From nobody Sat Feb 18 23:01:29 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PK41Q1W2Dz3s1qL; Sat, 18 Feb 2023 23:01:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PK41Q0wzDz3qZh; Sat, 18 Feb 2023 23:01:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676761290; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H4BlAQYs4VESBV4lbjoAtH2XtPfEO9i0gDdyCA1hX6w=; b=HWctTMv23/Ab8iI6vzfXbvenj5TfQ8O9rSbZ60ux7/dh+wKaVHy20Mj7uNi294D0iJMrGq sikM4XDSXWEE0JjoRFb94fJ+CPlAznBFwtjPL65VwoDMkGws9kAtsVSfifX+TP4OTK7/5w /tnzQAEIWRnvNqk6aS2u8VNps7TrUpKyRKj9sf3NhNYtLQhI6ugGZDBLK88s0qjUau4JvJ eaGVq1KzN3p5/11uxa/+d/JO/fN6fPLEpzpyW3unzqyeaBNr/J1nkX7BaSD2rOWCpYGO3l js3fqYu2j/+w8jYIznpxK/4raGLS7d+DxPpPIjrjHUBKh5howrtZS/ACmnXZ1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676761290; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H4BlAQYs4VESBV4lbjoAtH2XtPfEO9i0gDdyCA1hX6w=; b=sduZhjv5t7Oyv6oaok8bhvp6nwrfRpKJi3LSE7psbGgx+/o1e02Xc8G4DAh4izW6EIKZ5i jP4nnNssHOTquAp0JZCNBY0c8OCxTBkR8g//5y1cpnEWHqbS75W3Ms1eTcd5RndvPoAiup 5J+HRg4ILMVWkaBXJFK7YcqTYKC5r0d+PDeG8DBRKD42hGuUKVzKUwHbFSIdP66H1tlyDU R4x4meBmCe0xheygEftNM9kfASvnLopPkKxgArWc92X+HUILQvs5VmvOZwv9bJG85FOgy+ qJ4m0RtwUkCOgvKHSHtybVJW/dKq2t+H9kWoB5j2S4srZVxac32vHtFTaK5PoQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1676761290; a=rsa-sha256; cv=none; b=vRSMGWIPpPHeXJFNbtMN/F6Hss89tEg89aDaRj+rt1kzI2tXJ9IsKsVkCBFb5GK6hmnh2F a7v24xIuPk9DOGT7XpwepG79KFZcR+qxqcDeFdXeFbUZbNdpvr9Ml8xpV2N/J9INVTjliD k//aQW9/vCdHngwRH+yglfpZx7xi/Nw7GhNmUImSbgsoXmikyjBtylCB+OZbQEBwBTFret bbI/SKDR2+u7tdBhk2kv4XF6SJyK06gnhZEjjndMIpGh9c3/X59XGaizHhy7veQUe3L/J1 D0CgArmw4hTO4AYnzFZ+fW2sJ9BFZCkY4ZoJnFgkuT4NawPW60cXh3fYNG1HBA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PK41Q00pjzgXN; Sat, 18 Feb 2023 23:01:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 31IN1TZs025356; Sat, 18 Feb 2023 23:01:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 31IN1T82025355; Sat, 18 Feb 2023 23:01:29 GMT (envelope-from git) Date: Sat, 18 Feb 2023 23:01:29 GMT Message-Id: <202302182301.31IN1T82025355@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: ed03776ca7f4 - main - nfsd: Enable the NFSD_VNET vnet front end macros List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ed03776ca7f43de8275da80cfa89a9ecc4732f82 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=ed03776ca7f43de8275da80cfa89a9ecc4732f82 commit ed03776ca7f43de8275da80cfa89a9ecc4732f82 Author: Rick Macklem AuthorDate: 2023-02-18 22:59:36 +0000 Commit: Rick Macklem CommitDate: 2023-02-18 22:59:36 +0000 nfsd: Enable the NFSD_VNET vnet front end macros Several commits have added front end macros for the vnet macros to the NFS server, krpc and kgssapi. These macros are now null, but this patch changes them to front end the vnet macros. With this commit, many global variables in the code become vnet'd, so that nfsd(8), nfsuserd(8), rpc.tlsservd(8) and gssd(8) can run in a vnet prison, once enabled. To run the NFS server in a vnet prison still requires a couple of patches (in D37741 and D38371) that allow mountd(8) to export file systems from within a vnet prison. Once these are committed to main, a small patch to kern_jail.c allowing "allow.nfsd" without VNET_NFSD defined will allow the NFS server to run in a vnet prison. One area that still needs to be settled is cleanup when a prison is removed. Without this, everything should work except there will be a leak of malloc'd data and mutex locks when a vnet prison is removed. MFC after: 3 months --- sys/fs/nfs/nfs_commonport.c | 2 +- sys/fs/nfs/nfsport.h | 26 +++++++++++++------------- sys/fs/nfsserver/nfs_fha_new.c | 4 ++-- sys/fs/nfsserver/nfs_nfsdport.c | 2 +- sys/kgssapi/gssapi_impl.h | 19 +++++++++---------- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 2 +- sys/rpc/rpcsec_tls.h | 22 +++++++++------------- sys/rpc/rpcsec_tls/rpctls_impl.c | 2 +- 8 files changed, 37 insertions(+), 42 deletions(-) diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c index 3a1f53340cd4..60131ab66184 100644 --- a/sys/fs/nfs/nfs_commonport.c +++ b/sys/fs/nfs/nfs_commonport.c @@ -899,7 +899,7 @@ nfs_vnetinit(const void *unused __unused) mtx_init(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx, "nfsuserd", NULL, MTX_DEF); } -SYSINIT(nfs_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY, +VNET_SYSINIT(nfs_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY, nfs_vnetinit, NULL); extern int (*nfsd_call_nfscommon)(struct thread *, struct nfssvc_args *); diff --git a/sys/fs/nfs/nfsport.h b/sys/fs/nfs/nfsport.h index bf59aea285f1..3a07d140950c 100644 --- a/sys/fs/nfs/nfsport.h +++ b/sys/fs/nfs/nfsport.h @@ -181,19 +181,19 @@ */ #define NFSMUTEX_T struct mtx -/* Define the NFSD_VNET macros similar to !VIMAGE. */ -#define NFSD_VNET_NAME(n) n -#define NFSD_VNET_DECLARE(t, n) extern t n -#define NFSD_VNET_DEFINE(t, n) t n -#define NFSD_VNET_DEFINE_STATIC(t, n) static t n -#define NFSD_VNET(n) (n) - -#define CTLFLAG_NFSD_VNET 0 - -#define NFSD_CURVNET_SET(n) -#define NFSD_CURVNET_SET_QUIET(n) -#define NFSD_CURVNET_RESTORE() -#define NFSD_TD_TO_VNET(n) NULL +/* Just define the NFSD_VNETxxx() macros as VNETxxx() macros. */ +#define NFSD_VNET_NAME(n) VNET_NAME(n) +#define NFSD_VNET_DECLARE(t, n) VNET_DECLARE(t, n) +#define NFSD_VNET_DEFINE(t, n) VNET_DEFINE(t, n) +#define NFSD_VNET_DEFINE_STATIC(t, n) VNET_DEFINE_STATIC(t, n) +#define NFSD_VNET(n) VNET(n) + +#define CTLFLAG_NFSD_VNET CTLFLAG_VNET + +#define NFSD_CURVNET_SET(n) CURVNET_SET(n) +#define NFSD_CURVNET_SET_QUIET(n) CURVNET_SET_QUIET(n) +#define NFSD_CURVNET_RESTORE() CURVNET_RESTORE() +#define NFSD_TD_TO_VNET(n) TD_TO_VNET(n) #endif /* _KERNEL */ diff --git a/sys/fs/nfsserver/nfs_fha_new.c b/sys/fs/nfsserver/nfs_fha_new.c index 203e98d3ac86..6ae6884a4b74 100644 --- a/sys/fs/nfsserver/nfs_fha_new.c +++ b/sys/fs/nfsserver/nfs_fha_new.c @@ -62,8 +62,8 @@ SYSCTL_DECL(_vfs_nfsd); extern int newnfs_nfsv3_procid[]; -SYSINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_init, NULL); -SYSUNINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_uninit, NULL); +VNET_SYSINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_init, NULL); +VNET_SYSUNINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_uninit, NULL); static void fhanew_init(void *foo) diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index 3912654515ef..7708f0325494 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -7103,7 +7103,7 @@ nfsrv_vnetinit(const void *unused __unused) nfsd_mntinit(); } -SYSINIT(nfsrv_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY, +VNET_SYSINIT(nfsrv_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY, nfsrv_vnetinit, NULL); /* diff --git a/sys/kgssapi/gssapi_impl.h b/sys/kgssapi/gssapi_impl.h index 72f379de4ebf..19d62a723c14 100644 --- a/sys/kgssapi/gssapi_impl.h +++ b/sys/kgssapi/gssapi_impl.h @@ -55,17 +55,16 @@ struct kgss_mech { LIST_HEAD(kgss_mech_list, kgss_mech); /* Macros for VIMAGE. */ -/* Define the KGSS_VNET macros similar to !VIMAGE. */ -#define KGSS_VNET_NAME(n) n -#define KGSS_VNET_DECLARE(t, n) extern t n -#define KGSS_VNET_DEFINE(t, n) t n -#define KGSS_VNET_DEFINE_STATIC(t, n) static t n -#define KGSS_VNET(n) (n) +/* Just define the KGSS_VNETxxx() macros as VNETxxx() macros. */ +#define KGSS_VNET_DEFINE(t, n) VNET_DEFINE(t, n) +#define KGSS_VNET_DEFINE_STATIC(t, n) VNET_DEFINE_STATIC(t, n) +#define KGSS_VNET_DECLARE(t, n) VNET_DECLARE(t, n) +#define KGSS_VNET(n) VNET(n) -#define KGSS_CURVNET_SET(n) -#define KGSS_CURVNET_SET_QUIET(n) -#define KGSS_CURVNET_RESTORE() -#define KGSS_TD_TO_VNET(n) NULL +#define KGSS_CURVNET_SET(n) CURVNET_SET(n) +#define KGSS_CURVNET_SET_QUIET(n) CURVNET_SET_QUIET(n) +#define KGSS_CURVNET_RESTORE() CURVNET_RESTORE() +#define KGSS_TD_TO_VNET(n) TD_TO_VNET(n) extern struct mtx kgss_gssd_lock; extern struct kgss_mech_list kgss_mechs; diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index d01ca1260a67..dc850996a592 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -219,7 +219,7 @@ svc_rpc_gss_init(void *arg) sx_init(&svc_rpc_gss_lock, "gsslock"); } } -SYSINIT(svc_rpc_gss_init, SI_SUB_VNET_DONE, SI_ORDER_ANY, +VNET_SYSINIT(svc_rpc_gss_init, SI_SUB_VNET_DONE, SI_ORDER_ANY, svc_rpc_gss_init, NULL); bool_t diff --git a/sys/rpc/rpcsec_tls.h b/sys/rpc/rpcsec_tls.h index ac2fee1b09fc..ba9a754bd276 100644 --- a/sys/rpc/rpcsec_tls.h +++ b/sys/rpc/rpcsec_tls.h @@ -90,19 +90,15 @@ bool rpctls_getinfo(u_int *maxlen, bool rpctlscd_run, #define RPCTLS_REFNO_HANDSHAKE 0xFFFFFFFFFFFFFFFFULL /* Macros for VIMAGE. */ -/* Define the KRPC_VNET macros similar to !VIMAGE. */ -#define KRPC_VNET_NAME(n) n -#define KRPC_VNET_DECLARE(t, n) extern t n -#define KRPC_VNET_DEFINE(t, n) t n -#define KRPC_VNET_DEFINE_STATIC(t, n) static t n -#define KRPC_VNET(n) (n) - -#define CTLFLAG_KRPC_VNET 0 - -#define KRPC_CURVNET_SET(n) -#define KRPC_CURVNET_SET_QUIET(n) -#define KRPC_CURVNET_RESTORE() -#define KRPC_TD_TO_VNET(n) NULL +/* Just define the KRPC_VNETxxx() macros as VNETxxx() macros. */ +#define KRPC_VNET_DEFINE(t, n) VNET_DEFINE(t, n) +#define KRPC_VNET_DEFINE_STATIC(t, n) VNET_DEFINE_STATIC(t, n) +#define KRPC_VNET(n) VNET(n) + +#define KRPC_CURVNET_SET(n) CURVNET_SET(n) +#define KRPC_CURVNET_SET_QUIET(n) CURVNET_SET_QUIET(n) +#define KRPC_CURVNET_RESTORE() CURVNET_RESTORE() +#define KRPC_TD_TO_VNET(n) TD_TO_VNET(n) #endif /* _KERNEL */ diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c index 4e9d52bf5d48..92b8b9481666 100644 --- a/sys/rpc/rpcsec_tls/rpctls_impl.c +++ b/sys/rpc/rpcsec_tls/rpctls_impl.c @@ -106,7 +106,7 @@ rpctls_vnetinit(const void *unused __unused) for (i = 0; i < RPCTLS_SRV_MAXNPROCS; i++) KRPC_VNET(rpctls_server_busy)[i] = false; } -SYSINIT(rpctls_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY, +VNET_SYSINIT(rpctls_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY, rpctls_vnetinit, NULL); int