svn commit: r360616 - in projects/nfs-over-tls/sys: fs/nfs fs/nfsclient fs/nfsserver kern rpc rpc/rpcsec_tls
Rick Macklem
rmacklem at FreeBSD.org
Sun May 3 23:15:17 UTC 2020
Author: rmacklem
Date: Sun May 3 23:15:14 2020
New Revision: 360616
URL: https://svnweb.freebsd.org/changeset/base/360616
Log:
Add a little function to acquire the ktls sysctls.
Add rpctls_getinfo() to acquire the ktls sysctls that the krpc and
nfs code needs to have. This avoids making the variables global.
Modified:
projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c
projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c
projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c
projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c
projects/nfs-over-tls/sys/kern/uipc_ktls.c
projects/nfs-over-tls/sys/rpc/clnt_bck.c
projects/nfs-over-tls/sys/rpc/clnt_vc.c
projects/nfs-over-tls/sys/rpc/rpcsec_tls.h
projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c
projects/nfs-over-tls/sys/rpc/svc_vc.c
Modified: projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c Sun May 3 23:15:14 2020 (r360616)
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
#include <sys/extattr.h>
#include <rpc/krpc.h>
+#include <rpc/rpcsec_tls.h>
#include <security/mac/mac_framework.h>
@@ -87,9 +88,6 @@ extern volatile int nfsrv_devidcnt;
extern int nfscl_debuglevel;
extern struct nfsdevicehead nfsrv_devidhead;
extern struct nfsstatsv1 nfsstatsv1;
-#ifdef KERN_TLS
-extern u_int ktls_maxlen;
-#endif
SYSCTL_DECL(_vfs_nfs);
SYSCTL_INT(_vfs_nfs, OID_AUTO, enable_uidtostring, CTLFLAG_RW,
@@ -340,6 +338,9 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum,
u_int32_t *tl;
int opcnt;
nfsattrbit_t attrbits;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
/*
* First, fill in some of the fields of nd.
@@ -371,8 +372,9 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum,
if (use_ext && PMAP_HAS_DMAP != 0) {
nd->nd_flag |= ND_NOMAP;
#ifdef KERN_TLS
- nd->nd_maxextsiz = min(TLS_MAX_MSG_SIZE_V10_2,
- ktls_maxlen);
+ if (rpctls_getinfo(&maxlen))
+ nd->nd_maxextsiz = min(TLS_MAX_MSG_SIZE_V10_2,
+ maxlen);
#endif
}
Modified: projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c Sun May 3 23:15:14 2020 (r360616)
@@ -57,9 +57,6 @@ extern u_long sb_max_adj;
extern int nfs_numnfscbd;
extern int nfscl_debuglevel;
extern bool nfs_use_ext_pgs;
-#ifdef KERN_TLS
-extern u_int ktls_maxlen;
-#endif
/*
* NFS client system calls for handling callbacks.
@@ -73,6 +70,9 @@ nfscb_program(struct svc_req *rqst, SVCXPRT *xprt)
{
struct nfsrv_descript nd;
int cacherep, credflavor;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
printf("cbprogram proc=%d\n", rqst->rq_proc);
memset(&nd, 0, sizeof(nd));
@@ -121,9 +121,10 @@ printf("cbreq nd_md=%p offs=%d\n", nd.nd_md, rqst->rq_
nd.nd_flag |= ND_NOMAP;
nd.nd_maxextsiz = 16384;
#ifdef KERN_TLS
- if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0)
+ if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0 &&
+ rpctls_getinfo(&maxlen))
nd.nd_maxextsiz = min(TLS_MAX_MSG_SIZE_V10_2,
- ktls_maxlen);
+ maxlen);
#endif
}
cacherep = nfs_cbproc(&nd, rqst->rq_xid);
Modified: projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c Sun May 3 23:15:14 2020 (r360616)
@@ -53,6 +53,7 @@ __FBSDID("$FreeBSD$");
#include <sys/extattr.h>
#include <sys/sysctl.h>
#include <sys/taskqueue.h>
+#include <rpc/rpcsec_tls.h>
SYSCTL_DECL(_vfs_nfs);
@@ -78,9 +79,6 @@ extern int nfs_pnfsiothreads;
extern u_long sb_max_adj;
extern int nfs_maxcopyrange;
extern bool nfs_use_ext_pgs;
-#ifdef KERN_TLS
-extern u_int ktls_maxlen;
-#endif
NFSCLSTATEMUTEX;
int nfstest_outofseq = 0;
int nfscl_assumeposixlocks = 1;
@@ -5782,6 +5780,9 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode
ssize_t resid = 0;
int maxextsiz;
bool doextpgs;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 || nfs_numnfscbd == 0 ||
(np->n_flag & NNOLAYOUT) != 0)
@@ -5884,9 +5885,10 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode
doextpgs = true;
maxextsiz = 16384;
#ifdef KERN_TLS
- maxextsiz = min(
- TLS_MAX_MSG_SIZE_V10_2,
- ktls_maxlen);
+ if (rpctls_getinfo(&maxlen))
+ maxextsiz = min(
+ TLS_MAX_MSG_SIZE_V10_2,
+ maxlen);
#endif
}
m = nfsm_uiombuflist(doextpgs,
Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Sun May 3 23:15:14 2020 (r360616)
@@ -111,9 +111,6 @@ extern time_t nfsdev_time;
extern int nfsrv_writerpc[NFS_NPROCS];
extern volatile int nfsrv_devidcnt;
extern struct nfsv4_opflag nfsv4_opflag[NFSV42_NOPS];
-#ifdef KERN_TLS
-extern u_int ktls_maxlen;
-#endif
/*
* NFS server system calls
@@ -125,6 +122,9 @@ nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt)
struct nfsrv_descript nd;
struct nfsrvcache *rp = NULL;
int cacherep, credflavor;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
memset(&nd, 0, sizeof(nd));
if (rqst->rq_vers == NFS_VER2) {
@@ -282,9 +282,10 @@ nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt)
}
#ifdef KERN_TLS
- if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0)
+ if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0 &&
+ rpctls_getinfo(&maxlen))
nd.nd_maxextsiz = min(TLS_MAX_MSG_SIZE_V10_2,
- ktls_maxlen);
+ maxlen);
#endif
cacherep = nfs_proc(&nd, rqst->rq_xid, xprt, &rp);
NFSLOCKV4ROOTMUTEX();
Modified: projects/nfs-over-tls/sys/kern/uipc_ktls.c
==============================================================================
--- projects/nfs-over-tls/sys/kern/uipc_ktls.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/kern/uipc_ktls.c Sun May 3 23:15:14 2020 (r360616)
@@ -109,7 +109,7 @@ SYSCTL_INT(_kern_ipc_tls, OID_AUTO, bind_threads, CTLF
&ktls_bind_threads, 0,
"Bind crypto threads to cores or domains at boot");
-u_int ktls_maxlen = 16384;
+static u_int ktls_maxlen = 16384;
SYSCTL_UINT(_kern_ipc_tls, OID_AUTO, maxlen, CTLFLAG_RWTUN,
&ktls_maxlen, 0, "Maximum TLS record size");
Modified: projects/nfs-over-tls/sys/rpc/clnt_bck.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/clnt_bck.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/rpc/clnt_bck.c Sun May 3 23:15:14 2020 (r360616)
@@ -89,9 +89,6 @@ __FBSDID("$FreeBSD$");
#include <rpc/krpc.h>
#include <rpc/rpcsec_tls.h>
-#ifdef KERN_TLS
-extern u_int ktls_maxlen;
-#endif
struct cmessage {
struct cmsghdr cmsg;
@@ -213,6 +210,9 @@ clnt_bck_call(
struct ct_request *cr;
int error, maxextsiz;
uint32_t junk;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
cr = malloc(sizeof(struct ct_request), M_RPC, M_WAITOK);
@@ -313,7 +313,8 @@ call_again:
*/
maxextsiz = TLS_MAX_MSG_SIZE_V10_2;
#ifdef KERN_TLS
- maxextsiz = min(maxextsiz, ktls_maxlen);
+ if (rpctls_getinfo(&maxlen))
+ maxextsiz = min(maxextsiz, maxlen);
#endif
mreq = _rpc_copym_into_ext_pgs(mreq, maxextsiz);
}
Modified: projects/nfs-over-tls/sys/rpc/clnt_vc.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/clnt_vc.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/rpc/clnt_vc.c Sun May 3 23:15:14 2020 (r360616)
@@ -86,9 +86,6 @@ __FBSDID("$FreeBSD$");
#include <rpc/krpc.h>
#include <rpc/rpcsec_tls.h>
-#ifdef KERN_TLS
-extern u_int ktls_maxlen;
-#endif
struct cmessage {
struct cmsghdr cmsg;
@@ -312,6 +309,9 @@ clnt_vc_call(
struct mbuf *mreq = NULL, *results;
struct ct_request *cr;
int error, maxextsiz, trycnt;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
cr = malloc(sizeof(struct ct_request), M_RPC, M_WAITOK);
@@ -424,7 +424,8 @@ call_again:
*/
maxextsiz = TLS_MAX_MSG_SIZE_V10_2;
#ifdef KERN_TLS
- maxextsiz = min(maxextsiz, ktls_maxlen);
+ if (rpctls_getinfo(&maxlen))
+ maxextsiz = min(maxextsiz, maxlen);
#endif
mreq = _rpc_copym_into_ext_pgs(mreq, maxextsiz);
}
Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls.h
==============================================================================
--- projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Sun May 3 23:15:14 2020 (r360616)
@@ -54,6 +54,9 @@ enum clnt_stat rpctls_srv_disconnect(uint64_t sec, uin
/* Initialization function for rpcsec_tls. */
int rpctls_init(void);
+/* Get TLS information function. */
+bool rpctls_getinfo(u_int *maxlen);
+
/* String for AUTH_TLS reply verifier. */
#define RPCTLS_START_STRING "STARTTLS"
Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Sun May 3 23:15:14 2020 (r360616)
@@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
+#include <sys/mbuf.h>
#include <sys/mutex.h>
#include <sys/priv.h>
#include <sys/proc.h>
@@ -124,6 +125,9 @@ sys_gssd_syscall(struct thread *td, struct gssd_syscal
int fd = -1, error, retry_count = 5;
CLIENT *cl, *oldcl;
bool ssd;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
printf("in gssd syscall\n");
error = priv_check(td, PRIV_NFS_DAEMON);
@@ -223,7 +227,8 @@ printf("cl=%p oldcl=%p\n", cl, oldcl);
printf("In connect\n");
error = EINVAL;
#ifdef KERN_TLS
- if (PMAP_HAS_DMAP != 0)
+ if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs &&
+ rpctls_getinfo(&maxlen))
error = 0;
#endif
if (error == 0)
@@ -242,7 +247,8 @@ printf("returning=%d\n", fd);
printf("In srvconnect\n");
error = EINVAL;
#ifdef KERN_TLS
- if (PMAP_HAS_DMAP != 0)
+ if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs &&
+ rpctls_getinfo(&maxlen))
error = 0;
#endif
if (error == 0)
@@ -574,5 +580,30 @@ printf("got uid=%d ngrps=%d gidp=%p\n", uid, ngrps, gi
printf("authtls: aft handshake stat=%d\n", stat);
return (RPCSEC_GSS_NODISPATCH);
+}
+
+/*
+ * Get kern.ipc.tls.enable and kern.ipc.tls.maxlen.
+ */
+bool
+rpctls_getinfo(u_int *maxlenp)
+{
+ u_int maxlen;
+ bool enable;
+ int error;
+ size_t siz;
+
+ siz = sizeof(enable);
+ error = kernel_sysctlbyname(curthread, "kern.ipc.tls.enable",
+ &enable, &siz, NULL, 0, NULL, 0);
+ if (error != 0)
+ return (false);
+ siz = sizeof(maxlen);
+ error = kernel_sysctlbyname(curthread, "kern.ipc.tls.maxlen",
+ &maxlen, &siz, NULL, 0, NULL, 0);
+ if (error != 0)
+ return (false);
+ *maxlenp = maxlen;
+ return (enable);
}
Modified: projects/nfs-over-tls/sys/rpc/svc_vc.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/svc_vc.c Sun May 3 21:59:40 2020 (r360615)
+++ projects/nfs-over-tls/sys/rpc/svc_vc.c Sun May 3 23:15:14 2020 (r360616)
@@ -76,9 +76,6 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_framework.h>
-#ifdef KERN_TLS
-extern u_int ktls_maxlen;
-#endif
static bool_t svc_vc_rendezvous_recv(SVCXPRT *, struct rpc_msg *,
struct sockaddr **, struct mbuf **);
@@ -916,6 +913,9 @@ svc_vc_reply(SVCXPRT *xprt, struct rpc_msg *msg,
struct mbuf *mrep;
bool_t stat = TRUE;
int error, len, maxextsiz;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
/*
* Leave space for record mark.
@@ -954,7 +954,8 @@ svc_vc_reply(SVCXPRT *xprt, struct rpc_msg *msg,
*/
maxextsiz = TLS_MAX_MSG_SIZE_V10_2;
#ifdef KERN_TLS
- maxextsiz = min(maxextsiz, ktls_maxlen);
+ if (rpctls_getinfo(&maxlen))
+ maxextsiz = min(maxextsiz, maxlen);
#endif
mrep = _rpc_copym_into_ext_pgs(mrep, maxextsiz);
}
@@ -989,6 +990,9 @@ svc_vc_backchannel_reply(SVCXPRT *xprt, struct rpc_msg
struct mbuf *mrep;
bool_t stat = TRUE;
int error, maxextsiz;
+#ifdef KERN_TLS
+ u_int maxlen;
+#endif
/*
* Leave space for record mark.
@@ -1027,7 +1031,8 @@ svc_vc_backchannel_reply(SVCXPRT *xprt, struct rpc_msg
*/
maxextsiz = TLS_MAX_MSG_SIZE_V10_2;
#ifdef KERN_TLS
- maxextsiz = min(maxextsiz, ktls_maxlen);
+ if (rpctls_getinfo(&maxlen))
+ maxextsiz = min(maxextsiz, maxlen);
#endif
mrep = _rpc_copym_into_ext_pgs(mrep, maxextsiz);
}
More information about the svn-src-projects
mailing list