ext_data_filled, max_bulk, sglist->len - sumlen, actlen); usbd_xfer_set_frame_data(xfer, 0, (uint8_t *)sglist->addr + sumlen, actlen); usbd_transfer_submit(xfer); break; default: if (usb_error == USB_ERR_CANCELLED) { CFUMASS_DEBUG(sc, "USB_ERR_CANCELLED"); break; } CFUMASS_DEBUG(sc, "USB_ST_ERROR: %s", usbd_errstr(usb_error)); goto tr_setup; } } static void cfumass_t_status_callback(struct usb_xfer *xfer, usb_error_t usb_error) { struct cfumass_softc *sc; sc = usbd_xfer_softc(xfer); KASSERT(sc->sc_ctl_io == NULL, ("sc_ctl_io is %p, should be NULL", sc->sc_ctl_io)); switch (USB_GET_STATE(xfer)) { case USB_ST_TRANSFERRED: CFUMASS_DEBUG(sc, "USB_ST_TRANSFERRED"); cfumass_transfer_start(sc, CFUMASS_T_COMMAND); break; case USB_ST_SETUP: tr_setup: CFUMASS_DEBUG(sc, "USB_ST_SETUP"); if (sc->sc_current_residue > 0 && !sc->sc_current_stalled) { CFUMASS_DEBUG(sc, "non-zero residue, stalling"); usbd_xfer_set_stall(xfer); sc->sc_current_stalled = true; } USETDW(sc->sc_csw->dCSWSignature, CSWSIGNATURE); USETDW(sc->sc_csw->dCSWTag, sc->sc_current_tag); USETDW(sc->sc_csw->dCSWDataResidue, sc->sc_current_residue); sc->sc_csw->bCSWStatus = sc->sc_current_status; usbd_xfer_set_frame_len(xfer, 0, sizeof(*sc->sc_csw)); usbd_transfer_submit(xfer); break; default: if (usb_error == USB_ERR_CANCELLED) { CFUMASS_DEBUG(sc, "USB_ERR_CANCELLED"); break; } CFUMASS_DEBUG(sc, "USB_ST_ERROR: %s", usbd_errstr(usb_error)); goto tr_setup; } } static void cfumass_online(void *arg __unused) { cfumass_port_online = true; } static void cfumass_offline(void *arg __unused) { cfumass_port_online = false; } static void cfumass_datamove(union ctl_io *io) { struct cfumass_softc *sc; sc = io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr; CFUMASS_DEBUG(sc, "go"); CFUMASS_LOCK(sc); KASSERT(sc->sc_ctl_io == NULL, ("sc_ctl_io is %p, should be NULL", sc->sc_ctl_io)); sc->sc_ctl_io = io; if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) { /* * Verify that CTL wants us to send the data in the direction * expected by the initiator. */ if (sc->sc_current_flags != CBWFLAGS_IN) { CFUMASS_WARN(sc, "wrong bCBWFlags 0x%x, should be 0x%x", sc->sc_current_flags, CBWFLAGS_IN); goto fail; } cfumass_transfer_start(sc, CFUMASS_T_DATA_IN); } else { if (sc->sc_current_flags != CBWFLAGS_OUT) { CFUMASS_WARN(sc, "wrong bCBWFlags 0x%x, should be 0x%x", sc->sc_current_flags, CBWFLAGS_OUT); goto fail; } cfumass_transfer_start(sc, CFUMASS_T_DATA_OUT); } CFUMASS_UNLOCK(sc); return; fail: ctl_set_data_phase_error(&io->scsiio); io->scsiio.be_move_done(io); sc->sc_ctl_io = NULL; } static void cfumass_done(union ctl_io *io) { struct cfumass_softc *sc; sc = io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr; CFUMASS_DEBUG(sc, "go"); KASSERT(((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE), ("invalid CTL status %#x", io->io_hdr.status)); KASSERT(sc->sc_ctl_io == NULL, ("sc_ctl_io is %p, should be NULL", sc->sc_ctl_io)); if (io->io_hdr.io_type == CTL_IO_TASK && io->taskio.task_action == CTL_TASK_I_T_NEXUS_RESET) { /* * Implicit task termination has just completed; nothing to do. */ ctl_free_io(io); return; } /* * Do not return status for aborted commands. * There are exceptions, but none supported by CTL yet. */ if (((io->io_hdr.flags & CTL_FLAG_ABORT) && (io->io_hdr.flags & CTL_FLAG_ABORT_STATUS) == 0) || (io->io_hdr.flags & CTL_FLAG_STATUS_SENT)) { ctl_free_io(io); return; } if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) sc->sc_current_status = 0; else sc->sc_current_status = 1; /* XXX: How should we report BUSY, RESERVATION CONFLICT, etc? */ if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR && io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND) ctl_queue_sense(io); else ctl_free_io(io); CFUMASS_LOCK(sc); cfumass_transfer_start(sc, CFUMASS_T_STATUS); CFUMASS_UNLOCK(sc); refcount_release(&sc->sc_queued); } int cfumass_init(void) { int error; cfumass_port.frontend = &cfumass_frontend; cfumass_port.port_type = CTL_PORT_UMASS; cfumass_port.num_requested_ctl_io = 1; cfumass_port.port_name = "cfumass"; cfumass_port.physical_port = 0; cfumass_port.virtual_port = 0; cfumass_port.port_online = cfumass_online; cfumass_port.port_offline = cfumass_offline; cfumass_port.onoff_arg = NULL; cfumass_port.fe_datamove = cfumass_datamove; cfumass_port.fe_done = cfumass_done; cfumass_port.targ_port = -1; error = ctl_port_register(&cfumass_port); if (error != 0) { printf("%s: ctl_port_register() failed " "with error %d", __func__, error); } cfumass_port_online = true; refcount_init(&cfumass_refcount, 0); return (error); } int cfumass_shutdown(void) { int error; if (cfumass_refcount > 0) { if (debug > 1) { printf("%s: still have %u attachments; " "returning EBUSY\n", __func__, cfumass_refcount); } return (EBUSY); } error = ctl_port_deregister(&cfumass_port); if (error != 0) { printf("%s: ctl_port_deregister() failed " "with error %d\n", __func__, error); } return (error); } Index: head/sys/fs/autofs/autofs.c =================================================================== --- head/sys/fs/autofs/autofs.c (revision 367104) +++ head/sys/fs/autofs/autofs.c (revision 367105) @@ -1,706 +1,705 @@ /*- * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /*- * Copyright (c) 1989, 1991, 1993, 1995 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Rick Macklem at The University of Guelph. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include MALLOC_DEFINE(M_AUTOFS, "autofs", "Automounter filesystem"); uma_zone_t autofs_request_zone; uma_zone_t autofs_node_zone; static int autofs_open(struct cdev *dev, int flags, int fmt, struct thread *td); static int autofs_close(struct cdev *dev, int flag, int fmt, struct thread *td); static int autofs_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int mode, struct thread *td); static struct cdevsw autofs_cdevsw = { .d_version = D_VERSION, .d_open = autofs_open, .d_close = autofs_close, .d_ioctl = autofs_ioctl, .d_name = "autofs", }; /* * List of signals that can interrupt an autofs trigger. Might be a good * idea to keep it synchronised with list in sys/fs/nfs/nfs_commonkrpc.c. */ int autofs_sig_set[] = { SIGINT, SIGTERM, SIGHUP, SIGKILL, SIGQUIT }; struct autofs_softc *autofs_softc; SYSCTL_NODE(_vfs, OID_AUTO, autofs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "Automounter filesystem"); int autofs_debug = 1; TUNABLE_INT("vfs.autofs.debug", &autofs_debug); SYSCTL_INT(_vfs_autofs, OID_AUTO, debug, CTLFLAG_RWTUN, &autofs_debug, 1, "Enable debug messages"); int autofs_mount_on_stat = 0; TUNABLE_INT("vfs.autofs.mount_on_stat", &autofs_mount_on_stat); SYSCTL_INT(_vfs_autofs, OID_AUTO, mount_on_stat, CTLFLAG_RWTUN, &autofs_mount_on_stat, 0, "Trigger mount on stat(2) on mountpoint"); int autofs_timeout = 30; TUNABLE_INT("vfs.autofs.timeout", &autofs_timeout); SYSCTL_INT(_vfs_autofs, OID_AUTO, timeout, CTLFLAG_RWTUN, &autofs_timeout, 30, "Number of seconds to wait for automountd(8)"); int autofs_cache = 600; TUNABLE_INT("vfs.autofs.cache", &autofs_cache); SYSCTL_INT(_vfs_autofs, OID_AUTO, cache, CTLFLAG_RWTUN, &autofs_cache, 600, "Number of seconds to wait before reinvoking " "automountd(8) for any given file or directory"); int autofs_retry_attempts = 3; TUNABLE_INT("vfs.autofs.retry_attempts", &autofs_retry_attempts); SYSCTL_INT(_vfs_autofs, OID_AUTO, retry_attempts, CTLFLAG_RWTUN, &autofs_retry_attempts, 3, "Number of attempts before failing mount"); int autofs_retry_delay = 1; TUNABLE_INT("vfs.autofs.retry_delay", &autofs_retry_delay); SYSCTL_INT(_vfs_autofs, OID_AUTO, retry_delay, CTLFLAG_RWTUN, &autofs_retry_delay, 1, "Number of seconds before retrying"); int autofs_interruptible = 1; TUNABLE_INT("vfs.autofs.interruptible", &autofs_interruptible); SYSCTL_INT(_vfs_autofs, OID_AUTO, interruptible, CTLFLAG_RWTUN, &autofs_interruptible, 1, "Allow requests to be interrupted by signal"); static int autofs_node_cmp(const struct autofs_node *a, const struct autofs_node *b) { return (strcmp(a->an_name, b->an_name)); } RB_GENERATE(autofs_node_tree, autofs_node, an_link, autofs_node_cmp); int autofs_init(struct vfsconf *vfsp) { int error; KASSERT(autofs_softc == NULL, ("softc %p, should be NULL", autofs_softc)); autofs_softc = malloc(sizeof(*autofs_softc), M_AUTOFS, M_WAITOK | M_ZERO); autofs_request_zone = uma_zcreate("autofs_request", sizeof(struct autofs_request), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); autofs_node_zone = uma_zcreate("autofs_node", sizeof(struct autofs_node), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); TAILQ_INIT(&autofs_softc->sc_requests); cv_init(&autofs_softc->sc_cv, "autofscv"); sx_init(&autofs_softc->sc_lock, "autofslk"); error = make_dev_p(MAKEDEV_CHECKNAME, &autofs_softc->sc_cdev, &autofs_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "autofs"); if (error != 0) { AUTOFS_WARN("failed to create device node, error %d", error); uma_zdestroy(autofs_request_zone); uma_zdestroy(autofs_node_zone); free(autofs_softc, M_AUTOFS); return (error); } autofs_softc->sc_cdev->si_drv1 = autofs_softc; return (0); } int autofs_uninit(struct vfsconf *vfsp) { sx_xlock(&autofs_softc->sc_lock); if (autofs_softc->sc_dev_opened) { sx_xunlock(&autofs_softc->sc_lock); return (EBUSY); } if (autofs_softc->sc_cdev != NULL) destroy_dev(autofs_softc->sc_cdev); uma_zdestroy(autofs_request_zone); uma_zdestroy(autofs_node_zone); sx_xunlock(&autofs_softc->sc_lock); /* * XXX: Race with open? */ free(autofs_softc, M_AUTOFS); return (0); } bool autofs_ignore_thread(const struct thread *td) { struct proc *p; p = td->td_proc; if (autofs_softc->sc_dev_opened == false) return (false); PROC_LOCK(p); if (p->p_session->s_sid == autofs_softc->sc_dev_sid) { PROC_UNLOCK(p); return (true); } PROC_UNLOCK(p); return (false); } static char * autofs_path(struct autofs_node *anp) { struct autofs_mount *amp; char *path, *tmp; amp = anp->an_mount; path = strdup("", M_AUTOFS); for (; anp->an_parent != NULL; anp = anp->an_parent) { tmp = malloc(strlen(anp->an_name) + strlen(path) + 2, M_AUTOFS, M_WAITOK); strcpy(tmp, anp->an_name); strcat(tmp, "/"); strcat(tmp, path); free(path, M_AUTOFS); path = tmp; } tmp = malloc(strlen(amp->am_mountpoint) + strlen(path) + 2, M_AUTOFS, M_WAITOK); strcpy(tmp, amp->am_mountpoint); strcat(tmp, "/"); strcat(tmp, path); free(path, M_AUTOFS); path = tmp; return (path); } static void autofs_task(void *context, int pending) { struct autofs_request *ar; ar = context; sx_xlock(&autofs_softc->sc_lock); AUTOFS_WARN("request %d for %s timed out after %d seconds", ar->ar_id, ar->ar_path, autofs_timeout); /* * XXX: EIO perhaps? */ ar->ar_error = ETIMEDOUT; ar->ar_wildcards = true; ar->ar_done = true; ar->ar_in_progress = false; cv_broadcast(&autofs_softc->sc_cv); sx_xunlock(&autofs_softc->sc_lock); } bool autofs_cached(struct autofs_node *anp, const char *component, int componentlen) { int error; struct autofs_mount *amp; amp = anp->an_mount; AUTOFS_ASSERT_UNLOCKED(amp); /* * For root node we need to request automountd(8) assistance even * if the node is marked as cached, but the requested top-level * directory does not exist. This is necessary for wildcard indirect * map keys to work. We don't do this if we know that there are * no wildcards. */ if (anp->an_parent == NULL && componentlen != 0 && anp->an_wildcards) { AUTOFS_SLOCK(amp); error = autofs_node_find(anp, component, componentlen, NULL); AUTOFS_SUNLOCK(amp); if (error != 0) return (false); } return (anp->an_cached); } static void autofs_cache_callout(void *context) { struct autofs_node *anp; anp = context; anp->an_cached = false; } void autofs_flush(struct autofs_mount *amp) { /* * XXX: This will do for now, but ideally we should iterate * over all the nodes. */ amp->am_root->an_cached = false; AUTOFS_DEBUG("%s flushed", amp->am_mountpoint); } /* * The set/restore sigmask functions are used to (temporarily) overwrite * the thread td_sigmask during triggering. */ static void autofs_set_sigmask(sigset_t *oldset) { sigset_t newset; int i; SIGFILLSET(newset); /* Remove the autofs set of signals from newset */ PROC_LOCK(curproc); mtx_lock(&curproc->p_sigacts->ps_mtx); for (i = 0 ; i < nitems(autofs_sig_set); i++) { /* * But make sure we leave the ones already masked * by the process, i.e. remove the signal from the * temporary signalmask only if it wasn't already * in p_sigmask. */ if (!SIGISMEMBER(curthread->td_sigmask, autofs_sig_set[i]) && !SIGISMEMBER(curproc->p_sigacts->ps_sigignore, autofs_sig_set[i])) { SIGDELSET(newset, autofs_sig_set[i]); } } mtx_unlock(&curproc->p_sigacts->ps_mtx); kern_sigprocmask(curthread, SIG_SETMASK, &newset, oldset, SIGPROCMASK_PROC_LOCKED); PROC_UNLOCK(curproc); } static void autofs_restore_sigmask(sigset_t *set) { kern_sigprocmask(curthread, SIG_SETMASK, set, NULL, 0); } static int autofs_trigger_one(struct autofs_node *anp, const char *component, int componentlen) { sigset_t oldset; struct autofs_mount *amp; struct autofs_node *firstanp; struct autofs_request *ar; char *key, *path; int error = 0, request_error, last; bool wildcards; amp = anp->an_mount; sx_assert(&autofs_softc->sc_lock, SA_XLOCKED); if (anp->an_parent == NULL) { key = strndup(component, componentlen, M_AUTOFS); } else { for (firstanp = anp; firstanp->an_parent->an_parent != NULL; firstanp = firstanp->an_parent) continue; key = strdup(firstanp->an_name, M_AUTOFS); } path = autofs_path(anp); TAILQ_FOREACH(ar, &autofs_softc->sc_requests, ar_next) { if (strcmp(ar->ar_path, path) != 0) continue; if (strcmp(ar->ar_key, key) != 0) continue; KASSERT(strcmp(ar->ar_from, amp->am_from) == 0, ("from changed; %s != %s", ar->ar_from, amp->am_from)); KASSERT(strcmp(ar->ar_prefix, amp->am_prefix) == 0, ("prefix changed; %s != %s", ar->ar_prefix, amp->am_prefix)); KASSERT(strcmp(ar->ar_options, amp->am_options) == 0, ("options changed; %s != %s", ar->ar_options, amp->am_options)); break; } if (ar != NULL) { refcount_acquire(&ar->ar_refcount); } else { ar = uma_zalloc(autofs_request_zone, M_WAITOK | M_ZERO); ar->ar_mount = amp; ar->ar_id = atomic_fetchadd_int(&autofs_softc->sc_last_request_id, 1); strlcpy(ar->ar_from, amp->am_from, sizeof(ar->ar_from)); strlcpy(ar->ar_path, path, sizeof(ar->ar_path)); strlcpy(ar->ar_prefix, amp->am_prefix, sizeof(ar->ar_prefix)); strlcpy(ar->ar_key, key, sizeof(ar->ar_key)); strlcpy(ar->ar_options, amp->am_options, sizeof(ar->ar_options)); TIMEOUT_TASK_INIT(taskqueue_thread, &ar->ar_task, 0, autofs_task, ar); taskqueue_enqueue_timeout(taskqueue_thread, &ar->ar_task, autofs_timeout * hz); refcount_init(&ar->ar_refcount, 1); TAILQ_INSERT_TAIL(&autofs_softc->sc_requests, ar, ar_next); } cv_broadcast(&autofs_softc->sc_cv); while (ar->ar_done == false) { if (autofs_interruptible != 0) { autofs_set_sigmask(&oldset); error = cv_wait_sig(&autofs_softc->sc_cv, &autofs_softc->sc_lock); autofs_restore_sigmask(&oldset); if (error != 0) { AUTOFS_WARN("cv_wait_sig for %s failed " "with error %d", ar->ar_path, error); break; } } else { cv_wait(&autofs_softc->sc_cv, &autofs_softc->sc_lock); } } request_error = ar->ar_error; if (request_error != 0) { AUTOFS_WARN("request for %s completed with error %d, " "pid %d (%s)", ar->ar_path, request_error, curproc->p_pid, curproc->p_comm); } wildcards = ar->ar_wildcards; last = refcount_release(&ar->ar_refcount); if (last) { TAILQ_REMOVE(&autofs_softc->sc_requests, ar, ar_next); /* * Unlock the sc_lock, so that autofs_task() can complete. */ sx_xunlock(&autofs_softc->sc_lock); taskqueue_cancel_timeout(taskqueue_thread, &ar->ar_task, NULL); taskqueue_drain_timeout(taskqueue_thread, &ar->ar_task); uma_zfree(autofs_request_zone, ar); sx_xlock(&autofs_softc->sc_lock); } /* * Note that we do not do negative caching on purpose. This * way the user can retry access at any time, e.g. after fixing * the failure reason, without waiting for cache timer to expire. */ if (error == 0 && request_error == 0 && autofs_cache > 0) { anp->an_cached = true; anp->an_wildcards = wildcards; callout_reset(&anp->an_callout, autofs_cache * hz, autofs_cache_callout, anp); } free(key, M_AUTOFS); free(path, M_AUTOFS); if (error != 0) return (error); return (request_error); } /* * Send request to automountd(8) and wait for completion. */ int autofs_trigger(struct autofs_node *anp, const char *component, int componentlen) { int error; for (;;) { error = autofs_trigger_one(anp, component, componentlen); if (error == 0) { anp->an_retries = 0; return (0); } if (error == EINTR || error == ERESTART) { AUTOFS_DEBUG("trigger interrupted by signal, " "not retrying"); anp->an_retries = 0; return (error); } anp->an_retries++; if (anp->an_retries >= autofs_retry_attempts) { AUTOFS_DEBUG("trigger failed %d times; returning " "error %d", anp->an_retries, error); anp->an_retries = 0; return (error); } AUTOFS_DEBUG("trigger failed with error %d; will retry in " "%d seconds, %d attempts left", error, autofs_retry_delay, autofs_retry_attempts - anp->an_retries); sx_xunlock(&autofs_softc->sc_lock); pause("autofs_retry", autofs_retry_delay * hz); sx_xlock(&autofs_softc->sc_lock); } } static int autofs_ioctl_request(struct autofs_daemon_request *adr) { struct autofs_request *ar; int error; sx_xlock(&autofs_softc->sc_lock); for (;;) { TAILQ_FOREACH(ar, &autofs_softc->sc_requests, ar_next) { if (ar->ar_done) continue; if (ar->ar_in_progress) continue; break; } if (ar != NULL) break; error = cv_wait_sig(&autofs_softc->sc_cv, &autofs_softc->sc_lock); if (error != 0) { sx_xunlock(&autofs_softc->sc_lock); return (error); } } ar->ar_in_progress = true; sx_xunlock(&autofs_softc->sc_lock); adr->adr_id = ar->ar_id; strlcpy(adr->adr_from, ar->ar_from, sizeof(adr->adr_from)); strlcpy(adr->adr_path, ar->ar_path, sizeof(adr->adr_path)); strlcpy(adr->adr_prefix, ar->ar_prefix, sizeof(adr->adr_prefix)); strlcpy(adr->adr_key, ar->ar_key, sizeof(adr->adr_key)); strlcpy(adr->adr_options, ar->ar_options, sizeof(adr->adr_options)); PROC_LOCK(curproc); autofs_softc->sc_dev_sid = curproc->p_session->s_sid; PROC_UNLOCK(curproc); return (0); } static int autofs_ioctl_done_101(struct autofs_daemon_done_101 *add) { struct autofs_request *ar; sx_xlock(&autofs_softc->sc_lock); TAILQ_FOREACH(ar, &autofs_softc->sc_requests, ar_next) { if (ar->ar_id == add->add_id) break; } if (ar == NULL) { sx_xunlock(&autofs_softc->sc_lock); AUTOFS_DEBUG("id %d not found", add->add_id); return (ESRCH); } ar->ar_error = add->add_error; ar->ar_wildcards = true; ar->ar_done = true; ar->ar_in_progress = false; cv_broadcast(&autofs_softc->sc_cv); sx_xunlock(&autofs_softc->sc_lock); return (0); } static int autofs_ioctl_done(struct autofs_daemon_done *add) { struct autofs_request *ar; sx_xlock(&autofs_softc->sc_lock); TAILQ_FOREACH(ar, &autofs_softc->sc_requests, ar_next) { if (ar->ar_id == add->add_id) break; } if (ar == NULL) { sx_xunlock(&autofs_softc->sc_lock); AUTOFS_DEBUG("id %d not found", add->add_id); return (ESRCH); } ar->ar_error = add->add_error; ar->ar_wildcards = add->add_wildcards; ar->ar_done = true; ar->ar_in_progress = false; cv_broadcast(&autofs_softc->sc_cv); sx_xunlock(&autofs_softc->sc_lock); return (0); } static int autofs_open(struct cdev *dev, int flags, int fmt, struct thread *td) { sx_xlock(&autofs_softc->sc_lock); /* * We must never block automountd(8) and its descendants, and we use * session ID to determine that: we store session id of the process * that opened the device, and then compare it with session ids * of triggering processes. This means running a second automountd(8) * instance would break the previous one. The check below prevents * it from happening. */ if (autofs_softc->sc_dev_opened) { sx_xunlock(&autofs_softc->sc_lock); return (EBUSY); } autofs_softc->sc_dev_opened = true; sx_xunlock(&autofs_softc->sc_lock); return (0); } static int autofs_close(struct cdev *dev, int flag, int fmt, struct thread *td) { sx_xlock(&autofs_softc->sc_lock); KASSERT(autofs_softc->sc_dev_opened, ("not opened?")); autofs_softc->sc_dev_opened = false; sx_xunlock(&autofs_softc->sc_lock); return (0); } static int autofs_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int mode, struct thread *td) { KASSERT(autofs_softc->sc_dev_opened, ("not opened?")); switch (cmd) { case AUTOFSREQUEST: return (autofs_ioctl_request( (struct autofs_daemon_request *)arg)); case AUTOFSDONE101: return (autofs_ioctl_done_101( (struct autofs_daemon_done_101 *)arg)); case AUTOFSDONE: return (autofs_ioctl_done( (struct autofs_daemon_done *)arg)); default: AUTOFS_DEBUG("invalid cmd %lx", cmd); return (EINVAL); } } Index: head/sys/fs/autofs/autofs.h =================================================================== --- head/sys/fs/autofs/autofs.h (revision 367104) +++ head/sys/fs/autofs/autofs.h (revision 367105) @@ -1,144 +1,143 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef AUTOFS_H #define AUTOFS_H #define VFSTOAUTOFS(mp) ((struct autofs_mount *)((mp)->mnt_data)) MALLOC_DECLARE(M_AUTOFS); extern uma_zone_t autofs_request_zone; extern uma_zone_t autofs_node_zone; extern int autofs_debug; extern int autofs_mount_on_stat; #define AUTOFS_DEBUG(X, ...) \ do { \ if (autofs_debug > 1) \ printf("%s: " X "\n", __func__, ## __VA_ARGS__);\ } while (0) #define AUTOFS_WARN(X, ...) \ do { \ if (autofs_debug > 0) { \ printf("WARNING: %s: " X "\n", \ __func__, ## __VA_ARGS__); \ } \ } while (0) #define AUTOFS_SLOCK(X) sx_slock(&X->am_lock) #define AUTOFS_XLOCK(X) sx_xlock(&X->am_lock) #define AUTOFS_SUNLOCK(X) sx_sunlock(&X->am_lock) #define AUTOFS_XUNLOCK(X) sx_xunlock(&X->am_lock) #define AUTOFS_ASSERT_LOCKED(X) sx_assert(&X->am_lock, SA_LOCKED) #define AUTOFS_ASSERT_XLOCKED(X) sx_assert(&X->am_lock, SA_XLOCKED) #define AUTOFS_ASSERT_UNLOCKED(X) sx_assert(&X->am_lock, SA_UNLOCKED) struct autofs_node { RB_ENTRY(autofs_node) an_link; char *an_name; int an_fileno; struct autofs_node *an_parent; RB_HEAD(autofs_node_tree, autofs_node) an_children; struct autofs_mount *an_mount; struct vnode *an_vnode; struct sx an_vnode_lock; bool an_cached; bool an_wildcards; struct callout an_callout; int an_retries; struct timespec an_ctime; }; struct autofs_mount { TAILQ_ENTRY(autofs_mount) am_next; struct autofs_node *am_root; struct mount *am_mp; struct sx am_lock; char am_from[MAXPATHLEN]; char am_mountpoint[MAXPATHLEN]; char am_options[MAXPATHLEN]; char am_prefix[MAXPATHLEN]; int am_last_fileno; }; struct autofs_request { TAILQ_ENTRY(autofs_request) ar_next; struct autofs_mount *ar_mount; int ar_id; bool ar_done; int ar_error; bool ar_wildcards; bool ar_in_progress; char ar_from[MAXPATHLEN]; char ar_path[MAXPATHLEN]; char ar_prefix[MAXPATHLEN]; char ar_key[MAXPATHLEN]; char ar_options[MAXPATHLEN]; struct timeout_task ar_task; volatile u_int ar_refcount; }; struct autofs_softc { device_t sc_dev; struct cdev *sc_cdev; struct cv sc_cv; struct sx sc_lock; TAILQ_HEAD(, autofs_request) sc_requests; bool sc_dev_opened; pid_t sc_dev_sid; int sc_last_request_id; }; int autofs_init(struct vfsconf *vfsp); int autofs_uninit(struct vfsconf *vfsp); int autofs_trigger(struct autofs_node *anp, const char *component, int componentlen); bool autofs_cached(struct autofs_node *anp, const char *component, int componentlen); void autofs_flush(struct autofs_mount *amp); bool autofs_ignore_thread(const struct thread *td); int autofs_node_new(struct autofs_node *parent, struct autofs_mount *amp, const char *name, int namelen, struct autofs_node **anpp); int autofs_node_find(struct autofs_node *parent, const char *name, int namelen, struct autofs_node **anpp); void autofs_node_delete(struct autofs_node *anp); int autofs_node_vn(struct autofs_node *anp, struct mount *mp, int flags, struct vnode **vpp); RB_PROTOTYPE(autofs_node_tree, autofs_node, an_link, autofs_node_cmp); #endif /* !AUTOFS_H */ Index: head/sys/fs/autofs/autofs_ioctl.h =================================================================== --- head/sys/fs/autofs/autofs_ioctl.h (revision 367104) +++ head/sys/fs/autofs/autofs_ioctl.h (revision 367105) @@ -1,118 +1,117 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2013 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef AUTOFS_IOCTL_H #define AUTOFS_IOCTL_H #define AUTOFS_PATH "/dev/autofs" struct autofs_daemon_request { /* * Request identifier. */ int adr_id; /* * The "from" field, containing map name. For example, * when accessing '/net/192.168.1.3/tank/vm/', that would * be '-hosts'. */ char adr_from[MAXPATHLEN]; /* * Full path to the node being looked up; for requests that result * in actual mount it is the full mount path. */ char adr_path[MAXPATHLEN]; /* * Prefix, which is basically the mountpoint from auto_master(5). * In example above that would be "/net"; for direct maps it is "/". */ char adr_prefix[MAXPATHLEN]; /* * Map key, also used as command argument for dynamic maps; in example * above that would be '192.168.1.3'. */ char adr_key[MAXPATHLEN]; /* * Mount options from auto_master(5). */ char adr_options[MAXPATHLEN]; }; /* * Compatibility with 10.1-RELEASE automountd(8). */ struct autofs_daemon_done_101 { /* * Identifier, copied from adr_id. */ int add_id; /* * Error number, possibly returned to userland. */ int add_error; }; struct autofs_daemon_done { /* * Identifier, copied from adr_id. */ int add_id; /* * Set to 1 if the map may contain wildcard entries; * otherwise autofs will do negative caching. */ int add_wildcards; /* * Error number, possibly returned to userland. */ int add_error; /* * Reserved for future use. */ int add_spare[7]; }; #define AUTOFSREQUEST _IOR('I', 0x01, struct autofs_daemon_request) #define AUTOFSDONE101 _IOW('I', 0x02, struct autofs_daemon_done_101) #define AUTOFSDONE _IOW('I', 0x03, struct autofs_daemon_done) #endif /* !AUTOFS_IOCTL_H */ Index: head/sys/fs/autofs/autofs_vfsops.c =================================================================== --- head/sys/fs/autofs/autofs_vfsops.c (revision 367104) +++ head/sys/fs/autofs/autofs_vfsops.c (revision 367105) @@ -1,221 +1,220 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include static const char *autofs_opts[] = { "from", "master_options", "master_prefix", NULL }; extern struct autofs_softc *autofs_softc; static int autofs_mount(struct mount *mp) { struct autofs_mount *amp; char *from, *fspath, *options, *prefix; int error; if (vfs_filteropt(mp->mnt_optnew, autofs_opts)) return (EINVAL); if (mp->mnt_flag & MNT_UPDATE) { autofs_flush(VFSTOAUTOFS(mp)); return (0); } if (vfs_getopt(mp->mnt_optnew, "from", (void **)&from, NULL)) return (EINVAL); if (vfs_getopt(mp->mnt_optnew, "fspath", (void **)&fspath, NULL)) return (EINVAL); if (vfs_getopt(mp->mnt_optnew, "master_options", (void **)&options, NULL)) return (EINVAL); if (vfs_getopt(mp->mnt_optnew, "master_prefix", (void **)&prefix, NULL)) return (EINVAL); amp = malloc(sizeof(*amp), M_AUTOFS, M_WAITOK | M_ZERO); mp->mnt_data = amp; amp->am_mp = mp; strlcpy(amp->am_from, from, sizeof(amp->am_from)); strlcpy(amp->am_mountpoint, fspath, sizeof(amp->am_mountpoint)); strlcpy(amp->am_options, options, sizeof(amp->am_options)); strlcpy(amp->am_prefix, prefix, sizeof(amp->am_prefix)); sx_init(&->am_lock, "autofslk"); amp->am_last_fileno = 1; vfs_getnewfsid(mp); MNT_ILOCK(mp); mp->mnt_kern_flag |= MNTK_LOOKUP_SHARED; MNT_IUNLOCK(mp); AUTOFS_XLOCK(amp); error = autofs_node_new(NULL, amp, ".", -1, &->am_root); if (error != 0) { AUTOFS_XUNLOCK(amp); free(amp, M_AUTOFS); return (error); } AUTOFS_XUNLOCK(amp); vfs_mountedfrom(mp, from); return (0); } static int autofs_unmount(struct mount *mp, int mntflags) { struct autofs_mount *amp; struct autofs_node *anp; struct autofs_request *ar; int error, flags; bool found; amp = VFSTOAUTOFS(mp); flags = 0; if (mntflags & MNT_FORCE) flags |= FORCECLOSE; error = vflush(mp, 0, flags, curthread); if (error != 0) { AUTOFS_DEBUG("vflush failed with error %d", error); return (error); } /* * All vnodes are gone, and new one will not appear - so, * no new triggerings. We can iterate over outstanding * autofs_requests and terminate them. */ for (;;) { found = false; sx_xlock(&autofs_softc->sc_lock); TAILQ_FOREACH(ar, &autofs_softc->sc_requests, ar_next) { if (ar->ar_mount != amp) continue; ar->ar_error = ENXIO; ar->ar_done = true; ar->ar_in_progress = false; found = true; } sx_xunlock(&autofs_softc->sc_lock); if (found == false) break; cv_broadcast(&autofs_softc->sc_cv); pause("autofs_umount", 1); } AUTOFS_XLOCK(amp); /* * Not terribly efficient, but at least not recursive. */ while (!RB_EMPTY(&->am_root->an_children)) { anp = RB_MIN(autofs_node_tree, &->am_root->an_children); while (!RB_EMPTY(&anp->an_children)) anp = RB_MIN(autofs_node_tree, &anp->an_children); autofs_node_delete(anp); } autofs_node_delete(amp->am_root); mp->mnt_data = NULL; AUTOFS_XUNLOCK(amp); sx_destroy(&->am_lock); free(amp, M_AUTOFS); return (0); } static int autofs_root(struct mount *mp, int flags, struct vnode **vpp) { struct autofs_mount *amp; int error; amp = VFSTOAUTOFS(mp); error = autofs_node_vn(amp->am_root, mp, flags, vpp); return (error); } static int autofs_statfs(struct mount *mp, struct statfs *sbp) { sbp->f_bsize = S_BLKSIZE; sbp->f_iosize = 0; sbp->f_blocks = 0; sbp->f_bfree = 0; sbp->f_bavail = 0; sbp->f_files = 0; sbp->f_ffree = 0; return (0); } static struct vfsops autofs_vfsops = { .vfs_fhtovp = NULL, /* XXX */ .vfs_mount = autofs_mount, .vfs_unmount = autofs_unmount, .vfs_root = autofs_root, .vfs_statfs = autofs_statfs, .vfs_init = autofs_init, .vfs_uninit = autofs_uninit, }; VFS_SET(autofs_vfsops, autofs, VFCF_SYNTHETIC | VFCF_NETWORK); MODULE_VERSION(autofs, 1); Index: head/sys/fs/autofs/autofs_vnops.c =================================================================== --- head/sys/fs/autofs/autofs_vnops.c (revision 367104) +++ head/sys/fs/autofs/autofs_vnops.c (revision 367105) @@ -1,714 +1,713 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static int autofs_trigger_vn(struct vnode *vp, const char *path, int pathlen, struct vnode **newvp); extern struct autofs_softc *autofs_softc; static int autofs_access(struct vop_access_args *ap) { /* * Nothing to do here; the only kind of access control * needed is in autofs_mkdir(). */ return (0); } static int autofs_getattr(struct vop_getattr_args *ap) { struct vnode *vp, *newvp; struct autofs_node *anp; struct mount *mp; struct vattr *vap; int error; vp = ap->a_vp; anp = vp->v_data; mp = vp->v_mount; vap = ap->a_vap; KASSERT(ap->a_vp->v_type == VDIR, ("!VDIR")); /* * The reason we must do this is that some tree-walking software, * namely fts(3), assumes that stat(".") results will not change * between chdir("subdir") and chdir(".."), and fails with ENOENT * otherwise. */ if (autofs_mount_on_stat && autofs_cached(anp, NULL, 0) == false && autofs_ignore_thread(curthread) == false) { error = autofs_trigger_vn(vp, "", 0, &newvp); if (error != 0) return (error); if (newvp != NULL) { error = VOP_GETATTR(newvp, ap->a_vap, ap->a_cred); vput(newvp); return (error); } } vap->va_type = VDIR; vap->va_mode = 0755; vap->va_nlink = 3; /* XXX */ vap->va_uid = 0; vap->va_gid = 0; vap->va_rdev = NODEV; vap->va_fsid = mp->mnt_stat.f_fsid.val[0]; vap->va_fileid = anp->an_fileno; vap->va_size = S_BLKSIZE; vap->va_blocksize = S_BLKSIZE; vap->va_mtime = anp->an_ctime; vap->va_atime = anp->an_ctime; vap->va_ctime = anp->an_ctime; vap->va_birthtime = anp->an_ctime; vap->va_gen = 0; vap->va_flags = 0; vap->va_rdev = 0; vap->va_bytes = S_BLKSIZE; vap->va_filerev = 0; vap->va_spare = 0; return (0); } /* * Unlock the vnode, request automountd(8) action, and then lock it back. * If anything got mounted on top of the vnode, return the new filesystem's * root vnode in 'newvp', locked. */ static int autofs_trigger_vn(struct vnode *vp, const char *path, int pathlen, struct vnode **newvp) { struct autofs_node *anp; int error, lock_flags; anp = vp->v_data; /* * Release the vnode lock, so that other operations, in partcular * mounting a filesystem on top of it, can proceed. Increase use * count, to prevent the vnode from being deallocated and to prevent * filesystem from being unmounted. */ lock_flags = VOP_ISLOCKED(vp); vref(vp); VOP_UNLOCK(vp); sx_xlock(&autofs_softc->sc_lock); /* * XXX: Workaround for mounting the same thing multiple times; revisit. */ if (vp->v_mountedhere != NULL) { error = 0; goto mounted; } error = autofs_trigger(anp, path, pathlen); mounted: sx_xunlock(&autofs_softc->sc_lock); vn_lock(vp, lock_flags | LK_RETRY); vunref(vp); if (VN_IS_DOOMED(vp)) { AUTOFS_DEBUG("VIRF_DOOMED"); return (ENOENT); } if (error != 0) return (error); if (vp->v_mountedhere == NULL) { *newvp = NULL; return (0); } else { /* * If the operation that succeeded was mount, then mark * the node as non-cached. Otherwise, if someone unmounts * the filesystem before the cache times out, we will fail * to trigger. */ anp->an_cached = false; } error = VFS_ROOT(vp->v_mountedhere, lock_flags, newvp); if (error != 0) { AUTOFS_WARN("VFS_ROOT() failed with error %d", error); return (error); } return (0); } static int autofs_vget_callback(struct mount *mp, void *arg, int flags, struct vnode **vpp) { return (autofs_node_vn(arg, mp, flags, vpp)); } static int autofs_lookup(struct vop_lookup_args *ap) { struct vnode *dvp, *newvp, **vpp; struct mount *mp; struct autofs_mount *amp; struct autofs_node *anp, *child; struct componentname *cnp; int error; dvp = ap->a_dvp; vpp = ap->a_vpp; mp = dvp->v_mount; amp = VFSTOAUTOFS(mp); anp = dvp->v_data; cnp = ap->a_cnp; if (cnp->cn_flags & ISDOTDOT) { KASSERT(anp->an_parent != NULL, ("NULL parent")); /* * Note that in this case, dvp is the child vnode, and we * are looking up the parent vnode - exactly reverse from * normal operation. Unlocking dvp requires some rather * tricky unlock/relock dance to prevent mp from being freed; * use vn_vget_ino_gen() which takes care of all that. */ error = vn_vget_ino_gen(dvp, autofs_vget_callback, anp->an_parent, cnp->cn_lkflags, vpp); if (error != 0) { AUTOFS_WARN("vn_vget_ino_gen() failed with error %d", error); return (error); } return (error); } if (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') { vref(dvp); *vpp = dvp; return (0); } if (autofs_cached(anp, cnp->cn_nameptr, cnp->cn_namelen) == false && autofs_ignore_thread(cnp->cn_thread) == false) { error = autofs_trigger_vn(dvp, cnp->cn_nameptr, cnp->cn_namelen, &newvp); if (error != 0) return (error); if (newvp != NULL) { /* * The target filesystem got automounted. * Let the lookup(9) go around with the same * path component. */ vput(newvp); return (ERELOOKUP); } } AUTOFS_SLOCK(amp); error = autofs_node_find(anp, cnp->cn_nameptr, cnp->cn_namelen, &child); if (error != 0) { if ((cnp->cn_flags & ISLASTCN) && cnp->cn_nameiop == CREATE) { AUTOFS_SUNLOCK(amp); return (EJUSTRETURN); } AUTOFS_SUNLOCK(amp); return (ENOENT); } /* * XXX: Dropping the node here is ok, because we never remove nodes. */ AUTOFS_SUNLOCK(amp); error = autofs_node_vn(child, mp, cnp->cn_lkflags, vpp); if (error != 0) { if ((cnp->cn_flags & ISLASTCN) && cnp->cn_nameiop == CREATE) return (EJUSTRETURN); return (error); } return (0); } static int autofs_mkdir(struct vop_mkdir_args *ap) { struct vnode *vp; struct autofs_node *anp; struct autofs_mount *amp; struct autofs_node *child; int error; vp = ap->a_dvp; anp = vp->v_data; amp = VFSTOAUTOFS(vp->v_mount); /* * Do not allow mkdir() if the calling thread is not * automountd(8) descendant. */ if (autofs_ignore_thread(curthread) == false) return (EPERM); AUTOFS_XLOCK(amp); error = autofs_node_new(anp, amp, ap->a_cnp->cn_nameptr, ap->a_cnp->cn_namelen, &child); if (error != 0) { AUTOFS_XUNLOCK(amp); return (error); } AUTOFS_XUNLOCK(amp); error = autofs_node_vn(child, vp->v_mount, LK_EXCLUSIVE, ap->a_vpp); return (error); } static int autofs_print(struct vop_print_args *ap) { struct vnode *vp; struct autofs_node *anp; vp = ap->a_vp; anp = vp->v_data; printf(" name \"%s\", fileno %d, cached %d, wildcards %d\n", anp->an_name, anp->an_fileno, anp->an_cached, anp->an_wildcards); return (0); } /* * Write out a single 'struct dirent', based on 'name' and 'fileno' arguments. */ static int autofs_readdir_one(struct uio *uio, const char *name, int fileno, size_t *reclenp) { struct dirent dirent; size_t namlen, reclen; int error; namlen = strlen(name); reclen = _GENERIC_DIRLEN(namlen); if (reclenp != NULL) *reclenp = reclen; if (uio == NULL) return (0); if (uio->uio_resid < reclen) return (EINVAL); dirent.d_fileno = fileno; dirent.d_reclen = reclen; dirent.d_type = DT_DIR; dirent.d_namlen = namlen; memcpy(dirent.d_name, name, namlen); dirent_terminate(&dirent); error = uiomove(&dirent, reclen, uio); return (error); } static size_t autofs_dirent_reclen(const char *name) { size_t reclen; (void)autofs_readdir_one(NULL, name, -1, &reclen); return (reclen); } static int autofs_readdir(struct vop_readdir_args *ap) { struct vnode *vp, *newvp; struct autofs_mount *amp; struct autofs_node *anp, *child; struct uio *uio; size_t reclen, reclens; ssize_t initial_resid; int error; vp = ap->a_vp; amp = VFSTOAUTOFS(vp->v_mount); anp = vp->v_data; uio = ap->a_uio; initial_resid = ap->a_uio->uio_resid; KASSERT(vp->v_type == VDIR, ("!VDIR")); if (autofs_cached(anp, NULL, 0) == false && autofs_ignore_thread(curthread) == false) { error = autofs_trigger_vn(vp, "", 0, &newvp); if (error != 0) return (error); if (newvp != NULL) { error = VOP_READDIR(newvp, ap->a_uio, ap->a_cred, ap->a_eofflag, ap->a_ncookies, ap->a_cookies); vput(newvp); return (error); } } if (uio->uio_offset < 0) return (EINVAL); if (ap->a_eofflag != NULL) *ap->a_eofflag = FALSE; /* * Write out the directory entry for ".". This is conditional * on the current offset into the directory; same applies to the * other two cases below. */ if (uio->uio_offset == 0) { error = autofs_readdir_one(uio, ".", anp->an_fileno, &reclen); if (error != 0) goto out; } reclens = autofs_dirent_reclen("."); /* * Write out the directory entry for "..". */ if (uio->uio_offset <= reclens) { if (uio->uio_offset != reclens) return (EINVAL); if (anp->an_parent == NULL) { error = autofs_readdir_one(uio, "..", anp->an_fileno, &reclen); } else { error = autofs_readdir_one(uio, "..", anp->an_parent->an_fileno, &reclen); } if (error != 0) goto out; } reclens += autofs_dirent_reclen(".."); /* * Write out the directory entries for subdirectories. */ AUTOFS_SLOCK(amp); RB_FOREACH(child, autofs_node_tree, &anp->an_children) { /* * Check the offset to skip entries returned by previous * calls to getdents(). */ if (uio->uio_offset > reclens) { reclens += autofs_dirent_reclen(child->an_name); continue; } /* * Prevent seeking into the middle of dirent. */ if (uio->uio_offset != reclens) { AUTOFS_SUNLOCK(amp); return (EINVAL); } error = autofs_readdir_one(uio, child->an_name, child->an_fileno, &reclen); reclens += reclen; if (error != 0) { AUTOFS_SUNLOCK(amp); goto out; } } AUTOFS_SUNLOCK(amp); if (ap->a_eofflag != NULL) *ap->a_eofflag = TRUE; return (0); out: /* * Return error if the initial buffer was too small to do anything. */ if (uio->uio_resid == initial_resid) return (error); /* * Don't return an error if we managed to copy out some entries. */ if (uio->uio_resid < reclen) return (0); return (error); } static int autofs_reclaim(struct vop_reclaim_args *ap) { struct vnode *vp; struct autofs_node *anp; vp = ap->a_vp; anp = vp->v_data; /* * We do not free autofs_node here; instead we are * destroying them in autofs_node_delete(). */ sx_xlock(&anp->an_vnode_lock); anp->an_vnode = NULL; vp->v_data = NULL; sx_xunlock(&anp->an_vnode_lock); return (0); } struct vop_vector autofs_vnodeops = { .vop_default = &default_vnodeops, .vop_access = autofs_access, .vop_lookup = autofs_lookup, .vop_create = VOP_EOPNOTSUPP, .vop_getattr = autofs_getattr, .vop_link = VOP_EOPNOTSUPP, .vop_mkdir = autofs_mkdir, .vop_mknod = VOP_EOPNOTSUPP, .vop_print = autofs_print, .vop_read = VOP_EOPNOTSUPP, .vop_readdir = autofs_readdir, .vop_remove = VOP_EOPNOTSUPP, .vop_rename = VOP_EOPNOTSUPP, .vop_rmdir = VOP_EOPNOTSUPP, .vop_setattr = VOP_EOPNOTSUPP, .vop_symlink = VOP_EOPNOTSUPP, .vop_write = VOP_EOPNOTSUPP, .vop_reclaim = autofs_reclaim, }; VFS_VOP_VECTOR_REGISTER(autofs_vnodeops); int autofs_node_new(struct autofs_node *parent, struct autofs_mount *amp, const char *name, int namelen, struct autofs_node **anpp) { struct autofs_node *anp; if (parent != NULL) { AUTOFS_ASSERT_XLOCKED(parent->an_mount); KASSERT(autofs_node_find(parent, name, namelen, NULL) == ENOENT, ("node \"%s\" already exists", name)); } anp = uma_zalloc(autofs_node_zone, M_WAITOK | M_ZERO); if (namelen >= 0) anp->an_name = strndup(name, namelen, M_AUTOFS); else anp->an_name = strdup(name, M_AUTOFS); anp->an_fileno = atomic_fetchadd_int(&->am_last_fileno, 1); callout_init(&anp->an_callout, 1); /* * The reason for SX_NOWITNESS here is that witness(4) * cannot tell vnodes apart, so the following perfectly * valid lock order... * * vnode lock A -> autofsvlk B -> vnode lock B * * ... gets reported as a LOR. */ sx_init_flags(&anp->an_vnode_lock, "autofsvlk", SX_NOWITNESS); getnanotime(&anp->an_ctime); anp->an_parent = parent; anp->an_mount = amp; if (parent != NULL) RB_INSERT(autofs_node_tree, &parent->an_children, anp); RB_INIT(&anp->an_children); *anpp = anp; return (0); } int autofs_node_find(struct autofs_node *parent, const char *name, int namelen, struct autofs_node **anpp) { struct autofs_node *anp, find; int error; AUTOFS_ASSERT_LOCKED(parent->an_mount); if (namelen >= 0) find.an_name = strndup(name, namelen, M_AUTOFS); else find.an_name = strdup(name, M_AUTOFS); anp = RB_FIND(autofs_node_tree, &parent->an_children, &find); if (anp != NULL) { error = 0; if (anpp != NULL) *anpp = anp; } else { error = ENOENT; } free(find.an_name, M_AUTOFS); return (error); } void autofs_node_delete(struct autofs_node *anp) { struct autofs_node *parent; AUTOFS_ASSERT_XLOCKED(anp->an_mount); KASSERT(RB_EMPTY(&anp->an_children), ("have children")); callout_drain(&anp->an_callout); parent = anp->an_parent; if (parent != NULL) RB_REMOVE(autofs_node_tree, &parent->an_children, anp); sx_destroy(&anp->an_vnode_lock); free(anp->an_name, M_AUTOFS); uma_zfree(autofs_node_zone, anp); } int autofs_node_vn(struct autofs_node *anp, struct mount *mp, int flags, struct vnode **vpp) { struct vnode *vp; int error; AUTOFS_ASSERT_UNLOCKED(anp->an_mount); sx_xlock(&anp->an_vnode_lock); vp = anp->an_vnode; if (vp != NULL) { error = vget(vp, flags | LK_RETRY); if (error != 0) { AUTOFS_WARN("vget failed with error %d", error); sx_xunlock(&anp->an_vnode_lock); return (error); } if (VN_IS_DOOMED(vp)) { /* * We got forcibly unmounted. */ AUTOFS_DEBUG("doomed vnode"); sx_xunlock(&anp->an_vnode_lock); vput(vp); return (ENOENT); } *vpp = vp; sx_xunlock(&anp->an_vnode_lock); return (0); } error = getnewvnode("autofs", mp, &autofs_vnodeops, &vp); if (error != 0) { sx_xunlock(&anp->an_vnode_lock); return (error); } error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); if (error != 0) { sx_xunlock(&anp->an_vnode_lock); vdrop(vp); return (error); } vp->v_type = VDIR; if (anp->an_parent == NULL) vp->v_vflag |= VV_ROOT; vp->v_data = anp; VN_LOCK_ASHARE(vp); error = insmntque(vp, mp); if (error != 0) { AUTOFS_DEBUG("insmntque() failed with error %d", error); sx_xunlock(&anp->an_vnode_lock); return (error); } KASSERT(anp->an_vnode == NULL, ("lost race")); anp->an_vnode = vp; sx_xunlock(&anp->an_vnode_lock); *vpp = vp; return (0); } Index: head/sys/kern/kern_loginclass.c =================================================================== --- head/sys/kern/kern_loginclass.c (revision 367104) +++ head/sys/kern/kern_loginclass.c (revision 367105) @@ -1,262 +1,261 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2011 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * Processes may set login class name using setloginclass(2). This * is usually done through call to setusercontext(3), by programs * such as login(1), based on information from master.passwd(5). Kernel * uses this information to enforce per-class resource limits. Current * login class can be determined using id(1). Login class is inherited * from the parent process during fork(2). If not set, it defaults * to "default". * * Code in this file implements setloginclass(2) and getloginclass(2) * system calls, and maintains class name storage and retrieval. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static MALLOC_DEFINE(M_LOGINCLASS, "loginclass", "loginclass structures"); LIST_HEAD(, loginclass) loginclasses; /* * Lock protecting loginclasses list. */ static struct rwlock loginclasses_lock; RW_SYSINIT(loginclasses_init, &loginclasses_lock, "loginclasses lock"); void loginclass_hold(struct loginclass *lc) { refcount_acquire(&lc->lc_refcount); } void loginclass_free(struct loginclass *lc) { if (refcount_release_if_not_last(&lc->lc_refcount)) return; rw_wlock(&loginclasses_lock); if (!refcount_release(&lc->lc_refcount)) { rw_wunlock(&loginclasses_lock); return; } racct_destroy(&lc->lc_racct); LIST_REMOVE(lc, lc_next); rw_wunlock(&loginclasses_lock); free(lc, M_LOGINCLASS); } /* * Look up a loginclass struct for the parameter name. * loginclasses_lock must be locked. * Increase refcount on loginclass struct returned. */ static struct loginclass * loginclass_lookup(const char *name) { struct loginclass *lc; rw_assert(&loginclasses_lock, RA_LOCKED); LIST_FOREACH(lc, &loginclasses, lc_next) if (strcmp(name, lc->lc_name) == 0) { loginclass_hold(lc); break; } return (lc); } /* * Return loginclass structure with a corresponding name. Not * performance critical, as it's used mainly by setloginclass(2), * which happens once per login session. Caller has to use * loginclass_free() on the returned value when it's no longer * needed. */ struct loginclass * loginclass_find(const char *name) { struct loginclass *lc, *new_lc; if (name[0] == '\0' || strlen(name) >= MAXLOGNAME) return (NULL); lc = curthread->td_ucred->cr_loginclass; if (strcmp(name, lc->lc_name) == 0) { loginclass_hold(lc); return (lc); } rw_rlock(&loginclasses_lock); lc = loginclass_lookup(name); rw_runlock(&loginclasses_lock); if (lc != NULL) return (lc); new_lc = malloc(sizeof(*new_lc), M_LOGINCLASS, M_ZERO | M_WAITOK); racct_create(&new_lc->lc_racct); refcount_init(&new_lc->lc_refcount, 1); strcpy(new_lc->lc_name, name); rw_wlock(&loginclasses_lock); /* * There's a chance someone created our loginclass while we * were in malloc and not holding the lock, so we have to * make sure we don't insert a duplicate loginclass. */ if ((lc = loginclass_lookup(name)) == NULL) { LIST_INSERT_HEAD(&loginclasses, new_lc, lc_next); rw_wunlock(&loginclasses_lock); lc = new_lc; } else { rw_wunlock(&loginclasses_lock); racct_destroy(&new_lc->lc_racct); free(new_lc, M_LOGINCLASS); } return (lc); } /* * Get login class name. */ #ifndef _SYS_SYSPROTO_H_ struct getloginclass_args { char *namebuf; size_t namelen; }; #endif /* ARGSUSED */ int sys_getloginclass(struct thread *td, struct getloginclass_args *uap) { struct loginclass *lc; size_t lcnamelen; lc = td->td_ucred->cr_loginclass; lcnamelen = strlen(lc->lc_name) + 1; if (lcnamelen > uap->namelen) return (ERANGE); return (copyout(lc->lc_name, uap->namebuf, lcnamelen)); } /* * Set login class name. */ #ifndef _SYS_SYSPROTO_H_ struct setloginclass_args { const char *namebuf; }; #endif /* ARGSUSED */ int sys_setloginclass(struct thread *td, struct setloginclass_args *uap) { struct proc *p = td->td_proc; int error; char lcname[MAXLOGNAME]; struct loginclass *newlc; struct ucred *newcred, *oldcred; error = priv_check(td, PRIV_PROC_SETLOGINCLASS); if (error != 0) return (error); error = copyinstr(uap->namebuf, lcname, sizeof(lcname), NULL); if (error != 0) return (error); newlc = loginclass_find(lcname); if (newlc == NULL) return (EINVAL); newcred = crget(); PROC_LOCK(p); oldcred = crcopysafe(p, newcred); newcred->cr_loginclass = newlc; proc_set_cred(p, newcred); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); crhold(newcred); #endif PROC_UNLOCK(p); #ifdef RCTL rctl_proc_ucred_changed(p, newcred); crfree(newcred); #endif loginclass_free(oldcred->cr_loginclass); crfree(oldcred); return (0); } void loginclass_racct_foreach(void (*callback)(struct racct *racct, void *arg2, void *arg3), void (*pre)(void), void (*post)(void), void *arg2, void *arg3) { struct loginclass *lc; rw_rlock(&loginclasses_lock); if (pre != NULL) (pre)(); LIST_FOREACH(lc, &loginclasses, lc_next) (callback)(lc->lc_racct, arg2, arg3); if (post != NULL) (post)(); rw_runlock(&loginclasses_lock); } Index: head/sys/kern/kern_racct.c =================================================================== --- head/sys/kern/kern_racct.c (revision 367104) +++ head/sys/kern/kern_racct.c (revision 367105) @@ -1,1367 +1,1366 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include __FBSDID("$FreeBSD$"); #include "opt_sched.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef RCTL #include #endif #ifdef RACCT FEATURE(racct, "Resource Accounting"); /* * Do not block processes that have their %cpu usage <= pcpu_threshold. */ static int pcpu_threshold = 1; #ifdef RACCT_DEFAULT_TO_DISABLED bool __read_frequently racct_enable = false; #else bool __read_frequently racct_enable = true; #endif SYSCTL_NODE(_kern, OID_AUTO, racct, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "Resource Accounting"); SYSCTL_BOOL(_kern_racct, OID_AUTO, enable, CTLFLAG_RDTUN, &racct_enable, 0, "Enable RACCT/RCTL"); SYSCTL_UINT(_kern_racct, OID_AUTO, pcpu_threshold, CTLFLAG_RW, &pcpu_threshold, 0, "Processes with higher %cpu usage than this value can be throttled."); /* * How many seconds it takes to use the scheduler %cpu calculations. When a * process starts, we compute its %cpu usage by dividing its runtime by the * process wall clock time. After RACCT_PCPU_SECS pass, we use the value * provided by the scheduler. */ #define RACCT_PCPU_SECS 3 struct mtx racct_lock; MTX_SYSINIT(racct_lock, &racct_lock, "racct lock", MTX_DEF); static uma_zone_t racct_zone; static void racct_sub_racct(struct racct *dest, const struct racct *src); static void racct_sub_cred_locked(struct ucred *cred, int resource, uint64_t amount); static void racct_add_cred_locked(struct ucred *cred, int resource, uint64_t amount); SDT_PROVIDER_DEFINE(racct); SDT_PROBE_DEFINE3(racct, , rusage, add, "struct proc *", "int", "uint64_t"); SDT_PROBE_DEFINE3(racct, , rusage, add__failure, "struct proc *", "int", "uint64_t"); SDT_PROBE_DEFINE3(racct, , rusage, add__buf, "struct proc *", "const struct buf *", "int"); SDT_PROBE_DEFINE3(racct, , rusage, add__cred, "struct ucred *", "int", "uint64_t"); SDT_PROBE_DEFINE3(racct, , rusage, add__force, "struct proc *", "int", "uint64_t"); SDT_PROBE_DEFINE3(racct, , rusage, set, "struct proc *", "int", "uint64_t"); SDT_PROBE_DEFINE3(racct, , rusage, set__failure, "struct proc *", "int", "uint64_t"); SDT_PROBE_DEFINE3(racct, , rusage, set__force, "struct proc *", "int", "uint64_t"); SDT_PROBE_DEFINE3(racct, , rusage, sub, "struct proc *", "int", "uint64_t"); SDT_PROBE_DEFINE3(racct, , rusage, sub__cred, "struct ucred *", "int", "uint64_t"); SDT_PROBE_DEFINE1(racct, , racct, create, "struct racct *"); SDT_PROBE_DEFINE1(racct, , racct, destroy, "struct racct *"); SDT_PROBE_DEFINE2(racct, , racct, join, "struct racct *", "struct racct *"); SDT_PROBE_DEFINE2(racct, , racct, join__failure, "struct racct *", "struct racct *"); SDT_PROBE_DEFINE2(racct, , racct, leave, "struct racct *", "struct racct *"); int racct_types[] = { [RACCT_CPU] = RACCT_IN_MILLIONS, [RACCT_DATA] = RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE, [RACCT_STACK] = RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE, [RACCT_CORE] = RACCT_DENIABLE, [RACCT_RSS] = RACCT_RECLAIMABLE, [RACCT_MEMLOCK] = RACCT_RECLAIMABLE | RACCT_DENIABLE, [RACCT_NPROC] = RACCT_RECLAIMABLE | RACCT_DENIABLE, [RACCT_NOFILE] = RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE, [RACCT_VMEM] = RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE, [RACCT_NPTS] = RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY, [RACCT_SWAP] = RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY, [RACCT_NTHR] = RACCT_RECLAIMABLE | RACCT_DENIABLE, [RACCT_MSGQQUEUED] = RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY, [RACCT_MSGQSIZE] = RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY, [RACCT_NMSGQ] = RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY, [RACCT_NSEM] = RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY, [RACCT_NSEMOP] = RACCT_RECLAIMABLE | RACCT_INHERITABLE | RACCT_DENIABLE, [RACCT_NSHM] = RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY, [RACCT_SHMSIZE] = RACCT_RECLAIMABLE | RACCT_DENIABLE | RACCT_SLOPPY, [RACCT_WALLCLOCK] = RACCT_IN_MILLIONS, [RACCT_PCTCPU] = RACCT_DECAYING | RACCT_DENIABLE | RACCT_IN_MILLIONS, [RACCT_READBPS] = RACCT_DECAYING, [RACCT_WRITEBPS] = RACCT_DECAYING, [RACCT_READIOPS] = RACCT_DECAYING, [RACCT_WRITEIOPS] = RACCT_DECAYING }; static const fixpt_t RACCT_DECAY_FACTOR = 0.3 * FSCALE; #ifdef SCHED_4BSD /* * Contains intermediate values for %cpu calculations to avoid using floating * point in the kernel. * ccpu_exp[k] = FSCALE * (ccpu/FSCALE)^k = FSCALE * exp(-k/20) * It is needed only for the 4BSD scheduler, because in ULE, the ccpu equals to * zero so the calculations are more straightforward. */ fixpt_t ccpu_exp[] = { [0] = FSCALE * 1, [1] = FSCALE * 0.95122942450071400909, [2] = FSCALE * 0.90483741803595957316, [3] = FSCALE * 0.86070797642505780722, [4] = FSCALE * 0.81873075307798185866, [5] = FSCALE * 0.77880078307140486824, [6] = FSCALE * 0.74081822068171786606, [7] = FSCALE * 0.70468808971871343435, [8] = FSCALE * 0.67032004603563930074, [9] = FSCALE * 0.63762815162177329314, [10] = FSCALE * 0.60653065971263342360, [11] = FSCALE * 0.57694981038048669531, [12] = FSCALE * 0.54881163609402643262, [13] = FSCALE * 0.52204577676101604789, [14] = FSCALE * 0.49658530379140951470, [15] = FSCALE * 0.47236655274101470713, [16] = FSCALE * 0.44932896411722159143, [17] = FSCALE * 0.42741493194872666992, [18] = FSCALE * 0.40656965974059911188, [19] = FSCALE * 0.38674102345450120691, [20] = FSCALE * 0.36787944117144232159, [21] = FSCALE * 0.34993774911115535467, [22] = FSCALE * 0.33287108369807955328, [23] = FSCALE * 0.31663676937905321821, [24] = FSCALE * 0.30119421191220209664, [25] = FSCALE * 0.28650479686019010032, [26] = FSCALE * 0.27253179303401260312, [27] = FSCALE * 0.25924026064589150757, [28] = FSCALE * 0.24659696394160647693, [29] = FSCALE * 0.23457028809379765313, [30] = FSCALE * 0.22313016014842982893, [31] = FSCALE * 0.21224797382674305771, [32] = FSCALE * 0.20189651799465540848, [33] = FSCALE * 0.19204990862075411423, [34] = FSCALE * 0.18268352405273465022, [35] = FSCALE * 0.17377394345044512668, [36] = FSCALE * 0.16529888822158653829, [37] = FSCALE * 0.15723716631362761621, [38] = FSCALE * 0.14956861922263505264, [39] = FSCALE * 0.14227407158651357185, [40] = FSCALE * 0.13533528323661269189, [41] = FSCALE * 0.12873490358780421886, [42] = FSCALE * 0.12245642825298191021, [43] = FSCALE * 0.11648415777349695786, [44] = FSCALE * 0.11080315836233388333, [45] = FSCALE * 0.10539922456186433678, [46] = FSCALE * 0.10025884372280373372, [47] = FSCALE * 0.09536916221554961888, [48] = FSCALE * 0.09071795328941250337, [49] = FSCALE * 0.08629358649937051097, [50] = FSCALE * 0.08208499862389879516, [51] = FSCALE * 0.07808166600115315231, [52] = FSCALE * 0.07427357821433388042, [53] = FSCALE * 0.07065121306042958674, [54] = FSCALE * 0.06720551273974976512, [55] = FSCALE * 0.06392786120670757270, [56] = FSCALE * 0.06081006262521796499, [57] = FSCALE * 0.05784432087483846296, [58] = FSCALE * 0.05502322005640722902, [59] = FSCALE * 0.05233970594843239308, [60] = FSCALE * 0.04978706836786394297, [61] = FSCALE * 0.04735892439114092119, [62] = FSCALE * 0.04504920239355780606, [63] = FSCALE * 0.04285212686704017991, [64] = FSCALE * 0.04076220397836621516, [65] = FSCALE * 0.03877420783172200988, [66] = FSCALE * 0.03688316740124000544, [67] = FSCALE * 0.03508435410084502588, [68] = FSCALE * 0.03337326996032607948, [69] = FSCALE * 0.03174563637806794323, [70] = FSCALE * 0.03019738342231850073, [71] = FSCALE * 0.02872463965423942912, [72] = FSCALE * 0.02732372244729256080, [73] = FSCALE * 0.02599112877875534358, [74] = FSCALE * 0.02472352647033939120, [75] = FSCALE * 0.02351774585600910823, [76] = FSCALE * 0.02237077185616559577, [77] = FSCALE * 0.02127973643837716938, [78] = FSCALE * 0.02024191144580438847, [79] = FSCALE * 0.01925470177538692429, [80] = FSCALE * 0.01831563888873418029, [81] = FSCALE * 0.01742237463949351138, [82] = FSCALE * 0.01657267540176124754, [83] = FSCALE * 0.01576441648485449082, [84] = FSCALE * 0.01499557682047770621, [85] = FSCALE * 0.01426423390899925527, [86] = FSCALE * 0.01356855901220093175, [87] = FSCALE * 0.01290681258047986886, [88] = FSCALE * 0.01227733990306844117, [89] = FSCALE * 0.01167856697039544521, [90] = FSCALE * 0.01110899653824230649, [91] = FSCALE * 0.01056720438385265337, [92] = FSCALE * 0.01005183574463358164, [93] = FSCALE * 0.00956160193054350793, [94] = FSCALE * 0.00909527710169581709, [95] = FSCALE * 0.00865169520312063417, [96] = FSCALE * 0.00822974704902002884, [97] = FSCALE * 0.00782837754922577143, [98] = FSCALE * 0.00744658307092434051, [99] = FSCALE * 0.00708340892905212004, [100] = FSCALE * 0.00673794699908546709, [101] = FSCALE * 0.00640933344625638184, [102] = FSCALE * 0.00609674656551563610, [103] = FSCALE * 0.00579940472684214321, [104] = FSCALE * 0.00551656442076077241, [105] = FSCALE * 0.00524751839918138427, [106] = FSCALE * 0.00499159390691021621, [107] = FSCALE * 0.00474815099941147558, [108] = FSCALE * 0.00451658094261266798, [109] = FSCALE * 0.00429630469075234057, [110] = FSCALE * 0.00408677143846406699, }; #endif #define CCPU_EXP_MAX 110 /* * This function is analogical to the getpcpu() function in the ps(1) command. * They should both calculate in the same way so that the racct %cpu * calculations are consistent with the values showed by the ps(1) tool. * The calculations are more complex in the 4BSD scheduler because of the value * of the ccpu variable. In ULE it is defined to be zero which saves us some * work. */ static uint64_t racct_getpcpu(struct proc *p, u_int pcpu) { u_int swtime; #ifdef SCHED_4BSD fixpt_t pctcpu, pctcpu_next; #endif #ifdef SMP struct pcpu *pc; int found; #endif fixpt_t p_pctcpu; struct thread *td; ASSERT_RACCT_ENABLED(); /* * If the process is swapped out, we count its %cpu usage as zero. * This behaviour is consistent with the userland ps(1) tool. */ if ((p->p_flag & P_INMEM) == 0) return (0); swtime = (ticks - p->p_swtick) / hz; /* * For short-lived processes, the sched_pctcpu() returns small * values even for cpu intensive processes. Therefore we use * our own estimate in this case. */ if (swtime < RACCT_PCPU_SECS) return (pcpu); p_pctcpu = 0; FOREACH_THREAD_IN_PROC(p, td) { if (td == PCPU_GET(idlethread)) continue; #ifdef SMP found = 0; STAILQ_FOREACH(pc, &cpuhead, pc_allcpu) { if (td == pc->pc_idlethread) { found = 1; break; } } if (found) continue; #endif thread_lock(td); #ifdef SCHED_4BSD pctcpu = sched_pctcpu(td); /* Count also the yet unfinished second. */ pctcpu_next = (pctcpu * ccpu_exp[1]) >> FSHIFT; pctcpu_next += sched_pctcpu_delta(td); p_pctcpu += max(pctcpu, pctcpu_next); #else /* * In ULE the %cpu statistics are updated on every * sched_pctcpu() call. So special calculations to * account for the latest (unfinished) second are * not needed. */ p_pctcpu += sched_pctcpu(td); #endif thread_unlock(td); } #ifdef SCHED_4BSD if (swtime <= CCPU_EXP_MAX) return ((100 * (uint64_t)p_pctcpu * 1000000) / (FSCALE - ccpu_exp[swtime])); #endif return ((100 * (uint64_t)p_pctcpu * 1000000) / FSCALE); } static void racct_add_racct(struct racct *dest, const struct racct *src) { int i; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); /* * Update resource usage in dest. */ for (i = 0; i <= RACCT_MAX; i++) { KASSERT(dest->r_resources[i] >= 0, ("%s: resource %d propagation meltdown: dest < 0", __func__, i)); KASSERT(src->r_resources[i] >= 0, ("%s: resource %d propagation meltdown: src < 0", __func__, i)); dest->r_resources[i] += src->r_resources[i]; } } static void racct_sub_racct(struct racct *dest, const struct racct *src) { int i; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); /* * Update resource usage in dest. */ for (i = 0; i <= RACCT_MAX; i++) { if (!RACCT_IS_SLOPPY(i) && !RACCT_IS_DECAYING(i)) { KASSERT(dest->r_resources[i] >= 0, ("%s: resource %d propagation meltdown: dest < 0", __func__, i)); KASSERT(src->r_resources[i] >= 0, ("%s: resource %d propagation meltdown: src < 0", __func__, i)); KASSERT(src->r_resources[i] <= dest->r_resources[i], ("%s: resource %d propagation meltdown: src > dest", __func__, i)); } if (RACCT_CAN_DROP(i)) { dest->r_resources[i] -= src->r_resources[i]; if (dest->r_resources[i] < 0) dest->r_resources[i] = 0; } } } void racct_create(struct racct **racctp) { if (!racct_enable) return; SDT_PROBE1(racct, , racct, create, racctp); KASSERT(*racctp == NULL, ("racct already allocated")); *racctp = uma_zalloc(racct_zone, M_WAITOK | M_ZERO); } static void racct_destroy_locked(struct racct **racctp) { struct racct *racct; int i; ASSERT_RACCT_ENABLED(); SDT_PROBE1(racct, , racct, destroy, racctp); RACCT_LOCK_ASSERT(); KASSERT(racctp != NULL, ("NULL racctp")); KASSERT(*racctp != NULL, ("NULL racct")); racct = *racctp; for (i = 0; i <= RACCT_MAX; i++) { if (RACCT_IS_SLOPPY(i)) continue; if (!RACCT_IS_RECLAIMABLE(i)) continue; KASSERT(racct->r_resources[i] == 0, ("destroying non-empty racct: " "%ju allocated for resource %d\n", racct->r_resources[i], i)); } uma_zfree(racct_zone, racct); *racctp = NULL; } void racct_destroy(struct racct **racct) { if (!racct_enable) return; RACCT_LOCK(); racct_destroy_locked(racct); RACCT_UNLOCK(); } /* * Increase consumption of 'resource' by 'amount' for 'racct', * but not its parents. Differently from other cases, 'amount' here * may be less than zero. */ static void racct_adjust_resource(struct racct *racct, int resource, int64_t amount) { ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); KASSERT(racct != NULL, ("NULL racct")); racct->r_resources[resource] += amount; if (racct->r_resources[resource] < 0) { KASSERT(RACCT_IS_SLOPPY(resource) || RACCT_IS_DECAYING(resource), ("%s: resource %d usage < 0", __func__, resource)); racct->r_resources[resource] = 0; } /* * There are some cases where the racct %cpu resource would grow * beyond 100% per core. For example in racct_proc_exit() we add * the process %cpu usage to the ucred racct containers. If too * many processes terminated in a short time span, the ucred %cpu * resource could grow too much. Also, the 4BSD scheduler sometimes * returns for a thread more than 100% cpu usage. So we set a sane * boundary here to 100% * the maxumum number of CPUs. */ if ((resource == RACCT_PCTCPU) && (racct->r_resources[RACCT_PCTCPU] > 100 * 1000000 * (int64_t)MAXCPU)) racct->r_resources[RACCT_PCTCPU] = 100 * 1000000 * (int64_t)MAXCPU; } static int racct_add_locked(struct proc *p, int resource, uint64_t amount, int force) { #ifdef RCTL int error; #endif ASSERT_RACCT_ENABLED(); /* * We need proc lock to dereference p->p_ucred. */ PROC_LOCK_ASSERT(p, MA_OWNED); #ifdef RCTL error = rctl_enforce(p, resource, amount); if (error && !force && RACCT_IS_DENIABLE(resource)) { SDT_PROBE3(racct, , rusage, add__failure, p, resource, amount); return (error); } #endif racct_adjust_resource(p->p_racct, resource, amount); racct_add_cred_locked(p->p_ucred, resource, amount); return (0); } /* * Increase allocation of 'resource' by 'amount' for process 'p'. * Return 0 if it's below limits, or errno, if it's not. */ int racct_add(struct proc *p, int resource, uint64_t amount) { int error; if (!racct_enable) return (0); SDT_PROBE3(racct, , rusage, add, p, resource, amount); RACCT_LOCK(); error = racct_add_locked(p, resource, amount, 0); RACCT_UNLOCK(); return (error); } /* * Increase allocation of 'resource' by 'amount' for process 'p'. * Doesn't check for limits and never fails. */ void racct_add_force(struct proc *p, int resource, uint64_t amount) { if (!racct_enable) return; SDT_PROBE3(racct, , rusage, add__force, p, resource, amount); RACCT_LOCK(); racct_add_locked(p, resource, amount, 1); RACCT_UNLOCK(); } static void racct_add_cred_locked(struct ucred *cred, int resource, uint64_t amount) { struct prison *pr; ASSERT_RACCT_ENABLED(); racct_adjust_resource(cred->cr_ruidinfo->ui_racct, resource, amount); for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent) racct_adjust_resource(pr->pr_prison_racct->prr_racct, resource, amount); racct_adjust_resource(cred->cr_loginclass->lc_racct, resource, amount); } /* * Increase allocation of 'resource' by 'amount' for credential 'cred'. * Doesn't check for limits and never fails. */ void racct_add_cred(struct ucred *cred, int resource, uint64_t amount) { if (!racct_enable) return; SDT_PROBE3(racct, , rusage, add__cred, cred, resource, amount); RACCT_LOCK(); racct_add_cred_locked(cred, resource, amount); RACCT_UNLOCK(); } /* * Account for disk IO resource consumption. Checks for limits, * but never fails, due to disk limits being undeniable. */ void racct_add_buf(struct proc *p, const struct buf *bp, int is_write) { ASSERT_RACCT_ENABLED(); PROC_LOCK_ASSERT(p, MA_OWNED); SDT_PROBE3(racct, , rusage, add__buf, p, bp, is_write); RACCT_LOCK(); if (is_write) { racct_add_locked(curproc, RACCT_WRITEBPS, bp->b_bcount, 1); racct_add_locked(curproc, RACCT_WRITEIOPS, 1, 1); } else { racct_add_locked(curproc, RACCT_READBPS, bp->b_bcount, 1); racct_add_locked(curproc, RACCT_READIOPS, 1, 1); } RACCT_UNLOCK(); } static int racct_set_locked(struct proc *p, int resource, uint64_t amount, int force) { int64_t old_amount, decayed_amount, diff_proc, diff_cred; #ifdef RCTL int error; #endif ASSERT_RACCT_ENABLED(); /* * We need proc lock to dereference p->p_ucred. */ PROC_LOCK_ASSERT(p, MA_OWNED); old_amount = p->p_racct->r_resources[resource]; /* * The diffs may be negative. */ diff_proc = amount - old_amount; if (resource == RACCT_PCTCPU) { /* * Resources in per-credential racct containers may decay. * If this is the case, we need to calculate the difference * between the new amount and the proportional value of the * old amount that has decayed in the ucred racct containers. */ decayed_amount = old_amount * RACCT_DECAY_FACTOR / FSCALE; diff_cred = amount - decayed_amount; } else diff_cred = diff_proc; #ifdef notyet KASSERT(diff_proc >= 0 || RACCT_CAN_DROP(resource), ("%s: usage of non-droppable resource %d dropping", __func__, resource)); #endif #ifdef RCTL if (diff_proc > 0) { error = rctl_enforce(p, resource, diff_proc); if (error && !force && RACCT_IS_DENIABLE(resource)) { SDT_PROBE3(racct, , rusage, set__failure, p, resource, amount); return (error); } } #endif racct_adjust_resource(p->p_racct, resource, diff_proc); if (diff_cred > 0) racct_add_cred_locked(p->p_ucred, resource, diff_cred); else if (diff_cred < 0) racct_sub_cred_locked(p->p_ucred, resource, -diff_cred); return (0); } /* * Set allocation of 'resource' to 'amount' for process 'p'. * Return 0 if it's below limits, or errno, if it's not. * * Note that decreasing the allocation always returns 0, * even if it's above the limit. */ int racct_set_unlocked(struct proc *p, int resource, uint64_t amount) { int error; ASSERT_RACCT_ENABLED(); PROC_LOCK(p); error = racct_set(p, resource, amount); PROC_UNLOCK(p); return (error); } int racct_set(struct proc *p, int resource, uint64_t amount) { int error; if (!racct_enable) return (0); SDT_PROBE3(racct, , rusage, set__force, p, resource, amount); RACCT_LOCK(); error = racct_set_locked(p, resource, amount, 0); RACCT_UNLOCK(); return (error); } void racct_set_force(struct proc *p, int resource, uint64_t amount) { if (!racct_enable) return; SDT_PROBE3(racct, , rusage, set, p, resource, amount); RACCT_LOCK(); racct_set_locked(p, resource, amount, 1); RACCT_UNLOCK(); } /* * Returns amount of 'resource' the process 'p' can keep allocated. * Allocating more than that would be denied, unless the resource * is marked undeniable. Amount of already allocated resource does * not matter. */ uint64_t racct_get_limit(struct proc *p, int resource) { #ifdef RCTL uint64_t available; if (!racct_enable) return (UINT64_MAX); RACCT_LOCK(); available = rctl_get_limit(p, resource); RACCT_UNLOCK(); return (available); #else return (UINT64_MAX); #endif } /* * Returns amount of 'resource' the process 'p' can keep allocated. * Allocating more than that would be denied, unless the resource * is marked undeniable. Amount of already allocated resource does * matter. */ uint64_t racct_get_available(struct proc *p, int resource) { #ifdef RCTL uint64_t available; if (!racct_enable) return (UINT64_MAX); RACCT_LOCK(); available = rctl_get_available(p, resource); RACCT_UNLOCK(); return (available); #else return (UINT64_MAX); #endif } /* * Returns amount of the %cpu resource that process 'p' can add to its %cpu * utilization. Adding more than that would lead to the process being * throttled. */ static int64_t racct_pcpu_available(struct proc *p) { #ifdef RCTL uint64_t available; ASSERT_RACCT_ENABLED(); RACCT_LOCK(); available = rctl_pcpu_available(p); RACCT_UNLOCK(); return (available); #else return (INT64_MAX); #endif } /* * Decrease allocation of 'resource' by 'amount' for process 'p'. */ void racct_sub(struct proc *p, int resource, uint64_t amount) { if (!racct_enable) return; SDT_PROBE3(racct, , rusage, sub, p, resource, amount); /* * We need proc lock to dereference p->p_ucred. */ PROC_LOCK_ASSERT(p, MA_OWNED); KASSERT(RACCT_CAN_DROP(resource), ("%s: called for non-droppable resource %d", __func__, resource)); RACCT_LOCK(); KASSERT(amount <= p->p_racct->r_resources[resource], ("%s: freeing %ju of resource %d, which is more " "than allocated %jd for %s (pid %d)", __func__, amount, resource, (intmax_t)p->p_racct->r_resources[resource], p->p_comm, p->p_pid)); racct_adjust_resource(p->p_racct, resource, -amount); racct_sub_cred_locked(p->p_ucred, resource, amount); RACCT_UNLOCK(); } static void racct_sub_cred_locked(struct ucred *cred, int resource, uint64_t amount) { struct prison *pr; ASSERT_RACCT_ENABLED(); racct_adjust_resource(cred->cr_ruidinfo->ui_racct, resource, -amount); for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent) racct_adjust_resource(pr->pr_prison_racct->prr_racct, resource, -amount); racct_adjust_resource(cred->cr_loginclass->lc_racct, resource, -amount); } /* * Decrease allocation of 'resource' by 'amount' for credential 'cred'. */ void racct_sub_cred(struct ucred *cred, int resource, uint64_t amount) { if (!racct_enable) return; SDT_PROBE3(racct, , rusage, sub__cred, cred, resource, amount); #ifdef notyet KASSERT(RACCT_CAN_DROP(resource), ("%s: called for resource %d which can not drop", __func__, resource)); #endif RACCT_LOCK(); racct_sub_cred_locked(cred, resource, amount); RACCT_UNLOCK(); } /* * Inherit resource usage information from the parent process. */ int racct_proc_fork(struct proc *parent, struct proc *child) { int i, error = 0; if (!racct_enable) return (0); /* * Create racct for the child process. */ racct_create(&child->p_racct); PROC_LOCK(parent); PROC_LOCK(child); RACCT_LOCK(); #ifdef RCTL error = rctl_proc_fork(parent, child); if (error != 0) goto out; #endif /* Init process cpu time. */ child->p_prev_runtime = 0; child->p_throttled = 0; /* * Inherit resource usage. */ for (i = 0; i <= RACCT_MAX; i++) { if (parent->p_racct->r_resources[i] == 0 || !RACCT_IS_INHERITABLE(i)) continue; error = racct_set_locked(child, i, parent->p_racct->r_resources[i], 0); if (error != 0) goto out; } error = racct_add_locked(child, RACCT_NPROC, 1, 0); error += racct_add_locked(child, RACCT_NTHR, 1, 0); out: RACCT_UNLOCK(); PROC_UNLOCK(child); PROC_UNLOCK(parent); if (error != 0) racct_proc_exit(child); return (error); } /* * Called at the end of fork1(), to handle rules that require the process * to be fully initialized. */ void racct_proc_fork_done(struct proc *child) { if (!racct_enable) return; #ifdef RCTL PROC_LOCK(child); RACCT_LOCK(); rctl_enforce(child, RACCT_NPROC, 0); rctl_enforce(child, RACCT_NTHR, 0); RACCT_UNLOCK(); PROC_UNLOCK(child); #endif } void racct_proc_exit(struct proc *p) { struct timeval wallclock; uint64_t pct_estimate, pct, runtime; int i; if (!racct_enable) return; PROC_LOCK(p); /* * We don't need to calculate rux, proc_reap() has already done this. */ runtime = cputick2usec(p->p_rux.rux_runtime); #ifdef notyet KASSERT(runtime >= p->p_prev_runtime, ("runtime < p_prev_runtime")); #else if (runtime < p->p_prev_runtime) runtime = p->p_prev_runtime; #endif microuptime(&wallclock); timevalsub(&wallclock, &p->p_stats->p_start); if (wallclock.tv_sec > 0 || wallclock.tv_usec > 0) { pct_estimate = (1000000 * runtime * 100) / ((uint64_t)wallclock.tv_sec * 1000000 + wallclock.tv_usec); } else pct_estimate = 0; pct = racct_getpcpu(p, pct_estimate); RACCT_LOCK(); racct_set_locked(p, RACCT_CPU, runtime, 0); racct_add_cred_locked(p->p_ucred, RACCT_PCTCPU, pct); KASSERT(p->p_racct->r_resources[RACCT_RSS] == 0, ("process reaped with %ju allocated for RSS\n", p->p_racct->r_resources[RACCT_RSS])); for (i = 0; i <= RACCT_MAX; i++) { if (p->p_racct->r_resources[i] == 0) continue; if (!RACCT_IS_RECLAIMABLE(i)) continue; racct_set_locked(p, i, 0, 0); } #ifdef RCTL rctl_racct_release(p->p_racct); #endif racct_destroy_locked(&p->p_racct); RACCT_UNLOCK(); PROC_UNLOCK(p); } /* * Called after credentials change, to move resource utilisation * between raccts. */ void racct_proc_ucred_changed(struct proc *p, struct ucred *oldcred, struct ucred *newcred) { struct uidinfo *olduip, *newuip; struct loginclass *oldlc, *newlc; struct prison *oldpr, *newpr, *pr; if (!racct_enable) return; PROC_LOCK_ASSERT(p, MA_OWNED); newuip = newcred->cr_ruidinfo; olduip = oldcred->cr_ruidinfo; newlc = newcred->cr_loginclass; oldlc = oldcred->cr_loginclass; newpr = newcred->cr_prison; oldpr = oldcred->cr_prison; RACCT_LOCK(); if (newuip != olduip) { racct_sub_racct(olduip->ui_racct, p->p_racct); racct_add_racct(newuip->ui_racct, p->p_racct); } if (newlc != oldlc) { racct_sub_racct(oldlc->lc_racct, p->p_racct); racct_add_racct(newlc->lc_racct, p->p_racct); } if (newpr != oldpr) { for (pr = oldpr; pr != NULL; pr = pr->pr_parent) racct_sub_racct(pr->pr_prison_racct->prr_racct, p->p_racct); for (pr = newpr; pr != NULL; pr = pr->pr_parent) racct_add_racct(pr->pr_prison_racct->prr_racct, p->p_racct); } RACCT_UNLOCK(); } void racct_move(struct racct *dest, struct racct *src) { ASSERT_RACCT_ENABLED(); RACCT_LOCK(); racct_add_racct(dest, src); racct_sub_racct(src, src); RACCT_UNLOCK(); } void racct_proc_throttled(struct proc *p) { ASSERT_RACCT_ENABLED(); PROC_LOCK(p); while (p->p_throttled != 0) { msleep(p->p_racct, &p->p_mtx, 0, "racct", p->p_throttled < 0 ? 0 : p->p_throttled); if (p->p_throttled > 0) p->p_throttled = 0; } PROC_UNLOCK(p); } /* * Make the process sleep in userret() for 'timeout' ticks. Setting * timeout to -1 makes it sleep until woken up by racct_proc_wakeup(). */ void racct_proc_throttle(struct proc *p, int timeout) { struct thread *td; #ifdef SMP int cpuid; #endif KASSERT(timeout != 0, ("timeout %d", timeout)); ASSERT_RACCT_ENABLED(); PROC_LOCK_ASSERT(p, MA_OWNED); /* * Do not block kernel processes. Also do not block processes with * low %cpu utilization to improve interactivity. */ if ((p->p_flag & (P_SYSTEM | P_KPROC)) != 0) return; if (p->p_throttled < 0 || (timeout > 0 && p->p_throttled > timeout)) return; p->p_throttled = timeout; FOREACH_THREAD_IN_PROC(p, td) { thread_lock(td); td->td_flags |= TDF_ASTPENDING; switch (td->td_state) { case TDS_RUNQ: /* * If the thread is on the scheduler run-queue, we can * not just remove it from there. So we set the flag * TDF_NEEDRESCHED for the thread, so that once it is * running, it is taken off the cpu as soon as possible. */ td->td_flags |= TDF_NEEDRESCHED; break; case TDS_RUNNING: /* * If the thread is running, we request a context * switch for it by setting the TDF_NEEDRESCHED flag. */ td->td_flags |= TDF_NEEDRESCHED; #ifdef SMP cpuid = td->td_oncpu; if ((cpuid != NOCPU) && (td != curthread)) ipi_cpu(cpuid, IPI_AST); #endif break; default: break; } thread_unlock(td); } } static void racct_proc_wakeup(struct proc *p) { ASSERT_RACCT_ENABLED(); PROC_LOCK_ASSERT(p, MA_OWNED); if (p->p_throttled != 0) { p->p_throttled = 0; wakeup(p->p_racct); } } static void racct_decay_callback(struct racct *racct, void *dummy1, void *dummy2) { int64_t r_old, r_new; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); #ifdef RCTL rctl_throttle_decay(racct, RACCT_READBPS); rctl_throttle_decay(racct, RACCT_WRITEBPS); rctl_throttle_decay(racct, RACCT_READIOPS); rctl_throttle_decay(racct, RACCT_WRITEIOPS); #endif r_old = racct->r_resources[RACCT_PCTCPU]; /* If there is nothing to decay, just exit. */ if (r_old <= 0) return; r_new = r_old * RACCT_DECAY_FACTOR / FSCALE; racct->r_resources[RACCT_PCTCPU] = r_new; } static void racct_decay_pre(void) { RACCT_LOCK(); } static void racct_decay_post(void) { RACCT_UNLOCK(); } static void racct_decay(void) { ASSERT_RACCT_ENABLED(); ui_racct_foreach(racct_decay_callback, racct_decay_pre, racct_decay_post, NULL, NULL); loginclass_racct_foreach(racct_decay_callback, racct_decay_pre, racct_decay_post, NULL, NULL); prison_racct_foreach(racct_decay_callback, racct_decay_pre, racct_decay_post, NULL, NULL); } static void racctd(void) { struct thread *td; struct proc *p; struct timeval wallclock; uint64_t pct, pct_estimate, runtime; ASSERT_RACCT_ENABLED(); for (;;) { racct_decay(); sx_slock(&allproc_lock); FOREACH_PROC_IN_SYSTEM(p) { PROC_LOCK(p); if (p->p_state != PRS_NORMAL) { if (p->p_state == PRS_ZOMBIE) racct_set(p, RACCT_PCTCPU, 0); PROC_UNLOCK(p); continue; } microuptime(&wallclock); timevalsub(&wallclock, &p->p_stats->p_start); PROC_STATLOCK(p); FOREACH_THREAD_IN_PROC(p, td) ruxagg(p, td); runtime = cputick2usec(p->p_rux.rux_runtime); PROC_STATUNLOCK(p); #ifdef notyet KASSERT(runtime >= p->p_prev_runtime, ("runtime < p_prev_runtime")); #else if (runtime < p->p_prev_runtime) runtime = p->p_prev_runtime; #endif p->p_prev_runtime = runtime; if (wallclock.tv_sec > 0 || wallclock.tv_usec > 0) { pct_estimate = (1000000 * runtime * 100) / ((uint64_t)wallclock.tv_sec * 1000000 + wallclock.tv_usec); } else pct_estimate = 0; pct = racct_getpcpu(p, pct_estimate); RACCT_LOCK(); #ifdef RCTL rctl_throttle_decay(p->p_racct, RACCT_READBPS); rctl_throttle_decay(p->p_racct, RACCT_WRITEBPS); rctl_throttle_decay(p->p_racct, RACCT_READIOPS); rctl_throttle_decay(p->p_racct, RACCT_WRITEIOPS); #endif racct_set_locked(p, RACCT_PCTCPU, pct, 1); racct_set_locked(p, RACCT_CPU, runtime, 0); racct_set_locked(p, RACCT_WALLCLOCK, (uint64_t)wallclock.tv_sec * 1000000 + wallclock.tv_usec, 0); RACCT_UNLOCK(); PROC_UNLOCK(p); } /* * To ensure that processes are throttled in a fair way, we need * to iterate over all processes again and check the limits * for %cpu resource only after ucred racct containers have been * properly filled. */ FOREACH_PROC_IN_SYSTEM(p) { PROC_LOCK(p); if (p->p_state != PRS_NORMAL) { PROC_UNLOCK(p); continue; } if (racct_pcpu_available(p) <= 0) { if (p->p_racct->r_resources[RACCT_PCTCPU] > pcpu_threshold) racct_proc_throttle(p, -1); } else if (p->p_throttled == -1) { racct_proc_wakeup(p); } PROC_UNLOCK(p); } sx_sunlock(&allproc_lock); pause("-", hz); } } static struct kproc_desc racctd_kp = { "racctd", racctd, NULL }; static void racctd_init(void) { if (!racct_enable) return; kproc_start(&racctd_kp); } SYSINIT(racctd, SI_SUB_RACCTD, SI_ORDER_FIRST, racctd_init, NULL); static void racct_init(void) { if (!racct_enable) return; racct_zone = uma_zcreate("racct", sizeof(struct racct), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); /* * XXX: Move this somewhere. */ prison0.pr_prison_racct = prison_racct_find("0"); } SYSINIT(racct, SI_SUB_RACCT, SI_ORDER_FIRST, racct_init, NULL); #endif /* !RACCT */ Index: head/sys/kern/kern_rctl.c =================================================================== --- head/sys/kern/kern_rctl.c (revision 367104) +++ head/sys/kern/kern_rctl.c (revision 367105) @@ -1,2243 +1,2242 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef RCTL #ifndef RACCT #error "The RCTL option requires the RACCT option" #endif FEATURE(rctl, "Resource Limits"); #define HRF_DEFAULT 0 #define HRF_DONT_INHERIT 1 #define HRF_DONT_ACCUMULATE 2 #define RCTL_MAX_INBUFSIZE 4 * 1024 #define RCTL_MAX_OUTBUFSIZE 16 * 1024 * 1024 #define RCTL_LOG_BUFSIZE 128 #define RCTL_PCPU_SHIFT (10 * 1000000) static unsigned int rctl_maxbufsize = RCTL_MAX_OUTBUFSIZE; static int rctl_log_rate_limit = 10; static int rctl_devctl_rate_limit = 10; /* * Values below are initialized in rctl_init(). */ static int rctl_throttle_min = -1; static int rctl_throttle_max = -1; static int rctl_throttle_pct = -1; static int rctl_throttle_pct2 = -1; static int rctl_throttle_min_sysctl(SYSCTL_HANDLER_ARGS); static int rctl_throttle_max_sysctl(SYSCTL_HANDLER_ARGS); static int rctl_throttle_pct_sysctl(SYSCTL_HANDLER_ARGS); static int rctl_throttle_pct2_sysctl(SYSCTL_HANDLER_ARGS); SYSCTL_NODE(_kern_racct, OID_AUTO, rctl, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "Resource Limits"); SYSCTL_UINT(_kern_racct_rctl, OID_AUTO, maxbufsize, CTLFLAG_RWTUN, &rctl_maxbufsize, 0, "Maximum output buffer size"); SYSCTL_UINT(_kern_racct_rctl, OID_AUTO, log_rate_limit, CTLFLAG_RW, &rctl_log_rate_limit, 0, "Maximum number of log messages per second"); SYSCTL_UINT(_kern_racct_rctl, OID_AUTO, devctl_rate_limit, CTLFLAG_RWTUN, &rctl_devctl_rate_limit, 0, "Maximum number of devctl messages per second"); SYSCTL_PROC(_kern_racct_rctl, OID_AUTO, throttle_min, CTLTYPE_UINT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE, 0, 0, &rctl_throttle_min_sysctl, "IU", "Shortest throttling duration, in hz"); TUNABLE_INT("kern.racct.rctl.throttle_min", &rctl_throttle_min); SYSCTL_PROC(_kern_racct_rctl, OID_AUTO, throttle_max, CTLTYPE_UINT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE, 0, 0, &rctl_throttle_max_sysctl, "IU", "Longest throttling duration, in hz"); TUNABLE_INT("kern.racct.rctl.throttle_max", &rctl_throttle_max); SYSCTL_PROC(_kern_racct_rctl, OID_AUTO, throttle_pct, CTLTYPE_UINT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE, 0, 0, &rctl_throttle_pct_sysctl, "IU", "Throttling penalty for process consumption, in percent"); TUNABLE_INT("kern.racct.rctl.throttle_pct", &rctl_throttle_pct); SYSCTL_PROC(_kern_racct_rctl, OID_AUTO, throttle_pct2, CTLTYPE_UINT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE, 0, 0, &rctl_throttle_pct2_sysctl, "IU", "Throttling penalty for container consumption, in percent"); TUNABLE_INT("kern.racct.rctl.throttle_pct2", &rctl_throttle_pct2); /* * 'rctl_rule_link' connects a rule with every racct it's related to. * For example, rule 'user:X:openfiles:deny=N/process' is linked * with uidinfo for user X, and to each process of that user. */ struct rctl_rule_link { LIST_ENTRY(rctl_rule_link) rrl_next; struct rctl_rule *rrl_rule; int rrl_exceeded; }; struct dict { const char *d_name; int d_value; }; static struct dict subjectnames[] = { { "process", RCTL_SUBJECT_TYPE_PROCESS }, { "user", RCTL_SUBJECT_TYPE_USER }, { "loginclass", RCTL_SUBJECT_TYPE_LOGINCLASS }, { "jail", RCTL_SUBJECT_TYPE_JAIL }, { NULL, -1 }}; static struct dict resourcenames[] = { { "cputime", RACCT_CPU }, { "datasize", RACCT_DATA }, { "stacksize", RACCT_STACK }, { "coredumpsize", RACCT_CORE }, { "memoryuse", RACCT_RSS }, { "memorylocked", RACCT_MEMLOCK }, { "maxproc", RACCT_NPROC }, { "openfiles", RACCT_NOFILE }, { "vmemoryuse", RACCT_VMEM }, { "pseudoterminals", RACCT_NPTS }, { "swapuse", RACCT_SWAP }, { "nthr", RACCT_NTHR }, { "msgqqueued", RACCT_MSGQQUEUED }, { "msgqsize", RACCT_MSGQSIZE }, { "nmsgq", RACCT_NMSGQ }, { "nsem", RACCT_NSEM }, { "nsemop", RACCT_NSEMOP }, { "nshm", RACCT_NSHM }, { "shmsize", RACCT_SHMSIZE }, { "wallclock", RACCT_WALLCLOCK }, { "pcpu", RACCT_PCTCPU }, { "readbps", RACCT_READBPS }, { "writebps", RACCT_WRITEBPS }, { "readiops", RACCT_READIOPS }, { "writeiops", RACCT_WRITEIOPS }, { NULL, -1 }}; static struct dict actionnames[] = { { "sighup", RCTL_ACTION_SIGHUP }, { "sigint", RCTL_ACTION_SIGINT }, { "sigquit", RCTL_ACTION_SIGQUIT }, { "sigill", RCTL_ACTION_SIGILL }, { "sigtrap", RCTL_ACTION_SIGTRAP }, { "sigabrt", RCTL_ACTION_SIGABRT }, { "sigemt", RCTL_ACTION_SIGEMT }, { "sigfpe", RCTL_ACTION_SIGFPE }, { "sigkill", RCTL_ACTION_SIGKILL }, { "sigbus", RCTL_ACTION_SIGBUS }, { "sigsegv", RCTL_ACTION_SIGSEGV }, { "sigsys", RCTL_ACTION_SIGSYS }, { "sigpipe", RCTL_ACTION_SIGPIPE }, { "sigalrm", RCTL_ACTION_SIGALRM }, { "sigterm", RCTL_ACTION_SIGTERM }, { "sigurg", RCTL_ACTION_SIGURG }, { "sigstop", RCTL_ACTION_SIGSTOP }, { "sigtstp", RCTL_ACTION_SIGTSTP }, { "sigchld", RCTL_ACTION_SIGCHLD }, { "sigttin", RCTL_ACTION_SIGTTIN }, { "sigttou", RCTL_ACTION_SIGTTOU }, { "sigio", RCTL_ACTION_SIGIO }, { "sigxcpu", RCTL_ACTION_SIGXCPU }, { "sigxfsz", RCTL_ACTION_SIGXFSZ }, { "sigvtalrm", RCTL_ACTION_SIGVTALRM }, { "sigprof", RCTL_ACTION_SIGPROF }, { "sigwinch", RCTL_ACTION_SIGWINCH }, { "siginfo", RCTL_ACTION_SIGINFO }, { "sigusr1", RCTL_ACTION_SIGUSR1 }, { "sigusr2", RCTL_ACTION_SIGUSR2 }, { "sigthr", RCTL_ACTION_SIGTHR }, { "deny", RCTL_ACTION_DENY }, { "log", RCTL_ACTION_LOG }, { "devctl", RCTL_ACTION_DEVCTL }, { "throttle", RCTL_ACTION_THROTTLE }, { NULL, -1 }}; static void rctl_init(void); SYSINIT(rctl, SI_SUB_RACCT, SI_ORDER_FIRST, rctl_init, NULL); static uma_zone_t rctl_rule_zone; static uma_zone_t rctl_rule_link_zone; static int rctl_rule_fully_specified(const struct rctl_rule *rule); static void rctl_rule_to_sbuf(struct sbuf *sb, const struct rctl_rule *rule); static MALLOC_DEFINE(M_RCTL, "rctl", "Resource Limits"); static int rctl_throttle_min_sysctl(SYSCTL_HANDLER_ARGS) { int error, val = rctl_throttle_min; error = sysctl_handle_int(oidp, &val, 0, req); if (error || !req->newptr) return (error); if (val < 1 || val > rctl_throttle_max) return (EINVAL); RACCT_LOCK(); rctl_throttle_min = val; RACCT_UNLOCK(); return (0); } static int rctl_throttle_max_sysctl(SYSCTL_HANDLER_ARGS) { int error, val = rctl_throttle_max; error = sysctl_handle_int(oidp, &val, 0, req); if (error || !req->newptr) return (error); if (val < rctl_throttle_min) return (EINVAL); RACCT_LOCK(); rctl_throttle_max = val; RACCT_UNLOCK(); return (0); } static int rctl_throttle_pct_sysctl(SYSCTL_HANDLER_ARGS) { int error, val = rctl_throttle_pct; error = sysctl_handle_int(oidp, &val, 0, req); if (error || !req->newptr) return (error); if (val < 0) return (EINVAL); RACCT_LOCK(); rctl_throttle_pct = val; RACCT_UNLOCK(); return (0); } static int rctl_throttle_pct2_sysctl(SYSCTL_HANDLER_ARGS) { int error, val = rctl_throttle_pct2; error = sysctl_handle_int(oidp, &val, 0, req); if (error || !req->newptr) return (error); if (val < 0) return (EINVAL); RACCT_LOCK(); rctl_throttle_pct2 = val; RACCT_UNLOCK(); return (0); } static const char * rctl_subject_type_name(int subject) { int i; for (i = 0; subjectnames[i].d_name != NULL; i++) { if (subjectnames[i].d_value == subject) return (subjectnames[i].d_name); } panic("rctl_subject_type_name: unknown subject type %d", subject); } static const char * rctl_action_name(int action) { int i; for (i = 0; actionnames[i].d_name != NULL; i++) { if (actionnames[i].d_value == action) return (actionnames[i].d_name); } panic("rctl_action_name: unknown action %d", action); } const char * rctl_resource_name(int resource) { int i; for (i = 0; resourcenames[i].d_name != NULL; i++) { if (resourcenames[i].d_value == resource) return (resourcenames[i].d_name); } panic("rctl_resource_name: unknown resource %d", resource); } static struct racct * rctl_proc_rule_to_racct(const struct proc *p, const struct rctl_rule *rule) { struct ucred *cred = p->p_ucred; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); switch (rule->rr_per) { case RCTL_SUBJECT_TYPE_PROCESS: return (p->p_racct); case RCTL_SUBJECT_TYPE_USER: return (cred->cr_ruidinfo->ui_racct); case RCTL_SUBJECT_TYPE_LOGINCLASS: return (cred->cr_loginclass->lc_racct); case RCTL_SUBJECT_TYPE_JAIL: return (cred->cr_prison->pr_prison_racct->prr_racct); default: panic("%s: unknown per %d", __func__, rule->rr_per); } } /* * Return the amount of resource that can be allocated by 'p' before * hitting 'rule'. */ static int64_t rctl_available_resource(const struct proc *p, const struct rctl_rule *rule) { const struct racct *racct; int64_t available; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); racct = rctl_proc_rule_to_racct(p, rule); available = rule->rr_amount - racct->r_resources[rule->rr_resource]; return (available); } /* * Called every second for proc, uidinfo, loginclass, and jail containers. * If the limit isn't exceeded, it decreases the usage amount to zero. * Otherwise, it decreases it by the value of the limit. This way * resource consumption exceeding the limit "carries over" to the next * period. */ void rctl_throttle_decay(struct racct *racct, int resource) { struct rctl_rule *rule; struct rctl_rule_link *link; int64_t minavailable; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); minavailable = INT64_MAX; LIST_FOREACH(link, &racct->r_rule_links, rrl_next) { rule = link->rrl_rule; if (rule->rr_resource != resource) continue; if (rule->rr_action != RCTL_ACTION_THROTTLE) continue; if (rule->rr_amount < minavailable) minavailable = rule->rr_amount; } if (racct->r_resources[resource] < minavailable) { racct->r_resources[resource] = 0; } else { /* * Cap utilization counter at ten times the limit. Otherwise, * if we changed the rule lowering the allowed amount, it could * take unreasonably long time for the accumulated resource * usage to drop. */ if (racct->r_resources[resource] > minavailable * 10) racct->r_resources[resource] = minavailable * 10; racct->r_resources[resource] -= minavailable; } } /* * Special version of rctl_get_available() for the %CPU resource. * We slightly cheat here and return less than we normally would. */ int64_t rctl_pcpu_available(const struct proc *p) { struct rctl_rule *rule; struct rctl_rule_link *link; int64_t available, minavailable, limit; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); minavailable = INT64_MAX; limit = 0; LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) { rule = link->rrl_rule; if (rule->rr_resource != RACCT_PCTCPU) continue; if (rule->rr_action != RCTL_ACTION_DENY) continue; available = rctl_available_resource(p, rule); if (available < minavailable) { minavailable = available; limit = rule->rr_amount; } } /* * Return slightly less than actual value of the available * %cpu resource. This makes %cpu throttling more aggressive * and lets us act sooner than the limits are already exceeded. */ if (limit != 0) { if (limit > 2 * RCTL_PCPU_SHIFT) minavailable -= RCTL_PCPU_SHIFT; else minavailable -= (limit / 2); } return (minavailable); } static uint64_t xadd(uint64_t a, uint64_t b) { uint64_t c; c = a + b; /* * Detect overflow. */ if (c < a || c < b) return (UINT64_MAX); return (c); } static uint64_t xmul(uint64_t a, uint64_t b) { if (b != 0 && a > UINT64_MAX / b) return (UINT64_MAX); return (a * b); } /* * Check whether the proc 'p' can allocate 'amount' of 'resource' in addition * to what it keeps allocated now. Returns non-zero if the allocation should * be denied, 0 otherwise. */ int rctl_enforce(struct proc *p, int resource, uint64_t amount) { static struct timeval log_lasttime, devctl_lasttime; static int log_curtime = 0, devctl_curtime = 0; struct rctl_rule *rule; struct rctl_rule_link *link; struct sbuf sb; char *buf; int64_t available; uint64_t sleep_ms, sleep_ratio; int should_deny = 0; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); /* * There may be more than one matching rule; go through all of them. * Denial should be done last, after logging and sending signals. */ LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) { rule = link->rrl_rule; if (rule->rr_resource != resource) continue; available = rctl_available_resource(p, rule); if (available >= (int64_t)amount) { link->rrl_exceeded = 0; continue; } switch (rule->rr_action) { case RCTL_ACTION_DENY: should_deny = 1; continue; case RCTL_ACTION_LOG: /* * If rrl_exceeded != 0, it means we've already * logged a warning for this process. */ if (link->rrl_exceeded != 0) continue; /* * If the process state is not fully initialized yet, * we can't access most of the required fields, e.g. * p->p_comm. This happens when called from fork1(). * Ignore this rule for now; it will be processed just * after fork, when called from racct_proc_fork_done(). */ if (p->p_state != PRS_NORMAL) continue; if (!ppsratecheck(&log_lasttime, &log_curtime, rctl_log_rate_limit)) continue; buf = malloc(RCTL_LOG_BUFSIZE, M_RCTL, M_NOWAIT); if (buf == NULL) { printf("rctl_enforce: out of memory\n"); continue; } sbuf_new(&sb, buf, RCTL_LOG_BUFSIZE, SBUF_FIXEDLEN); rctl_rule_to_sbuf(&sb, rule); sbuf_finish(&sb); printf("rctl: rule \"%s\" matched by pid %d " "(%s), uid %d, jail %s\n", sbuf_data(&sb), p->p_pid, p->p_comm, p->p_ucred->cr_uid, p->p_ucred->cr_prison->pr_prison_racct->prr_name); sbuf_delete(&sb); free(buf, M_RCTL); link->rrl_exceeded = 1; continue; case RCTL_ACTION_DEVCTL: if (link->rrl_exceeded != 0) continue; if (p->p_state != PRS_NORMAL) continue; if (!ppsratecheck(&devctl_lasttime, &devctl_curtime, rctl_devctl_rate_limit)) continue; buf = malloc(RCTL_LOG_BUFSIZE, M_RCTL, M_NOWAIT); if (buf == NULL) { printf("rctl_enforce: out of memory\n"); continue; } sbuf_new(&sb, buf, RCTL_LOG_BUFSIZE, SBUF_FIXEDLEN); sbuf_printf(&sb, "rule="); rctl_rule_to_sbuf(&sb, rule); sbuf_printf(&sb, " pid=%d ruid=%d jail=%s", p->p_pid, p->p_ucred->cr_ruid, p->p_ucred->cr_prison->pr_prison_racct->prr_name); sbuf_finish(&sb); devctl_notify("RCTL", "rule", "matched", sbuf_data(&sb)); sbuf_delete(&sb); free(buf, M_RCTL); link->rrl_exceeded = 1; continue; case RCTL_ACTION_THROTTLE: if (p->p_state != PRS_NORMAL) continue; /* * Make the process sleep for a fraction of second * proportional to the ratio of process' resource * utilization compared to the limit. The point is * to penalize resource hogs: processes that consume * more of the available resources sleep for longer. * * We're trying to defer division until the very end, * to minimize the rounding effects. The following * calculation could have been written in a clearer * way like this: * * sleep_ms = hz * p->p_racct->r_resources[resource] / * rule->rr_amount; * sleep_ms *= rctl_throttle_pct / 100; * if (sleep_ms < rctl_throttle_min) * sleep_ms = rctl_throttle_min; * */ sleep_ms = xmul(hz, p->p_racct->r_resources[resource]); sleep_ms = xmul(sleep_ms, rctl_throttle_pct) / 100; if (sleep_ms < rctl_throttle_min * rule->rr_amount) sleep_ms = rctl_throttle_min * rule->rr_amount; /* * Multiply that by the ratio of the resource * consumption for the container compared to the limit, * squared. In other words, a process in a container * that is two times over the limit will be throttled * four times as much for hitting the same rule. The * point is to penalize processes more if the container * itself (eg certain UID or jail) is above the limit. */ if (available < 0) sleep_ratio = -available / rule->rr_amount; else sleep_ratio = 0; sleep_ratio = xmul(sleep_ratio, sleep_ratio); sleep_ratio = xmul(sleep_ratio, rctl_throttle_pct2) / 100; sleep_ms = xadd(sleep_ms, xmul(sleep_ms, sleep_ratio)); /* * Finally the division. */ sleep_ms /= rule->rr_amount; if (sleep_ms > rctl_throttle_max) sleep_ms = rctl_throttle_max; #if 0 printf("%s: pid %d (%s), %jd of %jd, will sleep for %ju ms (ratio %ju, available %jd)\n", __func__, p->p_pid, p->p_comm, p->p_racct->r_resources[resource], rule->rr_amount, (uintmax_t)sleep_ms, (uintmax_t)sleep_ratio, (intmax_t)available); #endif KASSERT(sleep_ms >= rctl_throttle_min, ("%s: %ju < %d\n", __func__, (uintmax_t)sleep_ms, rctl_throttle_min)); racct_proc_throttle(p, sleep_ms); continue; default: if (link->rrl_exceeded != 0) continue; if (p->p_state != PRS_NORMAL) continue; KASSERT(rule->rr_action > 0 && rule->rr_action <= RCTL_ACTION_SIGNAL_MAX, ("rctl_enforce: unknown action %d", rule->rr_action)); /* * We're using the fact that RCTL_ACTION_SIG* values * are equal to their counterparts from sys/signal.h. */ kern_psignal(p, rule->rr_action); link->rrl_exceeded = 1; continue; } } if (should_deny) { /* * Return fake error code; the caller should change it * into one proper for the situation - EFSIZ, ENOMEM etc. */ return (EDOOFUS); } return (0); } uint64_t rctl_get_limit(struct proc *p, int resource) { struct rctl_rule *rule; struct rctl_rule_link *link; uint64_t amount = UINT64_MAX; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); /* * There may be more than one matching rule; go through all of them. * Denial should be done last, after logging and sending signals. */ LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) { rule = link->rrl_rule; if (rule->rr_resource != resource) continue; if (rule->rr_action != RCTL_ACTION_DENY) continue; if (rule->rr_amount < amount) amount = rule->rr_amount; } return (amount); } uint64_t rctl_get_available(struct proc *p, int resource) { struct rctl_rule *rule; struct rctl_rule_link *link; int64_t available, minavailable, allocated; minavailable = INT64_MAX; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); /* * There may be more than one matching rule; go through all of them. * Denial should be done last, after logging and sending signals. */ LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) { rule = link->rrl_rule; if (rule->rr_resource != resource) continue; if (rule->rr_action != RCTL_ACTION_DENY) continue; available = rctl_available_resource(p, rule); if (available < minavailable) minavailable = available; } /* * XXX: Think about this _hard_. */ allocated = p->p_racct->r_resources[resource]; if (minavailable < INT64_MAX - allocated) minavailable += allocated; if (minavailable < 0) minavailable = 0; return (minavailable); } static int rctl_rule_matches(const struct rctl_rule *rule, const struct rctl_rule *filter) { ASSERT_RACCT_ENABLED(); if (filter->rr_subject_type != RCTL_SUBJECT_TYPE_UNDEFINED) { if (rule->rr_subject_type != filter->rr_subject_type) return (0); switch (filter->rr_subject_type) { case RCTL_SUBJECT_TYPE_PROCESS: if (filter->rr_subject.rs_proc != NULL && rule->rr_subject.rs_proc != filter->rr_subject.rs_proc) return (0); break; case RCTL_SUBJECT_TYPE_USER: if (filter->rr_subject.rs_uip != NULL && rule->rr_subject.rs_uip != filter->rr_subject.rs_uip) return (0); break; case RCTL_SUBJECT_TYPE_LOGINCLASS: if (filter->rr_subject.rs_loginclass != NULL && rule->rr_subject.rs_loginclass != filter->rr_subject.rs_loginclass) return (0); break; case RCTL_SUBJECT_TYPE_JAIL: if (filter->rr_subject.rs_prison_racct != NULL && rule->rr_subject.rs_prison_racct != filter->rr_subject.rs_prison_racct) return (0); break; default: panic("rctl_rule_matches: unknown subject type %d", filter->rr_subject_type); } } if (filter->rr_resource != RACCT_UNDEFINED) { if (rule->rr_resource != filter->rr_resource) return (0); } if (filter->rr_action != RCTL_ACTION_UNDEFINED) { if (rule->rr_action != filter->rr_action) return (0); } if (filter->rr_amount != RCTL_AMOUNT_UNDEFINED) { if (rule->rr_amount != filter->rr_amount) return (0); } if (filter->rr_per != RCTL_SUBJECT_TYPE_UNDEFINED) { if (rule->rr_per != filter->rr_per) return (0); } return (1); } static int str2value(const char *str, int *value, struct dict *table) { int i; if (value == NULL) return (EINVAL); for (i = 0; table[i].d_name != NULL; i++) { if (strcasecmp(table[i].d_name, str) == 0) { *value = table[i].d_value; return (0); } } return (EINVAL); } static int str2id(const char *str, id_t *value) { char *end; if (str == NULL) return (EINVAL); *value = strtoul(str, &end, 10); if ((size_t)(end - str) != strlen(str)) return (EINVAL); return (0); } static int str2int64(const char *str, int64_t *value) { char *end; if (str == NULL) return (EINVAL); *value = strtoul(str, &end, 10); if ((size_t)(end - str) != strlen(str)) return (EINVAL); if (*value < 0) return (ERANGE); return (0); } /* * Connect the rule to the racct, increasing refcount for the rule. */ static void rctl_racct_add_rule(struct racct *racct, struct rctl_rule *rule) { struct rctl_rule_link *link; ASSERT_RACCT_ENABLED(); KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified")); rctl_rule_acquire(rule); link = uma_zalloc(rctl_rule_link_zone, M_WAITOK); link->rrl_rule = rule; link->rrl_exceeded = 0; RACCT_LOCK(); LIST_INSERT_HEAD(&racct->r_rule_links, link, rrl_next); RACCT_UNLOCK(); } static int rctl_racct_add_rule_locked(struct racct *racct, struct rctl_rule *rule) { struct rctl_rule_link *link; ASSERT_RACCT_ENABLED(); KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified")); RACCT_LOCK_ASSERT(); link = uma_zalloc(rctl_rule_link_zone, M_NOWAIT); if (link == NULL) return (ENOMEM); rctl_rule_acquire(rule); link->rrl_rule = rule; link->rrl_exceeded = 0; LIST_INSERT_HEAD(&racct->r_rule_links, link, rrl_next); return (0); } /* * Remove limits for a rules matching the filter and release * the refcounts for the rules, possibly freeing them. Returns * the number of limit structures removed. */ static int rctl_racct_remove_rules(struct racct *racct, const struct rctl_rule *filter) { struct rctl_rule_link *link, *linktmp; int removed = 0; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); LIST_FOREACH_SAFE(link, &racct->r_rule_links, rrl_next, linktmp) { if (!rctl_rule_matches(link->rrl_rule, filter)) continue; LIST_REMOVE(link, rrl_next); rctl_rule_release(link->rrl_rule); uma_zfree(rctl_rule_link_zone, link); removed++; } return (removed); } static void rctl_rule_acquire_subject(struct rctl_rule *rule) { ASSERT_RACCT_ENABLED(); switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_UNDEFINED: case RCTL_SUBJECT_TYPE_PROCESS: break; case RCTL_SUBJECT_TYPE_JAIL: if (rule->rr_subject.rs_prison_racct != NULL) prison_racct_hold(rule->rr_subject.rs_prison_racct); break; case RCTL_SUBJECT_TYPE_USER: if (rule->rr_subject.rs_uip != NULL) uihold(rule->rr_subject.rs_uip); break; case RCTL_SUBJECT_TYPE_LOGINCLASS: if (rule->rr_subject.rs_loginclass != NULL) loginclass_hold(rule->rr_subject.rs_loginclass); break; default: panic("rctl_rule_acquire_subject: unknown subject type %d", rule->rr_subject_type); } } static void rctl_rule_release_subject(struct rctl_rule *rule) { ASSERT_RACCT_ENABLED(); switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_UNDEFINED: case RCTL_SUBJECT_TYPE_PROCESS: break; case RCTL_SUBJECT_TYPE_JAIL: if (rule->rr_subject.rs_prison_racct != NULL) prison_racct_free(rule->rr_subject.rs_prison_racct); break; case RCTL_SUBJECT_TYPE_USER: if (rule->rr_subject.rs_uip != NULL) uifree(rule->rr_subject.rs_uip); break; case RCTL_SUBJECT_TYPE_LOGINCLASS: if (rule->rr_subject.rs_loginclass != NULL) loginclass_free(rule->rr_subject.rs_loginclass); break; default: panic("rctl_rule_release_subject: unknown subject type %d", rule->rr_subject_type); } } struct rctl_rule * rctl_rule_alloc(int flags) { struct rctl_rule *rule; ASSERT_RACCT_ENABLED(); rule = uma_zalloc(rctl_rule_zone, flags); if (rule == NULL) return (NULL); rule->rr_subject_type = RCTL_SUBJECT_TYPE_UNDEFINED; rule->rr_subject.rs_proc = NULL; rule->rr_subject.rs_uip = NULL; rule->rr_subject.rs_loginclass = NULL; rule->rr_subject.rs_prison_racct = NULL; rule->rr_per = RCTL_SUBJECT_TYPE_UNDEFINED; rule->rr_resource = RACCT_UNDEFINED; rule->rr_action = RCTL_ACTION_UNDEFINED; rule->rr_amount = RCTL_AMOUNT_UNDEFINED; refcount_init(&rule->rr_refcount, 1); return (rule); } struct rctl_rule * rctl_rule_duplicate(const struct rctl_rule *rule, int flags) { struct rctl_rule *copy; ASSERT_RACCT_ENABLED(); copy = uma_zalloc(rctl_rule_zone, flags); if (copy == NULL) return (NULL); copy->rr_subject_type = rule->rr_subject_type; copy->rr_subject.rs_proc = rule->rr_subject.rs_proc; copy->rr_subject.rs_uip = rule->rr_subject.rs_uip; copy->rr_subject.rs_loginclass = rule->rr_subject.rs_loginclass; copy->rr_subject.rs_prison_racct = rule->rr_subject.rs_prison_racct; copy->rr_per = rule->rr_per; copy->rr_resource = rule->rr_resource; copy->rr_action = rule->rr_action; copy->rr_amount = rule->rr_amount; refcount_init(©->rr_refcount, 1); rctl_rule_acquire_subject(copy); return (copy); } void rctl_rule_acquire(struct rctl_rule *rule) { ASSERT_RACCT_ENABLED(); KASSERT(rule->rr_refcount > 0, ("rule->rr_refcount <= 0")); refcount_acquire(&rule->rr_refcount); } static void rctl_rule_free(void *context, int pending) { struct rctl_rule *rule; rule = (struct rctl_rule *)context; ASSERT_RACCT_ENABLED(); KASSERT(rule->rr_refcount == 0, ("rule->rr_refcount != 0")); /* * We don't need locking here; rule is guaranteed to be inaccessible. */ rctl_rule_release_subject(rule); uma_zfree(rctl_rule_zone, rule); } void rctl_rule_release(struct rctl_rule *rule) { ASSERT_RACCT_ENABLED(); KASSERT(rule->rr_refcount > 0, ("rule->rr_refcount <= 0")); if (refcount_release(&rule->rr_refcount)) { /* * rctl_rule_release() is often called when iterating * over all the uidinfo structures in the system, * holding uihashtbl_lock. Since rctl_rule_free() * might end up calling uifree(), this would lead * to lock recursion. Use taskqueue to avoid this. */ TASK_INIT(&rule->rr_task, 0, rctl_rule_free, rule); taskqueue_enqueue(taskqueue_thread, &rule->rr_task); } } static int rctl_rule_fully_specified(const struct rctl_rule *rule) { ASSERT_RACCT_ENABLED(); switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_UNDEFINED: return (0); case RCTL_SUBJECT_TYPE_PROCESS: if (rule->rr_subject.rs_proc == NULL) return (0); break; case RCTL_SUBJECT_TYPE_USER: if (rule->rr_subject.rs_uip == NULL) return (0); break; case RCTL_SUBJECT_TYPE_LOGINCLASS: if (rule->rr_subject.rs_loginclass == NULL) return (0); break; case RCTL_SUBJECT_TYPE_JAIL: if (rule->rr_subject.rs_prison_racct == NULL) return (0); break; default: panic("rctl_rule_fully_specified: unknown subject type %d", rule->rr_subject_type); } if (rule->rr_resource == RACCT_UNDEFINED) return (0); if (rule->rr_action == RCTL_ACTION_UNDEFINED) return (0); if (rule->rr_amount == RCTL_AMOUNT_UNDEFINED) return (0); if (rule->rr_per == RCTL_SUBJECT_TYPE_UNDEFINED) return (0); return (1); } static int rctl_string_to_rule(char *rulestr, struct rctl_rule **rulep) { struct rctl_rule *rule; char *subjectstr, *subject_idstr, *resourcestr, *actionstr, *amountstr, *perstr; id_t id; int error = 0; ASSERT_RACCT_ENABLED(); rule = rctl_rule_alloc(M_WAITOK); subjectstr = strsep(&rulestr, ":"); subject_idstr = strsep(&rulestr, ":"); resourcestr = strsep(&rulestr, ":"); actionstr = strsep(&rulestr, "=/"); amountstr = strsep(&rulestr, "/"); perstr = rulestr; if (subjectstr == NULL || subjectstr[0] == '\0') rule->rr_subject_type = RCTL_SUBJECT_TYPE_UNDEFINED; else { error = str2value(subjectstr, &rule->rr_subject_type, subjectnames); if (error != 0) goto out; } if (subject_idstr == NULL || subject_idstr[0] == '\0') { rule->rr_subject.rs_proc = NULL; rule->rr_subject.rs_uip = NULL; rule->rr_subject.rs_loginclass = NULL; rule->rr_subject.rs_prison_racct = NULL; } else { switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_UNDEFINED: error = EINVAL; goto out; case RCTL_SUBJECT_TYPE_PROCESS: error = str2id(subject_idstr, &id); if (error != 0) goto out; sx_assert(&allproc_lock, SA_LOCKED); rule->rr_subject.rs_proc = pfind(id); if (rule->rr_subject.rs_proc == NULL) { error = ESRCH; goto out; } PROC_UNLOCK(rule->rr_subject.rs_proc); break; case RCTL_SUBJECT_TYPE_USER: error = str2id(subject_idstr, &id); if (error != 0) goto out; rule->rr_subject.rs_uip = uifind(id); break; case RCTL_SUBJECT_TYPE_LOGINCLASS: rule->rr_subject.rs_loginclass = loginclass_find(subject_idstr); if (rule->rr_subject.rs_loginclass == NULL) { error = ENAMETOOLONG; goto out; } break; case RCTL_SUBJECT_TYPE_JAIL: rule->rr_subject.rs_prison_racct = prison_racct_find(subject_idstr); if (rule->rr_subject.rs_prison_racct == NULL) { error = ENAMETOOLONG; goto out; } break; default: panic("rctl_string_to_rule: unknown subject type %d", rule->rr_subject_type); } } if (resourcestr == NULL || resourcestr[0] == '\0') rule->rr_resource = RACCT_UNDEFINED; else { error = str2value(resourcestr, &rule->rr_resource, resourcenames); if (error != 0) goto out; } if (actionstr == NULL || actionstr[0] == '\0') rule->rr_action = RCTL_ACTION_UNDEFINED; else { error = str2value(actionstr, &rule->rr_action, actionnames); if (error != 0) goto out; } if (amountstr == NULL || amountstr[0] == '\0') rule->rr_amount = RCTL_AMOUNT_UNDEFINED; else { error = str2int64(amountstr, &rule->rr_amount); if (error != 0) goto out; if (RACCT_IS_IN_MILLIONS(rule->rr_resource)) { if (rule->rr_amount > INT64_MAX / 1000000) { error = ERANGE; goto out; } rule->rr_amount *= 1000000; } } if (perstr == NULL || perstr[0] == '\0') rule->rr_per = RCTL_SUBJECT_TYPE_UNDEFINED; else { error = str2value(perstr, &rule->rr_per, subjectnames); if (error != 0) goto out; } out: if (error == 0) *rulep = rule; else rctl_rule_release(rule); return (error); } /* * Link a rule with all the subjects it applies to. */ int rctl_rule_add(struct rctl_rule *rule) { struct proc *p; struct ucred *cred; struct uidinfo *uip; struct prison *pr; struct prison_racct *prr; struct loginclass *lc; struct rctl_rule *rule2; int match; ASSERT_RACCT_ENABLED(); KASSERT(rctl_rule_fully_specified(rule), ("rule not fully specified")); /* * Some rules just don't make sense, like "deny" rule for an undeniable * resource. The exception are the RSS and %CPU resources - they are * not deniable in the racct sense, but the limit is enforced in * a different way. */ if (rule->rr_action == RCTL_ACTION_DENY && !RACCT_IS_DENIABLE(rule->rr_resource) && rule->rr_resource != RACCT_RSS && rule->rr_resource != RACCT_PCTCPU) { return (EOPNOTSUPP); } if (rule->rr_action == RCTL_ACTION_THROTTLE && !RACCT_IS_DECAYING(rule->rr_resource)) { return (EOPNOTSUPP); } if (rule->rr_action == RCTL_ACTION_THROTTLE && rule->rr_resource == RACCT_PCTCPU) { return (EOPNOTSUPP); } if (rule->rr_per == RCTL_SUBJECT_TYPE_PROCESS && RACCT_IS_SLOPPY(rule->rr_resource)) { return (EOPNOTSUPP); } /* * Make sure there are no duplicated rules. Also, for the "deny" * rules, remove ones differing only by "amount". */ if (rule->rr_action == RCTL_ACTION_DENY) { rule2 = rctl_rule_duplicate(rule, M_WAITOK); rule2->rr_amount = RCTL_AMOUNT_UNDEFINED; rctl_rule_remove(rule2); rctl_rule_release(rule2); } else rctl_rule_remove(rule); switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_PROCESS: p = rule->rr_subject.rs_proc; KASSERT(p != NULL, ("rctl_rule_add: NULL proc")); rctl_racct_add_rule(p->p_racct, rule); /* * In case of per-process rule, we don't have anything more * to do. */ return (0); case RCTL_SUBJECT_TYPE_USER: uip = rule->rr_subject.rs_uip; KASSERT(uip != NULL, ("rctl_rule_add: NULL uip")); rctl_racct_add_rule(uip->ui_racct, rule); break; case RCTL_SUBJECT_TYPE_LOGINCLASS: lc = rule->rr_subject.rs_loginclass; KASSERT(lc != NULL, ("rctl_rule_add: NULL loginclass")); rctl_racct_add_rule(lc->lc_racct, rule); break; case RCTL_SUBJECT_TYPE_JAIL: prr = rule->rr_subject.rs_prison_racct; KASSERT(prr != NULL, ("rctl_rule_add: NULL pr")); rctl_racct_add_rule(prr->prr_racct, rule); break; default: panic("rctl_rule_add: unknown subject type %d", rule->rr_subject_type); } /* * Now go through all the processes and add the new rule to the ones * it applies to. */ sx_assert(&allproc_lock, SA_LOCKED); FOREACH_PROC_IN_SYSTEM(p) { cred = p->p_ucred; switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_USER: if (cred->cr_uidinfo == rule->rr_subject.rs_uip || cred->cr_ruidinfo == rule->rr_subject.rs_uip) break; continue; case RCTL_SUBJECT_TYPE_LOGINCLASS: if (cred->cr_loginclass == rule->rr_subject.rs_loginclass) break; continue; case RCTL_SUBJECT_TYPE_JAIL: match = 0; for (pr = cred->cr_prison; pr != NULL; pr = pr->pr_parent) { if (pr->pr_prison_racct == rule->rr_subject.rs_prison_racct) { match = 1; break; } } if (match) break; continue; default: panic("rctl_rule_add: unknown subject type %d", rule->rr_subject_type); } rctl_racct_add_rule(p->p_racct, rule); } return (0); } static void rctl_rule_pre_callback(void) { RACCT_LOCK(); } static void rctl_rule_post_callback(void) { RACCT_UNLOCK(); } static void rctl_rule_remove_callback(struct racct *racct, void *arg2, void *arg3) { struct rctl_rule *filter = (struct rctl_rule *)arg2; int found = 0; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); found += rctl_racct_remove_rules(racct, filter); *((int *)arg3) += found; } /* * Remove all rules that match the filter. */ int rctl_rule_remove(struct rctl_rule *filter) { struct proc *p; int found = 0; ASSERT_RACCT_ENABLED(); if (filter->rr_subject_type == RCTL_SUBJECT_TYPE_PROCESS && filter->rr_subject.rs_proc != NULL) { p = filter->rr_subject.rs_proc; RACCT_LOCK(); found = rctl_racct_remove_rules(p->p_racct, filter); RACCT_UNLOCK(); if (found) return (0); return (ESRCH); } loginclass_racct_foreach(rctl_rule_remove_callback, rctl_rule_pre_callback, rctl_rule_post_callback, filter, (void *)&found); ui_racct_foreach(rctl_rule_remove_callback, rctl_rule_pre_callback, rctl_rule_post_callback, filter, (void *)&found); prison_racct_foreach(rctl_rule_remove_callback, rctl_rule_pre_callback, rctl_rule_post_callback, filter, (void *)&found); sx_assert(&allproc_lock, SA_LOCKED); RACCT_LOCK(); FOREACH_PROC_IN_SYSTEM(p) { found += rctl_racct_remove_rules(p->p_racct, filter); } RACCT_UNLOCK(); if (found) return (0); return (ESRCH); } /* * Appends a rule to the sbuf. */ static void rctl_rule_to_sbuf(struct sbuf *sb, const struct rctl_rule *rule) { int64_t amount; ASSERT_RACCT_ENABLED(); sbuf_printf(sb, "%s:", rctl_subject_type_name(rule->rr_subject_type)); switch (rule->rr_subject_type) { case RCTL_SUBJECT_TYPE_PROCESS: if (rule->rr_subject.rs_proc == NULL) sbuf_printf(sb, ":"); else sbuf_printf(sb, "%d:", rule->rr_subject.rs_proc->p_pid); break; case RCTL_SUBJECT_TYPE_USER: if (rule->rr_subject.rs_uip == NULL) sbuf_printf(sb, ":"); else sbuf_printf(sb, "%d:", rule->rr_subject.rs_uip->ui_uid); break; case RCTL_SUBJECT_TYPE_LOGINCLASS: if (rule->rr_subject.rs_loginclass == NULL) sbuf_printf(sb, ":"); else sbuf_printf(sb, "%s:", rule->rr_subject.rs_loginclass->lc_name); break; case RCTL_SUBJECT_TYPE_JAIL: if (rule->rr_subject.rs_prison_racct == NULL) sbuf_printf(sb, ":"); else sbuf_printf(sb, "%s:", rule->rr_subject.rs_prison_racct->prr_name); break; default: panic("rctl_rule_to_sbuf: unknown subject type %d", rule->rr_subject_type); } amount = rule->rr_amount; if (amount != RCTL_AMOUNT_UNDEFINED && RACCT_IS_IN_MILLIONS(rule->rr_resource)) amount /= 1000000; sbuf_printf(sb, "%s:%s=%jd", rctl_resource_name(rule->rr_resource), rctl_action_name(rule->rr_action), amount); if (rule->rr_per != rule->rr_subject_type) sbuf_printf(sb, "/%s", rctl_subject_type_name(rule->rr_per)); } /* * Routine used by RCTL syscalls to read in input string. */ static int rctl_read_inbuf(char **inputstr, const char *inbufp, size_t inbuflen) { char *str; int error; ASSERT_RACCT_ENABLED(); if (inbuflen <= 0) return (EINVAL); if (inbuflen > RCTL_MAX_INBUFSIZE) return (E2BIG); str = malloc(inbuflen + 1, M_RCTL, M_WAITOK); error = copyinstr(inbufp, str, inbuflen, NULL); if (error != 0) { free(str, M_RCTL); return (error); } *inputstr = str; return (0); } /* * Routine used by RCTL syscalls to write out output string. */ static int rctl_write_outbuf(struct sbuf *outputsbuf, char *outbufp, size_t outbuflen) { int error; ASSERT_RACCT_ENABLED(); if (outputsbuf == NULL) return (0); sbuf_finish(outputsbuf); if (outbuflen < sbuf_len(outputsbuf) + 1) { sbuf_delete(outputsbuf); return (ERANGE); } error = copyout(sbuf_data(outputsbuf), outbufp, sbuf_len(outputsbuf) + 1); sbuf_delete(outputsbuf); return (error); } static struct sbuf * rctl_racct_to_sbuf(struct racct *racct, int sloppy) { struct sbuf *sb; int64_t amount; int i; ASSERT_RACCT_ENABLED(); sb = sbuf_new_auto(); for (i = 0; i <= RACCT_MAX; i++) { if (sloppy == 0 && RACCT_IS_SLOPPY(i)) continue; RACCT_LOCK(); amount = racct->r_resources[i]; RACCT_UNLOCK(); if (RACCT_IS_IN_MILLIONS(i)) amount /= 1000000; sbuf_printf(sb, "%s=%jd,", rctl_resource_name(i), amount); } sbuf_setpos(sb, sbuf_len(sb) - 1); return (sb); } int sys_rctl_get_racct(struct thread *td, struct rctl_get_racct_args *uap) { struct rctl_rule *filter; struct sbuf *outputsbuf = NULL; struct proc *p; struct uidinfo *uip; struct loginclass *lc; struct prison_racct *prr; char *inputstr; int error; if (!racct_enable) return (ENOSYS); error = priv_check(td, PRIV_RCTL_GET_RACCT); if (error != 0) return (error); error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen); if (error != 0) return (error); sx_slock(&allproc_lock); error = rctl_string_to_rule(inputstr, &filter); free(inputstr, M_RCTL); if (error != 0) { sx_sunlock(&allproc_lock); return (error); } switch (filter->rr_subject_type) { case RCTL_SUBJECT_TYPE_PROCESS: p = filter->rr_subject.rs_proc; if (p == NULL) { error = EINVAL; goto out; } outputsbuf = rctl_racct_to_sbuf(p->p_racct, 0); break; case RCTL_SUBJECT_TYPE_USER: uip = filter->rr_subject.rs_uip; if (uip == NULL) { error = EINVAL; goto out; } outputsbuf = rctl_racct_to_sbuf(uip->ui_racct, 1); break; case RCTL_SUBJECT_TYPE_LOGINCLASS: lc = filter->rr_subject.rs_loginclass; if (lc == NULL) { error = EINVAL; goto out; } outputsbuf = rctl_racct_to_sbuf(lc->lc_racct, 1); break; case RCTL_SUBJECT_TYPE_JAIL: prr = filter->rr_subject.rs_prison_racct; if (prr == NULL) { error = EINVAL; goto out; } outputsbuf = rctl_racct_to_sbuf(prr->prr_racct, 1); break; default: error = EINVAL; } out: rctl_rule_release(filter); sx_sunlock(&allproc_lock); if (error != 0) return (error); error = rctl_write_outbuf(outputsbuf, uap->outbufp, uap->outbuflen); return (error); } static void rctl_get_rules_callback(struct racct *racct, void *arg2, void *arg3) { struct rctl_rule *filter = (struct rctl_rule *)arg2; struct rctl_rule_link *link; struct sbuf *sb = (struct sbuf *)arg3; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); LIST_FOREACH(link, &racct->r_rule_links, rrl_next) { if (!rctl_rule_matches(link->rrl_rule, filter)) continue; rctl_rule_to_sbuf(sb, link->rrl_rule); sbuf_printf(sb, ","); } } int sys_rctl_get_rules(struct thread *td, struct rctl_get_rules_args *uap) { struct sbuf *sb; struct rctl_rule *filter; struct rctl_rule_link *link; struct proc *p; char *inputstr, *buf; size_t bufsize; int error; if (!racct_enable) return (ENOSYS); error = priv_check(td, PRIV_RCTL_GET_RULES); if (error != 0) return (error); error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen); if (error != 0) return (error); sx_slock(&allproc_lock); error = rctl_string_to_rule(inputstr, &filter); free(inputstr, M_RCTL); if (error != 0) { sx_sunlock(&allproc_lock); return (error); } bufsize = uap->outbuflen; if (bufsize > rctl_maxbufsize) { sx_sunlock(&allproc_lock); return (E2BIG); } buf = malloc(bufsize, M_RCTL, M_WAITOK); sb = sbuf_new(NULL, buf, bufsize, SBUF_FIXEDLEN); KASSERT(sb != NULL, ("sbuf_new failed")); FOREACH_PROC_IN_SYSTEM(p) { RACCT_LOCK(); LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) { /* * Non-process rules will be added to the buffer later. * Adding them here would result in duplicated output. */ if (link->rrl_rule->rr_subject_type != RCTL_SUBJECT_TYPE_PROCESS) continue; if (!rctl_rule_matches(link->rrl_rule, filter)) continue; rctl_rule_to_sbuf(sb, link->rrl_rule); sbuf_printf(sb, ","); } RACCT_UNLOCK(); } loginclass_racct_foreach(rctl_get_rules_callback, rctl_rule_pre_callback, rctl_rule_post_callback, filter, sb); ui_racct_foreach(rctl_get_rules_callback, rctl_rule_pre_callback, rctl_rule_post_callback, filter, sb); prison_racct_foreach(rctl_get_rules_callback, rctl_rule_pre_callback, rctl_rule_post_callback, filter, sb); if (sbuf_error(sb) == ENOMEM) { error = ERANGE; goto out; } /* * Remove trailing ",". */ if (sbuf_len(sb) > 0) sbuf_setpos(sb, sbuf_len(sb) - 1); error = rctl_write_outbuf(sb, uap->outbufp, uap->outbuflen); out: rctl_rule_release(filter); sx_sunlock(&allproc_lock); free(buf, M_RCTL); return (error); } int sys_rctl_get_limits(struct thread *td, struct rctl_get_limits_args *uap) { struct sbuf *sb; struct rctl_rule *filter; struct rctl_rule_link *link; char *inputstr, *buf; size_t bufsize; int error; if (!racct_enable) return (ENOSYS); error = priv_check(td, PRIV_RCTL_GET_LIMITS); if (error != 0) return (error); error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen); if (error != 0) return (error); sx_slock(&allproc_lock); error = rctl_string_to_rule(inputstr, &filter); free(inputstr, M_RCTL); if (error != 0) { sx_sunlock(&allproc_lock); return (error); } if (filter->rr_subject_type == RCTL_SUBJECT_TYPE_UNDEFINED) { rctl_rule_release(filter); sx_sunlock(&allproc_lock); return (EINVAL); } if (filter->rr_subject_type != RCTL_SUBJECT_TYPE_PROCESS) { rctl_rule_release(filter); sx_sunlock(&allproc_lock); return (EOPNOTSUPP); } if (filter->rr_subject.rs_proc == NULL) { rctl_rule_release(filter); sx_sunlock(&allproc_lock); return (EINVAL); } bufsize = uap->outbuflen; if (bufsize > rctl_maxbufsize) { rctl_rule_release(filter); sx_sunlock(&allproc_lock); return (E2BIG); } buf = malloc(bufsize, M_RCTL, M_WAITOK); sb = sbuf_new(NULL, buf, bufsize, SBUF_FIXEDLEN); KASSERT(sb != NULL, ("sbuf_new failed")); RACCT_LOCK(); LIST_FOREACH(link, &filter->rr_subject.rs_proc->p_racct->r_rule_links, rrl_next) { rctl_rule_to_sbuf(sb, link->rrl_rule); sbuf_printf(sb, ","); } RACCT_UNLOCK(); if (sbuf_error(sb) == ENOMEM) { error = ERANGE; sbuf_delete(sb); goto out; } /* * Remove trailing ",". */ if (sbuf_len(sb) > 0) sbuf_setpos(sb, sbuf_len(sb) - 1); error = rctl_write_outbuf(sb, uap->outbufp, uap->outbuflen); out: rctl_rule_release(filter); sx_sunlock(&allproc_lock); free(buf, M_RCTL); return (error); } int sys_rctl_add_rule(struct thread *td, struct rctl_add_rule_args *uap) { struct rctl_rule *rule; char *inputstr; int error; if (!racct_enable) return (ENOSYS); error = priv_check(td, PRIV_RCTL_ADD_RULE); if (error != 0) return (error); error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen); if (error != 0) return (error); sx_slock(&allproc_lock); error = rctl_string_to_rule(inputstr, &rule); free(inputstr, M_RCTL); if (error != 0) { sx_sunlock(&allproc_lock); return (error); } /* * The 'per' part of a rule is optional. */ if (rule->rr_per == RCTL_SUBJECT_TYPE_UNDEFINED && rule->rr_subject_type != RCTL_SUBJECT_TYPE_UNDEFINED) rule->rr_per = rule->rr_subject_type; if (!rctl_rule_fully_specified(rule)) { error = EINVAL; goto out; } error = rctl_rule_add(rule); out: rctl_rule_release(rule); sx_sunlock(&allproc_lock); return (error); } int sys_rctl_remove_rule(struct thread *td, struct rctl_remove_rule_args *uap) { struct rctl_rule *filter; char *inputstr; int error; if (!racct_enable) return (ENOSYS); error = priv_check(td, PRIV_RCTL_REMOVE_RULE); if (error != 0) return (error); error = rctl_read_inbuf(&inputstr, uap->inbufp, uap->inbuflen); if (error != 0) return (error); sx_slock(&allproc_lock); error = rctl_string_to_rule(inputstr, &filter); free(inputstr, M_RCTL); if (error != 0) { sx_sunlock(&allproc_lock); return (error); } error = rctl_rule_remove(filter); rctl_rule_release(filter); sx_sunlock(&allproc_lock); return (error); } /* * Update RCTL rule list after credential change. */ void rctl_proc_ucred_changed(struct proc *p, struct ucred *newcred) { LIST_HEAD(, rctl_rule_link) newrules; struct rctl_rule_link *link, *newlink; struct uidinfo *newuip; struct loginclass *newlc; struct prison_racct *newprr; int rulecnt, i; if (!racct_enable) return; PROC_LOCK_ASSERT(p, MA_NOTOWNED); newuip = newcred->cr_ruidinfo; newlc = newcred->cr_loginclass; newprr = newcred->cr_prison->pr_prison_racct; LIST_INIT(&newrules); again: /* * First, count the rules that apply to the process with new * credentials. */ rulecnt = 0; RACCT_LOCK(); LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) { if (link->rrl_rule->rr_subject_type == RCTL_SUBJECT_TYPE_PROCESS) rulecnt++; } LIST_FOREACH(link, &newuip->ui_racct->r_rule_links, rrl_next) rulecnt++; LIST_FOREACH(link, &newlc->lc_racct->r_rule_links, rrl_next) rulecnt++; LIST_FOREACH(link, &newprr->prr_racct->r_rule_links, rrl_next) rulecnt++; RACCT_UNLOCK(); /* * Create temporary list. We've dropped the rctl_lock in order * to use M_WAITOK. */ for (i = 0; i < rulecnt; i++) { newlink = uma_zalloc(rctl_rule_link_zone, M_WAITOK); newlink->rrl_rule = NULL; newlink->rrl_exceeded = 0; LIST_INSERT_HEAD(&newrules, newlink, rrl_next); } newlink = LIST_FIRST(&newrules); /* * Assign rules to the newly allocated list entries. */ RACCT_LOCK(); LIST_FOREACH(link, &p->p_racct->r_rule_links, rrl_next) { if (link->rrl_rule->rr_subject_type == RCTL_SUBJECT_TYPE_PROCESS) { if (newlink == NULL) goto goaround; rctl_rule_acquire(link->rrl_rule); newlink->rrl_rule = link->rrl_rule; newlink->rrl_exceeded = link->rrl_exceeded; newlink = LIST_NEXT(newlink, rrl_next); rulecnt--; } } LIST_FOREACH(link, &newuip->ui_racct->r_rule_links, rrl_next) { if (newlink == NULL) goto goaround; rctl_rule_acquire(link->rrl_rule); newlink->rrl_rule = link->rrl_rule; newlink->rrl_exceeded = link->rrl_exceeded; newlink = LIST_NEXT(newlink, rrl_next); rulecnt--; } LIST_FOREACH(link, &newlc->lc_racct->r_rule_links, rrl_next) { if (newlink == NULL) goto goaround; rctl_rule_acquire(link->rrl_rule); newlink->rrl_rule = link->rrl_rule; newlink->rrl_exceeded = link->rrl_exceeded; newlink = LIST_NEXT(newlink, rrl_next); rulecnt--; } LIST_FOREACH(link, &newprr->prr_racct->r_rule_links, rrl_next) { if (newlink == NULL) goto goaround; rctl_rule_acquire(link->rrl_rule); newlink->rrl_rule = link->rrl_rule; newlink->rrl_exceeded = link->rrl_exceeded; newlink = LIST_NEXT(newlink, rrl_next); rulecnt--; } if (rulecnt == 0) { /* * Free the old rule list. */ while (!LIST_EMPTY(&p->p_racct->r_rule_links)) { link = LIST_FIRST(&p->p_racct->r_rule_links); LIST_REMOVE(link, rrl_next); rctl_rule_release(link->rrl_rule); uma_zfree(rctl_rule_link_zone, link); } /* * Replace lists and we're done. * * XXX: Is there any way to switch list heads instead * of iterating here? */ while (!LIST_EMPTY(&newrules)) { newlink = LIST_FIRST(&newrules); LIST_REMOVE(newlink, rrl_next); LIST_INSERT_HEAD(&p->p_racct->r_rule_links, newlink, rrl_next); } RACCT_UNLOCK(); return; } goaround: RACCT_UNLOCK(); /* * Rule list changed while we were not holding the rctl_lock. * Free the new list and try again. */ while (!LIST_EMPTY(&newrules)) { newlink = LIST_FIRST(&newrules); LIST_REMOVE(newlink, rrl_next); if (newlink->rrl_rule != NULL) rctl_rule_release(newlink->rrl_rule); uma_zfree(rctl_rule_link_zone, newlink); } goto again; } /* * Assign RCTL rules to the newly created process. */ int rctl_proc_fork(struct proc *parent, struct proc *child) { struct rctl_rule *rule; struct rctl_rule_link *link; int error; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); KASSERT(parent->p_racct != NULL, ("process without racct; p = %p", parent)); LIST_INIT(&child->p_racct->r_rule_links); /* * Go through limits applicable to the parent and assign them * to the child. Rules with 'process' subject have to be duplicated * in order to make their rr_subject point to the new process. */ LIST_FOREACH(link, &parent->p_racct->r_rule_links, rrl_next) { if (link->rrl_rule->rr_subject_type == RCTL_SUBJECT_TYPE_PROCESS) { rule = rctl_rule_duplicate(link->rrl_rule, M_NOWAIT); if (rule == NULL) goto fail; KASSERT(rule->rr_subject.rs_proc == parent, ("rule->rr_subject.rs_proc != parent")); rule->rr_subject.rs_proc = child; error = rctl_racct_add_rule_locked(child->p_racct, rule); rctl_rule_release(rule); if (error != 0) goto fail; } else { error = rctl_racct_add_rule_locked(child->p_racct, link->rrl_rule); if (error != 0) goto fail; } } return (0); fail: while (!LIST_EMPTY(&child->p_racct->r_rule_links)) { link = LIST_FIRST(&child->p_racct->r_rule_links); LIST_REMOVE(link, rrl_next); rctl_rule_release(link->rrl_rule); uma_zfree(rctl_rule_link_zone, link); } return (EAGAIN); } /* * Release rules attached to the racct. */ void rctl_racct_release(struct racct *racct) { struct rctl_rule_link *link; ASSERT_RACCT_ENABLED(); RACCT_LOCK_ASSERT(); while (!LIST_EMPTY(&racct->r_rule_links)) { link = LIST_FIRST(&racct->r_rule_links); LIST_REMOVE(link, rrl_next); rctl_rule_release(link->rrl_rule); uma_zfree(rctl_rule_link_zone, link); } } static void rctl_init(void) { if (!racct_enable) return; rctl_rule_zone = uma_zcreate("rctl_rule", sizeof(struct rctl_rule), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); rctl_rule_link_zone = uma_zcreate("rctl_rule_link", sizeof(struct rctl_rule_link), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); /* * Set default values, making sure not to overwrite the ones * fetched from tunables. Most of those could be set at the * declaration, except for the rctl_throttle_max - we cannot * set it there due to hz not being compile time constant. */ if (rctl_throttle_min < 1) rctl_throttle_min = 1; if (rctl_throttle_max < rctl_throttle_min) rctl_throttle_max = 2 * hz; if (rctl_throttle_pct < 0) rctl_throttle_pct = 100; if (rctl_throttle_pct2 < 0) rctl_throttle_pct2 = 100; } #else /* !RCTL */ int sys_rctl_get_racct(struct thread *td, struct rctl_get_racct_args *uap) { return (ENOSYS); } int sys_rctl_get_rules(struct thread *td, struct rctl_get_rules_args *uap) { return (ENOSYS); } int sys_rctl_get_limits(struct thread *td, struct rctl_get_limits_args *uap) { return (ENOSYS); } int sys_rctl_add_rule(struct thread *td, struct rctl_add_rule_args *uap) { return (ENOSYS); } int sys_rctl_remove_rule(struct thread *td, struct rctl_remove_rule_args *uap) { return (ENOSYS); } #endif /* !RCTL */ Index: head/sys/kern/subr_acl_nfs4.c =================================================================== --- head/sys/kern/subr_acl_nfs4.c (revision 367104) +++ head/sys/kern/subr_acl_nfs4.c (revision 367105) @@ -1,1414 +1,1413 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008-2010 Edward Tomasz Napierała - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * ACL support routines specific to NFSv4 access control lists. These are * utility routines for code common across file systems implementing NFSv4 * ACLs. */ #ifdef _KERNEL #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #else #include #include #include #include #define KASSERT(a, b) assert(a) #define CTASSERT(a) #endif /* !_KERNEL */ #ifdef _KERNEL static void acl_nfs4_trivial_from_mode(struct acl *aclp, mode_t mode); static int acl_nfs4_old_semantics = 0; SYSCTL_INT(_vfs, OID_AUTO, acl_nfs4_old_semantics, CTLFLAG_RW, &acl_nfs4_old_semantics, 0, "Use pre-PSARC/2010/029 NFSv4 ACL semantics"); static struct { accmode_t accmode; int mask; } accmode2mask[] = {{VREAD, ACL_READ_DATA}, {VWRITE, ACL_WRITE_DATA}, {VAPPEND, ACL_APPEND_DATA}, {VEXEC, ACL_EXECUTE}, {VREAD_NAMED_ATTRS, ACL_READ_NAMED_ATTRS}, {VWRITE_NAMED_ATTRS, ACL_WRITE_NAMED_ATTRS}, {VDELETE_CHILD, ACL_DELETE_CHILD}, {VREAD_ATTRIBUTES, ACL_READ_ATTRIBUTES}, {VWRITE_ATTRIBUTES, ACL_WRITE_ATTRIBUTES}, {VDELETE, ACL_DELETE}, {VREAD_ACL, ACL_READ_ACL}, {VWRITE_ACL, ACL_WRITE_ACL}, {VWRITE_OWNER, ACL_WRITE_OWNER}, {VSYNCHRONIZE, ACL_SYNCHRONIZE}, {0, 0}}; static int _access_mask_from_accmode(accmode_t accmode) { int access_mask = 0, i; for (i = 0; accmode2mask[i].accmode != 0; i++) { if (accmode & accmode2mask[i].accmode) access_mask |= accmode2mask[i].mask; } /* * VAPPEND is just a modifier for VWRITE; if the caller asked * for 'VAPPEND | VWRITE', we want to check for ACL_APPEND_DATA only. */ if (access_mask & ACL_APPEND_DATA) access_mask &= ~ACL_WRITE_DATA; return (access_mask); } /* * Return 0, iff access is allowed, 1 otherwise. */ static int _acl_denies(const struct acl *aclp, int access_mask, struct ucred *cred, int file_uid, int file_gid, int *denied_explicitly) { int i; const struct acl_entry *entry; if (denied_explicitly != NULL) *denied_explicitly = 0; KASSERT(aclp->acl_cnt <= ACL_MAX_ENTRIES, ("aclp->acl_cnt <= ACL_MAX_ENTRIES")); for (i = 0; i < aclp->acl_cnt; i++) { entry = &(aclp->acl_entry[i]); if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) continue; if (entry->ae_flags & ACL_ENTRY_INHERIT_ONLY) continue; switch (entry->ae_tag) { case ACL_USER_OBJ: if (file_uid != cred->cr_uid) continue; break; case ACL_USER: if (entry->ae_id != cred->cr_uid) continue; break; case ACL_GROUP_OBJ: if (!groupmember(file_gid, cred)) continue; break; case ACL_GROUP: if (!groupmember(entry->ae_id, cred)) continue; break; default: KASSERT(entry->ae_tag == ACL_EVERYONE, ("entry->ae_tag == ACL_EVERYONE")); } if (entry->ae_entry_type == ACL_ENTRY_TYPE_DENY) { if (entry->ae_perm & access_mask) { if (denied_explicitly != NULL) *denied_explicitly = 1; return (1); } } access_mask &= ~(entry->ae_perm); if (access_mask == 0) return (0); } if (access_mask == 0) return (0); return (1); } int vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_t file_gid, struct acl *aclp, accmode_t accmode, struct ucred *cred) { accmode_t priv_granted = 0; int denied, explicitly_denied, access_mask, is_directory, must_be_owner = 0; mode_t file_mode = 0; KASSERT((accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | VAPPEND | VEXPLICIT_DENY | VREAD_NAMED_ATTRS | VWRITE_NAMED_ATTRS | VDELETE_CHILD | VREAD_ATTRIBUTES | VWRITE_ATTRIBUTES | VDELETE | VREAD_ACL | VWRITE_ACL | VWRITE_OWNER | VSYNCHRONIZE)) == 0, ("invalid bit in accmode")); KASSERT((accmode & VAPPEND) == 0 || (accmode & VWRITE), ("VAPPEND without VWRITE")); if (accmode & VADMIN) must_be_owner = 1; /* * Ignore VSYNCHRONIZE permission. */ accmode &= ~VSYNCHRONIZE; access_mask = _access_mask_from_accmode(accmode); if (type == VDIR) is_directory = 1; else is_directory = 0; /* * File owner is always allowed to read and write the ACL * and basic attributes. This is to prevent a situation * where user would change ACL in a way that prevents him * from undoing the change. */ if (file_uid == cred->cr_uid) access_mask &= ~(ACL_READ_ACL | ACL_WRITE_ACL | ACL_READ_ATTRIBUTES | ACL_WRITE_ATTRIBUTES); /* * Ignore append permission for regular files; use write * permission instead. */ if (!is_directory && (access_mask & ACL_APPEND_DATA)) { access_mask &= ~ACL_APPEND_DATA; access_mask |= ACL_WRITE_DATA; } denied = _acl_denies(aclp, access_mask, cred, file_uid, file_gid, &explicitly_denied); if (must_be_owner) { if (file_uid != cred->cr_uid) denied = EPERM; } /* * For VEXEC, ensure that at least one execute bit is set for * non-directories. We have to check the mode here to stay * consistent with execve(2). See the test in * exec_check_permissions(). */ acl_nfs4_sync_mode_from_acl(&file_mode, aclp); if (!denied && !is_directory && (accmode & VEXEC) && (file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) denied = EACCES; if (!denied) return (0); /* * Access failed. Iff it was not denied explicitly and * VEXPLICIT_DENY flag was specified, allow access. */ if ((accmode & VEXPLICIT_DENY) && explicitly_denied == 0) return (0); accmode &= ~VEXPLICIT_DENY; /* * No match. Try to use privileges, if there are any. */ if (is_directory) { if ((accmode & VEXEC) && !priv_check_cred(cred, PRIV_VFS_LOOKUP)) priv_granted |= VEXEC; } else { /* * Ensure that at least one execute bit is on. Otherwise, * a privileged user will always succeed, and we don't want * this to happen unless the file really is executable. */ if ((accmode & VEXEC) && (file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 && !priv_check_cred(cred, PRIV_VFS_EXEC)) priv_granted |= VEXEC; } if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ)) priv_granted |= VREAD; if ((accmode & (VWRITE | VAPPEND | VDELETE_CHILD)) && !priv_check_cred(cred, PRIV_VFS_WRITE)) priv_granted |= (VWRITE | VAPPEND | VDELETE_CHILD); if ((accmode & VADMIN_PERMS) && !priv_check_cred(cred, PRIV_VFS_ADMIN)) priv_granted |= VADMIN_PERMS; if ((accmode & VSTAT_PERMS) && !priv_check_cred(cred, PRIV_VFS_STAT)) priv_granted |= VSTAT_PERMS; if ((accmode & priv_granted) == accmode) { return (0); } if (accmode & (VADMIN_PERMS | VDELETE_CHILD | VDELETE)) denied = EPERM; else denied = EACCES; return (denied); } #endif /* _KERNEL */ static int _acl_entry_matches(struct acl_entry *entry, acl_tag_t tag, acl_perm_t perm, acl_entry_type_t entry_type) { if (entry->ae_tag != tag) return (0); if (entry->ae_id != ACL_UNDEFINED_ID) return (0); if (entry->ae_perm != perm) return (0); if (entry->ae_entry_type != entry_type) return (0); if (entry->ae_flags != 0) return (0); return (1); } static struct acl_entry * _acl_append(struct acl *aclp, acl_tag_t tag, acl_perm_t perm, acl_entry_type_t entry_type) { struct acl_entry *entry; KASSERT(aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES, ("aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES")); entry = &(aclp->acl_entry[aclp->acl_cnt]); aclp->acl_cnt++; entry->ae_tag = tag; entry->ae_id = ACL_UNDEFINED_ID; entry->ae_perm = perm; entry->ae_entry_type = entry_type; entry->ae_flags = 0; return (entry); } static struct acl_entry * _acl_duplicate_entry(struct acl *aclp, unsigned entry_index) { unsigned i; KASSERT(aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES, ("aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES")); for (i = aclp->acl_cnt; i > entry_index; i--) aclp->acl_entry[i] = aclp->acl_entry[i - 1]; aclp->acl_cnt++; return (&(aclp->acl_entry[entry_index + 1])); } static void acl_nfs4_sync_acl_from_mode_draft(struct acl *aclp, mode_t mode, int file_owner_id) { int meets, must_append; unsigned i; struct acl_entry *entry, *copy, *previous, *a1, *a2, *a3, *a4, *a5, *a6; mode_t amode; const int READ = 04; const int WRITE = 02; const int EXEC = 01; KASSERT(aclp->acl_cnt <= ACL_MAX_ENTRIES, ("aclp->acl_cnt <= ACL_MAX_ENTRIES")); /* * NFSv4 Minor Version 1, draft-ietf-nfsv4-minorversion1-03.txt * * 3.16.6.3. Applying a Mode to an Existing ACL */ /* * 1. For each ACE: */ for (i = 0; i < aclp->acl_cnt; i++) { entry = &(aclp->acl_entry[i]); /* * 1.1. If the type is neither ALLOW or DENY - skip. */ if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) continue; /* * 1.2. If ACL_ENTRY_INHERIT_ONLY is set - skip. */ if (entry->ae_flags & ACL_ENTRY_INHERIT_ONLY) continue; /* * 1.3. If ACL_ENTRY_FILE_INHERIT or ACL_ENTRY_DIRECTORY_INHERIT * are set: */ if (entry->ae_flags & (ACL_ENTRY_FILE_INHERIT | ACL_ENTRY_DIRECTORY_INHERIT)) { /* * 1.3.1. A copy of the current ACE is made, and placed * in the ACL immediately following the current * ACE. */ copy = _acl_duplicate_entry(aclp, i); /* * 1.3.2. In the first ACE, the flag * ACL_ENTRY_INHERIT_ONLY is set. */ entry->ae_flags |= ACL_ENTRY_INHERIT_ONLY; /* * 1.3.3. In the second ACE, the following flags * are cleared: * ACL_ENTRY_FILE_INHERIT, * ACL_ENTRY_DIRECTORY_INHERIT, * ACL_ENTRY_NO_PROPAGATE_INHERIT. */ copy->ae_flags &= ~(ACL_ENTRY_FILE_INHERIT | ACL_ENTRY_DIRECTORY_INHERIT | ACL_ENTRY_NO_PROPAGATE_INHERIT); /* * The algorithm continues on with the second ACE. */ i++; entry = copy; } /* * 1.4. If it's owner@, group@ or everyone@ entry, clear * ACL_READ_DATA, ACL_WRITE_DATA, ACL_APPEND_DATA * and ACL_EXECUTE. Continue to the next entry. */ if (entry->ae_tag == ACL_USER_OBJ || entry->ae_tag == ACL_GROUP_OBJ || entry->ae_tag == ACL_EVERYONE) { entry->ae_perm &= ~(ACL_READ_DATA | ACL_WRITE_DATA | ACL_APPEND_DATA | ACL_EXECUTE); continue; } /* * 1.5. Otherwise, if the "who" field did not match one * of OWNER@, GROUP@, EVERYONE@: * * 1.5.1. If the type is ALLOW, check the preceding ACE. * If it does not meet all of the following criteria: */ if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW) continue; meets = 0; if (i > 0) { meets = 1; previous = &(aclp->acl_entry[i - 1]); /* * 1.5.1.1. The type field is DENY, */ if (previous->ae_entry_type != ACL_ENTRY_TYPE_DENY) meets = 0; /* * 1.5.1.2. The "who" field is the same as the current * ACE, * * 1.5.1.3. The flag bit ACE4_IDENTIFIER_GROUP * is the same as it is in the current ACE, * and no other flag bits are set, */ if (previous->ae_id != entry->ae_id || previous->ae_tag != entry->ae_tag) meets = 0; if (previous->ae_flags) meets = 0; /* * 1.5.1.4. The mask bits are a subset of the mask bits * of the current ACE, and are also subset of * the following: ACL_READ_DATA, * ACL_WRITE_DATA, ACL_APPEND_DATA, ACL_EXECUTE */ if (previous->ae_perm & ~(entry->ae_perm)) meets = 0; if (previous->ae_perm & ~(ACL_READ_DATA | ACL_WRITE_DATA | ACL_APPEND_DATA | ACL_EXECUTE)) meets = 0; } if (!meets) { /* * Then the ACE of type DENY, with a who equal * to the current ACE, flag bits equal to * ( & ) * and no mask bits, is prepended. */ previous = entry; entry = _acl_duplicate_entry(aclp, i); /* Adjust counter, as we've just added an entry. */ i++; previous->ae_tag = entry->ae_tag; previous->ae_id = entry->ae_id; previous->ae_flags = entry->ae_flags; previous->ae_perm = 0; previous->ae_entry_type = ACL_ENTRY_TYPE_DENY; } /* * 1.5.2. The following modifications are made to the prepended * ACE. The intent is to mask the following ACE * to disallow ACL_READ_DATA, ACL_WRITE_DATA, * ACL_APPEND_DATA, or ACL_EXECUTE, based upon the group * permissions of the new mode. As a special case, * if the ACE matches the current owner of the file, * the owner bits are used, rather than the group bits. * This is reflected in the algorithm below. */ amode = mode >> 3; /* * If ACE4_IDENTIFIER_GROUP is not set, and the "who" field * in ACE matches the owner of the file, we shift amode three * more bits, in order to have the owner permission bits * placed in the three low order bits of amode. */ if (entry->ae_tag == ACL_USER && entry->ae_id == file_owner_id) amode = amode >> 3; if (entry->ae_perm & ACL_READ_DATA) { if (amode & READ) previous->ae_perm &= ~ACL_READ_DATA; else previous->ae_perm |= ACL_READ_DATA; } if (entry->ae_perm & ACL_WRITE_DATA) { if (amode & WRITE) previous->ae_perm &= ~ACL_WRITE_DATA; else previous->ae_perm |= ACL_WRITE_DATA; } if (entry->ae_perm & ACL_APPEND_DATA) { if (amode & WRITE) previous->ae_perm &= ~ACL_APPEND_DATA; else previous->ae_perm |= ACL_APPEND_DATA; } if (entry->ae_perm & ACL_EXECUTE) { if (amode & EXEC) previous->ae_perm &= ~ACL_EXECUTE; else previous->ae_perm |= ACL_EXECUTE; } /* * 1.5.3. If ACE4_IDENTIFIER_GROUP is set in the flags * of the ALLOW ace: * * XXX: This point is not there in the Falkner's draft. */ if (entry->ae_tag == ACL_GROUP && entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) { mode_t extramode, ownermode; extramode = (mode >> 3) & 07; ownermode = mode >> 6; extramode &= ~ownermode; if (extramode) { if (extramode & READ) { entry->ae_perm &= ~ACL_READ_DATA; previous->ae_perm &= ~ACL_READ_DATA; } if (extramode & WRITE) { entry->ae_perm &= ~(ACL_WRITE_DATA | ACL_APPEND_DATA); previous->ae_perm &= ~(ACL_WRITE_DATA | ACL_APPEND_DATA); } if (extramode & EXEC) { entry->ae_perm &= ~ACL_EXECUTE; previous->ae_perm &= ~ACL_EXECUTE; } } } } /* * 2. If there at least six ACEs, the final six ACEs are examined. * If they are not equal to what we want, append six ACEs. */ must_append = 0; if (aclp->acl_cnt < 6) { must_append = 1; } else { a6 = &(aclp->acl_entry[aclp->acl_cnt - 1]); a5 = &(aclp->acl_entry[aclp->acl_cnt - 2]); a4 = &(aclp->acl_entry[aclp->acl_cnt - 3]); a3 = &(aclp->acl_entry[aclp->acl_cnt - 4]); a2 = &(aclp->acl_entry[aclp->acl_cnt - 5]); a1 = &(aclp->acl_entry[aclp->acl_cnt - 6]); if (!_acl_entry_matches(a1, ACL_USER_OBJ, 0, ACL_ENTRY_TYPE_DENY)) must_append = 1; if (!_acl_entry_matches(a2, ACL_USER_OBJ, ACL_WRITE_ACL | ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES | ACL_WRITE_NAMED_ATTRS, ACL_ENTRY_TYPE_ALLOW)) must_append = 1; if (!_acl_entry_matches(a3, ACL_GROUP_OBJ, 0, ACL_ENTRY_TYPE_DENY)) must_append = 1; if (!_acl_entry_matches(a4, ACL_GROUP_OBJ, 0, ACL_ENTRY_TYPE_ALLOW)) must_append = 1; if (!_acl_entry_matches(a5, ACL_EVERYONE, ACL_WRITE_ACL | ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES | ACL_WRITE_NAMED_ATTRS, ACL_ENTRY_TYPE_DENY)) must_append = 1; if (!_acl_entry_matches(a6, ACL_EVERYONE, ACL_READ_ACL | ACL_READ_ATTRIBUTES | ACL_READ_NAMED_ATTRS | ACL_SYNCHRONIZE, ACL_ENTRY_TYPE_ALLOW)) must_append = 1; } if (must_append) { KASSERT(aclp->acl_cnt + 6 <= ACL_MAX_ENTRIES, ("aclp->acl_cnt <= ACL_MAX_ENTRIES")); a1 = _acl_append(aclp, ACL_USER_OBJ, 0, ACL_ENTRY_TYPE_DENY); a2 = _acl_append(aclp, ACL_USER_OBJ, ACL_WRITE_ACL | ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES | ACL_WRITE_NAMED_ATTRS, ACL_ENTRY_TYPE_ALLOW); a3 = _acl_append(aclp, ACL_GROUP_OBJ, 0, ACL_ENTRY_TYPE_DENY); a4 = _acl_append(aclp, ACL_GROUP_OBJ, 0, ACL_ENTRY_TYPE_ALLOW); a5 = _acl_append(aclp, ACL_EVERYONE, ACL_WRITE_ACL | ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES | ACL_WRITE_NAMED_ATTRS, ACL_ENTRY_TYPE_DENY); a6 = _acl_append(aclp, ACL_EVERYONE, ACL_READ_ACL | ACL_READ_ATTRIBUTES | ACL_READ_NAMED_ATTRS | ACL_SYNCHRONIZE, ACL_ENTRY_TYPE_ALLOW); KASSERT(a1 != NULL && a2 != NULL && a3 != NULL && a4 != NULL && a5 != NULL && a6 != NULL, ("couldn't append to ACL.")); } /* * 3. The final six ACEs are adjusted according to the incoming mode. */ if (mode & S_IRUSR) a2->ae_perm |= ACL_READ_DATA; else a1->ae_perm |= ACL_READ_DATA; if (mode & S_IWUSR) a2->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); else a1->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); if (mode & S_IXUSR) a2->ae_perm |= ACL_EXECUTE; else a1->ae_perm |= ACL_EXECUTE; if (mode & S_IRGRP) a4->ae_perm |= ACL_READ_DATA; else a3->ae_perm |= ACL_READ_DATA; if (mode & S_IWGRP) a4->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); else a3->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); if (mode & S_IXGRP) a4->ae_perm |= ACL_EXECUTE; else a3->ae_perm |= ACL_EXECUTE; if (mode & S_IROTH) a6->ae_perm |= ACL_READ_DATA; else a5->ae_perm |= ACL_READ_DATA; if (mode & S_IWOTH) a6->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); else a5->ae_perm |= (ACL_WRITE_DATA | ACL_APPEND_DATA); if (mode & S_IXOTH) a6->ae_perm |= ACL_EXECUTE; else a5->ae_perm |= ACL_EXECUTE; } #ifdef _KERNEL void acl_nfs4_sync_acl_from_mode(struct acl *aclp, mode_t mode, int file_owner_id) { if (acl_nfs4_old_semantics) acl_nfs4_sync_acl_from_mode_draft(aclp, mode, file_owner_id); else acl_nfs4_trivial_from_mode(aclp, mode); } #endif /* _KERNEL */ void acl_nfs4_sync_mode_from_acl(mode_t *_mode, const struct acl *aclp) { int i; mode_t old_mode = *_mode, mode = 0, seen = 0; const struct acl_entry *entry; KASSERT(aclp->acl_cnt <= ACL_MAX_ENTRIES, ("aclp->acl_cnt <= ACL_MAX_ENTRIES")); /* * NFSv4 Minor Version 1, draft-ietf-nfsv4-minorversion1-03.txt * * 3.16.6.1. Recomputing mode upon SETATTR of ACL */ for (i = 0; i < aclp->acl_cnt; i++) { entry = &(aclp->acl_entry[i]); if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) continue; if (entry->ae_flags & ACL_ENTRY_INHERIT_ONLY) continue; if (entry->ae_tag == ACL_USER_OBJ) { if ((entry->ae_perm & ACL_READ_DATA) && ((seen & S_IRUSR) == 0)) { seen |= S_IRUSR; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IRUSR; } if ((entry->ae_perm & ACL_WRITE_DATA) && ((seen & S_IWUSR) == 0)) { seen |= S_IWUSR; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IWUSR; } if ((entry->ae_perm & ACL_EXECUTE) && ((seen & S_IXUSR) == 0)) { seen |= S_IXUSR; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IXUSR; } } else if (entry->ae_tag == ACL_GROUP_OBJ) { if ((entry->ae_perm & ACL_READ_DATA) && ((seen & S_IRGRP) == 0)) { seen |= S_IRGRP; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IRGRP; } if ((entry->ae_perm & ACL_WRITE_DATA) && ((seen & S_IWGRP) == 0)) { seen |= S_IWGRP; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IWGRP; } if ((entry->ae_perm & ACL_EXECUTE) && ((seen & S_IXGRP) == 0)) { seen |= S_IXGRP; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IXGRP; } } else if (entry->ae_tag == ACL_EVERYONE) { if (entry->ae_perm & ACL_READ_DATA) { if ((seen & S_IRUSR) == 0) { seen |= S_IRUSR; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IRUSR; } if ((seen & S_IRGRP) == 0) { seen |= S_IRGRP; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IRGRP; } if ((seen & S_IROTH) == 0) { seen |= S_IROTH; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IROTH; } } if (entry->ae_perm & ACL_WRITE_DATA) { if ((seen & S_IWUSR) == 0) { seen |= S_IWUSR; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IWUSR; } if ((seen & S_IWGRP) == 0) { seen |= S_IWGRP; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IWGRP; } if ((seen & S_IWOTH) == 0) { seen |= S_IWOTH; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IWOTH; } } if (entry->ae_perm & ACL_EXECUTE) { if ((seen & S_IXUSR) == 0) { seen |= S_IXUSR; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IXUSR; } if ((seen & S_IXGRP) == 0) { seen |= S_IXGRP; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IXGRP; } if ((seen & S_IXOTH) == 0) { seen |= S_IXOTH; if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) mode |= S_IXOTH; } } } } *_mode = mode | (old_mode & ACL_PRESERVE_MASK); } #ifdef _KERNEL /* * Calculate inherited ACL in a manner compatible with NFSv4 Minor Version 1, * draft-ietf-nfsv4-minorversion1-03.txt. */ static void acl_nfs4_compute_inherited_acl_draft(const struct acl *parent_aclp, struct acl *child_aclp, mode_t mode, int file_owner_id, int is_directory) { int i, flags; const struct acl_entry *parent_entry; struct acl_entry *entry, *copy; KASSERT(child_aclp->acl_cnt == 0, ("child_aclp->acl_cnt == 0")); KASSERT(parent_aclp->acl_cnt <= ACL_MAX_ENTRIES, ("parent_aclp->acl_cnt <= ACL_MAX_ENTRIES")); /* * NFSv4 Minor Version 1, draft-ietf-nfsv4-minorversion1-03.txt * * 3.16.6.2. Applying the mode given to CREATE or OPEN * to an inherited ACL */ /* * 1. Form an ACL that is the concatenation of all inheritable ACEs. */ for (i = 0; i < parent_aclp->acl_cnt; i++) { parent_entry = &(parent_aclp->acl_entry[i]); flags = parent_entry->ae_flags; /* * Entry is not inheritable at all. */ if ((flags & (ACL_ENTRY_DIRECTORY_INHERIT | ACL_ENTRY_FILE_INHERIT)) == 0) continue; /* * We're creating a file, but entry is not inheritable * by files. */ if (!is_directory && (flags & ACL_ENTRY_FILE_INHERIT) == 0) continue; /* * Entry is inheritable only by files, but has NO_PROPAGATE * flag set, and we're creating a directory, so it wouldn't * propagate to any file in that directory anyway. */ if (is_directory && (flags & ACL_ENTRY_DIRECTORY_INHERIT) == 0 && (flags & ACL_ENTRY_NO_PROPAGATE_INHERIT)) continue; KASSERT(child_aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES, ("child_aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES")); child_aclp->acl_entry[child_aclp->acl_cnt] = *parent_entry; child_aclp->acl_cnt++; } /* * 2. For each entry in the new ACL, adjust its flags, possibly * creating two entries in place of one. */ for (i = 0; i < child_aclp->acl_cnt; i++) { entry = &(child_aclp->acl_entry[i]); /* * This is not in the specification, but SunOS * apparently does that. */ if (((entry->ae_flags & ACL_ENTRY_NO_PROPAGATE_INHERIT) || !is_directory) && entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) entry->ae_perm &= ~(ACL_WRITE_ACL | ACL_WRITE_OWNER); /* * 2.A. If the ACL_ENTRY_NO_PROPAGATE_INHERIT is set, or if the object * being created is not a directory, then clear the * following flags: ACL_ENTRY_NO_PROPAGATE_INHERIT, * ACL_ENTRY_FILE_INHERIT, ACL_ENTRY_DIRECTORY_INHERIT, * ACL_ENTRY_INHERIT_ONLY. */ if (entry->ae_flags & ACL_ENTRY_NO_PROPAGATE_INHERIT || !is_directory) { entry->ae_flags &= ~(ACL_ENTRY_NO_PROPAGATE_INHERIT | ACL_ENTRY_FILE_INHERIT | ACL_ENTRY_DIRECTORY_INHERIT | ACL_ENTRY_INHERIT_ONLY); /* * Continue on to the next ACE. */ continue; } /* * 2.B. If the object is a directory and ACL_ENTRY_FILE_INHERIT * is set, but ACL_ENTRY_NO_PROPAGATE_INHERIT is not set, ensure * that ACL_ENTRY_INHERIT_ONLY is set. Continue to the * next ACE. Otherwise... */ /* * XXX: Read it again and make sure what does the "otherwise" * apply to. */ if (is_directory && (entry->ae_flags & ACL_ENTRY_FILE_INHERIT) && ((entry->ae_flags & ACL_ENTRY_DIRECTORY_INHERIT) == 0)) { entry->ae_flags |= ACL_ENTRY_INHERIT_ONLY; continue; } /* * 2.C. If the type of the ACE is neither ALLOW nor deny, * then continue. */ if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) continue; /* * 2.D. Copy the original ACE into a second, adjacent ACE. */ copy = _acl_duplicate_entry(child_aclp, i); /* * 2.E. On the first ACE, ensure that ACL_ENTRY_INHERIT_ONLY * is set. */ entry->ae_flags |= ACL_ENTRY_INHERIT_ONLY; /* * 2.F. On the second ACE, clear the following flags: * ACL_ENTRY_NO_PROPAGATE_INHERIT, ACL_ENTRY_FILE_INHERIT, * ACL_ENTRY_DIRECTORY_INHERIT, ACL_ENTRY_INHERIT_ONLY. */ copy->ae_flags &= ~(ACL_ENTRY_NO_PROPAGATE_INHERIT | ACL_ENTRY_FILE_INHERIT | ACL_ENTRY_DIRECTORY_INHERIT | ACL_ENTRY_INHERIT_ONLY); /* * 2.G. On the second ACE, if the type is ALLOW, * an implementation MAY clear the following * mask bits: ACL_WRITE_ACL, ACL_WRITE_OWNER. */ if (copy->ae_entry_type == ACL_ENTRY_TYPE_ALLOW) copy->ae_perm &= ~(ACL_WRITE_ACL | ACL_WRITE_OWNER); /* * Increment the counter to skip the copied entry. */ i++; } /* * 3. To ensure that the mode is honored, apply the algorithm describe * in Section 2.16.6.3, using the mode that is to be used for file * creation. */ acl_nfs4_sync_acl_from_mode(child_aclp, mode, file_owner_id); } #endif /* _KERNEL */ /* * Populate the ACL with entries inherited from parent_aclp. */ static void acl_nfs4_inherit_entries(const struct acl *parent_aclp, struct acl *child_aclp, mode_t mode, int file_owner_id, int is_directory) { int i, flags, tag; const struct acl_entry *parent_entry; struct acl_entry *entry; KASSERT(parent_aclp->acl_cnt <= ACL_MAX_ENTRIES, ("parent_aclp->acl_cnt <= ACL_MAX_ENTRIES")); for (i = 0; i < parent_aclp->acl_cnt; i++) { parent_entry = &(parent_aclp->acl_entry[i]); flags = parent_entry->ae_flags; tag = parent_entry->ae_tag; /* * Don't inherit owner@, group@, or everyone@ entries. */ if (tag == ACL_USER_OBJ || tag == ACL_GROUP_OBJ || tag == ACL_EVERYONE) continue; /* * Entry is not inheritable at all. */ if ((flags & (ACL_ENTRY_DIRECTORY_INHERIT | ACL_ENTRY_FILE_INHERIT)) == 0) continue; /* * We're creating a file, but entry is not inheritable * by files. */ if (!is_directory && (flags & ACL_ENTRY_FILE_INHERIT) == 0) continue; /* * Entry is inheritable only by files, but has NO_PROPAGATE * flag set, and we're creating a directory, so it wouldn't * propagate to any file in that directory anyway. */ if (is_directory && (flags & ACL_ENTRY_DIRECTORY_INHERIT) == 0 && (flags & ACL_ENTRY_NO_PROPAGATE_INHERIT)) continue; /* * Entry qualifies for being inherited. */ KASSERT(child_aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES, ("child_aclp->acl_cnt + 1 <= ACL_MAX_ENTRIES")); entry = &(child_aclp->acl_entry[child_aclp->acl_cnt]); *entry = *parent_entry; child_aclp->acl_cnt++; entry->ae_flags &= ~ACL_ENTRY_INHERIT_ONLY; entry->ae_flags |= ACL_ENTRY_INHERITED; /* * If the type of the ACE is neither ALLOW nor DENY, * then leave it as it is and proceed to the next one. */ if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) continue; /* * If the ACL_ENTRY_NO_PROPAGATE_INHERIT is set, or if * the object being created is not a directory, then clear * the following flags: ACL_ENTRY_NO_PROPAGATE_INHERIT, * ACL_ENTRY_FILE_INHERIT, ACL_ENTRY_DIRECTORY_INHERIT, * ACL_ENTRY_INHERIT_ONLY. */ if (entry->ae_flags & ACL_ENTRY_NO_PROPAGATE_INHERIT || !is_directory) { entry->ae_flags &= ~(ACL_ENTRY_NO_PROPAGATE_INHERIT | ACL_ENTRY_FILE_INHERIT | ACL_ENTRY_DIRECTORY_INHERIT | ACL_ENTRY_INHERIT_ONLY); } /* * If the object is a directory and ACL_ENTRY_FILE_INHERIT * is set, but ACL_ENTRY_DIRECTORY_INHERIT is not set, ensure * that ACL_ENTRY_INHERIT_ONLY is set. */ if (is_directory && (entry->ae_flags & ACL_ENTRY_FILE_INHERIT) && ((entry->ae_flags & ACL_ENTRY_DIRECTORY_INHERIT) == 0)) { entry->ae_flags |= ACL_ENTRY_INHERIT_ONLY; } if (entry->ae_entry_type == ACL_ENTRY_TYPE_ALLOW && (entry->ae_flags & ACL_ENTRY_INHERIT_ONLY) == 0) { /* * Some permissions must never be inherited. */ entry->ae_perm &= ~(ACL_WRITE_ACL | ACL_WRITE_OWNER | ACL_WRITE_NAMED_ATTRS | ACL_WRITE_ATTRIBUTES); /* * Others must be masked according to the file mode. */ if ((mode & S_IRGRP) == 0) entry->ae_perm &= ~ACL_READ_DATA; if ((mode & S_IWGRP) == 0) entry->ae_perm &= ~(ACL_WRITE_DATA | ACL_APPEND_DATA); if ((mode & S_IXGRP) == 0) entry->ae_perm &= ~ACL_EXECUTE; } } } /* * Calculate inherited ACL in a manner compatible with PSARC/2010/029. * It's also being used to calculate a trivial ACL, by inheriting from * a NULL ACL. */ static void acl_nfs4_compute_inherited_acl_psarc(const struct acl *parent_aclp, struct acl *aclp, mode_t mode, int file_owner_id, int is_directory) { acl_perm_t user_allow_first = 0, user_deny = 0, group_deny = 0; acl_perm_t user_allow, group_allow, everyone_allow; KASSERT(aclp->acl_cnt == 0, ("aclp->acl_cnt == 0")); user_allow = group_allow = everyone_allow = ACL_READ_ACL | ACL_READ_ATTRIBUTES | ACL_READ_NAMED_ATTRS | ACL_SYNCHRONIZE; user_allow |= ACL_WRITE_ACL | ACL_WRITE_OWNER | ACL_WRITE_ATTRIBUTES | ACL_WRITE_NAMED_ATTRS; if (mode & S_IRUSR) user_allow |= ACL_READ_DATA; if (mode & S_IWUSR) user_allow |= (ACL_WRITE_DATA | ACL_APPEND_DATA); if (mode & S_IXUSR) user_allow |= ACL_EXECUTE; if (mode & S_IRGRP) group_allow |= ACL_READ_DATA; if (mode & S_IWGRP) group_allow |= (ACL_WRITE_DATA | ACL_APPEND_DATA); if (mode & S_IXGRP) group_allow |= ACL_EXECUTE; if (mode & S_IROTH) everyone_allow |= ACL_READ_DATA; if (mode & S_IWOTH) everyone_allow |= (ACL_WRITE_DATA | ACL_APPEND_DATA); if (mode & S_IXOTH) everyone_allow |= ACL_EXECUTE; user_deny = ((group_allow | everyone_allow) & ~user_allow); group_deny = everyone_allow & ~group_allow; user_allow_first = group_deny & ~user_deny; if (user_allow_first != 0) _acl_append(aclp, ACL_USER_OBJ, user_allow_first, ACL_ENTRY_TYPE_ALLOW); if (user_deny != 0) _acl_append(aclp, ACL_USER_OBJ, user_deny, ACL_ENTRY_TYPE_DENY); if (group_deny != 0) _acl_append(aclp, ACL_GROUP_OBJ, group_deny, ACL_ENTRY_TYPE_DENY); if (parent_aclp != NULL) acl_nfs4_inherit_entries(parent_aclp, aclp, mode, file_owner_id, is_directory); _acl_append(aclp, ACL_USER_OBJ, user_allow, ACL_ENTRY_TYPE_ALLOW); _acl_append(aclp, ACL_GROUP_OBJ, group_allow, ACL_ENTRY_TYPE_ALLOW); _acl_append(aclp, ACL_EVERYONE, everyone_allow, ACL_ENTRY_TYPE_ALLOW); } #ifdef _KERNEL void acl_nfs4_compute_inherited_acl(const struct acl *parent_aclp, struct acl *child_aclp, mode_t mode, int file_owner_id, int is_directory) { if (acl_nfs4_old_semantics) acl_nfs4_compute_inherited_acl_draft(parent_aclp, child_aclp, mode, file_owner_id, is_directory); else acl_nfs4_compute_inherited_acl_psarc(parent_aclp, child_aclp, mode, file_owner_id, is_directory); } #endif /* _KERNEL */ /* * Calculate trivial ACL in a manner compatible with PSARC/2010/029. * Note that this results in an ACL different from (but semantically * equal to) the "canonical six" trivial ACL computed using algorithm * described in draft-ietf-nfsv4-minorversion1-03.txt, 3.16.6.2. */ static void acl_nfs4_trivial_from_mode(struct acl *aclp, mode_t mode) { aclp->acl_cnt = 0; acl_nfs4_compute_inherited_acl_psarc(NULL, aclp, mode, -1, -1); } #ifndef _KERNEL /* * This routine is used by libc to implement acl_strip_np(3) * and acl_is_trivial_np(3). */ void acl_nfs4_trivial_from_mode_libc(struct acl *aclp, int mode, int canonical_six) { aclp->acl_cnt = 0; if (canonical_six) acl_nfs4_sync_acl_from_mode_draft(aclp, mode, -1); else acl_nfs4_trivial_from_mode(aclp, mode); } #endif /* !_KERNEL */ #ifdef _KERNEL static int _acls_are_equal(const struct acl *a, const struct acl *b) { int i; const struct acl_entry *entrya, *entryb; if (a->acl_cnt != b->acl_cnt) return (0); for (i = 0; i < b->acl_cnt; i++) { entrya = &(a->acl_entry[i]); entryb = &(b->acl_entry[i]); if (entrya->ae_tag != entryb->ae_tag || entrya->ae_id != entryb->ae_id || entrya->ae_perm != entryb->ae_perm || entrya->ae_entry_type != entryb->ae_entry_type || entrya->ae_flags != entryb->ae_flags) return (0); } return (1); } /* * This routine is used to determine whether to remove extended attribute * that stores ACL contents. */ int acl_nfs4_is_trivial(const struct acl *aclp, int file_owner_id) { int trivial; mode_t tmpmode = 0; struct acl *tmpaclp; if (aclp->acl_cnt > 6) return (0); /* * Compute the mode from the ACL, then compute new ACL from that mode. * If the ACLs are identical, then the ACL is trivial. * * XXX: I guess there is a faster way to do this. However, even * this slow implementation significantly speeds things up * for files that don't have non-trivial ACLs - it's critical * for performance to not use EA when they are not needed. * * First try the PSARC/2010/029 semantics. */ tmpaclp = acl_alloc(M_WAITOK | M_ZERO); acl_nfs4_sync_mode_from_acl(&tmpmode, aclp); acl_nfs4_trivial_from_mode(tmpaclp, tmpmode); trivial = _acls_are_equal(aclp, tmpaclp); if (trivial) { acl_free(tmpaclp); return (trivial); } /* * Check if it's a draft-ietf-nfsv4-minorversion1-03.txt trivial ACL. */ tmpaclp->acl_cnt = 0; acl_nfs4_sync_acl_from_mode_draft(tmpaclp, tmpmode, file_owner_id); trivial = _acls_are_equal(aclp, tmpaclp); acl_free(tmpaclp); return (trivial); } #endif /* _KERNEL */ int acl_nfs4_check(const struct acl *aclp, int is_directory) { int i; const struct acl_entry *entry; /* * The spec doesn't seem to say anything about ACL validity. * It seems there is not much to do here. There is even no need * to count "owner@" or "everyone@" (ACL_USER_OBJ and ACL_EVERYONE) * entries, as there can be several of them and that's perfectly * valid. There can be none of them too. Really. */ if (aclp->acl_cnt > ACL_MAX_ENTRIES || aclp->acl_cnt <= 0) return (EINVAL); for (i = 0; i < aclp->acl_cnt; i++) { entry = &(aclp->acl_entry[i]); switch (entry->ae_tag) { case ACL_USER_OBJ: case ACL_GROUP_OBJ: case ACL_EVERYONE: if (entry->ae_id != ACL_UNDEFINED_ID) return (EINVAL); break; case ACL_USER: case ACL_GROUP: if (entry->ae_id == ACL_UNDEFINED_ID) return (EINVAL); break; default: return (EINVAL); } if ((entry->ae_perm | ACL_NFS4_PERM_BITS) != ACL_NFS4_PERM_BITS) return (EINVAL); /* * Disallow ACL_ENTRY_TYPE_AUDIT and ACL_ENTRY_TYPE_ALARM for now. */ if (entry->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && entry->ae_entry_type != ACL_ENTRY_TYPE_DENY) return (EINVAL); if ((entry->ae_flags | ACL_FLAGS_BITS) != ACL_FLAGS_BITS) return (EINVAL); /* Disallow unimplemented flags. */ if (entry->ae_flags & (ACL_ENTRY_SUCCESSFUL_ACCESS | ACL_ENTRY_FAILED_ACCESS)) return (EINVAL); /* Disallow flags not allowed for ordinary files. */ if (!is_directory) { if (entry->ae_flags & (ACL_ENTRY_FILE_INHERIT | ACL_ENTRY_DIRECTORY_INHERIT | ACL_ENTRY_NO_PROPAGATE_INHERIT | ACL_ENTRY_INHERIT_ONLY)) return (EINVAL); } } return (0); } #ifdef _KERNEL static int acl_nfs4_modload(module_t module, int what, void *arg) { int ret; ret = 0; switch (what) { case MOD_LOAD: case MOD_SHUTDOWN: break; case MOD_QUIESCE: /* XXX TODO */ ret = 0; break; case MOD_UNLOAD: /* XXX TODO */ ret = 0; break; default: ret = EINVAL; break; } return (ret); } static moduledata_t acl_nfs4_mod = { "acl_nfs4", acl_nfs4_modload, NULL }; /* * XXX TODO: which subsystem, order? */ DECLARE_MODULE(acl_nfs4, acl_nfs4_mod, SI_SUB_VFS, SI_ORDER_FIRST); MODULE_VERSION(acl_nfs4, 1); #endif /* _KERNEL */ Index: head/sys/sys/loginclass.h =================================================================== --- head/sys/sys/loginclass.h (revision 367104) +++ head/sys/sys/loginclass.h (revision 367105) @@ -1,56 +1,55 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2011 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _SYS_LOGINCLASS_H_ #define _SYS_LOGINCLASS_H_ struct racct; /* * Exactly one of these structures exists per login class. */ struct loginclass { LIST_ENTRY(loginclass) lc_next; char lc_name[MAXLOGNAME]; u_int lc_refcount; struct racct *lc_racct; }; void loginclass_hold(struct loginclass *lc); void loginclass_free(struct loginclass *lc); struct loginclass *loginclass_find(const char *name); void loginclass_racct_foreach(void (*callback)(struct racct *racct, void *arg2, void *arg3), void (*pre)(void), void (*post)(void), void *arg2, void *arg3); #endif /* !_SYS_LOGINCLASS_H_ */ Index: head/sys/sys/racct.h =================================================================== --- head/sys/sys/racct.h (revision 367104) +++ head/sys/sys/racct.h (revision 367105) @@ -1,283 +1,282 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * Resource accounting. */ #ifndef _RACCT_H_ #define _RACCT_H_ #include #include #include #include #include struct buf; struct proc; struct rctl_rule_link; struct ucred; /* * Resources. */ #define RACCT_UNDEFINED -1 #define RACCT_CPU 0 #define RACCT_DATA 1 #define RACCT_STACK 2 #define RACCT_CORE 3 #define RACCT_RSS 4 #define RACCT_MEMLOCK 5 #define RACCT_NPROC 6 #define RACCT_NOFILE 7 #define RACCT_VMEM 8 #define RACCT_NPTS 9 #define RACCT_SWAP 10 #define RACCT_NTHR 11 #define RACCT_MSGQQUEUED 12 #define RACCT_MSGQSIZE 13 #define RACCT_NMSGQ 14 #define RACCT_NSEM 15 #define RACCT_NSEMOP 16 #define RACCT_NSHM 17 #define RACCT_SHMSIZE 18 #define RACCT_WALLCLOCK 19 #define RACCT_PCTCPU 20 #define RACCT_READBPS 21 #define RACCT_WRITEBPS 22 #define RACCT_READIOPS 23 #define RACCT_WRITEIOPS 24 #define RACCT_MAX RACCT_WRITEIOPS /* * Resource properties. */ #define RACCT_IN_MILLIONS 0x01 #define RACCT_RECLAIMABLE 0x02 #define RACCT_INHERITABLE 0x04 #define RACCT_DENIABLE 0x08 #define RACCT_SLOPPY 0x10 #define RACCT_DECAYING 0x20 extern int racct_types[]; extern bool racct_enable; #define ASSERT_RACCT_ENABLED() KASSERT(racct_enable, \ ("%s called with !racct_enable", __func__)) /* * Amount stored in c_resources[] is 10**6 times bigger than what's * visible to the userland. It gets fixed up when retrieving resource * usage or adding rules. */ #define RACCT_IS_IN_MILLIONS(X) \ ((X) != RACCT_UNDEFINED && (racct_types[(X)] & RACCT_IN_MILLIONS) != 0) /* * Resource usage can drop, as opposed to only grow. When the process * terminates, its resource usage is subtracted from the respective * per-credential racct containers. */ #define RACCT_IS_RECLAIMABLE(X) (racct_types[X] & RACCT_RECLAIMABLE) /* * Children inherit resource usage. */ #define RACCT_IS_INHERITABLE(X) (racct_types[X] & RACCT_INHERITABLE) /* * racct_{add,set}(9) can actually return an error and not update resource * usage counters. Note that even when resource is not deniable, allocating * resource might cause signals to be sent by RCTL code. */ #define RACCT_IS_DENIABLE(X) (racct_types[X] & RACCT_DENIABLE) /* * Per-process resource usage information makes no sense, but per-credential * one does. This kind of resources are usually allocated for process, but * freed using credentials. */ #define RACCT_IS_SLOPPY(X) (racct_types[X] & RACCT_SLOPPY) /* * When a process terminates, its resource usage is not automatically * subtracted from per-credential racct containers. Instead, the resource * usage of per-credential racct containers decays in time. * Resource usage can also drop for such resource. */ #define RACCT_IS_DECAYING(X) (racct_types[X] & RACCT_DECAYING) /* * Resource usage can drop, as opposed to only grow. */ #define RACCT_CAN_DROP(X) (RACCT_IS_RECLAIMABLE(X) | RACCT_IS_DECAYING(X)) /* * The 'racct' structure defines resource consumption for a particular * subject, such as process or jail. * * This structure must be filled with zeroes initially. */ struct racct { int64_t r_resources[RACCT_MAX + 1]; LIST_HEAD(, rctl_rule_link) r_rule_links; }; SYSCTL_DECL(_kern_racct); #ifdef RACCT extern struct mtx racct_lock; #define RACCT_LOCK() mtx_lock(&racct_lock) #define RACCT_UNLOCK() mtx_unlock(&racct_lock) #define RACCT_LOCK_ASSERT() mtx_assert(&racct_lock, MA_OWNED) #define RACCT_ENABLED() __predict_false(racct_enable) #define RACCT_PROC_LOCK(p) do { \ if (RACCT_ENABLED()) \ PROC_LOCK(p); \ } while (0) #define RACCT_PROC_UNLOCK(p) do { \ if (RACCT_ENABLED()) \ PROC_UNLOCK(p); \ } while (0) int racct_add(struct proc *p, int resource, uint64_t amount); void racct_add_cred(struct ucred *cred, int resource, uint64_t amount); void racct_add_force(struct proc *p, int resource, uint64_t amount); void racct_add_buf(struct proc *p, const struct buf *bufp, int is_write); int racct_set(struct proc *p, int resource, uint64_t amount); int racct_set_unlocked(struct proc *p, int resource, uint64_t amount); void racct_set_force(struct proc *p, int resource, uint64_t amount); void racct_sub(struct proc *p, int resource, uint64_t amount); void racct_sub_cred(struct ucred *cred, int resource, uint64_t amount); uint64_t racct_get_limit(struct proc *p, int resource); uint64_t racct_get_available(struct proc *p, int resource); void racct_create(struct racct **racctp); void racct_destroy(struct racct **racctp); int racct_proc_fork(struct proc *parent, struct proc *child); void racct_proc_fork_done(struct proc *child); void racct_proc_exit(struct proc *p); void racct_proc_ucred_changed(struct proc *p, struct ucred *oldcred, struct ucred *newcred); void racct_move(struct racct *dest, struct racct *src); void racct_proc_throttled(struct proc *p); void racct_proc_throttle(struct proc *p, int timeout); #else #define RACCT_PROC_LOCK(p) do { } while (0) #define RACCT_PROC_UNLOCK(p) do { } while (0) static inline int racct_add(struct proc *p, int resource, uint64_t amount) { return (0); } static inline void racct_add_cred(struct ucred *cred, int resource, uint64_t amount) { } static inline void racct_add_force(struct proc *p, int resource, uint64_t amount) { } static inline int racct_set(struct proc *p, int resource, uint64_t amount) { return (0); } static inline void racct_set_force(struct proc *p, int resource, uint64_t amount) { } static inline void racct_sub(struct proc *p, int resource, uint64_t amount) { } static inline void racct_sub_cred(struct ucred *cred, int resource, uint64_t amount) { } static inline uint64_t racct_get_limit(struct proc *p, int resource) { return (UINT64_MAX); } static inline uint64_t racct_get_available(struct proc *p, int resource) { return (UINT64_MAX); } #define racct_create(x) #define racct_destroy(x) static inline int racct_proc_fork(struct proc *parent, struct proc *child) { return (0); } static inline void racct_proc_fork_done(struct proc *child) { } static inline void racct_proc_exit(struct proc *p) { } #endif #endif /* !_RACCT_H_ */ Index: head/sys/sys/rctl.h =================================================================== --- head/sys/sys/rctl.h (revision 367104) +++ head/sys/sys/rctl.h (revision 367105) @@ -1,174 +1,173 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * Resource Limits. */ #ifndef _RCTL_H_ #define _RCTL_H_ #include #include #include #include struct proc; struct uidinfo; struct loginclass; struct prison_racct; struct ucred; struct rctl_rule_link; #ifdef _KERNEL /* * Rules describe an action to be taken when conditions defined * in the rule are met. There is no global list of rules; instead, * rules are linked to by the racct structures for all the subjects * they apply to - for example, a rule of type "user" is linked to the * appropriate struct uidinfo, and to all the processes of that user. * * 'rr_refcount' is equal to the number of rctl_rule_link structures * pointing to the rule. * * This structure must never change after being added, via rctl_rule_link * structures, to subjects. In order to change a rule, add a new rule * and remove the previous one. */ struct rctl_rule { int rr_subject_type; union { struct proc *rs_proc; struct uidinfo *rs_uip; struct loginclass *rs_loginclass; struct prison_racct *rs_prison_racct; } rr_subject; int rr_per; int rr_resource; int rr_action; int64_t rr_amount; u_int rr_refcount; struct task rr_task; }; /* * Allowed values for rr_subject_type and rr_per fields. */ #define RCTL_SUBJECT_TYPE_UNDEFINED -1 #define RCTL_SUBJECT_TYPE_PROCESS 0x0000 #define RCTL_SUBJECT_TYPE_USER 0x0001 #define RCTL_SUBJECT_TYPE_LOGINCLASS 0x0003 #define RCTL_SUBJECT_TYPE_JAIL 0x0004 #define RCTL_SUBJECT_TYPE_MAX RCTL_SUBJECT_TYPE_JAIL /* * Allowed values for rr_action field. */ #define RCTL_ACTION_UNDEFINED -1 #define RCTL_ACTION_SIGHUP SIGHUP #define RCTL_ACTION_SIGINT SIGINT #define RCTL_ACTION_SIGQUIT SIGQUIT #define RCTL_ACTION_SIGILL SIGILL #define RCTL_ACTION_SIGTRAP SIGTRAP #define RCTL_ACTION_SIGABRT SIGABRT #define RCTL_ACTION_SIGEMT SIGEMT #define RCTL_ACTION_SIGFPE SIGFPE #define RCTL_ACTION_SIGKILL SIGKILL #define RCTL_ACTION_SIGBUS SIGBUS #define RCTL_ACTION_SIGSEGV SIGSEGV #define RCTL_ACTION_SIGSYS SIGSYS #define RCTL_ACTION_SIGPIPE SIGPIPE #define RCTL_ACTION_SIGALRM SIGALRM #define RCTL_ACTION_SIGTERM SIGTERM #define RCTL_ACTION_SIGURG SIGURG #define RCTL_ACTION_SIGSTOP SIGSTOP #define RCTL_ACTION_SIGTSTP SIGTSTP #define RCTL_ACTION_SIGCHLD SIGCHLD #define RCTL_ACTION_SIGTTIN SIGTTIN #define RCTL_ACTION_SIGTTOU SIGTTOU #define RCTL_ACTION_SIGIO SIGIO #define RCTL_ACTION_SIGXCPU SIGXCPU #define RCTL_ACTION_SIGXFSZ SIGXFSZ #define RCTL_ACTION_SIGVTALRM SIGVTALRM #define RCTL_ACTION_SIGPROF SIGPROF #define RCTL_ACTION_SIGWINCH SIGWINCH #define RCTL_ACTION_SIGINFO SIGINFO #define RCTL_ACTION_SIGUSR1 SIGUSR1 #define RCTL_ACTION_SIGUSR2 SIGUSR2 #define RCTL_ACTION_SIGTHR SIGTHR #define RCTL_ACTION_SIGNAL_MAX RCTL_ACTION_SIGTHR #define RCTL_ACTION_DENY (RCTL_ACTION_SIGNAL_MAX + 1) #define RCTL_ACTION_LOG (RCTL_ACTION_SIGNAL_MAX + 2) #define RCTL_ACTION_DEVCTL (RCTL_ACTION_SIGNAL_MAX + 3) #define RCTL_ACTION_THROTTLE (RCTL_ACTION_SIGNAL_MAX + 4) #define RCTL_ACTION_MAX RCTL_ACTION_THROTTLE #define RCTL_AMOUNT_UNDEFINED -1 struct rctl_rule *rctl_rule_alloc(int flags); struct rctl_rule *rctl_rule_duplicate(const struct rctl_rule *rule, int flags); void rctl_rule_acquire(struct rctl_rule *rule); void rctl_rule_release(struct rctl_rule *rule); int rctl_rule_add(struct rctl_rule *rule); int rctl_rule_remove(struct rctl_rule *filter); int rctl_enforce(struct proc *p, int resource, uint64_t amount); void rctl_throttle_decay(struct racct *racct, int resource); int64_t rctl_pcpu_available(const struct proc *p); uint64_t rctl_get_limit(struct proc *p, int resource); uint64_t rctl_get_available(struct proc *p, int resource); const char *rctl_resource_name(int resource); void rctl_proc_ucred_changed(struct proc *p, struct ucred *newcred); int rctl_proc_fork(struct proc *parent, struct proc *child); void rctl_racct_release(struct racct *racct); #else /* !_KERNEL */ /* * Syscall interface. */ __BEGIN_DECLS int rctl_get_racct(const char *inbufp, size_t inbuflen, char *outbufp, size_t outbuflen); int rctl_get_rules(const char *inbufp, size_t inbuflen, char *outbufp, size_t outbuflen); int rctl_get_limits(const char *inbufp, size_t inbuflen, char *outbufp, size_t outbuflen); int rctl_add_rule(const char *inbufp, size_t inbuflen, char *outbufp, size_t outbuflen); int rctl_remove_rule(const char *inbufp, size_t inbuflen, char *outbufp, size_t outbuflen); __END_DECLS #endif /* !_KERNEL */ #endif /* !_RCTL_H_ */ Index: head/sys/ufs/ffs/ffs_suspend.c =================================================================== --- head/sys/ufs/ffs/ffs_suspend.c (revision 367104) +++ head/sys/ufs/ffs/ffs_suspend.c (revision 367105) @@ -1,354 +1,353 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static d_open_t ffs_susp_open; static d_write_t ffs_susp_rdwr; static d_ioctl_t ffs_susp_ioctl; static struct cdevsw ffs_susp_cdevsw = { .d_version = D_VERSION, .d_open = ffs_susp_open, .d_read = ffs_susp_rdwr, .d_write = ffs_susp_rdwr, .d_ioctl = ffs_susp_ioctl, .d_name = "ffs_susp", }; static struct cdev *ffs_susp_dev; static struct sx ffs_susp_lock; static int ffs_susp_suspended(struct mount *mp) { struct ufsmount *ump; sx_assert(&ffs_susp_lock, SA_LOCKED); ump = VFSTOUFS(mp); if ((ump->um_flags & UM_WRITESUSPENDED) != 0) return (1); return (0); } static int ffs_susp_open(struct cdev *dev __unused, int flags __unused, int fmt __unused, struct thread *td __unused) { return (0); } static int ffs_susp_rdwr(struct cdev *dev, struct uio *uio, int ioflag) { int error, i; struct vnode *devvp; struct mount *mp; struct ufsmount *ump; struct buf *bp; void *base; size_t len; ssize_t cnt; struct fs *fs; sx_slock(&ffs_susp_lock); error = devfs_get_cdevpriv((void **)&mp); if (error != 0) { sx_sunlock(&ffs_susp_lock); return (ENXIO); } ump = VFSTOUFS(mp); devvp = ump->um_devvp; fs = ump->um_fs; if (ffs_susp_suspended(mp) == 0) { sx_sunlock(&ffs_susp_lock); return (ENXIO); } KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE, ("neither UIO_READ or UIO_WRITE")); KASSERT(uio->uio_segflg == UIO_USERSPACE, ("uio->uio_segflg != UIO_USERSPACE")); cnt = uio->uio_resid; for (i = 0; i < uio->uio_iovcnt; i++) { while (uio->uio_iov[i].iov_len) { base = uio->uio_iov[i].iov_base; len = uio->uio_iov[i].iov_len; if (len > fs->fs_bsize) len = fs->fs_bsize; if (fragoff(fs, uio->uio_offset) != 0 || fragoff(fs, len) != 0) { error = EINVAL; goto out; } error = bread(devvp, btodb(uio->uio_offset), len, NOCRED, &bp); if (error != 0) goto out; if (uio->uio_rw == UIO_WRITE) { error = copyin(base, bp->b_data, len); if (error != 0) { bp->b_flags |= B_INVAL | B_NOCACHE; brelse(bp); goto out; } error = bwrite(bp); if (error != 0) goto out; } else { error = copyout(bp->b_data, base, len); brelse(bp); if (error != 0) goto out; } uio->uio_iov[i].iov_base = (char *)uio->uio_iov[i].iov_base + len; uio->uio_iov[i].iov_len -= len; uio->uio_resid -= len; uio->uio_offset += len; } } out: sx_sunlock(&ffs_susp_lock); if (uio->uio_resid < cnt) return (0); return (error); } static int ffs_susp_suspend(struct mount *mp) { struct ufsmount *ump; int error; sx_assert(&ffs_susp_lock, SA_XLOCKED); if (!ffs_own_mount(mp)) return (EINVAL); if (ffs_susp_suspended(mp)) return (EBUSY); ump = VFSTOUFS(mp); /* * Make sure the calling thread is permitted to access the mounted * device. The permissions can change after we unlock the vnode; * it's harmless. */ vn_lock(ump->um_odevvp, LK_EXCLUSIVE | LK_RETRY); error = VOP_ACCESS(ump->um_odevvp, VREAD | VWRITE, curthread->td_ucred, curthread); VOP_UNLOCK(ump->um_odevvp); if (error != 0) return (error); #ifdef MAC if (mac_mount_check_stat(curthread->td_ucred, mp) != 0) return (EPERM); #endif if ((error = vfs_write_suspend(mp, VS_SKIP_UNMOUNT)) != 0) return (error); UFS_LOCK(ump); ump->um_flags |= UM_WRITESUSPENDED; UFS_UNLOCK(ump); return (0); } static void ffs_susp_unsuspend(struct mount *mp) { struct ufsmount *ump; sx_assert(&ffs_susp_lock, SA_XLOCKED); /* * XXX: The status is kept per-process; the vfs_write_resume() routine * asserts that the resuming thread is the same one that called * vfs_write_suspend(). The cdevpriv data, however, is attached * to the file descriptor, e.g. is inherited during fork. Thus, * it's possible that the resuming process will be different from * the one that started the suspension. * * Work around by fooling the check in vfs_write_resume(). */ mp->mnt_susp_owner = curthread; vfs_write_resume(mp, 0); ump = VFSTOUFS(mp); UFS_LOCK(ump); ump->um_flags &= ~UM_WRITESUSPENDED; UFS_UNLOCK(ump); vfs_unbusy(mp); } static void ffs_susp_dtor(void *data) { struct fs *fs; struct ufsmount *ump; struct mount *mp; int error; sx_xlock(&ffs_susp_lock); mp = (struct mount *)data; ump = VFSTOUFS(mp); fs = ump->um_fs; if (ffs_susp_suspended(mp) == 0) { sx_xunlock(&ffs_susp_lock); return; } KASSERT((mp->mnt_kern_flag & MNTK_SUSPEND) != 0, ("MNTK_SUSPEND not set")); error = ffs_reload(mp, curthread, FFSR_FORCE | FFSR_UNSUSPEND); if (error != 0) panic("failed to unsuspend writes on %s", fs->fs_fsmnt); ffs_susp_unsuspend(mp); sx_xunlock(&ffs_susp_lock); } static int ffs_susp_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td) { struct mount *mp; fsid_t *fsidp; int error; /* * No suspend inside the jail. Allowing it would require making * sure that e.g. the devfs ruleset for that jail permits access * to the devvp. */ if (jailed(td->td_ucred)) return (EPERM); sx_xlock(&ffs_susp_lock); switch (cmd) { case UFSSUSPEND: fsidp = (fsid_t *)addr; mp = vfs_getvfs(fsidp); if (mp == NULL) { error = ENOENT; break; } error = vfs_busy(mp, 0); vfs_rel(mp); if (error != 0) break; error = ffs_susp_suspend(mp); if (error != 0) { vfs_unbusy(mp); break; } error = devfs_set_cdevpriv(mp, ffs_susp_dtor); if (error != 0) ffs_susp_unsuspend(mp); break; case UFSRESUME: error = devfs_get_cdevpriv((void **)&mp); if (error != 0) break; /* * This calls ffs_susp_dtor, which in turn unsuspends the fs. * The dtor expects to be called without lock held, because * sometimes it's called from here, and sometimes due to the * file being closed or process exiting. */ sx_xunlock(&ffs_susp_lock); devfs_clear_cdevpriv(); return (0); default: error = ENXIO; break; } sx_xunlock(&ffs_susp_lock); return (error); } void ffs_susp_initialize(void) { sx_init(&ffs_susp_lock, "ffs_susp"); ffs_susp_dev = make_dev(&ffs_susp_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600, "ufssuspend"); } void ffs_susp_uninitialize(void) { destroy_dev(ffs_susp_dev); sx_destroy(&ffs_susp_lock); } Index: head/tests/sys/acl/00.sh =================================================================== --- head/tests/sys/acl/00.sh (revision 367104) +++ head/tests/sys/acl/00.sh (revision 367105) @@ -1,88 +1,87 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a wrapper script to run tools-posix.test on UFS filesystem. # # If any of the tests fails, here is how to debug it: go to # the directory with problematic filesystem mounted on it, # and do /path/to/test run /path/to/test tools-posix.test, e.g. # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test # # Output should be obvious. if [ $(sysctl -n kern.features.ufs_acl 2>/dev/null || echo 0) -eq 0 ]; then echo "1..0 # SKIP system does not have UFS ACL support" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi echo "1..4" TESTDIR=$(dirname $(realpath $0)) # Set up the test filesystem. MD=`mdconfig -at swap -s 10m` MNT=`mktemp -dt acltools` newfs /dev/$MD > /dev/null trap "cd /; umount -f $MNT; rmdir $MNT; mdconfig -d -u $MD" EXIT mount -o acls /dev/$MD $MNT if [ $? -ne 0 ]; then echo "not ok 1 - mount failed." echo 'Bail out!' exit 1 fi echo "ok 1" cd $MNT # First, check whether we can crash the kernel by creating too many # entries. For some reason this won't work in the test file. touch xxx i=0; while :; do i=$(($i+1)); setfacl -m u:$i:rwx xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done chmod 600 xxx rm xxx echo "ok 2" perl $TESTDIR/run $TESTDIR/tools-posix.test >&2 if [ $? -eq 0 ]; then echo "ok 3" else echo "not ok 3" fi cd / echo "ok 4" Index: head/tests/sys/acl/01.sh =================================================================== --- head/tests/sys/acl/01.sh (revision 367104) +++ head/tests/sys/acl/01.sh (revision 367105) @@ -1,87 +1,86 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a wrapper script to run tools-nfs4.test on ZFS filesystem. # # WARNING: It uses hardcoded ZFS pool name "acltools" # # If any of the tests fails, here is how to debug it: go to # the directory with problematic filesystem mounted on it, # and do /path/to/test run /path/to/test tools-nfs4.test, e.g. # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test # # Output should be obvious. if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then echo "1..0 # SKIP system doesn't have ZFS loaded" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi echo "1..4" TESTDIR=$(dirname $(realpath $0)) # Set up the test filesystem. MD=`mdconfig -at swap -s 64m` MNT=`mktemp -dt acltools` trap "cd /; zpool destroy -f acltools; rmdir $MNT; mdconfig -d -u $MD" EXIT zpool create -m $MNT acltools /dev/$MD if [ $? -ne 0 ]; then echo "not ok 1 - 'zpool create' failed." echo 'Bail out!' exit 1 fi echo "ok 1" cd $MNT # First, check whether we can crash the kernel by creating too many # entries. For some reason this won't work in the test file. touch xxx setfacl -x2 xxx while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done chmod 600 xxx rm xxx echo "ok 2" perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test >&2 if [ $? -eq 0 ]; then echo "ok 3" else echo "not ok 3 # TODO: fails due to ACL changes in ZFS; bug 212323" fi echo "ok 4" Index: head/tests/sys/acl/02.sh =================================================================== --- head/tests/sys/acl/02.sh (revision 367104) +++ head/tests/sys/acl/02.sh (revision 367105) @@ -1,93 +1,92 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a wrapper script to run tools-nfs4.test on UFS filesystem. # # If any of the tests fails, here is how to debug it: go to # the directory with problematic filesystem mounted on it, # and do /path/to/test run /path/to/test tools-nfs4.test, e.g. # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test # # Output should be obvious. if [ $(sysctl -n kern.features.ufs_acl 2>/dev/null || echo 0) -eq 0 ]; then echo "1..0 # SKIP system does not have UFS ACL support" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi echo "1..4" TESTDIR=$(dirname $(realpath $0)) # Set up the test filesystem. MD=`mdconfig -at swap -s 10m` MNT=`mktemp -dt acltools` newfs /dev/$MD > /dev/null trap "cd /; umount -f $MNT; rmdir $MNT; mdconfig -d -u $MD" EXIT mount -o nfsv4acls /dev/$MD $MNT if [ $? -ne 0 ]; then echo "not ok 1 - mount failed." echo 'Bail out!' exit 1 fi echo "ok 1" cd $MNT # First, check whether we can crash the kernel by creating too many # entries. For some reason this won't work in the test file. touch xxx setfacl -x2 xxx while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done chmod 600 xxx rm xxx echo "ok 2" if [ `sysctl -n vfs.acl_nfs4_old_semantics` = 0 ]; then perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test >&2 else perl $TESTDIR/run $TESTDIR/tools-nfs4.test >&2 fi if [ $? -eq 0 ]; then echo "ok 3" else echo "not ok 3" fi cd / echo "ok 4" Index: head/tests/sys/acl/03.sh =================================================================== --- head/tests/sys/acl/03.sh (revision 367104) +++ head/tests/sys/acl/03.sh (revision 367105) @@ -1,117 +1,116 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a wrapper script to run tools-crossfs.test between UFS without # ACLs, UFS with POSIX.1e ACLs, and ZFS with NFSv4 ACLs. # # WARNING: It uses hardcoded ZFS pool name "acltools" # # Output should be obvious. if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then echo "1..0 # SKIP system doesn't have ZFS loaded" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi echo "1..5" TESTDIR=$(dirname $(realpath $0)) MNTROOT=`mktemp -dt acltools` # Set up the test filesystems. MD1=`mdconfig -at swap -s 64m` MNT1=$MNTROOT/nfs4 mkdir $MNT1 zpool create -m $MNT1 acltools /dev/$MD1 if [ $? -ne 0 ]; then echo "not ok 1 - 'zpool create' failed." echo 'Bail out!' exit 1 fi echo "ok 1" MD2=`mdconfig -at swap -s 10m` MNT2=$MNTROOT/posix mkdir $MNT2 newfs /dev/$MD2 > /dev/null mount -o acls /dev/$MD2 $MNT2 if [ $? -ne 0 ]; then echo "not ok 2 - mount failed." echo 'Bail out!' exit 1 fi echo "ok 2" MD3=`mdconfig -at swap -s 10m` MNT3=$MNTROOT/none mkdir $MNT3 newfs /dev/$MD3 > /dev/null mount /dev/$MD3 $MNT3 if [ $? -ne 0 ]; then echo "not ok 3 - mount failed." echo 'Bail out!' exit 1 fi echo "ok 3" cd $MNTROOT perl $TESTDIR/run $TESTDIR/tools-crossfs.test >&2 if [ $? -eq 0 ]; then echo "ok 4" else echo "not ok 4" fi cd / umount -f $MNT3 rmdir $MNT3 mdconfig -du $MD3 umount -f $MNT2 rmdir $MNT2 mdconfig -du $MD2 zpool destroy -f acltools rmdir $MNT1 mdconfig -du $MD1 rmdir $MNTROOT echo "ok 5" Index: head/tests/sys/acl/04.sh =================================================================== --- head/tests/sys/acl/04.sh (revision 367104) +++ head/tests/sys/acl/04.sh (revision 367105) @@ -1,74 +1,73 @@ #!/bin/sh # # Copyright (c) 2011 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a wrapper script to run tools-nfs4-trivial.test on ZFS filesystem. # # WARNING: It uses hardcoded ZFS pool name "acltools" if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then echo "1..0 # SKIP system doesn't have ZFS loaded" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi echo "1..3" TESTDIR=$(dirname $(realpath $0)) # Set up the test filesystem. MD=`mdconfig -at swap -s 64m` MNT=`mktemp -dt acltools` zpool create -m $MNT acltools /dev/$MD if [ $? -ne 0 ]; then echo "not ok 1 - 'zpool create' failed." echo 'Bail out!' exit 1 fi echo "ok 1" cd $MNT perl $TESTDIR/run $TESTDIR/tools-nfs4-trivial.test >&2 if [ $? -eq 0 ]; then echo "ok 2" else echo "not ok 2" fi cd / zpool destroy -f acltools rmdir $MNT mdconfig -du $MD echo "ok 3" Index: head/tests/sys/acl/aclfuzzer.sh =================================================================== --- head/tests/sys/acl/aclfuzzer.sh (revision 367104) +++ head/tests/sys/acl/aclfuzzer.sh (revision 367105) @@ -1,225 +1,224 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is an NFSv4 ACL fuzzer. It expects to be run by non-root in a scratch # directory on a filesystem with NFSv4 ACLs support. Output it generates # is expected to be fed to /usr/src/tools/regression/acltools/run script. NUMBER_OF_COMMANDS=300 run_command() { echo "\$ $1" eval $1 2>&1 | sed 's/^/> /' } rnd_from_0_to() { max=`expr $1 + 1` rnd=`jot -r 1` rnd=`expr $rnd % $max` echo $rnd } rnd_path() { rnd=`rnd_from_0_to 3` case $rnd in 0) echo "$TMP/aaa" ;; 1) echo "$TMP/bbb" ;; 2) echo "$TMP/aaa/ccc" ;; 3) echo "$TMP/bbb/ddd" ;; esac } f_prepend_random_acl_on() { rnd=`rnd_from_0_to 4` case $rnd in 0) u="owner@" ;; 1) u="group@" ;; 2) u="everyone@" ;; 3) u="u:1138" ;; 4) u="g:1138" ;; esac p="" while :; do rnd=`rnd_from_0_to 30` if [ -n "$p" -a $rnd -ge 14 ]; then break; fi case $rnd in 0) p="${p}r" ;; 1) p="${p}w" ;; 2) p="${p}x" ;; 3) p="${p}p" ;; 4) p="${p}d" ;; 5) p="${p}D" ;; 6) p="${p}a" ;; 7) p="${p}A" ;; 8) p="${p}R" ;; 9) p="${p}W" ;; 10) p="${p}R" ;; 11) p="${p}c" ;; 12) p="${p}C" ;; 13) p="${p}o" ;; 14) p="${p}s" ;; esac done f="" while :; do rnd=`rnd_from_0_to 10` if [ $rnd -ge 6 ]; then break; fi case $rnd in 0) f="${f}f" ;; 1) f="${f}d" ;; 2) f="${f}n" ;; 3) f="${f}i" ;; esac done rnd=`rnd_from_0_to 1` case $rnd in 0) x="allow" ;; 1) x="deny" ;; esac acl="$u:$p:$f:$x" file=`rnd_path` run_command "setfacl -a0 $acl $file" } f_getfacl() { file=`rnd_path` run_command "getfacl -qn $file" } f_ls_mode() { file=`rnd_path` run_command "ls -al $file | sed -n '2p' | cut -d' ' -f1" } f_chmod() { b1=`rnd_from_0_to 7` b2=`rnd_from_0_to 7` b3=`rnd_from_0_to 7` b4=`rnd_from_0_to 7` file=`rnd_path` run_command "chmod $b1$b2$b3$b4 $file $2" } f_touch() { file=`rnd_path` run_command "touch $file" } f_rm() { file=`rnd_path` run_command "rm -f $file" } f_mkdir() { file=`rnd_path` run_command "mkdir $file" } f_rmdir() { file=`rnd_path` run_command "rmdir $file" } f_mv() { from=`rnd_path` to=`rnd_path` run_command "mv -f $from $to" } # XXX: To be implemented: chown(8), setting times with touch(1). switch_to_random_user() { # XXX: To be implemented. } execute_random_command() { rnd=`rnd_from_0_to 20` case $rnd in 0|10|11|12|13|15) cmd=f_prepend_random_acl_on ;; 1) cmd=f_getfacl ;; 2) cmd=f_ls_mode ;; 3) cmd=f_chmod ;; 4|18|19) cmd=f_touch ;; 5) cmd=f_rm ;; 6|16|17) cmd=f_mkdir ;; 7) cmd=f_rmdir ;; 8) cmd=f_mv ;; esac $cmd "XXX" } echo "# Fuzzing; will stop after $NUMBER_OF_COMMANDS commands." TMP="aclfuzzer_`dd if=/dev/random bs=1k count=1 2>/dev/null | openssl md5`" run_command "whoami" umask 022 run_command "umask 022" run_command "mkdir $TMP" i=0; while [ "$i" -lt "$NUMBER_OF_COMMANDS" ]; do switch_to_random_user execute_random_command i=`expr $i + 1` done run_command "find $TMP -exec setfacl -a0 everyone@:rxd:allow {} \;" run_command "rm -rfv $TMP" echo "# Fuzzed, thank you." Index: head/tests/sys/acl/mktrivial.sh =================================================================== --- head/tests/sys/acl/mktrivial.sh (revision 367104) +++ head/tests/sys/acl/mktrivial.sh (revision 367105) @@ -1,53 +1,52 @@ #!/bin/sh # # Copyright (c) 2010 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This shell script generates an input file for the "run" script, used # to verify generation of trivial ACLs. echo "$ touch f" touch f for s in `jot 7 0 7`; do for u in `jot 7 0 7`; do for g in `jot 7 0 7`; do for o in `jot 7 0 7`; do echo "$ chmod 0$s$u$g$o f" chmod "0$s$u$g$o" f echo "$ ls -l f | cut -d' ' -f1" ls -l f | cut -d' ' -f1 | sed 's/^/> /' echo "$ getfacl -q f" getfacl -q f | sed 's/^/> /' done done done done echo "$ rm f" rm f Index: head/tests/sys/acl/tools-crossfs.test =================================================================== --- head/tests/sys/acl/tools-crossfs.test (revision 367104) +++ head/tests/sys/acl/tools-crossfs.test (revision 367105) @@ -1,323 +1,322 @@ # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a tools-level test intended to verify that cp(1) and mv(1) # do the right thing with respect to ACLs. Run it as root using # ACL-enabled kernel: # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test # # You need to have three subdirectories, named nfs4, posix and none, # with filesystems with NFSv4 ACLs, POSIX.1e ACLs and no ACLs enabled, # respectively, mounted on them, in your current directory. # # WARNING: Creates files in unsafe way. $ whoami > root $ umask 022 $ touch nfs4/xxx $ getfacl -nq nfs4/xxx > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ touch posix/xxx $ getfacl -nq posix/xxx > user::rw- > group::r-- > other::r-- # mv with POSIX.1e ACLs. $ rm -f posix/xxx $ rm -f posix/yyy $ touch posix/xxx $ chmod 456 posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -r--r-xrw- $ setfacl -m u:42:x,g:43:w posix/xxx $ mv posix/xxx posix/yyy $ getfacl -nq posix/yyy > user::r-- > user:42:--x > group::r-x > group:43:-w- > mask::rwx > other::rw- $ ls -l posix/yyy | cut -d' ' -f1 > -r--rwxrw-+ # mv from POSIX.1e to none. $ rm -f posix/xxx $ rm -f none/xxx $ touch posix/xxx $ chmod 345 posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > --wxrwxr-x+ $ mv posix/xxx none/xxx > mv: failed to set acl entries for none/xxx: Operation not supported $ ls -l none/xxx | cut -d' ' -f1 > --wxrwxr-x # mv from POSIX.1e to NFSv4. $ rm -f posix/xxx $ rm -f nfs4/xxx $ touch posix/xxx $ chmod 456 posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -r--rwxrw-+ $ mv posix/yyy nfs4/xxx > mv: failed to set acl entries for nfs4/xxx: Invalid argument $ getfacl -nq nfs4/xxx > owner@:-wxp----------:-------:deny > owner@:r-----aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:rw-p--a-R-c--s:-------:allow $ ls -l nfs4/xxx | cut -d' ' -f1 > -r--rwxrw- # mv with NFSv4 ACLs. $ rm -f nfs4/xxx $ rm -f nfs4/yyy $ touch nfs4/xxx $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ mv nfs4/xxx nfs4/yyy $ getfacl -nq nfs4/yyy > user:42:--x-----------:-------:allow > group:43:-w------------:-------:allow > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ ls -l nfs4/yyy | cut -d' ' -f1 > -rw-r--r--+ # mv from NFSv4 to POSIX.1e without any ACLs. $ rm -f nfs4/xxx $ rm -f posix/xxx $ touch nfs4/xxx $ chmod 456 nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > -r--r-xrw- $ mv nfs4/xxx posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -r--r-xrw- # mv from NFSv4 to none. $ rm -f nfs4/xxx $ rm -f none/xxx $ touch nfs4/xxx $ chmod 345 nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > --wxr--r-x $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > --wxr--r-x+ $ mv nfs4/xxx none/xxx > mv: failed to set acl entries for none/xxx: Operation not supported $ ls -l none/xxx | cut -d' ' -f1 > --wxr--r-x # mv from NFSv4 to POSIX.1e. $ rm -f nfs4/xxx $ rm -f posix/xxx $ touch nfs4/xxx $ chmod 345 nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > --wxr--r-x $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > --wxr--r-x+ $ mv nfs4/xxx posix/xxx > mv: failed to set acl entries for posix/xxx: Invalid argument $ ls -l posix/xxx | cut -d' ' -f1 > --wxr--r-x # cp with POSIX.1e ACLs. $ rm -f posix/xxx $ rm -f posix/yyy $ touch posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -rw-rwxr--+ $ cp posix/xxx posix/yyy $ ls -l posix/yyy | cut -d' ' -f1 > -rw-r-xr-- # cp -p with POSIX.1e ACLs. $ rm -f posix/xxx $ rm -f posix/yyy $ touch posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ getfacl -nq posix/xxx > user::rw- > user:42:--x > group::r-- > group:43:-w- > mask::rwx > other::r-- $ ls -l posix/xxx | cut -d' ' -f1 > -rw-rwxr--+ $ cp -p posix/xxx posix/yyy $ getfacl -nq posix/yyy > user::rw- > user:42:--x > group::r-- > group:43:-w- > mask::rwx > other::r-- $ ls -l posix/yyy | cut -d' ' -f1 > -rw-rwxr--+ # cp from POSIX.1e to none. $ rm -f posix/xxx $ rm -f none/xxx $ touch posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -rw-rwxr--+ $ cp posix/xxx none/xxx $ ls -l none/xxx | cut -d' ' -f1 > -rw-r-xr-- # cp -p from POSIX.1e to none. $ rm -f posix/xxx $ rm -f none/xxx $ touch posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -rw-rwxr--+ $ cp -p posix/xxx none/xxx > cp: failed to set acl entries for none/xxx: Operation not supported $ ls -l none/xxx | cut -d' ' -f1 > -rw-rwxr-- # cp from POSIX.1e to NFSv4. $ rm -f posix/xxx $ rm -f nfs4/xxx $ touch posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -rw-rwxr--+ $ cp posix/xxx nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > -rw-r-xr-- # cp -p from POSIX.1e to NFSv4. $ rm -f posix/xxx $ rm -f nfs4/xxx $ touch posix/xxx $ setfacl -m u:42:x,g:43:w posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -rw-rwxr--+ $ cp -p posix/xxx nfs4/xxx > cp: failed to set acl entries for nfs4/xxx: Invalid argument $ ls -l nfs4/xxx | cut -d' ' -f1 > -rw-rwxr-- # cp with NFSv4 ACLs. $ rm -f nfs4/xxx $ rm -f nfs4/yyy $ touch nfs4/xxx $ chmod 543 nfs4/xxx $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > -r-xr---wx+ $ cp nfs4/xxx nfs4/yyy $ ls -l nfs4/yyy | cut -d' ' -f1 > -r-xr----x # cp -p with NFSv4 ACLs. $ rm -f nfs4/xxx $ rm -f nfs4/yyy $ touch nfs4/xxx $ chmod 543 nfs4/xxx $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ cp -p nfs4/xxx nfs4/yyy $ getfacl -nq nfs4/yyy > user:42:--x-----------:-------:allow > group:43:-w------------:-------:allow > owner@:--x-----------:-------:allow > owner@:-w-p----------:-------:deny > group@:-wxp----------:-------:deny > owner@:r-x---aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:-wxp--a-R-c--s:-------:allow $ ls -l nfs4/yyy | cut -d' ' -f1 > -r-xr---wx+ # cp from NFSv4 to none. $ rm -f nfs4/xxx $ rm -f none/xxx $ touch nfs4/xxx $ chmod 543 nfs4/xxx $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > -r-xr---wx+ $ cp nfs4/xxx none/xxx $ ls -l none/xxx | cut -d' ' -f1 > -r-xr----x # cp -p from NFSv4 to none. $ rm -f nfs4/xxx $ rm -f none/xxx $ touch nfs4/xxx $ chmod 543 nfs4/xxx $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > -r-xr---wx+ $ cp -p nfs4/xxx none/xxx > cp: failed to set acl entries for none/xxx: Operation not supported $ ls -l none/xxx | cut -d' ' -f1 > -r-xr---wx # cp from NFSv4 to POSIX.1e. $ rm -f nfs4/xxx $ rm -f posix/xxx $ touch nfs4/xxx $ chmod 543 nfs4/xxx $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > -r-xr---wx+ $ cp nfs4/xxx posix/xxx $ ls -l posix/xxx | cut -d' ' -f1 > -r-xr----x # cp -p from NFSv4 to POSIX.1e. $ rm -f nfs4/xxx $ rm -f posix/xxx $ touch nfs4/xxx $ chmod 543 nfs4/xxx $ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx $ ls -l nfs4/xxx | cut -d' ' -f1 > -r-xr---wx+ $ cp -p nfs4/xxx posix/xxx > cp: failed to set acl entries for posix/xxx: Invalid argument $ ls -l posix/xxx | cut -d' ' -f1 > -r-xr---wx Index: head/tests/sys/acl/tools-nfs4-psarc.test =================================================================== --- head/tests/sys/acl/tools-nfs4-psarc.test (revision 367104) +++ head/tests/sys/acl/tools-nfs4-psarc.test (revision 367105) @@ -1,585 +1,584 @@ # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a tools-level test for NFSv4 ACL functionality with PSARC/2010/029 # semantics. Run it as root using ACL-enabled kernel: # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4-psarc.test # # WARNING: Creates files in unsafe way. $ whoami > root $ umask 022 # Smoke test for getfacl(1). $ touch xxx $ getfacl xxx > # file: xxx > # owner: root > # group: wheel > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ getfacl -q xxx > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow # Check verbose mode formatting. $ getfacl -v xxx > # file: xxx > # owner: root > # group: wheel > owner@:read_data/write_data/append_data/read_attributes/write_attributes/read_xattr/write_xattr/read_acl/write_acl/write_owner/synchronize::allow > group@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow > everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow # Test setfacl -a. $ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Test user and group name resolving. $ rm xxx $ touch xxx $ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx $ getfacl xxx > # file: xxx > # owner: root > # group: wheel > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > user:root:-----------C--:-------:allow > group:daemon:----------c---:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Check whether ls correctly marks files with "+". $ ls -l xxx | cut -d' ' -f1 > -rw-r--r--+ # Test removing entries by number. $ setfacl -x 1 xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:rw-p--aARWcCos:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Test setfacl -m. $ setfacl -a0 everyone@:rwx:deny xxx $ setfacl -a0 everyone@:rwx:deny xxx $ setfacl -a0 everyone@:rwx:deny xxx $ setfacl -m everyone@::deny xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > owner@:rw-p--aARWcCos:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Test getfacl -i. $ getfacl -i xxx > # file: xxx > # owner: root > # group: wheel > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > owner@:rw-p--aARWcCos:-------:allow > user:root:-----------C--:-------:allow:0 > group:daemon:----------c---:-------:deny:1 > everyone@:r-----a-R-c--s:-------:allow # Make sure cp without any flags does not copy copy the ACL. $ cp xxx yyy $ ls -l yyy | cut -d' ' -f1 > -rw-r--r-- # Make sure it does with the "-p" flag. $ rm yyy $ cp -p xxx yyy $ getfacl -n yyy > # file: yyy > # owner: root > # group: wheel > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > owner@:rw-p--aARWcCos:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ rm yyy # Test removing entries by... by example? $ setfacl -x everyone@::deny xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:rw-p--aARWcCos:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Test setfacl -b. $ setfacl -b xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > -rw-r--r-- # Check setfacl(1) and getfacl(1) with multiple files. $ touch xxx yyy zzz $ ls -l xxx yyy zzz | cut -d' ' -f1 > -rw-r--r-- > -rw-r--r-- > -rw-r--r-- $ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz > setfacl: nnn: acl_get_file() failed: No such file or directory $ ls -l nnn xxx yyy zzz | cut -d' ' -f1 > ls: nnn: No such file or directory > -rw-r--r--+ > -rw-r--r--+ > -rw-r--r--+ $ getfacl -nq nnn xxx yyy zzz > getfacl: nnn: stat() failed: No such file or directory > user:42:--x-----------:-------:allow > group:43:-w------------:-------:allow > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow > > user:42:--x-----------:-------:allow > group:43:-w------------:-------:allow > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow > > user:42:--x-----------:-------:allow > group:43:-w------------:-------:allow > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ setfacl -b nnn xxx yyy zzz > setfacl: nnn: acl_get_file() failed: No such file or directory $ ls -l nnn xxx yyy zzz | cut -d' ' -f1 > ls: nnn: No such file or directory > -rw-r--r-- > -rw-r--r-- > -rw-r--r-- $ rm xxx yyy zzz # Test applying mode to an ACL. $ touch xxx $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx $ chmod 600 xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:rw-p--aARWcCos:-------:allow > group@:------a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > -rw------- $ rm xxx $ touch xxx $ chown 42 xxx $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx $ chmod 600 xxx $ getfacl -n xxx > # file: xxx > # owner: 42 > # group: wheel > owner@:rw-p--aARWcCos:-------:allow > group@:------a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > -rw------- $ rm xxx $ touch xxx $ chown 43 xxx $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx $ chmod 124 xxx $ getfacl -n xxx > # file: xxx > # owner: 43 > # group: wheel > owner@:rw-p----------:-------:deny > group@:r-------------:-------:deny > owner@:--x---aARWcCos:-------:allow > group@:-w-p--a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > ---x-w-r-- $ rm xxx $ touch xxx $ chown 43 xxx $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx $ chmod 412 xxx $ getfacl -n xxx > # file: xxx > # owner: 43 > # group: wheel > owner@:-wxp----------:-------:deny > group@:-w-p----------:-------:deny > owner@:r-----aARWcCos:-------:allow > group@:--x---a-R-c--s:-------:allow > everyone@:-w-p--a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > -r----x-w- $ mkdir ddd $ setfacl -a0 group:44:rwapd:allow ddd $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd $ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd $ getfacl -n ddd > # file: ddd > # owner: root > # group: wheel > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-d-----:allow > group:43:-w--D---------:-d-----:deny > group@:-----da-------:-------:allow > group:44:rw-p-da-------:-------:allow > owner@:rwxp--aARWcCos:-------:allow > group@:r-x---a-R-c--s:-------:allow > everyone@:-w-p--a-R-c--s:f-i----:allow $ chmod 777 ddd $ getfacl -n ddd > # file: ddd > # owner: root > # group: wheel > owner@:rwxp--aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:rwxp--a-R-c--s:-------:allow # Test applying ACL to mode. $ rmdir ddd $ mkdir ddd $ setfacl -a0 u:42:rwx:fi:allow ddd $ ls -ld ddd | cut -d' ' -f1 > drwxr-xr-x+ $ rmdir ddd $ mkdir ddd $ chmod 0 ddd $ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd $ ls -ld ddd | cut -d' ' -f1 > dr----x---+ $ rmdir ddd $ mkdir ddd $ chmod 0 ddd $ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd $ ls -ld ddd | cut -d' ' -f1 > dr---wx---+ $ rmdir ddd $ mkdir ddd $ chmod 0 ddd $ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd $ ls -ld ddd | cut -d' ' -f1 > dr--------+ $ rmdir ddd $ mkdir ddd $ chmod 0 ddd $ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd $ ls -ld ddd | cut -d' ' -f1 > dr--------+ # Test inheritance. $ rmdir ddd $ mkdir ddd $ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd $ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd $ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd $ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd $ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd $ getfacl -qn ddd > user:41:-w-----A------:f--n---:allow > group:41:r-----a-------:-din---:allow > user:42:-----------Co-:f-i----:allow > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-d-n---:deny > group:43:-w---------C--:f-in---:deny > user:43:rwxp----------:-------:allow > owner@:rwxp--aARWcCos:-------:allow > group@:r-x---a-R-c--s:-------:allow > everyone@:r-x---a-R-c--s:-------:allow $ cd ddd $ touch xxx $ getfacl -qn xxx > user:41:--------------:------I:allow > user:42:--------------:------I:allow > user:42:r-------------:------I:allow > group:43:-w---------C--:------I:deny > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ rm xxx $ umask 077 $ touch xxx $ getfacl -qn xxx > user:41:--------------:------I:allow > user:42:--------------:------I:allow > user:42:--------------:------I:allow > group:43:-w---------C--:------I:deny > owner@:rw-p--aARWcCos:-------:allow > group@:------a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow $ rm xxx $ umask 770 $ touch xxx $ getfacl -qn xxx > owner@:rw-p----------:-------:deny > group@:rw-p----------:-------:deny > user:41:--------------:------I:allow > user:42:--------------:------I:allow > user:42:--------------:------I:allow > group:43:-w---------C--:------I:deny > owner@:------aARWcCos:-------:allow > group@:------a-R-c--s:-------:allow > everyone@:rw-p--a-R-c--s:-------:allow $ rm xxx $ umask 707 $ touch xxx $ getfacl -qn xxx > owner@:rw-p----------:-------:deny > user:41:-w------------:------I:allow > user:42:--------------:------I:allow > user:42:r-------------:------I:allow > group:43:-w---------C--:------I:deny > owner@:------aARWcCos:-------:allow > group@:rw-p--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow $ umask 077 $ mkdir yyy $ getfacl -qn yyy > group:41:------a-------:------I:allow > user:42:-----------Co-:f-i---I:allow > user:42:r-x-----------:f-i---I:allow > group:42:-w--D---------:------I:deny > owner@:rwxp--aARWcCos:-------:allow > group@:------a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow $ rmdir yyy $ umask 770 $ mkdir yyy $ getfacl -qn yyy > owner@:rwxp----------:-------:deny > group@:rwxp----------:-------:deny > group:41:------a-------:------I:allow > user:42:-----------Co-:f-i---I:allow > user:42:r-x-----------:f-i---I:allow > group:42:-w--D---------:------I:deny > owner@:------aARWcCos:-------:allow > group@:------a-R-c--s:-------:allow > everyone@:rwxp--a-R-c--s:-------:allow $ rmdir yyy $ umask 707 $ mkdir yyy $ getfacl -qn yyy > owner@:rwxp----------:-------:deny > group:41:r-----a-------:------I:allow > user:42:-----------Co-:f-i---I:allow > user:42:r-x-----------:f-i---I:allow > group:42:-w--D---------:------I:deny > owner@:------aARWcCos:-------:allow > group@:rwxp--a-R-c--s:-------:allow > everyone@:------a-R-c--s:-------:allow # There is some complication regarding how write_acl and write_owner flags # get inherited. Make sure we got it right. $ setfacl -b . $ setfacl -a0 u:42:Co:f:allow . $ setfacl -a0 u:43:Co:d:allow . $ setfacl -a0 u:44:Co:fd:allow . $ setfacl -a0 u:45:Co:fi:allow . $ setfacl -a0 u:46:Co:di:allow . $ setfacl -a0 u:47:Co:fdi:allow . $ setfacl -a0 u:48:Co:fn:allow . $ setfacl -a0 u:49:Co:dn:allow . $ setfacl -a0 u:50:Co:fdn:allow . $ setfacl -a0 u:51:Co:fni:allow . $ setfacl -a0 u:52:Co:dni:allow . $ setfacl -a0 u:53:Co:fdni:allow . $ umask 022 $ rm xxx $ touch xxx $ getfacl -nq xxx > user:53:--------------:------I:allow > user:51:--------------:------I:allow > user:50:--------------:------I:allow > user:48:--------------:------I:allow > user:47:--------------:------I:allow > user:45:--------------:------I:allow > user:44:--------------:------I:allow > user:42:--------------:------I:allow > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ rmdir yyy $ mkdir yyy $ getfacl -nq yyy > user:53:--------------:------I:allow > user:52:--------------:------I:allow > user:50:--------------:------I:allow > user:49:--------------:------I:allow > user:47:--------------:fd----I:allow > user:46:--------------:-d----I:allow > user:45:-----------Co-:f-i---I:allow > user:44:--------------:fd----I:allow > user:43:--------------:-d----I:allow > user:42:-----------Co-:f-i---I:allow > owner@:rwxp--aARWcCos:-------:allow > group@:r-x---a-R-c--s:-------:allow > everyone@:r-x---a-R-c--s:-------:allow $ setfacl -b . $ setfacl -a0 u:42:Co:f:deny . $ setfacl -a0 u:43:Co:d:deny . $ setfacl -a0 u:44:Co:fd:deny . $ setfacl -a0 u:45:Co:fi:deny . $ setfacl -a0 u:46:Co:di:deny . $ setfacl -a0 u:47:Co:fdi:deny . $ setfacl -a0 u:48:Co:fn:deny . $ setfacl -a0 u:49:Co:dn:deny . $ setfacl -a0 u:50:Co:fdn:deny . $ setfacl -a0 u:51:Co:fni:deny . $ setfacl -a0 u:52:Co:dni:deny . $ setfacl -a0 u:53:Co:fdni:deny . $ umask 022 $ rm xxx $ touch xxx $ getfacl -nq xxx > user:53:-----------Co-:------I:deny > user:51:-----------Co-:------I:deny > user:50:-----------Co-:------I:deny > user:48:-----------Co-:------I:deny > user:47:-----------Co-:------I:deny > user:45:-----------Co-:------I:deny > user:44:-----------Co-:------I:deny > user:42:-----------Co-:------I:deny > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow $ rmdir yyy $ mkdir yyy $ getfacl -nq yyy > user:53:-----------Co-:------I:deny > user:52:-----------Co-:------I:deny > user:50:-----------Co-:------I:deny > user:49:-----------Co-:------I:deny > user:47:-----------Co-:fd----I:deny > user:46:-----------Co-:-d----I:deny > user:45:-----------Co-:f-i---I:deny > user:44:-----------Co-:fd----I:deny > user:43:-----------Co-:-d----I:deny > user:42:-----------Co-:f-i---I:deny > owner@:rwxp--aARWcCos:-------:allow > group@:r-x---a-R-c--s:-------:allow > everyone@:r-x---a-R-c--s:-------:allow $ rmdir yyy $ rm xxx $ cd .. $ rmdir ddd $ rm xxx # Test basic recursive setting of ACLs. $ mkdir ddd $ touch ddd/xxx $ mkdir ddd/eee $ touch ddd/eee/yyy $ setfacl -R -m owner@:full_set:f:allow,group@:full_set::allow,everyone@:full_set::allow ddd $ getfacl -q ddd > owner@:rwxpDdaARWcCos:f------:allow > group@:rwxpDdaARWcCos:-------:allow > everyone@:rwxpDdaARWcCos:-------:allow $ getfacl -q ddd/xxx > owner@:rwxpDdaARWcCos:-------:allow > group@:rwxpDdaARWcCos:-------:allow > everyone@:rwxpDdaARWcCos:-------:allow $ getfacl -q ddd/eee > owner@:rwxpDdaARWcCos:f------:allow > group@:rwxpDdaARWcCos:-------:allow > everyone@:rwxpDdaARWcCos:-------:allow $ getfacl -q ddd/eee/yyy > owner@:rwxpDdaARWcCos:-------:allow > group@:rwxpDdaARWcCos:-------:allow > everyone@:rwxpDdaARWcCos:-------:allow $ rm -r ddd Index: head/tests/sys/acl/tools-nfs4-trivial.test =================================================================== --- head/tests/sys/acl/tools-nfs4-trivial.test (revision 367104) +++ head/tests/sys/acl/tools-nfs4-trivial.test (revision 367105) @@ -1,82 +1,81 @@ # Copyright (c) 2011 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a tools-level test for acl_is_trivial_np(3). Run it as root on ZFS. # Note that this does not work on UFS with NFSv4 ACLs enabled - UFS recognizes # both kind of trivial ACLs and replaces it by the default one. # # WARNING: Creates files in unsafe way. $ whoami > root $ umask 022 # Check whether ls(1) correctly recognizes PSARC/2010/029-style trivial ACLs. $ touch xxx $ ls -l xxx | cut -d' ' -f1 > -rw-r--r-- $ getfacl -q xxx > owner@:rw-p--aARWcCos:-------:allow > group@:r-----a-R-c--s:-------:allow > everyone@:r-----a-R-c--s:-------:allow # Check whether ls(1) correctly recognizes draft-style trivial ACLs. $ rm xxx $ touch xxx $ setfacl -a0 owner@:x:deny,owner@:rwpAWCo:allow,group@:wxp:deny,group@:r:allow,everyone@:wxpAWCo:deny,everyone@:raRcs:allow xxx $ setfacl -x5 xxx $ setfacl -x5 xxx $ setfacl -x5 xxx $ ls -l xxx | cut -d' ' -f1 > -rw-r--r-- $ getfacl -q xxx > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Make sure ls(1) actually can recognize something as non-trivial. $ setfacl -x0 xxx $ ls -l xxx | cut -d' ' -f1 > -rw-r--r--+ $ getfacl -q xxx > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ rm xxx Index: head/tests/sys/acl/tools-nfs4.test =================================================================== --- head/tests/sys/acl/tools-nfs4.test (revision 367104) +++ head/tests/sys/acl/tools-nfs4.test (revision 367105) @@ -1,863 +1,862 @@ # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a tools-level test for NFSv4 ACL functionality. Run it as root # using ACL-enabled kernel: # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test # # WARNING: Creates files in unsafe way. $ whoami > root $ umask 022 # Smoke test for getfacl(1). $ touch xxx $ getfacl xxx > # file: xxx > # owner: root > # group: wheel > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ getfacl -q xxx > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Check verbose mode formatting. $ getfacl -v xxx > # file: xxx > # owner: root > # group: wheel > owner@:execute::deny > owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow > group@:write_data/execute/append_data::deny > group@:read_data::allow > everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny > everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow # Test setfacl -a. $ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Test user and group name resolving. $ rm xxx $ touch xxx $ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx $ getfacl xxx > # file: xxx > # owner: root > # group: wheel > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > user:root:-----------C--:-------:allow > group:daemon:----------c---:-------:deny > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Check whether ls correctly marks files with "+". $ ls -l xxx | cut -d' ' -f1 > -rw-r--r--+ # Test removing entries by number. $ setfacl -x 4 xxx $ setfacl -x 4 xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Test setfacl -m. $ setfacl -a0 everyone@:rwx:deny xxx $ setfacl -a0 everyone@:rwx:deny xxx $ setfacl -a0 everyone@:rwx:deny xxx $ setfacl -m everyone@::deny xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:--------------:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Test getfacl -i. $ getfacl -i xxx > # file: xxx > # owner: root > # group: wheel > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > user:root:-----------C--:-------:allow:0 > group:daemon:----------c---:-------:deny:1 > everyone@:--------------:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Make sure cp without any flags does not copy copy the ACL. $ cp xxx yyy $ ls -l yyy | cut -d' ' -f1 > -rw-r--r-- # Make sure it does with the "-p" flag. $ rm yyy $ cp -p xxx yyy $ getfacl -n yyy > # file: yyy > # owner: root > # group: wheel > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > everyone@:--------------:-------:deny > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:--------------:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ rm yyy # Test removing entries by... by example? $ setfacl -x everyone@::deny xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > user:0:-----------C--:-------:allow > group:1:----------c---:-------:deny > everyone@:r-----a-R-c--s:-------:allow # Test setfacl -b. $ setfacl -b xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > -rw-r--r-- # Check setfacl(1) and getfacl(1) with multiple files. $ touch xxx yyy zzz $ ls -l xxx yyy zzz | cut -d' ' -f1 > -rw-r--r-- > -rw-r--r-- > -rw-r--r-- $ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz > setfacl: nnn: acl_get_file() failed: No such file or directory $ ls -l nnn xxx yyy zzz | cut -d' ' -f1 > ls: nnn: No such file or directory > -rw-r--r--+ > -rw-r--r--+ > -rw-r--r--+ $ getfacl -nq nnn xxx yyy zzz > getfacl: nnn: stat() failed: No such file or directory > user:42:--x-----------:-------:allow > group:43:-w------------:-------:allow > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow > > user:42:--x-----------:-------:allow > group:43:-w------------:-------:allow > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow > > user:42:--x-----------:-------:allow > group:43:-w------------:-------:allow > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ setfacl -b nnn xxx yyy zzz > setfacl: nnn: acl_get_file() failed: No such file or directory $ ls -l nnn xxx yyy zzz | cut -d' ' -f1 > ls: nnn: No such file or directory > -rw-r--r-- > -rw-r--r-- > -rw-r--r-- $ rm xxx yyy zzz # Test applying mode to an ACL. $ touch xxx $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx $ chmod 600 xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user:42:r-------------:-------:deny > user:42:r-------------:-------:allow > user:43:-w------------:-------:deny > user:43:-w------------:-------:allow > user:44:--x-----------:-------:deny > user:44:--x-----------:-------:allow > owner@:--------------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:--------------:-------:deny > group@:--------------:-------:allow > everyone@:-------A-W-Co-:-------:deny > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:rwxp----------:-------:deny > group@:--------------:-------:allow > everyone@:rwxp---A-W-Co-:-------:deny > everyone@:------a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > -rw-------+ $ rm xxx $ touch xxx $ chown 42 xxx $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx $ chmod 600 xxx $ getfacl -n xxx > # file: xxx > # owner: 42 > # group: wheel > user:42:--------------:-------:deny > user:42:r-------------:-------:allow > user:43:-w------------:-------:deny > user:43:-w------------:-------:allow > user:44:--x-----------:-------:deny > user:44:--x-----------:-------:allow > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:rwxp----------:-------:deny > group@:--------------:-------:allow > everyone@:rwxp---A-W-Co-:-------:deny > everyone@:------a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > -rw-------+ $ rm xxx $ touch xxx $ chown 43 xxx $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx $ chmod 124 xxx $ getfacl -n xxx > # file: xxx > # owner: 43 > # group: wheel > user:42:r-------------:-------:deny > user:42:r-------------:-------:allow > user:43:-w------------:-------:deny > user:43:-w------------:-------:allow > user:44:--x-----------:-------:deny > user:44:--x-----------:-------:allow > owner@:rw-p----------:-------:deny > owner@:--x----A-W-Co-:-------:allow > group@:r-x-----------:-------:deny > group@:-w-p----------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > ---x-w-r--+ $ rm xxx $ touch xxx $ chown 43 xxx $ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx $ chmod 412 xxx $ getfacl -n xxx > # file: xxx > # owner: 43 > # group: wheel > user:42:r-------------:-------:deny > user:42:r-------------:-------:allow > user:43:-w------------:-------:deny > user:43:-w------------:-------:allow > user:44:--------------:-------:deny > user:44:--x-----------:-------:allow > owner@:-wxp----------:-------:deny > owner@:r------A-W-Co-:-------:allow > group@:rw-p----------:-------:deny > group@:--x-----------:-------:allow > everyone@:r-x----A-W-Co-:-------:deny > everyone@:-w-p--a-R-c--s:-------:allow $ ls -l xxx | cut -d' ' -f1 > -r----x-w-+ $ mkdir ddd $ setfacl -a0 group:44:rwapd:allow ddd $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd $ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd $ getfacl -n ddd > # file: ddd > # owner: root > # group: wheel > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-d-----:allow > group:43:-w--D---------:-d-----:deny > group@:-----da-------:-------:allow > group:44:rw-p-da-------:-------:allow > owner@:--------------:-------:deny > owner@:rwxp---A-W-Co-:-------:allow > group@:-w-p----------:-------:deny > group@:r-x-----------:-------:allow > everyone@:-w-p---A-W-Co-:-------:deny > everyone@:-w-p--a-R-c--s:f-i----:allow $ chmod 777 ddd $ getfacl -n ddd > # file: ddd > # owner: root > # group: wheel > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-di----:allow > group:42:--------------:-------:deny > group:42:-w--D---------:-------:allow > group:43:-w--D---------:-di----:deny > group:43:-w--D---------:-------:deny > group@:-----da-------:-------:allow > group:44:--------------:-------:deny > group:44:rw-p-da-------:-------:allow > owner@:--------------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:--------------:-------:deny > group@:--------------:-------:allow > everyone@:-------A-W-Co-:-------:deny > everyone@:-w-p--a-R-c--s:f-i----:allow > owner@:--------------:-------:deny > owner@:rwxp---A-W-Co-:-------:allow > group@:--------------:-------:deny > group@:rwxp----------:-------:allow > everyone@:-------A-W-Co-:-------:deny > everyone@:rwxp--a-R-c--s:-------:allow $ rmdir ddd $ mkdir ddd $ setfacl -a0 group:44:rwapd:allow ddd $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd $ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd $ chmod 124 ddd $ getfacl -n ddd > # file: ddd > # owner: root > # group: wheel > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-di----:allow > group:42:--------------:-------:deny > group:42:----D---------:-------:allow > group:43:-w--D---------:-di----:deny > group:43:-w--D---------:-------:deny > group@:-----da-------:-------:allow > group:44:r-------------:-------:deny > group:44:r----da-------:-------:allow > owner@:--------------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:--------------:-------:deny > group@:--------------:-------:allow > everyone@:-------A-W-Co-:-------:deny > everyone@:-w-p--a-R-c--s:f-i----:allow > owner@:rw-p----------:-------:deny > owner@:--x----A-W-Co-:-------:allow > group@:r-x-----------:-------:deny > group@:-w-p----------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ rmdir ddd $ mkdir ddd $ setfacl -a0 group:44:rwapd:allow ddd $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd $ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd $ chmod 412 ddd $ getfacl -n ddd > # file: ddd > # owner: root > # group: wheel > user:42:r-------------:-------:deny > user:42:r-x-----------:-------:allow > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-di----:allow > group:42:-w------------:-------:deny > group:42:-w--D---------:-------:allow > group:43:-w--D---------:-di----:deny > group:43:-w--D---------:-------:deny > group@:-----da-------:-------:allow > group:44:rw-p----------:-------:deny > group:44:rw-p-da-------:-------:allow > owner@:--------------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:--------------:-------:deny > group@:--------------:-------:allow > everyone@:-------A-W-Co-:-------:deny > everyone@:-w-p--a-R-c--s:f-i----:allow > owner@:-wxp----------:-------:deny > owner@:r------A-W-Co-:-------:allow > group@:rw-p----------:-------:deny > group@:--x-----------:-------:allow > everyone@:r-x----A-W-Co-:-------:deny > everyone@:-w-p--a-R-c--s:-------:allow $ rmdir ddd $ mkdir ddd $ setfacl -a0 group:44:rwapd:allow ddd $ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd $ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd $ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd $ chown 42 ddd $ chmod 412 ddd $ getfacl -n ddd > # file: ddd > # owner: 42 > # group: wheel > user:42:--x-----------:-------:deny > user:42:r-x-----------:-------:allow > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-di----:allow > group:42:-w------------:-------:deny > group:42:-w--D---------:-------:allow > group:43:-w--D---------:-di----:deny > group:43:-w--D---------:-------:deny > group@:-----da-------:-------:allow > group:44:rw-p----------:-------:deny > group:44:rw-p-da-------:-------:allow > owner@:--------------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:--------------:-------:deny > group@:--------------:-------:allow > everyone@:-------A-W-Co-:-------:deny > everyone@:-w-p--a-R-c--s:f-i----:allow > owner@:-wxp----------:-------:deny > owner@:r------A-W-Co-:-------:allow > group@:rw-p----------:-------:deny > group@:--x-----------:-------:allow > everyone@:r-x----A-W-Co-:-------:deny > everyone@:-w-p--a-R-c--s:-------:allow # Test applying ACL to mode. $ rmdir ddd $ mkdir ddd $ setfacl -a0 u:42:rwx:fi:allow ddd $ ls -ld ddd | cut -d' ' -f1 > drwxr-xr-x+ $ rmdir ddd $ mkdir ddd $ chmod 0 ddd $ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd $ ls -ld ddd | cut -d' ' -f1 > dr----x---+ $ rmdir ddd $ mkdir ddd $ chmod 0 ddd $ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd $ ls -ld ddd | cut -d' ' -f1 > dr---wx---+ $ rmdir ddd $ mkdir ddd $ chmod 0 ddd $ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd $ ls -ld ddd | cut -d' ' -f1 > dr--------+ $ rmdir ddd $ mkdir ddd $ chmod 0 ddd $ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd $ ls -ld ddd | cut -d' ' -f1 > dr--------+ # Test inheritance. $ rmdir ddd $ mkdir ddd $ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd $ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd $ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd $ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd $ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd $ getfacl -qn ddd > user:41:-w-----A------:f--n---:allow > group:41:r-----a-------:-din---:allow > user:42:-----------Co-:f-i----:allow > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-d-n---:deny > group:43:-w---------C--:f-in---:deny > user:43:rwxp----------:-------:allow > owner@:--------------:-------:deny > owner@:rwxp---A-W-Co-:-------:allow > group@:-w-p----------:-------:deny > group@:r-x-----------:-------:allow > everyone@:-w-p---A-W-Co-:-------:deny > everyone@:r-x---a-R-c--s:-------:allow $ cd ddd $ touch xxx $ getfacl -qn xxx > user:41:-w------------:-------:deny > user:41:-w-----A------:-------:allow > user:42:--------------:-------:deny > user:42:--------------:-------:allow > user:42:--x-----------:-------:deny > user:42:r-x-----------:-------:allow > group:43:-w---------C--:-------:deny > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ rm xxx $ umask 077 $ touch xxx $ getfacl -qn xxx > user:41:-w------------:-------:deny > user:41:-w-----A------:-------:allow > user:42:--------------:-------:deny > user:42:--------------:-------:allow > user:42:r-x-----------:-------:deny > user:42:r-x-----------:-------:allow > group:43:-w---------C--:-------:deny > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:rwxp----------:-------:deny > group@:--------------:-------:allow > everyone@:rwxp---A-W-Co-:-------:deny > everyone@:------a-R-c--s:-------:allow $ rm xxx $ umask 770 $ touch xxx $ getfacl -qn xxx > user:41:-w------------:-------:deny > user:41:-w-----A------:-------:allow > user:42:--------------:-------:deny > user:42:--------------:-------:allow > user:42:r-x-----------:-------:deny > user:42:r-x-----------:-------:allow > group:43:-w---------C--:-------:deny > owner@:rwxp----------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:rwxp----------:-------:deny > group@:--------------:-------:allow > everyone@:--x----A-W-Co-:-------:deny > everyone@:rw-p--a-R-c--s:-------:allow $ rm xxx $ umask 707 $ touch xxx $ getfacl -qn xxx > user:41:--------------:-------:deny > user:41:-w-----A------:-------:allow > user:42:--------------:-------:deny > user:42:--------------:-------:allow > user:42:--x-----------:-------:deny > user:42:r-x-----------:-------:allow > group:43:-w---------C--:-------:deny > owner@:rwxp----------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:--x-----------:-------:deny > group@:rw-p----------:-------:allow > everyone@:rwxp---A-W-Co-:-------:deny > everyone@:------a-R-c--s:-------:allow $ umask 077 $ mkdir yyy $ getfacl -qn yyy > group:41:r-------------:-------:deny > group:41:r-----a-------:-------:allow > user:42:-----------Co-:f-i----:allow > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-------:deny > owner@:--------------:-------:deny > owner@:rwxp---A-W-Co-:-------:allow > group@:rwxp----------:-------:deny > group@:--------------:-------:allow > everyone@:rwxp---A-W-Co-:-------:deny > everyone@:------a-R-c--s:-------:allow $ rmdir yyy $ umask 770 $ mkdir yyy $ getfacl -qn yyy > group:41:r-------------:-------:deny > group:41:r-----a-------:-------:allow > user:42:-----------Co-:f-i----:allow > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-------:deny > owner@:rwxp----------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:rwxp----------:-------:deny > group@:--------------:-------:allow > everyone@:-------A-W-Co-:-------:deny > everyone@:rwxp--a-R-c--s:-------:allow $ rmdir yyy $ umask 707 $ mkdir yyy $ getfacl -qn yyy > group:41:--------------:-------:deny > group:41:------a-------:-------:allow > user:42:-----------Co-:f-i----:allow > user:42:r-x-----------:f-i----:allow > group:42:-w--D---------:-------:deny > owner@:rwxp----------:-------:deny > owner@:-------A-W-Co-:-------:allow > group@:--------------:-------:deny > group@:rwxp----------:-------:allow > everyone@:rwxp---A-W-Co-:-------:deny > everyone@:------a-R-c--s:-------:allow # There is some complication regarding how write_acl and write_owner flags # get inherited. Make sure we got it right. $ setfacl -b . $ setfacl -a0 u:42:Co:f:allow . $ setfacl -a0 u:43:Co:d:allow . $ setfacl -a0 u:44:Co:fd:allow . $ setfacl -a0 u:45:Co:fi:allow . $ setfacl -a0 u:46:Co:di:allow . $ setfacl -a0 u:47:Co:fdi:allow . $ setfacl -a0 u:48:Co:fn:allow . $ setfacl -a0 u:49:Co:dn:allow . $ setfacl -a0 u:50:Co:fdn:allow . $ setfacl -a0 u:51:Co:fni:allow . $ setfacl -a0 u:52:Co:dni:allow . $ setfacl -a0 u:53:Co:fdni:allow . $ umask 022 $ rm xxx $ touch xxx $ getfacl -nq xxx > user:53:--------------:-------:deny > user:53:--------------:-------:allow > user:51:--------------:-------:deny > user:51:--------------:-------:allow > user:50:--------------:-------:deny > user:50:--------------:-------:allow > user:48:--------------:-------:deny > user:48:--------------:-------:allow > user:47:--------------:-------:deny > user:47:--------------:-------:allow > user:45:--------------:-------:deny > user:45:--------------:-------:allow > user:44:--------------:-------:deny > user:44:--------------:-------:allow > user:42:--------------:-------:deny > user:42:--------------:-------:allow > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ rmdir yyy $ mkdir yyy $ getfacl -nq yyy > user:53:--------------:-------:deny > user:53:--------------:-------:allow > user:52:--------------:-------:deny > user:52:--------------:-------:allow > user:50:--------------:-------:deny > user:50:--------------:-------:allow > user:49:--------------:-------:deny > user:49:--------------:-------:allow > user:47:-----------Co-:fdi----:allow > user:47:--------------:-------:deny > user:47:--------------:-------:allow > user:46:-----------Co-:-di----:allow > user:46:--------------:-------:deny > user:46:--------------:-------:allow > user:45:-----------Co-:f-i----:allow > user:44:-----------Co-:fdi----:allow > user:44:--------------:-------:deny > user:44:--------------:-------:allow > user:43:-----------Co-:-di----:allow > user:43:--------------:-------:deny > user:43:--------------:-------:allow > user:42:-----------Co-:f-i----:allow > owner@:--------------:-------:deny > owner@:rwxp---A-W-Co-:-------:allow > group@:-w-p----------:-------:deny > group@:r-x-----------:-------:allow > everyone@:-w-p---A-W-Co-:-------:deny > everyone@:r-x---a-R-c--s:-------:allow $ setfacl -b . $ setfacl -a0 u:42:Co:f:deny . $ setfacl -a0 u:43:Co:d:deny . $ setfacl -a0 u:44:Co:fd:deny . $ setfacl -a0 u:45:Co:fi:deny . $ setfacl -a0 u:46:Co:di:deny . $ setfacl -a0 u:47:Co:fdi:deny . $ setfacl -a0 u:48:Co:fn:deny . $ setfacl -a0 u:49:Co:dn:deny . $ setfacl -a0 u:50:Co:fdn:deny . $ setfacl -a0 u:51:Co:fni:deny . $ setfacl -a0 u:52:Co:dni:deny . $ setfacl -a0 u:53:Co:fdni:deny . $ umask 022 $ rm xxx $ touch xxx $ getfacl -nq xxx > user:53:-----------Co-:-------:deny > user:51:-----------Co-:-------:deny > user:50:-----------Co-:-------:deny > user:48:-----------Co-:-------:deny > user:47:-----------Co-:-------:deny > user:45:-----------Co-:-------:deny > user:44:-----------Co-:-------:deny > user:42:-----------Co-:-------:deny > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow $ rmdir yyy $ mkdir yyy $ getfacl -nq yyy > user:53:-----------Co-:-------:deny > user:52:-----------Co-:-------:deny > user:50:-----------Co-:-------:deny > user:49:-----------Co-:-------:deny > user:47:-----------Co-:fdi----:deny > user:47:-----------Co-:-------:deny > user:46:-----------Co-:-di----:deny > user:46:-----------Co-:-------:deny > user:45:-----------Co-:f-i----:deny > user:44:-----------Co-:fdi----:deny > user:44:-----------Co-:-------:deny > user:43:-----------Co-:-di----:deny > user:43:-----------Co-:-------:deny > user:42:-----------Co-:f-i----:deny > owner@:--------------:-------:deny > owner@:rwxp---A-W-Co-:-------:allow > group@:-w-p----------:-------:deny > group@:r-x-----------:-------:allow > everyone@:-w-p---A-W-Co-:-------:deny > everyone@:r-x---a-R-c--s:-------:allow $ rmdir yyy $ rm xxx $ cd .. $ rmdir ddd $ rm xxx # Test basic recursive setting of ACLs. $ mkdir ddd $ touch ddd/xxx $ mkdir ddd/eee $ touch ddd/eee/yyy $ setfacl -R -m owner@:full_set:f:allow,group@:full_set::allow,everyone@:full_set::allow ddd $ getfacl -q ddd > owner@:--------------:-------:deny > owner@:rwxpDdaARWcCos:f------:allow > group@:-w-p----------:-------:deny > group@:rwxpDdaARWcCos:-------:allow > everyone@:-w-p---A-W-Co-:-------:deny > everyone@:rwxpDdaARWcCos:-------:allow $ getfacl -q ddd/xxx > owner@:--x-----------:-------:deny > owner@:rwxpDdaARWcCos:-------:allow > group@:-wxp----------:-------:deny > group@:rwxpDdaARWcCos:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:rwxpDdaARWcCos:-------:allow $ getfacl -q ddd/eee > owner@:--------------:-------:deny > owner@:rwxpDdaARWcCos:f------:allow > group@:-w-p----------:-------:deny > group@:rwxpDdaARWcCos:-------:allow > everyone@:-w-p---A-W-Co-:-------:deny > everyone@:rwxpDdaARWcCos:-------:allow $ getfacl -q ddd/eee/yyy > owner@:--x-----------:-------:deny > owner@:rwxpDdaARWcCos:-------:allow > group@:-wxp----------:-------:deny > group@:rwxpDdaARWcCos:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:rwxpDdaARWcCos:-------:allow $ rm -r ddd Index: head/tests/sys/acl/tools-posix.test =================================================================== --- head/tests/sys/acl/tools-posix.test (revision 367104) +++ head/tests/sys/acl/tools-posix.test (revision 367105) @@ -1,453 +1,452 @@ # Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # This is a tools-level test for POSIX.1e ACL functionality. Run it as root # using ACL-enabled kernel: # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test # # WARNING: Creates files in unsafe way. $ whoami > root $ umask 022 # Smoke test for getfacl(1). $ touch xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > group::r-- > other::r-- $ getfacl -q xxx > user::rw- > group::r-- > other::r-- $ setfacl -m u:42:r,g:43:w xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > user:42:r-- > group::r-- > group:43:-w- > mask::rw- > other::r-- # Check whether ls correctly marks files with "+". $ ls -l xxx | cut -d' ' -f1 > -rw-rw-r--+ # Same as above, but for symlinks. $ ln -s xxx lll $ getfacl -h lll > # file: lll > # owner: root > # group: wheel > user::rwx > group::r-x > other::r-x $ getfacl -qh lll > user::rwx > group::r-x > other::r-x $ getfacl -q lll > user::rw- > user:42:r-- > group::r-- > group:43:-w- > mask::rw- > other::r-- $ setfacl -hm u:44:x,g:45:w lll $ getfacl -h lll > # file: lll > # owner: root > # group: wheel > user::rwx > user:44:--x > group::r-x > group:45:-w- > mask::rwx > other::r-x $ ls -l lll | cut -d' ' -f1 > lrwxrwxr-x+ # Check whether the original file is left untouched. $ ls -l xxx | cut -d' ' -f1 > -rw-rw-r--+ $ rm lll # Test removing entries. $ setfacl -x user:42: xxx $ getfacl xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > group::r-- > group:43:-w- > mask::rw- > other::r-- $ setfacl -m u:42:r xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > user:42:r-- > group::r-- > group:43:-w- > mask::rw- > other::r-- # Test removing entries by number. $ setfacl -x 1 xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > group::r-- > group:43:-w- > mask::rw- > other::r-- $ setfacl -m g:43:r xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > group::r-- > group:43:r-- > mask::r-- > other::r-- # Make sure cp without any flags does not copy the ACL. $ cp xxx yyy $ ls -l yyy | cut -d' ' -f1 > -rw-r--r-- # Make sure it does with the "-p" flag. $ rm yyy $ cp -p xxx yyy $ getfacl -n yyy > # file: yyy > # owner: root > # group: wheel > user::rw- > group::r-- > group:43:r-- > mask::r-- > other::r-- $ rm yyy # Test removing entries by... by example? $ setfacl -m u:42:r,g:43:w xxx $ setfacl -x u:42: xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > group::r-- > group:43:-w- > mask::rw- > other::r-- # Test setfacl -b. $ setfacl -b xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > group::r-- > mask::r-- > other::r-- $ ls -l xxx | cut -d' ' -f1 > -rw-r--r--+ $ setfacl -nb xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > group::r-- > other::r-- $ ls -l xxx | cut -d' ' -f1 > -rw-r--r-- # Check setfacl(1) and getfacl(1) with multiple files. $ touch xxx yyy zzz $ ls -l xxx yyy zzz | cut -d' ' -f1 > -rw-r--r-- > -rw-r--r-- > -rw-r--r-- $ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz > setfacl: nnn: acl_get_file() failed: No such file or directory $ ls -l nnn xxx yyy zzz | cut -d' ' -f1 > ls: nnn: No such file or directory > -rw-rwxr--+ > -rw-rwxr--+ > -rw-rwxr--+ $ getfacl -nq nnn xxx yyy zzz > getfacl: nnn: stat() failed: No such file or directory > user::rw- > user:42:--x > group::r-- > group:43:-w- > mask::rwx > other::r-- > > user::rw- > user:42:--x > group::r-- > group:43:-w- > mask::rwx > other::r-- > > user::rw- > user:42:--x > group::r-- > group:43:-w- > mask::rwx > other::r-- $ setfacl -b nnn xxx yyy zzz > setfacl: nnn: acl_get_file() failed: No such file or directory $ ls -l nnn xxx yyy zzz | cut -d' ' -f1 > ls: nnn: No such file or directory > -rw-r--r--+ > -rw-r--r--+ > -rw-r--r--+ $ setfacl -bn nnn xxx yyy zzz > setfacl: nnn: acl_get_file() failed: No such file or directory $ ls -l nnn xxx yyy zzz | cut -d' ' -f1 > ls: nnn: No such file or directory > -rw-r--r-- > -rw-r--r-- > -rw-r--r-- $ rm xxx yyy zzz # Check whether chmod actually does what it should do. $ touch xxx $ setfacl -m u:42:rwx,g:43:rwx xxx $ chmod 600 xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::rw- > user:42:rwx # effective: --- > group::r-- # effective: --- > group:43:rwx # effective: --- > mask::--- > other::--- $ chmod 060 xxx $ getfacl -n xxx > # file: xxx > # owner: root > # group: wheel > user::--- > user:42:rwx # effective: rw- > group::r-- > group:43:rwx # effective: rw- > mask::rw- > other::--- # Test default ACLs. $ umask 022 $ mkdir ddd $ getfacl -qn ddd > user::rwx > group::r-x > other::r-x $ ls -l | grep ddd | cut -d' ' -f1 > drwxr-xr-x $ getfacl -dq ddd $ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd $ getfacl -dqn ddd > user::rwx > group::r-x > mask::rwx > other::r-x # No change - ls(1) output doesn't take into account default ACLs. $ ls -l | grep ddd | cut -d' ' -f1 > drwxr-xr-x $ setfacl -dm g:42:rwx,u:42:r ddd $ setfacl -dm g::w ddd $ getfacl -dqn ddd > user::rwx > user:42:r-- > group::-w- > group:42:rwx > mask::rwx > other::r-x $ setfacl -dx group:42: ddd $ getfacl -dqn ddd > user::rwx > user:42:r-- > group::-w- > mask::rw- > other::r-x $ ls -l | grep ddd | cut -d' ' -f1 > drwxr-xr-x $ rmdir ddd $ rm xxx # Test inheritance. $ mkdir ddd $ touch ddd/xxx $ getfacl -q ddd/xxx > user::rw- > group::r-- > other::r-- $ mkdir ddd/ddd $ getfacl -q ddd/ddd > user::rwx > group::r-x > other::r-x $ rmdir ddd/ddd $ rm ddd/xxx $ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd $ setfacl -dm g:42:rwx,u:43:r ddd $ getfacl -dq ddd > user::rwx > user:43:r-- > group::r-x > group:42:rwx > mask::rwx > other::r-x $ touch ddd/xxx $ getfacl -q ddd/xxx > user::rw- > user:43:r-- > group::r-x # effective: r-- > group:42:rwx # effective: r-- > mask::r-- > other::r-- $ mkdir ddd/ddd $ getfacl -q ddd/ddd > user::rwx > user:43:r-- > group::r-x > group:42:rwx # effective: r-x > mask::r-x > other::r-x $ rmdir ddd/ddd $ rm ddd/xxx $ rmdir ddd # Test if we deal properly with fifos. $ mkfifo fff $ ls -l fff | cut -d' ' -f1 > prw-r--r-- $ setfacl -m u:42:r,g:43:w fff $ getfacl fff > # file: fff > # owner: root > # group: wheel > user::rw- > user:42:r-- > group::r-- > group:43:-w- > mask::rw- > other::r-- $ ls -l fff | cut -d' ' -f1 > prw-rw-r--+ $ setfacl -bn fff $ getfacl fff > # file: fff > # owner: root > # group: wheel > user::rw- > group::r-- > other::r-- $ ls -l fff | cut -d' ' -f1 > prw-r--r-- $ rm fff # Test if we deal properly with device files. $ mknod bbb b 1 1 $ setfacl -m u:42:r,g:43:w bbb > setfacl: bbb: acl_get_file() failed: Operation not supported $ ls -l bbb | cut -d' ' -f1 > brw-r--r-- $ rm bbb $ mknod ccc c 1 1 $ setfacl -m u:42:r,g:43:w ccc > setfacl: ccc: acl_get_file() failed: Operation not supported $ ls -l ccc | cut -d' ' -f1 > crw-r--r-- $ rm ccc Index: head/tools/regression/iscsi/iscsi-test.sh =================================================================== --- head/tools/regression/iscsi/iscsi-test.sh (revision 367104) +++ head/tools/regression/iscsi/iscsi-test.sh (revision 367105) @@ -1,794 +1,793 @@ #!/bin/sh # # Copyright (c) 2012 The FreeBSD Foundation -# All rights reserved. # # This software was developed by Edward Tomasz Napierala under sponsorship # from the FreeBSD Foundation. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # # This expects that the iSCSI server being tested is at $TARGETIP and exports # two targets: $TARGET1 and $TARGET2; the former requiring no authentication, # and the latter using CHAP with user $USER and secret $SECRET. Discovery # must be permitted without authentication. Each target must contain exactly # two LUNs, 4GB each. For example, ctl.conf(5) should look like this: # # auth-group meh { # chap user secretsecret # } # # portal-group meh { # listen 0.0.0.0 # discovery-auth-group no-authentication # } # # target iqn.2012-06.com.example:1 { # auth-group no-authentication # portal-group meh # lun 0 { # path /var/tmp/example_t1l0 # size 4G # } # lun 1 { # path /var/tmp/example_t1l1 # size 4G # } # } # # target iqn.2012-06.com.example:2 { # auth-group meh # portal-group meh # lun 0 { # path /var/tmp/example_t2l0 # size 4G # } # lun 1 { # path /var/tmp/example_t2l1 # size 4G # } # } # # Remember to create the backing files (/var/tmp/example_t1l0 etcc) # # On the initiator, $MNTDIR will be used for testing. # TARGETIP=192.168.56.101 TARGET1=iqn.2012-06.com.example:1 TARGET2=iqn.2012-06.com.example:2 USER=user SECRET=secretsecret MNTDIR=/mnt TMPDIR=/tmp die() { echo "$*" exit 1 } case `uname` in FreeBSD) LUN0=/dev/da0 LUN1=/dev/da1 LUN2=/dev/da2 LUN3=/dev/da3 ZFSPOOL=iscsipool ;; Linux) LUN0=/dev/sdb LUN1=/dev/sdc LUN2=/dev/sdd LUN3=/dev/sde ;; SunOS) # LUN names are being set later, during attach. ZFSPOOL=iscsipool ;; *) die "unsupported system" ;; esac check() { echo "# $@" > /dev/stderr $@ || die "$@ failed" } banner() { echo "Will try to attach to $TARGET1 and $TARGET2 on $TARGETIP," echo "user $USER, secret $SECRET. Will use mountpoint $MNTDIR, temporary dir $TMPDIR," if [ -n "$LUN0" ]; then echo "scratch disks $LUN0, $LUN1, $LUN2, $LUN3." else echo "scratch disks unknown at this stage." fi echo echo "This script is NOT safe to run on multiuser system." echo echo "Press ^C to interrupt; will proceed in 5 seconds." sleep 5 } test_discovery_freebsd_9() { kldload iscsi_initiator check iscontrol -dt $TARGETIP > $TMPDIR/discovered cat $TMPDIR/discovered echo "TargetName=$TARGET1" > $TMPDIR/expected echo "TargetName=$TARGET2" >> $TMPDIR/expected check cmp $TMPDIR/expected $TMPDIR/discovered rm -f $TMPDIR/expected $TMPDIR/discovered } test_discovery_freebsd() { /etc/rc.d/iscsid onestart check iscsictl -Ad $TARGETIP sleep 1 iscsictl | awk '{ print $1 }' | sort > $TMPDIR/discovered printf "Target\n$TARGET1\n$TARGET2\n" | sort > $TMPDIR/expected check cmp $TMPDIR/expected $TMPDIR/discovered rm -f $TMPDIR/expected $TMPDIR/discovered check iscsictl -Ra sleep 1 } test_discovery_linux() { cat > /etc/iscsi/iscsid.conf << END discovery.sendtargets.auth.authmethod = None node.startup = manual END check iscsiadm -m discovery -t sendtargets -p $TARGETIP > $TMPDIR/discovered cat $TMPDIR/discovered echo "$TARGETIP:3260,-1 $TARGET1" > $TMPDIR/expected echo "$TARGETIP:3260,-1 $TARGET2" >> $TMPDIR/expected check cmp $TMPDIR/expected $TMPDIR/discovered rm -f $TMPDIR/expected $TMPDIR/discovered } test_discovery_solaris() { check iscsiadm add discovery-address $TARGETIP check iscsiadm modify discovery --sendtargets enable check iscsiadm modify discovery --static enable check iscsiadm list target | awk '/^Target/ { print $2 }' | sort > $TMPDIR/discovered check iscsiadm remove discovery-address $TARGETIP cat $TMPDIR/discovered echo "$TARGET1" > $TMPDIR/expected echo "$TARGET2" >> $TMPDIR/expected check cmp $TMPDIR/expected $TMPDIR/discovered rm -f $TMPDIR/expected $TMPDIR/discovered } test_discovery() { echo "*** discovery test ***" case `uname` in FreeBSD) case `uname -r` in 9*) test_discovery_freebsd_9 ;; *) test_discovery_freebsd ;; esac ;; Linux) test_discovery_linux ;; SunOS) test_discovery_solaris ;; *) die "unsupported system" ;; esac } test_attach_freebsd_9() { [ ! -e LUN0 ] || die "$LUN0 already exists" [ ! -e LUN1 ] || die "$LUN1 already exists" [ ! -e LUN2 ] || die "$LUN2 already exists" [ ! -e LUN3 ] || die "$LUN3 already exists" cat > $TMPDIR/iscsi.conf << END target1 { TargetName = $TARGET1 TargetAddress = $TARGETIP } target2 { TargetName = $TARGET2 TargetAddress = $TARGETIP AuthMethod = CHAP chapIName = $USER chapSecret = $SECRET } END check iscontrol -c $TMPDIR/iscsi.conf -n target1 check iscontrol -c $TMPDIR/iscsi.conf -n target2 echo "Waiting 10 seconds for attach to complete." sleep 10 [ -e $LUN0 ] || die "$LUN0 doesn't exist" [ -e $LUN1 ] || die "$LUN1 doesn't exist" [ -e $LUN2 ] || die "$LUN2 doesn't exist" [ -e $LUN3 ] || die "$LUN3 doesn't exist" rm $TMPDIR/iscsi.conf } test_attach_freebsd() { [ ! -e LUN0 ] || die "$LUN0 already exists" [ ! -e LUN1 ] || die "$LUN1 already exists" [ ! -e LUN2 ] || die "$LUN2 already exists" [ ! -e LUN3 ] || die "$LUN3 already exists" cat > $TMPDIR/iscsi.conf << END target1 { TargetName = $TARGET1 TargetAddress = $TARGETIP } target2 { TargetName = $TARGET2 TargetAddress = $TARGETIP AuthMethod = CHAP chapIName = $USER chapSecret = $SECRET } END check iscsictl -Ac $TMPDIR/iscsi.conf -n target1 check iscsictl -Ac $TMPDIR/iscsi.conf -n target2 echo "Waiting 10 seconds for attach to complete." sleep 10 [ -e $LUN0 ] || die "$LUN0 doesn't exist" [ -e $LUN1 ] || die "$LUN1 doesn't exist" [ -e $LUN2 ] || die "$LUN2 doesn't exist" [ -e $LUN3 ] || die "$LUN3 doesn't exist" rm $TMPDIR/iscsi.conf } test_attach_linux() { check iscsiadm --mode node --targetname "$TARGET1" -p "$TARGETIP:3260" --op=update --name node.session.auth.authmethod --value=None check iscsiadm --mode node --targetname "$TARGET1" -p "$TARGETIP:3260" --login check iscsiadm --mode node --targetname "$TARGET2" -p "$TARGETIP:3260" --op=update --name node.session.auth.authmethod --value=CHAP check iscsiadm --mode node --targetname "$TARGET2" -p "$TARGETIP:3260" --op=update --name node.session.auth.username --value="$USER" check iscsiadm --mode node --targetname "$TARGET2" -p "$TARGETIP:3260" --op=update --name node.session.auth.password --value="$SECRET" check iscsiadm --mode node --targetname "$TARGET2" -p "$TARGETIP:3260" --login } test_attach_solaris() { # XXX: How to enter the CHAP secret from the script? For now, # just use the first target, and thus first two LUNs. #check iscsiadm modify initiator-node --authentication CHAP #check iscsiadm modify initiator-node --CHAP-name $USER #check iscsiadm modify initiator-node --CHAP-secret $SECRET iscsiadm add static-config $TARGET1,$TARGETIP LUN0=`iscsiadm list target -S | awk '/OS Device Name/ { print $4 }' | sed -n 1p` LUN1=`iscsiadm list target -S | awk '/OS Device Name/ { print $4 }' | sed -n 2p` LUN0=`echo ${LUN0}2 | sed 's/rdsk/dsk/'` LUN1=`echo ${LUN1}2 | sed 's/rdsk/dsk/'` [ -n "$LUN0" -a -n "LUN1" ] || die "attach failed" echo "Scratch disks: $LUN0, $LUN1" } test_attach() { echo "*** attach test ***" case `uname` in FreeBSD) case `uname -r` in 9*) test_attach_freebsd_9 ;; *) test_attach_freebsd ;; esac ;; Linux) test_attach_linux ;; SunOS) test_attach_solaris ;; *) die "unsupported system" ;; esac } test_newfs_freebsd_ufs() { echo "*** UFS filesystem smoke test ***" check newfs $LUN0 check newfs $LUN1 check newfs $LUN2 check newfs $LUN3 check fsck -t ufs $LUN0 check fsck -t ufs $LUN1 check fsck -t ufs $LUN2 check fsck -t ufs $LUN3 } test_newfs_freebsd_zfs() { echo "*** ZFS filesystem smoke test ***" check zpool create -f $ZFSPOOL $LUN0 $LUN1 $LUN2 $LUN3 check zpool destroy -f $ZFSPOOL } test_newfs_linux_ext4() { echo "*** ext4 filesystem smoke test ***" yes | check mkfs $LUN0 yes | check mkfs $LUN1 yes | check mkfs $LUN2 yes | check mkfs $LUN3 check fsck -f $LUN0 check fsck -f $LUN1 check fsck -f $LUN2 check fsck -f $LUN3 } test_newfs_linux_btrfs() { echo "*** btrfs filesystem smoke test ***" check mkfs.btrfs $LUN0 $LUN1 $LUN2 $LUN3 } test_newfs_solaris_ufs() { echo "*** UFS filesystem smoke test ***" yes | check newfs $LUN0 yes | check newfs $LUN1 check fsck -F ufs $LUN0 check fsck -F ufs $LUN1 } test_newfs_solaris_zfs() { echo "*** ZFS filesystem smoke test ***" check zpool create -f $ZFSPOOL $LUN0 $LUN1 check zpool destroy -f $ZFSPOOL } test_newfs() { case `uname` in FreeBSD) test_newfs_freebsd_ufs test_newfs_freebsd_zfs ;; Linux) test_newfs_linux_ext4 test_newfs_linux_btrfs ;; SunOS) test_newfs_solaris_ufs test_newfs_solaris_zfs ;; *) die "unsupported system" ;; esac } test_cp() { echo "*** basic filesystem test ***" case `uname` in FreeBSD) check newfs $LUN0 check mount -t ufs $LUN0 $MNTDIR check dd if=/dev/urandom of=$MNTDIR/1 bs=1m count=500 check cp $MNTDIR/1 $MNTDIR/2 check umount $MNTDIR check fsck -t ufs $LUN0 check mount -t ufs $LUN0 $MNTDIR check cmp $MNTDIR/1 $MNTDIR/2 check umount $MNTDIR check zpool create -f $ZFSPOOL $LUN0 $LUN1 $LUN2 $LUN3 check dd if=/dev/urandom of=/$ZFSPOOL/1 bs=1m count=500 check zpool scrub $ZFSPOOL check cp /$ZFSPOOL/1 /$ZFSPOOL/2 check cmp /$ZFSPOOL/1 /$ZFSPOOL/2 check zpool destroy -f $ZFSPOOL ;; Linux) yes | check mkfs $LUN0 check mount $LUN0 $MNTDIR check dd if=/dev/urandom of=$MNTDIR/1 bs=1M count=500 check cp $MNTDIR/1 $MNTDIR/2 check umount $MNTDIR check fsck -f $LUN0 check mount $LUN0 $MNTDIR check cmp $MNTDIR/1 $MNTDIR/2 check umount $MNTDIR check mkfs.btrfs $LUN0 $LUN1 $LUN2 $LUN3 check mount $LUN0 $MNTDIR check dd if=/dev/urandom of=$MNTDIR/1 bs=1M count=500 check cp $MNTDIR/1 $MNTDIR/2 check umount $MNTDIR check mount $LUN0 $MNTDIR check cmp $MNTDIR/1 $MNTDIR/2 check umount $MNTDIR ;; SunOS) yes | check newfs $LUN0 check mount -F ufs $LUN0 $MNTDIR check dd if=/dev/urandom of=$MNTDIR/1 bs=1024k count=500 check cp $MNTDIR/1 $MNTDIR/2 check umount $MNTDIR check fsck -yF ufs $LUN0 check mount -F ufs $LUN0 $MNTDIR check cmp $MNTDIR/1 $MNTDIR/2 check umount $MNTDIR check zpool create -f $ZFSPOOL $LUN0 $LUN1 check dd if=/dev/urandom of=/$ZFSPOOL/1 bs=1024k count=500 check zpool scrub $ZFSPOOL check cp /$ZFSPOOL/1 /$ZFSPOOL/2 check cmp /$ZFSPOOL/1 /$ZFSPOOL/2 check zpool destroy -f $ZFSPOOL ;; *) die "unsupported system" ;; esac } test_bonnie() { echo "*** bonnie++ ***" case `uname` in FreeBSD) check newfs $LUN0 check mount -t ufs $LUN0 $MNTDIR check cd $MNTDIR check bonnie++ -u root -s 2g -r 1g -n0 check bonnie++ -u root -s 0 check cd - check umount $MNTDIR check fsck -t ufs $LUN0 check zpool create -f $ZFSPOOL $LUN0 $LUN1 $LUN2 $LUN3 check cd /$ZFSPOOL check bonnie++ -u root -s 2g -r 1g -n0 check bonnie++ -u root -s 0 check cd - check zpool destroy -f $ZFSPOOL ;; Linux) yes | check mkfs $LUN0 check mount $LUN0 $MNTDIR check cd $MNTDIR check bonnie++ -u root -s 2g -r 1g -n0 check bonnie++ -u root -s 0 check cd - check umount $MNTDIR check fsck -f $LUN0 check mkfs.btrfs $LUN0 $LUN1 $LUN2 $LUN3 check mount $LUN0 $MNTDIR check cd $MNTDIR check bonnie++ -u root -s 2g -r 1g -n0 check bonnie++ -u root -s 0 check cd - check umount $MNTDIR ;; SunOS) yes | check newfs $LUN0 check mount -F ufs $LUN0 $MNTDIR check cd $MNTDIR check bonnie++ -u root -s 2g -r 1g -n0 check bonnie++ -u root -s 0 check cd - check umount $MNTDIR check fsck -yF ufs $LUN0 check zpool create -f $ZFSPOOL $LUN0 $LUN1 check cd /$ZFSPOOL check bonnie++ -u root -s 2g -r 1g -n0 check bonnie++ -u root -s 0 check cd - check zpool destroy -f $ZFSPOOL ;; *) die "unsupported system" ;; esac } test_iozone() { echo "*** iozone ***" case `uname` in FreeBSD) check newfs $LUN0 check mount -t ufs $LUN0 $MNTDIR check cd $MNTDIR check iozone -a check cd - check umount $MNTDIR check fsck -t ufs $LUN0 check zpool create -f $ZFSPOOL $LUN0 $LUN1 $LUN2 $LUN3 check cd /$ZFSPOOL check iozone -a check cd - check zpool destroy -f $ZFSPOOL ;; Linux) yes | check mkfs $LUN0 check mount $LUN0 $MNTDIR check cd $MNTDIR check iozone -a check cd - check umount $MNTDIR check fsck -f $LUN0 check mkfs.btrfs $LUN0 $LUN1 $LUN2 $LUN3 check mount $LUN0 $MNTDIR check cd $MNTDIR check iozone -a check cd - check umount $MNTDIR ;; SunOS) yes | check newfs $LUN0 check mount -F ufs $LUN0 $MNTDIR check cd $MNTDIR check iozone -a check cd - check umount $MNTDIR check fsck -yF ufs $LUN0 check zpool create -f $ZFSPOOL $LUN0 $LUN1 check cd /$ZFSPOOL check iozone -a check cd - check zpool destroy -f $ZFSPOOL ;; *) die "unsupported system" ;; esac } test_postmark() { echo "*** postmark ***" case `uname` in FreeBSD) check newfs $LUN0 check mount -t ufs $LUN0 $MNTDIR check cd $MNTDIR printf "set number 10000\nrun\n" | check postmark check cd - check umount $MNTDIR check fsck -t ufs $LUN0 check zpool create -f $ZFSPOOL $LUN0 $LUN1 $LUN2 $LUN3 check cd /$ZFSPOOL printf "set number 10000\nrun\n" | check postmark check cd - check zpool destroy -f $ZFSPOOL ;; Linux) yes | check mkfs $LUN0 check mount $LUN0 $MNTDIR check cd $MNTDIR printf "set number 10000\nrun\n" | check postmark check cd - check umount $MNTDIR check fsck -f $LUN0 check mkfs.btrfs $LUN0 $LUN1 $LUN2 $LUN3 check mount $LUN0 $MNTDIR check cd $MNTDIR printf "set number 10000\nrun\n" | check postmark check cd - check umount $MNTDIR ;; SunOS) yes | check newfs $LUN0 check mount -F ufs $LUN0 $MNTDIR check cd $MNTDIR printf "set number 10000\nrun\n" | check postmark check cd - check umount $MNTDIR check fsck -yF ufs $LUN0 check zpool create -f $ZFSPOOL $LUN0 $LUN1 check cd /$ZFSPOOL printf "set number 10000\nrun\n" | check postmark check cd - check zpool destroy -f $ZFSPOOL ;; *) die "unsupported system" ;; esac } test_postgresql_freebsd() { check newfs $LUN0 check mount -t ufs $LUN0 $MNTDIR check chown pgsql $MNTDIR check chmod 755 $MNTDIR check cd / # XXX: How to make 'check' work here? su -m pgsql -c "initdb -D $MNTDIR/db" su -m pgsql -c "pg_ctl -D $MNTDIR/db -l /tmp/log start" check sleep 10 su -m pgsql -c "pgbench -i postgres" su -m pgsql -c "pgbench -t 10000 postgres" su -m pgsql -c "pg_ctl -D $MNTDIR/db stop" check cd - check umount $MNTDIR check fsck -t ufs $LUN0 check zpool create -f $ZFSPOOL $LUN0 $LUN1 $LUN2 $LUN3 check chown pgsql /$ZFSPOOL check chmod 755 /$ZFSPOOL check cd / # XXX: How to make 'check' work here? su -m pgsql -c "initdb -D /$ZFSPOOL/db" su -m pgsql -c "pg_ctl -D /$ZFSPOOL/db -l /tmp/log start" check sleep 10 su -m pgsql -c "pgbench -i postgres" su -m pgsql -c "pgbench -t 10000 postgres" su -m pgsql -c "pg_ctl -D /$ZFSPOOL/db stop" check cd - check zpool destroy -f $ZFSPOOL } test_postgresql_linux() { yes | check mkfs $LUN0 check mount $LUN0 $MNTDIR check chown postgres $MNTDIR check chmod 755 $MNTDIR check cd / # XXX: How to make 'check' work here? su -m postgres -c "initdb -D $MNTDIR/db" su -m postgres -c "pg_ctl -D $MNTDIR/db -l /tmp/log start" check sleep 5 su -m postgres -c "pgbench -i" su -m postgres -c "pgbench -t 10000" su -m postgres -c "pg_ctl -D $MNTDIR/db stop" check cd - check umount $MNTDIR check fsck -f $LUN0 check mkfs.btrfs $LUN0 $LUN1 $LUN2 $LUN3 check mount $LUN0 $MNTDIR check chown postgres $MNTDIR check chmod 755 $MNTDIR check cd / su -m postgres -c "initdb -D $MNTDIR/db" su -m postgres -c "pg_ctl -D $MNTDIR/db -l /tmp/log start" check sleep 5 su -m postgres -c "pgbench -i" su -m postgres -c "pgbench -t 10000" su -m postgres -c "pg_ctl -D $MNTDIR/db stop" check cd - check umount $MNTDIR } test_postgresql_solaris() { PATH="$PATH:/usr/postgres/9.2-pgdg/bin" export PATH yes | check newfs $LUN0 check mount -F ufs $LUN0 $MNTDIR check chown postgres $MNTDIR check chmod 755 $MNTDIR check cd / # XXX: How to make 'check' work here? su postgres -c "initdb -D $MNTDIR/db" su postgres -c "pg_ctl -D $MNTDIR/db -l /tmp/log start" check sleep 10 su postgres -c "pgbench -i postgres" su postgres -c "pgbench -t 10000 postgres" su postgres -c "pg_ctl -D $MNTDIR/db stop" check cd - check umount $MNTDIR check fsck -yF ufs $LUN0 check zpool create -f $ZFSPOOL $LUN0 $LUN1 $LUN2 $LUN3 check chown postgres /$ZFSPOOL check chmod 755 /$ZFSPOOL check cd / # XXX: How to make 'check' work here? su postgres -c "initdb -D /$ZFSPOOL/db" su postgres -c "pg_ctl -D /$ZFSPOOL/db -l /tmp/log start" check sleep 10 su postgres -c "pgbench -i postgres" su postgres -c "pgbench -t 10000 postgres" su postgres -c "pg_ctl -D /$ZFSPOOL/db stop" check cd - check zpool destroy -f $ZFSPOOL } test_postgresql() { echo "*** postgresql ***" case `uname` in FreeBSD) test_postgresql_freebsd ;; Linux) test_postgresql_linux ;; SunOS) test_postgresql_solaris ;; *) die "unsupported system" ;; esac } test_detach() { echo "*** detach ***" case `uname` in FreeBSD) case `uname -r` in 9*) echo "*** detaching not supported on FreeBSD 9 ***" echo "*** please reboot the initiator VM before trying to run this script again ***" ;; *) check iscsictl -Ra ;; esac ;; Linux) check iscsiadm -m node --logout ;; SunOS) check iscsiadm remove static-config $TARGET1,$TARGETIP ;; *) die "unsupported system" ;; esac } banner test_discovery test_attach test_newfs test_cp test_bonnie test_iozone test_postmark test_postgresql test_detach echo "*** done ***" Index: head/tools/tools/fetchbench/fetchbench =================================================================== --- head/tools/tools/fetchbench/fetchbench (revision 367104) +++ head/tools/tools/fetchbench/fetchbench (revision 367105) @@ -1,76 +1,75 @@ #!/bin/sh #- # Copyright (c) 2017 Edward Tomasz Napierala -# All rights reserved. # # This software was developed by SRI International and the University of # Cambridge Computer Laboratory under DARPA/AFRL contract (FA8750-10-C-0237) # ("CTSRD"), as part of the DARPA CRASH research programme. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # This is a simple HTTP benchmark. It works by running a number of fetch(1) # instances in parallel, 10 by default, each performing a number of fetches, # 100 by default, and then printing out the time it took. # # Example usage: ./fetchbench -i 2 -n 5 http://freebsd.org usage() { cat <&2 usage: fetchbench [-i number-of-instances] [-n fetches-per-instance] url EOF exit 1 } NPROC=10 NFETCH=100 while getopts "i:n:X" opt; do case "$opt" in i) NPROC="${OPTARG}" ;; n) NFETCH="${OPTARG}" ;; X) MEASURE_PLEASE=1 ;; *) usage ;; esac done shift $(($OPTIND - 1)) if [ $# -ne 1 ]; then usage fi URL="${1}" if [ -n "${MEASURE_PLEASE}" ]; then for p in `/usr/bin/jot ${NPROC}`; do ( for f in `/usr/bin/jot ${NFETCH}`; do echo "${URL}"; done | /usr/bin/xargs /usr/bin/fetch -qo /dev/null ) & done wait echo -n "${0}: $((${NFETCH} * ${NPROC})) requests for ${URL}, spread among ${NPROC} parallel processes, in " else ( /usr/bin/time -h "${0}" -i "${NPROC}" -n "${NFETCH}" -X "${URL}" ) 2>&1 | sed -E 's/ //;s/ +/, /g' fi Index: head/usr.bin/iscsictl/iscsictl.8 =================================================================== --- head/usr.bin/iscsictl/iscsictl.8 (revision 367104) +++ head/usr.bin/iscsictl/iscsictl.8 (revision 367105) @@ -1,225 +1,224 @@ .\" Copyright (c) 2012 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd December 27, 2018 .Dt ISCSICTL 8 .Os .Sh NAME .Nm iscsictl .Nd iSCSI initiator management utility .Sh SYNOPSIS .Nm .Fl A .Fl p Ar portal Fl t Ar target .Op Fl u Ar user Fl s Ar secret .Op Fl w Ar timeout .Op Fl r .Op Fl e Cm on Ns | Ns Cm off .Nm .Fl A .Fl d Ar discovery-host .Op Fl u Ar user Fl s Ar secret .Op Fl r .Op Fl e Cm on Ns | Ns Cm off .Nm .Fl A .Fl a Op Fl c Ar path .Nm .Fl A .Fl n Ar nickname Op Fl c Ar path .Nm .Fl M .Fl i Ar session-id .Op Fl p Ar portal .Op Fl t Ar target .Op Fl u Ar user .Op Fl s Ar secret .Op Fl e Cm on Ns | Ns Cm off .Nm .Fl M .Fl i Ar session-id .Op Fl n Ar nickname Op Fl c Ar path .Nm .Fl R .Op Fl p Ar portal .Op Fl t Ar target .Nm .Fl R .Fl a .Nm .Fl R .Fl n Ar nickname Op Fl c Ar path .Nm .Fl L .Op Fl v .Op Fl w Ar timeout .Sh DESCRIPTION The .Nm utility is used to configure the iSCSI initiator. .Pp The following options are available: .Bl -tag -width "-d discovery-host" .It Fl -libxo Generate output via .Xr libxo 3 in a selection of different human and machine readable formats. See .Xr xo_parse_args 3 for details on command line arguments. .It Fl A Add session. .It Fl M Modify session. .It Fl R Remove session. .It Fl L List sessions. .It Fl a When adding, add all sessions defined in the configuration file. When removing, remove all currently established sessions. .It Fl c Ar path Path to the configuration file. The default is .Pa /etc/iscsi.conf . .It Fl d Ar discovery-host Target host name or address used for SendTargets discovery. When used, it will add a temporary discovery session. After discovery is done, sessions will be added for each discovered target, and the temporary discovery session will be removed. .It Fl e Cm on Ns | Ns Cm off Enable or disable the session. This is ignored for discovery sessions, but gets passed down to normal sessions they add. .It Fl i Ar session-id Session ID, as displayed by .Nm .Fl v . .It Fl n Ar nickname The .Ar nickname of a session defined in the configuration file. .It Fl p Ar portal Target portal \(em host name or address \(em for statically defined targets. .It Fl r Use iSER (iSCSI over RDMA) instead of plain iSCSI over TCP/IP. .It Fl s Ar secret CHAP secret. .It Fl t Ar target Target name. .It Fl u Ar user CHAP login. .It Fl v Verbose mode. .It Fl w Ar timeout Instead of returning immediately, wait up to .Ar timeout seconds until all configured sessions are successfully established. .El .Pp Certain parameters are necessary when adding a session. One can specify these either via command line (using the .Fl t , .Fl p , .Fl u , and .Fl s options), or configuration file (using the .Fl a or .Fl n options). Some functionality - for example mutual CHAP - is available only via configuration file. .Pp Since connecting to the target is performed in background, non-zero exit status does not mean that the session was successfully established. Use either .Nm Fl L to check the connection status, or the .Fl w flag to wait for session establishment. .Pp Note that in order for the iSCSI initiator to be able to connect to a target, the .Xr iscsid 8 daemon must be running. .Pp Also note that .Fx currently supports two different initiators: the old one, .Xr iscsi_initiator 4 , with its control utility .Xr iscontrol 8 , and the new one, .Xr iscsi 4 , with .Nm and .Xr iscsid 8 . The only thing the two have in common is the configuration file, .Xr iscsi.conf 5 . .Sh FILES .Bl -tag -width ".Pa /etc/iscsi.conf" -compact .It Pa /etc/iscsi.conf iSCSI initiator configuration file. .El .Sh EXIT STATUS The .Nm utility exits 0 on success, and >0 if an error occurs. .Sh EXAMPLES Attach to target iqn.2012-06.com.example:target0, served by 192.168.1.1: .Dl Nm Fl A Fl t Ar iqn.2012-06.com.example:target0 Fl p Ar 192.168.1.1 .Pp Perform discovery on 192.168.1.1, and add disabled sessions for each discovered target; use .Nm -M -e on to connect them: .Dl Nm Fl A Fl d Ar 192.168.1.1 Fl e Ar off .Pp Disconnect all iSCSI sessions: .Dl Nm Fl Ra .Sh SEE ALSO .Xr libxo 3 , .Xr xo_parse_args 3 , .Xr iscsi 4 , .Xr iscsi.conf 5 , .Xr iscsid 8 .Sh HISTORY The .Nm command appeared in .Fx 10.0 . .Sh AUTHORS The .Nm utility was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/usr.bin/iscsictl/iscsictl.c =================================================================== --- head/usr.bin/iscsictl/iscsictl.c (revision 367104) +++ head/usr.bin/iscsictl/iscsictl.c (revision 367105) @@ -1,1048 +1,1047 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "iscsictl.h" struct conf * conf_new(void) { struct conf *conf; conf = calloc(1, sizeof(*conf)); if (conf == NULL) xo_err(1, "calloc"); TAILQ_INIT(&conf->conf_targets); return (conf); } struct target * target_find(struct conf *conf, const char *nickname) { struct target *targ; TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { if (targ->t_nickname != NULL && strcasecmp(targ->t_nickname, nickname) == 0) return (targ); } return (NULL); } struct target * target_new(struct conf *conf) { struct target *targ; targ = calloc(1, sizeof(*targ)); if (targ == NULL) xo_err(1, "calloc"); targ->t_conf = conf; targ->t_dscp = -1; targ->t_pcp = -1; TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next); return (targ); } void target_delete(struct target *targ) { TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next); free(targ); } static char * default_initiator_name(void) { char *name; size_t namelen; int error; namelen = _POSIX_HOST_NAME_MAX + strlen(DEFAULT_IQN); name = calloc(1, namelen + 1); if (name == NULL) xo_err(1, "calloc"); strcpy(name, DEFAULT_IQN); error = gethostname(name + strlen(DEFAULT_IQN), namelen - strlen(DEFAULT_IQN)); if (error != 0) xo_err(1, "gethostname"); return (name); } static bool valid_hex(const char ch) { switch (ch) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': case 'a': case 'A': case 'b': case 'B': case 'c': case 'C': case 'd': case 'D': case 'e': case 'E': case 'f': case 'F': return (true); default: return (false); } } int parse_enable(const char *enable) { if (enable == NULL) return (ENABLE_UNSPECIFIED); if (strcasecmp(enable, "on") == 0 || strcasecmp(enable, "yes") == 0) return (ENABLE_ON); if (strcasecmp(enable, "off") == 0 || strcasecmp(enable, "no") == 0) return (ENABLE_OFF); return (ENABLE_UNSPECIFIED); } bool valid_iscsi_name(const char *name) { int i; if (strlen(name) >= MAX_NAME_LEN) { xo_warnx("overlong name for \"%s\"; max length allowed " "by iSCSI specification is %d characters", name, MAX_NAME_LEN); return (false); } /* * In the cases below, we don't return an error, just in case the admin * was right, and we're wrong. */ if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) { for (i = strlen("iqn."); name[i] != '\0'; i++) { /* * XXX: We should verify UTF-8 normalisation, as defined * by 3.2.6.2: iSCSI Name Encoding. */ if (isalnum(name[i])) continue; if (name[i] == '-' || name[i] == '.' || name[i] == ':') continue; xo_warnx("invalid character \"%c\" in iSCSI name " "\"%s\"; allowed characters are letters, digits, " "'-', '.', and ':'", name[i], name); break; } /* * XXX: Check more stuff: valid date and a valid reversed domain. */ } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) { if (strlen(name) != strlen("eui.") + 16) xo_warnx("invalid iSCSI name \"%s\"; the \"eui.\" " "should be followed by exactly 16 hexadecimal " "digits", name); for (i = strlen("eui."); name[i] != '\0'; i++) { if (!valid_hex(name[i])) { xo_warnx("invalid character \"%c\" in iSCSI " "name \"%s\"; allowed characters are 1-9 " "and A-F", name[i], name); break; } } } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) { if (strlen(name) > strlen("naa.") + 32) xo_warnx("invalid iSCSI name \"%s\"; the \"naa.\" " "should be followed by at most 32 hexadecimal " "digits", name); for (i = strlen("naa."); name[i] != '\0'; i++) { if (!valid_hex(name[i])) { xo_warnx("invalid character \"%c\" in ISCSI " "name \"%s\"; allowed characters are 1-9 " "and A-F", name[i], name); break; } } } else { xo_warnx("invalid iSCSI name \"%s\"; should start with " "either \".iqn\", \"eui.\", or \"naa.\"", name); } return (true); } void conf_verify(struct conf *conf) { struct target *targ; TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { assert(targ->t_nickname != NULL); if (targ->t_session_type == SESSION_TYPE_UNSPECIFIED) targ->t_session_type = SESSION_TYPE_NORMAL; if (targ->t_session_type == SESSION_TYPE_NORMAL && targ->t_name == NULL) xo_errx(1, "missing TargetName for target \"%s\"", targ->t_nickname); if (targ->t_session_type == SESSION_TYPE_DISCOVERY && targ->t_name != NULL) xo_errx(1, "cannot specify TargetName for discovery " "sessions for target \"%s\"", targ->t_nickname); if (targ->t_name != NULL) { if (valid_iscsi_name(targ->t_name) == false) xo_errx(1, "invalid target name \"%s\"", targ->t_name); } if (targ->t_protocol == PROTOCOL_UNSPECIFIED) targ->t_protocol = PROTOCOL_ISCSI; if (targ->t_address == NULL) xo_errx(1, "missing TargetAddress for target \"%s\"", targ->t_nickname); if (targ->t_initiator_name == NULL) targ->t_initiator_name = default_initiator_name(); if (valid_iscsi_name(targ->t_initiator_name) == false) xo_errx(1, "invalid initiator name \"%s\"", targ->t_initiator_name); if (targ->t_header_digest == DIGEST_UNSPECIFIED) targ->t_header_digest = DIGEST_NONE; if (targ->t_data_digest == DIGEST_UNSPECIFIED) targ->t_data_digest = DIGEST_NONE; if (targ->t_auth_method == AUTH_METHOD_UNSPECIFIED) { if (targ->t_user != NULL || targ->t_secret != NULL || targ->t_mutual_user != NULL || targ->t_mutual_secret != NULL) targ->t_auth_method = AUTH_METHOD_CHAP; else targ->t_auth_method = AUTH_METHOD_NONE; } if (targ->t_auth_method == AUTH_METHOD_CHAP) { if (targ->t_user == NULL) { xo_errx(1, "missing chapIName for target \"%s\"", targ->t_nickname); } if (targ->t_secret == NULL) xo_errx(1, "missing chapSecret for target \"%s\"", targ->t_nickname); if (targ->t_mutual_user != NULL || targ->t_mutual_secret != NULL) { if (targ->t_mutual_user == NULL) xo_errx(1, "missing tgtChapName for " "target \"%s\"", targ->t_nickname); if (targ->t_mutual_secret == NULL) xo_errx(1, "missing tgtChapSecret for " "target \"%s\"", targ->t_nickname); } } } } static void conf_from_target(struct iscsi_session_conf *conf, const struct target *targ) { memset(conf, 0, sizeof(*conf)); /* * XXX: Check bounds and return error instead of silently truncating. */ if (targ->t_initiator_name != NULL) strlcpy(conf->isc_initiator, targ->t_initiator_name, sizeof(conf->isc_initiator)); if (targ->t_initiator_address != NULL) strlcpy(conf->isc_initiator_addr, targ->t_initiator_address, sizeof(conf->isc_initiator_addr)); if (targ->t_initiator_alias != NULL) strlcpy(conf->isc_initiator_alias, targ->t_initiator_alias, sizeof(conf->isc_initiator_alias)); if (targ->t_name != NULL) strlcpy(conf->isc_target, targ->t_name, sizeof(conf->isc_target)); if (targ->t_address != NULL) strlcpy(conf->isc_target_addr, targ->t_address, sizeof(conf->isc_target_addr)); if (targ->t_user != NULL) strlcpy(conf->isc_user, targ->t_user, sizeof(conf->isc_user)); if (targ->t_secret != NULL) strlcpy(conf->isc_secret, targ->t_secret, sizeof(conf->isc_secret)); if (targ->t_mutual_user != NULL) strlcpy(conf->isc_mutual_user, targ->t_mutual_user, sizeof(conf->isc_mutual_user)); if (targ->t_mutual_secret != NULL) strlcpy(conf->isc_mutual_secret, targ->t_mutual_secret, sizeof(conf->isc_mutual_secret)); if (targ->t_session_type == SESSION_TYPE_DISCOVERY) conf->isc_discovery = 1; if (targ->t_enable != ENABLE_OFF) conf->isc_enable = 1; if (targ->t_protocol == PROTOCOL_ISER) conf->isc_iser = 1; if (targ->t_offload != NULL) strlcpy(conf->isc_offload, targ->t_offload, sizeof(conf->isc_offload)); if (targ->t_header_digest == DIGEST_CRC32C) conf->isc_header_digest = ISCSI_DIGEST_CRC32C; else conf->isc_header_digest = ISCSI_DIGEST_NONE; if (targ->t_data_digest == DIGEST_CRC32C) conf->isc_data_digest = ISCSI_DIGEST_CRC32C; else conf->isc_data_digest = ISCSI_DIGEST_NONE; conf->isc_dscp = targ->t_dscp; conf->isc_pcp = targ->t_pcp; } static int kernel_add(int iscsi_fd, const struct target *targ) { struct iscsi_session_add isa; int error; memset(&isa, 0, sizeof(isa)); conf_from_target(&isa.isa_conf, targ); error = ioctl(iscsi_fd, ISCSISADD, &isa); if (error != 0) xo_warn("ISCSISADD"); return (error); } static int kernel_modify(int iscsi_fd, unsigned int session_id, const struct target *targ) { struct iscsi_session_modify ism; int error; memset(&ism, 0, sizeof(ism)); ism.ism_session_id = session_id; conf_from_target(&ism.ism_conf, targ); error = ioctl(iscsi_fd, ISCSISMODIFY, &ism); if (error != 0) xo_warn("ISCSISMODIFY"); return (error); } static void kernel_modify_some(int iscsi_fd, unsigned int session_id, const char *target, const char *target_addr, const char *user, const char *secret, int enable) { struct iscsi_session_state *states = NULL; struct iscsi_session_state *state; struct iscsi_session_conf *conf; struct iscsi_session_list isl; struct iscsi_session_modify ism; unsigned int i, nentries = 1; int error; for (;;) { states = realloc(states, nentries * sizeof(struct iscsi_session_state)); if (states == NULL) xo_err(1, "realloc"); memset(&isl, 0, sizeof(isl)); isl.isl_nentries = nentries; isl.isl_pstates = states; error = ioctl(iscsi_fd, ISCSISLIST, &isl); if (error != 0 && errno == EMSGSIZE) { nentries *= 4; continue; } break; } if (error != 0) xo_errx(1, "ISCSISLIST"); for (i = 0; i < isl.isl_nentries; i++) { state = &states[i]; if (state->iss_id == session_id) break; } if (i == isl.isl_nentries) xo_errx(1, "session-id %u not found", session_id); conf = &state->iss_conf; if (target != NULL) strlcpy(conf->isc_target, target, sizeof(conf->isc_target)); if (target_addr != NULL) strlcpy(conf->isc_target_addr, target_addr, sizeof(conf->isc_target_addr)); if (user != NULL) strlcpy(conf->isc_user, user, sizeof(conf->isc_user)); if (secret != NULL) strlcpy(conf->isc_secret, secret, sizeof(conf->isc_secret)); if (enable == ENABLE_ON) conf->isc_enable = 1; else if (enable == ENABLE_OFF) conf->isc_enable = 0; memset(&ism, 0, sizeof(ism)); ism.ism_session_id = session_id; memcpy(&ism.ism_conf, conf, sizeof(ism.ism_conf)); error = ioctl(iscsi_fd, ISCSISMODIFY, &ism); if (error != 0) xo_warn("ISCSISMODIFY"); } static int kernel_remove(int iscsi_fd, const struct target *targ) { struct iscsi_session_remove isr; int error; memset(&isr, 0, sizeof(isr)); conf_from_target(&isr.isr_conf, targ); error = ioctl(iscsi_fd, ISCSISREMOVE, &isr); if (error != 0) xo_warn("ISCSISREMOVE"); return (error); } /* * XXX: Add filtering. */ static int kernel_list(int iscsi_fd, const struct target *targ __unused, int verbose) { struct iscsi_session_state *states = NULL; const struct iscsi_session_state *state; const struct iscsi_session_conf *conf; struct iscsi_session_list isl; unsigned int i, nentries = 1; int error; for (;;) { states = realloc(states, nentries * sizeof(struct iscsi_session_state)); if (states == NULL) xo_err(1, "realloc"); memset(&isl, 0, sizeof(isl)); isl.isl_nentries = nentries; isl.isl_pstates = states; error = ioctl(iscsi_fd, ISCSISLIST, &isl); if (error != 0 && errno == EMSGSIZE) { nentries *= 4; continue; } break; } if (error != 0) { xo_warn("ISCSISLIST"); return (error); } if (verbose != 0) { xo_open_list("session"); for (i = 0; i < isl.isl_nentries; i++) { state = &states[i]; conf = &state->iss_conf; xo_open_instance("session"); /* * Display-only modifier as this information * is also present within the 'session' container */ xo_emit("{L:/%-26s}{V:sessionId/%u}\n", "Session ID:", state->iss_id); xo_open_container("initiator"); xo_emit("{L:/%-26s}{V:name/%s}\n", "Initiator name:", conf->isc_initiator); xo_emit("{L:/%-26s}{V:portal/%s}\n", "Initiator portal:", conf->isc_initiator_addr); xo_emit("{L:/%-26s}{V:alias/%s}\n", "Initiator alias:", conf->isc_initiator_alias); xo_close_container("initiator"); xo_open_container("target"); xo_emit("{L:/%-26s}{V:name/%s}\n", "Target name:", conf->isc_target); xo_emit("{L:/%-26s}{V:portal/%s}\n", "Target portal:", conf->isc_target_addr); xo_emit("{L:/%-26s}{V:alias/%s}\n", "Target alias:", state->iss_target_alias); if (conf->isc_dscp != -1) xo_emit("{L:/%-26s}{V:dscp/0x%02x}\n", "Target DSCP:", conf->isc_dscp); if (conf->isc_pcp != -1) xo_emit("{L:/%-26s}{V:pcp/0x%02x}\n", "Target PCP:", conf->isc_pcp); xo_close_container("target"); xo_open_container("auth"); xo_emit("{L:/%-26s}{V:user/%s}\n", "User:", conf->isc_user); xo_emit("{L:/%-26s}{V:secret/%s}\n", "Secret:", conf->isc_secret); xo_emit("{L:/%-26s}{V:mutualUser/%s}\n", "Mutual user:", conf->isc_mutual_user); xo_emit("{L:/%-26s}{V:mutualSecret/%s}\n", "Mutual secret:", conf->isc_mutual_secret); xo_close_container("auth"); xo_emit("{L:/%-26s}{V:type/%s}\n", "Session type:", conf->isc_discovery ? "Discovery" : "Normal"); xo_emit("{L:/%-26s}{V:enable/%s}\n", "Enable:", conf->isc_enable ? "Yes" : "No"); xo_emit("{L:/%-26s}{V:state/%s}\n", "Session state:", state->iss_connected ? "Connected" : "Disconnected"); xo_emit("{L:/%-26s}{V:failureReason/%s}\n", "Failure reason:", state->iss_reason); xo_emit("{L:/%-26s}{V:headerDigest/%s}\n", "Header digest:", state->iss_header_digest == ISCSI_DIGEST_CRC32C ? "CRC32C" : "None"); xo_emit("{L:/%-26s}{V:dataDigest/%s}\n", "Data digest:", state->iss_data_digest == ISCSI_DIGEST_CRC32C ? "CRC32C" : "None"); xo_emit("{L:/%-26s}{V:recvDataSegmentLen/%d}\n", "MaxRecvDataSegmentLength:", state->iss_max_recv_data_segment_length); xo_emit("{L:/%-26s}{V:sendDataSegmentLen/%d}\n", "MaxSendDataSegmentLength:", state->iss_max_send_data_segment_length); xo_emit("{L:/%-26s}{V:maxBurstLen/%d}\n", "MaxBurstLen:", state->iss_max_burst_length); xo_emit("{L:/%-26s}{V:firstBurstLen/%d}\n", "FirstBurstLen:", state->iss_first_burst_length); xo_emit("{L:/%-26s}{V:immediateData/%s}\n", "ImmediateData:", state->iss_immediate_data ? "Yes" : "No"); xo_emit("{L:/%-26s}{V:iSER/%s}\n", "iSER (RDMA):", conf->isc_iser ? "Yes" : "No"); xo_emit("{L:/%-26s}{V:offloadDriver/%s}\n", "Offload driver:", state->iss_offload); xo_emit("{L:/%-26s}", "Device nodes:"); print_periphs(state->iss_id); xo_emit("\n\n"); xo_close_instance("session"); } xo_close_list("session"); } else { xo_emit("{T:/%-36s} {T:/%-16s} {T:/%s}\n", "Target name", "Target portal", "State"); if (isl.isl_nentries != 0) xo_open_list("session"); for (i = 0; i < isl.isl_nentries; i++) { state = &states[i]; conf = &state->iss_conf; xo_open_instance("session"); xo_emit("{V:name/%-36s/%s} {V:portal/%-16s/%s} ", conf->isc_target, conf->isc_target_addr); if (state->iss_reason[0] != '\0' && conf->isc_enable != 0) { xo_emit("{V:state/%s}\n", state->iss_reason); } else { if (conf->isc_discovery) { xo_emit("{V:state}\n", "Discovery"); } else if (conf->isc_enable == 0) { xo_emit("{V:state}\n", "Disabled"); } else if (state->iss_connected) { xo_emit("{V:state}: ", "Connected"); print_periphs(state->iss_id); xo_emit("\n"); } else { xo_emit("{V:state}\n", "Disconnected"); } } xo_close_instance("session"); } if (isl.isl_nentries != 0) xo_close_list("session"); } return (0); } static int kernel_wait(int iscsi_fd, int timeout) { struct iscsi_session_state *states = NULL; const struct iscsi_session_state *state; struct iscsi_session_list isl; unsigned int i, nentries = 1; bool all_connected; int error; for (;;) { for (;;) { states = realloc(states, nentries * sizeof(struct iscsi_session_state)); if (states == NULL) xo_err(1, "realloc"); memset(&isl, 0, sizeof(isl)); isl.isl_nentries = nentries; isl.isl_pstates = states; error = ioctl(iscsi_fd, ISCSISLIST, &isl); if (error != 0 && errno == EMSGSIZE) { nentries *= 4; continue; } break; } if (error != 0) { xo_warn("ISCSISLIST"); return (error); } all_connected = true; for (i = 0; i < isl.isl_nentries; i++) { state = &states[i]; if (!state->iss_connected) { all_connected = false; break; } } if (all_connected) return (0); sleep(1); if (timeout > 0) { timeout--; if (timeout == 0) return (1); } } } static void usage(void) { fprintf(stderr, "usage: iscsictl -A -p portal -t target " "[-u user -s secret] [-w timeout] [-e on | off]\n"); fprintf(stderr, " iscsictl -A -d discovery-host " "[-u user -s secret] [-e on | off]\n"); fprintf(stderr, " iscsictl -A -a [-c path]\n"); fprintf(stderr, " iscsictl -A -n nickname [-c path]\n"); fprintf(stderr, " iscsictl -M -i session-id [-p portal] " "[-t target] [-u user] [-s secret] [-e on | off]\n"); fprintf(stderr, " iscsictl -M -i session-id -n nickname " "[-c path]\n"); fprintf(stderr, " iscsictl -R [-p portal] [-t target]\n"); fprintf(stderr, " iscsictl -R -a\n"); fprintf(stderr, " iscsictl -R -n nickname [-c path]\n"); fprintf(stderr, " iscsictl -L [-v] [-w timeout]\n"); exit(1); } int main(int argc, char **argv) { int Aflag = 0, Mflag = 0, Rflag = 0, Lflag = 0, aflag = 0, rflag = 0, vflag = 0; const char *conf_path = DEFAULT_CONFIG_PATH; char *nickname = NULL, *discovery_host = NULL, *portal = NULL, *target = NULL, *user = NULL, *secret = NULL; int timeout = -1, enable = ENABLE_UNSPECIFIED; long long session_id = -1; char *end; int ch, error, iscsi_fd, retval, saved_errno; int failed = 0; struct conf *conf; struct target *targ; argc = xo_parse_args(argc, argv); xo_open_container("iscsictl"); while ((ch = getopt(argc, argv, "AMRLac:d:e:i:n:p:rt:u:s:vw:")) != -1) { switch (ch) { case 'A': Aflag = 1; break; case 'M': Mflag = 1; break; case 'R': Rflag = 1; break; case 'L': Lflag = 1; break; case 'a': aflag = 1; break; case 'c': conf_path = optarg; break; case 'd': discovery_host = optarg; break; case 'e': enable = parse_enable(optarg); if (enable == ENABLE_UNSPECIFIED) { xo_errx(1, "invalid argument to -e, " "must be either \"on\" or \"off\""); } break; case 'i': session_id = strtol(optarg, &end, 10); if ((size_t)(end - optarg) != strlen(optarg)) xo_errx(1, "trailing characters after session-id"); if (session_id < 0) xo_errx(1, "session-id cannot be negative"); if (session_id > UINT_MAX) xo_errx(1, "session-id cannot be greater than %u", UINT_MAX); break; case 'n': nickname = optarg; break; case 'p': portal = optarg; break; case 'r': rflag = 1; break; case 't': target = optarg; break; case 'u': user = optarg; break; case 's': secret = optarg; break; case 'v': vflag = 1; break; case 'w': timeout = strtol(optarg, &end, 10); if ((size_t)(end - optarg) != strlen(optarg)) xo_errx(1, "trailing characters after timeout"); if (timeout < 0) xo_errx(1, "timeout cannot be negative"); break; case '?': default: usage(); } } argc -= optind; if (argc != 0) usage(); if (Aflag + Mflag + Rflag + Lflag == 0) Lflag = 1; if (Aflag + Mflag + Rflag + Lflag > 1) xo_errx(1, "at most one of -A, -M, -R, or -L may be specified"); /* * Note that we ignore unnecessary/inapplicable "-c" flag; so that * people can do something like "alias ISCSICTL="iscsictl -c path" * in shell scripts. */ if (Aflag != 0) { if (aflag != 0) { if (enable != ENABLE_UNSPECIFIED) xo_errx(1, "-a and -e are mutually exclusive"); if (portal != NULL) xo_errx(1, "-a and -p are mutually exclusive"); if (target != NULL) xo_errx(1, "-a and -t are mutually exclusive"); if (user != NULL) xo_errx(1, "-a and -u are mutually exclusive"); if (secret != NULL) xo_errx(1, "-a and -s are mutually exclusive"); if (nickname != NULL) xo_errx(1, "-a and -n are mutually exclusive"); if (discovery_host != NULL) xo_errx(1, "-a and -d are mutually exclusive"); if (rflag != 0) xo_errx(1, "-a and -r are mutually exclusive"); } else if (nickname != NULL) { if (enable != ENABLE_UNSPECIFIED) xo_errx(1, "-n and -e are mutually exclusive"); if (portal != NULL) xo_errx(1, "-n and -p are mutually exclusive"); if (target != NULL) xo_errx(1, "-n and -t are mutually exclusive"); if (user != NULL) xo_errx(1, "-n and -u are mutually exclusive"); if (secret != NULL) xo_errx(1, "-n and -s are mutually exclusive"); if (discovery_host != NULL) xo_errx(1, "-n and -d are mutually exclusive"); if (rflag != 0) xo_errx(1, "-n and -r are mutually exclusive"); } else if (discovery_host != NULL) { if (portal != NULL) xo_errx(1, "-d and -p are mutually exclusive"); if (target != NULL) xo_errx(1, "-d and -t are mutually exclusive"); } else { if (target == NULL && portal == NULL) xo_errx(1, "must specify -a, -n or -t/-p"); if (target != NULL && portal == NULL) xo_errx(1, "-t must always be used with -p"); if (portal != NULL && target == NULL) xo_errx(1, "-p must always be used with -t"); } if (user != NULL && secret == NULL) xo_errx(1, "-u must always be used with -s"); if (secret != NULL && user == NULL) xo_errx(1, "-s must always be used with -u"); if (session_id != -1) xo_errx(1, "-i cannot be used with -A"); if (vflag != 0) xo_errx(1, "-v cannot be used with -A"); } else if (Mflag != 0) { if (session_id == -1) xo_errx(1, "-M requires -i"); if (nickname != NULL) { if (enable != ENABLE_UNSPECIFIED) xo_errx(1, "-n and -e are mutually exclusive"); if (portal != NULL) xo_errx(1, "-n and -p are mutually exclusive"); if (target != NULL) xo_errx(1, "-n and -t are mutually exclusive"); if (user != NULL) xo_errx(1, "-n and -u are mutually exclusive"); if (secret != NULL) xo_errx(1, "-n and -s are mutually exclusive"); } if (aflag != 0) xo_errx(1, "-a cannot be used with -M"); if (discovery_host != NULL) xo_errx(1, "-d cannot be used with -M"); if (rflag != 0) xo_errx(1, "-r cannot be used with -M"); if (vflag != 0) xo_errx(1, "-v cannot be used with -M"); if (timeout != -1) xo_errx(1, "-w cannot be used with -M"); } else if (Rflag != 0) { if (aflag != 0) { if (portal != NULL) xo_errx(1, "-a and -p are mutually exclusive"); if (target != NULL) xo_errx(1, "-a and -t are mutually exclusive"); if (nickname != NULL) xo_errx(1, "-a and -n are mutually exclusive"); } else if (nickname != NULL) { if (portal != NULL) xo_errx(1, "-n and -p are mutually exclusive"); if (target != NULL) xo_errx(1, "-n and -t are mutually exclusive"); } else if (target == NULL && portal == NULL) { xo_errx(1, "must specify either -a, -n, -t, or -p"); } if (discovery_host != NULL) xo_errx(1, "-d cannot be used with -R"); if (enable != ENABLE_UNSPECIFIED) xo_errx(1, "-e cannot be used with -R"); if (session_id != -1) xo_errx(1, "-i cannot be used with -R"); if (rflag != 0) xo_errx(1, "-r cannot be used with -R"); if (user != NULL) xo_errx(1, "-u cannot be used with -R"); if (secret != NULL) xo_errx(1, "-s cannot be used with -R"); if (vflag != 0) xo_errx(1, "-v cannot be used with -R"); if (timeout != -1) xo_errx(1, "-w cannot be used with -R"); } else { assert(Lflag != 0); if (discovery_host != NULL) xo_errx(1, "-d cannot be used with -L"); if (session_id != -1) xo_errx(1, "-i cannot be used with -L"); if (nickname != NULL) xo_errx(1, "-n cannot be used with -L"); if (portal != NULL) xo_errx(1, "-p cannot be used with -L"); if (rflag != 0) xo_errx(1, "-r cannot be used with -L"); if (target != NULL) xo_errx(1, "-t cannot be used with -L"); if (user != NULL) xo_errx(1, "-u cannot be used with -L"); if (secret != NULL) xo_errx(1, "-s cannot be used with -L"); } iscsi_fd = open(ISCSI_PATH, O_RDWR); if (iscsi_fd < 0 && errno == ENOENT) { saved_errno = errno; retval = kldload("iscsi"); if (retval != -1) iscsi_fd = open(ISCSI_PATH, O_RDWR); else errno = saved_errno; } if (iscsi_fd < 0) xo_err(1, "failed to open %s", ISCSI_PATH); if (Aflag != 0 && aflag != 0) { conf = conf_new_from_file(conf_path); TAILQ_FOREACH(targ, &conf->conf_targets, t_next) failed += kernel_add(iscsi_fd, targ); } else if (nickname != NULL) { conf = conf_new_from_file(conf_path); targ = target_find(conf, nickname); if (targ == NULL) xo_errx(1, "target %s not found in %s", nickname, conf_path); if (Aflag != 0) failed += kernel_add(iscsi_fd, targ); else if (Mflag != 0) failed += kernel_modify(iscsi_fd, session_id, targ); else if (Rflag != 0) failed += kernel_remove(iscsi_fd, targ); else failed += kernel_list(iscsi_fd, targ, vflag); } else if (Mflag != 0) { kernel_modify_some(iscsi_fd, session_id, target, portal, user, secret, enable); } else { if (Aflag != 0 && target != NULL) { if (valid_iscsi_name(target) == false) xo_errx(1, "invalid target name \"%s\"", target); } conf = conf_new(); targ = target_new(conf); targ->t_initiator_name = default_initiator_name(); targ->t_header_digest = DIGEST_NONE; targ->t_data_digest = DIGEST_NONE; targ->t_name = target; if (discovery_host != NULL) { targ->t_session_type = SESSION_TYPE_DISCOVERY; targ->t_address = discovery_host; } else { targ->t_session_type = SESSION_TYPE_NORMAL; targ->t_address = portal; } targ->t_enable = enable; if (rflag != 0) targ->t_protocol = PROTOCOL_ISER; targ->t_user = user; targ->t_secret = secret; if (Aflag != 0) failed += kernel_add(iscsi_fd, targ); else if (Rflag != 0) failed += kernel_remove(iscsi_fd, targ); else failed += kernel_list(iscsi_fd, targ, vflag); } if (timeout != -1) failed += kernel_wait(iscsi_fd, timeout); error = close(iscsi_fd); if (error != 0) xo_err(1, "close"); xo_close_container("iscsictl"); xo_finish(); if (failed != 0) return (1); return (0); } Index: head/usr.bin/iscsictl/iscsictl.h =================================================================== --- head/usr.bin/iscsictl/iscsictl.h (revision 367104) +++ head/usr.bin/iscsictl/iscsictl.h (revision 367105) @@ -1,108 +1,107 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef ISCSICTL_H #define ISCSICTL_H #include #include #include #define DEFAULT_CONFIG_PATH "/etc/iscsi.conf" #define DEFAULT_IQN "iqn.1994-09.org.freebsd:" #define MAX_NAME_LEN 223 #define AUTH_METHOD_UNSPECIFIED 0 #define AUTH_METHOD_NONE 1 #define AUTH_METHOD_CHAP 2 #define DIGEST_UNSPECIFIED 0 #define DIGEST_NONE 1 #define DIGEST_CRC32C 2 #define SESSION_TYPE_UNSPECIFIED 0 #define SESSION_TYPE_NORMAL 1 #define SESSION_TYPE_DISCOVERY 2 #define PROTOCOL_UNSPECIFIED 0 #define PROTOCOL_ISCSI 1 #define PROTOCOL_ISER 2 #define ENABLE_UNSPECIFIED 0 #define ENABLE_ON 1 #define ENABLE_OFF 2 struct target { TAILQ_ENTRY(target) t_next; struct conf *t_conf; char *t_nickname; char *t_name; char *t_address; char *t_initiator_name; char *t_initiator_address; char *t_initiator_alias; int t_header_digest; int t_data_digest; int t_auth_method; int t_session_type; int t_enable; int t_protocol; int t_dscp; int t_pcp; char *t_offload; char *t_user; char *t_secret; char *t_mutual_user; char *t_mutual_secret; }; struct conf { TAILQ_HEAD(, target) conf_targets; }; struct conf *conf_new(void); struct conf *conf_new_from_file(const char *path); void conf_delete(struct conf *conf); void conf_verify(struct conf *conf); struct target *target_new(struct conf *conf); struct target *target_find(struct conf *conf, const char *nickname); void target_delete(struct target *ic); void print_periphs(int session_id); bool valid_iscsi_name(const char *name); int parse_enable(const char *enable); #endif /* !ISCSICTL_H */ Index: head/usr.bin/iscsictl/parse.y =================================================================== --- head/usr.bin/iscsictl/parse.y (revision 367104) +++ head/usr.bin/iscsictl/parse.y (revision 367105) @@ -1,434 +1,433 @@ %{ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include #include #include #include #include #include #include "iscsictl.h" #include #include extern FILE *yyin; extern char *yytext; extern int lineno; static struct conf *conf; static struct target *target; extern void yyerror(const char *); extern int yylex(void); extern void yyrestart(FILE *); %} %token AUTH_METHOD ENABLE HEADER_DIGEST DATA_DIGEST TARGET_NAME TARGET_ADDRESS %token INITIATOR_NAME INITIATOR_ADDRESS INITIATOR_ALIAS USER SECRET %token MUTUAL_USER MUTUAL_SECRET SEMICOLON SESSION_TYPE PROTOCOL OFFLOAD %token IGNORED EQUALS OPENING_BRACKET CLOSING_BRACKET DSCP %token AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 %token BE EF CS0 CS1 CS2 CS3 CS4 CS5 CS6 CS7 %union { char *str; } %token STR %% targets: | targets target ; target: STR OPENING_BRACKET target_entries CLOSING_BRACKET { if (target_find(conf, $1) != NULL) xo_errx(1, "duplicated target %s", $1); target->t_nickname = $1; target = target_new(conf); } ; target_entries: | target_entries target_entry | target_entries target_entry SEMICOLON ; target_entry: target_name | target_address | initiator_name | initiator_address | initiator_alias | user | secret | mutual_user | mutual_secret | auth_method | header_digest | data_digest | session_type | enable | offload | protocol | ignored | dscp | pcp ; target_name: TARGET_NAME EQUALS STR { if (target->t_name != NULL) xo_errx(1, "duplicated TargetName at line %d", lineno); target->t_name = $3; } ; target_address: TARGET_ADDRESS EQUALS STR { if (target->t_address != NULL) xo_errx(1, "duplicated TargetAddress at line %d", lineno); target->t_address = $3; } ; initiator_name: INITIATOR_NAME EQUALS STR { if (target->t_initiator_name != NULL) xo_errx(1, "duplicated InitiatorName at line %d", lineno); target->t_initiator_name = $3; } ; initiator_address: INITIATOR_ADDRESS EQUALS STR { if (target->t_initiator_address != NULL) xo_errx(1, "duplicated InitiatorAddress at line %d", lineno); target->t_initiator_address = $3; } ; initiator_alias: INITIATOR_ALIAS EQUALS STR { if (target->t_initiator_alias != NULL) xo_errx(1, "duplicated InitiatorAlias at line %d", lineno); target->t_initiator_alias = $3; } ; user: USER EQUALS STR { if (target->t_user != NULL) xo_errx(1, "duplicated chapIName at line %d", lineno); target->t_user = $3; } ; secret: SECRET EQUALS STR { if (target->t_secret != NULL) xo_errx(1, "duplicated chapSecret at line %d", lineno); target->t_secret = $3; } ; mutual_user: MUTUAL_USER EQUALS STR { if (target->t_mutual_user != NULL) xo_errx(1, "duplicated tgtChapName at line %d", lineno); target->t_mutual_user = $3; } ; mutual_secret: MUTUAL_SECRET EQUALS STR { if (target->t_mutual_secret != NULL) xo_errx(1, "duplicated tgtChapSecret at line %d", lineno); target->t_mutual_secret = $3; } ; auth_method: AUTH_METHOD EQUALS STR { if (target->t_auth_method != AUTH_METHOD_UNSPECIFIED) xo_errx(1, "duplicated AuthMethod at line %d", lineno); if (strcasecmp($3, "none") == 0) target->t_auth_method = AUTH_METHOD_NONE; else if (strcasecmp($3, "chap") == 0) target->t_auth_method = AUTH_METHOD_CHAP; else xo_errx(1, "invalid AuthMethod at line %d; " "must be either \"none\" or \"CHAP\"", lineno); } ; header_digest: HEADER_DIGEST EQUALS STR { if (target->t_header_digest != DIGEST_UNSPECIFIED) xo_errx(1, "duplicated HeaderDigest at line %d", lineno); if (strcasecmp($3, "none") == 0) target->t_header_digest = DIGEST_NONE; else if (strcasecmp($3, "CRC32C") == 0) target->t_header_digest = DIGEST_CRC32C; else xo_errx(1, "invalid HeaderDigest at line %d; " "must be either \"none\" or \"CRC32C\"", lineno); } ; data_digest: DATA_DIGEST EQUALS STR { if (target->t_data_digest != DIGEST_UNSPECIFIED) xo_errx(1, "duplicated DataDigest at line %d", lineno); if (strcasecmp($3, "none") == 0) target->t_data_digest = DIGEST_NONE; else if (strcasecmp($3, "CRC32C") == 0) target->t_data_digest = DIGEST_CRC32C; else xo_errx(1, "invalid DataDigest at line %d; " "must be either \"none\" or \"CRC32C\"", lineno); } ; session_type: SESSION_TYPE EQUALS STR { if (target->t_session_type != SESSION_TYPE_UNSPECIFIED) xo_errx(1, "duplicated SessionType at line %d", lineno); if (strcasecmp($3, "normal") == 0) target->t_session_type = SESSION_TYPE_NORMAL; else if (strcasecmp($3, "discovery") == 0) target->t_session_type = SESSION_TYPE_DISCOVERY; else xo_errx(1, "invalid SessionType at line %d; " "must be either \"normal\" or \"discovery\"", lineno); } ; enable: ENABLE EQUALS STR { if (target->t_enable != ENABLE_UNSPECIFIED) xo_errx(1, "duplicated enable at line %d", lineno); target->t_enable = parse_enable($3); if (target->t_enable == ENABLE_UNSPECIFIED) xo_errx(1, "invalid enable at line %d; " "must be either \"on\" or \"off\"", lineno); } ; offload: OFFLOAD EQUALS STR { if (target->t_offload != NULL) xo_errx(1, "duplicated offload at line %d", lineno); target->t_offload = $3; } ; protocol: PROTOCOL EQUALS STR { if (target->t_protocol != PROTOCOL_UNSPECIFIED) xo_errx(1, "duplicated protocol at line %d", lineno); if (strcasecmp($3, "iscsi") == 0) target->t_protocol = PROTOCOL_ISCSI; else if (strcasecmp($3, "iser") == 0) target->t_protocol = PROTOCOL_ISER; else xo_errx(1, "invalid protocol at line %d; " "must be either \"iscsi\" or \"iser\"", lineno); } ; ignored: IGNORED EQUALS STR { xo_warnx("obsolete statement ignored at line %d", lineno); } ; dscp: DSCP EQUALS STR { uint64_t tmp; if (target->t_dscp != -1) xo_errx(1, "duplicated dscp at line %d", lineno); if (strcmp($3, "0x") == 0) { tmp = strtol($3 + 2, NULL, 16); } else if (expand_number($3, &tmp) != 0) { yyerror("invalid numeric value"); free($3); return(1); } if (tmp >= 0x40) { yyerror("invalid dscp value"); return(1); } target->t_dscp = tmp; } | DSCP EQUALS BE { target->t_dscp = IPTOS_DSCP_CS0 >> 2 ; } | DSCP EQUALS EF { target->t_dscp = IPTOS_DSCP_EF >> 2 ; } | DSCP EQUALS CS0 { target->t_dscp = IPTOS_DSCP_CS0 >> 2 ; } | DSCP EQUALS CS1 { target->t_dscp = IPTOS_DSCP_CS1 >> 2 ; } | DSCP EQUALS CS2 { target->t_dscp = IPTOS_DSCP_CS2 >> 2 ; } | DSCP EQUALS CS3 { target->t_dscp = IPTOS_DSCP_CS3 >> 2 ; } | DSCP EQUALS CS4 { target->t_dscp = IPTOS_DSCP_CS4 >> 2 ; } | DSCP EQUALS CS5 { target->t_dscp = IPTOS_DSCP_CS5 >> 2 ; } | DSCP EQUALS CS6 { target->t_dscp = IPTOS_DSCP_CS6 >> 2 ; } | DSCP EQUALS CS7 { target->t_dscp = IPTOS_DSCP_CS7 >> 2 ; } | DSCP EQUALS AF11 { target->t_dscp = IPTOS_DSCP_AF11 >> 2 ; } | DSCP EQUALS AF12 { target->t_dscp = IPTOS_DSCP_AF12 >> 2 ; } | DSCP EQUALS AF13 { target->t_dscp = IPTOS_DSCP_AF13 >> 2 ; } | DSCP EQUALS AF21 { target->t_dscp = IPTOS_DSCP_AF21 >> 2 ; } | DSCP EQUALS AF22 { target->t_dscp = IPTOS_DSCP_AF22 >> 2 ; } | DSCP EQUALS AF23 { target->t_dscp = IPTOS_DSCP_AF23 >> 2 ; } | DSCP EQUALS AF31 { target->t_dscp = IPTOS_DSCP_AF31 >> 2 ; } | DSCP EQUALS AF32 { target->t_dscp = IPTOS_DSCP_AF32 >> 2 ; } | DSCP EQUALS AF33 { target->t_dscp = IPTOS_DSCP_AF33 >> 2 ; } | DSCP EQUALS AF41 { target->t_dscp = IPTOS_DSCP_AF41 >> 2 ; } | DSCP EQUALS AF42 { target->t_dscp = IPTOS_DSCP_AF42 >> 2 ; } | DSCP EQUALS AF43 { target->t_dscp = IPTOS_DSCP_AF43 >> 2 ; } ; pcp: PCP EQUALS STR { uint64_t tmp; if (target->t_pcp != -1) xo_errx(1, "duplicated pcp at line %d", lineno); if (expand_number($3, &tmp) != 0) { yyerror("invalid numeric value"); free($3); return(1); } if (!((tmp >=0) && (tmp <= 7))) { yyerror("invalid pcp value"); return(1); } target->t_pcp = tmp; } ; %% void yyerror(const char *str) { xo_errx(1, "error in configuration file at line %d near '%s': %s", lineno, yytext, str); } static void check_perms(const char *path) { struct stat sb; int error; error = stat(path, &sb); if (error != 0) { xo_warn("stat"); return; } if (sb.st_mode & S_IWOTH) { xo_warnx("%s is world-writable", path); } else if (sb.st_mode & S_IROTH) { xo_warnx("%s is world-readable", path); } else if (sb.st_mode & S_IXOTH) { /* * Ok, this one doesn't matter, but still do it, * just for consistency. */ xo_warnx("%s is world-executable", path); } /* * XXX: Should we also check for owner != 0? */ } struct conf * conf_new_from_file(const char *path) { int error; conf = conf_new(); target = target_new(conf); yyin = fopen(path, "r"); if (yyin == NULL) xo_err(1, "unable to open configuration file %s", path); check_perms(path); lineno = 1; yyrestart(yyin); error = yyparse(); assert(error == 0); fclose(yyin); assert(target->t_nickname == NULL); target_delete(target); conf_verify(conf); return (conf); } Index: head/usr.bin/iscsictl/token.l =================================================================== --- head/usr.bin/iscsictl/token.l (revision 367104) +++ head/usr.bin/iscsictl/token.l (revision 367105) @@ -1,125 +1,124 @@ %{ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include "iscsictl.h" #include "y.tab.h" int lineno; #define YY_DECL int yylex(void) extern int yylex(void); %} %option noinput %option nounput %option noyywrap %% HeaderDigest { return HEADER_DIGEST; } DataDigest { return DATA_DIGEST; } TargetName { return TARGET_NAME; } TargetAddress { return TARGET_ADDRESS; } InitiatorName { return INITIATOR_NAME; } InitiatorAddress { return INITIATOR_ADDRESS; } InitiatorAlias { return INITIATOR_ALIAS; } chapIName { return USER; } chapSecret { return SECRET; } tgtChapName { return MUTUAL_USER; } tgtChapSecret { return MUTUAL_SECRET; } AuthMethod { return AUTH_METHOD; } SessionType { return SESSION_TYPE; } enable { return ENABLE; } protocol { return PROTOCOL; } offload { return OFFLOAD; } port { return IGNORED; } dscp { return DSCP; } pcp { return PCP; } MaxConnections { return IGNORED; } TargetAlias { return IGNORED; } TargetPortalGroupTag { return IGNORED; } InitialR2T { return IGNORED; } ImmediateData { return IGNORED; } MaxRecvDataSegmentLength { return IGNORED; } MaxBurstLength { return IGNORED; } FirstBurstLength { return IGNORED; } DefaultTime2Wait { return IGNORED; } DefaultTime2Retain { return IGNORED; } MaxOutstandingR2T { return IGNORED; } DataPDUInOrder { return IGNORED; } DataSequenceInOrder { return IGNORED; } ErrorRecoveryLevel { return IGNORED; } tags { return IGNORED; } maxluns { return IGNORED; } sockbufsize { return IGNORED; } chapDigest { return IGNORED; } af11 { return AF11; } af12 { return AF12; } af13 { return AF13; } af21 { return AF21; } af22 { return AF22; } af23 { return AF23; } af31 { return AF31; } af32 { return AF32; } af33 { return AF33; } af41 { return AF41; } af42 { return AF42; } af43 { return AF43; } be { return CS0; } ef { return EF; } cs0 { return CS0; } cs1 { return CS1; } cs2 { return CS2; } cs3 { return CS3; } cs4 { return CS4; } cs5 { return CS5; } cs6 { return CS6; } cs7 { return CS7; } \"[^"]+\" { yylval.str = strndup(yytext + 1, strlen(yytext) - 2); return STR; } [a-zA-Z0-9\.\-_/\:\[\]]+ { yylval.str = strdup(yytext); return STR; } \{ { return OPENING_BRACKET; } \} { return CLOSING_BRACKET; } = { return EQUALS; } ; { return SEMICOLON; } #.*$ /* ignore comments */; \r\n { lineno++; } \n { lineno++; } [ \t]+ /* ignore whitespace */; . { yylval.str = strdup(yytext); return STR; } %% Index: head/usr.bin/rctl/rctl.8 =================================================================== --- head/usr.bin/rctl/rctl.8 (revision 367104) +++ head/usr.bin/rctl/rctl.8 (revision 367105) @@ -1,301 +1,300 @@ .\"- .\" Copyright (c) 2009 Edward Tomasz Napierala -.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE .\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd February 26, 2018 .Dt RCTL 8 .Os .Sh NAME .Nm rctl .Nd display and update resource limits database .Sh SYNOPSIS .Nm .Op Fl h .Op Fl n .Op Ar filter Ar ... .Nm .Fl a .Ar rule Ar ... .Nm .Fl l .Op Fl h .Op Fl n .Ar filter Ar ... .Nm .Fl r .Ar filter Ar ... .Nm .Fl u .Op Fl h .Ar filter Ar ... .Sh DESCRIPTION When called without options, the .Nm command writes currently defined RCTL rules to standard output. .Pp If a .Ar filter argument is specified, only rules matching the filter are displayed. The options are as follows: .Bl -tag -width indent .It Fl a Ar rule Add .Ar rule to the RCTL database. .It Fl l Ar filter Display rules applicable to the process defined by .Ar filter . Note that this is different from showing the rules when called without any options, as it shows not just the rules with subject equal to that of process, but also rules for the user, jail, and login class applicable to the process. .It Fl r Ar filter Remove rules matching .Ar filter from the RCTL database. .It Fl u Ar filter Display resource utilization for a subject .Po .Sy process , .Sy user , .Sy loginclass or .Sy jail .Pc matching the .Ar filter . .It Fl h "Human-readable" output. Use unit suffixes: Byte, Kilobyte, Megabyte, Gigabyte, Terabyte and Petabyte. .It Fl n Display user IDs numerically rather than converting them to a user name. .El .Pp Modifying rules affects all currently running and future processes matching the rule. .Sh RULE SYNTAX Syntax for a rule is subject:subject-id:resource:action=amount/per. .Pp .Bl -tag -width "subject-id" -compact -offset indent .It subject defines the kind of entity the rule applies to. It can be either .Sy process , .Sy user , .Sy loginclass , or .Sy jail . .It subject-id identifies the .Em subject . It can be a process ID, user name, numerical user ID, login class name from .Xr login.conf 5 , or jail name. .It resource identifies the resource the rule controls. See the .Sx RESOURCES section below for details. .It action defines what will happen when a process exceeds the allowed .Em amount . See the .Sx ACTIONS section below for details. .It amount defines how much of the resource a process can use before the defined .Em action triggers. Resources which limit bytes may use prefixes from .Xr expand_number 3 . .It per defines what entity the .Em amount gets accounted for. For example, rule "loginclass:users:vmemoryuse:deny=100M/process" means that each process of any user belonging to login class "users" may allocate up to 100MB of virtual memory. Rule "loginclass:users:vmemoryuse:deny=100M/user" would mean that for each user belonging to the login class "users", the sum of virtual memory allocated by all the processes of that user will not exceed 100MB. Rule "loginclass:users:vmemoryuse:deny=100M/loginclass" would mean that the sum of virtual memory allocated by all processes of all users belonging to that login class will not exceed 100MB. .El .Pp A valid rule has all those fields specified, except for .Em per , which defaults to the value of .Em subject . .Pp A filter is a rule for which one of more fields other than .Em per is left empty. For example, a filter that matches every rule could be written as ":::=/", or, in short, ":". A filter that matches all the login classes would be "loginclass:". A filter that matches all defined rules for .Sy maxproc resource would be "::maxproc". .Sh SUBJECTS .Bl -column -offset 3n "pseudoterminals" ".Sy username or numerical User ID" .It Sy process Ta numerical Process ID .It Sy user Ta user name or numerical User ID .It Sy loginclass Ta login class from .Xr login.conf 5 .It Sy jail Ta jail name .El .Sh RESOURCES .Bl -column -offset 3n "pseudoterminals" .It Sy cputime Ta "CPU time, in seconds" .It Sy datasize Ta "data size, in bytes" .It Sy stacksize Ta "stack size, in bytes" .It Sy coredumpsize Ta "core dump size, in bytes" .It Sy memoryuse Ta "resident set size, in bytes" .It Sy memorylocked Ta "locked memory, in bytes" .It Sy maxproc Ta "number of processes" .It Sy openfiles Ta "file descriptor table size" .It Sy vmemoryuse Ta "address space limit, in bytes" .It Sy pseudoterminals Ta "number of PTYs" .It Sy swapuse Ta "swap space that may be reserved or used, in bytes" .It Sy nthr Ta "number of threads" .It Sy msgqqueued Ta "number of queued SysV messages" .It Sy msgqsize Ta "SysV message queue size, in bytes" .It Sy nmsgq Ta "number of SysV message queues" .It Sy nsem Ta "number of SysV semaphores" .It Sy nsemop Ta "number of SysV semaphores modified in a single semop(2) call" .It Sy nshm Ta "number of SysV shared memory segments" .It Sy shmsize Ta "SysV shared memory size, in bytes" .It Sy wallclock Ta "wallclock time, in seconds" .It Sy pcpu Ta "%CPU, in percents of a single CPU core" .It Sy readbps Ta "filesystem reads, in bytes per second" .It Sy writebps Ta "filesystem writes, in bytes per second" .It Sy readiops Ta "filesystem reads, in operations per second" .It Sy writeiops Ta "filesystem writes, in operations per second" .El .Sh ACTIONS .Bl -column -offset 3n "pseudoterminals" .It Sy deny Ta deny the allocation; not supported for .Sy cputime , .Sy wallclock , .Sy readbps , .Sy writebps , .Sy readiops , and .Sy writeiops .It Sy log Ta "log a warning to the console" .It Sy devctl Ta "send notification to" .Xr devd 8 using .Sy system = "RCTL", .Sy subsystem = "rule", .Sy type = "matched" .It sig* e.g. .Sy sigterm ; send a signal to the offending process. See .Xr signal 3 for a list of supported signals .It Sy throttle Ta "slow down process execution"; only supported for .Sy readbps , .Sy writebps , .Sy readiops , and .Sy writeiops . .El .Pp Not all actions are supported for all resources. Attempting to add a rule with an action not supported by a given resource will result in error. .Sh EXIT STATUS .Ex -std .Sh EXAMPLES Prevent user "joe" from allocating more than 1GB of virtual memory: .Dl Nm Fl a Ar user:joe:vmemoryuse:deny=1g .Pp Remove all RCTL rules: .Dl Nm Fl r Ar \&: .Pp Display resource utilization information for jail named "www": .Dl Nm Fl hu Ar jail:www .Pp Display all the rules applicable to process with PID 512: .Dl Nm Fl l Ar process:512 .Pp Display all rules: .Dl Nm .Pp Display all rules matching user "joe": .Dl Nm Ar user:joe .Pp Display all rules matching login classes: .Dl Nm Ar loginclass: .Sh SEE ALSO .Xr cpuset 1 , .Xr rctl 4 , .Xr rctl.conf 5 .Sh HISTORY The .Nm command appeared in .Fx 9.0 . .Sh AUTHORS .An -nosplit The .Nm was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. .Sh BUGS Limiting .Sy memoryuse may kill the machine due to thrashing. .Pp The .Sy readiops and .Sy writeiops counters are only approximations. Like .Sy readbps and .Sy writebps , they are calculated in the filesystem layer, where it is difficult or even impossible to observe actual disk device operations. .Pp The .Sy writebps and .Sy writeiops resources generally account for writes to the filesystem cache, not to actual devices. Index: head/usr.bin/rctl/rctl.c =================================================================== --- head/usr.bin/rctl/rctl.c (revision 367104) +++ head/usr.bin/rctl/rctl.c (revision 367105) @@ -1,689 +1,688 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2010 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define RCTL_DEFAULT_BUFSIZE 128 * 1024 static int parse_user(const char *s, id_t *uidp, const char *unexpanded_rule) { char *end; struct passwd *pwd; pwd = getpwnam(s); if (pwd != NULL) { *uidp = pwd->pw_uid; return (0); } if (!isnumber(s[0])) { warnx("malformed rule '%s': unknown user '%s'", unexpanded_rule, s); return (1); } *uidp = strtod(s, &end); if ((size_t)(end - s) != strlen(s)) { warnx("malformed rule '%s': trailing characters " "after numerical id", unexpanded_rule); return (1); } return (0); } static int parse_group(const char *s, id_t *gidp, const char *unexpanded_rule) { char *end; struct group *grp; grp = getgrnam(s); if (grp != NULL) { *gidp = grp->gr_gid; return (0); } if (!isnumber(s[0])) { warnx("malformed rule '%s': unknown group '%s'", unexpanded_rule, s); return (1); } *gidp = strtod(s, &end); if ((size_t)(end - s) != strlen(s)) { warnx("malformed rule '%s': trailing characters " "after numerical id", unexpanded_rule); return (1); } return (0); } /* * Replace human-readable number with its expanded form. */ static char * expand_amount(const char *rule, const char *unexpanded_rule) { uint64_t num; const char *subject, *subject_id, *resource, *action, *amount, *per; char *copy, *expanded, *tofree; int ret; tofree = copy = strdup(rule); if (copy == NULL) { warn("strdup"); return (NULL); } subject = strsep(©, ":"); subject_id = strsep(©, ":"); resource = strsep(©, ":"); action = strsep(©, "=/"); amount = strsep(©, "/"); per = copy; if (amount == NULL || strlen(amount) == 0) { /* * The "copy" has already been tinkered with by strsep(). */ free(tofree); copy = strdup(rule); if (copy == NULL) { warn("strdup"); return (NULL); } return (copy); } assert(subject != NULL); assert(subject_id != NULL); assert(resource != NULL); assert(action != NULL); if (expand_number(amount, &num)) { warnx("malformed rule '%s': invalid numeric value '%s'", unexpanded_rule, amount); free(tofree); return (NULL); } if (per == NULL) { ret = asprintf(&expanded, "%s:%s:%s:%s=%ju", subject, subject_id, resource, action, (uintmax_t)num); } else { ret = asprintf(&expanded, "%s:%s:%s:%s=%ju/%s", subject, subject_id, resource, action, (uintmax_t)num, per); } if (ret <= 0) { warn("asprintf"); free(tofree); return (NULL); } free(tofree); return (expanded); } static char * expand_rule(const char *rule, bool resolve_ids) { id_t id; const char *subject, *textid, *rest; char *copy, *expanded, *resolved, *tofree; int error, ret; tofree = copy = strdup(rule); if (copy == NULL) { warn("strdup"); return (NULL); } subject = strsep(©, ":"); textid = strsep(©, ":"); if (textid == NULL) { warnx("malformed rule '%s': missing subject", rule); return (NULL); } if (copy != NULL) rest = copy; else rest = ""; if (strcasecmp(subject, "u") == 0) subject = "user"; else if (strcasecmp(subject, "g") == 0) subject = "group"; else if (strcasecmp(subject, "p") == 0) subject = "process"; else if (strcasecmp(subject, "l") == 0 || strcasecmp(subject, "c") == 0 || strcasecmp(subject, "class") == 0) subject = "loginclass"; else if (strcasecmp(subject, "j") == 0) subject = "jail"; if (resolve_ids && strcasecmp(subject, "user") == 0 && strlen(textid) > 0) { error = parse_user(textid, &id, rule); if (error != 0) { free(tofree); return (NULL); } ret = asprintf(&resolved, "%s:%d:%s", subject, (int)id, rest); } else if (resolve_ids && strcasecmp(subject, "group") == 0 && strlen(textid) > 0) { error = parse_group(textid, &id, rule); if (error != 0) { free(tofree); return (NULL); } ret = asprintf(&resolved, "%s:%d:%s", subject, (int)id, rest); } else { ret = asprintf(&resolved, "%s:%s:%s", subject, textid, rest); } if (ret <= 0) { warn("asprintf"); free(tofree); return (NULL); } free(tofree); expanded = expand_amount(resolved, rule); free(resolved); return (expanded); } static char * humanize_ids(char *rule) { id_t id; struct passwd *pwd; struct group *grp; const char *subject, *textid, *rest; char *end, *humanized; int ret; subject = strsep(&rule, ":"); textid = strsep(&rule, ":"); if (textid == NULL) errx(1, "rule passed from the kernel didn't contain subject"); if (rule != NULL) rest = rule; else rest = ""; /* Replace numerical user and group ids with names. */ if (strcasecmp(subject, "user") == 0) { id = strtod(textid, &end); if ((size_t)(end - textid) != strlen(textid)) errx(1, "malformed uid '%s'", textid); pwd = getpwuid(id); if (pwd != NULL) textid = pwd->pw_name; } else if (strcasecmp(subject, "group") == 0) { id = strtod(textid, &end); if ((size_t)(end - textid) != strlen(textid)) errx(1, "malformed gid '%s'", textid); grp = getgrgid(id); if (grp != NULL) textid = grp->gr_name; } ret = asprintf(&humanized, "%s:%s:%s", subject, textid, rest); if (ret <= 0) err(1, "asprintf"); return (humanized); } static int str2int64(const char *str, int64_t *value) { char *end; if (str == NULL) return (EINVAL); *value = strtoul(str, &end, 10); if ((size_t)(end - str) != strlen(str)) return (EINVAL); return (0); } static char * humanize_amount(char *rule) { int64_t num; const char *subject, *subject_id, *resource, *action, *amount, *per; char *copy, *humanized, buf[6], *tofree; int ret; tofree = copy = strdup(rule); if (copy == NULL) err(1, "strdup"); subject = strsep(©, ":"); subject_id = strsep(©, ":"); resource = strsep(©, ":"); action = strsep(©, "=/"); amount = strsep(©, "/"); per = copy; if (amount == NULL || strlen(amount) == 0 || str2int64(amount, &num) != 0) { free(tofree); return (rule); } assert(subject != NULL); assert(subject_id != NULL); assert(resource != NULL); assert(action != NULL); if (humanize_number(buf, sizeof(buf), num, "", HN_AUTOSCALE, HN_DECIMAL | HN_NOSPACE) == -1) err(1, "humanize_number"); if (per == NULL) { ret = asprintf(&humanized, "%s:%s:%s:%s=%s", subject, subject_id, resource, action, buf); } else { ret = asprintf(&humanized, "%s:%s:%s:%s=%s/%s", subject, subject_id, resource, action, buf, per); } if (ret <= 0) err(1, "asprintf"); free(tofree); return (humanized); } /* * Print rules, one per line. */ static void print_rules(char *rules, int hflag, int nflag) { char *rule; while ((rule = strsep(&rules, ",")) != NULL) { if (rule[0] == '\0') break; /* XXX */ if (nflag == 0) rule = humanize_ids(rule); if (hflag) rule = humanize_amount(rule); printf("%s\n", rule); } } static void enosys(void) { size_t racct_enable_len; int error; bool racct_enable; racct_enable_len = sizeof(racct_enable); error = sysctlbyname("kern.racct.enable", &racct_enable, &racct_enable_len, NULL, 0); if (error != 0) { if (errno == ENOENT) errx(1, "RACCT/RCTL support not present in kernel; see rctl(8) for details"); err(1, "sysctlbyname"); } if (!racct_enable) errx(1, "RACCT/RCTL present, but disabled; enable using kern.racct.enable=1 tunable"); } static int add_rule(const char *rule, const char *unexpanded_rule) { int error; error = rctl_add_rule(rule, strlen(rule) + 1, NULL, 0); if (error != 0) { if (errno == ENOSYS) enosys(); warn("failed to add rule '%s'", unexpanded_rule); } return (error); } static int show_limits(const char *filter, const char *unexpanded_rule, int hflag, int nflag) { int error; char *outbuf = NULL; size_t outbuflen = RCTL_DEFAULT_BUFSIZE / 4; for (;;) { outbuflen *= 4; outbuf = realloc(outbuf, outbuflen); if (outbuf == NULL) err(1, "realloc"); error = rctl_get_limits(filter, strlen(filter) + 1, outbuf, outbuflen); if (error == 0) break; if (errno == ERANGE) continue; if (errno == ENOSYS) enosys(); warn("failed to get limits for '%s'", unexpanded_rule); free(outbuf); return (error); } print_rules(outbuf, hflag, nflag); free(outbuf); return (error); } static int remove_rule(const char *filter, const char *unexpanded_rule) { int error; error = rctl_remove_rule(filter, strlen(filter) + 1, NULL, 0); if (error != 0) { if (errno == ENOSYS) enosys(); warn("failed to remove rule '%s'", unexpanded_rule); } return (error); } static char * humanize_usage_amount(char *usage) { int64_t num; const char *resource, *amount; char *copy, *humanized, buf[6], *tofree; int ret; tofree = copy = strdup(usage); if (copy == NULL) err(1, "strdup"); resource = strsep(©, "="); amount = copy; assert(resource != NULL); assert(amount != NULL); if (str2int64(amount, &num) != 0 || humanize_number(buf, sizeof(buf), num, "", HN_AUTOSCALE, HN_DECIMAL | HN_NOSPACE) == -1) { free(tofree); return (usage); } ret = asprintf(&humanized, "%s=%s", resource, buf); if (ret <= 0) err(1, "asprintf"); free(tofree); return (humanized); } /* * Query the kernel about a resource usage and print it out. */ static int show_usage(const char *filter, const char *unexpanded_rule, int hflag) { int error; char *copy, *outbuf = NULL, *tmp; size_t outbuflen = RCTL_DEFAULT_BUFSIZE / 4; for (;;) { outbuflen *= 4; outbuf = realloc(outbuf, outbuflen); if (outbuf == NULL) err(1, "realloc"); error = rctl_get_racct(filter, strlen(filter) + 1, outbuf, outbuflen); if (error == 0) break; if (errno == ERANGE) continue; if (errno == ENOSYS) enosys(); warn("failed to show resource consumption for '%s'", unexpanded_rule); free(outbuf); return (error); } copy = outbuf; while ((tmp = strsep(©, ",")) != NULL) { if (tmp[0] == '\0') break; /* XXX */ if (hflag) tmp = humanize_usage_amount(tmp); printf("%s\n", tmp); } free(outbuf); return (error); } /* * Query the kernel about resource limit rules and print them out. */ static int show_rules(const char *filter, const char *unexpanded_rule, int hflag, int nflag) { int error; char *outbuf = NULL; size_t filterlen, outbuflen = RCTL_DEFAULT_BUFSIZE / 4; if (filter != NULL) filterlen = strlen(filter) + 1; else filterlen = 0; for (;;) { outbuflen *= 4; outbuf = realloc(outbuf, outbuflen); if (outbuf == NULL) err(1, "realloc"); error = rctl_get_rules(filter, filterlen, outbuf, outbuflen); if (error == 0) break; if (errno == ERANGE) continue; if (errno == ENOSYS) enosys(); warn("failed to show rules for '%s'", unexpanded_rule); free(outbuf); return (error); } print_rules(outbuf, hflag, nflag); free(outbuf); return (error); } static void usage(void) { fprintf(stderr, "usage: rctl [ -h ] [-a rule | -l filter | -r filter " "| -u filter | filter]\n"); exit(1); } int main(int argc, char **argv) { int ch, aflag = 0, hflag = 0, nflag = 0, lflag = 0, rflag = 0, uflag = 0; char *rule = NULL, *unexpanded_rule; int i, cumulated_error, error; while ((ch = getopt(argc, argv, "ahlnru")) != -1) { switch (ch) { case 'a': aflag = 1; break; case 'h': hflag = 1; break; case 'l': lflag = 1; break; case 'n': nflag = 1; break; case 'r': rflag = 1; break; case 'u': uflag = 1; break; case '?': default: usage(); } } argc -= optind; argv += optind; if (aflag + lflag + rflag + uflag > 1) errx(1, "at most one of -a, -l, -r, or -u may be specified"); if (argc == 0) { if (aflag + lflag + rflag + uflag == 0) { rule = strdup("::"); show_rules(rule, rule, hflag, nflag); return (0); } usage(); } cumulated_error = 0; for (i = 0; i < argc; i++) { unexpanded_rule = argv[i]; /* * Skip resolving if passed -n _and_ -a. Ignore -n otherwise, * so we can still do "rctl -n u:root" and see the rules without * resolving the UID. */ if (aflag != 0 && nflag != 0) rule = expand_rule(unexpanded_rule, false); else rule = expand_rule(unexpanded_rule, true); if (rule == NULL) { cumulated_error++; continue; } /* * The reason for passing the unexpanded_rule is to make * it easier for the user to search for the problematic * rule in the passed input. */ if (aflag) { error = add_rule(rule, unexpanded_rule); } else if (lflag) { error = show_limits(rule, unexpanded_rule, hflag, nflag); } else if (rflag) { error = remove_rule(rule, unexpanded_rule); } else if (uflag) { error = show_usage(rule, unexpanded_rule, hflag); } else { error = show_rules(rule, unexpanded_rule, hflag, nflag); } if (error != 0) cumulated_error++; free(rule); } return (cumulated_error); } Index: head/usr.sbin/autofs/auto_master.5 =================================================================== --- head/usr.sbin/autofs/auto_master.5 (revision 367104) +++ head/usr.sbin/autofs/auto_master.5 (revision 367105) @@ -1,376 +1,375 @@ .\" Copyright (c) 2014 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd December 28, 2018 .Dt AUTO_MASTER 5 .Os .Sh NAME .Nm auto_master .Nd auto_master and map file format .Sh DESCRIPTION The automounter configuration consists of the .Nm configuration file, which assigns filesystem paths to map names, and maps, which contain actual mount information. The .Nm configuration file is used by the .Xr automount 8 command. Map files are read by the .Xr automountd 8 daemon. .Sh AUTO_MASTER SYNTAX The .Nm file consists of lines with two or three entries separated by whitespace and terminated by newline character: .Bd -literal -offset indent .Pa mountpoint Pa map_name Op Ar -options .Ed .Pp .Pa mountpoint is either a fully specified path, or .Li /- . When .Pa mountpoint is a full path, .Pa map_name must reference an indirect map. Otherwise, .Pa map_name must reference a direct map. See .Sx "MAP SYNTAX" below. .Pp .Pa map_name specifies map to use. If .Pa map_name begins with .Li - , it specifies a special map. See .Sx "MAP SYNTAX" below. If .Pa map_name is not a fully specified path .Pq it does not start with Li / , .Xr automountd 8 will search for that name in .Li /etc . Otherwise it will use the path as given. If the file indicated by .Pa map_name is executable, .Xr automountd 8 will assume it is an executable map. See .Sx "MAP SYNTAX" below. Otherwise, the file is opened and the contents parsed. .Pp .Pa -options is an optional field that starts with .Li - and can contain generic filesystem mount options. .Pp The following example specifies that the /etc/auto_example indirect map will be mounted on /example. .Bd -literal -offset indent /example auto_example .Ed .Sh MAP SYNTAX Map files consist of lines with a number of entries separated by whitespace and terminated by newline character: .Bd -literal -offset indent .Pa key Oo Ar -options Oc Oo Ar mountpoint Oo -options Oc Oc Ar location Op ... .Ed .Pp In most cases, it can be simplified to: .Bd -literal -offset indent .Pa key Oo Ar -options Oc Ar location .Ed .Pp .Pa key is the path component used by .Xr automountd 8 to find the right map entry to use. It is also used to form the final mountpoint. A wildcard .Pq Ql * can be used for the key. It matches every directory that does not match other keys. Those directories will not be visible to the user until accessed. .Pp The .Ar options field, if present, must begin with .Li - . When mounting the filesystem, options supplied to .Nm and options specified in the map entry are concatenated together. The special option .Li fstype is used to specify filesystem type. It is not passed to the mount program as an option. Instead, it is passed as an argument to .Cm "mount -t". The default .Li fstype is .Ql nfs . The special option .Li nobrowse is used to disable creation of top-level directories for special and executable maps. .Pp The optional .Pa mountpoint field is used to specify multiple mount points for a single key. .Pp The .Ar location field specifies the filesystem to be mounted. Ampersands .Pq Ql & in the .Ar location field are replaced with the value of .Ar key . This is typically used with wildcards, like: .Bd -literal -offset indent .Li * 192.168.1.1:/share/& .Ed .Pp The .Ar location field may contain references to variables, like: .Bd -literal -offset indent .Li sys 192.168.1.1:/sys/${OSNAME} .Ed .Pp Defined variables are: .Pp .Bl -tag -width "-OSNAME" -compact .It Li ARCH Expands to the output of .Li "uname -p" . .It Li CPU Same as ARCH. .It Li DOLLAR A literal $ sign. .It Li HOST Expands to the output of .Li "uname -n" . .It Li OSNAME Expands to the output of .Li "uname -s" . .It Li OSREL Expands to the output of .Li "uname -r" . .It Li OSVERS Expands to the output of .Li "uname -v" . .El .Pp Additional variables can be defined with the .Fl D option of .Xr automount 8 and .Xr automountd 8 . .Pp To pass a location that begins with .Li / , prefix it with a colon. For example, .Li :/dev/cd0 . .Pp This example, when put into .Pa /etc/auto_example , and with .Nm referring to the map as described above, specifies that the NFS share .Li 192.168.1.1:/share/example/x will be mounted on .Pa /example/x/ when any process attempts to access that mountpoint, with .Li intr and .Li nfsv4 mount options, described in .Xr mount_nfs 8 : .Bd -literal -offset indent .Li x -intr,nfsv4 192.168.1.1:/share/example/x .Ed .Pp Automatically mount an SMB share on access, as a guest user, without prompting for a password: .Bd -literal -offset indent .Li share -fstype=smbfs,-N ://@server/share .Ed .Pp Automatically mount the CD drive on access: .Bd -literal -offset indent .Li cd -fstype=cd9660 :/dev/cd0 .Ed .Sh SPECIAL MAPS Special maps have names beginning with .Li - . Supported special maps are: .Pp .Bl -tag -width "-hosts" -compact .It Li -hosts Query the remote NFS server and map exported shares. This map is traditionally mounted on .Pa /net . Access to files on a remote NFS server is provided through the .Pf /net/ Ar nfs-server-ip Ns / Ns Ar share-name Ns / directory without any additional configuration. Directories for individual NFS servers are not present until the first access, when they are automatically created. .It Li -media Query devices that are not yet mounted, but contain valid filesystems. Generally used to access files on removable media. .It Li -noauto Mount filesystems configured in .Xr fstab 5 as "noauto". This needs to be set up as a direct map. .It Li -null Prevent .Xr automountd 8 from mounting anything on the mountpoint. .El .Pp It is possible to add custom special maps by adding them, as executable maps named .Pa special_foo , to the .Pa /etc/autofs/ directory. .Sh EXECUTABLE MAPS If the map file specified in .Nm has the execute bit set, .Xr automountd 8 will execute it and parse the standard output instead of parsing the file contents. When called without command line arguments, the executable is expected to output a list of available map keys separated by newline characters. Otherwise, the executable will be called with a key name as a command line argument. Output from the executable is expected to be the entry for that key, not including the key itself. .Sh INDIRECT VERSUS DIRECT MAPS Indirect maps are referred to in .Nm by entries with a fully qualified path as a mount point, and must contain only relative paths as keys. Direct maps are referred to in .Nm by entries with .Li /- as the mountpoint, and must contain only fully qualified paths as keys. For indirect maps, the final mount point is determined by concatenating the .Nm mountpoint with the map entry key and optional map entry mountpoint. For direct maps, the final mount point is determined by concatenating the map entry key with the optional map entry mountpoint. .Pp The example above could be rewritten using direct map, by placing this in .Nm : .Bd -literal -offset indent .Li /- auto_example .Ed .Pp and this in .Li /etc/auto_example map file: .Bd -literal -offset indent .Li /example/x -intr,nfsv4 192.168.1.1:/share/example/x .Li /example/share -fstype=smbfs,-N ://@server/share .Li /example/cd -fstype=cd9660 :/dev/cd0 .Ed .Sh DIRECTORY SERVICES Both .Nm and maps may contain entries consisting of a plus sign and map name: .Bd -literal -offset indent .Li +auto_master .Ed .Pp Those entries cause .Xr automountd 8 daemon to retrieve the named map from directory services (like LDAP) and include it where the entry was. .Pp If the file containing the map referenced in .Nm is not found, the map will be retrieved from directory services instead. .Pp To retrieve entries from directory services, .Xr automountd 8 daemon runs .Pa /etc/autofs/include , which is usually a shell script, with map name as the only command line parameter. The script should output entries formatted according to .Nm or automounter map syntax to standard output. An example script to use LDAP is included in .Pa /etc/autofs/include_ldap . It can be symlinked to .Pa /etc/autofs/include . .Sh FILES .Bl -tag -width ".Pa /etc/auto_master" -compact .It Pa /etc/auto_master The default location of the .Pa auto_master file. .It Pa /etc/autofs/ Directory containing shell scripts to implement special maps and directory services. .El .Sh SEE ALSO .Xr autofs 5 , .Xr automount 8 , .Xr automountd 8 , .Xr autounmountd 8 .Sh AUTHORS The .Nm configuration file functionality was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/usr.sbin/autofs/automount.8 =================================================================== --- head/usr.sbin/autofs/automount.8 (revision 367104) +++ head/usr.sbin/autofs/automount.8 (revision 367105) @@ -1,111 +1,110 @@ .\" Copyright (c) 2014 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd November 22, 2014 .Dt AUTOMOUNT 8 .Os .Sh NAME .Nm automount .Nd update autofs mounts .Sh SYNOPSIS .Nm .Op Fl D Ar name=value .Op Fl L .Op Fl c .Op Fl f .Op Fl o Ar options .Op Fl v .Op Fl u .Sh DESCRIPTION When called without options, the .Nm command parses the .Xr auto_master 5 configuration file and any direct maps that it references, and mounts or unmounts .Xr autofs 5 filesystems to match. These options are available: .Bl -tag -width ".Fl v" .It Fl D Define a variable. It is only useful with .Fl L . .It Fl L Do not mount or unmount anything. Instead parse .Xr auto_master 5 and any direct maps, then print them to standard output. When specified more than once, all the maps, including indirect ones, will be parsed and shown. This is useful when debugging configuration problems. .It Fl c Flush caches, discarding possibly stale information obtained from maps and directory services. .It Fl f Force unmount, to be used with .Fl u . .It Fl o Specify mount options to be used along with the ones specified in the maps. It is only useful with .Fl L . .It Fl u Try to unmount filesystems mounted by .Xr automountd 8 . .Xr autofs 5 mounts are not unmounted. To unmount all .Xr autofs mounts, use .Cm "umount -At autofs". .It Fl v Increase verbosity. .El .Sh EXIT STATUS .Ex -std .Sh EXAMPLES Unmount all filesystems mounted by .Xr automountd 8 : .Dl Nm Fl u .Sh SEE ALSO .Xr auto_master 5 , .Xr autofs 5 , .Xr automountd 8 , .Xr autounmountd 8 .Sh HISTORY The .Nm command appeared in .Fx 10.1 . .Sh AUTHORS The .Nm was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/usr.sbin/autofs/automount.c =================================================================== --- head/usr.sbin/autofs/automount.c (revision 367104) +++ head/usr.sbin/autofs/automount.c (revision 367105) @@ -1,397 +1,396 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "common.h" #include "mntopts.h" static int unmount_by_statfs(const struct statfs *sb, bool force) { char *fsid_str; int error, ret, flags; ret = asprintf(&fsid_str, "FSID:%d:%d", sb->f_fsid.val[0], sb->f_fsid.val[1]); if (ret < 0) log_err(1, "asprintf"); log_debugx("unmounting %s using %s", sb->f_mntonname, fsid_str); flags = MNT_BYFSID; if (force) flags |= MNT_FORCE; error = unmount(fsid_str, flags); free(fsid_str); if (error != 0) log_warn("cannot unmount %s", sb->f_mntonname); return (error); } static const struct statfs * find_statfs(const struct statfs *mntbuf, int nitems, const char *mountpoint) { int i; for (i = 0; i < nitems; i++) { if (strcmp(mntbuf[i].f_mntonname, mountpoint) == 0) return (mntbuf + i); } return (NULL); } static void mount_autofs(const char *from, const char *fspath, const char *options, const char *prefix) { struct iovec *iov = NULL; char errmsg[255]; int error, iovlen = 0; create_directory(fspath); log_debugx("mounting %s on %s, prefix \"%s\", options \"%s\"", from, fspath, prefix, options); memset(errmsg, 0, sizeof(errmsg)); build_iovec(&iov, &iovlen, "fstype", __DECONST(void *, "autofs"), (size_t)-1); build_iovec(&iov, &iovlen, "fspath", __DECONST(void *, fspath), (size_t)-1); build_iovec(&iov, &iovlen, "from", __DECONST(void *, from), (size_t)-1); build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); /* * Append the options and mountpoint defined in auto_master(5); * this way automountd(8) does not need to parse it. */ build_iovec(&iov, &iovlen, "master_options", __DECONST(void *, options), (size_t)-1); build_iovec(&iov, &iovlen, "master_prefix", __DECONST(void *, prefix), (size_t)-1); error = nmount(iov, iovlen, 0); if (error != 0) { if (*errmsg != '\0') { log_err(1, "cannot mount %s on %s: %s", from, fspath, errmsg); } else { log_err(1, "cannot mount %s on %s", from, fspath); } } } static void mount_if_not_already(const struct node *n, const char *map, const char *options, const char *prefix, const struct statfs *mntbuf, int nitems) { const struct statfs *sb; char *mountpoint; char *from; int ret; ret = asprintf(&from, "map %s", map); if (ret < 0) log_err(1, "asprintf"); mountpoint = node_path(n); sb = find_statfs(mntbuf, nitems, mountpoint); if (sb != NULL) { if (strcmp(sb->f_fstypename, "autofs") != 0) { log_debugx("unknown filesystem mounted " "on %s; mounting", mountpoint); /* * XXX: Compare options and 'from', * and update the mount if necessary. */ } else { log_debugx("autofs already mounted " "on %s", mountpoint); free(from); free(mountpoint); return; } } else { log_debugx("nothing mounted on %s; mounting", mountpoint); } mount_autofs(from, mountpoint, options, prefix); free(from); free(mountpoint); } static void mount_unmount(struct node *root) { struct statfs *mntbuf; struct node *n, *n2; int i, nitems; nitems = getmntinfo(&mntbuf, MNT_WAIT); if (nitems <= 0) log_err(1, "getmntinfo"); log_debugx("unmounting stale autofs mounts"); for (i = 0; i < nitems; i++) { if (strcmp(mntbuf[i].f_fstypename, "autofs") != 0) { log_debugx("skipping %s, filesystem type is not autofs", mntbuf[i].f_mntonname); continue; } n = node_find(root, mntbuf[i].f_mntonname); if (n != NULL) { log_debugx("leaving autofs mounted on %s", mntbuf[i].f_mntonname); continue; } log_debugx("autofs mounted on %s not found " "in new configuration; unmounting", mntbuf[i].f_mntonname); unmount_by_statfs(&(mntbuf[i]), false); } log_debugx("mounting new autofs mounts"); TAILQ_FOREACH(n, &root->n_children, n_next) { if (!node_is_direct_map(n)) { mount_if_not_already(n, n->n_map, n->n_options, n->n_key, mntbuf, nitems); continue; } TAILQ_FOREACH(n2, &n->n_children, n_next) { mount_if_not_already(n2, n->n_map, n->n_options, "/", mntbuf, nitems); } } } static void flush_autofs(const char *fspath) { struct iovec *iov = NULL; char errmsg[255]; int error, iovlen = 0; log_debugx("flushing %s", fspath); memset(errmsg, 0, sizeof(errmsg)); build_iovec(&iov, &iovlen, "fstype", __DECONST(void *, "autofs"), (size_t)-1); build_iovec(&iov, &iovlen, "fspath", __DECONST(void *, fspath), (size_t)-1); build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); error = nmount(iov, iovlen, MNT_UPDATE); if (error != 0) { if (*errmsg != '\0') { log_err(1, "cannot flush %s: %s", fspath, errmsg); } else { log_err(1, "cannot flush %s", fspath); } } } static void flush_caches(void) { struct statfs *mntbuf; int i, nitems; nitems = getmntinfo(&mntbuf, MNT_WAIT); if (nitems <= 0) log_err(1, "getmntinfo"); log_debugx("flushing autofs caches"); for (i = 0; i < nitems; i++) { if (strcmp(mntbuf[i].f_fstypename, "autofs") != 0) { log_debugx("skipping %s, filesystem type is not autofs", mntbuf[i].f_mntonname); continue; } flush_autofs(mntbuf[i].f_mntonname); } } static void unmount_automounted(bool force) { struct statfs *mntbuf; int i, nitems; nitems = getmntinfo(&mntbuf, MNT_WAIT); if (nitems <= 0) log_err(1, "getmntinfo"); log_debugx("unmounting automounted filesystems"); for (i = 0; i < nitems; i++) { if (strcmp(mntbuf[i].f_fstypename, "autofs") == 0) { log_debugx("skipping %s, filesystem type is autofs", mntbuf[i].f_mntonname); continue; } if ((mntbuf[i].f_flags & MNT_AUTOMOUNTED) == 0) { log_debugx("skipping %s, not automounted", mntbuf[i].f_mntonname); continue; } unmount_by_statfs(&(mntbuf[i]), force); } } static void usage_automount(void) { fprintf(stderr, "usage: automount [-D name=value][-o opts][-Lcfuv]\n"); exit(1); } int main_automount(int argc, char **argv) { struct node *root; int ch, debug = 0, show_maps = 0; char *options = NULL; bool do_unmount = false, force_unmount = false, flush = false; /* * Note that in automount(8), the only purpose of variable * handling is to aid in debugging maps (automount -L). */ defined_init(); while ((ch = getopt(argc, argv, "D:Lfco:uv")) != -1) { switch (ch) { case 'D': defined_parse_and_add(optarg); break; case 'L': show_maps++; break; case 'c': flush = true; break; case 'f': force_unmount = true; break; case 'o': options = concat(options, ',', optarg); break; case 'u': do_unmount = true; break; case 'v': debug++; break; case '?': default: usage_automount(); } } argc -= optind; if (argc != 0) usage_automount(); if (force_unmount && !do_unmount) usage_automount(); log_init(debug); if (flush) { flush_caches(); return (0); } if (do_unmount) { unmount_automounted(force_unmount); return (0); } root = node_new_root(); parse_master(root, AUTO_MASTER_PATH); if (show_maps) { if (show_maps > 1) { node_expand_indirect_maps(root); node_expand_ampersand(root, NULL); } node_expand_defined(root); node_print(root, options); return (0); } mount_unmount(root); return (0); } Index: head/usr.sbin/autofs/automountd.8 =================================================================== --- head/usr.sbin/autofs/automountd.8 (revision 367104) +++ head/usr.sbin/autofs/automountd.8 (revision 367105) @@ -1,103 +1,102 @@ .\" Copyright (c) 2014 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd March 10, 2015 .Dt AUTOMOUNTD 8 .Os .Sh NAME .Nm automountd .Nd daemon handling autofs mount requests .Sh SYNOPSIS .Nm .Op Fl D Ar name=value .Op Fl i .Op Fl m Ar maxproc .Op Fl o Ar options .Op Fl d .Op Fl v .Sh DESCRIPTION The .Nm daemon is responsible for handling .Xr autofs 5 mount requests, parsing maps, and mounting filesystems they specify. On startup, .Nm forks into background and waits for kernel requests. When a request is received, .Nm forks a child process. The child process parses the appropriate map and mounts filesystems accordingly. Then it signals the kernel to release blocked processes that were waiting for the mount. .Bl -tag -width ".Fl v" .It Fl D Define a variable. .It Fl i For indirect mounts, only create subdirectories if there are no wildcard entries. Without .Fl i , .Nm creates all the subdirectories it can. Users may not realize that the wildcard map entry makes it possible to access directories that have not yet been created. .It Fl m Ar maxproc Limit the number of forked .Nm processes, and thus the number of mount requests being handled in parallel. The default is 30. .It Fl d Debug mode: increase verbosity and do not daemonize. .It Fl o Ar options Specify mount options. Options specified here will be overridden by options entered in maps or .Xr auto_master 5 . .It Fl v Increase verbosity. .El .Sh EXIT STATUS .Ex -std .Sh SEE ALSO .Xr auto_master 5 , .Xr autofs 5 , .Xr automount 8 , .Xr autounmountd 8 .Sh HISTORY The .Nm daemon appeared in .Fx 10.1 . .Sh AUTHORS The .Nm was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/usr.sbin/autofs/automountd.c =================================================================== --- head/usr.sbin/autofs/automountd.c (revision 367104) +++ head/usr.sbin/autofs/automountd.c (revision 367105) @@ -1,570 +1,569 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "autofs_ioctl.h" #include "common.h" #define AUTOMOUNTD_PIDFILE "/var/run/automountd.pid" static int nchildren = 0; static int autofs_fd; static int request_id; static void done(int request_error, bool wildcards) { struct autofs_daemon_done add; int error; memset(&add, 0, sizeof(add)); add.add_id = request_id; add.add_wildcards = wildcards; add.add_error = request_error; log_debugx("completing request %d with error %d", request_id, request_error); error = ioctl(autofs_fd, AUTOFSDONE, &add); if (error != 0) log_warn("AUTOFSDONE"); } /* * Remove "fstype=whatever" from optionsp and return the "whatever" part. */ static char * pick_option(const char *option, char **optionsp) { char *tofree, *pair, *newoptions; char *picked = NULL; bool first = true; tofree = *optionsp; newoptions = calloc(1, strlen(*optionsp) + 1); if (newoptions == NULL) log_err(1, "calloc"); while ((pair = strsep(optionsp, ",")) != NULL) { /* * XXX: strncasecmp(3) perhaps? */ if (strncmp(pair, option, strlen(option)) == 0) { picked = checked_strdup(pair + strlen(option)); } else { if (first == false) strcat(newoptions, ","); else first = false; strcat(newoptions, pair); } } free(tofree); *optionsp = newoptions; return (picked); } static void create_subtree(const struct node *node, bool incomplete) { const struct node *child; char *path; bool wildcard_found = false; /* * Skip wildcard nodes. */ if (strcmp(node->n_key, "*") == 0) return; path = node_path(node); log_debugx("creating subtree at %s", path); create_directory(path); if (incomplete) { TAILQ_FOREACH(child, &node->n_children, n_next) { if (strcmp(child->n_key, "*") == 0) { wildcard_found = true; break; } } if (wildcard_found) { log_debugx("node %s contains wildcard entry; " "not creating its subdirectories due to -d flag", path); free(path); return; } } free(path); TAILQ_FOREACH(child, &node->n_children, n_next) create_subtree(child, incomplete); } static void exit_callback(void) { done(EIO, true); } static void handle_request(const struct autofs_daemon_request *adr, char *cmdline_options, bool incomplete_hierarchy) { const char *map; struct node *root, *parent, *node; FILE *f; char *key, *options, *fstype, *nobrowse, *retrycnt, *tmp; int error; bool wildcards; log_debugx("got request %d: from %s, path %s, prefix \"%s\", " "key \"%s\", options \"%s\"", adr->adr_id, adr->adr_from, adr->adr_path, adr->adr_prefix, adr->adr_key, adr->adr_options); /* * Try to notify the kernel about any problems. */ request_id = adr->adr_id; atexit(exit_callback); if (strncmp(adr->adr_from, "map ", 4) != 0) { log_errx(1, "invalid mountfrom \"%s\"; failing request", adr->adr_from); } map = adr->adr_from + 4; /* 4 for strlen("map "); */ root = node_new_root(); if (adr->adr_prefix[0] == '\0' || strcmp(adr->adr_prefix, "/") == 0) { /* * Direct map. autofs(4) doesn't have a way to determine * correct map key, but since it's a direct map, we can just * use adr_path instead. */ parent = root; key = checked_strdup(adr->adr_path); } else { /* * Indirect map. */ parent = node_new_map(root, checked_strdup(adr->adr_prefix), NULL, checked_strdup(map), checked_strdup("[kernel request]"), lineno); if (adr->adr_key[0] == '\0') key = NULL; else key = checked_strdup(adr->adr_key); } /* * "Wildcards" here actually means "make autofs(4) request * automountd(8) action if the node being looked up does not * exist, even though the parent is marked as cached". This * needs to be done for maps with wildcard entries, but also * for special and executable maps. */ parse_map(parent, map, key, &wildcards); if (!wildcards) wildcards = node_has_wildcards(parent); if (wildcards) log_debugx("map may contain wildcard entries"); else log_debugx("map does not contain wildcard entries"); if (key != NULL) node_expand_wildcard(root, key); node = node_find(root, adr->adr_path); if (node == NULL) { log_errx(1, "map %s does not contain key for \"%s\"; " "failing mount", map, adr->adr_path); } options = node_options(node); /* * Append options from auto_master. */ options = concat(options, ',', adr->adr_options); /* * Prepend options passed via automountd(8) command line. */ options = concat(cmdline_options, ',', options); if (node->n_location == NULL) { log_debugx("found node defined at %s:%d; not a mountpoint", node->n_config_file, node->n_config_line); nobrowse = pick_option("nobrowse", &options); if (nobrowse != NULL && key == NULL) { log_debugx("skipping map %s due to \"nobrowse\" " "option; exiting", map); done(0, true); /* * Exit without calling exit_callback(). */ quick_exit(0); } /* * Not a mountpoint; create directories in the autofs mount * and complete the request. */ create_subtree(node, incomplete_hierarchy); if (incomplete_hierarchy && key != NULL) { /* * We still need to create the single subdirectory * user is trying to access. */ tmp = concat(adr->adr_path, '/', key); node = node_find(root, tmp); if (node != NULL) create_subtree(node, false); } log_debugx("nothing to mount; exiting"); done(0, wildcards); /* * Exit without calling exit_callback(). */ quick_exit(0); } log_debugx("found node defined at %s:%d; it is a mountpoint", node->n_config_file, node->n_config_line); if (key != NULL) node_expand_ampersand(node, key); error = node_expand_defined(node); if (error != 0) { log_errx(1, "variable expansion failed for %s; " "failing mount", adr->adr_path); } /* * Append "automounted". */ options = concat(options, ',', "automounted"); /* * Remove "nobrowse", mount(8) doesn't understand it. */ pick_option("nobrowse", &options); /* * Figure out fstype. */ fstype = pick_option("fstype=", &options); if (fstype == NULL) { log_debugx("fstype not specified in options; " "defaulting to \"nfs\""); fstype = checked_strdup("nfs"); } if (strcmp(fstype, "nfs") == 0) { /* * The mount_nfs(8) command defaults to retry undefinitely. * We do not want that behaviour, because it leaves mount_nfs(8) * instances and automountd(8) children hanging forever. * Disable retries unless the option was passed explicitly. */ retrycnt = pick_option("retrycnt=", &options); if (retrycnt == NULL) { log_debugx("retrycnt not specified in options; " "defaulting to 1"); options = concat(options, ',', "retrycnt=1"); } else { options = concat(options, ',', concat("retrycnt", '=', retrycnt)); } } f = auto_popen("mount", "-t", fstype, "-o", options, node->n_location, adr->adr_path, NULL); assert(f != NULL); error = auto_pclose(f); if (error != 0) log_errx(1, "mount failed"); log_debugx("mount done; exiting"); done(0, wildcards); /* * Exit without calling exit_callback(). */ quick_exit(0); } static void sigchld_handler(int dummy __unused) { /* * The only purpose of this handler is to make SIGCHLD * interrupt the AUTOFSREQUEST ioctl(2), so we can call * wait_for_children(). */ } static void register_sigchld(void) { struct sigaction sa; int error; bzero(&sa, sizeof(sa)); sa.sa_handler = sigchld_handler; sigfillset(&sa.sa_mask); error = sigaction(SIGCHLD, &sa, NULL); if (error != 0) log_err(1, "sigaction"); } static int wait_for_children(bool block) { pid_t pid; int status; int num = 0; for (;;) { /* * If "block" is true, wait for at least one process. */ if (block && num == 0) pid = wait4(-1, &status, 0, NULL); else pid = wait4(-1, &status, WNOHANG, NULL); if (pid <= 0) break; if (WIFSIGNALED(status)) { log_warnx("child process %d terminated with signal %d", pid, WTERMSIG(status)); } else if (WEXITSTATUS(status) != 0) { log_debugx("child process %d terminated with exit status %d", pid, WEXITSTATUS(status)); } else { log_debugx("child process %d terminated gracefully", pid); } num++; } return (num); } static void usage_automountd(void) { fprintf(stderr, "usage: automountd [-D name=value][-m maxproc]" "[-o opts][-Tidv]\n"); exit(1); } int main_automountd(int argc, char **argv) { struct pidfh *pidfh; pid_t pid, otherpid; const char *pidfile_path = AUTOMOUNTD_PIDFILE; char *options = NULL; struct autofs_daemon_request request; int ch, debug = 0, error, maxproc = 30, retval, saved_errno; bool dont_daemonize = false, incomplete_hierarchy = false; defined_init(); while ((ch = getopt(argc, argv, "D:Tdim:o:v")) != -1) { switch (ch) { case 'D': defined_parse_and_add(optarg); break; case 'T': /* * For compatibility with other implementations, * such as OS X. */ debug++; break; case 'd': dont_daemonize = true; debug++; break; case 'i': incomplete_hierarchy = true; break; case 'm': maxproc = atoi(optarg); break; case 'o': options = concat(options, ',', optarg); break; case 'v': debug++; break; case '?': default: usage_automountd(); } } argc -= optind; if (argc != 0) usage_automountd(); log_init(debug); pidfh = pidfile_open(pidfile_path, 0600, &otherpid); if (pidfh == NULL) { if (errno == EEXIST) { log_errx(1, "daemon already running, pid: %jd.", (intmax_t)otherpid); } log_err(1, "cannot open or create pidfile \"%s\"", pidfile_path); } autofs_fd = open(AUTOFS_PATH, O_RDWR | O_CLOEXEC); if (autofs_fd < 0 && errno == ENOENT) { saved_errno = errno; retval = kldload("autofs"); if (retval != -1) autofs_fd = open(AUTOFS_PATH, O_RDWR | O_CLOEXEC); else errno = saved_errno; } if (autofs_fd < 0) log_err(1, "failed to open %s", AUTOFS_PATH); if (dont_daemonize == false) { if (daemon(0, 0) == -1) { log_warn("cannot daemonize"); pidfile_remove(pidfh); exit(1); } } else { lesser_daemon(); } pidfile_write(pidfh); register_sigchld(); for (;;) { log_debugx("waiting for request from the kernel"); memset(&request, 0, sizeof(request)); error = ioctl(autofs_fd, AUTOFSREQUEST, &request); if (error != 0) { if (errno == EINTR) { nchildren -= wait_for_children(false); assert(nchildren >= 0); continue; } log_err(1, "AUTOFSREQUEST"); } if (dont_daemonize) { log_debugx("not forking due to -d flag; " "will exit after servicing a single request"); } else { nchildren -= wait_for_children(false); assert(nchildren >= 0); while (maxproc > 0 && nchildren >= maxproc) { log_debugx("maxproc limit of %d child processes hit; " "waiting for child process to exit", maxproc); nchildren -= wait_for_children(true); assert(nchildren >= 0); } log_debugx("got request; forking child process #%d", nchildren); nchildren++; pid = fork(); if (pid < 0) log_err(1, "fork"); if (pid > 0) continue; } pidfile_close(pidfh); handle_request(&request, options, incomplete_hierarchy); } pidfile_close(pidfh); return (0); } Index: head/usr.sbin/autofs/autounmountd.8 =================================================================== --- head/usr.sbin/autofs/autounmountd.8 (revision 367104) +++ head/usr.sbin/autofs/autounmountd.8 (revision 367105) @@ -1,88 +1,87 @@ .\" Copyright (c) 2014 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd December 13, 2014 .Dt AUTOUNMOUNTD 8 .Os .Sh NAME .Nm autounmountd .Nd daemon unmounting automounted filesystems .Sh SYNOPSIS .Nm .Op Fl d .Op Fl r Ar time .Op Fl t Ar time .Op Fl v .Sh DESCRIPTION The .Nm daemon is responsible for unmounting filesystems mounted by .Xr automountd 8 . On startup, .Nm retrieves a list of filesystems that have the .Li automounted mount option set. The list is updated every time a filesystem is mounted or unmounted. After a specified time passes, .Nm attempts to unmount a filesystem, retrying after some time if necessary. .Pp These options are available: .Bl -tag -width ".Fl v" .It Fl d Debug mode: increase verbosity and do not daemonize. .It Fl r Number of seconds to wait before trying to unmount an expired filesystem after a previous attempt failed, possibly due to filesystem being busy. The default value is 600, or ten minutes. .It Fl t Number of seconds to wait before trying to unmount a filesystem. The default value is 600, or ten minutes. .It Fl v Increase verbosity. .El .Sh EXIT STATUS .Ex -std .Sh SEE ALSO .Xr auto_master 5 , .Xr autofs 5 , .Xr automount 8 , .Xr automountd 8 .Sh HISTORY The .Nm daemon appeared in .Fx 10.1 . .Sh AUTHORS The .Nm was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/usr.sbin/autofs/autounmountd.c =================================================================== --- head/usr.sbin/autofs/autounmountd.c (revision 367104) +++ head/usr.sbin/autofs/autounmountd.c (revision 367105) @@ -1,356 +1,355 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include "common.h" #define AUTOUNMOUNTD_PIDFILE "/var/run/autounmountd.pid" struct automounted_fs { TAILQ_ENTRY(automounted_fs) af_next; time_t af_mount_time; bool af_mark; fsid_t af_fsid; char af_mountpoint[MNAMELEN]; }; static TAILQ_HEAD(, automounted_fs) automounted; static struct automounted_fs * automounted_find(fsid_t fsid) { struct automounted_fs *af; TAILQ_FOREACH(af, &automounted, af_next) { if (fsidcmp(&af->af_fsid, &fsid) == 0) return (af); } return (NULL); } static struct automounted_fs * automounted_add(fsid_t fsid, const char *mountpoint) { struct automounted_fs *af; af = calloc(1, sizeof(*af)); if (af == NULL) log_err(1, "calloc"); af->af_mount_time = time(NULL); af->af_fsid = fsid; strlcpy(af->af_mountpoint, mountpoint, sizeof(af->af_mountpoint)); TAILQ_INSERT_TAIL(&automounted, af, af_next); return (af); } static void automounted_remove(struct automounted_fs *af) { TAILQ_REMOVE(&automounted, af, af_next); free(af); } static void refresh_automounted(void) { struct automounted_fs *af, *tmpaf; struct statfs *mntbuf; int i, nitems; nitems = getmntinfo(&mntbuf, MNT_WAIT); if (nitems <= 0) log_err(1, "getmntinfo"); log_debugx("refreshing list of automounted filesystems"); TAILQ_FOREACH(af, &automounted, af_next) af->af_mark = false; for (i = 0; i < nitems; i++) { if (strcmp(mntbuf[i].f_fstypename, "autofs") == 0) { log_debugx("skipping %s, filesystem type is autofs", mntbuf[i].f_mntonname); continue; } if ((mntbuf[i].f_flags & MNT_AUTOMOUNTED) == 0) { log_debugx("skipping %s, not automounted", mntbuf[i].f_mntonname); continue; } af = automounted_find(mntbuf[i].f_fsid); if (af == NULL) { log_debugx("new automounted filesystem found on %s " "(FSID:%d:%d)", mntbuf[i].f_mntonname, mntbuf[i].f_fsid.val[0], mntbuf[i].f_fsid.val[1]); af = automounted_add(mntbuf[i].f_fsid, mntbuf[i].f_mntonname); } else { log_debugx("already known automounted filesystem " "found on %s (FSID:%d:%d)", mntbuf[i].f_mntonname, mntbuf[i].f_fsid.val[0], mntbuf[i].f_fsid.val[1]); } af->af_mark = true; } TAILQ_FOREACH_SAFE(af, &automounted, af_next, tmpaf) { if (af->af_mark) continue; log_debugx("lost filesystem mounted on %s (FSID:%d:%d)", af->af_mountpoint, af->af_fsid.val[0], af->af_fsid.val[1]); automounted_remove(af); } } static int unmount_by_fsid(const fsid_t fsid, const char *mountpoint) { char *fsid_str; int error, ret; ret = asprintf(&fsid_str, "FSID:%d:%d", fsid.val[0], fsid.val[1]); if (ret < 0) log_err(1, "asprintf"); error = unmount(fsid_str, MNT_NONBUSY | MNT_BYFSID); if (error != 0) { if (errno == EBUSY) { log_debugx("cannot unmount %s (%s): %s", mountpoint, fsid_str, strerror(errno)); } else { log_warn("cannot unmount %s (%s)", mountpoint, fsid_str); } } free(fsid_str); return (error); } static time_t expire_automounted(time_t expiration_time) { struct automounted_fs *af, *tmpaf; time_t now; time_t mounted_for, mounted_max = -1; int error; now = time(NULL); log_debugx("expiring automounted filesystems"); TAILQ_FOREACH_SAFE(af, &automounted, af_next, tmpaf) { mounted_for = difftime(now, af->af_mount_time); if (mounted_for < expiration_time) { log_debugx("skipping %s (FSID:%d:%d), mounted " "for %jd seconds", af->af_mountpoint, af->af_fsid.val[0], af->af_fsid.val[1], (intmax_t)mounted_for); if (mounted_for > mounted_max) mounted_max = mounted_for; continue; } log_debugx("filesystem mounted on %s (FSID:%d:%d), " "was mounted for %ld seconds; unmounting", af->af_mountpoint, af->af_fsid.val[0], af->af_fsid.val[1], (long)mounted_for); error = unmount_by_fsid(af->af_fsid, af->af_mountpoint); if (error != 0) { if (mounted_for > mounted_max) mounted_max = mounted_for; } } return (mounted_max); } static void usage_autounmountd(void) { fprintf(stderr, "usage: autounmountd [-r time][-t time][-dv]\n"); exit(1); } static void do_wait(int kq, time_t sleep_time) { struct timespec timeout; struct kevent unused; int nevents; if (sleep_time != -1) { assert(sleep_time > 0); timeout.tv_sec = sleep_time; timeout.tv_nsec = 0; log_debugx("waiting for filesystem event for %ld seconds", (long)sleep_time); nevents = kevent(kq, NULL, 0, &unused, 1, &timeout); } else { log_debugx("waiting for filesystem event"); nevents = kevent(kq, NULL, 0, &unused, 1, NULL); } if (nevents < 0) { if (errno == EINTR) return; log_err(1, "kevent"); } if (nevents == 0) { log_debugx("timeout reached"); assert(sleep_time > 0); } else { log_debugx("got filesystem event"); } } int main_autounmountd(int argc, char **argv) { struct kevent event; struct pidfh *pidfh; pid_t otherpid; const char *pidfile_path = AUTOUNMOUNTD_PIDFILE; int ch, debug = 0, error, kq; time_t expiration_time = 600, retry_time = 600, mounted_max, sleep_time; bool dont_daemonize = false; while ((ch = getopt(argc, argv, "dr:t:v")) != -1) { switch (ch) { case 'd': dont_daemonize = true; debug++; break; case 'r': retry_time = atoi(optarg); break; case 't': expiration_time = atoi(optarg); break; case 'v': debug++; break; case '?': default: usage_autounmountd(); } } argc -= optind; if (argc != 0) usage_autounmountd(); if (retry_time <= 0) log_errx(1, "retry time must be greater than zero"); if (expiration_time <= 0) log_errx(1, "expiration time must be greater than zero"); log_init(debug); pidfh = pidfile_open(pidfile_path, 0600, &otherpid); if (pidfh == NULL) { if (errno == EEXIST) { log_errx(1, "daemon already running, pid: %jd.", (intmax_t)otherpid); } log_err(1, "cannot open or create pidfile \"%s\"", pidfile_path); } if (dont_daemonize == false) { if (daemon(0, 0) == -1) { log_warn("cannot daemonize"); pidfile_remove(pidfh); exit(1); } } pidfile_write(pidfh); TAILQ_INIT(&automounted); kq = kqueue(); if (kq < 0) log_err(1, "kqueue"); EV_SET(&event, 0, EVFILT_FS, EV_ADD | EV_CLEAR, 0, 0, NULL); error = kevent(kq, &event, 1, NULL, 0, NULL); if (error < 0) log_err(1, "kevent"); for (;;) { refresh_automounted(); mounted_max = expire_automounted(expiration_time); if (mounted_max == -1) { sleep_time = mounted_max; log_debugx("no filesystems to expire"); } else if (mounted_max < expiration_time) { sleep_time = difftime(expiration_time, mounted_max); log_debugx("some filesystems expire in %ld seconds", (long)sleep_time); } else { sleep_time = retry_time; log_debugx("some expired filesystems remain mounted, " "will retry in %ld seconds", (long)sleep_time); } do_wait(kq, sleep_time); } return (0); } Index: head/usr.sbin/autofs/common.c =================================================================== --- head/usr.sbin/autofs/common.c (revision 367104) +++ head/usr.sbin/autofs/common.c (revision 367105) @@ -1,1227 +1,1226 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "autofs_ioctl.h" #include "common.h" extern FILE *yyin; extern char *yytext; extern int yylex(void); static void parse_master_yyin(struct node *root, const char *master); static void parse_map_yyin(struct node *parent, const char *map, const char *executable_key); char * checked_strdup(const char *s) { char *c; assert(s != NULL); c = strdup(s); if (c == NULL) log_err(1, "strdup"); return (c); } /* * Concatenate two strings, inserting separator between them, unless not needed. */ char * concat(const char *s1, char separator, const char *s2) { char *result; char s1last, s2first; int ret; if (s1 == NULL) s1 = ""; if (s2 == NULL) s2 = ""; if (s1[0] == '\0') s1last = '\0'; else s1last = s1[strlen(s1) - 1]; s2first = s2[0]; if (s1last == separator && s2first == separator) { /* * If s1 ends with the separator and s2 begins with * it - skip the latter; otherwise concatenating "/" * and "/foo" would end up returning "//foo". */ ret = asprintf(&result, "%s%s", s1, s2 + 1); } else if (s1last == separator || s2first == separator || s1[0] == '\0' || s2[0] == '\0') { ret = asprintf(&result, "%s%s", s1, s2); } else { ret = asprintf(&result, "%s%c%s", s1, separator, s2); } if (ret < 0) log_err(1, "asprintf"); //log_debugx("%s: got %s and %s, returning %s", __func__, s1, s2, result); return (result); } void create_directory(const char *path) { char *component, *copy, *tofree, *partial, *tmp; int error; assert(path[0] == '/'); /* * +1 to skip the leading slash. */ copy = tofree = checked_strdup(path + 1); partial = checked_strdup(""); for (;;) { component = strsep(©, "/"); if (component == NULL) break; tmp = concat(partial, '/', component); free(partial); partial = tmp; //log_debugx("creating \"%s\"", partial); error = mkdir(partial, 0755); if (error != 0 && errno != EEXIST) { log_warn("cannot create %s", partial); return; } } free(tofree); } struct node * node_new_root(void) { struct node *n; n = calloc(1, sizeof(*n)); if (n == NULL) log_err(1, "calloc"); // XXX n->n_key = checked_strdup("/"); n->n_options = checked_strdup(""); TAILQ_INIT(&n->n_children); return (n); } struct node * node_new(struct node *parent, char *key, char *options, char *location, const char *config_file, int config_line) { struct node *n; n = calloc(1, sizeof(*n)); if (n == NULL) log_err(1, "calloc"); TAILQ_INIT(&n->n_children); assert(key != NULL); assert(key[0] != '\0'); n->n_key = key; if (options != NULL) n->n_options = options; else n->n_options = strdup(""); n->n_location = location; assert(config_file != NULL); n->n_config_file = config_file; assert(config_line >= 0); n->n_config_line = config_line; assert(parent != NULL); n->n_parent = parent; TAILQ_INSERT_TAIL(&parent->n_children, n, n_next); return (n); } struct node * node_new_map(struct node *parent, char *key, char *options, char *map, const char *config_file, int config_line) { struct node *n; n = calloc(1, sizeof(*n)); if (n == NULL) log_err(1, "calloc"); TAILQ_INIT(&n->n_children); assert(key != NULL); assert(key[0] != '\0'); n->n_key = key; if (options != NULL) n->n_options = options; else n->n_options = strdup(""); n->n_map = map; assert(config_file != NULL); n->n_config_file = config_file; assert(config_line >= 0); n->n_config_line = config_line; assert(parent != NULL); n->n_parent = parent; TAILQ_INSERT_TAIL(&parent->n_children, n, n_next); return (n); } static struct node * node_duplicate(const struct node *o, struct node *parent) { const struct node *child; struct node *n; if (parent == NULL) parent = o->n_parent; n = node_new(parent, o->n_key, o->n_options, o->n_location, o->n_config_file, o->n_config_line); TAILQ_FOREACH(child, &o->n_children, n_next) node_duplicate(child, n); return (n); } static void node_delete(struct node *n) { struct node *child, *tmp; assert (n != NULL); TAILQ_FOREACH_SAFE(child, &n->n_children, n_next, tmp) node_delete(child); if (n->n_parent != NULL) TAILQ_REMOVE(&n->n_parent->n_children, n, n_next); free(n); } /* * Move (reparent) node 'n' to make it sibling of 'previous', placed * just after it. */ static void node_move_after(struct node *n, struct node *previous) { TAILQ_REMOVE(&n->n_parent->n_children, n, n_next); n->n_parent = previous->n_parent; TAILQ_INSERT_AFTER(&previous->n_parent->n_children, previous, n, n_next); } static void node_expand_includes(struct node *root, bool is_master) { struct node *n, *n2, *tmp, *tmp2, *tmproot; int error; TAILQ_FOREACH_SAFE(n, &root->n_children, n_next, tmp) { if (n->n_key[0] != '+') continue; error = access(AUTO_INCLUDE_PATH, F_OK); if (error != 0) { log_errx(1, "directory services not configured; " "%s does not exist", AUTO_INCLUDE_PATH); } /* * "+1" to skip leading "+". */ yyin = auto_popen(AUTO_INCLUDE_PATH, n->n_key + 1, NULL); assert(yyin != NULL); tmproot = node_new_root(); if (is_master) parse_master_yyin(tmproot, n->n_key); else parse_map_yyin(tmproot, n->n_key, NULL); error = auto_pclose(yyin); yyin = NULL; if (error != 0) { log_errx(1, "failed to handle include \"%s\"", n->n_key); } /* * Entries to be included are now in tmproot. We need to merge * them with the rest, preserving their place and ordering. */ TAILQ_FOREACH_REVERSE_SAFE(n2, &tmproot->n_children, nodehead, n_next, tmp2) { node_move_after(n2, n); } node_delete(n); node_delete(tmproot); } } static char * expand_ampersand(char *string, const char *key) { char c, *expanded; int i, ret, before_len = 0; bool backslashed = false; assert(key[0] != '\0'); expanded = checked_strdup(string); for (i = 0; string[i] != '\0'; i++) { c = string[i]; if (c == '\\' && backslashed == false) { backslashed = true; continue; } if (backslashed) { backslashed = false; continue; } backslashed = false; if (c != '&') continue; /* * The 'before_len' variable contains the number * of characters before the '&'. */ before_len = i; //assert(i < (int)strlen(string)); ret = asprintf(&expanded, "%.*s%s%s", before_len, string, key, string + before_len + 1); if (ret < 0) log_err(1, "asprintf"); //log_debugx("\"%s\" expanded with key \"%s\" to \"%s\"", // string, key, expanded); /* * Figure out where to start searching for next variable. */ string = expanded; i = before_len + strlen(key); if (i == (int)strlen(string)) break; backslashed = false; //assert(i < (int)strlen(string)); } return (expanded); } /* * Expand "&" in n_location. If the key is NULL, try to use * key from map entries themselves. Keep in mind that maps * consist of tho levels of node structures, the key is one * level up. * * Variant with NULL key is for "automount -LL". */ void node_expand_ampersand(struct node *n, const char *key) { struct node *child; if (n->n_location != NULL) { if (key == NULL) { if (n->n_parent != NULL && strcmp(n->n_parent->n_key, "*") != 0) { n->n_location = expand_ampersand(n->n_location, n->n_parent->n_key); } } else { n->n_location = expand_ampersand(n->n_location, key); } } TAILQ_FOREACH(child, &n->n_children, n_next) node_expand_ampersand(child, key); } /* * Expand "*" in n_key. */ void node_expand_wildcard(struct node *n, const char *key) { struct node *child, *expanded; assert(key != NULL); if (strcmp(n->n_key, "*") == 0) { expanded = node_duplicate(n, NULL); expanded->n_key = checked_strdup(key); node_move_after(expanded, n); } TAILQ_FOREACH(child, &n->n_children, n_next) node_expand_wildcard(child, key); } int node_expand_defined(struct node *n) { struct node *child; int error, cumulated_error = 0; if (n->n_location != NULL) { n->n_location = defined_expand(n->n_location); if (n->n_location == NULL) { log_warnx("failed to expand location for %s", node_path(n)); return (EINVAL); } } TAILQ_FOREACH(child, &n->n_children, n_next) { error = node_expand_defined(child); if (error != 0 && cumulated_error == 0) cumulated_error = error; } return (cumulated_error); } static bool node_is_direct_key(const struct node *n) { if (n->n_parent != NULL && n->n_parent->n_parent == NULL && strcmp(n->n_key, "/-") == 0) { return (true); } return (false); } bool node_is_direct_map(const struct node *n) { for (;;) { assert(n->n_parent != NULL); if (n->n_parent->n_parent == NULL) break; n = n->n_parent; } return (node_is_direct_key(n)); } bool node_has_wildcards(const struct node *n) { const struct node *child; TAILQ_FOREACH(child, &n->n_children, n_next) { if (strcmp(child->n_key, "*") == 0) return (true); } return (false); } static void node_expand_maps(struct node *n, bool indirect) { struct node *child, *tmp; TAILQ_FOREACH_SAFE(child, &n->n_children, n_next, tmp) { if (node_is_direct_map(child)) { if (indirect) continue; } else { if (indirect == false) continue; } /* * This is the first-level map node; the one that contains * the key and subnodes with mountpoints and actual map names. */ if (child->n_map == NULL) continue; if (indirect) { log_debugx("map \"%s\" is an indirect map, parsing", child->n_map); } else { log_debugx("map \"%s\" is a direct map, parsing", child->n_map); } parse_map(child, child->n_map, NULL, NULL); } } static void node_expand_direct_maps(struct node *n) { node_expand_maps(n, false); } void node_expand_indirect_maps(struct node *n) { node_expand_maps(n, true); } static char * node_path_x(const struct node *n, char *x) { char *path; if (n->n_parent == NULL) return (x); /* * Return "/-" for direct maps only if we were asked for path * to the "/-" node itself, not to any of its subnodes. */ if (node_is_direct_key(n) && x[0] != '\0') return (x); assert(n->n_key[0] != '\0'); path = concat(n->n_key, '/', x); free(x); return (node_path_x(n->n_parent, path)); } /* * Return full path for node, consisting of concatenated * paths of node itself and all its parents, up to the root. */ char * node_path(const struct node *n) { char *path; size_t len; path = node_path_x(n, checked_strdup("")); /* * Strip trailing slash, unless the whole path is "/". */ len = strlen(path); if (len > 1 && path[len - 1] == '/') path[len - 1] = '\0'; return (path); } static char * node_options_x(const struct node *n, char *x) { char *options; if (n == NULL) return (x); options = concat(x, ',', n->n_options); free(x); return (node_options_x(n->n_parent, options)); } /* * Return options for node, consisting of concatenated * options from the node itself and all its parents, * up to the root. */ char * node_options(const struct node *n) { return (node_options_x(n, checked_strdup(""))); } static void node_print_indent(const struct node *n, const char *cmdline_options, int indent) { const struct node *child, *first_child; char *path, *options, *tmp; path = node_path(n); tmp = node_options(n); options = concat(cmdline_options, ',', tmp); free(tmp); /* * Do not show both parent and child node if they have the same * mountpoint; only show the child node. This means the typical, * "key location", map entries are shown in a single line; * the "key mountpoint1 location2 mountpoint2 location2" entries * take multiple lines. */ first_child = TAILQ_FIRST(&n->n_children); if (first_child == NULL || TAILQ_NEXT(first_child, n_next) != NULL || strcmp(path, node_path(first_child)) != 0) { assert(n->n_location == NULL || n->n_map == NULL); printf("%*.s%-*s %s%-*s %-*s # %s map %s at %s:%d\n", indent, "", 25 - indent, path, options[0] != '\0' ? "-" : " ", 20, options[0] != '\0' ? options : "", 20, n->n_location != NULL ? n->n_location : n->n_map != NULL ? n->n_map : "", node_is_direct_map(n) ? "direct" : "indirect", indent == 0 ? "referenced" : "defined", n->n_config_file, n->n_config_line); } free(path); free(options); TAILQ_FOREACH(child, &n->n_children, n_next) node_print_indent(child, cmdline_options, indent + 2); } /* * Recursively print node with all its children. The cmdline_options * argument is used for additional options to be prepended to all the * others - usually those are the options passed by command line. */ void node_print(const struct node *n, const char *cmdline_options) { const struct node *child; TAILQ_FOREACH(child, &n->n_children, n_next) node_print_indent(child, cmdline_options, 0); } static struct node * node_find_x(struct node *node, const char *path) { struct node *child, *found; char *tmp; size_t tmplen; //log_debugx("looking up %s in %s", path, node_path(node)); if (!node_is_direct_key(node)) { tmp = node_path(node); tmplen = strlen(tmp); if (strncmp(tmp, path, tmplen) != 0) { free(tmp); return (NULL); } if (path[tmplen] != '/' && path[tmplen] != '\0') { /* * If we have two map entries like 'foo' and 'foobar', make * sure the search for 'foobar' won't match 'foo' instead. */ free(tmp); return (NULL); } free(tmp); } TAILQ_FOREACH(child, &node->n_children, n_next) { found = node_find_x(child, path); if (found != NULL) return (found); } if (node->n_parent == NULL || node_is_direct_key(node)) return (NULL); return (node); } struct node * node_find(struct node *root, const char *path) { struct node *node; assert(root->n_parent == NULL); node = node_find_x(root, path); if (node != NULL) assert(node != root); return (node); } /* * Canonical form of a map entry looks like this: * * key [-options] [ [/mountpoint] [-options2] location ... ] * * Entries for executable maps are slightly different, as they * lack the 'key' field and are always single-line; the key field * for those maps is taken from 'executable_key' argument. * * We parse it in such a way that a map always has two levels - first * for key, and the second, for the mountpoint. */ static void parse_map_yyin(struct node *parent, const char *map, const char *executable_key) { char *key = NULL, *options = NULL, *mountpoint = NULL, *options2 = NULL, *location = NULL; int ret; struct node *node; lineno = 1; if (executable_key != NULL) key = checked_strdup(executable_key); for (;;) { ret = yylex(); if (ret == 0 || ret == NEWLINE) { /* * In case of executable map, the key is always * non-NULL, even if the map is empty. So, make sure * we don't fail empty maps here. */ if ((key != NULL && executable_key == NULL) || options != NULL) { log_errx(1, "truncated entry at %s, line %d", map, lineno); } if (ret == 0 || executable_key != NULL) { /* * End of file. */ break; } else { key = options = NULL; continue; } } if (key == NULL) { key = checked_strdup(yytext); if (key[0] == '+') { node_new(parent, key, NULL, NULL, map, lineno); key = options = NULL; continue; } continue; } else if (yytext[0] == '-') { if (options != NULL) { log_errx(1, "duplicated options at %s, line %d", map, lineno); } /* * +1 to skip leading "-". */ options = checked_strdup(yytext + 1); continue; } /* * We cannot properly handle a situation where the map key * is "/". Ignore such entries. * * XXX: According to Piete Brooks, Linux automounter uses * "/" as a wildcard character in LDAP maps. Perhaps * we should work around this braindamage by substituting * "*" for "/"? */ if (strcmp(key, "/") == 0) { log_warnx("nonsensical map key \"/\" at %s, line %d; " "ignoring map entry ", map, lineno); /* * Skip the rest of the entry. */ do { ret = yylex(); } while (ret != 0 && ret != NEWLINE); key = options = NULL; continue; } //log_debugx("adding map node, %s", key); node = node_new(parent, key, options, NULL, map, lineno); key = options = NULL; for (;;) { if (yytext[0] == '/') { if (mountpoint != NULL) { log_errx(1, "duplicated mountpoint " "in %s, line %d", map, lineno); } if (options2 != NULL || location != NULL) { log_errx(1, "mountpoint out of order " "in %s, line %d", map, lineno); } mountpoint = checked_strdup(yytext); goto again; } if (yytext[0] == '-') { if (options2 != NULL) { log_errx(1, "duplicated options " "in %s, line %d", map, lineno); } if (location != NULL) { log_errx(1, "options out of order " "in %s, line %d", map, lineno); } options2 = checked_strdup(yytext + 1); goto again; } if (location != NULL) { log_errx(1, "too many arguments " "in %s, line %d", map, lineno); } /* * If location field starts with colon, e.g. ":/dev/cd0", * then strip it. */ if (yytext[0] == ':') { location = checked_strdup(yytext + 1); if (location[0] == '\0') { log_errx(1, "empty location in %s, " "line %d", map, lineno); } } else { location = checked_strdup(yytext); } if (mountpoint == NULL) mountpoint = checked_strdup("/"); if (options2 == NULL) options2 = checked_strdup(""); #if 0 log_debugx("adding map node, %s %s %s", mountpoint, options2, location); #endif node_new(node, mountpoint, options2, location, map, lineno); mountpoint = options2 = location = NULL; again: ret = yylex(); if (ret == 0 || ret == NEWLINE) { if (mountpoint != NULL || options2 != NULL || location != NULL) { log_errx(1, "truncated entry " "in %s, line %d", map, lineno); } break; } } } } /* * Parse output of a special map called without argument. It is a list * of keys, separated by newlines. They can contain whitespace, so use * getline(3) instead of lexer used for maps. */ static void parse_map_keys_yyin(struct node *parent, const char *map) { char *line = NULL, *key; size_t linecap = 0; ssize_t linelen; lineno = 1; for (;;) { linelen = getline(&line, &linecap, yyin); if (linelen < 0) { /* * End of file. */ break; } if (linelen <= 1) { /* * Empty line, consisting of just the newline. */ continue; } /* * "-1" to strip the trailing newline. */ key = strndup(line, linelen - 1); log_debugx("adding key \"%s\"", key); node_new(parent, key, NULL, NULL, map, lineno); lineno++; } free(line); } static bool file_is_executable(const char *path) { struct stat sb; int error; error = stat(path, &sb); if (error != 0) log_err(1, "cannot stat %s", path); if ((sb.st_mode & S_IXUSR) || (sb.st_mode & S_IXGRP) || (sb.st_mode & S_IXOTH)) return (true); return (false); } /* * Parse a special map, e.g. "-hosts". */ static void parse_special_map(struct node *parent, const char *map, const char *key) { char *path; int error, ret; assert(map[0] == '-'); /* * +1 to skip leading "-" in map name. */ ret = asprintf(&path, "%s/special_%s", AUTO_SPECIAL_PREFIX, map + 1); if (ret < 0) log_err(1, "asprintf"); yyin = auto_popen(path, key, NULL); assert(yyin != NULL); if (key == NULL) { parse_map_keys_yyin(parent, map); } else { parse_map_yyin(parent, map, key); } error = auto_pclose(yyin); yyin = NULL; if (error != 0) log_errx(1, "failed to handle special map \"%s\"", map); node_expand_includes(parent, false); node_expand_direct_maps(parent); free(path); } /* * Retrieve and parse map from directory services, e.g. LDAP. * Note that it is different from executable maps, in that * the include script outputs the whole map to standard output * (as opposed to executable maps that only output a single * entry, without the key), and it takes the map name as an * argument, instead of key. */ static void parse_included_map(struct node *parent, const char *map) { int error; assert(map[0] != '-'); assert(map[0] != '/'); error = access(AUTO_INCLUDE_PATH, F_OK); if (error != 0) { log_errx(1, "directory services not configured;" " %s does not exist", AUTO_INCLUDE_PATH); } yyin = auto_popen(AUTO_INCLUDE_PATH, map, NULL); assert(yyin != NULL); parse_map_yyin(parent, map, NULL); error = auto_pclose(yyin); yyin = NULL; if (error != 0) log_errx(1, "failed to handle remote map \"%s\"", map); node_expand_includes(parent, false); node_expand_direct_maps(parent); } void parse_map(struct node *parent, const char *map, const char *key, bool *wildcards) { char *path = NULL; int error, ret; bool executable; assert(map != NULL); assert(map[0] != '\0'); log_debugx("parsing map \"%s\"", map); if (wildcards != NULL) *wildcards = false; if (map[0] == '-') { if (wildcards != NULL) *wildcards = true; return (parse_special_map(parent, map, key)); } if (map[0] == '/') { path = checked_strdup(map); } else { ret = asprintf(&path, "%s/%s", AUTO_MAP_PREFIX, map); if (ret < 0) log_err(1, "asprintf"); log_debugx("map \"%s\" maps to \"%s\"", map, path); /* * See if the file exists. If not, try to obtain the map * from directory services. */ error = access(path, F_OK); if (error != 0) { log_debugx("map file \"%s\" does not exist; falling " "back to directory services", path); return (parse_included_map(parent, map)); } } executable = file_is_executable(path); if (executable) { log_debugx("map \"%s\" is executable", map); if (wildcards != NULL) *wildcards = true; if (key != NULL) { yyin = auto_popen(path, key, NULL); } else { yyin = auto_popen(path, NULL); } assert(yyin != NULL); } else { yyin = fopen(path, "r"); if (yyin == NULL) log_err(1, "unable to open \"%s\"", path); } free(path); path = NULL; parse_map_yyin(parent, map, executable ? key : NULL); if (executable) { error = auto_pclose(yyin); yyin = NULL; if (error != 0) { log_errx(1, "failed to handle executable map \"%s\"", map); } } else { fclose(yyin); } yyin = NULL; log_debugx("done parsing map \"%s\"", map); node_expand_includes(parent, false); node_expand_direct_maps(parent); } static void parse_master_yyin(struct node *root, const char *master) { char *mountpoint = NULL, *map = NULL, *options = NULL; int ret; /* * XXX: 1 gives incorrect values; wtf? */ lineno = 0; for (;;) { ret = yylex(); if (ret == 0 || ret == NEWLINE) { if (mountpoint != NULL) { //log_debugx("adding map for %s", mountpoint); node_new_map(root, mountpoint, options, map, master, lineno); } if (ret == 0) { break; } else { mountpoint = map = options = NULL; continue; } } if (mountpoint == NULL) { mountpoint = checked_strdup(yytext); } else if (map == NULL) { map = checked_strdup(yytext); } else if (options == NULL) { /* * +1 to skip leading "-". */ options = checked_strdup(yytext + 1); } else { log_errx(1, "too many arguments at %s, line %d", master, lineno); } } } void parse_master(struct node *root, const char *master) { log_debugx("parsing auto_master file at \"%s\"", master); yyin = fopen(master, "r"); if (yyin == NULL) err(1, "unable to open %s", master); parse_master_yyin(root, master); fclose(yyin); yyin = NULL; log_debugx("done parsing \"%s\"", master); node_expand_includes(root, true); node_expand_direct_maps(root); } /* * Two things daemon(3) does, that we actually also want to do * when running in foreground, is closing the stdin and chdiring * to "/". This is what we do here. */ void lesser_daemon(void) { int error, fd; error = chdir("/"); if (error != 0) log_warn("chdir"); fd = open(_PATH_DEVNULL, O_RDWR, 0); if (fd < 0) { log_warn("cannot open %s", _PATH_DEVNULL); return; } error = dup2(fd, STDIN_FILENO); if (error != 0) log_warn("dup2"); error = close(fd); if (error != 0) { /* Bloody hell. */ log_warn("close"); } } int main(int argc, char **argv) { char *cmdname; if (argv[0] == NULL) log_errx(1, "NULL command name"); cmdname = basename(argv[0]); if (strcmp(cmdname, "automount") == 0) return (main_automount(argc, argv)); else if (strcmp(cmdname, "automountd") == 0) return (main_automountd(argc, argv)); else if (strcmp(cmdname, "autounmountd") == 0) return (main_autounmountd(argc, argv)); else log_errx(1, "binary name should be either \"automount\", " "\"automountd\", or \"autounmountd\""); } Index: head/usr.sbin/autofs/common.h =================================================================== --- head/usr.sbin/autofs/common.h (revision 367104) +++ head/usr.sbin/autofs/common.h (revision 367105) @@ -1,116 +1,115 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef AUTOMOUNTD_H #define AUTOMOUNTD_H #include #include #define AUTO_MASTER_PATH "/etc/auto_master" #define AUTO_MAP_PREFIX "/etc" #define AUTO_SPECIAL_PREFIX "/etc/autofs" #define AUTO_INCLUDE_PATH AUTO_SPECIAL_PREFIX "/include" struct node { TAILQ_ENTRY(node) n_next; TAILQ_HEAD(nodehead, node) n_children; struct node *n_parent; char *n_key; char *n_options; char *n_location; char *n_map; const char *n_config_file; int n_config_line; }; struct defined_value { TAILQ_ENTRY(defined_value) d_next; char *d_name; char *d_value; }; void log_init(int level); void log_set_peer_name(const char *name); void log_set_peer_addr(const char *addr); void log_err(int, const char *, ...) __dead2 __printf0like(2, 3); void log_errx(int, const char *, ...) __dead2 __printf0like(2, 3); void log_warn(const char *, ...) __printf0like(1, 2); void log_warnx(const char *, ...) __printflike(1, 2); void log_debugx(const char *, ...) __printf0like(1, 2); char *checked_strdup(const char *); char *concat(const char *s1, char separator, const char *s2); void create_directory(const char *path); struct node *node_new_root(void); struct node *node_new(struct node *parent, char *key, char *options, char *location, const char *config_file, int config_line); struct node *node_new_map(struct node *parent, char *key, char *options, char *map, const char *config_file, int config_line); struct node *node_find(struct node *root, const char *mountpoint); bool node_is_direct_map(const struct node *n); bool node_has_wildcards(const struct node *n); char *node_path(const struct node *n); char *node_options(const struct node *n); void node_expand_ampersand(struct node *root, const char *key); void node_expand_wildcard(struct node *root, const char *key); int node_expand_defined(struct node *root); void node_expand_indirect_maps(struct node *n); void node_print(const struct node *n, const char *cmdline_options); void parse_master(struct node *root, const char *path); void parse_map(struct node *parent, const char *map, const char *args, bool *wildcards); char *defined_expand(const char *string); void defined_init(void); void defined_parse_and_add(char *def); void lesser_daemon(void); int main_automount(int argc, char **argv); int main_automountd(int argc, char **argv); int main_autounmountd(int argc, char **argv); FILE *auto_popen(const char *argv0, ...); int auto_pclose(FILE *iop); /* * lex(1) stuff. */ extern int lineno; #define STR 1 #define NEWLINE 2 #endif /* !AUTOMOUNTD_H */ Index: head/usr.sbin/autofs/defined.c =================================================================== --- head/usr.sbin/autofs/defined.c (revision 367104) +++ head/usr.sbin/autofs/defined.c (revision 367105) @@ -1,274 +1,273 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * All the "defined" stuff is for handling variables, * such as ${OSNAME}, in maps. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "common.h" static TAILQ_HEAD(, defined_value) defined_values; static const char * defined_find(const char *name) { struct defined_value *d; TAILQ_FOREACH(d, &defined_values, d_next) { if (strcmp(d->d_name, name) == 0) return (d->d_value); } return (NULL); } char * defined_expand(const char *string) { const char *value; char c, *expanded, *name; int i, ret, before_len = 0, name_off = 0, name_len = 0, after_off = 0; bool backslashed = false, bracketed = false; expanded = checked_strdup(string); for (i = 0; string[i] != '\0'; i++) { c = string[i]; if (c == '\\' && backslashed == false) { backslashed = true; continue; } if (backslashed) { backslashed = false; continue; } backslashed = false; if (c != '$') continue; /* * The 'before_len' variable contains the number * of characters before the '$'. */ before_len = i; assert(i + 1 < (int)strlen(string)); if (string[i + 1] == '{') bracketed = true; if (string[i + 1] == '\0') { log_warnx("truncated variable"); return (NULL); } /* * Skip '$'. */ i++; if (bracketed) { if (string[i + 1] == '\0') { log_warnx("truncated variable"); return (NULL); } /* * Skip '{'. */ i++; } /* * The 'name_off' variable contains the number * of characters before the variable name, * including the "$" or "${". */ name_off = i; for (; string[i] != '\0'; i++) { c = string[i]; /* * XXX: Decide on the set of characters that can be * used in a variable name. */ if (isalnum(c) || c == '_') continue; /* * End of variable name. */ if (bracketed) { if (c != '}') continue; /* * The 'after_off' variable contains the number * of characters before the rest of the string, * i.e. after the variable name. */ after_off = i + 1; assert(i > 1); assert(i - 1 > name_off); name_len = i - name_off; break; } after_off = i; assert(i > 1); assert(i > name_off); name_len = i - name_off; break; } name = strndup(string + name_off, name_len); if (name == NULL) log_err(1, "strndup"); value = defined_find(name); if (value == NULL) { log_warnx("undefined variable ${%s}", name); return (NULL); } /* * Concatenate it back. */ ret = asprintf(&expanded, "%.*s%s%s", before_len, string, value, string + after_off); if (ret < 0) log_err(1, "asprintf"); //log_debugx("\"%s\" expanded to \"%s\"", string, expanded); free(name); /* * Figure out where to start searching for next variable. */ string = expanded; i = before_len + strlen(value); backslashed = bracketed = false; before_len = name_off = name_len = after_off = 0; assert(i <= (int)strlen(string)); } if (before_len != 0 || name_off != 0 || name_len != 0 || after_off != 0) { log_warnx("truncated variable"); return (NULL); } return (expanded); } static void defined_add(const char *name, const char *value) { struct defined_value *d; const char *found; found = defined_find(name); if (found != NULL) log_errx(1, "variable %s already defined", name); log_debugx("defining variable %s=%s", name, value); d = calloc(1, sizeof(*d)); if (d == NULL) log_err(1, "calloc"); d->d_name = checked_strdup(name); d->d_value = checked_strdup(value); TAILQ_INSERT_TAIL(&defined_values, d, d_next); } void defined_parse_and_add(char *def) { char *name, *value; value = def; name = strsep(&value, "="); if (value == NULL || value[0] == '\0') log_errx(1, "missing variable value"); if (name == NULL || name[0] == '\0') log_errx(1, "missing variable name"); defined_add(name, value); } void defined_init(void) { struct utsname name; int error; TAILQ_INIT(&defined_values); error = uname(&name); if (error != 0) log_err(1, "uname"); defined_add("ARCH", name.machine); defined_add("CPU", name.machine); defined_add("DOLLAR", "$"); defined_add("HOST", name.nodename); defined_add("OSNAME", name.sysname); defined_add("OSREL", name.release); defined_add("OSVERS", name.version); } Index: head/usr.sbin/autofs/log.c =================================================================== --- head/usr.sbin/autofs/log.c (revision 367104) +++ head/usr.sbin/autofs/log.c (revision 367105) @@ -1,203 +1,202 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include "common.h" static int log_level = 0; static char *peer_name = NULL; static char *peer_addr = NULL; #define MSGBUF_LEN 1024 void log_init(int level) { log_level = level; openlog(getprogname(), LOG_NDELAY | LOG_PID, LOG_DAEMON); } void log_set_peer_name(const char *name) { /* * XXX: Turn it into assertion? */ if (peer_name != NULL) log_errx(1, "%s called twice", __func__); if (peer_addr == NULL) log_errx(1, "%s called before log_set_peer_addr", __func__); peer_name = checked_strdup(name); } void log_set_peer_addr(const char *addr) { /* * XXX: Turn it into assertion? */ if (peer_addr != NULL) log_errx(1, "%s called twice", __func__); peer_addr = checked_strdup(addr); } static void log_common(int priority, int log_errno, const char *fmt, va_list ap) { static char msgbuf[MSGBUF_LEN]; static char msgbuf_strvised[MSGBUF_LEN * 4 + 1]; char *errstr; int ret; ret = vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap); if (ret < 0) { fprintf(stderr, "%s: snprintf failed", getprogname()); syslog(LOG_CRIT, "snprintf failed"); exit(1); } ret = strnvis(msgbuf_strvised, sizeof(msgbuf_strvised), msgbuf, VIS_NL); if (ret < 0) { fprintf(stderr, "%s: strnvis failed", getprogname()); syslog(LOG_CRIT, "strnvis failed"); exit(1); } if (log_errno == -1) { if (peer_name != NULL) { fprintf(stderr, "%s: %s (%s): %s\n", getprogname(), peer_addr, peer_name, msgbuf_strvised); syslog(priority, "%s (%s): %s", peer_addr, peer_name, msgbuf_strvised); } else if (peer_addr != NULL) { fprintf(stderr, "%s: %s: %s\n", getprogname(), peer_addr, msgbuf_strvised); syslog(priority, "%s: %s", peer_addr, msgbuf_strvised); } else { fprintf(stderr, "%s: %s\n", getprogname(), msgbuf_strvised); syslog(priority, "%s", msgbuf_strvised); } } else { errstr = strerror(log_errno); if (peer_name != NULL) { fprintf(stderr, "%s: %s (%s): %s: %s\n", getprogname(), peer_addr, peer_name, msgbuf_strvised, errstr); syslog(priority, "%s (%s): %s: %s", peer_addr, peer_name, msgbuf_strvised, errstr); } else if (peer_addr != NULL) { fprintf(stderr, "%s: %s: %s: %s\n", getprogname(), peer_addr, msgbuf_strvised, errstr); syslog(priority, "%s: %s: %s", peer_addr, msgbuf_strvised, errstr); } else { fprintf(stderr, "%s: %s: %s\n", getprogname(), msgbuf_strvised, errstr); syslog(priority, "%s: %s", msgbuf_strvised, errstr); } } } void log_err(int eval, const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_CRIT, errno, fmt, ap); va_end(ap); exit(eval); } void log_errx(int eval, const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_CRIT, -1, fmt, ap); va_end(ap); exit(eval); } void log_warn(const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_WARNING, errno, fmt, ap); va_end(ap); } void log_warnx(const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_WARNING, -1, fmt, ap); va_end(ap); } void log_debugx(const char *fmt, ...) { va_list ap; if (log_level == 0) return; va_start(ap, fmt); log_common(LOG_DEBUG, -1, fmt, ap); va_end(ap); } Index: head/usr.sbin/autofs/token.l =================================================================== --- head/usr.sbin/autofs/token.l (revision 367104) +++ head/usr.sbin/autofs/token.l (revision 367105) @@ -1,60 +1,59 @@ %{ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include "common.h" int lineno; #define YY_DECL int yylex(void) extern int yylex(void); %} %option noinput %option nounput %option noyywrap %% \"[^"]+\" { yytext++; yytext[strlen(yytext) - 1] = '\0'; return STR; }; [a-zA-Z0-9\.\+-_/\:\[\]$&%{}]+ { return STR; } #.*\n { lineno++; return NEWLINE; }; \\\n { lineno++; }; \n { lineno++; return NEWLINE; } [ \t]+ /* ignore whitespace */; . { return STR; } %% Index: head/usr.sbin/ctld/chap.c =================================================================== --- head/usr.sbin/ctld/chap.c (revision 367104) +++ head/usr.sbin/ctld/chap.c (revision 367105) @@ -1,424 +1,423 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include "ctld.h" static void chap_compute_md5(const char id, const char *secret, const void *challenge, size_t challenge_len, void *response, size_t response_len) { MD5_CTX ctx; assert(response_len == CHAP_DIGEST_LEN); MD5Init(&ctx); MD5Update(&ctx, &id, sizeof(id)); MD5Update(&ctx, secret, strlen(secret)); MD5Update(&ctx, challenge, challenge_len); MD5Final(response, &ctx); } static int chap_hex2int(const char hex) { switch (hex) { case '0': return (0x00); case '1': return (0x01); case '2': return (0x02); case '3': return (0x03); case '4': return (0x04); case '5': return (0x05); case '6': return (0x06); case '7': return (0x07); case '8': return (0x08); case '9': return (0x09); case 'a': case 'A': return (0x0a); case 'b': case 'B': return (0x0b); case 'c': case 'C': return (0x0c); case 'd': case 'D': return (0x0d); case 'e': case 'E': return (0x0e); case 'f': case 'F': return (0x0f); default: return (-1); } } static int chap_b642bin(const char *b64, void **binp, size_t *bin_lenp) { char *bin; int b64_len, bin_len; b64_len = strlen(b64); bin_len = (b64_len + 3) / 4 * 3; bin = calloc(bin_len, 1); if (bin == NULL) log_err(1, "calloc"); bin_len = b64_pton(b64, bin, bin_len); if (bin_len < 0) { log_warnx("malformed base64 variable"); free(bin); return (-1); } *binp = bin; *bin_lenp = bin_len; return (0); } /* * XXX: Review this _carefully_. */ static int chap_hex2bin(const char *hex, void **binp, size_t *bin_lenp) { int i, hex_len, nibble; bool lo = true; /* As opposed to 'hi'. */ char *bin; size_t bin_off, bin_len; if (strncasecmp(hex, "0b", strlen("0b")) == 0) return (chap_b642bin(hex + 2, binp, bin_lenp)); if (strncasecmp(hex, "0x", strlen("0x")) != 0) { log_warnx("malformed variable, should start with \"0x\"" " or \"0b\""); return (-1); } hex += strlen("0x"); hex_len = strlen(hex); if (hex_len < 1) { log_warnx("malformed variable; doesn't contain anything " "but \"0x\""); return (-1); } bin_len = hex_len / 2 + hex_len % 2; bin = calloc(bin_len, 1); if (bin == NULL) log_err(1, "calloc"); bin_off = bin_len - 1; for (i = hex_len - 1; i >= 0; i--) { nibble = chap_hex2int(hex[i]); if (nibble < 0) { log_warnx("malformed variable, invalid char \"%c\"", hex[i]); free(bin); return (-1); } assert(bin_off < bin_len); if (lo) { bin[bin_off] = nibble; lo = false; } else { bin[bin_off] |= nibble << 4; bin_off--; lo = true; } } *binp = bin; *bin_lenp = bin_len; return (0); } #ifdef USE_BASE64 static char * chap_bin2hex(const char *bin, size_t bin_len) { unsigned char *b64, *tmp; size_t b64_len; b64_len = (bin_len + 2) / 3 * 4 + 3; /* +2 for "0b", +1 for '\0'. */ b64 = malloc(b64_len); if (b64 == NULL) log_err(1, "malloc"); tmp = b64; tmp += sprintf(tmp, "0b"); b64_ntop(bin, bin_len, tmp, b64_len - 2); return (b64); } #else static char * chap_bin2hex(const char *bin, size_t bin_len) { unsigned char *hex, *tmp, ch; size_t hex_len; size_t i; hex_len = bin_len * 2 + 3; /* +2 for "0x", +1 for '\0'. */ hex = malloc(hex_len); if (hex == NULL) log_err(1, "malloc"); tmp = hex; tmp += sprintf(tmp, "0x"); for (i = 0; i < bin_len; i++) { ch = bin[i]; tmp += sprintf(tmp, "%02x", ch); } return (hex); } #endif /* !USE_BASE64 */ struct chap * chap_new(void) { struct chap *chap; chap = calloc(1, sizeof(*chap)); if (chap == NULL) log_err(1, "calloc"); /* * Generate the challenge. */ arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge)); arc4random_buf(&chap->chap_id, sizeof(chap->chap_id)); return (chap); } char * chap_get_id(const struct chap *chap) { char *chap_i; int ret; ret = asprintf(&chap_i, "%d", chap->chap_id); if (ret < 0) log_err(1, "asprintf"); return (chap_i); } char * chap_get_challenge(const struct chap *chap) { char *chap_c; chap_c = chap_bin2hex(chap->chap_challenge, sizeof(chap->chap_challenge)); return (chap_c); } static int chap_receive_bin(struct chap *chap, void *response, size_t response_len) { if (response_len != sizeof(chap->chap_response)) { log_debugx("got CHAP response with invalid length; " "got %zd, should be %zd", response_len, sizeof(chap->chap_response)); return (1); } memcpy(chap->chap_response, response, response_len); return (0); } int chap_receive(struct chap *chap, const char *response) { void *response_bin; size_t response_bin_len; int error; error = chap_hex2bin(response, &response_bin, &response_bin_len); if (error != 0) { log_debugx("got incorrectly encoded CHAP response \"%s\"", response); return (1); } error = chap_receive_bin(chap, response_bin, response_bin_len); free(response_bin); return (error); } int chap_authenticate(struct chap *chap, const char *secret) { char expected_response[CHAP_DIGEST_LEN]; chap_compute_md5(chap->chap_id, secret, chap->chap_challenge, sizeof(chap->chap_challenge), expected_response, sizeof(expected_response)); if (memcmp(chap->chap_response, expected_response, sizeof(expected_response)) != 0) { return (-1); } return (0); } void chap_delete(struct chap *chap) { free(chap); } struct rchap * rchap_new(const char *secret) { struct rchap *rchap; rchap = calloc(1, sizeof(*rchap)); if (rchap == NULL) log_err(1, "calloc"); rchap->rchap_secret = checked_strdup(secret); return (rchap); } static void rchap_receive_bin(struct rchap *rchap, const unsigned char id, const void *challenge, size_t challenge_len) { rchap->rchap_id = id; rchap->rchap_challenge = calloc(challenge_len, 1); if (rchap->rchap_challenge == NULL) log_err(1, "calloc"); memcpy(rchap->rchap_challenge, challenge, challenge_len); rchap->rchap_challenge_len = challenge_len; } int rchap_receive(struct rchap *rchap, const char *id, const char *challenge) { unsigned char id_bin; void *challenge_bin; size_t challenge_bin_len; int error; id_bin = strtoul(id, NULL, 10); error = chap_hex2bin(challenge, &challenge_bin, &challenge_bin_len); if (error != 0) { log_debugx("got incorrectly encoded CHAP challenge \"%s\"", challenge); return (1); } rchap_receive_bin(rchap, id_bin, challenge_bin, challenge_bin_len); free(challenge_bin); return (0); } static void rchap_get_response_bin(struct rchap *rchap, void **responsep, size_t *response_lenp) { void *response_bin; size_t response_bin_len = CHAP_DIGEST_LEN; response_bin = calloc(response_bin_len, 1); if (response_bin == NULL) log_err(1, "calloc"); chap_compute_md5(rchap->rchap_id, rchap->rchap_secret, rchap->rchap_challenge, rchap->rchap_challenge_len, response_bin, response_bin_len); *responsep = response_bin; *response_lenp = response_bin_len; } char * rchap_get_response(struct rchap *rchap) { void *response; size_t response_len; char *chap_r; rchap_get_response_bin(rchap, &response, &response_len); chap_r = chap_bin2hex(response, response_len); free(response); return (chap_r); } void rchap_delete(struct rchap *rchap) { free(rchap->rchap_secret); free(rchap->rchap_challenge); free(rchap); } Index: head/usr.sbin/ctld/ctld.8 =================================================================== --- head/usr.sbin/ctld/ctld.8 (revision 367104) +++ head/usr.sbin/ctld/ctld.8 (revision 367105) @@ -1,134 +1,133 @@ .\" Copyright (c) 2012 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd March 31, 2020 .Dt CTLD 8 .Os .Sh NAME .Nm ctld .Nd CAM Target Layer / iSCSI target daemon .Sh SYNOPSIS .Nm .Op Fl d .Op Fl f Ar config-file .Op Fl u .Nm .Fl t .Op Fl f Ar config-file .Op Fl u .Sh DESCRIPTION The .Nm daemon is responsible for managing the CAM Target Layer configuration, accepting incoming iSCSI connections, performing authentication and passing connections to the kernel part of the native iSCSI target. .Pp Upon startup, the .Nm daemon parses the configuration file. If it encounters any errors, .Nm exits. It then compares the configuration with the kernel list of LUNs managed by previously running .Nm instances, removes LUNs no longer existing in the configuration file, and creates new LUNs as necessary. After that it listens for the incoming iSCSI connections, performs authentication, and, if successful, passes the connections to the kernel part of CTL iSCSI target, .Xr cfiscsi 4 , which handles it from that point. .Pp When it receives a SIGHUP signal, the .Nm reloads its configuration and applies the changes to the kernel. Changes are applied in a way that avoids unnecessary disruptions; for example removing one LUN does not affect other LUNs. .Pp When exiting gracefully, the .Nm daemon removes LUNs it managed and forcibly disconnects all the clients. Otherwise - for example, when killed with SIGKILL - LUNs stay configured and clients remain connected. .Pp To perform administrative actions that apply to already connected sessions, such as forcing termination, use .Xr ctladm 8 . .Pp The following options are available: .Bl -tag -width ".Fl P Ar pidfile" .It Fl f Ar config-file Specifies the name of the configuration file. The default is .Pa /etc/ctl.conf . .It Fl d Debug mode. The daemon sends verbose debug output to standard error, and does not put itself in the background. The daemon will also not fork and will exit after processing one connection. This option is only intended for debugging the target. .It Fl t Test the configuration file for validity and exit. .It Fl u Use UCL configuration file format instead of the traditional non-UCL format. .El .Sh FILES .Bl -tag -width ".Pa /var/run/ctld.pid" -compact .It Pa /etc/ctl.conf The configuration file for .Nm . The file format and configuration options are described in .Xr ctl.conf 5 . .It Pa /var/run/ctld.pid The default location of the .Nm PID file. .El .Sh EXIT STATUS The .Nm utility exits 0 on success, and >0 if an error occurs. .Sh SEE ALSO .Xr cfiscsi 4 , .Xr ctl 4 , .Xr ctl.conf 5 , .Xr ctladm 8 , .Xr ctlstat 8 .Sh HISTORY The .Nm command appeared in .Fx 10.0 . .Sh AUTHORS The .Nm was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/usr.sbin/ctld/ctld.c =================================================================== --- head/usr.sbin/ctld/ctld.c (revision 367104) +++ head/usr.sbin/ctld/ctld.c (revision 367105) @@ -1,2859 +1,2858 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ctld.h" #include "isns.h" bool proxy_mode = false; static volatile bool sighup_received = false; static volatile bool sigterm_received = false; static volatile bool sigalrm_received = false; static int nchildren = 0; static uint16_t last_portal_group_tag = 0xff; static void usage(void) { fprintf(stderr, "usage: ctld [-d][-u][-f config-file]\n"); fprintf(stderr, " ctld -t [-u][-f config-file]\n"); exit(1); } char * checked_strdup(const char *s) { char *c; c = strdup(s); if (c == NULL) log_err(1, "strdup"); return (c); } struct conf * conf_new(void) { struct conf *conf; conf = calloc(1, sizeof(*conf)); if (conf == NULL) log_err(1, "calloc"); TAILQ_INIT(&conf->conf_luns); TAILQ_INIT(&conf->conf_targets); TAILQ_INIT(&conf->conf_auth_groups); TAILQ_INIT(&conf->conf_ports); TAILQ_INIT(&conf->conf_portal_groups); TAILQ_INIT(&conf->conf_pports); TAILQ_INIT(&conf->conf_isns); conf->conf_isns_period = 900; conf->conf_isns_timeout = 5; conf->conf_debug = 0; conf->conf_timeout = 60; conf->conf_maxproc = 30; return (conf); } void conf_delete(struct conf *conf) { struct lun *lun, *ltmp; struct target *targ, *tmp; struct auth_group *ag, *cagtmp; struct portal_group *pg, *cpgtmp; struct pport *pp, *pptmp; struct isns *is, *istmp; assert(conf->conf_pidfh == NULL); TAILQ_FOREACH_SAFE(lun, &conf->conf_luns, l_next, ltmp) lun_delete(lun); TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp) target_delete(targ); TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp) auth_group_delete(ag); TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp) portal_group_delete(pg); TAILQ_FOREACH_SAFE(pp, &conf->conf_pports, pp_next, pptmp) pport_delete(pp); TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp) isns_delete(is); assert(TAILQ_EMPTY(&conf->conf_ports)); free(conf->conf_pidfile_path); free(conf); } static struct auth * auth_new(struct auth_group *ag) { struct auth *auth; auth = calloc(1, sizeof(*auth)); if (auth == NULL) log_err(1, "calloc"); auth->a_auth_group = ag; TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next); return (auth); } static void auth_delete(struct auth *auth) { TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next); free(auth->a_user); free(auth->a_secret); free(auth->a_mutual_user); free(auth->a_mutual_secret); free(auth); } const struct auth * auth_find(const struct auth_group *ag, const char *user) { const struct auth *auth; TAILQ_FOREACH(auth, &ag->ag_auths, a_next) { if (strcmp(auth->a_user, user) == 0) return (auth); } return (NULL); } static void auth_check_secret_length(struct auth *auth) { size_t len; len = strlen(auth->a_secret); if (len > 16) { if (auth->a_auth_group->ag_name != NULL) log_warnx("secret for user \"%s\", auth-group \"%s\", " "is too long; it should be at most 16 characters " "long", auth->a_user, auth->a_auth_group->ag_name); else log_warnx("secret for user \"%s\", target \"%s\", " "is too long; it should be at most 16 characters " "long", auth->a_user, auth->a_auth_group->ag_target->t_name); } if (len < 12) { if (auth->a_auth_group->ag_name != NULL) log_warnx("secret for user \"%s\", auth-group \"%s\", " "is too short; it should be at least 12 characters " "long", auth->a_user, auth->a_auth_group->ag_name); else log_warnx("secret for user \"%s\", target \"%s\", " "is too short; it should be at least 12 characters " "long", auth->a_user, auth->a_auth_group->ag_target->t_name); } if (auth->a_mutual_secret != NULL) { len = strlen(auth->a_mutual_secret); if (len > 16) { if (auth->a_auth_group->ag_name != NULL) log_warnx("mutual secret for user \"%s\", " "auth-group \"%s\", is too long; it should " "be at most 16 characters long", auth->a_user, auth->a_auth_group->ag_name); else log_warnx("mutual secret for user \"%s\", " "target \"%s\", is too long; it should " "be at most 16 characters long", auth->a_user, auth->a_auth_group->ag_target->t_name); } if (len < 12) { if (auth->a_auth_group->ag_name != NULL) log_warnx("mutual secret for user \"%s\", " "auth-group \"%s\", is too short; it " "should be at least 12 characters long", auth->a_user, auth->a_auth_group->ag_name); else log_warnx("mutual secret for user \"%s\", " "target \"%s\", is too short; it should be " "at least 12 characters long", auth->a_user, auth->a_auth_group->ag_target->t_name); } } } const struct auth * auth_new_chap(struct auth_group *ag, const char *user, const char *secret) { struct auth *auth; if (ag->ag_type == AG_TYPE_UNKNOWN) ag->ag_type = AG_TYPE_CHAP; if (ag->ag_type != AG_TYPE_CHAP) { if (ag->ag_name != NULL) log_warnx("cannot mix \"chap\" authentication with " "other types for auth-group \"%s\"", ag->ag_name); else log_warnx("cannot mix \"chap\" authentication with " "other types for target \"%s\"", ag->ag_target->t_name); return (NULL); } auth = auth_new(ag); auth->a_user = checked_strdup(user); auth->a_secret = checked_strdup(secret); auth_check_secret_length(auth); return (auth); } const struct auth * auth_new_chap_mutual(struct auth_group *ag, const char *user, const char *secret, const char *user2, const char *secret2) { struct auth *auth; if (ag->ag_type == AG_TYPE_UNKNOWN) ag->ag_type = AG_TYPE_CHAP_MUTUAL; if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) { if (ag->ag_name != NULL) log_warnx("cannot mix \"chap-mutual\" authentication " "with other types for auth-group \"%s\"", ag->ag_name); else log_warnx("cannot mix \"chap-mutual\" authentication " "with other types for target \"%s\"", ag->ag_target->t_name); return (NULL); } auth = auth_new(ag); auth->a_user = checked_strdup(user); auth->a_secret = checked_strdup(secret); auth->a_mutual_user = checked_strdup(user2); auth->a_mutual_secret = checked_strdup(secret2); auth_check_secret_length(auth); return (auth); } const struct auth_name * auth_name_new(struct auth_group *ag, const char *name) { struct auth_name *an; an = calloc(1, sizeof(*an)); if (an == NULL) log_err(1, "calloc"); an->an_auth_group = ag; an->an_initator_name = checked_strdup(name); TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next); return (an); } static void auth_name_delete(struct auth_name *an) { TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next); free(an->an_initator_name); free(an); } bool auth_name_defined(const struct auth_group *ag) { if (TAILQ_EMPTY(&ag->ag_names)) return (false); return (true); } const struct auth_name * auth_name_find(const struct auth_group *ag, const char *name) { const struct auth_name *auth_name; TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) { if (strcmp(auth_name->an_initator_name, name) == 0) return (auth_name); } return (NULL); } int auth_name_check(const struct auth_group *ag, const char *initiator_name) { if (!auth_name_defined(ag)) return (0); if (auth_name_find(ag, initiator_name) == NULL) return (1); return (0); } const struct auth_portal * auth_portal_new(struct auth_group *ag, const char *portal) { struct auth_portal *ap; char *net, *mask, *str, *tmp; int len, dm, m; ap = calloc(1, sizeof(*ap)); if (ap == NULL) log_err(1, "calloc"); ap->ap_auth_group = ag; ap->ap_initator_portal = checked_strdup(portal); mask = str = checked_strdup(portal); net = strsep(&mask, "/"); if (net[0] == '[') net++; len = strlen(net); if (len == 0) goto error; if (net[len - 1] == ']') net[len - 1] = 0; if (strchr(net, ':') != NULL) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ap->ap_sa; sin6->sin6_len = sizeof(*sin6); sin6->sin6_family = AF_INET6; if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0) goto error; dm = 128; } else { struct sockaddr_in *sin = (struct sockaddr_in *)&ap->ap_sa; sin->sin_len = sizeof(*sin); sin->sin_family = AF_INET; if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0) goto error; dm = 32; } if (mask != NULL) { m = strtol(mask, &tmp, 0); if (m < 0 || m > dm || tmp[0] != 0) goto error; } else m = dm; ap->ap_mask = m; free(str); TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next); return (ap); error: free(str); free(ap); log_warnx("incorrect initiator portal \"%s\"", portal); return (NULL); } static void auth_portal_delete(struct auth_portal *ap) { TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next); free(ap->ap_initator_portal); free(ap); } bool auth_portal_defined(const struct auth_group *ag) { if (TAILQ_EMPTY(&ag->ag_portals)) return (false); return (true); } const struct auth_portal * auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss) { const struct auth_portal *ap; const uint8_t *a, *b; int i; uint8_t bmask; TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) { if (ap->ap_sa.ss_family != ss->ss_family) continue; if (ss->ss_family == AF_INET) { a = (const uint8_t *) &((const struct sockaddr_in *)ss)->sin_addr; b = (const uint8_t *) &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr; } else { a = (const uint8_t *) &((const struct sockaddr_in6 *)ss)->sin6_addr; b = (const uint8_t *) &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr; } for (i = 0; i < ap->ap_mask / 8; i++) { if (a[i] != b[i]) goto next; } if (ap->ap_mask % 8) { bmask = 0xff << (8 - (ap->ap_mask % 8)); if ((a[i] & bmask) != (b[i] & bmask)) goto next; } return (ap); next: ; } return (NULL); } int auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa) { if (!auth_portal_defined(ag)) return (0); if (auth_portal_find(ag, sa) == NULL) return (1); return (0); } struct auth_group * auth_group_new(struct conf *conf, const char *name) { struct auth_group *ag; if (name != NULL) { ag = auth_group_find(conf, name); if (ag != NULL) { log_warnx("duplicated auth-group \"%s\"", name); return (NULL); } } ag = calloc(1, sizeof(*ag)); if (ag == NULL) log_err(1, "calloc"); if (name != NULL) ag->ag_name = checked_strdup(name); TAILQ_INIT(&ag->ag_auths); TAILQ_INIT(&ag->ag_names); TAILQ_INIT(&ag->ag_portals); ag->ag_conf = conf; TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next); return (ag); } void auth_group_delete(struct auth_group *ag) { struct auth *auth, *auth_tmp; struct auth_name *auth_name, *auth_name_tmp; struct auth_portal *auth_portal, *auth_portal_tmp; TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next); TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp) auth_delete(auth); TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp) auth_name_delete(auth_name); TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next, auth_portal_tmp) auth_portal_delete(auth_portal); free(ag->ag_name); free(ag); } struct auth_group * auth_group_find(const struct conf *conf, const char *name) { struct auth_group *ag; TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0) return (ag); } return (NULL); } int auth_group_set_type(struct auth_group *ag, const char *str) { int type; if (strcmp(str, "none") == 0) { type = AG_TYPE_NO_AUTHENTICATION; } else if (strcmp(str, "deny") == 0) { type = AG_TYPE_DENY; } else if (strcmp(str, "chap") == 0) { type = AG_TYPE_CHAP; } else if (strcmp(str, "chap-mutual") == 0) { type = AG_TYPE_CHAP_MUTUAL; } else { if (ag->ag_name != NULL) log_warnx("invalid auth-type \"%s\" for auth-group " "\"%s\"", str, ag->ag_name); else log_warnx("invalid auth-type \"%s\" for target " "\"%s\"", str, ag->ag_target->t_name); return (1); } if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) { if (ag->ag_name != NULL) { log_warnx("cannot set auth-type to \"%s\" for " "auth-group \"%s\"; already has a different " "type", str, ag->ag_name); } else { log_warnx("cannot set auth-type to \"%s\" for target " "\"%s\"; already has a different type", str, ag->ag_target->t_name); } return (1); } ag->ag_type = type; return (0); } static struct portal * portal_new(struct portal_group *pg) { struct portal *portal; portal = calloc(1, sizeof(*portal)); if (portal == NULL) log_err(1, "calloc"); TAILQ_INIT(&portal->p_targets); portal->p_portal_group = pg; TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next); return (portal); } static void portal_delete(struct portal *portal) { TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next); if (portal->p_ai != NULL) freeaddrinfo(portal->p_ai); free(portal->p_listen); free(portal); } struct portal_group * portal_group_new(struct conf *conf, const char *name) { struct portal_group *pg; pg = portal_group_find(conf, name); if (pg != NULL) { log_warnx("duplicated portal-group \"%s\"", name); return (NULL); } pg = calloc(1, sizeof(*pg)); if (pg == NULL) log_err(1, "calloc"); pg->pg_name = checked_strdup(name); TAILQ_INIT(&pg->pg_options); TAILQ_INIT(&pg->pg_portals); TAILQ_INIT(&pg->pg_ports); pg->pg_conf = conf; pg->pg_tag = 0; /* Assigned later in conf_apply(). */ pg->pg_dscp = -1; pg->pg_pcp = -1; TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next); return (pg); } void portal_group_delete(struct portal_group *pg) { struct portal *portal, *tmp; struct port *port, *tport; struct option *o, *otmp; TAILQ_FOREACH_SAFE(port, &pg->pg_ports, p_pgs, tport) port_delete(port); TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next); TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp) portal_delete(portal); TAILQ_FOREACH_SAFE(o, &pg->pg_options, o_next, otmp) option_delete(&pg->pg_options, o); free(pg->pg_name); free(pg->pg_offload); free(pg->pg_redirection); free(pg); } struct portal_group * portal_group_find(const struct conf *conf, const char *name) { struct portal_group *pg; TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { if (strcmp(pg->pg_name, name) == 0) return (pg); } return (NULL); } static int parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai) { struct addrinfo hints; char *str, *addr, *ch; const char *port; int error, colons = 0; str = arg = strdup(arg); if (arg[0] == '[') { /* * IPv6 address in square brackets, perhaps with port. */ arg++; addr = strsep(&arg, "]"); if (arg == NULL) { free(str); return (1); } if (arg[0] == '\0') { port = def_port; } else if (arg[0] == ':') { port = arg + 1; } else { free(str); return (1); } } else { /* * Either IPv6 address without brackets - and without * a port - or IPv4 address. Just count the colons. */ for (ch = arg; *ch != '\0'; ch++) { if (*ch == ':') colons++; } if (colons > 1) { addr = arg; port = def_port; } else { addr = strsep(&arg, ":"); if (arg == NULL) port = def_port; else port = arg; } } memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE; error = getaddrinfo(addr, port, &hints, ai); free(str); return ((error != 0) ? 1 : 0); } int portal_group_add_listen(struct portal_group *pg, const char *value, bool iser) { struct portal *portal; portal = portal_new(pg); portal->p_listen = checked_strdup(value); portal->p_iser = iser; if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) { log_warnx("invalid listen address %s", portal->p_listen); portal_delete(portal); return (1); } /* * XXX: getaddrinfo(3) may return multiple addresses; we should turn * those into multiple portals. */ return (0); } int isns_new(struct conf *conf, const char *addr) { struct isns *isns; isns = calloc(1, sizeof(*isns)); if (isns == NULL) log_err(1, "calloc"); isns->i_conf = conf; TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next); isns->i_addr = checked_strdup(addr); if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) { log_warnx("invalid iSNS address %s", isns->i_addr); isns_delete(isns); return (1); } /* * XXX: getaddrinfo(3) may return multiple addresses; we should turn * those into multiple servers. */ return (0); } void isns_delete(struct isns *isns) { TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next); free(isns->i_addr); if (isns->i_ai != NULL) freeaddrinfo(isns->i_ai); free(isns); } static int isns_do_connect(struct isns *isns) { int s; s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype, isns->i_ai->ai_protocol); if (s < 0) { log_warn("socket(2) failed for %s", isns->i_addr); return (-1); } if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) { log_warn("connect(2) failed for %s", isns->i_addr); close(s); return (-1); } return(s); } static int isns_do_register(struct isns *isns, int s, const char *hostname) { struct conf *conf = isns->i_conf; struct target *target; struct portal *portal; struct portal_group *pg; struct port *port; struct isns_req *req; int res = 0; uint32_t error; req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT); isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); isns_req_add_delim(req); isns_req_add_str(req, 1, hostname); isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */ isns_req_add_32(req, 6, conf->conf_isns_period); TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { if (pg->pg_unassigned) continue; TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { isns_req_add_addr(req, 16, portal->p_ai); isns_req_add_port(req, 17, portal->p_ai); } } TAILQ_FOREACH(target, &conf->conf_targets, t_next) { isns_req_add_str(req, 32, target->t_name); isns_req_add_32(req, 33, 1); /* 1 -- Target*/ if (target->t_alias != NULL) isns_req_add_str(req, 34, target->t_alias); TAILQ_FOREACH(port, &target->t_ports, p_ts) { if ((pg = port->p_portal_group) == NULL) continue; isns_req_add_32(req, 51, pg->pg_tag); TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { isns_req_add_addr(req, 49, portal->p_ai); isns_req_add_port(req, 50, portal->p_ai); } } } res = isns_req_send(s, req); if (res < 0) { log_warn("send(2) failed for %s", isns->i_addr); goto quit; } res = isns_req_receive(s, req); if (res < 0) { log_warn("receive(2) failed for %s", isns->i_addr); goto quit; } error = isns_req_get_status(req); if (error != 0) { log_warnx("iSNS register error %d for %s", error, isns->i_addr); res = -1; } quit: isns_req_free(req); return (res); } static int isns_do_check(struct isns *isns, int s, const char *hostname) { struct conf *conf = isns->i_conf; struct isns_req *req; int res = 0; uint32_t error; req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT); isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); isns_req_add_str(req, 1, hostname); isns_req_add_delim(req); isns_req_add(req, 2, 0, NULL); res = isns_req_send(s, req); if (res < 0) { log_warn("send(2) failed for %s", isns->i_addr); goto quit; } res = isns_req_receive(s, req); if (res < 0) { log_warn("receive(2) failed for %s", isns->i_addr); goto quit; } error = isns_req_get_status(req); if (error != 0) { log_warnx("iSNS check error %d for %s", error, isns->i_addr); res = -1; } quit: isns_req_free(req); return (res); } static int isns_do_deregister(struct isns *isns, int s, const char *hostname) { struct conf *conf = isns->i_conf; struct isns_req *req; int res = 0; uint32_t error; req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT); isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); isns_req_add_delim(req); isns_req_add_str(req, 1, hostname); res = isns_req_send(s, req); if (res < 0) { log_warn("send(2) failed for %s", isns->i_addr); goto quit; } res = isns_req_receive(s, req); if (res < 0) { log_warn("receive(2) failed for %s", isns->i_addr); goto quit; } error = isns_req_get_status(req); if (error != 0) { log_warnx("iSNS deregister error %d for %s", error, isns->i_addr); res = -1; } quit: isns_req_free(req); return (res); } void isns_register(struct isns *isns, struct isns *oldisns) { struct conf *conf = isns->i_conf; int error, s; char hostname[256]; if (TAILQ_EMPTY(&conf->conf_targets) || TAILQ_EMPTY(&conf->conf_portal_groups)) return; set_timeout(conf->conf_isns_timeout, false); s = isns_do_connect(isns); if (s < 0) { set_timeout(0, false); return; } error = gethostname(hostname, sizeof(hostname)); if (error != 0) log_err(1, "gethostname"); if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets)) oldisns = isns; isns_do_deregister(oldisns, s, hostname); isns_do_register(isns, s, hostname); close(s); set_timeout(0, false); } void isns_check(struct isns *isns) { struct conf *conf = isns->i_conf; int error, s, res; char hostname[256]; if (TAILQ_EMPTY(&conf->conf_targets) || TAILQ_EMPTY(&conf->conf_portal_groups)) return; set_timeout(conf->conf_isns_timeout, false); s = isns_do_connect(isns); if (s < 0) { set_timeout(0, false); return; } error = gethostname(hostname, sizeof(hostname)); if (error != 0) log_err(1, "gethostname"); res = isns_do_check(isns, s, hostname); if (res < 0) { isns_do_deregister(isns, s, hostname); isns_do_register(isns, s, hostname); } close(s); set_timeout(0, false); } void isns_deregister(struct isns *isns) { struct conf *conf = isns->i_conf; int error, s; char hostname[256]; if (TAILQ_EMPTY(&conf->conf_targets) || TAILQ_EMPTY(&conf->conf_portal_groups)) return; set_timeout(conf->conf_isns_timeout, false); s = isns_do_connect(isns); if (s < 0) return; error = gethostname(hostname, sizeof(hostname)); if (error != 0) log_err(1, "gethostname"); isns_do_deregister(isns, s, hostname); close(s); set_timeout(0, false); } int portal_group_set_filter(struct portal_group *pg, const char *str) { int filter; if (strcmp(str, "none") == 0) { filter = PG_FILTER_NONE; } else if (strcmp(str, "portal") == 0) { filter = PG_FILTER_PORTAL; } else if (strcmp(str, "portal-name") == 0) { filter = PG_FILTER_PORTAL_NAME; } else if (strcmp(str, "portal-name-auth") == 0) { filter = PG_FILTER_PORTAL_NAME_AUTH; } else { log_warnx("invalid discovery-filter \"%s\" for portal-group " "\"%s\"; valid values are \"none\", \"portal\", " "\"portal-name\", and \"portal-name-auth\"", str, pg->pg_name); return (1); } if (pg->pg_discovery_filter != PG_FILTER_UNKNOWN && pg->pg_discovery_filter != filter) { log_warnx("cannot set discovery-filter to \"%s\" for " "portal-group \"%s\"; already has a different " "value", str, pg->pg_name); return (1); } pg->pg_discovery_filter = filter; return (0); } int portal_group_set_offload(struct portal_group *pg, const char *offload) { if (pg->pg_offload != NULL) { log_warnx("cannot set offload to \"%s\" for " "portal-group \"%s\"; already defined", offload, pg->pg_name); return (1); } pg->pg_offload = checked_strdup(offload); return (0); } int portal_group_set_redirection(struct portal_group *pg, const char *addr) { if (pg->pg_redirection != NULL) { log_warnx("cannot set redirection to \"%s\" for " "portal-group \"%s\"; already defined", addr, pg->pg_name); return (1); } pg->pg_redirection = checked_strdup(addr); return (0); } static bool valid_hex(const char ch) { switch (ch) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': case 'a': case 'A': case 'b': case 'B': case 'c': case 'C': case 'd': case 'D': case 'e': case 'E': case 'f': case 'F': return (true); default: return (false); } } bool valid_iscsi_name(const char *name) { int i; if (strlen(name) >= MAX_NAME_LEN) { log_warnx("overlong name for target \"%s\"; max length allowed " "by iSCSI specification is %d characters", name, MAX_NAME_LEN); return (false); } /* * In the cases below, we don't return an error, just in case the admin * was right, and we're wrong. */ if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) { for (i = strlen("iqn."); name[i] != '\0'; i++) { /* * XXX: We should verify UTF-8 normalisation, as defined * by 3.2.6.2: iSCSI Name Encoding. */ if (isalnum(name[i])) continue; if (name[i] == '-' || name[i] == '.' || name[i] == ':') continue; log_warnx("invalid character \"%c\" in target name " "\"%s\"; allowed characters are letters, digits, " "'-', '.', and ':'", name[i], name); break; } /* * XXX: Check more stuff: valid date and a valid reversed domain. */ } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) { if (strlen(name) != strlen("eui.") + 16) log_warnx("invalid target name \"%s\"; the \"eui.\" " "should be followed by exactly 16 hexadecimal " "digits", name); for (i = strlen("eui."); name[i] != '\0'; i++) { if (!valid_hex(name[i])) { log_warnx("invalid character \"%c\" in target " "name \"%s\"; allowed characters are 1-9 " "and A-F", name[i], name); break; } } } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) { if (strlen(name) > strlen("naa.") + 32) log_warnx("invalid target name \"%s\"; the \"naa.\" " "should be followed by at most 32 hexadecimal " "digits", name); for (i = strlen("naa."); name[i] != '\0'; i++) { if (!valid_hex(name[i])) { log_warnx("invalid character \"%c\" in target " "name \"%s\"; allowed characters are 1-9 " "and A-F", name[i], name); break; } } } else { log_warnx("invalid target name \"%s\"; should start with " "either \"iqn.\", \"eui.\", or \"naa.\"", name); } return (true); } struct pport * pport_new(struct conf *conf, const char *name, uint32_t ctl_port) { struct pport *pp; pp = calloc(1, sizeof(*pp)); if (pp == NULL) log_err(1, "calloc"); pp->pp_conf = conf; pp->pp_name = checked_strdup(name); pp->pp_ctl_port = ctl_port; TAILQ_INIT(&pp->pp_ports); TAILQ_INSERT_TAIL(&conf->conf_pports, pp, pp_next); return (pp); } struct pport * pport_find(const struct conf *conf, const char *name) { struct pport *pp; TAILQ_FOREACH(pp, &conf->conf_pports, pp_next) { if (strcasecmp(pp->pp_name, name) == 0) return (pp); } return (NULL); } struct pport * pport_copy(struct pport *pp, struct conf *conf) { struct pport *ppnew; ppnew = pport_new(conf, pp->pp_name, pp->pp_ctl_port); return (ppnew); } void pport_delete(struct pport *pp) { struct port *port, *tport; TAILQ_FOREACH_SAFE(port, &pp->pp_ports, p_ts, tport) port_delete(port); TAILQ_REMOVE(&pp->pp_conf->conf_pports, pp, pp_next); free(pp->pp_name); free(pp); } struct port * port_new(struct conf *conf, struct target *target, struct portal_group *pg) { struct port *port; char *name; int ret; ret = asprintf(&name, "%s-%s", pg->pg_name, target->t_name); if (ret <= 0) log_err(1, "asprintf"); if (port_find(conf, name) != NULL) { log_warnx("duplicate port \"%s\"", name); free(name); return (NULL); } port = calloc(1, sizeof(*port)); if (port == NULL) log_err(1, "calloc"); port->p_conf = conf; port->p_name = name; port->p_ioctl_port = 0; TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); port->p_target = target; TAILQ_INSERT_TAIL(&pg->pg_ports, port, p_pgs); port->p_portal_group = pg; return (port); } struct port * port_new_ioctl(struct conf *conf, struct target *target, int pp, int vp) { struct pport *pport; struct port *port; char *pname; char *name; int ret; ret = asprintf(&pname, "ioctl/%d/%d", pp, vp); if (ret <= 0) { log_err(1, "asprintf"); return (NULL); } pport = pport_find(conf, pname); if (pport != NULL) { free(pname); return (port_new_pp(conf, target, pport)); } ret = asprintf(&name, "%s-%s", pname, target->t_name); free(pname); if (ret <= 0) log_err(1, "asprintf"); if (port_find(conf, name) != NULL) { log_warnx("duplicate port \"%s\"", name); free(name); return (NULL); } port = calloc(1, sizeof(*port)); if (port == NULL) log_err(1, "calloc"); port->p_conf = conf; port->p_name = name; port->p_ioctl_port = 1; port->p_ioctl_pp = pp; port->p_ioctl_vp = vp; TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); port->p_target = target; return (port); } struct port * port_new_pp(struct conf *conf, struct target *target, struct pport *pp) { struct port *port; char *name; int ret; ret = asprintf(&name, "%s-%s", pp->pp_name, target->t_name); if (ret <= 0) log_err(1, "asprintf"); if (port_find(conf, name) != NULL) { log_warnx("duplicate port \"%s\"", name); free(name); return (NULL); } port = calloc(1, sizeof(*port)); if (port == NULL) log_err(1, "calloc"); port->p_conf = conf; port->p_name = name; TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); port->p_target = target; TAILQ_INSERT_TAIL(&pp->pp_ports, port, p_pps); port->p_pport = pp; return (port); } struct port * port_find(const struct conf *conf, const char *name) { struct port *port; TAILQ_FOREACH(port, &conf->conf_ports, p_next) { if (strcasecmp(port->p_name, name) == 0) return (port); } return (NULL); } struct port * port_find_in_pg(const struct portal_group *pg, const char *target) { struct port *port; TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) { if (strcasecmp(port->p_target->t_name, target) == 0) return (port); } return (NULL); } void port_delete(struct port *port) { if (port->p_portal_group) TAILQ_REMOVE(&port->p_portal_group->pg_ports, port, p_pgs); if (port->p_pport) TAILQ_REMOVE(&port->p_pport->pp_ports, port, p_pps); if (port->p_target) TAILQ_REMOVE(&port->p_target->t_ports, port, p_ts); TAILQ_REMOVE(&port->p_conf->conf_ports, port, p_next); free(port->p_name); free(port); } int port_is_dummy(struct port *port) { if (port->p_portal_group) { if (port->p_portal_group->pg_foreign) return (1); if (TAILQ_EMPTY(&port->p_portal_group->pg_portals)) return (1); } return (0); } struct target * target_new(struct conf *conf, const char *name) { struct target *targ; int i, len; targ = target_find(conf, name); if (targ != NULL) { log_warnx("duplicated target \"%s\"", name); return (NULL); } if (valid_iscsi_name(name) == false) { log_warnx("target name \"%s\" is invalid", name); return (NULL); } targ = calloc(1, sizeof(*targ)); if (targ == NULL) log_err(1, "calloc"); targ->t_name = checked_strdup(name); /* * RFC 3722 requires us to normalize the name to lowercase. */ len = strlen(name); for (i = 0; i < len; i++) targ->t_name[i] = tolower(targ->t_name[i]); targ->t_conf = conf; TAILQ_INIT(&targ->t_ports); TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next); return (targ); } void target_delete(struct target *targ) { struct port *port, *tport; TAILQ_FOREACH_SAFE(port, &targ->t_ports, p_ts, tport) port_delete(port); TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next); free(targ->t_name); free(targ->t_redirection); free(targ); } struct target * target_find(struct conf *conf, const char *name) { struct target *targ; TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { if (strcasecmp(targ->t_name, name) == 0) return (targ); } return (NULL); } int target_set_redirection(struct target *target, const char *addr) { if (target->t_redirection != NULL) { log_warnx("cannot set redirection to \"%s\" for " "target \"%s\"; already defined", addr, target->t_name); return (1); } target->t_redirection = checked_strdup(addr); return (0); } struct lun * lun_new(struct conf *conf, const char *name) { struct lun *lun; lun = lun_find(conf, name); if (lun != NULL) { log_warnx("duplicated lun \"%s\"", name); return (NULL); } lun = calloc(1, sizeof(*lun)); if (lun == NULL) log_err(1, "calloc"); lun->l_conf = conf; lun->l_name = checked_strdup(name); TAILQ_INIT(&lun->l_options); TAILQ_INSERT_TAIL(&conf->conf_luns, lun, l_next); lun->l_ctl_lun = -1; return (lun); } void lun_delete(struct lun *lun) { struct target *targ; struct option *o, *tmp; int i; TAILQ_FOREACH(targ, &lun->l_conf->conf_targets, t_next) { for (i = 0; i < MAX_LUNS; i++) { if (targ->t_luns[i] == lun) targ->t_luns[i] = NULL; } } TAILQ_REMOVE(&lun->l_conf->conf_luns, lun, l_next); TAILQ_FOREACH_SAFE(o, &lun->l_options, o_next, tmp) option_delete(&lun->l_options, o); free(lun->l_name); free(lun->l_backend); free(lun->l_device_id); free(lun->l_path); free(lun->l_scsiname); free(lun->l_serial); free(lun); } struct lun * lun_find(const struct conf *conf, const char *name) { struct lun *lun; TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { if (strcmp(lun->l_name, name) == 0) return (lun); } return (NULL); } void lun_set_backend(struct lun *lun, const char *value) { free(lun->l_backend); lun->l_backend = checked_strdup(value); } void lun_set_blocksize(struct lun *lun, size_t value) { lun->l_blocksize = value; } void lun_set_device_type(struct lun *lun, uint8_t value) { lun->l_device_type = value; } void lun_set_device_id(struct lun *lun, const char *value) { free(lun->l_device_id); lun->l_device_id = checked_strdup(value); } void lun_set_path(struct lun *lun, const char *value) { free(lun->l_path); lun->l_path = checked_strdup(value); } void lun_set_scsiname(struct lun *lun, const char *value) { free(lun->l_scsiname); lun->l_scsiname = checked_strdup(value); } void lun_set_serial(struct lun *lun, const char *value) { free(lun->l_serial); lun->l_serial = checked_strdup(value); } void lun_set_size(struct lun *lun, size_t value) { lun->l_size = value; } void lun_set_ctl_lun(struct lun *lun, uint32_t value) { lun->l_ctl_lun = value; } struct option * option_new(struct options *options, const char *name, const char *value) { struct option *o; o = option_find(options, name); if (o != NULL) { log_warnx("duplicated option \"%s\"", name); return (NULL); } o = calloc(1, sizeof(*o)); if (o == NULL) log_err(1, "calloc"); o->o_name = checked_strdup(name); o->o_value = checked_strdup(value); TAILQ_INSERT_TAIL(options, o, o_next); return (o); } void option_delete(struct options *options, struct option *o) { TAILQ_REMOVE(options, o, o_next); free(o->o_name); free(o->o_value); free(o); } struct option * option_find(const struct options *options, const char *name) { struct option *o; TAILQ_FOREACH(o, options, o_next) { if (strcmp(o->o_name, name) == 0) return (o); } return (NULL); } void option_set(struct option *o, const char *value) { free(o->o_value); o->o_value = checked_strdup(value); } static struct connection * connection_new(struct portal *portal, int fd, const char *host, const struct sockaddr *client_sa) { struct connection *conn; conn = calloc(1, sizeof(*conn)); if (conn == NULL) log_err(1, "calloc"); conn->conn_portal = portal; conn->conn_socket = fd; conn->conn_initiator_addr = checked_strdup(host); memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len); /* * Default values, from RFC 3720, section 12. */ conn->conn_max_recv_data_segment_length = 8192; conn->conn_max_send_data_segment_length = 8192; conn->conn_max_burst_length = 262144; conn->conn_first_burst_length = 65536; conn->conn_immediate_data = true; return (conn); } #if 0 static void conf_print(struct conf *conf) { struct auth_group *ag; struct auth *auth; struct auth_name *auth_name; struct auth_portal *auth_portal; struct portal_group *pg; struct portal *portal; struct target *targ; struct lun *lun; struct option *o; TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { fprintf(stderr, "auth-group %s {\n", ag->ag_name); TAILQ_FOREACH(auth, &ag->ag_auths, a_next) fprintf(stderr, "\t chap-mutual %s %s %s %s\n", auth->a_user, auth->a_secret, auth->a_mutual_user, auth->a_mutual_secret); TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) fprintf(stderr, "\t initiator-name %s\n", auth_name->an_initator_name); TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next) fprintf(stderr, "\t initiator-portal %s\n", auth_portal->ap_initator_portal); fprintf(stderr, "}\n"); } TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { fprintf(stderr, "portal-group %s {\n", pg->pg_name); TAILQ_FOREACH(portal, &pg->pg_portals, p_next) fprintf(stderr, "\t listen %s\n", portal->p_listen); fprintf(stderr, "}\n"); } TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { fprintf(stderr, "\tlun %s {\n", lun->l_name); fprintf(stderr, "\t\tpath %s\n", lun->l_path); TAILQ_FOREACH(o, &lun->l_options, o_next) fprintf(stderr, "\t\toption %s %s\n", o->o_name, o->o_value); fprintf(stderr, "\t}\n"); } TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { fprintf(stderr, "target %s {\n", targ->t_name); if (targ->t_alias != NULL) fprintf(stderr, "\t alias %s\n", targ->t_alias); fprintf(stderr, "}\n"); } } #endif static int conf_verify_lun(struct lun *lun) { const struct lun *lun2; if (lun->l_backend == NULL) lun_set_backend(lun, "block"); if (strcmp(lun->l_backend, "block") == 0) { if (lun->l_path == NULL) { log_warnx("missing path for lun \"%s\"", lun->l_name); return (1); } } else if (strcmp(lun->l_backend, "ramdisk") == 0) { if (lun->l_size == 0) { log_warnx("missing size for ramdisk-backed lun \"%s\"", lun->l_name); return (1); } if (lun->l_path != NULL) { log_warnx("path must not be specified " "for ramdisk-backed lun \"%s\"", lun->l_name); return (1); } } if (lun->l_blocksize == 0) { if (lun->l_device_type == 5) lun_set_blocksize(lun, DEFAULT_CD_BLOCKSIZE); else lun_set_blocksize(lun, DEFAULT_BLOCKSIZE); } else if (lun->l_blocksize < 0) { log_warnx("invalid blocksize for lun \"%s\"; " "must be larger than 0", lun->l_name); return (1); } if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) { log_warnx("invalid size for lun \"%s\"; " "must be multiple of blocksize", lun->l_name); return (1); } TAILQ_FOREACH(lun2, &lun->l_conf->conf_luns, l_next) { if (lun == lun2) continue; if (lun->l_path != NULL && lun2->l_path != NULL && strcmp(lun->l_path, lun2->l_path) == 0) { log_debugx("WARNING: path \"%s\" duplicated " "between lun \"%s\", and " "lun \"%s\"", lun->l_path, lun->l_name, lun2->l_name); } } return (0); } int conf_verify(struct conf *conf) { struct auth_group *ag; struct portal_group *pg; struct port *port; struct target *targ; struct lun *lun; bool found; int error, i; if (conf->conf_pidfile_path == NULL) conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE); TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { error = conf_verify_lun(lun); if (error != 0) return (error); } TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { if (targ->t_auth_group == NULL) { targ->t_auth_group = auth_group_find(conf, "default"); assert(targ->t_auth_group != NULL); } if (TAILQ_EMPTY(&targ->t_ports)) { pg = portal_group_find(conf, "default"); assert(pg != NULL); port_new(conf, targ, pg); } found = false; for (i = 0; i < MAX_LUNS; i++) { if (targ->t_luns[i] != NULL) found = true; } if (!found && targ->t_redirection == NULL) { log_warnx("no LUNs defined for target \"%s\"", targ->t_name); } if (found && targ->t_redirection != NULL) { log_debugx("target \"%s\" contains luns, " " but configured for redirection", targ->t_name); } } TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { assert(pg->pg_name != NULL); if (pg->pg_discovery_auth_group == NULL) { pg->pg_discovery_auth_group = auth_group_find(conf, "default"); assert(pg->pg_discovery_auth_group != NULL); } if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN) pg->pg_discovery_filter = PG_FILTER_NONE; if (pg->pg_redirection != NULL) { if (!TAILQ_EMPTY(&pg->pg_ports)) { log_debugx("portal-group \"%s\" assigned " "to target, but configured " "for redirection", pg->pg_name); } pg->pg_unassigned = false; } else if (!TAILQ_EMPTY(&pg->pg_ports)) { pg->pg_unassigned = false; } else { if (strcmp(pg->pg_name, "default") != 0) log_warnx("portal-group \"%s\" not assigned " "to any target", pg->pg_name); pg->pg_unassigned = true; } } TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { if (ag->ag_name == NULL) assert(ag->ag_target != NULL); else assert(ag->ag_target == NULL); found = false; TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { if (targ->t_auth_group == ag) { found = true; break; } } TAILQ_FOREACH(port, &conf->conf_ports, p_next) { if (port->p_auth_group == ag) { found = true; break; } } TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { if (pg->pg_discovery_auth_group == ag) { found = true; break; } } if (!found && ag->ag_name != NULL && strcmp(ag->ag_name, "default") != 0 && strcmp(ag->ag_name, "no-authentication") != 0 && strcmp(ag->ag_name, "no-access") != 0) { log_warnx("auth-group \"%s\" not assigned " "to any target", ag->ag_name); } } return (0); } static int conf_apply(struct conf *oldconf, struct conf *newconf) { struct lun *oldlun, *newlun, *tmplun; struct portal_group *oldpg, *newpg; struct portal *oldp, *newp; struct port *oldport, *newport, *tmpport; struct isns *oldns, *newns; pid_t otherpid; int changed, cumulated_error = 0, error, sockbuf; int one = 1; if (oldconf->conf_debug != newconf->conf_debug) { log_debugx("changing debug level to %d", newconf->conf_debug); log_init(newconf->conf_debug); } if (oldconf->conf_pidfh != NULL) { assert(oldconf->conf_pidfile_path != NULL); if (newconf->conf_pidfile_path != NULL && strcmp(oldconf->conf_pidfile_path, newconf->conf_pidfile_path) == 0) { newconf->conf_pidfh = oldconf->conf_pidfh; oldconf->conf_pidfh = NULL; } else { log_debugx("removing pidfile %s", oldconf->conf_pidfile_path); pidfile_remove(oldconf->conf_pidfh); oldconf->conf_pidfh = NULL; } } if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) { log_debugx("opening pidfile %s", newconf->conf_pidfile_path); newconf->conf_pidfh = pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid); if (newconf->conf_pidfh == NULL) { if (errno == EEXIST) log_errx(1, "daemon already running, pid: %jd.", (intmax_t)otherpid); log_err(1, "cannot open or create pidfile \"%s\"", newconf->conf_pidfile_path); } } /* * Go through the new portal groups, assigning tags or preserving old. */ TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { if (newpg->pg_tag != 0) continue; oldpg = portal_group_find(oldconf, newpg->pg_name); if (oldpg != NULL) newpg->pg_tag = oldpg->pg_tag; else newpg->pg_tag = ++last_portal_group_tag; } /* Deregister on removed iSNS servers. */ TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) { TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) { if (strcmp(oldns->i_addr, newns->i_addr) == 0) break; } if (newns == NULL) isns_deregister(oldns); } /* * XXX: If target or lun removal fails, we should somehow "move" * the old lun or target into newconf, so that subsequent * conf_apply() would try to remove them again. That would * be somewhat hairy, though, and lun deletion failures don't * really happen, so leave it as it is for now. */ /* * First, remove any ports present in the old configuration * and missing in the new one. */ TAILQ_FOREACH_SAFE(oldport, &oldconf->conf_ports, p_next, tmpport) { if (port_is_dummy(oldport)) continue; newport = port_find(newconf, oldport->p_name); if (newport != NULL && !port_is_dummy(newport)) continue; log_debugx("removing port \"%s\"", oldport->p_name); error = kernel_port_remove(oldport); if (error != 0) { log_warnx("failed to remove port %s", oldport->p_name); /* * XXX: Uncomment after fixing the root cause. * * cumulated_error++; */ } } /* * Second, remove any LUNs present in the old configuration * and missing in the new one. */ TAILQ_FOREACH_SAFE(oldlun, &oldconf->conf_luns, l_next, tmplun) { newlun = lun_find(newconf, oldlun->l_name); if (newlun == NULL) { log_debugx("lun \"%s\", CTL lun %d " "not found in new configuration; " "removing", oldlun->l_name, oldlun->l_ctl_lun); error = kernel_lun_remove(oldlun); if (error != 0) { log_warnx("failed to remove lun \"%s\", " "CTL lun %d", oldlun->l_name, oldlun->l_ctl_lun); cumulated_error++; } continue; } /* * Also remove the LUNs changed by more than size. */ changed = 0; assert(oldlun->l_backend != NULL); assert(newlun->l_backend != NULL); if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) { log_debugx("backend for lun \"%s\", " "CTL lun %d changed; removing", oldlun->l_name, oldlun->l_ctl_lun); changed = 1; } if (oldlun->l_blocksize != newlun->l_blocksize) { log_debugx("blocksize for lun \"%s\", " "CTL lun %d changed; removing", oldlun->l_name, oldlun->l_ctl_lun); changed = 1; } if (newlun->l_device_id != NULL && (oldlun->l_device_id == NULL || strcmp(oldlun->l_device_id, newlun->l_device_id) != 0)) { log_debugx("device-id for lun \"%s\", " "CTL lun %d changed; removing", oldlun->l_name, oldlun->l_ctl_lun); changed = 1; } if (newlun->l_path != NULL && (oldlun->l_path == NULL || strcmp(oldlun->l_path, newlun->l_path) != 0)) { log_debugx("path for lun \"%s\", " "CTL lun %d, changed; removing", oldlun->l_name, oldlun->l_ctl_lun); changed = 1; } if (newlun->l_serial != NULL && (oldlun->l_serial == NULL || strcmp(oldlun->l_serial, newlun->l_serial) != 0)) { log_debugx("serial for lun \"%s\", " "CTL lun %d changed; removing", oldlun->l_name, oldlun->l_ctl_lun); changed = 1; } if (changed) { error = kernel_lun_remove(oldlun); if (error != 0) { log_warnx("failed to remove lun \"%s\", " "CTL lun %d", oldlun->l_name, oldlun->l_ctl_lun); cumulated_error++; } lun_delete(oldlun); continue; } lun_set_ctl_lun(newlun, oldlun->l_ctl_lun); } TAILQ_FOREACH_SAFE(newlun, &newconf->conf_luns, l_next, tmplun) { oldlun = lun_find(oldconf, newlun->l_name); if (oldlun != NULL) { log_debugx("modifying lun \"%s\", CTL lun %d", newlun->l_name, newlun->l_ctl_lun); error = kernel_lun_modify(newlun); if (error != 0) { log_warnx("failed to " "modify lun \"%s\", CTL lun %d", newlun->l_name, newlun->l_ctl_lun); cumulated_error++; } continue; } log_debugx("adding lun \"%s\"", newlun->l_name); error = kernel_lun_add(newlun); if (error != 0) { log_warnx("failed to add lun \"%s\"", newlun->l_name); lun_delete(newlun); cumulated_error++; } } /* * Now add new ports or modify existing ones. */ TAILQ_FOREACH(newport, &newconf->conf_ports, p_next) { if (port_is_dummy(newport)) continue; oldport = port_find(oldconf, newport->p_name); if (oldport == NULL || port_is_dummy(oldport)) { log_debugx("adding port \"%s\"", newport->p_name); error = kernel_port_add(newport); } else { log_debugx("updating port \"%s\"", newport->p_name); newport->p_ctl_port = oldport->p_ctl_port; error = kernel_port_update(newport, oldport); } if (error != 0) { log_warnx("failed to %s port %s", (oldport == NULL) ? "add" : "update", newport->p_name); /* * XXX: Uncomment after fixing the root cause. * * cumulated_error++; */ } } /* * Go through the new portals, opening the sockets as necessary. */ TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { if (newpg->pg_foreign) continue; if (newpg->pg_unassigned) { log_debugx("not listening on portal-group \"%s\", " "not assigned to any target", newpg->pg_name); continue; } TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) { /* * Try to find already open portal and reuse * the listening socket. We don't care about * what portal or portal group that was, what * matters is the listening address. */ TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) { TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) { if (strcmp(newp->p_listen, oldp->p_listen) == 0 && oldp->p_socket > 0) { newp->p_socket = oldp->p_socket; oldp->p_socket = 0; break; } } } if (newp->p_socket > 0) { /* * We're done with this portal. */ continue; } #ifdef ICL_KERNEL_PROXY if (proxy_mode) { newpg->pg_conf->conf_portal_id++; newp->p_id = newpg->pg_conf->conf_portal_id; log_debugx("listening on %s, portal-group " "\"%s\", portal id %d, using ICL proxy", newp->p_listen, newpg->pg_name, newp->p_id); kernel_listen(newp->p_ai, newp->p_iser, newp->p_id); continue; } #endif assert(proxy_mode == false); assert(newp->p_iser == false); log_debugx("listening on %s, portal-group \"%s\"", newp->p_listen, newpg->pg_name); newp->p_socket = socket(newp->p_ai->ai_family, newp->p_ai->ai_socktype, newp->p_ai->ai_protocol); if (newp->p_socket < 0) { log_warn("socket(2) failed for %s", newp->p_listen); cumulated_error++; continue; } sockbuf = SOCKBUF_SIZE; if (setsockopt(newp->p_socket, SOL_SOCKET, SO_RCVBUF, &sockbuf, sizeof(sockbuf)) == -1) log_warn("setsockopt(SO_RCVBUF) failed " "for %s", newp->p_listen); sockbuf = SOCKBUF_SIZE; if (setsockopt(newp->p_socket, SOL_SOCKET, SO_SNDBUF, &sockbuf, sizeof(sockbuf)) == -1) log_warn("setsockopt(SO_SNDBUF) failed " "for %s", newp->p_listen); error = setsockopt(newp->p_socket, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); if (error != 0) { log_warn("setsockopt(SO_REUSEADDR) failed " "for %s", newp->p_listen); close(newp->p_socket); newp->p_socket = 0; cumulated_error++; continue; } if (newpg->pg_dscp != -1) { struct sockaddr sa; int len = sizeof(sa); getsockname(newp->p_socket, &sa, &len); /* * Only allow the 6-bit DSCP * field to be modified */ int tos = newpg->pg_dscp << 2; if (sa.sa_family == AF_INET) { if (setsockopt(newp->p_socket, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) log_warn("setsockopt(IP_TOS) " "failed for %s", newp->p_listen); } else if (sa.sa_family == AF_INET6) { if (setsockopt(newp->p_socket, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1) log_warn("setsockopt(IPV6_TCLASS) " "failed for %s", newp->p_listen); } } if (newpg->pg_pcp != -1) { struct sockaddr sa; int len = sizeof(sa); getsockname(newp->p_socket, &sa, &len); /* * Only allow the 6-bit DSCP * field to be modified */ int pcp = newpg->pg_pcp; if (sa.sa_family == AF_INET) { if (setsockopt(newp->p_socket, IPPROTO_IP, IP_VLAN_PCP, &pcp, sizeof(pcp)) == -1) log_warn("setsockopt(IP_VLAN_PCP) " "failed for %s", newp->p_listen); } else if (sa.sa_family == AF_INET6) { if (setsockopt(newp->p_socket, IPPROTO_IPV6, IPV6_VLAN_PCP, &pcp, sizeof(pcp)) == -1) log_warn("setsockopt(IPV6_VLAN_PCP) " "failed for %s", newp->p_listen); } } error = bind(newp->p_socket, newp->p_ai->ai_addr, newp->p_ai->ai_addrlen); if (error != 0) { log_warn("bind(2) failed for %s", newp->p_listen); close(newp->p_socket); newp->p_socket = 0; cumulated_error++; continue; } error = listen(newp->p_socket, -1); if (error != 0) { log_warn("listen(2) failed for %s", newp->p_listen); close(newp->p_socket); newp->p_socket = 0; cumulated_error++; continue; } } } /* * Go through the no longer used sockets, closing them. */ TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) { TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) { if (oldp->p_socket <= 0) continue; log_debugx("closing socket for %s, portal-group \"%s\"", oldp->p_listen, oldpg->pg_name); close(oldp->p_socket); oldp->p_socket = 0; } } /* (Re-)Register on remaining/new iSNS servers. */ TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) { TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) { if (strcmp(oldns->i_addr, newns->i_addr) == 0) break; } isns_register(newns, oldns); } /* Schedule iSNS update */ if (!TAILQ_EMPTY(&newconf->conf_isns)) set_timeout((newconf->conf_isns_period + 2) / 3, false); return (cumulated_error); } bool timed_out(void) { return (sigalrm_received); } static void sigalrm_handler_fatal(int dummy __unused) { /* * It would be easiest to just log an error and exit. We can't * do this, though, because log_errx() is not signal safe, since * it calls syslog(3). Instead, set a flag checked by pdu_send() * and pdu_receive(), to call log_errx() there. Should they fail * to notice, we'll exit here one second later. */ if (sigalrm_received) { /* * Oh well. Just give up and quit. */ _exit(2); } sigalrm_received = true; } static void sigalrm_handler(int dummy __unused) { sigalrm_received = true; } void set_timeout(int timeout, int fatal) { struct sigaction sa; struct itimerval itv; int error; if (timeout <= 0) { log_debugx("session timeout disabled"); bzero(&itv, sizeof(itv)); error = setitimer(ITIMER_REAL, &itv, NULL); if (error != 0) log_err(1, "setitimer"); sigalrm_received = false; return; } sigalrm_received = false; bzero(&sa, sizeof(sa)); if (fatal) sa.sa_handler = sigalrm_handler_fatal; else sa.sa_handler = sigalrm_handler; sigfillset(&sa.sa_mask); error = sigaction(SIGALRM, &sa, NULL); if (error != 0) log_err(1, "sigaction"); /* * First SIGALRM will arive after conf_timeout seconds. * If we do nothing, another one will arrive a second later. */ log_debugx("setting session timeout to %d seconds", timeout); bzero(&itv, sizeof(itv)); itv.it_interval.tv_sec = 1; itv.it_value.tv_sec = timeout; error = setitimer(ITIMER_REAL, &itv, NULL); if (error != 0) log_err(1, "setitimer"); } static int wait_for_children(bool block) { pid_t pid; int status; int num = 0; for (;;) { /* * If "block" is true, wait for at least one process. */ if (block && num == 0) pid = wait4(-1, &status, 0, NULL); else pid = wait4(-1, &status, WNOHANG, NULL); if (pid <= 0) break; if (WIFSIGNALED(status)) { log_warnx("child process %d terminated with signal %d", pid, WTERMSIG(status)); } else if (WEXITSTATUS(status) != 0) { log_warnx("child process %d terminated with exit status %d", pid, WEXITSTATUS(status)); } else { log_debugx("child process %d terminated gracefully", pid); } num++; } return (num); } static void handle_connection(struct portal *portal, int fd, const struct sockaddr *client_sa, bool dont_fork) { struct connection *conn; int error; pid_t pid; char host[NI_MAXHOST + 1]; struct conf *conf; conf = portal->p_portal_group->pg_conf; if (dont_fork) { log_debugx("incoming connection; not forking due to -d flag"); } else { nchildren -= wait_for_children(false); assert(nchildren >= 0); while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) { log_debugx("maxproc limit of %d child processes hit; " "waiting for child process to exit", conf->conf_maxproc); nchildren -= wait_for_children(true); assert(nchildren >= 0); } log_debugx("incoming connection; forking child process #%d", nchildren); nchildren++; pid = fork(); if (pid < 0) log_err(1, "fork"); if (pid > 0) { close(fd); return; } } pidfile_close(conf->conf_pidfh); error = getnameinfo(client_sa, client_sa->sa_len, host, sizeof(host), NULL, 0, NI_NUMERICHOST); if (error != 0) log_errx(1, "getnameinfo: %s", gai_strerror(error)); log_debugx("accepted connection from %s; portal group \"%s\"", host, portal->p_portal_group->pg_name); log_set_peer_addr(host); setproctitle("%s", host); conn = connection_new(portal, fd, host, client_sa); set_timeout(conf->conf_timeout, true); kernel_capsicate(); login(conn); if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { kernel_handoff(conn); log_debugx("connection handed off to the kernel"); } else { assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); discovery(conn); } log_debugx("nothing more to do; exiting"); exit(0); } static int fd_add(int fd, fd_set *fdset, int nfds) { /* * Skip sockets which we failed to bind. */ if (fd <= 0) return (nfds); FD_SET(fd, fdset); if (fd > nfds) nfds = fd; return (nfds); } static void main_loop(struct conf *conf, bool dont_fork) { struct portal_group *pg; struct portal *portal; struct sockaddr_storage client_sa; socklen_t client_salen; #ifdef ICL_KERNEL_PROXY int connection_id; int portal_id; #endif fd_set fdset; int error, nfds, client_fd; pidfile_write(conf->conf_pidfh); for (;;) { if (sighup_received || sigterm_received || timed_out()) return; #ifdef ICL_KERNEL_PROXY if (proxy_mode) { client_salen = sizeof(client_sa); kernel_accept(&connection_id, &portal_id, (struct sockaddr *)&client_sa, &client_salen); assert(client_salen >= client_sa.ss_len); log_debugx("incoming connection, id %d, portal id %d", connection_id, portal_id); TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { if (portal->p_id == portal_id) { goto found; } } } log_errx(1, "kernel returned invalid portal_id %d", portal_id); found: handle_connection(portal, connection_id, (struct sockaddr *)&client_sa, dont_fork); } else { #endif assert(proxy_mode == false); FD_ZERO(&fdset); nfds = 0; TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { TAILQ_FOREACH(portal, &pg->pg_portals, p_next) nfds = fd_add(portal->p_socket, &fdset, nfds); } error = select(nfds + 1, &fdset, NULL, NULL, NULL); if (error <= 0) { if (errno == EINTR) return; log_err(1, "select"); } TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { if (!FD_ISSET(portal->p_socket, &fdset)) continue; client_salen = sizeof(client_sa); client_fd = accept(portal->p_socket, (struct sockaddr *)&client_sa, &client_salen); if (client_fd < 0) { if (errno == ECONNABORTED) continue; log_err(1, "accept"); } assert(client_salen >= client_sa.ss_len); handle_connection(portal, client_fd, (struct sockaddr *)&client_sa, dont_fork); break; } } #ifdef ICL_KERNEL_PROXY } #endif } } static void sighup_handler(int dummy __unused) { sighup_received = true; } static void sigterm_handler(int dummy __unused) { sigterm_received = true; } static void sigchld_handler(int dummy __unused) { /* * The only purpose of this handler is to make SIGCHLD * interrupt the ISCSIDWAIT ioctl(2), so we can call * wait_for_children(). */ } static void register_signals(void) { struct sigaction sa; int error; bzero(&sa, sizeof(sa)); sa.sa_handler = sighup_handler; sigfillset(&sa.sa_mask); error = sigaction(SIGHUP, &sa, NULL); if (error != 0) log_err(1, "sigaction"); sa.sa_handler = sigterm_handler; error = sigaction(SIGTERM, &sa, NULL); if (error != 0) log_err(1, "sigaction"); sa.sa_handler = sigterm_handler; error = sigaction(SIGINT, &sa, NULL); if (error != 0) log_err(1, "sigaction"); sa.sa_handler = sigchld_handler; error = sigaction(SIGCHLD, &sa, NULL); if (error != 0) log_err(1, "sigaction"); } static void check_perms(const char *path) { struct stat sb; int error; error = stat(path, &sb); if (error != 0) { log_warn("stat"); return; } if (sb.st_mode & S_IWOTH) { log_warnx("%s is world-writable", path); } else if (sb.st_mode & S_IROTH) { log_warnx("%s is world-readable", path); } else if (sb.st_mode & S_IXOTH) { /* * Ok, this one doesn't matter, but still do it, * just for consistency. */ log_warnx("%s is world-executable", path); } /* * XXX: Should we also check for owner != 0? */ } static struct conf * conf_new_from_file(const char *path, struct conf *oldconf, bool ucl) { struct conf *conf; struct auth_group *ag; struct portal_group *pg; struct pport *pp; int error; log_debugx("obtaining configuration from %s", path); conf = conf_new(); TAILQ_FOREACH(pp, &oldconf->conf_pports, pp_next) pport_copy(pp, conf); ag = auth_group_new(conf, "default"); assert(ag != NULL); ag = auth_group_new(conf, "no-authentication"); assert(ag != NULL); ag->ag_type = AG_TYPE_NO_AUTHENTICATION; ag = auth_group_new(conf, "no-access"); assert(ag != NULL); ag->ag_type = AG_TYPE_DENY; pg = portal_group_new(conf, "default"); assert(pg != NULL); if (ucl) error = uclparse_conf(conf, path); else error = parse_conf(conf, path); if (error != 0) { conf_delete(conf); return (NULL); } check_perms(path); if (conf->conf_default_ag_defined == false) { log_debugx("auth-group \"default\" not defined; " "going with defaults"); ag = auth_group_find(conf, "default"); assert(ag != NULL); ag->ag_type = AG_TYPE_DENY; } if (conf->conf_default_pg_defined == false) { log_debugx("portal-group \"default\" not defined; " "going with defaults"); pg = portal_group_find(conf, "default"); assert(pg != NULL); portal_group_add_listen(pg, "0.0.0.0:3260", false); portal_group_add_listen(pg, "[::]:3260", false); } conf->conf_kernel_port_on = true; error = conf_verify(conf); if (error != 0) { conf_delete(conf); return (NULL); } return (conf); } int main(int argc, char **argv) { struct conf *oldconf, *newconf, *tmpconf; struct isns *newns; const char *config_path = DEFAULT_CONFIG_PATH; int debug = 0, ch, error; bool dont_daemonize = false; bool test_config = false; bool use_ucl = false; while ((ch = getopt(argc, argv, "dtuf:R")) != -1) { switch (ch) { case 'd': dont_daemonize = true; debug++; break; case 't': test_config = true; break; case 'u': use_ucl = true; break; case 'f': config_path = optarg; break; case 'R': #ifndef ICL_KERNEL_PROXY log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY " "does not support iSER protocol"); #endif proxy_mode = true; break; case '?': default: usage(); } } argc -= optind; if (argc != 0) usage(); log_init(debug); kernel_init(); oldconf = conf_new_from_kernel(); newconf = conf_new_from_file(config_path, oldconf, use_ucl); if (newconf == NULL) log_errx(1, "configuration error; exiting"); if (test_config) return (0); if (debug > 0) { oldconf->conf_debug = debug; newconf->conf_debug = debug; } error = conf_apply(oldconf, newconf); if (error != 0) log_errx(1, "failed to apply configuration; exiting"); conf_delete(oldconf); oldconf = NULL; register_signals(); if (dont_daemonize == false) { log_debugx("daemonizing"); if (daemon(0, 0) == -1) { log_warn("cannot daemonize"); pidfile_remove(newconf->conf_pidfh); exit(1); } } /* Schedule iSNS update */ if (!TAILQ_EMPTY(&newconf->conf_isns)) set_timeout((newconf->conf_isns_period + 2) / 3, false); for (;;) { main_loop(newconf, dont_daemonize); if (sighup_received) { sighup_received = false; log_debugx("received SIGHUP, reloading configuration"); tmpconf = conf_new_from_file(config_path, newconf, use_ucl); if (tmpconf == NULL) { log_warnx("configuration error, " "continuing with old configuration"); } else { if (debug > 0) tmpconf->conf_debug = debug; oldconf = newconf; newconf = tmpconf; error = conf_apply(oldconf, newconf); if (error != 0) log_warnx("failed to reload " "configuration"); conf_delete(oldconf); oldconf = NULL; } } else if (sigterm_received) { log_debugx("exiting on signal; " "reloading empty configuration"); log_debugx("removing CTL iSCSI ports " "and terminating all connections"); oldconf = newconf; newconf = conf_new(); if (debug > 0) newconf->conf_debug = debug; error = conf_apply(oldconf, newconf); if (error != 0) log_warnx("failed to apply configuration"); conf_delete(oldconf); oldconf = NULL; log_warnx("exiting on signal"); exit(0); } else { nchildren -= wait_for_children(false); assert(nchildren >= 0); if (timed_out()) { set_timeout(0, false); TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) isns_check(newns); /* Schedule iSNS update */ if (!TAILQ_EMPTY(&newconf->conf_isns)) { set_timeout((newconf->conf_isns_period + 2) / 3, false); } } } } /* NOTREACHED */ } Index: head/usr.sbin/ctld/ctld.h =================================================================== --- head/usr.sbin/ctld/ctld.h (revision 367104) +++ head/usr.sbin/ctld/ctld.h (revision 367105) @@ -1,473 +1,472 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef CTLD_H #define CTLD_H #include #ifdef ICL_KERNEL_PROXY #include #endif #include #include #include #define DEFAULT_CONFIG_PATH "/etc/ctl.conf" #define DEFAULT_PIDFILE "/var/run/ctld.pid" #define DEFAULT_BLOCKSIZE 512 #define DEFAULT_CD_BLOCKSIZE 2048 #define MAX_LUNS 1024 #define MAX_NAME_LEN 223 #define MAX_DATA_SEGMENT_LENGTH (128 * 1024) #define SOCKBUF_SIZE 1048576 struct auth { TAILQ_ENTRY(auth) a_next; struct auth_group *a_auth_group; char *a_user; char *a_secret; char *a_mutual_user; char *a_mutual_secret; }; struct auth_name { TAILQ_ENTRY(auth_name) an_next; struct auth_group *an_auth_group; char *an_initator_name; }; struct auth_portal { TAILQ_ENTRY(auth_portal) ap_next; struct auth_group *ap_auth_group; char *ap_initator_portal; struct sockaddr_storage ap_sa; int ap_mask; }; #define AG_TYPE_UNKNOWN 0 #define AG_TYPE_DENY 1 #define AG_TYPE_NO_AUTHENTICATION 2 #define AG_TYPE_CHAP 3 #define AG_TYPE_CHAP_MUTUAL 4 struct auth_group { TAILQ_ENTRY(auth_group) ag_next; struct conf *ag_conf; char *ag_name; struct target *ag_target; int ag_type; TAILQ_HEAD(, auth) ag_auths; TAILQ_HEAD(, auth_name) ag_names; TAILQ_HEAD(, auth_portal) ag_portals; }; struct portal { TAILQ_ENTRY(portal) p_next; struct portal_group *p_portal_group; bool p_iser; char *p_listen; struct addrinfo *p_ai; #ifdef ICL_KERNEL_PROXY int p_id; #endif TAILQ_HEAD(, target) p_targets; int p_socket; }; TAILQ_HEAD(options, option); #define PG_FILTER_UNKNOWN 0 #define PG_FILTER_NONE 1 #define PG_FILTER_PORTAL 2 #define PG_FILTER_PORTAL_NAME 3 #define PG_FILTER_PORTAL_NAME_AUTH 4 struct portal_group { TAILQ_ENTRY(portal_group) pg_next; struct conf *pg_conf; struct options pg_options; char *pg_name; struct auth_group *pg_discovery_auth_group; int pg_discovery_filter; int pg_foreign; bool pg_unassigned; TAILQ_HEAD(, portal) pg_portals; TAILQ_HEAD(, port) pg_ports; char *pg_offload; char *pg_redirection; int pg_dscp; int pg_pcp; uint16_t pg_tag; }; struct pport { TAILQ_ENTRY(pport) pp_next; TAILQ_HEAD(, port) pp_ports; struct conf *pp_conf; char *pp_name; uint32_t pp_ctl_port; }; struct port { TAILQ_ENTRY(port) p_next; TAILQ_ENTRY(port) p_pgs; TAILQ_ENTRY(port) p_pps; TAILQ_ENTRY(port) p_ts; struct conf *p_conf; char *p_name; struct auth_group *p_auth_group; struct portal_group *p_portal_group; struct pport *p_pport; struct target *p_target; int p_ioctl_port; int p_ioctl_pp; int p_ioctl_vp; uint32_t p_ctl_port; }; struct option { TAILQ_ENTRY(option) o_next; char *o_name; char *o_value; }; struct lun { TAILQ_ENTRY(lun) l_next; struct conf *l_conf; struct options l_options; char *l_name; char *l_backend; uint8_t l_device_type; int l_blocksize; char *l_device_id; char *l_path; char *l_scsiname; char *l_serial; int64_t l_size; int l_ctl_lun; }; struct target { TAILQ_ENTRY(target) t_next; struct conf *t_conf; struct lun *t_luns[MAX_LUNS]; struct auth_group *t_auth_group; TAILQ_HEAD(, port) t_ports; char *t_name; char *t_alias; char *t_redirection; }; struct isns { TAILQ_ENTRY(isns) i_next; struct conf *i_conf; char *i_addr; struct addrinfo *i_ai; }; struct conf { char *conf_pidfile_path; TAILQ_HEAD(, lun) conf_luns; TAILQ_HEAD(, target) conf_targets; TAILQ_HEAD(, auth_group) conf_auth_groups; TAILQ_HEAD(, port) conf_ports; TAILQ_HEAD(, portal_group) conf_portal_groups; TAILQ_HEAD(, pport) conf_pports; TAILQ_HEAD(, isns) conf_isns; int conf_isns_period; int conf_isns_timeout; int conf_debug; int conf_timeout; int conf_maxproc; #ifdef ICL_KERNEL_PROXY int conf_portal_id; #endif struct pidfh *conf_pidfh; bool conf_default_pg_defined; bool conf_default_ag_defined; bool conf_kernel_port_on; }; #define CONN_SESSION_TYPE_NONE 0 #define CONN_SESSION_TYPE_DISCOVERY 1 #define CONN_SESSION_TYPE_NORMAL 2 #define CONN_DIGEST_NONE 0 #define CONN_DIGEST_CRC32C 1 struct connection { struct portal *conn_portal; struct port *conn_port; struct target *conn_target; int conn_socket; int conn_session_type; char *conn_initiator_name; char *conn_initiator_addr; char *conn_initiator_alias; uint8_t conn_initiator_isid[6]; struct sockaddr_storage conn_initiator_sa; uint32_t conn_cmdsn; uint32_t conn_statsn; int conn_max_recv_data_segment_limit; int conn_max_send_data_segment_limit; int conn_max_burst_limit; int conn_first_burst_limit; int conn_max_recv_data_segment_length; int conn_max_send_data_segment_length; int conn_max_burst_length; int conn_first_burst_length; int conn_immediate_data; int conn_header_digest; int conn_data_digest; const char *conn_user; struct chap *conn_chap; }; struct pdu { struct connection *pdu_connection; struct iscsi_bhs *pdu_bhs; char *pdu_data; size_t pdu_data_len; }; #define KEYS_MAX 1024 struct keys { char *keys_names[KEYS_MAX]; char *keys_values[KEYS_MAX]; char *keys_data; size_t keys_data_len; }; #define CHAP_CHALLENGE_LEN 1024 #define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */ struct chap { unsigned char chap_id; char chap_challenge[CHAP_CHALLENGE_LEN]; char chap_response[CHAP_DIGEST_LEN]; }; struct rchap { char *rchap_secret; unsigned char rchap_id; void *rchap_challenge; size_t rchap_challenge_len; }; struct chap *chap_new(void); char *chap_get_id(const struct chap *chap); char *chap_get_challenge(const struct chap *chap); int chap_receive(struct chap *chap, const char *response); int chap_authenticate(struct chap *chap, const char *secret); void chap_delete(struct chap *chap); struct rchap *rchap_new(const char *secret); int rchap_receive(struct rchap *rchap, const char *id, const char *challenge); char *rchap_get_response(struct rchap *rchap); void rchap_delete(struct rchap *rchap); int parse_conf(struct conf *conf, const char *path); int uclparse_conf(struct conf *conf, const char *path); struct conf *conf_new(void); struct conf *conf_new_from_kernel(void); void conf_delete(struct conf *conf); int conf_verify(struct conf *conf); struct auth_group *auth_group_new(struct conf *conf, const char *name); void auth_group_delete(struct auth_group *ag); struct auth_group *auth_group_find(const struct conf *conf, const char *name); int auth_group_set_type(struct auth_group *ag, const char *type); const struct auth *auth_new_chap(struct auth_group *ag, const char *user, const char *secret); const struct auth *auth_new_chap_mutual(struct auth_group *ag, const char *user, const char *secret, const char *user2, const char *secret2); const struct auth *auth_find(const struct auth_group *ag, const char *user); const struct auth_name *auth_name_new(struct auth_group *ag, const char *initiator_name); bool auth_name_defined(const struct auth_group *ag); const struct auth_name *auth_name_find(const struct auth_group *ag, const char *initiator_name); int auth_name_check(const struct auth_group *ag, const char *initiator_name); const struct auth_portal *auth_portal_new(struct auth_group *ag, const char *initiator_portal); bool auth_portal_defined(const struct auth_group *ag); const struct auth_portal *auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *sa); int auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa); struct portal_group *portal_group_new(struct conf *conf, const char *name); void portal_group_delete(struct portal_group *pg); struct portal_group *portal_group_find(const struct conf *conf, const char *name); int portal_group_add_listen(struct portal_group *pg, const char *listen, bool iser); int portal_group_set_filter(struct portal_group *pg, const char *filter); int portal_group_set_offload(struct portal_group *pg, const char *offload); int portal_group_set_redirection(struct portal_group *pg, const char *addr); int isns_new(struct conf *conf, const char *addr); void isns_delete(struct isns *is); void isns_register(struct isns *isns, struct isns *oldisns); void isns_check(struct isns *isns); void isns_deregister(struct isns *isns); struct pport *pport_new(struct conf *conf, const char *name, uint32_t ctl_port); struct pport *pport_find(const struct conf *conf, const char *name); struct pport *pport_copy(struct pport *pport, struct conf *conf); void pport_delete(struct pport *pport); struct port *port_new(struct conf *conf, struct target *target, struct portal_group *pg); struct port *port_new_ioctl(struct conf *conf, struct target *target, int pp, int vp); struct port *port_new_pp(struct conf *conf, struct target *target, struct pport *pp); struct port *port_find(const struct conf *conf, const char *name); struct port *port_find_in_pg(const struct portal_group *pg, const char *target); void port_delete(struct port *port); int port_is_dummy(struct port *port); struct target *target_new(struct conf *conf, const char *name); void target_delete(struct target *target); struct target *target_find(struct conf *conf, const char *name); int target_set_redirection(struct target *target, const char *addr); struct lun *lun_new(struct conf *conf, const char *name); void lun_delete(struct lun *lun); struct lun *lun_find(const struct conf *conf, const char *name); void lun_set_backend(struct lun *lun, const char *value); void lun_set_device_type(struct lun *lun, uint8_t value); void lun_set_blocksize(struct lun *lun, size_t value); void lun_set_device_id(struct lun *lun, const char *value); void lun_set_path(struct lun *lun, const char *value); void lun_set_scsiname(struct lun *lun, const char *value); void lun_set_serial(struct lun *lun, const char *value); void lun_set_size(struct lun *lun, size_t value); void lun_set_ctl_lun(struct lun *lun, uint32_t value); struct option *option_new(struct options *os, const char *name, const char *value); void option_delete(struct options *os, struct option *co); struct option *option_find(const struct options *os, const char *name); void option_set(struct option *o, const char *value); void kernel_init(void); int kernel_lun_add(struct lun *lun); int kernel_lun_modify(struct lun *lun); int kernel_lun_remove(struct lun *lun); void kernel_handoff(struct connection *conn); void kernel_limits(const char *offload, int *max_recv_data_segment_length, int *max_send_data_segment_length, int *max_burst_length, int *first_burst_length); int kernel_port_add(struct port *port); int kernel_port_update(struct port *port, struct port *old); int kernel_port_remove(struct port *port); void kernel_capsicate(void); #ifdef ICL_KERNEL_PROXY void kernel_listen(struct addrinfo *ai, bool iser, int portal_id); void kernel_accept(int *connection_id, int *portal_id, struct sockaddr *client_sa, socklen_t *client_salen); void kernel_send(struct pdu *pdu); void kernel_receive(struct pdu *pdu); #endif struct keys *keys_new(void); void keys_delete(struct keys *keys); void keys_load(struct keys *keys, const struct pdu *pdu); void keys_save(struct keys *keys, struct pdu *pdu); const char *keys_find(struct keys *keys, const char *name); void keys_add(struct keys *keys, const char *name, const char *value); void keys_add_int(struct keys *keys, const char *name, int value); struct pdu *pdu_new(struct connection *conn); struct pdu *pdu_new_response(struct pdu *request); void pdu_delete(struct pdu *pdu); void pdu_receive(struct pdu *request); void pdu_send(struct pdu *response); void login(struct connection *conn); void discovery(struct connection *conn); void log_init(int level); void log_set_peer_name(const char *name); void log_set_peer_addr(const char *addr); void log_err(int, const char *, ...) __dead2 __printflike(2, 3); void log_errx(int, const char *, ...) __dead2 __printflike(2, 3); void log_warn(const char *, ...) __printflike(1, 2); void log_warnx(const char *, ...) __printflike(1, 2); void log_debugx(const char *, ...) __printflike(1, 2); char *checked_strdup(const char *); bool valid_iscsi_name(const char *name); void set_timeout(int timeout, int fatal); bool timed_out(void); #endif /* !CTLD_H */ Index: head/usr.sbin/ctld/discovery.c =================================================================== --- head/usr.sbin/ctld/discovery.c (revision 367104) +++ head/usr.sbin/ctld/discovery.c (revision 367105) @@ -1,338 +1,337 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include "ctld.h" #include "iscsi_proto.h" static struct pdu * text_receive(struct connection *conn) { struct pdu *request; struct iscsi_bhs_text_request *bhstr; request = pdu_new(conn); pdu_receive(request); if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != ISCSI_BHS_OPCODE_TEXT_REQUEST) log_errx(1, "protocol error: received invalid opcode 0x%x", request->pdu_bhs->bhs_opcode); bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; #if 0 if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0) log_errx(1, "received Text PDU without the \"F\" flag"); #endif /* * XXX: Implement the C flag some day. */ if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0) log_errx(1, "received Text PDU with unsupported \"C\" flag"); if (ISCSI_SNLT(ntohl(bhstr->bhstr_cmdsn), conn->conn_cmdsn)) { log_errx(1, "received Text PDU with decreasing CmdSN: " "was %u, is %u", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn)); } if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) { log_errx(1, "received Text PDU with wrong ExpStatSN: " "is %u, should be %u", ntohl(bhstr->bhstr_expstatsn), conn->conn_statsn); } conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn); if ((bhstr->bhstr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) conn->conn_cmdsn++; return (request); } static struct pdu * text_new_response(struct pdu *request) { struct pdu *response; struct connection *conn; struct iscsi_bhs_text_request *bhstr; struct iscsi_bhs_text_response *bhstr2; bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; conn = request->pdu_connection; response = pdu_new_response(request); bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs; bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE; bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL; bhstr2->bhstr_lun = bhstr->bhstr_lun; bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag; bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag; bhstr2->bhstr_statsn = htonl(conn->conn_statsn++); bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn); bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn); return (response); } static struct pdu * logout_receive(struct connection *conn) { struct pdu *request; struct iscsi_bhs_logout_request *bhslr; request = pdu_new(conn); pdu_receive(request); if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != ISCSI_BHS_OPCODE_LOGOUT_REQUEST) log_errx(1, "protocol error: received invalid opcode 0x%x", request->pdu_bhs->bhs_opcode); bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION) log_debugx("received Logout PDU with invalid reason 0x%x; " "continuing anyway", bhslr->bhslr_reason & 0x7f); if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) { log_errx(1, "received Logout PDU with decreasing CmdSN: " "was %u, is %u", conn->conn_cmdsn, ntohl(bhslr->bhslr_cmdsn)); } if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) { log_errx(1, "received Logout PDU with wrong ExpStatSN: " "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn), conn->conn_statsn); } conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn); if ((bhslr->bhslr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) conn->conn_cmdsn++; return (request); } static struct pdu * logout_new_response(struct pdu *request) { struct pdu *response; struct connection *conn; struct iscsi_bhs_logout_request *bhslr; struct iscsi_bhs_logout_response *bhslr2; bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; conn = request->pdu_connection; response = pdu_new_response(request); bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs; bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE; bhslr2->bhslr_flags = 0x80; bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY; bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag; bhslr2->bhslr_statsn = htonl(conn->conn_statsn++); bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn); bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn); return (response); } static void discovery_add_target(struct keys *response_keys, const struct target *targ) { struct port *port; struct portal *portal; char *buf; char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; struct addrinfo *ai; int ret; keys_add(response_keys, "TargetName", targ->t_name); TAILQ_FOREACH(port, &targ->t_ports, p_ts) { if (port->p_portal_group == NULL) continue; TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) { ai = portal->p_ai; ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV); if (ret != 0) { log_warnx("getnameinfo: %s", gai_strerror(ret)); continue; } switch (ai->ai_addr->sa_family) { case AF_INET: if (strcmp(hbuf, "0.0.0.0") == 0) continue; ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf, port->p_portal_group->pg_tag); break; case AF_INET6: if (strcmp(hbuf, "::") == 0) continue; ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf, port->p_portal_group->pg_tag); break; default: continue; } if (ret <= 0) log_err(1, "asprintf"); keys_add(response_keys, "TargetAddress", buf); free(buf); } } } static bool discovery_target_filtered_out(const struct connection *conn, const struct port *port) { const struct auth_group *ag; const struct portal_group *pg; const struct target *targ; const struct auth *auth; int error; targ = port->p_target; ag = port->p_auth_group; if (ag == NULL) ag = targ->t_auth_group; pg = conn->conn_portal->p_portal_group; assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN); if (pg->pg_discovery_filter >= PG_FILTER_PORTAL && auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { log_debugx("initiator does not match initiator portals " "allowed for target \"%s\"; skipping", targ->t_name); return (true); } if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME && auth_name_check(ag, conn->conn_initiator_name) != 0) { log_debugx("initiator does not match initiator names " "allowed for target \"%s\"; skipping", targ->t_name); return (true); } if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH && ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { if (conn->conn_chap == NULL) { assert(pg->pg_discovery_auth_group->ag_type == AG_TYPE_NO_AUTHENTICATION); log_debugx("initiator didn't authenticate, but target " "\"%s\" requires CHAP; skipping", targ->t_name); return (true); } assert(conn->conn_user != NULL); auth = auth_find(ag, conn->conn_user); if (auth == NULL) { log_debugx("CHAP user \"%s\" doesn't match target " "\"%s\"; skipping", conn->conn_user, targ->t_name); return (true); } error = chap_authenticate(conn->conn_chap, auth->a_secret); if (error != 0) { log_debugx("password for CHAP user \"%s\" doesn't " "match target \"%s\"; skipping", conn->conn_user, targ->t_name); return (true); } } return (false); } void discovery(struct connection *conn) { struct pdu *request, *response; struct keys *request_keys, *response_keys; const struct port *port; const struct portal_group *pg; const char *send_targets; pg = conn->conn_portal->p_portal_group; log_debugx("beginning discovery session; waiting for Text PDU"); request = text_receive(conn); request_keys = keys_new(); keys_load(request_keys, request); send_targets = keys_find(request_keys, "SendTargets"); if (send_targets == NULL) log_errx(1, "received Text PDU without SendTargets"); response = text_new_response(request); response_keys = keys_new(); if (strcmp(send_targets, "All") == 0) { TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) { if (discovery_target_filtered_out(conn, port)) { /* Ignore this target. */ continue; } discovery_add_target(response_keys, port->p_target); } } else { port = port_find_in_pg(pg, send_targets); if (port == NULL) { log_debugx("initiator requested information on unknown " "target \"%s\"; returning nothing", send_targets); } else { if (discovery_target_filtered_out(conn, port)) { /* Ignore this target. */ } else { discovery_add_target(response_keys, port->p_target); } } } keys_save(response_keys, response); pdu_send(response); pdu_delete(response); keys_delete(response_keys); pdu_delete(request); keys_delete(request_keys); log_debugx("done sending targets; waiting for Logout PDU"); request = logout_receive(conn); response = logout_new_response(request); pdu_send(response); pdu_delete(response); pdu_delete(request); log_debugx("discovery session done"); } Index: head/usr.sbin/ctld/keys.c =================================================================== --- head/usr.sbin/ctld/keys.c (revision 367104) +++ head/usr.sbin/ctld/keys.c (revision 367105) @@ -1,200 +1,199 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include "ctld.h" struct keys * keys_new(void) { struct keys *keys; keys = calloc(1, sizeof(*keys)); if (keys == NULL) log_err(1, "calloc"); return (keys); } void keys_delete(struct keys *keys) { free(keys->keys_data); free(keys); } void keys_load(struct keys *keys, const struct pdu *pdu) { int i; char *pair; size_t pair_len; if (pdu->pdu_data_len == 0) return; if (pdu->pdu_data[pdu->pdu_data_len - 1] != '\0') log_errx(1, "protocol error: key not NULL-terminated\n"); assert(keys->keys_data == NULL); keys->keys_data_len = pdu->pdu_data_len; keys->keys_data = malloc(keys->keys_data_len); if (keys->keys_data == NULL) log_err(1, "malloc"); memcpy(keys->keys_data, pdu->pdu_data, keys->keys_data_len); /* * XXX: Review this carefully. */ pair = keys->keys_data; for (i = 0;; i++) { if (i >= KEYS_MAX) log_errx(1, "too many keys received"); pair_len = strlen(pair); keys->keys_values[i] = pair; keys->keys_names[i] = strsep(&keys->keys_values[i], "="); if (keys->keys_names[i] == NULL || keys->keys_values[i] == NULL) log_errx(1, "malformed keys"); log_debugx("key received: \"%s=%s\"", keys->keys_names[i], keys->keys_values[i]); pair += pair_len + 1; /* +1 to skip the terminating '\0'. */ if (pair == keys->keys_data + keys->keys_data_len) break; assert(pair < keys->keys_data + keys->keys_data_len); } } void keys_save(struct keys *keys, struct pdu *pdu) { char *data; size_t len; int i; /* * XXX: Not particularly efficient. */ len = 0; for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) break; /* * +1 for '=', +1 for '\0'. */ len += strlen(keys->keys_names[i]) + strlen(keys->keys_values[i]) + 2; } if (len == 0) return; data = malloc(len); if (data == NULL) log_err(1, "malloc"); pdu->pdu_data = data; pdu->pdu_data_len = len; for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) break; data += sprintf(data, "%s=%s", keys->keys_names[i], keys->keys_values[i]); data += 1; /* for '\0'. */ } } const char * keys_find(struct keys *keys, const char *name) { int i; /* * Note that we don't handle duplicated key names here, * as they are not supposed to happen in requests, and if they do, * it's an initiator error. */ for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) return (NULL); if (strcmp(keys->keys_names[i], name) == 0) return (keys->keys_values[i]); } return (NULL); } void keys_add(struct keys *keys, const char *name, const char *value) { int i; log_debugx("key to send: \"%s=%s\"", name, value); /* * Note that we don't check for duplicates here, as they are perfectly * fine in responses, e.g. the "TargetName" keys in discovery sesion * response. */ for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) { keys->keys_names[i] = checked_strdup(name); keys->keys_values[i] = checked_strdup(value); return; } } log_errx(1, "too many keys"); } void keys_add_int(struct keys *keys, const char *name, int value) { char *str; int ret; ret = asprintf(&str, "%d", value); if (ret <= 0) log_err(1, "asprintf"); keys_add(keys, name, str); free(str); } Index: head/usr.sbin/ctld/log.c =================================================================== --- head/usr.sbin/ctld/log.c (revision 367104) +++ head/usr.sbin/ctld/log.c (revision 367105) @@ -1,203 +1,202 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include "ctld.h" static int log_level = 0; static char *peer_name = NULL; static char *peer_addr = NULL; #define MSGBUF_LEN 1024 void log_init(int level) { log_level = level; openlog(getprogname(), LOG_NDELAY | LOG_PID, LOG_DAEMON); } void log_set_peer_name(const char *name) { /* * XXX: Turn it into assertion? */ if (peer_name != NULL) log_errx(1, "%s called twice", __func__); if (peer_addr == NULL) log_errx(1, "%s called before log_set_peer_addr", __func__); peer_name = checked_strdup(name); } void log_set_peer_addr(const char *addr) { /* * XXX: Turn it into assertion? */ if (peer_addr != NULL) log_errx(1, "%s called twice", __func__); peer_addr = checked_strdup(addr); } static void log_common(int priority, int log_errno, const char *fmt, va_list ap) { static char msgbuf[MSGBUF_LEN]; static char msgbuf_strvised[MSGBUF_LEN * 4 + 1]; char *errstr; int ret; ret = vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap); if (ret < 0) { fprintf(stderr, "%s: snprintf failed", getprogname()); syslog(LOG_CRIT, "snprintf failed"); exit(1); } ret = strnvis(msgbuf_strvised, sizeof(msgbuf_strvised), msgbuf, VIS_NL); if (ret < 0) { fprintf(stderr, "%s: strnvis failed", getprogname()); syslog(LOG_CRIT, "strnvis failed"); exit(1); } if (log_errno == -1) { if (peer_name != NULL) { fprintf(stderr, "%s: %s (%s): %s\n", getprogname(), peer_addr, peer_name, msgbuf_strvised); syslog(priority, "%s (%s): %s", peer_addr, peer_name, msgbuf_strvised); } else if (peer_addr != NULL) { fprintf(stderr, "%s: %s: %s\n", getprogname(), peer_addr, msgbuf_strvised); syslog(priority, "%s: %s", peer_addr, msgbuf_strvised); } else { fprintf(stderr, "%s: %s\n", getprogname(), msgbuf_strvised); syslog(priority, "%s", msgbuf_strvised); } } else { errstr = strerror(log_errno); if (peer_name != NULL) { fprintf(stderr, "%s: %s (%s): %s: %s\n", getprogname(), peer_addr, peer_name, msgbuf_strvised, errstr); syslog(priority, "%s (%s): %s: %s", peer_addr, peer_name, msgbuf_strvised, errstr); } else if (peer_addr != NULL) { fprintf(stderr, "%s: %s: %s: %s\n", getprogname(), peer_addr, msgbuf_strvised, errstr); syslog(priority, "%s: %s: %s", peer_addr, msgbuf_strvised, errstr); } else { fprintf(stderr, "%s: %s: %s\n", getprogname(), msgbuf_strvised, errstr); syslog(priority, "%s: %s", msgbuf_strvised, errstr); } } } void log_err(int eval, const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_CRIT, errno, fmt, ap); va_end(ap); exit(eval); } void log_errx(int eval, const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_CRIT, -1, fmt, ap); va_end(ap); exit(eval); } void log_warn(const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_WARNING, errno, fmt, ap); va_end(ap); } void log_warnx(const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_WARNING, -1, fmt, ap); va_end(ap); } void log_debugx(const char *fmt, ...) { va_list ap; if (log_level == 0) return; va_start(ap, fmt); log_common(LOG_DEBUG, -1, fmt, ap); va_end(ap); } Index: head/usr.sbin/ctld/login.c =================================================================== --- head/usr.sbin/ctld/login.c (revision 367104) +++ head/usr.sbin/ctld/login.c (revision 367105) @@ -1,1059 +1,1058 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include "ctld.h" #include "iscsi_proto.h" static void login_send_error(struct pdu *request, char class, char detail); static void login_set_nsg(struct pdu *response, int nsg) { struct iscsi_bhs_login_response *bhslr; assert(nsg == BHSLR_STAGE_SECURITY_NEGOTIATION || nsg == BHSLR_STAGE_OPERATIONAL_NEGOTIATION || nsg == BHSLR_STAGE_FULL_FEATURE_PHASE); bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs; bhslr->bhslr_flags &= 0xFC; bhslr->bhslr_flags |= nsg; bhslr->bhslr_flags |= BHSLR_FLAGS_TRANSIT; } static int login_csg(const struct pdu *request) { struct iscsi_bhs_login_request *bhslr; bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs; return ((bhslr->bhslr_flags & 0x0C) >> 2); } static void login_set_csg(struct pdu *response, int csg) { struct iscsi_bhs_login_response *bhslr; assert(csg == BHSLR_STAGE_SECURITY_NEGOTIATION || csg == BHSLR_STAGE_OPERATIONAL_NEGOTIATION || csg == BHSLR_STAGE_FULL_FEATURE_PHASE); bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs; bhslr->bhslr_flags &= 0xF3; bhslr->bhslr_flags |= csg << 2; } static struct pdu * login_receive(struct connection *conn, bool initial) { struct pdu *request; struct iscsi_bhs_login_request *bhslr; request = pdu_new(conn); pdu_receive(request); if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != ISCSI_BHS_OPCODE_LOGIN_REQUEST) { /* * The first PDU in session is special - if we receive any PDU * different than login request, we have to drop the connection * without sending response ("A target receiving any PDU * except a Login request before the Login Phase is started MUST * immediately terminate the connection on which the PDU * was received.") */ if (initial == false) login_send_error(request, 0x02, 0x0b); log_errx(1, "protocol error: received invalid opcode 0x%x", request->pdu_bhs->bhs_opcode); } bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs; /* * XXX: Implement the C flag some day. */ if ((bhslr->bhslr_flags & BHSLR_FLAGS_CONTINUE) != 0) { login_send_error(request, 0x03, 0x00); log_errx(1, "received Login PDU with unsupported \"C\" flag"); } if (bhslr->bhslr_version_max != 0x00) { login_send_error(request, 0x02, 0x05); log_errx(1, "received Login PDU with unsupported " "Version-max 0x%x", bhslr->bhslr_version_max); } if (bhslr->bhslr_version_min != 0x00) { login_send_error(request, 0x02, 0x05); log_errx(1, "received Login PDU with unsupported " "Version-min 0x%x", bhslr->bhslr_version_min); } if (initial == false && ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) { login_send_error(request, 0x02, 0x00); log_errx(1, "received Login PDU with decreasing CmdSN: " "was %u, is %u", conn->conn_cmdsn, ntohl(bhslr->bhslr_cmdsn)); } if (initial == false && ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) { login_send_error(request, 0x02, 0x00); log_errx(1, "received Login PDU with wrong ExpStatSN: " "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn), conn->conn_statsn); } conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn); return (request); } static struct pdu * login_new_response(struct pdu *request) { struct pdu *response; struct connection *conn; struct iscsi_bhs_login_request *bhslr; struct iscsi_bhs_login_response *bhslr2; bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs; conn = request->pdu_connection; response = pdu_new_response(request); bhslr2 = (struct iscsi_bhs_login_response *)response->pdu_bhs; bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGIN_RESPONSE; login_set_csg(response, BHSLR_STAGE_SECURITY_NEGOTIATION); memcpy(bhslr2->bhslr_isid, bhslr->bhslr_isid, sizeof(bhslr2->bhslr_isid)); bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag; bhslr2->bhslr_statsn = htonl(conn->conn_statsn++); bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn); bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn); return (response); } static void login_send_error(struct pdu *request, char class, char detail) { struct pdu *response; struct iscsi_bhs_login_response *bhslr2; log_debugx("sending Login Response PDU with failure class 0x%x/0x%x; " "see next line for reason", class, detail); response = login_new_response(request); bhslr2 = (struct iscsi_bhs_login_response *)response->pdu_bhs; bhslr2->bhslr_status_class = class; bhslr2->bhslr_status_detail = detail; pdu_send(response); pdu_delete(response); } static int login_list_contains(const char *list, const char *what) { char *tofree, *str, *token; tofree = str = checked_strdup(list); while ((token = strsep(&str, ",")) != NULL) { if (strcmp(token, what) == 0) { free(tofree); return (1); } } free(tofree); return (0); } static int login_list_prefers(const char *list, const char *choice1, const char *choice2) { char *tofree, *str, *token; tofree = str = checked_strdup(list); while ((token = strsep(&str, ",")) != NULL) { if (strcmp(token, choice1) == 0) { free(tofree); return (1); } if (strcmp(token, choice2) == 0) { free(tofree); return (2); } } free(tofree); return (-1); } static struct pdu * login_receive_chap_a(struct connection *conn) { struct pdu *request; struct keys *request_keys; const char *chap_a; request = login_receive(conn, false); request_keys = keys_new(); keys_load(request_keys, request); chap_a = keys_find(request_keys, "CHAP_A"); if (chap_a == NULL) { login_send_error(request, 0x02, 0x07); log_errx(1, "received CHAP Login PDU without CHAP_A"); } if (login_list_contains(chap_a, "5") == 0) { login_send_error(request, 0x02, 0x01); log_errx(1, "received CHAP Login PDU with unsupported CHAP_A " "\"%s\"", chap_a); } keys_delete(request_keys); return (request); } static void login_send_chap_c(struct pdu *request, struct chap *chap) { struct pdu *response; struct keys *response_keys; char *chap_c, *chap_i; chap_c = chap_get_challenge(chap); chap_i = chap_get_id(chap); response = login_new_response(request); response_keys = keys_new(); keys_add(response_keys, "CHAP_A", "5"); keys_add(response_keys, "CHAP_I", chap_i); keys_add(response_keys, "CHAP_C", chap_c); free(chap_i); free(chap_c); keys_save(response_keys, response); pdu_send(response); pdu_delete(response); keys_delete(response_keys); } static struct pdu * login_receive_chap_r(struct connection *conn, struct auth_group *ag, struct chap *chap, const struct auth **authp) { struct pdu *request; struct keys *request_keys; const char *chap_n, *chap_r; const struct auth *auth; int error; request = login_receive(conn, false); request_keys = keys_new(); keys_load(request_keys, request); chap_n = keys_find(request_keys, "CHAP_N"); if (chap_n == NULL) { login_send_error(request, 0x02, 0x07); log_errx(1, "received CHAP Login PDU without CHAP_N"); } chap_r = keys_find(request_keys, "CHAP_R"); if (chap_r == NULL) { login_send_error(request, 0x02, 0x07); log_errx(1, "received CHAP Login PDU without CHAP_R"); } error = chap_receive(chap, chap_r); if (error != 0) { login_send_error(request, 0x02, 0x07); log_errx(1, "received CHAP Login PDU with malformed CHAP_R"); } /* * Verify the response. */ assert(ag->ag_type == AG_TYPE_CHAP || ag->ag_type == AG_TYPE_CHAP_MUTUAL); auth = auth_find(ag, chap_n); if (auth == NULL) { login_send_error(request, 0x02, 0x01); log_errx(1, "received CHAP Login with invalid user \"%s\"", chap_n); } assert(auth->a_secret != NULL); assert(strlen(auth->a_secret) > 0); error = chap_authenticate(chap, auth->a_secret); if (error != 0) { login_send_error(request, 0x02, 0x01); log_errx(1, "CHAP authentication failed for user \"%s\"", auth->a_user); } keys_delete(request_keys); *authp = auth; return (request); } static void login_send_chap_success(struct pdu *request, const struct auth *auth) { struct pdu *response; struct keys *request_keys, *response_keys; struct rchap *rchap; const char *chap_i, *chap_c; char *chap_r; int error; response = login_new_response(request); login_set_nsg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); /* * Actually, one more thing: mutual authentication. */ request_keys = keys_new(); keys_load(request_keys, request); chap_i = keys_find(request_keys, "CHAP_I"); chap_c = keys_find(request_keys, "CHAP_C"); if (chap_i != NULL || chap_c != NULL) { if (chap_i == NULL) { login_send_error(request, 0x02, 0x07); log_errx(1, "initiator requested target " "authentication, but didn't send CHAP_I"); } if (chap_c == NULL) { login_send_error(request, 0x02, 0x07); log_errx(1, "initiator requested target " "authentication, but didn't send CHAP_C"); } if (auth->a_auth_group->ag_type != AG_TYPE_CHAP_MUTUAL) { login_send_error(request, 0x02, 0x01); log_errx(1, "initiator requests target authentication " "for user \"%s\", but mutual user/secret " "is not set", auth->a_user); } log_debugx("performing mutual authentication as user \"%s\"", auth->a_mutual_user); rchap = rchap_new(auth->a_mutual_secret); error = rchap_receive(rchap, chap_i, chap_c); if (error != 0) { login_send_error(request, 0x02, 0x07); log_errx(1, "received CHAP Login PDU with malformed " "CHAP_I or CHAP_C"); } chap_r = rchap_get_response(rchap); rchap_delete(rchap); response_keys = keys_new(); keys_add(response_keys, "CHAP_N", auth->a_mutual_user); keys_add(response_keys, "CHAP_R", chap_r); free(chap_r); keys_save(response_keys, response); keys_delete(response_keys); } else { log_debugx("initiator did not request target authentication"); } keys_delete(request_keys); pdu_send(response); pdu_delete(response); } static void login_chap(struct connection *conn, struct auth_group *ag) { const struct auth *auth; struct chap *chap; struct pdu *request; /* * Receive CHAP_A PDU. */ log_debugx("beginning CHAP authentication; waiting for CHAP_A"); request = login_receive_chap_a(conn); /* * Generate the challenge. */ chap = chap_new(); /* * Send the challenge. */ log_debugx("sending CHAP_C, binary challenge size is %zd bytes", sizeof(chap->chap_challenge)); login_send_chap_c(request, chap); pdu_delete(request); /* * Receive CHAP_N/CHAP_R PDU and authenticate. */ log_debugx("waiting for CHAP_N/CHAP_R"); request = login_receive_chap_r(conn, ag, chap, &auth); /* * Yay, authentication succeeded! */ log_debugx("authentication succeeded for user \"%s\"; " "transitioning to operational parameter negotiation", auth->a_user); login_send_chap_success(request, auth); pdu_delete(request); /* * Leave username and CHAP information for discovery(). */ conn->conn_user = auth->a_user; conn->conn_chap = chap; } static void login_negotiate_key(struct pdu *request, const char *name, const char *value, bool skipped_security, struct keys *response_keys) { int which; size_t tmp; struct connection *conn; conn = request->pdu_connection; if (strcmp(name, "InitiatorName") == 0) { if (!skipped_security) log_errx(1, "initiator resent InitiatorName"); } else if (strcmp(name, "SessionType") == 0) { if (!skipped_security) log_errx(1, "initiator resent SessionType"); } else if (strcmp(name, "TargetName") == 0) { if (!skipped_security) log_errx(1, "initiator resent TargetName"); } else if (strcmp(name, "InitiatorAlias") == 0) { if (conn->conn_initiator_alias != NULL) free(conn->conn_initiator_alias); conn->conn_initiator_alias = checked_strdup(value); } else if (strcmp(value, "Irrelevant") == 0) { /* Ignore. */ } else if (strcmp(name, "HeaderDigest") == 0) { /* * We don't handle digests for discovery sessions. */ if (conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY) { log_debugx("discovery session; digests disabled"); keys_add(response_keys, name, "None"); return; } which = login_list_prefers(value, "CRC32C", "None"); switch (which) { case 1: log_debugx("initiator prefers CRC32C " "for header digest; we'll use it"); conn->conn_header_digest = CONN_DIGEST_CRC32C; keys_add(response_keys, name, "CRC32C"); break; case 2: log_debugx("initiator prefers not to do " "header digest; we'll comply"); keys_add(response_keys, name, "None"); break; default: log_warnx("initiator sent unrecognized " "HeaderDigest value \"%s\"; will use None", value); keys_add(response_keys, name, "None"); break; } } else if (strcmp(name, "DataDigest") == 0) { if (conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY) { log_debugx("discovery session; digests disabled"); keys_add(response_keys, name, "None"); return; } which = login_list_prefers(value, "CRC32C", "None"); switch (which) { case 1: log_debugx("initiator prefers CRC32C " "for data digest; we'll use it"); conn->conn_data_digest = CONN_DIGEST_CRC32C; keys_add(response_keys, name, "CRC32C"); break; case 2: log_debugx("initiator prefers not to do " "data digest; we'll comply"); keys_add(response_keys, name, "None"); break; default: log_warnx("initiator sent unrecognized " "DataDigest value \"%s\"; will use None", value); keys_add(response_keys, name, "None"); break; } } else if (strcmp(name, "MaxConnections") == 0) { keys_add(response_keys, name, "1"); } else if (strcmp(name, "InitialR2T") == 0) { keys_add(response_keys, name, "Yes"); } else if (strcmp(name, "ImmediateData") == 0) { if (conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY) { log_debugx("discovery session; ImmediateData irrelevant"); keys_add(response_keys, name, "Irrelevant"); } else { if (strcmp(value, "Yes") == 0) { conn->conn_immediate_data = true; keys_add(response_keys, name, "Yes"); } else { conn->conn_immediate_data = false; keys_add(response_keys, name, "No"); } } } else if (strcmp(name, "MaxRecvDataSegmentLength") == 0) { tmp = strtoul(value, NULL, 10); if (tmp <= 0) { login_send_error(request, 0x02, 0x00); log_errx(1, "received invalid " "MaxRecvDataSegmentLength"); } /* * MaxRecvDataSegmentLength is a direction-specific parameter. * We'll limit our _send_ to what the initiator can handle but * our MaxRecvDataSegmentLength is not influenced by the * initiator in any way. */ if ((int)tmp > conn->conn_max_send_data_segment_limit) { log_debugx("capping MaxRecvDataSegmentLength " "from %zd to %d", tmp, conn->conn_max_send_data_segment_limit); tmp = conn->conn_max_send_data_segment_limit; } conn->conn_max_send_data_segment_length = tmp; conn->conn_max_recv_data_segment_length = conn->conn_max_recv_data_segment_limit; keys_add_int(response_keys, name, conn->conn_max_recv_data_segment_length); } else if (strcmp(name, "MaxBurstLength") == 0) { tmp = strtoul(value, NULL, 10); if (tmp <= 0) { login_send_error(request, 0x02, 0x00); log_errx(1, "received invalid MaxBurstLength"); } if ((int)tmp > conn->conn_max_burst_limit) { log_debugx("capping MaxBurstLength from %zd to %d", tmp, conn->conn_max_burst_limit); tmp = conn->conn_max_burst_limit; } conn->conn_max_burst_length = tmp; keys_add_int(response_keys, name, tmp); } else if (strcmp(name, "FirstBurstLength") == 0) { tmp = strtoul(value, NULL, 10); if (tmp <= 0) { login_send_error(request, 0x02, 0x00); log_errx(1, "received invalid FirstBurstLength"); } if ((int)tmp > conn->conn_first_burst_limit) { log_debugx("capping FirstBurstLength from %zd to %d", tmp, conn->conn_first_burst_limit); tmp = conn->conn_first_burst_limit; } conn->conn_first_burst_length = tmp; keys_add_int(response_keys, name, tmp); } else if (strcmp(name, "DefaultTime2Wait") == 0) { keys_add(response_keys, name, value); } else if (strcmp(name, "DefaultTime2Retain") == 0) { keys_add(response_keys, name, "0"); } else if (strcmp(name, "MaxOutstandingR2T") == 0) { keys_add(response_keys, name, "1"); } else if (strcmp(name, "DataPDUInOrder") == 0) { keys_add(response_keys, name, "Yes"); } else if (strcmp(name, "DataSequenceInOrder") == 0) { keys_add(response_keys, name, "Yes"); } else if (strcmp(name, "ErrorRecoveryLevel") == 0) { keys_add(response_keys, name, "0"); } else if (strcmp(name, "OFMarker") == 0) { keys_add(response_keys, name, "No"); } else if (strcmp(name, "IFMarker") == 0) { keys_add(response_keys, name, "No"); } else if (strcmp(name, "iSCSIProtocolLevel") == 0) { tmp = strtoul(value, NULL, 10); if (tmp > 2) tmp = 2; keys_add_int(response_keys, name, tmp); } else { log_debugx("unknown key \"%s\"; responding " "with NotUnderstood", name); keys_add(response_keys, name, "NotUnderstood"); } } static void login_redirect(struct pdu *request, const char *target_address) { struct pdu *response; struct iscsi_bhs_login_response *bhslr2; struct keys *response_keys; response = login_new_response(request); login_set_csg(response, login_csg(request)); bhslr2 = (struct iscsi_bhs_login_response *)response->pdu_bhs; bhslr2->bhslr_status_class = 0x01; bhslr2->bhslr_status_detail = 0x01; response_keys = keys_new(); keys_add(response_keys, "TargetAddress", target_address); keys_save(response_keys, response); pdu_send(response); pdu_delete(response); keys_delete(response_keys); } static bool login_portal_redirect(struct connection *conn, struct pdu *request) { const struct portal_group *pg; pg = conn->conn_portal->p_portal_group; if (pg->pg_redirection == NULL) return (false); log_debugx("portal-group \"%s\" configured to redirect to %s", pg->pg_name, pg->pg_redirection); login_redirect(request, pg->pg_redirection); return (true); } static bool login_target_redirect(struct connection *conn, struct pdu *request) { const char *target_address; assert(conn->conn_portal->p_portal_group->pg_redirection == NULL); if (conn->conn_target == NULL) return (false); target_address = conn->conn_target->t_redirection; if (target_address == NULL) return (false); log_debugx("target \"%s\" configured to redirect to %s", conn->conn_target->t_name, target_address); login_redirect(request, target_address); return (true); } static void login_negotiate(struct connection *conn, struct pdu *request) { struct pdu *response; struct iscsi_bhs_login_response *bhslr2; struct keys *request_keys, *response_keys; int i; bool redirected, skipped_security; if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { /* * Query the kernel for various size limits. In case of * offload, it depends on hardware capabilities. */ assert(conn->conn_target != NULL); conn->conn_max_recv_data_segment_limit = (1 << 24) - 1; conn->conn_max_send_data_segment_limit = (1 << 24) - 1; conn->conn_max_burst_limit = (1 << 24) - 1; conn->conn_first_burst_limit = (1 << 24) - 1; kernel_limits(conn->conn_portal->p_portal_group->pg_offload, &conn->conn_max_recv_data_segment_limit, &conn->conn_max_send_data_segment_limit, &conn->conn_max_burst_limit, &conn->conn_first_burst_limit); /* We expect legal, usable values at this point. */ assert(conn->conn_max_recv_data_segment_limit >= 512); assert(conn->conn_max_recv_data_segment_limit < (1 << 24)); assert(conn->conn_max_send_data_segment_limit >= 512); assert(conn->conn_max_send_data_segment_limit < (1 << 24)); assert(conn->conn_max_burst_limit >= 512); assert(conn->conn_max_burst_limit < (1 << 24)); assert(conn->conn_first_burst_limit >= 512); assert(conn->conn_first_burst_limit < (1 << 24)); assert(conn->conn_first_burst_limit <= conn->conn_max_burst_limit); /* * Limit default send length in case it won't be negotiated. * We can't do it for other limits, since they may affect both * sender and receiver operation, and we must obey defaults. */ if (conn->conn_max_send_data_segment_limit < conn->conn_max_send_data_segment_length) { conn->conn_max_send_data_segment_length = conn->conn_max_send_data_segment_limit; } } else { conn->conn_max_recv_data_segment_limit = MAX_DATA_SEGMENT_LENGTH; conn->conn_max_send_data_segment_limit = MAX_DATA_SEGMENT_LENGTH; } if (request == NULL) { log_debugx("beginning operational parameter negotiation; " "waiting for Login PDU"); request = login_receive(conn, false); skipped_security = false; } else skipped_security = true; /* * RFC 3720, 10.13.5. Status-Class and Status-Detail, says * the redirection SHOULD be accepted by the initiator before * authentication, but MUST be accepted afterwards; that's * why we're doing it here and not earlier. */ redirected = login_target_redirect(conn, request); if (redirected) { log_debugx("initiator redirected; exiting"); exit(0); } request_keys = keys_new(); keys_load(request_keys, request); response = login_new_response(request); bhslr2 = (struct iscsi_bhs_login_response *)response->pdu_bhs; bhslr2->bhslr_tsih = htons(0xbadd); login_set_csg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); login_set_nsg(response, BHSLR_STAGE_FULL_FEATURE_PHASE); response_keys = keys_new(); if (skipped_security && conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { if (conn->conn_target->t_alias != NULL) keys_add(response_keys, "TargetAlias", conn->conn_target->t_alias); keys_add_int(response_keys, "TargetPortalGroupTag", conn->conn_portal->p_portal_group->pg_tag); } for (i = 0; i < KEYS_MAX; i++) { if (request_keys->keys_names[i] == NULL) break; login_negotiate_key(request, request_keys->keys_names[i], request_keys->keys_values[i], skipped_security, response_keys); } /* * We'd started with usable values at our end. But a bad initiator * could have presented a large FirstBurstLength and then a smaller * MaxBurstLength (in that order) and because we process the key/value * pairs in the order they are in the request we might have ended up * with illegal values here. */ if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL && conn->conn_first_burst_length > conn->conn_max_burst_length) { log_errx(1, "initiator sent FirstBurstLength > MaxBurstLength"); } log_debugx("operational parameter negotiation done; " "transitioning to Full Feature Phase"); keys_save(response_keys, response); pdu_send(response); pdu_delete(response); keys_delete(response_keys); pdu_delete(request); keys_delete(request_keys); } static void login_wait_transition(struct connection *conn) { struct pdu *request, *response; struct iscsi_bhs_login_request *bhslr; log_debugx("waiting for state transition request"); request = login_receive(conn, false); bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs; if ((bhslr->bhslr_flags & BHSLR_FLAGS_TRANSIT) == 0) { login_send_error(request, 0x02, 0x00); log_errx(1, "got no \"T\" flag after answering AuthMethod"); } log_debugx("got state transition request"); response = login_new_response(request); pdu_delete(request); login_set_nsg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); pdu_send(response); pdu_delete(response); login_negotiate(conn, NULL); } void login(struct connection *conn) { struct pdu *request, *response; struct iscsi_bhs_login_request *bhslr; struct keys *request_keys, *response_keys; struct auth_group *ag; struct portal_group *pg; const char *initiator_name, *initiator_alias, *session_type, *target_name, *auth_method; bool redirected, fail, trans; /* * Handle the initial Login Request - figure out required authentication * method and either transition to the next phase, if no authentication * is required, or call appropriate authentication code. */ log_debugx("beginning Login Phase; waiting for Login PDU"); request = login_receive(conn, true); bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs; if (bhslr->bhslr_tsih != 0) { login_send_error(request, 0x02, 0x0a); log_errx(1, "received Login PDU with non-zero TSIH"); } pg = conn->conn_portal->p_portal_group; memcpy(conn->conn_initiator_isid, bhslr->bhslr_isid, sizeof(conn->conn_initiator_isid)); /* * XXX: Implement the C flag some day. */ request_keys = keys_new(); keys_load(request_keys, request); assert(conn->conn_initiator_name == NULL); initiator_name = keys_find(request_keys, "InitiatorName"); if (initiator_name == NULL) { login_send_error(request, 0x02, 0x07); log_errx(1, "received Login PDU without InitiatorName"); } if (valid_iscsi_name(initiator_name) == false) { login_send_error(request, 0x02, 0x00); log_errx(1, "received Login PDU with invalid InitiatorName"); } conn->conn_initiator_name = checked_strdup(initiator_name); log_set_peer_name(conn->conn_initiator_name); setproctitle("%s (%s)", conn->conn_initiator_addr, conn->conn_initiator_name); redirected = login_portal_redirect(conn, request); if (redirected) { log_debugx("initiator redirected; exiting"); exit(0); } initiator_alias = keys_find(request_keys, "InitiatorAlias"); if (initiator_alias != NULL) conn->conn_initiator_alias = checked_strdup(initiator_alias); assert(conn->conn_session_type == CONN_SESSION_TYPE_NONE); session_type = keys_find(request_keys, "SessionType"); if (session_type != NULL) { if (strcmp(session_type, "Normal") == 0) { conn->conn_session_type = CONN_SESSION_TYPE_NORMAL; } else if (strcmp(session_type, "Discovery") == 0) { conn->conn_session_type = CONN_SESSION_TYPE_DISCOVERY; } else { login_send_error(request, 0x02, 0x00); log_errx(1, "received Login PDU with invalid " "SessionType \"%s\"", session_type); } } else conn->conn_session_type = CONN_SESSION_TYPE_NORMAL; assert(conn->conn_target == NULL); if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { target_name = keys_find(request_keys, "TargetName"); if (target_name == NULL) { login_send_error(request, 0x02, 0x07); log_errx(1, "received Login PDU without TargetName"); } conn->conn_port = port_find_in_pg(pg, target_name); if (conn->conn_port == NULL) { login_send_error(request, 0x02, 0x03); log_errx(1, "requested target \"%s\" not found", target_name); } conn->conn_target = conn->conn_port->p_target; } /* * At this point we know what kind of authentication we need. */ if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { ag = conn->conn_port->p_auth_group; if (ag == NULL) ag = conn->conn_target->t_auth_group; if (ag->ag_name != NULL) { log_debugx("initiator requests to connect " "to target \"%s\"; auth-group \"%s\"", conn->conn_target->t_name, ag->ag_name); } else { log_debugx("initiator requests to connect " "to target \"%s\"", conn->conn_target->t_name); } } else { assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); ag = pg->pg_discovery_auth_group; if (ag->ag_name != NULL) { log_debugx("initiator requests " "discovery session; auth-group \"%s\"", ag->ag_name); } else { log_debugx("initiator requests discovery session"); } } if (ag->ag_type == AG_TYPE_DENY) { login_send_error(request, 0x02, 0x01); log_errx(1, "auth-type is \"deny\""); } if (ag->ag_type == AG_TYPE_UNKNOWN) { /* * This can happen with empty auth-group. */ login_send_error(request, 0x02, 0x01); log_errx(1, "auth-type not set, denying access"); } /* * Enforce initiator-name and initiator-portal. */ if (auth_name_check(ag, initiator_name) != 0) { login_send_error(request, 0x02, 0x02); log_errx(1, "initiator does not match allowed initiator names"); } if (auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { login_send_error(request, 0x02, 0x02); log_errx(1, "initiator does not match allowed " "initiator portals"); } /* * Let's see if the initiator intends to do any kind of authentication * at all. */ if (login_csg(request) == BHSLR_STAGE_OPERATIONAL_NEGOTIATION) { if (ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { login_send_error(request, 0x02, 0x01); log_errx(1, "initiator skipped the authentication, " "but authentication is required"); } keys_delete(request_keys); log_debugx("initiator skipped the authentication, " "and we don't need it; proceeding with negotiation"); login_negotiate(conn, request); return; } fail = false; response = login_new_response(request); response_keys = keys_new(); trans = (bhslr->bhslr_flags & BHSLR_FLAGS_TRANSIT) != 0; auth_method = keys_find(request_keys, "AuthMethod"); if (ag->ag_type == AG_TYPE_NO_AUTHENTICATION) { log_debugx("authentication not required"); if (auth_method == NULL || login_list_contains(auth_method, "None")) { keys_add(response_keys, "AuthMethod", "None"); } else { log_warnx("initiator requests " "AuthMethod \"%s\" instead of \"None\"", auth_method); keys_add(response_keys, "AuthMethod", "Reject"); } if (trans) login_set_nsg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); } else { log_debugx("CHAP authentication required"); if (auth_method == NULL || login_list_contains(auth_method, "CHAP")) { keys_add(response_keys, "AuthMethod", "CHAP"); } else { log_warnx("initiator requests unsupported " "AuthMethod \"%s\" instead of \"CHAP\"", auth_method); keys_add(response_keys, "AuthMethod", "Reject"); fail = true; } } if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { if (conn->conn_target->t_alias != NULL) keys_add(response_keys, "TargetAlias", conn->conn_target->t_alias); keys_add_int(response_keys, "TargetPortalGroupTag", pg->pg_tag); } keys_save(response_keys, response); pdu_send(response); pdu_delete(response); keys_delete(response_keys); pdu_delete(request); keys_delete(request_keys); if (fail) { log_debugx("sent reject for AuthMethod; exiting"); exit(1); } if (ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { login_chap(conn, ag); login_negotiate(conn, NULL); } else if (trans) { login_negotiate(conn, NULL); } else { login_wait_transition(conn); } } Index: head/usr.sbin/ctld/parse.y =================================================================== --- head/usr.sbin/ctld/parse.y (revision 367104) +++ head/usr.sbin/ctld/parse.y (revision 367105) @@ -1,1164 +1,1163 @@ %{ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include #include #include #include #include "ctld.h" #include #include extern FILE *yyin; extern char *yytext; extern int lineno; static struct conf *conf = NULL; static struct auth_group *auth_group = NULL; static struct portal_group *portal_group = NULL; static struct target *target = NULL; static struct lun *lun = NULL; extern void yyerror(const char *); extern int yylex(void); extern void yyrestart(FILE *); %} %token ALIAS AUTH_GROUP AUTH_TYPE BACKEND BLOCKSIZE CHAP CHAP_MUTUAL %token CLOSING_BRACKET CTL_LUN DEBUG DEVICE_ID DEVICE_TYPE %token DISCOVERY_AUTH_GROUP DISCOVERY_FILTER DSCP FOREIGN %token INITIATOR_NAME INITIATOR_PORTAL ISNS_SERVER ISNS_PERIOD ISNS_TIMEOUT %token LISTEN LISTEN_ISER LUN MAXPROC OFFLOAD OPENING_BRACKET OPTION %token PATH PCP PIDFILE PORT PORTAL_GROUP REDIRECT SEMICOLON SERIAL %token SIZE STR TAG TARGET TIMEOUT %token AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 %token BE EF CS0 CS1 CS2 CS3 CS4 CS5 CS6 CS7 %union { char *str; } %token STR %% statements: | statements statement | statements statement SEMICOLON ; statement: debug | timeout | maxproc | pidfile | isns_server | isns_period | isns_timeout | auth_group | portal_group | lun | target ; debug: DEBUG STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } conf->conf_debug = tmp; } ; timeout: TIMEOUT STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } conf->conf_timeout = tmp; } ; maxproc: MAXPROC STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } conf->conf_maxproc = tmp; } ; pidfile: PIDFILE STR { if (conf->conf_pidfile_path != NULL) { log_warnx("pidfile specified more than once"); free($2); return (1); } conf->conf_pidfile_path = $2; } ; isns_server: ISNS_SERVER STR { int error; error = isns_new(conf, $2); free($2); if (error != 0) return (1); } ; isns_period: ISNS_PERIOD STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } conf->conf_isns_period = tmp; } ; isns_timeout: ISNS_TIMEOUT STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } conf->conf_isns_timeout = tmp; } ; auth_group: AUTH_GROUP auth_group_name OPENING_BRACKET auth_group_entries CLOSING_BRACKET { auth_group = NULL; } ; auth_group_name: STR { /* * Make it possible to redefine default * auth-group. but only once. */ if (strcmp($1, "default") == 0 && conf->conf_default_ag_defined == false) { auth_group = auth_group_find(conf, $1); conf->conf_default_ag_defined = true; } else { auth_group = auth_group_new(conf, $1); } free($1); if (auth_group == NULL) return (1); } ; auth_group_entries: | auth_group_entries auth_group_entry | auth_group_entries auth_group_entry SEMICOLON ; auth_group_entry: auth_group_auth_type | auth_group_chap | auth_group_chap_mutual | auth_group_initiator_name | auth_group_initiator_portal ; auth_group_auth_type: AUTH_TYPE STR { int error; error = auth_group_set_type(auth_group, $2); free($2); if (error != 0) return (1); } ; auth_group_chap: CHAP STR STR { const struct auth *ca; ca = auth_new_chap(auth_group, $2, $3); free($2); free($3); if (ca == NULL) return (1); } ; auth_group_chap_mutual: CHAP_MUTUAL STR STR STR STR { const struct auth *ca; ca = auth_new_chap_mutual(auth_group, $2, $3, $4, $5); free($2); free($3); free($4); free($5); if (ca == NULL) return (1); } ; auth_group_initiator_name: INITIATOR_NAME STR { const struct auth_name *an; an = auth_name_new(auth_group, $2); free($2); if (an == NULL) return (1); } ; auth_group_initiator_portal: INITIATOR_PORTAL STR { const struct auth_portal *ap; ap = auth_portal_new(auth_group, $2); free($2); if (ap == NULL) return (1); } ; portal_group: PORTAL_GROUP portal_group_name OPENING_BRACKET portal_group_entries CLOSING_BRACKET { portal_group = NULL; } ; portal_group_name: STR { /* * Make it possible to redefine default * portal-group. but only once. */ if (strcmp($1, "default") == 0 && conf->conf_default_pg_defined == false) { portal_group = portal_group_find(conf, $1); conf->conf_default_pg_defined = true; } else { portal_group = portal_group_new(conf, $1); } free($1); if (portal_group == NULL) return (1); } ; portal_group_entries: | portal_group_entries portal_group_entry | portal_group_entries portal_group_entry SEMICOLON ; portal_group_entry: portal_group_discovery_auth_group | portal_group_discovery_filter | portal_group_foreign | portal_group_listen | portal_group_listen_iser | portal_group_offload | portal_group_option | portal_group_redirect | portal_group_tag | portal_group_dscp | portal_group_pcp ; portal_group_discovery_auth_group: DISCOVERY_AUTH_GROUP STR { if (portal_group->pg_discovery_auth_group != NULL) { log_warnx("discovery-auth-group for portal-group " "\"%s\" specified more than once", portal_group->pg_name); return (1); } portal_group->pg_discovery_auth_group = auth_group_find(conf, $2); if (portal_group->pg_discovery_auth_group == NULL) { log_warnx("unknown discovery-auth-group \"%s\" " "for portal-group \"%s\"", $2, portal_group->pg_name); return (1); } free($2); } ; portal_group_discovery_filter: DISCOVERY_FILTER STR { int error; error = portal_group_set_filter(portal_group, $2); free($2); if (error != 0) return (1); } ; portal_group_foreign: FOREIGN { portal_group->pg_foreign = 1; } ; portal_group_listen: LISTEN STR { int error; error = portal_group_add_listen(portal_group, $2, false); free($2); if (error != 0) return (1); } ; portal_group_listen_iser: LISTEN_ISER STR { int error; error = portal_group_add_listen(portal_group, $2, true); free($2); if (error != 0) return (1); } ; portal_group_offload: OFFLOAD STR { int error; error = portal_group_set_offload(portal_group, $2); free($2); if (error != 0) return (1); } ; portal_group_option: OPTION STR STR { struct option *o; o = option_new(&portal_group->pg_options, $2, $3); free($2); free($3); if (o == NULL) return (1); } ; portal_group_redirect: REDIRECT STR { int error; error = portal_group_set_redirection(portal_group, $2); free($2); if (error != 0) return (1); } ; portal_group_tag: TAG STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } portal_group->pg_tag = tmp; } ; portal_group_dscp : DSCP STR { uint64_t tmp; if (strcmp($2, "0x") == 0) { tmp = strtol($2 + 2, NULL, 16); } else if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return(1); } if (tmp >= 0x40) { yyerror("invalid dscp value"); return(1); } portal_group->pg_dscp = tmp; } | DSCP BE { portal_group->pg_dscp = IPTOS_DSCP_CS0 >> 2 ; } | DSCP EF { portal_group->pg_dscp = IPTOS_DSCP_EF >> 2 ; } | DSCP CS0 { portal_group->pg_dscp = IPTOS_DSCP_CS0 >> 2 ; } | DSCP CS1 { portal_group->pg_dscp = IPTOS_DSCP_CS1 >> 2 ; } | DSCP CS2 { portal_group->pg_dscp = IPTOS_DSCP_CS2 >> 2 ; } | DSCP CS3 { portal_group->pg_dscp = IPTOS_DSCP_CS3 >> 2 ; } | DSCP CS4 { portal_group->pg_dscp = IPTOS_DSCP_CS4 >> 2 ; } | DSCP CS5 { portal_group->pg_dscp = IPTOS_DSCP_CS5 >> 2 ; } | DSCP CS6 { portal_group->pg_dscp = IPTOS_DSCP_CS6 >> 2 ; } | DSCP CS7 { portal_group->pg_dscp = IPTOS_DSCP_CS7 >> 2 ; } | DSCP AF11 { portal_group->pg_dscp = IPTOS_DSCP_AF11 >> 2 ; } | DSCP AF12 { portal_group->pg_dscp = IPTOS_DSCP_AF12 >> 2 ; } | DSCP AF13 { portal_group->pg_dscp = IPTOS_DSCP_AF13 >> 2 ; } | DSCP AF21 { portal_group->pg_dscp = IPTOS_DSCP_AF21 >> 2 ; } | DSCP AF22 { portal_group->pg_dscp = IPTOS_DSCP_AF22 >> 2 ; } | DSCP AF23 { portal_group->pg_dscp = IPTOS_DSCP_AF23 >> 2 ; } | DSCP AF31 { portal_group->pg_dscp = IPTOS_DSCP_AF31 >> 2 ; } | DSCP AF32 { portal_group->pg_dscp = IPTOS_DSCP_AF32 >> 2 ; } | DSCP AF33 { portal_group->pg_dscp = IPTOS_DSCP_AF33 >> 2 ; } | DSCP AF41 { portal_group->pg_dscp = IPTOS_DSCP_AF41 >> 2 ; } | DSCP AF42 { portal_group->pg_dscp = IPTOS_DSCP_AF42 >> 2 ; } | DSCP AF43 { portal_group->pg_dscp = IPTOS_DSCP_AF43 >> 2 ; } ; portal_group_pcp: PCP STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } if (!((tmp >= 0) && (tmp <= 7))) { yyerror("invalid pcp value"); free($2); return (1); } portal_group->pg_pcp = tmp; } ; lun: LUN lun_name OPENING_BRACKET lun_entries CLOSING_BRACKET { lun = NULL; } ; lun_name: STR { lun = lun_new(conf, $1); free($1); if (lun == NULL) return (1); } ; target: TARGET target_name OPENING_BRACKET target_entries CLOSING_BRACKET { target = NULL; } ; target_name: STR { target = target_new(conf, $1); free($1); if (target == NULL) return (1); } ; target_entries: | target_entries target_entry | target_entries target_entry SEMICOLON ; target_entry: target_alias | target_auth_group | target_auth_type | target_chap | target_chap_mutual | target_initiator_name | target_initiator_portal | target_portal_group | target_port | target_redirect | target_lun | target_lun_ref ; target_alias: ALIAS STR { if (target->t_alias != NULL) { log_warnx("alias for target \"%s\" " "specified more than once", target->t_name); return (1); } target->t_alias = $2; } ; target_auth_group: AUTH_GROUP STR { if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) log_warnx("auth-group for target \"%s\" " "specified more than once", target->t_name); else log_warnx("cannot use both auth-group and explicit " "authorisations for target \"%s\"", target->t_name); return (1); } target->t_auth_group = auth_group_find(conf, $2); if (target->t_auth_group == NULL) { log_warnx("unknown auth-group \"%s\" for target " "\"%s\"", $2, target->t_name); return (1); } free($2); } ; target_auth_type: AUTH_TYPE STR { int error; if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { log_warnx("cannot use both auth-group and " "auth-type for target \"%s\"", target->t_name); return (1); } } else { target->t_auth_group = auth_group_new(conf, NULL); if (target->t_auth_group == NULL) { free($2); return (1); } target->t_auth_group->ag_target = target; } error = auth_group_set_type(target->t_auth_group, $2); free($2); if (error != 0) return (1); } ; target_chap: CHAP STR STR { const struct auth *ca; if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { log_warnx("cannot use both auth-group and " "chap for target \"%s\"", target->t_name); free($2); free($3); return (1); } } else { target->t_auth_group = auth_group_new(conf, NULL); if (target->t_auth_group == NULL) { free($2); free($3); return (1); } target->t_auth_group->ag_target = target; } ca = auth_new_chap(target->t_auth_group, $2, $3); free($2); free($3); if (ca == NULL) return (1); } ; target_chap_mutual: CHAP_MUTUAL STR STR STR STR { const struct auth *ca; if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { log_warnx("cannot use both auth-group and " "chap-mutual for target \"%s\"", target->t_name); free($2); free($3); free($4); free($5); return (1); } } else { target->t_auth_group = auth_group_new(conf, NULL); if (target->t_auth_group == NULL) { free($2); free($3); free($4); free($5); return (1); } target->t_auth_group->ag_target = target; } ca = auth_new_chap_mutual(target->t_auth_group, $2, $3, $4, $5); free($2); free($3); free($4); free($5); if (ca == NULL) return (1); } ; target_initiator_name: INITIATOR_NAME STR { const struct auth_name *an; if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { log_warnx("cannot use both auth-group and " "initiator-name for target \"%s\"", target->t_name); free($2); return (1); } } else { target->t_auth_group = auth_group_new(conf, NULL); if (target->t_auth_group == NULL) { free($2); return (1); } target->t_auth_group->ag_target = target; } an = auth_name_new(target->t_auth_group, $2); free($2); if (an == NULL) return (1); } ; target_initiator_portal: INITIATOR_PORTAL STR { const struct auth_portal *ap; if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { log_warnx("cannot use both auth-group and " "initiator-portal for target \"%s\"", target->t_name); free($2); return (1); } } else { target->t_auth_group = auth_group_new(conf, NULL); if (target->t_auth_group == NULL) { free($2); return (1); } target->t_auth_group->ag_target = target; } ap = auth_portal_new(target->t_auth_group, $2); free($2); if (ap == NULL) return (1); } ; target_portal_group: PORTAL_GROUP STR STR { struct portal_group *tpg; struct auth_group *tag; struct port *tp; tpg = portal_group_find(conf, $2); if (tpg == NULL) { log_warnx("unknown portal-group \"%s\" for target " "\"%s\"", $2, target->t_name); free($2); free($3); return (1); } tag = auth_group_find(conf, $3); if (tag == NULL) { log_warnx("unknown auth-group \"%s\" for target " "\"%s\"", $3, target->t_name); free($2); free($3); return (1); } tp = port_new(conf, target, tpg); if (tp == NULL) { log_warnx("can't link portal-group \"%s\" to target " "\"%s\"", $2, target->t_name); free($2); return (1); } tp->p_auth_group = tag; free($2); free($3); } | PORTAL_GROUP STR { struct portal_group *tpg; struct port *tp; tpg = portal_group_find(conf, $2); if (tpg == NULL) { log_warnx("unknown portal-group \"%s\" for target " "\"%s\"", $2, target->t_name); free($2); return (1); } tp = port_new(conf, target, tpg); if (tp == NULL) { log_warnx("can't link portal-group \"%s\" to target " "\"%s\"", $2, target->t_name); free($2); return (1); } free($2); } ; target_port: PORT STR { struct pport *pp; struct port *tp; int ret, i_pp, i_vp = 0; ret = sscanf($2, "ioctl/%d/%d", &i_pp, &i_vp); if (ret > 0) { tp = port_new_ioctl(conf, target, i_pp, i_vp); if (tp == NULL) { log_warnx("can't create new ioctl port for " "target \"%s\"", target->t_name); free($2); return (1); } } else { pp = pport_find(conf, $2); if (pp == NULL) { log_warnx("unknown port \"%s\" for target \"%s\"", $2, target->t_name); free($2); return (1); } if (!TAILQ_EMPTY(&pp->pp_ports)) { log_warnx("can't link port \"%s\" to target \"%s\", " "port already linked to some target", $2, target->t_name); free($2); return (1); } tp = port_new_pp(conf, target, pp); if (tp == NULL) { log_warnx("can't link port \"%s\" to target \"%s\"", $2, target->t_name); free($2); return (1); } } free($2); } ; target_redirect: REDIRECT STR { int error; error = target_set_redirection(target, $2); free($2); if (error != 0) return (1); } ; target_lun: LUN lun_number OPENING_BRACKET lun_entries CLOSING_BRACKET { lun = NULL; } ; lun_number: STR { uint64_t tmp; int ret; char *name; if (expand_number($1, &tmp) != 0) { yyerror("invalid numeric value"); free($1); return (1); } if (tmp >= MAX_LUNS) { yyerror("LU number is too big"); free($1); return (1); } ret = asprintf(&name, "%s,lun,%ju", target->t_name, tmp); if (ret <= 0) log_err(1, "asprintf"); lun = lun_new(conf, name); if (lun == NULL) return (1); lun_set_scsiname(lun, name); target->t_luns[tmp] = lun; } ; target_lun_ref: LUN STR STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); free($3); return (1); } free($2); if (tmp >= MAX_LUNS) { yyerror("LU number is too big"); free($3); return (1); } lun = lun_find(conf, $3); free($3); if (lun == NULL) return (1); target->t_luns[tmp] = lun; } ; lun_entries: | lun_entries lun_entry | lun_entries lun_entry SEMICOLON ; lun_entry: lun_backend | lun_blocksize | lun_device_id | lun_device_type | lun_ctl_lun | lun_option | lun_path | lun_serial | lun_size ; lun_backend: BACKEND STR { if (lun->l_backend != NULL) { log_warnx("backend for lun \"%s\" " "specified more than once", lun->l_name); free($2); return (1); } lun_set_backend(lun, $2); free($2); } ; lun_blocksize: BLOCKSIZE STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } if (lun->l_blocksize != 0) { log_warnx("blocksize for lun \"%s\" " "specified more than once", lun->l_name); return (1); } lun_set_blocksize(lun, tmp); } ; lun_device_id: DEVICE_ID STR { if (lun->l_device_id != NULL) { log_warnx("device_id for lun \"%s\" " "specified more than once", lun->l_name); free($2); return (1); } lun_set_device_id(lun, $2); free($2); } ; lun_device_type: DEVICE_TYPE STR { uint64_t tmp; if (strcasecmp($2, "disk") == 0 || strcasecmp($2, "direct") == 0) tmp = 0; else if (strcasecmp($2, "processor") == 0) tmp = 3; else if (strcasecmp($2, "cd") == 0 || strcasecmp($2, "cdrom") == 0 || strcasecmp($2, "dvd") == 0 || strcasecmp($2, "dvdrom") == 0) tmp = 5; else if (expand_number($2, &tmp) != 0 || tmp > 15) { yyerror("invalid numeric value"); free($2); return (1); } lun_set_device_type(lun, tmp); } ; lun_ctl_lun: CTL_LUN STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } if (lun->l_ctl_lun >= 0) { log_warnx("ctl_lun for lun \"%s\" " "specified more than once", lun->l_name); return (1); } lun_set_ctl_lun(lun, tmp); } ; lun_option: OPTION STR STR { struct option *o; o = option_new(&lun->l_options, $2, $3); free($2); free($3); if (o == NULL) return (1); } ; lun_path: PATH STR { if (lun->l_path != NULL) { log_warnx("path for lun \"%s\" " "specified more than once", lun->l_name); free($2); return (1); } lun_set_path(lun, $2); free($2); } ; lun_serial: SERIAL STR { if (lun->l_serial != NULL) { log_warnx("serial for lun \"%s\" " "specified more than once", lun->l_name); free($2); return (1); } lun_set_serial(lun, $2); free($2); } ; lun_size: SIZE STR { uint64_t tmp; if (expand_number($2, &tmp) != 0) { yyerror("invalid numeric value"); free($2); return (1); } if (lun->l_size != 0) { log_warnx("size for lun \"%s\" " "specified more than once", lun->l_name); return (1); } lun_set_size(lun, tmp); } ; %% void yyerror(const char *str) { log_warnx("error in configuration file at line %d near '%s': %s", lineno, yytext, str); } int parse_conf(struct conf *newconf, const char *path) { int error; conf = newconf; yyin = fopen(path, "r"); if (yyin == NULL) { log_warn("unable to open configuration file %s", path); return (1); } lineno = 1; yyrestart(yyin); error = yyparse(); auth_group = NULL; portal_group = NULL; target = NULL; lun = NULL; fclose(yyin); return (error); } Index: head/usr.sbin/ctld/pdu.c =================================================================== --- head/usr.sbin/ctld/pdu.c (revision 367104) +++ head/usr.sbin/ctld/pdu.c (revision 367105) @@ -1,269 +1,268 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include "ctld.h" #include "iscsi_proto.h" #ifdef ICL_KERNEL_PROXY #include #endif extern bool proxy_mode; static int pdu_ahs_length(const struct pdu *pdu) { return (pdu->pdu_bhs->bhs_total_ahs_len * 4); } static int pdu_data_segment_length(const struct pdu *pdu) { uint32_t len = 0; len += pdu->pdu_bhs->bhs_data_segment_len[0]; len <<= 8; len += pdu->pdu_bhs->bhs_data_segment_len[1]; len <<= 8; len += pdu->pdu_bhs->bhs_data_segment_len[2]; return (len); } static void pdu_set_data_segment_length(struct pdu *pdu, uint32_t len) { pdu->pdu_bhs->bhs_data_segment_len[2] = len; pdu->pdu_bhs->bhs_data_segment_len[1] = len >> 8; pdu->pdu_bhs->bhs_data_segment_len[0] = len >> 16; } struct pdu * pdu_new(struct connection *conn) { struct pdu *pdu; pdu = calloc(1, sizeof(*pdu)); if (pdu == NULL) log_err(1, "calloc"); pdu->pdu_bhs = calloc(1, sizeof(*pdu->pdu_bhs)); if (pdu->pdu_bhs == NULL) log_err(1, "calloc"); pdu->pdu_connection = conn; return (pdu); } struct pdu * pdu_new_response(struct pdu *request) { return (pdu_new(request->pdu_connection)); } #ifdef ICL_KERNEL_PROXY static void pdu_receive_proxy(struct pdu *pdu) { struct connection *conn; size_t len; assert(proxy_mode); conn = pdu->pdu_connection; kernel_receive(pdu); len = pdu_ahs_length(pdu); if (len > 0) log_errx(1, "protocol error: non-empty AHS"); len = pdu_data_segment_length(pdu); assert(len <= (size_t)conn->conn_max_recv_data_segment_length); pdu->pdu_data_len = len; } static void pdu_send_proxy(struct pdu *pdu) { assert(proxy_mode); pdu_set_data_segment_length(pdu, pdu->pdu_data_len); kernel_send(pdu); } #endif /* ICL_KERNEL_PROXY */ static size_t pdu_padding(const struct pdu *pdu) { if ((pdu->pdu_data_len % 4) != 0) return (4 - (pdu->pdu_data_len % 4)); return (0); } static void pdu_read(int fd, char *data, size_t len) { ssize_t ret; while (len > 0) { ret = read(fd, data, len); if (ret < 0) { if (timed_out()) log_errx(1, "exiting due to timeout"); log_err(1, "read"); } else if (ret == 0) log_errx(1, "read: connection lost"); len -= ret; data += ret; } } void pdu_receive(struct pdu *pdu) { struct connection *conn; size_t len, padding; char dummy[4]; #ifdef ICL_KERNEL_PROXY if (proxy_mode) return (pdu_receive_proxy(pdu)); #endif assert(proxy_mode == false); conn = pdu->pdu_connection; pdu_read(conn->conn_socket, (char *)pdu->pdu_bhs, sizeof(*pdu->pdu_bhs)); len = pdu_ahs_length(pdu); if (len > 0) log_errx(1, "protocol error: non-empty AHS"); len = pdu_data_segment_length(pdu); if (len > 0) { if (len > (size_t)conn->conn_max_recv_data_segment_length) { log_errx(1, "protocol error: received PDU " "with DataSegmentLength exceeding %d", conn->conn_max_recv_data_segment_length); } pdu->pdu_data_len = len; pdu->pdu_data = malloc(len); if (pdu->pdu_data == NULL) log_err(1, "malloc"); pdu_read(conn->conn_socket, (char *)pdu->pdu_data, pdu->pdu_data_len); padding = pdu_padding(pdu); if (padding != 0) { assert(padding < sizeof(dummy)); pdu_read(conn->conn_socket, (char *)dummy, padding); } } } void pdu_send(struct pdu *pdu) { ssize_t ret, total_len; size_t padding; uint32_t zero = 0; struct iovec iov[3]; int iovcnt; #ifdef ICL_KERNEL_PROXY if (proxy_mode) return (pdu_send_proxy(pdu)); #endif assert(proxy_mode == false); pdu_set_data_segment_length(pdu, pdu->pdu_data_len); iov[0].iov_base = pdu->pdu_bhs; iov[0].iov_len = sizeof(*pdu->pdu_bhs); total_len = iov[0].iov_len; iovcnt = 1; if (pdu->pdu_data_len > 0) { iov[1].iov_base = pdu->pdu_data; iov[1].iov_len = pdu->pdu_data_len; total_len += iov[1].iov_len; iovcnt = 2; padding = pdu_padding(pdu); if (padding > 0) { assert(padding < sizeof(zero)); iov[2].iov_base = &zero; iov[2].iov_len = padding; total_len += iov[2].iov_len; iovcnt = 3; } } ret = writev(pdu->pdu_connection->conn_socket, iov, iovcnt); if (ret < 0) { if (timed_out()) log_errx(1, "exiting due to timeout"); log_err(1, "writev"); } if (ret != total_len) log_errx(1, "short write"); } void pdu_delete(struct pdu *pdu) { free(pdu->pdu_data); free(pdu->pdu_bhs); free(pdu); } Index: head/usr.sbin/ctld/token.l =================================================================== --- head/usr.sbin/ctld/token.l (revision 367104) +++ head/usr.sbin/ctld/token.l (revision 367105) @@ -1,123 +1,122 @@ %{ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include "y.tab.h" int lineno; #define YY_DECL int yylex(void) extern int yylex(void); %} %option noyywrap %option noinput %option nounput %% alias { return ALIAS; } auth-group { return AUTH_GROUP; } auth-type { return AUTH_TYPE; } backend { return BACKEND; } blocksize { return BLOCKSIZE; } chap { return CHAP; } chap-mutual { return CHAP_MUTUAL; } ctl-lun { return CTL_LUN; } debug { return DEBUG; } device-id { return DEVICE_ID; } device-type { return DEVICE_TYPE; } discovery-auth-group { return DISCOVERY_AUTH_GROUP; } discovery-filter { return DISCOVERY_FILTER; } dscp { return DSCP; } pcp { return PCP; } foreign { return FOREIGN; } initiator-name { return INITIATOR_NAME; } initiator-portal { return INITIATOR_PORTAL; } listen { return LISTEN; } listen-iser { return LISTEN_ISER; } lun { return LUN; } maxproc { return MAXPROC; } offload { return OFFLOAD; } option { return OPTION; } path { return PATH; } pidfile { return PIDFILE; } isns-server { return ISNS_SERVER; } isns-period { return ISNS_PERIOD; } isns-timeout { return ISNS_TIMEOUT; } port { return PORT; } portal-group { return PORTAL_GROUP; } redirect { return REDIRECT; } serial { return SERIAL; } size { return SIZE; } tag { return TAG; } target { return TARGET; } timeout { return TIMEOUT; } af11 { return AF11; } af12 { return AF12; } af13 { return AF13; } af21 { return AF21; } af22 { return AF22; } af23 { return AF23; } af31 { return AF31; } af32 { return AF32; } af33 { return AF33; } af41 { return AF41; } af42 { return AF42; } af43 { return AF43; } be { return CS0; } ef { return EF; } cs0 { return CS0; } cs1 { return CS1; } cs2 { return CS2; } cs3 { return CS3; } cs4 { return CS4; } cs5 { return CS5; } cs6 { return CS6; } cs7 { return CS7; } \"[^"]+\" { yylval.str = strndup(yytext + 1, strlen(yytext) - 2); return STR; } [a-zA-Z0-9\.\-@_/\:\[\]]+ { yylval.str = strdup(yytext); return STR; } \{ { return OPENING_BRACKET; } \} { return CLOSING_BRACKET; } #.*$ /* ignore comments */; \r\n { lineno++; } \n { lineno++; } ; { return SEMICOLON; } [ \t]+ /* ignore whitespace */; . { yylval.str = strdup(yytext); return STR; } %% Index: head/usr.sbin/fstyp/fstyp.8 =================================================================== --- head/usr.sbin/fstyp/fstyp.8 (revision 367104) +++ head/usr.sbin/fstyp/fstyp.8 (revision 367105) @@ -1,135 +1,134 @@ .\" Copyright (c) 2014 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd December 24, 2019 .Dt FSTYP 8 .Os .Sh NAME .Nm fstyp .Nd determine filesystem type .Sh SYNOPSIS .Nm .Op Fl l .Op Fl s .Op Fl u .Ar special .Sh DESCRIPTION The .Nm utility is used to determine the filesystem type on a given device. It can recognize ISO-9660, exFAT, Ext2, FAT, NTFS, and UFS filesystems. When the .Fl u flag is specified, .Nm also recognizes certain additional metadata formats that cannot be handled using .Xr mount 8 , such as .Xr geli 8 providers, and ZFS pools. .Pp The filesystem name is printed to the standard output as, respectively: .Bl -item -offset indent -compact .It cd9660 .It exfat .It ext2fs .It geli .It hammer .It hammer2 .It msdosfs .It ntfs .It ufs .It zfs .El .Pp Because .Nm is built specifically to detect filesystem types, it differs from .Xr file 1 in several ways. The output is machine-parsable, filesystem labels are supported, the utility runs sandboxed using .Xr capsicum 4 , and does not try to recognize any file format other than filesystems. .Pp These options are available: .Bl -tag -width ".Fl l" .It Fl l In addition to filesystem type, print filesystem label if available. .It Fl s Ignore file type. By default, .Nm only works on regular files and disk-like device nodes. Trying to read other file types might have unexpected consequences or hang indefinitely. .It Fl u Include filesystems and devices that cannot be mounted directly by .Xr mount 8 . .El .Sh EXIT STATUS The .Nm utility exits 0 on success, and >0 if an error occurs or the filesystem type is not recognized. .Sh SEE ALSO .Xr file 1 , .Xr capsicum 4 , .Xr autofs 5 , .Xr geli 8 , .Xr glabel 8 , .Xr mount 8 , .Xr zpool 8 .Sh HISTORY The .Nm command appeared in .Fx 10.2 . .Sh AUTHORS .An -nosplit The .Nm utility was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. ZFS and GELI support was added by .An Allan Jude Aq Mt allanjude@FreeBSD.org . Index: head/usr.sbin/fstyp/fstyp.c =================================================================== --- head/usr.sbin/fstyp/fstyp.c (revision 367104) +++ head/usr.sbin/fstyp/fstyp.c (revision 367105) @@ -1,269 +1,268 @@ /*- * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #ifdef WITH_ICONV #include #endif #include #include #include #include #include #include #include #include #include "fstyp.h" #define LABEL_LEN 256 bool show_label = false; typedef int (*fstyp_function)(FILE *, char *, size_t); static struct { const char *name; fstyp_function function; bool unmountable; char *precache_encoding; } fstypes[] = { { "apfs", &fstyp_apfs, true, NULL }, { "cd9660", &fstyp_cd9660, false, NULL }, { "exfat", &fstyp_exfat, false, EXFAT_ENC }, { "ext2fs", &fstyp_ext2fs, false, NULL }, { "geli", &fstyp_geli, true, NULL }, { "hammer", &fstyp_hammer, true, NULL }, { "hammer2", &fstyp_hammer2, true, NULL }, { "hfs+", &fstyp_hfsp, false, NULL }, { "msdosfs", &fstyp_msdosfs, false, NULL }, { "ntfs", &fstyp_ntfs, false, NTFS_ENC }, { "ufs", &fstyp_ufs, false, NULL }, #ifdef HAVE_ZFS { "zfs", &fstyp_zfs, true, NULL }, #endif { NULL, NULL, NULL, NULL } }; void * read_buf(FILE *fp, off_t off, size_t len) { int error; size_t nread; void *buf; error = fseek(fp, off, SEEK_SET); if (error != 0) { warn("cannot seek to %jd", (uintmax_t)off); return (NULL); } buf = malloc(len); if (buf == NULL) { warn("cannot malloc %zd bytes of memory", len); return (NULL); } nread = fread(buf, len, 1, fp); if (nread != 1) { free(buf); if (feof(fp) == 0) warn("fread"); return (NULL); } return (buf); } char * checked_strdup(const char *s) { char *c; c = strdup(s); if (c == NULL) err(1, "strdup"); return (c); } void rtrim(char *label, size_t size) { ptrdiff_t i; for (i = size - 1; i >= 0; i--) { if (label[i] == '\0') continue; else if (label[i] == ' ') label[i] = '\0'; else break; } } static void usage(void) { fprintf(stderr, "usage: fstyp [-l] [-s] [-u] special\n"); exit(1); } static void type_check(const char *path, FILE *fp) { int error, fd; off_t mediasize; struct stat sb; fd = fileno(fp); error = fstat(fd, &sb); if (error != 0) err(1, "%s: fstat", path); if (S_ISREG(sb.st_mode)) return; error = ioctl(fd, DIOCGMEDIASIZE, &mediasize); if (error != 0) errx(1, "%s: not a disk", path); } int main(int argc, char **argv) { int ch, error, i, nbytes; bool ignore_type = false, show_unmountable = false; char label[LABEL_LEN + 1], strvised[LABEL_LEN * 4 + 1]; char *path; FILE *fp; fstyp_function fstyp_f; while ((ch = getopt(argc, argv, "lsu")) != -1) { switch (ch) { case 'l': show_label = true; break; case 's': ignore_type = true; break; case 'u': show_unmountable = true; break; default: usage(); } } argc -= optind; argv += optind; if (argc != 1) usage(); path = argv[0]; if (setlocale(LC_CTYPE, "") == NULL) err(1, "setlocale"); caph_cache_catpages(); #ifdef WITH_ICONV /* Cache iconv conversion data before entering capability mode. */ if (show_label) { for (i = 0; i < nitems(fstypes); i++) { iconv_t cd; if (fstypes[i].precache_encoding == NULL) continue; cd = iconv_open("", fstypes[i].precache_encoding); if (cd == (iconv_t)-1) err(1, "%s: iconv_open %s", fstypes[i].name, fstypes[i].precache_encoding); /* Iconv keeps a small cache of unused encodings. */ iconv_close(cd); } } #endif fp = fopen(path, "r"); if (fp == NULL) err(1, "%s", path); if (caph_enter() < 0) err(1, "cap_enter"); if (ignore_type == false) type_check(path, fp); memset(label, '\0', sizeof(label)); for (i = 0;; i++) { if (show_unmountable == false && fstypes[i].unmountable == true) continue; fstyp_f = fstypes[i].function; if (fstyp_f == NULL) break; error = fstyp_f(fp, label, sizeof(label)); if (error == 0) break; } if (fstypes[i].name == NULL) { warnx("%s: filesystem not recognized", path); return (1); } if (show_label && label[0] != '\0') { /* * XXX: I'd prefer VIS_HTTPSTYLE, but it unconditionally * encodes spaces. */ nbytes = strsnvis(strvised, sizeof(strvised), label, VIS_GLOB | VIS_NL, "\"'$"); if (nbytes == -1) err(1, "strsnvis"); printf("%s %s\n", fstypes[i].name, strvised); } else { printf("%s\n", fstypes[i].name); } return (0); } Index: head/usr.sbin/fstyp/fstyp.h =================================================================== --- head/usr.sbin/fstyp/fstyp.h (revision 367104) +++ head/usr.sbin/fstyp/fstyp.h (revision 367105) @@ -1,68 +1,67 @@ /*- * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef FSTYP_H #define FSTYP_H #include #define MIN(a,b) (((a)<(b))?(a):(b)) /* The spec doesn't seem to permit UTF-16 surrogates; definitely LE. */ #define EXFAT_ENC "UCS-2LE" /* * NTFS itself is agnostic to encoding; it just stores 255 u16 wchars. In * practice, UTF-16 seems expected for NTFS. (Maybe also for exFAT.) */ #define NTFS_ENC "UTF-16LE" extern bool show_label; /* -l flag */ void *read_buf(FILE *fp, off_t off, size_t len); char *checked_strdup(const char *s); void rtrim(char *label, size_t size); int fstyp_apfs(FILE *fp, char *label, size_t size); int fstyp_cd9660(FILE *fp, char *label, size_t size); int fstyp_exfat(FILE *fp, char *label, size_t size); int fstyp_ext2fs(FILE *fp, char *label, size_t size); int fstyp_geli(FILE *fp, char *label, size_t size); int fstyp_hammer(FILE *fp, char *label, size_t size); int fstyp_hammer2(FILE *fp, char *label, size_t size); int fstyp_hfsp(FILE *fp, char *label, size_t size); int fstyp_msdosfs(FILE *fp, char *label, size_t size); int fstyp_ntfs(FILE *fp, char *label, size_t size); int fstyp_ufs(FILE *fp, char *label, size_t size); #ifdef HAVE_ZFS int fstyp_zfs(FILE *fp, char *label, size_t size); #endif #endif /* !FSTYP_H */ Index: head/usr.sbin/iscsid/chap.c =================================================================== --- head/usr.sbin/iscsid/chap.c (revision 367104) +++ head/usr.sbin/iscsid/chap.c (revision 367105) @@ -1,424 +1,423 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include "iscsid.h" static void chap_compute_md5(const char id, const char *secret, const void *challenge, size_t challenge_len, void *response, size_t response_len) { MD5_CTX ctx; assert(response_len == CHAP_DIGEST_LEN); MD5Init(&ctx); MD5Update(&ctx, &id, sizeof(id)); MD5Update(&ctx, secret, strlen(secret)); MD5Update(&ctx, challenge, challenge_len); MD5Final(response, &ctx); } static int chap_hex2int(const char hex) { switch (hex) { case '0': return (0x00); case '1': return (0x01); case '2': return (0x02); case '3': return (0x03); case '4': return (0x04); case '5': return (0x05); case '6': return (0x06); case '7': return (0x07); case '8': return (0x08); case '9': return (0x09); case 'a': case 'A': return (0x0a); case 'b': case 'B': return (0x0b); case 'c': case 'C': return (0x0c); case 'd': case 'D': return (0x0d); case 'e': case 'E': return (0x0e); case 'f': case 'F': return (0x0f); default: return (-1); } } static int chap_b642bin(const char *b64, void **binp, size_t *bin_lenp) { char *bin; int b64_len, bin_len; b64_len = strlen(b64); bin_len = (b64_len + 3) / 4 * 3; bin = calloc(bin_len, 1); if (bin == NULL) log_err(1, "calloc"); bin_len = b64_pton(b64, bin, bin_len); if (bin_len < 0) { log_warnx("malformed base64 variable"); free(bin); return (-1); } *binp = bin; *bin_lenp = bin_len; return (0); } /* * XXX: Review this _carefully_. */ static int chap_hex2bin(const char *hex, void **binp, size_t *bin_lenp) { int i, hex_len, nibble; bool lo = true; /* As opposed to 'hi'. */ char *bin; size_t bin_off, bin_len; if (strncasecmp(hex, "0b", strlen("0b")) == 0) return (chap_b642bin(hex + 2, binp, bin_lenp)); if (strncasecmp(hex, "0x", strlen("0x")) != 0) { log_warnx("malformed variable, should start with \"0x\"" " or \"0b\""); return (-1); } hex += strlen("0x"); hex_len = strlen(hex); if (hex_len < 1) { log_warnx("malformed variable; doesn't contain anything " "but \"0x\""); return (-1); } bin_len = hex_len / 2 + hex_len % 2; bin = calloc(bin_len, 1); if (bin == NULL) log_err(1, "calloc"); bin_off = bin_len - 1; for (i = hex_len - 1; i >= 0; i--) { nibble = chap_hex2int(hex[i]); if (nibble < 0) { log_warnx("malformed variable, invalid char \"%c\"", hex[i]); free(bin); return (-1); } assert(bin_off < bin_len); if (lo) { bin[bin_off] = nibble; lo = false; } else { bin[bin_off] |= nibble << 4; bin_off--; lo = true; } } *binp = bin; *bin_lenp = bin_len; return (0); } #ifdef USE_BASE64 static char * chap_bin2hex(const char *bin, size_t bin_len) { unsigned char *b64, *tmp; size_t b64_len; b64_len = (bin_len + 2) / 3 * 4 + 3; /* +2 for "0b", +1 for '\0'. */ b64 = malloc(b64_len); if (b64 == NULL) log_err(1, "malloc"); tmp = b64; tmp += sprintf(tmp, "0b"); b64_ntop(bin, bin_len, tmp, b64_len - 2); return (b64); } #else static char * chap_bin2hex(const char *bin, size_t bin_len) { unsigned char *hex, *tmp, ch; size_t hex_len; size_t i; hex_len = bin_len * 2 + 3; /* +2 for "0x", +1 for '\0'. */ hex = malloc(hex_len); if (hex == NULL) log_err(1, "malloc"); tmp = hex; tmp += sprintf(tmp, "0x"); for (i = 0; i < bin_len; i++) { ch = bin[i]; tmp += sprintf(tmp, "%02x", ch); } return (hex); } #endif /* !USE_BASE64 */ struct chap * chap_new(void) { struct chap *chap; chap = calloc(1, sizeof(*chap)); if (chap == NULL) log_err(1, "calloc"); /* * Generate the challenge. */ arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge)); arc4random_buf(&chap->chap_id, sizeof(chap->chap_id)); return (chap); } char * chap_get_id(const struct chap *chap) { char *chap_i; int ret; ret = asprintf(&chap_i, "%d", chap->chap_id); if (ret < 0) log_err(1, "asprintf"); return (chap_i); } char * chap_get_challenge(const struct chap *chap) { char *chap_c; chap_c = chap_bin2hex(chap->chap_challenge, sizeof(chap->chap_challenge)); return (chap_c); } static int chap_receive_bin(struct chap *chap, void *response, size_t response_len) { if (response_len != sizeof(chap->chap_response)) { log_debugx("got CHAP response with invalid length; " "got %zd, should be %zd", response_len, sizeof(chap->chap_response)); return (1); } memcpy(chap->chap_response, response, response_len); return (0); } int chap_receive(struct chap *chap, const char *response) { void *response_bin; size_t response_bin_len; int error; error = chap_hex2bin(response, &response_bin, &response_bin_len); if (error != 0) { log_debugx("got incorrectly encoded CHAP response \"%s\"", response); return (1); } error = chap_receive_bin(chap, response_bin, response_bin_len); free(response_bin); return (error); } int chap_authenticate(struct chap *chap, const char *secret) { char expected_response[CHAP_DIGEST_LEN]; chap_compute_md5(chap->chap_id, secret, chap->chap_challenge, sizeof(chap->chap_challenge), expected_response, sizeof(expected_response)); if (memcmp(chap->chap_response, expected_response, sizeof(expected_response)) != 0) { return (-1); } return (0); } void chap_delete(struct chap *chap) { free(chap); } struct rchap * rchap_new(const char *secret) { struct rchap *rchap; rchap = calloc(1, sizeof(*rchap)); if (rchap == NULL) log_err(1, "calloc"); rchap->rchap_secret = checked_strdup(secret); return (rchap); } static void rchap_receive_bin(struct rchap *rchap, const unsigned char id, const void *challenge, size_t challenge_len) { rchap->rchap_id = id; rchap->rchap_challenge = calloc(challenge_len, 1); if (rchap->rchap_challenge == NULL) log_err(1, "calloc"); memcpy(rchap->rchap_challenge, challenge, challenge_len); rchap->rchap_challenge_len = challenge_len; } int rchap_receive(struct rchap *rchap, const char *id, const char *challenge) { unsigned char id_bin; void *challenge_bin; size_t challenge_bin_len; int error; id_bin = strtoul(id, NULL, 10); error = chap_hex2bin(challenge, &challenge_bin, &challenge_bin_len); if (error != 0) { log_debugx("got incorrectly encoded CHAP challenge \"%s\"", challenge); return (1); } rchap_receive_bin(rchap, id_bin, challenge_bin, challenge_bin_len); free(challenge_bin); return (0); } static void rchap_get_response_bin(struct rchap *rchap, void **responsep, size_t *response_lenp) { void *response_bin; size_t response_bin_len = CHAP_DIGEST_LEN; response_bin = calloc(response_bin_len, 1); if (response_bin == NULL) log_err(1, "calloc"); chap_compute_md5(rchap->rchap_id, rchap->rchap_secret, rchap->rchap_challenge, rchap->rchap_challenge_len, response_bin, response_bin_len); *responsep = response_bin; *response_lenp = response_bin_len; } char * rchap_get_response(struct rchap *rchap) { void *response; size_t response_len; char *chap_r; rchap_get_response_bin(rchap, &response, &response_len); chap_r = chap_bin2hex(response, response_len); free(response); return (chap_r); } void rchap_delete(struct rchap *rchap) { free(rchap->rchap_secret); free(rchap->rchap_challenge); free(rchap); } Index: head/usr.sbin/iscsid/discovery.c =================================================================== --- head/usr.sbin/iscsid/discovery.c (revision 367104) +++ head/usr.sbin/iscsid/discovery.c (revision 367105) @@ -1,234 +1,233 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include "iscsid.h" #include "iscsi_proto.h" static struct pdu * text_receive(struct connection *conn) { struct pdu *response; struct iscsi_bhs_text_response *bhstr; response = pdu_new(conn); pdu_receive(response); if (response->pdu_bhs->bhs_opcode != ISCSI_BHS_OPCODE_TEXT_RESPONSE) log_errx(1, "protocol error: received invalid opcode 0x%x", response->pdu_bhs->bhs_opcode); bhstr = (struct iscsi_bhs_text_response *)response->pdu_bhs; #if 0 if ((bhstr->bhstr_flags & BHSTR_FLAGS_FINAL) == 0) log_errx(1, "received Text PDU without the \"F\" flag"); #endif /* * XXX: Implement the C flag some day. */ if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0) log_errx(1, "received Text PDU with unsupported \"C\" flag"); if (ntohl(bhstr->bhstr_statsn) != conn->conn_statsn + 1) { log_errx(1, "received Text PDU with wrong StatSN: " "is %u, should be %u", ntohl(bhstr->bhstr_statsn), conn->conn_statsn + 1); } conn->conn_statsn = ntohl(bhstr->bhstr_statsn); return (response); } static struct pdu * text_new_request(struct connection *conn) { struct pdu *request; struct iscsi_bhs_text_request *bhstr; request = pdu_new(conn); bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; bhstr->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_REQUEST | ISCSI_BHS_OPCODE_IMMEDIATE; bhstr->bhstr_flags = BHSTR_FLAGS_FINAL; bhstr->bhstr_initiator_task_tag = 0; bhstr->bhstr_target_transfer_tag = 0xffffffff; bhstr->bhstr_initiator_task_tag = 0; /* XXX */ bhstr->bhstr_cmdsn = 0; /* XXX */ bhstr->bhstr_expstatsn = htonl(conn->conn_statsn + 1); return (request); } static struct pdu * logout_receive(struct connection *conn) { struct pdu *response; struct iscsi_bhs_logout_response *bhslr; response = pdu_new(conn); pdu_receive(response); if (response->pdu_bhs->bhs_opcode != ISCSI_BHS_OPCODE_LOGOUT_RESPONSE) log_errx(1, "protocol error: received invalid opcode 0x%x", response->pdu_bhs->bhs_opcode); bhslr = (struct iscsi_bhs_logout_response *)response->pdu_bhs; if (ntohs(bhslr->bhslr_response) != BHSLR_RESPONSE_CLOSED_SUCCESSFULLY) log_warnx("received Logout Response with reason %d", ntohs(bhslr->bhslr_response)); if (ntohl(bhslr->bhslr_statsn) != conn->conn_statsn + 1) { log_errx(1, "received Logout PDU with wrong StatSN: " "is %u, should be %u", ntohl(bhslr->bhslr_statsn), conn->conn_statsn + 1); } conn->conn_statsn = ntohl(bhslr->bhslr_statsn); return (response); } static struct pdu * logout_new_request(struct connection *conn) { struct pdu *request; struct iscsi_bhs_logout_request *bhslr; request = pdu_new(conn); bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; bhslr->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_REQUEST | ISCSI_BHS_OPCODE_IMMEDIATE; bhslr->bhslr_reason = BHSLR_REASON_CLOSE_SESSION; bhslr->bhslr_reason |= 0x80; bhslr->bhslr_initiator_task_tag = 0; /* XXX */ bhslr->bhslr_cmdsn = 0; /* XXX */ bhslr->bhslr_expstatsn = htonl(conn->conn_statsn + 1); return (request); } static void kernel_add(const struct connection *conn, const char *target) { struct iscsi_session_add isa; int error; memset(&isa, 0, sizeof(isa)); memcpy(&isa.isa_conf, &conn->conn_conf, sizeof(isa.isa_conf)); strlcpy(isa.isa_conf.isc_target, target, sizeof(isa.isa_conf.isc_target)); isa.isa_conf.isc_discovery = 0; error = ioctl(conn->conn_iscsi_fd, ISCSISADD, &isa); if (error != 0) log_warn("failed to add %s: ISCSISADD", target); } static void kernel_remove(const struct connection *conn) { struct iscsi_session_remove isr; int error; memset(&isr, 0, sizeof(isr)); isr.isr_session_id = conn->conn_session_id; error = ioctl(conn->conn_iscsi_fd, ISCSISREMOVE, &isr); if (error != 0) log_warn("ISCSISREMOVE"); } void discovery(struct connection *conn) { struct pdu *request, *response; struct keys *request_keys, *response_keys; int i; log_debugx("beginning discovery session"); request = text_new_request(conn); request_keys = keys_new(); keys_add(request_keys, "SendTargets", "All"); keys_save(request_keys, request); keys_delete(request_keys); request_keys = NULL; pdu_send(request); pdu_delete(request); request = NULL; log_debugx("waiting for Text Response"); response = text_receive(conn); response_keys = keys_new(); keys_load(response_keys, response); for (i = 0; i < KEYS_MAX; i++) { if (response_keys->keys_names[i] == NULL) break; if (strcmp(response_keys->keys_names[i], "TargetName") != 0) continue; log_debugx("adding target %s", response_keys->keys_values[i]); /* * XXX: Validate the target name? */ kernel_add(conn, response_keys->keys_values[i]); } keys_delete(response_keys); pdu_delete(response); log_debugx("removing temporary discovery session"); kernel_remove(conn); #ifdef ICL_KERNEL_PROXY if (conn->conn_conf.isc_iser == 1) { /* * If we're going through the proxy, the kernel already * sent Logout PDU for us and destroyed the session, * so we can't send anything anymore. */ log_debugx("discovery session done"); return; } #endif log_debugx("discovery done; logging out"); request = logout_new_request(conn); pdu_send(request); pdu_delete(request); request = NULL; log_debugx("waiting for Logout Response"); response = logout_receive(conn); pdu_delete(response); log_debugx("discovery session done"); } Index: head/usr.sbin/iscsid/iscsid.8 =================================================================== --- head/usr.sbin/iscsid/iscsid.8 (revision 367104) +++ head/usr.sbin/iscsid/iscsid.8 (revision 367105) @@ -1,118 +1,117 @@ .\" Copyright (c) 2012 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd May 28, 2017 .Dt ISCSID 8 .Os .Sh NAME .Nm iscsid .Nd iSCSI initiator daemon .Sh SYNOPSIS .Nm .Op Fl P Ar pidfile .Op Fl d .Op Fl l Ar loglevel .Op Fl m Ar maxproc .Op Fl t Ar seconds .Sh DESCRIPTION The .Nm daemon is the userspace component of the iSCSI initiator, responsible for performing the Login Phase of iSCSI connections and the SendTargets discovery. .Pp Upon startup, the .Nm daemon opens the iSCSI initiator device file and waits for requests from the kernel component, .Xr iscsi 4 . .Nm does not use any configuration files. All needed information is supplied by the kernel. .Pp When the .Nm daemon is not running, already established iSCSI connections continue to work. However, establishing new connections, or recovering existing ones in case of connection error, is not possible. .Pp The following options are available: .Bl -tag -width ".Fl P Ar pidfile" .It Fl P Ar pidfile Specify alternative location of a file where main process PID will be stored. The default location is .Pa /var/run/iscsid.pid . .It Fl d Debug mode. The daemon sends verbose debug output to standard error, and does not put itself in the background. The daemon will also not fork and will exit after processing one connection. This option is only intended for debugging the initiator. .It Fl l Ar loglevel Specifies debug level. The default is 0. .It Fl m Ar maxproc Specifies limit for concurrently running child processes handling connections. The default is 30. Setting it to 0 disables the limit. .It Fl t Ar seconds Specifies timeout for login session, after which the connection will be forcibly terminated. The default is 60. Setting it to 0 disables the timeout. .El .Sh FILES .Bl -tag -width ".Pa /var/run/iscsid.pid" -compact .It Pa /dev/iscsi The iSCSI initiator device file. .It Pa /var/run/iscsid.pid The default location of the .Nm PID file. .El .Sh EXIT STATUS The .Nm utility exits 0 on success, and >0 if an error occurs. .Sh SEE ALSO .Xr iscsi 4 , .Xr iscsictl 8 .Sh HISTORY The .Nm command appeared in .Fx 10.0 . .Sh AUTHORS The .Nm utility was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/usr.sbin/iscsid/iscsid.c =================================================================== --- head/usr.sbin/iscsid/iscsid.c (revision 367104) +++ head/usr.sbin/iscsid/iscsid.c (revision 367105) @@ -1,681 +1,680 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "iscsid.h" static volatile bool sigalrm_received = false; static int nchildren = 0; static void usage(void) { fprintf(stderr, "usage: iscsid [-P pidfile][-d][-m maxproc][-t timeout]\n"); exit(1); } char * checked_strdup(const char *s) { char *c; c = strdup(s); if (c == NULL) log_err(1, "strdup"); return (c); } static void resolve_addr(const struct connection *conn, const char *address, struct addrinfo **ai, bool initiator_side) { struct addrinfo hints; char *arg, *addr, *ch; const char *port; int error, colons = 0; arg = checked_strdup(address); if (arg[0] == '\0') { fail(conn, "empty address"); log_errx(1, "empty address"); } if (arg[0] == '[') { /* * IPv6 address in square brackets, perhaps with port. */ arg++; addr = strsep(&arg, "]"); if (arg == NULL) { fail(conn, "malformed address"); log_errx(1, "malformed address %s", address); } if (arg[0] == '\0') { port = NULL; } else if (arg[0] == ':') { port = arg + 1; } else { fail(conn, "malformed address"); log_errx(1, "malformed address %s", address); } } else { /* * Either IPv6 address without brackets - and without * a port - or IPv4 address. Just count the colons. */ for (ch = arg; *ch != '\0'; ch++) { if (*ch == ':') colons++; } if (colons > 1) { addr = arg; port = NULL; } else { addr = strsep(&arg, ":"); if (arg == NULL) port = NULL; else port = arg; } } if (port == NULL && !initiator_side) port = "3260"; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV; if (initiator_side) hints.ai_flags |= AI_PASSIVE; error = getaddrinfo(addr, port, &hints, ai); if (error != 0) { fail(conn, gai_strerror(error)); log_errx(1, "getaddrinfo for %s failed: %s", address, gai_strerror(error)); } } static struct connection * connection_new(int iscsi_fd, const struct iscsi_daemon_request *request) { struct connection *conn; struct iscsi_session_limits *isl; struct addrinfo *from_ai, *to_ai; const char *from_addr, *to_addr; #ifdef ICL_KERNEL_PROXY struct iscsi_daemon_connect idc; #endif int error, sockbuf; conn = calloc(1, sizeof(*conn)); if (conn == NULL) log_err(1, "calloc"); /* * Default values, from RFC 3720, section 12. */ conn->conn_protocol_level = 0; conn->conn_header_digest = CONN_DIGEST_NONE; conn->conn_data_digest = CONN_DIGEST_NONE; conn->conn_initial_r2t = true; conn->conn_immediate_data = true; conn->conn_max_recv_data_segment_length = 8192; conn->conn_max_send_data_segment_length = 8192; conn->conn_max_burst_length = 262144; conn->conn_first_burst_length = 65536; conn->conn_iscsi_fd = iscsi_fd; conn->conn_session_id = request->idr_session_id; memcpy(&conn->conn_conf, &request->idr_conf, sizeof(conn->conn_conf)); memcpy(&conn->conn_isid, &request->idr_isid, sizeof(conn->conn_isid)); conn->conn_tsih = request->idr_tsih; /* * Read the driver limits and provide reasonable defaults for the ones * the driver doesn't care about. If a max_snd_dsl is not explicitly * provided by the driver then we'll make sure both conn->max_snd_dsl * and isl->max_snd_dsl are set to the rcv_dsl. This preserves historic * behavior. */ isl = &conn->conn_limits; memcpy(isl, &request->idr_limits, sizeof(*isl)); if (isl->isl_max_recv_data_segment_length == 0) isl->isl_max_recv_data_segment_length = (1 << 24) - 1; if (isl->isl_max_send_data_segment_length == 0) isl->isl_max_send_data_segment_length = isl->isl_max_recv_data_segment_length; if (isl->isl_max_burst_length == 0) isl->isl_max_burst_length = (1 << 24) - 1; if (isl->isl_first_burst_length == 0) isl->isl_first_burst_length = (1 << 24) - 1; if (isl->isl_first_burst_length > isl->isl_max_burst_length) isl->isl_first_burst_length = isl->isl_max_burst_length; /* * Limit default send length in case it won't be negotiated. * We can't do it for other limits, since they may affect both * sender and receiver operation, and we must obey defaults. */ if (conn->conn_max_send_data_segment_length > isl->isl_max_send_data_segment_length) { conn->conn_max_send_data_segment_length = isl->isl_max_send_data_segment_length; } from_addr = conn->conn_conf.isc_initiator_addr; to_addr = conn->conn_conf.isc_target_addr; if (from_addr[0] != '\0') resolve_addr(conn, from_addr, &from_ai, true); else from_ai = NULL; resolve_addr(conn, to_addr, &to_ai, false); #ifdef ICL_KERNEL_PROXY if (conn->conn_conf.isc_iser) { memset(&idc, 0, sizeof(idc)); idc.idc_session_id = conn->conn_session_id; if (conn->conn_conf.isc_iser) idc.idc_iser = 1; idc.idc_domain = to_ai->ai_family; idc.idc_socktype = to_ai->ai_socktype; idc.idc_protocol = to_ai->ai_protocol; if (from_ai != NULL) { idc.idc_from_addr = from_ai->ai_addr; idc.idc_from_addrlen = from_ai->ai_addrlen; } idc.idc_to_addr = to_ai->ai_addr; idc.idc_to_addrlen = to_ai->ai_addrlen; log_debugx("connecting to %s using ICL kernel proxy", to_addr); error = ioctl(iscsi_fd, ISCSIDCONNECT, &idc); if (error != 0) { fail(conn, strerror(errno)); log_err(1, "failed to connect to %s " "using ICL kernel proxy: ISCSIDCONNECT", to_addr); } return (conn); } #endif /* ICL_KERNEL_PROXY */ if (conn->conn_conf.isc_iser) { fail(conn, "iSER not supported"); log_errx(1, "iscsid(8) compiled without ICL_KERNEL_PROXY " "does not support iSER"); } conn->conn_socket = socket(to_ai->ai_family, to_ai->ai_socktype, to_ai->ai_protocol); if (conn->conn_socket < 0) { fail(conn, strerror(errno)); log_err(1, "failed to create socket for %s", from_addr); } sockbuf = SOCKBUF_SIZE; if (setsockopt(conn->conn_socket, SOL_SOCKET, SO_RCVBUF, &sockbuf, sizeof(sockbuf)) == -1) log_warn("setsockopt(SO_RCVBUF) failed"); sockbuf = SOCKBUF_SIZE; if (setsockopt(conn->conn_socket, SOL_SOCKET, SO_SNDBUF, &sockbuf, sizeof(sockbuf)) == -1) log_warn("setsockopt(SO_SNDBUF) failed"); if (conn->conn_conf.isc_dscp != -1) { int tos = conn->conn_conf.isc_dscp << 2; if (to_ai->ai_family == AF_INET) { if (setsockopt(conn->conn_socket, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) log_warn("setsockopt(IP_TOS) " "failed for %s", from_addr); } else if (to_ai->ai_family == AF_INET6) { if (setsockopt(conn->conn_socket, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1) log_warn("setsockopt(IPV6_TCLASS) " "failed for %s", from_addr); } } if (conn->conn_conf.isc_pcp != -1) { int pcp = conn->conn_conf.isc_pcp; if (to_ai->ai_family == AF_INET) { if (setsockopt(conn->conn_socket, IPPROTO_IP, IP_VLAN_PCP, &pcp, sizeof(pcp)) == -1) log_warn("setsockopt(IP_VLAN_PCP) " "failed for %s", from_addr); } else if (to_ai->ai_family == AF_INET6) { if (setsockopt(conn->conn_socket, IPPROTO_IPV6, IPV6_VLAN_PCP, &pcp, sizeof(pcp)) == -1) log_warn("setsockopt(IPV6_VLAN_PCP) " "failed for %s", from_addr); } } if (from_ai != NULL) { error = bind(conn->conn_socket, from_ai->ai_addr, from_ai->ai_addrlen); if (error != 0) { fail(conn, strerror(errno)); log_err(1, "failed to bind to %s", from_addr); } } log_debugx("connecting to %s", to_addr); error = connect(conn->conn_socket, to_ai->ai_addr, to_ai->ai_addrlen); if (error != 0) { fail(conn, strerror(errno)); log_err(1, "failed to connect to %s", to_addr); } return (conn); } static void handoff(struct connection *conn) { struct iscsi_daemon_handoff idh; int error; log_debugx("handing off connection to the kernel"); memset(&idh, 0, sizeof(idh)); idh.idh_session_id = conn->conn_session_id; idh.idh_socket = conn->conn_socket; strlcpy(idh.idh_target_alias, conn->conn_target_alias, sizeof(idh.idh_target_alias)); idh.idh_tsih = conn->conn_tsih; idh.idh_statsn = conn->conn_statsn; idh.idh_protocol_level = conn->conn_protocol_level; idh.idh_header_digest = conn->conn_header_digest; idh.idh_data_digest = conn->conn_data_digest; idh.idh_initial_r2t = conn->conn_initial_r2t; idh.idh_immediate_data = conn->conn_immediate_data; idh.idh_max_recv_data_segment_length = conn->conn_max_recv_data_segment_length; idh.idh_max_send_data_segment_length = conn->conn_max_send_data_segment_length; idh.idh_max_burst_length = conn->conn_max_burst_length; idh.idh_first_burst_length = conn->conn_first_burst_length; error = ioctl(conn->conn_iscsi_fd, ISCSIDHANDOFF, &idh); if (error != 0) log_err(1, "ISCSIDHANDOFF"); } void fail(const struct connection *conn, const char *reason) { struct iscsi_daemon_fail idf; int error, saved_errno; saved_errno = errno; memset(&idf, 0, sizeof(idf)); idf.idf_session_id = conn->conn_session_id; strlcpy(idf.idf_reason, reason, sizeof(idf.idf_reason)); error = ioctl(conn->conn_iscsi_fd, ISCSIDFAIL, &idf); if (error != 0) log_err(1, "ISCSIDFAIL"); errno = saved_errno; } /* * XXX: I CANT INTO LATIN */ static void capsicate(struct connection *conn) { cap_rights_t rights; #ifdef ICL_KERNEL_PROXY const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE, ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD, ISCSISREMOVE, ISCSISMODIFY }; #else const unsigned long cmds[] = { ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD, ISCSISREMOVE, ISCSISMODIFY }; #endif cap_rights_init(&rights, CAP_IOCTL); if (caph_rights_limit(conn->conn_iscsi_fd, &rights) < 0) log_err(1, "cap_rights_limit"); if (caph_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)) < 0) log_err(1, "cap_ioctls_limit"); if (caph_enter() != 0) log_err(1, "cap_enter"); if (cap_sandboxed()) log_debugx("Capsicum capability mode enabled"); else log_warnx("Capsicum capability mode not supported"); } bool timed_out(void) { return (sigalrm_received); } static void sigalrm_handler(int dummy __unused) { /* * It would be easiest to just log an error and exit. We can't * do this, though, because log_errx() is not signal safe, since * it calls syslog(3). Instead, set a flag checked by pdu_send() * and pdu_receive(), to call log_errx() there. Should they fail * to notice, we'll exit here one second later. */ if (sigalrm_received) { /* * Oh well. Just give up and quit. */ _exit(2); } sigalrm_received = true; } static void set_timeout(int timeout) { struct sigaction sa; struct itimerval itv; int error; if (timeout <= 0) { log_debugx("session timeout disabled"); return; } bzero(&sa, sizeof(sa)); sa.sa_handler = sigalrm_handler; sigfillset(&sa.sa_mask); error = sigaction(SIGALRM, &sa, NULL); if (error != 0) log_err(1, "sigaction"); /* * First SIGALRM will arive after conf_timeout seconds. * If we do nothing, another one will arrive a second later. */ bzero(&itv, sizeof(itv)); itv.it_interval.tv_sec = 1; itv.it_value.tv_sec = timeout; log_debugx("setting session timeout to %d seconds", timeout); error = setitimer(ITIMER_REAL, &itv, NULL); if (error != 0) log_err(1, "setitimer"); } static void sigchld_handler(int dummy __unused) { /* * The only purpose of this handler is to make SIGCHLD * interrupt the ISCSIDWAIT ioctl(2), so we can call * wait_for_children(). */ } static void register_sigchld(void) { struct sigaction sa; int error; bzero(&sa, sizeof(sa)); sa.sa_handler = sigchld_handler; sigfillset(&sa.sa_mask); error = sigaction(SIGCHLD, &sa, NULL); if (error != 0) log_err(1, "sigaction"); } static void handle_request(int iscsi_fd, const struct iscsi_daemon_request *request, int timeout) { struct connection *conn; log_set_peer_addr(request->idr_conf.isc_target_addr); if (request->idr_conf.isc_target[0] != '\0') { log_set_peer_name(request->idr_conf.isc_target); setproctitle("%s (%s)", request->idr_conf.isc_target_addr, request->idr_conf.isc_target); } else { setproctitle("%s", request->idr_conf.isc_target_addr); } conn = connection_new(iscsi_fd, request); set_timeout(timeout); capsicate(conn); login(conn); if (conn->conn_conf.isc_discovery != 0) discovery(conn); else handoff(conn); log_debugx("nothing more to do; exiting"); exit (0); } static int wait_for_children(bool block) { pid_t pid; int status; int num = 0; for (;;) { /* * If "block" is true, wait for at least one process. */ if (block && num == 0) pid = wait4(-1, &status, 0, NULL); else pid = wait4(-1, &status, WNOHANG, NULL); if (pid <= 0) break; if (WIFSIGNALED(status)) { log_warnx("child process %d terminated with signal %d", pid, WTERMSIG(status)); } else if (WEXITSTATUS(status) != 0) { log_warnx("child process %d terminated with exit status %d", pid, WEXITSTATUS(status)); } else { log_debugx("child process %d terminated gracefully", pid); } num++; } return (num); } int main(int argc, char **argv) { int ch, debug = 0, error, iscsi_fd, maxproc = 30, retval, saved_errno, timeout = 60; bool dont_daemonize = false; struct pidfh *pidfh; pid_t pid, otherpid; const char *pidfile_path = DEFAULT_PIDFILE; struct iscsi_daemon_request request; while ((ch = getopt(argc, argv, "P:dl:m:t:")) != -1) { switch (ch) { case 'P': pidfile_path = optarg; break; case 'd': dont_daemonize = true; debug++; break; case 'l': debug = atoi(optarg); break; case 'm': maxproc = atoi(optarg); break; case 't': timeout = atoi(optarg); break; case '?': default: usage(); } } argc -= optind; if (argc != 0) usage(); log_init(debug); pidfh = pidfile_open(pidfile_path, 0600, &otherpid); if (pidfh == NULL) { if (errno == EEXIST) log_errx(1, "daemon already running, pid: %jd.", (intmax_t)otherpid); log_err(1, "cannot open or create pidfile \"%s\"", pidfile_path); } iscsi_fd = open(ISCSI_PATH, O_RDWR); if (iscsi_fd < 0 && errno == ENOENT) { saved_errno = errno; retval = kldload("iscsi"); if (retval != -1) iscsi_fd = open(ISCSI_PATH, O_RDWR); else errno = saved_errno; } if (iscsi_fd < 0) log_err(1, "failed to open %s", ISCSI_PATH); if (dont_daemonize == false) { if (daemon(0, 0) == -1) { log_warn("cannot daemonize"); pidfile_remove(pidfh); exit(1); } } pidfile_write(pidfh); register_sigchld(); for (;;) { log_debugx("waiting for request from the kernel"); memset(&request, 0, sizeof(request)); error = ioctl(iscsi_fd, ISCSIDWAIT, &request); if (error != 0) { if (errno == EINTR) { nchildren -= wait_for_children(false); assert(nchildren >= 0); continue; } log_err(1, "ISCSIDWAIT"); } if (dont_daemonize) { log_debugx("not forking due to -d flag; " "will exit after servicing a single request"); } else { nchildren -= wait_for_children(false); assert(nchildren >= 0); while (maxproc > 0 && nchildren >= maxproc) { log_debugx("maxproc limit of %d child processes hit; " "waiting for child process to exit", maxproc); nchildren -= wait_for_children(true); assert(nchildren >= 0); } log_debugx("incoming connection; forking child process #%d", nchildren); nchildren++; pid = fork(); if (pid < 0) log_err(1, "fork"); if (pid > 0) continue; } pidfile_close(pidfh); handle_request(iscsi_fd, &request, timeout); } return (0); } Index: head/usr.sbin/iscsid/iscsid.h =================================================================== --- head/usr.sbin/iscsid/iscsid.h (revision 367104) +++ head/usr.sbin/iscsid/iscsid.h (revision 367105) @@ -1,153 +1,152 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef ISCSID_H #define ISCSID_H #include #include #include #define DEFAULT_PIDFILE "/var/run/iscsid.pid" #define CONN_DIGEST_NONE 0 #define CONN_DIGEST_CRC32C 1 #define CONN_MUTUAL_CHALLENGE_LEN 1024 #define SOCKBUF_SIZE 1048576 struct connection { int conn_iscsi_fd; int conn_socket; unsigned int conn_session_id; struct iscsi_session_conf conn_conf; struct iscsi_session_limits conn_limits; char conn_target_alias[ISCSI_ADDR_LEN]; uint8_t conn_isid[6]; uint16_t conn_tsih; uint32_t conn_statsn; int conn_protocol_level; int conn_header_digest; int conn_data_digest; bool conn_initial_r2t; bool conn_immediate_data; int conn_max_recv_data_segment_length; int conn_max_send_data_segment_length; int conn_max_burst_length; int conn_first_burst_length; struct chap *conn_mutual_chap; }; struct pdu { struct connection *pdu_connection; struct iscsi_bhs *pdu_bhs; char *pdu_data; size_t pdu_data_len; }; #define KEYS_MAX 1024 struct keys { char *keys_names[KEYS_MAX]; char *keys_values[KEYS_MAX]; char *keys_data; size_t keys_data_len; }; #define CHAP_CHALLENGE_LEN 1024 #define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */ struct chap { unsigned char chap_id; char chap_challenge[CHAP_CHALLENGE_LEN]; char chap_response[CHAP_DIGEST_LEN]; }; struct rchap { char *rchap_secret; unsigned char rchap_id; void *rchap_challenge; size_t rchap_challenge_len; }; struct chap *chap_new(void); char *chap_get_id(const struct chap *chap); char *chap_get_challenge(const struct chap *chap); int chap_receive(struct chap *chap, const char *response); int chap_authenticate(struct chap *chap, const char *secret); void chap_delete(struct chap *chap); struct rchap *rchap_new(const char *secret); int rchap_receive(struct rchap *rchap, const char *id, const char *challenge); char *rchap_get_response(struct rchap *rchap); void rchap_delete(struct rchap *rchap); struct keys *keys_new(void); void keys_delete(struct keys *key); void keys_load(struct keys *keys, const struct pdu *pdu); void keys_save(struct keys *keys, struct pdu *pdu); const char *keys_find(struct keys *keys, const char *name); void keys_add(struct keys *keys, const char *name, const char *value); void keys_add_int(struct keys *keys, const char *name, int value); struct pdu *pdu_new(struct connection *ic); struct pdu *pdu_new_response(struct pdu *request); void pdu_receive(struct pdu *request); void pdu_send(struct pdu *response); void pdu_delete(struct pdu *ip); void login(struct connection *ic); void discovery(struct connection *ic); void log_init(int level); void log_set_peer_name(const char *name); void log_set_peer_addr(const char *addr); void log_err(int, const char *, ...) __dead2 __printflike(2, 3); void log_errx(int, const char *, ...) __dead2 __printflike(2, 3); void log_warn(const char *, ...) __printflike(1, 2); void log_warnx(const char *, ...) __printflike(1, 2); void log_debugx(const char *, ...) __printflike(1, 2); char *checked_strdup(const char *); bool timed_out(void); void fail(const struct connection *, const char *); #endif /* !ISCSID_H */ Index: head/usr.sbin/iscsid/keys.c =================================================================== --- head/usr.sbin/iscsid/keys.c (revision 367104) +++ head/usr.sbin/iscsid/keys.c (revision 367105) @@ -1,200 +1,199 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include "iscsid.h" struct keys * keys_new(void) { struct keys *keys; keys = calloc(1, sizeof(*keys)); if (keys == NULL) log_err(1, "calloc"); return (keys); } void keys_delete(struct keys *keys) { free(keys->keys_data); free(keys); } void keys_load(struct keys *keys, const struct pdu *pdu) { int i; char *pair; size_t pair_len; if (pdu->pdu_data_len == 0) return; if (pdu->pdu_data[pdu->pdu_data_len - 1] != '\0') log_errx(1, "protocol error: key not NULL-terminated\n"); assert(keys->keys_data == NULL); keys->keys_data_len = pdu->pdu_data_len; keys->keys_data = malloc(keys->keys_data_len); if (keys->keys_data == NULL) log_err(1, "malloc"); memcpy(keys->keys_data, pdu->pdu_data, keys->keys_data_len); /* * XXX: Review this carefully. */ pair = keys->keys_data; for (i = 0;; i++) { if (i >= KEYS_MAX) log_errx(1, "too many keys received"); pair_len = strlen(pair); keys->keys_values[i] = pair; keys->keys_names[i] = strsep(&keys->keys_values[i], "="); if (keys->keys_names[i] == NULL || keys->keys_values[i] == NULL) log_errx(1, "malformed keys"); log_debugx("key received: \"%s=%s\"", keys->keys_names[i], keys->keys_values[i]); pair += pair_len + 1; /* +1 to skip the terminating '\0'. */ if (pair == keys->keys_data + keys->keys_data_len) break; assert(pair < keys->keys_data + keys->keys_data_len); } } void keys_save(struct keys *keys, struct pdu *pdu) { char *data; size_t len; int i; /* * XXX: Not particularly efficient. */ len = 0; for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) break; /* * +1 for '=', +1 for '\0'. */ len += strlen(keys->keys_names[i]) + strlen(keys->keys_values[i]) + 2; } if (len == 0) return; data = malloc(len); if (data == NULL) log_err(1, "malloc"); pdu->pdu_data = data; pdu->pdu_data_len = len; for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) break; data += sprintf(data, "%s=%s", keys->keys_names[i], keys->keys_values[i]); data += 1; /* for '\0'. */ } } const char * keys_find(struct keys *keys, const char *name) { int i; /* * Note that we don't handle duplicated key names here, * as they are not supposed to happen in requests, and if they do, * it's an initiator error. */ for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) return (NULL); if (strcmp(keys->keys_names[i], name) == 0) return (keys->keys_values[i]); } return (NULL); } void keys_add(struct keys *keys, const char *name, const char *value) { int i; log_debugx("key to send: \"%s=%s\"", name, value); /* * Note that we don't check for duplicates here, as they are perfectly * fine in responses, e.g. the "TargetName" keys in discovery sesion * response. */ for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) { keys->keys_names[i] = checked_strdup(name); keys->keys_values[i] = checked_strdup(value); return; } } log_errx(1, "too many keys"); } void keys_add_int(struct keys *keys, const char *name, int value) { char *str; int ret; ret = asprintf(&str, "%d", value); if (ret <= 0) log_err(1, "asprintf"); keys_add(keys, name, str); free(str); } Index: head/usr.sbin/iscsid/log.c =================================================================== --- head/usr.sbin/iscsid/log.c (revision 367104) +++ head/usr.sbin/iscsid/log.c (revision 367105) @@ -1,203 +1,202 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include "iscsid.h" static int log_level = 0; static char *peer_name = NULL; static char *peer_addr = NULL; #define MSGBUF_LEN 1024 void log_init(int level) { log_level = level; openlog(getprogname(), LOG_NDELAY | LOG_PID, LOG_DAEMON); } void log_set_peer_name(const char *name) { /* * XXX: Turn it into assertion? */ if (peer_name != NULL) log_errx(1, "%s called twice", __func__); if (peer_addr == NULL) log_errx(1, "%s called before log_set_peer_addr", __func__); peer_name = checked_strdup(name); } void log_set_peer_addr(const char *addr) { /* * XXX: Turn it into assertion? */ if (peer_addr != NULL) log_errx(1, "%s called twice", __func__); peer_addr = checked_strdup(addr); } static void log_common(int priority, int log_errno, const char *fmt, va_list ap) { static char msgbuf[MSGBUF_LEN]; static char msgbuf_strvised[MSGBUF_LEN * 4 + 1]; char *errstr; int ret; ret = vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap); if (ret < 0) { fprintf(stderr, "%s: snprintf failed", getprogname()); syslog(LOG_CRIT, "snprintf failed"); exit(1); } ret = strnvis(msgbuf_strvised, sizeof(msgbuf_strvised), msgbuf, VIS_NL); if (ret < 0) { fprintf(stderr, "%s: strnvis failed", getprogname()); syslog(LOG_CRIT, "strnvis failed"); exit(1); } if (log_errno == -1) { if (peer_name != NULL) { fprintf(stderr, "%s: %s (%s): %s\n", getprogname(), peer_addr, peer_name, msgbuf_strvised); syslog(priority, "%s (%s): %s", peer_addr, peer_name, msgbuf_strvised); } else if (peer_addr != NULL) { fprintf(stderr, "%s: %s: %s\n", getprogname(), peer_addr, msgbuf_strvised); syslog(priority, "%s: %s", peer_addr, msgbuf_strvised); } else { fprintf(stderr, "%s: %s\n", getprogname(), msgbuf_strvised); syslog(priority, "%s", msgbuf_strvised); } } else { errstr = strerror(log_errno); if (peer_name != NULL) { fprintf(stderr, "%s: %s (%s): %s: %s\n", getprogname(), peer_addr, peer_name, msgbuf_strvised, errstr); syslog(priority, "%s (%s): %s: %s", peer_addr, peer_name, msgbuf_strvised, errstr); } else if (peer_addr != NULL) { fprintf(stderr, "%s: %s: %s: %s\n", getprogname(), peer_addr, msgbuf_strvised, errstr); syslog(priority, "%s: %s: %s", peer_addr, msgbuf_strvised, errstr); } else { fprintf(stderr, "%s: %s: %s\n", getprogname(), msgbuf_strvised, errstr); syslog(priority, "%s: %s", msgbuf_strvised, errstr); } } } void log_err(int eval, const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_CRIT, errno, fmt, ap); va_end(ap); exit(eval); } void log_errx(int eval, const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_CRIT, -1, fmt, ap); va_end(ap); exit(eval); } void log_warn(const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_WARNING, errno, fmt, ap); va_end(ap); } void log_warnx(const char *fmt, ...) { va_list ap; va_start(ap, fmt); log_common(LOG_WARNING, -1, fmt, ap); va_end(ap); } void log_debugx(const char *fmt, ...) { va_list ap; if (log_level == 0) return; va_start(ap, fmt); log_common(LOG_DEBUG, -1, fmt, ap); va_end(ap); } Index: head/usr.sbin/iscsid/login.c =================================================================== --- head/usr.sbin/iscsid/login.c (revision 367104) +++ head/usr.sbin/iscsid/login.c (revision 367105) @@ -1,898 +1,897 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include "iscsid.h" #include "iscsi_proto.h" static int login_nsg(const struct pdu *response) { struct iscsi_bhs_login_response *bhslr; bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs; return (bhslr->bhslr_flags & 0x03); } static void login_set_nsg(struct pdu *request, int nsg) { struct iscsi_bhs_login_request *bhslr; assert(nsg == BHSLR_STAGE_SECURITY_NEGOTIATION || nsg == BHSLR_STAGE_OPERATIONAL_NEGOTIATION || nsg == BHSLR_STAGE_FULL_FEATURE_PHASE); bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs; bhslr->bhslr_flags &= 0xFC; bhslr->bhslr_flags |= nsg; } static void login_set_csg(struct pdu *request, int csg) { struct iscsi_bhs_login_request *bhslr; assert(csg == BHSLR_STAGE_SECURITY_NEGOTIATION || csg == BHSLR_STAGE_OPERATIONAL_NEGOTIATION || csg == BHSLR_STAGE_FULL_FEATURE_PHASE); bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs; bhslr->bhslr_flags &= 0xF3; bhslr->bhslr_flags |= csg << 2; } static const char * login_target_error_str(int class, int detail) { static char msg[128]; /* * RFC 3270, 10.13.5. Status-Class and Status-Detail */ switch (class) { case 0x01: switch (detail) { case 0x01: return ("Target moved temporarily"); case 0x02: return ("Target moved permanently"); default: snprintf(msg, sizeof(msg), "unknown redirection; " "Status-Class 0x%x, Status-Detail 0x%x", class, detail); return (msg); } case 0x02: switch (detail) { case 0x00: return ("Initiator error"); case 0x01: return ("Authentication failure"); case 0x02: return ("Authorization failure"); case 0x03: return ("Not found"); case 0x04: return ("Target removed"); case 0x05: return ("Unsupported version"); case 0x06: return ("Too many connections"); case 0x07: return ("Missing parameter"); case 0x08: return ("Can't include in session"); case 0x09: return ("Session type not supported"); case 0x0a: return ("Session does not exist"); case 0x0b: return ("Invalid during login"); default: snprintf(msg, sizeof(msg), "unknown initiator error; " "Status-Class 0x%x, Status-Detail 0x%x", class, detail); return (msg); } case 0x03: switch (detail) { case 0x00: return ("Target error"); case 0x01: return ("Service unavailable"); case 0x02: return ("Out of resources"); default: snprintf(msg, sizeof(msg), "unknown target error; " "Status-Class 0x%x, Status-Detail 0x%x", class, detail); return (msg); } default: snprintf(msg, sizeof(msg), "unknown error; " "Status-Class 0x%x, Status-Detail 0x%x", class, detail); return (msg); } } static void kernel_modify(const struct connection *conn, const char *target_address) { struct iscsi_session_modify ism; int error; memset(&ism, 0, sizeof(ism)); ism.ism_session_id = conn->conn_session_id; memcpy(&ism.ism_conf, &conn->conn_conf, sizeof(ism.ism_conf)); strlcpy(ism.ism_conf.isc_target_addr, target_address, sizeof(ism.ism_conf.isc_target_addr)); error = ioctl(conn->conn_iscsi_fd, ISCSISMODIFY, &ism); if (error != 0) { log_err(1, "failed to redirect to %s: ISCSISMODIFY", target_address); } } /* * XXX: The way it works is suboptimal; what should happen is described * in draft-gilligan-iscsi-fault-tolerance-00. That, however, would * be much more complicated: we would need to keep "dependencies" * for sessions, so that, in case described in draft and using draft * terminology, we would have three sessions: one for discovery, * one for initial target portal, and one for redirect portal. * This would allow us to "backtrack" on connection failure, * as described in draft. */ static void login_handle_redirection(struct connection *conn, struct pdu *response) { struct iscsi_bhs_login_response *bhslr; struct keys *response_keys; const char *target_address; bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs; assert (bhslr->bhslr_status_class == 1); response_keys = keys_new(); keys_load(response_keys, response); target_address = keys_find(response_keys, "TargetAddress"); if (target_address == NULL) log_errx(1, "received redirection without TargetAddress"); if (target_address[0] == '\0') log_errx(1, "received redirection with empty TargetAddress"); if (strlen(target_address) >= sizeof(conn->conn_conf.isc_target_addr) - 1) log_errx(1, "received TargetAddress is too long"); log_debugx("received redirection to \"%s\"", target_address); kernel_modify(conn, target_address); keys_delete(response_keys); } static struct pdu * login_receive(struct connection *conn) { struct pdu *response; struct iscsi_bhs_login_response *bhslr; const char *errorstr; static bool initial = true; response = pdu_new(conn); pdu_receive(response); if (response->pdu_bhs->bhs_opcode != ISCSI_BHS_OPCODE_LOGIN_RESPONSE) { log_errx(1, "protocol error: received invalid opcode 0x%x", response->pdu_bhs->bhs_opcode); } bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs; /* * XXX: Implement the C flag some day. */ if ((bhslr->bhslr_flags & BHSLR_FLAGS_CONTINUE) != 0) log_errx(1, "received Login PDU with unsupported \"C\" flag"); if (bhslr->bhslr_version_max != 0x00) log_errx(1, "received Login PDU with unsupported " "Version-max 0x%x", bhslr->bhslr_version_max); if (bhslr->bhslr_version_active != 0x00) log_errx(1, "received Login PDU with unsupported " "Version-active 0x%x", bhslr->bhslr_version_active); if (bhslr->bhslr_status_class == 1) { login_handle_redirection(conn, response); log_debugx("redirection handled; exiting"); exit(0); } if (bhslr->bhslr_status_class != 0) { errorstr = login_target_error_str(bhslr->bhslr_status_class, bhslr->bhslr_status_detail); fail(conn, errorstr); log_errx(1, "target returned error: %s", errorstr); } if (initial == false && ntohl(bhslr->bhslr_statsn) != conn->conn_statsn + 1) { /* * It's a warning, not an error, to work around what seems * to be bug in NetBSD iSCSI target. */ log_warnx("received Login PDU with wrong StatSN: " "is %u, should be %u", ntohl(bhslr->bhslr_statsn), conn->conn_statsn + 1); } conn->conn_tsih = ntohs(bhslr->bhslr_tsih); conn->conn_statsn = ntohl(bhslr->bhslr_statsn); initial = false; return (response); } static struct pdu * login_new_request(struct connection *conn, int csg) { struct pdu *request; struct iscsi_bhs_login_request *bhslr; int nsg; request = pdu_new(conn); bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs; bhslr->bhslr_opcode = ISCSI_BHS_OPCODE_LOGIN_REQUEST | ISCSI_BHS_OPCODE_IMMEDIATE; bhslr->bhslr_flags = BHSLR_FLAGS_TRANSIT; switch (csg) { case BHSLR_STAGE_SECURITY_NEGOTIATION: nsg = BHSLR_STAGE_OPERATIONAL_NEGOTIATION; break; case BHSLR_STAGE_OPERATIONAL_NEGOTIATION: nsg = BHSLR_STAGE_FULL_FEATURE_PHASE; break; default: assert(!"invalid csg"); log_errx(1, "invalid csg %d", csg); } login_set_csg(request, csg); login_set_nsg(request, nsg); memcpy(bhslr->bhslr_isid, &conn->conn_isid, sizeof(bhslr->bhslr_isid)); bhslr->bhslr_tsih = htons(conn->conn_tsih); bhslr->bhslr_initiator_task_tag = 0; bhslr->bhslr_cmdsn = 0; bhslr->bhslr_expstatsn = htonl(conn->conn_statsn + 1); return (request); } static int login_list_prefers(const char *list, const char *choice1, const char *choice2) { char *tofree, *str, *token; tofree = str = checked_strdup(list); while ((token = strsep(&str, ",")) != NULL) { if (strcmp(token, choice1) == 0) { free(tofree); return (1); } if (strcmp(token, choice2) == 0) { free(tofree); return (2); } } free(tofree); return (-1); } static void login_negotiate_key(struct connection *conn, const char *name, const char *value) { struct iscsi_session_limits *isl; int which, tmp; isl = &conn->conn_limits; if (strcmp(name, "TargetAlias") == 0) { strlcpy(conn->conn_target_alias, value, sizeof(conn->conn_target_alias)); } else if (strcmp(value, "Irrelevant") == 0) { /* Ignore. */ } else if (strcmp(name, "iSCSIProtocolLevel") == 0) { tmp = strtoul(value, NULL, 10); if (tmp < 0 || tmp > 31) log_errx(1, "received invalid iSCSIProtocolLevel"); conn->conn_protocol_level = tmp; } else if (strcmp(name, "HeaderDigest") == 0) { which = login_list_prefers(value, "CRC32C", "None"); switch (which) { case 1: log_debugx("target prefers CRC32C " "for header digest; we'll use it"); conn->conn_header_digest = CONN_DIGEST_CRC32C; break; case 2: log_debugx("target prefers not to do " "header digest; we'll comply"); break; default: log_warnx("target sent unrecognized " "HeaderDigest value \"%s\"; will use None", value); break; } } else if (strcmp(name, "DataDigest") == 0) { which = login_list_prefers(value, "CRC32C", "None"); switch (which) { case 1: log_debugx("target prefers CRC32C " "for data digest; we'll use it"); conn->conn_data_digest = CONN_DIGEST_CRC32C; break; case 2: log_debugx("target prefers not to do " "data digest; we'll comply"); break; default: log_warnx("target sent unrecognized " "DataDigest value \"%s\"; will use None", value); break; } } else if (strcmp(name, "MaxConnections") == 0) { /* Ignore. */ } else if (strcmp(name, "InitialR2T") == 0) { if (strcmp(value, "Yes") == 0) conn->conn_initial_r2t = true; else conn->conn_initial_r2t = false; } else if (strcmp(name, "ImmediateData") == 0) { if (strcmp(value, "Yes") == 0) conn->conn_immediate_data = true; else conn->conn_immediate_data = false; } else if (strcmp(name, "MaxRecvDataSegmentLength") == 0) { tmp = strtoul(value, NULL, 10); if (tmp <= 0) log_errx(1, "received invalid " "MaxRecvDataSegmentLength"); if (tmp > isl->isl_max_send_data_segment_length) { log_debugx("capping max_send_data_segment_length " "from %d to %d", tmp, isl->isl_max_send_data_segment_length); tmp = isl->isl_max_send_data_segment_length; } conn->conn_max_send_data_segment_length = tmp; /* We received target's limit, that means it accepted our's. */ conn->conn_max_recv_data_segment_length = isl->isl_max_recv_data_segment_length; } else if (strcmp(name, "MaxBurstLength") == 0) { tmp = strtoul(value, NULL, 10); if (tmp <= 0) log_errx(1, "received invalid MaxBurstLength"); if (tmp > isl->isl_max_burst_length) { log_debugx("capping MaxBurstLength " "from %d to %d", tmp, isl->isl_max_burst_length); tmp = isl->isl_max_burst_length; } conn->conn_max_burst_length = tmp; } else if (strcmp(name, "FirstBurstLength") == 0) { tmp = strtoul(value, NULL, 10); if (tmp <= 0) log_errx(1, "received invalid FirstBurstLength"); if (tmp > isl->isl_first_burst_length) { log_debugx("capping FirstBurstLength " "from %d to %d", tmp, isl->isl_first_burst_length); tmp = isl->isl_first_burst_length; } conn->conn_first_burst_length = tmp; } else if (strcmp(name, "DefaultTime2Wait") == 0) { /* Ignore */ } else if (strcmp(name, "DefaultTime2Retain") == 0) { /* Ignore */ } else if (strcmp(name, "MaxOutstandingR2T") == 0) { /* Ignore */ } else if (strcmp(name, "DataPDUInOrder") == 0) { /* Ignore */ } else if (strcmp(name, "DataSequenceInOrder") == 0) { /* Ignore */ } else if (strcmp(name, "ErrorRecoveryLevel") == 0) { /* Ignore */ } else if (strcmp(name, "OFMarker") == 0) { /* Ignore */ } else if (strcmp(name, "IFMarker") == 0) { /* Ignore */ } else if (strcmp(name, "RDMAExtensions") == 0) { if (conn->conn_conf.isc_iser == 1 && strcmp(value, "Yes") != 0) { log_errx(1, "received unsupported RDMAExtensions"); } } else if (strcmp(name, "InitiatorRecvDataSegmentLength") == 0) { tmp = strtoul(value, NULL, 10); if (tmp <= 0) log_errx(1, "received invalid " "InitiatorRecvDataSegmentLength"); if ((int)tmp > isl->isl_max_recv_data_segment_length) { log_debugx("capping InitiatorRecvDataSegmentLength " "from %d to %d", tmp, isl->isl_max_recv_data_segment_length); tmp = isl->isl_max_recv_data_segment_length; } conn->conn_max_recv_data_segment_length = tmp; } else if (strcmp(name, "TargetPortalGroupTag") == 0) { /* Ignore */ } else if (strcmp(name, "TargetRecvDataSegmentLength") == 0) { tmp = strtoul(value, NULL, 10); if (tmp <= 0) { log_errx(1, "received invalid TargetRecvDataSegmentLength"); } if (tmp > isl->isl_max_send_data_segment_length) { log_debugx("capping TargetRecvDataSegmentLength " "from %d to %d", tmp, isl->isl_max_send_data_segment_length); tmp = isl->isl_max_send_data_segment_length; } conn->conn_max_send_data_segment_length = tmp; } else { log_debugx("unknown key \"%s\"; ignoring", name); } } static void login_negotiate(struct connection *conn) { struct pdu *request, *response; struct keys *request_keys, *response_keys; struct iscsi_bhs_login_response *bhslr; int i, nrequests = 0; struct iscsi_session_limits *isl; log_debugx("beginning operational parameter negotiation"); request = login_new_request(conn, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); request_keys = keys_new(); isl = &conn->conn_limits; log_debugx("Limits for offload \"%s\" are " "MaxRecvDataSegment=%d, max_send_dsl=%d, " "MaxBurstLength=%d, FirstBurstLength=%d", conn->conn_conf.isc_offload, isl->isl_max_recv_data_segment_length, isl->isl_max_send_data_segment_length, isl->isl_max_burst_length, isl->isl_first_burst_length); /* * The following keys are irrelevant for discovery sessions. */ if (conn->conn_conf.isc_discovery == 0) { keys_add(request_keys, "iSCSIProtocolLevel", "2"); if (conn->conn_conf.isc_header_digest != 0) keys_add(request_keys, "HeaderDigest", "CRC32C"); else keys_add(request_keys, "HeaderDigest", "None"); if (conn->conn_conf.isc_data_digest != 0) keys_add(request_keys, "DataDigest", "CRC32C"); else keys_add(request_keys, "DataDigest", "None"); keys_add(request_keys, "ImmediateData", "Yes"); keys_add_int(request_keys, "MaxBurstLength", isl->isl_max_burst_length); keys_add_int(request_keys, "FirstBurstLength", isl->isl_first_burst_length); keys_add(request_keys, "InitialR2T", "Yes"); keys_add(request_keys, "MaxOutstandingR2T", "1"); if (conn->conn_conf.isc_iser == 1) { keys_add_int(request_keys, "InitiatorRecvDataSegmentLength", isl->isl_max_recv_data_segment_length); keys_add_int(request_keys, "TargetRecvDataSegmentLength", isl->isl_max_send_data_segment_length); keys_add(request_keys, "RDMAExtensions", "Yes"); } else { keys_add_int(request_keys, "MaxRecvDataSegmentLength", isl->isl_max_recv_data_segment_length); } } else { keys_add(request_keys, "HeaderDigest", "None"); keys_add(request_keys, "DataDigest", "None"); keys_add_int(request_keys, "MaxRecvDataSegmentLength", isl->isl_max_recv_data_segment_length); } keys_add(request_keys, "DefaultTime2Wait", "0"); keys_add(request_keys, "DefaultTime2Retain", "0"); keys_add(request_keys, "ErrorRecoveryLevel", "0"); keys_save(request_keys, request); keys_delete(request_keys); request_keys = NULL; pdu_send(request); pdu_delete(request); request = NULL; response = login_receive(conn); response_keys = keys_new(); keys_load(response_keys, response); for (i = 0; i < KEYS_MAX; i++) { if (response_keys->keys_names[i] == NULL) break; login_negotiate_key(conn, response_keys->keys_names[i], response_keys->keys_values[i]); } keys_delete(response_keys); response_keys = NULL; for (;;) { bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs; if ((bhslr->bhslr_flags & BHSLR_FLAGS_TRANSIT) != 0) break; nrequests++; if (nrequests > 5) { log_warnx("received login response " "without the \"T\" flag too many times; giving up"); break; } log_debugx("received login response " "without the \"T\" flag; sending another request"); pdu_delete(response); request = login_new_request(conn, BHSLR_STAGE_OPERATIONAL_NEGOTIATION); pdu_send(request); pdu_delete(request); response = login_receive(conn); } if (login_nsg(response) != BHSLR_STAGE_FULL_FEATURE_PHASE) log_warnx("received final login response with wrong NSG 0x%x", login_nsg(response)); pdu_delete(response); log_debugx("operational parameter negotiation done; " "transitioning to Full Feature phase"); } static void login_send_chap_a(struct connection *conn) { struct pdu *request; struct keys *request_keys; request = login_new_request(conn, BHSLR_STAGE_SECURITY_NEGOTIATION); request_keys = keys_new(); keys_add(request_keys, "CHAP_A", "5"); keys_save(request_keys, request); keys_delete(request_keys); pdu_send(request); pdu_delete(request); } static void login_send_chap_r(struct pdu *response) { struct connection *conn; struct pdu *request; struct keys *request_keys, *response_keys; struct rchap *rchap; const char *chap_a, *chap_c, *chap_i; char *chap_r; int error; char *mutual_chap_c, *mutual_chap_i; /* * As in the rest of the initiator, 'request' means * 'initiator -> target', and 'response' means 'target -> initiator', * * So, here the 'response' from the target is the packet that contains * CHAP challenge; our CHAP response goes into 'request'. */ conn = response->pdu_connection; response_keys = keys_new(); keys_load(response_keys, response); /* * First, compute the response. */ chap_a = keys_find(response_keys, "CHAP_A"); if (chap_a == NULL) log_errx(1, "received CHAP packet without CHAP_A"); chap_c = keys_find(response_keys, "CHAP_C"); if (chap_c == NULL) log_errx(1, "received CHAP packet without CHAP_C"); chap_i = keys_find(response_keys, "CHAP_I"); if (chap_i == NULL) log_errx(1, "received CHAP packet without CHAP_I"); if (strcmp(chap_a, "5") != 0) { log_errx(1, "received CHAP packet " "with unsupported CHAP_A \"%s\"", chap_a); } rchap = rchap_new(conn->conn_conf.isc_secret); error = rchap_receive(rchap, chap_i, chap_c); if (error != 0) { log_errx(1, "received CHAP packet " "with malformed CHAP_I or CHAP_C"); } chap_r = rchap_get_response(rchap); rchap_delete(rchap); keys_delete(response_keys); request = login_new_request(conn, BHSLR_STAGE_SECURITY_NEGOTIATION); request_keys = keys_new(); keys_add(request_keys, "CHAP_N", conn->conn_conf.isc_user); keys_add(request_keys, "CHAP_R", chap_r); free(chap_r); /* * If we want mutual authentication, we're expected to send * our CHAP_I/CHAP_C now. */ if (conn->conn_conf.isc_mutual_user[0] != '\0') { log_debugx("requesting mutual authentication; " "binary challenge size is %zd bytes", sizeof(conn->conn_mutual_chap->chap_challenge)); assert(conn->conn_mutual_chap == NULL); conn->conn_mutual_chap = chap_new(); mutual_chap_i = chap_get_id(conn->conn_mutual_chap); mutual_chap_c = chap_get_challenge(conn->conn_mutual_chap); keys_add(request_keys, "CHAP_I", mutual_chap_i); keys_add(request_keys, "CHAP_C", mutual_chap_c); free(mutual_chap_i); free(mutual_chap_c); } keys_save(request_keys, request); keys_delete(request_keys); pdu_send(request); pdu_delete(request); } static void login_verify_mutual(const struct pdu *response) { struct connection *conn; struct keys *response_keys; const char *chap_n, *chap_r; int error; conn = response->pdu_connection; response_keys = keys_new(); keys_load(response_keys, response); chap_n = keys_find(response_keys, "CHAP_N"); if (chap_n == NULL) log_errx(1, "received CHAP Response PDU without CHAP_N"); chap_r = keys_find(response_keys, "CHAP_R"); if (chap_r == NULL) log_errx(1, "received CHAP Response PDU without CHAP_R"); error = chap_receive(conn->conn_mutual_chap, chap_r); if (error != 0) log_errx(1, "received CHAP Response PDU with invalid CHAP_R"); if (strcmp(chap_n, conn->conn_conf.isc_mutual_user) != 0) { fail(conn, "Mutual CHAP failed"); log_errx(1, "mutual CHAP authentication failed: wrong user"); } error = chap_authenticate(conn->conn_mutual_chap, conn->conn_conf.isc_mutual_secret); if (error != 0) { fail(conn, "Mutual CHAP failed"); log_errx(1, "mutual CHAP authentication failed: wrong secret"); } keys_delete(response_keys); chap_delete(conn->conn_mutual_chap); conn->conn_mutual_chap = NULL; log_debugx("mutual CHAP authentication succeeded"); } static void login_chap(struct connection *conn) { struct pdu *response; log_debugx("beginning CHAP authentication; sending CHAP_A"); login_send_chap_a(conn); log_debugx("waiting for CHAP_A/CHAP_C/CHAP_I"); response = login_receive(conn); log_debugx("sending CHAP_N/CHAP_R"); login_send_chap_r(response); pdu_delete(response); /* * XXX: Make sure this is not susceptible to MITM. */ log_debugx("waiting for CHAP result"); response = login_receive(conn); if (conn->conn_conf.isc_mutual_user[0] != '\0') login_verify_mutual(response); pdu_delete(response); log_debugx("CHAP authentication done"); } void login(struct connection *conn) { struct pdu *request, *response; struct keys *request_keys, *response_keys; struct iscsi_bhs_login_response *bhslr2; const char *auth_method; int i; log_debugx("beginning Login phase; sending Login PDU"); request = login_new_request(conn, BHSLR_STAGE_SECURITY_NEGOTIATION); request_keys = keys_new(); if (conn->conn_conf.isc_mutual_user[0] != '\0') { keys_add(request_keys, "AuthMethod", "CHAP"); } else if (conn->conn_conf.isc_user[0] != '\0') { /* * Give target a chance to skip authentication if it * doesn't feel like it. * * None is first, CHAP second; this is to work around * what seems to be LIO (Linux target) bug: otherwise, * if target is configured with no authentication, * and we are configured to authenticate, the target * will erroneously respond with AuthMethod=CHAP * instead of AuthMethod=None, and will subsequently * fail the connection. This usually happens with * Discovery sessions, which default to no authentication. */ keys_add(request_keys, "AuthMethod", "None,CHAP"); } else { keys_add(request_keys, "AuthMethod", "None"); } keys_add(request_keys, "InitiatorName", conn->conn_conf.isc_initiator); if (conn->conn_conf.isc_initiator_alias[0] != '\0') { keys_add(request_keys, "InitiatorAlias", conn->conn_conf.isc_initiator_alias); } if (conn->conn_conf.isc_discovery == 0) { keys_add(request_keys, "SessionType", "Normal"); keys_add(request_keys, "TargetName", conn->conn_conf.isc_target); } else { keys_add(request_keys, "SessionType", "Discovery"); } keys_save(request_keys, request); keys_delete(request_keys); pdu_send(request); pdu_delete(request); response = login_receive(conn); response_keys = keys_new(); keys_load(response_keys, response); for (i = 0; i < KEYS_MAX; i++) { if (response_keys->keys_names[i] == NULL) break; /* * Not interested in AuthMethod at this point; we only need * to parse things such as TargetAlias. * * XXX: This is somewhat ugly. We should have a way to apply * all the keys to the session and use that by default * instead of discarding them. */ if (strcmp(response_keys->keys_names[i], "AuthMethod") == 0) continue; login_negotiate_key(conn, response_keys->keys_names[i], response_keys->keys_values[i]); } bhslr2 = (struct iscsi_bhs_login_response *)response->pdu_bhs; if ((bhslr2->bhslr_flags & BHSLR_FLAGS_TRANSIT) != 0 && login_nsg(response) == BHSLR_STAGE_OPERATIONAL_NEGOTIATION) { if (conn->conn_conf.isc_mutual_user[0] != '\0') { log_errx(1, "target requested transition " "to operational parameter negotiation, " "but we require mutual CHAP"); } log_debugx("target requested transition " "to operational parameter negotiation"); keys_delete(response_keys); pdu_delete(response); login_negotiate(conn); return; } auth_method = keys_find(response_keys, "AuthMethod"); if (auth_method == NULL) log_errx(1, "received response without AuthMethod"); if (strcmp(auth_method, "None") == 0) { if (conn->conn_conf.isc_mutual_user[0] != '\0') { log_errx(1, "target does not require authantication, " "but we require mutual CHAP"); } log_debugx("target does not require authentication"); keys_delete(response_keys); pdu_delete(response); login_negotiate(conn); return; } if (strcmp(auth_method, "CHAP") != 0) { fail(conn, "Unsupported AuthMethod"); log_errx(1, "received response " "with unsupported AuthMethod \"%s\"", auth_method); } if (conn->conn_conf.isc_user[0] == '\0' || conn->conn_conf.isc_secret[0] == '\0') { fail(conn, "Authentication required"); log_errx(1, "target requests CHAP authentication, but we don't " "have user and secret"); } keys_delete(response_keys); response_keys = NULL; pdu_delete(response); response = NULL; login_chap(conn); login_negotiate(conn); } Index: head/usr.sbin/iscsid/pdu.c =================================================================== --- head/usr.sbin/iscsid/pdu.c (revision 367104) +++ head/usr.sbin/iscsid/pdu.c (revision 367105) @@ -1,310 +1,309 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include "iscsid.h" #include "iscsi_proto.h" #ifdef ICL_KERNEL_PROXY #include #endif static int pdu_ahs_length(const struct pdu *pdu) { return (pdu->pdu_bhs->bhs_total_ahs_len * 4); } static int pdu_data_segment_length(const struct pdu *pdu) { uint32_t len = 0; len += pdu->pdu_bhs->bhs_data_segment_len[0]; len <<= 8; len += pdu->pdu_bhs->bhs_data_segment_len[1]; len <<= 8; len += pdu->pdu_bhs->bhs_data_segment_len[2]; return (len); } static void pdu_set_data_segment_length(struct pdu *pdu, uint32_t len) { pdu->pdu_bhs->bhs_data_segment_len[2] = len; pdu->pdu_bhs->bhs_data_segment_len[1] = len >> 8; pdu->pdu_bhs->bhs_data_segment_len[0] = len >> 16; } struct pdu * pdu_new(struct connection *conn) { struct pdu *pdu; pdu = calloc(1, sizeof(*pdu)); if (pdu == NULL) log_err(1, "calloc"); pdu->pdu_bhs = calloc(1, sizeof(*pdu->pdu_bhs)); if (pdu->pdu_bhs == NULL) log_err(1, "calloc"); pdu->pdu_connection = conn; return (pdu); } struct pdu * pdu_new_response(struct pdu *request) { return (pdu_new(request->pdu_connection)); } #ifdef ICL_KERNEL_PROXY static void pdu_receive_proxy(struct pdu *pdu) { struct connection *conn; struct iscsi_daemon_receive *idr; size_t len; int error; conn = pdu->pdu_connection; assert(conn->conn_conf.isc_iser != 0); pdu->pdu_data = malloc(conn->conn_max_recv_data_segment_length); if (pdu->pdu_data == NULL) log_err(1, "malloc"); idr = calloc(1, sizeof(*idr)); if (idr == NULL) log_err(1, "calloc"); idr->idr_session_id = conn->conn_session_id; idr->idr_bhs = pdu->pdu_bhs; idr->idr_data_segment_len = conn->conn_max_recv_data_segment_length; idr->idr_data_segment = pdu->pdu_data; error = ioctl(conn->conn_iscsi_fd, ISCSIDRECEIVE, idr); if (error != 0) log_err(1, "ISCSIDRECEIVE"); len = pdu_ahs_length(pdu); if (len > 0) log_errx(1, "protocol error: non-empty AHS"); len = pdu_data_segment_length(pdu); assert(len <= (size_t)conn->conn_max_recv_data_segment_length); pdu->pdu_data_len = len; free(idr); } static void pdu_send_proxy(struct pdu *pdu) { struct connection *conn; struct iscsi_daemon_send *ids; int error; conn = pdu->pdu_connection; assert(conn->conn_conf.isc_iser != 0); pdu_set_data_segment_length(pdu, pdu->pdu_data_len); ids = calloc(1, sizeof(*ids)); if (ids == NULL) log_err(1, "calloc"); ids->ids_session_id = conn->conn_session_id; ids->ids_bhs = pdu->pdu_bhs; ids->ids_data_segment_len = pdu->pdu_data_len; ids->ids_data_segment = pdu->pdu_data; error = ioctl(conn->conn_iscsi_fd, ISCSIDSEND, ids); if (error != 0) log_err(1, "ISCSIDSEND"); free(ids); } #endif /* ICL_KERNEL_PROXY */ static size_t pdu_padding(const struct pdu *pdu) { if ((pdu->pdu_data_len % 4) != 0) return (4 - (pdu->pdu_data_len % 4)); return (0); } static void pdu_read(const struct connection *conn, char *data, size_t len) { ssize_t ret; while (len > 0) { ret = read(conn->conn_socket, data, len); if (ret < 0) { if (timed_out()) { fail(conn, "Login Phase timeout"); log_errx(1, "exiting due to timeout"); } fail(conn, strerror(errno)); log_err(1, "read"); } else if (ret == 0) { fail(conn, "connection lost"); log_errx(1, "read: connection lost"); } len -= ret; data += ret; } } void pdu_receive(struct pdu *pdu) { struct connection *conn; size_t len, padding; char dummy[4]; conn = pdu->pdu_connection; #ifdef ICL_KERNEL_PROXY if (conn->conn_conf.isc_iser != 0) return (pdu_receive_proxy(pdu)); #endif assert(conn->conn_conf.isc_iser == 0); pdu_read(conn, (char *)pdu->pdu_bhs, sizeof(*pdu->pdu_bhs)); len = pdu_ahs_length(pdu); if (len > 0) log_errx(1, "protocol error: non-empty AHS"); len = pdu_data_segment_length(pdu); if (len > 0) { if (len > (size_t)conn->conn_max_recv_data_segment_length) { log_errx(1, "protocol error: received PDU " "with DataSegmentLength exceeding %d", conn->conn_max_recv_data_segment_length); } pdu->pdu_data_len = len; pdu->pdu_data = malloc(len); if (pdu->pdu_data == NULL) log_err(1, "malloc"); pdu_read(conn, (char *)pdu->pdu_data, pdu->pdu_data_len); padding = pdu_padding(pdu); if (padding != 0) { assert(padding < sizeof(dummy)); pdu_read(conn, (char *)dummy, padding); } } } void pdu_send(struct pdu *pdu) { struct connection *conn; ssize_t ret, total_len; size_t padding; uint32_t zero = 0; struct iovec iov[3]; int iovcnt; conn = pdu->pdu_connection; #ifdef ICL_KERNEL_PROXY if (conn->conn_conf.isc_iser != 0) return (pdu_send_proxy(pdu)); #endif assert(conn->conn_conf.isc_iser == 0); pdu_set_data_segment_length(pdu, pdu->pdu_data_len); iov[0].iov_base = pdu->pdu_bhs; iov[0].iov_len = sizeof(*pdu->pdu_bhs); total_len = iov[0].iov_len; iovcnt = 1; if (pdu->pdu_data_len > 0) { iov[1].iov_base = pdu->pdu_data; iov[1].iov_len = pdu->pdu_data_len; total_len += iov[1].iov_len; iovcnt = 2; padding = pdu_padding(pdu); if (padding > 0) { assert(padding < sizeof(zero)); iov[2].iov_base = &zero; iov[2].iov_len = padding; total_len += iov[2].iov_len; iovcnt = 3; } } ret = writev(conn->conn_socket, iov, iovcnt); if (ret < 0) { if (timed_out()) log_errx(1, "exiting due to timeout"); log_err(1, "writev"); } if (ret != total_len) log_errx(1, "short write"); } void pdu_delete(struct pdu *pdu) { free(pdu->pdu_data); free(pdu->pdu_bhs); free(pdu); } Index: head/usr.sbin/uefisign/child.c =================================================================== --- head/usr.sbin/uefisign/child.c (revision 367104) +++ head/usr.sbin/uefisign/child.c (revision 367105) @@ -1,274 +1,273 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "uefisign.h" static void load(struct executable *x) { int error, fd; struct stat sb; char *buf; size_t nread, len; fd = fileno(x->x_fp); error = fstat(fd, &sb); if (error != 0) err(1, "%s: fstat", x->x_path); len = sb.st_size; if (len <= 0) errx(1, "%s: file is empty", x->x_path); buf = malloc(len); if (buf == NULL) err(1, "%s: cannot malloc %zd bytes", x->x_path, len); nread = fread(buf, len, 1, x->x_fp); if (nread != 1) err(1, "%s: fread", x->x_path); x->x_buf = buf; x->x_len = len; } static void digest_range(struct executable *x, EVP_MD_CTX *mdctx, off_t off, size_t len) { int ok; range_check(x, off, len, "chunk"); ok = EVP_DigestUpdate(mdctx, x->x_buf + off, len); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "EVP_DigestUpdate(3) failed"); } } static void digest(struct executable *x) { EVP_MD_CTX *mdctx; const EVP_MD *md; size_t sum_of_bytes_hashed; int i, ok; /* * Windows Authenticode Portable Executable Signature Format * spec version 1.0 specifies MD5 and SHA1. However, pesign * and sbsign both use SHA256, so do the same. */ md = EVP_get_digestbyname(DIGEST); if (md == NULL) { ERR_print_errors_fp(stderr); errx(1, "EVP_get_digestbyname(\"%s\") failed", DIGEST); } mdctx = EVP_MD_CTX_create(); if (mdctx == NULL) { ERR_print_errors_fp(stderr); errx(1, "EVP_MD_CTX_create(3) failed"); } ok = EVP_DigestInit_ex(mdctx, md, NULL); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "EVP_DigestInit_ex(3) failed"); } /* * According to the Authenticode spec, we need to compute * the digest in a rather... specific manner; see "Calculating * the PE Image Hash" part of the spec for details. * * First, everything from 0 to before the PE checksum. */ digest_range(x, mdctx, 0, x->x_checksum_off); /* * Second, from after the PE checksum to before the Certificate * entry in Data Directory. */ digest_range(x, mdctx, x->x_checksum_off + x->x_checksum_len, x->x_certificate_entry_off - (x->x_checksum_off + x->x_checksum_len)); /* * Then, from after the Certificate entry to the end of headers. */ digest_range(x, mdctx, x->x_certificate_entry_off + x->x_certificate_entry_len, x->x_headers_len - (x->x_certificate_entry_off + x->x_certificate_entry_len)); /* * Then, each section in turn, as specified in the PE Section Table. * * XXX: Sorting. */ sum_of_bytes_hashed = x->x_headers_len; for (i = 0; i < x->x_nsections; i++) { digest_range(x, mdctx, x->x_section_off[i], x->x_section_len[i]); sum_of_bytes_hashed += x->x_section_len[i]; } /* * I believe this can happen with overlapping sections. */ if (sum_of_bytes_hashed > x->x_len) errx(1, "number of bytes hashed is larger than file size"); /* * I can't really explain this one; just do what the spec says. */ if (sum_of_bytes_hashed < x->x_len) { digest_range(x, mdctx, sum_of_bytes_hashed, x->x_len - (signature_size(x) + sum_of_bytes_hashed)); } ok = EVP_DigestFinal_ex(mdctx, x->x_digest, &x->x_digest_len); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "EVP_DigestFinal_ex(3) failed"); } EVP_MD_CTX_destroy(mdctx); } static void show_digest(const struct executable *x) { int i; printf("computed %s digest ", DIGEST); for (i = 0; i < (int)x->x_digest_len; i++) printf("%02x", (unsigned char)x->x_digest[i]); printf("; digest len %u\n", x->x_digest_len); } static void send_digest(const struct executable *x, int pipefd) { send_chunk(x->x_digest, x->x_digest_len, pipefd); } static void receive_signature(struct executable *x, int pipefd) { receive_chunk(&x->x_signature, &x->x_signature_len, pipefd); } static void save(struct executable *x, FILE *fp, const char *path) { size_t nwritten; assert(fp != NULL); assert(path != NULL); nwritten = fwrite(x->x_buf, x->x_len, 1, fp); if (nwritten != 1) err(1, "%s: fwrite", path); } int child(const char *inpath, const char *outpath, int pipefd, bool Vflag, bool vflag) { FILE *outfp = NULL, *infp = NULL; struct executable *x; infp = checked_fopen(inpath, "r"); if (outpath != NULL) outfp = checked_fopen(outpath, "w"); if (caph_enter() < 0) err(1, "cap_enter"); x = calloc(1, sizeof(*x)); if (x == NULL) err(1, "calloc"); x->x_path = inpath; x->x_fp = infp; load(x); parse(x); if (Vflag) { if (signature_size(x) == 0) errx(1, "file not signed"); printf("file contains signature\n"); if (vflag) { digest(x); show_digest(x); show_certificate(x); } } else { if (signature_size(x) != 0) errx(1, "file already signed"); digest(x); if (vflag) show_digest(x); send_digest(x, pipefd); receive_signature(x, pipefd); update(x); save(x, outfp, outpath); } return (0); } Index: head/usr.sbin/uefisign/magic.h =================================================================== --- head/usr.sbin/uefisign/magic.h (revision 367104) +++ head/usr.sbin/uefisign/magic.h (revision 367105) @@ -1,68 +1,67 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ * */ /* * This file contains Authenticode-specific ASN.1 "configuration", used, * after being processed by asprintf(3), as an input to ASN1_generate_nconf(3). */ static const char *magic_fmt = "asn1 = SEQUENCE:SpcIndirectDataContent\n" "\n" "[SpcIndirectDataContent]\n" "a = SEQUENCE:SpcAttributeTypeAndOptionalValue\n" "b = SEQUENCE:DigestInfo\n" "\n" "[SpcAttributeTypeAndOptionalValue]\n" "# SPC_PE_IMAGE_DATAOBJ\n" "a = OID:1.3.6.1.4.1.311.2.1.15\n" "b = SEQUENCE:SpcPeImageData\n" "\n" "[SpcPeImageData]\n" "a = FORMAT:HEX,BITSTRING:00\n" /* * Well, there should be some other struct here, "SPCLink", but it doesn't * appear to be necessary for UEFI, and I have no idea how to synthesize it, * as it uses the CHOICE type. */ "\n" "[DigestInfo]\n" "a = SEQUENCE:AlgorithmIdentifier\n" /* * Here goes the digest computed from PE headers and sections. */ "b = FORMAT:HEX,OCTETSTRING:%s\n" "\n" "[AlgorithmIdentifier]\n" "a = OBJECT:sha256\n" "b = NULL\n"; Index: head/usr.sbin/uefisign/pe.c =================================================================== --- head/usr.sbin/uefisign/pe.c (revision 367104) +++ head/usr.sbin/uefisign/pe.c (revision 367105) @@ -1,572 +1,571 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ /* * PE format reference: * http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include "uefisign.h" #ifndef CTASSERT #define CTASSERT(x) _CTASSERT(x, __LINE__) #define _CTASSERT(x, y) __CTASSERT(x, y) #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1] #endif #define PE_ALIGMENT_SIZE 8 struct mz_header { uint8_t mz_signature[2]; uint8_t mz_dont_care[58]; uint16_t mz_lfanew; } __attribute__((packed)); struct coff_header { uint8_t coff_dont_care[2]; uint16_t coff_number_of_sections; uint8_t coff_dont_care_either[16]; } __attribute__((packed)); #define PE_SIGNATURE 0x00004550 struct pe_header { uint32_t pe_signature; struct coff_header pe_coff; } __attribute__((packed)); #define PE_OPTIONAL_MAGIC_32 0x010B #define PE_OPTIONAL_MAGIC_32_PLUS 0x020B #define PE_OPTIONAL_SUBSYSTEM_EFI_APPLICATION 10 #define PE_OPTIONAL_SUBSYSTEM_EFI_BOOT 11 #define PE_OPTIONAL_SUBSYSTEM_EFI_RUNTIME 12 struct pe_optional_header_32 { uint16_t po_magic; uint8_t po_dont_care[58]; uint32_t po_size_of_headers; uint32_t po_checksum; uint16_t po_subsystem; uint8_t po_dont_care_either[22]; uint32_t po_number_of_rva_and_sizes; } __attribute__((packed)); CTASSERT(offsetof(struct pe_optional_header_32, po_size_of_headers) == 60); CTASSERT(offsetof(struct pe_optional_header_32, po_checksum) == 64); CTASSERT(offsetof(struct pe_optional_header_32, po_subsystem) == 68); CTASSERT(offsetof(struct pe_optional_header_32, po_number_of_rva_and_sizes) == 92); struct pe_optional_header_32_plus { uint16_t po_magic; uint8_t po_dont_care[58]; uint32_t po_size_of_headers; uint32_t po_checksum; uint16_t po_subsystem; uint8_t po_dont_care_either[38]; uint32_t po_number_of_rva_and_sizes; } __attribute__((packed)); CTASSERT(offsetof(struct pe_optional_header_32_plus, po_size_of_headers) == 60); CTASSERT(offsetof(struct pe_optional_header_32_plus, po_checksum) == 64); CTASSERT(offsetof(struct pe_optional_header_32_plus, po_subsystem) == 68); CTASSERT(offsetof(struct pe_optional_header_32_plus, po_number_of_rva_and_sizes) == 108); #define PE_DIRECTORY_ENTRY_CERTIFICATE 4 struct pe_directory_entry { uint32_t pde_rva; uint32_t pde_size; } __attribute__((packed)); struct pe_section_header { uint8_t psh_dont_care[16]; uint32_t psh_size_of_raw_data; uint32_t psh_pointer_to_raw_data; uint8_t psh_dont_care_either[16]; } __attribute__((packed)); CTASSERT(offsetof(struct pe_section_header, psh_size_of_raw_data) == 16); CTASSERT(offsetof(struct pe_section_header, psh_pointer_to_raw_data) == 20); #define PE_CERTIFICATE_REVISION 0x0200 #define PE_CERTIFICATE_TYPE 0x0002 struct pe_certificate { uint32_t pc_len; uint16_t pc_revision; uint16_t pc_type; char pc_signature[0]; } __attribute__((packed)); void range_check(const struct executable *x, off_t off, size_t len, const char *name) { if (off < 0) { errx(1, "%s starts at negative offset %jd", name, (intmax_t)off); } if (off >= (off_t)x->x_len) { errx(1, "%s starts at %jd, past the end of executable at %zd", name, (intmax_t)off, x->x_len); } if (len >= x->x_len) { errx(1, "%s size %zd is larger than the executable size %zd", name, len, x->x_len); } if (off + len > x->x_len) { errx(1, "%s extends to %jd, past the end of executable at %zd", name, (intmax_t)(off + len), x->x_len); } } size_t signature_size(const struct executable *x) { const struct pe_directory_entry *pde; range_check(x, x->x_certificate_entry_off, x->x_certificate_entry_len, "Certificate Directory"); pde = (struct pe_directory_entry *) (x->x_buf + x->x_certificate_entry_off); if (pde->pde_rva != 0 && pde->pde_size == 0) warnx("signature size is 0, but its RVA is %d", pde->pde_rva); if (pde->pde_rva == 0 && pde->pde_size != 0) warnx("signature RVA is 0, but its size is %d", pde->pde_size); return (pde->pde_size); } void show_certificate(const struct executable *x) { struct pe_certificate *pc; const struct pe_directory_entry *pde; range_check(x, x->x_certificate_entry_off, x->x_certificate_entry_len, "Certificate Directory"); pde = (struct pe_directory_entry *) (x->x_buf + x->x_certificate_entry_off); if (signature_size(x) == 0) { printf("file not signed\n"); return; } #if 0 printf("certificate chunk at offset %zd, size %zd\n", pde->pde_rva, pde->pde_size); #endif range_check(x, pde->pde_rva, pde->pde_size, "Certificate chunk"); pc = (struct pe_certificate *)(x->x_buf + pde->pde_rva); if (pc->pc_revision != PE_CERTIFICATE_REVISION) { errx(1, "wrong certificate chunk revision, is %d, should be %d", pc->pc_revision, PE_CERTIFICATE_REVISION); } if (pc->pc_type != PE_CERTIFICATE_TYPE) { errx(1, "wrong certificate chunk type, is %d, should be %d", pc->pc_type, PE_CERTIFICATE_TYPE); } printf("to dump PKCS7:\n " "dd if='%s' bs=1 skip=%zd | openssl pkcs7 -inform DER -print\n", x->x_path, pde->pde_rva + offsetof(struct pe_certificate, pc_signature)); printf("to dump raw ASN.1:\n " "openssl asn1parse -i -inform DER -offset %zd -in '%s'\n", pde->pde_rva + offsetof(struct pe_certificate, pc_signature), x->x_path); } static void parse_section_table(struct executable *x, off_t off, int number_of_sections) { const struct pe_section_header *psh; int i; range_check(x, off, sizeof(*psh) * number_of_sections, "section table"); if (x->x_headers_len <= off + sizeof(*psh) * number_of_sections) errx(1, "section table outside of headers"); psh = (const struct pe_section_header *)(x->x_buf + off); if (number_of_sections >= MAX_SECTIONS) { errx(1, "too many sections: got %d, should be %d", number_of_sections, MAX_SECTIONS); } x->x_nsections = number_of_sections; for (i = 0; i < number_of_sections; i++) { if (psh->psh_pointer_to_raw_data < x->x_headers_len) errx(1, "section points inside the headers"); range_check(x, psh->psh_pointer_to_raw_data, psh->psh_size_of_raw_data, "section"); #if 0 printf("section %d: start %d, size %d\n", i, psh->psh_pointer_to_raw_data, psh->psh_size_of_raw_data); #endif x->x_section_off[i] = psh->psh_pointer_to_raw_data; x->x_section_len[i] = psh->psh_size_of_raw_data; psh++; } } static void parse_directory(struct executable *x, off_t off, int number_of_rva_and_sizes, int number_of_sections) { //int i; const struct pe_directory_entry *pde; //printf("Data Directory at offset %zd\n", off); if (number_of_rva_and_sizes <= PE_DIRECTORY_ENTRY_CERTIFICATE) { errx(1, "wrong NumberOfRvaAndSizes %d; should be at least %d", number_of_rva_and_sizes, PE_DIRECTORY_ENTRY_CERTIFICATE); } range_check(x, off, sizeof(*pde) * number_of_rva_and_sizes, "PE Data Directory"); if (x->x_headers_len <= off + sizeof(*pde) * number_of_rva_and_sizes) errx(1, "PE Data Directory outside of headers"); x->x_certificate_entry_off = off + sizeof(*pde) * PE_DIRECTORY_ENTRY_CERTIFICATE; x->x_certificate_entry_len = sizeof(*pde); #if 0 printf("certificate directory entry at offset %zd, len %zd\n", x->x_certificate_entry_off, x->x_certificate_entry_len); pde = (struct pe_directory_entry *)(x->x_buf + off); for (i = 0; i < number_of_rva_and_sizes; i++) { printf("rva %zd, size %zd\n", pde->pde_rva, pde->pde_size); pde++; } #endif return (parse_section_table(x, off + sizeof(*pde) * number_of_rva_and_sizes, number_of_sections)); } /* * The PE checksum algorithm is undocumented; this code is mostly based on * http://forum.sysinternals.com/optional-header-checksum-calculation_topic24214.html * * "Sum the entire image file, excluding the CheckSum field in the optional * header, as an array of USHORTs, allowing any carry above 16 bits to be added * back onto the low 16 bits. Then add the file size to get a 32-bit value." * * Note that most software does not care about the checksum at all; perhaps * we could just set it to 0 instead. * * XXX: Endianness? */ static uint32_t compute_checksum(const struct executable *x) { uint32_t cksum = 0; uint16_t tmp; int i; range_check(x, x->x_checksum_off, x->x_checksum_len, "PE checksum"); assert(x->x_checksum_off % 2 == 0); for (i = 0; i + sizeof(tmp) < x->x_len; i += 2) { /* * Don't checksum the checksum. The +2 is because the checksum * is 4 bytes, and here we're iterating over 2 byte chunks. */ if (i == x->x_checksum_off || i == x->x_checksum_off + 2) { tmp = 0; } else { assert(i + sizeof(tmp) <= x->x_len); memcpy(&tmp, x->x_buf + i, sizeof(tmp)); } cksum += tmp; cksum += cksum >> 16; cksum &= 0xffff; } cksum += cksum >> 16; cksum &= 0xffff; cksum += x->x_len; return (cksum); } static void parse_optional_32_plus(struct executable *x, off_t off, int number_of_sections) { #if 0 uint32_t computed_checksum; #endif const struct pe_optional_header_32_plus *po; range_check(x, off, sizeof(*po), "PE Optional Header"); po = (struct pe_optional_header_32_plus *)(x->x_buf + off); switch (po->po_subsystem) { case PE_OPTIONAL_SUBSYSTEM_EFI_APPLICATION: case PE_OPTIONAL_SUBSYSTEM_EFI_BOOT: case PE_OPTIONAL_SUBSYSTEM_EFI_RUNTIME: break; default: errx(1, "wrong PE Optional Header subsystem 0x%x", po->po_subsystem); } #if 0 printf("subsystem %d, checksum 0x%x, %d data directories\n", po->po_subsystem, po->po_checksum, po->po_number_of_rva_and_sizes); #endif x->x_checksum_off = off + offsetof(struct pe_optional_header_32_plus, po_checksum); x->x_checksum_len = sizeof(po->po_checksum); #if 0 printf("checksum 0x%x at offset %zd, len %zd\n", po->po_checksum, x->x_checksum_off, x->x_checksum_len); computed_checksum = compute_checksum(x); if (computed_checksum != po->po_checksum) { warnx("invalid PE+ checksum; is 0x%x, should be 0x%x", po->po_checksum, computed_checksum); } #endif if (x->x_len < x->x_headers_len) errx(1, "invalid SizeOfHeaders %d", po->po_size_of_headers); x->x_headers_len = po->po_size_of_headers; //printf("Size of Headers: %d\n", po->po_size_of_headers); return (parse_directory(x, off + sizeof(*po), po->po_number_of_rva_and_sizes, number_of_sections)); } static void parse_optional_32(struct executable *x, off_t off, int number_of_sections) { #if 0 uint32_t computed_checksum; #endif const struct pe_optional_header_32 *po; range_check(x, off, sizeof(*po), "PE Optional Header"); po = (struct pe_optional_header_32 *)(x->x_buf + off); switch (po->po_subsystem) { case PE_OPTIONAL_SUBSYSTEM_EFI_APPLICATION: case PE_OPTIONAL_SUBSYSTEM_EFI_BOOT: case PE_OPTIONAL_SUBSYSTEM_EFI_RUNTIME: break; default: errx(1, "wrong PE Optional Header subsystem 0x%x", po->po_subsystem); } #if 0 printf("subsystem %d, checksum 0x%x, %d data directories\n", po->po_subsystem, po->po_checksum, po->po_number_of_rva_and_sizes); #endif x->x_checksum_off = off + offsetof(struct pe_optional_header_32, po_checksum); x->x_checksum_len = sizeof(po->po_checksum); #if 0 printf("checksum at offset %zd, len %zd\n", x->x_checksum_off, x->x_checksum_len); computed_checksum = compute_checksum(x); if (computed_checksum != po->po_checksum) { warnx("invalid PE checksum; is 0x%x, should be 0x%x", po->po_checksum, computed_checksum); } #endif if (x->x_len < x->x_headers_len) errx(1, "invalid SizeOfHeaders %d", po->po_size_of_headers); x->x_headers_len = po->po_size_of_headers; //printf("Size of Headers: %d\n", po->po_size_of_headers); return (parse_directory(x, off + sizeof(*po), po->po_number_of_rva_and_sizes, number_of_sections)); } static void parse_optional(struct executable *x, off_t off, int number_of_sections) { const struct pe_optional_header_32 *po; //printf("Optional header offset %zd\n", off); range_check(x, off, sizeof(*po), "PE Optional Header"); po = (struct pe_optional_header_32 *)(x->x_buf + off); switch (po->po_magic) { case PE_OPTIONAL_MAGIC_32: return (parse_optional_32(x, off, number_of_sections)); case PE_OPTIONAL_MAGIC_32_PLUS: return (parse_optional_32_plus(x, off, number_of_sections)); default: errx(1, "wrong PE Optional Header magic 0x%x", po->po_magic); } } static void parse_pe(struct executable *x, off_t off) { const struct pe_header *pe; //printf("PE offset %zd, PE size %zd\n", off, sizeof(*pe)); range_check(x, off, sizeof(*pe), "PE header"); pe = (struct pe_header *)(x->x_buf + off); if (pe->pe_signature != PE_SIGNATURE) errx(1, "wrong PE signature 0x%x", pe->pe_signature); //printf("Number of sections: %d\n", pe->pe_coff.coff_number_of_sections); parse_optional(x, off + sizeof(*pe), pe->pe_coff.coff_number_of_sections); } void parse(struct executable *x) { const struct mz_header *mz; range_check(x, 0, sizeof(*mz), "MZ header"); mz = (struct mz_header *)x->x_buf; if (mz->mz_signature[0] != 'M' || mz->mz_signature[1] != 'Z') errx(1, "MZ header not found"); return (parse_pe(x, mz->mz_lfanew)); } static off_t append(struct executable *x, void *ptr, size_t len, size_t aligment) { off_t off; off = x->x_len; x->x_buf = realloc(x->x_buf, x->x_len + len + aligment); if (x->x_buf == NULL) err(1, "realloc"); memcpy(x->x_buf + x->x_len, ptr, len); memset(x->x_buf + x->x_len + len, 0, aligment); x->x_len += len + aligment; return (off); } void update(struct executable *x) { uint32_t checksum; struct pe_certificate *pc; struct pe_directory_entry pde; size_t pc_len; size_t pc_aligment; off_t pc_off; pc_len = sizeof(*pc) + x->x_signature_len; pc = calloc(1, pc_len); if (pc == NULL) err(1, "calloc"); if (pc_len % PE_ALIGMENT_SIZE > 0) pc_aligment = PE_ALIGMENT_SIZE - (pc_len % PE_ALIGMENT_SIZE); else pc_aligment = 0; #if 0 /* * Note that pc_len is the length of pc_certificate, * not the whole structure. * * XXX: That's what the spec says - but it breaks at least * sbverify and "pesign -S", so the spec is probably wrong. */ pc->pc_len = x->x_signature_len; #else pc->pc_len = pc_len; #endif pc->pc_revision = PE_CERTIFICATE_REVISION; pc->pc_type = PE_CERTIFICATE_TYPE; memcpy(&pc->pc_signature, x->x_signature, x->x_signature_len); pc_off = append(x, pc, pc_len, pc_aligment); #if 0 printf("added signature chunk at offset %zd, len %zd\n", pc_off, pc_len); #endif free(pc); pde.pde_rva = pc_off; pde.pde_size = pc_len + pc_aligment; memcpy(x->x_buf + x->x_certificate_entry_off, &pde, sizeof(pde)); checksum = compute_checksum(x); assert(sizeof(checksum) == x->x_checksum_len); memcpy(x->x_buf + x->x_checksum_off, &checksum, sizeof(checksum)); #if 0 printf("new checksum 0x%x\n", checksum); #endif } Index: head/usr.sbin/uefisign/uefisign.8 =================================================================== --- head/usr.sbin/uefisign/uefisign.8 (revision 367104) +++ head/usr.sbin/uefisign/uefisign.8 (revision 367105) @@ -1,93 +1,92 @@ .\" Copyright (c) 2014 The FreeBSD Foundation -.\" All rights reserved. .\" .\" This software was developed by Edward Tomasz Napierala under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd July 11, 2015 .Dt UEFISIGN 8 .Os .Sh NAME .Nm uefisign .Nd UEFI Secure Boot signing utility .Sh SYNOPSIS .Nm .Fl k Ar key .Fl c Ar certificate .Fl o Ar output .Op Fl v .Ar file .Nm .Fl V .Op Fl v .Ar file .Sh DESCRIPTION The .Nm utility signs PE binary files using Authenticode scheme, as required by UEFI Secure Boot specification. Alternatively, it can be used to view and verify existing signatures. These options are available: .Bl -tag -width ".Fl l" .It Fl V Determine whether the file is signed. Note that this does not verify the correctness of the signature; only that the file contains a signature. .It Fl k Name of file containing the private key used to sign the binary. .It Fl c Name of file containing the certificate used to sign the binary. .It Fl o Name of file to write the signed binary to. .It Fl v Be verbose. .El .Sh EXIT STATUS The .Nm utility exits 0 on success, and >0 if an error occurs. .Sh EXAMPLES Generate self-signed certificate and use it to sign a binary: .Dl /usr/share/examples/uefisign/uefikeys testcert .Dl uefisign -c testcert.pem -k testcert.key -o signed-binary binary .Pp View signature: .Dl uefisign -Vv binary .Sh SEE ALSO .Xr openssl 1 , .Xr loader 8 , .Xr uefi 8 .Sh HISTORY The .Nm command appeared in .Fx 10.2 . .Sh AUTHORS The .Nm utility was developed by .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org under sponsorship from the FreeBSD Foundation. Index: head/usr.sbin/uefisign/uefisign.c =================================================================== --- head/usr.sbin/uefisign/uefisign.c (revision 367104) +++ head/usr.sbin/uefisign/uefisign.c (revision 367105) @@ -1,427 +1,426 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include "uefisign.h" #include "magic.h" static void usage(void) { fprintf(stderr, "usage: uefisign -c cert -k key -o outfile [-v] file\n" " uefisign -V [-c cert] [-v] file\n"); exit(1); } static char * checked_strdup(const char *s) { char *c; c = strdup(s); if (c == NULL) err(1, "strdup"); return (c); } FILE * checked_fopen(const char *path, const char *mode) { FILE *fp; assert(path != NULL); fp = fopen(path, mode); if (fp == NULL) err(1, "%s", path); return (fp); } void send_chunk(const void *buf, size_t len, int pipefd) { ssize_t ret; ret = write(pipefd, &len, sizeof(len)); if (ret != sizeof(len)) err(1, "write"); ret = write(pipefd, buf, len); if (ret != (ssize_t)len) err(1, "write"); } void receive_chunk(void **bufp, size_t *lenp, int pipefd) { ssize_t ret; size_t len; void *buf; ret = read(pipefd, &len, sizeof(len)); if (ret != sizeof(len)) err(1, "read"); buf = calloc(1, len); if (buf == NULL) err(1, "calloc"); ret = read(pipefd, buf, len); if (ret != (ssize_t)len) err(1, "read"); *bufp = buf; *lenp = len; } static char * bin2hex(const char *bin, size_t bin_len) { unsigned char *hex, *tmp, ch; size_t hex_len; size_t i; hex_len = bin_len * 2 + 1; /* +1 for '\0'. */ hex = malloc(hex_len); if (hex == NULL) err(1, "malloc"); tmp = hex; for (i = 0; i < bin_len; i++) { ch = bin[i]; tmp += sprintf(tmp, "%02x", ch); } return (hex); } /* * We need to replace a standard chunk of PKCS7 signature with one mandated * by Authenticode. Problem is, replacing it just like that and then calling * PKCS7_final() would make OpenSSL segfault somewhere in PKCS7_dataFinal(). * So, instead, we call PKCS7_dataInit(), then put our Authenticode-specific * data into BIO it returned, then call PKCS7_dataFinal() - which now somehow * does not panic - and _then_ we replace it in the signature. This technique * was used in sbsigntool by Jeremy Kerr, and might have originated in * osslsigncode. */ static void magic(PKCS7 *pkcs7, const char *digest, size_t digest_len) { BIO *bio, *t_bio; ASN1_TYPE *t; ASN1_STRING *s; CONF *cnf; unsigned char *buf, *tmp; char *digest_hex, *magic_conf, *str; int len, nid, ok; digest_hex = bin2hex(digest, digest_len); /* * Construct the SpcIndirectDataContent chunk. */ nid = OBJ_create("1.3.6.1.4.1.311.2.1.4", NULL, NULL); asprintf(&magic_conf, magic_fmt, digest_hex); if (magic_conf == NULL) err(1, "asprintf"); bio = BIO_new_mem_buf((void *)magic_conf, -1); if (bio == NULL) { ERR_print_errors_fp(stderr); errx(1, "BIO_new_mem_buf(3) failed"); } cnf = NCONF_new(NULL); if (cnf == NULL) { ERR_print_errors_fp(stderr); errx(1, "NCONF_new(3) failed"); } ok = NCONF_load_bio(cnf, bio, NULL); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "NCONF_load_bio(3) failed"); } str = NCONF_get_string(cnf, "default", "asn1"); if (str == NULL) { ERR_print_errors_fp(stderr); errx(1, "NCONF_get_string(3) failed"); } t = ASN1_generate_nconf(str, cnf); if (t == NULL) { ERR_print_errors_fp(stderr); errx(1, "ASN1_generate_nconf(3) failed"); } /* * We now have our proprietary piece of ASN.1. Let's do * the actual signing. */ len = i2d_ASN1_TYPE(t, NULL); tmp = buf = calloc(1, len); if (tmp == NULL) err(1, "calloc"); i2d_ASN1_TYPE(t, &tmp); /* * We now have contents of 't' stuffed into memory buffer 'buf'. */ tmp = NULL; t = NULL; t_bio = PKCS7_dataInit(pkcs7, NULL); if (t_bio == NULL) { ERR_print_errors_fp(stderr); errx(1, "PKCS7_dataInit(3) failed"); } BIO_write(t_bio, buf + 2, len - 2); ok = PKCS7_dataFinal(pkcs7, t_bio); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "PKCS7_dataFinal(3) failed"); } t = ASN1_TYPE_new(); s = ASN1_STRING_new(); ASN1_STRING_set(s, buf, len); ASN1_TYPE_set(t, V_ASN1_SEQUENCE, s); PKCS7_set0_type_other(pkcs7->d.sign->contents, nid, t); } static void sign(X509 *cert, EVP_PKEY *key, int pipefd) { PKCS7 *pkcs7; BIO *bio, *out; const EVP_MD *md; PKCS7_SIGNER_INFO *info; void *digest, *signature; size_t digest_len, signature_len; int ok; assert(cert != NULL); assert(key != NULL); receive_chunk(&digest, &digest_len, pipefd); bio = BIO_new_mem_buf(digest, digest_len); if (bio == NULL) { ERR_print_errors_fp(stderr); errx(1, "BIO_new_mem_buf(3) failed"); } pkcs7 = PKCS7_sign(NULL, NULL, NULL, bio, PKCS7_BINARY | PKCS7_PARTIAL); if (pkcs7 == NULL) { ERR_print_errors_fp(stderr); errx(1, "PKCS7_sign(3) failed"); } md = EVP_get_digestbyname(DIGEST); if (md == NULL) { ERR_print_errors_fp(stderr); errx(1, "EVP_get_digestbyname(\"%s\") failed", DIGEST); } info = PKCS7_sign_add_signer(pkcs7, cert, key, md, 0); if (info == NULL) { ERR_print_errors_fp(stderr); errx(1, "PKCS7_sign_add_signer(3) failed"); } /* * XXX: All the signed binaries seem to have this, but where is it * described in the spec? */ PKCS7_add_signed_attribute(info, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_txt2obj("1.3.6.1.4.1.311.2.1.4", 1)); magic(pkcs7, digest, digest_len); #if 0 out = BIO_new(BIO_s_file()); BIO_set_fp(out, stdout, BIO_NOCLOSE); PKCS7_print_ctx(out, pkcs7, 0, NULL); i2d_PKCS7_bio(out, pkcs7); #endif out = BIO_new(BIO_s_mem()); if (out == NULL) { ERR_print_errors_fp(stderr); errx(1, "BIO_new(3) failed"); } ok = i2d_PKCS7_bio(out, pkcs7); if (ok == 0) { ERR_print_errors_fp(stderr); errx(1, "i2d_PKCS7_bio(3) failed"); } signature_len = BIO_get_mem_data(out, &signature); if (signature_len <= 0) { ERR_print_errors_fp(stderr); errx(1, "BIO_get_mem_data(3) failed"); } (void)BIO_set_close(out, BIO_NOCLOSE); BIO_free(out); send_chunk(signature, signature_len, pipefd); } static int wait_for_child(pid_t pid) { int status; pid = waitpid(pid, &status, 0); if (pid == -1) err(1, "waitpid"); return (WEXITSTATUS(status)); } int main(int argc, char **argv) { int ch, error; bool Vflag = false, vflag = false; const char *certpath = NULL, *keypath = NULL, *outpath = NULL, *inpath = NULL; FILE *certfp = NULL, *keyfp = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; pid_t pid; int pipefds[2]; while ((ch = getopt(argc, argv, "Vc:k:o:v")) != -1) { switch (ch) { case 'V': Vflag = true; break; case 'c': certpath = checked_strdup(optarg); break; case 'k': keypath = checked_strdup(optarg); break; case 'o': outpath = checked_strdup(optarg); break; case 'v': vflag = true; break; default: usage(); } } argc -= optind; argv += optind; if (argc != 1) usage(); if (Vflag) { if (certpath != NULL) errx(1, "-V and -c are mutually exclusive"); if (keypath != NULL) errx(1, "-V and -k are mutually exclusive"); if (outpath != NULL) errx(1, "-V and -o are mutually exclusive"); } else { if (certpath == NULL) errx(1, "-c option is mandatory"); if (keypath == NULL) errx(1, "-k option is mandatory"); if (outpath == NULL) errx(1, "-o option is mandatory"); } inpath = argv[0]; OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); error = pipe(pipefds); if (error != 0) err(1, "pipe"); pid = fork(); if (pid < 0) err(1, "fork"); if (pid == 0) return (child(inpath, outpath, pipefds[1], Vflag, vflag)); if (!Vflag) { certfp = checked_fopen(certpath, "r"); cert = PEM_read_X509(certfp, NULL, NULL, NULL); if (cert == NULL) { ERR_print_errors_fp(stderr); errx(1, "failed to load certificate from %s", certpath); } keyfp = checked_fopen(keypath, "r"); key = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL); if (key == NULL) { ERR_print_errors_fp(stderr); errx(1, "failed to load private key from %s", keypath); } sign(cert, key, pipefds[0]); } return (wait_for_child(pid)); } Index: head/usr.sbin/uefisign/uefisign.h =================================================================== --- head/usr.sbin/uefisign/uefisign.h (revision 367104) +++ head/usr.sbin/uefisign/uefisign.h (revision 367105) @@ -1,93 +1,92 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2014 The FreeBSD Foundation - * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef EFISIGN_H #define EFISIGN_H #include #include #define DIGEST "SHA256" #define MAX_SECTIONS 128 struct executable { const char *x_path; FILE *x_fp; char *x_buf; size_t x_len; /* * Set by pe_parse(), used by digest(). */ size_t x_headers_len; off_t x_checksum_off; size_t x_checksum_len; off_t x_certificate_entry_off; size_t x_certificate_entry_len; int x_nsections; off_t x_section_off[MAX_SECTIONS]; size_t x_section_len[MAX_SECTIONS]; /* * Computed by digest(). */ unsigned char x_digest[EVP_MAX_MD_SIZE]; unsigned int x_digest_len; /* * Received from the parent process, which computes it in sign(). */ void *x_signature; size_t x_signature_len; }; FILE *checked_fopen(const char *path, const char *mode); void send_chunk(const void *buf, size_t len, int pipefd); void receive_chunk(void **bufp, size_t *lenp, int pipefd); int child(const char *inpath, const char *outpath, int pipefd, bool Vflag, bool vflag); void parse(struct executable *x); void update(struct executable *x); size_t signature_size(const struct executable *x); void show_certificate(const struct executable *x); void range_check(const struct executable *x, off_t off, size_t len, const char *name); #endif /* !EFISIGN_H */