git: dfe887b7d226 - main - nfsd: Disable the NFSv4.2 Allocate operation by default

From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Mon, 11 Oct 2021 01:49:14 UTC
The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=dfe887b7d2265a5c6e0132cc03e006eb68223177

commit dfe887b7d2265a5c6e0132cc03e006eb68223177
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2021-10-11 01:46:02 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2021-10-11 01:46:02 +0000

    nfsd: Disable the NFSv4.2 Allocate operation by default
    
    Some exported file systems, such as ZFS ones, cannot do VOP_ALLOCATE().
    Since an NFSv4.2 server must either support the Allocate operation for
    all file systems or not support it at all, define a sysctl called
    vfs.nfsd.enable_v42allocate to enable the Allocate operation.
    This sysctl is false by default and can only be set true if all
    exported file systems (or all DSs for a pNFS server) can perform
    VOP_ALLOCATE().
    
    Unfortunately, there is no way to know if a ZFS file system will
    be exported once the nfsd is operational, even if there are none
    exported when the nfsd is started up, so enabling Allocate must
    be done manually for a server configuration.
    
    This problem was detected during a recent NFSv4 interoperability
    testing event held by the IETF working group.
    
    MFC after:      2 weeks
---
 sys/fs/nfsserver/nfs_nfsdserv.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c
index 3b2e6c82276d..fca1df3a716a 100644
--- a/sys/fs/nfsserver/nfs_nfsdserv.c
+++ b/sys/fs/nfsserver/nfs_nfsdserv.c
@@ -91,6 +91,14 @@ SYSCTL_STRING(_vfs_nfsd, OID_AUTO, owner_major, CTLFLAG_RWTUN,
 static uint64_t nfsrv_owner_minor;
 SYSCTL_U64(_vfs_nfsd, OID_AUTO, owner_minor, CTLFLAG_RWTUN,
     &nfsrv_owner_minor, 0, "Server owner minor");
+/*
+ * Only enable this if all your exported file systems
+ * (or pNFS DSs for the pNFS case) support VOP_ALLOCATE.
+ */
+static bool	nfsrv_doallocate = false;
+SYSCTL_BOOL(_vfs_nfsd, OID_AUTO, enable_v42allocate, CTLFLAG_RW,
+    &nfsrv_doallocate, 0,
+    "Enable NFSv4.2 Allocate operation");
 
 /*
  * This list defines the GSS mechanisms supported.
@@ -5324,6 +5332,16 @@ nfsrvd_allocate(struct nfsrv_descript *nd, __unused int isdgram,
 	nfsquad_t clientid;
 	nfsattrbit_t attrbits;
 
+	if (!nfsrv_doallocate) {
+		/*
+		 * If any exported file system, such as a ZFS one, cannot
+		 * do VOP_ALLOCATE(), this operation cannot be supported
+		 * for NFSv4.2.  This cannot be done 'per filesystem', but
+		 * must be for the entire nfsd NFSv4.2 service.
+		 */
+		nd->nd_repstat = NFSERR_NOTSUPP;
+		goto nfsmout;
+	}
 	gotproxystateid = 0;
 	NFSM_DISSECT(tl, uint32_t *, NFSX_STATEID + 2 * NFSX_HYPER);
 	stp->ls_flags = (NFSLCK_CHECK | NFSLCK_WRITEACCESS);
@@ -5390,9 +5408,13 @@ nfsrvd_allocate(struct nfsrv_descript *nd, __unused int isdgram,
 		nd->nd_repstat = nfsrv_lockctrl(vp, &stp, &lop, NULL, clientid,
 		    &stateid, exp, nd, curthread);
 
+	NFSD_DEBUG(4, "nfsrvd_allocate: off=%jd len=%jd stat=%d\n",
+	    (intmax_t)off, (intmax_t)len, nd->nd_repstat);
 	if (nd->nd_repstat == 0)
 		nd->nd_repstat = nfsvno_allocate(vp, off, len, nd->nd_cred,
 		    curthread);
+	NFSD_DEBUG(4, "nfsrvd_allocate: aft nfsvno_allocate=%d\n",
+	    nd->nd_repstat);
 	vput(vp);
 	NFSEXITCODE2(0, nd);
 	return (0);