| blob | 07272cc86b5ffc9e9bf5d223079aceba224fbcab |
1 /*
2 * Unix SMB/CIFS implementation.
3 * Support for OneFS system interfaces.
4 *
5 * Copyright (C) Tim Prouty, 2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
27 #include <ifs/ifs_syscalls.h>
28 #include <isi_acl/isi_acl_util.h>
29 #include <sys/isi_acl.h>
31 /*
32 * Initialize the sm_lock struct before passing it to ifs_createfile.
33 */
37 {
44 /*
45 * private_options was previously used for DENY_DOS/DENY_FCB checks in
46 * the kernel, but are now properly handled by fcb_or_dos_open. In
47 * these cases, ifs_createfile will return a sharing violation, which
48 * gives fcb_or_dos_open the chance to open a duplicate file handle.
49 */
52 /* 1 second delay is handled in onefs_open.c by deferring the open */
54 }
57 {
61 }
74 }
76 /**
77 * External interface to ifs_createfile
78 */
87 mode_t mode,
93 {
103 NTSTATUS result;
107 /* Translate the name to UNIX before calling ifs_createfile */
112 }
114 vfs_translate_to_unix);
117 }
119 /* Setup security descriptor and get secinfo. */
121 NTSTATUS status;
134 }
137 }
139 /* Stripping off private bits will be done for us. */
144 }
146 /* Convert samba dos flags to UF_DOS_* attributes. */
149 /**
150 * Deal with kernel creating Default ACLs. (Isilon bug 47447.)
151 *
152 * 1) "nt acl support = no", default_acl = no
153 * 2) "inherit permissions = yes", default_acl = no
154 */
158 /*
159 * Some customer workflows require the execute bit to be ignored.
160 */
162 PARM_ALLOW_EXECUTE_ALWAYS,
163 PARM_ALLOW_EXECUTE_ALWAYS_DEFAULT) &&
167 open_access_mask));
169 /* Strip execute. */
172 /*
173 * Add READ_DATA, so we're not left with desired_access=0. An
174 * execute call should imply the client will read the data.
175 */
179 open_access_mask));
180 }
183 "open_access_mask = 0x%x, flags = 0x%x, mode = 0%o, "
184 "desired_oplock = %s, id = 0x%x, secinfo = 0x%x, sd = %p, "
185 "dos_attributes = 0x%x, path = %s, "
197 /* Initialize smlock struct for files/dirs but not internal opens */
202 }
219 }
221 out:
227 }
229 /**
230 * FreeBSD based sendfile implementation that allows for atomic semantics.
231 */
234 {
243 }
250 /* Set up the header iovec. */
257 }
261 off_t nwritten;
264 /*
265 * FreeBSD sendfile returns 0 on success, -1 on error.
266 * Remember, the tofd and fromfd are reversed..... :-).
267 * nwritten includes the header data sent.
268 */
273 #if defined(EWOULDBLOCK)
275 #else
277 #endif
279 /* On error we're done. */
282 }
284 /*
285 * If this was an ATOMIC sendfile, nwritten doesn't
286 * necessarily indicate an error. It could mean count > than
287 * what sendfile can handle atomically (usually 64K) or that
288 * there was a short read due to the file being truncated.
289 */
292 }
294 /*
295 * An atomic sendfile should never send partial data!
296 */
302 }
304 /*
305 * If this was a short (signal interrupted) write we may need
306 * to subtract it from the header data, or null out the header
307 * data altogether if we wrote more than hdtrl.iov_len bytes.
308 * We change nwritten to be the number of file bytes written.
309 */
321 }
322 }
325 }
327 }
329 /**
330 * Handles the subtleties of using sendfile with CIFS.
331 */
335 {
342 PARM_ATOMIC_SENDFILE,
343 PARM_ATOMIC_SENDFILE_DEFAULT)) {
345 }
347 /* Try the sendfile */
349 atomic);
351 /* If the sendfile wasn't atomic, we're done. */
356 }
358 /*
359 * Atomic sendfile takes care to not write anything to the socket
360 * until all of the requested bytes have been read from the file.
361 * There are two atomic cases that need to be handled.
362 *
363 * 1. The file was truncated causing less data to be read than was
364 * requested. In this case, we return back to the caller to
365 * indicate 0 bytes were written to the socket. This should
366 * prompt the caller to fallback to the standard read path: read
367 * the data, create a header that indicates how many bytes were
368 * actually read, and send the header/data back to the client.
369 *
370 * This saves us from standard sendfile behavior of sending a
371 * header promising more data then will actually be sent. The
372 * only two options are to close the socket and kill the client
373 * connection, or write a bunch of 0s. Closing the client
374 * connection is bad because there could actually be multiple
375 * sessions multiplexed from the same client that are all dropped
376 * because of a truncate. Writing the remaining data as 0s also
377 * isn't good, because the client will have an incorrect version
378 * of the file. If the file is written back to the server, the 0s
379 * will be written back. Fortunately, atomic sendfile allows us
380 * to avoid making this choice in most cases.
381 *
382 * 2. One downside of atomic sendfile, is that there is a limit on
383 * the number of bytes that can be sent atomically. The kernel
384 * has a limited amount of mbuf space that it can read file data
385 * into without exhausting the system's mbufs, so a buffer of
386 * length xfsize is used. The xfsize at the time of writing this
387 * is 64K. xfsize bytes are read from the file, and subsequently
388 * written to the socket. This makes it impossible to do the
389 * sendfile atomically for a byte count > xfsize.
390 *
391 * To cope with large requests, atomic sendfile returns -1 with
392 * errno set to E2BIG. Since windows maxes out at 64K writes,
393 * this is currently only a concern with non-windows clients.
394 * Posix extensions allow the full 24bit bytecount field to be
395 * used in ReadAndX, and clients such as smbclient and the linux
396 * cifs client can request up to 16MB reads! There are a few
397 * options for handling large sendfile requests.
398 *
399 * a. Fall back to the standard read path. This is unacceptable
400 * because it would require prohibitively large mallocs.
401 *
402 * b. Fall back to using samba's fake_send_file which emulates
403 * the kernel sendfile in userspace. This still has the same
404 * problem of sending the header before all of the data has
405 * been read, so it doesn't buy us anything, and has worse
406 * performance than the kernel's zero-copy sendfile.
407 *
408 * c. Use non-atomic sendfile syscall to attempt a zero copy
409 * read, and hope that there isn't a short read due to
410 * truncation. In the case of a short read, there are two
411 * options:
412 *
413 * 1. Kill the client connection
414 *
415 * 2. Write zeros to the socket for the remaining bytes
416 * promised in the header.
417 *
418 * It is safer from a data corruption perspective to kill the
419 * client connection, so this is our default behavior, but if
420 * this causes problems this can be configured to write zeros
421 * via smb.conf.
422 */
424 /* Handle case 1: short read -> truncated file. */
428 }
430 /* Handle case 2: large read. */
434 PARM_SENDFILE_LARGE_READS,
435 PARM_SENDFILE_LARGE_READS_DEFAULT)) {
440 }
444 count));
445 }
448 count));
450 /* Try a non-atomic sendfile. */
453 /* Real error: kill the client connection. */
460 }
462 /* Short read: kill the client connection. */
468 /*
469 * Returning ret here would cause us to drop into the
470 * codepath that calls sendfile_short_send, which
471 * sends the client a bunch of zeros instead.
472 * Returning -1 kills the connection.
473 */
475 PARM_SENDFILE_SAFE,
476 PARM_SENDFILE_SAFE_DEFAULT)) {
479 }
483 }
486 }
488 /* There was error in the atomic sendfile. */
493 }
497 }
499 /**
500 * Only talloc the spill buffer once (reallocing when necessary).
501 */
503 {
507 /* If a sufficiently sized buffer exists, just return. */
511 }
513 /* Allocate the first time. */
519 }
521 }
523 /* A buffer exists, but it's not big enough, so realloc. */
528 }
530 }
532 /**
533 * recvfile does zero-copy writes given an fd to write to, and a socket with
534 * some data to write. If recvfile read more than it was able to write, it
535 * spills the data into a buffer. After first reading any additional data
536 * from the socket into the buffer, the spill buffer is then written with a
537 * standard pwrite.
538 */
541 {
547 off_t rbytes;
548 off_t wbytes;
558 }
560 /*
561 * Setup up a buffer for recvfile to spill data that has been read
562 * from the socket but not written.
563 */
568 }
570 /*
571 * Keep trying recvfile until:
572 * - There is no data left to read on the socket, or
573 * - bytes read != bytes written, or
574 * - An error is returned that isn't EINTR/EAGAIN
575 */
577 /* Keep track of bytes read/written for recvfile */
587 spill_buffer);
593 /* Update our progress so far */
603 /* Log if recvfile didn't write everything it read. */
609 }
611 /*
612 * If there is still data on the socket, read it off.
613 */
619 /*
620 * Read the remaining data into the spill buffer. recvfile
621 * may already have some data in the spill buffer, so start
622 * filling the buffer at total_rbytes - total_wbytes.
623 */
634 }
635 /* Socket is dead, so treat as if it were drained. */
638 }
640 /* Data was read so update the rbytes */
642 }
646 }
648 /*
649 * Now write any spilled data + the extra data read off the socket.
650 */
662 }
664 /* Data was written so update the wbytes */
666 }
668 /* Success! */
671 out:
675 /* Make sure we always try to drain the socket. */
681 /* Socket is dead! */
683 }
685 }
688 }
691 {
712 }
715 {
722 /* we always want directories to appear zero size */
725 }
727 }
729 }
732 {
739 /* we always want directories to appear zero size */
742 }
744 }
746 }
750 {
757 /* we always want directories to appear zero size */
760 }
762 }
764 }
767 {
774 /* we always want directories to appear zero size */
777 }
779 }
781 }