From kris@obsecurity.org  Thu Mar  9 02:16:41 2006
Return-Path: <kris@obsecurity.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1266616A422
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  9 Mar 2006 02:16:38 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5B28643D53
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  9 Mar 2006 02:16:37 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196])
	by elvis.mu.org (Postfix) with ESMTP id 427111A4D89
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  8 Mar 2006 18:16:37 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 99CFB52058; Wed,  8 Mar 2006 21:16:36 -0500 (EST)
Message-Id: <20060309021636.99CFB52058@obsecurity.dyndns.org>
Date: Wed,  8 Mar 2006 21:16:36 -0500 (EST)
From: Kris Kennaway <kris@FreeBSD.org>
Reply-To: Kris Kennaway <kris@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: nfs locking/rpc.lockd doesn't understand file descriptor sharing
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         94256
>Category:       kern
>Synopsis:       [nfs] nfs locking/rpc.lockd doesn't understand file descriptor sharing
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dfr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 09 02:20:06 GMT 2006
>Closed-Date:    Thu Feb 25 17:47:06 UTC 2010
>Last-Modified:  Thu Feb 25 17:47:06 UTC 2010
>Originator:     Kris Kennaway
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
FreeBSD
>Environment:
System: FreeBSD xor.obsecurity.org 6.0-STABLE FreeBSD 6.0-STABLE #13: Sun Nov 6 12:45:25 EST 2005 kkenn@xor.obsecurity.org:/mnt/src/sys/i386/compile/XOR i386
>Description:

NFS locking uses an 'svid' field for indicating ownership of lock
requests.  In the FreeBSD implementation this is the pid of the
process performing the lock request on the NFS client.

The rpc.lockd server uses this field to decide whether a process
requesting an unlock operation is holding a lock.  i.e. it assumes
that the pid that locks a file is the only process that can
legitimately perform the corresponding unlock operation.

This is false in a UNIX world, because file descriptors may be passed
between processes.  For example, a process may lock a file, fork, and
the child process inherits the file descriptor table and may
legitimately unlock the file.

When rpc.lockd receives an unlock request with svid that does not
match the recorded svid of the corresponding lock, it returns an
"unlock granted" to the client but does not actually pass the unlock
operation to the kernel.  Presumably this is for purposes of crash
recovery, in which the lock state may have been lost by the rpc.lockd
server and the client process really did own the lock.

The result of this is that locks may be "leaked" by the server, e.g.:

>How-To-Repeat:

On the NFS client:

haessal# daemon -p pid sleep 100000    <-- the daemon process creates and locks pid
haessal# kill -KILL `cat pid`          <-- the unlock request is generated by the child pid
haessal# lockf -t 0 -k pid echo Yay    <-- the server ignored it since it doesn't know the child inherited the lock
lockf: pid: already locked

On the NFS server:

dosirak# lockf -t 0 -k pid echo Yay
lockf: pid: already locked

>Fix:

Probably difficult.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->cel 
Responsible-Changed-By: cel 
Responsible-Changed-When: Fri May 12 21:39:32 UTC 2006 
Responsible-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=94256 
Responsible-Changed-From-To: cel->freebsd-bugs 
Responsible-Changed-By: cel 
Responsible-Changed-When: Mon Mar 12 15:36:32 UTC 2007 
Responsible-Changed-Why:  
Back to the public pool. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94256 

From: Zachary Loafman <zachary.loafman@isilon.com>
To: bug-followup@FreeBSD.org,  kris@FreeBSD.org
Cc:  
Subject: Re: kern/94256: [nfs] nfs locking/rpc.lockd doesn't understand file
 descriptor sharing
Date: Wed, 26 Sep 2007 13:45:49 -0700

 I'm a little confused here.
 
  >For example, a process may lock a file, fork, and
  >the child process inherits the file descriptor table and may
  >legitimately unlock the file.
 
 Uh, no:
 
 "File locks set by the parent process are not inherited by the child 
 process." (http://www.opengroup.org/onlinepubs/007908799/xsh/fork.html)
 
 
 

From: Kris Kennaway <kris@FreeBSD.org>
To: Zachary Loafman <zachary.loafman@isilon.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/94256: [nfs] nfs locking/rpc.lockd doesn't understand file
 descriptor sharing
Date: Thu, 27 Sep 2007 00:31:26 +0200

 Zachary Loafman wrote:
 > I'm a little confused here.
 > 
 >  >For example, a process may lock a file, fork, and
 >  >the child process inherits the file descriptor table and may
 >  >legitimately unlock the file.
 > 
 > Uh, no:
 > 
 > "File locks set by the parent process are not inherited by the child 
 > process." (http://www.opengroup.org/onlinepubs/007908799/xsh/fork.html)
 
 Well FreeBSD supports it and in fact uses it in e.g. the pidfile() code 
 used by at least one daemon (I forget which).  pidfile locks the file, 
 the process forks the daemon, then later it is unlocked in the child.  I 
 am not sure if you can also do the same thing by passing a file 
 descriptor with sendmsg() and then unlocking it.
 
 You do make a case that this behaviour should not be allowed though.
 
 Kris

From: Zachary Loafman <zachary.loafman@isilon.com>
To: bug-followup@FreeBSD.org,  kris@FreeBSD.org
Cc:  
Subject: Re: kern/94256: [nfs] nfs locking/rpc.lockd doesn't understand file
 descriptor sharing
Date: Wed, 26 Sep 2007 16:14:17 -0700

 Sorry, this is a key difference in flock and fcntl locks, as described 
 here: 
 http://lists.freebsd.org/pipermail/freebsd-hackers/2004-May/006869.html
 
 The opengroup standard is referring to fcntl/lockf (POSIX) locks, not 
 flock (BSD) locks.
Responsible-Changed-From-To: freebsd-bugs->dfr 
Responsible-Changed-By: rwatson 
Responsible-Changed-When: Fri Mar 7 18:40:12 UTC 2008 
Responsible-Changed-Why:  
Assign to Doug, who is now working with the NFS file locking code. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94256 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/94256: commit references a PR
Date: Thu, 26 Jun 2008 10:27:20 +0000 (UTC)

 dfr         2008-06-26 10:21:54 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/conf             files 
     sys/kern             kern_lockf.c 
     sys/modules/nfslockd Makefile 
     sys/nfsclient        nfs.h nfs_node.c nfs_vfsops.c nfs_vnops.c 
                          nfsmount.h nfsnode.h 
     sys/nlm              nlm.h nlm_prot.h nlm_prot_clnt.c 
                          nlm_prot_impl.c nlm_prot_server.c 
     sys/rpc              auth_unix.c authunix_prot.c clnt.h 
                          clnt_dg.c clnt_rc.c clnt_vc.c svc_vc.c 
     sys/sys              fcntl.h lockf.h param.h 
     tools/regression/file/flock flock.c 
     usr.sbin/rpc.lockd   lockd.c 
     usr.sbin/rpc.statd   file.c 
   Added files:
     sys/nlm              nlm_advlock.c 
   Log:
   SVN rev 180025 on 2008-06-26 10:21:54Z by dfr
   
   Re-implement the client side of rpc.lockd in the kernel. This implementation
   provides the correct semantics for flock(2) style locks which are used by the
   lockf(1) command line tool and the pidfile(3) library. It also implements
   recovery from server restarts and ensures that dirty cache blocks are written
   to the server before obtaining locks (allowing multiple clients to use file
   locking to safely share data).
   
   Sponsored by:   Isilon Systems
   PR:             94256
   MFC after:      2 weeks
   
   Revision  Changes    Path
   1.1312    +1 -0      src/sys/conf/files
   1.65      +110 -26   src/sys/kern/kern_lockf.c
   1.2       +1 -0      src/sys/modules/nfslockd/Makefile
   1.100     +1 -0      src/sys/nfsclient/nfs.h
   1.89      +7 -0      src/sys/nfsclient/nfs_node.c
   1.206     +7 -0      src/sys/nfsclient/nfs_vfsops.c
   1.286     +9 -2      src/sys/nfsclient/nfs_vnops.c
   1.34      +1 -0      src/sys/nfsclient/nfsmount.h
   1.63      +3 -0      src/sys/nfsclient/nfsnode.h
   1.2       +120 -24   src/sys/nlm/nlm.h
   1.1       +1235 -0   src/sys/nlm/nlm_advlock.c (new)
   1.2       +39 -39    src/sys/nlm/nlm_prot.h
   1.3       +117 -120  src/sys/nlm/nlm_prot_clnt.c
   1.10      +549 -176  src/sys/nlm/nlm_prot_impl.c
   1.3       +66 -112   src/sys/nlm/nlm_prot_server.c
   1.3       +95 -32    src/sys/rpc/auth_unix.c
   1.3       +5 -0      src/sys/rpc/authunix_prot.c
   1.2       +88 -10    src/sys/rpc/clnt.h
   1.3       +146 -72   src/sys/rpc/clnt_dg.c
   1.4       +90 -13    src/sys/rpc/clnt_rc.c
   1.3       +96 -42    src/sys/rpc/clnt_vc.c
   1.3       +36 -13    src/sys/rpc/svc_vc.c
   1.22      +1 -0      src/sys/sys/fcntl.h
   1.23      +5 -0      src/sys/sys/lockf.h
   1.358     +1 -1      src/sys/sys/param.h
   1.3       +182 -50   src/tools/regression/file/flock/flock.c
   1.29      +62 -45    src/usr.sbin/rpc.lockd/lockd.c
   1.9       +30 -0     src/usr.sbin/rpc.statd/file.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/94256: commit references a PR
Date: Tue,  5 Aug 2008 10:39:53 +0000 (UTC)

 dfr         2008-08-05 10:35:51 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7)
     sys/conf             files 
     sys/kern             kern_lockf.c 
     sys/modules/nfslockd Makefile 
     sys/nfsclient        nfs.h nfs_node.c nfs_vfsops.c nfs_vnops.c 
                          nfsmount.h nfsnode.h 
     sys/nlm              nlm.h nlm_prot.h nlm_prot_clnt.c 
                          nlm_prot_impl.c nlm_prot_server.c 
     sys/rpc              auth_unix.c authunix_prot.c clnt.h 
                          clnt_dg.c clnt_rc.c clnt_vc.c svc_vc.c 
     sys/sys              fcntl.h lockf.h param.h 
     tools/regression/file/flock flock.c 
     usr.sbin/rpc.lockd   lockd.c 
     usr.sbin/rpc.statd   file.c 
   Added files:           (Branch: RELENG_7)
     sys/nlm              nlm_advlock.c 
   Log:
   SVN rev 181328 on 2008-08-05 10:35:51Z by dfr
   
   MFC: r180025,180064,180069,180217,180743,180779-180780
   
   Implement support for NFS advisory locking in the kernel including correct
   semantics for flock(2) style locks.
   
   Sponsored by:   Isilon Systems
   PR:             94256
   
   Revision     Changes    Path
   1.1243.2.33  +1 -0      src/sys/conf/files
   1.57.2.4     +110 -26   src/sys/kern/kern_lockf.c
   1.1.2.2      +1 -0      src/sys/modules/nfslockd/Makefile
   1.98.2.2     +1 -0      src/sys/nfsclient/nfs.h
   1.86.2.1     +7 -0      src/sys/nfsclient/nfs_node.c
   1.193.2.3    +15 -4     src/sys/nfsclient/nfs_vfsops.c
   1.276.2.4    +9 -2      src/sys/nfsclient/nfs_vnops.c
   1.32.2.2     +1 -0      src/sys/nfsclient/nfsmount.h
   1.60.2.2     +3 -0      src/sys/nfsclient/nfsnode.h
   1.1.2.2      +120 -24   src/sys/nlm/nlm.h
   1.2.2.1      +1235 -0   src/sys/nlm/nlm_advlock.c (new)
   1.1.2.2      +39 -39    src/sys/nlm/nlm_prot.h
   1.2.2.2      +117 -120  src/sys/nlm/nlm_prot_clnt.c
   1.4.2.7      +552 -176  src/sys/nlm/nlm_prot_impl.c
   1.2.2.2      +66 -112   src/sys/nlm/nlm_prot_server.c
   1.2.2.2      +100 -32   src/sys/rpc/auth_unix.c
   1.2.2.2      +5 -0      src/sys/rpc/authunix_prot.c
   1.1.2.2      +88 -10    src/sys/rpc/clnt.h
   1.2.2.2      +146 -72   src/sys/rpc/clnt_dg.c
   1.2.2.3      +90 -13    src/sys/rpc/clnt_rc.c
   1.2.2.2      +96 -42    src/sys/rpc/clnt_vc.c
   1.2.2.2      +36 -13    src/sys/rpc/svc_vc.c
   1.16.18.3    +1 -0      src/sys/sys/fcntl.h
   1.20.2.3     +5 -0      src/sys/sys/lockf.h
   1.308.2.14   +1 -1      src/sys/sys/param.h
   1.2.2.2      +182 -50   src/tools/regression/file/flock/flock.c
   1.20.2.5     +63 -45    src/usr.sbin/rpc.lockd/lockd.c
   1.8.2.1      +30 -0     src/usr.sbin/rpc.statd/file.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: jh 
State-Changed-When: Thu Feb 25 17:46:05 UTC 2010 
State-Changed-Why:  
NFS file locking has been re-implemented in head, stable/8 and stable/7. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94256 
>Unformatted:
