1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/fs/nfs/fs_context.c 4 * 5 * Copyright (C) 1992 Rick Sladkey 6 * Conversion to new mount api Copyright (C) David Howells 7 * 8 * NFS mount handling. 9 * 10 * Split from fs/nfs/super.c by David Howells <dhowells@redhat.com> 11 */ 12 13 #include <linux/compat.h> 14 #include <linux/module.h> 15 #include <linux/fs.h> 16 #include <linux/fs_context.h> 17 #include <linux/fs_parser.h> 18 #include <linux/nfs_fs.h> 19 #include <linux/nfs_mount.h> 20 #include <linux/nfs4_mount.h> 21 22 #include <net/handshake.h> 23 24 #include "nfs.h" 25 #include "internal.h" 26 27 #include "nfstrace.h" 28 29 #define NFSDBG_FACILITY NFSDBG_MOUNT 30 31 #if IS_ENABLED(CONFIG_NFS_V3) 32 #define NFS_DEFAULT_VERSION 3 33 #else 34 #define NFS_DEFAULT_VERSION 2 35 #endif 36 37 #define NFS_MAX_CONNECTIONS 16 38 39 enum nfs_param { 40 Opt_ac, 41 Opt_acdirmax, 42 Opt_acdirmin, 43 Opt_acl, 44 Opt_acregmax, 45 Opt_acregmin, 46 Opt_actimeo, 47 Opt_addr, 48 Opt_bg, 49 Opt_bsize, 50 Opt_clientaddr, 51 Opt_cto, 52 Opt_alignwrite, 53 Opt_fatal_neterrors, 54 Opt_fg, 55 Opt_fscache, 56 Opt_fscache_flag, 57 Opt_hard, 58 Opt_intr, 59 Opt_local_lock, 60 Opt_lock, 61 Opt_lookupcache, 62 Opt_migration, 63 Opt_minorversion, 64 Opt_mountaddr, 65 Opt_mounthost, 66 Opt_mountport, 67 Opt_mountproto, 68 Opt_mountvers, 69 Opt_namelen, 70 Opt_nconnect, 71 Opt_max_connect, 72 Opt_port, 73 Opt_posix, 74 Opt_proto, 75 Opt_rdirplus, 76 Opt_rdirplus_none, 77 Opt_rdirplus_force, 78 Opt_rdma, 79 Opt_resvport, 80 Opt_retrans, 81 Opt_retry, 82 Opt_rsize, 83 Opt_sec, 84 Opt_sharecache, 85 Opt_sloppy, 86 Opt_soft, 87 Opt_softerr, 88 Opt_softreval, 89 Opt_source, 90 Opt_tcp, 91 Opt_timeo, 92 Opt_trunkdiscovery, 93 Opt_udp, 94 Opt_v, 95 Opt_vers, 96 Opt_wsize, 97 Opt_write, 98 Opt_xprtsec, 99 Opt_cert_serial, 100 Opt_privkey_serial, 101 }; 102 103 enum { 104 Opt_fatal_neterrors_default, 105 Opt_fatal_neterrors_enetunreach, 106 Opt_fatal_neterrors_none, 107 }; 108 109 static const struct constant_table nfs_param_enums_fatal_neterrors[] = { 110 { "default", Opt_fatal_neterrors_default }, 111 { "ENETDOWN:ENETUNREACH", Opt_fatal_neterrors_enetunreach }, 112 { "ENETUNREACH:ENETDOWN", Opt_fatal_neterrors_enetunreach }, 113 { "none", Opt_fatal_neterrors_none }, 114 {} 115 }; 116 117 enum { 118 Opt_local_lock_all, 119 Opt_local_lock_flock, 120 Opt_local_lock_none, 121 Opt_local_lock_posix, 122 }; 123 124 static const struct constant_table nfs_param_enums_local_lock[] = { 125 { "all", Opt_local_lock_all }, 126 { "flock", Opt_local_lock_flock }, 127 { "posix", Opt_local_lock_posix }, 128 { "none", Opt_local_lock_none }, 129 {} 130 }; 131 132 enum { 133 Opt_lookupcache_all, 134 Opt_lookupcache_none, 135 Opt_lookupcache_positive, 136 }; 137 138 static const struct constant_table nfs_param_enums_lookupcache[] = { 139 { "all", Opt_lookupcache_all }, 140 { "none", Opt_lookupcache_none }, 141 { "pos", Opt_lookupcache_positive }, 142 { "positive", Opt_lookupcache_positive }, 143 {} 144 }; 145 146 enum { 147 Opt_write_lazy, 148 Opt_write_eager, 149 Opt_write_wait, 150 }; 151 152 static const struct constant_table nfs_param_enums_write[] = { 153 { "lazy", Opt_write_lazy }, 154 { "eager", Opt_write_eager }, 155 { "wait", Opt_write_wait }, 156 {} 157 }; 158 159 static const struct fs_parameter_spec nfs_fs_parameters[] = { 160 fsparam_flag_no("ac", Opt_ac), 161 fsparam_u32 ("acdirmax", Opt_acdirmax), 162 fsparam_u32 ("acdirmin", Opt_acdirmin), 163 fsparam_flag_no("acl", Opt_acl), 164 fsparam_u32 ("acregmax", Opt_acregmax), 165 fsparam_u32 ("acregmin", Opt_acregmin), 166 fsparam_u32 ("actimeo", Opt_actimeo), 167 fsparam_string("addr", Opt_addr), 168 fsparam_flag ("bg", Opt_bg), 169 fsparam_u32 ("bsize", Opt_bsize), 170 fsparam_string("clientaddr", Opt_clientaddr), 171 fsparam_flag_no("cto", Opt_cto), 172 fsparam_flag_no("alignwrite", Opt_alignwrite), 173 fsparam_enum("fatal_neterrors", Opt_fatal_neterrors, 174 nfs_param_enums_fatal_neterrors), 175 fsparam_flag ("fg", Opt_fg), 176 fsparam_flag_no("fsc", Opt_fscache_flag), 177 fsparam_string("fsc", Opt_fscache), 178 fsparam_flag ("hard", Opt_hard), 179 __fsparam(NULL, "intr", Opt_intr, 180 fs_param_neg_with_no|fs_param_deprecated, NULL), 181 fsparam_enum ("local_lock", Opt_local_lock, nfs_param_enums_local_lock), 182 fsparam_flag_no("lock", Opt_lock), 183 fsparam_enum ("lookupcache", Opt_lookupcache, nfs_param_enums_lookupcache), 184 fsparam_flag_no("migration", Opt_migration), 185 fsparam_u32 ("minorversion", Opt_minorversion), 186 fsparam_string("mountaddr", Opt_mountaddr), 187 fsparam_string("mounthost", Opt_mounthost), 188 fsparam_u32 ("mountport", Opt_mountport), 189 fsparam_string("mountproto", Opt_mountproto), 190 fsparam_u32 ("mountvers", Opt_mountvers), 191 fsparam_u32 ("namlen", Opt_namelen), 192 fsparam_u32 ("nconnect", Opt_nconnect), 193 fsparam_u32 ("max_connect", Opt_max_connect), 194 fsparam_string("nfsvers", Opt_vers), 195 fsparam_u32 ("port", Opt_port), 196 fsparam_flag_no("posix", Opt_posix), 197 fsparam_string("proto", Opt_proto), 198 fsparam_flag_no("rdirplus", Opt_rdirplus), // rdirplus|nordirplus 199 fsparam_string("rdirplus", Opt_rdirplus), // rdirplus=... 200 fsparam_flag ("rdma", Opt_rdma), 201 fsparam_flag_no("resvport", Opt_resvport), 202 fsparam_u32 ("retrans", Opt_retrans), 203 fsparam_string("retry", Opt_retry), 204 fsparam_u32 ("rsize", Opt_rsize), 205 fsparam_string("sec", Opt_sec), 206 fsparam_flag_no("sharecache", Opt_sharecache), 207 fsparam_flag ("sloppy", Opt_sloppy), 208 fsparam_flag ("soft", Opt_soft), 209 fsparam_flag ("softerr", Opt_softerr), 210 fsparam_flag ("softreval", Opt_softreval), 211 fsparam_string("source", Opt_source), 212 fsparam_flag ("tcp", Opt_tcp), 213 fsparam_u32 ("timeo", Opt_timeo), 214 fsparam_flag_no("trunkdiscovery", Opt_trunkdiscovery), 215 fsparam_flag ("udp", Opt_udp), 216 fsparam_flag ("v2", Opt_v), 217 fsparam_flag ("v3", Opt_v), 218 fsparam_flag ("v4", Opt_v), 219 fsparam_flag ("v4.0", Opt_v), 220 fsparam_flag ("v4.1", Opt_v), 221 fsparam_flag ("v4.2", Opt_v), 222 fsparam_string("vers", Opt_vers), 223 fsparam_enum ("write", Opt_write, nfs_param_enums_write), 224 fsparam_u32 ("wsize", Opt_wsize), 225 fsparam_string("xprtsec", Opt_xprtsec), 226 fsparam_s32("cert_serial", Opt_cert_serial), 227 fsparam_s32("privkey_serial", Opt_privkey_serial), 228 {} 229 }; 230 231 enum { 232 Opt_vers_2, 233 Opt_vers_3, 234 Opt_vers_4, 235 Opt_vers_4_0, 236 Opt_vers_4_1, 237 Opt_vers_4_2, 238 }; 239 240 static const struct constant_table nfs_vers_tokens[] = { 241 { "2", Opt_vers_2 }, 242 { "3", Opt_vers_3 }, 243 { "4", Opt_vers_4 }, 244 { "4.0", Opt_vers_4_0 }, 245 { "4.1", Opt_vers_4_1 }, 246 { "4.2", Opt_vers_4_2 }, 247 {} 248 }; 249 250 enum { 251 Opt_xprt_rdma, 252 Opt_xprt_rdma6, 253 Opt_xprt_tcp, 254 Opt_xprt_tcp6, 255 Opt_xprt_udp, 256 Opt_xprt_udp6, 257 nr__Opt_xprt 258 }; 259 260 static const struct constant_table nfs_xprt_protocol_tokens[] = { 261 { "rdma", Opt_xprt_rdma }, 262 { "rdma6", Opt_xprt_rdma6 }, 263 { "tcp", Opt_xprt_tcp }, 264 { "tcp6", Opt_xprt_tcp6 }, 265 { "udp", Opt_xprt_udp }, 266 { "udp6", Opt_xprt_udp6 }, 267 {} 268 }; 269 270 enum { 271 Opt_sec_krb5, 272 Opt_sec_krb5i, 273 Opt_sec_krb5p, 274 Opt_sec_lkey, 275 Opt_sec_lkeyi, 276 Opt_sec_lkeyp, 277 Opt_sec_none, 278 Opt_sec_spkm, 279 Opt_sec_spkmi, 280 Opt_sec_spkmp, 281 Opt_sec_sys, 282 nr__Opt_sec 283 }; 284 285 static const struct constant_table nfs_secflavor_tokens[] = { 286 { "krb5", Opt_sec_krb5 }, 287 { "krb5i", Opt_sec_krb5i }, 288 { "krb5p", Opt_sec_krb5p }, 289 { "lkey", Opt_sec_lkey }, 290 { "lkeyi", Opt_sec_lkeyi }, 291 { "lkeyp", Opt_sec_lkeyp }, 292 { "none", Opt_sec_none }, 293 { "null", Opt_sec_none }, 294 { "spkm3", Opt_sec_spkm }, 295 { "spkm3i", Opt_sec_spkmi }, 296 { "spkm3p", Opt_sec_spkmp }, 297 { "sys", Opt_sec_sys }, 298 {} 299 }; 300 301 enum { 302 Opt_xprtsec_none, 303 Opt_xprtsec_tls, 304 Opt_xprtsec_mtls, 305 nr__Opt_xprtsec 306 }; 307 308 static const struct constant_table nfs_xprtsec_policies[] = { 309 { "none", Opt_xprtsec_none }, 310 { "tls", Opt_xprtsec_tls }, 311 { "mtls", Opt_xprtsec_mtls }, 312 {} 313 }; 314 315 static const struct constant_table nfs_rdirplus_tokens[] = { 316 { "none", Opt_rdirplus_none }, 317 { "force", Opt_rdirplus_force }, 318 {} 319 }; 320 321 /* 322 * Sanity-check a server address provided by the mount command. 323 * 324 * Address family must be initialized, and address must not be 325 * the ANY address for that family. 326 */ 327 static int nfs_verify_server_address(struct sockaddr_storage *addr) 328 { 329 switch (addr->ss_family) { 330 case AF_INET: { 331 struct sockaddr_in *sa = (struct sockaddr_in *)addr; 332 return sa->sin_addr.s_addr != htonl(INADDR_ANY); 333 } 334 case AF_INET6: { 335 struct in6_addr *sa = &((struct sockaddr_in6 *)addr)->sin6_addr; 336 return !ipv6_addr_any(sa); 337 } 338 } 339 340 return 0; 341 } 342 343 #ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT 344 static bool nfs_server_transport_udp_invalid(const struct nfs_fs_context *ctx) 345 { 346 return true; 347 } 348 #else 349 static bool nfs_server_transport_udp_invalid(const struct nfs_fs_context *ctx) 350 { 351 if (ctx->version == 4) 352 return true; 353 return false; 354 } 355 #endif 356 357 /* 358 * Sanity check the NFS transport protocol. 359 */ 360 static int nfs_validate_transport_protocol(struct fs_context *fc, 361 struct nfs_fs_context *ctx) 362 { 363 switch (ctx->nfs_server.protocol) { 364 case XPRT_TRANSPORT_UDP: 365 if (nfs_server_transport_udp_invalid(ctx)) 366 goto out_invalid_transport_udp; 367 break; 368 case XPRT_TRANSPORT_TCP: 369 case XPRT_TRANSPORT_RDMA: 370 break; 371 default: 372 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP; 373 } 374 375 if (ctx->xprtsec.policy != RPC_XPRTSEC_NONE) 376 switch (ctx->nfs_server.protocol) { 377 case XPRT_TRANSPORT_TCP: 378 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP_TLS; 379 break; 380 default: 381 goto out_invalid_xprtsec_policy; 382 } 383 384 return 0; 385 out_invalid_transport_udp: 386 return nfs_invalf(fc, "NFS: Unsupported transport protocol udp"); 387 out_invalid_xprtsec_policy: 388 return nfs_invalf(fc, "NFS: Transport does not support xprtsec"); 389 } 390 391 /* 392 * For text based NFSv2/v3 mounts, the mount protocol transport default 393 * settings should depend upon the specified NFS transport. 394 */ 395 static void nfs_set_mount_transport_protocol(struct nfs_fs_context *ctx) 396 { 397 if (ctx->mount_server.protocol == XPRT_TRANSPORT_UDP || 398 ctx->mount_server.protocol == XPRT_TRANSPORT_TCP) 399 return; 400 switch (ctx->nfs_server.protocol) { 401 case XPRT_TRANSPORT_UDP: 402 ctx->mount_server.protocol = XPRT_TRANSPORT_UDP; 403 break; 404 case XPRT_TRANSPORT_TCP: 405 case XPRT_TRANSPORT_RDMA: 406 ctx->mount_server.protocol = XPRT_TRANSPORT_TCP; 407 } 408 } 409 410 /* 411 * Add 'flavor' to 'auth_info' if not already present. 412 * Returns true if 'flavor' ends up in the list, false otherwise 413 */ 414 static int nfs_auth_info_add(struct fs_context *fc, 415 struct nfs_auth_info *auth_info, 416 rpc_authflavor_t flavor) 417 { 418 unsigned int i; 419 unsigned int max_flavor_len = ARRAY_SIZE(auth_info->flavors); 420 421 /* make sure this flavor isn't already in the list */ 422 for (i = 0; i < auth_info->flavor_len; i++) { 423 if (flavor == auth_info->flavors[i]) 424 return 0; 425 } 426 427 if (auth_info->flavor_len + 1 >= max_flavor_len) 428 return nfs_invalf(fc, "NFS: too many sec= flavors"); 429 430 auth_info->flavors[auth_info->flavor_len++] = flavor; 431 return 0; 432 } 433 434 /* 435 * Parse the value of the 'sec=' option. 436 */ 437 static int nfs_parse_security_flavors(struct fs_context *fc, 438 struct fs_parameter *param) 439 { 440 struct nfs_fs_context *ctx = nfs_fc2context(fc); 441 rpc_authflavor_t pseudoflavor; 442 char *string = param->string, *p; 443 int ret; 444 445 trace_nfs_mount_assign(param->key, string); 446 447 while ((p = strsep(&string, ":")) != NULL) { 448 if (!*p) 449 continue; 450 switch (lookup_constant(nfs_secflavor_tokens, p, -1)) { 451 case Opt_sec_none: 452 pseudoflavor = RPC_AUTH_NULL; 453 break; 454 case Opt_sec_sys: 455 pseudoflavor = RPC_AUTH_UNIX; 456 break; 457 case Opt_sec_krb5: 458 pseudoflavor = RPC_AUTH_GSS_KRB5; 459 break; 460 case Opt_sec_krb5i: 461 pseudoflavor = RPC_AUTH_GSS_KRB5I; 462 break; 463 case Opt_sec_krb5p: 464 pseudoflavor = RPC_AUTH_GSS_KRB5P; 465 break; 466 case Opt_sec_lkey: 467 pseudoflavor = RPC_AUTH_GSS_LKEY; 468 break; 469 case Opt_sec_lkeyi: 470 pseudoflavor = RPC_AUTH_GSS_LKEYI; 471 break; 472 case Opt_sec_lkeyp: 473 pseudoflavor = RPC_AUTH_GSS_LKEYP; 474 break; 475 case Opt_sec_spkm: 476 pseudoflavor = RPC_AUTH_GSS_SPKM; 477 break; 478 case Opt_sec_spkmi: 479 pseudoflavor = RPC_AUTH_GSS_SPKMI; 480 break; 481 case Opt_sec_spkmp: 482 pseudoflavor = RPC_AUTH_GSS_SPKMP; 483 break; 484 default: 485 return nfs_invalf(fc, "NFS: sec=%s option not recognized", p); 486 } 487 488 ret = nfs_auth_info_add(fc, &ctx->auth_info, pseudoflavor); 489 if (ret < 0) 490 return ret; 491 } 492 493 return 0; 494 } 495 496 static int nfs_parse_xprtsec_policy(struct fs_context *fc, 497 struct fs_parameter *param) 498 { 499 struct nfs_fs_context *ctx = nfs_fc2context(fc); 500 501 trace_nfs_mount_assign(param->key, param->string); 502 503 switch (lookup_constant(nfs_xprtsec_policies, param->string, -1)) { 504 case Opt_xprtsec_none: 505 ctx->xprtsec.policy = RPC_XPRTSEC_NONE; 506 break; 507 case Opt_xprtsec_tls: 508 ctx->xprtsec.policy = RPC_XPRTSEC_TLS_ANON; 509 break; 510 case Opt_xprtsec_mtls: 511 ctx->xprtsec.policy = RPC_XPRTSEC_TLS_X509; 512 break; 513 default: 514 return nfs_invalf(fc, "NFS: Unrecognized transport security policy"); 515 } 516 return 0; 517 } 518 519 static int nfs_parse_version_string(struct fs_context *fc, 520 const char *string) 521 { 522 struct nfs_fs_context *ctx = nfs_fc2context(fc); 523 524 ctx->flags &= ~NFS_MOUNT_VER3; 525 switch (lookup_constant(nfs_vers_tokens, string, -1)) { 526 case Opt_vers_2: 527 ctx->version = 2; 528 break; 529 case Opt_vers_3: 530 ctx->flags |= NFS_MOUNT_VER3; 531 ctx->version = 3; 532 break; 533 case Opt_vers_4: 534 /* Backward compatibility option. In future, 535 * the mount program should always supply 536 * a NFSv4 minor version number. 537 */ 538 ctx->version = 4; 539 break; 540 case Opt_vers_4_0: 541 ctx->version = 4; 542 ctx->minorversion = 0; 543 break; 544 case Opt_vers_4_1: 545 ctx->version = 4; 546 ctx->minorversion = 1; 547 break; 548 case Opt_vers_4_2: 549 ctx->version = 4; 550 ctx->minorversion = 2; 551 break; 552 default: 553 return nfs_invalf(fc, "NFS: Unsupported NFS version"); 554 } 555 return 0; 556 } 557 558 #ifdef CONFIG_KEYS 559 static int nfs_tls_key_verify(key_serial_t key_id) 560 { 561 struct key *key = key_lookup(key_id); 562 int error = 0; 563 564 if (IS_ERR(key)) { 565 pr_err("key id %08x not found\n", key_id); 566 return PTR_ERR(key); 567 } 568 if (test_bit(KEY_FLAG_REVOKED, &key->flags) || 569 test_bit(KEY_FLAG_INVALIDATED, &key->flags)) { 570 pr_err("key id %08x revoked\n", key_id); 571 error = -EKEYREVOKED; 572 } 573 574 key_put(key); 575 return error; 576 } 577 #else 578 static inline int nfs_tls_key_verify(key_serial_t key_id) 579 { 580 return -ENOENT; 581 } 582 #endif /* CONFIG_KEYS */ 583 584 /* 585 * Parse a single mount parameter. 586 */ 587 static int nfs_fs_context_parse_param(struct fs_context *fc, 588 struct fs_parameter *param) 589 { 590 struct fs_parse_result result; 591 struct nfs_fs_context *ctx = nfs_fc2context(fc); 592 unsigned short protofamily, mountfamily; 593 unsigned int len; 594 int ret, opt; 595 596 trace_nfs_mount_option(param); 597 598 opt = fs_parse(fc, nfs_fs_parameters, param, &result); 599 if (opt < 0) 600 return (opt == -ENOPARAM && ctx->sloppy) ? 1 : opt; 601 602 if (fc->security) 603 ctx->has_sec_mnt_opts = 1; 604 605 switch (opt) { 606 case Opt_source: 607 if (fc->source) 608 return nfs_invalf(fc, "NFS: Multiple sources not supported"); 609 fc->source = param->string; 610 param->string = NULL; 611 break; 612 613 /* 614 * boolean options: foo/nofoo 615 */ 616 case Opt_soft: 617 ctx->flags |= NFS_MOUNT_SOFT; 618 ctx->flags &= ~NFS_MOUNT_SOFTERR; 619 break; 620 case Opt_softerr: 621 ctx->flags |= NFS_MOUNT_SOFTERR | NFS_MOUNT_SOFTREVAL; 622 ctx->flags &= ~NFS_MOUNT_SOFT; 623 break; 624 case Opt_hard: 625 ctx->flags &= ~(NFS_MOUNT_SOFT | 626 NFS_MOUNT_SOFTERR | 627 NFS_MOUNT_SOFTREVAL); 628 break; 629 case Opt_softreval: 630 if (result.negated) 631 ctx->flags &= ~NFS_MOUNT_SOFTREVAL; 632 else 633 ctx->flags |= NFS_MOUNT_SOFTREVAL; 634 break; 635 case Opt_posix: 636 if (result.negated) 637 ctx->flags &= ~NFS_MOUNT_POSIX; 638 else 639 ctx->flags |= NFS_MOUNT_POSIX; 640 break; 641 case Opt_cto: 642 if (result.negated) 643 ctx->flags |= NFS_MOUNT_NOCTO; 644 else 645 ctx->flags &= ~NFS_MOUNT_NOCTO; 646 break; 647 case Opt_trunkdiscovery: 648 if (result.negated) 649 ctx->flags &= ~NFS_MOUNT_TRUNK_DISCOVERY; 650 else 651 ctx->flags |= NFS_MOUNT_TRUNK_DISCOVERY; 652 break; 653 case Opt_alignwrite: 654 if (result.negated) 655 ctx->flags |= NFS_MOUNT_NO_ALIGNWRITE; 656 else 657 ctx->flags &= ~NFS_MOUNT_NO_ALIGNWRITE; 658 break; 659 case Opt_ac: 660 if (result.negated) 661 ctx->flags |= NFS_MOUNT_NOAC; 662 else 663 ctx->flags &= ~NFS_MOUNT_NOAC; 664 break; 665 case Opt_lock: 666 if (result.negated) { 667 ctx->lock_status = NFS_LOCK_NOLOCK; 668 ctx->flags |= NFS_MOUNT_NONLM; 669 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK | NFS_MOUNT_LOCAL_FCNTL); 670 } else { 671 ctx->lock_status = NFS_LOCK_LOCK; 672 ctx->flags &= ~NFS_MOUNT_NONLM; 673 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK | NFS_MOUNT_LOCAL_FCNTL); 674 } 675 break; 676 case Opt_udp: 677 ctx->flags &= ~NFS_MOUNT_TCP; 678 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP; 679 break; 680 case Opt_tcp: 681 case Opt_rdma: 682 ctx->flags |= NFS_MOUNT_TCP; /* for side protocols */ 683 ret = xprt_find_transport_ident(param->key); 684 if (ret < 0) 685 goto out_bad_transport; 686 ctx->nfs_server.protocol = ret; 687 break; 688 case Opt_acl: 689 if (result.negated) 690 ctx->flags |= NFS_MOUNT_NOACL; 691 else 692 ctx->flags &= ~NFS_MOUNT_NOACL; 693 break; 694 case Opt_rdirplus: 695 if (result.negated) { 696 ctx->flags &= ~NFS_MOUNT_FORCE_RDIRPLUS; 697 ctx->flags |= NFS_MOUNT_NORDIRPLUS; 698 } else if (!param->string) { 699 ctx->flags &= ~(NFS_MOUNT_NORDIRPLUS | NFS_MOUNT_FORCE_RDIRPLUS); 700 } else { 701 switch (lookup_constant(nfs_rdirplus_tokens, param->string, -1)) { 702 case Opt_rdirplus_none: 703 ctx->flags &= ~NFS_MOUNT_FORCE_RDIRPLUS; 704 ctx->flags |= NFS_MOUNT_NORDIRPLUS; 705 break; 706 case Opt_rdirplus_force: 707 ctx->flags &= ~NFS_MOUNT_NORDIRPLUS; 708 ctx->flags |= NFS_MOUNT_FORCE_RDIRPLUS; 709 break; 710 default: 711 goto out_invalid_value; 712 } 713 } 714 break; 715 case Opt_sharecache: 716 if (result.negated) 717 ctx->flags |= NFS_MOUNT_UNSHARED; 718 else 719 ctx->flags &= ~NFS_MOUNT_UNSHARED; 720 break; 721 case Opt_resvport: 722 if (result.negated) 723 ctx->flags |= NFS_MOUNT_NORESVPORT; 724 else 725 ctx->flags &= ~NFS_MOUNT_NORESVPORT; 726 break; 727 case Opt_fscache_flag: 728 if (result.negated) 729 ctx->options &= ~NFS_OPTION_FSCACHE; 730 else 731 ctx->options |= NFS_OPTION_FSCACHE; 732 kfree(ctx->fscache_uniq); 733 ctx->fscache_uniq = NULL; 734 break; 735 case Opt_fscache: 736 trace_nfs_mount_assign(param->key, param->string); 737 ctx->options |= NFS_OPTION_FSCACHE; 738 kfree(ctx->fscache_uniq); 739 ctx->fscache_uniq = param->string; 740 param->string = NULL; 741 break; 742 case Opt_migration: 743 if (result.negated) 744 ctx->options &= ~NFS_OPTION_MIGRATION; 745 else 746 ctx->options |= NFS_OPTION_MIGRATION; 747 break; 748 749 /* 750 * options that take numeric values 751 */ 752 case Opt_port: 753 if (result.uint_32 > USHRT_MAX) 754 goto out_of_bounds; 755 ctx->nfs_server.port = result.uint_32; 756 break; 757 case Opt_rsize: 758 ctx->rsize = result.uint_32; 759 break; 760 case Opt_wsize: 761 ctx->wsize = result.uint_32; 762 break; 763 case Opt_bsize: 764 ctx->bsize = result.uint_32; 765 break; 766 case Opt_timeo: 767 if (result.uint_32 < 1 || result.uint_32 > INT_MAX) 768 goto out_of_bounds; 769 ctx->timeo = result.uint_32; 770 break; 771 case Opt_retrans: 772 if (result.uint_32 > INT_MAX) 773 goto out_of_bounds; 774 ctx->retrans = result.uint_32; 775 break; 776 case Opt_acregmin: 777 ctx->acregmin = result.uint_32; 778 break; 779 case Opt_acregmax: 780 ctx->acregmax = result.uint_32; 781 break; 782 case Opt_acdirmin: 783 ctx->acdirmin = result.uint_32; 784 break; 785 case Opt_acdirmax: 786 ctx->acdirmax = result.uint_32; 787 break; 788 case Opt_actimeo: 789 ctx->acregmin = result.uint_32; 790 ctx->acregmax = result.uint_32; 791 ctx->acdirmin = result.uint_32; 792 ctx->acdirmax = result.uint_32; 793 break; 794 case Opt_namelen: 795 ctx->namlen = result.uint_32; 796 break; 797 case Opt_mountport: 798 if (result.uint_32 > USHRT_MAX) 799 goto out_of_bounds; 800 ctx->mount_server.port = result.uint_32; 801 break; 802 case Opt_mountvers: 803 if (result.uint_32 < NFS_MNT_VERSION || 804 result.uint_32 > NFS_MNT3_VERSION) 805 goto out_of_bounds; 806 ctx->mount_server.version = result.uint_32; 807 break; 808 case Opt_minorversion: 809 if (result.uint_32 < NFS4_MIN_MINOR_VERSION || 810 result.uint_32 > NFS4_MAX_MINOR_VERSION) 811 goto out_of_bounds; 812 ctx->minorversion = result.uint_32; 813 break; 814 815 /* 816 * options that take text values 817 */ 818 case Opt_v: 819 ret = nfs_parse_version_string(fc, param->key + 1); 820 if (ret < 0) 821 return ret; 822 break; 823 case Opt_vers: 824 if (!param->string) 825 goto out_invalid_value; 826 trace_nfs_mount_assign(param->key, param->string); 827 ret = nfs_parse_version_string(fc, param->string); 828 if (ret < 0) 829 return ret; 830 break; 831 case Opt_sec: 832 ret = nfs_parse_security_flavors(fc, param); 833 if (ret < 0) 834 return ret; 835 break; 836 case Opt_xprtsec: 837 ret = nfs_parse_xprtsec_policy(fc, param); 838 if (ret < 0) 839 return ret; 840 break; 841 case Opt_cert_serial: 842 ret = nfs_tls_key_verify(result.int_32); 843 if (ret < 0) 844 return ret; 845 ctx->xprtsec.cert_serial = result.int_32; 846 break; 847 case Opt_privkey_serial: 848 ret = nfs_tls_key_verify(result.int_32); 849 if (ret < 0) 850 return ret; 851 ctx->xprtsec.privkey_serial = result.int_32; 852 break; 853 854 case Opt_proto: 855 if (!param->string) 856 goto out_invalid_value; 857 trace_nfs_mount_assign(param->key, param->string); 858 protofamily = AF_INET; 859 switch (lookup_constant(nfs_xprt_protocol_tokens, param->string, -1)) { 860 case Opt_xprt_udp6: 861 protofamily = AF_INET6; 862 fallthrough; 863 case Opt_xprt_udp: 864 ctx->flags &= ~NFS_MOUNT_TCP; 865 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP; 866 break; 867 case Opt_xprt_tcp6: 868 protofamily = AF_INET6; 869 fallthrough; 870 case Opt_xprt_tcp: 871 ctx->flags |= NFS_MOUNT_TCP; 872 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP; 873 break; 874 case Opt_xprt_rdma6: 875 protofamily = AF_INET6; 876 fallthrough; 877 case Opt_xprt_rdma: 878 /* vector side protocols to TCP */ 879 ctx->flags |= NFS_MOUNT_TCP; 880 ret = xprt_find_transport_ident(param->string); 881 if (ret < 0) 882 goto out_bad_transport; 883 ctx->nfs_server.protocol = ret; 884 break; 885 default: 886 goto out_bad_transport; 887 } 888 889 ctx->protofamily = protofamily; 890 break; 891 892 case Opt_mountproto: 893 if (!param->string) 894 goto out_invalid_value; 895 trace_nfs_mount_assign(param->key, param->string); 896 mountfamily = AF_INET; 897 switch (lookup_constant(nfs_xprt_protocol_tokens, param->string, -1)) { 898 case Opt_xprt_udp6: 899 mountfamily = AF_INET6; 900 fallthrough; 901 case Opt_xprt_udp: 902 ctx->mount_server.protocol = XPRT_TRANSPORT_UDP; 903 break; 904 case Opt_xprt_tcp6: 905 mountfamily = AF_INET6; 906 fallthrough; 907 case Opt_xprt_tcp: 908 ctx->mount_server.protocol = XPRT_TRANSPORT_TCP; 909 break; 910 case Opt_xprt_rdma: /* not used for side protocols */ 911 default: 912 goto out_bad_transport; 913 } 914 ctx->mountfamily = mountfamily; 915 break; 916 917 case Opt_addr: 918 trace_nfs_mount_assign(param->key, param->string); 919 len = rpc_pton(fc->net_ns, param->string, param->size, 920 &ctx->nfs_server.address, 921 sizeof(ctx->nfs_server._address)); 922 if (len == 0) 923 goto out_invalid_address; 924 ctx->nfs_server.addrlen = len; 925 break; 926 case Opt_clientaddr: 927 trace_nfs_mount_assign(param->key, param->string); 928 kfree(ctx->client_address); 929 ctx->client_address = param->string; 930 param->string = NULL; 931 break; 932 case Opt_mounthost: 933 trace_nfs_mount_assign(param->key, param->string); 934 kfree(ctx->mount_server.hostname); 935 ctx->mount_server.hostname = param->string; 936 param->string = NULL; 937 break; 938 case Opt_mountaddr: 939 trace_nfs_mount_assign(param->key, param->string); 940 len = rpc_pton(fc->net_ns, param->string, param->size, 941 &ctx->mount_server.address, 942 sizeof(ctx->mount_server._address)); 943 if (len == 0) 944 goto out_invalid_address; 945 ctx->mount_server.addrlen = len; 946 break; 947 case Opt_nconnect: 948 trace_nfs_mount_assign(param->key, param->string); 949 if (result.uint_32 < 1 || result.uint_32 > NFS_MAX_CONNECTIONS) 950 goto out_of_bounds; 951 ctx->nfs_server.nconnect = result.uint_32; 952 break; 953 case Opt_max_connect: 954 trace_nfs_mount_assign(param->key, param->string); 955 if (result.uint_32 < 1 || result.uint_32 > NFS_MAX_TRANSPORTS) 956 goto out_of_bounds; 957 ctx->nfs_server.max_connect = result.uint_32; 958 break; 959 case Opt_fatal_neterrors: 960 trace_nfs_mount_assign(param->key, param->string); 961 switch (result.uint_32) { 962 case Opt_fatal_neterrors_default: 963 if (fc->net_ns != &init_net) 964 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL; 965 else 966 ctx->flags &= ~NFS_MOUNT_NETUNREACH_FATAL; 967 break; 968 case Opt_fatal_neterrors_enetunreach: 969 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL; 970 break; 971 case Opt_fatal_neterrors_none: 972 ctx->flags &= ~NFS_MOUNT_NETUNREACH_FATAL; 973 break; 974 default: 975 goto out_invalid_value; 976 } 977 break; 978 case Opt_lookupcache: 979 trace_nfs_mount_assign(param->key, param->string); 980 switch (result.uint_32) { 981 case Opt_lookupcache_all: 982 ctx->flags &= ~(NFS_MOUNT_LOOKUP_CACHE_NONEG|NFS_MOUNT_LOOKUP_CACHE_NONE); 983 break; 984 case Opt_lookupcache_positive: 985 ctx->flags &= ~NFS_MOUNT_LOOKUP_CACHE_NONE; 986 ctx->flags |= NFS_MOUNT_LOOKUP_CACHE_NONEG; 987 break; 988 case Opt_lookupcache_none: 989 ctx->flags |= NFS_MOUNT_LOOKUP_CACHE_NONEG|NFS_MOUNT_LOOKUP_CACHE_NONE; 990 break; 991 default: 992 goto out_invalid_value; 993 } 994 break; 995 case Opt_local_lock: 996 trace_nfs_mount_assign(param->key, param->string); 997 switch (result.uint_32) { 998 case Opt_local_lock_all: 999 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK | 1000 NFS_MOUNT_LOCAL_FCNTL); 1001 break; 1002 case Opt_local_lock_flock: 1003 ctx->flags |= NFS_MOUNT_LOCAL_FLOCK; 1004 break; 1005 case Opt_local_lock_posix: 1006 ctx->flags |= NFS_MOUNT_LOCAL_FCNTL; 1007 break; 1008 case Opt_local_lock_none: 1009 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK | 1010 NFS_MOUNT_LOCAL_FCNTL); 1011 break; 1012 default: 1013 goto out_invalid_value; 1014 } 1015 break; 1016 case Opt_write: 1017 trace_nfs_mount_assign(param->key, param->string); 1018 switch (result.uint_32) { 1019 case Opt_write_lazy: 1020 ctx->flags &= 1021 ~(NFS_MOUNT_WRITE_EAGER | NFS_MOUNT_WRITE_WAIT); 1022 break; 1023 case Opt_write_eager: 1024 ctx->flags |= NFS_MOUNT_WRITE_EAGER; 1025 ctx->flags &= ~NFS_MOUNT_WRITE_WAIT; 1026 break; 1027 case Opt_write_wait: 1028 ctx->flags |= 1029 NFS_MOUNT_WRITE_EAGER | NFS_MOUNT_WRITE_WAIT; 1030 break; 1031 default: 1032 goto out_invalid_value; 1033 } 1034 break; 1035 1036 /* 1037 * Special options 1038 */ 1039 case Opt_sloppy: 1040 ctx->sloppy = true; 1041 break; 1042 } 1043 1044 return 0; 1045 1046 out_invalid_value: 1047 return nfs_invalf(fc, "NFS: Bad mount option value specified"); 1048 out_invalid_address: 1049 return nfs_invalf(fc, "NFS: Bad IP address specified"); 1050 out_of_bounds: 1051 return nfs_invalf(fc, "NFS: Value for '%s' out of range", param->key); 1052 out_bad_transport: 1053 return nfs_invalf(fc, "NFS: Unrecognized transport protocol"); 1054 } 1055 1056 /* 1057 * Split fc->source into "hostname:export_path". 1058 * 1059 * The leftmost colon demarks the split between the server's hostname 1060 * and the export path. If the hostname starts with a left square 1061 * bracket, then it may contain colons. 1062 * 1063 * Note: caller frees hostname and export path, even on error. 1064 */ 1065 static int nfs_parse_source(struct fs_context *fc, 1066 size_t maxnamlen, size_t maxpathlen) 1067 { 1068 struct nfs_fs_context *ctx = nfs_fc2context(fc); 1069 const char *dev_name = fc->source; 1070 size_t len; 1071 const char *end; 1072 1073 if (unlikely(!dev_name || !*dev_name)) 1074 return -EINVAL; 1075 1076 /* Is the host name protected with square brakcets? */ 1077 if (*dev_name == '[') { 1078 end = strchr(++dev_name, ']'); 1079 if (end == NULL || end[1] != ':') 1080 goto out_bad_devname; 1081 1082 len = end - dev_name; 1083 end++; 1084 } else { 1085 const char *comma; 1086 1087 end = strchr(dev_name, ':'); 1088 if (end == NULL) 1089 goto out_bad_devname; 1090 len = end - dev_name; 1091 1092 /* kill possible hostname list: not supported */ 1093 comma = memchr(dev_name, ',', len); 1094 if (comma) 1095 len = comma - dev_name; 1096 } 1097 1098 if (len > maxnamlen) 1099 goto out_hostname; 1100 1101 kfree(ctx->nfs_server.hostname); 1102 1103 /* N.B. caller will free nfs_server.hostname in all cases */ 1104 ctx->nfs_server.hostname = kmemdup_nul(dev_name, len, GFP_KERNEL); 1105 if (!ctx->nfs_server.hostname) 1106 goto out_nomem; 1107 len = strlen(++end); 1108 if (len > maxpathlen) 1109 goto out_path; 1110 ctx->nfs_server.export_path = kmemdup_nul(end, len, GFP_KERNEL); 1111 if (!ctx->nfs_server.export_path) 1112 goto out_nomem; 1113 1114 trace_nfs_mount_path(ctx->nfs_server.export_path); 1115 return 0; 1116 1117 out_bad_devname: 1118 return nfs_invalf(fc, "NFS: device name not in host:path format"); 1119 out_nomem: 1120 nfs_errorf(fc, "NFS: not enough memory to parse device name"); 1121 return -ENOMEM; 1122 out_hostname: 1123 nfs_errorf(fc, "NFS: server hostname too long"); 1124 return -ENAMETOOLONG; 1125 out_path: 1126 nfs_errorf(fc, "NFS: export pathname too long"); 1127 return -ENAMETOOLONG; 1128 } 1129 1130 static inline bool is_remount_fc(struct fs_context *fc) 1131 { 1132 return fc->root != NULL; 1133 } 1134 1135 /* 1136 * Parse monolithic NFS2/NFS3 mount data 1137 * - fills in the mount root filehandle 1138 * 1139 * For option strings, user space handles the following behaviors: 1140 * 1141 * + DNS: mapping server host name to IP address ("addr=" option) 1142 * 1143 * + failure mode: how to behave if a mount request can't be handled 1144 * immediately ("fg/bg" option) 1145 * 1146 * + retry: how often to retry a mount request ("retry=" option) 1147 * 1148 * + breaking back: trying proto=udp after proto=tcp, v2 after v3, 1149 * mountproto=tcp after mountproto=udp, and so on 1150 */ 1151 static int nfs23_parse_monolithic(struct fs_context *fc, 1152 struct nfs_mount_data *data) 1153 { 1154 struct nfs_fs_context *ctx = nfs_fc2context(fc); 1155 struct nfs_fh *mntfh = ctx->mntfh; 1156 struct sockaddr_storage *sap = &ctx->nfs_server._address; 1157 int extra_flags = NFS_MOUNT_LEGACY_INTERFACE; 1158 int ret; 1159 1160 if (data == NULL) 1161 goto out_no_data; 1162 1163 ctx->version = NFS_DEFAULT_VERSION; 1164 switch (data->version) { 1165 case 1: 1166 data->namlen = 0; 1167 fallthrough; 1168 case 2: 1169 data->bsize = 0; 1170 fallthrough; 1171 case 3: 1172 if (data->flags & NFS_MOUNT_VER3) 1173 goto out_no_v3; 1174 data->root.size = NFS2_FHSIZE; 1175 memcpy(data->root.data, data->old_root.data, NFS2_FHSIZE); 1176 /* Turn off security negotiation */ 1177 extra_flags |= NFS_MOUNT_SECFLAVOUR; 1178 fallthrough; 1179 case 4: 1180 if (data->flags & NFS_MOUNT_SECFLAVOUR) 1181 goto out_no_sec; 1182 fallthrough; 1183 case 5: 1184 memset(data->context, 0, sizeof(data->context)); 1185 fallthrough; 1186 case 6: 1187 if (data->flags & NFS_MOUNT_VER3) { 1188 if (data->root.size > NFS3_FHSIZE || data->root.size == 0) 1189 goto out_invalid_fh; 1190 mntfh->size = data->root.size; 1191 ctx->version = 3; 1192 } else { 1193 mntfh->size = NFS2_FHSIZE; 1194 ctx->version = 2; 1195 } 1196 1197 1198 memcpy(mntfh->data, data->root.data, mntfh->size); 1199 if (mntfh->size < sizeof(mntfh->data)) 1200 memset(mntfh->data + mntfh->size, 0, 1201 sizeof(mntfh->data) - mntfh->size); 1202 1203 /* 1204 * for proto == XPRT_TRANSPORT_UDP, which is what uses 1205 * to_exponential, implying shift: limit the shift value 1206 * to BITS_PER_LONG (majortimeo is unsigned long) 1207 */ 1208 if (!(data->flags & NFS_MOUNT_TCP)) /* this will be UDP */ 1209 if (data->retrans >= 64) /* shift value is too large */ 1210 goto out_invalid_data; 1211 1212 /* 1213 * Translate to nfs_fs_context, which nfs_fill_super 1214 * can deal with. 1215 */ 1216 ctx->flags = data->flags & NFS_MOUNT_FLAGMASK; 1217 ctx->flags |= extra_flags; 1218 ctx->rsize = data->rsize; 1219 ctx->wsize = data->wsize; 1220 ctx->timeo = data->timeo; 1221 ctx->retrans = data->retrans; 1222 ctx->acregmin = data->acregmin; 1223 ctx->acregmax = data->acregmax; 1224 ctx->acdirmin = data->acdirmin; 1225 ctx->acdirmax = data->acdirmax; 1226 ctx->need_mount = false; 1227 1228 if (!is_remount_fc(fc)) { 1229 memcpy(sap, &data->addr, sizeof(data->addr)); 1230 ctx->nfs_server.addrlen = sizeof(data->addr); 1231 ctx->nfs_server.port = ntohs(data->addr.sin_port); 1232 } 1233 1234 if (sap->ss_family != AF_INET || 1235 !nfs_verify_server_address(sap)) 1236 goto out_no_address; 1237 1238 if (!(data->flags & NFS_MOUNT_TCP)) 1239 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP; 1240 /* N.B. caller will free nfs_server.hostname in all cases */ 1241 ctx->nfs_server.hostname = kstrdup(data->hostname, GFP_KERNEL); 1242 if (!ctx->nfs_server.hostname) 1243 goto out_nomem; 1244 1245 ctx->namlen = data->namlen; 1246 ctx->bsize = data->bsize; 1247 1248 if (data->flags & NFS_MOUNT_SECFLAVOUR) 1249 ctx->selected_flavor = data->pseudoflavor; 1250 else 1251 ctx->selected_flavor = RPC_AUTH_UNIX; 1252 1253 if (!(data->flags & NFS_MOUNT_NONLM)) 1254 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK| 1255 NFS_MOUNT_LOCAL_FCNTL); 1256 else 1257 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK| 1258 NFS_MOUNT_LOCAL_FCNTL); 1259 1260 /* 1261 * The legacy version 6 binary mount data from userspace has a 1262 * field used only to transport selinux information into the 1263 * kernel. To continue to support that functionality we 1264 * have a touch of selinux knowledge here in the NFS code. The 1265 * userspace code converted context=blah to just blah so we are 1266 * converting back to the full string selinux understands. 1267 */ 1268 if (data->context[0]){ 1269 #ifdef CONFIG_SECURITY_SELINUX 1270 int ret; 1271 1272 data->context[NFS_MAX_CONTEXT_LEN] = '\0'; 1273 ret = vfs_parse_fs_string(fc, "context", data->context); 1274 if (ret < 0) 1275 return ret; 1276 #else 1277 return -EINVAL; 1278 #endif 1279 } 1280 1281 break; 1282 default: 1283 goto generic; 1284 } 1285 1286 ret = nfs_validate_transport_protocol(fc, ctx); 1287 if (ret) 1288 return ret; 1289 1290 ctx->skip_reconfig_option_check = true; 1291 return 0; 1292 1293 generic: 1294 return generic_parse_monolithic(fc, data); 1295 1296 out_no_data: 1297 if (is_remount_fc(fc)) { 1298 ctx->skip_reconfig_option_check = true; 1299 return 0; 1300 } 1301 return nfs_invalf(fc, "NFS: mount program didn't pass any mount data"); 1302 1303 out_no_v3: 1304 return nfs_invalf(fc, "NFS: nfs_mount_data version does not support v3"); 1305 1306 out_no_sec: 1307 return nfs_invalf(fc, "NFS: nfs_mount_data version supports only AUTH_SYS"); 1308 1309 out_nomem: 1310 return -ENOMEM; 1311 1312 out_no_address: 1313 return nfs_invalf(fc, "NFS: mount program didn't pass remote address"); 1314 1315 out_invalid_fh: 1316 return nfs_invalf(fc, "NFS: invalid root filehandle"); 1317 1318 out_invalid_data: 1319 return nfs_invalf(fc, "NFS: invalid binary mount data"); 1320 } 1321 1322 #if IS_ENABLED(CONFIG_NFS_V4) 1323 struct compat_nfs_string { 1324 compat_uint_t len; 1325 compat_uptr_t data; 1326 }; 1327 1328 static inline void compat_nfs_string(struct nfs_string *dst, 1329 struct compat_nfs_string *src) 1330 { 1331 dst->data = compat_ptr(src->data); 1332 dst->len = src->len; 1333 } 1334 1335 struct compat_nfs4_mount_data_v1 { 1336 compat_int_t version; 1337 compat_int_t flags; 1338 compat_int_t rsize; 1339 compat_int_t wsize; 1340 compat_int_t timeo; 1341 compat_int_t retrans; 1342 compat_int_t acregmin; 1343 compat_int_t acregmax; 1344 compat_int_t acdirmin; 1345 compat_int_t acdirmax; 1346 struct compat_nfs_string client_addr; 1347 struct compat_nfs_string mnt_path; 1348 struct compat_nfs_string hostname; 1349 compat_uint_t host_addrlen; 1350 compat_uptr_t host_addr; 1351 compat_int_t proto; 1352 compat_int_t auth_flavourlen; 1353 compat_uptr_t auth_flavours; 1354 }; 1355 1356 static void nfs4_compat_mount_data_conv(struct nfs4_mount_data *data) 1357 { 1358 struct compat_nfs4_mount_data_v1 *compat = 1359 (struct compat_nfs4_mount_data_v1 *)data; 1360 1361 /* copy the fields backwards */ 1362 data->auth_flavours = compat_ptr(compat->auth_flavours); 1363 data->auth_flavourlen = compat->auth_flavourlen; 1364 data->proto = compat->proto; 1365 data->host_addr = compat_ptr(compat->host_addr); 1366 data->host_addrlen = compat->host_addrlen; 1367 compat_nfs_string(&data->hostname, &compat->hostname); 1368 compat_nfs_string(&data->mnt_path, &compat->mnt_path); 1369 compat_nfs_string(&data->client_addr, &compat->client_addr); 1370 data->acdirmax = compat->acdirmax; 1371 data->acdirmin = compat->acdirmin; 1372 data->acregmax = compat->acregmax; 1373 data->acregmin = compat->acregmin; 1374 data->retrans = compat->retrans; 1375 data->timeo = compat->timeo; 1376 data->wsize = compat->wsize; 1377 data->rsize = compat->rsize; 1378 data->flags = compat->flags; 1379 data->version = compat->version; 1380 } 1381 1382 /* 1383 * Validate NFSv4 mount options 1384 */ 1385 static int nfs4_parse_monolithic(struct fs_context *fc, 1386 struct nfs4_mount_data *data) 1387 { 1388 struct nfs_fs_context *ctx = nfs_fc2context(fc); 1389 struct sockaddr_storage *sap = &ctx->nfs_server._address; 1390 int ret; 1391 char *c; 1392 1393 if (!data) { 1394 if (is_remount_fc(fc)) 1395 goto done; 1396 return nfs_invalf(fc, 1397 "NFS4: mount program didn't pass any mount data"); 1398 } 1399 1400 ctx->version = 4; 1401 1402 if (data->version != 1) 1403 return generic_parse_monolithic(fc, data); 1404 1405 if (in_compat_syscall()) 1406 nfs4_compat_mount_data_conv(data); 1407 1408 if (data->host_addrlen > sizeof(ctx->nfs_server.address)) 1409 goto out_no_address; 1410 if (data->host_addrlen == 0) 1411 goto out_no_address; 1412 ctx->nfs_server.addrlen = data->host_addrlen; 1413 if (copy_from_user(sap, data->host_addr, data->host_addrlen)) 1414 return -EFAULT; 1415 if (!nfs_verify_server_address(sap)) 1416 goto out_no_address; 1417 ctx->nfs_server.port = ntohs(((struct sockaddr_in *)sap)->sin_port); 1418 1419 if (data->auth_flavourlen) { 1420 rpc_authflavor_t pseudoflavor; 1421 1422 if (data->auth_flavourlen > 1) 1423 goto out_inval_auth; 1424 if (copy_from_user(&pseudoflavor, data->auth_flavours, 1425 sizeof(pseudoflavor))) 1426 return -EFAULT; 1427 ctx->selected_flavor = pseudoflavor; 1428 } else { 1429 ctx->selected_flavor = RPC_AUTH_UNIX; 1430 } 1431 1432 c = strndup_user(data->hostname.data, NFS4_MAXNAMLEN); 1433 if (IS_ERR(c)) 1434 return PTR_ERR(c); 1435 ctx->nfs_server.hostname = c; 1436 1437 c = strndup_user(data->mnt_path.data, NFS4_MAXPATHLEN); 1438 if (IS_ERR(c)) 1439 return PTR_ERR(c); 1440 ctx->nfs_server.export_path = c; 1441 trace_nfs_mount_path(c); 1442 1443 c = strndup_user(data->client_addr.data, 16); 1444 if (IS_ERR(c)) 1445 return PTR_ERR(c); 1446 ctx->client_address = c; 1447 1448 /* 1449 * Translate to nfs_fs_context, which nfs_fill_super 1450 * can deal with. 1451 */ 1452 1453 ctx->flags = data->flags & NFS4_MOUNT_FLAGMASK; 1454 ctx->rsize = data->rsize; 1455 ctx->wsize = data->wsize; 1456 ctx->timeo = data->timeo; 1457 ctx->retrans = data->retrans; 1458 ctx->acregmin = data->acregmin; 1459 ctx->acregmax = data->acregmax; 1460 ctx->acdirmin = data->acdirmin; 1461 ctx->acdirmax = data->acdirmax; 1462 ctx->nfs_server.protocol = data->proto; 1463 ret = nfs_validate_transport_protocol(fc, ctx); 1464 if (ret) 1465 return ret; 1466 done: 1467 ctx->skip_reconfig_option_check = true; 1468 return 0; 1469 1470 out_inval_auth: 1471 return nfs_invalf(fc, "NFS4: Invalid number of RPC auth flavours %d", 1472 data->auth_flavourlen); 1473 1474 out_no_address: 1475 return nfs_invalf(fc, "NFS4: mount program didn't pass remote address"); 1476 } 1477 #endif 1478 1479 /* 1480 * Parse a monolithic block of data from sys_mount(). 1481 */ 1482 static int nfs_fs_context_parse_monolithic(struct fs_context *fc, 1483 void *data) 1484 { 1485 if (fc->fs_type == &nfs_fs_type) 1486 return nfs23_parse_monolithic(fc, data); 1487 1488 #if IS_ENABLED(CONFIG_NFS_V4) 1489 if (fc->fs_type == &nfs4_fs_type) 1490 return nfs4_parse_monolithic(fc, data); 1491 #endif 1492 1493 return nfs_invalf(fc, "NFS: Unsupported monolithic data version"); 1494 } 1495 1496 /* 1497 * Validate the preparsed information in the config. 1498 */ 1499 static int nfs_fs_context_validate(struct fs_context *fc) 1500 { 1501 struct nfs_fs_context *ctx = nfs_fc2context(fc); 1502 struct nfs_subversion *nfs_mod; 1503 struct sockaddr_storage *sap = &ctx->nfs_server._address; 1504 int max_namelen = PAGE_SIZE; 1505 int max_pathlen = NFS_MAXPATHLEN; 1506 int port = 0; 1507 int ret; 1508 1509 if (!fc->source) 1510 goto out_no_device_name; 1511 1512 /* Check for sanity first. */ 1513 if (ctx->minorversion && ctx->version != 4) 1514 goto out_minorversion_mismatch; 1515 1516 if (ctx->options & NFS_OPTION_MIGRATION && 1517 (ctx->version != 4 || ctx->minorversion != 0)) 1518 goto out_migration_misuse; 1519 1520 /* Verify that any proto=/mountproto= options match the address 1521 * families in the addr=/mountaddr= options. 1522 */ 1523 if (ctx->protofamily != AF_UNSPEC && 1524 ctx->protofamily != ctx->nfs_server.address.sa_family) 1525 goto out_proto_mismatch; 1526 1527 if (ctx->mountfamily != AF_UNSPEC) { 1528 if (ctx->mount_server.addrlen) { 1529 if (ctx->mountfamily != ctx->mount_server.address.sa_family) 1530 goto out_mountproto_mismatch; 1531 } else { 1532 if (ctx->mountfamily != ctx->nfs_server.address.sa_family) 1533 goto out_mountproto_mismatch; 1534 } 1535 } 1536 1537 if (!nfs_verify_server_address(sap)) 1538 goto out_no_address; 1539 1540 ret = nfs_validate_transport_protocol(fc, ctx); 1541 if (ret) 1542 return ret; 1543 1544 if (ctx->version == 4) { 1545 if (IS_ENABLED(CONFIG_NFS_V4)) { 1546 if (ctx->nfs_server.protocol == XPRT_TRANSPORT_RDMA) 1547 port = NFS_RDMA_PORT; 1548 else 1549 port = NFS_PORT; 1550 max_namelen = NFS4_MAXNAMLEN; 1551 max_pathlen = NFS4_MAXPATHLEN; 1552 ctx->flags &= ~(NFS_MOUNT_NONLM | NFS_MOUNT_NOACL | 1553 NFS_MOUNT_VER3 | NFS_MOUNT_LOCAL_FLOCK | 1554 NFS_MOUNT_LOCAL_FCNTL); 1555 } else { 1556 goto out_v4_not_compiled; 1557 } 1558 } else { 1559 nfs_set_mount_transport_protocol(ctx); 1560 if (ctx->nfs_server.protocol == XPRT_TRANSPORT_RDMA) 1561 port = NFS_RDMA_PORT; 1562 } 1563 1564 nfs_set_port(sap, &ctx->nfs_server.port, port); 1565 1566 ret = nfs_parse_source(fc, max_namelen, max_pathlen); 1567 if (ret < 0) 1568 return ret; 1569 1570 /* Load the NFS protocol module if we haven't done so yet */ 1571 if (!ctx->nfs_mod) { 1572 nfs_mod = find_nfs_version(ctx->version); 1573 if (IS_ERR(nfs_mod)) { 1574 ret = PTR_ERR(nfs_mod); 1575 goto out_version_unavailable; 1576 } 1577 ctx->nfs_mod = nfs_mod; 1578 } 1579 1580 /* Ensure the filesystem context has the correct fs_type */ 1581 if (fc->fs_type != ctx->nfs_mod->nfs_fs) { 1582 module_put(fc->fs_type->owner); 1583 __module_get(ctx->nfs_mod->nfs_fs->owner); 1584 fc->fs_type = ctx->nfs_mod->nfs_fs; 1585 } 1586 return 0; 1587 1588 out_no_device_name: 1589 return nfs_invalf(fc, "NFS: Device name not specified"); 1590 out_v4_not_compiled: 1591 nfs_errorf(fc, "NFS: NFSv4 is not compiled into kernel"); 1592 return -EPROTONOSUPPORT; 1593 out_no_address: 1594 return nfs_invalf(fc, "NFS: mount program didn't pass remote address"); 1595 out_mountproto_mismatch: 1596 return nfs_invalf(fc, "NFS: Mount server address does not match mountproto= option"); 1597 out_proto_mismatch: 1598 return nfs_invalf(fc, "NFS: Server address does not match proto= option"); 1599 out_minorversion_mismatch: 1600 return nfs_invalf(fc, "NFS: Mount option vers=%u does not support minorversion=%u", 1601 ctx->version, ctx->minorversion); 1602 out_migration_misuse: 1603 return nfs_invalf(fc, "NFS: 'Migration' not supported for this NFS version"); 1604 out_version_unavailable: 1605 nfs_errorf(fc, "NFS: Version unavailable"); 1606 return ret; 1607 } 1608 1609 /* 1610 * Create an NFS superblock by the appropriate method. 1611 */ 1612 static int nfs_get_tree(struct fs_context *fc) 1613 { 1614 struct nfs_fs_context *ctx = nfs_fc2context(fc); 1615 int err = nfs_fs_context_validate(fc); 1616 1617 if (err) 1618 return err; 1619 if (!ctx->internal) 1620 return ctx->nfs_mod->rpc_ops->try_get_tree(fc); 1621 else 1622 return nfs_get_tree_common(fc); 1623 } 1624 1625 /* 1626 * Handle duplication of a configuration. The caller copied *src into *sc, but 1627 * it can't deal with resource pointers in the filesystem context, so we have 1628 * to do that. We need to clear pointers, copy data or get extra refs as 1629 * appropriate. 1630 */ 1631 static int nfs_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc) 1632 { 1633 struct nfs_fs_context *src = nfs_fc2context(src_fc), *ctx; 1634 1635 ctx = kmemdup(src, sizeof(struct nfs_fs_context), GFP_KERNEL); 1636 if (!ctx) 1637 return -ENOMEM; 1638 1639 ctx->mntfh = nfs_alloc_fhandle(); 1640 if (!ctx->mntfh) { 1641 kfree(ctx); 1642 return -ENOMEM; 1643 } 1644 nfs_copy_fh(ctx->mntfh, src->mntfh); 1645 1646 get_nfs_version(ctx->nfs_mod); 1647 ctx->client_address = NULL; 1648 ctx->mount_server.hostname = NULL; 1649 ctx->nfs_server.export_path = NULL; 1650 ctx->nfs_server.hostname = NULL; 1651 ctx->fscache_uniq = NULL; 1652 ctx->clone_data.fattr = NULL; 1653 fc->fs_private = ctx; 1654 return 0; 1655 } 1656 1657 static void nfs_fs_context_free(struct fs_context *fc) 1658 { 1659 struct nfs_fs_context *ctx = nfs_fc2context(fc); 1660 1661 if (ctx) { 1662 if (ctx->server) 1663 nfs_free_server(ctx->server); 1664 if (ctx->nfs_mod) 1665 put_nfs_version(ctx->nfs_mod); 1666 kfree(ctx->client_address); 1667 kfree(ctx->mount_server.hostname); 1668 kfree(ctx->nfs_server.export_path); 1669 kfree(ctx->nfs_server.hostname); 1670 kfree(ctx->fscache_uniq); 1671 nfs_free_fhandle(ctx->mntfh); 1672 nfs_free_fattr(ctx->clone_data.fattr); 1673 kfree(ctx); 1674 } 1675 } 1676 1677 static const struct fs_context_operations nfs_fs_context_ops = { 1678 .free = nfs_fs_context_free, 1679 .dup = nfs_fs_context_dup, 1680 .parse_param = nfs_fs_context_parse_param, 1681 .parse_monolithic = nfs_fs_context_parse_monolithic, 1682 .get_tree = nfs_get_tree, 1683 .reconfigure = nfs_reconfigure, 1684 }; 1685 1686 /* 1687 * Prepare superblock configuration. We use the namespaces attached to the 1688 * context. This may be the current process's namespaces, or it may be a 1689 * container's namespaces. 1690 */ 1691 static int nfs_init_fs_context(struct fs_context *fc) 1692 { 1693 struct nfs_fs_context *ctx; 1694 1695 ctx = kzalloc(sizeof(struct nfs_fs_context), GFP_KERNEL); 1696 if (unlikely(!ctx)) 1697 return -ENOMEM; 1698 1699 ctx->mntfh = nfs_alloc_fhandle(); 1700 if (unlikely(!ctx->mntfh)) { 1701 kfree(ctx); 1702 return -ENOMEM; 1703 } 1704 1705 ctx->protofamily = AF_UNSPEC; 1706 ctx->mountfamily = AF_UNSPEC; 1707 ctx->mount_server.port = NFS_UNSPEC_PORT; 1708 1709 if (fc->root) { 1710 /* reconfigure, start with the current config */ 1711 struct nfs_server *nfss = fc->root->d_sb->s_fs_info; 1712 struct net *net = nfss->nfs_client->cl_net; 1713 1714 ctx->flags = nfss->flags; 1715 ctx->rsize = nfss->rsize; 1716 ctx->wsize = nfss->wsize; 1717 ctx->retrans = nfss->client->cl_timeout->to_retries; 1718 ctx->selected_flavor = nfss->client->cl_auth->au_flavor; 1719 ctx->acregmin = nfss->acregmin / HZ; 1720 ctx->acregmax = nfss->acregmax / HZ; 1721 ctx->acdirmin = nfss->acdirmin / HZ; 1722 ctx->acdirmax = nfss->acdirmax / HZ; 1723 ctx->timeo = 10U * nfss->client->cl_timeout->to_initval / HZ; 1724 ctx->nfs_server.port = nfss->port; 1725 ctx->nfs_server.addrlen = nfss->nfs_client->cl_addrlen; 1726 ctx->version = nfss->nfs_client->rpc_ops->version; 1727 ctx->minorversion = nfss->nfs_client->cl_minorversion; 1728 1729 memcpy(&ctx->nfs_server._address, &nfss->nfs_client->cl_addr, 1730 ctx->nfs_server.addrlen); 1731 1732 if (fc->net_ns != net) { 1733 put_net(fc->net_ns); 1734 fc->net_ns = get_net(net); 1735 } 1736 1737 ctx->nfs_mod = nfss->nfs_client->cl_nfs_mod; 1738 get_nfs_version(ctx->nfs_mod); 1739 } else { 1740 /* defaults */ 1741 ctx->timeo = NFS_UNSPEC_TIMEO; 1742 ctx->retrans = NFS_UNSPEC_RETRANS; 1743 ctx->acregmin = NFS_DEF_ACREGMIN; 1744 ctx->acregmax = NFS_DEF_ACREGMAX; 1745 ctx->acdirmin = NFS_DEF_ACDIRMIN; 1746 ctx->acdirmax = NFS_DEF_ACDIRMAX; 1747 ctx->nfs_server.port = NFS_UNSPEC_PORT; 1748 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP; 1749 ctx->selected_flavor = RPC_AUTH_MAXFLAVOR; 1750 ctx->minorversion = 0; 1751 ctx->need_mount = true; 1752 ctx->xprtsec.policy = RPC_XPRTSEC_NONE; 1753 ctx->xprtsec.cert_serial = TLS_NO_CERT; 1754 ctx->xprtsec.privkey_serial = TLS_NO_PRIVKEY; 1755 1756 if (fc->net_ns != &init_net) 1757 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL; 1758 1759 fc->s_iflags |= SB_I_STABLE_WRITES; 1760 } 1761 fc->fs_private = ctx; 1762 fc->ops = &nfs_fs_context_ops; 1763 return 0; 1764 } 1765 1766 struct file_system_type nfs_fs_type = { 1767 .owner = THIS_MODULE, 1768 .name = "nfs", 1769 .init_fs_context = nfs_init_fs_context, 1770 .parameters = nfs_fs_parameters, 1771 .kill_sb = nfs_kill_super, 1772 .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA, 1773 }; 1774 MODULE_ALIAS_FS("nfs"); 1775 EXPORT_SYMBOL_GPL(nfs_fs_type); 1776 1777 #if IS_ENABLED(CONFIG_NFS_V4) 1778 struct file_system_type nfs4_fs_type = { 1779 .owner = THIS_MODULE, 1780 .name = "nfs4", 1781 .init_fs_context = nfs_init_fs_context, 1782 .parameters = nfs_fs_parameters, 1783 .kill_sb = nfs_kill_super, 1784 .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA, 1785 }; 1786 MODULE_ALIAS_FS("nfs4"); 1787 MODULE_ALIAS("nfs4"); 1788 EXPORT_SYMBOL_GPL(nfs4_fs_type); 1789 #endif /* CONFIG_NFS_V4 */ 1790