1 /* 2 * Copyright (C) Neil Brown 2002 3 * Copyright (C) Christoph Hellwig 2007 4 * 5 * This file contains the code mapping from inodes to NFS file handles, 6 * and for mapping back from file handles to dentries. 7 * 8 * For details on why we do all the strange and hairy things in here 9 * take a look at Documentation/filesystems/nfs/Exporting. 10 */ 11 #include <linux/exportfs.h> 12 #include <linux/fs.h> 13 #include <linux/file.h> 14 #include <linux/module.h> 15 #include <linux/mount.h> 16 #include <linux/namei.h> 17 #include <linux/sched.h> 18 19 #define dprintk(fmt, args...) do{}while(0) 20 21 22 static int get_name(const struct path *path, char *name, struct dentry *child); 23 24 25 static int exportfs_get_name(struct vfsmount *mnt, struct dentry *dir, 26 char *name, struct dentry *child) 27 { 28 const struct export_operations *nop = dir->d_sb->s_export_op; 29 struct path path = {.mnt = mnt, .dentry = dir}; 30 31 if (nop->get_name) 32 return nop->get_name(dir, name, child); 33 else 34 return get_name(&path, name, child); 35 } 36 37 /* 38 * Check if the dentry or any of it's aliases is acceptable. 39 */ 40 static struct dentry * 41 find_acceptable_alias(struct dentry *result, 42 int (*acceptable)(void *context, struct dentry *dentry), 43 void *context) 44 { 45 struct dentry *dentry, *toput = NULL; 46 struct inode *inode; 47 48 if (acceptable(context, result)) 49 return result; 50 51 inode = result->d_inode; 52 spin_lock(&inode->i_lock); 53 hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { 54 dget(dentry); 55 spin_unlock(&inode->i_lock); 56 if (toput) 57 dput(toput); 58 if (dentry != result && acceptable(context, dentry)) { 59 dput(result); 60 return dentry; 61 } 62 spin_lock(&inode->i_lock); 63 toput = dentry; 64 } 65 spin_unlock(&inode->i_lock); 66 67 if (toput) 68 dput(toput); 69 return NULL; 70 } 71 72 static bool dentry_connected(struct dentry *dentry) 73 { 74 dget(dentry); 75 while (dentry->d_flags & DCACHE_DISCONNECTED) { 76 struct dentry *parent = dget_parent(dentry); 77 78 dput(dentry); 79 if (IS_ROOT(dentry)) { 80 dput(parent); 81 return false; 82 } 83 dentry = parent; 84 } 85 dput(dentry); 86 return true; 87 } 88 89 static void clear_disconnected(struct dentry *dentry) 90 { 91 dget(dentry); 92 while (dentry->d_flags & DCACHE_DISCONNECTED) { 93 struct dentry *parent = dget_parent(dentry); 94 95 WARN_ON_ONCE(IS_ROOT(dentry)); 96 97 spin_lock(&dentry->d_lock); 98 dentry->d_flags &= ~DCACHE_DISCONNECTED; 99 spin_unlock(&dentry->d_lock); 100 101 dput(dentry); 102 dentry = parent; 103 } 104 dput(dentry); 105 } 106 107 /* 108 * Reconnect a directory dentry with its parent. 109 * 110 * This can return a dentry, or NULL, or an error. 111 * 112 * In the first case the returned dentry is the parent of the given 113 * dentry, and may itself need to be reconnected to its parent. 114 * 115 * In the NULL case, a concurrent VFS operation has either renamed or 116 * removed this directory. The concurrent operation has reconnected our 117 * dentry, so we no longer need to. 118 */ 119 static struct dentry *reconnect_one(struct vfsmount *mnt, 120 struct dentry *dentry, char *nbuf) 121 { 122 struct dentry *parent; 123 struct dentry *tmp; 124 int err; 125 126 parent = ERR_PTR(-EACCES); 127 inode_lock(dentry->d_inode); 128 if (mnt->mnt_sb->s_export_op->get_parent) 129 parent = mnt->mnt_sb->s_export_op->get_parent(dentry); 130 inode_unlock(dentry->d_inode); 131 132 if (IS_ERR(parent)) { 133 dprintk("%s: get_parent of %ld failed, err %d\n", 134 __func__, dentry->d_inode->i_ino, PTR_ERR(parent)); 135 return parent; 136 } 137 138 dprintk("%s: find name of %lu in %lu\n", __func__, 139 dentry->d_inode->i_ino, parent->d_inode->i_ino); 140 err = exportfs_get_name(mnt, parent, nbuf, dentry); 141 if (err == -ENOENT) 142 goto out_reconnected; 143 if (err) 144 goto out_err; 145 dprintk("%s: found name: %s\n", __func__, nbuf); 146 tmp = lookup_one_len_unlocked(nbuf, parent, strlen(nbuf)); 147 if (IS_ERR(tmp)) { 148 dprintk("%s: lookup failed: %d\n", __func__, PTR_ERR(tmp)); 149 goto out_err; 150 } 151 if (tmp != dentry) { 152 /* 153 * Somebody has renamed it since exportfs_get_name(); 154 * great, since it could've only been renamed if it 155 * got looked up and thus connected, and it would 156 * remain connected afterwards. We are done. 157 */ 158 dput(tmp); 159 goto out_reconnected; 160 } 161 dput(tmp); 162 if (IS_ROOT(dentry)) { 163 err = -ESTALE; 164 goto out_err; 165 } 166 return parent; 167 168 out_err: 169 dput(parent); 170 return ERR_PTR(err); 171 out_reconnected: 172 dput(parent); 173 /* 174 * Someone must have renamed our entry into another parent, in 175 * which case it has been reconnected by the rename. 176 * 177 * Or someone removed it entirely, in which case filehandle 178 * lookup will succeed but the directory is now IS_DEAD and 179 * subsequent operations on it will fail. 180 * 181 * Alternatively, maybe there was no race at all, and the 182 * filesystem is just corrupt and gave us a parent that doesn't 183 * actually contain any entry pointing to this inode. So, 184 * double check that this worked and return -ESTALE if not: 185 */ 186 if (!dentry_connected(dentry)) 187 return ERR_PTR(-ESTALE); 188 return NULL; 189 } 190 191 /* 192 * Make sure target_dir is fully connected to the dentry tree. 193 * 194 * On successful return, DCACHE_DISCONNECTED will be cleared on 195 * target_dir, and target_dir->d_parent->...->d_parent will reach the 196 * root of the filesystem. 197 * 198 * Whenever DCACHE_DISCONNECTED is unset, target_dir is fully connected. 199 * But the converse is not true: target_dir may have DCACHE_DISCONNECTED 200 * set but already be connected. In that case we'll verify the 201 * connection to root and then clear the flag. 202 * 203 * Note that target_dir could be removed by a concurrent operation. In 204 * that case reconnect_path may still succeed with target_dir fully 205 * connected, but further operations using the filehandle will fail when 206 * necessary (due to S_DEAD being set on the directory). 207 */ 208 static int 209 reconnect_path(struct vfsmount *mnt, struct dentry *target_dir, char *nbuf) 210 { 211 struct dentry *dentry, *parent; 212 213 dentry = dget(target_dir); 214 215 while (dentry->d_flags & DCACHE_DISCONNECTED) { 216 BUG_ON(dentry == mnt->mnt_sb->s_root); 217 218 if (IS_ROOT(dentry)) 219 parent = reconnect_one(mnt, dentry, nbuf); 220 else 221 parent = dget_parent(dentry); 222 223 if (!parent) 224 break; 225 dput(dentry); 226 if (IS_ERR(parent)) 227 return PTR_ERR(parent); 228 dentry = parent; 229 } 230 dput(dentry); 231 clear_disconnected(target_dir); 232 return 0; 233 } 234 235 struct getdents_callback { 236 struct dir_context ctx; 237 char *name; /* name that was found. It already points to a 238 buffer NAME_MAX+1 is size */ 239 u64 ino; /* the inum we are looking for */ 240 int found; /* inode matched? */ 241 int sequence; /* sequence counter */ 242 }; 243 244 /* 245 * A rather strange filldir function to capture 246 * the name matching the specified inode number. 247 */ 248 static int filldir_one(struct dir_context *ctx, const char *name, int len, 249 loff_t pos, u64 ino, unsigned int d_type) 250 { 251 struct getdents_callback *buf = 252 container_of(ctx, struct getdents_callback, ctx); 253 int result = 0; 254 255 buf->sequence++; 256 if (buf->ino == ino && len <= NAME_MAX) { 257 memcpy(buf->name, name, len); 258 buf->name[len] = '\0'; 259 buf->found = 1; 260 result = -1; 261 } 262 return result; 263 } 264 265 /** 266 * get_name - default export_operations->get_name function 267 * @path: the directory in which to find a name 268 * @name: a pointer to a %NAME_MAX+1 char buffer to store the name 269 * @child: the dentry for the child directory. 270 * 271 * calls readdir on the parent until it finds an entry with 272 * the same inode number as the child, and returns that. 273 */ 274 static int get_name(const struct path *path, char *name, struct dentry *child) 275 { 276 const struct cred *cred = current_cred(); 277 struct inode *dir = path->dentry->d_inode; 278 int error; 279 struct file *file; 280 struct kstat stat; 281 struct path child_path = { 282 .mnt = path->mnt, 283 .dentry = child, 284 }; 285 struct getdents_callback buffer = { 286 .ctx.actor = filldir_one, 287 .name = name, 288 }; 289 290 error = -ENOTDIR; 291 if (!dir || !S_ISDIR(dir->i_mode)) 292 goto out; 293 error = -EINVAL; 294 if (!dir->i_fop) 295 goto out; 296 /* 297 * inode->i_ino is unsigned long, kstat->ino is u64, so the 298 * former would be insufficient on 32-bit hosts when the 299 * filesystem supports 64-bit inode numbers. So we need to 300 * actually call ->getattr, not just read i_ino: 301 */ 302 error = vfs_getattr_nosec(&child_path, &stat, 303 STATX_INO, AT_STATX_SYNC_AS_STAT); 304 if (error) 305 return error; 306 buffer.ino = stat.ino; 307 /* 308 * Open the directory ... 309 */ 310 file = dentry_open(path, O_RDONLY, cred); 311 error = PTR_ERR(file); 312 if (IS_ERR(file)) 313 goto out; 314 315 error = -EINVAL; 316 if (!file->f_op->iterate && !file->f_op->iterate_shared) 317 goto out_close; 318 319 buffer.sequence = 0; 320 while (1) { 321 int old_seq = buffer.sequence; 322 323 error = iterate_dir(file, &buffer.ctx); 324 if (buffer.found) { 325 error = 0; 326 break; 327 } 328 329 if (error < 0) 330 break; 331 332 error = -ENOENT; 333 if (old_seq == buffer.sequence) 334 break; 335 } 336 337 out_close: 338 fput(file); 339 out: 340 return error; 341 } 342 343 /** 344 * export_encode_fh - default export_operations->encode_fh function 345 * @inode: the object to encode 346 * @fid: where to store the file handle fragment 347 * @max_len: maximum length to store there 348 * @parent: parent directory inode, if wanted 349 * 350 * This default encode_fh function assumes that the 32 inode number 351 * is suitable for locating an inode, and that the generation number 352 * can be used to check that it is still valid. It places them in the 353 * filehandle fragment where export_decode_fh expects to find them. 354 */ 355 static int export_encode_fh(struct inode *inode, struct fid *fid, 356 int *max_len, struct inode *parent) 357 { 358 int len = *max_len; 359 int type = FILEID_INO32_GEN; 360 361 if (parent && (len < 4)) { 362 *max_len = 4; 363 return FILEID_INVALID; 364 } else if (len < 2) { 365 *max_len = 2; 366 return FILEID_INVALID; 367 } 368 369 len = 2; 370 fid->i32.ino = inode->i_ino; 371 fid->i32.gen = inode->i_generation; 372 if (parent) { 373 fid->i32.parent_ino = parent->i_ino; 374 fid->i32.parent_gen = parent->i_generation; 375 len = 4; 376 type = FILEID_INO32_GEN_PARENT; 377 } 378 *max_len = len; 379 return type; 380 } 381 382 int exportfs_encode_inode_fh(struct inode *inode, struct fid *fid, 383 int *max_len, struct inode *parent) 384 { 385 const struct export_operations *nop = inode->i_sb->s_export_op; 386 387 if (nop && nop->encode_fh) 388 return nop->encode_fh(inode, fid->raw, max_len, parent); 389 390 return export_encode_fh(inode, fid, max_len, parent); 391 } 392 EXPORT_SYMBOL_GPL(exportfs_encode_inode_fh); 393 394 int exportfs_encode_fh(struct dentry *dentry, struct fid *fid, int *max_len, 395 int connectable) 396 { 397 int error; 398 struct dentry *p = NULL; 399 struct inode *inode = dentry->d_inode, *parent = NULL; 400 401 if (connectable && !S_ISDIR(inode->i_mode)) { 402 p = dget_parent(dentry); 403 /* 404 * note that while p might've ceased to be our parent already, 405 * it's still pinned by and still positive. 406 */ 407 parent = p->d_inode; 408 } 409 410 error = exportfs_encode_inode_fh(inode, fid, max_len, parent); 411 dput(p); 412 413 return error; 414 } 415 EXPORT_SYMBOL_GPL(exportfs_encode_fh); 416 417 struct dentry *exportfs_decode_fh(struct vfsmount *mnt, struct fid *fid, 418 int fh_len, int fileid_type, 419 int (*acceptable)(void *, struct dentry *), void *context) 420 { 421 const struct export_operations *nop = mnt->mnt_sb->s_export_op; 422 struct dentry *result, *alias; 423 char nbuf[NAME_MAX+1]; 424 int err; 425 426 /* 427 * Try to get any dentry for the given file handle from the filesystem. 428 */ 429 if (!nop || !nop->fh_to_dentry) 430 return ERR_PTR(-ESTALE); 431 result = nop->fh_to_dentry(mnt->mnt_sb, fid, fh_len, fileid_type); 432 if (PTR_ERR(result) == -ENOMEM) 433 return ERR_CAST(result); 434 if (IS_ERR_OR_NULL(result)) 435 return ERR_PTR(-ESTALE); 436 437 if (d_is_dir(result)) { 438 /* 439 * This request is for a directory. 440 * 441 * On the positive side there is only one dentry for each 442 * directory inode. On the negative side this implies that we 443 * to ensure our dentry is connected all the way up to the 444 * filesystem root. 445 */ 446 if (result->d_flags & DCACHE_DISCONNECTED) { 447 err = reconnect_path(mnt, result, nbuf); 448 if (err) 449 goto err_result; 450 } 451 452 if (!acceptable(context, result)) { 453 err = -EACCES; 454 goto err_result; 455 } 456 457 return result; 458 } else { 459 /* 460 * It's not a directory. Life is a little more complicated. 461 */ 462 struct dentry *target_dir, *nresult; 463 464 /* 465 * See if either the dentry we just got from the filesystem 466 * or any alias for it is acceptable. This is always true 467 * if this filesystem is exported without the subtreecheck 468 * option. If the filesystem is exported with the subtree 469 * check option there's a fair chance we need to look at 470 * the parent directory in the file handle and make sure 471 * it's connected to the filesystem root. 472 */ 473 alias = find_acceptable_alias(result, acceptable, context); 474 if (alias) 475 return alias; 476 477 /* 478 * Try to extract a dentry for the parent directory from the 479 * file handle. If this fails we'll have to give up. 480 */ 481 err = -ESTALE; 482 if (!nop->fh_to_parent) 483 goto err_result; 484 485 target_dir = nop->fh_to_parent(mnt->mnt_sb, fid, 486 fh_len, fileid_type); 487 if (!target_dir) 488 goto err_result; 489 err = PTR_ERR(target_dir); 490 if (IS_ERR(target_dir)) 491 goto err_result; 492 493 /* 494 * And as usual we need to make sure the parent directory is 495 * connected to the filesystem root. The VFS really doesn't 496 * like disconnected directories.. 497 */ 498 err = reconnect_path(mnt, target_dir, nbuf); 499 if (err) { 500 dput(target_dir); 501 goto err_result; 502 } 503 504 /* 505 * Now that we've got both a well-connected parent and a 506 * dentry for the inode we're after, make sure that our 507 * inode is actually connected to the parent. 508 */ 509 err = exportfs_get_name(mnt, target_dir, nbuf, result); 510 if (!err) { 511 inode_lock(target_dir->d_inode); 512 nresult = lookup_one_len(nbuf, target_dir, 513 strlen(nbuf)); 514 inode_unlock(target_dir->d_inode); 515 if (!IS_ERR(nresult)) { 516 if (nresult->d_inode) { 517 dput(result); 518 result = nresult; 519 } else 520 dput(nresult); 521 } 522 } 523 524 /* 525 * At this point we are done with the parent, but it's pinned 526 * by the child dentry anyway. 527 */ 528 dput(target_dir); 529 530 /* 531 * And finally make sure the dentry is actually acceptable 532 * to NFSD. 533 */ 534 alias = find_acceptable_alias(result, acceptable, context); 535 if (!alias) { 536 err = -EACCES; 537 goto err_result; 538 } 539 540 return alias; 541 } 542 543 err_result: 544 dput(result); 545 if (err != -ENOMEM) 546 err = -ESTALE; 547 return ERR_PTR(err); 548 } 549 EXPORT_SYMBOL_GPL(exportfs_decode_fh); 550 551 MODULE_LICENSE("GPL"); 552