nfsd: Handle file systems without a VOP_VPTOFH()

Unlike NFSv3, the NFSv4 server follows mount points
within the file system tree below the NFSv4 root directory.
If there is a file system mounted wit

nfsd: Handle file systems without a VOP_VPTOFH()

Unlike NFSv3, the NFSv4 server follows mount points
within the file system tree below the NFSv4 root directory.
If there is a file system mounted within this subtree
that returns EOPNOTSUPP for VOP_VPTOFH(), the NFSv4 server
would return an error for the mount point entry.
This resulted in an "I/O error" report from the Linux NFSv4
client. It also put an error code in the Readdir reply
that is not defined in the NFSv4 RFCs.

For the FreeBSD NFSv4 client, the entry with the error would
be ignored, which I think is reasonable behaviour for a
mounted file system that can never be exported.

This patch changes the NFSv4 server behaviour to ignore the
mount point entry and not send it in the Readdir reply.
It also changes the behaviour of Lookup for the entry so
that it replies ENOENT for the mount point directory, so
that it is consistent with no entry in the Readdir reply.

With these two changes, the Linux client behaviour is the
same as the FreeBSD client behaviour. It also avoids
putting an unknown error on the wire to the client.

MFC after: 1 week

show more ...

nfs: stop using SAVESTART

Only the name is wanted which is already always provided.

Reviewed by: rmacklem
Tested by: pho, rmacklem
Differential Revision: https://reviews.freebsd.org/D34470

nfsd: Make the pNFS server update Change for Setxattr/Rmxattr

When the NFS server does the Setxattr or Rmxattr operation,
the Change attribute (va_filerev) needs to be updated.

Without this patch,

nfsd: Make the pNFS server update Change for Setxattr/Rmxattr

When the NFS server does the Setxattr or Rmxattr operation,
the Change attribute (va_filerev) needs to be updated.

Without this patch, that was not happening for the
pNFS server configuration. This patch does a Setattr
against the DS file to make the Change attribute
change.

This bug was discovered during a recent IETF NFSv4 testing
event, where the Change attribute wasn't changed in the
operation reply.

MFC after: 1 month

show more ...

Revert "unbound: Vendor import 1.17.0"

This reverts commit 64d318ea98b7c59f5567d47a9a8474887d8b5cb8, reversing
changes made to 8063dc03202fad7d6bdf34976bc8556fa3f23fa1.

Revert a mismerge which reve

Revert "unbound: Vendor import 1.17.0"

This reverts commit 64d318ea98b7c59f5567d47a9a8474887d8b5cb8, reversing
changes made to 8063dc03202fad7d6bdf34976bc8556fa3f23fa1.

Revert a mismerge which reversed 8063dc03202fad7d6bdf34976bc8556fa3f23fa1.

show more ...

unbound: Vendor import 1.17.0

Added ACL per interface, proxy protocol and bug fixes.

Announcement: https://nlnetlabs.nl/news/2022/Oct/13/unbound-1.17.0-released/

Merge commit '643f9a0581e8aac7eb

unbound: Vendor import 1.17.0

Added ACL per interface, proxy protocol and bug fixes.

Announcement: https://nlnetlabs.nl/news/2022/Oct/13/unbound-1.17.0-released/

Merge commit '643f9a0581e8aac7eb790ced1164748939829826' into new_merge

show more ...

nfsd: Make Setxattr/Removexattr NFSv4.2 ops IO_SYNC

When the NFS server does Setxattr or Removexattr, the
operations must be done IO_SYNC. If a server
crashes/reboots immediately after replying it m

nfsd: Make Setxattr/Removexattr NFSv4.2 ops IO_SYNC

When the NFS server does Setxattr or Removexattr, the
operations must be done IO_SYNC. If a server
crashes/reboots immediately after replying it must
have the extended attribute changes.

Since UFS does extended attributes asynchronously
by default and there is no "ioflag" argument in
the VOP calls, follow the VOP calls with VOP_FSYNC(),
to ensure the operation has been done synchronously.

This was found by inspection while investigating a
bug discovered during a recent IETF NFSv4 testing
event, where the Change attribute wasn't changed
in the operation reply.

This bug will take further work for ZFS and the
pNFS server configuration, but is now fixed for
a non-pNFS UFS exported file system.

MFC after: 1 month

show more ...

vfs: always retain path buffer after lookup

This removes some of the complexity needed to maintain HASBUF and
allows for removing injecting SAVENAME by filesystems.

Reviewed by: kib (previous versi

vfs: always retain path buffer after lookup

This removes some of the complexity needed to maintain HASBUF and
allows for removing injecting SAVENAME by filesystems.

Reviewed by: kib (previous version)
Differential Revision: https://reviews.freebsd.org/D36542

show more ...

nfscl: Change the cred argument to non-NULL for pNFS proxies

Commit 326bcf9394c7 added a "cred" argument to nfscl_reqstart().
For the pNFS proxy calls on the server, the argument
should be "cred" in

nfscl: Change the cred argument to non-NULL for pNFS proxies

Commit 326bcf9394c7 added a "cred" argument to nfscl_reqstart().
For the pNFS proxy calls on the server, the argument
should be "cred" instead of NULL.
This patch fixes this.

Since the argument is not yet used, this patch
should not result in a semantics change.

PR: 260011
MFC after: 2 weeks

show more ...

nfscl: Add a cred argument to nfscl_reqstart()

To deal with broken session slots caused by the use of the
"soft" and/or "intr" mount options, nfsv4_sequencelookup()
will be modified to track the pot

nfscl: Add a cred argument to nfscl_reqstart()

To deal with broken session slots caused by the use of the
"soft" and/or "intr" mount options, nfsv4_sequencelookup()
will be modified to track the potentially broken session
slots. Then, when all session slots are potentially
broken, do a DeleteSession operation, so that the NFSv4
server will reply NFSERR_BADSESSION to uses of the session.
These changes will be done in future commits. However,
to do the DeleteSession RPC, a "cred" argument is needed
for nfscl_reqstart(). This patch adds this argument,
which is unused at this time. If the argument is NULL,
it indicates that DeleteSession should not be done
(usually because the RPC does not use sessions).

This patch should not cause any semantics change.

PR: 260011
MFC after: 2 weeks

show more ...

nfsd: Fix handling of Open/Create for the pNFS server

When the MDS of a pNFS service receives an Open/Create
and the file already exists, it must do a Setattr of
size == 0. Without this patch, this

nfsd: Fix handling of Open/Create for the pNFS server

When the MDS of a pNFS service receives an Open/Create
and the file already exists, it must do a Setattr of
size == 0. Without this patch, this was eroneously
done via a VOP_SETAATR() call, which would set the
length of the MDS file to 0 (which is already is,
since all data lives on the DSs).

This patch fixes the problem by doing a nfsvno_setattr()
instead of VOP_SETATTR(), which knows to do a proxied
Setattr on the DSs.

For a non-pNFS server, the change has no effect, since
nfsvno_setattr() only does a VOP_SETATTR() for that case.

This was found during a recent IETF NFSv4 testing event.

MFC after: 2 weeks

show more ...

vfs: prefix lookup and relookup with vfs_

Reviewed by: imp, mckusick
Differential Revision: https://reviews.freebsd.org/D34530

nfsd: Do not exempt NFSv3 Fsinfo from the TLS check

The Fsinfo RPC is exempt from the check for
Kerberized NFS being required, as recommended
by RFC2623. However, there is no reason to
exempt Fsinf

nfsd: Do not exempt NFSv3 Fsinfo from the TLS check

The Fsinfo RPC is exempt from the check for
Kerberized NFS being required, as recommended
by RFC2623. However, there is no reason to
exempt Fsinfo from the requirement to use TLS.

This patch fixes the code so that the exemption
only applies to Kerberized NFS and not
NFS-over-TLS.

This only affects NFS-over-TLS for an NFSv3
mount when it is required, but the client does
not do so.

MFC after: 1 month

show more ...

nfsd: Do not accept audit/alarm ACEs for the NFSv4 server

The UFS and ZFS file systems only support Allow/Deny ACEs
in the NFSv4 ACLs. This patch does not allow the server
to parse Audit/Alarm ACEs

nfsd: Do not accept audit/alarm ACEs for the NFSv4 server

The UFS and ZFS file systems only support Allow/Deny ACEs
in the NFSv4 ACLs. This patch does not allow the server
to parse Audit/Alarm ACEs. The NFSv4 client is still
allowed to pase Audit/Alarm ACEs, since non-FreeBSD NFSv4
servers may use them.

This patch should not have a significant effect, since the
UFS and ZFS file systems will not handle these ACEs anyhow.
It simply serves as an additional "safety belt" for the
NFSv4 server.

MFC after: 2 weeks

show more ...

Revert "nfscommon: Add arguments for support of the dacl attribute"

This reverts commit 0fa074b53e7c22157dcb41aaa25a33abc8118f26.

I now see that the implementation of the "dacl" operation
requires

Revert "nfscommon: Add arguments for support of the dacl attribute"

This reverts commit 0fa074b53e7c22157dcb41aaa25a33abc8118f26.

I now see that the implementation of the "dacl" operation
requires that the NFSv4 server to "automatic inheritance"
and I do not plan on doing this. As such, this patch is
harmless, but unneeded.

show more ...

nfsd: Reduce callouts rate.

Before this callouts were scheduled twice a seconds even if nfsd was
never used. This reduces the rate to ~1Hz and only after nfsd first
started.

MFC after: 2 weeks

nfscommon: Add arguments for support of the dacl attribute

NFSv4.1/4.2 has an alternative to the acl attribute, called
dacl, that includes support for the ACL_ENTRY_INHERITED flag,
called NFSV4ACE_I

nfscommon: Add arguments for support of the dacl attribute

NFSv4.1/4.2 has an alternative to the acl attribute, called
dacl, that includes support for the ACL_ENTRY_INHERITED flag,
called NFSV4ACE_INHERITED in NFSv4.

This patch adds a dacl argument to nfsrv_buildacl(),
nfsrv_dissectacl() and nfsrv_dissectace(), so that they
will handle NFSV4ACE_INHERITED when dacl == true.

Since these functions are always called with dacl == false
for this patch, semantics should not have changed.
A future patch will add support for dacl.

MFC after: 2 weeks

show more ...

rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values

I thought that these new auth_stat values had been agreed
upon by the IETF NFSv4 working group, but that no longer
is the case. As such, de

rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values

I thought that these new auth_stat values had been agreed
upon by the IETF NFSv4 working group, but that no longer
is the case. As such, delete them and use AUTH_TOOWEAK
instead. Leave the code that uses these new auth_stat
values in the sources #ifdef notnow, in case they are
defined in the future.

MFC after: 1 week

show more ...

Change VOP_READDIR's cookies argument to a **uint64_t

The cookies argument is only used by the NFS server. NFSv2 defines the
cookie as 32 bits on the wire, but NFSv3 increased it to 64 bits. Our
V

Change VOP_READDIR's cookies argument to a **uint64_t

The cookies argument is only used by the NFS server. NFSv2 defines the
cookie as 32 bits on the wire, but NFSv3 increased it to 64 bits. Our
VOP_READDIR, however, has always defined it as u_long, which is 32 bits
on some architectures. Change it to 64 bits on all architectures. This
doesn't matter for any in-tree file systems, but it matters for some
FUSE file systems that use 64-bit directory cookies.

PR: 260375
Reviewed by: rmacklem
Differential Revision: https://reviews.freebsd.org/D33404

show more ...

nfs: don't truncate directory cookies to 32-bits in the NFS server

In NFSv2, the directory cookie was 32-bits. NFSv3 widened it to
64-bits and SVN r22521 widened the corresponding argument in
VOP_R

nfs: don't truncate directory cookies to 32-bits in the NFS server

In NFSv2, the directory cookie was 32-bits. NFSv3 widened it to
64-bits and SVN r22521 widened the corresponding argument in
VOP_READDIR, but FreeBSD's NFS server continued to treat the cookies as
32-bits, and 0-extended to fill the field on the wire. Nobody ever
noticed, because every in-tree file system generates cookies that fit
comfortably within 32-bits.

Also, have better type safety for txdr_hyper. Turn it into an inline
function that type-checks its arguments. Prevents warnings about
shift-count-overflow.

PR: 260375
MFC after: 2 weeks
Reviewed by: rmacklem
Differential Revision: https://reviews.freebsd.org/D33404

show more ...

nfs: Quiet a few "unused" warnings

For most of these warnings, the variable is loaded
with data parsed out of an RPC messages. In case
the data is useful in the future, I just marked
these with __u

nfs: Quiet a few "unused" warnings

For most of these warnings, the variable is loaded
with data parsed out of an RPC messages. In case
the data is useful in the future, I just marked
these with __unused.

show more ...

vfs: remove the unused thread argument from NDINIT*

See b4a58fbf640409a1 ("vfs: remove cn_thread")

Bump __FreeBSD_version to 1400043.

nfsd: Fix the NFSv4.2 pNFS MDS server for NFSERR_NOSPC via LayoutError

If a pNFS server's DS runs out of disk space, it replies
NFSERR_NOSPC to the client doing writing. For the Linux
client, it th

nfsd: Fix the NFSv4.2 pNFS MDS server for NFSERR_NOSPC via LayoutError

If a pNFS server's DS runs out of disk space, it replies
NFSERR_NOSPC to the client doing writing. For the Linux
client, it then sends a LayoutError RPC to the MDS server to
tell it about the error and keeps retrying, doing repeated
LayoutGets to the MDS and Write RPCs to the DS. The Linux client is
"stuck" until disk space on the DS is free'd up unless
a subsequent LayoutGet request is sent a NFSERR_NOSPC
reply.
The looping problem still occurs for NFSv4.1 mounts, but no
fix for this is known at this time.

This patch changes the pNFS MDS server to reply to LayoutGet
operations with NFSERR_NOSPC once a LayoutError reports the
problem, until the DS has available space. This keeps the Linux
NFSv4.2 from looping.

Found during recent testing because of issues w.r.t. a DS
being out of space found during a recent IEFT NFSv4 working
group testing event.

MFC after: 2 weeks

show more ...

vfs: Add "ioflag" and "cred" arguments to VOP_ALLOCATE

When the NFSv4.2 server does a VOP_ALLOCATE(), it needs
the operation to be done for the RPC's credential and not
td_ucred. It also needs the w

vfs: Add "ioflag" and "cred" arguments to VOP_ALLOCATE

When the NFSv4.2 server does a VOP_ALLOCATE(), it needs
the operation to be done for the RPC's credential and not
td_ucred. It also needs the writing to be done synchronously.

This patch adds "ioflag" and "cred" arguments to VOP_ALLOCATE()
and modifies vop_stdallocate() to use these arguments.

The VOP_ALLOCATE.9 man page will be patched separately.

Reviewed by: khng, kib
Differential Revision: https://reviews.freebsd.org/D32865

show more ...

vfs: remove cn_thread

It is always curthread.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D32453

nfsd: Fix pNFS handling of Deallocate

For a pNFS server configuration, an NFSv4.2 Deallocate operation
is proxied to the DS(s). The code that parsed the reply for the
proxy RPC is broken and did no

nfsd: Fix pNFS handling of Deallocate

For a pNFS server configuration, an NFSv4.2 Deallocate operation
is proxied to the DS(s). The code that parsed the reply for the
proxy RPC is broken and did not process the pre-operation attributes.

This patch fixes this problem.

This bug would only affect pNFS servers built from recent main/FreeBSD14
sources.

show more ...