| blob | 83d96b441e92df8b709d0e2ef26e56082f35f06e |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
26 #include <sys/systm.h>
27 #include <rpc/auth.h>
28 #include <rpc/clnt.h>
29 #include <nfs/nfs4_kprot.h>
30 #include <nfs/nfs4.h>
31 #include <nfs/lm.h>
32 #include <sys/cmn_err.h>
33 #include <sys/disp.h>
34 #include <sys/sdt.h>
36 #include <sys/pathname.h>
38 #include <sys/strsubr.h>
39 #include <sys/ddi.h>
41 #include <sys/vnode.h>
42 #include <sys/sdt.h>
43 #include <inet/common.h>
44 #include <inet/ip.h>
45 #include <inet/ip6.h>
47 #define MAX_READ_DELEGATIONS 5
49 krwlock_t rfs4_deleg_policy_lock;
52 kmutex_t rfs4_deleg_lock;
56 #ifdef DEBUG
63 #endif
75 /*
76 * Convert a universal address to an transport specific
77 * address using inet_pton.
78 */
79 static int
81 {
91 dots++;
96 /*
97 * We use k to remember were to stick '.' back, since
98 * ua was kmem_allocateded from the pool len+1.
99 */
116 }
117 }
121 /* reset to network order */
136 }
143 }
144 }
145 }
148 }
150 /*
151 * Update the delegation policy with the
152 * value of "new_policy"
153 */
154 void
156 {
160 }
162 void
164 {
166 }
168 void
170 {
172 }
175 /*
176 * This free function is to be used when the client struct is being
177 * released and nothing at all is needed of the callback info any
178 * longer.
179 */
180 void
182 {
186 /* Free old address if any */
203 }
204 }
206 /*
207 * The server uses this to check the callback path supplied by the
208 * client. The callback connection is marked "in progress" while this
209 * work is going on and then eventually marked either OK or FAILED.
210 * This work can be done as part of a separate thread and at the end
211 * of this the thread will exit or it may be done such that the caller
212 * will continue with other work.
213 */
214 static void
216 {
219 rfs4_cbstate_t newstate;
223 /* If another thread is doing CB_NULL RPC then return */
228 }
230 /* Mark the cbinfo as having a thread in the NULL callback */
233 /*
234 * Are there other threads still using the cbinfo client
235 * handles? If so, this thread must wait before going and
236 * mucking aroiund with the callback information
237 */
241 /*
242 * This thread itself may find that new callback info has
243 * arrived and is set up to handle this case and redrive the
244 * call to the client's callback server.
245 */
246 retry:
252 /*
253 * Free the old stuff if it exists; may be the first
254 * time through this path
255 */
261 /* Move over the addr/netid */
269 /* Get the program number */
274 /* Don't forget the protocol's "cb_ident" field */
278 /* no longer new */
282 /* get rid of the old client handles that may exist */
288 }
296 }
298 /* mark rfs4_client_t as CALLBACK NULL in progress */
302 /* get/generate a client handle */
308 }
317 #ifdef DEBUG
318 rfs4_cb_null++;
319 #endif
320 }
322 /* Check to see if the client has specified new callback info */
328 }
339 }
341 /*
342 * Given a client struct, inspect the callback info to see if the
343 * callback path is up and available.
344 *
345 * If new callback path is available and no one has set it up then
346 * try to set it up. If setup is not successful after 5 tries (5 secs)
347 * then gives up and returns NULL.
348 *
349 * If callback path is being initialized, then wait for the CB_NULL RPC
350 * call to occur.
351 */
354 {
361 /*
362 * Looks like a new callback path may be available and
363 * noone has set it up.
364 */
370 /*
371 * If callback path is no longer new, or it's being setup
372 * then stop and wait for it to be done.
373 */
382 }
384 /* Is there a thread working on doing the CB_NULL RPC? */
388 /* If the callback path is not okay (up and running), just quit */
392 }
394 /* Let someone know we are using the current callback info */
398 }
400 /*
401 * The caller is done with the callback info. It may be that the
402 * caller's RPC failed and the NFSv4 client has actually provided new
403 * callback information. If so, let the caller know so they can
404 * advantage of this and maybe retry the RPC that originally failed.
405 */
406 static int
408 {
413 /* The caller gets a chance to mark the callback info as bad */
419 }
423 /*
424 * A thread may be waiting on this one to finish and if so,
425 * let it know that it is okay to do the CB_NULL to the
426 * client's callback server.
427 */
431 /*
432 * If this is the last thread to use the callback info and
433 * there is new callback information to try and no thread is
434 * there ready to do the CB_NULL, then return true to teh
435 * caller so they can do the CB_NULL
436 */
446 }
448 /*
449 * Given the information in the callback info struct, create a client
450 * handle that can be used by the server for its callback path.
451 */
454 {
473 }
504 }
509 }
514 }
534 }
540 }
550 }
552 /* turn off reserved port usage */
555 cb_init_out:
558 }
560 /*
561 * Iterate over the client handle cache and
562 * destroy it.
563 */
564 static void
566 {
577 }
578 }
579 }
581 /*
582 * Return a client handle, either from a the small
583 * rfs4_client_t cache or one that we just created.
584 */
587 {
599 }
603 /* none free so make it now */
607 }
609 /*
610 * Return the client handle to the small cache or
611 * destroy it.
612 */
613 static void
615 {
624 }
628 /*
629 * cache maxed out of free entries, obliterate
630 * this client handle, destroy it, throw it away.
631 */
635 }
637 /*
638 * With the supplied callback information - initialize the client
639 * callback data. If there is a callback in progress, save the
640 * callback info so that a thread can pick it up in the future.
641 */
642 void
644 {
650 /* Set the call back for the client */
659 }
660 /* ready to save the new information but first free old, if exists */
683 }
686 }
688 /*
689 * The server uses this when processing SETCLIENTID_CONFIRM. Callback
690 * information may have been provided on SETCLIENTID and this call
691 * marks that information as confirmed and then starts a thread to
692 * test the callback path.
693 */
694 void
696 {
705 minclsyspri);
706 }
708 static void
710 {
716 }
718 /* ARGSUSED */
719 static void
721 {
727 }
729 static void
731 {
735 /*
736 * First free any special args alloc'd for specific ops.
737 */
753 }
754 }
762 }
764 /*
765 * General callback routine for the server to the client.
766 */
767 static enum clnt_stat
770 {
773 /* start with this in case cb_getch() fails */
779 retry:
784 /* get a client handle */
786 /*
787 * reset the cb_ident since it may have changed in
788 * rfs4_cbinfo_hold()
789 */
796 /* free client handle */
798 }
800 /*
801 * If the rele says that there may be new callback info then
802 * retry this sequence and it may succeed as a result of the
803 * new callback path
804 */
810 }
812 /*
813 * Used by the NFSv4 server to get attributes for a file while
814 * handling the case where a file has been write delegated. For the
815 * time being, VOP_GETATTR() is called and CB_GETATTR processing is
816 * not undertaken. This call site is maintained in case the server is
817 * updated in the future to handle write delegation space guarantees.
818 */
819 nfsstat4
821 {
827 }
829 /*
830 * This is used everywhere in the v2/v3 server to allow the
831 * integration of all NFS versions and the support of delegation. For
832 * now, just call the VOP_GETATTR(). If the NFSv4 server is enhanced
833 * in the future to provide space guarantees for write delegations
834 * then this call site should be expanded to interact with the client.
835 */
836 int
838 {
840 }
842 /*
843 * Place the actual cb_recall otw call to client.
844 */
845 static void
847 {
848 CB_COMPOUND4args cb4_args;
849 CB_COMPOUND4res cb4_res;
859 /*
860 * set up the compound args
861 */
871 /* cb4_args.callback_ident is set in rfs4_do_callback() */
875 /*
876 * fill in the args struct
877 */
886 /* Keep track of when we did this for observability */
889 /*
890 * Set up the timeout for the callback and make the actual call.
891 * Timeout will be 80% of the lease period for this server.
892 */
900 timeout);
910 }
913 }
918 bool_t trunc;
919 };
921 static void
923 {
926 callb_cpr_t cpr_info;
927 kmutex_t cpr_lock;
932 /*
933 * It is possible that before this thread starts
934 * the client has send us a return_delegation, and
935 * if that is the case we do not need to send the
936 * recall callback.
937 */
946 }
949 /*
950 * Recall count may go negative if the parent thread that is
951 * creating the individual callback threads does not modify
952 * the recall_count field before the callback thread actually
953 * gets a response from the CB_RECALL
954 */
967 }
972 bool_t trunc;
973 };
975 static void
977 {
981 callb_cpr_t cpr_info;
982 kmutex_t cpr_lock;
987 /* Recall already in progress ? */
995 }
1007 /*
1008 * if this delegation state
1009 * is being reaped skip it
1010 */
1014 }
1016 /* hold for receiving thread */
1025 recall_count++;
1028 minclsyspri);
1029 }
1034 /*
1035 * Recall count may go negative if the parent thread that is
1036 * creating the individual callback threads does not modify
1037 * the recall_count field before the callback thread actually
1038 * gets a response from the CB_RECALL
1039 */
1052 }
1054 static void
1058 {
1065 }
1068 /*
1069 * Mark the time we started the recall processing.
1070 * If it has been previously recalled, do not reset the
1071 * timer since this is used for the revocation decision.
1072 */
1076 /* Client causing recall not always available */
1088 minclsyspri);
1089 }
1091 void
1093 {
1099 /* First check to see if a revocation should occur */
1104 }
1105 /*
1106 * Next check to see if a recall should be done again
1107 * so quickly.
1108 */
1111 }
1113 }
1115 /*
1116 * rfs4_check_recall is called from rfs4_do_open to determine if the current
1117 * open conflicts with the delegation.
1118 * Return true if we need recall otherwise false.
1119 * Assumes entry locks for sp and sp->rs_finfo are held.
1120 */
1121 bool_t
1123 {
1128 /* Not currently delegated so there is nothing to do */
1131 /*
1132 * If the access is only asking for READ then there is
1133 * no conflict and nothing to do. If it is asking
1134 * for write, then there will be conflict and the read
1135 * delegation should be recalled.
1136 */
1139 else
1142 /* Check to see if this client has the delegation */
1144 }
1147 }
1149 /*
1150 * Return the "best" allowable delegation available given the current
1151 * delegation type and the desired access and deny modes on the file.
1152 * At the point that this routine is called we know that the access and
1153 * deny modes are consistent with the file modes.
1154 */
1155 static open_delegation_type4
1157 {
1166 /*
1167 * Determine if more than just this OPEN have the file
1168 * open and if so, no delegation may be provided to
1169 * the client.
1170 */
1172 writecnt++;
1174 readcnt++;
1180 /*
1181 * If the client is going to write, or if the client
1182 * has exclusive access, return a write delegation.
1183 */
1187 /*
1188 * If we don't want to write or we've haven't denied read
1189 * access to others, return a read delegation.
1190 */
1195 /* Shouldn't get here */
1199 /*
1200 * If the file is delegated for read but we wan't to
1201 * write or deny others to read then we can't delegate
1202 * the file. We shouldn't get here since the delegation should
1203 * have been recalled already.
1204 */
1212 }
1214 /* Shouldn't get here */
1216 }
1218 /*
1219 * Given the desired delegation type and the "history" of the file
1220 * determine the actual delegation type to return.
1221 */
1222 static open_delegation_type4
1225 {
1231 /*
1232 * Has this file/delegation ever been recalled? If not then
1233 * no further checks for a delegation race need to be done.
1234 * However if a recall has occurred, then check to see if a
1235 * client has caused its own delegation recall to occur. If
1236 * not, then has a delegation for this file been returned
1237 * recently? If so, then do not assign a new delegation to
1238 * avoid a "delegation race" between the original client and
1239 * the new/conflicting client.
1240 */
1246 }
1247 }
1249 /* Limit the number of read grants */
1254 /*
1255 * Should consider limiting total number of read/write
1256 * delegations the server will permit.
1257 */
1260 }
1262 /*
1263 * Try and grant a delegation for an open give the state. The routine
1264 * returns the delegation type granted. This could be OPEN_DELEGATE_NONE.
1265 *
1266 * The state and associate file entry must be locked
1267 */
1268 rfs4_deleg_state_t *
1270 {
1272 open_delegation_type4 dtype;
1278 /* Is the server even providing delegations? */
1282 /* Check to see if delegations have been temporarily disabled */
1290 /* Don't grant a delegation if a deletion is impending. */
1293 }
1295 /*
1296 * Don't grant a delegation if there are any lock manager
1297 * (NFSv2/v3) locks for the file. This is a bit of a hack (e.g.,
1298 * if there are only read locks we should be able to grant a
1299 * read-only delegation), but it's good enough for now.
1300 *
1301 * MT safety: the lock manager checks for conflicting delegations
1302 * before processing a lock request. That check will block until
1303 * we are done here. So if the lock manager acquires a lock after
1304 * we decide to grant the delegation, the delegation will get
1305 * immediately recalled (if there's a conflict), so we're safe.
1306 */
1309 }
1311 /*
1312 * Based on the type of delegation request passed in, take the
1313 * appropriate action (DELEG_NONE is handled above)
1314 */
1319 /*
1320 * The server "must" grant the delegation in this case.
1321 * Client is using open previous
1322 */
1327 /*
1328 * If a valid callback path does not exist, no delegation may
1329 * be granted.
1330 */
1334 /*
1335 * If the original operation which caused time_rm_delayed
1336 * to be set hasn't been retried and completed for one
1337 * full lease period, clear it and allow delegations to
1338 * get granted again.
1339 */
1345 /*
1346 * If we are waiting for a delegation to be returned then
1347 * don't delegate this file. We do this for correctness as
1348 * well as if the file is being recalled we would likely
1349 * recall this file again.
1350 */
1356 /* Get the "best" delegation candidate */
1362 /*
1363 * Based on policy and the history of the file get the
1364 * actual delegation.
1365 */
1374 }
1376 /* set the delegation for the state */
1378 }
1380 void
1383 {
1387 nfsace4 nace;
1389 /*
1390 * We need to allocate a new copy of the who string.
1391 * this string will be freed by the rfs4_op_open dis_resfree
1392 * routine. We need to do this allocation since replays will
1393 * be allocated and rfs4_compound can't tell the difference from
1394 * a replay and an inital open. N.B. if an ace is passed in, it
1395 * the caller's responsibility to free it.
1396 */
1399 /*
1400 * Default is to deny all access, the client will have
1401 * to contact the server. XXX Do we want to actually
1402 * set a deny for every one, or do we simply want to
1403 * construct an entity that will match no one?
1404 */
1414 }
1436 }
1437 }
1439 /*
1440 * Check if the file is delegated via the provided file struct.
1441 * Return TRUE if it is delegated. This is intended for use by
1442 * the v4 server. The v2/v3 server code should use rfs4_check_delegated().
1443 *
1444 * Note that if the file is found to have a delegation, it is
1445 * recalled, unless the clientid of the caller matches the clientid of the
1446 * delegation. If the caller has specified, there is a slight delay
1447 * inserted in the hopes that the delegation will be returned quickly.
1448 */
1449 bool_t
1452 {
1455 /* Is delegation enabled? */
1459 /* do we have a delegation on this file? */
1466 }
1467 /*
1468 * do we have a write delegation on this file or are we
1469 * requesting write access to a file with any type of existing
1470 * delegation?
1471 */
1478 }
1479 /*
1480 * Does the requestor already own the delegation?
1481 */
1485 }
1486 }
1496 }
1505 }
1506 }
1511 }
1513 /*
1514 * Check if the file is delegated in the case of a v2 or v3 access.
1515 * Return TRUE if it is delegated which in turn means that v2 should
1516 * drop the request and in the case of v3 JUKEBOX should be returned.
1517 */
1518 bool_t
1520 {
1527 /* Is delegation enabled? */
1534 }
1536 }
1537 }
1540 }
1542 /*
1543 * Release a hold on the hold_grant counter which
1544 * prevents delegation from being granted while a remove
1545 * or a rename is in progress.
1546 */
1547 void
1549 {
1557 }
1559 /*
1560 * State support for delegation.
1561 * Set the state delegation type for this state;
1562 * This routine is called from open via rfs4_grant_delegation and the entry
1563 * locks on sp and sp->rs_finfo are assumed.
1564 */
1567 {
1579 /* Shouldn't happen */
1584 }
1586 /* Unlock to avoid deadlock */
1598 /*
1599 * It is possible that since we dropped the lock
1600 * in order to call finddeleg, the rfs4_file_t
1601 * was marked such that we should not grant a
1602 * delegation, if so bail out.
1603 */
1607 }
1616 }
1617 }
1619 /*
1620 * Check that this file has not been delegated to another
1621 * client
1622 */
1629 }
1632 /* vnevent_support returns 0 if file system supports vnevents */
1636 }
1638 /* Calculate the fflags for this OPEN. */
1645 /*
1646 * Before granting a delegation we need to know if anyone else has
1647 * opened the file in a conflicting mode. However, first we need to
1648 * know how we opened the file to check the counts properly.
1649 */
1659 }
1660 }
1673 }
1674 }
1675 /*
1676 * Because a client can hold onto a delegation after the
1677 * file has been closed, we need to keep track of the
1678 * access to this file. Otherwise the CIFS server would
1679 * not know about the client accessing the file and could
1680 * inappropriately grant an OPLOCK.
1681 * fem_install() returns EBUSY when asked to install a
1682 * OPUNIQ monitor more than once. Therefore, check the
1683 * return code because we only want this done once.
1684 */
1698 }
1699 }
1714 }
1715 }
1716 /*
1717 * Because a client can hold onto a delegation after the
1718 * file has been closed, we need to keep track of the
1719 * access to this file. Otherwise the CIFS server would
1720 * not know about the client accessing the file and could
1721 * inappropriately grant an OPLOCK.
1722 * fem_install() returns EBUSY when asked to install a
1723 * OPUNIQ monitor more than once. Therefore, check the
1724 * return code because we only want this done once.
1725 */
1728 }
1729 /* Place on delegation list for file */
1735 /* Update delegation stats for this file */
1738 /* reset since this is a new delegation */
1744 else
1748 }
1750 /*
1751 * State routine for the server when a delegation is returned.
1752 */
1753 void
1755 {
1757 open_delegation_type4 dtypewas;
1761 /* nothing to do if no longer on list */
1765 }
1767 /* Remove state from recall list */
1775 /* if file system was unshared, the vp will be NULL */
1777 /*
1778 * Once a delegation is no longer held by any client,
1779 * the monitor is uninstalled. At this point, the
1780 * client must send OPEN otw, so we don't need the
1781 * reference on the vnode anymore. The open
1782 * downgrade removes the reference put on earlier.
1783 */
1792 }
1793 }
1794 }
1805 }
1807 /* used in the policy decision */
1810 /*
1811 * reset the time_recalled field so future delegations are not
1812 * accidentally revoked
1813 */
1834 }
1835 }
1837 static void
1839 {
1842 /*
1843 * The lock for rfs4_file_t must be held when traversing the
1844 * delegation list but that lock needs to be released to call
1845 * rfs4_return_deleg()
1846 */
1854 }
1856 }
1858 /*
1859 * A delegation is assumed to be present on the file associated with
1860 * "sp". Check to see if the delegation matches is associated with
1861 * the same client as referenced by "sp". If it is not, TRUE is
1862 * returned. If the delegation DOES match the client (or no
1863 * delegation is present), return FALSE.
1864 * Assume the state entry and file entry are locked.
1865 */
1866 bool_t
1868 {
1878 }
1879 }
1881 }
1883 void
1885 {
1887 rfs4_deleg_disabled++;
1889 }
1891 void
1893 {
1896 rfs4_deleg_disabled--;
1898 }
1900 void
1902 {
1906 }
1908 void
1910 {
1914 }