| blob | 33bec2658ba95e3861cedc7ce971d7ff112b29e0 |
1 /*
2 * Unix SMB/CIFS implementation.
3 * Support for OneFS system interfaces.
4 *
5 * Copyright (C) Tim Prouty, 2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
26 #include <ifs/ifs_syscalls.h>
27 #include <isi_acl/isi_acl_util.h>
28 #include <sys/isi_acl.h>
30 /*
31 * Initialize the sm_lock struct before passing it to ifs_createfile.
32 */
36 {
43 /*
44 * private_options was previously used for DENY_DOS/DENY_FCB checks in
45 * the kernel, but are now properly handled by fcb_or_dos_open. In
46 * these cases, ifs_createfile will return a sharing violation, which
47 * gives fcb_or_dos_open the chance to open a duplicate file handle.
48 */
51 /* 1 second delay is handled in onefs_open.c by deferring the open */
53 }
56 {
60 }
73 }
75 /**
76 * External interface to ifs_createfile
77 */
86 mode_t mode,
92 {
102 NTSTATUS result;
106 /* Translate the name to UNIX before calling ifs_createfile */
111 }
113 vfs_translate_to_unix);
116 }
118 /* Setup security descriptor and get secinfo. */
120 NTSTATUS status;
133 }
136 }
138 /* Stripping off private bits will be done for us. */
143 }
145 /* Convert samba dos flags to UF_DOS_* attributes. */
148 /**
149 * Deal with kernel creating Default ACLs. (Isilon bug 47447.)
150 *
151 * 1) "nt acl support = no", default_acl = no
152 * 2) "inherit permissions = yes", default_acl = no
153 */
157 /*
158 * Some customer workflows require the execute bit to be ignored.
159 */
161 PARM_ALLOW_EXECUTE_ALWAYS,
162 PARM_ALLOW_EXECUTE_ALWAYS_DEFAULT) &&
166 open_access_mask));
168 /* Strip execute. */
171 /*
172 * Add READ_DATA, so we're not left with desired_access=0. An
173 * execute call should imply the client will read the data.
174 */
178 open_access_mask));
179 }
182 "open_access_mask = 0x%x, flags = 0x%x, mode = 0%o, "
183 "desired_oplock = %s, id = 0x%x, secinfo = 0x%x, sd = %p, "
184 "dos_attributes = 0x%x, path = %s, "
196 /* Initialize smlock struct for files/dirs but not internal opens */
201 }
218 }
220 out:
226 }
228 /**
229 * FreeBSD based sendfile implementation that allows for atomic semantics.
230 */
233 {
242 }
249 /* Set up the header iovec. */
256 }
260 SMB_OFF_T nwritten;
263 /*
264 * FreeBSD sendfile returns 0 on success, -1 on error.
265 * Remember, the tofd and fromfd are reversed..... :-).
266 * nwritten includes the header data sent.
267 */
274 /* On error we're done. */
277 }
279 /*
280 * If this was an ATOMIC sendfile, nwritten doesn't
281 * necessarily indicate an error. It could mean count > than
282 * what sendfile can handle atomically (usually 64K) or that
283 * there was a short read due to the file being truncated.
284 */
287 }
289 /*
290 * An atomic sendfile should never send partial data!
291 */
297 }
299 /*
300 * If this was a short (signal interrupted) write we may need
301 * to subtract it from the header data, or null out the header
302 * data altogether if we wrote more than hdtrl.iov_len bytes.
303 * We change nwritten to be the number of file bytes written.
304 */
316 }
317 }
320 }
322 }
324 /**
325 * Handles the subtleties of using sendfile with CIFS.
326 */
330 {
337 PARM_ATOMIC_SENDFILE,
338 PARM_ATOMIC_SENDFILE_DEFAULT)) {
340 }
342 /* Try the sendfile */
344 atomic);
346 /* If the sendfile wasn't atomic, we're done. */
351 }
353 /*
354 * Atomic sendfile takes care to not write anything to the socket
355 * until all of the requested bytes have been read from the file.
356 * There are two atomic cases that need to be handled.
357 *
358 * 1. The file was truncated causing less data to be read than was
359 * requested. In this case, we return back to the caller to
360 * indicate 0 bytes were written to the socket. This should
361 * prompt the caller to fallback to the standard read path: read
362 * the data, create a header that indicates how many bytes were
363 * actually read, and send the header/data back to the client.
364 *
365 * This saves us from standard sendfile behavior of sending a
366 * header promising more data then will actually be sent. The
367 * only two options are to close the socket and kill the client
368 * connection, or write a bunch of 0s. Closing the client
369 * connection is bad because there could actually be multiple
370 * sessions multiplexed from the same client that are all dropped
371 * because of a truncate. Writing the remaining data as 0s also
372 * isn't good, because the client will have an incorrect version
373 * of the file. If the file is written back to the server, the 0s
374 * will be written back. Fortunately, atomic sendfile allows us
375 * to avoid making this choice in most cases.
376 *
377 * 2. One downside of atomic sendfile, is that there is a limit on
378 * the number of bytes that can be sent atomically. The kernel
379 * has a limited amount of mbuf space that it can read file data
380 * into without exhausting the system's mbufs, so a buffer of
381 * length xfsize is used. The xfsize at the time of writing this
382 * is 64K. xfsize bytes are read from the file, and subsequently
383 * written to the socket. This makes it impossible to do the
384 * sendfile atomically for a byte count > xfsize.
385 *
386 * To cope with large requests, atomic sendfile returns -1 with
387 * errno set to E2BIG. Since windows maxes out at 64K writes,
388 * this is currently only a concern with non-windows clients.
389 * Posix extensions allow the full 24bit bytecount field to be
390 * used in ReadAndX, and clients such as smbclient and the linux
391 * cifs client can request up to 16MB reads! There are a few
392 * options for handling large sendfile requests.
393 *
394 * a. Fall back to the standard read path. This is unacceptable
395 * because it would require prohibitively large mallocs.
396 *
397 * b. Fall back to using samba's fake_send_file which emulates
398 * the kernel sendfile in userspace. This still has the same
399 * problem of sending the header before all of the data has
400 * been read, so it doesn't buy us anything, and has worse
401 * performance than the kernel's zero-copy sendfile.
402 *
403 * c. Use non-atomic sendfile syscall to attempt a zero copy
404 * read, and hope that there isn't a short read due to
405 * truncation. In the case of a short read, there are two
406 * options:
407 *
408 * 1. Kill the client connection
409 *
410 * 2. Write zeros to the socket for the remaining bytes
411 * promised in the header.
412 *
413 * It is safer from a data corruption perspective to kill the
414 * client connection, so this is our default behavior, but if
415 * this causes problems this can be configured to write zeros
416 * via smb.conf.
417 */
419 /* Handle case 1: short read -> truncated file. */
423 }
425 /* Handle case 2: large read. */
429 PARM_SENDFILE_LARGE_READS,
430 PARM_SENDFILE_LARGE_READS_DEFAULT)) {
435 }
439 count));
440 }
443 count));
445 /* Try a non-atomic sendfile. */
448 /* Real error: kill the client connection. */
455 }
457 /* Short read: kill the client connection. */
463 /*
464 * Returning ret here would cause us to drop into the
465 * codepath that calls sendfile_short_send, which
466 * sends the client a bunch of zeros instead.
467 * Returning -1 kills the connection.
468 */
470 PARM_SENDFILE_SAFE,
471 PARM_SENDFILE_SAFE_DEFAULT)) {
474 }
478 }
481 }
483 /* There was error in the atomic sendfile. */
488 }
492 }
494 /**
495 * Only talloc the spill buffer once (reallocing when necessary).
496 */
498 {
502 /* If a sufficiently sized buffer exists, just return. */
506 }
508 /* Allocate the first time. */
514 }
516 }
518 /* A buffer exists, but it's not big enough, so realloc. */
523 }
525 }
527 /**
528 * recvfile does zero-copy writes given an fd to write to, and a socket with
529 * some data to write. If recvfile read more than it was able to write, it
530 * spills the data into a buffer. After first reading any additional data
531 * from the socket into the buffer, the spill buffer is then written with a
532 * standard pwrite.
533 */
536 {
542 off_t rbytes;
543 off_t wbytes;
553 }
555 /*
556 * Setup up a buffer for recvfile to spill data that has been read
557 * from the socket but not written.
558 */
563 }
565 /*
566 * Keep trying recvfile until:
567 * - There is no data left to read on the socket, or
568 * - bytes read != bytes written, or
569 * - An error is returned that isn't EINTR/EAGAIN
570 */
572 /* Keep track of bytes read/written for recvfile */
582 spill_buffer);
588 /* Update our progress so far */
598 /* Log if recvfile didn't write everything it read. */
604 }
606 /*
607 * If there is still data on the socket, read it off.
608 */
614 /*
615 * Read the remaining data into the spill buffer. recvfile
616 * may already have some data in the spill buffer, so start
617 * filling the buffer at total_rbytes - total_wbytes.
618 */
629 }
630 /* Socket is dead, so treat as if it were drained. */
633 }
635 /* Data was read so update the rbytes */
637 }
641 }
643 /*
644 * Now write any spilled data + the extra data read off the socket.
645 */
657 }
659 /* Data was written so update the wbytes */
661 }
663 /* Success! */
666 out:
670 /* Make sure we always try to drain the socket. */
676 /* Socket is dead! */
678 }
680 }
683 }
686 {
707 }
710 {
717 /* we always want directories to appear zero size */
720 }
722 }
724 }
727 {
734 /* we always want directories to appear zero size */
737 }
739 }
741 }
745 {
752 /* we always want directories to appear zero size */
755 }
757 }
759 }
762 {
769 /* we always want directories to appear zero size */
772 }
774 }
776 }