svn commit: r364092 - in head/sys: fs/nfs fs/nfsclient fs/nfsserver rpc sys

Rick Macklem rmacklem at FreeBSD.org
Tue Aug 11 00:26:48 UTC 2020 

Author: rmacklem
Date: Tue Aug 11 00:26:45 2020
New Revision: 364092
URL: https://svnweb.freebsd.org/changeset/base/364092

Log:
  Add an argument to newnfs_connect() that indicates use TLS for the connection.
  
  For NFSv4.0, the server creates a server->client TCP connection for callbacks.
  If the client mount on the server is using TLS, enable TLS for this callback
  TCP connection.
  TLS connections from clients will not be supported until the kernel RPC
  changes are committed.
  
  Since this changes the internal ABI between the NFS kernel modules that
  will require a version bump, delete newnfs_trimtrailing(), which is no
  longer used.
  
  Since LCL_TLSCB is not yet set, these changes should not have any semantic
  affect at this time.

Modified:
  head/sys/fs/nfs/nfs.h
  head/sys/fs/nfs/nfs_commonkrpc.c
  head/sys/fs/nfs/nfs_commonsubs.c
  head/sys/fs/nfs/nfs_var.h
  head/sys/fs/nfsclient/nfs_clrpcops.c
  head/sys/fs/nfsclient/nfs_clvfsops.c
  head/sys/fs/nfsserver/nfs_nfsdstate.c
  head/sys/rpc/clnt.h
  head/sys/sys/param.h

Modified: head/sys/fs/nfs/nfs.h
==============================================================================
--- head/sys/fs/nfs/nfs.h	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/fs/nfs/nfs.h	Tue Aug 11 00:26:45 2020	(r364092)
@@ -336,6 +336,7 @@ struct nfsreferral {
 #define	LCL_DONEBINDCONN	0x00040000
 #define	LCL_RECLAIMONEFS	0x00080000
 #define	LCL_NFSV42		0x00100000
+#define	LCL_TLSCB		0x00200000
 
 #define	LCL_GSS		LCL_KERBV	/* Or of all mechs */
 

Modified: head/sys/fs/nfs/nfs_commonkrpc.c
==============================================================================
--- head/sys/fs/nfs/nfs_commonkrpc.c	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/fs/nfs/nfs_commonkrpc.c	Tue Aug 11 00:26:45 2020	(r364092)
@@ -167,7 +167,7 @@ static int nfsv2_procid[NFS_V3NPROCS] = {
  */
 int
 newnfs_connect(struct nfsmount *nmp, struct nfssockreq *nrp,
-    struct ucred *cred, NFSPROC_T *p, int callback_retry_mult)
+    struct ucred *cred, NFSPROC_T *p, int callback_retry_mult, bool dotls)
 {
 	int rcvreserve, sndreserve;
 	int pktscale, pktscalesav;
@@ -374,6 +374,8 @@ newnfs_connect(struct nfsmount *nmp, struct nfssockreq
 		} else {
 			retries = NFSV4_CALLBACKRETRY * callback_retry_mult;
 		}
+		if (dotls)
+			CLNT_CONTROL(client, CLSET_TLS, &one);
 	}
 	CLNT_CONTROL(client, CLSET_RETRIES, &retries);
 
@@ -586,7 +588,7 @@ newnfs_request(struct nfsrv_descript *nd, struct nfsmo
 	 * and let clnt_reconnect_create handle reconnects.
 	 */
 	if (nrp->nr_client == NULL)
-		newnfs_connect(nmp, nrp, cred, td, 0);
+		newnfs_connect(nmp, nrp, cred, td, 0, false);
 
 	/*
 	 * For a client side mount, nmp is != NULL and clp == NULL. For

Modified: head/sys/fs/nfs/nfs_commonsubs.c
==============================================================================
--- head/sys/fs/nfs/nfs_commonsubs.c	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/fs/nfs/nfs_commonsubs.c	Tue Aug 11 00:26:45 2020	(r364092)
@@ -1058,25 +1058,6 @@ nfsaddr2_match(NFSSOCKADDR_T nam1, NFSSOCKADDR_T nam2)
 }
 
 /*
- * Trim trailing data off the mbuf list being built.
- */
-void
-newnfs_trimtrailing(nd, mb, bpos)
-	struct nfsrv_descript *nd;
-	struct mbuf *mb;
-	caddr_t bpos;
-{
-
-	if (mb->m_next) {
-		m_freem(mb->m_next);
-		mb->m_next = NULL;
-	}
-	mb->m_len = bpos - mtod(mb, caddr_t);
-	nd->nd_mb = mb;
-	nd->nd_bpos = bpos;
-}
-
-/*
  * Dissect a file handle on the client.
  */
 int
@@ -3650,7 +3631,7 @@ nfsrv_nfsuserdport(struct nfsuserd_args *nargs, NFSPRO
  	}
 	rp->nr_vers = RPCNFSUSERD_VERS;
 	if (error == 0)
-		error = newnfs_connect(NULL, rp, NFSPROCCRED(p), p, 0);
+		error = newnfs_connect(NULL, rp, NFSPROCCRED(p), p, 0, false);
 	if (error == 0) {
 		NFSLOCKNAMEID();
 		nfsrv_nfsuserd = RUNNING;

Modified: head/sys/fs/nfs/nfs_var.h
==============================================================================
--- head/sys/fs/nfs/nfs_var.h	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/fs/nfs/nfs_var.h	Tue Aug 11 00:26:45 2020	(r364092)
@@ -324,8 +324,6 @@ int nfsm_mbufuio(struct nfsrv_descript *, struct uio *
 int nfsm_fhtom(struct nfsrv_descript *, u_int8_t *, int, int);
 int nfsm_advance(struct nfsrv_descript *, int, int);
 void *nfsm_dissct(struct nfsrv_descript *, int, int);
-void newnfs_trimtrailing(struct nfsrv_descript *, struct mbuf *,
-    caddr_t);
 void newnfs_copycred(struct nfscred *, struct ucred *);
 void newnfs_copyincred(struct ucred *, struct nfscred *);
 int nfsrv_dissectacl(struct nfsrv_descript *, NFSACL_T *, int *,
@@ -766,7 +764,7 @@ int newnfs_request(struct nfsrv_descript *, struct nfs
     struct ucred *, u_int32_t, u_int32_t, u_char *, int, u_int64_t *,
     struct nfsclsession *);
 int newnfs_connect(struct nfsmount *, struct nfssockreq *,
-    struct ucred *, NFSPROC_T *, int);
+    struct ucred *, NFSPROC_T *, int, bool);
 void newnfs_disconnect(struct nfssockreq *);
 int newnfs_sigintr(struct nfsmount *, NFSPROC_T *);
 

Modified: head/sys/fs/nfsclient/nfs_clrpcops.c
==============================================================================
--- head/sys/fs/nfsclient/nfs_clrpcops.c	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/fs/nfsclient/nfs_clrpcops.c	Tue Aug 11 00:26:45 2020	(r364092)
@@ -5617,7 +5617,7 @@ nfsrpc_fillsa(struct nfsmount *nmp, struct sockaddr_in
 	 * unmount, but I did it anyhow.
 	 */
 	nrp->nr_cred = crhold(nmp->nm_sockreq.nr_cred);
-	error = newnfs_connect(nmp, nrp, NULL, p, 0);
+	error = newnfs_connect(nmp, nrp, NULL, p, 0, false);
 	NFSCL_DEBUG(3, "DS connect=%d\n", error);
 
 	dsp = NULL;

Modified: head/sys/fs/nfsclient/nfs_clvfsops.c
==============================================================================
--- head/sys/fs/nfsclient/nfs_clvfsops.c	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/fs/nfsclient/nfs_clvfsops.c	Tue Aug 11 00:26:45 2020	(r364092)
@@ -718,7 +718,7 @@ nfs_decode_args(struct mount *mp, struct nfsmount *nmp
 		    nmp->nm_soproto = argp->proto;
 		    if (nmp->nm_sotype == SOCK_DGRAM)
 			while (newnfs_connect(nmp, &nmp->nm_sockreq,
-			    cred, td, 0)) {
+			    cred, td, 0, false)) {
 				printf("newnfs_args: retrying connect\n");
 				(void) nfs_catnap(PSOCK, 0, "nfscon");
 			}
@@ -1527,7 +1527,7 @@ mountnfs(struct nfs_args *argp, struct mount *mp, stru
 		nmp->nm_sockreq.nr_vers = NFS_VER2;
 
 
-	if ((error = newnfs_connect(nmp, &nmp->nm_sockreq, cred, td, 0)))
+	if ((error = newnfs_connect(nmp, &nmp->nm_sockreq, cred, td, 0, false)))
 		goto bad;
 	/* For NFSv4.1, get the clientid now. */
 	if (nmp->nm_minorvers > 0) {

Modified: head/sys/fs/nfsserver/nfs_nfsdstate.c
==============================================================================
--- head/sys/fs/nfsserver/nfs_nfsdstate.c	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/fs/nfsserver/nfs_nfsdstate.c	Tue Aug 11 00:26:45 2020	(r364092)
@@ -4423,6 +4423,7 @@ nfsrv_docallback(struct nfsclient *clp, int procnum, n
 	u_int32_t callback;
 	struct nfsdsession *sep = NULL;
 	uint64_t tval;
+	bool dotls;
 
 	nd = malloc(sizeof(*nd), M_TEMP, M_WAITOK | M_ZERO);
 	cred = newnfs_getcred();
@@ -4547,6 +4548,9 @@ nfsrv_docallback(struct nfsclient *clp, int procnum, n
 	/*
 	 * Call newnfs_connect(), as required, and then newnfs_request().
 	 */
+	dotls = false;
+	if ((clp->lc_flags & LCL_TLSCB) != 0)
+		dotls = true;
 	(void) newnfs_sndlock(&clp->lc_req.nr_lock);
 	if (clp->lc_req.nr_client == NULL) {
 		if ((clp->lc_flags & LCL_NFSV41) != 0) {
@@ -4554,10 +4558,10 @@ nfsrv_docallback(struct nfsclient *clp, int procnum, n
 			nfsrv_freesession(sep, NULL);
 		} else if (nd->nd_procnum == NFSV4PROC_CBNULL)
 			error = newnfs_connect(NULL, &clp->lc_req, cred,
-			    NULL, 1);
+			    NULL, 1, dotls);
 		else
 			error = newnfs_connect(NULL, &clp->lc_req, cred,
-			    NULL, 3);
+			    NULL, 3, dotls);
 	}
 	newnfs_sndunlock(&clp->lc_req.nr_lock);
 	NFSD_DEBUG(4, "aft sndunlock=%d\n", error);

Modified: head/sys/rpc/clnt.h
==============================================================================
--- head/sys/rpc/clnt.h	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/rpc/clnt.h	Tue Aug 11 00:26:45 2020	(r364092)
@@ -357,6 +357,8 @@ enum clnt_stat clnt_call_private(CLIENT *, struct rpc_
 #define CLSET_PRIVPORT		27	/* set privileged source port flag */
 #define CLGET_PRIVPORT		28	/* get privileged source port flag */
 #define CLSET_BACKCHANNEL	29	/* set backchannel for socket */
+#define	CLSET_TLS		30	/* set TLS for socket */
+#define	CLSET_BLOCKRCV		31	/* Temporarily block reception */
 #endif
 
 

Modified: head/sys/sys/param.h
==============================================================================
--- head/sys/sys/param.h	Mon Aug 10 21:41:49 2020	(r364091)
+++ head/sys/sys/param.h	Tue Aug 11 00:26:45 2020	(r364092)
@@ -60,7 +60,7 @@
  *		in the range 5 to 9.
  */
 #undef __FreeBSD_version
-#define __FreeBSD_version 1300105	/* Master, propagated to newvers */
+#define __FreeBSD_version 1300106	/* Master, propagated to newvers */
 
 /*
  * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,

More information about the svn-src-head mailing list