The branch main has been updated by rmacklem:
URL:
https://cgit.FreeBSD.org/src/commit/?id=ed03776ca7f43de8275da80cfa89a9ecc4732f82
commit ed03776ca7f43de8275da80cfa89a9ecc4732f82
Author: Rick Macklem <rmack...@freebsd.org>
AuthorDate: 2023-02-18 22:59:36 +0000
Commit: Rick Macklem <rmack...@freebsd.org>
CommitDate: 2023-02-18 22:59:36 +0000
nfsd: Enable the NFSD_VNET vnet front end macros
Several commits have added front end macros for the vnet
macros to the NFS server, krpc and kgssapi. These macros
are now null, but this patch changes them to front end
the vnet macros.
With this commit, many global variables in the code become
vnet'd, so that nfsd(8), nfsuserd(8), rpc.tlsservd(8) and
gssd(8) can run in a vnet prison, once enabled.
To run the NFS server in a vnet prison still requires a
couple of patches (in D37741 and D38371) that allow mountd(8)
to export file systems from within a vnet prison. Once
these are committed to main, a small patch to kern_jail.c
allowing "allow.nfsd" without VNET_NFSD defined will allow
the NFS server to run in a vnet prison.
One area that still needs to be settled is cleanup when a
prison is removed. Without this, everything should work
except there will be a leak of malloc'd data and mutex locks
when a vnet prison is removed.
MFC after: 3 months
---
sys/fs/nfs/nfs_commonport.c | 2 +-
sys/fs/nfs/nfsport.h | 26 +++++++++++++-------------
sys/fs/nfsserver/nfs_fha_new.c | 4 ++--
sys/fs/nfsserver/nfs_nfsdport.c | 2 +-
sys/kgssapi/gssapi_impl.h | 19 +++++++++----------
sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 2 +-
sys/rpc/rpcsec_tls.h | 22 +++++++++-------------
sys/rpc/rpcsec_tls/rpctls_impl.c | 2 +-
8 files changed, 37 insertions(+), 42 deletions(-)
diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c
index 3a1f53340cd4..60131ab66184 100644
--- a/sys/fs/nfs/nfs_commonport.c
+++ b/sys/fs/nfs/nfs_commonport.c
@@ -899,7 +899,7 @@ nfs_vnetinit(const void *unused __unused)
mtx_init(&NFSD_VNET(nfsrv_nfsuserdsock).nr_mtx, "nfsuserd",
NULL, MTX_DEF);
}
-SYSINIT(nfs_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
+VNET_SYSINIT(nfs_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
nfs_vnetinit, NULL);
extern int (*nfsd_call_nfscommon)(struct thread *, struct nfssvc_args *);
diff --git a/sys/fs/nfs/nfsport.h b/sys/fs/nfs/nfsport.h
index bf59aea285f1..3a07d140950c 100644
--- a/sys/fs/nfs/nfsport.h
+++ b/sys/fs/nfs/nfsport.h
@@ -181,19 +181,19 @@
*/
#define NFSMUTEX_T struct mtx
-/* Define the NFSD_VNET macros similar to !VIMAGE. */
-#define NFSD_VNET_NAME(n) n
-#define NFSD_VNET_DECLARE(t, n) extern t n
-#define NFSD_VNET_DEFINE(t, n) t n
-#define NFSD_VNET_DEFINE_STATIC(t, n) static t n
-#define NFSD_VNET(n) (n)
-
-#define CTLFLAG_NFSD_VNET 0
-
-#define NFSD_CURVNET_SET(n)
-#define NFSD_CURVNET_SET_QUIET(n)
-#define NFSD_CURVNET_RESTORE()
-#define NFSD_TD_TO_VNET(n) NULL
+/* Just define the NFSD_VNETxxx() macros as VNETxxx() macros. */
+#define NFSD_VNET_NAME(n) VNET_NAME(n)
+#define NFSD_VNET_DECLARE(t, n) VNET_DECLARE(t, n)
+#define NFSD_VNET_DEFINE(t, n) VNET_DEFINE(t, n)
+#define NFSD_VNET_DEFINE_STATIC(t, n) VNET_DEFINE_STATIC(t, n)
+#define NFSD_VNET(n) VNET(n)
+
+#define CTLFLAG_NFSD_VNET CTLFLAG_VNET
+
+#define NFSD_CURVNET_SET(n) CURVNET_SET(n)
+#define NFSD_CURVNET_SET_QUIET(n) CURVNET_SET_QUIET(n)
+#define NFSD_CURVNET_RESTORE() CURVNET_RESTORE()
+#define NFSD_TD_TO_VNET(n) TD_TO_VNET(n)
#endif /* _KERNEL */
diff --git a/sys/fs/nfsserver/nfs_fha_new.c b/sys/fs/nfsserver/nfs_fha_new.c
index 203e98d3ac86..6ae6884a4b74 100644
--- a/sys/fs/nfsserver/nfs_fha_new.c
+++ b/sys/fs/nfsserver/nfs_fha_new.c
@@ -62,8 +62,8 @@ SYSCTL_DECL(_vfs_nfsd);
extern int newnfs_nfsv3_procid[];
-SYSINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_init, NULL);
-SYSUNINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_uninit, NULL);
+VNET_SYSINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_init, NULL);
+VNET_SYSUNINIT(nfs_fhanew, SI_SUB_VNET_DONE, SI_ORDER_ANY, fhanew_uninit,
NULL);
static void
fhanew_init(void *foo)
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 3912654515ef..7708f0325494 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -7103,7 +7103,7 @@ nfsrv_vnetinit(const void *unused __unused)
nfsd_mntinit();
}
-SYSINIT(nfsrv_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
+VNET_SYSINIT(nfsrv_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
nfsrv_vnetinit, NULL);
/*
diff --git a/sys/kgssapi/gssapi_impl.h b/sys/kgssapi/gssapi_impl.h
index 72f379de4ebf..19d62a723c14 100644
--- a/sys/kgssapi/gssapi_impl.h
+++ b/sys/kgssapi/gssapi_impl.h
@@ -55,17 +55,16 @@ struct kgss_mech {
LIST_HEAD(kgss_mech_list, kgss_mech);
/* Macros for VIMAGE. */
-/* Define the KGSS_VNET macros similar to !VIMAGE. */
-#define KGSS_VNET_NAME(n) n
-#define KGSS_VNET_DECLARE(t, n) extern t n
-#define KGSS_VNET_DEFINE(t, n) t n
-#define KGSS_VNET_DEFINE_STATIC(t, n) static t n
-#define KGSS_VNET(n) (n)
+/* Just define the KGSS_VNETxxx() macros as VNETxxx() macros. */
+#define KGSS_VNET_DEFINE(t, n) VNET_DEFINE(t, n)
+#define KGSS_VNET_DEFINE_STATIC(t, n) VNET_DEFINE_STATIC(t, n)
+#define KGSS_VNET_DECLARE(t, n) VNET_DECLARE(t, n)
+#define KGSS_VNET(n) VNET(n)
-#define KGSS_CURVNET_SET(n)
-#define KGSS_CURVNET_SET_QUIET(n)
-#define KGSS_CURVNET_RESTORE()
-#define KGSS_TD_TO_VNET(n) NULL
+#define KGSS_CURVNET_SET(n) CURVNET_SET(n)
+#define KGSS_CURVNET_SET_QUIET(n) CURVNET_SET_QUIET(n)
+#define KGSS_CURVNET_RESTORE() CURVNET_RESTORE()
+#define KGSS_TD_TO_VNET(n) TD_TO_VNET(n)
extern struct mtx kgss_gssd_lock;
extern struct kgss_mech_list kgss_mechs;
diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
index d01ca1260a67..dc850996a592 100644
--- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
+++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
@@ -219,7 +219,7 @@ svc_rpc_gss_init(void *arg)
sx_init(&svc_rpc_gss_lock, "gsslock");
}
}
-SYSINIT(svc_rpc_gss_init, SI_SUB_VNET_DONE, SI_ORDER_ANY,
+VNET_SYSINIT(svc_rpc_gss_init, SI_SUB_VNET_DONE, SI_ORDER_ANY,
svc_rpc_gss_init, NULL);
bool_t
diff --git a/sys/rpc/rpcsec_tls.h b/sys/rpc/rpcsec_tls.h
index ac2fee1b09fc..ba9a754bd276 100644
--- a/sys/rpc/rpcsec_tls.h
+++ b/sys/rpc/rpcsec_tls.h
@@ -90,19 +90,15 @@ bool rpctls_getinfo(u_int *maxlen, bool
rpctlscd_run,
#define RPCTLS_REFNO_HANDSHAKE 0xFFFFFFFFFFFFFFFFULL
/* Macros for VIMAGE. */
-/* Define the KRPC_VNET macros similar to !VIMAGE. */
-#define KRPC_VNET_NAME(n) n
-#define KRPC_VNET_DECLARE(t, n) extern t n
-#define KRPC_VNET_DEFINE(t, n) t n
-#define KRPC_VNET_DEFINE_STATIC(t, n) static t n
-#define KRPC_VNET(n) (n)
-
-#define CTLFLAG_KRPC_VNET 0
-
-#define KRPC_CURVNET_SET(n)
-#define KRPC_CURVNET_SET_QUIET(n)
-#define KRPC_CURVNET_RESTORE()
-#define KRPC_TD_TO_VNET(n) NULL
+/* Just define the KRPC_VNETxxx() macros as VNETxxx() macros. */
+#define KRPC_VNET_DEFINE(t, n) VNET_DEFINE(t, n)
+#define KRPC_VNET_DEFINE_STATIC(t, n) VNET_DEFINE_STATIC(t, n)
+#define KRPC_VNET(n) VNET(n)
+
+#define KRPC_CURVNET_SET(n) CURVNET_SET(n)
+#define KRPC_CURVNET_SET_QUIET(n) CURVNET_SET_QUIET(n)
+#define KRPC_CURVNET_RESTORE() CURVNET_RESTORE()
+#define KRPC_TD_TO_VNET(n) TD_TO_VNET(n)
#endif /* _KERNEL */
diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c
index 4e9d52bf5d48..92b8b9481666 100644
--- a/sys/rpc/rpcsec_tls/rpctls_impl.c
+++ b/sys/rpc/rpcsec_tls/rpctls_impl.c
@@ -106,7 +106,7 @@ rpctls_vnetinit(const void *unused __unused)
for (i = 0; i < RPCTLS_SRV_MAXNPROCS; i++)
KRPC_VNET(rpctls_server_busy)[i] = false;
}
-SYSINIT(rpctls_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
+VNET_SYSINIT(rpctls_vnetinit, SI_SUB_VNET_DONE, SI_ORDER_ANY,
rpctls_vnetinit, NULL);
int
