FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=release%2F8.4.0 2012-10-28T12:28:04Z 2012-10-28T12:28:04Z Rick Macklem rmacklem@FreeBSD.org 2012-10-28T12:28:04Z urn:sha1:7679df979dde7cf94ff4a4b59e08aeb2eef1e8a5 Modify the comment to take out the names and URL. 2012-10-25T00:50:14Z Rick Macklem rmacklem@FreeBSD.org 2012-10-25T00:50:14Z urn:sha1:d2b2020665b2194f78a9c62dfe717e688ccbcbdb Add a comment describing why r241097 was done. 2012-10-15T01:13:36Z Rick Macklem rmacklem@FreeBSD.org 2012-10-15T01:13:36Z urn:sha1:64c21841d137dfebf3c7609ea2d8bc3c08bbaf7a Attila Bogar and Herbert Poeckl both reported similar problems w.r.t. a Linux NFS client doing a krb5 NFS mount against the FreeBSD server. We determined this was a Linux bug: http://www.spinics.net/lists/linux-nfs/msg32466.html, however the mount failed to work, because the Destroy operation with a bogus encrypted checksum destroyed the authenticator handle. This patch changes the rpcsec_gss code so that it doesn't Destroy the authenticator handle for this case and, as such, the Linux mount will work. 2012-09-30T00:44:53Z Pedro F. Giffuni pfg@FreeBSD.org 2012-09-30T00:44:53Z urn:sha1:c6889a39a6dc4db17cc61b8fc2772fdbf95e96a6 Complete revert of r239963 (from head). The attempt to merge changes from the linux libtirpc caused rpc.lockd to exit after startup under unclear conditions. Reported by: David Wolfskill 2012-09-27T04:06:20Z Pedro F. Giffuni pfg@FreeBSD.org 2012-09-27T04:06:20Z urn:sha1:a740f867f4d88a267a244a97bd0be9d8a0c5012f Revert a change from Bull's NFSv4 libtirpc implementation: libtirpc: be sure to free cl_netid and cl_tp This change is causing rpc.lockd to exit after startup. Reported by: David Wolfskill 2012-09-22T04:22:17Z Pedro F. Giffuni pfg@FreeBSD.org 2012-09-22T04:22:17Z urn:sha1:b5da57b4f35096671d931c5f15a85680f0b4478e Bring some changes from Bull's NFSv4 libtirpc implementation. ____ Fixed infinite loop in svc_run() ____ __rpc_taddr2uaddr_af() assumes the netbuf to always have a non-zero data. This is a bad assumption and can lead to a seg-fault. This patch adds a check for zero length and returns NULL when found. ____ Changed clnt_spcreateerror() to return clearer and more concise error messages. ____ Converted all uid and gid variables of the type uid_t and gid_t. ____ libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed These fields in the rpcbind GETADDR call are being passed uninitialized to CLNT_CALL. In the case of x86_64 at least, this usually leads to a segfault. On x86, it sometimes causes segfaults and other times causes garbage to be sent on the wire. rpcbind generally ignores the r_owner field for calls that come in over the wire, so it really doesn't matter what we send in that slot. We just need to send something. The reference implementation from Sun seems to send a blank string. Have ours follow suit. ____ libtirpc: be sure to free cl_netid and cl_tp When creating a client with clnt_tli_create, it uses strdup to copy strings for these fields if nconf is passed in. clnt_dg_destroy frees these strings already. Make sure clnt_vc_destroy frees them in the same way. ____ Obtained from: Bull GNU/Linux NFSv4 Project 2012-09-16T00:34:04Z Pedro F. Giffuni pfg@FreeBSD.org 2012-09-16T00:34:04Z urn:sha1:8445c945095535094826380d6b6db175ae2aa1b9 Rename __rpc_xdr with XDR. This fixes at least one C++ application and matches what upstream (Solaris) has done on their xdr.h header. PR: 137443 2011-11-17T01:02:45Z Rick Macklem rmacklem@FreeBSD.org 2011-11-17T01:02:45Z urn:sha1:26cdb82d9b4fa476826c311f7171aec0128b8a40 Both a crash reported on freebsd-current on Oct. 18 under the subject heading "mtx_lock() of destroyed mutex on NFS" and PR# 156168 appear to be caused by clnt_dg_destroy() closing down the socket prematurely. When to close down the socket is controlled by a reference count (cs_refs), but clnt_dg_create() checks for sb_upcall being non-NULL to decide if a new socket is needed. I believe the crashes were caused by the following race: clnt_dg_destroy() finds cs_refs == 0 and decides to delete socket clnt_dg_destroy() then loses race with clnt_dg_create() for acquisition of the SOCKBUF_LOCK() clnt_dg_create() finds sb_upcall != NULL and increments cs_refs to 1 clnt_dg_destroy() then acquires SOCKBUF_LOCK(), sets sb_upcall to NULL and destroys socket This patch fixes the above race by changing clnt_dg_destroy() so that it acquires SOCKBUF_LOCK() before testing cs_refs. Tested by: bz Reviewed by: dfr 2011-10-10T14:35:26Z Rick Macklem rmacklem@FreeBSD.org 2011-10-10T14:35:26Z urn:sha1:59b5d6ed083e554916d648cc3a24fa86c269f437 A crash reported on freebsd-fs@ on Sep. 23, 2011 under the subject heading "kernel panics with RPCSEC_GSS" appears to be caused by a corrupted tailq list for the client structure. Looking at the code, calls to the function svc_rpc_gss_forget_client() were done in an SMP unsafe manner, with the svc_rpc_gss_lock only being acquired in the function and not before it. As such, when multiple threads called svc_rpc_gss_forget_client() concurrently, it could try and remove the same client structure from the tailq lists multiple times. The patch fixes this by moving the critical code into a separate function called svc_rpc_gss_forget_client_locked(), which must be called with the lock held. For the one case where the caller would have no interest in the lock, svc_rpc_gss_forget_client() was retained, but a loop was added to check that the client structure is still in the tailq lists before removing it, to make it safe for multiple concurrent calls. Also, remove an extraneous "already" from a comment introduced by r226081. 2011-09-05T06:54:13Z Artem Belevich art@FreeBSD.org 2011-09-05T06:54:13Z urn:sha1:e5f918e3aa389f8b650f534cff7200555294b9f6 Make sure RPC calls over UDP return RPC_INTR status if the process has been interrupted in a restartable syscall. Otherwise we could end up in an (almost) endless loop in clnt_reconnect_call(). PR: kern/160198 Reviewed by: rmacklem Approved by: avg (mentor)