1 /*
2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * This code is derived from software contributed to Berkeley by
6 * Rick Macklem at The University of Guelph.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * @(#)nfs_serv.c 8.8 (Berkeley) 7/31/95
33 */
34
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD: releng/5.3/sys/nfsserver/nfs_serv.c 139697 2005-01-05 03:35:00Z kensmith $");
37
38 /*
39 * nfs version 2 and 3 server calls to vnode ops
40 * - these routines generally have 3 phases
41 * 1 - break down and validate rpc request in mbuf list
42 * 2 - do the vnode ops for the request
43 * (surprisingly ?? many are very similar to syscalls in vfs_syscalls.c)
44 * 3 - build the rpc reply in an mbuf list
45 * nb:
46 * - do not mix the phases, since the nfsm_?? macros can return failures
47 * on a bad rpc or similar and do not do any vrele() or vput()'s
48 *
49 * - the nfsm_reply() macro generates an nfs rpc reply with the nfs
50 * error number iff error != 0 whereas
51 * returning an error from the server function implies a fatal error
52 * such as a badly constructed rpc request that should be dropped without
53 * a reply.
54 * For nfsm_reply(), the case where error == EBADRPC is treated
55 * specially; after constructing a reply, it does an immediate
56 * `goto nfsmout' to avoid getting any V3 post-op status appended.
57 *
58 * Other notes:
59 * Warning: always pay careful attention to resource cleanup on return
60 * and note that nfsm_*() macros can terminate a procedure on certain
61 * errors.
62 *
63 * lookup() and namei()
64 * may return garbage in various structural fields/return elements
65 * if an error is returned, and may garbage up nd.ni_dvp even if no
66 * error is returned and you did not request LOCKPARENT or WANTPARENT.
67 *
68 * We use the ni_cnd.cn_flags 'HASBUF' flag to track whether the name
69 * buffer has been freed or not.
70 */
71
72 #include <sys/param.h>
73 #include <sys/systm.h>
74 #include <sys/proc.h>
75 #include <sys/namei.h>
76 #include <sys/unistd.h>
77 #include <sys/vnode.h>
78 #include <sys/mount.h>
79 #include <sys/socket.h>
80 #include <sys/socketvar.h>
81 #include <sys/malloc.h>
82 #include <sys/mbuf.h>
83 #include <sys/dirent.h>
84 #include <sys/stat.h>
85 #include <sys/kernel.h>
86 #include <sys/sysctl.h>
87 #include <sys/bio.h>
88 #include <sys/buf.h>
89
90 #include <vm/vm.h>
91 #include <vm/vm_extern.h>
92 #include <vm/vm_object.h>
93
94 #include <nfs/nfsproto.h>
95 #include <nfs/rpcv2.h>
96 #include <nfsserver/nfs.h>
97 #include <nfs/xdr_subs.h>
98 #include <nfsserver/nfsm_subs.h>
99
100 #ifdef NFSRV_DEBUG
101 #define nfsdbprintf(info) printf info
102 #else
103 #define nfsdbprintf(info)
104 #endif
105
106 #define MAX_COMMIT_COUNT (1024 * 1024)
107
108 #define NUM_HEURISTIC 1017
109 #define NHUSE_INIT 64
110 #define NHUSE_INC 16
111 #define NHUSE_MAX 2048
112
113 static struct nfsheur {
114 struct vnode *nh_vp; /* vp to match (unreferenced pointer) */
115 off_t nh_nextr; /* next offset for sequential detection */
116 int nh_use; /* use count for selection */
117 int nh_seqcount; /* heuristic */
118 } nfsheur[NUM_HEURISTIC];
119
120 /* Global vars */
121
122 int nfsrvw_procrastinate = NFS_GATHERDELAY * 1000;
123 int nfsrvw_procrastinate_v3 = 0;
124
125 static struct timeval nfsver = { 0 };
126
127 SYSCTL_NODE(_vfs, OID_AUTO, nfsrv, CTLFLAG_RW, 0, "NFS server");
128
129 static int nfs_async;
130 static int nfs_commit_blks;
131 static int nfs_commit_miss;
132 SYSCTL_INT(_vfs_nfsrv, OID_AUTO, async, CTLFLAG_RW, &nfs_async, 0, "");
133 SYSCTL_INT(_vfs_nfsrv, OID_AUTO, commit_blks, CTLFLAG_RW, &nfs_commit_blks, 0, "");
134 SYSCTL_INT(_vfs_nfsrv, OID_AUTO, commit_miss, CTLFLAG_RW, &nfs_commit_miss, 0, "");
135
136 struct nfsrvstats nfsrvstats;
137 SYSCTL_STRUCT(_vfs_nfsrv, NFS_NFSRVSTATS, nfsrvstats, CTLFLAG_RD,
138 &nfsrvstats, nfsrvstats, "S,nfsrvstats");
139
140 static int nfsrv_access_withgiant(struct vnode *vp, int flags,
141 struct ucred *cred, int rdonly, struct thread *td,
142 int override);
143 static int nfsrv_access(struct vnode *, int, struct ucred *, int,
144 struct thread *, int);
145 static void nfsrvw_coalesce(struct nfsrv_descript *,
146 struct nfsrv_descript *);
147
148 /*
149 * Clear nameidata fields that are tested in nsfmout cleanup code prior
150 * to using first nfsm macro (that might jump to the cleanup code).
151 */
152
153 static __inline void
154 ndclear(struct nameidata *nd)
155 {
156
157 nd->ni_cnd.cn_flags = 0;
158 nd->ni_vp = NULL;
159 nd->ni_dvp = NULL;
160 nd->ni_startdir = NULL;
161 }
162
163 /*
164 * nfs v3 access service
165 */
166 int
167 nfsrv3_access(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
168 struct thread *td, struct mbuf **mrq)
169 {
170 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
171 struct sockaddr *nam = nfsd->nd_nam;
172 caddr_t dpos = nfsd->nd_dpos;
173 struct ucred *cred = &nfsd->nd_cr;
174 struct vnode *vp = NULL;
175 nfsfh_t nfh;
176 fhandle_t *fhp;
177 u_int32_t *tl;
178 caddr_t bpos;
179 int error = 0, rdonly, getret;
180 struct mbuf *mb, *mreq;
181 struct vattr vattr, *vap = &vattr;
182 u_long testmode, nfsmode;
183 int v3 = (nfsd->nd_flag & ND_NFSV3);
184
185 NFSD_LOCK_ASSERT();
186
187 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
188 if (!v3)
189 panic("nfsrv3_access: v3 proc called on a v2 connection");
190 fhp = &nfh.fh_generic;
191 nfsm_srvmtofh(fhp);
192 tl = nfsm_dissect(u_int32_t *, NFSX_UNSIGNED);
193 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
194 if (error) {
195 nfsm_reply(NFSX_UNSIGNED);
196 nfsm_srvpostop_attr(1, NULL);
197 error = 0;
198 goto nfsmout;
199 }
200 nfsmode = fxdr_unsigned(u_int32_t, *tl);
201 NFSD_UNLOCK();
202 mtx_lock(&Giant); /* VFS */
203 if ((nfsmode & NFSV3ACCESS_READ) &&
204 nfsrv_access_withgiant(vp, VREAD, cred, rdonly, td, 0))
205 nfsmode &= ~NFSV3ACCESS_READ;
206 if (vp->v_type == VDIR)
207 testmode = (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND |
208 NFSV3ACCESS_DELETE);
209 else
210 testmode = (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND);
211 if ((nfsmode & testmode) &&
212 nfsrv_access_withgiant(vp, VWRITE, cred, rdonly, td, 0))
213 nfsmode &= ~testmode;
214 if (vp->v_type == VDIR)
215 testmode = NFSV3ACCESS_LOOKUP;
216 else
217 testmode = NFSV3ACCESS_EXECUTE;
218 if ((nfsmode & testmode) &&
219 nfsrv_access_withgiant(vp, VEXEC, cred, rdonly, td, 0))
220 nfsmode &= ~testmode;
221 getret = VOP_GETATTR(vp, vap, cred, td);
222 vput(vp);
223 mtx_unlock(&Giant); /* VFS */
224 vp = NULL;
225 NFSD_LOCK();
226 nfsm_reply(NFSX_POSTOPATTR(1) + NFSX_UNSIGNED);
227 nfsm_srvpostop_attr(getret, vap);
228 tl = nfsm_build(u_int32_t *, NFSX_UNSIGNED);
229 *tl = txdr_unsigned(nfsmode);
230 nfsmout:
231 NFSD_LOCK_ASSERT();
232 if (vp) {
233 NFSD_UNLOCK();
234 mtx_lock(&Giant); /* VFS */
235 vput(vp);
236 mtx_unlock(&Giant); /* VFS */
237 NFSD_LOCK();
238 }
239 return(error);
240 }
241
242 /*
243 * nfs getattr service
244 */
245 int
246 nfsrv_getattr(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
247 struct thread *td, struct mbuf **mrq)
248 {
249 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
250 struct sockaddr *nam = nfsd->nd_nam;
251 caddr_t dpos = nfsd->nd_dpos;
252 struct ucred *cred = &nfsd->nd_cr;
253 struct nfs_fattr *fp;
254 struct vattr va;
255 struct vattr *vap = &va;
256 struct vnode *vp = NULL;
257 nfsfh_t nfh;
258 fhandle_t *fhp;
259 caddr_t bpos;
260 int error = 0, rdonly;
261 struct mbuf *mb, *mreq;
262
263 NFSD_LOCK_ASSERT();
264
265 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
266 fhp = &nfh.fh_generic;
267 nfsm_srvmtofh(fhp);
268 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
269 if (error) {
270 nfsm_reply(0);
271 error = 0;
272 goto nfsmout;
273 }
274 NFSD_UNLOCK();
275 mtx_lock(&Giant); /* VFS */
276 error = VOP_GETATTR(vp, vap, cred, td);
277 vput(vp);
278 mtx_unlock(&Giant); /* VFS */
279 vp = NULL;
280 NFSD_LOCK();
281 nfsm_reply(NFSX_FATTR(nfsd->nd_flag & ND_NFSV3));
282 if (error) {
283 error = 0;
284 goto nfsmout;
285 }
286 fp = nfsm_build(struct nfs_fattr *,
287 NFSX_FATTR(nfsd->nd_flag & ND_NFSV3));
288 nfsm_srvfillattr(vap, fp);
289 /* fall through */
290
291 nfsmout:
292 NFSD_LOCK_ASSERT();
293 if (vp) {
294 NFSD_UNLOCK();
295 mtx_lock(&Giant); /* VFS */
296 vput(vp);
297 mtx_unlock(&Giant); /* VFS */
298 NFSD_LOCK();
299 }
300 return(error);
301 }
302
303 /*
304 * nfs setattr service
305 */
306 int
307 nfsrv_setattr(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
308 struct thread *td, struct mbuf **mrq)
309 {
310 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
311 struct sockaddr *nam = nfsd->nd_nam;
312 caddr_t dpos = nfsd->nd_dpos;
313 struct ucred *cred = &nfsd->nd_cr;
314 struct vattr va, preat;
315 struct vattr *vap = &va;
316 struct nfsv2_sattr *sp;
317 struct nfs_fattr *fp;
318 struct vnode *vp = NULL;
319 nfsfh_t nfh;
320 fhandle_t *fhp;
321 u_int32_t *tl;
322 caddr_t bpos;
323 int error = 0, rdonly, preat_ret = 1, postat_ret = 1;
324 int v3 = (nfsd->nd_flag & ND_NFSV3), gcheck = 0;
325 struct mbuf *mb, *mreq;
326 struct timespec guard;
327 struct mount *mp = NULL;
328
329 NFSD_LOCK_ASSERT();
330
331 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
332 fhp = &nfh.fh_generic;
333 nfsm_srvmtofh(fhp);
334 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
335 error = ESTALE;
336 goto out;
337 }
338 NFSD_UNLOCK();
339 mtx_lock(&Giant); /* VFS */
340 (void) vn_start_write(NULL, &mp, V_WAIT);
341 mtx_unlock(&Giant); /* VFS */
342 NFSD_LOCK();
343 VATTR_NULL(vap);
344 if (v3) {
345 nfsm_srvsattr(vap);
346 tl = nfsm_dissect(u_int32_t *, NFSX_UNSIGNED);
347 gcheck = fxdr_unsigned(int, *tl);
348 if (gcheck) {
349 tl = nfsm_dissect(u_int32_t *, 2 * NFSX_UNSIGNED);
350 fxdr_nfsv3time(tl, &guard);
351 }
352 } else {
353 sp = nfsm_dissect(struct nfsv2_sattr *, NFSX_V2SATTR);
354 /*
355 * Nah nah nah nah na nah
356 * There is a bug in the Sun client that puts 0xffff in the mode
357 * field of sattr when it should put in 0xffffffff. The u_short
358 * doesn't sign extend.
359 * --> check the low order 2 bytes for 0xffff
360 */
361 if ((fxdr_unsigned(int, sp->sa_mode) & 0xffff) != 0xffff)
362 vap->va_mode = nfstov_mode(sp->sa_mode);
363 if (sp->sa_uid != nfsrv_nfs_xdrneg1)
364 vap->va_uid = fxdr_unsigned(uid_t, sp->sa_uid);
365 if (sp->sa_gid != nfsrv_nfs_xdrneg1)
366 vap->va_gid = fxdr_unsigned(gid_t, sp->sa_gid);
367 if (sp->sa_size != nfsrv_nfs_xdrneg1)
368 vap->va_size = fxdr_unsigned(u_quad_t, sp->sa_size);
369 if (sp->sa_atime.nfsv2_sec != nfsrv_nfs_xdrneg1) {
370 #ifdef notyet
371 fxdr_nfsv2time(&sp->sa_atime, &vap->va_atime);
372 #else
373 vap->va_atime.tv_sec =
374 fxdr_unsigned(int32_t, sp->sa_atime.nfsv2_sec);
375 vap->va_atime.tv_nsec = 0;
376 #endif
377 }
378 if (sp->sa_mtime.nfsv2_sec != nfsrv_nfs_xdrneg1)
379 fxdr_nfsv2time(&sp->sa_mtime, &vap->va_mtime);
380
381 }
382
383 /*
384 * Now that we have all the fields, lets do it.
385 */
386 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
387 if (error) {
388 nfsm_reply(2 * NFSX_UNSIGNED);
389 if (v3)
390 nfsm_srvwcc_data(preat_ret, &preat, postat_ret, vap);
391 error = 0;
392 goto nfsmout;
393 }
394
395 /*
396 * vp now an active resource, pay careful attention to cleanup
397 */
398 if (v3) {
399 NFSD_UNLOCK();
400 mtx_lock(&Giant); /* VFS */
401 error = preat_ret = VOP_GETATTR(vp, &preat, cred, td);
402 if (!error && gcheck &&
403 (preat.va_ctime.tv_sec != guard.tv_sec ||
404 preat.va_ctime.tv_nsec != guard.tv_nsec))
405 error = NFSERR_NOT_SYNC;
406 if (error) {
407 vput(vp);
408 mtx_unlock(&Giant); /* VFS */
409 vp = NULL;
410 NFSD_LOCK();
411 nfsm_reply(NFSX_WCCDATA(v3));
412 if (v3)
413 nfsm_srvwcc_data(preat_ret, &preat, postat_ret, vap);
414 error = 0;
415 goto nfsmout;
416 }
417 mtx_unlock(&Giant); /* VFS */
418 NFSD_LOCK();
419 }
420 NFSD_LOCK_ASSERT();
421
422 /*
423 * If the size is being changed write acces is required, otherwise
424 * just check for a read only filesystem.
425 */
426 if (vap->va_size == ((u_quad_t)((quad_t) -1))) {
427 if (rdonly || (vp->v_mount->mnt_flag & MNT_RDONLY)) {
428 error = EROFS;
429 goto out;
430 }
431 } else {
432 if (vp->v_type == VDIR) {
433 error = EISDIR;
434 goto out;
435 } else if ((error = nfsrv_access(vp, VWRITE, cred, rdonly,
436 td, 0)) != 0)
437 goto out;
438 }
439 NFSD_UNLOCK();
440 mtx_lock(&Giant); /* VFS */
441 error = VOP_SETATTR(vp, vap, cred, td);
442 postat_ret = VOP_GETATTR(vp, vap, cred, td);
443 mtx_unlock(&Giant); /* VFS */
444 NFSD_LOCK();
445 if (!error)
446 error = postat_ret;
447 out:
448 NFSD_LOCK_ASSERT();
449 if (vp != NULL) {
450 NFSD_UNLOCK();
451 mtx_lock(&Giant); /* VFS */
452 vput(vp);
453 mtx_unlock(&Giant); /* VFS */
454 NFSD_LOCK();
455 }
456
457 vp = NULL;
458 nfsm_reply(NFSX_WCCORFATTR(v3));
459 if (v3) {
460 nfsm_srvwcc_data(preat_ret, &preat, postat_ret, vap);
461 } else if (!error) {
462 /* v2 non-error case. */
463 fp = nfsm_build(struct nfs_fattr *, NFSX_V2FATTR);
464 nfsm_srvfillattr(vap, fp);
465 }
466 error = 0;
467 /* fall through */
468
469 nfsmout:
470 NFSD_LOCK_ASSERT();
471 NFSD_UNLOCK();
472 mtx_lock(&Giant); /* VFS */
473 if (vp)
474 vput(vp);
475 vn_finished_write(mp);
476 mtx_unlock(&Giant); /* VFS */
477 NFSD_LOCK();
478 return(error);
479 }
480
481 /*
482 * nfs lookup rpc
483 */
484 int
485 nfsrv_lookup(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
486 struct thread *td, struct mbuf **mrq)
487 {
488 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
489 struct sockaddr *nam = nfsd->nd_nam;
490 caddr_t dpos = nfsd->nd_dpos;
491 struct ucred *cred = &nfsd->nd_cr;
492 struct nfs_fattr *fp;
493 struct nameidata nd, ind, *ndp = &nd;
494 struct vnode *vp, *dirp = NULL;
495 nfsfh_t nfh;
496 fhandle_t *fhp;
497 caddr_t bpos;
498 int error = 0, len, dirattr_ret = 1;
499 int v3 = (nfsd->nd_flag & ND_NFSV3), pubflag;
500 struct mbuf *mb, *mreq;
501 struct vattr va, dirattr, *vap = &va;
502
503 NFSD_LOCK_ASSERT();
504
505 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
506 ndclear(&nd);
507
508 fhp = &nfh.fh_generic;
509 nfsm_srvmtofh(fhp);
510 nfsm_srvnamesiz(len);
511
512 pubflag = nfs_ispublicfh(fhp);
513
514 nd.ni_cnd.cn_cred = cred;
515 nd.ni_cnd.cn_nameiop = LOOKUP;
516 nd.ni_cnd.cn_flags = LOCKLEAF | SAVESTART;
517 error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
518 &dirp, v3, &dirattr, &dirattr_ret, td, pubflag);
519
520 /*
521 * namei failure, only dirp to cleanup. Clear out garbarge from
522 * structure in case macros jump to nfsmout.
523 */
524
525 NFSD_UNLOCK();
526 mtx_lock(&Giant); /* VFS */
527 if (error) {
528 if (dirp) {
529 vrele(dirp);
530 dirp = NULL;
531 }
532 mtx_unlock(&Giant); /* VFS */
533 NFSD_LOCK();
534 nfsm_reply(NFSX_POSTOPATTR(v3));
535 if (v3)
536 nfsm_srvpostop_attr(dirattr_ret, &dirattr);
537 error = 0;
538 goto nfsmout;
539 }
540
541 /*
542 * Locate index file for public filehandle
543 *
544 * error is 0 on entry and 0 on exit from this block.
545 */
546
547 if (pubflag) {
548 if (nd.ni_vp->v_type == VDIR && nfs_pub.np_index != NULL) {
549 /*
550 * Setup call to lookup() to see if we can find
551 * the index file. Arguably, this doesn't belong
552 * in a kernel.. Ugh. If an error occurs, do not
553 * try to install an index file and then clear the
554 * error.
555 *
556 * When we replace nd with ind and redirect ndp,
557 * maintenance of ni_startdir and ni_vp shift to
558 * ind and we have to clean them up in the old nd.
559 * However, the cnd resource continues to be maintained
560 * via the original nd. Confused? You aren't alone!
561 */
562 ind = nd;
563 VOP_UNLOCK(nd.ni_vp, 0, td);
564 ind.ni_pathlen = strlen(nfs_pub.np_index);
565 ind.ni_cnd.cn_nameptr = ind.ni_cnd.cn_pnbuf =
566 nfs_pub.np_index;
567 ind.ni_startdir = nd.ni_vp;
568 VREF(ind.ni_startdir);
569
570 error = lookup(&ind);
571 ind.ni_dvp = NULL;
572
573 if (error == 0) {
574 /*
575 * Found an index file. Get rid of
576 * the old references. transfer nd.ni_vp'
577 */
578 if (dirp)
579 vrele(dirp);
580 dirp = nd.ni_vp;
581 nd.ni_vp = NULL;
582 vrele(nd.ni_startdir);
583 nd.ni_startdir = NULL;
584 ndp = &ind;
585 }
586 error = 0;
587 }
588 /*
589 * If the public filehandle was used, check that this lookup
590 * didn't result in a filehandle outside the publicly exported
591 * filesystem. We clear the poor vp here to avoid lockups due
592 * to NFS I/O.
593 */
594
595 if (ndp->ni_vp->v_mount != nfs_pub.np_mount) {
596 vput(nd.ni_vp);
597 nd.ni_vp = NULL;
598 error = EPERM;
599 }
600 }
601
602 if (dirp) {
603 vrele(dirp);
604 dirp = NULL;
605 }
606
607 /*
608 * Resources at this point:
609 * ndp->ni_vp may not be NULL
610 *
611 */
612
613 if (error) {
614 mtx_unlock(&Giant); /* VFS */
615 NFSD_LOCK();
616 nfsm_reply(NFSX_POSTOPATTR(v3));
617 if (v3)
618 nfsm_srvpostop_attr(dirattr_ret, &dirattr);
619 error = 0;
620 goto nfsmout;
621 }
622
623 /*
624 * Clear out some resources prior to potentially blocking. This
625 * is not as critical as ni_dvp resources in other routines, but
626 * it helps.
627 */
628 vrele(ndp->ni_startdir);
629 ndp->ni_startdir = NULL;
630 NDFREE(&nd, NDF_ONLY_PNBUF);
631
632 /*
633 * Get underlying attribute, then release remaining resources ( for
634 * the same potential blocking reason ) and reply.
635 */
636 vp = ndp->ni_vp;
637 bzero((caddr_t)fhp, sizeof(nfh));
638 fhp->fh_fsid = vp->v_mount->mnt_stat.f_fsid;
639 error = VFS_VPTOFH(vp, &fhp->fh_fid);
640 if (!error)
641 error = VOP_GETATTR(vp, vap, cred, td);
642
643 vput(vp);
644 mtx_unlock(&Giant); /* VFS */
645 ndp->ni_vp = NULL;
646 NFSD_LOCK();
647 nfsm_reply(NFSX_SRVFH(v3) + NFSX_POSTOPORFATTR(v3) + NFSX_POSTOPATTR(v3));
648 if (error) {
649 if (v3)
650 nfsm_srvpostop_attr(dirattr_ret, &dirattr);
651 error = 0;
652 goto nfsmout;
653 }
654 nfsm_srvfhtom(fhp, v3);
655 if (v3) {
656 nfsm_srvpostop_attr(0, vap);
657 nfsm_srvpostop_attr(dirattr_ret, &dirattr);
658 } else {
659 fp = nfsm_build(struct nfs_fattr *, NFSX_V2FATTR);
660 nfsm_srvfillattr(vap, fp);
661 }
662
663 nfsmout:
664 NFSD_LOCK_ASSERT();
665 NFSD_UNLOCK();
666 mtx_lock(&Giant); /* VFS */
667 if (dirp)
668 vrele(dirp);
669 NDFREE(&nd, NDF_ONLY_PNBUF);
670 if (ndp->ni_startdir)
671 vrele(ndp->ni_startdir);
672 if (ndp->ni_vp)
673 vput(ndp->ni_vp);
674 mtx_unlock(&Giant); /* VFS */
675 NFSD_LOCK();
676 return (error);
677 }
678
679 /*
680 * nfs readlink service
681 */
682 int
683 nfsrv_readlink(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
684 struct thread *td, struct mbuf **mrq)
685 {
686 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
687 struct sockaddr *nam = nfsd->nd_nam;
688 caddr_t dpos = nfsd->nd_dpos;
689 struct ucred *cred = &nfsd->nd_cr;
690 struct iovec iv[(NFS_MAXPATHLEN+MLEN-1)/MLEN];
691 struct iovec *ivp = iv;
692 struct mbuf *mp;
693 u_int32_t *tl;
694 caddr_t bpos;
695 int error = 0, rdonly, i, tlen, len, getret;
696 int v3 = (nfsd->nd_flag & ND_NFSV3);
697 struct mbuf *mb, *mp3, *nmp, *mreq;
698 struct vnode *vp = NULL;
699 struct vattr attr;
700 nfsfh_t nfh;
701 fhandle_t *fhp;
702 struct uio io, *uiop = &io;
703
704 NFSD_LOCK_ASSERT();
705
706 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
707 #ifndef nolint
708 mp = NULL;
709 #endif
710 mp3 = NULL;
711 fhp = &nfh.fh_generic;
712 nfsm_srvmtofh(fhp);
713 len = 0;
714 i = 0;
715 NFSD_UNLOCK();
716 while (len < NFS_MAXPATHLEN) {
717 MGET(nmp, M_TRYWAIT, MT_DATA);
718 MCLGET(nmp, M_TRYWAIT);
719 nmp->m_len = NFSMSIZ(nmp);
720 if (len == 0)
721 mp3 = mp = nmp;
722 else {
723 mp->m_next = nmp;
724 mp = nmp;
725 }
726 if ((len + mp->m_len) > NFS_MAXPATHLEN) {
727 mp->m_len = NFS_MAXPATHLEN - len;
728 len = NFS_MAXPATHLEN;
729 } else
730 len += mp->m_len;
731 ivp->iov_base = mtod(mp, caddr_t);
732 ivp->iov_len = mp->m_len;
733 i++;
734 ivp++;
735 }
736 uiop->uio_iov = iv;
737 uiop->uio_iovcnt = i;
738 uiop->uio_offset = 0;
739 uiop->uio_resid = len;
740 uiop->uio_rw = UIO_READ;
741 uiop->uio_segflg = UIO_SYSSPACE;
742 uiop->uio_td = NULL;
743 NFSD_LOCK();
744 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
745 if (error) {
746 nfsm_reply(2 * NFSX_UNSIGNED);
747 if (v3)
748 nfsm_srvpostop_attr(1, NULL);
749 error = 0;
750 goto nfsmout;
751 }
752 NFSD_UNLOCK();
753 mtx_lock(&Giant); /* VFS */
754 if (vp->v_type != VLNK) {
755 if (v3)
756 error = EINVAL;
757 else
758 error = ENXIO;
759 } else
760 error = VOP_READLINK(vp, uiop, cred);
761 getret = VOP_GETATTR(vp, &attr, cred, td);
762 vput(vp);
763 mtx_unlock(&Giant); /* VFS */
764 vp = NULL;
765 NFSD_LOCK();
766 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_UNSIGNED);
767 if (v3)
768 nfsm_srvpostop_attr(getret, &attr);
769 if (error) {
770 error = 0;
771 goto nfsmout;
772 }
773 if (uiop->uio_resid > 0) {
774 len -= uiop->uio_resid;
775 tlen = nfsm_rndup(len);
776 nfsm_adj(mp3, NFS_MAXPATHLEN-tlen, tlen-len);
777 }
778 tl = nfsm_build(u_int32_t *, NFSX_UNSIGNED);
779 *tl = txdr_unsigned(len);
780 mb->m_next = mp3;
781 mp3 = NULL;
782 nfsmout:
783 NFSD_LOCK_ASSERT();
784 if (mp3)
785 m_freem(mp3);
786 if (vp) {
787 NFSD_UNLOCK();
788 mtx_lock(&Giant); /* VFS */
789 vput(vp);
790 mtx_unlock(&Giant); /* VFS */
791 NFSD_LOCK();
792 }
793 return(error);
794 }
795
796 /*
797 * nfs read service
798 */
799 int
800 nfsrv_read(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
801 struct thread *td, struct mbuf **mrq)
802 {
803 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
804 struct sockaddr *nam = nfsd->nd_nam;
805 caddr_t dpos = nfsd->nd_dpos;
806 struct ucred *cred = &nfsd->nd_cr;
807 struct iovec *iv;
808 struct iovec *iv2;
809 struct mbuf *m;
810 struct nfs_fattr *fp;
811 u_int32_t *tl;
812 int i;
813 caddr_t bpos;
814 int error = 0, rdonly, cnt, len, left, siz, tlen, getret;
815 int v3 = (nfsd->nd_flag & ND_NFSV3), reqlen;
816 struct mbuf *mb, *mreq;
817 struct mbuf *m2;
818 struct vnode *vp = NULL;
819 nfsfh_t nfh;
820 fhandle_t *fhp;
821 struct uio io, *uiop = &io;
822 struct vattr va, *vap = &va;
823 struct nfsheur *nh;
824 off_t off;
825 int ioflag = 0;
826
827 NFSD_LOCK_ASSERT();
828
829 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
830 fhp = &nfh.fh_generic;
831 nfsm_srvmtofh(fhp);
832 if (v3) {
833 tl = nfsm_dissect(u_int32_t *, 2 * NFSX_UNSIGNED);
834 off = fxdr_hyper(tl);
835 } else {
836 tl = nfsm_dissect(u_int32_t *, NFSX_UNSIGNED);
837 off = (off_t)fxdr_unsigned(u_int32_t, *tl);
838 }
839 nfsm_srvstrsiz(reqlen, NFS_SRVMAXDATA(nfsd));
840
841 /*
842 * Reference vp. If an error occurs, vp will be invalid, but we
843 * have to NULL it just in case. The macros might goto nfsmout
844 * as well.
845 */
846
847 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
848 if (error) {
849 vp = NULL;
850 nfsm_reply(2 * NFSX_UNSIGNED);
851 if (v3)
852 nfsm_srvpostop_attr(1, NULL);
853 error = 0;
854 goto nfsmout;
855 }
856
857 if (vp->v_type != VREG) {
858 if (v3)
859 error = EINVAL;
860 else
861 error = (vp->v_type == VDIR) ? EISDIR : EACCES;
862 }
863 NFSD_UNLOCK();
864 mtx_lock(&Giant); /* VFS */
865 if (!error) {
866 if ((error = nfsrv_access_withgiant(vp, VREAD, cred, rdonly,
867 td, 1)) != 0)
868 error = nfsrv_access_withgiant(vp, VEXEC, cred,
869 rdonly, td, 1);
870 }
871 getret = VOP_GETATTR(vp, vap, cred, td);
872 if (!error)
873 error = getret;
874 if (error) {
875 vput(vp);
876 mtx_unlock(&Giant); /* VFS */
877 vp = NULL;
878 NFSD_LOCK();
879 nfsm_reply(NFSX_POSTOPATTR(v3));
880 if (v3)
881 nfsm_srvpostop_attr(getret, vap);
882 error = 0;
883 goto nfsmout;
884 }
885 mtx_unlock(&Giant); /* VFS */
886 NFSD_LOCK();
887
888 /*
889 * Calculate byte count to read
890 */
891
892 if (off >= vap->va_size)
893 cnt = 0;
894 else if ((off + reqlen) > vap->va_size)
895 cnt = vap->va_size - off;
896 else
897 cnt = reqlen;
898
899 /*
900 * Calculate seqcount for heuristic
901 */
902
903 {
904 int hi;
905 int try = 32;
906
907 /*
908 * Locate best candidate
909 */
910
911 hi = ((int)(vm_offset_t)vp / sizeof(struct vnode)) % NUM_HEURISTIC;
912 nh = &nfsheur[hi];
913
914 while (try--) {
915 if (nfsheur[hi].nh_vp == vp) {
916 nh = &nfsheur[hi];
917 break;
918 }
919 if (nfsheur[hi].nh_use > 0)
920 --nfsheur[hi].nh_use;
921 hi = (hi + 1) % NUM_HEURISTIC;
922 if (nfsheur[hi].nh_use < nh->nh_use)
923 nh = &nfsheur[hi];
924 }
925
926 if (nh->nh_vp != vp) {
927 nh->nh_vp = vp;
928 nh->nh_nextr = off;
929 nh->nh_use = NHUSE_INIT;
930 if (off == 0)
931 nh->nh_seqcount = 4;
932 else
933 nh->nh_seqcount = 1;
934 }
935
936 /*
937 * Calculate heuristic
938 */
939
940 if ((off == 0 && nh->nh_seqcount > 0) || off == nh->nh_nextr) {
941 if (++nh->nh_seqcount > IO_SEQMAX)
942 nh->nh_seqcount = IO_SEQMAX;
943 } else if (nh->nh_seqcount > 1) {
944 nh->nh_seqcount = 1;
945 } else {
946 nh->nh_seqcount = 0;
947 }
948 nh->nh_use += NHUSE_INC;
949 if (nh->nh_use > NHUSE_MAX)
950 nh->nh_use = NHUSE_MAX;
951 ioflag |= nh->nh_seqcount << IO_SEQSHIFT;
952 }
953
954 nfsm_reply(NFSX_POSTOPORFATTR(v3) + 3 * NFSX_UNSIGNED+nfsm_rndup(cnt));
955 if (v3) {
956 tl = nfsm_build(u_int32_t *, NFSX_V3FATTR + 4 * NFSX_UNSIGNED);
957 *tl++ = nfsrv_nfs_true;
958 fp = (struct nfs_fattr *)tl;
959 tl += (NFSX_V3FATTR / sizeof (u_int32_t));
960 } else {
961 tl = nfsm_build(u_int32_t *, NFSX_V2FATTR + NFSX_UNSIGNED);
962 fp = (struct nfs_fattr *)tl;
963 tl += (NFSX_V2FATTR / sizeof (u_int32_t));
964 }
965 len = left = nfsm_rndup(cnt);
966 NFSD_UNLOCK();
967 if (cnt > 0) {
968 /*
969 * Generate the mbuf list with the uio_iov ref. to it.
970 */
971 i = 0;
972 m = m2 = mb;
973 while (left > 0) {
974 siz = min(M_TRAILINGSPACE(m), left);
975 if (siz > 0) {
976 left -= siz;
977 i++;
978 }
979 if (left > 0) {
980 MGET(m, M_TRYWAIT, MT_DATA);
981 MCLGET(m, M_TRYWAIT);
982 m->m_len = 0;
983 m2->m_next = m;
984 m2 = m;
985 }
986 }
987 MALLOC(iv, struct iovec *, i * sizeof (struct iovec),
988 M_TEMP, M_WAITOK);
989 uiop->uio_iov = iv2 = iv;
990 m = mb;
991 left = len;
992 i = 0;
993 while (left > 0) {
994 if (m == NULL)
995 panic("nfsrv_read iov");
996 siz = min(M_TRAILINGSPACE(m), left);
997 if (siz > 0) {
998 iv->iov_base = mtod(m, caddr_t) + m->m_len;
999 iv->iov_len = siz;
1000 m->m_len += siz;
1001 left -= siz;
1002 iv++;
1003 i++;
1004 }
1005 m = m->m_next;
1006 }
1007 uiop->uio_iovcnt = i;
1008 uiop->uio_offset = off;
1009 uiop->uio_resid = len;
1010 uiop->uio_rw = UIO_READ;
1011 uiop->uio_segflg = UIO_SYSSPACE;
1012 mtx_lock(&Giant); /* VFS */
1013 error = VOP_READ(vp, uiop, IO_NODELOCKED | ioflag, cred);
1014 off = uiop->uio_offset;
1015 nh->nh_nextr = off;
1016 FREE((caddr_t)iv2, M_TEMP);
1017 if (error || (getret = VOP_GETATTR(vp, vap, cred, td))) {
1018 if (!error)
1019 error = getret;
1020 m_freem(mreq);
1021 vput(vp);
1022 mtx_unlock(&Giant); /* VFS */
1023 NFSD_LOCK();
1024 vp = NULL;
1025 nfsm_reply(NFSX_POSTOPATTR(v3));
1026 if (v3)
1027 nfsm_srvpostop_attr(getret, vap);
1028 error = 0;
1029 goto nfsmout;
1030 }
1031 } else {
1032 uiop->uio_resid = 0;
1033 mtx_lock(&Giant); /* VFS */
1034 }
1035 mtx_assert(&Giant, MA_OWNED); /* VFS */
1036 vput(vp);
1037 mtx_unlock(&Giant); /* VFS */
1038 vp = NULL;
1039 NFSD_LOCK();
1040 nfsm_srvfillattr(vap, fp);
1041 tlen = len - uiop->uio_resid;
1042 cnt = cnt < tlen ? cnt : tlen;
1043 tlen = nfsm_rndup(cnt);
1044 if (len != tlen || tlen != cnt)
1045 nfsm_adj(mb, len - tlen, tlen - cnt);
1046 if (v3) {
1047 *tl++ = txdr_unsigned(cnt);
1048 if (cnt < reqlen)
1049 *tl++ = nfsrv_nfs_true;
1050 else
1051 *tl++ = nfsrv_nfs_false;
1052 }
1053 *tl = txdr_unsigned(cnt);
1054 nfsmout:
1055 NFSD_LOCK_ASSERT();
1056 if (vp) {
1057 NFSD_UNLOCK();
1058 mtx_lock(&Giant); /* VFS */
1059 vput(vp);
1060 mtx_unlock(&Giant); /* VFS */
1061 NFSD_LOCK();
1062 }
1063 return(error);
1064 }
1065
1066 /*
1067 * nfs write service
1068 */
1069 int
1070 nfsrv_write(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
1071 struct thread *td, struct mbuf **mrq)
1072 {
1073 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
1074 struct sockaddr *nam = nfsd->nd_nam;
1075 caddr_t dpos = nfsd->nd_dpos;
1076 struct ucred *cred = &nfsd->nd_cr;
1077 struct iovec *ivp;
1078 int i, cnt;
1079 struct mbuf *mp;
1080 struct nfs_fattr *fp;
1081 struct iovec *iv;
1082 struct vattr va, forat;
1083 struct vattr *vap = &va;
1084 u_int32_t *tl;
1085 caddr_t bpos;
1086 int error = 0, rdonly, len, forat_ret = 1;
1087 int ioflags, aftat_ret = 1, retlen = 0, zeroing, adjust;
1088 int stable = NFSV3WRITE_FILESYNC;
1089 int v3 = (nfsd->nd_flag & ND_NFSV3);
1090 struct mbuf *mb, *mreq;
1091 struct vnode *vp = NULL;
1092 nfsfh_t nfh;
1093 fhandle_t *fhp;
1094 struct uio io, *uiop = &io;
1095 off_t off;
1096 struct mount *mntp = NULL;
1097
1098 NFSD_LOCK_ASSERT();
1099
1100 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
1101 if (mrep == NULL) {
1102 *mrq = NULL;
1103 error = 0;
1104 goto nfsmout;
1105 }
1106 fhp = &nfh.fh_generic;
1107 nfsm_srvmtofh(fhp);
1108 if ((mntp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
1109 error = ESTALE;
1110 goto ereply;
1111 }
1112 NFSD_UNLOCK();
1113 mtx_lock(&Giant); /* VFS */
1114 (void) vn_start_write(NULL, &mntp, V_WAIT);
1115 mtx_unlock(&Giant); /* VFS */
1116 NFSD_LOCK();
1117 if (v3) {
1118 tl = nfsm_dissect(u_int32_t *, 5 * NFSX_UNSIGNED);
1119 off = fxdr_hyper(tl);
1120 tl += 3;
1121 stable = fxdr_unsigned(int, *tl++);
1122 } else {
1123 tl = nfsm_dissect(u_int32_t *, 4 * NFSX_UNSIGNED);
1124 off = (off_t)fxdr_unsigned(u_int32_t, *++tl);
1125 tl += 2;
1126 if (nfs_async)
1127 stable = NFSV3WRITE_UNSTABLE;
1128 }
1129 retlen = len = fxdr_unsigned(int32_t, *tl);
1130 cnt = i = 0;
1131
1132 /*
1133 * For NFS Version 2, it is not obvious what a write of zero length
1134 * should do, but I might as well be consistent with Version 3,
1135 * which is to return ok so long as there are no permission problems.
1136 */
1137 if (len > 0) {
1138 zeroing = 1;
1139 mp = mrep;
1140 while (mp) {
1141 if (mp == md) {
1142 zeroing = 0;
1143 adjust = dpos - mtod(mp, caddr_t);
1144 mp->m_len -= adjust;
1145 if (mp->m_len > 0 && adjust > 0)
1146 mp->m_data += adjust;
1147 }
1148 if (zeroing)
1149 mp->m_len = 0;
1150 else if (mp->m_len > 0) {
1151 i += mp->m_len;
1152 if (i > len) {
1153 mp->m_len -= (i - len);
1154 zeroing = 1;
1155 }
1156 if (mp->m_len > 0)
1157 cnt++;
1158 }
1159 mp = mp->m_next;
1160 }
1161 }
1162 if (len > NFS_MAXDATA || len < 0 || i < len) {
1163 error = EIO;
1164 nfsm_reply(2 * NFSX_UNSIGNED);
1165 if (v3)
1166 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, vap);
1167 error = 0;
1168 goto nfsmout;
1169 }
1170 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
1171 if (error) {
1172 vp = NULL;
1173 nfsm_reply(2 * NFSX_UNSIGNED);
1174 if (v3)
1175 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, vap);
1176 error = 0;
1177 goto nfsmout;
1178 }
1179 if (v3) {
1180 NFSD_UNLOCK();
1181 mtx_lock(&Giant); /* VFS */
1182 forat_ret = VOP_GETATTR(vp, &forat, cred, td);
1183 mtx_unlock(&Giant); /* VFS */
1184 NFSD_LOCK();
1185 }
1186 if (vp->v_type != VREG) {
1187 if (v3)
1188 error = EINVAL;
1189 else
1190 error = (vp->v_type == VDIR) ? EISDIR : EACCES;
1191 }
1192 if (!error)
1193 error = nfsrv_access(vp, VWRITE, cred, rdonly, td, 1);
1194 if (error) {
1195 NFSD_UNLOCK();
1196 mtx_lock(&Giant); /* VFS */
1197 vput(vp);
1198 mtx_unlock(&Giant); /* VFS */
1199 NFSD_LOCK();
1200 vp = NULL;
1201 nfsm_reply(NFSX_WCCDATA(v3));
1202 if (v3)
1203 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, vap);
1204 error = 0;
1205 goto nfsmout;
1206 }
1207
1208 NFSD_UNLOCK();
1209 if (len > 0) {
1210 MALLOC(ivp, struct iovec *, cnt * sizeof (struct iovec), M_TEMP,
1211 M_WAITOK);
1212 uiop->uio_iov = iv = ivp;
1213 uiop->uio_iovcnt = cnt;
1214 mp = mrep;
1215 while (mp) {
1216 if (mp->m_len > 0) {
1217 ivp->iov_base = mtod(mp, caddr_t);
1218 ivp->iov_len = mp->m_len;
1219 ivp++;
1220 }
1221 mp = mp->m_next;
1222 }
1223
1224 /*
1225 * XXX
1226 * The IO_METASYNC flag indicates that all metadata (and not just
1227 * enough to ensure data integrity) mus be written to stable storage
1228 * synchronously.
1229 * (IO_METASYNC is not yet implemented in 4.4BSD-Lite.)
1230 */
1231 if (stable == NFSV3WRITE_UNSTABLE)
1232 ioflags = IO_NODELOCKED;
1233 else if (stable == NFSV3WRITE_DATASYNC)
1234 ioflags = (IO_SYNC | IO_NODELOCKED);
1235 else
1236 ioflags = (IO_METASYNC | IO_SYNC | IO_NODELOCKED);
1237 uiop->uio_resid = len;
1238 uiop->uio_rw = UIO_WRITE;
1239 uiop->uio_segflg = UIO_SYSSPACE;
1240 uiop->uio_td = NULL;
1241 uiop->uio_offset = off;
1242 mtx_lock(&Giant); /* VFS */
1243 error = VOP_WRITE(vp, uiop, ioflags, cred);
1244 /* XXXRW: unlocked write. */
1245 nfsrvstats.srvvop_writes++;
1246 FREE((caddr_t)iv, M_TEMP);
1247 } else
1248 mtx_lock(&Giant); /* VFS */
1249 mtx_assert(&Giant, MA_OWNED); /* VFS */
1250 aftat_ret = VOP_GETATTR(vp, vap, cred, td);
1251 vput(vp);
1252 mtx_unlock(&Giant); /* VFS */
1253 NFSD_LOCK();
1254 vp = NULL;
1255 if (!error)
1256 error = aftat_ret;
1257 ereply:
1258 NFSD_LOCK_ASSERT();
1259 nfsm_reply(NFSX_PREOPATTR(v3) + NFSX_POSTOPORFATTR(v3) +
1260 2 * NFSX_UNSIGNED + NFSX_WRITEVERF(v3));
1261 if (v3) {
1262 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, vap);
1263 if (error) {
1264 error = 0;
1265 goto nfsmout;
1266 }
1267 tl = nfsm_build(u_int32_t *, 4 * NFSX_UNSIGNED);
1268 *tl++ = txdr_unsigned(retlen);
1269 /*
1270 * If nfs_async is set, then pretend the write was FILESYNC.
1271 */
1272 if (stable == NFSV3WRITE_UNSTABLE && !nfs_async)
1273 *tl++ = txdr_unsigned(stable);
1274 else
1275 *tl++ = txdr_unsigned(NFSV3WRITE_FILESYNC);
1276 /*
1277 * Actually, there is no need to txdr these fields,
1278 * but it may make the values more human readable,
1279 * for debugging purposes.
1280 */
1281 if (nfsver.tv_sec == 0)
1282 nfsver = boottime;
1283 *tl++ = txdr_unsigned(nfsver.tv_sec);
1284 *tl = txdr_unsigned(nfsver.tv_usec);
1285 } else if (!error) {
1286 /* v2 non-error case. */
1287 fp = nfsm_build(struct nfs_fattr *, NFSX_V2FATTR);
1288 nfsm_srvfillattr(vap, fp);
1289 }
1290 error = 0;
1291 nfsmout:
1292 NFSD_LOCK_ASSERT();
1293 NFSD_UNLOCK();
1294 mtx_lock(&Giant); /* VFS */
1295 if (vp)
1296 vput(vp);
1297 vn_finished_write(mntp);
1298 mtx_unlock(&Giant); /* VFS */
1299 NFSD_LOCK();
1300 return(error);
1301 }
1302
1303 /*
1304 * NFS write service with write gathering support. Called when
1305 * nfsrvw_procrastinate > 0.
1306 * See: Chet Juszczak, "Improving the Write Performance of an NFS Server",
1307 * in Proc. of the Winter 1994 Usenix Conference, pg. 247-259, San Franscisco,
1308 * Jan. 1994.
1309 */
1310 int
1311 nfsrv_writegather(struct nfsrv_descript **ndp, struct nfssvc_sock *slp,
1312 struct thread *td, struct mbuf **mrq)
1313 {
1314 struct iovec *ivp;
1315 struct mbuf *mp;
1316 struct nfsrv_descript *wp, *nfsd, *owp, *swp;
1317 struct nfs_fattr *fp;
1318 int i;
1319 struct iovec *iov;
1320 struct nfsrvw_delayhash *wpp;
1321 struct ucred *cred;
1322 struct vattr va, forat;
1323 u_int32_t *tl;
1324 caddr_t bpos, dpos;
1325 int error = 0, rdonly, len, forat_ret = 1;
1326 int ioflags, aftat_ret = 1, s, adjust, v3, zeroing;
1327 struct mbuf *mb, *mreq, *mrep, *md;
1328 struct vnode *vp = NULL;
1329 struct uio io, *uiop = &io;
1330 u_quad_t cur_usec;
1331 struct mount *mntp = NULL;
1332
1333 NFSD_LOCK_ASSERT();
1334
1335 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
1336 #ifndef nolint
1337 i = 0;
1338 len = 0;
1339 #endif
1340 *mrq = NULL;
1341 if (*ndp) {
1342 nfsd = *ndp;
1343 *ndp = NULL;
1344 mrep = nfsd->nd_mrep;
1345 md = nfsd->nd_md;
1346 dpos = nfsd->nd_dpos;
1347 cred = &nfsd->nd_cr;
1348 v3 = (nfsd->nd_flag & ND_NFSV3);
1349 LIST_INIT(&nfsd->nd_coalesce);
1350 nfsd->nd_mreq = NULL;
1351 nfsd->nd_stable = NFSV3WRITE_FILESYNC;
1352 cur_usec = nfs_curusec();
1353 nfsd->nd_time = cur_usec +
1354 (v3 ? nfsrvw_procrastinate_v3 : nfsrvw_procrastinate);
1355
1356 /*
1357 * Now, get the write header..
1358 */
1359 nfsm_srvmtofh(&nfsd->nd_fh);
1360 if (v3) {
1361 tl = nfsm_dissect(u_int32_t *, 5 * NFSX_UNSIGNED);
1362 nfsd->nd_off = fxdr_hyper(tl);
1363 tl += 3;
1364 nfsd->nd_stable = fxdr_unsigned(int, *tl++);
1365 } else {
1366 tl = nfsm_dissect(u_int32_t *, 4 * NFSX_UNSIGNED);
1367 nfsd->nd_off = (off_t)fxdr_unsigned(u_int32_t, *++tl);
1368 tl += 2;
1369 if (nfs_async)
1370 nfsd->nd_stable = NFSV3WRITE_UNSTABLE;
1371 }
1372 len = fxdr_unsigned(int32_t, *tl);
1373 nfsd->nd_len = len;
1374 nfsd->nd_eoff = nfsd->nd_off + len;
1375
1376 /*
1377 * Trim the header out of the mbuf list and trim off any trailing
1378 * junk so that the mbuf list has only the write data.
1379 */
1380 zeroing = 1;
1381 i = 0;
1382 mp = mrep;
1383 while (mp) {
1384 if (mp == md) {
1385 zeroing = 0;
1386 adjust = dpos - mtod(mp, caddr_t);
1387 mp->m_len -= adjust;
1388 if (mp->m_len > 0 && adjust > 0)
1389 mp->m_data += adjust;
1390 }
1391 if (zeroing)
1392 mp->m_len = 0;
1393 else {
1394 i += mp->m_len;
1395 if (i > len) {
1396 mp->m_len -= (i - len);
1397 zeroing = 1;
1398 }
1399 }
1400 mp = mp->m_next;
1401 }
1402 if (len > NFS_MAXDATA || len < 0 || i < len) {
1403 nfsmout:
1404 NFSD_LOCK_ASSERT();
1405 m_freem(mrep);
1406 error = EIO;
1407 nfsm_writereply(2 * NFSX_UNSIGNED);
1408 if (v3)
1409 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
1410 nfsd->nd_mreq = mreq;
1411 nfsd->nd_mrep = NULL;
1412 nfsd->nd_time = 0;
1413 }
1414
1415 /*
1416 * Add this entry to the hash and time queues.
1417 */
1418 s = splsoftclock();
1419 owp = NULL;
1420 wp = LIST_FIRST(&slp->ns_tq);
1421 while (wp && wp->nd_time < nfsd->nd_time) {
1422 owp = wp;
1423 wp = LIST_NEXT(wp, nd_tq);
1424 }
1425 NFS_DPF(WG, ("Q%03x", nfsd->nd_retxid & 0xfff));
1426 if (owp) {
1427 LIST_INSERT_AFTER(owp, nfsd, nd_tq);
1428 } else {
1429 LIST_INSERT_HEAD(&slp->ns_tq, nfsd, nd_tq);
1430 }
1431 if (nfsd->nd_mrep) {
1432 wpp = NWDELAYHASH(slp, nfsd->nd_fh.fh_fid.fid_data);
1433 owp = NULL;
1434 wp = LIST_FIRST(wpp);
1435 while (wp &&
1436 bcmp((caddr_t)&nfsd->nd_fh,(caddr_t)&wp->nd_fh, NFSX_V3FH)){
1437 owp = wp;
1438 wp = LIST_NEXT(wp, nd_hash);
1439 }
1440 while (wp && wp->nd_off < nfsd->nd_off &&
1441 !bcmp((caddr_t)&nfsd->nd_fh,(caddr_t)&wp->nd_fh, NFSX_V3FH)) {
1442 owp = wp;
1443 wp = LIST_NEXT(wp, nd_hash);
1444 }
1445 if (owp) {
1446 LIST_INSERT_AFTER(owp, nfsd, nd_hash);
1447
1448 /*
1449 * Search the hash list for overlapping entries and
1450 * coalesce.
1451 */
1452 for(; nfsd && NFSW_CONTIG(owp, nfsd); nfsd = wp) {
1453 wp = LIST_NEXT(nfsd, nd_hash);
1454 if (NFSW_SAMECRED(owp, nfsd))
1455 nfsrvw_coalesce(owp, nfsd);
1456 }
1457 } else {
1458 LIST_INSERT_HEAD(wpp, nfsd, nd_hash);
1459 }
1460 }
1461 splx(s);
1462 }
1463
1464 /*
1465 * Now, do VOP_WRITE()s for any one(s) that need to be done now
1466 * and generate the associated reply mbuf list(s).
1467 */
1468 loop1:
1469 cur_usec = nfs_curusec();
1470 s = splsoftclock();
1471 for (nfsd = LIST_FIRST(&slp->ns_tq); nfsd; nfsd = owp) {
1472 owp = LIST_NEXT(nfsd, nd_tq);
1473 if (nfsd->nd_time > cur_usec)
1474 break;
1475 if (nfsd->nd_mreq)
1476 continue;
1477 NFS_DPF(WG, ("P%03x", nfsd->nd_retxid & 0xfff));
1478 LIST_REMOVE(nfsd, nd_tq);
1479 LIST_REMOVE(nfsd, nd_hash);
1480 splx(s);
1481 mrep = nfsd->nd_mrep;
1482 nfsd->nd_mrep = NULL;
1483 cred = &nfsd->nd_cr;
1484 v3 = (nfsd->nd_flag & ND_NFSV3);
1485 forat_ret = aftat_ret = 1;
1486 error = nfsrv_fhtovp(&nfsd->nd_fh, 1, &vp, cred, slp,
1487 nfsd->nd_nam, &rdonly, TRUE);
1488 if (!error) {
1489 if (v3) {
1490 NFSD_UNLOCK();
1491 mtx_lock(&Giant); /* VFS */
1492 forat_ret = VOP_GETATTR(vp, &forat, cred, td);
1493 mtx_unlock(&Giant); /* VFS */
1494 NFSD_LOCK();
1495 }
1496 if (vp->v_type != VREG) {
1497 if (v3)
1498 error = EINVAL;
1499 else
1500 error = (vp->v_type == VDIR) ? EISDIR : EACCES;
1501 }
1502 } else {
1503 vp = NULL;
1504 }
1505 NFSD_UNLOCK();
1506 mtx_lock(&Giant); /* VFS */
1507 if (!error)
1508 error = nfsrv_access_withgiant(vp, VWRITE, cred, rdonly,
1509 td, 1);
1510 if (nfsd->nd_stable == NFSV3WRITE_UNSTABLE)
1511 ioflags = IO_NODELOCKED;
1512 else if (nfsd->nd_stable == NFSV3WRITE_DATASYNC)
1513 ioflags = (IO_SYNC | IO_NODELOCKED);
1514 else
1515 ioflags = (IO_METASYNC | IO_SYNC | IO_NODELOCKED);
1516 uiop->uio_rw = UIO_WRITE;
1517 uiop->uio_segflg = UIO_SYSSPACE;
1518 uiop->uio_td = NULL;
1519 uiop->uio_offset = nfsd->nd_off;
1520 uiop->uio_resid = nfsd->nd_eoff - nfsd->nd_off;
1521 if (uiop->uio_resid > 0) {
1522 mp = mrep;
1523 i = 0;
1524 while (mp) {
1525 if (mp->m_len > 0)
1526 i++;
1527 mp = mp->m_next;
1528 }
1529 uiop->uio_iovcnt = i;
1530 MALLOC(iov, struct iovec *, i * sizeof (struct iovec),
1531 M_TEMP, M_WAITOK);
1532 uiop->uio_iov = ivp = iov;
1533 mp = mrep;
1534 while (mp) {
1535 if (mp->m_len > 0) {
1536 ivp->iov_base = mtod(mp, caddr_t);
1537 ivp->iov_len = mp->m_len;
1538 ivp++;
1539 }
1540 mp = mp->m_next;
1541 }
1542 if (!error) {
1543 if (vn_start_write(vp, &mntp, V_NOWAIT) != 0) {
1544 VOP_UNLOCK(vp, 0, td);
1545 error = vn_start_write(NULL, &mntp, V_WAIT);
1546 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
1547 }
1548 }
1549 if (!error) {
1550 error = VOP_WRITE(vp, uiop, ioflags, cred);
1551 /* XXXRW: unlocked write. */
1552 nfsrvstats.srvvop_writes++;
1553 vn_finished_write(mntp);
1554 }
1555 FREE((caddr_t)iov, M_TEMP);
1556 }
1557 m_freem(mrep);
1558 if (vp) {
1559 aftat_ret = VOP_GETATTR(vp, &va, cred, td);
1560 vput(vp);
1561 vp = NULL;
1562 }
1563 mtx_unlock(&Giant); /* VFS */
1564 NFSD_LOCK();
1565
1566 /*
1567 * Loop around generating replies for all write rpcs that have
1568 * now been completed.
1569 */
1570 swp = nfsd;
1571 do {
1572 NFS_DPF(WG, ("R%03x", nfsd->nd_retxid & 0xfff));
1573 if (error) {
1574 nfsm_writereply(NFSX_WCCDATA(v3));
1575 if (v3) {
1576 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
1577 }
1578 } else {
1579 nfsm_writereply(NFSX_PREOPATTR(v3) +
1580 NFSX_POSTOPORFATTR(v3) + 2 * NFSX_UNSIGNED +
1581 NFSX_WRITEVERF(v3));
1582 if (v3) {
1583 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
1584 tl = nfsm_build(u_int32_t *, 4 * NFSX_UNSIGNED);
1585 *tl++ = txdr_unsigned(nfsd->nd_len);
1586 *tl++ = txdr_unsigned(swp->nd_stable);
1587 /*
1588 * Actually, there is no need to txdr these fields,
1589 * but it may make the values more human readable,
1590 * for debugging purposes.
1591 */
1592 if (nfsver.tv_sec == 0)
1593 nfsver = boottime;
1594 *tl++ = txdr_unsigned(nfsver.tv_sec);
1595 *tl = txdr_unsigned(nfsver.tv_usec);
1596 } else {
1597 fp = nfsm_build(struct nfs_fattr *, NFSX_V2FATTR);
1598 nfsm_srvfillattr(&va, fp);
1599 }
1600 }
1601 nfsd->nd_mreq = mreq;
1602 if (nfsd->nd_mrep)
1603 panic("nfsrv_write: nd_mrep not free");
1604
1605 /*
1606 * Done. Put it at the head of the timer queue so that
1607 * the final phase can return the reply.
1608 */
1609 s = splsoftclock();
1610 if (nfsd != swp) {
1611 nfsd->nd_time = 0;
1612 LIST_INSERT_HEAD(&slp->ns_tq, nfsd, nd_tq);
1613 }
1614 nfsd = LIST_FIRST(&swp->nd_coalesce);
1615 if (nfsd) {
1616 LIST_REMOVE(nfsd, nd_tq);
1617 }
1618 splx(s);
1619 } while (nfsd);
1620 s = splsoftclock();
1621 swp->nd_time = 0;
1622 LIST_INSERT_HEAD(&slp->ns_tq, swp, nd_tq);
1623 splx(s);
1624 goto loop1;
1625 }
1626 splx(s);
1627
1628 /*
1629 * Search for a reply to return.
1630 */
1631 s = splsoftclock();
1632 LIST_FOREACH(nfsd, &slp->ns_tq, nd_tq)
1633 if (nfsd->nd_mreq) {
1634 NFS_DPF(WG, ("X%03x", nfsd->nd_retxid & 0xfff));
1635 LIST_REMOVE(nfsd, nd_tq);
1636 *mrq = nfsd->nd_mreq;
1637 *ndp = nfsd;
1638 break;
1639 }
1640 splx(s);
1641 return (0);
1642 }
1643
1644 /*
1645 * Coalesce the write request nfsd into owp. To do this we must:
1646 * - remove nfsd from the queues
1647 * - merge nfsd->nd_mrep into owp->nd_mrep
1648 * - update the nd_eoff and nd_stable for owp
1649 * - put nfsd on owp's nd_coalesce list
1650 * NB: Must be called at splsoftclock().
1651 */
1652 static void
1653 nfsrvw_coalesce(struct nfsrv_descript *owp, struct nfsrv_descript *nfsd)
1654 {
1655 int overlap;
1656 struct mbuf *mp;
1657 struct nfsrv_descript *p;
1658
1659 NFSD_LOCK_ASSERT();
1660
1661 NFS_DPF(WG, ("C%03x-%03x",
1662 nfsd->nd_retxid & 0xfff, owp->nd_retxid & 0xfff));
1663 LIST_REMOVE(nfsd, nd_hash);
1664 LIST_REMOVE(nfsd, nd_tq);
1665 if (owp->nd_eoff < nfsd->nd_eoff) {
1666 overlap = owp->nd_eoff - nfsd->nd_off;
1667 if (overlap < 0)
1668 panic("nfsrv_coalesce: bad off");
1669 if (overlap > 0)
1670 m_adj(nfsd->nd_mrep, overlap);
1671 mp = owp->nd_mrep;
1672 while (mp->m_next)
1673 mp = mp->m_next;
1674 mp->m_next = nfsd->nd_mrep;
1675 owp->nd_eoff = nfsd->nd_eoff;
1676 } else
1677 m_freem(nfsd->nd_mrep);
1678 nfsd->nd_mrep = NULL;
1679 if (nfsd->nd_stable == NFSV3WRITE_FILESYNC)
1680 owp->nd_stable = NFSV3WRITE_FILESYNC;
1681 else if (nfsd->nd_stable == NFSV3WRITE_DATASYNC &&
1682 owp->nd_stable == NFSV3WRITE_UNSTABLE)
1683 owp->nd_stable = NFSV3WRITE_DATASYNC;
1684 LIST_INSERT_HEAD(&owp->nd_coalesce, nfsd, nd_tq);
1685
1686 /*
1687 * If nfsd had anything else coalesced into it, transfer them
1688 * to owp, otherwise their replies will never get sent.
1689 */
1690 for (p = LIST_FIRST(&nfsd->nd_coalesce); p;
1691 p = LIST_FIRST(&nfsd->nd_coalesce)) {
1692 LIST_REMOVE(p, nd_tq);
1693 LIST_INSERT_HEAD(&owp->nd_coalesce, p, nd_tq);
1694 }
1695 }
1696
1697 /*
1698 * nfs create service
1699 * now does a truncate to 0 length via. setattr if it already exists
1700 */
1701 int
1702 nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
1703 struct thread *td, struct mbuf **mrq)
1704 {
1705 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
1706 struct sockaddr *nam = nfsd->nd_nam;
1707 caddr_t dpos = nfsd->nd_dpos;
1708 struct ucred *cred = &nfsd->nd_cr;
1709 struct nfs_fattr *fp;
1710 struct vattr va, dirfor, diraft;
1711 struct vattr *vap = &va;
1712 struct nfsv2_sattr *sp;
1713 u_int32_t *tl;
1714 struct nameidata nd;
1715 caddr_t bpos;
1716 int error = 0, rdev, len, tsize, dirfor_ret = 1, diraft_ret = 1;
1717 int v3 = (nfsd->nd_flag & ND_NFSV3), how, exclusive_flag = 0;
1718 caddr_t cp;
1719 struct mbuf *mb, *mreq;
1720 struct vnode *dirp = NULL;
1721 nfsfh_t nfh;
1722 fhandle_t *fhp;
1723 u_quad_t tempsize;
1724 u_char cverf[NFSX_V3CREATEVERF];
1725 struct mount *mp = NULL;
1726
1727 NFSD_LOCK_ASSERT();
1728
1729 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
1730 #ifndef nolint
1731 rdev = 0;
1732 #endif
1733 ndclear(&nd);
1734
1735 fhp = &nfh.fh_generic;
1736 nfsm_srvmtofh(fhp);
1737 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
1738 error = ESTALE;
1739 goto ereply_locked;
1740 }
1741 NFSD_UNLOCK();
1742 mtx_lock(&Giant); /* VFS */
1743 (void) vn_start_write(NULL, &mp, V_WAIT);
1744 mtx_unlock(&Giant); /* VFS */
1745 NFSD_LOCK();
1746 nfsm_srvnamesiz(len);
1747
1748 nd.ni_cnd.cn_cred = cred;
1749 nd.ni_cnd.cn_nameiop = CREATE;
1750 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | SAVESTART;
1751
1752 /*
1753 * Call namei and do initial cleanup to get a few things
1754 * out of the way. If we get an initial error we cleanup
1755 * and return here to avoid special-casing the invalid nd
1756 * structure through the rest of the case. dirp may be
1757 * set even if an error occurs, but the nd structure will not
1758 * be valid at all if an error occurs so we have to invalidate it
1759 * prior to calling nfsm_reply ( which might goto nfsmout ).
1760 */
1761 error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
1762 &dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
1763 if (dirp && !v3) {
1764 NFSD_UNLOCK();
1765 mtx_lock(&Giant); /* VFS */
1766 vrele(dirp);
1767 mtx_unlock(&Giant); /* VFS */
1768 NFSD_LOCK();
1769 dirp = NULL;
1770 }
1771 if (error) {
1772 nfsm_reply(NFSX_WCCDATA(v3));
1773 if (v3)
1774 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
1775 error = 0;
1776 goto nfsmout;
1777 }
1778
1779 /*
1780 * No error. Continue. State:
1781 *
1782 * startdir is valid ( we release this immediately )
1783 * dirp may be valid
1784 * nd.ni_vp may be valid
1785 * nd.ni_dvp is valid
1786 *
1787 * The error state is set through the code and we may also do some
1788 * opportunistic releasing of vnodes to avoid holding locks through
1789 * NFS I/O. The cleanup at the end is a catch-all
1790 */
1791
1792 VATTR_NULL(vap);
1793 if (v3) {
1794 tl = nfsm_dissect(u_int32_t *, NFSX_UNSIGNED);
1795 how = fxdr_unsigned(int, *tl);
1796 switch (how) {
1797 case NFSV3CREATE_GUARDED:
1798 if (nd.ni_vp) {
1799 error = EEXIST;
1800 break;
1801 }
1802 /* fall through */
1803 case NFSV3CREATE_UNCHECKED:
1804 nfsm_srvsattr(vap);
1805 break;
1806 case NFSV3CREATE_EXCLUSIVE:
1807 cp = nfsm_dissect(caddr_t, NFSX_V3CREATEVERF);
1808 bcopy(cp, cverf, NFSX_V3CREATEVERF);
1809 exclusive_flag = 1;
1810 break;
1811 };
1812 vap->va_type = VREG;
1813 } else {
1814 sp = nfsm_dissect(struct nfsv2_sattr *, NFSX_V2SATTR);
1815 vap->va_type = IFTOVT(fxdr_unsigned(u_int32_t, sp->sa_mode));
1816 if (vap->va_type == VNON)
1817 vap->va_type = VREG;
1818 vap->va_mode = nfstov_mode(sp->sa_mode);
1819 switch (vap->va_type) {
1820 case VREG:
1821 tsize = fxdr_unsigned(int32_t, sp->sa_size);
1822 if (tsize != -1)
1823 vap->va_size = (u_quad_t)tsize;
1824 break;
1825 case VCHR:
1826 case VBLK:
1827 case VFIFO:
1828 rdev = fxdr_unsigned(long, sp->sa_size);
1829 break;
1830 default:
1831 break;
1832 };
1833 }
1834
1835 /*
1836 * Iff doesn't exist, create it
1837 * otherwise just truncate to 0 length
1838 * should I set the mode too ?
1839 *
1840 * The only possible error we can have at this point is EEXIST.
1841 * nd.ni_vp will also be non-NULL in that case.
1842 */
1843 NFSD_UNLOCK();
1844 mtx_lock(&Giant); /* VFS */
1845 if (nd.ni_vp == NULL) {
1846 if (vap->va_mode == (mode_t)VNOVAL)
1847 vap->va_mode = 0;
1848 if (vap->va_type == VREG || vap->va_type == VSOCK) {
1849 error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
1850 if (error)
1851 NDFREE(&nd, NDF_ONLY_PNBUF);
1852 else {
1853 nfsrv_object_create(nd.ni_vp);
1854 if (exclusive_flag) {
1855 exclusive_flag = 0;
1856 VATTR_NULL(vap);
1857 bcopy(cverf, (caddr_t)&vap->va_atime,
1858 NFSX_V3CREATEVERF);
1859 error = VOP_SETATTR(nd.ni_vp, vap, cred,
1860 td);
1861 }
1862 }
1863 } else if (vap->va_type == VCHR || vap->va_type == VBLK ||
1864 vap->va_type == VFIFO) {
1865 /*
1866 * NFSv2-specific code for creating device nodes
1867 * and fifos.
1868 *
1869 * Handle SysV FIFO node special cases. All other
1870 * devices require super user to access.
1871 */
1872 if (vap->va_type == VCHR && rdev == 0xffffffff)
1873 vap->va_type = VFIFO;
1874 if (vap->va_type != VFIFO &&
1875 (error = suser_cred(cred, 0))) {
1876 goto ereply;
1877 }
1878 vap->va_rdev = rdev;
1879 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
1880 if (error) {
1881 NDFREE(&nd, NDF_ONLY_PNBUF);
1882 goto ereply;
1883 }
1884 vput(nd.ni_vp);
1885 nd.ni_vp = NULL;
1886
1887 /*
1888 * release dvp prior to lookup
1889 */
1890 vput(nd.ni_dvp);
1891 nd.ni_dvp = NULL;
1892
1893 /*
1894 * Setup for lookup.
1895 *
1896 * Even though LOCKPARENT was cleared, ni_dvp may
1897 * be garbage.
1898 */
1899 nd.ni_cnd.cn_nameiop = LOOKUP;
1900 nd.ni_cnd.cn_flags &= ~(LOCKPARENT);
1901 nd.ni_cnd.cn_thread = td;
1902 nd.ni_cnd.cn_cred = cred;
1903
1904 error = lookup(&nd);
1905 nd.ni_dvp = NULL;
1906 if (error)
1907 goto ereply;
1908
1909 nfsrv_object_create(nd.ni_vp);
1910 if (nd.ni_cnd.cn_flags & ISSYMLINK) {
1911 error = EINVAL;
1912 goto ereply;
1913 }
1914 } else {
1915 error = ENXIO;
1916 }
1917 } else {
1918 if (vap->va_size != -1) {
1919 error = nfsrv_access_withgiant(nd.ni_vp, VWRITE,
1920 cred, (nd.ni_cnd.cn_flags & RDONLY), td, 0);
1921 if (!error) {
1922 tempsize = vap->va_size;
1923 VATTR_NULL(vap);
1924 vap->va_size = tempsize;
1925 error = VOP_SETATTR(nd.ni_vp, vap, cred,
1926 td);
1927 }
1928 }
1929 }
1930
1931 if (!error) {
1932 bzero((caddr_t)fhp, sizeof(nfh));
1933 fhp->fh_fsid = nd.ni_vp->v_mount->mnt_stat.f_fsid;
1934 error = VFS_VPTOFH(nd.ni_vp, &fhp->fh_fid);
1935 if (!error)
1936 error = VOP_GETATTR(nd.ni_vp, vap, cred, td);
1937 }
1938 if (v3) {
1939 if (exclusive_flag && !error &&
1940 bcmp(cverf, (caddr_t)&vap->va_atime, NFSX_V3CREATEVERF))
1941 error = EEXIST;
1942 if (dirp == nd.ni_dvp)
1943 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
1944 else {
1945 /* Drop the other locks to avoid deadlock. */
1946 if (nd.ni_dvp) {
1947 if (nd.ni_dvp == nd.ni_vp)
1948 vrele(nd.ni_dvp);
1949 else
1950 vput(nd.ni_dvp);
1951 }
1952 if (nd.ni_vp)
1953 vput(nd.ni_vp);
1954 nd.ni_dvp = NULL;
1955 nd.ni_vp = NULL;
1956
1957 vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td);
1958 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
1959 VOP_UNLOCK(dirp, 0, td);
1960 }
1961 }
1962 ereply:
1963 NFSD_UNLOCK_ASSERT();
1964 mtx_unlock(&Giant); /* VFS */
1965 NFSD_LOCK();
1966 ereply_locked:
1967 NFSD_LOCK_ASSERT();
1968 nfsm_reply(NFSX_SRVFH(v3) + NFSX_FATTR(v3) + NFSX_WCCDATA(v3));
1969 if (v3) {
1970 if (!error) {
1971 nfsm_srvpostop_fh(fhp);
1972 nfsm_srvpostop_attr(0, vap);
1973 }
1974 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
1975 } else if (!error) {
1976 /* v2 non-error case. */
1977 nfsm_srvfhtom(fhp, v3);
1978 fp = nfsm_build(struct nfs_fattr *, NFSX_V2FATTR);
1979 nfsm_srvfillattr(vap, fp);
1980 }
1981 error = 0;
1982
1983 nfsmout:
1984 NFSD_LOCK_ASSERT();
1985 NFSD_UNLOCK();
1986 mtx_lock(&Giant); /* VFS */
1987 if (nd.ni_startdir) {
1988 vrele(nd.ni_startdir);
1989 nd.ni_startdir = NULL;
1990 }
1991 if (dirp)
1992 vrele(dirp);
1993 NDFREE(&nd, NDF_ONLY_PNBUF);
1994 if (nd.ni_dvp) {
1995 if (nd.ni_dvp == nd.ni_vp)
1996 vrele(nd.ni_dvp);
1997 else
1998 vput(nd.ni_dvp);
1999 }
2000 if (nd.ni_vp)
2001 vput(nd.ni_vp);
2002 vn_finished_write(mp);
2003 mtx_unlock(&Giant); /* VFS */
2004 NFSD_LOCK();
2005 return (error);
2006 }
2007
2008 /*
2009 * nfs v3 mknod service
2010 */
2011 int
2012 nfsrv_mknod(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
2013 struct thread *td, struct mbuf **mrq)
2014 {
2015 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2016 struct sockaddr *nam = nfsd->nd_nam;
2017 caddr_t dpos = nfsd->nd_dpos;
2018 struct ucred *cred = &nfsd->nd_cr;
2019 struct vattr va, dirfor, diraft;
2020 struct vattr *vap = &va;
2021 u_int32_t *tl;
2022 struct nameidata nd;
2023 caddr_t bpos;
2024 int error = 0, len, dirfor_ret = 1, diraft_ret = 1;
2025 u_int32_t major, minor;
2026 enum vtype vtyp;
2027 struct mbuf *mb, *mreq;
2028 struct vnode *vp, *dirp = NULL;
2029 nfsfh_t nfh;
2030 fhandle_t *fhp;
2031 struct mount *mp = NULL;
2032 int v3 = (nfsd->nd_flag & ND_NFSV3);
2033
2034 NFSD_LOCK_ASSERT();
2035
2036 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
2037 if (!v3)
2038 panic("nfsrv_mknod: v3 proc called on a v2 connection");
2039 ndclear(&nd);
2040
2041 fhp = &nfh.fh_generic;
2042 nfsm_srvmtofh(fhp);
2043 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
2044 error = ESTALE;
2045 goto ereply;
2046 }
2047 NFSD_UNLOCK();
2048 mtx_lock(&Giant); /* VFS */
2049 (void) vn_start_write(NULL, &mp, V_WAIT);
2050 mtx_unlock(&Giant); /* VFS */
2051 NFSD_LOCK();
2052 nfsm_srvnamesiz(len);
2053
2054 nd.ni_cnd.cn_cred = cred;
2055 nd.ni_cnd.cn_nameiop = CREATE;
2056 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | SAVESTART;
2057
2058 /*
2059 * Handle nfs_namei() call. If an error occurs, the nd structure
2060 * is not valid. However, nfsm_*() routines may still jump to
2061 * nfsmout.
2062 */
2063
2064 error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
2065 &dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
2066 if (error) {
2067 nfsm_reply(NFSX_WCCDATA(1));
2068 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2069 error = 0;
2070 goto nfsmout;
2071 }
2072 tl = nfsm_dissect(u_int32_t *, NFSX_UNSIGNED);
2073 vtyp = nfsv3tov_type(*tl);
2074 if (vtyp != VCHR && vtyp != VBLK && vtyp != VSOCK && vtyp != VFIFO) {
2075 error = NFSERR_BADTYPE;
2076 goto out;
2077 }
2078 VATTR_NULL(vap);
2079 nfsm_srvsattr(vap);
2080 if (vtyp == VCHR || vtyp == VBLK) {
2081 tl = nfsm_dissect(u_int32_t *, 2 * NFSX_UNSIGNED);
2082 major = fxdr_unsigned(u_int32_t, *tl++);
2083 minor = fxdr_unsigned(u_int32_t, *tl);
2084 vap->va_rdev = makedev(major, minor);
2085 }
2086
2087 /*
2088 * Iff doesn't exist, create it.
2089 */
2090 if (nd.ni_vp) {
2091 error = EEXIST;
2092 goto out;
2093 }
2094 vap->va_type = vtyp;
2095 if (vap->va_mode == (mode_t)VNOVAL)
2096 vap->va_mode = 0;
2097 NFSD_UNLOCK();
2098 mtx_lock(&Giant); /* VFS */
2099 if (vtyp == VSOCK) {
2100 vrele(nd.ni_startdir);
2101 nd.ni_startdir = NULL;
2102 error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
2103 if (error)
2104 NDFREE(&nd, NDF_ONLY_PNBUF);
2105 } else {
2106 if (vtyp != VFIFO && (error = suser_cred(cred, 0)))
2107 goto out;
2108 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
2109 if (error) {
2110 NDFREE(&nd, NDF_ONLY_PNBUF);
2111 goto out;
2112 }
2113 vput(nd.ni_vp);
2114 nd.ni_vp = NULL;
2115
2116 /*
2117 * Release dvp prior to lookup
2118 */
2119 vput(nd.ni_dvp);
2120 nd.ni_dvp = NULL;
2121
2122 nd.ni_cnd.cn_nameiop = LOOKUP;
2123 nd.ni_cnd.cn_flags &= ~(LOCKPARENT);
2124 nd.ni_cnd.cn_thread = td;
2125 nd.ni_cnd.cn_cred = td->td_ucred;
2126
2127 error = lookup(&nd);
2128 nd.ni_dvp = NULL;
2129
2130 if (error)
2131 goto out;
2132 if (nd.ni_cnd.cn_flags & ISSYMLINK)
2133 error = EINVAL;
2134 }
2135
2136 /*
2137 * send response, cleanup, return.
2138 */
2139 out:
2140 NFSD_UNLOCK_ASSERT();
2141 if (nd.ni_startdir) {
2142 vrele(nd.ni_startdir);
2143 nd.ni_startdir = NULL;
2144 }
2145 NDFREE(&nd, NDF_ONLY_PNBUF);
2146 if (nd.ni_dvp) {
2147 if (nd.ni_dvp == nd.ni_vp)
2148 vrele(nd.ni_dvp);
2149 else
2150 vput(nd.ni_dvp);
2151 nd.ni_dvp = NULL;
2152 }
2153 vp = nd.ni_vp;
2154 if (!error) {
2155 bzero((caddr_t)fhp, sizeof(nfh));
2156 fhp->fh_fsid = vp->v_mount->mnt_stat.f_fsid;
2157 error = VFS_VPTOFH(vp, &fhp->fh_fid);
2158 if (!error)
2159 error = VOP_GETATTR(vp, vap, cred, td);
2160 }
2161 if (vp) {
2162 vput(vp);
2163 vp = NULL;
2164 nd.ni_vp = NULL;
2165 }
2166 if (dirp) {
2167 vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td);
2168 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
2169 VOP_UNLOCK(dirp, 0, td);
2170 }
2171 mtx_unlock(&Giant); /* VFS */
2172 NFSD_LOCK();
2173 ereply:
2174 NFSD_LOCK_ASSERT();
2175 nfsm_reply(NFSX_SRVFH(1) + NFSX_POSTOPATTR(1) + NFSX_WCCDATA(1));
2176 if (v3) {
2177 if (!error) {
2178 nfsm_srvpostop_fh(fhp);
2179 nfsm_srvpostop_attr(0, vap);
2180 }
2181 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2182 }
2183 NFSD_UNLOCK();
2184 mtx_lock(&Giant); /* VFS */
2185 vn_finished_write(mp);
2186 mtx_unlock(&Giant); /* VFS */
2187 NFSD_LOCK();
2188 return (0);
2189 nfsmout:
2190 NFSD_LOCK_ASSERT();
2191 NFSD_UNLOCK();
2192 mtx_lock(&Giant); /* VFS */
2193 if (dirp)
2194 vrele(dirp);
2195 if (nd.ni_startdir)
2196 vrele(nd.ni_startdir);
2197 NDFREE(&nd, NDF_ONLY_PNBUF);
2198 if (nd.ni_dvp) {
2199 if (nd.ni_dvp == nd.ni_vp)
2200 vrele(nd.ni_dvp);
2201 else
2202 vput(nd.ni_dvp);
2203 }
2204 if (nd.ni_vp)
2205 vput(nd.ni_vp);
2206 vn_finished_write(mp);
2207 mtx_unlock(&Giant); /* VFS */
2208 NFSD_LOCK();
2209 return (error);
2210 }
2211
2212 /*
2213 * nfs remove service
2214 */
2215 int
2216 nfsrv_remove(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
2217 struct thread *td, struct mbuf **mrq)
2218 {
2219 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2220 struct sockaddr *nam = nfsd->nd_nam;
2221 caddr_t dpos = nfsd->nd_dpos;
2222 struct ucred *cred = &nfsd->nd_cr;
2223 struct nameidata nd;
2224 caddr_t bpos;
2225 int error = 0, len, dirfor_ret = 1, diraft_ret = 1;
2226 int v3 = (nfsd->nd_flag & ND_NFSV3);
2227 struct mbuf *mb, *mreq;
2228 struct vnode *dirp;
2229 struct vattr dirfor, diraft;
2230 nfsfh_t nfh;
2231 fhandle_t *fhp;
2232 struct mount *mp = NULL;
2233
2234 NFSD_LOCK_ASSERT();
2235
2236 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
2237 ndclear(&nd);
2238
2239 fhp = &nfh.fh_generic;
2240 nfsm_srvmtofh(fhp);
2241 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
2242 error = ESTALE;
2243 goto ereply;
2244 }
2245 NFSD_UNLOCK();
2246 mtx_lock(&Giant); /* VFS */
2247 (void) vn_start_write(NULL, &mp, V_WAIT);
2248 mtx_unlock(&Giant); /* VFS */
2249 NFSD_LOCK();
2250 nfsm_srvnamesiz(len);
2251
2252 nd.ni_cnd.cn_cred = cred;
2253 nd.ni_cnd.cn_nameiop = DELETE;
2254 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF;
2255 error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
2256 &dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
2257 NFSD_UNLOCK();
2258 mtx_lock(&Giant); /* VFS */
2259 if (dirp && !v3) {
2260 vrele(dirp);
2261 dirp = NULL;
2262 }
2263 if (error == 0) {
2264 if (nd.ni_vp->v_type == VDIR) {
2265 error = EPERM; /* POSIX */
2266 goto out;
2267 }
2268 /*
2269 * The root of a mounted filesystem cannot be deleted.
2270 */
2271 if (nd.ni_vp->v_vflag & VV_ROOT) {
2272 error = EBUSY;
2273 goto out;
2274 }
2275 out:
2276 NFSD_UNLOCK_ASSERT();
2277 if (!error) {
2278 error = VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
2279 NDFREE(&nd, NDF_ONLY_PNBUF);
2280 }
2281 }
2282 if (dirp && v3) {
2283 if (dirp == nd.ni_dvp)
2284 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
2285 else {
2286 /* Drop the other locks to avoid deadlock. */
2287 if (nd.ni_dvp) {
2288 if (nd.ni_dvp == nd.ni_vp)
2289 vrele(nd.ni_dvp);
2290 else
2291 vput(nd.ni_dvp);
2292 }
2293 if (nd.ni_vp)
2294 vput(nd.ni_vp);
2295 nd.ni_dvp = NULL;
2296 nd.ni_vp = NULL;
2297
2298 vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td);
2299 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
2300 VOP_UNLOCK(dirp, 0, td);
2301 }
2302 vrele(dirp);
2303 dirp = NULL;
2304 }
2305 mtx_unlock(&Giant); /* VFS */
2306 NFSD_LOCK();
2307 ereply:
2308 NFSD_LOCK_ASSERT();
2309 nfsm_reply(NFSX_WCCDATA(v3));
2310 if (v3) {
2311 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2312 error = 0;
2313 }
2314 nfsmout:
2315 NFSD_LOCK_ASSERT();
2316 NFSD_UNLOCK();
2317 mtx_lock(&Giant); /* VFS */
2318 NDFREE(&nd, NDF_ONLY_PNBUF);
2319 if (nd.ni_dvp) {
2320 if (nd.ni_dvp == nd.ni_vp)
2321 vrele(nd.ni_dvp);
2322 else
2323 vput(nd.ni_dvp);
2324 }
2325 if (nd.ni_vp)
2326 vput(nd.ni_vp);
2327 vn_finished_write(mp);
2328 mtx_unlock(&Giant); /* VFS */
2329 NFSD_LOCK();
2330 return(error);
2331 }
2332
2333 /*
2334 * nfs rename service
2335 */
2336 int
2337 nfsrv_rename(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
2338 struct thread *td, struct mbuf **mrq)
2339 {
2340 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2341 struct sockaddr *nam = nfsd->nd_nam;
2342 caddr_t dpos = nfsd->nd_dpos;
2343 struct ucred *cred = &nfsd->nd_cr;
2344 caddr_t bpos;
2345 int error = 0, len, len2, fdirfor_ret = 1, fdiraft_ret = 1;
2346 int tdirfor_ret = 1, tdiraft_ret = 1;
2347 int v3 = (nfsd->nd_flag & ND_NFSV3);
2348 struct mbuf *mb, *mreq;
2349 struct nameidata fromnd, tond;
2350 struct vnode *fvp, *tvp, *tdvp, *fdirp = NULL;
2351 struct vnode *tdirp = NULL;
2352 struct vattr fdirfor, fdiraft, tdirfor, tdiraft;
2353 nfsfh_t fnfh, tnfh;
2354 fhandle_t *ffhp, *tfhp;
2355 uid_t saved_uid;
2356 struct mount *mp = NULL;
2357
2358 NFSD_LOCK_ASSERT();
2359
2360 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
2361 #ifndef nolint
2362 fvp = NULL;
2363 #endif
2364 ffhp = &fnfh.fh_generic;
2365 tfhp = &tnfh.fh_generic;
2366
2367 /*
2368 * Clear fields incase goto nfsmout occurs from macro.
2369 */
2370
2371 ndclear(&fromnd);
2372 ndclear(&tond);
2373
2374 nfsm_srvmtofh(ffhp);
2375 if ((mp = vfs_getvfs(&ffhp->fh_fsid)) == NULL) {
2376 error = ESTALE;
2377 goto out1;
2378 }
2379 NFSD_UNLOCK();
2380 mtx_lock(&Giant);
2381 (void) vn_start_write(NULL, &mp, V_WAIT);
2382 mtx_unlock(&Giant);
2383 NFSD_LOCK();
2384 nfsm_srvnamesiz(len);
2385 /*
2386 * Remember our original uid so that we can reset cr_uid before
2387 * the second nfs_namei() call, in case it is remapped.
2388 */
2389 saved_uid = cred->cr_uid;
2390 fromnd.ni_cnd.cn_cred = cred;
2391 fromnd.ni_cnd.cn_nameiop = DELETE;
2392 fromnd.ni_cnd.cn_flags = WANTPARENT | SAVESTART;
2393 error = nfs_namei(&fromnd, ffhp, len, slp, nam, &md,
2394 &dpos, &fdirp, v3, &fdirfor, &fdirfor_ret, td, FALSE);
2395 if (fdirp && !v3) {
2396 NFSD_UNLOCK();
2397 mtx_lock(&Giant); /* VFS */
2398 vrele(fdirp);
2399 mtx_unlock(&Giant); /* VFS */
2400 NFSD_LOCK();
2401 fdirp = NULL;
2402 }
2403 if (error) {
2404 nfsm_reply(2 * NFSX_WCCDATA(v3));
2405 if (v3) {
2406 nfsm_srvwcc_data(fdirfor_ret, &fdirfor, fdiraft_ret, &fdiraft);
2407 nfsm_srvwcc_data(tdirfor_ret, &tdirfor, tdiraft_ret, &tdiraft);
2408 }
2409 error = 0;
2410 goto nfsmout;
2411 }
2412 fvp = fromnd.ni_vp;
2413 nfsm_srvmtofh(tfhp);
2414 nfsm_srvnamesiz(len2);
2415 cred->cr_uid = saved_uid;
2416 tond.ni_cnd.cn_cred = cred;
2417 tond.ni_cnd.cn_nameiop = RENAME;
2418 tond.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART;
2419 error = nfs_namei(&tond, tfhp, len2, slp, nam, &md,
2420 &dpos, &tdirp, v3, &tdirfor, &tdirfor_ret, td, FALSE);
2421 NFSD_UNLOCK();
2422 mtx_lock(&Giant); /* VFS */
2423 if (tdirp && !v3) {
2424 vrele(tdirp);
2425 tdirp = NULL;
2426 }
2427 if (error) {
2428 mtx_unlock(&Giant); /* VFS */
2429 NFSD_LOCK();
2430 goto out1;
2431 }
2432
2433 tdvp = tond.ni_dvp;
2434 tvp = tond.ni_vp;
2435 if (tvp != NULL) {
2436 if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
2437 if (v3)
2438 error = EEXIST;
2439 else
2440 error = EISDIR;
2441 goto out;
2442 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
2443 if (v3)
2444 error = EEXIST;
2445 else
2446 error = ENOTDIR;
2447 goto out;
2448 }
2449 if (tvp->v_type == VDIR && tvp->v_mountedhere) {
2450 if (v3)
2451 error = EXDEV;
2452 else
2453 error = ENOTEMPTY;
2454 goto out;
2455 }
2456 }
2457 if (fvp->v_type == VDIR && fvp->v_mountedhere) {
2458 if (v3)
2459 error = EXDEV;
2460 else
2461 error = ENOTEMPTY;
2462 goto out;
2463 }
2464 if (fvp->v_mount != tdvp->v_mount) {
2465 if (v3)
2466 error = EXDEV;
2467 else
2468 error = ENOTEMPTY;
2469 goto out;
2470 }
2471 if (fvp == tdvp) {
2472 if (v3)
2473 error = EINVAL;
2474 else
2475 error = ENOTEMPTY;
2476 }
2477 /*
2478 * If source is the same as the destination (that is the
2479 * same vnode with the same name in the same directory),
2480 * then there is nothing to do.
2481 */
2482 if (fvp == tvp && fromnd.ni_dvp == tdvp &&
2483 fromnd.ni_cnd.cn_namelen == tond.ni_cnd.cn_namelen &&
2484 !bcmp(fromnd.ni_cnd.cn_nameptr, tond.ni_cnd.cn_nameptr,
2485 fromnd.ni_cnd.cn_namelen))
2486 error = -1;
2487 out:
2488 NFSD_UNLOCK_ASSERT();
2489 if (!error) {
2490 /*
2491 * The VOP_RENAME function releases all vnode references &
2492 * locks prior to returning so we need to clear the pointers
2493 * to bypass cleanup code later on.
2494 */
2495 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
2496 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
2497 fromnd.ni_dvp = NULL;
2498 fromnd.ni_vp = NULL;
2499 tond.ni_dvp = NULL;
2500 tond.ni_vp = NULL;
2501 if (error) {
2502 fromnd.ni_cnd.cn_flags &= ~HASBUF;
2503 tond.ni_cnd.cn_flags &= ~HASBUF;
2504 }
2505 } else {
2506 if (error == -1)
2507 error = 0;
2508 }
2509 /* fall through */
2510
2511 mtx_unlock(&Giant); /* VFS */
2512 NFSD_LOCK();
2513 out1:
2514 NFSD_LOCK_ASSERT();
2515 nfsm_reply(2 * NFSX_WCCDATA(v3));
2516 if (v3) {
2517 /* Release existing locks to prevent deadlock. */
2518 NFSD_UNLOCK();
2519 mtx_lock(&Giant); /* VFS */
2520 if (tond.ni_dvp) {
2521 if (tond.ni_dvp == tond.ni_vp)
2522 vrele(tond.ni_dvp);
2523 else
2524 vput(tond.ni_dvp);
2525 }
2526 if (tond.ni_vp)
2527 vput(tond.ni_vp);
2528 tond.ni_dvp = NULL;
2529 tond.ni_vp = NULL;
2530
2531 if (fdirp) {
2532 vn_lock(fdirp, LK_EXCLUSIVE | LK_RETRY, td);
2533 fdiraft_ret = VOP_GETATTR(fdirp, &fdiraft, cred, td);
2534 VOP_UNLOCK(fdirp, 0, td);
2535 }
2536 if (tdirp) {
2537 vn_lock(tdirp, LK_EXCLUSIVE | LK_RETRY, td);
2538 tdiraft_ret = VOP_GETATTR(tdirp, &tdiraft, cred, td);
2539 VOP_UNLOCK(tdirp, 0, td);
2540 }
2541 mtx_unlock(&Giant); /* VFS */
2542 NFSD_LOCK();
2543 nfsm_srvwcc_data(fdirfor_ret, &fdirfor, fdiraft_ret, &fdiraft);
2544 nfsm_srvwcc_data(tdirfor_ret, &tdirfor, tdiraft_ret, &tdiraft);
2545 }
2546 error = 0;
2547 /* fall through */
2548
2549 nfsmout:
2550 /*
2551 * Clear out tond related fields
2552 */
2553 NFSD_LOCK_ASSERT();
2554 NFSD_UNLOCK();
2555 mtx_lock(&Giant); /* VFS */
2556 if (tdirp)
2557 vrele(tdirp);
2558 if (tond.ni_startdir)
2559 vrele(tond.ni_startdir);
2560 NDFREE(&tond, NDF_ONLY_PNBUF);
2561 if (tond.ni_dvp) {
2562 if (tond.ni_dvp == tond.ni_vp)
2563 vrele(tond.ni_dvp);
2564 else
2565 vput(tond.ni_dvp);
2566 }
2567 if (tond.ni_vp)
2568 vput(tond.ni_vp);
2569
2570 /*
2571 * Clear out fromnd related fields
2572 */
2573 if (fdirp)
2574 vrele(fdirp);
2575 if (fromnd.ni_startdir)
2576 vrele(fromnd.ni_startdir);
2577 NDFREE(&fromnd, NDF_ONLY_PNBUF);
2578 if (fromnd.ni_dvp)
2579 vrele(fromnd.ni_dvp);
2580 if (fromnd.ni_vp)
2581 vrele(fromnd.ni_vp);
2582
2583 vn_finished_write(mp);
2584 mtx_unlock(&Giant); /* VFS */
2585 NFSD_LOCK();
2586 return (error);
2587 }
2588
2589 /*
2590 * nfs link service
2591 */
2592 int
2593 nfsrv_link(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
2594 struct thread *td, struct mbuf **mrq)
2595 {
2596 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2597 struct sockaddr *nam = nfsd->nd_nam;
2598 caddr_t dpos = nfsd->nd_dpos;
2599 struct ucred *cred = &nfsd->nd_cr;
2600 struct nameidata nd;
2601 caddr_t bpos;
2602 int error = 0, rdonly, len, dirfor_ret = 1, diraft_ret = 1;
2603 int getret = 1, v3 = (nfsd->nd_flag & ND_NFSV3);
2604 struct mbuf *mb, *mreq;
2605 struct vnode *vp = NULL, *xp, *dirp = NULL;
2606 struct vattr dirfor, diraft, at;
2607 nfsfh_t nfh, dnfh;
2608 fhandle_t *fhp, *dfhp;
2609 struct mount *mp = NULL;
2610
2611 NFSD_LOCK_ASSERT();
2612
2613 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
2614 ndclear(&nd);
2615
2616 fhp = &nfh.fh_generic;
2617 dfhp = &dnfh.fh_generic;
2618 nfsm_srvmtofh(fhp);
2619 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
2620 error = ESTALE;
2621 goto ereply;
2622 }
2623 NFSD_UNLOCK();
2624 mtx_lock(&Giant); /* VFS */
2625 (void) vn_start_write(NULL, &mp, V_WAIT);
2626 mtx_unlock(&Giant); /* VFS */
2627 NFSD_LOCK();
2628 nfsm_srvmtofh(dfhp);
2629 nfsm_srvnamesiz(len);
2630
2631 error = nfsrv_fhtovp(fhp, TRUE, &vp, cred, slp, nam, &rdonly, TRUE);
2632 if (error) {
2633 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3));
2634 if (v3) {
2635 nfsm_srvpostop_attr(getret, &at);
2636 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2637 }
2638 vp = NULL;
2639 error = 0;
2640 goto nfsmout;
2641 }
2642 NFSD_UNLOCK();
2643 mtx_lock(&Giant); /* VFS */
2644 if (v3)
2645 getret = VOP_GETATTR(vp, &at, cred, td);
2646 if (vp->v_type == VDIR) {
2647 error = EPERM; /* POSIX */
2648 goto out1;
2649 }
2650 VOP_UNLOCK(vp, 0, td);
2651 nd.ni_cnd.cn_cred = cred;
2652 nd.ni_cnd.cn_nameiop = CREATE;
2653 nd.ni_cnd.cn_flags = LOCKPARENT;
2654 mtx_unlock(&Giant); /* VFS */
2655 NFSD_LOCK();
2656 error = nfs_namei(&nd, dfhp, len, slp, nam, &md, &dpos,
2657 &dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
2658 NFSD_UNLOCK();
2659 mtx_lock(&Giant); /* VFS */
2660 if (dirp && !v3) {
2661 vrele(dirp);
2662 dirp = NULL;
2663 }
2664 if (error) {
2665 vrele(vp);
2666 vp = NULL;
2667 goto out2;
2668 }
2669 xp = nd.ni_vp;
2670 if (xp != NULL) {
2671 error = EEXIST;
2672 vrele(vp);
2673 vp = NULL;
2674 goto out2;
2675 }
2676 xp = nd.ni_dvp;
2677 if (vp->v_mount != xp->v_mount) {
2678 error = EXDEV;
2679 vrele(vp);
2680 vp = NULL;
2681 goto out2;
2682 }
2683 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
2684 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
2685 NDFREE(&nd, NDF_ONLY_PNBUF);
2686 /* fall through */
2687
2688 out1:
2689 if (v3)
2690 getret = VOP_GETATTR(vp, &at, cred, td);
2691 out2:
2692 if (dirp) {
2693 if (dirp == nd.ni_dvp)
2694 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
2695 else {
2696 /* Release existing locks to prevent deadlock. */
2697 if (nd.ni_dvp) {
2698 if (nd.ni_dvp == nd.ni_vp)
2699 vrele(nd.ni_dvp);
2700 else
2701 vput(nd.ni_dvp);
2702 }
2703 if (nd.ni_vp)
2704 vrele(nd.ni_vp);
2705 nd.ni_dvp = NULL;
2706 nd.ni_vp = NULL;
2707
2708 vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td);
2709 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
2710 VOP_UNLOCK(dirp, 0, td);
2711 }
2712 }
2713 mtx_unlock(&Giant); /* VFS */
2714 NFSD_LOCK();
2715 ereply:
2716 NFSD_LOCK_ASSERT();
2717 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3));
2718 if (v3) {
2719 nfsm_srvpostop_attr(getret, &at);
2720 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2721 error = 0;
2722 }
2723 /* fall through */
2724
2725 nfsmout:
2726 NFSD_LOCK_ASSERT();
2727 NFSD_UNLOCK();
2728 mtx_lock(&Giant); /* VFS */
2729 NDFREE(&nd, NDF_ONLY_PNBUF);
2730 if (dirp)
2731 vrele(dirp);
2732 if (vp)
2733 vput(vp);
2734 if (nd.ni_dvp) {
2735 if (nd.ni_dvp == nd.ni_vp)
2736 vrele(nd.ni_dvp);
2737 else
2738 vput(nd.ni_dvp);
2739 }
2740 if (nd.ni_vp)
2741 vrele(nd.ni_vp);
2742 vn_finished_write(mp);
2743 mtx_unlock(&Giant); /* VFS */
2744 NFSD_LOCK();
2745 return(error);
2746 }
2747
2748 /*
2749 * nfs symbolic link service
2750 */
2751 int
2752 nfsrv_symlink(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
2753 struct thread *td, struct mbuf **mrq)
2754 {
2755 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2756 struct sockaddr *nam = nfsd->nd_nam;
2757 caddr_t dpos = nfsd->nd_dpos;
2758 struct ucred *cred = &nfsd->nd_cr;
2759 struct vattr va, dirfor, diraft;
2760 struct nameidata nd;
2761 struct vattr *vap = &va;
2762 struct nfsv2_sattr *sp;
2763 char *bpos, *pathcp = NULL;
2764 struct uio io;
2765 struct iovec iv;
2766 int error = 0, len, len2, dirfor_ret = 1, diraft_ret = 1;
2767 int v3 = (nfsd->nd_flag & ND_NFSV3);
2768 struct mbuf *mb, *mreq;
2769 struct vnode *dirp = NULL;
2770 nfsfh_t nfh;
2771 fhandle_t *fhp;
2772 struct mount *mp = NULL;
2773
2774 NFSD_LOCK_ASSERT();
2775
2776 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
2777 ndclear(&nd);
2778
2779 fhp = &nfh.fh_generic;
2780 nfsm_srvmtofh(fhp);
2781 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
2782 NFSD_UNLOCK();
2783 mtx_lock(&Giant); /* VFS */
2784 error = ESTALE;
2785 goto out;
2786 }
2787 NFSD_UNLOCK();
2788 mtx_lock(&Giant); /* VFS */
2789 (void) vn_start_write(NULL, &mp, V_WAIT);
2790 mtx_unlock(&Giant); /* VFS */
2791 NFSD_LOCK();
2792 nfsm_srvnamesiz(len);
2793 nd.ni_cnd.cn_cred = cred;
2794 nd.ni_cnd.cn_nameiop = CREATE;
2795 nd.ni_cnd.cn_flags = LOCKPARENT | SAVESTART;
2796 error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
2797 &dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
2798 NFSD_UNLOCK();
2799 mtx_lock(&Giant); /* VFS */
2800 if (dirp && !v3) {
2801 vrele(dirp);
2802 dirp = NULL;
2803 }
2804 if (error)
2805 goto out;
2806
2807 VATTR_NULL(vap);
2808 if (v3)
2809 nfsm_srvsattr(vap);
2810 nfsm_srvpathsiz(len2);
2811 MALLOC(pathcp, caddr_t, len2 + 1, M_TEMP, M_WAITOK);
2812 iv.iov_base = pathcp;
2813 iv.iov_len = len2;
2814 io.uio_resid = len2;
2815 io.uio_offset = 0;
2816 io.uio_iov = &iv;
2817 io.uio_iovcnt = 1;
2818 io.uio_segflg = UIO_SYSSPACE;
2819 io.uio_rw = UIO_READ;
2820 io.uio_td = NULL;
2821 nfsm_mtouio(&io, len2);
2822 if (!v3) {
2823 sp = nfsm_dissect(struct nfsv2_sattr *, NFSX_V2SATTR);
2824 vap->va_mode = nfstov_mode(sp->sa_mode);
2825 }
2826 *(pathcp + len2) = '\0';
2827 if (nd.ni_vp) {
2828 error = EEXIST;
2829 goto out;
2830 }
2831
2832 /*
2833 * issue symlink op. SAVESTART is set so the underlying path component
2834 * is only freed by the VOP if an error occurs.
2835 */
2836 if (vap->va_mode == (mode_t)VNOVAL)
2837 vap->va_mode = 0;
2838 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap, pathcp);
2839 if (error)
2840 NDFREE(&nd, NDF_ONLY_PNBUF);
2841 else
2842 vput(nd.ni_vp);
2843 nd.ni_vp = NULL;
2844 /*
2845 * releases directory prior to potential lookup op.
2846 */
2847 vput(nd.ni_dvp);
2848 nd.ni_dvp = NULL;
2849
2850 if (error == 0) {
2851 if (v3) {
2852 /*
2853 * Issue lookup. Leave SAVESTART set so we can easily free
2854 * the name buffer later on.
2855 *
2856 * since LOCKPARENT is not set, ni_dvp will be garbage on
2857 * return whether an error occurs or not.
2858 */
2859 nd.ni_cnd.cn_nameiop = LOOKUP;
2860 nd.ni_cnd.cn_flags &= ~(LOCKPARENT | FOLLOW);
2861 nd.ni_cnd.cn_flags |= (NOFOLLOW | LOCKLEAF);
2862 nd.ni_cnd.cn_thread = td;
2863 nd.ni_cnd.cn_cred = cred;
2864
2865 error = lookup(&nd);
2866 nd.ni_dvp = NULL;
2867
2868 if (error == 0) {
2869 bzero((caddr_t)fhp, sizeof(nfh));
2870 fhp->fh_fsid = nd.ni_vp->v_mount->mnt_stat.f_fsid;
2871 error = VFS_VPTOFH(nd.ni_vp, &fhp->fh_fid);
2872 if (!error)
2873 error = VOP_GETATTR(nd.ni_vp, vap, cred,
2874 td);
2875 vput(nd.ni_vp);
2876 nd.ni_vp = NULL;
2877 }
2878 }
2879 }
2880 out:
2881 NFSD_UNLOCK_ASSERT();
2882 /*
2883 * These releases aren't strictly required, does even doing them
2884 * make any sense? XXX can nfsm_reply() block?
2885 */
2886 if (pathcp) {
2887 FREE(pathcp, M_TEMP);
2888 pathcp = NULL;
2889 }
2890 if (dirp) {
2891 vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td);
2892 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
2893 VOP_UNLOCK(dirp, 0, td);
2894 }
2895 if (nd.ni_startdir) {
2896 vrele(nd.ni_startdir);
2897 nd.ni_startdir = NULL;
2898 }
2899 mtx_unlock(&Giant); /* VFS */
2900 NFSD_LOCK();
2901 nfsm_reply(NFSX_SRVFH(v3) + NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3));
2902 if (v3) {
2903 if (!error) {
2904 nfsm_srvpostop_fh(fhp);
2905 nfsm_srvpostop_attr(0, vap);
2906 }
2907 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2908 }
2909 error = 0;
2910 /* fall through */
2911
2912 nfsmout:
2913 NFSD_LOCK_ASSERT();
2914 NFSD_UNLOCK();
2915 mtx_lock(&Giant); /* VFS */
2916 NDFREE(&nd, NDF_ONLY_PNBUF);
2917 if (nd.ni_dvp) {
2918 if (nd.ni_dvp == nd.ni_vp)
2919 vrele(nd.ni_dvp);
2920 else
2921 vput(nd.ni_dvp);
2922 }
2923 if (nd.ni_vp)
2924 vrele(nd.ni_vp);
2925 if (nd.ni_startdir)
2926 vrele(nd.ni_startdir);
2927 if (dirp)
2928 vrele(dirp);
2929 if (pathcp)
2930 FREE(pathcp, M_TEMP);
2931
2932 vn_finished_write(mp);
2933 mtx_unlock(&Giant); /* VFS */
2934 NFSD_LOCK();
2935 return (error);
2936 }
2937
2938 /*
2939 * nfs mkdir service
2940 */
2941 int
2942 nfsrv_mkdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
2943 struct thread *td, struct mbuf **mrq)
2944 {
2945 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2946 struct sockaddr *nam = nfsd->nd_nam;
2947 caddr_t dpos = nfsd->nd_dpos;
2948 struct ucred *cred = &nfsd->nd_cr;
2949 struct vattr va, dirfor, diraft;
2950 struct vattr *vap = &va;
2951 struct nfs_fattr *fp;
2952 struct nameidata nd;
2953 u_int32_t *tl;
2954 caddr_t bpos;
2955 int error = 0, len, dirfor_ret = 1, diraft_ret = 1;
2956 int v3 = (nfsd->nd_flag & ND_NFSV3);
2957 struct mbuf *mb, *mreq;
2958 struct vnode *dirp = NULL;
2959 int vpexcl = 0;
2960 nfsfh_t nfh;
2961 fhandle_t *fhp;
2962 struct mount *mp = NULL;
2963
2964 NFSD_LOCK_ASSERT();
2965
2966 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
2967 ndclear(&nd);
2968
2969 fhp = &nfh.fh_generic;
2970 nfsm_srvmtofh(fhp);
2971 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
2972 NFSD_UNLOCK();
2973 mtx_lock(&Giant); /* VFS */
2974 error = ESTALE;
2975 goto out;
2976 }
2977 NFSD_UNLOCK();
2978 mtx_lock(&Giant); /* VFS */
2979 (void) vn_start_write(NULL, &mp, V_WAIT);
2980 mtx_unlock(&Giant); /* VFS */
2981 NFSD_LOCK();
2982 nfsm_srvnamesiz(len);
2983 nd.ni_cnd.cn_cred = cred;
2984 nd.ni_cnd.cn_nameiop = CREATE;
2985 nd.ni_cnd.cn_flags = LOCKPARENT;
2986
2987 error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
2988 &dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
2989 if (dirp && !v3) {
2990 NFSD_UNLOCK();
2991 mtx_lock(&Giant); /* VFS */
2992 vrele(dirp);
2993 mtx_unlock(&Giant); /* VFS */
2994 NFSD_LOCK();
2995 dirp = NULL;
2996 }
2997 if (error) {
2998 nfsm_reply(NFSX_WCCDATA(v3));
2999 if (v3)
3000 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
3001 error = 0;
3002 goto nfsmout;
3003 }
3004 VATTR_NULL(vap);
3005 if (v3) {
3006 nfsm_srvsattr(vap);
3007 } else {
3008 tl = nfsm_dissect(u_int32_t *, NFSX_UNSIGNED);
3009 vap->va_mode = nfstov_mode(*tl++);
3010 }
3011
3012 /*
3013 * At this point nd.ni_dvp is referenced and exclusively locked and
3014 * nd.ni_vp, if it exists, is referenced but not locked.
3015 */
3016
3017 NFSD_UNLOCK();
3018 mtx_lock(&Giant); /* VFS */
3019 vap->va_type = VDIR;
3020 if (nd.ni_vp != NULL) {
3021 NDFREE(&nd, NDF_ONLY_PNBUF);
3022 error = EEXIST;
3023 goto out;
3024 }
3025
3026 /*
3027 * Issue mkdir op. Since SAVESTART is not set, the pathname
3028 * component is freed by the VOP call. This will fill-in
3029 * nd.ni_vp, reference, and exclusively lock it.
3030 */
3031 if (vap->va_mode == (mode_t)VNOVAL)
3032 vap->va_mode = 0;
3033 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
3034 NDFREE(&nd, NDF_ONLY_PNBUF);
3035 vpexcl = 1;
3036
3037 vput(nd.ni_dvp);
3038 nd.ni_dvp = NULL;
3039
3040 if (!error) {
3041 bzero((caddr_t)fhp, sizeof(nfh));
3042 fhp->fh_fsid = nd.ni_vp->v_mount->mnt_stat.f_fsid;
3043 error = VFS_VPTOFH(nd.ni_vp, &fhp->fh_fid);
3044 if (!error)
3045 error = VOP_GETATTR(nd.ni_vp, vap, cred, td);
3046 }
3047 out:
3048 NFSD_UNLOCK_ASSERT();
3049 if (dirp) {
3050 if (dirp == nd.ni_dvp) {
3051 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
3052 } else {
3053 /* Release existing locks to prevent deadlock. */
3054 if (nd.ni_dvp) {
3055 NDFREE(&nd, NDF_ONLY_PNBUF);
3056 if (nd.ni_dvp == nd.ni_vp && vpexcl)
3057 vrele(nd.ni_dvp);
3058 else
3059 vput(nd.ni_dvp);
3060 }
3061 if (nd.ni_vp) {
3062 if (vpexcl)
3063 vput(nd.ni_vp);
3064 else
3065 vrele(nd.ni_vp);
3066 }
3067 nd.ni_dvp = NULL;
3068 nd.ni_vp = NULL;
3069 vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td);
3070 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
3071 VOP_UNLOCK(dirp, 0, td);
3072 }
3073 }
3074 mtx_unlock(&Giant); /* VFS */
3075 NFSD_LOCK();
3076 nfsm_reply(NFSX_SRVFH(v3) + NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3));
3077 if (v3) {
3078 if (!error) {
3079 nfsm_srvpostop_fh(fhp);
3080 nfsm_srvpostop_attr(0, vap);
3081 }
3082 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
3083 } else if (!error) {
3084 /* v2 non-error case. */
3085 nfsm_srvfhtom(fhp, v3);
3086 fp = nfsm_build(struct nfs_fattr *, NFSX_V2FATTR);
3087 nfsm_srvfillattr(vap, fp);
3088 }
3089 error = 0;
3090 /* fall through */
3091
3092 nfsmout:
3093 NFSD_LOCK_ASSERT();
3094 NFSD_UNLOCK();
3095 mtx_lock(&Giant); /* VFS */
3096 if (dirp)
3097 vrele(dirp);
3098 if (nd.ni_dvp) {
3099 NDFREE(&nd, NDF_ONLY_PNBUF);
3100 if (nd.ni_dvp == nd.ni_vp && vpexcl)
3101 vrele(nd.ni_dvp);
3102 else
3103 vput(nd.ni_dvp);
3104 }
3105 if (nd.ni_vp) {
3106 if (vpexcl)
3107 vput(nd.ni_vp);
3108 else
3109 vrele(nd.ni_vp);
3110 }
3111 vn_finished_write(mp);
3112 mtx_unlock(&Giant); /* VFS */
3113 NFSD_LOCK();
3114 return (error);
3115 }
3116
3117 /*
3118 * nfs rmdir service
3119 */
3120 int
3121 nfsrv_rmdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
3122 struct thread *td, struct mbuf **mrq)
3123 {
3124 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
3125 struct sockaddr *nam = nfsd->nd_nam;
3126 caddr_t dpos = nfsd->nd_dpos;
3127 struct ucred *cred = &nfsd->nd_cr;
3128 caddr_t bpos;
3129 int error = 0, len, dirfor_ret = 1, diraft_ret = 1;
3130 int v3 = (nfsd->nd_flag & ND_NFSV3);
3131 struct mbuf *mb, *mreq;
3132 struct vnode *vp, *dirp = NULL;
3133 struct vattr dirfor, diraft;
3134 nfsfh_t nfh;
3135 fhandle_t *fhp;
3136 struct nameidata nd;
3137 struct mount *mp = NULL;
3138
3139 NFSD_LOCK_ASSERT();
3140
3141 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
3142 ndclear(&nd);
3143
3144 fhp = &nfh.fh_generic;
3145 nfsm_srvmtofh(fhp);
3146 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
3147 error = ESTALE;
3148 goto out;
3149 }
3150 NFSD_UNLOCK();
3151 mtx_lock(&Giant); /* VFS */
3152 (void) vn_start_write(NULL, &mp, V_WAIT);
3153 mtx_unlock(&Giant); /* VFS */
3154 NFSD_LOCK();
3155 nfsm_srvnamesiz(len);
3156 nd.ni_cnd.cn_cred = cred;
3157 nd.ni_cnd.cn_nameiop = DELETE;
3158 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF;
3159 error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
3160 &dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
3161 if (dirp && !v3) {
3162 NFSD_UNLOCK();
3163 mtx_lock(&Giant); /* VFS */
3164 vrele(dirp);
3165 mtx_unlock(&Giant); /* VFS */
3166 NFSD_LOCK();
3167 dirp = NULL;
3168 }
3169 if (error) {
3170 nfsm_reply(NFSX_WCCDATA(v3));
3171 if (v3)
3172 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
3173 error = 0;
3174 goto nfsmout;
3175 }
3176 vp = nd.ni_vp;
3177 if (vp->v_type != VDIR) {
3178 error = ENOTDIR;
3179 goto out;
3180 }
3181 /*
3182 * No rmdir "." please.
3183 */
3184 if (nd.ni_dvp == vp) {
3185 error = EINVAL;
3186 goto out;
3187 }
3188 /*
3189 * The root of a mounted filesystem cannot be deleted.
3190 */
3191 if (vp->v_vflag & VV_ROOT)
3192 error = EBUSY;
3193 out:
3194 /*
3195 * Issue or abort op. Since SAVESTART is not set, path name
3196 * component is freed by the VOP after either.
3197 */
3198 NFSD_LOCK_ASSERT();
3199 NFSD_UNLOCK();
3200 mtx_lock(&Giant); /* VFS */
3201 if (!error)
3202 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
3203 NDFREE(&nd, NDF_ONLY_PNBUF);
3204
3205 if (dirp) {
3206 if (dirp == nd.ni_dvp)
3207 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
3208 else {
3209 /* Release existing locks to prevent deadlock. */
3210 if (nd.ni_dvp) {
3211 if (nd.ni_dvp == nd.ni_vp)
3212 vrele(nd.ni_dvp);
3213 else
3214 vput(nd.ni_dvp);
3215 }
3216 if (nd.ni_vp)
3217 vput(nd.ni_vp);
3218 nd.ni_dvp = NULL;
3219 nd.ni_vp = NULL;
3220 vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td);
3221 diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
3222 VOP_UNLOCK(dirp, 0, td);
3223 }
3224 }
3225 mtx_unlock(&Giant); /* VFS */
3226 NFSD_LOCK();
3227 nfsm_reply(NFSX_WCCDATA(v3));
3228 error = 0;
3229 if (v3)
3230 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
3231 /* fall through */
3232
3233 nfsmout:
3234 NFSD_LOCK_ASSERT();
3235 NFSD_UNLOCK();
3236 mtx_lock(&Giant); /* VFS */
3237 NDFREE(&nd, NDF_ONLY_PNBUF);
3238 if (dirp)
3239 vrele(dirp);
3240 if (nd.ni_dvp) {
3241 if (nd.ni_dvp == nd.ni_vp)
3242 vrele(nd.ni_dvp);
3243 else
3244 vput(nd.ni_dvp);
3245 }
3246 if (nd.ni_vp)
3247 vput(nd.ni_vp);
3248
3249 vn_finished_write(mp);
3250 mtx_unlock(&Giant); /* VFS */
3251 NFSD_LOCK();
3252 return(error);
3253 }
3254
3255 /*
3256 * nfs readdir service
3257 * - mallocs what it thinks is enough to read
3258 * count rounded up to a multiple of NFS_DIRBLKSIZ <= NFS_MAXREADDIR
3259 * - calls VOP_READDIR()
3260 * - loops around building the reply
3261 * if the output generated exceeds count break out of loop
3262 * The nfsm_clget macro is used here so that the reply will be packed
3263 * tightly in mbuf clusters.
3264 * - it only knows that it has encountered eof when the VOP_READDIR()
3265 * reads nothing
3266 * - as such one readdir rpc will return eof false although you are there
3267 * and then the next will return eof
3268 * - it trims out records with d_fileno == 0
3269 * this doesn't matter for Unix clients, but they might confuse clients
3270 * for other os'.
3271 * NB: It is tempting to set eof to true if the VOP_READDIR() reads less
3272 * than requested, but this may not apply to all filesystems. For
3273 * example, client NFS does not { although it is never remote mounted
3274 * anyhow }
3275 * The alternate call nfsrv_readdirplus() does lookups as well.
3276 * PS: The NFS protocol spec. does not clarify what the "count" byte
3277 * argument is a count of.. just name strings and file id's or the
3278 * entire reply rpc or ...
3279 * I tried just file name and id sizes and it confused the Sun client,
3280 * so I am using the full rpc size now. The "paranoia.." comment refers
3281 * to including the status longwords that are not a part of the dir.
3282 * "entry" structures, but are in the rpc.
3283 */
3284 struct flrep {
3285 nfsuint64 fl_off;
3286 u_int32_t fl_postopok;
3287 u_int32_t fl_fattr[NFSX_V3FATTR / sizeof (u_int32_t)];
3288 u_int32_t fl_fhok;
3289 u_int32_t fl_fhsize;
3290 u_int32_t fl_nfh[NFSX_V3FH / sizeof (u_int32_t)];
3291 };
3292
3293 int
3294 nfsrv_readdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
3295 struct thread *td, struct mbuf **mrq)
3296 {
3297 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
3298 struct sockaddr *nam = nfsd->nd_nam;
3299 caddr_t dpos = nfsd->nd_dpos;
3300 struct ucred *cred = &nfsd->nd_cr;
3301 char *bp, *be;
3302 struct mbuf *mp;
3303 struct dirent *dp;
3304 caddr_t cp;
3305 u_int32_t *tl;
3306 caddr_t bpos;
3307 struct mbuf *mb, *mreq;
3308 char *cpos, *cend, *rbuf;
3309 struct vnode *vp = NULL;
3310 struct vattr at;
3311 nfsfh_t nfh;
3312 fhandle_t *fhp;
3313 struct uio io;
3314 struct iovec iv;
3315 int len, nlen, rem, xfer, tsiz, i, error = 0, getret = 1;
3316 int siz, cnt, fullsiz, eofflag, rdonly, ncookies;
3317 int v3 = (nfsd->nd_flag & ND_NFSV3);
3318 u_quad_t off, toff, verf;
3319 u_long *cookies = NULL, *cookiep; /* needs to be int64_t or off_t */
3320
3321 NFSD_LOCK_ASSERT();
3322
3323 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
3324 fhp = &nfh.fh_generic;
3325 nfsm_srvmtofh(fhp);
3326 if (v3) {
3327 tl = nfsm_dissect(u_int32_t *, 5 * NFSX_UNSIGNED);
3328 toff = fxdr_hyper(tl);
3329 tl += 2;
3330 verf = fxdr_hyper(tl);
3331 tl += 2;
3332 } else {
3333 tl = nfsm_dissect(u_int32_t *, 2 * NFSX_UNSIGNED);
3334 toff = fxdr_unsigned(u_quad_t, *tl++);
3335 verf = 0; /* shut up gcc */
3336 }
3337 off = toff;
3338 cnt = fxdr_unsigned(int, *tl);
3339 siz = ((cnt + DIRBLKSIZ - 1) & ~(DIRBLKSIZ - 1));
3340 xfer = NFS_SRVMAXDATA(nfsd);
3341 if (cnt > xfer)
3342 cnt = xfer;
3343 if (siz > xfer)
3344 siz = xfer;
3345 fullsiz = siz;
3346 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
3347 if (!error && vp->v_type != VDIR) {
3348 error = ENOTDIR;
3349 NFSD_UNLOCK();
3350 mtx_lock(&Giant); /* VFS */
3351 vput(vp);
3352 mtx_unlock(&Giant); /* VFS */
3353 NFSD_LOCK();
3354 vp = NULL;
3355 }
3356 if (error) {
3357 nfsm_reply(NFSX_UNSIGNED);
3358 if (v3)
3359 nfsm_srvpostop_attr(getret, &at);
3360 error = 0;
3361 goto nfsmout;
3362 }
3363
3364 /*
3365 * Obtain lock on vnode for this section of the code
3366 */
3367 NFSD_UNLOCK();
3368 mtx_lock(&Giant); /* VFS */
3369 if (v3) {
3370 error = getret = VOP_GETATTR(vp, &at, cred, td);
3371 #if 0
3372 /*
3373 * XXX This check may be too strict for Solaris 2.5 clients.
3374 */
3375 if (!error && toff && verf && verf != at.va_filerev)
3376 error = NFSERR_BAD_COOKIE;
3377 #endif
3378 }
3379 if (!error)
3380 error = nfsrv_access_withgiant(vp, VEXEC, cred, rdonly, td, 0);
3381 if (error) {
3382 vput(vp);
3383 mtx_unlock(&Giant); /* VFS */
3384 NFSD_LOCK();
3385 vp = NULL;
3386 nfsm_reply(NFSX_POSTOPATTR(v3));
3387 if (v3)
3388 nfsm_srvpostop_attr(getret, &at);
3389 error = 0;
3390 goto nfsmout;
3391 }
3392 VOP_UNLOCK(vp, 0, td);
3393
3394 /*
3395 * end section. Allocate rbuf and continue
3396 */
3397 MALLOC(rbuf, caddr_t, siz, M_TEMP, M_WAITOK);
3398 again:
3399 NFSD_UNLOCK_ASSERT();
3400 iv.iov_base = rbuf;
3401 iv.iov_len = fullsiz;
3402 io.uio_iov = &iv;
3403 io.uio_iovcnt = 1;
3404 io.uio_offset = (off_t)off;
3405 io.uio_resid = fullsiz;
3406 io.uio_segflg = UIO_SYSSPACE;
3407 io.uio_rw = UIO_READ;
3408 io.uio_td = NULL;
3409 eofflag = 0;
3410 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
3411 if (cookies) {
3412 free((caddr_t)cookies, M_TEMP);
3413 cookies = NULL;
3414 }
3415 error = VOP_READDIR(vp, &io, cred, &eofflag, &ncookies, &cookies);
3416 off = (off_t)io.uio_offset;
3417 if (!cookies && !error)
3418 error = NFSERR_PERM;
3419 if (v3) {
3420 getret = VOP_GETATTR(vp, &at, cred, td);
3421 if (!error)
3422 error = getret;
3423 }
3424 VOP_UNLOCK(vp, 0, td);
3425 if (error) {
3426 vrele(vp);
3427 mtx_unlock(&Giant); /* VFS */
3428 vp = NULL;
3429 free((caddr_t)rbuf, M_TEMP);
3430 if (cookies)
3431 free((caddr_t)cookies, M_TEMP);
3432 NFSD_LOCK();
3433 nfsm_reply(NFSX_POSTOPATTR(v3));
3434 if (v3)
3435 nfsm_srvpostop_attr(getret, &at);
3436 error = 0;
3437 goto nfsmout;
3438 }
3439 if (io.uio_resid) {
3440 siz -= io.uio_resid;
3441
3442 /*
3443 * If nothing read, return eof
3444 * rpc reply
3445 */
3446 if (siz == 0) {
3447 vrele(vp);
3448 mtx_unlock(&Giant); /* VFS */
3449 vp = NULL;
3450 NFSD_LOCK();
3451 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_COOKIEVERF(v3) +
3452 2 * NFSX_UNSIGNED);
3453 if (v3) {
3454 nfsm_srvpostop_attr(getret, &at);
3455 tl = nfsm_build(u_int32_t *, 4 * NFSX_UNSIGNED);
3456 txdr_hyper(at.va_filerev, tl);
3457 tl += 2;
3458 } else
3459 tl = nfsm_build(u_int32_t *, 2 * NFSX_UNSIGNED);
3460 *tl++ = nfsrv_nfs_false;
3461 *tl = nfsrv_nfs_true;
3462 FREE((caddr_t)rbuf, M_TEMP);
3463 FREE((caddr_t)cookies, M_TEMP);
3464 error = 0;
3465 goto nfsmout;
3466 }
3467 }
3468
3469 /*
3470 * Check for degenerate cases of nothing useful read.
3471 * If so go try again
3472 */
3473 cpos = rbuf;
3474 cend = rbuf + siz;
3475 dp = (struct dirent *)cpos;
3476 cookiep = cookies;
3477 /*
3478 * For some reason FreeBSD's ufs_readdir() chooses to back the
3479 * directory offset up to a block boundary, so it is necessary to
3480 * skip over the records that precede the requested offset. This
3481 * requires the assumption that file offset cookies monotonically
3482 * increase.
3483 */
3484 while (cpos < cend && ncookies > 0 &&
3485 (dp->d_fileno == 0 || dp->d_type == DT_WHT ||
3486 ((u_quad_t)(*cookiep)) <= toff)) {
3487 cpos += dp->d_reclen;
3488 dp = (struct dirent *)cpos;
3489 cookiep++;
3490 ncookies--;
3491 }
3492 if (cpos >= cend || ncookies == 0) {
3493 toff = off;
3494 siz = fullsiz;
3495 goto again;
3496 }
3497
3498 mtx_unlock(&Giant); /* VFS */
3499 NFSD_LOCK();
3500 len = 3 * NFSX_UNSIGNED; /* paranoia, probably can be 0 */
3501 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_COOKIEVERF(v3) + siz);
3502 if (v3) {
3503 nfsm_srvpostop_attr(getret, &at);
3504 tl = nfsm_build(u_int32_t *, 2 * NFSX_UNSIGNED);
3505 txdr_hyper(at.va_filerev, tl);
3506 }
3507 mp = mb;
3508 bp = bpos;
3509 be = bp + M_TRAILINGSPACE(mp);
3510
3511 /* Loop through the records and build reply */
3512 while (cpos < cend && ncookies > 0) {
3513 if (dp->d_fileno != 0 && dp->d_type != DT_WHT) {
3514 nlen = dp->d_namlen;
3515 rem = nfsm_rndup(nlen) - nlen;
3516 len += (4 * NFSX_UNSIGNED + nlen + rem);
3517 if (v3)
3518 len += 2 * NFSX_UNSIGNED;
3519 if (len > cnt) {
3520 eofflag = 0;
3521 break;
3522 }
3523 /*
3524 * Build the directory record xdr from
3525 * the dirent entry.
3526 */
3527 nfsm_clget;
3528 *tl = nfsrv_nfs_true;
3529 bp += NFSX_UNSIGNED;
3530 if (v3) {
3531 nfsm_clget;
3532 *tl = 0;
3533 bp += NFSX_UNSIGNED;
3534 }
3535 nfsm_clget;
3536 *tl = txdr_unsigned(dp->d_fileno);
3537 bp += NFSX_UNSIGNED;
3538 nfsm_clget;
3539 *tl = txdr_unsigned(nlen);
3540 bp += NFSX_UNSIGNED;
3541
3542 /* And loop around copying the name */
3543 xfer = nlen;
3544 cp = dp->d_name;
3545 while (xfer > 0) {
3546 nfsm_clget;
3547 if ((bp+xfer) > be)
3548 tsiz = be-bp;
3549 else
3550 tsiz = xfer;
3551 bcopy(cp, bp, tsiz);
3552 bp += tsiz;
3553 xfer -= tsiz;
3554 if (xfer > 0)
3555 cp += tsiz;
3556 }
3557 /* And null pad to an int32_t boundary. */
3558 for (i = 0; i < rem; i++)
3559 *bp++ = '\0';
3560 nfsm_clget;
3561
3562 /* Finish off the record */
3563 if (v3) {
3564 *tl = 0;
3565 bp += NFSX_UNSIGNED;
3566 nfsm_clget;
3567 }
3568 *tl = txdr_unsigned(*cookiep);
3569 bp += NFSX_UNSIGNED;
3570 }
3571 cpos += dp->d_reclen;
3572 dp = (struct dirent *)cpos;
3573 cookiep++;
3574 ncookies--;
3575 }
3576 NFSD_UNLOCK();
3577 mtx_lock(&Giant); /* VFS */
3578 vrele(vp);
3579 mtx_unlock(&Giant); /* VFS */
3580 NFSD_LOCK();
3581 vp = NULL;
3582 nfsm_clget;
3583 *tl = nfsrv_nfs_false;
3584 bp += NFSX_UNSIGNED;
3585 nfsm_clget;
3586 if (eofflag)
3587 *tl = nfsrv_nfs_true;
3588 else
3589 *tl = nfsrv_nfs_false;
3590 bp += NFSX_UNSIGNED;
3591 if (mp != mb) {
3592 if (bp < be)
3593 mp->m_len = bp - mtod(mp, caddr_t);
3594 } else
3595 mp->m_len += bp - bpos;
3596 FREE((caddr_t)rbuf, M_TEMP);
3597 FREE((caddr_t)cookies, M_TEMP);
3598
3599 nfsmout:
3600 NFSD_LOCK_ASSERT();
3601 if (vp) {
3602 NFSD_UNLOCK();
3603 mtx_lock(&Giant); /* VFS */
3604 vrele(vp);
3605 mtx_unlock(&Giant); /* VFS */
3606 NFSD_LOCK();
3607 }
3608 return(error);
3609 }
3610
3611 int
3612 nfsrv_readdirplus(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
3613 struct thread *td, struct mbuf **mrq)
3614 {
3615 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
3616 struct sockaddr *nam = nfsd->nd_nam;
3617 caddr_t dpos = nfsd->nd_dpos;
3618 struct ucred *cred = &nfsd->nd_cr;
3619 char *bp, *be;
3620 struct mbuf *mp;
3621 struct dirent *dp;
3622 caddr_t cp;
3623 u_int32_t *tl;
3624 caddr_t bpos;
3625 struct mbuf *mb, *mreq;
3626 char *cpos, *cend, *rbuf;
3627 struct vnode *vp = NULL, *nvp;
3628 struct flrep fl;
3629 nfsfh_t nfh;
3630 fhandle_t *fhp, *nfhp = (fhandle_t *)fl.fl_nfh;
3631 struct uio io;
3632 struct iovec iv;
3633 struct vattr va, at, *vap = &va;
3634 struct nfs_fattr *fp;
3635 int len, nlen, rem, xfer, tsiz, i, error = 0, getret = 1;
3636 int siz, cnt, fullsiz, eofflag, rdonly, dirlen, ncookies;
3637 u_quad_t off, toff, verf;
3638 u_long *cookies = NULL, *cookiep; /* needs to be int64_t or off_t */
3639 int v3 = (nfsd->nd_flag & ND_NFSV3);
3640
3641 NFSD_LOCK_ASSERT();
3642
3643 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
3644 if (!v3)
3645 panic("nfsrv_readdirplus: v3 proc called on a v2 connection");
3646 fhp = &nfh.fh_generic;
3647 nfsm_srvmtofh(fhp);
3648 tl = nfsm_dissect(u_int32_t *, 6 * NFSX_UNSIGNED);
3649 toff = fxdr_hyper(tl);
3650 tl += 2;
3651 verf = fxdr_hyper(tl);
3652 tl += 2;
3653 siz = fxdr_unsigned(int, *tl++);
3654 cnt = fxdr_unsigned(int, *tl);
3655 off = toff;
3656 siz = ((siz + DIRBLKSIZ - 1) & ~(DIRBLKSIZ - 1));
3657 xfer = NFS_SRVMAXDATA(nfsd);
3658 if (cnt > xfer)
3659 cnt = xfer;
3660 if (siz > xfer)
3661 siz = xfer;
3662 fullsiz = siz;
3663 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
3664 if (!error && vp->v_type != VDIR) {
3665 error = ENOTDIR;
3666 NFSD_UNLOCK();
3667 mtx_lock(&Giant); /* VFS */
3668 vput(vp);
3669 mtx_unlock(&Giant); /* VFS */
3670 vp = NULL;
3671 NFSD_LOCK();
3672 }
3673 if (error) {
3674 nfsm_reply(NFSX_UNSIGNED);
3675 nfsm_srvpostop_attr(getret, &at);
3676 error = 0;
3677 goto nfsmout;
3678 }
3679 NFSD_UNLOCK();
3680 mtx_lock(&Giant); /* VFS */
3681 error = getret = VOP_GETATTR(vp, &at, cred, td);
3682 #if 0
3683 /*
3684 * XXX This check may be too strict for Solaris 2.5 clients.
3685 */
3686 if (!error && toff && verf && verf != at.va_filerev)
3687 error = NFSERR_BAD_COOKIE;
3688 #endif
3689 if (!error)
3690 error = nfsrv_access_withgiant(vp, VEXEC, cred, rdonly, td, 0);
3691 if (error) {
3692 vput(vp);
3693 mtx_unlock(&Giant); /* VFS */
3694 NFSD_LOCK();
3695 vp = NULL;
3696 nfsm_reply(NFSX_V3POSTOPATTR);
3697 nfsm_srvpostop_attr(getret, &at);
3698 error = 0;
3699 goto nfsmout;
3700 }
3701 VOP_UNLOCK(vp, 0, td);
3702 MALLOC(rbuf, caddr_t, siz, M_TEMP, M_WAITOK);
3703 again:
3704 NFSD_UNLOCK_ASSERT();
3705 iv.iov_base = rbuf;
3706 iv.iov_len = fullsiz;
3707 io.uio_iov = &iv;
3708 io.uio_iovcnt = 1;
3709 io.uio_offset = (off_t)off;
3710 io.uio_resid = fullsiz;
3711 io.uio_segflg = UIO_SYSSPACE;
3712 io.uio_rw = UIO_READ;
3713 io.uio_td = NULL;
3714 eofflag = 0;
3715 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
3716 if (cookies) {
3717 free((caddr_t)cookies, M_TEMP);
3718 cookies = NULL;
3719 }
3720 error = VOP_READDIR(vp, &io, cred, &eofflag, &ncookies, &cookies);
3721 off = (u_quad_t)io.uio_offset;
3722 getret = VOP_GETATTR(vp, &at, cred, td);
3723 VOP_UNLOCK(vp, 0, td);
3724 if (!cookies && !error)
3725 error = NFSERR_PERM;
3726 if (!error)
3727 error = getret;
3728 if (error) {
3729 vrele(vp);
3730 mtx_unlock(&Giant); /* VFS */
3731 vp = NULL;
3732 if (cookies)
3733 free((caddr_t)cookies, M_TEMP);
3734 free((caddr_t)rbuf, M_TEMP);
3735 NFSD_LOCK();
3736 nfsm_reply(NFSX_V3POSTOPATTR);
3737 nfsm_srvpostop_attr(getret, &at);
3738 error = 0;
3739 goto nfsmout;
3740 }
3741 if (io.uio_resid) {
3742 siz -= io.uio_resid;
3743
3744 /*
3745 * If nothing read, return eof
3746 * rpc reply
3747 */
3748 if (siz == 0) {
3749 vrele(vp);
3750 mtx_unlock(&Giant); /* VFS */
3751 NFSD_LOCK();
3752 vp = NULL;
3753 nfsm_reply(NFSX_V3POSTOPATTR + NFSX_V3COOKIEVERF +
3754 2 * NFSX_UNSIGNED);
3755 nfsm_srvpostop_attr(getret, &at);
3756 tl = nfsm_build(u_int32_t *, 4 * NFSX_UNSIGNED);
3757 txdr_hyper(at.va_filerev, tl);
3758 tl += 2;
3759 *tl++ = nfsrv_nfs_false;
3760 *tl = nfsrv_nfs_true;
3761 FREE((caddr_t)cookies, M_TEMP);
3762 FREE((caddr_t)rbuf, M_TEMP);
3763 error = 0;
3764 goto nfsmout;
3765 }
3766 }
3767
3768 /*
3769 * Check for degenerate cases of nothing useful read.
3770 * If so go try again
3771 */
3772 cpos = rbuf;
3773 cend = rbuf + siz;
3774 dp = (struct dirent *)cpos;
3775 cookiep = cookies;
3776 /*
3777 * For some reason FreeBSD's ufs_readdir() chooses to back the
3778 * directory offset up to a block boundary, so it is necessary to
3779 * skip over the records that precede the requested offset. This
3780 * requires the assumption that file offset cookies monotonically
3781 * increase.
3782 */
3783 while (cpos < cend && ncookies > 0 &&
3784 (dp->d_fileno == 0 || dp->d_type == DT_WHT ||
3785 ((u_quad_t)(*cookiep)) <= toff)) {
3786 cpos += dp->d_reclen;
3787 dp = (struct dirent *)cpos;
3788 cookiep++;
3789 ncookies--;
3790 }
3791 if (cpos >= cend || ncookies == 0) {
3792 toff = off;
3793 siz = fullsiz;
3794 goto again;
3795 }
3796
3797 /*
3798 * Probe one of the directory entries to see if the filesystem
3799 * supports VGET.
3800 */
3801 if (VFS_VGET(vp->v_mount, dp->d_fileno, LK_EXCLUSIVE, &nvp) ==
3802 EOPNOTSUPP) {
3803 error = NFSERR_NOTSUPP;
3804 vrele(vp);
3805 mtx_unlock(&Giant); /* VFS */
3806 vp = NULL;
3807 free((caddr_t)cookies, M_TEMP);
3808 free((caddr_t)rbuf, M_TEMP);
3809 NFSD_LOCK();
3810 nfsm_reply(NFSX_V3POSTOPATTR);
3811 nfsm_srvpostop_attr(getret, &at);
3812 error = 0;
3813 goto nfsmout;
3814 }
3815 vput(nvp);
3816 mtx_unlock(&Giant); /* VFS */
3817 nvp = NULL;
3818
3819 dirlen = len = NFSX_V3POSTOPATTR + NFSX_V3COOKIEVERF +
3820 2 * NFSX_UNSIGNED;
3821 NFSD_LOCK();
3822 nfsm_reply(cnt);
3823 nfsm_srvpostop_attr(getret, &at);
3824 tl = nfsm_build(u_int32_t *, 2 * NFSX_UNSIGNED);
3825 txdr_hyper(at.va_filerev, tl);
3826 mp = mb;
3827 bp = bpos;
3828 be = bp + M_TRAILINGSPACE(mp);
3829
3830 NFSD_UNLOCK();
3831 mtx_lock(&Giant); /* VFS */
3832 /* Loop through the records and build reply */
3833 while (cpos < cend && ncookies > 0) {
3834 if (dp->d_fileno != 0 && dp->d_type != DT_WHT) {
3835 nlen = dp->d_namlen;
3836 rem = nfsm_rndup(nlen)-nlen;
3837
3838 /*
3839 * For readdir_and_lookup get the vnode using
3840 * the file number.
3841 */
3842 if (VFS_VGET(vp->v_mount, dp->d_fileno, LK_EXCLUSIVE,
3843 &nvp))
3844 goto invalid;
3845 bzero((caddr_t)nfhp, NFSX_V3FH);
3846 nfhp->fh_fsid =
3847 nvp->v_mount->mnt_stat.f_fsid;
3848 if (VFS_VPTOFH(nvp, &nfhp->fh_fid)) {
3849 vput(nvp);
3850 nvp = NULL;
3851 goto invalid;
3852 }
3853 if (VOP_GETATTR(nvp, vap, cred, td)) {
3854 vput(nvp);
3855 nvp = NULL;
3856 goto invalid;
3857 }
3858 vput(nvp);
3859 nvp = NULL;
3860
3861 /*
3862 * If either the dircount or maxcount will be
3863 * exceeded, get out now. Both of these lengths
3864 * are calculated conservatively, including all
3865 * XDR overheads.
3866 */
3867 len += (8 * NFSX_UNSIGNED + nlen + rem + NFSX_V3FH +
3868 NFSX_V3POSTOPATTR);
3869 dirlen += (6 * NFSX_UNSIGNED + nlen + rem);
3870 if (len > cnt || dirlen > fullsiz) {
3871 eofflag = 0;
3872 break;
3873 }
3874
3875 /*
3876 * Build the directory record xdr from
3877 * the dirent entry.
3878 */
3879 fp = (struct nfs_fattr *)&fl.fl_fattr;
3880 nfsm_srvfillattr(vap, fp);
3881 fl.fl_fhsize = txdr_unsigned(NFSX_V3FH);
3882 fl.fl_fhok = nfsrv_nfs_true;
3883 fl.fl_postopok = nfsrv_nfs_true;
3884 fl.fl_off.nfsuquad[0] = 0;
3885 fl.fl_off.nfsuquad[1] = txdr_unsigned(*cookiep);
3886
3887 nfsm_clget_nolock;
3888 *tl = nfsrv_nfs_true;
3889 bp += NFSX_UNSIGNED;
3890 nfsm_clget_nolock;
3891 *tl = 0;
3892 bp += NFSX_UNSIGNED;
3893 nfsm_clget_nolock;
3894 *tl = txdr_unsigned(dp->d_fileno);
3895 bp += NFSX_UNSIGNED;
3896 nfsm_clget_nolock;
3897 *tl = txdr_unsigned(nlen);
3898 bp += NFSX_UNSIGNED;
3899
3900 /* And loop around copying the name */
3901 xfer = nlen;
3902 cp = dp->d_name;
3903 while (xfer > 0) {
3904 nfsm_clget_nolock;
3905 if ((bp + xfer) > be)
3906 tsiz = be - bp;
3907 else
3908 tsiz = xfer;
3909 bcopy(cp, bp, tsiz);
3910 bp += tsiz;
3911 xfer -= tsiz;
3912 if (xfer > 0)
3913 cp += tsiz;
3914 }
3915 /* And null pad to an int32_t boundary. */
3916 for (i = 0; i < rem; i++)
3917 *bp++ = '\0';
3918
3919 /*
3920 * Now copy the flrep structure out.
3921 */
3922 xfer = sizeof (struct flrep);
3923 cp = (caddr_t)&fl;
3924 while (xfer > 0) {
3925 nfsm_clget_nolock;
3926 if ((bp + xfer) > be)
3927 tsiz = be - bp;
3928 else
3929 tsiz = xfer;
3930 bcopy(cp, bp, tsiz);
3931 bp += tsiz;
3932 xfer -= tsiz;
3933 if (xfer > 0)
3934 cp += tsiz;
3935 }
3936 }
3937 invalid:
3938 NFSD_UNLOCK_ASSERT();
3939 cpos += dp->d_reclen;
3940 dp = (struct dirent *)cpos;
3941 cookiep++;
3942 ncookies--;
3943 }
3944 vrele(vp);
3945 mtx_unlock(&Giant); /* VFS */
3946 vp = NULL;
3947 nfsm_clget_nolock;
3948 *tl = nfsrv_nfs_false;
3949 bp += NFSX_UNSIGNED;
3950 NFSD_LOCK();
3951 nfsm_clget;
3952 if (eofflag)
3953 *tl = nfsrv_nfs_true;
3954 else
3955 *tl = nfsrv_nfs_false;
3956 bp += NFSX_UNSIGNED;
3957 if (mp != mb) {
3958 if (bp < be)
3959 mp->m_len = bp - mtod(mp, caddr_t);
3960 } else
3961 mp->m_len += bp - bpos;
3962 FREE((caddr_t)cookies, M_TEMP);
3963 FREE((caddr_t)rbuf, M_TEMP);
3964 nfsmout:
3965 NFSD_LOCK_ASSERT();
3966 if (vp) {
3967 NFSD_UNLOCK();
3968 mtx_lock(&Giant); /* VFS */
3969 vrele(vp);
3970 mtx_unlock(&Giant); /* VFS */
3971 NFSD_LOCK();
3972 }
3973 return(error);
3974 }
3975
3976 /*
3977 * nfs commit service
3978 */
3979 int
3980 nfsrv_commit(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
3981 struct thread *td, struct mbuf **mrq)
3982 {
3983 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
3984 struct sockaddr *nam = nfsd->nd_nam;
3985 caddr_t dpos = nfsd->nd_dpos;
3986 struct ucred *cred = &nfsd->nd_cr;
3987 struct vattr bfor, aft;
3988 struct vnode *vp = NULL;
3989 nfsfh_t nfh;
3990 fhandle_t *fhp;
3991 u_int32_t *tl;
3992 caddr_t bpos;
3993 int error = 0, rdonly, for_ret = 1, aft_ret = 1, cnt;
3994 struct mbuf *mb, *mreq;
3995 u_quad_t off;
3996 struct mount *mp = NULL;
3997 int v3 = (nfsd->nd_flag & ND_NFSV3);
3998
3999 NFSD_LOCK_ASSERT();
4000
4001 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
4002 if (!v3)
4003 panic("nfsrv_commit: v3 proc called on a v2 connection");
4004 fhp = &nfh.fh_generic;
4005 nfsm_srvmtofh(fhp);
4006 if ((mp = vfs_getvfs(&fhp->fh_fsid)) == NULL) {
4007 error = ESTALE;
4008 goto ereply;
4009 }
4010 NFSD_UNLOCK();
4011 mtx_lock(&Giant); /* VFS */
4012 (void) vn_start_write(NULL, &mp, V_WAIT);
4013 mtx_unlock(&Giant); /* VFS */
4014 NFSD_LOCK();
4015 tl = nfsm_dissect(u_int32_t *, 3 * NFSX_UNSIGNED);
4016
4017 /*
4018 * XXX At this time VOP_FSYNC() does not accept offset and byte
4019 * count parameters, so these arguments are useless (someday maybe).
4020 */
4021 off = fxdr_hyper(tl);
4022 tl += 2;
4023 cnt = fxdr_unsigned(int, *tl);
4024 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
4025 if (error) {
4026 nfsm_reply(2 * NFSX_UNSIGNED);
4027 nfsm_srvwcc_data(for_ret, &bfor, aft_ret, &aft);
4028 error = 0;
4029 goto nfsmout;
4030 }
4031 NFSD_UNLOCK();
4032 mtx_lock(&Giant); /* VFS */
4033 for_ret = VOP_GETATTR(vp, &bfor, cred, td);
4034
4035 if (cnt > MAX_COMMIT_COUNT) {
4036 /*
4037 * Give up and do the whole thing
4038 */
4039 if (vp->v_object &&
4040 (vp->v_object->flags & OBJ_MIGHTBEDIRTY)) {
4041 VM_OBJECT_LOCK(vp->v_object);
4042 vm_object_page_clean(vp->v_object, 0, 0, OBJPC_SYNC);
4043 VM_OBJECT_UNLOCK(vp->v_object);
4044 }
4045 error = VOP_FSYNC(vp, cred, MNT_WAIT, td);
4046 } else {
4047 /*
4048 * Locate and synchronously write any buffers that fall
4049 * into the requested range. Note: we are assuming that
4050 * f_iosize is a power of 2.
4051 */
4052 int iosize = vp->v_mount->mnt_stat.f_iosize;
4053 int iomask = iosize - 1;
4054 int s;
4055 daddr_t lblkno;
4056
4057 /*
4058 * Align to iosize boundry, super-align to page boundry.
4059 */
4060 if (off & iomask) {
4061 cnt += off & iomask;
4062 off &= ~(u_quad_t)iomask;
4063 }
4064 if (off & PAGE_MASK) {
4065 cnt += off & PAGE_MASK;
4066 off &= ~(u_quad_t)PAGE_MASK;
4067 }
4068 lblkno = off / iosize;
4069
4070 if (vp->v_object &&
4071 (vp->v_object->flags & OBJ_MIGHTBEDIRTY)) {
4072 VM_OBJECT_LOCK(vp->v_object);
4073 vm_object_page_clean(vp->v_object, off / PAGE_SIZE, (cnt + PAGE_MASK) / PAGE_SIZE, OBJPC_SYNC);
4074 VM_OBJECT_UNLOCK(vp->v_object);
4075 }
4076
4077 s = splbio();
4078 VI_LOCK(vp);
4079 while (cnt > 0) {
4080 struct buf *bp;
4081
4082 /*
4083 * If we have a buffer and it is marked B_DELWRI we
4084 * have to lock and write it. Otherwise the prior
4085 * write is assumed to have already been committed.
4086 *
4087 * gbincore() can return invalid buffers now so we
4088 * have to check that bit as well (though B_DELWRI
4089 * should not be set if B_INVAL is set there could be
4090 * a race here since we haven't locked the buffer).
4091 */
4092 if ((bp = gbincore(vp, lblkno)) != NULL) {
4093 if (BUF_LOCK(bp, LK_EXCLUSIVE | LK_SLEEPFAIL |
4094 LK_INTERLOCK, VI_MTX(vp)) == ENOLCK) {
4095 VI_LOCK(vp);
4096 continue; /* retry */
4097 }
4098 if ((bp->b_flags & (B_DELWRI|B_INVAL)) ==
4099 B_DELWRI) {
4100 bremfree(bp);
4101 bp->b_flags &= ~B_ASYNC;
4102 bwrite(bp);
4103 ++nfs_commit_miss;
4104 } else
4105 BUF_UNLOCK(bp);
4106 VI_LOCK(vp);
4107 }
4108 ++nfs_commit_blks;
4109 if (cnt < iosize)
4110 break;
4111 cnt -= iosize;
4112 ++lblkno;
4113 }
4114 VI_UNLOCK(vp);
4115 splx(s);
4116 }
4117
4118 aft_ret = VOP_GETATTR(vp, &aft, cred, td);
4119 vput(vp);
4120 mtx_unlock(&Giant); /* VFS */
4121 vp = NULL;
4122 NFSD_LOCK();
4123 ereply:
4124 NFSD_LOCK_ASSERT();
4125 nfsm_reply(NFSX_V3WCCDATA + NFSX_V3WRITEVERF);
4126 nfsm_srvwcc_data(for_ret, &bfor, aft_ret, &aft);
4127 if (!error) {
4128 tl = nfsm_build(u_int32_t *, NFSX_V3WRITEVERF);
4129 if (nfsver.tv_sec == 0)
4130 nfsver = boottime;
4131 *tl++ = txdr_unsigned(nfsver.tv_sec);
4132 *tl = txdr_unsigned(nfsver.tv_usec);
4133 } else {
4134 error = 0;
4135 }
4136 nfsmout:
4137 NFSD_LOCK_ASSERT();
4138 NFSD_UNLOCK();
4139 mtx_lock(&Giant); /* VFS */
4140 if (vp)
4141 vput(vp);
4142 vn_finished_write(mp);
4143 mtx_unlock(&Giant); /* VFS */
4144 NFSD_LOCK();
4145 return(error);
4146 }
4147
4148 /*
4149 * nfs statfs service
4150 */
4151 int
4152 nfsrv_statfs(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
4153 struct thread *td, struct mbuf **mrq)
4154 {
4155 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
4156 struct sockaddr *nam = nfsd->nd_nam;
4157 caddr_t dpos = nfsd->nd_dpos;
4158 struct ucred *cred = &nfsd->nd_cr;
4159 struct statfs *sf;
4160 struct nfs_statfs *sfp;
4161 caddr_t bpos;
4162 int error = 0, rdonly, getret = 1;
4163 int v3 = (nfsd->nd_flag & ND_NFSV3);
4164 struct mbuf *mb, *mreq;
4165 struct vnode *vp = NULL;
4166 struct vattr at;
4167 nfsfh_t nfh;
4168 fhandle_t *fhp;
4169 struct statfs statfs;
4170 u_quad_t tval;
4171
4172 NFSD_LOCK_ASSERT();
4173
4174 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
4175 fhp = &nfh.fh_generic;
4176 nfsm_srvmtofh(fhp);
4177 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
4178 if (error) {
4179 nfsm_reply(NFSX_UNSIGNED);
4180 if (v3)
4181 nfsm_srvpostop_attr(getret, &at);
4182 error = 0;
4183 goto nfsmout;
4184 }
4185 sf = &statfs;
4186 NFSD_UNLOCK();
4187 mtx_lock(&Giant); /* VFS */
4188 error = VFS_STATFS(vp->v_mount, sf, td);
4189 getret = VOP_GETATTR(vp, &at, cred, td);
4190 vput(vp);
4191 mtx_unlock(&Giant); /* VFS */
4192 vp = NULL;
4193 NFSD_LOCK();
4194 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_STATFS(v3));
4195 if (v3)
4196 nfsm_srvpostop_attr(getret, &at);
4197 if (error) {
4198 error = 0;
4199 goto nfsmout;
4200 }
4201 sfp = nfsm_build(struct nfs_statfs *, NFSX_STATFS(v3));
4202 if (v3) {
4203 tval = (u_quad_t)sf->f_blocks;
4204 tval *= (u_quad_t)sf->f_bsize;
4205 txdr_hyper(tval, &sfp->sf_tbytes);
4206 tval = (u_quad_t)sf->f_bfree;
4207 tval *= (u_quad_t)sf->f_bsize;
4208 txdr_hyper(tval, &sfp->sf_fbytes);
4209 /*
4210 * Don't send negative values for available space,
4211 * since this field is unsigned in the NFS protocol.
4212 * Otherwise, the client would see absurdly high
4213 * numbers for free space.
4214 */
4215 if (sf->f_bavail < 0)
4216 tval = 0;
4217 else
4218 tval = (u_quad_t)sf->f_bavail;
4219 tval *= (u_quad_t)sf->f_bsize;
4220 txdr_hyper(tval, &sfp->sf_abytes);
4221 sfp->sf_tfiles.nfsuquad[0] = 0;
4222 sfp->sf_tfiles.nfsuquad[1] = txdr_unsigned(sf->f_files);
4223 sfp->sf_ffiles.nfsuquad[0] = 0;
4224 sfp->sf_ffiles.nfsuquad[1] = txdr_unsigned(sf->f_ffree);
4225 sfp->sf_afiles.nfsuquad[0] = 0;
4226 sfp->sf_afiles.nfsuquad[1] = txdr_unsigned(sf->f_ffree);
4227 sfp->sf_invarsec = 0;
4228 } else {
4229 sfp->sf_tsize = txdr_unsigned(NFS_MAXDGRAMDATA);
4230 sfp->sf_bsize = txdr_unsigned(sf->f_bsize);
4231 sfp->sf_blocks = txdr_unsigned(sf->f_blocks);
4232 sfp->sf_bfree = txdr_unsigned(sf->f_bfree);
4233 if (sf->f_bavail < 0)
4234 sfp->sf_bavail = 0;
4235 else
4236 sfp->sf_bavail = txdr_unsigned(sf->f_bavail);
4237 }
4238 nfsmout:
4239 NFSD_LOCK_ASSERT();
4240 if (vp) {
4241 NFSD_UNLOCK();
4242 mtx_lock(&Giant); /* VFS */
4243 vput(vp);
4244 mtx_unlock(&Giant); /* VFS */
4245 NFSD_LOCK();
4246 }
4247 return(error);
4248 }
4249
4250 /*
4251 * nfs fsinfo service
4252 */
4253 int
4254 nfsrv_fsinfo(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
4255 struct thread *td, struct mbuf **mrq)
4256 {
4257 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
4258 struct sockaddr *nam = nfsd->nd_nam;
4259 caddr_t dpos = nfsd->nd_dpos;
4260 struct ucred *cred = &nfsd->nd_cr;
4261 struct nfsv3_fsinfo *sip;
4262 caddr_t bpos;
4263 int error = 0, rdonly, getret = 1, pref;
4264 struct mbuf *mb, *mreq;
4265 struct vnode *vp = NULL;
4266 struct vattr at;
4267 nfsfh_t nfh;
4268 fhandle_t *fhp;
4269 u_quad_t maxfsize;
4270 struct statfs sb;
4271 int v3 = (nfsd->nd_flag & ND_NFSV3);
4272
4273 NFSD_LOCK_ASSERT();
4274
4275 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
4276 if (!v3)
4277 panic("nfsrv_fsinfo: v3 proc called on a v2 connection");
4278 fhp = &nfh.fh_generic;
4279 nfsm_srvmtofh(fhp);
4280 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
4281 if (error) {
4282 nfsm_reply(NFSX_UNSIGNED);
4283 nfsm_srvpostop_attr(getret, &at);
4284 error = 0;
4285 goto nfsmout;
4286 }
4287
4288 NFSD_UNLOCK();
4289 mtx_lock(&Giant); /* VFS */
4290 /* XXX Try to make a guess on the max file size. */
4291 VFS_STATFS(vp->v_mount, &sb, td);
4292 maxfsize = (u_quad_t)0x80000000 * sb.f_bsize - 1;
4293
4294 getret = VOP_GETATTR(vp, &at, cred, td);
4295 vput(vp);
4296 mtx_unlock(&Giant); /* VFS */
4297 vp = NULL;
4298 NFSD_LOCK();
4299 nfsm_reply(NFSX_V3POSTOPATTR + NFSX_V3FSINFO);
4300 nfsm_srvpostop_attr(getret, &at);
4301 sip = nfsm_build(struct nfsv3_fsinfo *, NFSX_V3FSINFO);
4302
4303 /*
4304 * XXX
4305 * There should be filesystem VFS OP(s) to get this information.
4306 * For now, assume ufs.
4307 */
4308 if (slp->ns_so->so_type == SOCK_DGRAM)
4309 pref = NFS_MAXDGRAMDATA;
4310 else
4311 pref = NFS_MAXDATA;
4312 sip->fs_rtmax = txdr_unsigned(pref);
4313 sip->fs_rtpref = txdr_unsigned(pref);
4314 sip->fs_rtmult = txdr_unsigned(NFS_FABLKSIZE);
4315 sip->fs_wtmax = txdr_unsigned(pref);
4316 sip->fs_wtpref = txdr_unsigned(pref);
4317 sip->fs_wtmult = txdr_unsigned(NFS_FABLKSIZE);
4318 sip->fs_dtpref = txdr_unsigned(pref);
4319 txdr_hyper(maxfsize, &sip->fs_maxfilesize);
4320 sip->fs_timedelta.nfsv3_sec = 0;
4321 sip->fs_timedelta.nfsv3_nsec = txdr_unsigned(1);
4322 sip->fs_properties = txdr_unsigned(NFSV3FSINFO_LINK |
4323 NFSV3FSINFO_SYMLINK | NFSV3FSINFO_HOMOGENEOUS |
4324 NFSV3FSINFO_CANSETTIME);
4325 nfsmout:
4326 NFSD_LOCK_ASSERT();
4327 if (vp) {
4328 NFSD_UNLOCK();
4329 mtx_lock(&Giant); /* VFS */
4330 vput(vp);
4331 mtx_unlock(&Giant); /* VFS */
4332 NFSD_LOCK();
4333 }
4334 return(error);
4335 }
4336
4337 /*
4338 * nfs pathconf service
4339 */
4340 int
4341 nfsrv_pathconf(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
4342 struct thread *td, struct mbuf **mrq)
4343 {
4344 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
4345 struct sockaddr *nam = nfsd->nd_nam;
4346 caddr_t dpos = nfsd->nd_dpos;
4347 struct ucred *cred = &nfsd->nd_cr;
4348 struct nfsv3_pathconf *pc;
4349 caddr_t bpos;
4350 int error = 0, rdonly, getret = 1;
4351 register_t linkmax, namemax, chownres, notrunc;
4352 struct mbuf *mb, *mreq;
4353 struct vnode *vp = NULL;
4354 struct vattr at;
4355 nfsfh_t nfh;
4356 fhandle_t *fhp;
4357 int v3 = (nfsd->nd_flag & ND_NFSV3);
4358
4359 NFSD_LOCK_ASSERT();
4360
4361 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
4362 if (!v3)
4363 panic("nfsrv_pathconf: v3 proc called on a v2 connection");
4364 fhp = &nfh.fh_generic;
4365 nfsm_srvmtofh(fhp);
4366 error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, TRUE);
4367 if (error) {
4368 nfsm_reply(NFSX_UNSIGNED);
4369 nfsm_srvpostop_attr(getret, &at);
4370 error = 0;
4371 goto nfsmout;
4372 }
4373 NFSD_UNLOCK();
4374 mtx_lock(&Giant); /* VFS */
4375 error = VOP_PATHCONF(vp, _PC_LINK_MAX, &linkmax);
4376 if (!error)
4377 error = VOP_PATHCONF(vp, _PC_NAME_MAX, &namemax);
4378 if (!error)
4379 error = VOP_PATHCONF(vp, _PC_CHOWN_RESTRICTED, &chownres);
4380 if (!error)
4381 error = VOP_PATHCONF(vp, _PC_NO_TRUNC, ¬runc);
4382 getret = VOP_GETATTR(vp, &at, cred, td);
4383 vput(vp);
4384 mtx_unlock(&Giant); /* VFS */
4385 vp = NULL;
4386 NFSD_LOCK();
4387 nfsm_reply(NFSX_V3POSTOPATTR + NFSX_V3PATHCONF);
4388 nfsm_srvpostop_attr(getret, &at);
4389 if (error) {
4390 error = 0;
4391 goto nfsmout;
4392 }
4393 pc = nfsm_build(struct nfsv3_pathconf *, NFSX_V3PATHCONF);
4394
4395 pc->pc_linkmax = txdr_unsigned(linkmax);
4396 pc->pc_namemax = txdr_unsigned(namemax);
4397 pc->pc_notrunc = txdr_unsigned(notrunc);
4398 pc->pc_chownrestricted = txdr_unsigned(chownres);
4399
4400 /*
4401 * These should probably be supported by VOP_PATHCONF(), but
4402 * until msdosfs is exportable (why would you want to?), the
4403 * Unix defaults should be ok.
4404 */
4405 pc->pc_caseinsensitive = nfsrv_nfs_false;
4406 pc->pc_casepreserving = nfsrv_nfs_true;
4407 nfsmout:
4408 NFSD_LOCK_ASSERT();
4409 if (vp) {
4410 NFSD_UNLOCK();
4411 mtx_lock(&Giant); /* VFS */
4412 vput(vp);
4413 mtx_unlock(&Giant); /* VFS */
4414 NFSD_LOCK();
4415 }
4416 return(error);
4417 }
4418
4419 /*
4420 * Null operation, used by clients to ping server
4421 */
4422 /* ARGSUSED */
4423 int
4424 nfsrv_null(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
4425 struct thread *td, struct mbuf **mrq)
4426 {
4427 struct mbuf *mrep = nfsd->nd_mrep;
4428 caddr_t bpos;
4429 int error = NFSERR_RETVOID;
4430 struct mbuf *mb, *mreq;
4431
4432 NFSD_LOCK_ASSERT();
4433
4434 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
4435 nfsm_reply(0);
4436 nfsmout:
4437 NFSD_LOCK_ASSERT();
4438 return (error);
4439 }
4440
4441 /*
4442 * No operation, used for obsolete procedures
4443 */
4444 /* ARGSUSED */
4445 int
4446 nfsrv_noop(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
4447 struct thread *td, struct mbuf **mrq)
4448 {
4449 struct mbuf *mrep = nfsd->nd_mrep;
4450 caddr_t bpos;
4451 int error;
4452 struct mbuf *mb, *mreq;
4453
4454 NFSD_LOCK_ASSERT();
4455
4456 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
4457 if (nfsd->nd_repstat)
4458 error = nfsd->nd_repstat;
4459 else
4460 error = EPROCUNAVAIL;
4461 nfsm_reply(0);
4462 error = 0;
4463 nfsmout:
4464 NFSD_LOCK_ASSERT();
4465 return (error);
4466 }
4467
4468 /*
4469 * Perform access checking for vnodes obtained from file handles that would
4470 * refer to files already opened by a Unix client. You cannot just use
4471 * vn_writechk() and VOP_ACCESS() for two reasons.
4472 * 1 - You must check for exported rdonly as well as MNT_RDONLY for the write
4473 * case.
4474 * 2 - The owner is to be given access irrespective of mode bits for some
4475 * operations, so that processes that chmod after opening a file don't
4476 * break. I don't like this because it opens a security hole, but since
4477 * the nfs server opens a security hole the size of a barn door anyhow,
4478 * what the heck.
4479 *
4480 * The exception to rule 2 is EPERM. If a file is IMMUTABLE, VOP_ACCESS()
4481 * will return EPERM instead of EACCESS. EPERM is always an error.
4482 *
4483 * There are two versions: one to be called while holding Giant (which is
4484 * needed due to use of VFS), and the other called with the NFS server lock
4485 * (which will be dropped and reacquired). This is necessary because
4486 * nfsrv_access checks are required from both classes of contexts.
4487 */
4488 static int
4489 nfsrv_access_withgiant(struct vnode *vp, int flags, struct ucred *cred,
4490 int rdonly, struct thread *td, int override)
4491 {
4492 struct vattr vattr;
4493 int error;
4494
4495 GIANT_REQUIRED;
4496
4497 nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
4498
4499 if (flags & VWRITE) {
4500 /* Just vn_writechk() changed to check rdonly */
4501 /*
4502 * Disallow write attempts on read-only filesystems;
4503 * unless the file is a socket or a block or character
4504 * device resident on the filesystem.
4505 */
4506 if (rdonly || (vp->v_mount->mnt_flag & MNT_RDONLY)) {
4507 switch (vp->v_type) {
4508 case VREG:
4509 case VDIR:
4510 case VLNK:
4511 return (EROFS);
4512 default:
4513 break;
4514 }
4515 }
4516 /*
4517 * If there's shared text associated with
4518 * the inode, we can't allow writing.
4519 */
4520 if (vp->v_vflag & VV_TEXT)
4521 return (ETXTBSY);
4522 }
4523
4524 error = VOP_GETATTR(vp, &vattr, cred, td);
4525 if (error)
4526 return (error);
4527 error = VOP_ACCESS(vp, flags, cred, td);
4528 /*
4529 * Allow certain operations for the owner (reads and writes
4530 * on files that are already open).
4531 */
4532 if (override && error == EACCES && cred->cr_uid == vattr.va_uid)
4533 error = 0;
4534 return (error);
4535 }
4536
4537 static int
4538 nfsrv_access(struct vnode *vp, int flags, struct ucred *cred, int rdonly,
4539 struct thread *td, int override)
4540 {
4541 int error;
4542
4543 NFSD_LOCK_ASSERT();
4544
4545 NFSD_UNLOCK();
4546 mtx_lock(&Giant); /* VFS */
4547 error = nfsrv_access_withgiant(vp, flags, cred, rdonly, td, override);
4548 mtx_unlock(&Giant); /* VFS */
4549 NFSD_LOCK();
4550 return (error);
4551 }
Cache object: 1f4f86db164a3d0ac75332600479697d
|