Loading...
1/*
2 * Server-side XDR for NFSv4
3 *
4 * Copyright (c) 2002 The Regents of the University of Michigan.
5 * All rights reserved.
6 *
7 * Kendrick Smith <kmsmith@umich.edu>
8 * Andy Adamson <andros@umich.edu>
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its
20 * contributors may be used to endorse or promote products derived
21 * from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 *
35 * TODO: Neil Brown made the following observation: We currently
36 * initially reserve NFSD_BUFSIZE space on the transmit queue and
37 * never release any of that until the request is complete.
38 * It would be good to calculate a new maximum response size while
39 * decoding the COMPOUND, and call svc_reserve with this number
40 * at the end of nfs4svc_decode_compoundargs.
41 */
42
43#include <linux/slab.h>
44#include <linux/namei.h>
45#include <linux/statfs.h>
46#include <linux/utsname.h>
47#include <linux/pagemap.h>
48#include <linux/sunrpc/svcauth_gss.h>
49
50#include "idmap.h"
51#include "acl.h"
52#include "xdr4.h"
53#include "vfs.h"
54#include "state.h"
55#include "cache.h"
56#include "netns.h"
57
58#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
59#include <linux/security.h>
60#endif
61
62
63#define NFSDDBG_FACILITY NFSDDBG_XDR
64
65/*
66 * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
67 * directory in order to indicate to the client that a filesystem boundary is present
68 * We use a fixed fsid for a referral
69 */
70#define NFS4_REFERRAL_FSID_MAJOR 0x8000000ULL
71#define NFS4_REFERRAL_FSID_MINOR 0x8000000ULL
72
73static __be32
74check_filename(char *str, int len)
75{
76 int i;
77
78 if (len == 0)
79 return nfserr_inval;
80 if (isdotent(str, len))
81 return nfserr_badname;
82 for (i = 0; i < len; i++)
83 if (str[i] == '/')
84 return nfserr_badname;
85 return 0;
86}
87
88#define DECODE_HEAD \
89 __be32 *p; \
90 __be32 status
91#define DECODE_TAIL \
92 status = 0; \
93out: \
94 return status; \
95xdr_error: \
96 dprintk("NFSD: xdr error (%s:%d)\n", \
97 __FILE__, __LINE__); \
98 status = nfserr_bad_xdr; \
99 goto out
100
101#define READ32(x) (x) = ntohl(*p++)
102#define READ64(x) do { \
103 (x) = (u64)ntohl(*p++) << 32; \
104 (x) |= ntohl(*p++); \
105} while (0)
106#define READMEM(x,nbytes) do { \
107 x = (char *)p; \
108 p += XDR_QUADLEN(nbytes); \
109} while (0)
110#define SAVEMEM(x,nbytes) do { \
111 if (!(x = (p==argp->tmp || p == argp->tmpp) ? \
112 savemem(argp, p, nbytes) : \
113 (char *)p)) { \
114 dprintk("NFSD: xdr error (%s:%d)\n", \
115 __FILE__, __LINE__); \
116 goto xdr_error; \
117 } \
118 p += XDR_QUADLEN(nbytes); \
119} while (0)
120#define COPYMEM(x,nbytes) do { \
121 memcpy((x), p, nbytes); \
122 p += XDR_QUADLEN(nbytes); \
123} while (0)
124
125/* READ_BUF, read_buf(): nbytes must be <= PAGE_SIZE */
126#define READ_BUF(nbytes) do { \
127 if (nbytes <= (u32)((char *)argp->end - (char *)argp->p)) { \
128 p = argp->p; \
129 argp->p += XDR_QUADLEN(nbytes); \
130 } else if (!(p = read_buf(argp, nbytes))) { \
131 dprintk("NFSD: xdr error (%s:%d)\n", \
132 __FILE__, __LINE__); \
133 goto xdr_error; \
134 } \
135} while (0)
136
137static void next_decode_page(struct nfsd4_compoundargs *argp)
138{
139 argp->p = page_address(argp->pagelist[0]);
140 argp->pagelist++;
141 if (argp->pagelen < PAGE_SIZE) {
142 argp->end = argp->p + (argp->pagelen>>2);
143 argp->pagelen = 0;
144 } else {
145 argp->end = argp->p + (PAGE_SIZE>>2);
146 argp->pagelen -= PAGE_SIZE;
147 }
148}
149
150static __be32 *read_buf(struct nfsd4_compoundargs *argp, u32 nbytes)
151{
152 /* We want more bytes than seem to be available.
153 * Maybe we need a new page, maybe we have just run out
154 */
155 unsigned int avail = (char *)argp->end - (char *)argp->p;
156 __be32 *p;
157 if (avail + argp->pagelen < nbytes)
158 return NULL;
159 if (avail + PAGE_SIZE < nbytes) /* need more than a page !! */
160 return NULL;
161 /* ok, we can do it with the current plus the next page */
162 if (nbytes <= sizeof(argp->tmp))
163 p = argp->tmp;
164 else {
165 kfree(argp->tmpp);
166 p = argp->tmpp = kmalloc(nbytes, GFP_KERNEL);
167 if (!p)
168 return NULL;
169
170 }
171 /*
172 * The following memcpy is safe because read_buf is always
173 * called with nbytes > avail, and the two cases above both
174 * guarantee p points to at least nbytes bytes.
175 */
176 memcpy(p, argp->p, avail);
177 next_decode_page(argp);
178 memcpy(((char*)p)+avail, argp->p, (nbytes - avail));
179 argp->p += XDR_QUADLEN(nbytes - avail);
180 return p;
181}
182
183static int zero_clientid(clientid_t *clid)
184{
185 return (clid->cl_boot == 0) && (clid->cl_id == 0);
186}
187
188/**
189 * defer_free - mark an allocation as deferred freed
190 * @argp: NFSv4 compound argument structure to be freed with
191 * @release: release callback to free @p, typically kfree()
192 * @p: pointer to be freed
193 *
194 * Marks @p to be freed when processing the compound operation
195 * described in @argp finishes.
196 */
197static int
198defer_free(struct nfsd4_compoundargs *argp,
199 void (*release)(const void *), void *p)
200{
201 struct tmpbuf *tb;
202
203 tb = kmalloc(sizeof(*tb), GFP_KERNEL);
204 if (!tb)
205 return -ENOMEM;
206 tb->buf = p;
207 tb->release = release;
208 tb->next = argp->to_free;
209 argp->to_free = tb;
210 return 0;
211}
212
213/**
214 * savemem - duplicate a chunk of memory for later processing
215 * @argp: NFSv4 compound argument structure to be freed with
216 * @p: pointer to be duplicated
217 * @nbytes: length to be duplicated
218 *
219 * Returns a pointer to a copy of @nbytes bytes of memory at @p
220 * that are preserved until processing of the NFSv4 compound
221 * operation described by @argp finishes.
222 */
223static char *savemem(struct nfsd4_compoundargs *argp, __be32 *p, int nbytes)
224{
225 if (p == argp->tmp) {
226 p = kmemdup(argp->tmp, nbytes, GFP_KERNEL);
227 if (!p)
228 return NULL;
229 } else {
230 BUG_ON(p != argp->tmpp);
231 argp->tmpp = NULL;
232 }
233 if (defer_free(argp, kfree, p)) {
234 kfree(p);
235 return NULL;
236 } else
237 return (char *)p;
238}
239
240static __be32
241nfsd4_decode_bitmap(struct nfsd4_compoundargs *argp, u32 *bmval)
242{
243 u32 bmlen;
244 DECODE_HEAD;
245
246 bmval[0] = 0;
247 bmval[1] = 0;
248 bmval[2] = 0;
249
250 READ_BUF(4);
251 READ32(bmlen);
252 if (bmlen > 1000)
253 goto xdr_error;
254
255 READ_BUF(bmlen << 2);
256 if (bmlen > 0)
257 READ32(bmval[0]);
258 if (bmlen > 1)
259 READ32(bmval[1]);
260 if (bmlen > 2)
261 READ32(bmval[2]);
262
263 DECODE_TAIL;
264}
265
266static __be32
267nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
268 struct iattr *iattr, struct nfs4_acl **acl,
269 struct xdr_netobj *label)
270{
271 int expected_len, len = 0;
272 u32 dummy32;
273 char *buf;
274
275 DECODE_HEAD;
276 iattr->ia_valid = 0;
277 if ((status = nfsd4_decode_bitmap(argp, bmval)))
278 return status;
279
280 READ_BUF(4);
281 READ32(expected_len);
282
283 if (bmval[0] & FATTR4_WORD0_SIZE) {
284 READ_BUF(8);
285 len += 8;
286 READ64(iattr->ia_size);
287 iattr->ia_valid |= ATTR_SIZE;
288 }
289 if (bmval[0] & FATTR4_WORD0_ACL) {
290 u32 nace;
291 struct nfs4_ace *ace;
292
293 READ_BUF(4); len += 4;
294 READ32(nace);
295
296 if (nace > NFS4_ACL_MAX)
297 return nfserr_fbig;
298
299 *acl = nfs4_acl_new(nace);
300 if (*acl == NULL)
301 return nfserr_jukebox;
302
303 defer_free(argp, kfree, *acl);
304
305 (*acl)->naces = nace;
306 for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
307 READ_BUF(16); len += 16;
308 READ32(ace->type);
309 READ32(ace->flag);
310 READ32(ace->access_mask);
311 READ32(dummy32);
312 READ_BUF(dummy32);
313 len += XDR_QUADLEN(dummy32) << 2;
314 READMEM(buf, dummy32);
315 ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
316 status = nfs_ok;
317 if (ace->whotype != NFS4_ACL_WHO_NAMED)
318 ;
319 else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
320 status = nfsd_map_name_to_gid(argp->rqstp,
321 buf, dummy32, &ace->who_gid);
322 else
323 status = nfsd_map_name_to_uid(argp->rqstp,
324 buf, dummy32, &ace->who_uid);
325 if (status)
326 return status;
327 }
328 } else
329 *acl = NULL;
330 if (bmval[1] & FATTR4_WORD1_MODE) {
331 READ_BUF(4);
332 len += 4;
333 READ32(iattr->ia_mode);
334 iattr->ia_mode &= (S_IFMT | S_IALLUGO);
335 iattr->ia_valid |= ATTR_MODE;
336 }
337 if (bmval[1] & FATTR4_WORD1_OWNER) {
338 READ_BUF(4);
339 len += 4;
340 READ32(dummy32);
341 READ_BUF(dummy32);
342 len += (XDR_QUADLEN(dummy32) << 2);
343 READMEM(buf, dummy32);
344 if ((status = nfsd_map_name_to_uid(argp->rqstp, buf, dummy32, &iattr->ia_uid)))
345 return status;
346 iattr->ia_valid |= ATTR_UID;
347 }
348 if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
349 READ_BUF(4);
350 len += 4;
351 READ32(dummy32);
352 READ_BUF(dummy32);
353 len += (XDR_QUADLEN(dummy32) << 2);
354 READMEM(buf, dummy32);
355 if ((status = nfsd_map_name_to_gid(argp->rqstp, buf, dummy32, &iattr->ia_gid)))
356 return status;
357 iattr->ia_valid |= ATTR_GID;
358 }
359 if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
360 READ_BUF(4);
361 len += 4;
362 READ32(dummy32);
363 switch (dummy32) {
364 case NFS4_SET_TO_CLIENT_TIME:
365 /* We require the high 32 bits of 'seconds' to be 0, and we ignore
366 all 32 bits of 'nseconds'. */
367 READ_BUF(12);
368 len += 12;
369 READ64(iattr->ia_atime.tv_sec);
370 READ32(iattr->ia_atime.tv_nsec);
371 if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
372 return nfserr_inval;
373 iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
374 break;
375 case NFS4_SET_TO_SERVER_TIME:
376 iattr->ia_valid |= ATTR_ATIME;
377 break;
378 default:
379 goto xdr_error;
380 }
381 }
382 if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
383 READ_BUF(4);
384 len += 4;
385 READ32(dummy32);
386 switch (dummy32) {
387 case NFS4_SET_TO_CLIENT_TIME:
388 /* We require the high 32 bits of 'seconds' to be 0, and we ignore
389 all 32 bits of 'nseconds'. */
390 READ_BUF(12);
391 len += 12;
392 READ64(iattr->ia_mtime.tv_sec);
393 READ32(iattr->ia_mtime.tv_nsec);
394 if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
395 return nfserr_inval;
396 iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
397 break;
398 case NFS4_SET_TO_SERVER_TIME:
399 iattr->ia_valid |= ATTR_MTIME;
400 break;
401 default:
402 goto xdr_error;
403 }
404 }
405
406 label->len = 0;
407#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
408 if (bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
409 READ_BUF(4);
410 len += 4;
411 READ32(dummy32); /* lfs: we don't use it */
412 READ_BUF(4);
413 len += 4;
414 READ32(dummy32); /* pi: we don't use it either */
415 READ_BUF(4);
416 len += 4;
417 READ32(dummy32);
418 READ_BUF(dummy32);
419 if (dummy32 > NFSD4_MAX_SEC_LABEL_LEN)
420 return nfserr_badlabel;
421 len += (XDR_QUADLEN(dummy32) << 2);
422 READMEM(buf, dummy32);
423 label->data = kzalloc(dummy32 + 1, GFP_KERNEL);
424 if (!label->data)
425 return nfserr_jukebox;
426 label->len = dummy32;
427 defer_free(argp, kfree, label->data);
428 memcpy(label->data, buf, dummy32);
429 }
430#endif
431
432 if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
433 || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
434 || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2)
435 READ_BUF(expected_len - len);
436 else if (len != expected_len)
437 goto xdr_error;
438
439 DECODE_TAIL;
440}
441
442static __be32
443nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
444{
445 DECODE_HEAD;
446
447 READ_BUF(sizeof(stateid_t));
448 READ32(sid->si_generation);
449 COPYMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
450
451 DECODE_TAIL;
452}
453
454static __be32
455nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
456{
457 DECODE_HEAD;
458
459 READ_BUF(4);
460 READ32(access->ac_req_access);
461
462 DECODE_TAIL;
463}
464
465static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
466{
467 DECODE_HEAD;
468 u32 dummy, uid, gid;
469 char *machine_name;
470 int i;
471 int nr_secflavs;
472
473 /* callback_sec_params4 */
474 READ_BUF(4);
475 READ32(nr_secflavs);
476 if (nr_secflavs)
477 cbs->flavor = (u32)(-1);
478 else
479 /* Is this legal? Be generous, take it to mean AUTH_NONE: */
480 cbs->flavor = 0;
481 for (i = 0; i < nr_secflavs; ++i) {
482 READ_BUF(4);
483 READ32(dummy);
484 switch (dummy) {
485 case RPC_AUTH_NULL:
486 /* Nothing to read */
487 if (cbs->flavor == (u32)(-1))
488 cbs->flavor = RPC_AUTH_NULL;
489 break;
490 case RPC_AUTH_UNIX:
491 READ_BUF(8);
492 /* stamp */
493 READ32(dummy);
494
495 /* machine name */
496 READ32(dummy);
497 READ_BUF(dummy);
498 SAVEMEM(machine_name, dummy);
499
500 /* uid, gid */
501 READ_BUF(8);
502 READ32(uid);
503 READ32(gid);
504
505 /* more gids */
506 READ_BUF(4);
507 READ32(dummy);
508 READ_BUF(dummy * 4);
509 if (cbs->flavor == (u32)(-1)) {
510 kuid_t kuid = make_kuid(&init_user_ns, uid);
511 kgid_t kgid = make_kgid(&init_user_ns, gid);
512 if (uid_valid(kuid) && gid_valid(kgid)) {
513 cbs->uid = kuid;
514 cbs->gid = kgid;
515 cbs->flavor = RPC_AUTH_UNIX;
516 } else {
517 dprintk("RPC_AUTH_UNIX with invalid"
518 "uid or gid ignoring!\n");
519 }
520 }
521 break;
522 case RPC_AUTH_GSS:
523 dprintk("RPC_AUTH_GSS callback secflavor "
524 "not supported!\n");
525 READ_BUF(8);
526 /* gcbp_service */
527 READ32(dummy);
528 /* gcbp_handle_from_server */
529 READ32(dummy);
530 READ_BUF(dummy);
531 p += XDR_QUADLEN(dummy);
532 /* gcbp_handle_from_client */
533 READ_BUF(4);
534 READ32(dummy);
535 READ_BUF(dummy);
536 break;
537 default:
538 dprintk("Illegal callback secflavor\n");
539 return nfserr_inval;
540 }
541 }
542 DECODE_TAIL;
543}
544
545static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
546{
547 DECODE_HEAD;
548
549 READ_BUF(4);
550 READ32(bc->bc_cb_program);
551 nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);
552
553 DECODE_TAIL;
554}
555
556static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
557{
558 DECODE_HEAD;
559
560 READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
561 COPYMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
562 READ32(bcts->dir);
563 /* XXX: skipping ctsa_use_conn_in_rdma_mode. Perhaps Tom Tucker
564 * could help us figure out we should be using it. */
565 DECODE_TAIL;
566}
567
568static __be32
569nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
570{
571 DECODE_HEAD;
572
573 READ_BUF(4);
574 READ32(close->cl_seqid);
575 return nfsd4_decode_stateid(argp, &close->cl_stateid);
576
577 DECODE_TAIL;
578}
579
580
581static __be32
582nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
583{
584 DECODE_HEAD;
585
586 READ_BUF(12);
587 READ64(commit->co_offset);
588 READ32(commit->co_count);
589
590 DECODE_TAIL;
591}
592
593static __be32
594nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
595{
596 DECODE_HEAD;
597
598 READ_BUF(4);
599 READ32(create->cr_type);
600 switch (create->cr_type) {
601 case NF4LNK:
602 READ_BUF(4);
603 READ32(create->cr_linklen);
604 READ_BUF(create->cr_linklen);
605 SAVEMEM(create->cr_linkname, create->cr_linklen);
606 break;
607 case NF4BLK:
608 case NF4CHR:
609 READ_BUF(8);
610 READ32(create->cr_specdata1);
611 READ32(create->cr_specdata2);
612 break;
613 case NF4SOCK:
614 case NF4FIFO:
615 case NF4DIR:
616 default:
617 break;
618 }
619
620 READ_BUF(4);
621 READ32(create->cr_namelen);
622 READ_BUF(create->cr_namelen);
623 SAVEMEM(create->cr_name, create->cr_namelen);
624 if ((status = check_filename(create->cr_name, create->cr_namelen)))
625 return status;
626
627 status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr,
628 &create->cr_acl, &create->cr_label);
629 if (status)
630 goto out;
631
632 DECODE_TAIL;
633}
634
635static inline __be32
636nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
637{
638 return nfsd4_decode_stateid(argp, &dr->dr_stateid);
639}
640
641static inline __be32
642nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
643{
644 return nfsd4_decode_bitmap(argp, getattr->ga_bmval);
645}
646
647static __be32
648nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
649{
650 DECODE_HEAD;
651
652 READ_BUF(4);
653 READ32(link->li_namelen);
654 READ_BUF(link->li_namelen);
655 SAVEMEM(link->li_name, link->li_namelen);
656 if ((status = check_filename(link->li_name, link->li_namelen)))
657 return status;
658
659 DECODE_TAIL;
660}
661
662static __be32
663nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
664{
665 DECODE_HEAD;
666
667 /*
668 * type, reclaim(boolean), offset, length, new_lock_owner(boolean)
669 */
670 READ_BUF(28);
671 READ32(lock->lk_type);
672 if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
673 goto xdr_error;
674 READ32(lock->lk_reclaim);
675 READ64(lock->lk_offset);
676 READ64(lock->lk_length);
677 READ32(lock->lk_is_new);
678
679 if (lock->lk_is_new) {
680 READ_BUF(4);
681 READ32(lock->lk_new_open_seqid);
682 status = nfsd4_decode_stateid(argp, &lock->lk_new_open_stateid);
683 if (status)
684 return status;
685 READ_BUF(8 + sizeof(clientid_t));
686 READ32(lock->lk_new_lock_seqid);
687 COPYMEM(&lock->lk_new_clientid, sizeof(clientid_t));
688 READ32(lock->lk_new_owner.len);
689 READ_BUF(lock->lk_new_owner.len);
690 READMEM(lock->lk_new_owner.data, lock->lk_new_owner.len);
691 } else {
692 status = nfsd4_decode_stateid(argp, &lock->lk_old_lock_stateid);
693 if (status)
694 return status;
695 READ_BUF(4);
696 READ32(lock->lk_old_lock_seqid);
697 }
698
699 DECODE_TAIL;
700}
701
702static __be32
703nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
704{
705 DECODE_HEAD;
706
707 READ_BUF(32);
708 READ32(lockt->lt_type);
709 if((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
710 goto xdr_error;
711 READ64(lockt->lt_offset);
712 READ64(lockt->lt_length);
713 COPYMEM(&lockt->lt_clientid, 8);
714 READ32(lockt->lt_owner.len);
715 READ_BUF(lockt->lt_owner.len);
716 READMEM(lockt->lt_owner.data, lockt->lt_owner.len);
717
718 DECODE_TAIL;
719}
720
721static __be32
722nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
723{
724 DECODE_HEAD;
725
726 READ_BUF(8);
727 READ32(locku->lu_type);
728 if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
729 goto xdr_error;
730 READ32(locku->lu_seqid);
731 status = nfsd4_decode_stateid(argp, &locku->lu_stateid);
732 if (status)
733 return status;
734 READ_BUF(16);
735 READ64(locku->lu_offset);
736 READ64(locku->lu_length);
737
738 DECODE_TAIL;
739}
740
741static __be32
742nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
743{
744 DECODE_HEAD;
745
746 READ_BUF(4);
747 READ32(lookup->lo_len);
748 READ_BUF(lookup->lo_len);
749 SAVEMEM(lookup->lo_name, lookup->lo_len);
750 if ((status = check_filename(lookup->lo_name, lookup->lo_len)))
751 return status;
752
753 DECODE_TAIL;
754}
755
756static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
757{
758 __be32 *p;
759 u32 w;
760
761 READ_BUF(4);
762 READ32(w);
763 *share_access = w & NFS4_SHARE_ACCESS_MASK;
764 *deleg_want = w & NFS4_SHARE_WANT_MASK;
765 if (deleg_when)
766 *deleg_when = w & NFS4_SHARE_WHEN_MASK;
767
768 switch (w & NFS4_SHARE_ACCESS_MASK) {
769 case NFS4_SHARE_ACCESS_READ:
770 case NFS4_SHARE_ACCESS_WRITE:
771 case NFS4_SHARE_ACCESS_BOTH:
772 break;
773 default:
774 return nfserr_bad_xdr;
775 }
776 w &= ~NFS4_SHARE_ACCESS_MASK;
777 if (!w)
778 return nfs_ok;
779 if (!argp->minorversion)
780 return nfserr_bad_xdr;
781 switch (w & NFS4_SHARE_WANT_MASK) {
782 case NFS4_SHARE_WANT_NO_PREFERENCE:
783 case NFS4_SHARE_WANT_READ_DELEG:
784 case NFS4_SHARE_WANT_WRITE_DELEG:
785 case NFS4_SHARE_WANT_ANY_DELEG:
786 case NFS4_SHARE_WANT_NO_DELEG:
787 case NFS4_SHARE_WANT_CANCEL:
788 break;
789 default:
790 return nfserr_bad_xdr;
791 }
792 w &= ~NFS4_SHARE_WANT_MASK;
793 if (!w)
794 return nfs_ok;
795
796 if (!deleg_when) /* open_downgrade */
797 return nfserr_inval;
798 switch (w) {
799 case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
800 case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
801 case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
802 NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
803 return nfs_ok;
804 }
805xdr_error:
806 return nfserr_bad_xdr;
807}
808
809static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
810{
811 __be32 *p;
812
813 READ_BUF(4);
814 READ32(*x);
815 /* Note: unlinke access bits, deny bits may be zero. */
816 if (*x & ~NFS4_SHARE_DENY_BOTH)
817 return nfserr_bad_xdr;
818 return nfs_ok;
819xdr_error:
820 return nfserr_bad_xdr;
821}
822
823static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
824{
825 __be32 *p;
826
827 READ_BUF(4);
828 READ32(o->len);
829
830 if (o->len == 0 || o->len > NFS4_OPAQUE_LIMIT)
831 return nfserr_bad_xdr;
832
833 READ_BUF(o->len);
834 SAVEMEM(o->data, o->len);
835 return nfs_ok;
836xdr_error:
837 return nfserr_bad_xdr;
838}
839
840static __be32
841nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
842{
843 DECODE_HEAD;
844 u32 dummy;
845
846 memset(open->op_bmval, 0, sizeof(open->op_bmval));
847 open->op_iattr.ia_valid = 0;
848 open->op_openowner = NULL;
849
850 open->op_xdr_error = 0;
851 /* seqid, share_access, share_deny, clientid, ownerlen */
852 READ_BUF(4);
853 READ32(open->op_seqid);
854 /* decode, yet ignore deleg_when until supported */
855 status = nfsd4_decode_share_access(argp, &open->op_share_access,
856 &open->op_deleg_want, &dummy);
857 if (status)
858 goto xdr_error;
859 status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
860 if (status)
861 goto xdr_error;
862 READ_BUF(sizeof(clientid_t));
863 COPYMEM(&open->op_clientid, sizeof(clientid_t));
864 status = nfsd4_decode_opaque(argp, &open->op_owner);
865 if (status)
866 goto xdr_error;
867 READ_BUF(4);
868 READ32(open->op_create);
869 switch (open->op_create) {
870 case NFS4_OPEN_NOCREATE:
871 break;
872 case NFS4_OPEN_CREATE:
873 READ_BUF(4);
874 READ32(open->op_createmode);
875 switch (open->op_createmode) {
876 case NFS4_CREATE_UNCHECKED:
877 case NFS4_CREATE_GUARDED:
878 status = nfsd4_decode_fattr(argp, open->op_bmval,
879 &open->op_iattr, &open->op_acl, &open->op_label);
880 if (status)
881 goto out;
882 break;
883 case NFS4_CREATE_EXCLUSIVE:
884 READ_BUF(NFS4_VERIFIER_SIZE);
885 COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
886 break;
887 case NFS4_CREATE_EXCLUSIVE4_1:
888 if (argp->minorversion < 1)
889 goto xdr_error;
890 READ_BUF(NFS4_VERIFIER_SIZE);
891 COPYMEM(open->op_verf.data, NFS4_VERIFIER_SIZE);
892 status = nfsd4_decode_fattr(argp, open->op_bmval,
893 &open->op_iattr, &open->op_acl, &open->op_label);
894 if (status)
895 goto out;
896 break;
897 default:
898 goto xdr_error;
899 }
900 break;
901 default:
902 goto xdr_error;
903 }
904
905 /* open_claim */
906 READ_BUF(4);
907 READ32(open->op_claim_type);
908 switch (open->op_claim_type) {
909 case NFS4_OPEN_CLAIM_NULL:
910 case NFS4_OPEN_CLAIM_DELEGATE_PREV:
911 READ_BUF(4);
912 READ32(open->op_fname.len);
913 READ_BUF(open->op_fname.len);
914 SAVEMEM(open->op_fname.data, open->op_fname.len);
915 if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
916 return status;
917 break;
918 case NFS4_OPEN_CLAIM_PREVIOUS:
919 READ_BUF(4);
920 READ32(open->op_delegate_type);
921 break;
922 case NFS4_OPEN_CLAIM_DELEGATE_CUR:
923 status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
924 if (status)
925 return status;
926 READ_BUF(4);
927 READ32(open->op_fname.len);
928 READ_BUF(open->op_fname.len);
929 SAVEMEM(open->op_fname.data, open->op_fname.len);
930 if ((status = check_filename(open->op_fname.data, open->op_fname.len)))
931 return status;
932 break;
933 case NFS4_OPEN_CLAIM_FH:
934 case NFS4_OPEN_CLAIM_DELEG_PREV_FH:
935 if (argp->minorversion < 1)
936 goto xdr_error;
937 /* void */
938 break;
939 case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
940 if (argp->minorversion < 1)
941 goto xdr_error;
942 status = nfsd4_decode_stateid(argp, &open->op_delegate_stateid);
943 if (status)
944 return status;
945 break;
946 default:
947 goto xdr_error;
948 }
949
950 DECODE_TAIL;
951}
952
953static __be32
954nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
955{
956 DECODE_HEAD;
957
958 if (argp->minorversion >= 1)
959 return nfserr_notsupp;
960
961 status = nfsd4_decode_stateid(argp, &open_conf->oc_req_stateid);
962 if (status)
963 return status;
964 READ_BUF(4);
965 READ32(open_conf->oc_seqid);
966
967 DECODE_TAIL;
968}
969
970static __be32
971nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
972{
973 DECODE_HEAD;
974
975 status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
976 if (status)
977 return status;
978 READ_BUF(4);
979 READ32(open_down->od_seqid);
980 status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
981 &open_down->od_deleg_want, NULL);
982 if (status)
983 return status;
984 status = nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
985 if (status)
986 return status;
987 DECODE_TAIL;
988}
989
990static __be32
991nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
992{
993 DECODE_HEAD;
994
995 READ_BUF(4);
996 READ32(putfh->pf_fhlen);
997 if (putfh->pf_fhlen > NFS4_FHSIZE)
998 goto xdr_error;
999 READ_BUF(putfh->pf_fhlen);
1000 SAVEMEM(putfh->pf_fhval, putfh->pf_fhlen);
1001
1002 DECODE_TAIL;
1003}
1004
1005static __be32
1006nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
1007{
1008 if (argp->minorversion == 0)
1009 return nfs_ok;
1010 return nfserr_notsupp;
1011}
1012
1013static __be32
1014nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
1015{
1016 DECODE_HEAD;
1017
1018 status = nfsd4_decode_stateid(argp, &read->rd_stateid);
1019 if (status)
1020 return status;
1021 READ_BUF(12);
1022 READ64(read->rd_offset);
1023 READ32(read->rd_length);
1024
1025 DECODE_TAIL;
1026}
1027
1028static __be32
1029nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
1030{
1031 DECODE_HEAD;
1032
1033 READ_BUF(24);
1034 READ64(readdir->rd_cookie);
1035 COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
1036 READ32(readdir->rd_dircount); /* just in case you needed a useless field... */
1037 READ32(readdir->rd_maxcount);
1038 if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
1039 goto out;
1040
1041 DECODE_TAIL;
1042}
1043
1044static __be32
1045nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
1046{
1047 DECODE_HEAD;
1048
1049 READ_BUF(4);
1050 READ32(remove->rm_namelen);
1051 READ_BUF(remove->rm_namelen);
1052 SAVEMEM(remove->rm_name, remove->rm_namelen);
1053 if ((status = check_filename(remove->rm_name, remove->rm_namelen)))
1054 return status;
1055
1056 DECODE_TAIL;
1057}
1058
1059static __be32
1060nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
1061{
1062 DECODE_HEAD;
1063
1064 READ_BUF(4);
1065 READ32(rename->rn_snamelen);
1066 READ_BUF(rename->rn_snamelen + 4);
1067 SAVEMEM(rename->rn_sname, rename->rn_snamelen);
1068 READ32(rename->rn_tnamelen);
1069 READ_BUF(rename->rn_tnamelen);
1070 SAVEMEM(rename->rn_tname, rename->rn_tnamelen);
1071 if ((status = check_filename(rename->rn_sname, rename->rn_snamelen)))
1072 return status;
1073 if ((status = check_filename(rename->rn_tname, rename->rn_tnamelen)))
1074 return status;
1075
1076 DECODE_TAIL;
1077}
1078
1079static __be32
1080nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
1081{
1082 DECODE_HEAD;
1083
1084 if (argp->minorversion >= 1)
1085 return nfserr_notsupp;
1086
1087 READ_BUF(sizeof(clientid_t));
1088 COPYMEM(clientid, sizeof(clientid_t));
1089
1090 DECODE_TAIL;
1091}
1092
1093static __be32
1094nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
1095 struct nfsd4_secinfo *secinfo)
1096{
1097 DECODE_HEAD;
1098
1099 READ_BUF(4);
1100 READ32(secinfo->si_namelen);
1101 READ_BUF(secinfo->si_namelen);
1102 SAVEMEM(secinfo->si_name, secinfo->si_namelen);
1103 status = check_filename(secinfo->si_name, secinfo->si_namelen);
1104 if (status)
1105 return status;
1106 DECODE_TAIL;
1107}
1108
1109static __be32
1110nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
1111 struct nfsd4_secinfo_no_name *sin)
1112{
1113 DECODE_HEAD;
1114
1115 READ_BUF(4);
1116 READ32(sin->sin_style);
1117 DECODE_TAIL;
1118}
1119
1120static __be32
1121nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
1122{
1123 __be32 status;
1124
1125 status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
1126 if (status)
1127 return status;
1128 return nfsd4_decode_fattr(argp, setattr->sa_bmval, &setattr->sa_iattr,
1129 &setattr->sa_acl, &setattr->sa_label);
1130}
1131
1132static __be32
1133nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
1134{
1135 DECODE_HEAD;
1136
1137 if (argp->minorversion >= 1)
1138 return nfserr_notsupp;
1139
1140 READ_BUF(NFS4_VERIFIER_SIZE);
1141 COPYMEM(setclientid->se_verf.data, NFS4_VERIFIER_SIZE);
1142
1143 status = nfsd4_decode_opaque(argp, &setclientid->se_name);
1144 if (status)
1145 return nfserr_bad_xdr;
1146 READ_BUF(8);
1147 READ32(setclientid->se_callback_prog);
1148 READ32(setclientid->se_callback_netid_len);
1149
1150 READ_BUF(setclientid->se_callback_netid_len + 4);
1151 SAVEMEM(setclientid->se_callback_netid_val, setclientid->se_callback_netid_len);
1152 READ32(setclientid->se_callback_addr_len);
1153
1154 READ_BUF(setclientid->se_callback_addr_len + 4);
1155 SAVEMEM(setclientid->se_callback_addr_val, setclientid->se_callback_addr_len);
1156 READ32(setclientid->se_callback_ident);
1157
1158 DECODE_TAIL;
1159}
1160
1161static __be32
1162nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
1163{
1164 DECODE_HEAD;
1165
1166 if (argp->minorversion >= 1)
1167 return nfserr_notsupp;
1168
1169 READ_BUF(8 + NFS4_VERIFIER_SIZE);
1170 COPYMEM(&scd_c->sc_clientid, 8);
1171 COPYMEM(&scd_c->sc_confirm, NFS4_VERIFIER_SIZE);
1172
1173 DECODE_TAIL;
1174}
1175
1176/* Also used for NVERIFY */
1177static __be32
1178nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
1179{
1180 DECODE_HEAD;
1181
1182 if ((status = nfsd4_decode_bitmap(argp, verify->ve_bmval)))
1183 goto out;
1184
1185 /* For convenience's sake, we compare raw xdr'd attributes in
1186 * nfsd4_proc_verify */
1187
1188 READ_BUF(4);
1189 READ32(verify->ve_attrlen);
1190 READ_BUF(verify->ve_attrlen);
1191 SAVEMEM(verify->ve_attrval, verify->ve_attrlen);
1192
1193 DECODE_TAIL;
1194}
1195
1196static __be32
1197nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1198{
1199 int avail;
1200 int len;
1201 DECODE_HEAD;
1202
1203 status = nfsd4_decode_stateid(argp, &write->wr_stateid);
1204 if (status)
1205 return status;
1206 READ_BUF(16);
1207 READ64(write->wr_offset);
1208 READ32(write->wr_stable_how);
1209 if (write->wr_stable_how > 2)
1210 goto xdr_error;
1211 READ32(write->wr_buflen);
1212
1213 /* Sorry .. no magic macros for this.. *
1214 * READ_BUF(write->wr_buflen);
1215 * SAVEMEM(write->wr_buf, write->wr_buflen);
1216 */
1217 avail = (char*)argp->end - (char*)argp->p;
1218 if (avail + argp->pagelen < write->wr_buflen) {
1219 dprintk("NFSD: xdr error (%s:%d)\n",
1220 __FILE__, __LINE__);
1221 goto xdr_error;
1222 }
1223 write->wr_head.iov_base = p;
1224 write->wr_head.iov_len = avail;
1225 write->wr_pagelist = argp->pagelist;
1226
1227 len = XDR_QUADLEN(write->wr_buflen) << 2;
1228 if (len >= avail) {
1229 int pages;
1230
1231 len -= avail;
1232
1233 pages = len >> PAGE_SHIFT;
1234 argp->pagelist += pages;
1235 argp->pagelen -= pages * PAGE_SIZE;
1236 len -= pages * PAGE_SIZE;
1237
1238 argp->p = (__be32 *)page_address(argp->pagelist[0]);
1239 argp->pagelist++;
1240 argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE);
1241 }
1242 argp->p += XDR_QUADLEN(len);
1243
1244 DECODE_TAIL;
1245}
1246
1247static __be32
1248nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
1249{
1250 DECODE_HEAD;
1251
1252 if (argp->minorversion >= 1)
1253 return nfserr_notsupp;
1254
1255 READ_BUF(12);
1256 COPYMEM(&rlockowner->rl_clientid, sizeof(clientid_t));
1257 READ32(rlockowner->rl_owner.len);
1258 READ_BUF(rlockowner->rl_owner.len);
1259 READMEM(rlockowner->rl_owner.data, rlockowner->rl_owner.len);
1260
1261 if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
1262 return nfserr_inval;
1263 DECODE_TAIL;
1264}
1265
1266static __be32
1267nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
1268 struct nfsd4_exchange_id *exid)
1269{
1270 int dummy, tmp;
1271 DECODE_HEAD;
1272
1273 READ_BUF(NFS4_VERIFIER_SIZE);
1274 COPYMEM(exid->verifier.data, NFS4_VERIFIER_SIZE);
1275
1276 status = nfsd4_decode_opaque(argp, &exid->clname);
1277 if (status)
1278 return nfserr_bad_xdr;
1279
1280 READ_BUF(4);
1281 READ32(exid->flags);
1282
1283 /* Ignore state_protect4_a */
1284 READ_BUF(4);
1285 READ32(exid->spa_how);
1286 switch (exid->spa_how) {
1287 case SP4_NONE:
1288 break;
1289 case SP4_MACH_CRED:
1290 /* spo_must_enforce */
1291 READ_BUF(4);
1292 READ32(dummy);
1293 READ_BUF(dummy * 4);
1294 p += dummy;
1295
1296 /* spo_must_allow */
1297 READ_BUF(4);
1298 READ32(dummy);
1299 READ_BUF(dummy * 4);
1300 p += dummy;
1301 break;
1302 case SP4_SSV:
1303 /* ssp_ops */
1304 READ_BUF(4);
1305 READ32(dummy);
1306 READ_BUF(dummy * 4);
1307 p += dummy;
1308
1309 READ_BUF(4);
1310 READ32(dummy);
1311 READ_BUF(dummy * 4);
1312 p += dummy;
1313
1314 /* ssp_hash_algs<> */
1315 READ_BUF(4);
1316 READ32(tmp);
1317 while (tmp--) {
1318 READ_BUF(4);
1319 READ32(dummy);
1320 READ_BUF(dummy);
1321 p += XDR_QUADLEN(dummy);
1322 }
1323
1324 /* ssp_encr_algs<> */
1325 READ_BUF(4);
1326 READ32(tmp);
1327 while (tmp--) {
1328 READ_BUF(4);
1329 READ32(dummy);
1330 READ_BUF(dummy);
1331 p += XDR_QUADLEN(dummy);
1332 }
1333
1334 /* ssp_window and ssp_num_gss_handles */
1335 READ_BUF(8);
1336 READ32(dummy);
1337 READ32(dummy);
1338 break;
1339 default:
1340 goto xdr_error;
1341 }
1342
1343 /* Ignore Implementation ID */
1344 READ_BUF(4); /* nfs_impl_id4 array length */
1345 READ32(dummy);
1346
1347 if (dummy > 1)
1348 goto xdr_error;
1349
1350 if (dummy == 1) {
1351 /* nii_domain */
1352 READ_BUF(4);
1353 READ32(dummy);
1354 READ_BUF(dummy);
1355 p += XDR_QUADLEN(dummy);
1356
1357 /* nii_name */
1358 READ_BUF(4);
1359 READ32(dummy);
1360 READ_BUF(dummy);
1361 p += XDR_QUADLEN(dummy);
1362
1363 /* nii_date */
1364 READ_BUF(12);
1365 p += 3;
1366 }
1367 DECODE_TAIL;
1368}
1369
1370static __be32
1371nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
1372 struct nfsd4_create_session *sess)
1373{
1374 DECODE_HEAD;
1375 u32 dummy;
1376
1377 READ_BUF(16);
1378 COPYMEM(&sess->clientid, 8);
1379 READ32(sess->seqid);
1380 READ32(sess->flags);
1381
1382 /* Fore channel attrs */
1383 READ_BUF(28);
1384 READ32(dummy); /* headerpadsz is always 0 */
1385 READ32(sess->fore_channel.maxreq_sz);
1386 READ32(sess->fore_channel.maxresp_sz);
1387 READ32(sess->fore_channel.maxresp_cached);
1388 READ32(sess->fore_channel.maxops);
1389 READ32(sess->fore_channel.maxreqs);
1390 READ32(sess->fore_channel.nr_rdma_attrs);
1391 if (sess->fore_channel.nr_rdma_attrs == 1) {
1392 READ_BUF(4);
1393 READ32(sess->fore_channel.rdma_attrs);
1394 } else if (sess->fore_channel.nr_rdma_attrs > 1) {
1395 dprintk("Too many fore channel attr bitmaps!\n");
1396 goto xdr_error;
1397 }
1398
1399 /* Back channel attrs */
1400 READ_BUF(28);
1401 READ32(dummy); /* headerpadsz is always 0 */
1402 READ32(sess->back_channel.maxreq_sz);
1403 READ32(sess->back_channel.maxresp_sz);
1404 READ32(sess->back_channel.maxresp_cached);
1405 READ32(sess->back_channel.maxops);
1406 READ32(sess->back_channel.maxreqs);
1407 READ32(sess->back_channel.nr_rdma_attrs);
1408 if (sess->back_channel.nr_rdma_attrs == 1) {
1409 READ_BUF(4);
1410 READ32(sess->back_channel.rdma_attrs);
1411 } else if (sess->back_channel.nr_rdma_attrs > 1) {
1412 dprintk("Too many back channel attr bitmaps!\n");
1413 goto xdr_error;
1414 }
1415
1416 READ_BUF(4);
1417 READ32(sess->callback_prog);
1418 nfsd4_decode_cb_sec(argp, &sess->cb_sec);
1419 DECODE_TAIL;
1420}
1421
1422static __be32
1423nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
1424 struct nfsd4_destroy_session *destroy_session)
1425{
1426 DECODE_HEAD;
1427 READ_BUF(NFS4_MAX_SESSIONID_LEN);
1428 COPYMEM(destroy_session->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1429
1430 DECODE_TAIL;
1431}
1432
1433static __be32
1434nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
1435 struct nfsd4_free_stateid *free_stateid)
1436{
1437 DECODE_HEAD;
1438
1439 READ_BUF(sizeof(stateid_t));
1440 READ32(free_stateid->fr_stateid.si_generation);
1441 COPYMEM(&free_stateid->fr_stateid.si_opaque, sizeof(stateid_opaque_t));
1442
1443 DECODE_TAIL;
1444}
1445
1446static __be32
1447nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
1448 struct nfsd4_sequence *seq)
1449{
1450 DECODE_HEAD;
1451
1452 READ_BUF(NFS4_MAX_SESSIONID_LEN + 16);
1453 COPYMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
1454 READ32(seq->seqid);
1455 READ32(seq->slotid);
1456 READ32(seq->maxslots);
1457 READ32(seq->cachethis);
1458
1459 DECODE_TAIL;
1460}
1461
1462static __be32
1463nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
1464{
1465 int i;
1466 __be32 *p, status;
1467 struct nfsd4_test_stateid_id *stateid;
1468
1469 READ_BUF(4);
1470 test_stateid->ts_num_ids = ntohl(*p++);
1471
1472 INIT_LIST_HEAD(&test_stateid->ts_stateid_list);
1473
1474 for (i = 0; i < test_stateid->ts_num_ids; i++) {
1475 stateid = kmalloc(sizeof(struct nfsd4_test_stateid_id), GFP_KERNEL);
1476 if (!stateid) {
1477 status = nfserrno(-ENOMEM);
1478 goto out;
1479 }
1480
1481 defer_free(argp, kfree, stateid);
1482 INIT_LIST_HEAD(&stateid->ts_id_list);
1483 list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);
1484
1485 status = nfsd4_decode_stateid(argp, &stateid->ts_id_stateid);
1486 if (status)
1487 goto out;
1488 }
1489
1490 status = 0;
1491out:
1492 return status;
1493xdr_error:
1494 dprintk("NFSD: xdr error (%s:%d)\n", __FILE__, __LINE__);
1495 status = nfserr_bad_xdr;
1496 goto out;
1497}
1498
1499static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, struct nfsd4_destroy_clientid *dc)
1500{
1501 DECODE_HEAD;
1502
1503 READ_BUF(8);
1504 COPYMEM(&dc->clientid, 8);
1505
1506 DECODE_TAIL;
1507}
1508
1509static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, struct nfsd4_reclaim_complete *rc)
1510{
1511 DECODE_HEAD;
1512
1513 READ_BUF(4);
1514 READ32(rc->rca_one_fs);
1515
1516 DECODE_TAIL;
1517}
1518
1519static __be32
1520nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
1521{
1522 return nfs_ok;
1523}
1524
1525static __be32
1526nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
1527{
1528 return nfserr_notsupp;
1529}
1530
1531typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
1532
1533static nfsd4_dec nfsd4_dec_ops[] = {
1534 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
1535 [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
1536 [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
1537 [OP_CREATE] = (nfsd4_dec)nfsd4_decode_create,
1538 [OP_DELEGPURGE] = (nfsd4_dec)nfsd4_decode_notsupp,
1539 [OP_DELEGRETURN] = (nfsd4_dec)nfsd4_decode_delegreturn,
1540 [OP_GETATTR] = (nfsd4_dec)nfsd4_decode_getattr,
1541 [OP_GETFH] = (nfsd4_dec)nfsd4_decode_noop,
1542 [OP_LINK] = (nfsd4_dec)nfsd4_decode_link,
1543 [OP_LOCK] = (nfsd4_dec)nfsd4_decode_lock,
1544 [OP_LOCKT] = (nfsd4_dec)nfsd4_decode_lockt,
1545 [OP_LOCKU] = (nfsd4_dec)nfsd4_decode_locku,
1546 [OP_LOOKUP] = (nfsd4_dec)nfsd4_decode_lookup,
1547 [OP_LOOKUPP] = (nfsd4_dec)nfsd4_decode_noop,
1548 [OP_NVERIFY] = (nfsd4_dec)nfsd4_decode_verify,
1549 [OP_OPEN] = (nfsd4_dec)nfsd4_decode_open,
1550 [OP_OPENATTR] = (nfsd4_dec)nfsd4_decode_notsupp,
1551 [OP_OPEN_CONFIRM] = (nfsd4_dec)nfsd4_decode_open_confirm,
1552 [OP_OPEN_DOWNGRADE] = (nfsd4_dec)nfsd4_decode_open_downgrade,
1553 [OP_PUTFH] = (nfsd4_dec)nfsd4_decode_putfh,
1554 [OP_PUTPUBFH] = (nfsd4_dec)nfsd4_decode_putpubfh,
1555 [OP_PUTROOTFH] = (nfsd4_dec)nfsd4_decode_noop,
1556 [OP_READ] = (nfsd4_dec)nfsd4_decode_read,
1557 [OP_READDIR] = (nfsd4_dec)nfsd4_decode_readdir,
1558 [OP_READLINK] = (nfsd4_dec)nfsd4_decode_noop,
1559 [OP_REMOVE] = (nfsd4_dec)nfsd4_decode_remove,
1560 [OP_RENAME] = (nfsd4_dec)nfsd4_decode_rename,
1561 [OP_RENEW] = (nfsd4_dec)nfsd4_decode_renew,
1562 [OP_RESTOREFH] = (nfsd4_dec)nfsd4_decode_noop,
1563 [OP_SAVEFH] = (nfsd4_dec)nfsd4_decode_noop,
1564 [OP_SECINFO] = (nfsd4_dec)nfsd4_decode_secinfo,
1565 [OP_SETATTR] = (nfsd4_dec)nfsd4_decode_setattr,
1566 [OP_SETCLIENTID] = (nfsd4_dec)nfsd4_decode_setclientid,
1567 [OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
1568 [OP_VERIFY] = (nfsd4_dec)nfsd4_decode_verify,
1569 [OP_WRITE] = (nfsd4_dec)nfsd4_decode_write,
1570 [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner,
1571
1572 /* new operations for NFSv4.1 */
1573 [OP_BACKCHANNEL_CTL] = (nfsd4_dec)nfsd4_decode_backchannel_ctl,
1574 [OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
1575 [OP_EXCHANGE_ID] = (nfsd4_dec)nfsd4_decode_exchange_id,
1576 [OP_CREATE_SESSION] = (nfsd4_dec)nfsd4_decode_create_session,
1577 [OP_DESTROY_SESSION] = (nfsd4_dec)nfsd4_decode_destroy_session,
1578 [OP_FREE_STATEID] = (nfsd4_dec)nfsd4_decode_free_stateid,
1579 [OP_GET_DIR_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
1580 [OP_GETDEVICEINFO] = (nfsd4_dec)nfsd4_decode_notsupp,
1581 [OP_GETDEVICELIST] = (nfsd4_dec)nfsd4_decode_notsupp,
1582 [OP_LAYOUTCOMMIT] = (nfsd4_dec)nfsd4_decode_notsupp,
1583 [OP_LAYOUTGET] = (nfsd4_dec)nfsd4_decode_notsupp,
1584 [OP_LAYOUTRETURN] = (nfsd4_dec)nfsd4_decode_notsupp,
1585 [OP_SECINFO_NO_NAME] = (nfsd4_dec)nfsd4_decode_secinfo_no_name,
1586 [OP_SEQUENCE] = (nfsd4_dec)nfsd4_decode_sequence,
1587 [OP_SET_SSV] = (nfsd4_dec)nfsd4_decode_notsupp,
1588 [OP_TEST_STATEID] = (nfsd4_dec)nfsd4_decode_test_stateid,
1589 [OP_WANT_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
1590 [OP_DESTROY_CLIENTID] = (nfsd4_dec)nfsd4_decode_destroy_clientid,
1591 [OP_RECLAIM_COMPLETE] = (nfsd4_dec)nfsd4_decode_reclaim_complete,
1592};
1593
1594static inline bool
1595nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op)
1596{
1597 if (op->opnum < FIRST_NFS4_OP)
1598 return false;
1599 else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP)
1600 return false;
1601 else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP)
1602 return false;
1603 else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP)
1604 return false;
1605 return true;
1606}
1607
1608/*
1609 * Return a rough estimate of the maximum possible reply size. Note the
1610 * estimate includes rpc headers so is meant to be passed to
1611 * svc_reserve, not svc_reserve_auth.
1612 *
1613 * Also note the current compound encoding permits only one operation to
1614 * use pages beyond the first one, so the maximum possible length is the
1615 * maximum over these values, not the sum.
1616 */
1617static int nfsd4_max_reply(u32 opnum)
1618{
1619 switch (opnum) {
1620 case OP_READLINK:
1621 case OP_READDIR:
1622 /*
1623 * Both of these ops take a single page for data and put
1624 * the head and tail in another page:
1625 */
1626 return 2 * PAGE_SIZE;
1627 case OP_READ:
1628 return INT_MAX;
1629 default:
1630 return PAGE_SIZE;
1631 }
1632}
1633
1634static __be32
1635nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
1636{
1637 DECODE_HEAD;
1638 struct nfsd4_op *op;
1639 bool cachethis = false;
1640 int max_reply = PAGE_SIZE;
1641 int i;
1642
1643 READ_BUF(4);
1644 READ32(argp->taglen);
1645 READ_BUF(argp->taglen + 8);
1646 SAVEMEM(argp->tag, argp->taglen);
1647 READ32(argp->minorversion);
1648 READ32(argp->opcnt);
1649
1650 if (argp->taglen > NFSD4_MAX_TAGLEN)
1651 goto xdr_error;
1652 if (argp->opcnt > 100)
1653 goto xdr_error;
1654
1655 if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
1656 argp->ops = kmalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
1657 if (!argp->ops) {
1658 argp->ops = argp->iops;
1659 dprintk("nfsd: couldn't allocate room for COMPOUND\n");
1660 goto xdr_error;
1661 }
1662 }
1663
1664 if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
1665 argp->opcnt = 0;
1666
1667 for (i = 0; i < argp->opcnt; i++) {
1668 op = &argp->ops[i];
1669 op->replay = NULL;
1670
1671 READ_BUF(4);
1672 READ32(op->opnum);
1673
1674 if (nfsd4_opnum_in_range(argp, op))
1675 op->status = nfsd4_dec_ops[op->opnum](argp, &op->u);
1676 else {
1677 op->opnum = OP_ILLEGAL;
1678 op->status = nfserr_op_illegal;
1679 }
1680
1681 if (op->status) {
1682 argp->opcnt = i+1;
1683 break;
1684 }
1685 /*
1686 * We'll try to cache the result in the DRC if any one
1687 * op in the compound wants to be cached:
1688 */
1689 cachethis |= nfsd4_cache_this_op(op);
1690
1691 max_reply = max(max_reply, nfsd4_max_reply(op->opnum));
1692 }
1693 /* Sessions make the DRC unnecessary: */
1694 if (argp->minorversion)
1695 cachethis = false;
1696 if (max_reply != INT_MAX)
1697 svc_reserve(argp->rqstp, max_reply);
1698 argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
1699
1700 DECODE_TAIL;
1701}
1702
1703#define WRITE32(n) *p++ = htonl(n)
1704#define WRITE64(n) do { \
1705 *p++ = htonl((u32)((n) >> 32)); \
1706 *p++ = htonl((u32)(n)); \
1707} while (0)
1708#define WRITEMEM(ptr,nbytes) do { if (nbytes > 0) { \
1709 *(p + XDR_QUADLEN(nbytes) -1) = 0; \
1710 memcpy(p, ptr, nbytes); \
1711 p += XDR_QUADLEN(nbytes); \
1712}} while (0)
1713
1714static void write32(__be32 **p, u32 n)
1715{
1716 *(*p)++ = htonl(n);
1717}
1718
1719static void write64(__be32 **p, u64 n)
1720{
1721 write32(p, (n >> 32));
1722 write32(p, (u32)n);
1723}
1724
1725static void write_change(__be32 **p, struct kstat *stat, struct inode *inode)
1726{
1727 if (IS_I_VERSION(inode)) {
1728 write64(p, inode->i_version);
1729 } else {
1730 write32(p, stat->ctime.tv_sec);
1731 write32(p, stat->ctime.tv_nsec);
1732 }
1733}
1734
1735static void write_cinfo(__be32 **p, struct nfsd4_change_info *c)
1736{
1737 write32(p, c->atomic);
1738 if (c->change_supported) {
1739 write64(p, c->before_change);
1740 write64(p, c->after_change);
1741 } else {
1742 write32(p, c->before_ctime_sec);
1743 write32(p, c->before_ctime_nsec);
1744 write32(p, c->after_ctime_sec);
1745 write32(p, c->after_ctime_nsec);
1746 }
1747}
1748
1749#define RESERVE_SPACE(nbytes) do { \
1750 p = resp->p; \
1751 BUG_ON(p + XDR_QUADLEN(nbytes) > resp->end); \
1752} while (0)
1753#define ADJUST_ARGS() resp->p = p
1754
1755/* Encode as an array of strings the string given with components
1756 * separated @sep, escaped with esc_enter and esc_exit.
1757 */
1758static __be32 nfsd4_encode_components_esc(char sep, char *components,
1759 __be32 **pp, int *buflen,
1760 char esc_enter, char esc_exit)
1761{
1762 __be32 *p = *pp;
1763 __be32 *countp = p;
1764 int strlen, count=0;
1765 char *str, *end, *next;
1766
1767 dprintk("nfsd4_encode_components(%s)\n", components);
1768 if ((*buflen -= 4) < 0)
1769 return nfserr_resource;
1770 WRITE32(0); /* We will fill this in with @count later */
1771 end = str = components;
1772 while (*end) {
1773 bool found_esc = false;
1774
1775 /* try to parse as esc_start, ..., esc_end, sep */
1776 if (*str == esc_enter) {
1777 for (; *end && (*end != esc_exit); end++)
1778 /* find esc_exit or end of string */;
1779 next = end + 1;
1780 if (*end && (!*next || *next == sep)) {
1781 str++;
1782 found_esc = true;
1783 }
1784 }
1785
1786 if (!found_esc)
1787 for (; *end && (*end != sep); end++)
1788 /* find sep or end of string */;
1789
1790 strlen = end - str;
1791 if (strlen) {
1792 if ((*buflen -= ((XDR_QUADLEN(strlen) << 2) + 4)) < 0)
1793 return nfserr_resource;
1794 WRITE32(strlen);
1795 WRITEMEM(str, strlen);
1796 count++;
1797 }
1798 else
1799 end++;
1800 str = end;
1801 }
1802 *pp = p;
1803 p = countp;
1804 WRITE32(count);
1805 return 0;
1806}
1807
1808/* Encode as an array of strings the string given with components
1809 * separated @sep.
1810 */
1811static __be32 nfsd4_encode_components(char sep, char *components,
1812 __be32 **pp, int *buflen)
1813{
1814 return nfsd4_encode_components_esc(sep, components, pp, buflen, 0, 0);
1815}
1816
1817/*
1818 * encode a location element of a fs_locations structure
1819 */
1820static __be32 nfsd4_encode_fs_location4(struct nfsd4_fs_location *location,
1821 __be32 **pp, int *buflen)
1822{
1823 __be32 status;
1824 __be32 *p = *pp;
1825
1826 status = nfsd4_encode_components_esc(':', location->hosts, &p, buflen,
1827 '[', ']');
1828 if (status)
1829 return status;
1830 status = nfsd4_encode_components('/', location->path, &p, buflen);
1831 if (status)
1832 return status;
1833 *pp = p;
1834 return 0;
1835}
1836
1837/*
1838 * Encode a path in RFC3530 'pathname4' format
1839 */
1840static __be32 nfsd4_encode_path(const struct path *root,
1841 const struct path *path, __be32 **pp, int *buflen)
1842{
1843 struct path cur = *path;
1844 __be32 *p = *pp;
1845 struct dentry **components = NULL;
1846 unsigned int ncomponents = 0;
1847 __be32 err = nfserr_jukebox;
1848
1849 dprintk("nfsd4_encode_components(");
1850
1851 path_get(&cur);
1852 /* First walk the path up to the nfsd root, and store the
1853 * dentries/path components in an array.
1854 */
1855 for (;;) {
1856 if (cur.dentry == root->dentry && cur.mnt == root->mnt)
1857 break;
1858 if (cur.dentry == cur.mnt->mnt_root) {
1859 if (follow_up(&cur))
1860 continue;
1861 goto out_free;
1862 }
1863 if ((ncomponents & 15) == 0) {
1864 struct dentry **new;
1865 new = krealloc(components,
1866 sizeof(*new) * (ncomponents + 16),
1867 GFP_KERNEL);
1868 if (!new)
1869 goto out_free;
1870 components = new;
1871 }
1872 components[ncomponents++] = cur.dentry;
1873 cur.dentry = dget_parent(cur.dentry);
1874 }
1875
1876 *buflen -= 4;
1877 if (*buflen < 0)
1878 goto out_free;
1879 WRITE32(ncomponents);
1880
1881 while (ncomponents) {
1882 struct dentry *dentry = components[ncomponents - 1];
1883 unsigned int len;
1884
1885 spin_lock(&dentry->d_lock);
1886 len = dentry->d_name.len;
1887 *buflen -= 4 + (XDR_QUADLEN(len) << 2);
1888 if (*buflen < 0) {
1889 spin_unlock(&dentry->d_lock);
1890 goto out_free;
1891 }
1892 WRITE32(len);
1893 WRITEMEM(dentry->d_name.name, len);
1894 dprintk("/%s", dentry->d_name.name);
1895 spin_unlock(&dentry->d_lock);
1896 dput(dentry);
1897 ncomponents--;
1898 }
1899
1900 *pp = p;
1901 err = 0;
1902out_free:
1903 dprintk(")\n");
1904 while (ncomponents)
1905 dput(components[--ncomponents]);
1906 kfree(components);
1907 path_put(&cur);
1908 return err;
1909}
1910
1911static __be32 nfsd4_encode_fsloc_fsroot(struct svc_rqst *rqstp,
1912 const struct path *path, __be32 **pp, int *buflen)
1913{
1914 struct svc_export *exp_ps;
1915 __be32 res;
1916
1917 exp_ps = rqst_find_fsidzero_export(rqstp);
1918 if (IS_ERR(exp_ps))
1919 return nfserrno(PTR_ERR(exp_ps));
1920 res = nfsd4_encode_path(&exp_ps->ex_path, path, pp, buflen);
1921 exp_put(exp_ps);
1922 return res;
1923}
1924
1925/*
1926 * encode a fs_locations structure
1927 */
1928static __be32 nfsd4_encode_fs_locations(struct svc_rqst *rqstp,
1929 struct svc_export *exp,
1930 __be32 **pp, int *buflen)
1931{
1932 __be32 status;
1933 int i;
1934 __be32 *p = *pp;
1935 struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;
1936
1937 status = nfsd4_encode_fsloc_fsroot(rqstp, &exp->ex_path, &p, buflen);
1938 if (status)
1939 return status;
1940 if ((*buflen -= 4) < 0)
1941 return nfserr_resource;
1942 WRITE32(fslocs->locations_count);
1943 for (i=0; i<fslocs->locations_count; i++) {
1944 status = nfsd4_encode_fs_location4(&fslocs->locations[i],
1945 &p, buflen);
1946 if (status)
1947 return status;
1948 }
1949 *pp = p;
1950 return 0;
1951}
1952
1953static u32 nfs4_file_type(umode_t mode)
1954{
1955 switch (mode & S_IFMT) {
1956 case S_IFIFO: return NF4FIFO;
1957 case S_IFCHR: return NF4CHR;
1958 case S_IFDIR: return NF4DIR;
1959 case S_IFBLK: return NF4BLK;
1960 case S_IFLNK: return NF4LNK;
1961 case S_IFREG: return NF4REG;
1962 case S_IFSOCK: return NF4SOCK;
1963 default: return NF4BAD;
1964 };
1965}
1966
1967static inline __be32
1968nfsd4_encode_aclname(struct svc_rqst *rqstp, struct nfs4_ace *ace,
1969 __be32 **p, int *buflen)
1970{
1971 if (ace->whotype != NFS4_ACL_WHO_NAMED)
1972 return nfs4_acl_write_who(ace->whotype, p, buflen);
1973 else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
1974 return nfsd4_encode_group(rqstp, ace->who_gid, p, buflen);
1975 else
1976 return nfsd4_encode_user(rqstp, ace->who_uid, p, buflen);
1977}
1978
1979#define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
1980 FATTR4_WORD0_RDATTR_ERROR)
1981#define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
1982
1983#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
1984static inline __be32
1985nfsd4_encode_security_label(struct svc_rqst *rqstp, void *context, int len, __be32 **pp, int *buflen)
1986{
1987 __be32 *p = *pp;
1988
1989 if (*buflen < ((XDR_QUADLEN(len) << 2) + 4 + 4 + 4))
1990 return nfserr_resource;
1991
1992 /*
1993 * For now we use a 0 here to indicate the null translation; in
1994 * the future we may place a call to translation code here.
1995 */
1996 if ((*buflen -= 8) < 0)
1997 return nfserr_resource;
1998
1999 WRITE32(0); /* lfs */
2000 WRITE32(0); /* pi */
2001 p = xdr_encode_opaque(p, context, len);
2002 *buflen -= (XDR_QUADLEN(len) << 2) + 4;
2003
2004 *pp = p;
2005 return 0;
2006}
2007#else
2008static inline __be32
2009nfsd4_encode_security_label(struct svc_rqst *rqstp, void *context, int len, __be32 **pp, int *buflen)
2010{ return 0; }
2011#endif
2012
2013static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *rdattr_err)
2014{
2015 /* As per referral draft: */
2016 if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
2017 *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
2018 if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
2019 *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
2020 *rdattr_err = NFSERR_MOVED;
2021 else
2022 return nfserr_moved;
2023 }
2024 *bmval0 &= WORD0_ABSENT_FS_ATTRS;
2025 *bmval1 &= WORD1_ABSENT_FS_ATTRS;
2026 return 0;
2027}
2028
2029
2030static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
2031{
2032 struct path path = exp->ex_path;
2033 int err;
2034
2035 path_get(&path);
2036 while (follow_up(&path)) {
2037 if (path.dentry != path.mnt->mnt_root)
2038 break;
2039 }
2040 err = vfs_getattr(&path, stat);
2041 path_put(&path);
2042 return err;
2043}
2044
2045/*
2046 * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
2047 * ourselves.
2048 *
2049 * countp is the buffer size in _words_
2050 */
2051__be32
2052nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp,
2053 struct dentry *dentry, __be32 **buffer, int count, u32 *bmval,
2054 struct svc_rqst *rqstp, int ignore_crossmnt)
2055{
2056 u32 bmval0 = bmval[0];
2057 u32 bmval1 = bmval[1];
2058 u32 bmval2 = bmval[2];
2059 struct kstat stat;
2060 struct svc_fh *tempfh = NULL;
2061 struct kstatfs statfs;
2062 int buflen = count << 2;
2063 __be32 *attrlenp;
2064 u32 dummy;
2065 u64 dummy64;
2066 u32 rdattr_err = 0;
2067 __be32 *p = *buffer;
2068 __be32 status;
2069 int err;
2070 int aclsupport = 0;
2071 struct nfs4_acl *acl = NULL;
2072 void *context = NULL;
2073 int contextlen;
2074 bool contextsupport = false;
2075 struct nfsd4_compoundres *resp = rqstp->rq_resp;
2076 u32 minorversion = resp->cstate.minorversion;
2077 struct path path = {
2078 .mnt = exp->ex_path.mnt,
2079 .dentry = dentry,
2080 };
2081 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2082
2083 BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
2084 BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion));
2085 BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion));
2086 BUG_ON(bmval2 & ~nfsd_suppattrs2(minorversion));
2087
2088 if (exp->ex_fslocs.migrated) {
2089 BUG_ON(bmval[2]);
2090 status = fattr_handle_absent_fs(&bmval0, &bmval1, &rdattr_err);
2091 if (status)
2092 goto out;
2093 }
2094
2095 err = vfs_getattr(&path, &stat);
2096 if (err)
2097 goto out_nfserr;
2098 if ((bmval0 & (FATTR4_WORD0_FILES_FREE | FATTR4_WORD0_FILES_TOTAL |
2099 FATTR4_WORD0_MAXNAME)) ||
2100 (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
2101 FATTR4_WORD1_SPACE_TOTAL))) {
2102 err = vfs_statfs(&path, &statfs);
2103 if (err)
2104 goto out_nfserr;
2105 }
2106 if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
2107 tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
2108 status = nfserr_jukebox;
2109 if (!tempfh)
2110 goto out;
2111 fh_init(tempfh, NFS4_FHSIZE);
2112 status = fh_compose(tempfh, exp, dentry, NULL);
2113 if (status)
2114 goto out;
2115 fhp = tempfh;
2116 }
2117 if (bmval0 & (FATTR4_WORD0_ACL | FATTR4_WORD0_ACLSUPPORT
2118 | FATTR4_WORD0_SUPPORTED_ATTRS)) {
2119 err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
2120 aclsupport = (err == 0);
2121 if (bmval0 & FATTR4_WORD0_ACL) {
2122 if (err == -EOPNOTSUPP)
2123 bmval0 &= ~FATTR4_WORD0_ACL;
2124 else if (err == -EINVAL) {
2125 status = nfserr_attrnotsupp;
2126 goto out;
2127 } else if (err != 0)
2128 goto out_nfserr;
2129 }
2130 }
2131
2132#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2133 if ((bmval[2] & FATTR4_WORD2_SECURITY_LABEL) ||
2134 bmval[0] & FATTR4_WORD0_SUPPORTED_ATTRS) {
2135 err = security_inode_getsecctx(dentry->d_inode,
2136 &context, &contextlen);
2137 contextsupport = (err == 0);
2138 if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2139 if (err == -EOPNOTSUPP)
2140 bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2141 else if (err)
2142 goto out_nfserr;
2143 }
2144 }
2145#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2146
2147 if (bmval2) {
2148 if ((buflen -= 16) < 0)
2149 goto out_resource;
2150 WRITE32(3);
2151 WRITE32(bmval0);
2152 WRITE32(bmval1);
2153 WRITE32(bmval2);
2154 } else if (bmval1) {
2155 if ((buflen -= 12) < 0)
2156 goto out_resource;
2157 WRITE32(2);
2158 WRITE32(bmval0);
2159 WRITE32(bmval1);
2160 } else {
2161 if ((buflen -= 8) < 0)
2162 goto out_resource;
2163 WRITE32(1);
2164 WRITE32(bmval0);
2165 }
2166 attrlenp = p++; /* to be backfilled later */
2167
2168 if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2169 u32 word0 = nfsd_suppattrs0(minorversion);
2170 u32 word1 = nfsd_suppattrs1(minorversion);
2171 u32 word2 = nfsd_suppattrs2(minorversion);
2172
2173 if (!aclsupport)
2174 word0 &= ~FATTR4_WORD0_ACL;
2175 if (!contextsupport)
2176 word2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2177 if (!word2) {
2178 if ((buflen -= 12) < 0)
2179 goto out_resource;
2180 WRITE32(2);
2181 WRITE32(word0);
2182 WRITE32(word1);
2183 } else {
2184 if ((buflen -= 16) < 0)
2185 goto out_resource;
2186 WRITE32(3);
2187 WRITE32(word0);
2188 WRITE32(word1);
2189 WRITE32(word2);
2190 }
2191 }
2192 if (bmval0 & FATTR4_WORD0_TYPE) {
2193 if ((buflen -= 4) < 0)
2194 goto out_resource;
2195 dummy = nfs4_file_type(stat.mode);
2196 if (dummy == NF4BAD) {
2197 status = nfserr_serverfault;
2198 goto out;
2199 }
2200 WRITE32(dummy);
2201 }
2202 if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
2203 if ((buflen -= 4) < 0)
2204 goto out_resource;
2205 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
2206 WRITE32(NFS4_FH_PERSISTENT);
2207 else
2208 WRITE32(NFS4_FH_PERSISTENT|NFS4_FH_VOL_RENAME);
2209 }
2210 if (bmval0 & FATTR4_WORD0_CHANGE) {
2211 if ((buflen -= 8) < 0)
2212 goto out_resource;
2213 write_change(&p, &stat, dentry->d_inode);
2214 }
2215 if (bmval0 & FATTR4_WORD0_SIZE) {
2216 if ((buflen -= 8) < 0)
2217 goto out_resource;
2218 WRITE64(stat.size);
2219 }
2220 if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
2221 if ((buflen -= 4) < 0)
2222 goto out_resource;
2223 WRITE32(1);
2224 }
2225 if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
2226 if ((buflen -= 4) < 0)
2227 goto out_resource;
2228 WRITE32(1);
2229 }
2230 if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {
2231 if ((buflen -= 4) < 0)
2232 goto out_resource;
2233 WRITE32(0);
2234 }
2235 if (bmval0 & FATTR4_WORD0_FSID) {
2236 if ((buflen -= 16) < 0)
2237 goto out_resource;
2238 if (exp->ex_fslocs.migrated) {
2239 WRITE64(NFS4_REFERRAL_FSID_MAJOR);
2240 WRITE64(NFS4_REFERRAL_FSID_MINOR);
2241 } else switch(fsid_source(fhp)) {
2242 case FSIDSOURCE_FSID:
2243 WRITE64((u64)exp->ex_fsid);
2244 WRITE64((u64)0);
2245 break;
2246 case FSIDSOURCE_DEV:
2247 WRITE32(0);
2248 WRITE32(MAJOR(stat.dev));
2249 WRITE32(0);
2250 WRITE32(MINOR(stat.dev));
2251 break;
2252 case FSIDSOURCE_UUID:
2253 WRITEMEM(exp->ex_uuid, 16);
2254 break;
2255 }
2256 }
2257 if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
2258 if ((buflen -= 4) < 0)
2259 goto out_resource;
2260 WRITE32(0);
2261 }
2262 if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
2263 if ((buflen -= 4) < 0)
2264 goto out_resource;
2265 WRITE32(nn->nfsd4_lease);
2266 }
2267 if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
2268 if ((buflen -= 4) < 0)
2269 goto out_resource;
2270 WRITE32(rdattr_err);
2271 }
2272 if (bmval0 & FATTR4_WORD0_ACL) {
2273 struct nfs4_ace *ace;
2274
2275 if (acl == NULL) {
2276 if ((buflen -= 4) < 0)
2277 goto out_resource;
2278
2279 WRITE32(0);
2280 goto out_acl;
2281 }
2282 if ((buflen -= 4) < 0)
2283 goto out_resource;
2284 WRITE32(acl->naces);
2285
2286 for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
2287 if ((buflen -= 4*3) < 0)
2288 goto out_resource;
2289 WRITE32(ace->type);
2290 WRITE32(ace->flag);
2291 WRITE32(ace->access_mask & NFS4_ACE_MASK_ALL);
2292 status = nfsd4_encode_aclname(rqstp, ace, &p, &buflen);
2293 if (status)
2294 goto out;
2295 }
2296 }
2297out_acl:
2298 if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
2299 if ((buflen -= 4) < 0)
2300 goto out_resource;
2301 WRITE32(aclsupport ?
2302 ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
2303 }
2304 if (bmval0 & FATTR4_WORD0_CANSETTIME) {
2305 if ((buflen -= 4) < 0)
2306 goto out_resource;
2307 WRITE32(1);
2308 }
2309 if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
2310 if ((buflen -= 4) < 0)
2311 goto out_resource;
2312 WRITE32(0);
2313 }
2314 if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
2315 if ((buflen -= 4) < 0)
2316 goto out_resource;
2317 WRITE32(1);
2318 }
2319 if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
2320 if ((buflen -= 4) < 0)
2321 goto out_resource;
2322 WRITE32(1);
2323 }
2324 if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
2325 buflen -= (XDR_QUADLEN(fhp->fh_handle.fh_size) << 2) + 4;
2326 if (buflen < 0)
2327 goto out_resource;
2328 WRITE32(fhp->fh_handle.fh_size);
2329 WRITEMEM(&fhp->fh_handle.fh_base, fhp->fh_handle.fh_size);
2330 }
2331 if (bmval0 & FATTR4_WORD0_FILEID) {
2332 if ((buflen -= 8) < 0)
2333 goto out_resource;
2334 WRITE64(stat.ino);
2335 }
2336 if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
2337 if ((buflen -= 8) < 0)
2338 goto out_resource;
2339 WRITE64((u64) statfs.f_ffree);
2340 }
2341 if (bmval0 & FATTR4_WORD0_FILES_FREE) {
2342 if ((buflen -= 8) < 0)
2343 goto out_resource;
2344 WRITE64((u64) statfs.f_ffree);
2345 }
2346 if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
2347 if ((buflen -= 8) < 0)
2348 goto out_resource;
2349 WRITE64((u64) statfs.f_files);
2350 }
2351 if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
2352 status = nfsd4_encode_fs_locations(rqstp, exp, &p, &buflen);
2353 if (status)
2354 goto out;
2355 }
2356 if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
2357 if ((buflen -= 4) < 0)
2358 goto out_resource;
2359 WRITE32(1);
2360 }
2361 if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
2362 if ((buflen -= 8) < 0)
2363 goto out_resource;
2364 WRITE64(exp->ex_path.mnt->mnt_sb->s_maxbytes);
2365 }
2366 if (bmval0 & FATTR4_WORD0_MAXLINK) {
2367 if ((buflen -= 4) < 0)
2368 goto out_resource;
2369 WRITE32(255);
2370 }
2371 if (bmval0 & FATTR4_WORD0_MAXNAME) {
2372 if ((buflen -= 4) < 0)
2373 goto out_resource;
2374 WRITE32(statfs.f_namelen);
2375 }
2376 if (bmval0 & FATTR4_WORD0_MAXREAD) {
2377 if ((buflen -= 8) < 0)
2378 goto out_resource;
2379 WRITE64((u64) svc_max_payload(rqstp));
2380 }
2381 if (bmval0 & FATTR4_WORD0_MAXWRITE) {
2382 if ((buflen -= 8) < 0)
2383 goto out_resource;
2384 WRITE64((u64) svc_max_payload(rqstp));
2385 }
2386 if (bmval1 & FATTR4_WORD1_MODE) {
2387 if ((buflen -= 4) < 0)
2388 goto out_resource;
2389 WRITE32(stat.mode & S_IALLUGO);
2390 }
2391 if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
2392 if ((buflen -= 4) < 0)
2393 goto out_resource;
2394 WRITE32(1);
2395 }
2396 if (bmval1 & FATTR4_WORD1_NUMLINKS) {
2397 if ((buflen -= 4) < 0)
2398 goto out_resource;
2399 WRITE32(stat.nlink);
2400 }
2401 if (bmval1 & FATTR4_WORD1_OWNER) {
2402 status = nfsd4_encode_user(rqstp, stat.uid, &p, &buflen);
2403 if (status)
2404 goto out;
2405 }
2406 if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
2407 status = nfsd4_encode_group(rqstp, stat.gid, &p, &buflen);
2408 if (status)
2409 goto out;
2410 }
2411 if (bmval1 & FATTR4_WORD1_RAWDEV) {
2412 if ((buflen -= 8) < 0)
2413 goto out_resource;
2414 WRITE32((u32) MAJOR(stat.rdev));
2415 WRITE32((u32) MINOR(stat.rdev));
2416 }
2417 if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
2418 if ((buflen -= 8) < 0)
2419 goto out_resource;
2420 dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
2421 WRITE64(dummy64);
2422 }
2423 if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
2424 if ((buflen -= 8) < 0)
2425 goto out_resource;
2426 dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
2427 WRITE64(dummy64);
2428 }
2429 if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
2430 if ((buflen -= 8) < 0)
2431 goto out_resource;
2432 dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
2433 WRITE64(dummy64);
2434 }
2435 if (bmval1 & FATTR4_WORD1_SPACE_USED) {
2436 if ((buflen -= 8) < 0)
2437 goto out_resource;
2438 dummy64 = (u64)stat.blocks << 9;
2439 WRITE64(dummy64);
2440 }
2441 if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
2442 if ((buflen -= 12) < 0)
2443 goto out_resource;
2444 WRITE64((s64)stat.atime.tv_sec);
2445 WRITE32(stat.atime.tv_nsec);
2446 }
2447 if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
2448 if ((buflen -= 12) < 0)
2449 goto out_resource;
2450 WRITE32(0);
2451 WRITE32(1);
2452 WRITE32(0);
2453 }
2454 if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
2455 if ((buflen -= 12) < 0)
2456 goto out_resource;
2457 WRITE64((s64)stat.ctime.tv_sec);
2458 WRITE32(stat.ctime.tv_nsec);
2459 }
2460 if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
2461 if ((buflen -= 12) < 0)
2462 goto out_resource;
2463 WRITE64((s64)stat.mtime.tv_sec);
2464 WRITE32(stat.mtime.tv_nsec);
2465 }
2466 if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
2467 if ((buflen -= 8) < 0)
2468 goto out_resource;
2469 /*
2470 * Get parent's attributes if not ignoring crossmount
2471 * and this is the root of a cross-mounted filesystem.
2472 */
2473 if (ignore_crossmnt == 0 &&
2474 dentry == exp->ex_path.mnt->mnt_root)
2475 get_parent_attributes(exp, &stat);
2476 WRITE64(stat.ino);
2477 }
2478 if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2479 status = nfsd4_encode_security_label(rqstp, context,
2480 contextlen, &p, &buflen);
2481 if (status)
2482 goto out;
2483 }
2484 if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
2485 if ((buflen -= 16) < 0)
2486 goto out_resource;
2487 WRITE32(3);
2488 WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD0);
2489 WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD1);
2490 WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD2);
2491 }
2492
2493 *attrlenp = htonl((char *)p - (char *)attrlenp - 4);
2494 *buffer = p;
2495 status = nfs_ok;
2496
2497out:
2498#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2499 if (context)
2500 security_release_secctx(context, contextlen);
2501#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2502 kfree(acl);
2503 if (tempfh) {
2504 fh_put(tempfh);
2505 kfree(tempfh);
2506 }
2507 return status;
2508out_nfserr:
2509 status = nfserrno(err);
2510 goto out;
2511out_resource:
2512 status = nfserr_resource;
2513 goto out;
2514}
2515
2516static inline int attributes_need_mount(u32 *bmval)
2517{
2518 if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
2519 return 1;
2520 if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
2521 return 1;
2522 return 0;
2523}
2524
2525static __be32
2526nfsd4_encode_dirent_fattr(struct nfsd4_readdir *cd,
2527 const char *name, int namlen, __be32 **p, int buflen)
2528{
2529 struct svc_export *exp = cd->rd_fhp->fh_export;
2530 struct dentry *dentry;
2531 __be32 nfserr;
2532 int ignore_crossmnt = 0;
2533
2534 dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen);
2535 if (IS_ERR(dentry))
2536 return nfserrno(PTR_ERR(dentry));
2537 if (!dentry->d_inode) {
2538 /*
2539 * nfsd_buffered_readdir drops the i_mutex between
2540 * readdir and calling this callback, leaving a window
2541 * where this directory entry could have gone away.
2542 */
2543 dput(dentry);
2544 return nfserr_noent;
2545 }
2546
2547 exp_get(exp);
2548 /*
2549 * In the case of a mountpoint, the client may be asking for
2550 * attributes that are only properties of the underlying filesystem
2551 * as opposed to the cross-mounted file system. In such a case,
2552 * we will not follow the cross mount and will fill the attribtutes
2553 * directly from the mountpoint dentry.
2554 */
2555 if (nfsd_mountpoint(dentry, exp)) {
2556 int err;
2557
2558 if (!(exp->ex_flags & NFSEXP_V4ROOT)
2559 && !attributes_need_mount(cd->rd_bmval)) {
2560 ignore_crossmnt = 1;
2561 goto out_encode;
2562 }
2563 /*
2564 * Why the heck aren't we just using nfsd_lookup??
2565 * Different "."/".." handling? Something else?
2566 * At least, add a comment here to explain....
2567 */
2568 err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
2569 if (err) {
2570 nfserr = nfserrno(err);
2571 goto out_put;
2572 }
2573 nfserr = check_nfsd_access(exp, cd->rd_rqstp);
2574 if (nfserr)
2575 goto out_put;
2576
2577 }
2578out_encode:
2579 nfserr = nfsd4_encode_fattr(NULL, exp, dentry, p, buflen, cd->rd_bmval,
2580 cd->rd_rqstp, ignore_crossmnt);
2581out_put:
2582 dput(dentry);
2583 exp_put(exp);
2584 return nfserr;
2585}
2586
2587static __be32 *
2588nfsd4_encode_rdattr_error(__be32 *p, int buflen, __be32 nfserr)
2589{
2590 if (buflen < 6)
2591 return NULL;
2592 *p++ = htonl(2);
2593 *p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */
2594 *p++ = htonl(0); /* bmval1 */
2595
2596 *p++ = htonl(4); /* attribute length */
2597 *p++ = nfserr; /* no htonl */
2598 return p;
2599}
2600
2601static int
2602nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
2603 loff_t offset, u64 ino, unsigned int d_type)
2604{
2605 struct readdir_cd *ccd = ccdv;
2606 struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
2607 int buflen;
2608 __be32 *p = cd->buffer;
2609 __be32 *cookiep;
2610 __be32 nfserr = nfserr_toosmall;
2611
2612 /* In nfsv4, "." and ".." never make it onto the wire.. */
2613 if (name && isdotent(name, namlen)) {
2614 cd->common.err = nfs_ok;
2615 return 0;
2616 }
2617
2618 if (cd->offset)
2619 xdr_encode_hyper(cd->offset, (u64) offset);
2620
2621 buflen = cd->buflen - 4 - XDR_QUADLEN(namlen);
2622 if (buflen < 0)
2623 goto fail;
2624
2625 *p++ = xdr_one; /* mark entry present */
2626 cookiep = p;
2627 p = xdr_encode_hyper(p, NFS_OFFSET_MAX); /* offset of next entry */
2628 p = xdr_encode_array(p, name, namlen); /* name length & name */
2629
2630 nfserr = nfsd4_encode_dirent_fattr(cd, name, namlen, &p, buflen);
2631 switch (nfserr) {
2632 case nfs_ok:
2633 break;
2634 case nfserr_resource:
2635 nfserr = nfserr_toosmall;
2636 goto fail;
2637 case nfserr_noent:
2638 goto skip_entry;
2639 default:
2640 /*
2641 * If the client requested the RDATTR_ERROR attribute,
2642 * we stuff the error code into this attribute
2643 * and continue. If this attribute was not requested,
2644 * then in accordance with the spec, we fail the
2645 * entire READDIR operation(!)
2646 */
2647 if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR))
2648 goto fail;
2649 p = nfsd4_encode_rdattr_error(p, buflen, nfserr);
2650 if (p == NULL) {
2651 nfserr = nfserr_toosmall;
2652 goto fail;
2653 }
2654 }
2655 cd->buflen -= (p - cd->buffer);
2656 cd->buffer = p;
2657 cd->offset = cookiep;
2658skip_entry:
2659 cd->common.err = nfs_ok;
2660 return 0;
2661fail:
2662 cd->common.err = nfserr;
2663 return -EINVAL;
2664}
2665
2666static void
2667nfsd4_encode_stateid(struct nfsd4_compoundres *resp, stateid_t *sid)
2668{
2669 __be32 *p;
2670
2671 RESERVE_SPACE(sizeof(stateid_t));
2672 WRITE32(sid->si_generation);
2673 WRITEMEM(&sid->si_opaque, sizeof(stateid_opaque_t));
2674 ADJUST_ARGS();
2675}
2676
2677static __be32
2678nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
2679{
2680 __be32 *p;
2681
2682 if (!nfserr) {
2683 RESERVE_SPACE(8);
2684 WRITE32(access->ac_supported);
2685 WRITE32(access->ac_resp_access);
2686 ADJUST_ARGS();
2687 }
2688 return nfserr;
2689}
2690
2691static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
2692{
2693 __be32 *p;
2694
2695 if (!nfserr) {
2696 RESERVE_SPACE(NFS4_MAX_SESSIONID_LEN + 8);
2697 WRITEMEM(bcts->sessionid.data, NFS4_MAX_SESSIONID_LEN);
2698 WRITE32(bcts->dir);
2699 /* Sorry, we do not yet support RDMA over 4.1: */
2700 WRITE32(0);
2701 ADJUST_ARGS();
2702 }
2703 return nfserr;
2704}
2705
2706static __be32
2707nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
2708{
2709 if (!nfserr)
2710 nfsd4_encode_stateid(resp, &close->cl_stateid);
2711
2712 return nfserr;
2713}
2714
2715
2716static __be32
2717nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
2718{
2719 __be32 *p;
2720
2721 if (!nfserr) {
2722 RESERVE_SPACE(NFS4_VERIFIER_SIZE);
2723 WRITEMEM(commit->co_verf.data, NFS4_VERIFIER_SIZE);
2724 ADJUST_ARGS();
2725 }
2726 return nfserr;
2727}
2728
2729static __be32
2730nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
2731{
2732 __be32 *p;
2733
2734 if (!nfserr) {
2735 RESERVE_SPACE(32);
2736 write_cinfo(&p, &create->cr_cinfo);
2737 WRITE32(2);
2738 WRITE32(create->cr_bmval[0]);
2739 WRITE32(create->cr_bmval[1]);
2740 ADJUST_ARGS();
2741 }
2742 return nfserr;
2743}
2744
2745static __be32
2746nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
2747{
2748 struct svc_fh *fhp = getattr->ga_fhp;
2749 int buflen;
2750
2751 if (nfserr)
2752 return nfserr;
2753
2754 buflen = resp->end - resp->p - (COMPOUND_ERR_SLACK_SPACE >> 2);
2755 nfserr = nfsd4_encode_fattr(fhp, fhp->fh_export, fhp->fh_dentry,
2756 &resp->p, buflen, getattr->ga_bmval,
2757 resp->rqstp, 0);
2758 return nfserr;
2759}
2760
2761static __be32
2762nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
2763{
2764 struct svc_fh *fhp = *fhpp;
2765 unsigned int len;
2766 __be32 *p;
2767
2768 if (!nfserr) {
2769 len = fhp->fh_handle.fh_size;
2770 RESERVE_SPACE(len + 4);
2771 WRITE32(len);
2772 WRITEMEM(&fhp->fh_handle.fh_base, len);
2773 ADJUST_ARGS();
2774 }
2775 return nfserr;
2776}
2777
2778/*
2779* Including all fields other than the name, a LOCK4denied structure requires
2780* 8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes.
2781*/
2782static void
2783nfsd4_encode_lock_denied(struct nfsd4_compoundres *resp, struct nfsd4_lock_denied *ld)
2784{
2785 struct xdr_netobj *conf = &ld->ld_owner;
2786 __be32 *p;
2787
2788 RESERVE_SPACE(32 + XDR_LEN(conf->len));
2789 WRITE64(ld->ld_start);
2790 WRITE64(ld->ld_length);
2791 WRITE32(ld->ld_type);
2792 if (conf->len) {
2793 WRITEMEM(&ld->ld_clientid, 8);
2794 WRITE32(conf->len);
2795 WRITEMEM(conf->data, conf->len);
2796 kfree(conf->data);
2797 } else { /* non - nfsv4 lock in conflict, no clientid nor owner */
2798 WRITE64((u64)0); /* clientid */
2799 WRITE32(0); /* length of owner name */
2800 }
2801 ADJUST_ARGS();
2802}
2803
2804static __be32
2805nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
2806{
2807 if (!nfserr)
2808 nfsd4_encode_stateid(resp, &lock->lk_resp_stateid);
2809 else if (nfserr == nfserr_denied)
2810 nfsd4_encode_lock_denied(resp, &lock->lk_denied);
2811
2812 return nfserr;
2813}
2814
2815static __be32
2816nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
2817{
2818 if (nfserr == nfserr_denied)
2819 nfsd4_encode_lock_denied(resp, &lockt->lt_denied);
2820 return nfserr;
2821}
2822
2823static __be32
2824nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
2825{
2826 if (!nfserr)
2827 nfsd4_encode_stateid(resp, &locku->lu_stateid);
2828
2829 return nfserr;
2830}
2831
2832
2833static __be32
2834nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
2835{
2836 __be32 *p;
2837
2838 if (!nfserr) {
2839 RESERVE_SPACE(20);
2840 write_cinfo(&p, &link->li_cinfo);
2841 ADJUST_ARGS();
2842 }
2843 return nfserr;
2844}
2845
2846
2847static __be32
2848nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
2849{
2850 __be32 *p;
2851
2852 if (nfserr)
2853 goto out;
2854
2855 nfsd4_encode_stateid(resp, &open->op_stateid);
2856 RESERVE_SPACE(40);
2857 write_cinfo(&p, &open->op_cinfo);
2858 WRITE32(open->op_rflags);
2859 WRITE32(2);
2860 WRITE32(open->op_bmval[0]);
2861 WRITE32(open->op_bmval[1]);
2862 WRITE32(open->op_delegate_type);
2863 ADJUST_ARGS();
2864
2865 switch (open->op_delegate_type) {
2866 case NFS4_OPEN_DELEGATE_NONE:
2867 break;
2868 case NFS4_OPEN_DELEGATE_READ:
2869 nfsd4_encode_stateid(resp, &open->op_delegate_stateid);
2870 RESERVE_SPACE(20);
2871 WRITE32(open->op_recall);
2872
2873 /*
2874 * TODO: ACE's in delegations
2875 */
2876 WRITE32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
2877 WRITE32(0);
2878 WRITE32(0);
2879 WRITE32(0); /* XXX: is NULL principal ok? */
2880 ADJUST_ARGS();
2881 break;
2882 case NFS4_OPEN_DELEGATE_WRITE:
2883 nfsd4_encode_stateid(resp, &open->op_delegate_stateid);
2884 RESERVE_SPACE(32);
2885 WRITE32(0);
2886
2887 /*
2888 * TODO: space_limit's in delegations
2889 */
2890 WRITE32(NFS4_LIMIT_SIZE);
2891 WRITE32(~(u32)0);
2892 WRITE32(~(u32)0);
2893
2894 /*
2895 * TODO: ACE's in delegations
2896 */
2897 WRITE32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
2898 WRITE32(0);
2899 WRITE32(0);
2900 WRITE32(0); /* XXX: is NULL principal ok? */
2901 ADJUST_ARGS();
2902 break;
2903 case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */
2904 switch (open->op_why_no_deleg) {
2905 case WND4_CONTENTION:
2906 case WND4_RESOURCE:
2907 RESERVE_SPACE(8);
2908 WRITE32(open->op_why_no_deleg);
2909 WRITE32(0); /* deleg signaling not supported yet */
2910 break;
2911 default:
2912 RESERVE_SPACE(4);
2913 WRITE32(open->op_why_no_deleg);
2914 }
2915 ADJUST_ARGS();
2916 break;
2917 default:
2918 BUG();
2919 }
2920 /* XXX save filehandle here */
2921out:
2922 return nfserr;
2923}
2924
2925static __be32
2926nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
2927{
2928 if (!nfserr)
2929 nfsd4_encode_stateid(resp, &oc->oc_resp_stateid);
2930
2931 return nfserr;
2932}
2933
2934static __be32
2935nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
2936{
2937 if (!nfserr)
2938 nfsd4_encode_stateid(resp, &od->od_stateid);
2939
2940 return nfserr;
2941}
2942
2943static __be32
2944nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
2945 struct nfsd4_read *read)
2946{
2947 u32 eof;
2948 int v;
2949 struct page *page;
2950 unsigned long maxcount;
2951 long len;
2952 __be32 *p;
2953
2954 if (nfserr)
2955 return nfserr;
2956 if (resp->xbuf->page_len)
2957 return nfserr_resource;
2958
2959 RESERVE_SPACE(8); /* eof flag and byte count */
2960
2961 maxcount = svc_max_payload(resp->rqstp);
2962 if (maxcount > read->rd_length)
2963 maxcount = read->rd_length;
2964
2965 len = maxcount;
2966 v = 0;
2967 while (len > 0) {
2968 page = *(resp->rqstp->rq_next_page);
2969 if (!page) { /* ran out of pages */
2970 maxcount -= len;
2971 break;
2972 }
2973 resp->rqstp->rq_vec[v].iov_base = page_address(page);
2974 resp->rqstp->rq_vec[v].iov_len =
2975 len < PAGE_SIZE ? len : PAGE_SIZE;
2976 resp->rqstp->rq_next_page++;
2977 v++;
2978 len -= PAGE_SIZE;
2979 }
2980 read->rd_vlen = v;
2981
2982 nfserr = nfsd_read_file(read->rd_rqstp, read->rd_fhp, read->rd_filp,
2983 read->rd_offset, resp->rqstp->rq_vec, read->rd_vlen,
2984 &maxcount);
2985
2986 if (nfserr)
2987 return nfserr;
2988 eof = (read->rd_offset + maxcount >=
2989 read->rd_fhp->fh_dentry->d_inode->i_size);
2990
2991 WRITE32(eof);
2992 WRITE32(maxcount);
2993 ADJUST_ARGS();
2994 resp->xbuf->head[0].iov_len = (char*)p
2995 - (char*)resp->xbuf->head[0].iov_base;
2996 resp->xbuf->page_len = maxcount;
2997
2998 /* Use rest of head for padding and remaining ops: */
2999 resp->xbuf->tail[0].iov_base = p;
3000 resp->xbuf->tail[0].iov_len = 0;
3001 if (maxcount&3) {
3002 RESERVE_SPACE(4);
3003 WRITE32(0);
3004 resp->xbuf->tail[0].iov_base += maxcount&3;
3005 resp->xbuf->tail[0].iov_len = 4 - (maxcount&3);
3006 ADJUST_ARGS();
3007 }
3008 return 0;
3009}
3010
3011static __be32
3012nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
3013{
3014 int maxcount;
3015 char *page;
3016 __be32 *p;
3017
3018 if (nfserr)
3019 return nfserr;
3020 if (resp->xbuf->page_len)
3021 return nfserr_resource;
3022 if (!*resp->rqstp->rq_next_page)
3023 return nfserr_resource;
3024
3025 page = page_address(*(resp->rqstp->rq_next_page++));
3026
3027 maxcount = PAGE_SIZE;
3028 RESERVE_SPACE(4);
3029
3030 /*
3031 * XXX: By default, the ->readlink() VFS op will truncate symlinks
3032 * if they would overflow the buffer. Is this kosher in NFSv4? If
3033 * not, one easy fix is: if ->readlink() precisely fills the buffer,
3034 * assume that truncation occurred, and return NFS4ERR_RESOURCE.
3035 */
3036 nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp, page, &maxcount);
3037 if (nfserr == nfserr_isdir)
3038 return nfserr_inval;
3039 if (nfserr)
3040 return nfserr;
3041
3042 WRITE32(maxcount);
3043 ADJUST_ARGS();
3044 resp->xbuf->head[0].iov_len = (char*)p
3045 - (char*)resp->xbuf->head[0].iov_base;
3046 resp->xbuf->page_len = maxcount;
3047
3048 /* Use rest of head for padding and remaining ops: */
3049 resp->xbuf->tail[0].iov_base = p;
3050 resp->xbuf->tail[0].iov_len = 0;
3051 if (maxcount&3) {
3052 RESERVE_SPACE(4);
3053 WRITE32(0);
3054 resp->xbuf->tail[0].iov_base += maxcount&3;
3055 resp->xbuf->tail[0].iov_len = 4 - (maxcount&3);
3056 ADJUST_ARGS();
3057 }
3058 return 0;
3059}
3060
3061static __be32
3062nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
3063{
3064 int maxcount;
3065 loff_t offset;
3066 __be32 *page, *savep, *tailbase;
3067 __be32 *p;
3068
3069 if (nfserr)
3070 return nfserr;
3071 if (resp->xbuf->page_len)
3072 return nfserr_resource;
3073 if (!*resp->rqstp->rq_next_page)
3074 return nfserr_resource;
3075
3076 RESERVE_SPACE(NFS4_VERIFIER_SIZE);
3077 savep = p;
3078
3079 /* XXX: Following NFSv3, we ignore the READDIR verifier for now. */
3080 WRITE32(0);
3081 WRITE32(0);
3082 ADJUST_ARGS();
3083 resp->xbuf->head[0].iov_len = ((char*)resp->p) - (char*)resp->xbuf->head[0].iov_base;
3084 tailbase = p;
3085
3086 maxcount = PAGE_SIZE;
3087 if (maxcount > readdir->rd_maxcount)
3088 maxcount = readdir->rd_maxcount;
3089
3090 /*
3091 * Convert from bytes to words, account for the two words already
3092 * written, make sure to leave two words at the end for the next
3093 * pointer and eof field.
3094 */
3095 maxcount = (maxcount >> 2) - 4;
3096 if (maxcount < 0) {
3097 nfserr = nfserr_toosmall;
3098 goto err_no_verf;
3099 }
3100
3101 page = page_address(*(resp->rqstp->rq_next_page++));
3102 readdir->common.err = 0;
3103 readdir->buflen = maxcount;
3104 readdir->buffer = page;
3105 readdir->offset = NULL;
3106
3107 offset = readdir->rd_cookie;
3108 nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp,
3109 &offset,
3110 &readdir->common, nfsd4_encode_dirent);
3111 if (nfserr == nfs_ok &&
3112 readdir->common.err == nfserr_toosmall &&
3113 readdir->buffer == page)
3114 nfserr = nfserr_toosmall;
3115 if (nfserr)
3116 goto err_no_verf;
3117
3118 if (readdir->offset)
3119 xdr_encode_hyper(readdir->offset, offset);
3120
3121 p = readdir->buffer;
3122 *p++ = 0; /* no more entries */
3123 *p++ = htonl(readdir->common.err == nfserr_eof);
3124 resp->xbuf->page_len = ((char*)p) -
3125 (char*)page_address(*(resp->rqstp->rq_next_page-1));
3126
3127 /* Use rest of head for padding and remaining ops: */
3128 resp->xbuf->tail[0].iov_base = tailbase;
3129 resp->xbuf->tail[0].iov_len = 0;
3130 resp->p = resp->xbuf->tail[0].iov_base;
3131 resp->end = resp->p + (PAGE_SIZE - resp->xbuf->head[0].iov_len)/4;
3132
3133 return 0;
3134err_no_verf:
3135 p = savep;
3136 ADJUST_ARGS();
3137 return nfserr;
3138}
3139
3140static __be32
3141nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
3142{
3143 __be32 *p;
3144
3145 if (!nfserr) {
3146 RESERVE_SPACE(20);
3147 write_cinfo(&p, &remove->rm_cinfo);
3148 ADJUST_ARGS();
3149 }
3150 return nfserr;
3151}
3152
3153static __be32
3154nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
3155{
3156 __be32 *p;
3157
3158 if (!nfserr) {
3159 RESERVE_SPACE(40);
3160 write_cinfo(&p, &rename->rn_sinfo);
3161 write_cinfo(&p, &rename->rn_tinfo);
3162 ADJUST_ARGS();
3163 }
3164 return nfserr;
3165}
3166
3167static __be32
3168nfsd4_do_encode_secinfo(struct nfsd4_compoundres *resp,
3169 __be32 nfserr, struct svc_export *exp)
3170{
3171 u32 i, nflavs, supported;
3172 struct exp_flavor_info *flavs;
3173 struct exp_flavor_info def_flavs[2];
3174 __be32 *p, *flavorsp;
3175 static bool report = true;
3176
3177 if (nfserr)
3178 goto out;
3179 if (exp->ex_nflavors) {
3180 flavs = exp->ex_flavors;
3181 nflavs = exp->ex_nflavors;
3182 } else { /* Handling of some defaults in absence of real secinfo: */
3183 flavs = def_flavs;
3184 if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
3185 nflavs = 2;
3186 flavs[0].pseudoflavor = RPC_AUTH_UNIX;
3187 flavs[1].pseudoflavor = RPC_AUTH_NULL;
3188 } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
3189 nflavs = 1;
3190 flavs[0].pseudoflavor
3191 = svcauth_gss_flavor(exp->ex_client);
3192 } else {
3193 nflavs = 1;
3194 flavs[0].pseudoflavor
3195 = exp->ex_client->flavour->flavour;
3196 }
3197 }
3198
3199 supported = 0;
3200 RESERVE_SPACE(4);
3201 flavorsp = p++; /* to be backfilled later */
3202 ADJUST_ARGS();
3203
3204 for (i = 0; i < nflavs; i++) {
3205 rpc_authflavor_t pf = flavs[i].pseudoflavor;
3206 struct rpcsec_gss_info info;
3207
3208 if (rpcauth_get_gssinfo(pf, &info) == 0) {
3209 supported++;
3210 RESERVE_SPACE(4 + 4 + XDR_LEN(info.oid.len) + 4 + 4);
3211 WRITE32(RPC_AUTH_GSS);
3212 WRITE32(info.oid.len);
3213 WRITEMEM(info.oid.data, info.oid.len);
3214 WRITE32(info.qop);
3215 WRITE32(info.service);
3216 ADJUST_ARGS();
3217 } else if (pf < RPC_AUTH_MAXFLAVOR) {
3218 supported++;
3219 RESERVE_SPACE(4);
3220 WRITE32(pf);
3221 ADJUST_ARGS();
3222 } else {
3223 if (report)
3224 pr_warn("NFS: SECINFO: security flavor %u "
3225 "is not supported\n", pf);
3226 }
3227 }
3228
3229 if (nflavs != supported)
3230 report = false;
3231 *flavorsp = htonl(supported);
3232
3233out:
3234 if (exp)
3235 exp_put(exp);
3236 return nfserr;
3237}
3238
3239static __be32
3240nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
3241 struct nfsd4_secinfo *secinfo)
3242{
3243 return nfsd4_do_encode_secinfo(resp, nfserr, secinfo->si_exp);
3244}
3245
3246static __be32
3247nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
3248 struct nfsd4_secinfo_no_name *secinfo)
3249{
3250 return nfsd4_do_encode_secinfo(resp, nfserr, secinfo->sin_exp);
3251}
3252
3253/*
3254 * The SETATTR encode routine is special -- it always encodes a bitmap,
3255 * regardless of the error status.
3256 */
3257static __be32
3258nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
3259{
3260 __be32 *p;
3261
3262 RESERVE_SPACE(16);
3263 if (nfserr) {
3264 WRITE32(3);
3265 WRITE32(0);
3266 WRITE32(0);
3267 WRITE32(0);
3268 }
3269 else {
3270 WRITE32(3);
3271 WRITE32(setattr->sa_bmval[0]);
3272 WRITE32(setattr->sa_bmval[1]);
3273 WRITE32(setattr->sa_bmval[2]);
3274 }
3275 ADJUST_ARGS();
3276 return nfserr;
3277}
3278
3279static __be32
3280nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
3281{
3282 __be32 *p;
3283
3284 if (!nfserr) {
3285 RESERVE_SPACE(8 + NFS4_VERIFIER_SIZE);
3286 WRITEMEM(&scd->se_clientid, 8);
3287 WRITEMEM(&scd->se_confirm, NFS4_VERIFIER_SIZE);
3288 ADJUST_ARGS();
3289 }
3290 else if (nfserr == nfserr_clid_inuse) {
3291 RESERVE_SPACE(8);
3292 WRITE32(0);
3293 WRITE32(0);
3294 ADJUST_ARGS();
3295 }
3296 return nfserr;
3297}
3298
3299static __be32
3300nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
3301{
3302 __be32 *p;
3303
3304 if (!nfserr) {
3305 RESERVE_SPACE(16);
3306 WRITE32(write->wr_bytes_written);
3307 WRITE32(write->wr_how_written);
3308 WRITEMEM(write->wr_verifier.data, NFS4_VERIFIER_SIZE);
3309 ADJUST_ARGS();
3310 }
3311 return nfserr;
3312}
3313
3314static const u32 nfs4_minimal_spo_must_enforce[2] = {
3315 [1] = 1 << (OP_BIND_CONN_TO_SESSION - 32) |
3316 1 << (OP_EXCHANGE_ID - 32) |
3317 1 << (OP_CREATE_SESSION - 32) |
3318 1 << (OP_DESTROY_SESSION - 32) |
3319 1 << (OP_DESTROY_CLIENTID - 32)
3320};
3321
3322static __be32
3323nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
3324 struct nfsd4_exchange_id *exid)
3325{
3326 __be32 *p;
3327 char *major_id;
3328 char *server_scope;
3329 int major_id_sz;
3330 int server_scope_sz;
3331 uint64_t minor_id = 0;
3332
3333 if (nfserr)
3334 return nfserr;
3335
3336 major_id = utsname()->nodename;
3337 major_id_sz = strlen(major_id);
3338 server_scope = utsname()->nodename;
3339 server_scope_sz = strlen(server_scope);
3340
3341 RESERVE_SPACE(
3342 8 /* eir_clientid */ +
3343 4 /* eir_sequenceid */ +
3344 4 /* eir_flags */ +
3345 4 /* spr_how */);
3346
3347 WRITEMEM(&exid->clientid, 8);
3348 WRITE32(exid->seqid);
3349 WRITE32(exid->flags);
3350
3351 WRITE32(exid->spa_how);
3352 ADJUST_ARGS();
3353
3354 switch (exid->spa_how) {
3355 case SP4_NONE:
3356 break;
3357 case SP4_MACH_CRED:
3358 /* spo_must_enforce, spo_must_allow */
3359 RESERVE_SPACE(16);
3360
3361 /* spo_must_enforce bitmap: */
3362 WRITE32(2);
3363 WRITE32(nfs4_minimal_spo_must_enforce[0]);
3364 WRITE32(nfs4_minimal_spo_must_enforce[1]);
3365 /* empty spo_must_allow bitmap: */
3366 WRITE32(0);
3367
3368 ADJUST_ARGS();
3369 break;
3370 default:
3371 WARN_ON_ONCE(1);
3372 }
3373
3374 RESERVE_SPACE(
3375 8 /* so_minor_id */ +
3376 4 /* so_major_id.len */ +
3377 (XDR_QUADLEN(major_id_sz) * 4) +
3378 4 /* eir_server_scope.len */ +
3379 (XDR_QUADLEN(server_scope_sz) * 4) +
3380 4 /* eir_server_impl_id.count (0) */);
3381
3382 /* The server_owner struct */
3383 WRITE64(minor_id); /* Minor id */
3384 /* major id */
3385 WRITE32(major_id_sz);
3386 WRITEMEM(major_id, major_id_sz);
3387
3388 /* Server scope */
3389 WRITE32(server_scope_sz);
3390 WRITEMEM(server_scope, server_scope_sz);
3391
3392 /* Implementation id */
3393 WRITE32(0); /* zero length nfs_impl_id4 array */
3394 ADJUST_ARGS();
3395 return 0;
3396}
3397
3398static __be32
3399nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
3400 struct nfsd4_create_session *sess)
3401{
3402 __be32 *p;
3403
3404 if (nfserr)
3405 return nfserr;
3406
3407 RESERVE_SPACE(24);
3408 WRITEMEM(sess->sessionid.data, NFS4_MAX_SESSIONID_LEN);
3409 WRITE32(sess->seqid);
3410 WRITE32(sess->flags);
3411 ADJUST_ARGS();
3412
3413 RESERVE_SPACE(28);
3414 WRITE32(0); /* headerpadsz */
3415 WRITE32(sess->fore_channel.maxreq_sz);
3416 WRITE32(sess->fore_channel.maxresp_sz);
3417 WRITE32(sess->fore_channel.maxresp_cached);
3418 WRITE32(sess->fore_channel.maxops);
3419 WRITE32(sess->fore_channel.maxreqs);
3420 WRITE32(sess->fore_channel.nr_rdma_attrs);
3421 ADJUST_ARGS();
3422
3423 if (sess->fore_channel.nr_rdma_attrs) {
3424 RESERVE_SPACE(4);
3425 WRITE32(sess->fore_channel.rdma_attrs);
3426 ADJUST_ARGS();
3427 }
3428
3429 RESERVE_SPACE(28);
3430 WRITE32(0); /* headerpadsz */
3431 WRITE32(sess->back_channel.maxreq_sz);
3432 WRITE32(sess->back_channel.maxresp_sz);
3433 WRITE32(sess->back_channel.maxresp_cached);
3434 WRITE32(sess->back_channel.maxops);
3435 WRITE32(sess->back_channel.maxreqs);
3436 WRITE32(sess->back_channel.nr_rdma_attrs);
3437 ADJUST_ARGS();
3438
3439 if (sess->back_channel.nr_rdma_attrs) {
3440 RESERVE_SPACE(4);
3441 WRITE32(sess->back_channel.rdma_attrs);
3442 ADJUST_ARGS();
3443 }
3444 return 0;
3445}
3446
3447static __be32
3448nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
3449 struct nfsd4_sequence *seq)
3450{
3451 __be32 *p;
3452
3453 if (nfserr)
3454 return nfserr;
3455
3456 RESERVE_SPACE(NFS4_MAX_SESSIONID_LEN + 20);
3457 WRITEMEM(seq->sessionid.data, NFS4_MAX_SESSIONID_LEN);
3458 WRITE32(seq->seqid);
3459 WRITE32(seq->slotid);
3460 /* Note slotid's are numbered from zero: */
3461 WRITE32(seq->maxslots - 1); /* sr_highest_slotid */
3462 WRITE32(seq->maxslots - 1); /* sr_target_highest_slotid */
3463 WRITE32(seq->status_flags);
3464
3465 ADJUST_ARGS();
3466 resp->cstate.datap = p; /* DRC cache data pointer */
3467 return 0;
3468}
3469
3470static __be32
3471nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
3472 struct nfsd4_test_stateid *test_stateid)
3473{
3474 struct nfsd4_test_stateid_id *stateid, *next;
3475 __be32 *p;
3476
3477 if (nfserr)
3478 return nfserr;
3479
3480 RESERVE_SPACE(4 + (4 * test_stateid->ts_num_ids));
3481 *p++ = htonl(test_stateid->ts_num_ids);
3482
3483 list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) {
3484 *p++ = stateid->ts_id_status;
3485 }
3486
3487 ADJUST_ARGS();
3488 return nfserr;
3489}
3490
3491static __be32
3492nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
3493{
3494 return nfserr;
3495}
3496
3497typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
3498
3499/*
3500 * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1
3501 * since we don't need to filter out obsolete ops as this is
3502 * done in the decoding phase.
3503 */
3504static nfsd4_enc nfsd4_enc_ops[] = {
3505 [OP_ACCESS] = (nfsd4_enc)nfsd4_encode_access,
3506 [OP_CLOSE] = (nfsd4_enc)nfsd4_encode_close,
3507 [OP_COMMIT] = (nfsd4_enc)nfsd4_encode_commit,
3508 [OP_CREATE] = (nfsd4_enc)nfsd4_encode_create,
3509 [OP_DELEGPURGE] = (nfsd4_enc)nfsd4_encode_noop,
3510 [OP_DELEGRETURN] = (nfsd4_enc)nfsd4_encode_noop,
3511 [OP_GETATTR] = (nfsd4_enc)nfsd4_encode_getattr,
3512 [OP_GETFH] = (nfsd4_enc)nfsd4_encode_getfh,
3513 [OP_LINK] = (nfsd4_enc)nfsd4_encode_link,
3514 [OP_LOCK] = (nfsd4_enc)nfsd4_encode_lock,
3515 [OP_LOCKT] = (nfsd4_enc)nfsd4_encode_lockt,
3516 [OP_LOCKU] = (nfsd4_enc)nfsd4_encode_locku,
3517 [OP_LOOKUP] = (nfsd4_enc)nfsd4_encode_noop,
3518 [OP_LOOKUPP] = (nfsd4_enc)nfsd4_encode_noop,
3519 [OP_NVERIFY] = (nfsd4_enc)nfsd4_encode_noop,
3520 [OP_OPEN] = (nfsd4_enc)nfsd4_encode_open,
3521 [OP_OPENATTR] = (nfsd4_enc)nfsd4_encode_noop,
3522 [OP_OPEN_CONFIRM] = (nfsd4_enc)nfsd4_encode_open_confirm,
3523 [OP_OPEN_DOWNGRADE] = (nfsd4_enc)nfsd4_encode_open_downgrade,
3524 [OP_PUTFH] = (nfsd4_enc)nfsd4_encode_noop,
3525 [OP_PUTPUBFH] = (nfsd4_enc)nfsd4_encode_noop,
3526 [OP_PUTROOTFH] = (nfsd4_enc)nfsd4_encode_noop,
3527 [OP_READ] = (nfsd4_enc)nfsd4_encode_read,
3528 [OP_READDIR] = (nfsd4_enc)nfsd4_encode_readdir,
3529 [OP_READLINK] = (nfsd4_enc)nfsd4_encode_readlink,
3530 [OP_REMOVE] = (nfsd4_enc)nfsd4_encode_remove,
3531 [OP_RENAME] = (nfsd4_enc)nfsd4_encode_rename,
3532 [OP_RENEW] = (nfsd4_enc)nfsd4_encode_noop,
3533 [OP_RESTOREFH] = (nfsd4_enc)nfsd4_encode_noop,
3534 [OP_SAVEFH] = (nfsd4_enc)nfsd4_encode_noop,
3535 [OP_SECINFO] = (nfsd4_enc)nfsd4_encode_secinfo,
3536 [OP_SETATTR] = (nfsd4_enc)nfsd4_encode_setattr,
3537 [OP_SETCLIENTID] = (nfsd4_enc)nfsd4_encode_setclientid,
3538 [OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
3539 [OP_VERIFY] = (nfsd4_enc)nfsd4_encode_noop,
3540 [OP_WRITE] = (nfsd4_enc)nfsd4_encode_write,
3541 [OP_RELEASE_LOCKOWNER] = (nfsd4_enc)nfsd4_encode_noop,
3542
3543 /* NFSv4.1 operations */
3544 [OP_BACKCHANNEL_CTL] = (nfsd4_enc)nfsd4_encode_noop,
3545 [OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
3546 [OP_EXCHANGE_ID] = (nfsd4_enc)nfsd4_encode_exchange_id,
3547 [OP_CREATE_SESSION] = (nfsd4_enc)nfsd4_encode_create_session,
3548 [OP_DESTROY_SESSION] = (nfsd4_enc)nfsd4_encode_noop,
3549 [OP_FREE_STATEID] = (nfsd4_enc)nfsd4_encode_noop,
3550 [OP_GET_DIR_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
3551 [OP_GETDEVICEINFO] = (nfsd4_enc)nfsd4_encode_noop,
3552 [OP_GETDEVICELIST] = (nfsd4_enc)nfsd4_encode_noop,
3553 [OP_LAYOUTCOMMIT] = (nfsd4_enc)nfsd4_encode_noop,
3554 [OP_LAYOUTGET] = (nfsd4_enc)nfsd4_encode_noop,
3555 [OP_LAYOUTRETURN] = (nfsd4_enc)nfsd4_encode_noop,
3556 [OP_SECINFO_NO_NAME] = (nfsd4_enc)nfsd4_encode_secinfo_no_name,
3557 [OP_SEQUENCE] = (nfsd4_enc)nfsd4_encode_sequence,
3558 [OP_SET_SSV] = (nfsd4_enc)nfsd4_encode_noop,
3559 [OP_TEST_STATEID] = (nfsd4_enc)nfsd4_encode_test_stateid,
3560 [OP_WANT_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
3561 [OP_DESTROY_CLIENTID] = (nfsd4_enc)nfsd4_encode_noop,
3562 [OP_RECLAIM_COMPLETE] = (nfsd4_enc)nfsd4_encode_noop,
3563};
3564
3565/*
3566 * Calculate the total amount of memory that the compound response has taken
3567 * after encoding the current operation with pad.
3568 *
3569 * pad: if operation is non-idempotent, pad was calculate by op_rsize_bop()
3570 * which was specified at nfsd4_operation, else pad is zero.
3571 *
3572 * Compare this length to the session se_fmaxresp_sz and se_fmaxresp_cached.
3573 *
3574 * Our se_fmaxresp_cached will always be a multiple of PAGE_SIZE, and so
3575 * will be at least a page and will therefore hold the xdr_buf head.
3576 */
3577__be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 pad)
3578{
3579 struct xdr_buf *xb = &resp->rqstp->rq_res;
3580 struct nfsd4_session *session = NULL;
3581 struct nfsd4_slot *slot = resp->cstate.slot;
3582 u32 length, tlen = 0;
3583
3584 if (!nfsd4_has_session(&resp->cstate))
3585 return 0;
3586
3587 session = resp->cstate.session;
3588
3589 if (xb->page_len == 0) {
3590 length = (char *)resp->p - (char *)xb->head[0].iov_base + pad;
3591 } else {
3592 if (xb->tail[0].iov_base && xb->tail[0].iov_len > 0)
3593 tlen = (char *)resp->p - (char *)xb->tail[0].iov_base;
3594
3595 length = xb->head[0].iov_len + xb->page_len + tlen + pad;
3596 }
3597 dprintk("%s length %u, xb->page_len %u tlen %u pad %u\n", __func__,
3598 length, xb->page_len, tlen, pad);
3599
3600 if (length > session->se_fchannel.maxresp_sz)
3601 return nfserr_rep_too_big;
3602
3603 if ((slot->sl_flags & NFSD4_SLOT_CACHETHIS) &&
3604 length > session->se_fchannel.maxresp_cached)
3605 return nfserr_rep_too_big_to_cache;
3606
3607 return 0;
3608}
3609
3610void
3611nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
3612{
3613 struct nfs4_stateowner *so = resp->cstate.replay_owner;
3614 __be32 *statp;
3615 __be32 *p;
3616
3617 RESERVE_SPACE(8);
3618 WRITE32(op->opnum);
3619 statp = p++; /* to be backfilled at the end */
3620 ADJUST_ARGS();
3621
3622 if (op->opnum == OP_ILLEGAL)
3623 goto status;
3624 BUG_ON(op->opnum < 0 || op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) ||
3625 !nfsd4_enc_ops[op->opnum]);
3626 op->status = nfsd4_enc_ops[op->opnum](resp, op->status, &op->u);
3627 /* nfsd4_check_resp_size guarantees enough room for error status */
3628 if (!op->status)
3629 op->status = nfsd4_check_resp_size(resp, 0);
3630 if (so) {
3631 so->so_replay.rp_status = op->status;
3632 so->so_replay.rp_buflen = (char *)resp->p - (char *)(statp+1);
3633 memcpy(so->so_replay.rp_buf, statp+1, so->so_replay.rp_buflen);
3634 }
3635status:
3636 /*
3637 * Note: We write the status directly, instead of using WRITE32(),
3638 * since it is already in network byte order.
3639 */
3640 *statp = op->status;
3641}
3642
3643/*
3644 * Encode the reply stored in the stateowner reply cache
3645 *
3646 * XDR note: do not encode rp->rp_buflen: the buffer contains the
3647 * previously sent already encoded operation.
3648 *
3649 * called with nfs4_lock_state() held
3650 */
3651void
3652nfsd4_encode_replay(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
3653{
3654 __be32 *p;
3655 struct nfs4_replay *rp = op->replay;
3656
3657 BUG_ON(!rp);
3658
3659 RESERVE_SPACE(8);
3660 WRITE32(op->opnum);
3661 *p++ = rp->rp_status; /* already xdr'ed */
3662 ADJUST_ARGS();
3663
3664 RESERVE_SPACE(rp->rp_buflen);
3665 WRITEMEM(rp->rp_buf, rp->rp_buflen);
3666 ADJUST_ARGS();
3667}
3668
3669int
3670nfs4svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p, void *dummy)
3671{
3672 return xdr_ressize_check(rqstp, p);
3673}
3674
3675int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp)
3676{
3677 struct svc_rqst *rqstp = rq;
3678 struct nfsd4_compoundargs *args = rqstp->rq_argp;
3679
3680 if (args->ops != args->iops) {
3681 kfree(args->ops);
3682 args->ops = args->iops;
3683 }
3684 kfree(args->tmpp);
3685 args->tmpp = NULL;
3686 while (args->to_free) {
3687 struct tmpbuf *tb = args->to_free;
3688 args->to_free = tb->next;
3689 tb->release(tb->buf);
3690 kfree(tb);
3691 }
3692 return 1;
3693}
3694
3695int
3696nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundargs *args)
3697{
3698 if (rqstp->rq_arg.head[0].iov_len % 4) {
3699 /* client is nuts */
3700 dprintk("%s: compound not properly padded! (peeraddr=%pISc xid=0x%x)",
3701 __func__, svc_addr(rqstp), be32_to_cpu(rqstp->rq_xid));
3702 return 0;
3703 }
3704 args->p = p;
3705 args->end = rqstp->rq_arg.head[0].iov_base + rqstp->rq_arg.head[0].iov_len;
3706 args->pagelist = rqstp->rq_arg.pages;
3707 args->pagelen = rqstp->rq_arg.page_len;
3708 args->tmpp = NULL;
3709 args->to_free = NULL;
3710 args->ops = args->iops;
3711 args->rqstp = rqstp;
3712
3713 return !nfsd4_decode_compound(args);
3714}
3715
3716int
3717nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundres *resp)
3718{
3719 /*
3720 * All that remains is to write the tag and operation count...
3721 */
3722 struct nfsd4_compound_state *cs = &resp->cstate;
3723 struct kvec *iov;
3724 p = resp->tagp;
3725 *p++ = htonl(resp->taglen);
3726 memcpy(p, resp->tag, resp->taglen);
3727 p += XDR_QUADLEN(resp->taglen);
3728 *p++ = htonl(resp->opcnt);
3729
3730 if (rqstp->rq_res.page_len)
3731 iov = &rqstp->rq_res.tail[0];
3732 else
3733 iov = &rqstp->rq_res.head[0];
3734 iov->iov_len = ((char*)resp->p) - (char*)iov->iov_base;
3735 BUG_ON(iov->iov_len > PAGE_SIZE);
3736 if (nfsd4_has_session(cs)) {
3737 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3738 struct nfs4_client *clp = cs->session->se_client;
3739 if (cs->status != nfserr_replay_cache) {
3740 nfsd4_store_cache_entry(resp);
3741 cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE;
3742 }
3743 /* Renew the clientid on success and on replay */
3744 spin_lock(&nn->client_lock);
3745 nfsd4_put_session(cs->session);
3746 spin_unlock(&nn->client_lock);
3747 put_client_renew(clp);
3748 }
3749 return 1;
3750}
3751
3752/*
3753 * Local variables:
3754 * c-basic-offset: 8
3755 * End:
3756 */
1/*
2 * Server-side XDR for NFSv4
3 *
4 * Copyright (c) 2002 The Regents of the University of Michigan.
5 * All rights reserved.
6 *
7 * Kendrick Smith <kmsmith@umich.edu>
8 * Andy Adamson <andros@umich.edu>
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its
20 * contributors may be used to endorse or promote products derived
21 * from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36#include <linux/file.h>
37#include <linux/slab.h>
38#include <linux/namei.h>
39#include <linux/statfs.h>
40#include <linux/utsname.h>
41#include <linux/pagemap.h>
42#include <linux/sunrpc/svcauth_gss.h>
43#include <linux/sunrpc/addr.h>
44#include <linux/xattr.h>
45#include <uapi/linux/xattr.h>
46
47#include "idmap.h"
48#include "acl.h"
49#include "xdr4.h"
50#include "vfs.h"
51#include "state.h"
52#include "cache.h"
53#include "netns.h"
54#include "pnfs.h"
55#include "filecache.h"
56
57#include "trace.h"
58
59#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
60#include <linux/security.h>
61#endif
62
63
64#define NFSDDBG_FACILITY NFSDDBG_XDR
65
66const u32 nfsd_suppattrs[3][3] = {
67 {NFSD4_SUPPORTED_ATTRS_WORD0,
68 NFSD4_SUPPORTED_ATTRS_WORD1,
69 NFSD4_SUPPORTED_ATTRS_WORD2},
70
71 {NFSD4_1_SUPPORTED_ATTRS_WORD0,
72 NFSD4_1_SUPPORTED_ATTRS_WORD1,
73 NFSD4_1_SUPPORTED_ATTRS_WORD2},
74
75 {NFSD4_1_SUPPORTED_ATTRS_WORD0,
76 NFSD4_1_SUPPORTED_ATTRS_WORD1,
77 NFSD4_2_SUPPORTED_ATTRS_WORD2},
78};
79
80/*
81 * As per referral draft, the fsid for a referral MUST be different from the fsid of the containing
82 * directory in order to indicate to the client that a filesystem boundary is present
83 * We use a fixed fsid for a referral
84 */
85#define NFS4_REFERRAL_FSID_MAJOR 0x8000000ULL
86#define NFS4_REFERRAL_FSID_MINOR 0x8000000ULL
87
88static __be32
89check_filename(char *str, int len)
90{
91 int i;
92
93 if (len == 0)
94 return nfserr_inval;
95 if (len > NFS4_MAXNAMLEN)
96 return nfserr_nametoolong;
97 if (isdotent(str, len))
98 return nfserr_badname;
99 for (i = 0; i < len; i++)
100 if (str[i] == '/')
101 return nfserr_badname;
102 return 0;
103}
104
105static int zero_clientid(clientid_t *clid)
106{
107 return (clid->cl_boot == 0) && (clid->cl_id == 0);
108}
109
110/**
111 * svcxdr_tmpalloc - allocate memory to be freed after compound processing
112 * @argp: NFSv4 compound argument structure
113 * @len: length of buffer to allocate
114 *
115 * Allocates a buffer of size @len to be freed when processing the compound
116 * operation described in @argp finishes.
117 */
118static void *
119svcxdr_tmpalloc(struct nfsd4_compoundargs *argp, u32 len)
120{
121 struct svcxdr_tmpbuf *tb;
122
123 tb = kmalloc(sizeof(*tb) + len, GFP_KERNEL);
124 if (!tb)
125 return NULL;
126 tb->next = argp->to_free;
127 argp->to_free = tb;
128 return tb->buf;
129}
130
131/*
132 * For xdr strings that need to be passed to other kernel api's
133 * as null-terminated strings.
134 *
135 * Note null-terminating in place usually isn't safe since the
136 * buffer might end on a page boundary.
137 */
138static char *
139svcxdr_dupstr(struct nfsd4_compoundargs *argp, void *buf, u32 len)
140{
141 char *p = svcxdr_tmpalloc(argp, len + 1);
142
143 if (!p)
144 return NULL;
145 memcpy(p, buf, len);
146 p[len] = '\0';
147 return p;
148}
149
150static void *
151svcxdr_savemem(struct nfsd4_compoundargs *argp, __be32 *p, u32 len)
152{
153 __be32 *tmp;
154
155 /*
156 * The location of the decoded data item is stable,
157 * so @p is OK to use. This is the common case.
158 */
159 if (p != argp->xdr->scratch.iov_base)
160 return p;
161
162 tmp = svcxdr_tmpalloc(argp, len);
163 if (!tmp)
164 return NULL;
165 memcpy(tmp, p, len);
166 return tmp;
167}
168
169/*
170 * NFSv4 basic data type decoders
171 */
172
173/*
174 * This helper handles variable-length opaques which belong to protocol
175 * elements that this implementation does not support.
176 */
177static __be32
178nfsd4_decode_ignored_string(struct nfsd4_compoundargs *argp, u32 maxlen)
179{
180 u32 len;
181
182 if (xdr_stream_decode_u32(argp->xdr, &len) < 0)
183 return nfserr_bad_xdr;
184 if (maxlen && len > maxlen)
185 return nfserr_bad_xdr;
186 if (!xdr_inline_decode(argp->xdr, len))
187 return nfserr_bad_xdr;
188
189 return nfs_ok;
190}
191
192static __be32
193nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_netobj *o)
194{
195 __be32 *p;
196 u32 len;
197
198 if (xdr_stream_decode_u32(argp->xdr, &len) < 0)
199 return nfserr_bad_xdr;
200 if (len == 0 || len > NFS4_OPAQUE_LIMIT)
201 return nfserr_bad_xdr;
202 p = xdr_inline_decode(argp->xdr, len);
203 if (!p)
204 return nfserr_bad_xdr;
205 o->data = svcxdr_savemem(argp, p, len);
206 if (!o->data)
207 return nfserr_jukebox;
208 o->len = len;
209
210 return nfs_ok;
211}
212
213static __be32
214nfsd4_decode_component4(struct nfsd4_compoundargs *argp, char **namp, u32 *lenp)
215{
216 __be32 *p, status;
217
218 if (xdr_stream_decode_u32(argp->xdr, lenp) < 0)
219 return nfserr_bad_xdr;
220 p = xdr_inline_decode(argp->xdr, *lenp);
221 if (!p)
222 return nfserr_bad_xdr;
223 status = check_filename((char *)p, *lenp);
224 if (status)
225 return status;
226 *namp = svcxdr_savemem(argp, p, *lenp);
227 if (!*namp)
228 return nfserr_jukebox;
229
230 return nfs_ok;
231}
232
233static __be32
234nfsd4_decode_nfstime4(struct nfsd4_compoundargs *argp, struct timespec64 *tv)
235{
236 __be32 *p;
237
238 p = xdr_inline_decode(argp->xdr, XDR_UNIT * 3);
239 if (!p)
240 return nfserr_bad_xdr;
241 p = xdr_decode_hyper(p, &tv->tv_sec);
242 tv->tv_nsec = be32_to_cpup(p++);
243 if (tv->tv_nsec >= (u32)1000000000)
244 return nfserr_inval;
245 return nfs_ok;
246}
247
248static __be32
249nfsd4_decode_verifier4(struct nfsd4_compoundargs *argp, nfs4_verifier *verf)
250{
251 __be32 *p;
252
253 p = xdr_inline_decode(argp->xdr, NFS4_VERIFIER_SIZE);
254 if (!p)
255 return nfserr_bad_xdr;
256 memcpy(verf->data, p, sizeof(verf->data));
257 return nfs_ok;
258}
259
260/**
261 * nfsd4_decode_bitmap4 - Decode an NFSv4 bitmap4
262 * @argp: NFSv4 compound argument structure
263 * @bmval: pointer to an array of u32's to decode into
264 * @bmlen: size of the @bmval array
265 *
266 * The server needs to return nfs_ok rather than nfserr_bad_xdr when
267 * encountering bitmaps containing bits it does not recognize. This
268 * includes bits in bitmap words past WORDn, where WORDn is the last
269 * bitmap WORD the implementation currently supports. Thus we are
270 * careful here to simply ignore bits in bitmap words that this
271 * implementation has yet to support explicitly.
272 *
273 * Return values:
274 * %nfs_ok: @bmval populated successfully
275 * %nfserr_bad_xdr: the encoded bitmap was invalid
276 */
277static __be32
278nfsd4_decode_bitmap4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen)
279{
280 u32 i, count;
281 __be32 *p;
282
283 if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
284 return nfserr_bad_xdr;
285 /* request sanity */
286 if (count > 1000)
287 return nfserr_bad_xdr;
288 p = xdr_inline_decode(argp->xdr, count << 2);
289 if (!p)
290 return nfserr_bad_xdr;
291 i = 0;
292 while (i < count)
293 bmval[i++] = be32_to_cpup(p++);
294 while (i < bmlen)
295 bmval[i++] = 0;
296
297 return nfs_ok;
298}
299
300static __be32
301nfsd4_decode_nfsace4(struct nfsd4_compoundargs *argp, struct nfs4_ace *ace)
302{
303 __be32 *p, status;
304 u32 length;
305
306 if (xdr_stream_decode_u32(argp->xdr, &ace->type) < 0)
307 return nfserr_bad_xdr;
308 if (xdr_stream_decode_u32(argp->xdr, &ace->flag) < 0)
309 return nfserr_bad_xdr;
310 if (xdr_stream_decode_u32(argp->xdr, &ace->access_mask) < 0)
311 return nfserr_bad_xdr;
312
313 if (xdr_stream_decode_u32(argp->xdr, &length) < 0)
314 return nfserr_bad_xdr;
315 p = xdr_inline_decode(argp->xdr, length);
316 if (!p)
317 return nfserr_bad_xdr;
318 ace->whotype = nfs4_acl_get_whotype((char *)p, length);
319 if (ace->whotype != NFS4_ACL_WHO_NAMED)
320 status = nfs_ok;
321 else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
322 status = nfsd_map_name_to_gid(argp->rqstp,
323 (char *)p, length, &ace->who_gid);
324 else
325 status = nfsd_map_name_to_uid(argp->rqstp,
326 (char *)p, length, &ace->who_uid);
327
328 return status;
329}
330
331/* A counted array of nfsace4's */
332static noinline __be32
333nfsd4_decode_acl(struct nfsd4_compoundargs *argp, struct nfs4_acl **acl)
334{
335 struct nfs4_ace *ace;
336 __be32 status;
337 u32 count;
338
339 if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
340 return nfserr_bad_xdr;
341
342 if (count > xdr_stream_remaining(argp->xdr) / 20)
343 /*
344 * Even with 4-byte names there wouldn't be
345 * space for that many aces; something fishy is
346 * going on:
347 */
348 return nfserr_fbig;
349
350 *acl = svcxdr_tmpalloc(argp, nfs4_acl_bytes(count));
351 if (*acl == NULL)
352 return nfserr_jukebox;
353
354 (*acl)->naces = count;
355 for (ace = (*acl)->aces; ace < (*acl)->aces + count; ace++) {
356 status = nfsd4_decode_nfsace4(argp, ace);
357 if (status)
358 return status;
359 }
360
361 return nfs_ok;
362}
363
364static noinline __be32
365nfsd4_decode_security_label(struct nfsd4_compoundargs *argp,
366 struct xdr_netobj *label)
367{
368 u32 lfs, pi, length;
369 __be32 *p;
370
371 if (xdr_stream_decode_u32(argp->xdr, &lfs) < 0)
372 return nfserr_bad_xdr;
373 if (xdr_stream_decode_u32(argp->xdr, &pi) < 0)
374 return nfserr_bad_xdr;
375
376 if (xdr_stream_decode_u32(argp->xdr, &length) < 0)
377 return nfserr_bad_xdr;
378 if (length > NFS4_MAXLABELLEN)
379 return nfserr_badlabel;
380 p = xdr_inline_decode(argp->xdr, length);
381 if (!p)
382 return nfserr_bad_xdr;
383 label->len = length;
384 label->data = svcxdr_dupstr(argp, p, length);
385 if (!label->data)
386 return nfserr_jukebox;
387
388 return nfs_ok;
389}
390
391static __be32
392nfsd4_decode_fattr4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen,
393 struct iattr *iattr, struct nfs4_acl **acl,
394 struct xdr_netobj *label, int *umask)
395{
396 unsigned int starting_pos;
397 u32 attrlist4_count;
398 __be32 *p, status;
399
400 iattr->ia_valid = 0;
401 status = nfsd4_decode_bitmap4(argp, bmval, bmlen);
402 if (status)
403 return nfserr_bad_xdr;
404
405 if (bmval[0] & ~NFSD_WRITEABLE_ATTRS_WORD0
406 || bmval[1] & ~NFSD_WRITEABLE_ATTRS_WORD1
407 || bmval[2] & ~NFSD_WRITEABLE_ATTRS_WORD2) {
408 if (nfsd_attrs_supported(argp->minorversion, bmval))
409 return nfserr_inval;
410 return nfserr_attrnotsupp;
411 }
412
413 if (xdr_stream_decode_u32(argp->xdr, &attrlist4_count) < 0)
414 return nfserr_bad_xdr;
415 starting_pos = xdr_stream_pos(argp->xdr);
416
417 if (bmval[0] & FATTR4_WORD0_SIZE) {
418 u64 size;
419
420 if (xdr_stream_decode_u64(argp->xdr, &size) < 0)
421 return nfserr_bad_xdr;
422 iattr->ia_size = size;
423 iattr->ia_valid |= ATTR_SIZE;
424 }
425 if (bmval[0] & FATTR4_WORD0_ACL) {
426 status = nfsd4_decode_acl(argp, acl);
427 if (status)
428 return status;
429 } else
430 *acl = NULL;
431 if (bmval[1] & FATTR4_WORD1_MODE) {
432 u32 mode;
433
434 if (xdr_stream_decode_u32(argp->xdr, &mode) < 0)
435 return nfserr_bad_xdr;
436 iattr->ia_mode = mode;
437 iattr->ia_mode &= (S_IFMT | S_IALLUGO);
438 iattr->ia_valid |= ATTR_MODE;
439 }
440 if (bmval[1] & FATTR4_WORD1_OWNER) {
441 u32 length;
442
443 if (xdr_stream_decode_u32(argp->xdr, &length) < 0)
444 return nfserr_bad_xdr;
445 p = xdr_inline_decode(argp->xdr, length);
446 if (!p)
447 return nfserr_bad_xdr;
448 status = nfsd_map_name_to_uid(argp->rqstp, (char *)p, length,
449 &iattr->ia_uid);
450 if (status)
451 return status;
452 iattr->ia_valid |= ATTR_UID;
453 }
454 if (bmval[1] & FATTR4_WORD1_OWNER_GROUP) {
455 u32 length;
456
457 if (xdr_stream_decode_u32(argp->xdr, &length) < 0)
458 return nfserr_bad_xdr;
459 p = xdr_inline_decode(argp->xdr, length);
460 if (!p)
461 return nfserr_bad_xdr;
462 status = nfsd_map_name_to_gid(argp->rqstp, (char *)p, length,
463 &iattr->ia_gid);
464 if (status)
465 return status;
466 iattr->ia_valid |= ATTR_GID;
467 }
468 if (bmval[1] & FATTR4_WORD1_TIME_ACCESS_SET) {
469 u32 set_it;
470
471 if (xdr_stream_decode_u32(argp->xdr, &set_it) < 0)
472 return nfserr_bad_xdr;
473 switch (set_it) {
474 case NFS4_SET_TO_CLIENT_TIME:
475 status = nfsd4_decode_nfstime4(argp, &iattr->ia_atime);
476 if (status)
477 return status;
478 iattr->ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
479 break;
480 case NFS4_SET_TO_SERVER_TIME:
481 iattr->ia_valid |= ATTR_ATIME;
482 break;
483 default:
484 return nfserr_bad_xdr;
485 }
486 }
487 if (bmval[1] & FATTR4_WORD1_TIME_MODIFY_SET) {
488 u32 set_it;
489
490 if (xdr_stream_decode_u32(argp->xdr, &set_it) < 0)
491 return nfserr_bad_xdr;
492 switch (set_it) {
493 case NFS4_SET_TO_CLIENT_TIME:
494 status = nfsd4_decode_nfstime4(argp, &iattr->ia_mtime);
495 if (status)
496 return status;
497 iattr->ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
498 break;
499 case NFS4_SET_TO_SERVER_TIME:
500 iattr->ia_valid |= ATTR_MTIME;
501 break;
502 default:
503 return nfserr_bad_xdr;
504 }
505 }
506 label->len = 0;
507 if (IS_ENABLED(CONFIG_NFSD_V4_SECURITY_LABEL) &&
508 bmval[2] & FATTR4_WORD2_SECURITY_LABEL) {
509 status = nfsd4_decode_security_label(argp, label);
510 if (status)
511 return status;
512 }
513 if (bmval[2] & FATTR4_WORD2_MODE_UMASK) {
514 u32 mode, mask;
515
516 if (!umask)
517 return nfserr_bad_xdr;
518 if (xdr_stream_decode_u32(argp->xdr, &mode) < 0)
519 return nfserr_bad_xdr;
520 iattr->ia_mode = mode & (S_IFMT | S_IALLUGO);
521 if (xdr_stream_decode_u32(argp->xdr, &mask) < 0)
522 return nfserr_bad_xdr;
523 *umask = mask & S_IRWXUGO;
524 iattr->ia_valid |= ATTR_MODE;
525 }
526
527 /* request sanity: did attrlist4 contain the expected number of words? */
528 if (attrlist4_count != xdr_stream_pos(argp->xdr) - starting_pos)
529 return nfserr_bad_xdr;
530
531 return nfs_ok;
532}
533
534static __be32
535nfsd4_decode_stateid4(struct nfsd4_compoundargs *argp, stateid_t *sid)
536{
537 __be32 *p;
538
539 p = xdr_inline_decode(argp->xdr, NFS4_STATEID_SIZE);
540 if (!p)
541 return nfserr_bad_xdr;
542 sid->si_generation = be32_to_cpup(p++);
543 memcpy(&sid->si_opaque, p, sizeof(sid->si_opaque));
544 return nfs_ok;
545}
546
547static __be32
548nfsd4_decode_clientid4(struct nfsd4_compoundargs *argp, clientid_t *clientid)
549{
550 __be32 *p;
551
552 p = xdr_inline_decode(argp->xdr, sizeof(__be64));
553 if (!p)
554 return nfserr_bad_xdr;
555 memcpy(clientid, p, sizeof(*clientid));
556 return nfs_ok;
557}
558
559static __be32
560nfsd4_decode_state_owner4(struct nfsd4_compoundargs *argp,
561 clientid_t *clientid, struct xdr_netobj *owner)
562{
563 __be32 status;
564
565 status = nfsd4_decode_clientid4(argp, clientid);
566 if (status)
567 return status;
568 return nfsd4_decode_opaque(argp, owner);
569}
570
571#ifdef CONFIG_NFSD_PNFS
572static __be32
573nfsd4_decode_deviceid4(struct nfsd4_compoundargs *argp,
574 struct nfsd4_deviceid *devid)
575{
576 __be32 *p;
577
578 p = xdr_inline_decode(argp->xdr, NFS4_DEVICEID4_SIZE);
579 if (!p)
580 return nfserr_bad_xdr;
581 memcpy(devid, p, sizeof(*devid));
582 return nfs_ok;
583}
584
585static __be32
586nfsd4_decode_layoutupdate4(struct nfsd4_compoundargs *argp,
587 struct nfsd4_layoutcommit *lcp)
588{
589 if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_layout_type) < 0)
590 return nfserr_bad_xdr;
591 if (lcp->lc_layout_type < LAYOUT_NFSV4_1_FILES)
592 return nfserr_bad_xdr;
593 if (lcp->lc_layout_type >= LAYOUT_TYPE_MAX)
594 return nfserr_bad_xdr;
595
596 if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_up_len) < 0)
597 return nfserr_bad_xdr;
598 if (lcp->lc_up_len > 0) {
599 lcp->lc_up_layout = xdr_inline_decode(argp->xdr, lcp->lc_up_len);
600 if (!lcp->lc_up_layout)
601 return nfserr_bad_xdr;
602 }
603
604 return nfs_ok;
605}
606
607static __be32
608nfsd4_decode_layoutreturn4(struct nfsd4_compoundargs *argp,
609 struct nfsd4_layoutreturn *lrp)
610{
611 __be32 status;
612
613 if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_return_type) < 0)
614 return nfserr_bad_xdr;
615 switch (lrp->lr_return_type) {
616 case RETURN_FILE:
617 if (xdr_stream_decode_u64(argp->xdr, &lrp->lr_seg.offset) < 0)
618 return nfserr_bad_xdr;
619 if (xdr_stream_decode_u64(argp->xdr, &lrp->lr_seg.length) < 0)
620 return nfserr_bad_xdr;
621 status = nfsd4_decode_stateid4(argp, &lrp->lr_sid);
622 if (status)
623 return status;
624 if (xdr_stream_decode_u32(argp->xdr, &lrp->lrf_body_len) < 0)
625 return nfserr_bad_xdr;
626 if (lrp->lrf_body_len > 0) {
627 lrp->lrf_body = xdr_inline_decode(argp->xdr, lrp->lrf_body_len);
628 if (!lrp->lrf_body)
629 return nfserr_bad_xdr;
630 }
631 break;
632 case RETURN_FSID:
633 case RETURN_ALL:
634 lrp->lr_seg.offset = 0;
635 lrp->lr_seg.length = NFS4_MAX_UINT64;
636 break;
637 default:
638 return nfserr_bad_xdr;
639 }
640
641 return nfs_ok;
642}
643
644#endif /* CONFIG_NFSD_PNFS */
645
646static __be32
647nfsd4_decode_sessionid4(struct nfsd4_compoundargs *argp,
648 struct nfs4_sessionid *sessionid)
649{
650 __be32 *p;
651
652 p = xdr_inline_decode(argp->xdr, NFS4_MAX_SESSIONID_LEN);
653 if (!p)
654 return nfserr_bad_xdr;
655 memcpy(sessionid->data, p, sizeof(sessionid->data));
656 return nfs_ok;
657}
658
659/* Defined in Appendix A of RFC 5531 */
660static __be32
661nfsd4_decode_authsys_parms(struct nfsd4_compoundargs *argp,
662 struct nfsd4_cb_sec *cbs)
663{
664 u32 stamp, gidcount, uid, gid;
665 __be32 *p, status;
666
667 if (xdr_stream_decode_u32(argp->xdr, &stamp) < 0)
668 return nfserr_bad_xdr;
669 /* machine name */
670 status = nfsd4_decode_ignored_string(argp, 255);
671 if (status)
672 return status;
673 if (xdr_stream_decode_u32(argp->xdr, &uid) < 0)
674 return nfserr_bad_xdr;
675 if (xdr_stream_decode_u32(argp->xdr, &gid) < 0)
676 return nfserr_bad_xdr;
677 if (xdr_stream_decode_u32(argp->xdr, &gidcount) < 0)
678 return nfserr_bad_xdr;
679 if (gidcount > 16)
680 return nfserr_bad_xdr;
681 p = xdr_inline_decode(argp->xdr, gidcount << 2);
682 if (!p)
683 return nfserr_bad_xdr;
684 if (cbs->flavor == (u32)(-1)) {
685 struct user_namespace *userns = nfsd_user_namespace(argp->rqstp);
686
687 kuid_t kuid = make_kuid(userns, uid);
688 kgid_t kgid = make_kgid(userns, gid);
689 if (uid_valid(kuid) && gid_valid(kgid)) {
690 cbs->uid = kuid;
691 cbs->gid = kgid;
692 cbs->flavor = RPC_AUTH_UNIX;
693 } else {
694 dprintk("RPC_AUTH_UNIX with invalid uid or gid, ignoring!\n");
695 }
696 }
697
698 return nfs_ok;
699}
700
701static __be32
702nfsd4_decode_gss_cb_handles4(struct nfsd4_compoundargs *argp,
703 struct nfsd4_cb_sec *cbs)
704{
705 __be32 status;
706 u32 service;
707
708 dprintk("RPC_AUTH_GSS callback secflavor not supported!\n");
709
710 if (xdr_stream_decode_u32(argp->xdr, &service) < 0)
711 return nfserr_bad_xdr;
712 if (service < RPC_GSS_SVC_NONE || service > RPC_GSS_SVC_PRIVACY)
713 return nfserr_bad_xdr;
714 /* gcbp_handle_from_server */
715 status = nfsd4_decode_ignored_string(argp, 0);
716 if (status)
717 return status;
718 /* gcbp_handle_from_client */
719 status = nfsd4_decode_ignored_string(argp, 0);
720 if (status)
721 return status;
722
723 return nfs_ok;
724}
725
726/* a counted array of callback_sec_parms4 items */
727static __be32
728nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
729{
730 u32 i, secflavor, nr_secflavs;
731 __be32 status;
732
733 /* callback_sec_params4 */
734 if (xdr_stream_decode_u32(argp->xdr, &nr_secflavs) < 0)
735 return nfserr_bad_xdr;
736 if (nr_secflavs)
737 cbs->flavor = (u32)(-1);
738 else
739 /* Is this legal? Be generous, take it to mean AUTH_NONE: */
740 cbs->flavor = 0;
741
742 for (i = 0; i < nr_secflavs; ++i) {
743 if (xdr_stream_decode_u32(argp->xdr, &secflavor) < 0)
744 return nfserr_bad_xdr;
745 switch (secflavor) {
746 case RPC_AUTH_NULL:
747 /* void */
748 if (cbs->flavor == (u32)(-1))
749 cbs->flavor = RPC_AUTH_NULL;
750 break;
751 case RPC_AUTH_UNIX:
752 status = nfsd4_decode_authsys_parms(argp, cbs);
753 if (status)
754 return status;
755 break;
756 case RPC_AUTH_GSS:
757 status = nfsd4_decode_gss_cb_handles4(argp, cbs);
758 if (status)
759 return status;
760 break;
761 default:
762 return nfserr_inval;
763 }
764 }
765
766 return nfs_ok;
767}
768
769
770/*
771 * NFSv4 operation argument decoders
772 */
773
774static __be32
775nfsd4_decode_access(struct nfsd4_compoundargs *argp,
776 struct nfsd4_access *access)
777{
778 if (xdr_stream_decode_u32(argp->xdr, &access->ac_req_access) < 0)
779 return nfserr_bad_xdr;
780 return nfs_ok;
781}
782
783static __be32
784nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
785{
786 if (xdr_stream_decode_u32(argp->xdr, &close->cl_seqid) < 0)
787 return nfserr_bad_xdr;
788 return nfsd4_decode_stateid4(argp, &close->cl_stateid);
789}
790
791
792static __be32
793nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
794{
795 if (xdr_stream_decode_u64(argp->xdr, &commit->co_offset) < 0)
796 return nfserr_bad_xdr;
797 if (xdr_stream_decode_u32(argp->xdr, &commit->co_count) < 0)
798 return nfserr_bad_xdr;
799 return nfs_ok;
800}
801
802static __be32
803nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
804{
805 __be32 *p, status;
806
807 if (xdr_stream_decode_u32(argp->xdr, &create->cr_type) < 0)
808 return nfserr_bad_xdr;
809 switch (create->cr_type) {
810 case NF4LNK:
811 if (xdr_stream_decode_u32(argp->xdr, &create->cr_datalen) < 0)
812 return nfserr_bad_xdr;
813 p = xdr_inline_decode(argp->xdr, create->cr_datalen);
814 if (!p)
815 return nfserr_bad_xdr;
816 create->cr_data = svcxdr_dupstr(argp, p, create->cr_datalen);
817 if (!create->cr_data)
818 return nfserr_jukebox;
819 break;
820 case NF4BLK:
821 case NF4CHR:
822 if (xdr_stream_decode_u32(argp->xdr, &create->cr_specdata1) < 0)
823 return nfserr_bad_xdr;
824 if (xdr_stream_decode_u32(argp->xdr, &create->cr_specdata2) < 0)
825 return nfserr_bad_xdr;
826 break;
827 case NF4SOCK:
828 case NF4FIFO:
829 case NF4DIR:
830 default:
831 break;
832 }
833 status = nfsd4_decode_component4(argp, &create->cr_name,
834 &create->cr_namelen);
835 if (status)
836 return status;
837 status = nfsd4_decode_fattr4(argp, create->cr_bmval,
838 ARRAY_SIZE(create->cr_bmval),
839 &create->cr_iattr, &create->cr_acl,
840 &create->cr_label, &create->cr_umask);
841 if (status)
842 return status;
843
844 return nfs_ok;
845}
846
847static inline __be32
848nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
849{
850 return nfsd4_decode_stateid4(argp, &dr->dr_stateid);
851}
852
853static inline __be32
854nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
855{
856 return nfsd4_decode_bitmap4(argp, getattr->ga_bmval,
857 ARRAY_SIZE(getattr->ga_bmval));
858}
859
860static __be32
861nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
862{
863 return nfsd4_decode_component4(argp, &link->li_name, &link->li_namelen);
864}
865
866static __be32
867nfsd4_decode_open_to_lock_owner4(struct nfsd4_compoundargs *argp,
868 struct nfsd4_lock *lock)
869{
870 __be32 status;
871
872 if (xdr_stream_decode_u32(argp->xdr, &lock->lk_new_open_seqid) < 0)
873 return nfserr_bad_xdr;
874 status = nfsd4_decode_stateid4(argp, &lock->lk_new_open_stateid);
875 if (status)
876 return status;
877 if (xdr_stream_decode_u32(argp->xdr, &lock->lk_new_lock_seqid) < 0)
878 return nfserr_bad_xdr;
879 return nfsd4_decode_state_owner4(argp, &lock->lk_new_clientid,
880 &lock->lk_new_owner);
881}
882
883static __be32
884nfsd4_decode_exist_lock_owner4(struct nfsd4_compoundargs *argp,
885 struct nfsd4_lock *lock)
886{
887 __be32 status;
888
889 status = nfsd4_decode_stateid4(argp, &lock->lk_old_lock_stateid);
890 if (status)
891 return status;
892 if (xdr_stream_decode_u32(argp->xdr, &lock->lk_old_lock_seqid) < 0)
893 return nfserr_bad_xdr;
894
895 return nfs_ok;
896}
897
898static __be32
899nfsd4_decode_locker4(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
900{
901 if (xdr_stream_decode_bool(argp->xdr, &lock->lk_is_new) < 0)
902 return nfserr_bad_xdr;
903 if (lock->lk_is_new)
904 return nfsd4_decode_open_to_lock_owner4(argp, lock);
905 return nfsd4_decode_exist_lock_owner4(argp, lock);
906}
907
908static __be32
909nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
910{
911 if (xdr_stream_decode_u32(argp->xdr, &lock->lk_type) < 0)
912 return nfserr_bad_xdr;
913 if ((lock->lk_type < NFS4_READ_LT) || (lock->lk_type > NFS4_WRITEW_LT))
914 return nfserr_bad_xdr;
915 if (xdr_stream_decode_bool(argp->xdr, &lock->lk_reclaim) < 0)
916 return nfserr_bad_xdr;
917 if (xdr_stream_decode_u64(argp->xdr, &lock->lk_offset) < 0)
918 return nfserr_bad_xdr;
919 if (xdr_stream_decode_u64(argp->xdr, &lock->lk_length) < 0)
920 return nfserr_bad_xdr;
921 return nfsd4_decode_locker4(argp, lock);
922}
923
924static __be32
925nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
926{
927 if (xdr_stream_decode_u32(argp->xdr, &lockt->lt_type) < 0)
928 return nfserr_bad_xdr;
929 if ((lockt->lt_type < NFS4_READ_LT) || (lockt->lt_type > NFS4_WRITEW_LT))
930 return nfserr_bad_xdr;
931 if (xdr_stream_decode_u64(argp->xdr, &lockt->lt_offset) < 0)
932 return nfserr_bad_xdr;
933 if (xdr_stream_decode_u64(argp->xdr, &lockt->lt_length) < 0)
934 return nfserr_bad_xdr;
935 return nfsd4_decode_state_owner4(argp, &lockt->lt_clientid,
936 &lockt->lt_owner);
937}
938
939static __be32
940nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
941{
942 __be32 status;
943
944 if (xdr_stream_decode_u32(argp->xdr, &locku->lu_type) < 0)
945 return nfserr_bad_xdr;
946 if ((locku->lu_type < NFS4_READ_LT) || (locku->lu_type > NFS4_WRITEW_LT))
947 return nfserr_bad_xdr;
948 if (xdr_stream_decode_u32(argp->xdr, &locku->lu_seqid) < 0)
949 return nfserr_bad_xdr;
950 status = nfsd4_decode_stateid4(argp, &locku->lu_stateid);
951 if (status)
952 return status;
953 if (xdr_stream_decode_u64(argp->xdr, &locku->lu_offset) < 0)
954 return nfserr_bad_xdr;
955 if (xdr_stream_decode_u64(argp->xdr, &locku->lu_length) < 0)
956 return nfserr_bad_xdr;
957
958 return nfs_ok;
959}
960
961static __be32
962nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
963{
964 return nfsd4_decode_component4(argp, &lookup->lo_name, &lookup->lo_len);
965}
966
967static __be32
968nfsd4_decode_createhow4(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
969{
970 __be32 status;
971
972 if (xdr_stream_decode_u32(argp->xdr, &open->op_createmode) < 0)
973 return nfserr_bad_xdr;
974 switch (open->op_createmode) {
975 case NFS4_CREATE_UNCHECKED:
976 case NFS4_CREATE_GUARDED:
977 status = nfsd4_decode_fattr4(argp, open->op_bmval,
978 ARRAY_SIZE(open->op_bmval),
979 &open->op_iattr, &open->op_acl,
980 &open->op_label, &open->op_umask);
981 if (status)
982 return status;
983 break;
984 case NFS4_CREATE_EXCLUSIVE:
985 status = nfsd4_decode_verifier4(argp, &open->op_verf);
986 if (status)
987 return status;
988 break;
989 case NFS4_CREATE_EXCLUSIVE4_1:
990 if (argp->minorversion < 1)
991 return nfserr_bad_xdr;
992 status = nfsd4_decode_verifier4(argp, &open->op_verf);
993 if (status)
994 return status;
995 status = nfsd4_decode_fattr4(argp, open->op_bmval,
996 ARRAY_SIZE(open->op_bmval),
997 &open->op_iattr, &open->op_acl,
998 &open->op_label, &open->op_umask);
999 if (status)
1000 return status;
1001 break;
1002 default:
1003 return nfserr_bad_xdr;
1004 }
1005
1006 return nfs_ok;
1007}
1008
1009static __be32
1010nfsd4_decode_openflag4(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
1011{
1012 __be32 status;
1013
1014 if (xdr_stream_decode_u32(argp->xdr, &open->op_create) < 0)
1015 return nfserr_bad_xdr;
1016 switch (open->op_create) {
1017 case NFS4_OPEN_NOCREATE:
1018 break;
1019 case NFS4_OPEN_CREATE:
1020 status = nfsd4_decode_createhow4(argp, open);
1021 if (status)
1022 return status;
1023 break;
1024 default:
1025 return nfserr_bad_xdr;
1026 }
1027
1028 return nfs_ok;
1029}
1030
1031static __be32 nfsd4_decode_share_access(struct nfsd4_compoundargs *argp, u32 *share_access, u32 *deleg_want, u32 *deleg_when)
1032{
1033 u32 w;
1034
1035 if (xdr_stream_decode_u32(argp->xdr, &w) < 0)
1036 return nfserr_bad_xdr;
1037 *share_access = w & NFS4_SHARE_ACCESS_MASK;
1038 *deleg_want = w & NFS4_SHARE_WANT_MASK;
1039 if (deleg_when)
1040 *deleg_when = w & NFS4_SHARE_WHEN_MASK;
1041
1042 switch (w & NFS4_SHARE_ACCESS_MASK) {
1043 case NFS4_SHARE_ACCESS_READ:
1044 case NFS4_SHARE_ACCESS_WRITE:
1045 case NFS4_SHARE_ACCESS_BOTH:
1046 break;
1047 default:
1048 return nfserr_bad_xdr;
1049 }
1050 w &= ~NFS4_SHARE_ACCESS_MASK;
1051 if (!w)
1052 return nfs_ok;
1053 if (!argp->minorversion)
1054 return nfserr_bad_xdr;
1055 switch (w & NFS4_SHARE_WANT_MASK) {
1056 case NFS4_SHARE_WANT_NO_PREFERENCE:
1057 case NFS4_SHARE_WANT_READ_DELEG:
1058 case NFS4_SHARE_WANT_WRITE_DELEG:
1059 case NFS4_SHARE_WANT_ANY_DELEG:
1060 case NFS4_SHARE_WANT_NO_DELEG:
1061 case NFS4_SHARE_WANT_CANCEL:
1062 break;
1063 default:
1064 return nfserr_bad_xdr;
1065 }
1066 w &= ~NFS4_SHARE_WANT_MASK;
1067 if (!w)
1068 return nfs_ok;
1069
1070 if (!deleg_when) /* open_downgrade */
1071 return nfserr_inval;
1072 switch (w) {
1073 case NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL:
1074 case NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED:
1075 case (NFS4_SHARE_SIGNAL_DELEG_WHEN_RESRC_AVAIL |
1076 NFS4_SHARE_PUSH_DELEG_WHEN_UNCONTENDED):
1077 return nfs_ok;
1078 }
1079 return nfserr_bad_xdr;
1080}
1081
1082static __be32 nfsd4_decode_share_deny(struct nfsd4_compoundargs *argp, u32 *x)
1083{
1084 if (xdr_stream_decode_u32(argp->xdr, x) < 0)
1085 return nfserr_bad_xdr;
1086 /* Note: unlike access bits, deny bits may be zero. */
1087 if (*x & ~NFS4_SHARE_DENY_BOTH)
1088 return nfserr_bad_xdr;
1089
1090 return nfs_ok;
1091}
1092
1093static __be32
1094nfsd4_decode_open_claim4(struct nfsd4_compoundargs *argp,
1095 struct nfsd4_open *open)
1096{
1097 __be32 status;
1098
1099 if (xdr_stream_decode_u32(argp->xdr, &open->op_claim_type) < 0)
1100 return nfserr_bad_xdr;
1101 switch (open->op_claim_type) {
1102 case NFS4_OPEN_CLAIM_NULL:
1103 case NFS4_OPEN_CLAIM_DELEGATE_PREV:
1104 status = nfsd4_decode_component4(argp, &open->op_fname,
1105 &open->op_fnamelen);
1106 if (status)
1107 return status;
1108 break;
1109 case NFS4_OPEN_CLAIM_PREVIOUS:
1110 if (xdr_stream_decode_u32(argp->xdr, &open->op_delegate_type) < 0)
1111 return nfserr_bad_xdr;
1112 break;
1113 case NFS4_OPEN_CLAIM_DELEGATE_CUR:
1114 status = nfsd4_decode_stateid4(argp, &open->op_delegate_stateid);
1115 if (status)
1116 return status;
1117 status = nfsd4_decode_component4(argp, &open->op_fname,
1118 &open->op_fnamelen);
1119 if (status)
1120 return status;
1121 break;
1122 case NFS4_OPEN_CLAIM_FH:
1123 case NFS4_OPEN_CLAIM_DELEG_PREV_FH:
1124 if (argp->minorversion < 1)
1125 return nfserr_bad_xdr;
1126 /* void */
1127 break;
1128 case NFS4_OPEN_CLAIM_DELEG_CUR_FH:
1129 if (argp->minorversion < 1)
1130 return nfserr_bad_xdr;
1131 status = nfsd4_decode_stateid4(argp, &open->op_delegate_stateid);
1132 if (status)
1133 return status;
1134 break;
1135 default:
1136 return nfserr_bad_xdr;
1137 }
1138
1139 return nfs_ok;
1140}
1141
1142static __be32
1143nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
1144{
1145 __be32 status;
1146 u32 dummy;
1147
1148 memset(open->op_bmval, 0, sizeof(open->op_bmval));
1149 open->op_iattr.ia_valid = 0;
1150 open->op_openowner = NULL;
1151
1152 open->op_xdr_error = 0;
1153 if (xdr_stream_decode_u32(argp->xdr, &open->op_seqid) < 0)
1154 return nfserr_bad_xdr;
1155 /* deleg_want is ignored */
1156 status = nfsd4_decode_share_access(argp, &open->op_share_access,
1157 &open->op_deleg_want, &dummy);
1158 if (status)
1159 return status;
1160 status = nfsd4_decode_share_deny(argp, &open->op_share_deny);
1161 if (status)
1162 return status;
1163 status = nfsd4_decode_state_owner4(argp, &open->op_clientid,
1164 &open->op_owner);
1165 if (status)
1166 return status;
1167 status = nfsd4_decode_openflag4(argp, open);
1168 if (status)
1169 return status;
1170 return nfsd4_decode_open_claim4(argp, open);
1171}
1172
1173static __be32
1174nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
1175{
1176 __be32 status;
1177
1178 if (argp->minorversion >= 1)
1179 return nfserr_notsupp;
1180
1181 status = nfsd4_decode_stateid4(argp, &open_conf->oc_req_stateid);
1182 if (status)
1183 return status;
1184 if (xdr_stream_decode_u32(argp->xdr, &open_conf->oc_seqid) < 0)
1185 return nfserr_bad_xdr;
1186
1187 return nfs_ok;
1188}
1189
1190static __be32
1191nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
1192{
1193 __be32 status;
1194
1195 status = nfsd4_decode_stateid4(argp, &open_down->od_stateid);
1196 if (status)
1197 return status;
1198 if (xdr_stream_decode_u32(argp->xdr, &open_down->od_seqid) < 0)
1199 return nfserr_bad_xdr;
1200 /* deleg_want is ignored */
1201 status = nfsd4_decode_share_access(argp, &open_down->od_share_access,
1202 &open_down->od_deleg_want, NULL);
1203 if (status)
1204 return status;
1205 return nfsd4_decode_share_deny(argp, &open_down->od_share_deny);
1206}
1207
1208static __be32
1209nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
1210{
1211 __be32 *p;
1212
1213 if (xdr_stream_decode_u32(argp->xdr, &putfh->pf_fhlen) < 0)
1214 return nfserr_bad_xdr;
1215 if (putfh->pf_fhlen > NFS4_FHSIZE)
1216 return nfserr_bad_xdr;
1217 p = xdr_inline_decode(argp->xdr, putfh->pf_fhlen);
1218 if (!p)
1219 return nfserr_bad_xdr;
1220 putfh->pf_fhval = svcxdr_savemem(argp, p, putfh->pf_fhlen);
1221 if (!putfh->pf_fhval)
1222 return nfserr_jukebox;
1223
1224 return nfs_ok;
1225}
1226
1227static __be32
1228nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
1229{
1230 if (argp->minorversion == 0)
1231 return nfs_ok;
1232 return nfserr_notsupp;
1233}
1234
1235static __be32
1236nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
1237{
1238 __be32 status;
1239
1240 status = nfsd4_decode_stateid4(argp, &read->rd_stateid);
1241 if (status)
1242 return status;
1243 if (xdr_stream_decode_u64(argp->xdr, &read->rd_offset) < 0)
1244 return nfserr_bad_xdr;
1245 if (xdr_stream_decode_u32(argp->xdr, &read->rd_length) < 0)
1246 return nfserr_bad_xdr;
1247
1248 return nfs_ok;
1249}
1250
1251static __be32
1252nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
1253{
1254 __be32 status;
1255
1256 if (xdr_stream_decode_u64(argp->xdr, &readdir->rd_cookie) < 0)
1257 return nfserr_bad_xdr;
1258 status = nfsd4_decode_verifier4(argp, &readdir->rd_verf);
1259 if (status)
1260 return status;
1261 if (xdr_stream_decode_u32(argp->xdr, &readdir->rd_dircount) < 0)
1262 return nfserr_bad_xdr;
1263 if (xdr_stream_decode_u32(argp->xdr, &readdir->rd_maxcount) < 0)
1264 return nfserr_bad_xdr;
1265 if (xdr_stream_decode_uint32_array(argp->xdr, readdir->rd_bmval,
1266 ARRAY_SIZE(readdir->rd_bmval)) < 0)
1267 return nfserr_bad_xdr;
1268
1269 return nfs_ok;
1270}
1271
1272static __be32
1273nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
1274{
1275 return nfsd4_decode_component4(argp, &remove->rm_name, &remove->rm_namelen);
1276}
1277
1278static __be32
1279nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
1280{
1281 __be32 status;
1282
1283 status = nfsd4_decode_component4(argp, &rename->rn_sname, &rename->rn_snamelen);
1284 if (status)
1285 return status;
1286 return nfsd4_decode_component4(argp, &rename->rn_tname, &rename->rn_tnamelen);
1287}
1288
1289static __be32
1290nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
1291{
1292 return nfsd4_decode_clientid4(argp, clientid);
1293}
1294
1295static __be32
1296nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
1297 struct nfsd4_secinfo *secinfo)
1298{
1299 return nfsd4_decode_component4(argp, &secinfo->si_name, &secinfo->si_namelen);
1300}
1301
1302static __be32
1303nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
1304{
1305 __be32 status;
1306
1307 status = nfsd4_decode_stateid4(argp, &setattr->sa_stateid);
1308 if (status)
1309 return status;
1310 return nfsd4_decode_fattr4(argp, setattr->sa_bmval,
1311 ARRAY_SIZE(setattr->sa_bmval),
1312 &setattr->sa_iattr, &setattr->sa_acl,
1313 &setattr->sa_label, NULL);
1314}
1315
1316static __be32
1317nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
1318{
1319 __be32 *p, status;
1320
1321 if (argp->minorversion >= 1)
1322 return nfserr_notsupp;
1323
1324 status = nfsd4_decode_verifier4(argp, &setclientid->se_verf);
1325 if (status)
1326 return status;
1327 status = nfsd4_decode_opaque(argp, &setclientid->se_name);
1328 if (status)
1329 return status;
1330 if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_prog) < 0)
1331 return nfserr_bad_xdr;
1332 if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_netid_len) < 0)
1333 return nfserr_bad_xdr;
1334 p = xdr_inline_decode(argp->xdr, setclientid->se_callback_netid_len);
1335 if (!p)
1336 return nfserr_bad_xdr;
1337 setclientid->se_callback_netid_val = svcxdr_savemem(argp, p,
1338 setclientid->se_callback_netid_len);
1339 if (!setclientid->se_callback_netid_val)
1340 return nfserr_jukebox;
1341
1342 if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_addr_len) < 0)
1343 return nfserr_bad_xdr;
1344 p = xdr_inline_decode(argp->xdr, setclientid->se_callback_addr_len);
1345 if (!p)
1346 return nfserr_bad_xdr;
1347 setclientid->se_callback_addr_val = svcxdr_savemem(argp, p,
1348 setclientid->se_callback_addr_len);
1349 if (!setclientid->se_callback_addr_val)
1350 return nfserr_jukebox;
1351 if (xdr_stream_decode_u32(argp->xdr, &setclientid->se_callback_ident) < 0)
1352 return nfserr_bad_xdr;
1353
1354 return nfs_ok;
1355}
1356
1357static __be32
1358nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
1359{
1360 __be32 status;
1361
1362 if (argp->minorversion >= 1)
1363 return nfserr_notsupp;
1364
1365 status = nfsd4_decode_clientid4(argp, &scd_c->sc_clientid);
1366 if (status)
1367 return status;
1368 return nfsd4_decode_verifier4(argp, &scd_c->sc_confirm);
1369}
1370
1371/* Also used for NVERIFY */
1372static __be32
1373nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
1374{
1375 __be32 *p, status;
1376
1377 status = nfsd4_decode_bitmap4(argp, verify->ve_bmval,
1378 ARRAY_SIZE(verify->ve_bmval));
1379 if (status)
1380 return status;
1381
1382 /* For convenience's sake, we compare raw xdr'd attributes in
1383 * nfsd4_proc_verify */
1384
1385 if (xdr_stream_decode_u32(argp->xdr, &verify->ve_attrlen) < 0)
1386 return nfserr_bad_xdr;
1387 p = xdr_inline_decode(argp->xdr, verify->ve_attrlen);
1388 if (!p)
1389 return nfserr_bad_xdr;
1390 verify->ve_attrval = svcxdr_savemem(argp, p, verify->ve_attrlen);
1391 if (!verify->ve_attrval)
1392 return nfserr_jukebox;
1393
1394 return nfs_ok;
1395}
1396
1397static __be32
1398nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
1399{
1400 __be32 status;
1401
1402 status = nfsd4_decode_stateid4(argp, &write->wr_stateid);
1403 if (status)
1404 return status;
1405 if (xdr_stream_decode_u64(argp->xdr, &write->wr_offset) < 0)
1406 return nfserr_bad_xdr;
1407 if (xdr_stream_decode_u32(argp->xdr, &write->wr_stable_how) < 0)
1408 return nfserr_bad_xdr;
1409 if (write->wr_stable_how > NFS_FILE_SYNC)
1410 return nfserr_bad_xdr;
1411 if (xdr_stream_decode_u32(argp->xdr, &write->wr_buflen) < 0)
1412 return nfserr_bad_xdr;
1413 if (!xdr_stream_subsegment(argp->xdr, &write->wr_payload, write->wr_buflen))
1414 return nfserr_bad_xdr;
1415
1416 return nfs_ok;
1417}
1418
1419static __be32
1420nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
1421{
1422 __be32 status;
1423
1424 if (argp->minorversion >= 1)
1425 return nfserr_notsupp;
1426
1427 status = nfsd4_decode_state_owner4(argp, &rlockowner->rl_clientid,
1428 &rlockowner->rl_owner);
1429 if (status)
1430 return status;
1431
1432 if (argp->minorversion && !zero_clientid(&rlockowner->rl_clientid))
1433 return nfserr_inval;
1434
1435 return nfs_ok;
1436}
1437
1438static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
1439{
1440 if (xdr_stream_decode_u32(argp->xdr, &bc->bc_cb_program) < 0)
1441 return nfserr_bad_xdr;
1442 return nfsd4_decode_cb_sec(argp, &bc->bc_cb_sec);
1443}
1444
1445static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
1446{
1447 u32 use_conn_in_rdma_mode;
1448 __be32 status;
1449
1450 status = nfsd4_decode_sessionid4(argp, &bcts->sessionid);
1451 if (status)
1452 return status;
1453 if (xdr_stream_decode_u32(argp->xdr, &bcts->dir) < 0)
1454 return nfserr_bad_xdr;
1455 if (xdr_stream_decode_u32(argp->xdr, &use_conn_in_rdma_mode) < 0)
1456 return nfserr_bad_xdr;
1457
1458 return nfs_ok;
1459}
1460
1461static __be32
1462nfsd4_decode_state_protect_ops(struct nfsd4_compoundargs *argp,
1463 struct nfsd4_exchange_id *exid)
1464{
1465 __be32 status;
1466
1467 status = nfsd4_decode_bitmap4(argp, exid->spo_must_enforce,
1468 ARRAY_SIZE(exid->spo_must_enforce));
1469 if (status)
1470 return nfserr_bad_xdr;
1471 status = nfsd4_decode_bitmap4(argp, exid->spo_must_allow,
1472 ARRAY_SIZE(exid->spo_must_allow));
1473 if (status)
1474 return nfserr_bad_xdr;
1475
1476 return nfs_ok;
1477}
1478
1479/*
1480 * This implementation currently does not support SP4_SSV.
1481 * This decoder simply skips over these arguments.
1482 */
1483static noinline __be32
1484nfsd4_decode_ssv_sp_parms(struct nfsd4_compoundargs *argp,
1485 struct nfsd4_exchange_id *exid)
1486{
1487 u32 count, window, num_gss_handles;
1488 __be32 status;
1489
1490 /* ssp_ops */
1491 status = nfsd4_decode_state_protect_ops(argp, exid);
1492 if (status)
1493 return status;
1494
1495 /* ssp_hash_algs<> */
1496 if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
1497 return nfserr_bad_xdr;
1498 while (count--) {
1499 status = nfsd4_decode_ignored_string(argp, 0);
1500 if (status)
1501 return status;
1502 }
1503
1504 /* ssp_encr_algs<> */
1505 if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
1506 return nfserr_bad_xdr;
1507 while (count--) {
1508 status = nfsd4_decode_ignored_string(argp, 0);
1509 if (status)
1510 return status;
1511 }
1512
1513 if (xdr_stream_decode_u32(argp->xdr, &window) < 0)
1514 return nfserr_bad_xdr;
1515 if (xdr_stream_decode_u32(argp->xdr, &num_gss_handles) < 0)
1516 return nfserr_bad_xdr;
1517
1518 return nfs_ok;
1519}
1520
1521static __be32
1522nfsd4_decode_state_protect4_a(struct nfsd4_compoundargs *argp,
1523 struct nfsd4_exchange_id *exid)
1524{
1525 __be32 status;
1526
1527 if (xdr_stream_decode_u32(argp->xdr, &exid->spa_how) < 0)
1528 return nfserr_bad_xdr;
1529 switch (exid->spa_how) {
1530 case SP4_NONE:
1531 break;
1532 case SP4_MACH_CRED:
1533 status = nfsd4_decode_state_protect_ops(argp, exid);
1534 if (status)
1535 return status;
1536 break;
1537 case SP4_SSV:
1538 status = nfsd4_decode_ssv_sp_parms(argp, exid);
1539 if (status)
1540 return status;
1541 break;
1542 default:
1543 return nfserr_bad_xdr;
1544 }
1545
1546 return nfs_ok;
1547}
1548
1549static __be32
1550nfsd4_decode_nfs_impl_id4(struct nfsd4_compoundargs *argp,
1551 struct nfsd4_exchange_id *exid)
1552{
1553 __be32 status;
1554 u32 count;
1555
1556 if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
1557 return nfserr_bad_xdr;
1558 switch (count) {
1559 case 0:
1560 break;
1561 case 1:
1562 /* Note that RFC 8881 places no length limit on
1563 * nii_domain, but this implementation permits no
1564 * more than NFS4_OPAQUE_LIMIT bytes */
1565 status = nfsd4_decode_opaque(argp, &exid->nii_domain);
1566 if (status)
1567 return status;
1568 /* Note that RFC 8881 places no length limit on
1569 * nii_name, but this implementation permits no
1570 * more than NFS4_OPAQUE_LIMIT bytes */
1571 status = nfsd4_decode_opaque(argp, &exid->nii_name);
1572 if (status)
1573 return status;
1574 status = nfsd4_decode_nfstime4(argp, &exid->nii_time);
1575 if (status)
1576 return status;
1577 break;
1578 default:
1579 return nfserr_bad_xdr;
1580 }
1581
1582 return nfs_ok;
1583}
1584
1585static __be32
1586nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
1587 struct nfsd4_exchange_id *exid)
1588{
1589 __be32 status;
1590
1591 status = nfsd4_decode_verifier4(argp, &exid->verifier);
1592 if (status)
1593 return status;
1594 status = nfsd4_decode_opaque(argp, &exid->clname);
1595 if (status)
1596 return status;
1597 if (xdr_stream_decode_u32(argp->xdr, &exid->flags) < 0)
1598 return nfserr_bad_xdr;
1599 status = nfsd4_decode_state_protect4_a(argp, exid);
1600 if (status)
1601 return status;
1602 return nfsd4_decode_nfs_impl_id4(argp, exid);
1603}
1604
1605static __be32
1606nfsd4_decode_channel_attrs4(struct nfsd4_compoundargs *argp,
1607 struct nfsd4_channel_attrs *ca)
1608{
1609 __be32 *p;
1610
1611 p = xdr_inline_decode(argp->xdr, XDR_UNIT * 7);
1612 if (!p)
1613 return nfserr_bad_xdr;
1614
1615 /* headerpadsz is ignored */
1616 p++;
1617 ca->maxreq_sz = be32_to_cpup(p++);
1618 ca->maxresp_sz = be32_to_cpup(p++);
1619 ca->maxresp_cached = be32_to_cpup(p++);
1620 ca->maxops = be32_to_cpup(p++);
1621 ca->maxreqs = be32_to_cpup(p++);
1622 ca->nr_rdma_attrs = be32_to_cpup(p);
1623 switch (ca->nr_rdma_attrs) {
1624 case 0:
1625 break;
1626 case 1:
1627 if (xdr_stream_decode_u32(argp->xdr, &ca->rdma_attrs) < 0)
1628 return nfserr_bad_xdr;
1629 break;
1630 default:
1631 return nfserr_bad_xdr;
1632 }
1633
1634 return nfs_ok;
1635}
1636
1637static __be32
1638nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
1639 struct nfsd4_create_session *sess)
1640{
1641 __be32 status;
1642
1643 status = nfsd4_decode_clientid4(argp, &sess->clientid);
1644 if (status)
1645 return status;
1646 if (xdr_stream_decode_u32(argp->xdr, &sess->seqid) < 0)
1647 return nfserr_bad_xdr;
1648 if (xdr_stream_decode_u32(argp->xdr, &sess->flags) < 0)
1649 return nfserr_bad_xdr;
1650 status = nfsd4_decode_channel_attrs4(argp, &sess->fore_channel);
1651 if (status)
1652 return status;
1653 status = nfsd4_decode_channel_attrs4(argp, &sess->back_channel);
1654 if (status)
1655 return status;
1656 if (xdr_stream_decode_u32(argp->xdr, &sess->callback_prog) < 0)
1657 return nfserr_bad_xdr;
1658 status = nfsd4_decode_cb_sec(argp, &sess->cb_sec);
1659 if (status)
1660 return status;
1661
1662 return nfs_ok;
1663}
1664
1665static __be32
1666nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
1667 struct nfsd4_destroy_session *destroy_session)
1668{
1669 return nfsd4_decode_sessionid4(argp, &destroy_session->sessionid);
1670}
1671
1672static __be32
1673nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
1674 struct nfsd4_free_stateid *free_stateid)
1675{
1676 return nfsd4_decode_stateid4(argp, &free_stateid->fr_stateid);
1677}
1678
1679#ifdef CONFIG_NFSD_PNFS
1680static __be32
1681nfsd4_decode_getdeviceinfo(struct nfsd4_compoundargs *argp,
1682 struct nfsd4_getdeviceinfo *gdev)
1683{
1684 __be32 status;
1685
1686 status = nfsd4_decode_deviceid4(argp, &gdev->gd_devid);
1687 if (status)
1688 return status;
1689 if (xdr_stream_decode_u32(argp->xdr, &gdev->gd_layout_type) < 0)
1690 return nfserr_bad_xdr;
1691 if (xdr_stream_decode_u32(argp->xdr, &gdev->gd_maxcount) < 0)
1692 return nfserr_bad_xdr;
1693 if (xdr_stream_decode_uint32_array(argp->xdr,
1694 &gdev->gd_notify_types, 1) < 0)
1695 return nfserr_bad_xdr;
1696
1697 return nfs_ok;
1698}
1699
1700static __be32
1701nfsd4_decode_layoutcommit(struct nfsd4_compoundargs *argp,
1702 struct nfsd4_layoutcommit *lcp)
1703{
1704 __be32 *p, status;
1705
1706 if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_seg.offset) < 0)
1707 return nfserr_bad_xdr;
1708 if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_seg.length) < 0)
1709 return nfserr_bad_xdr;
1710 if (xdr_stream_decode_bool(argp->xdr, &lcp->lc_reclaim) < 0)
1711 return nfserr_bad_xdr;
1712 status = nfsd4_decode_stateid4(argp, &lcp->lc_sid);
1713 if (status)
1714 return status;
1715 if (xdr_stream_decode_u32(argp->xdr, &lcp->lc_newoffset) < 0)
1716 return nfserr_bad_xdr;
1717 if (lcp->lc_newoffset) {
1718 if (xdr_stream_decode_u64(argp->xdr, &lcp->lc_last_wr) < 0)
1719 return nfserr_bad_xdr;
1720 } else
1721 lcp->lc_last_wr = 0;
1722 p = xdr_inline_decode(argp->xdr, XDR_UNIT);
1723 if (!p)
1724 return nfserr_bad_xdr;
1725 if (xdr_item_is_present(p)) {
1726 status = nfsd4_decode_nfstime4(argp, &lcp->lc_mtime);
1727 if (status)
1728 return status;
1729 } else {
1730 lcp->lc_mtime.tv_nsec = UTIME_NOW;
1731 }
1732 return nfsd4_decode_layoutupdate4(argp, lcp);
1733}
1734
1735static __be32
1736nfsd4_decode_layoutget(struct nfsd4_compoundargs *argp,
1737 struct nfsd4_layoutget *lgp)
1738{
1739 __be32 status;
1740
1741 if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_signal) < 0)
1742 return nfserr_bad_xdr;
1743 if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_layout_type) < 0)
1744 return nfserr_bad_xdr;
1745 if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_seg.iomode) < 0)
1746 return nfserr_bad_xdr;
1747 if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_seg.offset) < 0)
1748 return nfserr_bad_xdr;
1749 if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_seg.length) < 0)
1750 return nfserr_bad_xdr;
1751 if (xdr_stream_decode_u64(argp->xdr, &lgp->lg_minlength) < 0)
1752 return nfserr_bad_xdr;
1753 status = nfsd4_decode_stateid4(argp, &lgp->lg_sid);
1754 if (status)
1755 return status;
1756 if (xdr_stream_decode_u32(argp->xdr, &lgp->lg_maxcount) < 0)
1757 return nfserr_bad_xdr;
1758
1759 return nfs_ok;
1760}
1761
1762static __be32
1763nfsd4_decode_layoutreturn(struct nfsd4_compoundargs *argp,
1764 struct nfsd4_layoutreturn *lrp)
1765{
1766 if (xdr_stream_decode_bool(argp->xdr, &lrp->lr_reclaim) < 0)
1767 return nfserr_bad_xdr;
1768 if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_layout_type) < 0)
1769 return nfserr_bad_xdr;
1770 if (xdr_stream_decode_u32(argp->xdr, &lrp->lr_seg.iomode) < 0)
1771 return nfserr_bad_xdr;
1772 return nfsd4_decode_layoutreturn4(argp, lrp);
1773}
1774#endif /* CONFIG_NFSD_PNFS */
1775
1776static __be32 nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
1777 struct nfsd4_secinfo_no_name *sin)
1778{
1779 if (xdr_stream_decode_u32(argp->xdr, &sin->sin_style) < 0)
1780 return nfserr_bad_xdr;
1781 return nfs_ok;
1782}
1783
1784static __be32
1785nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
1786 struct nfsd4_sequence *seq)
1787{
1788 __be32 *p, status;
1789
1790 status = nfsd4_decode_sessionid4(argp, &seq->sessionid);
1791 if (status)
1792 return status;
1793 p = xdr_inline_decode(argp->xdr, XDR_UNIT * 4);
1794 if (!p)
1795 return nfserr_bad_xdr;
1796 seq->seqid = be32_to_cpup(p++);
1797 seq->slotid = be32_to_cpup(p++);
1798 seq->maxslots = be32_to_cpup(p++);
1799 seq->cachethis = be32_to_cpup(p);
1800
1801 return nfs_ok;
1802}
1803
1804static __be32
1805nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
1806{
1807 struct nfsd4_test_stateid_id *stateid;
1808 __be32 status;
1809 u32 i;
1810
1811 if (xdr_stream_decode_u32(argp->xdr, &test_stateid->ts_num_ids) < 0)
1812 return nfserr_bad_xdr;
1813
1814 INIT_LIST_HEAD(&test_stateid->ts_stateid_list);
1815 for (i = 0; i < test_stateid->ts_num_ids; i++) {
1816 stateid = svcxdr_tmpalloc(argp, sizeof(*stateid));
1817 if (!stateid)
1818 return nfserrno(-ENOMEM); /* XXX: not jukebox? */
1819 INIT_LIST_HEAD(&stateid->ts_id_list);
1820 list_add_tail(&stateid->ts_id_list, &test_stateid->ts_stateid_list);
1821 status = nfsd4_decode_stateid4(argp, &stateid->ts_id_stateid);
1822 if (status)
1823 return status;
1824 }
1825
1826 return nfs_ok;
1827}
1828
1829static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp,
1830 struct nfsd4_destroy_clientid *dc)
1831{
1832 return nfsd4_decode_clientid4(argp, &dc->clientid);
1833}
1834
1835static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp,
1836 struct nfsd4_reclaim_complete *rc)
1837{
1838 if (xdr_stream_decode_bool(argp->xdr, &rc->rca_one_fs) < 0)
1839 return nfserr_bad_xdr;
1840 return nfs_ok;
1841}
1842
1843static __be32
1844nfsd4_decode_fallocate(struct nfsd4_compoundargs *argp,
1845 struct nfsd4_fallocate *fallocate)
1846{
1847 __be32 status;
1848
1849 status = nfsd4_decode_stateid4(argp, &fallocate->falloc_stateid);
1850 if (status)
1851 return status;
1852 if (xdr_stream_decode_u64(argp->xdr, &fallocate->falloc_offset) < 0)
1853 return nfserr_bad_xdr;
1854 if (xdr_stream_decode_u64(argp->xdr, &fallocate->falloc_length) < 0)
1855 return nfserr_bad_xdr;
1856
1857 return nfs_ok;
1858}
1859
1860static __be32 nfsd4_decode_nl4_server(struct nfsd4_compoundargs *argp,
1861 struct nl4_server *ns)
1862{
1863 struct nfs42_netaddr *naddr;
1864 __be32 *p;
1865
1866 if (xdr_stream_decode_u32(argp->xdr, &ns->nl4_type) < 0)
1867 return nfserr_bad_xdr;
1868
1869 /* currently support for 1 inter-server source server */
1870 switch (ns->nl4_type) {
1871 case NL4_NETADDR:
1872 naddr = &ns->u.nl4_addr;
1873
1874 if (xdr_stream_decode_u32(argp->xdr, &naddr->netid_len) < 0)
1875 return nfserr_bad_xdr;
1876 if (naddr->netid_len > RPCBIND_MAXNETIDLEN)
1877 return nfserr_bad_xdr;
1878
1879 p = xdr_inline_decode(argp->xdr, naddr->netid_len);
1880 if (!p)
1881 return nfserr_bad_xdr;
1882 memcpy(naddr->netid, p, naddr->netid_len);
1883
1884 if (xdr_stream_decode_u32(argp->xdr, &naddr->addr_len) < 0)
1885 return nfserr_bad_xdr;
1886 if (naddr->addr_len > RPCBIND_MAXUADDRLEN)
1887 return nfserr_bad_xdr;
1888
1889 p = xdr_inline_decode(argp->xdr, naddr->addr_len);
1890 if (!p)
1891 return nfserr_bad_xdr;
1892 memcpy(naddr->addr, p, naddr->addr_len);
1893 break;
1894 default:
1895 return nfserr_bad_xdr;
1896 }
1897
1898 return nfs_ok;
1899}
1900
1901static __be32
1902nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
1903{
1904 struct nl4_server *ns_dummy;
1905 u32 consecutive, i, count;
1906 __be32 status;
1907
1908 status = nfsd4_decode_stateid4(argp, ©->cp_src_stateid);
1909 if (status)
1910 return status;
1911 status = nfsd4_decode_stateid4(argp, ©->cp_dst_stateid);
1912 if (status)
1913 return status;
1914 if (xdr_stream_decode_u64(argp->xdr, ©->cp_src_pos) < 0)
1915 return nfserr_bad_xdr;
1916 if (xdr_stream_decode_u64(argp->xdr, ©->cp_dst_pos) < 0)
1917 return nfserr_bad_xdr;
1918 if (xdr_stream_decode_u64(argp->xdr, ©->cp_count) < 0)
1919 return nfserr_bad_xdr;
1920 /* ca_consecutive: we always do consecutive copies */
1921 if (xdr_stream_decode_u32(argp->xdr, &consecutive) < 0)
1922 return nfserr_bad_xdr;
1923 if (xdr_stream_decode_u32(argp->xdr, ©->cp_synchronous) < 0)
1924 return nfserr_bad_xdr;
1925
1926 if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
1927 return nfserr_bad_xdr;
1928 copy->cp_intra = false;
1929 if (count == 0) { /* intra-server copy */
1930 copy->cp_intra = true;
1931 return nfs_ok;
1932 }
1933
1934 /* decode all the supplied server addresses but use only the first */
1935 status = nfsd4_decode_nl4_server(argp, ©->cp_src);
1936 if (status)
1937 return status;
1938
1939 ns_dummy = kmalloc(sizeof(struct nl4_server), GFP_KERNEL);
1940 if (ns_dummy == NULL)
1941 return nfserrno(-ENOMEM); /* XXX: jukebox? */
1942 for (i = 0; i < count - 1; i++) {
1943 status = nfsd4_decode_nl4_server(argp, ns_dummy);
1944 if (status) {
1945 kfree(ns_dummy);
1946 return status;
1947 }
1948 }
1949 kfree(ns_dummy);
1950
1951 return nfs_ok;
1952}
1953
1954static __be32
1955nfsd4_decode_copy_notify(struct nfsd4_compoundargs *argp,
1956 struct nfsd4_copy_notify *cn)
1957{
1958 __be32 status;
1959
1960 status = nfsd4_decode_stateid4(argp, &cn->cpn_src_stateid);
1961 if (status)
1962 return status;
1963 return nfsd4_decode_nl4_server(argp, &cn->cpn_dst);
1964}
1965
1966static __be32
1967nfsd4_decode_offload_status(struct nfsd4_compoundargs *argp,
1968 struct nfsd4_offload_status *os)
1969{
1970 return nfsd4_decode_stateid4(argp, &os->stateid);
1971}
1972
1973static __be32
1974nfsd4_decode_seek(struct nfsd4_compoundargs *argp, struct nfsd4_seek *seek)
1975{
1976 __be32 status;
1977
1978 status = nfsd4_decode_stateid4(argp, &seek->seek_stateid);
1979 if (status)
1980 return status;
1981 if (xdr_stream_decode_u64(argp->xdr, &seek->seek_offset) < 0)
1982 return nfserr_bad_xdr;
1983 if (xdr_stream_decode_u32(argp->xdr, &seek->seek_whence) < 0)
1984 return nfserr_bad_xdr;
1985
1986 return nfs_ok;
1987}
1988
1989static __be32
1990nfsd4_decode_clone(struct nfsd4_compoundargs *argp, struct nfsd4_clone *clone)
1991{
1992 __be32 status;
1993
1994 status = nfsd4_decode_stateid4(argp, &clone->cl_src_stateid);
1995 if (status)
1996 return status;
1997 status = nfsd4_decode_stateid4(argp, &clone->cl_dst_stateid);
1998 if (status)
1999 return status;
2000 if (xdr_stream_decode_u64(argp->xdr, &clone->cl_src_pos) < 0)
2001 return nfserr_bad_xdr;
2002 if (xdr_stream_decode_u64(argp->xdr, &clone->cl_dst_pos) < 0)
2003 return nfserr_bad_xdr;
2004 if (xdr_stream_decode_u64(argp->xdr, &clone->cl_count) < 0)
2005 return nfserr_bad_xdr;
2006
2007 return nfs_ok;
2008}
2009
2010/*
2011 * XDR data that is more than PAGE_SIZE in size is normally part of a
2012 * read or write. However, the size of extended attributes is limited
2013 * by the maximum request size, and then further limited by the underlying
2014 * filesystem limits. This can exceed PAGE_SIZE (currently, XATTR_SIZE_MAX
2015 * is 64k). Since there is no kvec- or page-based interface to xattrs,
2016 * and we're not dealing with contiguous pages, we need to do some copying.
2017 */
2018
2019/*
2020 * Decode data into buffer.
2021 */
2022static __be32
2023nfsd4_vbuf_from_vector(struct nfsd4_compoundargs *argp, struct xdr_buf *xdr,
2024 char **bufp, u32 buflen)
2025{
2026 struct page **pages = xdr->pages;
2027 struct kvec *head = xdr->head;
2028 char *tmp, *dp;
2029 u32 len;
2030
2031 if (buflen <= head->iov_len) {
2032 /*
2033 * We're in luck, the head has enough space. Just return
2034 * the head, no need for copying.
2035 */
2036 *bufp = head->iov_base;
2037 return 0;
2038 }
2039
2040 tmp = svcxdr_tmpalloc(argp, buflen);
2041 if (tmp == NULL)
2042 return nfserr_jukebox;
2043
2044 dp = tmp;
2045 memcpy(dp, head->iov_base, head->iov_len);
2046 buflen -= head->iov_len;
2047 dp += head->iov_len;
2048
2049 while (buflen > 0) {
2050 len = min_t(u32, buflen, PAGE_SIZE);
2051 memcpy(dp, page_address(*pages), len);
2052
2053 buflen -= len;
2054 dp += len;
2055 pages++;
2056 }
2057
2058 *bufp = tmp;
2059 return 0;
2060}
2061
2062/*
2063 * Get a user extended attribute name from the XDR buffer.
2064 * It will not have the "user." prefix, so prepend it.
2065 * Lastly, check for nul characters in the name.
2066 */
2067static __be32
2068nfsd4_decode_xattr_name(struct nfsd4_compoundargs *argp, char **namep)
2069{
2070 char *name, *sp, *dp;
2071 u32 namelen, cnt;
2072 __be32 *p;
2073
2074 if (xdr_stream_decode_u32(argp->xdr, &namelen) < 0)
2075 return nfserr_bad_xdr;
2076 if (namelen > (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN))
2077 return nfserr_nametoolong;
2078 if (namelen == 0)
2079 return nfserr_bad_xdr;
2080 p = xdr_inline_decode(argp->xdr, namelen);
2081 if (!p)
2082 return nfserr_bad_xdr;
2083 name = svcxdr_tmpalloc(argp, namelen + XATTR_USER_PREFIX_LEN + 1);
2084 if (!name)
2085 return nfserr_jukebox;
2086 memcpy(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN);
2087
2088 /*
2089 * Copy the extended attribute name over while checking for 0
2090 * characters.
2091 */
2092 sp = (char *)p;
2093 dp = name + XATTR_USER_PREFIX_LEN;
2094 cnt = namelen;
2095
2096 while (cnt-- > 0) {
2097 if (*sp == '\0')
2098 return nfserr_bad_xdr;
2099 *dp++ = *sp++;
2100 }
2101 *dp = '\0';
2102
2103 *namep = name;
2104
2105 return nfs_ok;
2106}
2107
2108/*
2109 * A GETXATTR op request comes without a length specifier. We just set the
2110 * maximum length for the reply based on XATTR_SIZE_MAX and the maximum
2111 * channel reply size. nfsd_getxattr will probe the length of the xattr,
2112 * check it against getxa_len, and allocate + return the value.
2113 */
2114static __be32
2115nfsd4_decode_getxattr(struct nfsd4_compoundargs *argp,
2116 struct nfsd4_getxattr *getxattr)
2117{
2118 __be32 status;
2119 u32 maxcount;
2120
2121 status = nfsd4_decode_xattr_name(argp, &getxattr->getxa_name);
2122 if (status)
2123 return status;
2124
2125 maxcount = svc_max_payload(argp->rqstp);
2126 maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount);
2127
2128 getxattr->getxa_len = maxcount;
2129
2130 return status;
2131}
2132
2133static __be32
2134nfsd4_decode_setxattr(struct nfsd4_compoundargs *argp,
2135 struct nfsd4_setxattr *setxattr)
2136{
2137 u32 flags, maxcount, size;
2138 __be32 status;
2139
2140 if (xdr_stream_decode_u32(argp->xdr, &flags) < 0)
2141 return nfserr_bad_xdr;
2142
2143 if (flags > SETXATTR4_REPLACE)
2144 return nfserr_inval;
2145 setxattr->setxa_flags = flags;
2146
2147 status = nfsd4_decode_xattr_name(argp, &setxattr->setxa_name);
2148 if (status)
2149 return status;
2150
2151 maxcount = svc_max_payload(argp->rqstp);
2152 maxcount = min_t(u32, XATTR_SIZE_MAX, maxcount);
2153
2154 if (xdr_stream_decode_u32(argp->xdr, &size) < 0)
2155 return nfserr_bad_xdr;
2156 if (size > maxcount)
2157 return nfserr_xattr2big;
2158
2159 setxattr->setxa_len = size;
2160 if (size > 0) {
2161 struct xdr_buf payload;
2162
2163 if (!xdr_stream_subsegment(argp->xdr, &payload, size))
2164 return nfserr_bad_xdr;
2165 status = nfsd4_vbuf_from_vector(argp, &payload,
2166 &setxattr->setxa_buf, size);
2167 }
2168
2169 return nfs_ok;
2170}
2171
2172static __be32
2173nfsd4_decode_listxattrs(struct nfsd4_compoundargs *argp,
2174 struct nfsd4_listxattrs *listxattrs)
2175{
2176 u32 maxcount;
2177
2178 if (xdr_stream_decode_u64(argp->xdr, &listxattrs->lsxa_cookie) < 0)
2179 return nfserr_bad_xdr;
2180
2181 /*
2182 * If the cookie is too large to have even one user.x attribute
2183 * plus trailing '\0' left in a maximum size buffer, it's invalid.
2184 */
2185 if (listxattrs->lsxa_cookie >=
2186 (XATTR_LIST_MAX / (XATTR_USER_PREFIX_LEN + 2)))
2187 return nfserr_badcookie;
2188
2189 if (xdr_stream_decode_u32(argp->xdr, &maxcount) < 0)
2190 return nfserr_bad_xdr;
2191 if (maxcount < 8)
2192 /* Always need at least 2 words (length and one character) */
2193 return nfserr_inval;
2194
2195 maxcount = min(maxcount, svc_max_payload(argp->rqstp));
2196 listxattrs->lsxa_maxcount = maxcount;
2197
2198 return nfs_ok;
2199}
2200
2201static __be32
2202nfsd4_decode_removexattr(struct nfsd4_compoundargs *argp,
2203 struct nfsd4_removexattr *removexattr)
2204{
2205 return nfsd4_decode_xattr_name(argp, &removexattr->rmxa_name);
2206}
2207
2208static __be32
2209nfsd4_decode_noop(struct nfsd4_compoundargs *argp, void *p)
2210{
2211 return nfs_ok;
2212}
2213
2214static __be32
2215nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
2216{
2217 return nfserr_notsupp;
2218}
2219
2220typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
2221
2222static const nfsd4_dec nfsd4_dec_ops[] = {
2223 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
2224 [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
2225 [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
2226 [OP_CREATE] = (nfsd4_dec)nfsd4_decode_create,
2227 [OP_DELEGPURGE] = (nfsd4_dec)nfsd4_decode_notsupp,
2228 [OP_DELEGRETURN] = (nfsd4_dec)nfsd4_decode_delegreturn,
2229 [OP_GETATTR] = (nfsd4_dec)nfsd4_decode_getattr,
2230 [OP_GETFH] = (nfsd4_dec)nfsd4_decode_noop,
2231 [OP_LINK] = (nfsd4_dec)nfsd4_decode_link,
2232 [OP_LOCK] = (nfsd4_dec)nfsd4_decode_lock,
2233 [OP_LOCKT] = (nfsd4_dec)nfsd4_decode_lockt,
2234 [OP_LOCKU] = (nfsd4_dec)nfsd4_decode_locku,
2235 [OP_LOOKUP] = (nfsd4_dec)nfsd4_decode_lookup,
2236 [OP_LOOKUPP] = (nfsd4_dec)nfsd4_decode_noop,
2237 [OP_NVERIFY] = (nfsd4_dec)nfsd4_decode_verify,
2238 [OP_OPEN] = (nfsd4_dec)nfsd4_decode_open,
2239 [OP_OPENATTR] = (nfsd4_dec)nfsd4_decode_notsupp,
2240 [OP_OPEN_CONFIRM] = (nfsd4_dec)nfsd4_decode_open_confirm,
2241 [OP_OPEN_DOWNGRADE] = (nfsd4_dec)nfsd4_decode_open_downgrade,
2242 [OP_PUTFH] = (nfsd4_dec)nfsd4_decode_putfh,
2243 [OP_PUTPUBFH] = (nfsd4_dec)nfsd4_decode_putpubfh,
2244 [OP_PUTROOTFH] = (nfsd4_dec)nfsd4_decode_noop,
2245 [OP_READ] = (nfsd4_dec)nfsd4_decode_read,
2246 [OP_READDIR] = (nfsd4_dec)nfsd4_decode_readdir,
2247 [OP_READLINK] = (nfsd4_dec)nfsd4_decode_noop,
2248 [OP_REMOVE] = (nfsd4_dec)nfsd4_decode_remove,
2249 [OP_RENAME] = (nfsd4_dec)nfsd4_decode_rename,
2250 [OP_RENEW] = (nfsd4_dec)nfsd4_decode_renew,
2251 [OP_RESTOREFH] = (nfsd4_dec)nfsd4_decode_noop,
2252 [OP_SAVEFH] = (nfsd4_dec)nfsd4_decode_noop,
2253 [OP_SECINFO] = (nfsd4_dec)nfsd4_decode_secinfo,
2254 [OP_SETATTR] = (nfsd4_dec)nfsd4_decode_setattr,
2255 [OP_SETCLIENTID] = (nfsd4_dec)nfsd4_decode_setclientid,
2256 [OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
2257 [OP_VERIFY] = (nfsd4_dec)nfsd4_decode_verify,
2258 [OP_WRITE] = (nfsd4_dec)nfsd4_decode_write,
2259 [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner,
2260
2261 /* new operations for NFSv4.1 */
2262 [OP_BACKCHANNEL_CTL] = (nfsd4_dec)nfsd4_decode_backchannel_ctl,
2263 [OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
2264 [OP_EXCHANGE_ID] = (nfsd4_dec)nfsd4_decode_exchange_id,
2265 [OP_CREATE_SESSION] = (nfsd4_dec)nfsd4_decode_create_session,
2266 [OP_DESTROY_SESSION] = (nfsd4_dec)nfsd4_decode_destroy_session,
2267 [OP_FREE_STATEID] = (nfsd4_dec)nfsd4_decode_free_stateid,
2268 [OP_GET_DIR_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
2269#ifdef CONFIG_NFSD_PNFS
2270 [OP_GETDEVICEINFO] = (nfsd4_dec)nfsd4_decode_getdeviceinfo,
2271 [OP_GETDEVICELIST] = (nfsd4_dec)nfsd4_decode_notsupp,
2272 [OP_LAYOUTCOMMIT] = (nfsd4_dec)nfsd4_decode_layoutcommit,
2273 [OP_LAYOUTGET] = (nfsd4_dec)nfsd4_decode_layoutget,
2274 [OP_LAYOUTRETURN] = (nfsd4_dec)nfsd4_decode_layoutreturn,
2275#else
2276 [OP_GETDEVICEINFO] = (nfsd4_dec)nfsd4_decode_notsupp,
2277 [OP_GETDEVICELIST] = (nfsd4_dec)nfsd4_decode_notsupp,
2278 [OP_LAYOUTCOMMIT] = (nfsd4_dec)nfsd4_decode_notsupp,
2279 [OP_LAYOUTGET] = (nfsd4_dec)nfsd4_decode_notsupp,
2280 [OP_LAYOUTRETURN] = (nfsd4_dec)nfsd4_decode_notsupp,
2281#endif
2282 [OP_SECINFO_NO_NAME] = (nfsd4_dec)nfsd4_decode_secinfo_no_name,
2283 [OP_SEQUENCE] = (nfsd4_dec)nfsd4_decode_sequence,
2284 [OP_SET_SSV] = (nfsd4_dec)nfsd4_decode_notsupp,
2285 [OP_TEST_STATEID] = (nfsd4_dec)nfsd4_decode_test_stateid,
2286 [OP_WANT_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
2287 [OP_DESTROY_CLIENTID] = (nfsd4_dec)nfsd4_decode_destroy_clientid,
2288 [OP_RECLAIM_COMPLETE] = (nfsd4_dec)nfsd4_decode_reclaim_complete,
2289
2290 /* new operations for NFSv4.2 */
2291 [OP_ALLOCATE] = (nfsd4_dec)nfsd4_decode_fallocate,
2292 [OP_COPY] = (nfsd4_dec)nfsd4_decode_copy,
2293 [OP_COPY_NOTIFY] = (nfsd4_dec)nfsd4_decode_copy_notify,
2294 [OP_DEALLOCATE] = (nfsd4_dec)nfsd4_decode_fallocate,
2295 [OP_IO_ADVISE] = (nfsd4_dec)nfsd4_decode_notsupp,
2296 [OP_LAYOUTERROR] = (nfsd4_dec)nfsd4_decode_notsupp,
2297 [OP_LAYOUTSTATS] = (nfsd4_dec)nfsd4_decode_notsupp,
2298 [OP_OFFLOAD_CANCEL] = (nfsd4_dec)nfsd4_decode_offload_status,
2299 [OP_OFFLOAD_STATUS] = (nfsd4_dec)nfsd4_decode_offload_status,
2300 [OP_READ_PLUS] = (nfsd4_dec)nfsd4_decode_read,
2301 [OP_SEEK] = (nfsd4_dec)nfsd4_decode_seek,
2302 [OP_WRITE_SAME] = (nfsd4_dec)nfsd4_decode_notsupp,
2303 [OP_CLONE] = (nfsd4_dec)nfsd4_decode_clone,
2304 /* RFC 8276 extended atributes operations */
2305 [OP_GETXATTR] = (nfsd4_dec)nfsd4_decode_getxattr,
2306 [OP_SETXATTR] = (nfsd4_dec)nfsd4_decode_setxattr,
2307 [OP_LISTXATTRS] = (nfsd4_dec)nfsd4_decode_listxattrs,
2308 [OP_REMOVEXATTR] = (nfsd4_dec)nfsd4_decode_removexattr,
2309};
2310
2311static inline bool
2312nfsd4_opnum_in_range(struct nfsd4_compoundargs *argp, struct nfsd4_op *op)
2313{
2314 if (op->opnum < FIRST_NFS4_OP)
2315 return false;
2316 else if (argp->minorversion == 0 && op->opnum > LAST_NFS40_OP)
2317 return false;
2318 else if (argp->minorversion == 1 && op->opnum > LAST_NFS41_OP)
2319 return false;
2320 else if (argp->minorversion == 2 && op->opnum > LAST_NFS42_OP)
2321 return false;
2322 return true;
2323}
2324
2325static int
2326nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
2327{
2328 struct nfsd4_op *op;
2329 bool cachethis = false;
2330 int auth_slack= argp->rqstp->rq_auth_slack;
2331 int max_reply = auth_slack + 8; /* opcnt, status */
2332 int readcount = 0;
2333 int readbytes = 0;
2334 __be32 *p;
2335 int i;
2336
2337 if (xdr_stream_decode_u32(argp->xdr, &argp->taglen) < 0)
2338 return 0;
2339 max_reply += XDR_UNIT;
2340 argp->tag = NULL;
2341 if (unlikely(argp->taglen)) {
2342 if (argp->taglen > NFSD4_MAX_TAGLEN)
2343 return 0;
2344 p = xdr_inline_decode(argp->xdr, argp->taglen);
2345 if (!p)
2346 return 0;
2347 argp->tag = svcxdr_savemem(argp, p, argp->taglen);
2348 if (!argp->tag)
2349 return 0;
2350 max_reply += xdr_align_size(argp->taglen);
2351 }
2352
2353 if (xdr_stream_decode_u32(argp->xdr, &argp->minorversion) < 0)
2354 return 0;
2355 if (xdr_stream_decode_u32(argp->xdr, &argp->opcnt) < 0)
2356 return 0;
2357
2358 /*
2359 * NFS4ERR_RESOURCE is a more helpful error than GARBAGE_ARGS
2360 * here, so we return success at the xdr level so that
2361 * nfsd4_proc can handle this is an NFS-level error.
2362 */
2363 if (argp->opcnt > NFSD_MAX_OPS_PER_COMPOUND)
2364 return 1;
2365
2366 if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
2367 argp->ops = kzalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
2368 if (!argp->ops) {
2369 argp->ops = argp->iops;
2370 dprintk("nfsd: couldn't allocate room for COMPOUND\n");
2371 return 0;
2372 }
2373 }
2374
2375 if (argp->minorversion > NFSD_SUPPORTED_MINOR_VERSION)
2376 argp->opcnt = 0;
2377
2378 for (i = 0; i < argp->opcnt; i++) {
2379 op = &argp->ops[i];
2380 op->replay = NULL;
2381
2382 if (xdr_stream_decode_u32(argp->xdr, &op->opnum) < 0)
2383 return 0;
2384 if (nfsd4_opnum_in_range(argp, op)) {
2385 op->status = nfsd4_dec_ops[op->opnum](argp, &op->u);
2386 if (op->status != nfs_ok)
2387 trace_nfsd_compound_decode_err(argp->rqstp,
2388 argp->opcnt, i,
2389 op->opnum,
2390 op->status);
2391 } else {
2392 op->opnum = OP_ILLEGAL;
2393 op->status = nfserr_op_illegal;
2394 }
2395 op->opdesc = OPDESC(op);
2396 /*
2397 * We'll try to cache the result in the DRC if any one
2398 * op in the compound wants to be cached:
2399 */
2400 cachethis |= nfsd4_cache_this_op(op);
2401
2402 if (op->opnum == OP_READ || op->opnum == OP_READ_PLUS) {
2403 readcount++;
2404 readbytes += nfsd4_max_reply(argp->rqstp, op);
2405 } else
2406 max_reply += nfsd4_max_reply(argp->rqstp, op);
2407 /*
2408 * OP_LOCK and OP_LOCKT may return a conflicting lock.
2409 * (Special case because it will just skip encoding this
2410 * if it runs out of xdr buffer space, and it is the only
2411 * operation that behaves this way.)
2412 */
2413 if (op->opnum == OP_LOCK || op->opnum == OP_LOCKT)
2414 max_reply += NFS4_OPAQUE_LIMIT;
2415
2416 if (op->status) {
2417 argp->opcnt = i+1;
2418 break;
2419 }
2420 }
2421 /* Sessions make the DRC unnecessary: */
2422 if (argp->minorversion)
2423 cachethis = false;
2424 svc_reserve(argp->rqstp, max_reply + readbytes);
2425 argp->rqstp->rq_cachetype = cachethis ? RC_REPLBUFF : RC_NOCACHE;
2426
2427 if (readcount > 1 || max_reply > PAGE_SIZE - auth_slack)
2428 clear_bit(RQ_SPLICE_OK, &argp->rqstp->rq_flags);
2429
2430 return 1;
2431}
2432
2433static __be32 *encode_change(__be32 *p, struct kstat *stat, struct inode *inode,
2434 struct svc_export *exp)
2435{
2436 if (exp->ex_flags & NFSEXP_V4ROOT) {
2437 *p++ = cpu_to_be32(convert_to_wallclock(exp->cd->flush_time));
2438 *p++ = 0;
2439 } else
2440 p = xdr_encode_hyper(p, nfsd4_change_attribute(stat, inode));
2441 return p;
2442}
2443
2444/*
2445 * ctime (in NFSv4, time_metadata) is not writeable, and the client
2446 * doesn't really care what resolution could theoretically be stored by
2447 * the filesystem.
2448 *
2449 * The client cares how close together changes can be while still
2450 * guaranteeing ctime changes. For most filesystems (which have
2451 * timestamps with nanosecond fields) that is limited by the resolution
2452 * of the time returned from current_time() (which I'm assuming to be
2453 * 1/HZ).
2454 */
2455static __be32 *encode_time_delta(__be32 *p, struct inode *inode)
2456{
2457 struct timespec64 ts;
2458 u32 ns;
2459
2460 ns = max_t(u32, NSEC_PER_SEC/HZ, inode->i_sb->s_time_gran);
2461 ts = ns_to_timespec64(ns);
2462
2463 p = xdr_encode_hyper(p, ts.tv_sec);
2464 *p++ = cpu_to_be32(ts.tv_nsec);
2465
2466 return p;
2467}
2468
2469static __be32 *encode_cinfo(__be32 *p, struct nfsd4_change_info *c)
2470{
2471 *p++ = cpu_to_be32(c->atomic);
2472 p = xdr_encode_hyper(p, c->before_change);
2473 p = xdr_encode_hyper(p, c->after_change);
2474 return p;
2475}
2476
2477/* Encode as an array of strings the string given with components
2478 * separated @sep, escaped with esc_enter and esc_exit.
2479 */
2480static __be32 nfsd4_encode_components_esc(struct xdr_stream *xdr, char sep,
2481 char *components, char esc_enter,
2482 char esc_exit)
2483{
2484 __be32 *p;
2485 __be32 pathlen;
2486 int pathlen_offset;
2487 int strlen, count=0;
2488 char *str, *end, *next;
2489
2490 dprintk("nfsd4_encode_components(%s)\n", components);
2491
2492 pathlen_offset = xdr->buf->len;
2493 p = xdr_reserve_space(xdr, 4);
2494 if (!p)
2495 return nfserr_resource;
2496 p++; /* We will fill this in with @count later */
2497
2498 end = str = components;
2499 while (*end) {
2500 bool found_esc = false;
2501
2502 /* try to parse as esc_start, ..., esc_end, sep */
2503 if (*str == esc_enter) {
2504 for (; *end && (*end != esc_exit); end++)
2505 /* find esc_exit or end of string */;
2506 next = end + 1;
2507 if (*end && (!*next || *next == sep)) {
2508 str++;
2509 found_esc = true;
2510 }
2511 }
2512
2513 if (!found_esc)
2514 for (; *end && (*end != sep); end++)
2515 /* find sep or end of string */;
2516
2517 strlen = end - str;
2518 if (strlen) {
2519 p = xdr_reserve_space(xdr, strlen + 4);
2520 if (!p)
2521 return nfserr_resource;
2522 p = xdr_encode_opaque(p, str, strlen);
2523 count++;
2524 }
2525 else
2526 end++;
2527 if (found_esc)
2528 end = next;
2529
2530 str = end;
2531 }
2532 pathlen = htonl(count);
2533 write_bytes_to_xdr_buf(xdr->buf, pathlen_offset, &pathlen, 4);
2534 return 0;
2535}
2536
2537/* Encode as an array of strings the string given with components
2538 * separated @sep.
2539 */
2540static __be32 nfsd4_encode_components(struct xdr_stream *xdr, char sep,
2541 char *components)
2542{
2543 return nfsd4_encode_components_esc(xdr, sep, components, 0, 0);
2544}
2545
2546/*
2547 * encode a location element of a fs_locations structure
2548 */
2549static __be32 nfsd4_encode_fs_location4(struct xdr_stream *xdr,
2550 struct nfsd4_fs_location *location)
2551{
2552 __be32 status;
2553
2554 status = nfsd4_encode_components_esc(xdr, ':', location->hosts,
2555 '[', ']');
2556 if (status)
2557 return status;
2558 status = nfsd4_encode_components(xdr, '/', location->path);
2559 if (status)
2560 return status;
2561 return 0;
2562}
2563
2564/*
2565 * Encode a path in RFC3530 'pathname4' format
2566 */
2567static __be32 nfsd4_encode_path(struct xdr_stream *xdr,
2568 const struct path *root,
2569 const struct path *path)
2570{
2571 struct path cur = *path;
2572 __be32 *p;
2573 struct dentry **components = NULL;
2574 unsigned int ncomponents = 0;
2575 __be32 err = nfserr_jukebox;
2576
2577 dprintk("nfsd4_encode_components(");
2578
2579 path_get(&cur);
2580 /* First walk the path up to the nfsd root, and store the
2581 * dentries/path components in an array.
2582 */
2583 for (;;) {
2584 if (path_equal(&cur, root))
2585 break;
2586 if (cur.dentry == cur.mnt->mnt_root) {
2587 if (follow_up(&cur))
2588 continue;
2589 goto out_free;
2590 }
2591 if ((ncomponents & 15) == 0) {
2592 struct dentry **new;
2593 new = krealloc(components,
2594 sizeof(*new) * (ncomponents + 16),
2595 GFP_KERNEL);
2596 if (!new)
2597 goto out_free;
2598 components = new;
2599 }
2600 components[ncomponents++] = cur.dentry;
2601 cur.dentry = dget_parent(cur.dentry);
2602 }
2603 err = nfserr_resource;
2604 p = xdr_reserve_space(xdr, 4);
2605 if (!p)
2606 goto out_free;
2607 *p++ = cpu_to_be32(ncomponents);
2608
2609 while (ncomponents) {
2610 struct dentry *dentry = components[ncomponents - 1];
2611 unsigned int len;
2612
2613 spin_lock(&dentry->d_lock);
2614 len = dentry->d_name.len;
2615 p = xdr_reserve_space(xdr, len + 4);
2616 if (!p) {
2617 spin_unlock(&dentry->d_lock);
2618 goto out_free;
2619 }
2620 p = xdr_encode_opaque(p, dentry->d_name.name, len);
2621 dprintk("/%pd", dentry);
2622 spin_unlock(&dentry->d_lock);
2623 dput(dentry);
2624 ncomponents--;
2625 }
2626
2627 err = 0;
2628out_free:
2629 dprintk(")\n");
2630 while (ncomponents)
2631 dput(components[--ncomponents]);
2632 kfree(components);
2633 path_put(&cur);
2634 return err;
2635}
2636
2637static __be32 nfsd4_encode_fsloc_fsroot(struct xdr_stream *xdr,
2638 struct svc_rqst *rqstp, const struct path *path)
2639{
2640 struct svc_export *exp_ps;
2641 __be32 res;
2642
2643 exp_ps = rqst_find_fsidzero_export(rqstp);
2644 if (IS_ERR(exp_ps))
2645 return nfserrno(PTR_ERR(exp_ps));
2646 res = nfsd4_encode_path(xdr, &exp_ps->ex_path, path);
2647 exp_put(exp_ps);
2648 return res;
2649}
2650
2651/*
2652 * encode a fs_locations structure
2653 */
2654static __be32 nfsd4_encode_fs_locations(struct xdr_stream *xdr,
2655 struct svc_rqst *rqstp, struct svc_export *exp)
2656{
2657 __be32 status;
2658 int i;
2659 __be32 *p;
2660 struct nfsd4_fs_locations *fslocs = &exp->ex_fslocs;
2661
2662 status = nfsd4_encode_fsloc_fsroot(xdr, rqstp, &exp->ex_path);
2663 if (status)
2664 return status;
2665 p = xdr_reserve_space(xdr, 4);
2666 if (!p)
2667 return nfserr_resource;
2668 *p++ = cpu_to_be32(fslocs->locations_count);
2669 for (i=0; i<fslocs->locations_count; i++) {
2670 status = nfsd4_encode_fs_location4(xdr, &fslocs->locations[i]);
2671 if (status)
2672 return status;
2673 }
2674 return 0;
2675}
2676
2677static u32 nfs4_file_type(umode_t mode)
2678{
2679 switch (mode & S_IFMT) {
2680 case S_IFIFO: return NF4FIFO;
2681 case S_IFCHR: return NF4CHR;
2682 case S_IFDIR: return NF4DIR;
2683 case S_IFBLK: return NF4BLK;
2684 case S_IFLNK: return NF4LNK;
2685 case S_IFREG: return NF4REG;
2686 case S_IFSOCK: return NF4SOCK;
2687 default: return NF4BAD;
2688 }
2689}
2690
2691static inline __be32
2692nfsd4_encode_aclname(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2693 struct nfs4_ace *ace)
2694{
2695 if (ace->whotype != NFS4_ACL_WHO_NAMED)
2696 return nfs4_acl_write_who(xdr, ace->whotype);
2697 else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
2698 return nfsd4_encode_group(xdr, rqstp, ace->who_gid);
2699 else
2700 return nfsd4_encode_user(xdr, rqstp, ace->who_uid);
2701}
2702
2703static inline __be32
2704nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types)
2705{
2706 __be32 *p;
2707 unsigned long i = hweight_long(layout_types);
2708
2709 p = xdr_reserve_space(xdr, 4 + 4 * i);
2710 if (!p)
2711 return nfserr_resource;
2712
2713 *p++ = cpu_to_be32(i);
2714
2715 for (i = LAYOUT_NFSV4_1_FILES; i < LAYOUT_TYPE_MAX; ++i)
2716 if (layout_types & (1 << i))
2717 *p++ = cpu_to_be32(i);
2718
2719 return 0;
2720}
2721
2722#define WORD0_ABSENT_FS_ATTRS (FATTR4_WORD0_FS_LOCATIONS | FATTR4_WORD0_FSID | \
2723 FATTR4_WORD0_RDATTR_ERROR)
2724#define WORD1_ABSENT_FS_ATTRS FATTR4_WORD1_MOUNTED_ON_FILEID
2725#define WORD2_ABSENT_FS_ATTRS 0
2726
2727#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2728static inline __be32
2729nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2730 void *context, int len)
2731{
2732 __be32 *p;
2733
2734 p = xdr_reserve_space(xdr, len + 4 + 4 + 4);
2735 if (!p)
2736 return nfserr_resource;
2737
2738 /*
2739 * For now we use a 0 here to indicate the null translation; in
2740 * the future we may place a call to translation code here.
2741 */
2742 *p++ = cpu_to_be32(0); /* lfs */
2743 *p++ = cpu_to_be32(0); /* pi */
2744 p = xdr_encode_opaque(p, context, len);
2745 return 0;
2746}
2747#else
2748static inline __be32
2749nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
2750 void *context, int len)
2751{ return 0; }
2752#endif
2753
2754static __be32 fattr_handle_absent_fs(u32 *bmval0, u32 *bmval1, u32 *bmval2, u32 *rdattr_err)
2755{
2756 /* As per referral draft: */
2757 if (*bmval0 & ~WORD0_ABSENT_FS_ATTRS ||
2758 *bmval1 & ~WORD1_ABSENT_FS_ATTRS) {
2759 if (*bmval0 & FATTR4_WORD0_RDATTR_ERROR ||
2760 *bmval0 & FATTR4_WORD0_FS_LOCATIONS)
2761 *rdattr_err = NFSERR_MOVED;
2762 else
2763 return nfserr_moved;
2764 }
2765 *bmval0 &= WORD0_ABSENT_FS_ATTRS;
2766 *bmval1 &= WORD1_ABSENT_FS_ATTRS;
2767 *bmval2 &= WORD2_ABSENT_FS_ATTRS;
2768 return 0;
2769}
2770
2771
2772static int get_parent_attributes(struct svc_export *exp, struct kstat *stat)
2773{
2774 struct path path = exp->ex_path;
2775 int err;
2776
2777 path_get(&path);
2778 while (follow_up(&path)) {
2779 if (path.dentry != path.mnt->mnt_root)
2780 break;
2781 }
2782 err = vfs_getattr(&path, stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
2783 path_put(&path);
2784 return err;
2785}
2786
2787static __be32
2788nfsd4_encode_bitmap(struct xdr_stream *xdr, u32 bmval0, u32 bmval1, u32 bmval2)
2789{
2790 __be32 *p;
2791
2792 if (bmval2) {
2793 p = xdr_reserve_space(xdr, 16);
2794 if (!p)
2795 goto out_resource;
2796 *p++ = cpu_to_be32(3);
2797 *p++ = cpu_to_be32(bmval0);
2798 *p++ = cpu_to_be32(bmval1);
2799 *p++ = cpu_to_be32(bmval2);
2800 } else if (bmval1) {
2801 p = xdr_reserve_space(xdr, 12);
2802 if (!p)
2803 goto out_resource;
2804 *p++ = cpu_to_be32(2);
2805 *p++ = cpu_to_be32(bmval0);
2806 *p++ = cpu_to_be32(bmval1);
2807 } else {
2808 p = xdr_reserve_space(xdr, 8);
2809 if (!p)
2810 goto out_resource;
2811 *p++ = cpu_to_be32(1);
2812 *p++ = cpu_to_be32(bmval0);
2813 }
2814
2815 return 0;
2816out_resource:
2817 return nfserr_resource;
2818}
2819
2820/*
2821 * Note: @fhp can be NULL; in this case, we might have to compose the filehandle
2822 * ourselves.
2823 */
2824static __be32
2825nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
2826 struct svc_export *exp,
2827 struct dentry *dentry, u32 *bmval,
2828 struct svc_rqst *rqstp, int ignore_crossmnt)
2829{
2830 u32 bmval0 = bmval[0];
2831 u32 bmval1 = bmval[1];
2832 u32 bmval2 = bmval[2];
2833 struct kstat stat;
2834 struct svc_fh *tempfh = NULL;
2835 struct kstatfs statfs;
2836 __be32 *p;
2837 int starting_len = xdr->buf->len;
2838 int attrlen_offset;
2839 __be32 attrlen;
2840 u32 dummy;
2841 u64 dummy64;
2842 u32 rdattr_err = 0;
2843 __be32 status;
2844 int err;
2845 struct nfs4_acl *acl = NULL;
2846#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2847 void *context = NULL;
2848 int contextlen;
2849#endif
2850 bool contextsupport = false;
2851 struct nfsd4_compoundres *resp = rqstp->rq_resp;
2852 u32 minorversion = resp->cstate.minorversion;
2853 struct path path = {
2854 .mnt = exp->ex_path.mnt,
2855 .dentry = dentry,
2856 };
2857 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2858
2859 BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1);
2860 BUG_ON(!nfsd_attrs_supported(minorversion, bmval));
2861
2862 if (exp->ex_fslocs.migrated) {
2863 status = fattr_handle_absent_fs(&bmval0, &bmval1, &bmval2, &rdattr_err);
2864 if (status)
2865 goto out;
2866 }
2867
2868 err = vfs_getattr(&path, &stat, STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
2869 if (err)
2870 goto out_nfserr;
2871 if ((bmval0 & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE |
2872 FATTR4_WORD0_FILES_TOTAL | FATTR4_WORD0_MAXNAME)) ||
2873 (bmval1 & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
2874 FATTR4_WORD1_SPACE_TOTAL))) {
2875 err = vfs_statfs(&path, &statfs);
2876 if (err)
2877 goto out_nfserr;
2878 }
2879 if ((bmval0 & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) && !fhp) {
2880 tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
2881 status = nfserr_jukebox;
2882 if (!tempfh)
2883 goto out;
2884 fh_init(tempfh, NFS4_FHSIZE);
2885 status = fh_compose(tempfh, exp, dentry, NULL);
2886 if (status)
2887 goto out;
2888 fhp = tempfh;
2889 }
2890 if (bmval0 & FATTR4_WORD0_ACL) {
2891 err = nfsd4_get_nfs4_acl(rqstp, dentry, &acl);
2892 if (err == -EOPNOTSUPP)
2893 bmval0 &= ~FATTR4_WORD0_ACL;
2894 else if (err == -EINVAL) {
2895 status = nfserr_attrnotsupp;
2896 goto out;
2897 } else if (err != 0)
2898 goto out_nfserr;
2899 }
2900
2901#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
2902 if ((bmval2 & FATTR4_WORD2_SECURITY_LABEL) ||
2903 bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2904 if (exp->ex_flags & NFSEXP_SECURITY_LABEL)
2905 err = security_inode_getsecctx(d_inode(dentry),
2906 &context, &contextlen);
2907 else
2908 err = -EOPNOTSUPP;
2909 contextsupport = (err == 0);
2910 if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
2911 if (err == -EOPNOTSUPP)
2912 bmval2 &= ~FATTR4_WORD2_SECURITY_LABEL;
2913 else if (err)
2914 goto out_nfserr;
2915 }
2916 }
2917#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
2918
2919 status = nfsd4_encode_bitmap(xdr, bmval0, bmval1, bmval2);
2920 if (status)
2921 goto out;
2922
2923 attrlen_offset = xdr->buf->len;
2924 p = xdr_reserve_space(xdr, 4);
2925 if (!p)
2926 goto out_resource;
2927 p++; /* to be backfilled later */
2928
2929 if (bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
2930 u32 supp[3];
2931
2932 memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));
2933
2934 if (!IS_POSIXACL(dentry->d_inode))
2935 supp[0] &= ~FATTR4_WORD0_ACL;
2936 if (!contextsupport)
2937 supp[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
2938 if (!supp[2]) {
2939 p = xdr_reserve_space(xdr, 12);
2940 if (!p)
2941 goto out_resource;
2942 *p++ = cpu_to_be32(2);
2943 *p++ = cpu_to_be32(supp[0]);
2944 *p++ = cpu_to_be32(supp[1]);
2945 } else {
2946 p = xdr_reserve_space(xdr, 16);
2947 if (!p)
2948 goto out_resource;
2949 *p++ = cpu_to_be32(3);
2950 *p++ = cpu_to_be32(supp[0]);
2951 *p++ = cpu_to_be32(supp[1]);
2952 *p++ = cpu_to_be32(supp[2]);
2953 }
2954 }
2955 if (bmval0 & FATTR4_WORD0_TYPE) {
2956 p = xdr_reserve_space(xdr, 4);
2957 if (!p)
2958 goto out_resource;
2959 dummy = nfs4_file_type(stat.mode);
2960 if (dummy == NF4BAD) {
2961 status = nfserr_serverfault;
2962 goto out;
2963 }
2964 *p++ = cpu_to_be32(dummy);
2965 }
2966 if (bmval0 & FATTR4_WORD0_FH_EXPIRE_TYPE) {
2967 p = xdr_reserve_space(xdr, 4);
2968 if (!p)
2969 goto out_resource;
2970 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
2971 *p++ = cpu_to_be32(NFS4_FH_PERSISTENT);
2972 else
2973 *p++ = cpu_to_be32(NFS4_FH_PERSISTENT|
2974 NFS4_FH_VOL_RENAME);
2975 }
2976 if (bmval0 & FATTR4_WORD0_CHANGE) {
2977 p = xdr_reserve_space(xdr, 8);
2978 if (!p)
2979 goto out_resource;
2980 p = encode_change(p, &stat, d_inode(dentry), exp);
2981 }
2982 if (bmval0 & FATTR4_WORD0_SIZE) {
2983 p = xdr_reserve_space(xdr, 8);
2984 if (!p)
2985 goto out_resource;
2986 p = xdr_encode_hyper(p, stat.size);
2987 }
2988 if (bmval0 & FATTR4_WORD0_LINK_SUPPORT) {
2989 p = xdr_reserve_space(xdr, 4);
2990 if (!p)
2991 goto out_resource;
2992 *p++ = cpu_to_be32(1);
2993 }
2994 if (bmval0 & FATTR4_WORD0_SYMLINK_SUPPORT) {
2995 p = xdr_reserve_space(xdr, 4);
2996 if (!p)
2997 goto out_resource;
2998 *p++ = cpu_to_be32(1);
2999 }
3000 if (bmval0 & FATTR4_WORD0_NAMED_ATTR) {
3001 p = xdr_reserve_space(xdr, 4);
3002 if (!p)
3003 goto out_resource;
3004 *p++ = cpu_to_be32(0);
3005 }
3006 if (bmval0 & FATTR4_WORD0_FSID) {
3007 p = xdr_reserve_space(xdr, 16);
3008 if (!p)
3009 goto out_resource;
3010 if (exp->ex_fslocs.migrated) {
3011 p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MAJOR);
3012 p = xdr_encode_hyper(p, NFS4_REFERRAL_FSID_MINOR);
3013 } else switch(fsid_source(fhp)) {
3014 case FSIDSOURCE_FSID:
3015 p = xdr_encode_hyper(p, (u64)exp->ex_fsid);
3016 p = xdr_encode_hyper(p, (u64)0);
3017 break;
3018 case FSIDSOURCE_DEV:
3019 *p++ = cpu_to_be32(0);
3020 *p++ = cpu_to_be32(MAJOR(stat.dev));
3021 *p++ = cpu_to_be32(0);
3022 *p++ = cpu_to_be32(MINOR(stat.dev));
3023 break;
3024 case FSIDSOURCE_UUID:
3025 p = xdr_encode_opaque_fixed(p, exp->ex_uuid,
3026 EX_UUID_LEN);
3027 break;
3028 }
3029 }
3030 if (bmval0 & FATTR4_WORD0_UNIQUE_HANDLES) {
3031 p = xdr_reserve_space(xdr, 4);
3032 if (!p)
3033 goto out_resource;
3034 *p++ = cpu_to_be32(0);
3035 }
3036 if (bmval0 & FATTR4_WORD0_LEASE_TIME) {
3037 p = xdr_reserve_space(xdr, 4);
3038 if (!p)
3039 goto out_resource;
3040 *p++ = cpu_to_be32(nn->nfsd4_lease);
3041 }
3042 if (bmval0 & FATTR4_WORD0_RDATTR_ERROR) {
3043 p = xdr_reserve_space(xdr, 4);
3044 if (!p)
3045 goto out_resource;
3046 *p++ = cpu_to_be32(rdattr_err);
3047 }
3048 if (bmval0 & FATTR4_WORD0_ACL) {
3049 struct nfs4_ace *ace;
3050
3051 if (acl == NULL) {
3052 p = xdr_reserve_space(xdr, 4);
3053 if (!p)
3054 goto out_resource;
3055
3056 *p++ = cpu_to_be32(0);
3057 goto out_acl;
3058 }
3059 p = xdr_reserve_space(xdr, 4);
3060 if (!p)
3061 goto out_resource;
3062 *p++ = cpu_to_be32(acl->naces);
3063
3064 for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
3065 p = xdr_reserve_space(xdr, 4*3);
3066 if (!p)
3067 goto out_resource;
3068 *p++ = cpu_to_be32(ace->type);
3069 *p++ = cpu_to_be32(ace->flag);
3070 *p++ = cpu_to_be32(ace->access_mask &
3071 NFS4_ACE_MASK_ALL);
3072 status = nfsd4_encode_aclname(xdr, rqstp, ace);
3073 if (status)
3074 goto out;
3075 }
3076 }
3077out_acl:
3078 if (bmval0 & FATTR4_WORD0_ACLSUPPORT) {
3079 p = xdr_reserve_space(xdr, 4);
3080 if (!p)
3081 goto out_resource;
3082 *p++ = cpu_to_be32(IS_POSIXACL(dentry->d_inode) ?
3083 ACL4_SUPPORT_ALLOW_ACL|ACL4_SUPPORT_DENY_ACL : 0);
3084 }
3085 if (bmval0 & FATTR4_WORD0_CANSETTIME) {
3086 p = xdr_reserve_space(xdr, 4);
3087 if (!p)
3088 goto out_resource;
3089 *p++ = cpu_to_be32(1);
3090 }
3091 if (bmval0 & FATTR4_WORD0_CASE_INSENSITIVE) {
3092 p = xdr_reserve_space(xdr, 4);
3093 if (!p)
3094 goto out_resource;
3095 *p++ = cpu_to_be32(0);
3096 }
3097 if (bmval0 & FATTR4_WORD0_CASE_PRESERVING) {
3098 p = xdr_reserve_space(xdr, 4);
3099 if (!p)
3100 goto out_resource;
3101 *p++ = cpu_to_be32(1);
3102 }
3103 if (bmval0 & FATTR4_WORD0_CHOWN_RESTRICTED) {
3104 p = xdr_reserve_space(xdr, 4);
3105 if (!p)
3106 goto out_resource;
3107 *p++ = cpu_to_be32(1);
3108 }
3109 if (bmval0 & FATTR4_WORD0_FILEHANDLE) {
3110 p = xdr_reserve_space(xdr, fhp->fh_handle.fh_size + 4);
3111 if (!p)
3112 goto out_resource;
3113 p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base,
3114 fhp->fh_handle.fh_size);
3115 }
3116 if (bmval0 & FATTR4_WORD0_FILEID) {
3117 p = xdr_reserve_space(xdr, 8);
3118 if (!p)
3119 goto out_resource;
3120 p = xdr_encode_hyper(p, stat.ino);
3121 }
3122 if (bmval0 & FATTR4_WORD0_FILES_AVAIL) {
3123 p = xdr_reserve_space(xdr, 8);
3124 if (!p)
3125 goto out_resource;
3126 p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
3127 }
3128 if (bmval0 & FATTR4_WORD0_FILES_FREE) {
3129 p = xdr_reserve_space(xdr, 8);
3130 if (!p)
3131 goto out_resource;
3132 p = xdr_encode_hyper(p, (u64) statfs.f_ffree);
3133 }
3134 if (bmval0 & FATTR4_WORD0_FILES_TOTAL) {
3135 p = xdr_reserve_space(xdr, 8);
3136 if (!p)
3137 goto out_resource;
3138 p = xdr_encode_hyper(p, (u64) statfs.f_files);
3139 }
3140 if (bmval0 & FATTR4_WORD0_FS_LOCATIONS) {
3141 status = nfsd4_encode_fs_locations(xdr, rqstp, exp);
3142 if (status)
3143 goto out;
3144 }
3145 if (bmval0 & FATTR4_WORD0_HOMOGENEOUS) {
3146 p = xdr_reserve_space(xdr, 4);
3147 if (!p)
3148 goto out_resource;
3149 *p++ = cpu_to_be32(1);
3150 }
3151 if (bmval0 & FATTR4_WORD0_MAXFILESIZE) {
3152 p = xdr_reserve_space(xdr, 8);
3153 if (!p)
3154 goto out_resource;
3155 p = xdr_encode_hyper(p, exp->ex_path.mnt->mnt_sb->s_maxbytes);
3156 }
3157 if (bmval0 & FATTR4_WORD0_MAXLINK) {
3158 p = xdr_reserve_space(xdr, 4);
3159 if (!p)
3160 goto out_resource;
3161 *p++ = cpu_to_be32(255);
3162 }
3163 if (bmval0 & FATTR4_WORD0_MAXNAME) {
3164 p = xdr_reserve_space(xdr, 4);
3165 if (!p)
3166 goto out_resource;
3167 *p++ = cpu_to_be32(statfs.f_namelen);
3168 }
3169 if (bmval0 & FATTR4_WORD0_MAXREAD) {
3170 p = xdr_reserve_space(xdr, 8);
3171 if (!p)
3172 goto out_resource;
3173 p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
3174 }
3175 if (bmval0 & FATTR4_WORD0_MAXWRITE) {
3176 p = xdr_reserve_space(xdr, 8);
3177 if (!p)
3178 goto out_resource;
3179 p = xdr_encode_hyper(p, (u64) svc_max_payload(rqstp));
3180 }
3181 if (bmval1 & FATTR4_WORD1_MODE) {
3182 p = xdr_reserve_space(xdr, 4);
3183 if (!p)
3184 goto out_resource;
3185 *p++ = cpu_to_be32(stat.mode & S_IALLUGO);
3186 }
3187 if (bmval1 & FATTR4_WORD1_NO_TRUNC) {
3188 p = xdr_reserve_space(xdr, 4);
3189 if (!p)
3190 goto out_resource;
3191 *p++ = cpu_to_be32(1);
3192 }
3193 if (bmval1 & FATTR4_WORD1_NUMLINKS) {
3194 p = xdr_reserve_space(xdr, 4);
3195 if (!p)
3196 goto out_resource;
3197 *p++ = cpu_to_be32(stat.nlink);
3198 }
3199 if (bmval1 & FATTR4_WORD1_OWNER) {
3200 status = nfsd4_encode_user(xdr, rqstp, stat.uid);
3201 if (status)
3202 goto out;
3203 }
3204 if (bmval1 & FATTR4_WORD1_OWNER_GROUP) {
3205 status = nfsd4_encode_group(xdr, rqstp, stat.gid);
3206 if (status)
3207 goto out;
3208 }
3209 if (bmval1 & FATTR4_WORD1_RAWDEV) {
3210 p = xdr_reserve_space(xdr, 8);
3211 if (!p)
3212 goto out_resource;
3213 *p++ = cpu_to_be32((u32) MAJOR(stat.rdev));
3214 *p++ = cpu_to_be32((u32) MINOR(stat.rdev));
3215 }
3216 if (bmval1 & FATTR4_WORD1_SPACE_AVAIL) {
3217 p = xdr_reserve_space(xdr, 8);
3218 if (!p)
3219 goto out_resource;
3220 dummy64 = (u64)statfs.f_bavail * (u64)statfs.f_bsize;
3221 p = xdr_encode_hyper(p, dummy64);
3222 }
3223 if (bmval1 & FATTR4_WORD1_SPACE_FREE) {
3224 p = xdr_reserve_space(xdr, 8);
3225 if (!p)
3226 goto out_resource;
3227 dummy64 = (u64)statfs.f_bfree * (u64)statfs.f_bsize;
3228 p = xdr_encode_hyper(p, dummy64);
3229 }
3230 if (bmval1 & FATTR4_WORD1_SPACE_TOTAL) {
3231 p = xdr_reserve_space(xdr, 8);
3232 if (!p)
3233 goto out_resource;
3234 dummy64 = (u64)statfs.f_blocks * (u64)statfs.f_bsize;
3235 p = xdr_encode_hyper(p, dummy64);
3236 }
3237 if (bmval1 & FATTR4_WORD1_SPACE_USED) {
3238 p = xdr_reserve_space(xdr, 8);
3239 if (!p)
3240 goto out_resource;
3241 dummy64 = (u64)stat.blocks << 9;
3242 p = xdr_encode_hyper(p, dummy64);
3243 }
3244 if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
3245 p = xdr_reserve_space(xdr, 12);
3246 if (!p)
3247 goto out_resource;
3248 p = xdr_encode_hyper(p, (s64)stat.atime.tv_sec);
3249 *p++ = cpu_to_be32(stat.atime.tv_nsec);
3250 }
3251 if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
3252 p = xdr_reserve_space(xdr, 12);
3253 if (!p)
3254 goto out_resource;
3255 p = encode_time_delta(p, d_inode(dentry));
3256 }
3257 if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
3258 p = xdr_reserve_space(xdr, 12);
3259 if (!p)
3260 goto out_resource;
3261 p = xdr_encode_hyper(p, (s64)stat.ctime.tv_sec);
3262 *p++ = cpu_to_be32(stat.ctime.tv_nsec);
3263 }
3264 if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
3265 p = xdr_reserve_space(xdr, 12);
3266 if (!p)
3267 goto out_resource;
3268 p = xdr_encode_hyper(p, (s64)stat.mtime.tv_sec);
3269 *p++ = cpu_to_be32(stat.mtime.tv_nsec);
3270 }
3271 if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
3272 struct kstat parent_stat;
3273 u64 ino = stat.ino;
3274
3275 p = xdr_reserve_space(xdr, 8);
3276 if (!p)
3277 goto out_resource;
3278 /*
3279 * Get parent's attributes if not ignoring crossmount
3280 * and this is the root of a cross-mounted filesystem.
3281 */
3282 if (ignore_crossmnt == 0 &&
3283 dentry == exp->ex_path.mnt->mnt_root) {
3284 err = get_parent_attributes(exp, &parent_stat);
3285 if (err)
3286 goto out_nfserr;
3287 ino = parent_stat.ino;
3288 }
3289 p = xdr_encode_hyper(p, ino);
3290 }
3291#ifdef CONFIG_NFSD_PNFS
3292 if (bmval1 & FATTR4_WORD1_FS_LAYOUT_TYPES) {
3293 status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types);
3294 if (status)
3295 goto out;
3296 }
3297
3298 if (bmval2 & FATTR4_WORD2_LAYOUT_TYPES) {
3299 status = nfsd4_encode_layout_types(xdr, exp->ex_layout_types);
3300 if (status)
3301 goto out;
3302 }
3303
3304 if (bmval2 & FATTR4_WORD2_LAYOUT_BLKSIZE) {
3305 p = xdr_reserve_space(xdr, 4);
3306 if (!p)
3307 goto out_resource;
3308 *p++ = cpu_to_be32(stat.blksize);
3309 }
3310#endif /* CONFIG_NFSD_PNFS */
3311 if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
3312 u32 supp[3];
3313
3314 memcpy(supp, nfsd_suppattrs[minorversion], sizeof(supp));
3315 supp[0] &= NFSD_SUPPATTR_EXCLCREAT_WORD0;
3316 supp[1] &= NFSD_SUPPATTR_EXCLCREAT_WORD1;
3317 supp[2] &= NFSD_SUPPATTR_EXCLCREAT_WORD2;
3318
3319 status = nfsd4_encode_bitmap(xdr, supp[0], supp[1], supp[2]);
3320 if (status)
3321 goto out;
3322 }
3323
3324#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
3325 if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
3326 status = nfsd4_encode_security_label(xdr, rqstp, context,
3327 contextlen);
3328 if (status)
3329 goto out;
3330 }
3331#endif
3332
3333 if (bmval2 & FATTR4_WORD2_XATTR_SUPPORT) {
3334 p = xdr_reserve_space(xdr, 4);
3335 if (!p)
3336 goto out_resource;
3337 err = xattr_supported_namespace(d_inode(dentry),
3338 XATTR_USER_PREFIX);
3339 *p++ = cpu_to_be32(err == 0);
3340 }
3341
3342 attrlen = htonl(xdr->buf->len - attrlen_offset - 4);
3343 write_bytes_to_xdr_buf(xdr->buf, attrlen_offset, &attrlen, 4);
3344 status = nfs_ok;
3345
3346out:
3347#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
3348 if (context)
3349 security_release_secctx(context, contextlen);
3350#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
3351 kfree(acl);
3352 if (tempfh) {
3353 fh_put(tempfh);
3354 kfree(tempfh);
3355 }
3356 if (status)
3357 xdr_truncate_encode(xdr, starting_len);
3358 return status;
3359out_nfserr:
3360 status = nfserrno(err);
3361 goto out;
3362out_resource:
3363 status = nfserr_resource;
3364 goto out;
3365}
3366
3367static void svcxdr_init_encode_from_buffer(struct xdr_stream *xdr,
3368 struct xdr_buf *buf, __be32 *p, int bytes)
3369{
3370 xdr->scratch.iov_len = 0;
3371 memset(buf, 0, sizeof(struct xdr_buf));
3372 buf->head[0].iov_base = p;
3373 buf->head[0].iov_len = 0;
3374 buf->len = 0;
3375 xdr->buf = buf;
3376 xdr->iov = buf->head;
3377 xdr->p = p;
3378 xdr->end = (void *)p + bytes;
3379 buf->buflen = bytes;
3380}
3381
3382__be32 nfsd4_encode_fattr_to_buf(__be32 **p, int words,
3383 struct svc_fh *fhp, struct svc_export *exp,
3384 struct dentry *dentry, u32 *bmval,
3385 struct svc_rqst *rqstp, int ignore_crossmnt)
3386{
3387 struct xdr_buf dummy;
3388 struct xdr_stream xdr;
3389 __be32 ret;
3390
3391 svcxdr_init_encode_from_buffer(&xdr, &dummy, *p, words << 2);
3392 ret = nfsd4_encode_fattr(&xdr, fhp, exp, dentry, bmval, rqstp,
3393 ignore_crossmnt);
3394 *p = xdr.p;
3395 return ret;
3396}
3397
3398static inline int attributes_need_mount(u32 *bmval)
3399{
3400 if (bmval[0] & ~(FATTR4_WORD0_RDATTR_ERROR | FATTR4_WORD0_LEASE_TIME))
3401 return 1;
3402 if (bmval[1] & ~FATTR4_WORD1_MOUNTED_ON_FILEID)
3403 return 1;
3404 return 0;
3405}
3406
3407static __be32
3408nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd,
3409 const char *name, int namlen)
3410{
3411 struct svc_export *exp = cd->rd_fhp->fh_export;
3412 struct dentry *dentry;
3413 __be32 nfserr;
3414 int ignore_crossmnt = 0;
3415
3416 dentry = lookup_positive_unlocked(name, cd->rd_fhp->fh_dentry, namlen);
3417 if (IS_ERR(dentry))
3418 return nfserrno(PTR_ERR(dentry));
3419
3420 exp_get(exp);
3421 /*
3422 * In the case of a mountpoint, the client may be asking for
3423 * attributes that are only properties of the underlying filesystem
3424 * as opposed to the cross-mounted file system. In such a case,
3425 * we will not follow the cross mount and will fill the attribtutes
3426 * directly from the mountpoint dentry.
3427 */
3428 if (nfsd_mountpoint(dentry, exp)) {
3429 int err;
3430
3431 if (!(exp->ex_flags & NFSEXP_V4ROOT)
3432 && !attributes_need_mount(cd->rd_bmval)) {
3433 ignore_crossmnt = 1;
3434 goto out_encode;
3435 }
3436 /*
3437 * Why the heck aren't we just using nfsd_lookup??
3438 * Different "."/".." handling? Something else?
3439 * At least, add a comment here to explain....
3440 */
3441 err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
3442 if (err) {
3443 nfserr = nfserrno(err);
3444 goto out_put;
3445 }
3446 nfserr = check_nfsd_access(exp, cd->rd_rqstp);
3447 if (nfserr)
3448 goto out_put;
3449
3450 }
3451out_encode:
3452 nfserr = nfsd4_encode_fattr(xdr, NULL, exp, dentry, cd->rd_bmval,
3453 cd->rd_rqstp, ignore_crossmnt);
3454out_put:
3455 dput(dentry);
3456 exp_put(exp);
3457 return nfserr;
3458}
3459
3460static __be32 *
3461nfsd4_encode_rdattr_error(struct xdr_stream *xdr, __be32 nfserr)
3462{
3463 __be32 *p;
3464
3465 p = xdr_reserve_space(xdr, 20);
3466 if (!p)
3467 return NULL;
3468 *p++ = htonl(2);
3469 *p++ = htonl(FATTR4_WORD0_RDATTR_ERROR); /* bmval0 */
3470 *p++ = htonl(0); /* bmval1 */
3471
3472 *p++ = htonl(4); /* attribute length */
3473 *p++ = nfserr; /* no htonl */
3474 return p;
3475}
3476
3477static int
3478nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
3479 loff_t offset, u64 ino, unsigned int d_type)
3480{
3481 struct readdir_cd *ccd = ccdv;
3482 struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common);
3483 struct xdr_stream *xdr = cd->xdr;
3484 int start_offset = xdr->buf->len;
3485 int cookie_offset;
3486 u32 name_and_cookie;
3487 int entry_bytes;
3488 __be32 nfserr = nfserr_toosmall;
3489 __be64 wire_offset;
3490 __be32 *p;
3491
3492 /* In nfsv4, "." and ".." never make it onto the wire.. */
3493 if (name && isdotent(name, namlen)) {
3494 cd->common.err = nfs_ok;
3495 return 0;
3496 }
3497
3498 if (cd->cookie_offset) {
3499 wire_offset = cpu_to_be64(offset);
3500 write_bytes_to_xdr_buf(xdr->buf, cd->cookie_offset,
3501 &wire_offset, 8);
3502 }
3503
3504 p = xdr_reserve_space(xdr, 4);
3505 if (!p)
3506 goto fail;
3507 *p++ = xdr_one; /* mark entry present */
3508 cookie_offset = xdr->buf->len;
3509 p = xdr_reserve_space(xdr, 3*4 + namlen);
3510 if (!p)
3511 goto fail;
3512 p = xdr_encode_hyper(p, NFS_OFFSET_MAX); /* offset of next entry */
3513 p = xdr_encode_array(p, name, namlen); /* name length & name */
3514
3515 nfserr = nfsd4_encode_dirent_fattr(xdr, cd, name, namlen);
3516 switch (nfserr) {
3517 case nfs_ok:
3518 break;
3519 case nfserr_resource:
3520 nfserr = nfserr_toosmall;
3521 goto fail;
3522 case nfserr_noent:
3523 xdr_truncate_encode(xdr, start_offset);
3524 goto skip_entry;
3525 default:
3526 /*
3527 * If the client requested the RDATTR_ERROR attribute,
3528 * we stuff the error code into this attribute
3529 * and continue. If this attribute was not requested,
3530 * then in accordance with the spec, we fail the
3531 * entire READDIR operation(!)
3532 */
3533 if (!(cd->rd_bmval[0] & FATTR4_WORD0_RDATTR_ERROR))
3534 goto fail;
3535 p = nfsd4_encode_rdattr_error(xdr, nfserr);
3536 if (p == NULL) {
3537 nfserr = nfserr_toosmall;
3538 goto fail;
3539 }
3540 }
3541 nfserr = nfserr_toosmall;
3542 entry_bytes = xdr->buf->len - start_offset;
3543 if (entry_bytes > cd->rd_maxcount)
3544 goto fail;
3545 cd->rd_maxcount -= entry_bytes;
3546 /*
3547 * RFC 3530 14.2.24 describes rd_dircount as only a "hint", and
3548 * notes that it could be zero. If it is zero, then the server
3549 * should enforce only the rd_maxcount value.
3550 */
3551 if (cd->rd_dircount) {
3552 name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8;
3553 if (name_and_cookie > cd->rd_dircount && cd->cookie_offset)
3554 goto fail;
3555 cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie);
3556 if (!cd->rd_dircount)
3557 cd->rd_maxcount = 0;
3558 }
3559
3560 cd->cookie_offset = cookie_offset;
3561skip_entry:
3562 cd->common.err = nfs_ok;
3563 return 0;
3564fail:
3565 xdr_truncate_encode(xdr, start_offset);
3566 cd->common.err = nfserr;
3567 return -EINVAL;
3568}
3569
3570static __be32
3571nfsd4_encode_stateid(struct xdr_stream *xdr, stateid_t *sid)
3572{
3573 __be32 *p;
3574
3575 p = xdr_reserve_space(xdr, sizeof(stateid_t));
3576 if (!p)
3577 return nfserr_resource;
3578 *p++ = cpu_to_be32(sid->si_generation);
3579 p = xdr_encode_opaque_fixed(p, &sid->si_opaque,
3580 sizeof(stateid_opaque_t));
3581 return 0;
3582}
3583
3584static __be32
3585nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
3586{
3587 struct xdr_stream *xdr = resp->xdr;
3588 __be32 *p;
3589
3590 p = xdr_reserve_space(xdr, 8);
3591 if (!p)
3592 return nfserr_resource;
3593 *p++ = cpu_to_be32(access->ac_supported);
3594 *p++ = cpu_to_be32(access->ac_resp_access);
3595 return 0;
3596}
3597
3598static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
3599{
3600 struct xdr_stream *xdr = resp->xdr;
3601 __be32 *p;
3602
3603 p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 8);
3604 if (!p)
3605 return nfserr_resource;
3606 p = xdr_encode_opaque_fixed(p, bcts->sessionid.data,
3607 NFS4_MAX_SESSIONID_LEN);
3608 *p++ = cpu_to_be32(bcts->dir);
3609 /* Upshifting from TCP to RDMA is not supported */
3610 *p++ = cpu_to_be32(0);
3611 return 0;
3612}
3613
3614static __be32
3615nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
3616{
3617 struct xdr_stream *xdr = resp->xdr;
3618
3619 return nfsd4_encode_stateid(xdr, &close->cl_stateid);
3620}
3621
3622
3623static __be32
3624nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
3625{
3626 struct xdr_stream *xdr = resp->xdr;
3627 __be32 *p;
3628
3629 p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
3630 if (!p)
3631 return nfserr_resource;
3632 p = xdr_encode_opaque_fixed(p, commit->co_verf.data,
3633 NFS4_VERIFIER_SIZE);
3634 return 0;
3635}
3636
3637static __be32
3638nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
3639{
3640 struct xdr_stream *xdr = resp->xdr;
3641 __be32 *p;
3642
3643 p = xdr_reserve_space(xdr, 20);
3644 if (!p)
3645 return nfserr_resource;
3646 encode_cinfo(p, &create->cr_cinfo);
3647 return nfsd4_encode_bitmap(xdr, create->cr_bmval[0],
3648 create->cr_bmval[1], create->cr_bmval[2]);
3649}
3650
3651static __be32
3652nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
3653{
3654 struct svc_fh *fhp = getattr->ga_fhp;
3655 struct xdr_stream *xdr = resp->xdr;
3656
3657 return nfsd4_encode_fattr(xdr, fhp, fhp->fh_export, fhp->fh_dentry,
3658 getattr->ga_bmval, resp->rqstp, 0);
3659}
3660
3661static __be32
3662nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
3663{
3664 struct xdr_stream *xdr = resp->xdr;
3665 struct svc_fh *fhp = *fhpp;
3666 unsigned int len;
3667 __be32 *p;
3668
3669 len = fhp->fh_handle.fh_size;
3670 p = xdr_reserve_space(xdr, len + 4);
3671 if (!p)
3672 return nfserr_resource;
3673 p = xdr_encode_opaque(p, &fhp->fh_handle.fh_base, len);
3674 return 0;
3675}
3676
3677/*
3678* Including all fields other than the name, a LOCK4denied structure requires
3679* 8(clientid) + 4(namelen) + 8(offset) + 8(length) + 4(type) = 32 bytes.
3680*/
3681static __be32
3682nfsd4_encode_lock_denied(struct xdr_stream *xdr, struct nfsd4_lock_denied *ld)
3683{
3684 struct xdr_netobj *conf = &ld->ld_owner;
3685 __be32 *p;
3686
3687again:
3688 p = xdr_reserve_space(xdr, 32 + XDR_LEN(conf->len));
3689 if (!p) {
3690 /*
3691 * Don't fail to return the result just because we can't
3692 * return the conflicting open:
3693 */
3694 if (conf->len) {
3695 kfree(conf->data);
3696 conf->len = 0;
3697 conf->data = NULL;
3698 goto again;
3699 }
3700 return nfserr_resource;
3701 }
3702 p = xdr_encode_hyper(p, ld->ld_start);
3703 p = xdr_encode_hyper(p, ld->ld_length);
3704 *p++ = cpu_to_be32(ld->ld_type);
3705 if (conf->len) {
3706 p = xdr_encode_opaque_fixed(p, &ld->ld_clientid, 8);
3707 p = xdr_encode_opaque(p, conf->data, conf->len);
3708 kfree(conf->data);
3709 } else { /* non - nfsv4 lock in conflict, no clientid nor owner */
3710 p = xdr_encode_hyper(p, (u64)0); /* clientid */
3711 *p++ = cpu_to_be32(0); /* length of owner name */
3712 }
3713 return nfserr_denied;
3714}
3715
3716static __be32
3717nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
3718{
3719 struct xdr_stream *xdr = resp->xdr;
3720
3721 if (!nfserr)
3722 nfserr = nfsd4_encode_stateid(xdr, &lock->lk_resp_stateid);
3723 else if (nfserr == nfserr_denied)
3724 nfserr = nfsd4_encode_lock_denied(xdr, &lock->lk_denied);
3725
3726 return nfserr;
3727}
3728
3729static __be32
3730nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
3731{
3732 struct xdr_stream *xdr = resp->xdr;
3733
3734 if (nfserr == nfserr_denied)
3735 nfsd4_encode_lock_denied(xdr, &lockt->lt_denied);
3736 return nfserr;
3737}
3738
3739static __be32
3740nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
3741{
3742 struct xdr_stream *xdr = resp->xdr;
3743
3744 return nfsd4_encode_stateid(xdr, &locku->lu_stateid);
3745}
3746
3747
3748static __be32
3749nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
3750{
3751 struct xdr_stream *xdr = resp->xdr;
3752 __be32 *p;
3753
3754 p = xdr_reserve_space(xdr, 20);
3755 if (!p)
3756 return nfserr_resource;
3757 p = encode_cinfo(p, &link->li_cinfo);
3758 return 0;
3759}
3760
3761
3762static __be32
3763nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
3764{
3765 struct xdr_stream *xdr = resp->xdr;
3766 __be32 *p;
3767
3768 nfserr = nfsd4_encode_stateid(xdr, &open->op_stateid);
3769 if (nfserr)
3770 return nfserr;
3771 p = xdr_reserve_space(xdr, 24);
3772 if (!p)
3773 return nfserr_resource;
3774 p = encode_cinfo(p, &open->op_cinfo);
3775 *p++ = cpu_to_be32(open->op_rflags);
3776
3777 nfserr = nfsd4_encode_bitmap(xdr, open->op_bmval[0], open->op_bmval[1],
3778 open->op_bmval[2]);
3779 if (nfserr)
3780 return nfserr;
3781
3782 p = xdr_reserve_space(xdr, 4);
3783 if (!p)
3784 return nfserr_resource;
3785
3786 *p++ = cpu_to_be32(open->op_delegate_type);
3787 switch (open->op_delegate_type) {
3788 case NFS4_OPEN_DELEGATE_NONE:
3789 break;
3790 case NFS4_OPEN_DELEGATE_READ:
3791 nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
3792 if (nfserr)
3793 return nfserr;
3794 p = xdr_reserve_space(xdr, 20);
3795 if (!p)
3796 return nfserr_resource;
3797 *p++ = cpu_to_be32(open->op_recall);
3798
3799 /*
3800 * TODO: ACE's in delegations
3801 */
3802 *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3803 *p++ = cpu_to_be32(0);
3804 *p++ = cpu_to_be32(0);
3805 *p++ = cpu_to_be32(0); /* XXX: is NULL principal ok? */
3806 break;
3807 case NFS4_OPEN_DELEGATE_WRITE:
3808 nfserr = nfsd4_encode_stateid(xdr, &open->op_delegate_stateid);
3809 if (nfserr)
3810 return nfserr;
3811 p = xdr_reserve_space(xdr, 32);
3812 if (!p)
3813 return nfserr_resource;
3814 *p++ = cpu_to_be32(0);
3815
3816 /*
3817 * TODO: space_limit's in delegations
3818 */
3819 *p++ = cpu_to_be32(NFS4_LIMIT_SIZE);
3820 *p++ = cpu_to_be32(~(u32)0);
3821 *p++ = cpu_to_be32(~(u32)0);
3822
3823 /*
3824 * TODO: ACE's in delegations
3825 */
3826 *p++ = cpu_to_be32(NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE);
3827 *p++ = cpu_to_be32(0);
3828 *p++ = cpu_to_be32(0);
3829 *p++ = cpu_to_be32(0); /* XXX: is NULL principal ok? */
3830 break;
3831 case NFS4_OPEN_DELEGATE_NONE_EXT: /* 4.1 */
3832 switch (open->op_why_no_deleg) {
3833 case WND4_CONTENTION:
3834 case WND4_RESOURCE:
3835 p = xdr_reserve_space(xdr, 8);
3836 if (!p)
3837 return nfserr_resource;
3838 *p++ = cpu_to_be32(open->op_why_no_deleg);
3839 /* deleg signaling not supported yet: */
3840 *p++ = cpu_to_be32(0);
3841 break;
3842 default:
3843 p = xdr_reserve_space(xdr, 4);
3844 if (!p)
3845 return nfserr_resource;
3846 *p++ = cpu_to_be32(open->op_why_no_deleg);
3847 }
3848 break;
3849 default:
3850 BUG();
3851 }
3852 /* XXX save filehandle here */
3853 return 0;
3854}
3855
3856static __be32
3857nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
3858{
3859 struct xdr_stream *xdr = resp->xdr;
3860
3861 return nfsd4_encode_stateid(xdr, &oc->oc_resp_stateid);
3862}
3863
3864static __be32
3865nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
3866{
3867 struct xdr_stream *xdr = resp->xdr;
3868
3869 return nfsd4_encode_stateid(xdr, &od->od_stateid);
3870}
3871
3872static __be32 nfsd4_encode_splice_read(
3873 struct nfsd4_compoundres *resp,
3874 struct nfsd4_read *read,
3875 struct file *file, unsigned long maxcount)
3876{
3877 struct xdr_stream *xdr = resp->xdr;
3878 struct xdr_buf *buf = xdr->buf;
3879 int status, space_left;
3880 u32 eof;
3881 __be32 nfserr;
3882 __be32 *p = xdr->p - 2;
3883
3884 /* Make sure there will be room for padding if needed */
3885 if (xdr->end - xdr->p < 1)
3886 return nfserr_resource;
3887
3888 nfserr = nfsd_splice_read(read->rd_rqstp, read->rd_fhp,
3889 file, read->rd_offset, &maxcount, &eof);
3890 read->rd_length = maxcount;
3891 if (nfserr)
3892 goto out_err;
3893 status = svc_encode_result_payload(read->rd_rqstp,
3894 buf->head[0].iov_len, maxcount);
3895 if (status) {
3896 nfserr = nfserrno(status);
3897 goto out_err;
3898 }
3899
3900 *(p++) = htonl(eof);
3901 *(p++) = htonl(maxcount);
3902
3903 buf->page_len = maxcount;
3904 buf->len += maxcount;
3905 xdr->page_ptr += (buf->page_base + maxcount + PAGE_SIZE - 1)
3906 / PAGE_SIZE;
3907
3908 /* Use rest of head for padding and remaining ops: */
3909 buf->tail[0].iov_base = xdr->p;
3910 buf->tail[0].iov_len = 0;
3911 xdr->iov = buf->tail;
3912 if (maxcount&3) {
3913 int pad = 4 - (maxcount&3);
3914
3915 *(xdr->p++) = 0;
3916
3917 buf->tail[0].iov_base += maxcount&3;
3918 buf->tail[0].iov_len = pad;
3919 buf->len += pad;
3920 }
3921
3922 space_left = min_t(int, (void *)xdr->end - (void *)xdr->p,
3923 buf->buflen - buf->len);
3924 buf->buflen = buf->len + space_left;
3925 xdr->end = (__be32 *)((void *)xdr->end + space_left);
3926
3927 return 0;
3928
3929out_err:
3930 /*
3931 * nfsd_splice_actor may have already messed with the
3932 * page length; reset it so as not to confuse
3933 * xdr_truncate_encode in our caller.
3934 */
3935 buf->page_len = 0;
3936 return nfserr;
3937}
3938
3939static __be32 nfsd4_encode_readv(struct nfsd4_compoundres *resp,
3940 struct nfsd4_read *read,
3941 struct file *file, unsigned long maxcount)
3942{
3943 struct xdr_stream *xdr = resp->xdr;
3944 u32 eof;
3945 int starting_len = xdr->buf->len - 8;
3946 __be32 nfserr;
3947 __be32 tmp;
3948 int pad;
3949
3950 read->rd_vlen = xdr_reserve_space_vec(xdr, resp->rqstp->rq_vec, maxcount);
3951 if (read->rd_vlen < 0)
3952 return nfserr_resource;
3953
3954 nfserr = nfsd_readv(resp->rqstp, read->rd_fhp, file, read->rd_offset,
3955 resp->rqstp->rq_vec, read->rd_vlen, &maxcount,
3956 &eof);
3957 read->rd_length = maxcount;
3958 if (nfserr)
3959 return nfserr;
3960 if (svc_encode_result_payload(resp->rqstp, starting_len + 8, maxcount))
3961 return nfserr_io;
3962 xdr_truncate_encode(xdr, starting_len + 8 + xdr_align_size(maxcount));
3963
3964 tmp = htonl(eof);
3965 write_bytes_to_xdr_buf(xdr->buf, starting_len , &tmp, 4);
3966 tmp = htonl(maxcount);
3967 write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
3968
3969 tmp = xdr_zero;
3970 pad = (maxcount&3) ? 4 - (maxcount&3) : 0;
3971 write_bytes_to_xdr_buf(xdr->buf, starting_len + 8 + maxcount,
3972 &tmp, pad);
3973 return 0;
3974
3975}
3976
3977static __be32
3978nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
3979 struct nfsd4_read *read)
3980{
3981 unsigned long maxcount;
3982 struct xdr_stream *xdr = resp->xdr;
3983 struct file *file;
3984 int starting_len = xdr->buf->len;
3985 __be32 *p;
3986
3987 if (nfserr)
3988 return nfserr;
3989 file = read->rd_nf->nf_file;
3990
3991 p = xdr_reserve_space(xdr, 8); /* eof flag and byte count */
3992 if (!p) {
3993 WARN_ON_ONCE(test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags));
3994 return nfserr_resource;
3995 }
3996 if (resp->xdr->buf->page_len &&
3997 test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags)) {
3998 WARN_ON_ONCE(1);
3999 return nfserr_resource;
4000 }
4001 xdr_commit_encode(xdr);
4002
4003 maxcount = svc_max_payload(resp->rqstp);
4004 maxcount = min_t(unsigned long, maxcount,
4005 (xdr->buf->buflen - xdr->buf->len));
4006 maxcount = min_t(unsigned long, maxcount, read->rd_length);
4007
4008 if (file->f_op->splice_read &&
4009 test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags))
4010 nfserr = nfsd4_encode_splice_read(resp, read, file, maxcount);
4011 else
4012 nfserr = nfsd4_encode_readv(resp, read, file, maxcount);
4013
4014 if (nfserr)
4015 xdr_truncate_encode(xdr, starting_len);
4016
4017 return nfserr;
4018}
4019
4020static __be32
4021nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
4022{
4023 int maxcount;
4024 __be32 wire_count;
4025 int zero = 0;
4026 struct xdr_stream *xdr = resp->xdr;
4027 int length_offset = xdr->buf->len;
4028 int status;
4029 __be32 *p;
4030
4031 p = xdr_reserve_space(xdr, 4);
4032 if (!p)
4033 return nfserr_resource;
4034 maxcount = PAGE_SIZE;
4035
4036 p = xdr_reserve_space(xdr, maxcount);
4037 if (!p)
4038 return nfserr_resource;
4039 /*
4040 * XXX: By default, vfs_readlink() will truncate symlinks if they
4041 * would overflow the buffer. Is this kosher in NFSv4? If not, one
4042 * easy fix is: if vfs_readlink() precisely fills the buffer, assume
4043 * that truncation occurred, and return NFS4ERR_RESOURCE.
4044 */
4045 nfserr = nfsd_readlink(readlink->rl_rqstp, readlink->rl_fhp,
4046 (char *)p, &maxcount);
4047 if (nfserr == nfserr_isdir)
4048 nfserr = nfserr_inval;
4049 if (nfserr)
4050 goto out_err;
4051 status = svc_encode_result_payload(readlink->rl_rqstp, length_offset,
4052 maxcount);
4053 if (status) {
4054 nfserr = nfserrno(status);
4055 goto out_err;
4056 }
4057
4058 wire_count = htonl(maxcount);
4059 write_bytes_to_xdr_buf(xdr->buf, length_offset, &wire_count, 4);
4060 xdr_truncate_encode(xdr, length_offset + 4 + ALIGN(maxcount, 4));
4061 if (maxcount & 3)
4062 write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount,
4063 &zero, 4 - (maxcount&3));
4064 return 0;
4065
4066out_err:
4067 xdr_truncate_encode(xdr, length_offset);
4068 return nfserr;
4069}
4070
4071static __be32
4072nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
4073{
4074 int maxcount;
4075 int bytes_left;
4076 loff_t offset;
4077 __be64 wire_offset;
4078 struct xdr_stream *xdr = resp->xdr;
4079 int starting_len = xdr->buf->len;
4080 __be32 *p;
4081
4082 p = xdr_reserve_space(xdr, NFS4_VERIFIER_SIZE);
4083 if (!p)
4084 return nfserr_resource;
4085
4086 /* XXX: Following NFSv3, we ignore the READDIR verifier for now. */
4087 *p++ = cpu_to_be32(0);
4088 *p++ = cpu_to_be32(0);
4089 xdr->buf->head[0].iov_len = (char *)xdr->p -
4090 (char *)xdr->buf->head[0].iov_base;
4091
4092 /*
4093 * Number of bytes left for directory entries allowing for the
4094 * final 8 bytes of the readdir and a following failed op:
4095 */
4096 bytes_left = xdr->buf->buflen - xdr->buf->len
4097 - COMPOUND_ERR_SLACK_SPACE - 8;
4098 if (bytes_left < 0) {
4099 nfserr = nfserr_resource;
4100 goto err_no_verf;
4101 }
4102 maxcount = svc_max_payload(resp->rqstp);
4103 maxcount = min_t(u32, readdir->rd_maxcount, maxcount);
4104 /*
4105 * Note the rfc defines rd_maxcount as the size of the
4106 * READDIR4resok structure, which includes the verifier above
4107 * and the 8 bytes encoded at the end of this function:
4108 */
4109 if (maxcount < 16) {
4110 nfserr = nfserr_toosmall;
4111 goto err_no_verf;
4112 }
4113 maxcount = min_t(int, maxcount-16, bytes_left);
4114
4115 /* RFC 3530 14.2.24 allows us to ignore dircount when it's 0: */
4116 if (!readdir->rd_dircount)
4117 readdir->rd_dircount = svc_max_payload(resp->rqstp);
4118
4119 readdir->xdr = xdr;
4120 readdir->rd_maxcount = maxcount;
4121 readdir->common.err = 0;
4122 readdir->cookie_offset = 0;
4123
4124 offset = readdir->rd_cookie;
4125 nfserr = nfsd_readdir(readdir->rd_rqstp, readdir->rd_fhp,
4126 &offset,
4127 &readdir->common, nfsd4_encode_dirent);
4128 if (nfserr == nfs_ok &&
4129 readdir->common.err == nfserr_toosmall &&
4130 xdr->buf->len == starting_len + 8) {
4131 /* nothing encoded; which limit did we hit?: */
4132 if (maxcount - 16 < bytes_left)
4133 /* It was the fault of rd_maxcount: */
4134 nfserr = nfserr_toosmall;
4135 else
4136 /* We ran out of buffer space: */
4137 nfserr = nfserr_resource;
4138 }
4139 if (nfserr)
4140 goto err_no_verf;
4141
4142 if (readdir->cookie_offset) {
4143 wire_offset = cpu_to_be64(offset);
4144 write_bytes_to_xdr_buf(xdr->buf, readdir->cookie_offset,
4145 &wire_offset, 8);
4146 }
4147
4148 p = xdr_reserve_space(xdr, 8);
4149 if (!p) {
4150 WARN_ON_ONCE(1);
4151 goto err_no_verf;
4152 }
4153 *p++ = 0; /* no more entries */
4154 *p++ = htonl(readdir->common.err == nfserr_eof);
4155
4156 return 0;
4157err_no_verf:
4158 xdr_truncate_encode(xdr, starting_len);
4159 return nfserr;
4160}
4161
4162static __be32
4163nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
4164{
4165 struct xdr_stream *xdr = resp->xdr;
4166 __be32 *p;
4167
4168 p = xdr_reserve_space(xdr, 20);
4169 if (!p)
4170 return nfserr_resource;
4171 p = encode_cinfo(p, &remove->rm_cinfo);
4172 return 0;
4173}
4174
4175static __be32
4176nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
4177{
4178 struct xdr_stream *xdr = resp->xdr;
4179 __be32 *p;
4180
4181 p = xdr_reserve_space(xdr, 40);
4182 if (!p)
4183 return nfserr_resource;
4184 p = encode_cinfo(p, &rename->rn_sinfo);
4185 p = encode_cinfo(p, &rename->rn_tinfo);
4186 return 0;
4187}
4188
4189static __be32
4190nfsd4_do_encode_secinfo(struct xdr_stream *xdr, struct svc_export *exp)
4191{
4192 u32 i, nflavs, supported;
4193 struct exp_flavor_info *flavs;
4194 struct exp_flavor_info def_flavs[2];
4195 __be32 *p, *flavorsp;
4196 static bool report = true;
4197
4198 if (exp->ex_nflavors) {
4199 flavs = exp->ex_flavors;
4200 nflavs = exp->ex_nflavors;
4201 } else { /* Handling of some defaults in absence of real secinfo: */
4202 flavs = def_flavs;
4203 if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
4204 nflavs = 2;
4205 flavs[0].pseudoflavor = RPC_AUTH_UNIX;
4206 flavs[1].pseudoflavor = RPC_AUTH_NULL;
4207 } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
4208 nflavs = 1;
4209 flavs[0].pseudoflavor
4210 = svcauth_gss_flavor(exp->ex_client);
4211 } else {
4212 nflavs = 1;
4213 flavs[0].pseudoflavor
4214 = exp->ex_client->flavour->flavour;
4215 }
4216 }
4217
4218 supported = 0;
4219 p = xdr_reserve_space(xdr, 4);
4220 if (!p)
4221 return nfserr_resource;
4222 flavorsp = p++; /* to be backfilled later */
4223
4224 for (i = 0; i < nflavs; i++) {
4225 rpc_authflavor_t pf = flavs[i].pseudoflavor;
4226 struct rpcsec_gss_info info;
4227
4228 if (rpcauth_get_gssinfo(pf, &info) == 0) {
4229 supported++;
4230 p = xdr_reserve_space(xdr, 4 + 4 +
4231 XDR_LEN(info.oid.len) + 4 + 4);
4232 if (!p)
4233 return nfserr_resource;
4234 *p++ = cpu_to_be32(RPC_AUTH_GSS);
4235 p = xdr_encode_opaque(p, info.oid.data, info.oid.len);
4236 *p++ = cpu_to_be32(info.qop);
4237 *p++ = cpu_to_be32(info.service);
4238 } else if (pf < RPC_AUTH_MAXFLAVOR) {
4239 supported++;
4240 p = xdr_reserve_space(xdr, 4);
4241 if (!p)
4242 return nfserr_resource;
4243 *p++ = cpu_to_be32(pf);
4244 } else {
4245 if (report)
4246 pr_warn("NFS: SECINFO: security flavor %u "
4247 "is not supported\n", pf);
4248 }
4249 }
4250
4251 if (nflavs != supported)
4252 report = false;
4253 *flavorsp = htonl(supported);
4254 return 0;
4255}
4256
4257static __be32
4258nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
4259 struct nfsd4_secinfo *secinfo)
4260{
4261 struct xdr_stream *xdr = resp->xdr;
4262
4263 return nfsd4_do_encode_secinfo(xdr, secinfo->si_exp);
4264}
4265
4266static __be32
4267nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
4268 struct nfsd4_secinfo_no_name *secinfo)
4269{
4270 struct xdr_stream *xdr = resp->xdr;
4271
4272 return nfsd4_do_encode_secinfo(xdr, secinfo->sin_exp);
4273}
4274
4275/*
4276 * The SETATTR encode routine is special -- it always encodes a bitmap,
4277 * regardless of the error status.
4278 */
4279static __be32
4280nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
4281{
4282 struct xdr_stream *xdr = resp->xdr;
4283 __be32 *p;
4284
4285 p = xdr_reserve_space(xdr, 16);
4286 if (!p)
4287 return nfserr_resource;
4288 if (nfserr) {
4289 *p++ = cpu_to_be32(3);
4290 *p++ = cpu_to_be32(0);
4291 *p++ = cpu_to_be32(0);
4292 *p++ = cpu_to_be32(0);
4293 }
4294 else {
4295 *p++ = cpu_to_be32(3);
4296 *p++ = cpu_to_be32(setattr->sa_bmval[0]);
4297 *p++ = cpu_to_be32(setattr->sa_bmval[1]);
4298 *p++ = cpu_to_be32(setattr->sa_bmval[2]);
4299 }
4300 return nfserr;
4301}
4302
4303static __be32
4304nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
4305{
4306 struct xdr_stream *xdr = resp->xdr;
4307 __be32 *p;
4308
4309 if (!nfserr) {
4310 p = xdr_reserve_space(xdr, 8 + NFS4_VERIFIER_SIZE);
4311 if (!p)
4312 return nfserr_resource;
4313 p = xdr_encode_opaque_fixed(p, &scd->se_clientid, 8);
4314 p = xdr_encode_opaque_fixed(p, &scd->se_confirm,
4315 NFS4_VERIFIER_SIZE);
4316 }
4317 else if (nfserr == nfserr_clid_inuse) {
4318 p = xdr_reserve_space(xdr, 8);
4319 if (!p)
4320 return nfserr_resource;
4321 *p++ = cpu_to_be32(0);
4322 *p++ = cpu_to_be32(0);
4323 }
4324 return nfserr;
4325}
4326
4327static __be32
4328nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
4329{
4330 struct xdr_stream *xdr = resp->xdr;
4331 __be32 *p;
4332
4333 p = xdr_reserve_space(xdr, 16);
4334 if (!p)
4335 return nfserr_resource;
4336 *p++ = cpu_to_be32(write->wr_bytes_written);
4337 *p++ = cpu_to_be32(write->wr_how_written);
4338 p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
4339 NFS4_VERIFIER_SIZE);
4340 return 0;
4341}
4342
4343static __be32
4344nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
4345 struct nfsd4_exchange_id *exid)
4346{
4347 struct xdr_stream *xdr = resp->xdr;
4348 __be32 *p;
4349 char *major_id;
4350 char *server_scope;
4351 int major_id_sz;
4352 int server_scope_sz;
4353 uint64_t minor_id = 0;
4354 struct nfsd_net *nn = net_generic(SVC_NET(resp->rqstp), nfsd_net_id);
4355
4356 major_id = nn->nfsd_name;
4357 major_id_sz = strlen(nn->nfsd_name);
4358 server_scope = nn->nfsd_name;
4359 server_scope_sz = strlen(nn->nfsd_name);
4360
4361 p = xdr_reserve_space(xdr,
4362 8 /* eir_clientid */ +
4363 4 /* eir_sequenceid */ +
4364 4 /* eir_flags */ +
4365 4 /* spr_how */);
4366 if (!p)
4367 return nfserr_resource;
4368
4369 p = xdr_encode_opaque_fixed(p, &exid->clientid, 8);
4370 *p++ = cpu_to_be32(exid->seqid);
4371 *p++ = cpu_to_be32(exid->flags);
4372
4373 *p++ = cpu_to_be32(exid->spa_how);
4374
4375 switch (exid->spa_how) {
4376 case SP4_NONE:
4377 break;
4378 case SP4_MACH_CRED:
4379 /* spo_must_enforce bitmap: */
4380 nfserr = nfsd4_encode_bitmap(xdr,
4381 exid->spo_must_enforce[0],
4382 exid->spo_must_enforce[1],
4383 exid->spo_must_enforce[2]);
4384 if (nfserr)
4385 return nfserr;
4386 /* spo_must_allow bitmap: */
4387 nfserr = nfsd4_encode_bitmap(xdr,
4388 exid->spo_must_allow[0],
4389 exid->spo_must_allow[1],
4390 exid->spo_must_allow[2]);
4391 if (nfserr)
4392 return nfserr;
4393 break;
4394 default:
4395 WARN_ON_ONCE(1);
4396 }
4397
4398 p = xdr_reserve_space(xdr,
4399 8 /* so_minor_id */ +
4400 4 /* so_major_id.len */ +
4401 (XDR_QUADLEN(major_id_sz) * 4) +
4402 4 /* eir_server_scope.len */ +
4403 (XDR_QUADLEN(server_scope_sz) * 4) +
4404 4 /* eir_server_impl_id.count (0) */);
4405 if (!p)
4406 return nfserr_resource;
4407
4408 /* The server_owner struct */
4409 p = xdr_encode_hyper(p, minor_id); /* Minor id */
4410 /* major id */
4411 p = xdr_encode_opaque(p, major_id, major_id_sz);
4412
4413 /* Server scope */
4414 p = xdr_encode_opaque(p, server_scope, server_scope_sz);
4415
4416 /* Implementation id */
4417 *p++ = cpu_to_be32(0); /* zero length nfs_impl_id4 array */
4418 return 0;
4419}
4420
4421static __be32
4422nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
4423 struct nfsd4_create_session *sess)
4424{
4425 struct xdr_stream *xdr = resp->xdr;
4426 __be32 *p;
4427
4428 p = xdr_reserve_space(xdr, 24);
4429 if (!p)
4430 return nfserr_resource;
4431 p = xdr_encode_opaque_fixed(p, sess->sessionid.data,
4432 NFS4_MAX_SESSIONID_LEN);
4433 *p++ = cpu_to_be32(sess->seqid);
4434 *p++ = cpu_to_be32(sess->flags);
4435
4436 p = xdr_reserve_space(xdr, 28);
4437 if (!p)
4438 return nfserr_resource;
4439 *p++ = cpu_to_be32(0); /* headerpadsz */
4440 *p++ = cpu_to_be32(sess->fore_channel.maxreq_sz);
4441 *p++ = cpu_to_be32(sess->fore_channel.maxresp_sz);
4442 *p++ = cpu_to_be32(sess->fore_channel.maxresp_cached);
4443 *p++ = cpu_to_be32(sess->fore_channel.maxops);
4444 *p++ = cpu_to_be32(sess->fore_channel.maxreqs);
4445 *p++ = cpu_to_be32(sess->fore_channel.nr_rdma_attrs);
4446
4447 if (sess->fore_channel.nr_rdma_attrs) {
4448 p = xdr_reserve_space(xdr, 4);
4449 if (!p)
4450 return nfserr_resource;
4451 *p++ = cpu_to_be32(sess->fore_channel.rdma_attrs);
4452 }
4453
4454 p = xdr_reserve_space(xdr, 28);
4455 if (!p)
4456 return nfserr_resource;
4457 *p++ = cpu_to_be32(0); /* headerpadsz */
4458 *p++ = cpu_to_be32(sess->back_channel.maxreq_sz);
4459 *p++ = cpu_to_be32(sess->back_channel.maxresp_sz);
4460 *p++ = cpu_to_be32(sess->back_channel.maxresp_cached);
4461 *p++ = cpu_to_be32(sess->back_channel.maxops);
4462 *p++ = cpu_to_be32(sess->back_channel.maxreqs);
4463 *p++ = cpu_to_be32(sess->back_channel.nr_rdma_attrs);
4464
4465 if (sess->back_channel.nr_rdma_attrs) {
4466 p = xdr_reserve_space(xdr, 4);
4467 if (!p)
4468 return nfserr_resource;
4469 *p++ = cpu_to_be32(sess->back_channel.rdma_attrs);
4470 }
4471 return 0;
4472}
4473
4474static __be32
4475nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
4476 struct nfsd4_sequence *seq)
4477{
4478 struct xdr_stream *xdr = resp->xdr;
4479 __be32 *p;
4480
4481 p = xdr_reserve_space(xdr, NFS4_MAX_SESSIONID_LEN + 20);
4482 if (!p)
4483 return nfserr_resource;
4484 p = xdr_encode_opaque_fixed(p, seq->sessionid.data,
4485 NFS4_MAX_SESSIONID_LEN);
4486 *p++ = cpu_to_be32(seq->seqid);
4487 *p++ = cpu_to_be32(seq->slotid);
4488 /* Note slotid's are numbered from zero: */
4489 *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_highest_slotid */
4490 *p++ = cpu_to_be32(seq->maxslots - 1); /* sr_target_highest_slotid */
4491 *p++ = cpu_to_be32(seq->status_flags);
4492
4493 resp->cstate.data_offset = xdr->buf->len; /* DRC cache data pointer */
4494 return 0;
4495}
4496
4497static __be32
4498nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
4499 struct nfsd4_test_stateid *test_stateid)
4500{
4501 struct xdr_stream *xdr = resp->xdr;
4502 struct nfsd4_test_stateid_id *stateid, *next;
4503 __be32 *p;
4504
4505 p = xdr_reserve_space(xdr, 4 + (4 * test_stateid->ts_num_ids));
4506 if (!p)
4507 return nfserr_resource;
4508 *p++ = htonl(test_stateid->ts_num_ids);
4509
4510 list_for_each_entry_safe(stateid, next, &test_stateid->ts_stateid_list, ts_id_list) {
4511 *p++ = stateid->ts_id_status;
4512 }
4513
4514 return 0;
4515}
4516
4517#ifdef CONFIG_NFSD_PNFS
4518static __be32
4519nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
4520 struct nfsd4_getdeviceinfo *gdev)
4521{
4522 struct xdr_stream *xdr = resp->xdr;
4523 const struct nfsd4_layout_ops *ops;
4524 u32 starting_len = xdr->buf->len, needed_len;
4525 __be32 *p;
4526
4527 p = xdr_reserve_space(xdr, 4);
4528 if (!p)
4529 return nfserr_resource;
4530
4531 *p++ = cpu_to_be32(gdev->gd_layout_type);
4532
4533 /* If maxcount is 0 then just update notifications */
4534 if (gdev->gd_maxcount != 0) {
4535 ops = nfsd4_layout_ops[gdev->gd_layout_type];
4536 nfserr = ops->encode_getdeviceinfo(xdr, gdev);
4537 if (nfserr) {
4538 /*
4539 * We don't bother to burden the layout drivers with
4540 * enforcing gd_maxcount, just tell the client to
4541 * come back with a bigger buffer if it's not enough.
4542 */
4543 if (xdr->buf->len + 4 > gdev->gd_maxcount)
4544 goto toosmall;
4545 return nfserr;
4546 }
4547 }
4548
4549 if (gdev->gd_notify_types) {
4550 p = xdr_reserve_space(xdr, 4 + 4);
4551 if (!p)
4552 return nfserr_resource;
4553 *p++ = cpu_to_be32(1); /* bitmap length */
4554 *p++ = cpu_to_be32(gdev->gd_notify_types);
4555 } else {
4556 p = xdr_reserve_space(xdr, 4);
4557 if (!p)
4558 return nfserr_resource;
4559 *p++ = 0;
4560 }
4561
4562 return 0;
4563toosmall:
4564 dprintk("%s: maxcount too small\n", __func__);
4565 needed_len = xdr->buf->len + 4 /* notifications */;
4566 xdr_truncate_encode(xdr, starting_len);
4567 p = xdr_reserve_space(xdr, 4);
4568 if (!p)
4569 return nfserr_resource;
4570 *p++ = cpu_to_be32(needed_len);
4571 return nfserr_toosmall;
4572}
4573
4574static __be32
4575nfsd4_encode_layoutget(struct nfsd4_compoundres *resp, __be32 nfserr,
4576 struct nfsd4_layoutget *lgp)
4577{
4578 struct xdr_stream *xdr = resp->xdr;
4579 const struct nfsd4_layout_ops *ops;
4580 __be32 *p;
4581
4582 p = xdr_reserve_space(xdr, 36 + sizeof(stateid_opaque_t));
4583 if (!p)
4584 return nfserr_resource;
4585
4586 *p++ = cpu_to_be32(1); /* we always set return-on-close */
4587 *p++ = cpu_to_be32(lgp->lg_sid.si_generation);
4588 p = xdr_encode_opaque_fixed(p, &lgp->lg_sid.si_opaque,
4589 sizeof(stateid_opaque_t));
4590
4591 *p++ = cpu_to_be32(1); /* we always return a single layout */
4592 p = xdr_encode_hyper(p, lgp->lg_seg.offset);
4593 p = xdr_encode_hyper(p, lgp->lg_seg.length);
4594 *p++ = cpu_to_be32(lgp->lg_seg.iomode);
4595 *p++ = cpu_to_be32(lgp->lg_layout_type);
4596
4597 ops = nfsd4_layout_ops[lgp->lg_layout_type];
4598 return ops->encode_layoutget(xdr, lgp);
4599}
4600
4601static __be32
4602nfsd4_encode_layoutcommit(struct nfsd4_compoundres *resp, __be32 nfserr,
4603 struct nfsd4_layoutcommit *lcp)
4604{
4605 struct xdr_stream *xdr = resp->xdr;
4606 __be32 *p;
4607
4608 p = xdr_reserve_space(xdr, 4);
4609 if (!p)
4610 return nfserr_resource;
4611 *p++ = cpu_to_be32(lcp->lc_size_chg);
4612 if (lcp->lc_size_chg) {
4613 p = xdr_reserve_space(xdr, 8);
4614 if (!p)
4615 return nfserr_resource;
4616 p = xdr_encode_hyper(p, lcp->lc_newsize);
4617 }
4618
4619 return 0;
4620}
4621
4622static __be32
4623nfsd4_encode_layoutreturn(struct nfsd4_compoundres *resp, __be32 nfserr,
4624 struct nfsd4_layoutreturn *lrp)
4625{
4626 struct xdr_stream *xdr = resp->xdr;
4627 __be32 *p;
4628
4629 p = xdr_reserve_space(xdr, 4);
4630 if (!p)
4631 return nfserr_resource;
4632 *p++ = cpu_to_be32(lrp->lrs_present);
4633 if (lrp->lrs_present)
4634 return nfsd4_encode_stateid(xdr, &lrp->lr_sid);
4635 return 0;
4636}
4637#endif /* CONFIG_NFSD_PNFS */
4638
4639static __be32
4640nfsd42_encode_write_res(struct nfsd4_compoundres *resp,
4641 struct nfsd42_write_res *write, bool sync)
4642{
4643 __be32 *p;
4644 p = xdr_reserve_space(resp->xdr, 4);
4645 if (!p)
4646 return nfserr_resource;
4647
4648 if (sync)
4649 *p++ = cpu_to_be32(0);
4650 else {
4651 __be32 nfserr;
4652 *p++ = cpu_to_be32(1);
4653 nfserr = nfsd4_encode_stateid(resp->xdr, &write->cb_stateid);
4654 if (nfserr)
4655 return nfserr;
4656 }
4657 p = xdr_reserve_space(resp->xdr, 8 + 4 + NFS4_VERIFIER_SIZE);
4658 if (!p)
4659 return nfserr_resource;
4660
4661 p = xdr_encode_hyper(p, write->wr_bytes_written);
4662 *p++ = cpu_to_be32(write->wr_stable_how);
4663 p = xdr_encode_opaque_fixed(p, write->wr_verifier.data,
4664 NFS4_VERIFIER_SIZE);
4665 return nfs_ok;
4666}
4667
4668static __be32
4669nfsd42_encode_nl4_server(struct nfsd4_compoundres *resp, struct nl4_server *ns)
4670{
4671 struct xdr_stream *xdr = resp->xdr;
4672 struct nfs42_netaddr *addr;
4673 __be32 *p;
4674
4675 p = xdr_reserve_space(xdr, 4);
4676 *p++ = cpu_to_be32(ns->nl4_type);
4677
4678 switch (ns->nl4_type) {
4679 case NL4_NETADDR:
4680 addr = &ns->u.nl4_addr;
4681
4682 /* netid_len, netid, uaddr_len, uaddr (port included
4683 * in RPCBIND_MAXUADDRLEN)
4684 */
4685 p = xdr_reserve_space(xdr,
4686 4 /* netid len */ +
4687 (XDR_QUADLEN(addr->netid_len) * 4) +
4688 4 /* uaddr len */ +
4689 (XDR_QUADLEN(addr->addr_len) * 4));
4690 if (!p)
4691 return nfserr_resource;
4692
4693 *p++ = cpu_to_be32(addr->netid_len);
4694 p = xdr_encode_opaque_fixed(p, addr->netid,
4695 addr->netid_len);
4696 *p++ = cpu_to_be32(addr->addr_len);
4697 p = xdr_encode_opaque_fixed(p, addr->addr,
4698 addr->addr_len);
4699 break;
4700 default:
4701 WARN_ON_ONCE(ns->nl4_type != NL4_NETADDR);
4702 return nfserr_inval;
4703 }
4704
4705 return 0;
4706}
4707
4708static __be32
4709nfsd4_encode_copy(struct nfsd4_compoundres *resp, __be32 nfserr,
4710 struct nfsd4_copy *copy)
4711{
4712 __be32 *p;
4713
4714 nfserr = nfsd42_encode_write_res(resp, ©->cp_res,
4715 !!copy->cp_synchronous);
4716 if (nfserr)
4717 return nfserr;
4718
4719 p = xdr_reserve_space(resp->xdr, 4 + 4);
4720 *p++ = xdr_one; /* cr_consecutive */
4721 *p++ = cpu_to_be32(copy->cp_synchronous);
4722 return 0;
4723}
4724
4725static __be32
4726nfsd4_encode_offload_status(struct nfsd4_compoundres *resp, __be32 nfserr,
4727 struct nfsd4_offload_status *os)
4728{
4729 struct xdr_stream *xdr = resp->xdr;
4730 __be32 *p;
4731
4732 p = xdr_reserve_space(xdr, 8 + 4);
4733 if (!p)
4734 return nfserr_resource;
4735 p = xdr_encode_hyper(p, os->count);
4736 *p++ = cpu_to_be32(0);
4737 return nfserr;
4738}
4739
4740static __be32
4741nfsd4_encode_read_plus_data(struct nfsd4_compoundres *resp,
4742 struct nfsd4_read *read,
4743 unsigned long *maxcount, u32 *eof,
4744 loff_t *pos)
4745{
4746 struct xdr_stream *xdr = resp->xdr;
4747 struct file *file = read->rd_nf->nf_file;
4748 int starting_len = xdr->buf->len;
4749 loff_t hole_pos;
4750 __be32 nfserr;
4751 __be32 *p, tmp;
4752 __be64 tmp64;
4753
4754 hole_pos = pos ? *pos : vfs_llseek(file, read->rd_offset, SEEK_HOLE);
4755 if (hole_pos > read->rd_offset)
4756 *maxcount = min_t(unsigned long, *maxcount, hole_pos - read->rd_offset);
4757 *maxcount = min_t(unsigned long, *maxcount, (xdr->buf->buflen - xdr->buf->len));
4758
4759 /* Content type, offset, byte count */
4760 p = xdr_reserve_space(xdr, 4 + 8 + 4);
4761 if (!p)
4762 return nfserr_resource;
4763
4764 read->rd_vlen = xdr_reserve_space_vec(xdr, resp->rqstp->rq_vec, *maxcount);
4765 if (read->rd_vlen < 0)
4766 return nfserr_resource;
4767
4768 nfserr = nfsd_readv(resp->rqstp, read->rd_fhp, file, read->rd_offset,
4769 resp->rqstp->rq_vec, read->rd_vlen, maxcount, eof);
4770 if (nfserr)
4771 return nfserr;
4772 xdr_truncate_encode(xdr, starting_len + 16 + xdr_align_size(*maxcount));
4773
4774 tmp = htonl(NFS4_CONTENT_DATA);
4775 write_bytes_to_xdr_buf(xdr->buf, starting_len, &tmp, 4);
4776 tmp64 = cpu_to_be64(read->rd_offset);
4777 write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp64, 8);
4778 tmp = htonl(*maxcount);
4779 write_bytes_to_xdr_buf(xdr->buf, starting_len + 12, &tmp, 4);
4780
4781 tmp = xdr_zero;
4782 write_bytes_to_xdr_buf(xdr->buf, starting_len + 16 + *maxcount, &tmp,
4783 xdr_pad_size(*maxcount));
4784 return nfs_ok;
4785}
4786
4787static __be32
4788nfsd4_encode_read_plus_hole(struct nfsd4_compoundres *resp,
4789 struct nfsd4_read *read,
4790 unsigned long *maxcount, u32 *eof)
4791{
4792 struct file *file = read->rd_nf->nf_file;
4793 loff_t data_pos = vfs_llseek(file, read->rd_offset, SEEK_DATA);
4794 loff_t f_size = i_size_read(file_inode(file));
4795 unsigned long count;
4796 __be32 *p;
4797
4798 if (data_pos == -ENXIO)
4799 data_pos = f_size;
4800 else if (data_pos <= read->rd_offset || (data_pos < f_size && data_pos % PAGE_SIZE))
4801 return nfsd4_encode_read_plus_data(resp, read, maxcount, eof, &f_size);
4802 count = data_pos - read->rd_offset;
4803
4804 /* Content type, offset, byte count */
4805 p = xdr_reserve_space(resp->xdr, 4 + 8 + 8);
4806 if (!p)
4807 return nfserr_resource;
4808
4809 *p++ = htonl(NFS4_CONTENT_HOLE);
4810 p = xdr_encode_hyper(p, read->rd_offset);
4811 p = xdr_encode_hyper(p, count);
4812
4813 *eof = (read->rd_offset + count) >= f_size;
4814 *maxcount = min_t(unsigned long, count, *maxcount);
4815 return nfs_ok;
4816}
4817
4818static __be32
4819nfsd4_encode_read_plus(struct nfsd4_compoundres *resp, __be32 nfserr,
4820 struct nfsd4_read *read)
4821{
4822 unsigned long maxcount, count;
4823 struct xdr_stream *xdr = resp->xdr;
4824 struct file *file;
4825 int starting_len = xdr->buf->len;
4826 int last_segment = xdr->buf->len;
4827 int segments = 0;
4828 __be32 *p, tmp;
4829 bool is_data;
4830 loff_t pos;
4831 u32 eof;
4832
4833 if (nfserr)
4834 return nfserr;
4835 file = read->rd_nf->nf_file;
4836
4837 /* eof flag, segment count */
4838 p = xdr_reserve_space(xdr, 4 + 4);
4839 if (!p)
4840 return nfserr_resource;
4841 xdr_commit_encode(xdr);
4842
4843 maxcount = svc_max_payload(resp->rqstp);
4844 maxcount = min_t(unsigned long, maxcount,
4845 (xdr->buf->buflen - xdr->buf->len));
4846 maxcount = min_t(unsigned long, maxcount, read->rd_length);
4847 count = maxcount;
4848
4849 eof = read->rd_offset >= i_size_read(file_inode(file));
4850 if (eof)
4851 goto out;
4852
4853 pos = vfs_llseek(file, read->rd_offset, SEEK_HOLE);
4854 is_data = pos > read->rd_offset;
4855
4856 while (count > 0 && !eof) {
4857 maxcount = count;
4858 if (is_data)
4859 nfserr = nfsd4_encode_read_plus_data(resp, read, &maxcount, &eof,
4860 segments == 0 ? &pos : NULL);
4861 else
4862 nfserr = nfsd4_encode_read_plus_hole(resp, read, &maxcount, &eof);
4863 if (nfserr)
4864 goto out;
4865 count -= maxcount;
4866 read->rd_offset += maxcount;
4867 is_data = !is_data;
4868 last_segment = xdr->buf->len;
4869 segments++;
4870 }
4871
4872out:
4873 if (nfserr && segments == 0)
4874 xdr_truncate_encode(xdr, starting_len);
4875 else {
4876 if (nfserr) {
4877 xdr_truncate_encode(xdr, last_segment);
4878 nfserr = nfs_ok;
4879 eof = 0;
4880 }
4881 tmp = htonl(eof);
4882 write_bytes_to_xdr_buf(xdr->buf, starting_len, &tmp, 4);
4883 tmp = htonl(segments);
4884 write_bytes_to_xdr_buf(xdr->buf, starting_len + 4, &tmp, 4);
4885 }
4886
4887 return nfserr;
4888}
4889
4890static __be32
4891nfsd4_encode_copy_notify(struct nfsd4_compoundres *resp, __be32 nfserr,
4892 struct nfsd4_copy_notify *cn)
4893{
4894 struct xdr_stream *xdr = resp->xdr;
4895 __be32 *p;
4896
4897 if (nfserr)
4898 return nfserr;
4899
4900 /* 8 sec, 4 nsec */
4901 p = xdr_reserve_space(xdr, 12);
4902 if (!p)
4903 return nfserr_resource;
4904
4905 /* cnr_lease_time */
4906 p = xdr_encode_hyper(p, cn->cpn_sec);
4907 *p++ = cpu_to_be32(cn->cpn_nsec);
4908
4909 /* cnr_stateid */
4910 nfserr = nfsd4_encode_stateid(xdr, &cn->cpn_cnr_stateid);
4911 if (nfserr)
4912 return nfserr;
4913
4914 /* cnr_src.nl_nsvr */
4915 p = xdr_reserve_space(xdr, 4);
4916 if (!p)
4917 return nfserr_resource;
4918
4919 *p++ = cpu_to_be32(1);
4920
4921 return nfsd42_encode_nl4_server(resp, &cn->cpn_src);
4922}
4923
4924static __be32
4925nfsd4_encode_seek(struct nfsd4_compoundres *resp, __be32 nfserr,
4926 struct nfsd4_seek *seek)
4927{
4928 __be32 *p;
4929
4930 p = xdr_reserve_space(resp->xdr, 4 + 8);
4931 *p++ = cpu_to_be32(seek->seek_eof);
4932 p = xdr_encode_hyper(p, seek->seek_pos);
4933
4934 return 0;
4935}
4936
4937static __be32
4938nfsd4_encode_noop(struct nfsd4_compoundres *resp, __be32 nfserr, void *p)
4939{
4940 return nfserr;
4941}
4942
4943/*
4944 * Encode kmalloc-ed buffer in to XDR stream.
4945 */
4946static __be32
4947nfsd4_vbuf_to_stream(struct xdr_stream *xdr, char *buf, u32 buflen)
4948{
4949 u32 cplen;
4950 __be32 *p;
4951
4952 cplen = min_t(unsigned long, buflen,
4953 ((void *)xdr->end - (void *)xdr->p));
4954 p = xdr_reserve_space(xdr, cplen);
4955 if (!p)
4956 return nfserr_resource;
4957
4958 memcpy(p, buf, cplen);
4959 buf += cplen;
4960 buflen -= cplen;
4961
4962 while (buflen) {
4963 cplen = min_t(u32, buflen, PAGE_SIZE);
4964 p = xdr_reserve_space(xdr, cplen);
4965 if (!p)
4966 return nfserr_resource;
4967
4968 memcpy(p, buf, cplen);
4969
4970 if (cplen < PAGE_SIZE) {
4971 /*
4972 * We're done, with a length that wasn't page
4973 * aligned, so possibly not word aligned. Pad
4974 * any trailing bytes with 0.
4975 */
4976 xdr_encode_opaque_fixed(p, NULL, cplen);
4977 break;
4978 }
4979
4980 buflen -= PAGE_SIZE;
4981 buf += PAGE_SIZE;
4982 }
4983
4984 return 0;
4985}
4986
4987static __be32
4988nfsd4_encode_getxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
4989 struct nfsd4_getxattr *getxattr)
4990{
4991 struct xdr_stream *xdr = resp->xdr;
4992 __be32 *p, err;
4993
4994 p = xdr_reserve_space(xdr, 4);
4995 if (!p)
4996 return nfserr_resource;
4997
4998 *p = cpu_to_be32(getxattr->getxa_len);
4999
5000 if (getxattr->getxa_len == 0)
5001 return 0;
5002
5003 err = nfsd4_vbuf_to_stream(xdr, getxattr->getxa_buf,
5004 getxattr->getxa_len);
5005
5006 kvfree(getxattr->getxa_buf);
5007
5008 return err;
5009}
5010
5011static __be32
5012nfsd4_encode_setxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
5013 struct nfsd4_setxattr *setxattr)
5014{
5015 struct xdr_stream *xdr = resp->xdr;
5016 __be32 *p;
5017
5018 p = xdr_reserve_space(xdr, 20);
5019 if (!p)
5020 return nfserr_resource;
5021
5022 encode_cinfo(p, &setxattr->setxa_cinfo);
5023
5024 return 0;
5025}
5026
5027/*
5028 * See if there are cookie values that can be rejected outright.
5029 */
5030static __be32
5031nfsd4_listxattr_validate_cookie(struct nfsd4_listxattrs *listxattrs,
5032 u32 *offsetp)
5033{
5034 u64 cookie = listxattrs->lsxa_cookie;
5035
5036 /*
5037 * If the cookie is larger than the maximum number we can fit
5038 * in either the buffer we just got back from vfs_listxattr, or,
5039 * XDR-encoded, in the return buffer, it's invalid.
5040 */
5041 if (cookie > (listxattrs->lsxa_len) / (XATTR_USER_PREFIX_LEN + 2))
5042 return nfserr_badcookie;
5043
5044 if (cookie > (listxattrs->lsxa_maxcount /
5045 (XDR_QUADLEN(XATTR_USER_PREFIX_LEN + 2) + 4)))
5046 return nfserr_badcookie;
5047
5048 *offsetp = (u32)cookie;
5049 return 0;
5050}
5051
5052static __be32
5053nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr,
5054 struct nfsd4_listxattrs *listxattrs)
5055{
5056 struct xdr_stream *xdr = resp->xdr;
5057 u32 cookie_offset, count_offset, eof;
5058 u32 left, xdrleft, slen, count;
5059 u32 xdrlen, offset;
5060 u64 cookie;
5061 char *sp;
5062 __be32 status, tmp;
5063 __be32 *p;
5064 u32 nuser;
5065
5066 eof = 1;
5067
5068 status = nfsd4_listxattr_validate_cookie(listxattrs, &offset);
5069 if (status)
5070 goto out;
5071
5072 /*
5073 * Reserve space for the cookie and the name array count. Record
5074 * the offsets to save them later.
5075 */
5076 cookie_offset = xdr->buf->len;
5077 count_offset = cookie_offset + 8;
5078 p = xdr_reserve_space(xdr, 12);
5079 if (!p) {
5080 status = nfserr_resource;
5081 goto out;
5082 }
5083
5084 count = 0;
5085 left = listxattrs->lsxa_len;
5086 sp = listxattrs->lsxa_buf;
5087 nuser = 0;
5088
5089 xdrleft = listxattrs->lsxa_maxcount;
5090
5091 while (left > 0 && xdrleft > 0) {
5092 slen = strlen(sp);
5093
5094 /*
5095 * Check if this is a "user." attribute, skip it if not.
5096 */
5097 if (strncmp(sp, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
5098 goto contloop;
5099
5100 slen -= XATTR_USER_PREFIX_LEN;
5101 xdrlen = 4 + ((slen + 3) & ~3);
5102 if (xdrlen > xdrleft) {
5103 if (count == 0) {
5104 /*
5105 * Can't even fit the first attribute name.
5106 */
5107 status = nfserr_toosmall;
5108 goto out;
5109 }
5110 eof = 0;
5111 goto wreof;
5112 }
5113
5114 left -= XATTR_USER_PREFIX_LEN;
5115 sp += XATTR_USER_PREFIX_LEN;
5116 if (nuser++ < offset)
5117 goto contloop;
5118
5119
5120 p = xdr_reserve_space(xdr, xdrlen);
5121 if (!p) {
5122 status = nfserr_resource;
5123 goto out;
5124 }
5125
5126 xdr_encode_opaque(p, sp, slen);
5127
5128 xdrleft -= xdrlen;
5129 count++;
5130contloop:
5131 sp += slen + 1;
5132 left -= slen + 1;
5133 }
5134
5135 /*
5136 * If there were user attributes to copy, but we didn't copy
5137 * any, the offset was too large (e.g. the cookie was invalid).
5138 */
5139 if (nuser > 0 && count == 0) {
5140 status = nfserr_badcookie;
5141 goto out;
5142 }
5143
5144wreof:
5145 p = xdr_reserve_space(xdr, 4);
5146 if (!p) {
5147 status = nfserr_resource;
5148 goto out;
5149 }
5150 *p = cpu_to_be32(eof);
5151
5152 cookie = offset + count;
5153
5154 write_bytes_to_xdr_buf(xdr->buf, cookie_offset, &cookie, 8);
5155 tmp = cpu_to_be32(count);
5156 write_bytes_to_xdr_buf(xdr->buf, count_offset, &tmp, 4);
5157out:
5158 if (listxattrs->lsxa_len)
5159 kvfree(listxattrs->lsxa_buf);
5160 return status;
5161}
5162
5163static __be32
5164nfsd4_encode_removexattr(struct nfsd4_compoundres *resp, __be32 nfserr,
5165 struct nfsd4_removexattr *removexattr)
5166{
5167 struct xdr_stream *xdr = resp->xdr;
5168 __be32 *p;
5169
5170 p = xdr_reserve_space(xdr, 20);
5171 if (!p)
5172 return nfserr_resource;
5173
5174 p = encode_cinfo(p, &removexattr->rmxa_cinfo);
5175 return 0;
5176}
5177
5178typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
5179
5180/*
5181 * Note: nfsd4_enc_ops vector is shared for v4.0 and v4.1
5182 * since we don't need to filter out obsolete ops as this is
5183 * done in the decoding phase.
5184 */
5185static const nfsd4_enc nfsd4_enc_ops[] = {
5186 [OP_ACCESS] = (nfsd4_enc)nfsd4_encode_access,
5187 [OP_CLOSE] = (nfsd4_enc)nfsd4_encode_close,
5188 [OP_COMMIT] = (nfsd4_enc)nfsd4_encode_commit,
5189 [OP_CREATE] = (nfsd4_enc)nfsd4_encode_create,
5190 [OP_DELEGPURGE] = (nfsd4_enc)nfsd4_encode_noop,
5191 [OP_DELEGRETURN] = (nfsd4_enc)nfsd4_encode_noop,
5192 [OP_GETATTR] = (nfsd4_enc)nfsd4_encode_getattr,
5193 [OP_GETFH] = (nfsd4_enc)nfsd4_encode_getfh,
5194 [OP_LINK] = (nfsd4_enc)nfsd4_encode_link,
5195 [OP_LOCK] = (nfsd4_enc)nfsd4_encode_lock,
5196 [OP_LOCKT] = (nfsd4_enc)nfsd4_encode_lockt,
5197 [OP_LOCKU] = (nfsd4_enc)nfsd4_encode_locku,
5198 [OP_LOOKUP] = (nfsd4_enc)nfsd4_encode_noop,
5199 [OP_LOOKUPP] = (nfsd4_enc)nfsd4_encode_noop,
5200 [OP_NVERIFY] = (nfsd4_enc)nfsd4_encode_noop,
5201 [OP_OPEN] = (nfsd4_enc)nfsd4_encode_open,
5202 [OP_OPENATTR] = (nfsd4_enc)nfsd4_encode_noop,
5203 [OP_OPEN_CONFIRM] = (nfsd4_enc)nfsd4_encode_open_confirm,
5204 [OP_OPEN_DOWNGRADE] = (nfsd4_enc)nfsd4_encode_open_downgrade,
5205 [OP_PUTFH] = (nfsd4_enc)nfsd4_encode_noop,
5206 [OP_PUTPUBFH] = (nfsd4_enc)nfsd4_encode_noop,
5207 [OP_PUTROOTFH] = (nfsd4_enc)nfsd4_encode_noop,
5208 [OP_READ] = (nfsd4_enc)nfsd4_encode_read,
5209 [OP_READDIR] = (nfsd4_enc)nfsd4_encode_readdir,
5210 [OP_READLINK] = (nfsd4_enc)nfsd4_encode_readlink,
5211 [OP_REMOVE] = (nfsd4_enc)nfsd4_encode_remove,
5212 [OP_RENAME] = (nfsd4_enc)nfsd4_encode_rename,
5213 [OP_RENEW] = (nfsd4_enc)nfsd4_encode_noop,
5214 [OP_RESTOREFH] = (nfsd4_enc)nfsd4_encode_noop,
5215 [OP_SAVEFH] = (nfsd4_enc)nfsd4_encode_noop,
5216 [OP_SECINFO] = (nfsd4_enc)nfsd4_encode_secinfo,
5217 [OP_SETATTR] = (nfsd4_enc)nfsd4_encode_setattr,
5218 [OP_SETCLIENTID] = (nfsd4_enc)nfsd4_encode_setclientid,
5219 [OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
5220 [OP_VERIFY] = (nfsd4_enc)nfsd4_encode_noop,
5221 [OP_WRITE] = (nfsd4_enc)nfsd4_encode_write,
5222 [OP_RELEASE_LOCKOWNER] = (nfsd4_enc)nfsd4_encode_noop,
5223
5224 /* NFSv4.1 operations */
5225 [OP_BACKCHANNEL_CTL] = (nfsd4_enc)nfsd4_encode_noop,
5226 [OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
5227 [OP_EXCHANGE_ID] = (nfsd4_enc)nfsd4_encode_exchange_id,
5228 [OP_CREATE_SESSION] = (nfsd4_enc)nfsd4_encode_create_session,
5229 [OP_DESTROY_SESSION] = (nfsd4_enc)nfsd4_encode_noop,
5230 [OP_FREE_STATEID] = (nfsd4_enc)nfsd4_encode_noop,
5231 [OP_GET_DIR_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
5232#ifdef CONFIG_NFSD_PNFS
5233 [OP_GETDEVICEINFO] = (nfsd4_enc)nfsd4_encode_getdeviceinfo,
5234 [OP_GETDEVICELIST] = (nfsd4_enc)nfsd4_encode_noop,
5235 [OP_LAYOUTCOMMIT] = (nfsd4_enc)nfsd4_encode_layoutcommit,
5236 [OP_LAYOUTGET] = (nfsd4_enc)nfsd4_encode_layoutget,
5237 [OP_LAYOUTRETURN] = (nfsd4_enc)nfsd4_encode_layoutreturn,
5238#else
5239 [OP_GETDEVICEINFO] = (nfsd4_enc)nfsd4_encode_noop,
5240 [OP_GETDEVICELIST] = (nfsd4_enc)nfsd4_encode_noop,
5241 [OP_LAYOUTCOMMIT] = (nfsd4_enc)nfsd4_encode_noop,
5242 [OP_LAYOUTGET] = (nfsd4_enc)nfsd4_encode_noop,
5243 [OP_LAYOUTRETURN] = (nfsd4_enc)nfsd4_encode_noop,
5244#endif
5245 [OP_SECINFO_NO_NAME] = (nfsd4_enc)nfsd4_encode_secinfo_no_name,
5246 [OP_SEQUENCE] = (nfsd4_enc)nfsd4_encode_sequence,
5247 [OP_SET_SSV] = (nfsd4_enc)nfsd4_encode_noop,
5248 [OP_TEST_STATEID] = (nfsd4_enc)nfsd4_encode_test_stateid,
5249 [OP_WANT_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
5250 [OP_DESTROY_CLIENTID] = (nfsd4_enc)nfsd4_encode_noop,
5251 [OP_RECLAIM_COMPLETE] = (nfsd4_enc)nfsd4_encode_noop,
5252
5253 /* NFSv4.2 operations */
5254 [OP_ALLOCATE] = (nfsd4_enc)nfsd4_encode_noop,
5255 [OP_COPY] = (nfsd4_enc)nfsd4_encode_copy,
5256 [OP_COPY_NOTIFY] = (nfsd4_enc)nfsd4_encode_copy_notify,
5257 [OP_DEALLOCATE] = (nfsd4_enc)nfsd4_encode_noop,
5258 [OP_IO_ADVISE] = (nfsd4_enc)nfsd4_encode_noop,
5259 [OP_LAYOUTERROR] = (nfsd4_enc)nfsd4_encode_noop,
5260 [OP_LAYOUTSTATS] = (nfsd4_enc)nfsd4_encode_noop,
5261 [OP_OFFLOAD_CANCEL] = (nfsd4_enc)nfsd4_encode_noop,
5262 [OP_OFFLOAD_STATUS] = (nfsd4_enc)nfsd4_encode_offload_status,
5263 [OP_READ_PLUS] = (nfsd4_enc)nfsd4_encode_read_plus,
5264 [OP_SEEK] = (nfsd4_enc)nfsd4_encode_seek,
5265 [OP_WRITE_SAME] = (nfsd4_enc)nfsd4_encode_noop,
5266 [OP_CLONE] = (nfsd4_enc)nfsd4_encode_noop,
5267
5268 /* RFC 8276 extended atributes operations */
5269 [OP_GETXATTR] = (nfsd4_enc)nfsd4_encode_getxattr,
5270 [OP_SETXATTR] = (nfsd4_enc)nfsd4_encode_setxattr,
5271 [OP_LISTXATTRS] = (nfsd4_enc)nfsd4_encode_listxattrs,
5272 [OP_REMOVEXATTR] = (nfsd4_enc)nfsd4_encode_removexattr,
5273};
5274
5275/*
5276 * Calculate whether we still have space to encode repsize bytes.
5277 * There are two considerations:
5278 * - For NFS versions >=4.1, the size of the reply must stay within
5279 * session limits
5280 * - For all NFS versions, we must stay within limited preallocated
5281 * buffer space.
5282 *
5283 * This is called before the operation is processed, so can only provide
5284 * an upper estimate. For some nonidempotent operations (such as
5285 * getattr), it's not necessarily a problem if that estimate is wrong,
5286 * as we can fail it after processing without significant side effects.
5287 */
5288__be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
5289{
5290 struct xdr_buf *buf = &resp->rqstp->rq_res;
5291 struct nfsd4_slot *slot = resp->cstate.slot;
5292
5293 if (buf->len + respsize <= buf->buflen)
5294 return nfs_ok;
5295 if (!nfsd4_has_session(&resp->cstate))
5296 return nfserr_resource;
5297 if (slot->sl_flags & NFSD4_SLOT_CACHETHIS) {
5298 WARN_ON_ONCE(1);
5299 return nfserr_rep_too_big_to_cache;
5300 }
5301 return nfserr_rep_too_big;
5302}
5303
5304void
5305nfsd4_encode_operation(struct nfsd4_compoundres *resp, struct nfsd4_op *op)
5306{
5307 struct xdr_stream *xdr = resp->xdr;
5308 struct nfs4_stateowner *so = resp->cstate.replay_owner;
5309 struct svc_rqst *rqstp = resp->rqstp;
5310 const struct nfsd4_operation *opdesc = op->opdesc;
5311 int post_err_offset;
5312 nfsd4_enc encoder;
5313 __be32 *p;
5314
5315 p = xdr_reserve_space(xdr, 8);
5316 if (!p) {
5317 WARN_ON_ONCE(1);
5318 return;
5319 }
5320 *p++ = cpu_to_be32(op->opnum);
5321 post_err_offset = xdr->buf->len;
5322
5323 if (op->opnum == OP_ILLEGAL)
5324 goto status;
5325 if (op->status && opdesc &&
5326 !(opdesc->op_flags & OP_NONTRIVIAL_ERROR_ENCODE))
5327 goto status;
5328 BUG_ON(op->opnum >= ARRAY_SIZE(nfsd4_enc_ops) ||
5329 !nfsd4_enc_ops[op->opnum]);
5330 encoder = nfsd4_enc_ops[op->opnum];
5331 op->status = encoder(resp, op->status, &op->u);
5332 if (op->status)
5333 trace_nfsd_compound_encode_err(rqstp, op->opnum, op->status);
5334 if (opdesc && opdesc->op_release)
5335 opdesc->op_release(&op->u);
5336 xdr_commit_encode(xdr);
5337
5338 /* nfsd4_check_resp_size guarantees enough room for error status */
5339 if (!op->status) {
5340 int space_needed = 0;
5341 if (!nfsd4_last_compound_op(rqstp))
5342 space_needed = COMPOUND_ERR_SLACK_SPACE;
5343 op->status = nfsd4_check_resp_size(resp, space_needed);
5344 }
5345 if (op->status == nfserr_resource && nfsd4_has_session(&resp->cstate)) {
5346 struct nfsd4_slot *slot = resp->cstate.slot;
5347
5348 if (slot->sl_flags & NFSD4_SLOT_CACHETHIS)
5349 op->status = nfserr_rep_too_big_to_cache;
5350 else
5351 op->status = nfserr_rep_too_big;
5352 }
5353 if (op->status == nfserr_resource ||
5354 op->status == nfserr_rep_too_big ||
5355 op->status == nfserr_rep_too_big_to_cache) {
5356 /*
5357 * The operation may have already been encoded or
5358 * partially encoded. No op returns anything additional
5359 * in the case of one of these three errors, so we can
5360 * just truncate back to after the status. But it's a
5361 * bug if we had to do this on a non-idempotent op:
5362 */
5363 warn_on_nonidempotent_op(op);
5364 xdr_truncate_encode(xdr, post_err_offset);
5365 }
5366 if (so) {
5367 int len = xdr->buf->len - post_err_offset;
5368
5369 so->so_replay.rp_status = op->status;
5370 so->so_replay.rp_buflen = len;
5371 read_bytes_from_xdr_buf(xdr->buf, post_err_offset,
5372 so->so_replay.rp_buf, len);
5373 }
5374status:
5375 /* Note that op->status is already in network byte order: */
5376 write_bytes_to_xdr_buf(xdr->buf, post_err_offset - 4, &op->status, 4);
5377}
5378
5379/*
5380 * Encode the reply stored in the stateowner reply cache
5381 *
5382 * XDR note: do not encode rp->rp_buflen: the buffer contains the
5383 * previously sent already encoded operation.
5384 */
5385void
5386nfsd4_encode_replay(struct xdr_stream *xdr, struct nfsd4_op *op)
5387{
5388 __be32 *p;
5389 struct nfs4_replay *rp = op->replay;
5390
5391 p = xdr_reserve_space(xdr, 8 + rp->rp_buflen);
5392 if (!p) {
5393 WARN_ON_ONCE(1);
5394 return;
5395 }
5396 *p++ = cpu_to_be32(op->opnum);
5397 *p++ = rp->rp_status; /* already xdr'ed */
5398
5399 p = xdr_encode_opaque_fixed(p, rp->rp_buf, rp->rp_buflen);
5400}
5401
5402void nfsd4_release_compoundargs(struct svc_rqst *rqstp)
5403{
5404 struct nfsd4_compoundargs *args = rqstp->rq_argp;
5405
5406 if (args->ops != args->iops) {
5407 kfree(args->ops);
5408 args->ops = args->iops;
5409 }
5410 while (args->to_free) {
5411 struct svcxdr_tmpbuf *tb = args->to_free;
5412 args->to_free = tb->next;
5413 kfree(tb);
5414 }
5415}
5416
5417int
5418nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p)
5419{
5420 struct nfsd4_compoundargs *args = rqstp->rq_argp;
5421
5422 /* svcxdr_tmp_alloc */
5423 args->to_free = NULL;
5424
5425 args->xdr = &rqstp->rq_arg_stream;
5426 args->ops = args->iops;
5427 args->rqstp = rqstp;
5428
5429 return nfsd4_decode_compound(args);
5430}
5431
5432int
5433nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p)
5434{
5435 struct nfsd4_compoundres *resp = rqstp->rq_resp;
5436 struct xdr_buf *buf = resp->xdr->buf;
5437
5438 WARN_ON_ONCE(buf->len != buf->head[0].iov_len + buf->page_len +
5439 buf->tail[0].iov_len);
5440
5441 *p = resp->cstate.status;
5442
5443 rqstp->rq_next_page = resp->xdr->page_ptr + 1;
5444
5445 p = resp->tagp;
5446 *p++ = htonl(resp->taglen);
5447 memcpy(p, resp->tag, resp->taglen);
5448 p += XDR_QUADLEN(resp->taglen);
5449 *p++ = htonl(resp->opcnt);
5450
5451 nfsd4_sequence_done(resp);
5452 return 1;
5453}