Date: Sun, 3 May 2020 23:15:15 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r360616 - in projects/nfs-over-tls/sys: fs/nfs fs/nfsclient fs/nfsserver kern rpc rpc/rpcsec_tls Message-ID: <202005032315.043NFFsp065458@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Sun May 3 23:15:14 2020 New Revision: 360616 URL: https://svnweb.freebsd.org/changeset/base/360616 Log: Add a little function to acquire the ktls sysctls. Add rpctls_getinfo() to acquire the ktls sysctls that the krpc and nfs code needs to have. This avoids making the variables global. Modified: projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c projects/nfs-over-tls/sys/kern/uipc_ktls.c projects/nfs-over-tls/sys/rpc/clnt_bck.c projects/nfs-over-tls/sys/rpc/clnt_vc.c projects/nfs-over-tls/sys/rpc/rpcsec_tls.h projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c projects/nfs-over-tls/sys/rpc/svc_vc.c Modified: projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c Sun May 3 23:15:14 2020 (r360616) @@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include <sys/extattr.h> #include <rpc/krpc.h> +#include <rpc/rpcsec_tls.h> #include <security/mac/mac_framework.h> @@ -87,9 +88,6 @@ extern volatile int nfsrv_devidcnt; extern int nfscl_debuglevel; extern struct nfsdevicehead nfsrv_devidhead; extern struct nfsstatsv1 nfsstatsv1; -#ifdef KERN_TLS -extern u_int ktls_maxlen; -#endif SYSCTL_DECL(_vfs_nfs); SYSCTL_INT(_vfs_nfs, OID_AUTO, enable_uidtostring, CTLFLAG_RW, @@ -340,6 +338,9 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, u_int32_t *tl; int opcnt; nfsattrbit_t attrbits; +#ifdef KERN_TLS + u_int maxlen; +#endif /* * First, fill in some of the fields of nd. @@ -371,8 +372,9 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, if (use_ext && PMAP_HAS_DMAP != 0) { nd->nd_flag |= ND_NOMAP; #ifdef KERN_TLS - nd->nd_maxextsiz = min(TLS_MAX_MSG_SIZE_V10_2, - ktls_maxlen); + if (rpctls_getinfo(&maxlen)) + nd->nd_maxextsiz = min(TLS_MAX_MSG_SIZE_V10_2, + maxlen); #endif } Modified: projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c Sun May 3 23:15:14 2020 (r360616) @@ -57,9 +57,6 @@ extern u_long sb_max_adj; extern int nfs_numnfscbd; extern int nfscl_debuglevel; extern bool nfs_use_ext_pgs; -#ifdef KERN_TLS -extern u_int ktls_maxlen; -#endif /* * NFS client system calls for handling callbacks. @@ -73,6 +70,9 @@ nfscb_program(struct svc_req *rqst, SVCXPRT *xprt) { struct nfsrv_descript nd; int cacherep, credflavor; +#ifdef KERN_TLS + u_int maxlen; +#endif printf("cbprogram proc=%d\n", rqst->rq_proc); memset(&nd, 0, sizeof(nd)); @@ -121,9 +121,10 @@ printf("cbreq nd_md=%p offs=%d\n", nd.nd_md, rqst->rq_ nd.nd_flag |= ND_NOMAP; nd.nd_maxextsiz = 16384; #ifdef KERN_TLS - if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0) + if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0 && + rpctls_getinfo(&maxlen)) nd.nd_maxextsiz = min(TLS_MAX_MSG_SIZE_V10_2, - ktls_maxlen); + maxlen); #endif } cacherep = nfs_cbproc(&nd, rqst->rq_xid); Modified: projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c Sun May 3 23:15:14 2020 (r360616) @@ -53,6 +53,7 @@ __FBSDID("$FreeBSD$"); #include <sys/extattr.h> #include <sys/sysctl.h> #include <sys/taskqueue.h> +#include <rpc/rpcsec_tls.h> SYSCTL_DECL(_vfs_nfs); @@ -78,9 +79,6 @@ extern int nfs_pnfsiothreads; extern u_long sb_max_adj; extern int nfs_maxcopyrange; extern bool nfs_use_ext_pgs; -#ifdef KERN_TLS -extern u_int ktls_maxlen; -#endif NFSCLSTATEMUTEX; int nfstest_outofseq = 0; int nfscl_assumeposixlocks = 1; @@ -5782,6 +5780,9 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode ssize_t resid = 0; int maxextsiz; bool doextpgs; +#ifdef KERN_TLS + u_int maxlen; +#endif if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 || nfs_numnfscbd == 0 || (np->n_flag & NNOLAYOUT) != 0) @@ -5884,9 +5885,10 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode doextpgs = true; maxextsiz = 16384; #ifdef KERN_TLS - maxextsiz = min( - TLS_MAX_MSG_SIZE_V10_2, - ktls_maxlen); + if (rpctls_getinfo(&maxlen)) + maxextsiz = min( + TLS_MAX_MSG_SIZE_V10_2, + maxlen); #endif } m = nfsm_uiombuflist(doextpgs, Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Sun May 3 23:15:14 2020 (r360616) @@ -111,9 +111,6 @@ extern time_t nfsdev_time; extern int nfsrv_writerpc[NFS_NPROCS]; extern volatile int nfsrv_devidcnt; extern struct nfsv4_opflag nfsv4_opflag[NFSV42_NOPS]; -#ifdef KERN_TLS -extern u_int ktls_maxlen; -#endif /* * NFS server system calls @@ -125,6 +122,9 @@ nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt) struct nfsrv_descript nd; struct nfsrvcache *rp = NULL; int cacherep, credflavor; +#ifdef KERN_TLS + u_int maxlen; +#endif memset(&nd, 0, sizeof(nd)); if (rqst->rq_vers == NFS_VER2) { @@ -282,9 +282,10 @@ nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt) } #ifdef KERN_TLS - if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0) + if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0 && + rpctls_getinfo(&maxlen)) nd.nd_maxextsiz = min(TLS_MAX_MSG_SIZE_V10_2, - ktls_maxlen); + maxlen); #endif cacherep = nfs_proc(&nd, rqst->rq_xid, xprt, &rp); NFSLOCKV4ROOTMUTEX(); Modified: projects/nfs-over-tls/sys/kern/uipc_ktls.c ============================================================================== --- projects/nfs-over-tls/sys/kern/uipc_ktls.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/kern/uipc_ktls.c Sun May 3 23:15:14 2020 (r360616) @@ -109,7 +109,7 @@ SYSCTL_INT(_kern_ipc_tls, OID_AUTO, bind_threads, CTLF &ktls_bind_threads, 0, "Bind crypto threads to cores or domains at boot"); -u_int ktls_maxlen = 16384; +static u_int ktls_maxlen = 16384; SYSCTL_UINT(_kern_ipc_tls, OID_AUTO, maxlen, CTLFLAG_RWTUN, &ktls_maxlen, 0, "Maximum TLS record size"); Modified: projects/nfs-over-tls/sys/rpc/clnt_bck.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/clnt_bck.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/rpc/clnt_bck.c Sun May 3 23:15:14 2020 (r360616) @@ -89,9 +89,6 @@ __FBSDID("$FreeBSD$"); #include <rpc/krpc.h> #include <rpc/rpcsec_tls.h> -#ifdef KERN_TLS -extern u_int ktls_maxlen; -#endif struct cmessage { struct cmsghdr cmsg; @@ -213,6 +210,9 @@ clnt_bck_call( struct ct_request *cr; int error, maxextsiz; uint32_t junk; +#ifdef KERN_TLS + u_int maxlen; +#endif cr = malloc(sizeof(struct ct_request), M_RPC, M_WAITOK); @@ -313,7 +313,8 @@ call_again: */ maxextsiz = TLS_MAX_MSG_SIZE_V10_2; #ifdef KERN_TLS - maxextsiz = min(maxextsiz, ktls_maxlen); + if (rpctls_getinfo(&maxlen)) + maxextsiz = min(maxextsiz, maxlen); #endif mreq = _rpc_copym_into_ext_pgs(mreq, maxextsiz); } Modified: projects/nfs-over-tls/sys/rpc/clnt_vc.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/clnt_vc.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/rpc/clnt_vc.c Sun May 3 23:15:14 2020 (r360616) @@ -86,9 +86,6 @@ __FBSDID("$FreeBSD$"); #include <rpc/krpc.h> #include <rpc/rpcsec_tls.h> -#ifdef KERN_TLS -extern u_int ktls_maxlen; -#endif struct cmessage { struct cmsghdr cmsg; @@ -312,6 +309,9 @@ clnt_vc_call( struct mbuf *mreq = NULL, *results; struct ct_request *cr; int error, maxextsiz, trycnt; +#ifdef KERN_TLS + u_int maxlen; +#endif cr = malloc(sizeof(struct ct_request), M_RPC, M_WAITOK); @@ -424,7 +424,8 @@ call_again: */ maxextsiz = TLS_MAX_MSG_SIZE_V10_2; #ifdef KERN_TLS - maxextsiz = min(maxextsiz, ktls_maxlen); + if (rpctls_getinfo(&maxlen)) + maxextsiz = min(maxextsiz, maxlen); #endif mreq = _rpc_copym_into_ext_pgs(mreq, maxextsiz); } Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls.h ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Sun May 3 23:15:14 2020 (r360616) @@ -54,6 +54,9 @@ enum clnt_stat rpctls_srv_disconnect(uint64_t sec, uin /* Initialization function for rpcsec_tls. */ int rpctls_init(void); +/* Get TLS information function. */ +bool rpctls_getinfo(u_int *maxlen); + /* String for AUTH_TLS reply verifier. */ #define RPCTLS_START_STRING "STARTTLS" Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Sun May 3 23:15:14 2020 (r360616) @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/lock.h> #include <sys/malloc.h> +#include <sys/mbuf.h> #include <sys/mutex.h> #include <sys/priv.h> #include <sys/proc.h> @@ -124,6 +125,9 @@ sys_gssd_syscall(struct thread *td, struct gssd_syscal int fd = -1, error, retry_count = 5; CLIENT *cl, *oldcl; bool ssd; +#ifdef KERN_TLS + u_int maxlen; +#endif printf("in gssd syscall\n"); error = priv_check(td, PRIV_NFS_DAEMON); @@ -223,7 +227,8 @@ printf("cl=%p oldcl=%p\n", cl, oldcl); printf("In connect\n"); error = EINVAL; #ifdef KERN_TLS - if (PMAP_HAS_DMAP != 0) + if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs && + rpctls_getinfo(&maxlen)) error = 0; #endif if (error == 0) @@ -242,7 +247,8 @@ printf("returning=%d\n", fd); printf("In srvconnect\n"); error = EINVAL; #ifdef KERN_TLS - if (PMAP_HAS_DMAP != 0) + if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs && + rpctls_getinfo(&maxlen)) error = 0; #endif if (error == 0) @@ -574,5 +580,30 @@ printf("got uid=%d ngrps=%d gidp=%p\n", uid, ngrps, gi printf("authtls: aft handshake stat=%d\n", stat); return (RPCSEC_GSS_NODISPATCH); +} + +/* + * Get kern.ipc.tls.enable and kern.ipc.tls.maxlen. + */ +bool +rpctls_getinfo(u_int *maxlenp) +{ + u_int maxlen; + bool enable; + int error; + size_t siz; + + siz = sizeof(enable); + error = kernel_sysctlbyname(curthread, "kern.ipc.tls.enable", + &enable, &siz, NULL, 0, NULL, 0); + if (error != 0) + return (false); + siz = sizeof(maxlen); + error = kernel_sysctlbyname(curthread, "kern.ipc.tls.maxlen", + &maxlen, &siz, NULL, 0, NULL, 0); + if (error != 0) + return (false); + *maxlenp = maxlen; + return (enable); } Modified: projects/nfs-over-tls/sys/rpc/svc_vc.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/svc_vc.c Sun May 3 21:59:40 2020 (r360615) +++ projects/nfs-over-tls/sys/rpc/svc_vc.c Sun May 3 23:15:14 2020 (r360616) @@ -76,9 +76,6 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_framework.h> -#ifdef KERN_TLS -extern u_int ktls_maxlen; -#endif static bool_t svc_vc_rendezvous_recv(SVCXPRT *, struct rpc_msg *, struct sockaddr **, struct mbuf **); @@ -916,6 +913,9 @@ svc_vc_reply(SVCXPRT *xprt, struct rpc_msg *msg, struct mbuf *mrep; bool_t stat = TRUE; int error, len, maxextsiz; +#ifdef KERN_TLS + u_int maxlen; +#endif /* * Leave space for record mark. @@ -954,7 +954,8 @@ svc_vc_reply(SVCXPRT *xprt, struct rpc_msg *msg, */ maxextsiz = TLS_MAX_MSG_SIZE_V10_2; #ifdef KERN_TLS - maxextsiz = min(maxextsiz, ktls_maxlen); + if (rpctls_getinfo(&maxlen)) + maxextsiz = min(maxextsiz, maxlen); #endif mrep = _rpc_copym_into_ext_pgs(mrep, maxextsiz); } @@ -989,6 +990,9 @@ svc_vc_backchannel_reply(SVCXPRT *xprt, struct rpc_msg struct mbuf *mrep; bool_t stat = TRUE; int error, maxextsiz; +#ifdef KERN_TLS + u_int maxlen; +#endif /* * Leave space for record mark. @@ -1027,7 +1031,8 @@ svc_vc_backchannel_reply(SVCXPRT *xprt, struct rpc_msg */ maxextsiz = TLS_MAX_MSG_SIZE_V10_2; #ifdef KERN_TLS - maxextsiz = min(maxextsiz, ktls_maxlen); + if (rpctls_getinfo(&maxlen)) + maxextsiz = min(maxextsiz, maxlen); #endif mrep = _rpc_copym_into_ext_pgs(mrep, maxextsiz); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005032315.043NFFsp065458>