2 * Unix SMB/CIFS implementation.
3 * Support for OneFS system interfaces.
5 * Copyright (C) Tim Prouty, 2008
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 #include <ifs/ifs_syscalls.h>
24 #include <isi_acl/isi_acl_util.h>
27 * Initialize the sm_lock struct before passing it to ifs_createfile.
29 static void smlock_init(connection_struct *conn, struct sm_lock *sml,
30 bool isexe, uint32_t access_mask, uint32_t share_access,
31 uint32_t create_options)
33 sml->sm_type.doc = false;
34 sml->sm_type.isexe = isexe;
35 sml->sm_type.statonly = is_stat_open(access_mask);
36 sml->sm_type.access_mask = access_mask;
37 sml->sm_type.share_access = share_access;
40 * private_options was previously used for DENY_DOS/DENY_FCB checks in
41 * the kernel, but are now properly handled by fcb_or_dos_open. In
42 * these cases, ifs_createfile will return a sharing violation, which
43 * gives fcb_or_dos_open the chance to open a duplicate file handle.
45 sml->sm_type.private_options = 0;
47 /* 1 second delay is handled in onefs_open.c by deferring the open */
48 sml->sm_timeout = timeval_set(0, 0);
51 static void smlock_dump(int debuglevel, const struct sm_lock *sml)
54 DEBUG(debuglevel, ("sml == NULL\n"));
59 ("smlock: doc=%s, isexec=%s, statonly=%s, access_mask=0x%x, "
60 "share_access=0x%x, private_options=0x%x timeout=%d/%d\n",
61 sml->sm_type.doc ? "True" : "False",
62 sml->sm_type.isexe ? "True" : "False",
63 sml->sm_type.statonly ? "True" : "False",
64 sml->sm_type.access_mask,
65 sml->sm_type.share_access,
66 sml->sm_type.private_options,
67 (int)sml->sm_timeout.tv_sec,
68 (int)sml->sm_timeout.tv_usec));
72 * External interface to ifs_createfile
74 int onefs_sys_create_file(connection_struct *conn,
78 uint32_t open_access_mask,
79 uint32_t share_access,
80 uint32_t create_options,
85 struct security_descriptor *sd,
89 struct sm_lock sml, *psml = NULL;
90 enum oplock_type onefs_oplock;
91 enum oplock_type onefs_granted_oplock = OPLOCK_NONE;
92 struct ifs_security_descriptor ifs_sd = {}, *pifs_sd = NULL;
95 uint32_t onefs_dos_attributes;
96 struct ifs_createfile_flags cf_flags = CF_FLAGS_NONE;
98 START_PROFILE(syscall_createfile);
100 /* Setup security descriptor and get secinfo. */
104 secinfo = (get_sec_info(sd) & IFS_SEC_INFO_KNOWN_MASK);
106 status = onefs_samba_sd_to_sd(secinfo, sd, &ifs_sd, SNUM(conn));
108 if (!NT_STATUS_IS_OK(status)) {
109 DEBUG(1, ("SD initialization failure: %s",
118 /* Stripping off private bits will be done for us. */
119 onefs_oplock = onefs_samba_oplock_to_oplock(oplock_request);
121 if (!lp_oplocks(SNUM(conn))) {
122 SMB_ASSERT(onefs_oplock == OPLOCK_NONE);
125 /* Convert samba dos flags to UF_DOS_* attributes. */
126 onefs_dos_attributes = dos_attributes_to_stat_dos_flags(dos_flags);
129 * Deal with kernel creating Default ACLs. (Isilon bug 47447.)
131 * 1) "nt acl support = no", default_acl = no
132 * 2) "inherit permissions = yes", default_acl = no
134 if (lp_nt_acl_support(SNUM(conn)) && !lp_inherit_perms(SNUM(conn)))
135 cf_flags = cf_flags_or(cf_flags, CF_FLAGS_DEFAULT_ACL);
138 * Some customer workflows require the execute bit to be ignored.
140 if (lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
141 PARM_ALLOW_EXECUTE_ALWAYS,
142 PARM_ALLOW_EXECUTE_ALWAYS_DEFAULT) &&
143 (open_access_mask & FILE_EXECUTE)) {
145 DEBUG(3, ("Stripping execute bit from %s: (0x%x)\n", path,
149 open_access_mask &= ~FILE_EXECUTE;
152 * Add READ_DATA, so we're not left with desired_access=0. An
153 * execute call should imply the client will read the data.
155 open_access_mask |= FILE_READ_DATA;
157 DEBUGADD(3, ("New stripped access mask: 0x%x\n",
161 DEBUG(10,("onefs_sys_create_file: base_fd = %d, "
162 "open_access_mask = 0x%x, flags = 0x%x, mode = 0%o, "
163 "desired_oplock = %s, id = 0x%x, secinfo = 0x%x, sd = %p, "
164 "dos_attributes = 0x%x, path = %s, "
165 "default_acl=%s\n", base_fd,
166 (unsigned int)open_access_mask,
169 onefs_oplock_str(onefs_oplock),
171 (unsigned int)secinfo, sd,
172 (unsigned int)onefs_dos_attributes, path,
173 cf_flags_and_bool(cf_flags, CF_FLAGS_DEFAULT_ACL) ?
176 /* Initialize smlock struct for files/dirs but not internal opens */
177 if (!(oplock_request & INTERNAL_OPEN_ONLY)) {
178 smlock_init(conn, &sml, is_executable(path), access_mask,
179 share_access, create_options);
183 smlock_dump(10, psml);
185 ret_fd = ifs_createfile(base_fd, path,
186 (enum ifs_ace_rights)open_access_mask, flags & ~O_ACCMODE, mode,
187 onefs_oplock, id, psml, secinfo, pifs_sd, onefs_dos_attributes,
188 cf_flags, &onefs_granted_oplock);
190 DEBUG(10,("onefs_sys_create_file(%s): ret_fd = %d, "
191 "onefs_granted_oplock = %s\n",
192 ret_fd < 0 ? strerror(errno) : "success", ret_fd,
193 onefs_oplock_str(onefs_granted_oplock)));
195 if (granted_oplock) {
197 onefs_oplock_to_samba_oplock(onefs_granted_oplock);
201 END_PROFILE(syscall_createfile);
202 aclu_free_sd(pifs_sd, false);
208 * FreeBSD based sendfile implementation that allows for atomic semantics.
210 static ssize_t onefs_sys_do_sendfile(int tofd, int fromfd,
211 const DATA_BLOB *header, SMB_OFF_T offset, size_t count, bool atomic)
223 hdr.headers = &hdtrl;
228 /* Set up the header iovec. */
230 hdtrl.iov_base = header->data;
231 hdtrl.iov_len = hdr_len = header->length;
233 hdtrl.iov_base = NULL;
238 while (total + hdtrl.iov_len) {
243 * FreeBSD sendfile returns 0 on success, -1 on error.
244 * Remember, the tofd and fromfd are reversed..... :-).
245 * nwritten includes the header data sent.
249 ret = sendfile(fromfd, tofd, offset, total, &hdr,
251 } while (ret == -1 && errno == EINTR);
253 /* On error we're done. */
259 * If this was an ATOMIC sendfile, nwritten doesn't
260 * necessarily indicate an error. It could mean count > than
261 * what sendfile can handle atomically (usually 64K) or that
262 * there was a short read due to the file being truncated.
265 return atomic ? 0 : -1;
269 * An atomic sendfile should never send partial data!
271 if (atomic && nwritten != total + hdtrl.iov_len) {
272 DEBUG(0,("Atomic sendfile() sent partial data: "
273 "%llu of %d\n", nwritten,
274 total + hdtrl.iov_len));
279 * If this was a short (signal interrupted) write we may need
280 * to subtract it from the header data, or null out the header
281 * data altogether if we wrote more than hdtrl.iov_len bytes.
282 * We change nwritten to be the number of file bytes written.
285 if (hdtrl.iov_base && hdtrl.iov_len) {
286 if (nwritten >= hdtrl.iov_len) {
287 nwritten -= hdtrl.iov_len;
288 hdtrl.iov_base = NULL;
292 (caddr_t)hdtrl.iov_base + nwritten;
293 hdtrl.iov_len -= nwritten;
300 return count + hdr_len;
304 * Handles the subtleties of using sendfile with CIFS.
306 ssize_t onefs_sys_sendfile(connection_struct *conn, int tofd, int fromfd,
307 const DATA_BLOB *header, SMB_OFF_T offset,
313 START_PROFILE_BYTES(syscall_sendfile, count);
315 if (lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
316 PARM_ATOMIC_SENDFILE,
317 PARM_ATOMIC_SENDFILE_DEFAULT)) {
321 /* Try the sendfile */
322 ret = onefs_sys_do_sendfile(tofd, fromfd, header, offset, count,
325 /* If the sendfile wasn't atomic, we're done. */
327 DEBUG(10, ("non-atomic sendfile read %ul bytes", ret));
328 END_PROFILE(syscall_sendfile);
333 * Atomic sendfile takes care to not write anything to the socket
334 * until all of the requested bytes have been read from the file.
335 * There are two atomic cases that need to be handled.
337 * 1. The file was truncated causing less data to be read than was
338 * requested. In this case, we return back to the caller to
339 * indicate 0 bytes were written to the socket. This should
340 * prompt the caller to fallback to the standard read path: read
341 * the data, create a header that indicates how many bytes were
342 * actually read, and send the header/data back to the client.
344 * This saves us from standard sendfile behavior of sending a
345 * header promising more data then will actually be sent. The
346 * only two options are to close the socket and kill the client
347 * connection, or write a bunch of 0s. Closing the client
348 * connection is bad because there could actually be multiple
349 * sessions multiplexed from the same client that are all dropped
350 * because of a truncate. Writing the remaining data as 0s also
351 * isn't good, because the client will have an incorrect version
352 * of the file. If the file is written back to the server, the 0s
353 * will be written back. Fortunately, atomic sendfile allows us
354 * to avoid making this choice in most cases.
356 * 2. One downside of atomic sendfile, is that there is a limit on
357 * the number of bytes that can be sent atomically. The kernel
358 * has a limited amount of mbuf space that it can read file data
359 * into without exhausting the system's mbufs, so a buffer of
360 * length xfsize is used. The xfsize at the time of writing this
361 * is 64K. xfsize bytes are read from the file, and subsequently
362 * written to the socket. This makes it impossible to do the
363 * sendfile atomically for a byte count > xfsize.
365 * To cope with large requests, atomic sendfile returns -1 with
366 * errno set to E2BIG. Since windows maxes out at 64K writes,
367 * this is currently only a concern with non-windows clients.
368 * Posix extensions allow the full 24bit bytecount field to be
369 * used in ReadAndX, and clients such as smbclient and the linux
370 * cifs client can request up to 16MB reads! There are a few
371 * options for handling large sendfile requests.
373 * a. Fall back to the standard read path. This is unacceptable
374 * because it would require prohibitively large mallocs.
376 * b. Fall back to using samba's fake_send_file which emulates
377 * the kernel sendfile in userspace. This still has the same
378 * problem of sending the header before all of the data has
379 * been read, so it doesn't buy us anything, and has worse
380 * performance than the kernel's zero-copy sendfile.
382 * c. Use non-atomic sendfile syscall to attempt a zero copy
383 * read, and hope that there isn't a short read due to
384 * truncation. In the case of a short read, there are two
387 * 1. Kill the client connection
389 * 2. Write zeros to the socket for the remaining bytes
390 * promised in the header.
392 * It is safer from a data corruption perspective to kill the
393 * client connection, so this is our default behavior, but if
394 * this causes problems this can be configured to write zeros
398 /* Handle case 1: short read -> truncated file. */
400 END_PROFILE(syscall_sendfile);
404 /* Handle case 2: large read. */
405 if (ret == -1 && errno == E2BIG) {
407 if (!lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
408 PARM_SENDFILE_LARGE_READS,
409 PARM_SENDFILE_LARGE_READS_DEFAULT)) {
410 DEBUG(3, ("Not attempting non-atomic large sendfile: "
411 "%lu bytes\n", count));
412 END_PROFILE(syscall_sendfile);
416 if (count < 0x10000) {
417 DEBUG(0, ("Count < 2^16 and E2BIG was returned! %lu",
421 DEBUG(10, ("attempting non-atomic large sendfile: %lu bytes\n",
424 /* Try a non-atomic sendfile. */
425 ret = onefs_sys_do_sendfile(tofd, fromfd, header, offset,
427 /* Real error: kill the client connection. */
429 DEBUG(1, ("error on non-atomic large sendfile "
430 "(%lu bytes): %s\n", count,
432 END_PROFILE(syscall_sendfile);
436 /* Short read: kill the client connection. */
437 if (ret != count + header->length) {
438 DEBUG(1, ("short read on non-atomic large sendfile "
439 "(%lu of %lu bytes): %s\n", ret, count,
443 * Returning ret here would cause us to drop into the
444 * codepath that calls sendfile_short_send, which
445 * sends the client a bunch of zeros instead.
446 * Returning -1 kills the connection.
448 if (lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
450 PARM_SENDFILE_SAFE_DEFAULT)) {
451 END_PROFILE(syscall_sendfile);
455 END_PROFILE(syscall_sendfile);
459 DEBUG(10, ("non-atomic large sendfile successful\n"));
462 /* There was error in the atomic sendfile. */
464 DEBUG(1, ("error on %s sendfile (%lu bytes): %s\n",
465 atomic ? "atomic" : "non-atomic",
466 count, strerror(errno)));
469 END_PROFILE(syscall_sendfile);
474 * Only talloc the spill buffer once (reallocing when necessary).
476 static char *get_spill_buffer(size_t new_count)
478 static int cur_count = 0;
479 static char *spill_buffer = NULL;
481 /* If a sufficiently sized buffer exists, just return. */
482 if (new_count <= cur_count) {
483 SMB_ASSERT(spill_buffer);
487 /* Allocate the first time. */
488 if (cur_count == 0) {
489 SMB_ASSERT(!spill_buffer);
490 spill_buffer = talloc_array(NULL, char, new_count);
492 cur_count = new_count;
497 /* A buffer exists, but it's not big enough, so realloc. */
498 SMB_ASSERT(spill_buffer);
499 spill_buffer = talloc_realloc(NULL, spill_buffer, char, new_count);
501 cur_count = new_count;
507 * recvfile does zero-copy writes given an fd to write to, and a socket with
508 * some data to write. If recvfile read more than it was able to write, it
509 * spills the data into a buffer. After first reading any additional data
510 * from the socket into the buffer, the spill buffer is then written with a
513 ssize_t onefs_sys_recvfile(int fromfd, int tofd, SMB_OFF_T offset,
516 char *spill_buffer = NULL;
517 bool socket_drained = false;
519 off_t total_rbytes = 0;
520 off_t total_wbytes = 0;
524 START_PROFILE_BYTES(syscall_recvfile, count);
526 DEBUG(10,("onefs_recvfile: from = %d, to = %d, offset=%llu, count = "
527 "%lu\n", fromfd, tofd, offset, count));
530 END_PROFILE(syscall_recvfile);
535 * Setup up a buffer for recvfile to spill data that has been read
536 * from the socket but not written.
538 spill_buffer = get_spill_buffer(count);
539 if (spill_buffer == NULL) {
545 * Keep trying recvfile until:
546 * - There is no data left to read on the socket, or
547 * - bytes read != bytes written, or
548 * - An error is returned that isn't EINTR/EAGAIN
551 /* Keep track of bytes read/written for recvfile */
555 DEBUG(10, ("calling recvfile loop, offset + total_wbytes = "
556 "%llu, count - total_rbytes = %llu\n",
557 offset + total_wbytes, count - total_rbytes));
559 ret = recvfile(tofd, fromfd, offset + total_wbytes,
560 count - total_wbytes, &rbytes, &wbytes, 0,
563 DEBUG(10, ("recvfile ret = %d, errno = %d, rbytes = %llu, "
564 "wbytes = %llu\n", ret, ret >= 0 ? 0 : errno,
567 /* Update our progress so far */
568 total_rbytes += rbytes;
569 total_wbytes += wbytes;
571 } while ((count - total_rbytes) && (rbytes == wbytes) &&
572 (ret == -1 && (errno == EINTR || errno == EAGAIN)));
574 DEBUG(10, ("total_rbytes = %llu, total_wbytes = %llu\n",
575 total_rbytes, total_wbytes));
577 /* Log if recvfile didn't write everything it read. */
578 if (total_rbytes != total_wbytes) {
579 DEBUG(0, ("partial recvfile: total_rbytes=%llu but "
580 "total_wbytes=%llu, diff = %llu\n", total_rbytes,
581 total_wbytes, total_rbytes - total_wbytes));
582 SMB_ASSERT(total_rbytes > total_wbytes);
586 * If there is still data on the socket, read it off.
588 while (total_rbytes < count) {
590 DEBUG(0, ("shallow recvfile, reading %llu\n",
591 count - total_rbytes));
594 * Read the remaining data into the spill buffer. recvfile
595 * may already have some data in the spill buffer, so start
596 * filling the buffer at total_rbytes - total_wbytes.
598 ret = sys_read(fromfd,
599 spill_buffer + (total_rbytes - total_wbytes),
600 count - total_rbytes);
603 DEBUG(0, ("shallow recvfile read failed: %s\n",
605 /* Socket is dead, so treat as if it were drained. */
606 socket_drained = true;
610 /* Data was read so update the rbytes */
614 if (total_rbytes != count) {
615 smb_panic("Unread recvfile data still on the socket!");
619 * Now write any spilled data + the extra data read off the socket.
621 while (total_wbytes < count) {
623 DEBUG(0, ("partial recvfile, writing %llu\n", count - total_wbytes));
625 ret = sys_pwrite(tofd, spill_buffer, count - total_wbytes,
626 offset + total_wbytes);
629 DEBUG(0, ("partial recvfile write failed: %s\n",
634 /* Data was written so update the wbytes */
643 END_PROFILE(syscall_recvfile);
645 /* Make sure we always try to drain the socket. */
646 if (!socket_drained && count - total_rbytes) {
647 int saved_errno = errno;
649 if (drain_socket(fromfd, count - total_rbytes) !=
650 count - total_rbytes) {
651 /* Socket is dead! */
652 DEBUG(0, ("drain socket failed: %d\n", errno));
661 * Set the per-process encoding, ignoring errors.
663 void onefs_sys_config_enc(void)
667 ret = enc_set_proc(ENC_UTF8);
669 DEBUG(0, ("Setting process encoding failed: %s",
675 * Set the per-process .snpashot directory options, ignoring errors.
677 void onefs_sys_config_snap_opt(struct onefs_vfs_global_config *global_config)
679 struct ifs_dotsnap_options dso;
683 dso.sub_accessible = global_config->dot_snap_child_accessible;
684 dso.sub_visible = global_config->dot_snap_child_visible;
685 dso.root_accessible = global_config->dot_snap_root_accessible;
686 dso.root_visible = global_config->dot_snap_root_visible;
688 ret = ifs_set_dotsnap_options(&dso);
690 DEBUG(0, ("Setting snapshot visibility/accessibility "
691 "failed: %s", strerror(errno)));
696 * Set the per-process flag saying whether or not to accept ~snapshot
697 * as an alternative name for .snapshot directories.
699 void onefs_sys_config_tilde(struct onefs_vfs_global_config *global_config)
703 ret = ifs_tilde_snapshot(global_config->dot_snap_tilde);
705 DEBUG(0, ("Setting snapshot tilde failed: %s",