Loading...
1/*
2 * NFS server file handle treatment.
3 *
4 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
5 * Portions Copyright (C) 1999 G. Allen Morris III <gam3@acm.org>
6 * Extensive rewrite by Neil Brown <neilb@cse.unsw.edu.au> Southern-Spring 1999
7 * ... and again Southern-Winter 2001 to support export_operations
8 */
9
10#include <linux/exportfs.h>
11
12#include <linux/sunrpc/svcauth_gss.h>
13#include "nfsd.h"
14#include "vfs.h"
15#include "auth.h"
16
17#define NFSDDBG_FACILITY NFSDDBG_FH
18
19
20/*
21 * our acceptability function.
22 * if NOSUBTREECHECK, accept anything
23 * if not, require that we can walk up to exp->ex_dentry
24 * doing some checks on the 'x' bits
25 */
26static int nfsd_acceptable(void *expv, struct dentry *dentry)
27{
28 struct svc_export *exp = expv;
29 int rv;
30 struct dentry *tdentry;
31 struct dentry *parent;
32
33 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
34 return 1;
35
36 tdentry = dget(dentry);
37 while (tdentry != exp->ex_path.dentry && !IS_ROOT(tdentry)) {
38 /* make sure parents give x permission to user */
39 int err;
40 parent = dget_parent(tdentry);
41 err = inode_permission(parent->d_inode, MAY_EXEC);
42 if (err < 0) {
43 dput(parent);
44 break;
45 }
46 dput(tdentry);
47 tdentry = parent;
48 }
49 if (tdentry != exp->ex_path.dentry)
50 dprintk("nfsd_acceptable failed at %p %s\n", tdentry, tdentry->d_name.name);
51 rv = (tdentry == exp->ex_path.dentry);
52 dput(tdentry);
53 return rv;
54}
55
56/* Type check. The correct error return for type mismatches does not seem to be
57 * generally agreed upon. SunOS seems to use EISDIR if file isn't S_IFREG; a
58 * comment in the NFSv3 spec says this is incorrect (implementation notes for
59 * the write call).
60 */
61static inline __be32
62nfsd_mode_check(struct svc_rqst *rqstp, umode_t mode, umode_t requested)
63{
64 mode &= S_IFMT;
65
66 if (requested == 0) /* the caller doesn't care */
67 return nfs_ok;
68 if (mode == requested)
69 return nfs_ok;
70 /*
71 * v4 has an error more specific than err_notdir which we should
72 * return in preference to err_notdir:
73 */
74 if (rqstp->rq_vers == 4 && mode == S_IFLNK)
75 return nfserr_symlink;
76 if (requested == S_IFDIR)
77 return nfserr_notdir;
78 if (mode == S_IFDIR)
79 return nfserr_isdir;
80 return nfserr_inval;
81}
82
83static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
84 struct svc_export *exp)
85{
86 int flags = nfsexp_flags(rqstp, exp);
87
88 /* Check if the request originated from a secure port. */
89 if (!rqstp->rq_secure && !(flags & NFSEXP_INSECURE_PORT)) {
90 RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
91 dprintk(KERN_WARNING
92 "nfsd: request from insecure port %s!\n",
93 svc_print_addr(rqstp, buf, sizeof(buf)));
94 return nfserr_perm;
95 }
96
97 /* Set user creds for this exportpoint */
98 return nfserrno(nfsd_setuser(rqstp, exp));
99}
100
101static inline __be32 check_pseudo_root(struct svc_rqst *rqstp,
102 struct dentry *dentry, struct svc_export *exp)
103{
104 if (!(exp->ex_flags & NFSEXP_V4ROOT))
105 return nfs_ok;
106 /*
107 * v2/v3 clients have no need for the V4ROOT export--they use
108 * the mount protocl instead; also, further V4ROOT checks may be
109 * in v4-specific code, in which case v2/v3 clients could bypass
110 * them.
111 */
112 if (!nfsd_v4client(rqstp))
113 return nfserr_stale;
114 /*
115 * We're exposing only the directories and symlinks that have to be
116 * traversed on the way to real exports:
117 */
118 if (unlikely(!S_ISDIR(dentry->d_inode->i_mode) &&
119 !S_ISLNK(dentry->d_inode->i_mode)))
120 return nfserr_stale;
121 /*
122 * A pseudoroot export gives permission to access only one
123 * single directory; the kernel has to make another upcall
124 * before granting access to anything else under it:
125 */
126 if (unlikely(dentry != exp->ex_path.dentry))
127 return nfserr_stale;
128 return nfs_ok;
129}
130
131/*
132 * Use the given filehandle to look up the corresponding export and
133 * dentry. On success, the results are used to set fh_export and
134 * fh_dentry.
135 */
136static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
137{
138 struct knfsd_fh *fh = &fhp->fh_handle;
139 struct fid *fid = NULL, sfid;
140 struct svc_export *exp;
141 struct dentry *dentry;
142 int fileid_type;
143 int data_left = fh->fh_size/4;
144 __be32 error;
145
146 error = nfserr_stale;
147 if (rqstp->rq_vers > 2)
148 error = nfserr_badhandle;
149 if (rqstp->rq_vers == 4 && fh->fh_size == 0)
150 return nfserr_nofilehandle;
151
152 if (fh->fh_version == 1) {
153 int len;
154
155 if (--data_left < 0)
156 return error;
157 if (fh->fh_auth_type != 0)
158 return error;
159 len = key_len(fh->fh_fsid_type) / 4;
160 if (len == 0)
161 return error;
162 if (fh->fh_fsid_type == FSID_MAJOR_MINOR) {
163 /* deprecated, convert to type 3 */
164 len = key_len(FSID_ENCODE_DEV)/4;
165 fh->fh_fsid_type = FSID_ENCODE_DEV;
166 fh->fh_fsid[0] = new_encode_dev(MKDEV(ntohl(fh->fh_fsid[0]), ntohl(fh->fh_fsid[1])));
167 fh->fh_fsid[1] = fh->fh_fsid[2];
168 }
169 data_left -= len;
170 if (data_left < 0)
171 return error;
172 exp = rqst_exp_find(rqstp, fh->fh_fsid_type, fh->fh_auth);
173 fid = (struct fid *)(fh->fh_auth + len);
174 } else {
175 __u32 tfh[2];
176 dev_t xdev;
177 ino_t xino;
178
179 if (fh->fh_size != NFS_FHSIZE)
180 return error;
181 /* assume old filehandle format */
182 xdev = old_decode_dev(fh->ofh_xdev);
183 xino = u32_to_ino_t(fh->ofh_xino);
184 mk_fsid(FSID_DEV, tfh, xdev, xino, 0, NULL);
185 exp = rqst_exp_find(rqstp, FSID_DEV, tfh);
186 }
187
188 error = nfserr_stale;
189 if (PTR_ERR(exp) == -ENOENT)
190 return error;
191
192 if (IS_ERR(exp))
193 return nfserrno(PTR_ERR(exp));
194
195 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) {
196 /* Elevate privileges so that the lack of 'r' or 'x'
197 * permission on some parent directory will
198 * not stop exportfs_decode_fh from being able
199 * to reconnect a directory into the dentry cache.
200 * The same problem can affect "SUBTREECHECK" exports,
201 * but as nfsd_acceptable depends on correct
202 * access control settings being in effect, we cannot
203 * fix that case easily.
204 */
205 struct cred *new = prepare_creds();
206 if (!new)
207 return nfserrno(-ENOMEM);
208 new->cap_effective =
209 cap_raise_nfsd_set(new->cap_effective,
210 new->cap_permitted);
211 put_cred(override_creds(new));
212 put_cred(new);
213 } else {
214 error = nfsd_setuser_and_check_port(rqstp, exp);
215 if (error)
216 goto out;
217 }
218
219 /*
220 * Look up the dentry using the NFS file handle.
221 */
222 error = nfserr_stale;
223 if (rqstp->rq_vers > 2)
224 error = nfserr_badhandle;
225
226 if (fh->fh_version != 1) {
227 sfid.i32.ino = fh->ofh_ino;
228 sfid.i32.gen = fh->ofh_generation;
229 sfid.i32.parent_ino = fh->ofh_dirino;
230 fid = &sfid;
231 data_left = 3;
232 if (fh->ofh_dirino == 0)
233 fileid_type = FILEID_INO32_GEN;
234 else
235 fileid_type = FILEID_INO32_GEN_PARENT;
236 } else
237 fileid_type = fh->fh_fileid_type;
238
239 if (fileid_type == FILEID_ROOT)
240 dentry = dget(exp->ex_path.dentry);
241 else {
242 dentry = exportfs_decode_fh(exp->ex_path.mnt, fid,
243 data_left, fileid_type,
244 nfsd_acceptable, exp);
245 }
246 if (dentry == NULL)
247 goto out;
248 if (IS_ERR(dentry)) {
249 if (PTR_ERR(dentry) != -EINVAL)
250 error = nfserrno(PTR_ERR(dentry));
251 goto out;
252 }
253
254 if (S_ISDIR(dentry->d_inode->i_mode) &&
255 (dentry->d_flags & DCACHE_DISCONNECTED)) {
256 printk("nfsd: find_fh_dentry returned a DISCONNECTED directory: %s/%s\n",
257 dentry->d_parent->d_name.name, dentry->d_name.name);
258 }
259
260 fhp->fh_dentry = dentry;
261 fhp->fh_export = exp;
262 return 0;
263out:
264 exp_put(exp);
265 return error;
266}
267
268/**
269 * fh_verify - filehandle lookup and access checking
270 * @rqstp: pointer to current rpc request
271 * @fhp: filehandle to be verified
272 * @type: expected type of object pointed to by filehandle
273 * @access: type of access needed to object
274 *
275 * Look up a dentry from the on-the-wire filehandle, check the client's
276 * access to the export, and set the current task's credentials.
277 *
278 * Regardless of success or failure of fh_verify(), fh_put() should be
279 * called on @fhp when the caller is finished with the filehandle.
280 *
281 * fh_verify() may be called multiple times on a given filehandle, for
282 * example, when processing an NFSv4 compound. The first call will look
283 * up a dentry using the on-the-wire filehandle. Subsequent calls will
284 * skip the lookup and just perform the other checks and possibly change
285 * the current task's credentials.
286 *
287 * @type specifies the type of object expected using one of the S_IF*
288 * constants defined in include/linux/stat.h. The caller may use zero
289 * to indicate that it doesn't care, or a negative integer to indicate
290 * that it expects something not of the given type.
291 *
292 * @access is formed from the NFSD_MAY_* constants defined in
293 * include/linux/nfsd/nfsd.h.
294 */
295__be32
296fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access)
297{
298 struct svc_export *exp;
299 struct dentry *dentry;
300 __be32 error;
301
302 dprintk("nfsd: fh_verify(%s)\n", SVCFH_fmt(fhp));
303
304 if (!fhp->fh_dentry) {
305 error = nfsd_set_fh_dentry(rqstp, fhp);
306 if (error)
307 goto out;
308 }
309 dentry = fhp->fh_dentry;
310 exp = fhp->fh_export;
311 /*
312 * We still have to do all these permission checks, even when
313 * fh_dentry is already set:
314 * - fh_verify may be called multiple times with different
315 * "access" arguments (e.g. nfsd_proc_create calls
316 * fh_verify(...,NFSD_MAY_EXEC) first, then later (in
317 * nfsd_create) calls fh_verify(...,NFSD_MAY_CREATE).
318 * - in the NFSv4 case, the filehandle may have been filled
319 * in by fh_compose, and given a dentry, but further
320 * compound operations performed with that filehandle
321 * still need permissions checks. In the worst case, a
322 * mountpoint crossing may have changed the export
323 * options, and we may now need to use a different uid
324 * (for example, if different id-squashing options are in
325 * effect on the new filesystem).
326 */
327 error = check_pseudo_root(rqstp, dentry, exp);
328 if (error)
329 goto out;
330
331 error = nfsd_setuser_and_check_port(rqstp, exp);
332 if (error)
333 goto out;
334
335 error = nfsd_mode_check(rqstp, dentry->d_inode->i_mode, type);
336 if (error)
337 goto out;
338
339 /*
340 * pseudoflavor restrictions are not enforced on NLM,
341 * which clients virtually always use auth_sys for,
342 * even while using RPCSEC_GSS for NFS.
343 */
344 if (access & NFSD_MAY_LOCK || access & NFSD_MAY_BYPASS_GSS)
345 goto skip_pseudoflavor_check;
346 /*
347 * Clients may expect to be able to use auth_sys during mount,
348 * even if they use gss for everything else; see section 2.3.2
349 * of rfc 2623.
350 */
351 if (access & NFSD_MAY_BYPASS_GSS_ON_ROOT
352 && exp->ex_path.dentry == dentry)
353 goto skip_pseudoflavor_check;
354
355 error = check_nfsd_access(exp, rqstp);
356 if (error)
357 goto out;
358
359skip_pseudoflavor_check:
360 /* Finally, check access permissions. */
361 error = nfsd_permission(rqstp, exp, dentry, access);
362
363 if (error) {
364 dprintk("fh_verify: %s/%s permission failure, "
365 "acc=%x, error=%d\n",
366 dentry->d_parent->d_name.name,
367 dentry->d_name.name,
368 access, ntohl(error));
369 }
370out:
371 if (error == nfserr_stale)
372 nfsdstats.fh_stale++;
373 return error;
374}
375
376
377/*
378 * Compose a file handle for an NFS reply.
379 *
380 * Note that when first composed, the dentry may not yet have
381 * an inode. In this case a call to fh_update should be made
382 * before the fh goes out on the wire ...
383 */
384static void _fh_update(struct svc_fh *fhp, struct svc_export *exp,
385 struct dentry *dentry)
386{
387 if (dentry != exp->ex_path.dentry) {
388 struct fid *fid = (struct fid *)
389 (fhp->fh_handle.fh_auth + fhp->fh_handle.fh_size/4 - 1);
390 int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;
391 int subtreecheck = !(exp->ex_flags & NFSEXP_NOSUBTREECHECK);
392
393 fhp->fh_handle.fh_fileid_type =
394 exportfs_encode_fh(dentry, fid, &maxsize, subtreecheck);
395 fhp->fh_handle.fh_size += maxsize * 4;
396 } else {
397 fhp->fh_handle.fh_fileid_type = FILEID_ROOT;
398 }
399}
400
401/*
402 * for composing old style file handles
403 */
404static inline void _fh_update_old(struct dentry *dentry,
405 struct svc_export *exp,
406 struct knfsd_fh *fh)
407{
408 fh->ofh_ino = ino_t_to_u32(dentry->d_inode->i_ino);
409 fh->ofh_generation = dentry->d_inode->i_generation;
410 if (S_ISDIR(dentry->d_inode->i_mode) ||
411 (exp->ex_flags & NFSEXP_NOSUBTREECHECK))
412 fh->ofh_dirino = 0;
413}
414
415static bool is_root_export(struct svc_export *exp)
416{
417 return exp->ex_path.dentry == exp->ex_path.dentry->d_sb->s_root;
418}
419
420static struct super_block *exp_sb(struct svc_export *exp)
421{
422 return exp->ex_path.dentry->d_inode->i_sb;
423}
424
425static bool fsid_type_ok_for_exp(u8 fsid_type, struct svc_export *exp)
426{
427 switch (fsid_type) {
428 case FSID_DEV:
429 if (!old_valid_dev(exp_sb(exp)->s_dev))
430 return 0;
431 /* FALL THROUGH */
432 case FSID_MAJOR_MINOR:
433 case FSID_ENCODE_DEV:
434 return exp_sb(exp)->s_type->fs_flags & FS_REQUIRES_DEV;
435 case FSID_NUM:
436 return exp->ex_flags & NFSEXP_FSID;
437 case FSID_UUID8:
438 case FSID_UUID16:
439 if (!is_root_export(exp))
440 return 0;
441 /* fall through */
442 case FSID_UUID4_INUM:
443 case FSID_UUID16_INUM:
444 return exp->ex_uuid != NULL;
445 }
446 return 1;
447}
448
449
450static void set_version_and_fsid_type(struct svc_fh *fhp, struct svc_export *exp, struct svc_fh *ref_fh)
451{
452 u8 version;
453 u8 fsid_type;
454retry:
455 version = 1;
456 if (ref_fh && ref_fh->fh_export == exp) {
457 version = ref_fh->fh_handle.fh_version;
458 fsid_type = ref_fh->fh_handle.fh_fsid_type;
459
460 ref_fh = NULL;
461
462 switch (version) {
463 case 0xca:
464 fsid_type = FSID_DEV;
465 break;
466 case 1:
467 break;
468 default:
469 goto retry;
470 }
471
472 /*
473 * As the fsid -> filesystem mapping was guided by
474 * user-space, there is no guarantee that the filesystem
475 * actually supports that fsid type. If it doesn't we
476 * loop around again without ref_fh set.
477 */
478 if (!fsid_type_ok_for_exp(fsid_type, exp))
479 goto retry;
480 } else if (exp->ex_flags & NFSEXP_FSID) {
481 fsid_type = FSID_NUM;
482 } else if (exp->ex_uuid) {
483 if (fhp->fh_maxsize >= 64) {
484 if (is_root_export(exp))
485 fsid_type = FSID_UUID16;
486 else
487 fsid_type = FSID_UUID16_INUM;
488 } else {
489 if (is_root_export(exp))
490 fsid_type = FSID_UUID8;
491 else
492 fsid_type = FSID_UUID4_INUM;
493 }
494 } else if (!old_valid_dev(exp_sb(exp)->s_dev))
495 /* for newer device numbers, we must use a newer fsid format */
496 fsid_type = FSID_ENCODE_DEV;
497 else
498 fsid_type = FSID_DEV;
499 fhp->fh_handle.fh_version = version;
500 if (version)
501 fhp->fh_handle.fh_fsid_type = fsid_type;
502}
503
504__be32
505fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry,
506 struct svc_fh *ref_fh)
507{
508 /* ref_fh is a reference file handle.
509 * if it is non-null and for the same filesystem, then we should compose
510 * a filehandle which is of the same version, where possible.
511 * Currently, that means that if ref_fh->fh_handle.fh_version == 0xca
512 * Then create a 32byte filehandle using nfs_fhbase_old
513 *
514 */
515
516 struct inode * inode = dentry->d_inode;
517 struct dentry *parent = dentry->d_parent;
518 __u32 *datap;
519 dev_t ex_dev = exp_sb(exp)->s_dev;
520
521 dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %s/%s, ino=%ld)\n",
522 MAJOR(ex_dev), MINOR(ex_dev),
523 (long) exp->ex_path.dentry->d_inode->i_ino,
524 parent->d_name.name, dentry->d_name.name,
525 (inode ? inode->i_ino : 0));
526
527 /* Choose filehandle version and fsid type based on
528 * the reference filehandle (if it is in the same export)
529 * or the export options.
530 */
531 set_version_and_fsid_type(fhp, exp, ref_fh);
532
533 if (ref_fh == fhp)
534 fh_put(ref_fh);
535
536 if (fhp->fh_locked || fhp->fh_dentry) {
537 printk(KERN_ERR "fh_compose: fh %s/%s not initialized!\n",
538 parent->d_name.name, dentry->d_name.name);
539 }
540 if (fhp->fh_maxsize < NFS_FHSIZE)
541 printk(KERN_ERR "fh_compose: called with maxsize %d! %s/%s\n",
542 fhp->fh_maxsize,
543 parent->d_name.name, dentry->d_name.name);
544
545 fhp->fh_dentry = dget(dentry); /* our internal copy */
546 fhp->fh_export = exp;
547 cache_get(&exp->h);
548
549 if (fhp->fh_handle.fh_version == 0xca) {
550 /* old style filehandle please */
551 memset(&fhp->fh_handle.fh_base, 0, NFS_FHSIZE);
552 fhp->fh_handle.fh_size = NFS_FHSIZE;
553 fhp->fh_handle.ofh_dcookie = 0xfeebbaca;
554 fhp->fh_handle.ofh_dev = old_encode_dev(ex_dev);
555 fhp->fh_handle.ofh_xdev = fhp->fh_handle.ofh_dev;
556 fhp->fh_handle.ofh_xino =
557 ino_t_to_u32(exp->ex_path.dentry->d_inode->i_ino);
558 fhp->fh_handle.ofh_dirino = ino_t_to_u32(parent_ino(dentry));
559 if (inode)
560 _fh_update_old(dentry, exp, &fhp->fh_handle);
561 } else {
562 int len;
563 fhp->fh_handle.fh_auth_type = 0;
564 datap = fhp->fh_handle.fh_auth+0;
565 mk_fsid(fhp->fh_handle.fh_fsid_type, datap, ex_dev,
566 exp->ex_path.dentry->d_inode->i_ino,
567 exp->ex_fsid, exp->ex_uuid);
568
569 len = key_len(fhp->fh_handle.fh_fsid_type);
570 datap += len/4;
571 fhp->fh_handle.fh_size = 4 + len;
572
573 if (inode)
574 _fh_update(fhp, exp, dentry);
575 if (fhp->fh_handle.fh_fileid_type == 255) {
576 fh_put(fhp);
577 return nfserr_opnotsupp;
578 }
579 }
580
581 return 0;
582}
583
584/*
585 * Update file handle information after changing a dentry.
586 * This is only called by nfsd_create, nfsd_create_v3 and nfsd_proc_create
587 */
588__be32
589fh_update(struct svc_fh *fhp)
590{
591 struct dentry *dentry;
592
593 if (!fhp->fh_dentry)
594 goto out_bad;
595
596 dentry = fhp->fh_dentry;
597 if (!dentry->d_inode)
598 goto out_negative;
599 if (fhp->fh_handle.fh_version != 1) {
600 _fh_update_old(dentry, fhp->fh_export, &fhp->fh_handle);
601 } else {
602 if (fhp->fh_handle.fh_fileid_type != FILEID_ROOT)
603 goto out;
604
605 _fh_update(fhp, fhp->fh_export, dentry);
606 if (fhp->fh_handle.fh_fileid_type == 255)
607 return nfserr_opnotsupp;
608 }
609out:
610 return 0;
611
612out_bad:
613 printk(KERN_ERR "fh_update: fh not verified!\n");
614 goto out;
615out_negative:
616 printk(KERN_ERR "fh_update: %s/%s still negative!\n",
617 dentry->d_parent->d_name.name, dentry->d_name.name);
618 goto out;
619}
620
621/*
622 * Release a file handle.
623 */
624void
625fh_put(struct svc_fh *fhp)
626{
627 struct dentry * dentry = fhp->fh_dentry;
628 struct svc_export * exp = fhp->fh_export;
629 if (dentry) {
630 fh_unlock(fhp);
631 fhp->fh_dentry = NULL;
632 dput(dentry);
633#ifdef CONFIG_NFSD_V3
634 fhp->fh_pre_saved = 0;
635 fhp->fh_post_saved = 0;
636#endif
637 }
638 if (exp) {
639 exp_put(exp);
640 fhp->fh_export = NULL;
641 }
642 return;
643}
644
645/*
646 * Shorthand for dprintk()'s
647 */
648char * SVCFH_fmt(struct svc_fh *fhp)
649{
650 struct knfsd_fh *fh = &fhp->fh_handle;
651
652 static char buf[80];
653 sprintf(buf, "%d: %08x %08x %08x %08x %08x %08x",
654 fh->fh_size,
655 fh->fh_base.fh_pad[0],
656 fh->fh_base.fh_pad[1],
657 fh->fh_base.fh_pad[2],
658 fh->fh_base.fh_pad[3],
659 fh->fh_base.fh_pad[4],
660 fh->fh_base.fh_pad[5]);
661 return buf;
662}
663
664enum fsid_source fsid_source(struct svc_fh *fhp)
665{
666 if (fhp->fh_handle.fh_version != 1)
667 return FSIDSOURCE_DEV;
668 switch(fhp->fh_handle.fh_fsid_type) {
669 case FSID_DEV:
670 case FSID_ENCODE_DEV:
671 case FSID_MAJOR_MINOR:
672 if (exp_sb(fhp->fh_export)->s_type->fs_flags & FS_REQUIRES_DEV)
673 return FSIDSOURCE_DEV;
674 break;
675 case FSID_NUM:
676 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
677 return FSIDSOURCE_FSID;
678 break;
679 default:
680 break;
681 }
682 /* either a UUID type filehandle, or the filehandle doesn't
683 * match the export.
684 */
685 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
686 return FSIDSOURCE_FSID;
687 if (fhp->fh_export->ex_uuid)
688 return FSIDSOURCE_UUID;
689 return FSIDSOURCE_DEV;
690}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * NFS server file handle treatment.
4 *
5 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
6 * Portions Copyright (C) 1999 G. Allen Morris III <gam3@acm.org>
7 * Extensive rewrite by Neil Brown <neilb@cse.unsw.edu.au> Southern-Spring 1999
8 * ... and again Southern-Winter 2001 to support export_operations
9 */
10
11#include <linux/exportfs.h>
12
13#include <linux/sunrpc/svcauth_gss.h>
14#include "nfsd.h"
15#include "vfs.h"
16#include "auth.h"
17#include "trace.h"
18
19#define NFSDDBG_FACILITY NFSDDBG_FH
20
21
22/*
23 * our acceptability function.
24 * if NOSUBTREECHECK, accept anything
25 * if not, require that we can walk up to exp->ex_dentry
26 * doing some checks on the 'x' bits
27 */
28static int nfsd_acceptable(void *expv, struct dentry *dentry)
29{
30 struct svc_export *exp = expv;
31 int rv;
32 struct dentry *tdentry;
33 struct dentry *parent;
34
35 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK)
36 return 1;
37
38 tdentry = dget(dentry);
39 while (tdentry != exp->ex_path.dentry && !IS_ROOT(tdentry)) {
40 /* make sure parents give x permission to user */
41 int err;
42 parent = dget_parent(tdentry);
43 err = inode_permission(&nop_mnt_idmap,
44 d_inode(parent), MAY_EXEC);
45 if (err < 0) {
46 dput(parent);
47 break;
48 }
49 dput(tdentry);
50 tdentry = parent;
51 }
52 if (tdentry != exp->ex_path.dentry)
53 dprintk("nfsd_acceptable failed at %p %pd\n", tdentry, tdentry);
54 rv = (tdentry == exp->ex_path.dentry);
55 dput(tdentry);
56 return rv;
57}
58
59/* Type check. The correct error return for type mismatches does not seem to be
60 * generally agreed upon. SunOS seems to use EISDIR if file isn't S_IFREG; a
61 * comment in the NFSv3 spec says this is incorrect (implementation notes for
62 * the write call).
63 */
64static inline __be32
65nfsd_mode_check(struct dentry *dentry, umode_t requested)
66{
67 umode_t mode = d_inode(dentry)->i_mode & S_IFMT;
68
69 if (requested == 0) /* the caller doesn't care */
70 return nfs_ok;
71 if (mode == requested) {
72 if (mode == S_IFDIR && !d_can_lookup(dentry)) {
73 WARN_ON_ONCE(1);
74 return nfserr_notdir;
75 }
76 return nfs_ok;
77 }
78 if (mode == S_IFLNK) {
79 if (requested == S_IFDIR)
80 return nfserr_symlink_not_dir;
81 return nfserr_symlink;
82 }
83 if (requested == S_IFDIR)
84 return nfserr_notdir;
85 if (mode == S_IFDIR)
86 return nfserr_isdir;
87 return nfserr_wrong_type;
88}
89
90static bool nfsd_originating_port_ok(struct svc_rqst *rqstp,
91 struct svc_cred *cred,
92 struct svc_export *exp)
93{
94 if (nfsexp_flags(cred, exp) & NFSEXP_INSECURE_PORT)
95 return true;
96 /* We don't require gss requests to use low ports: */
97 if (cred->cr_flavor >= RPC_AUTH_GSS)
98 return true;
99 return test_bit(RQ_SECURE, &rqstp->rq_flags);
100}
101
102static __be32 nfsd_setuser_and_check_port(struct svc_rqst *rqstp,
103 struct svc_cred *cred,
104 struct svc_export *exp)
105{
106 /* Check if the request originated from a secure port. */
107 if (rqstp && !nfsd_originating_port_ok(rqstp, cred, exp)) {
108 RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
109 dprintk("nfsd: request from insecure port %s!\n",
110 svc_print_addr(rqstp, buf, sizeof(buf)));
111 return nfserr_perm;
112 }
113
114 /* Set user creds for this exportpoint */
115 return nfserrno(nfsd_setuser(cred, exp));
116}
117
118static inline __be32 check_pseudo_root(struct dentry *dentry,
119 struct svc_export *exp)
120{
121 if (!(exp->ex_flags & NFSEXP_V4ROOT))
122 return nfs_ok;
123 /*
124 * We're exposing only the directories and symlinks that have to be
125 * traversed on the way to real exports:
126 */
127 if (unlikely(!d_is_dir(dentry) &&
128 !d_is_symlink(dentry)))
129 return nfserr_stale;
130 /*
131 * A pseudoroot export gives permission to access only one
132 * single directory; the kernel has to make another upcall
133 * before granting access to anything else under it:
134 */
135 if (unlikely(dentry != exp->ex_path.dentry))
136 return nfserr_stale;
137 return nfs_ok;
138}
139
140/*
141 * Use the given filehandle to look up the corresponding export and
142 * dentry. On success, the results are used to set fh_export and
143 * fh_dentry.
144 */
145static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net,
146 struct svc_cred *cred,
147 struct auth_domain *client,
148 struct auth_domain *gssclient,
149 struct svc_fh *fhp)
150{
151 struct knfsd_fh *fh = &fhp->fh_handle;
152 struct fid *fid = NULL;
153 struct svc_export *exp;
154 struct dentry *dentry;
155 int fileid_type;
156 int data_left = fh->fh_size/4;
157 int len;
158 __be32 error;
159
160 error = nfserr_badhandle;
161 if (fh->fh_size == 0)
162 return nfserr_nofilehandle;
163
164 if (fh->fh_version != 1)
165 return error;
166
167 if (--data_left < 0)
168 return error;
169 if (fh->fh_auth_type != 0)
170 return error;
171 len = key_len(fh->fh_fsid_type) / 4;
172 if (len == 0)
173 return error;
174 if (fh->fh_fsid_type == FSID_MAJOR_MINOR) {
175 /* deprecated, convert to type 3 */
176 len = key_len(FSID_ENCODE_DEV)/4;
177 fh->fh_fsid_type = FSID_ENCODE_DEV;
178 /*
179 * struct knfsd_fh uses host-endian fields, which are
180 * sometimes used to hold net-endian values. This
181 * confuses sparse, so we must use __force here to
182 * keep it from complaining.
183 */
184 fh->fh_fsid[0] = new_encode_dev(MKDEV(ntohl((__force __be32)fh->fh_fsid[0]),
185 ntohl((__force __be32)fh->fh_fsid[1])));
186 fh->fh_fsid[1] = fh->fh_fsid[2];
187 }
188 data_left -= len;
189 if (data_left < 0)
190 return error;
191 exp = rqst_exp_find(rqstp ? &rqstp->rq_chandle : NULL,
192 net, client, gssclient,
193 fh->fh_fsid_type, fh->fh_fsid);
194 fid = (struct fid *)(fh->fh_fsid + len);
195
196 error = nfserr_stale;
197 if (IS_ERR(exp)) {
198 trace_nfsd_set_fh_dentry_badexport(rqstp, fhp, PTR_ERR(exp));
199
200 if (PTR_ERR(exp) == -ENOENT)
201 return error;
202
203 return nfserrno(PTR_ERR(exp));
204 }
205
206 if (exp->ex_flags & NFSEXP_NOSUBTREECHECK) {
207 /* Elevate privileges so that the lack of 'r' or 'x'
208 * permission on some parent directory will
209 * not stop exportfs_decode_fh from being able
210 * to reconnect a directory into the dentry cache.
211 * The same problem can affect "SUBTREECHECK" exports,
212 * but as nfsd_acceptable depends on correct
213 * access control settings being in effect, we cannot
214 * fix that case easily.
215 */
216 struct cred *new = prepare_creds();
217 if (!new) {
218 error = nfserrno(-ENOMEM);
219 goto out;
220 }
221 new->cap_effective =
222 cap_raise_nfsd_set(new->cap_effective,
223 new->cap_permitted);
224 put_cred(override_creds(new));
225 put_cred(new);
226 } else {
227 error = nfsd_setuser_and_check_port(rqstp, cred, exp);
228 if (error)
229 goto out;
230 }
231
232 /*
233 * Look up the dentry using the NFS file handle.
234 */
235 error = nfserr_badhandle;
236
237 fileid_type = fh->fh_fileid_type;
238
239 if (fileid_type == FILEID_ROOT)
240 dentry = dget(exp->ex_path.dentry);
241 else {
242 dentry = exportfs_decode_fh_raw(exp->ex_path.mnt, fid,
243 data_left, fileid_type, 0,
244 nfsd_acceptable, exp);
245 if (IS_ERR_OR_NULL(dentry)) {
246 trace_nfsd_set_fh_dentry_badhandle(rqstp, fhp,
247 dentry ? PTR_ERR(dentry) : -ESTALE);
248 switch (PTR_ERR(dentry)) {
249 case -ENOMEM:
250 case -ETIMEDOUT:
251 break;
252 default:
253 dentry = ERR_PTR(-ESTALE);
254 }
255 }
256 }
257 if (dentry == NULL)
258 goto out;
259 if (IS_ERR(dentry)) {
260 if (PTR_ERR(dentry) != -EINVAL)
261 error = nfserrno(PTR_ERR(dentry));
262 goto out;
263 }
264
265 if (d_is_dir(dentry) &&
266 (dentry->d_flags & DCACHE_DISCONNECTED)) {
267 printk("nfsd: find_fh_dentry returned a DISCONNECTED directory: %pd2\n",
268 dentry);
269 }
270
271 fhp->fh_dentry = dentry;
272 fhp->fh_export = exp;
273
274 switch (fhp->fh_maxsize) {
275 case NFS4_FHSIZE:
276 if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOATOMIC_ATTR)
277 fhp->fh_no_atomic_attr = true;
278 fhp->fh_64bit_cookies = true;
279 break;
280 case NFS3_FHSIZE:
281 if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOWCC)
282 fhp->fh_no_wcc = true;
283 fhp->fh_64bit_cookies = true;
284 if (exp->ex_flags & NFSEXP_V4ROOT)
285 goto out;
286 break;
287 case NFS_FHSIZE:
288 fhp->fh_no_wcc = true;
289 if (EX_WGATHER(exp))
290 fhp->fh_use_wgather = true;
291 if (exp->ex_flags & NFSEXP_V4ROOT)
292 goto out;
293 }
294
295 return 0;
296out:
297 exp_put(exp);
298 return error;
299}
300
301/**
302 * __fh_verify - filehandle lookup and access checking
303 * @rqstp: RPC transaction context, or NULL
304 * @net: net namespace in which to perform the export lookup
305 * @cred: RPC user credential
306 * @client: RPC auth domain
307 * @gssclient: RPC GSS auth domain, or NULL
308 * @fhp: filehandle to be verified
309 * @type: expected type of object pointed to by filehandle
310 * @access: type of access needed to object
311 *
312 * See fh_verify() for further descriptions of @fhp, @type, and @access.
313 */
314static __be32
315__fh_verify(struct svc_rqst *rqstp,
316 struct net *net, struct svc_cred *cred,
317 struct auth_domain *client,
318 struct auth_domain *gssclient,
319 struct svc_fh *fhp, umode_t type, int access)
320{
321 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
322 struct svc_export *exp = NULL;
323 bool may_bypass_gss = false;
324 struct dentry *dentry;
325 __be32 error;
326
327 if (!fhp->fh_dentry) {
328 error = nfsd_set_fh_dentry(rqstp, net, cred, client,
329 gssclient, fhp);
330 if (error)
331 goto out;
332 }
333 dentry = fhp->fh_dentry;
334 exp = fhp->fh_export;
335
336 trace_nfsd_fh_verify(rqstp, fhp, type, access);
337
338 /*
339 * We still have to do all these permission checks, even when
340 * fh_dentry is already set:
341 * - fh_verify may be called multiple times with different
342 * "access" arguments (e.g. nfsd_proc_create calls
343 * fh_verify(...,NFSD_MAY_EXEC) first, then later (in
344 * nfsd_create) calls fh_verify(...,NFSD_MAY_CREATE).
345 * - in the NFSv4 case, the filehandle may have been filled
346 * in by fh_compose, and given a dentry, but further
347 * compound operations performed with that filehandle
348 * still need permissions checks. In the worst case, a
349 * mountpoint crossing may have changed the export
350 * options, and we may now need to use a different uid
351 * (for example, if different id-squashing options are in
352 * effect on the new filesystem).
353 */
354 error = check_pseudo_root(dentry, exp);
355 if (error)
356 goto out;
357
358 error = nfsd_setuser_and_check_port(rqstp, cred, exp);
359 if (error)
360 goto out;
361
362 error = nfsd_mode_check(dentry, type);
363 if (error)
364 goto out;
365
366 if ((access & NFSD_MAY_NLM) && (exp->ex_flags & NFSEXP_NOAUTHNLM))
367 /* NLM is allowed to fully bypass authentication */
368 goto out;
369
370 if (access & NFSD_MAY_BYPASS_GSS)
371 may_bypass_gss = true;
372 /*
373 * Clients may expect to be able to use auth_sys during mount,
374 * even if they use gss for everything else; see section 2.3.2
375 * of rfc 2623.
376 */
377 if (access & NFSD_MAY_BYPASS_GSS_ON_ROOT
378 && exp->ex_path.dentry == dentry)
379 may_bypass_gss = true;
380
381 error = check_nfsd_access(exp, rqstp, may_bypass_gss);
382 if (error)
383 goto out;
384
385 /* Finally, check access permissions. */
386 error = nfsd_permission(cred, exp, dentry, access);
387out:
388 trace_nfsd_fh_verify_err(rqstp, fhp, type, access, error);
389 if (error == nfserr_stale)
390 nfsd_stats_fh_stale_inc(nn, exp);
391 return error;
392}
393
394/**
395 * fh_verify_local - filehandle lookup and access checking
396 * @net: net namespace in which to perform the export lookup
397 * @cred: RPC user credential
398 * @client: RPC auth domain
399 * @fhp: filehandle to be verified
400 * @type: expected type of object pointed to by filehandle
401 * @access: type of access needed to object
402 *
403 * This API can be used by callers who do not have an RPC
404 * transaction context (ie are not running in an nfsd thread).
405 *
406 * See fh_verify() for further descriptions of @fhp, @type, and @access.
407 */
408__be32
409fh_verify_local(struct net *net, struct svc_cred *cred,
410 struct auth_domain *client, struct svc_fh *fhp,
411 umode_t type, int access)
412{
413 return __fh_verify(NULL, net, cred, client, NULL,
414 fhp, type, access);
415}
416
417/**
418 * fh_verify - filehandle lookup and access checking
419 * @rqstp: pointer to current rpc request
420 * @fhp: filehandle to be verified
421 * @type: expected type of object pointed to by filehandle
422 * @access: type of access needed to object
423 *
424 * Look up a dentry from the on-the-wire filehandle, check the client's
425 * access to the export, and set the current task's credentials.
426 *
427 * Regardless of success or failure of fh_verify(), fh_put() should be
428 * called on @fhp when the caller is finished with the filehandle.
429 *
430 * fh_verify() may be called multiple times on a given filehandle, for
431 * example, when processing an NFSv4 compound. The first call will look
432 * up a dentry using the on-the-wire filehandle. Subsequent calls will
433 * skip the lookup and just perform the other checks and possibly change
434 * the current task's credentials.
435 *
436 * @type specifies the type of object expected using one of the S_IF*
437 * constants defined in include/linux/stat.h. The caller may use zero
438 * to indicate that it doesn't care, or a negative integer to indicate
439 * that it expects something not of the given type.
440 *
441 * @access is formed from the NFSD_MAY_* constants defined in
442 * fs/nfsd/vfs.h.
443 */
444__be32
445fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, int access)
446{
447 return __fh_verify(rqstp, SVC_NET(rqstp), &rqstp->rq_cred,
448 rqstp->rq_client, rqstp->rq_gssclient,
449 fhp, type, access);
450}
451
452/*
453 * Compose a file handle for an NFS reply.
454 *
455 * Note that when first composed, the dentry may not yet have
456 * an inode. In this case a call to fh_update should be made
457 * before the fh goes out on the wire ...
458 */
459static void _fh_update(struct svc_fh *fhp, struct svc_export *exp,
460 struct dentry *dentry)
461{
462 if (dentry != exp->ex_path.dentry) {
463 struct fid *fid = (struct fid *)
464 (fhp->fh_handle.fh_fsid + fhp->fh_handle.fh_size/4 - 1);
465 int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;
466 int fh_flags = (exp->ex_flags & NFSEXP_NOSUBTREECHECK) ? 0 :
467 EXPORT_FH_CONNECTABLE;
468 int fileid_type =
469 exportfs_encode_fh(dentry, fid, &maxsize, fh_flags);
470
471 fhp->fh_handle.fh_fileid_type =
472 fileid_type > 0 ? fileid_type : FILEID_INVALID;
473 fhp->fh_handle.fh_size += maxsize * 4;
474 } else {
475 fhp->fh_handle.fh_fileid_type = FILEID_ROOT;
476 }
477}
478
479static bool is_root_export(struct svc_export *exp)
480{
481 return exp->ex_path.dentry == exp->ex_path.dentry->d_sb->s_root;
482}
483
484static struct super_block *exp_sb(struct svc_export *exp)
485{
486 return exp->ex_path.dentry->d_sb;
487}
488
489static bool fsid_type_ok_for_exp(u8 fsid_type, struct svc_export *exp)
490{
491 switch (fsid_type) {
492 case FSID_DEV:
493 if (!old_valid_dev(exp_sb(exp)->s_dev))
494 return false;
495 fallthrough;
496 case FSID_MAJOR_MINOR:
497 case FSID_ENCODE_DEV:
498 return exp_sb(exp)->s_type->fs_flags & FS_REQUIRES_DEV;
499 case FSID_NUM:
500 return exp->ex_flags & NFSEXP_FSID;
501 case FSID_UUID8:
502 case FSID_UUID16:
503 if (!is_root_export(exp))
504 return false;
505 fallthrough;
506 case FSID_UUID4_INUM:
507 case FSID_UUID16_INUM:
508 return exp->ex_uuid != NULL;
509 }
510 return true;
511}
512
513
514static void set_version_and_fsid_type(struct svc_fh *fhp, struct svc_export *exp, struct svc_fh *ref_fh)
515{
516 u8 version;
517 u8 fsid_type;
518retry:
519 version = 1;
520 if (ref_fh && ref_fh->fh_export == exp) {
521 version = ref_fh->fh_handle.fh_version;
522 fsid_type = ref_fh->fh_handle.fh_fsid_type;
523
524 ref_fh = NULL;
525
526 switch (version) {
527 case 0xca:
528 fsid_type = FSID_DEV;
529 break;
530 case 1:
531 break;
532 default:
533 goto retry;
534 }
535
536 /*
537 * As the fsid -> filesystem mapping was guided by
538 * user-space, there is no guarantee that the filesystem
539 * actually supports that fsid type. If it doesn't we
540 * loop around again without ref_fh set.
541 */
542 if (!fsid_type_ok_for_exp(fsid_type, exp))
543 goto retry;
544 } else if (exp->ex_flags & NFSEXP_FSID) {
545 fsid_type = FSID_NUM;
546 } else if (exp->ex_uuid) {
547 if (fhp->fh_maxsize >= 64) {
548 if (is_root_export(exp))
549 fsid_type = FSID_UUID16;
550 else
551 fsid_type = FSID_UUID16_INUM;
552 } else {
553 if (is_root_export(exp))
554 fsid_type = FSID_UUID8;
555 else
556 fsid_type = FSID_UUID4_INUM;
557 }
558 } else if (!old_valid_dev(exp_sb(exp)->s_dev))
559 /* for newer device numbers, we must use a newer fsid format */
560 fsid_type = FSID_ENCODE_DEV;
561 else
562 fsid_type = FSID_DEV;
563 fhp->fh_handle.fh_version = version;
564 if (version)
565 fhp->fh_handle.fh_fsid_type = fsid_type;
566}
567
568__be32
569fh_compose(struct svc_fh *fhp, struct svc_export *exp, struct dentry *dentry,
570 struct svc_fh *ref_fh)
571{
572 /* ref_fh is a reference file handle.
573 * if it is non-null and for the same filesystem, then we should compose
574 * a filehandle which is of the same version, where possible.
575 */
576
577 struct inode * inode = d_inode(dentry);
578 dev_t ex_dev = exp_sb(exp)->s_dev;
579
580 dprintk("nfsd: fh_compose(exp %02x:%02x/%ld %pd2, ino=%ld)\n",
581 MAJOR(ex_dev), MINOR(ex_dev),
582 (long) d_inode(exp->ex_path.dentry)->i_ino,
583 dentry,
584 (inode ? inode->i_ino : 0));
585
586 /* Choose filehandle version and fsid type based on
587 * the reference filehandle (if it is in the same export)
588 * or the export options.
589 */
590 set_version_and_fsid_type(fhp, exp, ref_fh);
591
592 /* If we have a ref_fh, then copy the fh_no_wcc setting from it. */
593 fhp->fh_no_wcc = ref_fh ? ref_fh->fh_no_wcc : false;
594
595 if (ref_fh == fhp)
596 fh_put(ref_fh);
597
598 if (fhp->fh_dentry) {
599 printk(KERN_ERR "fh_compose: fh %pd2 not initialized!\n",
600 dentry);
601 }
602 if (fhp->fh_maxsize < NFS_FHSIZE)
603 printk(KERN_ERR "fh_compose: called with maxsize %d! %pd2\n",
604 fhp->fh_maxsize,
605 dentry);
606
607 fhp->fh_dentry = dget(dentry); /* our internal copy */
608 fhp->fh_export = exp_get(exp);
609
610 fhp->fh_handle.fh_size =
611 key_len(fhp->fh_handle.fh_fsid_type) + 4;
612 fhp->fh_handle.fh_auth_type = 0;
613
614 mk_fsid(fhp->fh_handle.fh_fsid_type,
615 fhp->fh_handle.fh_fsid,
616 ex_dev,
617 d_inode(exp->ex_path.dentry)->i_ino,
618 exp->ex_fsid, exp->ex_uuid);
619
620 if (inode)
621 _fh_update(fhp, exp, dentry);
622 if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID) {
623 fh_put(fhp);
624 return nfserr_stale;
625 }
626
627 return 0;
628}
629
630/*
631 * Update file handle information after changing a dentry.
632 * This is only called by nfsd_create, nfsd_create_v3 and nfsd_proc_create
633 */
634__be32
635fh_update(struct svc_fh *fhp)
636{
637 struct dentry *dentry;
638
639 if (!fhp->fh_dentry)
640 goto out_bad;
641
642 dentry = fhp->fh_dentry;
643 if (d_really_is_negative(dentry))
644 goto out_negative;
645 if (fhp->fh_handle.fh_fileid_type != FILEID_ROOT)
646 return 0;
647
648 _fh_update(fhp, fhp->fh_export, dentry);
649 if (fhp->fh_handle.fh_fileid_type == FILEID_INVALID)
650 return nfserr_stale;
651 return 0;
652out_bad:
653 printk(KERN_ERR "fh_update: fh not verified!\n");
654 return nfserr_serverfault;
655out_negative:
656 printk(KERN_ERR "fh_update: %pd2 still negative!\n",
657 dentry);
658 return nfserr_serverfault;
659}
660
661/**
662 * fh_fill_pre_attrs - Fill in pre-op attributes
663 * @fhp: file handle to be updated
664 *
665 */
666__be32 __must_check fh_fill_pre_attrs(struct svc_fh *fhp)
667{
668 bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
669 struct kstat stat;
670 __be32 err;
671
672 if (fhp->fh_no_wcc || fhp->fh_pre_saved)
673 return nfs_ok;
674
675 err = fh_getattr(fhp, &stat);
676 if (err)
677 return err;
678
679 if (v4)
680 fhp->fh_pre_change = nfsd4_change_attribute(&stat);
681
682 fhp->fh_pre_mtime = stat.mtime;
683 fhp->fh_pre_ctime = stat.ctime;
684 fhp->fh_pre_size = stat.size;
685 fhp->fh_pre_saved = true;
686 return nfs_ok;
687}
688
689/**
690 * fh_fill_post_attrs - Fill in post-op attributes
691 * @fhp: file handle to be updated
692 *
693 */
694__be32 fh_fill_post_attrs(struct svc_fh *fhp)
695{
696 bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
697 __be32 err;
698
699 if (fhp->fh_no_wcc)
700 return nfs_ok;
701
702 if (fhp->fh_post_saved)
703 printk("nfsd: inode locked twice during operation.\n");
704
705 err = fh_getattr(fhp, &fhp->fh_post_attr);
706 if (err)
707 return err;
708
709 fhp->fh_post_saved = true;
710 if (v4)
711 fhp->fh_post_change =
712 nfsd4_change_attribute(&fhp->fh_post_attr);
713 return nfs_ok;
714}
715
716/**
717 * fh_fill_both_attrs - Fill pre-op and post-op attributes
718 * @fhp: file handle to be updated
719 *
720 * This is used when the directory wasn't changed, but wcc attributes
721 * are needed anyway.
722 */
723__be32 __must_check fh_fill_both_attrs(struct svc_fh *fhp)
724{
725 __be32 err;
726
727 err = fh_fill_post_attrs(fhp);
728 if (err)
729 return err;
730
731 fhp->fh_pre_change = fhp->fh_post_change;
732 fhp->fh_pre_mtime = fhp->fh_post_attr.mtime;
733 fhp->fh_pre_ctime = fhp->fh_post_attr.ctime;
734 fhp->fh_pre_size = fhp->fh_post_attr.size;
735 fhp->fh_pre_saved = true;
736 return nfs_ok;
737}
738
739/*
740 * Release a file handle.
741 */
742void
743fh_put(struct svc_fh *fhp)
744{
745 struct dentry * dentry = fhp->fh_dentry;
746 struct svc_export * exp = fhp->fh_export;
747 if (dentry) {
748 fhp->fh_dentry = NULL;
749 dput(dentry);
750 fh_clear_pre_post_attrs(fhp);
751 }
752 fh_drop_write(fhp);
753 if (exp) {
754 exp_put(exp);
755 fhp->fh_export = NULL;
756 }
757 fhp->fh_no_wcc = false;
758 return;
759}
760
761/*
762 * Shorthand for dprintk()'s
763 */
764char * SVCFH_fmt(struct svc_fh *fhp)
765{
766 struct knfsd_fh *fh = &fhp->fh_handle;
767 static char buf[2+1+1+64*3+1];
768
769 if (fh->fh_size > 64)
770 return "bad-fh";
771 sprintf(buf, "%d: %*ph", fh->fh_size, fh->fh_size, fh->fh_raw);
772 return buf;
773}
774
775enum fsid_source fsid_source(const struct svc_fh *fhp)
776{
777 if (fhp->fh_handle.fh_version != 1)
778 return FSIDSOURCE_DEV;
779 switch(fhp->fh_handle.fh_fsid_type) {
780 case FSID_DEV:
781 case FSID_ENCODE_DEV:
782 case FSID_MAJOR_MINOR:
783 if (exp_sb(fhp->fh_export)->s_type->fs_flags & FS_REQUIRES_DEV)
784 return FSIDSOURCE_DEV;
785 break;
786 case FSID_NUM:
787 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
788 return FSIDSOURCE_FSID;
789 break;
790 default:
791 break;
792 }
793 /* either a UUID type filehandle, or the filehandle doesn't
794 * match the export.
795 */
796 if (fhp->fh_export->ex_flags & NFSEXP_FSID)
797 return FSIDSOURCE_FSID;
798 if (fhp->fh_export->ex_uuid)
799 return FSIDSOURCE_UUID;
800 return FSIDSOURCE_DEV;
801}
802
803/**
804 * nfsd4_change_attribute - Generate an NFSv4 change_attribute value
805 * @stat: inode attributes
806 *
807 * Caller must fill in @stat before calling, typically by invoking
808 * vfs_getattr() with STATX_MODE, STATX_CTIME, and STATX_CHANGE_COOKIE.
809 * Returns an unsigned 64-bit changeid4 value (RFC 8881 Section 3.2).
810 *
811 * We could use i_version alone as the change attribute. However, i_version
812 * can go backwards on a regular file after an unclean shutdown. On its own
813 * that doesn't necessarily cause a problem, but if i_version goes backwards
814 * and then is incremented again it could reuse a value that was previously
815 * used before boot, and a client who queried the two values might incorrectly
816 * assume nothing changed.
817 *
818 * By using both ctime and the i_version counter we guarantee that as long as
819 * time doesn't go backwards we never reuse an old value. If the filesystem
820 * advertises STATX_ATTR_CHANGE_MONOTONIC, then this mitigation is not
821 * needed.
822 *
823 * We only need to do this for regular files as well. For directories, we
824 * assume that the new change attr is always logged to stable storage in some
825 * fashion before the results can be seen.
826 */
827u64 nfsd4_change_attribute(const struct kstat *stat)
828{
829 u64 chattr;
830
831 if (stat->result_mask & STATX_CHANGE_COOKIE) {
832 chattr = stat->change_cookie;
833 if (S_ISREG(stat->mode) &&
834 !(stat->attributes & STATX_ATTR_CHANGE_MONOTONIC)) {
835 chattr += (u64)stat->ctime.tv_sec << 30;
836 chattr += stat->ctime.tv_nsec;
837 }
838 } else {
839 chattr = time_to_chattr(&stat->ctime);
840 }
841 return chattr;
842}