2 * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. Berkeley Software Design Inc's name may not be used to endorse or
13 * promote products derived from this software without specific prior
16 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN INC ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN INC BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * from BSDI nfs_lock.c,v 2.4 1998/12/14 23:49:56 jch Exp
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/fcntl.h>
37 #include <sys/kernel.h> /* for hz */
39 #include <sys/malloc.h>
40 #include <sys/lockf.h> /* for hz */ /* Must come after sys/malloc.h */
42 #include <sys/mount.h>
43 #include <sys/namei.h>
45 #include <sys/resourcevar.h>
46 #include <sys/socket.h>
47 #include <sys/socket.h>
48 #include <sys/unistd.h>
49 #include <sys/vnode.h>
51 #include <machine/limits.h>
55 #include <nfs/rpcv2.h>
56 #include <nfs/nfsproto.h>
57 #include <nfsclient/nfs.h>
58 #include <nfsclient/nfsmount.h>
59 #include <nfsclient/nfsnode.h>
60 #include <nfsclient/nfs_lock.h>
61 #include <nfsclient/nlminfo.h>
63 #define NFSOWNER_1ST_LEVEL_START 1 /* initial entries */
64 #define NFSOWNER_2ND_LEVEL 256 /* some power of 2 */
66 #define NFSOWNER(tbl, i) \
67 (tbl)[(i) / NFSOWNER_2ND_LEVEL][(i) % NFSOWNER_2ND_LEVEL]
71 * We have to let the process know if the call succeeded. I'm using an extra
72 * field in the p_nlminfo field in the proc structure, as it is already for
78 * NFS advisory byte-level locks.
81 nfs_dolock(struct vop_advlock_args *ap)
87 struct vnode *vp, *wvp;
100 * the NLM protocol doesn't allow the server to return an error
101 * on ranges, so we do it.
103 if (fl->l_whence != SEEK_END) {
104 if ((fl->l_whence != SEEK_CUR && fl->l_whence != SEEK_SET) ||
107 (fl->l_start == 0 || fl->l_start + fl->l_len < 0)))
110 (fl->l_len - 1 > OFF_MAX - fl->l_start))
115 * Fill in the information structure.
117 msg.lm_version = LOCKD_MSG_VERSION;
118 msg.lm_msg_ident.pid = p->p_pid;
120 * if there is no nfsowner table yet, allocate one.
122 if (p->p_nlminfo == NULL) {
123 MALLOC(p->p_nlminfo, struct nlminfo *,
124 sizeof(struct nlminfo), M_LOCKF, M_WAITOK | M_ZERO);
125 p->p_nlminfo->pid_start = p->p_stats->p_start;
127 msg.lm_msg_ident.pid_start = p->p_nlminfo->pid_start;
128 msg.lm_msg_ident.msg_seq = ++(p->p_nlminfo->msg_seq);
131 msg.lm_wait = ap->a_flags & F_WAIT;
132 msg.lm_getlk = ap->a_op == F_GETLK;
134 * XXX -- I think this is wrong for anything other AF_INET.
136 * XXX: the lm_cred assignment below directly exports a ucred
137 * structure to userland. This is probably wrong, and should at
140 msg.lm_addr = *(VFSTONFS(vp->v_mount)->nm_nam);
141 msg.lm_fh_len = NFS_ISV3(vp) ? VTONFS(vp)->n_fhsize : NFSX_V2FH;
142 bcopy(VTONFS(vp)->n_fhp, msg.lm_fh, msg.lm_fh_len);
143 msg.lm_nfsv3 = NFS_ISV3(vp);
144 msg.lm_cred = *(p->p_ucred);
147 * Open the lock fifo. If for any reason we don't find the fifo, it
148 * means that the lock daemon isn't running. Translate any missing
149 * file error message for the user, otherwise the application will
150 * complain that the user's file is missing, which isn't the case.
151 * Note that we use proc0's cred, so the fifo is opened as root.
153 * XXX: Note that this behavior is relative to the root directory
154 * of the current process, and this may result in a variety of
155 * {functional, security} problems in chroot() environments.
157 NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, _PATH_LCKFIFO, td);
160 * XXX Hack to temporarily allow this process (regardless of it's creds)
161 * to open the fifo we need to write to. vn_open() really should
162 * take a ucred (and once it does, this code should be fixed to use
165 * XXX: This introduces an exploitable race condition allowing
166 * a local attacker to gain root privilege.
168 saved_uid = p->p_ucred->cr_uid;
169 p->p_ucred->cr_uid = 0; /* temporarly run the vn_open as root */
171 fmode = FFLAGS(O_WRONLY);
172 error = vn_open(&nd, &fmode, 0);
173 p->p_ucred->cr_uid = saved_uid;
175 return (error == ENOENT ? EOPNOTSUPP : error);
178 VOP_UNLOCK(wvp, 0, td); /* vn_open leaves it locked */
183 VOP_LEASE(wvp, td, proc0.p_ucred, LEASE_WRITE);
185 error = vn_rdwr(UIO_WRITE, wvp, (caddr_t)&msg, sizeof(msg), 0,
186 UIO_SYSSPACE, ioflg, proc0.p_ucred, NULL, td);
188 if (error && (((ioflg & IO_NDELAY) == 0) || error != EAGAIN)) {
192 * If we're locking a file, wait for an answer. Unlocks succeed
195 if (fl->l_type == F_UNLCK)
197 * XXX this isn't exactly correct. The client side
198 * needs to continue sending it's unlock until
199 * it gets a responce back.
204 * retry after 20 seconds if we haven't gotten a responce yet.
205 * This number was picked out of thin air... but is longer
206 * then even a reasonably loaded system should take (at least
207 * on a local network). XXX Probably should use a back-off
210 if ((error = tsleep((void *)p->p_nlminfo,
211 PCATCH | PUSER, "lockd", 20*hz)) != 0) {
212 if (error == EWOULDBLOCK) {
214 * We timed out, so we rewrite the request
215 * to the fifo, but only if it isn't already
225 if (msg.lm_getlk && p->p_nlminfo->retcode == 0) {
226 if (p->p_nlminfo->set_getlk_pid) {
227 fl->l_pid = p->p_nlminfo->getlk_pid;
229 fl->l_type = F_UNLCK;
232 error = p->p_nlminfo->retcode;
236 if ((error1 = vn_close(wvp, FWRITE, proc0.p_ucred, td)) && error == 0)
244 * NFS advisory byte-level locks answer from the lock daemon.
247 nfslockdans(struct proc *p, struct lockd_ans *ansp)
251 /* Let root, or someone who once was root (lockd generally
252 * switches to the daemon uid once it is done setting up) make
255 * XXX This authorization check is probably not right.
257 if ((error = suser(p)) != 0 && p->p_ucred->cr_svuid != 0)
260 /* the version should match, or we're out of sync */
261 if (ansp->la_vers != LOCKD_ANS_VERSION)
264 /* Find the process, set its return errno and wake it up. */
265 if ((p = pfind(ansp->la_msg_ident.pid)) == NULL)
268 /* verify the pid hasn't been reused (if we can), and it isn't waiting
269 * for an answer from a more recent request. We return an EPIPE if
270 * the match fails, because we've already used ESRCH above, and this
271 * is sort of like writing on a pipe after the reader has closed it.
273 if (p->p_nlminfo == NULL ||
274 ((ansp->la_msg_ident.msg_seq != -1) &&
275 (timevalcmp(&p->p_nlminfo->pid_start,
276 &ansp->la_msg_ident.pid_start, !=) ||
277 p->p_nlminfo->msg_seq != ansp->la_msg_ident.msg_seq))) {
282 p->p_nlminfo->retcode = ansp->la_errno;
283 p->p_nlminfo->set_getlk_pid = ansp->la_set_getlk_pid;
284 p->p_nlminfo->getlk_pid = ansp->la_getlk_pid;
286 (void)wakeup((void *)p->p_nlminfo);