search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / sys / nfs / nfs_serv.c
blob7f4f570d81d808c6db0c7598bd6b005c619f90ee
1 /* $NetBSD: nfs_serv.c,v 1.149 2009/12/23 01:09:25 pooka Exp $ */
2
3 /*
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Rick Macklem at The University of Guelph.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * @(#)nfs_serv.c 8.8 (Berkeley) 7/31/95
35 */
36
37 /*
38 * nfs version 2 and 3 server calls to vnode ops
39 * - these routines generally have 3 phases
40 * 1 - break down and validate rpc request in mbuf list
41 * 2 - do the vnode ops for the request
42 * (surprisingly ?? many are very similar to syscalls in vfs_syscalls.c)
43 * 3 - build the rpc reply in an mbuf list
44 * nb:
45 * - do not mix the phases, since the nfsm_?? macros can return failures
46 * on a bad rpc or similar and do not do any vrele() or vput()'s
47 *
48 * - the nfsm_reply() macro generates an nfs rpc reply with the nfs
49 * error number iff error != 0 whereas
50 * returning an error from the server function implies a fatal error
51 * such as a badly constructed rpc request that should be dropped without
52 * a reply.
53 * For Version 3, nfsm_reply() does not return for the error case, since
54 * most version 3 rpcs return more than the status for error cases.
55 */
56
57 #include <sys/cdefs.h>
58 __KERNEL_RCSID(0, "$NetBSD: nfs_serv.c,v 1.149 2009/12/23 01:09:25 pooka Exp $");
59
60 #include <sys/param.h>
61 #include <sys/systm.h>
62 #include <sys/proc.h>
63 #include <sys/file.h>
64 #include <sys/namei.h>
65 #include <sys/vnode.h>
66 #include <sys/mount.h>
67 #include <sys/socket.h>
68 #include <sys/socketvar.h>
69 #include <sys/mbuf.h>
70 #include <sys/dirent.h>
71 #include <sys/stat.h>
72 #include <sys/kernel.h>
73 #include <sys/hash.h>
74 #include <sys/kauth.h>
75 #include <sys/module.h>
76 #include <sys/syscall.h>
77 #include <sys/syscallargs.h>
78 #include <sys/syscallvar.h>
79
80 #include <uvm/uvm.h>
81
82 #include <nfs/nfsproto.h>
83 #include <nfs/rpcv2.h>
84 #include <nfs/nfs.h>
85 #include <nfs/xdr_subs.h>
86 #include <nfs/nfsm_subs.h>
87 #include <nfs/nfs_var.h>
88
89 MODULE(MODULE_CLASS_MISC, nfsserver, "nfs");
90
91 /* Global vars */
92 extern u_int32_t nfs_xdrneg1;
93 extern u_int32_t nfs_false, nfs_true;
94 extern const enum vtype nv3tov_type[8];
95 extern struct nfsstats nfsstats;
96 extern const nfstype nfsv2_type[9];
97 extern const nfstype nfsv3_type[9];
98 int nfsrvw_procrastinate = NFS_GATHERDELAY * 1000;
99 bool nfsd_use_loan = true; /* use page-loan for READ OP */
100
101 #define nqsrv_getl(vp, rw) /* nothing */
102
103 static const struct syscall_package nfsserver_syscalls[] = {
104 { SYS_nfssvc, 0, (sy_call_t *)sys_nfssvc },
105 { 0, 0, NULL },
106 };
107
108 static int
109 nfsserver_modcmd(modcmd_t cmd, void *arg)
110 {
111 extern struct vfs_hooks nfs_export_hooks; /* XXX */
112 int error;
113
114 switch (cmd) {
115 case MODULE_CMD_INIT:
116 error = syscall_establish(NULL, nfsserver_syscalls);
117 if (error != 0) {
118 return error;
119 }
120 nfs_init(); /* XXX for monolithic kernel */
121 netexport_init();
122 nfsrv_initcache(); /* Init the server request cache */
123 nfsrv_init(0); /* Init server data structures */
124 vfs_hooks_attach(&nfs_export_hooks);
125 nfs_timer_srvinit(nfsrv_timer);
126 return 0;
127 case MODULE_CMD_FINI:
128 error = syscall_disestablish(NULL, nfsserver_syscalls);
129 if (error != 0) {
130 return error;
131 }
132 /*
133 * Kill export list before detaching VFS hooks, so we
134 * we don't leak state due to a concurrent umount().
135 */
136 netexport_fini();
137 vfs_hooks_detach(&nfs_export_hooks);
138
139 /* Kill timer before server goes away. */
140 nfs_timer_srvfini();
141 nfsrv_fini();
142
143 /* Server uses server cache, so kill cache last. */
144 nfsrv_finicache();
145 return 0;
146 default:
147 return ENOTTY;
148 }
149 }
150
151 /*
152 * nfs v3 access service
153 */
154 int
155 nfsrv3_access(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
156 {
157 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
158 struct mbuf *nam = nfsd->nd_nam;
159 char *dpos = nfsd->nd_dpos;
160 kauth_cred_t cred = nfsd->nd_cr;
161 struct vnode *vp;
162 nfsrvfh_t nsfh;
163 u_int32_t *tl;
164 int32_t t1;
165 char *bpos;
166 int error = 0, rdonly, cache = 0, getret;
167 char *cp2;
168 struct mbuf *mb, *mreq;
169 struct vattr va;
170 u_long inmode, testmode, outmode;
171 u_quad_t frev;
172
173 nfsm_srvmtofh(&nsfh);
174 nfsm_dissect(tl, u_int32_t *, NFSX_UNSIGNED);
175 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam, &rdonly,
176 (nfsd->nd_flag & ND_KERBAUTH), false);
177 if (error) {
178 nfsm_reply(NFSX_UNSIGNED);
179 nfsm_srvpostop_attr(1, (struct vattr *)0);
180 return (0);
181 }
182 inmode = fxdr_unsigned(u_int32_t, *tl);
183 outmode = 0;
184 if ((inmode & NFSV3ACCESS_READ) &&
185 nfsrv_access(vp, VREAD, cred, rdonly, lwp, 0) == 0)
186 outmode |= NFSV3ACCESS_READ;
187 if (vp->v_type != VDIR) {
188 testmode = inmode & (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND);
189 if (testmode &&
190 nfsrv_access(vp, VWRITE, cred, rdonly, lwp, 0) == 0)
191 outmode |= testmode;
192 if ((inmode & NFSV3ACCESS_EXECUTE) &&
193 nfsrv_access(vp, VEXEC, cred, rdonly, lwp, 0) == 0)
194 outmode |= NFSV3ACCESS_EXECUTE;
195 } else {
196 testmode = inmode & (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND |
197 NFSV3ACCESS_DELETE);
198 if (testmode &&
199 nfsrv_access(vp, VWRITE, cred, rdonly, lwp, 0) == 0)
200 outmode |= testmode;
201 if ((inmode & NFSV3ACCESS_LOOKUP) &&
202 nfsrv_access(vp, VEXEC, cred, rdonly, lwp, 0) == 0)
203 outmode |= NFSV3ACCESS_LOOKUP;
204 }
205 getret = VOP_GETATTR(vp, &va, cred);
206 vput(vp);
207 nfsm_reply(NFSX_POSTOPATTR(1) + NFSX_UNSIGNED);
208 nfsm_srvpostop_attr(getret, &va);
209 nfsm_build(tl, u_int32_t *, NFSX_UNSIGNED);
210 *tl = txdr_unsigned(outmode);
211 nfsm_srvdone;
212 }
213
214 /*
215 * nfs getattr service
216 */
217 int
218 nfsrv_getattr(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
219 {
220 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
221 struct mbuf *nam = nfsd->nd_nam;
222 char *dpos = nfsd->nd_dpos;
223 kauth_cred_t cred = nfsd->nd_cr;
224 struct nfs_fattr *fp;
225 struct vattr va;
226 struct vnode *vp;
227 nfsrvfh_t nsfh;
228 u_int32_t *tl;
229 int32_t t1;
230 char *bpos;
231 int error = 0, rdonly, cache = 0;
232 char *cp2;
233 struct mbuf *mb, *mreq;
234 u_quad_t frev;
235
236 nfsm_srvmtofh(&nsfh);
237 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam, &rdonly,
238 (nfsd->nd_flag & ND_KERBAUTH), false);
239 if (error) {
240 nfsm_reply(0);
241 return (0);
242 }
243 nqsrv_getl(vp, ND_READ);
244 error = VOP_GETATTR(vp, &va, cred);
245 vput(vp);
246 nfsm_reply(NFSX_FATTR(nfsd->nd_flag & ND_NFSV3));
247 if (error)
248 return (0);
249 nfsm_build(fp, struct nfs_fattr *, NFSX_FATTR(nfsd->nd_flag & ND_NFSV3));
250 nfsm_srvfillattr(&va, fp);
251 nfsm_srvdone;
252 }
253
254 /*
255 * nfs setattr service
256 */
257 int
258 nfsrv_setattr(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
259 {
260 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
261 struct mbuf *nam = nfsd->nd_nam;
262 char *dpos = nfsd->nd_dpos;
263 kauth_cred_t cred = nfsd->nd_cr;
264 struct vattr va, preat;
265 struct nfsv2_sattr *sp;
266 struct nfs_fattr *fp;
267 struct vnode *vp;
268 nfsrvfh_t nsfh;
269 u_int32_t *tl;
270 int32_t t1;
271 char *bpos;
272 int error = 0, rdonly, cache = 0, preat_ret = 1, postat_ret = 1;
273 int v3 = (nfsd->nd_flag & ND_NFSV3), gcheck = 0;
274 char *cp2;
275 struct mbuf *mb, *mreq;
276 u_quad_t frev;
277 struct timespec guard;
278
279 memset(&guard, 0, sizeof guard); /* XXX gcc */
280
281 nfsm_srvmtofh(&nsfh);
282 vattr_null(&va);
283 if (v3) {
284 nfsm_srvsattr(&va);
285 nfsm_dissect(tl, u_int32_t *, NFSX_UNSIGNED);
286 gcheck = fxdr_unsigned(int, *tl);
287 if (gcheck) {
288 nfsm_dissect(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
289 fxdr_nfsv3time(tl, &guard);
290 }
291 } else {
292 nfsm_dissect(sp, struct nfsv2_sattr *, NFSX_V2SATTR);
293 /*
294 * Nah nah nah nah na nah
295 * There is a bug in the Sun client that puts 0xffff in the mode
296 * field of sattr when it should put in 0xffffffff. The u_short
297 * doesn't sign extend.
298 * --> check the low order 2 bytes for 0xffff
299 */
300 if ((fxdr_unsigned(int, sp->sa_mode) & 0xffff) != 0xffff)
301 va.va_mode = nfstov_mode(sp->sa_mode);
302 if (sp->sa_uid != nfs_xdrneg1)
303 va.va_uid = fxdr_unsigned(uid_t, sp->sa_uid);
304 if (sp->sa_gid != nfs_xdrneg1)
305 va.va_gid = fxdr_unsigned(gid_t, sp->sa_gid);
306 if (sp->sa_size != nfs_xdrneg1)
307 va.va_size = fxdr_unsigned(u_quad_t, sp->sa_size);
308 if (sp->sa_atime.nfsv2_sec != nfs_xdrneg1) {
309 #ifdef notyet
310 fxdr_nfsv2time(&sp->sa_atime, &va.va_atime);
311 #else
312 va.va_atime.tv_sec =
313 fxdr_unsigned(u_int32_t,sp->sa_atime.nfsv2_sec);
314 va.va_atime.tv_nsec = 0;
315 #endif
316 }
317 if (sp->sa_mtime.nfsv2_sec != nfs_xdrneg1)
318 fxdr_nfsv2time(&sp->sa_mtime, &va.va_mtime);
319
320 }
321
322 /*
323 * Now that we have all the fields, lets do it.
324 */
325 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam, &rdonly,
326 (nfsd->nd_flag & ND_KERBAUTH), false);
327 if (error) {
328 nfsm_reply(2 * NFSX_UNSIGNED);
329 nfsm_srvwcc_data(preat_ret, &preat, postat_ret, &va);
330 return (0);
331 }
332 nqsrv_getl(vp, ND_WRITE);
333 if (v3) {
334 error = preat_ret = VOP_GETATTR(vp, &preat, cred);
335 if (!error && gcheck &&
336 (preat.va_ctime.tv_sec != guard.tv_sec ||
337 preat.va_ctime.tv_nsec != guard.tv_nsec))
338 error = NFSERR_NOT_SYNC;
339 if (error) {
340 vput(vp);
341 nfsm_reply(NFSX_WCCDATA(v3));
342 nfsm_srvwcc_data(preat_ret, &preat, postat_ret, &va);
343 return (0);
344 }
345 }
346
347 /*
348 * If the size is being changed write acces is required, otherwise
349 * just check for a read only file system.
350 */
351 if (va.va_size == ((u_quad_t)((quad_t) -1))) {
352 if (rdonly || (vp->v_mount->mnt_flag & MNT_RDONLY)) {
353 error = EROFS;
354 goto out;
355 }
356 } else {
357 if (vp->v_type == VDIR) {
358 error = EISDIR;
359 goto out;
360 } else if ((error = nfsrv_access(vp, VWRITE, cred, rdonly,
361 lwp, 0)) != 0)
362 goto out;
363 }
364 error = VOP_SETATTR(vp, &va, cred);
365 postat_ret = VOP_GETATTR(vp, &va, cred);
366 if (!error)
367 error = postat_ret;
368 out:
369 vput(vp);
370 nfsm_reply(NFSX_WCCORFATTR(v3));
371 if (v3) {
372 nfsm_srvwcc_data(preat_ret, &preat, postat_ret, &va);
373 return (0);
374 } else {
375 nfsm_build(fp, struct nfs_fattr *, NFSX_V2FATTR);
376 nfsm_srvfillattr(&va, fp);
377 }
378 nfsm_srvdone;
379 }
380
381 /*
382 * nfs lookup rpc
383 */
384 int
385 nfsrv_lookup(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
386 {
387 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
388 struct mbuf *nam = nfsd->nd_nam;
389 char *dpos = nfsd->nd_dpos;
390 kauth_cred_t cred = nfsd->nd_cr;
391 struct nfs_fattr *fp;
392 struct nameidata nd, ind, *ndp = &nd;
393 struct vnode *vp, *dirp;
394 nfsrvfh_t nsfh;
395 char *cp;
396 u_int32_t *tl;
397 int32_t t1;
398 char *bpos;
399 int error = 0, cache = 0, dirattr_ret = 1;
400 uint32_t len;
401 int v3 = (nfsd->nd_flag & ND_NFSV3), pubflag;
402 char *cp2;
403 struct mbuf *mb, *mreq;
404 struct vattr va, dirattr;
405 u_quad_t frev;
406
407 nfsm_srvmtofh(&nsfh);
408 nfsm_srvnamesiz(len);
409
410 pubflag = nfs_ispublicfh(&nsfh);
411
412 nd.ni_cnd.cn_cred = cred;
413 nd.ni_cnd.cn_nameiop = LOOKUP;
414 nd.ni_cnd.cn_flags = LOCKLEAF | SAVESTART;
415 error = nfs_namei(&nd, &nsfh, len, slp, nam, &md, &dpos,
416 &dirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), pubflag);
417
418 if (!error && pubflag) {
419 if (nd.ni_vp->v_type == VDIR && nfs_pub.np_index != NULL) {
420 /*
421 * Setup call to lookup() to see if we can find
422 * the index file. Arguably, this doesn't belong
423 * in a kernel.. Ugh.
424 */
425 ind = nd;
426 VOP_UNLOCK(nd.ni_vp, 0);
427 ind.ni_pathlen = strlen(nfs_pub.np_index);
428 ind.ni_cnd.cn_nameptr = ind.ni_cnd.cn_pnbuf =
429 nfs_pub.np_index;
430 ind.ni_startdir = nd.ni_vp;
431 vref(ind.ni_startdir);
432 error = lookup_for_nfsd_index(&ind);
433 if (!error) {
434 /*
435 * Found an index file. Get rid of
436 * the old references.
437 */
438 if (dirp)
439 vrele(dirp);
440 dirp = nd.ni_vp;
441 vrele(nd.ni_startdir);
442 ndp = &ind;
443 } else
444 error = 0;
445 }
446 /*
447 * If the public filehandle was used, check that this lookup
448 * didn't result in a filehandle outside the publicly exported
449 * filesystem.
450 */
451
452 if (!error && ndp->ni_vp->v_mount != nfs_pub.np_mount) {
453 vput(nd.ni_vp);
454 error = EPERM;
455 }
456 }
457
458 if (dirp) {
459 if (v3)
460 dirattr_ret = VOP_GETATTR(dirp, &dirattr, cred);
461 vrele(dirp);
462 }
463
464 if (error) {
465 nfsm_reply(NFSX_POSTOPATTR(v3));
466 nfsm_srvpostop_attr(dirattr_ret, &dirattr);
467 return (0);
468 }
469
470 nqsrv_getl(ndp->ni_startdir, ND_READ);
471 PNBUF_PUT(nd.ni_cnd.cn_pnbuf);
472 vp = ndp->ni_vp;
473 error = nfsrv_composefh(vp, &nsfh, v3);
474 if (!error)
475 error = VOP_GETATTR(vp, &va, cred);
476 vput(vp);
477 vrele(ndp->ni_startdir);
478 nfsm_reply(NFSX_SRVFH(&nsfh, v3) + NFSX_POSTOPORFATTR(v3) +
479 NFSX_POSTOPATTR(v3));
480 if (error) {
481 nfsm_srvpostop_attr(dirattr_ret, &dirattr);
482 return (0);
483 }
484 nfsm_srvfhtom(&nsfh, v3);
485 if (v3) {
486 nfsm_srvpostop_attr(0, &va);
487 nfsm_srvpostop_attr(dirattr_ret, &dirattr);
488 } else {
489 nfsm_build(fp, struct nfs_fattr *, NFSX_V2FATTR);
490 nfsm_srvfillattr(&va, fp);
491 }
492 nfsm_srvdone;
493 }
494
495 /*
496 * nfs readlink service
497 */
498 int
499 nfsrv_readlink(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
500 {
501 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
502 struct mbuf *nam = nfsd->nd_nam;
503 char *dpos = nfsd->nd_dpos;
504 kauth_cred_t cred = nfsd->nd_cr;
505 struct iovec iv[(NFS_MAXPATHLEN+MLEN-1)/MLEN];
506 struct iovec *ivp = iv;
507 struct mbuf *mp;
508 u_int32_t *tl;
509 int32_t t1;
510 char *bpos;
511 int error = 0, rdonly, cache = 0, i, padlen, getret;
512 uint32_t len;
513 int v3 = (nfsd->nd_flag & ND_NFSV3);
514 char *cp2;
515 struct mbuf *mb, *mp2 = NULL, *mp3 = NULL, *mreq;
516 struct vnode *vp;
517 struct vattr attr;
518 nfsrvfh_t nsfh;
519 struct uio io, *uiop = &io;
520 u_quad_t frev;
521
522 nfsm_srvmtofh(&nsfh);
523 len = 0;
524 i = 0;
525 while (len < NFS_MAXPATHLEN) {
526 mp = m_get(M_WAIT, MT_DATA);
527 MCLAIM(mp, &nfs_mowner);
528 m_clget(mp, M_WAIT);
529 mp->m_len = NFSMSIZ(mp);
530 if (len == 0)
531 mp3 = mp2 = mp;
532 else {
533 mp2->m_next = mp;
534 mp2 = mp;
535 }
536 if ((len+mp->m_len) > NFS_MAXPATHLEN) {
537 mp->m_len = NFS_MAXPATHLEN-len;
538 len = NFS_MAXPATHLEN;
539 } else
540 len += mp->m_len;
541 ivp->iov_base = mtod(mp, void *);
542 ivp->iov_len = mp->m_len;
543 i++;
544 ivp++;
545 }
546 uiop->uio_iov = iv;
547 uiop->uio_iovcnt = i;
548 uiop->uio_offset = 0;
549 uiop->uio_resid = len;
550 uiop->uio_rw = UIO_READ;
551 UIO_SETUP_SYSSPACE(uiop);
552 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
553 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
554 if (error) {
555 m_freem(mp3);
556 nfsm_reply(2 * NFSX_UNSIGNED);
557 nfsm_srvpostop_attr(1, (struct vattr *)0);
558 return (0);
559 }
560 if (vp->v_type != VLNK) {
561 if (v3)
562 error = EINVAL;
563 else
564 error = ENXIO;
565 goto out;
566 }
567 nqsrv_getl(vp, ND_READ);
568 error = VOP_READLINK(vp, uiop, cred);
569 out:
570 getret = VOP_GETATTR(vp, &attr, cred);
571 vput(vp);
572 if (error)
573 m_freem(mp3);
574 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_UNSIGNED);
575 if (v3) {
576 nfsm_srvpostop_attr(getret, &attr);
577 if (error)
578 return (0);
579 }
580 len -= uiop->uio_resid;
581 padlen = nfsm_padlen(len);
582 if (uiop->uio_resid || padlen)
583 nfs_zeropad(mp3, uiop->uio_resid, padlen);
584 nfsm_build(tl, u_int32_t *, NFSX_UNSIGNED);
585 *tl = txdr_unsigned(len);
586 mb->m_next = mp3;
587 nfsm_srvdone;
588 }
589
590 /*
591 * nfs read service
592 */
593 int
594 nfsrv_read(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
595 {
596 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
597 struct mbuf *nam = nfsd->nd_nam;
598 char *dpos = nfsd->nd_dpos;
599 kauth_cred_t cred = nfsd->nd_cr;
600 struct mbuf *m;
601 struct nfs_fattr *fp;
602 u_int32_t *tl;
603 int32_t t1;
604 int i;
605 char *bpos;
606 int error = 0, rdonly, cache = 0, getret;
607 int v3 = (nfsd->nd_flag & ND_NFSV3);
608 uint32_t reqlen, len, cnt, left;
609 int padlen;
610 char *cp2;
611 struct mbuf *mb, *mreq;
612 struct vnode *vp;
613 nfsrvfh_t nsfh;
614 struct uio io, *uiop = &io;
615 struct vattr va;
616 off_t off;
617 u_quad_t frev;
618
619 nfsm_srvmtofh(&nsfh);
620 if (v3) {
621 nfsm_dissect(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
622 off = fxdr_hyper(tl);
623 } else {
624 nfsm_dissect(tl, u_int32_t *, NFSX_UNSIGNED);
625 off = (off_t)fxdr_unsigned(u_int32_t, *tl);
626 }
627 nfsm_dissect(tl, uint32_t *, NFSX_UNSIGNED);
628 reqlen = fxdr_unsigned(uint32_t, *tl);
629 reqlen = MIN(reqlen, NFS_SRVMAXDATA(nfsd));
630 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
631 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
632 if (error) {
633 nfsm_reply(2 * NFSX_UNSIGNED);
634 nfsm_srvpostop_attr(1, (struct vattr *)0);
635 return (0);
636 }
637 if (vp->v_type != VREG) {
638 if (v3)
639 error = EINVAL;
640 else
641 error = (vp->v_type == VDIR) ? EISDIR : EACCES;
642 }
643 if (!error) {
644 nqsrv_getl(vp, ND_READ);
645 if ((error = nfsrv_access(vp, VREAD, cred, rdonly, lwp, 1)) != 0)
646 error = nfsrv_access(vp, VEXEC, cred, rdonly, lwp, 1);
647 }
648 getret = VOP_GETATTR(vp, &va, cred);
649 if (!error)
650 error = getret;
651 if (error) {
652 vput(vp);
653 nfsm_reply(NFSX_POSTOPATTR(v3));
654 nfsm_srvpostop_attr(getret, &va);
655 return (0);
656 }
657 if (off >= va.va_size)
658 cnt = 0;
659 else if ((off + reqlen) > va.va_size)
660 cnt = va.va_size - off;
661 else
662 cnt = reqlen;
663 nfsm_reply(NFSX_POSTOPORFATTR(v3) + 3 * NFSX_UNSIGNED+nfsm_rndup(cnt));
664 if (v3) {
665 nfsm_build(tl, u_int32_t *, NFSX_V3FATTR + 4 * NFSX_UNSIGNED);
666 *tl++ = nfs_true;
667 fp = (struct nfs_fattr *)tl;
668 tl += (NFSX_V3FATTR / sizeof (u_int32_t));
669 } else {
670 nfsm_build(tl, u_int32_t *, NFSX_V2FATTR + NFSX_UNSIGNED);
671 fp = (struct nfs_fattr *)tl;
672 tl += (NFSX_V2FATTR / sizeof (u_int32_t));
673 }
674 len = left = cnt;
675 if (cnt > 0) {
676 if (nfsd_use_loan) {
677 struct vm_page **pgpp;
678 voff_t pgoff = trunc_page(off);
679 int npages;
680 vaddr_t lva;
681
682 npages = (round_page(off + cnt) - pgoff) >> PAGE_SHIFT;
683 KASSERT(npages <= M_EXT_MAXPAGES); /* XXX */
684
685 /* allocate kva for mbuf data */
686 lva = sokvaalloc(npages << PAGE_SHIFT, slp->ns_so);
687 if (lva == 0) {
688 /* fall back to VOP_READ */
689 goto loan_fail;
690 }
691
692 /* allocate mbuf */
693 m = m_get(M_WAIT, MT_DATA);
694 MCLAIM(m, &nfs_mowner);
695 pgpp = m->m_ext.ext_pgs;
696
697 /* loan pages */
698 error = uvm_loanuobjpages(&vp->v_uobj, pgoff, npages,
699 pgpp);
700 if (error) {
701 sokvafree(lva, npages << PAGE_SHIFT);
702 m_free(m);
703 if (error == EBUSY)
704 goto loan_fail;
705 goto read_error;
706 }
707
708 /* associate kva to mbuf */
709 MEXTADD(m, (void *)(lva + ((vaddr_t)off & PAGE_MASK)),
710 cnt, M_MBUF, soloanfree, slp->ns_so);
711 m->m_flags |= M_EXT_PAGES | M_EXT_ROMAP;
712 m->m_len = cnt;
713
714 /* map pages */
715 for (i = 0; i < npages; i++) {
716 pmap_kenter_pa(lva, VM_PAGE_TO_PHYS(pgpp[i]),
717 VM_PROT_READ, 0);
718 lva += PAGE_SIZE;
719 }
720
721 pmap_update(pmap_kernel());
722
723 mb->m_next = m;
724 mb = m;
725 error = 0;
726 uiop->uio_resid = 0;
727 } else {
728 struct iovec *iv;
729 struct iovec *iv2;
730 struct mbuf *m2;
731 int siz;
732 loan_fail:
733 /*
734 * Generate the mbuf list with the uio_iov ref. to it.
735 */
736 i = 0;
737 m = m2 = mb;
738 while (left > 0) {
739 siz = min(M_TRAILINGSPACE(m), left);
740 if (siz > 0) {
741 left -= siz;
742 i++;
743 }
744 if (left > 0) {
745 m = m_get(M_WAIT, MT_DATA);
746 MCLAIM(m, &nfs_mowner);
747 m_clget(m, M_WAIT);
748 m->m_len = 0;
749 m2->m_next = m;
750 m2 = m;
751 }
752 }
753 iv = malloc(i * sizeof(struct iovec), M_TEMP, M_WAITOK);
754 uiop->uio_iov = iv2 = iv;
755 m = mb;
756 left = cnt;
757 i = 0;
758 while (left > 0) {
759 if (m == NULL)
760 panic("nfsrv_read iov");
761 siz = min(M_TRAILINGSPACE(m), left);
762 if (siz > 0) {
763 iv->iov_base = mtod(m, char *) +
764 m->m_len;
765 iv->iov_len = siz;
766 m->m_len += siz;
767 left -= siz;
768 iv++;
769 i++;
770 }
771 m = m->m_next;
772 }
773 uiop->uio_iovcnt = i;
774 uiop->uio_offset = off;
775 uiop->uio_resid = cnt;
776 uiop->uio_rw = UIO_READ;
777 UIO_SETUP_SYSSPACE(uiop);
778 error = VOP_READ(vp, uiop, IO_NODELOCKED, cred);
779 free((void *)iv2, M_TEMP);
780 }
781 read_error:
782 if (error || (getret = VOP_GETATTR(vp, &va, cred)) != 0){
783 if (!error)
784 error = getret;
785 m_freem(mreq);
786 vput(vp);
787 nfsm_reply(NFSX_POSTOPATTR(v3));
788 nfsm_srvpostop_attr(getret, &va);
789 return (0);
790 }
791 } else {
792 uiop->uio_resid = 0;
793 }
794 vput(vp);
795 nfsm_srvfillattr(&va, fp);
796 len -= uiop->uio_resid;
797 padlen = nfsm_padlen(len);
798 if (uiop->uio_resid || padlen)
799 nfs_zeropad(mb, uiop->uio_resid, padlen);
800 if (v3) {
801 /* count */
802 *tl++ = txdr_unsigned(len);
803 /* eof */
804 if (off + len >= va.va_size)
805 *tl++ = nfs_true;
806 else
807 *tl++ = nfs_false;
808 }
809 *tl = txdr_unsigned(len);
810 nfsm_srvdone;
811 }
812
813 /*
814 * nfs write service
815 */
816 int
817 nfsrv_write(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
818 {
819 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
820 struct mbuf *nam = nfsd->nd_nam;
821 char *dpos = nfsd->nd_dpos;
822 kauth_cred_t cred = nfsd->nd_cr;
823 struct iovec *ivp;
824 int i, cnt;
825 struct mbuf *mp;
826 struct nfs_fattr *fp;
827 struct iovec *iv;
828 struct vattr va, forat;
829 u_int32_t *tl;
830 int32_t t1;
831 char *bpos;
832 int error = 0, rdonly, cache = 0, len, forat_ret = 1;
833 int ioflags, aftat_ret = 1, retlen, zeroing, adjust;
834 int stable = NFSV3WRITE_FILESYNC;
835 int v3 = (nfsd->nd_flag & ND_NFSV3);
836 char *cp2;
837 struct mbuf *mb, *mreq;
838 struct vnode *vp;
839 nfsrvfh_t nsfh;
840 struct uio io, *uiop = &io;
841 off_t off;
842 u_quad_t frev;
843
844 if (mrep == NULL) {
845 *mrq = NULL;
846 return (0);
847 }
848 nfsm_srvmtofh(&nsfh);
849 if (v3) {
850 nfsm_dissect(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
851 off = fxdr_hyper(tl);
852 tl += 3;
853 stable = fxdr_unsigned(int, *tl++);
854 } else {
855 nfsm_dissect(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
856 off = (off_t)fxdr_unsigned(u_int32_t, *++tl);
857 tl += 2;
858 }
859 retlen = len = fxdr_unsigned(int32_t, *tl);
860 cnt = i = 0;
861
862 /*
863 * For NFS Version 2, it is not obvious what a write of zero length
864 * should do, but I might as well be consistent with Version 3,
865 * which is to return ok so long as there are no permission problems.
866 */
867 if (len > 0) {
868 zeroing = 1;
869 mp = mrep;
870 while (mp) {
871 if (mp == md) {
872 zeroing = 0;
873 adjust = dpos - mtod(mp, char *);
874 mp->m_len -= adjust;
875 if (mp->m_len > 0 && adjust > 0)
876 NFSMADV(mp, adjust);
877 }
878 if (zeroing)
879 mp->m_len = 0;
880 else if (mp->m_len > 0) {
881 i += mp->m_len;
882 if (i > len) {
883 mp->m_len -= (i - len);
884 zeroing = 1;
885 }
886 if (mp->m_len > 0)
887 cnt++;
888 }
889 mp = mp->m_next;
890 }
891 }
892 if (len > NFS_MAXDATA || len < 0 || i < len) {
893 error = EIO;
894 nfsm_reply(2 * NFSX_UNSIGNED);
895 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
896 return (0);
897 }
898 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
899 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
900 if (error) {
901 nfsm_reply(2 * NFSX_UNSIGNED);
902 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
903 return (0);
904 }
905 if (v3)
906 forat_ret = VOP_GETATTR(vp, &forat, cred);
907 if (vp->v_type != VREG) {
908 if (v3)
909 error = EINVAL;
910 else
911 error = (vp->v_type == VDIR) ? EISDIR : EACCES;
912 }
913 if (!error) {
914 nqsrv_getl(vp, ND_WRITE);
915 error = nfsrv_access(vp, VWRITE, cred, rdonly, lwp, 1);
916 }
917 if (error) {
918 vput(vp);
919 nfsm_reply(NFSX_WCCDATA(v3));
920 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
921 return (0);
922 }
923
924 if (len > 0) {
925 ivp = malloc(cnt * sizeof (struct iovec), M_TEMP, M_WAITOK);
926 uiop->uio_iov = iv = ivp;
927 uiop->uio_iovcnt = cnt;
928 mp = mrep;
929 while (mp) {
930 if (mp->m_len > 0) {
931 ivp->iov_base = mtod(mp, void *);
932 ivp->iov_len = mp->m_len;
933 ivp++;
934 }
935 mp = mp->m_next;
936 }
937
938 /*
939 * XXX
940 * The IO_METASYNC flag indicates that all metadata (and not
941 * just enough to ensure data integrity) must be written to
942 * stable storage synchronously.
943 * (IO_METASYNC is not yet implemented in 4.4BSD-Lite.)
944 */
945 if (stable == NFSV3WRITE_UNSTABLE)
946 ioflags = IO_NODELOCKED;
947 else if (stable == NFSV3WRITE_DATASYNC)
948 ioflags = (IO_SYNC | IO_NODELOCKED);
949 else
950 ioflags = (IO_METASYNC | IO_SYNC | IO_NODELOCKED);
951 uiop->uio_resid = len;
952 uiop->uio_rw = UIO_WRITE;
953 uiop->uio_offset = off;
954 UIO_SETUP_SYSSPACE(uiop);
955 error = VOP_WRITE(vp, uiop, ioflags, cred);
956 nfsstats.srvvop_writes++;
957 free(iv, M_TEMP);
958 }
959 aftat_ret = VOP_GETATTR(vp, &va, cred);
960 vput(vp);
961 if (!error)
962 error = aftat_ret;
963 nfsm_reply(NFSX_PREOPATTR(v3) + NFSX_POSTOPORFATTR(v3) +
964 2 * NFSX_UNSIGNED + NFSX_WRITEVERF(v3));
965 if (v3) {
966 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
967 if (error)
968 return (0);
969 nfsm_build(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
970 *tl++ = txdr_unsigned(retlen);
971 if (stable == NFSV3WRITE_UNSTABLE)
972 *tl++ = txdr_unsigned(stable);
973 else
974 *tl++ = txdr_unsigned(NFSV3WRITE_FILESYNC);
975 /*
976 * Actually, there is no need to txdr these fields,
977 * but it may make the values more human readable,
978 * for debugging purposes.
979 */
980 *tl++ = txdr_unsigned(boottime.tv_sec);
981 *tl = txdr_unsigned(boottime.tv_nsec / 1000);
982 } else {
983 nfsm_build(fp, struct nfs_fattr *, NFSX_V2FATTR);
984 nfsm_srvfillattr(&va, fp);
985 }
986 nfsm_srvdone;
987 }
988
989 /*
990 * XXX elad: the original NFSW_SAMECRED() macro also made sure the
991 * two nd_flag fields of the descriptors contained
992 * ND_KERBAUTH.
993 */
994 static int
995 nfsrv_samecred(kauth_cred_t cred1, kauth_cred_t cred2)
996 {
997 int i, do_ngroups;
998
999 if (kauth_cred_geteuid(cred1) != kauth_cred_geteuid(cred2))
1000 return (0);
1001 if (kauth_cred_ngroups(cred1) != kauth_cred_ngroups(cred2))
1002 return (0);
1003 do_ngroups = kauth_cred_ngroups(cred1);
1004 for (i = 0; i < do_ngroups; i++)
1005 if (kauth_cred_group(cred1, i) !=
1006 kauth_cred_group(cred2, i))
1007 return (0);
1008
1009 return (1);
1010 }
1011
1012 static struct nfsrvw_delayhash *
1013 nfsrv_nwdelayhash(struct nfssvc_sock *slp, const nfsrvfh_t *nsfh)
1014 {
1015 uint32_t hash;
1016
1017 hash = hash32_buf(NFSRVFH_DATA(nsfh), NFSRVFH_SIZE(nsfh),
1018 HASH32_BUF_INIT);
1019 return &slp->ns_wdelayhashtbl[hash % NFS_WDELAYHASHSIZ];
1020 }
1021
1022 /*
1023 * NFS write service with write gathering support. Called when
1024 * nfsrvw_procrastinate > 0.
1025 * See: Chet Juszczak, "Improving the Write Performance of an NFS Server",
1026 * in Proc. of the Winter 1994 Usenix Conference, pg. 247-259, San Franscisco,
1027 * Jan. 1994.
1028 */
1029 int
1030 nfsrv_writegather(struct nfsrv_descript **ndp, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
1031 {
1032 struct timeval now;
1033 struct iovec *ivp;
1034 struct mbuf *mp;
1035 struct nfsrv_descript *wp, *nfsd, *owp, *swp;
1036 struct nfs_fattr *fp;
1037 int i = 0;
1038 struct iovec *iov;
1039 struct nfsrvw_delayhash *wpp;
1040 kauth_cred_t cred;
1041 struct vattr va, forat;
1042 u_int32_t *tl;
1043 int32_t t1;
1044 char *bpos, *dpos;
1045 int error = 0, rdonly, cache = 0, len = 0, forat_ret = 1;
1046 int ioflags, aftat_ret = 1, adjust, v3, zeroing;
1047 char *cp2;
1048 struct mbuf *mb, *mreq, *mrep, *md;
1049 struct vnode *vp;
1050 struct uio io, *uiop = &io;
1051 u_quad_t frev, cur_usec;
1052
1053 *mrq = NULL;
1054 if (*ndp) {
1055 nfsd = *ndp;
1056 *ndp = NULL;
1057 mrep = nfsd->nd_mrep;
1058 md = nfsd->nd_md;
1059 dpos = nfsd->nd_dpos;
1060 cred = nfsd->nd_cr;
1061 v3 = (nfsd->nd_flag & ND_NFSV3);
1062 LIST_INIT(&nfsd->nd_coalesce);
1063 nfsd->nd_mreq = NULL;
1064 nfsd->nd_stable = NFSV3WRITE_FILESYNC;
1065 getmicrotime(&now);
1066 cur_usec = (u_quad_t)now.tv_sec * 1000000 + (u_quad_t)now.tv_usec;
1067 nfsd->nd_time = cur_usec + nfsrvw_procrastinate;
1068
1069 /*
1070 * Now, get the write header..
1071 */
1072 nfsm_srvmtofh(&nfsd->nd_fh);
1073 if (v3) {
1074 nfsm_dissect(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
1075 nfsd->nd_off = fxdr_hyper(tl);
1076 tl += 3;
1077 nfsd->nd_stable = fxdr_unsigned(int, *tl++);
1078 } else {
1079 nfsm_dissect(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1080 nfsd->nd_off = (off_t)fxdr_unsigned(u_int32_t, *++tl);
1081 tl += 2;
1082 }
1083 len = fxdr_unsigned(int32_t, *tl);
1084 nfsd->nd_len = len;
1085 nfsd->nd_eoff = nfsd->nd_off + len;
1086
1087 /*
1088 * Trim the header out of the mbuf list and trim off any trailing
1089 * junk so that the mbuf list has only the write data.
1090 */
1091 zeroing = 1;
1092 i = 0;
1093 mp = mrep;
1094 while (mp) {
1095 if (mp == md) {
1096 zeroing = 0;
1097 adjust = dpos - mtod(mp, char *);
1098 mp->m_len -= adjust;
1099 if (mp->m_len > 0 && adjust > 0)
1100 NFSMADV(mp, adjust);
1101 }
1102 if (zeroing)
1103 mp->m_len = 0;
1104 else {
1105 i += mp->m_len;
1106 if (i > len) {
1107 mp->m_len -= (i - len);
1108 zeroing = 1;
1109 }
1110 }
1111 mp = mp->m_next;
1112 }
1113 if (len > NFS_MAXDATA || len < 0 || i < len) {
1114 nfsmout:
1115 m_freem(mrep);
1116 error = EIO;
1117 nfsm_writereply(2 * NFSX_UNSIGNED, v3);
1118 if (v3)
1119 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
1120 nfsd->nd_mreq = mreq;
1121 nfsd->nd_mrep = NULL;
1122 nfsd->nd_time = 0;
1123 }
1124
1125 /*
1126 * Add this entry to the hash and time queues.
1127 */
1128 owp = NULL;
1129 mutex_enter(&nfsd_lock);
1130 wp = LIST_FIRST(&slp->ns_tq);
1131 while (wp && wp->nd_time < nfsd->nd_time) {
1132 owp = wp;
1133 wp = LIST_NEXT(wp, nd_tq);
1134 }
1135 if (owp) {
1136 LIST_INSERT_AFTER(owp, nfsd, nd_tq);
1137 } else {
1138 LIST_INSERT_HEAD(&slp->ns_tq, nfsd, nd_tq);
1139 }
1140 if (nfsd->nd_mrep) {
1141 wpp = nfsrv_nwdelayhash(slp, &nfsd->nd_fh);
1142 owp = NULL;
1143 wp = LIST_FIRST(wpp);
1144 while (wp && nfsrv_comparefh(&nfsd->nd_fh, &wp->nd_fh)) {
1145 owp = wp;
1146 wp = LIST_NEXT(wp, nd_hash);
1147 }
1148 while (wp && wp->nd_off < nfsd->nd_off &&
1149 !nfsrv_comparefh(&nfsd->nd_fh, &wp->nd_fh)) {
1150 owp = wp;
1151 wp = LIST_NEXT(wp, nd_hash);
1152 }
1153 if (owp) {
1154 LIST_INSERT_AFTER(owp, nfsd, nd_hash);
1155
1156 /*
1157 * Search the hash list for overlapping entries and
1158 * coalesce.
1159 */
1160 for(; nfsd && NFSW_CONTIG(owp, nfsd); nfsd = wp) {
1161 wp = LIST_NEXT(nfsd, nd_hash);
1162 if (nfsrv_samecred(owp->nd_cr, nfsd->nd_cr))
1163 nfsrvw_coalesce(owp, nfsd);
1164 }
1165 } else {
1166 LIST_INSERT_HEAD(wpp, nfsd, nd_hash);
1167 }
1168 }
1169 mutex_exit(&nfsd_lock);
1170 }
1171
1172 /*
1173 * Now, do VOP_WRITE()s for any one(s) that need to be done now
1174 * and generate the associated reply mbuf list(s).
1175 */
1176 loop1:
1177 getmicrotime(&now);
1178 cur_usec = (u_quad_t)now.tv_sec * 1000000 + (u_quad_t)now.tv_usec;
1179 mutex_enter(&nfsd_lock);
1180 for (nfsd = LIST_FIRST(&slp->ns_tq); nfsd; nfsd = owp) {
1181 owp = LIST_NEXT(nfsd, nd_tq);
1182 if (nfsd->nd_time > cur_usec)
1183 break;
1184 if (nfsd->nd_mreq)
1185 continue;
1186 LIST_REMOVE(nfsd, nd_tq);
1187 LIST_REMOVE(nfsd, nd_hash);
1188 mutex_exit(&nfsd_lock);
1189
1190 mrep = nfsd->nd_mrep;
1191 nfsd->nd_mrep = NULL;
1192 cred = nfsd->nd_cr;
1193 v3 = (nfsd->nd_flag & ND_NFSV3);
1194 forat_ret = aftat_ret = 1;
1195 error = nfsrv_fhtovp(&nfsd->nd_fh, 1, &vp, cred, slp,
1196 nfsd->nd_nam, &rdonly, (nfsd->nd_flag & ND_KERBAUTH),
1197 false);
1198 if (!error) {
1199 if (v3)
1200 forat_ret = VOP_GETATTR(vp, &forat, cred);
1201 if (vp->v_type != VREG) {
1202 if (v3)
1203 error = EINVAL;
1204 else
1205 error = (vp->v_type == VDIR) ? EISDIR : EACCES;
1206 }
1207 } else
1208 vp = NULL;
1209 if (!error) {
1210 nqsrv_getl(vp, ND_WRITE);
1211 error = nfsrv_access(vp, VWRITE, cred, rdonly, lwp, 1);
1212 }
1213
1214 if (nfsd->nd_stable == NFSV3WRITE_UNSTABLE)
1215 ioflags = IO_NODELOCKED;
1216 else if (nfsd->nd_stable == NFSV3WRITE_DATASYNC)
1217 ioflags = (IO_SYNC | IO_NODELOCKED);
1218 else
1219 ioflags = (IO_METASYNC | IO_SYNC | IO_NODELOCKED);
1220 uiop->uio_rw = UIO_WRITE;
1221 uiop->uio_offset = nfsd->nd_off;
1222 uiop->uio_resid = nfsd->nd_eoff - nfsd->nd_off;
1223 UIO_SETUP_SYSSPACE(uiop);
1224 if (uiop->uio_resid > 0) {
1225 mp = mrep;
1226 i = 0;
1227 while (mp) {
1228 if (mp->m_len > 0)
1229 i++;
1230 mp = mp->m_next;
1231 }
1232 uiop->uio_iovcnt = i;
1233 iov = malloc(i * sizeof (struct iovec), M_TEMP, M_WAITOK);
1234 uiop->uio_iov = ivp = iov;
1235 mp = mrep;
1236 while (mp) {
1237 if (mp->m_len > 0) {
1238 ivp->iov_base = mtod(mp, void *);
1239 ivp->iov_len = mp->m_len;
1240 ivp++;
1241 }
1242 mp = mp->m_next;
1243 }
1244 if (!error) {
1245 error = VOP_WRITE(vp, uiop, ioflags, cred);
1246 nfsstats.srvvop_writes++;
1247 }
1248 free((void *)iov, M_TEMP);
1249 }
1250 m_freem(mrep);
1251 if (vp) {
1252 aftat_ret = VOP_GETATTR(vp, &va, cred);
1253 vput(vp);
1254 }
1255
1256 /*
1257 * Loop around generating replies for all write rpcs that have
1258 * now been completed.
1259 */
1260 swp = nfsd;
1261 do {
1262 if (error) {
1263 nfsm_writereply(NFSX_WCCDATA(v3), v3);
1264 if (v3) {
1265 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
1266 }
1267 } else {
1268 nfsm_writereply(NFSX_PREOPATTR(v3) +
1269 NFSX_POSTOPORFATTR(v3) + 2 * NFSX_UNSIGNED +
1270 NFSX_WRITEVERF(v3), v3);
1271 if (v3) {
1272 nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, &va);
1273 nfsm_build(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
1274 *tl++ = txdr_unsigned(nfsd->nd_len);
1275 *tl++ = txdr_unsigned(swp->nd_stable);
1276 /*
1277 * Actually, there is no need to txdr these fields,
1278 * but it may make the values more human readable,
1279 * for debugging purposes.
1280 */
1281 *tl++ = txdr_unsigned(boottime.tv_sec);
1282 *tl = txdr_unsigned(boottime.tv_nsec / 1000);
1283 } else {
1284 nfsm_build(fp, struct nfs_fattr *, NFSX_V2FATTR);
1285 nfsm_srvfillattr(&va, fp);
1286 }
1287 }
1288 nfsd->nd_mreq = mreq;
1289 if (nfsd->nd_mrep)
1290 panic("nfsrv_write: nd_mrep not free");
1291
1292 /*
1293 * Done. Put it at the head of the timer queue so that
1294 * the final phase can return the reply.
1295 */
1296 mutex_enter(&nfsd_lock);
1297 if (nfsd != swp) {
1298 nfsd->nd_time = 0;
1299 LIST_INSERT_HEAD(&slp->ns_tq, nfsd, nd_tq);
1300 }
1301 nfsd = LIST_FIRST(&swp->nd_coalesce);
1302 if (nfsd) {
1303 LIST_REMOVE(nfsd, nd_tq);
1304 }
1305 mutex_exit(&nfsd_lock);
1306 } while (nfsd);
1307 swp->nd_time = 0;
1308
1309 mutex_enter(&nfsd_lock);
1310 LIST_INSERT_HEAD(&slp->ns_tq, swp, nd_tq);
1311 mutex_exit(&nfsd_lock);
1312 goto loop1;
1313 }
1314 mutex_exit(&nfsd_lock);
1315 nfs_timer_start();
1316
1317 /*
1318 * Search for a reply to return.
1319 */
1320 mutex_enter(&nfsd_lock);
1321 LIST_FOREACH(nfsd, &slp->ns_tq, nd_tq) {
1322 if (nfsd->nd_mreq) {
1323 LIST_REMOVE(nfsd, nd_tq);
1324 *mrq = nfsd->nd_mreq;
1325 *ndp = nfsd;
1326 break;
1327 }
1328 }
1329 mutex_exit(&nfsd_lock);
1330 return (0);
1331 }
1332
1333 /*
1334 * Coalesce the write request nfsd into owp. To do this we must:
1335 * - remove nfsd from the queues
1336 * - merge nfsd->nd_mrep into owp->nd_mrep
1337 * - update the nd_eoff and nd_stable for owp
1338 * - put nfsd on owp's nd_coalesce list
1339 * NB: Must be called at splsoftclock().
1340 */
1341 void
1342 nfsrvw_coalesce(struct nfsrv_descript *owp, struct nfsrv_descript *nfsd)
1343 {
1344 int overlap;
1345 struct mbuf *mp;
1346 struct nfsrv_descript *m;
1347
1348 KASSERT(mutex_owned(&nfsd_lock));
1349
1350 LIST_REMOVE(nfsd, nd_hash);
1351 LIST_REMOVE(nfsd, nd_tq);
1352 if (owp->nd_eoff < nfsd->nd_eoff) {
1353 overlap = owp->nd_eoff - nfsd->nd_off;
1354 if (overlap < 0)
1355 panic("nfsrv_coalesce: bad off");
1356 if (overlap > 0)
1357 m_adj(nfsd->nd_mrep, overlap);
1358 mp = owp->nd_mrep;
1359 while (mp->m_next)
1360 mp = mp->m_next;
1361 mp->m_next = nfsd->nd_mrep;
1362 owp->nd_eoff = nfsd->nd_eoff;
1363 } else
1364 m_freem(nfsd->nd_mrep);
1365 nfsd->nd_mrep = NULL;
1366 if (nfsd->nd_stable == NFSV3WRITE_FILESYNC)
1367 owp->nd_stable = NFSV3WRITE_FILESYNC;
1368 else if (nfsd->nd_stable == NFSV3WRITE_DATASYNC &&
1369 owp->nd_stable == NFSV3WRITE_UNSTABLE)
1370 owp->nd_stable = NFSV3WRITE_DATASYNC;
1371 LIST_INSERT_HEAD(&owp->nd_coalesce, nfsd, nd_tq);
1372 /*
1373 * nfsd might hold coalesce elements! Move them to owp.
1374 * Otherwise, requests may be lost and clients will be stuck.
1375 */
1376 while ((m = LIST_FIRST(&nfsd->nd_coalesce)) != NULL) {
1377 LIST_REMOVE(m, nd_tq);
1378 LIST_INSERT_HEAD(&owp->nd_coalesce, m, nd_tq);
1379 }
1380 }
1381
1382 /*
1383 * nfs create service
1384 * now does a truncate to 0 length via. setattr if it already exists
1385 */
1386 int
1387 nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
1388 {
1389 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
1390 struct mbuf *nam = nfsd->nd_nam;
1391 char *dpos = nfsd->nd_dpos;
1392 kauth_cred_t cred = nfsd->nd_cr;
1393 struct nfs_fattr *fp;
1394 struct vattr va, dirfor, diraft;
1395 struct nfsv2_sattr *sp;
1396 u_int32_t *tl;
1397 struct nameidata nd;
1398 char *cp;
1399 int32_t t1;
1400 char *bpos;
1401 int error = 0, cache = 0, len, tsize, dirfor_ret = 1, diraft_ret = 1;
1402 int rdev = 0, abort = 0;
1403 int v3 = (nfsd->nd_flag & ND_NFSV3), how, exclusive_flag = 0;
1404 char *cp2;
1405 struct mbuf *mb, *mreq;
1406 struct vnode *vp = NULL, *dirp = NULL;
1407 nfsrvfh_t nsfh;
1408 u_quad_t frev, tempsize;
1409 u_char cverf[NFSX_V3CREATEVERF];
1410
1411 nd.ni_cnd.cn_nameiop = 0;
1412 nfsm_srvmtofh(&nsfh);
1413 nfsm_srvnamesiz(len);
1414 nd.ni_cnd.cn_cred = cred;
1415 nd.ni_cnd.cn_nameiop = CREATE;
1416 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF;
1417 error = nfs_namei(&nd, &nsfh, len, slp, nam, &md, &dpos,
1418 &dirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
1419 if (dirp && v3) {
1420 dirfor_ret = VOP_GETATTR(dirp, &dirfor, cred);
1421 }
1422 if (error) {
1423 nfsm_reply(NFSX_WCCDATA(v3));
1424 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
1425 if (dirp)
1426 vrele(dirp);
1427 return (0);
1428 }
1429 abort = 1;
1430 vattr_null(&va);
1431 if (v3) {
1432 va.va_mode = 0;
1433 nfsm_dissect(tl, u_int32_t *, NFSX_UNSIGNED);
1434 how = fxdr_unsigned(int, *tl);
1435 switch (how) {
1436 case NFSV3CREATE_GUARDED:
1437 if (nd.ni_vp) {
1438 error = EEXIST;
1439 break;
1440 }
1441 case NFSV3CREATE_UNCHECKED:
1442 nfsm_srvsattr(&va);
1443 break;
1444 case NFSV3CREATE_EXCLUSIVE:
1445 nfsm_dissect(cp, void *, NFSX_V3CREATEVERF);
1446 memcpy(cverf, cp, NFSX_V3CREATEVERF);
1447 exclusive_flag = 1;
1448 break;
1449 };
1450 va.va_type = VREG;
1451 } else {
1452 nfsm_dissect(sp, struct nfsv2_sattr *, NFSX_V2SATTR);
1453 va.va_type = IFTOVT(fxdr_unsigned(u_int32_t, sp->sa_mode));
1454 if (va.va_type == VNON)
1455 va.va_type = VREG;
1456 va.va_mode = nfstov_mode(sp->sa_mode);
1457 switch (va.va_type) {
1458 case VREG:
1459 tsize = fxdr_unsigned(int32_t, sp->sa_size);
1460 if (tsize != -1)
1461 va.va_size = (u_quad_t)tsize;
1462 break;
1463 case VCHR:
1464 case VBLK:
1465 case VFIFO:
1466 rdev = fxdr_unsigned(int32_t, sp->sa_size);
1467 break;
1468 default:
1469 break;
1470 };
1471 }
1472
1473 /*
1474 * Iff doesn't exist, create it
1475 * otherwise just truncate to 0 length
1476 * should I set the mode too ??
1477 */
1478 if (nd.ni_vp == NULL) {
1479 if (va.va_type == VREG || va.va_type == VSOCK) {
1480 nqsrv_getl(nd.ni_dvp, ND_WRITE);
1481 error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &va);
1482 if (!error) {
1483 if (exclusive_flag) {
1484 exclusive_flag = 0;
1485 vattr_null(&va);
1486 /*
1487 * XXX
1488 * assuming NFSX_V3CREATEVERF
1489 * == sizeof(nfstime3)
1490 */
1491 fxdr_nfsv3time(cverf, &va.va_atime);
1492 error = VOP_SETATTR(nd.ni_vp, &va,
1493 cred);
1494 }
1495 }
1496 } else if (va.va_type == VCHR || va.va_type == VBLK ||
1497 va.va_type == VFIFO) {
1498 if (va.va_type == VCHR && rdev == 0xffffffff)
1499 va.va_type = VFIFO;
1500 if (va.va_type != VFIFO &&
1501 (error = kauth_authorize_system(cred,
1502 KAUTH_SYSTEM_MKNOD, 0, NULL, NULL, NULL))) {
1503 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1504 vput(nd.ni_dvp);
1505 abort = 0;
1506 nfsm_reply(0);
1507 return (error);
1508 } else
1509 va.va_rdev = (dev_t)rdev;
1510 nqsrv_getl(nd.ni_dvp, ND_WRITE);
1511 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd,
1512 &va);
1513 if (error) {
1514 nfsm_reply(0);
1515 }
1516 if (nd.ni_cnd.cn_flags & ISSYMLINK) {
1517 vput(nd.ni_vp);
1518 vrele(nd.ni_dvp);
1519 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1520 error = EINVAL;
1521 abort = 0;
1522 nfsm_reply(0);
1523 }
1524 } else {
1525 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1526 vput(nd.ni_dvp);
1527 error = ENXIO;
1528 abort = 0;
1529 }
1530 vp = nd.ni_vp;
1531 } else {
1532 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1533 vp = nd.ni_vp;
1534 if (nd.ni_dvp == vp)
1535 vrele(nd.ni_dvp);
1536 else
1537 vput(nd.ni_dvp);
1538 abort = 0;
1539 if (!error && va.va_size != -1) {
1540 error = nfsrv_access(vp, VWRITE, cred,
1541 (nd.ni_cnd.cn_flags & RDONLY), lwp, 0);
1542 if (!error) {
1543 nqsrv_getl(vp, ND_WRITE);
1544 tempsize = va.va_size;
1545 vattr_null(&va);
1546 va.va_size = tempsize;
1547 error = VOP_SETATTR(vp, &va, cred);
1548 }
1549 }
1550 if (error)
1551 vput(vp);
1552 }
1553 if (!error) {
1554 error = nfsrv_composefh(vp, &nsfh, v3);
1555 if (!error)
1556 error = VOP_GETATTR(vp, &va, cred);
1557 vput(vp);
1558 }
1559 if (v3) {
1560 if (exclusive_flag && !error) {
1561 /*
1562 * XXX assuming NFSX_V3CREATEVERF == sizeof(nfstime3)
1563 */
1564 char oldverf[NFSX_V3CREATEVERF];
1565
1566 txdr_nfsv3time(&va.va_atime, oldverf);
1567 if (memcmp(cverf, oldverf, NFSX_V3CREATEVERF))
1568 error = EEXIST;
1569 }
1570 if (dirp) {
1571 diraft_ret = VOP_GETATTR(dirp, &diraft, cred);
1572 }
1573 }
1574 if (dirp) {
1575 vrele(dirp);
1576 dirp = NULL;
1577 }
1578 abort = 0;
1579 nfsm_reply(NFSX_SRVFH(&nsfh, v3) + NFSX_FATTR(v3) + NFSX_WCCDATA(v3));
1580 if (v3) {
1581 if (!error) {
1582 nfsm_srvpostop_fh(&nsfh);
1583 nfsm_srvpostop_attr(0, &va);
1584 }
1585 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
1586 } else {
1587 nfsm_srvfhtom(&nsfh, v3);
1588 nfsm_build(fp, struct nfs_fattr *, NFSX_V2FATTR);
1589 nfsm_srvfillattr(&va, fp);
1590 }
1591 return (0);
1592 nfsmout:
1593 if (dirp)
1594 vrele(dirp);
1595 if (abort) {
1596 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1597 if (nd.ni_dvp == nd.ni_vp)
1598 vrele(nd.ni_dvp);
1599 else
1600 vput(nd.ni_dvp);
1601 if (nd.ni_vp)
1602 vput(nd.ni_vp);
1603 }
1604 return (error);
1605 }
1606
1607 /*
1608 * nfs v3 mknod service
1609 */
1610 int
1611 nfsrv_mknod(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
1612 {
1613 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
1614 struct mbuf *nam = nfsd->nd_nam;
1615 char *dpos = nfsd->nd_dpos;
1616 kauth_cred_t cred = nfsd->nd_cr;
1617 struct vattr va, dirfor, diraft;
1618 u_int32_t *tl;
1619 struct nameidata nd;
1620 int32_t t1;
1621 char *bpos;
1622 int error = 0, cache = 0, len, dirfor_ret = 1, diraft_ret = 1;
1623 int abort = 0;
1624 u_int32_t major, minor;
1625 enum vtype vtyp;
1626 char *cp2;
1627 struct mbuf *mb, *mreq;
1628 struct vnode *vp, *dirp = (struct vnode *)0;
1629 nfsrvfh_t nsfh;
1630 u_quad_t frev;
1631
1632 nd.ni_cnd.cn_nameiop = 0;
1633 nfsm_srvmtofh(&nsfh);
1634 nfsm_srvnamesiz(len);
1635 nd.ni_cnd.cn_cred = cred;
1636 nd.ni_cnd.cn_nameiop = CREATE;
1637 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF;
1638 error = nfs_namei(&nd, &nsfh, len, slp, nam, &md, &dpos,
1639 &dirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
1640 if (dirp)
1641 dirfor_ret = VOP_GETATTR(dirp, &dirfor, cred);
1642 if (error) {
1643 nfsm_reply(NFSX_WCCDATA(1));
1644 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
1645 if (dirp)
1646 vrele(dirp);
1647 return (0);
1648 }
1649 abort = 1;
1650 nfsm_dissect(tl, u_int32_t *, NFSX_UNSIGNED);
1651 vtyp = nfsv3tov_type(*tl);
1652 if (vtyp != VCHR && vtyp != VBLK && vtyp != VSOCK && vtyp != VFIFO) {
1653 error = NFSERR_BADTYPE;
1654 goto abort;
1655 }
1656 vattr_null(&va);
1657 va.va_mode = 0;
1658 nfsm_srvsattr(&va);
1659 if (vtyp == VCHR || vtyp == VBLK) {
1660 dev_t rdev;
1661
1662 nfsm_dissect(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
1663 major = fxdr_unsigned(u_int32_t, *tl++);
1664 minor = fxdr_unsigned(u_int32_t, *tl);
1665 rdev = makedev(major, minor);
1666 if (major(rdev) != major || minor(rdev) != minor) {
1667 error = EINVAL;
1668 goto abort;
1669 }
1670 va.va_rdev = rdev;
1671 }
1672
1673 /*
1674 * Iff doesn't exist, create it.
1675 */
1676 if (nd.ni_vp) {
1677 error = EEXIST;
1678 abort:
1679 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1680 if (nd.ni_dvp == nd.ni_vp)
1681 vrele(nd.ni_dvp);
1682 else
1683 vput(nd.ni_dvp);
1684 if (nd.ni_vp)
1685 vput(nd.ni_vp);
1686 goto out;
1687 }
1688 va.va_type = vtyp;
1689 if (vtyp == VSOCK) {
1690 nqsrv_getl(nd.ni_dvp, ND_WRITE);
1691 error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &va);
1692 } else {
1693 if (va.va_type != VFIFO &&
1694 (error = kauth_authorize_system(cred,
1695 KAUTH_SYSTEM_MKNOD, 0, NULL, NULL, NULL))) {
1696 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1697 vput(nd.ni_dvp);
1698 goto out;
1699 }
1700 nqsrv_getl(nd.ni_dvp, ND_WRITE);
1701 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &va);
1702 if (error)
1703 goto out;
1704 if (nd.ni_cnd.cn_flags & ISSYMLINK) {
1705 vput(nd.ni_vp);
1706 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1707 error = EINVAL;
1708 }
1709 }
1710 out:
1711 vp = nd.ni_vp;
1712 if (!error) {
1713 error = nfsrv_composefh(vp, &nsfh, true);
1714 if (!error)
1715 error = VOP_GETATTR(vp, &va, cred);
1716 vput(vp);
1717 }
1718 if (dirp) {
1719 diraft_ret = VOP_GETATTR(dirp, &diraft, cred);
1720 vrele(dirp);
1721 dirp = NULL;
1722 }
1723 abort = 0;
1724 nfsm_reply(NFSX_SRVFH(&nsfh, true) + NFSX_POSTOPATTR(1) +
1725 NFSX_WCCDATA(1));
1726 if (!error) {
1727 nfsm_srvpostop_fh(&nsfh);
1728 nfsm_srvpostop_attr(0, &va);
1729 }
1730 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
1731 return (0);
1732 nfsmout:
1733 if (abort) {
1734 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1735 if (nd.ni_dvp == nd.ni_vp)
1736 vrele(nd.ni_dvp);
1737 else
1738 vput(nd.ni_dvp);
1739 if (nd.ni_vp)
1740 vput(nd.ni_vp);
1741 }
1742 if (dirp)
1743 vrele(dirp);
1744 return (error);
1745 }
1746
1747 /*
1748 * nfs remove service
1749 */
1750 int
1751 nfsrv_remove(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
1752 {
1753 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
1754 struct mbuf *nam = nfsd->nd_nam;
1755 char *dpos = nfsd->nd_dpos;
1756 kauth_cred_t cred = nfsd->nd_cr;
1757 struct nameidata nd;
1758 u_int32_t *tl;
1759 int32_t t1;
1760 char *bpos;
1761 int error = 0, cache = 0, len, dirfor_ret = 1, diraft_ret = 1;
1762 int v3 = (nfsd->nd_flag & ND_NFSV3);
1763 char *cp2;
1764 struct mbuf *mb, *mreq;
1765 struct vnode *vp, *dirp;
1766 struct vattr dirfor, diraft;
1767 nfsrvfh_t nsfh;
1768 u_quad_t frev;
1769
1770 #ifndef nolint
1771 vp = (struct vnode *)0;
1772 #endif
1773 nfsm_srvmtofh(&nsfh);
1774 nfsm_srvnamesiz(len);
1775 nd.ni_cnd.cn_cred = cred;
1776 nd.ni_cnd.cn_nameiop = DELETE;
1777 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF;
1778 error = nfs_namei(&nd, &nsfh, len, slp, nam, &md, &dpos,
1779 &dirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
1780 if (dirp && v3) {
1781 dirfor_ret = VOP_GETATTR(dirp, &dirfor, cred);
1782 }
1783 if (!error) {
1784 vp = nd.ni_vp;
1785 if (vp->v_type == VDIR) {
1786 error = EPERM;
1787 goto out;
1788 }
1789 /*
1790 * The root of a mounted filesystem cannot be deleted.
1791 */
1792 if (vp->v_vflag & VV_ROOT) {
1793 error = EBUSY;
1794 }
1795 out:
1796 if (!error) {
1797 nqsrv_getl(nd.ni_dvp, ND_WRITE);
1798 nqsrv_getl(vp, ND_WRITE);
1799 error = VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
1800 } else {
1801 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
1802 if (nd.ni_dvp == vp)
1803 vrele(nd.ni_dvp);
1804 else
1805 vput(nd.ni_dvp);
1806 vput(vp);
1807 }
1808 }
1809 if (dirp) {
1810 if (v3) {
1811 diraft_ret = VOP_GETATTR(dirp, &diraft, cred);
1812 }
1813 vrele(dirp);
1814 }
1815 nfsm_reply(NFSX_WCCDATA(v3));
1816 if (v3) {
1817 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
1818 return (0);
1819 }
1820 nfsm_srvdone;
1821 }
1822
1823 /*
1824 * nfs rename service
1825 */
1826 int
1827 nfsrv_rename(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
1828 {
1829 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
1830 struct mbuf *nam = nfsd->nd_nam;
1831 char *dpos = nfsd->nd_dpos;
1832 kauth_cred_t cred = nfsd->nd_cr;
1833 u_int32_t *tl;
1834 int32_t t1;
1835 char *bpos;
1836 int error = 0, cache = 0, fdirfor_ret = 1, fdiraft_ret = 1;
1837 uint32_t len, len2;
1838 int tdirfor_ret = 1, tdiraft_ret = 1;
1839 int v3 = (nfsd->nd_flag & ND_NFSV3);
1840 char *cp2;
1841 struct mbuf *mb, *mreq;
1842 struct nameidata fromnd, tond;
1843 struct vnode *fvp, *tvp, *tdvp;
1844 struct vnode *fdirp = NULL, *tdirp = NULL;
1845 struct mount *localfs = NULL;
1846 struct vattr fdirfor, fdiraft, tdirfor, tdiraft;
1847 nfsrvfh_t fnsfh, tnsfh;
1848 u_quad_t frev;
1849 uid_t saved_uid;
1850 uint32_t saveflag;
1851
1852 #ifndef nolint
1853 fvp = (struct vnode *)0;
1854 #endif
1855 fromnd.ni_cnd.cn_nameiop = 0;
1856 tond.ni_cnd.cn_nameiop = 0;
1857 nfsm_srvmtofh(&fnsfh);
1858 nfsm_srvnamesiz(len);
1859 /*
1860 * Remember our original uid so that we can reset cr_uid before
1861 * the second nfs_namei() call, in case it is remapped.
1862 */
1863 saved_uid = kauth_cred_geteuid(cred);
1864 fromnd.ni_cnd.cn_cred = cred;
1865 fromnd.ni_cnd.cn_nameiop = DELETE;
1866 fromnd.ni_cnd.cn_flags = LOCKPARENT | SAVESTART | INRENAME;
1867 error = nfs_namei(&fromnd, &fnsfh, len, slp, nam, &md,
1868 &dpos, &fdirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
1869 if (fdirp && v3) {
1870 fdirfor_ret = VOP_GETATTR(fdirp, &fdirfor, cred);
1871 }
1872 if (error) {
1873 nfsm_reply(2 * NFSX_WCCDATA(v3));
1874 nfsm_srvwcc_data(fdirfor_ret, &fdirfor, fdiraft_ret, &fdiraft);
1875 nfsm_srvwcc_data(tdirfor_ret, &tdirfor, tdiraft_ret, &tdiraft);
1876 if (fdirp)
1877 vrele(fdirp);
1878 return (0);
1879 }
1880 if (fromnd.ni_dvp != fromnd.ni_vp) {
1881 VOP_UNLOCK(fromnd.ni_dvp, 0);
1882 }
1883 fvp = fromnd.ni_vp;
1884
1885 localfs = fvp->v_mount;
1886 error = VFS_RENAMELOCK_ENTER(localfs);
1887 if (error) {
1888 VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
1889 vrele(fromnd.ni_dvp);
1890 vrele(fvp);
1891 goto out1;
1892 }
1893
1894 /* Copied, regrettably, from vfs_syscalls.c (q.v.) */
1895 vrele(fvp);
1896 if ((fromnd.ni_cnd.cn_namelen == 1 &&
1897 fromnd.ni_cnd.cn_nameptr[0] == '.') ||
1898 (fromnd.ni_cnd.cn_namelen == 2 &&
1899 fromnd.ni_cnd.cn_nameptr[0] == '.' &&
1900 fromnd.ni_cnd.cn_nameptr[1] == '.')) {
1901 error = EINVAL;
1902 VFS_RENAMELOCK_EXIT(localfs);
1903 VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
1904 vrele(fromnd.ni_dvp);
1905 goto out1;
1906 }
1907 saveflag = fromnd.ni_cnd.cn_flags & SAVESTART;
1908 fromnd.ni_cnd.cn_flags &= ~SAVESTART;
1909 vn_lock(fromnd.ni_dvp, LK_EXCLUSIVE | LK_RETRY);
1910 error = relookup(fromnd.ni_dvp, &fromnd.ni_vp, &fromnd.ni_cnd);
1911 fromnd.ni_cnd.cn_flags |= saveflag;
1912 if (error) {
1913 VOP_UNLOCK(fromnd.ni_dvp, 0);
1914 VFS_RENAMELOCK_EXIT(localfs);
1915 VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
1916 vrele(fromnd.ni_dvp);
1917 goto out1;
1918 }
1919 VOP_UNLOCK(fromnd.ni_vp, 0);
1920 if (fromnd.ni_dvp != fromnd.ni_vp)
1921 VOP_UNLOCK(fromnd.ni_dvp, 0);
1922 fvp = fromnd.ni_vp;
1923
1924 nfsm_srvmtofh(&tnsfh);
1925 if (v3) {
1926 nfsm_dissect(tl, uint32_t *, NFSX_UNSIGNED);
1927 len2 = fxdr_unsigned(uint32_t, *tl);
1928 /* len2 will be checked by nfs_namei */
1929 }
1930 else {
1931 /* NFSv2 */
1932 nfsm_strsiz(len2, NFS_MAXNAMLEN);
1933 }
1934 kauth_cred_seteuid(cred, saved_uid);
1935 tond.ni_cnd.cn_cred = cred;
1936 tond.ni_cnd.cn_nameiop = RENAME;
1937 tond.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | NOCACHE |
1938 SAVESTART | INRENAME;
1939 error = nfs_namei(&tond, &tnsfh, len2, slp, nam, &md,
1940 &dpos, &tdirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
1941 if (tdirp && v3) {
1942 tdirfor_ret = VOP_GETATTR(tdirp, &tdirfor, cred);
1943 }
1944 if (error) {
1945 VFS_RENAMELOCK_EXIT(localfs);
1946 VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
1947 vrele(fromnd.ni_dvp);
1948 vrele(fvp);
1949 goto out1;
1950 }
1951 tdvp = tond.ni_dvp;
1952 tvp = tond.ni_vp;
1953 if (tvp != NULL) {
1954 if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
1955 if (v3)
1956 error = EEXIST;
1957 else
1958 error = EISDIR;
1959 goto out;
1960 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
1961 if (v3)
1962 error = EEXIST;
1963 else
1964 error = ENOTDIR;
1965 goto out;
1966 }
1967 if (tvp->v_type == VDIR && tvp->v_mountedhere) {
1968 if (v3)
1969 error = EXDEV;
1970 else
1971 error = ENOTEMPTY;
1972 goto out;
1973 }
1974 }
1975 if (fvp->v_type == VDIR && fvp->v_mountedhere) {
1976 if (v3)
1977 error = EXDEV;
1978 else
1979 error = ENOTEMPTY;
1980 goto out;
1981 }
1982 if (fvp->v_mount != tdvp->v_mount) {
1983 if (v3)
1984 error = EXDEV;
1985 else
1986 error = ENOTEMPTY;
1987 goto out;
1988 }
1989 if (fvp == tdvp) {
1990 if (v3)
1991 error = EINVAL;
1992 else
1993 error = ENOTEMPTY;
1994 }
1995 /*
1996 * If source is the same as the destination (that is the
1997 * same vnode with the same name in the same directory),
1998 * then there is nothing to do.
1999 */
2000 if (fvp == tvp && fromnd.ni_dvp == tdvp &&
2001 fromnd.ni_cnd.cn_namelen == tond.ni_cnd.cn_namelen &&
2002 !memcmp(fromnd.ni_cnd.cn_nameptr, tond.ni_cnd.cn_nameptr,
2003 fromnd.ni_cnd.cn_namelen))
2004 error = -1;
2005 out:
2006 if (!error) {
2007 nqsrv_getl(fromnd.ni_dvp, ND_WRITE);
2008 nqsrv_getl(tdvp, ND_WRITE);
2009 if (tvp) {
2010 nqsrv_getl(tvp, ND_WRITE);
2011 }
2012 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
2013 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
2014 VFS_RENAMELOCK_EXIT(localfs);
2015 } else {
2016 VOP_ABORTOP(tond.ni_dvp, &tond.ni_cnd);
2017 if (tdvp == tvp)
2018 vrele(tdvp);
2019 else
2020 vput(tdvp);
2021 if (tvp)
2022 vput(tvp);
2023 VFS_RENAMELOCK_EXIT(localfs);
2024 VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
2025 vrele(fromnd.ni_dvp);
2026 vrele(fvp);
2027 if (error == -1)
2028 error = 0;
2029 }
2030 vrele(tond.ni_startdir);
2031 PNBUF_PUT(tond.ni_cnd.cn_pnbuf);
2032 tond.ni_cnd.cn_nameiop = 0;
2033 out1:
2034 if (fdirp) {
2035 if (v3) {
2036 fdiraft_ret = VOP_GETATTR(fdirp, &fdiraft, cred);
2037 }
2038 vrele(fdirp);
2039 fdirp = NULL;
2040 }
2041 if (tdirp) {
2042 if (v3) {
2043 tdiraft_ret = VOP_GETATTR(tdirp, &tdiraft, cred);
2044 }
2045 vrele(tdirp);
2046 tdirp = NULL;
2047 }
2048 vrele(fromnd.ni_startdir);
2049 PNBUF_PUT(fromnd.ni_cnd.cn_pnbuf);
2050 fromnd.ni_cnd.cn_nameiop = 0;
2051 localfs = NULL;
2052 nfsm_reply(2 * NFSX_WCCDATA(v3));
2053 if (v3) {
2054 nfsm_srvwcc_data(fdirfor_ret, &fdirfor, fdiraft_ret, &fdiraft);
2055 nfsm_srvwcc_data(tdirfor_ret, &tdirfor, tdiraft_ret, &tdiraft);
2056 }
2057 return (0);
2058
2059 nfsmout:
2060 if (fdirp)
2061 vrele(fdirp);
2062 #ifdef notdef
2063 if (tdirp)
2064 vrele(tdirp);
2065 #endif
2066 if (tond.ni_cnd.cn_nameiop) {
2067 vrele(tond.ni_startdir);
2068 PNBUF_PUT(tond.ni_cnd.cn_pnbuf);
2069 }
2070 if (localfs) {
2071 VFS_RENAMELOCK_EXIT(localfs);
2072 }
2073 if (fromnd.ni_cnd.cn_nameiop) {
2074 vrele(fromnd.ni_startdir);
2075 PNBUF_PUT(fromnd.ni_cnd.cn_pnbuf);
2076 VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
2077 vrele(fromnd.ni_dvp);
2078 vrele(fvp);
2079 }
2080 return (error);
2081 }
2082
2083 /*
2084 * nfs link service
2085 */
2086 int
2087 nfsrv_link(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
2088 {
2089 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2090 struct mbuf *nam = nfsd->nd_nam;
2091 char *dpos = nfsd->nd_dpos;
2092 kauth_cred_t cred = nfsd->nd_cr;
2093 struct nameidata nd;
2094 u_int32_t *tl;
2095 int32_t t1;
2096 char *bpos;
2097 int error = 0, rdonly, cache = 0, len, dirfor_ret = 1, diraft_ret = 1;
2098 int getret = 1, v3 = (nfsd->nd_flag & ND_NFSV3);
2099 char *cp2;
2100 struct mbuf *mb, *mreq;
2101 struct vnode *vp, *xp, *dirp = (struct vnode *)0;
2102 struct vattr dirfor, diraft, at;
2103 nfsrvfh_t nsfh, dnsfh;
2104 u_quad_t frev;
2105
2106 nfsm_srvmtofh(&nsfh);
2107 nfsm_srvmtofh(&dnsfh);
2108 nfsm_srvnamesiz(len);
2109 error = nfsrv_fhtovp(&nsfh, false, &vp, cred, slp, nam,
2110 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
2111 if (error) {
2112 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3));
2113 nfsm_srvpostop_attr(getret, &at);
2114 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2115 return (0);
2116 }
2117 if (vp->v_type == VDIR) {
2118 error = EPERM;
2119 goto out1;
2120 }
2121 nd.ni_cnd.cn_cred = cred;
2122 nd.ni_cnd.cn_nameiop = CREATE;
2123 nd.ni_cnd.cn_flags = LOCKPARENT;
2124 error = nfs_namei(&nd, &dnsfh, len, slp, nam, &md, &dpos,
2125 &dirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
2126 if (dirp && v3) {
2127 dirfor_ret = VOP_GETATTR(dirp, &dirfor, cred);
2128 }
2129 if (error)
2130 goto out1;
2131 xp = nd.ni_vp;
2132 if (xp != NULL) {
2133 error = EEXIST;
2134 goto out;
2135 }
2136 xp = nd.ni_dvp;
2137 if (vp->v_mount != xp->v_mount)
2138 error = EXDEV;
2139 out:
2140 if (!error) {
2141 nqsrv_getl(vp, ND_WRITE);
2142 nqsrv_getl(xp, ND_WRITE);
2143 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
2144 } else {
2145 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
2146 if (nd.ni_dvp == nd.ni_vp)
2147 vrele(nd.ni_dvp);
2148 else
2149 vput(nd.ni_dvp);
2150 if (nd.ni_vp)
2151 vrele(nd.ni_vp);
2152 }
2153 out1:
2154 if (v3)
2155 getret = VOP_GETATTR(vp, &at, cred);
2156 if (dirp) {
2157 if (v3) {
2158 diraft_ret = VOP_GETATTR(dirp, &diraft, cred);
2159 }
2160 vrele(dirp);
2161 }
2162 vrele(vp);
2163 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3));
2164 if (v3) {
2165 nfsm_srvpostop_attr(getret, &at);
2166 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2167 return (0);
2168 }
2169 nfsm_srvdone;
2170 }
2171
2172 /*
2173 * nfs symbolic link service
2174 */
2175 int
2176 nfsrv_symlink(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
2177 {
2178 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2179 struct mbuf *nam = nfsd->nd_nam;
2180 char *dpos = nfsd->nd_dpos;
2181 kauth_cred_t cred = nfsd->nd_cr;
2182 struct vattr va, dirfor, diraft;
2183 struct nameidata nd;
2184 u_int32_t *tl;
2185 int32_t t1;
2186 struct nfsv2_sattr *sp;
2187 char *bpos, *pathcp = NULL, *cp2;
2188 struct uio io;
2189 struct iovec iv;
2190 int error = 0, cache = 0, dirfor_ret = 1, diraft_ret = 1, abort = 0;
2191 uint32_t len, len2;
2192 int v3 = (nfsd->nd_flag & ND_NFSV3);
2193 struct mbuf *mb, *mreq;
2194 struct vnode *dirp = (struct vnode *)0;
2195 nfsrvfh_t nsfh;
2196 u_quad_t frev;
2197
2198 nd.ni_cnd.cn_nameiop = 0;
2199 nfsm_srvmtofh(&nsfh);
2200 nfsm_srvnamesiz(len);
2201 nd.ni_cnd.cn_cred = cred;
2202 nd.ni_cnd.cn_nameiop = CREATE;
2203 nd.ni_cnd.cn_flags = LOCKPARENT;
2204 error = nfs_namei(&nd, &nsfh, len, slp, nam, &md, &dpos,
2205 &dirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
2206 if (dirp && v3) {
2207 dirfor_ret = VOP_GETATTR(dirp, &dirfor, cred);
2208 }
2209 if (error)
2210 goto out;
2211 abort = 1;
2212 vattr_null(&va);
2213 va.va_type = VLNK;
2214 if (v3) {
2215 va.va_mode = 0;
2216 nfsm_srvsattr(&va);
2217 nfsm_dissect(tl, uint32_t *, NFSX_UNSIGNED);
2218 len2 = fxdr_unsigned(uint32_t, *tl);
2219 if (len2 > PATH_MAX) {
2220 /* XXX should check _PC_NO_TRUNC */
2221 error = ENAMETOOLONG;
2222 goto abortop;
2223 }
2224 }
2225 else {
2226 /* NFSv2 */
2227 nfsm_strsiz(len2, NFS_MAXPATHLEN);
2228 }
2229 pathcp = malloc(len2 + 1, M_TEMP, M_WAITOK);
2230 iv.iov_base = pathcp;
2231 iv.iov_len = len2;
2232 io.uio_resid = len2;
2233 io.uio_offset = 0;
2234 io.uio_iov = &iv;
2235 io.uio_iovcnt = 1;
2236 io.uio_rw = UIO_READ;
2237 UIO_SETUP_SYSSPACE(&io);
2238 nfsm_mtouio(&io, len2);
2239 if (!v3) {
2240 nfsm_dissect(sp, struct nfsv2_sattr *, NFSX_V2SATTR);
2241 va.va_mode = fxdr_unsigned(u_int16_t, sp->sa_mode);
2242 }
2243 *(pathcp + len2) = '\0';
2244 if (nd.ni_vp) {
2245 error = EEXIST;
2246 abortop:
2247 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
2248 if (nd.ni_dvp == nd.ni_vp)
2249 vrele(nd.ni_dvp);
2250 else
2251 vput(nd.ni_dvp);
2252 if (nd.ni_vp)
2253 vrele(nd.ni_vp);
2254 goto out;
2255 }
2256 nqsrv_getl(nd.ni_dvp, ND_WRITE);
2257 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &va, pathcp);
2258 if (!error) {
2259 if (v3) {
2260 error = nfsrv_composefh(nd.ni_vp, &nsfh, v3);
2261 if (!error)
2262 error = VOP_GETATTR(nd.ni_vp, &va, cred);
2263 vput(nd.ni_vp);
2264 } else {
2265 vput(nd.ni_vp);
2266 }
2267 }
2268 out:
2269 if (pathcp)
2270 free(pathcp, M_TEMP);
2271 if (dirp) {
2272 if (v3) {
2273 diraft_ret = VOP_GETATTR(dirp, &diraft, cred);
2274 }
2275 vrele(dirp);
2276 dirp = NULL;
2277 }
2278 abort = 0;
2279 nfsm_reply(NFSX_SRVFH(&nsfh, v3) + NFSX_POSTOPATTR(v3) +
2280 NFSX_WCCDATA(v3));
2281 if (v3) {
2282 if (!error) {
2283 nfsm_srvpostop_fh(&nsfh);
2284 nfsm_srvpostop_attr(0, &va);
2285 }
2286 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2287 }
2288 return (0);
2289 nfsmout:
2290 if (abort) {
2291 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
2292 if (nd.ni_dvp == nd.ni_vp)
2293 vrele(nd.ni_dvp);
2294 else
2295 vput(nd.ni_dvp);
2296 if (nd.ni_vp)
2297 vrele(nd.ni_vp);
2298 }
2299 if (dirp)
2300 vrele(dirp);
2301 if (pathcp)
2302 free(pathcp, M_TEMP);
2303 return (error);
2304 }
2305
2306 /*
2307 * nfs mkdir service
2308 */
2309 int
2310 nfsrv_mkdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
2311 {
2312 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2313 struct mbuf *nam = nfsd->nd_nam;
2314 char *dpos = nfsd->nd_dpos;
2315 kauth_cred_t cred = nfsd->nd_cr;
2316 struct vattr va, dirfor, diraft;
2317 struct nfs_fattr *fp;
2318 struct nameidata nd;
2319 char *cp;
2320 u_int32_t *tl;
2321 int32_t t1;
2322 char *bpos;
2323 int error = 0, cache = 0, len, dirfor_ret = 1, diraft_ret = 1;
2324 int abort = 0;
2325 int v3 = (nfsd->nd_flag & ND_NFSV3);
2326 char *cp2;
2327 struct mbuf *mb, *mreq;
2328 struct vnode *vp, *dirp = (struct vnode *)0;
2329 nfsrvfh_t nsfh;
2330 u_quad_t frev;
2331
2332 nfsm_srvmtofh(&nsfh);
2333 nfsm_srvnamesiz(len);
2334 nd.ni_cnd.cn_cred = cred;
2335 nd.ni_cnd.cn_nameiop = CREATE;
2336 nd.ni_cnd.cn_flags = LOCKPARENT;
2337 error = nfs_namei(&nd, &nsfh, len, slp, nam, &md, &dpos,
2338 &dirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
2339 if (dirp && v3) {
2340 dirfor_ret = VOP_GETATTR(dirp, &dirfor, cred);
2341 }
2342 if (error) {
2343 nfsm_reply(NFSX_WCCDATA(v3));
2344 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2345 if (dirp)
2346 vrele(dirp);
2347 return (0);
2348 }
2349 abort = 1;
2350 vattr_null(&va);
2351 if (v3) {
2352 va.va_mode = 0;
2353 nfsm_srvsattr(&va);
2354 } else {
2355 nfsm_dissect(tl, u_int32_t *, NFSX_UNSIGNED);
2356 va.va_mode = nfstov_mode(*tl++);
2357 }
2358 va.va_type = VDIR;
2359 vp = nd.ni_vp;
2360 if (vp != NULL) {
2361 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
2362 if (nd.ni_dvp == vp)
2363 vrele(nd.ni_dvp);
2364 else
2365 vput(nd.ni_dvp);
2366 vrele(vp);
2367 error = EEXIST;
2368 goto out;
2369 }
2370 nqsrv_getl(nd.ni_dvp, ND_WRITE);
2371 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &va);
2372 if (!error) {
2373 vp = nd.ni_vp;
2374 error = nfsrv_composefh(vp, &nsfh, v3);
2375 if (!error)
2376 error = VOP_GETATTR(vp, &va, cred);
2377 vput(vp);
2378 }
2379 out:
2380 if (dirp) {
2381 if (v3) {
2382 diraft_ret = VOP_GETATTR(dirp, &diraft, cred);
2383 }
2384 vrele(dirp);
2385 dirp = NULL;
2386 }
2387 abort = 0;
2388 nfsm_reply(NFSX_SRVFH(&nsfh, v3) + NFSX_POSTOPATTR(v3) +
2389 NFSX_WCCDATA(v3));
2390 if (v3) {
2391 if (!error) {
2392 nfsm_srvpostop_fh(&nsfh);
2393 nfsm_srvpostop_attr(0, &va);
2394 }
2395 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2396 } else {
2397 nfsm_srvfhtom(&nsfh, v3);
2398 nfsm_build(fp, struct nfs_fattr *, NFSX_V2FATTR);
2399 nfsm_srvfillattr(&va, fp);
2400 }
2401 return (0);
2402 nfsmout:
2403 if (abort) {
2404 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
2405 if (nd.ni_dvp == nd.ni_vp)
2406 vrele(nd.ni_dvp);
2407 else
2408 vput(nd.ni_dvp);
2409 if (nd.ni_vp)
2410 vrele(nd.ni_vp);
2411 }
2412 if (dirp)
2413 vrele(dirp);
2414 return (error);
2415 }
2416
2417 /*
2418 * nfs rmdir service
2419 */
2420 int
2421 nfsrv_rmdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
2422 {
2423 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2424 struct mbuf *nam = nfsd->nd_nam;
2425 char *dpos = nfsd->nd_dpos;
2426 kauth_cred_t cred = nfsd->nd_cr;
2427 u_int32_t *tl;
2428 int32_t t1;
2429 char *bpos;
2430 int error = 0, cache = 0, len, dirfor_ret = 1, diraft_ret = 1;
2431 int v3 = (nfsd->nd_flag & ND_NFSV3);
2432 char *cp2;
2433 struct mbuf *mb, *mreq;
2434 struct vnode *vp, *dirp = (struct vnode *)0;
2435 struct vattr dirfor, diraft;
2436 nfsrvfh_t nsfh;
2437 struct nameidata nd;
2438 u_quad_t frev;
2439
2440 nfsm_srvmtofh(&nsfh);
2441 nfsm_srvnamesiz(len);
2442 nd.ni_cnd.cn_cred = cred;
2443 nd.ni_cnd.cn_nameiop = DELETE;
2444 nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF;
2445 error = nfs_namei(&nd, &nsfh, len, slp, nam, &md, &dpos,
2446 &dirp, lwp, (nfsd->nd_flag & ND_KERBAUTH), false);
2447 if (dirp && v3) {
2448 dirfor_ret = VOP_GETATTR(dirp, &dirfor, cred);
2449 }
2450 if (error) {
2451 nfsm_reply(NFSX_WCCDATA(v3));
2452 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2453 if (dirp)
2454 vrele(dirp);
2455 return (0);
2456 }
2457 vp = nd.ni_vp;
2458 if (vp->v_type != VDIR) {
2459 error = ENOTDIR;
2460 goto out;
2461 }
2462 /*
2463 * No rmdir "." please.
2464 */
2465 if (nd.ni_dvp == vp) {
2466 error = EINVAL;
2467 goto out;
2468 }
2469 /*
2470 * The root of a mounted filesystem cannot be deleted.
2471 */
2472 if (vp->v_vflag & VV_ROOT)
2473 error = EBUSY;
2474 out:
2475 if (!error) {
2476 nqsrv_getl(nd.ni_dvp, ND_WRITE);
2477 nqsrv_getl(vp, ND_WRITE);
2478 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
2479 } else {
2480 VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
2481 if (nd.ni_dvp == nd.ni_vp)
2482 vrele(nd.ni_dvp);
2483 else
2484 vput(nd.ni_dvp);
2485 vput(vp);
2486 }
2487 if (dirp) {
2488 if (v3) {
2489 diraft_ret = VOP_GETATTR(dirp, &diraft, cred);
2490 }
2491 vrele(dirp);
2492 }
2493 nfsm_reply(NFSX_WCCDATA(v3));
2494 if (v3) {
2495 nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
2496 return (0);
2497 }
2498 nfsm_srvdone;
2499 }
2500
2501 /*
2502 * nfs readdir service
2503 * - mallocs what it thinks is enough to read
2504 * count rounded up to a multiple of NFS_SRVDIRBLKSIZ <= NFS_MAXREADDIR
2505 * - calls VOP_READDIR()
2506 * - loops around building the reply
2507 * if the output generated exceeds count break out of loop
2508 * The nfsm_clget macro is used here so that the reply will be packed
2509 * tightly in mbuf clusters.
2510 * - it only knows that it has encountered eof when the VOP_READDIR()
2511 * reads nothing
2512 * - as such one readdir rpc will return eof false although you are there
2513 * and then the next will return eof
2514 * - it trims out records with d_fileno == 0
2515 * this doesn't matter for Unix clients, but they might confuse clients
2516 * for other os'.
2517 * - it trims out records with d_type == DT_WHT
2518 * these cannot be seen through NFS (unless we extend the protocol)
2519 * NB: It is tempting to set eof to true if the VOP_READDIR() reads less
2520 * than requested, but this may not apply to all filesystems. For
2521 * example, client NFS does not { although it is never remote mounted
2522 * anyhow }
2523 * The alternate call nfsrv_readdirplus() does lookups as well.
2524 * PS: The NFS protocol spec. does not clarify what the "count" byte
2525 * argument is a count of.. just name strings and file id's or the
2526 * entire reply rpc or ...
2527 * I tried just file name and id sizes and it confused the Sun client,
2528 * so I am using the full rpc size now. The "paranoia.." comment refers
2529 * to including the status longwords that are not a part of the dir.
2530 * "entry" structures, but are in the rpc.
2531 */
2532
2533 #define NFS_SRVDIRBLKSIZ 1024
2534
2535 struct flrep {
2536 nfsuint64 fl_off;
2537 u_int32_t fl_postopok;
2538 struct nfs_fattr fl_fattr; /* XXX: must be of fattr3 size */
2539 u_int32_t fl_fhok;
2540 u_int32_t fl_fhsize;
2541 /* handle comes here, filled in dynamically */
2542 };
2543
2544 int
2545 nfsrv_readdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
2546 {
2547 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2548 struct mbuf *nam = nfsd->nd_nam;
2549 char *dpos = nfsd->nd_dpos;
2550 kauth_cred_t cred = nfsd->nd_cr;
2551 char *bp, *be;
2552 struct mbuf *mp;
2553 struct dirent *dp;
2554 char *cp;
2555 u_int32_t *tl;
2556 int32_t t1;
2557 char *bpos;
2558 struct mbuf *mb, *mreq, *mp2;
2559 char *cpos, *cend, *cp2, *rbuf;
2560 struct vnode *vp;
2561 struct vattr at;
2562 nfsrvfh_t nsfh;
2563 struct uio io;
2564 struct iovec iv;
2565 int len, nlen, rem, xfer, tsiz, i, error = 0, getret = 1;
2566 int siz, cnt, fullsiz, eofflag, rdonly, cache = 0, ncookies;
2567 int v3 = (nfsd->nd_flag & ND_NFSV3);
2568 u_quad_t frev, off, toff, verf;
2569 off_t *cookies = NULL, *cookiep;
2570 nfsuint64 jar;
2571
2572 nfsm_srvmtofh(&nsfh);
2573 if (v3) {
2574 nfsm_dissect(tl, u_int32_t *, 5 * NFSX_UNSIGNED);
2575 toff = fxdr_hyper(tl);
2576 tl += 2;
2577 verf = fxdr_hyper(tl);
2578 tl += 2;
2579 } else {
2580 nfsm_dissect(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2581 toff = fxdr_unsigned(u_quad_t, *tl++);
2582 }
2583 off = toff;
2584 cnt = fxdr_unsigned(int, *tl);
2585 siz = ((cnt + NFS_SRVDIRBLKSIZ - 1) & ~(NFS_SRVDIRBLKSIZ - 1));
2586 xfer = NFS_SRVMAXDATA(nfsd);
2587 if (siz > xfer)
2588 siz = xfer;
2589 fullsiz = siz;
2590 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
2591 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
2592 if (!error && vp->v_type != VDIR) {
2593 error = ENOTDIR;
2594 vput(vp);
2595 }
2596 if (error) {
2597 nfsm_reply(NFSX_UNSIGNED);
2598 nfsm_srvpostop_attr(getret, &at);
2599 return (0);
2600 }
2601 nqsrv_getl(vp, ND_READ);
2602 if (v3) {
2603 error = getret = VOP_GETATTR(vp, &at, cred);
2604 #ifdef NFS3_STRICTVERF
2605 /*
2606 * XXX This check is too strict for Solaris 2.5 clients.
2607 */
2608 if (!error && toff && verf != at.va_filerev)
2609 error = NFSERR_BAD_COOKIE;
2610 #endif
2611 }
2612 if (!error)
2613 error = nfsrv_access(vp, VEXEC, cred, rdonly, lwp, 0);
2614 if (error) {
2615 vput(vp);
2616 nfsm_reply(NFSX_POSTOPATTR(v3));
2617 nfsm_srvpostop_attr(getret, &at);
2618 return (0);
2619 }
2620 VOP_UNLOCK(vp, 0);
2621 rbuf = malloc(siz, M_TEMP, M_WAITOK);
2622 again:
2623 iv.iov_base = rbuf;
2624 iv.iov_len = fullsiz;
2625 io.uio_iov = &iv;
2626 io.uio_iovcnt = 1;
2627 io.uio_offset = (off_t)off;
2628 io.uio_resid = fullsiz;
2629 io.uio_rw = UIO_READ;
2630 UIO_SETUP_SYSSPACE(&io);
2631 eofflag = 0;
2632 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2633
2634 error = VOP_READDIR(vp, &io, cred, &eofflag, &cookies, &ncookies);
2635
2636 off = (off_t)io.uio_offset;
2637 if (!cookies && !error)
2638 error = NFSERR_PERM;
2639 if (v3) {
2640 getret = VOP_GETATTR(vp, &at, cred);
2641 if (!error)
2642 error = getret;
2643 }
2644
2645 VOP_UNLOCK(vp, 0);
2646 if (error) {
2647 vrele(vp);
2648 free((void *)rbuf, M_TEMP);
2649 if (cookies)
2650 free((void *)cookies, M_TEMP);
2651 nfsm_reply(NFSX_POSTOPATTR(v3));
2652 nfsm_srvpostop_attr(getret, &at);
2653 return (0);
2654 }
2655 if (io.uio_resid) {
2656 siz -= io.uio_resid;
2657
2658 /*
2659 * If nothing read, return eof
2660 * rpc reply
2661 */
2662 if (siz == 0) {
2663 vrele(vp);
2664 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_COOKIEVERF(v3) +
2665 2 * NFSX_UNSIGNED);
2666 if (v3) {
2667 nfsm_srvpostop_attr(getret, &at);
2668 nfsm_build(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
2669 txdr_hyper(at.va_filerev, tl);
2670 tl += 2;
2671 } else
2672 nfsm_build(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2673 *tl++ = nfs_false;
2674 *tl = nfs_true;
2675 free((void *)rbuf, M_TEMP);
2676 free((void *)cookies, M_TEMP);
2677 return (0);
2678 }
2679 }
2680
2681 /*
2682 * Check for degenerate cases of nothing useful read.
2683 * If so go try again
2684 */
2685 cpos = rbuf;
2686 cend = rbuf + siz;
2687 dp = (struct dirent *)cpos;
2688 cookiep = cookies;
2689
2690 while (cpos < cend && ncookies > 0 &&
2691 (dp->d_fileno == 0 || dp->d_type == DT_WHT)) {
2692 cpos += dp->d_reclen;
2693 dp = (struct dirent *)cpos;
2694 cookiep++;
2695 ncookies--;
2696 }
2697 if (cpos >= cend || ncookies == 0) {
2698 toff = off;
2699 siz = fullsiz;
2700 free(cookies, M_TEMP);
2701 cookies = NULL;
2702 goto again;
2703 }
2704
2705 len = 3 * NFSX_UNSIGNED; /* paranoia, probably can be 0 */
2706 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_COOKIEVERF(v3) + siz);
2707 if (v3) {
2708 nfsm_srvpostop_attr(getret, &at);
2709 nfsm_build(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2710 txdr_hyper(at.va_filerev, tl);
2711 }
2712 mp = mp2 = mb;
2713 bp = bpos;
2714 be = bp + M_TRAILINGSPACE(mp);
2715
2716 /* Loop through the records and build reply */
2717 while (cpos < cend && ncookies > 0) {
2718 if (dp->d_fileno != 0 && dp->d_type != DT_WHT) {
2719 nlen = dp->d_namlen;
2720 rem = nfsm_rndup(nlen)-nlen;
2721 len += (4 * NFSX_UNSIGNED + nlen + rem);
2722 if (v3)
2723 len += 2 * NFSX_UNSIGNED;
2724 if (len > cnt) {
2725 eofflag = 0;
2726 break;
2727 }
2728 /*
2729 * Build the directory record xdr from
2730 * the dirent entry.
2731 */
2732 nfsm_clget;
2733 *tl = nfs_true;
2734 bp += NFSX_UNSIGNED;
2735 if (v3) {
2736 nfsm_clget;
2737 *tl = txdr_unsigned(dp->d_fileno >> 32);
2738 bp += NFSX_UNSIGNED;
2739 }
2740 nfsm_clget;
2741 *tl = txdr_unsigned(dp->d_fileno);
2742 bp += NFSX_UNSIGNED;
2743 nfsm_clget;
2744 *tl = txdr_unsigned(nlen);
2745 bp += NFSX_UNSIGNED;
2746
2747 /* And loop around copying the name */
2748 xfer = nlen;
2749 cp = dp->d_name;
2750 while (xfer > 0) {
2751 nfsm_clget;
2752 if ((bp+xfer) > be)
2753 tsiz = be-bp;
2754 else
2755 tsiz = xfer;
2756 memcpy(bp, cp, tsiz);
2757 bp += tsiz;
2758 xfer -= tsiz;
2759 if (xfer > 0)
2760 cp += tsiz;
2761 }
2762 /* And null pad to an int32_t boundary */
2763 for (i = 0; i < rem; i++)
2764 *bp++ = '\0';
2765 nfsm_clget;
2766
2767 /* Finish off the record */
2768 txdr_hyper(*cookiep, &jar);
2769 if (v3) {
2770 *tl = jar.nfsuquad[0];
2771 bp += NFSX_UNSIGNED;
2772 nfsm_clget;
2773 }
2774 *tl = jar.nfsuquad[1];
2775 bp += NFSX_UNSIGNED;
2776 }
2777 cpos += dp->d_reclen;
2778 dp = (struct dirent *)cpos;
2779 cookiep++;
2780 ncookies--;
2781 }
2782 vrele(vp);
2783 nfsm_clget;
2784 *tl = nfs_false;
2785 bp += NFSX_UNSIGNED;
2786 nfsm_clget;
2787 if (eofflag)
2788 *tl = nfs_true;
2789 else
2790 *tl = nfs_false;
2791 bp += NFSX_UNSIGNED;
2792 if (mp != mb) {
2793 if (bp < be)
2794 mp->m_len = bp - mtod(mp, char *);
2795 } else
2796 mp->m_len += bp - bpos;
2797 free((void *)rbuf, M_TEMP);
2798 free((void *)cookies, M_TEMP);
2799 nfsm_srvdone;
2800 }
2801
2802 int
2803 nfsrv_readdirplus(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
2804 {
2805 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
2806 struct mbuf *nam = nfsd->nd_nam;
2807 char *dpos = nfsd->nd_dpos;
2808 kauth_cred_t cred = nfsd->nd_cr;
2809 char *bp, *be;
2810 struct mbuf *mp;
2811 struct dirent *dp;
2812 char *cp;
2813 u_int32_t *tl;
2814 int32_t t1;
2815 char *bpos;
2816 struct mbuf *mb, *mreq, *mp2;
2817 char *cpos, *cend, *cp2, *rbuf;
2818 struct vnode *vp, *nvp;
2819 struct flrep fl;
2820 nfsrvfh_t nsfh;
2821 struct uio io;
2822 struct iovec iv;
2823 struct vattr va, at, *vap = &va;
2824 struct nfs_fattr *fp;
2825 int len, nlen, rem, xfer, tsiz, i, error = 0, getret = 1;
2826 int siz, cnt, fullsiz, eofflag, rdonly, cache = 0, dirlen, ncookies;
2827 u_quad_t frev, off, toff, verf;
2828 off_t *cookies = NULL, *cookiep;
2829
2830 nfsm_srvmtofh(&nsfh);
2831 nfsm_dissect(tl, u_int32_t *, 6 * NFSX_UNSIGNED);
2832 toff = fxdr_hyper(tl);
2833 tl += 2;
2834 verf = fxdr_hyper(tl);
2835 tl += 2;
2836 siz = fxdr_unsigned(int, *tl++);
2837 cnt = fxdr_unsigned(int, *tl);
2838 off = toff;
2839 siz = ((siz + NFS_SRVDIRBLKSIZ - 1) & ~(NFS_SRVDIRBLKSIZ - 1));
2840 xfer = NFS_SRVMAXDATA(nfsd);
2841 if (siz > xfer)
2842 siz = xfer;
2843 fullsiz = siz;
2844 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
2845 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
2846 if (!error && vp->v_type != VDIR) {
2847 error = ENOTDIR;
2848 vput(vp);
2849 }
2850 if (error) {
2851 nfsm_reply(NFSX_UNSIGNED);
2852 nfsm_srvpostop_attr(getret, &at);
2853 return (0);
2854 }
2855 error = getret = VOP_GETATTR(vp, &at, cred);
2856 #ifdef NFS3_STRICTVERF
2857 /*
2858 * XXX This check is too strict for Solaris 2.5 clients.
2859 */
2860 if (!error && toff && verf != at.va_filerev)
2861 error = NFSERR_BAD_COOKIE;
2862 #endif
2863 if (!error) {
2864 nqsrv_getl(vp, ND_READ);
2865 error = nfsrv_access(vp, VEXEC, cred, rdonly, lwp, 0);
2866 }
2867 if (error) {
2868 vput(vp);
2869 nfsm_reply(NFSX_V3POSTOPATTR);
2870 nfsm_srvpostop_attr(getret, &at);
2871 return (0);
2872 }
2873 VOP_UNLOCK(vp, 0);
2874
2875 rbuf = malloc(siz, M_TEMP, M_WAITOK);
2876 again:
2877 iv.iov_base = rbuf;
2878 iv.iov_len = fullsiz;
2879 io.uio_iov = &iv;
2880 io.uio_iovcnt = 1;
2881 io.uio_offset = (off_t)off;
2882 io.uio_resid = fullsiz;
2883 io.uio_rw = UIO_READ;
2884 UIO_SETUP_SYSSPACE(&io);
2885 eofflag = 0;
2886
2887 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2888
2889 error = VOP_READDIR(vp, &io, cred, &eofflag, &cookies, &ncookies);
2890
2891 off = (u_quad_t)io.uio_offset;
2892 getret = VOP_GETATTR(vp, &at, cred);
2893
2894 VOP_UNLOCK(vp, 0);
2895
2896 /*
2897 * If the VGET operation doesn't work for this filesystem,
2898 * we can't support readdirplus. Returning NOTSUPP should
2899 * make clients fall back to plain readdir.
2900 * There's no need to check for VPTOFH as well, we wouldn't
2901 * even be here otherwise.
2902 */
2903 if (!getret) {
2904 if ((getret = VFS_VGET(vp->v_mount, at.va_fileid, &nvp)))
2905 getret = (getret == EOPNOTSUPP) ?
2906 NFSERR_NOTSUPP : NFSERR_IO;
2907 else
2908 vput(nvp);
2909 }
2910
2911 if (!cookies && !error)
2912 error = NFSERR_PERM;
2913 if (!error)
2914 error = getret;
2915 if (error) {
2916 vrele(vp);
2917 if (cookies)
2918 free((void *)cookies, M_TEMP);
2919 free((void *)rbuf, M_TEMP);
2920 nfsm_reply(NFSX_V3POSTOPATTR);
2921 nfsm_srvpostop_attr(getret, &at);
2922 return (0);
2923 }
2924 if (io.uio_resid) {
2925 siz -= io.uio_resid;
2926
2927 /*
2928 * If nothing read, return eof
2929 * rpc reply
2930 */
2931 if (siz == 0) {
2932 vrele(vp);
2933 nfsm_reply(NFSX_V3POSTOPATTR + NFSX_V3COOKIEVERF +
2934 2 * NFSX_UNSIGNED);
2935 nfsm_srvpostop_attr(getret, &at);
2936 nfsm_build(tl, u_int32_t *, 4 * NFSX_UNSIGNED);
2937 txdr_hyper(at.va_filerev, tl);
2938 tl += 2;
2939 *tl++ = nfs_false;
2940 *tl = nfs_true;
2941 free((void *)cookies, M_TEMP);
2942 free((void *)rbuf, M_TEMP);
2943 return (0);
2944 }
2945 }
2946
2947 /*
2948 * Check for degenerate cases of nothing useful read.
2949 * If so go try again
2950 */
2951 cpos = rbuf;
2952 cend = rbuf + siz;
2953 dp = (struct dirent *)cpos;
2954 cookiep = cookies;
2955
2956 while (cpos < cend && ncookies > 0 &&
2957 (dp->d_fileno == 0 || dp->d_type == DT_WHT)) {
2958 cpos += dp->d_reclen;
2959 dp = (struct dirent *)cpos;
2960 cookiep++;
2961 ncookies--;
2962 }
2963 if (cpos >= cend || ncookies == 0) {
2964 toff = off;
2965 siz = fullsiz;
2966 free(cookies, M_TEMP);
2967 cookies = NULL;
2968 goto again;
2969 }
2970
2971 dirlen = len = NFSX_V3POSTOPATTR + NFSX_V3COOKIEVERF + 2 * NFSX_UNSIGNED;
2972 nfsm_reply(cnt);
2973 nfsm_srvpostop_attr(getret, &at);
2974 nfsm_build(tl, u_int32_t *, 2 * NFSX_UNSIGNED);
2975 txdr_hyper(at.va_filerev, tl);
2976 mp = mp2 = mb;
2977 bp = bpos;
2978 be = bp + M_TRAILINGSPACE(mp);
2979
2980 /* Loop through the records and build reply */
2981 while (cpos < cend && ncookies > 0) {
2982 if (dp->d_fileno != 0 && dp->d_type != DT_WHT) {
2983 nfsrvfh_t nnsfh;
2984
2985 nlen = dp->d_namlen;
2986 rem = nfsm_rndup(nlen)-nlen;
2987
2988 /*
2989 * For readdir_and_lookup get the vnode using
2990 * the file number.
2991 */
2992 if (VFS_VGET(vp->v_mount, dp->d_fileno, &nvp))
2993 goto invalid;
2994 if (nfsrv_composefh(nvp, &nnsfh, true)) {
2995 vput(nvp);
2996 goto invalid;
2997 }
2998 if (VOP_GETATTR(nvp, vap, cred)) {
2999 vput(nvp);
3000 goto invalid;
3001 }
3002 vput(nvp);
3003
3004 /*
3005 * If either the dircount or maxcount will be
3006 * exceeded, get out now. Both of these lengths
3007 * are calculated conservatively, including all
3008 * XDR overheads.
3009 */
3010 len += (8 * NFSX_UNSIGNED + nlen + rem + NFSX_V3FH +
3011 NFSX_V3POSTOPATTR);
3012 dirlen += (6 * NFSX_UNSIGNED + nlen + rem);
3013 if (len > cnt || dirlen > fullsiz) {
3014 eofflag = 0;
3015 break;
3016 }
3017
3018 /*
3019 * Build the directory record xdr from
3020 * the dirent entry.
3021 */
3022 fp = (struct nfs_fattr *)&fl.fl_fattr;
3023 nfsm_srvfillattr(vap, fp);
3024 fl.fl_fhsize = txdr_unsigned(NFSX_V3FH);
3025 fl.fl_fhok = nfs_true;
3026 fl.fl_postopok = nfs_true;
3027 txdr_hyper(*cookiep, fl.fl_off.nfsuquad);
3028
3029 nfsm_clget;
3030 *tl = nfs_true;
3031 bp += NFSX_UNSIGNED;
3032 nfsm_clget;
3033 *tl = txdr_unsigned(dp->d_fileno >> 32);
3034 bp += NFSX_UNSIGNED;
3035 nfsm_clget;
3036 *tl = txdr_unsigned(dp->d_fileno);
3037 bp += NFSX_UNSIGNED;
3038 nfsm_clget;
3039 *tl = txdr_unsigned(nlen);
3040 bp += NFSX_UNSIGNED;
3041
3042 /* And loop around copying the name */
3043 xfer = nlen;
3044 cp = dp->d_name;
3045 while (xfer > 0) {
3046 nfsm_clget;
3047 if ((bp + xfer) > be)
3048 tsiz = be - bp;
3049 else
3050 tsiz = xfer;
3051 memcpy(bp, cp, tsiz);
3052 bp += tsiz;
3053 xfer -= tsiz;
3054 if (xfer > 0)
3055 cp += tsiz;
3056 }
3057 /* And null pad to an int32_t boundary */
3058 for (i = 0; i < rem; i++)
3059 *bp++ = '\0';
3060
3061 /*
3062 * Now copy the flrep structure out.
3063 */
3064 xfer = sizeof(struct flrep);
3065 cp = (void *)&fl;
3066 while (xfer > 0) {
3067 nfsm_clget;
3068 if ((bp + xfer) > be)
3069 tsiz = be - bp;
3070 else
3071 tsiz = xfer;
3072 memcpy(bp, cp, tsiz);
3073 bp += tsiz;
3074 xfer -= tsiz;
3075 if (xfer > 0)
3076 cp += tsiz;
3077 }
3078
3079 /*
3080 * ... and filehandle.
3081 */
3082 xfer = NFSRVFH_SIZE(&nnsfh);
3083 cp = NFSRVFH_DATA(&nnsfh);
3084 while (xfer > 0) {
3085 nfsm_clget;
3086 if ((bp + xfer) > be)
3087 tsiz = be - bp;
3088 else
3089 tsiz = xfer;
3090 memcpy(bp, cp, tsiz);
3091 bp += tsiz;
3092 xfer -= tsiz;
3093 if (xfer > 0)
3094 cp += tsiz;
3095 }
3096 }
3097 invalid:
3098 cpos += dp->d_reclen;
3099 dp = (struct dirent *)cpos;
3100 cookiep++;
3101 ncookies--;
3102 }
3103 vrele(vp);
3104 nfsm_clget;
3105 *tl = nfs_false;
3106 bp += NFSX_UNSIGNED;
3107 nfsm_clget;
3108 if (eofflag)
3109 *tl = nfs_true;
3110 else
3111 *tl = nfs_false;
3112 bp += NFSX_UNSIGNED;
3113 if (mp != mb) {
3114 if (bp < be)
3115 mp->m_len = bp - mtod(mp, char *);
3116 } else
3117 mp->m_len += bp - bpos;
3118 free((void *)cookies, M_TEMP);
3119 free((void *)rbuf, M_TEMP);
3120 nfsm_srvdone;
3121 }
3122
3123 /*
3124 * nfs commit service
3125 */
3126 int
3127 nfsrv_commit(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
3128 {
3129 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
3130 struct mbuf *nam = nfsd->nd_nam;
3131 char *dpos = nfsd->nd_dpos;
3132 kauth_cred_t cred = nfsd->nd_cr;
3133 struct vattr bfor, aft;
3134 struct vnode *vp;
3135 nfsrvfh_t nsfh;
3136 u_int32_t *tl;
3137 int32_t t1;
3138 char *bpos;
3139 int error = 0, rdonly, for_ret = 1, aft_ret = 1, cache = 0;
3140 uint32_t cnt;
3141 char *cp2;
3142 struct mbuf *mb, *mreq;
3143 u_quad_t frev, off, end;
3144
3145 nfsm_srvmtofh(&nsfh);
3146 nfsm_dissect(tl, u_int32_t *, 3 * NFSX_UNSIGNED);
3147
3148 off = fxdr_hyper(tl);
3149 tl += 2;
3150 cnt = fxdr_unsigned(uint32_t, *tl);
3151 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
3152 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
3153 if (error) {
3154 nfsm_reply(2 * NFSX_UNSIGNED);
3155 nfsm_srvwcc_data(for_ret, &bfor, aft_ret, &aft);
3156 return (0);
3157 }
3158 for_ret = VOP_GETATTR(vp, &bfor, cred);
3159 end = (cnt > 0) ? off + cnt : vp->v_size;
3160 if (end < off || end > vp->v_size)
3161 end = vp->v_size;
3162 if (off < vp->v_size)
3163 error = VOP_FSYNC(vp, cred, FSYNC_WAIT, off, end);
3164 /* else error == 0, from nfsrv_fhtovp() */
3165 aft_ret = VOP_GETATTR(vp, &aft, cred);
3166 vput(vp);
3167 nfsm_reply(NFSX_V3WCCDATA + NFSX_V3WRITEVERF);
3168 nfsm_srvwcc_data(for_ret, &bfor, aft_ret, &aft);
3169 if (!error) {
3170 nfsm_build(tl, u_int32_t *, NFSX_V3WRITEVERF);
3171 *tl++ = txdr_unsigned(boottime.tv_sec);
3172 *tl = txdr_unsigned(boottime.tv_nsec / 1000);
3173 } else {
3174 return (0);
3175 }
3176 nfsm_srvdone;
3177 }
3178
3179 /*
3180 * nfs statfs service
3181 */
3182 int
3183 nfsrv_statfs(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
3184 {
3185 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
3186 struct mbuf *nam = nfsd->nd_nam;
3187 char *dpos = nfsd->nd_dpos;
3188 kauth_cred_t cred = nfsd->nd_cr;
3189 struct statvfs *sf = NULL;
3190 struct nfs_statfs *sfp;
3191 u_int32_t *tl;
3192 int32_t t1;
3193 char *bpos;
3194 int error = 0, rdonly, cache = 0, getret = 1;
3195 int v3 = (nfsd->nd_flag & ND_NFSV3);
3196 char *cp2;
3197 struct mbuf *mb, *mreq;
3198 struct vnode *vp;
3199 struct vattr at;
3200 nfsrvfh_t nsfh;
3201 u_quad_t frev, tval;
3202
3203 nfsm_srvmtofh(&nsfh);
3204 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
3205 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
3206 if (error) {
3207 nfsm_reply(NFSX_UNSIGNED);
3208 nfsm_srvpostop_attr(getret, &at);
3209 return (0);
3210 }
3211 sf = malloc(sizeof(*sf), M_TEMP, M_WAITOK);
3212 error = VFS_STATVFS(vp->v_mount, sf);
3213 getret = VOP_GETATTR(vp, &at, cred);
3214 vput(vp);
3215 nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_STATFS(v3));
3216 if (v3)
3217 nfsm_srvpostop_attr(getret, &at);
3218 if (error) {
3219 free(sf, M_TEMP);
3220 return (0);
3221 }
3222 nfsm_build(sfp, struct nfs_statfs *, NFSX_STATFS(v3));
3223 if (v3) {
3224 tval = (u_quad_t)((quad_t)sf->f_blocks * (quad_t)sf->f_frsize);
3225 txdr_hyper(tval, &sfp->sf_tbytes);
3226 tval = (u_quad_t)((quad_t)sf->f_bfree * (quad_t)sf->f_frsize);
3227 txdr_hyper(tval, &sfp->sf_fbytes);
3228 tval = (u_quad_t)((quad_t)sf->f_bavail * (quad_t)sf->f_frsize);
3229 txdr_hyper(tval, &sfp->sf_abytes);
3230 tval = (u_quad_t)sf->f_files;
3231 txdr_hyper(tval, &sfp->sf_tfiles);
3232 tval = (u_quad_t)sf->f_ffree;
3233 txdr_hyper(tval, &sfp->sf_ffiles);
3234 txdr_hyper(tval, &sfp->sf_afiles);
3235 sfp->sf_invarsec = 0;
3236 } else {
3237 sfp->sf_tsize = txdr_unsigned(NFS_MAXDGRAMDATA);
3238 sfp->sf_bsize = txdr_unsigned(sf->f_frsize);
3239 sfp->sf_blocks = txdr_unsigned(sf->f_blocks);
3240 sfp->sf_bfree = txdr_unsigned(sf->f_bfree);
3241 sfp->sf_bavail = txdr_unsigned(sf->f_bavail);
3242 }
3243 nfsmout:
3244 if (sf)
3245 free(sf, M_TEMP);
3246 return error;
3247 }
3248
3249 /*
3250 * nfs fsinfo service
3251 */
3252 int
3253 nfsrv_fsinfo(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
3254 {
3255 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
3256 struct mbuf *nam = nfsd->nd_nam;
3257 char *dpos = nfsd->nd_dpos;
3258 kauth_cred_t cred = nfsd->nd_cr;
3259 u_int32_t *tl;
3260 struct nfsv3_fsinfo *sip;
3261 int32_t t1;
3262 char *bpos;
3263 int error = 0, rdonly, cache = 0, getret = 1;
3264 uint32_t maxdata;
3265 char *cp2;
3266 struct mbuf *mb, *mreq;
3267 struct vnode *vp;
3268 struct vattr at;
3269 nfsrvfh_t nsfh;
3270 u_quad_t frev, maxfsize;
3271 struct statvfs *sb;
3272
3273 nfsm_srvmtofh(&nsfh);
3274 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
3275 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
3276 if (error) {
3277 nfsm_reply(NFSX_UNSIGNED);
3278 nfsm_srvpostop_attr(getret, &at);
3279 return (0);
3280 }
3281
3282 /* XXX Try to make a guess on the max file size. */
3283 sb = malloc(sizeof(*sb), M_TEMP, M_WAITOK);
3284 VFS_STATVFS(vp->v_mount, sb);
3285 maxfsize = (u_quad_t)0x80000000 * sb->f_frsize - 1;
3286 free(sb, M_TEMP);
3287
3288 getret = VOP_GETATTR(vp, &at, cred);
3289 vput(vp);
3290 nfsm_reply(NFSX_V3POSTOPATTR + NFSX_V3FSINFO);
3291 nfsm_srvpostop_attr(getret, &at);
3292 nfsm_build(sip, struct nfsv3_fsinfo *, NFSX_V3FSINFO);
3293
3294 /*
3295 * XXX
3296 * There should be file system VFS OP(s) to get this information.
3297 * For now, assume ufs.
3298 */
3299 if (slp->ns_so->so_type == SOCK_DGRAM)
3300 maxdata = NFS_MAXDGRAMDATA;
3301 else
3302 maxdata = NFS_MAXDATA;
3303 sip->fs_rtmax = txdr_unsigned(maxdata);
3304 sip->fs_rtpref = txdr_unsigned(maxdata);
3305 sip->fs_rtmult = txdr_unsigned(NFS_FABLKSIZE);
3306 sip->fs_wtmax = txdr_unsigned(maxdata);
3307 sip->fs_wtpref = txdr_unsigned(maxdata);
3308 sip->fs_wtmult = txdr_unsigned(NFS_FABLKSIZE);
3309 sip->fs_dtpref = txdr_unsigned(maxdata);
3310 txdr_hyper(maxfsize, &sip->fs_maxfilesize);
3311 sip->fs_timedelta.nfsv3_sec = 0;
3312 sip->fs_timedelta.nfsv3_nsec = txdr_unsigned(1);
3313 sip->fs_properties = txdr_unsigned(NFSV3FSINFO_LINK |
3314 NFSV3FSINFO_SYMLINK | NFSV3FSINFO_HOMOGENEOUS |
3315 NFSV3FSINFO_CANSETTIME);
3316 nfsm_srvdone;
3317 }
3318
3319 /*
3320 * nfs pathconf service
3321 */
3322 int
3323 nfsrv_pathconf(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lwp, struct mbuf **mrq)
3324 {
3325 struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
3326 struct mbuf *nam = nfsd->nd_nam;
3327 char *dpos = nfsd->nd_dpos;
3328 kauth_cred_t cred = nfsd->nd_cr;
3329 u_int32_t *tl;
3330 struct nfsv3_pathconf *pc;
3331 int32_t t1;
3332 char *bpos;
3333 int error = 0, rdonly, cache = 0, getret = 1;
3334 register_t linkmax, namemax, chownres, notrunc;
3335 char *cp2;
3336 struct mbuf *mb, *mreq;
3337 struct vnode *vp;
3338 struct vattr at;
3339 nfsrvfh_t nsfh;
3340 u_quad_t frev;
3341
3342 nfsm_srvmtofh(&nsfh);
3343 error = nfsrv_fhtovp(&nsfh, 1, &vp, cred, slp, nam,
3344 &rdonly, (nfsd->nd_flag & ND_KERBAUTH), false);
3345 if (error) {
3346 nfsm_reply(NFSX_UNSIGNED);
3347 nfsm_srvpostop_attr(getret, &at);
3348 return (0);
3349 }
3350 error = VOP_PATHCONF(vp, _PC_LINK_MAX, &linkmax);
3351 if (!error)
3352 error = VOP_PATHCONF(vp, _PC_NAME_MAX, &namemax);
3353 if (!error)
3354 error = VOP_PATHCONF(vp, _PC_CHOWN_RESTRICTED, &chownres);
3355 if (!error)
3356 error = VOP_PATHCONF(vp, _PC_NO_TRUNC, &notrunc);
3357 getret = VOP_GETATTR(vp, &at, cred);
3358 vput(vp);
3359 nfsm_reply(NFSX_V3POSTOPATTR + NFSX_V3PATHCONF);
3360 nfsm_srvpostop_attr(getret, &at);
3361 if (error)
3362 return (0);
3363 nfsm_build(pc, struct nfsv3_pathconf *, NFSX_V3PATHCONF);
3364
3365 pc->pc_linkmax = txdr_unsigned(linkmax);
3366 pc->pc_namemax = txdr_unsigned(namemax);
3367 pc->pc_notrunc = txdr_unsigned(notrunc);
3368 pc->pc_chownrestricted = txdr_unsigned(chownres);
3369
3370 /*
3371 * These should probably be supported by VOP_PATHCONF(), but
3372 * until msdosfs is exportable (why would you want to?), the
3373 * Unix defaults should be ok.
3374 */
3375 pc->pc_caseinsensitive = nfs_false;
3376 pc->pc_casepreserving = nfs_true;
3377 nfsm_srvdone;
3378 }
3379
3380 /*
3381 * Null operation, used by clients to ping server
3382 */
3383 /* ARGSUSED */
3384 int
3385 nfsrv_null(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
3386 struct lwp *lwp, struct mbuf **mrq)
3387 {
3388 struct mbuf *mrep = nfsd->nd_mrep;
3389 char *bpos;
3390 int error = NFSERR_RETVOID, cache = 0;
3391 struct mbuf *mb, *mreq;
3392 u_quad_t frev;
3393
3394 nfsm_reply(0);
3395 nfsmout:
3396 return (0);
3397 }
3398
3399 /*
3400 * No operation, used for obsolete procedures
3401 */
3402 /* ARGSUSED */
3403 int
3404 nfsrv_noop(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
3405 struct lwp *lwp, struct mbuf **mrq)
3406 {
3407 struct mbuf *mrep = nfsd->nd_mrep;
3408 char *bpos;
3409 int error, cache = 0;
3410 struct mbuf *mb, *mreq;
3411 u_quad_t frev;
3412
3413 if (nfsd->nd_repstat)
3414 error = nfsd->nd_repstat;
3415 else
3416 error = EPROCUNAVAIL;
3417 nfsm_reply(0);
3418 nfsmout:
3419 return (0);
3420 }
3421
3422 /*
3423 * Perform access checking for vnodes obtained from file handles that would
3424 * refer to files already opened by a Unix client. You cannot just use
3425 * vn_writechk() and VOP_ACCESS() for two reasons.
3426 * 1 - You must check for exported rdonly as well as MNT_RDONLY for the write case
3427 * 2 - The owner is to be given access irrespective of mode bits for some
3428 * operations, so that processes that chmod after opening a file don't
3429 * break. I don't like this because it opens a security hole, but since
3430 * the nfs server opens a security hole the size of a barn door anyhow,
3431 * what the heck.
3432 *
3433 * The exception to rule 2 is EPERM. If a file is IMMUTABLE, VOP_ACCESS()
3434 * will return EPERM instead of EACCESS. EPERM is always an error.
3435 */
3436 int
3437 nfsrv_access(struct vnode *vp, int flags, kauth_cred_t cred, int rdonly, struct lwp *lwp, int override)
3438 {
3439 struct vattr vattr;
3440 int error;
3441 if (flags & VWRITE) {
3442 /* Just vn_writechk() changed to check rdonly */
3443 /*
3444 * Disallow write attempts on read-only file systems;
3445 * unless the file is a socket or a block or character
3446 * device resident on the file system.
3447 */
3448 if (rdonly || (vp->v_mount->mnt_flag & MNT_RDONLY)) {
3449 switch (vp->v_type) {
3450 case VREG:
3451 case VDIR:
3452 case VLNK:
3453 return (EROFS);
3454 default:
3455 break;
3456 }
3457 }
3458
3459 /*
3460 * If the vnode is in use as a process's text,
3461 * we can't allow writing.
3462 */
3463 if (vp->v_iflag & VI_TEXT)
3464 return (ETXTBSY);
3465 }
3466 error = VOP_GETATTR(vp, &vattr, cred);
3467 if (error)
3468 return (error);
3469 error = VOP_ACCESS(vp, flags, cred);
3470 /*
3471 * Allow certain operations for the owner (reads and writes
3472 * on files that are already open).
3473 */
3474 if (override && error == EACCES && kauth_cred_geteuid(cred) == vattr.va_uid)
3475 error = 0;
3476 return error;
3477 }
NetBSD on the FriendlyARM MINI2440