2 * Copyright (c) 1989, 1991, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software contributed to Berkeley by
6 * Rick Macklem at The University of Guelph.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * @(#)nfs_socket.c 8.5 (Berkeley) 3/30/95
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
39 * Socket operations for use by nfs
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/kernel.h>
48 #include <sys/malloc.h>
50 #include <sys/mount.h>
51 #include <sys/mutex.h>
53 #include <sys/protosw.h>
54 #include <sys/refcount.h>
55 #include <sys/signalvar.h>
56 #include <sys/socket.h>
57 #include <sys/socketvar.h>
58 #include <sys/sysctl.h>
59 #include <sys/syslog.h>
60 #include <sys/vnode.h>
62 #include <netinet/in.h>
63 #include <netinet/tcp.h>
65 #include <nfs/rpcv2.h>
66 #include <nfs/nfsproto.h>
67 #include <nfsserver/nfs.h>
68 #include <nfs/xdr_subs.h>
69 #include <nfsserver/nfsm_subs.h>
71 #include <security/mac/mac_framework.h>
78 static int nfs_realign_test;
79 static int nfs_realign_count;
81 SYSCTL_DECL(_vfs_nfsrv);
83 SYSCTL_INT(_vfs_nfsrv, OID_AUTO, realign_test, CTLFLAG_RW, &nfs_realign_test, 0, "");
84 SYSCTL_INT(_vfs_nfsrv, OID_AUTO, realign_count, CTLFLAG_RW, &nfs_realign_count, 0, "");
88 * There is a congestion window for outstanding rpcs maintained per mount
89 * point. The cwnd size is adjusted in roughly the way that:
90 * Van Jacobson, Congestion avoidance and Control, In "Proceedings of
91 * SIGCOMM '88". ACM, August 1988.
92 * describes for TCP. The cwnd size is chopped in half on a retransmit timeout
93 * and incremented by 1/cwnd when each rpc reply is received and a full cwnd
94 * of rpcs is in progress.
95 * (The sent count and cwnd are scaled for integer arith.)
96 * Variants of "slow start" were tried and were found to be too much of a
97 * performance hit (ave. rtt 3 times larger),
98 * I suspect due to the large rtt that nfs rpcs have.
100 #define NFS_CWNDSCALE 256
101 #define NFS_MAXCWND (NFS_CWNDSCALE * 32)
102 struct callout nfsrv_callout;
104 static void nfs_realign(struct mbuf **pm, int hsiz); /* XXX SHARED */
105 static int nfsrv_getstream(struct nfssvc_sock *, int);
107 int32_t (*nfsrv3_procs[NFS_NPROCS])(struct nfsrv_descript *nd,
108 struct nfssvc_sock *slp,
109 struct mbuf **mreqp) = {
137 * Generate the rpc reply header
138 * siz arg. is used to decide if adding a cluster is worthwhile
141 nfs_rephead(int siz, struct nfsrv_descript *nd, int err,
142 struct mbuf **mbp, caddr_t *bposp)
149 nd->nd_repstat = err;
150 if (err && (nd->nd_flag & ND_NFSV3) == 0) /* XXX recheck */
152 MGETHDR(mreq, M_WAIT, MT_DATA);
155 * If this is a big reply, use a cluster else
156 * try and leave leading space for the lower level headers.
158 mreq->m_len = 6 * NFSX_UNSIGNED;
160 if ((max_hdr + siz) >= MINCLSIZE) {
161 MCLGET(mreq, M_WAIT);
163 mreq->m_data += min(max_hdr, M_TRAILINGSPACE(mreq));
164 tl = mtod(mreq, u_int32_t *);
165 bpos = ((caddr_t)tl) + mreq->m_len;
166 *tl++ = txdr_unsigned(nd->nd_retxid);
167 *tl++ = nfsrv_rpc_reply;
168 if (err == ERPCMISMATCH || (err & NFSERR_AUTHERR)) {
169 *tl++ = nfsrv_rpc_msgdenied;
170 if (err & NFSERR_AUTHERR) {
171 *tl++ = nfsrv_rpc_autherr;
172 *tl = txdr_unsigned(err & ~NFSERR_AUTHERR);
173 mreq->m_len -= NFSX_UNSIGNED;
174 bpos -= NFSX_UNSIGNED;
176 *tl++ = nfsrv_rpc_mismatch;
177 *tl++ = txdr_unsigned(RPC_VER2);
178 *tl = txdr_unsigned(RPC_VER2);
181 *tl++ = nfsrv_rpc_msgaccepted;
183 * Send a RPCAUTH_NULL verifier - no Kerberos.
189 *tl = txdr_unsigned(RPC_PROGUNAVAIL);
192 *tl = txdr_unsigned(RPC_PROGMISMATCH);
193 tl = nfsm_build(u_int32_t *, 2 * NFSX_UNSIGNED);
194 *tl++ = txdr_unsigned(2);
195 *tl = txdr_unsigned(3);
198 *tl = txdr_unsigned(RPC_PROCUNAVAIL);
201 *tl = txdr_unsigned(RPC_GARBAGE);
205 if (err != NFSERR_RETVOID) {
206 tl = nfsm_build(u_int32_t *, NFSX_UNSIGNED);
208 *tl = txdr_unsigned(nfsrv_errmap(nd, err));
217 if (err != 0 && err != NFSERR_RETVOID)
218 nfsrvstats.srvrpc_errs++;
226 * Check for badly aligned mbuf data and realign by copying the unaligned
227 * portion of the data into a new mbuf chain and freeing the portions
228 * of the old chain that were replaced.
230 * We cannot simply realign the data within the existing mbuf chain
231 * because the underlying buffers may contain other rpc commands and
232 * we cannot afford to overwrite them.
234 * We would prefer to avoid this situation entirely. The situation does
235 * not occur with NFS/UDP and is supposed to only occassionally occur
236 * with TCP. Use vfs.nfs.realign_count and realign_test to check this.
239 nfs_realign(struct mbuf **pm, int hsiz) /* XXX COMMON */
242 struct mbuf *n = NULL;
246 while ((m = *pm) != NULL) {
247 if ((m->m_len & 0x3) || (mtod(m, intptr_t) & 0x3)) {
248 MGET(n, M_WAIT, MT_DATA);
249 if (m->m_len >= MINCLSIZE) {
259 * If n is non-NULL, loop on m copying data, then replace the
260 * portion of the chain that had to be realigned.
265 m_copyback(n, off, m->m_len, mtod(m, caddr_t));
276 * Parse an RPC request
278 * - fill in the cred struct.
281 nfs_getreq(struct nfsrv_descript *nd, struct nfsd *nfsd, int has_header)
286 u_int32_t nfsvers, auth_type;
288 struct mbuf *mrep, *md;
296 tl = nfsm_dissect_nonblock(u_int32_t *, 10 * NFSX_UNSIGNED);
297 nd->nd_retxid = fxdr_unsigned(u_int32_t, *tl++);
298 if (*tl++ != nfsrv_rpc_call) {
303 tl = nfsm_dissect_nonblock(u_int32_t *, 8 * NFSX_UNSIGNED);
306 if (*tl++ != nfsrv_rpc_vers) {
307 nd->nd_repstat = ERPCMISMATCH;
308 nd->nd_procnum = NFSPROC_NOOP;
311 if (*tl != nfsrv_nfs_prog) {
312 nd->nd_repstat = EPROGUNAVAIL;
313 nd->nd_procnum = NFSPROC_NOOP;
317 nfsvers = fxdr_unsigned(u_int32_t, *tl++);
318 if (nfsvers < NFS_VER2 || nfsvers > NFS_VER3) {
319 nd->nd_repstat = EPROGMISMATCH;
320 nd->nd_procnum = NFSPROC_NOOP;
323 nd->nd_procnum = fxdr_unsigned(u_int32_t, *tl++);
324 if (nd->nd_procnum == NFSPROC_NULL)
326 if (nfsvers == NFS_VER3) {
327 nd->nd_flag = ND_NFSV3;
328 if (nd->nd_procnum >= NFS_NPROCS) {
329 nd->nd_repstat = EPROCUNAVAIL;
330 nd->nd_procnum = NFSPROC_NOOP;
334 if (nd->nd_procnum > NFSV2PROC_STATFS) {
335 nd->nd_repstat = EPROCUNAVAIL;
336 nd->nd_procnum = NFSPROC_NOOP;
339 /* Map the v2 procedure numbers into v3 ones */
340 nd->nd_procnum = nfsrv_nfsv3_procid[nd->nd_procnum];
343 len = fxdr_unsigned(int, *tl++);
344 if (len < 0 || len > RPCAUTH_MAXSIZ) {
352 if (auth_type == nfsrv_rpc_auth_unix) {
353 len = fxdr_unsigned(int, *++tl);
354 if (len < 0 || len > NFS_MAXNAMLEN) {
358 nfsm_adv(nfsm_rndup(len));
359 tl = nfsm_dissect_nonblock(u_int32_t *, 3 * NFSX_UNSIGNED);
360 nd->nd_cr->cr_uid = nd->nd_cr->cr_ruid =
361 nd->nd_cr->cr_svuid = fxdr_unsigned(uid_t, *tl++);
362 nd->nd_cr->cr_groups[0] = nd->nd_cr->cr_rgid =
363 nd->nd_cr->cr_svgid = fxdr_unsigned(gid_t, *tl++);
365 mac_cred_associate_nfsd(nd->nd_cr);
367 len = fxdr_unsigned(int, *tl);
368 if (len < 0 || len > RPCAUTH_UNIXGIDS) {
372 tl = nfsm_dissect_nonblock(u_int32_t *, (len + 2) * NFSX_UNSIGNED);
373 for (i = 1; i <= len; i++)
375 nd->nd_cr->cr_groups[i] = fxdr_unsigned(gid_t, *tl++);
378 nd->nd_cr->cr_ngroups = (len >= NGROUPS) ? NGROUPS : (len + 1);
379 if (nd->nd_cr->cr_ngroups > 1)
380 nfsrvw_sort(nd->nd_cr->cr_groups, nd->nd_cr->cr_ngroups);
381 len = fxdr_unsigned(int, *++tl);
382 if (len < 0 || len > RPCAUTH_MAXSIZ) {
387 nfsm_adv(nfsm_rndup(len));
388 nd->nd_credflavor = RPCAUTH_UNIX;
390 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_REJECTCRED);
391 nd->nd_procnum = NFSPROC_NOOP;
403 * Socket upcall routine for the nfsd sockets.
404 * The caddr_t arg is a pointer to the "struct nfssvc_sock".
405 * Essentially do as much as possible non-blocking, else punt and it will
406 * be called with M_WAIT from an nfsd.
409 nfsrv_rcv(struct socket *so, void *arg, int waitflag)
411 struct nfssvc_sock *slp = (struct nfssvc_sock *)arg;
414 struct sockaddr *nam;
418 NFSD_UNLOCK_ASSERT();
420 /* XXXRW: Unlocked read. */
421 if ((slp->ns_flag & SLP_VALID) == 0)
425 * We can't do this in the context of a socket callback
426 * because we're called with locks held.
429 if (waitflag == M_DONTWAIT) {
431 slp->ns_flag |= SLP_NEEDQ;
438 if (so->so_type == SOCK_STREAM) {
440 * If there are already records on the queue, defer soreceive()
441 * to an nfsd so that there is feedback to the TCP layer that
442 * the nfs servers are heavily loaded.
444 if (STAILQ_FIRST(&slp->ns_rec) != NULL &&
445 waitflag == M_DONTWAIT) {
446 slp->ns_flag |= SLP_NEEDQ;
453 auio.uio_resid = 1000000000;
454 flags = MSG_DONTWAIT;
456 error = soreceive(so, &nam, &auio, &mp, NULL, &flags);
458 if (error || mp == NULL) {
459 if (error == EWOULDBLOCK)
460 slp->ns_flag |= SLP_NEEDQ;
462 slp->ns_flag |= SLP_DISCONN;
466 if (slp->ns_rawend) {
467 slp->ns_rawend->m_next = m;
468 slp->ns_cc += 1000000000 - auio.uio_resid;
471 slp->ns_cc = 1000000000 - auio.uio_resid;
478 * Now try and parse record(s) out of the raw stream data.
480 error = nfsrv_getstream(slp, waitflag);
483 slp->ns_flag |= SLP_DISCONN;
485 slp->ns_flag |= SLP_NEEDQ;
489 auio.uio_resid = 1000000000;
490 flags = MSG_DONTWAIT;
492 error = soreceive(so, &nam, &auio, &mp, NULL, &flags);
494 struct nfsrv_rec *rec;
495 rec = malloc(sizeof(struct nfsrv_rec),
497 waitflag == M_DONTWAIT ? M_NOWAIT : M_WAITOK);
505 nfs_realign(&mp, 10 * NFSX_UNSIGNED);
507 rec->nr_address = nam;
509 STAILQ_INSERT_TAIL(&slp->ns_rec, rec, nr_link);
513 if ((so->so_proto->pr_flags & PR_CONNREQUIRED)
514 && error != EWOULDBLOCK) {
515 slp->ns_flag |= SLP_DISCONN;
523 * Now try and process the request records, non-blocking.
526 if (waitflag == M_DONTWAIT &&
527 (STAILQ_FIRST(&slp->ns_rec) != NULL ||
528 (slp->ns_flag & (SLP_NEEDQ | SLP_DISCONN))))
534 * Try and extract an RPC request from the mbuf data list received on a
535 * stream socket. The "waitflag" argument indicates whether or not it
539 nfsrv_getstream(struct nfssvc_sock *slp, int waitflag)
541 struct mbuf *m, **mpp;
544 struct mbuf *om, *m2, *recm;
549 if (slp->ns_flag & SLP_GETSTREAM)
550 panic("nfs getstream");
551 slp->ns_flag |= SLP_GETSTREAM;
553 if (slp->ns_reclen == 0) {
554 if (slp->ns_cc < NFSX_UNSIGNED) {
555 slp->ns_flag &= ~SLP_GETSTREAM;
559 if (m->m_len >= NFSX_UNSIGNED) {
560 bcopy(mtod(m, caddr_t), (caddr_t)&recmark, NFSX_UNSIGNED);
561 m->m_data += NFSX_UNSIGNED;
562 m->m_len -= NFSX_UNSIGNED;
564 cp1 = (caddr_t)&recmark;
565 cp2 = mtod(m, caddr_t);
566 while (cp1 < ((caddr_t)&recmark) + NFSX_UNSIGNED) {
567 while (m->m_len == 0) {
569 cp2 = mtod(m, caddr_t);
576 slp->ns_cc -= NFSX_UNSIGNED;
577 recmark = ntohl(recmark);
578 slp->ns_reclen = recmark & ~0x80000000;
579 if (recmark & 0x80000000)
580 slp->ns_flag |= SLP_LASTFRAG;
582 slp->ns_flag &= ~SLP_LASTFRAG;
583 if (slp->ns_reclen > NFS_MAXPACKET || slp->ns_reclen <= 0) {
584 slp->ns_flag &= ~SLP_GETSTREAM;
590 * Now get the record part.
592 * Note that slp->ns_reclen may be 0. Linux sometimes
593 * generates 0-length RPCs.
596 if (slp->ns_cc == slp->ns_reclen) {
598 slp->ns_raw = slp->ns_rawend = NULL;
599 slp->ns_cc = slp->ns_reclen = 0;
600 } else if (slp->ns_cc > slp->ns_reclen) {
605 while (len < slp->ns_reclen) {
606 if ((len + m->m_len) > slp->ns_reclen) {
608 m2 = m_copym(m, 0, slp->ns_reclen - len,
617 m->m_data += slp->ns_reclen - len;
618 m->m_len -= slp->ns_reclen - len;
619 len = slp->ns_reclen;
621 slp->ns_flag &= ~SLP_GETSTREAM;
622 return (EWOULDBLOCK);
624 } else if ((len + m->m_len) == slp->ns_reclen) {
640 slp->ns_flag &= ~SLP_GETSTREAM;
645 * Accumulate the fragments into a record.
649 mpp = &((*mpp)->m_next);
651 if (slp->ns_flag & SLP_LASTFRAG) {
652 struct nfsrv_rec *rec;
654 rec = malloc(sizeof(struct nfsrv_rec), M_NFSRVDESC,
655 waitflag == M_DONTWAIT ? M_NOWAIT : M_WAITOK);
657 nfs_realign(&slp->ns_frag, 10 * NFSX_UNSIGNED);
658 rec->nr_address = NULL;
659 rec->nr_packet = slp->ns_frag;
661 STAILQ_INSERT_TAIL(&slp->ns_rec, rec, nr_link);
666 m_freem(slp->ns_frag);
674 * Parse an RPC header.
677 nfsrv_dorec(struct nfssvc_sock *slp, struct nfsd *nfsd,
678 struct nfsrv_descript **ndp)
680 struct nfsrv_rec *rec;
682 struct sockaddr *nam;
683 struct nfsrv_descript *nd;
689 if ((slp->ns_flag & SLP_VALID) == 0 ||
690 STAILQ_FIRST(&slp->ns_rec) == NULL)
692 rec = STAILQ_FIRST(&slp->ns_rec);
693 KASSERT(rec->nr_packet != NULL, ("nfsrv_dorec: missing mbuf"));
694 STAILQ_REMOVE_HEAD(&slp->ns_rec, nr_link);
695 nam = rec->nr_address;
697 free(rec, M_NFSRVDESC);
699 nd = malloc(sizeof (struct nfsrv_descript),
700 M_NFSRVDESC, M_WAITOK);
703 nd->nd_md = nd->nd_mrep = m;
705 nd->nd_dpos = mtod(m, caddr_t);
706 error = nfs_getreq(nd, nfsd, TRUE);
711 if (nd->nd_cr != NULL)
713 free((caddr_t)nd, M_NFSRVDESC);
722 * Search for a sleeping nfsd and wake it up.
723 * SIDE EFFECT: If none found, set NFSD_CHECKSLP flag, so that one of the
724 * running nfsds will go look for the work in the nfssvc_sock list.
727 nfsrv_wakenfsd(struct nfssvc_sock *slp)
733 if ((slp->ns_flag & SLP_VALID) == 0)
735 TAILQ_FOREACH(nd, &nfsd_head, nfsd_chain) {
736 if (nd->nfsd_flag & NFSD_WAITING) {
737 nd->nfsd_flag &= ~NFSD_WAITING;
739 panic("nfsd wakeup");
746 slp->ns_flag |= SLP_DOREC;
747 nfsd_head_flag |= NFSD_CHECKSLP;
751 * This is the nfs send routine.
752 * For the server side:
753 * - return EINTR or ERESTART if interrupted by a signal
754 * - return EPIPE if a connection is lost for connection based sockets (TCP...)
755 * - do any cleanup required by recoverable socket errors (?)
758 nfsrv_send(struct socket *so, struct sockaddr *nam, struct mbuf *top)
760 struct sockaddr *sendnam;
761 int error, soflags, flags;
763 NFSD_UNLOCK_ASSERT();
765 soflags = so->so_proto->pr_flags;
766 if ((soflags & PR_CONNREQUIRED) || (so->so_state & SS_ISCONNECTED))
770 if (so->so_type == SOCK_SEQPACKET)
775 error = sosend(so, sendnam, 0, top, 0, flags, curthread/*XXX*/);
776 if (error == ENOBUFS && so->so_type == SOCK_DGRAM)
780 log(LOG_INFO, "nfsd send error %d\n", error);
783 * Handle any recoverable (soft) socket errors here. (?)
785 if (error != EINTR && error != ERESTART &&
786 error != EWOULDBLOCK && error != EPIPE)
793 * NFS server timer routine.
796 nfsrv_timer(void *arg)
798 struct nfssvc_sock *slp;
803 * Scan the write gathering queues for writes that need to be
806 cur_usec = nfs_curusec();
807 TAILQ_FOREACH(slp, &nfssvc_sockhead, ns_chain) {
808 if (LIST_FIRST(&slp->ns_tq) &&
809 LIST_FIRST(&slp->ns_tq)->nd_time <= cur_usec)
813 callout_reset(&nfsrv_callout, nfsrv_ticks, nfsrv_timer, NULL);
816 #endif /* NFS_LEGACYRPC */