fs/nfsd/vfs.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * File operations used by nfsd. Some of these have been ripped from
0004  * other parts of the kernel because they weren't exported, others
0005  * are partial duplicates with added or changed functionality.
0006  *
0007  * Note that several functions dget() the dentry upon which they want
0008  * to act, most notably those that create directory entries. Response
0009  * dentry's are dput()'d if necessary in the release callback.
0010  * So if you notice code paths that apparently fail to dput() the
0011  * dentry, don't worry--they have been taken care of.
0012  *
0013  * Copyright (C) 1995-1999 Olaf Kirch <okir@monad.swb.de>
0014  * Zerocpy NFS support (C) 2002 Hirokazu Takahashi <taka@valinux.co.jp>
0015  */
0016
0017 #include <linux/fs.h>
0018 #include <linux/file.h>
0019 #include <linux/splice.h>
0020 #include <linux/falloc.h>
0021 #include <linux/fcntl.h>
0022 #include <linux/namei.h>
0023 #include <linux/delay.h>
0024 #include <linux/fsnotify.h>
0025 #include <linux/posix_acl_xattr.h>
0026 #include <linux/xattr.h>
0027 #include <linux/jhash.h>
0028 #include <linux/ima.h>
0029 #include <linux/pagemap.h>
0030 #include <linux/slab.h>
0031 #include <linux/uaccess.h>
0032 #include <linux/exportfs.h>
0033 #include <linux/writeback.h>
0034 #include <linux/security.h>
0035
0036 #include "xdr3.h"
0037
0038 #ifdef CONFIG_NFSD_V4
0039 #include "../internal.h"
0040 #include "acl.h"
0041 #include "idmap.h"
0042 #include "xdr4.h"
0043 #endif /* CONFIG_NFSD_V4 */
0044
0045 #include "nfsd.h"
0046 #include "vfs.h"
0047 #include "filecache.h"
0048 #include "trace.h"
0049
0050 #define NFSDDBG_FACILITY        NFSDDBG_FILEOP
0051
0052 /*
0053  * Called from nfsd_lookup and encode_dirent. Check if we have crossed
0054  * a mount point.
0055  * Returns -EAGAIN or -ETIMEDOUT leaving *dpp and *expp unchanged,
0056  *  or nfs_ok having possibly changed *dpp and *expp
0057  */
0058 int
0059 nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp,
0060                 struct svc_export **expp)
0061 {
0062     struct svc_export *exp = *expp, *exp2 = NULL;
0063     struct dentry *dentry = *dpp;
0064     struct path path = {.mnt = mntget(exp->ex_path.mnt),
0065                 .dentry = dget(dentry)};
0066     int err = 0;
0067
0068     err = follow_down(&path);
0069     if (err < 0)
0070         goto out;
0071     if (path.mnt == exp->ex_path.mnt && path.dentry == dentry &&
0072         nfsd_mountpoint(dentry, exp) == 2) {
0073         /* This is only a mountpoint in some other namespace */
0074         path_put(&path);
0075         goto out;
0076     }
0077
0078     exp2 = rqst_exp_get_by_name(rqstp, &path);
0079     if (IS_ERR(exp2)) {
0080         err = PTR_ERR(exp2);
0081         /*
0082          * We normally allow NFS clients to continue
0083          * "underneath" a mountpoint that is not exported.
0084          * The exception is V4ROOT, where no traversal is ever
0085          * allowed without an explicit export of the new
0086          * directory.
0087          */
0088         if (err == -ENOENT && !(exp->ex_flags & NFSEXP_V4ROOT))
0089             err = 0;
0090         path_put(&path);
0091         goto out;
0092     }
0093     if (nfsd_v4client(rqstp) ||
0094         (exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) {
0095         /* successfully crossed mount point */
0096         /*
0097          * This is subtle: path.dentry is *not* on path.mnt
0098          * at this point.  The only reason we are safe is that
0099          * original mnt is pinned down by exp, so we should
0100          * put path *before* putting exp
0101          */
0102         *dpp = path.dentry;
0103         path.dentry = dentry;
0104         *expp = exp2;
0105         exp2 = exp;
0106     }
0107     path_put(&path);
0108     exp_put(exp2);
0109 out:
0110     return err;
0111 }
0112
0113 static void follow_to_parent(struct path *path)
0114 {
0115     struct dentry *dp;
0116
0117     while (path->dentry == path->mnt->mnt_root && follow_up(path))
0118         ;
0119     dp = dget_parent(path->dentry);
0120     dput(path->dentry);
0121     path->dentry = dp;
0122 }
0123
0124 static int nfsd_lookup_parent(struct svc_rqst *rqstp, struct dentry *dparent, struct svc_export **exp, struct dentry **dentryp)
0125 {
0126     struct svc_export *exp2;
0127     struct path path = {.mnt = mntget((*exp)->ex_path.mnt),
0128                 .dentry = dget(dparent)};
0129
0130     follow_to_parent(&path);
0131
0132     exp2 = rqst_exp_parent(rqstp, &path);
0133     if (PTR_ERR(exp2) == -ENOENT) {
0134         *dentryp = dget(dparent);
0135     } else if (IS_ERR(exp2)) {
0136         path_put(&path);
0137         return PTR_ERR(exp2);
0138     } else {
0139         *dentryp = dget(path.dentry);
0140         exp_put(*exp);
0141         *exp = exp2;
0142     }
0143     path_put(&path);
0144     return 0;
0145 }
0146
0147 /*
0148  * For nfsd purposes, we treat V4ROOT exports as though there was an
0149  * export at *every* directory.
0150  * We return:
0151  * '1' if this dentry *must* be an export point,
0152  * '2' if it might be, if there is really a mount here, and
0153  * '0' if there is no chance of an export point here.
0154  */
0155 int nfsd_mountpoint(struct dentry *dentry, struct svc_export *exp)
0156 {
0157     if (!d_inode(dentry))
0158         return 0;
0159     if (exp->ex_flags & NFSEXP_V4ROOT)
0160         return 1;
0161     if (nfsd4_is_junction(dentry))
0162         return 1;
0163     if (d_mountpoint(dentry))
0164         /*
0165          * Might only be a mountpoint in a different namespace,
0166          * but we need to check.
0167          */
0168         return 2;
0169     return 0;
0170 }
0171
0172 __be32
0173 nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp,
0174            const char *name, unsigned int len,
0175            struct svc_export **exp_ret, struct dentry **dentry_ret)
0176 {
0177     struct svc_export   *exp;
0178     struct dentry       *dparent;
0179     struct dentry       *dentry;
0180     int         host_err;
0181
0182     dprintk("nfsd: nfsd_lookup(fh %s, %.*s)\n", SVCFH_fmt(fhp), len,name);
0183
0184     dparent = fhp->fh_dentry;
0185     exp = exp_get(fhp->fh_export);
0186
0187     /* Lookup the name, but don't follow links */
0188     if (isdotent(name, len)) {
0189         if (len==1)
0190             dentry = dget(dparent);
0191         else if (dparent != exp->ex_path.dentry)
0192             dentry = dget_parent(dparent);
0193         else if (!EX_NOHIDE(exp) && !nfsd_v4client(rqstp))
0194             dentry = dget(dparent); /* .. == . just like at / */
0195         else {
0196             /* checking mountpoint crossing is very different when stepping up */
0197             host_err = nfsd_lookup_parent(rqstp, dparent, &exp, &dentry);
0198             if (host_err)
0199                 goto out_nfserr;
0200         }
0201     } else {
0202         dentry = lookup_one_len_unlocked(name, dparent, len);
0203         host_err = PTR_ERR(dentry);
0204         if (IS_ERR(dentry))
0205             goto out_nfserr;
0206         if (nfsd_mountpoint(dentry, exp)) {
0207             host_err = nfsd_cross_mnt(rqstp, &dentry, &exp);
0208             if (host_err) {
0209                 dput(dentry);
0210                 goto out_nfserr;
0211             }
0212         }
0213     }
0214     *dentry_ret = dentry;
0215     *exp_ret = exp;
0216     return 0;
0217
0218 out_nfserr:
0219     exp_put(exp);
0220     return nfserrno(host_err);
0221 }
0222
0223 /**
0224  * nfsd_lookup - look up a single path component for nfsd
0225  *
0226  * @rqstp:   the request context
0227  * @fhp:     the file handle of the directory
0228  * @name:    the component name, or %NULL to look up parent
0229  * @len:     length of name to examine
0230  * @resfh:   pointer to pre-initialised filehandle to hold result.
0231  *
0232  * Look up one component of a pathname.
0233  * N.B. After this call _both_ fhp and resfh need an fh_put
0234  *
0235  * If the lookup would cross a mountpoint, and the mounted filesystem
0236  * is exported to the client with NFSEXP_NOHIDE, then the lookup is
0237  * accepted as it stands and the mounted directory is
0238  * returned. Otherwise the covered directory is returned.
0239  * NOTE: this mountpoint crossing is not supported properly by all
0240  *   clients and is explicitly disallowed for NFSv3
0241  *
0242  */
0243 __be32
0244 nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name,
0245         unsigned int len, struct svc_fh *resfh)
0246 {
0247     struct svc_export   *exp;
0248     struct dentry       *dentry;
0249     __be32 err;
0250
0251     err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_EXEC);
0252     if (err)
0253         return err;
0254     err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry);
0255     if (err)
0256         return err;
0257     err = check_nfsd_access(exp, rqstp);
0258     if (err)
0259         goto out;
0260     /*
0261      * Note: we compose the file handle now, but as the
0262      * dentry may be negative, it may need to be updated.
0263      */
0264     err = fh_compose(resfh, exp, dentry, fhp);
0265     if (!err && d_really_is_negative(dentry))
0266         err = nfserr_noent;
0267 out:
0268     dput(dentry);
0269     exp_put(exp);
0270     return err;
0271 }
0272
0273 /*
0274  * Commit metadata changes to stable storage.
0275  */
0276 static int
0277 commit_inode_metadata(struct inode *inode)
0278 {
0279     const struct export_operations *export_ops = inode->i_sb->s_export_op;
0280
0281     if (export_ops->commit_metadata)
0282         return export_ops->commit_metadata(inode);
0283     return sync_inode_metadata(inode, 1);
0284 }
0285
0286 static int
0287 commit_metadata(struct svc_fh *fhp)
0288 {
0289     struct inode *inode = d_inode(fhp->fh_dentry);
0290
0291     if (!EX_ISSYNC(fhp->fh_export))
0292         return 0;
0293     return commit_inode_metadata(inode);
0294 }
0295
0296 /*
0297  * Go over the attributes and take care of the small differences between
0298  * NFS semantics and what Linux expects.
0299  */
0300 static void
0301 nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap)
0302 {
0303     /* Ignore mode updates on symlinks */
0304     if (S_ISLNK(inode->i_mode))
0305         iap->ia_valid &= ~ATTR_MODE;
0306
0307     /* sanitize the mode change */
0308     if (iap->ia_valid & ATTR_MODE) {
0309         iap->ia_mode &= S_IALLUGO;
0310         iap->ia_mode |= (inode->i_mode & ~S_IALLUGO);
0311     }
0312
0313     /* Revoke setuid/setgid on chown */
0314     if (!S_ISDIR(inode->i_mode) &&
0315         ((iap->ia_valid & ATTR_UID) || (iap->ia_valid & ATTR_GID))) {
0316         iap->ia_valid |= ATTR_KILL_PRIV;
0317         if (iap->ia_valid & ATTR_MODE) {
0318             /* we're setting mode too, just clear the s*id bits */
0319             iap->ia_mode &= ~S_ISUID;
0320             if (iap->ia_mode & S_IXGRP)
0321                 iap->ia_mode &= ~S_ISGID;
0322         } else {
0323             /* set ATTR_KILL_* bits and let VFS handle it */
0324             iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID);
0325         }
0326     }
0327 }
0328
0329 static __be32
0330 nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp,
0331         struct iattr *iap)
0332 {
0333     struct inode *inode = d_inode(fhp->fh_dentry);
0334
0335     if (iap->ia_size < inode->i_size) {
0336         __be32 err;
0337
0338         err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
0339                 NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE);
0340         if (err)
0341             return err;
0342     }
0343     return nfserrno(get_write_access(inode));
0344 }
0345
0346 /*
0347  * Set various file attributes.  After this call fhp needs an fh_put.
0348  */
0349 __be32
0350 nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp,
0351          struct nfsd_attrs *attr,
0352          int check_guard, time64_t guardtime)
0353 {
0354     struct dentry   *dentry;
0355     struct inode    *inode;
0356     struct iattr    *iap = attr->na_iattr;
0357     int     accmode = NFSD_MAY_SATTR;
0358     umode_t     ftype = 0;
0359     __be32      err;
0360     int     host_err = 0;
0361     bool        get_write_count;
0362     bool        size_change = (iap->ia_valid & ATTR_SIZE);
0363
0364     if (iap->ia_valid & ATTR_SIZE) {
0365         accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE;
0366         ftype = S_IFREG;
0367     }
0368
0369     /*
0370      * If utimes(2) and friends are called with times not NULL, we should
0371      * not set NFSD_MAY_WRITE bit. Otherwise fh_verify->nfsd_permission
0372      * will return EACCES, when the caller's effective UID does not match
0373      * the owner of the file, and the caller is not privileged. In this
0374      * situation, we should return EPERM(notify_change will return this).
0375      */
0376     if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME)) {
0377         accmode |= NFSD_MAY_OWNER_OVERRIDE;
0378         if (!(iap->ia_valid & (ATTR_ATIME_SET | ATTR_MTIME_SET)))
0379             accmode |= NFSD_MAY_WRITE;
0380     }
0381
0382     /* Callers that do fh_verify should do the fh_want_write: */
0383     get_write_count = !fhp->fh_dentry;
0384
0385     /* Get inode */
0386     err = fh_verify(rqstp, fhp, ftype, accmode);
0387     if (err)
0388         return err;
0389     if (get_write_count) {
0390         host_err = fh_want_write(fhp);
0391         if (host_err)
0392             goto out;
0393     }
0394
0395     dentry = fhp->fh_dentry;
0396     inode = d_inode(dentry);
0397
0398     nfsd_sanitize_attrs(inode, iap);
0399
0400     if (check_guard && guardtime != inode->i_ctime.tv_sec)
0401         return nfserr_notsync;
0402
0403     /*
0404      * The size case is special, it changes the file in addition to the
0405      * attributes, and file systems don't expect it to be mixed with
0406      * "random" attribute changes.  We thus split out the size change
0407      * into a separate call to ->setattr, and do the rest as a separate
0408      * setattr call.
0409      */
0410     if (size_change) {
0411         err = nfsd_get_write_access(rqstp, fhp, iap);
0412         if (err)
0413             return err;
0414     }
0415
0416     inode_lock(inode);
0417     if (size_change) {
0418         /*
0419          * RFC5661, Section 18.30.4:
0420          *   Changing the size of a file with SETATTR indirectly
0421          *   changes the time_modify and change attributes.
0422          *
0423          * (and similar for the older RFCs)
0424          */
0425         struct iattr size_attr = {
0426             .ia_valid   = ATTR_SIZE | ATTR_CTIME | ATTR_MTIME,
0427             .ia_size    = iap->ia_size,
0428         };
0429
0430         host_err = -EFBIG;
0431         if (iap->ia_size < 0)
0432             goto out_unlock;
0433
0434         host_err = notify_change(&init_user_ns, dentry, &size_attr, NULL);
0435         if (host_err)
0436             goto out_unlock;
0437         iap->ia_valid &= ~ATTR_SIZE;
0438
0439         /*
0440          * Avoid the additional setattr call below if the only other
0441          * attribute that the client sends is the mtime, as we update
0442          * it as part of the size change above.
0443          */
0444         if ((iap->ia_valid & ~ATTR_MTIME) == 0)
0445             goto out_unlock;
0446     }
0447
0448     if (iap->ia_valid) {
0449         iap->ia_valid |= ATTR_CTIME;
0450         host_err = notify_change(&init_user_ns, dentry, iap, NULL);
0451     }
0452
0453 out_unlock:
0454     if (attr->na_seclabel && attr->na_seclabel->len)
0455         attr->na_labelerr = security_inode_setsecctx(dentry,
0456             attr->na_seclabel->data, attr->na_seclabel->len);
0457     if (IS_ENABLED(CONFIG_FS_POSIX_ACL) && attr->na_pacl)
0458         attr->na_aclerr = set_posix_acl(&init_user_ns,
0459                         inode, ACL_TYPE_ACCESS,
0460                         attr->na_pacl);
0461     if (IS_ENABLED(CONFIG_FS_POSIX_ACL) &&
0462         !attr->na_aclerr && attr->na_dpacl && S_ISDIR(inode->i_mode))
0463         attr->na_aclerr = set_posix_acl(&init_user_ns,
0464                         inode, ACL_TYPE_DEFAULT,
0465                         attr->na_dpacl);
0466     inode_unlock(inode);
0467     if (size_change)
0468         put_write_access(inode);
0469 out:
0470     if (!host_err)
0471         host_err = commit_metadata(fhp);
0472     return nfserrno(host_err);
0473 }
0474
0475 #if defined(CONFIG_NFSD_V4)
0476 /*
0477  * NFS junction information is stored in an extended attribute.
0478  */
0479 #define NFSD_JUNCTION_XATTR_NAME    XATTR_TRUSTED_PREFIX "junction.nfs"
0480
0481 /**
0482  * nfsd4_is_junction - Test if an object could be an NFS junction
0483  *
0484  * @dentry: object to test
0485  *
0486  * Returns 1 if "dentry" appears to contain NFS junction information.
0487  * Otherwise 0 is returned.
0488  */
0489 int nfsd4_is_junction(struct dentry *dentry)
0490 {
0491     struct inode *inode = d_inode(dentry);
0492
0493     if (inode == NULL)
0494         return 0;
0495     if (inode->i_mode & S_IXUGO)
0496         return 0;
0497     if (!(inode->i_mode & S_ISVTX))
0498         return 0;
0499     if (vfs_getxattr(&init_user_ns, dentry, NFSD_JUNCTION_XATTR_NAME,
0500              NULL, 0) <= 0)
0501         return 0;
0502     return 1;
0503 }
0504
0505 static struct nfsd4_compound_state *nfsd4_get_cstate(struct svc_rqst *rqstp)
0506 {
0507     return &((struct nfsd4_compoundres *)rqstp->rq_resp)->cstate;
0508 }
0509
0510 __be32 nfsd4_clone_file_range(struct svc_rqst *rqstp,
0511         struct nfsd_file *nf_src, u64 src_pos,
0512         struct nfsd_file *nf_dst, u64 dst_pos,
0513         u64 count, bool sync)
0514 {
0515     struct file *src = nf_src->nf_file;
0516     struct file *dst = nf_dst->nf_file;
0517     errseq_t since;
0518     loff_t cloned;
0519     __be32 ret = 0;
0520
0521     since = READ_ONCE(dst->f_wb_err);
0522     cloned = vfs_clone_file_range(src, src_pos, dst, dst_pos, count, 0);
0523     if (cloned < 0) {
0524         ret = nfserrno(cloned);
0525         goto out_err;
0526     }
0527     if (count && cloned != count) {
0528         ret = nfserrno(-EINVAL);
0529         goto out_err;
0530     }
0531     if (sync) {
0532         loff_t dst_end = count ? dst_pos + count - 1 : LLONG_MAX;
0533         int status = vfs_fsync_range(dst, dst_pos, dst_end, 0);
0534
0535         if (!status)
0536             status = filemap_check_wb_err(dst->f_mapping, since);
0537         if (!status)
0538             status = commit_inode_metadata(file_inode(src));
0539         if (status < 0) {
0540             struct nfsd_net *nn = net_generic(nf_dst->nf_net,
0541                               nfsd_net_id);
0542
0543             trace_nfsd_clone_file_range_err(rqstp,
0544                     &nfsd4_get_cstate(rqstp)->save_fh,
0545                     src_pos,
0546                     &nfsd4_get_cstate(rqstp)->current_fh,
0547                     dst_pos,
0548                     count, status);
0549             nfsd_reset_write_verifier(nn);
0550             trace_nfsd_writeverf_reset(nn, rqstp, status);
0551             ret = nfserrno(status);
0552         }
0553     }
0554 out_err:
0555     return ret;
0556 }
0557
0558 ssize_t nfsd_copy_file_range(struct file *src, u64 src_pos, struct file *dst,
0559                  u64 dst_pos, u64 count)
0560 {
0561     ssize_t ret;
0562
0563     /*
0564      * Limit copy to 4MB to prevent indefinitely blocking an nfsd
0565      * thread and client rpc slot.  The choice of 4MB is somewhat
0566      * arbitrary.  We might instead base this on r/wsize, or make it
0567      * tunable, or use a time instead of a byte limit, or implement
0568      * asynchronous copy.  In theory a client could also recognize a
0569      * limit like this and pipeline multiple COPY requests.
0570      */
0571     count = min_t(u64, count, 1 << 22);
0572     ret = vfs_copy_file_range(src, src_pos, dst, dst_pos, count, 0);
0573
0574     if (ret == -EOPNOTSUPP || ret == -EXDEV)
0575         ret = generic_copy_file_range(src, src_pos, dst, dst_pos,
0576                           count, 0);
0577     return ret;
0578 }
0579
0580 __be32 nfsd4_vfs_fallocate(struct svc_rqst *rqstp, struct svc_fh *fhp,
0581                struct file *file, loff_t offset, loff_t len,
0582                int flags)
0583 {
0584     int error;
0585
0586     if (!S_ISREG(file_inode(file)->i_mode))
0587         return nfserr_inval;
0588
0589     error = vfs_fallocate(file, flags, offset, len);
0590     if (!error)
0591         error = commit_metadata(fhp);
0592
0593     return nfserrno(error);
0594 }
0595 #endif /* defined(CONFIG_NFSD_V4) */
0596
0597 /*
0598  * Check server access rights to a file system object
0599  */
0600 struct accessmap {
0601     u32     access;
0602     int     how;
0603 };
0604 static struct accessmap nfs3_regaccess[] = {
0605     {   NFS3_ACCESS_READ,   NFSD_MAY_READ           },
0606     {   NFS3_ACCESS_EXECUTE,    NFSD_MAY_EXEC           },
0607     {   NFS3_ACCESS_MODIFY, NFSD_MAY_WRITE|NFSD_MAY_TRUNC   },
0608     {   NFS3_ACCESS_EXTEND, NFSD_MAY_WRITE          },
0609
0610 #ifdef CONFIG_NFSD_V4
0611     {   NFS4_ACCESS_XAREAD, NFSD_MAY_READ           },
0612     {   NFS4_ACCESS_XAWRITE,    NFSD_MAY_WRITE          },
0613     {   NFS4_ACCESS_XALIST, NFSD_MAY_READ           },
0614 #endif
0615
0616     {   0,          0               }
0617 };
0618
0619 static struct accessmap nfs3_diraccess[] = {
0620     {   NFS3_ACCESS_READ,   NFSD_MAY_READ           },
0621     {   NFS3_ACCESS_LOOKUP, NFSD_MAY_EXEC           },
0622     {   NFS3_ACCESS_MODIFY, NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC},
0623     {   NFS3_ACCESS_EXTEND, NFSD_MAY_EXEC|NFSD_MAY_WRITE    },
0624     {   NFS3_ACCESS_DELETE, NFSD_MAY_REMOVE         },
0625
0626 #ifdef CONFIG_NFSD_V4
0627     {   NFS4_ACCESS_XAREAD, NFSD_MAY_READ           },
0628     {   NFS4_ACCESS_XAWRITE,    NFSD_MAY_WRITE          },
0629     {   NFS4_ACCESS_XALIST, NFSD_MAY_READ           },
0630 #endif
0631
0632     {   0,          0               }
0633 };
0634
0635 static struct accessmap nfs3_anyaccess[] = {
0636     /* Some clients - Solaris 2.6 at least, make an access call
0637      * to the server to check for access for things like /dev/null
0638      * (which really, the server doesn't care about).  So
0639      * We provide simple access checking for them, looking
0640      * mainly at mode bits, and we make sure to ignore read-only
0641      * filesystem checks
0642      */
0643     {   NFS3_ACCESS_READ,   NFSD_MAY_READ           },
0644     {   NFS3_ACCESS_EXECUTE,    NFSD_MAY_EXEC           },
0645     {   NFS3_ACCESS_MODIFY, NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS    },
0646     {   NFS3_ACCESS_EXTEND, NFSD_MAY_WRITE|NFSD_MAY_LOCAL_ACCESS    },
0647
0648     {   0,          0               }
0649 };
0650
0651 __be32
0652 nfsd_access(struct svc_rqst *rqstp, struct svc_fh *fhp, u32 *access, u32 *supported)
0653 {
0654     struct accessmap    *map;
0655     struct svc_export   *export;
0656     struct dentry       *dentry;
0657     u32         query, result = 0, sresult = 0;
0658     __be32          error;
0659
0660     error = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP);
0661     if (error)
0662         goto out;
0663
0664     export = fhp->fh_export;
0665     dentry = fhp->fh_dentry;
0666
0667     if (d_is_reg(dentry))
0668         map = nfs3_regaccess;
0669     else if (d_is_dir(dentry))
0670         map = nfs3_diraccess;
0671     else
0672         map = nfs3_anyaccess;
0673
0674
0675     query = *access;
0676     for  (; map->access; map++) {
0677         if (map->access & query) {
0678             __be32 err2;
0679
0680             sresult |= map->access;
0681
0682             err2 = nfsd_permission(rqstp, export, dentry, map->how);
0683             switch (err2) {
0684             case nfs_ok:
0685                 result |= map->access;
0686                 break;
0687
0688             /* the following error codes just mean the access was not allowed,
0689              * rather than an error occurred */
0690             case nfserr_rofs:
0691             case nfserr_acces:
0692             case nfserr_perm:
0693                 /* simply don't "or" in the access bit. */
0694                 break;
0695             default:
0696                 error = err2;
0697                 goto out;
0698             }
0699         }
0700     }
0701     *access = result;
0702     if (supported)
0703         *supported = sresult;
0704
0705  out:
0706     return error;
0707 }
0708
0709 int nfsd_open_break_lease(struct inode *inode, int access)
0710 {
0711     unsigned int mode;
0712
0713     if (access & NFSD_MAY_NOT_BREAK_LEASE)
0714         return 0;
0715     mode = (access & NFSD_MAY_WRITE) ? O_WRONLY : O_RDONLY;
0716     return break_lease(inode, mode | O_NONBLOCK);
0717 }
0718
0719 /*
0720  * Open an existing file or directory.
0721  * The may_flags argument indicates the type of open (read/write/lock)
0722  * and additional flags.
0723  * N.B. After this call fhp needs an fh_put
0724  */
0725 static __be32
0726 __nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
0727             int may_flags, struct file **filp)
0728 {
0729     struct path path;
0730     struct inode    *inode;
0731     struct file *file;
0732     int     flags = O_RDONLY|O_LARGEFILE;
0733     __be32      err;
0734     int     host_err = 0;
0735
0736     path.mnt = fhp->fh_export->ex_path.mnt;
0737     path.dentry = fhp->fh_dentry;
0738     inode = d_inode(path.dentry);
0739
0740     err = nfserr_perm;
0741     if (IS_APPEND(inode) && (may_flags & NFSD_MAY_WRITE))
0742         goto out;
0743
0744     if (!inode->i_fop)
0745         goto out;
0746
0747     host_err = nfsd_open_break_lease(inode, may_flags);
0748     if (host_err) /* NOMEM or WOULDBLOCK */
0749         goto out_nfserr;
0750
0751     if (may_flags & NFSD_MAY_WRITE) {
0752         if (may_flags & NFSD_MAY_READ)
0753             flags = O_RDWR|O_LARGEFILE;
0754         else
0755             flags = O_WRONLY|O_LARGEFILE;
0756     }
0757
0758     file = dentry_open(&path, flags, current_cred());
0759     if (IS_ERR(file)) {
0760         host_err = PTR_ERR(file);
0761         goto out_nfserr;
0762     }
0763
0764     host_err = ima_file_check(file, may_flags);
0765     if (host_err) {
0766         fput(file);
0767         goto out_nfserr;
0768     }
0769
0770     if (may_flags & NFSD_MAY_64BIT_COOKIE)
0771         file->f_mode |= FMODE_64BITHASH;
0772     else
0773         file->f_mode |= FMODE_32BITHASH;
0774
0775     *filp = file;
0776 out_nfserr:
0777     err = nfserrno(host_err);
0778 out:
0779     return err;
0780 }
0781
0782 __be32
0783 nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
0784         int may_flags, struct file **filp)
0785 {
0786     __be32 err;
0787     bool retried = false;
0788
0789     validate_process_creds();
0790     /*
0791      * If we get here, then the client has already done an "open",
0792      * and (hopefully) checked permission - so allow OWNER_OVERRIDE
0793      * in case a chmod has now revoked permission.
0794      *
0795      * Arguably we should also allow the owner override for
0796      * directories, but we never have and it doesn't seem to have
0797      * caused anyone a problem.  If we were to change this, note
0798      * also that our filldir callbacks would need a variant of
0799      * lookup_one_len that doesn't check permissions.
0800      */
0801     if (type == S_IFREG)
0802         may_flags |= NFSD_MAY_OWNER_OVERRIDE;
0803 retry:
0804     err = fh_verify(rqstp, fhp, type, may_flags);
0805     if (!err) {
0806         err = __nfsd_open(rqstp, fhp, type, may_flags, filp);
0807         if (err == nfserr_stale && !retried) {
0808             retried = true;
0809             fh_put(fhp);
0810             goto retry;
0811         }
0812     }
0813     validate_process_creds();
0814     return err;
0815 }
0816
0817 /**
0818  * nfsd_open_verified - Open a regular file for the filecache
0819  * @rqstp: RPC request
0820  * @fhp: NFS filehandle of the file to open
0821  * @may_flags: internal permission flags
0822  * @filp: OUT: open "struct file *"
0823  *
0824  * Returns an nfsstat value in network byte order.
0825  */
0826 __be32
0827 nfsd_open_verified(struct svc_rqst *rqstp, struct svc_fh *fhp, int may_flags,
0828            struct file **filp)
0829 {
0830     __be32 err;
0831
0832     validate_process_creds();
0833     err = __nfsd_open(rqstp, fhp, S_IFREG, may_flags, filp);
0834     validate_process_creds();
0835     return err;
0836 }
0837
0838 /*
0839  * Grab and keep cached pages associated with a file in the svc_rqst
0840  * so that they can be passed to the network sendmsg/sendpage routines
0841  * directly. They will be released after the sending has completed.
0842  */
0843 static int
0844 nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
0845           struct splice_desc *sd)
0846 {
0847     struct svc_rqst *rqstp = sd->u.data;
0848     struct page *page = buf->page;  // may be a compound one
0849     unsigned offset = buf->offset;
0850
0851     page += offset / PAGE_SIZE;
0852     for (int i = sd->len; i > 0; i -= PAGE_SIZE)
0853         svc_rqst_replace_page(rqstp, page++);
0854     if (rqstp->rq_res.page_len == 0)    // first call
0855         rqstp->rq_res.page_base = offset % PAGE_SIZE;
0856     rqstp->rq_res.page_len += sd->len;
0857     return sd->len;
0858 }
0859
0860 static int nfsd_direct_splice_actor(struct pipe_inode_info *pipe,
0861                     struct splice_desc *sd)
0862 {
0863     return __splice_from_pipe(pipe, sd, nfsd_splice_actor);
0864 }
0865
0866 static u32 nfsd_eof_on_read(struct file *file, loff_t offset, ssize_t len,
0867         size_t expected)
0868 {
0869     if (expected != 0 && len == 0)
0870         return 1;
0871     if (offset+len >= i_size_read(file_inode(file)))
0872         return 1;
0873     return 0;
0874 }
0875
0876 static __be32 nfsd_finish_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
0877                    struct file *file, loff_t offset,
0878                    unsigned long *count, u32 *eof, ssize_t host_err)
0879 {
0880     if (host_err >= 0) {
0881         nfsd_stats_io_read_add(fhp->fh_export, host_err);
0882         *eof = nfsd_eof_on_read(file, offset, host_err, *count);
0883         *count = host_err;
0884         fsnotify_access(file);
0885         trace_nfsd_read_io_done(rqstp, fhp, offset, *count);
0886         return 0;
0887     } else {
0888         trace_nfsd_read_err(rqstp, fhp, offset, host_err);
0889         return nfserrno(host_err);
0890     }
0891 }
0892
0893 __be32 nfsd_splice_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
0894             struct file *file, loff_t offset, unsigned long *count,
0895             u32 *eof)
0896 {
0897     struct splice_desc sd = {
0898         .len        = 0,
0899         .total_len  = *count,
0900         .pos        = offset,
0901         .u.data     = rqstp,
0902     };
0903     ssize_t host_err;
0904
0905     trace_nfsd_read_splice(rqstp, fhp, offset, *count);
0906     rqstp->rq_next_page = rqstp->rq_respages + 1;
0907     host_err = splice_direct_to_actor(file, &sd, nfsd_direct_splice_actor);
0908     return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err);
0909 }
0910
0911 __be32 nfsd_readv(struct svc_rqst *rqstp, struct svc_fh *fhp,
0912           struct file *file, loff_t offset,
0913           struct kvec *vec, int vlen, unsigned long *count,
0914           u32 *eof)
0915 {
0916     struct iov_iter iter;
0917     loff_t ppos = offset;
0918     ssize_t host_err;
0919
0920     trace_nfsd_read_vector(rqstp, fhp, offset, *count);
0921     iov_iter_kvec(&iter, READ, vec, vlen, *count);
0922     host_err = vfs_iter_read(file, &iter, &ppos, 0);
0923     return nfsd_finish_read(rqstp, fhp, file, offset, count, eof, host_err);
0924 }
0925
0926 /*
0927  * Gathered writes: If another process is currently writing to the file,
0928  * there's a high chance this is another nfsd (triggered by a bulk write
0929  * from a client's biod). Rather than syncing the file with each write
0930  * request, we sleep for 10 msec.
0931  *
0932  * I don't know if this roughly approximates C. Juszak's idea of
0933  * gathered writes, but it's a nice and simple solution (IMHO), and it
0934  * seems to work:-)
0935  *
0936  * Note: we do this only in the NFSv2 case, since v3 and higher have a
0937  * better tool (separate unstable writes and commits) for solving this
0938  * problem.
0939  */
0940 static int wait_for_concurrent_writes(struct file *file)
0941 {
0942     struct inode *inode = file_inode(file);
0943     static ino_t last_ino;
0944     static dev_t last_dev;
0945     int err = 0;
0946
0947     if (atomic_read(&inode->i_writecount) > 1
0948         || (last_ino == inode->i_ino && last_dev == inode->i_sb->s_dev)) {
0949         dprintk("nfsd: write defer %d\n", task_pid_nr(current));
0950         msleep(10);
0951         dprintk("nfsd: write resume %d\n", task_pid_nr(current));
0952     }
0953
0954     if (inode->i_state & I_DIRTY) {
0955         dprintk("nfsd: write sync %d\n", task_pid_nr(current));
0956         err = vfs_fsync(file, 0);
0957     }
0958     last_ino = inode->i_ino;
0959     last_dev = inode->i_sb->s_dev;
0960     return err;
0961 }
0962
0963 __be32
0964 nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfsd_file *nf,
0965                 loff_t offset, struct kvec *vec, int vlen,
0966                 unsigned long *cnt, int stable,
0967                 __be32 *verf)
0968 {
0969     struct nfsd_net     *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
0970     struct file     *file = nf->nf_file;
0971     struct super_block  *sb = file_inode(file)->i_sb;
0972     struct svc_export   *exp;
0973     struct iov_iter     iter;
0974     errseq_t        since;
0975     __be32          nfserr;
0976     int         host_err;
0977     int         use_wgather;
0978     loff_t          pos = offset;
0979     unsigned long       exp_op_flags = 0;
0980     unsigned int        pflags = current->flags;
0981     rwf_t           flags = 0;
0982     bool            restore_flags = false;
0983
0984     trace_nfsd_write_opened(rqstp, fhp, offset, *cnt);
0985
0986     if (sb->s_export_op)
0987         exp_op_flags = sb->s_export_op->flags;
0988
0989     if (test_bit(RQ_LOCAL, &rqstp->rq_flags) &&
0990         !(exp_op_flags & EXPORT_OP_REMOTE_FS)) {
0991         /*
0992          * We want throttling in balance_dirty_pages()
0993          * and shrink_inactive_list() to only consider
0994          * the backingdev we are writing to, so that nfs to
0995          * localhost doesn't cause nfsd to lock up due to all
0996          * the client's dirty pages or its congested queue.
0997          */
0998         current->flags |= PF_LOCAL_THROTTLE;
0999         restore_flags = true;
1000     }
1001
1002     exp = fhp->fh_export;
1003     use_wgather = (rqstp->rq_vers == 2) && EX_WGATHER(exp);
1004
1005     if (!EX_ISSYNC(exp))
1006         stable = NFS_UNSTABLE;
1007
1008     if (stable && !use_wgather)
1009         flags |= RWF_SYNC;
1010
1011     iov_iter_kvec(&iter, WRITE, vec, vlen, *cnt);
1012     since = READ_ONCE(file->f_wb_err);
1013     if (verf)
1014         nfsd_copy_write_verifier(verf, nn);
1015     host_err = vfs_iter_write(file, &iter, &pos, flags);
1016     if (host_err < 0) {
1017         nfsd_reset_write_verifier(nn);
1018         trace_nfsd_writeverf_reset(nn, rqstp, host_err);
1019         goto out_nfserr;
1020     }
1021     *cnt = host_err;
1022     nfsd_stats_io_write_add(exp, *cnt);
1023     fsnotify_modify(file);
1024     host_err = filemap_check_wb_err(file->f_mapping, since);
1025     if (host_err < 0)
1026         goto out_nfserr;
1027
1028     if (stable && use_wgather) {
1029         host_err = wait_for_concurrent_writes(file);
1030         if (host_err < 0) {
1031             nfsd_reset_write_verifier(nn);
1032             trace_nfsd_writeverf_reset(nn, rqstp, host_err);
1033         }
1034     }
1035
1036 out_nfserr:
1037     if (host_err >= 0) {
1038         trace_nfsd_write_io_done(rqstp, fhp, offset, *cnt);
1039         nfserr = nfs_ok;
1040     } else {
1041         trace_nfsd_write_err(rqstp, fhp, offset, host_err);
1042         nfserr = nfserrno(host_err);
1043     }
1044     if (restore_flags)
1045         current_restore_flags(pflags, PF_LOCAL_THROTTLE);
1046     return nfserr;
1047 }
1048
1049 /*
1050  * Read data from a file. count must contain the requested read count
1051  * on entry. On return, *count contains the number of bytes actually read.
1052  * N.B. After this call fhp needs an fh_put
1053  */
1054 __be32 nfsd_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
1055     loff_t offset, struct kvec *vec, int vlen, unsigned long *count,
1056     u32 *eof)
1057 {
1058     struct nfsd_file    *nf;
1059     struct file *file;
1060     __be32 err;
1061
1062     trace_nfsd_read_start(rqstp, fhp, offset, *count);
1063     err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf);
1064     if (err)
1065         return err;
1066
1067     file = nf->nf_file;
1068     if (file->f_op->splice_read && test_bit(RQ_SPLICE_OK, &rqstp->rq_flags))
1069         err = nfsd_splice_read(rqstp, fhp, file, offset, count, eof);
1070     else
1071         err = nfsd_readv(rqstp, fhp, file, offset, vec, vlen, count, eof);
1072
1073     nfsd_file_put(nf);
1074
1075     trace_nfsd_read_done(rqstp, fhp, offset, *count);
1076
1077     return err;
1078 }
1079
1080 /*
1081  * Write data to a file.
1082  * The stable flag requests synchronous writes.
1083  * N.B. After this call fhp needs an fh_put
1084  */
1085 __be32
1086 nfsd_write(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t offset,
1087        struct kvec *vec, int vlen, unsigned long *cnt, int stable,
1088        __be32 *verf)
1089 {
1090     struct nfsd_file *nf;
1091     __be32 err;
1092
1093     trace_nfsd_write_start(rqstp, fhp, offset, *cnt);
1094
1095     err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_WRITE, &nf);
1096     if (err)
1097         goto out;
1098
1099     err = nfsd_vfs_write(rqstp, fhp, nf, offset, vec,
1100             vlen, cnt, stable, verf);
1101     nfsd_file_put(nf);
1102 out:
1103     trace_nfsd_write_done(rqstp, fhp, offset, *cnt);
1104     return err;
1105 }
1106
1107 /**
1108  * nfsd_commit - Commit pending writes to stable storage
1109  * @rqstp: RPC request being processed
1110  * @fhp: NFS filehandle
1111  * @offset: raw offset from beginning of file
1112  * @count: raw count of bytes to sync
1113  * @verf: filled in with the server's current write verifier
1114  *
1115  * Note: we guarantee that data that lies within the range specified
1116  * by the 'offset' and 'count' parameters will be synced. The server
1117  * is permitted to sync data that lies outside this range at the
1118  * same time.
1119  *
1120  * Unfortunately we cannot lock the file to make sure we return full WCC
1121  * data to the client, as locking happens lower down in the filesystem.
1122  *
1123  * Return values:
1124  *   An nfsstat value in network byte order.
1125  */
1126 __be32
1127 nfsd_commit(struct svc_rqst *rqstp, struct svc_fh *fhp, u64 offset,
1128         u32 count, __be32 *verf)
1129 {
1130     u64         maxbytes;
1131     loff_t          start, end;
1132     struct nfsd_net     *nn;
1133     struct nfsd_file    *nf;
1134     __be32          err;
1135
1136     err = nfsd_file_acquire(rqstp, fhp,
1137             NFSD_MAY_WRITE|NFSD_MAY_NOT_BREAK_LEASE, &nf);
1138     if (err)
1139         goto out;
1140
1141     /*
1142      * Convert the client-provided (offset, count) range to a
1143      * (start, end) range. If the client-provided range falls
1144      * outside the maximum file size of the underlying FS,
1145      * clamp the sync range appropriately.
1146      */
1147     start = 0;
1148     end = LLONG_MAX;
1149     maxbytes = (u64)fhp->fh_dentry->d_sb->s_maxbytes;
1150     if (offset < maxbytes) {
1151         start = offset;
1152         if (count && (offset + count - 1 < maxbytes))
1153             end = offset + count - 1;
1154     }
1155
1156     nn = net_generic(nf->nf_net, nfsd_net_id);
1157     if (EX_ISSYNC(fhp->fh_export)) {
1158         errseq_t since = READ_ONCE(nf->nf_file->f_wb_err);
1159         int err2;
1160
1161         err2 = vfs_fsync_range(nf->nf_file, start, end, 0);
1162         switch (err2) {
1163         case 0:
1164             nfsd_copy_write_verifier(verf, nn);
1165             err2 = filemap_check_wb_err(nf->nf_file->f_mapping,
1166                             since);
1167             err = nfserrno(err2);
1168             break;
1169         case -EINVAL:
1170             err = nfserr_notsupp;
1171             break;
1172         default:
1173             nfsd_reset_write_verifier(nn);
1174             trace_nfsd_writeverf_reset(nn, rqstp, err2);
1175             err = nfserrno(err2);
1176         }
1177     } else
1178         nfsd_copy_write_verifier(verf, nn);
1179
1180     nfsd_file_put(nf);
1181 out:
1182     return err;
1183 }
1184
1185 /**
1186  * nfsd_create_setattr - Set a created file's attributes
1187  * @rqstp: RPC transaction being executed
1188  * @fhp: NFS filehandle of parent directory
1189  * @resfhp: NFS filehandle of new object
1190  * @attrs: requested attributes of new object
1191  *
1192  * Returns nfs_ok on success, or an nfsstat in network byte order.
1193  */
1194 __be32
1195 nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp,
1196             struct svc_fh *resfhp, struct nfsd_attrs *attrs)
1197 {
1198     struct iattr *iap = attrs->na_iattr;
1199     __be32 status;
1200
1201     /*
1202      * Mode has already been set by file creation.
1203      */
1204     iap->ia_valid &= ~ATTR_MODE;
1205
1206     /*
1207      * Setting uid/gid works only for root.  Irix appears to
1208      * send along the gid on create when it tries to implement
1209      * setgid directories via NFS:
1210      */
1211     if (!uid_eq(current_fsuid(), GLOBAL_ROOT_UID))
1212         iap->ia_valid &= ~(ATTR_UID|ATTR_GID);
1213
1214     /*
1215      * Callers expect new file metadata to be committed even
1216      * if the attributes have not changed.
1217      */
1218     if (iap->ia_valid)
1219         status = nfsd_setattr(rqstp, resfhp, attrs, 0, (time64_t)0);
1220     else
1221         status = nfserrno(commit_metadata(resfhp));
1222
1223     /*
1224      * Transactional filesystems had a chance to commit changes
1225      * for both parent and child simultaneously making the
1226      * following commit_metadata a noop in many cases.
1227      */
1228     if (!status)
1229         status = nfserrno(commit_metadata(fhp));
1230
1231     /*
1232      * Update the new filehandle to pick up the new attributes.
1233      */
1234     if (!status)
1235         status = fh_update(resfhp);
1236
1237     return status;
1238 }
1239
1240 /* HPUX client sometimes creates a file in mode 000, and sets size to 0.
1241  * setting size to 0 may fail for some specific file systems by the permission
1242  * checking which requires WRITE permission but the mode is 000.
1243  * we ignore the resizing(to 0) on the just new created file, since the size is
1244  * 0 after file created.
1245  *
1246  * call this only after vfs_create() is called.
1247  * */
1248 static void
1249 nfsd_check_ignore_resizing(struct iattr *iap)
1250 {
1251     if ((iap->ia_valid & ATTR_SIZE) && (iap->ia_size == 0))
1252         iap->ia_valid &= ~ATTR_SIZE;
1253 }
1254
1255 /* The parent directory should already be locked: */
1256 __be32
1257 nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp,
1258            char *fname, int flen, struct nfsd_attrs *attrs,
1259            int type, dev_t rdev, struct svc_fh *resfhp)
1260 {
1261     struct dentry   *dentry, *dchild;
1262     struct inode    *dirp;
1263     struct iattr    *iap = attrs->na_iattr;
1264     __be32      err;
1265     int     host_err;
1266
1267     dentry = fhp->fh_dentry;
1268     dirp = d_inode(dentry);
1269
1270     dchild = dget(resfhp->fh_dentry);
1271     err = nfsd_permission(rqstp, fhp->fh_export, dentry, NFSD_MAY_CREATE);
1272     if (err)
1273         goto out;
1274
1275     if (!(iap->ia_valid & ATTR_MODE))
1276         iap->ia_mode = 0;
1277     iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type;
1278
1279     if (!IS_POSIXACL(dirp))
1280         iap->ia_mode &= ~current_umask();
1281
1282     err = 0;
1283     host_err = 0;
1284     switch (type) {
1285     case S_IFREG:
1286         host_err = vfs_create(&init_user_ns, dirp, dchild, iap->ia_mode, true);
1287         if (!host_err)
1288             nfsd_check_ignore_resizing(iap);
1289         break;
1290     case S_IFDIR:
1291         host_err = vfs_mkdir(&init_user_ns, dirp, dchild, iap->ia_mode);
1292         if (!host_err && unlikely(d_unhashed(dchild))) {
1293             struct dentry *d;
1294             d = lookup_one_len(dchild->d_name.name,
1295                        dchild->d_parent,
1296                        dchild->d_name.len);
1297             if (IS_ERR(d)) {
1298                 host_err = PTR_ERR(d);
1299                 break;
1300             }
1301             if (unlikely(d_is_negative(d))) {
1302                 dput(d);
1303                 err = nfserr_serverfault;
1304                 goto out;
1305             }
1306             dput(resfhp->fh_dentry);
1307             resfhp->fh_dentry = dget(d);
1308             err = fh_update(resfhp);
1309             dput(dchild);
1310             dchild = d;
1311             if (err)
1312                 goto out;
1313         }
1314         break;
1315     case S_IFCHR:
1316     case S_IFBLK:
1317     case S_IFIFO:
1318     case S_IFSOCK:
1319         host_err = vfs_mknod(&init_user_ns, dirp, dchild,
1320                      iap->ia_mode, rdev);
1321         break;
1322     default:
1323         printk(KERN_WARNING "nfsd: bad file type %o in nfsd_create\n",
1324                type);
1325         host_err = -EINVAL;
1326     }
1327     if (host_err < 0)
1328         goto out_nfserr;
1329
1330     err = nfsd_create_setattr(rqstp, fhp, resfhp, attrs);
1331
1332 out:
1333     dput(dchild);
1334     return err;
1335
1336 out_nfserr:
1337     err = nfserrno(host_err);
1338     goto out;
1339 }
1340
1341 /*
1342  * Create a filesystem object (regular, directory, special).
1343  * Note that the parent directory is left locked.
1344  *
1345  * N.B. Every call to nfsd_create needs an fh_put for _both_ fhp and resfhp
1346  */
1347 __be32
1348 nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
1349         char *fname, int flen, struct nfsd_attrs *attrs,
1350         int type, dev_t rdev, struct svc_fh *resfhp)
1351 {
1352     struct dentry   *dentry, *dchild = NULL;
1353     __be32      err;
1354     int     host_err;
1355
1356     if (isdotent(fname, flen))
1357         return nfserr_exist;
1358
1359     err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_NOP);
1360     if (err)
1361         return err;
1362
1363     dentry = fhp->fh_dentry;
1364
1365     host_err = fh_want_write(fhp);
1366     if (host_err)
1367         return nfserrno(host_err);
1368
1369     inode_lock_nested(dentry->d_inode, I_MUTEX_PARENT);
1370     dchild = lookup_one_len(fname, dentry, flen);
1371     host_err = PTR_ERR(dchild);
1372     if (IS_ERR(dchild)) {
1373         err = nfserrno(host_err);
1374         goto out_unlock;
1375     }
1376     err = fh_compose(resfhp, fhp->fh_export, dchild, fhp);
1377     /*
1378      * We unconditionally drop our ref to dchild as fh_compose will have
1379      * already grabbed its own ref for it.
1380      */
1381     dput(dchild);
1382     if (err)
1383         goto out_unlock;
1384     fh_fill_pre_attrs(fhp);
1385     err = nfsd_create_locked(rqstp, fhp, fname, flen, attrs, type,
1386                  rdev, resfhp);
1387     fh_fill_post_attrs(fhp);
1388 out_unlock:
1389     inode_unlock(dentry->d_inode);
1390     return err;
1391 }
1392
1393 /*
1394  * Read a symlink. On entry, *lenp must contain the maximum path length that
1395  * fits into the buffer. On return, it contains the true length.
1396  * N.B. After this call fhp needs an fh_put
1397  */
1398 __be32
1399 nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
1400 {
1401     __be32      err;
1402     const char *link;
1403     struct path path;
1404     DEFINE_DELAYED_CALL(done);
1405     int len;
1406
1407     err = fh_verify(rqstp, fhp, S_IFLNK, NFSD_MAY_NOP);
1408     if (unlikely(err))
1409         return err;
1410
1411     path.mnt = fhp->fh_export->ex_path.mnt;
1412     path.dentry = fhp->fh_dentry;
1413
1414     if (unlikely(!d_is_symlink(path.dentry)))
1415         return nfserr_inval;
1416
1417     touch_atime(&path);
1418
1419     link = vfs_get_link(path.dentry, &done);
1420     if (IS_ERR(link))
1421         return nfserrno(PTR_ERR(link));
1422
1423     len = strlen(link);
1424     if (len < *lenp)
1425         *lenp = len;
1426     memcpy(buf, link, *lenp);
1427     do_delayed_call(&done);
1428     return 0;
1429 }
1430
1431 /**
1432  * nfsd_symlink - Create a symlink and look up its inode
1433  * @rqstp: RPC transaction being executed
1434  * @fhp: NFS filehandle of parent directory
1435  * @fname: filename of the new symlink
1436  * @flen: length of @fname
1437  * @path: content of the new symlink (NUL-terminated)
1438  * @attrs: requested attributes of new object
1439  * @resfhp: NFS filehandle of new object
1440  *
1441  * N.B. After this call _both_ fhp and resfhp need an fh_put
1442  *
1443  * Returns nfs_ok on success, or an nfsstat in network byte order.
1444  */
1445 __be32
1446 nfsd_symlink(struct svc_rqst *rqstp, struct svc_fh *fhp,
1447          char *fname, int flen,
1448          char *path, struct nfsd_attrs *attrs,
1449          struct svc_fh *resfhp)
1450 {
1451     struct dentry   *dentry, *dnew;
1452     __be32      err, cerr;
1453     int     host_err;
1454
1455     err = nfserr_noent;
1456     if (!flen || path[0] == '\0')
1457         goto out;
1458     err = nfserr_exist;
1459     if (isdotent(fname, flen))
1460         goto out;
1461
1462     err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_CREATE);
1463     if (err)
1464         goto out;
1465
1466     host_err = fh_want_write(fhp);
1467     if (host_err) {
1468         err = nfserrno(host_err);
1469         goto out;
1470     }
1471
1472     dentry = fhp->fh_dentry;
1473     inode_lock_nested(dentry->d_inode, I_MUTEX_PARENT);
1474     dnew = lookup_one_len(fname, dentry, flen);
1475     if (IS_ERR(dnew)) {
1476         err = nfserrno(PTR_ERR(dnew));
1477         inode_unlock(dentry->d_inode);
1478         goto out_drop_write;
1479     }
1480     fh_fill_pre_attrs(fhp);
1481     host_err = vfs_symlink(&init_user_ns, d_inode(dentry), dnew, path);
1482     err = nfserrno(host_err);
1483     cerr = fh_compose(resfhp, fhp->fh_export, dnew, fhp);
1484     if (!err)
1485         nfsd_create_setattr(rqstp, fhp, resfhp, attrs);
1486     fh_fill_post_attrs(fhp);
1487     inode_unlock(dentry->d_inode);
1488     if (!err)
1489         err = nfserrno(commit_metadata(fhp));
1490     dput(dnew);
1491     if (err==0) err = cerr;
1492 out_drop_write:
1493     fh_drop_write(fhp);
1494 out:
1495     return err;
1496 }
1497
1498 /*
1499  * Create a hardlink
1500  * N.B. After this call _both_ ffhp and tfhp need an fh_put
1501  */
1502 __be32
1503 nfsd_link(struct svc_rqst *rqstp, struct svc_fh *ffhp,
1504                 char *name, int len, struct svc_fh *tfhp)
1505 {
1506     struct dentry   *ddir, *dnew, *dold;
1507     struct inode    *dirp;
1508     __be32      err;
1509     int     host_err;
1510
1511     err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_CREATE);
1512     if (err)
1513         goto out;
1514     err = fh_verify(rqstp, tfhp, 0, NFSD_MAY_NOP);
1515     if (err)
1516         goto out;
1517     err = nfserr_isdir;
1518     if (d_is_dir(tfhp->fh_dentry))
1519         goto out;
1520     err = nfserr_perm;
1521     if (!len)
1522         goto out;
1523     err = nfserr_exist;
1524     if (isdotent(name, len))
1525         goto out;
1526
1527     host_err = fh_want_write(tfhp);
1528     if (host_err) {
1529         err = nfserrno(host_err);
1530         goto out;
1531     }
1532
1533     ddir = ffhp->fh_dentry;
1534     dirp = d_inode(ddir);
1535     inode_lock_nested(dirp, I_MUTEX_PARENT);
1536
1537     dnew = lookup_one_len(name, ddir, len);
1538     if (IS_ERR(dnew)) {
1539         err = nfserrno(PTR_ERR(dnew));
1540         goto out_unlock;
1541     }
1542
1543     dold = tfhp->fh_dentry;
1544
1545     err = nfserr_noent;
1546     if (d_really_is_negative(dold))
1547         goto out_dput;
1548     fh_fill_pre_attrs(ffhp);
1549     host_err = vfs_link(dold, &init_user_ns, dirp, dnew, NULL);
1550     fh_fill_post_attrs(ffhp);
1551     inode_unlock(dirp);
1552     if (!host_err) {
1553         err = nfserrno(commit_metadata(ffhp));
1554         if (!err)
1555             err = nfserrno(commit_metadata(tfhp));
1556     } else {
1557         if (host_err == -EXDEV && rqstp->rq_vers == 2)
1558             err = nfserr_acces;
1559         else
1560             err = nfserrno(host_err);
1561     }
1562     dput(dnew);
1563 out_drop_write:
1564     fh_drop_write(tfhp);
1565 out:
1566     return err;
1567
1568 out_dput:
1569     dput(dnew);
1570 out_unlock:
1571     inode_unlock(dirp);
1572     goto out_drop_write;
1573 }
1574
1575 static void
1576 nfsd_close_cached_files(struct dentry *dentry)
1577 {
1578     struct inode *inode = d_inode(dentry);
1579
1580     if (inode && S_ISREG(inode->i_mode))
1581         nfsd_file_close_inode_sync(inode);
1582 }
1583
1584 static bool
1585 nfsd_has_cached_files(struct dentry *dentry)
1586 {
1587     bool        ret = false;
1588     struct inode *inode = d_inode(dentry);
1589
1590     if (inode && S_ISREG(inode->i_mode))
1591         ret = nfsd_file_is_cached(inode);
1592     return ret;
1593 }
1594
1595 /*
1596  * Rename a file
1597  * N.B. After this call _both_ ffhp and tfhp need an fh_put
1598  */
1599 __be32
1600 nfsd_rename(struct svc_rqst *rqstp, struct svc_fh *ffhp, char *fname, int flen,
1601                 struct svc_fh *tfhp, char *tname, int tlen)
1602 {
1603     struct dentry   *fdentry, *tdentry, *odentry, *ndentry, *trap;
1604     struct inode    *fdir, *tdir;
1605     __be32      err;
1606     int     host_err;
1607     bool        close_cached = false;
1608
1609     err = fh_verify(rqstp, ffhp, S_IFDIR, NFSD_MAY_REMOVE);
1610     if (err)
1611         goto out;
1612     err = fh_verify(rqstp, tfhp, S_IFDIR, NFSD_MAY_CREATE);
1613     if (err)
1614         goto out;
1615
1616     fdentry = ffhp->fh_dentry;
1617     fdir = d_inode(fdentry);
1618
1619     tdentry = tfhp->fh_dentry;
1620     tdir = d_inode(tdentry);
1621
1622     err = nfserr_perm;
1623     if (!flen || isdotent(fname, flen) || !tlen || isdotent(tname, tlen))
1624         goto out;
1625
1626 retry:
1627     host_err = fh_want_write(ffhp);
1628     if (host_err) {
1629         err = nfserrno(host_err);
1630         goto out;
1631     }
1632
1633     trap = lock_rename(tdentry, fdentry);
1634     fh_fill_pre_attrs(ffhp);
1635     fh_fill_pre_attrs(tfhp);
1636
1637     odentry = lookup_one_len(fname, fdentry, flen);
1638     host_err = PTR_ERR(odentry);
1639     if (IS_ERR(odentry))
1640         goto out_nfserr;
1641
1642     host_err = -ENOENT;
1643     if (d_really_is_negative(odentry))
1644         goto out_dput_old;
1645     host_err = -EINVAL;
1646     if (odentry == trap)
1647         goto out_dput_old;
1648
1649     ndentry = lookup_one_len(tname, tdentry, tlen);
1650     host_err = PTR_ERR(ndentry);
1651     if (IS_ERR(ndentry))
1652         goto out_dput_old;
1653     host_err = -ENOTEMPTY;
1654     if (ndentry == trap)
1655         goto out_dput_new;
1656
1657     host_err = -EXDEV;
1658     if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt)
1659         goto out_dput_new;
1660     if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry)
1661         goto out_dput_new;
1662
1663     if ((ndentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK) &&
1664         nfsd_has_cached_files(ndentry)) {
1665         close_cached = true;
1666         goto out_dput_old;
1667     } else {
1668         struct renamedata rd = {
1669             .old_mnt_userns = &init_user_ns,
1670             .old_dir    = fdir,
1671             .old_dentry = odentry,
1672             .new_mnt_userns = &init_user_ns,
1673             .new_dir    = tdir,
1674             .new_dentry = ndentry,
1675         };
1676         host_err = vfs_rename(&rd);
1677         if (!host_err) {
1678             host_err = commit_metadata(tfhp);
1679             if (!host_err)
1680                 host_err = commit_metadata(ffhp);
1681         }
1682     }
1683  out_dput_new:
1684     dput(ndentry);
1685  out_dput_old:
1686     dput(odentry);
1687  out_nfserr:
1688     err = nfserrno(host_err);
1689
1690     if (!close_cached) {
1691         fh_fill_post_attrs(ffhp);
1692         fh_fill_post_attrs(tfhp);
1693     }
1694     unlock_rename(tdentry, fdentry);
1695     fh_drop_write(ffhp);
1696
1697     /*
1698      * If the target dentry has cached open files, then we need to try to
1699      * close them prior to doing the rename. Flushing delayed fput
1700      * shouldn't be done with locks held however, so we delay it until this
1701      * point and then reattempt the whole shebang.
1702      */
1703     if (close_cached) {
1704         close_cached = false;
1705         nfsd_close_cached_files(ndentry);
1706         dput(ndentry);
1707         goto retry;
1708     }
1709 out:
1710     return err;
1711 }
1712
1713 /*
1714  * Unlink a file or directory
1715  * N.B. After this call fhp needs an fh_put
1716  */
1717 __be32
1718 nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
1719                 char *fname, int flen)
1720 {
1721     struct dentry   *dentry, *rdentry;
1722     struct inode    *dirp;
1723     struct inode    *rinode;
1724     __be32      err;
1725     int     host_err;
1726
1727     err = nfserr_acces;
1728     if (!flen || isdotent(fname, flen))
1729         goto out;
1730     err = fh_verify(rqstp, fhp, S_IFDIR, NFSD_MAY_REMOVE);
1731     if (err)
1732         goto out;
1733
1734     host_err = fh_want_write(fhp);
1735     if (host_err)
1736         goto out_nfserr;
1737
1738     dentry = fhp->fh_dentry;
1739     dirp = d_inode(dentry);
1740     inode_lock_nested(dirp, I_MUTEX_PARENT);
1741
1742     rdentry = lookup_one_len(fname, dentry, flen);
1743     host_err = PTR_ERR(rdentry);
1744     if (IS_ERR(rdentry))
1745         goto out_unlock;
1746
1747     if (d_really_is_negative(rdentry)) {
1748         dput(rdentry);
1749         host_err = -ENOENT;
1750         goto out_unlock;
1751     }
1752     rinode = d_inode(rdentry);
1753     ihold(rinode);
1754
1755     if (!type)
1756         type = d_inode(rdentry)->i_mode & S_IFMT;
1757
1758     fh_fill_pre_attrs(fhp);
1759     if (type != S_IFDIR) {
1760         if (rdentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK)
1761             nfsd_close_cached_files(rdentry);
1762         host_err = vfs_unlink(&init_user_ns, dirp, rdentry, NULL);
1763     } else {
1764         host_err = vfs_rmdir(&init_user_ns, dirp, rdentry);
1765     }
1766     fh_fill_post_attrs(fhp);
1767
1768     inode_unlock(dirp);
1769     if (!host_err)
1770         host_err = commit_metadata(fhp);
1771     dput(rdentry);
1772     iput(rinode);    /* truncate the inode here */
1773
1774 out_drop_write:
1775     fh_drop_write(fhp);
1776 out_nfserr:
1777     if (host_err == -EBUSY) {
1778         /* name is mounted-on. There is no perfect
1779          * error status.
1780          */
1781         if (nfsd_v4client(rqstp))
1782             err = nfserr_file_open;
1783         else
1784             err = nfserr_acces;
1785     } else {
1786         err = nfserrno(host_err);
1787     }
1788 out:
1789     return err;
1790 out_unlock:
1791     inode_unlock(dirp);
1792     goto out_drop_write;
1793 }
1794
1795 /*
1796  * We do this buffering because we must not call back into the file
1797  * system's ->lookup() method from the filldir callback. That may well
1798  * deadlock a number of file systems.
1799  *
1800  * This is based heavily on the implementation of same in XFS.
1801  */
1802 struct buffered_dirent {
1803     u64     ino;
1804     loff_t      offset;
1805     int     namlen;
1806     unsigned int    d_type;
1807     char        name[];
1808 };
1809
1810 struct readdir_data {
1811     struct dir_context ctx;
1812     char        *dirent;
1813     size_t      used;
1814     int     full;
1815 };
1816
1817 static int nfsd_buffered_filldir(struct dir_context *ctx, const char *name,
1818                  int namlen, loff_t offset, u64 ino,
1819                  unsigned int d_type)
1820 {
1821     struct readdir_data *buf =
1822         container_of(ctx, struct readdir_data, ctx);
1823     struct buffered_dirent *de = (void *)(buf->dirent + buf->used);
1824     unsigned int reclen;
1825
1826     reclen = ALIGN(sizeof(struct buffered_dirent) + namlen, sizeof(u64));
1827     if (buf->used + reclen > PAGE_SIZE) {
1828         buf->full = 1;
1829         return -EINVAL;
1830     }
1831
1832     de->namlen = namlen;
1833     de->offset = offset;
1834     de->ino = ino;
1835     de->d_type = d_type;
1836     memcpy(de->name, name, namlen);
1837     buf->used += reclen;
1838
1839     return 0;
1840 }
1841
1842 static __be32 nfsd_buffered_readdir(struct file *file, struct svc_fh *fhp,
1843                     nfsd_filldir_t func, struct readdir_cd *cdp,
1844                     loff_t *offsetp)
1845 {
1846     struct buffered_dirent *de;
1847     int host_err;
1848     int size;
1849     loff_t offset;
1850     struct readdir_data buf = {
1851         .ctx.actor = nfsd_buffered_filldir,
1852         .dirent = (void *)__get_free_page(GFP_KERNEL)
1853     };
1854
1855     if (!buf.dirent)
1856         return nfserrno(-ENOMEM);
1857
1858     offset = *offsetp;
1859
1860     while (1) {
1861         unsigned int reclen;
1862
1863         cdp->err = nfserr_eof; /* will be cleared on successful read */
1864         buf.used = 0;
1865         buf.full = 0;
1866
1867         host_err = iterate_dir(file, &buf.ctx);
1868         if (buf.full)
1869             host_err = 0;
1870
1871         if (host_err < 0)
1872             break;
1873
1874         size = buf.used;
1875
1876         if (!size)
1877             break;
1878
1879         de = (struct buffered_dirent *)buf.dirent;
1880         while (size > 0) {
1881             offset = de->offset;
1882
1883             if (func(cdp, de->name, de->namlen, de->offset,
1884                  de->ino, de->d_type))
1885                 break;
1886
1887             if (cdp->err != nfs_ok)
1888                 break;
1889
1890             trace_nfsd_dirent(fhp, de->ino, de->name, de->namlen);
1891
1892             reclen = ALIGN(sizeof(*de) + de->namlen,
1893                        sizeof(u64));
1894             size -= reclen;
1895             de = (struct buffered_dirent *)((char *)de + reclen);
1896         }
1897         if (size > 0) /* We bailed out early */
1898             break;
1899
1900         offset = vfs_llseek(file, 0, SEEK_CUR);
1901     }
1902
1903     free_page((unsigned long)(buf.dirent));
1904
1905     if (host_err)
1906         return nfserrno(host_err);
1907
1908     *offsetp = offset;
1909     return cdp->err;
1910 }
1911
1912 /*
1913  * Read entries from a directory.
1914  * The  NFSv3/4 verifier we ignore for now.
1915  */
1916 __be32
1917 nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp,
1918          struct readdir_cd *cdp, nfsd_filldir_t func)
1919 {
1920     __be32      err;
1921     struct file *file;
1922     loff_t      offset = *offsetp;
1923     int             may_flags = NFSD_MAY_READ;
1924
1925     /* NFSv2 only supports 32 bit cookies */
1926     if (rqstp->rq_vers > 2)
1927         may_flags |= NFSD_MAY_64BIT_COOKIE;
1928
1929     err = nfsd_open(rqstp, fhp, S_IFDIR, may_flags, &file);
1930     if (err)
1931         goto out;
1932
1933     offset = vfs_llseek(file, offset, SEEK_SET);
1934     if (offset < 0) {
1935         err = nfserrno((int)offset);
1936         goto out_close;
1937     }
1938
1939     err = nfsd_buffered_readdir(file, fhp, func, cdp, offsetp);
1940
1941     if (err == nfserr_eof || err == nfserr_toosmall)
1942         err = nfs_ok; /* can still be found in ->err */
1943 out_close:
1944     fput(file);
1945 out:
1946     return err;
1947 }
1948
1949 /*
1950  * Get file system stats
1951  * N.B. After this call fhp needs an fh_put
1952  */
1953 __be32
1954 nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat, int access)
1955 {
1956     __be32 err;
1957
1958     err = fh_verify(rqstp, fhp, 0, NFSD_MAY_NOP | access);
1959     if (!err) {
1960         struct path path = {
1961             .mnt    = fhp->fh_export->ex_path.mnt,
1962             .dentry = fhp->fh_dentry,
1963         };
1964         if (vfs_statfs(&path, stat))
1965             err = nfserr_io;
1966     }
1967     return err;
1968 }
1969
1970 static int exp_rdonly(struct svc_rqst *rqstp, struct svc_export *exp)
1971 {
1972     return nfsexp_flags(rqstp, exp) & NFSEXP_READONLY;
1973 }
1974
1975 #ifdef CONFIG_NFSD_V4
1976 /*
1977  * Helper function to translate error numbers. In the case of xattr operations,
1978  * some error codes need to be translated outside of the standard translations.
1979  *
1980  * ENODATA needs to be translated to nfserr_noxattr.
1981  * E2BIG to nfserr_xattr2big.
1982  *
1983  * Additionally, vfs_listxattr can return -ERANGE. This means that the
1984  * file has too many extended attributes to retrieve inside an
1985  * XATTR_LIST_MAX sized buffer. This is a bug in the xattr implementation:
1986  * filesystems will allow the adding of extended attributes until they hit
1987  * their own internal limit. This limit may be larger than XATTR_LIST_MAX.
1988  * So, at that point, the attributes are present and valid, but can't
1989  * be retrieved using listxattr, since the upper level xattr code enforces
1990  * the XATTR_LIST_MAX limit.
1991  *
1992  * This bug means that we need to deal with listxattr returning -ERANGE. The
1993  * best mapping is to return TOOSMALL.
1994  */
1995 static __be32
1996 nfsd_xattr_errno(int err)
1997 {
1998     switch (err) {
1999     case -ENODATA:
2000         return nfserr_noxattr;
2001     case -E2BIG:
2002         return nfserr_xattr2big;
2003     case -ERANGE:
2004         return nfserr_toosmall;
2005     }
2006     return nfserrno(err);
2007 }
2008
2009 /*
2010  * Retrieve the specified user extended attribute. To avoid always
2011  * having to allocate the maximum size (since we are not getting
2012  * a maximum size from the RPC), do a probe + alloc. Hold a reader
2013  * lock on i_rwsem to prevent the extended attribute from changing
2014  * size while we're doing this.
2015  */
2016 __be32
2017 nfsd_getxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name,
2018           void **bufp, int *lenp)
2019 {
2020     ssize_t len;
2021     __be32 err;
2022     char *buf;
2023     struct inode *inode;
2024     struct dentry *dentry;
2025
2026     err = fh_verify(rqstp, fhp, 0, NFSD_MAY_READ);
2027     if (err)
2028         return err;
2029
2030     err = nfs_ok;
2031     dentry = fhp->fh_dentry;
2032     inode = d_inode(dentry);
2033
2034     inode_lock_shared(inode);
2035
2036     len = vfs_getxattr(&init_user_ns, dentry, name, NULL, 0);
2037
2038     /*
2039      * Zero-length attribute, just return.
2040      */
2041     if (len == 0) {
2042         *bufp = NULL;
2043         *lenp = 0;
2044         goto out;
2045     }
2046
2047     if (len < 0) {
2048         err = nfsd_xattr_errno(len);
2049         goto out;
2050     }
2051
2052     if (len > *lenp) {
2053         err = nfserr_toosmall;
2054         goto out;
2055     }
2056
2057     buf = kvmalloc(len, GFP_KERNEL | GFP_NOFS);
2058     if (buf == NULL) {
2059         err = nfserr_jukebox;
2060         goto out;
2061     }
2062
2063     len = vfs_getxattr(&init_user_ns, dentry, name, buf, len);
2064     if (len <= 0) {
2065         kvfree(buf);
2066         buf = NULL;
2067         err = nfsd_xattr_errno(len);
2068     }
2069
2070     *lenp = len;
2071     *bufp = buf;
2072
2073 out:
2074     inode_unlock_shared(inode);
2075
2076     return err;
2077 }
2078
2079 /*
2080  * Retrieve the xattr names. Since we can't know how many are
2081  * user extended attributes, we must get all attributes here,
2082  * and have the XDR encode filter out the "user." ones.
2083  *
2084  * While this could always just allocate an XATTR_LIST_MAX
2085  * buffer, that's a waste, so do a probe + allocate. To
2086  * avoid any changes between the probe and allocate, wrap
2087  * this in inode_lock.
2088  */
2089 __be32
2090 nfsd_listxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char **bufp,
2091            int *lenp)
2092 {
2093     ssize_t len;
2094     __be32 err;
2095     char *buf;
2096     struct inode *inode;
2097     struct dentry *dentry;
2098
2099     err = fh_verify(rqstp, fhp, 0, NFSD_MAY_READ);
2100     if (err)
2101         return err;
2102
2103     dentry = fhp->fh_dentry;
2104     inode = d_inode(dentry);
2105     *lenp = 0;
2106
2107     inode_lock_shared(inode);
2108
2109     len = vfs_listxattr(dentry, NULL, 0);
2110     if (len <= 0) {
2111         err = nfsd_xattr_errno(len);
2112         goto out;
2113     }
2114
2115     if (len > XATTR_LIST_MAX) {
2116         err = nfserr_xattr2big;
2117         goto out;
2118     }
2119
2120     /*
2121      * We're holding i_rwsem - use GFP_NOFS.
2122      */
2123     buf = kvmalloc(len, GFP_KERNEL | GFP_NOFS);
2124     if (buf == NULL) {
2125         err = nfserr_jukebox;
2126         goto out;
2127     }
2128
2129     len = vfs_listxattr(dentry, buf, len);
2130     if (len <= 0) {
2131         kvfree(buf);
2132         err = nfsd_xattr_errno(len);
2133         goto out;
2134     }
2135
2136     *lenp = len;
2137     *bufp = buf;
2138
2139     err = nfs_ok;
2140 out:
2141     inode_unlock_shared(inode);
2142
2143     return err;
2144 }
2145
2146 /**
2147  * nfsd_removexattr - Remove an extended attribute
2148  * @rqstp: RPC transaction being executed
2149  * @fhp: NFS filehandle of object with xattr to remove
2150  * @name: name of xattr to remove (NUL-terminate)
2151  *
2152  * Pass in a NULL pointer for delegated_inode, and let the client deal
2153  * with NFS4ERR_DELAY (same as with e.g. setattr and remove).
2154  *
2155  * Returns nfs_ok on success, or an nfsstat in network byte order.
2156  */
2157 __be32
2158 nfsd_removexattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name)
2159 {
2160     __be32 err;
2161     int ret;
2162
2163     err = fh_verify(rqstp, fhp, 0, NFSD_MAY_WRITE);
2164     if (err)
2165         return err;
2166
2167     ret = fh_want_write(fhp);
2168     if (ret)
2169         return nfserrno(ret);
2170
2171     inode_lock(fhp->fh_dentry->d_inode);
2172     fh_fill_pre_attrs(fhp);
2173
2174     ret = __vfs_removexattr_locked(&init_user_ns, fhp->fh_dentry,
2175                        name, NULL);
2176
2177     fh_fill_post_attrs(fhp);
2178     inode_unlock(fhp->fh_dentry->d_inode);
2179     fh_drop_write(fhp);
2180
2181     return nfsd_xattr_errno(ret);
2182 }
2183
2184 __be32
2185 nfsd_setxattr(struct svc_rqst *rqstp, struct svc_fh *fhp, char *name,
2186           void *buf, u32 len, u32 flags)
2187 {
2188     __be32 err;
2189     int ret;
2190
2191     err = fh_verify(rqstp, fhp, 0, NFSD_MAY_WRITE);
2192     if (err)
2193         return err;
2194
2195     ret = fh_want_write(fhp);
2196     if (ret)
2197         return nfserrno(ret);
2198     inode_lock(fhp->fh_dentry->d_inode);
2199     fh_fill_pre_attrs(fhp);
2200
2201     ret = __vfs_setxattr_locked(&init_user_ns, fhp->fh_dentry, name, buf,
2202                     len, flags, NULL);
2203     fh_fill_post_attrs(fhp);
2204     inode_unlock(fhp->fh_dentry->d_inode);
2205     fh_drop_write(fhp);
2206
2207     return nfsd_xattr_errno(ret);
2208 }
2209 #endif
2210
2211 /*
2212  * Check for a user's access permissions to this inode.
2213  */
2214 __be32
2215 nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
2216                     struct dentry *dentry, int acc)
2217 {
2218     struct inode    *inode = d_inode(dentry);
2219     int     err;
2220
2221     if ((acc & NFSD_MAY_MASK) == NFSD_MAY_NOP)
2222         return 0;
2223 #if 0
2224     dprintk("nfsd: permission 0x%x%s%s%s%s%s%s%s mode 0%o%s%s%s\n",
2225         acc,
2226         (acc & NFSD_MAY_READ)?  " read"  : "",
2227         (acc & NFSD_MAY_WRITE)? " write" : "",
2228         (acc & NFSD_MAY_EXEC)?  " exec"  : "",
2229         (acc & NFSD_MAY_SATTR)? " sattr" : "",
2230         (acc & NFSD_MAY_TRUNC)? " trunc" : "",
2231         (acc & NFSD_MAY_LOCK)?  " lock"  : "",
2232         (acc & NFSD_MAY_OWNER_OVERRIDE)? " owneroverride" : "",
2233         inode->i_mode,
2234         IS_IMMUTABLE(inode)?    " immut" : "",
2235         IS_APPEND(inode)?   " append" : "",
2236         __mnt_is_readonly(exp->ex_path.mnt)?    " ro" : "");
2237     dprintk("      owner %d/%d user %d/%d\n",
2238         inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid());
2239 #endif
2240
2241     /* Normally we reject any write/sattr etc access on a read-only file
2242      * system.  But if it is IRIX doing check on write-access for a
2243      * device special file, we ignore rofs.
2244      */
2245     if (!(acc & NFSD_MAY_LOCAL_ACCESS))
2246         if (acc & (NFSD_MAY_WRITE | NFSD_MAY_SATTR | NFSD_MAY_TRUNC)) {
2247             if (exp_rdonly(rqstp, exp) ||
2248                 __mnt_is_readonly(exp->ex_path.mnt))
2249                 return nfserr_rofs;
2250             if (/* (acc & NFSD_MAY_WRITE) && */ IS_IMMUTABLE(inode))
2251                 return nfserr_perm;
2252         }
2253     if ((acc & NFSD_MAY_TRUNC) && IS_APPEND(inode))
2254         return nfserr_perm;
2255
2256     if (acc & NFSD_MAY_LOCK) {
2257         /* If we cannot rely on authentication in NLM requests,
2258          * just allow locks, otherwise require read permission, or
2259          * ownership
2260          */
2261         if (exp->ex_flags & NFSEXP_NOAUTHNLM)
2262             return 0;
2263         else
2264             acc = NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE;
2265     }
2266     /*
2267      * The file owner always gets access permission for accesses that
2268      * would normally be checked at open time. This is to make
2269      * file access work even when the client has done a fchmod(fd, 0).
2270      *
2271      * However, `cp foo bar' should fail nevertheless when bar is
2272      * readonly. A sensible way to do this might be to reject all
2273      * attempts to truncate a read-only file, because a creat() call
2274      * always implies file truncation.
2275      * ... but this isn't really fair.  A process may reasonably call
2276      * ftruncate on an open file descriptor on a file with perm 000.
2277      * We must trust the client to do permission checking - using "ACCESS"
2278      * with NFSv3.
2279      */
2280     if ((acc & NFSD_MAY_OWNER_OVERRIDE) &&
2281         uid_eq(inode->i_uid, current_fsuid()))
2282         return 0;
2283
2284     /* This assumes  NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */
2285     err = inode_permission(&init_user_ns, inode,
2286                    acc & (MAY_READ | MAY_WRITE | MAY_EXEC));
2287
2288     /* Allow read access to binaries even when mode 111 */
2289     if (err == -EACCES && S_ISREG(inode->i_mode) &&
2290          (acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE) ||
2291           acc == (NFSD_MAY_READ | NFSD_MAY_READ_IF_EXEC)))
2292         err = inode_permission(&init_user_ns, inode, MAY_EXEC);
2293
2294     return err? nfserrno(err) : 0;
2295 }