search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-rpcclient: Fix Bug #7277. rpcclient was sending invalid data, causing cupsaddsmb...
[Samba.git] / source3 / modules / vfs_aio_fork.c
blobc725fa6b9061ea74ec882e67b208a3e6d81df362
1 /*
2 * Simulate the Posix AIO using mmap/fork
3 *
4 * Copyright (C) Volker Lendecke 2008
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22
23 struct mmap_area {
24 size_t size;
25 volatile void *ptr;
26 };
27
28 static int mmap_area_destructor(struct mmap_area *area)
29 {
30 munmap((void *)area->ptr, area->size);
31 return 0;
32 }
33
34 static struct mmap_area *mmap_area_init(TALLOC_CTX *mem_ctx, size_t size)
35 {
36 struct mmap_area *result;
37 int fd;
38
39 result = talloc(mem_ctx, struct mmap_area);
40 if (result == NULL) {
41 DEBUG(0, ("talloc failed\n"));
42 goto fail;
43 }
44
45 fd = open("/dev/zero", O_RDWR);
46 if (fd == -1) {
47 DEBUG(3, ("open(\"/dev/zero\") failed: %s\n",
48 strerror(errno)));
49 goto fail;
50 }
51
52 result->ptr = mmap(NULL, size, PROT_READ|PROT_WRITE,
53 MAP_SHARED|MAP_FILE, fd, 0);
54 if (result->ptr == MAP_FAILED) {
55 DEBUG(1, ("mmap failed: %s\n", strerror(errno)));
56 goto fail;
57 }
58
59 close(fd);
60
61 result->size = size;
62 talloc_set_destructor(result, mmap_area_destructor);
63
64 return result;
65
66 fail:
67 TALLOC_FREE(result);
68 return NULL;
69 }
70
71 struct rw_cmd {
72 size_t n;
73 SMB_OFF_T offset;
74 bool read_cmd;
75 };
76
77 struct rw_ret {
78 ssize_t size;
79 int ret_errno;
80 };
81
82 struct aio_child_list;
83
84 struct aio_child {
85 struct aio_child *prev, *next;
86 struct aio_child_list *list;
87 SMB_STRUCT_AIOCB *aiocb;
88 pid_t pid;
89 int sockfd;
90 struct fd_event *sock_event;
91 struct rw_ret retval;
92 struct mmap_area *map; /* ==NULL means write request */
93 bool dont_delete; /* Marked as in use since last cleanup */
94 bool cancelled;
95 bool read_cmd;
96 };
97
98 struct aio_child_list {
99 struct aio_child *children;
100 struct timed_event *cleanup_event;
101 };
102
103 static void free_aio_children(void **p)
104 {
105 TALLOC_FREE(*p);
106 }
107
108 static ssize_t read_fd(int fd, void *ptr, size_t nbytes, int *recvfd)
109 {
110 struct msghdr msg;
111 struct iovec iov[1];
112 ssize_t n;
113 #ifndef HAVE_MSGHDR_MSG_CONTROL
114 int newfd;
115 #endif
116
117 #ifdef HAVE_MSGHDR_MSG_CONTROL
118 union {
119 struct cmsghdr cm;
120 char control[CMSG_SPACE(sizeof(int))];
121 } control_un;
122 struct cmsghdr *cmptr;
123
124 msg.msg_control = control_un.control;
125 msg.msg_controllen = sizeof(control_un.control);
126 #else
127 #if HAVE_MSGHDR_MSG_ACCTRIGHTS
128 msg.msg_accrights = (caddr_t) &newfd;
129 msg.msg_accrightslen = sizeof(int);
130 #else
131 #error Can not pass file descriptors
132 #endif
133 #endif
134
135 msg.msg_name = NULL;
136 msg.msg_namelen = 0;
137
138 iov[0].iov_base = (void *)ptr;
139 iov[0].iov_len = nbytes;
140 msg.msg_iov = iov;
141 msg.msg_iovlen = 1;
142
143 if ( (n = recvmsg(fd, &msg, 0)) <= 0) {
144 return(n);
145 }
146
147 #ifdef HAVE_MSGHDR_MSG_CONTROL
148 if ((cmptr = CMSG_FIRSTHDR(&msg)) != NULL
149 && cmptr->cmsg_len == CMSG_LEN(sizeof(int))) {
150 if (cmptr->cmsg_level != SOL_SOCKET) {
151 DEBUG(10, ("control level != SOL_SOCKET"));
152 errno = EINVAL;
153 return -1;
154 }
155 if (cmptr->cmsg_type != SCM_RIGHTS) {
156 DEBUG(10, ("control type != SCM_RIGHTS"));
157 errno = EINVAL;
158 return -1;
159 }
160 *recvfd = *((int *) CMSG_DATA(cmptr));
161 } else {
162 *recvfd = -1; /* descriptor was not passed */
163 }
164 #else
165 if (msg.msg_accrightslen == sizeof(int)) {
166 *recvfd = newfd;
167 }
168 else {
169 *recvfd = -1; /* descriptor was not passed */
170 }
171 #endif
172
173 return(n);
174 }
175
176 static ssize_t write_fd(int fd, void *ptr, size_t nbytes, int sendfd)
177 {
178 struct msghdr msg;
179 struct iovec iov[1];
180
181 #ifdef HAVE_MSGHDR_MSG_CONTROL
182 union {
183 struct cmsghdr cm;
184 char control[CMSG_SPACE(sizeof(int))];
185 } control_un;
186 struct cmsghdr *cmptr;
187
188 ZERO_STRUCT(msg);
189 ZERO_STRUCT(control_un);
190
191 msg.msg_control = control_un.control;
192 msg.msg_controllen = sizeof(control_un.control);
193
194 cmptr = CMSG_FIRSTHDR(&msg);
195 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
196 cmptr->cmsg_level = SOL_SOCKET;
197 cmptr->cmsg_type = SCM_RIGHTS;
198 *((int *) CMSG_DATA(cmptr)) = sendfd;
199 #else
200 ZERO_STRUCT(msg);
201 msg.msg_accrights = (caddr_t) &sendfd;
202 msg.msg_accrightslen = sizeof(int);
203 #endif
204
205 msg.msg_name = NULL;
206 msg.msg_namelen = 0;
207
208 ZERO_STRUCT(iov);
209 iov[0].iov_base = (void *)ptr;
210 iov[0].iov_len = nbytes;
211 msg.msg_iov = iov;
212 msg.msg_iovlen = 1;
213
214 return (sendmsg(fd, &msg, 0));
215 }
216
217 static void aio_child_cleanup(struct event_context *event_ctx,
218 struct timed_event *te,
219 struct timeval now,
220 void *private_data)
221 {
222 struct aio_child_list *list = talloc_get_type_abort(
223 private_data, struct aio_child_list);
224 struct aio_child *child, *next;
225
226 TALLOC_FREE(list->cleanup_event);
227
228 for (child = list->children; child != NULL; child = next) {
229 next = child->next;
230
231 if (child->aiocb != NULL) {
232 DEBUG(10, ("child %d currently active\n",
233 (int)child->pid));
234 continue;
235 }
236
237 if (child->dont_delete) {
238 DEBUG(10, ("Child %d was active since last cleanup\n",
239 (int)child->pid));
240 child->dont_delete = false;
241 continue;
242 }
243
244 DEBUG(10, ("Child %d idle for more than 30 seconds, "
245 "deleting\n", (int)child->pid));
246
247 TALLOC_FREE(child);
248 }
249
250 if (list->children != NULL) {
251 /*
252 * Re-schedule the next cleanup round
253 */
254 list->cleanup_event = event_add_timed(smbd_event_context(), list,
255 timeval_add(&now, 30, 0),
256 aio_child_cleanup, list);
257
258 }
259 }
260
261 static struct aio_child_list *init_aio_children(struct vfs_handle_struct *handle)
262 {
263 struct aio_child_list *data = NULL;
264
265 if (SMB_VFS_HANDLE_TEST_DATA(handle)) {
266 SMB_VFS_HANDLE_GET_DATA(handle, data, struct aio_child_list,
267 return NULL);
268 }
269
270 if (data == NULL) {
271 data = TALLOC_ZERO_P(NULL, struct aio_child_list);
272 if (data == NULL) {
273 return NULL;
274 }
275 }
276
277 /*
278 * Regardless of whether the child_list had been around or not, make
279 * sure that we have a cleanup timed event. This timed event will
280 * delete itself when it finds that no children are around anymore.
281 */
282
283 if (data->cleanup_event == NULL) {
284 data->cleanup_event = event_add_timed(smbd_event_context(), data,
285 timeval_current_ofs(30, 0),
286 aio_child_cleanup, data);
287 if (data->cleanup_event == NULL) {
288 TALLOC_FREE(data);
289 return NULL;
290 }
291 }
292
293 if (!SMB_VFS_HANDLE_TEST_DATA(handle)) {
294 SMB_VFS_HANDLE_SET_DATA(handle, data, free_aio_children,
295 struct aio_child_list, return False);
296 }
297
298 return data;
299 }
300
301 static void aio_child_loop(int sockfd, struct mmap_area *map)
302 {
303 while (true) {
304 int fd = -1;
305 ssize_t ret;
306 struct rw_cmd cmd_struct;
307 struct rw_ret ret_struct;
308
309 ret = read_fd(sockfd, &cmd_struct, sizeof(cmd_struct), &fd);
310 if (ret != sizeof(cmd_struct)) {
311 DEBUG(10, ("read_fd returned %d: %s\n", (int)ret,
312 strerror(errno)));
313 exit(1);
314 }
315
316 DEBUG(10, ("aio_child_loop: %s %d bytes at %d from fd %d\n",
317 cmd_struct.read_cmd ? "read" : "write",
318 (int)cmd_struct.n, (int)cmd_struct.offset, fd));
319
320 #ifdef ENABLE_BUILD_FARM_HACKS
321 {
322 /*
323 * In the build farm, we want erratic behaviour for
324 * async I/O times
325 */
326 uint8_t randval;
327 unsigned msecs;
328 /*
329 * use generate_random_buffer, we just forked from a
330 * common parent state
331 */
332 generate_random_buffer(&randval, sizeof(randval));
333 msecs = randval + 20;
334 DEBUG(10, ("delaying for %u msecs\n", msecs));
335 smb_msleep(msecs);
336 }
337 #endif
338
339
340 ZERO_STRUCT(ret_struct);
341
342 if (cmd_struct.read_cmd) {
343 ret_struct.size = sys_pread(
344 fd, (void *)map->ptr, cmd_struct.n,
345 cmd_struct.offset);
346 #ifdef ENABLE_BUILD_FARM_HACKS
347 ret_struct.size = MAX(1, ret_struct.size * 0.9);
348 #endif
349 }
350 else {
351 ret_struct.size = sys_pwrite(
352 fd, (void *)map->ptr, cmd_struct.n,
353 cmd_struct.offset);
354 }
355
356 DEBUG(10, ("aio_child_loop: syscall returned %d\n",
357 (int)ret_struct.size));
358
359 if (ret_struct.size == -1) {
360 ret_struct.ret_errno = errno;
361 }
362
363 /*
364 * Close the fd before telling our parent we're done. The
365 * parent might close and re-open the file very quickly, and
366 * with system-level share modes (GPFS) we would get an
367 * unjustified SHARING_VIOLATION.
368 */
369 close(fd);
370
371 ret = write_data(sockfd, (char *)&ret_struct,
372 sizeof(ret_struct));
373 if (ret != sizeof(ret_struct)) {
374 DEBUG(10, ("could not write ret_struct: %s\n",
375 strerror(errno)));
376 exit(2);
377 }
378 }
379 }
380
381 static void handle_aio_completion(struct event_context *event_ctx,
382 struct fd_event *event, uint16 flags,
383 void *p)
384 {
385 struct aio_child *child = (struct aio_child *)p;
386 uint16 mid;
387
388 DEBUG(10, ("handle_aio_completion called with flags=%d\n", flags));
389
390 if ((flags & EVENT_FD_READ) == 0) {
391 return;
392 }
393
394 if (!NT_STATUS_IS_OK(read_data(child->sockfd,
395 (char *)&child->retval,
396 sizeof(child->retval)))) {
397 DEBUG(0, ("aio child %d died\n", (int)child->pid));
398 child->retval.size = -1;
399 child->retval.ret_errno = EIO;
400 }
401
402 if (child->cancelled) {
403 child->aiocb = NULL;
404 child->cancelled = false;
405 return;
406 }
407
408 if (child->read_cmd && (child->retval.size > 0)) {
409 SMB_ASSERT(child->retval.size <= child->aiocb->aio_nbytes);
410 memcpy((void *)child->aiocb->aio_buf, (void *)child->map->ptr,
411 child->retval.size);
412 }
413
414 mid = child->aiocb->aio_sigevent.sigev_value.sival_int;
415
416 DEBUG(10, ("mid %d finished\n", (int)mid));
417
418 smbd_aio_complete_mid(mid);
419 }
420
421 static int aio_child_destructor(struct aio_child *child)
422 {
423 SMB_ASSERT((child->aiocb == NULL) || child->cancelled);
424 close(child->sockfd);
425 DLIST_REMOVE(child->list->children, child);
426 return 0;
427 }
428
429 /*
430 * We have to close all fd's in open files, we might incorrectly hold a system
431 * level share mode on a file.
432 */
433
434 static struct files_struct *close_fsp_fd(struct files_struct *fsp,
435 void *private_data)
436 {
437 if ((fsp->fh != NULL) && (fsp->fh->fd != -1)) {
438 close(fsp->fh->fd);
439 fsp->fh->fd = -1;
440 }
441 return NULL;
442 }
443
444 static NTSTATUS create_aio_child(struct aio_child_list *children,
445 size_t map_size,
446 struct aio_child **presult)
447 {
448 struct aio_child *result;
449 int fdpair[2];
450 NTSTATUS status;
451
452 fdpair[0] = fdpair[1] = -1;
453
454 result = TALLOC_ZERO_P(children, struct aio_child);
455 NT_STATUS_HAVE_NO_MEMORY(result);
456
457 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) == -1) {
458 status = map_nt_error_from_unix(errno);
459 DEBUG(10, ("socketpair() failed: %s\n", strerror(errno)));
460 goto fail;
461 }
462
463 DEBUG(10, ("fdpair = %d/%d\n", fdpair[0], fdpair[1]));
464
465 result->map = mmap_area_init(result, map_size);
466 if (result->map == NULL) {
467 status = map_nt_error_from_unix(errno);
468 DEBUG(0, ("Could not create mmap area\n"));
469 goto fail;
470 }
471
472 result->pid = sys_fork();
473 if (result->pid == -1) {
474 status = map_nt_error_from_unix(errno);
475 DEBUG(0, ("fork failed: %s\n", strerror(errno)));
476 goto fail;
477 }
478
479 if (result->pid == 0) {
480 close(fdpair[0]);
481 result->sockfd = fdpair[1];
482 file_walk_table(close_fsp_fd, NULL);
483 aio_child_loop(result->sockfd, result->map);
484 }
485
486 DEBUG(10, ("Child %d created\n", result->pid));
487
488 result->sockfd = fdpair[0];
489 close(fdpair[1]);
490
491 result->sock_event = event_add_fd(smbd_event_context(), result,
492 result->sockfd, EVENT_FD_READ,
493 handle_aio_completion,
494 result);
495 if (result->sock_event == NULL) {
496 status = NT_STATUS_NO_MEMORY;
497 DEBUG(0, ("event_add_fd failed\n"));
498 goto fail;
499 }
500
501 result->list = children;
502 DLIST_ADD(children->children, result);
503
504 talloc_set_destructor(result, aio_child_destructor);
505
506 *presult = result;
507
508 return NT_STATUS_OK;
509
510 fail:
511 if (fdpair[0] != -1) close(fdpair[0]);
512 if (fdpair[1] != -1) close(fdpair[1]);
513 TALLOC_FREE(result);
514
515 return status;
516 }
517
518 static NTSTATUS get_idle_child(struct vfs_handle_struct *handle,
519 struct aio_child **pchild)
520 {
521 struct aio_child_list *children;
522 struct aio_child *child;
523 NTSTATUS status;
524
525 children = init_aio_children(handle);
526 if (children == NULL) {
527 return NT_STATUS_NO_MEMORY;
528 }
529
530 for (child = children->children; child != NULL; child = child->next) {
531 if (child->aiocb == NULL) {
532 /* idle */
533 break;
534 }
535 }
536
537 if (child == NULL) {
538 DEBUG(10, ("no idle child found, creating new one\n"));
539
540 status = create_aio_child(children, 128*1024, &child);
541 if (!NT_STATUS_IS_OK(status)) {
542 DEBUG(10, ("create_aio_child failed: %s\n",
543 nt_errstr(status)));
544 return status;
545 }
546 }
547
548 child->dont_delete = true;
549
550 *pchild = child;
551 return NT_STATUS_OK;
552 }
553
554 static int aio_fork_read(struct vfs_handle_struct *handle,
555 struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
556 {
557 struct aio_child *child;
558 struct rw_cmd cmd;
559 ssize_t ret;
560 NTSTATUS status;
561
562 if (aiocb->aio_nbytes > 128*1024) {
563 /* TODO: support variable buffers */
564 errno = EINVAL;
565 return -1;
566 }
567
568 status = get_idle_child(handle, &child);
569 if (!NT_STATUS_IS_OK(status)) {
570 DEBUG(10, ("Could not get an idle child\n"));
571 return -1;
572 }
573
574 child->read_cmd = true;
575 child->aiocb = aiocb;
576 child->retval.ret_errno = EINPROGRESS;
577
578 ZERO_STRUCT(cmd);
579 cmd.n = aiocb->aio_nbytes;
580 cmd.offset = aiocb->aio_offset;
581 cmd.read_cmd = child->read_cmd;
582
583 DEBUG(10, ("sending fd %d to child %d\n", fsp->fh->fd,
584 (int)child->pid));
585
586 ret = write_fd(child->sockfd, &cmd, sizeof(cmd), fsp->fh->fd);
587 if (ret == -1) {
588 DEBUG(10, ("write_fd failed: %s\n", strerror(errno)));
589 return -1;
590 }
591
592 return 0;
593 }
594
595 static int aio_fork_write(struct vfs_handle_struct *handle,
596 struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
597 {
598 struct aio_child *child;
599 struct rw_cmd cmd;
600 ssize_t ret;
601 NTSTATUS status;
602
603 if (aiocb->aio_nbytes > 128*1024) {
604 /* TODO: support variable buffers */
605 errno = EINVAL;
606 return -1;
607 }
608
609 status = get_idle_child(handle, &child);
610 if (!NT_STATUS_IS_OK(status)) {
611 DEBUG(10, ("Could not get an idle child\n"));
612 return -1;
613 }
614
615 child->read_cmd = false;
616 child->aiocb = aiocb;
617 child->retval.ret_errno = EINPROGRESS;
618
619 memcpy((void *)child->map->ptr, (void *)aiocb->aio_buf,
620 aiocb->aio_nbytes);
621
622 ZERO_STRUCT(cmd);
623 cmd.n = aiocb->aio_nbytes;
624 cmd.offset = aiocb->aio_offset;
625 cmd.read_cmd = child->read_cmd;
626
627 DEBUG(10, ("sending fd %d to child %d\n", fsp->fh->fd,
628 (int)child->pid));
629
630 ret = write_fd(child->sockfd, &cmd, sizeof(cmd), fsp->fh->fd);
631 if (ret == -1) {
632 DEBUG(10, ("write_fd failed: %s\n", strerror(errno)));
633 return -1;
634 }
635
636 return 0;
637 }
638
639 static struct aio_child *aio_fork_find_child(struct vfs_handle_struct *handle,
640 SMB_STRUCT_AIOCB *aiocb)
641 {
642 struct aio_child_list *children;
643 struct aio_child *child;
644
645 children = init_aio_children(handle);
646 if (children == NULL) {
647 return NULL;
648 }
649
650 for (child = children->children; child != NULL; child = child->next) {
651 if (child->aiocb == aiocb) {
652 return child;
653 }
654 }
655
656 return NULL;
657 }
658
659 static ssize_t aio_fork_return_fn(struct vfs_handle_struct *handle,
660 struct files_struct *fsp,
661 SMB_STRUCT_AIOCB *aiocb)
662 {
663 struct aio_child *child = aio_fork_find_child(handle, aiocb);
664
665 if (child == NULL) {
666 errno = EINVAL;
667 DEBUG(0, ("returning EINVAL\n"));
668 return -1;
669 }
670
671 child->aiocb = NULL;
672
673 if (child->retval.size == -1) {
674 errno = child->retval.ret_errno;
675 }
676
677 return child->retval.size;
678 }
679
680 static int aio_fork_cancel(struct vfs_handle_struct *handle,
681 struct files_struct *fsp,
682 SMB_STRUCT_AIOCB *aiocb)
683 {
684 struct aio_child_list *children;
685 struct aio_child *child;
686
687 children = init_aio_children(handle);
688 if (children == NULL) {
689 errno = EINVAL;
690 return -1;
691 }
692
693 for (child = children->children; child != NULL; child = child->next) {
694 if (child->aiocb == NULL) {
695 continue;
696 }
697 if (child->aiocb->aio_fildes != fsp->fh->fd) {
698 continue;
699 }
700 if ((aiocb != NULL) && (child->aiocb != aiocb)) {
701 continue;
702 }
703
704 /*
705 * We let the child do its job, but we discard the result when
706 * it's finished.
707 */
708
709 child->cancelled = true;
710 }
711
712 return AIO_CANCELED;
713 }
714
715 static int aio_fork_error_fn(struct vfs_handle_struct *handle,
716 struct files_struct *fsp,
717 SMB_STRUCT_AIOCB *aiocb)
718 {
719 struct aio_child *child = aio_fork_find_child(handle, aiocb);
720
721 if (child == NULL) {
722 errno = EINVAL;
723 return -1;
724 }
725
726 return child->retval.ret_errno;
727 }
728
729 static struct vfs_fn_pointers vfs_aio_fork_fns = {
730 .aio_read = aio_fork_read,
731 .aio_write = aio_fork_write,
732 .aio_return_fn = aio_fork_return_fn,
733 .aio_cancel = aio_fork_cancel,
734 .aio_error_fn = aio_fork_error_fn,
735 };
736
737 NTSTATUS vfs_aio_fork_init(void);
738 NTSTATUS vfs_aio_fork_init(void)
739 {
740 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
741 "aio_fork", &vfs_aio_fork_fns);
742 }
Samba GIT mirror