1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * linux/fs/nfs/fs_context.c
4 *
5 * Copyright (C) 1992 Rick Sladkey
6 * Conversion to new mount api Copyright (C) David Howells
7 *
8 * NFS mount handling.
9 *
10 * Split from fs/nfs/super.c by David Howells <dhowells@redhat.com>
11 */
12
13 #include <linux/compat.h>
14 #include <linux/module.h>
15 #include <linux/fs.h>
16 #include <linux/fs_context.h>
17 #include <linux/fs_parser.h>
18 #include <linux/nfs_fs.h>
19 #include <linux/nfs_mount.h>
20 #include <linux/nfs4_mount.h>
21
22 #include <net/handshake.h>
23
24 #include "nfs.h"
25 #include "internal.h"
26
27 #include "nfstrace.h"
28
29 #define NFSDBG_FACILITY NFSDBG_MOUNT
30
31 #if IS_ENABLED(CONFIG_NFS_V3)
32 #define NFS_DEFAULT_VERSION 3
33 #else
34 #define NFS_DEFAULT_VERSION 2
35 #endif
36
37 #define NFS_MAX_CONNECTIONS 16
38
39 enum nfs_param {
40 Opt_ac,
41 Opt_acdirmax,
42 Opt_acdirmin,
43 Opt_acl,
44 Opt_acregmax,
45 Opt_acregmin,
46 Opt_actimeo,
47 Opt_addr,
48 Opt_bg,
49 Opt_bsize,
50 Opt_clientaddr,
51 Opt_cto,
52 Opt_alignwrite,
53 Opt_fatal_neterrors,
54 Opt_fg,
55 Opt_fscache,
56 Opt_fscache_flag,
57 Opt_hard,
58 Opt_intr,
59 Opt_local_lock,
60 Opt_lock,
61 Opt_lookupcache,
62 Opt_migration,
63 Opt_minorversion,
64 Opt_mountaddr,
65 Opt_mounthost,
66 Opt_mountport,
67 Opt_mountproto,
68 Opt_mountvers,
69 Opt_namelen,
70 Opt_nconnect,
71 Opt_max_connect,
72 Opt_port,
73 Opt_posix,
74 Opt_proto,
75 Opt_rdirplus,
76 Opt_rdirplus_none,
77 Opt_rdirplus_force,
78 Opt_rdma,
79 Opt_resvport,
80 Opt_retrans,
81 Opt_retry,
82 Opt_rsize,
83 Opt_sec,
84 Opt_sharecache,
85 Opt_sloppy,
86 Opt_soft,
87 Opt_softerr,
88 Opt_softreval,
89 Opt_source,
90 Opt_tcp,
91 Opt_timeo,
92 Opt_trunkdiscovery,
93 Opt_udp,
94 Opt_v,
95 Opt_vers,
96 Opt_wsize,
97 Opt_write,
98 Opt_xprtsec,
99 Opt_cert_serial,
100 Opt_privkey_serial,
101 };
102
103 enum {
104 Opt_fatal_neterrors_default,
105 Opt_fatal_neterrors_enetunreach,
106 Opt_fatal_neterrors_none,
107 };
108
109 static const struct constant_table nfs_param_enums_fatal_neterrors[] = {
110 { "default", Opt_fatal_neterrors_default },
111 { "ENETDOWN:ENETUNREACH", Opt_fatal_neterrors_enetunreach },
112 { "ENETUNREACH:ENETDOWN", Opt_fatal_neterrors_enetunreach },
113 { "none", Opt_fatal_neterrors_none },
114 {}
115 };
116
117 enum {
118 Opt_local_lock_all,
119 Opt_local_lock_flock,
120 Opt_local_lock_none,
121 Opt_local_lock_posix,
122 };
123
124 static const struct constant_table nfs_param_enums_local_lock[] = {
125 { "all", Opt_local_lock_all },
126 { "flock", Opt_local_lock_flock },
127 { "posix", Opt_local_lock_posix },
128 { "none", Opt_local_lock_none },
129 {}
130 };
131
132 enum {
133 Opt_lookupcache_all,
134 Opt_lookupcache_none,
135 Opt_lookupcache_positive,
136 };
137
138 static const struct constant_table nfs_param_enums_lookupcache[] = {
139 { "all", Opt_lookupcache_all },
140 { "none", Opt_lookupcache_none },
141 { "pos", Opt_lookupcache_positive },
142 { "positive", Opt_lookupcache_positive },
143 {}
144 };
145
146 enum {
147 Opt_write_lazy,
148 Opt_write_eager,
149 Opt_write_wait,
150 };
151
152 static const struct constant_table nfs_param_enums_write[] = {
153 { "lazy", Opt_write_lazy },
154 { "eager", Opt_write_eager },
155 { "wait", Opt_write_wait },
156 {}
157 };
158
159 static const struct fs_parameter_spec nfs_fs_parameters[] = {
160 fsparam_flag_no("ac", Opt_ac),
161 fsparam_u32 ("acdirmax", Opt_acdirmax),
162 fsparam_u32 ("acdirmin", Opt_acdirmin),
163 fsparam_flag_no("acl", Opt_acl),
164 fsparam_u32 ("acregmax", Opt_acregmax),
165 fsparam_u32 ("acregmin", Opt_acregmin),
166 fsparam_u32 ("actimeo", Opt_actimeo),
167 fsparam_string("addr", Opt_addr),
168 fsparam_flag ("bg", Opt_bg),
169 fsparam_u32 ("bsize", Opt_bsize),
170 fsparam_string("clientaddr", Opt_clientaddr),
171 fsparam_flag_no("cto", Opt_cto),
172 fsparam_flag_no("alignwrite", Opt_alignwrite),
173 fsparam_enum("fatal_neterrors", Opt_fatal_neterrors,
174 nfs_param_enums_fatal_neterrors),
175 fsparam_flag ("fg", Opt_fg),
176 fsparam_flag_no("fsc", Opt_fscache_flag),
177 fsparam_string("fsc", Opt_fscache),
178 fsparam_flag ("hard", Opt_hard),
179 __fsparam(NULL, "intr", Opt_intr,
180 fs_param_neg_with_no|fs_param_deprecated, NULL),
181 fsparam_enum ("local_lock", Opt_local_lock, nfs_param_enums_local_lock),
182 fsparam_flag_no("lock", Opt_lock),
183 fsparam_enum ("lookupcache", Opt_lookupcache, nfs_param_enums_lookupcache),
184 fsparam_flag_no("migration", Opt_migration),
185 fsparam_u32 ("minorversion", Opt_minorversion),
186 fsparam_string("mountaddr", Opt_mountaddr),
187 fsparam_string("mounthost", Opt_mounthost),
188 fsparam_u32 ("mountport", Opt_mountport),
189 fsparam_string("mountproto", Opt_mountproto),
190 fsparam_u32 ("mountvers", Opt_mountvers),
191 fsparam_u32 ("namlen", Opt_namelen),
192 fsparam_u32 ("nconnect", Opt_nconnect),
193 fsparam_u32 ("max_connect", Opt_max_connect),
194 fsparam_string("nfsvers", Opt_vers),
195 fsparam_u32 ("port", Opt_port),
196 fsparam_flag_no("posix", Opt_posix),
197 fsparam_string("proto", Opt_proto),
198 fsparam_flag_no("rdirplus", Opt_rdirplus), // rdirplus|nordirplus
199 fsparam_string("rdirplus", Opt_rdirplus), // rdirplus=...
200 fsparam_flag ("rdma", Opt_rdma),
201 fsparam_flag_no("resvport", Opt_resvport),
202 fsparam_u32 ("retrans", Opt_retrans),
203 fsparam_string("retry", Opt_retry),
204 fsparam_u32 ("rsize", Opt_rsize),
205 fsparam_string("sec", Opt_sec),
206 fsparam_flag_no("sharecache", Opt_sharecache),
207 fsparam_flag ("sloppy", Opt_sloppy),
208 fsparam_flag ("soft", Opt_soft),
209 fsparam_flag ("softerr", Opt_softerr),
210 fsparam_flag ("softreval", Opt_softreval),
211 fsparam_string("source", Opt_source),
212 fsparam_flag ("tcp", Opt_tcp),
213 fsparam_u32 ("timeo", Opt_timeo),
214 fsparam_flag_no("trunkdiscovery", Opt_trunkdiscovery),
215 fsparam_flag ("udp", Opt_udp),
216 fsparam_flag ("v2", Opt_v),
217 fsparam_flag ("v3", Opt_v),
218 fsparam_flag ("v4", Opt_v),
219 fsparam_flag ("v4.0", Opt_v),
220 fsparam_flag ("v4.1", Opt_v),
221 fsparam_flag ("v4.2", Opt_v),
222 fsparam_string("vers", Opt_vers),
223 fsparam_enum ("write", Opt_write, nfs_param_enums_write),
224 fsparam_u32 ("wsize", Opt_wsize),
225 fsparam_string("xprtsec", Opt_xprtsec),
226 fsparam_s32("cert_serial", Opt_cert_serial),
227 fsparam_s32("privkey_serial", Opt_privkey_serial),
228 {}
229 };
230
231 enum {
232 Opt_vers_2,
233 Opt_vers_3,
234 Opt_vers_4,
235 Opt_vers_4_0,
236 Opt_vers_4_1,
237 Opt_vers_4_2,
238 };
239
240 static const struct constant_table nfs_vers_tokens[] = {
241 { "2", Opt_vers_2 },
242 { "3", Opt_vers_3 },
243 { "4", Opt_vers_4 },
244 { "4.0", Opt_vers_4_0 },
245 { "4.1", Opt_vers_4_1 },
246 { "4.2", Opt_vers_4_2 },
247 {}
248 };
249
250 enum {
251 Opt_xprt_rdma,
252 Opt_xprt_rdma6,
253 Opt_xprt_tcp,
254 Opt_xprt_tcp6,
255 Opt_xprt_udp,
256 Opt_xprt_udp6,
257 nr__Opt_xprt
258 };
259
260 static const struct constant_table nfs_xprt_protocol_tokens[] = {
261 { "rdma", Opt_xprt_rdma },
262 { "rdma6", Opt_xprt_rdma6 },
263 { "tcp", Opt_xprt_tcp },
264 { "tcp6", Opt_xprt_tcp6 },
265 { "udp", Opt_xprt_udp },
266 { "udp6", Opt_xprt_udp6 },
267 {}
268 };
269
270 enum {
271 Opt_sec_krb5,
272 Opt_sec_krb5i,
273 Opt_sec_krb5p,
274 Opt_sec_lkey,
275 Opt_sec_lkeyi,
276 Opt_sec_lkeyp,
277 Opt_sec_none,
278 Opt_sec_spkm,
279 Opt_sec_spkmi,
280 Opt_sec_spkmp,
281 Opt_sec_sys,
282 nr__Opt_sec
283 };
284
285 static const struct constant_table nfs_secflavor_tokens[] = {
286 { "krb5", Opt_sec_krb5 },
287 { "krb5i", Opt_sec_krb5i },
288 { "krb5p", Opt_sec_krb5p },
289 { "lkey", Opt_sec_lkey },
290 { "lkeyi", Opt_sec_lkeyi },
291 { "lkeyp", Opt_sec_lkeyp },
292 { "none", Opt_sec_none },
293 { "null", Opt_sec_none },
294 { "spkm3", Opt_sec_spkm },
295 { "spkm3i", Opt_sec_spkmi },
296 { "spkm3p", Opt_sec_spkmp },
297 { "sys", Opt_sec_sys },
298 {}
299 };
300
301 enum {
302 Opt_xprtsec_none,
303 Opt_xprtsec_tls,
304 Opt_xprtsec_mtls,
305 nr__Opt_xprtsec
306 };
307
308 static const struct constant_table nfs_xprtsec_policies[] = {
309 { "none", Opt_xprtsec_none },
310 { "tls", Opt_xprtsec_tls },
311 { "mtls", Opt_xprtsec_mtls },
312 {}
313 };
314
315 static const struct constant_table nfs_rdirplus_tokens[] = {
316 { "none", Opt_rdirplus_none },
317 { "force", Opt_rdirplus_force },
318 {}
319 };
320
321 /*
322 * Sanity-check a server address provided by the mount command.
323 *
324 * Address family must be initialized, and address must not be
325 * the ANY address for that family.
326 */
nfs_verify_server_address(struct sockaddr_storage * addr)327 static int nfs_verify_server_address(struct sockaddr_storage *addr)
328 {
329 switch (addr->ss_family) {
330 case AF_INET: {
331 struct sockaddr_in *sa = (struct sockaddr_in *)addr;
332 return sa->sin_addr.s_addr != htonl(INADDR_ANY);
333 }
334 case AF_INET6: {
335 struct in6_addr *sa = &((struct sockaddr_in6 *)addr)->sin6_addr;
336 return !ipv6_addr_any(sa);
337 }
338 }
339
340 return 0;
341 }
342
343 #ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
nfs_server_transport_udp_invalid(const struct nfs_fs_context * ctx)344 static bool nfs_server_transport_udp_invalid(const struct nfs_fs_context *ctx)
345 {
346 return true;
347 }
348 #else
nfs_server_transport_udp_invalid(const struct nfs_fs_context * ctx)349 static bool nfs_server_transport_udp_invalid(const struct nfs_fs_context *ctx)
350 {
351 if (ctx->version == 4)
352 return true;
353 return false;
354 }
355 #endif
356
357 /*
358 * Sanity check the NFS transport protocol.
359 */
nfs_validate_transport_protocol(struct fs_context * fc,struct nfs_fs_context * ctx)360 static int nfs_validate_transport_protocol(struct fs_context *fc,
361 struct nfs_fs_context *ctx)
362 {
363 switch (ctx->nfs_server.protocol) {
364 case XPRT_TRANSPORT_UDP:
365 if (nfs_server_transport_udp_invalid(ctx))
366 goto out_invalid_transport_udp;
367 break;
368 case XPRT_TRANSPORT_TCP:
369 case XPRT_TRANSPORT_RDMA:
370 break;
371 default:
372 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP;
373 }
374
375 if (ctx->xprtsec.policy != RPC_XPRTSEC_NONE)
376 switch (ctx->nfs_server.protocol) {
377 case XPRT_TRANSPORT_TCP:
378 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP_TLS;
379 break;
380 default:
381 goto out_invalid_xprtsec_policy;
382 }
383
384 return 0;
385 out_invalid_transport_udp:
386 return nfs_invalf(fc, "NFS: Unsupported transport protocol udp");
387 out_invalid_xprtsec_policy:
388 return nfs_invalf(fc, "NFS: Transport does not support xprtsec");
389 }
390
391 /*
392 * For text based NFSv2/v3 mounts, the mount protocol transport default
393 * settings should depend upon the specified NFS transport.
394 */
nfs_set_mount_transport_protocol(struct nfs_fs_context * ctx)395 static void nfs_set_mount_transport_protocol(struct nfs_fs_context *ctx)
396 {
397 if (ctx->mount_server.protocol == XPRT_TRANSPORT_UDP ||
398 ctx->mount_server.protocol == XPRT_TRANSPORT_TCP)
399 return;
400 switch (ctx->nfs_server.protocol) {
401 case XPRT_TRANSPORT_UDP:
402 ctx->mount_server.protocol = XPRT_TRANSPORT_UDP;
403 break;
404 case XPRT_TRANSPORT_TCP:
405 case XPRT_TRANSPORT_RDMA:
406 ctx->mount_server.protocol = XPRT_TRANSPORT_TCP;
407 }
408 }
409
410 /*
411 * Add 'flavor' to 'auth_info' if not already present.
412 * Returns true if 'flavor' ends up in the list, false otherwise
413 */
nfs_auth_info_add(struct fs_context * fc,struct nfs_auth_info * auth_info,rpc_authflavor_t flavor)414 static int nfs_auth_info_add(struct fs_context *fc,
415 struct nfs_auth_info *auth_info,
416 rpc_authflavor_t flavor)
417 {
418 unsigned int i;
419 unsigned int max_flavor_len = ARRAY_SIZE(auth_info->flavors);
420
421 /* make sure this flavor isn't already in the list */
422 for (i = 0; i < auth_info->flavor_len; i++) {
423 if (flavor == auth_info->flavors[i])
424 return 0;
425 }
426
427 if (auth_info->flavor_len + 1 >= max_flavor_len)
428 return nfs_invalf(fc, "NFS: too many sec= flavors");
429
430 auth_info->flavors[auth_info->flavor_len++] = flavor;
431 return 0;
432 }
433
434 /*
435 * Parse the value of the 'sec=' option.
436 */
nfs_parse_security_flavors(struct fs_context * fc,struct fs_parameter * param)437 static int nfs_parse_security_flavors(struct fs_context *fc,
438 struct fs_parameter *param)
439 {
440 struct nfs_fs_context *ctx = nfs_fc2context(fc);
441 rpc_authflavor_t pseudoflavor;
442 char *string = param->string, *p;
443 int ret;
444
445 trace_nfs_mount_assign(param->key, string);
446
447 while ((p = strsep(&string, ":")) != NULL) {
448 if (!*p)
449 continue;
450 switch (lookup_constant(nfs_secflavor_tokens, p, -1)) {
451 case Opt_sec_none:
452 pseudoflavor = RPC_AUTH_NULL;
453 break;
454 case Opt_sec_sys:
455 pseudoflavor = RPC_AUTH_UNIX;
456 break;
457 case Opt_sec_krb5:
458 pseudoflavor = RPC_AUTH_GSS_KRB5;
459 break;
460 case Opt_sec_krb5i:
461 pseudoflavor = RPC_AUTH_GSS_KRB5I;
462 break;
463 case Opt_sec_krb5p:
464 pseudoflavor = RPC_AUTH_GSS_KRB5P;
465 break;
466 case Opt_sec_lkey:
467 pseudoflavor = RPC_AUTH_GSS_LKEY;
468 break;
469 case Opt_sec_lkeyi:
470 pseudoflavor = RPC_AUTH_GSS_LKEYI;
471 break;
472 case Opt_sec_lkeyp:
473 pseudoflavor = RPC_AUTH_GSS_LKEYP;
474 break;
475 case Opt_sec_spkm:
476 pseudoflavor = RPC_AUTH_GSS_SPKM;
477 break;
478 case Opt_sec_spkmi:
479 pseudoflavor = RPC_AUTH_GSS_SPKMI;
480 break;
481 case Opt_sec_spkmp:
482 pseudoflavor = RPC_AUTH_GSS_SPKMP;
483 break;
484 default:
485 return nfs_invalf(fc, "NFS: sec=%s option not recognized", p);
486 }
487
488 ret = nfs_auth_info_add(fc, &ctx->auth_info, pseudoflavor);
489 if (ret < 0)
490 return ret;
491 }
492
493 return 0;
494 }
495
nfs_parse_xprtsec_policy(struct fs_context * fc,struct fs_parameter * param)496 static int nfs_parse_xprtsec_policy(struct fs_context *fc,
497 struct fs_parameter *param)
498 {
499 struct nfs_fs_context *ctx = nfs_fc2context(fc);
500
501 trace_nfs_mount_assign(param->key, param->string);
502
503 switch (lookup_constant(nfs_xprtsec_policies, param->string, -1)) {
504 case Opt_xprtsec_none:
505 ctx->xprtsec.policy = RPC_XPRTSEC_NONE;
506 break;
507 case Opt_xprtsec_tls:
508 ctx->xprtsec.policy = RPC_XPRTSEC_TLS_ANON;
509 break;
510 case Opt_xprtsec_mtls:
511 ctx->xprtsec.policy = RPC_XPRTSEC_TLS_X509;
512 break;
513 default:
514 return nfs_invalf(fc, "NFS: Unrecognized transport security policy");
515 }
516 return 0;
517 }
518
nfs_parse_version_string(struct fs_context * fc,const char * string)519 static int nfs_parse_version_string(struct fs_context *fc,
520 const char *string)
521 {
522 struct nfs_fs_context *ctx = nfs_fc2context(fc);
523
524 ctx->flags &= ~NFS_MOUNT_VER3;
525 switch (lookup_constant(nfs_vers_tokens, string, -1)) {
526 case Opt_vers_2:
527 ctx->version = 2;
528 break;
529 case Opt_vers_3:
530 ctx->flags |= NFS_MOUNT_VER3;
531 ctx->version = 3;
532 break;
533 case Opt_vers_4:
534 /* Backward compatibility option. In future,
535 * the mount program should always supply
536 * a NFSv4 minor version number.
537 */
538 ctx->version = 4;
539 break;
540 case Opt_vers_4_0:
541 ctx->version = 4;
542 ctx->minorversion = 0;
543 break;
544 case Opt_vers_4_1:
545 ctx->version = 4;
546 ctx->minorversion = 1;
547 break;
548 case Opt_vers_4_2:
549 ctx->version = 4;
550 ctx->minorversion = 2;
551 break;
552 default:
553 return nfs_invalf(fc, "NFS: Unsupported NFS version");
554 }
555 return 0;
556 }
557
558 #ifdef CONFIG_KEYS
nfs_tls_key_verify(key_serial_t key_id)559 static int nfs_tls_key_verify(key_serial_t key_id)
560 {
561 struct key *key = key_lookup(key_id);
562 int error = 0;
563
564 if (IS_ERR(key)) {
565 pr_err("key id %08x not found\n", key_id);
566 return PTR_ERR(key);
567 }
568 if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
569 test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
570 pr_err("key id %08x revoked\n", key_id);
571 error = -EKEYREVOKED;
572 }
573
574 key_put(key);
575 return error;
576 }
577 #else
nfs_tls_key_verify(key_serial_t key_id)578 static inline int nfs_tls_key_verify(key_serial_t key_id)
579 {
580 return -ENOENT;
581 }
582 #endif /* CONFIG_KEYS */
583
584 /*
585 * Parse a single mount parameter.
586 */
nfs_fs_context_parse_param(struct fs_context * fc,struct fs_parameter * param)587 static int nfs_fs_context_parse_param(struct fs_context *fc,
588 struct fs_parameter *param)
589 {
590 struct fs_parse_result result;
591 struct nfs_fs_context *ctx = nfs_fc2context(fc);
592 unsigned short protofamily, mountfamily;
593 unsigned int len;
594 int ret, opt;
595
596 trace_nfs_mount_option(param);
597
598 opt = fs_parse(fc, nfs_fs_parameters, param, &result);
599 if (opt < 0)
600 return (opt == -ENOPARAM && ctx->sloppy) ? 1 : opt;
601
602 if (fc->security)
603 ctx->has_sec_mnt_opts = 1;
604
605 switch (opt) {
606 case Opt_source:
607 if (fc->source)
608 return nfs_invalf(fc, "NFS: Multiple sources not supported");
609 fc->source = param->string;
610 param->string = NULL;
611 break;
612
613 /*
614 * boolean options: foo/nofoo
615 */
616 case Opt_soft:
617 ctx->flags |= NFS_MOUNT_SOFT;
618 ctx->flags &= ~NFS_MOUNT_SOFTERR;
619 break;
620 case Opt_softerr:
621 ctx->flags |= NFS_MOUNT_SOFTERR | NFS_MOUNT_SOFTREVAL;
622 ctx->flags &= ~NFS_MOUNT_SOFT;
623 break;
624 case Opt_hard:
625 ctx->flags &= ~(NFS_MOUNT_SOFT |
626 NFS_MOUNT_SOFTERR |
627 NFS_MOUNT_SOFTREVAL);
628 break;
629 case Opt_softreval:
630 if (result.negated)
631 ctx->flags &= ~NFS_MOUNT_SOFTREVAL;
632 else
633 ctx->flags |= NFS_MOUNT_SOFTREVAL;
634 break;
635 case Opt_posix:
636 if (result.negated)
637 ctx->flags &= ~NFS_MOUNT_POSIX;
638 else
639 ctx->flags |= NFS_MOUNT_POSIX;
640 break;
641 case Opt_cto:
642 if (result.negated)
643 ctx->flags |= NFS_MOUNT_NOCTO;
644 else
645 ctx->flags &= ~NFS_MOUNT_NOCTO;
646 break;
647 case Opt_trunkdiscovery:
648 if (result.negated)
649 ctx->flags &= ~NFS_MOUNT_TRUNK_DISCOVERY;
650 else
651 ctx->flags |= NFS_MOUNT_TRUNK_DISCOVERY;
652 break;
653 case Opt_alignwrite:
654 if (result.negated)
655 ctx->flags |= NFS_MOUNT_NO_ALIGNWRITE;
656 else
657 ctx->flags &= ~NFS_MOUNT_NO_ALIGNWRITE;
658 break;
659 case Opt_ac:
660 if (result.negated)
661 ctx->flags |= NFS_MOUNT_NOAC;
662 else
663 ctx->flags &= ~NFS_MOUNT_NOAC;
664 break;
665 case Opt_lock:
666 if (result.negated) {
667 ctx->lock_status = NFS_LOCK_NOLOCK;
668 ctx->flags |= NFS_MOUNT_NONLM;
669 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK | NFS_MOUNT_LOCAL_FCNTL);
670 } else {
671 ctx->lock_status = NFS_LOCK_LOCK;
672 ctx->flags &= ~NFS_MOUNT_NONLM;
673 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK | NFS_MOUNT_LOCAL_FCNTL);
674 }
675 break;
676 case Opt_udp:
677 ctx->flags &= ~NFS_MOUNT_TCP;
678 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP;
679 break;
680 case Opt_tcp:
681 case Opt_rdma:
682 ctx->flags |= NFS_MOUNT_TCP; /* for side protocols */
683 ret = xprt_find_transport_ident(param->key);
684 if (ret < 0)
685 goto out_bad_transport;
686 ctx->nfs_server.protocol = ret;
687 break;
688 case Opt_acl:
689 if (result.negated)
690 ctx->flags |= NFS_MOUNT_NOACL;
691 else
692 ctx->flags &= ~NFS_MOUNT_NOACL;
693 break;
694 case Opt_rdirplus:
695 if (result.negated) {
696 ctx->flags &= ~NFS_MOUNT_FORCE_RDIRPLUS;
697 ctx->flags |= NFS_MOUNT_NORDIRPLUS;
698 } else if (!param->string) {
699 ctx->flags &= ~(NFS_MOUNT_NORDIRPLUS | NFS_MOUNT_FORCE_RDIRPLUS);
700 } else {
701 switch (lookup_constant(nfs_rdirplus_tokens, param->string, -1)) {
702 case Opt_rdirplus_none:
703 ctx->flags &= ~NFS_MOUNT_FORCE_RDIRPLUS;
704 ctx->flags |= NFS_MOUNT_NORDIRPLUS;
705 break;
706 case Opt_rdirplus_force:
707 ctx->flags &= ~NFS_MOUNT_NORDIRPLUS;
708 ctx->flags |= NFS_MOUNT_FORCE_RDIRPLUS;
709 break;
710 default:
711 goto out_invalid_value;
712 }
713 }
714 break;
715 case Opt_sharecache:
716 if (result.negated)
717 ctx->flags |= NFS_MOUNT_UNSHARED;
718 else
719 ctx->flags &= ~NFS_MOUNT_UNSHARED;
720 break;
721 case Opt_resvport:
722 if (result.negated)
723 ctx->flags |= NFS_MOUNT_NORESVPORT;
724 else
725 ctx->flags &= ~NFS_MOUNT_NORESVPORT;
726 break;
727 case Opt_fscache_flag:
728 if (result.negated)
729 ctx->options &= ~NFS_OPTION_FSCACHE;
730 else
731 ctx->options |= NFS_OPTION_FSCACHE;
732 kfree(ctx->fscache_uniq);
733 ctx->fscache_uniq = NULL;
734 break;
735 case Opt_fscache:
736 trace_nfs_mount_assign(param->key, param->string);
737 ctx->options |= NFS_OPTION_FSCACHE;
738 kfree(ctx->fscache_uniq);
739 ctx->fscache_uniq = param->string;
740 param->string = NULL;
741 break;
742 case Opt_migration:
743 if (result.negated)
744 ctx->options &= ~NFS_OPTION_MIGRATION;
745 else
746 ctx->options |= NFS_OPTION_MIGRATION;
747 break;
748
749 /*
750 * options that take numeric values
751 */
752 case Opt_port:
753 if (result.uint_32 > USHRT_MAX)
754 goto out_of_bounds;
755 ctx->nfs_server.port = result.uint_32;
756 break;
757 case Opt_rsize:
758 ctx->rsize = result.uint_32;
759 break;
760 case Opt_wsize:
761 ctx->wsize = result.uint_32;
762 break;
763 case Opt_bsize:
764 ctx->bsize = result.uint_32;
765 break;
766 case Opt_timeo:
767 if (result.uint_32 < 1 || result.uint_32 > INT_MAX)
768 goto out_of_bounds;
769 ctx->timeo = result.uint_32;
770 break;
771 case Opt_retrans:
772 if (result.uint_32 > INT_MAX)
773 goto out_of_bounds;
774 ctx->retrans = result.uint_32;
775 break;
776 case Opt_acregmin:
777 ctx->acregmin = result.uint_32;
778 break;
779 case Opt_acregmax:
780 ctx->acregmax = result.uint_32;
781 break;
782 case Opt_acdirmin:
783 ctx->acdirmin = result.uint_32;
784 break;
785 case Opt_acdirmax:
786 ctx->acdirmax = result.uint_32;
787 break;
788 case Opt_actimeo:
789 ctx->acregmin = result.uint_32;
790 ctx->acregmax = result.uint_32;
791 ctx->acdirmin = result.uint_32;
792 ctx->acdirmax = result.uint_32;
793 break;
794 case Opt_namelen:
795 ctx->namlen = result.uint_32;
796 break;
797 case Opt_mountport:
798 if (result.uint_32 > USHRT_MAX)
799 goto out_of_bounds;
800 ctx->mount_server.port = result.uint_32;
801 break;
802 case Opt_mountvers:
803 if (result.uint_32 < NFS_MNT_VERSION ||
804 result.uint_32 > NFS_MNT3_VERSION)
805 goto out_of_bounds;
806 ctx->mount_server.version = result.uint_32;
807 break;
808 case Opt_minorversion:
809 if (result.uint_32 < NFS4_MIN_MINOR_VERSION ||
810 result.uint_32 > NFS4_MAX_MINOR_VERSION)
811 goto out_of_bounds;
812 ctx->minorversion = result.uint_32;
813 break;
814
815 /*
816 * options that take text values
817 */
818 case Opt_v:
819 ret = nfs_parse_version_string(fc, param->key + 1);
820 if (ret < 0)
821 return ret;
822 break;
823 case Opt_vers:
824 if (!param->string)
825 goto out_invalid_value;
826 trace_nfs_mount_assign(param->key, param->string);
827 ret = nfs_parse_version_string(fc, param->string);
828 if (ret < 0)
829 return ret;
830 break;
831 case Opt_sec:
832 ret = nfs_parse_security_flavors(fc, param);
833 if (ret < 0)
834 return ret;
835 break;
836 case Opt_xprtsec:
837 ret = nfs_parse_xprtsec_policy(fc, param);
838 if (ret < 0)
839 return ret;
840 break;
841 case Opt_cert_serial:
842 ret = nfs_tls_key_verify(result.int_32);
843 if (ret < 0)
844 return ret;
845 ctx->xprtsec.cert_serial = result.int_32;
846 break;
847 case Opt_privkey_serial:
848 ret = nfs_tls_key_verify(result.int_32);
849 if (ret < 0)
850 return ret;
851 ctx->xprtsec.privkey_serial = result.int_32;
852 break;
853
854 case Opt_proto:
855 if (!param->string)
856 goto out_invalid_value;
857 trace_nfs_mount_assign(param->key, param->string);
858 protofamily = AF_INET;
859 switch (lookup_constant(nfs_xprt_protocol_tokens, param->string, -1)) {
860 case Opt_xprt_udp6:
861 protofamily = AF_INET6;
862 fallthrough;
863 case Opt_xprt_udp:
864 ctx->flags &= ~NFS_MOUNT_TCP;
865 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP;
866 break;
867 case Opt_xprt_tcp6:
868 protofamily = AF_INET6;
869 fallthrough;
870 case Opt_xprt_tcp:
871 ctx->flags |= NFS_MOUNT_TCP;
872 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP;
873 break;
874 case Opt_xprt_rdma6:
875 protofamily = AF_INET6;
876 fallthrough;
877 case Opt_xprt_rdma:
878 /* vector side protocols to TCP */
879 ctx->flags |= NFS_MOUNT_TCP;
880 ret = xprt_find_transport_ident(param->string);
881 if (ret < 0)
882 goto out_bad_transport;
883 ctx->nfs_server.protocol = ret;
884 break;
885 default:
886 goto out_bad_transport;
887 }
888
889 ctx->protofamily = protofamily;
890 break;
891
892 case Opt_mountproto:
893 if (!param->string)
894 goto out_invalid_value;
895 trace_nfs_mount_assign(param->key, param->string);
896 mountfamily = AF_INET;
897 switch (lookup_constant(nfs_xprt_protocol_tokens, param->string, -1)) {
898 case Opt_xprt_udp6:
899 mountfamily = AF_INET6;
900 fallthrough;
901 case Opt_xprt_udp:
902 ctx->mount_server.protocol = XPRT_TRANSPORT_UDP;
903 break;
904 case Opt_xprt_tcp6:
905 mountfamily = AF_INET6;
906 fallthrough;
907 case Opt_xprt_tcp:
908 ctx->mount_server.protocol = XPRT_TRANSPORT_TCP;
909 break;
910 case Opt_xprt_rdma: /* not used for side protocols */
911 default:
912 goto out_bad_transport;
913 }
914 ctx->mountfamily = mountfamily;
915 break;
916
917 case Opt_addr:
918 trace_nfs_mount_assign(param->key, param->string);
919 len = rpc_pton(fc->net_ns, param->string, param->size,
920 &ctx->nfs_server.address,
921 sizeof(ctx->nfs_server._address));
922 if (len == 0)
923 goto out_invalid_address;
924 ctx->nfs_server.addrlen = len;
925 break;
926 case Opt_clientaddr:
927 trace_nfs_mount_assign(param->key, param->string);
928 kfree(ctx->client_address);
929 ctx->client_address = param->string;
930 param->string = NULL;
931 break;
932 case Opt_mounthost:
933 trace_nfs_mount_assign(param->key, param->string);
934 kfree(ctx->mount_server.hostname);
935 ctx->mount_server.hostname = param->string;
936 param->string = NULL;
937 break;
938 case Opt_mountaddr:
939 trace_nfs_mount_assign(param->key, param->string);
940 len = rpc_pton(fc->net_ns, param->string, param->size,
941 &ctx->mount_server.address,
942 sizeof(ctx->mount_server._address));
943 if (len == 0)
944 goto out_invalid_address;
945 ctx->mount_server.addrlen = len;
946 break;
947 case Opt_nconnect:
948 trace_nfs_mount_assign(param->key, param->string);
949 if (result.uint_32 < 1 || result.uint_32 > NFS_MAX_CONNECTIONS)
950 goto out_of_bounds;
951 ctx->nfs_server.nconnect = result.uint_32;
952 break;
953 case Opt_max_connect:
954 trace_nfs_mount_assign(param->key, param->string);
955 if (result.uint_32 < 1 || result.uint_32 > NFS_MAX_TRANSPORTS)
956 goto out_of_bounds;
957 ctx->nfs_server.max_connect = result.uint_32;
958 break;
959 case Opt_fatal_neterrors:
960 trace_nfs_mount_assign(param->key, param->string);
961 switch (result.uint_32) {
962 case Opt_fatal_neterrors_default:
963 if (fc->net_ns != &init_net)
964 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL;
965 else
966 ctx->flags &= ~NFS_MOUNT_NETUNREACH_FATAL;
967 break;
968 case Opt_fatal_neterrors_enetunreach:
969 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL;
970 break;
971 case Opt_fatal_neterrors_none:
972 ctx->flags &= ~NFS_MOUNT_NETUNREACH_FATAL;
973 break;
974 default:
975 goto out_invalid_value;
976 }
977 break;
978 case Opt_lookupcache:
979 trace_nfs_mount_assign(param->key, param->string);
980 switch (result.uint_32) {
981 case Opt_lookupcache_all:
982 ctx->flags &= ~(NFS_MOUNT_LOOKUP_CACHE_NONEG|NFS_MOUNT_LOOKUP_CACHE_NONE);
983 break;
984 case Opt_lookupcache_positive:
985 ctx->flags &= ~NFS_MOUNT_LOOKUP_CACHE_NONE;
986 ctx->flags |= NFS_MOUNT_LOOKUP_CACHE_NONEG;
987 break;
988 case Opt_lookupcache_none:
989 ctx->flags |= NFS_MOUNT_LOOKUP_CACHE_NONEG|NFS_MOUNT_LOOKUP_CACHE_NONE;
990 break;
991 default:
992 goto out_invalid_value;
993 }
994 break;
995 case Opt_local_lock:
996 trace_nfs_mount_assign(param->key, param->string);
997 switch (result.uint_32) {
998 case Opt_local_lock_all:
999 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK |
1000 NFS_MOUNT_LOCAL_FCNTL);
1001 break;
1002 case Opt_local_lock_flock:
1003 ctx->flags |= NFS_MOUNT_LOCAL_FLOCK;
1004 break;
1005 case Opt_local_lock_posix:
1006 ctx->flags |= NFS_MOUNT_LOCAL_FCNTL;
1007 break;
1008 case Opt_local_lock_none:
1009 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK |
1010 NFS_MOUNT_LOCAL_FCNTL);
1011 break;
1012 default:
1013 goto out_invalid_value;
1014 }
1015 break;
1016 case Opt_write:
1017 trace_nfs_mount_assign(param->key, param->string);
1018 switch (result.uint_32) {
1019 case Opt_write_lazy:
1020 ctx->flags &=
1021 ~(NFS_MOUNT_WRITE_EAGER | NFS_MOUNT_WRITE_WAIT);
1022 break;
1023 case Opt_write_eager:
1024 ctx->flags |= NFS_MOUNT_WRITE_EAGER;
1025 ctx->flags &= ~NFS_MOUNT_WRITE_WAIT;
1026 break;
1027 case Opt_write_wait:
1028 ctx->flags |=
1029 NFS_MOUNT_WRITE_EAGER | NFS_MOUNT_WRITE_WAIT;
1030 break;
1031 default:
1032 goto out_invalid_value;
1033 }
1034 break;
1035
1036 /*
1037 * Special options
1038 */
1039 case Opt_sloppy:
1040 ctx->sloppy = true;
1041 break;
1042 }
1043
1044 return 0;
1045
1046 out_invalid_value:
1047 return nfs_invalf(fc, "NFS: Bad mount option value specified");
1048 out_invalid_address:
1049 return nfs_invalf(fc, "NFS: Bad IP address specified");
1050 out_of_bounds:
1051 return nfs_invalf(fc, "NFS: Value for '%s' out of range", param->key);
1052 out_bad_transport:
1053 return nfs_invalf(fc, "NFS: Unrecognized transport protocol");
1054 }
1055
1056 /*
1057 * Split fc->source into "hostname:export_path".
1058 *
1059 * The leftmost colon demarks the split between the server's hostname
1060 * and the export path. If the hostname starts with a left square
1061 * bracket, then it may contain colons.
1062 *
1063 * Note: caller frees hostname and export path, even on error.
1064 */
nfs_parse_source(struct fs_context * fc,size_t maxnamlen,size_t maxpathlen)1065 static int nfs_parse_source(struct fs_context *fc,
1066 size_t maxnamlen, size_t maxpathlen)
1067 {
1068 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1069 const char *dev_name = fc->source;
1070 size_t len;
1071 const char *end;
1072
1073 if (unlikely(!dev_name || !*dev_name))
1074 return -EINVAL;
1075
1076 /* Is the host name protected with square brakcets? */
1077 if (*dev_name == '[') {
1078 end = strchr(++dev_name, ']');
1079 if (end == NULL || end[1] != ':')
1080 goto out_bad_devname;
1081
1082 len = end - dev_name;
1083 end++;
1084 } else {
1085 const char *comma;
1086
1087 end = strchr(dev_name, ':');
1088 if (end == NULL)
1089 goto out_bad_devname;
1090 len = end - dev_name;
1091
1092 /* kill possible hostname list: not supported */
1093 comma = memchr(dev_name, ',', len);
1094 if (comma)
1095 len = comma - dev_name;
1096 }
1097
1098 if (len > maxnamlen)
1099 goto out_hostname;
1100
1101 kfree(ctx->nfs_server.hostname);
1102
1103 /* N.B. caller will free nfs_server.hostname in all cases */
1104 ctx->nfs_server.hostname = kmemdup_nul(dev_name, len, GFP_KERNEL);
1105 if (!ctx->nfs_server.hostname)
1106 goto out_nomem;
1107 len = strlen(++end);
1108 if (len > maxpathlen)
1109 goto out_path;
1110 ctx->nfs_server.export_path = kmemdup_nul(end, len, GFP_KERNEL);
1111 if (!ctx->nfs_server.export_path)
1112 goto out_nomem;
1113
1114 trace_nfs_mount_path(ctx->nfs_server.export_path);
1115 return 0;
1116
1117 out_bad_devname:
1118 return nfs_invalf(fc, "NFS: device name not in host:path format");
1119 out_nomem:
1120 nfs_errorf(fc, "NFS: not enough memory to parse device name");
1121 return -ENOMEM;
1122 out_hostname:
1123 nfs_errorf(fc, "NFS: server hostname too long");
1124 return -ENAMETOOLONG;
1125 out_path:
1126 nfs_errorf(fc, "NFS: export pathname too long");
1127 return -ENAMETOOLONG;
1128 }
1129
is_remount_fc(struct fs_context * fc)1130 static inline bool is_remount_fc(struct fs_context *fc)
1131 {
1132 return fc->root != NULL;
1133 }
1134
1135 /*
1136 * Parse monolithic NFS2/NFS3 mount data
1137 * - fills in the mount root filehandle
1138 *
1139 * For option strings, user space handles the following behaviors:
1140 *
1141 * + DNS: mapping server host name to IP address ("addr=" option)
1142 *
1143 * + failure mode: how to behave if a mount request can't be handled
1144 * immediately ("fg/bg" option)
1145 *
1146 * + retry: how often to retry a mount request ("retry=" option)
1147 *
1148 * + breaking back: trying proto=udp after proto=tcp, v2 after v3,
1149 * mountproto=tcp after mountproto=udp, and so on
1150 */
nfs23_parse_monolithic(struct fs_context * fc,struct nfs_mount_data * data)1151 static int nfs23_parse_monolithic(struct fs_context *fc,
1152 struct nfs_mount_data *data)
1153 {
1154 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1155 struct nfs_fh *mntfh = ctx->mntfh;
1156 struct sockaddr_storage *sap = &ctx->nfs_server._address;
1157 int extra_flags = NFS_MOUNT_LEGACY_INTERFACE;
1158 int ret;
1159
1160 if (data == NULL)
1161 goto out_no_data;
1162
1163 ctx->version = NFS_DEFAULT_VERSION;
1164 switch (data->version) {
1165 case 1:
1166 data->namlen = 0;
1167 fallthrough;
1168 case 2:
1169 data->bsize = 0;
1170 fallthrough;
1171 case 3:
1172 if (data->flags & NFS_MOUNT_VER3)
1173 goto out_no_v3;
1174 data->root.size = NFS2_FHSIZE;
1175 memcpy(data->root.data, data->old_root.data, NFS2_FHSIZE);
1176 /* Turn off security negotiation */
1177 extra_flags |= NFS_MOUNT_SECFLAVOUR;
1178 fallthrough;
1179 case 4:
1180 if (data->flags & NFS_MOUNT_SECFLAVOUR)
1181 goto out_no_sec;
1182 fallthrough;
1183 case 5:
1184 memset(data->context, 0, sizeof(data->context));
1185 fallthrough;
1186 case 6:
1187 if (data->flags & NFS_MOUNT_VER3) {
1188 if (data->root.size > NFS3_FHSIZE || data->root.size == 0)
1189 goto out_invalid_fh;
1190 mntfh->size = data->root.size;
1191 ctx->version = 3;
1192 } else {
1193 mntfh->size = NFS2_FHSIZE;
1194 ctx->version = 2;
1195 }
1196
1197
1198 memcpy(mntfh->data, data->root.data, mntfh->size);
1199 if (mntfh->size < sizeof(mntfh->data))
1200 memset(mntfh->data + mntfh->size, 0,
1201 sizeof(mntfh->data) - mntfh->size);
1202
1203 /*
1204 * for proto == XPRT_TRANSPORT_UDP, which is what uses
1205 * to_exponential, implying shift: limit the shift value
1206 * to BITS_PER_LONG (majortimeo is unsigned long)
1207 */
1208 if (!(data->flags & NFS_MOUNT_TCP)) /* this will be UDP */
1209 if (data->retrans >= 64) /* shift value is too large */
1210 goto out_invalid_data;
1211
1212 /*
1213 * Translate to nfs_fs_context, which nfs_fill_super
1214 * can deal with.
1215 */
1216 ctx->flags = data->flags & NFS_MOUNT_FLAGMASK;
1217 ctx->flags |= extra_flags;
1218 ctx->rsize = data->rsize;
1219 ctx->wsize = data->wsize;
1220 ctx->timeo = data->timeo;
1221 ctx->retrans = data->retrans;
1222 ctx->acregmin = data->acregmin;
1223 ctx->acregmax = data->acregmax;
1224 ctx->acdirmin = data->acdirmin;
1225 ctx->acdirmax = data->acdirmax;
1226 ctx->need_mount = false;
1227
1228 if (!is_remount_fc(fc)) {
1229 memcpy(sap, &data->addr, sizeof(data->addr));
1230 ctx->nfs_server.addrlen = sizeof(data->addr);
1231 ctx->nfs_server.port = ntohs(data->addr.sin_port);
1232 }
1233
1234 if (sap->ss_family != AF_INET ||
1235 !nfs_verify_server_address(sap))
1236 goto out_no_address;
1237
1238 if (!(data->flags & NFS_MOUNT_TCP))
1239 ctx->nfs_server.protocol = XPRT_TRANSPORT_UDP;
1240 /* N.B. caller will free nfs_server.hostname in all cases */
1241 ctx->nfs_server.hostname = kstrdup(data->hostname, GFP_KERNEL);
1242 if (!ctx->nfs_server.hostname)
1243 goto out_nomem;
1244
1245 ctx->namlen = data->namlen;
1246 ctx->bsize = data->bsize;
1247
1248 if (data->flags & NFS_MOUNT_SECFLAVOUR)
1249 ctx->selected_flavor = data->pseudoflavor;
1250 else
1251 ctx->selected_flavor = RPC_AUTH_UNIX;
1252
1253 if (!(data->flags & NFS_MOUNT_NONLM))
1254 ctx->flags &= ~(NFS_MOUNT_LOCAL_FLOCK|
1255 NFS_MOUNT_LOCAL_FCNTL);
1256 else
1257 ctx->flags |= (NFS_MOUNT_LOCAL_FLOCK|
1258 NFS_MOUNT_LOCAL_FCNTL);
1259
1260 /*
1261 * The legacy version 6 binary mount data from userspace has a
1262 * field used only to transport selinux information into the
1263 * kernel. To continue to support that functionality we
1264 * have a touch of selinux knowledge here in the NFS code. The
1265 * userspace code converted context=blah to just blah so we are
1266 * converting back to the full string selinux understands.
1267 */
1268 if (data->context[0]){
1269 #ifdef CONFIG_SECURITY_SELINUX
1270 int ret;
1271
1272 data->context[NFS_MAX_CONTEXT_LEN] = '\0';
1273 ret = vfs_parse_fs_string(fc, "context", data->context);
1274 if (ret < 0)
1275 return ret;
1276 #else
1277 return -EINVAL;
1278 #endif
1279 }
1280
1281 break;
1282 default:
1283 goto generic;
1284 }
1285
1286 ret = nfs_validate_transport_protocol(fc, ctx);
1287 if (ret)
1288 return ret;
1289
1290 ctx->skip_reconfig_option_check = true;
1291 return 0;
1292
1293 generic:
1294 return generic_parse_monolithic(fc, data);
1295
1296 out_no_data:
1297 if (is_remount_fc(fc)) {
1298 ctx->skip_reconfig_option_check = true;
1299 return 0;
1300 }
1301 return nfs_invalf(fc, "NFS: mount program didn't pass any mount data");
1302
1303 out_no_v3:
1304 return nfs_invalf(fc, "NFS: nfs_mount_data version does not support v3");
1305
1306 out_no_sec:
1307 return nfs_invalf(fc, "NFS: nfs_mount_data version supports only AUTH_SYS");
1308
1309 out_nomem:
1310 return -ENOMEM;
1311
1312 out_no_address:
1313 return nfs_invalf(fc, "NFS: mount program didn't pass remote address");
1314
1315 out_invalid_fh:
1316 return nfs_invalf(fc, "NFS: invalid root filehandle");
1317
1318 out_invalid_data:
1319 return nfs_invalf(fc, "NFS: invalid binary mount data");
1320 }
1321
1322 #if IS_ENABLED(CONFIG_NFS_V4)
1323 struct compat_nfs_string {
1324 compat_uint_t len;
1325 compat_uptr_t data;
1326 };
1327
compat_nfs_string(struct nfs_string * dst,struct compat_nfs_string * src)1328 static inline void compat_nfs_string(struct nfs_string *dst,
1329 struct compat_nfs_string *src)
1330 {
1331 dst->data = compat_ptr(src->data);
1332 dst->len = src->len;
1333 }
1334
1335 struct compat_nfs4_mount_data_v1 {
1336 compat_int_t version;
1337 compat_int_t flags;
1338 compat_int_t rsize;
1339 compat_int_t wsize;
1340 compat_int_t timeo;
1341 compat_int_t retrans;
1342 compat_int_t acregmin;
1343 compat_int_t acregmax;
1344 compat_int_t acdirmin;
1345 compat_int_t acdirmax;
1346 struct compat_nfs_string client_addr;
1347 struct compat_nfs_string mnt_path;
1348 struct compat_nfs_string hostname;
1349 compat_uint_t host_addrlen;
1350 compat_uptr_t host_addr;
1351 compat_int_t proto;
1352 compat_int_t auth_flavourlen;
1353 compat_uptr_t auth_flavours;
1354 };
1355
nfs4_compat_mount_data_conv(struct nfs4_mount_data * data)1356 static void nfs4_compat_mount_data_conv(struct nfs4_mount_data *data)
1357 {
1358 struct compat_nfs4_mount_data_v1 *compat =
1359 (struct compat_nfs4_mount_data_v1 *)data;
1360
1361 /* copy the fields backwards */
1362 data->auth_flavours = compat_ptr(compat->auth_flavours);
1363 data->auth_flavourlen = compat->auth_flavourlen;
1364 data->proto = compat->proto;
1365 data->host_addr = compat_ptr(compat->host_addr);
1366 data->host_addrlen = compat->host_addrlen;
1367 compat_nfs_string(&data->hostname, &compat->hostname);
1368 compat_nfs_string(&data->mnt_path, &compat->mnt_path);
1369 compat_nfs_string(&data->client_addr, &compat->client_addr);
1370 data->acdirmax = compat->acdirmax;
1371 data->acdirmin = compat->acdirmin;
1372 data->acregmax = compat->acregmax;
1373 data->acregmin = compat->acregmin;
1374 data->retrans = compat->retrans;
1375 data->timeo = compat->timeo;
1376 data->wsize = compat->wsize;
1377 data->rsize = compat->rsize;
1378 data->flags = compat->flags;
1379 data->version = compat->version;
1380 }
1381
1382 /*
1383 * Validate NFSv4 mount options
1384 */
nfs4_parse_monolithic(struct fs_context * fc,struct nfs4_mount_data * data)1385 static int nfs4_parse_monolithic(struct fs_context *fc,
1386 struct nfs4_mount_data *data)
1387 {
1388 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1389 struct sockaddr_storage *sap = &ctx->nfs_server._address;
1390 int ret;
1391 char *c;
1392
1393 if (!data) {
1394 if (is_remount_fc(fc))
1395 goto done;
1396 return nfs_invalf(fc,
1397 "NFS4: mount program didn't pass any mount data");
1398 }
1399
1400 ctx->version = 4;
1401
1402 if (data->version != 1)
1403 return generic_parse_monolithic(fc, data);
1404
1405 if (in_compat_syscall())
1406 nfs4_compat_mount_data_conv(data);
1407
1408 if (data->host_addrlen > sizeof(ctx->nfs_server.address))
1409 goto out_no_address;
1410 if (data->host_addrlen == 0)
1411 goto out_no_address;
1412 ctx->nfs_server.addrlen = data->host_addrlen;
1413 if (copy_from_user(sap, data->host_addr, data->host_addrlen))
1414 return -EFAULT;
1415 if (!nfs_verify_server_address(sap))
1416 goto out_no_address;
1417 ctx->nfs_server.port = ntohs(((struct sockaddr_in *)sap)->sin_port);
1418
1419 if (data->auth_flavourlen) {
1420 rpc_authflavor_t pseudoflavor;
1421
1422 if (data->auth_flavourlen > 1)
1423 goto out_inval_auth;
1424 if (copy_from_user(&pseudoflavor, data->auth_flavours,
1425 sizeof(pseudoflavor)))
1426 return -EFAULT;
1427 ctx->selected_flavor = pseudoflavor;
1428 } else {
1429 ctx->selected_flavor = RPC_AUTH_UNIX;
1430 }
1431
1432 c = strndup_user(data->hostname.data, NFS4_MAXNAMLEN);
1433 if (IS_ERR(c))
1434 return PTR_ERR(c);
1435 ctx->nfs_server.hostname = c;
1436
1437 c = strndup_user(data->mnt_path.data, NFS4_MAXPATHLEN);
1438 if (IS_ERR(c))
1439 return PTR_ERR(c);
1440 ctx->nfs_server.export_path = c;
1441 trace_nfs_mount_path(c);
1442
1443 c = strndup_user(data->client_addr.data, 16);
1444 if (IS_ERR(c))
1445 return PTR_ERR(c);
1446 ctx->client_address = c;
1447
1448 /*
1449 * Translate to nfs_fs_context, which nfs_fill_super
1450 * can deal with.
1451 */
1452
1453 ctx->flags = data->flags & NFS4_MOUNT_FLAGMASK;
1454 ctx->rsize = data->rsize;
1455 ctx->wsize = data->wsize;
1456 ctx->timeo = data->timeo;
1457 ctx->retrans = data->retrans;
1458 ctx->acregmin = data->acregmin;
1459 ctx->acregmax = data->acregmax;
1460 ctx->acdirmin = data->acdirmin;
1461 ctx->acdirmax = data->acdirmax;
1462 ctx->nfs_server.protocol = data->proto;
1463 ret = nfs_validate_transport_protocol(fc, ctx);
1464 if (ret)
1465 return ret;
1466 done:
1467 ctx->skip_reconfig_option_check = true;
1468 return 0;
1469
1470 out_inval_auth:
1471 return nfs_invalf(fc, "NFS4: Invalid number of RPC auth flavours %d",
1472 data->auth_flavourlen);
1473
1474 out_no_address:
1475 return nfs_invalf(fc, "NFS4: mount program didn't pass remote address");
1476 }
1477 #endif
1478
1479 /*
1480 * Parse a monolithic block of data from sys_mount().
1481 */
nfs_fs_context_parse_monolithic(struct fs_context * fc,void * data)1482 static int nfs_fs_context_parse_monolithic(struct fs_context *fc,
1483 void *data)
1484 {
1485 if (fc->fs_type == &nfs_fs_type)
1486 return nfs23_parse_monolithic(fc, data);
1487
1488 #if IS_ENABLED(CONFIG_NFS_V4)
1489 if (fc->fs_type == &nfs4_fs_type)
1490 return nfs4_parse_monolithic(fc, data);
1491 #endif
1492
1493 return nfs_invalf(fc, "NFS: Unsupported monolithic data version");
1494 }
1495
1496 /*
1497 * Validate the preparsed information in the config.
1498 */
nfs_fs_context_validate(struct fs_context * fc)1499 static int nfs_fs_context_validate(struct fs_context *fc)
1500 {
1501 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1502 struct nfs_subversion *nfs_mod;
1503 struct sockaddr_storage *sap = &ctx->nfs_server._address;
1504 int max_namelen = PAGE_SIZE;
1505 int max_pathlen = NFS_MAXPATHLEN;
1506 int port = 0;
1507 int ret;
1508
1509 if (!fc->source)
1510 goto out_no_device_name;
1511
1512 /* Check for sanity first. */
1513 if (ctx->minorversion && ctx->version != 4)
1514 goto out_minorversion_mismatch;
1515
1516 if (ctx->options & NFS_OPTION_MIGRATION &&
1517 (ctx->version != 4 || ctx->minorversion != 0))
1518 goto out_migration_misuse;
1519
1520 /* Verify that any proto=/mountproto= options match the address
1521 * families in the addr=/mountaddr= options.
1522 */
1523 if (ctx->protofamily != AF_UNSPEC &&
1524 ctx->protofamily != ctx->nfs_server.address.sa_family)
1525 goto out_proto_mismatch;
1526
1527 if (ctx->mountfamily != AF_UNSPEC) {
1528 if (ctx->mount_server.addrlen) {
1529 if (ctx->mountfamily != ctx->mount_server.address.sa_family)
1530 goto out_mountproto_mismatch;
1531 } else {
1532 if (ctx->mountfamily != ctx->nfs_server.address.sa_family)
1533 goto out_mountproto_mismatch;
1534 }
1535 }
1536
1537 if (!nfs_verify_server_address(sap))
1538 goto out_no_address;
1539
1540 ret = nfs_validate_transport_protocol(fc, ctx);
1541 if (ret)
1542 return ret;
1543
1544 if (ctx->version == 4) {
1545 if (IS_ENABLED(CONFIG_NFS_V4)) {
1546 if (ctx->nfs_server.protocol == XPRT_TRANSPORT_RDMA)
1547 port = NFS_RDMA_PORT;
1548 else
1549 port = NFS_PORT;
1550 max_namelen = NFS4_MAXNAMLEN;
1551 max_pathlen = NFS4_MAXPATHLEN;
1552 ctx->flags &= ~(NFS_MOUNT_NONLM | NFS_MOUNT_NOACL |
1553 NFS_MOUNT_VER3 | NFS_MOUNT_LOCAL_FLOCK |
1554 NFS_MOUNT_LOCAL_FCNTL);
1555 } else {
1556 goto out_v4_not_compiled;
1557 }
1558 } else {
1559 nfs_set_mount_transport_protocol(ctx);
1560 if (ctx->nfs_server.protocol == XPRT_TRANSPORT_RDMA)
1561 port = NFS_RDMA_PORT;
1562 }
1563
1564 nfs_set_port(sap, &ctx->nfs_server.port, port);
1565
1566 ret = nfs_parse_source(fc, max_namelen, max_pathlen);
1567 if (ret < 0)
1568 return ret;
1569
1570 /* Load the NFS protocol module if we haven't done so yet */
1571 if (!ctx->nfs_mod) {
1572 nfs_mod = find_nfs_version(ctx->version);
1573 if (IS_ERR(nfs_mod)) {
1574 ret = PTR_ERR(nfs_mod);
1575 goto out_version_unavailable;
1576 }
1577 ctx->nfs_mod = nfs_mod;
1578 }
1579
1580 /* Ensure the filesystem context has the correct fs_type */
1581 if (fc->fs_type != ctx->nfs_mod->nfs_fs) {
1582 module_put(fc->fs_type->owner);
1583 __module_get(ctx->nfs_mod->nfs_fs->owner);
1584 fc->fs_type = ctx->nfs_mod->nfs_fs;
1585 }
1586 return 0;
1587
1588 out_no_device_name:
1589 return nfs_invalf(fc, "NFS: Device name not specified");
1590 out_v4_not_compiled:
1591 nfs_errorf(fc, "NFS: NFSv4 is not compiled into kernel");
1592 return -EPROTONOSUPPORT;
1593 out_no_address:
1594 return nfs_invalf(fc, "NFS: mount program didn't pass remote address");
1595 out_mountproto_mismatch:
1596 return nfs_invalf(fc, "NFS: Mount server address does not match mountproto= option");
1597 out_proto_mismatch:
1598 return nfs_invalf(fc, "NFS: Server address does not match proto= option");
1599 out_minorversion_mismatch:
1600 return nfs_invalf(fc, "NFS: Mount option vers=%u does not support minorversion=%u",
1601 ctx->version, ctx->minorversion);
1602 out_migration_misuse:
1603 return nfs_invalf(fc, "NFS: 'Migration' not supported for this NFS version");
1604 out_version_unavailable:
1605 nfs_errorf(fc, "NFS: Version unavailable");
1606 return ret;
1607 }
1608
1609 /*
1610 * Create an NFS superblock by the appropriate method.
1611 */
nfs_get_tree(struct fs_context * fc)1612 static int nfs_get_tree(struct fs_context *fc)
1613 {
1614 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1615 int err = nfs_fs_context_validate(fc);
1616
1617 if (err)
1618 return err;
1619 if (!ctx->internal)
1620 return ctx->nfs_mod->rpc_ops->try_get_tree(fc);
1621 else
1622 return nfs_get_tree_common(fc);
1623 }
1624
1625 /*
1626 * Handle duplication of a configuration. The caller copied *src into *sc, but
1627 * it can't deal with resource pointers in the filesystem context, so we have
1628 * to do that. We need to clear pointers, copy data or get extra refs as
1629 * appropriate.
1630 */
nfs_fs_context_dup(struct fs_context * fc,struct fs_context * src_fc)1631 static int nfs_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc)
1632 {
1633 struct nfs_fs_context *src = nfs_fc2context(src_fc), *ctx;
1634
1635 ctx = kmemdup(src, sizeof(struct nfs_fs_context), GFP_KERNEL);
1636 if (!ctx)
1637 return -ENOMEM;
1638
1639 ctx->mntfh = nfs_alloc_fhandle();
1640 if (!ctx->mntfh) {
1641 kfree(ctx);
1642 return -ENOMEM;
1643 }
1644 nfs_copy_fh(ctx->mntfh, src->mntfh);
1645
1646 get_nfs_version(ctx->nfs_mod);
1647 ctx->client_address = NULL;
1648 ctx->mount_server.hostname = NULL;
1649 ctx->nfs_server.export_path = NULL;
1650 ctx->nfs_server.hostname = NULL;
1651 ctx->fscache_uniq = NULL;
1652 ctx->clone_data.fattr = NULL;
1653 fc->fs_private = ctx;
1654 return 0;
1655 }
1656
nfs_fs_context_free(struct fs_context * fc)1657 static void nfs_fs_context_free(struct fs_context *fc)
1658 {
1659 struct nfs_fs_context *ctx = nfs_fc2context(fc);
1660
1661 if (ctx) {
1662 if (ctx->server)
1663 nfs_free_server(ctx->server);
1664 if (ctx->nfs_mod)
1665 put_nfs_version(ctx->nfs_mod);
1666 kfree(ctx->client_address);
1667 kfree(ctx->mount_server.hostname);
1668 kfree(ctx->nfs_server.export_path);
1669 kfree(ctx->nfs_server.hostname);
1670 kfree(ctx->fscache_uniq);
1671 nfs_free_fhandle(ctx->mntfh);
1672 nfs_free_fattr(ctx->clone_data.fattr);
1673 kfree(ctx);
1674 }
1675 }
1676
1677 static const struct fs_context_operations nfs_fs_context_ops = {
1678 .free = nfs_fs_context_free,
1679 .dup = nfs_fs_context_dup,
1680 .parse_param = nfs_fs_context_parse_param,
1681 .parse_monolithic = nfs_fs_context_parse_monolithic,
1682 .get_tree = nfs_get_tree,
1683 .reconfigure = nfs_reconfigure,
1684 };
1685
1686 /*
1687 * Prepare superblock configuration. We use the namespaces attached to the
1688 * context. This may be the current process's namespaces, or it may be a
1689 * container's namespaces.
1690 */
nfs_init_fs_context(struct fs_context * fc)1691 static int nfs_init_fs_context(struct fs_context *fc)
1692 {
1693 struct nfs_fs_context *ctx;
1694
1695 ctx = kzalloc_obj(struct nfs_fs_context);
1696 if (unlikely(!ctx))
1697 return -ENOMEM;
1698
1699 ctx->mntfh = nfs_alloc_fhandle();
1700 if (unlikely(!ctx->mntfh)) {
1701 kfree(ctx);
1702 return -ENOMEM;
1703 }
1704
1705 ctx->protofamily = AF_UNSPEC;
1706 ctx->mountfamily = AF_UNSPEC;
1707 ctx->mount_server.port = NFS_UNSPEC_PORT;
1708
1709 if (fc->root) {
1710 /* reconfigure, start with the current config */
1711 struct nfs_server *nfss = fc->root->d_sb->s_fs_info;
1712 struct net *net = nfss->nfs_client->cl_net;
1713
1714 ctx->flags = nfss->flags;
1715 ctx->rsize = nfss->rsize;
1716 ctx->wsize = nfss->wsize;
1717 ctx->retrans = nfss->client->cl_timeout->to_retries;
1718 ctx->selected_flavor = nfss->client->cl_auth->au_flavor;
1719 ctx->acregmin = nfss->acregmin / HZ;
1720 ctx->acregmax = nfss->acregmax / HZ;
1721 ctx->acdirmin = nfss->acdirmin / HZ;
1722 ctx->acdirmax = nfss->acdirmax / HZ;
1723 ctx->timeo = 10U * nfss->client->cl_timeout->to_initval / HZ;
1724 ctx->nfs_server.port = nfss->port;
1725 ctx->nfs_server.addrlen = nfss->nfs_client->cl_addrlen;
1726 ctx->version = nfss->nfs_client->rpc_ops->version;
1727 ctx->minorversion = nfss->nfs_client->cl_minorversion;
1728
1729 memcpy(&ctx->nfs_server._address, &nfss->nfs_client->cl_addr,
1730 ctx->nfs_server.addrlen);
1731
1732 if (fc->net_ns != net) {
1733 put_net(fc->net_ns);
1734 fc->net_ns = get_net(net);
1735 }
1736
1737 ctx->nfs_mod = nfss->nfs_client->cl_nfs_mod;
1738 get_nfs_version(ctx->nfs_mod);
1739 } else {
1740 /* defaults */
1741 ctx->timeo = NFS_UNSPEC_TIMEO;
1742 ctx->retrans = NFS_UNSPEC_RETRANS;
1743 ctx->acregmin = NFS_DEF_ACREGMIN;
1744 ctx->acregmax = NFS_DEF_ACREGMAX;
1745 ctx->acdirmin = NFS_DEF_ACDIRMIN;
1746 ctx->acdirmax = NFS_DEF_ACDIRMAX;
1747 ctx->nfs_server.port = NFS_UNSPEC_PORT;
1748 ctx->nfs_server.protocol = XPRT_TRANSPORT_TCP;
1749 ctx->selected_flavor = RPC_AUTH_MAXFLAVOR;
1750 ctx->minorversion = 0;
1751 ctx->need_mount = true;
1752 ctx->xprtsec.policy = RPC_XPRTSEC_NONE;
1753 ctx->xprtsec.cert_serial = TLS_NO_CERT;
1754 ctx->xprtsec.privkey_serial = TLS_NO_PRIVKEY;
1755
1756 if (fc->net_ns != &init_net)
1757 ctx->flags |= NFS_MOUNT_NETUNREACH_FATAL;
1758
1759 fc->s_iflags |= SB_I_STABLE_WRITES;
1760 }
1761 fc->fs_private = ctx;
1762 fc->ops = &nfs_fs_context_ops;
1763 return 0;
1764 }
1765
1766 struct file_system_type nfs_fs_type = {
1767 .owner = THIS_MODULE,
1768 .name = "nfs",
1769 .init_fs_context = nfs_init_fs_context,
1770 .parameters = nfs_fs_parameters,
1771 .kill_sb = nfs_kill_super,
1772 .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA,
1773 };
1774 MODULE_ALIAS_FS("nfs");
1775 EXPORT_SYMBOL_GPL(nfs_fs_type);
1776
1777 #if IS_ENABLED(CONFIG_NFS_V4)
1778 struct file_system_type nfs4_fs_type = {
1779 .owner = THIS_MODULE,
1780 .name = "nfs4",
1781 .init_fs_context = nfs_init_fs_context,
1782 .parameters = nfs_fs_parameters,
1783 .kill_sb = nfs_kill_super,
1784 .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA,
1785 };
1786 MODULE_ALIAS_FS("nfs4");
1787 MODULE_ALIAS("nfs4");
1788 EXPORT_SYMBOL_GPL(nfs4_fs_type);
1789 #endif /* CONFIG_NFS_V4 */
1790