search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
accel/qaic: Add AIC200 support
[drm/drm-misc.git] / fs / nfsd / nfs4state.c
blob741b9449f727defc794347f1b116c955d715e691
1 /*
2 * Copyright (c) 2001 The Regents of the University of Michigan.
3 * All rights reserved.
4 *
5 * Kendrick Smith <kmsmith@umich.edu>
6 * Andy Adamson <kandros@umich.edu>
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the University nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
22 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
23 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
24 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 */
34
35 #include <linux/file.h>
36 #include <linux/fs.h>
37 #include <linux/slab.h>
38 #include <linux/namei.h>
39 #include <linux/swap.h>
40 #include <linux/pagemap.h>
41 #include <linux/ratelimit.h>
42 #include <linux/sunrpc/svcauth_gss.h>
43 #include <linux/sunrpc/addr.h>
44 #include <linux/jhash.h>
45 #include <linux/string_helpers.h>
46 #include <linux/fsnotify.h>
47 #include <linux/rhashtable.h>
48 #include <linux/nfs_ssc.h>
49
50 #include "xdr4.h"
51 #include "xdr4cb.h"
52 #include "vfs.h"
53 #include "current_stateid.h"
54
55 #include "netns.h"
56 #include "pnfs.h"
57 #include "filecache.h"
58 #include "trace.h"
59
60 #define NFSDDBG_FACILITY NFSDDBG_PROC
61
62 #define all_ones {{ ~0, ~0}, ~0}
63 static const stateid_t one_stateid = {
64 .si_generation = ~0,
65 .si_opaque = all_ones,
66 };
67 static const stateid_t zero_stateid = {
68 /* all fields zero */
69 };
70 static const stateid_t currentstateid = {
71 .si_generation = 1,
72 };
73 static const stateid_t close_stateid = {
74 .si_generation = 0xffffffffU,
75 };
76
77 static u64 current_sessionid = 1;
78
79 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
80 #define ONE_STATEID(stateid) (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
81 #define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))
82 #define CLOSE_STATEID(stateid) (!memcmp((stateid), &close_stateid, sizeof(stateid_t)))
83
84 /* forward declarations */
85 static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner);
86 static void nfs4_free_ol_stateid(struct nfs4_stid *stid);
87 void nfsd4_end_grace(struct nfsd_net *nn);
88 static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps);
89 static void nfsd4_file_hash_remove(struct nfs4_file *fi);
90 static void deleg_reaper(struct nfsd_net *nn);
91
92 /* Locking: */
93
94 /*
95 * Currently used for the del_recall_lru and file hash table. In an
96 * effort to decrease the scope of the client_mutex, this spinlock may
97 * eventually cover more:
98 */
99 static DEFINE_SPINLOCK(state_lock);
100
101 enum nfsd4_st_mutex_lock_subclass {
102 OPEN_STATEID_MUTEX = 0,
103 LOCK_STATEID_MUTEX = 1,
104 };
105
106 /*
107 * A waitqueue for all in-progress 4.0 CLOSE operations that are waiting for
108 * the refcount on the open stateid to drop.
109 */
110 static DECLARE_WAIT_QUEUE_HEAD(close_wq);
111
112 /*
113 * A waitqueue where a writer to clients/#/ctl destroying a client can
114 * wait for cl_rpc_users to drop to 0 and then for the client to be
115 * unhashed.
116 */
117 static DECLARE_WAIT_QUEUE_HEAD(expiry_wq);
118
119 static struct kmem_cache *client_slab;
120 static struct kmem_cache *openowner_slab;
121 static struct kmem_cache *lockowner_slab;
122 static struct kmem_cache *file_slab;
123 static struct kmem_cache *stateid_slab;
124 static struct kmem_cache *deleg_slab;
125 static struct kmem_cache *odstate_slab;
126
127 static void free_session(struct nfsd4_session *);
128
129 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops;
130 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops;
131 static const struct nfsd4_callback_ops nfsd4_cb_getattr_ops;
132
133 static struct workqueue_struct *laundry_wq;
134
135 int nfsd4_create_laundry_wq(void)
136 {
137 int rc = 0;
138
139 laundry_wq = alloc_workqueue("%s", WQ_UNBOUND, 0, "nfsd4");
140 if (laundry_wq == NULL)
141 rc = -ENOMEM;
142 return rc;
143 }
144
145 void nfsd4_destroy_laundry_wq(void)
146 {
147 destroy_workqueue(laundry_wq);
148 }
149
150 static bool is_session_dead(struct nfsd4_session *ses)
151 {
152 return ses->se_dead;
153 }
154
155 static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me)
156 {
157 if (atomic_read(&ses->se_ref) > ref_held_by_me)
158 return nfserr_jukebox;
159 ses->se_dead = true;
160 return nfs_ok;
161 }
162
163 static bool is_client_expired(struct nfs4_client *clp)
164 {
165 return clp->cl_time == 0;
166 }
167
168 static void nfsd4_dec_courtesy_client_count(struct nfsd_net *nn,
169 struct nfs4_client *clp)
170 {
171 if (clp->cl_state != NFSD4_ACTIVE)
172 atomic_add_unless(&nn->nfsd_courtesy_clients, -1, 0);
173 }
174
175 static __be32 get_client_locked(struct nfs4_client *clp)
176 {
177 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
178
179 lockdep_assert_held(&nn->client_lock);
180
181 if (is_client_expired(clp))
182 return nfserr_expired;
183 atomic_inc(&clp->cl_rpc_users);
184 nfsd4_dec_courtesy_client_count(nn, clp);
185 clp->cl_state = NFSD4_ACTIVE;
186 return nfs_ok;
187 }
188
189 /* must be called under the client_lock */
190 static inline void
191 renew_client_locked(struct nfs4_client *clp)
192 {
193 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
194
195 if (is_client_expired(clp)) {
196 WARN_ON(1);
197 printk("%s: client (clientid %08x/%08x) already expired\n",
198 __func__,
199 clp->cl_clientid.cl_boot,
200 clp->cl_clientid.cl_id);
201 return;
202 }
203
204 list_move_tail(&clp->cl_lru, &nn->client_lru);
205 clp->cl_time = ktime_get_boottime_seconds();
206 nfsd4_dec_courtesy_client_count(nn, clp);
207 clp->cl_state = NFSD4_ACTIVE;
208 }
209
210 static void put_client_renew_locked(struct nfs4_client *clp)
211 {
212 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
213
214 lockdep_assert_held(&nn->client_lock);
215
216 if (!atomic_dec_and_test(&clp->cl_rpc_users))
217 return;
218 if (!is_client_expired(clp))
219 renew_client_locked(clp);
220 else
221 wake_up_all(&expiry_wq);
222 }
223
224 static void put_client_renew(struct nfs4_client *clp)
225 {
226 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
227
228 if (!atomic_dec_and_lock(&clp->cl_rpc_users, &nn->client_lock))
229 return;
230 if (!is_client_expired(clp))
231 renew_client_locked(clp);
232 else
233 wake_up_all(&expiry_wq);
234 spin_unlock(&nn->client_lock);
235 }
236
237 static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses)
238 {
239 __be32 status;
240
241 if (is_session_dead(ses))
242 return nfserr_badsession;
243 status = get_client_locked(ses->se_client);
244 if (status)
245 return status;
246 atomic_inc(&ses->se_ref);
247 return nfs_ok;
248 }
249
250 static void nfsd4_put_session_locked(struct nfsd4_session *ses)
251 {
252 struct nfs4_client *clp = ses->se_client;
253 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
254
255 lockdep_assert_held(&nn->client_lock);
256
257 if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses))
258 free_session(ses);
259 put_client_renew_locked(clp);
260 }
261
262 static void nfsd4_put_session(struct nfsd4_session *ses)
263 {
264 struct nfs4_client *clp = ses->se_client;
265 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
266
267 spin_lock(&nn->client_lock);
268 nfsd4_put_session_locked(ses);
269 spin_unlock(&nn->client_lock);
270 }
271
272 static struct nfsd4_blocked_lock *
273 find_blocked_lock(struct nfs4_lockowner *lo, struct knfsd_fh *fh,
274 struct nfsd_net *nn)
275 {
276 struct nfsd4_blocked_lock *cur, *found = NULL;
277
278 spin_lock(&nn->blocked_locks_lock);
279 list_for_each_entry(cur, &lo->lo_blocked, nbl_list) {
280 if (fh_match(fh, &cur->nbl_fh)) {
281 list_del_init(&cur->nbl_list);
282 WARN_ON(list_empty(&cur->nbl_lru));
283 list_del_init(&cur->nbl_lru);
284 found = cur;
285 break;
286 }
287 }
288 spin_unlock(&nn->blocked_locks_lock);
289 if (found)
290 locks_delete_block(&found->nbl_lock);
291 return found;
292 }
293
294 static struct nfsd4_blocked_lock *
295 find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh,
296 struct nfsd_net *nn)
297 {
298 struct nfsd4_blocked_lock *nbl;
299
300 nbl = find_blocked_lock(lo, fh, nn);
301 if (!nbl) {
302 nbl = kmalloc(sizeof(*nbl), GFP_KERNEL);
303 if (nbl) {
304 INIT_LIST_HEAD(&nbl->nbl_list);
305 INIT_LIST_HEAD(&nbl->nbl_lru);
306 fh_copy_shallow(&nbl->nbl_fh, fh);
307 locks_init_lock(&nbl->nbl_lock);
308 kref_init(&nbl->nbl_kref);
309 nfsd4_init_cb(&nbl->nbl_cb, lo->lo_owner.so_client,
310 &nfsd4_cb_notify_lock_ops,
311 NFSPROC4_CLNT_CB_NOTIFY_LOCK);
312 }
313 }
314 return nbl;
315 }
316
317 static void
318 free_nbl(struct kref *kref)
319 {
320 struct nfsd4_blocked_lock *nbl;
321
322 nbl = container_of(kref, struct nfsd4_blocked_lock, nbl_kref);
323 locks_release_private(&nbl->nbl_lock);
324 kfree(nbl);
325 }
326
327 static void
328 free_blocked_lock(struct nfsd4_blocked_lock *nbl)
329 {
330 locks_delete_block(&nbl->nbl_lock);
331 kref_put(&nbl->nbl_kref, free_nbl);
332 }
333
334 static void
335 remove_blocked_locks(struct nfs4_lockowner *lo)
336 {
337 struct nfs4_client *clp = lo->lo_owner.so_client;
338 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
339 struct nfsd4_blocked_lock *nbl;
340 LIST_HEAD(reaplist);
341
342 /* Dequeue all blocked locks */
343 spin_lock(&nn->blocked_locks_lock);
344 while (!list_empty(&lo->lo_blocked)) {
345 nbl = list_first_entry(&lo->lo_blocked,
346 struct nfsd4_blocked_lock,
347 nbl_list);
348 list_del_init(&nbl->nbl_list);
349 WARN_ON(list_empty(&nbl->nbl_lru));
350 list_move(&nbl->nbl_lru, &reaplist);
351 }
352 spin_unlock(&nn->blocked_locks_lock);
353
354 /* Now free them */
355 while (!list_empty(&reaplist)) {
356 nbl = list_first_entry(&reaplist, struct nfsd4_blocked_lock,
357 nbl_lru);
358 list_del_init(&nbl->nbl_lru);
359 free_blocked_lock(nbl);
360 }
361 }
362
363 static void
364 nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb)
365 {
366 struct nfsd4_blocked_lock *nbl = container_of(cb,
367 struct nfsd4_blocked_lock, nbl_cb);
368 locks_delete_block(&nbl->nbl_lock);
369 }
370
371 static int
372 nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task)
373 {
374 trace_nfsd_cb_notify_lock_done(&zero_stateid, task);
375
376 /*
377 * Since this is just an optimization, we don't try very hard if it
378 * turns out not to succeed. We'll requeue it on NFS4ERR_DELAY, and
379 * just quit trying on anything else.
380 */
381 switch (task->tk_status) {
382 case -NFS4ERR_DELAY:
383 rpc_delay(task, 1 * HZ);
384 return 0;
385 default:
386 return 1;
387 }
388 }
389
390 static void
391 nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb)
392 {
393 struct nfsd4_blocked_lock *nbl = container_of(cb,
394 struct nfsd4_blocked_lock, nbl_cb);
395
396 free_blocked_lock(nbl);
397 }
398
399 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = {
400 .prepare = nfsd4_cb_notify_lock_prepare,
401 .done = nfsd4_cb_notify_lock_done,
402 .release = nfsd4_cb_notify_lock_release,
403 .opcode = OP_CB_NOTIFY_LOCK,
404 };
405
406 /*
407 * We store the NONE, READ, WRITE, and BOTH bits separately in the
408 * st_{access,deny}_bmap field of the stateid, in order to track not
409 * only what share bits are currently in force, but also what
410 * combinations of share bits previous opens have used. This allows us
411 * to enforce the recommendation in
412 * https://datatracker.ietf.org/doc/html/rfc7530#section-16.19.4 that
413 * the server return an error if the client attempt to downgrade to a
414 * combination of share bits not explicable by closing some of its
415 * previous opens.
416 *
417 * This enforcement is arguably incomplete, since we don't keep
418 * track of access/deny bit combinations; so, e.g., we allow:
419 *
420 * OPEN allow read, deny write
421 * OPEN allow both, deny none
422 * DOWNGRADE allow read, deny none
423 *
424 * which we should reject.
425 *
426 * But you could also argue that our current code is already overkill,
427 * since it only exists to return NFS4ERR_INVAL on incorrect client
428 * behavior.
429 */
430 static unsigned int
431 bmap_to_share_mode(unsigned long bmap)
432 {
433 int i;
434 unsigned int access = 0;
435
436 for (i = 1; i < 4; i++) {
437 if (test_bit(i, &bmap))
438 access |= i;
439 }
440 return access;
441 }
442
443 /* set share access for a given stateid */
444 static inline void
445 set_access(u32 access, struct nfs4_ol_stateid *stp)
446 {
447 unsigned char mask = 1 << access;
448
449 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH);
450 stp->st_access_bmap |= mask;
451 }
452
453 /* clear share access for a given stateid */
454 static inline void
455 clear_access(u32 access, struct nfs4_ol_stateid *stp)
456 {
457 unsigned char mask = 1 << access;
458
459 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH);
460 stp->st_access_bmap &= ~mask;
461 }
462
463 /* test whether a given stateid has access */
464 static inline bool
465 test_access(u32 access, struct nfs4_ol_stateid *stp)
466 {
467 unsigned char mask = 1 << access;
468
469 return (bool)(stp->st_access_bmap & mask);
470 }
471
472 /* set share deny for a given stateid */
473 static inline void
474 set_deny(u32 deny, struct nfs4_ol_stateid *stp)
475 {
476 unsigned char mask = 1 << deny;
477
478 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH);
479 stp->st_deny_bmap |= mask;
480 }
481
482 /* clear share deny for a given stateid */
483 static inline void
484 clear_deny(u32 deny, struct nfs4_ol_stateid *stp)
485 {
486 unsigned char mask = 1 << deny;
487
488 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH);
489 stp->st_deny_bmap &= ~mask;
490 }
491
492 /* test whether a given stateid is denying specific access */
493 static inline bool
494 test_deny(u32 deny, struct nfs4_ol_stateid *stp)
495 {
496 unsigned char mask = 1 << deny;
497
498 return (bool)(stp->st_deny_bmap & mask);
499 }
500
501 static int nfs4_access_to_omode(u32 access)
502 {
503 switch (access & NFS4_SHARE_ACCESS_BOTH) {
504 case NFS4_SHARE_ACCESS_READ:
505 return O_RDONLY;
506 case NFS4_SHARE_ACCESS_WRITE:
507 return O_WRONLY;
508 case NFS4_SHARE_ACCESS_BOTH:
509 return O_RDWR;
510 }
511 WARN_ON_ONCE(1);
512 return O_RDONLY;
513 }
514
515 static inline int
516 access_permit_read(struct nfs4_ol_stateid *stp)
517 {
518 return test_access(NFS4_SHARE_ACCESS_READ, stp) ||
519 test_access(NFS4_SHARE_ACCESS_BOTH, stp) ||
520 test_access(NFS4_SHARE_ACCESS_WRITE, stp);
521 }
522
523 static inline int
524 access_permit_write(struct nfs4_ol_stateid *stp)
525 {
526 return test_access(NFS4_SHARE_ACCESS_WRITE, stp) ||
527 test_access(NFS4_SHARE_ACCESS_BOTH, stp);
528 }
529
530 static inline struct nfs4_stateowner *
531 nfs4_get_stateowner(struct nfs4_stateowner *sop)
532 {
533 atomic_inc(&sop->so_count);
534 return sop;
535 }
536
537 static int
538 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner)
539 {
540 return (sop->so_owner.len == owner->len) &&
541 0 == memcmp(sop->so_owner.data, owner->data, owner->len);
542 }
543
544 static struct nfs4_openowner *
545 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open,
546 struct nfs4_client *clp)
547 {
548 struct nfs4_stateowner *so;
549
550 lockdep_assert_held(&clp->cl_lock);
551
552 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[hashval],
553 so_strhash) {
554 if (!so->so_is_open_owner)
555 continue;
556 if (same_owner_str(so, &open->op_owner))
557 return openowner(nfs4_get_stateowner(so));
558 }
559 return NULL;
560 }
561
562 static inline u32
563 opaque_hashval(const void *ptr, int nbytes)
564 {
565 unsigned char *cptr = (unsigned char *) ptr;
566
567 u32 x = 0;
568 while (nbytes--) {
569 x *= 37;
570 x += *cptr++;
571 }
572 return x;
573 }
574
575 void
576 put_nfs4_file(struct nfs4_file *fi)
577 {
578 if (refcount_dec_and_test(&fi->fi_ref)) {
579 nfsd4_file_hash_remove(fi);
580 WARN_ON_ONCE(!list_empty(&fi->fi_clnt_odstate));
581 WARN_ON_ONCE(!list_empty(&fi->fi_delegations));
582 kfree_rcu(fi, fi_rcu);
583 }
584 }
585
586 static struct nfsd_file *
587 find_writeable_file_locked(struct nfs4_file *f)
588 {
589 struct nfsd_file *ret;
590
591 lockdep_assert_held(&f->fi_lock);
592
593 ret = nfsd_file_get(f->fi_fds[O_WRONLY]);
594 if (!ret)
595 ret = nfsd_file_get(f->fi_fds[O_RDWR]);
596 return ret;
597 }
598
599 static struct nfsd_file *
600 find_writeable_file(struct nfs4_file *f)
601 {
602 struct nfsd_file *ret;
603
604 spin_lock(&f->fi_lock);
605 ret = find_writeable_file_locked(f);
606 spin_unlock(&f->fi_lock);
607
608 return ret;
609 }
610
611 static struct nfsd_file *
612 find_readable_file_locked(struct nfs4_file *f)
613 {
614 struct nfsd_file *ret;
615
616 lockdep_assert_held(&f->fi_lock);
617
618 ret = nfsd_file_get(f->fi_fds[O_RDONLY]);
619 if (!ret)
620 ret = nfsd_file_get(f->fi_fds[O_RDWR]);
621 return ret;
622 }
623
624 static struct nfsd_file *
625 find_readable_file(struct nfs4_file *f)
626 {
627 struct nfsd_file *ret;
628
629 spin_lock(&f->fi_lock);
630 ret = find_readable_file_locked(f);
631 spin_unlock(&f->fi_lock);
632
633 return ret;
634 }
635
636 static struct nfsd_file *
637 find_rw_file(struct nfs4_file *f)
638 {
639 struct nfsd_file *ret;
640
641 spin_lock(&f->fi_lock);
642 ret = nfsd_file_get(f->fi_fds[O_RDWR]);
643 spin_unlock(&f->fi_lock);
644
645 return ret;
646 }
647
648 struct nfsd_file *
649 find_any_file(struct nfs4_file *f)
650 {
651 struct nfsd_file *ret;
652
653 if (!f)
654 return NULL;
655 spin_lock(&f->fi_lock);
656 ret = nfsd_file_get(f->fi_fds[O_RDWR]);
657 if (!ret) {
658 ret = nfsd_file_get(f->fi_fds[O_WRONLY]);
659 if (!ret)
660 ret = nfsd_file_get(f->fi_fds[O_RDONLY]);
661 }
662 spin_unlock(&f->fi_lock);
663 return ret;
664 }
665
666 static struct nfsd_file *find_any_file_locked(struct nfs4_file *f)
667 {
668 lockdep_assert_held(&f->fi_lock);
669
670 if (f->fi_fds[O_RDWR])
671 return f->fi_fds[O_RDWR];
672 if (f->fi_fds[O_WRONLY])
673 return f->fi_fds[O_WRONLY];
674 if (f->fi_fds[O_RDONLY])
675 return f->fi_fds[O_RDONLY];
676 return NULL;
677 }
678
679 static atomic_long_t num_delegations;
680 unsigned long max_delegations;
681
682 /*
683 * Open owner state (share locks)
684 */
685
686 /* hash tables for lock and open owners */
687 #define OWNER_HASH_BITS 8
688 #define OWNER_HASH_SIZE (1 << OWNER_HASH_BITS)
689 #define OWNER_HASH_MASK (OWNER_HASH_SIZE - 1)
690
691 static unsigned int ownerstr_hashval(struct xdr_netobj *ownername)
692 {
693 unsigned int ret;
694
695 ret = opaque_hashval(ownername->data, ownername->len);
696 return ret & OWNER_HASH_MASK;
697 }
698
699 static struct rhltable nfs4_file_rhltable ____cacheline_aligned_in_smp;
700
701 static const struct rhashtable_params nfs4_file_rhash_params = {
702 .key_len = sizeof_field(struct nfs4_file, fi_inode),
703 .key_offset = offsetof(struct nfs4_file, fi_inode),
704 .head_offset = offsetof(struct nfs4_file, fi_rlist),
705
706 /*
707 * Start with a single page hash table to reduce resizing churn
708 * on light workloads.
709 */
710 .min_size = 256,
711 .automatic_shrinking = true,
712 };
713
714 /*
715 * Check if courtesy clients have conflicting access and resolve it if possible
716 *
717 * access: is op_share_access if share_access is true.
718 * Check if access mode, op_share_access, would conflict with
719 * the current deny mode of the file 'fp'.
720 * access: is op_share_deny if share_access is false.
721 * Check if the deny mode, op_share_deny, would conflict with
722 * current access of the file 'fp'.
723 * stp: skip checking this entry.
724 * new_stp: normal open, not open upgrade.
725 *
726 * Function returns:
727 * false - access/deny mode conflict with normal client.
728 * true - no conflict or conflict with courtesy client(s) is resolved.
729 */
730 static bool
731 nfs4_resolve_deny_conflicts_locked(struct nfs4_file *fp, bool new_stp,
732 struct nfs4_ol_stateid *stp, u32 access, bool share_access)
733 {
734 struct nfs4_ol_stateid *st;
735 bool resolvable = true;
736 unsigned char bmap;
737 struct nfsd_net *nn;
738 struct nfs4_client *clp;
739
740 lockdep_assert_held(&fp->fi_lock);
741 list_for_each_entry(st, &fp->fi_stateids, st_perfile) {
742 /* ignore lock stateid */
743 if (st->st_openstp)
744 continue;
745 if (st == stp && new_stp)
746 continue;
747 /* check file access against deny mode or vice versa */
748 bmap = share_access ? st->st_deny_bmap : st->st_access_bmap;
749 if (!(access & bmap_to_share_mode(bmap)))
750 continue;
751 clp = st->st_stid.sc_client;
752 if (try_to_expire_client(clp))
753 continue;
754 resolvable = false;
755 break;
756 }
757 if (resolvable) {
758 clp = stp->st_stid.sc_client;
759 nn = net_generic(clp->net, nfsd_net_id);
760 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0);
761 }
762 return resolvable;
763 }
764
765 static void
766 __nfs4_file_get_access(struct nfs4_file *fp, u32 access)
767 {
768 lockdep_assert_held(&fp->fi_lock);
769
770 if (access & NFS4_SHARE_ACCESS_WRITE)
771 atomic_inc(&fp->fi_access[O_WRONLY]);
772 if (access & NFS4_SHARE_ACCESS_READ)
773 atomic_inc(&fp->fi_access[O_RDONLY]);
774 }
775
776 static __be32
777 nfs4_file_get_access(struct nfs4_file *fp, u32 access)
778 {
779 lockdep_assert_held(&fp->fi_lock);
780
781 /* Does this access mode make sense? */
782 if (access & ~NFS4_SHARE_ACCESS_BOTH)
783 return nfserr_inval;
784
785 /* Does it conflict with a deny mode already set? */
786 if ((access & fp->fi_share_deny) != 0)
787 return nfserr_share_denied;
788
789 __nfs4_file_get_access(fp, access);
790 return nfs_ok;
791 }
792
793 static __be32 nfs4_file_check_deny(struct nfs4_file *fp, u32 deny)
794 {
795 /* Common case is that there is no deny mode. */
796 if (deny) {
797 /* Does this deny mode make sense? */
798 if (deny & ~NFS4_SHARE_DENY_BOTH)
799 return nfserr_inval;
800
801 if ((deny & NFS4_SHARE_DENY_READ) &&
802 atomic_read(&fp->fi_access[O_RDONLY]))
803 return nfserr_share_denied;
804
805 if ((deny & NFS4_SHARE_DENY_WRITE) &&
806 atomic_read(&fp->fi_access[O_WRONLY]))
807 return nfserr_share_denied;
808 }
809 return nfs_ok;
810 }
811
812 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
813 {
814 might_lock(&fp->fi_lock);
815
816 if (atomic_dec_and_lock(&fp->fi_access[oflag], &fp->fi_lock)) {
817 struct nfsd_file *f1 = NULL;
818 struct nfsd_file *f2 = NULL;
819
820 swap(f1, fp->fi_fds[oflag]);
821 if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
822 swap(f2, fp->fi_fds[O_RDWR]);
823 spin_unlock(&fp->fi_lock);
824 if (f1)
825 nfsd_file_put(f1);
826 if (f2)
827 nfsd_file_put(f2);
828 }
829 }
830
831 static void nfs4_file_put_access(struct nfs4_file *fp, u32 access)
832 {
833 WARN_ON_ONCE(access & ~NFS4_SHARE_ACCESS_BOTH);
834
835 if (access & NFS4_SHARE_ACCESS_WRITE)
836 __nfs4_file_put_access(fp, O_WRONLY);
837 if (access & NFS4_SHARE_ACCESS_READ)
838 __nfs4_file_put_access(fp, O_RDONLY);
839 }
840
841 /*
842 * Allocate a new open/delegation state counter. This is needed for
843 * pNFS for proper return on close semantics.
844 *
845 * Note that we only allocate it for pNFS-enabled exports, otherwise
846 * all pointers to struct nfs4_clnt_odstate are always NULL.
847 */
848 static struct nfs4_clnt_odstate *
849 alloc_clnt_odstate(struct nfs4_client *clp)
850 {
851 struct nfs4_clnt_odstate *co;
852
853 co = kmem_cache_zalloc(odstate_slab, GFP_KERNEL);
854 if (co) {
855 co->co_client = clp;
856 refcount_set(&co->co_odcount, 1);
857 }
858 return co;
859 }
860
861 static void
862 hash_clnt_odstate_locked(struct nfs4_clnt_odstate *co)
863 {
864 struct nfs4_file *fp = co->co_file;
865
866 lockdep_assert_held(&fp->fi_lock);
867 list_add(&co->co_perfile, &fp->fi_clnt_odstate);
868 }
869
870 static inline void
871 get_clnt_odstate(struct nfs4_clnt_odstate *co)
872 {
873 if (co)
874 refcount_inc(&co->co_odcount);
875 }
876
877 static void
878 put_clnt_odstate(struct nfs4_clnt_odstate *co)
879 {
880 struct nfs4_file *fp;
881
882 if (!co)
883 return;
884
885 fp = co->co_file;
886 if (refcount_dec_and_lock(&co->co_odcount, &fp->fi_lock)) {
887 list_del(&co->co_perfile);
888 spin_unlock(&fp->fi_lock);
889
890 nfsd4_return_all_file_layouts(co->co_client, fp);
891 kmem_cache_free(odstate_slab, co);
892 }
893 }
894
895 static struct nfs4_clnt_odstate *
896 find_or_hash_clnt_odstate(struct nfs4_file *fp, struct nfs4_clnt_odstate *new)
897 {
898 struct nfs4_clnt_odstate *co;
899 struct nfs4_client *cl;
900
901 if (!new)
902 return NULL;
903
904 cl = new->co_client;
905
906 spin_lock(&fp->fi_lock);
907 list_for_each_entry(co, &fp->fi_clnt_odstate, co_perfile) {
908 if (co->co_client == cl) {
909 get_clnt_odstate(co);
910 goto out;
911 }
912 }
913 co = new;
914 co->co_file = fp;
915 hash_clnt_odstate_locked(new);
916 out:
917 spin_unlock(&fp->fi_lock);
918 return co;
919 }
920
921 struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct kmem_cache *slab,
922 void (*sc_free)(struct nfs4_stid *))
923 {
924 struct nfs4_stid *stid;
925 int new_id;
926
927 stid = kmem_cache_zalloc(slab, GFP_KERNEL);
928 if (!stid)
929 return NULL;
930
931 idr_preload(GFP_KERNEL);
932 spin_lock(&cl->cl_lock);
933 /* Reserving 0 for start of file in nfsdfs "states" file: */
934 new_id = idr_alloc_cyclic(&cl->cl_stateids, stid, 1, 0, GFP_NOWAIT);
935 spin_unlock(&cl->cl_lock);
936 idr_preload_end();
937 if (new_id < 0)
938 goto out_free;
939
940 stid->sc_free = sc_free;
941 stid->sc_client = cl;
942 stid->sc_stateid.si_opaque.so_id = new_id;
943 stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid;
944 /* Will be incremented before return to client: */
945 refcount_set(&stid->sc_count, 1);
946 spin_lock_init(&stid->sc_lock);
947 INIT_LIST_HEAD(&stid->sc_cp_list);
948
949 /*
950 * It shouldn't be a problem to reuse an opaque stateid value.
951 * I don't think it is for 4.1. But with 4.0 I worry that, for
952 * example, a stray write retransmission could be accepted by
953 * the server when it should have been rejected. Therefore,
954 * adopt a trick from the sctp code to attempt to maximize the
955 * amount of time until an id is reused, by ensuring they always
956 * "increase" (mod INT_MAX):
957 */
958 return stid;
959 out_free:
960 kmem_cache_free(slab, stid);
961 return NULL;
962 }
963
964 /*
965 * Create a unique stateid_t to represent each COPY.
966 */
967 static int nfs4_init_cp_state(struct nfsd_net *nn, copy_stateid_t *stid,
968 unsigned char cs_type)
969 {
970 int new_id;
971
972 stid->cs_stid.si_opaque.so_clid.cl_boot = (u32)nn->boot_time;
973 stid->cs_stid.si_opaque.so_clid.cl_id = nn->s2s_cp_cl_id;
974
975 idr_preload(GFP_KERNEL);
976 spin_lock(&nn->s2s_cp_lock);
977 new_id = idr_alloc_cyclic(&nn->s2s_cp_stateids, stid, 0, 0, GFP_NOWAIT);
978 stid->cs_stid.si_opaque.so_id = new_id;
979 stid->cs_stid.si_generation = 1;
980 spin_unlock(&nn->s2s_cp_lock);
981 idr_preload_end();
982 if (new_id < 0)
983 return 0;
984 stid->cs_type = cs_type;
985 return 1;
986 }
987
988 int nfs4_init_copy_state(struct nfsd_net *nn, struct nfsd4_copy *copy)
989 {
990 return nfs4_init_cp_state(nn, &copy->cp_stateid, NFS4_COPY_STID);
991 }
992
993 struct nfs4_cpntf_state *nfs4_alloc_init_cpntf_state(struct nfsd_net *nn,
994 struct nfs4_stid *p_stid)
995 {
996 struct nfs4_cpntf_state *cps;
997
998 cps = kzalloc(sizeof(struct nfs4_cpntf_state), GFP_KERNEL);
999 if (!cps)
1000 return NULL;
1001 cps->cpntf_time = ktime_get_boottime_seconds();
1002 refcount_set(&cps->cp_stateid.cs_count, 1);
1003 if (!nfs4_init_cp_state(nn, &cps->cp_stateid, NFS4_COPYNOTIFY_STID))
1004 goto out_free;
1005 spin_lock(&nn->s2s_cp_lock);
1006 list_add(&cps->cp_list, &p_stid->sc_cp_list);
1007 spin_unlock(&nn->s2s_cp_lock);
1008 return cps;
1009 out_free:
1010 kfree(cps);
1011 return NULL;
1012 }
1013
1014 void nfs4_free_copy_state(struct nfsd4_copy *copy)
1015 {
1016 struct nfsd_net *nn;
1017
1018 if (copy->cp_stateid.cs_type != NFS4_COPY_STID)
1019 return;
1020 nn = net_generic(copy->cp_clp->net, nfsd_net_id);
1021 spin_lock(&nn->s2s_cp_lock);
1022 idr_remove(&nn->s2s_cp_stateids,
1023 copy->cp_stateid.cs_stid.si_opaque.so_id);
1024 spin_unlock(&nn->s2s_cp_lock);
1025 }
1026
1027 static void nfs4_free_cpntf_statelist(struct net *net, struct nfs4_stid *stid)
1028 {
1029 struct nfs4_cpntf_state *cps;
1030 struct nfsd_net *nn;
1031
1032 nn = net_generic(net, nfsd_net_id);
1033 spin_lock(&nn->s2s_cp_lock);
1034 while (!list_empty(&stid->sc_cp_list)) {
1035 cps = list_first_entry(&stid->sc_cp_list,
1036 struct nfs4_cpntf_state, cp_list);
1037 _free_cpntf_state_locked(nn, cps);
1038 }
1039 spin_unlock(&nn->s2s_cp_lock);
1040 }
1041
1042 static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp)
1043 {
1044 struct nfs4_stid *stid;
1045
1046 stid = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_ol_stateid);
1047 if (!stid)
1048 return NULL;
1049
1050 return openlockstateid(stid);
1051 }
1052
1053 static void nfs4_free_deleg(struct nfs4_stid *stid)
1054 {
1055 struct nfs4_delegation *dp = delegstateid(stid);
1056
1057 WARN_ON_ONCE(!list_empty(&stid->sc_cp_list));
1058 WARN_ON_ONCE(!list_empty(&dp->dl_perfile));
1059 WARN_ON_ONCE(!list_empty(&dp->dl_perclnt));
1060 WARN_ON_ONCE(!list_empty(&dp->dl_recall_lru));
1061 kmem_cache_free(deleg_slab, stid);
1062 atomic_long_dec(&num_delegations);
1063 }
1064
1065 /*
1066 * When we recall a delegation, we should be careful not to hand it
1067 * out again straight away.
1068 * To ensure this we keep a pair of bloom filters ('new' and 'old')
1069 * in which the filehandles of recalled delegations are "stored".
1070 * If a filehandle appear in either filter, a delegation is blocked.
1071 * When a delegation is recalled, the filehandle is stored in the "new"
1072 * filter.
1073 * Every 30 seconds we swap the filters and clear the "new" one,
1074 * unless both are empty of course. This results in delegations for a
1075 * given filehandle being blocked for between 30 and 60 seconds.
1076 *
1077 * Each filter is 256 bits. We hash the filehandle to 32bit and use the
1078 * low 3 bytes as hash-table indices.
1079 *
1080 * 'blocked_delegations_lock', which is always taken in block_delegations(),
1081 * is used to manage concurrent access. Testing does not need the lock
1082 * except when swapping the two filters.
1083 */
1084 static DEFINE_SPINLOCK(blocked_delegations_lock);
1085 static struct bloom_pair {
1086 int entries, old_entries;
1087 time64_t swap_time;
1088 int new; /* index into 'set' */
1089 DECLARE_BITMAP(set[2], 256);
1090 } blocked_delegations;
1091
1092 static int delegation_blocked(struct knfsd_fh *fh)
1093 {
1094 u32 hash;
1095 struct bloom_pair *bd = &blocked_delegations;
1096
1097 if (bd->entries == 0)
1098 return 0;
1099 if (ktime_get_seconds() - bd->swap_time > 30) {
1100 spin_lock(&blocked_delegations_lock);
1101 if (ktime_get_seconds() - bd->swap_time > 30) {
1102 bd->entries -= bd->old_entries;
1103 bd->old_entries = bd->entries;
1104 bd->new = 1-bd->new;
1105 memset(bd->set[bd->new], 0,
1106 sizeof(bd->set[0]));
1107 bd->swap_time = ktime_get_seconds();
1108 }
1109 spin_unlock(&blocked_delegations_lock);
1110 }
1111 hash = jhash(&fh->fh_raw, fh->fh_size, 0);
1112 if (test_bit(hash&255, bd->set[0]) &&
1113 test_bit((hash>>8)&255, bd->set[0]) &&
1114 test_bit((hash>>16)&255, bd->set[0]))
1115 return 1;
1116
1117 if (test_bit(hash&255, bd->set[1]) &&
1118 test_bit((hash>>8)&255, bd->set[1]) &&
1119 test_bit((hash>>16)&255, bd->set[1]))
1120 return 1;
1121
1122 return 0;
1123 }
1124
1125 static void block_delegations(struct knfsd_fh *fh)
1126 {
1127 u32 hash;
1128 struct bloom_pair *bd = &blocked_delegations;
1129
1130 hash = jhash(&fh->fh_raw, fh->fh_size, 0);
1131
1132 spin_lock(&blocked_delegations_lock);
1133 __set_bit(hash&255, bd->set[bd->new]);
1134 __set_bit((hash>>8)&255, bd->set[bd->new]);
1135 __set_bit((hash>>16)&255, bd->set[bd->new]);
1136 if (bd->entries == 0)
1137 bd->swap_time = ktime_get_seconds();
1138 bd->entries += 1;
1139 spin_unlock(&blocked_delegations_lock);
1140 }
1141
1142 static struct nfs4_delegation *
1143 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_file *fp,
1144 struct nfs4_clnt_odstate *odstate, u32 dl_type)
1145 {
1146 struct nfs4_delegation *dp;
1147 struct nfs4_stid *stid;
1148 long n;
1149
1150 dprintk("NFSD alloc_init_deleg\n");
1151 n = atomic_long_inc_return(&num_delegations);
1152 if (n < 0 || n > max_delegations)
1153 goto out_dec;
1154 if (delegation_blocked(&fp->fi_fhandle))
1155 goto out_dec;
1156 stid = nfs4_alloc_stid(clp, deleg_slab, nfs4_free_deleg);
1157 if (stid == NULL)
1158 goto out_dec;
1159 dp = delegstateid(stid);
1160
1161 /*
1162 * delegation seqid's are never incremented. The 4.1 special
1163 * meaning of seqid 0 isn't meaningful, really, but let's avoid
1164 * 0 anyway just for consistency and use 1:
1165 */
1166 dp->dl_stid.sc_stateid.si_generation = 1;
1167 INIT_LIST_HEAD(&dp->dl_perfile);
1168 INIT_LIST_HEAD(&dp->dl_perclnt);
1169 INIT_LIST_HEAD(&dp->dl_recall_lru);
1170 dp->dl_clnt_odstate = odstate;
1171 get_clnt_odstate(odstate);
1172 dp->dl_type = dl_type;
1173 dp->dl_retries = 1;
1174 dp->dl_recalled = false;
1175 nfsd4_init_cb(&dp->dl_recall, dp->dl_stid.sc_client,
1176 &nfsd4_cb_recall_ops, NFSPROC4_CLNT_CB_RECALL);
1177 nfsd4_init_cb(&dp->dl_cb_fattr.ncf_getattr, dp->dl_stid.sc_client,
1178 &nfsd4_cb_getattr_ops, NFSPROC4_CLNT_CB_GETATTR);
1179 dp->dl_cb_fattr.ncf_file_modified = false;
1180 get_nfs4_file(fp);
1181 dp->dl_stid.sc_file = fp;
1182 return dp;
1183 out_dec:
1184 atomic_long_dec(&num_delegations);
1185 return NULL;
1186 }
1187
1188 void
1189 nfs4_put_stid(struct nfs4_stid *s)
1190 {
1191 struct nfs4_file *fp = s->sc_file;
1192 struct nfs4_client *clp = s->sc_client;
1193
1194 might_lock(&clp->cl_lock);
1195
1196 if (!refcount_dec_and_lock(&s->sc_count, &clp->cl_lock)) {
1197 wake_up_all(&close_wq);
1198 return;
1199 }
1200 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id);
1201 if (s->sc_status & SC_STATUS_ADMIN_REVOKED)
1202 atomic_dec(&s->sc_client->cl_admin_revoked);
1203 nfs4_free_cpntf_statelist(clp->net, s);
1204 spin_unlock(&clp->cl_lock);
1205 s->sc_free(s);
1206 if (fp)
1207 put_nfs4_file(fp);
1208 }
1209
1210 void
1211 nfs4_inc_and_copy_stateid(stateid_t *dst, struct nfs4_stid *stid)
1212 {
1213 stateid_t *src = &stid->sc_stateid;
1214
1215 spin_lock(&stid->sc_lock);
1216 if (unlikely(++src->si_generation == 0))
1217 src->si_generation = 1;
1218 memcpy(dst, src, sizeof(*dst));
1219 spin_unlock(&stid->sc_lock);
1220 }
1221
1222 static void put_deleg_file(struct nfs4_file *fp)
1223 {
1224 struct nfsd_file *nf = NULL;
1225
1226 spin_lock(&fp->fi_lock);
1227 if (--fp->fi_delegees == 0)
1228 swap(nf, fp->fi_deleg_file);
1229 spin_unlock(&fp->fi_lock);
1230
1231 if (nf)
1232 nfsd_file_put(nf);
1233 }
1234
1235 static void nfs4_unlock_deleg_lease(struct nfs4_delegation *dp)
1236 {
1237 struct nfs4_file *fp = dp->dl_stid.sc_file;
1238 struct nfsd_file *nf = fp->fi_deleg_file;
1239
1240 WARN_ON_ONCE(!fp->fi_delegees);
1241
1242 kernel_setlease(nf->nf_file, F_UNLCK, NULL, (void **)&dp);
1243 put_deleg_file(fp);
1244 }
1245
1246 static void destroy_unhashed_deleg(struct nfs4_delegation *dp)
1247 {
1248 put_clnt_odstate(dp->dl_clnt_odstate);
1249 nfs4_unlock_deleg_lease(dp);
1250 nfs4_put_stid(&dp->dl_stid);
1251 }
1252
1253 /**
1254 * nfs4_delegation_exists - Discover if this delegation already exists
1255 * @clp: a pointer to the nfs4_client we're granting a delegation to
1256 * @fp: a pointer to the nfs4_file we're granting a delegation on
1257 *
1258 * Return:
1259 * On success: true iff an existing delegation is found
1260 */
1261
1262 static bool
1263 nfs4_delegation_exists(struct nfs4_client *clp, struct nfs4_file *fp)
1264 {
1265 struct nfs4_delegation *searchdp = NULL;
1266 struct nfs4_client *searchclp = NULL;
1267
1268 lockdep_assert_held(&state_lock);
1269 lockdep_assert_held(&fp->fi_lock);
1270
1271 list_for_each_entry(searchdp, &fp->fi_delegations, dl_perfile) {
1272 searchclp = searchdp->dl_stid.sc_client;
1273 if (clp == searchclp) {
1274 return true;
1275 }
1276 }
1277 return false;
1278 }
1279
1280 /**
1281 * hash_delegation_locked - Add a delegation to the appropriate lists
1282 * @dp: a pointer to the nfs4_delegation we are adding.
1283 * @fp: a pointer to the nfs4_file we're granting a delegation on
1284 *
1285 * Return:
1286 * On success: NULL if the delegation was successfully hashed.
1287 *
1288 * On error: -EAGAIN if one was previously granted to this
1289 * nfs4_client for this nfs4_file. Delegation is not hashed.
1290 *
1291 */
1292
1293 static int
1294 hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp)
1295 {
1296 struct nfs4_client *clp = dp->dl_stid.sc_client;
1297
1298 lockdep_assert_held(&state_lock);
1299 lockdep_assert_held(&fp->fi_lock);
1300 lockdep_assert_held(&clp->cl_lock);
1301
1302 if (nfs4_delegation_exists(clp, fp))
1303 return -EAGAIN;
1304 refcount_inc(&dp->dl_stid.sc_count);
1305 dp->dl_stid.sc_type = SC_TYPE_DELEG;
1306 list_add(&dp->dl_perfile, &fp->fi_delegations);
1307 list_add(&dp->dl_perclnt, &clp->cl_delegations);
1308 return 0;
1309 }
1310
1311 static bool delegation_hashed(struct nfs4_delegation *dp)
1312 {
1313 return !(list_empty(&dp->dl_perfile));
1314 }
1315
1316 static bool
1317 unhash_delegation_locked(struct nfs4_delegation *dp, unsigned short statusmask)
1318 {
1319 struct nfs4_file *fp = dp->dl_stid.sc_file;
1320
1321 lockdep_assert_held(&state_lock);
1322
1323 if (!delegation_hashed(dp))
1324 return false;
1325
1326 if (statusmask == SC_STATUS_REVOKED &&
1327 dp->dl_stid.sc_client->cl_minorversion == 0)
1328 statusmask = SC_STATUS_CLOSED;
1329 dp->dl_stid.sc_status |= statusmask;
1330 if (statusmask & SC_STATUS_ADMIN_REVOKED)
1331 atomic_inc(&dp->dl_stid.sc_client->cl_admin_revoked);
1332
1333 /* Ensure that deleg break won't try to requeue it */
1334 ++dp->dl_time;
1335 spin_lock(&fp->fi_lock);
1336 list_del_init(&dp->dl_perclnt);
1337 list_del_init(&dp->dl_recall_lru);
1338 list_del_init(&dp->dl_perfile);
1339 spin_unlock(&fp->fi_lock);
1340 return true;
1341 }
1342
1343 static void destroy_delegation(struct nfs4_delegation *dp)
1344 {
1345 bool unhashed;
1346
1347 spin_lock(&state_lock);
1348 unhashed = unhash_delegation_locked(dp, SC_STATUS_CLOSED);
1349 spin_unlock(&state_lock);
1350 if (unhashed)
1351 destroy_unhashed_deleg(dp);
1352 }
1353
1354 /**
1355 * revoke_delegation - perform nfs4 delegation structure cleanup
1356 * @dp: pointer to the delegation
1357 *
1358 * This function assumes that it's called either from the administrative
1359 * interface (nfsd4_revoke_states()) that's revoking a specific delegation
1360 * stateid or it's called from a laundromat thread (nfsd4_landromat()) that
1361 * determined that this specific state has expired and needs to be revoked
1362 * (both mark state with the appropriate stid sc_status mode). It is also
1363 * assumed that a reference was taken on the @dp state.
1364 *
1365 * If this function finds that the @dp state is SC_STATUS_FREED it means
1366 * that a FREE_STATEID operation for this stateid has been processed and
1367 * we can proceed to removing it from recalled list. However, if @dp state
1368 * isn't marked SC_STATUS_FREED, it means we need place it on the cl_revoked
1369 * list and wait for the FREE_STATEID to arrive from the client. At the same
1370 * time, we need to mark it as SC_STATUS_FREEABLE to indicate to the
1371 * nfsd4_free_stateid() function that this stateid has already been added
1372 * to the cl_revoked list and that nfsd4_free_stateid() is now responsible
1373 * for removing it from the list. Inspection of where the delegation state
1374 * in the revocation process is protected by the clp->cl_lock.
1375 */
1376 static void revoke_delegation(struct nfs4_delegation *dp)
1377 {
1378 struct nfs4_client *clp = dp->dl_stid.sc_client;
1379
1380 WARN_ON(!list_empty(&dp->dl_recall_lru));
1381 WARN_ON_ONCE(!(dp->dl_stid.sc_status &
1382 (SC_STATUS_REVOKED | SC_STATUS_ADMIN_REVOKED)));
1383
1384 trace_nfsd_stid_revoke(&dp->dl_stid);
1385
1386 spin_lock(&clp->cl_lock);
1387 if (dp->dl_stid.sc_status & SC_STATUS_FREED) {
1388 list_del_init(&dp->dl_recall_lru);
1389 goto out;
1390 }
1391 list_add(&dp->dl_recall_lru, &clp->cl_revoked);
1392 dp->dl_stid.sc_status |= SC_STATUS_FREEABLE;
1393 out:
1394 spin_unlock(&clp->cl_lock);
1395 destroy_unhashed_deleg(dp);
1396 }
1397
1398 /*
1399 * SETCLIENTID state
1400 */
1401
1402 static unsigned int clientid_hashval(u32 id)
1403 {
1404 return id & CLIENT_HASH_MASK;
1405 }
1406
1407 static unsigned int clientstr_hashval(struct xdr_netobj name)
1408 {
1409 return opaque_hashval(name.data, 8) & CLIENT_HASH_MASK;
1410 }
1411
1412 /*
1413 * A stateid that had a deny mode associated with it is being released
1414 * or downgraded. Recalculate the deny mode on the file.
1415 */
1416 static void
1417 recalculate_deny_mode(struct nfs4_file *fp)
1418 {
1419 struct nfs4_ol_stateid *stp;
1420 u32 old_deny;
1421
1422 spin_lock(&fp->fi_lock);
1423 old_deny = fp->fi_share_deny;
1424 fp->fi_share_deny = 0;
1425 list_for_each_entry(stp, &fp->fi_stateids, st_perfile) {
1426 fp->fi_share_deny |= bmap_to_share_mode(stp->st_deny_bmap);
1427 if (fp->fi_share_deny == old_deny)
1428 break;
1429 }
1430 spin_unlock(&fp->fi_lock);
1431 }
1432
1433 static void
1434 reset_union_bmap_deny(u32 deny, struct nfs4_ol_stateid *stp)
1435 {
1436 int i;
1437 bool change = false;
1438
1439 for (i = 1; i < 4; i++) {
1440 if ((i & deny) != i) {
1441 change = true;
1442 clear_deny(i, stp);
1443 }
1444 }
1445
1446 /* Recalculate per-file deny mode if there was a change */
1447 if (change)
1448 recalculate_deny_mode(stp->st_stid.sc_file);
1449 }
1450
1451 /* release all access and file references for a given stateid */
1452 static void
1453 release_all_access(struct nfs4_ol_stateid *stp)
1454 {
1455 int i;
1456 struct nfs4_file *fp = stp->st_stid.sc_file;
1457
1458 if (fp && stp->st_deny_bmap != 0)
1459 recalculate_deny_mode(fp);
1460
1461 for (i = 1; i < 4; i++) {
1462 if (test_access(i, stp))
1463 nfs4_file_put_access(stp->st_stid.sc_file, i);
1464 clear_access(i, stp);
1465 }
1466 }
1467
1468 static inline void nfs4_free_stateowner(struct nfs4_stateowner *sop)
1469 {
1470 kfree(sop->so_owner.data);
1471 sop->so_ops->so_free(sop);
1472 }
1473
1474 static void nfs4_put_stateowner(struct nfs4_stateowner *sop)
1475 {
1476 struct nfs4_client *clp = sop->so_client;
1477
1478 might_lock(&clp->cl_lock);
1479
1480 if (!atomic_dec_and_lock(&sop->so_count, &clp->cl_lock))
1481 return;
1482 sop->so_ops->so_unhash(sop);
1483 spin_unlock(&clp->cl_lock);
1484 nfs4_free_stateowner(sop);
1485 }
1486
1487 static bool
1488 nfs4_ol_stateid_unhashed(const struct nfs4_ol_stateid *stp)
1489 {
1490 return list_empty(&stp->st_perfile);
1491 }
1492
1493 static bool unhash_ol_stateid(struct nfs4_ol_stateid *stp)
1494 {
1495 struct nfs4_file *fp = stp->st_stid.sc_file;
1496
1497 lockdep_assert_held(&stp->st_stateowner->so_client->cl_lock);
1498
1499 if (list_empty(&stp->st_perfile))
1500 return false;
1501
1502 spin_lock(&fp->fi_lock);
1503 list_del_init(&stp->st_perfile);
1504 spin_unlock(&fp->fi_lock);
1505 list_del(&stp->st_perstateowner);
1506 return true;
1507 }
1508
1509 static void nfs4_free_ol_stateid(struct nfs4_stid *stid)
1510 {
1511 struct nfs4_ol_stateid *stp = openlockstateid(stid);
1512
1513 put_clnt_odstate(stp->st_clnt_odstate);
1514 release_all_access(stp);
1515 if (stp->st_stateowner)
1516 nfs4_put_stateowner(stp->st_stateowner);
1517 WARN_ON(!list_empty(&stid->sc_cp_list));
1518 kmem_cache_free(stateid_slab, stid);
1519 }
1520
1521 static void nfs4_free_lock_stateid(struct nfs4_stid *stid)
1522 {
1523 struct nfs4_ol_stateid *stp = openlockstateid(stid);
1524 struct nfs4_lockowner *lo = lockowner(stp->st_stateowner);
1525 struct nfsd_file *nf;
1526
1527 nf = find_any_file(stp->st_stid.sc_file);
1528 if (nf) {
1529 get_file(nf->nf_file);
1530 filp_close(nf->nf_file, (fl_owner_t)lo);
1531 nfsd_file_put(nf);
1532 }
1533 nfs4_free_ol_stateid(stid);
1534 }
1535
1536 /*
1537 * Put the persistent reference to an already unhashed generic stateid, while
1538 * holding the cl_lock. If it's the last reference, then put it onto the
1539 * reaplist for later destruction.
1540 */
1541 static void put_ol_stateid_locked(struct nfs4_ol_stateid *stp,
1542 struct list_head *reaplist)
1543 {
1544 struct nfs4_stid *s = &stp->st_stid;
1545 struct nfs4_client *clp = s->sc_client;
1546
1547 lockdep_assert_held(&clp->cl_lock);
1548
1549 WARN_ON_ONCE(!list_empty(&stp->st_locks));
1550
1551 if (!refcount_dec_and_test(&s->sc_count)) {
1552 wake_up_all(&close_wq);
1553 return;
1554 }
1555
1556 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id);
1557 if (s->sc_status & SC_STATUS_ADMIN_REVOKED)
1558 atomic_dec(&s->sc_client->cl_admin_revoked);
1559 list_add(&stp->st_locks, reaplist);
1560 }
1561
1562 static bool unhash_lock_stateid(struct nfs4_ol_stateid *stp)
1563 {
1564 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock);
1565
1566 if (!unhash_ol_stateid(stp))
1567 return false;
1568 list_del_init(&stp->st_locks);
1569 stp->st_stid.sc_status |= SC_STATUS_CLOSED;
1570 return true;
1571 }
1572
1573 static void release_lock_stateid(struct nfs4_ol_stateid *stp)
1574 {
1575 struct nfs4_client *clp = stp->st_stid.sc_client;
1576 bool unhashed;
1577
1578 spin_lock(&clp->cl_lock);
1579 unhashed = unhash_lock_stateid(stp);
1580 spin_unlock(&clp->cl_lock);
1581 if (unhashed)
1582 nfs4_put_stid(&stp->st_stid);
1583 }
1584
1585 static void unhash_lockowner_locked(struct nfs4_lockowner *lo)
1586 {
1587 struct nfs4_client *clp = lo->lo_owner.so_client;
1588
1589 lockdep_assert_held(&clp->cl_lock);
1590
1591 list_del_init(&lo->lo_owner.so_strhash);
1592 }
1593
1594 /*
1595 * Free a list of generic stateids that were collected earlier after being
1596 * fully unhashed.
1597 */
1598 static void
1599 free_ol_stateid_reaplist(struct list_head *reaplist)
1600 {
1601 struct nfs4_ol_stateid *stp;
1602 struct nfs4_file *fp;
1603
1604 might_sleep();
1605
1606 while (!list_empty(reaplist)) {
1607 stp = list_first_entry(reaplist, struct nfs4_ol_stateid,
1608 st_locks);
1609 list_del(&stp->st_locks);
1610 fp = stp->st_stid.sc_file;
1611 stp->st_stid.sc_free(&stp->st_stid);
1612 if (fp)
1613 put_nfs4_file(fp);
1614 }
1615 }
1616
1617 static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp,
1618 struct list_head *reaplist)
1619 {
1620 struct nfs4_ol_stateid *stp;
1621
1622 lockdep_assert_held(&open_stp->st_stid.sc_client->cl_lock);
1623
1624 while (!list_empty(&open_stp->st_locks)) {
1625 stp = list_entry(open_stp->st_locks.next,
1626 struct nfs4_ol_stateid, st_locks);
1627 unhash_lock_stateid(stp);
1628 put_ol_stateid_locked(stp, reaplist);
1629 }
1630 }
1631
1632 static bool unhash_open_stateid(struct nfs4_ol_stateid *stp,
1633 struct list_head *reaplist)
1634 {
1635 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock);
1636
1637 if (!unhash_ol_stateid(stp))
1638 return false;
1639 release_open_stateid_locks(stp, reaplist);
1640 return true;
1641 }
1642
1643 static void release_open_stateid(struct nfs4_ol_stateid *stp)
1644 {
1645 LIST_HEAD(reaplist);
1646
1647 spin_lock(&stp->st_stid.sc_client->cl_lock);
1648 stp->st_stid.sc_status |= SC_STATUS_CLOSED;
1649 if (unhash_open_stateid(stp, &reaplist))
1650 put_ol_stateid_locked(stp, &reaplist);
1651 spin_unlock(&stp->st_stid.sc_client->cl_lock);
1652 free_ol_stateid_reaplist(&reaplist);
1653 }
1654
1655 static bool nfs4_openowner_unhashed(struct nfs4_openowner *oo)
1656 {
1657 lockdep_assert_held(&oo->oo_owner.so_client->cl_lock);
1658
1659 return list_empty(&oo->oo_owner.so_strhash) &&
1660 list_empty(&oo->oo_perclient);
1661 }
1662
1663 static void unhash_openowner_locked(struct nfs4_openowner *oo)
1664 {
1665 struct nfs4_client *clp = oo->oo_owner.so_client;
1666
1667 lockdep_assert_held(&clp->cl_lock);
1668
1669 list_del_init(&oo->oo_owner.so_strhash);
1670 list_del_init(&oo->oo_perclient);
1671 }
1672
1673 static void release_last_closed_stateid(struct nfs4_openowner *oo)
1674 {
1675 struct nfsd_net *nn = net_generic(oo->oo_owner.so_client->net,
1676 nfsd_net_id);
1677 struct nfs4_ol_stateid *s;
1678
1679 spin_lock(&nn->client_lock);
1680 s = oo->oo_last_closed_stid;
1681 if (s) {
1682 list_del_init(&oo->oo_close_lru);
1683 oo->oo_last_closed_stid = NULL;
1684 }
1685 spin_unlock(&nn->client_lock);
1686 if (s)
1687 nfs4_put_stid(&s->st_stid);
1688 }
1689
1690 static void release_openowner(struct nfs4_openowner *oo)
1691 {
1692 struct nfs4_ol_stateid *stp;
1693 struct nfs4_client *clp = oo->oo_owner.so_client;
1694 LIST_HEAD(reaplist);
1695
1696 spin_lock(&clp->cl_lock);
1697 unhash_openowner_locked(oo);
1698 while (!list_empty(&oo->oo_owner.so_stateids)) {
1699 stp = list_first_entry(&oo->oo_owner.so_stateids,
1700 struct nfs4_ol_stateid, st_perstateowner);
1701 if (unhash_open_stateid(stp, &reaplist))
1702 put_ol_stateid_locked(stp, &reaplist);
1703 }
1704 spin_unlock(&clp->cl_lock);
1705 free_ol_stateid_reaplist(&reaplist);
1706 release_last_closed_stateid(oo);
1707 nfs4_put_stateowner(&oo->oo_owner);
1708 }
1709
1710 static struct nfs4_stid *find_one_sb_stid(struct nfs4_client *clp,
1711 struct super_block *sb,
1712 unsigned int sc_types)
1713 {
1714 unsigned long id, tmp;
1715 struct nfs4_stid *stid;
1716
1717 spin_lock(&clp->cl_lock);
1718 idr_for_each_entry_ul(&clp->cl_stateids, stid, tmp, id)
1719 if ((stid->sc_type & sc_types) &&
1720 stid->sc_status == 0 &&
1721 stid->sc_file->fi_inode->i_sb == sb) {
1722 refcount_inc(&stid->sc_count);
1723 break;
1724 }
1725 spin_unlock(&clp->cl_lock);
1726 return stid;
1727 }
1728
1729 /**
1730 * nfsd4_revoke_states - revoke all nfsv4 states associated with given filesystem
1731 * @net: used to identify instance of nfsd (there is one per net namespace)
1732 * @sb: super_block used to identify target filesystem
1733 *
1734 * All nfs4 states (open, lock, delegation, layout) held by the server instance
1735 * and associated with a file on the given filesystem will be revoked resulting
1736 * in any files being closed and so all references from nfsd to the filesystem
1737 * being released. Thus nfsd will no longer prevent the filesystem from being
1738 * unmounted.
1739 *
1740 * The clients which own the states will subsequently being notified that the
1741 * states have been "admin-revoked".
1742 */
1743 void nfsd4_revoke_states(struct net *net, struct super_block *sb)
1744 {
1745 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
1746 unsigned int idhashval;
1747 unsigned int sc_types;
1748
1749 sc_types = SC_TYPE_OPEN | SC_TYPE_LOCK | SC_TYPE_DELEG | SC_TYPE_LAYOUT;
1750
1751 spin_lock(&nn->client_lock);
1752 for (idhashval = 0; idhashval < CLIENT_HASH_MASK; idhashval++) {
1753 struct list_head *head = &nn->conf_id_hashtbl[idhashval];
1754 struct nfs4_client *clp;
1755 retry:
1756 list_for_each_entry(clp, head, cl_idhash) {
1757 struct nfs4_stid *stid = find_one_sb_stid(clp, sb,
1758 sc_types);
1759 if (stid) {
1760 struct nfs4_ol_stateid *stp;
1761 struct nfs4_delegation *dp;
1762 struct nfs4_layout_stateid *ls;
1763
1764 spin_unlock(&nn->client_lock);
1765 switch (stid->sc_type) {
1766 case SC_TYPE_OPEN:
1767 stp = openlockstateid(stid);
1768 mutex_lock_nested(&stp->st_mutex,
1769 OPEN_STATEID_MUTEX);
1770
1771 spin_lock(&clp->cl_lock);
1772 if (stid->sc_status == 0) {
1773 stid->sc_status |=
1774 SC_STATUS_ADMIN_REVOKED;
1775 atomic_inc(&clp->cl_admin_revoked);
1776 spin_unlock(&clp->cl_lock);
1777 release_all_access(stp);
1778 } else
1779 spin_unlock(&clp->cl_lock);
1780 mutex_unlock(&stp->st_mutex);
1781 break;
1782 case SC_TYPE_LOCK:
1783 stp = openlockstateid(stid);
1784 mutex_lock_nested(&stp->st_mutex,
1785 LOCK_STATEID_MUTEX);
1786 spin_lock(&clp->cl_lock);
1787 if (stid->sc_status == 0) {
1788 struct nfs4_lockowner *lo =
1789 lockowner(stp->st_stateowner);
1790 struct nfsd_file *nf;
1791
1792 stid->sc_status |=
1793 SC_STATUS_ADMIN_REVOKED;
1794 atomic_inc(&clp->cl_admin_revoked);
1795 spin_unlock(&clp->cl_lock);
1796 nf = find_any_file(stp->st_stid.sc_file);
1797 if (nf) {
1798 get_file(nf->nf_file);
1799 filp_close(nf->nf_file,
1800 (fl_owner_t)lo);
1801 nfsd_file_put(nf);
1802 }
1803 release_all_access(stp);
1804 } else
1805 spin_unlock(&clp->cl_lock);
1806 mutex_unlock(&stp->st_mutex);
1807 break;
1808 case SC_TYPE_DELEG:
1809 refcount_inc(&stid->sc_count);
1810 dp = delegstateid(stid);
1811 spin_lock(&state_lock);
1812 if (!unhash_delegation_locked(
1813 dp, SC_STATUS_ADMIN_REVOKED))
1814 dp = NULL;
1815 spin_unlock(&state_lock);
1816 if (dp)
1817 revoke_delegation(dp);
1818 break;
1819 case SC_TYPE_LAYOUT:
1820 ls = layoutstateid(stid);
1821 nfsd4_close_layout(ls);
1822 break;
1823 }
1824 nfs4_put_stid(stid);
1825 spin_lock(&nn->client_lock);
1826 if (clp->cl_minorversion == 0)
1827 /* Allow cleanup after a lease period.
1828 * store_release ensures cleanup will
1829 * see any newly revoked states if it
1830 * sees the time updated.
1831 */
1832 nn->nfs40_last_revoke =
1833 ktime_get_boottime_seconds();
1834 goto retry;
1835 }
1836 }
1837 }
1838 spin_unlock(&nn->client_lock);
1839 }
1840
1841 static inline int
1842 hash_sessionid(struct nfs4_sessionid *sessionid)
1843 {
1844 struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid;
1845
1846 return sid->sequence % SESSION_HASH_SIZE;
1847 }
1848
1849 #ifdef CONFIG_SUNRPC_DEBUG
1850 static inline void
1851 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
1852 {
1853 u32 *ptr = (u32 *)(&sessionid->data[0]);
1854 dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]);
1855 }
1856 #else
1857 static inline void
1858 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid)
1859 {
1860 }
1861 #endif
1862
1863 /*
1864 * Bump the seqid on cstate->replay_owner, and clear replay_owner if it
1865 * won't be used for replay.
1866 */
1867 void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr)
1868 {
1869 struct nfs4_stateowner *so = cstate->replay_owner;
1870
1871 if (nfserr == nfserr_replay_me)
1872 return;
1873
1874 if (!seqid_mutating_err(ntohl(nfserr))) {
1875 nfsd4_cstate_clear_replay(cstate);
1876 return;
1877 }
1878 if (!so)
1879 return;
1880 if (so->so_is_open_owner)
1881 release_last_closed_stateid(openowner(so));
1882 so->so_seqid++;
1883 return;
1884 }
1885
1886 static void
1887 gen_sessionid(struct nfsd4_session *ses)
1888 {
1889 struct nfs4_client *clp = ses->se_client;
1890 struct nfsd4_sessionid *sid;
1891
1892 sid = (struct nfsd4_sessionid *)ses->se_sessionid.data;
1893 sid->clientid = clp->cl_clientid;
1894 sid->sequence = current_sessionid++;
1895 sid->reserved = 0;
1896 }
1897
1898 /*
1899 * The protocol defines ca_maxresponssize_cached to include the size of
1900 * the rpc header, but all we need to cache is the data starting after
1901 * the end of the initial SEQUENCE operation--the rest we regenerate
1902 * each time. Therefore we can advertise a ca_maxresponssize_cached
1903 * value that is the number of bytes in our cache plus a few additional
1904 * bytes. In order to stay on the safe side, and not promise more than
1905 * we can cache, those additional bytes must be the minimum possible: 24
1906 * bytes of rpc header (xid through accept state, with AUTH_NULL
1907 * verifier), 12 for the compound header (with zero-length tag), and 44
1908 * for the SEQUENCE op response:
1909 */
1910 #define NFSD_MIN_HDR_SEQ_SZ (24 + 12 + 44)
1911
1912 static void
1913 free_session_slots(struct nfsd4_session *ses)
1914 {
1915 int i;
1916
1917 for (i = 0; i < ses->se_fchannel.maxreqs; i++) {
1918 free_svc_cred(&ses->se_slots[i]->sl_cred);
1919 kfree(ses->se_slots[i]);
1920 }
1921 }
1922
1923 /*
1924 * We don't actually need to cache the rpc and session headers, so we
1925 * can allocate a little less for each slot:
1926 */
1927 static inline u32 slot_bytes(struct nfsd4_channel_attrs *ca)
1928 {
1929 u32 size;
1930
1931 if (ca->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ)
1932 size = 0;
1933 else
1934 size = ca->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ;
1935 return size + sizeof(struct nfsd4_slot);
1936 }
1937
1938 /*
1939 * XXX: If we run out of reserved DRC memory we could (up to a point)
1940 * re-negotiate active sessions and reduce their slot usage to make
1941 * room for new connections. For now we just fail the create session.
1942 */
1943 static u32 nfsd4_get_drc_mem(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn)
1944 {
1945 u32 slotsize = slot_bytes(ca);
1946 u32 num = ca->maxreqs;
1947 unsigned long avail, total_avail;
1948 unsigned int scale_factor;
1949
1950 spin_lock(&nfsd_drc_lock);
1951 if (nfsd_drc_max_mem > nfsd_drc_mem_used)
1952 total_avail = nfsd_drc_max_mem - nfsd_drc_mem_used;
1953 else
1954 /* We have handed out more space than we chose in
1955 * set_max_drc() to allow. That isn't really a
1956 * problem as long as that doesn't make us think we
1957 * have lots more due to integer overflow.
1958 */
1959 total_avail = 0;
1960 avail = min((unsigned long)NFSD_MAX_MEM_PER_SESSION, total_avail);
1961 /*
1962 * Never use more than a fraction of the remaining memory,
1963 * unless it's the only way to give this client a slot.
1964 * The chosen fraction is either 1/8 or 1/number of threads,
1965 * whichever is smaller. This ensures there are adequate
1966 * slots to support multiple clients per thread.
1967 * Give the client one slot even if that would require
1968 * over-allocation--it is better than failure.
1969 */
1970 scale_factor = max_t(unsigned int, 8, nn->nfsd_serv->sv_nrthreads);
1971
1972 avail = clamp_t(unsigned long, avail, slotsize,
1973 total_avail/scale_factor);
1974 num = min_t(int, num, avail / slotsize);
1975 num = max_t(int, num, 1);
1976 nfsd_drc_mem_used += num * slotsize;
1977 spin_unlock(&nfsd_drc_lock);
1978
1979 return num;
1980 }
1981
1982 static void nfsd4_put_drc_mem(struct nfsd4_channel_attrs *ca)
1983 {
1984 int slotsize = slot_bytes(ca);
1985
1986 spin_lock(&nfsd_drc_lock);
1987 nfsd_drc_mem_used -= slotsize * ca->maxreqs;
1988 spin_unlock(&nfsd_drc_lock);
1989 }
1990
1991 static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *fattrs,
1992 struct nfsd4_channel_attrs *battrs)
1993 {
1994 int numslots = fattrs->maxreqs;
1995 int slotsize = slot_bytes(fattrs);
1996 struct nfsd4_session *new;
1997 int i;
1998
1999 BUILD_BUG_ON(struct_size(new, se_slots, NFSD_MAX_SLOTS_PER_SESSION)
2000 > PAGE_SIZE);
2001
2002 new = kzalloc(struct_size(new, se_slots, numslots), GFP_KERNEL);
2003 if (!new)
2004 return NULL;
2005 /* allocate each struct nfsd4_slot and data cache in one piece */
2006 for (i = 0; i < numslots; i++) {
2007 new->se_slots[i] = kzalloc(slotsize, GFP_KERNEL);
2008 if (!new->se_slots[i])
2009 goto out_free;
2010 }
2011
2012 memcpy(&new->se_fchannel, fattrs, sizeof(struct nfsd4_channel_attrs));
2013 new->se_cb_slot_avail = ~0U;
2014 new->se_cb_highest_slot = min(battrs->maxreqs - 1,
2015 NFSD_BC_SLOT_TABLE_SIZE - 1);
2016 spin_lock_init(&new->se_lock);
2017 return new;
2018 out_free:
2019 while (i--)
2020 kfree(new->se_slots[i]);
2021 kfree(new);
2022 return NULL;
2023 }
2024
2025 static void free_conn(struct nfsd4_conn *c)
2026 {
2027 svc_xprt_put(c->cn_xprt);
2028 kfree(c);
2029 }
2030
2031 static void nfsd4_conn_lost(struct svc_xpt_user *u)
2032 {
2033 struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user);
2034 struct nfs4_client *clp = c->cn_session->se_client;
2035
2036 trace_nfsd_cb_lost(clp);
2037
2038 spin_lock(&clp->cl_lock);
2039 if (!list_empty(&c->cn_persession)) {
2040 list_del(&c->cn_persession);
2041 free_conn(c);
2042 }
2043 nfsd4_probe_callback(clp);
2044 spin_unlock(&clp->cl_lock);
2045 }
2046
2047 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags)
2048 {
2049 struct nfsd4_conn *conn;
2050
2051 conn = kmalloc(sizeof(struct nfsd4_conn), GFP_KERNEL);
2052 if (!conn)
2053 return NULL;
2054 svc_xprt_get(rqstp->rq_xprt);
2055 conn->cn_xprt = rqstp->rq_xprt;
2056 conn->cn_flags = flags;
2057 INIT_LIST_HEAD(&conn->cn_xpt_user.list);
2058 return conn;
2059 }
2060
2061 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
2062 {
2063 conn->cn_session = ses;
2064 list_add(&conn->cn_persession, &ses->se_conns);
2065 }
2066
2067 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses)
2068 {
2069 struct nfs4_client *clp = ses->se_client;
2070
2071 spin_lock(&clp->cl_lock);
2072 __nfsd4_hash_conn(conn, ses);
2073 spin_unlock(&clp->cl_lock);
2074 }
2075
2076 static int nfsd4_register_conn(struct nfsd4_conn *conn)
2077 {
2078 conn->cn_xpt_user.callback = nfsd4_conn_lost;
2079 return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user);
2080 }
2081
2082 static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses)
2083 {
2084 int ret;
2085
2086 nfsd4_hash_conn(conn, ses);
2087 ret = nfsd4_register_conn(conn);
2088 if (ret)
2089 /* oops; xprt is already down: */
2090 nfsd4_conn_lost(&conn->cn_xpt_user);
2091 /* We may have gained or lost a callback channel: */
2092 nfsd4_probe_callback_sync(ses->se_client);
2093 }
2094
2095 static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses)
2096 {
2097 u32 dir = NFS4_CDFC4_FORE;
2098
2099 if (cses->flags & SESSION4_BACK_CHAN)
2100 dir |= NFS4_CDFC4_BACK;
2101 return alloc_conn(rqstp, dir);
2102 }
2103
2104 /* must be called under client_lock */
2105 static void nfsd4_del_conns(struct nfsd4_session *s)
2106 {
2107 struct nfs4_client *clp = s->se_client;
2108 struct nfsd4_conn *c;
2109
2110 spin_lock(&clp->cl_lock);
2111 while (!list_empty(&s->se_conns)) {
2112 c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession);
2113 list_del_init(&c->cn_persession);
2114 spin_unlock(&clp->cl_lock);
2115
2116 unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user);
2117 free_conn(c);
2118
2119 spin_lock(&clp->cl_lock);
2120 }
2121 spin_unlock(&clp->cl_lock);
2122 }
2123
2124 static void __free_session(struct nfsd4_session *ses)
2125 {
2126 free_session_slots(ses);
2127 kfree(ses);
2128 }
2129
2130 static void free_session(struct nfsd4_session *ses)
2131 {
2132 nfsd4_del_conns(ses);
2133 nfsd4_put_drc_mem(&ses->se_fchannel);
2134 __free_session(ses);
2135 }
2136
2137 static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses)
2138 {
2139 int idx;
2140 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
2141
2142 new->se_client = clp;
2143 gen_sessionid(new);
2144
2145 INIT_LIST_HEAD(&new->se_conns);
2146
2147 atomic_set(&new->se_ref, 0);
2148 new->se_dead = false;
2149 new->se_cb_prog = cses->callback_prog;
2150 new->se_cb_sec = cses->cb_sec;
2151
2152 for (idx = 0; idx < NFSD_BC_SLOT_TABLE_SIZE; ++idx)
2153 new->se_cb_seq_nr[idx] = 1;
2154
2155 idx = hash_sessionid(&new->se_sessionid);
2156 list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]);
2157 spin_lock(&clp->cl_lock);
2158 list_add(&new->se_perclnt, &clp->cl_sessions);
2159 spin_unlock(&clp->cl_lock);
2160
2161 {
2162 struct sockaddr *sa = svc_addr(rqstp);
2163 /*
2164 * This is a little silly; with sessions there's no real
2165 * use for the callback address. Use the peer address
2166 * as a reasonable default for now, but consider fixing
2167 * the rpc client not to require an address in the
2168 * future:
2169 */
2170 rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa);
2171 clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa);
2172 }
2173 }
2174
2175 /* caller must hold client_lock */
2176 static struct nfsd4_session *
2177 __find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net)
2178 {
2179 struct nfsd4_session *elem;
2180 int idx;
2181 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
2182
2183 lockdep_assert_held(&nn->client_lock);
2184
2185 dump_sessionid(__func__, sessionid);
2186 idx = hash_sessionid(sessionid);
2187 /* Search in the appropriate list */
2188 list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) {
2189 if (!memcmp(elem->se_sessionid.data, sessionid->data,
2190 NFS4_MAX_SESSIONID_LEN)) {
2191 return elem;
2192 }
2193 }
2194
2195 dprintk("%s: session not found\n", __func__);
2196 return NULL;
2197 }
2198
2199 static struct nfsd4_session *
2200 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net,
2201 __be32 *ret)
2202 {
2203 struct nfsd4_session *session;
2204 __be32 status = nfserr_badsession;
2205
2206 session = __find_in_sessionid_hashtbl(sessionid, net);
2207 if (!session)
2208 goto out;
2209 status = nfsd4_get_session_locked(session);
2210 if (status)
2211 session = NULL;
2212 out:
2213 *ret = status;
2214 return session;
2215 }
2216
2217 /* caller must hold client_lock */
2218 static void
2219 unhash_session(struct nfsd4_session *ses)
2220 {
2221 struct nfs4_client *clp = ses->se_client;
2222 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2223
2224 lockdep_assert_held(&nn->client_lock);
2225
2226 list_del(&ses->se_hash);
2227 spin_lock(&ses->se_client->cl_lock);
2228 list_del(&ses->se_perclnt);
2229 spin_unlock(&ses->se_client->cl_lock);
2230 }
2231
2232 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */
2233 static int
2234 STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn)
2235 {
2236 /*
2237 * We're assuming the clid was not given out from a boot
2238 * precisely 2^32 (about 136 years) before this one. That seems
2239 * a safe assumption:
2240 */
2241 if (clid->cl_boot == (u32)nn->boot_time)
2242 return 0;
2243 trace_nfsd_clid_stale(clid);
2244 return 1;
2245 }
2246
2247 static struct nfs4_client *alloc_client(struct xdr_netobj name,
2248 struct nfsd_net *nn)
2249 {
2250 struct nfs4_client *clp;
2251 int i;
2252
2253 if (atomic_read(&nn->nfs4_client_count) >= nn->nfs4_max_clients &&
2254 atomic_read(&nn->nfsd_courtesy_clients) > 0)
2255 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0);
2256
2257 clp = kmem_cache_zalloc(client_slab, GFP_KERNEL);
2258 if (clp == NULL)
2259 return NULL;
2260 xdr_netobj_dup(&clp->cl_name, &name, GFP_KERNEL);
2261 if (clp->cl_name.data == NULL)
2262 goto err_no_name;
2263 clp->cl_ownerstr_hashtbl = kmalloc_array(OWNER_HASH_SIZE,
2264 sizeof(struct list_head),
2265 GFP_KERNEL);
2266 if (!clp->cl_ownerstr_hashtbl)
2267 goto err_no_hashtbl;
2268 clp->cl_callback_wq = alloc_ordered_workqueue("nfsd4_callbacks", 0);
2269 if (!clp->cl_callback_wq)
2270 goto err_no_callback_wq;
2271
2272 for (i = 0; i < OWNER_HASH_SIZE; i++)
2273 INIT_LIST_HEAD(&clp->cl_ownerstr_hashtbl[i]);
2274 INIT_LIST_HEAD(&clp->cl_sessions);
2275 idr_init(&clp->cl_stateids);
2276 atomic_set(&clp->cl_rpc_users, 0);
2277 clp->cl_cb_state = NFSD4_CB_UNKNOWN;
2278 clp->cl_state = NFSD4_ACTIVE;
2279 atomic_inc(&nn->nfs4_client_count);
2280 atomic_set(&clp->cl_delegs_in_recall, 0);
2281 INIT_LIST_HEAD(&clp->cl_idhash);
2282 INIT_LIST_HEAD(&clp->cl_openowners);
2283 INIT_LIST_HEAD(&clp->cl_delegations);
2284 INIT_LIST_HEAD(&clp->cl_lru);
2285 INIT_LIST_HEAD(&clp->cl_revoked);
2286 #ifdef CONFIG_NFSD_PNFS
2287 INIT_LIST_HEAD(&clp->cl_lo_states);
2288 #endif
2289 INIT_LIST_HEAD(&clp->async_copies);
2290 spin_lock_init(&clp->async_lock);
2291 spin_lock_init(&clp->cl_lock);
2292 rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table");
2293 return clp;
2294 err_no_callback_wq:
2295 kfree(clp->cl_ownerstr_hashtbl);
2296 err_no_hashtbl:
2297 kfree(clp->cl_name.data);
2298 err_no_name:
2299 kmem_cache_free(client_slab, clp);
2300 return NULL;
2301 }
2302
2303 static void __free_client(struct kref *k)
2304 {
2305 struct nfsdfs_client *c = container_of(k, struct nfsdfs_client, cl_ref);
2306 struct nfs4_client *clp = container_of(c, struct nfs4_client, cl_nfsdfs);
2307
2308 free_svc_cred(&clp->cl_cred);
2309 destroy_workqueue(clp->cl_callback_wq);
2310 kfree(clp->cl_ownerstr_hashtbl);
2311 kfree(clp->cl_name.data);
2312 kfree(clp->cl_nii_domain.data);
2313 kfree(clp->cl_nii_name.data);
2314 idr_destroy(&clp->cl_stateids);
2315 kfree(clp->cl_ra);
2316 kmem_cache_free(client_slab, clp);
2317 }
2318
2319 static void drop_client(struct nfs4_client *clp)
2320 {
2321 kref_put(&clp->cl_nfsdfs.cl_ref, __free_client);
2322 }
2323
2324 static void
2325 free_client(struct nfs4_client *clp)
2326 {
2327 while (!list_empty(&clp->cl_sessions)) {
2328 struct nfsd4_session *ses;
2329 ses = list_entry(clp->cl_sessions.next, struct nfsd4_session,
2330 se_perclnt);
2331 list_del(&ses->se_perclnt);
2332 WARN_ON_ONCE(atomic_read(&ses->se_ref));
2333 free_session(ses);
2334 }
2335 rpc_destroy_wait_queue(&clp->cl_cb_waitq);
2336 if (clp->cl_nfsd_dentry) {
2337 nfsd_client_rmdir(clp->cl_nfsd_dentry);
2338 clp->cl_nfsd_dentry = NULL;
2339 wake_up_all(&expiry_wq);
2340 }
2341 drop_client(clp);
2342 }
2343
2344 /* must be called under the client_lock */
2345 static void
2346 unhash_client_locked(struct nfs4_client *clp)
2347 {
2348 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2349 struct nfsd4_session *ses;
2350
2351 lockdep_assert_held(&nn->client_lock);
2352
2353 /* Mark the client as expired! */
2354 clp->cl_time = 0;
2355 /* Make it invisible */
2356 if (!list_empty(&clp->cl_idhash)) {
2357 list_del_init(&clp->cl_idhash);
2358 if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags))
2359 rb_erase(&clp->cl_namenode, &nn->conf_name_tree);
2360 else
2361 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
2362 }
2363 list_del_init(&clp->cl_lru);
2364 spin_lock(&clp->cl_lock);
2365 list_for_each_entry(ses, &clp->cl_sessions, se_perclnt)
2366 list_del_init(&ses->se_hash);
2367 spin_unlock(&clp->cl_lock);
2368 }
2369
2370 static void
2371 unhash_client(struct nfs4_client *clp)
2372 {
2373 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2374
2375 spin_lock(&nn->client_lock);
2376 unhash_client_locked(clp);
2377 spin_unlock(&nn->client_lock);
2378 }
2379
2380 static __be32 mark_client_expired_locked(struct nfs4_client *clp)
2381 {
2382 int users = atomic_read(&clp->cl_rpc_users);
2383
2384 trace_nfsd_mark_client_expired(clp, users);
2385
2386 if (users)
2387 return nfserr_jukebox;
2388 unhash_client_locked(clp);
2389 return nfs_ok;
2390 }
2391
2392 static void
2393 __destroy_client(struct nfs4_client *clp)
2394 {
2395 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2396 int i;
2397 struct nfs4_openowner *oo;
2398 struct nfs4_delegation *dp;
2399 LIST_HEAD(reaplist);
2400
2401 spin_lock(&state_lock);
2402 while (!list_empty(&clp->cl_delegations)) {
2403 dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt);
2404 unhash_delegation_locked(dp, SC_STATUS_CLOSED);
2405 list_add(&dp->dl_recall_lru, &reaplist);
2406 }
2407 spin_unlock(&state_lock);
2408 while (!list_empty(&reaplist)) {
2409 dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru);
2410 list_del_init(&dp->dl_recall_lru);
2411 destroy_unhashed_deleg(dp);
2412 }
2413 while (!list_empty(&clp->cl_revoked)) {
2414 dp = list_entry(clp->cl_revoked.next, struct nfs4_delegation, dl_recall_lru);
2415 list_del_init(&dp->dl_recall_lru);
2416 nfs4_put_stid(&dp->dl_stid);
2417 }
2418 while (!list_empty(&clp->cl_openowners)) {
2419 oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient);
2420 nfs4_get_stateowner(&oo->oo_owner);
2421 release_openowner(oo);
2422 }
2423 for (i = 0; i < OWNER_HASH_SIZE; i++) {
2424 struct nfs4_stateowner *so, *tmp;
2425
2426 list_for_each_entry_safe(so, tmp, &clp->cl_ownerstr_hashtbl[i],
2427 so_strhash) {
2428 /* Should be no openowners at this point */
2429 WARN_ON_ONCE(so->so_is_open_owner);
2430 remove_blocked_locks(lockowner(so));
2431 }
2432 }
2433 nfsd4_return_all_client_layouts(clp);
2434 nfsd4_shutdown_copy(clp);
2435 nfsd4_shutdown_callback(clp);
2436 if (clp->cl_cb_conn.cb_xprt)
2437 svc_xprt_put(clp->cl_cb_conn.cb_xprt);
2438 atomic_add_unless(&nn->nfs4_client_count, -1, 0);
2439 nfsd4_dec_courtesy_client_count(nn, clp);
2440 free_client(clp);
2441 wake_up_all(&expiry_wq);
2442 }
2443
2444 static void
2445 destroy_client(struct nfs4_client *clp)
2446 {
2447 unhash_client(clp);
2448 __destroy_client(clp);
2449 }
2450
2451 static void inc_reclaim_complete(struct nfs4_client *clp)
2452 {
2453 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
2454
2455 if (!nn->track_reclaim_completes)
2456 return;
2457 if (!nfsd4_find_reclaim_client(clp->cl_name, nn))
2458 return;
2459 if (atomic_inc_return(&nn->nr_reclaim_complete) ==
2460 nn->reclaim_str_hashtbl_size) {
2461 printk(KERN_INFO "NFSD: all clients done reclaiming, ending NFSv4 grace period (net %x)\n",
2462 clp->net->ns.inum);
2463 nfsd4_end_grace(nn);
2464 }
2465 }
2466
2467 static void expire_client(struct nfs4_client *clp)
2468 {
2469 unhash_client(clp);
2470 nfsd4_client_record_remove(clp);
2471 __destroy_client(clp);
2472 }
2473
2474 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source)
2475 {
2476 memcpy(target->cl_verifier.data, source->data,
2477 sizeof(target->cl_verifier.data));
2478 }
2479
2480 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source)
2481 {
2482 target->cl_clientid.cl_boot = source->cl_clientid.cl_boot;
2483 target->cl_clientid.cl_id = source->cl_clientid.cl_id;
2484 }
2485
2486 static int copy_cred(struct svc_cred *target, struct svc_cred *source)
2487 {
2488 target->cr_principal = kstrdup(source->cr_principal, GFP_KERNEL);
2489 target->cr_raw_principal = kstrdup(source->cr_raw_principal,
2490 GFP_KERNEL);
2491 target->cr_targ_princ = kstrdup(source->cr_targ_princ, GFP_KERNEL);
2492 if ((source->cr_principal && !target->cr_principal) ||
2493 (source->cr_raw_principal && !target->cr_raw_principal) ||
2494 (source->cr_targ_princ && !target->cr_targ_princ))
2495 return -ENOMEM;
2496
2497 target->cr_flavor = source->cr_flavor;
2498 target->cr_uid = source->cr_uid;
2499 target->cr_gid = source->cr_gid;
2500 target->cr_group_info = source->cr_group_info;
2501 get_group_info(target->cr_group_info);
2502 target->cr_gss_mech = source->cr_gss_mech;
2503 if (source->cr_gss_mech)
2504 gss_mech_get(source->cr_gss_mech);
2505 return 0;
2506 }
2507
2508 static int
2509 compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2)
2510 {
2511 if (o1->len < o2->len)
2512 return -1;
2513 if (o1->len > o2->len)
2514 return 1;
2515 return memcmp(o1->data, o2->data, o1->len);
2516 }
2517
2518 static int
2519 same_verf(nfs4_verifier *v1, nfs4_verifier *v2)
2520 {
2521 return 0 == memcmp(v1->data, v2->data, sizeof(v1->data));
2522 }
2523
2524 static int
2525 same_clid(clientid_t *cl1, clientid_t *cl2)
2526 {
2527 return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id);
2528 }
2529
2530 static bool groups_equal(struct group_info *g1, struct group_info *g2)
2531 {
2532 int i;
2533
2534 if (g1->ngroups != g2->ngroups)
2535 return false;
2536 for (i=0; i<g1->ngroups; i++)
2537 if (!gid_eq(g1->gid[i], g2->gid[i]))
2538 return false;
2539 return true;
2540 }
2541
2542 /*
2543 * RFC 3530 language requires clid_inuse be returned when the
2544 * "principal" associated with a requests differs from that previously
2545 * used. We use uid, gid's, and gss principal string as our best
2546 * approximation. We also don't want to allow non-gss use of a client
2547 * established using gss: in theory cr_principal should catch that
2548 * change, but in practice cr_principal can be null even in the gss case
2549 * since gssd doesn't always pass down a principal string.
2550 */
2551 static bool is_gss_cred(struct svc_cred *cr)
2552 {
2553 /* Is cr_flavor one of the gss "pseudoflavors"?: */
2554 return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR);
2555 }
2556
2557
2558 static bool
2559 same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
2560 {
2561 if ((is_gss_cred(cr1) != is_gss_cred(cr2))
2562 || (!uid_eq(cr1->cr_uid, cr2->cr_uid))
2563 || (!gid_eq(cr1->cr_gid, cr2->cr_gid))
2564 || !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
2565 return false;
2566 /* XXX: check that cr_targ_princ fields match ? */
2567 if (cr1->cr_principal == cr2->cr_principal)
2568 return true;
2569 if (!cr1->cr_principal || !cr2->cr_principal)
2570 return false;
2571 return 0 == strcmp(cr1->cr_principal, cr2->cr_principal);
2572 }
2573
2574 static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp)
2575 {
2576 struct svc_cred *cr = &rqstp->rq_cred;
2577 u32 service;
2578
2579 if (!cr->cr_gss_mech)
2580 return false;
2581 service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor);
2582 return service == RPC_GSS_SVC_INTEGRITY ||
2583 service == RPC_GSS_SVC_PRIVACY;
2584 }
2585
2586 bool nfsd4_mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp)
2587 {
2588 struct svc_cred *cr = &rqstp->rq_cred;
2589
2590 if (!cl->cl_mach_cred)
2591 return true;
2592 if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech)
2593 return false;
2594 if (!svc_rqst_integrity_protected(rqstp))
2595 return false;
2596 if (cl->cl_cred.cr_raw_principal)
2597 return 0 == strcmp(cl->cl_cred.cr_raw_principal,
2598 cr->cr_raw_principal);
2599 if (!cr->cr_principal)
2600 return false;
2601 return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal);
2602 }
2603
2604 static void gen_confirm(struct nfs4_client *clp, struct nfsd_net *nn)
2605 {
2606 __be32 verf[2];
2607
2608 /*
2609 * This is opaque to client, so no need to byte-swap. Use
2610 * __force to keep sparse happy
2611 */
2612 verf[0] = (__force __be32)(u32)ktime_get_real_seconds();
2613 verf[1] = (__force __be32)nn->clverifier_counter++;
2614 memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data));
2615 }
2616
2617 static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn)
2618 {
2619 clp->cl_clientid.cl_boot = (u32)nn->boot_time;
2620 clp->cl_clientid.cl_id = nn->clientid_counter++;
2621 gen_confirm(clp, nn);
2622 }
2623
2624 static struct nfs4_stid *
2625 find_stateid_locked(struct nfs4_client *cl, stateid_t *t)
2626 {
2627 struct nfs4_stid *ret;
2628
2629 ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id);
2630 if (!ret || !ret->sc_type)
2631 return NULL;
2632 return ret;
2633 }
2634
2635 static struct nfs4_stid *
2636 find_stateid_by_type(struct nfs4_client *cl, stateid_t *t,
2637 unsigned short typemask, unsigned short ok_states)
2638 {
2639 struct nfs4_stid *s;
2640
2641 spin_lock(&cl->cl_lock);
2642 s = find_stateid_locked(cl, t);
2643 if (s != NULL) {
2644 if ((s->sc_status & ~ok_states) == 0 &&
2645 (typemask & s->sc_type))
2646 refcount_inc(&s->sc_count);
2647 else
2648 s = NULL;
2649 }
2650 spin_unlock(&cl->cl_lock);
2651 return s;
2652 }
2653
2654 static struct nfs4_client *get_nfsdfs_clp(struct inode *inode)
2655 {
2656 struct nfsdfs_client *nc;
2657 nc = get_nfsdfs_client(inode);
2658 if (!nc)
2659 return NULL;
2660 return container_of(nc, struct nfs4_client, cl_nfsdfs);
2661 }
2662
2663 static void seq_quote_mem(struct seq_file *m, char *data, int len)
2664 {
2665 seq_puts(m, "\"");
2666 seq_escape_mem(m, data, len, ESCAPE_HEX | ESCAPE_NAP | ESCAPE_APPEND, "\"\\");
2667 seq_puts(m, "\"");
2668 }
2669
2670 static const char *cb_state2str(int state)
2671 {
2672 switch (state) {
2673 case NFSD4_CB_UP:
2674 return "UP";
2675 case NFSD4_CB_UNKNOWN:
2676 return "UNKNOWN";
2677 case NFSD4_CB_DOWN:
2678 return "DOWN";
2679 case NFSD4_CB_FAULT:
2680 return "FAULT";
2681 }
2682 return "UNDEFINED";
2683 }
2684
2685 static int client_info_show(struct seq_file *m, void *v)
2686 {
2687 struct inode *inode = file_inode(m->file);
2688 struct nfs4_client *clp;
2689 u64 clid;
2690
2691 clp = get_nfsdfs_clp(inode);
2692 if (!clp)
2693 return -ENXIO;
2694 memcpy(&clid, &clp->cl_clientid, sizeof(clid));
2695 seq_printf(m, "clientid: 0x%llx\n", clid);
2696 seq_printf(m, "address: \"%pISpc\"\n", (struct sockaddr *)&clp->cl_addr);
2697
2698 if (clp->cl_state == NFSD4_COURTESY)
2699 seq_puts(m, "status: courtesy\n");
2700 else if (clp->cl_state == NFSD4_EXPIRABLE)
2701 seq_puts(m, "status: expirable\n");
2702 else if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags))
2703 seq_puts(m, "status: confirmed\n");
2704 else
2705 seq_puts(m, "status: unconfirmed\n");
2706 seq_printf(m, "seconds from last renew: %lld\n",
2707 ktime_get_boottime_seconds() - clp->cl_time);
2708 seq_puts(m, "name: ");
2709 seq_quote_mem(m, clp->cl_name.data, clp->cl_name.len);
2710 seq_printf(m, "\nminor version: %d\n", clp->cl_minorversion);
2711 if (clp->cl_nii_domain.data) {
2712 seq_puts(m, "Implementation domain: ");
2713 seq_quote_mem(m, clp->cl_nii_domain.data,
2714 clp->cl_nii_domain.len);
2715 seq_puts(m, "\nImplementation name: ");
2716 seq_quote_mem(m, clp->cl_nii_name.data, clp->cl_nii_name.len);
2717 seq_printf(m, "\nImplementation time: [%lld, %ld]\n",
2718 clp->cl_nii_time.tv_sec, clp->cl_nii_time.tv_nsec);
2719 }
2720 seq_printf(m, "callback state: %s\n", cb_state2str(clp->cl_cb_state));
2721 seq_printf(m, "callback address: \"%pISpc\"\n", &clp->cl_cb_conn.cb_addr);
2722 seq_printf(m, "admin-revoked states: %d\n",
2723 atomic_read(&clp->cl_admin_revoked));
2724 drop_client(clp);
2725
2726 return 0;
2727 }
2728
2729 DEFINE_SHOW_ATTRIBUTE(client_info);
2730
2731 static void *states_start(struct seq_file *s, loff_t *pos)
2732 __acquires(&clp->cl_lock)
2733 {
2734 struct nfs4_client *clp = s->private;
2735 unsigned long id = *pos;
2736 void *ret;
2737
2738 spin_lock(&clp->cl_lock);
2739 ret = idr_get_next_ul(&clp->cl_stateids, &id);
2740 *pos = id;
2741 return ret;
2742 }
2743
2744 static void *states_next(struct seq_file *s, void *v, loff_t *pos)
2745 {
2746 struct nfs4_client *clp = s->private;
2747 unsigned long id = *pos;
2748 void *ret;
2749
2750 id = *pos;
2751 id++;
2752 ret = idr_get_next_ul(&clp->cl_stateids, &id);
2753 *pos = id;
2754 return ret;
2755 }
2756
2757 static void states_stop(struct seq_file *s, void *v)
2758 __releases(&clp->cl_lock)
2759 {
2760 struct nfs4_client *clp = s->private;
2761
2762 spin_unlock(&clp->cl_lock);
2763 }
2764
2765 static void nfs4_show_fname(struct seq_file *s, struct nfsd_file *f)
2766 {
2767 seq_printf(s, "filename: \"%pD2\"", f->nf_file);
2768 }
2769
2770 static void nfs4_show_superblock(struct seq_file *s, struct nfsd_file *f)
2771 {
2772 struct inode *inode = file_inode(f->nf_file);
2773
2774 seq_printf(s, "superblock: \"%02x:%02x:%ld\"",
2775 MAJOR(inode->i_sb->s_dev),
2776 MINOR(inode->i_sb->s_dev),
2777 inode->i_ino);
2778 }
2779
2780 static void nfs4_show_owner(struct seq_file *s, struct nfs4_stateowner *oo)
2781 {
2782 seq_puts(s, "owner: ");
2783 seq_quote_mem(s, oo->so_owner.data, oo->so_owner.len);
2784 }
2785
2786 static void nfs4_show_stateid(struct seq_file *s, stateid_t *stid)
2787 {
2788 seq_printf(s, "0x%.8x", stid->si_generation);
2789 seq_printf(s, "%12phN", &stid->si_opaque);
2790 }
2791
2792 static int nfs4_show_open(struct seq_file *s, struct nfs4_stid *st)
2793 {
2794 struct nfs4_ol_stateid *ols;
2795 struct nfs4_file *nf;
2796 struct nfsd_file *file;
2797 struct nfs4_stateowner *oo;
2798 unsigned int access, deny;
2799
2800 ols = openlockstateid(st);
2801 oo = ols->st_stateowner;
2802 nf = st->sc_file;
2803
2804 seq_puts(s, "- ");
2805 nfs4_show_stateid(s, &st->sc_stateid);
2806 seq_puts(s, ": { type: open, ");
2807
2808 access = bmap_to_share_mode(ols->st_access_bmap);
2809 deny = bmap_to_share_mode(ols->st_deny_bmap);
2810
2811 seq_printf(s, "access: %s%s, ",
2812 access & NFS4_SHARE_ACCESS_READ ? "r" : "-",
2813 access & NFS4_SHARE_ACCESS_WRITE ? "w" : "-");
2814 seq_printf(s, "deny: %s%s, ",
2815 deny & NFS4_SHARE_ACCESS_READ ? "r" : "-",
2816 deny & NFS4_SHARE_ACCESS_WRITE ? "w" : "-");
2817
2818 if (nf) {
2819 spin_lock(&nf->fi_lock);
2820 file = find_any_file_locked(nf);
2821 if (file) {
2822 nfs4_show_superblock(s, file);
2823 seq_puts(s, ", ");
2824 nfs4_show_fname(s, file);
2825 seq_puts(s, ", ");
2826 }
2827 spin_unlock(&nf->fi_lock);
2828 } else
2829 seq_puts(s, "closed, ");
2830 nfs4_show_owner(s, oo);
2831 if (st->sc_status & SC_STATUS_ADMIN_REVOKED)
2832 seq_puts(s, ", admin-revoked");
2833 seq_puts(s, " }\n");
2834 return 0;
2835 }
2836
2837 static int nfs4_show_lock(struct seq_file *s, struct nfs4_stid *st)
2838 {
2839 struct nfs4_ol_stateid *ols;
2840 struct nfs4_file *nf;
2841 struct nfsd_file *file;
2842 struct nfs4_stateowner *oo;
2843
2844 ols = openlockstateid(st);
2845 oo = ols->st_stateowner;
2846 nf = st->sc_file;
2847
2848 seq_puts(s, "- ");
2849 nfs4_show_stateid(s, &st->sc_stateid);
2850 seq_puts(s, ": { type: lock, ");
2851
2852 spin_lock(&nf->fi_lock);
2853 file = find_any_file_locked(nf);
2854 if (file) {
2855 /*
2856 * Note: a lock stateid isn't really the same thing as a lock,
2857 * it's the locking state held by one owner on a file, and there
2858 * may be multiple (or no) lock ranges associated with it.
2859 * (Same for the matter is true of open stateids.)
2860 */
2861
2862 nfs4_show_superblock(s, file);
2863 /* XXX: open stateid? */
2864 seq_puts(s, ", ");
2865 nfs4_show_fname(s, file);
2866 seq_puts(s, ", ");
2867 }
2868 nfs4_show_owner(s, oo);
2869 if (st->sc_status & SC_STATUS_ADMIN_REVOKED)
2870 seq_puts(s, ", admin-revoked");
2871 seq_puts(s, " }\n");
2872 spin_unlock(&nf->fi_lock);
2873 return 0;
2874 }
2875
2876 static int nfs4_show_deleg(struct seq_file *s, struct nfs4_stid *st)
2877 {
2878 struct nfs4_delegation *ds;
2879 struct nfs4_file *nf;
2880 struct nfsd_file *file;
2881
2882 ds = delegstateid(st);
2883 nf = st->sc_file;
2884
2885 seq_puts(s, "- ");
2886 nfs4_show_stateid(s, &st->sc_stateid);
2887 seq_puts(s, ": { type: deleg, ");
2888
2889 seq_printf(s, "access: %s",
2890 ds->dl_type == NFS4_OPEN_DELEGATE_READ ? "r" : "w");
2891
2892 /* XXX: lease time, whether it's being recalled. */
2893
2894 spin_lock(&nf->fi_lock);
2895 file = nf->fi_deleg_file;
2896 if (file) {
2897 seq_puts(s, ", ");
2898 nfs4_show_superblock(s, file);
2899 seq_puts(s, ", ");
2900 nfs4_show_fname(s, file);
2901 }
2902 spin_unlock(&nf->fi_lock);
2903 if (st->sc_status & SC_STATUS_ADMIN_REVOKED)
2904 seq_puts(s, ", admin-revoked");
2905 seq_puts(s, " }\n");
2906 return 0;
2907 }
2908
2909 static int nfs4_show_layout(struct seq_file *s, struct nfs4_stid *st)
2910 {
2911 struct nfs4_layout_stateid *ls;
2912 struct nfsd_file *file;
2913
2914 ls = container_of(st, struct nfs4_layout_stateid, ls_stid);
2915
2916 seq_puts(s, "- ");
2917 nfs4_show_stateid(s, &st->sc_stateid);
2918 seq_puts(s, ": { type: layout");
2919
2920 /* XXX: What else would be useful? */
2921
2922 spin_lock(&ls->ls_stid.sc_file->fi_lock);
2923 file = ls->ls_file;
2924 if (file) {
2925 seq_puts(s, ", ");
2926 nfs4_show_superblock(s, file);
2927 seq_puts(s, ", ");
2928 nfs4_show_fname(s, file);
2929 }
2930 spin_unlock(&ls->ls_stid.sc_file->fi_lock);
2931 if (st->sc_status & SC_STATUS_ADMIN_REVOKED)
2932 seq_puts(s, ", admin-revoked");
2933 seq_puts(s, " }\n");
2934
2935 return 0;
2936 }
2937
2938 static int states_show(struct seq_file *s, void *v)
2939 {
2940 struct nfs4_stid *st = v;
2941
2942 switch (st->sc_type) {
2943 case SC_TYPE_OPEN:
2944 return nfs4_show_open(s, st);
2945 case SC_TYPE_LOCK:
2946 return nfs4_show_lock(s, st);
2947 case SC_TYPE_DELEG:
2948 return nfs4_show_deleg(s, st);
2949 case SC_TYPE_LAYOUT:
2950 return nfs4_show_layout(s, st);
2951 default:
2952 return 0; /* XXX: or SEQ_SKIP? */
2953 }
2954 /* XXX: copy stateids? */
2955 }
2956
2957 static struct seq_operations states_seq_ops = {
2958 .start = states_start,
2959 .next = states_next,
2960 .stop = states_stop,
2961 .show = states_show
2962 };
2963
2964 static int client_states_open(struct inode *inode, struct file *file)
2965 {
2966 struct seq_file *s;
2967 struct nfs4_client *clp;
2968 int ret;
2969
2970 clp = get_nfsdfs_clp(inode);
2971 if (!clp)
2972 return -ENXIO;
2973
2974 ret = seq_open(file, &states_seq_ops);
2975 if (ret)
2976 return ret;
2977 s = file->private_data;
2978 s->private = clp;
2979 return 0;
2980 }
2981
2982 static int client_opens_release(struct inode *inode, struct file *file)
2983 {
2984 struct seq_file *m = file->private_data;
2985 struct nfs4_client *clp = m->private;
2986
2987 /* XXX: alternatively, we could get/drop in seq start/stop */
2988 drop_client(clp);
2989 return seq_release(inode, file);
2990 }
2991
2992 static const struct file_operations client_states_fops = {
2993 .open = client_states_open,
2994 .read = seq_read,
2995 .llseek = seq_lseek,
2996 .release = client_opens_release,
2997 };
2998
2999 /*
3000 * Normally we refuse to destroy clients that are in use, but here the
3001 * administrator is telling us to just do it. We also want to wait
3002 * so the caller has a guarantee that the client's locks are gone by
3003 * the time the write returns:
3004 */
3005 static void force_expire_client(struct nfs4_client *clp)
3006 {
3007 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
3008 bool already_expired;
3009
3010 trace_nfsd_clid_admin_expired(&clp->cl_clientid);
3011
3012 spin_lock(&nn->client_lock);
3013 clp->cl_time = 0;
3014 spin_unlock(&nn->client_lock);
3015
3016 wait_event(expiry_wq, atomic_read(&clp->cl_rpc_users) == 0);
3017 spin_lock(&nn->client_lock);
3018 already_expired = list_empty(&clp->cl_lru);
3019 if (!already_expired)
3020 unhash_client_locked(clp);
3021 spin_unlock(&nn->client_lock);
3022
3023 if (!already_expired)
3024 expire_client(clp);
3025 else
3026 wait_event(expiry_wq, clp->cl_nfsd_dentry == NULL);
3027 }
3028
3029 static ssize_t client_ctl_write(struct file *file, const char __user *buf,
3030 size_t size, loff_t *pos)
3031 {
3032 char *data;
3033 struct nfs4_client *clp;
3034
3035 data = simple_transaction_get(file, buf, size);
3036 if (IS_ERR(data))
3037 return PTR_ERR(data);
3038 if (size != 7 || 0 != memcmp(data, "expire\n", 7))
3039 return -EINVAL;
3040 clp = get_nfsdfs_clp(file_inode(file));
3041 if (!clp)
3042 return -ENXIO;
3043 force_expire_client(clp);
3044 drop_client(clp);
3045 return 7;
3046 }
3047
3048 static const struct file_operations client_ctl_fops = {
3049 .write = client_ctl_write,
3050 .release = simple_transaction_release,
3051 };
3052
3053 static const struct tree_descr client_files[] = {
3054 [0] = {"info", &client_info_fops, S_IRUSR},
3055 [1] = {"states", &client_states_fops, S_IRUSR},
3056 [2] = {"ctl", &client_ctl_fops, S_IWUSR},
3057 [3] = {""},
3058 };
3059
3060 static int
3061 nfsd4_cb_recall_any_done(struct nfsd4_callback *cb,
3062 struct rpc_task *task)
3063 {
3064 trace_nfsd_cb_recall_any_done(cb, task);
3065 switch (task->tk_status) {
3066 case -NFS4ERR_DELAY:
3067 rpc_delay(task, 2 * HZ);
3068 return 0;
3069 default:
3070 return 1;
3071 }
3072 }
3073
3074 static void
3075 nfsd4_cb_recall_any_release(struct nfsd4_callback *cb)
3076 {
3077 struct nfs4_client *clp = cb->cb_clp;
3078
3079 clear_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags);
3080 drop_client(clp);
3081 }
3082
3083 static int
3084 nfsd4_cb_getattr_done(struct nfsd4_callback *cb, struct rpc_task *task)
3085 {
3086 struct nfs4_cb_fattr *ncf =
3087 container_of(cb, struct nfs4_cb_fattr, ncf_getattr);
3088 struct nfs4_delegation *dp =
3089 container_of(ncf, struct nfs4_delegation, dl_cb_fattr);
3090
3091 trace_nfsd_cb_getattr_done(&dp->dl_stid.sc_stateid, task);
3092 ncf->ncf_cb_status = task->tk_status;
3093 switch (task->tk_status) {
3094 case -NFS4ERR_DELAY:
3095 rpc_delay(task, 2 * HZ);
3096 return 0;
3097 default:
3098 return 1;
3099 }
3100 }
3101
3102 static void
3103 nfsd4_cb_getattr_release(struct nfsd4_callback *cb)
3104 {
3105 struct nfs4_cb_fattr *ncf =
3106 container_of(cb, struct nfs4_cb_fattr, ncf_getattr);
3107 struct nfs4_delegation *dp =
3108 container_of(ncf, struct nfs4_delegation, dl_cb_fattr);
3109
3110 clear_and_wake_up_bit(CB_GETATTR_BUSY, &ncf->ncf_cb_flags);
3111 nfs4_put_stid(&dp->dl_stid);
3112 }
3113
3114 static const struct nfsd4_callback_ops nfsd4_cb_recall_any_ops = {
3115 .done = nfsd4_cb_recall_any_done,
3116 .release = nfsd4_cb_recall_any_release,
3117 .opcode = OP_CB_RECALL_ANY,
3118 };
3119
3120 static const struct nfsd4_callback_ops nfsd4_cb_getattr_ops = {
3121 .done = nfsd4_cb_getattr_done,
3122 .release = nfsd4_cb_getattr_release,
3123 .opcode = OP_CB_GETATTR,
3124 };
3125
3126 static void nfs4_cb_getattr(struct nfs4_cb_fattr *ncf)
3127 {
3128 struct nfs4_delegation *dp =
3129 container_of(ncf, struct nfs4_delegation, dl_cb_fattr);
3130
3131 if (test_and_set_bit(CB_GETATTR_BUSY, &ncf->ncf_cb_flags))
3132 return;
3133 /* set to proper status when nfsd4_cb_getattr_done runs */
3134 ncf->ncf_cb_status = NFS4ERR_IO;
3135
3136 refcount_inc(&dp->dl_stid.sc_count);
3137 nfsd4_run_cb(&ncf->ncf_getattr);
3138 }
3139
3140 static struct nfs4_client *create_client(struct xdr_netobj name,
3141 struct svc_rqst *rqstp, nfs4_verifier *verf)
3142 {
3143 struct nfs4_client *clp;
3144 struct sockaddr *sa = svc_addr(rqstp);
3145 int ret;
3146 struct net *net = SVC_NET(rqstp);
3147 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
3148 struct dentry *dentries[ARRAY_SIZE(client_files)];
3149
3150 clp = alloc_client(name, nn);
3151 if (clp == NULL)
3152 return NULL;
3153
3154 ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred);
3155 if (ret) {
3156 free_client(clp);
3157 return NULL;
3158 }
3159 gen_clid(clp, nn);
3160 kref_init(&clp->cl_nfsdfs.cl_ref);
3161 nfsd4_init_cb(&clp->cl_cb_null, clp, NULL, NFSPROC4_CLNT_CB_NULL);
3162 clp->cl_time = ktime_get_boottime_seconds();
3163 copy_verf(clp, verf);
3164 memcpy(&clp->cl_addr, sa, sizeof(struct sockaddr_storage));
3165 clp->cl_cb_session = NULL;
3166 clp->net = net;
3167 clp->cl_nfsd_dentry = nfsd_client_mkdir(
3168 nn, &clp->cl_nfsdfs,
3169 clp->cl_clientid.cl_id - nn->clientid_base,
3170 client_files, dentries);
3171 clp->cl_nfsd_info_dentry = dentries[0];
3172 if (!clp->cl_nfsd_dentry) {
3173 free_client(clp);
3174 return NULL;
3175 }
3176 clp->cl_ra = kzalloc(sizeof(*clp->cl_ra), GFP_KERNEL);
3177 if (!clp->cl_ra) {
3178 free_client(clp);
3179 return NULL;
3180 }
3181 clp->cl_ra_time = 0;
3182 nfsd4_init_cb(&clp->cl_ra->ra_cb, clp, &nfsd4_cb_recall_any_ops,
3183 NFSPROC4_CLNT_CB_RECALL_ANY);
3184 return clp;
3185 }
3186
3187 static void
3188 add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root)
3189 {
3190 struct rb_node **new = &(root->rb_node), *parent = NULL;
3191 struct nfs4_client *clp;
3192
3193 while (*new) {
3194 clp = rb_entry(*new, struct nfs4_client, cl_namenode);
3195 parent = *new;
3196
3197 if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0)
3198 new = &((*new)->rb_left);
3199 else
3200 new = &((*new)->rb_right);
3201 }
3202
3203 rb_link_node(&new_clp->cl_namenode, parent, new);
3204 rb_insert_color(&new_clp->cl_namenode, root);
3205 }
3206
3207 static struct nfs4_client *
3208 find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root)
3209 {
3210 int cmp;
3211 struct rb_node *node = root->rb_node;
3212 struct nfs4_client *clp;
3213
3214 while (node) {
3215 clp = rb_entry(node, struct nfs4_client, cl_namenode);
3216 cmp = compare_blob(&clp->cl_name, name);
3217 if (cmp > 0)
3218 node = node->rb_left;
3219 else if (cmp < 0)
3220 node = node->rb_right;
3221 else
3222 return clp;
3223 }
3224 return NULL;
3225 }
3226
3227 static void
3228 add_to_unconfirmed(struct nfs4_client *clp)
3229 {
3230 unsigned int idhashval;
3231 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
3232
3233 lockdep_assert_held(&nn->client_lock);
3234
3235 clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
3236 add_clp_to_name_tree(clp, &nn->unconf_name_tree);
3237 idhashval = clientid_hashval(clp->cl_clientid.cl_id);
3238 list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]);
3239 renew_client_locked(clp);
3240 }
3241
3242 static void
3243 move_to_confirmed(struct nfs4_client *clp)
3244 {
3245 unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id);
3246 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id);
3247
3248 lockdep_assert_held(&nn->client_lock);
3249
3250 list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]);
3251 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree);
3252 add_clp_to_name_tree(clp, &nn->conf_name_tree);
3253 set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags);
3254 trace_nfsd_clid_confirmed(&clp->cl_clientid);
3255 renew_client_locked(clp);
3256 }
3257
3258 static struct nfs4_client *
3259 find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions)
3260 {
3261 struct nfs4_client *clp;
3262 unsigned int idhashval = clientid_hashval(clid->cl_id);
3263
3264 list_for_each_entry(clp, &tbl[idhashval], cl_idhash) {
3265 if (same_clid(&clp->cl_clientid, clid)) {
3266 if ((bool)clp->cl_minorversion != sessions)
3267 return NULL;
3268 renew_client_locked(clp);
3269 return clp;
3270 }
3271 }
3272 return NULL;
3273 }
3274
3275 static struct nfs4_client *
3276 find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
3277 {
3278 struct list_head *tbl = nn->conf_id_hashtbl;
3279
3280 lockdep_assert_held(&nn->client_lock);
3281 return find_client_in_id_table(tbl, clid, sessions);
3282 }
3283
3284 static struct nfs4_client *
3285 find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn)
3286 {
3287 struct list_head *tbl = nn->unconf_id_hashtbl;
3288
3289 lockdep_assert_held(&nn->client_lock);
3290 return find_client_in_id_table(tbl, clid, sessions);
3291 }
3292
3293 static bool clp_used_exchangeid(struct nfs4_client *clp)
3294 {
3295 return clp->cl_exchange_flags != 0;
3296 }
3297
3298 static struct nfs4_client *
3299 find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
3300 {
3301 lockdep_assert_held(&nn->client_lock);
3302 return find_clp_in_name_tree(name, &nn->conf_name_tree);
3303 }
3304
3305 static struct nfs4_client *
3306 find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn)
3307 {
3308 lockdep_assert_held(&nn->client_lock);
3309 return find_clp_in_name_tree(name, &nn->unconf_name_tree);
3310 }
3311
3312 static void
3313 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp)
3314 {
3315 struct nfs4_cb_conn *conn = &clp->cl_cb_conn;
3316 struct sockaddr *sa = svc_addr(rqstp);
3317 u32 scopeid = rpc_get_scope_id(sa);
3318 unsigned short expected_family;
3319
3320 /* Currently, we only support tcp and tcp6 for the callback channel */
3321 if (se->se_callback_netid_len == 3 &&
3322 !memcmp(se->se_callback_netid_val, "tcp", 3))
3323 expected_family = AF_INET;
3324 else if (se->se_callback_netid_len == 4 &&
3325 !memcmp(se->se_callback_netid_val, "tcp6", 4))
3326 expected_family = AF_INET6;
3327 else
3328 goto out_err;
3329
3330 conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val,
3331 se->se_callback_addr_len,
3332 (struct sockaddr *)&conn->cb_addr,
3333 sizeof(conn->cb_addr));
3334
3335 if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family)
3336 goto out_err;
3337
3338 if (conn->cb_addr.ss_family == AF_INET6)
3339 ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid;
3340
3341 conn->cb_prog = se->se_callback_prog;
3342 conn->cb_ident = se->se_callback_ident;
3343 memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen);
3344 trace_nfsd_cb_args(clp, conn);
3345 return;
3346 out_err:
3347 conn->cb_addr.ss_family = AF_UNSPEC;
3348 conn->cb_addrlen = 0;
3349 trace_nfsd_cb_nodelegs(clp);
3350 return;
3351 }
3352
3353 /*
3354 * Cache a reply. nfsd4_check_resp_size() has bounded the cache size.
3355 */
3356 static void
3357 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp)
3358 {
3359 struct xdr_buf *buf = resp->xdr->buf;
3360 struct nfsd4_slot *slot = resp->cstate.slot;
3361 unsigned int base;
3362
3363 dprintk("--> %s slot %p\n", __func__, slot);
3364
3365 slot->sl_flags |= NFSD4_SLOT_INITIALIZED;
3366 slot->sl_opcnt = resp->opcnt;
3367 slot->sl_status = resp->cstate.status;
3368 free_svc_cred(&slot->sl_cred);
3369 copy_cred(&slot->sl_cred, &resp->rqstp->rq_cred);
3370
3371 if (!nfsd4_cache_this(resp)) {
3372 slot->sl_flags &= ~NFSD4_SLOT_CACHED;
3373 return;
3374 }
3375 slot->sl_flags |= NFSD4_SLOT_CACHED;
3376
3377 base = resp->cstate.data_offset;
3378 slot->sl_datalen = buf->len - base;
3379 if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen))
3380 WARN(1, "%s: sessions DRC could not cache compound\n",
3381 __func__);
3382 return;
3383 }
3384
3385 /*
3386 * Encode the replay sequence operation from the slot values.
3387 * If cachethis is FALSE encode the uncached rep error on the next
3388 * operation which sets resp->p and increments resp->opcnt for
3389 * nfs4svc_encode_compoundres.
3390 *
3391 */
3392 static __be32
3393 nfsd4_enc_sequence_replay(struct nfsd4_compoundargs *args,
3394 struct nfsd4_compoundres *resp)
3395 {
3396 struct nfsd4_op *op;
3397 struct nfsd4_slot *slot = resp->cstate.slot;
3398
3399 /* Encode the replayed sequence operation */
3400 op = &args->ops[resp->opcnt - 1];
3401 nfsd4_encode_operation(resp, op);
3402
3403 if (slot->sl_flags & NFSD4_SLOT_CACHED)
3404 return op->status;
3405 if (args->opcnt == 1) {
3406 /*
3407 * The original operation wasn't a solo sequence--we
3408 * always cache those--so this retry must not match the
3409 * original:
3410 */
3411 op->status = nfserr_seq_false_retry;
3412 } else {
3413 op = &args->ops[resp->opcnt++];
3414 op->status = nfserr_retry_uncached_rep;
3415 nfsd4_encode_operation(resp, op);
3416 }
3417 return op->status;
3418 }
3419
3420 /*
3421 * The sequence operation is not cached because we can use the slot and
3422 * session values.
3423 */
3424 static __be32
3425 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp,
3426 struct nfsd4_sequence *seq)
3427 {
3428 struct nfsd4_slot *slot = resp->cstate.slot;
3429 struct xdr_stream *xdr = resp->xdr;
3430 __be32 *p;
3431 __be32 status;
3432
3433 dprintk("--> %s slot %p\n", __func__, slot);
3434
3435 status = nfsd4_enc_sequence_replay(resp->rqstp->rq_argp, resp);
3436 if (status)
3437 return status;
3438
3439 p = xdr_reserve_space(xdr, slot->sl_datalen);
3440 if (!p) {
3441 WARN_ON_ONCE(1);
3442 return nfserr_serverfault;
3443 }
3444 xdr_encode_opaque_fixed(p, slot->sl_data, slot->sl_datalen);
3445 xdr_commit_encode(xdr);
3446
3447 resp->opcnt = slot->sl_opcnt;
3448 return slot->sl_status;
3449 }
3450
3451 /*
3452 * Set the exchange_id flags returned by the server.
3453 */
3454 static void
3455 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid)
3456 {
3457 #ifdef CONFIG_NFSD_PNFS
3458 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_PNFS_MDS;
3459 #else
3460 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS;
3461 #endif
3462
3463 /* Referrals are supported, Migration is not. */
3464 new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER;
3465
3466 /* set the wire flags to return to client. */
3467 clid->flags = new->cl_exchange_flags;
3468 }
3469
3470 static bool client_has_openowners(struct nfs4_client *clp)
3471 {
3472 struct nfs4_openowner *oo;
3473
3474 list_for_each_entry(oo, &clp->cl_openowners, oo_perclient) {
3475 if (!list_empty(&oo->oo_owner.so_stateids))
3476 return true;
3477 }
3478 return false;
3479 }
3480
3481 static bool client_has_state(struct nfs4_client *clp)
3482 {
3483 return client_has_openowners(clp)
3484 #ifdef CONFIG_NFSD_PNFS
3485 || !list_empty(&clp->cl_lo_states)
3486 #endif
3487 || !list_empty(&clp->cl_delegations)
3488 || !list_empty(&clp->cl_sessions)
3489 || nfsd4_has_active_async_copies(clp);
3490 }
3491
3492 static __be32 copy_impl_id(struct nfs4_client *clp,
3493 struct nfsd4_exchange_id *exid)
3494 {
3495 if (!exid->nii_domain.data)
3496 return 0;
3497 xdr_netobj_dup(&clp->cl_nii_domain, &exid->nii_domain, GFP_KERNEL);
3498 if (!clp->cl_nii_domain.data)
3499 return nfserr_jukebox;
3500 xdr_netobj_dup(&clp->cl_nii_name, &exid->nii_name, GFP_KERNEL);
3501 if (!clp->cl_nii_name.data)
3502 return nfserr_jukebox;
3503 clp->cl_nii_time = exid->nii_time;
3504 return 0;
3505 }
3506
3507 __be32
3508 nfsd4_exchange_id(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3509 union nfsd4_op_u *u)
3510 {
3511 struct nfsd4_exchange_id *exid = &u->exchange_id;
3512 struct nfs4_client *conf, *new;
3513 struct nfs4_client *unconf = NULL;
3514 __be32 status;
3515 char addr_str[INET6_ADDRSTRLEN];
3516 nfs4_verifier verf = exid->verifier;
3517 struct sockaddr *sa = svc_addr(rqstp);
3518 bool update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A;
3519 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3520
3521 rpc_ntop(sa, addr_str, sizeof(addr_str));
3522 dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p "
3523 "ip_addr=%s flags %x, spa_how %u\n",
3524 __func__, rqstp, exid, exid->clname.len, exid->clname.data,
3525 addr_str, exid->flags, exid->spa_how);
3526
3527 exid->server_impl_name = kasprintf(GFP_KERNEL, "%s %s %s %s",
3528 utsname()->sysname, utsname()->release,
3529 utsname()->version, utsname()->machine);
3530 if (!exid->server_impl_name)
3531 return nfserr_jukebox;
3532
3533 if (exid->flags & ~EXCHGID4_FLAG_MASK_A)
3534 return nfserr_inval;
3535
3536 new = create_client(exid->clname, rqstp, &verf);
3537 if (new == NULL)
3538 return nfserr_jukebox;
3539 status = copy_impl_id(new, exid);
3540 if (status)
3541 goto out_nolock;
3542
3543 switch (exid->spa_how) {
3544 case SP4_MACH_CRED:
3545 exid->spo_must_enforce[0] = 0;
3546 exid->spo_must_enforce[1] = (
3547 1 << (OP_BIND_CONN_TO_SESSION - 32) |
3548 1 << (OP_EXCHANGE_ID - 32) |
3549 1 << (OP_CREATE_SESSION - 32) |
3550 1 << (OP_DESTROY_SESSION - 32) |
3551 1 << (OP_DESTROY_CLIENTID - 32));
3552
3553 exid->spo_must_allow[0] &= (1 << (OP_CLOSE) |
3554 1 << (OP_OPEN_DOWNGRADE) |
3555 1 << (OP_LOCKU) |
3556 1 << (OP_DELEGRETURN));
3557
3558 exid->spo_must_allow[1] &= (
3559 1 << (OP_TEST_STATEID - 32) |
3560 1 << (OP_FREE_STATEID - 32));
3561 if (!svc_rqst_integrity_protected(rqstp)) {
3562 status = nfserr_inval;
3563 goto out_nolock;
3564 }
3565 /*
3566 * Sometimes userspace doesn't give us a principal.
3567 * Which is a bug, really. Anyway, we can't enforce
3568 * MACH_CRED in that case, better to give up now:
3569 */
3570 if (!new->cl_cred.cr_principal &&
3571 !new->cl_cred.cr_raw_principal) {
3572 status = nfserr_serverfault;
3573 goto out_nolock;
3574 }
3575 new->cl_mach_cred = true;
3576 break;
3577 case SP4_NONE:
3578 break;
3579 default: /* checked by xdr code */
3580 WARN_ON_ONCE(1);
3581 fallthrough;
3582 case SP4_SSV:
3583 status = nfserr_encr_alg_unsupp;
3584 goto out_nolock;
3585 }
3586
3587 /* Cases below refer to rfc 5661 section 18.35.4: */
3588 spin_lock(&nn->client_lock);
3589 conf = find_confirmed_client_by_name(&exid->clname, nn);
3590 if (conf) {
3591 bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred);
3592 bool verfs_match = same_verf(&verf, &conf->cl_verifier);
3593
3594 if (update) {
3595 if (!clp_used_exchangeid(conf)) { /* buggy client */
3596 status = nfserr_inval;
3597 goto out;
3598 }
3599 if (!nfsd4_mach_creds_match(conf, rqstp)) {
3600 status = nfserr_wrong_cred;
3601 goto out;
3602 }
3603 if (!creds_match) { /* case 9 */
3604 status = nfserr_perm;
3605 goto out;
3606 }
3607 if (!verfs_match) { /* case 8 */
3608 status = nfserr_not_same;
3609 goto out;
3610 }
3611 /* case 6 */
3612 exid->flags |= EXCHGID4_FLAG_CONFIRMED_R;
3613 trace_nfsd_clid_confirmed_r(conf);
3614 goto out_copy;
3615 }
3616 if (!creds_match) { /* case 3 */
3617 if (client_has_state(conf)) {
3618 status = nfserr_clid_inuse;
3619 trace_nfsd_clid_cred_mismatch(conf, rqstp);
3620 goto out;
3621 }
3622 goto out_new;
3623 }
3624 if (verfs_match) { /* case 2 */
3625 conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R;
3626 trace_nfsd_clid_confirmed_r(conf);
3627 goto out_copy;
3628 }
3629 /* case 5, client reboot */
3630 trace_nfsd_clid_verf_mismatch(conf, rqstp, &verf);
3631 conf = NULL;
3632 goto out_new;
3633 }
3634
3635 if (update) { /* case 7 */
3636 status = nfserr_noent;
3637 goto out;
3638 }
3639
3640 unconf = find_unconfirmed_client_by_name(&exid->clname, nn);
3641 if (unconf) /* case 4, possible retry or client restart */
3642 unhash_client_locked(unconf);
3643
3644 /* case 1, new owner ID */
3645 trace_nfsd_clid_fresh(new);
3646
3647 out_new:
3648 if (conf) {
3649 status = mark_client_expired_locked(conf);
3650 if (status)
3651 goto out;
3652 trace_nfsd_clid_replaced(&conf->cl_clientid);
3653 }
3654 new->cl_minorversion = cstate->minorversion;
3655 new->cl_spo_must_allow.u.words[0] = exid->spo_must_allow[0];
3656 new->cl_spo_must_allow.u.words[1] = exid->spo_must_allow[1];
3657
3658 /* Contrived initial CREATE_SESSION response */
3659 new->cl_cs_slot.sl_status = nfserr_seq_misordered;
3660
3661 add_to_unconfirmed(new);
3662 swap(new, conf);
3663 out_copy:
3664 exid->clientid.cl_boot = conf->cl_clientid.cl_boot;
3665 exid->clientid.cl_id = conf->cl_clientid.cl_id;
3666
3667 exid->seqid = conf->cl_cs_slot.sl_seqid + 1;
3668 nfsd4_set_ex_flags(conf, exid);
3669
3670 exid->nii_domain.len = sizeof("kernel.org") - 1;
3671 exid->nii_domain.data = "kernel.org";
3672
3673 /*
3674 * Note that RFC 8881 places no length limit on
3675 * nii_name, but this implementation permits no
3676 * more than NFS4_OPAQUE_LIMIT bytes.
3677 */
3678 exid->nii_name.len = strlen(exid->server_impl_name);
3679 if (exid->nii_name.len > NFS4_OPAQUE_LIMIT)
3680 exid->nii_name.len = NFS4_OPAQUE_LIMIT;
3681 exid->nii_name.data = exid->server_impl_name;
3682
3683 /* just send zeros - the date is in nii_name */
3684 exid->nii_time.tv_sec = 0;
3685 exid->nii_time.tv_nsec = 0;
3686
3687 dprintk("nfsd4_exchange_id seqid %d flags %x\n",
3688 conf->cl_cs_slot.sl_seqid, conf->cl_exchange_flags);
3689 status = nfs_ok;
3690
3691 out:
3692 spin_unlock(&nn->client_lock);
3693 out_nolock:
3694 if (new)
3695 expire_client(new);
3696 if (unconf) {
3697 trace_nfsd_clid_expire_unconf(&unconf->cl_clientid);
3698 expire_client(unconf);
3699 }
3700 return status;
3701 }
3702
3703 void
3704 nfsd4_exchange_id_release(union nfsd4_op_u *u)
3705 {
3706 struct nfsd4_exchange_id *exid = &u->exchange_id;
3707
3708 kfree(exid->server_impl_name);
3709 }
3710
3711 static __be32 check_slot_seqid(u32 seqid, u32 slot_seqid, bool slot_inuse)
3712 {
3713 /* The slot is in use, and no response has been sent. */
3714 if (slot_inuse) {
3715 if (seqid == slot_seqid)
3716 return nfserr_jukebox;
3717 else
3718 return nfserr_seq_misordered;
3719 }
3720 /* Note unsigned 32-bit arithmetic handles wraparound: */
3721 if (likely(seqid == slot_seqid + 1))
3722 return nfs_ok;
3723 if (seqid == slot_seqid)
3724 return nfserr_replay_cache;
3725 return nfserr_seq_misordered;
3726 }
3727
3728 /*
3729 * Cache the create session result into the create session single DRC
3730 * slot cache by saving the xdr structure. sl_seqid has been set.
3731 * Do this for solo or embedded create session operations.
3732 */
3733 static void
3734 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses,
3735 struct nfsd4_clid_slot *slot, __be32 nfserr)
3736 {
3737 slot->sl_status = nfserr;
3738 memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses));
3739 }
3740
3741 static __be32
3742 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses,
3743 struct nfsd4_clid_slot *slot)
3744 {
3745 memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses));
3746 return slot->sl_status;
3747 }
3748
3749 #define NFSD_MIN_REQ_HDR_SEQ_SZ ((\
3750 2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \
3751 1 + /* MIN tag is length with zero, only length */ \
3752 3 + /* version, opcount, opcode */ \
3753 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
3754 /* seqid, slotID, slotID, cache */ \
3755 4 ) * sizeof(__be32))
3756
3757 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\
3758 2 + /* verifier: AUTH_NULL, length 0 */\
3759 1 + /* status */ \
3760 1 + /* MIN tag is length with zero, only length */ \
3761 3 + /* opcount, opcode, opstatus*/ \
3762 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \
3763 /* seqid, slotID, slotID, slotID, status */ \
3764 5 ) * sizeof(__be32))
3765
3766 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn)
3767 {
3768 u32 maxrpc = nn->nfsd_serv->sv_max_mesg;
3769
3770 if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ)
3771 return nfserr_toosmall;
3772 if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ)
3773 return nfserr_toosmall;
3774 ca->headerpadsz = 0;
3775 ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc);
3776 ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc);
3777 ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND);
3778 ca->maxresp_cached = min_t(u32, ca->maxresp_cached,
3779 NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ);
3780 ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION);
3781 /*
3782 * Note decreasing slot size below client's request may make it
3783 * difficult for client to function correctly, whereas
3784 * decreasing the number of slots will (just?) affect
3785 * performance. When short on memory we therefore prefer to
3786 * decrease number of slots instead of their size. Clients that
3787 * request larger slots than they need will get poor results:
3788 * Note that we always allow at least one slot, because our
3789 * accounting is soft and provides no guarantees either way.
3790 */
3791 ca->maxreqs = nfsd4_get_drc_mem(ca, nn);
3792
3793 return nfs_ok;
3794 }
3795
3796 /*
3797 * Server's NFSv4.1 backchannel support is AUTH_SYS-only for now.
3798 * These are based on similar macros in linux/sunrpc/msg_prot.h .
3799 */
3800 #define RPC_MAX_HEADER_WITH_AUTH_SYS \
3801 (RPC_CALLHDRSIZE + 2 * (2 + UNX_CALLSLACK))
3802
3803 #define RPC_MAX_REPHEADER_WITH_AUTH_SYS \
3804 (RPC_REPHDRSIZE + (2 + NUL_REPLYSLACK))
3805
3806 #define NFSD_CB_MAX_REQ_SZ ((NFS4_enc_cb_recall_sz + \
3807 RPC_MAX_HEADER_WITH_AUTH_SYS) * sizeof(__be32))
3808 #define NFSD_CB_MAX_RESP_SZ ((NFS4_dec_cb_recall_sz + \
3809 RPC_MAX_REPHEADER_WITH_AUTH_SYS) * \
3810 sizeof(__be32))
3811
3812 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
3813 {
3814 ca->headerpadsz = 0;
3815
3816 if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ)
3817 return nfserr_toosmall;
3818 if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ)
3819 return nfserr_toosmall;
3820 ca->maxresp_cached = 0;
3821 if (ca->maxops < 2)
3822 return nfserr_toosmall;
3823
3824 return nfs_ok;
3825 }
3826
3827 static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)
3828 {
3829 switch (cbs->flavor) {
3830 case RPC_AUTH_NULL:
3831 case RPC_AUTH_UNIX:
3832 return nfs_ok;
3833 default:
3834 /*
3835 * GSS case: the spec doesn't allow us to return this
3836 * error. But it also doesn't allow us not to support
3837 * GSS.
3838 * I'd rather this fail hard than return some error the
3839 * client might think it can already handle:
3840 */
3841 return nfserr_encr_alg_unsupp;
3842 }
3843 }
3844
3845 __be32
3846 nfsd4_create_session(struct svc_rqst *rqstp,
3847 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u)
3848 {
3849 struct nfsd4_create_session *cr_ses = &u->create_session;
3850 struct sockaddr *sa = svc_addr(rqstp);
3851 struct nfs4_client *conf, *unconf;
3852 struct nfsd4_clid_slot *cs_slot;
3853 struct nfs4_client *old = NULL;
3854 struct nfsd4_session *new;
3855 struct nfsd4_conn *conn;
3856 __be32 status = 0;
3857 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
3858
3859 if (cr_ses->flags & ~SESSION4_FLAG_MASK_A)
3860 return nfserr_inval;
3861 status = nfsd4_check_cb_sec(&cr_ses->cb_sec);
3862 if (status)
3863 return status;
3864 status = check_forechannel_attrs(&cr_ses->fore_channel, nn);
3865 if (status)
3866 return status;
3867 status = check_backchannel_attrs(&cr_ses->back_channel);
3868 if (status)
3869 goto out_release_drc_mem;
3870 status = nfserr_jukebox;
3871 new = alloc_session(&cr_ses->fore_channel, &cr_ses->back_channel);
3872 if (!new)
3873 goto out_release_drc_mem;
3874 conn = alloc_conn_from_crses(rqstp, cr_ses);
3875 if (!conn)
3876 goto out_free_session;
3877
3878 spin_lock(&nn->client_lock);
3879
3880 /* RFC 8881 Section 18.36.4 Phase 1: Client record look-up. */
3881 unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn);
3882 conf = find_confirmed_client(&cr_ses->clientid, true, nn);
3883 if (!conf && !unconf) {
3884 status = nfserr_stale_clientid;
3885 goto out_free_conn;
3886 }
3887
3888 /* RFC 8881 Section 18.36.4 Phase 2: Sequence ID processing. */
3889 if (conf) {
3890 cs_slot = &conf->cl_cs_slot;
3891 trace_nfsd_slot_seqid_conf(conf, cr_ses);
3892 } else {
3893 cs_slot = &unconf->cl_cs_slot;
3894 trace_nfsd_slot_seqid_unconf(unconf, cr_ses);
3895 }
3896 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);
3897 switch (status) {
3898 case nfs_ok:
3899 cs_slot->sl_seqid++;
3900 cr_ses->seqid = cs_slot->sl_seqid;
3901 break;
3902 case nfserr_replay_cache:
3903 status = nfsd4_replay_create_session(cr_ses, cs_slot);
3904 fallthrough;
3905 case nfserr_jukebox:
3906 /* The server MUST NOT cache NFS4ERR_DELAY */
3907 goto out_free_conn;
3908 default:
3909 goto out_cache_error;
3910 }
3911
3912 /* RFC 8881 Section 18.36.4 Phase 3: Client ID confirmation. */
3913 if (conf) {
3914 status = nfserr_wrong_cred;
3915 if (!nfsd4_mach_creds_match(conf, rqstp))
3916 goto out_cache_error;
3917 } else {
3918 status = nfserr_clid_inuse;
3919 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) ||
3920 !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) {
3921 trace_nfsd_clid_cred_mismatch(unconf, rqstp);
3922 goto out_cache_error;
3923 }
3924 status = nfserr_wrong_cred;
3925 if (!nfsd4_mach_creds_match(unconf, rqstp))
3926 goto out_cache_error;
3927 old = find_confirmed_client_by_name(&unconf->cl_name, nn);
3928 if (old) {
3929 status = mark_client_expired_locked(old);
3930 if (status)
3931 goto out_expired_error;
3932 trace_nfsd_clid_replaced(&old->cl_clientid);
3933 }
3934 move_to_confirmed(unconf);
3935 conf = unconf;
3936 }
3937
3938 /* RFC 8881 Section 18.36.4 Phase 4: Session creation. */
3939 status = nfs_ok;
3940 /* Persistent sessions are not supported */
3941 cr_ses->flags &= ~SESSION4_PERSIST;
3942 /* Upshifting from TCP to RDMA is not supported */
3943 cr_ses->flags &= ~SESSION4_RDMA;
3944 /* Report the correct number of backchannel slots */
3945 cr_ses->back_channel.maxreqs = new->se_cb_highest_slot + 1;
3946
3947 init_session(rqstp, new, conf, cr_ses);
3948 nfsd4_get_session_locked(new);
3949
3950 memcpy(cr_ses->sessionid.data, new->se_sessionid.data,
3951 NFS4_MAX_SESSIONID_LEN);
3952
3953 /* cache solo and embedded create sessions under the client_lock */
3954 nfsd4_cache_create_session(cr_ses, cs_slot, status);
3955 spin_unlock(&nn->client_lock);
3956 if (conf == unconf)
3957 fsnotify_dentry(conf->cl_nfsd_info_dentry, FS_MODIFY);
3958 /* init connection and backchannel */
3959 nfsd4_init_conn(rqstp, conn, new);
3960 nfsd4_put_session(new);
3961 if (old)
3962 expire_client(old);
3963 return status;
3964
3965 out_expired_error:
3966 /*
3967 * Revert the slot seq_nr change so the server will process
3968 * the client's resend instead of returning a cached response.
3969 */
3970 if (status == nfserr_jukebox) {
3971 cs_slot->sl_seqid--;
3972 cr_ses->seqid = cs_slot->sl_seqid;
3973 goto out_free_conn;
3974 }
3975 out_cache_error:
3976 nfsd4_cache_create_session(cr_ses, cs_slot, status);
3977 out_free_conn:
3978 spin_unlock(&nn->client_lock);
3979 free_conn(conn);
3980 out_free_session:
3981 __free_session(new);
3982 out_release_drc_mem:
3983 nfsd4_put_drc_mem(&cr_ses->fore_channel);
3984 return status;
3985 }
3986
3987 static __be32 nfsd4_map_bcts_dir(u32 *dir)
3988 {
3989 switch (*dir) {
3990 case NFS4_CDFC4_FORE:
3991 case NFS4_CDFC4_BACK:
3992 return nfs_ok;
3993 case NFS4_CDFC4_FORE_OR_BOTH:
3994 case NFS4_CDFC4_BACK_OR_BOTH:
3995 *dir = NFS4_CDFC4_BOTH;
3996 return nfs_ok;
3997 }
3998 return nfserr_inval;
3999 }
4000
4001 __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp,
4002 struct nfsd4_compound_state *cstate,
4003 union nfsd4_op_u *u)
4004 {
4005 struct nfsd4_backchannel_ctl *bc = &u->backchannel_ctl;
4006 struct nfsd4_session *session = cstate->session;
4007 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4008 __be32 status;
4009
4010 status = nfsd4_check_cb_sec(&bc->bc_cb_sec);
4011 if (status)
4012 return status;
4013 spin_lock(&nn->client_lock);
4014 session->se_cb_prog = bc->bc_cb_program;
4015 session->se_cb_sec = bc->bc_cb_sec;
4016 spin_unlock(&nn->client_lock);
4017
4018 nfsd4_probe_callback(session->se_client);
4019
4020 return nfs_ok;
4021 }
4022
4023 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s)
4024 {
4025 struct nfsd4_conn *c;
4026
4027 list_for_each_entry(c, &s->se_conns, cn_persession) {
4028 if (c->cn_xprt == xpt) {
4029 return c;
4030 }
4031 }
4032 return NULL;
4033 }
4034
4035 static __be32 nfsd4_match_existing_connection(struct svc_rqst *rqst,
4036 struct nfsd4_session *session, u32 req, struct nfsd4_conn **conn)
4037 {
4038 struct nfs4_client *clp = session->se_client;
4039 struct svc_xprt *xpt = rqst->rq_xprt;
4040 struct nfsd4_conn *c;
4041 __be32 status;
4042
4043 /* Following the last paragraph of RFC 5661 Section 18.34.3: */
4044 spin_lock(&clp->cl_lock);
4045 c = __nfsd4_find_conn(xpt, session);
4046 if (!c)
4047 status = nfserr_noent;
4048 else if (req == c->cn_flags)
4049 status = nfs_ok;
4050 else if (req == NFS4_CDFC4_FORE_OR_BOTH &&
4051 c->cn_flags != NFS4_CDFC4_BACK)
4052 status = nfs_ok;
4053 else if (req == NFS4_CDFC4_BACK_OR_BOTH &&
4054 c->cn_flags != NFS4_CDFC4_FORE)
4055 status = nfs_ok;
4056 else
4057 status = nfserr_inval;
4058 spin_unlock(&clp->cl_lock);
4059 if (status == nfs_ok && conn)
4060 *conn = c;
4061 return status;
4062 }
4063
4064 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
4065 struct nfsd4_compound_state *cstate,
4066 union nfsd4_op_u *u)
4067 {
4068 struct nfsd4_bind_conn_to_session *bcts = &u->bind_conn_to_session;
4069 __be32 status;
4070 struct nfsd4_conn *conn;
4071 struct nfsd4_session *session;
4072 struct net *net = SVC_NET(rqstp);
4073 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
4074
4075 if (!nfsd4_last_compound_op(rqstp))
4076 return nfserr_not_only_op;
4077 spin_lock(&nn->client_lock);
4078 session = find_in_sessionid_hashtbl(&bcts->sessionid, net, &status);
4079 spin_unlock(&nn->client_lock);
4080 if (!session)
4081 goto out_no_session;
4082 status = nfserr_wrong_cred;
4083 if (!nfsd4_mach_creds_match(session->se_client, rqstp))
4084 goto out;
4085 status = nfsd4_match_existing_connection(rqstp, session,
4086 bcts->dir, &conn);
4087 if (status == nfs_ok) {
4088 if (bcts->dir == NFS4_CDFC4_FORE_OR_BOTH ||
4089 bcts->dir == NFS4_CDFC4_BACK)
4090 conn->cn_flags |= NFS4_CDFC4_BACK;
4091 nfsd4_probe_callback(session->se_client);
4092 goto out;
4093 }
4094 if (status == nfserr_inval)
4095 goto out;
4096 status = nfsd4_map_bcts_dir(&bcts->dir);
4097 if (status)
4098 goto out;
4099 conn = alloc_conn(rqstp, bcts->dir);
4100 status = nfserr_jukebox;
4101 if (!conn)
4102 goto out;
4103 nfsd4_init_conn(rqstp, conn, session);
4104 status = nfs_ok;
4105 out:
4106 nfsd4_put_session(session);
4107 out_no_session:
4108 return status;
4109 }
4110
4111 static bool nfsd4_compound_in_session(struct nfsd4_compound_state *cstate, struct nfs4_sessionid *sid)
4112 {
4113 if (!cstate->session)
4114 return false;
4115 return !memcmp(sid, &cstate->session->se_sessionid, sizeof(*sid));
4116 }
4117
4118 __be32
4119 nfsd4_destroy_session(struct svc_rqst *r, struct nfsd4_compound_state *cstate,
4120 union nfsd4_op_u *u)
4121 {
4122 struct nfs4_sessionid *sessionid = &u->destroy_session.sessionid;
4123 struct nfsd4_session *ses;
4124 __be32 status;
4125 int ref_held_by_me = 0;
4126 struct net *net = SVC_NET(r);
4127 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
4128
4129 status = nfserr_not_only_op;
4130 if (nfsd4_compound_in_session(cstate, sessionid)) {
4131 if (!nfsd4_last_compound_op(r))
4132 goto out;
4133 ref_held_by_me++;
4134 }
4135 dump_sessionid(__func__, sessionid);
4136 spin_lock(&nn->client_lock);
4137 ses = find_in_sessionid_hashtbl(sessionid, net, &status);
4138 if (!ses)
4139 goto out_client_lock;
4140 status = nfserr_wrong_cred;
4141 if (!nfsd4_mach_creds_match(ses->se_client, r))
4142 goto out_put_session;
4143 status = mark_session_dead_locked(ses, 1 + ref_held_by_me);
4144 if (status)
4145 goto out_put_session;
4146 unhash_session(ses);
4147 spin_unlock(&nn->client_lock);
4148
4149 nfsd4_probe_callback_sync(ses->se_client);
4150
4151 spin_lock(&nn->client_lock);
4152 status = nfs_ok;
4153 out_put_session:
4154 nfsd4_put_session_locked(ses);
4155 out_client_lock:
4156 spin_unlock(&nn->client_lock);
4157 out:
4158 return status;
4159 }
4160
4161 static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)
4162 {
4163 struct nfs4_client *clp = ses->se_client;
4164 struct nfsd4_conn *c;
4165 __be32 status = nfs_ok;
4166 int ret;
4167
4168 spin_lock(&clp->cl_lock);
4169 c = __nfsd4_find_conn(new->cn_xprt, ses);
4170 if (c)
4171 goto out_free;
4172 status = nfserr_conn_not_bound_to_session;
4173 if (clp->cl_mach_cred)
4174 goto out_free;
4175 __nfsd4_hash_conn(new, ses);
4176 spin_unlock(&clp->cl_lock);
4177 ret = nfsd4_register_conn(new);
4178 if (ret)
4179 /* oops; xprt is already down: */
4180 nfsd4_conn_lost(&new->cn_xpt_user);
4181 return nfs_ok;
4182 out_free:
4183 spin_unlock(&clp->cl_lock);
4184 free_conn(new);
4185 return status;
4186 }
4187
4188 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)
4189 {
4190 struct nfsd4_compoundargs *args = rqstp->rq_argp;
4191
4192 return args->opcnt > session->se_fchannel.maxops;
4193 }
4194
4195 static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
4196 struct nfsd4_session *session)
4197 {
4198 struct xdr_buf *xb = &rqstp->rq_arg;
4199
4200 return xb->len > session->se_fchannel.maxreq_sz;
4201 }
4202
4203 static bool replay_matches_cache(struct svc_rqst *rqstp,
4204 struct nfsd4_sequence *seq, struct nfsd4_slot *slot)
4205 {
4206 struct nfsd4_compoundargs *argp = rqstp->rq_argp;
4207
4208 if ((bool)(slot->sl_flags & NFSD4_SLOT_CACHETHIS) !=
4209 (bool)seq->cachethis)
4210 return false;
4211 /*
4212 * If there's an error then the reply can have fewer ops than
4213 * the call.
4214 */
4215 if (slot->sl_opcnt < argp->opcnt && !slot->sl_status)
4216 return false;
4217 /*
4218 * But if we cached a reply with *more* ops than the call you're
4219 * sending us now, then this new call is clearly not really a
4220 * replay of the old one:
4221 */
4222 if (slot->sl_opcnt > argp->opcnt)
4223 return false;
4224 /* This is the only check explicitly called by spec: */
4225 if (!same_creds(&rqstp->rq_cred, &slot->sl_cred))
4226 return false;
4227 /*
4228 * There may be more comparisons we could actually do, but the
4229 * spec doesn't require us to catch every case where the calls
4230 * don't match (that would require caching the call as well as
4231 * the reply), so we don't bother.
4232 */
4233 return true;
4234 }
4235
4236 __be32
4237 nfsd4_sequence(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4238 union nfsd4_op_u *u)
4239 {
4240 struct nfsd4_sequence *seq = &u->sequence;
4241 struct nfsd4_compoundres *resp = rqstp->rq_resp;
4242 struct xdr_stream *xdr = resp->xdr;
4243 struct nfsd4_session *session;
4244 struct nfs4_client *clp;
4245 struct nfsd4_slot *slot;
4246 struct nfsd4_conn *conn;
4247 __be32 status;
4248 int buflen;
4249 struct net *net = SVC_NET(rqstp);
4250 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
4251
4252 if (resp->opcnt != 1)
4253 return nfserr_sequence_pos;
4254
4255 /*
4256 * Will be either used or freed by nfsd4_sequence_check_conn
4257 * below.
4258 */
4259 conn = alloc_conn(rqstp, NFS4_CDFC4_FORE);
4260 if (!conn)
4261 return nfserr_jukebox;
4262
4263 spin_lock(&nn->client_lock);
4264 session = find_in_sessionid_hashtbl(&seq->sessionid, net, &status);
4265 if (!session)
4266 goto out_no_session;
4267 clp = session->se_client;
4268
4269 status = nfserr_too_many_ops;
4270 if (nfsd4_session_too_many_ops(rqstp, session))
4271 goto out_put_session;
4272
4273 status = nfserr_req_too_big;
4274 if (nfsd4_request_too_big(rqstp, session))
4275 goto out_put_session;
4276
4277 status = nfserr_badslot;
4278 if (seq->slotid >= session->se_fchannel.maxreqs)
4279 goto out_put_session;
4280
4281 slot = session->se_slots[seq->slotid];
4282 dprintk("%s: slotid %d\n", __func__, seq->slotid);
4283
4284 /* We do not negotiate the number of slots yet, so set the
4285 * maxslots to the session maxreqs which is used to encode
4286 * sr_highest_slotid and the sr_target_slot id to maxslots */
4287 seq->maxslots = session->se_fchannel.maxreqs;
4288
4289 trace_nfsd_slot_seqid_sequence(clp, seq, slot);
4290 status = check_slot_seqid(seq->seqid, slot->sl_seqid,
4291 slot->sl_flags & NFSD4_SLOT_INUSE);
4292 if (status == nfserr_replay_cache) {
4293 status = nfserr_seq_misordered;
4294 if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED))
4295 goto out_put_session;
4296 status = nfserr_seq_false_retry;
4297 if (!replay_matches_cache(rqstp, seq, slot))
4298 goto out_put_session;
4299 cstate->slot = slot;
4300 cstate->session = session;
4301 cstate->clp = clp;
4302 /* Return the cached reply status and set cstate->status
4303 * for nfsd4_proc_compound processing */
4304 status = nfsd4_replay_cache_entry(resp, seq);
4305 cstate->status = nfserr_replay_cache;
4306 goto out;
4307 }
4308 if (status)
4309 goto out_put_session;
4310
4311 status = nfsd4_sequence_check_conn(conn, session);
4312 conn = NULL;
4313 if (status)
4314 goto out_put_session;
4315
4316 buflen = (seq->cachethis) ?
4317 session->se_fchannel.maxresp_cached :
4318 session->se_fchannel.maxresp_sz;
4319 status = (seq->cachethis) ? nfserr_rep_too_big_to_cache :
4320 nfserr_rep_too_big;
4321 if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack))
4322 goto out_put_session;
4323 svc_reserve(rqstp, buflen);
4324
4325 status = nfs_ok;
4326 /* Success! bump slot seqid */
4327 slot->sl_seqid = seq->seqid;
4328 slot->sl_flags |= NFSD4_SLOT_INUSE;
4329 if (seq->cachethis)
4330 slot->sl_flags |= NFSD4_SLOT_CACHETHIS;
4331 else
4332 slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS;
4333
4334 cstate->slot = slot;
4335 cstate->session = session;
4336 cstate->clp = clp;
4337
4338 out:
4339 switch (clp->cl_cb_state) {
4340 case NFSD4_CB_DOWN:
4341 seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN;
4342 break;
4343 case NFSD4_CB_FAULT:
4344 seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT;
4345 break;
4346 default:
4347 seq->status_flags = 0;
4348 }
4349 if (!list_empty(&clp->cl_revoked))
4350 seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED;
4351 if (atomic_read(&clp->cl_admin_revoked))
4352 seq->status_flags |= SEQ4_STATUS_ADMIN_STATE_REVOKED;
4353 trace_nfsd_seq4_status(rqstp, seq);
4354 out_no_session:
4355 if (conn)
4356 free_conn(conn);
4357 spin_unlock(&nn->client_lock);
4358 return status;
4359 out_put_session:
4360 nfsd4_put_session_locked(session);
4361 goto out_no_session;
4362 }
4363
4364 void
4365 nfsd4_sequence_done(struct nfsd4_compoundres *resp)
4366 {
4367 struct nfsd4_compound_state *cs = &resp->cstate;
4368
4369 if (nfsd4_has_session(cs)) {
4370 if (cs->status != nfserr_replay_cache) {
4371 nfsd4_store_cache_entry(resp);
4372 cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE;
4373 }
4374 /* Drop session reference that was taken in nfsd4_sequence() */
4375 nfsd4_put_session(cs->session);
4376 } else if (cs->clp)
4377 put_client_renew(cs->clp);
4378 }
4379
4380 __be32
4381 nfsd4_destroy_clientid(struct svc_rqst *rqstp,
4382 struct nfsd4_compound_state *cstate,
4383 union nfsd4_op_u *u)
4384 {
4385 struct nfsd4_destroy_clientid *dc = &u->destroy_clientid;
4386 struct nfs4_client *conf, *unconf;
4387 struct nfs4_client *clp = NULL;
4388 __be32 status = 0;
4389 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4390
4391 spin_lock(&nn->client_lock);
4392 unconf = find_unconfirmed_client(&dc->clientid, true, nn);
4393 conf = find_confirmed_client(&dc->clientid, true, nn);
4394 WARN_ON_ONCE(conf && unconf);
4395
4396 if (conf) {
4397 if (client_has_state(conf)) {
4398 status = nfserr_clientid_busy;
4399 goto out;
4400 }
4401 status = mark_client_expired_locked(conf);
4402 if (status)
4403 goto out;
4404 clp = conf;
4405 } else if (unconf)
4406 clp = unconf;
4407 else {
4408 status = nfserr_stale_clientid;
4409 goto out;
4410 }
4411 if (!nfsd4_mach_creds_match(clp, rqstp)) {
4412 clp = NULL;
4413 status = nfserr_wrong_cred;
4414 goto out;
4415 }
4416 trace_nfsd_clid_destroyed(&clp->cl_clientid);
4417 unhash_client_locked(clp);
4418 out:
4419 spin_unlock(&nn->client_lock);
4420 if (clp)
4421 expire_client(clp);
4422 return status;
4423 }
4424
4425 __be32
4426 nfsd4_reclaim_complete(struct svc_rqst *rqstp,
4427 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u)
4428 {
4429 struct nfsd4_reclaim_complete *rc = &u->reclaim_complete;
4430 struct nfs4_client *clp = cstate->clp;
4431 __be32 status = 0;
4432
4433 if (rc->rca_one_fs) {
4434 if (!cstate->current_fh.fh_dentry)
4435 return nfserr_nofilehandle;
4436 /*
4437 * We don't take advantage of the rca_one_fs case.
4438 * That's OK, it's optional, we can safely ignore it.
4439 */
4440 return nfs_ok;
4441 }
4442
4443 status = nfserr_complete_already;
4444 if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &clp->cl_flags))
4445 goto out;
4446
4447 status = nfserr_stale_clientid;
4448 if (is_client_expired(clp))
4449 /*
4450 * The following error isn't really legal.
4451 * But we only get here if the client just explicitly
4452 * destroyed the client. Surely it no longer cares what
4453 * error it gets back on an operation for the dead
4454 * client.
4455 */
4456 goto out;
4457
4458 status = nfs_ok;
4459 trace_nfsd_clid_reclaim_complete(&clp->cl_clientid);
4460 nfsd4_client_record_create(clp);
4461 inc_reclaim_complete(clp);
4462 out:
4463 return status;
4464 }
4465
4466 __be32
4467 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
4468 union nfsd4_op_u *u)
4469 {
4470 struct nfsd4_setclientid *setclid = &u->setclientid;
4471 struct xdr_netobj clname = setclid->se_name;
4472 nfs4_verifier clverifier = setclid->se_verf;
4473 struct nfs4_client *conf, *new;
4474 struct nfs4_client *unconf = NULL;
4475 __be32 status;
4476 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4477
4478 new = create_client(clname, rqstp, &clverifier);
4479 if (new == NULL)
4480 return nfserr_jukebox;
4481 spin_lock(&nn->client_lock);
4482 conf = find_confirmed_client_by_name(&clname, nn);
4483 if (conf && client_has_state(conf)) {
4484 status = nfserr_clid_inuse;
4485 if (clp_used_exchangeid(conf))
4486 goto out;
4487 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
4488 trace_nfsd_clid_cred_mismatch(conf, rqstp);
4489 goto out;
4490 }
4491 }
4492 unconf = find_unconfirmed_client_by_name(&clname, nn);
4493 if (unconf)
4494 unhash_client_locked(unconf);
4495 if (conf) {
4496 if (same_verf(&conf->cl_verifier, &clverifier)) {
4497 copy_clid(new, conf);
4498 gen_confirm(new, nn);
4499 } else
4500 trace_nfsd_clid_verf_mismatch(conf, rqstp,
4501 &clverifier);
4502 } else
4503 trace_nfsd_clid_fresh(new);
4504 new->cl_minorversion = 0;
4505 gen_callback(new, setclid, rqstp);
4506 add_to_unconfirmed(new);
4507 setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot;
4508 setclid->se_clientid.cl_id = new->cl_clientid.cl_id;
4509 memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data));
4510 new = NULL;
4511 status = nfs_ok;
4512 out:
4513 spin_unlock(&nn->client_lock);
4514 if (new)
4515 free_client(new);
4516 if (unconf) {
4517 trace_nfsd_clid_expire_unconf(&unconf->cl_clientid);
4518 expire_client(unconf);
4519 }
4520 return status;
4521 }
4522
4523 __be32
4524 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
4525 struct nfsd4_compound_state *cstate,
4526 union nfsd4_op_u *u)
4527 {
4528 struct nfsd4_setclientid_confirm *setclientid_confirm =
4529 &u->setclientid_confirm;
4530 struct nfs4_client *conf, *unconf;
4531 struct nfs4_client *old = NULL;
4532 nfs4_verifier confirm = setclientid_confirm->sc_confirm;
4533 clientid_t * clid = &setclientid_confirm->sc_clientid;
4534 __be32 status;
4535 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
4536
4537 if (STALE_CLIENTID(clid, nn))
4538 return nfserr_stale_clientid;
4539
4540 spin_lock(&nn->client_lock);
4541 conf = find_confirmed_client(clid, false, nn);
4542 unconf = find_unconfirmed_client(clid, false, nn);
4543 /*
4544 * We try hard to give out unique clientid's, so if we get an
4545 * attempt to confirm the same clientid with a different cred,
4546 * the client may be buggy; this should never happen.
4547 *
4548 * Nevertheless, RFC 7530 recommends INUSE for this case:
4549 */
4550 status = nfserr_clid_inuse;
4551 if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred)) {
4552 trace_nfsd_clid_cred_mismatch(unconf, rqstp);
4553 goto out;
4554 }
4555 if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred)) {
4556 trace_nfsd_clid_cred_mismatch(conf, rqstp);
4557 goto out;
4558 }
4559 if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) {
4560 if (conf && same_verf(&confirm, &conf->cl_confirm)) {
4561 status = nfs_ok;
4562 } else
4563 status = nfserr_stale_clientid;
4564 goto out;
4565 }
4566 status = nfs_ok;
4567 if (conf) {
4568 old = unconf;
4569 unhash_client_locked(old);
4570 nfsd4_change_callback(conf, &unconf->cl_cb_conn);
4571 } else {
4572 old = find_confirmed_client_by_name(&unconf->cl_name, nn);
4573 if (old) {
4574 status = nfserr_clid_inuse;
4575 if (client_has_state(old)
4576 && !same_creds(&unconf->cl_cred,
4577 &old->cl_cred)) {
4578 old = NULL;
4579 goto out;
4580 }
4581 status = mark_client_expired_locked(old);
4582 if (status) {
4583 old = NULL;
4584 goto out;
4585 }
4586 trace_nfsd_clid_replaced(&old->cl_clientid);
4587 }
4588 move_to_confirmed(unconf);
4589 conf = unconf;
4590 }
4591 get_client_locked(conf);
4592 spin_unlock(&nn->client_lock);
4593 if (conf == unconf)
4594 fsnotify_dentry(conf->cl_nfsd_info_dentry, FS_MODIFY);
4595 nfsd4_probe_callback(conf);
4596 spin_lock(&nn->client_lock);
4597 put_client_renew_locked(conf);
4598 out:
4599 spin_unlock(&nn->client_lock);
4600 if (old)
4601 expire_client(old);
4602 return status;
4603 }
4604
4605 static struct nfs4_file *nfsd4_alloc_file(void)
4606 {
4607 return kmem_cache_alloc(file_slab, GFP_KERNEL);
4608 }
4609
4610 /* OPEN Share state helper functions */
4611
4612 static void nfsd4_file_init(const struct svc_fh *fh, struct nfs4_file *fp)
4613 {
4614 refcount_set(&fp->fi_ref, 1);
4615 spin_lock_init(&fp->fi_lock);
4616 INIT_LIST_HEAD(&fp->fi_stateids);
4617 INIT_LIST_HEAD(&fp->fi_delegations);
4618 INIT_LIST_HEAD(&fp->fi_clnt_odstate);
4619 fh_copy_shallow(&fp->fi_fhandle, &fh->fh_handle);
4620 fp->fi_deleg_file = NULL;
4621 fp->fi_had_conflict = false;
4622 fp->fi_share_deny = 0;
4623 memset(fp->fi_fds, 0, sizeof(fp->fi_fds));
4624 memset(fp->fi_access, 0, sizeof(fp->fi_access));
4625 fp->fi_aliased = false;
4626 fp->fi_inode = d_inode(fh->fh_dentry);
4627 #ifdef CONFIG_NFSD_PNFS
4628 INIT_LIST_HEAD(&fp->fi_lo_states);
4629 atomic_set(&fp->fi_lo_recalls, 0);
4630 #endif
4631 }
4632
4633 void
4634 nfsd4_free_slabs(void)
4635 {
4636 kmem_cache_destroy(client_slab);
4637 kmem_cache_destroy(openowner_slab);
4638 kmem_cache_destroy(lockowner_slab);
4639 kmem_cache_destroy(file_slab);
4640 kmem_cache_destroy(stateid_slab);
4641 kmem_cache_destroy(deleg_slab);
4642 kmem_cache_destroy(odstate_slab);
4643 }
4644
4645 int
4646 nfsd4_init_slabs(void)
4647 {
4648 client_slab = KMEM_CACHE(nfs4_client, 0);
4649 if (client_slab == NULL)
4650 goto out;
4651 openowner_slab = KMEM_CACHE(nfs4_openowner, 0);
4652 if (openowner_slab == NULL)
4653 goto out_free_client_slab;
4654 lockowner_slab = KMEM_CACHE(nfs4_lockowner, 0);
4655 if (lockowner_slab == NULL)
4656 goto out_free_openowner_slab;
4657 file_slab = KMEM_CACHE(nfs4_file, 0);
4658 if (file_slab == NULL)
4659 goto out_free_lockowner_slab;
4660 stateid_slab = KMEM_CACHE(nfs4_ol_stateid, 0);
4661 if (stateid_slab == NULL)
4662 goto out_free_file_slab;
4663 deleg_slab = KMEM_CACHE(nfs4_delegation, 0);
4664 if (deleg_slab == NULL)
4665 goto out_free_stateid_slab;
4666 odstate_slab = KMEM_CACHE(nfs4_clnt_odstate, 0);
4667 if (odstate_slab == NULL)
4668 goto out_free_deleg_slab;
4669 return 0;
4670
4671 out_free_deleg_slab:
4672 kmem_cache_destroy(deleg_slab);
4673 out_free_stateid_slab:
4674 kmem_cache_destroy(stateid_slab);
4675 out_free_file_slab:
4676 kmem_cache_destroy(file_slab);
4677 out_free_lockowner_slab:
4678 kmem_cache_destroy(lockowner_slab);
4679 out_free_openowner_slab:
4680 kmem_cache_destroy(openowner_slab);
4681 out_free_client_slab:
4682 kmem_cache_destroy(client_slab);
4683 out:
4684 return -ENOMEM;
4685 }
4686
4687 static unsigned long
4688 nfsd4_state_shrinker_count(struct shrinker *shrink, struct shrink_control *sc)
4689 {
4690 int count;
4691 struct nfsd_net *nn = shrink->private_data;
4692
4693 count = atomic_read(&nn->nfsd_courtesy_clients);
4694 if (!count)
4695 count = atomic_long_read(&num_delegations);
4696 if (count)
4697 queue_work(laundry_wq, &nn->nfsd_shrinker_work);
4698 return (unsigned long)count;
4699 }
4700
4701 static unsigned long
4702 nfsd4_state_shrinker_scan(struct shrinker *shrink, struct shrink_control *sc)
4703 {
4704 return SHRINK_STOP;
4705 }
4706
4707 void
4708 nfsd4_init_leases_net(struct nfsd_net *nn)
4709 {
4710 struct sysinfo si;
4711 u64 max_clients;
4712
4713 nn->nfsd4_lease = 90; /* default lease time */
4714 nn->nfsd4_grace = 90;
4715 nn->somebody_reclaimed = false;
4716 nn->track_reclaim_completes = false;
4717 nn->clverifier_counter = get_random_u32();
4718 nn->clientid_base = get_random_u32();
4719 nn->clientid_counter = nn->clientid_base + 1;
4720 nn->s2s_cp_cl_id = nn->clientid_counter++;
4721
4722 atomic_set(&nn->nfs4_client_count, 0);
4723 si_meminfo(&si);
4724 max_clients = (u64)si.totalram * si.mem_unit / (1024 * 1024 * 1024);
4725 max_clients *= NFS4_CLIENTS_PER_GB;
4726 nn->nfs4_max_clients = max_t(int, max_clients, NFS4_CLIENTS_PER_GB);
4727
4728 atomic_set(&nn->nfsd_courtesy_clients, 0);
4729 }
4730
4731 enum rp_lock {
4732 RP_UNLOCKED,
4733 RP_LOCKED,
4734 RP_UNHASHED,
4735 };
4736
4737 static void init_nfs4_replay(struct nfs4_replay *rp)
4738 {
4739 rp->rp_status = nfserr_serverfault;
4740 rp->rp_buflen = 0;
4741 rp->rp_buf = rp->rp_ibuf;
4742 atomic_set(&rp->rp_locked, RP_UNLOCKED);
4743 }
4744
4745 static int nfsd4_cstate_assign_replay(struct nfsd4_compound_state *cstate,
4746 struct nfs4_stateowner *so)
4747 {
4748 if (!nfsd4_has_session(cstate)) {
4749 wait_var_event(&so->so_replay.rp_locked,
4750 atomic_cmpxchg(&so->so_replay.rp_locked,
4751 RP_UNLOCKED, RP_LOCKED) != RP_LOCKED);
4752 if (atomic_read(&so->so_replay.rp_locked) == RP_UNHASHED)
4753 return -EAGAIN;
4754 cstate->replay_owner = nfs4_get_stateowner(so);
4755 }
4756 return 0;
4757 }
4758
4759 void nfsd4_cstate_clear_replay(struct nfsd4_compound_state *cstate)
4760 {
4761 struct nfs4_stateowner *so = cstate->replay_owner;
4762
4763 if (so != NULL) {
4764 cstate->replay_owner = NULL;
4765 atomic_set(&so->so_replay.rp_locked, RP_UNLOCKED);
4766 smp_mb__after_atomic();
4767 wake_up_var(&so->so_replay.rp_locked);
4768 nfs4_put_stateowner(so);
4769 }
4770 }
4771
4772 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp)
4773 {
4774 struct nfs4_stateowner *sop;
4775
4776 sop = kmem_cache_alloc(slab, GFP_KERNEL);
4777 if (!sop)
4778 return NULL;
4779
4780 xdr_netobj_dup(&sop->so_owner, owner, GFP_KERNEL);
4781 if (!sop->so_owner.data) {
4782 kmem_cache_free(slab, sop);
4783 return NULL;
4784 }
4785
4786 INIT_LIST_HEAD(&sop->so_stateids);
4787 sop->so_client = clp;
4788 init_nfs4_replay(&sop->so_replay);
4789 atomic_set(&sop->so_count, 1);
4790 return sop;
4791 }
4792
4793 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval)
4794 {
4795 lockdep_assert_held(&clp->cl_lock);
4796
4797 list_add(&oo->oo_owner.so_strhash,
4798 &clp->cl_ownerstr_hashtbl[strhashval]);
4799 list_add(&oo->oo_perclient, &clp->cl_openowners);
4800 }
4801
4802 static void nfs4_unhash_openowner(struct nfs4_stateowner *so)
4803 {
4804 unhash_openowner_locked(openowner(so));
4805 }
4806
4807 static void nfs4_free_openowner(struct nfs4_stateowner *so)
4808 {
4809 struct nfs4_openowner *oo = openowner(so);
4810
4811 kmem_cache_free(openowner_slab, oo);
4812 }
4813
4814 static const struct nfs4_stateowner_operations openowner_ops = {
4815 .so_unhash = nfs4_unhash_openowner,
4816 .so_free = nfs4_free_openowner,
4817 };
4818
4819 static struct nfs4_ol_stateid *
4820 nfsd4_find_existing_open(struct nfs4_file *fp, struct nfsd4_open *open)
4821 {
4822 struct nfs4_ol_stateid *local, *ret = NULL;
4823 struct nfs4_openowner *oo = open->op_openowner;
4824
4825 lockdep_assert_held(&fp->fi_lock);
4826
4827 list_for_each_entry(local, &fp->fi_stateids, st_perfile) {
4828 /* ignore lock owners */
4829 if (local->st_stateowner->so_is_open_owner == 0)
4830 continue;
4831 if (local->st_stateowner != &oo->oo_owner)
4832 continue;
4833 if (local->st_stid.sc_type == SC_TYPE_OPEN &&
4834 !local->st_stid.sc_status) {
4835 ret = local;
4836 refcount_inc(&ret->st_stid.sc_count);
4837 break;
4838 }
4839 }
4840 return ret;
4841 }
4842
4843 static void nfsd4_drop_revoked_stid(struct nfs4_stid *s)
4844 __releases(&s->sc_client->cl_lock)
4845 {
4846 struct nfs4_client *cl = s->sc_client;
4847 LIST_HEAD(reaplist);
4848 struct nfs4_ol_stateid *stp;
4849 struct nfs4_delegation *dp;
4850 bool unhashed;
4851
4852 switch (s->sc_type) {
4853 case SC_TYPE_OPEN:
4854 stp = openlockstateid(s);
4855 if (unhash_open_stateid(stp, &reaplist))
4856 put_ol_stateid_locked(stp, &reaplist);
4857 spin_unlock(&cl->cl_lock);
4858 free_ol_stateid_reaplist(&reaplist);
4859 break;
4860 case SC_TYPE_LOCK:
4861 stp = openlockstateid(s);
4862 unhashed = unhash_lock_stateid(stp);
4863 spin_unlock(&cl->cl_lock);
4864 if (unhashed)
4865 nfs4_put_stid(s);
4866 break;
4867 case SC_TYPE_DELEG:
4868 dp = delegstateid(s);
4869 list_del_init(&dp->dl_recall_lru);
4870 spin_unlock(&cl->cl_lock);
4871 nfs4_put_stid(s);
4872 break;
4873 default:
4874 spin_unlock(&cl->cl_lock);
4875 }
4876 }
4877
4878 static void nfsd40_drop_revoked_stid(struct nfs4_client *cl,
4879 stateid_t *stid)
4880 {
4881 /* NFSv4.0 has no way for the client to tell the server
4882 * that it can forget an admin-revoked stateid.
4883 * So we keep it around until the first time that the
4884 * client uses it, and drop it the first time
4885 * nfserr_admin_revoked is returned.
4886 * For v4.1 and later we wait until explicitly told
4887 * to free the stateid.
4888 */
4889 if (cl->cl_minorversion == 0) {
4890 struct nfs4_stid *st;
4891
4892 spin_lock(&cl->cl_lock);
4893 st = find_stateid_locked(cl, stid);
4894 if (st)
4895 nfsd4_drop_revoked_stid(st);
4896 else
4897 spin_unlock(&cl->cl_lock);
4898 }
4899 }
4900
4901 static __be32
4902 nfsd4_verify_open_stid(struct nfs4_stid *s)
4903 {
4904 __be32 ret = nfs_ok;
4905
4906 if (s->sc_status & SC_STATUS_ADMIN_REVOKED)
4907 ret = nfserr_admin_revoked;
4908 else if (s->sc_status & SC_STATUS_REVOKED)
4909 ret = nfserr_deleg_revoked;
4910 else if (s->sc_status & SC_STATUS_CLOSED)
4911 ret = nfserr_bad_stateid;
4912 return ret;
4913 }
4914
4915 /* Lock the stateid st_mutex, and deal with races with CLOSE */
4916 static __be32
4917 nfsd4_lock_ol_stateid(struct nfs4_ol_stateid *stp)
4918 {
4919 __be32 ret;
4920
4921 mutex_lock_nested(&stp->st_mutex, LOCK_STATEID_MUTEX);
4922 ret = nfsd4_verify_open_stid(&stp->st_stid);
4923 if (ret == nfserr_admin_revoked)
4924 nfsd40_drop_revoked_stid(stp->st_stid.sc_client,
4925 &stp->st_stid.sc_stateid);
4926
4927 if (ret != nfs_ok)
4928 mutex_unlock(&stp->st_mutex);
4929 return ret;
4930 }
4931
4932 static struct nfs4_ol_stateid *
4933 nfsd4_find_and_lock_existing_open(struct nfs4_file *fp, struct nfsd4_open *open)
4934 {
4935 struct nfs4_ol_stateid *stp;
4936 for (;;) {
4937 spin_lock(&fp->fi_lock);
4938 stp = nfsd4_find_existing_open(fp, open);
4939 spin_unlock(&fp->fi_lock);
4940 if (!stp || nfsd4_lock_ol_stateid(stp) == nfs_ok)
4941 break;
4942 nfs4_put_stid(&stp->st_stid);
4943 }
4944 return stp;
4945 }
4946
4947 static struct nfs4_openowner *
4948 find_or_alloc_open_stateowner(unsigned int strhashval, struct nfsd4_open *open,
4949 struct nfsd4_compound_state *cstate)
4950 {
4951 struct nfs4_client *clp = cstate->clp;
4952 struct nfs4_openowner *oo, *new = NULL;
4953
4954 retry:
4955 spin_lock(&clp->cl_lock);
4956 oo = find_openstateowner_str(strhashval, open, clp);
4957 if (!oo && new) {
4958 hash_openowner(new, clp, strhashval);
4959 spin_unlock(&clp->cl_lock);
4960 return new;
4961 }
4962 spin_unlock(&clp->cl_lock);
4963
4964 if (oo && !(oo->oo_flags & NFS4_OO_CONFIRMED)) {
4965 /* Replace unconfirmed owners without checking for replay. */
4966 release_openowner(oo);
4967 oo = NULL;
4968 }
4969 if (oo) {
4970 if (new)
4971 nfs4_free_stateowner(&new->oo_owner);
4972 return oo;
4973 }
4974
4975 new = alloc_stateowner(openowner_slab, &open->op_owner, clp);
4976 if (!new)
4977 return NULL;
4978 new->oo_owner.so_ops = &openowner_ops;
4979 new->oo_owner.so_is_open_owner = 1;
4980 new->oo_owner.so_seqid = open->op_seqid;
4981 new->oo_flags = 0;
4982 if (nfsd4_has_session(cstate))
4983 new->oo_flags |= NFS4_OO_CONFIRMED;
4984 new->oo_time = 0;
4985 new->oo_last_closed_stid = NULL;
4986 INIT_LIST_HEAD(&new->oo_close_lru);
4987 goto retry;
4988 }
4989
4990 static struct nfs4_ol_stateid *
4991 init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open)
4992 {
4993
4994 struct nfs4_openowner *oo = open->op_openowner;
4995 struct nfs4_ol_stateid *retstp = NULL;
4996 struct nfs4_ol_stateid *stp;
4997
4998 stp = open->op_stp;
4999 /* We are moving these outside of the spinlocks to avoid the warnings */
5000 mutex_init(&stp->st_mutex);
5001 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX);
5002
5003 retry:
5004 spin_lock(&oo->oo_owner.so_client->cl_lock);
5005 spin_lock(&fp->fi_lock);
5006
5007 if (nfs4_openowner_unhashed(oo)) {
5008 mutex_unlock(&stp->st_mutex);
5009 stp = NULL;
5010 goto out_unlock;
5011 }
5012
5013 retstp = nfsd4_find_existing_open(fp, open);
5014 if (retstp)
5015 goto out_unlock;
5016
5017 open->op_stp = NULL;
5018 refcount_inc(&stp->st_stid.sc_count);
5019 stp->st_stid.sc_type = SC_TYPE_OPEN;
5020 INIT_LIST_HEAD(&stp->st_locks);
5021 stp->st_stateowner = nfs4_get_stateowner(&oo->oo_owner);
5022 get_nfs4_file(fp);
5023 stp->st_stid.sc_file = fp;
5024 stp->st_access_bmap = 0;
5025 stp->st_deny_bmap = 0;
5026 stp->st_openstp = NULL;
5027 list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids);
5028 list_add(&stp->st_perfile, &fp->fi_stateids);
5029
5030 out_unlock:
5031 spin_unlock(&fp->fi_lock);
5032 spin_unlock(&oo->oo_owner.so_client->cl_lock);
5033 if (retstp) {
5034 /* Handle races with CLOSE */
5035 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) {
5036 nfs4_put_stid(&retstp->st_stid);
5037 goto retry;
5038 }
5039 /* To keep mutex tracking happy */
5040 mutex_unlock(&stp->st_mutex);
5041 stp = retstp;
5042 }
5043 return stp;
5044 }
5045
5046 /*
5047 * In the 4.0 case we need to keep the owners around a little while to handle
5048 * CLOSE replay. We still do need to release any file access that is held by
5049 * them before returning however.
5050 */
5051 static void
5052 move_to_close_lru(struct nfs4_ol_stateid *s, struct net *net)
5053 {
5054 struct nfs4_ol_stateid *last;
5055 struct nfs4_openowner *oo = openowner(s->st_stateowner);
5056 struct nfsd_net *nn = net_generic(s->st_stid.sc_client->net,
5057 nfsd_net_id);
5058
5059 dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo);
5060
5061 /*
5062 * We know that we hold one reference via nfsd4_close, and another
5063 * "persistent" reference for the client. If the refcount is higher
5064 * than 2, then there are still calls in progress that are using this
5065 * stateid. We can't put the sc_file reference until they are finished.
5066 * Wait for the refcount to drop to 2. Since it has been unhashed,
5067 * there should be no danger of the refcount going back up again at
5068 * this point.
5069 * Some threads with a reference might be waiting for rp_locked,
5070 * so tell them to stop waiting.
5071 */
5072 atomic_set(&oo->oo_owner.so_replay.rp_locked, RP_UNHASHED);
5073 smp_mb__after_atomic();
5074 wake_up_var(&oo->oo_owner.so_replay.rp_locked);
5075 wait_event(close_wq, refcount_read(&s->st_stid.sc_count) == 2);
5076
5077 release_all_access(s);
5078 if (s->st_stid.sc_file) {
5079 put_nfs4_file(s->st_stid.sc_file);
5080 s->st_stid.sc_file = NULL;
5081 }
5082
5083 spin_lock(&nn->client_lock);
5084 last = oo->oo_last_closed_stid;
5085 oo->oo_last_closed_stid = s;
5086 list_move_tail(&oo->oo_close_lru, &nn->close_lru);
5087 oo->oo_time = ktime_get_boottime_seconds();
5088 spin_unlock(&nn->client_lock);
5089 if (last)
5090 nfs4_put_stid(&last->st_stid);
5091 }
5092
5093 static noinline_for_stack struct nfs4_file *
5094 nfsd4_file_hash_lookup(const struct svc_fh *fhp)
5095 {
5096 struct inode *inode = d_inode(fhp->fh_dentry);
5097 struct rhlist_head *tmp, *list;
5098 struct nfs4_file *fi;
5099
5100 rcu_read_lock();
5101 list = rhltable_lookup(&nfs4_file_rhltable, &inode,
5102 nfs4_file_rhash_params);
5103 rhl_for_each_entry_rcu(fi, tmp, list, fi_rlist) {
5104 if (fh_match(&fi->fi_fhandle, &fhp->fh_handle)) {
5105 if (refcount_inc_not_zero(&fi->fi_ref)) {
5106 rcu_read_unlock();
5107 return fi;
5108 }
5109 }
5110 }
5111 rcu_read_unlock();
5112 return NULL;
5113 }
5114
5115 /*
5116 * On hash insertion, identify entries with the same inode but
5117 * distinct filehandles. They will all be on the list returned
5118 * by rhltable_lookup().
5119 *
5120 * inode->i_lock prevents racing insertions from adding an entry
5121 * for the same inode/fhp pair twice.
5122 */
5123 static noinline_for_stack struct nfs4_file *
5124 nfsd4_file_hash_insert(struct nfs4_file *new, const struct svc_fh *fhp)
5125 {
5126 struct inode *inode = d_inode(fhp->fh_dentry);
5127 struct rhlist_head *tmp, *list;
5128 struct nfs4_file *ret = NULL;
5129 bool alias_found = false;
5130 struct nfs4_file *fi;
5131 int err;
5132
5133 rcu_read_lock();
5134 spin_lock(&inode->i_lock);
5135
5136 list = rhltable_lookup(&nfs4_file_rhltable, &inode,
5137 nfs4_file_rhash_params);
5138 rhl_for_each_entry_rcu(fi, tmp, list, fi_rlist) {
5139 if (fh_match(&fi->fi_fhandle, &fhp->fh_handle)) {
5140 if (refcount_inc_not_zero(&fi->fi_ref))
5141 ret = fi;
5142 } else
5143 fi->fi_aliased = alias_found = true;
5144 }
5145 if (ret)
5146 goto out_unlock;
5147
5148 nfsd4_file_init(fhp, new);
5149 err = rhltable_insert(&nfs4_file_rhltable, &new->fi_rlist,
5150 nfs4_file_rhash_params);
5151 if (err)
5152 goto out_unlock;
5153
5154 new->fi_aliased = alias_found;
5155 ret = new;
5156
5157 out_unlock:
5158 spin_unlock(&inode->i_lock);
5159 rcu_read_unlock();
5160 return ret;
5161 }
5162
5163 static noinline_for_stack void nfsd4_file_hash_remove(struct nfs4_file *fi)
5164 {
5165 rhltable_remove(&nfs4_file_rhltable, &fi->fi_rlist,
5166 nfs4_file_rhash_params);
5167 }
5168
5169 /*
5170 * Called to check deny when READ with all zero stateid or
5171 * WRITE with all zero or all one stateid
5172 */
5173 static __be32
5174 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type)
5175 {
5176 struct nfs4_file *fp;
5177 __be32 ret = nfs_ok;
5178
5179 fp = nfsd4_file_hash_lookup(current_fh);
5180 if (!fp)
5181 return ret;
5182
5183 /* Check for conflicting share reservations */
5184 spin_lock(&fp->fi_lock);
5185 if (fp->fi_share_deny & deny_type)
5186 ret = nfserr_locked;
5187 spin_unlock(&fp->fi_lock);
5188 put_nfs4_file(fp);
5189 return ret;
5190 }
5191
5192 static bool nfsd4_deleg_present(const struct inode *inode)
5193 {
5194 struct file_lock_context *ctx = locks_inode_context(inode);
5195
5196 return ctx && !list_empty_careful(&ctx->flc_lease);
5197 }
5198
5199 /**
5200 * nfsd_wait_for_delegreturn - wait for delegations to be returned
5201 * @rqstp: the RPC transaction being executed
5202 * @inode: in-core inode of the file being waited for
5203 *
5204 * The timeout prevents deadlock if all nfsd threads happen to be
5205 * tied up waiting for returning delegations.
5206 *
5207 * Return values:
5208 * %true: delegation was returned
5209 * %false: timed out waiting for delegreturn
5210 */
5211 bool nfsd_wait_for_delegreturn(struct svc_rqst *rqstp, struct inode *inode)
5212 {
5213 long __maybe_unused timeo;
5214
5215 timeo = wait_var_event_timeout(inode, !nfsd4_deleg_present(inode),
5216 NFSD_DELEGRETURN_TIMEOUT);
5217 trace_nfsd_delegret_wakeup(rqstp, inode, timeo);
5218 return timeo > 0;
5219 }
5220
5221 static void nfsd4_cb_recall_prepare(struct nfsd4_callback *cb)
5222 {
5223 struct nfs4_delegation *dp = cb_to_delegation(cb);
5224 struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net,
5225 nfsd_net_id);
5226
5227 block_delegations(&dp->dl_stid.sc_file->fi_fhandle);
5228
5229 /*
5230 * We can't do this in nfsd_break_deleg_cb because it is
5231 * already holding inode->i_lock.
5232 *
5233 * If the dl_time != 0, then we know that it has already been
5234 * queued for a lease break. Don't queue it again.
5235 */
5236 spin_lock(&state_lock);
5237 if (delegation_hashed(dp) && dp->dl_time == 0) {
5238 dp->dl_time = ktime_get_boottime_seconds();
5239 list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru);
5240 }
5241 spin_unlock(&state_lock);
5242 }
5243
5244 static int nfsd4_cb_recall_done(struct nfsd4_callback *cb,
5245 struct rpc_task *task)
5246 {
5247 struct nfs4_delegation *dp = cb_to_delegation(cb);
5248
5249 trace_nfsd_cb_recall_done(&dp->dl_stid.sc_stateid, task);
5250
5251 if (dp->dl_stid.sc_status)
5252 /* CLOSED or REVOKED */
5253 return 1;
5254
5255 switch (task->tk_status) {
5256 case 0:
5257 return 1;
5258 case -NFS4ERR_DELAY:
5259 rpc_delay(task, 2 * HZ);
5260 return 0;
5261 case -EBADHANDLE:
5262 case -NFS4ERR_BAD_STATEID:
5263 /*
5264 * Race: client probably got cb_recall before open reply
5265 * granting delegation.
5266 */
5267 if (dp->dl_retries--) {
5268 rpc_delay(task, 2 * HZ);
5269 return 0;
5270 }
5271 fallthrough;
5272 default:
5273 return 1;
5274 }
5275 }
5276
5277 static void nfsd4_cb_recall_release(struct nfsd4_callback *cb)
5278 {
5279 struct nfs4_delegation *dp = cb_to_delegation(cb);
5280
5281 nfs4_put_stid(&dp->dl_stid);
5282 }
5283
5284 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops = {
5285 .prepare = nfsd4_cb_recall_prepare,
5286 .done = nfsd4_cb_recall_done,
5287 .release = nfsd4_cb_recall_release,
5288 .opcode = OP_CB_RECALL,
5289 };
5290
5291 static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
5292 {
5293 /*
5294 * We're assuming the state code never drops its reference
5295 * without first removing the lease. Since we're in this lease
5296 * callback (and since the lease code is serialized by the
5297 * flc_lock) we know the server hasn't removed the lease yet, and
5298 * we know it's safe to take a reference.
5299 */
5300 refcount_inc(&dp->dl_stid.sc_count);
5301 WARN_ON_ONCE(!nfsd4_run_cb(&dp->dl_recall));
5302 }
5303
5304 /* Called from break_lease() with flc_lock held. */
5305 static bool
5306 nfsd_break_deleg_cb(struct file_lease *fl)
5307 {
5308 struct nfs4_delegation *dp = (struct nfs4_delegation *) fl->c.flc_owner;
5309 struct nfs4_file *fp = dp->dl_stid.sc_file;
5310 struct nfs4_client *clp = dp->dl_stid.sc_client;
5311 struct nfsd_net *nn;
5312
5313 trace_nfsd_cb_recall(&dp->dl_stid);
5314
5315 dp->dl_recalled = true;
5316 atomic_inc(&clp->cl_delegs_in_recall);
5317 if (try_to_expire_client(clp)) {
5318 nn = net_generic(clp->net, nfsd_net_id);
5319 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0);
5320 }
5321
5322 /*
5323 * We don't want the locks code to timeout the lease for us;
5324 * we'll remove it ourself if a delegation isn't returned
5325 * in time:
5326 */
5327 fl->fl_break_time = 0;
5328
5329 fp->fi_had_conflict = true;
5330 nfsd_break_one_deleg(dp);
5331 return false;
5332 }
5333
5334 /**
5335 * nfsd_breaker_owns_lease - Check if lease conflict was resolved
5336 * @fl: Lock state to check
5337 *
5338 * Return values:
5339 * %true: Lease conflict was resolved
5340 * %false: Lease conflict was not resolved.
5341 */
5342 static bool nfsd_breaker_owns_lease(struct file_lease *fl)
5343 {
5344 struct nfs4_delegation *dl = fl->c.flc_owner;
5345 struct svc_rqst *rqst;
5346 struct nfs4_client *clp;
5347
5348 rqst = nfsd_current_rqst();
5349 if (!nfsd_v4client(rqst))
5350 return false;
5351 clp = *(rqst->rq_lease_breaker);
5352 return dl->dl_stid.sc_client == clp;
5353 }
5354
5355 static int
5356 nfsd_change_deleg_cb(struct file_lease *onlist, int arg,
5357 struct list_head *dispose)
5358 {
5359 struct nfs4_delegation *dp = (struct nfs4_delegation *) onlist->c.flc_owner;
5360 struct nfs4_client *clp = dp->dl_stid.sc_client;
5361
5362 if (arg & F_UNLCK) {
5363 if (dp->dl_recalled)
5364 atomic_dec(&clp->cl_delegs_in_recall);
5365 return lease_modify(onlist, arg, dispose);
5366 } else
5367 return -EAGAIN;
5368 }
5369
5370 static const struct lease_manager_operations nfsd_lease_mng_ops = {
5371 .lm_breaker_owns_lease = nfsd_breaker_owns_lease,
5372 .lm_break = nfsd_break_deleg_cb,
5373 .lm_change = nfsd_change_deleg_cb,
5374 };
5375
5376 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid)
5377 {
5378 if (nfsd4_has_session(cstate))
5379 return nfs_ok;
5380 if (seqid == so->so_seqid - 1)
5381 return nfserr_replay_me;
5382 if (seqid == so->so_seqid)
5383 return nfs_ok;
5384 return nfserr_bad_seqid;
5385 }
5386
5387 static struct nfs4_client *lookup_clientid(clientid_t *clid, bool sessions,
5388 struct nfsd_net *nn)
5389 {
5390 struct nfs4_client *found;
5391
5392 spin_lock(&nn->client_lock);
5393 found = find_confirmed_client(clid, sessions, nn);
5394 if (found)
5395 atomic_inc(&found->cl_rpc_users);
5396 spin_unlock(&nn->client_lock);
5397 return found;
5398 }
5399
5400 static __be32 set_client(clientid_t *clid,
5401 struct nfsd4_compound_state *cstate,
5402 struct nfsd_net *nn)
5403 {
5404 if (cstate->clp) {
5405 if (!same_clid(&cstate->clp->cl_clientid, clid))
5406 return nfserr_stale_clientid;
5407 return nfs_ok;
5408 }
5409 if (STALE_CLIENTID(clid, nn))
5410 return nfserr_stale_clientid;
5411 /*
5412 * We're in the 4.0 case (otherwise the SEQUENCE op would have
5413 * set cstate->clp), so session = false:
5414 */
5415 cstate->clp = lookup_clientid(clid, false, nn);
5416 if (!cstate->clp)
5417 return nfserr_expired;
5418 return nfs_ok;
5419 }
5420
5421 __be32
5422 nfsd4_process_open1(struct nfsd4_compound_state *cstate,
5423 struct nfsd4_open *open, struct nfsd_net *nn)
5424 {
5425 clientid_t *clientid = &open->op_clientid;
5426 struct nfs4_client *clp = NULL;
5427 unsigned int strhashval;
5428 struct nfs4_openowner *oo = NULL;
5429 __be32 status;
5430
5431 /*
5432 * In case we need it later, after we've already created the
5433 * file and don't want to risk a further failure:
5434 */
5435 open->op_file = nfsd4_alloc_file();
5436 if (open->op_file == NULL)
5437 return nfserr_jukebox;
5438
5439 status = set_client(clientid, cstate, nn);
5440 if (status)
5441 return status;
5442 clp = cstate->clp;
5443
5444 strhashval = ownerstr_hashval(&open->op_owner);
5445 retry:
5446 oo = find_or_alloc_open_stateowner(strhashval, open, cstate);
5447 open->op_openowner = oo;
5448 if (!oo)
5449 return nfserr_jukebox;
5450 if (nfsd4_cstate_assign_replay(cstate, &oo->oo_owner) == -EAGAIN) {
5451 nfs4_put_stateowner(&oo->oo_owner);
5452 goto retry;
5453 }
5454 status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid);
5455 if (status)
5456 return status;
5457
5458 open->op_stp = nfs4_alloc_open_stateid(clp);
5459 if (!open->op_stp)
5460 return nfserr_jukebox;
5461
5462 if (nfsd4_has_session(cstate) &&
5463 (cstate->current_fh.fh_export->ex_flags & NFSEXP_PNFS)) {
5464 open->op_odstate = alloc_clnt_odstate(clp);
5465 if (!open->op_odstate)
5466 return nfserr_jukebox;
5467 }
5468
5469 return nfs_ok;
5470 }
5471
5472 static inline __be32
5473 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags)
5474 {
5475 if ((flags & WR_STATE) && (dp->dl_type == NFS4_OPEN_DELEGATE_READ))
5476 return nfserr_openmode;
5477 else
5478 return nfs_ok;
5479 }
5480
5481 static int share_access_to_flags(u32 share_access)
5482 {
5483 return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE;
5484 }
5485
5486 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl,
5487 stateid_t *s)
5488 {
5489 struct nfs4_stid *ret;
5490
5491 ret = find_stateid_by_type(cl, s, SC_TYPE_DELEG, SC_STATUS_REVOKED);
5492 if (!ret)
5493 return NULL;
5494 return delegstateid(ret);
5495 }
5496
5497 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open)
5498 {
5499 return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR ||
5500 open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH;
5501 }
5502
5503 static __be32
5504 nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open,
5505 struct nfs4_delegation **dp)
5506 {
5507 int flags;
5508 __be32 status = nfserr_bad_stateid;
5509 struct nfs4_delegation *deleg;
5510
5511 deleg = find_deleg_stateid(cl, &open->op_delegate_stateid);
5512 if (deleg == NULL)
5513 goto out;
5514 if (deleg->dl_stid.sc_status & SC_STATUS_ADMIN_REVOKED) {
5515 nfs4_put_stid(&deleg->dl_stid);
5516 status = nfserr_admin_revoked;
5517 goto out;
5518 }
5519 if (deleg->dl_stid.sc_status & SC_STATUS_REVOKED) {
5520 nfs4_put_stid(&deleg->dl_stid);
5521 nfsd40_drop_revoked_stid(cl, &open->op_delegate_stateid);
5522 status = nfserr_deleg_revoked;
5523 goto out;
5524 }
5525 flags = share_access_to_flags(open->op_share_access);
5526 status = nfs4_check_delegmode(deleg, flags);
5527 if (status) {
5528 nfs4_put_stid(&deleg->dl_stid);
5529 goto out;
5530 }
5531 *dp = deleg;
5532 out:
5533 if (!nfsd4_is_deleg_cur(open))
5534 return nfs_ok;
5535 if (status)
5536 return status;
5537 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
5538 return nfs_ok;
5539 }
5540
5541 static inline int nfs4_access_to_access(u32 nfs4_access)
5542 {
5543 int flags = 0;
5544
5545 if (nfs4_access & NFS4_SHARE_ACCESS_READ)
5546 flags |= NFSD_MAY_READ;
5547 if (nfs4_access & NFS4_SHARE_ACCESS_WRITE)
5548 flags |= NFSD_MAY_WRITE;
5549 return flags;
5550 }
5551
5552 static inline __be32
5553 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh,
5554 struct nfsd4_open *open)
5555 {
5556 struct iattr iattr = {
5557 .ia_valid = ATTR_SIZE,
5558 .ia_size = 0,
5559 };
5560 struct nfsd_attrs attrs = {
5561 .na_iattr = &iattr,
5562 };
5563 if (!open->op_truncate)
5564 return 0;
5565 if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
5566 return nfserr_inval;
5567 return nfsd_setattr(rqstp, fh, &attrs, NULL);
5568 }
5569
5570 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp,
5571 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp,
5572 struct nfsd4_open *open, bool new_stp)
5573 {
5574 struct nfsd_file *nf = NULL;
5575 __be32 status;
5576 int oflag = nfs4_access_to_omode(open->op_share_access);
5577 int access = nfs4_access_to_access(open->op_share_access);
5578 unsigned char old_access_bmap, old_deny_bmap;
5579
5580 spin_lock(&fp->fi_lock);
5581
5582 /*
5583 * Are we trying to set a deny mode that would conflict with
5584 * current access?
5585 */
5586 status = nfs4_file_check_deny(fp, open->op_share_deny);
5587 if (status != nfs_ok) {
5588 if (status != nfserr_share_denied) {
5589 spin_unlock(&fp->fi_lock);
5590 goto out;
5591 }
5592 if (nfs4_resolve_deny_conflicts_locked(fp, new_stp,
5593 stp, open->op_share_deny, false))
5594 status = nfserr_jukebox;
5595 spin_unlock(&fp->fi_lock);
5596 goto out;
5597 }
5598
5599 /* set access to the file */
5600 status = nfs4_file_get_access(fp, open->op_share_access);
5601 if (status != nfs_ok) {
5602 if (status != nfserr_share_denied) {
5603 spin_unlock(&fp->fi_lock);
5604 goto out;
5605 }
5606 if (nfs4_resolve_deny_conflicts_locked(fp, new_stp,
5607 stp, open->op_share_access, true))
5608 status = nfserr_jukebox;
5609 spin_unlock(&fp->fi_lock);
5610 goto out;
5611 }
5612
5613 /* Set access bits in stateid */
5614 old_access_bmap = stp->st_access_bmap;
5615 set_access(open->op_share_access, stp);
5616
5617 /* Set new deny mask */
5618 old_deny_bmap = stp->st_deny_bmap;
5619 set_deny(open->op_share_deny, stp);
5620 fp->fi_share_deny |= (open->op_share_deny & NFS4_SHARE_DENY_BOTH);
5621
5622 if (!fp->fi_fds[oflag]) {
5623 spin_unlock(&fp->fi_lock);
5624
5625 status = nfsd_file_acquire_opened(rqstp, cur_fh, access,
5626 open->op_filp, &nf);
5627 if (status != nfs_ok)
5628 goto out_put_access;
5629
5630 spin_lock(&fp->fi_lock);
5631 if (!fp->fi_fds[oflag]) {
5632 fp->fi_fds[oflag] = nf;
5633 nf = NULL;
5634 }
5635 }
5636 spin_unlock(&fp->fi_lock);
5637 if (nf)
5638 nfsd_file_put(nf);
5639
5640 status = nfserrno(nfsd_open_break_lease(cur_fh->fh_dentry->d_inode,
5641 access));
5642 if (status)
5643 goto out_put_access;
5644
5645 status = nfsd4_truncate(rqstp, cur_fh, open);
5646 if (status)
5647 goto out_put_access;
5648 out:
5649 return status;
5650 out_put_access:
5651 stp->st_access_bmap = old_access_bmap;
5652 nfs4_file_put_access(fp, open->op_share_access);
5653 reset_union_bmap_deny(bmap_to_share_mode(old_deny_bmap), stp);
5654 goto out;
5655 }
5656
5657 static __be32
5658 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp,
5659 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp,
5660 struct nfsd4_open *open)
5661 {
5662 __be32 status;
5663 unsigned char old_deny_bmap = stp->st_deny_bmap;
5664
5665 if (!test_access(open->op_share_access, stp))
5666 return nfs4_get_vfs_file(rqstp, fp, cur_fh, stp, open, false);
5667
5668 /* test and set deny mode */
5669 spin_lock(&fp->fi_lock);
5670 status = nfs4_file_check_deny(fp, open->op_share_deny);
5671 switch (status) {
5672 case nfs_ok:
5673 set_deny(open->op_share_deny, stp);
5674 fp->fi_share_deny |=
5675 (open->op_share_deny & NFS4_SHARE_DENY_BOTH);
5676 break;
5677 case nfserr_share_denied:
5678 if (nfs4_resolve_deny_conflicts_locked(fp, false,
5679 stp, open->op_share_deny, false))
5680 status = nfserr_jukebox;
5681 break;
5682 }
5683 spin_unlock(&fp->fi_lock);
5684
5685 if (status != nfs_ok)
5686 return status;
5687
5688 status = nfsd4_truncate(rqstp, cur_fh, open);
5689 if (status != nfs_ok)
5690 reset_union_bmap_deny(old_deny_bmap, stp);
5691 return status;
5692 }
5693
5694 /* Should we give out recallable state?: */
5695 static bool nfsd4_cb_channel_good(struct nfs4_client *clp)
5696 {
5697 if (clp->cl_cb_state == NFSD4_CB_UP)
5698 return true;
5699 /*
5700 * In the sessions case, since we don't have to establish a
5701 * separate connection for callbacks, we assume it's OK
5702 * until we hear otherwise:
5703 */
5704 return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN;
5705 }
5706
5707 static struct file_lease *nfs4_alloc_init_lease(struct nfs4_delegation *dp,
5708 int flag)
5709 {
5710 struct file_lease *fl;
5711
5712 fl = locks_alloc_lease();
5713 if (!fl)
5714 return NULL;
5715 fl->fl_lmops = &nfsd_lease_mng_ops;
5716 fl->c.flc_flags = FL_DELEG;
5717 fl->c.flc_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK;
5718 fl->c.flc_owner = (fl_owner_t)dp;
5719 fl->c.flc_pid = current->tgid;
5720 fl->c.flc_file = dp->dl_stid.sc_file->fi_deleg_file->nf_file;
5721 return fl;
5722 }
5723
5724 static int nfsd4_check_conflicting_opens(struct nfs4_client *clp,
5725 struct nfs4_file *fp)
5726 {
5727 struct nfs4_ol_stateid *st;
5728 struct file *f = fp->fi_deleg_file->nf_file;
5729 struct inode *ino = file_inode(f);
5730 int writes;
5731
5732 writes = atomic_read(&ino->i_writecount);
5733 if (!writes)
5734 return 0;
5735 /*
5736 * There could be multiple filehandles (hence multiple
5737 * nfs4_files) referencing this file, but that's not too
5738 * common; let's just give up in that case rather than
5739 * trying to go look up all the clients using that other
5740 * nfs4_file as well:
5741 */
5742 if (fp->fi_aliased)
5743 return -EAGAIN;
5744 /*
5745 * If there's a close in progress, make sure that we see it
5746 * clear any fi_fds[] entries before we see it decrement
5747 * i_writecount:
5748 */
5749 smp_mb__after_atomic();
5750
5751 if (fp->fi_fds[O_WRONLY])
5752 writes--;
5753 if (fp->fi_fds[O_RDWR])
5754 writes--;
5755 if (writes > 0)
5756 return -EAGAIN; /* There may be non-NFSv4 writers */
5757 /*
5758 * It's possible there are non-NFSv4 write opens in progress,
5759 * but if they haven't incremented i_writecount yet then they
5760 * also haven't called break lease yet; so, they'll break this
5761 * lease soon enough. So, all that's left to check for is NFSv4
5762 * opens:
5763 */
5764 spin_lock(&fp->fi_lock);
5765 list_for_each_entry(st, &fp->fi_stateids, st_perfile) {
5766 if (st->st_openstp == NULL /* it's an open */ &&
5767 access_permit_write(st) &&
5768 st->st_stid.sc_client != clp) {
5769 spin_unlock(&fp->fi_lock);
5770 return -EAGAIN;
5771 }
5772 }
5773 spin_unlock(&fp->fi_lock);
5774 /*
5775 * There's a small chance that we could be racing with another
5776 * NFSv4 open. However, any open that hasn't added itself to
5777 * the fi_stateids list also hasn't called break_lease yet; so,
5778 * they'll break this lease soon enough.
5779 */
5780 return 0;
5781 }
5782
5783 /*
5784 * It's possible that between opening the dentry and setting the delegation,
5785 * that it has been renamed or unlinked. Redo the lookup to verify that this
5786 * hasn't happened.
5787 */
5788 static int
5789 nfsd4_verify_deleg_dentry(struct nfsd4_open *open, struct nfs4_file *fp,
5790 struct svc_fh *parent)
5791 {
5792 struct svc_export *exp;
5793 struct dentry *child;
5794 __be32 err;
5795
5796 err = nfsd_lookup_dentry(open->op_rqstp, parent,
5797 open->op_fname, open->op_fnamelen,
5798 &exp, &child);
5799
5800 if (err)
5801 return -EAGAIN;
5802
5803 exp_put(exp);
5804 dput(child);
5805 if (child != file_dentry(fp->fi_deleg_file->nf_file))
5806 return -EAGAIN;
5807
5808 return 0;
5809 }
5810
5811 /*
5812 * We avoid breaking delegations held by a client due to its own activity, but
5813 * clearing setuid/setgid bits on a write is an implicit activity and the client
5814 * may not notice and continue using the old mode. Avoid giving out a delegation
5815 * on setuid/setgid files when the client is requesting an open for write.
5816 */
5817 static int
5818 nfsd4_verify_setuid_write(struct nfsd4_open *open, struct nfsd_file *nf)
5819 {
5820 struct inode *inode = file_inode(nf->nf_file);
5821
5822 if ((open->op_share_access & NFS4_SHARE_ACCESS_WRITE) &&
5823 (inode->i_mode & (S_ISUID|S_ISGID)))
5824 return -EAGAIN;
5825 return 0;
5826 }
5827
5828 static struct nfs4_delegation *
5829 nfs4_set_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp,
5830 struct svc_fh *parent)
5831 {
5832 int status = 0;
5833 struct nfs4_client *clp = stp->st_stid.sc_client;
5834 struct nfs4_file *fp = stp->st_stid.sc_file;
5835 struct nfs4_clnt_odstate *odstate = stp->st_clnt_odstate;
5836 struct nfs4_delegation *dp;
5837 struct nfsd_file *nf = NULL;
5838 struct file_lease *fl;
5839 u32 dl_type;
5840
5841 /*
5842 * The fi_had_conflict and nfs_get_existing_delegation checks
5843 * here are just optimizations; we'll need to recheck them at
5844 * the end:
5845 */
5846 if (fp->fi_had_conflict)
5847 return ERR_PTR(-EAGAIN);
5848
5849 /*
5850 * Try for a write delegation first. RFC8881 section 10.4 says:
5851 *
5852 * "An OPEN_DELEGATE_WRITE delegation allows the client to handle,
5853 * on its own, all opens."
5854 *
5855 * Furthermore the client can use a write delegation for most READ
5856 * operations as well, so we require a O_RDWR file here.
5857 *
5858 * Offer a write delegation in the case of a BOTH open, and ensure
5859 * we get the O_RDWR descriptor.
5860 */
5861 if ((open->op_share_access & NFS4_SHARE_ACCESS_BOTH) == NFS4_SHARE_ACCESS_BOTH) {
5862 nf = find_rw_file(fp);
5863 dl_type = NFS4_OPEN_DELEGATE_WRITE;
5864 }
5865
5866 /*
5867 * If the file is being opened O_RDONLY or we couldn't get a O_RDWR
5868 * file for some reason, then try for a read delegation instead.
5869 */
5870 if (!nf && (open->op_share_access & NFS4_SHARE_ACCESS_READ)) {
5871 nf = find_readable_file(fp);
5872 dl_type = NFS4_OPEN_DELEGATE_READ;
5873 }
5874
5875 if (!nf)
5876 return ERR_PTR(-EAGAIN);
5877
5878 spin_lock(&state_lock);
5879 spin_lock(&fp->fi_lock);
5880 if (nfs4_delegation_exists(clp, fp))
5881 status = -EAGAIN;
5882 else if (nfsd4_verify_setuid_write(open, nf))
5883 status = -EAGAIN;
5884 else if (!fp->fi_deleg_file) {
5885 fp->fi_deleg_file = nf;
5886 /* increment early to prevent fi_deleg_file from being
5887 * cleared */
5888 fp->fi_delegees = 1;
5889 nf = NULL;
5890 } else
5891 fp->fi_delegees++;
5892 spin_unlock(&fp->fi_lock);
5893 spin_unlock(&state_lock);
5894 if (nf)
5895 nfsd_file_put(nf);
5896 if (status)
5897 return ERR_PTR(status);
5898
5899 status = -ENOMEM;
5900 dp = alloc_init_deleg(clp, fp, odstate, dl_type);
5901 if (!dp)
5902 goto out_delegees;
5903
5904 fl = nfs4_alloc_init_lease(dp, dl_type);
5905 if (!fl)
5906 goto out_clnt_odstate;
5907
5908 status = kernel_setlease(fp->fi_deleg_file->nf_file,
5909 fl->c.flc_type, &fl, NULL);
5910 if (fl)
5911 locks_free_lease(fl);
5912 if (status)
5913 goto out_clnt_odstate;
5914
5915 if (parent) {
5916 status = nfsd4_verify_deleg_dentry(open, fp, parent);
5917 if (status)
5918 goto out_unlock;
5919 }
5920
5921 status = nfsd4_check_conflicting_opens(clp, fp);
5922 if (status)
5923 goto out_unlock;
5924
5925 /*
5926 * Now that the deleg is set, check again to ensure that nothing
5927 * raced in and changed the mode while we weren't looking.
5928 */
5929 status = nfsd4_verify_setuid_write(open, fp->fi_deleg_file);
5930 if (status)
5931 goto out_unlock;
5932
5933 status = -EAGAIN;
5934 if (fp->fi_had_conflict)
5935 goto out_unlock;
5936
5937 spin_lock(&state_lock);
5938 spin_lock(&clp->cl_lock);
5939 spin_lock(&fp->fi_lock);
5940 status = hash_delegation_locked(dp, fp);
5941 spin_unlock(&fp->fi_lock);
5942 spin_unlock(&clp->cl_lock);
5943 spin_unlock(&state_lock);
5944
5945 if (status)
5946 goto out_unlock;
5947
5948 return dp;
5949 out_unlock:
5950 kernel_setlease(fp->fi_deleg_file->nf_file, F_UNLCK, NULL, (void **)&dp);
5951 out_clnt_odstate:
5952 put_clnt_odstate(dp->dl_clnt_odstate);
5953 nfs4_put_stid(&dp->dl_stid);
5954 out_delegees:
5955 put_deleg_file(fp);
5956 return ERR_PTR(status);
5957 }
5958
5959 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status)
5960 {
5961 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
5962 if (status == -EAGAIN)
5963 open->op_why_no_deleg = WND4_CONTENTION;
5964 else {
5965 open->op_why_no_deleg = WND4_RESOURCE;
5966 switch (open->op_deleg_want) {
5967 case NFS4_SHARE_WANT_READ_DELEG:
5968 case NFS4_SHARE_WANT_WRITE_DELEG:
5969 case NFS4_SHARE_WANT_ANY_DELEG:
5970 break;
5971 case NFS4_SHARE_WANT_CANCEL:
5972 open->op_why_no_deleg = WND4_CANCELLED;
5973 break;
5974 case NFS4_SHARE_WANT_NO_DELEG:
5975 WARN_ON_ONCE(1);
5976 }
5977 }
5978 }
5979
5980 static bool
5981 nfs4_delegation_stat(struct nfs4_delegation *dp, struct svc_fh *currentfh,
5982 struct kstat *stat)
5983 {
5984 struct nfsd_file *nf = find_rw_file(dp->dl_stid.sc_file);
5985 struct path path;
5986 int rc;
5987
5988 if (!nf)
5989 return false;
5990
5991 path.mnt = currentfh->fh_export->ex_path.mnt;
5992 path.dentry = file_dentry(nf->nf_file);
5993
5994 rc = vfs_getattr(&path, stat,
5995 (STATX_MODE | STATX_SIZE | STATX_CTIME | STATX_CHANGE_COOKIE),
5996 AT_STATX_SYNC_AS_STAT);
5997
5998 nfsd_file_put(nf);
5999 return rc == 0;
6000 }
6001
6002 /*
6003 * The Linux NFS server does not offer write delegations to NFSv4.0
6004 * clients in order to avoid conflicts between write delegations and
6005 * GETATTRs requesting CHANGE or SIZE attributes.
6006 *
6007 * With NFSv4.1 and later minorversions, the SEQUENCE operation that
6008 * begins each COMPOUND contains a client ID. Delegation recall can
6009 * be avoided when the server recognizes the client sending a
6010 * GETATTR also holds write delegation it conflicts with.
6011 *
6012 * However, the NFSv4.0 protocol does not enable a server to
6013 * determine that a GETATTR originated from the client holding the
6014 * conflicting delegation versus coming from some other client. Per
6015 * RFC 7530 Section 16.7.5, the server must recall or send a
6016 * CB_GETATTR even when the GETATTR originates from the client that
6017 * holds the conflicting delegation.
6018 *
6019 * An NFSv4.0 client can trigger a pathological situation if it
6020 * always sends a DELEGRETURN preceded by a conflicting GETATTR in
6021 * the same COMPOUND. COMPOUND execution will always stop at the
6022 * GETATTR and the DELEGRETURN will never get executed. The server
6023 * eventually revokes the delegation, which can result in loss of
6024 * open or lock state.
6025 */
6026 static void
6027 nfs4_open_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp,
6028 struct svc_fh *currentfh)
6029 {
6030 struct nfs4_delegation *dp;
6031 struct nfs4_openowner *oo = openowner(stp->st_stateowner);
6032 struct nfs4_client *clp = stp->st_stid.sc_client;
6033 struct svc_fh *parent = NULL;
6034 int cb_up;
6035 int status = 0;
6036 struct kstat stat;
6037
6038 cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client);
6039 open->op_recall = false;
6040 switch (open->op_claim_type) {
6041 case NFS4_OPEN_CLAIM_PREVIOUS:
6042 if (!cb_up)
6043 open->op_recall = true;
6044 break;
6045 case NFS4_OPEN_CLAIM_NULL:
6046 parent = currentfh;
6047 fallthrough;
6048 case NFS4_OPEN_CLAIM_FH:
6049 /*
6050 * Let's not give out any delegations till everyone's
6051 * had the chance to reclaim theirs, *and* until
6052 * NLM locks have all been reclaimed:
6053 */
6054 if (locks_in_grace(clp->net))
6055 goto out_no_deleg;
6056 if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED))
6057 goto out_no_deleg;
6058 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE &&
6059 !clp->cl_minorversion)
6060 goto out_no_deleg;
6061 break;
6062 default:
6063 goto out_no_deleg;
6064 }
6065 dp = nfs4_set_delegation(open, stp, parent);
6066 if (IS_ERR(dp))
6067 goto out_no_deleg;
6068
6069 memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid));
6070
6071 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE) {
6072 if (!nfs4_delegation_stat(dp, currentfh, &stat)) {
6073 nfs4_put_stid(&dp->dl_stid);
6074 destroy_delegation(dp);
6075 goto out_no_deleg;
6076 }
6077 open->op_delegate_type = NFS4_OPEN_DELEGATE_WRITE;
6078 dp->dl_cb_fattr.ncf_cur_fsize = stat.size;
6079 dp->dl_cb_fattr.ncf_initial_cinfo = nfsd4_change_attribute(&stat);
6080 trace_nfsd_deleg_write(&dp->dl_stid.sc_stateid);
6081 } else {
6082 open->op_delegate_type = NFS4_OPEN_DELEGATE_READ;
6083 trace_nfsd_deleg_read(&dp->dl_stid.sc_stateid);
6084 }
6085 nfs4_put_stid(&dp->dl_stid);
6086 return;
6087 out_no_deleg:
6088 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE;
6089 if (open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS &&
6090 open->op_delegate_type != NFS4_OPEN_DELEGATE_NONE) {
6091 dprintk("NFSD: WARNING: refusing delegation reclaim\n");
6092 open->op_recall = true;
6093 }
6094
6095 /* 4.1 client asking for a delegation? */
6096 if (open->op_deleg_want)
6097 nfsd4_open_deleg_none_ext(open, status);
6098 return;
6099 }
6100
6101 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open,
6102 struct nfs4_delegation *dp)
6103 {
6104 if (open->op_deleg_want == NFS4_SHARE_WANT_READ_DELEG &&
6105 dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
6106 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
6107 open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE;
6108 } else if (open->op_deleg_want == NFS4_SHARE_WANT_WRITE_DELEG &&
6109 dp->dl_type == NFS4_OPEN_DELEGATE_WRITE) {
6110 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
6111 open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE;
6112 }
6113 /* Otherwise the client must be confused wanting a delegation
6114 * it already has, therefore we don't return
6115 * NFS4_OPEN_DELEGATE_NONE_EXT and reason.
6116 */
6117 }
6118
6119 /**
6120 * nfsd4_process_open2 - finish open processing
6121 * @rqstp: the RPC transaction being executed
6122 * @current_fh: NFSv4 COMPOUND's current filehandle
6123 * @open: OPEN arguments
6124 *
6125 * If successful, (1) truncate the file if open->op_truncate was
6126 * set, (2) set open->op_stateid, (3) set open->op_delegation.
6127 *
6128 * Returns %nfs_ok on success; otherwise an nfs4stat value in
6129 * network byte order is returned.
6130 */
6131 __be32
6132 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
6133 {
6134 struct nfsd4_compoundres *resp = rqstp->rq_resp;
6135 struct nfs4_client *cl = open->op_openowner->oo_owner.so_client;
6136 struct nfs4_file *fp = NULL;
6137 struct nfs4_ol_stateid *stp = NULL;
6138 struct nfs4_delegation *dp = NULL;
6139 __be32 status;
6140 bool new_stp = false;
6141
6142 /*
6143 * Lookup file; if found, lookup stateid and check open request,
6144 * and check for delegations in the process of being recalled.
6145 * If not found, create the nfs4_file struct
6146 */
6147 fp = nfsd4_file_hash_insert(open->op_file, current_fh);
6148 if (unlikely(!fp))
6149 return nfserr_jukebox;
6150 if (fp != open->op_file) {
6151 status = nfs4_check_deleg(cl, open, &dp);
6152 if (status)
6153 goto out;
6154 stp = nfsd4_find_and_lock_existing_open(fp, open);
6155 } else {
6156 open->op_file = NULL;
6157 status = nfserr_bad_stateid;
6158 if (nfsd4_is_deleg_cur(open))
6159 goto out;
6160 }
6161
6162 if (!stp) {
6163 stp = init_open_stateid(fp, open);
6164 if (!stp) {
6165 status = nfserr_jukebox;
6166 goto out;
6167 }
6168
6169 if (!open->op_stp)
6170 new_stp = true;
6171 }
6172
6173 /*
6174 * OPEN the file, or upgrade an existing OPEN.
6175 * If truncate fails, the OPEN fails.
6176 *
6177 * stp is already locked.
6178 */
6179 if (!new_stp) {
6180 /* Stateid was found, this is an OPEN upgrade */
6181 status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
6182 if (status) {
6183 mutex_unlock(&stp->st_mutex);
6184 goto out;
6185 }
6186 } else {
6187 status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open, true);
6188 if (status) {
6189 release_open_stateid(stp);
6190 mutex_unlock(&stp->st_mutex);
6191 goto out;
6192 }
6193
6194 stp->st_clnt_odstate = find_or_hash_clnt_odstate(fp,
6195 open->op_odstate);
6196 if (stp->st_clnt_odstate == open->op_odstate)
6197 open->op_odstate = NULL;
6198 }
6199
6200 nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid);
6201 mutex_unlock(&stp->st_mutex);
6202
6203 if (nfsd4_has_session(&resp->cstate)) {
6204 if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) {
6205 open->op_delegate_type = NFS4_OPEN_DELEGATE_NONE_EXT;
6206 open->op_why_no_deleg = WND4_NOT_WANTED;
6207 goto nodeleg;
6208 }
6209 }
6210
6211 /*
6212 * Attempt to hand out a delegation. No error return, because the
6213 * OPEN succeeds even if we fail.
6214 */
6215 nfs4_open_delegation(open, stp, &resp->cstate.current_fh);
6216 nodeleg:
6217 status = nfs_ok;
6218 trace_nfsd_open(&stp->st_stid.sc_stateid);
6219 out:
6220 /* 4.1 client trying to upgrade/downgrade delegation? */
6221 if (open->op_delegate_type == NFS4_OPEN_DELEGATE_NONE && dp &&
6222 open->op_deleg_want)
6223 nfsd4_deleg_xgrade_none_ext(open, dp);
6224
6225 if (fp)
6226 put_nfs4_file(fp);
6227 if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS)
6228 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED;
6229 /*
6230 * To finish the open response, we just need to set the rflags.
6231 */
6232 open->op_rflags = NFS4_OPEN_RESULT_LOCKTYPE_POSIX;
6233 if (nfsd4_has_session(&resp->cstate))
6234 open->op_rflags |= NFS4_OPEN_RESULT_MAY_NOTIFY_LOCK;
6235 else if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED))
6236 open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM;
6237
6238 if (dp)
6239 nfs4_put_stid(&dp->dl_stid);
6240 if (stp)
6241 nfs4_put_stid(&stp->st_stid);
6242
6243 return status;
6244 }
6245
6246 void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate,
6247 struct nfsd4_open *open)
6248 {
6249 if (open->op_openowner)
6250 nfs4_put_stateowner(&open->op_openowner->oo_owner);
6251 if (open->op_file)
6252 kmem_cache_free(file_slab, open->op_file);
6253 if (open->op_stp)
6254 nfs4_put_stid(&open->op_stp->st_stid);
6255 if (open->op_odstate)
6256 kmem_cache_free(odstate_slab, open->op_odstate);
6257 }
6258
6259 __be32
6260 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
6261 union nfsd4_op_u *u)
6262 {
6263 clientid_t *clid = &u->renew;
6264 struct nfs4_client *clp;
6265 __be32 status;
6266 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
6267
6268 trace_nfsd_clid_renew(clid);
6269 status = set_client(clid, cstate, nn);
6270 if (status)
6271 return status;
6272 clp = cstate->clp;
6273 if (!list_empty(&clp->cl_delegations)
6274 && clp->cl_cb_state != NFSD4_CB_UP)
6275 return nfserr_cb_path_down;
6276 return nfs_ok;
6277 }
6278
6279 void
6280 nfsd4_end_grace(struct nfsd_net *nn)
6281 {
6282 /* do nothing if grace period already ended */
6283 if (nn->grace_ended)
6284 return;
6285
6286 trace_nfsd_grace_complete(nn);
6287 nn->grace_ended = true;
6288 /*
6289 * If the server goes down again right now, an NFSv4
6290 * client will still be allowed to reclaim after it comes back up,
6291 * even if it hasn't yet had a chance to reclaim state this time.
6292 *
6293 */
6294 nfsd4_record_grace_done(nn);
6295 /*
6296 * At this point, NFSv4 clients can still reclaim. But if the
6297 * server crashes, any that have not yet reclaimed will be out
6298 * of luck on the next boot.
6299 *
6300 * (NFSv4.1+ clients are considered to have reclaimed once they
6301 * call RECLAIM_COMPLETE. NFSv4.0 clients are considered to
6302 * have reclaimed after their first OPEN.)
6303 */
6304 locks_end_grace(&nn->nfsd4_manager);
6305 /*
6306 * At this point, and once lockd and/or any other containers
6307 * exit their grace period, further reclaims will fail and
6308 * regular locking can resume.
6309 */
6310 }
6311
6312 /*
6313 * If we've waited a lease period but there are still clients trying to
6314 * reclaim, wait a little longer to give them a chance to finish.
6315 */
6316 static bool clients_still_reclaiming(struct nfsd_net *nn)
6317 {
6318 time64_t double_grace_period_end = nn->boot_time +
6319 2 * nn->nfsd4_lease;
6320
6321 if (nn->track_reclaim_completes &&
6322 atomic_read(&nn->nr_reclaim_complete) ==
6323 nn->reclaim_str_hashtbl_size)
6324 return false;
6325 if (!nn->somebody_reclaimed)
6326 return false;
6327 nn->somebody_reclaimed = false;
6328 /*
6329 * If we've given them *two* lease times to reclaim, and they're
6330 * still not done, give up:
6331 */
6332 if (ktime_get_boottime_seconds() > double_grace_period_end)
6333 return false;
6334 return true;
6335 }
6336
6337 struct laundry_time {
6338 time64_t cutoff;
6339 time64_t new_timeo;
6340 };
6341
6342 static bool state_expired(struct laundry_time *lt, time64_t last_refresh)
6343 {
6344 time64_t time_remaining;
6345
6346 if (last_refresh < lt->cutoff)
6347 return true;
6348 time_remaining = last_refresh - lt->cutoff;
6349 lt->new_timeo = min(lt->new_timeo, time_remaining);
6350 return false;
6351 }
6352
6353 #ifdef CONFIG_NFSD_V4_2_INTER_SSC
6354 void nfsd4_ssc_init_umount_work(struct nfsd_net *nn)
6355 {
6356 spin_lock_init(&nn->nfsd_ssc_lock);
6357 INIT_LIST_HEAD(&nn->nfsd_ssc_mount_list);
6358 init_waitqueue_head(&nn->nfsd_ssc_waitq);
6359 }
6360
6361 /*
6362 * This is called when nfsd is being shutdown, after all inter_ssc
6363 * cleanup were done, to destroy the ssc delayed unmount list.
6364 */
6365 static void nfsd4_ssc_shutdown_umount(struct nfsd_net *nn)
6366 {
6367 struct nfsd4_ssc_umount_item *ni = NULL;
6368 struct nfsd4_ssc_umount_item *tmp;
6369
6370 spin_lock(&nn->nfsd_ssc_lock);
6371 list_for_each_entry_safe(ni, tmp, &nn->nfsd_ssc_mount_list, nsui_list) {
6372 list_del(&ni->nsui_list);
6373 spin_unlock(&nn->nfsd_ssc_lock);
6374 mntput(ni->nsui_vfsmount);
6375 kfree(ni);
6376 spin_lock(&nn->nfsd_ssc_lock);
6377 }
6378 spin_unlock(&nn->nfsd_ssc_lock);
6379 }
6380
6381 static void nfsd4_ssc_expire_umount(struct nfsd_net *nn)
6382 {
6383 bool do_wakeup = false;
6384 struct nfsd4_ssc_umount_item *ni = NULL;
6385 struct nfsd4_ssc_umount_item *tmp;
6386
6387 spin_lock(&nn->nfsd_ssc_lock);
6388 list_for_each_entry_safe(ni, tmp, &nn->nfsd_ssc_mount_list, nsui_list) {
6389 if (time_after(jiffies, ni->nsui_expire)) {
6390 if (refcount_read(&ni->nsui_refcnt) > 1)
6391 continue;
6392
6393 /* mark being unmount */
6394 ni->nsui_busy = true;
6395 spin_unlock(&nn->nfsd_ssc_lock);
6396 mntput(ni->nsui_vfsmount);
6397 spin_lock(&nn->nfsd_ssc_lock);
6398
6399 /* waiters need to start from begin of list */
6400 list_del(&ni->nsui_list);
6401 kfree(ni);
6402
6403 /* wakeup ssc_connect waiters */
6404 do_wakeup = true;
6405 continue;
6406 }
6407 break;
6408 }
6409 if (do_wakeup)
6410 wake_up_all(&nn->nfsd_ssc_waitq);
6411 spin_unlock(&nn->nfsd_ssc_lock);
6412 }
6413 #endif
6414
6415 /* Check if any lock belonging to this lockowner has any blockers */
6416 static bool
6417 nfs4_lockowner_has_blockers(struct nfs4_lockowner *lo)
6418 {
6419 struct file_lock_context *ctx;
6420 struct nfs4_ol_stateid *stp;
6421 struct nfs4_file *nf;
6422
6423 list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) {
6424 nf = stp->st_stid.sc_file;
6425 ctx = locks_inode_context(nf->fi_inode);
6426 if (!ctx)
6427 continue;
6428 if (locks_owner_has_blockers(ctx, lo))
6429 return true;
6430 }
6431 return false;
6432 }
6433
6434 static bool
6435 nfs4_anylock_blockers(struct nfs4_client *clp)
6436 {
6437 int i;
6438 struct nfs4_stateowner *so;
6439 struct nfs4_lockowner *lo;
6440
6441 if (atomic_read(&clp->cl_delegs_in_recall))
6442 return true;
6443 spin_lock(&clp->cl_lock);
6444 for (i = 0; i < OWNER_HASH_SIZE; i++) {
6445 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[i],
6446 so_strhash) {
6447 if (so->so_is_open_owner)
6448 continue;
6449 lo = lockowner(so);
6450 if (nfs4_lockowner_has_blockers(lo)) {
6451 spin_unlock(&clp->cl_lock);
6452 return true;
6453 }
6454 }
6455 }
6456 spin_unlock(&clp->cl_lock);
6457 return false;
6458 }
6459
6460 static void
6461 nfs4_get_client_reaplist(struct nfsd_net *nn, struct list_head *reaplist,
6462 struct laundry_time *lt)
6463 {
6464 unsigned int maxreap, reapcnt = 0;
6465 struct list_head *pos, *next;
6466 struct nfs4_client *clp;
6467
6468 maxreap = (atomic_read(&nn->nfs4_client_count) >= nn->nfs4_max_clients) ?
6469 NFSD_CLIENT_MAX_TRIM_PER_RUN : 0;
6470 INIT_LIST_HEAD(reaplist);
6471 spin_lock(&nn->client_lock);
6472 list_for_each_safe(pos, next, &nn->client_lru) {
6473 clp = list_entry(pos, struct nfs4_client, cl_lru);
6474 if (clp->cl_state == NFSD4_EXPIRABLE)
6475 goto exp_client;
6476 if (!state_expired(lt, clp->cl_time))
6477 break;
6478 if (!atomic_read(&clp->cl_rpc_users)) {
6479 if (clp->cl_state == NFSD4_ACTIVE)
6480 atomic_inc(&nn->nfsd_courtesy_clients);
6481 clp->cl_state = NFSD4_COURTESY;
6482 }
6483 if (!client_has_state(clp))
6484 goto exp_client;
6485 if (!nfs4_anylock_blockers(clp))
6486 if (reapcnt >= maxreap)
6487 continue;
6488 exp_client:
6489 if (!mark_client_expired_locked(clp)) {
6490 list_add(&clp->cl_lru, reaplist);
6491 reapcnt++;
6492 }
6493 }
6494 spin_unlock(&nn->client_lock);
6495 }
6496
6497 static void
6498 nfs4_get_courtesy_client_reaplist(struct nfsd_net *nn,
6499 struct list_head *reaplist)
6500 {
6501 unsigned int maxreap = 0, reapcnt = 0;
6502 struct list_head *pos, *next;
6503 struct nfs4_client *clp;
6504
6505 maxreap = NFSD_CLIENT_MAX_TRIM_PER_RUN;
6506 INIT_LIST_HEAD(reaplist);
6507
6508 spin_lock(&nn->client_lock);
6509 list_for_each_safe(pos, next, &nn->client_lru) {
6510 clp = list_entry(pos, struct nfs4_client, cl_lru);
6511 if (clp->cl_state == NFSD4_ACTIVE)
6512 break;
6513 if (reapcnt >= maxreap)
6514 break;
6515 if (!mark_client_expired_locked(clp)) {
6516 list_add(&clp->cl_lru, reaplist);
6517 reapcnt++;
6518 }
6519 }
6520 spin_unlock(&nn->client_lock);
6521 }
6522
6523 static void
6524 nfs4_process_client_reaplist(struct list_head *reaplist)
6525 {
6526 struct list_head *pos, *next;
6527 struct nfs4_client *clp;
6528
6529 list_for_each_safe(pos, next, reaplist) {
6530 clp = list_entry(pos, struct nfs4_client, cl_lru);
6531 trace_nfsd_clid_purged(&clp->cl_clientid);
6532 list_del_init(&clp->cl_lru);
6533 expire_client(clp);
6534 }
6535 }
6536
6537 static void nfs40_clean_admin_revoked(struct nfsd_net *nn,
6538 struct laundry_time *lt)
6539 {
6540 struct nfs4_client *clp;
6541
6542 spin_lock(&nn->client_lock);
6543 if (nn->nfs40_last_revoke == 0 ||
6544 nn->nfs40_last_revoke > lt->cutoff) {
6545 spin_unlock(&nn->client_lock);
6546 return;
6547 }
6548 nn->nfs40_last_revoke = 0;
6549
6550 retry:
6551 list_for_each_entry(clp, &nn->client_lru, cl_lru) {
6552 unsigned long id, tmp;
6553 struct nfs4_stid *stid;
6554
6555 if (atomic_read(&clp->cl_admin_revoked) == 0)
6556 continue;
6557
6558 spin_lock(&clp->cl_lock);
6559 idr_for_each_entry_ul(&clp->cl_stateids, stid, tmp, id)
6560 if (stid->sc_status & SC_STATUS_ADMIN_REVOKED) {
6561 refcount_inc(&stid->sc_count);
6562 spin_unlock(&nn->client_lock);
6563 /* this function drops ->cl_lock */
6564 nfsd4_drop_revoked_stid(stid);
6565 nfs4_put_stid(stid);
6566 spin_lock(&nn->client_lock);
6567 goto retry;
6568 }
6569 spin_unlock(&clp->cl_lock);
6570 }
6571 spin_unlock(&nn->client_lock);
6572 }
6573
6574 static time64_t
6575 nfs4_laundromat(struct nfsd_net *nn)
6576 {
6577 struct nfs4_openowner *oo;
6578 struct nfs4_delegation *dp;
6579 struct nfs4_ol_stateid *stp;
6580 struct nfsd4_blocked_lock *nbl;
6581 struct list_head *pos, *next, reaplist;
6582 struct laundry_time lt = {
6583 .cutoff = ktime_get_boottime_seconds() - nn->nfsd4_lease,
6584 .new_timeo = nn->nfsd4_lease
6585 };
6586 struct nfs4_cpntf_state *cps;
6587 copy_stateid_t *cps_t;
6588 int i;
6589
6590 if (clients_still_reclaiming(nn)) {
6591 lt.new_timeo = 0;
6592 goto out;
6593 }
6594 nfsd4_end_grace(nn);
6595
6596 spin_lock(&nn->s2s_cp_lock);
6597 idr_for_each_entry(&nn->s2s_cp_stateids, cps_t, i) {
6598 cps = container_of(cps_t, struct nfs4_cpntf_state, cp_stateid);
6599 if (cps->cp_stateid.cs_type == NFS4_COPYNOTIFY_STID &&
6600 state_expired(&lt, cps->cpntf_time))
6601 _free_cpntf_state_locked(nn, cps);
6602 }
6603 spin_unlock(&nn->s2s_cp_lock);
6604 nfsd4_async_copy_reaper(nn);
6605 nfs4_get_client_reaplist(nn, &reaplist, &lt);
6606 nfs4_process_client_reaplist(&reaplist);
6607
6608 nfs40_clean_admin_revoked(nn, &lt);
6609
6610 spin_lock(&state_lock);
6611 list_for_each_safe(pos, next, &nn->del_recall_lru) {
6612 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
6613 if (!state_expired(&lt, dp->dl_time))
6614 break;
6615 refcount_inc(&dp->dl_stid.sc_count);
6616 unhash_delegation_locked(dp, SC_STATUS_REVOKED);
6617 list_add(&dp->dl_recall_lru, &reaplist);
6618 }
6619 spin_unlock(&state_lock);
6620 while (!list_empty(&reaplist)) {
6621 dp = list_first_entry(&reaplist, struct nfs4_delegation,
6622 dl_recall_lru);
6623 list_del_init(&dp->dl_recall_lru);
6624 revoke_delegation(dp);
6625 }
6626
6627 spin_lock(&nn->client_lock);
6628 while (!list_empty(&nn->close_lru)) {
6629 oo = list_first_entry(&nn->close_lru, struct nfs4_openowner,
6630 oo_close_lru);
6631 if (!state_expired(&lt, oo->oo_time))
6632 break;
6633 list_del_init(&oo->oo_close_lru);
6634 stp = oo->oo_last_closed_stid;
6635 oo->oo_last_closed_stid = NULL;
6636 spin_unlock(&nn->client_lock);
6637 nfs4_put_stid(&stp->st_stid);
6638 spin_lock(&nn->client_lock);
6639 }
6640 spin_unlock(&nn->client_lock);
6641
6642 /*
6643 * It's possible for a client to try and acquire an already held lock
6644 * that is being held for a long time, and then lose interest in it.
6645 * So, we clean out any un-revisited request after a lease period
6646 * under the assumption that the client is no longer interested.
6647 *
6648 * RFC5661, sec. 9.6 states that the client must not rely on getting
6649 * notifications and must continue to poll for locks, even when the
6650 * server supports them. Thus this shouldn't lead to clients blocking
6651 * indefinitely once the lock does become free.
6652 */
6653 BUG_ON(!list_empty(&reaplist));
6654 spin_lock(&nn->blocked_locks_lock);
6655 while (!list_empty(&nn->blocked_locks_lru)) {
6656 nbl = list_first_entry(&nn->blocked_locks_lru,
6657 struct nfsd4_blocked_lock, nbl_lru);
6658 if (!state_expired(&lt, nbl->nbl_time))
6659 break;
6660 list_move(&nbl->nbl_lru, &reaplist);
6661 list_del_init(&nbl->nbl_list);
6662 }
6663 spin_unlock(&nn->blocked_locks_lock);
6664
6665 while (!list_empty(&reaplist)) {
6666 nbl = list_first_entry(&reaplist,
6667 struct nfsd4_blocked_lock, nbl_lru);
6668 list_del_init(&nbl->nbl_lru);
6669 free_blocked_lock(nbl);
6670 }
6671 #ifdef CONFIG_NFSD_V4_2_INTER_SSC
6672 /* service the server-to-server copy delayed unmount list */
6673 nfsd4_ssc_expire_umount(nn);
6674 #endif
6675 if (atomic_long_read(&num_delegations) >= max_delegations)
6676 deleg_reaper(nn);
6677 out:
6678 return max_t(time64_t, lt.new_timeo, NFSD_LAUNDROMAT_MINTIMEOUT);
6679 }
6680
6681 static void laundromat_main(struct work_struct *);
6682
6683 static void
6684 laundromat_main(struct work_struct *laundry)
6685 {
6686 time64_t t;
6687 struct delayed_work *dwork = to_delayed_work(laundry);
6688 struct nfsd_net *nn = container_of(dwork, struct nfsd_net,
6689 laundromat_work);
6690
6691 t = nfs4_laundromat(nn);
6692 queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ);
6693 }
6694
6695 static void
6696 courtesy_client_reaper(struct nfsd_net *nn)
6697 {
6698 struct list_head reaplist;
6699
6700 nfs4_get_courtesy_client_reaplist(nn, &reaplist);
6701 nfs4_process_client_reaplist(&reaplist);
6702 }
6703
6704 static void
6705 deleg_reaper(struct nfsd_net *nn)
6706 {
6707 struct list_head *pos, *next;
6708 struct nfs4_client *clp;
6709 LIST_HEAD(cblist);
6710
6711 spin_lock(&nn->client_lock);
6712 list_for_each_safe(pos, next, &nn->client_lru) {
6713 clp = list_entry(pos, struct nfs4_client, cl_lru);
6714 if (clp->cl_state != NFSD4_ACTIVE ||
6715 list_empty(&clp->cl_delegations) ||
6716 atomic_read(&clp->cl_delegs_in_recall) ||
6717 test_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags) ||
6718 (ktime_get_boottime_seconds() -
6719 clp->cl_ra_time < 5)) {
6720 continue;
6721 }
6722 list_add(&clp->cl_ra_cblist, &cblist);
6723
6724 /* release in nfsd4_cb_recall_any_release */
6725 kref_get(&clp->cl_nfsdfs.cl_ref);
6726 set_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags);
6727 clp->cl_ra_time = ktime_get_boottime_seconds();
6728 }
6729 spin_unlock(&nn->client_lock);
6730
6731 while (!list_empty(&cblist)) {
6732 clp = list_first_entry(&cblist, struct nfs4_client,
6733 cl_ra_cblist);
6734 list_del_init(&clp->cl_ra_cblist);
6735 clp->cl_ra->ra_keep = 0;
6736 clp->cl_ra->ra_bmval[0] = BIT(RCA4_TYPE_MASK_RDATA_DLG) |
6737 BIT(RCA4_TYPE_MASK_WDATA_DLG);
6738 trace_nfsd_cb_recall_any(clp->cl_ra);
6739 nfsd4_run_cb(&clp->cl_ra->ra_cb);
6740 }
6741 }
6742
6743 static void
6744 nfsd4_state_shrinker_worker(struct work_struct *work)
6745 {
6746 struct nfsd_net *nn = container_of(work, struct nfsd_net,
6747 nfsd_shrinker_work);
6748
6749 courtesy_client_reaper(nn);
6750 deleg_reaper(nn);
6751 }
6752
6753 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp)
6754 {
6755 if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle))
6756 return nfserr_bad_stateid;
6757 return nfs_ok;
6758 }
6759
6760 static
6761 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags)
6762 {
6763 __be32 status = nfserr_openmode;
6764
6765 /* For lock stateid's, we test the parent open, not the lock: */
6766 if (stp->st_openstp)
6767 stp = stp->st_openstp;
6768 if ((flags & WR_STATE) && !access_permit_write(stp))
6769 goto out;
6770 if ((flags & RD_STATE) && !access_permit_read(stp))
6771 goto out;
6772 status = nfs_ok;
6773 out:
6774 return status;
6775 }
6776
6777 static inline __be32
6778 check_special_stateids(struct net *net, svc_fh *current_fh, stateid_t *stateid, int flags)
6779 {
6780 if (ONE_STATEID(stateid) && (flags & RD_STATE))
6781 return nfs_ok;
6782 else if (opens_in_grace(net)) {
6783 /* Answer in remaining cases depends on existence of
6784 * conflicting state; so we must wait out the grace period. */
6785 return nfserr_grace;
6786 } else if (flags & WR_STATE)
6787 return nfs4_share_conflict(current_fh,
6788 NFS4_SHARE_DENY_WRITE);
6789 else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */
6790 return nfs4_share_conflict(current_fh,
6791 NFS4_SHARE_DENY_READ);
6792 }
6793
6794 static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session)
6795 {
6796 /*
6797 * When sessions are used the stateid generation number is ignored
6798 * when it is zero.
6799 */
6800 if (has_session && in->si_generation == 0)
6801 return nfs_ok;
6802
6803 if (in->si_generation == ref->si_generation)
6804 return nfs_ok;
6805
6806 /* If the client sends us a stateid from the future, it's buggy: */
6807 if (nfsd4_stateid_generation_after(in, ref))
6808 return nfserr_bad_stateid;
6809 /*
6810 * However, we could see a stateid from the past, even from a
6811 * non-buggy client. For example, if the client sends a lock
6812 * while some IO is outstanding, the lock may bump si_generation
6813 * while the IO is still in flight. The client could avoid that
6814 * situation by waiting for responses on all the IO requests,
6815 * but better performance may result in retrying IO that
6816 * receives an old_stateid error if requests are rarely
6817 * reordered in flight:
6818 */
6819 return nfserr_old_stateid;
6820 }
6821
6822 static __be32 nfsd4_stid_check_stateid_generation(stateid_t *in, struct nfs4_stid *s, bool has_session)
6823 {
6824 __be32 ret;
6825
6826 spin_lock(&s->sc_lock);
6827 ret = nfsd4_verify_open_stid(s);
6828 if (ret == nfs_ok)
6829 ret = check_stateid_generation(in, &s->sc_stateid, has_session);
6830 spin_unlock(&s->sc_lock);
6831 if (ret == nfserr_admin_revoked)
6832 nfsd40_drop_revoked_stid(s->sc_client,
6833 &s->sc_stateid);
6834 return ret;
6835 }
6836
6837 static __be32 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid *ols)
6838 {
6839 if (ols->st_stateowner->so_is_open_owner &&
6840 !(openowner(ols->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED))
6841 return nfserr_bad_stateid;
6842 return nfs_ok;
6843 }
6844
6845 static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
6846 {
6847 struct nfs4_stid *s;
6848 __be32 status = nfserr_bad_stateid;
6849
6850 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
6851 CLOSE_STATEID(stateid))
6852 return status;
6853 spin_lock(&cl->cl_lock);
6854 s = find_stateid_locked(cl, stateid);
6855 if (!s)
6856 goto out_unlock;
6857 status = nfsd4_stid_check_stateid_generation(stateid, s, 1);
6858 if (status)
6859 goto out_unlock;
6860 status = nfsd4_verify_open_stid(s);
6861 if (status)
6862 goto out_unlock;
6863
6864 switch (s->sc_type) {
6865 case SC_TYPE_DELEG:
6866 status = nfs_ok;
6867 break;
6868 case SC_TYPE_OPEN:
6869 case SC_TYPE_LOCK:
6870 status = nfsd4_check_openowner_confirmed(openlockstateid(s));
6871 break;
6872 default:
6873 printk("unknown stateid type %x\n", s->sc_type);
6874 status = nfserr_bad_stateid;
6875 }
6876 out_unlock:
6877 spin_unlock(&cl->cl_lock);
6878 if (status == nfserr_admin_revoked)
6879 nfsd40_drop_revoked_stid(cl, stateid);
6880 return status;
6881 }
6882
6883 __be32
6884 nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate,
6885 stateid_t *stateid,
6886 unsigned short typemask, unsigned short statusmask,
6887 struct nfs4_stid **s, struct nfsd_net *nn)
6888 {
6889 __be32 status;
6890 struct nfs4_stid *stid;
6891 bool return_revoked = false;
6892
6893 /*
6894 * only return revoked delegations if explicitly asked.
6895 * otherwise we report revoked or bad_stateid status.
6896 */
6897 if (statusmask & SC_STATUS_REVOKED)
6898 return_revoked = true;
6899 if (typemask & SC_TYPE_DELEG)
6900 /* Always allow REVOKED for DELEG so we can
6901 * retturn the appropriate error.
6902 */
6903 statusmask |= SC_STATUS_REVOKED;
6904
6905 statusmask |= SC_STATUS_ADMIN_REVOKED;
6906
6907 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
6908 CLOSE_STATEID(stateid))
6909 return nfserr_bad_stateid;
6910 status = set_client(&stateid->si_opaque.so_clid, cstate, nn);
6911 if (status == nfserr_stale_clientid) {
6912 if (cstate->session)
6913 return nfserr_bad_stateid;
6914 return nfserr_stale_stateid;
6915 }
6916 if (status)
6917 return status;
6918 stid = find_stateid_by_type(cstate->clp, stateid, typemask, statusmask);
6919 if (!stid)
6920 return nfserr_bad_stateid;
6921 if ((stid->sc_status & SC_STATUS_REVOKED) && !return_revoked) {
6922 nfs4_put_stid(stid);
6923 return nfserr_deleg_revoked;
6924 }
6925 if (stid->sc_status & SC_STATUS_ADMIN_REVOKED) {
6926 nfsd40_drop_revoked_stid(cstate->clp, stateid);
6927 nfs4_put_stid(stid);
6928 return nfserr_admin_revoked;
6929 }
6930 *s = stid;
6931 return nfs_ok;
6932 }
6933
6934 static struct nfsd_file *
6935 nfs4_find_file(struct nfs4_stid *s, int flags)
6936 {
6937 struct nfsd_file *ret = NULL;
6938
6939 if (!s || s->sc_status)
6940 return NULL;
6941
6942 switch (s->sc_type) {
6943 case SC_TYPE_DELEG:
6944 spin_lock(&s->sc_file->fi_lock);
6945 ret = nfsd_file_get(s->sc_file->fi_deleg_file);
6946 spin_unlock(&s->sc_file->fi_lock);
6947 break;
6948 case SC_TYPE_OPEN:
6949 case SC_TYPE_LOCK:
6950 if (flags & RD_STATE)
6951 ret = find_readable_file(s->sc_file);
6952 else
6953 ret = find_writeable_file(s->sc_file);
6954 }
6955
6956 return ret;
6957 }
6958
6959 static __be32
6960 nfs4_check_olstateid(struct nfs4_ol_stateid *ols, int flags)
6961 {
6962 __be32 status;
6963
6964 status = nfsd4_check_openowner_confirmed(ols);
6965 if (status)
6966 return status;
6967 return nfs4_check_openmode(ols, flags);
6968 }
6969
6970 static __be32
6971 nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s,
6972 struct nfsd_file **nfp, int flags)
6973 {
6974 int acc = (flags & RD_STATE) ? NFSD_MAY_READ : NFSD_MAY_WRITE;
6975 struct nfsd_file *nf;
6976 __be32 status;
6977
6978 nf = nfs4_find_file(s, flags);
6979 if (nf) {
6980 status = nfsd_permission(&rqstp->rq_cred,
6981 fhp->fh_export, fhp->fh_dentry,
6982 acc | NFSD_MAY_OWNER_OVERRIDE);
6983 if (status) {
6984 nfsd_file_put(nf);
6985 goto out;
6986 }
6987 } else {
6988 status = nfsd_file_acquire(rqstp, fhp, acc, &nf);
6989 if (status)
6990 return status;
6991 }
6992 *nfp = nf;
6993 out:
6994 return status;
6995 }
6996 static void
6997 _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps)
6998 {
6999 WARN_ON_ONCE(cps->cp_stateid.cs_type != NFS4_COPYNOTIFY_STID);
7000 if (!refcount_dec_and_test(&cps->cp_stateid.cs_count))
7001 return;
7002 list_del(&cps->cp_list);
7003 idr_remove(&nn->s2s_cp_stateids,
7004 cps->cp_stateid.cs_stid.si_opaque.so_id);
7005 kfree(cps);
7006 }
7007 /*
7008 * A READ from an inter server to server COPY will have a
7009 * copy stateid. Look up the copy notify stateid from the
7010 * idr structure and take a reference on it.
7011 */
7012 __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st,
7013 struct nfs4_client *clp,
7014 struct nfs4_cpntf_state **cps)
7015 {
7016 copy_stateid_t *cps_t;
7017 struct nfs4_cpntf_state *state = NULL;
7018
7019 if (st->si_opaque.so_clid.cl_id != nn->s2s_cp_cl_id)
7020 return nfserr_bad_stateid;
7021 spin_lock(&nn->s2s_cp_lock);
7022 cps_t = idr_find(&nn->s2s_cp_stateids, st->si_opaque.so_id);
7023 if (cps_t) {
7024 state = container_of(cps_t, struct nfs4_cpntf_state,
7025 cp_stateid);
7026 if (state->cp_stateid.cs_type != NFS4_COPYNOTIFY_STID) {
7027 state = NULL;
7028 goto unlock;
7029 }
7030 if (!clp)
7031 refcount_inc(&state->cp_stateid.cs_count);
7032 else
7033 _free_cpntf_state_locked(nn, state);
7034 }
7035 unlock:
7036 spin_unlock(&nn->s2s_cp_lock);
7037 if (!state)
7038 return nfserr_bad_stateid;
7039 if (!clp)
7040 *cps = state;
7041 return 0;
7042 }
7043
7044 static __be32 find_cpntf_state(struct nfsd_net *nn, stateid_t *st,
7045 struct nfs4_stid **stid)
7046 {
7047 __be32 status;
7048 struct nfs4_cpntf_state *cps = NULL;
7049 struct nfs4_client *found;
7050
7051 status = manage_cpntf_state(nn, st, NULL, &cps);
7052 if (status)
7053 return status;
7054
7055 cps->cpntf_time = ktime_get_boottime_seconds();
7056
7057 status = nfserr_expired;
7058 found = lookup_clientid(&cps->cp_p_clid, true, nn);
7059 if (!found)
7060 goto out;
7061
7062 *stid = find_stateid_by_type(found, &cps->cp_p_stateid,
7063 SC_TYPE_DELEG|SC_TYPE_OPEN|SC_TYPE_LOCK,
7064 0);
7065 if (*stid)
7066 status = nfs_ok;
7067 else
7068 status = nfserr_bad_stateid;
7069
7070 put_client_renew(found);
7071 out:
7072 nfs4_put_cpntf_state(nn, cps);
7073 return status;
7074 }
7075
7076 void nfs4_put_cpntf_state(struct nfsd_net *nn, struct nfs4_cpntf_state *cps)
7077 {
7078 spin_lock(&nn->s2s_cp_lock);
7079 _free_cpntf_state_locked(nn, cps);
7080 spin_unlock(&nn->s2s_cp_lock);
7081 }
7082
7083 /**
7084 * nfs4_preprocess_stateid_op - find and prep stateid for an operation
7085 * @rqstp: incoming request from client
7086 * @cstate: current compound state
7087 * @fhp: filehandle associated with requested stateid
7088 * @stateid: stateid (provided by client)
7089 * @flags: flags describing type of operation to be done
7090 * @nfp: optional nfsd_file return pointer (may be NULL)
7091 * @cstid: optional returned nfs4_stid pointer (may be NULL)
7092 *
7093 * Given info from the client, look up a nfs4_stid for the operation. On
7094 * success, it returns a reference to the nfs4_stid and/or the nfsd_file
7095 * associated with it.
7096 */
7097 __be32
7098 nfs4_preprocess_stateid_op(struct svc_rqst *rqstp,
7099 struct nfsd4_compound_state *cstate, struct svc_fh *fhp,
7100 stateid_t *stateid, int flags, struct nfsd_file **nfp,
7101 struct nfs4_stid **cstid)
7102 {
7103 struct net *net = SVC_NET(rqstp);
7104 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
7105 struct nfs4_stid *s = NULL;
7106 __be32 status;
7107
7108 if (nfp)
7109 *nfp = NULL;
7110
7111 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) {
7112 status = check_special_stateids(net, fhp, stateid, flags);
7113 goto done;
7114 }
7115
7116 status = nfsd4_lookup_stateid(cstate, stateid,
7117 SC_TYPE_DELEG|SC_TYPE_OPEN|SC_TYPE_LOCK,
7118 0, &s, nn);
7119 if (status == nfserr_bad_stateid)
7120 status = find_cpntf_state(nn, stateid, &s);
7121 if (status)
7122 return status;
7123 status = nfsd4_stid_check_stateid_generation(stateid, s,
7124 nfsd4_has_session(cstate));
7125 if (status)
7126 goto out;
7127
7128 switch (s->sc_type) {
7129 case SC_TYPE_DELEG:
7130 status = nfs4_check_delegmode(delegstateid(s), flags);
7131 break;
7132 case SC_TYPE_OPEN:
7133 case SC_TYPE_LOCK:
7134 status = nfs4_check_olstateid(openlockstateid(s), flags);
7135 break;
7136 }
7137 if (status)
7138 goto out;
7139 status = nfs4_check_fh(fhp, s);
7140
7141 done:
7142 if (status == nfs_ok && nfp)
7143 status = nfs4_check_file(rqstp, fhp, s, nfp, flags);
7144 out:
7145 if (s) {
7146 if (!status && cstid)
7147 *cstid = s;
7148 else
7149 nfs4_put_stid(s);
7150 }
7151 return status;
7152 }
7153
7154 /*
7155 * Test if the stateid is valid
7156 */
7157 __be32
7158 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7159 union nfsd4_op_u *u)
7160 {
7161 struct nfsd4_test_stateid *test_stateid = &u->test_stateid;
7162 struct nfsd4_test_stateid_id *stateid;
7163 struct nfs4_client *cl = cstate->clp;
7164
7165 list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list)
7166 stateid->ts_id_status =
7167 nfsd4_validate_stateid(cl, &stateid->ts_id_stateid);
7168
7169 return nfs_ok;
7170 }
7171
7172 static __be32
7173 nfsd4_free_lock_stateid(stateid_t *stateid, struct nfs4_stid *s)
7174 {
7175 struct nfs4_ol_stateid *stp = openlockstateid(s);
7176 __be32 ret;
7177
7178 ret = nfsd4_lock_ol_stateid(stp);
7179 if (ret)
7180 goto out_put_stid;
7181
7182 ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
7183 if (ret)
7184 goto out;
7185
7186 ret = nfserr_locks_held;
7187 if (check_for_locks(stp->st_stid.sc_file,
7188 lockowner(stp->st_stateowner)))
7189 goto out;
7190
7191 release_lock_stateid(stp);
7192 ret = nfs_ok;
7193
7194 out:
7195 mutex_unlock(&stp->st_mutex);
7196 out_put_stid:
7197 nfs4_put_stid(s);
7198 return ret;
7199 }
7200
7201 __be32
7202 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7203 union nfsd4_op_u *u)
7204 {
7205 struct nfsd4_free_stateid *free_stateid = &u->free_stateid;
7206 stateid_t *stateid = &free_stateid->fr_stateid;
7207 struct nfs4_stid *s;
7208 struct nfs4_delegation *dp;
7209 struct nfs4_client *cl = cstate->clp;
7210 __be32 ret = nfserr_bad_stateid;
7211
7212 spin_lock(&cl->cl_lock);
7213 s = find_stateid_locked(cl, stateid);
7214 if (!s || s->sc_status & SC_STATUS_CLOSED)
7215 goto out_unlock;
7216 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) {
7217 nfsd4_drop_revoked_stid(s);
7218 ret = nfs_ok;
7219 goto out;
7220 }
7221 spin_lock(&s->sc_lock);
7222 switch (s->sc_type) {
7223 case SC_TYPE_DELEG:
7224 if (s->sc_status & SC_STATUS_REVOKED) {
7225 s->sc_status |= SC_STATUS_CLOSED;
7226 spin_unlock(&s->sc_lock);
7227 dp = delegstateid(s);
7228 if (s->sc_status & SC_STATUS_FREEABLE)
7229 list_del_init(&dp->dl_recall_lru);
7230 s->sc_status |= SC_STATUS_FREED;
7231 spin_unlock(&cl->cl_lock);
7232 nfs4_put_stid(s);
7233 ret = nfs_ok;
7234 goto out;
7235 }
7236 ret = nfserr_locks_held;
7237 break;
7238 case SC_TYPE_OPEN:
7239 ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
7240 if (ret)
7241 break;
7242 ret = nfserr_locks_held;
7243 break;
7244 case SC_TYPE_LOCK:
7245 spin_unlock(&s->sc_lock);
7246 refcount_inc(&s->sc_count);
7247 spin_unlock(&cl->cl_lock);
7248 ret = nfsd4_free_lock_stateid(stateid, s);
7249 goto out;
7250 }
7251 spin_unlock(&s->sc_lock);
7252 out_unlock:
7253 spin_unlock(&cl->cl_lock);
7254 out:
7255 return ret;
7256 }
7257
7258 static inline int
7259 setlkflg (int type)
7260 {
7261 return (type == NFS4_READW_LT || type == NFS4_READ_LT) ?
7262 RD_STATE : WR_STATE;
7263 }
7264
7265 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp)
7266 {
7267 struct svc_fh *current_fh = &cstate->current_fh;
7268 struct nfs4_stateowner *sop = stp->st_stateowner;
7269 __be32 status;
7270
7271 status = nfsd4_check_seqid(cstate, sop, seqid);
7272 if (status)
7273 return status;
7274 status = nfsd4_lock_ol_stateid(stp);
7275 if (status != nfs_ok)
7276 return status;
7277 status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
7278 if (status == nfs_ok)
7279 status = nfs4_check_fh(current_fh, &stp->st_stid);
7280 if (status != nfs_ok)
7281 mutex_unlock(&stp->st_mutex);
7282 return status;
7283 }
7284
7285 /**
7286 * nfs4_preprocess_seqid_op - find and prep an ol_stateid for a seqid-morphing op
7287 * @cstate: compund state
7288 * @seqid: seqid (provided by client)
7289 * @stateid: stateid (provided by client)
7290 * @typemask: mask of allowable types for this operation
7291 * @statusmask: mask of allowed states: 0 or STID_CLOSED
7292 * @stpp: return pointer for the stateid found
7293 * @nn: net namespace for request
7294 *
7295 * Given a stateid+seqid from a client, look up an nfs4_ol_stateid and
7296 * return it in @stpp. On a nfs_ok return, the returned stateid will
7297 * have its st_mutex locked.
7298 */
7299 static __be32
7300 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
7301 stateid_t *stateid,
7302 unsigned short typemask, unsigned short statusmask,
7303 struct nfs4_ol_stateid **stpp,
7304 struct nfsd_net *nn)
7305 {
7306 __be32 status;
7307 struct nfs4_stid *s;
7308 struct nfs4_ol_stateid *stp = NULL;
7309
7310 trace_nfsd_preprocess(seqid, stateid);
7311
7312 *stpp = NULL;
7313 retry:
7314 status = nfsd4_lookup_stateid(cstate, stateid,
7315 typemask, statusmask, &s, nn);
7316 if (status)
7317 return status;
7318 stp = openlockstateid(s);
7319 if (nfsd4_cstate_assign_replay(cstate, stp->st_stateowner) == -EAGAIN) {
7320 nfs4_put_stateowner(stp->st_stateowner);
7321 goto retry;
7322 }
7323
7324 status = nfs4_seqid_op_checks(cstate, stateid, seqid, stp);
7325 if (!status)
7326 *stpp = stp;
7327 else
7328 nfs4_put_stid(&stp->st_stid);
7329 return status;
7330 }
7331
7332 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid,
7333 stateid_t *stateid, struct nfs4_ol_stateid **stpp, struct nfsd_net *nn)
7334 {
7335 __be32 status;
7336 struct nfs4_openowner *oo;
7337 struct nfs4_ol_stateid *stp;
7338
7339 status = nfs4_preprocess_seqid_op(cstate, seqid, stateid,
7340 SC_TYPE_OPEN, 0, &stp, nn);
7341 if (status)
7342 return status;
7343 oo = openowner(stp->st_stateowner);
7344 if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) {
7345 mutex_unlock(&stp->st_mutex);
7346 nfs4_put_stid(&stp->st_stid);
7347 return nfserr_bad_stateid;
7348 }
7349 *stpp = stp;
7350 return nfs_ok;
7351 }
7352
7353 __be32
7354 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7355 union nfsd4_op_u *u)
7356 {
7357 struct nfsd4_open_confirm *oc = &u->open_confirm;
7358 __be32 status;
7359 struct nfs4_openowner *oo;
7360 struct nfs4_ol_stateid *stp;
7361 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
7362
7363 dprintk("NFSD: nfsd4_open_confirm on file %pd\n",
7364 cstate->current_fh.fh_dentry);
7365
7366 status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
7367 if (status)
7368 return status;
7369
7370 status = nfs4_preprocess_seqid_op(cstate,
7371 oc->oc_seqid, &oc->oc_req_stateid,
7372 SC_TYPE_OPEN, 0, &stp, nn);
7373 if (status)
7374 goto out;
7375 oo = openowner(stp->st_stateowner);
7376 status = nfserr_bad_stateid;
7377 if (oo->oo_flags & NFS4_OO_CONFIRMED) {
7378 mutex_unlock(&stp->st_mutex);
7379 goto put_stateid;
7380 }
7381 oo->oo_flags |= NFS4_OO_CONFIRMED;
7382 nfs4_inc_and_copy_stateid(&oc->oc_resp_stateid, &stp->st_stid);
7383 mutex_unlock(&stp->st_mutex);
7384 trace_nfsd_open_confirm(oc->oc_seqid, &stp->st_stid.sc_stateid);
7385 nfsd4_client_record_create(oo->oo_owner.so_client);
7386 status = nfs_ok;
7387 put_stateid:
7388 nfs4_put_stid(&stp->st_stid);
7389 out:
7390 nfsd4_bump_seqid(cstate, status);
7391 return status;
7392 }
7393
7394 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access)
7395 {
7396 if (!test_access(access, stp))
7397 return;
7398 nfs4_file_put_access(stp->st_stid.sc_file, access);
7399 clear_access(access, stp);
7400 }
7401
7402 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access)
7403 {
7404 switch (to_access) {
7405 case NFS4_SHARE_ACCESS_READ:
7406 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE);
7407 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
7408 break;
7409 case NFS4_SHARE_ACCESS_WRITE:
7410 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ);
7411 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH);
7412 break;
7413 case NFS4_SHARE_ACCESS_BOTH:
7414 break;
7415 default:
7416 WARN_ON_ONCE(1);
7417 }
7418 }
7419
7420 __be32
7421 nfsd4_open_downgrade(struct svc_rqst *rqstp,
7422 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u)
7423 {
7424 struct nfsd4_open_downgrade *od = &u->open_downgrade;
7425 __be32 status;
7426 struct nfs4_ol_stateid *stp;
7427 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
7428
7429 dprintk("NFSD: nfsd4_open_downgrade on file %pd\n",
7430 cstate->current_fh.fh_dentry);
7431
7432 /* We don't yet support WANT bits: */
7433 if (od->od_deleg_want)
7434 dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__,
7435 od->od_deleg_want);
7436
7437 status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid,
7438 &od->od_stateid, &stp, nn);
7439 if (status)
7440 goto out;
7441 status = nfserr_inval;
7442 if (!test_access(od->od_share_access, stp)) {
7443 dprintk("NFSD: access not a subset of current bitmap: 0x%hhx, input access=%08x\n",
7444 stp->st_access_bmap, od->od_share_access);
7445 goto put_stateid;
7446 }
7447 if (!test_deny(od->od_share_deny, stp)) {
7448 dprintk("NFSD: deny not a subset of current bitmap: 0x%hhx, input deny=%08x\n",
7449 stp->st_deny_bmap, od->od_share_deny);
7450 goto put_stateid;
7451 }
7452 nfs4_stateid_downgrade(stp, od->od_share_access);
7453 reset_union_bmap_deny(od->od_share_deny, stp);
7454 nfs4_inc_and_copy_stateid(&od->od_stateid, &stp->st_stid);
7455 status = nfs_ok;
7456 put_stateid:
7457 mutex_unlock(&stp->st_mutex);
7458 nfs4_put_stid(&stp->st_stid);
7459 out:
7460 nfsd4_bump_seqid(cstate, status);
7461 return status;
7462 }
7463
7464 static bool nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
7465 {
7466 struct nfs4_client *clp = s->st_stid.sc_client;
7467 bool unhashed;
7468 LIST_HEAD(reaplist);
7469 struct nfs4_ol_stateid *stp;
7470
7471 spin_lock(&clp->cl_lock);
7472 unhashed = unhash_open_stateid(s, &reaplist);
7473
7474 if (clp->cl_minorversion) {
7475 if (unhashed)
7476 put_ol_stateid_locked(s, &reaplist);
7477 spin_unlock(&clp->cl_lock);
7478 list_for_each_entry(stp, &reaplist, st_locks)
7479 nfs4_free_cpntf_statelist(clp->net, &stp->st_stid);
7480 free_ol_stateid_reaplist(&reaplist);
7481 return false;
7482 } else {
7483 spin_unlock(&clp->cl_lock);
7484 free_ol_stateid_reaplist(&reaplist);
7485 return unhashed;
7486 }
7487 }
7488
7489 /*
7490 * nfs4_unlock_state() called after encode
7491 */
7492 __be32
7493 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7494 union nfsd4_op_u *u)
7495 {
7496 struct nfsd4_close *close = &u->close;
7497 __be32 status;
7498 struct nfs4_ol_stateid *stp;
7499 struct net *net = SVC_NET(rqstp);
7500 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
7501 bool need_move_to_close_list;
7502
7503 dprintk("NFSD: nfsd4_close on file %pd\n",
7504 cstate->current_fh.fh_dentry);
7505
7506 status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid,
7507 &close->cl_stateid,
7508 SC_TYPE_OPEN, SC_STATUS_CLOSED,
7509 &stp, nn);
7510 nfsd4_bump_seqid(cstate, status);
7511 if (status)
7512 goto out;
7513
7514 spin_lock(&stp->st_stid.sc_client->cl_lock);
7515 stp->st_stid.sc_status |= SC_STATUS_CLOSED;
7516 spin_unlock(&stp->st_stid.sc_client->cl_lock);
7517
7518 /*
7519 * Technically we don't _really_ have to increment or copy it, since
7520 * it should just be gone after this operation and we clobber the
7521 * copied value below, but we continue to do so here just to ensure
7522 * that racing ops see that there was a state change.
7523 */
7524 nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid);
7525
7526 need_move_to_close_list = nfsd4_close_open_stateid(stp);
7527 mutex_unlock(&stp->st_mutex);
7528 if (need_move_to_close_list)
7529 move_to_close_lru(stp, net);
7530
7531 /* v4.1+ suggests that we send a special stateid in here, since the
7532 * clients should just ignore this anyway. Since this is not useful
7533 * for v4.0 clients either, we set it to the special close_stateid
7534 * universally.
7535 *
7536 * See RFC5661 section 18.2.4, and RFC7530 section 16.2.5
7537 */
7538 memcpy(&close->cl_stateid, &close_stateid, sizeof(close->cl_stateid));
7539
7540 /* put reference from nfs4_preprocess_seqid_op */
7541 nfs4_put_stid(&stp->st_stid);
7542 out:
7543 return status;
7544 }
7545
7546 __be32
7547 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7548 union nfsd4_op_u *u)
7549 {
7550 struct nfsd4_delegreturn *dr = &u->delegreturn;
7551 struct nfs4_delegation *dp;
7552 stateid_t *stateid = &dr->dr_stateid;
7553 struct nfs4_stid *s;
7554 __be32 status;
7555 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
7556
7557 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
7558 return status;
7559
7560 status = nfsd4_lookup_stateid(cstate, stateid, SC_TYPE_DELEG,
7561 SC_STATUS_REVOKED | SC_STATUS_FREEABLE,
7562 &s, nn);
7563 if (status)
7564 goto out;
7565 dp = delegstateid(s);
7566 status = nfsd4_stid_check_stateid_generation(stateid, &dp->dl_stid, nfsd4_has_session(cstate));
7567 if (status)
7568 goto put_stateid;
7569
7570 trace_nfsd_deleg_return(stateid);
7571 destroy_delegation(dp);
7572 smp_mb__after_atomic();
7573 wake_up_var(d_inode(cstate->current_fh.fh_dentry));
7574 put_stateid:
7575 nfs4_put_stid(&dp->dl_stid);
7576 out:
7577 return status;
7578 }
7579
7580 /* last octet in a range */
7581 static inline u64
7582 last_byte_offset(u64 start, u64 len)
7583 {
7584 u64 end;
7585
7586 WARN_ON_ONCE(!len);
7587 end = start + len;
7588 return end > start ? end - 1: NFS4_MAX_UINT64;
7589 }
7590
7591 /*
7592 * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that
7593 * we can't properly handle lock requests that go beyond the (2^63 - 1)-th
7594 * byte, because of sign extension problems. Since NFSv4 calls for 64-bit
7595 * locking, this prevents us from being completely protocol-compliant. The
7596 * real solution to this problem is to start using unsigned file offsets in
7597 * the VFS, but this is a very deep change!
7598 */
7599 static inline void
7600 nfs4_transform_lock_offset(struct file_lock *lock)
7601 {
7602 if (lock->fl_start < 0)
7603 lock->fl_start = OFFSET_MAX;
7604 if (lock->fl_end < 0)
7605 lock->fl_end = OFFSET_MAX;
7606 }
7607
7608 static fl_owner_t
7609 nfsd4_lm_get_owner(fl_owner_t owner)
7610 {
7611 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner;
7612
7613 nfs4_get_stateowner(&lo->lo_owner);
7614 return owner;
7615 }
7616
7617 static void
7618 nfsd4_lm_put_owner(fl_owner_t owner)
7619 {
7620 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner;
7621
7622 if (lo)
7623 nfs4_put_stateowner(&lo->lo_owner);
7624 }
7625
7626 /* return pointer to struct nfs4_client if client is expirable */
7627 static bool
7628 nfsd4_lm_lock_expirable(struct file_lock *cfl)
7629 {
7630 struct nfs4_lockowner *lo = (struct nfs4_lockowner *) cfl->c.flc_owner;
7631 struct nfs4_client *clp = lo->lo_owner.so_client;
7632 struct nfsd_net *nn;
7633
7634 if (try_to_expire_client(clp)) {
7635 nn = net_generic(clp->net, nfsd_net_id);
7636 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0);
7637 return true;
7638 }
7639 return false;
7640 }
7641
7642 /* schedule laundromat to run immediately and wait for it to complete */
7643 static void
7644 nfsd4_lm_expire_lock(void)
7645 {
7646 flush_workqueue(laundry_wq);
7647 }
7648
7649 static void
7650 nfsd4_lm_notify(struct file_lock *fl)
7651 {
7652 struct nfs4_lockowner *lo = (struct nfs4_lockowner *) fl->c.flc_owner;
7653 struct net *net = lo->lo_owner.so_client->net;
7654 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
7655 struct nfsd4_blocked_lock *nbl = container_of(fl,
7656 struct nfsd4_blocked_lock, nbl_lock);
7657 bool queue = false;
7658
7659 /* An empty list means that something else is going to be using it */
7660 spin_lock(&nn->blocked_locks_lock);
7661 if (!list_empty(&nbl->nbl_list)) {
7662 list_del_init(&nbl->nbl_list);
7663 list_del_init(&nbl->nbl_lru);
7664 queue = true;
7665 }
7666 spin_unlock(&nn->blocked_locks_lock);
7667
7668 if (queue) {
7669 trace_nfsd_cb_notify_lock(lo, nbl);
7670 nfsd4_run_cb(&nbl->nbl_cb);
7671 }
7672 }
7673
7674 static const struct lock_manager_operations nfsd_posix_mng_ops = {
7675 .lm_mod_owner = THIS_MODULE,
7676 .lm_notify = nfsd4_lm_notify,
7677 .lm_get_owner = nfsd4_lm_get_owner,
7678 .lm_put_owner = nfsd4_lm_put_owner,
7679 .lm_lock_expirable = nfsd4_lm_lock_expirable,
7680 .lm_expire_lock = nfsd4_lm_expire_lock,
7681 };
7682
7683 static inline void
7684 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny)
7685 {
7686 struct nfs4_lockowner *lo;
7687
7688 if (fl->fl_lmops == &nfsd_posix_mng_ops) {
7689 lo = (struct nfs4_lockowner *) fl->c.flc_owner;
7690 xdr_netobj_dup(&deny->ld_owner, &lo->lo_owner.so_owner,
7691 GFP_KERNEL);
7692 if (!deny->ld_owner.data)
7693 /* We just don't care that much */
7694 goto nevermind;
7695 deny->ld_clientid = lo->lo_owner.so_client->cl_clientid;
7696 } else {
7697 nevermind:
7698 deny->ld_owner.len = 0;
7699 deny->ld_owner.data = NULL;
7700 deny->ld_clientid.cl_boot = 0;
7701 deny->ld_clientid.cl_id = 0;
7702 }
7703 deny->ld_start = fl->fl_start;
7704 deny->ld_length = NFS4_MAX_UINT64;
7705 if (fl->fl_end != NFS4_MAX_UINT64)
7706 deny->ld_length = fl->fl_end - fl->fl_start + 1;
7707 deny->ld_type = NFS4_READ_LT;
7708 if (fl->c.flc_type != F_RDLCK)
7709 deny->ld_type = NFS4_WRITE_LT;
7710 }
7711
7712 static struct nfs4_lockowner *
7713 find_lockowner_str_locked(struct nfs4_client *clp, struct xdr_netobj *owner)
7714 {
7715 unsigned int strhashval = ownerstr_hashval(owner);
7716 struct nfs4_stateowner *so;
7717
7718 lockdep_assert_held(&clp->cl_lock);
7719
7720 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[strhashval],
7721 so_strhash) {
7722 if (so->so_is_open_owner)
7723 continue;
7724 if (same_owner_str(so, owner))
7725 return lockowner(nfs4_get_stateowner(so));
7726 }
7727 return NULL;
7728 }
7729
7730 static struct nfs4_lockowner *
7731 find_lockowner_str(struct nfs4_client *clp, struct xdr_netobj *owner)
7732 {
7733 struct nfs4_lockowner *lo;
7734
7735 spin_lock(&clp->cl_lock);
7736 lo = find_lockowner_str_locked(clp, owner);
7737 spin_unlock(&clp->cl_lock);
7738 return lo;
7739 }
7740
7741 static void nfs4_unhash_lockowner(struct nfs4_stateowner *sop)
7742 {
7743 unhash_lockowner_locked(lockowner(sop));
7744 }
7745
7746 static void nfs4_free_lockowner(struct nfs4_stateowner *sop)
7747 {
7748 struct nfs4_lockowner *lo = lockowner(sop);
7749
7750 kmem_cache_free(lockowner_slab, lo);
7751 }
7752
7753 static const struct nfs4_stateowner_operations lockowner_ops = {
7754 .so_unhash = nfs4_unhash_lockowner,
7755 .so_free = nfs4_free_lockowner,
7756 };
7757
7758 /*
7759 * Alloc a lock owner structure.
7760 * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has
7761 * occurred.
7762 *
7763 * strhashval = ownerstr_hashval
7764 */
7765 static struct nfs4_lockowner *
7766 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp,
7767 struct nfs4_ol_stateid *open_stp,
7768 struct nfsd4_lock *lock)
7769 {
7770 struct nfs4_lockowner *lo, *ret;
7771
7772 lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp);
7773 if (!lo)
7774 return NULL;
7775 INIT_LIST_HEAD(&lo->lo_blocked);
7776 INIT_LIST_HEAD(&lo->lo_owner.so_stateids);
7777 lo->lo_owner.so_is_open_owner = 0;
7778 lo->lo_owner.so_seqid = lock->lk_new_lock_seqid;
7779 lo->lo_owner.so_ops = &lockowner_ops;
7780 spin_lock(&clp->cl_lock);
7781 ret = find_lockowner_str_locked(clp, &lock->lk_new_owner);
7782 if (ret == NULL) {
7783 list_add(&lo->lo_owner.so_strhash,
7784 &clp->cl_ownerstr_hashtbl[strhashval]);
7785 ret = lo;
7786 } else
7787 nfs4_free_stateowner(&lo->lo_owner);
7788
7789 spin_unlock(&clp->cl_lock);
7790 return ret;
7791 }
7792
7793 static struct nfs4_ol_stateid *
7794 find_lock_stateid(const struct nfs4_lockowner *lo,
7795 const struct nfs4_ol_stateid *ost)
7796 {
7797 struct nfs4_ol_stateid *lst;
7798
7799 lockdep_assert_held(&ost->st_stid.sc_client->cl_lock);
7800
7801 /* If ost is not hashed, ost->st_locks will not be valid */
7802 if (!nfs4_ol_stateid_unhashed(ost))
7803 list_for_each_entry(lst, &ost->st_locks, st_locks) {
7804 if (lst->st_stateowner == &lo->lo_owner) {
7805 refcount_inc(&lst->st_stid.sc_count);
7806 return lst;
7807 }
7808 }
7809 return NULL;
7810 }
7811
7812 static struct nfs4_ol_stateid *
7813 init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo,
7814 struct nfs4_file *fp, struct inode *inode,
7815 struct nfs4_ol_stateid *open_stp)
7816 {
7817 struct nfs4_client *clp = lo->lo_owner.so_client;
7818 struct nfs4_ol_stateid *retstp;
7819
7820 mutex_init(&stp->st_mutex);
7821 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX);
7822 retry:
7823 spin_lock(&clp->cl_lock);
7824 if (nfs4_ol_stateid_unhashed(open_stp))
7825 goto out_close;
7826 retstp = find_lock_stateid(lo, open_stp);
7827 if (retstp)
7828 goto out_found;
7829 refcount_inc(&stp->st_stid.sc_count);
7830 stp->st_stid.sc_type = SC_TYPE_LOCK;
7831 stp->st_stateowner = nfs4_get_stateowner(&lo->lo_owner);
7832 get_nfs4_file(fp);
7833 stp->st_stid.sc_file = fp;
7834 stp->st_access_bmap = 0;
7835 stp->st_deny_bmap = open_stp->st_deny_bmap;
7836 stp->st_openstp = open_stp;
7837 spin_lock(&fp->fi_lock);
7838 list_add(&stp->st_locks, &open_stp->st_locks);
7839 list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids);
7840 list_add(&stp->st_perfile, &fp->fi_stateids);
7841 spin_unlock(&fp->fi_lock);
7842 spin_unlock(&clp->cl_lock);
7843 return stp;
7844 out_found:
7845 spin_unlock(&clp->cl_lock);
7846 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) {
7847 nfs4_put_stid(&retstp->st_stid);
7848 goto retry;
7849 }
7850 /* To keep mutex tracking happy */
7851 mutex_unlock(&stp->st_mutex);
7852 return retstp;
7853 out_close:
7854 spin_unlock(&clp->cl_lock);
7855 mutex_unlock(&stp->st_mutex);
7856 return NULL;
7857 }
7858
7859 static struct nfs4_ol_stateid *
7860 find_or_create_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fi,
7861 struct inode *inode, struct nfs4_ol_stateid *ost,
7862 bool *new)
7863 {
7864 struct nfs4_stid *ns = NULL;
7865 struct nfs4_ol_stateid *lst;
7866 struct nfs4_openowner *oo = openowner(ost->st_stateowner);
7867 struct nfs4_client *clp = oo->oo_owner.so_client;
7868
7869 *new = false;
7870 spin_lock(&clp->cl_lock);
7871 lst = find_lock_stateid(lo, ost);
7872 spin_unlock(&clp->cl_lock);
7873 if (lst != NULL) {
7874 if (nfsd4_lock_ol_stateid(lst) == nfs_ok)
7875 goto out;
7876 nfs4_put_stid(&lst->st_stid);
7877 }
7878 ns = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_lock_stateid);
7879 if (ns == NULL)
7880 return NULL;
7881
7882 lst = init_lock_stateid(openlockstateid(ns), lo, fi, inode, ost);
7883 if (lst == openlockstateid(ns))
7884 *new = true;
7885 else
7886 nfs4_put_stid(ns);
7887 out:
7888 return lst;
7889 }
7890
7891 static int
7892 check_lock_length(u64 offset, u64 length)
7893 {
7894 return ((length == 0) || ((length != NFS4_MAX_UINT64) &&
7895 (length > ~offset)));
7896 }
7897
7898 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access)
7899 {
7900 struct nfs4_file *fp = lock_stp->st_stid.sc_file;
7901
7902 lockdep_assert_held(&fp->fi_lock);
7903
7904 if (test_access(access, lock_stp))
7905 return;
7906 __nfs4_file_get_access(fp, access);
7907 set_access(access, lock_stp);
7908 }
7909
7910 static __be32
7911 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate,
7912 struct nfs4_ol_stateid *ost,
7913 struct nfsd4_lock *lock,
7914 struct nfs4_ol_stateid **plst, bool *new)
7915 {
7916 __be32 status;
7917 struct nfs4_file *fi = ost->st_stid.sc_file;
7918 struct nfs4_openowner *oo = openowner(ost->st_stateowner);
7919 struct nfs4_client *cl = oo->oo_owner.so_client;
7920 struct inode *inode = d_inode(cstate->current_fh.fh_dentry);
7921 struct nfs4_lockowner *lo;
7922 struct nfs4_ol_stateid *lst;
7923 unsigned int strhashval;
7924
7925 lo = find_lockowner_str(cl, &lock->lk_new_owner);
7926 if (!lo) {
7927 strhashval = ownerstr_hashval(&lock->lk_new_owner);
7928 lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock);
7929 if (lo == NULL)
7930 return nfserr_jukebox;
7931 } else {
7932 /* with an existing lockowner, seqids must be the same */
7933 status = nfserr_bad_seqid;
7934 if (!cstate->minorversion &&
7935 lock->lk_new_lock_seqid != lo->lo_owner.so_seqid)
7936 goto out;
7937 }
7938
7939 lst = find_or_create_lock_stateid(lo, fi, inode, ost, new);
7940 if (lst == NULL) {
7941 status = nfserr_jukebox;
7942 goto out;
7943 }
7944
7945 status = nfs_ok;
7946 *plst = lst;
7947 out:
7948 nfs4_put_stateowner(&lo->lo_owner);
7949 return status;
7950 }
7951
7952 /*
7953 * LOCK operation
7954 */
7955 __be32
7956 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7957 union nfsd4_op_u *u)
7958 {
7959 struct nfsd4_lock *lock = &u->lock;
7960 struct nfs4_openowner *open_sop = NULL;
7961 struct nfs4_lockowner *lock_sop = NULL;
7962 struct nfs4_ol_stateid *lock_stp = NULL;
7963 struct nfs4_ol_stateid *open_stp = NULL;
7964 struct nfs4_file *fp;
7965 struct nfsd_file *nf = NULL;
7966 struct nfsd4_blocked_lock *nbl = NULL;
7967 struct file_lock *file_lock = NULL;
7968 struct file_lock *conflock = NULL;
7969 struct super_block *sb;
7970 __be32 status = 0;
7971 int lkflg;
7972 int err;
7973 bool new = false;
7974 unsigned char type;
7975 unsigned int flags = FL_POSIX;
7976 struct net *net = SVC_NET(rqstp);
7977 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
7978
7979 dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n",
7980 (long long) lock->lk_offset,
7981 (long long) lock->lk_length);
7982
7983 if (check_lock_length(lock->lk_offset, lock->lk_length))
7984 return nfserr_inval;
7985
7986 status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0);
7987 if (status != nfs_ok)
7988 return status;
7989 sb = cstate->current_fh.fh_dentry->d_sb;
7990
7991 if (lock->lk_is_new) {
7992 if (nfsd4_has_session(cstate))
7993 /* See rfc 5661 18.10.3: given clientid is ignored: */
7994 memcpy(&lock->lk_new_clientid,
7995 &cstate->clp->cl_clientid,
7996 sizeof(clientid_t));
7997
7998 /* validate and update open stateid and open seqid */
7999 status = nfs4_preprocess_confirmed_seqid_op(cstate,
8000 lock->lk_new_open_seqid,
8001 &lock->lk_new_open_stateid,
8002 &open_stp, nn);
8003 if (status)
8004 goto out;
8005 mutex_unlock(&open_stp->st_mutex);
8006 open_sop = openowner(open_stp->st_stateowner);
8007 status = nfserr_bad_stateid;
8008 if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid,
8009 &lock->lk_new_clientid))
8010 goto out;
8011 status = lookup_or_create_lock_state(cstate, open_stp, lock,
8012 &lock_stp, &new);
8013 } else {
8014 status = nfs4_preprocess_seqid_op(cstate,
8015 lock->lk_old_lock_seqid,
8016 &lock->lk_old_lock_stateid,
8017 SC_TYPE_LOCK, 0, &lock_stp,
8018 nn);
8019 }
8020 if (status)
8021 goto out;
8022 lock_sop = lockowner(lock_stp->st_stateowner);
8023
8024 lkflg = setlkflg(lock->lk_type);
8025 status = nfs4_check_openmode(lock_stp, lkflg);
8026 if (status)
8027 goto out;
8028
8029 status = nfserr_grace;
8030 if (locks_in_grace(net) && !lock->lk_reclaim)
8031 goto out;
8032 status = nfserr_no_grace;
8033 if (!locks_in_grace(net) && lock->lk_reclaim)
8034 goto out;
8035
8036 if (lock->lk_reclaim)
8037 flags |= FL_RECLAIM;
8038
8039 fp = lock_stp->st_stid.sc_file;
8040 switch (lock->lk_type) {
8041 case NFS4_READW_LT:
8042 fallthrough;
8043 case NFS4_READ_LT:
8044 spin_lock(&fp->fi_lock);
8045 nf = find_readable_file_locked(fp);
8046 if (nf)
8047 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ);
8048 spin_unlock(&fp->fi_lock);
8049 type = F_RDLCK;
8050 break;
8051 case NFS4_WRITEW_LT:
8052 fallthrough;
8053 case NFS4_WRITE_LT:
8054 spin_lock(&fp->fi_lock);
8055 nf = find_writeable_file_locked(fp);
8056 if (nf)
8057 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE);
8058 spin_unlock(&fp->fi_lock);
8059 type = F_WRLCK;
8060 break;
8061 default:
8062 status = nfserr_inval;
8063 goto out;
8064 }
8065
8066 if (!nf) {
8067 status = nfserr_openmode;
8068 goto out;
8069 }
8070
8071 if (lock->lk_type & (NFS4_READW_LT | NFS4_WRITEW_LT) &&
8072 nfsd4_has_session(cstate) &&
8073 locks_can_async_lock(nf->nf_file->f_op))
8074 flags |= FL_SLEEP;
8075
8076 nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn);
8077 if (!nbl) {
8078 dprintk("NFSD: %s: unable to allocate block!\n", __func__);
8079 status = nfserr_jukebox;
8080 goto out;
8081 }
8082
8083 file_lock = &nbl->nbl_lock;
8084 file_lock->c.flc_type = type;
8085 file_lock->c.flc_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(&lock_sop->lo_owner));
8086 file_lock->c.flc_pid = current->tgid;
8087 file_lock->c.flc_file = nf->nf_file;
8088 file_lock->c.flc_flags = flags;
8089 file_lock->fl_lmops = &nfsd_posix_mng_ops;
8090 file_lock->fl_start = lock->lk_offset;
8091 file_lock->fl_end = last_byte_offset(lock->lk_offset, lock->lk_length);
8092 nfs4_transform_lock_offset(file_lock);
8093
8094 conflock = locks_alloc_lock();
8095 if (!conflock) {
8096 dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
8097 status = nfserr_jukebox;
8098 goto out;
8099 }
8100
8101 if (flags & FL_SLEEP) {
8102 nbl->nbl_time = ktime_get_boottime_seconds();
8103 spin_lock(&nn->blocked_locks_lock);
8104 list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked);
8105 list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru);
8106 kref_get(&nbl->nbl_kref);
8107 spin_unlock(&nn->blocked_locks_lock);
8108 }
8109
8110 err = vfs_lock_file(nf->nf_file, F_SETLK, file_lock, conflock);
8111 switch (err) {
8112 case 0: /* success! */
8113 nfs4_inc_and_copy_stateid(&lock->lk_resp_stateid, &lock_stp->st_stid);
8114 status = 0;
8115 if (lock->lk_reclaim)
8116 nn->somebody_reclaimed = true;
8117 break;
8118 case FILE_LOCK_DEFERRED:
8119 kref_put(&nbl->nbl_kref, free_nbl);
8120 nbl = NULL;
8121 fallthrough;
8122 case -EAGAIN: /* conflock holds conflicting lock */
8123 status = nfserr_denied;
8124 dprintk("NFSD: nfsd4_lock: conflicting lock found!\n");
8125 nfs4_set_lock_denied(conflock, &lock->lk_denied);
8126 break;
8127 case -EDEADLK:
8128 status = nfserr_deadlock;
8129 break;
8130 default:
8131 dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err);
8132 status = nfserrno(err);
8133 break;
8134 }
8135 out:
8136 if (nbl) {
8137 /* dequeue it if we queued it before */
8138 if (flags & FL_SLEEP) {
8139 spin_lock(&nn->blocked_locks_lock);
8140 if (!list_empty(&nbl->nbl_list) &&
8141 !list_empty(&nbl->nbl_lru)) {
8142 list_del_init(&nbl->nbl_list);
8143 list_del_init(&nbl->nbl_lru);
8144 kref_put(&nbl->nbl_kref, free_nbl);
8145 }
8146 /* nbl can use one of lists to be linked to reaplist */
8147 spin_unlock(&nn->blocked_locks_lock);
8148 }
8149 free_blocked_lock(nbl);
8150 }
8151 if (nf)
8152 nfsd_file_put(nf);
8153 if (lock_stp) {
8154 /* Bump seqid manually if the 4.0 replay owner is openowner */
8155 if (cstate->replay_owner &&
8156 cstate->replay_owner != &lock_sop->lo_owner &&
8157 seqid_mutating_err(ntohl(status)))
8158 lock_sop->lo_owner.so_seqid++;
8159
8160 /*
8161 * If this is a new, never-before-used stateid, and we are
8162 * returning an error, then just go ahead and release it.
8163 */
8164 if (status && new)
8165 release_lock_stateid(lock_stp);
8166
8167 mutex_unlock(&lock_stp->st_mutex);
8168
8169 nfs4_put_stid(&lock_stp->st_stid);
8170 }
8171 if (open_stp)
8172 nfs4_put_stid(&open_stp->st_stid);
8173 nfsd4_bump_seqid(cstate, status);
8174 if (conflock)
8175 locks_free_lock(conflock);
8176 return status;
8177 }
8178
8179 void nfsd4_lock_release(union nfsd4_op_u *u)
8180 {
8181 struct nfsd4_lock *lock = &u->lock;
8182 struct nfsd4_lock_denied *deny = &lock->lk_denied;
8183
8184 kfree(deny->ld_owner.data);
8185 }
8186
8187 /*
8188 * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN,
8189 * so we do a temporary open here just to get an open file to pass to
8190 * vfs_test_lock.
8191 */
8192 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock)
8193 {
8194 struct nfsd_file *nf;
8195 struct inode *inode;
8196 __be32 err;
8197
8198 err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf);
8199 if (err)
8200 return err;
8201 inode = fhp->fh_dentry->d_inode;
8202 inode_lock(inode); /* to block new leases till after test_lock: */
8203 err = nfserrno(nfsd_open_break_lease(inode, NFSD_MAY_READ));
8204 if (err)
8205 goto out;
8206 lock->c.flc_file = nf->nf_file;
8207 err = nfserrno(vfs_test_lock(nf->nf_file, lock));
8208 lock->c.flc_file = NULL;
8209 out:
8210 inode_unlock(inode);
8211 nfsd_file_put(nf);
8212 return err;
8213 }
8214
8215 /*
8216 * LOCKT operation
8217 */
8218 __be32
8219 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
8220 union nfsd4_op_u *u)
8221 {
8222 struct nfsd4_lockt *lockt = &u->lockt;
8223 struct file_lock *file_lock = NULL;
8224 struct nfs4_lockowner *lo = NULL;
8225 __be32 status;
8226 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
8227
8228 if (locks_in_grace(SVC_NET(rqstp)))
8229 return nfserr_grace;
8230
8231 if (check_lock_length(lockt->lt_offset, lockt->lt_length))
8232 return nfserr_inval;
8233
8234 if (!nfsd4_has_session(cstate)) {
8235 status = set_client(&lockt->lt_clientid, cstate, nn);
8236 if (status)
8237 goto out;
8238 }
8239
8240 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
8241 goto out;
8242
8243 file_lock = locks_alloc_lock();
8244 if (!file_lock) {
8245 dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
8246 status = nfserr_jukebox;
8247 goto out;
8248 }
8249
8250 switch (lockt->lt_type) {
8251 case NFS4_READ_LT:
8252 case NFS4_READW_LT:
8253 file_lock->c.flc_type = F_RDLCK;
8254 break;
8255 case NFS4_WRITE_LT:
8256 case NFS4_WRITEW_LT:
8257 file_lock->c.flc_type = F_WRLCK;
8258 break;
8259 default:
8260 dprintk("NFSD: nfs4_lockt: bad lock type!\n");
8261 status = nfserr_inval;
8262 goto out;
8263 }
8264
8265 lo = find_lockowner_str(cstate->clp, &lockt->lt_owner);
8266 if (lo)
8267 file_lock->c.flc_owner = (fl_owner_t)lo;
8268 file_lock->c.flc_pid = current->tgid;
8269 file_lock->c.flc_flags = FL_POSIX;
8270
8271 file_lock->fl_start = lockt->lt_offset;
8272 file_lock->fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length);
8273
8274 nfs4_transform_lock_offset(file_lock);
8275
8276 status = nfsd_test_lock(rqstp, &cstate->current_fh, file_lock);
8277 if (status)
8278 goto out;
8279
8280 if (file_lock->c.flc_type != F_UNLCK) {
8281 status = nfserr_denied;
8282 nfs4_set_lock_denied(file_lock, &lockt->lt_denied);
8283 }
8284 out:
8285 if (lo)
8286 nfs4_put_stateowner(&lo->lo_owner);
8287 if (file_lock)
8288 locks_free_lock(file_lock);
8289 return status;
8290 }
8291
8292 void nfsd4_lockt_release(union nfsd4_op_u *u)
8293 {
8294 struct nfsd4_lockt *lockt = &u->lockt;
8295 struct nfsd4_lock_denied *deny = &lockt->lt_denied;
8296
8297 kfree(deny->ld_owner.data);
8298 }
8299
8300 __be32
8301 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
8302 union nfsd4_op_u *u)
8303 {
8304 struct nfsd4_locku *locku = &u->locku;
8305 struct nfs4_ol_stateid *stp;
8306 struct nfsd_file *nf = NULL;
8307 struct file_lock *file_lock = NULL;
8308 __be32 status;
8309 int err;
8310 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
8311
8312 dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n",
8313 (long long) locku->lu_offset,
8314 (long long) locku->lu_length);
8315
8316 if (check_lock_length(locku->lu_offset, locku->lu_length))
8317 return nfserr_inval;
8318
8319 status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid,
8320 &locku->lu_stateid, SC_TYPE_LOCK, 0,
8321 &stp, nn);
8322 if (status)
8323 goto out;
8324 nf = find_any_file(stp->st_stid.sc_file);
8325 if (!nf) {
8326 status = nfserr_lock_range;
8327 goto put_stateid;
8328 }
8329 file_lock = locks_alloc_lock();
8330 if (!file_lock) {
8331 dprintk("NFSD: %s: unable to allocate lock!\n", __func__);
8332 status = nfserr_jukebox;
8333 goto put_file;
8334 }
8335
8336 file_lock->c.flc_type = F_UNLCK;
8337 file_lock->c.flc_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(stp->st_stateowner));
8338 file_lock->c.flc_pid = current->tgid;
8339 file_lock->c.flc_file = nf->nf_file;
8340 file_lock->c.flc_flags = FL_POSIX;
8341 file_lock->fl_lmops = &nfsd_posix_mng_ops;
8342 file_lock->fl_start = locku->lu_offset;
8343
8344 file_lock->fl_end = last_byte_offset(locku->lu_offset,
8345 locku->lu_length);
8346 nfs4_transform_lock_offset(file_lock);
8347
8348 err = vfs_lock_file(nf->nf_file, F_SETLK, file_lock, NULL);
8349 if (err) {
8350 dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n");
8351 goto out_nfserr;
8352 }
8353 nfs4_inc_and_copy_stateid(&locku->lu_stateid, &stp->st_stid);
8354 put_file:
8355 nfsd_file_put(nf);
8356 put_stateid:
8357 mutex_unlock(&stp->st_mutex);
8358 nfs4_put_stid(&stp->st_stid);
8359 out:
8360 nfsd4_bump_seqid(cstate, status);
8361 if (file_lock)
8362 locks_free_lock(file_lock);
8363 return status;
8364
8365 out_nfserr:
8366 status = nfserrno(err);
8367 goto put_file;
8368 }
8369
8370 /*
8371 * returns
8372 * true: locks held by lockowner
8373 * false: no locks held by lockowner
8374 */
8375 static bool
8376 check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner)
8377 {
8378 struct file_lock *fl;
8379 int status = false;
8380 struct nfsd_file *nf;
8381 struct inode *inode;
8382 struct file_lock_context *flctx;
8383
8384 spin_lock(&fp->fi_lock);
8385 nf = find_any_file_locked(fp);
8386 if (!nf) {
8387 /* Any valid lock stateid should have some sort of access */
8388 WARN_ON_ONCE(1);
8389 goto out;
8390 }
8391
8392 inode = file_inode(nf->nf_file);
8393 flctx = locks_inode_context(inode);
8394
8395 if (flctx && !list_empty_careful(&flctx->flc_posix)) {
8396 spin_lock(&flctx->flc_lock);
8397 for_each_file_lock(fl, &flctx->flc_posix) {
8398 if (fl->c.flc_owner == (fl_owner_t)lowner) {
8399 status = true;
8400 break;
8401 }
8402 }
8403 spin_unlock(&flctx->flc_lock);
8404 }
8405 out:
8406 spin_unlock(&fp->fi_lock);
8407 return status;
8408 }
8409
8410 /**
8411 * nfsd4_release_lockowner - process NFSv4.0 RELEASE_LOCKOWNER operations
8412 * @rqstp: RPC transaction
8413 * @cstate: NFSv4 COMPOUND state
8414 * @u: RELEASE_LOCKOWNER arguments
8415 *
8416 * Check if there are any locks still held and if not, free the lockowner
8417 * and any lock state that is owned.
8418 *
8419 * Return values:
8420 * %nfs_ok: lockowner released or not found
8421 * %nfserr_locks_held: lockowner still in use
8422 * %nfserr_stale_clientid: clientid no longer active
8423 * %nfserr_expired: clientid not recognized
8424 */
8425 __be32
8426 nfsd4_release_lockowner(struct svc_rqst *rqstp,
8427 struct nfsd4_compound_state *cstate,
8428 union nfsd4_op_u *u)
8429 {
8430 struct nfsd4_release_lockowner *rlockowner = &u->release_lockowner;
8431 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
8432 clientid_t *clid = &rlockowner->rl_clientid;
8433 struct nfs4_ol_stateid *stp;
8434 struct nfs4_lockowner *lo;
8435 struct nfs4_client *clp;
8436 LIST_HEAD(reaplist);
8437 __be32 status;
8438
8439 dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n",
8440 clid->cl_boot, clid->cl_id);
8441
8442 status = set_client(clid, cstate, nn);
8443 if (status)
8444 return status;
8445 clp = cstate->clp;
8446
8447 spin_lock(&clp->cl_lock);
8448 lo = find_lockowner_str_locked(clp, &rlockowner->rl_owner);
8449 if (!lo) {
8450 spin_unlock(&clp->cl_lock);
8451 return nfs_ok;
8452 }
8453
8454 list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) {
8455 if (check_for_locks(stp->st_stid.sc_file, lo)) {
8456 spin_unlock(&clp->cl_lock);
8457 nfs4_put_stateowner(&lo->lo_owner);
8458 return nfserr_locks_held;
8459 }
8460 }
8461 unhash_lockowner_locked(lo);
8462 while (!list_empty(&lo->lo_owner.so_stateids)) {
8463 stp = list_first_entry(&lo->lo_owner.so_stateids,
8464 struct nfs4_ol_stateid,
8465 st_perstateowner);
8466 unhash_lock_stateid(stp);
8467 put_ol_stateid_locked(stp, &reaplist);
8468 }
8469 spin_unlock(&clp->cl_lock);
8470
8471 free_ol_stateid_reaplist(&reaplist);
8472 remove_blocked_locks(lo);
8473 nfs4_put_stateowner(&lo->lo_owner);
8474 return nfs_ok;
8475 }
8476
8477 static inline struct nfs4_client_reclaim *
8478 alloc_reclaim(void)
8479 {
8480 return kmalloc(sizeof(struct nfs4_client_reclaim), GFP_KERNEL);
8481 }
8482
8483 bool
8484 nfs4_has_reclaimed_state(struct xdr_netobj name, struct nfsd_net *nn)
8485 {
8486 struct nfs4_client_reclaim *crp;
8487
8488 crp = nfsd4_find_reclaim_client(name, nn);
8489 return (crp && crp->cr_clp);
8490 }
8491
8492 /*
8493 * failure => all reset bets are off, nfserr_no_grace...
8494 *
8495 * The caller is responsible for freeing name.data if NULL is returned (it
8496 * will be freed in nfs4_remove_reclaim_record in the normal case).
8497 */
8498 struct nfs4_client_reclaim *
8499 nfs4_client_to_reclaim(struct xdr_netobj name, struct xdr_netobj princhash,
8500 struct nfsd_net *nn)
8501 {
8502 unsigned int strhashval;
8503 struct nfs4_client_reclaim *crp;
8504
8505 crp = alloc_reclaim();
8506 if (crp) {
8507 strhashval = clientstr_hashval(name);
8508 INIT_LIST_HEAD(&crp->cr_strhash);
8509 list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]);
8510 crp->cr_name.data = name.data;
8511 crp->cr_name.len = name.len;
8512 crp->cr_princhash.data = princhash.data;
8513 crp->cr_princhash.len = princhash.len;
8514 crp->cr_clp = NULL;
8515 nn->reclaim_str_hashtbl_size++;
8516 }
8517 return crp;
8518 }
8519
8520 void
8521 nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn)
8522 {
8523 list_del(&crp->cr_strhash);
8524 kfree(crp->cr_name.data);
8525 kfree(crp->cr_princhash.data);
8526 kfree(crp);
8527 nn->reclaim_str_hashtbl_size--;
8528 }
8529
8530 void
8531 nfs4_release_reclaim(struct nfsd_net *nn)
8532 {
8533 struct nfs4_client_reclaim *crp = NULL;
8534 int i;
8535
8536 for (i = 0; i < CLIENT_HASH_SIZE; i++) {
8537 while (!list_empty(&nn->reclaim_str_hashtbl[i])) {
8538 crp = list_entry(nn->reclaim_str_hashtbl[i].next,
8539 struct nfs4_client_reclaim, cr_strhash);
8540 nfs4_remove_reclaim_record(crp, nn);
8541 }
8542 }
8543 WARN_ON_ONCE(nn->reclaim_str_hashtbl_size);
8544 }
8545
8546 /*
8547 * called from OPEN, CLAIM_PREVIOUS with a new clientid. */
8548 struct nfs4_client_reclaim *
8549 nfsd4_find_reclaim_client(struct xdr_netobj name, struct nfsd_net *nn)
8550 {
8551 unsigned int strhashval;
8552 struct nfs4_client_reclaim *crp = NULL;
8553
8554 strhashval = clientstr_hashval(name);
8555 list_for_each_entry(crp, &nn->reclaim_str_hashtbl[strhashval], cr_strhash) {
8556 if (compare_blob(&crp->cr_name, &name) == 0) {
8557 return crp;
8558 }
8559 }
8560 return NULL;
8561 }
8562
8563 __be32
8564 nfs4_check_open_reclaim(struct nfs4_client *clp)
8565 {
8566 if (test_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &clp->cl_flags))
8567 return nfserr_no_grace;
8568
8569 if (nfsd4_client_record_check(clp))
8570 return nfserr_reclaim_bad;
8571
8572 return nfs_ok;
8573 }
8574
8575 /*
8576 * Since the lifetime of a delegation isn't limited to that of an open, a
8577 * client may quite reasonably hang on to a delegation as long as it has
8578 * the inode cached. This becomes an obvious problem the first time a
8579 * client's inode cache approaches the size of the server's total memory.
8580 *
8581 * For now we avoid this problem by imposing a hard limit on the number
8582 * of delegations, which varies according to the server's memory size.
8583 */
8584 static void
8585 set_max_delegations(void)
8586 {
8587 /*
8588 * Allow at most 4 delegations per megabyte of RAM. Quick
8589 * estimates suggest that in the worst case (where every delegation
8590 * is for a different inode), a delegation could take about 1.5K,
8591 * giving a worst case usage of about 6% of memory.
8592 */
8593 max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT);
8594 }
8595
8596 static int nfs4_state_create_net(struct net *net)
8597 {
8598 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
8599 int i;
8600
8601 nn->conf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE,
8602 sizeof(struct list_head),
8603 GFP_KERNEL);
8604 if (!nn->conf_id_hashtbl)
8605 goto err;
8606 nn->unconf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE,
8607 sizeof(struct list_head),
8608 GFP_KERNEL);
8609 if (!nn->unconf_id_hashtbl)
8610 goto err_unconf_id;
8611 nn->sessionid_hashtbl = kmalloc_array(SESSION_HASH_SIZE,
8612 sizeof(struct list_head),
8613 GFP_KERNEL);
8614 if (!nn->sessionid_hashtbl)
8615 goto err_sessionid;
8616
8617 for (i = 0; i < CLIENT_HASH_SIZE; i++) {
8618 INIT_LIST_HEAD(&nn->conf_id_hashtbl[i]);
8619 INIT_LIST_HEAD(&nn->unconf_id_hashtbl[i]);
8620 }
8621 for (i = 0; i < SESSION_HASH_SIZE; i++)
8622 INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]);
8623 nn->conf_name_tree = RB_ROOT;
8624 nn->unconf_name_tree = RB_ROOT;
8625 nn->boot_time = ktime_get_real_seconds();
8626 nn->grace_ended = false;
8627 nn->nfsd4_manager.block_opens = true;
8628 INIT_LIST_HEAD(&nn->nfsd4_manager.list);
8629 INIT_LIST_HEAD(&nn->client_lru);
8630 INIT_LIST_HEAD(&nn->close_lru);
8631 INIT_LIST_HEAD(&nn->del_recall_lru);
8632 spin_lock_init(&nn->client_lock);
8633 spin_lock_init(&nn->s2s_cp_lock);
8634 idr_init(&nn->s2s_cp_stateids);
8635 atomic_set(&nn->pending_async_copies, 0);
8636
8637 spin_lock_init(&nn->blocked_locks_lock);
8638 INIT_LIST_HEAD(&nn->blocked_locks_lru);
8639
8640 INIT_DELAYED_WORK(&nn->laundromat_work, laundromat_main);
8641 INIT_WORK(&nn->nfsd_shrinker_work, nfsd4_state_shrinker_worker);
8642 get_net(net);
8643
8644 nn->nfsd_client_shrinker = shrinker_alloc(0, "nfsd-client");
8645 if (!nn->nfsd_client_shrinker)
8646 goto err_shrinker;
8647
8648 nn->nfsd_client_shrinker->scan_objects = nfsd4_state_shrinker_scan;
8649 nn->nfsd_client_shrinker->count_objects = nfsd4_state_shrinker_count;
8650 nn->nfsd_client_shrinker->private_data = nn;
8651
8652 shrinker_register(nn->nfsd_client_shrinker);
8653
8654 return 0;
8655
8656 err_shrinker:
8657 put_net(net);
8658 kfree(nn->sessionid_hashtbl);
8659 err_sessionid:
8660 kfree(nn->unconf_id_hashtbl);
8661 err_unconf_id:
8662 kfree(nn->conf_id_hashtbl);
8663 err:
8664 return -ENOMEM;
8665 }
8666
8667 static void
8668 nfs4_state_destroy_net(struct net *net)
8669 {
8670 int i;
8671 struct nfs4_client *clp = NULL;
8672 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
8673
8674 for (i = 0; i < CLIENT_HASH_SIZE; i++) {
8675 while (!list_empty(&nn->conf_id_hashtbl[i])) {
8676 clp = list_entry(nn->conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash);
8677 destroy_client(clp);
8678 }
8679 }
8680
8681 WARN_ON(!list_empty(&nn->blocked_locks_lru));
8682
8683 for (i = 0; i < CLIENT_HASH_SIZE; i++) {
8684 while (!list_empty(&nn->unconf_id_hashtbl[i])) {
8685 clp = list_entry(nn->unconf_id_hashtbl[i].next, struct nfs4_client, cl_idhash);
8686 destroy_client(clp);
8687 }
8688 }
8689
8690 kfree(nn->sessionid_hashtbl);
8691 kfree(nn->unconf_id_hashtbl);
8692 kfree(nn->conf_id_hashtbl);
8693 put_net(net);
8694 }
8695
8696 int
8697 nfs4_state_start_net(struct net *net)
8698 {
8699 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
8700 int ret;
8701
8702 ret = nfs4_state_create_net(net);
8703 if (ret)
8704 return ret;
8705 locks_start_grace(net, &nn->nfsd4_manager);
8706 nfsd4_client_tracking_init(net);
8707 if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0)
8708 goto skip_grace;
8709 printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n",
8710 nn->nfsd4_grace, net->ns.inum);
8711 trace_nfsd_grace_start(nn);
8712 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_grace * HZ);
8713 return 0;
8714
8715 skip_grace:
8716 printk(KERN_INFO "NFSD: no clients to reclaim, skipping NFSv4 grace period (net %x)\n",
8717 net->ns.inum);
8718 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_lease * HZ);
8719 nfsd4_end_grace(nn);
8720 return 0;
8721 }
8722
8723 /* initialization to perform when the nfsd service is started: */
8724
8725 int
8726 nfs4_state_start(void)
8727 {
8728 int ret;
8729
8730 ret = rhltable_init(&nfs4_file_rhltable, &nfs4_file_rhash_params);
8731 if (ret)
8732 return ret;
8733
8734 set_max_delegations();
8735 return 0;
8736 }
8737
8738 void
8739 nfs4_state_shutdown_net(struct net *net)
8740 {
8741 struct nfs4_delegation *dp = NULL;
8742 struct list_head *pos, *next, reaplist;
8743 struct nfsd_net *nn = net_generic(net, nfsd_net_id);
8744
8745 shrinker_free(nn->nfsd_client_shrinker);
8746 cancel_work_sync(&nn->nfsd_shrinker_work);
8747 cancel_delayed_work_sync(&nn->laundromat_work);
8748 locks_end_grace(&nn->nfsd4_manager);
8749
8750 INIT_LIST_HEAD(&reaplist);
8751 spin_lock(&state_lock);
8752 list_for_each_safe(pos, next, &nn->del_recall_lru) {
8753 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
8754 unhash_delegation_locked(dp, SC_STATUS_CLOSED);
8755 list_add(&dp->dl_recall_lru, &reaplist);
8756 }
8757 spin_unlock(&state_lock);
8758 list_for_each_safe(pos, next, &reaplist) {
8759 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru);
8760 list_del_init(&dp->dl_recall_lru);
8761 destroy_unhashed_deleg(dp);
8762 }
8763
8764 nfsd4_client_tracking_exit(net);
8765 nfs4_state_destroy_net(net);
8766 #ifdef CONFIG_NFSD_V4_2_INTER_SSC
8767 nfsd4_ssc_shutdown_umount(nn);
8768 #endif
8769 }
8770
8771 void
8772 nfs4_state_shutdown(void)
8773 {
8774 rhltable_destroy(&nfs4_file_rhltable);
8775 }
8776
8777 static void
8778 get_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid)
8779 {
8780 if (HAS_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG) &&
8781 CURRENT_STATEID(stateid))
8782 memcpy(stateid, &cstate->current_stateid, sizeof(stateid_t));
8783 }
8784
8785 static void
8786 put_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid)
8787 {
8788 if (cstate->minorversion) {
8789 memcpy(&cstate->current_stateid, stateid, sizeof(stateid_t));
8790 SET_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG);
8791 }
8792 }
8793
8794 void
8795 clear_current_stateid(struct nfsd4_compound_state *cstate)
8796 {
8797 CLEAR_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG);
8798 }
8799
8800 /*
8801 * functions to set current state id
8802 */
8803 void
8804 nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate,
8805 union nfsd4_op_u *u)
8806 {
8807 put_stateid(cstate, &u->open_downgrade.od_stateid);
8808 }
8809
8810 void
8811 nfsd4_set_openstateid(struct nfsd4_compound_state *cstate,
8812 union nfsd4_op_u *u)
8813 {
8814 put_stateid(cstate, &u->open.op_stateid);
8815 }
8816
8817 void
8818 nfsd4_set_closestateid(struct nfsd4_compound_state *cstate,
8819 union nfsd4_op_u *u)
8820 {
8821 put_stateid(cstate, &u->close.cl_stateid);
8822 }
8823
8824 void
8825 nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate,
8826 union nfsd4_op_u *u)
8827 {
8828 put_stateid(cstate, &u->lock.lk_resp_stateid);
8829 }
8830
8831 /*
8832 * functions to consume current state id
8833 */
8834
8835 void
8836 nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate,
8837 union nfsd4_op_u *u)
8838 {
8839 get_stateid(cstate, &u->open_downgrade.od_stateid);
8840 }
8841
8842 void
8843 nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate,
8844 union nfsd4_op_u *u)
8845 {
8846 get_stateid(cstate, &u->delegreturn.dr_stateid);
8847 }
8848
8849 void
8850 nfsd4_get_freestateid(struct nfsd4_compound_state *cstate,
8851 union nfsd4_op_u *u)
8852 {
8853 get_stateid(cstate, &u->free_stateid.fr_stateid);
8854 }
8855
8856 void
8857 nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate,
8858 union nfsd4_op_u *u)
8859 {
8860 get_stateid(cstate, &u->setattr.sa_stateid);
8861 }
8862
8863 void
8864 nfsd4_get_closestateid(struct nfsd4_compound_state *cstate,
8865 union nfsd4_op_u *u)
8866 {
8867 get_stateid(cstate, &u->close.cl_stateid);
8868 }
8869
8870 void
8871 nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate,
8872 union nfsd4_op_u *u)
8873 {
8874 get_stateid(cstate, &u->locku.lu_stateid);
8875 }
8876
8877 void
8878 nfsd4_get_readstateid(struct nfsd4_compound_state *cstate,
8879 union nfsd4_op_u *u)
8880 {
8881 get_stateid(cstate, &u->read.rd_stateid);
8882 }
8883
8884 void
8885 nfsd4_get_writestateid(struct nfsd4_compound_state *cstate,
8886 union nfsd4_op_u *u)
8887 {
8888 get_stateid(cstate, &u->write.wr_stateid);
8889 }
8890
8891 /**
8892 * nfsd4_deleg_getattr_conflict - Recall if GETATTR causes conflict
8893 * @rqstp: RPC transaction context
8894 * @dentry: dentry of inode to be checked for a conflict
8895 * @pdp: returned WRITE delegation, if one was found
8896 *
8897 * This function is called when there is a conflict between a write
8898 * delegation and a change/size GETATTR from another client. The server
8899 * must either use the CB_GETATTR to get the current values of the
8900 * attributes from the client that holds the delegation or recall the
8901 * delegation before replying to the GETATTR. See RFC 8881 section
8902 * 18.7.4.
8903 *
8904 * Returns 0 if there is no conflict; otherwise an nfs_stat
8905 * code is returned. If @pdp is set to a non-NULL value, then the
8906 * caller must put the reference.
8907 */
8908 __be32
8909 nfsd4_deleg_getattr_conflict(struct svc_rqst *rqstp, struct dentry *dentry,
8910 struct nfs4_delegation **pdp)
8911 {
8912 __be32 status;
8913 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
8914 struct file_lock_context *ctx;
8915 struct nfs4_delegation *dp = NULL;
8916 struct file_lease *fl;
8917 struct iattr attrs;
8918 struct nfs4_cb_fattr *ncf;
8919 struct inode *inode = d_inode(dentry);
8920
8921 ctx = locks_inode_context(inode);
8922 if (!ctx)
8923 return nfs_ok;
8924
8925 #define NON_NFSD_LEASE ((void *)1)
8926
8927 spin_lock(&ctx->flc_lock);
8928 for_each_file_lock(fl, &ctx->flc_lease) {
8929 if (fl->c.flc_flags == FL_LAYOUT)
8930 continue;
8931 if (fl->c.flc_type == F_WRLCK) {
8932 if (fl->fl_lmops == &nfsd_lease_mng_ops)
8933 dp = fl->c.flc_owner;
8934 else
8935 dp = NON_NFSD_LEASE;
8936 }
8937 break;
8938 }
8939 if (dp == NULL || dp == NON_NFSD_LEASE ||
8940 dp->dl_recall.cb_clp == *(rqstp->rq_lease_breaker)) {
8941 spin_unlock(&ctx->flc_lock);
8942 if (dp == NON_NFSD_LEASE) {
8943 status = nfserrno(nfsd_open_break_lease(inode,
8944 NFSD_MAY_READ));
8945 if (status != nfserr_jukebox ||
8946 !nfsd_wait_for_delegreturn(rqstp, inode))
8947 return status;
8948 }
8949 return 0;
8950 }
8951
8952 nfsd_stats_wdeleg_getattr_inc(nn);
8953 refcount_inc(&dp->dl_stid.sc_count);
8954 ncf = &dp->dl_cb_fattr;
8955 nfs4_cb_getattr(&dp->dl_cb_fattr);
8956 spin_unlock(&ctx->flc_lock);
8957
8958 wait_on_bit_timeout(&ncf->ncf_cb_flags, CB_GETATTR_BUSY,
8959 TASK_INTERRUPTIBLE, NFSD_CB_GETATTR_TIMEOUT);
8960 if (ncf->ncf_cb_status) {
8961 /* Recall delegation only if client didn't respond */
8962 status = nfserrno(nfsd_open_break_lease(inode, NFSD_MAY_READ));
8963 if (status != nfserr_jukebox ||
8964 !nfsd_wait_for_delegreturn(rqstp, inode))
8965 goto out_status;
8966 }
8967 if (!ncf->ncf_file_modified &&
8968 (ncf->ncf_initial_cinfo != ncf->ncf_cb_change ||
8969 ncf->ncf_cur_fsize != ncf->ncf_cb_fsize))
8970 ncf->ncf_file_modified = true;
8971 if (ncf->ncf_file_modified) {
8972 int err;
8973
8974 /*
8975 * Per section 10.4.3 of RFC 8881, the server would
8976 * not update the file's metadata with the client's
8977 * modified size
8978 */
8979 attrs.ia_mtime = attrs.ia_ctime = current_time(inode);
8980 attrs.ia_valid = ATTR_MTIME | ATTR_CTIME | ATTR_DELEG;
8981 inode_lock(inode);
8982 err = notify_change(&nop_mnt_idmap, dentry, &attrs, NULL);
8983 inode_unlock(inode);
8984 if (err) {
8985 status = nfserrno(err);
8986 goto out_status;
8987 }
8988 ncf->ncf_cur_fsize = ncf->ncf_cb_fsize;
8989 *pdp = dp;
8990 return nfs_ok;
8991 }
8992 status = nfs_ok;
8993 out_status:
8994 nfs4_put_stid(&dp->dl_stid);
8995 return status;
8996 }
Kernel DRM miscellaneous fixes and cross-tree changes