git: b575f97c831e - stable/13 - nfsd: Disable the NFSv4.2 Allocate operation by default
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 25 Oct 2021 21:36:36 UTC
The branch stable/13 has been updated by rmacklem:
URL: https://cgit.FreeBSD.org/src/commit/?id=b575f97c831eccc4f9e8cbd707f9f58df37440c5
commit b575f97c831eccc4f9e8cbd707f9f58df37440c5
Author: Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2021-10-11 01:46:02 +0000
Commit: Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2021-10-25 21:32:42 +0000
nfsd: Disable the NFSv4.2 Allocate operation by default
Some exported file systems, such as ZFS ones, cannot do VOP_ALLOCATE().
Since an NFSv4.2 server must either support the Allocate operation for
all file systems or not support it at all, define a sysctl called
vfs.nfsd.enable_v42allocate to enable the Allocate operation.
This sysctl is false by default and can only be set true if all
exported file systems (or all DSs for a pNFS server) can perform
VOP_ALLOCATE().
Unfortunately, there is no way to know if a ZFS file system will
be exported once the nfsd is operational, even if there are none
exported when the nfsd is started up, so enabling Allocate must
be done manually for a server configuration.
This problem was detected during a recent NFSv4 interoperability
testing event held by the IETF working group.
(cherry picked from commit dfe887b7d2265a5c6e0132cc03e006eb68223177)
---
sys/fs/nfsserver/nfs_nfsdserv.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c
index ab02df2c4a46..7ca766c99069 100644
--- a/sys/fs/nfsserver/nfs_nfsdserv.c
+++ b/sys/fs/nfsserver/nfs_nfsdserv.c
@@ -91,6 +91,14 @@ SYSCTL_STRING(_vfs_nfsd, OID_AUTO, owner_major, CTLFLAG_RWTUN,
static uint64_t nfsrv_owner_minor;
SYSCTL_U64(_vfs_nfsd, OID_AUTO, owner_minor, CTLFLAG_RWTUN,
&nfsrv_owner_minor, 0, "Server owner minor");
+/*
+ * Only enable this if all your exported file systems
+ * (or pNFS DSs for the pNFS case) support VOP_ALLOCATE.
+ */
+static bool nfsrv_doallocate = false;
+SYSCTL_BOOL(_vfs_nfsd, OID_AUTO, enable_v42allocate, CTLFLAG_RW,
+ &nfsrv_doallocate, 0,
+ "Enable NFSv4.2 Allocate operation");
/*
* This list defines the GSS mechanisms supported.
@@ -5324,6 +5332,16 @@ nfsrvd_allocate(struct nfsrv_descript *nd, __unused int isdgram,
nfsquad_t clientid;
nfsattrbit_t attrbits;
+ if (!nfsrv_doallocate) {
+ /*
+ * If any exported file system, such as a ZFS one, cannot
+ * do VOP_ALLOCATE(), this operation cannot be supported
+ * for NFSv4.2. This cannot be done 'per filesystem', but
+ * must be for the entire nfsd NFSv4.2 service.
+ */
+ nd->nd_repstat = NFSERR_NOTSUPP;
+ goto nfsmout;
+ }
gotproxystateid = 0;
NFSM_DISSECT(tl, uint32_t *, NFSX_STATEID + 2 * NFSX_HYPER);
stp->ls_flags = (NFSLCK_CHECK | NFSLCK_WRITEACCESS);
@@ -5390,9 +5408,13 @@ nfsrvd_allocate(struct nfsrv_descript *nd, __unused int isdgram,
nd->nd_repstat = nfsrv_lockctrl(vp, &stp, &lop, NULL, clientid,
&stateid, exp, nd, curthread);
+ NFSD_DEBUG(4, "nfsrvd_allocate: off=%jd len=%jd stat=%d\n",
+ (intmax_t)off, (intmax_t)len, nd->nd_repstat);
if (nd->nd_repstat == 0)
nd->nd_repstat = nfsvno_allocate(vp, off, len, nd->nd_cred,
curthread);
+ NFSD_DEBUG(4, "nfsrvd_allocate: aft nfsvno_allocate=%d\n",
+ nd->nd_repstat);
vput(vp);
NFSEXITCODE2(0, nd);
return (0);