1 /* $OpenBSD: nfs_socket.c,v 1.154 2024/09/18 05:21:19 jsg Exp $ */
2 /* $NetBSD: nfs_socket.c,v 1.27 1996/04/15 20:20:00 thorpej Exp $ */
3
4 /*
5 * Copyright (c) 1989, 1991, 1993, 1995
6 * The Regents of the University of California. All rights reserved.
7 *
8 * This code is derived from software contributed to Berkeley by
9 * Rick Macklem at The University of Guelph.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
35 * @(#)nfs_socket.c 8.5 (Berkeley) 3/30/95
36 */
37
38 /*
39 * Socket operations for use by nfs
40 */
41
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/proc.h>
45 #include <sys/mount.h>
46 #include <sys/kernel.h>
47 #include <sys/mbuf.h>
48 #include <sys/vnode.h>
49 #include <sys/protosw.h>
50 #include <sys/signalvar.h>
51 #include <sys/socket.h>
52 #include <sys/socketvar.h>
53 #include <sys/syslog.h>
54 #include <sys/tprintf.h>
55 #include <sys/namei.h>
56 #include <sys/pool.h>
57 #include <sys/queue.h>
58
59 #include <netinet/in.h>
60 #include <netinet/tcp.h>
61
62 #include <nfs/rpcv2.h>
63 #include <nfs/nfsproto.h>
64 #include <nfs/nfs.h>
65 #include <nfs/xdr_subs.h>
66 #include <nfs/nfsmount.h>
67 #include <nfs/nfs_var.h>
68 #include <nfs/nfsm_subs.h>
69
70 /* External data, mostly RPC constants in XDR form. */
71 extern u_int32_t rpc_reply, rpc_msgdenied, rpc_mismatch, rpc_vers,
72 rpc_auth_unix, rpc_msgaccepted, rpc_call, rpc_autherr;
73 extern u_int32_t nfs_prog;
74 extern struct nfsstats nfsstats;
75 extern const int nfsv3_procid[NFS_NPROCS];
76 extern int nfs_ticks;
77
78 extern struct pool nfsrv_descript_pl;
79
80 /*
81 * There is a congestion window for outstanding rpcs maintained per mount
82 * point. The cwnd size is adjusted in roughly the way that:
83 * Van Jacobson, Congestion avoidance and Control, In "Proceedings of
84 * SIGCOMM '88". ACM, August 1988.
85 * describes for TCP. The cwnd size is chopped in half on a retransmit timeout
86 * and incremented by 1/cwnd when each rpc reply is received and a full cwnd
87 * of rpcs is in progress.
88 * (The sent count and cwnd are scaled for integer arith.)
89 * Variants of "slow start" were tried and were found to be too much of a
90 * performance hit (ave. rtt 3 times larger),
91 * I suspect due to the large rtt that nfs rpcs have.
92 */
93 #define NFS_CWNDSCALE 256
94 #define NFS_MAXCWND (NFS_CWNDSCALE * 32)
95 static const int nfs_backoff[8] = { 2, 4, 8, 16, 32, 64, 128, 256 };
96
97 /* RTT estimator */
98 static const enum nfs_rto_timers nfs_ptimers[NFS_NPROCS] = {
99 NFS_DEFAULT_TIMER, /* NULL */
100 NFS_GETATTR_TIMER, /* GETATTR */
101 NFS_DEFAULT_TIMER, /* SETATTR */
102 NFS_LOOKUP_TIMER, /* LOOKUP */
103 NFS_GETATTR_TIMER, /* ACCESS */
104 NFS_READ_TIMER, /* READLINK */
105 NFS_READ_TIMER, /* READ */
106 NFS_WRITE_TIMER, /* WRITE */
107 NFS_DEFAULT_TIMER, /* CREATE */
108 NFS_DEFAULT_TIMER, /* MKDIR */
109 NFS_DEFAULT_TIMER, /* SYMLINK */
110 NFS_DEFAULT_TIMER, /* MKNOD */
111 NFS_DEFAULT_TIMER, /* REMOVE */
112 NFS_DEFAULT_TIMER, /* RMDIR */
113 NFS_DEFAULT_TIMER, /* RENAME */
114 NFS_DEFAULT_TIMER, /* LINK */
115 NFS_READ_TIMER, /* READDIR */
116 NFS_READ_TIMER, /* READDIRPLUS */
117 NFS_DEFAULT_TIMER, /* FSSTAT */
118 NFS_DEFAULT_TIMER, /* FSINFO */
119 NFS_DEFAULT_TIMER, /* PATHCONF */
120 NFS_DEFAULT_TIMER, /* COMMIT */
121 NFS_DEFAULT_TIMER, /* NOOP */
122 };
123
124 void nfs_init_rtt(struct nfsmount *);
125 void nfs_update_rtt(struct nfsreq *);
126 int nfs_estimate_rto(struct nfsmount *, u_int32_t procnum);
127
128 void nfs_realign(struct mbuf **, int);
129 void nfs_realign_fixup(struct mbuf *, struct mbuf *, unsigned int *);
130
131 int nfs_rcvlock(struct nfsreq *);
132 int nfs_receive(struct nfsreq *, struct mbuf **, struct mbuf **);
133 int nfs_reconnect(struct nfsreq *);
134 int nfs_reply(struct nfsreq *);
135 void nfs_msg(struct nfsreq *, char *);
136 void nfs_rcvunlock(int *);
137
138 int nfsrv_getstream(struct nfssvc_sock *, int);
139
140 unsigned int nfs_realign_test = 0;
141 unsigned int nfs_realign_count = 0;
142
143 /* Initialize the RTT estimator state for a new mount point. */
144 void
nfs_init_rtt(struct nfsmount * nmp)145 nfs_init_rtt(struct nfsmount *nmp)
146 {
147 int i;
148
149 for (i = 0; i < NFS_MAX_TIMER; i++)
150 nmp->nm_srtt[i] = NFS_INITRTT;
151 for (i = 0; i < NFS_MAX_TIMER; i++)
152 nmp->nm_sdrtt[i] = 0;
153 }
154
155 /*
156 * Update a mount point's RTT estimator state using data from the
157 * passed-in request.
158 *
159 * Use a gain of 0.125 on the mean and a gain of 0.25 on the deviation.
160 *
161 * NB: Since the timer resolution of NFS_HZ is so coarse, it can often
162 * result in r_rtt == 0. Since r_rtt == N means that the actual RTT is
163 * between N + dt and N + 2 - dt ticks, add 1 before calculating the
164 * update values.
165 */
166 void
nfs_update_rtt(struct nfsreq * rep)167 nfs_update_rtt(struct nfsreq *rep)
168 {
169 int t1 = rep->r_rtt + 1;
170 int index = nfs_ptimers[rep->r_procnum] - 1;
171 int *srtt = &rep->r_nmp->nm_srtt[index];
172 int *sdrtt = &rep->r_nmp->nm_sdrtt[index];
173
174 t1 -= *srtt >> 3;
175 *srtt += t1;
176 if (t1 < 0)
177 t1 = -t1;
178 t1 -= *sdrtt >> 2;
179 *sdrtt += t1;
180 }
181
182 /*
183 * Estimate RTO for an NFS RPC sent via an unreliable datagram.
184 *
185 * Use the mean and mean deviation of RTT for the appropriate type
186 * of RPC for the frequent RPCs and a default for the others.
187 * The justification for doing "other" this way is that these RPCs
188 * happen so infrequently that timer est. would probably be stale.
189 * Also, since many of these RPCs are non-idempotent, a conservative
190 * timeout is desired.
191 *
192 * getattr, lookup - A+2D
193 * read, write - A+4D
194 * other - nm_timeo
195 */
196 int
nfs_estimate_rto(struct nfsmount * nmp,u_int32_t procnum)197 nfs_estimate_rto(struct nfsmount *nmp, u_int32_t procnum)
198 {
199 enum nfs_rto_timers timer = nfs_ptimers[procnum];
200 int index = timer - 1;
201 int rto;
202
203 switch (timer) {
204 case NFS_GETATTR_TIMER:
205 case NFS_LOOKUP_TIMER:
206 rto = ((nmp->nm_srtt[index] + 3) >> 2) +
207 ((nmp->nm_sdrtt[index] + 1) >> 1);
208 break;
209 case NFS_READ_TIMER:
210 case NFS_WRITE_TIMER:
211 rto = ((nmp->nm_srtt[index] + 7) >> 3) +
212 (nmp->nm_sdrtt[index] + 1);
213 break;
214 default:
215 rto = nmp->nm_timeo;
216 return (rto);
217 }
218
219 if (rto < NFS_MINRTO)
220 rto = NFS_MINRTO;
221 else if (rto > NFS_MAXRTO)
222 rto = NFS_MAXRTO;
223
224 return (rto);
225 }
226
227
228
229 /*
230 * Initialize sockets and congestion for a new NFS connection.
231 * We do not free the sockaddr if error.
232 */
233 int
nfs_connect(struct nfsmount * nmp,struct nfsreq * rep)234 nfs_connect(struct nfsmount *nmp, struct nfsreq *rep)
235 {
236 struct socket *so;
237 int error, rcvreserve, sndreserve;
238 struct sockaddr *saddr;
239 struct sockaddr_in *sin;
240 struct mbuf *nam = NULL, *mopt = NULL;
241
242 if (!(nmp->nm_sotype == SOCK_DGRAM || nmp->nm_sotype == SOCK_STREAM))
243 return (EINVAL);
244
245 nmp->nm_so = NULL;
246 saddr = mtod(nmp->nm_nam, struct sockaddr *);
247 error = socreate(saddr->sa_family, &nmp->nm_so, nmp->nm_sotype,
248 nmp->nm_soproto);
249 if (error) {
250 nfs_disconnect(nmp);
251 return (error);
252 }
253
254 /* Allocate mbufs possibly waiting before grabbing the socket lock. */
255 if (nmp->nm_sotype == SOCK_STREAM || saddr->sa_family == AF_INET)
256 MGET(mopt, M_WAIT, MT_SOOPTS);
257 if (saddr->sa_family == AF_INET)
258 MGET(nam, M_WAIT, MT_SONAME);
259
260 so = nmp->nm_so;
261 nmp->nm_soflags = so->so_proto->pr_flags;
262
263 /*
264 * Some servers require that the client port be a reserved port number.
265 * We always allocate a reserved port, as this prevents filehandle
266 * disclosure through UDP port capture.
267 */
268 if (saddr->sa_family == AF_INET) {
269 int *ip;
270
271 mopt->m_len = sizeof(int);
272 ip = mtod(mopt, int *);
273 *ip = IP_PORTRANGE_LOW;
274 error = sosetopt(so, IPPROTO_IP, IP_PORTRANGE, mopt);
275 if (error)
276 goto bad;
277
278 sin = mtod(nam, struct sockaddr_in *);
279 memset(sin, 0, sizeof(*sin));
280 sin->sin_len = nam->m_len = sizeof(struct sockaddr_in);
281 sin->sin_family = AF_INET;
282 sin->sin_addr.s_addr = INADDR_ANY;
283 sin->sin_port = htons(0);
284 solock(so);
285 error = sobind(so, nam, &proc0);
286 sounlock(so);
287 if (error)
288 goto bad;
289
290 mopt->m_len = sizeof(int);
291 ip = mtod(mopt, int *);
292 *ip = IP_PORTRANGE_DEFAULT;
293 error = sosetopt(so, IPPROTO_IP, IP_PORTRANGE, mopt);
294 if (error)
295 goto bad;
296 }
297
298 /*
299 * Protocols that do not require connections may be optionally left
300 * unconnected for servers that reply from a port other than NFS_PORT.
301 */
302 if (nmp->nm_flag & NFSMNT_NOCONN) {
303 if (nmp->nm_soflags & PR_CONNREQUIRED) {
304 error = ENOTCONN;
305 goto bad;
306 }
307 } else {
308 solock(so);
309 error = soconnect(so, nmp->nm_nam);
310 if (error)
311 goto bad_locked;
312
313 /*
314 * Wait for the connection to complete. Cribbed from the
315 * connect system call but with the wait timing out so
316 * that interruptible mounts don't hang here for a long time.
317 */
318 while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
319 sosleep_nsec(so, &so->so_timeo, PSOCK, "nfscon",
320 SEC_TO_NSEC(2));
321 if ((so->so_state & SS_ISCONNECTING) &&
322 so->so_error == 0 && rep &&
323 (error = nfs_sigintr(nmp, rep, rep->r_procp)) != 0){
324 so->so_state &= ~SS_ISCONNECTING;
325 goto bad_locked;
326 }
327 }
328 if (so->so_error) {
329 error = so->so_error;
330 so->so_error = 0;
331 goto bad_locked;
332 }
333 sounlock(so);
334 }
335 /*
336 * Always set receive timeout to detect server crash and reconnect.
337 * Otherwise, we can get stuck in soreceive forever.
338 */
339 mtx_enter(&so->so_rcv.sb_mtx);
340 so->so_rcv.sb_timeo_nsecs = SEC_TO_NSEC(5);
341 mtx_leave(&so->so_rcv.sb_mtx);
342 mtx_enter(&so->so_snd.sb_mtx);
343 if (nmp->nm_flag & (NFSMNT_SOFT | NFSMNT_INT))
344 so->so_snd.sb_timeo_nsecs = SEC_TO_NSEC(5);
345 else
346 so->so_snd.sb_timeo_nsecs = INFSLP;
347 mtx_leave(&so->so_snd.sb_mtx);
348 if (nmp->nm_sotype == SOCK_DGRAM) {
349 sndreserve = nmp->nm_wsize + NFS_MAXPKTHDR;
350 rcvreserve = (max(nmp->nm_rsize, nmp->nm_readdirsize) +
351 NFS_MAXPKTHDR) * 2;
352 } else if (nmp->nm_sotype == SOCK_STREAM) {
353 if (so->so_proto->pr_flags & PR_CONNREQUIRED) {
354 *mtod(mopt, int32_t *) = 1;
355 mopt->m_len = sizeof(int32_t);
356 sosetopt(so, SOL_SOCKET, SO_KEEPALIVE, mopt);
357 }
358 if (so->so_proto->pr_protocol == IPPROTO_TCP) {
359 *mtod(mopt, int32_t *) = 1;
360 mopt->m_len = sizeof(int32_t);
361 sosetopt(so, IPPROTO_TCP, TCP_NODELAY, mopt);
362 }
363 sndreserve = (nmp->nm_wsize + NFS_MAXPKTHDR +
364 sizeof (u_int32_t)) * 2;
365 rcvreserve = (nmp->nm_rsize + NFS_MAXPKTHDR +
366 sizeof (u_int32_t)) * 2;
367 } else {
368 panic("%s: nm_sotype %d", __func__, nmp->nm_sotype);
369 }
370 solock(so);
371 error = soreserve(so, sndreserve, rcvreserve);
372 if (error)
373 goto bad_locked;
374 mtx_enter(&so->so_rcv.sb_mtx);
375 so->so_rcv.sb_flags |= SB_NOINTR;
376 mtx_leave(&so->so_rcv.sb_mtx);
377 mtx_enter(&so->so_snd.sb_mtx);
378 so->so_snd.sb_flags |= SB_NOINTR;
379 mtx_leave(&so->so_snd.sb_mtx);
380 sounlock(so);
381
382 m_freem(mopt);
383 m_freem(nam);
384
385 /* Initialize other non-zero congestion variables */
386 nfs_init_rtt(nmp);
387 nmp->nm_cwnd = NFS_MAXCWND / 2; /* Initial send window */
388 nmp->nm_sent = 0;
389 nmp->nm_timeouts = 0;
390 return (0);
391
392 bad_locked:
393 sounlock(so);
394 bad:
395
396 m_freem(mopt);
397 m_freem(nam);
398
399 nfs_disconnect(nmp);
400 return (error);
401 }
402
403 /*
404 * Reconnect routine:
405 * Called when a connection is broken on a reliable protocol.
406 * - clean up the old socket
407 * - nfs_connect() again
408 * - set R_MUSTRESEND for all outstanding requests on mount point
409 * If this fails the mount point is DEAD!
410 * nb: Must be called with the nfs_sndlock() set on the mount point.
411 */
412 int
nfs_reconnect(struct nfsreq * rep)413 nfs_reconnect(struct nfsreq *rep)
414 {
415 struct nfsreq *rp;
416 struct nfsmount *nmp = rep->r_nmp;
417 int error;
418
419 nfs_disconnect(nmp);
420 while ((error = nfs_connect(nmp, rep)) != 0) {
421 if (error == EINTR || error == ERESTART)
422 return (EINTR);
423 tsleep_nsec(&nowake, PSOCK, "nfsrecon", SEC_TO_NSEC(1));
424 }
425
426 /*
427 * Loop through outstanding request list and fix up all requests
428 * on old socket.
429 */
430 TAILQ_FOREACH(rp, &nmp->nm_reqsq, r_chain) {
431 rp->r_flags |= R_MUSTRESEND;
432 rp->r_rexmit = 0;
433 }
434 return (0);
435 }
436
437 /*
438 * NFS disconnect. Clean up and unlink.
439 */
440 void
nfs_disconnect(struct nfsmount * nmp)441 nfs_disconnect(struct nfsmount *nmp)
442 {
443 struct socket *so;
444
445 if (nmp->nm_so) {
446 so = nmp->nm_so;
447 nmp->nm_so = NULL;
448 soshutdown(so, SHUT_RDWR);
449 soclose(so, 0);
450 }
451 }
452
453 /*
454 * This is the nfs send routine. For connection based socket types, it
455 * must be called with an nfs_sndlock() on the socket.
456 * "rep == NULL" indicates that it has been called from a server.
457 * For the client side:
458 * - return EINTR if the RPC is terminated, 0 otherwise
459 * - set R_MUSTRESEND if the send fails for any reason
460 * - do any cleanup required by recoverable socket errors (???)
461 * For the server side:
462 * - return EINTR or ERESTART if interrupted by a signal
463 * - return EPIPE if a connection is lost for connection based sockets (TCP...)
464 * - do any cleanup required by recoverable socket errors (???)
465 */
466 int
nfs_send(struct socket * so,struct mbuf * nam,struct mbuf * top,struct nfsreq * rep)467 nfs_send(struct socket *so, struct mbuf *nam, struct mbuf *top,
468 struct nfsreq *rep)
469 {
470 struct mbuf *sendnam;
471 int error, soflags, flags;
472
473 if (rep) {
474 if (rep->r_flags & R_SOFTTERM) {
475 m_freem(top);
476 return (EINTR);
477 }
478 if ((so = rep->r_nmp->nm_so) == NULL) {
479 rep->r_flags |= R_MUSTRESEND;
480 m_freem(top);
481 return (0);
482 }
483 rep->r_flags &= ~R_MUSTRESEND;
484 soflags = rep->r_nmp->nm_soflags;
485 } else
486 soflags = so->so_proto->pr_flags;
487 if ((soflags & PR_CONNREQUIRED) || (so->so_state & SS_ISCONNECTED))
488 sendnam = NULL;
489 else
490 sendnam = nam;
491 flags = 0;
492
493 error = sosend(so, sendnam, NULL, top, NULL, flags);
494 if (error) {
495 if (rep) {
496 /*
497 * Deal with errors for the client side.
498 */
499 if (rep->r_flags & R_SOFTTERM)
500 error = EINTR;
501 else
502 rep->r_flags |= R_MUSTRESEND;
503 }
504
505 /*
506 * Handle any recoverable (soft) socket errors here. (???)
507 */
508 if (error != EINTR && error != ERESTART &&
509 error != EWOULDBLOCK && error != EPIPE)
510 error = 0;
511 }
512 return (error);
513 }
514
515 #ifdef NFSCLIENT
516 /*
517 * Receive a Sun RPC Request/Reply. For SOCK_DGRAM, the work is all
518 * done by soreceive(), but for SOCK_STREAM we must deal with the Record
519 * Mark and consolidate the data into a new mbuf list.
520 * nb: Sometimes TCP passes the data up to soreceive() in long lists of
521 * small mbufs.
522 * For SOCK_STREAM we must be very careful to read an entire record once
523 * we have read any of it, even if the system call has been interrupted.
524 */
525 int
nfs_receive(struct nfsreq * rep,struct mbuf ** aname,struct mbuf ** mp)526 nfs_receive(struct nfsreq *rep, struct mbuf **aname, struct mbuf **mp)
527 {
528 struct socket *so;
529 struct uio auio;
530 struct iovec aio;
531 struct mbuf *m;
532 struct mbuf *control;
533 u_int32_t len;
534 struct mbuf **getnam;
535 int error, sotype, rcvflg;
536 struct proc *p = curproc; /* XXX */
537
538 /*
539 * Set up arguments for soreceive()
540 */
541 *mp = NULL;
542 *aname = NULL;
543 sotype = rep->r_nmp->nm_sotype;
544
545 /*
546 * For reliable protocols, lock against other senders/receivers
547 * in case a reconnect is necessary.
548 * For SOCK_STREAM, first get the Record Mark to find out how much
549 * more there is to get.
550 * We must lock the socket against other receivers
551 * until we have an entire rpc request/reply.
552 */
553 if (sotype != SOCK_DGRAM) {
554 error = nfs_sndlock(&rep->r_nmp->nm_flag, rep);
555 if (error)
556 return (error);
557 tryagain:
558 /*
559 * Check for fatal errors and resending request.
560 */
561 /*
562 * Ugh: If a reconnect attempt just happened, nm_so
563 * would have changed. NULL indicates a failed
564 * attempt that has essentially shut down this
565 * mount point.
566 */
567 if (rep->r_mrep || (rep->r_flags & R_SOFTTERM)) {
568 nfs_sndunlock(&rep->r_nmp->nm_flag);
569 return (EINTR);
570 }
571 so = rep->r_nmp->nm_so;
572 if (!so) {
573 error = nfs_reconnect(rep);
574 if (error) {
575 nfs_sndunlock(&rep->r_nmp->nm_flag);
576 return (error);
577 }
578 goto tryagain;
579 }
580 while (rep->r_flags & R_MUSTRESEND) {
581 m = m_copym(rep->r_mreq, 0, M_COPYALL, M_WAIT);
582 nfsstats.rpcretries++;
583 rep->r_rtt = 0;
584 rep->r_flags &= ~R_TIMING;
585 error = nfs_send(so, rep->r_nmp->nm_nam, m, rep);
586 if (error) {
587 if (error == EINTR || error == ERESTART ||
588 (error = nfs_reconnect(rep)) != 0) {
589 nfs_sndunlock(&rep->r_nmp->nm_flag);
590 return (error);
591 }
592 goto tryagain;
593 }
594 }
595 nfs_sndunlock(&rep->r_nmp->nm_flag);
596 if (sotype == SOCK_STREAM) {
597 aio.iov_base = (caddr_t) &len;
598 aio.iov_len = sizeof(u_int32_t);
599 auio.uio_iov = &aio;
600 auio.uio_iovcnt = 1;
601 auio.uio_segflg = UIO_SYSSPACE;
602 auio.uio_rw = UIO_READ;
603 auio.uio_offset = 0;
604 auio.uio_resid = sizeof(u_int32_t);
605 auio.uio_procp = p;
606 do {
607 rcvflg = MSG_WAITALL;
608 error = soreceive(so, NULL, &auio, NULL, NULL,
609 &rcvflg, 0);
610 if (error == EWOULDBLOCK && rep) {
611 if (rep->r_flags & R_SOFTTERM)
612 return (EINTR);
613 /*
614 * looks like the server died after it
615 * received the request, make sure
616 * that we will retransmit and we
617 * don't get stuck here forever.
618 */
619 if (rep->r_rexmit >=
620 rep->r_nmp->nm_retry) {
621 nfsstats.rpctimeouts++;
622 error = EPIPE;
623 }
624 }
625 } while (error == EWOULDBLOCK);
626 if (!error && auio.uio_resid > 0) {
627 log(LOG_INFO,
628 "short receive (%zu/%zu) from nfs server %s\n",
629 sizeof(u_int32_t) - auio.uio_resid,
630 sizeof(u_int32_t),
631 rep->r_nmp->nm_mountp->mnt_stat.f_mntfromname);
632 error = EPIPE;
633 }
634 if (error)
635 goto errout;
636
637 len = ntohl(len) & ~0x80000000;
638 /*
639 * This is SERIOUS! We are out of sync with the sender
640 * and forcing a disconnect/reconnect is all I can do.
641 */
642 if (len > NFS_MAXPACKET) {
643 log(LOG_ERR, "%s (%u) from nfs server %s\n",
644 "impossible packet length",
645 len,
646 rep->r_nmp->nm_mountp->mnt_stat.f_mntfromname);
647 error = EFBIG;
648 goto errout;
649 }
650 auio.uio_resid = len;
651 do {
652 rcvflg = MSG_WAITALL;
653 error = soreceive(so, NULL, &auio, mp, NULL,
654 &rcvflg, 0);
655 } while (error == EWOULDBLOCK || error == EINTR ||
656 error == ERESTART);
657 if (!error && auio.uio_resid > 0) {
658 log(LOG_INFO, "short receive (%zu/%u) from "
659 "nfs server %s\n", len - auio.uio_resid,
660 len, rep->r_nmp->nm_mountp->
661 mnt_stat.f_mntfromname);
662 error = EPIPE;
663 }
664 } else {
665 /*
666 * NB: Since uio_resid is big, MSG_WAITALL is ignored
667 * and soreceive() will return when it has either a
668 * control msg or a data msg.
669 * We have no use for control msg., but must grab them
670 * and then throw them away so we know what is going
671 * on.
672 */
673 auio.uio_resid = len = 100000000; /* Anything Big */
674 auio.uio_procp = p;
675 do {
676 rcvflg = 0;
677 error = soreceive(so, NULL, &auio, mp, &control,
678 &rcvflg, 0);
679 m_freem(control);
680 if (error == EWOULDBLOCK && rep) {
681 if (rep->r_flags & R_SOFTTERM)
682 return (EINTR);
683 }
684 } while (error == EWOULDBLOCK ||
685 (!error && *mp == NULL && control));
686 if ((rcvflg & MSG_EOR) == 0)
687 printf("Egad!!\n");
688 if (!error && *mp == NULL)
689 error = EPIPE;
690 len -= auio.uio_resid;
691 }
692 errout:
693 if (error && error != EINTR && error != ERESTART) {
694 m_freemp(mp);
695 if (error != EPIPE)
696 log(LOG_INFO,
697 "receive error %d from nfs server %s\n",
698 error,
699 rep->r_nmp->nm_mountp->mnt_stat.f_mntfromname);
700 error = nfs_sndlock(&rep->r_nmp->nm_flag, rep);
701 if (!error) {
702 error = nfs_reconnect(rep);
703 if (!error)
704 goto tryagain;
705 nfs_sndunlock(&rep->r_nmp->nm_flag);
706 }
707 }
708 } else {
709 if ((so = rep->r_nmp->nm_so) == NULL)
710 return (EACCES);
711 if (so->so_state & SS_ISCONNECTED)
712 getnam = NULL;
713 else
714 getnam = aname;
715 auio.uio_resid = len = 1000000;
716 auio.uio_procp = p;
717 do {
718 rcvflg = 0;
719 error = soreceive(so, getnam, &auio, mp, NULL,
720 &rcvflg, 0);
721 if (error == EWOULDBLOCK &&
722 (rep->r_flags & R_SOFTTERM))
723 return (EINTR);
724 } while (error == EWOULDBLOCK);
725 len -= auio.uio_resid;
726 }
727 if (error)
728 m_freemp(mp);
729 /*
730 * Search for any mbufs that are not a multiple of 4 bytes long
731 * or with m_data not longword aligned.
732 * These could cause pointer alignment problems, so copy them to
733 * well aligned mbufs.
734 */
735 nfs_realign(mp, 5 * NFSX_UNSIGNED);
736 return (error);
737 }
738
739 /*
740 * Implement receipt of reply on a socket.
741 * We must search through the list of received datagrams matching them
742 * with outstanding requests using the xid, until ours is found.
743 */
744 int
nfs_reply(struct nfsreq * myrep)745 nfs_reply(struct nfsreq *myrep)
746 {
747 struct nfsreq *rep;
748 struct nfsmount *nmp = myrep->r_nmp;
749 struct nfsm_info info;
750 struct mbuf *nam;
751 u_int32_t rxid, *tl;
752 int error;
753
754 /*
755 * Loop around until we get our own reply
756 */
757 for (;;) {
758 /*
759 * Lock against other receivers so that I don't get stuck in
760 * sbwait() after someone else has received my reply for me.
761 * Also necessary for connection based protocols to avoid
762 * race conditions during a reconnect.
763 */
764 error = nfs_rcvlock(myrep);
765 if (error)
766 return (error == EALREADY ? 0 : error);
767
768 /*
769 * Get the next Rpc reply off the socket
770 */
771 error = nfs_receive(myrep, &nam, &info.nmi_mrep);
772 nfs_rcvunlock(&nmp->nm_flag);
773 if (error) {
774
775 /*
776 * Ignore routing errors on connectionless protocols??
777 */
778 if (NFSIGNORE_SOERROR(nmp->nm_soflags, error)) {
779 if (nmp->nm_so)
780 nmp->nm_so->so_error = 0;
781 continue;
782 }
783 return (error);
784 }
785 m_freem(nam);
786
787 /*
788 * Get the xid and check that it is an rpc reply
789 */
790 info.nmi_md = info.nmi_mrep;
791 info.nmi_dpos = mtod(info.nmi_md, caddr_t);
792 info.nmi_errorp = &error;
793 tl = (uint32_t *)nfsm_dissect(&info, 2 * NFSX_UNSIGNED);
794 if (tl == NULL)
795 goto nfsmout;
796 rxid = *tl++;
797 if (*tl != rpc_reply) {
798 nfsstats.rpcinvalid++;
799 m_freem(info.nmi_mrep);
800 nfsmout:
801 continue;
802 }
803
804 /*
805 * Loop through the request list to match up the reply
806 * Iff no match, just drop the datagram
807 */
808 TAILQ_FOREACH(rep, &nmp->nm_reqsq, r_chain) {
809 if (rep->r_mrep == NULL && rxid == rep->r_xid) {
810 /* Found it.. */
811 rep->r_mrep = info.nmi_mrep;
812 rep->r_md = info.nmi_md;
813 rep->r_dpos = info.nmi_dpos;
814
815 /*
816 * Update congestion window.
817 * Do the additive increase of
818 * one rpc/rtt.
819 */
820 if (nmp->nm_cwnd <= nmp->nm_sent) {
821 nmp->nm_cwnd +=
822 (NFS_CWNDSCALE * NFS_CWNDSCALE +
823 (nmp->nm_cwnd >> 1)) / nmp->nm_cwnd;
824 if (nmp->nm_cwnd > NFS_MAXCWND)
825 nmp->nm_cwnd = NFS_MAXCWND;
826 }
827 rep->r_flags &= ~R_SENT;
828 nmp->nm_sent -= NFS_CWNDSCALE;
829
830 if (rep->r_flags & R_TIMING)
831 nfs_update_rtt(rep);
832
833 nmp->nm_timeouts = 0;
834 break;
835 }
836 }
837 /*
838 * If not matched to a request, drop it.
839 * If it's mine, get out.
840 */
841 if (rep == 0) {
842 nfsstats.rpcunexpected++;
843 m_freem(info.nmi_mrep);
844 } else if (rep == myrep) {
845 if (rep->r_mrep == NULL)
846 panic("nfsreply nil");
847 return (0);
848 }
849 }
850 }
851
852 /*
853 * nfs_request - goes something like this
854 * - fill in request struct
855 * - links it into list
856 * - calls nfs_send() for first transmit
857 * - calls nfs_receive() to get reply
858 * - break down rpc header and return with nfs reply pointed to
859 * by mrep or error
860 * nb: always frees up mreq mbuf list
861 */
862 int
nfs_request(struct vnode * vp,int procnum,struct nfsm_info * infop)863 nfs_request(struct vnode *vp, int procnum, struct nfsm_info *infop)
864 {
865 struct mbuf *m;
866 u_int32_t *tl;
867 struct nfsmount *nmp;
868 int i, error = 0;
869 int trylater_delay;
870 struct nfsreq *rep;
871 struct nfsm_info info;
872
873 rep = pool_get(&nfsreqpl, PR_WAITOK);
874 rep->r_nmp = VFSTONFS(vp->v_mount);
875 rep->r_vp = vp;
876 rep->r_procp = infop->nmi_procp;
877 rep->r_procnum = procnum;
878
879 /* empty mbuf for AUTH_UNIX header */
880 rep->r_mreq = m_gethdr(M_WAIT, MT_DATA);
881 rep->r_mreq->m_next = infop->nmi_mreq;
882 rep->r_mreq->m_len = 0;
883 m_calchdrlen(rep->r_mreq);
884
885 trylater_delay = NFS_MINTIMEO;
886
887 nmp = rep->r_nmp;
888
889 /* Get the RPC header with authorization. */
890 nfsm_rpchead(rep, infop->nmi_cred, RPCAUTH_UNIX);
891 m = rep->r_mreq;
892
893 /*
894 * For stream protocols, insert a Sun RPC Record Mark.
895 */
896 if (nmp->nm_sotype == SOCK_STREAM) {
897 M_PREPEND(m, NFSX_UNSIGNED, M_WAIT);
898 *mtod(m, u_int32_t *) = htonl(0x80000000 |
899 (m->m_pkthdr.len - NFSX_UNSIGNED));
900 }
901
902 tryagain:
903 rep->r_rtt = rep->r_rexmit = 0;
904 if (nfs_ptimers[rep->r_procnum] != NFS_DEFAULT_TIMER)
905 rep->r_flags = R_TIMING;
906 else
907 rep->r_flags = 0;
908 rep->r_mrep = NULL;
909
910 /*
911 * Do the client side RPC.
912 */
913 nfsstats.rpcrequests++;
914 /*
915 * Chain request into list of outstanding requests. Be sure
916 * to put it LAST so timer finds oldest requests first.
917 */
918 if (TAILQ_EMPTY(&nmp->nm_reqsq))
919 timeout_add(&nmp->nm_rtimeout, nfs_ticks);
920 TAILQ_INSERT_TAIL(&nmp->nm_reqsq, rep, r_chain);
921
922 /*
923 * If backing off another request or avoiding congestion, don't
924 * send this one now but let timer do it. If not timing a request,
925 * do it now.
926 */
927 if (nmp->nm_so && (nmp->nm_sotype != SOCK_DGRAM ||
928 (nmp->nm_flag & NFSMNT_DUMBTIMR) ||
929 nmp->nm_sent < nmp->nm_cwnd)) {
930 if (nmp->nm_soflags & PR_CONNREQUIRED)
931 error = nfs_sndlock(&nmp->nm_flag, rep);
932 if (!error) {
933 error = nfs_send(nmp->nm_so, nmp->nm_nam,
934 m_copym(m, 0, M_COPYALL, M_WAIT), rep);
935 if (nmp->nm_soflags & PR_CONNREQUIRED)
936 nfs_sndunlock(&nmp->nm_flag);
937 }
938 if (!error && (rep->r_flags & R_MUSTRESEND) == 0) {
939 nmp->nm_sent += NFS_CWNDSCALE;
940 rep->r_flags |= R_SENT;
941 }
942 } else {
943 rep->r_rtt = -1;
944 }
945
946 /*
947 * Wait for the reply from our send or the timer's.
948 */
949 if (!error || error == EPIPE)
950 error = nfs_reply(rep);
951
952 /*
953 * RPC done, unlink the request.
954 */
955 TAILQ_REMOVE(&nmp->nm_reqsq, rep, r_chain);
956 if (TAILQ_EMPTY(&nmp->nm_reqsq))
957 timeout_del(&nmp->nm_rtimeout);
958
959 /*
960 * Decrement the outstanding request count.
961 */
962 if (rep->r_flags & R_SENT) {
963 rep->r_flags &= ~R_SENT; /* paranoia */
964 nmp->nm_sent -= NFS_CWNDSCALE;
965 }
966
967 /*
968 * If there was a successful reply and a tprintf msg.
969 * tprintf a response.
970 */
971 if (!error && (rep->r_flags & R_TPRINTFMSG))
972 nfs_msg(rep, "is alive again");
973 info.nmi_mrep = rep->r_mrep;
974 info.nmi_md = rep->r_md;
975 info.nmi_dpos = rep->r_dpos;
976 info.nmi_errorp = &error;
977 if (error) {
978 infop->nmi_mrep = NULL;
979 goto nfsmout1;
980 }
981
982 /*
983 * break down the rpc header and check if ok
984 */
985 tl = (uint32_t *)nfsm_dissect(&info, 3 * NFSX_UNSIGNED);
986 if (tl == NULL)
987 goto nfsmout;
988 if (*tl++ == rpc_msgdenied) {
989 if (*tl == rpc_mismatch)
990 error = EOPNOTSUPP;
991 else
992 error = EACCES; /* Should be EAUTH. */
993 infop->nmi_mrep = NULL;
994 goto nfsmout1;
995 }
996
997 /*
998 * Since we only support RPCAUTH_UNIX atm we step over the
999 * reply verifier type, and in the (error) case that there really
1000 * is any data in it, we advance over it.
1001 */
1002 tl++; /* Step over verifier type */
1003 i = fxdr_unsigned(int32_t, *tl);
1004 if (i > 0) {
1005 /* Should not happen */
1006 if (nfsm_adv(&info, nfsm_rndup(i)) != 0)
1007 goto nfsmout;
1008 }
1009
1010 tl = (uint32_t *)nfsm_dissect(&info, NFSX_UNSIGNED);
1011 if (tl == NULL)
1012 goto nfsmout;
1013 /* 0 == ok */
1014 if (*tl == 0) {
1015 tl = (uint32_t *)nfsm_dissect(&info, NFSX_UNSIGNED);
1016 if (tl == NULL)
1017 goto nfsmout;
1018 if (*tl != 0) {
1019 error = fxdr_unsigned(int, *tl);
1020 if ((nmp->nm_flag & NFSMNT_NFSV3) &&
1021 error == NFSERR_TRYLATER) {
1022 m_freem(info.nmi_mrep);
1023 info.nmi_mrep = NULL;
1024 error = 0;
1025 tsleep_nsec(&nowake, PSOCK, "nfsretry",
1026 SEC_TO_NSEC(trylater_delay));
1027 trylater_delay *= NFS_TIMEOUTMUL;
1028 if (trylater_delay > NFS_MAXTIMEO)
1029 trylater_delay = NFS_MAXTIMEO;
1030
1031 goto tryagain;
1032 }
1033
1034 /*
1035 * If the File Handle was stale, invalidate the
1036 * lookup cache, just in case.
1037 */
1038 if (error == ESTALE)
1039 cache_purge(rep->r_vp);
1040 }
1041 goto nfsmout;
1042 }
1043
1044 error = EPROTONOSUPPORT;
1045
1046 nfsmout:
1047 infop->nmi_mrep = info.nmi_mrep;
1048 infop->nmi_md = info.nmi_md;
1049 infop->nmi_dpos = info.nmi_dpos;
1050 nfsmout1:
1051 m_freem(rep->r_mreq);
1052 pool_put(&nfsreqpl, rep);
1053 return (error);
1054 }
1055 #endif /* NFSCLIENT */
1056
1057 /*
1058 * Generate the rpc reply header
1059 * siz arg. is used to decide if adding a cluster is worthwhile
1060 */
1061 int
nfs_rephead(int siz,struct nfsrv_descript * nd,struct nfssvc_sock * slp,int err,struct mbuf ** mrq,struct mbuf ** mbp)1062 nfs_rephead(int siz, struct nfsrv_descript *nd, struct nfssvc_sock *slp,
1063 int err, struct mbuf **mrq, struct mbuf **mbp)
1064 {
1065 u_int32_t *tl;
1066 struct mbuf *mreq;
1067 struct mbuf *mb;
1068
1069 MGETHDR(mreq, M_WAIT, MT_DATA);
1070 mb = mreq;
1071 /*
1072 * If this is a big reply, use a cluster else
1073 * try and leave leading space for the lower level headers.
1074 */
1075 siz += RPC_REPLYSIZ;
1076 if (siz >= MHLEN - max_hdr) {
1077 MCLGET(mreq, M_WAIT);
1078 } else
1079 mreq->m_data += max_hdr;
1080 tl = mtod(mreq, u_int32_t *);
1081 mreq->m_len = 6 * NFSX_UNSIGNED;
1082 *tl++ = txdr_unsigned(nd->nd_retxid);
1083 *tl++ = rpc_reply;
1084 if (err == ERPCMISMATCH || (err & NFSERR_AUTHERR)) {
1085 *tl++ = rpc_msgdenied;
1086 if (err & NFSERR_AUTHERR) {
1087 *tl++ = rpc_autherr;
1088 *tl = txdr_unsigned(err & ~NFSERR_AUTHERR);
1089 mreq->m_len -= NFSX_UNSIGNED;
1090 } else {
1091 *tl++ = rpc_mismatch;
1092 *tl++ = txdr_unsigned(RPC_VER2);
1093 *tl = txdr_unsigned(RPC_VER2);
1094 }
1095 } else {
1096 *tl++ = rpc_msgaccepted;
1097
1098 /* AUTH_UNIX requires RPCAUTH_NULL. */
1099 *tl++ = 0;
1100 *tl++ = 0;
1101
1102 switch (err) {
1103 case EPROGUNAVAIL:
1104 *tl = txdr_unsigned(RPC_PROGUNAVAIL);
1105 break;
1106 case EPROGMISMATCH:
1107 *tl = txdr_unsigned(RPC_PROGMISMATCH);
1108 tl = nfsm_build(&mb, 2 * NFSX_UNSIGNED);
1109 *tl++ = txdr_unsigned(NFS_VER2);
1110 *tl = txdr_unsigned(NFS_VER3);
1111 break;
1112 case EPROCUNAVAIL:
1113 *tl = txdr_unsigned(RPC_PROCUNAVAIL);
1114 break;
1115 case EBADRPC:
1116 *tl = txdr_unsigned(RPC_GARBAGE);
1117 break;
1118 default:
1119 *tl = 0;
1120 if (err != NFSERR_RETVOID) {
1121 tl = nfsm_build(&mb, NFSX_UNSIGNED);
1122 if (err)
1123 *tl = txdr_unsigned(nfsrv_errmap(nd, err));
1124 else
1125 *tl = 0;
1126 }
1127 break;
1128 }
1129 }
1130
1131 *mrq = mreq;
1132 if (mbp != NULL)
1133 *mbp = mb;
1134 if (err != 0 && err != NFSERR_RETVOID)
1135 nfsstats.srvrpc_errs++;
1136 return (0);
1137 }
1138
1139 /*
1140 * nfs timer routine
1141 * Scan the nfsreq list and retransmit any requests that have timed out.
1142 */
1143 void
nfs_timer(void * arg)1144 nfs_timer(void *arg)
1145 {
1146 struct nfsmount *nmp = arg;
1147 struct nfsreq *rep;
1148 struct mbuf *m;
1149 struct socket *so;
1150 int timeo, error;
1151
1152 NET_LOCK();
1153 TAILQ_FOREACH(rep, &nmp->nm_reqsq, r_chain) {
1154 if (rep->r_mrep || (rep->r_flags & R_SOFTTERM))
1155 continue;
1156 if (nfs_sigintr(nmp, rep, rep->r_procp)) {
1157 rep->r_flags |= R_SOFTTERM;
1158 continue;
1159 }
1160 if (rep->r_rtt >= 0) {
1161 rep->r_rtt++;
1162 if (nmp->nm_flag & NFSMNT_DUMBTIMR)
1163 timeo = nmp->nm_timeo;
1164 else
1165 timeo = nfs_estimate_rto(nmp, rep->r_procnum);
1166 if (nmp->nm_timeouts > 0)
1167 timeo *= nfs_backoff[nmp->nm_timeouts - 1];
1168 if (rep->r_rtt <= timeo)
1169 continue;
1170 if (nmp->nm_timeouts < nitems(nfs_backoff))
1171 nmp->nm_timeouts++;
1172 }
1173
1174 /* Check for server not responding. */
1175 if ((rep->r_flags & R_TPRINTFMSG) == 0 && rep->r_rexmit > 4) {
1176 nfs_msg(rep, "not responding");
1177 rep->r_flags |= R_TPRINTFMSG;
1178 }
1179 if (rep->r_rexmit >= nmp->nm_retry) { /* too many */
1180 nfsstats.rpctimeouts++;
1181 rep->r_flags |= R_SOFTTERM;
1182 continue;
1183 }
1184 if (nmp->nm_sotype != SOCK_DGRAM) {
1185 if (++rep->r_rexmit > NFS_MAXREXMIT)
1186 rep->r_rexmit = NFS_MAXREXMIT;
1187 continue;
1188 }
1189
1190 if ((so = nmp->nm_so) == NULL)
1191 continue;
1192
1193 /*
1194 * If there is enough space and the window allows..
1195 * Resend it
1196 * Set r_rtt to -1 in case we fail to send it now.
1197 */
1198 rep->r_rtt = -1;
1199 if (sbspace(so, &so->so_snd) >= rep->r_mreq->m_pkthdr.len &&
1200 ((nmp->nm_flag & NFSMNT_DUMBTIMR) ||
1201 (rep->r_flags & R_SENT) ||
1202 nmp->nm_sent < nmp->nm_cwnd) &&
1203 (m = m_copym(rep->r_mreq, 0, M_COPYALL, M_DONTWAIT))){
1204 if ((nmp->nm_flag & NFSMNT_NOCONN) == 0)
1205 error = pru_send(so, m, NULL, NULL);
1206 else
1207 error = pru_send(so, m, nmp->nm_nam, NULL);
1208 if (error) {
1209 if (NFSIGNORE_SOERROR(nmp->nm_soflags, error))
1210 so->so_error = 0;
1211 } else {
1212 /*
1213 * Iff first send, start timing
1214 * else turn timing off, backoff timer
1215 * and divide congestion window by 2.
1216 */
1217 if (rep->r_flags & R_SENT) {
1218 rep->r_flags &= ~R_TIMING;
1219 if (++rep->r_rexmit > NFS_MAXREXMIT)
1220 rep->r_rexmit = NFS_MAXREXMIT;
1221 nmp->nm_cwnd >>= 1;
1222 if (nmp->nm_cwnd < NFS_CWNDSCALE)
1223 nmp->nm_cwnd = NFS_CWNDSCALE;
1224 nfsstats.rpcretries++;
1225 } else {
1226 rep->r_flags |= R_SENT;
1227 nmp->nm_sent += NFS_CWNDSCALE;
1228 }
1229 rep->r_rtt = 0;
1230 }
1231 }
1232 }
1233 NET_UNLOCK();
1234 timeout_add(&nmp->nm_rtimeout, nfs_ticks);
1235 }
1236
1237 /*
1238 * Test for a termination condition pending on the process.
1239 * This is used for NFSMNT_INT mounts.
1240 */
1241 int
nfs_sigintr(struct nfsmount * nmp,struct nfsreq * rep,struct proc * p)1242 nfs_sigintr(struct nfsmount *nmp, struct nfsreq *rep, struct proc *p)
1243 {
1244
1245 if (rep && (rep->r_flags & R_SOFTTERM))
1246 return (EINTR);
1247 if (!(nmp->nm_flag & NFSMNT_INT))
1248 return (0);
1249 if (p && (SIGPENDING(p) & ~p->p_p->ps_sigacts->ps_sigignore &
1250 NFSINT_SIGMASK))
1251 return (EINTR);
1252 return (0);
1253 }
1254
1255 /*
1256 * Lock a socket against others.
1257 * Necessary for STREAM sockets to ensure you get an entire rpc request/reply
1258 * and also to avoid race conditions between the processes with nfs requests
1259 * in progress when a reconnect is necessary.
1260 */
1261 int
nfs_sndlock(int * flagp,struct nfsreq * rep)1262 nfs_sndlock(int *flagp, struct nfsreq *rep)
1263 {
1264 uint64_t slptimeo = INFSLP;
1265 struct proc *p;
1266 int slpflag = 0;
1267
1268 if (rep) {
1269 p = rep->r_procp;
1270 if (rep->r_nmp->nm_flag & NFSMNT_INT)
1271 slpflag = PCATCH;
1272 } else
1273 p = NULL;
1274 while (*flagp & NFSMNT_SNDLOCK) {
1275 if (rep && nfs_sigintr(rep->r_nmp, rep, p))
1276 return (EINTR);
1277 *flagp |= NFSMNT_WANTSND;
1278 tsleep_nsec(flagp, slpflag | (PZERO - 1), "nfsndlck", slptimeo);
1279 if (slpflag == PCATCH) {
1280 slpflag = 0;
1281 slptimeo = SEC_TO_NSEC(2);
1282 }
1283 }
1284 *flagp |= NFSMNT_SNDLOCK;
1285 return (0);
1286 }
1287
1288 /*
1289 * Unlock the stream socket for others.
1290 */
1291 void
nfs_sndunlock(int * flagp)1292 nfs_sndunlock(int *flagp)
1293 {
1294
1295 if ((*flagp & NFSMNT_SNDLOCK) == 0)
1296 panic("nfs sndunlock");
1297 *flagp &= ~NFSMNT_SNDLOCK;
1298 if (*flagp & NFSMNT_WANTSND) {
1299 *flagp &= ~NFSMNT_WANTSND;
1300 wakeup((caddr_t)flagp);
1301 }
1302 }
1303
1304 int
nfs_rcvlock(struct nfsreq * rep)1305 nfs_rcvlock(struct nfsreq *rep)
1306 {
1307 uint64_t slptimeo = INFSLP;
1308 int *flagp = &rep->r_nmp->nm_flag;
1309 int slpflag;
1310
1311 if (*flagp & NFSMNT_INT)
1312 slpflag = PCATCH;
1313 else
1314 slpflag = 0;
1315
1316 while (*flagp & NFSMNT_RCVLOCK) {
1317 if (nfs_sigintr(rep->r_nmp, rep, rep->r_procp))
1318 return (EINTR);
1319 *flagp |= NFSMNT_WANTRCV;
1320 tsleep_nsec(flagp, slpflag | (PZERO - 1), "nfsrcvlk", slptimeo);
1321 if (rep->r_mrep != NULL) {
1322 /*
1323 * Don't take the lock if our reply has been received
1324 * while we where sleeping.
1325 */
1326 return (EALREADY);
1327 }
1328 if (slpflag == PCATCH) {
1329 slpflag = 0;
1330 slptimeo = SEC_TO_NSEC(2);
1331 }
1332 }
1333 *flagp |= NFSMNT_RCVLOCK;
1334 return (0);
1335 }
1336
1337 /*
1338 * Unlock the stream socket for others.
1339 */
1340 void
nfs_rcvunlock(int * flagp)1341 nfs_rcvunlock(int *flagp)
1342 {
1343
1344 if ((*flagp & NFSMNT_RCVLOCK) == 0)
1345 panic("nfs rcvunlock");
1346 *flagp &= ~NFSMNT_RCVLOCK;
1347 if (*flagp & NFSMNT_WANTRCV) {
1348 *flagp &= ~NFSMNT_WANTRCV;
1349 wakeup(flagp);
1350 }
1351 }
1352
1353 /*
1354 * Auxiliary routine to align the length of mbuf copies made with m_copyback().
1355 */
1356 void
nfs_realign_fixup(struct mbuf * m,struct mbuf * n,unsigned int * off)1357 nfs_realign_fixup(struct mbuf *m, struct mbuf *n, unsigned int *off)
1358 {
1359 size_t padding;
1360
1361 /*
1362 * The maximum number of bytes that m_copyback() places in a mbuf is
1363 * always an aligned quantity, so realign happens at the chain's tail.
1364 */
1365 while (n->m_next != NULL)
1366 n = n->m_next;
1367
1368 /*
1369 * Pad from the next elements in the source chain. Loop until the
1370 * destination chain is aligned, or the end of the source is reached.
1371 */
1372 do {
1373 m = m->m_next;
1374 if (m == NULL)
1375 return;
1376
1377 padding = min(ALIGN(n->m_len) - n->m_len, m->m_len);
1378 if (padding > m_trailingspace(n))
1379 panic("nfs_realign_fixup: no memory to pad to");
1380
1381 bcopy(mtod(m, void *), mtod(n, char *) + n->m_len, padding);
1382
1383 n->m_len += padding;
1384 m_adj(m, padding);
1385 *off += padding;
1386
1387 } while (!ALIGNED_POINTER(n->m_len, void *));
1388 }
1389
1390 /*
1391 * The NFS RPC parsing code uses the data address and the length of mbuf
1392 * structures to calculate on-memory addresses. This function makes sure these
1393 * parameters are correctly aligned.
1394 */
1395 void
nfs_realign(struct mbuf ** pm,int hsiz)1396 nfs_realign(struct mbuf **pm, int hsiz)
1397 {
1398 struct mbuf *m;
1399 struct mbuf *n = NULL;
1400 unsigned int off = 0;
1401
1402 ++nfs_realign_test;
1403 while ((m = *pm) != NULL) {
1404 if (!ALIGNED_POINTER(m->m_data, void *) ||
1405 !ALIGNED_POINTER(m->m_len, void *)) {
1406 MGET(n, M_WAIT, MT_DATA);
1407 #define ALIGN_POINTER(n) ((u_int)(((n) + sizeof(void *)) & ~sizeof(void *)))
1408 if (ALIGN_POINTER(m->m_len) >= MINCLSIZE) {
1409 MCLGET(n, M_WAIT);
1410 }
1411 n->m_len = 0;
1412 break;
1413 }
1414 pm = &m->m_next;
1415 }
1416 /*
1417 * If n is non-NULL, loop on m copying data, then replace the
1418 * portion of the chain that had to be realigned.
1419 */
1420 if (n != NULL) {
1421 ++nfs_realign_count;
1422 while (m) {
1423 m_copyback(n, off, m->m_len, mtod(m, caddr_t), M_WAIT);
1424
1425 /*
1426 * If an unaligned amount of memory was copied, fix up
1427 * the last mbuf created by m_copyback().
1428 */
1429 if (!ALIGNED_POINTER(m->m_len, void *))
1430 nfs_realign_fixup(m, n, &off);
1431
1432 off += m->m_len;
1433 m = m->m_next;
1434 }
1435 m_freemp(pm);
1436 *pm = n;
1437 }
1438 }
1439
1440
1441 /*
1442 * Parse an RPC request
1443 * - verify it
1444 * - fill in the cred struct.
1445 */
1446 int
nfs_getreq(struct nfsrv_descript * nd,struct nfsd * nfsd,int has_header)1447 nfs_getreq(struct nfsrv_descript *nd, struct nfsd *nfsd, int has_header)
1448 {
1449 int len, i;
1450 u_int32_t *tl;
1451 u_int32_t nfsvers, auth_type;
1452 int error = 0;
1453 struct nfsm_info info;
1454
1455 info.nmi_mrep = nd->nd_mrep;
1456 info.nmi_md = nd->nd_md;
1457 info.nmi_dpos = nd->nd_dpos;
1458 info.nmi_errorp = &error;
1459 if (has_header) {
1460 tl = (uint32_t *)nfsm_dissect(&info, 10 * NFSX_UNSIGNED);
1461 if (tl == NULL)
1462 goto nfsmout;
1463 nd->nd_retxid = fxdr_unsigned(u_int32_t, *tl++);
1464 if (*tl++ != rpc_call) {
1465 m_freem(info.nmi_mrep);
1466 return (EBADRPC);
1467 }
1468 } else {
1469 tl = (uint32_t *)nfsm_dissect(&info, 8 * NFSX_UNSIGNED);
1470 if (tl == NULL)
1471 goto nfsmout;
1472 }
1473 nd->nd_repstat = 0;
1474 nd->nd_flag = 0;
1475 if (*tl++ != rpc_vers) {
1476 nd->nd_repstat = ERPCMISMATCH;
1477 nd->nd_procnum = NFSPROC_NOOP;
1478 return (0);
1479 }
1480 if (*tl != nfs_prog) {
1481 nd->nd_repstat = EPROGUNAVAIL;
1482 nd->nd_procnum = NFSPROC_NOOP;
1483 return (0);
1484 }
1485 tl++;
1486 nfsvers = fxdr_unsigned(u_int32_t, *tl++);
1487 if (nfsvers != NFS_VER2 && nfsvers != NFS_VER3) {
1488 nd->nd_repstat = EPROGMISMATCH;
1489 nd->nd_procnum = NFSPROC_NOOP;
1490 return (0);
1491 }
1492 if (nfsvers == NFS_VER3)
1493 nd->nd_flag = ND_NFSV3;
1494 nd->nd_procnum = fxdr_unsigned(u_int32_t, *tl++);
1495 if (nd->nd_procnum == NFSPROC_NULL)
1496 return (0);
1497 if (nd->nd_procnum >= NFS_NPROCS ||
1498 (nd->nd_procnum > NFSPROC_COMMIT) ||
1499 (!nd->nd_flag && nd->nd_procnum > NFSV2PROC_STATFS)) {
1500 nd->nd_repstat = EPROCUNAVAIL;
1501 nd->nd_procnum = NFSPROC_NOOP;
1502 return (0);
1503 }
1504 if ((nd->nd_flag & ND_NFSV3) == 0)
1505 nd->nd_procnum = nfsv3_procid[nd->nd_procnum];
1506 auth_type = *tl++;
1507 len = fxdr_unsigned(int, *tl++);
1508 if (len < 0 || len > RPCAUTH_MAXSIZ) {
1509 m_freem(info.nmi_mrep);
1510 return (EBADRPC);
1511 }
1512
1513 /* Handle auth_unix */
1514 if (auth_type == rpc_auth_unix) {
1515 len = fxdr_unsigned(int, *++tl);
1516 if (len < 0 || len > NFS_MAXNAMLEN) {
1517 m_freem(info.nmi_mrep);
1518 return (EBADRPC);
1519 }
1520 if (nfsm_adv(&info, nfsm_rndup(len)) != 0)
1521 goto nfsmout;
1522 tl = (uint32_t *)nfsm_dissect(&info, 3 * NFSX_UNSIGNED);
1523 if (tl == NULL)
1524 goto nfsmout;
1525 memset(&nd->nd_cr, 0, sizeof (struct ucred));
1526 refcnt_init(&nd->nd_cr.cr_refcnt);
1527 nd->nd_cr.cr_uid = fxdr_unsigned(uid_t, *tl++);
1528 nd->nd_cr.cr_gid = fxdr_unsigned(gid_t, *tl++);
1529 len = fxdr_unsigned(int, *tl);
1530 if (len < 0 || len > RPCAUTH_UNIXGIDS) {
1531 m_freem(info.nmi_mrep);
1532 return (EBADRPC);
1533 }
1534 tl = (uint32_t *)
1535 nfsm_dissect(&info, (len + 2) * NFSX_UNSIGNED);
1536 if (tl == NULL)
1537 goto nfsmout;
1538 for (i = 0; i < len; i++) {
1539 if (i < NGROUPS_MAX)
1540 nd->nd_cr.cr_groups[i] =
1541 fxdr_unsigned(gid_t, *tl++);
1542 else
1543 tl++;
1544 }
1545 nd->nd_cr.cr_ngroups = (len > NGROUPS_MAX) ? NGROUPS_MAX : len;
1546 len = fxdr_unsigned(int, *++tl);
1547 if (len < 0 || len > RPCAUTH_MAXSIZ) {
1548 m_freem(info.nmi_mrep);
1549 return (EBADRPC);
1550 }
1551 if (len > 0) {
1552 if (nfsm_adv(&info, nfsm_rndup(len)) != 0)
1553 goto nfsmout;
1554 }
1555 } else {
1556 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_REJECTCRED);
1557 nd->nd_procnum = NFSPROC_NOOP;
1558 return (0);
1559 }
1560
1561 nd->nd_md = info.nmi_md;
1562 nd->nd_dpos = info.nmi_dpos;
1563 return (0);
1564 nfsmout:
1565 return (error);
1566 }
1567
1568 void
nfs_msg(struct nfsreq * rep,char * msg)1569 nfs_msg(struct nfsreq *rep, char *msg)
1570 {
1571 tpr_t tpr;
1572
1573 if (rep->r_procp)
1574 tpr = tprintf_open(rep->r_procp);
1575 else
1576 tpr = NULL;
1577
1578 tprintf(tpr, "nfs server %s: %s\n",
1579 rep->r_nmp->nm_mountp->mnt_stat.f_mntfromname, msg);
1580 tprintf_close(tpr);
1581 }
1582
1583 #ifdef NFSSERVER
1584 /*
1585 * Socket upcall routine for the nfsd sockets.
1586 * The caddr_t arg is a pointer to the "struct nfssvc_sock".
1587 * Essentially do as much as possible non-blocking, else punt and it will
1588 * be called with M_WAIT from an nfsd.
1589 */
1590 void
nfsrv_rcv(struct socket * so,caddr_t arg,int waitflag)1591 nfsrv_rcv(struct socket *so, caddr_t arg, int waitflag)
1592 {
1593 struct nfssvc_sock *slp = (struct nfssvc_sock *)arg;
1594 struct mbuf *m;
1595 struct mbuf *mp, *nam;
1596 struct uio auio;
1597 int flags, error;
1598
1599 KERNEL_LOCK();
1600
1601 if ((slp->ns_flag & SLP_VALID) == 0)
1602 goto out;
1603
1604 /* Defer soreceive() to an nfsd. */
1605 if (waitflag == M_DONTWAIT) {
1606 slp->ns_flag |= SLP_NEEDQ;
1607 goto dorecs;
1608 }
1609
1610 auio.uio_procp = NULL;
1611 if (so->so_type == SOCK_STREAM) {
1612 /*
1613 * Do soreceive().
1614 */
1615 auio.uio_resid = 1000000000;
1616 flags = MSG_DONTWAIT;
1617 error = soreceive(so, NULL, &auio, &mp, NULL,
1618 &flags, 0);
1619 if (error || mp == NULL) {
1620 if (error == EWOULDBLOCK)
1621 slp->ns_flag |= SLP_NEEDQ;
1622 else
1623 slp->ns_flag |= SLP_DISCONN;
1624 goto dorecs;
1625 }
1626 m = mp;
1627 if (slp->ns_rawend) {
1628 slp->ns_rawend->m_next = m;
1629 slp->ns_cc += 1000000000 - auio.uio_resid;
1630 } else {
1631 slp->ns_raw = m;
1632 slp->ns_cc = 1000000000 - auio.uio_resid;
1633 }
1634 while (m->m_next)
1635 m = m->m_next;
1636 slp->ns_rawend = m;
1637
1638 /*
1639 * Now try and parse record(s) out of the raw stream data.
1640 */
1641 error = nfsrv_getstream(slp, waitflag);
1642 if (error) {
1643 if (error == EPERM)
1644 slp->ns_flag |= SLP_DISCONN;
1645 else
1646 slp->ns_flag |= SLP_NEEDQ;
1647 }
1648 } else {
1649 do {
1650 auio.uio_resid = 1000000000;
1651 flags = MSG_DONTWAIT;
1652 error = soreceive(so, &nam, &auio, &mp,
1653 NULL, &flags, 0);
1654 if (mp) {
1655 m = nam;
1656 m->m_next = mp;
1657 if (slp->ns_recend)
1658 slp->ns_recend->m_nextpkt = m;
1659 else
1660 slp->ns_rec = m;
1661 slp->ns_recend = m;
1662 m->m_nextpkt = NULL;
1663 }
1664 if (error) {
1665 if ((so->so_proto->pr_flags & PR_CONNREQUIRED)
1666 && error != EWOULDBLOCK) {
1667 slp->ns_flag |= SLP_DISCONN;
1668 goto dorecs;
1669 }
1670 }
1671 } while (mp);
1672 }
1673
1674 /*
1675 * Now try and process the request records, non-blocking.
1676 */
1677 dorecs:
1678 if (waitflag == M_DONTWAIT &&
1679 (slp->ns_rec || (slp->ns_flag & (SLP_NEEDQ | SLP_DISCONN))))
1680 nfsrv_wakenfsd(slp);
1681
1682 out:
1683 KERNEL_UNLOCK();
1684 }
1685
1686 /*
1687 * Try and extract an RPC request from the mbuf data list received on a
1688 * stream socket. The "waitflag" argument indicates whether or not it
1689 * can sleep.
1690 */
1691 int
nfsrv_getstream(struct nfssvc_sock * slp,int waitflag)1692 nfsrv_getstream(struct nfssvc_sock *slp, int waitflag)
1693 {
1694 struct mbuf *m, **mpp;
1695 char *cp1, *cp2;
1696 int len;
1697 struct mbuf *om, *m2, *recm;
1698 u_int32_t recmark;
1699
1700 if (slp->ns_flag & SLP_GETSTREAM)
1701 return (0);
1702 slp->ns_flag |= SLP_GETSTREAM;
1703 for (;;) {
1704 if (slp->ns_reclen == 0) {
1705 if (slp->ns_cc < NFSX_UNSIGNED) {
1706 slp->ns_flag &= ~SLP_GETSTREAM;
1707 return (0);
1708 }
1709 m = slp->ns_raw;
1710 if (m->m_len >= NFSX_UNSIGNED) {
1711 bcopy(mtod(m, caddr_t), &recmark,
1712 NFSX_UNSIGNED);
1713 m->m_data += NFSX_UNSIGNED;
1714 m->m_len -= NFSX_UNSIGNED;
1715 } else {
1716 cp1 = (caddr_t)&recmark;
1717 cp2 = mtod(m, caddr_t);
1718 while (cp1 < ((caddr_t)&recmark) + NFSX_UNSIGNED) {
1719 while (m->m_len == 0) {
1720 m = m->m_next;
1721 cp2 = mtod(m, caddr_t);
1722 }
1723 *cp1++ = *cp2++;
1724 m->m_data++;
1725 m->m_len--;
1726 }
1727 }
1728 slp->ns_cc -= NFSX_UNSIGNED;
1729 recmark = ntohl(recmark);
1730 slp->ns_reclen = recmark & ~0x80000000;
1731 if (recmark & 0x80000000)
1732 slp->ns_flag |= SLP_LASTFRAG;
1733 else
1734 slp->ns_flag &= ~SLP_LASTFRAG;
1735 if (slp->ns_reclen > NFS_MAXPACKET) {
1736 slp->ns_flag &= ~SLP_GETSTREAM;
1737 return (EPERM);
1738 }
1739 }
1740
1741 /*
1742 * Now get the record part.
1743 */
1744 recm = NULL;
1745 if (slp->ns_cc == slp->ns_reclen) {
1746 recm = slp->ns_raw;
1747 slp->ns_raw = slp->ns_rawend = NULL;
1748 slp->ns_cc = slp->ns_reclen = 0;
1749 } else if (slp->ns_cc > slp->ns_reclen) {
1750 len = 0;
1751 m = slp->ns_raw;
1752 om = NULL;
1753 while (len < slp->ns_reclen) {
1754 if ((len + m->m_len) > slp->ns_reclen) {
1755 m2 = m_copym(m, 0, slp->ns_reclen - len,
1756 waitflag);
1757 if (m2) {
1758 if (om) {
1759 om->m_next = m2;
1760 recm = slp->ns_raw;
1761 } else
1762 recm = m2;
1763 m->m_data += slp->ns_reclen-len;
1764 m->m_len -= slp->ns_reclen-len;
1765 len = slp->ns_reclen;
1766 } else {
1767 slp->ns_flag &= ~SLP_GETSTREAM;
1768 return (EWOULDBLOCK);
1769 }
1770 } else if ((len + m->m_len) == slp->ns_reclen) {
1771 om = m;
1772 len += m->m_len;
1773 m = m->m_next;
1774 recm = slp->ns_raw;
1775 om->m_next = NULL;
1776 } else {
1777 om = m;
1778 len += m->m_len;
1779 m = m->m_next;
1780 }
1781 }
1782 slp->ns_raw = m;
1783 slp->ns_cc -= len;
1784 slp->ns_reclen = 0;
1785 } else {
1786 slp->ns_flag &= ~SLP_GETSTREAM;
1787 return (0);
1788 }
1789
1790 /*
1791 * Accumulate the fragments into a record.
1792 */
1793 mpp = &slp->ns_frag;
1794 while (*mpp)
1795 mpp = &((*mpp)->m_next);
1796 *mpp = recm;
1797 if (slp->ns_flag & SLP_LASTFRAG) {
1798 if (slp->ns_recend)
1799 slp->ns_recend->m_nextpkt = slp->ns_frag;
1800 else
1801 slp->ns_rec = slp->ns_frag;
1802 slp->ns_recend = slp->ns_frag;
1803 slp->ns_frag = NULL;
1804 }
1805 }
1806 }
1807
1808 /*
1809 * Parse an RPC header.
1810 */
1811 int
nfsrv_dorec(struct nfssvc_sock * slp,struct nfsd * nfsd,struct nfsrv_descript ** ndp)1812 nfsrv_dorec(struct nfssvc_sock *slp, struct nfsd *nfsd,
1813 struct nfsrv_descript **ndp)
1814 {
1815 struct mbuf *m, *nam;
1816 struct nfsrv_descript *nd;
1817 int error;
1818
1819 *ndp = NULL;
1820 if ((slp->ns_flag & SLP_VALID) == 0 ||
1821 (m = slp->ns_rec) == NULL)
1822 return (ENOBUFS);
1823 slp->ns_rec = m->m_nextpkt;
1824 if (slp->ns_rec)
1825 m->m_nextpkt = NULL;
1826 else
1827 slp->ns_recend = NULL;
1828 if (m->m_type == MT_SONAME) {
1829 nam = m;
1830 m = m->m_next;
1831 nam->m_next = NULL;
1832 } else
1833 nam = NULL;
1834 nd = pool_get(&nfsrv_descript_pl, PR_WAITOK);
1835 nfs_realign(&m, 10 * NFSX_UNSIGNED);
1836 nd->nd_md = nd->nd_mrep = m;
1837 nd->nd_nam2 = nam;
1838 nd->nd_dpos = mtod(m, caddr_t);
1839 error = nfs_getreq(nd, nfsd, 1);
1840 if (error) {
1841 m_freem(nam);
1842 pool_put(&nfsrv_descript_pl, nd);
1843 return (error);
1844 }
1845 *ndp = nd;
1846 nfsd->nfsd_nd = nd;
1847 return (0);
1848 }
1849
1850
1851 /*
1852 * Search for a sleeping nfsd and wake it up.
1853 * SIDE EFFECT: If none found, set NFSD_CHECKSLP flag, so that one of the
1854 * running nfsds will go look for the work in the nfssvc_sock list.
1855 */
1856 void
nfsrv_wakenfsd(struct nfssvc_sock * slp)1857 nfsrv_wakenfsd(struct nfssvc_sock *slp)
1858 {
1859 struct nfsd *nfsd;
1860
1861 if ((slp->ns_flag & SLP_VALID) == 0)
1862 return;
1863
1864 TAILQ_FOREACH(nfsd, &nfsd_head, nfsd_chain) {
1865 if (nfsd->nfsd_flag & NFSD_WAITING) {
1866 nfsd->nfsd_flag &= ~NFSD_WAITING;
1867 if (nfsd->nfsd_slp)
1868 panic("nfsd wakeup");
1869 slp->ns_sref++;
1870 nfsd->nfsd_slp = slp;
1871 wakeup_one(nfsd);
1872 return;
1873 }
1874 }
1875
1876 slp->ns_flag |= SLP_DOREC;
1877 nfsd_head_flag |= NFSD_CHECKSLP;
1878 }
1879 #endif /* NFSSERVER */
1880