1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2014-2016 Christoph Hellwig. 4 */ 5 #include <linux/exportfs_block.h> 6 #include <linux/iomap.h> 7 #include <linux/slab.h> 8 #include <linux/pr.h> 9 10 #include <linux/nfsd/debug.h> 11 12 #include "blocklayoutxdr.h" 13 #include "pnfs.h" 14 #include "filecache.h" 15 #include "vfs.h" 16 #include "trace.h" 17 18 #define NFSDDBG_FACILITY NFSDDBG_PNFS 19 20 21 /* 22 * Get an extent from the file system that starts at offset or below 23 * and may be shorter than the requested length. 24 */ 25 static __be32 26 nfsd4_block_map_extent(struct inode *inode, const struct svc_fh *fhp, 27 u64 offset, u64 length, u32 iomode, u64 minlength, 28 struct pnfs_block_extent *bex) 29 { 30 struct super_block *sb = inode->i_sb; 31 struct iomap iomap; 32 u32 device_generation = 0; 33 int error; 34 35 error = sb->s_export_op->block_ops->map_blocks(inode, offset, length, 36 &iomap, iomode != IOMODE_READ, &device_generation); 37 if (error) { 38 if (error == -ENXIO) 39 return nfserr_layoutunavailable; 40 return nfserrno(error); 41 } 42 43 switch (iomap.type) { 44 case IOMAP_MAPPED: 45 if (iomode == IOMODE_READ) 46 bex->es = PNFS_BLOCK_READ_DATA; 47 else 48 bex->es = PNFS_BLOCK_READWRITE_DATA; 49 bex->soff = iomap.addr; 50 break; 51 case IOMAP_UNWRITTEN: 52 if (iomode & IOMODE_RW) { 53 /* 54 * Crack monkey special case from section 2.3.1. 55 */ 56 if (minlength == 0) { 57 dprintk("pnfsd: no soup for you!\n"); 58 return nfserr_layoutunavailable; 59 } 60 61 bex->es = PNFS_BLOCK_INVALID_DATA; 62 bex->soff = iomap.addr; 63 break; 64 } 65 fallthrough; 66 case IOMAP_HOLE: 67 if (iomode == IOMODE_READ) { 68 bex->es = PNFS_BLOCK_NONE_DATA; 69 break; 70 } 71 fallthrough; 72 case IOMAP_DELALLOC: 73 default: 74 WARN(1, "pnfsd: filesystem returned %d extent\n", iomap.type); 75 return nfserr_layoutunavailable; 76 } 77 78 error = nfsd4_set_deviceid(&bex->vol_id, fhp, device_generation); 79 if (error) 80 return nfserrno(error); 81 82 bex->foff = iomap.offset; 83 bex->len = iomap.length; 84 return nfs_ok; 85 } 86 87 static __be32 88 nfsd4_block_proc_layoutget(struct svc_rqst *rqstp, struct inode *inode, 89 const struct svc_fh *fhp, struct nfsd4_layoutget *args) 90 { 91 struct nfsd4_layout_seg *seg = &args->lg_seg; 92 struct pnfs_block_layout *bl; 93 struct pnfs_block_extent *first_bex, *last_bex; 94 u64 offset = seg->offset, length = seg->length; 95 u32 i, nr_extents_max, block_size = i_blocksize(inode); 96 __be32 nfserr; 97 98 if (locks_in_grace(SVC_NET(rqstp))) 99 return nfserr_grace; 100 101 nfserr = nfserr_layoutunavailable; 102 if (seg->offset & (block_size - 1)) { 103 dprintk("pnfsd: I/O misaligned\n"); 104 goto out_error; 105 } 106 107 /* 108 * RFC 8881, section 3.3.17: 109 * The layout4 data type defines a layout for a file. 110 * 111 * RFC 8881, section 18.43.3: 112 * The loga_maxcount field specifies the maximum layout size 113 * (in bytes) that the client can handle. If the size of the 114 * layout structure exceeds the size specified by maxcount, 115 * the metadata server will return the NFS4ERR_TOOSMALL error. 116 */ 117 nfserr = nfserr_toosmall; 118 if (args->lg_maxcount < PNFS_BLOCK_LAYOUT4_SIZE + 119 PNFS_BLOCK_EXTENT_SIZE) 120 goto out_error; 121 122 /* 123 * Limit the maximum layout size to avoid allocating 124 * a large buffer on the server for each layout request. 125 */ 126 nr_extents_max = (min(args->lg_maxcount, PAGE_SIZE) - 127 PNFS_BLOCK_LAYOUT4_SIZE) / PNFS_BLOCK_EXTENT_SIZE; 128 129 /* 130 * Some clients barf on non-zero block numbers for NONE or INVALID 131 * layouts, so make sure to zero the whole structure. 132 */ 133 nfserr = nfserrno(-ENOMEM); 134 bl = kzalloc_flex(*bl, extents, nr_extents_max); 135 if (!bl) 136 goto out_error; 137 bl->nr_extents = nr_extents_max; 138 args->lg_content = bl; 139 140 for (i = 0; i < bl->nr_extents; i++) { 141 struct pnfs_block_extent *bex = bl->extents + i; 142 u64 bex_length; 143 144 nfserr = nfsd4_block_map_extent(inode, fhp, offset, length, 145 seg->iomode, args->lg_minlength, bex); 146 if (nfserr != nfs_ok) 147 goto out_error; 148 149 bex_length = bex->len - (offset - bex->foff); 150 if (bex_length >= length) { 151 bl->nr_extents = i + 1; 152 break; 153 } 154 155 offset = bex->foff + bex->len; 156 length -= bex_length; 157 } 158 159 first_bex = bl->extents; 160 last_bex = bl->extents + bl->nr_extents - 1; 161 162 nfserr = nfserr_layoutunavailable; 163 length = last_bex->foff + last_bex->len - seg->offset; 164 if (length < args->lg_minlength) { 165 dprintk("pnfsd: extent smaller than minlength\n"); 166 goto out_error; 167 } 168 169 seg->offset = first_bex->foff; 170 seg->length = last_bex->foff - first_bex->foff + last_bex->len; 171 return nfs_ok; 172 173 out_error: 174 seg->length = 0; 175 return nfserr; 176 } 177 178 static __be32 179 nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, 180 struct iomap *iomaps, int nr_iomaps) 181 { 182 int error; 183 184 /* 185 * This ignores the client provided mtime in loca_time_modify, as a 186 * fully client specified mtime doesn't really fit into the Linux 187 * multi-grain timestamp architecture. 188 * 189 * RFC 8881 Section 18.42 makes it clear that the client provided 190 * timestamp is a "may" condition, and clients that want to force a 191 * specific timestamp should send a separate SETATTR in the compound. 192 */ 193 error = inode->i_sb->s_export_op->block_ops->commit_blocks(inode, 194 iomaps, nr_iomaps, 195 lcp->lc_size_chg ? lcp->lc_newsize : 0); 196 kfree(iomaps); 197 return nfserrno(error); 198 } 199 200 #ifdef CONFIG_NFSD_BLOCKLAYOUT 201 static int 202 nfsd4_block_get_device_info_simple(struct super_block *sb, 203 struct nfsd4_getdeviceinfo *gdp) 204 { 205 struct pnfs_block_deviceaddr *dev; 206 struct pnfs_block_volume *b; 207 208 dev = kzalloc_flex(*dev, volumes, 1); 209 if (!dev) 210 return -ENOMEM; 211 gdp->gd_device = dev; 212 213 dev->nr_volumes = 1; 214 b = &dev->volumes[0]; 215 216 b->type = PNFS_BLOCK_VOLUME_SIMPLE; 217 b->simple.sig_len = PNFS_BLOCK_UUID_LEN; 218 return sb->s_export_op->block_ops->get_uuid(sb, b->simple.sig, 219 &b->simple.sig_len, &b->simple.offset); 220 } 221 222 static __be32 223 nfsd4_block_proc_getdeviceinfo(struct super_block *sb, 224 struct svc_rqst *rqstp, 225 struct nfs4_client *clp, 226 struct nfsd4_getdeviceinfo *gdp) 227 { 228 if (bdev_is_partition(sb->s_bdev)) 229 return nfserr_inval; 230 return nfserrno(nfsd4_block_get_device_info_simple(sb, gdp)); 231 } 232 233 static __be32 234 nfsd4_block_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, 235 struct nfsd4_layoutcommit *lcp) 236 { 237 struct iomap *iomaps; 238 int nr_iomaps; 239 __be32 nfserr; 240 241 rqstp->rq_arg = lcp->lc_up_layout; 242 svcxdr_init_decode(rqstp); 243 244 nfserr = nfsd4_block_decode_layoutupdate(&rqstp->rq_arg_stream, 245 &iomaps, &nr_iomaps, i_blocksize(inode)); 246 if (nfserr != nfs_ok) 247 return nfserr; 248 249 return nfsd4_block_commit_blocks(inode, lcp, iomaps, nr_iomaps); 250 } 251 252 const struct nfsd4_layout_ops bl_layout_ops = { 253 /* 254 * Pretend that we send notification to the client. This is a blatant 255 * lie to force recent Linux clients to cache our device IDs. 256 * We rarely ever change the device ID, so the harm of leaking deviceids 257 * for a while isn't too bad. Unfortunately RFC5661 is a complete mess 258 * in this regard, but I filed errata 4119 for this a while ago, and 259 * hopefully the Linux client will eventually start caching deviceids 260 * without this again. 261 */ 262 .notify_types = 263 NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, 264 .proc_getdeviceinfo = nfsd4_block_proc_getdeviceinfo, 265 .encode_getdeviceinfo = nfsd4_block_encode_getdeviceinfo, 266 .proc_layoutget = nfsd4_block_proc_layoutget, 267 .encode_layoutget = nfsd4_block_encode_layoutget, 268 .proc_layoutcommit = nfsd4_block_proc_layoutcommit, 269 }; 270 #endif /* CONFIG_NFSD_BLOCKLAYOUT */ 271 272 #ifdef CONFIG_NFSD_SCSILAYOUT 273 274 #define NFSD_MDS_PR_FENCED XA_MARK_0 275 276 /* 277 * Clear the fence flag if the device already has an entry. This occurs 278 * when a client re-registers after a previous fence, allowing new 279 * layouts for this device. 280 * 281 * Insert only on first registration. This bounds cl_dev_fences to the 282 * count of devices this client has accessed, preventing unbounded growth. 283 */ 284 static inline int nfsd4_scsi_fence_insert(struct nfs4_client *clp, 285 dev_t device) 286 { 287 struct xarray *xa = &clp->cl_dev_fences; 288 int ret; 289 290 xa_lock(xa); 291 ret = __xa_insert(xa, device, XA_ZERO_ENTRY, GFP_KERNEL); 292 if (ret == -EBUSY) { 293 __xa_clear_mark(xa, device, NFSD_MDS_PR_FENCED); 294 ret = 0; 295 } 296 xa_unlock(xa); 297 clp->cl_fence_retry_warn = false; 298 return ret; 299 } 300 301 static inline bool nfsd4_scsi_fence_set(struct nfs4_client *clp, dev_t device) 302 { 303 struct xarray *xa = &clp->cl_dev_fences; 304 bool skip; 305 306 xa_lock(xa); 307 skip = xa_get_mark(xa, device, NFSD_MDS_PR_FENCED); 308 if (!skip) 309 __xa_set_mark(xa, device, NFSD_MDS_PR_FENCED); 310 xa_unlock(xa); 311 return skip; 312 } 313 314 static inline void nfsd4_scsi_fence_clear(struct nfs4_client *clp, dev_t device) 315 { 316 xa_clear_mark(&clp->cl_dev_fences, device, NFSD_MDS_PR_FENCED); 317 } 318 319 #define NFSD_MDS_PR_KEY 0x0100000000000000ULL 320 321 /* 322 * We use the client ID as a unique key for the reservations. 323 * This allows us to easily fence a client when recalls fail. 324 */ 325 static u64 nfsd4_scsi_pr_key(struct nfs4_client *clp) 326 { 327 return ((u64)clp->cl_clientid.cl_boot << 32) | clp->cl_clientid.cl_id; 328 } 329 330 static const u8 designator_types[] = { 331 PS_DESIGNATOR_EUI64, 332 PS_DESIGNATOR_NAA, 333 }; 334 335 static int 336 nfsd4_block_get_unique_id(struct gendisk *disk, struct pnfs_block_volume *b) 337 { 338 int ret, i; 339 340 for (i = 0; i < ARRAY_SIZE(designator_types); i++) { 341 u8 type = designator_types[i]; 342 343 ret = disk->fops->get_unique_id(disk, b->scsi.designator, type); 344 if (ret > 0) { 345 b->scsi.code_set = PS_CODE_SET_BINARY; 346 b->scsi.designator_type = type; 347 b->scsi.designator_len = ret; 348 return 0; 349 } 350 } 351 352 return -EINVAL; 353 } 354 355 static int 356 nfsd4_block_get_device_info_scsi(struct super_block *sb, 357 struct nfs4_client *clp, 358 struct nfsd4_getdeviceinfo *gdp) 359 { 360 struct pnfs_block_deviceaddr *dev; 361 struct pnfs_block_volume *b; 362 const struct pr_ops *ops; 363 int ret; 364 365 dev = kzalloc_flex(*dev, volumes, 1); 366 if (!dev) 367 return -ENOMEM; 368 gdp->gd_device = dev; 369 370 dev->nr_volumes = 1; 371 b = &dev->volumes[0]; 372 373 b->type = PNFS_BLOCK_VOLUME_SCSI; 374 b->scsi.pr_key = nfsd4_scsi_pr_key(clp); 375 376 ret = nfsd4_block_get_unique_id(sb->s_bdev->bd_disk, b); 377 if (ret < 0) 378 goto out_free_dev; 379 380 ret = -EINVAL; 381 ops = sb->s_bdev->bd_disk->fops->pr_ops; 382 if (!ops) { 383 pr_err("pNFS: device %s does not support PRs.\n", 384 sb->s_id); 385 goto out_free_dev; 386 } 387 388 ret = nfsd4_scsi_fence_insert(clp, sb->s_bdev->bd_dev); 389 if (ret < 0) 390 goto out_free_dev; 391 392 ret = ops->pr_register(sb->s_bdev, 0, NFSD_MDS_PR_KEY, true); 393 if (ret) { 394 pr_err("pNFS: failed to register key for device %s.\n", 395 sb->s_id); 396 goto out_free_dev; 397 } 398 399 ret = ops->pr_reserve(sb->s_bdev, NFSD_MDS_PR_KEY, 400 PR_EXCLUSIVE_ACCESS_REG_ONLY, 0); 401 if (ret) { 402 pr_err("pNFS: failed to reserve device %s.\n", 403 sb->s_id); 404 goto out_free_dev; 405 } 406 407 return 0; 408 409 out_free_dev: 410 kfree(dev); 411 gdp->gd_device = NULL; 412 return ret; 413 } 414 415 static __be32 416 nfsd4_scsi_proc_getdeviceinfo(struct super_block *sb, 417 struct svc_rqst *rqstp, 418 struct nfs4_client *clp, 419 struct nfsd4_getdeviceinfo *gdp) 420 { 421 if (bdev_is_partition(sb->s_bdev)) 422 return nfserr_inval; 423 return nfserrno(nfsd4_block_get_device_info_scsi(sb, clp, gdp)); 424 } 425 static __be32 426 nfsd4_scsi_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, 427 struct nfsd4_layoutcommit *lcp) 428 { 429 struct iomap *iomaps; 430 int nr_iomaps; 431 __be32 nfserr; 432 433 rqstp->rq_arg = lcp->lc_up_layout; 434 svcxdr_init_decode(rqstp); 435 436 nfserr = nfsd4_scsi_decode_layoutupdate(&rqstp->rq_arg_stream, 437 &iomaps, &nr_iomaps, i_blocksize(inode)); 438 if (nfserr != nfs_ok) 439 return nfserr; 440 441 return nfsd4_block_commit_blocks(inode, lcp, iomaps, nr_iomaps); 442 } 443 444 /* 445 * Perform the fence operation to prevent the client from accessing the 446 * block device. If a fence operation is already in progress, wait for 447 * it to complete before checking the NFSD_MDS_PR_FENCED flag. Once the 448 * operation is complete, check the flag. If NFSD_MDS_PR_FENCED is set, 449 * update the layout stateid by setting the ls_fenced flag to indicate 450 * that the client has been fenced. 451 * 452 * The cl_fence_mutex ensures that the fence operation has been fully 453 * completed, rather than just in progress, when returning from this 454 * function. 455 * 456 * Return true if client was fenced otherwise return false. 457 */ 458 static bool 459 nfsd4_scsi_fence_client(struct nfs4_layout_stateid *ls, struct nfsd_file *file) 460 { 461 struct nfs4_client *clp = ls->ls_stid.sc_client; 462 struct block_device *bdev = file->nf_file->f_path.mnt->mnt_sb->s_bdev; 463 int status; 464 bool ret; 465 466 mutex_lock(&clp->cl_fence_mutex); 467 if (nfsd4_scsi_fence_set(clp, bdev->bd_dev)) { 468 mutex_unlock(&clp->cl_fence_mutex); 469 return true; 470 } 471 472 status = bdev->bd_disk->fops->pr_ops->pr_preempt(bdev, NFSD_MDS_PR_KEY, 473 nfsd4_scsi_pr_key(clp), 474 PR_EXCLUSIVE_ACCESS_REG_ONLY, true); 475 /* 476 * Reset to allow retry only when the command could not have 477 * reached the device. Negative status means a local error 478 * (e.g., -ENOMEM) prevented the command from being sent. 479 * PR_STS_PATH_FAILED, PR_STS_PATH_FAST_FAILED, and 480 * PR_STS_RETRY_PATH_FAILURE indicate transport path failures 481 * before device delivery. 482 * 483 * For all other errors, the command may have reached the device 484 * and the preempt may have succeeded. Avoid resetting, since 485 * retrying a successful preempt returns PR_STS_IOERR or 486 * PR_STS_RESERVATION_CONFLICT, which would cause an infinite 487 * retry loop. 488 */ 489 switch (status) { 490 case 0: 491 case PR_STS_IOERR: 492 case PR_STS_RESERVATION_CONFLICT: 493 ret = true; 494 break; 495 default: 496 /* retry-able and other errors */ 497 ret = false; 498 nfsd4_scsi_fence_clear(clp, bdev->bd_dev); 499 break; 500 } 501 mutex_unlock(&clp->cl_fence_mutex); 502 503 trace_nfsd_pnfs_fence(clp, bdev->bd_disk->disk_name, status); 504 return ret; 505 } 506 507 const struct nfsd4_layout_ops scsi_layout_ops = { 508 /* 509 * Pretend that we send notification to the client. This is a blatant 510 * lie to force recent Linux clients to cache our device IDs. 511 * We rarely ever change the device ID, so the harm of leaking deviceids 512 * for a while isn't too bad. Unfortunately RFC5661 is a complete mess 513 * in this regard, but I filed errata 4119 for this a while ago, and 514 * hopefully the Linux client will eventually start caching deviceids 515 * without this again. 516 */ 517 .notify_types = 518 NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, 519 .proc_getdeviceinfo = nfsd4_scsi_proc_getdeviceinfo, 520 .encode_getdeviceinfo = nfsd4_block_encode_getdeviceinfo, 521 .proc_layoutget = nfsd4_block_proc_layoutget, 522 .encode_layoutget = nfsd4_block_encode_layoutget, 523 .proc_layoutcommit = nfsd4_scsi_proc_layoutcommit, 524 .fence_client = nfsd4_scsi_fence_client, 525 }; 526 #endif /* CONFIG_NFSD_SCSILAYOUT */ 527