nfs4_srv_ns.c revision 3f2383012abdf005e860f5afa06cb2e0044a424f
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#define PSEUDOFS_SUFFIX " (pseudo)"
/*
* A version of VOP_FID that deals with a remote VOP_FID for nfs.
* If vp is an nfs node, nfs4_fid() returns EREMOTE, nfs3_fid() and nfs_fid()
* returns the filehandle of vp as its fid. When nfs uses fid to set the
* exportinfo filehandle template, a remote nfs filehandle would be too big for
* the fid of the exported directory. This routine remaps the value of the
* attribute va_nodeid of vp to be the fid of vp, so that the fid can fit.
*
* We need this fid mainly for setting up NFSv4 server namespace where an
* nfs filesystem is also part of it. Thus, need to be able to setup a pseudo
* exportinfo for an nfs node.
*
* e.g. mount a filesystem on top of a nfs dir, and then share the new mount
* (like exporting a local disk from a "diskless" client)
*/
int
{
int error;
/*
* XXX nfs4_fid() does nothing and returns EREMOTE.
* XXX nfs3_fid()/nfs_fid() returns nfs filehandle as its fid
* which has a bigger length than local fid.
* NFS_FH4MAXDATA is the size of
* fhandle4_t.fh_xdata[NFS_FH4MAXDATA].
*
* Note: nfs[2,3,4]_fid() only gets called for diskless clients.
*/
if (error)
return (error);
return (0);
}
return (error);
}
/*
* Get an nfsv4 vnode of the given fid from the visible list of an
* nfs filesystem or get the exi_vp if it is the root node.
*/
int
{
struct exp_visible *visp;
int error;
/* check if the given fid is in the visible list */
return (0);
}
}
/* check if the given fid is the same as the exported node */
if (error)
return (error);
return (0);
}
return (ENOENT);
}
/*
* Create a pseudo export entry
*
* This is an export entry that's created as the
* side-effect of a "real" export. As a part of
* a real export, the pathname to the export is
* checked to see if all the directory components
* are accessible via an NFSv4 client, i.e. are
* exported. If treeclimb_export() finds an unexported
* mountpoint along the path, then it calls this
* function to export it.
*
* This pseudo export differs from a real export in that
* it only allows read-only access. A "visible" list of
* directories is added to filter lookup and readdir results
* to only contain dirnames which lead to descendant shares.
*
* A visible list has a per-file-system scope. Any exportinfo
* struct (real or pseudo) can have a visible list as long as
* a) its export root is VROOT
* b) a descendant of the export root is shared
*/
int
{
struct exportinfo *exi;
struct exportdata *kex;
/*
* Get the vfs id
*/
if (error) {
/*
* If VOP_FID returns ENOSPC then the fid supplied
* is too small. For now we simply return EREMOTE.
*/
return (error);
}
VSW_VOLATILEDEV) ? 1 : 0;
/*
* Build up the template fhandle
*/
if (vpathlen)
/* Transfer the secinfo data from exdata to this new pseudo node */
if (exdata)
/*
* Initialize auth cache lock
*/
/*
* Insert the new entry at the front of the export list
*/
/*
* If exi_retp is non-NULL return a pointer to the new
* exportinfo structure.
*/
if (exi_retp)
return (0);
}
/*
* Free a list of visible directories
*/
void
{
}
}
/*
* Connects newchild (or subtree with newchild in head)
* to the parent node. We always add it to the beginning
* of sibling list.
*/
static void
{
}
/*
* Add new node to the head of subtree pointed by 'n'. n can be NULL.
* Interconnects the new treenode with exp_visible and exportinfo
* if needed.
*/
static treenode_t *
{
if (n) {
tnode->tree_child_first = n;
n->tree_parent = tnode;
}
if (v) {
}
if (e) {
}
return (tnode);
}
/*
* Removes node from the tree and frees the treenode struct.
* Does not free structures pointed by tree_exi and tree_vis,
* they should be already freed.
*/
static void
{
treenode_t *s; /* s for sibling */
return;
}
/* This node is first child */
/* This node is not first child */
} else {
s = parent->tree_child_first;
while (s->tree_sibling != node)
s = s->tree_sibling;
}
}
/*
* When we export a new directory we need to add a new
* path segment through the pseudofs to reach the new
* directory. This new path is reflected in a list of
* directories added to the "visible" list.
*
* Here there are two lists of visible fids: one hanging off the
* pseudo exportinfo, and the one we want to add. It's possible
* that the two lists share a common path segment
* and have some common directories. We need to combine
* the lists so there's no duplicate entries. Where a common
* path component is found, the vis_count field is bumped.
*
* This example shows that the treenode chain (tree_head) and
* exp_visible chain (vis_head) can differ in length. The latter
* can be shorter. The outer loop must loop over the vis_head chain.
*
* share /x/a
* mkdir -p /x/y/a/b
* share /x/y/a/b
*
* When more_visible() is called during the second share,
* the existing namespace is folowing:
* exp_visible_t
* treenode_t exportinfo_t v0 v1
* ns_root+---+ +------------+ +---+ +---+
* t0| / |........| E0 pseudo |->| x |->| a |
* +---+ +------------+ +---+ +---+
* | / /
* +---+ / /
* t1| x |------------------------ /
* +---+ /
* | /
* +---+ /
* t2| a |-------------------------
* +---+........+------------+
* | E1 real |
* +------------+
*
* This is being added:
*
* tree_head vis_head
* +---+ +---+
* t3| x |->| x |v2
* +---+ +---+
* | |
* +---+ +---+ v4 v5
* t4| y |->| y |v3 +------------+ +---+ +---+
* +---+\ +---+ | E2 pseudo |->| a |->| b |
* | \....... >+------------+ +---+ +---+
* +---+ / /
* t5| a |--------------------------- /
* +---+ /
* | /
* +---+-------------------------------
* t6| b | +------------+
* +---+..........>| E3 real |
* +------------+
*
* more_visible() will:
* - add t3 (with t4,t5,t6) as a child of t0 (t3 will become sibling of t1)
* - t3->tree_vis = v0 (plus bump vis_count for v0) and free v2
* - add v3 to the end of E0->exi_visible
*
* Note that v4 and v5 were already proccesed in pseudo_exportfs() and
* added to E2. The outer loop of more_visible() will loop only over v2
* and v3. The inner loop of more_visible() always loops over v0 and v1.
*/
static void
{
int found;
/*
* If exportinfo doesn't already have a visible
* list just assign the entire supplied list.
*/
return;
}
/* The outer loop traverses the supplied list. */
found = 0;
/* The inner loop searches the exportinfo visible list. */
found = 1;
/*
* Transfer vis_exported from vp1 to vp2.
* (and a mountpoint), then "export" and
* "home" would each have visible structs in
* the root pseudo exportinfo. The vis_exported
* for home would be 1, and vis_exported for
* export would be 0. Now, if /export was
* also shared, more_visible would find the
* existing visible struct for export, and
* see that vis_exported was 0. The code
* below will set it to 1.
*/
break;
}
}
/* If not found - add to the end of the list */
if (! found) {
}
}
}
/*
* Remove one visible entry from the pseudo exportfs.
*
* When we unexport a directory, we have to remove path
* components from the visible list in the pseudo exportfs
* entry. The supplied visible contains one fid of one path
* component. The visible list of the export
* is checked against provided visible, matching fid has its
* reference count decremented. If a reference count drops to
* zero, then it means no paths now use this directory, so its
* fid can be removed from the visible list.
*
* When the last path is removed, the visible list will be null.
*/
static void
{
struct exp_visible *vp2;
/*
* Decrement the ref count.
* Remove the entry if it's zero.
*/
else
vp2->vis_seccnt);
} else {
/*
* If we're here, then the vp2 will
* remain in the vis list. If the
* vis entry corresponds to the object
* being unshared, then vis_exported
* needs to be set to 0.
*
* vp1 is a node from caller's list
* vp2 is node from exportinfo's list
*
* Only 1 node in the caller's list
* will have vis_exported set to 1,
* and it corresponds to the obj being
* unshared. It should always be the
* last element of the caller's list.
*/
if (vp1->vis_exported &&
vp2->vis_exported) {
vp2->vis_exported = 0;
}
}
break;
}
}
}
/*
* This function checks the path to a new export to
* check whether all the pathname components are
* exported. It works by climbing the file tree one
* component at a time via "..", crossing mountpoints
* if necessary until an export entry is found, or the
* system root is reached.
*
* If an unexported mountpoint is found, then
* a new pseudo export is added and the pathname from
* the mountpoint down to the export is added to the
* visible list for the new pseudo export. If an existing
* pseudo export is found, then the pathname is added
* to its visible list.
*
* Note that there's some tests for exportdir.
* The exportinfo entry that's passed as a parameter
* is that of the real export and exportdir is set
* for this case.
*
* Here is an example of a possible setup:
*
* () - a new fs; fs mount point
* EXPORT - a real exported node
* PSEUDO - a pseudo node
* vis - visible list
* f# - security flavor#
* (f#) - security flavor# propagated from its descendents
* "" - covered vnode
*
*
* /
* |
* (a) PSEUDO (f1,f2)
* | vis: b,b,"c","n"
* |
* b
* ---------|------------------
* | |
* (c) EXPORT,f1(f2) (n) PSEUDO (f1,f2)
* | vis: "e","d" | vis: m,m,,p,q,"o"
* | |
* ------------------ -------------------
* | | | | |
* (d) (e) f m EXPORT,f1(f2) p
* EXPORT EXPORT | |
* f1 f2 | |
* | | |
* j (o) EXPORT,f2 q EXPORT f2
*
*/
int
{
int error;
int exportdir;
struct exp_visible *visp;
exportdir = 1;
for (;;) {
if (error)
break;
if (! exportdir) {
/*
* Check if this exportroot is a VROOT dir. If so,
* then attach the pseudonodes. If not, then
* continue .. traversal until we hit a VROOT
* export (pseudo or real).
*/
/*
* Found an export info
*
* Extend the list of visible
* directories whether it's a pseudo
* or a real export.
*/
break; /* and climb no further */
}
}
/*
* If at the root of the filesystem, need
* to traverse across the mountpoint
* and continue the climb on the mounted-on
* filesystem.
*/
if (! exportdir) {
/*
* Found the root directory of a filesystem
* that isn't exported. Need to export
* this as a pseudo export so that an NFS v4
* client can do lookups in it.
*/
&new_exi);
if (error)
break;
}
/* at system root */
/*
* If sharing "/", new_exi is shared exportinfo
* (exip). Otherwise, new_exi is exportinfo
* created in pseudo_exportfs() above.
*/
new_exi);
break;
}
exportdir = 0;
continue;
}
/*
* Do a getattr to obtain the nodeid (inode num)
* for this vnode.
*/
if (error)
break;
/*
* Add this directory fid to visible list
*/
visp->vis_seccnt = 0;
/*
* Will set treenode's pointer to exportinfo to
* 1. shared exportinfo (exip) - if first visit here
* 2. freshly allocated pseudo export (if any)
* 3. null otherwise
*/
/*
* Now, do a ".." to find parent dir of vp.
*/
error = 0;
}
if (error)
break;
exportdir = 0;
}
/*
* We can have set error due to error in:
* 1. vop_fid_pseudo()
* 2. pseudo_exportfs() which can fail only in vop_fid_pseudo()
* 3. VOP_GETATTR()
* 4. VOP_LOOKUP()
* We must free pseudo exportinfos, visibles and treenodes.
* Visibles are referenced from treenode_t::tree_vis and
* exportinfo_t::exi_visible. To avoid double freeing, only
* exi_visible pointer is used, via exi_rele(), for the clean-up.
*/
if (error) {
/* Free unconnected visibles, if there are any. */
if (vis_head)
/* Connect unconnected exportinfo, if there is any. */
while (tree_head) {
/* exip will be freed in exportfs() */
if (e && e != exip) {
exi_rele(e);
}
}
}
return (error);
}
/*
* Walk up the tree and:
* 1. release pseudo exportinfo if it has no child
* 2. release visible in parent's exportinfo
* 3. delete non-exported leaf nodes from tree
*
* Deleting of nodes will start only if the unshared
* node was a leaf node.
* Deleting of nodes will finish when we reach a node which
* has children or is a real export, then we might still need
* to continue releasing visibles, until we reach VROOT node.
*/
void
{
struct exportinfo *exi;
/*
* The unshared exportinfo was unlinked in unexport().
* Zeroing tree_exi ensures that we will skip it.
*/
while (tnode) {
/* Stop at VROOT node which is exported or has child */
break;
/* Release pseudo export if it has no child */
tnode->tree_child_first == 0) {
}
/* Release visible in parent's exportinfo */
}
/* Continue with parent */
/* Remove itself, if this is a leaf and non-exported node */
}
}
/*
* Traverse backward across mountpoint from the
* root vnode of a filesystem to its mounted-on
* vnode.
*/
vnode_t *
{
for (;;) {
break;
/* lock vfs to prevent unmount of this vfs */
break;
}
/*
* Hold nextvp to prevent unmount. After unlock vfs and
* rele tvp, any number of overlays could be unmounted.
* Putting a hold on vfs_vnodecovered will only allow
* tvp's vfs to be unmounted. Of course if caller placed
* extra hold on vp before calling untraverse, the following
* hold would not be needed. Since prev actions of caller
* are unknown, we need to hold here just to be safe.
*/
}
return (tvp);
}
/*
* Given an exportinfo, climb up to find the exportinfo for the VROOT
* of the filesystem.
*
* e.g. /
* |
* a (VROOT) pseudo-exportinfo
* |
* b
* |
* c #share /a/b/c
* |
* d
*
* where c is in the same filesystem as a.
* So, get_root_export(*exportinfo_for_c) returns exportinfo_for_a
*
* If d is shared, then c will be put into a's visible list.
* Note: visible list is per filesystem and is attached to the
* VROOT exportinfo.
*/
struct exportinfo *
{
int error;
for (;;) {
break;
}
/*
* Now, do a ".." to find parent dir of vp.
*/
if (error) {
break;
}
if (error) {
break;
}
}
return (exi);
}
/*
* Return true if the supplied vnode has a sub-directory exported.
*/
int
{
struct exp_visible *visp;
/*
* An exported root vnode has a sub-dir shared if it has a visible list.
* i.e. if it does not have a visible list, then there is no node in
* this filesystem leads to any other shared node.
*/
/*
* Only the exportinfo of a fs root node may have a visible list.
* Either it is a pseudo root node, or a real exported root node.
*/
return (0);
}
if (!exi->exi_visible)
return (0);
/* Get the fid of the vnode */
return (0);
}
/*
* See if vp is in the visible list of the root node exportinfo.
*/
/*
* If vp is an exported non-root node with only 1 path
* count (for itself), it indicates no sub-dir shared
* using this vp as a path.
*/
break;
return (1);
}
}
return (0);
}
/*
* Returns true if the supplied vnode is visible
* in this export. If vnode is visible, return
* vis_exported in expseudo.
*/
int
{
struct exp_visible *visp;
/*
* First check to see if vp is export root.
*
* A pseudo export root can never be exported
* (it would be a real export then); however,
* it is always visible. If a pseudo root object
* was exported by server admin, then the entire
* pseudo exportinfo (and all visible entries) would
* be destroyed. A pseudo exportinfo only exists
* to provide access to real (descendant) export(s).
*
* Previously, rootdir was special cased here; however,
* the export root special case handles the rootdir
* case also.
*/
*expseudo = 0;
return (1);
}
/*
* Only a PSEUDO node has a visible list or an exported VROOT
* node may have a visible list.
*/
*expseudo = 0;
return (0);
}
/* Get the fid of the vnode */
*expseudo = 0;
return (0);
}
/*
* We can't trust VN_CMP() above because of LOFS.
* Even though VOP_CMP will do the right thing for LOFS
* objects, VN_CMP will short circuit out early when the
* vnode ops ptrs are different. Just in case we're dealing
*
* expseudo is not set because this is not an export
*/
*expseudo = 0;
return (1);
}
/* See if it matches any fid in the visible list */
return (1);
}
}
*expseudo = 0;
return (0);
}
/*
* Returns true if the supplied vnode is the
* directory of an export point.
*/
int
{
struct exp_visible *visp;
/*
* First check to see if vp is the export root
* This check required for the case of lookup ..
* where .. is a V_ROOT vnode and a pseudo exportroot.
* Pseudo export root objects do not have an entry
* in the visible list even though every V_ROOT
* pseudonode is visible. It is safe to compare
* vp here because pseudo_exportfs put a hold on
* it when exi_vp was initialized.
*
* Note: VN_CMP() won't match for LOFS shares, but they're
*/
return (1);
/* Get the fid of the vnode */
return (0);
return (1);
}
/* See if it matches any fid in the visible list */
return (visp->vis_exported);
}
return (0);
}
/*
* Returns true if the supplied inode is visible
* in this export. This function is used by
* readdir which uses inode numbers from the
* directory.
*
* NOTE: this code does not match inode number for ".",
* but it isn't required because NFS4 server rddir
* skips . and .. entries.
*/
int
{
struct exp_visible *visp;
/*
* Only a PSEUDO node has a visible list or an exported VROOT
* node may have a visible list.
*/
*expseudo = 0;
return (0);
}
return (1);
}
*expseudo = 0;
return (0);
}