#
3f6ba5c1 |
| 02-Jul-2025 |
Rick Macklem <rmacklem@FreeBSD.org> |
files: Fix builds without "options UFS_ACL"
Commit 50e733f19b37 broke kernel builds without "options UFS_ACL".
This patch fixes it.
Reviewed by: kib, markj Differential Revision: https://reviews.f
files: Fix builds without "options UFS_ACL"
Commit 50e733f19b37 broke kernel builds without "options UFS_ACL".
This patch fixes it.
Reviewed by: kib, markj Differential Revision: https://reviews.freebsd.org/D51131 Fixes: 50e733f19b37 ("nfscl: Use delegation ACE when mounted with nocto")
show more ...
|
Revision tags: release/14.3.0 |
|
#
e4c7b2b6 |
| 06-May-2025 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfsv4: Add support to NFSv4 for named attributes
NFSv4 supports a feature called named attributes, that are essentially Solaris style extended attributes. Commits starting with 2ec2ba7e232d added So
nfsv4: Add support to NFSv4 for named attributes
NFSv4 supports a feature called named attributes, that are essentially Solaris style extended attributes. Commits starting with 2ec2ba7e232d added Solaris style extended attribute support.
This patch uses the Solaris style extended attribute support to provide support for NFSv4. Since nfsv4_loadattr() needed an additional argument, many file are affected, although many in a trivial way.
For the NFSv4 server to support named attributes, ZFS must be patched and only ZFS file systems support these Solaris style extended attributes.
show more ...
|
Revision tags: release/13.4.0-p5, release/13.5.0-p1, release/14.2.0-p3, release/13.5.0, release/14.2.0-p2, release/14.1.0-p8, release/13.4.0-p4, release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0, release/13.4.0, release/14.1.0, release/13.3.0 |
|
#
656d2e83 |
| 30-Dec-2023 |
Konstantin Belousov <kib@FreeBSD.org> |
nfsclient: eliminate ncl_writebp()
Use plain bufwrite() instead. ncl_writebp() evolved to mostly repeat bufwrite() code with some ommisions, most notably runningbufspace accounting.
Reviewed by: i
nfsclient: eliminate ncl_writebp()
Use plain bufwrite() instead. ncl_writebp() evolved to mostly repeat bufwrite() code with some ommisions, most notably runningbufspace accounting.
Reviewed by: imp, markj, rmacklem Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D43249
show more ...
|
Revision tags: release/14.0.0 |
|
#
196787f7 |
| 21-Oct-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Use Claim_Null_FH and Claim_Deleg_Cur_FH
For NFSv4.1/4.2, there are two new options for the Open operation. These two options use the file handle for the file instead of the file handle for t
nfscl: Use Claim_Null_FH and Claim_Deleg_Cur_FH
For NFSv4.1/4.2, there are two new options for the Open operation. These two options use the file handle for the file instead of the file handle for the directory plus a file name. By doing so, the client code is simplified (it no longer needs the "nfsv4node" structure attached to the NFS vnode). It also avoids problems caused by another NFS client (or process running locally in the NFS server) doing a rename or remove of the file name between the Lookup and Open.
Unfortunately, there was a bug (fixed recently by commit X) in the NFS server which mis-parsed the Claim_Deleg_Cur_FH arguments. To allow this patch to work with the broken FreeBSD NFSv4.1/4.2 server, NFSMNTP_BUGGYFBSDSRV is defined and is set when a correctly formatted Claim_Deleg_Cur_FH fails with NFSERR_EXPIRED. (This is what the old, broken NFS server does, since it erroneously uses the Getattr arguments as a stateID.) Once this flag is set, the client fills in a stateID, to make the broken NFS server happy.
Tested at a recent IETF NFSv4 Bakeathon.
MFC after: 1 month
show more ...
|
#
685dc743 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
Revision tags: release/13.2.0 |
|
#
896516e5 |
| 16-Mar-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Add a new NFSv4.1/4.2 mount option for Kerberized mounts
Without this patch, a Kerberized NFSv4.1/4.2 mount must provide a Kerberos credential for the client at mount time. This credential i
nfscl: Add a new NFSv4.1/4.2 mount option for Kerberized mounts
Without this patch, a Kerberized NFSv4.1/4.2 mount must provide a Kerberos credential for the client at mount time. This credential is typically referred to as a "machine credential". It can be created one of two ways: - The user (usually root) has a valid TGT at the time the mount is done and this becomes the machine credential. There are two problems with this. 1 - The user doing the mount must have a valid TGT for a user principal at mount time. As such, the mount cannot be put in fstab(5) or similar. 2 - When the TGT expires, the mount breaks. - The client machine has a service principal in its default keytab file and this service principal (typically called a host-based initiator credential) is used as the machine credential. There are problems with this approach as well: 1 - There is a certain amount of administrative overhead creating the service principal for the NFS client, creating a keytab entry for this principal and then copying the keytab entry into the client's default keytab file via some secure means. 2 - The NFS client must have a fixed, well known, DNS name, since that FQDN is in the service principal name as the instance.
This patch uses a feature of NFSv4.1/4.2 called SP4_NONE, which allows the state maintenance operations to be performed by any authentication mechanism, to do these operations via AUTH_SYS instead of RPCSEC_GSS (Kerberos). As such, neither of the above mechanisms is needed.
It is hoped that this option will encourage adoption of Kerberized NFS mounts using TLS, to provide a more secure NFS mount.
This new NFSv4.1/4.2 mount option, called "syskrb5" must be used with "sec=krb5[ip]" to avoid the need for either of the above Kerberos setups to be done by the client.
Note that all file access/modification operations still require users on the NFS client to have a valid TGT recognized by the NFSv4.1/4.2 server. As such, this option allows, at most, a malicious client to do some sort of DOS attack.
Although not required, use of "tls" with this new option is encouraged, since it provides on-the-wire encryption plus, optionally, client identity verification via a X.509 certificate provided to the server during TLS handshake. Alternately, "sec=krb5p" does provide on-the-wire encryption of file data.
A mount_nfs(8) man page update will be done in a separate commit.
Discussed on: freebsd-current@ MFC after: 3 months
show more ...
|
#
357492c9 |
| 21-Feb-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Add NFSD_CURVNET macros to nfsclient syscall
Although the nfsclient syscall is used for client side, it does set up server side krpc for callbacks. As such, it needs to have the vnet set. T
nfscl: Add NFSD_CURVNET macros to nfsclient syscall
Although the nfsclient syscall is used for client side, it does set up server side krpc for callbacks. As such, it needs to have the vnet set. This patch does this. Without this patch, the system would crash when the nfscbd(8) daemon was killed.
Reported by: freebsd@walstatt-de.de MFC after: 3 months
show more ...
|
#
39633fc1 |
| 11-Jan-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Improve NFSv4 error message for NFSERR_WRONGSEC
The usual reason for an NFSv4 server replying NFSERR_WRONGSEC to an operation is that a Kerberos credential is required. This patch replaces a
nfscl: Improve NFSv4 error message for NFSERR_WRONGSEC
The usual reason for an NFSv4 server replying NFSERR_WRONGSEC to an operation is that a Kerberos credential is required. This patch replaces a cryptic "err=10016" with a message suggesting that a Kerberos TGT is probably needed.
MFC after: 2 weeks
show more ...
|
#
829f0bcb |
| 19-Dec-2022 |
Mateusz Guzik <mjg@FreeBSD.org> |
vfs: add the concept of vnode state transitions
To quote from a comment above vput_final: <quote> * XXX Some filesystems pass in an exclusively locked vnode and strongly depend * on the lock being h
vfs: add the concept of vnode state transitions
To quote from a comment above vput_final: <quote> * XXX Some filesystems pass in an exclusively locked vnode and strongly depend * on the lock being held all the way until VOP_INACTIVE. This in particular * happens with UFS which adds half-constructed vnodes to the hash, where they * can be found by other code. </quote>
As is there is no mechanism which allows filesystems to denote that a vnode is fully initialized, consequently problems like the above are only found the hard way(tm).
Add rudimentary support for state transitions, which in particular allow to assert the vnode is not legally unlocked until its fate is decided (either construction finishes or vgone is called to abort it).
The new field lands in a 1-byte hole, thus it does not grow the struct.
Bump __FreeBSD_version to 1400077
Reviewed by: kib (previous version) Tested by: pho Differential Revision: https://reviews.freebsd.org/D37759
show more ...
|
#
6032cf3d |
| 22-Dec-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Improve the console message for NFSERR_NOFILEHANDLE
Since a NFSERR_NOFILEHANDLE reply from an NFSv4 server usually means that the file system is not exported on the server, change the console
nfscl: Improve the console message for NFSERR_NOFILEHANDLE
Since a NFSERR_NOFILEHANDLE reply from an NFSv4 server usually means that the file system is not exported on the server, change the console log message to indicate that.
MFC after: 1 week
show more ...
|
Revision tags: release/12.4.0 |
|
#
7d9dc91a |
| 15-Oct-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Fix the NFSv4.0 mount so that it does not crash
Commit efe58855f3ea modifies IN_LOOPBACK() so that it uses a VNET variable. Without this patch, nfscl_getmyip() uses IN_LOOPBACK() when the VNE
nfscl: Fix the NFSv4.0 mount so that it does not crash
Commit efe58855f3ea modifies IN_LOOPBACK() so that it uses a VNET variable. Without this patch, nfscl_getmyip() uses IN_LOOPBACK() when the VNET is not set and crashes the system. nfscl_getmyip() is only called when a NFSv4.0 (not NFSv4.1/4.2) mount is done.
This patch re-organizes nfscl_getmyip() so that IN_LOOPBACK() is before the CURVENT_RESTORE() macro, to avoid the crashes.
Reviewed by: karels, zlei.huang_gmail.com Differential Revision: https://reviews.freebsd.org/D37008
show more ...
|
Revision tags: release/13.1.0 |
|
#
068fc057 |
| 15-Apr-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument was used by the Mac OSX port. For FreeBSD, this argument is always NULL, so remove i
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument was used by the Mac OSX port. For FreeBSD, this argument is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for nfscl_nget(). Future commits will do the same for other functions.
show more ...
|
#
4ad3423b |
| 13-Apr-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument was used by the Mac OSX port. For FreeBSD, this argument is always NULL, so remove i
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument was used by the Mac OSX port. For FreeBSD, this argument is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for nfscl_loadattrcache(). Future commits will do the same for other functions.
show more ...
|
#
5580e5bd |
| 10-Apr-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument was used by the Mac OSX port. For FreeBSD, this argument is always NULL, so remove i
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument was used by the Mac OSX port. For FreeBSD, this argument is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for nfscl_request(). Future commits will do the same for other functions.
show more ...
|
#
38c3cf6a |
| 10-Apr-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument was used by the Mac OSX port. For FreeBSD, this argument is always NULL, so remove i
nfscl: Clean up the code by removing unused arguments
The "void *stuff" (also called fstuff and dstuff) argument was used by the Mac OSX port. For FreeBSD, this argument is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for nfscl_postop_attr(). Future commits will do the same for other functions.
show more ...
|
#
21de450a |
| 08-Apr-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Add support for a NFSv4 AppendWrite RPC
For IO_APPEND VOP_WRITE()s, the code first does a Getattr RPC to acquire the file's size, before it can do the Write RPC.
Although NFS does not have a
nfscl: Add support for a NFSv4 AppendWrite RPC
For IO_APPEND VOP_WRITE()s, the code first does a Getattr RPC to acquire the file's size, before it can do the Write RPC.
Although NFS does not have an append write operation, an NFSv4 compound can use a Verify operation to check that the client's notion of the file's size is correct, followed by the Write operation.
This patch modifies nfscl_wcc_data() to optionally acquire the file's size, for use with an AppendWrite. Although the "stuff" arguments are always NULL (these were used for the Mac OSX port and should be cleared out someday), make the argument to nfscl_wcc_data() explicitly NULL for clarity.
This patch does not cause any semantics change until the AppendWrite is added in a future commit.
show more ...
|
Revision tags: release/12.3.0 |
|
#
7a9bc8a8 |
| 16-Jul-2021 |
Mark Johnston <markj@FreeBSD.org> |
nfssvc: Zero the buffer copied out when NFSSVC_DUMPMNTOPTS is set
Reported by: KMSAN MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
03c81af2 |
| 07-Jun-2021 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Fix generation of va_fsid for a tree of NFSv4 server file systems
Pre-r318997 the code looked like: if (vp->v_mount->mnt_stat.f_fsid.val[0] != (uint32_t)np->n_vattr.na_filesid[0]) va
nfscl: Fix generation of va_fsid for a tree of NFSv4 server file systems
Pre-r318997 the code looked like: if (vp->v_mount->mnt_stat.f_fsid.val[0] != (uint32_t)np->n_vattr.na_filesid[0]) vap->va_fsid = (uint32_t)np->n_vattr.na_filesid[0]; Doing this assignment got lost by r318997 and, as such, NFSv4 mounts of servers with trees of file systems on the server is broken, due to duplicate fileno values for the same st_dev/va_fsid.
Although I could have re-introduced the assignment, since the value of na_filesid[0] is not guaranteed to be unique across the server file systems, I felt it was better to always do the hash for na_filesid[0,1]. Since dev_t (st_dev/va_fsid) is now 64bits, I switched to a 64bit hash.
There is a slight chance of a hash conflict where 2 different na_filesid values map to same va_fsid, which will be documented in the BUGS section of the man page for mount_nfs(8). Using a table to keep track of mappings to catch conflicts would not easily scale to 10,000+ server file systems and, when the conflict occurs, it only results in fts(3) reporting a "directory cycle" under certain circumstances.
Reviewed by: kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D30660
show more ...
|
#
cb07628d |
| 11-May-2021 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Delete unneeded redundant MODULE_DEPEND() calls
There are two module declarations in the nfscl.ko module for "nfscl" and "nfs". Both of these declarations had MODULE_DEPEND() calls. This pat
nfscl: Delete unneeded redundant MODULE_DEPEND() calls
There are two module declarations in the nfscl.ko module for "nfscl" and "nfs". Both of these declarations had MODULE_DEPEND() calls. This patch deletes the MODULE_DEPEND() calls for "nfs" to avoid confusion with respect to what modules this module is dependent upon.
The patch also adds comments explaining why there are two module declarations within the module.
Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D30102
show more ...
|
#
dd02d9d6 |
| 08-May-2021 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl: Add support for va_birthtime to NFSv4
There is a NFSv4 file attribute called TimeCreate that can be used for va_birthtime. r362175 added some support for use of TimeCreate. This patch complet
nfscl: Add support for va_birthtime to NFSv4
There is a NFSv4 file attribute called TimeCreate that can be used for va_birthtime. r362175 added some support for use of TimeCreate. This patch completes support of va_birthtime by adding support for setting this attribute to the server. It also eanbles the client to acquire and set the attribute for a NFSv4 server that supports the attribute.
Reviewed by: markj MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D30156
show more ...
|
#
8bde6d15 |
| 04-May-2021 |
Mark Johnston <markj@FreeBSD.org> |
nfsclient: Copy only initialized fields in nfs_getattr()
When loading attributes from the cache, the NFS client is careful to copy only the fields that it initialized. After fetching attributes fro
nfsclient: Copy only initialized fields in nfs_getattr()
When loading attributes from the cache, the NFS client is careful to copy only the fields that it initialized. After fetching attributes from the server, however, it would copy the entire vattr structure initialized from the RPC response, so uninitialized stack bytes would end up being copied to userspace. In particular, va_birthtime (v2 and v3) and va_gen (v3) had this problem.
Use a common subroutine to copy fields provided by the NFS client, and ensure that we provide a dummy va_gen for the v3 case.
Reviewed by: rmacklem Reported by: KMSAN MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D30090
show more ...
|
Revision tags: release/13.0.0 |
|
#
605284b8 |
| 13-Feb-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Enforce net epoch in in6_selectsrc().
in6_selectsrc() may call fib6_lookup() in some cases, which requires epoch. Wrap in6_selectsrc* calls into epoch inside its users. Mark it as requiring epoch b
Enforce net epoch in in6_selectsrc().
in6_selectsrc() may call fib6_lookup() in some cases, which requires epoch. Wrap in6_selectsrc* calls into epoch inside its users. Mark it as requiring epoch by adding NET_EPOCH_ASSERT().
MFC after: 1 weeek Differential Revision: https://reviews.freebsd.org/D28647
show more ...
|
#
6b3a9a0f |
| 12-Jan-2021 |
Mateusz Guzik <mjg@FreeBSD.org> |
Convert remaining cap_rights_init users to cap_rights_init_one
semantic patch:
@@
expression rights, r;
@@
- cap_rights_init(&rights, r) + cap_rights_init_one(&rights, r)
|
Revision tags: release/12.2.0 |
|
#
586ee69f |
| 01-Sep-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
fs: clean up empty lines in .c and .h files
|
Revision tags: release/11.4.0 |
|
#
9d5df78e |
| 28-May-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Fix NOINET6 build broken by r361575.
Reported by: ci, hps
|