search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3 onefs: Turn up the debug level for non-error cases
[Samba.git] / source3 / modules / onefs_system.c
blobcf99a27a87c3edc800984c3a54f4daf7c0f040b3
1 /*
2 * Unix SMB/CIFS implementation.
3 * Support for OneFS system interfaces.
4 *
5 * Copyright (C) Tim Prouty, 2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "onefs.h"
23 #include "onefs_config.h"
24 #include "oplock_onefs.h"
25
26 #include <ifs/ifs_syscalls.h>
27 #include <isi_acl/isi_acl_util.h>
28 #include <sys/isi_acl.h>
29
30 /*
31 * Initialize the sm_lock struct before passing it to ifs_createfile.
32 */
33 static void smlock_init(connection_struct *conn, struct sm_lock *sml,
34 bool isexe, uint32_t access_mask, uint32_t share_access,
35 uint32_t create_options)
36 {
37 sml->sm_type.doc = false;
38 sml->sm_type.isexe = isexe;
39 sml->sm_type.statonly = is_stat_open(access_mask);
40 sml->sm_type.access_mask = access_mask;
41 sml->sm_type.share_access = share_access;
42
43 /*
44 * private_options was previously used for DENY_DOS/DENY_FCB checks in
45 * the kernel, but are now properly handled by fcb_or_dos_open. In
46 * these cases, ifs_createfile will return a sharing violation, which
47 * gives fcb_or_dos_open the chance to open a duplicate file handle.
48 */
49 sml->sm_type.private_options = 0;
50
51 /* 1 second delay is handled in onefs_open.c by deferring the open */
52 sml->sm_timeout = timeval_set(0, 0);
53 }
54
55 static void smlock_dump(int debuglevel, const struct sm_lock *sml)
56 {
57 if (sml == NULL) {
58 DEBUG(debuglevel, ("sml == NULL\n"));
59 return;
60 }
61
62 DEBUG(debuglevel,
63 ("smlock: doc=%s, isexec=%s, statonly=%s, access_mask=0x%x, "
64 "share_access=0x%x, private_options=0x%x timeout=%d/%d\n",
65 sml->sm_type.doc ? "True" : "False",
66 sml->sm_type.isexe ? "True" : "False",
67 sml->sm_type.statonly ? "True" : "False",
68 sml->sm_type.access_mask,
69 sml->sm_type.share_access,
70 sml->sm_type.private_options,
71 (int)sml->sm_timeout.tv_sec,
72 (int)sml->sm_timeout.tv_usec));
73 }
74
75 /**
76 * External interface to ifs_createfile
77 */
78 int onefs_sys_create_file(connection_struct *conn,
79 int base_fd,
80 const char *path,
81 uint32_t access_mask,
82 uint32_t open_access_mask,
83 uint32_t share_access,
84 uint32_t create_options,
85 int flags,
86 mode_t mode,
87 int oplock_request,
88 uint64_t id,
89 struct security_descriptor *sd,
90 uint32_t dos_flags,
91 int *granted_oplock)
92 {
93 struct sm_lock sml, *psml = NULL;
94 enum oplock_type onefs_oplock;
95 enum oplock_type onefs_granted_oplock = OPLOCK_NONE;
96 struct ifs_security_descriptor ifs_sd = {}, *pifs_sd = NULL;
97 int secinfo = 0;
98 int ret_fd = -1;
99 uint32_t onefs_dos_attributes;
100 struct ifs_createfile_flags cf_flags = CF_FLAGS_NONE;
101
102 START_PROFILE(syscall_createfile);
103
104 /* Setup security descriptor and get secinfo. */
105 if (sd != NULL) {
106 NTSTATUS status;
107
108 secinfo = (get_sec_info(sd) & IFS_SEC_INFO_KNOWN_MASK);
109
110 status = onefs_samba_sd_to_sd(secinfo, sd, &ifs_sd, SNUM(conn));
111
112 if (!NT_STATUS_IS_OK(status)) {
113 DEBUG(1, ("SD initialization failure: %s\n",
114 nt_errstr(status)));
115 errno = EINVAL;
116 goto out;
117 }
118
119 pifs_sd = &ifs_sd;
120 }
121
122 /* Stripping off private bits will be done for us. */
123 onefs_oplock = onefs_samba_oplock_to_oplock(oplock_request);
124
125 if (!lp_oplocks(SNUM(conn))) {
126 SMB_ASSERT(onefs_oplock == OPLOCK_NONE);
127 }
128
129 /* Convert samba dos flags to UF_DOS_* attributes. */
130 onefs_dos_attributes = dos_attributes_to_stat_dos_flags(dos_flags);
131
132 /**
133 * Deal with kernel creating Default ACLs. (Isilon bug 47447.)
134 *
135 * 1) "nt acl support = no", default_acl = no
136 * 2) "inherit permissions = yes", default_acl = no
137 */
138 if (lp_nt_acl_support(SNUM(conn)) && !lp_inherit_perms(SNUM(conn)))
139 cf_flags = cf_flags_or(cf_flags, CF_FLAGS_DEFAULT_ACL);
140
141 /*
142 * Some customer workflows require the execute bit to be ignored.
143 */
144 if (lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
145 PARM_ALLOW_EXECUTE_ALWAYS,
146 PARM_ALLOW_EXECUTE_ALWAYS_DEFAULT) &&
147 (open_access_mask & FILE_EXECUTE)) {
148
149 DEBUG(3, ("Stripping execute bit from %s: (0x%x)\n", path,
150 open_access_mask));
151
152 /* Strip execute. */
153 open_access_mask &= ~FILE_EXECUTE;
154
155 /*
156 * Add READ_DATA, so we're not left with desired_access=0. An
157 * execute call should imply the client will read the data.
158 */
159 open_access_mask |= FILE_READ_DATA;
160
161 DEBUGADD(3, ("New stripped access mask: 0x%x\n",
162 open_access_mask));
163 }
164
165 DEBUG(10,("onefs_sys_create_file: base_fd = %d, fname = %s"
166 "open_access_mask = 0x%x, flags = 0x%x, mode = 0%o, "
167 "desired_oplock = %s, id = 0x%x, secinfo = 0x%x, sd = %p, "
168 "dos_attributes = 0x%x, path = %s, "
169 "default_acl=%s\n", base_fd, path,
170 (unsigned int)open_access_mask,
171 (unsigned int)flags,
172 (unsigned int)mode,
173 onefs_oplock_str(onefs_oplock),
174 (unsigned int)id,
175 (unsigned int)secinfo, sd,
176 (unsigned int)onefs_dos_attributes, path,
177 cf_flags_and_bool(cf_flags, CF_FLAGS_DEFAULT_ACL) ?
178 "true" : "false"));
179
180 /* Initialize smlock struct for files/dirs but not internal opens */
181 if (!(oplock_request & INTERNAL_OPEN_ONLY)) {
182 smlock_init(conn, &sml, is_executable(path), access_mask,
183 share_access, create_options);
184 psml = &sml;
185 }
186
187 smlock_dump(10, psml);
188
189 ret_fd = ifs_createfile(base_fd, path,
190 (enum ifs_ace_rights)open_access_mask, flags & ~O_ACCMODE, mode,
191 onefs_oplock, id, psml, secinfo, pifs_sd, onefs_dos_attributes,
192 cf_flags, &onefs_granted_oplock);
193
194 DEBUG(10,("onefs_sys_create_file(%s): ret_fd = %d, "
195 "onefs_granted_oplock = %s\n",
196 ret_fd < 0 ? strerror(errno) : "success", ret_fd,
197 onefs_oplock_str(onefs_granted_oplock)));
198
199 if (granted_oplock) {
200 *granted_oplock =
201 onefs_oplock_to_samba_oplock(onefs_granted_oplock);
202 }
203
204 out:
205 END_PROFILE(syscall_createfile);
206 aclu_free_sd(pifs_sd, false);
207
208 return ret_fd;
209 }
210
211 /**
212 * FreeBSD based sendfile implementation that allows for atomic semantics.
213 */
214 static ssize_t onefs_sys_do_sendfile(int tofd, int fromfd,
215 const DATA_BLOB *header, SMB_OFF_T offset, size_t count, bool atomic)
216 {
217 size_t total=0;
218 struct sf_hdtr hdr;
219 struct iovec hdtrl;
220 size_t hdr_len = 0;
221 int flags = 0;
222
223 if (atomic) {
224 flags = SF_ATOMIC;
225 }
226
227 hdr.headers = &hdtrl;
228 hdr.hdr_cnt = 1;
229 hdr.trailers = NULL;
230 hdr.trl_cnt = 0;
231
232 /* Set up the header iovec. */
233 if (header) {
234 hdtrl.iov_base = header->data;
235 hdtrl.iov_len = hdr_len = header->length;
236 } else {
237 hdtrl.iov_base = NULL;
238 hdtrl.iov_len = 0;
239 }
240
241 total = count;
242 while (total + hdtrl.iov_len) {
243 SMB_OFF_T nwritten;
244 int ret;
245
246 /*
247 * FreeBSD sendfile returns 0 on success, -1 on error.
248 * Remember, the tofd and fromfd are reversed..... :-).
249 * nwritten includes the header data sent.
250 */
251
252 do {
253 ret = sendfile(fromfd, tofd, offset, total, &hdr,
254 &nwritten, flags);
255 } while (ret == -1 && errno == EINTR);
256
257 /* On error we're done. */
258 if (ret == -1) {
259 return -1;
260 }
261
262 /*
263 * If this was an ATOMIC sendfile, nwritten doesn't
264 * necessarily indicate an error. It could mean count > than
265 * what sendfile can handle atomically (usually 64K) or that
266 * there was a short read due to the file being truncated.
267 */
268 if (nwritten == 0) {
269 return atomic ? 0 : -1;
270 }
271
272 /*
273 * An atomic sendfile should never send partial data!
274 */
275 if (atomic && nwritten != total + hdtrl.iov_len) {
276 DEBUG(0,("Atomic sendfile() sent partial data: "
277 "%llu of %d\n", nwritten,
278 total + hdtrl.iov_len));
279 return -1;
280 }
281
282 /*
283 * If this was a short (signal interrupted) write we may need
284 * to subtract it from the header data, or null out the header
285 * data altogether if we wrote more than hdtrl.iov_len bytes.
286 * We change nwritten to be the number of file bytes written.
287 */
288
289 if (hdtrl.iov_base && hdtrl.iov_len) {
290 if (nwritten >= hdtrl.iov_len) {
291 nwritten -= hdtrl.iov_len;
292 hdtrl.iov_base = NULL;
293 hdtrl.iov_len = 0;
294 } else {
295 hdtrl.iov_base =
296 (caddr_t)hdtrl.iov_base + nwritten;
297 hdtrl.iov_len -= nwritten;
298 nwritten = 0;
299 }
300 }
301 total -= nwritten;
302 offset += nwritten;
303 }
304 return count + hdr_len;
305 }
306
307 /**
308 * Handles the subtleties of using sendfile with CIFS.
309 */
310 ssize_t onefs_sys_sendfile(connection_struct *conn, int tofd, int fromfd,
311 const DATA_BLOB *header, SMB_OFF_T offset,
312 size_t count)
313 {
314 bool atomic = false;
315 ssize_t ret = 0;
316
317 START_PROFILE_BYTES(syscall_sendfile, count);
318
319 if (lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
320 PARM_ATOMIC_SENDFILE,
321 PARM_ATOMIC_SENDFILE_DEFAULT)) {
322 atomic = true;
323 }
324
325 /* Try the sendfile */
326 ret = onefs_sys_do_sendfile(tofd, fromfd, header, offset, count,
327 atomic);
328
329 /* If the sendfile wasn't atomic, we're done. */
330 if (!atomic) {
331 DEBUG(10, ("non-atomic sendfile read %ul bytes\n", ret));
332 END_PROFILE(syscall_sendfile);
333 return ret;
334 }
335
336 /*
337 * Atomic sendfile takes care to not write anything to the socket
338 * until all of the requested bytes have been read from the file.
339 * There are two atomic cases that need to be handled.
340 *
341 * 1. The file was truncated causing less data to be read than was
342 * requested. In this case, we return back to the caller to
343 * indicate 0 bytes were written to the socket. This should
344 * prompt the caller to fallback to the standard read path: read
345 * the data, create a header that indicates how many bytes were
346 * actually read, and send the header/data back to the client.
347 *
348 * This saves us from standard sendfile behavior of sending a
349 * header promising more data then will actually be sent. The
350 * only two options are to close the socket and kill the client
351 * connection, or write a bunch of 0s. Closing the client
352 * connection is bad because there could actually be multiple
353 * sessions multiplexed from the same client that are all dropped
354 * because of a truncate. Writing the remaining data as 0s also
355 * isn't good, because the client will have an incorrect version
356 * of the file. If the file is written back to the server, the 0s
357 * will be written back. Fortunately, atomic sendfile allows us
358 * to avoid making this choice in most cases.
359 *
360 * 2. One downside of atomic sendfile, is that there is a limit on
361 * the number of bytes that can be sent atomically. The kernel
362 * has a limited amount of mbuf space that it can read file data
363 * into without exhausting the system's mbufs, so a buffer of
364 * length xfsize is used. The xfsize at the time of writing this
365 * is 64K. xfsize bytes are read from the file, and subsequently
366 * written to the socket. This makes it impossible to do the
367 * sendfile atomically for a byte count > xfsize.
368 *
369 * To cope with large requests, atomic sendfile returns -1 with
370 * errno set to E2BIG. Since windows maxes out at 64K writes,
371 * this is currently only a concern with non-windows clients.
372 * Posix extensions allow the full 24bit bytecount field to be
373 * used in ReadAndX, and clients such as smbclient and the linux
374 * cifs client can request up to 16MB reads! There are a few
375 * options for handling large sendfile requests.
376 *
377 * a. Fall back to the standard read path. This is unacceptable
378 * because it would require prohibitively large mallocs.
379 *
380 * b. Fall back to using samba's fake_send_file which emulates
381 * the kernel sendfile in userspace. This still has the same
382 * problem of sending the header before all of the data has
383 * been read, so it doesn't buy us anything, and has worse
384 * performance than the kernel's zero-copy sendfile.
385 *
386 * c. Use non-atomic sendfile syscall to attempt a zero copy
387 * read, and hope that there isn't a short read due to
388 * truncation. In the case of a short read, there are two
389 * options:
390 *
391 * 1. Kill the client connection
392 *
393 * 2. Write zeros to the socket for the remaining bytes
394 * promised in the header.
395 *
396 * It is safer from a data corruption perspective to kill the
397 * client connection, so this is our default behavior, but if
398 * this causes problems this can be configured to write zeros
399 * via smb.conf.
400 */
401
402 /* Handle case 1: short read -> truncated file. */
403 if (ret == 0) {
404 END_PROFILE(syscall_sendfile);
405 return ret;
406 }
407
408 /* Handle case 2: large read. */
409 if (ret == -1 && errno == E2BIG) {
410
411 if (!lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
412 PARM_SENDFILE_LARGE_READS,
413 PARM_SENDFILE_LARGE_READS_DEFAULT)) {
414 DEBUG(3, ("Not attempting non-atomic large sendfile: "
415 "%lu bytes\n", count));
416 END_PROFILE(syscall_sendfile);
417 return 0;
418 }
419
420 if (count < 0x10000) {
421 DEBUG(0, ("Count < 2^16 and E2BIG was returned! %lu\n",
422 count));
423 }
424
425 DEBUG(10, ("attempting non-atomic large sendfile: %lu bytes\n",
426 count));
427
428 /* Try a non-atomic sendfile. */
429 ret = onefs_sys_do_sendfile(tofd, fromfd, header, offset,
430 count, false);
431 /* Real error: kill the client connection. */
432 if (ret == -1) {
433 DEBUG(1, ("error on non-atomic large sendfile "
434 "(%lu bytes): %s\n", count,
435 strerror(errno)));
436 END_PROFILE(syscall_sendfile);
437 return ret;
438 }
439
440 /* Short read: kill the client connection. */
441 if (ret != count + header->length) {
442 DEBUG(1, ("short read on non-atomic large sendfile "
443 "(%lu of %lu bytes): %s\n", ret, count,
444 strerror(errno)));
445
446 /*
447 * Returning ret here would cause us to drop into the
448 * codepath that calls sendfile_short_send, which
449 * sends the client a bunch of zeros instead.
450 * Returning -1 kills the connection.
451 */
452 if (lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
453 PARM_SENDFILE_SAFE,
454 PARM_SENDFILE_SAFE_DEFAULT)) {
455 END_PROFILE(syscall_sendfile);
456 return -1;
457 }
458
459 END_PROFILE(syscall_sendfile);
460 return ret;
461 }
462
463 DEBUG(10, ("non-atomic large sendfile successful\n"));
464 }
465
466 /* There was error in the atomic sendfile. */
467 if (ret == -1) {
468 DEBUG(1, ("error on %s sendfile (%lu bytes): %s\n",
469 atomic ? "atomic" : "non-atomic",
470 count, strerror(errno)));
471 }
472
473 END_PROFILE(syscall_sendfile);
474 return ret;
475 }
476
477 /**
478 * Only talloc the spill buffer once (reallocing when necessary).
479 */
480 static char *get_spill_buffer(size_t new_count)
481 {
482 static int cur_count = 0;
483 static char *spill_buffer = NULL;
484
485 /* If a sufficiently sized buffer exists, just return. */
486 if (new_count <= cur_count) {
487 SMB_ASSERT(spill_buffer);
488 return spill_buffer;
489 }
490
491 /* Allocate the first time. */
492 if (cur_count == 0) {
493 SMB_ASSERT(!spill_buffer);
494 spill_buffer = talloc_array(NULL, char, new_count);
495 if (spill_buffer) {
496 cur_count = new_count;
497 }
498 return spill_buffer;
499 }
500
501 /* A buffer exists, but it's not big enough, so realloc. */
502 SMB_ASSERT(spill_buffer);
503 spill_buffer = talloc_realloc(NULL, spill_buffer, char, new_count);
504 if (spill_buffer) {
505 cur_count = new_count;
506 }
507 return spill_buffer;
508 }
509
510 /**
511 * recvfile does zero-copy writes given an fd to write to, and a socket with
512 * some data to write. If recvfile read more than it was able to write, it
513 * spills the data into a buffer. After first reading any additional data
514 * from the socket into the buffer, the spill buffer is then written with a
515 * standard pwrite.
516 */
517 ssize_t onefs_sys_recvfile(int fromfd, int tofd, SMB_OFF_T offset,
518 size_t count)
519 {
520 char *spill_buffer = NULL;
521 bool socket_drained = false;
522 int ret;
523 off_t total_rbytes = 0;
524 off_t total_wbytes = 0;
525 off_t rbytes;
526 off_t wbytes;
527
528 START_PROFILE_BYTES(syscall_recvfile, count);
529
530 DEBUG(10,("onefs_recvfile: from = %d, to = %d, offset=%llu, count = "
531 "%lu\n", fromfd, tofd, offset, count));
532
533 if (count == 0) {
534 END_PROFILE(syscall_recvfile);
535 return 0;
536 }
537
538 /*
539 * Setup up a buffer for recvfile to spill data that has been read
540 * from the socket but not written.
541 */
542 spill_buffer = get_spill_buffer(count);
543 if (spill_buffer == NULL) {
544 ret = -1;
545 goto out;
546 }
547
548 /*
549 * Keep trying recvfile until:
550 * - There is no data left to read on the socket, or
551 * - bytes read != bytes written, or
552 * - An error is returned that isn't EINTR/EAGAIN
553 */
554 do {
555 /* Keep track of bytes read/written for recvfile */
556 rbytes = 0;
557 wbytes = 0;
558
559 DEBUG(10, ("calling recvfile loop, offset + total_wbytes = "
560 "%llu, count - total_rbytes = %llu\n",
561 offset + total_wbytes, count - total_rbytes));
562
563 ret = recvfile(tofd, fromfd, offset + total_wbytes,
564 count - total_wbytes, &rbytes, &wbytes, 0,
565 spill_buffer);
566
567 DEBUG(10, ("recvfile ret = %d, errno = %d, rbytes = %llu, "
568 "wbytes = %llu\n", ret, ret >= 0 ? 0 : errno,
569 rbytes, wbytes));
570
571 /* Update our progress so far */
572 total_rbytes += rbytes;
573 total_wbytes += wbytes;
574
575 } while ((count - total_rbytes) && (rbytes == wbytes) &&
576 (ret == -1 && (errno == EINTR || errno == EAGAIN)));
577
578 DEBUG(10, ("total_rbytes = %llu, total_wbytes = %llu\n",
579 total_rbytes, total_wbytes));
580
581 /* Log if recvfile didn't write everything it read. */
582 if (total_rbytes != total_wbytes) {
583 DEBUG(3, ("partial recvfile: total_rbytes=%llu but "
584 "total_wbytes=%llu, diff = %llu\n", total_rbytes,
585 total_wbytes, total_rbytes - total_wbytes));
586 SMB_ASSERT(total_rbytes > total_wbytes);
587 }
588
589 /*
590 * If there is still data on the socket, read it off.
591 */
592 while (total_rbytes < count) {
593
594 DEBUG(3, ("shallow recvfile (%s), reading %llu\n",
595 strerror(errno), count - total_rbytes));
596
597 /*
598 * Read the remaining data into the spill buffer. recvfile
599 * may already have some data in the spill buffer, so start
600 * filling the buffer at total_rbytes - total_wbytes.
601 */
602 ret = sys_read(fromfd,
603 spill_buffer + (total_rbytes - total_wbytes),
604 count - total_rbytes);
605
606 if (ret <= 0) {
607 if (ret == 0) {
608 DEBUG(0, ("shallow recvfile read: EOF\n"));
609 } else {
610 DEBUG(0, ("shallow recvfile read failed: %s\n",
611 strerror(errno)));
612 }
613 /* Socket is dead, so treat as if it were drained. */
614 socket_drained = true;
615 goto out;
616 }
617
618 /* Data was read so update the rbytes */
619 total_rbytes += ret;
620 }
621
622 if (total_rbytes != count) {
623 smb_panic("Unread recvfile data still on the socket!");
624 }
625
626 /*
627 * Now write any spilled data + the extra data read off the socket.
628 */
629 while (total_wbytes < count) {
630
631 DEBUG(3, ("partial recvfile, writing %llu\n", count - total_wbytes));
632
633 ret = sys_pwrite(tofd, spill_buffer, count - total_wbytes,
634 offset + total_wbytes);
635
636 if (ret == -1) {
637 DEBUG(0, ("partial recvfile write failed: %s\n",
638 strerror(errno)));
639 goto out;
640 }
641
642 /* Data was written so update the wbytes */
643 total_wbytes += ret;
644 }
645
646 /* Success! */
647 ret = total_wbytes;
648
649 out:
650
651 END_PROFILE(syscall_recvfile);
652
653 /* Make sure we always try to drain the socket. */
654 if (!socket_drained && count - total_rbytes) {
655 int saved_errno = errno;
656
657 if (drain_socket(fromfd, count - total_rbytes) !=
658 count - total_rbytes) {
659 /* Socket is dead! */
660 DEBUG(0, ("drain socket failed: %d\n", errno));
661 }
662 errno = saved_errno;
663 }
664
665 return ret;
666 }
Samba GIT mirror