1 /* 2 * Copyright (c) 2001 The Regents of the University of Michigan. 3 * All rights reserved. 4 * 5 * Kendrick Smith <kmsmith@umich.edu> 6 * Andy Adamson <kandros@umich.edu> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the University nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 22 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 23 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 24 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * 33 */ 34 35 #include <linux/file.h> 36 #include <linux/fs.h> 37 #include <linux/slab.h> 38 #include <linux/namei.h> 39 #include <linux/swap.h> 40 #include <linux/pagemap.h> 41 #include <linux/ratelimit.h> 42 #include <linux/sunrpc/svcauth_gss.h> 43 #include <linux/sunrpc/addr.h> 44 #include <linux/jhash.h> 45 #include <linux/string_helpers.h> 46 #include <linux/fsnotify.h> 47 #include <linux/rhashtable.h> 48 #include <linux/nfs_ssc.h> 49 50 #include "xdr4.h" 51 #include "xdr4cb.h" 52 #include "vfs.h" 53 #include "current_stateid.h" 54 55 #include "netns.h" 56 #include "pnfs.h" 57 #include "filecache.h" 58 #include "trace.h" 59 60 #define NFSDDBG_FACILITY NFSDDBG_PROC 61 62 #define all_ones {{ ~0, ~0}, ~0} 63 static const stateid_t one_stateid = { 64 .si_generation = ~0, 65 .si_opaque = all_ones, 66 }; 67 static const stateid_t zero_stateid = { 68 /* all fields zero */ 69 }; 70 static const stateid_t currentstateid = { 71 .si_generation = 1, 72 }; 73 static const stateid_t close_stateid = { 74 .si_generation = 0xffffffffU, 75 }; 76 77 static u64 current_sessionid = 1; 78 79 bool nfsd_delegts_enabled __read_mostly = true; 80 81 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t))) 82 #define ONE_STATEID(stateid) (!memcmp((stateid), &one_stateid, sizeof(stateid_t))) 83 #define CURRENT_STATEID(stateid) (!memcmp((stateid), ¤tstateid, sizeof(stateid_t))) 84 #define CLOSE_STATEID(stateid) (!memcmp((stateid), &close_stateid, sizeof(stateid_t))) 85 86 /* forward declarations */ 87 static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); 88 static void nfs4_free_ol_stateid(struct nfs4_stid *stid); 89 static void nfsd4_end_grace(struct nfsd_net *nn); 90 static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); 91 static void nfsd4_file_hash_remove(struct nfs4_file *fi); 92 static void deleg_reaper(struct nfsd_net *nn); 93 94 /* Locking: */ 95 96 enum nfsd4_st_mutex_lock_subclass { 97 OPEN_STATEID_MUTEX = 0, 98 LOCK_STATEID_MUTEX = 1, 99 }; 100 101 /* 102 * A waitqueue for all in-progress 4.0 CLOSE operations that are waiting for 103 * the refcount on the open stateid to drop. 104 */ 105 static DECLARE_WAIT_QUEUE_HEAD(close_wq); 106 107 /* 108 * A waitqueue where a writer to clients/#/ctl destroying a client can 109 * wait for cl_rpc_users to drop to 0 and then for the client to be 110 * unhashed. 111 */ 112 static DECLARE_WAIT_QUEUE_HEAD(expiry_wq); 113 114 static struct kmem_cache *client_slab; 115 static struct kmem_cache *openowner_slab; 116 static struct kmem_cache *lockowner_slab; 117 static struct kmem_cache *file_slab; 118 static struct kmem_cache *stateid_slab; 119 static struct kmem_cache *deleg_slab; 120 static struct kmem_cache *odstate_slab; 121 122 static void free_session(struct nfsd4_session *); 123 124 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops; 125 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops; 126 static const struct nfsd4_callback_ops nfsd4_cb_getattr_ops; 127 128 static struct workqueue_struct *laundry_wq; 129 130 int nfsd4_create_laundry_wq(void) 131 { 132 int rc = 0; 133 134 laundry_wq = alloc_workqueue("%s", WQ_UNBOUND, 0, "nfsd4"); 135 if (laundry_wq == NULL) 136 rc = -ENOMEM; 137 return rc; 138 } 139 140 void nfsd4_destroy_laundry_wq(void) 141 { 142 destroy_workqueue(laundry_wq); 143 } 144 145 static bool is_session_dead(struct nfsd4_session *ses) 146 { 147 return ses->se_dead; 148 } 149 150 static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me) 151 { 152 if (atomic_read(&ses->se_ref) > ref_held_by_me) 153 return nfserr_jukebox; 154 ses->se_dead = true; 155 return nfs_ok; 156 } 157 158 static bool is_client_expired(struct nfs4_client *clp) 159 { 160 return clp->cl_time == 0; 161 } 162 163 static void nfsd4_dec_courtesy_client_count(struct nfsd_net *nn, 164 struct nfs4_client *clp) 165 { 166 if (clp->cl_state != NFSD4_ACTIVE) 167 atomic_add_unless(&nn->nfsd_courtesy_clients, -1, 0); 168 } 169 170 static __be32 get_client_locked(struct nfs4_client *clp) 171 { 172 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 173 174 lockdep_assert_held(&nn->client_lock); 175 176 if (is_client_expired(clp)) 177 return nfserr_expired; 178 atomic_inc(&clp->cl_rpc_users); 179 nfsd4_dec_courtesy_client_count(nn, clp); 180 clp->cl_state = NFSD4_ACTIVE; 181 return nfs_ok; 182 } 183 184 /* must be called under the client_lock */ 185 static inline void 186 renew_client_locked(struct nfs4_client *clp) 187 { 188 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 189 190 if (is_client_expired(clp)) { 191 WARN_ON(1); 192 printk("%s: client (clientid %08x/%08x) already expired\n", 193 __func__, 194 clp->cl_clientid.cl_boot, 195 clp->cl_clientid.cl_id); 196 return; 197 } 198 199 list_move_tail(&clp->cl_lru, &nn->client_lru); 200 clp->cl_time = ktime_get_boottime_seconds(); 201 nfsd4_dec_courtesy_client_count(nn, clp); 202 clp->cl_state = NFSD4_ACTIVE; 203 } 204 205 static void put_client_renew_locked(struct nfs4_client *clp) 206 { 207 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 208 209 lockdep_assert_held(&nn->client_lock); 210 211 if (!atomic_dec_and_test(&clp->cl_rpc_users)) 212 return; 213 if (!is_client_expired(clp)) 214 renew_client_locked(clp); 215 else 216 wake_up_all(&expiry_wq); 217 } 218 219 static void put_client_renew(struct nfs4_client *clp) 220 { 221 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 222 223 if (!atomic_dec_and_lock(&clp->cl_rpc_users, &nn->client_lock)) 224 return; 225 if (!is_client_expired(clp)) 226 renew_client_locked(clp); 227 else 228 wake_up_all(&expiry_wq); 229 spin_unlock(&nn->client_lock); 230 } 231 232 static __be32 nfsd4_get_session_locked(struct nfsd4_session *ses) 233 { 234 __be32 status; 235 236 if (is_session_dead(ses)) 237 return nfserr_badsession; 238 status = get_client_locked(ses->se_client); 239 if (status) 240 return status; 241 atomic_inc(&ses->se_ref); 242 return nfs_ok; 243 } 244 245 static void nfsd4_put_session_locked(struct nfsd4_session *ses) 246 { 247 struct nfs4_client *clp = ses->se_client; 248 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 249 250 lockdep_assert_held(&nn->client_lock); 251 252 if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses)) 253 free_session(ses); 254 put_client_renew_locked(clp); 255 } 256 257 static void nfsd4_put_session(struct nfsd4_session *ses) 258 { 259 struct nfs4_client *clp = ses->se_client; 260 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 261 262 spin_lock(&nn->client_lock); 263 nfsd4_put_session_locked(ses); 264 spin_unlock(&nn->client_lock); 265 } 266 267 static struct nfsd4_blocked_lock * 268 find_blocked_lock(struct nfs4_lockowner *lo, struct knfsd_fh *fh, 269 struct nfsd_net *nn) 270 { 271 struct nfsd4_blocked_lock *cur, *found = NULL; 272 273 spin_lock(&nn->blocked_locks_lock); 274 list_for_each_entry(cur, &lo->lo_blocked, nbl_list) { 275 if (fh_match(fh, &cur->nbl_fh)) { 276 list_del_init(&cur->nbl_list); 277 WARN_ON(list_empty(&cur->nbl_lru)); 278 list_del_init(&cur->nbl_lru); 279 found = cur; 280 break; 281 } 282 } 283 spin_unlock(&nn->blocked_locks_lock); 284 if (found) 285 locks_delete_block(&found->nbl_lock); 286 return found; 287 } 288 289 static struct nfsd4_blocked_lock * 290 find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh, 291 struct nfsd_net *nn) 292 { 293 struct nfsd4_blocked_lock *nbl; 294 295 nbl = find_blocked_lock(lo, fh, nn); 296 if (!nbl) { 297 nbl = kmalloc_obj(*nbl); 298 if (nbl) { 299 INIT_LIST_HEAD(&nbl->nbl_list); 300 INIT_LIST_HEAD(&nbl->nbl_lru); 301 fh_copy_shallow(&nbl->nbl_fh, fh); 302 locks_init_lock(&nbl->nbl_lock); 303 kref_init(&nbl->nbl_kref); 304 nfsd4_init_cb(&nbl->nbl_cb, lo->lo_owner.so_client, 305 &nfsd4_cb_notify_lock_ops, 306 NFSPROC4_CLNT_CB_NOTIFY_LOCK); 307 } 308 } 309 return nbl; 310 } 311 312 static void 313 free_nbl(struct kref *kref) 314 { 315 struct nfsd4_blocked_lock *nbl; 316 317 nbl = container_of(kref, struct nfsd4_blocked_lock, nbl_kref); 318 locks_release_private(&nbl->nbl_lock); 319 kfree(nbl); 320 } 321 322 static void 323 free_blocked_lock(struct nfsd4_blocked_lock *nbl) 324 { 325 locks_delete_block(&nbl->nbl_lock); 326 kref_put(&nbl->nbl_kref, free_nbl); 327 } 328 329 static void 330 remove_blocked_locks(struct nfs4_lockowner *lo) 331 { 332 struct nfs4_client *clp = lo->lo_owner.so_client; 333 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 334 struct nfsd4_blocked_lock *nbl; 335 LIST_HEAD(reaplist); 336 337 /* Dequeue all blocked locks */ 338 spin_lock(&nn->blocked_locks_lock); 339 while (!list_empty(&lo->lo_blocked)) { 340 nbl = list_first_entry(&lo->lo_blocked, 341 struct nfsd4_blocked_lock, 342 nbl_list); 343 list_del_init(&nbl->nbl_list); 344 WARN_ON(list_empty(&nbl->nbl_lru)); 345 list_move(&nbl->nbl_lru, &reaplist); 346 } 347 spin_unlock(&nn->blocked_locks_lock); 348 349 /* Now free them */ 350 while (!list_empty(&reaplist)) { 351 nbl = list_first_entry(&reaplist, struct nfsd4_blocked_lock, 352 nbl_lru); 353 list_del_init(&nbl->nbl_lru); 354 free_blocked_lock(nbl); 355 } 356 } 357 358 static void 359 nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb) 360 { 361 struct nfsd4_blocked_lock *nbl = container_of(cb, 362 struct nfsd4_blocked_lock, nbl_cb); 363 locks_delete_block(&nbl->nbl_lock); 364 } 365 366 static int 367 nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task) 368 { 369 trace_nfsd_cb_notify_lock_done(&zero_stateid, task); 370 371 /* 372 * Since this is just an optimization, we don't try very hard if it 373 * turns out not to succeed. We'll requeue it on NFS4ERR_DELAY, and 374 * just quit trying on anything else. 375 */ 376 switch (task->tk_status) { 377 case -NFS4ERR_DELAY: 378 rpc_delay(task, 1 * HZ); 379 return 0; 380 default: 381 return 1; 382 } 383 } 384 385 static void 386 nfsd4_cb_notify_lock_release(struct nfsd4_callback *cb) 387 { 388 struct nfsd4_blocked_lock *nbl = container_of(cb, 389 struct nfsd4_blocked_lock, nbl_cb); 390 391 free_blocked_lock(nbl); 392 } 393 394 static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = { 395 .prepare = nfsd4_cb_notify_lock_prepare, 396 .done = nfsd4_cb_notify_lock_done, 397 .release = nfsd4_cb_notify_lock_release, 398 .opcode = OP_CB_NOTIFY_LOCK, 399 }; 400 401 /* 402 * We store the NONE, READ, WRITE, and BOTH bits separately in the 403 * st_{access,deny}_bmap field of the stateid, in order to track not 404 * only what share bits are currently in force, but also what 405 * combinations of share bits previous opens have used. This allows us 406 * to enforce the recommendation in 407 * https://datatracker.ietf.org/doc/html/rfc7530#section-16.19.4 that 408 * the server return an error if the client attempt to downgrade to a 409 * combination of share bits not explicable by closing some of its 410 * previous opens. 411 * 412 * This enforcement is arguably incomplete, since we don't keep 413 * track of access/deny bit combinations; so, e.g., we allow: 414 * 415 * OPEN allow read, deny write 416 * OPEN allow both, deny none 417 * DOWNGRADE allow read, deny none 418 * 419 * which we should reject. 420 * 421 * But you could also argue that our current code is already overkill, 422 * since it only exists to return NFS4ERR_INVAL on incorrect client 423 * behavior. 424 */ 425 static unsigned int 426 bmap_to_share_mode(unsigned long bmap) 427 { 428 int i; 429 unsigned int access = 0; 430 431 for (i = 1; i < 4; i++) { 432 if (test_bit(i, &bmap)) 433 access |= i; 434 } 435 return access; 436 } 437 438 /* set share access for a given stateid */ 439 static inline void 440 set_access(u32 access, struct nfs4_ol_stateid *stp) 441 { 442 unsigned char mask = 1 << access; 443 444 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH); 445 stp->st_access_bmap |= mask; 446 } 447 448 /* clear share access for a given stateid */ 449 static inline void 450 clear_access(u32 access, struct nfs4_ol_stateid *stp) 451 { 452 unsigned char mask = 1 << access; 453 454 WARN_ON_ONCE(access > NFS4_SHARE_ACCESS_BOTH); 455 stp->st_access_bmap &= ~mask; 456 } 457 458 /* test whether a given stateid has access */ 459 static inline bool 460 test_access(u32 access, struct nfs4_ol_stateid *stp) 461 { 462 unsigned char mask = 1 << access; 463 464 return (bool)(stp->st_access_bmap & mask); 465 } 466 467 /* set share deny for a given stateid */ 468 static inline void 469 set_deny(u32 deny, struct nfs4_ol_stateid *stp) 470 { 471 unsigned char mask = 1 << deny; 472 473 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); 474 stp->st_deny_bmap |= mask; 475 } 476 477 /* clear share deny for a given stateid */ 478 static inline void 479 clear_deny(u32 deny, struct nfs4_ol_stateid *stp) 480 { 481 unsigned char mask = 1 << deny; 482 483 WARN_ON_ONCE(deny > NFS4_SHARE_DENY_BOTH); 484 stp->st_deny_bmap &= ~mask; 485 } 486 487 /* test whether a given stateid is denying specific access */ 488 static inline bool 489 test_deny(u32 deny, struct nfs4_ol_stateid *stp) 490 { 491 unsigned char mask = 1 << deny; 492 493 return (bool)(stp->st_deny_bmap & mask); 494 } 495 496 static int nfs4_access_to_omode(u32 access) 497 { 498 switch (access & NFS4_SHARE_ACCESS_BOTH) { 499 case NFS4_SHARE_ACCESS_READ: 500 return O_RDONLY; 501 case NFS4_SHARE_ACCESS_WRITE: 502 return O_WRONLY; 503 case NFS4_SHARE_ACCESS_BOTH: 504 return O_RDWR; 505 } 506 WARN_ON_ONCE(1); 507 return O_RDONLY; 508 } 509 510 static inline int 511 access_permit_read(struct nfs4_ol_stateid *stp) 512 { 513 return test_access(NFS4_SHARE_ACCESS_READ, stp) || 514 test_access(NFS4_SHARE_ACCESS_BOTH, stp) || 515 test_access(NFS4_SHARE_ACCESS_WRITE, stp); 516 } 517 518 static inline int 519 access_permit_write(struct nfs4_ol_stateid *stp) 520 { 521 return test_access(NFS4_SHARE_ACCESS_WRITE, stp) || 522 test_access(NFS4_SHARE_ACCESS_BOTH, stp); 523 } 524 525 static inline struct nfs4_stateowner * 526 nfs4_get_stateowner(struct nfs4_stateowner *sop) 527 { 528 atomic_inc(&sop->so_count); 529 return sop; 530 } 531 532 static int 533 same_owner_str(struct nfs4_stateowner *sop, struct xdr_netobj *owner) 534 { 535 return (sop->so_owner.len == owner->len) && 536 0 == memcmp(sop->so_owner.data, owner->data, owner->len); 537 } 538 539 static struct nfs4_openowner * 540 find_openstateowner_str(unsigned int hashval, struct nfsd4_open *open, 541 struct nfs4_client *clp) 542 { 543 struct nfs4_stateowner *so; 544 545 lockdep_assert_held(&clp->cl_lock); 546 547 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[hashval], 548 so_strhash) { 549 if (!so->so_is_open_owner) 550 continue; 551 if (same_owner_str(so, &open->op_owner)) 552 return openowner(nfs4_get_stateowner(so)); 553 } 554 return NULL; 555 } 556 557 static inline u32 558 opaque_hashval(const void *ptr, int nbytes) 559 { 560 unsigned char *cptr = (unsigned char *) ptr; 561 562 u32 x = 0; 563 while (nbytes--) { 564 x *= 37; 565 x += *cptr++; 566 } 567 return x; 568 } 569 570 void 571 put_nfs4_file(struct nfs4_file *fi) 572 { 573 if (refcount_dec_and_test(&fi->fi_ref)) { 574 nfsd4_file_hash_remove(fi); 575 WARN_ON_ONCE(!list_empty(&fi->fi_clnt_odstate)); 576 WARN_ON_ONCE(!list_empty(&fi->fi_delegations)); 577 kfree_rcu(fi, fi_rcu); 578 } 579 } 580 581 static struct nfsd_file * 582 find_writeable_file_locked(struct nfs4_file *f) 583 { 584 struct nfsd_file *ret; 585 586 lockdep_assert_held(&f->fi_lock); 587 588 ret = nfsd_file_get(f->fi_fds[O_WRONLY]); 589 if (!ret) 590 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 591 return ret; 592 } 593 594 static struct nfsd_file * 595 find_writeable_file(struct nfs4_file *f) 596 { 597 struct nfsd_file *ret; 598 599 spin_lock(&f->fi_lock); 600 ret = find_writeable_file_locked(f); 601 spin_unlock(&f->fi_lock); 602 603 return ret; 604 } 605 606 static struct nfsd_file * 607 find_readable_file_locked(struct nfs4_file *f) 608 { 609 struct nfsd_file *ret; 610 611 lockdep_assert_held(&f->fi_lock); 612 613 ret = nfsd_file_get(f->fi_fds[O_RDONLY]); 614 if (!ret) 615 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 616 return ret; 617 } 618 619 static struct nfsd_file * 620 find_readable_file(struct nfs4_file *f) 621 { 622 struct nfsd_file *ret; 623 624 spin_lock(&f->fi_lock); 625 ret = find_readable_file_locked(f); 626 spin_unlock(&f->fi_lock); 627 628 return ret; 629 } 630 631 struct nfsd_file * 632 find_any_file(struct nfs4_file *f) 633 { 634 struct nfsd_file *ret; 635 636 if (!f) 637 return NULL; 638 spin_lock(&f->fi_lock); 639 ret = nfsd_file_get(f->fi_fds[O_RDWR]); 640 if (!ret) { 641 ret = nfsd_file_get(f->fi_fds[O_WRONLY]); 642 if (!ret) 643 ret = nfsd_file_get(f->fi_fds[O_RDONLY]); 644 } 645 spin_unlock(&f->fi_lock); 646 return ret; 647 } 648 649 static struct nfsd_file *find_any_file_locked(struct nfs4_file *f) 650 { 651 lockdep_assert_held(&f->fi_lock); 652 653 if (f->fi_fds[O_RDWR]) 654 return f->fi_fds[O_RDWR]; 655 if (f->fi_fds[O_WRONLY]) 656 return f->fi_fds[O_WRONLY]; 657 if (f->fi_fds[O_RDONLY]) 658 return f->fi_fds[O_RDONLY]; 659 return NULL; 660 } 661 662 static atomic_long_t num_delegations; 663 unsigned long max_delegations; 664 665 /* 666 * Open owner state (share locks) 667 */ 668 669 /* hash tables for lock and open owners */ 670 #define OWNER_HASH_BITS 8 671 #define OWNER_HASH_SIZE (1 << OWNER_HASH_BITS) 672 #define OWNER_HASH_MASK (OWNER_HASH_SIZE - 1) 673 674 static unsigned int ownerstr_hashval(struct xdr_netobj *ownername) 675 { 676 unsigned int ret; 677 678 ret = opaque_hashval(ownername->data, ownername->len); 679 return ret & OWNER_HASH_MASK; 680 } 681 682 static struct rhltable nfs4_file_rhltable ____cacheline_aligned_in_smp; 683 684 static const struct rhashtable_params nfs4_file_rhash_params = { 685 .key_len = sizeof_field(struct nfs4_file, fi_inode), 686 .key_offset = offsetof(struct nfs4_file, fi_inode), 687 .head_offset = offsetof(struct nfs4_file, fi_rlist), 688 689 /* 690 * Start with a single page hash table to reduce resizing churn 691 * on light workloads. 692 */ 693 .min_size = 256, 694 .automatic_shrinking = true, 695 }; 696 697 /* 698 * Check if courtesy clients have conflicting access and resolve it if possible 699 * 700 * access: is op_share_access if share_access is true. 701 * Check if access mode, op_share_access, would conflict with 702 * the current deny mode of the file 'fp'. 703 * access: is op_share_deny if share_access is false. 704 * Check if the deny mode, op_share_deny, would conflict with 705 * current access of the file 'fp'. 706 * stp: skip checking this entry. 707 * new_stp: normal open, not open upgrade. 708 * 709 * Function returns: 710 * false - access/deny mode conflict with normal client. 711 * true - no conflict or conflict with courtesy client(s) is resolved. 712 */ 713 static bool 714 nfs4_resolve_deny_conflicts_locked(struct nfs4_file *fp, bool new_stp, 715 struct nfs4_ol_stateid *stp, u32 access, bool share_access) 716 { 717 struct nfs4_ol_stateid *st; 718 bool resolvable = true; 719 unsigned char bmap; 720 struct nfsd_net *nn; 721 struct nfs4_client *clp; 722 723 lockdep_assert_held(&fp->fi_lock); 724 list_for_each_entry(st, &fp->fi_stateids, st_perfile) { 725 /* ignore lock stateid */ 726 if (st->st_openstp) 727 continue; 728 if (st == stp && new_stp) 729 continue; 730 /* check file access against deny mode or vice versa */ 731 bmap = share_access ? st->st_deny_bmap : st->st_access_bmap; 732 if (!(access & bmap_to_share_mode(bmap))) 733 continue; 734 clp = st->st_stid.sc_client; 735 if (try_to_expire_client(clp)) 736 continue; 737 resolvable = false; 738 break; 739 } 740 if (resolvable) { 741 clp = stp->st_stid.sc_client; 742 nn = net_generic(clp->net, nfsd_net_id); 743 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 744 } 745 return resolvable; 746 } 747 748 static void 749 __nfs4_file_get_access(struct nfs4_file *fp, u32 access) 750 { 751 lockdep_assert_held(&fp->fi_lock); 752 753 if (access & NFS4_SHARE_ACCESS_WRITE) 754 atomic_inc(&fp->fi_access[O_WRONLY]); 755 if (access & NFS4_SHARE_ACCESS_READ) 756 atomic_inc(&fp->fi_access[O_RDONLY]); 757 } 758 759 static __be32 760 nfs4_file_get_access(struct nfs4_file *fp, u32 access) 761 { 762 lockdep_assert_held(&fp->fi_lock); 763 764 /* Does this access mode make sense? */ 765 if (access & ~NFS4_SHARE_ACCESS_BOTH) 766 return nfserr_inval; 767 768 /* Does it conflict with a deny mode already set? */ 769 if ((access & fp->fi_share_deny) != 0) 770 return nfserr_share_denied; 771 772 __nfs4_file_get_access(fp, access); 773 return nfs_ok; 774 } 775 776 static __be32 nfs4_file_check_deny(struct nfs4_file *fp, u32 deny) 777 { 778 /* Common case is that there is no deny mode. */ 779 if (deny) { 780 /* Does this deny mode make sense? */ 781 if (deny & ~NFS4_SHARE_DENY_BOTH) 782 return nfserr_inval; 783 784 if ((deny & NFS4_SHARE_DENY_READ) && 785 atomic_read(&fp->fi_access[O_RDONLY])) 786 return nfserr_share_denied; 787 788 if ((deny & NFS4_SHARE_DENY_WRITE) && 789 atomic_read(&fp->fi_access[O_WRONLY])) 790 return nfserr_share_denied; 791 } 792 return nfs_ok; 793 } 794 795 static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag) 796 { 797 might_lock(&fp->fi_lock); 798 799 if (atomic_dec_and_lock(&fp->fi_access[oflag], &fp->fi_lock)) { 800 struct nfsd_file *f1 = NULL; 801 struct nfsd_file *f2 = NULL; 802 803 swap(f1, fp->fi_fds[oflag]); 804 if (atomic_read(&fp->fi_access[1 - oflag]) == 0) 805 swap(f2, fp->fi_fds[O_RDWR]); 806 spin_unlock(&fp->fi_lock); 807 if (f1) 808 nfsd_file_put(f1); 809 if (f2) 810 nfsd_file_put(f2); 811 } 812 } 813 814 static void nfs4_file_put_access(struct nfs4_file *fp, u32 access) 815 { 816 WARN_ON_ONCE(access & ~NFS4_SHARE_ACCESS_BOTH); 817 818 if (access & NFS4_SHARE_ACCESS_WRITE) 819 __nfs4_file_put_access(fp, O_WRONLY); 820 if (access & NFS4_SHARE_ACCESS_READ) 821 __nfs4_file_put_access(fp, O_RDONLY); 822 } 823 824 /* 825 * Allocate a new open/delegation state counter. This is needed for 826 * pNFS for proper return on close semantics. 827 * 828 * Note that we only allocate it for pNFS-enabled exports, otherwise 829 * all pointers to struct nfs4_clnt_odstate are always NULL. 830 */ 831 static struct nfs4_clnt_odstate * 832 alloc_clnt_odstate(struct nfs4_client *clp) 833 { 834 struct nfs4_clnt_odstate *co; 835 836 co = kmem_cache_zalloc(odstate_slab, GFP_KERNEL); 837 if (co) { 838 co->co_client = clp; 839 refcount_set(&co->co_odcount, 1); 840 } 841 return co; 842 } 843 844 static void 845 hash_clnt_odstate_locked(struct nfs4_clnt_odstate *co) 846 { 847 struct nfs4_file *fp = co->co_file; 848 849 lockdep_assert_held(&fp->fi_lock); 850 list_add(&co->co_perfile, &fp->fi_clnt_odstate); 851 } 852 853 static inline void 854 get_clnt_odstate(struct nfs4_clnt_odstate *co) 855 { 856 if (co) 857 refcount_inc(&co->co_odcount); 858 } 859 860 static void 861 put_clnt_odstate(struct nfs4_clnt_odstate *co) 862 { 863 struct nfs4_file *fp; 864 865 if (!co) 866 return; 867 868 fp = co->co_file; 869 if (refcount_dec_and_lock(&co->co_odcount, &fp->fi_lock)) { 870 list_del(&co->co_perfile); 871 spin_unlock(&fp->fi_lock); 872 873 nfsd4_return_all_file_layouts(co->co_client, fp); 874 kmem_cache_free(odstate_slab, co); 875 } 876 } 877 878 static struct nfs4_clnt_odstate * 879 find_or_hash_clnt_odstate(struct nfs4_file *fp, struct nfs4_clnt_odstate *new) 880 { 881 struct nfs4_clnt_odstate *co; 882 struct nfs4_client *cl; 883 884 if (!new) 885 return NULL; 886 887 cl = new->co_client; 888 889 spin_lock(&fp->fi_lock); 890 list_for_each_entry(co, &fp->fi_clnt_odstate, co_perfile) { 891 if (co->co_client == cl) { 892 get_clnt_odstate(co); 893 goto out; 894 } 895 } 896 co = new; 897 co->co_file = fp; 898 hash_clnt_odstate_locked(new); 899 out: 900 spin_unlock(&fp->fi_lock); 901 return co; 902 } 903 904 struct nfs4_stid *nfs4_alloc_stid(struct nfs4_client *cl, struct kmem_cache *slab, 905 void (*sc_free)(struct nfs4_stid *)) 906 { 907 struct nfs4_stid *stid; 908 int new_id; 909 910 stid = kmem_cache_zalloc(slab, GFP_KERNEL); 911 if (!stid) 912 return NULL; 913 914 idr_preload(GFP_KERNEL); 915 spin_lock(&cl->cl_lock); 916 /* Reserving 0 for start of file in nfsdfs "states" file: */ 917 new_id = idr_alloc_cyclic(&cl->cl_stateids, stid, 1, 0, GFP_NOWAIT); 918 spin_unlock(&cl->cl_lock); 919 idr_preload_end(); 920 if (new_id < 0) 921 goto out_free; 922 923 stid->sc_free = sc_free; 924 stid->sc_client = cl; 925 stid->sc_stateid.si_opaque.so_id = new_id; 926 stid->sc_stateid.si_opaque.so_clid = cl->cl_clientid; 927 /* Will be incremented before return to client: */ 928 refcount_set(&stid->sc_count, 1); 929 spin_lock_init(&stid->sc_lock); 930 INIT_LIST_HEAD(&stid->sc_cp_list); 931 932 return stid; 933 out_free: 934 kmem_cache_free(slab, stid); 935 return NULL; 936 } 937 938 /* 939 * Create a unique stateid_t to represent each COPY. 940 */ 941 static int nfs4_init_cp_state(struct nfsd_net *nn, copy_stateid_t *stid, 942 unsigned char cs_type) 943 { 944 int new_id; 945 946 stid->cs_stid.si_opaque.so_clid.cl_boot = (u32)nn->boot_time; 947 stid->cs_stid.si_opaque.so_clid.cl_id = nn->s2s_cp_cl_id; 948 949 idr_preload(GFP_KERNEL); 950 spin_lock(&nn->s2s_cp_lock); 951 new_id = idr_alloc_cyclic(&nn->s2s_cp_stateids, stid, 0, 0, GFP_NOWAIT); 952 stid->cs_stid.si_opaque.so_id = new_id; 953 stid->cs_stid.si_generation = 1; 954 spin_unlock(&nn->s2s_cp_lock); 955 idr_preload_end(); 956 if (new_id < 0) 957 return 0; 958 stid->cs_type = cs_type; 959 return 1; 960 } 961 962 int nfs4_init_copy_state(struct nfsd_net *nn, struct nfsd4_copy *copy) 963 { 964 return nfs4_init_cp_state(nn, ©->cp_stateid, NFS4_COPY_STID); 965 } 966 967 struct nfs4_cpntf_state *nfs4_alloc_init_cpntf_state(struct nfsd_net *nn, 968 struct nfs4_stid *p_stid) 969 { 970 struct nfs4_cpntf_state *cps; 971 972 cps = kzalloc_obj(struct nfs4_cpntf_state); 973 if (!cps) 974 return NULL; 975 cps->cpntf_time = ktime_get_boottime_seconds(); 976 refcount_set(&cps->cp_stateid.cs_count, 1); 977 if (!nfs4_init_cp_state(nn, &cps->cp_stateid, NFS4_COPYNOTIFY_STID)) 978 goto out_free; 979 spin_lock(&nn->s2s_cp_lock); 980 list_add(&cps->cp_list, &p_stid->sc_cp_list); 981 spin_unlock(&nn->s2s_cp_lock); 982 return cps; 983 out_free: 984 kfree(cps); 985 return NULL; 986 } 987 988 void nfs4_free_copy_state(struct nfsd4_copy *copy) 989 { 990 struct nfsd_net *nn; 991 992 if (copy->cp_stateid.cs_type != NFS4_COPY_STID) 993 return; 994 nn = net_generic(copy->cp_clp->net, nfsd_net_id); 995 spin_lock(&nn->s2s_cp_lock); 996 idr_remove(&nn->s2s_cp_stateids, 997 copy->cp_stateid.cs_stid.si_opaque.so_id); 998 spin_unlock(&nn->s2s_cp_lock); 999 } 1000 1001 static void nfs4_free_cpntf_statelist(struct net *net, struct nfs4_stid *stid) 1002 { 1003 struct nfs4_cpntf_state *cps; 1004 struct nfsd_net *nn; 1005 1006 nn = net_generic(net, nfsd_net_id); 1007 spin_lock(&nn->s2s_cp_lock); 1008 while (!list_empty(&stid->sc_cp_list)) { 1009 cps = list_first_entry(&stid->sc_cp_list, 1010 struct nfs4_cpntf_state, cp_list); 1011 _free_cpntf_state_locked(nn, cps); 1012 } 1013 spin_unlock(&nn->s2s_cp_lock); 1014 } 1015 1016 static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp) 1017 { 1018 struct nfs4_stid *stid; 1019 1020 stid = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_ol_stateid); 1021 if (!stid) 1022 return NULL; 1023 1024 return openlockstateid(stid); 1025 } 1026 1027 /* 1028 * As the sc_free callback of deleg, this may be called by nfs4_put_stid 1029 * in nfsd_break_one_deleg. 1030 * Considering nfsd_break_one_deleg is called with the flc->flc_lock held, 1031 * this function mustn't ever sleep. 1032 */ 1033 static void nfs4_free_deleg(struct nfs4_stid *stid) 1034 { 1035 struct nfs4_delegation *dp = delegstateid(stid); 1036 1037 WARN_ON_ONCE(!list_empty(&stid->sc_cp_list)); 1038 WARN_ON_ONCE(!list_empty(&dp->dl_perfile)); 1039 WARN_ON_ONCE(!list_empty(&dp->dl_perclnt)); 1040 WARN_ON_ONCE(!list_empty(&dp->dl_recall_lru)); 1041 kmem_cache_free(deleg_slab, stid); 1042 atomic_long_dec(&num_delegations); 1043 } 1044 1045 /* 1046 * When we recall a delegation, we should be careful not to hand it 1047 * out again straight away. 1048 * To ensure this we keep a pair of bloom filters ('new' and 'old') 1049 * in which the filehandles of recalled delegations are "stored". 1050 * If a filehandle appear in either filter, a delegation is blocked. 1051 * When a delegation is recalled, the filehandle is stored in the "new" 1052 * filter. 1053 * Every 30 seconds we swap the filters and clear the "new" one, 1054 * unless both are empty of course. This results in delegations for a 1055 * given filehandle being blocked for between 30 and 60 seconds. 1056 * 1057 * Each filter is 256 bits. We hash the filehandle to 32bit and use the 1058 * low 3 bytes as hash-table indices. 1059 * 1060 * 'blocked_delegations_lock', which is always taken in block_delegations(), 1061 * is used to manage concurrent access. Testing does not need the lock 1062 * except when swapping the two filters. 1063 */ 1064 static DEFINE_SPINLOCK(blocked_delegations_lock); 1065 static struct bloom_pair { 1066 int entries, old_entries; 1067 time64_t swap_time; 1068 int new; /* index into 'set' */ 1069 DECLARE_BITMAP(set[2], 256); 1070 } blocked_delegations; 1071 1072 static int delegation_blocked(struct knfsd_fh *fh) 1073 { 1074 u32 hash; 1075 struct bloom_pair *bd = &blocked_delegations; 1076 1077 if (bd->entries == 0) 1078 return 0; 1079 if (ktime_get_seconds() - bd->swap_time > 30) { 1080 spin_lock(&blocked_delegations_lock); 1081 if (ktime_get_seconds() - bd->swap_time > 30) { 1082 bd->entries -= bd->old_entries; 1083 bd->old_entries = bd->entries; 1084 bd->new = 1-bd->new; 1085 memset(bd->set[bd->new], 0, 1086 sizeof(bd->set[0])); 1087 bd->swap_time = ktime_get_seconds(); 1088 } 1089 spin_unlock(&blocked_delegations_lock); 1090 } 1091 hash = jhash(&fh->fh_raw, fh->fh_size, 0); 1092 if (test_bit(hash&255, bd->set[0]) && 1093 test_bit((hash>>8)&255, bd->set[0]) && 1094 test_bit((hash>>16)&255, bd->set[0])) 1095 return 1; 1096 1097 if (test_bit(hash&255, bd->set[1]) && 1098 test_bit((hash>>8)&255, bd->set[1]) && 1099 test_bit((hash>>16)&255, bd->set[1])) 1100 return 1; 1101 1102 return 0; 1103 } 1104 1105 static void block_delegations(struct knfsd_fh *fh) 1106 { 1107 u32 hash; 1108 struct bloom_pair *bd = &blocked_delegations; 1109 1110 hash = jhash(&fh->fh_raw, fh->fh_size, 0); 1111 1112 spin_lock(&blocked_delegations_lock); 1113 __set_bit(hash&255, bd->set[bd->new]); 1114 __set_bit((hash>>8)&255, bd->set[bd->new]); 1115 __set_bit((hash>>16)&255, bd->set[bd->new]); 1116 if (bd->entries == 0) 1117 bd->swap_time = ktime_get_seconds(); 1118 bd->entries += 1; 1119 spin_unlock(&blocked_delegations_lock); 1120 } 1121 1122 static struct nfs4_delegation * 1123 alloc_init_deleg(struct nfs4_client *clp, struct nfs4_file *fp, 1124 struct nfs4_clnt_odstate *odstate, u32 dl_type) 1125 { 1126 struct nfs4_delegation *dp; 1127 struct nfs4_stid *stid; 1128 long n; 1129 1130 dprintk("NFSD alloc_init_deleg\n"); 1131 n = atomic_long_inc_return(&num_delegations); 1132 if (n < 0 || n > max_delegations) 1133 goto out_dec; 1134 if (delegation_blocked(&fp->fi_fhandle)) 1135 goto out_dec; 1136 stid = nfs4_alloc_stid(clp, deleg_slab, nfs4_free_deleg); 1137 if (stid == NULL) 1138 goto out_dec; 1139 dp = delegstateid(stid); 1140 1141 /* 1142 * delegation seqid's are never incremented. The 4.1 special 1143 * meaning of seqid 0 isn't meaningful, really, but let's avoid 1144 * 0 anyway just for consistency and use 1: 1145 */ 1146 dp->dl_stid.sc_stateid.si_generation = 1; 1147 INIT_LIST_HEAD(&dp->dl_perfile); 1148 INIT_LIST_HEAD(&dp->dl_perclnt); 1149 INIT_LIST_HEAD(&dp->dl_recall_lru); 1150 dp->dl_clnt_odstate = odstate; 1151 get_clnt_odstate(odstate); 1152 dp->dl_type = dl_type; 1153 dp->dl_retries = 1; 1154 dp->dl_recalled = false; 1155 nfsd4_init_cb(&dp->dl_recall, dp->dl_stid.sc_client, 1156 &nfsd4_cb_recall_ops, NFSPROC4_CLNT_CB_RECALL); 1157 nfsd4_init_cb(&dp->dl_cb_fattr.ncf_getattr, dp->dl_stid.sc_client, 1158 &nfsd4_cb_getattr_ops, NFSPROC4_CLNT_CB_GETATTR); 1159 dp->dl_cb_fattr.ncf_file_modified = false; 1160 get_nfs4_file(fp); 1161 dp->dl_stid.sc_file = fp; 1162 return dp; 1163 out_dec: 1164 atomic_long_dec(&num_delegations); 1165 return NULL; 1166 } 1167 1168 void 1169 nfs4_put_stid(struct nfs4_stid *s) 1170 { 1171 struct svc_export *exp = s->sc_export; 1172 struct nfs4_file *fp = s->sc_file; 1173 struct nfs4_client *clp = s->sc_client; 1174 1175 might_lock(&clp->cl_lock); 1176 1177 if (!refcount_dec_and_lock(&s->sc_count, &clp->cl_lock)) { 1178 wake_up_all(&close_wq); 1179 return; 1180 } 1181 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id); 1182 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 1183 atomic_dec(&s->sc_client->cl_admin_revoked); 1184 nfs4_free_cpntf_statelist(clp->net, s); 1185 spin_unlock(&clp->cl_lock); 1186 s->sc_free(s); 1187 if (exp) 1188 exp_put(exp); 1189 if (fp) 1190 put_nfs4_file(fp); 1191 } 1192 1193 void 1194 nfs4_inc_and_copy_stateid(stateid_t *dst, struct nfs4_stid *stid) 1195 { 1196 stateid_t *src = &stid->sc_stateid; 1197 1198 spin_lock(&stid->sc_lock); 1199 if (unlikely(++src->si_generation == 0)) 1200 src->si_generation = 1; 1201 memcpy(dst, src, sizeof(*dst)); 1202 spin_unlock(&stid->sc_lock); 1203 } 1204 1205 static void put_deleg_file(struct nfs4_file *fp) 1206 { 1207 struct nfsd_file *rnf = NULL; 1208 struct nfsd_file *nf = NULL; 1209 1210 spin_lock(&fp->fi_lock); 1211 if (--fp->fi_delegees == 0) { 1212 swap(nf, fp->fi_deleg_file); 1213 swap(rnf, fp->fi_rdeleg_file); 1214 } 1215 spin_unlock(&fp->fi_lock); 1216 1217 if (nf) 1218 nfsd_file_put(nf); 1219 if (rnf) { 1220 nfsd_file_put(rnf); 1221 nfs4_file_put_access(fp, NFS4_SHARE_ACCESS_READ); 1222 } 1223 } 1224 1225 static void nfsd4_finalize_deleg_timestamps(struct nfs4_delegation *dp, struct file *f) 1226 { 1227 /* don't do anything if FMODE_NOCMTIME isn't set */ 1228 if ((READ_ONCE(f->f_mode) & FMODE_NOCMTIME) == 0) 1229 return; 1230 1231 spin_lock(&f->f_lock); 1232 f->f_mode &= ~FMODE_NOCMTIME; 1233 spin_unlock(&f->f_lock); 1234 1235 /* was it never written? */ 1236 if (!dp->dl_written) 1237 return; 1238 1239 /* did it get a setattr for the timestamps at some point? */ 1240 if (dp->dl_setattr) 1241 return; 1242 1243 /* Stamp everything to "now" */ 1244 nfsd_update_cmtime_attr(f, ATTR_ATIME); 1245 } 1246 1247 static void nfs4_unlock_deleg_lease(struct nfs4_delegation *dp) 1248 { 1249 struct nfs4_file *fp = dp->dl_stid.sc_file; 1250 struct nfsd_file *nf = fp->fi_deleg_file; 1251 1252 WARN_ON_ONCE(!fp->fi_delegees); 1253 1254 nfsd4_finalize_deleg_timestamps(dp, nf->nf_file); 1255 kernel_setlease(nf->nf_file, F_UNLCK, NULL, (void **)&dp); 1256 put_deleg_file(fp); 1257 } 1258 1259 static void destroy_unhashed_deleg(struct nfs4_delegation *dp) 1260 { 1261 put_clnt_odstate(dp->dl_clnt_odstate); 1262 nfs4_unlock_deleg_lease(dp); 1263 nfs4_put_stid(&dp->dl_stid); 1264 } 1265 1266 /** 1267 * nfs4_delegation_exists - Discover if this delegation already exists 1268 * @clp: a pointer to the nfs4_client we're granting a delegation to 1269 * @fp: a pointer to the nfs4_file we're granting a delegation on 1270 * 1271 * Return: 1272 * On success: true iff an existing delegation is found 1273 */ 1274 1275 static bool 1276 nfs4_delegation_exists(struct nfs4_client *clp, struct nfs4_file *fp) 1277 { 1278 struct nfs4_delegation *searchdp = NULL; 1279 struct nfs4_client *searchclp = NULL; 1280 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 1281 1282 lockdep_assert_held(&nn->deleg_lock); 1283 lockdep_assert_held(&fp->fi_lock); 1284 1285 list_for_each_entry(searchdp, &fp->fi_delegations, dl_perfile) { 1286 searchclp = searchdp->dl_stid.sc_client; 1287 if (clp == searchclp) { 1288 return true; 1289 } 1290 } 1291 return false; 1292 } 1293 1294 /** 1295 * hash_delegation_locked - Add a delegation to the appropriate lists 1296 * @dp: a pointer to the nfs4_delegation we are adding. 1297 * @fp: a pointer to the nfs4_file we're granting a delegation on 1298 * 1299 * Return: 1300 * On success: NULL if the delegation was successfully hashed. 1301 * 1302 * On error: -EAGAIN if one was previously granted to this 1303 * nfs4_client for this nfs4_file. Delegation is not hashed. 1304 * 1305 */ 1306 1307 static int 1308 hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp) 1309 { 1310 struct nfs4_client *clp = dp->dl_stid.sc_client; 1311 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 1312 1313 lockdep_assert_held(&nn->deleg_lock); 1314 lockdep_assert_held(&fp->fi_lock); 1315 lockdep_assert_held(&clp->cl_lock); 1316 1317 if (nfs4_delegation_exists(clp, fp)) 1318 return -EAGAIN; 1319 refcount_inc(&dp->dl_stid.sc_count); 1320 dp->dl_stid.sc_type = SC_TYPE_DELEG; 1321 list_add(&dp->dl_perfile, &fp->fi_delegations); 1322 list_add(&dp->dl_perclnt, &clp->cl_delegations); 1323 return 0; 1324 } 1325 1326 static bool delegation_hashed(struct nfs4_delegation *dp) 1327 { 1328 return !(list_empty(&dp->dl_perfile)); 1329 } 1330 1331 static bool 1332 unhash_delegation_locked(struct nfs4_delegation *dp, unsigned short statusmask) 1333 { 1334 struct nfs4_file *fp = dp->dl_stid.sc_file; 1335 struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net, 1336 nfsd_net_id); 1337 1338 lockdep_assert_held(&nn->deleg_lock); 1339 1340 if (!delegation_hashed(dp)) 1341 return false; 1342 1343 if (statusmask == SC_STATUS_REVOKED && 1344 dp->dl_stid.sc_client->cl_minorversion == 0) 1345 statusmask = SC_STATUS_CLOSED; 1346 dp->dl_stid.sc_status |= statusmask; 1347 if (statusmask & SC_STATUS_ADMIN_REVOKED) 1348 atomic_inc(&dp->dl_stid.sc_client->cl_admin_revoked); 1349 1350 /* Ensure that deleg break won't try to requeue it */ 1351 ++dp->dl_time; 1352 spin_lock(&fp->fi_lock); 1353 list_del_init(&dp->dl_perclnt); 1354 list_del_init(&dp->dl_recall_lru); 1355 list_del_init(&dp->dl_perfile); 1356 spin_unlock(&fp->fi_lock); 1357 return true; 1358 } 1359 1360 static void destroy_delegation(struct nfs4_delegation *dp) 1361 { 1362 bool unhashed; 1363 struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net, 1364 nfsd_net_id); 1365 1366 spin_lock(&nn->deleg_lock); 1367 unhashed = unhash_delegation_locked(dp, SC_STATUS_CLOSED); 1368 spin_unlock(&nn->deleg_lock); 1369 if (unhashed) 1370 destroy_unhashed_deleg(dp); 1371 } 1372 1373 /** 1374 * revoke_delegation - perform nfs4 delegation structure cleanup 1375 * @dp: pointer to the delegation 1376 * 1377 * This function assumes that it's called either from the administrative 1378 * interface (nfsd4_revoke_states()) that's revoking a specific delegation 1379 * stateid or it's called from a laundromat thread (nfsd4_landromat()) that 1380 * determined that this specific state has expired and needs to be revoked 1381 * (both mark state with the appropriate stid sc_status mode). It is also 1382 * assumed that a reference was taken on the @dp state. This function 1383 * consumes that reference. 1384 * 1385 * If this function finds that the @dp state is SC_STATUS_FREED it means 1386 * that a FREE_STATEID operation for this stateid has been processed and 1387 * we can proceed to removing it from recalled list. However, if @dp state 1388 * isn't marked SC_STATUS_FREED, it means we need place it on the cl_revoked 1389 * list and wait for the FREE_STATEID to arrive from the client. At the same 1390 * time, we need to mark it as SC_STATUS_FREEABLE to indicate to the 1391 * nfsd4_free_stateid() function that this stateid has already been added 1392 * to the cl_revoked list and that nfsd4_free_stateid() is now responsible 1393 * for removing it from the list. Inspection of where the delegation state 1394 * in the revocation process is protected by the clp->cl_lock. 1395 */ 1396 static void revoke_delegation(struct nfs4_delegation *dp) 1397 { 1398 struct nfs4_client *clp = dp->dl_stid.sc_client; 1399 1400 WARN_ON(!list_empty(&dp->dl_recall_lru)); 1401 WARN_ON_ONCE(dp->dl_stid.sc_client->cl_minorversion > 0 && 1402 !(dp->dl_stid.sc_status & 1403 (SC_STATUS_REVOKED | SC_STATUS_ADMIN_REVOKED))); 1404 1405 trace_nfsd_stid_revoke(&dp->dl_stid); 1406 1407 spin_lock(&clp->cl_lock); 1408 if (dp->dl_stid.sc_status & SC_STATUS_FREED) { 1409 list_del_init(&dp->dl_recall_lru); 1410 goto out; 1411 } 1412 list_add(&dp->dl_recall_lru, &clp->cl_revoked); 1413 dp->dl_stid.sc_status |= SC_STATUS_FREEABLE; 1414 out: 1415 spin_unlock(&clp->cl_lock); 1416 destroy_unhashed_deleg(dp); 1417 } 1418 1419 /* 1420 * SETCLIENTID state 1421 */ 1422 1423 static unsigned int clientid_hashval(u32 id) 1424 { 1425 return id & CLIENT_HASH_MASK; 1426 } 1427 1428 static unsigned int clientstr_hashval(struct xdr_netobj name) 1429 { 1430 return opaque_hashval(name.data, 8) & CLIENT_HASH_MASK; 1431 } 1432 1433 /* 1434 * A stateid that had a deny mode associated with it is being released 1435 * or downgraded. Recalculate the deny mode on the file. 1436 */ 1437 static void 1438 recalculate_deny_mode(struct nfs4_file *fp) 1439 { 1440 struct nfs4_ol_stateid *stp; 1441 u32 old_deny; 1442 1443 spin_lock(&fp->fi_lock); 1444 old_deny = fp->fi_share_deny; 1445 fp->fi_share_deny = 0; 1446 list_for_each_entry(stp, &fp->fi_stateids, st_perfile) { 1447 fp->fi_share_deny |= bmap_to_share_mode(stp->st_deny_bmap); 1448 if (fp->fi_share_deny == old_deny) 1449 break; 1450 } 1451 spin_unlock(&fp->fi_lock); 1452 } 1453 1454 static void 1455 reset_union_bmap_deny(u32 deny, struct nfs4_ol_stateid *stp) 1456 { 1457 int i; 1458 bool change = false; 1459 1460 for (i = 1; i < 4; i++) { 1461 if ((i & deny) != i) { 1462 change = true; 1463 clear_deny(i, stp); 1464 } 1465 } 1466 1467 /* Recalculate per-file deny mode if there was a change */ 1468 if (change) 1469 recalculate_deny_mode(stp->st_stid.sc_file); 1470 } 1471 1472 /* release all access and file references for a given stateid */ 1473 static void 1474 release_all_access(struct nfs4_ol_stateid *stp) 1475 { 1476 int i; 1477 struct nfs4_file *fp = stp->st_stid.sc_file; 1478 1479 if (fp && stp->st_deny_bmap != 0) 1480 recalculate_deny_mode(fp); 1481 1482 for (i = 1; i < 4; i++) { 1483 if (test_access(i, stp)) 1484 nfs4_file_put_access(stp->st_stid.sc_file, i); 1485 clear_access(i, stp); 1486 } 1487 } 1488 1489 /** 1490 * nfs4_replay_free_cache - release dynamically allocated replay buffer 1491 * @rp: replay cache to reset 1492 * 1493 * If @rp->rp_buf points to a kmalloc'd buffer, free it and reset 1494 * rp_buf to the inline rp_ibuf. Always zeroes rp_buflen. 1495 */ 1496 void nfs4_replay_free_cache(struct nfs4_replay *rp) 1497 { 1498 if (rp->rp_buf != rp->rp_ibuf) 1499 kfree(rp->rp_buf); 1500 rp->rp_buf = rp->rp_ibuf; 1501 rp->rp_buflen = 0; 1502 } 1503 1504 static inline void nfs4_free_stateowner(struct nfs4_stateowner *sop) 1505 { 1506 nfs4_replay_free_cache(&sop->so_replay); 1507 kfree(sop->so_owner.data); 1508 sop->so_ops->so_free(sop); 1509 } 1510 1511 static void nfs4_put_stateowner(struct nfs4_stateowner *sop) 1512 { 1513 struct nfs4_client *clp = sop->so_client; 1514 1515 might_lock(&clp->cl_lock); 1516 1517 if (!atomic_dec_and_lock(&sop->so_count, &clp->cl_lock)) 1518 return; 1519 sop->so_ops->so_unhash(sop); 1520 spin_unlock(&clp->cl_lock); 1521 nfs4_free_stateowner(sop); 1522 } 1523 1524 static bool 1525 nfs4_ol_stateid_unhashed(const struct nfs4_ol_stateid *stp) 1526 { 1527 return list_empty(&stp->st_perfile); 1528 } 1529 1530 static bool unhash_ol_stateid(struct nfs4_ol_stateid *stp) 1531 { 1532 struct nfs4_file *fp = stp->st_stid.sc_file; 1533 1534 lockdep_assert_held(&stp->st_stateowner->so_client->cl_lock); 1535 1536 if (list_empty(&stp->st_perfile)) 1537 return false; 1538 1539 spin_lock(&fp->fi_lock); 1540 list_del_init(&stp->st_perfile); 1541 spin_unlock(&fp->fi_lock); 1542 list_del(&stp->st_perstateowner); 1543 return true; 1544 } 1545 1546 static void nfs4_free_ol_stateid(struct nfs4_stid *stid) 1547 { 1548 struct nfs4_ol_stateid *stp = openlockstateid(stid); 1549 1550 put_clnt_odstate(stp->st_clnt_odstate); 1551 release_all_access(stp); 1552 if (stp->st_stateowner) 1553 nfs4_put_stateowner(stp->st_stateowner); 1554 if (!list_empty(&stid->sc_cp_list)) 1555 nfs4_free_cpntf_statelist(stid->sc_client->net, stid); 1556 kmem_cache_free(stateid_slab, stid); 1557 } 1558 1559 static void nfs4_free_lock_stateid(struct nfs4_stid *stid) 1560 { 1561 struct nfs4_ol_stateid *stp = openlockstateid(stid); 1562 struct nfs4_lockowner *lo = lockowner(stp->st_stateowner); 1563 struct nfsd_file *nf; 1564 1565 nf = find_any_file(stp->st_stid.sc_file); 1566 if (nf) { 1567 get_file(nf->nf_file); 1568 filp_close(nf->nf_file, (fl_owner_t)lo); 1569 nfsd_file_put(nf); 1570 } 1571 nfs4_free_ol_stateid(stid); 1572 } 1573 1574 /* 1575 * Put the persistent reference to an already unhashed generic stateid, while 1576 * holding the cl_lock. If it's the last reference, then put it onto the 1577 * reaplist for later destruction. 1578 */ 1579 static void put_ol_stateid_locked(struct nfs4_ol_stateid *stp, 1580 struct list_head *reaplist) 1581 { 1582 struct nfs4_stid *s = &stp->st_stid; 1583 struct nfs4_client *clp = s->sc_client; 1584 1585 lockdep_assert_held(&clp->cl_lock); 1586 1587 WARN_ON_ONCE(!list_empty(&stp->st_locks)); 1588 1589 if (!refcount_dec_and_test(&s->sc_count)) { 1590 wake_up_all(&close_wq); 1591 return; 1592 } 1593 1594 idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id); 1595 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 1596 atomic_dec(&s->sc_client->cl_admin_revoked); 1597 list_add(&stp->st_locks, reaplist); 1598 } 1599 1600 static bool unhash_lock_stateid(struct nfs4_ol_stateid *stp) 1601 { 1602 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); 1603 1604 if (!unhash_ol_stateid(stp)) 1605 return false; 1606 list_del_init(&stp->st_locks); 1607 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 1608 return true; 1609 } 1610 1611 static void release_lock_stateid(struct nfs4_ol_stateid *stp) 1612 { 1613 struct nfs4_client *clp = stp->st_stid.sc_client; 1614 bool unhashed; 1615 1616 spin_lock(&clp->cl_lock); 1617 unhashed = unhash_lock_stateid(stp); 1618 spin_unlock(&clp->cl_lock); 1619 if (unhashed) 1620 nfs4_put_stid(&stp->st_stid); 1621 } 1622 1623 static void unhash_lockowner_locked(struct nfs4_lockowner *lo) 1624 { 1625 struct nfs4_client *clp = lo->lo_owner.so_client; 1626 1627 lockdep_assert_held(&clp->cl_lock); 1628 1629 list_del_init(&lo->lo_owner.so_strhash); 1630 } 1631 1632 /* 1633 * Free a list of generic stateids that were collected earlier after being 1634 * fully unhashed. 1635 */ 1636 static void 1637 free_ol_stateid_reaplist(struct list_head *reaplist) 1638 { 1639 struct nfs4_ol_stateid *stp; 1640 struct nfs4_file *fp; 1641 1642 might_sleep(); 1643 1644 while (!list_empty(reaplist)) { 1645 stp = list_first_entry(reaplist, struct nfs4_ol_stateid, 1646 st_locks); 1647 list_del(&stp->st_locks); 1648 fp = stp->st_stid.sc_file; 1649 stp->st_stid.sc_free(&stp->st_stid); 1650 if (fp) 1651 put_nfs4_file(fp); 1652 } 1653 } 1654 1655 static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp, 1656 struct list_head *reaplist) 1657 { 1658 struct nfs4_ol_stateid *stp; 1659 1660 lockdep_assert_held(&open_stp->st_stid.sc_client->cl_lock); 1661 1662 while (!list_empty(&open_stp->st_locks)) { 1663 stp = list_entry(open_stp->st_locks.next, 1664 struct nfs4_ol_stateid, st_locks); 1665 unhash_lock_stateid(stp); 1666 put_ol_stateid_locked(stp, reaplist); 1667 } 1668 } 1669 1670 static bool unhash_open_stateid(struct nfs4_ol_stateid *stp, 1671 struct list_head *reaplist) 1672 { 1673 lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); 1674 1675 if (!unhash_ol_stateid(stp)) 1676 return false; 1677 release_open_stateid_locks(stp, reaplist); 1678 return true; 1679 } 1680 1681 static void release_open_stateid(struct nfs4_ol_stateid *stp) 1682 { 1683 LIST_HEAD(reaplist); 1684 1685 spin_lock(&stp->st_stid.sc_client->cl_lock); 1686 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 1687 if (unhash_open_stateid(stp, &reaplist)) 1688 put_ol_stateid_locked(stp, &reaplist); 1689 spin_unlock(&stp->st_stid.sc_client->cl_lock); 1690 free_ol_stateid_reaplist(&reaplist); 1691 } 1692 1693 static bool nfs4_openowner_unhashed(struct nfs4_openowner *oo) 1694 { 1695 lockdep_assert_held(&oo->oo_owner.so_client->cl_lock); 1696 1697 return list_empty(&oo->oo_owner.so_strhash) && 1698 list_empty(&oo->oo_perclient); 1699 } 1700 1701 static void unhash_openowner_locked(struct nfs4_openowner *oo) 1702 { 1703 struct nfs4_client *clp = oo->oo_owner.so_client; 1704 1705 lockdep_assert_held(&clp->cl_lock); 1706 1707 list_del_init(&oo->oo_owner.so_strhash); 1708 list_del_init(&oo->oo_perclient); 1709 } 1710 1711 static void release_last_closed_stateid(struct nfs4_openowner *oo) 1712 { 1713 struct nfsd_net *nn = net_generic(oo->oo_owner.so_client->net, 1714 nfsd_net_id); 1715 struct nfs4_ol_stateid *s; 1716 1717 spin_lock(&nn->client_lock); 1718 s = oo->oo_last_closed_stid; 1719 if (s) { 1720 list_del_init(&oo->oo_close_lru); 1721 oo->oo_last_closed_stid = NULL; 1722 } 1723 spin_unlock(&nn->client_lock); 1724 if (s) 1725 nfs4_put_stid(&s->st_stid); 1726 } 1727 1728 static void release_openowner(struct nfs4_openowner *oo) 1729 { 1730 struct nfs4_ol_stateid *stp; 1731 struct nfs4_client *clp = oo->oo_owner.so_client; 1732 LIST_HEAD(reaplist); 1733 1734 spin_lock(&clp->cl_lock); 1735 unhash_openowner_locked(oo); 1736 while (!list_empty(&oo->oo_owner.so_stateids)) { 1737 stp = list_first_entry(&oo->oo_owner.so_stateids, 1738 struct nfs4_ol_stateid, st_perstateowner); 1739 if (unhash_open_stateid(stp, &reaplist)) 1740 put_ol_stateid_locked(stp, &reaplist); 1741 } 1742 spin_unlock(&clp->cl_lock); 1743 free_ol_stateid_reaplist(&reaplist); 1744 release_last_closed_stateid(oo); 1745 nfs4_put_stateowner(&oo->oo_owner); 1746 } 1747 1748 static struct nfs4_stid *find_one_sb_stid(struct nfs4_client *clp, 1749 struct super_block *sb, 1750 unsigned int sc_types) 1751 { 1752 unsigned long id = 0; 1753 struct nfs4_stid *stid; 1754 1755 spin_lock(&clp->cl_lock); 1756 while ((stid = idr_get_next_ul(&clp->cl_stateids, &id)) != NULL) { 1757 if ((stid->sc_type & sc_types) && 1758 stid->sc_status == 0 && 1759 stid->sc_file->fi_inode->i_sb == sb) { 1760 refcount_inc(&stid->sc_count); 1761 break; 1762 } 1763 id++; 1764 } 1765 spin_unlock(&clp->cl_lock); 1766 return stid; 1767 } 1768 1769 /* 1770 * Release the export reference an admin-revoked stateid holds, 1771 * so the svc_export (and its vfsmount) is not pinned until the 1772 * client issues FREE_STATEID. sc_export is no longer consulted 1773 * once SC_STATUS_ADMIN_REVOKED is set. 1774 */ 1775 static void drop_stid_export(struct nfs4_client *clp, 1776 struct nfs4_stid *stid) 1777 { 1778 struct svc_export *exp; 1779 1780 spin_lock(&clp->cl_lock); 1781 exp = stid->sc_export; 1782 stid->sc_export = NULL; 1783 spin_unlock(&clp->cl_lock); 1784 if (exp) 1785 exp_put(exp); 1786 } 1787 1788 static void revoke_ol_stid(struct nfs4_client *clp, 1789 struct nfs4_ol_stateid *stp) 1790 { 1791 struct nfs4_stid *stid = &stp->st_stid; 1792 1793 lockdep_assert_held(&stp->st_mutex); 1794 spin_lock(&clp->cl_lock); 1795 if (stid->sc_status == 0) { 1796 stid->sc_status |= SC_STATUS_ADMIN_REVOKED; 1797 atomic_inc(&clp->cl_admin_revoked); 1798 spin_unlock(&clp->cl_lock); 1799 if (stid->sc_type == SC_TYPE_LOCK) { 1800 struct nfs4_lockowner *lo = 1801 lockowner(stp->st_stateowner); 1802 struct nfsd_file *nf; 1803 1804 nf = find_any_file(stp->st_stid.sc_file); 1805 if (nf) { 1806 get_file(nf->nf_file); 1807 filp_close(nf->nf_file, (fl_owner_t)lo); 1808 nfsd_file_put(nf); 1809 } 1810 } 1811 release_all_access(stp); 1812 drop_stid_export(clp, stid); 1813 } else 1814 spin_unlock(&clp->cl_lock); 1815 } 1816 1817 static void revoke_one_stid(struct nfsd_net *nn, struct nfs4_client *clp, 1818 struct nfs4_stid *stid) 1819 { 1820 struct nfs4_ol_stateid *stp; 1821 struct nfs4_delegation *dp; 1822 1823 switch (stid->sc_type) { 1824 case SC_TYPE_OPEN: 1825 stp = openlockstateid(stid); 1826 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 1827 revoke_ol_stid(clp, stp); 1828 mutex_unlock(&stp->st_mutex); 1829 break; 1830 case SC_TYPE_LOCK: 1831 stp = openlockstateid(stid); 1832 mutex_lock_nested(&stp->st_mutex, LOCK_STATEID_MUTEX); 1833 revoke_ol_stid(clp, stp); 1834 mutex_unlock(&stp->st_mutex); 1835 break; 1836 case SC_TYPE_DELEG: 1837 /* 1838 * Extra reference guards against concurrent FREE_STATEID. 1839 */ 1840 refcount_inc(&stid->sc_count); 1841 dp = delegstateid(stid); 1842 spin_lock(&nn->deleg_lock); 1843 if (!unhash_delegation_locked(dp, SC_STATUS_ADMIN_REVOKED)) 1844 dp = NULL; 1845 spin_unlock(&nn->deleg_lock); 1846 if (dp) { 1847 revoke_delegation(dp); 1848 drop_stid_export(clp, stid); 1849 } else 1850 nfs4_put_stid(stid); 1851 break; 1852 case SC_TYPE_LAYOUT: 1853 spin_lock(&clp->cl_lock); 1854 if (stid->sc_status == 0) { 1855 stid->sc_status |= SC_STATUS_ADMIN_REVOKED; 1856 atomic_inc(&clp->cl_admin_revoked); 1857 } 1858 spin_unlock(&clp->cl_lock); 1859 nfsd4_close_layout(layoutstateid(stid)); 1860 drop_stid_export(clp, stid); 1861 break; 1862 } 1863 } 1864 1865 /** 1866 * nfsd4_revoke_states - revoke all nfsv4 states associated with given filesystem 1867 * @nn: used to identify instance of nfsd (there is one per net namespace) 1868 * @sb: super_block used to identify target filesystem 1869 * 1870 * All nfs4 states (open, lock, delegation, layout) held by the server instance 1871 * and associated with a file on the given filesystem will be revoked resulting 1872 * in any files being closed and so all references from nfsd to the filesystem 1873 * being released. Thus nfsd will no longer prevent the filesystem from being 1874 * unmounted. 1875 * 1876 * The clients which own the states will subsequently being notified that the 1877 * states have been "admin-revoked". 1878 */ 1879 void nfsd4_revoke_states(struct nfsd_net *nn, struct super_block *sb) 1880 { 1881 unsigned int idhashval; 1882 unsigned int sc_types; 1883 1884 sc_types = SC_TYPE_OPEN | SC_TYPE_LOCK | SC_TYPE_DELEG | SC_TYPE_LAYOUT; 1885 1886 spin_lock(&nn->client_lock); 1887 for (idhashval = 0; idhashval < CLIENT_HASH_SIZE; idhashval++) { 1888 struct list_head *head = &nn->conf_id_hashtbl[idhashval]; 1889 struct nfs4_client *clp; 1890 retry: 1891 list_for_each_entry(clp, head, cl_idhash) { 1892 struct nfs4_stid *stid = find_one_sb_stid(clp, sb, 1893 sc_types); 1894 if (stid) { 1895 spin_unlock(&nn->client_lock); 1896 revoke_one_stid(nn, clp, stid); 1897 nfs4_put_stid(stid); 1898 spin_lock(&nn->client_lock); 1899 if (clp->cl_minorversion == 0) 1900 /* Allow cleanup after a lease period. 1901 * store_release ensures cleanup will 1902 * see any newly revoked states if it 1903 * sees the time updated. 1904 */ 1905 nn->nfs40_last_revoke = 1906 ktime_get_boottime_seconds(); 1907 goto retry; 1908 } 1909 } 1910 } 1911 spin_unlock(&nn->client_lock); 1912 } 1913 1914 static struct nfs4_stid *find_one_export_stid(struct nfs4_client *clp, 1915 const struct path *path, 1916 unsigned int sc_types) 1917 { 1918 unsigned long id = 0; 1919 struct nfs4_stid *stid; 1920 1921 spin_lock(&clp->cl_lock); 1922 while ((stid = idr_get_next_ul(&clp->cl_stateids, &id)) != NULL) { 1923 if ((stid->sc_type & sc_types) && 1924 stid->sc_status == 0 && 1925 stid->sc_export && 1926 path_equal(&stid->sc_export->ex_path, path)) { 1927 refcount_inc(&stid->sc_count); 1928 break; 1929 } 1930 id++; 1931 } 1932 spin_unlock(&clp->cl_lock); 1933 return stid; 1934 } 1935 1936 /** 1937 * nfsd4_revoke_export_states - revoke nfsv4 states acquired through an export 1938 * @nn: used to identify instance of nfsd (there is one per net namespace) 1939 * @path: export path whose states should be revoked 1940 * 1941 * All nfs4 states (open, lock, delegation, layout) acquired through any 1942 * export matching @path are revoked, regardless of which client holds 1943 * them. Matching is by path identity (dentry + vfsmount), so multiple 1944 * svc_export objects for the same path -- one per auth_domain -- are 1945 * handled correctly. 1946 * 1947 * Userspace (exportfs -u) sends this after removing the last client 1948 * for a path, enabling the underlying filesystem to be unmounted. 1949 */ 1950 void nfsd4_revoke_export_states(struct nfsd_net *nn, const struct path *path) 1951 { 1952 unsigned int idhashval; 1953 unsigned int sc_types; 1954 1955 sc_types = SC_TYPE_OPEN | SC_TYPE_LOCK | SC_TYPE_DELEG | SC_TYPE_LAYOUT; 1956 1957 spin_lock(&nn->client_lock); 1958 for (idhashval = 0; idhashval < CLIENT_HASH_SIZE; idhashval++) { 1959 struct list_head *head = &nn->conf_id_hashtbl[idhashval]; 1960 struct nfs4_client *clp; 1961 retry: 1962 list_for_each_entry(clp, head, cl_idhash) { 1963 struct nfs4_stid *stid = find_one_export_stid( 1964 clp, path, 1965 sc_types); 1966 if (stid) { 1967 spin_unlock(&nn->client_lock); 1968 revoke_one_stid(nn, clp, stid); 1969 nfs4_put_stid(stid); 1970 spin_lock(&nn->client_lock); 1971 if (clp->cl_minorversion == 0) 1972 nn->nfs40_last_revoke = 1973 ktime_get_boottime_seconds(); 1974 goto retry; 1975 } 1976 } 1977 } 1978 spin_unlock(&nn->client_lock); 1979 } 1980 1981 static inline int 1982 hash_sessionid(struct nfs4_sessionid *sessionid) 1983 { 1984 struct nfsd4_sessionid *sid = (struct nfsd4_sessionid *)sessionid; 1985 1986 return sid->sequence % SESSION_HASH_SIZE; 1987 } 1988 1989 #ifdef CONFIG_SUNRPC_DEBUG 1990 static inline void 1991 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) 1992 { 1993 u32 *ptr = (u32 *)(&sessionid->data[0]); 1994 dprintk("%s: %u:%u:%u:%u\n", fn, ptr[0], ptr[1], ptr[2], ptr[3]); 1995 } 1996 #else 1997 static inline void 1998 dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) 1999 { 2000 } 2001 #endif 2002 2003 /* 2004 * Bump the seqid on cstate->replay_owner, and clear replay_owner if it 2005 * won't be used for replay. 2006 */ 2007 void nfsd4_bump_seqid(struct nfsd4_compound_state *cstate, __be32 nfserr) 2008 { 2009 struct nfs4_stateowner *so = cstate->replay_owner; 2010 2011 if (nfserr == nfserr_replay_me) 2012 return; 2013 2014 if (!seqid_mutating_err(ntohl(nfserr))) { 2015 nfsd4_cstate_clear_replay(cstate); 2016 return; 2017 } 2018 if (!so) 2019 return; 2020 if (so->so_is_open_owner) 2021 release_last_closed_stateid(openowner(so)); 2022 so->so_seqid++; 2023 return; 2024 } 2025 2026 static void 2027 gen_sessionid(struct nfsd4_session *ses) 2028 { 2029 struct nfs4_client *clp = ses->se_client; 2030 struct nfsd4_sessionid *sid; 2031 2032 sid = (struct nfsd4_sessionid *)ses->se_sessionid.data; 2033 sid->clientid = clp->cl_clientid; 2034 sid->sequence = current_sessionid++; 2035 sid->reserved = 0; 2036 } 2037 2038 /* 2039 * The protocol defines ca_maxresponssize_cached to include the size of 2040 * the rpc header, but all we need to cache is the data starting after 2041 * the end of the initial SEQUENCE operation--the rest we regenerate 2042 * each time. Therefore we can advertise a ca_maxresponssize_cached 2043 * value that is the number of bytes in our cache plus a few additional 2044 * bytes. In order to stay on the safe side, and not promise more than 2045 * we can cache, those additional bytes must be the minimum possible: 24 2046 * bytes of rpc header (xid through accept state, with AUTH_NULL 2047 * verifier), 12 for the compound header (with zero-length tag), and 44 2048 * for the SEQUENCE op response: 2049 */ 2050 #define NFSD_MIN_HDR_SEQ_SZ (24 + 12 + 44) 2051 2052 static struct shrinker *nfsd_slot_shrinker; 2053 static DEFINE_SPINLOCK(nfsd_session_list_lock); 2054 static LIST_HEAD(nfsd_session_list); 2055 /* The sum of "target_slots-1" on every session. The shrinker can push this 2056 * down, though it can take a little while for the memory to actually 2057 * be freed. The "-1" is because we can never free slot 0 while the 2058 * session is active. 2059 */ 2060 static atomic_t nfsd_total_target_slots = ATOMIC_INIT(0); 2061 2062 static void 2063 free_session_slots(struct nfsd4_session *ses, int from) 2064 { 2065 int i; 2066 2067 if (from >= ses->se_fchannel.maxreqs) 2068 return; 2069 2070 for (i = from; i < ses->se_fchannel.maxreqs; i++) { 2071 struct nfsd4_slot *slot = xa_load(&ses->se_slots, i); 2072 2073 /* 2074 * Save the seqid in case we reactivate this slot. 2075 * This will never require a memory allocation so GFP 2076 * flag is irrelevant 2077 */ 2078 xa_store(&ses->se_slots, i, xa_mk_value(slot->sl_seqid), 0); 2079 free_svc_cred(&slot->sl_cred); 2080 kfree(slot); 2081 } 2082 ses->se_fchannel.maxreqs = from; 2083 if (ses->se_target_maxslots > from) { 2084 int new_target = from ?: 1; 2085 atomic_sub(ses->se_target_maxslots - new_target, &nfsd_total_target_slots); 2086 ses->se_target_maxslots = new_target; 2087 } 2088 } 2089 2090 /** 2091 * reduce_session_slots - reduce the target max-slots of a session if possible 2092 * @ses: The session to affect 2093 * @dec: how much to decrease the target by 2094 * 2095 * This interface can be used by a shrinker to reduce the target max-slots 2096 * for a session so that some slots can eventually be freed. 2097 * It uses spin_trylock() as it may be called in a context where another 2098 * spinlock is held that has a dependency on client_lock. As shrinkers are 2099 * best-effort, skiping a session is client_lock is already held has no 2100 * great coast 2101 * 2102 * Return value: 2103 * The number of slots that the target was reduced by. 2104 */ 2105 static int 2106 reduce_session_slots(struct nfsd4_session *ses, int dec) 2107 { 2108 struct nfsd_net *nn = net_generic(ses->se_client->net, 2109 nfsd_net_id); 2110 int ret = 0; 2111 2112 if (ses->se_target_maxslots <= 1) 2113 return ret; 2114 if (!spin_trylock(&nn->client_lock)) 2115 return ret; 2116 ret = min(dec, ses->se_target_maxslots-1); 2117 ses->se_target_maxslots -= ret; 2118 atomic_sub(ret, &nfsd_total_target_slots); 2119 ses->se_slot_gen += 1; 2120 if (ses->se_slot_gen == 0) { 2121 int i; 2122 ses->se_slot_gen = 1; 2123 for (i = 0; i < ses->se_fchannel.maxreqs; i++) { 2124 struct nfsd4_slot *slot = xa_load(&ses->se_slots, i); 2125 slot->sl_generation = 0; 2126 } 2127 } 2128 spin_unlock(&nn->client_lock); 2129 return ret; 2130 } 2131 2132 static struct nfsd4_slot *nfsd4_alloc_slot(struct nfsd4_channel_attrs *fattrs, 2133 int index, gfp_t gfp) 2134 { 2135 struct nfsd4_slot *slot; 2136 size_t size; 2137 2138 /* 2139 * The RPC and NFS session headers are never saved in 2140 * the slot reply cache buffer. 2141 */ 2142 size = fattrs->maxresp_cached < NFSD_MIN_HDR_SEQ_SZ ? 2143 0 : fattrs->maxresp_cached - NFSD_MIN_HDR_SEQ_SZ; 2144 2145 slot = kzalloc_flex(*slot, sl_data, size, gfp); 2146 if (!slot) 2147 return NULL; 2148 slot->sl_index = index; 2149 return slot; 2150 } 2151 2152 static struct nfsd4_session *alloc_session(struct nfsd4_channel_attrs *fattrs, 2153 struct nfsd4_channel_attrs *battrs) 2154 { 2155 int numslots = fattrs->maxreqs; 2156 struct nfsd4_session *new; 2157 struct nfsd4_slot *slot; 2158 int i; 2159 2160 new = kzalloc_obj(*new); 2161 if (!new) 2162 return NULL; 2163 xa_init(&new->se_slots); 2164 2165 slot = nfsd4_alloc_slot(fattrs, 0, GFP_KERNEL); 2166 if (!slot || xa_is_err(xa_store(&new->se_slots, 0, slot, GFP_KERNEL))) 2167 goto out_free; 2168 2169 for (i = 1; i < numslots; i++) { 2170 const gfp_t gfp = GFP_KERNEL | __GFP_NORETRY | __GFP_NOWARN; 2171 slot = nfsd4_alloc_slot(fattrs, i, gfp); 2172 if (!slot) 2173 break; 2174 if (xa_is_err(xa_store(&new->se_slots, i, slot, gfp))) { 2175 kfree(slot); 2176 break; 2177 } 2178 } 2179 fattrs->maxreqs = i; 2180 memcpy(&new->se_fchannel, fattrs, sizeof(struct nfsd4_channel_attrs)); 2181 new->se_target_maxslots = i; 2182 atomic_add(i - 1, &nfsd_total_target_slots); 2183 new->se_cb_slot_avail = ~0U; 2184 new->se_cb_highest_slot = min(battrs->maxreqs - 1, 2185 NFSD_BC_SLOT_TABLE_SIZE - 1); 2186 spin_lock_init(&new->se_lock); 2187 return new; 2188 out_free: 2189 kfree(slot); 2190 xa_destroy(&new->se_slots); 2191 kfree(new); 2192 return NULL; 2193 } 2194 2195 static void free_conn(struct nfsd4_conn *c) 2196 { 2197 svc_xprt_put(c->cn_xprt); 2198 kfree(c); 2199 } 2200 2201 static void nfsd4_conn_lost(struct svc_xpt_user *u) 2202 { 2203 struct nfsd4_conn *c = container_of(u, struct nfsd4_conn, cn_xpt_user); 2204 struct nfs4_client *clp = c->cn_session->se_client; 2205 2206 trace_nfsd_cb_lost(clp); 2207 2208 spin_lock(&clp->cl_lock); 2209 if (!list_empty(&c->cn_persession)) { 2210 list_del(&c->cn_persession); 2211 free_conn(c); 2212 } 2213 nfsd4_probe_callback(clp); 2214 spin_unlock(&clp->cl_lock); 2215 } 2216 2217 static struct nfsd4_conn *alloc_conn(struct svc_rqst *rqstp, u32 flags) 2218 { 2219 struct nfsd4_conn *conn; 2220 2221 conn = kmalloc_obj(struct nfsd4_conn); 2222 if (!conn) 2223 return NULL; 2224 svc_xprt_get(rqstp->rq_xprt); 2225 conn->cn_xprt = rqstp->rq_xprt; 2226 conn->cn_flags = flags; 2227 INIT_LIST_HEAD(&conn->cn_xpt_user.list); 2228 return conn; 2229 } 2230 2231 static void __nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses) 2232 { 2233 conn->cn_session = ses; 2234 list_add(&conn->cn_persession, &ses->se_conns); 2235 } 2236 2237 static void nfsd4_hash_conn(struct nfsd4_conn *conn, struct nfsd4_session *ses) 2238 { 2239 struct nfs4_client *clp = ses->se_client; 2240 2241 spin_lock(&clp->cl_lock); 2242 __nfsd4_hash_conn(conn, ses); 2243 spin_unlock(&clp->cl_lock); 2244 } 2245 2246 static int nfsd4_register_conn(struct nfsd4_conn *conn) 2247 { 2248 conn->cn_xpt_user.callback = nfsd4_conn_lost; 2249 return register_xpt_user(conn->cn_xprt, &conn->cn_xpt_user); 2250 } 2251 2252 static void nfsd4_init_conn(struct svc_rqst *rqstp, struct nfsd4_conn *conn, struct nfsd4_session *ses) 2253 { 2254 int ret; 2255 2256 nfsd4_hash_conn(conn, ses); 2257 ret = nfsd4_register_conn(conn); 2258 if (ret) 2259 /* oops; xprt is already down: */ 2260 nfsd4_conn_lost(&conn->cn_xpt_user); 2261 /* We may have gained or lost a callback channel: */ 2262 nfsd4_probe_callback_sync(ses->se_client); 2263 } 2264 2265 static struct nfsd4_conn *alloc_conn_from_crses(struct svc_rqst *rqstp, struct nfsd4_create_session *cses) 2266 { 2267 u32 dir = NFS4_CDFC4_FORE; 2268 2269 if (cses->flags & SESSION4_BACK_CHAN) 2270 dir |= NFS4_CDFC4_BACK; 2271 return alloc_conn(rqstp, dir); 2272 } 2273 2274 /* must be called under client_lock */ 2275 static void nfsd4_del_conns(struct nfsd4_session *s) 2276 { 2277 struct nfs4_client *clp = s->se_client; 2278 struct nfsd4_conn *c; 2279 2280 spin_lock(&clp->cl_lock); 2281 while (!list_empty(&s->se_conns)) { 2282 c = list_first_entry(&s->se_conns, struct nfsd4_conn, cn_persession); 2283 list_del_init(&c->cn_persession); 2284 spin_unlock(&clp->cl_lock); 2285 2286 unregister_xpt_user(c->cn_xprt, &c->cn_xpt_user); 2287 free_conn(c); 2288 2289 spin_lock(&clp->cl_lock); 2290 } 2291 spin_unlock(&clp->cl_lock); 2292 } 2293 2294 static void __free_session(struct nfsd4_session *ses) 2295 { 2296 free_session_slots(ses, 0); 2297 xa_destroy(&ses->se_slots); 2298 kfree(ses); 2299 } 2300 2301 static void free_session(struct nfsd4_session *ses) 2302 { 2303 nfsd4_del_conns(ses); 2304 __free_session(ses); 2305 } 2306 2307 static unsigned long 2308 nfsd_slot_count(struct shrinker *s, struct shrink_control *sc) 2309 { 2310 unsigned long cnt = atomic_read(&nfsd_total_target_slots); 2311 2312 return cnt ? cnt : SHRINK_EMPTY; 2313 } 2314 2315 static unsigned long 2316 nfsd_slot_scan(struct shrinker *s, struct shrink_control *sc) 2317 { 2318 struct nfsd4_session *ses; 2319 unsigned long scanned = 0; 2320 unsigned long freed = 0; 2321 2322 spin_lock(&nfsd_session_list_lock); 2323 list_for_each_entry(ses, &nfsd_session_list, se_all_sessions) { 2324 freed += reduce_session_slots(ses, 1); 2325 scanned += 1; 2326 if (scanned >= sc->nr_to_scan) { 2327 /* Move starting point for next scan */ 2328 list_move(&nfsd_session_list, &ses->se_all_sessions); 2329 break; 2330 } 2331 } 2332 spin_unlock(&nfsd_session_list_lock); 2333 sc->nr_scanned = scanned; 2334 return freed; 2335 } 2336 2337 static void init_session(struct svc_rqst *rqstp, struct nfsd4_session *new, struct nfs4_client *clp, struct nfsd4_create_session *cses) 2338 { 2339 int idx; 2340 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 2341 2342 new->se_client = clp; 2343 gen_sessionid(new); 2344 2345 INIT_LIST_HEAD(&new->se_conns); 2346 2347 atomic_set(&new->se_ref, 0); 2348 new->se_dead = false; 2349 new->se_cb_prog = cses->callback_prog; 2350 new->se_cb_sec = cses->cb_sec; 2351 2352 for (idx = 0; idx < NFSD_BC_SLOT_TABLE_SIZE; ++idx) 2353 new->se_cb_seq_nr[idx] = 1; 2354 2355 idx = hash_sessionid(&new->se_sessionid); 2356 list_add(&new->se_hash, &nn->sessionid_hashtbl[idx]); 2357 spin_lock(&clp->cl_lock); 2358 list_add(&new->se_perclnt, &clp->cl_sessions); 2359 spin_unlock(&clp->cl_lock); 2360 2361 spin_lock(&nfsd_session_list_lock); 2362 list_add_tail(&new->se_all_sessions, &nfsd_session_list); 2363 spin_unlock(&nfsd_session_list_lock); 2364 2365 { 2366 struct sockaddr *sa = svc_addr(rqstp); 2367 /* 2368 * This is a little silly; with sessions there's no real 2369 * use for the callback address. Use the peer address 2370 * as a reasonable default for now, but consider fixing 2371 * the rpc client not to require an address in the 2372 * future: 2373 */ 2374 rpc_copy_addr((struct sockaddr *)&clp->cl_cb_conn.cb_addr, sa); 2375 clp->cl_cb_conn.cb_addrlen = svc_addr_len(sa); 2376 } 2377 } 2378 2379 /* caller must hold client_lock */ 2380 static struct nfsd4_session * 2381 __find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net) 2382 { 2383 struct nfsd4_session *elem; 2384 int idx; 2385 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 2386 2387 lockdep_assert_held(&nn->client_lock); 2388 2389 dump_sessionid(__func__, sessionid); 2390 idx = hash_sessionid(sessionid); 2391 /* Search in the appropriate list */ 2392 list_for_each_entry(elem, &nn->sessionid_hashtbl[idx], se_hash) { 2393 if (!memcmp(elem->se_sessionid.data, sessionid->data, 2394 NFS4_MAX_SESSIONID_LEN)) { 2395 return elem; 2396 } 2397 } 2398 2399 dprintk("%s: session not found\n", __func__); 2400 return NULL; 2401 } 2402 2403 static struct nfsd4_session * 2404 find_in_sessionid_hashtbl(struct nfs4_sessionid *sessionid, struct net *net, 2405 __be32 *ret) 2406 { 2407 struct nfsd4_session *session; 2408 __be32 status = nfserr_badsession; 2409 2410 session = __find_in_sessionid_hashtbl(sessionid, net); 2411 if (!session) 2412 goto out; 2413 status = nfsd4_get_session_locked(session); 2414 if (status) 2415 session = NULL; 2416 out: 2417 *ret = status; 2418 return session; 2419 } 2420 2421 /* caller must hold client_lock */ 2422 static void 2423 unhash_session(struct nfsd4_session *ses) 2424 { 2425 struct nfs4_client *clp = ses->se_client; 2426 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2427 2428 lockdep_assert_held(&nn->client_lock); 2429 2430 list_del(&ses->se_hash); 2431 spin_lock(&ses->se_client->cl_lock); 2432 list_del(&ses->se_perclnt); 2433 spin_unlock(&ses->se_client->cl_lock); 2434 spin_lock(&nfsd_session_list_lock); 2435 list_del(&ses->se_all_sessions); 2436 spin_unlock(&nfsd_session_list_lock); 2437 } 2438 2439 /* SETCLIENTID and SETCLIENTID_CONFIRM Helper functions */ 2440 static int 2441 STALE_CLIENTID(clientid_t *clid, struct nfsd_net *nn) 2442 { 2443 /* 2444 * We're assuming the clid was not given out from a boot 2445 * precisely 2^32 (about 136 years) before this one. That seems 2446 * a safe assumption: 2447 */ 2448 if (clid->cl_boot == (u32)nn->boot_time) 2449 return 0; 2450 trace_nfsd_clid_stale(clid); 2451 return 1; 2452 } 2453 2454 static struct nfs4_client *alloc_client(struct xdr_netobj name, 2455 struct nfsd_net *nn) 2456 { 2457 struct nfs4_client *clp; 2458 int i; 2459 2460 if (atomic_read(&nn->nfs4_client_count) >= nn->nfs4_max_clients && 2461 atomic_read(&nn->nfsd_courtesy_clients) > 0) 2462 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 2463 2464 clp = kmem_cache_zalloc(client_slab, GFP_KERNEL); 2465 if (clp == NULL) 2466 return NULL; 2467 xdr_netobj_dup(&clp->cl_name, &name, GFP_KERNEL); 2468 if (clp->cl_name.data == NULL) 2469 goto err_no_name; 2470 clp->cl_ownerstr_hashtbl = kmalloc_objs(struct list_head, 2471 OWNER_HASH_SIZE); 2472 if (!clp->cl_ownerstr_hashtbl) 2473 goto err_no_hashtbl; 2474 clp->cl_callback_wq = alloc_ordered_workqueue("nfsd4_callbacks", 0); 2475 if (!clp->cl_callback_wq) 2476 goto err_no_callback_wq; 2477 2478 for (i = 0; i < OWNER_HASH_SIZE; i++) 2479 INIT_LIST_HEAD(&clp->cl_ownerstr_hashtbl[i]); 2480 INIT_LIST_HEAD(&clp->cl_sessions); 2481 idr_init(&clp->cl_stateids); 2482 atomic_set(&clp->cl_rpc_users, 0); 2483 clp->cl_cb_state = NFSD4_CB_UNKNOWN; 2484 clp->cl_state = NFSD4_ACTIVE; 2485 atomic_inc(&nn->nfs4_client_count); 2486 atomic_set(&clp->cl_delegs_in_recall, 0); 2487 INIT_LIST_HEAD(&clp->cl_idhash); 2488 INIT_LIST_HEAD(&clp->cl_openowners); 2489 INIT_LIST_HEAD(&clp->cl_delegations); 2490 INIT_LIST_HEAD(&clp->cl_lru); 2491 INIT_LIST_HEAD(&clp->cl_revoked); 2492 #ifdef CONFIG_NFSD_PNFS 2493 INIT_LIST_HEAD(&clp->cl_lo_states); 2494 #endif 2495 #ifdef CONFIG_NFSD_SCSILAYOUT 2496 xa_init(&clp->cl_dev_fences); 2497 mutex_init(&clp->cl_fence_mutex); 2498 #endif 2499 INIT_LIST_HEAD(&clp->async_copies); 2500 spin_lock_init(&clp->async_lock); 2501 spin_lock_init(&clp->cl_lock); 2502 rpc_init_wait_queue(&clp->cl_cb_waitq, "Backchannel slot table"); 2503 return clp; 2504 err_no_callback_wq: 2505 kfree(clp->cl_ownerstr_hashtbl); 2506 err_no_hashtbl: 2507 kfree(clp->cl_name.data); 2508 err_no_name: 2509 kmem_cache_free(client_slab, clp); 2510 return NULL; 2511 } 2512 2513 static void __free_client(struct kref *k) 2514 { 2515 struct nfsdfs_client *c = container_of(k, struct nfsdfs_client, cl_ref); 2516 struct nfs4_client *clp = container_of(c, struct nfs4_client, cl_nfsdfs); 2517 2518 free_svc_cred(&clp->cl_cred); 2519 destroy_workqueue(clp->cl_callback_wq); 2520 kfree(clp->cl_ownerstr_hashtbl); 2521 kfree(clp->cl_name.data); 2522 kfree(clp->cl_nii_domain.data); 2523 kfree(clp->cl_nii_name.data); 2524 idr_destroy(&clp->cl_stateids); 2525 kfree(clp->cl_ra); 2526 kmem_cache_free(client_slab, clp); 2527 } 2528 2529 /** 2530 * nfsd4_put_client - release a reference on an nfs4_client 2531 * @clp: the client to be released 2532 * 2533 * When the last reference is released, the client is freed. 2534 */ 2535 void nfsd4_put_client(struct nfs4_client *clp) 2536 { 2537 kref_put(&clp->cl_nfsdfs.cl_ref, __free_client); 2538 } 2539 2540 static void 2541 free_client(struct nfs4_client *clp) 2542 { 2543 while (!list_empty(&clp->cl_sessions)) { 2544 struct nfsd4_session *ses; 2545 ses = list_entry(clp->cl_sessions.next, struct nfsd4_session, 2546 se_perclnt); 2547 list_del(&ses->se_perclnt); 2548 WARN_ON_ONCE(atomic_read(&ses->se_ref)); 2549 free_session(ses); 2550 } 2551 rpc_destroy_wait_queue(&clp->cl_cb_waitq); 2552 if (clp->cl_nfsd_dentry) { 2553 nfsd_client_rmdir(clp->cl_nfsd_dentry); 2554 clp->cl_nfsd_dentry = NULL; 2555 wake_up_all(&expiry_wq); 2556 } 2557 nfsd4_put_client(clp); 2558 } 2559 2560 /* must be called under the client_lock */ 2561 static void 2562 unhash_client_locked(struct nfs4_client *clp) 2563 { 2564 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2565 struct nfsd4_session *ses; 2566 2567 lockdep_assert_held(&nn->client_lock); 2568 2569 /* Mark the client as expired! */ 2570 clp->cl_time = 0; 2571 /* Make it invisible */ 2572 if (!list_empty(&clp->cl_idhash)) { 2573 list_del_init(&clp->cl_idhash); 2574 if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags)) 2575 rb_erase(&clp->cl_namenode, &nn->conf_name_tree); 2576 else 2577 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); 2578 } 2579 list_del_init(&clp->cl_lru); 2580 spin_lock(&clp->cl_lock); 2581 spin_lock(&nfsd_session_list_lock); 2582 list_for_each_entry(ses, &clp->cl_sessions, se_perclnt) { 2583 list_del_init(&ses->se_hash); 2584 list_del_init(&ses->se_all_sessions); 2585 } 2586 spin_unlock(&nfsd_session_list_lock); 2587 spin_unlock(&clp->cl_lock); 2588 } 2589 2590 static void 2591 unhash_client(struct nfs4_client *clp) 2592 { 2593 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2594 2595 spin_lock(&nn->client_lock); 2596 unhash_client_locked(clp); 2597 spin_unlock(&nn->client_lock); 2598 } 2599 2600 static __be32 mark_client_expired_locked(struct nfs4_client *clp) 2601 { 2602 int users = atomic_read(&clp->cl_rpc_users); 2603 2604 trace_nfsd_mark_client_expired(clp, users); 2605 2606 if (users) 2607 return nfserr_jukebox; 2608 unhash_client_locked(clp); 2609 return nfs_ok; 2610 } 2611 2612 static void 2613 __destroy_client(struct nfs4_client *clp) 2614 { 2615 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2616 int i; 2617 struct nfs4_openowner *oo; 2618 struct nfs4_delegation *dp; 2619 LIST_HEAD(reaplist); 2620 2621 spin_lock(&nn->deleg_lock); 2622 while (!list_empty(&clp->cl_delegations)) { 2623 dp = list_entry(clp->cl_delegations.next, struct nfs4_delegation, dl_perclnt); 2624 unhash_delegation_locked(dp, SC_STATUS_CLOSED); 2625 list_add(&dp->dl_recall_lru, &reaplist); 2626 } 2627 spin_unlock(&nn->deleg_lock); 2628 while (!list_empty(&reaplist)) { 2629 dp = list_entry(reaplist.next, struct nfs4_delegation, dl_recall_lru); 2630 list_del_init(&dp->dl_recall_lru); 2631 destroy_unhashed_deleg(dp); 2632 } 2633 while (!list_empty(&clp->cl_revoked)) { 2634 dp = list_entry(clp->cl_revoked.next, struct nfs4_delegation, dl_recall_lru); 2635 list_del_init(&dp->dl_recall_lru); 2636 nfs4_put_stid(&dp->dl_stid); 2637 } 2638 while (!list_empty(&clp->cl_openowners)) { 2639 oo = list_entry(clp->cl_openowners.next, struct nfs4_openowner, oo_perclient); 2640 nfs4_get_stateowner(&oo->oo_owner); 2641 release_openowner(oo); 2642 } 2643 for (i = 0; i < OWNER_HASH_SIZE; i++) { 2644 struct nfs4_stateowner *so, *tmp; 2645 2646 list_for_each_entry_safe(so, tmp, &clp->cl_ownerstr_hashtbl[i], 2647 so_strhash) { 2648 /* Should be no openowners at this point */ 2649 WARN_ON_ONCE(so->so_is_open_owner); 2650 remove_blocked_locks(lockowner(so)); 2651 } 2652 } 2653 nfsd4_return_all_client_layouts(clp); 2654 nfsd4_shutdown_copy(clp); 2655 nfsd4_shutdown_callback(clp); 2656 if (clp->cl_cb_conn.cb_xprt) 2657 svc_xprt_put(clp->cl_cb_conn.cb_xprt); 2658 atomic_add_unless(&nn->nfs4_client_count, -1, 0); 2659 nfsd4_dec_courtesy_client_count(nn, clp); 2660 #ifdef CONFIG_NFSD_SCSILAYOUT 2661 xa_destroy(&clp->cl_dev_fences); 2662 #endif 2663 free_client(clp); 2664 wake_up_all(&expiry_wq); 2665 } 2666 2667 static void 2668 destroy_client(struct nfs4_client *clp) 2669 { 2670 unhash_client(clp); 2671 __destroy_client(clp); 2672 } 2673 2674 static void inc_reclaim_complete(struct nfs4_client *clp) 2675 { 2676 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 2677 2678 if (!nn->track_reclaim_completes) 2679 return; 2680 if (!nfsd4_find_reclaim_client(clp->cl_name, nn)) 2681 return; 2682 if (atomic_inc_return(&nn->nr_reclaim_complete) == 2683 nn->reclaim_str_hashtbl_size) { 2684 printk(KERN_INFO "NFSD: all clients done reclaiming, ending NFSv4 grace period (net %x)\n", 2685 clp->net->ns.inum); 2686 nfsd4_end_grace(nn); 2687 } 2688 } 2689 2690 static void expire_client(struct nfs4_client *clp) 2691 { 2692 unhash_client(clp); 2693 nfsd4_client_record_remove(clp); 2694 __destroy_client(clp); 2695 } 2696 2697 static void copy_verf(struct nfs4_client *target, nfs4_verifier *source) 2698 { 2699 memcpy(target->cl_verifier.data, source->data, 2700 sizeof(target->cl_verifier.data)); 2701 } 2702 2703 static void copy_clid(struct nfs4_client *target, struct nfs4_client *source) 2704 { 2705 target->cl_clientid.cl_boot = source->cl_clientid.cl_boot; 2706 target->cl_clientid.cl_id = source->cl_clientid.cl_id; 2707 } 2708 2709 static int copy_cred(struct svc_cred *target, struct svc_cred *source) 2710 { 2711 target->cr_principal = kstrdup(source->cr_principal, GFP_KERNEL); 2712 target->cr_raw_principal = kstrdup(source->cr_raw_principal, 2713 GFP_KERNEL); 2714 target->cr_targ_princ = kstrdup(source->cr_targ_princ, GFP_KERNEL); 2715 if ((source->cr_principal && !target->cr_principal) || 2716 (source->cr_raw_principal && !target->cr_raw_principal) || 2717 (source->cr_targ_princ && !target->cr_targ_princ)) 2718 return -ENOMEM; 2719 2720 target->cr_flavor = source->cr_flavor; 2721 target->cr_uid = source->cr_uid; 2722 target->cr_gid = source->cr_gid; 2723 target->cr_group_info = source->cr_group_info; 2724 get_group_info(target->cr_group_info); 2725 target->cr_gss_mech = source->cr_gss_mech; 2726 if (source->cr_gss_mech) 2727 gss_mech_get(source->cr_gss_mech); 2728 return 0; 2729 } 2730 2731 static int 2732 compare_blob(const struct xdr_netobj *o1, const struct xdr_netobj *o2) 2733 { 2734 if (o1->len < o2->len) 2735 return -1; 2736 if (o1->len > o2->len) 2737 return 1; 2738 return memcmp(o1->data, o2->data, o1->len); 2739 } 2740 2741 static int 2742 same_verf(nfs4_verifier *v1, nfs4_verifier *v2) 2743 { 2744 return 0 == memcmp(v1->data, v2->data, sizeof(v1->data)); 2745 } 2746 2747 static int 2748 same_clid(clientid_t *cl1, clientid_t *cl2) 2749 { 2750 return (cl1->cl_boot == cl2->cl_boot) && (cl1->cl_id == cl2->cl_id); 2751 } 2752 2753 static bool groups_equal(struct group_info *g1, struct group_info *g2) 2754 { 2755 int i; 2756 2757 if (g1->ngroups != g2->ngroups) 2758 return false; 2759 for (i=0; i<g1->ngroups; i++) 2760 if (!gid_eq(g1->gid[i], g2->gid[i])) 2761 return false; 2762 return true; 2763 } 2764 2765 /* 2766 * RFC 3530 language requires clid_inuse be returned when the 2767 * "principal" associated with a requests differs from that previously 2768 * used. We use uid, gid's, and gss principal string as our best 2769 * approximation. We also don't want to allow non-gss use of a client 2770 * established using gss: in theory cr_principal should catch that 2771 * change, but in practice cr_principal can be null even in the gss case 2772 * since gssd doesn't always pass down a principal string. 2773 */ 2774 static bool is_gss_cred(struct svc_cred *cr) 2775 { 2776 /* Is cr_flavor one of the gss "pseudoflavors"?: */ 2777 return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR); 2778 } 2779 2780 2781 static bool 2782 same_creds(struct svc_cred *cr1, struct svc_cred *cr2) 2783 { 2784 if ((is_gss_cred(cr1) != is_gss_cred(cr2)) 2785 || (!uid_eq(cr1->cr_uid, cr2->cr_uid)) 2786 || (!gid_eq(cr1->cr_gid, cr2->cr_gid)) 2787 || !groups_equal(cr1->cr_group_info, cr2->cr_group_info)) 2788 return false; 2789 /* XXX: check that cr_targ_princ fields match ? */ 2790 if (cr1->cr_principal == cr2->cr_principal) 2791 return true; 2792 if (!cr1->cr_principal || !cr2->cr_principal) 2793 return false; 2794 return 0 == strcmp(cr1->cr_principal, cr2->cr_principal); 2795 } 2796 2797 static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp) 2798 { 2799 struct svc_cred *cr = &rqstp->rq_cred; 2800 u32 service; 2801 2802 if (!cr->cr_gss_mech) 2803 return false; 2804 service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor); 2805 return service == RPC_GSS_SVC_INTEGRITY || 2806 service == RPC_GSS_SVC_PRIVACY; 2807 } 2808 2809 bool nfsd4_mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp) 2810 { 2811 struct svc_cred *cr = &rqstp->rq_cred; 2812 2813 if (!cl->cl_mach_cred) 2814 return true; 2815 if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech) 2816 return false; 2817 if (!svc_rqst_integrity_protected(rqstp)) 2818 return false; 2819 if (cl->cl_cred.cr_raw_principal) 2820 return 0 == strcmp(cl->cl_cred.cr_raw_principal, 2821 cr->cr_raw_principal); 2822 if (!cr->cr_principal) 2823 return false; 2824 return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal); 2825 } 2826 2827 static void gen_confirm(struct nfs4_client *clp, struct nfsd_net *nn) 2828 { 2829 __be32 verf[2]; 2830 2831 /* 2832 * This is opaque to client, so no need to byte-swap. Use 2833 * __force to keep sparse happy 2834 */ 2835 verf[0] = (__force __be32)(u32)ktime_get_real_seconds(); 2836 verf[1] = (__force __be32)nn->clverifier_counter++; 2837 memcpy(clp->cl_confirm.data, verf, sizeof(clp->cl_confirm.data)); 2838 } 2839 2840 static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn) 2841 { 2842 clp->cl_clientid.cl_boot = (u32)nn->boot_time; 2843 clp->cl_clientid.cl_id = nn->clientid_counter++; 2844 gen_confirm(clp, nn); 2845 } 2846 2847 static struct nfs4_stid * 2848 find_stateid_locked(struct nfs4_client *cl, stateid_t *t) 2849 { 2850 struct nfs4_stid *ret; 2851 2852 ret = idr_find(&cl->cl_stateids, t->si_opaque.so_id); 2853 if (!ret || !ret->sc_type) 2854 return NULL; 2855 return ret; 2856 } 2857 2858 static struct nfs4_stid * 2859 find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, 2860 unsigned short typemask, unsigned short ok_states) 2861 { 2862 struct nfs4_stid *s; 2863 2864 spin_lock(&cl->cl_lock); 2865 s = find_stateid_locked(cl, t); 2866 if (s != NULL) { 2867 if ((s->sc_status & ~ok_states) == 0 && 2868 (typemask & s->sc_type)) 2869 refcount_inc(&s->sc_count); 2870 else 2871 s = NULL; 2872 } 2873 spin_unlock(&cl->cl_lock); 2874 return s; 2875 } 2876 2877 static struct nfs4_client *get_nfsdfs_clp(struct inode *inode) 2878 { 2879 struct nfsdfs_client *nc; 2880 nc = get_nfsdfs_client(inode); 2881 if (!nc) 2882 return NULL; 2883 return container_of(nc, struct nfs4_client, cl_nfsdfs); 2884 } 2885 2886 static void seq_quote_mem(struct seq_file *m, char *data, int len) 2887 { 2888 seq_puts(m, "\""); 2889 seq_escape_mem(m, data, len, ESCAPE_HEX | ESCAPE_NAP | ESCAPE_APPEND, "\"\\"); 2890 seq_puts(m, "\""); 2891 } 2892 2893 static const char *cb_state2str(int state) 2894 { 2895 switch (state) { 2896 case NFSD4_CB_UP: 2897 return "UP"; 2898 case NFSD4_CB_UNKNOWN: 2899 return "UNKNOWN"; 2900 case NFSD4_CB_DOWN: 2901 return "DOWN"; 2902 case NFSD4_CB_FAULT: 2903 return "FAULT"; 2904 } 2905 return "UNDEFINED"; 2906 } 2907 2908 static int client_info_show(struct seq_file *m, void *v) 2909 { 2910 struct inode *inode = file_inode(m->file); 2911 struct nfsd4_session *ses; 2912 struct nfs4_client *clp; 2913 u64 clid; 2914 2915 clp = get_nfsdfs_clp(inode); 2916 if (!clp) 2917 return -ENXIO; 2918 memcpy(&clid, &clp->cl_clientid, sizeof(clid)); 2919 seq_printf(m, "clientid: 0x%llx\n", clid); 2920 seq_printf(m, "address: \"%pISpc\"\n", (struct sockaddr *)&clp->cl_addr); 2921 2922 if (clp->cl_state == NFSD4_COURTESY) 2923 seq_puts(m, "status: courtesy\n"); 2924 else if (clp->cl_state == NFSD4_EXPIRABLE) 2925 seq_puts(m, "status: expirable\n"); 2926 else if (test_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags)) 2927 seq_puts(m, "status: confirmed\n"); 2928 else 2929 seq_puts(m, "status: unconfirmed\n"); 2930 seq_printf(m, "seconds from last renew: %lld\n", 2931 ktime_get_boottime_seconds() - clp->cl_time); 2932 seq_puts(m, "name: "); 2933 seq_quote_mem(m, clp->cl_name.data, clp->cl_name.len); 2934 seq_printf(m, "\nminor version: %d\n", clp->cl_minorversion); 2935 if (clp->cl_nii_domain.data) { 2936 seq_puts(m, "Implementation domain: "); 2937 seq_quote_mem(m, clp->cl_nii_domain.data, 2938 clp->cl_nii_domain.len); 2939 seq_puts(m, "\nImplementation name: "); 2940 seq_quote_mem(m, clp->cl_nii_name.data, clp->cl_nii_name.len); 2941 seq_printf(m, "\nImplementation time: [%lld, %ld]\n", 2942 clp->cl_nii_time.tv_sec, clp->cl_nii_time.tv_nsec); 2943 } 2944 seq_printf(m, "callback state: %s\n", cb_state2str(clp->cl_cb_state)); 2945 seq_printf(m, "callback address: \"%pISpc\"\n", &clp->cl_cb_conn.cb_addr); 2946 seq_printf(m, "admin-revoked states: %d\n", 2947 atomic_read(&clp->cl_admin_revoked)); 2948 spin_lock(&clp->cl_lock); 2949 seq_printf(m, "session slots:"); 2950 list_for_each_entry(ses, &clp->cl_sessions, se_perclnt) 2951 seq_printf(m, " %u", ses->se_fchannel.maxreqs); 2952 seq_printf(m, "\nsession target slots:"); 2953 list_for_each_entry(ses, &clp->cl_sessions, se_perclnt) 2954 seq_printf(m, " %u", ses->se_target_maxslots); 2955 spin_unlock(&clp->cl_lock); 2956 seq_puts(m, "\n"); 2957 2958 nfsd4_put_client(clp); 2959 2960 return 0; 2961 } 2962 2963 DEFINE_SHOW_ATTRIBUTE(client_info); 2964 2965 static void *states_start(struct seq_file *s, loff_t *pos) 2966 __acquires(&clp->cl_lock) 2967 { 2968 struct nfs4_client *clp = s->private; 2969 unsigned long id = *pos; 2970 void *ret; 2971 2972 spin_lock(&clp->cl_lock); 2973 ret = idr_get_next_ul(&clp->cl_stateids, &id); 2974 *pos = id; 2975 return ret; 2976 } 2977 2978 static void *states_next(struct seq_file *s, void *v, loff_t *pos) 2979 { 2980 struct nfs4_client *clp = s->private; 2981 unsigned long id = *pos; 2982 void *ret; 2983 2984 id = *pos; 2985 id++; 2986 ret = idr_get_next_ul(&clp->cl_stateids, &id); 2987 *pos = id; 2988 return ret; 2989 } 2990 2991 static void states_stop(struct seq_file *s, void *v) 2992 __releases(&clp->cl_lock) 2993 { 2994 struct nfs4_client *clp = s->private; 2995 2996 spin_unlock(&clp->cl_lock); 2997 } 2998 2999 static void nfs4_show_fname(struct seq_file *s, struct nfsd_file *f) 3000 { 3001 seq_printf(s, "filename: \"%pD2\"", f->nf_file); 3002 } 3003 3004 static void nfs4_show_superblock(struct seq_file *s, struct nfsd_file *f) 3005 { 3006 struct inode *inode = file_inode(f->nf_file); 3007 3008 seq_printf(s, "superblock: \"%02x:%02x:%llu\"", 3009 MAJOR(inode->i_sb->s_dev), 3010 MINOR(inode->i_sb->s_dev), 3011 inode->i_ino); 3012 } 3013 3014 static void nfs4_show_owner(struct seq_file *s, struct nfs4_stateowner *oo) 3015 { 3016 seq_puts(s, "owner: "); 3017 seq_quote_mem(s, oo->so_owner.data, oo->so_owner.len); 3018 } 3019 3020 static void nfs4_show_stateid(struct seq_file *s, stateid_t *stid) 3021 { 3022 seq_printf(s, "0x%.8x", stid->si_generation); 3023 seq_printf(s, "%12phN", &stid->si_opaque); 3024 } 3025 3026 static int nfs4_show_open(struct seq_file *s, struct nfs4_stid *st) 3027 { 3028 struct nfs4_ol_stateid *ols; 3029 struct nfs4_file *nf; 3030 struct nfsd_file *file; 3031 struct nfs4_stateowner *oo; 3032 unsigned int access, deny; 3033 3034 ols = openlockstateid(st); 3035 oo = ols->st_stateowner; 3036 nf = st->sc_file; 3037 3038 seq_puts(s, "- "); 3039 nfs4_show_stateid(s, &st->sc_stateid); 3040 seq_puts(s, ": { type: open, "); 3041 3042 access = bmap_to_share_mode(ols->st_access_bmap); 3043 deny = bmap_to_share_mode(ols->st_deny_bmap); 3044 3045 seq_printf(s, "access: %s%s, ", 3046 access & NFS4_SHARE_ACCESS_READ ? "r" : "-", 3047 access & NFS4_SHARE_ACCESS_WRITE ? "w" : "-"); 3048 seq_printf(s, "deny: %s%s, ", 3049 deny & NFS4_SHARE_ACCESS_READ ? "r" : "-", 3050 deny & NFS4_SHARE_ACCESS_WRITE ? "w" : "-"); 3051 3052 if (nf) { 3053 spin_lock(&nf->fi_lock); 3054 file = find_any_file_locked(nf); 3055 if (file) { 3056 nfs4_show_superblock(s, file); 3057 seq_puts(s, ", "); 3058 nfs4_show_fname(s, file); 3059 seq_puts(s, ", "); 3060 } 3061 spin_unlock(&nf->fi_lock); 3062 } else 3063 seq_puts(s, "closed, "); 3064 nfs4_show_owner(s, oo); 3065 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 3066 seq_puts(s, ", admin-revoked"); 3067 seq_puts(s, " }\n"); 3068 return 0; 3069 } 3070 3071 static int nfs4_show_lock(struct seq_file *s, struct nfs4_stid *st) 3072 { 3073 struct nfs4_ol_stateid *ols; 3074 struct nfs4_file *nf; 3075 struct nfsd_file *file; 3076 struct nfs4_stateowner *oo; 3077 3078 ols = openlockstateid(st); 3079 oo = ols->st_stateowner; 3080 nf = st->sc_file; 3081 3082 seq_puts(s, "- "); 3083 nfs4_show_stateid(s, &st->sc_stateid); 3084 seq_puts(s, ": { type: lock, "); 3085 3086 spin_lock(&nf->fi_lock); 3087 file = find_any_file_locked(nf); 3088 if (file) { 3089 /* 3090 * Note: a lock stateid isn't really the same thing as a lock, 3091 * it's the locking state held by one owner on a file, and there 3092 * may be multiple (or no) lock ranges associated with it. 3093 * (Same for the matter is true of open stateids.) 3094 */ 3095 3096 nfs4_show_superblock(s, file); 3097 /* XXX: open stateid? */ 3098 seq_puts(s, ", "); 3099 nfs4_show_fname(s, file); 3100 seq_puts(s, ", "); 3101 } 3102 nfs4_show_owner(s, oo); 3103 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 3104 seq_puts(s, ", admin-revoked"); 3105 seq_puts(s, " }\n"); 3106 spin_unlock(&nf->fi_lock); 3107 return 0; 3108 } 3109 3110 static char *nfs4_show_deleg_type(u32 dl_type) 3111 { 3112 switch (dl_type) { 3113 case OPEN_DELEGATE_READ: 3114 return "r"; 3115 case OPEN_DELEGATE_WRITE: 3116 return "w"; 3117 case OPEN_DELEGATE_READ_ATTRS_DELEG: 3118 return "ra"; 3119 case OPEN_DELEGATE_WRITE_ATTRS_DELEG: 3120 return "wa"; 3121 } 3122 return "?"; 3123 } 3124 3125 static int nfs4_show_deleg(struct seq_file *s, struct nfs4_stid *st) 3126 { 3127 struct nfs4_delegation *ds; 3128 struct nfs4_file *nf; 3129 struct nfsd_file *file; 3130 3131 ds = delegstateid(st); 3132 nf = st->sc_file; 3133 3134 seq_puts(s, "- "); 3135 nfs4_show_stateid(s, &st->sc_stateid); 3136 seq_puts(s, ": { type: deleg, "); 3137 3138 seq_printf(s, "access: %s", nfs4_show_deleg_type(ds->dl_type)); 3139 3140 /* XXX: lease time, whether it's being recalled. */ 3141 3142 spin_lock(&nf->fi_lock); 3143 file = nf->fi_deleg_file; 3144 if (file) { 3145 seq_puts(s, ", "); 3146 nfs4_show_superblock(s, file); 3147 seq_puts(s, ", "); 3148 nfs4_show_fname(s, file); 3149 } 3150 spin_unlock(&nf->fi_lock); 3151 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 3152 seq_puts(s, ", admin-revoked"); 3153 seq_puts(s, " }\n"); 3154 return 0; 3155 } 3156 3157 static int nfs4_show_layout(struct seq_file *s, struct nfs4_stid *st) 3158 { 3159 struct nfs4_layout_stateid *ls; 3160 struct nfsd_file *file; 3161 3162 ls = container_of(st, struct nfs4_layout_stateid, ls_stid); 3163 3164 seq_puts(s, "- "); 3165 nfs4_show_stateid(s, &st->sc_stateid); 3166 seq_puts(s, ": { type: layout"); 3167 3168 /* XXX: What else would be useful? */ 3169 3170 spin_lock(&ls->ls_stid.sc_file->fi_lock); 3171 file = ls->ls_file; 3172 if (file) { 3173 seq_puts(s, ", "); 3174 nfs4_show_superblock(s, file); 3175 seq_puts(s, ", "); 3176 nfs4_show_fname(s, file); 3177 } 3178 spin_unlock(&ls->ls_stid.sc_file->fi_lock); 3179 if (st->sc_status & SC_STATUS_ADMIN_REVOKED) 3180 seq_puts(s, ", admin-revoked"); 3181 seq_puts(s, " }\n"); 3182 3183 return 0; 3184 } 3185 3186 static int states_show(struct seq_file *s, void *v) 3187 { 3188 struct nfs4_stid *st = v; 3189 3190 switch (st->sc_type) { 3191 case SC_TYPE_OPEN: 3192 return nfs4_show_open(s, st); 3193 case SC_TYPE_LOCK: 3194 return nfs4_show_lock(s, st); 3195 case SC_TYPE_DELEG: 3196 return nfs4_show_deleg(s, st); 3197 case SC_TYPE_LAYOUT: 3198 return nfs4_show_layout(s, st); 3199 default: 3200 return 0; /* XXX: or SEQ_SKIP? */ 3201 } 3202 /* XXX: copy stateids? */ 3203 } 3204 3205 static struct seq_operations states_seq_ops = { 3206 .start = states_start, 3207 .next = states_next, 3208 .stop = states_stop, 3209 .show = states_show 3210 }; 3211 3212 static int client_states_open(struct inode *inode, struct file *file) 3213 { 3214 struct seq_file *s; 3215 struct nfs4_client *clp; 3216 int ret; 3217 3218 clp = get_nfsdfs_clp(inode); 3219 if (!clp) 3220 return -ENXIO; 3221 3222 ret = seq_open(file, &states_seq_ops); 3223 if (ret) { 3224 nfsd4_put_client(clp); 3225 return ret; 3226 } 3227 s = file->private_data; 3228 s->private = clp; 3229 return 0; 3230 } 3231 3232 static int client_opens_release(struct inode *inode, struct file *file) 3233 { 3234 struct seq_file *m = file->private_data; 3235 struct nfs4_client *clp = m->private; 3236 3237 /* XXX: alternatively, we could get/drop in seq start/stop */ 3238 nfsd4_put_client(clp); 3239 return seq_release(inode, file); 3240 } 3241 3242 static const struct file_operations client_states_fops = { 3243 .open = client_states_open, 3244 .read = seq_read, 3245 .llseek = seq_lseek, 3246 .release = client_opens_release, 3247 }; 3248 3249 /* 3250 * Normally we refuse to destroy clients that are in use, but here the 3251 * administrator is telling us to just do it. We also want to wait 3252 * so the caller has a guarantee that the client's locks are gone by 3253 * the time the write returns: 3254 */ 3255 static void force_expire_client(struct nfs4_client *clp) 3256 { 3257 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3258 bool already_expired; 3259 3260 trace_nfsd_clid_admin_expired(&clp->cl_clientid); 3261 3262 spin_lock(&nn->client_lock); 3263 clp->cl_time = 0; 3264 spin_unlock(&nn->client_lock); 3265 3266 wait_event(expiry_wq, atomic_read(&clp->cl_rpc_users) == 0); 3267 spin_lock(&nn->client_lock); 3268 already_expired = list_empty(&clp->cl_lru); 3269 if (!already_expired) 3270 unhash_client_locked(clp); 3271 spin_unlock(&nn->client_lock); 3272 3273 if (!already_expired) 3274 expire_client(clp); 3275 else 3276 wait_event(expiry_wq, clp->cl_nfsd_dentry == NULL); 3277 } 3278 3279 static ssize_t client_ctl_write(struct file *file, const char __user *buf, 3280 size_t size, loff_t *pos) 3281 { 3282 char *data; 3283 struct nfs4_client *clp; 3284 3285 data = simple_transaction_get(file, buf, size); 3286 if (IS_ERR(data)) 3287 return PTR_ERR(data); 3288 if (size != 7 || 0 != memcmp(data, "expire\n", 7)) 3289 return -EINVAL; 3290 clp = get_nfsdfs_clp(file_inode(file)); 3291 if (!clp) 3292 return -ENXIO; 3293 force_expire_client(clp); 3294 nfsd4_put_client(clp); 3295 return 7; 3296 } 3297 3298 static const struct file_operations client_ctl_fops = { 3299 .write = client_ctl_write, 3300 .release = simple_transaction_release, 3301 }; 3302 3303 static const struct tree_descr client_files[] = { 3304 [0] = {"info", &client_info_fops, S_IRUSR}, 3305 [1] = {"states", &client_states_fops, S_IRUSR}, 3306 [2] = {"ctl", &client_ctl_fops, S_IWUSR}, 3307 [3] = {""}, 3308 }; 3309 3310 static int 3311 nfsd4_cb_recall_any_done(struct nfsd4_callback *cb, 3312 struct rpc_task *task) 3313 { 3314 trace_nfsd_cb_recall_any_done(cb, task); 3315 switch (task->tk_status) { 3316 case -NFS4ERR_DELAY: 3317 rpc_delay(task, 2 * HZ); 3318 return 0; 3319 default: 3320 return 1; 3321 } 3322 } 3323 3324 static void 3325 nfsd4_cb_recall_any_release(struct nfsd4_callback *cb) 3326 { 3327 struct nfs4_client *clp = cb->cb_clp; 3328 3329 nfsd4_put_client(clp); 3330 } 3331 3332 static int 3333 nfsd4_cb_getattr_done(struct nfsd4_callback *cb, struct rpc_task *task) 3334 { 3335 struct nfs4_cb_fattr *ncf = 3336 container_of(cb, struct nfs4_cb_fattr, ncf_getattr); 3337 struct nfs4_delegation *dp = 3338 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3339 3340 trace_nfsd_cb_getattr_done(&dp->dl_stid.sc_stateid, task); 3341 ncf->ncf_cb_status = task->tk_status; 3342 switch (task->tk_status) { 3343 case -NFS4ERR_DELAY: 3344 rpc_delay(task, 2 * HZ); 3345 return 0; 3346 default: 3347 return 1; 3348 } 3349 } 3350 3351 static void 3352 nfsd4_cb_getattr_release(struct nfsd4_callback *cb) 3353 { 3354 struct nfs4_cb_fattr *ncf = 3355 container_of(cb, struct nfs4_cb_fattr, ncf_getattr); 3356 struct nfs4_delegation *dp = 3357 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3358 3359 nfs4_put_stid(&dp->dl_stid); 3360 } 3361 3362 static const struct nfsd4_callback_ops nfsd4_cb_recall_any_ops = { 3363 .done = nfsd4_cb_recall_any_done, 3364 .release = nfsd4_cb_recall_any_release, 3365 .opcode = OP_CB_RECALL_ANY, 3366 }; 3367 3368 static const struct nfsd4_callback_ops nfsd4_cb_getattr_ops = { 3369 .done = nfsd4_cb_getattr_done, 3370 .release = nfsd4_cb_getattr_release, 3371 .opcode = OP_CB_GETATTR, 3372 }; 3373 3374 static void nfs4_cb_getattr(struct nfs4_cb_fattr *ncf) 3375 { 3376 struct nfs4_delegation *dp = 3377 container_of(ncf, struct nfs4_delegation, dl_cb_fattr); 3378 3379 if (test_and_set_bit(NFSD4_CALLBACK_RUNNING, &ncf->ncf_getattr.cb_flags)) 3380 return; 3381 3382 /* set to proper status when nfsd4_cb_getattr_done runs */ 3383 ncf->ncf_cb_status = NFS4ERR_IO; 3384 3385 /* ensure that wake_bit is done when RUNNING is cleared */ 3386 set_bit(NFSD4_CALLBACK_WAKE, &ncf->ncf_getattr.cb_flags); 3387 3388 refcount_inc(&dp->dl_stid.sc_count); 3389 nfsd4_run_cb(&ncf->ncf_getattr); 3390 } 3391 3392 static struct nfs4_client *create_client(struct xdr_netobj name, 3393 struct svc_rqst *rqstp, nfs4_verifier *verf) 3394 { 3395 struct nfs4_client *clp; 3396 struct sockaddr *sa = svc_addr(rqstp); 3397 int ret; 3398 struct net *net = SVC_NET(rqstp); 3399 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 3400 struct dentry *dentries[ARRAY_SIZE(client_files)]; 3401 3402 clp = alloc_client(name, nn); 3403 if (clp == NULL) 3404 return NULL; 3405 3406 ret = copy_cred(&clp->cl_cred, &rqstp->rq_cred); 3407 if (ret) { 3408 free_client(clp); 3409 return NULL; 3410 } 3411 gen_clid(clp, nn); 3412 kref_init(&clp->cl_nfsdfs.cl_ref); 3413 nfsd4_init_cb(&clp->cl_cb_null, clp, NULL, NFSPROC4_CLNT_CB_NULL); 3414 clp->cl_time = ktime_get_boottime_seconds(); 3415 copy_verf(clp, verf); 3416 memcpy(&clp->cl_addr, sa, sizeof(struct sockaddr_storage)); 3417 clp->cl_cb_session = NULL; 3418 clp->net = net; 3419 clp->cl_nfsd_dentry = nfsd_client_mkdir( 3420 nn, &clp->cl_nfsdfs, 3421 clp->cl_clientid.cl_id - nn->clientid_base, 3422 client_files, dentries); 3423 clp->cl_nfsd_info_dentry = dentries[0]; 3424 if (!clp->cl_nfsd_dentry) { 3425 free_client(clp); 3426 return NULL; 3427 } 3428 clp->cl_ra = kzalloc_obj(*clp->cl_ra); 3429 if (!clp->cl_ra) { 3430 free_client(clp); 3431 return NULL; 3432 } 3433 clp->cl_ra_time = 0; 3434 nfsd4_init_cb(&clp->cl_ra->ra_cb, clp, &nfsd4_cb_recall_any_ops, 3435 NFSPROC4_CLNT_CB_RECALL_ANY); 3436 return clp; 3437 } 3438 3439 static void 3440 add_clp_to_name_tree(struct nfs4_client *new_clp, struct rb_root *root) 3441 { 3442 struct rb_node **new = &(root->rb_node), *parent = NULL; 3443 struct nfs4_client *clp; 3444 3445 while (*new) { 3446 clp = rb_entry(*new, struct nfs4_client, cl_namenode); 3447 parent = *new; 3448 3449 if (compare_blob(&clp->cl_name, &new_clp->cl_name) > 0) 3450 new = &((*new)->rb_left); 3451 else 3452 new = &((*new)->rb_right); 3453 } 3454 3455 rb_link_node(&new_clp->cl_namenode, parent, new); 3456 rb_insert_color(&new_clp->cl_namenode, root); 3457 } 3458 3459 static struct nfs4_client * 3460 find_clp_in_name_tree(struct xdr_netobj *name, struct rb_root *root) 3461 { 3462 int cmp; 3463 struct rb_node *node = root->rb_node; 3464 struct nfs4_client *clp; 3465 3466 while (node) { 3467 clp = rb_entry(node, struct nfs4_client, cl_namenode); 3468 cmp = compare_blob(&clp->cl_name, name); 3469 if (cmp > 0) 3470 node = node->rb_left; 3471 else if (cmp < 0) 3472 node = node->rb_right; 3473 else 3474 return clp; 3475 } 3476 return NULL; 3477 } 3478 3479 static void 3480 add_to_unconfirmed(struct nfs4_client *clp) 3481 { 3482 unsigned int idhashval; 3483 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3484 3485 lockdep_assert_held(&nn->client_lock); 3486 3487 clear_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); 3488 add_clp_to_name_tree(clp, &nn->unconf_name_tree); 3489 idhashval = clientid_hashval(clp->cl_clientid.cl_id); 3490 list_add(&clp->cl_idhash, &nn->unconf_id_hashtbl[idhashval]); 3491 renew_client_locked(clp); 3492 } 3493 3494 static void 3495 move_to_confirmed(struct nfs4_client *clp) 3496 { 3497 unsigned int idhashval = clientid_hashval(clp->cl_clientid.cl_id); 3498 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 3499 3500 lockdep_assert_held(&nn->client_lock); 3501 3502 list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]); 3503 rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); 3504 add_clp_to_name_tree(clp, &nn->conf_name_tree); 3505 set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); 3506 trace_nfsd_clid_confirmed(&clp->cl_clientid); 3507 renew_client_locked(clp); 3508 } 3509 3510 static struct nfs4_client * 3511 find_client_in_id_table(struct list_head *tbl, clientid_t *clid, bool sessions) 3512 { 3513 struct nfs4_client *clp; 3514 unsigned int idhashval = clientid_hashval(clid->cl_id); 3515 3516 list_for_each_entry(clp, &tbl[idhashval], cl_idhash) { 3517 if (same_clid(&clp->cl_clientid, clid)) { 3518 if ((bool)clp->cl_minorversion != sessions) 3519 return NULL; 3520 renew_client_locked(clp); 3521 return clp; 3522 } 3523 } 3524 return NULL; 3525 } 3526 3527 static struct nfs4_client * 3528 find_confirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn) 3529 { 3530 struct list_head *tbl = nn->conf_id_hashtbl; 3531 3532 lockdep_assert_held(&nn->client_lock); 3533 return find_client_in_id_table(tbl, clid, sessions); 3534 } 3535 3536 static struct nfs4_client * 3537 find_unconfirmed_client(clientid_t *clid, bool sessions, struct nfsd_net *nn) 3538 { 3539 struct list_head *tbl = nn->unconf_id_hashtbl; 3540 3541 lockdep_assert_held(&nn->client_lock); 3542 return find_client_in_id_table(tbl, clid, sessions); 3543 } 3544 3545 static bool clp_used_exchangeid(struct nfs4_client *clp) 3546 { 3547 return clp->cl_exchange_flags != 0; 3548 } 3549 3550 static struct nfs4_client * 3551 find_confirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn) 3552 { 3553 lockdep_assert_held(&nn->client_lock); 3554 return find_clp_in_name_tree(name, &nn->conf_name_tree); 3555 } 3556 3557 static struct nfs4_client * 3558 find_unconfirmed_client_by_name(struct xdr_netobj *name, struct nfsd_net *nn) 3559 { 3560 lockdep_assert_held(&nn->client_lock); 3561 return find_clp_in_name_tree(name, &nn->unconf_name_tree); 3562 } 3563 3564 static void 3565 gen_callback(struct nfs4_client *clp, struct nfsd4_setclientid *se, struct svc_rqst *rqstp) 3566 { 3567 struct nfs4_cb_conn *conn = &clp->cl_cb_conn; 3568 struct sockaddr *sa = svc_addr(rqstp); 3569 u32 scopeid = rpc_get_scope_id(sa); 3570 unsigned short expected_family; 3571 3572 /* Currently, we only support tcp and tcp6 for the callback channel */ 3573 if (se->se_callback_netid_len == 3 && 3574 !memcmp(se->se_callback_netid_val, "tcp", 3)) 3575 expected_family = AF_INET; 3576 else if (se->se_callback_netid_len == 4 && 3577 !memcmp(se->se_callback_netid_val, "tcp6", 4)) 3578 expected_family = AF_INET6; 3579 else 3580 goto out_err; 3581 3582 conn->cb_addrlen = rpc_uaddr2sockaddr(clp->net, se->se_callback_addr_val, 3583 se->se_callback_addr_len, 3584 (struct sockaddr *)&conn->cb_addr, 3585 sizeof(conn->cb_addr)); 3586 3587 if (!conn->cb_addrlen || conn->cb_addr.ss_family != expected_family) 3588 goto out_err; 3589 3590 if (conn->cb_addr.ss_family == AF_INET6) 3591 ((struct sockaddr_in6 *)&conn->cb_addr)->sin6_scope_id = scopeid; 3592 3593 conn->cb_prog = se->se_callback_prog; 3594 conn->cb_ident = se->se_callback_ident; 3595 memcpy(&conn->cb_saddr, &rqstp->rq_daddr, rqstp->rq_daddrlen); 3596 trace_nfsd_cb_args(clp, conn); 3597 return; 3598 out_err: 3599 conn->cb_addr.ss_family = AF_UNSPEC; 3600 conn->cb_addrlen = 0; 3601 trace_nfsd_cb_nodelegs(clp); 3602 return; 3603 } 3604 3605 /* 3606 * Cache a reply. nfsd4_check_resp_size() has bounded the cache size. 3607 */ 3608 static void 3609 nfsd4_store_cache_entry(struct nfsd4_compoundres *resp) 3610 { 3611 struct xdr_buf *buf = resp->xdr->buf; 3612 struct nfsd4_slot *slot = resp->cstate.slot; 3613 unsigned int base; 3614 3615 /* 3616 * RFC 5661 Section 2.10.6.1.2: 3617 * 3618 * Any time SEQUENCE ... returns an error ... [t]he replier MUST NOT 3619 * modify the reply cache entry for the slot whenever an error is 3620 * returned from SEQUENCE ... 3621 * 3622 * Because nfsd4_store_cache_entry is called only by 3623 * nfsd4_sequence_done(), nfsd4_store_cache_entry() is called only 3624 * when a SEQUENCE operation was part of the COMPOUND. 3625 * nfs41_check_op_ordering() ensures SEQUENCE is the first op. 3626 */ 3627 if (resp->opcnt == 1 && resp->cstate.status != nfs_ok) 3628 return; 3629 3630 slot->sl_flags |= NFSD4_SLOT_INITIALIZED; 3631 slot->sl_opcnt = resp->opcnt; 3632 slot->sl_status = resp->cstate.status; 3633 free_svc_cred(&slot->sl_cred); 3634 copy_cred(&slot->sl_cred, &resp->rqstp->rq_cred); 3635 3636 if (!(resp->cstate.slot->sl_flags & NFSD4_SLOT_CACHETHIS)) { 3637 slot->sl_flags &= ~NFSD4_SLOT_CACHED; 3638 return; 3639 } 3640 slot->sl_flags |= NFSD4_SLOT_CACHED; 3641 3642 base = resp->cstate.data_offset; 3643 slot->sl_datalen = buf->len - base; 3644 if (read_bytes_from_xdr_buf(buf, base, slot->sl_data, slot->sl_datalen)) 3645 WARN(1, "%s: sessions DRC could not cache compound\n", 3646 __func__); 3647 return; 3648 } 3649 3650 /* 3651 * The sequence operation is not cached because we can use the slot and 3652 * session values. 3653 */ 3654 static __be32 3655 nfsd4_replay_cache_entry(struct nfsd4_compoundres *resp, 3656 struct nfsd4_sequence *seq) 3657 { 3658 struct nfsd4_compoundargs *args = resp->rqstp->rq_argp; 3659 struct nfsd4_slot *slot = resp->cstate.slot; 3660 struct xdr_stream *xdr = resp->xdr; 3661 __be32 *p; 3662 3663 dprintk("--> %s slot %p\n", __func__, slot); 3664 3665 /* Always encode the SEQUENCE response. */ 3666 nfsd4_encode_operation(resp, &args->ops[0]); 3667 if (args->opcnt == 1) 3668 /* A solo SEQUENCE - nothing was cached */ 3669 return args->ops[0].status; 3670 3671 if (!(slot->sl_flags & NFSD4_SLOT_CACHED)) { 3672 /* We weren't asked to cache this. */ 3673 struct nfsd4_op *op; 3674 3675 op = &args->ops[resp->opcnt++]; 3676 op->status = nfserr_retry_uncached_rep; 3677 nfsd4_encode_operation(resp, op); 3678 return op->status; 3679 } 3680 3681 /* return reply from cache */ 3682 p = xdr_reserve_space(xdr, slot->sl_datalen); 3683 if (!p) { 3684 WARN_ON_ONCE(1); 3685 return nfserr_serverfault; 3686 } 3687 xdr_encode_opaque_fixed(p, slot->sl_data, slot->sl_datalen); 3688 xdr_commit_encode(xdr); 3689 3690 resp->opcnt = slot->sl_opcnt; 3691 return slot->sl_status; 3692 } 3693 3694 /* 3695 * Set the exchange_id flags returned by the server. 3696 */ 3697 static void 3698 nfsd4_set_ex_flags(struct nfs4_client *new, struct nfsd4_exchange_id *clid) 3699 { 3700 #ifdef CONFIG_NFSD_PNFS 3701 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_PNFS_MDS; 3702 #else 3703 new->cl_exchange_flags |= EXCHGID4_FLAG_USE_NON_PNFS; 3704 #endif 3705 3706 /* Referrals are supported, Migration is not. */ 3707 new->cl_exchange_flags |= EXCHGID4_FLAG_SUPP_MOVED_REFER; 3708 3709 /* set the wire flags to return to client. */ 3710 clid->flags = new->cl_exchange_flags; 3711 } 3712 3713 static bool client_has_openowners(struct nfs4_client *clp) 3714 { 3715 struct nfs4_openowner *oo; 3716 3717 list_for_each_entry(oo, &clp->cl_openowners, oo_perclient) { 3718 if (!list_empty(&oo->oo_owner.so_stateids)) 3719 return true; 3720 } 3721 return false; 3722 } 3723 3724 static bool client_has_state(struct nfs4_client *clp) 3725 { 3726 return client_has_openowners(clp) 3727 #ifdef CONFIG_NFSD_PNFS 3728 || !list_empty(&clp->cl_lo_states) 3729 #endif 3730 || !list_empty(&clp->cl_delegations) 3731 || !list_empty(&clp->cl_sessions) 3732 || nfsd4_has_active_async_copies(clp); 3733 } 3734 3735 static __be32 copy_impl_id(struct nfs4_client *clp, 3736 struct nfsd4_exchange_id *exid) 3737 { 3738 if (!exid->nii_domain.data) 3739 return 0; 3740 xdr_netobj_dup(&clp->cl_nii_domain, &exid->nii_domain, GFP_KERNEL); 3741 if (!clp->cl_nii_domain.data) 3742 return nfserr_jukebox; 3743 xdr_netobj_dup(&clp->cl_nii_name, &exid->nii_name, GFP_KERNEL); 3744 if (!clp->cl_nii_name.data) 3745 return nfserr_jukebox; 3746 clp->cl_nii_time = exid->nii_time; 3747 return 0; 3748 } 3749 3750 __be32 3751 nfsd4_exchange_id(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 3752 union nfsd4_op_u *u) 3753 { 3754 struct nfsd4_exchange_id *exid = &u->exchange_id; 3755 struct nfs4_client *conf, *new; 3756 struct nfs4_client *unconf = NULL; 3757 __be32 status; 3758 char addr_str[INET6_ADDRSTRLEN]; 3759 nfs4_verifier verf = exid->verifier; 3760 struct sockaddr *sa = svc_addr(rqstp); 3761 bool update = exid->flags & EXCHGID4_FLAG_UPD_CONFIRMED_REC_A; 3762 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 3763 3764 rpc_ntop(sa, addr_str, sizeof(addr_str)); 3765 dprintk("%s rqstp=%p exid=%p clname.len=%u clname.data=%p " 3766 "ip_addr=%s flags %x, spa_how %u\n", 3767 __func__, rqstp, exid, exid->clname.len, exid->clname.data, 3768 addr_str, exid->flags, exid->spa_how); 3769 3770 exid->server_impl_name = kasprintf(GFP_KERNEL, "%s %s %s %s", 3771 utsname()->sysname, utsname()->release, 3772 utsname()->version, utsname()->machine); 3773 if (!exid->server_impl_name) 3774 return nfserr_jukebox; 3775 3776 if (exid->flags & ~EXCHGID4_FLAG_MASK_A) 3777 return nfserr_inval; 3778 3779 new = create_client(exid->clname, rqstp, &verf); 3780 if (new == NULL) 3781 return nfserr_jukebox; 3782 status = copy_impl_id(new, exid); 3783 if (status) 3784 goto out_nolock; 3785 3786 switch (exid->spa_how) { 3787 case SP4_MACH_CRED: 3788 exid->spo_must_enforce[0] = 0; 3789 exid->spo_must_enforce[1] = ( 3790 1 << (OP_BIND_CONN_TO_SESSION - 32) | 3791 1 << (OP_EXCHANGE_ID - 32) | 3792 1 << (OP_CREATE_SESSION - 32) | 3793 1 << (OP_DESTROY_SESSION - 32) | 3794 1 << (OP_DESTROY_CLIENTID - 32)); 3795 3796 exid->spo_must_allow[0] &= (1 << (OP_CLOSE) | 3797 1 << (OP_OPEN_DOWNGRADE) | 3798 1 << (OP_LOCKU) | 3799 1 << (OP_DELEGRETURN)); 3800 3801 exid->spo_must_allow[1] &= ( 3802 1 << (OP_TEST_STATEID - 32) | 3803 1 << (OP_FREE_STATEID - 32)); 3804 if (!svc_rqst_integrity_protected(rqstp)) { 3805 status = nfserr_inval; 3806 goto out_nolock; 3807 } 3808 /* 3809 * Sometimes userspace doesn't give us a principal. 3810 * Which is a bug, really. Anyway, we can't enforce 3811 * MACH_CRED in that case, better to give up now: 3812 */ 3813 if (!new->cl_cred.cr_principal && 3814 !new->cl_cred.cr_raw_principal) { 3815 status = nfserr_serverfault; 3816 goto out_nolock; 3817 } 3818 new->cl_mach_cred = true; 3819 break; 3820 case SP4_NONE: 3821 break; 3822 default: /* checked by xdr code */ 3823 WARN_ON_ONCE(1); 3824 fallthrough; 3825 case SP4_SSV: 3826 status = nfserr_encr_alg_unsupp; 3827 goto out_nolock; 3828 } 3829 3830 /* Cases below refer to rfc 5661 section 18.35.4: */ 3831 spin_lock(&nn->client_lock); 3832 conf = find_confirmed_client_by_name(&exid->clname, nn); 3833 if (conf) { 3834 bool creds_match = same_creds(&conf->cl_cred, &rqstp->rq_cred); 3835 bool verfs_match = same_verf(&verf, &conf->cl_verifier); 3836 3837 if (update) { 3838 if (!clp_used_exchangeid(conf)) { /* buggy client */ 3839 status = nfserr_inval; 3840 goto out; 3841 } 3842 if (!nfsd4_mach_creds_match(conf, rqstp)) { 3843 status = nfserr_wrong_cred; 3844 goto out; 3845 } 3846 if (!creds_match) { /* case 9 */ 3847 status = nfserr_perm; 3848 goto out; 3849 } 3850 if (!verfs_match) { /* case 8 */ 3851 status = nfserr_not_same; 3852 goto out; 3853 } 3854 /* case 6 */ 3855 exid->flags |= EXCHGID4_FLAG_CONFIRMED_R; 3856 trace_nfsd_clid_confirmed_r(conf); 3857 goto out_copy; 3858 } 3859 if (!creds_match) { /* case 3 */ 3860 if (client_has_state(conf)) { 3861 status = nfserr_clid_inuse; 3862 trace_nfsd_clid_cred_mismatch(conf, rqstp); 3863 goto out; 3864 } 3865 goto out_new; 3866 } 3867 if (verfs_match) { /* case 2 */ 3868 conf->cl_exchange_flags |= EXCHGID4_FLAG_CONFIRMED_R; 3869 trace_nfsd_clid_confirmed_r(conf); 3870 goto out_copy; 3871 } 3872 /* case 5, client reboot */ 3873 trace_nfsd_clid_verf_mismatch(conf, rqstp, &verf); 3874 conf = NULL; 3875 goto out_new; 3876 } 3877 3878 if (update) { /* case 7 */ 3879 status = nfserr_noent; 3880 goto out; 3881 } 3882 3883 unconf = find_unconfirmed_client_by_name(&exid->clname, nn); 3884 if (unconf) /* case 4, possible retry or client restart */ 3885 unhash_client_locked(unconf); 3886 3887 /* case 1, new owner ID */ 3888 trace_nfsd_clid_fresh(new); 3889 3890 out_new: 3891 if (conf) { 3892 status = mark_client_expired_locked(conf); 3893 if (status) 3894 goto out; 3895 trace_nfsd_clid_replaced(&conf->cl_clientid); 3896 } 3897 new->cl_minorversion = cstate->minorversion; 3898 new->cl_spo_must_allow.u.words[0] = exid->spo_must_allow[0]; 3899 new->cl_spo_must_allow.u.words[1] = exid->spo_must_allow[1]; 3900 3901 /* Contrived initial CREATE_SESSION response */ 3902 new->cl_cs_slot.sl_status = nfserr_seq_misordered; 3903 3904 add_to_unconfirmed(new); 3905 swap(new, conf); 3906 out_copy: 3907 exid->clientid.cl_boot = conf->cl_clientid.cl_boot; 3908 exid->clientid.cl_id = conf->cl_clientid.cl_id; 3909 3910 exid->seqid = conf->cl_cs_slot.sl_seqid + 1; 3911 nfsd4_set_ex_flags(conf, exid); 3912 3913 exid->nii_domain.len = sizeof("kernel.org") - 1; 3914 exid->nii_domain.data = "kernel.org"; 3915 3916 /* 3917 * Note that RFC 8881 places no length limit on 3918 * nii_name, but this implementation permits no 3919 * more than NFS4_OPAQUE_LIMIT bytes. 3920 */ 3921 exid->nii_name.len = strlen(exid->server_impl_name); 3922 if (exid->nii_name.len > NFS4_OPAQUE_LIMIT) 3923 exid->nii_name.len = NFS4_OPAQUE_LIMIT; 3924 exid->nii_name.data = exid->server_impl_name; 3925 3926 /* just send zeros - the date is in nii_name */ 3927 exid->nii_time.tv_sec = 0; 3928 exid->nii_time.tv_nsec = 0; 3929 3930 dprintk("nfsd4_exchange_id seqid %d flags %x\n", 3931 conf->cl_cs_slot.sl_seqid, conf->cl_exchange_flags); 3932 status = nfs_ok; 3933 3934 out: 3935 spin_unlock(&nn->client_lock); 3936 out_nolock: 3937 if (new) 3938 expire_client(new); 3939 if (unconf) { 3940 trace_nfsd_clid_expire_unconf(&unconf->cl_clientid); 3941 expire_client(unconf); 3942 } 3943 return status; 3944 } 3945 3946 void 3947 nfsd4_exchange_id_release(union nfsd4_op_u *u) 3948 { 3949 struct nfsd4_exchange_id *exid = &u->exchange_id; 3950 3951 kfree(exid->server_impl_name); 3952 } 3953 3954 static __be32 check_slot_seqid(u32 seqid, u32 slot_seqid, u8 flags) 3955 { 3956 /* The slot is in use, and no response has been sent. */ 3957 if (flags & NFSD4_SLOT_INUSE) { 3958 if (seqid == slot_seqid) 3959 return nfserr_jukebox; 3960 else 3961 return nfserr_seq_misordered; 3962 } 3963 /* Note unsigned 32-bit arithmetic handles wraparound: */ 3964 if (likely(seqid == slot_seqid + 1)) 3965 return nfs_ok; 3966 if ((flags & NFSD4_SLOT_REUSED) && seqid == 1) 3967 return nfs_ok; 3968 if (seqid == slot_seqid) 3969 return nfserr_replay_cache; 3970 return nfserr_seq_misordered; 3971 } 3972 3973 /* 3974 * Cache the create session result into the create session single DRC 3975 * slot cache by saving the xdr structure. sl_seqid has been set. 3976 * Do this for solo or embedded create session operations. 3977 */ 3978 static void 3979 nfsd4_cache_create_session(struct nfsd4_create_session *cr_ses, 3980 struct nfsd4_clid_slot *slot, __be32 nfserr) 3981 { 3982 slot->sl_status = nfserr; 3983 memcpy(&slot->sl_cr_ses, cr_ses, sizeof(*cr_ses)); 3984 } 3985 3986 static __be32 3987 nfsd4_replay_create_session(struct nfsd4_create_session *cr_ses, 3988 struct nfsd4_clid_slot *slot) 3989 { 3990 memcpy(cr_ses, &slot->sl_cr_ses, sizeof(*cr_ses)); 3991 return slot->sl_status; 3992 } 3993 3994 #define NFSD_MIN_REQ_HDR_SEQ_SZ ((\ 3995 2 * 2 + /* credential,verifier: AUTH_NULL, length 0 */ \ 3996 1 + /* MIN tag is length with zero, only length */ \ 3997 3 + /* version, opcount, opcode */ \ 3998 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \ 3999 /* seqid, slotID, slotID, cache */ \ 4000 4 ) * sizeof(__be32)) 4001 4002 #define NFSD_MIN_RESP_HDR_SEQ_SZ ((\ 4003 2 + /* verifier: AUTH_NULL, length 0 */\ 4004 1 + /* status */ \ 4005 1 + /* MIN tag is length with zero, only length */ \ 4006 3 + /* opcount, opcode, opstatus*/ \ 4007 XDR_QUADLEN(NFS4_MAX_SESSIONID_LEN) + \ 4008 /* seqid, slotID, slotID, slotID, status */ \ 4009 5 ) * sizeof(__be32)) 4010 4011 static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfsd_net *nn) 4012 { 4013 u32 maxrpc = nn->nfsd_serv->sv_max_mesg; 4014 4015 if (ca->maxreq_sz < NFSD_MIN_REQ_HDR_SEQ_SZ) 4016 return nfserr_toosmall; 4017 if (ca->maxresp_sz < NFSD_MIN_RESP_HDR_SEQ_SZ) 4018 return nfserr_toosmall; 4019 ca->headerpadsz = 0; 4020 ca->maxreq_sz = min_t(u32, ca->maxreq_sz, maxrpc); 4021 ca->maxresp_sz = min_t(u32, ca->maxresp_sz, maxrpc); 4022 ca->maxops = min_t(u32, ca->maxops, NFSD_MAX_OPS_PER_COMPOUND); 4023 ca->maxresp_cached = min_t(u32, ca->maxresp_cached, 4024 NFSD_SLOT_CACHE_SIZE + NFSD_MIN_HDR_SEQ_SZ); 4025 ca->maxreqs = min_t(u32, ca->maxreqs, NFSD_MAX_SLOTS_PER_SESSION); 4026 4027 return nfs_ok; 4028 } 4029 4030 /* 4031 * Server's NFSv4.1 backchannel support is AUTH_SYS-only for now. 4032 * These are based on similar macros in linux/sunrpc/msg_prot.h . 4033 */ 4034 #define RPC_MAX_HEADER_WITH_AUTH_SYS \ 4035 (RPC_CALLHDRSIZE + 2 * (2 + UNX_CALLSLACK)) 4036 4037 #define RPC_MAX_REPHEADER_WITH_AUTH_SYS \ 4038 (RPC_REPHDRSIZE + (2 + NUL_REPLYSLACK)) 4039 4040 #define NFSD_CB_MAX_REQ_SZ ((NFS4_enc_cb_recall_sz + \ 4041 RPC_MAX_HEADER_WITH_AUTH_SYS) * sizeof(__be32)) 4042 #define NFSD_CB_MAX_RESP_SZ ((NFS4_dec_cb_recall_sz + \ 4043 RPC_MAX_REPHEADER_WITH_AUTH_SYS) * \ 4044 sizeof(__be32)) 4045 4046 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca) 4047 { 4048 ca->headerpadsz = 0; 4049 4050 if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ) 4051 return nfserr_toosmall; 4052 if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ) 4053 return nfserr_toosmall; 4054 ca->maxresp_cached = 0; 4055 if (ca->maxops < 2) 4056 return nfserr_toosmall; 4057 4058 return nfs_ok; 4059 } 4060 4061 static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs) 4062 { 4063 switch (cbs->flavor) { 4064 case RPC_AUTH_NULL: 4065 case RPC_AUTH_UNIX: 4066 return nfs_ok; 4067 default: 4068 /* 4069 * GSS case: the spec doesn't allow us to return this 4070 * error. But it also doesn't allow us not to support 4071 * GSS. 4072 * I'd rather this fail hard than return some error the 4073 * client might think it can already handle: 4074 */ 4075 return nfserr_encr_alg_unsupp; 4076 } 4077 } 4078 4079 __be32 4080 nfsd4_create_session(struct svc_rqst *rqstp, 4081 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 4082 { 4083 struct nfsd4_create_session *cr_ses = &u->create_session; 4084 struct sockaddr *sa = svc_addr(rqstp); 4085 struct nfs4_client *conf, *unconf; 4086 struct nfsd4_clid_slot *cs_slot; 4087 struct nfs4_client *old = NULL; 4088 struct nfsd4_session *new; 4089 struct nfsd4_conn *conn; 4090 __be32 status = 0; 4091 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4092 4093 if (cr_ses->flags & ~SESSION4_FLAG_MASK_A) 4094 return nfserr_inval; 4095 status = nfsd4_check_cb_sec(&cr_ses->cb_sec); 4096 if (status) 4097 return status; 4098 status = check_forechannel_attrs(&cr_ses->fore_channel, nn); 4099 if (status) 4100 return status; 4101 status = check_backchannel_attrs(&cr_ses->back_channel); 4102 if (status) 4103 goto out_err; 4104 status = nfserr_jukebox; 4105 new = alloc_session(&cr_ses->fore_channel, &cr_ses->back_channel); 4106 if (!new) 4107 goto out_err; 4108 conn = alloc_conn_from_crses(rqstp, cr_ses); 4109 if (!conn) 4110 goto out_free_session; 4111 4112 spin_lock(&nn->client_lock); 4113 4114 /* RFC 8881 Section 18.36.4 Phase 1: Client record look-up. */ 4115 unconf = find_unconfirmed_client(&cr_ses->clientid, true, nn); 4116 conf = find_confirmed_client(&cr_ses->clientid, true, nn); 4117 if (!conf && !unconf) { 4118 status = nfserr_stale_clientid; 4119 goto out_free_conn; 4120 } 4121 4122 /* RFC 8881 Section 18.36.4 Phase 2: Sequence ID processing. */ 4123 if (conf) { 4124 cs_slot = &conf->cl_cs_slot; 4125 trace_nfsd_slot_seqid_conf(conf, cr_ses); 4126 } else { 4127 cs_slot = &unconf->cl_cs_slot; 4128 trace_nfsd_slot_seqid_unconf(unconf, cr_ses); 4129 } 4130 status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0); 4131 switch (status) { 4132 case nfs_ok: 4133 cs_slot->sl_seqid++; 4134 cr_ses->seqid = cs_slot->sl_seqid; 4135 break; 4136 case nfserr_replay_cache: 4137 status = nfsd4_replay_create_session(cr_ses, cs_slot); 4138 fallthrough; 4139 case nfserr_jukebox: 4140 /* The server MUST NOT cache NFS4ERR_DELAY */ 4141 goto out_free_conn; 4142 default: 4143 goto out_cache_error; 4144 } 4145 4146 /* RFC 8881 Section 18.36.4 Phase 3: Client ID confirmation. */ 4147 if (conf) { 4148 status = nfserr_wrong_cred; 4149 if (!nfsd4_mach_creds_match(conf, rqstp)) 4150 goto out_cache_error; 4151 } else { 4152 status = nfserr_clid_inuse; 4153 if (!same_creds(&unconf->cl_cred, &rqstp->rq_cred) || 4154 !rpc_cmp_addr(sa, (struct sockaddr *) &unconf->cl_addr)) { 4155 trace_nfsd_clid_cred_mismatch(unconf, rqstp); 4156 goto out_cache_error; 4157 } 4158 status = nfserr_wrong_cred; 4159 if (!nfsd4_mach_creds_match(unconf, rqstp)) 4160 goto out_cache_error; 4161 old = find_confirmed_client_by_name(&unconf->cl_name, nn); 4162 if (old) { 4163 status = mark_client_expired_locked(old); 4164 if (status) 4165 goto out_expired_error; 4166 trace_nfsd_clid_replaced(&old->cl_clientid); 4167 } 4168 move_to_confirmed(unconf); 4169 conf = unconf; 4170 } 4171 4172 /* RFC 8881 Section 18.36.4 Phase 4: Session creation. */ 4173 status = nfs_ok; 4174 /* Persistent sessions are not supported */ 4175 cr_ses->flags &= ~SESSION4_PERSIST; 4176 /* Upshifting from TCP to RDMA is not supported */ 4177 cr_ses->flags &= ~SESSION4_RDMA; 4178 /* Report the correct number of backchannel slots */ 4179 cr_ses->back_channel.maxreqs = new->se_cb_highest_slot + 1; 4180 4181 init_session(rqstp, new, conf, cr_ses); 4182 nfsd4_get_session_locked(new); 4183 4184 memcpy(cr_ses->sessionid.data, new->se_sessionid.data, 4185 NFS4_MAX_SESSIONID_LEN); 4186 4187 /* cache solo and embedded create sessions under the client_lock */ 4188 nfsd4_cache_create_session(cr_ses, cs_slot, status); 4189 spin_unlock(&nn->client_lock); 4190 if (conf == unconf) 4191 fsnotify_dentry(conf->cl_nfsd_info_dentry, FS_MODIFY); 4192 /* init connection and backchannel */ 4193 nfsd4_init_conn(rqstp, conn, new); 4194 nfsd4_put_session(new); 4195 if (old) 4196 expire_client(old); 4197 return status; 4198 4199 out_expired_error: 4200 /* 4201 * Revert the slot seq_nr change so the server will process 4202 * the client's resend instead of returning a cached response. 4203 */ 4204 if (status == nfserr_jukebox) { 4205 cs_slot->sl_seqid--; 4206 cr_ses->seqid = cs_slot->sl_seqid; 4207 goto out_free_conn; 4208 } 4209 out_cache_error: 4210 nfsd4_cache_create_session(cr_ses, cs_slot, status); 4211 out_free_conn: 4212 spin_unlock(&nn->client_lock); 4213 free_conn(conn); 4214 out_free_session: 4215 __free_session(new); 4216 out_err: 4217 return status; 4218 } 4219 4220 static __be32 nfsd4_map_bcts_dir(u32 *dir) 4221 { 4222 switch (*dir) { 4223 case NFS4_CDFC4_FORE: 4224 case NFS4_CDFC4_BACK: 4225 return nfs_ok; 4226 case NFS4_CDFC4_FORE_OR_BOTH: 4227 case NFS4_CDFC4_BACK_OR_BOTH: 4228 *dir = NFS4_CDFC4_BOTH; 4229 return nfs_ok; 4230 } 4231 return nfserr_inval; 4232 } 4233 4234 __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, 4235 struct nfsd4_compound_state *cstate, 4236 union nfsd4_op_u *u) 4237 { 4238 struct nfsd4_backchannel_ctl *bc = &u->backchannel_ctl; 4239 struct nfsd4_session *session = cstate->session; 4240 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4241 __be32 status; 4242 4243 status = nfsd4_check_cb_sec(&bc->bc_cb_sec); 4244 if (status) 4245 return status; 4246 spin_lock(&nn->client_lock); 4247 session->se_cb_prog = bc->bc_cb_program; 4248 session->se_cb_sec = bc->bc_cb_sec; 4249 spin_unlock(&nn->client_lock); 4250 4251 nfsd4_probe_callback(session->se_client); 4252 4253 return nfs_ok; 4254 } 4255 4256 static struct nfsd4_conn *__nfsd4_find_conn(struct svc_xprt *xpt, struct nfsd4_session *s) 4257 { 4258 struct nfsd4_conn *c; 4259 4260 list_for_each_entry(c, &s->se_conns, cn_persession) { 4261 if (c->cn_xprt == xpt) { 4262 return c; 4263 } 4264 } 4265 return NULL; 4266 } 4267 4268 static __be32 nfsd4_match_existing_connection(struct svc_rqst *rqst, 4269 struct nfsd4_session *session, u32 req, struct nfsd4_conn **conn) 4270 { 4271 struct nfs4_client *clp = session->se_client; 4272 struct svc_xprt *xpt = rqst->rq_xprt; 4273 struct nfsd4_conn *c; 4274 __be32 status; 4275 4276 /* Following the last paragraph of RFC 5661 Section 18.34.3: */ 4277 spin_lock(&clp->cl_lock); 4278 c = __nfsd4_find_conn(xpt, session); 4279 if (!c) 4280 status = nfserr_noent; 4281 else if (req == c->cn_flags) 4282 status = nfs_ok; 4283 else if (req == NFS4_CDFC4_FORE_OR_BOTH && 4284 c->cn_flags != NFS4_CDFC4_BACK) 4285 status = nfs_ok; 4286 else if (req == NFS4_CDFC4_BACK_OR_BOTH && 4287 c->cn_flags != NFS4_CDFC4_FORE) 4288 status = nfs_ok; 4289 else 4290 status = nfserr_inval; 4291 spin_unlock(&clp->cl_lock); 4292 if (status == nfs_ok && conn) 4293 *conn = c; 4294 return status; 4295 } 4296 4297 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp, 4298 struct nfsd4_compound_state *cstate, 4299 union nfsd4_op_u *u) 4300 { 4301 struct nfsd4_bind_conn_to_session *bcts = &u->bind_conn_to_session; 4302 __be32 status; 4303 struct nfsd4_conn *conn; 4304 struct nfsd4_session *session; 4305 struct net *net = SVC_NET(rqstp); 4306 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4307 4308 if (!nfsd4_last_compound_op(rqstp)) 4309 return nfserr_not_only_op; 4310 spin_lock(&nn->client_lock); 4311 session = find_in_sessionid_hashtbl(&bcts->sessionid, net, &status); 4312 spin_unlock(&nn->client_lock); 4313 if (!session) 4314 goto out_no_session; 4315 status = nfserr_wrong_cred; 4316 if (!nfsd4_mach_creds_match(session->se_client, rqstp)) 4317 goto out; 4318 status = nfsd4_match_existing_connection(rqstp, session, 4319 bcts->dir, &conn); 4320 if (status == nfs_ok) { 4321 if (bcts->dir == NFS4_CDFC4_FORE_OR_BOTH || 4322 bcts->dir == NFS4_CDFC4_BACK) 4323 conn->cn_flags |= NFS4_CDFC4_BACK; 4324 nfsd4_probe_callback(session->se_client); 4325 goto out; 4326 } 4327 if (status == nfserr_inval) 4328 goto out; 4329 status = nfsd4_map_bcts_dir(&bcts->dir); 4330 if (status) 4331 goto out; 4332 conn = alloc_conn(rqstp, bcts->dir); 4333 status = nfserr_jukebox; 4334 if (!conn) 4335 goto out; 4336 nfsd4_init_conn(rqstp, conn, session); 4337 status = nfs_ok; 4338 out: 4339 nfsd4_put_session(session); 4340 out_no_session: 4341 return status; 4342 } 4343 4344 static bool nfsd4_compound_in_session(struct nfsd4_compound_state *cstate, struct nfs4_sessionid *sid) 4345 { 4346 if (!cstate->session) 4347 return false; 4348 return !memcmp(sid, &cstate->session->se_sessionid, sizeof(*sid)); 4349 } 4350 4351 __be32 4352 nfsd4_destroy_session(struct svc_rqst *r, struct nfsd4_compound_state *cstate, 4353 union nfsd4_op_u *u) 4354 { 4355 struct nfs4_sessionid *sessionid = &u->destroy_session.sessionid; 4356 struct nfsd4_session *ses; 4357 __be32 status; 4358 int ref_held_by_me = 0; 4359 struct net *net = SVC_NET(r); 4360 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4361 4362 status = nfserr_not_only_op; 4363 if (nfsd4_compound_in_session(cstate, sessionid)) { 4364 if (!nfsd4_last_compound_op(r)) 4365 goto out; 4366 ref_held_by_me++; 4367 } 4368 dump_sessionid(__func__, sessionid); 4369 spin_lock(&nn->client_lock); 4370 ses = find_in_sessionid_hashtbl(sessionid, net, &status); 4371 if (!ses) 4372 goto out_client_lock; 4373 status = nfserr_wrong_cred; 4374 if (!nfsd4_mach_creds_match(ses->se_client, r)) 4375 goto out_put_session; 4376 status = mark_session_dead_locked(ses, 1 + ref_held_by_me); 4377 if (status) 4378 goto out_put_session; 4379 unhash_session(ses); 4380 spin_unlock(&nn->client_lock); 4381 4382 nfsd4_probe_callback_sync(ses->se_client); 4383 4384 spin_lock(&nn->client_lock); 4385 status = nfs_ok; 4386 out_put_session: 4387 nfsd4_put_session_locked(ses); 4388 out_client_lock: 4389 spin_unlock(&nn->client_lock); 4390 out: 4391 return status; 4392 } 4393 4394 static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses) 4395 { 4396 struct nfs4_client *clp = ses->se_client; 4397 struct nfsd4_conn *c; 4398 __be32 status = nfs_ok; 4399 int ret; 4400 4401 spin_lock(&clp->cl_lock); 4402 c = __nfsd4_find_conn(new->cn_xprt, ses); 4403 if (c) 4404 goto out_free; 4405 status = nfserr_conn_not_bound_to_session; 4406 if (clp->cl_mach_cred) 4407 goto out_free; 4408 __nfsd4_hash_conn(new, ses); 4409 spin_unlock(&clp->cl_lock); 4410 ret = nfsd4_register_conn(new); 4411 if (ret) 4412 /* oops; xprt is already down: */ 4413 nfsd4_conn_lost(&new->cn_xpt_user); 4414 return nfs_ok; 4415 out_free: 4416 spin_unlock(&clp->cl_lock); 4417 free_conn(new); 4418 return status; 4419 } 4420 4421 static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session) 4422 { 4423 struct nfsd4_compoundargs *args = rqstp->rq_argp; 4424 4425 return args->opcnt > session->se_fchannel.maxops; 4426 } 4427 4428 static bool nfsd4_request_too_big(struct svc_rqst *rqstp, 4429 struct nfsd4_session *session) 4430 { 4431 struct xdr_buf *xb = &rqstp->rq_arg; 4432 4433 return xb->len > session->se_fchannel.maxreq_sz; 4434 } 4435 4436 static bool replay_matches_cache(struct svc_rqst *rqstp, 4437 struct nfsd4_sequence *seq, struct nfsd4_slot *slot) 4438 { 4439 struct nfsd4_compoundargs *argp = rqstp->rq_argp; 4440 4441 if ((bool)(slot->sl_flags & NFSD4_SLOT_CACHETHIS) != 4442 (bool)seq->cachethis) 4443 return false; 4444 /* 4445 * If there's an error then the reply can have fewer ops than 4446 * the call. 4447 */ 4448 if (slot->sl_opcnt < argp->opcnt && !slot->sl_status) 4449 return false; 4450 /* 4451 * But if we cached a reply with *more* ops than the call you're 4452 * sending us now, then this new call is clearly not really a 4453 * replay of the old one: 4454 */ 4455 if (slot->sl_opcnt > argp->opcnt) 4456 return false; 4457 /* This is the only check explicitly called by spec: */ 4458 if (!same_creds(&rqstp->rq_cred, &slot->sl_cred)) 4459 return false; 4460 /* 4461 * There may be more comparisons we could actually do, but the 4462 * spec doesn't require us to catch every case where the calls 4463 * don't match (that would require caching the call as well as 4464 * the reply), so we don't bother. 4465 */ 4466 return true; 4467 } 4468 4469 /* 4470 * Note that the response is constructed here both for the case 4471 * of a new SEQUENCE request and for a replayed SEQUENCE request. 4472 * We do not cache SEQUENCE responses as SEQUENCE is idempotent. 4473 */ 4474 static void nfsd4_construct_sequence_response(struct nfsd4_session *session, 4475 struct nfsd4_sequence *seq) 4476 { 4477 struct nfs4_client *clp = session->se_client; 4478 4479 seq->maxslots_response = max(session->se_target_maxslots, 4480 seq->maxslots); 4481 seq->target_maxslots = session->se_target_maxslots; 4482 4483 switch (clp->cl_cb_state) { 4484 case NFSD4_CB_DOWN: 4485 seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN; 4486 break; 4487 case NFSD4_CB_FAULT: 4488 seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT; 4489 break; 4490 default: 4491 seq->status_flags = 0; 4492 } 4493 if (!list_empty(&clp->cl_revoked)) 4494 seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED; 4495 if (atomic_read(&clp->cl_admin_revoked)) 4496 seq->status_flags |= SEQ4_STATUS_ADMIN_STATE_REVOKED; 4497 } 4498 4499 __be32 4500 nfsd4_sequence(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 4501 union nfsd4_op_u *u) 4502 { 4503 struct nfsd4_sequence *seq = &u->sequence; 4504 struct nfsd4_compoundres *resp = rqstp->rq_resp; 4505 struct xdr_stream *xdr = resp->xdr; 4506 struct nfsd4_session *session; 4507 struct nfs4_client *clp; 4508 struct nfsd4_slot *slot; 4509 struct nfsd4_conn *conn; 4510 __be32 status; 4511 int buflen; 4512 struct net *net = SVC_NET(rqstp); 4513 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 4514 4515 if (resp->opcnt != 1) 4516 return nfserr_sequence_pos; 4517 4518 /* 4519 * Will be either used or freed by nfsd4_sequence_check_conn 4520 * below. 4521 */ 4522 conn = alloc_conn(rqstp, NFS4_CDFC4_FORE); 4523 if (!conn) 4524 return nfserr_jukebox; 4525 4526 spin_lock(&nn->client_lock); 4527 session = find_in_sessionid_hashtbl(&seq->sessionid, net, &status); 4528 if (!session) 4529 goto out_no_session; 4530 clp = session->se_client; 4531 4532 status = nfserr_too_many_ops; 4533 if (nfsd4_session_too_many_ops(rqstp, session)) 4534 goto out_put_session; 4535 4536 status = nfserr_req_too_big; 4537 if (nfsd4_request_too_big(rqstp, session)) 4538 goto out_put_session; 4539 4540 status = nfserr_badslot; 4541 if (seq->slotid >= session->se_fchannel.maxreqs) 4542 goto out_put_session; 4543 4544 slot = xa_load(&session->se_slots, seq->slotid); 4545 dprintk("%s: slotid %d\n", __func__, seq->slotid); 4546 4547 trace_nfsd_slot_seqid_sequence(clp, seq, slot); 4548 4549 nfsd4_construct_sequence_response(session, seq); 4550 4551 status = check_slot_seqid(seq->seqid, slot->sl_seqid, slot->sl_flags); 4552 if (status == nfserr_replay_cache) { 4553 status = nfserr_seq_misordered; 4554 if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED)) 4555 goto out_put_session; 4556 status = nfserr_seq_false_retry; 4557 if (!replay_matches_cache(rqstp, seq, slot)) 4558 goto out_put_session; 4559 cstate->slot = slot; 4560 cstate->session = session; 4561 cstate->clp = clp; 4562 /* Return the cached reply status and set cstate->status 4563 * for nfsd4_proc_compound processing */ 4564 status = nfsd4_replay_cache_entry(resp, seq); 4565 cstate->status = nfserr_replay_cache; 4566 goto out; 4567 } 4568 if (status) 4569 goto out_put_session; 4570 4571 status = nfsd4_sequence_check_conn(conn, session); 4572 conn = NULL; 4573 if (status) 4574 goto out_put_session; 4575 4576 if (session->se_target_maxslots < session->se_fchannel.maxreqs && 4577 slot->sl_generation == session->se_slot_gen && 4578 seq->maxslots <= session->se_target_maxslots) 4579 /* Client acknowledged our reduce maxreqs */ 4580 free_session_slots(session, session->se_target_maxslots); 4581 4582 buflen = (seq->cachethis) ? 4583 session->se_fchannel.maxresp_cached : 4584 session->se_fchannel.maxresp_sz; 4585 status = (seq->cachethis) ? nfserr_rep_too_big_to_cache : 4586 nfserr_rep_too_big; 4587 if (xdr_restrict_buflen(xdr, buflen - rqstp->rq_auth_slack)) 4588 goto out_put_session; 4589 svc_reserve_auth(rqstp, buflen); 4590 4591 status = nfs_ok; 4592 /* Success! accept new slot seqid */ 4593 slot->sl_seqid = seq->seqid; 4594 slot->sl_flags &= ~NFSD4_SLOT_REUSED; 4595 slot->sl_flags |= NFSD4_SLOT_INUSE; 4596 slot->sl_generation = session->se_slot_gen; 4597 if (seq->cachethis) 4598 slot->sl_flags |= NFSD4_SLOT_CACHETHIS; 4599 else 4600 slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS; 4601 4602 cstate->slot = slot; 4603 cstate->session = session; 4604 cstate->clp = clp; 4605 4606 /* 4607 * If the client ever uses the highest available slot, 4608 * gently try to allocate another 20%. This allows 4609 * fairly quick growth without grossly over-shooting what 4610 * the client might use. 4611 */ 4612 if (seq->slotid == session->se_fchannel.maxreqs - 1 && 4613 session->se_target_maxslots >= session->se_fchannel.maxreqs && 4614 session->se_fchannel.maxreqs < NFSD_MAX_SLOTS_PER_SESSION) { 4615 int s = session->se_fchannel.maxreqs; 4616 int cnt = DIV_ROUND_UP(s, 5); 4617 void *prev_slot; 4618 4619 do { 4620 /* 4621 * GFP_NOWAIT both allows allocation under a 4622 * spinlock, and only succeeds if there is 4623 * plenty of memory. 4624 */ 4625 slot = nfsd4_alloc_slot(&session->se_fchannel, s, 4626 GFP_NOWAIT); 4627 prev_slot = xa_load(&session->se_slots, s); 4628 if (xa_is_value(prev_slot) && slot) { 4629 slot->sl_seqid = xa_to_value(prev_slot); 4630 slot->sl_flags |= NFSD4_SLOT_REUSED; 4631 } 4632 if (slot && 4633 !xa_is_err(xa_store(&session->se_slots, s, slot, 4634 GFP_NOWAIT))) { 4635 s += 1; 4636 session->se_fchannel.maxreqs = s; 4637 atomic_add(s - session->se_target_maxslots, 4638 &nfsd_total_target_slots); 4639 session->se_target_maxslots = s; 4640 } else { 4641 kfree(slot); 4642 slot = NULL; 4643 } 4644 } while (slot && --cnt > 0); 4645 } 4646 4647 out: 4648 trace_nfsd_seq4_status(rqstp, seq); 4649 out_no_session: 4650 if (conn) 4651 free_conn(conn); 4652 spin_unlock(&nn->client_lock); 4653 return status; 4654 out_put_session: 4655 nfsd4_put_session_locked(session); 4656 goto out_no_session; 4657 } 4658 4659 void 4660 nfsd4_sequence_done(struct nfsd4_compoundres *resp) 4661 { 4662 struct nfsd4_compound_state *cs = &resp->cstate; 4663 4664 if (nfsd4_has_session(cs)) { 4665 if (cs->status != nfserr_replay_cache) { 4666 nfsd4_store_cache_entry(resp); 4667 cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE; 4668 } 4669 /* Drop session reference that was taken in nfsd4_sequence() */ 4670 nfsd4_put_session(cs->session); 4671 } else if (cs->clp) 4672 put_client_renew(cs->clp); 4673 } 4674 4675 __be32 4676 nfsd4_destroy_clientid(struct svc_rqst *rqstp, 4677 struct nfsd4_compound_state *cstate, 4678 union nfsd4_op_u *u) 4679 { 4680 struct nfsd4_destroy_clientid *dc = &u->destroy_clientid; 4681 struct nfs4_client *conf, *unconf; 4682 struct nfs4_client *clp = NULL; 4683 __be32 status = 0; 4684 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4685 4686 spin_lock(&nn->client_lock); 4687 unconf = find_unconfirmed_client(&dc->clientid, true, nn); 4688 conf = find_confirmed_client(&dc->clientid, true, nn); 4689 WARN_ON_ONCE(conf && unconf); 4690 4691 if (conf) { 4692 if (client_has_state(conf)) { 4693 status = nfserr_clientid_busy; 4694 goto out; 4695 } 4696 status = mark_client_expired_locked(conf); 4697 if (status) 4698 goto out; 4699 clp = conf; 4700 } else if (unconf) 4701 clp = unconf; 4702 else { 4703 status = nfserr_stale_clientid; 4704 goto out; 4705 } 4706 if (!nfsd4_mach_creds_match(clp, rqstp)) { 4707 clp = NULL; 4708 status = nfserr_wrong_cred; 4709 goto out; 4710 } 4711 trace_nfsd_clid_destroyed(&clp->cl_clientid); 4712 unhash_client_locked(clp); 4713 out: 4714 spin_unlock(&nn->client_lock); 4715 if (clp) 4716 expire_client(clp); 4717 return status; 4718 } 4719 4720 __be32 4721 nfsd4_reclaim_complete(struct svc_rqst *rqstp, 4722 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 4723 { 4724 struct nfsd4_reclaim_complete *rc = &u->reclaim_complete; 4725 struct nfs4_client *clp = cstate->clp; 4726 __be32 status = 0; 4727 4728 if (rc->rca_one_fs) { 4729 if (!cstate->current_fh.fh_dentry) 4730 return nfserr_nofilehandle; 4731 /* 4732 * We don't take advantage of the rca_one_fs case. 4733 * That's OK, it's optional, we can safely ignore it. 4734 */ 4735 return nfs_ok; 4736 } 4737 4738 status = nfserr_complete_already; 4739 if (test_and_set_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &clp->cl_flags)) 4740 goto out; 4741 4742 status = nfserr_stale_clientid; 4743 if (is_client_expired(clp)) 4744 /* 4745 * The following error isn't really legal. 4746 * But we only get here if the client just explicitly 4747 * destroyed the client. Surely it no longer cares what 4748 * error it gets back on an operation for the dead 4749 * client. 4750 */ 4751 goto out; 4752 4753 status = nfs_ok; 4754 trace_nfsd_clid_reclaim_complete(&clp->cl_clientid); 4755 nfsd4_client_record_create(clp); 4756 inc_reclaim_complete(clp); 4757 out: 4758 return status; 4759 } 4760 4761 __be32 4762 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 4763 union nfsd4_op_u *u) 4764 { 4765 struct nfsd4_setclientid *setclid = &u->setclientid; 4766 struct xdr_netobj clname = setclid->se_name; 4767 nfs4_verifier clverifier = setclid->se_verf; 4768 struct nfs4_client *conf, *new; 4769 struct nfs4_client *unconf = NULL; 4770 __be32 status; 4771 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4772 4773 new = create_client(clname, rqstp, &clverifier); 4774 if (new == NULL) 4775 return nfserr_jukebox; 4776 spin_lock(&nn->client_lock); 4777 conf = find_confirmed_client_by_name(&clname, nn); 4778 if (conf && client_has_state(conf)) { 4779 status = nfserr_clid_inuse; 4780 if (clp_used_exchangeid(conf)) 4781 goto out; 4782 if (!same_creds(&conf->cl_cred, &rqstp->rq_cred)) { 4783 trace_nfsd_clid_cred_mismatch(conf, rqstp); 4784 goto out; 4785 } 4786 } 4787 unconf = find_unconfirmed_client_by_name(&clname, nn); 4788 if (unconf) 4789 unhash_client_locked(unconf); 4790 if (conf) { 4791 if (same_verf(&conf->cl_verifier, &clverifier)) { 4792 copy_clid(new, conf); 4793 gen_confirm(new, nn); 4794 } else 4795 trace_nfsd_clid_verf_mismatch(conf, rqstp, 4796 &clverifier); 4797 } else 4798 trace_nfsd_clid_fresh(new); 4799 new->cl_minorversion = 0; 4800 gen_callback(new, setclid, rqstp); 4801 add_to_unconfirmed(new); 4802 setclid->se_clientid.cl_boot = new->cl_clientid.cl_boot; 4803 setclid->se_clientid.cl_id = new->cl_clientid.cl_id; 4804 memcpy(setclid->se_confirm.data, new->cl_confirm.data, sizeof(setclid->se_confirm.data)); 4805 new = NULL; 4806 status = nfs_ok; 4807 out: 4808 spin_unlock(&nn->client_lock); 4809 if (new) 4810 free_client(new); 4811 if (unconf) { 4812 trace_nfsd_clid_expire_unconf(&unconf->cl_clientid); 4813 expire_client(unconf); 4814 } 4815 return status; 4816 } 4817 4818 __be32 4819 nfsd4_setclientid_confirm(struct svc_rqst *rqstp, 4820 struct nfsd4_compound_state *cstate, 4821 union nfsd4_op_u *u) 4822 { 4823 struct nfsd4_setclientid_confirm *setclientid_confirm = 4824 &u->setclientid_confirm; 4825 struct nfs4_client *conf, *unconf; 4826 struct nfs4_client *old = NULL; 4827 nfs4_verifier confirm = setclientid_confirm->sc_confirm; 4828 clientid_t * clid = &setclientid_confirm->sc_clientid; 4829 __be32 status; 4830 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 4831 4832 if (STALE_CLIENTID(clid, nn)) 4833 return nfserr_stale_clientid; 4834 4835 spin_lock(&nn->client_lock); 4836 conf = find_confirmed_client(clid, false, nn); 4837 unconf = find_unconfirmed_client(clid, false, nn); 4838 /* 4839 * We try hard to give out unique clientid's, so if we get an 4840 * attempt to confirm the same clientid with a different cred, 4841 * the client may be buggy; this should never happen. 4842 * 4843 * Nevertheless, RFC 7530 recommends INUSE for this case: 4844 */ 4845 status = nfserr_clid_inuse; 4846 if (unconf && !same_creds(&unconf->cl_cred, &rqstp->rq_cred)) { 4847 trace_nfsd_clid_cred_mismatch(unconf, rqstp); 4848 goto out; 4849 } 4850 if (conf && !same_creds(&conf->cl_cred, &rqstp->rq_cred)) { 4851 trace_nfsd_clid_cred_mismatch(conf, rqstp); 4852 goto out; 4853 } 4854 if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) { 4855 if (conf && same_verf(&confirm, &conf->cl_confirm)) { 4856 status = nfs_ok; 4857 } else 4858 status = nfserr_stale_clientid; 4859 goto out; 4860 } 4861 status = nfs_ok; 4862 if (conf) { 4863 if (get_client_locked(conf) == nfs_ok) { 4864 old = unconf; 4865 unhash_client_locked(old); 4866 nfsd4_change_callback(conf, &unconf->cl_cb_conn); 4867 } else { 4868 conf = NULL; 4869 } 4870 } 4871 4872 if (!conf) { 4873 old = find_confirmed_client_by_name(&unconf->cl_name, nn); 4874 if (old) { 4875 status = nfserr_clid_inuse; 4876 if (client_has_state(old) 4877 && !same_creds(&unconf->cl_cred, 4878 &old->cl_cred)) { 4879 old = NULL; 4880 goto out; 4881 } 4882 status = mark_client_expired_locked(old); 4883 if (status) { 4884 old = NULL; 4885 goto out; 4886 } 4887 trace_nfsd_clid_replaced(&old->cl_clientid); 4888 } 4889 status = get_client_locked(unconf); 4890 if (status != nfs_ok) { 4891 old = NULL; 4892 goto out; 4893 } 4894 move_to_confirmed(unconf); 4895 conf = unconf; 4896 } 4897 spin_unlock(&nn->client_lock); 4898 if (conf == unconf) 4899 fsnotify_dentry(conf->cl_nfsd_info_dentry, FS_MODIFY); 4900 nfsd4_probe_callback(conf); 4901 spin_lock(&nn->client_lock); 4902 put_client_renew_locked(conf); 4903 out: 4904 spin_unlock(&nn->client_lock); 4905 if (old) 4906 expire_client(old); 4907 return status; 4908 } 4909 4910 static struct nfs4_file *nfsd4_alloc_file(void) 4911 { 4912 return kmem_cache_alloc(file_slab, GFP_KERNEL); 4913 } 4914 4915 /* OPEN Share state helper functions */ 4916 4917 static void nfsd4_file_init(const struct svc_fh *fh, struct nfs4_file *fp) 4918 { 4919 refcount_set(&fp->fi_ref, 1); 4920 spin_lock_init(&fp->fi_lock); 4921 INIT_LIST_HEAD(&fp->fi_stateids); 4922 INIT_LIST_HEAD(&fp->fi_delegations); 4923 INIT_LIST_HEAD(&fp->fi_clnt_odstate); 4924 fh_copy_shallow(&fp->fi_fhandle, &fh->fh_handle); 4925 fp->fi_deleg_file = NULL; 4926 fp->fi_rdeleg_file = NULL; 4927 fp->fi_had_conflict = false; 4928 fp->fi_share_deny = 0; 4929 memset(fp->fi_fds, 0, sizeof(fp->fi_fds)); 4930 memset(fp->fi_access, 0, sizeof(fp->fi_access)); 4931 fp->fi_aliased = false; 4932 fp->fi_inode = d_inode(fh->fh_dentry); 4933 #ifdef CONFIG_NFSD_PNFS 4934 INIT_LIST_HEAD(&fp->fi_lo_states); 4935 atomic_set(&fp->fi_lo_recalls, 0); 4936 #endif 4937 } 4938 4939 void 4940 nfsd4_free_slabs(void) 4941 { 4942 kmem_cache_destroy(client_slab); 4943 kmem_cache_destroy(openowner_slab); 4944 kmem_cache_destroy(lockowner_slab); 4945 kmem_cache_destroy(file_slab); 4946 kmem_cache_destroy(stateid_slab); 4947 kmem_cache_destroy(deleg_slab); 4948 kmem_cache_destroy(odstate_slab); 4949 } 4950 4951 int 4952 nfsd4_init_slabs(void) 4953 { 4954 client_slab = KMEM_CACHE(nfs4_client, 0); 4955 if (client_slab == NULL) 4956 goto out; 4957 openowner_slab = KMEM_CACHE(nfs4_openowner, 0); 4958 if (openowner_slab == NULL) 4959 goto out_free_client_slab; 4960 lockowner_slab = KMEM_CACHE(nfs4_lockowner, 0); 4961 if (lockowner_slab == NULL) 4962 goto out_free_openowner_slab; 4963 file_slab = KMEM_CACHE(nfs4_file, 0); 4964 if (file_slab == NULL) 4965 goto out_free_lockowner_slab; 4966 stateid_slab = KMEM_CACHE(nfs4_ol_stateid, 0); 4967 if (stateid_slab == NULL) 4968 goto out_free_file_slab; 4969 deleg_slab = KMEM_CACHE(nfs4_delegation, 0); 4970 if (deleg_slab == NULL) 4971 goto out_free_stateid_slab; 4972 odstate_slab = KMEM_CACHE(nfs4_clnt_odstate, 0); 4973 if (odstate_slab == NULL) 4974 goto out_free_deleg_slab; 4975 return 0; 4976 4977 out_free_deleg_slab: 4978 kmem_cache_destroy(deleg_slab); 4979 out_free_stateid_slab: 4980 kmem_cache_destroy(stateid_slab); 4981 out_free_file_slab: 4982 kmem_cache_destroy(file_slab); 4983 out_free_lockowner_slab: 4984 kmem_cache_destroy(lockowner_slab); 4985 out_free_openowner_slab: 4986 kmem_cache_destroy(openowner_slab); 4987 out_free_client_slab: 4988 kmem_cache_destroy(client_slab); 4989 out: 4990 return -ENOMEM; 4991 } 4992 4993 static unsigned long 4994 nfsd4_state_shrinker_count(struct shrinker *shrink, struct shrink_control *sc) 4995 { 4996 struct nfsd_net *nn = shrink->private_data; 4997 long count; 4998 4999 count = atomic_read(&nn->nfsd_courtesy_clients); 5000 if (!count) 5001 count = atomic_long_read(&num_delegations); 5002 if (count) 5003 queue_work(laundry_wq, &nn->nfsd_shrinker_work); 5004 return (unsigned long)count; 5005 } 5006 5007 static unsigned long 5008 nfsd4_state_shrinker_scan(struct shrinker *shrink, struct shrink_control *sc) 5009 { 5010 return SHRINK_STOP; 5011 } 5012 5013 void 5014 nfsd4_init_leases_net(struct nfsd_net *nn) 5015 { 5016 struct sysinfo si; 5017 u64 max_clients; 5018 5019 nn->nfsd4_lease = 90; /* default lease time */ 5020 nn->nfsd4_grace = 90; 5021 nn->somebody_reclaimed = false; 5022 nn->track_reclaim_completes = false; 5023 nn->clverifier_counter = get_random_u32(); 5024 nn->clientid_base = get_random_u32(); 5025 nn->clientid_counter = nn->clientid_base + 1; 5026 nn->s2s_cp_cl_id = nn->clientid_counter++; 5027 5028 atomic_set(&nn->nfs4_client_count, 0); 5029 si_meminfo(&si); 5030 max_clients = (u64)si.totalram * si.mem_unit / (1024 * 1024 * 1024); 5031 max_clients *= NFS4_CLIENTS_PER_GB; 5032 nn->nfs4_max_clients = max_t(int, max_clients, NFS4_CLIENTS_PER_GB); 5033 5034 atomic_set(&nn->nfsd_courtesy_clients, 0); 5035 } 5036 5037 enum rp_lock { 5038 RP_UNLOCKED, 5039 RP_LOCKED, 5040 RP_UNHASHED, 5041 }; 5042 5043 static void init_nfs4_replay(struct nfs4_replay *rp) 5044 { 5045 rp->rp_status = nfserr_serverfault; 5046 rp->rp_buflen = 0; 5047 rp->rp_buf = rp->rp_ibuf; 5048 rp->rp_locked = RP_UNLOCKED; 5049 } 5050 5051 static int nfsd4_cstate_assign_replay(struct nfsd4_compound_state *cstate, 5052 struct nfs4_stateowner *so) 5053 { 5054 if (!nfsd4_has_session(cstate)) { 5055 wait_var_event(&so->so_replay.rp_locked, 5056 cmpxchg(&so->so_replay.rp_locked, 5057 RP_UNLOCKED, RP_LOCKED) != RP_LOCKED); 5058 if (so->so_replay.rp_locked == RP_UNHASHED) 5059 return -EAGAIN; 5060 cstate->replay_owner = nfs4_get_stateowner(so); 5061 } 5062 return 0; 5063 } 5064 5065 void nfsd4_cstate_clear_replay(struct nfsd4_compound_state *cstate) 5066 { 5067 struct nfs4_stateowner *so = cstate->replay_owner; 5068 5069 if (so != NULL) { 5070 cstate->replay_owner = NULL; 5071 store_release_wake_up(&so->so_replay.rp_locked, RP_UNLOCKED); 5072 nfs4_put_stateowner(so); 5073 } 5074 } 5075 5076 static inline void *alloc_stateowner(struct kmem_cache *slab, struct xdr_netobj *owner, struct nfs4_client *clp) 5077 { 5078 struct nfs4_stateowner *sop; 5079 5080 sop = kmem_cache_alloc(slab, GFP_KERNEL); 5081 if (!sop) 5082 return NULL; 5083 5084 xdr_netobj_dup(&sop->so_owner, owner, GFP_KERNEL); 5085 if (!sop->so_owner.data) { 5086 kmem_cache_free(slab, sop); 5087 return NULL; 5088 } 5089 5090 INIT_LIST_HEAD(&sop->so_stateids); 5091 sop->so_client = clp; 5092 init_nfs4_replay(&sop->so_replay); 5093 atomic_set(&sop->so_count, 1); 5094 return sop; 5095 } 5096 5097 static void hash_openowner(struct nfs4_openowner *oo, struct nfs4_client *clp, unsigned int strhashval) 5098 { 5099 lockdep_assert_held(&clp->cl_lock); 5100 5101 list_add(&oo->oo_owner.so_strhash, 5102 &clp->cl_ownerstr_hashtbl[strhashval]); 5103 list_add(&oo->oo_perclient, &clp->cl_openowners); 5104 } 5105 5106 static void nfs4_unhash_openowner(struct nfs4_stateowner *so) 5107 { 5108 unhash_openowner_locked(openowner(so)); 5109 } 5110 5111 static void nfs4_free_openowner(struct nfs4_stateowner *so) 5112 { 5113 struct nfs4_openowner *oo = openowner(so); 5114 5115 kmem_cache_free(openowner_slab, oo); 5116 } 5117 5118 static const struct nfs4_stateowner_operations openowner_ops = { 5119 .so_unhash = nfs4_unhash_openowner, 5120 .so_free = nfs4_free_openowner, 5121 }; 5122 5123 static struct nfs4_ol_stateid * 5124 nfsd4_find_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) 5125 { 5126 struct nfs4_ol_stateid *local, *ret = NULL; 5127 struct nfs4_openowner *oo = open->op_openowner; 5128 5129 lockdep_assert_held(&fp->fi_lock); 5130 5131 list_for_each_entry(local, &fp->fi_stateids, st_perfile) { 5132 /* ignore lock owners */ 5133 if (local->st_stateowner->so_is_open_owner == 0) 5134 continue; 5135 if (local->st_stateowner != &oo->oo_owner) 5136 continue; 5137 if (local->st_stid.sc_type == SC_TYPE_OPEN && 5138 !local->st_stid.sc_status) { 5139 ret = local; 5140 refcount_inc(&ret->st_stid.sc_count); 5141 break; 5142 } 5143 } 5144 return ret; 5145 } 5146 5147 static void nfsd4_drop_revoked_stid(struct nfs4_stid *s) 5148 __releases(&s->sc_client->cl_lock) 5149 { 5150 struct nfs4_client *cl = s->sc_client; 5151 LIST_HEAD(reaplist); 5152 struct nfs4_layout_stateid *ls; 5153 struct nfs4_ol_stateid *stp; 5154 struct nfs4_delegation *dp; 5155 bool unhashed; 5156 5157 switch (s->sc_type) { 5158 case SC_TYPE_OPEN: 5159 stp = openlockstateid(s); 5160 if (unhash_open_stateid(stp, &reaplist)) 5161 put_ol_stateid_locked(stp, &reaplist); 5162 spin_unlock(&cl->cl_lock); 5163 free_ol_stateid_reaplist(&reaplist); 5164 break; 5165 case SC_TYPE_LOCK: 5166 stp = openlockstateid(s); 5167 unhashed = unhash_lock_stateid(stp); 5168 spin_unlock(&cl->cl_lock); 5169 if (unhashed) 5170 nfs4_put_stid(s); 5171 break; 5172 case SC_TYPE_DELEG: 5173 dp = delegstateid(s); 5174 list_del_init(&dp->dl_recall_lru); 5175 spin_unlock(&cl->cl_lock); 5176 nfs4_put_stid(s); 5177 break; 5178 case SC_TYPE_LAYOUT: 5179 ls = layoutstateid(s); 5180 list_del_init(&ls->ls_perclnt); 5181 spin_unlock(&cl->cl_lock); 5182 nfs4_put_stid(s); 5183 break; 5184 default: 5185 spin_unlock(&cl->cl_lock); 5186 } 5187 } 5188 5189 static void nfsd40_drop_revoked_stid(struct nfs4_client *cl, 5190 stateid_t *stid) 5191 { 5192 /* NFSv4.0 has no way for the client to tell the server 5193 * that it can forget an admin-revoked stateid. 5194 * So we keep it around until the first time that the 5195 * client uses it, and drop it the first time 5196 * nfserr_admin_revoked is returned. 5197 * For v4.1 and later we wait until explicitly told 5198 * to free the stateid. 5199 */ 5200 if (cl->cl_minorversion == 0) { 5201 struct nfs4_stid *st; 5202 5203 spin_lock(&cl->cl_lock); 5204 st = find_stateid_locked(cl, stid); 5205 if (st) 5206 nfsd4_drop_revoked_stid(st); 5207 else 5208 spin_unlock(&cl->cl_lock); 5209 } 5210 } 5211 5212 static __be32 5213 nfsd4_verify_open_stid(struct nfs4_stid *s) 5214 { 5215 __be32 ret = nfs_ok; 5216 5217 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) 5218 ret = nfserr_admin_revoked; 5219 else if (s->sc_status & SC_STATUS_REVOKED) 5220 ret = nfserr_deleg_revoked; 5221 else if (s->sc_status & SC_STATUS_CLOSED) 5222 ret = nfserr_bad_stateid; 5223 return ret; 5224 } 5225 5226 /* Lock the stateid st_mutex, and deal with races with CLOSE */ 5227 static __be32 5228 nfsd4_lock_ol_stateid(struct nfs4_ol_stateid *stp) 5229 { 5230 __be32 ret; 5231 5232 mutex_lock_nested(&stp->st_mutex, LOCK_STATEID_MUTEX); 5233 ret = nfsd4_verify_open_stid(&stp->st_stid); 5234 if (ret == nfserr_admin_revoked) 5235 nfsd40_drop_revoked_stid(stp->st_stid.sc_client, 5236 &stp->st_stid.sc_stateid); 5237 5238 if (ret != nfs_ok) 5239 mutex_unlock(&stp->st_mutex); 5240 return ret; 5241 } 5242 5243 static struct nfs4_ol_stateid * 5244 nfsd4_find_and_lock_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) 5245 { 5246 struct nfs4_ol_stateid *stp; 5247 for (;;) { 5248 spin_lock(&fp->fi_lock); 5249 stp = nfsd4_find_existing_open(fp, open); 5250 spin_unlock(&fp->fi_lock); 5251 if (!stp || nfsd4_lock_ol_stateid(stp) == nfs_ok) 5252 break; 5253 nfs4_put_stid(&stp->st_stid); 5254 } 5255 return stp; 5256 } 5257 5258 static struct nfs4_openowner * 5259 find_or_alloc_open_stateowner(unsigned int strhashval, struct nfsd4_open *open, 5260 struct nfsd4_compound_state *cstate) 5261 { 5262 struct nfs4_client *clp = cstate->clp; 5263 struct nfs4_openowner *oo, *new = NULL; 5264 5265 retry: 5266 spin_lock(&clp->cl_lock); 5267 oo = find_openstateowner_str(strhashval, open, clp); 5268 if (!oo && new) { 5269 hash_openowner(new, clp, strhashval); 5270 spin_unlock(&clp->cl_lock); 5271 return new; 5272 } 5273 spin_unlock(&clp->cl_lock); 5274 5275 if (oo && !(oo->oo_flags & NFS4_OO_CONFIRMED)) { 5276 /* Replace unconfirmed owners without checking for replay. */ 5277 release_openowner(oo); 5278 oo = NULL; 5279 goto retry; 5280 } 5281 if (oo) { 5282 if (new) 5283 nfs4_free_stateowner(&new->oo_owner); 5284 return oo; 5285 } 5286 5287 new = alloc_stateowner(openowner_slab, &open->op_owner, clp); 5288 if (!new) 5289 return NULL; 5290 new->oo_owner.so_ops = &openowner_ops; 5291 new->oo_owner.so_is_open_owner = 1; 5292 new->oo_owner.so_seqid = open->op_seqid; 5293 new->oo_flags = 0; 5294 if (nfsd4_has_session(cstate)) 5295 new->oo_flags |= NFS4_OO_CONFIRMED; 5296 new->oo_time = 0; 5297 new->oo_last_closed_stid = NULL; 5298 INIT_LIST_HEAD(&new->oo_close_lru); 5299 goto retry; 5300 } 5301 5302 static struct nfs4_ol_stateid * 5303 init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open) 5304 { 5305 5306 struct nfs4_openowner *oo = open->op_openowner; 5307 struct nfs4_ol_stateid *retstp = NULL; 5308 struct nfs4_ol_stateid *stp; 5309 5310 stp = open->op_stp; 5311 /* We are moving these outside of the spinlocks to avoid the warnings */ 5312 mutex_init(&stp->st_mutex); 5313 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 5314 5315 retry: 5316 spin_lock(&oo->oo_owner.so_client->cl_lock); 5317 spin_lock(&fp->fi_lock); 5318 5319 if (nfs4_openowner_unhashed(oo)) { 5320 mutex_unlock(&stp->st_mutex); 5321 stp = NULL; 5322 goto out_unlock; 5323 } 5324 5325 retstp = nfsd4_find_existing_open(fp, open); 5326 if (retstp) 5327 goto out_unlock; 5328 5329 open->op_stp = NULL; 5330 refcount_inc(&stp->st_stid.sc_count); 5331 stp->st_stid.sc_type = SC_TYPE_OPEN; 5332 INIT_LIST_HEAD(&stp->st_locks); 5333 stp->st_stateowner = nfs4_get_stateowner(&oo->oo_owner); 5334 get_nfs4_file(fp); 5335 stp->st_stid.sc_file = fp; 5336 stp->st_access_bmap = 0; 5337 stp->st_deny_bmap = 0; 5338 stp->st_openstp = NULL; 5339 list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids); 5340 list_add(&stp->st_perfile, &fp->fi_stateids); 5341 5342 out_unlock: 5343 spin_unlock(&fp->fi_lock); 5344 spin_unlock(&oo->oo_owner.so_client->cl_lock); 5345 if (retstp) { 5346 /* Handle races with CLOSE */ 5347 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { 5348 nfs4_put_stid(&retstp->st_stid); 5349 goto retry; 5350 } 5351 /* To keep mutex tracking happy */ 5352 mutex_unlock(&stp->st_mutex); 5353 stp = retstp; 5354 } 5355 return stp; 5356 } 5357 5358 /* 5359 * In the 4.0 case we need to keep the owners around a little while to handle 5360 * CLOSE replay. We still do need to release any file access that is held by 5361 * them before returning however. 5362 */ 5363 static void 5364 move_to_close_lru(struct nfs4_ol_stateid *s, struct net *net) 5365 { 5366 struct nfs4_ol_stateid *last; 5367 struct nfs4_openowner *oo = openowner(s->st_stateowner); 5368 struct nfsd_net *nn = net_generic(s->st_stid.sc_client->net, 5369 nfsd_net_id); 5370 5371 dprintk("NFSD: move_to_close_lru nfs4_openowner %p\n", oo); 5372 5373 /* 5374 * We know that we hold one reference via nfsd4_close, and another 5375 * "persistent" reference for the client. If the refcount is higher 5376 * than 2, then there are still calls in progress that are using this 5377 * stateid. We can't put the sc_file reference until they are finished. 5378 * Wait for the refcount to drop to 2. Since it has been unhashed, 5379 * there should be no danger of the refcount going back up again at 5380 * this point. 5381 * Some threads with a reference might be waiting for rp_locked, 5382 * so tell them to stop waiting. 5383 */ 5384 store_release_wake_up(&oo->oo_owner.so_replay.rp_locked, RP_UNHASHED); 5385 wait_event(close_wq, refcount_read(&s->st_stid.sc_count) == 2); 5386 5387 release_all_access(s); 5388 if (s->st_stid.sc_file) { 5389 put_nfs4_file(s->st_stid.sc_file); 5390 s->st_stid.sc_file = NULL; 5391 } 5392 5393 spin_lock(&nn->client_lock); 5394 last = oo->oo_last_closed_stid; 5395 oo->oo_last_closed_stid = s; 5396 list_move_tail(&oo->oo_close_lru, &nn->close_lru); 5397 oo->oo_time = ktime_get_boottime_seconds(); 5398 spin_unlock(&nn->client_lock); 5399 if (last) 5400 nfs4_put_stid(&last->st_stid); 5401 } 5402 5403 static noinline_for_stack struct nfs4_file * 5404 nfsd4_file_hash_lookup(const struct svc_fh *fhp) 5405 { 5406 struct inode *inode = d_inode(fhp->fh_dentry); 5407 struct rhlist_head *tmp, *list; 5408 struct nfs4_file *fi; 5409 5410 rcu_read_lock(); 5411 list = rhltable_lookup(&nfs4_file_rhltable, &inode, 5412 nfs4_file_rhash_params); 5413 rhl_for_each_entry_rcu(fi, tmp, list, fi_rlist) { 5414 if (fh_match(&fi->fi_fhandle, &fhp->fh_handle)) { 5415 if (refcount_inc_not_zero(&fi->fi_ref)) { 5416 rcu_read_unlock(); 5417 return fi; 5418 } 5419 } 5420 } 5421 rcu_read_unlock(); 5422 return NULL; 5423 } 5424 5425 /* 5426 * On hash insertion, identify entries with the same inode but 5427 * distinct filehandles. They will all be on the list returned 5428 * by rhltable_lookup(). 5429 * 5430 * inode->i_lock prevents racing insertions from adding an entry 5431 * for the same inode/fhp pair twice. 5432 */ 5433 static noinline_for_stack struct nfs4_file * 5434 nfsd4_file_hash_insert(struct nfs4_file *new, const struct svc_fh *fhp) 5435 { 5436 struct inode *inode = d_inode(fhp->fh_dentry); 5437 struct rhlist_head *tmp, *list; 5438 struct nfs4_file *ret = NULL; 5439 bool alias_found = false; 5440 struct nfs4_file *fi; 5441 int err; 5442 5443 rcu_read_lock(); 5444 spin_lock(&inode->i_lock); 5445 5446 list = rhltable_lookup(&nfs4_file_rhltable, &inode, 5447 nfs4_file_rhash_params); 5448 rhl_for_each_entry_rcu(fi, tmp, list, fi_rlist) { 5449 if (fh_match(&fi->fi_fhandle, &fhp->fh_handle)) { 5450 if (refcount_inc_not_zero(&fi->fi_ref)) 5451 ret = fi; 5452 } else 5453 fi->fi_aliased = alias_found = true; 5454 } 5455 if (ret) 5456 goto out_unlock; 5457 5458 nfsd4_file_init(fhp, new); 5459 err = rhltable_insert(&nfs4_file_rhltable, &new->fi_rlist, 5460 nfs4_file_rhash_params); 5461 if (err) 5462 goto out_unlock; 5463 5464 new->fi_aliased = alias_found; 5465 ret = new; 5466 5467 out_unlock: 5468 spin_unlock(&inode->i_lock); 5469 rcu_read_unlock(); 5470 return ret; 5471 } 5472 5473 static noinline_for_stack void nfsd4_file_hash_remove(struct nfs4_file *fi) 5474 { 5475 rhltable_remove(&nfs4_file_rhltable, &fi->fi_rlist, 5476 nfs4_file_rhash_params); 5477 } 5478 5479 /* 5480 * Called to check deny when READ with all zero stateid or 5481 * WRITE with all zero or all one stateid 5482 */ 5483 static __be32 5484 nfs4_share_conflict(struct svc_fh *current_fh, unsigned int deny_type) 5485 { 5486 struct nfs4_file *fp; 5487 __be32 ret = nfs_ok; 5488 5489 fp = nfsd4_file_hash_lookup(current_fh); 5490 if (!fp) 5491 return ret; 5492 5493 /* Check for conflicting share reservations */ 5494 spin_lock(&fp->fi_lock); 5495 if (fp->fi_share_deny & deny_type) 5496 ret = nfserr_locked; 5497 spin_unlock(&fp->fi_lock); 5498 put_nfs4_file(fp); 5499 return ret; 5500 } 5501 5502 static bool nfsd4_deleg_present(const struct inode *inode) 5503 { 5504 struct file_lock_context *ctx = locks_inode_context(inode); 5505 5506 return ctx && !list_empty_careful(&ctx->flc_lease); 5507 } 5508 5509 /** 5510 * nfsd_wait_for_delegreturn - wait for delegations to be returned 5511 * @rqstp: the RPC transaction being executed 5512 * @inode: in-core inode of the file being waited for 5513 * 5514 * The timeout prevents deadlock if all nfsd threads happen to be 5515 * tied up waiting for returning delegations. 5516 * 5517 * Return values: 5518 * %true: delegation was returned 5519 * %false: timed out waiting for delegreturn 5520 */ 5521 bool nfsd_wait_for_delegreturn(struct svc_rqst *rqstp, struct inode *inode) 5522 { 5523 long __maybe_unused timeo; 5524 5525 timeo = wait_var_event_timeout(inode, !nfsd4_deleg_present(inode), 5526 NFSD_DELEGRETURN_TIMEOUT); 5527 trace_nfsd_delegret_wakeup(rqstp, inode, timeo); 5528 return timeo > 0; 5529 } 5530 5531 static void nfsd4_cb_recall_prepare(struct nfsd4_callback *cb) 5532 { 5533 struct nfs4_delegation *dp = cb_to_delegation(cb); 5534 struct nfsd_net *nn = net_generic(dp->dl_stid.sc_client->net, 5535 nfsd_net_id); 5536 5537 block_delegations(&dp->dl_stid.sc_file->fi_fhandle); 5538 5539 /* 5540 * We can't do this in nfsd_break_deleg_cb because it is 5541 * already holding inode->i_lock. 5542 * 5543 * If the dl_time != 0, then we know that it has already been 5544 * queued for a lease break. Don't queue it again. 5545 */ 5546 spin_lock(&nn->deleg_lock); 5547 if (delegation_hashed(dp) && dp->dl_time == 0) { 5548 dp->dl_time = ktime_get_boottime_seconds(); 5549 list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru); 5550 } 5551 spin_unlock(&nn->deleg_lock); 5552 } 5553 5554 static int nfsd4_cb_recall_done(struct nfsd4_callback *cb, 5555 struct rpc_task *task) 5556 { 5557 struct nfs4_delegation *dp = cb_to_delegation(cb); 5558 5559 trace_nfsd_cb_recall_done(&dp->dl_stid.sc_stateid, task); 5560 5561 if (dp->dl_stid.sc_status) 5562 /* CLOSED or REVOKED */ 5563 return 1; 5564 5565 switch (task->tk_status) { 5566 case 0: 5567 return 1; 5568 case -NFS4ERR_DELAY: 5569 rpc_delay(task, 2 * HZ); 5570 return 0; 5571 case -EBADHANDLE: 5572 case -NFS4ERR_BAD_STATEID: 5573 /* 5574 * Race: client probably got cb_recall before open reply 5575 * granting delegation. 5576 */ 5577 if (dp->dl_retries--) { 5578 rpc_delay(task, 2 * HZ); 5579 return 0; 5580 } 5581 fallthrough; 5582 default: 5583 return 1; 5584 } 5585 } 5586 5587 static void nfsd4_cb_recall_release(struct nfsd4_callback *cb) 5588 { 5589 struct nfs4_delegation *dp = cb_to_delegation(cb); 5590 5591 nfs4_put_stid(&dp->dl_stid); 5592 } 5593 5594 static const struct nfsd4_callback_ops nfsd4_cb_recall_ops = { 5595 .prepare = nfsd4_cb_recall_prepare, 5596 .done = nfsd4_cb_recall_done, 5597 .release = nfsd4_cb_recall_release, 5598 .opcode = OP_CB_RECALL, 5599 }; 5600 5601 static void nfsd_break_one_deleg(struct nfs4_delegation *dp) 5602 { 5603 bool queued; 5604 5605 if (test_and_set_bit(NFSD4_CALLBACK_RUNNING, &dp->dl_recall.cb_flags)) 5606 return; 5607 5608 /* 5609 * We're assuming the state code never drops its reference 5610 * without first removing the lease. Since we're in this lease 5611 * callback (and since the lease code is serialized by the 5612 * flc_lock) we know the server hasn't removed the lease yet, and 5613 * we know it's safe to take a reference. 5614 */ 5615 refcount_inc(&dp->dl_stid.sc_count); 5616 queued = nfsd4_run_cb(&dp->dl_recall); 5617 WARN_ON_ONCE(!queued); 5618 if (!queued) 5619 refcount_dec(&dp->dl_stid.sc_count); 5620 } 5621 5622 /* Called from break_lease() with flc_lock held. */ 5623 static bool 5624 nfsd_break_deleg_cb(struct file_lease *fl) 5625 { 5626 struct nfs4_delegation *dp = (struct nfs4_delegation *) fl->c.flc_owner; 5627 struct nfs4_file *fp = dp->dl_stid.sc_file; 5628 struct nfs4_client *clp = dp->dl_stid.sc_client; 5629 struct nfsd_net *nn; 5630 5631 trace_nfsd_cb_recall(&dp->dl_stid); 5632 5633 dp->dl_recalled = true; 5634 atomic_inc(&clp->cl_delegs_in_recall); 5635 if (try_to_expire_client(clp)) { 5636 nn = net_generic(clp->net, nfsd_net_id); 5637 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 5638 } 5639 5640 /* 5641 * We don't want the locks code to timeout the lease for us; 5642 * we'll remove it ourself if a delegation isn't returned 5643 * in time: 5644 */ 5645 fl->fl_break_time = 0; 5646 5647 fp->fi_had_conflict = true; 5648 nfsd_break_one_deleg(dp); 5649 return false; 5650 } 5651 5652 /** 5653 * nfsd_breaker_owns_lease - Check if lease conflict was resolved 5654 * @fl: Lock state to check 5655 * 5656 * Return values: 5657 * %true: Lease conflict was resolved 5658 * %false: Lease conflict was not resolved. 5659 */ 5660 static bool nfsd_breaker_owns_lease(struct file_lease *fl) 5661 { 5662 struct nfs4_delegation *dl = fl->c.flc_owner; 5663 struct nfsd_thread_local_info *ntli; 5664 struct svc_rqst *rqst; 5665 struct nfs4_client *clp; 5666 5667 rqst = nfsd_current_rqst(); 5668 if (!nfsd_v4client(rqst)) 5669 return false; 5670 ntli = rqst->rq_private; 5671 clp = *ntli->ntli_lease_breaker; 5672 return dl->dl_stid.sc_client == clp; 5673 } 5674 5675 static int 5676 nfsd_change_deleg_cb(struct file_lease *onlist, int arg, 5677 struct list_head *dispose) 5678 { 5679 struct nfs4_delegation *dp = (struct nfs4_delegation *) onlist->c.flc_owner; 5680 struct nfs4_client *clp = dp->dl_stid.sc_client; 5681 5682 if (arg & F_UNLCK) { 5683 if (dp->dl_recalled) 5684 atomic_dec(&clp->cl_delegs_in_recall); 5685 return lease_modify(onlist, arg, dispose); 5686 } else 5687 return -EAGAIN; 5688 } 5689 5690 /** 5691 * nfsd4_deleg_lm_open_conflict - see if the given file points to an inode that has 5692 * an existing open that would conflict with the 5693 * desired lease. 5694 * @filp: file to check 5695 * @arg: type of lease that we're trying to acquire 5696 * 5697 * The kernel will call into this operation to determine whether there 5698 * are conflicting opens that may prevent the deleg from being granted. 5699 * For nfsd, that check is done at a higher level, so this trivially 5700 * returns 0. 5701 */ 5702 static int 5703 nfsd4_deleg_lm_open_conflict(struct file *filp, int arg) 5704 { 5705 return 0; 5706 } 5707 5708 static const struct lease_manager_operations nfsd_lease_mng_ops = { 5709 .lm_breaker_owns_lease = nfsd_breaker_owns_lease, 5710 .lm_break = nfsd_break_deleg_cb, 5711 .lm_change = nfsd_change_deleg_cb, 5712 .lm_open_conflict = nfsd4_deleg_lm_open_conflict, 5713 }; 5714 5715 static __be32 nfsd4_check_seqid(struct nfsd4_compound_state *cstate, struct nfs4_stateowner *so, u32 seqid) 5716 { 5717 if (nfsd4_has_session(cstate)) 5718 return nfs_ok; 5719 if (seqid == so->so_seqid - 1) 5720 return nfserr_replay_me; 5721 if (seqid == so->so_seqid) 5722 return nfs_ok; 5723 return nfserr_bad_seqid; 5724 } 5725 5726 static struct nfs4_client *lookup_clientid(clientid_t *clid, bool sessions, 5727 struct nfsd_net *nn) 5728 { 5729 struct nfs4_client *found; 5730 5731 spin_lock(&nn->client_lock); 5732 found = find_confirmed_client(clid, sessions, nn); 5733 if (found) 5734 atomic_inc(&found->cl_rpc_users); 5735 spin_unlock(&nn->client_lock); 5736 return found; 5737 } 5738 5739 static __be32 set_client(clientid_t *clid, 5740 struct nfsd4_compound_state *cstate, 5741 struct nfsd_net *nn) 5742 { 5743 if (cstate->clp) { 5744 if (!same_clid(&cstate->clp->cl_clientid, clid)) 5745 return nfserr_stale_clientid; 5746 return nfs_ok; 5747 } 5748 if (STALE_CLIENTID(clid, nn)) 5749 return nfserr_stale_clientid; 5750 /* 5751 * We're in the 4.0 case (otherwise the SEQUENCE op would have 5752 * set cstate->clp), so session = false: 5753 */ 5754 cstate->clp = lookup_clientid(clid, false, nn); 5755 if (!cstate->clp) 5756 return nfserr_expired; 5757 return nfs_ok; 5758 } 5759 5760 __be32 5761 nfsd4_process_open1(struct nfsd4_compound_state *cstate, 5762 struct nfsd4_open *open, struct nfsd_net *nn) 5763 { 5764 clientid_t *clientid = &open->op_clientid; 5765 struct nfs4_client *clp = NULL; 5766 unsigned int strhashval; 5767 struct nfs4_openowner *oo = NULL; 5768 __be32 status; 5769 5770 /* 5771 * In case we need it later, after we've already created the 5772 * file and don't want to risk a further failure: 5773 */ 5774 open->op_file = nfsd4_alloc_file(); 5775 if (open->op_file == NULL) 5776 return nfserr_jukebox; 5777 5778 status = set_client(clientid, cstate, nn); 5779 if (status) 5780 return status; 5781 clp = cstate->clp; 5782 5783 strhashval = ownerstr_hashval(&open->op_owner); 5784 retry: 5785 oo = find_or_alloc_open_stateowner(strhashval, open, cstate); 5786 open->op_openowner = oo; 5787 if (!oo) 5788 return nfserr_jukebox; 5789 if (nfsd4_cstate_assign_replay(cstate, &oo->oo_owner) == -EAGAIN) { 5790 nfs4_put_stateowner(&oo->oo_owner); 5791 goto retry; 5792 } 5793 status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid); 5794 if (status) 5795 return status; 5796 5797 open->op_stp = nfs4_alloc_open_stateid(clp); 5798 if (!open->op_stp) 5799 return nfserr_jukebox; 5800 5801 if (nfsd4_has_session(cstate) && 5802 (cstate->current_fh.fh_export->ex_flags & NFSEXP_PNFS)) { 5803 open->op_odstate = alloc_clnt_odstate(clp); 5804 if (!open->op_odstate) 5805 return nfserr_jukebox; 5806 } 5807 5808 return nfs_ok; 5809 } 5810 5811 static inline __be32 5812 nfs4_check_delegmode(struct nfs4_delegation *dp, int flags) 5813 { 5814 if (!(flags & RD_STATE) && deleg_is_read(dp->dl_type)) 5815 return nfserr_openmode; 5816 else 5817 return nfs_ok; 5818 } 5819 5820 static int share_access_to_flags(u32 share_access) 5821 { 5822 return share_access == NFS4_SHARE_ACCESS_READ ? RD_STATE : WR_STATE; 5823 } 5824 5825 static struct nfs4_delegation *find_deleg_stateid(struct nfs4_client *cl, 5826 stateid_t *s) 5827 { 5828 struct nfs4_stid *ret; 5829 5830 ret = find_stateid_by_type(cl, s, SC_TYPE_DELEG, SC_STATUS_REVOKED); 5831 if (!ret) 5832 return NULL; 5833 return delegstateid(ret); 5834 } 5835 5836 static bool nfsd4_is_deleg_cur(struct nfsd4_open *open) 5837 { 5838 return open->op_claim_type == NFS4_OPEN_CLAIM_DELEGATE_CUR || 5839 open->op_claim_type == NFS4_OPEN_CLAIM_DELEG_CUR_FH; 5840 } 5841 5842 static __be32 5843 nfs4_check_deleg(struct nfs4_client *cl, struct nfsd4_open *open, 5844 struct nfs4_delegation **dp) 5845 { 5846 int flags; 5847 __be32 status = nfserr_bad_stateid; 5848 struct nfs4_delegation *deleg; 5849 5850 deleg = find_deleg_stateid(cl, &open->op_delegate_stateid); 5851 if (deleg == NULL) 5852 goto out; 5853 if (deleg->dl_stid.sc_status & SC_STATUS_ADMIN_REVOKED) { 5854 nfs4_put_stid(&deleg->dl_stid); 5855 status = nfserr_admin_revoked; 5856 goto out; 5857 } 5858 if (deleg->dl_stid.sc_status & SC_STATUS_REVOKED) { 5859 nfs4_put_stid(&deleg->dl_stid); 5860 nfsd40_drop_revoked_stid(cl, &open->op_delegate_stateid); 5861 status = nfserr_deleg_revoked; 5862 goto out; 5863 } 5864 flags = share_access_to_flags(open->op_share_access); 5865 status = nfs4_check_delegmode(deleg, flags); 5866 if (status) { 5867 nfs4_put_stid(&deleg->dl_stid); 5868 goto out; 5869 } 5870 *dp = deleg; 5871 out: 5872 if (!nfsd4_is_deleg_cur(open)) 5873 return nfs_ok; 5874 if (status) 5875 return status; 5876 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED; 5877 return nfs_ok; 5878 } 5879 5880 static inline int nfs4_access_to_access(u32 nfs4_access) 5881 { 5882 int flags = 0; 5883 5884 if (nfs4_access & NFS4_SHARE_ACCESS_READ) 5885 flags |= NFSD_MAY_READ; 5886 if (nfs4_access & NFS4_SHARE_ACCESS_WRITE) 5887 flags |= NFSD_MAY_WRITE; 5888 return flags; 5889 } 5890 5891 static inline __be32 5892 nfsd4_truncate(struct svc_rqst *rqstp, struct svc_fh *fh, 5893 struct nfsd4_open *open) 5894 { 5895 struct iattr iattr = { 5896 .ia_valid = ATTR_SIZE, 5897 .ia_size = 0, 5898 }; 5899 struct nfsd_attrs attrs = { 5900 .na_iattr = &iattr, 5901 }; 5902 if (!open->op_truncate) 5903 return 0; 5904 if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE)) 5905 return nfserr_inval; 5906 return nfsd_setattr(rqstp, fh, &attrs, NULL); 5907 } 5908 5909 static __be32 nfs4_get_vfs_file(struct svc_rqst *rqstp, struct nfs4_file *fp, 5910 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, 5911 struct nfsd4_open *open, bool new_stp) 5912 { 5913 struct nfsd_file *nf = NULL; 5914 __be32 status; 5915 int oflag = nfs4_access_to_omode(open->op_share_access); 5916 int access = nfs4_access_to_access(open->op_share_access); 5917 unsigned char old_access_bmap, old_deny_bmap; 5918 5919 spin_lock(&fp->fi_lock); 5920 5921 /* 5922 * Are we trying to set a deny mode that would conflict with 5923 * current access? 5924 */ 5925 status = nfs4_file_check_deny(fp, open->op_share_deny); 5926 if (status != nfs_ok) { 5927 if (status != nfserr_share_denied) { 5928 spin_unlock(&fp->fi_lock); 5929 goto out; 5930 } 5931 if (nfs4_resolve_deny_conflicts_locked(fp, new_stp, 5932 stp, open->op_share_deny, false)) 5933 status = nfserr_jukebox; 5934 spin_unlock(&fp->fi_lock); 5935 goto out; 5936 } 5937 5938 /* set access to the file */ 5939 status = nfs4_file_get_access(fp, open->op_share_access); 5940 if (status != nfs_ok) { 5941 if (status != nfserr_share_denied) { 5942 spin_unlock(&fp->fi_lock); 5943 goto out; 5944 } 5945 if (nfs4_resolve_deny_conflicts_locked(fp, new_stp, 5946 stp, open->op_share_access, true)) 5947 status = nfserr_jukebox; 5948 spin_unlock(&fp->fi_lock); 5949 goto out; 5950 } 5951 5952 /* Set access bits in stateid */ 5953 old_access_bmap = stp->st_access_bmap; 5954 set_access(open->op_share_access, stp); 5955 5956 /* Set new deny mask */ 5957 old_deny_bmap = stp->st_deny_bmap; 5958 set_deny(open->op_share_deny, stp); 5959 fp->fi_share_deny |= (open->op_share_deny & NFS4_SHARE_DENY_BOTH); 5960 5961 if (!fp->fi_fds[oflag]) { 5962 spin_unlock(&fp->fi_lock); 5963 5964 status = nfsd_file_acquire_opened(rqstp, cur_fh, access, 5965 open->op_filp, &nf); 5966 if (status != nfs_ok) 5967 goto out_put_access; 5968 5969 spin_lock(&fp->fi_lock); 5970 if (!fp->fi_fds[oflag]) { 5971 fp->fi_fds[oflag] = nf; 5972 nf = NULL; 5973 } 5974 } 5975 spin_unlock(&fp->fi_lock); 5976 if (nf) 5977 nfsd_file_put(nf); 5978 5979 status = nfserrno(nfsd_open_break_lease(cur_fh->fh_dentry->d_inode, 5980 access)); 5981 if (status) 5982 goto out_put_access; 5983 5984 status = nfsd4_truncate(rqstp, cur_fh, open); 5985 if (status) 5986 goto out_put_access; 5987 out: 5988 return status; 5989 out_put_access: 5990 stp->st_access_bmap = old_access_bmap; 5991 nfs4_file_put_access(fp, open->op_share_access); 5992 reset_union_bmap_deny(bmap_to_share_mode(old_deny_bmap), stp); 5993 goto out; 5994 } 5995 5996 static __be32 5997 nfs4_upgrade_open(struct svc_rqst *rqstp, struct nfs4_file *fp, 5998 struct svc_fh *cur_fh, struct nfs4_ol_stateid *stp, 5999 struct nfsd4_open *open) 6000 { 6001 __be32 status; 6002 unsigned char old_deny_bmap = stp->st_deny_bmap; 6003 6004 if (!test_access(open->op_share_access, stp)) 6005 return nfs4_get_vfs_file(rqstp, fp, cur_fh, stp, open, false); 6006 6007 /* test and set deny mode */ 6008 spin_lock(&fp->fi_lock); 6009 status = nfs4_file_check_deny(fp, open->op_share_deny); 6010 switch (status) { 6011 case nfs_ok: 6012 set_deny(open->op_share_deny, stp); 6013 fp->fi_share_deny |= 6014 (open->op_share_deny & NFS4_SHARE_DENY_BOTH); 6015 break; 6016 case nfserr_share_denied: 6017 if (nfs4_resolve_deny_conflicts_locked(fp, false, 6018 stp, open->op_share_deny, false)) 6019 status = nfserr_jukebox; 6020 break; 6021 } 6022 spin_unlock(&fp->fi_lock); 6023 6024 if (status != nfs_ok) 6025 return status; 6026 6027 status = nfsd4_truncate(rqstp, cur_fh, open); 6028 if (status != nfs_ok) 6029 reset_union_bmap_deny(old_deny_bmap, stp); 6030 return status; 6031 } 6032 6033 /* Should we give out recallable state?: */ 6034 static bool nfsd4_cb_channel_good(struct nfs4_client *clp) 6035 { 6036 if (clp->cl_cb_state == NFSD4_CB_UP) 6037 return true; 6038 /* 6039 * In the sessions case, since we don't have to establish a 6040 * separate connection for callbacks, we assume it's OK 6041 * until we hear otherwise: 6042 */ 6043 return clp->cl_minorversion && clp->cl_cb_state == NFSD4_CB_UNKNOWN; 6044 } 6045 6046 static struct file_lease *nfs4_alloc_init_lease(struct nfs4_delegation *dp) 6047 { 6048 struct file_lease *fl; 6049 6050 fl = locks_alloc_lease(); 6051 if (!fl) 6052 return NULL; 6053 fl->fl_lmops = &nfsd_lease_mng_ops; 6054 fl->c.flc_flags = FL_DELEG; 6055 fl->c.flc_type = deleg_is_read(dp->dl_type) ? F_RDLCK : F_WRLCK; 6056 fl->c.flc_owner = (fl_owner_t)dp; 6057 fl->c.flc_pid = current->tgid; 6058 fl->c.flc_file = dp->dl_stid.sc_file->fi_deleg_file->nf_file; 6059 return fl; 6060 } 6061 6062 static int nfsd4_check_conflicting_opens(struct nfs4_client *clp, 6063 struct nfs4_file *fp) 6064 { 6065 struct nfs4_ol_stateid *st; 6066 struct file *f = fp->fi_deleg_file->nf_file; 6067 struct inode *ino = file_inode(f); 6068 int writes; 6069 6070 writes = atomic_read(&ino->i_writecount); 6071 if (!writes) 6072 return 0; 6073 /* 6074 * There could be multiple filehandles (hence multiple 6075 * nfs4_files) referencing this file, but that's not too 6076 * common; let's just give up in that case rather than 6077 * trying to go look up all the clients using that other 6078 * nfs4_file as well: 6079 */ 6080 if (fp->fi_aliased) 6081 return -EAGAIN; 6082 /* 6083 * If there's a close in progress, make sure that we see it 6084 * clear any fi_fds[] entries before we see it decrement 6085 * i_writecount: 6086 */ 6087 smp_mb__after_atomic(); 6088 6089 if (fp->fi_fds[O_WRONLY]) 6090 writes--; 6091 if (fp->fi_fds[O_RDWR]) 6092 writes--; 6093 if (writes > 0) 6094 return -EAGAIN; /* There may be non-NFSv4 writers */ 6095 /* 6096 * It's possible there are non-NFSv4 write opens in progress, 6097 * but if they haven't incremented i_writecount yet then they 6098 * also haven't called break lease yet; so, they'll break this 6099 * lease soon enough. So, all that's left to check for is NFSv4 6100 * opens: 6101 */ 6102 spin_lock(&fp->fi_lock); 6103 list_for_each_entry(st, &fp->fi_stateids, st_perfile) { 6104 if (st->st_openstp == NULL /* it's an open */ && 6105 access_permit_write(st) && 6106 st->st_stid.sc_client != clp) { 6107 spin_unlock(&fp->fi_lock); 6108 return -EAGAIN; 6109 } 6110 } 6111 spin_unlock(&fp->fi_lock); 6112 /* 6113 * There's a small chance that we could be racing with another 6114 * NFSv4 open. However, any open that hasn't added itself to 6115 * the fi_stateids list also hasn't called break_lease yet; so, 6116 * they'll break this lease soon enough. 6117 */ 6118 return 0; 6119 } 6120 6121 /* 6122 * It's possible that between opening the dentry and setting the delegation, 6123 * that it has been renamed or unlinked. Redo the lookup to verify that this 6124 * hasn't happened. 6125 */ 6126 static int 6127 nfsd4_verify_deleg_dentry(struct nfsd4_open *open, struct nfs4_file *fp, 6128 struct svc_fh *parent) 6129 { 6130 struct svc_export *exp; 6131 struct dentry *child; 6132 __be32 err; 6133 6134 err = nfsd_lookup_dentry(open->op_rqstp, parent, 6135 open->op_fname, open->op_fnamelen, 6136 &exp, &child); 6137 6138 if (err) 6139 return -EAGAIN; 6140 6141 exp_put(exp); 6142 dput(child); 6143 if (child != file_dentry(fp->fi_deleg_file->nf_file)) 6144 return -EAGAIN; 6145 6146 return 0; 6147 } 6148 6149 /* 6150 * We avoid breaking delegations held by a client due to its own activity, but 6151 * clearing setuid/setgid bits on a write is an implicit activity and the client 6152 * may not notice and continue using the old mode. Avoid giving out a delegation 6153 * on setuid/setgid files when the client is requesting an open for write. 6154 */ 6155 static int 6156 nfsd4_verify_setuid_write(struct nfsd4_open *open, struct nfsd_file *nf) 6157 { 6158 struct inode *inode = file_inode(nf->nf_file); 6159 6160 if ((open->op_share_access & NFS4_SHARE_ACCESS_WRITE) && 6161 (inode->i_mode & (S_ISUID|S_ISGID))) 6162 return -EAGAIN; 6163 return 0; 6164 } 6165 6166 /* 6167 * Timestamp delegation was introduced in RFC7862. Runtime switch for disabling 6168 * this feature is /sys/kernel/debug/nfsd/delegated_timestamps. 6169 */ 6170 static bool nfsd4_want_deleg_timestamps(const struct nfsd4_open *open) 6171 { 6172 if (!nfsd_delegts_enabled) 6173 return false; 6174 return open->op_deleg_want & OPEN4_SHARE_ACCESS_WANT_DELEG_TIMESTAMPS; 6175 } 6176 6177 static struct nfs4_delegation * 6178 nfs4_set_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp, 6179 struct svc_fh *parent) 6180 { 6181 bool deleg_ts = nfsd4_want_deleg_timestamps(open); 6182 struct nfs4_client *clp = stp->st_stid.sc_client; 6183 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 6184 struct nfs4_file *fp = stp->st_stid.sc_file; 6185 struct nfs4_clnt_odstate *odstate = stp->st_clnt_odstate; 6186 struct nfs4_delegation *dp; 6187 struct nfsd_file *nf = NULL; 6188 struct file_lease *fl; 6189 int status = 0; 6190 u32 dl_type; 6191 6192 /* 6193 * The fi_had_conflict and nfs_get_existing_delegation checks 6194 * here are just optimizations; we'll need to recheck them at 6195 * the end: 6196 */ 6197 if (fp->fi_had_conflict) 6198 return ERR_PTR(-EAGAIN); 6199 6200 /* 6201 * Try for a write delegation first. RFC8881 section 10.4 says: 6202 * 6203 * "An OPEN_DELEGATE_WRITE delegation allows the client to handle, 6204 * on its own, all opens." 6205 * 6206 * Furthermore, section 9.1.2 says: 6207 * 6208 * "In the case of READ, the server may perform the corresponding 6209 * check on the access mode, or it may choose to allow READ for 6210 * OPEN4_SHARE_ACCESS_WRITE, to accommodate clients whose WRITE 6211 * implementation may unavoidably do reads (e.g., due to buffer 6212 * cache constraints)." 6213 * 6214 * We choose to offer a write delegation for OPEN with the 6215 * OPEN4_SHARE_ACCESS_WRITE access mode to accommodate such clients. 6216 */ 6217 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE) { 6218 nf = find_writeable_file(fp); 6219 dl_type = deleg_ts ? OPEN_DELEGATE_WRITE_ATTRS_DELEG : OPEN_DELEGATE_WRITE; 6220 } 6221 6222 /* 6223 * If the file is being opened O_RDONLY or we couldn't get a O_RDWR 6224 * file for some reason, then try for a read delegation instead. 6225 */ 6226 if (!nf && (open->op_share_access & NFS4_SHARE_ACCESS_READ)) { 6227 nf = find_readable_file(fp); 6228 dl_type = deleg_ts ? OPEN_DELEGATE_READ_ATTRS_DELEG : OPEN_DELEGATE_READ; 6229 } 6230 6231 if (!nf) 6232 return ERR_PTR(-EAGAIN); 6233 6234 /* 6235 * File delegations and associated locks cannot be recovered if the 6236 * export is from an NFS proxy server. 6237 */ 6238 if (exportfs_cannot_lock(nf->nf_file->f_path.mnt->mnt_sb->s_export_op)) { 6239 nfsd_file_put(nf); 6240 return ERR_PTR(-EOPNOTSUPP); 6241 } 6242 6243 spin_lock(&nn->deleg_lock); 6244 spin_lock(&fp->fi_lock); 6245 if (nfs4_delegation_exists(clp, fp)) 6246 status = -EAGAIN; 6247 else if (nfsd4_verify_setuid_write(open, nf)) 6248 status = -EAGAIN; 6249 else if (!fp->fi_deleg_file) { 6250 fp->fi_deleg_file = nf; 6251 /* increment early to prevent fi_deleg_file from being 6252 * cleared */ 6253 fp->fi_delegees = 1; 6254 nf = NULL; 6255 } else 6256 fp->fi_delegees++; 6257 spin_unlock(&fp->fi_lock); 6258 spin_unlock(&nn->deleg_lock); 6259 if (nf) 6260 nfsd_file_put(nf); 6261 if (status) 6262 return ERR_PTR(status); 6263 6264 status = -ENOMEM; 6265 dp = alloc_init_deleg(clp, fp, odstate, dl_type); 6266 if (!dp) 6267 goto out_delegees; 6268 if (stp->st_stid.sc_export) 6269 dp->dl_stid.sc_export = exp_get(stp->st_stid.sc_export); 6270 6271 fl = nfs4_alloc_init_lease(dp); 6272 if (!fl) 6273 goto out_clnt_odstate; 6274 6275 status = kernel_setlease(fp->fi_deleg_file->nf_file, 6276 fl->c.flc_type, &fl, NULL); 6277 if (fl) 6278 locks_free_lease(fl); 6279 if (status) 6280 goto out_clnt_odstate; 6281 6282 if (parent) { 6283 status = nfsd4_verify_deleg_dentry(open, fp, parent); 6284 if (status) 6285 goto out_unlock; 6286 } 6287 6288 status = nfsd4_check_conflicting_opens(clp, fp); 6289 if (status) 6290 goto out_unlock; 6291 6292 /* 6293 * Now that the deleg is set, check again to ensure that nothing 6294 * raced in and changed the mode while we weren't looking. 6295 */ 6296 status = nfsd4_verify_setuid_write(open, fp->fi_deleg_file); 6297 if (status) 6298 goto out_unlock; 6299 6300 status = -EAGAIN; 6301 if (fp->fi_had_conflict) 6302 goto out_unlock; 6303 6304 spin_lock(&nn->deleg_lock); 6305 spin_lock(&clp->cl_lock); 6306 spin_lock(&fp->fi_lock); 6307 status = hash_delegation_locked(dp, fp); 6308 spin_unlock(&fp->fi_lock); 6309 spin_unlock(&clp->cl_lock); 6310 spin_unlock(&nn->deleg_lock); 6311 6312 if (status) 6313 goto out_unlock; 6314 6315 return dp; 6316 out_unlock: 6317 kernel_setlease(fp->fi_deleg_file->nf_file, F_UNLCK, NULL, (void **)&dp); 6318 out_clnt_odstate: 6319 put_clnt_odstate(dp->dl_clnt_odstate); 6320 nfs4_put_stid(&dp->dl_stid); 6321 out_delegees: 6322 put_deleg_file(fp); 6323 return ERR_PTR(status); 6324 } 6325 6326 static void nfsd4_open_deleg_none_ext(struct nfsd4_open *open, int status) 6327 { 6328 open->op_delegate_type = OPEN_DELEGATE_NONE_EXT; 6329 if (status == -EAGAIN) 6330 open->op_why_no_deleg = WND4_CONTENTION; 6331 else { 6332 open->op_why_no_deleg = WND4_RESOURCE; 6333 switch (open->op_deleg_want) { 6334 case OPEN4_SHARE_ACCESS_WANT_READ_DELEG: 6335 case OPEN4_SHARE_ACCESS_WANT_WRITE_DELEG: 6336 case OPEN4_SHARE_ACCESS_WANT_ANY_DELEG: 6337 break; 6338 case OPEN4_SHARE_ACCESS_WANT_CANCEL: 6339 open->op_why_no_deleg = WND4_CANCELLED; 6340 break; 6341 case OPEN4_SHARE_ACCESS_WANT_NO_DELEG: 6342 WARN_ON_ONCE(1); 6343 } 6344 } 6345 } 6346 6347 static bool 6348 nfs4_delegation_stat(struct nfs4_delegation *dp, struct svc_fh *currentfh, 6349 struct kstat *stat) 6350 { 6351 struct nfsd_file *nf = find_writeable_file(dp->dl_stid.sc_file); 6352 struct path path; 6353 int rc; 6354 6355 if (!nf) 6356 return false; 6357 6358 path.mnt = currentfh->fh_export->ex_path.mnt; 6359 path.dentry = file_dentry(nf->nf_file); 6360 6361 rc = vfs_getattr(&path, stat, 6362 STATX_MODE | STATX_SIZE | STATX_ATIME | 6363 STATX_MTIME | STATX_CTIME | STATX_CHANGE_COOKIE, 6364 AT_STATX_SYNC_AS_STAT); 6365 6366 nfsd_file_put(nf); 6367 return rc == 0; 6368 } 6369 6370 /* 6371 * Add NFS4_SHARE_ACCESS_READ to the write delegation granted on OPEN 6372 * with NFS4_SHARE_ACCESS_WRITE by allocating separate nfsd_file and 6373 * struct file to be used for read with delegation stateid. 6374 * 6375 */ 6376 static bool 6377 nfsd4_add_rdaccess_to_wrdeleg(struct svc_rqst *rqstp, struct nfsd4_open *open, 6378 struct svc_fh *fh, struct nfs4_ol_stateid *stp) 6379 { 6380 struct nfs4_file *fp; 6381 struct nfsd_file *nf = NULL; 6382 6383 if ((open->op_share_access & NFS4_SHARE_ACCESS_BOTH) == 6384 NFS4_SHARE_ACCESS_WRITE) { 6385 if (nfsd_file_acquire_opened(rqstp, fh, NFSD_MAY_READ, NULL, &nf)) 6386 return (false); 6387 fp = stp->st_stid.sc_file; 6388 spin_lock(&fp->fi_lock); 6389 if (!fp->fi_fds[O_RDONLY]) { 6390 __nfs4_file_get_access(fp, NFS4_SHARE_ACCESS_READ); 6391 fp->fi_fds[O_RDONLY] = nf; 6392 fp->fi_rdeleg_file = nfsd_file_get(fp->fi_fds[O_RDONLY]); 6393 nf = NULL; 6394 } 6395 spin_unlock(&fp->fi_lock); 6396 if (nf) 6397 nfsd_file_put(nf); 6398 } 6399 return true; 6400 } 6401 6402 /* 6403 * The Linux NFS server does not offer write delegations to NFSv4.0 6404 * clients in order to avoid conflicts between write delegations and 6405 * GETATTRs requesting CHANGE or SIZE attributes. 6406 * 6407 * With NFSv4.1 and later minorversions, the SEQUENCE operation that 6408 * begins each COMPOUND contains a client ID. Delegation recall can 6409 * be avoided when the server recognizes the client sending a 6410 * GETATTR also holds write delegation it conflicts with. 6411 * 6412 * However, the NFSv4.0 protocol does not enable a server to 6413 * determine that a GETATTR originated from the client holding the 6414 * conflicting delegation versus coming from some other client. Per 6415 * RFC 7530 Section 16.7.5, the server must recall or send a 6416 * CB_GETATTR even when the GETATTR originates from the client that 6417 * holds the conflicting delegation. 6418 * 6419 * An NFSv4.0 client can trigger a pathological situation if it 6420 * always sends a DELEGRETURN preceded by a conflicting GETATTR in 6421 * the same COMPOUND. COMPOUND execution will always stop at the 6422 * GETATTR and the DELEGRETURN will never get executed. The server 6423 * eventually revokes the delegation, which can result in loss of 6424 * open or lock state. 6425 */ 6426 static void 6427 nfs4_open_delegation(struct svc_rqst *rqstp, struct nfsd4_open *open, 6428 struct nfs4_ol_stateid *stp, struct svc_fh *currentfh, 6429 struct svc_fh *fh) 6430 { 6431 struct nfs4_openowner *oo = openowner(stp->st_stateowner); 6432 bool deleg_ts = nfsd4_want_deleg_timestamps(open); 6433 struct nfs4_client *clp = stp->st_stid.sc_client; 6434 struct svc_fh *parent = NULL; 6435 struct nfs4_delegation *dp; 6436 struct kstat stat; 6437 int status = 0; 6438 int cb_up; 6439 6440 cb_up = nfsd4_cb_channel_good(oo->oo_owner.so_client); 6441 open->op_recall = false; 6442 switch (open->op_claim_type) { 6443 case NFS4_OPEN_CLAIM_PREVIOUS: 6444 if (!cb_up) 6445 open->op_recall = true; 6446 break; 6447 case NFS4_OPEN_CLAIM_NULL: 6448 parent = currentfh; 6449 fallthrough; 6450 case NFS4_OPEN_CLAIM_FH: 6451 /* 6452 * Let's not give out any delegations till everyone's 6453 * had the chance to reclaim theirs, *and* until 6454 * NLM locks have all been reclaimed: 6455 */ 6456 if (locks_in_grace(clp->net)) 6457 goto out_no_deleg; 6458 if (!cb_up || !(oo->oo_flags & NFS4_OO_CONFIRMED)) 6459 goto out_no_deleg; 6460 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE && 6461 !clp->cl_minorversion) 6462 goto out_no_deleg; 6463 break; 6464 default: 6465 goto out_no_deleg; 6466 } 6467 dp = nfs4_set_delegation(open, stp, parent); 6468 if (IS_ERR(dp)) 6469 goto out_no_deleg; 6470 6471 memcpy(&open->op_delegate_stateid, &dp->dl_stid.sc_stateid, sizeof(dp->dl_stid.sc_stateid)); 6472 6473 if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE) { 6474 struct file *f = dp->dl_stid.sc_file->fi_deleg_file->nf_file; 6475 6476 if (!nfsd4_add_rdaccess_to_wrdeleg(rqstp, open, fh, stp) || 6477 !nfs4_delegation_stat(dp, currentfh, &stat)) { 6478 nfs4_put_stid(&dp->dl_stid); 6479 destroy_delegation(dp); 6480 goto out_no_deleg; 6481 } 6482 open->op_delegate_type = deleg_ts ? OPEN_DELEGATE_WRITE_ATTRS_DELEG : 6483 OPEN_DELEGATE_WRITE; 6484 dp->dl_cb_fattr.ncf_initial_cinfo = nfsd4_change_attribute(&stat); 6485 dp->dl_atime = stat.atime; 6486 dp->dl_ctime = stat.ctime; 6487 dp->dl_mtime = stat.mtime; 6488 spin_lock(&f->f_lock); 6489 if (deleg_ts) 6490 f->f_mode |= FMODE_NOCMTIME; 6491 spin_unlock(&f->f_lock); 6492 trace_nfsd_deleg_write(&dp->dl_stid.sc_stateid); 6493 } else { 6494 open->op_delegate_type = deleg_ts && nfs4_delegation_stat(dp, currentfh, &stat) ? 6495 OPEN_DELEGATE_READ_ATTRS_DELEG : OPEN_DELEGATE_READ; 6496 dp->dl_atime = stat.atime; 6497 trace_nfsd_deleg_read(&dp->dl_stid.sc_stateid); 6498 } 6499 nfs4_put_stid(&dp->dl_stid); 6500 return; 6501 out_no_deleg: 6502 open->op_delegate_type = OPEN_DELEGATE_NONE; 6503 6504 /* 4.1 client asking for a delegation? */ 6505 if (open->op_deleg_want) 6506 nfsd4_open_deleg_none_ext(open, status); 6507 return; 6508 } 6509 6510 static void nfsd4_deleg_xgrade_none_ext(struct nfsd4_open *open, 6511 struct nfs4_delegation *dp) 6512 { 6513 if (deleg_is_write(dp->dl_type)) { 6514 if (open->op_deleg_want & OPEN4_SHARE_ACCESS_WANT_READ_DELEG) { 6515 open->op_delegate_type = OPEN_DELEGATE_NONE_EXT; 6516 open->op_why_no_deleg = WND4_NOT_SUPP_DOWNGRADE; 6517 } else if (open->op_deleg_want & OPEN4_SHARE_ACCESS_WANT_WRITE_DELEG) { 6518 open->op_delegate_type = OPEN_DELEGATE_NONE_EXT; 6519 open->op_why_no_deleg = WND4_NOT_SUPP_UPGRADE; 6520 } 6521 } 6522 /* Otherwise the client must be confused wanting a delegation 6523 * it already has, therefore we don't return 6524 * OPEN_DELEGATE_NONE_EXT and reason. 6525 */ 6526 } 6527 6528 /* Are we returning only a delegation stateid? */ 6529 static bool open_xor_delegation(struct nfsd4_open *open) 6530 { 6531 if (!(open->op_deleg_want & OPEN4_SHARE_ACCESS_WANT_OPEN_XOR_DELEGATION)) 6532 return false; 6533 /* Did we actually get a delegation? */ 6534 if (!deleg_is_read(open->op_delegate_type) && !deleg_is_write(open->op_delegate_type)) 6535 return false; 6536 return true; 6537 } 6538 6539 /** 6540 * nfsd4_process_open2 - finish open processing 6541 * @rqstp: the RPC transaction being executed 6542 * @current_fh: NFSv4 COMPOUND's current filehandle 6543 * @open: OPEN arguments 6544 * 6545 * If successful, (1) truncate the file if open->op_truncate was 6546 * set, (2) set open->op_stateid, (3) set open->op_delegation. 6547 * 6548 * Returns %nfs_ok on success; otherwise an nfs4stat value in 6549 * network byte order is returned. 6550 */ 6551 __be32 6552 nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open) 6553 { 6554 struct nfsd4_compoundres *resp = rqstp->rq_resp; 6555 struct nfs4_client *cl = open->op_openowner->oo_owner.so_client; 6556 struct nfs4_file *fp = NULL; 6557 struct nfs4_ol_stateid *stp = NULL; 6558 struct nfs4_delegation *dp = NULL; 6559 __be32 status; 6560 bool new_stp = false; 6561 6562 /* 6563 * Lookup file; if found, lookup stateid and check open request, 6564 * and check for delegations in the process of being recalled. 6565 * If not found, create the nfs4_file struct 6566 */ 6567 fp = nfsd4_file_hash_insert(open->op_file, current_fh); 6568 if (unlikely(!fp)) 6569 return nfserr_jukebox; 6570 if (fp != open->op_file) { 6571 status = nfs4_check_deleg(cl, open, &dp); 6572 if (status) 6573 goto out; 6574 if (dp && nfsd4_is_deleg_cur(open) && 6575 (dp->dl_stid.sc_file != fp)) { 6576 /* 6577 * RFC8881 section 8.2.4 mandates the server to return 6578 * NFS4ERR_BAD_STATEID if the selected table entry does 6579 * not match the current filehandle. However returning 6580 * NFS4ERR_BAD_STATEID in the OPEN can cause the client 6581 * to repeatedly retry the operation with the same 6582 * stateid, since the stateid itself is valid. To avoid 6583 * this situation NFSD returns NFS4ERR_INVAL instead. 6584 */ 6585 status = nfserr_inval; 6586 goto out; 6587 } 6588 stp = nfsd4_find_and_lock_existing_open(fp, open); 6589 } else { 6590 open->op_file = NULL; 6591 status = nfserr_bad_stateid; 6592 if (nfsd4_is_deleg_cur(open)) 6593 goto out; 6594 } 6595 6596 if (!stp) { 6597 stp = init_open_stateid(fp, open); 6598 if (!stp) { 6599 status = nfserr_jukebox; 6600 goto out; 6601 } 6602 6603 if (!open->op_stp) { 6604 new_stp = true; 6605 stp->st_stid.sc_export = 6606 exp_get(current_fh->fh_export); 6607 } 6608 } 6609 6610 /* 6611 * OPEN the file, or upgrade an existing OPEN. 6612 * If truncate fails, the OPEN fails. 6613 * 6614 * stp is already locked. 6615 */ 6616 if (!new_stp) { 6617 /* Stateid was found, this is an OPEN upgrade */ 6618 status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open); 6619 if (status) { 6620 mutex_unlock(&stp->st_mutex); 6621 goto out; 6622 } 6623 } else { 6624 status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open, true); 6625 if (status) { 6626 release_open_stateid(stp); 6627 mutex_unlock(&stp->st_mutex); 6628 goto out; 6629 } 6630 6631 stp->st_clnt_odstate = find_or_hash_clnt_odstate(fp, 6632 open->op_odstate); 6633 if (stp->st_clnt_odstate == open->op_odstate) 6634 open->op_odstate = NULL; 6635 } 6636 6637 nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid); 6638 mutex_unlock(&stp->st_mutex); 6639 6640 if (nfsd4_has_session(&resp->cstate)) { 6641 if (open->op_deleg_want & OPEN4_SHARE_ACCESS_WANT_NO_DELEG) { 6642 open->op_delegate_type = OPEN_DELEGATE_NONE_EXT; 6643 open->op_why_no_deleg = WND4_NOT_WANTED; 6644 goto nodeleg; 6645 } 6646 } 6647 6648 /* 6649 * Attempt to hand out a delegation. No error return, because the 6650 * OPEN succeeds even if we fail. 6651 */ 6652 nfs4_open_delegation(rqstp, open, stp, 6653 &resp->cstate.current_fh, current_fh); 6654 6655 /* 6656 * If there is an existing open stateid, it must be updated and 6657 * returned. Only respect WANT_OPEN_XOR_DELEGATION when a new 6658 * open stateid would have to be created. 6659 */ 6660 if (new_stp && open_xor_delegation(open)) { 6661 memcpy(&open->op_stateid, &zero_stateid, sizeof(open->op_stateid)); 6662 open->op_rflags |= OPEN4_RESULT_NO_OPEN_STATEID; 6663 release_open_stateid(stp); 6664 } 6665 nodeleg: 6666 status = nfs_ok; 6667 trace_nfsd_open(&stp->st_stid.sc_stateid); 6668 out: 6669 /* 4.1 client trying to upgrade/downgrade delegation? */ 6670 if (open->op_delegate_type == OPEN_DELEGATE_NONE && dp && 6671 open->op_deleg_want) 6672 nfsd4_deleg_xgrade_none_ext(open, dp); 6673 6674 if (fp) 6675 put_nfs4_file(fp); 6676 if (status == 0 && open->op_claim_type == NFS4_OPEN_CLAIM_PREVIOUS) 6677 open->op_openowner->oo_flags |= NFS4_OO_CONFIRMED; 6678 /* 6679 * To finish the open response, we just need to set the rflags. 6680 */ 6681 open->op_rflags |= NFS4_OPEN_RESULT_LOCKTYPE_POSIX; 6682 if (nfsd4_has_session(&resp->cstate)) 6683 open->op_rflags |= NFS4_OPEN_RESULT_MAY_NOTIFY_LOCK; 6684 else if (!(open->op_openowner->oo_flags & NFS4_OO_CONFIRMED)) 6685 open->op_rflags |= NFS4_OPEN_RESULT_CONFIRM; 6686 6687 if (dp) 6688 nfs4_put_stid(&dp->dl_stid); 6689 if (stp) 6690 nfs4_put_stid(&stp->st_stid); 6691 6692 return status; 6693 } 6694 6695 void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate, 6696 struct nfsd4_open *open) 6697 { 6698 if (open->op_openowner) 6699 nfs4_put_stateowner(&open->op_openowner->oo_owner); 6700 if (open->op_file) 6701 kmem_cache_free(file_slab, open->op_file); 6702 if (open->op_stp) 6703 nfs4_put_stid(&open->op_stp->st_stid); 6704 if (open->op_odstate) 6705 kmem_cache_free(odstate_slab, open->op_odstate); 6706 } 6707 6708 __be32 6709 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 6710 union nfsd4_op_u *u) 6711 { 6712 clientid_t *clid = &u->renew; 6713 struct nfs4_client *clp; 6714 __be32 status; 6715 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 6716 6717 trace_nfsd_clid_renew(clid); 6718 status = set_client(clid, cstate, nn); 6719 if (status) 6720 return status; 6721 clp = cstate->clp; 6722 if (!list_empty(&clp->cl_delegations) 6723 && clp->cl_cb_state != NFSD4_CB_UP) 6724 return nfserr_cb_path_down; 6725 return nfs_ok; 6726 } 6727 6728 static void 6729 nfsd4_end_grace(struct nfsd_net *nn) 6730 { 6731 /* do nothing if grace period already ended */ 6732 if (nn->grace_ended) 6733 return; 6734 6735 trace_nfsd_grace_complete(nn); 6736 nn->grace_ended = true; 6737 /* 6738 * If the server goes down again right now, an NFSv4 6739 * client will still be allowed to reclaim after it comes back up, 6740 * even if it hasn't yet had a chance to reclaim state this time. 6741 * 6742 */ 6743 nfsd4_record_grace_done(nn); 6744 /* 6745 * At this point, NFSv4 clients can still reclaim. But if the 6746 * server crashes, any that have not yet reclaimed will be out 6747 * of luck on the next boot. 6748 * 6749 * (NFSv4.1+ clients are considered to have reclaimed once they 6750 * call RECLAIM_COMPLETE. NFSv4.0 clients are considered to 6751 * have reclaimed after their first OPEN.) 6752 */ 6753 locks_end_grace(&nn->nfsd4_manager); 6754 /* 6755 * At this point, and once lockd and/or any other containers 6756 * exit their grace period, further reclaims will fail and 6757 * regular locking can resume. 6758 */ 6759 } 6760 6761 /** 6762 * nfsd4_force_end_grace - forcibly end the NFSv4 grace period 6763 * @nn: network namespace for the server instance to be updated 6764 * 6765 * Forces bypass of normal grace period completion, then schedules 6766 * the laundromat to end the grace period immediately. Does not wait 6767 * for the grace period to fully terminate before returning. 6768 * 6769 * Return values: 6770 * %true: Grace termination schedule 6771 * %false: No action was taken 6772 */ 6773 bool nfsd4_force_end_grace(struct nfsd_net *nn) 6774 { 6775 if (!nn->client_tracking_ops) 6776 return false; 6777 if (READ_ONCE(nn->grace_ended)) 6778 return false; 6779 /* laundromat_work must be initialised now, though it might be disabled */ 6780 WRITE_ONCE(nn->grace_end_forced, true); 6781 /* mod_delayed_work() doesn't queue work after 6782 * nfs4_state_shutdown_net() has called disable_delayed_work_sync() 6783 */ 6784 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 6785 return true; 6786 } 6787 6788 /* 6789 * If we've waited a lease period but there are still clients trying to 6790 * reclaim, wait a little longer to give them a chance to finish. 6791 */ 6792 static bool clients_still_reclaiming(struct nfsd_net *nn) 6793 { 6794 time64_t double_grace_period_end = nn->boot_time + 6795 2 * nn->nfsd4_lease; 6796 6797 if (READ_ONCE(nn->grace_end_forced)) 6798 return false; 6799 if (nn->track_reclaim_completes && 6800 atomic_read(&nn->nr_reclaim_complete) == 6801 nn->reclaim_str_hashtbl_size) 6802 return false; 6803 if (!nn->somebody_reclaimed) 6804 return false; 6805 nn->somebody_reclaimed = false; 6806 /* 6807 * If we've given them *two* lease times to reclaim, and they're 6808 * still not done, give up: 6809 */ 6810 if (ktime_get_boottime_seconds() > double_grace_period_end) 6811 return false; 6812 return true; 6813 } 6814 6815 struct laundry_time { 6816 time64_t cutoff; 6817 time64_t new_timeo; 6818 }; 6819 6820 static bool state_expired(struct laundry_time *lt, time64_t last_refresh) 6821 { 6822 time64_t time_remaining; 6823 6824 if (last_refresh < lt->cutoff) 6825 return true; 6826 time_remaining = last_refresh - lt->cutoff; 6827 lt->new_timeo = min(lt->new_timeo, time_remaining); 6828 return false; 6829 } 6830 6831 #ifdef CONFIG_NFSD_V4_2_INTER_SSC 6832 void nfsd4_ssc_init_umount_work(struct nfsd_net *nn) 6833 { 6834 spin_lock_init(&nn->nfsd_ssc_lock); 6835 INIT_LIST_HEAD(&nn->nfsd_ssc_mount_list); 6836 init_waitqueue_head(&nn->nfsd_ssc_waitq); 6837 } 6838 6839 /* 6840 * This is called when nfsd is being shutdown, after all inter_ssc 6841 * cleanup were done, to destroy the ssc delayed unmount list. 6842 */ 6843 static void nfsd4_ssc_shutdown_umount(struct nfsd_net *nn) 6844 { 6845 struct nfsd4_ssc_umount_item *ni = NULL; 6846 struct nfsd4_ssc_umount_item *tmp; 6847 6848 spin_lock(&nn->nfsd_ssc_lock); 6849 list_for_each_entry_safe(ni, tmp, &nn->nfsd_ssc_mount_list, nsui_list) { 6850 list_del(&ni->nsui_list); 6851 spin_unlock(&nn->nfsd_ssc_lock); 6852 mntput(ni->nsui_vfsmount); 6853 kfree(ni); 6854 spin_lock(&nn->nfsd_ssc_lock); 6855 } 6856 spin_unlock(&nn->nfsd_ssc_lock); 6857 } 6858 6859 static void nfsd4_ssc_expire_umount(struct nfsd_net *nn) 6860 { 6861 bool do_wakeup = false; 6862 struct nfsd4_ssc_umount_item *ni = NULL; 6863 struct nfsd4_ssc_umount_item *tmp; 6864 6865 spin_lock(&nn->nfsd_ssc_lock); 6866 list_for_each_entry_safe(ni, tmp, &nn->nfsd_ssc_mount_list, nsui_list) { 6867 if (time_after(jiffies, ni->nsui_expire)) { 6868 if (refcount_read(&ni->nsui_refcnt) > 1) 6869 continue; 6870 6871 /* mark being unmount */ 6872 ni->nsui_busy = true; 6873 spin_unlock(&nn->nfsd_ssc_lock); 6874 mntput(ni->nsui_vfsmount); 6875 spin_lock(&nn->nfsd_ssc_lock); 6876 6877 /* waiters need to start from begin of list */ 6878 list_del(&ni->nsui_list); 6879 kfree(ni); 6880 6881 /* wakeup ssc_connect waiters */ 6882 do_wakeup = true; 6883 continue; 6884 } 6885 break; 6886 } 6887 if (do_wakeup) 6888 wake_up_all(&nn->nfsd_ssc_waitq); 6889 spin_unlock(&nn->nfsd_ssc_lock); 6890 } 6891 #endif 6892 6893 /* Check if any lock belonging to this lockowner has any blockers */ 6894 static bool 6895 nfs4_lockowner_has_blockers(struct nfs4_lockowner *lo) 6896 { 6897 struct file_lock_context *ctx; 6898 struct nfs4_ol_stateid *stp; 6899 struct nfs4_file *nf; 6900 6901 list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) { 6902 nf = stp->st_stid.sc_file; 6903 ctx = locks_inode_context(nf->fi_inode); 6904 if (!ctx) 6905 continue; 6906 if (locks_owner_has_blockers(ctx, lo)) 6907 return true; 6908 } 6909 return false; 6910 } 6911 6912 static bool 6913 nfs4_anylock_blockers(struct nfs4_client *clp) 6914 { 6915 int i; 6916 struct nfs4_stateowner *so; 6917 struct nfs4_lockowner *lo; 6918 6919 if (atomic_read(&clp->cl_delegs_in_recall)) 6920 return true; 6921 spin_lock(&clp->cl_lock); 6922 for (i = 0; i < OWNER_HASH_SIZE; i++) { 6923 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[i], 6924 so_strhash) { 6925 if (so->so_is_open_owner) 6926 continue; 6927 lo = lockowner(so); 6928 if (nfs4_lockowner_has_blockers(lo)) { 6929 spin_unlock(&clp->cl_lock); 6930 return true; 6931 } 6932 } 6933 } 6934 spin_unlock(&clp->cl_lock); 6935 return false; 6936 } 6937 6938 static void 6939 nfs4_get_client_reaplist(struct nfsd_net *nn, struct list_head *reaplist, 6940 struct laundry_time *lt) 6941 { 6942 unsigned int maxreap, reapcnt = 0; 6943 struct list_head *pos, *next; 6944 struct nfs4_client *clp; 6945 6946 maxreap = (atomic_read(&nn->nfs4_client_count) >= nn->nfs4_max_clients) ? 6947 NFSD_CLIENT_MAX_TRIM_PER_RUN : 0; 6948 INIT_LIST_HEAD(reaplist); 6949 spin_lock(&nn->client_lock); 6950 list_for_each_safe(pos, next, &nn->client_lru) { 6951 clp = list_entry(pos, struct nfs4_client, cl_lru); 6952 if (clp->cl_state == NFSD4_EXPIRABLE) 6953 goto exp_client; 6954 if (!state_expired(lt, clp->cl_time)) 6955 break; 6956 if (!atomic_read(&clp->cl_rpc_users)) { 6957 if (clp->cl_state == NFSD4_ACTIVE) 6958 atomic_inc(&nn->nfsd_courtesy_clients); 6959 clp->cl_state = NFSD4_COURTESY; 6960 } 6961 if (!client_has_state(clp)) 6962 goto exp_client; 6963 if (!nfs4_anylock_blockers(clp)) 6964 if (reapcnt >= maxreap) 6965 continue; 6966 exp_client: 6967 if (!mark_client_expired_locked(clp)) { 6968 list_add(&clp->cl_lru, reaplist); 6969 reapcnt++; 6970 } 6971 } 6972 spin_unlock(&nn->client_lock); 6973 } 6974 6975 static void 6976 nfs4_get_courtesy_client_reaplist(struct nfsd_net *nn, 6977 struct list_head *reaplist) 6978 { 6979 unsigned int maxreap = 0, reapcnt = 0; 6980 struct list_head *pos, *next; 6981 struct nfs4_client *clp; 6982 6983 maxreap = NFSD_CLIENT_MAX_TRIM_PER_RUN; 6984 INIT_LIST_HEAD(reaplist); 6985 6986 spin_lock(&nn->client_lock); 6987 list_for_each_safe(pos, next, &nn->client_lru) { 6988 clp = list_entry(pos, struct nfs4_client, cl_lru); 6989 if (clp->cl_state == NFSD4_ACTIVE) 6990 break; 6991 if (reapcnt >= maxreap) 6992 break; 6993 if (!mark_client_expired_locked(clp)) { 6994 list_add(&clp->cl_lru, reaplist); 6995 reapcnt++; 6996 } 6997 } 6998 spin_unlock(&nn->client_lock); 6999 } 7000 7001 static void 7002 nfs4_process_client_reaplist(struct list_head *reaplist) 7003 { 7004 struct list_head *pos, *next; 7005 struct nfs4_client *clp; 7006 7007 list_for_each_safe(pos, next, reaplist) { 7008 clp = list_entry(pos, struct nfs4_client, cl_lru); 7009 trace_nfsd_clid_purged(&clp->cl_clientid); 7010 list_del_init(&clp->cl_lru); 7011 expire_client(clp); 7012 } 7013 } 7014 7015 static void nfs40_clean_admin_revoked(struct nfsd_net *nn, 7016 struct laundry_time *lt) 7017 { 7018 struct nfs4_client *clp; 7019 7020 spin_lock(&nn->client_lock); 7021 if (nn->nfs40_last_revoke == 0 || 7022 nn->nfs40_last_revoke > lt->cutoff) { 7023 spin_unlock(&nn->client_lock); 7024 return; 7025 } 7026 nn->nfs40_last_revoke = 0; 7027 7028 retry: 7029 list_for_each_entry(clp, &nn->client_lru, cl_lru) { 7030 unsigned long id, tmp; 7031 struct nfs4_stid *stid; 7032 7033 if (atomic_read(&clp->cl_admin_revoked) == 0) 7034 continue; 7035 7036 spin_lock(&clp->cl_lock); 7037 idr_for_each_entry_ul(&clp->cl_stateids, stid, tmp, id) 7038 if (stid->sc_status & SC_STATUS_ADMIN_REVOKED) { 7039 refcount_inc(&stid->sc_count); 7040 spin_unlock(&nn->client_lock); 7041 /* this function drops ->cl_lock */ 7042 nfsd4_drop_revoked_stid(stid); 7043 nfs4_put_stid(stid); 7044 spin_lock(&nn->client_lock); 7045 goto retry; 7046 } 7047 spin_unlock(&clp->cl_lock); 7048 } 7049 spin_unlock(&nn->client_lock); 7050 } 7051 7052 static time64_t 7053 nfs4_laundromat(struct nfsd_net *nn) 7054 { 7055 struct nfs4_openowner *oo; 7056 struct nfs4_delegation *dp; 7057 struct nfs4_ol_stateid *stp; 7058 struct nfsd4_blocked_lock *nbl; 7059 struct list_head *pos, *next, reaplist; 7060 struct laundry_time lt = { 7061 .cutoff = ktime_get_boottime_seconds() - nn->nfsd4_lease, 7062 .new_timeo = nn->nfsd4_lease 7063 }; 7064 struct nfs4_cpntf_state *cps; 7065 copy_stateid_t *cps_t; 7066 int i; 7067 7068 if (clients_still_reclaiming(nn)) { 7069 lt.new_timeo = 0; 7070 goto out; 7071 } 7072 nfsd4_end_grace(nn); 7073 7074 spin_lock(&nn->s2s_cp_lock); 7075 idr_for_each_entry(&nn->s2s_cp_stateids, cps_t, i) { 7076 cps = container_of(cps_t, struct nfs4_cpntf_state, cp_stateid); 7077 if (cps->cp_stateid.cs_type == NFS4_COPYNOTIFY_STID && 7078 state_expired(<, cps->cpntf_time)) 7079 _free_cpntf_state_locked(nn, cps); 7080 } 7081 spin_unlock(&nn->s2s_cp_lock); 7082 nfsd4_async_copy_reaper(nn); 7083 nfs4_get_client_reaplist(nn, &reaplist, <); 7084 nfs4_process_client_reaplist(&reaplist); 7085 7086 nfs40_clean_admin_revoked(nn, <); 7087 7088 spin_lock(&nn->deleg_lock); 7089 list_for_each_safe(pos, next, &nn->del_recall_lru) { 7090 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 7091 if (!state_expired(<, dp->dl_time)) 7092 break; 7093 refcount_inc(&dp->dl_stid.sc_count); 7094 unhash_delegation_locked(dp, SC_STATUS_REVOKED); 7095 list_add(&dp->dl_recall_lru, &reaplist); 7096 } 7097 spin_unlock(&nn->deleg_lock); 7098 while (!list_empty(&reaplist)) { 7099 dp = list_first_entry(&reaplist, struct nfs4_delegation, 7100 dl_recall_lru); 7101 list_del_init(&dp->dl_recall_lru); 7102 revoke_delegation(dp); 7103 } 7104 7105 spin_lock(&nn->client_lock); 7106 while (!list_empty(&nn->close_lru)) { 7107 oo = list_first_entry(&nn->close_lru, struct nfs4_openowner, 7108 oo_close_lru); 7109 if (!state_expired(<, oo->oo_time)) 7110 break; 7111 list_del_init(&oo->oo_close_lru); 7112 stp = oo->oo_last_closed_stid; 7113 oo->oo_last_closed_stid = NULL; 7114 spin_unlock(&nn->client_lock); 7115 nfs4_put_stid(&stp->st_stid); 7116 spin_lock(&nn->client_lock); 7117 } 7118 spin_unlock(&nn->client_lock); 7119 7120 /* 7121 * It's possible for a client to try and acquire an already held lock 7122 * that is being held for a long time, and then lose interest in it. 7123 * So, we clean out any un-revisited request after a lease period 7124 * under the assumption that the client is no longer interested. 7125 * 7126 * RFC5661, sec. 9.6 states that the client must not rely on getting 7127 * notifications and must continue to poll for locks, even when the 7128 * server supports them. Thus this shouldn't lead to clients blocking 7129 * indefinitely once the lock does become free. 7130 */ 7131 BUG_ON(!list_empty(&reaplist)); 7132 spin_lock(&nn->blocked_locks_lock); 7133 while (!list_empty(&nn->blocked_locks_lru)) { 7134 nbl = list_first_entry(&nn->blocked_locks_lru, 7135 struct nfsd4_blocked_lock, nbl_lru); 7136 if (!state_expired(<, nbl->nbl_time)) 7137 break; 7138 list_move(&nbl->nbl_lru, &reaplist); 7139 list_del_init(&nbl->nbl_list); 7140 } 7141 spin_unlock(&nn->blocked_locks_lock); 7142 7143 while (!list_empty(&reaplist)) { 7144 nbl = list_first_entry(&reaplist, 7145 struct nfsd4_blocked_lock, nbl_lru); 7146 list_del_init(&nbl->nbl_lru); 7147 free_blocked_lock(nbl); 7148 } 7149 #ifdef CONFIG_NFSD_V4_2_INTER_SSC 7150 /* service the server-to-server copy delayed unmount list */ 7151 nfsd4_ssc_expire_umount(nn); 7152 #endif 7153 if (atomic_long_read(&num_delegations) >= max_delegations) 7154 deleg_reaper(nn); 7155 out: 7156 return max_t(time64_t, lt.new_timeo, NFSD_LAUNDROMAT_MINTIMEOUT); 7157 } 7158 7159 static void laundromat_main(struct work_struct *); 7160 7161 static void 7162 laundromat_main(struct work_struct *laundry) 7163 { 7164 time64_t t; 7165 struct delayed_work *dwork = to_delayed_work(laundry); 7166 struct nfsd_net *nn = container_of(dwork, struct nfsd_net, 7167 laundromat_work); 7168 7169 t = nfs4_laundromat(nn); 7170 queue_delayed_work(laundry_wq, &nn->laundromat_work, t*HZ); 7171 } 7172 7173 static void 7174 courtesy_client_reaper(struct nfsd_net *nn) 7175 { 7176 struct list_head reaplist; 7177 7178 nfs4_get_courtesy_client_reaplist(nn, &reaplist); 7179 nfs4_process_client_reaplist(&reaplist); 7180 } 7181 7182 static void 7183 deleg_reaper(struct nfsd_net *nn) 7184 { 7185 struct list_head *pos, *next; 7186 struct nfs4_client *clp; 7187 7188 spin_lock(&nn->client_lock); 7189 list_for_each_safe(pos, next, &nn->client_lru) { 7190 clp = list_entry(pos, struct nfs4_client, cl_lru); 7191 7192 if (clp->cl_state != NFSD4_ACTIVE) 7193 continue; 7194 if (list_empty(&clp->cl_delegations)) 7195 continue; 7196 if (atomic_read(&clp->cl_delegs_in_recall)) 7197 continue; 7198 if (test_and_set_bit(NFSD4_CALLBACK_RUNNING, &clp->cl_ra->ra_cb.cb_flags)) 7199 continue; 7200 if (ktime_get_boottime_seconds() - clp->cl_ra_time < 5) 7201 continue; 7202 if (clp->cl_cb_state != NFSD4_CB_UP) 7203 continue; 7204 7205 /* release in nfsd4_cb_recall_any_release */ 7206 kref_get(&clp->cl_nfsdfs.cl_ref); 7207 clp->cl_ra_time = ktime_get_boottime_seconds(); 7208 clp->cl_ra->ra_keep = 0; 7209 clp->cl_ra->ra_bmval[0] = BIT(RCA4_TYPE_MASK_RDATA_DLG) | 7210 BIT(RCA4_TYPE_MASK_WDATA_DLG); 7211 trace_nfsd_cb_recall_any(clp->cl_ra); 7212 nfsd4_run_cb(&clp->cl_ra->ra_cb); 7213 } 7214 spin_unlock(&nn->client_lock); 7215 } 7216 7217 static void 7218 nfsd4_state_shrinker_worker(struct work_struct *work) 7219 { 7220 struct nfsd_net *nn = container_of(work, struct nfsd_net, 7221 nfsd_shrinker_work); 7222 7223 courtesy_client_reaper(nn); 7224 deleg_reaper(nn); 7225 } 7226 7227 static inline __be32 nfs4_check_fh(struct svc_fh *fhp, struct nfs4_stid *stp) 7228 { 7229 if (!fh_match(&fhp->fh_handle, &stp->sc_file->fi_fhandle)) 7230 return nfserr_bad_stateid; 7231 return nfs_ok; 7232 } 7233 7234 static 7235 __be32 nfs4_check_openmode(struct nfs4_ol_stateid *stp, int flags) 7236 { 7237 __be32 status = nfserr_openmode; 7238 7239 /* For lock stateid's, we test the parent open, not the lock: */ 7240 if (stp->st_openstp) 7241 stp = stp->st_openstp; 7242 if ((flags & WR_STATE) && !access_permit_write(stp)) 7243 goto out; 7244 if ((flags & RD_STATE) && !access_permit_read(stp)) 7245 goto out; 7246 status = nfs_ok; 7247 out: 7248 return status; 7249 } 7250 7251 static inline __be32 7252 check_special_stateids(struct net *net, svc_fh *current_fh, stateid_t *stateid, int flags) 7253 { 7254 if (ONE_STATEID(stateid) && (flags & RD_STATE)) 7255 return nfs_ok; 7256 else if (opens_in_grace(net)) { 7257 /* Answer in remaining cases depends on existence of 7258 * conflicting state; so we must wait out the grace period. */ 7259 return nfserr_grace; 7260 } else if (flags & WR_STATE) 7261 return nfs4_share_conflict(current_fh, 7262 NFS4_SHARE_DENY_WRITE); 7263 else /* (flags & RD_STATE) && ZERO_STATEID(stateid) */ 7264 return nfs4_share_conflict(current_fh, 7265 NFS4_SHARE_DENY_READ); 7266 } 7267 7268 static __be32 check_stateid_generation(stateid_t *in, stateid_t *ref, bool has_session) 7269 { 7270 /* 7271 * When sessions are used the stateid generation number is ignored 7272 * when it is zero. 7273 */ 7274 if (has_session && in->si_generation == 0) 7275 return nfs_ok; 7276 7277 if (in->si_generation == ref->si_generation) 7278 return nfs_ok; 7279 7280 /* If the client sends us a stateid from the future, it's buggy: */ 7281 if (nfsd4_stateid_generation_after(in, ref)) 7282 return nfserr_bad_stateid; 7283 /* 7284 * However, we could see a stateid from the past, even from a 7285 * non-buggy client. For example, if the client sends a lock 7286 * while some IO is outstanding, the lock may bump si_generation 7287 * while the IO is still in flight. The client could avoid that 7288 * situation by waiting for responses on all the IO requests, 7289 * but better performance may result in retrying IO that 7290 * receives an old_stateid error if requests are rarely 7291 * reordered in flight: 7292 */ 7293 return nfserr_old_stateid; 7294 } 7295 7296 static __be32 nfsd4_stid_check_stateid_generation(stateid_t *in, struct nfs4_stid *s, bool has_session) 7297 { 7298 __be32 ret; 7299 7300 spin_lock(&s->sc_lock); 7301 ret = nfsd4_verify_open_stid(s); 7302 if (ret == nfs_ok) 7303 ret = check_stateid_generation(in, &s->sc_stateid, has_session); 7304 spin_unlock(&s->sc_lock); 7305 if (ret == nfserr_admin_revoked) 7306 nfsd40_drop_revoked_stid(s->sc_client, 7307 &s->sc_stateid); 7308 return ret; 7309 } 7310 7311 static __be32 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid *ols) 7312 { 7313 if (ols->st_stateowner->so_is_open_owner && 7314 !(openowner(ols->st_stateowner)->oo_flags & NFS4_OO_CONFIRMED)) 7315 return nfserr_bad_stateid; 7316 return nfs_ok; 7317 } 7318 7319 static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid) 7320 { 7321 struct nfs4_stid *s; 7322 __be32 status = nfserr_bad_stateid; 7323 7324 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || 7325 CLOSE_STATEID(stateid)) 7326 return status; 7327 spin_lock(&cl->cl_lock); 7328 s = find_stateid_locked(cl, stateid); 7329 if (!s) 7330 goto out_unlock; 7331 status = nfsd4_stid_check_stateid_generation(stateid, s, 1); 7332 if (status) 7333 goto out_unlock; 7334 status = nfsd4_verify_open_stid(s); 7335 if (status) 7336 goto out_unlock; 7337 7338 switch (s->sc_type) { 7339 case SC_TYPE_DELEG: 7340 status = nfs_ok; 7341 break; 7342 case SC_TYPE_OPEN: 7343 case SC_TYPE_LOCK: 7344 status = nfsd4_check_openowner_confirmed(openlockstateid(s)); 7345 break; 7346 default: 7347 printk("unknown stateid type %x\n", s->sc_type); 7348 status = nfserr_bad_stateid; 7349 } 7350 out_unlock: 7351 spin_unlock(&cl->cl_lock); 7352 if (status == nfserr_admin_revoked) 7353 nfsd40_drop_revoked_stid(cl, stateid); 7354 return status; 7355 } 7356 7357 __be32 7358 nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate, 7359 stateid_t *stateid, 7360 unsigned short typemask, unsigned short statusmask, 7361 struct nfs4_stid **s, struct nfsd_net *nn) 7362 { 7363 __be32 status; 7364 struct nfs4_stid *stid; 7365 bool return_revoked = false; 7366 7367 /* 7368 * only return revoked delegations if explicitly asked. 7369 * otherwise we report revoked or bad_stateid status. 7370 */ 7371 if (statusmask & SC_STATUS_REVOKED) 7372 return_revoked = true; 7373 if (typemask & SC_TYPE_DELEG) 7374 /* Always allow REVOKED for DELEG so we can 7375 * return the appropriate error. 7376 */ 7377 statusmask |= SC_STATUS_REVOKED; 7378 7379 statusmask |= SC_STATUS_ADMIN_REVOKED | SC_STATUS_FREEABLE; 7380 7381 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || 7382 CLOSE_STATEID(stateid)) 7383 return nfserr_bad_stateid; 7384 status = set_client(&stateid->si_opaque.so_clid, cstate, nn); 7385 if (status == nfserr_stale_clientid) { 7386 if (cstate->session) 7387 return nfserr_bad_stateid; 7388 return nfserr_stale_stateid; 7389 } 7390 if (status) 7391 return status; 7392 stid = find_stateid_by_type(cstate->clp, stateid, typemask, statusmask); 7393 if (!stid) 7394 return nfserr_bad_stateid; 7395 if ((stid->sc_status & SC_STATUS_REVOKED) && !return_revoked) { 7396 nfs4_put_stid(stid); 7397 return nfserr_deleg_revoked; 7398 } 7399 if (stid->sc_status & SC_STATUS_ADMIN_REVOKED) { 7400 nfsd40_drop_revoked_stid(cstate->clp, stateid); 7401 nfs4_put_stid(stid); 7402 return nfserr_admin_revoked; 7403 } 7404 *s = stid; 7405 return nfs_ok; 7406 } 7407 7408 static struct nfsd_file * 7409 nfs4_find_file(struct nfs4_stid *s, int flags) 7410 { 7411 struct nfsd_file *ret = NULL; 7412 7413 if (!s || s->sc_status) 7414 return NULL; 7415 7416 switch (s->sc_type) { 7417 case SC_TYPE_DELEG: 7418 case SC_TYPE_OPEN: 7419 case SC_TYPE_LOCK: 7420 if (flags & RD_STATE) 7421 ret = find_readable_file(s->sc_file); 7422 else 7423 ret = find_writeable_file(s->sc_file); 7424 } 7425 7426 return ret; 7427 } 7428 7429 static __be32 7430 nfs4_check_olstateid(struct nfs4_ol_stateid *ols, int flags) 7431 { 7432 __be32 status; 7433 7434 status = nfsd4_check_openowner_confirmed(ols); 7435 if (status) 7436 return status; 7437 return nfs4_check_openmode(ols, flags); 7438 } 7439 7440 static __be32 7441 nfs4_check_file(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_stid *s, 7442 struct nfsd_file **nfp, int flags) 7443 { 7444 int acc = (flags & RD_STATE) ? NFSD_MAY_READ : NFSD_MAY_WRITE; 7445 struct nfsd_file *nf; 7446 __be32 status; 7447 7448 nf = nfs4_find_file(s, flags); 7449 if (nf) { 7450 status = nfsd_permission(&rqstp->rq_cred, 7451 fhp->fh_export, fhp->fh_dentry, 7452 acc | NFSD_MAY_OWNER_OVERRIDE); 7453 if (status) { 7454 nfsd_file_put(nf); 7455 goto out; 7456 } 7457 } else { 7458 status = nfsd_file_acquire(rqstp, fhp, acc, &nf); 7459 if (status) 7460 return status; 7461 } 7462 *nfp = nf; 7463 out: 7464 return status; 7465 } 7466 static void 7467 _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps) 7468 { 7469 WARN_ON_ONCE(cps->cp_stateid.cs_type != NFS4_COPYNOTIFY_STID); 7470 if (!refcount_dec_and_test(&cps->cp_stateid.cs_count)) 7471 return; 7472 list_del(&cps->cp_list); 7473 idr_remove(&nn->s2s_cp_stateids, 7474 cps->cp_stateid.cs_stid.si_opaque.so_id); 7475 kfree(cps); 7476 } 7477 /* 7478 * A READ from an inter server to server COPY will have a 7479 * copy stateid. Look up the copy notify stateid from the 7480 * idr structure and take a reference on it. 7481 */ 7482 __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st, 7483 struct nfs4_client *clp, 7484 struct nfs4_cpntf_state **cps) 7485 { 7486 copy_stateid_t *cps_t; 7487 struct nfs4_cpntf_state *state = NULL; 7488 7489 if (st->si_opaque.so_clid.cl_id != nn->s2s_cp_cl_id) 7490 return nfserr_bad_stateid; 7491 spin_lock(&nn->s2s_cp_lock); 7492 cps_t = idr_find(&nn->s2s_cp_stateids, st->si_opaque.so_id); 7493 if (cps_t) { 7494 state = container_of(cps_t, struct nfs4_cpntf_state, 7495 cp_stateid); 7496 if (state->cp_stateid.cs_type != NFS4_COPYNOTIFY_STID) { 7497 state = NULL; 7498 goto unlock; 7499 } 7500 if (!clp) 7501 refcount_inc(&state->cp_stateid.cs_count); 7502 else 7503 _free_cpntf_state_locked(nn, state); 7504 } 7505 unlock: 7506 spin_unlock(&nn->s2s_cp_lock); 7507 if (!state) 7508 return nfserr_bad_stateid; 7509 if (!clp) 7510 *cps = state; 7511 return 0; 7512 } 7513 7514 static __be32 find_cpntf_state(struct nfsd_net *nn, stateid_t *st, 7515 struct nfs4_stid **stid) 7516 { 7517 __be32 status; 7518 struct nfs4_cpntf_state *cps = NULL; 7519 struct nfs4_client *found; 7520 7521 status = manage_cpntf_state(nn, st, NULL, &cps); 7522 if (status) 7523 return status; 7524 7525 cps->cpntf_time = ktime_get_boottime_seconds(); 7526 7527 status = nfserr_expired; 7528 found = lookup_clientid(&cps->cp_p_clid, true, nn); 7529 if (!found) 7530 goto out; 7531 7532 *stid = find_stateid_by_type(found, &cps->cp_p_stateid, 7533 SC_TYPE_DELEG|SC_TYPE_OPEN|SC_TYPE_LOCK, 7534 0); 7535 if (*stid) 7536 status = nfs_ok; 7537 else 7538 status = nfserr_bad_stateid; 7539 7540 put_client_renew(found); 7541 out: 7542 nfs4_put_cpntf_state(nn, cps); 7543 return status; 7544 } 7545 7546 void nfs4_put_cpntf_state(struct nfsd_net *nn, struct nfs4_cpntf_state *cps) 7547 { 7548 spin_lock(&nn->s2s_cp_lock); 7549 _free_cpntf_state_locked(nn, cps); 7550 spin_unlock(&nn->s2s_cp_lock); 7551 } 7552 7553 /** 7554 * nfs4_preprocess_stateid_op - find and prep stateid for an operation 7555 * @rqstp: incoming request from client 7556 * @cstate: current compound state 7557 * @fhp: filehandle associated with requested stateid 7558 * @stateid: stateid (provided by client) 7559 * @flags: flags describing type of operation to be done 7560 * @nfp: optional nfsd_file return pointer (may be NULL) 7561 * @cstid: optional returned nfs4_stid pointer (may be NULL) 7562 * 7563 * Given info from the client, look up a nfs4_stid for the operation. On 7564 * success, it returns a reference to the nfs4_stid and/or the nfsd_file 7565 * associated with it. 7566 */ 7567 __be32 7568 nfs4_preprocess_stateid_op(struct svc_rqst *rqstp, 7569 struct nfsd4_compound_state *cstate, struct svc_fh *fhp, 7570 stateid_t *stateid, int flags, struct nfsd_file **nfp, 7571 struct nfs4_stid **cstid) 7572 { 7573 struct net *net = SVC_NET(rqstp); 7574 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7575 struct nfs4_stid *s = NULL; 7576 __be32 status; 7577 7578 if (nfp) 7579 *nfp = NULL; 7580 7581 if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) { 7582 status = check_special_stateids(net, fhp, stateid, flags); 7583 goto done; 7584 } 7585 7586 status = nfsd4_lookup_stateid(cstate, stateid, 7587 SC_TYPE_DELEG|SC_TYPE_OPEN|SC_TYPE_LOCK, 7588 0, &s, nn); 7589 if (status == nfserr_bad_stateid) 7590 status = find_cpntf_state(nn, stateid, &s); 7591 if (status) 7592 return status; 7593 status = nfsd4_stid_check_stateid_generation(stateid, s, 7594 nfsd4_has_session(cstate)); 7595 if (status) 7596 goto out; 7597 7598 switch (s->sc_type) { 7599 case SC_TYPE_DELEG: 7600 status = nfs4_check_delegmode(delegstateid(s), flags); 7601 break; 7602 case SC_TYPE_OPEN: 7603 case SC_TYPE_LOCK: 7604 status = nfs4_check_olstateid(openlockstateid(s), flags); 7605 break; 7606 } 7607 if (status) 7608 goto out; 7609 status = nfs4_check_fh(fhp, s); 7610 7611 done: 7612 if (status == nfs_ok && nfp) 7613 status = nfs4_check_file(rqstp, fhp, s, nfp, flags); 7614 out: 7615 if (s) { 7616 if (!status && cstid) 7617 *cstid = s; 7618 else 7619 nfs4_put_stid(s); 7620 } 7621 return status; 7622 } 7623 7624 /* 7625 * Test if the stateid is valid 7626 */ 7627 __be32 7628 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7629 union nfsd4_op_u *u) 7630 { 7631 struct nfsd4_test_stateid *test_stateid = &u->test_stateid; 7632 struct nfsd4_test_stateid_id *stateid; 7633 struct nfs4_client *cl = cstate->clp; 7634 7635 list_for_each_entry(stateid, &test_stateid->ts_stateid_list, ts_id_list) 7636 stateid->ts_id_status = 7637 nfsd4_validate_stateid(cl, &stateid->ts_id_stateid); 7638 7639 return nfs_ok; 7640 } 7641 7642 static __be32 7643 nfsd4_free_lock_stateid(stateid_t *stateid, struct nfs4_stid *s) 7644 { 7645 struct nfs4_ol_stateid *stp = openlockstateid(s); 7646 __be32 ret; 7647 7648 ret = nfsd4_lock_ol_stateid(stp); 7649 if (ret) 7650 goto out_put_stid; 7651 7652 ret = check_stateid_generation(stateid, &s->sc_stateid, 1); 7653 if (ret) 7654 goto out; 7655 7656 ret = nfserr_locks_held; 7657 if (check_for_locks(stp->st_stid.sc_file, 7658 lockowner(stp->st_stateowner))) 7659 goto out; 7660 7661 release_lock_stateid(stp); 7662 ret = nfs_ok; 7663 7664 out: 7665 mutex_unlock(&stp->st_mutex); 7666 out_put_stid: 7667 nfs4_put_stid(s); 7668 return ret; 7669 } 7670 7671 __be32 7672 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7673 union nfsd4_op_u *u) 7674 { 7675 struct nfsd4_free_stateid *free_stateid = &u->free_stateid; 7676 stateid_t *stateid = &free_stateid->fr_stateid; 7677 struct nfs4_stid *s; 7678 struct nfs4_delegation *dp; 7679 struct nfs4_client *cl = cstate->clp; 7680 __be32 ret = nfserr_bad_stateid; 7681 7682 spin_lock(&cl->cl_lock); 7683 s = find_stateid_locked(cl, stateid); 7684 if (!s || s->sc_status & SC_STATUS_CLOSED) 7685 goto out_unlock; 7686 if (s->sc_status & SC_STATUS_ADMIN_REVOKED) { 7687 nfsd4_drop_revoked_stid(s); 7688 ret = nfs_ok; 7689 goto out; 7690 } 7691 spin_lock(&s->sc_lock); 7692 switch (s->sc_type) { 7693 case SC_TYPE_DELEG: 7694 if (s->sc_status & SC_STATUS_REVOKED) { 7695 s->sc_status |= SC_STATUS_CLOSED; 7696 spin_unlock(&s->sc_lock); 7697 dp = delegstateid(s); 7698 if (s->sc_status & SC_STATUS_FREEABLE) 7699 list_del_init(&dp->dl_recall_lru); 7700 s->sc_status |= SC_STATUS_FREED; 7701 spin_unlock(&cl->cl_lock); 7702 nfs4_put_stid(s); 7703 ret = nfs_ok; 7704 goto out; 7705 } 7706 ret = nfserr_locks_held; 7707 break; 7708 case SC_TYPE_OPEN: 7709 ret = check_stateid_generation(stateid, &s->sc_stateid, 1); 7710 if (ret) 7711 break; 7712 ret = nfserr_locks_held; 7713 break; 7714 case SC_TYPE_LOCK: 7715 spin_unlock(&s->sc_lock); 7716 refcount_inc(&s->sc_count); 7717 spin_unlock(&cl->cl_lock); 7718 ret = nfsd4_free_lock_stateid(stateid, s); 7719 goto out; 7720 } 7721 spin_unlock(&s->sc_lock); 7722 out_unlock: 7723 spin_unlock(&cl->cl_lock); 7724 out: 7725 return ret; 7726 } 7727 7728 static inline int 7729 setlkflg (int type) 7730 { 7731 return (type == NFS4_READW_LT || type == NFS4_READ_LT) ? 7732 RD_STATE : WR_STATE; 7733 } 7734 7735 static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_t *stateid, u32 seqid, struct nfs4_ol_stateid *stp) 7736 { 7737 struct svc_fh *current_fh = &cstate->current_fh; 7738 struct nfs4_stateowner *sop = stp->st_stateowner; 7739 __be32 status; 7740 7741 status = nfsd4_check_seqid(cstate, sop, seqid); 7742 if (status) 7743 return status; 7744 status = nfsd4_lock_ol_stateid(stp); 7745 if (status != nfs_ok) 7746 return status; 7747 status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate)); 7748 if (status == nfs_ok) 7749 status = nfs4_check_fh(current_fh, &stp->st_stid); 7750 if (status != nfs_ok) 7751 mutex_unlock(&stp->st_mutex); 7752 return status; 7753 } 7754 7755 /** 7756 * nfs4_preprocess_seqid_op - find and prep an ol_stateid for a seqid-morphing op 7757 * @cstate: compund state 7758 * @seqid: seqid (provided by client) 7759 * @stateid: stateid (provided by client) 7760 * @typemask: mask of allowable types for this operation 7761 * @statusmask: mask of allowed states: 0 or STID_CLOSED 7762 * @stpp: return pointer for the stateid found 7763 * @nn: net namespace for request 7764 * 7765 * Given a stateid+seqid from a client, look up an nfs4_ol_stateid and 7766 * return it in @stpp. On a nfs_ok return, the returned stateid will 7767 * have its st_mutex locked. 7768 */ 7769 static __be32 7770 nfs4_preprocess_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, 7771 stateid_t *stateid, 7772 unsigned short typemask, unsigned short statusmask, 7773 struct nfs4_ol_stateid **stpp, 7774 struct nfsd_net *nn) 7775 { 7776 __be32 status; 7777 struct nfs4_stid *s; 7778 struct nfs4_ol_stateid *stp = NULL; 7779 7780 trace_nfsd_preprocess(seqid, stateid); 7781 7782 *stpp = NULL; 7783 retry: 7784 status = nfsd4_lookup_stateid(cstate, stateid, 7785 typemask, statusmask, &s, nn); 7786 if (status) 7787 return status; 7788 stp = openlockstateid(s); 7789 if (nfsd4_cstate_assign_replay(cstate, stp->st_stateowner) == -EAGAIN) { 7790 nfs4_put_stateowner(stp->st_stateowner); 7791 goto retry; 7792 } 7793 7794 status = nfs4_seqid_op_checks(cstate, stateid, seqid, stp); 7795 if (!status) 7796 *stpp = stp; 7797 else 7798 nfs4_put_stid(&stp->st_stid); 7799 return status; 7800 } 7801 7802 static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cstate, u32 seqid, 7803 stateid_t *stateid, struct nfs4_ol_stateid **stpp, struct nfsd_net *nn) 7804 { 7805 __be32 status; 7806 struct nfs4_openowner *oo; 7807 struct nfs4_ol_stateid *stp; 7808 7809 status = nfs4_preprocess_seqid_op(cstate, seqid, stateid, 7810 SC_TYPE_OPEN, 0, &stp, nn); 7811 if (status) 7812 return status; 7813 oo = openowner(stp->st_stateowner); 7814 if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { 7815 mutex_unlock(&stp->st_mutex); 7816 nfs4_put_stid(&stp->st_stid); 7817 return nfserr_bad_stateid; 7818 } 7819 *stpp = stp; 7820 return nfs_ok; 7821 } 7822 7823 __be32 7824 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7825 union nfsd4_op_u *u) 7826 { 7827 struct nfsd4_open_confirm *oc = &u->open_confirm; 7828 __be32 status; 7829 struct nfs4_openowner *oo; 7830 struct nfs4_ol_stateid *stp; 7831 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 7832 7833 dprintk("NFSD: nfsd4_open_confirm on file %pd\n", 7834 cstate->current_fh.fh_dentry); 7835 7836 status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0); 7837 if (status) 7838 return status; 7839 7840 status = nfs4_preprocess_seqid_op(cstate, 7841 oc->oc_seqid, &oc->oc_req_stateid, 7842 SC_TYPE_OPEN, 0, &stp, nn); 7843 if (status) 7844 goto out; 7845 oo = openowner(stp->st_stateowner); 7846 status = nfserr_bad_stateid; 7847 if (oo->oo_flags & NFS4_OO_CONFIRMED) { 7848 mutex_unlock(&stp->st_mutex); 7849 goto put_stateid; 7850 } 7851 oo->oo_flags |= NFS4_OO_CONFIRMED; 7852 nfs4_inc_and_copy_stateid(&oc->oc_resp_stateid, &stp->st_stid); 7853 mutex_unlock(&stp->st_mutex); 7854 trace_nfsd_open_confirm(oc->oc_seqid, &stp->st_stid.sc_stateid); 7855 nfsd4_client_record_create(oo->oo_owner.so_client); 7856 status = nfs_ok; 7857 put_stateid: 7858 nfs4_put_stid(&stp->st_stid); 7859 out: 7860 nfsd4_bump_seqid(cstate, status); 7861 return status; 7862 } 7863 7864 static inline void nfs4_stateid_downgrade_bit(struct nfs4_ol_stateid *stp, u32 access) 7865 { 7866 if (!test_access(access, stp)) 7867 return; 7868 nfs4_file_put_access(stp->st_stid.sc_file, access); 7869 clear_access(access, stp); 7870 } 7871 7872 static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_access) 7873 { 7874 switch (to_access) { 7875 case NFS4_SHARE_ACCESS_READ: 7876 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_WRITE); 7877 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH); 7878 break; 7879 case NFS4_SHARE_ACCESS_WRITE: 7880 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_READ); 7881 nfs4_stateid_downgrade_bit(stp, NFS4_SHARE_ACCESS_BOTH); 7882 break; 7883 case NFS4_SHARE_ACCESS_BOTH: 7884 break; 7885 default: 7886 WARN_ON_ONCE(1); 7887 } 7888 } 7889 7890 __be32 7891 nfsd4_open_downgrade(struct svc_rqst *rqstp, 7892 struct nfsd4_compound_state *cstate, union nfsd4_op_u *u) 7893 { 7894 struct nfsd4_open_downgrade *od = &u->open_downgrade; 7895 __be32 status; 7896 struct nfs4_ol_stateid *stp; 7897 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 7898 7899 dprintk("NFSD: nfsd4_open_downgrade on file %pd\n", 7900 cstate->current_fh.fh_dentry); 7901 7902 /* We don't yet support WANT bits: */ 7903 if (od->od_deleg_want) 7904 dprintk("NFSD: %s: od_deleg_want=0x%x ignored\n", __func__, 7905 od->od_deleg_want); 7906 7907 status = nfs4_preprocess_confirmed_seqid_op(cstate, od->od_seqid, 7908 &od->od_stateid, &stp, nn); 7909 if (status) 7910 goto out; 7911 status = nfserr_inval; 7912 if (!test_access(od->od_share_access, stp)) { 7913 dprintk("NFSD: access not a subset of current bitmap: 0x%hhx, input access=%08x\n", 7914 stp->st_access_bmap, od->od_share_access); 7915 goto put_stateid; 7916 } 7917 if (!test_deny(od->od_share_deny, stp)) { 7918 dprintk("NFSD: deny not a subset of current bitmap: 0x%hhx, input deny=%08x\n", 7919 stp->st_deny_bmap, od->od_share_deny); 7920 goto put_stateid; 7921 } 7922 nfs4_stateid_downgrade(stp, od->od_share_access); 7923 reset_union_bmap_deny(od->od_share_deny, stp); 7924 nfs4_inc_and_copy_stateid(&od->od_stateid, &stp->st_stid); 7925 status = nfs_ok; 7926 put_stateid: 7927 mutex_unlock(&stp->st_mutex); 7928 nfs4_put_stid(&stp->st_stid); 7929 out: 7930 nfsd4_bump_seqid(cstate, status); 7931 return status; 7932 } 7933 7934 static bool nfsd4_close_open_stateid(struct nfs4_ol_stateid *s) 7935 { 7936 struct nfs4_client *clp = s->st_stid.sc_client; 7937 bool unhashed; 7938 LIST_HEAD(reaplist); 7939 struct nfs4_ol_stateid *stp; 7940 7941 spin_lock(&clp->cl_lock); 7942 unhashed = unhash_open_stateid(s, &reaplist); 7943 7944 if (clp->cl_minorversion) { 7945 if (unhashed) 7946 put_ol_stateid_locked(s, &reaplist); 7947 spin_unlock(&clp->cl_lock); 7948 list_for_each_entry(stp, &reaplist, st_locks) 7949 nfs4_free_cpntf_statelist(clp->net, &stp->st_stid); 7950 free_ol_stateid_reaplist(&reaplist); 7951 return false; 7952 } else { 7953 spin_unlock(&clp->cl_lock); 7954 free_ol_stateid_reaplist(&reaplist); 7955 return unhashed; 7956 } 7957 } 7958 7959 /* 7960 * nfs4_unlock_state() called after encode 7961 */ 7962 __be32 7963 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 7964 union nfsd4_op_u *u) 7965 { 7966 struct nfsd4_close *close = &u->close; 7967 __be32 status; 7968 struct nfs4_ol_stateid *stp; 7969 struct net *net = SVC_NET(rqstp); 7970 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 7971 bool need_move_to_close_list; 7972 7973 dprintk("NFSD: nfsd4_close on file %pd\n", 7974 cstate->current_fh.fh_dentry); 7975 7976 status = nfs4_preprocess_seqid_op(cstate, close->cl_seqid, 7977 &close->cl_stateid, 7978 SC_TYPE_OPEN, SC_STATUS_CLOSED, 7979 &stp, nn); 7980 nfsd4_bump_seqid(cstate, status); 7981 if (status) 7982 goto out; 7983 7984 spin_lock(&stp->st_stid.sc_client->cl_lock); 7985 stp->st_stid.sc_status |= SC_STATUS_CLOSED; 7986 spin_unlock(&stp->st_stid.sc_client->cl_lock); 7987 7988 /* 7989 * Technically we don't _really_ have to increment or copy it, since 7990 * it should just be gone after this operation and we clobber the 7991 * copied value below, but we continue to do so here just to ensure 7992 * that racing ops see that there was a state change. 7993 */ 7994 nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid); 7995 7996 need_move_to_close_list = nfsd4_close_open_stateid(stp); 7997 mutex_unlock(&stp->st_mutex); 7998 if (need_move_to_close_list) 7999 move_to_close_lru(stp, net); 8000 8001 /* v4.1+ suggests that we send a special stateid in here, since the 8002 * clients should just ignore this anyway. Since this is not useful 8003 * for v4.0 clients either, we set it to the special close_stateid 8004 * universally. 8005 * 8006 * See RFC5661 section 18.2.4, and RFC7530 section 16.2.5 8007 */ 8008 memcpy(&close->cl_stateid, &close_stateid, sizeof(close->cl_stateid)); 8009 8010 /* put reference from nfs4_preprocess_seqid_op */ 8011 nfs4_put_stid(&stp->st_stid); 8012 out: 8013 return status; 8014 } 8015 8016 __be32 8017 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 8018 union nfsd4_op_u *u) 8019 { 8020 struct nfsd4_delegreturn *dr = &u->delegreturn; 8021 struct nfs4_delegation *dp; 8022 stateid_t *stateid = &dr->dr_stateid; 8023 struct nfs4_stid *s; 8024 __be32 status; 8025 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8026 8027 status = fh_verify(rqstp, &cstate->current_fh, 0, 0); 8028 if (status) 8029 return status; 8030 8031 status = nfsd4_lookup_stateid(cstate, stateid, SC_TYPE_DELEG, SC_STATUS_REVOKED, &s, nn); 8032 if (status) 8033 goto out; 8034 dp = delegstateid(s); 8035 status = nfsd4_stid_check_stateid_generation(stateid, &dp->dl_stid, nfsd4_has_session(cstate)); 8036 if (status) 8037 goto put_stateid; 8038 8039 trace_nfsd_deleg_return(stateid); 8040 destroy_delegation(dp); 8041 smp_mb__after_atomic(); 8042 wake_up_var(d_inode(cstate->current_fh.fh_dentry)); 8043 put_stateid: 8044 nfs4_put_stid(&dp->dl_stid); 8045 out: 8046 return status; 8047 } 8048 8049 /* last octet in a range */ 8050 static inline u64 8051 last_byte_offset(u64 start, u64 len) 8052 { 8053 u64 end; 8054 8055 WARN_ON_ONCE(!len); 8056 end = start + len; 8057 return end > start ? end - 1: NFS4_MAX_UINT64; 8058 } 8059 8060 /* 8061 * TODO: Linux file offsets are _signed_ 64-bit quantities, which means that 8062 * we can't properly handle lock requests that go beyond the (2^63 - 1)-th 8063 * byte, because of sign extension problems. Since NFSv4 calls for 64-bit 8064 * locking, this prevents us from being completely protocol-compliant. The 8065 * real solution to this problem is to start using unsigned file offsets in 8066 * the VFS, but this is a very deep change! 8067 */ 8068 static inline void 8069 nfs4_transform_lock_offset(struct file_lock *lock) 8070 { 8071 if (lock->fl_start < 0) 8072 lock->fl_start = OFFSET_MAX; 8073 if (lock->fl_end < 0) 8074 lock->fl_end = OFFSET_MAX; 8075 } 8076 8077 static fl_owner_t 8078 nfsd4_lm_get_owner(fl_owner_t owner) 8079 { 8080 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner; 8081 8082 nfs4_get_stateowner(&lo->lo_owner); 8083 return owner; 8084 } 8085 8086 static void 8087 nfsd4_lm_put_owner(fl_owner_t owner) 8088 { 8089 struct nfs4_lockowner *lo = (struct nfs4_lockowner *)owner; 8090 8091 if (lo) 8092 nfs4_put_stateowner(&lo->lo_owner); 8093 } 8094 8095 /* return pointer to struct nfs4_client if client is expirable */ 8096 static bool 8097 nfsd4_lm_lock_expirable(struct file_lock *cfl) 8098 { 8099 struct nfs4_lockowner *lo = (struct nfs4_lockowner *) cfl->c.flc_owner; 8100 struct nfs4_client *clp = lo->lo_owner.so_client; 8101 struct nfsd_net *nn; 8102 8103 if (try_to_expire_client(clp)) { 8104 nn = net_generic(clp->net, nfsd_net_id); 8105 mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); 8106 return true; 8107 } 8108 return false; 8109 } 8110 8111 /* schedule laundromat to run immediately and wait for it to complete */ 8112 static void 8113 nfsd4_lm_expire_lock(void) 8114 { 8115 flush_workqueue(laundry_wq); 8116 } 8117 8118 static void 8119 nfsd4_lm_notify(struct file_lock *fl) 8120 { 8121 struct nfs4_lockowner *lo = (struct nfs4_lockowner *) fl->c.flc_owner; 8122 struct net *net = lo->lo_owner.so_client->net; 8123 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8124 struct nfsd4_blocked_lock *nbl = container_of(fl, 8125 struct nfsd4_blocked_lock, nbl_lock); 8126 bool queue = false; 8127 8128 /* An empty list means that something else is going to be using it */ 8129 spin_lock(&nn->blocked_locks_lock); 8130 if (!list_empty(&nbl->nbl_list)) { 8131 list_del_init(&nbl->nbl_list); 8132 list_del_init(&nbl->nbl_lru); 8133 queue = true; 8134 } 8135 spin_unlock(&nn->blocked_locks_lock); 8136 8137 if (queue) { 8138 trace_nfsd_cb_notify_lock(lo, nbl); 8139 nfsd4_try_run_cb(&nbl->nbl_cb); 8140 } 8141 } 8142 8143 static const struct lock_manager_operations nfsd_posix_mng_ops = { 8144 .lm_mod_owner = THIS_MODULE, 8145 .lm_notify = nfsd4_lm_notify, 8146 .lm_get_owner = nfsd4_lm_get_owner, 8147 .lm_put_owner = nfsd4_lm_put_owner, 8148 .lm_lock_expirable = nfsd4_lm_lock_expirable, 8149 .lm_expire_lock = nfsd4_lm_expire_lock, 8150 }; 8151 8152 static inline void 8153 nfs4_set_lock_denied(struct file_lock *fl, struct nfsd4_lock_denied *deny) 8154 { 8155 struct nfs4_lockowner *lo; 8156 8157 if (fl->fl_lmops == &nfsd_posix_mng_ops) { 8158 lo = (struct nfs4_lockowner *) fl->c.flc_owner; 8159 xdr_netobj_dup(&deny->ld_owner, &lo->lo_owner.so_owner, 8160 GFP_KERNEL); 8161 if (!deny->ld_owner.data) 8162 /* We just don't care that much */ 8163 goto nevermind; 8164 deny->ld_clientid = lo->lo_owner.so_client->cl_clientid; 8165 } else { 8166 nevermind: 8167 deny->ld_owner.len = 0; 8168 deny->ld_owner.data = NULL; 8169 deny->ld_clientid.cl_boot = 0; 8170 deny->ld_clientid.cl_id = 0; 8171 } 8172 deny->ld_start = fl->fl_start; 8173 deny->ld_length = NFS4_MAX_UINT64; 8174 if (fl->fl_end != NFS4_MAX_UINT64) 8175 deny->ld_length = fl->fl_end - fl->fl_start + 1; 8176 deny->ld_type = NFS4_READ_LT; 8177 if (fl->c.flc_type != F_RDLCK) 8178 deny->ld_type = NFS4_WRITE_LT; 8179 } 8180 8181 static struct nfs4_lockowner * 8182 find_lockowner_str_locked(struct nfs4_client *clp, struct xdr_netobj *owner) 8183 { 8184 unsigned int strhashval = ownerstr_hashval(owner); 8185 struct nfs4_stateowner *so; 8186 8187 lockdep_assert_held(&clp->cl_lock); 8188 8189 list_for_each_entry(so, &clp->cl_ownerstr_hashtbl[strhashval], 8190 so_strhash) { 8191 if (so->so_is_open_owner) 8192 continue; 8193 if (same_owner_str(so, owner)) 8194 return lockowner(nfs4_get_stateowner(so)); 8195 } 8196 return NULL; 8197 } 8198 8199 static struct nfs4_lockowner * 8200 find_lockowner_str(struct nfs4_client *clp, struct xdr_netobj *owner) 8201 { 8202 struct nfs4_lockowner *lo; 8203 8204 spin_lock(&clp->cl_lock); 8205 lo = find_lockowner_str_locked(clp, owner); 8206 spin_unlock(&clp->cl_lock); 8207 return lo; 8208 } 8209 8210 static void nfs4_unhash_lockowner(struct nfs4_stateowner *sop) 8211 { 8212 unhash_lockowner_locked(lockowner(sop)); 8213 } 8214 8215 static void nfs4_free_lockowner(struct nfs4_stateowner *sop) 8216 { 8217 struct nfs4_lockowner *lo = lockowner(sop); 8218 8219 kmem_cache_free(lockowner_slab, lo); 8220 } 8221 8222 static const struct nfs4_stateowner_operations lockowner_ops = { 8223 .so_unhash = nfs4_unhash_lockowner, 8224 .so_free = nfs4_free_lockowner, 8225 }; 8226 8227 /* 8228 * Alloc a lock owner structure. 8229 * Called in nfsd4_lock - therefore, OPEN and OPEN_CONFIRM (if needed) has 8230 * occurred. 8231 * 8232 * strhashval = ownerstr_hashval 8233 */ 8234 static struct nfs4_lockowner * 8235 alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp, 8236 struct nfs4_ol_stateid *open_stp, 8237 struct nfsd4_lock *lock) 8238 { 8239 struct nfs4_lockowner *lo, *ret; 8240 8241 lo = alloc_stateowner(lockowner_slab, &lock->lk_new_owner, clp); 8242 if (!lo) 8243 return NULL; 8244 INIT_LIST_HEAD(&lo->lo_blocked); 8245 INIT_LIST_HEAD(&lo->lo_owner.so_stateids); 8246 lo->lo_owner.so_is_open_owner = 0; 8247 lo->lo_owner.so_seqid = lock->lk_new_lock_seqid; 8248 lo->lo_owner.so_ops = &lockowner_ops; 8249 spin_lock(&clp->cl_lock); 8250 ret = find_lockowner_str_locked(clp, &lock->lk_new_owner); 8251 if (ret == NULL) { 8252 list_add(&lo->lo_owner.so_strhash, 8253 &clp->cl_ownerstr_hashtbl[strhashval]); 8254 ret = lo; 8255 } else 8256 nfs4_free_stateowner(&lo->lo_owner); 8257 8258 spin_unlock(&clp->cl_lock); 8259 return ret; 8260 } 8261 8262 static struct nfs4_ol_stateid * 8263 find_lock_stateid(const struct nfs4_lockowner *lo, 8264 const struct nfs4_ol_stateid *ost) 8265 { 8266 struct nfs4_ol_stateid *lst; 8267 8268 lockdep_assert_held(&ost->st_stid.sc_client->cl_lock); 8269 8270 /* If ost is not hashed, ost->st_locks will not be valid */ 8271 if (!nfs4_ol_stateid_unhashed(ost)) 8272 list_for_each_entry(lst, &ost->st_locks, st_locks) { 8273 if (lst->st_stateowner == &lo->lo_owner) { 8274 refcount_inc(&lst->st_stid.sc_count); 8275 return lst; 8276 } 8277 } 8278 return NULL; 8279 } 8280 8281 static struct nfs4_ol_stateid * 8282 init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo, 8283 struct nfs4_file *fp, struct inode *inode, 8284 struct nfs4_ol_stateid *open_stp) 8285 { 8286 struct nfs4_client *clp = lo->lo_owner.so_client; 8287 struct nfs4_ol_stateid *retstp; 8288 8289 mutex_init(&stp->st_mutex); 8290 mutex_lock_nested(&stp->st_mutex, OPEN_STATEID_MUTEX); 8291 retry: 8292 spin_lock(&clp->cl_lock); 8293 if (nfs4_ol_stateid_unhashed(open_stp)) 8294 goto out_close; 8295 retstp = find_lock_stateid(lo, open_stp); 8296 if (retstp) 8297 goto out_found; 8298 refcount_inc(&stp->st_stid.sc_count); 8299 stp->st_stid.sc_type = SC_TYPE_LOCK; 8300 stp->st_stateowner = nfs4_get_stateowner(&lo->lo_owner); 8301 get_nfs4_file(fp); 8302 stp->st_stid.sc_file = fp; 8303 if (open_stp->st_stid.sc_export) 8304 stp->st_stid.sc_export = 8305 exp_get(open_stp->st_stid.sc_export); 8306 stp->st_access_bmap = 0; 8307 stp->st_deny_bmap = open_stp->st_deny_bmap; 8308 stp->st_openstp = open_stp; 8309 spin_lock(&fp->fi_lock); 8310 list_add(&stp->st_locks, &open_stp->st_locks); 8311 list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids); 8312 list_add(&stp->st_perfile, &fp->fi_stateids); 8313 spin_unlock(&fp->fi_lock); 8314 spin_unlock(&clp->cl_lock); 8315 return stp; 8316 out_found: 8317 spin_unlock(&clp->cl_lock); 8318 if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { 8319 nfs4_put_stid(&retstp->st_stid); 8320 goto retry; 8321 } 8322 /* To keep mutex tracking happy */ 8323 mutex_unlock(&stp->st_mutex); 8324 return retstp; 8325 out_close: 8326 spin_unlock(&clp->cl_lock); 8327 mutex_unlock(&stp->st_mutex); 8328 return NULL; 8329 } 8330 8331 static struct nfs4_ol_stateid * 8332 find_or_create_lock_stateid(struct nfs4_lockowner *lo, struct nfs4_file *fi, 8333 struct inode *inode, struct nfs4_ol_stateid *ost, 8334 bool *new) 8335 { 8336 struct nfs4_stid *ns = NULL; 8337 struct nfs4_ol_stateid *lst; 8338 struct nfs4_openowner *oo = openowner(ost->st_stateowner); 8339 struct nfs4_client *clp = oo->oo_owner.so_client; 8340 8341 *new = false; 8342 spin_lock(&clp->cl_lock); 8343 lst = find_lock_stateid(lo, ost); 8344 spin_unlock(&clp->cl_lock); 8345 if (lst != NULL) { 8346 if (nfsd4_lock_ol_stateid(lst) == nfs_ok) 8347 goto out; 8348 nfs4_put_stid(&lst->st_stid); 8349 } 8350 ns = nfs4_alloc_stid(clp, stateid_slab, nfs4_free_lock_stateid); 8351 if (ns == NULL) 8352 return NULL; 8353 8354 lst = init_lock_stateid(openlockstateid(ns), lo, fi, inode, ost); 8355 if (lst == openlockstateid(ns)) 8356 *new = true; 8357 else 8358 nfs4_put_stid(ns); 8359 out: 8360 return lst; 8361 } 8362 8363 static int 8364 check_lock_length(u64 offset, u64 length) 8365 { 8366 return ((length == 0) || ((length != NFS4_MAX_UINT64) && 8367 (length > ~offset))); 8368 } 8369 8370 static void get_lock_access(struct nfs4_ol_stateid *lock_stp, u32 access) 8371 { 8372 struct nfs4_file *fp = lock_stp->st_stid.sc_file; 8373 8374 lockdep_assert_held(&fp->fi_lock); 8375 8376 if (test_access(access, lock_stp)) 8377 return; 8378 __nfs4_file_get_access(fp, access); 8379 set_access(access, lock_stp); 8380 } 8381 8382 static __be32 8383 lookup_or_create_lock_state(struct nfsd4_compound_state *cstate, 8384 struct nfs4_ol_stateid *ost, 8385 struct nfsd4_lock *lock, 8386 struct nfs4_ol_stateid **plst, bool *new) 8387 { 8388 __be32 status; 8389 struct nfs4_file *fi = ost->st_stid.sc_file; 8390 struct nfs4_openowner *oo = openowner(ost->st_stateowner); 8391 struct nfs4_client *cl = oo->oo_owner.so_client; 8392 struct inode *inode = d_inode(cstate->current_fh.fh_dentry); 8393 struct nfs4_lockowner *lo; 8394 struct nfs4_ol_stateid *lst; 8395 unsigned int strhashval; 8396 8397 lo = find_lockowner_str(cl, &lock->lk_new_owner); 8398 if (!lo) { 8399 strhashval = ownerstr_hashval(&lock->lk_new_owner); 8400 lo = alloc_init_lock_stateowner(strhashval, cl, ost, lock); 8401 if (lo == NULL) 8402 return nfserr_jukebox; 8403 } else { 8404 /* with an existing lockowner, seqids must be the same */ 8405 status = nfserr_bad_seqid; 8406 if (!cstate->minorversion && 8407 lock->lk_new_lock_seqid != lo->lo_owner.so_seqid) 8408 goto out; 8409 } 8410 8411 lst = find_or_create_lock_stateid(lo, fi, inode, ost, new); 8412 if (lst == NULL) { 8413 status = nfserr_jukebox; 8414 goto out; 8415 } 8416 8417 status = nfs_ok; 8418 *plst = lst; 8419 out: 8420 nfs4_put_stateowner(&lo->lo_owner); 8421 return status; 8422 } 8423 8424 /* 8425 * LOCK operation 8426 */ 8427 __be32 8428 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 8429 union nfsd4_op_u *u) 8430 { 8431 struct nfsd4_lock *lock = &u->lock; 8432 struct nfs4_openowner *open_sop = NULL; 8433 struct nfs4_lockowner *lock_sop = NULL; 8434 struct nfs4_ol_stateid *lock_stp = NULL; 8435 struct nfs4_ol_stateid *open_stp = NULL; 8436 struct nfs4_file *fp; 8437 struct nfsd_file *nf = NULL; 8438 struct nfsd4_blocked_lock *nbl = NULL; 8439 struct file_lock *file_lock = NULL; 8440 struct file_lock *conflock = NULL; 8441 __be32 status = 0; 8442 int lkflg; 8443 int err; 8444 bool new = false; 8445 unsigned char type; 8446 unsigned int flags = FL_POSIX; 8447 struct net *net = SVC_NET(rqstp); 8448 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 8449 8450 dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n", 8451 (long long) lock->lk_offset, 8452 (long long) lock->lk_length); 8453 8454 if (check_lock_length(lock->lk_offset, lock->lk_length)) 8455 return nfserr_inval; 8456 8457 status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0); 8458 if (status != nfs_ok) 8459 return status; 8460 if (exportfs_cannot_lock(cstate->current_fh.fh_dentry->d_sb->s_export_op)) { 8461 status = nfserr_notsupp; 8462 goto out; 8463 } 8464 8465 if (lock->lk_is_new) { 8466 if (nfsd4_has_session(cstate)) 8467 /* See rfc 5661 18.10.3: given clientid is ignored: */ 8468 memcpy(&lock->lk_new_clientid, 8469 &cstate->clp->cl_clientid, 8470 sizeof(clientid_t)); 8471 8472 /* validate and update open stateid and open seqid */ 8473 status = nfs4_preprocess_confirmed_seqid_op(cstate, 8474 lock->lk_new_open_seqid, 8475 &lock->lk_new_open_stateid, 8476 &open_stp, nn); 8477 if (status) 8478 goto out; 8479 mutex_unlock(&open_stp->st_mutex); 8480 open_sop = openowner(open_stp->st_stateowner); 8481 status = nfserr_bad_stateid; 8482 if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid, 8483 &lock->lk_new_clientid)) 8484 goto out; 8485 status = lookup_or_create_lock_state(cstate, open_stp, lock, 8486 &lock_stp, &new); 8487 } else { 8488 status = nfs4_preprocess_seqid_op(cstate, 8489 lock->lk_old_lock_seqid, 8490 &lock->lk_old_lock_stateid, 8491 SC_TYPE_LOCK, 0, &lock_stp, 8492 nn); 8493 } 8494 if (status) 8495 goto out; 8496 lock_sop = lockowner(lock_stp->st_stateowner); 8497 8498 lkflg = setlkflg(lock->lk_type); 8499 status = nfs4_check_openmode(lock_stp, lkflg); 8500 if (status) 8501 goto out; 8502 8503 status = nfserr_grace; 8504 if (locks_in_grace(net) && !lock->lk_reclaim) 8505 goto out; 8506 status = nfserr_no_grace; 8507 if (!locks_in_grace(net) && lock->lk_reclaim) 8508 goto out; 8509 8510 if (lock->lk_reclaim) 8511 flags |= FL_RECLAIM; 8512 8513 fp = lock_stp->st_stid.sc_file; 8514 switch (lock->lk_type) { 8515 case NFS4_READW_LT: 8516 fallthrough; 8517 case NFS4_READ_LT: 8518 spin_lock(&fp->fi_lock); 8519 nf = find_readable_file_locked(fp); 8520 if (nf) 8521 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_READ); 8522 spin_unlock(&fp->fi_lock); 8523 type = F_RDLCK; 8524 break; 8525 case NFS4_WRITEW_LT: 8526 fallthrough; 8527 case NFS4_WRITE_LT: 8528 spin_lock(&fp->fi_lock); 8529 nf = find_writeable_file_locked(fp); 8530 if (nf) 8531 get_lock_access(lock_stp, NFS4_SHARE_ACCESS_WRITE); 8532 spin_unlock(&fp->fi_lock); 8533 type = F_WRLCK; 8534 break; 8535 default: 8536 status = nfserr_inval; 8537 goto out; 8538 } 8539 8540 if (!nf) { 8541 status = nfserr_openmode; 8542 goto out; 8543 } 8544 8545 if (lock->lk_type & (NFS4_READW_LT | NFS4_WRITEW_LT) && 8546 nfsd4_has_session(cstate) && 8547 locks_can_async_lock(nf->nf_file->f_op)) 8548 flags |= FL_SLEEP; 8549 8550 nbl = find_or_allocate_block(lock_sop, &fp->fi_fhandle, nn); 8551 if (!nbl) { 8552 dprintk("NFSD: %s: unable to allocate block!\n", __func__); 8553 status = nfserr_jukebox; 8554 goto out; 8555 } 8556 8557 file_lock = &nbl->nbl_lock; 8558 file_lock->c.flc_type = type; 8559 file_lock->c.flc_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(&lock_sop->lo_owner)); 8560 file_lock->c.flc_pid = current->tgid; 8561 file_lock->c.flc_file = nf->nf_file; 8562 file_lock->c.flc_flags = flags; 8563 file_lock->fl_lmops = &nfsd_posix_mng_ops; 8564 file_lock->fl_start = lock->lk_offset; 8565 file_lock->fl_end = last_byte_offset(lock->lk_offset, lock->lk_length); 8566 nfs4_transform_lock_offset(file_lock); 8567 8568 conflock = locks_alloc_lock(); 8569 if (!conflock) { 8570 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8571 status = nfserr_jukebox; 8572 goto out; 8573 } 8574 8575 if (flags & FL_SLEEP) { 8576 nbl->nbl_time = ktime_get_boottime_seconds(); 8577 spin_lock(&nn->blocked_locks_lock); 8578 list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked); 8579 list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru); 8580 kref_get(&nbl->nbl_kref); 8581 spin_unlock(&nn->blocked_locks_lock); 8582 } 8583 8584 err = vfs_lock_file(nf->nf_file, F_SETLK, file_lock, conflock); 8585 switch (err) { 8586 case 0: /* success! */ 8587 nfs4_inc_and_copy_stateid(&lock->lk_resp_stateid, &lock_stp->st_stid); 8588 status = 0; 8589 if (lock->lk_reclaim) 8590 nn->somebody_reclaimed = true; 8591 break; 8592 case FILE_LOCK_DEFERRED: 8593 kref_put(&nbl->nbl_kref, free_nbl); 8594 nbl = NULL; 8595 fallthrough; 8596 case -EAGAIN: /* conflock holds conflicting lock */ 8597 status = nfserr_denied; 8598 dprintk("NFSD: nfsd4_lock: conflicting lock found!\n"); 8599 nfs4_set_lock_denied(conflock, &lock->lk_denied); 8600 break; 8601 case -EDEADLK: 8602 status = nfserr_deadlock; 8603 break; 8604 default: 8605 dprintk("NFSD: nfsd4_lock: vfs_lock_file() failed! status %d\n",err); 8606 status = nfserrno(err); 8607 break; 8608 } 8609 out: 8610 if (nbl) { 8611 /* dequeue it if we queued it before */ 8612 if (flags & FL_SLEEP) { 8613 spin_lock(&nn->blocked_locks_lock); 8614 if (!list_empty(&nbl->nbl_list) && 8615 !list_empty(&nbl->nbl_lru)) { 8616 list_del_init(&nbl->nbl_list); 8617 list_del_init(&nbl->nbl_lru); 8618 kref_put(&nbl->nbl_kref, free_nbl); 8619 } 8620 /* nbl can use one of lists to be linked to reaplist */ 8621 spin_unlock(&nn->blocked_locks_lock); 8622 } 8623 free_blocked_lock(nbl); 8624 } 8625 if (nf) 8626 nfsd_file_put(nf); 8627 if (lock_stp) { 8628 /* Bump seqid manually if the 4.0 replay owner is openowner */ 8629 if (cstate->replay_owner && 8630 cstate->replay_owner != &lock_sop->lo_owner && 8631 seqid_mutating_err(ntohl(status))) 8632 lock_sop->lo_owner.so_seqid++; 8633 8634 /* 8635 * If this is a new, never-before-used stateid, and we are 8636 * returning an error, then just go ahead and release it. 8637 */ 8638 if (status && new) 8639 release_lock_stateid(lock_stp); 8640 8641 mutex_unlock(&lock_stp->st_mutex); 8642 8643 nfs4_put_stid(&lock_stp->st_stid); 8644 } 8645 if (open_stp) 8646 nfs4_put_stid(&open_stp->st_stid); 8647 nfsd4_bump_seqid(cstate, status); 8648 if (conflock) 8649 locks_free_lock(conflock); 8650 return status; 8651 } 8652 8653 void nfsd4_lock_release(union nfsd4_op_u *u) 8654 { 8655 struct nfsd4_lock *lock = &u->lock; 8656 struct nfsd4_lock_denied *deny = &lock->lk_denied; 8657 8658 kfree(deny->ld_owner.data); 8659 } 8660 8661 /* 8662 * The NFSv4 spec allows a client to do a LOCKT without holding an OPEN, 8663 * so we do a temporary open here just to get an open file to pass to 8664 * vfs_test_lock. 8665 */ 8666 static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file_lock *lock) 8667 { 8668 struct nfsd_file *nf; 8669 struct inode *inode; 8670 __be32 err; 8671 8672 err = nfsd_file_acquire(rqstp, fhp, NFSD_MAY_READ, &nf); 8673 if (err) 8674 return err; 8675 inode = fhp->fh_dentry->d_inode; 8676 inode_lock(inode); /* to block new leases till after test_lock: */ 8677 err = nfserrno(nfsd_open_break_lease(inode, NFSD_MAY_READ)); 8678 if (err) 8679 goto out; 8680 lock->c.flc_file = nf->nf_file; 8681 err = nfserrno(vfs_test_lock(nf->nf_file, lock)); 8682 lock->c.flc_file = NULL; 8683 out: 8684 inode_unlock(inode); 8685 nfsd_file_put(nf); 8686 return err; 8687 } 8688 8689 /* 8690 * LOCKT operation 8691 */ 8692 __be32 8693 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 8694 union nfsd4_op_u *u) 8695 { 8696 struct nfsd4_lockt *lockt = &u->lockt; 8697 struct file_lock *file_lock = NULL; 8698 struct nfs4_lockowner *lo = NULL; 8699 __be32 status; 8700 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8701 8702 if (locks_in_grace(SVC_NET(rqstp))) 8703 return nfserr_grace; 8704 8705 if (check_lock_length(lockt->lt_offset, lockt->lt_length)) 8706 return nfserr_inval; 8707 8708 if (!nfsd4_has_session(cstate)) { 8709 status = set_client(&lockt->lt_clientid, cstate, nn); 8710 if (status) 8711 goto out; 8712 } 8713 8714 if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0))) 8715 goto out; 8716 8717 file_lock = locks_alloc_lock(); 8718 if (!file_lock) { 8719 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8720 status = nfserr_jukebox; 8721 goto out; 8722 } 8723 8724 switch (lockt->lt_type) { 8725 case NFS4_READ_LT: 8726 case NFS4_READW_LT: 8727 file_lock->c.flc_type = F_RDLCK; 8728 break; 8729 case NFS4_WRITE_LT: 8730 case NFS4_WRITEW_LT: 8731 file_lock->c.flc_type = F_WRLCK; 8732 break; 8733 default: 8734 dprintk("NFSD: nfs4_lockt: bad lock type!\n"); 8735 status = nfserr_inval; 8736 goto out; 8737 } 8738 8739 lo = find_lockowner_str(cstate->clp, &lockt->lt_owner); 8740 if (lo) 8741 file_lock->c.flc_owner = (fl_owner_t)lo; 8742 file_lock->c.flc_pid = current->tgid; 8743 file_lock->c.flc_flags = FL_POSIX; 8744 8745 file_lock->fl_start = lockt->lt_offset; 8746 file_lock->fl_end = last_byte_offset(lockt->lt_offset, lockt->lt_length); 8747 8748 nfs4_transform_lock_offset(file_lock); 8749 8750 status = nfsd_test_lock(rqstp, &cstate->current_fh, file_lock); 8751 if (status) 8752 goto out; 8753 8754 if (file_lock->c.flc_type != F_UNLCK) { 8755 status = nfserr_denied; 8756 nfs4_set_lock_denied(file_lock, &lockt->lt_denied); 8757 } 8758 out: 8759 if (lo) 8760 nfs4_put_stateowner(&lo->lo_owner); 8761 if (file_lock) 8762 locks_free_lock(file_lock); 8763 return status; 8764 } 8765 8766 void nfsd4_lockt_release(union nfsd4_op_u *u) 8767 { 8768 struct nfsd4_lockt *lockt = &u->lockt; 8769 struct nfsd4_lock_denied *deny = &lockt->lt_denied; 8770 8771 kfree(deny->ld_owner.data); 8772 } 8773 8774 __be32 8775 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 8776 union nfsd4_op_u *u) 8777 { 8778 struct nfsd4_locku *locku = &u->locku; 8779 struct nfs4_ol_stateid *stp; 8780 struct nfsd_file *nf = NULL; 8781 struct file_lock *file_lock = NULL; 8782 __be32 status; 8783 int err; 8784 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8785 8786 dprintk("NFSD: nfsd4_locku: start=%Ld length=%Ld\n", 8787 (long long) locku->lu_offset, 8788 (long long) locku->lu_length); 8789 8790 if (check_lock_length(locku->lu_offset, locku->lu_length)) 8791 return nfserr_inval; 8792 8793 status = nfs4_preprocess_seqid_op(cstate, locku->lu_seqid, 8794 &locku->lu_stateid, SC_TYPE_LOCK, 0, 8795 &stp, nn); 8796 if (status) 8797 goto out; 8798 nf = find_any_file(stp->st_stid.sc_file); 8799 if (!nf) { 8800 status = nfserr_lock_range; 8801 goto put_stateid; 8802 } 8803 if (exportfs_cannot_lock(nf->nf_file->f_path.mnt->mnt_sb->s_export_op)) { 8804 status = nfserr_notsupp; 8805 goto put_file; 8806 } 8807 8808 file_lock = locks_alloc_lock(); 8809 if (!file_lock) { 8810 dprintk("NFSD: %s: unable to allocate lock!\n", __func__); 8811 status = nfserr_jukebox; 8812 goto put_file; 8813 } 8814 8815 file_lock->c.flc_type = F_UNLCK; 8816 file_lock->c.flc_owner = (fl_owner_t)lockowner(nfs4_get_stateowner(stp->st_stateowner)); 8817 file_lock->c.flc_pid = current->tgid; 8818 file_lock->c.flc_file = nf->nf_file; 8819 file_lock->c.flc_flags = FL_POSIX; 8820 file_lock->fl_lmops = &nfsd_posix_mng_ops; 8821 file_lock->fl_start = locku->lu_offset; 8822 8823 file_lock->fl_end = last_byte_offset(locku->lu_offset, 8824 locku->lu_length); 8825 nfs4_transform_lock_offset(file_lock); 8826 8827 err = vfs_lock_file(nf->nf_file, F_SETLK, file_lock, NULL); 8828 if (err) { 8829 dprintk("NFSD: nfs4_locku: vfs_lock_file failed!\n"); 8830 goto out_nfserr; 8831 } 8832 nfs4_inc_and_copy_stateid(&locku->lu_stateid, &stp->st_stid); 8833 put_file: 8834 nfsd_file_put(nf); 8835 put_stateid: 8836 mutex_unlock(&stp->st_mutex); 8837 nfs4_put_stid(&stp->st_stid); 8838 out: 8839 nfsd4_bump_seqid(cstate, status); 8840 if (file_lock) 8841 locks_free_lock(file_lock); 8842 return status; 8843 8844 out_nfserr: 8845 status = nfserrno(err); 8846 goto put_file; 8847 } 8848 8849 /* 8850 * returns 8851 * true: locks held by lockowner 8852 * false: no locks held by lockowner 8853 */ 8854 static bool 8855 check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner) 8856 { 8857 struct file_lock *fl; 8858 int status = false; 8859 struct nfsd_file *nf; 8860 struct inode *inode; 8861 struct file_lock_context *flctx; 8862 8863 spin_lock(&fp->fi_lock); 8864 nf = find_any_file_locked(fp); 8865 if (!nf) { 8866 /* Any valid lock stateid should have some sort of access */ 8867 WARN_ON_ONCE(1); 8868 goto out; 8869 } 8870 8871 inode = file_inode(nf->nf_file); 8872 flctx = locks_inode_context(inode); 8873 8874 if (flctx && !list_empty_careful(&flctx->flc_posix)) { 8875 spin_lock(&flctx->flc_lock); 8876 for_each_file_lock(fl, &flctx->flc_posix) { 8877 if (fl->c.flc_owner == (fl_owner_t)lowner) { 8878 status = true; 8879 break; 8880 } 8881 } 8882 spin_unlock(&flctx->flc_lock); 8883 } 8884 out: 8885 spin_unlock(&fp->fi_lock); 8886 return status; 8887 } 8888 8889 /** 8890 * nfsd4_release_lockowner - process NFSv4.0 RELEASE_LOCKOWNER operations 8891 * @rqstp: RPC transaction 8892 * @cstate: NFSv4 COMPOUND state 8893 * @u: RELEASE_LOCKOWNER arguments 8894 * 8895 * Check if there are any locks still held and if not, free the lockowner 8896 * and any lock state that is owned. 8897 * 8898 * Return values: 8899 * %nfs_ok: lockowner released or not found 8900 * %nfserr_locks_held: lockowner still in use 8901 * %nfserr_stale_clientid: clientid no longer active 8902 * %nfserr_expired: clientid not recognized 8903 */ 8904 __be32 8905 nfsd4_release_lockowner(struct svc_rqst *rqstp, 8906 struct nfsd4_compound_state *cstate, 8907 union nfsd4_op_u *u) 8908 { 8909 struct nfsd4_release_lockowner *rlockowner = &u->release_lockowner; 8910 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 8911 clientid_t *clid = &rlockowner->rl_clientid; 8912 struct nfs4_ol_stateid *stp; 8913 struct nfs4_lockowner *lo; 8914 struct nfs4_client *clp; 8915 LIST_HEAD(reaplist); 8916 __be32 status; 8917 8918 dprintk("nfsd4_release_lockowner clientid: (%08x/%08x):\n", 8919 clid->cl_boot, clid->cl_id); 8920 8921 status = set_client(clid, cstate, nn); 8922 if (status) 8923 return status; 8924 clp = cstate->clp; 8925 8926 spin_lock(&clp->cl_lock); 8927 lo = find_lockowner_str_locked(clp, &rlockowner->rl_owner); 8928 if (!lo) { 8929 spin_unlock(&clp->cl_lock); 8930 return nfs_ok; 8931 } 8932 8933 list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) { 8934 if (check_for_locks(stp->st_stid.sc_file, lo)) { 8935 spin_unlock(&clp->cl_lock); 8936 nfs4_put_stateowner(&lo->lo_owner); 8937 return nfserr_locks_held; 8938 } 8939 } 8940 unhash_lockowner_locked(lo); 8941 while (!list_empty(&lo->lo_owner.so_stateids)) { 8942 stp = list_first_entry(&lo->lo_owner.so_stateids, 8943 struct nfs4_ol_stateid, 8944 st_perstateowner); 8945 unhash_lock_stateid(stp); 8946 put_ol_stateid_locked(stp, &reaplist); 8947 } 8948 spin_unlock(&clp->cl_lock); 8949 8950 free_ol_stateid_reaplist(&reaplist); 8951 remove_blocked_locks(lo); 8952 nfs4_put_stateowner(&lo->lo_owner); 8953 return nfs_ok; 8954 } 8955 8956 static inline struct nfs4_client_reclaim * 8957 alloc_reclaim(void) 8958 { 8959 return kmalloc_obj(struct nfs4_client_reclaim); 8960 } 8961 8962 bool 8963 nfs4_has_reclaimed_state(struct xdr_netobj name, struct nfsd_net *nn) 8964 { 8965 struct nfs4_client_reclaim *crp; 8966 8967 crp = nfsd4_find_reclaim_client(name, nn); 8968 return (crp && crp->cr_clp); 8969 } 8970 8971 /* 8972 * failure => all reset bets are off, nfserr_no_grace... 8973 */ 8974 struct nfs4_client_reclaim * 8975 nfs4_client_to_reclaim(struct xdr_netobj name, struct xdr_netobj princhash, 8976 struct nfsd_net *nn) 8977 { 8978 unsigned int strhashval; 8979 struct nfs4_client_reclaim *crp; 8980 8981 name.data = kmemdup(name.data, name.len, GFP_KERNEL); 8982 if (!name.data) { 8983 dprintk("%s: failed to allocate memory for name.data!\n", 8984 __func__); 8985 return NULL; 8986 } 8987 if (princhash.len) { 8988 princhash.data = kmemdup(princhash.data, princhash.len, GFP_KERNEL); 8989 if (!princhash.data) { 8990 dprintk("%s: failed to allocate memory for princhash.data!\n", 8991 __func__); 8992 kfree(name.data); 8993 return NULL; 8994 } 8995 } else 8996 princhash.data = NULL; 8997 crp = alloc_reclaim(); 8998 if (crp) { 8999 strhashval = clientstr_hashval(name); 9000 INIT_LIST_HEAD(&crp->cr_strhash); 9001 list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]); 9002 crp->cr_name.data = name.data; 9003 crp->cr_name.len = name.len; 9004 crp->cr_princhash.data = princhash.data; 9005 crp->cr_princhash.len = princhash.len; 9006 crp->cr_clp = NULL; 9007 nn->reclaim_str_hashtbl_size++; 9008 } else { 9009 kfree(name.data); 9010 kfree(princhash.data); 9011 } 9012 return crp; 9013 } 9014 9015 void 9016 nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn) 9017 { 9018 list_del(&crp->cr_strhash); 9019 kfree(crp->cr_name.data); 9020 kfree(crp->cr_princhash.data); 9021 kfree(crp); 9022 nn->reclaim_str_hashtbl_size--; 9023 } 9024 9025 void 9026 nfs4_release_reclaim(struct nfsd_net *nn) 9027 { 9028 struct nfs4_client_reclaim *crp = NULL; 9029 int i; 9030 9031 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 9032 while (!list_empty(&nn->reclaim_str_hashtbl[i])) { 9033 crp = list_entry(nn->reclaim_str_hashtbl[i].next, 9034 struct nfs4_client_reclaim, cr_strhash); 9035 nfs4_remove_reclaim_record(crp, nn); 9036 } 9037 } 9038 WARN_ON_ONCE(nn->reclaim_str_hashtbl_size); 9039 } 9040 9041 /* 9042 * called from OPEN, CLAIM_PREVIOUS with a new clientid. */ 9043 struct nfs4_client_reclaim * 9044 nfsd4_find_reclaim_client(struct xdr_netobj name, struct nfsd_net *nn) 9045 { 9046 unsigned int strhashval; 9047 struct nfs4_client_reclaim *crp = NULL; 9048 9049 strhashval = clientstr_hashval(name); 9050 list_for_each_entry(crp, &nn->reclaim_str_hashtbl[strhashval], cr_strhash) { 9051 if (compare_blob(&crp->cr_name, &name) == 0) { 9052 return crp; 9053 } 9054 } 9055 return NULL; 9056 } 9057 9058 __be32 9059 nfs4_check_open_reclaim(struct nfs4_client *clp) 9060 { 9061 if (test_bit(NFSD4_CLIENT_RECLAIM_COMPLETE, &clp->cl_flags)) 9062 return nfserr_no_grace; 9063 9064 if (nfsd4_client_record_check(clp)) 9065 return nfserr_reclaim_bad; 9066 9067 return nfs_ok; 9068 } 9069 9070 /* 9071 * Since the lifetime of a delegation isn't limited to that of an open, a 9072 * client may quite reasonably hang on to a delegation as long as it has 9073 * the inode cached. This becomes an obvious problem the first time a 9074 * client's inode cache approaches the size of the server's total memory. 9075 * 9076 * For now we avoid this problem by imposing a hard limit on the number 9077 * of delegations, which varies according to the server's memory size. 9078 */ 9079 static void 9080 set_max_delegations(void) 9081 { 9082 /* 9083 * Allow at most 4 delegations per megabyte of RAM. Quick 9084 * estimates suggest that in the worst case (where every delegation 9085 * is for a different inode), a delegation could take about 1.5K, 9086 * giving a worst case usage of about 6% of memory. 9087 */ 9088 max_delegations = nr_free_buffer_pages() >> (20 - 2 - PAGE_SHIFT); 9089 } 9090 9091 static int nfs4_state_create_net(struct net *net) 9092 { 9093 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 9094 int i; 9095 9096 nn->conf_id_hashtbl = kmalloc_objs(struct list_head, CLIENT_HASH_SIZE); 9097 if (!nn->conf_id_hashtbl) 9098 goto err; 9099 nn->unconf_id_hashtbl = kmalloc_objs(struct list_head, CLIENT_HASH_SIZE); 9100 if (!nn->unconf_id_hashtbl) 9101 goto err_unconf_id; 9102 nn->sessionid_hashtbl = kmalloc_objs(struct list_head, 9103 SESSION_HASH_SIZE); 9104 if (!nn->sessionid_hashtbl) 9105 goto err_sessionid; 9106 9107 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 9108 INIT_LIST_HEAD(&nn->conf_id_hashtbl[i]); 9109 INIT_LIST_HEAD(&nn->unconf_id_hashtbl[i]); 9110 } 9111 for (i = 0; i < SESSION_HASH_SIZE; i++) 9112 INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]); 9113 nn->conf_name_tree = RB_ROOT; 9114 nn->unconf_name_tree = RB_ROOT; 9115 nn->boot_time = ktime_get_real_seconds(); 9116 nn->grace_ended = false; 9117 nn->grace_end_forced = false; 9118 nn->nfsd4_manager.block_opens = true; 9119 INIT_LIST_HEAD(&nn->nfsd4_manager.list); 9120 INIT_LIST_HEAD(&nn->client_lru); 9121 INIT_LIST_HEAD(&nn->close_lru); 9122 INIT_LIST_HEAD(&nn->del_recall_lru); 9123 spin_lock_init(&nn->deleg_lock); 9124 spin_lock_init(&nn->client_lock); 9125 spin_lock_init(&nn->s2s_cp_lock); 9126 idr_init(&nn->s2s_cp_stateids); 9127 atomic_set(&nn->pending_async_copies, 0); 9128 9129 spin_lock_init(&nn->blocked_locks_lock); 9130 INIT_LIST_HEAD(&nn->blocked_locks_lru); 9131 9132 INIT_DELAYED_WORK(&nn->laundromat_work, laundromat_main); 9133 /* Make sure this cannot run until client tracking is initialised */ 9134 disable_delayed_work(&nn->laundromat_work); 9135 INIT_WORK(&nn->nfsd_shrinker_work, nfsd4_state_shrinker_worker); 9136 get_net(net); 9137 9138 nn->nfsd_client_shrinker = shrinker_alloc(0, "nfsd-client"); 9139 if (!nn->nfsd_client_shrinker) 9140 goto err_shrinker; 9141 9142 nn->nfsd_client_shrinker->scan_objects = nfsd4_state_shrinker_scan; 9143 nn->nfsd_client_shrinker->count_objects = nfsd4_state_shrinker_count; 9144 nn->nfsd_client_shrinker->private_data = nn; 9145 9146 shrinker_register(nn->nfsd_client_shrinker); 9147 9148 return 0; 9149 9150 err_shrinker: 9151 put_net(net); 9152 kfree(nn->sessionid_hashtbl); 9153 err_sessionid: 9154 kfree(nn->unconf_id_hashtbl); 9155 err_unconf_id: 9156 kfree(nn->conf_id_hashtbl); 9157 err: 9158 return -ENOMEM; 9159 } 9160 9161 static void 9162 nfs4_state_destroy_net(struct net *net) 9163 { 9164 int i; 9165 struct nfs4_client *clp = NULL; 9166 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 9167 9168 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 9169 while (!list_empty(&nn->conf_id_hashtbl[i])) { 9170 clp = list_entry(nn->conf_id_hashtbl[i].next, struct nfs4_client, cl_idhash); 9171 destroy_client(clp); 9172 } 9173 } 9174 9175 WARN_ON(!list_empty(&nn->blocked_locks_lru)); 9176 9177 for (i = 0; i < CLIENT_HASH_SIZE; i++) { 9178 while (!list_empty(&nn->unconf_id_hashtbl[i])) { 9179 clp = list_entry(nn->unconf_id_hashtbl[i].next, struct nfs4_client, cl_idhash); 9180 destroy_client(clp); 9181 } 9182 } 9183 9184 kfree(nn->sessionid_hashtbl); 9185 kfree(nn->unconf_id_hashtbl); 9186 kfree(nn->conf_id_hashtbl); 9187 put_net(net); 9188 } 9189 9190 int 9191 nfs4_state_start_net(struct net *net) 9192 { 9193 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 9194 int ret; 9195 9196 ret = nfs4_state_create_net(net); 9197 if (ret) 9198 return ret; 9199 locks_start_grace(net, &nn->nfsd4_manager); 9200 nfsd4_client_tracking_init(net); 9201 /* safe for laundromat to run now */ 9202 enable_delayed_work(&nn->laundromat_work); 9203 if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) 9204 goto skip_grace; 9205 printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", 9206 nn->nfsd4_grace, net->ns.inum); 9207 trace_nfsd_grace_start(nn); 9208 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_grace * HZ); 9209 return 0; 9210 9211 skip_grace: 9212 printk(KERN_INFO "NFSD: no clients to reclaim, skipping NFSv4 grace period (net %x)\n", 9213 net->ns.inum); 9214 queue_delayed_work(laundry_wq, &nn->laundromat_work, nn->nfsd4_lease * HZ); 9215 nfsd4_end_grace(nn); 9216 return 0; 9217 } 9218 9219 /* initialization to perform when the nfsd service is started: */ 9220 int 9221 nfs4_state_start(void) 9222 { 9223 int ret; 9224 9225 ret = rhltable_init(&nfs4_file_rhltable, &nfs4_file_rhash_params); 9226 if (ret) 9227 return ret; 9228 9229 nfsd_slot_shrinker = shrinker_alloc(0, "nfsd-DRC-slot"); 9230 if (!nfsd_slot_shrinker) { 9231 rhltable_destroy(&nfs4_file_rhltable); 9232 return -ENOMEM; 9233 } 9234 nfsd_slot_shrinker->count_objects = nfsd_slot_count; 9235 nfsd_slot_shrinker->scan_objects = nfsd_slot_scan; 9236 shrinker_register(nfsd_slot_shrinker); 9237 9238 set_max_delegations(); 9239 return 0; 9240 } 9241 9242 void 9243 nfs4_state_shutdown_net(struct net *net) 9244 { 9245 struct nfs4_delegation *dp = NULL; 9246 struct list_head *pos, *next, reaplist; 9247 struct nfsd_net *nn = net_generic(net, nfsd_net_id); 9248 9249 shrinker_free(nn->nfsd_client_shrinker); 9250 cancel_work_sync(&nn->nfsd_shrinker_work); 9251 disable_delayed_work_sync(&nn->laundromat_work); 9252 locks_end_grace(&nn->nfsd4_manager); 9253 9254 INIT_LIST_HEAD(&reaplist); 9255 spin_lock(&nn->deleg_lock); 9256 list_for_each_safe(pos, next, &nn->del_recall_lru) { 9257 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 9258 unhash_delegation_locked(dp, SC_STATUS_CLOSED); 9259 list_add(&dp->dl_recall_lru, &reaplist); 9260 } 9261 spin_unlock(&nn->deleg_lock); 9262 list_for_each_safe(pos, next, &reaplist) { 9263 dp = list_entry (pos, struct nfs4_delegation, dl_recall_lru); 9264 list_del_init(&dp->dl_recall_lru); 9265 destroy_unhashed_deleg(dp); 9266 } 9267 9268 nfsd4_client_tracking_exit(net); 9269 nfs4_state_destroy_net(net); 9270 #ifdef CONFIG_NFSD_V4_2_INTER_SSC 9271 nfsd4_ssc_shutdown_umount(nn); 9272 #endif 9273 } 9274 9275 void 9276 nfs4_state_shutdown(void) 9277 { 9278 rhltable_destroy(&nfs4_file_rhltable); 9279 shrinker_free(nfsd_slot_shrinker); 9280 } 9281 9282 static void 9283 get_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid) 9284 { 9285 if (HAS_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG) && 9286 CURRENT_STATEID(stateid)) 9287 memcpy(stateid, &cstate->current_stateid, sizeof(stateid_t)); 9288 } 9289 9290 static void 9291 put_stateid(struct nfsd4_compound_state *cstate, stateid_t *stateid) 9292 { 9293 if (cstate->minorversion) { 9294 memcpy(&cstate->current_stateid, stateid, sizeof(stateid_t)); 9295 SET_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG); 9296 } 9297 } 9298 9299 void 9300 clear_current_stateid(struct nfsd4_compound_state *cstate) 9301 { 9302 CLEAR_CSTATE_FLAG(cstate, CURRENT_STATE_ID_FLAG); 9303 } 9304 9305 /* 9306 * functions to set current state id 9307 */ 9308 void 9309 nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, 9310 union nfsd4_op_u *u) 9311 { 9312 put_stateid(cstate, &u->open_downgrade.od_stateid); 9313 } 9314 9315 void 9316 nfsd4_set_openstateid(struct nfsd4_compound_state *cstate, 9317 union nfsd4_op_u *u) 9318 { 9319 put_stateid(cstate, &u->open.op_stateid); 9320 } 9321 9322 void 9323 nfsd4_set_closestateid(struct nfsd4_compound_state *cstate, 9324 union nfsd4_op_u *u) 9325 { 9326 put_stateid(cstate, &u->close.cl_stateid); 9327 } 9328 9329 void 9330 nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, 9331 union nfsd4_op_u *u) 9332 { 9333 put_stateid(cstate, &u->lock.lk_resp_stateid); 9334 } 9335 9336 /* 9337 * functions to consume current state id 9338 */ 9339 9340 void 9341 nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, 9342 union nfsd4_op_u *u) 9343 { 9344 get_stateid(cstate, &u->open_downgrade.od_stateid); 9345 } 9346 9347 void 9348 nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate, 9349 union nfsd4_op_u *u) 9350 { 9351 get_stateid(cstate, &u->delegreturn.dr_stateid); 9352 } 9353 9354 void 9355 nfsd4_get_freestateid(struct nfsd4_compound_state *cstate, 9356 union nfsd4_op_u *u) 9357 { 9358 get_stateid(cstate, &u->free_stateid.fr_stateid); 9359 } 9360 9361 void 9362 nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate, 9363 union nfsd4_op_u *u) 9364 { 9365 get_stateid(cstate, &u->setattr.sa_stateid); 9366 } 9367 9368 void 9369 nfsd4_get_closestateid(struct nfsd4_compound_state *cstate, 9370 union nfsd4_op_u *u) 9371 { 9372 get_stateid(cstate, &u->close.cl_stateid); 9373 } 9374 9375 void 9376 nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate, 9377 union nfsd4_op_u *u) 9378 { 9379 get_stateid(cstate, &u->locku.lu_stateid); 9380 } 9381 9382 void 9383 nfsd4_get_readstateid(struct nfsd4_compound_state *cstate, 9384 union nfsd4_op_u *u) 9385 { 9386 get_stateid(cstate, &u->read.rd_stateid); 9387 } 9388 9389 void 9390 nfsd4_get_writestateid(struct nfsd4_compound_state *cstate, 9391 union nfsd4_op_u *u) 9392 { 9393 get_stateid(cstate, &u->write.wr_stateid); 9394 } 9395 9396 /** 9397 * nfsd4_vet_deleg_time - vet and set the timespec for a delegated timestamp update 9398 * @req: timestamp from the client 9399 * @orig: original timestamp in the inode 9400 * @now: current time 9401 * 9402 * Given a timestamp from the client response, check it against the 9403 * current timestamp in the inode and the current time. Returns true 9404 * if the inode's timestamp needs to be updated, and false otherwise. 9405 * @req may also be changed if the timestamp needs to be clamped. 9406 */ 9407 bool nfsd4_vet_deleg_time(struct timespec64 *req, const struct timespec64 *orig, 9408 const struct timespec64 *now) 9409 { 9410 9411 /* 9412 * "When the time presented is before the original time, then the 9413 * update is ignored." Also no need to update if there is no change. 9414 */ 9415 if (timespec64_compare(req, orig) <= 0) 9416 return false; 9417 9418 /* 9419 * "When the time presented is in the future, the server can either 9420 * clamp the new time to the current time, or it may 9421 * return NFS4ERR_DELAY to the client, allowing it to retry." 9422 */ 9423 if (timespec64_compare(req, now) > 0) 9424 *req = *now; 9425 9426 return true; 9427 } 9428 9429 static int cb_getattr_update_times(struct dentry *dentry, struct nfs4_delegation *dp) 9430 { 9431 struct inode *inode = d_inode(dentry); 9432 struct nfs4_cb_fattr *ncf = &dp->dl_cb_fattr; 9433 struct iattr attrs = { }; 9434 int ret; 9435 9436 if (deleg_attrs_deleg(dp->dl_type)) { 9437 struct timespec64 now = current_time(inode); 9438 9439 attrs.ia_atime = ncf->ncf_cb_atime; 9440 attrs.ia_mtime = ncf->ncf_cb_mtime; 9441 9442 if (nfsd4_vet_deleg_time(&attrs.ia_atime, &dp->dl_atime, &now)) 9443 attrs.ia_valid |= ATTR_ATIME | ATTR_ATIME_SET; 9444 9445 if (nfsd4_vet_deleg_time(&attrs.ia_mtime, &dp->dl_mtime, &now)) { 9446 attrs.ia_valid |= ATTR_MTIME | ATTR_MTIME_SET; 9447 attrs.ia_ctime = attrs.ia_mtime; 9448 if (nfsd4_vet_deleg_time(&attrs.ia_ctime, &dp->dl_ctime, &now)) 9449 attrs.ia_valid |= ATTR_CTIME | ATTR_CTIME_SET; 9450 } 9451 } else { 9452 attrs.ia_valid |= ATTR_MTIME | ATTR_CTIME; 9453 } 9454 9455 if (!attrs.ia_valid) 9456 return 0; 9457 9458 attrs.ia_valid |= ATTR_DELEG; 9459 inode_lock(inode); 9460 ret = notify_change(&nop_mnt_idmap, dentry, &attrs, NULL); 9461 inode_unlock(inode); 9462 return ret; 9463 } 9464 9465 /** 9466 * nfsd4_deleg_getattr_conflict - Recall if GETATTR causes conflict 9467 * @rqstp: RPC transaction context 9468 * @dentry: dentry of inode to be checked for a conflict 9469 * @pdp: returned WRITE delegation, if one was found 9470 * 9471 * This function is called when there is a conflict between a write 9472 * delegation and a change/size GETATTR from another client. The server 9473 * must either use the CB_GETATTR to get the current values of the 9474 * attributes from the client that holds the delegation or recall the 9475 * delegation before replying to the GETATTR. See RFC 8881 section 9476 * 18.7.4. 9477 * 9478 * Returns 0 if there is no conflict; otherwise an nfs_stat 9479 * code is returned. If @pdp is set to a non-NULL value, then the 9480 * caller must put the reference. 9481 */ 9482 __be32 9483 nfsd4_deleg_getattr_conflict(struct svc_rqst *rqstp, struct dentry *dentry, 9484 struct nfs4_delegation **pdp) 9485 { 9486 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); 9487 struct nfsd_thread_local_info *ntli = rqstp->rq_private; 9488 struct file_lock_context *ctx; 9489 struct nfs4_delegation *dp = NULL; 9490 struct file_lease *fl; 9491 struct nfs4_cb_fattr *ncf; 9492 struct inode *inode = d_inode(dentry); 9493 __be32 status; 9494 9495 ctx = locks_inode_context(inode); 9496 if (!ctx) 9497 return nfs_ok; 9498 9499 #define NON_NFSD_LEASE ((void *)1) 9500 9501 spin_lock(&ctx->flc_lock); 9502 for_each_file_lock(fl, &ctx->flc_lease) { 9503 if (fl->c.flc_flags == FL_LAYOUT) 9504 continue; 9505 if (fl->c.flc_type == F_WRLCK) { 9506 if (fl->fl_lmops == &nfsd_lease_mng_ops) 9507 dp = fl->c.flc_owner; 9508 else 9509 dp = NON_NFSD_LEASE; 9510 } 9511 break; 9512 } 9513 if (dp == NULL || dp == NON_NFSD_LEASE || 9514 dp->dl_recall.cb_clp == *(ntli->ntli_lease_breaker)) { 9515 spin_unlock(&ctx->flc_lock); 9516 if (dp == NON_NFSD_LEASE) { 9517 status = nfserrno(nfsd_open_break_lease(inode, 9518 NFSD_MAY_READ)); 9519 if (status != nfserr_jukebox || 9520 !nfsd_wait_for_delegreturn(rqstp, inode)) 9521 return status; 9522 } 9523 return 0; 9524 } 9525 9526 nfsd_stats_wdeleg_getattr_inc(nn); 9527 refcount_inc(&dp->dl_stid.sc_count); 9528 ncf = &dp->dl_cb_fattr; 9529 nfs4_cb_getattr(&dp->dl_cb_fattr); 9530 spin_unlock(&ctx->flc_lock); 9531 9532 wait_on_bit_timeout(&ncf->ncf_getattr.cb_flags, NFSD4_CALLBACK_RUNNING, 9533 TASK_UNINTERRUPTIBLE, NFSD_CB_GETATTR_TIMEOUT); 9534 if (ncf->ncf_cb_status) { 9535 /* Recall delegation only if client didn't respond */ 9536 status = nfserrno(nfsd_open_break_lease(inode, NFSD_MAY_READ)); 9537 if (status != nfserr_jukebox || 9538 !nfsd_wait_for_delegreturn(rqstp, inode)) 9539 goto out_status; 9540 status = nfs_ok; 9541 goto out_status; 9542 } 9543 if (!ncf->ncf_file_modified) { 9544 if (ncf->ncf_initial_cinfo != ncf->ncf_cb_change) 9545 ncf->ncf_file_modified = true; 9546 else if (i_size_read(inode) != ncf->ncf_cb_fsize) 9547 ncf->ncf_file_modified = true; 9548 } 9549 if (ncf->ncf_file_modified) { 9550 int err; 9551 9552 /* 9553 * Per section 10.4.3 of RFC 8881, the server would 9554 * not update the file's metadata with the client's 9555 * modified size 9556 */ 9557 err = cb_getattr_update_times(dentry, dp); 9558 if (err) { 9559 status = nfserrno(err); 9560 goto out_status; 9561 } 9562 ncf->ncf_cur_fsize = ncf->ncf_cb_fsize; 9563 *pdp = dp; 9564 return nfs_ok; 9565 } 9566 status = nfs_ok; 9567 out_status: 9568 nfs4_put_stid(&dp->dl_stid); 9569 return status; 9570 } 9571 9572 /** 9573 * nfsd_get_dir_deleg - attempt to get a directory delegation 9574 * @cstate: compound state 9575 * @gdd: GET_DIR_DELEGATION arg/resp structure 9576 * @nf: nfsd_file opened on the directory 9577 * 9578 * Given a GET_DIR_DELEGATION request @gdd, attempt to acquire a delegation 9579 * on the directory to which @nf refers. Note that this does not set up any 9580 * sort of async notifications for the delegation. 9581 */ 9582 struct nfs4_delegation * 9583 nfsd_get_dir_deleg(struct nfsd4_compound_state *cstate, 9584 struct nfsd4_get_dir_delegation *gdd, 9585 struct nfsd_file *nf) 9586 { 9587 struct nfs4_client *clp = cstate->clp; 9588 struct nfsd_net *nn = net_generic(clp->net, nfsd_net_id); 9589 struct nfs4_delegation *dp; 9590 struct file_lease *fl; 9591 struct nfs4_file *fp, *rfp; 9592 int status = 0; 9593 9594 fp = nfsd4_alloc_file(); 9595 if (!fp) 9596 return ERR_PTR(-ENOMEM); 9597 9598 nfsd4_file_init(&cstate->current_fh, fp); 9599 9600 rfp = nfsd4_file_hash_insert(fp, &cstate->current_fh); 9601 if (unlikely(!rfp)) { 9602 put_nfs4_file(fp); 9603 return ERR_PTR(-ENOMEM); 9604 } 9605 9606 if (rfp != fp) { 9607 put_nfs4_file(fp); 9608 fp = rfp; 9609 } 9610 9611 /* if this client already has one, return that it's unavailable */ 9612 spin_lock(&nn->deleg_lock); 9613 spin_lock(&fp->fi_lock); 9614 /* existing delegation? */ 9615 if (nfs4_delegation_exists(clp, fp)) { 9616 status = -EAGAIN; 9617 } else if (!fp->fi_deleg_file) { 9618 fp->fi_deleg_file = nfsd_file_get(nf); 9619 fp->fi_delegees = 1; 9620 } else { 9621 ++fp->fi_delegees; 9622 } 9623 spin_unlock(&fp->fi_lock); 9624 spin_unlock(&nn->deleg_lock); 9625 9626 if (status) { 9627 put_nfs4_file(fp); 9628 return ERR_PTR(status); 9629 } 9630 9631 /* Try to set up the lease */ 9632 status = -ENOMEM; 9633 dp = alloc_init_deleg(clp, fp, NULL, NFS4_OPEN_DELEGATE_READ); 9634 if (!dp) 9635 goto out_delegees; 9636 if (cstate->current_fh.fh_export) 9637 dp->dl_stid.sc_export = 9638 exp_get(cstate->current_fh.fh_export); 9639 9640 fl = nfs4_alloc_init_lease(dp); 9641 if (!fl) 9642 goto out_put_stid; 9643 9644 status = kernel_setlease(nf->nf_file, 9645 fl->c.flc_type, &fl, NULL); 9646 if (fl) 9647 locks_free_lease(fl); 9648 if (status) 9649 goto out_put_stid; 9650 9651 /* 9652 * Now, try to hash it. This can fail if we race another nfsd task 9653 * trying to set a delegation on the same file. If that happens, 9654 * then just say UNAVAIL. 9655 */ 9656 spin_lock(&nn->deleg_lock); 9657 spin_lock(&clp->cl_lock); 9658 spin_lock(&fp->fi_lock); 9659 status = hash_delegation_locked(dp, fp); 9660 spin_unlock(&fp->fi_lock); 9661 spin_unlock(&clp->cl_lock); 9662 spin_unlock(&nn->deleg_lock); 9663 9664 if (!status) { 9665 put_nfs4_file(fp); 9666 return dp; 9667 } 9668 9669 /* Something failed. Drop the lease and clean up the stid */ 9670 kernel_setlease(fp->fi_deleg_file->nf_file, F_UNLCK, NULL, (void **)&dp); 9671 out_put_stid: 9672 nfs4_put_stid(&dp->dl_stid); 9673 out_delegees: 9674 put_deleg_file(fp); 9675 put_nfs4_file(fp); 9676 return ERR_PTR(status); 9677 } 9678 9679 /** 9680 * nfsd_update_cmtime_attr - update file's delegated ctime/mtime, 9681 * and optionally other attributes (ie ATTR_ATIME). 9682 * @f: pointer to an opened file 9683 * @flags: any additional flags that should be updated 9684 * 9685 * Given upon opening a file delegated attributes were issues, update 9686 * @f attributes to current times. 9687 */ 9688 void nfsd_update_cmtime_attr(struct file *f, unsigned int flags) 9689 { 9690 int ret; 9691 struct inode *inode = file_inode(f); 9692 struct iattr attr = { 9693 .ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_DELEG | flags, 9694 }; 9695 9696 inode_lock(inode); 9697 ret = notify_change(&nop_mnt_idmap, f->f_path.dentry, &attr, NULL); 9698 inode_unlock(inode); 9699 if (ret) 9700 pr_notice_ratelimited("nfsd: Unable to update timestamps on " 9701 "inode %02x:%02x:%llu: %d\n", 9702 MAJOR(inode->i_sb->s_dev), 9703 MINOR(inode->i_sb->s_dev), 9704 inode->i_ino, ret); 9705 } 9706