git: 56b45bf5f6e1 - stable/13 - nfsd: Enable the NFSD_VNET vnet front end macros

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Thu, 18 May 2023 23:02:58 UTC
The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=56b45bf5f6e14f9a46ee896543ad24070f11cc9c

commit 56b45bf5f6e14f9a46ee896543ad24070f11cc9c
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-02-18 22:59:36 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-18 22:59:27 +0000

    nfsd: Enable the NFSD_VNET vnet front end macros
    
    Several commits have added front end macros for the vnet
    macros to the NFS server, krpc and kgssapi.  These macros
    are now null, but this patch changes them to front end
    the vnet macros.
    
    With this commit, many global variables in the code become
    vnet'd, so that nfsd(8), nfsuserd(8), rpc.tlsservd(8) and
    gssd(8) can run in a vnet prison, once enabled.
    To run the NFS server in a vnet prison still requires a
    couple of patches (in D37741 and D38371) that allow mountd(8)
    to export file systems from within a vnet prison.  Once
    these are committed to main, a small patch to kern_jail.c
    allowing "allow.nfsd" without VNET_NFSD defined will allow
    the NFS server to run in a vnet prison.
    
    One area that still needs to be settled is cleanup when a
    prison is removed.  Without this, everything should work
    except there will be a leak of malloc'd data and mutex locks
    when a vnet prison is removed.
    
    (cherry picked from commit ed03776ca7f43de8275da80cfa89a9ecc4732f82)
---
 sys/fs/nfs/nfs_commonport.c         |  2 +-
 sys/fs/nfs/nfsport.h                | 26 +++++++++++++-------------
 sys/fs/nfsserver/nfs_fha_new.c      |  4 ++--
 sys/fs/nfsserver/nfs_nfsdport.c     |  2 +-
 sys/kgssapi/gssapi_impl.h           | 21 +++++++++++----------
 sys/rpc/rpcsec_gss/svc_rpcsec_gss.c |  2 +-
 sys/rpc/rpcsec_tls.h                | 22 +++++++++-------------
 7 files changed, 38 insertions(+), 41 deletions(-)

diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c
index 7fdcdf967fff..2079317f1f29 100644
--- a/sys/fs/nfs/nfs_commonport.c
+++ b/sys/fs/nfs/nfs_commonport.c
@@ -900,7 +900,7 @@ nfs_vnetinit(const void *unused __unused)
 	mtx_init(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx, "nfsuserd",
 	    NULL, MTX_DEF);
 }
-SYSINIT(nfs_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
+VNET_SYSINIT(nfs_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
     nfs_vnetinit, NULL);
 
 extern int (*nfsd_call_nfscommon)(struct thread *, struct nfssvc_args *);
diff --git a/sys/fs/nfs/nfsport.h b/sys/fs/nfs/nfsport.h
index 0a0e68787f65..bcfbae857755 100644
--- a/sys/fs/nfs/nfsport.h
+++ b/sys/fs/nfs/nfsport.h
@@ -181,19 +181,19 @@
  */
 #define	NFSMUTEX_T		struct mtx
 
-/* Define the NFSD_VNET macros similar to !VIMAGE. */
-#define	NFSD_VNET_NAME(n)		n
-#define	NFSD_VNET_DECLARE(t, n)		extern t n
-#define	NFSD_VNET_DEFINE(t, n)		t n
-#define	NFSD_VNET_DEFINE_STATIC(t, n)	static t n
-#define	NFSD_VNET(n)			(n)
-
-#define	CTLFLAG_NFSD_VNET		0
-
-#define	NFSD_CURVNET_SET(n)
-#define	NFSD_CURVNET_SET_QUIET(n)
-#define	NFSD_CURVNET_RESTORE()
-#define	NFSD_TD_TO_VNET(n)		NULL
+/* Just define the NFSD_VNETxxx() macros as VNETxxx() macros. */
+#define	NFSD_VNET_NAME(n)		VNET_NAME(n)
+#define	NFSD_VNET_DECLARE(t, n)		VNET_DECLARE(t, n)
+#define	NFSD_VNET_DEFINE(t, n)		VNET_DEFINE(t, n)
+#define	NFSD_VNET_DEFINE_STATIC(t, n)	VNET_DEFINE_STATIC(t, n)
+#define	NFSD_VNET(n)			VNET(n)
+
+#define	CTLFLAG_NFSD_VNET		CTLFLAG_VNET
+
+#define	NFSD_CURVNET_SET(n)		CURVNET_SET(n)
+#define	NFSD_CURVNET_SET_QUIET(n)	CURVNET_SET_QUIET(n)
+#define	NFSD_CURVNET_RESTORE()		CURVNET_RESTORE()
+#define	NFSD_TD_TO_VNET(n)		TD_TO_VNET(n)
 
 #endif	/* _KERNEL */
 
diff --git a/sys/fs/nfsserver/nfs_fha_new.c b/sys/fs/nfsserver/nfs_fha_new.c
index 3d18083f7205..20343c7c846f 100644
--- a/sys/fs/nfsserver/nfs_fha_new.c
+++ b/sys/fs/nfsserver/nfs_fha_new.c
@@ -100,8 +100,8 @@ SYSCTL_PROC(_vfs_nfsd_fha, OID_AUTO, fhe_stats,
 
 extern int newnfs_nfsv3_procid[];
 
-SYSINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_init, NULL);
-SYSUNINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_uninit, NULL);
+VNET_SYSINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_init, NULL);
+VNET_SYSUNINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_uninit, NULL);
 
 static void
 fhanew_init(void *foo)
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index bee9388261fd..578978537cbc 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -6898,7 +6898,7 @@ nfsrv_vnetinit(const void *unused __unused)
 
 	nfsd_mntinit();
 }
-SYSINIT(nfsrv_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
+VNET_SYSINIT(nfsrv_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
     nfsrv_vnetinit, NULL);
 
 /*
diff --git a/sys/kgssapi/gssapi_impl.h b/sys/kgssapi/gssapi_impl.h
index 72f379de4ebf..21c77ec61d8c 100644
--- a/sys/kgssapi/gssapi_impl.h
+++ b/sys/kgssapi/gssapi_impl.h
@@ -31,6 +31,8 @@
 
 #include "gssd.h"
 
+#include <net/vnet.h>
+
 MALLOC_DECLARE(M_GSSAPI);
 
 struct _gss_ctx_id_t {
@@ -55,17 +57,16 @@ struct kgss_mech {
 LIST_HEAD(kgss_mech_list, kgss_mech);
 
 /* Macros for VIMAGE. */
-/* Define the KGSS_VNET macros similar to !VIMAGE. */
-#define	KGSS_VNET_NAME(n)		n
-#define	KGSS_VNET_DECLARE(t, n)		extern t n
-#define	KGSS_VNET_DEFINE(t, n)		t n
-#define	KGSS_VNET_DEFINE_STATIC(t, n)	static t n
-#define	KGSS_VNET(n)			(n)
+/* Just define the KGSS_VNETxxx() macros as VNETxxx() macros. */
+#define	KGSS_VNET_DEFINE(t, n)		VNET_DEFINE(t, n)
+#define	KGSS_VNET_DEFINE_STATIC(t, n)	VNET_DEFINE_STATIC(t, n)
+#define	KGSS_VNET_DECLARE(t, n)		VNET_DECLARE(t, n)
+#define	KGSS_VNET(n)			VNET(n)
 
-#define	KGSS_CURVNET_SET(n)
-#define	KGSS_CURVNET_SET_QUIET(n)
-#define	KGSS_CURVNET_RESTORE()
-#define	KGSS_TD_TO_VNET(n)		NULL
+#define	KGSS_CURVNET_SET(n)		CURVNET_SET(n)
+#define	KGSS_CURVNET_SET_QUIET(n)	CURVNET_SET_QUIET(n)
+#define	KGSS_CURVNET_RESTORE()		CURVNET_RESTORE()
+#define	KGSS_TD_TO_VNET(n)		TD_TO_VNET(n)
 
 extern struct mtx kgss_gssd_lock;
 extern struct kgss_mech_list kgss_mechs;
diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
index 693359eff6d6..6c3cbe619c8c 100644
--- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
+++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
@@ -221,7 +221,7 @@ svc_rpc_gss_init(void *arg)
 		sx_init(&svc_rpc_gss_lock, "gsslock");
 	}
 }
-SYSINIT(svc_rpc_gss_init, SI_SUB_VNET_DONE, SI_ORDER_ANY,
+VNET_SYSINIT(svc_rpc_gss_init, SI_SUB_VNET_DONE, SI_ORDER_ANY,
     svc_rpc_gss_init, NULL);
 
 bool_t
diff --git a/sys/rpc/rpcsec_tls.h b/sys/rpc/rpcsec_tls.h
index 5781424a6180..5f53fc73fbd0 100644
--- a/sys/rpc/rpcsec_tls.h
+++ b/sys/rpc/rpcsec_tls.h
@@ -86,19 +86,15 @@ bool		rpctls_getinfo(u_int *maxlen, bool rpctlscd_run,
 #define	RPCTLS_REFNO_HANDSHAKE	0xFFFFFFFFFFFFFFFFULL
 
 /* Macros for VIMAGE. */
-/* Define the KRPC_VNET macros similar to !VIMAGE. */
-#define	KRPC_VNET_NAME(n)		n
-#define	KRPC_VNET_DECLARE(t, n)		extern t n
-#define	KRPC_VNET_DEFINE(t, n)		t n
-#define	KRPC_VNET_DEFINE_STATIC(t, n)	static t n
-#define	KRPC_VNET(n)			(n)
-
-#define	CTLFLAG_KRPC_VNET		0
-
-#define	KRPC_CURVNET_SET(n)
-#define	KRPC_CURVNET_SET_QUIET(n)
-#define	KRPC_CURVNET_RESTORE()
-#define	KRPC_TD_TO_VNET(n)		NULL
+/* Just define the KRPC_VNETxxx() macros as VNETxxx() macros. */
+#define	KRPC_VNET_DEFINE(t, n)		VNET_DEFINE(t, n)
+#define	KRPC_VNET_DEFINE_STATIC(t, n)	VNET_DEFINE_STATIC(t, n)
+#define	KRPC_VNET(n)			VNET(n)
+
+#define	KRPC_CURVNET_SET(n)		CURVNET_SET(n)
+#define	KRPC_CURVNET_SET_QUIET(n)	CURVNET_SET_QUIET(n)
+#define	KRPC_CURVNET_RESTORE()		CURVNET_RESTORE()
+#define	KRPC_TD_TO_VNET(n)		TD_TO_VNET(n)
 
 #endif	/* _KERNEL */