]> git.saurik.com Git - apple/xnu.git/blame - bsd/nfs/nfs_syscalls.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-6153.81.5.tar.gz
[apple/xnu.git] / bsd / nfs / nfs_syscalls.c
CommitLineData
1c79356b 1/*
cb323159 2 * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
5d5c5d0d 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
0a7de745 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
0a7de745 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
0a7de745 17 *
2d21ac55
A		 18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A		 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A		 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
0a7de745 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b
A		 27 */
28/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
29/*
30 * Copyright (c) 1989, 1993
31 * The Regents of the University of California. All rights reserved.
32 *
33 * This code is derived from software contributed to Berkeley by
34 * Rick Macklem at The University of Guelph.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. All advertising materials mentioning features or use of this software
45 * must display the following acknowledgement:
46 * This product includes software developed by the University of
47 * California, Berkeley and its contributors.
48 * 4. Neither the name of the University nor the names of its contributors
49 * may be used to endorse or promote products derived from this software
50 * without specific prior written permission.
51 *
52 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
53 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
55 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
56 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
57 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
58 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
59 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
60 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
61 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
62 * SUCH DAMAGE.
63 *
64 * @(#)nfs_syscalls.c 8.5 (Berkeley) 3/30/95
65 * FreeBSD-Id: nfs_syscalls.c,v 1.32 1997/11/07 08:53:25 phk Exp $
66 */
2d21ac55
A		 67/*
68 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
69 * support for mandatory and extensible security protections. This notice
70 * is included in support of clause 2.2 (b) of the Apple Public License,
71 * Version 2.0.
72 */
1c79356b
A		 73
74#include <sys/param.h>
75#include <sys/systm.h>
1c79356b 76#include <sys/kernel.h>
91447636 77#include <sys/file_internal.h>
1c79356b
A		 78#include <sys/filedesc.h>
79#include <sys/stat.h>
91447636
A		 80#include <sys/vnode_internal.h>
81#include <sys/mount_internal.h>
82#include <sys/proc_internal.h> /* for fdflags */
83#include <sys/kauth.h>
1c79356b 84#include <sys/sysctl.h>
55e303ae 85#include <sys/ubc.h>
1c79356b
A		 86#include <sys/uio.h>
87#include <sys/malloc.h>
91447636 88#include <sys/kpi_mbuf.h>
1c79356b
A		 89#include <sys/socket.h>
90#include <sys/socketvar.h>
91#include <sys/domain.h>
92#include <sys/protosw.h>
55e303ae
A		 93#include <sys/fcntl.h>
94#include <sys/lockf.h>
1c79356b
A		 95#include <sys/syslog.h>
96#include <sys/user.h>
91447636
A		 97#include <sys/sysproto.h>
98#include <sys/kpi_socket.h>
2d21ac55 99#include <sys/fsevents.h>
91447636 100#include <libkern/OSAtomic.h>
2d21ac55
A		 101#include <kern/thread_call.h>
102#include <kern/task.h>
1c79356b 103
b0d623f7 104#include <security/audit/audit.h>
ccc36f2f 105
1c79356b
A		 106#include <netinet/in.h>
107#include <netinet/tcp.h>
1c79356b
A		 108#include <nfs/xdr_subs.h>
109#include <nfs/rpcv2.h>
110#include <nfs/nfsproto.h>
111#include <nfs/nfs.h>
112#include <nfs/nfsm_subs.h>
113#include <nfs/nfsrvcache.h>
2d21ac55 114#include <nfs/nfs_gss.h>
1c79356b
A		 115#include <nfs/nfsmount.h>
116#include <nfs/nfsnode.h>
55e303ae 117#include <nfs/nfs_lock.h>
2d21ac55
A		 118#if CONFIG_MACF
119#include <security/mac_framework.h>
1c79356b
A		 120#endif
121
0a7de745 122kern_return_t thread_terminate(thread_t); /* XXX */
2d21ac55
A		 123
124#if NFSSERVER
125
5c9f4661
A		 126extern const nfsrv_proc_t nfsrv_procs[NFS_NPROCS];
127
2d21ac55
A		 128extern int nfsrv_wg_delay;
129extern int nfsrv_wg_delay_v3;
130
131static int nfsrv_require_resv_port = 0;
3e170ce0
A		 132static time_t nfsrv_idlesock_timer_on = 0;
133static int nfsrv_sock_tcp_cnt = 0;
134#define NFSD_MIN_IDLE_TIMEOUT 30
135static int nfsrv_sock_idle_timeout = 3600; /* One hour */
2d21ac55 136
0a7de745
A		 137int nfssvc_export(user_addr_t argp);
138int nfssvc_nfsd(void);
139int nfssvc_addsock(socket_t, mbuf_t);
140void nfsrv_zapsock(struct nfsrv_sock *);
141void nfsrv_slpderef(struct nfsrv_sock *);
142void nfsrv_slpfree(struct nfsrv_sock *);
2d21ac55
A		 143
144#endif /* NFSSERVER */
145
146/*
147 * sysctl stuff
148 */
149SYSCTL_DECL(_vfs_generic);
0a7de745 150SYSCTL_NODE(_vfs_generic, OID_AUTO, nfs, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "nfs hinge");
2d21ac55
A		 151
152#if NFSCLIENT
0a7de745 153SYSCTL_NODE(_vfs_generic_nfs, OID_AUTO, client, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "nfs client hinge");
6d2010ae
A		 154SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, initialdowndelay, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_tprintf_initial_delay, 0, "");
155SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nextdowndelay, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_tprintf_delay, 0, "");
156SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, iosize, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_iosize, 0, "");
157SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_cache_timeout, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_access_cache_timeout, 0, "");
158SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, allow_async, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_allow_async, 0, "");
159SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, statfs_rate_limit, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_statfs_rate_limit, 0, "");
160SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nfsiod_thread_max, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsiod_thread_max, 0, "");
161SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, nfsiod_thread_count, CTLFLAG_RD | CTLFLAG_LOCKED, &nfsiod_thread_count, 0, "");
162SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, lockd_mounts, CTLFLAG_RD | CTLFLAG_LOCKED, &nfs_lockd_mounts, 0, "");
163SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, max_async_writes, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_max_async_writes, 0, "");
6d2010ae
A		 164SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_delete, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_access_delete, 0, "");
165SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_dotzfs, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_access_dotzfs, 0, "");
166SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, access_for_getattr, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_access_for_getattr, 0, "");
167SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, idmap_ctrl, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_idmap_ctrl, 0, "");
168SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, callback_port, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_callback_port, 0, "");
316670eb
A		 169SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, is_mobile, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_is_mobile, 0, "");
170SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, squishy_flags, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_squishy_flags, 0, "");
39236c6e 171SYSCTL_UINT(_vfs_generic_nfs_client, OID_AUTO, debug_ctl, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_debug_ctl, 0, "");
fe8ab488 172SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, readlink_nocache, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_readlink_nocache, 0, "");
cb323159 173#if CONFIG_NFS_GSS
3e170ce0 174SYSCTL_INT(_vfs_generic_nfs_client, OID_AUTO, root_steals_gss_context, CTLFLAG_RW | CTLFLAG_LOCKED, &nfs_root_steals_ctx, 0, "");
cb323159
A		 175#endif
176#if CONFIG_NFS4
5ba3f43e 177SYSCTL_STRING(_vfs_generic_nfs_client, OID_AUTO, default_nfs4domain, CTLFLAG_RW | CTLFLAG_LOCKED, nfs4_default_domain, sizeof(nfs4_default_domain), "");
cb323159 178#endif
2d21ac55
A		 179#endif /* NFSCLIENT */
180
181#if NFSSERVER
0a7de745 182SYSCTL_NODE(_vfs_generic_nfs, OID_AUTO, server, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "nfs server hinge");
6d2010ae
A		 183SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, wg_delay, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_wg_delay, 0, "");
184SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, wg_delay_v3, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_wg_delay_v3, 0, "");
185SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, require_resv_port, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_require_resv_port, 0, "");
186SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, async, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_async, 0, "");
187SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, export_hash_size, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_export_hash_size, 0, "");
188SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, reqcache_size, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_reqcache_size, 0, "");
189SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, request_queue_length, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_sock_max_rec_queue_length, 0, "");
190SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, user_stats, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_user_stat_enabled, 0, "");
191SYSCTL_UINT(_vfs_generic_nfs_server, OID_AUTO, gss_context_ttl, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_gss_context_ttl, 0, "");
b0d623f7 192#if CONFIG_FSE
6d2010ae 193SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, fsevents, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_fsevents_enabled, 0, "");
b0d623f7 194#endif
6d2010ae
A		 195SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, nfsd_thread_max, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsd_thread_max, 0, "");
196SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, nfsd_thread_count, CTLFLAG_RD | CTLFLAG_LOCKED, &nfsd_thread_count, 0, "");
3e170ce0
A		 197SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, nfsd_sock_idle_timeout, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_sock_idle_timeout, 0, "");
198SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, nfsd_tcp_connections, CTLFLAG_RD | CTLFLAG_LOCKED, &nfsrv_sock_tcp_cnt, 0, "");
316670eb
A		 199#ifdef NFS_UC_Q_DEBUG
200SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, use_upcall_svc, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_uc_use_proxy, 0, "");
201SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, upcall_queue_limit, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_uc_queue_limit, 0, "");
202SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, upcall_queue_max_seen, CTLFLAG_RW | CTLFLAG_LOCKED, &nfsrv_uc_queue_max_seen, 0, "");
3e170ce0 203SYSCTL_INT(_vfs_generic_nfs_server, OID_AUTO, upcall_queue_count, CTLFLAG_RD | CTLFLAG_LOCKED, __DECONST(int *, &nfsrv_uc_queue_count), 0, "");
316670eb 204#endif
2d21ac55
A		 205#endif /* NFSSERVER */
206
207
208#if NFSCLIENT
209
cb323159 210#if CONFIG_NFS4
fe8ab488
A		 211static int
212mapname2id(struct nfs_testmapid *map)
213{
214 int error;
fe8ab488 215 error = nfs4_id2guid(map->ntm_name, &map->ntm_guid, map->ntm_grpflag);
0a7de745
A		 216 if (error) {
217 return error;
218 }
fe8ab488 219
0a7de745 220 if (map->ntm_grpflag) {
fe8ab488 221 error = kauth_cred_guid2gid(&map->ntm_guid, (gid_t *)&map->ntm_id);
0a7de745 222 } else {
fe8ab488 223 error = kauth_cred_guid2uid(&map->ntm_guid, (uid_t *)&map->ntm_id);
0a7de745 224 }
fe8ab488 225
0a7de745 226 return error;
fe8ab488
A		 227}
228
229static int
230mapid2name(struct nfs_testmapid *map)
231{
232 int error;
5ba3f43e 233 size_t len = sizeof(map->ntm_name);
0a7de745
A		 234
235 if (map->ntm_grpflag) {
fe8ab488 236 error = kauth_cred_gid2guid((gid_t)map->ntm_id, &map->ntm_guid);
0a7de745 237 } else {
fe8ab488 238 error = kauth_cred_uid2guid((uid_t)map->ntm_id, &map->ntm_guid);
0a7de745
A		 239 }
240
241 if (error) {
242 return error;
243 }
fe8ab488 244
fe8ab488
A		 245 error = nfs4_guid2id(&map->ntm_guid, map->ntm_name, &len, map->ntm_grpflag);
246
0a7de745 247 return error;
fe8ab488
A		 248}
249
fe8ab488
A		 250static int
251nfsclnt_testidmap(proc_t p, user_addr_t argp)
252{
253 struct nfs_testmapid mapid;
254 int error, coerror;
5ba3f43e 255 size_t len = sizeof(mapid.ntm_name);
0a7de745
A		 256
257 /* Let root make this call. */
fe8ab488 258 error = proc_suser(p);
0a7de745
A		 259 if (error) {
260 return error;
261 }
fe8ab488
A		 262
263 error = copyin(argp, &mapid, sizeof(mapid));
cb323159
A		 264 mapid.ntm_name[MAXIDNAMELEN - 1] = '\0';
265
0a7de745
A		 266 if (error) {
267 return error;
268 }
5ba3f43e
A		 269 switch (mapid.ntm_lookup) {
270 case NTM_NAME2ID:
fe8ab488 271 error = mapname2id(&mapid);
5ba3f43e
A		 272 break;
273 case NTM_ID2NAME:
fe8ab488 274 error = mapid2name(&mapid);
5ba3f43e
A		 275 break;
276 case NTM_NAME2GUID:
277 error = nfs4_id2guid(mapid.ntm_name, &mapid.ntm_guid, mapid.ntm_grpflag);
278 break;
279 case NTM_GUID2NAME:
280 error = nfs4_guid2id(&mapid.ntm_guid, mapid.ntm_name, &len, mapid.ntm_grpflag);
281 break;
282 default:
0a7de745 283 return EINVAL;
5ba3f43e 284 }
fe8ab488
A		 285
286 coerror = copyout(&mapid, argp, sizeof(mapid));
287
0a7de745 288 return error ? error : coerror;
fe8ab488 289}
cb323159 290#endif
fe8ab488 291
2d21ac55
A		 292int
293nfsclnt(proc_t p, struct nfsclnt_args *uap, __unused int *retval)
294{
295 struct lockd_ans la;
296 int error;
297
6d2010ae
A		 298 switch (uap->flag) {
299 case NFSCLNT_LOCKDANS:
2d21ac55 300 error = copyin(uap->argp, &la, sizeof(la));
0a7de745 301 if (!error) {
6d2010ae 302 error = nfslockdans(p, &la);
0a7de745 303 }
6d2010ae
A		 304 break;
305 case NFSCLNT_LOCKDNOTIFY:
306 error = nfslockdnotify(p, uap->argp);
307 break;
cb323159 308#if CONFIG_NFS4
fe8ab488
A		 309 case NFSCLNT_TESTIDMAP:
310 error = nfsclnt_testidmap(p, uap->argp);
311 break;
cb323159 312#endif
6d2010ae
A		 313 default:
314 error = EINVAL;
2d21ac55 315 }
0a7de745 316 return error;
2d21ac55
A		 317}
318
fe8ab488 319
2d21ac55
A		 320/*
321 * Asynchronous I/O threads for client NFS.
322 * They do read-ahead and write-behind operations on the block I/O cache.
323 *
324 * The pool of up to nfsiod_thread_max threads is launched on demand and exit
325 * when unused for a while. There are as many nfsiod structs as there are
326 * nfsiod threads; however there's no strict tie between a thread and a struct.
327 * Each thread puts an nfsiod on the free list and sleeps on it. When it wakes
328 * up, it removes the next struct nfsiod from the queue and services it. Then
329 * it will put the struct at the head of free list and sleep on it.
330 * Async requests will pull the next struct nfsiod from the head of the free list,
331 * put it on the work queue, and wake whatever thread is waiting on that struct.
332 */
2d21ac55
A		 333
334/*
335 * nfsiod thread exit routine
336 *
337 * Must be called with nfsiod_mutex held so that the
338 * decision to terminate is atomic with the termination.
339 */
b0d623f7 340void
2d21ac55
A		 341nfsiod_terminate(struct nfsiod *niod)
342{
343 nfsiod_thread_count--;
344 lck_mtx_unlock(nfsiod_mutex);
0a7de745 345 if (niod) {
2d21ac55 346 FREE(niod, M_TEMP);
0a7de745 347 } else {
2d21ac55 348 printf("nfsiod: terminating without niod\n");
0a7de745 349 }
2d21ac55
A		 350 thread_terminate(current_thread());
351 /*NOTREACHED*/
352}
353
354/* nfsiod thread startup routine */
b0d623f7 355void
2d21ac55
A		 356nfsiod_thread(void)
357{
358 struct nfsiod *niod;
359 int error;
360
361 MALLOC(niod, struct nfsiod *, sizeof(struct nfsiod), M_TEMP, M_WAITOK);
362 if (!niod) {
363 lck_mtx_lock(nfsiod_mutex);
364 nfsiod_thread_count--;
b0d623f7 365 wakeup(current_thread());
2d21ac55
A		 366 lck_mtx_unlock(nfsiod_mutex);
367 thread_terminate(current_thread());
368 /*NOTREACHED*/
369 }
370 bzero(niod, sizeof(*niod));
371 lck_mtx_lock(nfsiod_mutex);
372 TAILQ_INSERT_HEAD(&nfsiodfree, niod, niod_link);
373 wakeup(current_thread());
0a7de745 374 error = msleep0(niod, nfsiod_mutex, PWAIT | PDROP, "nfsiod", NFS_ASYNCTHREADMAXIDLE * hz, nfsiod_continue);
2d21ac55
A		 375 /* shouldn't return... so we have an error */
376 /* remove an old nfsiod struct and terminate */
377 lck_mtx_lock(nfsiod_mutex);
0a7de745 378 if ((niod = TAILQ_LAST(&nfsiodfree, nfsiodlist))) {
2d21ac55 379 TAILQ_REMOVE(&nfsiodfree, niod, niod_link);
0a7de745 380 }
2d21ac55
A		 381 nfsiod_terminate(niod);
382 /*NOTREACHED*/
383}
384
385/*
386 * Start up another nfsiod thread.
387 * (unless we're already maxed out and there are nfsiods running)
388 */
389int
390nfsiod_start(void)
391{
b0d623f7 392 thread_t thd = THREAD_NULL;
2d21ac55
A		 393
394 lck_mtx_lock(nfsiod_mutex);
395 if ((nfsiod_thread_count >= NFSIOD_MAX) && (nfsiod_thread_count > 0)) {
396 lck_mtx_unlock(nfsiod_mutex);
0a7de745 397 return EBUSY;
2d21ac55
A		 398 }
399 nfsiod_thread_count++;
b0d623f7
A		 400 if (kernel_thread_start((thread_continue_t)nfsiod_thread, NULL, &thd) != KERN_SUCCESS) {
401 lck_mtx_unlock(nfsiod_mutex);
0a7de745 402 return EBUSY;
b0d623f7 403 }
2d21ac55
A		 404 /* wait for the thread to complete startup */
405 msleep(thd, nfsiod_mutex, PWAIT | PDROP, "nfsiodw", NULL);
b0d623f7 406 thread_deallocate(thd);
0a7de745 407 return 0;
2d21ac55
A		 408}
409
410/*
411 * Continuation for Asynchronous I/O threads for NFS client.
412 *
413 * Grab an nfsiod struct to work on, do some work, then drop it
414 */
b0d623f7 415int
2d21ac55
A		 416nfsiod_continue(int error)
417{
418 struct nfsiod *niod;
419 struct nfsmount *nmp;
420 struct nfsreq *req, *treq;
421 struct nfs_reqqhead iodq;
422 int morework;
423
424 lck_mtx_lock(nfsiod_mutex);
425 niod = TAILQ_FIRST(&nfsiodwork);
426 if (!niod) {
427 /* there's no work queued up */
2d21ac55 428 /* remove an old nfsiod struct and terminate */
0a7de745 429 if ((niod = TAILQ_LAST(&nfsiodfree, nfsiodlist))) {
2d21ac55 430 TAILQ_REMOVE(&nfsiodfree, niod, niod_link);
0a7de745 431 }
2d21ac55
A		 432 nfsiod_terminate(niod);
433 /*NOTREACHED*/
434 }
435 TAILQ_REMOVE(&nfsiodwork, niod, niod_link);
436
437worktodo:
438 while ((nmp = niod->niod_nmp)) {
0a7de745 439 if (nmp == NULL) {
fe8ab488
A		 440 niod->niod_nmp = NULL;
441 break;
442 }
443
0a7de745 444 /*
2d21ac55
A		 445 * Service this mount's async I/O queue.
446 *
447 * In order to ensure some level of fairness between mounts,
448 * we grab all the work up front before processing it so any
449 * new work that arrives will be serviced on a subsequent
450 * iteration - and we have a chance to see if other work needs
451 * to be done (e.g. the delayed write queue needs to be pushed
452 * or other mounts are waiting for an nfsiod).
453 */
454 /* grab the current contents of the queue */
455 TAILQ_INIT(&iodq);
456 TAILQ_CONCAT(&iodq, &nmp->nm_iodq, r_achain);
3e170ce0
A		 457 /* Mark each iod request as being managed by an iod */
458 TAILQ_FOREACH(req, &iodq, r_achain) {
459 lck_mtx_lock(&req->r_mtx);
460 assert(!(req->r_flags & R_IOD));
461 req->r_flags |= R_IOD;
462 lck_mtx_unlock(&req->r_mtx);
463 }
2d21ac55
A		 464 lck_mtx_unlock(nfsiod_mutex);
465
466 /* process the queue */
467 TAILQ_FOREACH_SAFE(req, &iodq, r_achain, treq) {
468 TAILQ_REMOVE(&iodq, req, r_achain);
3e170ce0 469 req->r_achain.tqe_next = NFSREQNOLIST;
2d21ac55
A		 470 req->r_callback.rcb_func(req);
471 }
472
473 /* now check if there's more/other work to be done */
474 lck_mtx_lock(nfsiod_mutex);
475 morework = !TAILQ_EMPTY(&nmp->nm_iodq);
476 if (!morework || !TAILQ_EMPTY(&nfsiodmounts)) {
0a7de745
A		 477 /*
478 * we're going to stop working on this mount but if the
fe8ab488
A		 479 * mount still needs more work so queue it up
480 */
0a7de745 481 if (morework && nmp->nm_iodlink.tqe_next == NFSNOLIST) {
2d21ac55 482 TAILQ_INSERT_TAIL(&nfsiodmounts, nmp, nm_iodlink);
0a7de745 483 }
2d21ac55
A		 484 nmp->nm_niod = NULL;
485 niod->niod_nmp = NULL;
486 }
487 }
488
489 /* loop if there's still a mount to work on */
490 if (!niod->niod_nmp && !TAILQ_EMPTY(&nfsiodmounts)) {
491 niod->niod_nmp = TAILQ_FIRST(&nfsiodmounts);
492 TAILQ_REMOVE(&nfsiodmounts, niod->niod_nmp, nm_iodlink);
fe8ab488 493 niod->niod_nmp->nm_iodlink.tqe_next = NFSNOLIST;
2d21ac55 494 }
0a7de745 495 if (niod->niod_nmp) {
2d21ac55 496 goto worktodo;
0a7de745 497 }
2d21ac55
A		 498
499 /* queue ourselves back up - if there aren't too many threads running */
500 if (nfsiod_thread_count <= NFSIOD_MAX) {
501 TAILQ_INSERT_HEAD(&nfsiodfree, niod, niod_link);
0a7de745 502 error = msleep0(niod, nfsiod_mutex, PWAIT | PDROP, "nfsiod", NFS_ASYNCTHREADMAXIDLE * hz, nfsiod_continue);
2d21ac55
A		 503 /* shouldn't return... so we have an error */
504 /* remove an old nfsiod struct and terminate */
505 lck_mtx_lock(nfsiod_mutex);
0a7de745 506 if ((niod = TAILQ_LAST(&nfsiodfree, nfsiodlist))) {
2d21ac55 507 TAILQ_REMOVE(&nfsiodfree, niod, niod_link);
0a7de745 508 }
2d21ac55
A		 509 }
510 nfsiod_terminate(niod);
511 /*NOTREACHED*/
0a7de745 512 return 0;
2d21ac55
A		 513}
514
515#endif /* NFSCLIENT */
516
517
518#if NFSSERVER
519
1c79356b
A		 520/*
521 * NFS server system calls
522 * getfh() lives here too, but maybe should move to kern/vfs_syscalls.c
523 */
524
94ff46dc
A		 525static struct nfs_exportfs *
526nfsrv_find_exportfs(const char *ptr)
527{
528 struct nfs_exportfs *nxfs;
529
530 LIST_FOREACH(nxfs, &nfsrv_exports, nxfs_next) {
531 if (!strncmp(nxfs->nxfs_path, ptr, MAXPATHLEN)) {
532 break;
533 }
534 }
535 if (nxfs && strncmp(nxfs->nxfs_path, ptr, strlen(nxfs->nxfs_path))) {
536 nxfs = NULL;
537 }
538
539 return nxfs;
540}
541
1c79356b
A		 542/*
543 * Get file handle system call
544 */
1c79356b 545int
91447636 546getfh(proc_t p, struct getfh_args *uap, __unused int *retval)
1c79356b 547{
91447636
A		 548 vnode_t vp;
549 struct nfs_filehandle nfh;
6d2010ae 550 int error, fhlen, fidlen;
1c79356b 551 struct nameidata nd;
94ff46dc 552 char path[MAXPATHLEN], real_mntonname[MAXPATHLEN], *ptr;
6d2010ae 553 size_t pathlen;
91447636
A		 554 struct nfs_exportfs *nxfs;
555 struct nfs_export *nx;
556
1c79356b
A		 557 /*
558 * Must be super user
559 */
91447636 560 error = proc_suser(p);
0a7de745
A		 561 if (error) {
562 return error;
563 }
91447636 564
6d2010ae 565 error = copyinstr(uap->fname, path, MAXPATHLEN, &pathlen);
0a7de745 566 if (!error) {
6d2010ae 567 error = copyin(uap->fhp, &fhlen, sizeof(fhlen));
0a7de745
A		 568 }
569 if (error) {
570 return error;
571 }
6d2010ae 572 /* limit fh size to length specified (or v3 size by default) */
0a7de745 573 if ((fhlen != NFSV2_MAX_FH_SIZE) && (fhlen != NFSV3_MAX_FH_SIZE)) {
6d2010ae 574 fhlen = NFSV3_MAX_FH_SIZE;
0a7de745 575 }
6d2010ae 576 fidlen = fhlen - sizeof(struct nfs_exphandle);
91447636 577
0a7de745
A		 578 if (!nfsrv_is_initialized()) {
579 return EINVAL;
580 }
2d21ac55 581
0a7de745
A		 582 NDINIT(&nd, LOOKUP, OP_LOOKUP, FOLLOW | LOCKLEAF | AUDITVNPATH1,
583 UIO_SYSSPACE, CAST_USER_ADDR_T(path), vfs_context_current());
1c79356b 584 error = namei(&nd);
0a7de745
A		 585 if (error) {
586 return error;
587 }
91447636
A		 588 nameidone(&nd);
589
1c79356b 590 vp = nd.ni_vp;
91447636
A		 591
592 // find exportfs that matches f_mntonname
2d21ac55 593 lck_rw_lock_shared(&nfsrv_export_rwlock);
91447636 594 ptr = vnode_mount(vp)->mnt_vfsstat.f_mntonname;
94ff46dc
A		 595 if ((nxfs = nfsrv_find_exportfs(ptr)) == NULL) {
596 /*
597 * The f_mntonname might be a firmlink path. Resolve
598 * it into a physical path and try again.
599 */
600 int pathbuflen = MAXPATHLEN;
601 vnode_t rvp;
602
603 error = VFS_ROOT(vnode_mount(vp), &rvp, vfs_context_current());
604 if (error) {
605 goto out;
606 }
607 error = vn_getpath_ext(rvp, NULLVP, real_mntonname, &pathbuflen,
608 VN_GETPATH_FSENTER | VN_GETPATH_NO_FIRMLINK);
609 vnode_put(rvp);
610 if (error) {
611 goto out;
0a7de745 612 }
94ff46dc
A		 613 ptr = real_mntonname;
614 nxfs = nfsrv_find_exportfs(ptr);
91447636 615 }
94ff46dc 616 if (nxfs == NULL) {
91447636
A		 617 error = EINVAL;
618 goto out;
619 }
620 // find export that best matches remainder of path
621 ptr = path + strlen(nxfs->nxfs_path);
0a7de745 622 while (*ptr && (*ptr == '/')) {
91447636 623 ptr++;
0a7de745 624 }
91447636
A		 625 LIST_FOREACH(nx, &nxfs->nxfs_exports, nx_next) {
626 int len = strlen(nx->nx_path);
0a7de745 627 if (len == 0) { // we've hit the export entry for the root directory
91447636 628 break;
0a7de745
A		 629 }
630 if (!strncmp(nx->nx_path, ptr, len)) {
91447636 631 break;
0a7de745 632 }
91447636
A		 633 }
634 if (!nx) {
635 error = EINVAL;
636 goto out;
637 }
638
639 bzero(&nfh, sizeof(nfh));
0c530ab8
A		 640 nfh.nfh_xh.nxh_version = htonl(NFS_FH_VERSION);
641 nfh.nfh_xh.nxh_fsid = htonl(nxfs->nxfs_id);
642 nfh.nfh_xh.nxh_expid = htonl(nx->nx_id);
91447636
A		 643 nfh.nfh_xh.nxh_flags = 0;
644 nfh.nfh_xh.nxh_reserved = 0;
6d2010ae 645 nfh.nfh_len = fidlen;
2d21ac55 646 error = VFS_VPTOFH(vp, (int*)&nfh.nfh_len, &nfh.nfh_fid[0], NULL);
0a7de745 647 if (nfh.nfh_len > (uint32_t)fidlen) {
91447636 648 error = EOVERFLOW;
0a7de745 649 }
91447636
A		 650 nfh.nfh_xh.nxh_fidlen = nfh.nfh_len;
651 nfh.nfh_len += sizeof(nfh.nfh_xh);
2d21ac55 652 nfh.nfh_fhp = (u_char*)&nfh.nfh_xh;
91447636
A		 653
654out:
2d21ac55 655 lck_rw_done(&nfsrv_export_rwlock);
91447636 656 vnode_put(vp);
0a7de745
A		 657 if (error) {
658 return error;
659 }
5ba3f43e
A		 660 /*
661 * At first blush, this may appear to leak a kernel stack
662 * address, but the copyout() never reaches &nfh.nfh_fhp
663 * (sizeof(fhandle_t) < sizeof(nfh)).
664 */
6d2010ae 665 error = copyout((caddr_t)&nfh, uap->fhp, sizeof(fhandle_t));
0a7de745 666 return error;
1c79356b
A		 667}
668
39236c6e 669extern const struct fileops vnops;
91447636 670
55e303ae
A		 671/*
672 * syscall for the rpc.lockd to use to translate a NFS file handle into
673 * an open descriptor.
674 *
675 * warning: do not remove the suser() call or this becomes one giant
676 * security hole.
677 */
55e303ae 678int
91447636 679fhopen( proc_t p,
0a7de745
A		 680 struct fhopen_args *uap,
681 int32_t *retval)
55e303ae 682{
91447636
A		 683 vnode_t vp;
684 struct nfs_filehandle nfh;
685 struct nfs_export *nx;
686 struct nfs_export_options *nxo;
55e303ae 687 struct flock lf;
91447636
A		 688 struct fileproc *fp, *nfp;
689 int fmode, error, type;
55e303ae 690 int indx;
2d21ac55 691 vfs_context_t ctx = vfs_context_current();
91447636
A		 692 kauth_action_t action;
693
55e303ae
A		 694 /*
695 * Must be super user
696 */
2d21ac55 697 error = suser(vfs_context_ucred(ctx), 0);
0c530ab8 698 if (error) {
0a7de745 699 return error;
0c530ab8 700 }
55e303ae 701
2d21ac55 702 if (!nfsrv_is_initialized()) {
0a7de745 703 return EINVAL;
2d21ac55
A		 704 }
705
55e303ae
A		 706 fmode = FFLAGS(uap->flags);
707 /* why not allow a non-read/write open for our lockd? */
0a7de745
A		 708 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT)) {
709 return EINVAL;
710 }
91447636
A		 711
712 error = copyin(uap->u_fhp, &nfh.nfh_len, sizeof(nfh.nfh_len));
0a7de745
A		 713 if (error) {
714 return error;
715 }
91447636 716 if ((nfh.nfh_len < (int)sizeof(struct nfs_exphandle)) ||
0a7de745
A		 717 (nfh.nfh_len > (int)NFSV3_MAX_FH_SIZE)) {
718 return EINVAL;
719 }
91447636 720 error = copyin(uap->u_fhp, &nfh, sizeof(nfh.nfh_len) + nfh.nfh_len);
0a7de745
A		 721 if (error) {
722 return error;
723 }
2d21ac55 724 nfh.nfh_fhp = (u_char*)&nfh.nfh_xh;
91447636 725
2d21ac55 726 lck_rw_lock_shared(&nfsrv_export_rwlock);
91447636 727 /* now give me my vnode, it gets returned to me with a reference */
2d21ac55
A		 728 error = nfsrv_fhtovp(&nfh, NULL, &vp, &nx, &nxo);
729 lck_rw_done(&nfsrv_export_rwlock);
0c530ab8 730 if (error) {
0a7de745 731 if (error == NFSERR_TRYLATER) {
2d21ac55 732 error = EAGAIN; // XXX EBUSY? Or just leave as TRYLATER?
0a7de745
A		 733 }
734 return error;
0c530ab8 735 }
91447636 736
55e303ae 737 /*
91447636
A		 738 * From now on we have to make sure not
739 * to forget about the vnode.
740 * Any error that causes an abort must vnode_put(vp).
741 * Just set error = err and 'goto bad;'.
55e303ae
A		 742 */
743
744 /*
0a7de745
A		 745 * from vn_open
746 */
91447636 747 if (vnode_vtype(vp) == VSOCK) {
55e303ae 748 error = EOPNOTSUPP;
0a7de745 749 goto bad;
55e303ae
A		 750 }
751
91447636
A		 752 /* disallow write operations on directories */
753 if (vnode_isdir(vp) && (fmode & (FWRITE | O_TRUNC))) {
754 error = EISDIR;
55e303ae
A		 755 goto bad;
756 }
757
4bd07ac2 758#if CONFIG_MACF
0a7de745 759 if ((error = mac_vnode_check_open(ctx, vp, fmode))) {
4bd07ac2 760 goto bad;
0a7de745 761 }
4bd07ac2
A		 762#endif
763
91447636
A		 764 /* compute action to be authorized */
765 action = 0;
0a7de745 766 if (fmode & FREAD) {
91447636 767 action |= KAUTH_VNODE_READ_DATA;
0a7de745
A		 768 }
769 if (fmode & (FWRITE | O_TRUNC)) {
91447636 770 action |= KAUTH_VNODE_WRITE_DATA;
0a7de745
A		 771 }
772 if ((error = vnode_authorize(vp, NULL, action, ctx)) != 0) {
91447636 773 goto bad;
0a7de745 774 }
55e303ae 775
0a7de745 776 if ((error = VNOP_OPEN(vp, fmode, ctx))) {
91447636 777 goto bad;
0a7de745
A		 778 }
779 if ((error = vnode_ref_ext(vp, fmode, 0))) {
55e303ae 780 goto bad;
0a7de745 781 }
55e303ae 782
55e303ae
A		 783 /*
784 * end of vn_open code
785 */
786
91447636 787 // starting here... error paths should call vn_close/vnode_put
2d21ac55
A		 788 if ((error = falloc(p, &nfp, &indx, ctx)) != 0) {
789 vn_close(vp, fmode & FMASK, ctx);
55e303ae
A		 790 goto bad;
791 }
792 fp = nfp;
793
91447636 794 fp->f_fglob->fg_flag = fmode & FMASK;
91447636
A		 795 fp->f_fglob->fg_ops = &vnops;
796 fp->f_fglob->fg_data = (caddr_t)vp;
797
798 // XXX do we really need to support this with fhopen()?
55e303ae
A		 799 if (fmode & (O_EXLOCK | O_SHLOCK)) {
800 lf.l_whence = SEEK_SET;
801 lf.l_start = 0;
802 lf.l_len = 0;
0a7de745 803 if (fmode & O_EXLOCK) {
55e303ae 804 lf.l_type = F_WRLCK;
0a7de745 805 } else {
55e303ae 806 lf.l_type = F_RDLCK;
0a7de745 807 }
55e303ae 808 type = F_FLOCK;
0a7de745 809 if ((fmode & FNONBLOCK) == 0) {
55e303ae 810 type |= F_WAIT;
0a7de745 811 }
39236c6e 812 if ((error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_SETLK, &lf, type, ctx, NULL))) {
2d21ac55
A		 813 struct vfs_context context = *vfs_context_current();
814 /* Modify local copy (to not damage thread copy) */
815 context.vc_ucred = fp->f_fglob->fg_cred;
816
817 vn_close(vp, fp->f_fglob->fg_flag, &context);
91447636 818 fp_free(p, indx, fp);
0a7de745 819 return error;
55e303ae 820 }
91447636 821 fp->f_fglob->fg_flag |= FHASLOCK;
55e303ae
A		 822 }
823
91447636
A		 824 vnode_put(vp);
825
826 proc_fdlock(p);
6601e61a 827 procfdtbl_releasefd(p, indx, NULL);
91447636
A		 828 fp_drop(p, indx, fp, 1);
829 proc_fdunlock(p);
830
55e303ae 831 *retval = indx;
0a7de745 832 return 0;
55e303ae
A		 833
834bad:
91447636 835 vnode_put(vp);
0a7de745 836 return error;
55e303ae
A		 837}
838
1c79356b 839/*
2d21ac55 840 * NFS server pseudo system call
1c79356b 841 */
1c79356b 842int
91447636 843nfssvc(proc_t p, struct nfssvc_args *uap, __unused int *retval)
1c79356b 844{
91447636
A		 845 mbuf_t nam;
846 struct user_nfsd_args user_nfsdarg;
91447636 847 socket_t so;
1c79356b
A		 848 int error;
849
ccc36f2f
A		 850 AUDIT_ARG(cmd, uap->flag);
851
1c79356b 852 /*
b0d623f7 853 * Must be super user for most operations (export ops checked later).
1c79356b 854 */
0a7de745
A		 855 if ((uap->flag != NFSSVC_EXPORT) && ((error = proc_suser(p)))) {
856 return error;
857 }
2d21ac55
A		 858#if CONFIG_MACF
859 error = mac_system_check_nfsd(kauth_cred_get());
0a7de745
A		 860 if (error) {
861 return error;
862 }
2d21ac55 863#endif
91447636 864
2d21ac55
A		 865 /* make sure NFS server data structures have been initialized */
866 nfsrv_init();
1c79356b 867
2d21ac55 868 if (uap->flag & NFSSVC_ADDSOCK) {
91447636
A		 869 if (IS_64BIT_PROCESS(p)) {
870 error = copyin(uap->argp, (caddr_t)&user_nfsdarg, sizeof(user_nfsdarg));
871 } else {
872 struct nfsd_args tmp_args;
873 error = copyin(uap->argp, (caddr_t)&tmp_args, sizeof(tmp_args));
874 if (error == 0) {
875 user_nfsdarg.sock = tmp_args.sock;
876 user_nfsdarg.name = CAST_USER_ADDR_T(tmp_args.name);
877 user_nfsdarg.namelen = tmp_args.namelen;
878 }
879 }
0a7de745
A		 880 if (error) {
881 return error;
882 }
91447636
A		 883 /* get the socket */
884 error = file_socket(user_nfsdarg.sock, &so);
0a7de745
A		 885 if (error) {
886 return error;
887 }
91447636
A		 888 /* Get the client address for connected sockets. */
889 if (user_nfsdarg.name == USER_ADDR_NULL || user_nfsdarg.namelen == 0) {
890 nam = NULL;
891 } else {
892 error = sockargs(&nam, user_nfsdarg.name, user_nfsdarg.namelen, MBUF_TYPE_SONAME);
893 if (error) {
894 /* drop the iocount file_socket() grabbed on the file descriptor */
895 file_drop(user_nfsdarg.sock);
0a7de745 896 return error;
91447636 897 }
1c79356b 898 }
91447636
A		 899 /*
900 * nfssvc_addsock() will grab a retain count on the socket
901 * to keep the socket from being closed when nfsd closes its
902 * file descriptor for it.
903 */
2d21ac55 904 error = nfssvc_addsock(so, nam);
91447636
A		 905 /* drop the iocount file_socket() grabbed on the file descriptor */
906 file_drop(user_nfsdarg.sock);
907 } else if (uap->flag & NFSSVC_NFSD) {
2d21ac55 908 error = nfssvc_nfsd();
91447636 909 } else if (uap->flag & NFSSVC_EXPORT) {
2d21ac55 910 error = nfssvc_export(uap->argp);
91447636
A		 911 } else {
912 error = EINVAL;
1c79356b 913 }
0a7de745 914 if (error == EINTR || error == ERESTART) {
1c79356b 915 error = 0;
0a7de745
A		 916 }
917 return error;
1c79356b
A		 918}
919
1c79356b
A		 920/*
921 * Adds a socket to the list for servicing by nfsds.
922 */
b0d623f7 923int
2d21ac55 924nfssvc_addsock(socket_t so, mbuf_t mynam)
1c79356b 925{
2d21ac55
A		 926 struct nfsrv_sock *slp;
927 int error = 0, sodomain, sotype, soprotocol, on = 1;
316670eb 928 int first;
91447636
A		 929 struct timeval timeo;
930
931 /* make sure mbuf constants are set up */
0a7de745 932 if (!nfs_mbuf_mhlen) {
91447636 933 nfs_mbuf_init();
0a7de745 934 }
91447636
A		 935
936 sock_gettype(so, &sodomain, &sotype, &soprotocol);
937
6d2010ae
A		 938 /* There should be only one UDP socket for each of IPv4 and IPv6 */
939 if ((sodomain == AF_INET) && (soprotocol == IPPROTO_UDP) && nfsrv_udpsock) {
940 mbuf_freem(mynam);
0a7de745 941 return EEXIST;
6d2010ae
A		 942 }
943 if ((sodomain == AF_INET6) && (soprotocol == IPPROTO_UDP) && nfsrv_udp6sock) {
91447636 944 mbuf_freem(mynam);
0a7de745 945 return EEXIST;
1c79356b
A		 946 }
947
2d21ac55 948 /* Set protocol options and reserve some space (for UDP). */
3e170ce0
A		 949 if (sotype == SOCK_STREAM) {
950 error = nfsrv_check_exports_allow_address(mynam);
0a7de745 951 if (error) {
cb323159
A		 952 log(LOG_INFO, "nfsvc_addsock:: nfsrv_check_exports_allow_address(myname) returned %d\n", error);
953 mbuf_freem(mynam);
0a7de745
A		 954 return error;
955 }
91447636 956 sock_setsockopt(so, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on));
3e170ce0 957 }
0a7de745 958 if ((sodomain == AF_INET) && (soprotocol == IPPROTO_TCP)) {
91447636 959 sock_setsockopt(so, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
0a7de745 960 }
cb323159
A		 961 if (sotype == SOCK_DGRAM || sodomain == AF_LOCAL) { /* set socket buffer sizes for UDP */
962 int reserve = (sotype == SOCK_DGRAM) ? NFS_UDPSOCKBUF : (2 * 1024 * 1024);
2d21ac55
A		 963 error |= sock_setsockopt(so, SOL_SOCKET, SO_SNDBUF, &reserve, sizeof(reserve));
964 error |= sock_setsockopt(so, SOL_SOCKET, SO_RCVBUF, &reserve, sizeof(reserve));
965 if (error) {
966 log(LOG_INFO, "nfssvc_addsock: UDP socket buffer setting error(s) %d\n", error);
967 error = 0;
968 }
1c79356b 969 }
91447636
A		 970 sock_nointerrupt(so, 0);
971
2d21ac55
A		 972 /*
973 * Set socket send/receive timeouts.
974 * Receive timeout shouldn't matter, but setting the send timeout
975 * will make sure that an unresponsive client can't hang the server.
976 */
91447636 977 timeo.tv_usec = 0;
2d21ac55
A		 978 timeo.tv_sec = 1;
979 error |= sock_setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &timeo, sizeof(timeo));
980 timeo.tv_sec = 30;
981 error |= sock_setsockopt(so, SOL_SOCKET, SO_SNDTIMEO, &timeo, sizeof(timeo));
982 if (error) {
983 log(LOG_INFO, "nfssvc_addsock: socket timeout setting error(s) %d\n", error);
984 error = 0;
985 }
91447636 986
2d21ac55
A		 987 MALLOC(slp, struct nfsrv_sock *, sizeof(struct nfsrv_sock), M_NFSSVC, M_WAITOK);
988 if (!slp) {
989 mbuf_freem(mynam);
0a7de745 990 return ENOMEM;
2d21ac55 991 }
0a7de745 992 bzero((caddr_t)slp, sizeof(struct nfsrv_sock));
2d21ac55
A		 993 lck_rw_init(&slp->ns_rwlock, nfsrv_slp_rwlock_group, LCK_ATTR_NULL);
994 lck_mtx_init(&slp->ns_wgmutex, nfsrv_slp_mutex_group, LCK_ATTR_NULL);
995
996 lck_mtx_lock(nfsd_mutex);
997
998 if (soprotocol == IPPROTO_UDP) {
6d2010ae
A		 999 if (sodomain == AF_INET) {
1000 /* There should be only one UDP/IPv4 socket */
1001 if (nfsrv_udpsock) {
1002 lck_mtx_unlock(nfsd_mutex);
1003 nfsrv_slpfree(slp);
1004 mbuf_freem(mynam);
0a7de745 1005 return EEXIST;
6d2010ae
A		 1006 }
1007 nfsrv_udpsock = slp;
1008 }
1009 if (sodomain == AF_INET6) {
1010 /* There should be only one UDP/IPv6 socket */
1011 if (nfsrv_udp6sock) {
1012 lck_mtx_unlock(nfsd_mutex);
1013 nfsrv_slpfree(slp);
1014 mbuf_freem(mynam);
0a7de745 1015 return EEXIST;
6d2010ae
A		 1016 }
1017 nfsrv_udp6sock = slp;
91447636 1018 }
1c79356b 1019 }
91447636 1020
2d21ac55 1021 /* add the socket to the list */
316670eb 1022 first = TAILQ_EMPTY(&nfsrv_socklist);
2d21ac55 1023 TAILQ_INSERT_TAIL(&nfsrv_socklist, slp, ns_chain);
cb323159 1024 if (sotype == SOCK_STREAM) {
3e170ce0 1025 nfsrv_sock_tcp_cnt++;
0a7de745 1026 if (nfsrv_sock_idle_timeout < 0) {
3e170ce0 1027 nfsrv_sock_idle_timeout = 0;
0a7de745
A		 1028 }
1029 if (nfsrv_sock_idle_timeout && (nfsrv_sock_idle_timeout < NFSD_MIN_IDLE_TIMEOUT)) {
3e170ce0 1030 nfsrv_sock_idle_timeout = NFSD_MIN_IDLE_TIMEOUT;
0a7de745 1031 }
3e170ce0
A		 1032 /*
1033 * Possibly start or stop the idle timer. We only start the idle timer when
1034 * we have more than 2 * nfsd_thread_max connections. If the idle timer is
1035 * on then we may need to turn it off based on the nvsrv_sock_idle_timeout or
1036 * the number of connections.
1037 */
1038 if ((nfsrv_sock_tcp_cnt > 2 * nfsd_thread_max) || nfsrv_idlesock_timer_on) {
1039 if (nfsrv_sock_idle_timeout == 0 || nfsrv_sock_tcp_cnt <= 2 * nfsd_thread_max) {
1040 if (nfsrv_idlesock_timer_on) {
1041 thread_call_cancel(nfsrv_idlesock_timer_call);
1042 nfsrv_idlesock_timer_on = 0;
1043 }
1044 } else {
1045 struct nfsrv_sock *old_slp;
1046 struct timeval now;
1047 time_t time_to_wait = nfsrv_sock_idle_timeout;
1048 /*
1049 * Get the oldest tcp socket and calculate the
1050 * earliest time for the next idle timer to fire
1051 * based on the possibly updated nfsrv_sock_idle_timeout
1052 */
1053 TAILQ_FOREACH(old_slp, &nfsrv_socklist, ns_chain) {
1054 if (old_slp->ns_sotype == SOCK_STREAM) {
1055 microuptime(&now);
1056 time_to_wait -= now.tv_sec - old_slp->ns_timestamp;
0a7de745 1057 if (time_to_wait < 1) {
3e170ce0 1058 time_to_wait = 1;
0a7de745 1059 }
3e170ce0
A		 1060 break;
1061 }
1062 }
1063 /*
1064 * If we have a timer scheduled, but if its going to fire too late,
1065 * turn it off.
1066 */
1067 if (nfsrv_idlesock_timer_on > now.tv_sec + time_to_wait) {
1068 thread_call_cancel(nfsrv_idlesock_timer_call);
1069 nfsrv_idlesock_timer_on = 0;
1070 }
1071 /* Schedule the idle thread if it isn't already */
1072 if (!nfsrv_idlesock_timer_on) {
1073 nfs_interval_timer_start(nfsrv_idlesock_timer_call, time_to_wait * 1000);
1074 nfsrv_idlesock_timer_on = now.tv_sec + time_to_wait;
1075 }
1076 }
1077 }
1078 }
2d21ac55 1079
91447636 1080 sock_retain(so); /* grab a retain count on the socket */
1c79356b 1081 slp->ns_so = so;
91447636 1082 slp->ns_sotype = sotype;
1c79356b 1083 slp->ns_nam = mynam;
91447636 1084
316670eb
A		 1085 /* set up the socket up-call */
1086 nfsrv_uc_addsock(slp, first);
91447636 1087
2d21ac55
A		 1088 /* mark that the socket is not in the nfsrv_sockwg list */
1089 slp->ns_wgq.tqe_next = SLPNOLIST;
3e170ce0 1090
91447636
A		 1091 slp->ns_flag = SLP_VALID | SLP_NEEDQ;
1092
1c79356b 1093 nfsrv_wakenfsd(slp);
91447636
A		 1094 lck_mtx_unlock(nfsd_mutex);
1095
0a7de745 1096 return 0;
1c79356b
A		 1097}
1098
1099/*
2d21ac55
A		 1100 * nfssvc_nfsd()
1101 *
1102 * nfsd theory of operation:
1103 *
1104 * The first nfsd thread stays in user mode accepting new TCP connections
1105 * which are then added via the "addsock" call. The rest of the nfsd threads
1106 * simply call into the kernel and remain there in a loop handling NFS
1107 * requests until killed by a signal.
0a7de745 1108 *
2d21ac55
A		 1109 * There's a list of nfsd threads (nfsd_head).
1110 * There's an nfsd queue that contains only those nfsds that are
1111 * waiting for work to do (nfsd_queue).
1112 *
1113 * There's a list of all NFS sockets (nfsrv_socklist) and two queues for
1114 * managing the work on the sockets:
1115 * nfsrv_sockwait - sockets w/new data waiting to be worked on
1116 * nfsrv_sockwork - sockets being worked on which may have more work to do
1117 * nfsrv_sockwg -- sockets which have pending write gather data
1118 * When a socket receives data, if it is not currently queued, it
1119 * will be placed at the end of the "wait" queue.
1120 * Whenever a socket needs servicing we make sure it is queued and
1121 * wake up a waiting nfsd (if there is one).
1122 *
1123 * nfsds will service at most 8 requests from the same socket before
1124 * defecting to work on another socket.
1125 * nfsds will defect immediately if there are any sockets in the "wait" queue
1126 * nfsds looking for a socket to work on check the "wait" queue first and
1127 * then check the "work" queue.
1128 * When an nfsd starts working on a socket, it removes it from the head of
1129 * the queue it's currently on and moves it to the end of the "work" queue.
0a7de745 1130 * When nfsds are checking the queues for work, any sockets found not to
2d21ac55
A		 1131 * have any work are simply dropped from the queue.
1132 *
1c79356b 1133 */
b0d623f7 1134int
2d21ac55 1135nfssvc_nfsd(void)
1c79356b 1136{
2d21ac55
A		 1137 mbuf_t m, mrep;
1138 struct nfsrv_sock *slp;
1139 struct nfsd *nfsd;
1c79356b 1140 struct nfsrv_descript *nd = NULL;
91447636 1141 int error = 0, cacherep, writes_todo;
2d21ac55 1142 int siz, procrastinate, opcnt = 0;
1c79356b 1143 u_quad_t cur_usec;
55e303ae 1144 struct timeval now;
2d21ac55 1145 struct vfs_context context;
316670eb 1146 struct timespec to;
1c79356b
A		 1147
1148#ifndef nolint
1149 cacherep = RC_DOIT;
1150 writes_todo = 0;
1151#endif
91447636 1152
2d21ac55 1153 MALLOC(nfsd, struct nfsd *, sizeof(struct nfsd), M_NFSD, M_WAITOK);
0a7de745
A		 1154 if (!nfsd) {
1155 return ENOMEM;
1156 }
2d21ac55
A		 1157 bzero(nfsd, sizeof(struct nfsd));
1158 lck_mtx_lock(nfsd_mutex);
0a7de745
A		 1159 if (nfsd_thread_count++ == 0) {
1160 nfsrv_initcache(); /* Init the server request cache */
1161 }
2d21ac55
A		 1162 TAILQ_INSERT_TAIL(&nfsd_head, nfsd, nfsd_chain);
1163 lck_mtx_unlock(nfsd_mutex);
1164
1165 context.vc_thread = current_thread();
91447636 1166
316670eb
A		 1167 /* Set time out so that nfsd threads can wake up a see if they are still needed. */
1168 to.tv_sec = 5;
1169 to.tv_nsec = 0;
1170
1c79356b
A		 1171 /*
1172 * Loop getting rpc requests until SIGKILL.
1173 */
1174 for (;;) {
2d21ac55
A		 1175 if (nfsd_thread_max <= 0) {
1176 /* NFS server shutting down, get out ASAP */
1177 error = EINTR;
1178 slp = nfsd->nfsd_slp;
1179 } else if (nfsd->nfsd_flag & NFSD_REQINPROG) {
1180 /* already have some work to do */
1181 error = 0;
1182 slp = nfsd->nfsd_slp;
1183 } else {
1184 /* need to find work to do */
1185 error = 0;
91447636 1186 lck_mtx_lock(nfsd_mutex);
2d21ac55
A		 1187 while (!nfsd->nfsd_slp && TAILQ_EMPTY(&nfsrv_sockwait) && TAILQ_EMPTY(&nfsrv_sockwork)) {
1188 if (nfsd_thread_count > nfsd_thread_max) {
1189 /*
1190 * If we have no socket and there are more
1191 * nfsd threads than configured, let's exit.
1192 */
1193 error = 0;
1194 goto done;
1195 }
1c79356b 1196 nfsd->nfsd_flag |= NFSD_WAITING;
2d21ac55 1197 TAILQ_INSERT_HEAD(&nfsd_queue, nfsd, nfsd_queue);
316670eb 1198 error = msleep(nfsd, nfsd_mutex, PSOCK | PCATCH, "nfsd", &to);
91447636 1199 if (error) {
2d21ac55
A		 1200 if (nfsd->nfsd_flag & NFSD_WAITING) {
1201 TAILQ_REMOVE(&nfsd_queue, nfsd, nfsd_queue);
1202 nfsd->nfsd_flag &= ~NFSD_WAITING;
1203 }
0a7de745 1204 if (error == EWOULDBLOCK) {
316670eb 1205 continue;
0a7de745 1206 }
1c79356b 1207 goto done;
91447636 1208 }
1c79356b 1209 }
2d21ac55
A		 1210 slp = nfsd->nfsd_slp;
1211 if (!slp && !TAILQ_EMPTY(&nfsrv_sockwait)) {
1212 /* look for a socket to work on in the wait queue */
1213 while ((slp = TAILQ_FIRST(&nfsrv_sockwait))) {
1214 lck_rw_lock_exclusive(&slp->ns_rwlock);
1215 /* remove from the head of the queue */
1216 TAILQ_REMOVE(&nfsrv_sockwait, slp, ns_svcq);
1217 slp->ns_flag &= ~SLP_WAITQ;
0a7de745 1218 if ((slp->ns_flag & SLP_VALID) && (slp->ns_flag & SLP_WORKTODO)) {
2d21ac55 1219 break;
0a7de745 1220 }
2d21ac55
A		 1221 /* nothing to do, so skip this socket */
1222 lck_rw_done(&slp->ns_rwlock);
1c79356b 1223 }
2d21ac55
A		 1224 }
1225 if (!slp && !TAILQ_EMPTY(&nfsrv_sockwork)) {
1226 /* look for a socket to work on in the work queue */
1227 while ((slp = TAILQ_FIRST(&nfsrv_sockwork))) {
1228 lck_rw_lock_exclusive(&slp->ns_rwlock);
1229 /* remove from the head of the queue */
1230 TAILQ_REMOVE(&nfsrv_sockwork, slp, ns_svcq);
1231 slp->ns_flag &= ~SLP_WORKQ;
0a7de745 1232 if ((slp->ns_flag & SLP_VALID) && (slp->ns_flag & SLP_WORKTODO)) {
2d21ac55 1233 break;
0a7de745 1234 }
2d21ac55
A		 1235 /* nothing to do, so skip this socket */
1236 lck_rw_done(&slp->ns_rwlock);
1237 }
1238 }
1239 if (!nfsd->nfsd_slp && slp) {
1240 /* we found a socket to work on, grab a reference */
1241 slp->ns_sref++;
3e170ce0
A		 1242 microuptime(&now);
1243 slp->ns_timestamp = now.tv_sec;
1244 /* We keep the socket list in least recently used order for reaping idle sockets */
1245 TAILQ_REMOVE(&nfsrv_socklist, slp, ns_chain);
1246 TAILQ_INSERT_TAIL(&nfsrv_socklist, slp, ns_chain);
2d21ac55
A		 1247 nfsd->nfsd_slp = slp;
1248 opcnt = 0;
1249 /* and put it at the back of the work queue */
1250 TAILQ_INSERT_TAIL(&nfsrv_sockwork, slp, ns_svcq);
1251 slp->ns_flag |= SLP_WORKQ;
1252 lck_rw_done(&slp->ns_rwlock);
1c79356b 1253 }
91447636 1254 lck_mtx_unlock(nfsd_mutex);
0a7de745 1255 if (!slp) {
1c79356b 1256 continue;
0a7de745 1257 }
91447636 1258 lck_rw_lock_exclusive(&slp->ns_rwlock);
1c79356b 1259 if (slp->ns_flag & SLP_VALID) {
0a7de745 1260 if ((slp->ns_flag & (SLP_NEEDQ | SLP_DISCONN)) == SLP_NEEDQ) {
91447636
A		 1261 slp->ns_flag &= ~SLP_NEEDQ;
1262 nfsrv_rcv_locked(slp->ns_so, slp, MBUF_WAITOK);
1263 }
0a7de745 1264 if (slp->ns_flag & SLP_DISCONN) {
743b1565 1265 nfsrv_zapsock(slp);
0a7de745 1266 }
1c79356b 1267 error = nfsrv_dorec(slp, nfsd, &nd);
0a7de745
A		 1268 if (error == EINVAL) { // RPCSEC_GSS drop
1269 if (slp->ns_sotype == SOCK_STREAM) {
2d21ac55 1270 nfsrv_zapsock(slp); // drop connection
0a7de745 1271 }
2d21ac55
A		 1272 }
1273 writes_todo = 0;
1274 if (error && (slp->ns_wgtime || (slp->ns_flag & SLP_DOWRITES))) {
1275 microuptime(&now);
1276 cur_usec = (u_quad_t)now.tv_sec * 1000000 +
0a7de745 1277 (u_quad_t)now.tv_usec;
2d21ac55
A		 1278 if (slp->ns_wgtime <= cur_usec) {
1279 error = 0;
1280 cacherep = RC_DOIT;
1281 writes_todo = 1;
1282 }
1283 slp->ns_flag &= ~SLP_DOWRITES;
1284 }
1c79356b
A		 1285 nfsd->nfsd_flag |= NFSD_REQINPROG;
1286 }
91447636 1287 lck_rw_done(&slp->ns_rwlock);
1c79356b 1288 }
2d21ac55 1289 if (error || (slp && !(slp->ns_flag & SLP_VALID))) {
1c79356b 1290 if (nd) {
2d21ac55 1291 nfsm_chain_cleanup(&nd->nd_nmreq);
0a7de745 1292 if (nd->nd_nam2) {
91447636 1293 mbuf_freem(nd->nd_nam2);
0a7de745
A		 1294 }
1295 if (IS_VALID_CRED(nd->nd_cr)) {
0c530ab8 1296 kauth_cred_unref(&nd->nd_cr);
0a7de745
A		 1297 }
1298 if (nd->nd_gss_context) {
6d2010ae 1299 nfs_gss_svc_ctx_deref(nd->nd_gss_context);
0a7de745 1300 }
2d21ac55 1301 FREE_ZONE(nd, sizeof(*nd), M_NFSRVDESC);
1c79356b
A		 1302 nd = NULL;
1303 }
91447636 1304 nfsd->nfsd_slp = NULL;
1c79356b 1305 nfsd->nfsd_flag &= ~NFSD_REQINPROG;
0a7de745 1306 if (slp) {
2d21ac55 1307 nfsrv_slpderef(slp);
0a7de745
A		 1308 }
1309 if (nfsd_thread_max <= 0) {
2d21ac55 1310 break;
0a7de745 1311 }
1c79356b
A		 1312 continue;
1313 }
1c79356b 1314 if (nd) {
0a7de745
A		 1315 microuptime(&nd->nd_starttime);
1316 if (nd->nd_nam2) {
1317 nd->nd_nam = nd->nd_nam2;
1318 } else {
1319 nd->nd_nam = slp->ns_nam;
1c79356b 1320 }
1c79356b 1321
0a7de745
A		 1322 cacherep = nfsrv_getcache(nd, slp, &mrep);
1323
1324 if (nfsrv_require_resv_port) {
1325 /* Check if source port is a reserved port */
1326 in_port_t port = 0;
1327 struct sockaddr *saddr = mbuf_data(nd->nd_nam);
1328
1329 if (saddr->sa_family == AF_INET) {
1330 port = ntohs(((struct sockaddr_in*)saddr)->sin_port);
1331 } else if (saddr->sa_family == AF_INET6) {
1332 port = ntohs(((struct sockaddr_in6*)saddr)->sin6_port);
1333 }
1334 if ((port >= IPPORT_RESERVED) && (nd->nd_procnum != NFSPROC_NULL)) {
1335 nd->nd_procnum = NFSPROC_NOOP;
1336 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK);
1337 cacherep = RC_DOIT;
1338 }
1339 }
1c79356b
A		 1340 }
1341
1342 /*
2d21ac55 1343 * Loop to get all the write RPC replies that have been
1c79356b
A		 1344 * gathered together.
1345 */
1346 do {
0a7de745
A		 1347 switch (cacherep) {
1348 case RC_DOIT:
1349 if (nd && (nd->nd_vers == NFS_VER3)) {
1350 procrastinate = nfsrv_wg_delay_v3;
1351 } else {
1352 procrastinate = nfsrv_wg_delay;
2d21ac55 1353 }
0a7de745
A		 1354 lck_rw_lock_shared(&nfsrv_export_rwlock);
1355 context.vc_ucred = NULL;
1356 if (writes_todo || ((nd->nd_procnum == NFSPROC_WRITE) && (procrastinate > 0))) {
1357 error = nfsrv_writegather(&nd, slp, &context, &mrep);
1358 } else {
1359 error = (*(nfsrv_procs[nd->nd_procnum]))(nd, slp, &context, &mrep);
55e303ae 1360 }
0a7de745
A		 1361 lck_rw_done(&nfsrv_export_rwlock);
1362 if (mrep == NULL) {
1363 /*
1364 * If this is a stream socket and we are not going
1365 * to send a reply we better close the connection
1366 * so the client doesn't hang.
1367 */
1368 if (error && slp->ns_sotype == SOCK_STREAM) {
1369 lck_rw_lock_exclusive(&slp->ns_rwlock);
1370 nfsrv_zapsock(slp);
1371 lck_rw_done(&slp->ns_rwlock);
1372 printf("NFS server: NULL reply from proc = %d error = %d\n",
1373 nd->nd_procnum, error);
1374 }
1375 break;
1376 }
1377 if (error) {
1378 OSAddAtomic64(1, &nfsstats.srv_errs);
1379 nfsrv_updatecache(nd, FALSE, mrep);
1380 if (nd->nd_nam2) {
1381 mbuf_freem(nd->nd_nam2);
1382 nd->nd_nam2 = NULL;
1383 }
1384 break;
1385 }
1386 OSAddAtomic64(1, &nfsstats.srvrpccnt[nd->nd_procnum]);
1387 nfsrv_updatecache(nd, TRUE, mrep);
2d21ac55
A		 1388 /* FALLTHRU */
1389
0a7de745
A		 1390 case RC_REPLY:
1391 if (nd->nd_gss_mb != NULL) { // It's RPCSEC_GSS
1392 /*
1393 * Need to checksum or encrypt the reply
1394 */
1395 error = nfs_gss_svc_protect_reply(nd, mrep);
1396 if (error) {
1397 mbuf_freem(mrep);
1398 break;
1399 }
1400 }
1401
2d21ac55 1402 /*
0a7de745 1403 * Get the total size of the reply
2d21ac55 1404 */
0a7de745
A		 1405 m = mrep;
1406 siz = 0;
1407 while (m) {
1408 siz += mbuf_len(m);
1409 m = mbuf_next(m);
1410 }
1411 if (siz <= 0 || siz > NFS_MAXPACKET) {
1412 printf("mbuf siz=%d\n", siz);
1413 panic("Bad nfs svc reply");
1414 }
1415 m = mrep;
1416 mbuf_pkthdr_setlen(m, siz);
1417 error = mbuf_pkthdr_setrcvif(m, NULL);
2d21ac55 1418 if (error) {
0a7de745 1419 panic("nfsd setrcvif failed: %d", error);
2d21ac55 1420 }
0a7de745
A		 1421 /*
1422 * For stream protocols, prepend a Sun RPC
1423 * Record Mark.
1424 */
1425 if (slp->ns_sotype == SOCK_STREAM) {
1426 error = mbuf_prepend(&m, NFSX_UNSIGNED, MBUF_WAITOK);
1427 if (!error) {
1428 *(u_int32_t*)mbuf_data(m) = htonl(0x80000000 | siz);
1429 }
1430 }
1431 if (!error) {
1432 if (slp->ns_flag & SLP_VALID) {
1433 error = nfsrv_send(slp, nd->nd_nam2, m);
1434 } else {
1435 error = EPIPE;
1436 mbuf_freem(m);
1437 }
91447636 1438 } else {
0a7de745 1439 mbuf_freem(m);
91447636 1440 }
0a7de745
A		 1441 mrep = NULL;
1442 if (nd->nd_nam2) {
1443 mbuf_freem(nd->nd_nam2);
1444 nd->nd_nam2 = NULL;
1445 }
1446 if (error == EPIPE) {
1447 lck_rw_lock_exclusive(&slp->ns_rwlock);
1448 nfsrv_zapsock(slp);
1449 lck_rw_done(&slp->ns_rwlock);
1450 }
1451 if (error == EINTR || error == ERESTART) {
1452 nfsm_chain_cleanup(&nd->nd_nmreq);
1453 if (IS_VALID_CRED(nd->nd_cr)) {
1454 kauth_cred_unref(&nd->nd_cr);
1455 }
1456 if (nd->nd_gss_context) {
1457 nfs_gss_svc_ctx_deref(nd->nd_gss_context);
1458 }
1459 FREE_ZONE(nd, sizeof(*nd), M_NFSRVDESC);
1460 nfsrv_slpderef(slp);
1461 lck_mtx_lock(nfsd_mutex);
1462 goto done;
1463 }
1464 break;
1465 case RC_DROPIT:
91447636 1466 mbuf_freem(nd->nd_nam2);
55e303ae 1467 nd->nd_nam2 = NULL;
0a7de745 1468 break;
55e303ae 1469 }
0a7de745
A		 1470 ;
1471 opcnt++;
1472 if (nd) {
2d21ac55 1473 nfsm_chain_cleanup(&nd->nd_nmreq);
0a7de745
A		 1474 if (nd->nd_nam2) {
1475 mbuf_freem(nd->nd_nam2);
1476 }
1477 if (IS_VALID_CRED(nd->nd_cr)) {
0c530ab8 1478 kauth_cred_unref(&nd->nd_cr);
0a7de745
A		 1479 }
1480 if (nd->nd_gss_context) {
6d2010ae 1481 nfs_gss_svc_ctx_deref(nd->nd_gss_context);
0a7de745 1482 }
2d21ac55 1483 FREE_ZONE(nd, sizeof(*nd), M_NFSRVDESC);
0a7de745 1484 nd = NULL;
1c79356b 1485 }
0a7de745
A		 1486
1487 /*
1488 * Check to see if there are outstanding writes that
1489 * need to be serviced.
1490 */
1491 writes_todo = 0;
1492 if (slp->ns_wgtime) {
1493 microuptime(&now);
1494 cur_usec = (u_quad_t)now.tv_sec * 1000000 +
1495 (u_quad_t)now.tv_usec;
1496 if (slp->ns_wgtime <= cur_usec) {
1497 cacherep = RC_DOIT;
1498 writes_todo = 1;
1499 }
2d21ac55 1500 }
1c79356b 1501 } while (writes_todo);
2d21ac55
A		 1502
1503 nd = NULL;
1504 if (TAILQ_EMPTY(&nfsrv_sockwait) && (opcnt < 8)) {
1505 lck_rw_lock_exclusive(&slp->ns_rwlock);
1506 error = nfsrv_dorec(slp, nfsd, &nd);
0a7de745
A		 1507 if (error == EINVAL) { // RPCSEC_GSS drop
1508 if (slp->ns_sotype == SOCK_STREAM) {
2d21ac55 1509 nfsrv_zapsock(slp); // drop connection
0a7de745 1510 }
2d21ac55 1511 }
91447636 1512 lck_rw_done(&slp->ns_rwlock);
2d21ac55
A		 1513 }
1514 if (!nd) {
1515 /* drop our reference on the socket */
1c79356b
A		 1516 nfsd->nfsd_flag &= ~NFSD_REQINPROG;
1517 nfsd->nfsd_slp = NULL;
1518 nfsrv_slpderef(slp);
91447636 1519 }
1c79356b 1520 }
91447636 1521 lck_mtx_lock(nfsd_mutex);
2d21ac55 1522done:
1c79356b 1523 TAILQ_REMOVE(&nfsd_head, nfsd, nfsd_chain);
91447636 1524 FREE(nfsd, M_NFSD);
0a7de745 1525 if (--nfsd_thread_count == 0) {
2d21ac55 1526 nfsrv_cleanup();
0a7de745 1527 }
91447636 1528 lck_mtx_unlock(nfsd_mutex);
0a7de745 1529 return error;
1c79356b 1530}
91447636 1531
b0d623f7 1532int
2d21ac55 1533nfssvc_export(user_addr_t argp)
91447636
A		 1534{
1535 int error = 0, is_64bit;
1536 struct user_nfs_export_args unxa;
2d21ac55 1537 vfs_context_t ctx = vfs_context_current();
91447636 1538
2d21ac55 1539 is_64bit = IS_64BIT_PROCESS(vfs_context_proc(ctx));
91447636
A		 1540
1541 /* copy in pointers to path and export args */
1542 if (is_64bit) {
1543 error = copyin(argp, (caddr_t)&unxa, sizeof(unxa));
1544 } else {
1545 struct nfs_export_args tnxa;
1546 error = copyin(argp, (caddr_t)&tnxa, sizeof(tnxa));
1547 if (error == 0) {
1548 /* munge into LP64 version of nfs_export_args structure */
1549 unxa.nxa_fsid = tnxa.nxa_fsid;
1550 unxa.nxa_expid = tnxa.nxa_expid;
1551 unxa.nxa_fspath = CAST_USER_ADDR_T(tnxa.nxa_fspath);
1552 unxa.nxa_exppath = CAST_USER_ADDR_T(tnxa.nxa_exppath);
1553 unxa.nxa_flags = tnxa.nxa_flags;
1554 unxa.nxa_netcount = tnxa.nxa_netcount;
1555 unxa.nxa_nets = CAST_USER_ADDR_T(tnxa.nxa_nets);
1556 }
1557 }
0a7de745
A		 1558 if (error) {
1559 return error;
1560 }
91447636 1561
2d21ac55 1562 error = nfsrv_export(&unxa, ctx);
91447636 1563
0a7de745 1564 return error;
91447636
A		 1565}
1566
1c79356b 1567/*
2d21ac55 1568 * Shut down a socket associated with an nfsrv_sock structure.
1c79356b
A		 1569 * Should be called with the send lock set, if required.
1570 * The trick here is to increment the sref at the start, so that the nfsds
1571 * will stop using it and clear ns_flag at the end so that it will not be
1572 * reassigned during cleanup.
1573 */
b0d623f7 1574void
2d21ac55 1575nfsrv_zapsock(struct nfsrv_sock *slp)
1c79356b 1576{
91447636 1577 socket_t so;
1c79356b 1578
0a7de745 1579 if ((slp->ns_flag & SLP_VALID) == 0) {
91447636 1580 return;
0a7de745 1581 }
1c79356b 1582 slp->ns_flag &= ~SLP_ALLFLAGS;
91447636
A		 1583
1584 so = slp->ns_so;
0a7de745 1585 if (so == NULL) {
91447636 1586 return;
0a7de745 1587 }
91447636 1588
3e170ce0 1589 sock_setupcall(so, NULL, NULL);
91447636 1590 sock_shutdown(so, SHUT_RDWR);
316670eb
A		 1591
1592 /*
1593 * Remove from the up-call queue
1594 */
1595 nfsrv_uc_dequeue(slp);
1c79356b
A		 1596}
1597
1c79356b 1598/*
91447636 1599 * cleanup and release a server socket structure.
1c79356b 1600 */
b0d623f7 1601void
2d21ac55 1602nfsrv_slpfree(struct nfsrv_sock *slp)
1c79356b 1603{
91447636 1604 struct nfsrv_descript *nwp, *nnwp;
1c79356b 1605
91447636
A		 1606 if (slp->ns_so) {
1607 sock_release(slp->ns_so);
1608 slp->ns_so = NULL;
1609 }
0a7de745 1610 if (slp->ns_nam) {
91447636 1611 mbuf_free(slp->ns_nam);
0a7de745
A		 1612 }
1613 if (slp->ns_raw) {
91447636 1614 mbuf_freem(slp->ns_raw);
0a7de745
A		 1615 }
1616 if (slp->ns_rec) {
91447636 1617 mbuf_freem(slp->ns_rec);
0a7de745
A		 1618 }
1619 if (slp->ns_frag) {
2d21ac55 1620 mbuf_freem(slp->ns_frag);
0a7de745 1621 }
2d21ac55
A		 1622 slp->ns_nam = slp->ns_raw = slp->ns_rec = slp->ns_frag = NULL;
1623 slp->ns_reccnt = 0;
55e303ae 1624
91447636
A		 1625 for (nwp = slp->ns_tq.lh_first; nwp; nwp = nnwp) {
1626 nnwp = nwp->nd_tq.le_next;
1627 LIST_REMOVE(nwp, nd_tq);
2d21ac55 1628 nfsm_chain_cleanup(&nwp->nd_nmreq);
0a7de745 1629 if (nwp->nd_mrep) {
2d21ac55 1630 mbuf_freem(nwp->nd_mrep);
0a7de745
A		 1631 }
1632 if (nwp->nd_nam2) {
2d21ac55 1633 mbuf_freem(nwp->nd_nam2);
0a7de745
A		 1634 }
1635 if (IS_VALID_CRED(nwp->nd_cr)) {
0c530ab8 1636 kauth_cred_unref(&nwp->nd_cr);
0a7de745
A		 1637 }
1638 if (nwp->nd_gss_context) {
6d2010ae 1639 nfs_gss_svc_ctx_deref(nwp->nd_gss_context);
0a7de745 1640 }
2d21ac55 1641 FREE_ZONE(nwp, sizeof(*nwp), M_NFSRVDESC);
55e303ae 1642 }
91447636
A		 1643 LIST_INIT(&slp->ns_tq);
1644
2d21ac55
A		 1645 lck_rw_destroy(&slp->ns_rwlock, nfsrv_slp_rwlock_group);
1646 lck_mtx_destroy(&slp->ns_wgmutex, nfsrv_slp_mutex_group);
91447636 1647 FREE(slp, M_NFSSVC);
55e303ae
A		 1648}
1649
1650/*
91447636
A		 1651 * Derefence a server socket structure. If it has no more references and
1652 * is no longer valid, you can throw it away.
55e303ae 1653 */
3e170ce0
A		 1654static void
1655nfsrv_slpderef_locked(struct nfsrv_sock *slp)
55e303ae 1656{
91447636
A		 1657 lck_rw_lock_exclusive(&slp->ns_rwlock);
1658 slp->ns_sref--;
2d21ac55 1659
91447636 1660 if (slp->ns_sref || (slp->ns_flag & SLP_VALID)) {
2d21ac55
A		 1661 if ((slp->ns_flag & SLP_QUEUED) && !(slp->ns_flag & SLP_WORKTODO)) {
1662 /* remove socket from queue since there's no work */
0a7de745 1663 if (slp->ns_flag & SLP_WAITQ) {
2d21ac55 1664 TAILQ_REMOVE(&nfsrv_sockwait, slp, ns_svcq);
0a7de745 1665 } else {
2d21ac55 1666 TAILQ_REMOVE(&nfsrv_sockwork, slp, ns_svcq);
0a7de745 1667 }
2d21ac55
A		 1668 slp->ns_flag &= ~SLP_QUEUED;
1669 }
91447636 1670 lck_rw_done(&slp->ns_rwlock);
91447636 1671 return;
55e303ae 1672 }
91447636 1673
2d21ac55
A		 1674 /* This socket is no longer valid, so we'll get rid of it */
1675
1676 if (slp->ns_flag & SLP_QUEUED) {
0a7de745 1677 if (slp->ns_flag & SLP_WAITQ) {
2d21ac55 1678 TAILQ_REMOVE(&nfsrv_sockwait, slp, ns_svcq);
0a7de745 1679 } else {
2d21ac55 1680 TAILQ_REMOVE(&nfsrv_sockwork, slp, ns_svcq);
0a7de745 1681 }
2d21ac55
A		 1682 slp->ns_flag &= ~SLP_QUEUED;
1683 }
3e170ce0 1684 lck_rw_done(&slp->ns_rwlock);
2d21ac55 1685
2d21ac55 1686 TAILQ_REMOVE(&nfsrv_socklist, slp, ns_chain);
0a7de745 1687 if (slp->ns_sotype == SOCK_STREAM) {
3e170ce0 1688 nfsrv_sock_tcp_cnt--;
0a7de745 1689 }
2d21ac55 1690
0a7de745 1691 /* now remove from the write gather socket list */
2d21ac55
A		 1692 if (slp->ns_wgq.tqe_next != SLPNOLIST) {
1693 TAILQ_REMOVE(&nfsrv_sockwg, slp, ns_wgq);
1694 slp->ns_wgq.tqe_next = SLPNOLIST;
1695 }
3e170ce0
A		 1696 nfsrv_slpfree(slp);
1697}
1698
1699void
1700nfsrv_slpderef(struct nfsrv_sock *slp)
1701{
1702 lck_mtx_lock(nfsd_mutex);
1703 nfsrv_slpderef_locked(slp);
91447636 1704 lck_mtx_unlock(nfsd_mutex);
55e303ae
A		 1705}
1706
1c79356b 1707/*
3e170ce0
A		 1708 * Check periodically for idle sockest if needed and
1709 * zap them.
1c79356b
A		 1710 */
1711void
3e170ce0 1712nfsrv_idlesock_timer(__unused void *param0, __unused void *param1)
1c79356b 1713{
3e170ce0 1714 struct nfsrv_sock *slp, *tslp;
743b1565 1715 struct timeval now;
3e170ce0 1716 time_t time_to_wait = nfsrv_sock_idle_timeout;
1c79356b 1717
2d21ac55
A		 1718 microuptime(&now);
1719 lck_mtx_lock(nfsd_mutex);
1c79356b 1720
3e170ce0 1721 /* Turn off the timer if we're suppose to and get out */
0a7de745
A		 1722 if (nfsrv_sock_idle_timeout < NFSD_MIN_IDLE_TIMEOUT) {
1723 nfsrv_sock_idle_timeout = 0;
1724 }
3e170ce0
A		 1725 if ((nfsrv_sock_tcp_cnt <= 2 * nfsd_thread_max) || (nfsrv_sock_idle_timeout == 0)) {
1726 nfsrv_idlesock_timer_on = 0;
2d21ac55
A		 1727 lck_mtx_unlock(nfsd_mutex);
1728 return;
91447636 1729 }
1c79356b 1730
3e170ce0
A		 1731 TAILQ_FOREACH_SAFE(slp, &nfsrv_socklist, ns_chain, tslp) {
1732 lck_rw_lock_exclusive(&slp->ns_rwlock);
1733 /* Skip udp and referenced sockets */
1734 if (slp->ns_sotype == SOCK_DGRAM || slp->ns_sref) {
1735 lck_rw_done(&slp->ns_rwlock);
1736 continue;
1737 }
1738 /*
1739 * If this is the first non-referenced socket that hasn't idle out,
1740 * use its time stamp to calculate the earlist time in the future
1741 * to start the next invocation of the timer. Since the nfsrv_socklist
1742 * is sorted oldest access to newest. Once we find the first one,
1743 * we're done and break out of the loop.
1744 */
0a7de745
A		 1745 if (((slp->ns_timestamp + nfsrv_sock_idle_timeout) > now.tv_sec) ||
1746 nfsrv_sock_tcp_cnt <= 2 * nfsd_thread_max) {
3e170ce0 1747 time_to_wait -= now.tv_sec - slp->ns_timestamp;
0a7de745 1748 if (time_to_wait < 1) {
3e170ce0 1749 time_to_wait = 1;
0a7de745 1750 }
3e170ce0
A		 1751 lck_rw_done(&slp->ns_rwlock);
1752 break;
1753 }
1754 /*
1755 * Bump the ref count. nfsrv_slpderef below will destroy
1756 * the socket, since nfsrv_zapsock has closed it.
1757 */
1758 slp->ns_sref++;
1759 nfsrv_zapsock(slp);
1760 lck_rw_done(&slp->ns_rwlock);
1761 nfsrv_slpderef_locked(slp);
1762 }
2d21ac55 1763
3e170ce0
A		 1764 /* Start ourself back up */
1765 nfs_interval_timer_start(nfsrv_idlesock_timer_call, time_to_wait * 1000);
1766 /* Remember when the next timer will fire for nfssvc_addsock. */
1767 nfsrv_idlesock_timer_on = now.tv_sec + time_to_wait;
1768 lck_mtx_unlock(nfsd_mutex);
1c79356b
A		 1769}
1770
1771/*
2d21ac55 1772 * Clean up the data structures for the server.
1c79356b 1773 */
2d21ac55
A		 1774void
1775nfsrv_cleanup(void)
1c79356b 1776{
2d21ac55 1777 struct nfsrv_sock *slp, *nslp;
55e303ae 1778 struct timeval now;
b0d623f7 1779#if CONFIG_FSE
2d21ac55
A		 1780 struct nfsrv_fmod *fp, *nfp;
1781 int i;
b0d623f7 1782#endif
1c79356b 1783
55e303ae 1784 microuptime(&now);
2d21ac55
A		 1785 for (slp = TAILQ_FIRST(&nfsrv_socklist); slp != 0; slp = nslp) {
1786 nslp = TAILQ_NEXT(slp, ns_chain);
3e170ce0
A		 1787 lck_rw_lock_exclusive(&slp->ns_rwlock);
1788 slp->ns_sref++;
0a7de745 1789 if (slp->ns_flag & SLP_VALID) {
2d21ac55 1790 nfsrv_zapsock(slp);
0a7de745 1791 }
3e170ce0
A		 1792 lck_rw_done(&slp->ns_rwlock);
1793 nfsrv_slpderef_locked(slp);
2d21ac55 1794 }
3e170ce0 1795#
b0d623f7 1796#if CONFIG_FSE
2d21ac55
A		 1797 /*
1798 * Flush pending file write fsevents
1799 */
1800 lck_mtx_lock(nfsrv_fmod_mutex);
1801 for (i = 0; i < NFSRVFMODHASHSZ; i++) {
1802 for (fp = LIST_FIRST(&nfsrv_fmod_hashtbl[i]); fp; fp = nfp) {
1803 /*
1804 * Fire off the content modified fsevent for each
1805 * entry, remove it from the list, and free it.
1806 */
6d2010ae
A		 1807 if (nfsrv_fsevents_enabled) {
1808 fp->fm_context.vc_thread = current_thread();
2d21ac55 1809 add_fsevent(FSE_CONTENT_MODIFIED, &fp->fm_context,
0a7de745
A		 1810 FSE_ARG_VNODE, fp->fm_vp,
1811 FSE_ARG_DONE);
6d2010ae 1812 }
2d21ac55
A		 1813 vnode_put(fp->fm_vp);
1814 kauth_cred_unref(&fp->fm_context.vc_ucred);
1815 nfp = LIST_NEXT(fp, fm_link);
1816 LIST_REMOVE(fp, fm_link);
1817 FREE(fp, M_TEMP);
1818 }
1819 }
1820 nfsrv_fmod_pending = 0;
1821 lck_mtx_unlock(nfsrv_fmod_mutex);
b0d623f7 1822#endif
2d21ac55 1823
316670eb 1824 nfsrv_uc_cleanup(); /* Stop nfs socket up-call threads */
2d21ac55 1825
0a7de745
A		 1826 nfs_gss_svc_cleanup(); /* Remove any RPCSEC_GSS contexts */
1827
1828 nfsrv_cleancache(); /* And clear out server cache */
2d21ac55
A		 1829
1830 nfsrv_udpsock = NULL;
6d2010ae 1831 nfsrv_udp6sock = NULL;
1c79356b 1832}
2d21ac55 1833
1c79356b 1834#endif /* NFS_NOSERVER */
mirror of XNU