1 #define MSNFS /* HACK HACK */ 2 /* 3 * linux/fs/nfsd/export.c 4 * 5 * NFS exporting and validation. 6 * 7 * We maintain a list of clients, each of which has a list of 8 * exports. To export an fs to a given client, you first have 9 * to create the client entry with NFSCTL_ADDCLIENT, which 10 * creates a client control block and adds it to the hash 11 * table. Then, you call NFSCTL_EXPORT for each fs. 12 * 13 * 14 * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de> 15 */ 16 17 #include <linux/unistd.h> 18 #include <linux/slab.h> 19 #include <linux/stat.h> 20 #include <linux/in.h> 21 #include <linux/seq_file.h> 22 #include <linux/syscalls.h> 23 #include <linux/rwsem.h> 24 #include <linux/dcache.h> 25 #include <linux/namei.h> 26 #include <linux/mount.h> 27 #include <linux/hash.h> 28 #include <linux/module.h> 29 #include <linux/exportfs.h> 30 31 #include <linux/sunrpc/svc.h> 32 #include <linux/nfsd/nfsd.h> 33 #include <linux/nfsd/nfsfh.h> 34 #include <linux/nfsd/syscall.h> 35 #include <linux/lockd/bind.h> 36 #include <linux/sunrpc/msg_prot.h> 37 #include <linux/sunrpc/gss_api.h> 38 39 #define NFSDDBG_FACILITY NFSDDBG_EXPORT 40 41 typedef struct auth_domain svc_client; 42 typedef struct svc_export svc_export; 43 44 static void exp_do_unexport(svc_export *unexp); 45 static int exp_verify_string(char *cp, int max); 46 47 /* 48 * We have two caches. 49 * One maps client+vfsmnt+dentry to export options - the export map 50 * The other maps client+filehandle-fragment to export options. - the expkey map 51 * 52 * The export options are actually stored in the first map, and the 53 * second map contains a reference to the entry in the first map. 54 */ 55 56 #define EXPKEY_HASHBITS 8 57 #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS) 58 #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1) 59 static struct cache_head *expkey_table[EXPKEY_HASHMAX]; 60 61 static void expkey_put(struct kref *ref) 62 { 63 struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); 64 65 if (test_bit(CACHE_VALID, &key->h.flags) && 66 !test_bit(CACHE_NEGATIVE, &key->h.flags)) { 67 dput(key->ek_dentry); 68 mntput(key->ek_mnt); 69 } 70 auth_domain_put(key->ek_client); 71 kfree(key); 72 } 73 74 static void expkey_request(struct cache_detail *cd, 75 struct cache_head *h, 76 char **bpp, int *blen) 77 { 78 /* client fsidtype \xfsid */ 79 struct svc_expkey *ek = container_of(h, struct svc_expkey, h); 80 char type[5]; 81 82 qword_add(bpp, blen, ek->ek_client->name); 83 snprintf(type, 5, "%d", ek->ek_fsidtype); 84 qword_add(bpp, blen, type); 85 qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype)); 86 (*bpp)[-1] = '\n'; 87 } 88 89 static struct svc_expkey *svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old); 90 static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *); 91 static struct cache_detail svc_expkey_cache; 92 93 static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen) 94 { 95 /* client fsidtype fsid [path] */ 96 char *buf; 97 int len; 98 struct auth_domain *dom = NULL; 99 int err; 100 int fsidtype; 101 char *ep; 102 struct svc_expkey key; 103 struct svc_expkey *ek; 104 105 if (mesg[mlen-1] != '\n') 106 return -EINVAL; 107 mesg[mlen-1] = 0; 108 109 buf = kmalloc(PAGE_SIZE, GFP_KERNEL); 110 err = -ENOMEM; 111 if (!buf) goto out; 112 113 err = -EINVAL; 114 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) 115 goto out; 116 117 err = -ENOENT; 118 dom = auth_domain_find(buf); 119 if (!dom) 120 goto out; 121 dprintk("found domain %s\n", buf); 122 123 err = -EINVAL; 124 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) 125 goto out; 126 fsidtype = simple_strtoul(buf, &ep, 10); 127 if (*ep) 128 goto out; 129 dprintk("found fsidtype %d\n", fsidtype); 130 if (key_len(fsidtype)==0) /* invalid type */ 131 goto out; 132 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) 133 goto out; 134 dprintk("found fsid length %d\n", len); 135 if (len != key_len(fsidtype)) 136 goto out; 137 138 /* OK, we seem to have a valid key */ 139 key.h.flags = 0; 140 key.h.expiry_time = get_expiry(&mesg); 141 if (key.h.expiry_time == 0) 142 goto out; 143 144 key.ek_client = dom; 145 key.ek_fsidtype = fsidtype; 146 memcpy(key.ek_fsid, buf, len); 147 148 ek = svc_expkey_lookup(&key); 149 err = -ENOMEM; 150 if (!ek) 151 goto out; 152 153 /* now we want a pathname, or empty meaning NEGATIVE */ 154 err = -EINVAL; 155 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) < 0) 156 goto out; 157 dprintk("Path seems to be <%s>\n", buf); 158 err = 0; 159 if (len == 0) { 160 set_bit(CACHE_NEGATIVE, &key.h.flags); 161 ek = svc_expkey_update(&key, ek); 162 if (ek) 163 cache_put(&ek->h, &svc_expkey_cache); 164 else err = -ENOMEM; 165 } else { 166 struct nameidata nd; 167 err = path_lookup(buf, 0, &nd); 168 if (err) 169 goto out; 170 171 dprintk("Found the path %s\n", buf); 172 key.ek_mnt = nd.mnt; 173 key.ek_dentry = nd.dentry; 174 175 ek = svc_expkey_update(&key, ek); 176 if (ek) 177 cache_put(&ek->h, &svc_expkey_cache); 178 else 179 err = -ENOMEM; 180 path_release(&nd); 181 } 182 cache_flush(); 183 out: 184 if (dom) 185 auth_domain_put(dom); 186 kfree(buf); 187 return err; 188 } 189 190 static int expkey_show(struct seq_file *m, 191 struct cache_detail *cd, 192 struct cache_head *h) 193 { 194 struct svc_expkey *ek ; 195 int i; 196 197 if (h ==NULL) { 198 seq_puts(m, "#domain fsidtype fsid [path]\n"); 199 return 0; 200 } 201 ek = container_of(h, struct svc_expkey, h); 202 seq_printf(m, "%s %d 0x", ek->ek_client->name, 203 ek->ek_fsidtype); 204 for (i=0; i < key_len(ek->ek_fsidtype)/4; i++) 205 seq_printf(m, "%08x", ek->ek_fsid[i]); 206 if (test_bit(CACHE_VALID, &h->flags) && 207 !test_bit(CACHE_NEGATIVE, &h->flags)) { 208 seq_printf(m, " "); 209 seq_path(m, ek->ek_mnt, ek->ek_dentry, "\\ \t\n"); 210 } 211 seq_printf(m, "\n"); 212 return 0; 213 } 214 215 static inline int expkey_match (struct cache_head *a, struct cache_head *b) 216 { 217 struct svc_expkey *orig = container_of(a, struct svc_expkey, h); 218 struct svc_expkey *new = container_of(b, struct svc_expkey, h); 219 220 if (orig->ek_fsidtype != new->ek_fsidtype || 221 orig->ek_client != new->ek_client || 222 memcmp(orig->ek_fsid, new->ek_fsid, key_len(orig->ek_fsidtype)) != 0) 223 return 0; 224 return 1; 225 } 226 227 static inline void expkey_init(struct cache_head *cnew, 228 struct cache_head *citem) 229 { 230 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h); 231 struct svc_expkey *item = container_of(citem, struct svc_expkey, h); 232 233 kref_get(&item->ek_client->ref); 234 new->ek_client = item->ek_client; 235 new->ek_fsidtype = item->ek_fsidtype; 236 237 memcpy(new->ek_fsid, item->ek_fsid, sizeof(new->ek_fsid)); 238 } 239 240 static inline void expkey_update(struct cache_head *cnew, 241 struct cache_head *citem) 242 { 243 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h); 244 struct svc_expkey *item = container_of(citem, struct svc_expkey, h); 245 246 new->ek_mnt = mntget(item->ek_mnt); 247 new->ek_dentry = dget(item->ek_dentry); 248 } 249 250 static struct cache_head *expkey_alloc(void) 251 { 252 struct svc_expkey *i = kmalloc(sizeof(*i), GFP_KERNEL); 253 if (i) 254 return &i->h; 255 else 256 return NULL; 257 } 258 259 static struct cache_detail svc_expkey_cache = { 260 .owner = THIS_MODULE, 261 .hash_size = EXPKEY_HASHMAX, 262 .hash_table = expkey_table, 263 .name = "nfsd.fh", 264 .cache_put = expkey_put, 265 .cache_request = expkey_request, 266 .cache_parse = expkey_parse, 267 .cache_show = expkey_show, 268 .match = expkey_match, 269 .init = expkey_init, 270 .update = expkey_update, 271 .alloc = expkey_alloc, 272 }; 273 274 static struct svc_expkey * 275 svc_expkey_lookup(struct svc_expkey *item) 276 { 277 struct cache_head *ch; 278 int hash = item->ek_fsidtype; 279 char * cp = (char*)item->ek_fsid; 280 int len = key_len(item->ek_fsidtype); 281 282 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS); 283 hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS); 284 hash &= EXPKEY_HASHMASK; 285 286 ch = sunrpc_cache_lookup(&svc_expkey_cache, &item->h, 287 hash); 288 if (ch) 289 return container_of(ch, struct svc_expkey, h); 290 else 291 return NULL; 292 } 293 294 static struct svc_expkey * 295 svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old) 296 { 297 struct cache_head *ch; 298 int hash = new->ek_fsidtype; 299 char * cp = (char*)new->ek_fsid; 300 int len = key_len(new->ek_fsidtype); 301 302 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS); 303 hash ^= hash_ptr(new->ek_client, EXPKEY_HASHBITS); 304 hash &= EXPKEY_HASHMASK; 305 306 ch = sunrpc_cache_update(&svc_expkey_cache, &new->h, 307 &old->h, hash); 308 if (ch) 309 return container_of(ch, struct svc_expkey, h); 310 else 311 return NULL; 312 } 313 314 315 #define EXPORT_HASHBITS 8 316 #define EXPORT_HASHMAX (1<< EXPORT_HASHBITS) 317 #define EXPORT_HASHMASK (EXPORT_HASHMAX -1) 318 319 static struct cache_head *export_table[EXPORT_HASHMAX]; 320 321 static void nfsd4_fslocs_free(struct nfsd4_fs_locations *fsloc) 322 { 323 int i; 324 325 for (i = 0; i < fsloc->locations_count; i++) { 326 kfree(fsloc->locations[i].path); 327 kfree(fsloc->locations[i].hosts); 328 } 329 kfree(fsloc->locations); 330 } 331 332 static void svc_export_put(struct kref *ref) 333 { 334 struct svc_export *exp = container_of(ref, struct svc_export, h.ref); 335 dput(exp->ex_dentry); 336 mntput(exp->ex_mnt); 337 auth_domain_put(exp->ex_client); 338 kfree(exp->ex_path); 339 nfsd4_fslocs_free(&exp->ex_fslocs); 340 kfree(exp); 341 } 342 343 static void svc_export_request(struct cache_detail *cd, 344 struct cache_head *h, 345 char **bpp, int *blen) 346 { 347 /* client path */ 348 struct svc_export *exp = container_of(h, struct svc_export, h); 349 char *pth; 350 351 qword_add(bpp, blen, exp->ex_client->name); 352 pth = d_path(exp->ex_dentry, exp->ex_mnt, *bpp, *blen); 353 if (IS_ERR(pth)) { 354 /* is this correct? */ 355 (*bpp)[0] = '\n'; 356 return; 357 } 358 qword_add(bpp, blen, pth); 359 (*bpp)[-1] = '\n'; 360 } 361 362 static struct svc_export *svc_export_update(struct svc_export *new, 363 struct svc_export *old); 364 static struct svc_export *svc_export_lookup(struct svc_export *); 365 366 static int check_export(struct inode *inode, int flags, unsigned char *uuid) 367 { 368 369 /* We currently export only dirs and regular files. 370 * This is what umountd does. 371 */ 372 if (!S_ISDIR(inode->i_mode) && 373 !S_ISREG(inode->i_mode)) 374 return -ENOTDIR; 375 376 /* There are two requirements on a filesystem to be exportable. 377 * 1: We must be able to identify the filesystem from a number. 378 * either a device number (so FS_REQUIRES_DEV needed) 379 * or an FSID number (so NFSEXP_FSID or ->uuid is needed). 380 * 2: We must be able to find an inode from a filehandle. 381 * This means that s_export_op must be set. 382 */ 383 if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) && 384 !(flags & NFSEXP_FSID) && 385 uuid == NULL) { 386 dprintk("exp_export: export of non-dev fs without fsid\n"); 387 return -EINVAL; 388 } 389 390 if (!inode->i_sb->s_export_op || 391 !inode->i_sb->s_export_op->fh_to_dentry) { 392 dprintk("exp_export: export of invalid fs type.\n"); 393 return -EINVAL; 394 } 395 396 return 0; 397 398 } 399 400 #ifdef CONFIG_NFSD_V4 401 402 static int 403 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc) 404 { 405 int len; 406 int migrated, i, err; 407 408 /* listsize */ 409 err = get_int(mesg, &fsloc->locations_count); 410 if (err) 411 return err; 412 if (fsloc->locations_count > MAX_FS_LOCATIONS) 413 return -EINVAL; 414 if (fsloc->locations_count == 0) 415 return 0; 416 417 fsloc->locations = kzalloc(fsloc->locations_count 418 * sizeof(struct nfsd4_fs_location), GFP_KERNEL); 419 if (!fsloc->locations) 420 return -ENOMEM; 421 for (i=0; i < fsloc->locations_count; i++) { 422 /* colon separated host list */ 423 err = -EINVAL; 424 len = qword_get(mesg, buf, PAGE_SIZE); 425 if (len <= 0) 426 goto out_free_all; 427 err = -ENOMEM; 428 fsloc->locations[i].hosts = kstrdup(buf, GFP_KERNEL); 429 if (!fsloc->locations[i].hosts) 430 goto out_free_all; 431 err = -EINVAL; 432 /* slash separated path component list */ 433 len = qword_get(mesg, buf, PAGE_SIZE); 434 if (len <= 0) 435 goto out_free_all; 436 err = -ENOMEM; 437 fsloc->locations[i].path = kstrdup(buf, GFP_KERNEL); 438 if (!fsloc->locations[i].path) 439 goto out_free_all; 440 } 441 /* migrated */ 442 err = get_int(mesg, &migrated); 443 if (err) 444 goto out_free_all; 445 err = -EINVAL; 446 if (migrated < 0 || migrated > 1) 447 goto out_free_all; 448 fsloc->migrated = migrated; 449 return 0; 450 out_free_all: 451 nfsd4_fslocs_free(fsloc); 452 return err; 453 } 454 455 static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp) 456 { 457 int listsize, err; 458 struct exp_flavor_info *f; 459 460 err = get_int(mesg, &listsize); 461 if (err) 462 return err; 463 if (listsize < 0 || listsize > MAX_SECINFO_LIST) 464 return -EINVAL; 465 466 for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) { 467 err = get_int(mesg, &f->pseudoflavor); 468 if (err) 469 return err; 470 /* 471 * Just a quick sanity check; we could also try to check 472 * whether this pseudoflavor is supported, but at worst 473 * an unsupported pseudoflavor on the export would just 474 * be a pseudoflavor that won't match the flavor of any 475 * authenticated request. The administrator will 476 * probably discover the problem when someone fails to 477 * authenticate. 478 */ 479 if (f->pseudoflavor < 0) 480 return -EINVAL; 481 err = get_int(mesg, &f->flags); 482 if (err) 483 return err; 484 /* Only some flags are allowed to differ between flavors: */ 485 if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags)) 486 return -EINVAL; 487 } 488 exp->ex_nflavors = listsize; 489 return 0; 490 } 491 492 #else /* CONFIG_NFSD_V4 */ 493 static inline int 494 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;} 495 static inline int 496 secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; } 497 #endif 498 499 static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) 500 { 501 /* client path expiry [flags anonuid anongid fsid] */ 502 char *buf; 503 int len; 504 int err; 505 struct auth_domain *dom = NULL; 506 struct nameidata nd; 507 struct svc_export exp, *expp; 508 int an_int; 509 510 nd.dentry = NULL; 511 exp.ex_path = NULL; 512 513 /* fs locations */ 514 exp.ex_fslocs.locations = NULL; 515 exp.ex_fslocs.locations_count = 0; 516 exp.ex_fslocs.migrated = 0; 517 518 exp.ex_uuid = NULL; 519 520 /* secinfo */ 521 exp.ex_nflavors = 0; 522 523 if (mesg[mlen-1] != '\n') 524 return -EINVAL; 525 mesg[mlen-1] = 0; 526 527 buf = kmalloc(PAGE_SIZE, GFP_KERNEL); 528 err = -ENOMEM; 529 if (!buf) goto out; 530 531 /* client */ 532 len = qword_get(&mesg, buf, PAGE_SIZE); 533 err = -EINVAL; 534 if (len <= 0) goto out; 535 536 err = -ENOENT; 537 dom = auth_domain_find(buf); 538 if (!dom) 539 goto out; 540 541 /* path */ 542 err = -EINVAL; 543 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) 544 goto out; 545 err = path_lookup(buf, 0, &nd); 546 if (err) goto out_no_path; 547 548 exp.h.flags = 0; 549 exp.ex_client = dom; 550 exp.ex_mnt = nd.mnt; 551 exp.ex_dentry = nd.dentry; 552 exp.ex_path = kstrdup(buf, GFP_KERNEL); 553 err = -ENOMEM; 554 if (!exp.ex_path) 555 goto out; 556 557 /* expiry */ 558 err = -EINVAL; 559 exp.h.expiry_time = get_expiry(&mesg); 560 if (exp.h.expiry_time == 0) 561 goto out; 562 563 /* flags */ 564 err = get_int(&mesg, &an_int); 565 if (err == -ENOENT) { 566 err = 0; 567 set_bit(CACHE_NEGATIVE, &exp.h.flags); 568 } else { 569 if (err || an_int < 0) goto out; 570 exp.ex_flags= an_int; 571 572 /* anon uid */ 573 err = get_int(&mesg, &an_int); 574 if (err) goto out; 575 exp.ex_anon_uid= an_int; 576 577 /* anon gid */ 578 err = get_int(&mesg, &an_int); 579 if (err) goto out; 580 exp.ex_anon_gid= an_int; 581 582 /* fsid */ 583 err = get_int(&mesg, &an_int); 584 if (err) goto out; 585 exp.ex_fsid = an_int; 586 587 while ((len = qword_get(&mesg, buf, PAGE_SIZE)) > 0) { 588 if (strcmp(buf, "fsloc") == 0) 589 err = fsloc_parse(&mesg, buf, &exp.ex_fslocs); 590 else if (strcmp(buf, "uuid") == 0) { 591 /* expect a 16 byte uuid encoded as \xXXXX... */ 592 len = qword_get(&mesg, buf, PAGE_SIZE); 593 if (len != 16) 594 err = -EINVAL; 595 else { 596 exp.ex_uuid = 597 kmemdup(buf, 16, GFP_KERNEL); 598 if (exp.ex_uuid == NULL) 599 err = -ENOMEM; 600 } 601 } else if (strcmp(buf, "secinfo") == 0) 602 err = secinfo_parse(&mesg, buf, &exp); 603 else 604 /* quietly ignore unknown words and anything 605 * following. Newer user-space can try to set 606 * new values, then see what the result was. 607 */ 608 break; 609 if (err) 610 goto out; 611 } 612 613 err = check_export(nd.dentry->d_inode, exp.ex_flags, 614 exp.ex_uuid); 615 if (err) goto out; 616 } 617 618 expp = svc_export_lookup(&exp); 619 if (expp) 620 expp = svc_export_update(&exp, expp); 621 else 622 err = -ENOMEM; 623 cache_flush(); 624 if (expp == NULL) 625 err = -ENOMEM; 626 else 627 exp_put(expp); 628 out: 629 nfsd4_fslocs_free(&exp.ex_fslocs); 630 kfree(exp.ex_uuid); 631 kfree(exp.ex_path); 632 if (nd.dentry) 633 path_release(&nd); 634 out_no_path: 635 if (dom) 636 auth_domain_put(dom); 637 kfree(buf); 638 return err; 639 } 640 641 static void exp_flags(struct seq_file *m, int flag, int fsid, 642 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fslocs); 643 static void show_secinfo(struct seq_file *m, struct svc_export *exp); 644 645 static int svc_export_show(struct seq_file *m, 646 struct cache_detail *cd, 647 struct cache_head *h) 648 { 649 struct svc_export *exp ; 650 651 if (h ==NULL) { 652 seq_puts(m, "#path domain(flags)\n"); 653 return 0; 654 } 655 exp = container_of(h, struct svc_export, h); 656 seq_path(m, exp->ex_mnt, exp->ex_dentry, " \t\n\\"); 657 seq_putc(m, '\t'); 658 seq_escape(m, exp->ex_client->name, " \t\n\\"); 659 seq_putc(m, '('); 660 if (test_bit(CACHE_VALID, &h->flags) && 661 !test_bit(CACHE_NEGATIVE, &h->flags)) { 662 exp_flags(m, exp->ex_flags, exp->ex_fsid, 663 exp->ex_anon_uid, exp->ex_anon_gid, &exp->ex_fslocs); 664 if (exp->ex_uuid) { 665 int i; 666 seq_puts(m, ",uuid="); 667 for (i=0; i<16; i++) { 668 if ((i&3) == 0 && i) 669 seq_putc(m, ':'); 670 seq_printf(m, "%02x", exp->ex_uuid[i]); 671 } 672 } 673 show_secinfo(m, exp); 674 } 675 seq_puts(m, ")\n"); 676 return 0; 677 } 678 static int svc_export_match(struct cache_head *a, struct cache_head *b) 679 { 680 struct svc_export *orig = container_of(a, struct svc_export, h); 681 struct svc_export *new = container_of(b, struct svc_export, h); 682 return orig->ex_client == new->ex_client && 683 orig->ex_dentry == new->ex_dentry && 684 orig->ex_mnt == new->ex_mnt; 685 } 686 687 static void svc_export_init(struct cache_head *cnew, struct cache_head *citem) 688 { 689 struct svc_export *new = container_of(cnew, struct svc_export, h); 690 struct svc_export *item = container_of(citem, struct svc_export, h); 691 692 kref_get(&item->ex_client->ref); 693 new->ex_client = item->ex_client; 694 new->ex_dentry = dget(item->ex_dentry); 695 new->ex_mnt = mntget(item->ex_mnt); 696 new->ex_path = NULL; 697 new->ex_fslocs.locations = NULL; 698 new->ex_fslocs.locations_count = 0; 699 new->ex_fslocs.migrated = 0; 700 } 701 702 static void export_update(struct cache_head *cnew, struct cache_head *citem) 703 { 704 struct svc_export *new = container_of(cnew, struct svc_export, h); 705 struct svc_export *item = container_of(citem, struct svc_export, h); 706 int i; 707 708 new->ex_flags = item->ex_flags; 709 new->ex_anon_uid = item->ex_anon_uid; 710 new->ex_anon_gid = item->ex_anon_gid; 711 new->ex_fsid = item->ex_fsid; 712 new->ex_uuid = item->ex_uuid; 713 item->ex_uuid = NULL; 714 new->ex_path = item->ex_path; 715 item->ex_path = NULL; 716 new->ex_fslocs.locations = item->ex_fslocs.locations; 717 item->ex_fslocs.locations = NULL; 718 new->ex_fslocs.locations_count = item->ex_fslocs.locations_count; 719 item->ex_fslocs.locations_count = 0; 720 new->ex_fslocs.migrated = item->ex_fslocs.migrated; 721 item->ex_fslocs.migrated = 0; 722 new->ex_nflavors = item->ex_nflavors; 723 for (i = 0; i < MAX_SECINFO_LIST; i++) { 724 new->ex_flavors[i] = item->ex_flavors[i]; 725 } 726 } 727 728 static struct cache_head *svc_export_alloc(void) 729 { 730 struct svc_export *i = kmalloc(sizeof(*i), GFP_KERNEL); 731 if (i) 732 return &i->h; 733 else 734 return NULL; 735 } 736 737 struct cache_detail svc_export_cache = { 738 .owner = THIS_MODULE, 739 .hash_size = EXPORT_HASHMAX, 740 .hash_table = export_table, 741 .name = "nfsd.export", 742 .cache_put = svc_export_put, 743 .cache_request = svc_export_request, 744 .cache_parse = svc_export_parse, 745 .cache_show = svc_export_show, 746 .match = svc_export_match, 747 .init = svc_export_init, 748 .update = export_update, 749 .alloc = svc_export_alloc, 750 }; 751 752 static struct svc_export * 753 svc_export_lookup(struct svc_export *exp) 754 { 755 struct cache_head *ch; 756 int hash; 757 hash = hash_ptr(exp->ex_client, EXPORT_HASHBITS); 758 hash ^= hash_ptr(exp->ex_dentry, EXPORT_HASHBITS); 759 hash ^= hash_ptr(exp->ex_mnt, EXPORT_HASHBITS); 760 761 ch = sunrpc_cache_lookup(&svc_export_cache, &exp->h, 762 hash); 763 if (ch) 764 return container_of(ch, struct svc_export, h); 765 else 766 return NULL; 767 } 768 769 static struct svc_export * 770 svc_export_update(struct svc_export *new, struct svc_export *old) 771 { 772 struct cache_head *ch; 773 int hash; 774 hash = hash_ptr(old->ex_client, EXPORT_HASHBITS); 775 hash ^= hash_ptr(old->ex_dentry, EXPORT_HASHBITS); 776 hash ^= hash_ptr(old->ex_mnt, EXPORT_HASHBITS); 777 778 ch = sunrpc_cache_update(&svc_export_cache, &new->h, 779 &old->h, 780 hash); 781 if (ch) 782 return container_of(ch, struct svc_export, h); 783 else 784 return NULL; 785 } 786 787 788 static struct svc_expkey * 789 exp_find_key(svc_client *clp, int fsid_type, u32 *fsidv, struct cache_req *reqp) 790 { 791 struct svc_expkey key, *ek; 792 int err; 793 794 if (!clp) 795 return ERR_PTR(-ENOENT); 796 797 key.ek_client = clp; 798 key.ek_fsidtype = fsid_type; 799 memcpy(key.ek_fsid, fsidv, key_len(fsid_type)); 800 801 ek = svc_expkey_lookup(&key); 802 if (ek == NULL) 803 return ERR_PTR(-ENOMEM); 804 err = cache_check(&svc_expkey_cache, &ek->h, reqp); 805 if (err) 806 return ERR_PTR(err); 807 return ek; 808 } 809 810 static int exp_set_key(svc_client *clp, int fsid_type, u32 *fsidv, 811 struct svc_export *exp) 812 { 813 struct svc_expkey key, *ek; 814 815 key.ek_client = clp; 816 key.ek_fsidtype = fsid_type; 817 memcpy(key.ek_fsid, fsidv, key_len(fsid_type)); 818 key.ek_mnt = exp->ex_mnt; 819 key.ek_dentry = exp->ex_dentry; 820 key.h.expiry_time = NEVER; 821 key.h.flags = 0; 822 823 ek = svc_expkey_lookup(&key); 824 if (ek) 825 ek = svc_expkey_update(&key,ek); 826 if (ek) { 827 cache_put(&ek->h, &svc_expkey_cache); 828 return 0; 829 } 830 return -ENOMEM; 831 } 832 833 /* 834 * Find the client's export entry matching xdev/xino. 835 */ 836 static inline struct svc_expkey * 837 exp_get_key(svc_client *clp, dev_t dev, ino_t ino) 838 { 839 u32 fsidv[3]; 840 841 if (old_valid_dev(dev)) { 842 mk_fsid(FSID_DEV, fsidv, dev, ino, 0, NULL); 843 return exp_find_key(clp, FSID_DEV, fsidv, NULL); 844 } 845 mk_fsid(FSID_ENCODE_DEV, fsidv, dev, ino, 0, NULL); 846 return exp_find_key(clp, FSID_ENCODE_DEV, fsidv, NULL); 847 } 848 849 /* 850 * Find the client's export entry matching fsid 851 */ 852 static inline struct svc_expkey * 853 exp_get_fsid_key(svc_client *clp, int fsid) 854 { 855 u32 fsidv[2]; 856 857 mk_fsid(FSID_NUM, fsidv, 0, 0, fsid, NULL); 858 859 return exp_find_key(clp, FSID_NUM, fsidv, NULL); 860 } 861 862 static svc_export *exp_get_by_name(svc_client *clp, struct vfsmount *mnt, 863 struct dentry *dentry, 864 struct cache_req *reqp) 865 { 866 struct svc_export *exp, key; 867 int err; 868 869 if (!clp) 870 return ERR_PTR(-ENOENT); 871 872 key.ex_client = clp; 873 key.ex_mnt = mnt; 874 key.ex_dentry = dentry; 875 876 exp = svc_export_lookup(&key); 877 if (exp == NULL) 878 return ERR_PTR(-ENOMEM); 879 err = cache_check(&svc_export_cache, &exp->h, reqp); 880 if (err) 881 return ERR_PTR(err); 882 return exp; 883 } 884 885 /* 886 * Find the export entry for a given dentry. 887 */ 888 static struct svc_export *exp_parent(svc_client *clp, struct vfsmount *mnt, 889 struct dentry *dentry, 890 struct cache_req *reqp) 891 { 892 svc_export *exp; 893 894 dget(dentry); 895 exp = exp_get_by_name(clp, mnt, dentry, reqp); 896 897 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) { 898 struct dentry *parent; 899 900 parent = dget_parent(dentry); 901 dput(dentry); 902 dentry = parent; 903 exp = exp_get_by_name(clp, mnt, dentry, reqp); 904 } 905 dput(dentry); 906 return exp; 907 } 908 909 /* 910 * Hashtable locking. Write locks are placed only by user processes 911 * wanting to modify export information. 912 * Write locking only done in this file. Read locking 913 * needed externally. 914 */ 915 916 static DECLARE_RWSEM(hash_sem); 917 918 void 919 exp_readlock(void) 920 { 921 down_read(&hash_sem); 922 } 923 924 static inline void 925 exp_writelock(void) 926 { 927 down_write(&hash_sem); 928 } 929 930 void 931 exp_readunlock(void) 932 { 933 up_read(&hash_sem); 934 } 935 936 static inline void 937 exp_writeunlock(void) 938 { 939 up_write(&hash_sem); 940 } 941 942 static void exp_fsid_unhash(struct svc_export *exp) 943 { 944 struct svc_expkey *ek; 945 946 if ((exp->ex_flags & NFSEXP_FSID) == 0) 947 return; 948 949 ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid); 950 if (!IS_ERR(ek)) { 951 ek->h.expiry_time = get_seconds()-1; 952 cache_put(&ek->h, &svc_expkey_cache); 953 } 954 svc_expkey_cache.nextcheck = get_seconds(); 955 } 956 957 static int exp_fsid_hash(svc_client *clp, struct svc_export *exp) 958 { 959 u32 fsid[2]; 960 961 if ((exp->ex_flags & NFSEXP_FSID) == 0) 962 return 0; 963 964 mk_fsid(FSID_NUM, fsid, 0, 0, exp->ex_fsid, NULL); 965 return exp_set_key(clp, FSID_NUM, fsid, exp); 966 } 967 968 static int exp_hash(struct auth_domain *clp, struct svc_export *exp) 969 { 970 u32 fsid[2]; 971 struct inode *inode = exp->ex_dentry->d_inode; 972 dev_t dev = inode->i_sb->s_dev; 973 974 if (old_valid_dev(dev)) { 975 mk_fsid(FSID_DEV, fsid, dev, inode->i_ino, 0, NULL); 976 return exp_set_key(clp, FSID_DEV, fsid, exp); 977 } 978 mk_fsid(FSID_ENCODE_DEV, fsid, dev, inode->i_ino, 0, NULL); 979 return exp_set_key(clp, FSID_ENCODE_DEV, fsid, exp); 980 } 981 982 static void exp_unhash(struct svc_export *exp) 983 { 984 struct svc_expkey *ek; 985 struct inode *inode = exp->ex_dentry->d_inode; 986 987 ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino); 988 if (!IS_ERR(ek)) { 989 ek->h.expiry_time = get_seconds()-1; 990 cache_put(&ek->h, &svc_expkey_cache); 991 } 992 svc_expkey_cache.nextcheck = get_seconds(); 993 } 994 995 /* 996 * Export a file system. 997 */ 998 int 999 exp_export(struct nfsctl_export *nxp) 1000 { 1001 svc_client *clp; 1002 struct svc_export *exp = NULL; 1003 struct svc_export new; 1004 struct svc_expkey *fsid_key = NULL; 1005 struct nameidata nd; 1006 int err; 1007 1008 /* Consistency check */ 1009 err = -EINVAL; 1010 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) || 1011 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX)) 1012 goto out; 1013 1014 dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n", 1015 nxp->ex_client, nxp->ex_path, 1016 (unsigned)nxp->ex_dev, (long)nxp->ex_ino, 1017 nxp->ex_flags); 1018 1019 /* Try to lock the export table for update */ 1020 exp_writelock(); 1021 1022 /* Look up client info */ 1023 if (!(clp = auth_domain_find(nxp->ex_client))) 1024 goto out_unlock; 1025 1026 1027 /* Look up the dentry */ 1028 err = path_lookup(nxp->ex_path, 0, &nd); 1029 if (err) 1030 goto out_unlock; 1031 err = -EINVAL; 1032 1033 exp = exp_get_by_name(clp, nd.mnt, nd.dentry, NULL); 1034 1035 memset(&new, 0, sizeof(new)); 1036 1037 /* must make sure there won't be an ex_fsid clash */ 1038 if ((nxp->ex_flags & NFSEXP_FSID) && 1039 (!IS_ERR(fsid_key = exp_get_fsid_key(clp, nxp->ex_dev))) && 1040 fsid_key->ek_mnt && 1041 (fsid_key->ek_mnt != nd.mnt || fsid_key->ek_dentry != nd.dentry) ) 1042 goto finish; 1043 1044 if (!IS_ERR(exp)) { 1045 /* just a flags/id/fsid update */ 1046 1047 exp_fsid_unhash(exp); 1048 exp->ex_flags = nxp->ex_flags; 1049 exp->ex_anon_uid = nxp->ex_anon_uid; 1050 exp->ex_anon_gid = nxp->ex_anon_gid; 1051 exp->ex_fsid = nxp->ex_dev; 1052 1053 err = exp_fsid_hash(clp, exp); 1054 goto finish; 1055 } 1056 1057 err = check_export(nd.dentry->d_inode, nxp->ex_flags, NULL); 1058 if (err) goto finish; 1059 1060 err = -ENOMEM; 1061 1062 dprintk("nfsd: creating export entry %p for client %p\n", exp, clp); 1063 1064 new.h.expiry_time = NEVER; 1065 new.h.flags = 0; 1066 new.ex_path = kstrdup(nxp->ex_path, GFP_KERNEL); 1067 if (!new.ex_path) 1068 goto finish; 1069 new.ex_client = clp; 1070 new.ex_mnt = nd.mnt; 1071 new.ex_dentry = nd.dentry; 1072 new.ex_flags = nxp->ex_flags; 1073 new.ex_anon_uid = nxp->ex_anon_uid; 1074 new.ex_anon_gid = nxp->ex_anon_gid; 1075 new.ex_fsid = nxp->ex_dev; 1076 1077 exp = svc_export_lookup(&new); 1078 if (exp) 1079 exp = svc_export_update(&new, exp); 1080 1081 if (!exp) 1082 goto finish; 1083 1084 if (exp_hash(clp, exp) || 1085 exp_fsid_hash(clp, exp)) { 1086 /* failed to create at least one index */ 1087 exp_do_unexport(exp); 1088 cache_flush(); 1089 } else 1090 err = 0; 1091 finish: 1092 if (new.ex_path) 1093 kfree(new.ex_path); 1094 if (exp) 1095 exp_put(exp); 1096 if (fsid_key && !IS_ERR(fsid_key)) 1097 cache_put(&fsid_key->h, &svc_expkey_cache); 1098 if (clp) 1099 auth_domain_put(clp); 1100 path_release(&nd); 1101 out_unlock: 1102 exp_writeunlock(); 1103 out: 1104 return err; 1105 } 1106 1107 /* 1108 * Unexport a file system. The export entry has already 1109 * been removed from the client's list of exported fs's. 1110 */ 1111 static void 1112 exp_do_unexport(svc_export *unexp) 1113 { 1114 unexp->h.expiry_time = get_seconds()-1; 1115 svc_export_cache.nextcheck = get_seconds(); 1116 exp_unhash(unexp); 1117 exp_fsid_unhash(unexp); 1118 } 1119 1120 1121 /* 1122 * unexport syscall. 1123 */ 1124 int 1125 exp_unexport(struct nfsctl_export *nxp) 1126 { 1127 struct auth_domain *dom; 1128 svc_export *exp; 1129 struct nameidata nd; 1130 int err; 1131 1132 /* Consistency check */ 1133 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) || 1134 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX)) 1135 return -EINVAL; 1136 1137 exp_writelock(); 1138 1139 err = -EINVAL; 1140 dom = auth_domain_find(nxp->ex_client); 1141 if (!dom) { 1142 dprintk("nfsd: unexport couldn't find %s\n", nxp->ex_client); 1143 goto out_unlock; 1144 } 1145 1146 err = path_lookup(nxp->ex_path, 0, &nd); 1147 if (err) 1148 goto out_domain; 1149 1150 err = -EINVAL; 1151 exp = exp_get_by_name(dom, nd.mnt, nd.dentry, NULL); 1152 path_release(&nd); 1153 if (IS_ERR(exp)) 1154 goto out_domain; 1155 1156 exp_do_unexport(exp); 1157 exp_put(exp); 1158 err = 0; 1159 1160 out_domain: 1161 auth_domain_put(dom); 1162 cache_flush(); 1163 out_unlock: 1164 exp_writeunlock(); 1165 return err; 1166 } 1167 1168 /* 1169 * Obtain the root fh on behalf of a client. 1170 * This could be done in user space, but I feel that it adds some safety 1171 * since its harder to fool a kernel module than a user space program. 1172 */ 1173 int 1174 exp_rootfh(svc_client *clp, char *path, struct knfsd_fh *f, int maxsize) 1175 { 1176 struct svc_export *exp; 1177 struct nameidata nd; 1178 struct inode *inode; 1179 struct svc_fh fh; 1180 int err; 1181 1182 err = -EPERM; 1183 /* NB: we probably ought to check that it's NUL-terminated */ 1184 if (path_lookup(path, 0, &nd)) { 1185 printk("nfsd: exp_rootfh path not found %s", path); 1186 return err; 1187 } 1188 inode = nd.dentry->d_inode; 1189 1190 dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n", 1191 path, nd.dentry, clp->name, 1192 inode->i_sb->s_id, inode->i_ino); 1193 exp = exp_parent(clp, nd.mnt, nd.dentry, NULL); 1194 if (IS_ERR(exp)) { 1195 err = PTR_ERR(exp); 1196 goto out; 1197 } 1198 1199 /* 1200 * fh must be initialized before calling fh_compose 1201 */ 1202 fh_init(&fh, maxsize); 1203 if (fh_compose(&fh, exp, nd.dentry, NULL)) 1204 err = -EINVAL; 1205 else 1206 err = 0; 1207 memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh)); 1208 fh_put(&fh); 1209 exp_put(exp); 1210 out: 1211 path_release(&nd); 1212 return err; 1213 } 1214 1215 static struct svc_export *exp_find(struct auth_domain *clp, int fsid_type, 1216 u32 *fsidv, struct cache_req *reqp) 1217 { 1218 struct svc_export *exp; 1219 struct svc_expkey *ek = exp_find_key(clp, fsid_type, fsidv, reqp); 1220 if (IS_ERR(ek)) 1221 return ERR_CAST(ek); 1222 1223 exp = exp_get_by_name(clp, ek->ek_mnt, ek->ek_dentry, reqp); 1224 cache_put(&ek->h, &svc_expkey_cache); 1225 1226 if (IS_ERR(exp)) 1227 return ERR_CAST(exp); 1228 return exp; 1229 } 1230 1231 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp) 1232 { 1233 struct exp_flavor_info *f; 1234 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; 1235 1236 /* legacy gss-only clients are always OK: */ 1237 if (exp->ex_client == rqstp->rq_gssclient) 1238 return 0; 1239 /* ip-address based client; check sec= export option: */ 1240 for (f = exp->ex_flavors; f < end; f++) { 1241 if (f->pseudoflavor == rqstp->rq_flavor) 1242 return 0; 1243 } 1244 /* defaults in absence of sec= options: */ 1245 if (exp->ex_nflavors == 0) { 1246 if (rqstp->rq_flavor == RPC_AUTH_NULL || 1247 rqstp->rq_flavor == RPC_AUTH_UNIX) 1248 return 0; 1249 } 1250 return nfserr_wrongsec; 1251 } 1252 1253 /* 1254 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an 1255 * auth_unix client) if it's available and has secinfo information; 1256 * otherwise, will try to use rq_gssclient. 1257 * 1258 * Called from functions that handle requests; functions that do work on 1259 * behalf of mountd are passed a single client name to use, and should 1260 * use exp_get_by_name() or exp_find(). 1261 */ 1262 struct svc_export * 1263 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct vfsmount *mnt, 1264 struct dentry *dentry) 1265 { 1266 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT); 1267 1268 if (rqstp->rq_client == NULL) 1269 goto gss; 1270 1271 /* First try the auth_unix client: */ 1272 exp = exp_get_by_name(rqstp->rq_client, mnt, dentry, 1273 &rqstp->rq_chandle); 1274 if (PTR_ERR(exp) == -ENOENT) 1275 goto gss; 1276 if (IS_ERR(exp)) 1277 return exp; 1278 /* If it has secinfo, assume there are no gss/... clients */ 1279 if (exp->ex_nflavors > 0) 1280 return exp; 1281 gss: 1282 /* Otherwise, try falling back on gss client */ 1283 if (rqstp->rq_gssclient == NULL) 1284 return exp; 1285 gssexp = exp_get_by_name(rqstp->rq_gssclient, mnt, dentry, 1286 &rqstp->rq_chandle); 1287 if (PTR_ERR(gssexp) == -ENOENT) 1288 return exp; 1289 if (!IS_ERR(exp)) 1290 exp_put(exp); 1291 return gssexp; 1292 } 1293 1294 struct svc_export * 1295 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv) 1296 { 1297 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT); 1298 1299 if (rqstp->rq_client == NULL) 1300 goto gss; 1301 1302 /* First try the auth_unix client: */ 1303 exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle); 1304 if (PTR_ERR(exp) == -ENOENT) 1305 goto gss; 1306 if (IS_ERR(exp)) 1307 return exp; 1308 /* If it has secinfo, assume there are no gss/... clients */ 1309 if (exp->ex_nflavors > 0) 1310 return exp; 1311 gss: 1312 /* Otherwise, try falling back on gss client */ 1313 if (rqstp->rq_gssclient == NULL) 1314 return exp; 1315 gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv, 1316 &rqstp->rq_chandle); 1317 if (PTR_ERR(gssexp) == -ENOENT) 1318 return exp; 1319 if (!IS_ERR(exp)) 1320 exp_put(exp); 1321 return gssexp; 1322 } 1323 1324 struct svc_export * 1325 rqst_exp_parent(struct svc_rqst *rqstp, struct vfsmount *mnt, 1326 struct dentry *dentry) 1327 { 1328 struct svc_export *exp; 1329 1330 dget(dentry); 1331 exp = rqst_exp_get_by_name(rqstp, mnt, dentry); 1332 1333 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) { 1334 struct dentry *parent; 1335 1336 parent = dget_parent(dentry); 1337 dput(dentry); 1338 dentry = parent; 1339 exp = rqst_exp_get_by_name(rqstp, mnt, dentry); 1340 } 1341 dput(dentry); 1342 return exp; 1343 } 1344 1345 /* 1346 * Called when we need the filehandle for the root of the pseudofs, 1347 * for a given NFSv4 client. The root is defined to be the 1348 * export point with fsid==0 1349 */ 1350 __be32 1351 exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp) 1352 { 1353 struct svc_export *exp; 1354 __be32 rv; 1355 u32 fsidv[2]; 1356 1357 mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL); 1358 1359 exp = rqst_exp_find(rqstp, FSID_NUM, fsidv); 1360 if (IS_ERR(exp)) 1361 return nfserrno(PTR_ERR(exp)); 1362 rv = fh_compose(fhp, exp, exp->ex_dentry, NULL); 1363 if (rv) 1364 goto out; 1365 rv = check_nfsd_access(exp, rqstp); 1366 out: 1367 exp_put(exp); 1368 return rv; 1369 } 1370 1371 /* Iterator */ 1372 1373 static void *e_start(struct seq_file *m, loff_t *pos) 1374 __acquires(svc_export_cache.hash_lock) 1375 { 1376 loff_t n = *pos; 1377 unsigned hash, export; 1378 struct cache_head *ch; 1379 1380 exp_readlock(); 1381 read_lock(&svc_export_cache.hash_lock); 1382 if (!n--) 1383 return SEQ_START_TOKEN; 1384 hash = n >> 32; 1385 export = n & ((1LL<<32) - 1); 1386 1387 1388 for (ch=export_table[hash]; ch; ch=ch->next) 1389 if (!export--) 1390 return ch; 1391 n &= ~((1LL<<32) - 1); 1392 do { 1393 hash++; 1394 n += 1LL<<32; 1395 } while(hash < EXPORT_HASHMAX && export_table[hash]==NULL); 1396 if (hash >= EXPORT_HASHMAX) 1397 return NULL; 1398 *pos = n+1; 1399 return export_table[hash]; 1400 } 1401 1402 static void *e_next(struct seq_file *m, void *p, loff_t *pos) 1403 { 1404 struct cache_head *ch = p; 1405 int hash = (*pos >> 32); 1406 1407 if (p == SEQ_START_TOKEN) 1408 hash = 0; 1409 else if (ch->next == NULL) { 1410 hash++; 1411 *pos += 1LL<<32; 1412 } else { 1413 ++*pos; 1414 return ch->next; 1415 } 1416 *pos &= ~((1LL<<32) - 1); 1417 while (hash < EXPORT_HASHMAX && export_table[hash] == NULL) { 1418 hash++; 1419 *pos += 1LL<<32; 1420 } 1421 if (hash >= EXPORT_HASHMAX) 1422 return NULL; 1423 ++*pos; 1424 return export_table[hash]; 1425 } 1426 1427 static void e_stop(struct seq_file *m, void *p) 1428 __releases(svc_export_cache.hash_lock) 1429 { 1430 read_unlock(&svc_export_cache.hash_lock); 1431 exp_readunlock(); 1432 } 1433 1434 static struct flags { 1435 int flag; 1436 char *name[2]; 1437 } expflags[] = { 1438 { NFSEXP_READONLY, {"ro", "rw"}}, 1439 { NFSEXP_INSECURE_PORT, {"insecure", ""}}, 1440 { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}}, 1441 { NFSEXP_ALLSQUASH, {"all_squash", ""}}, 1442 { NFSEXP_ASYNC, {"async", "sync"}}, 1443 { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}}, 1444 { NFSEXP_NOHIDE, {"nohide", ""}}, 1445 { NFSEXP_CROSSMOUNT, {"crossmnt", ""}}, 1446 { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}}, 1447 { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}}, 1448 #ifdef MSNFS 1449 { NFSEXP_MSNFS, {"msnfs", ""}}, 1450 #endif 1451 { 0, {"", ""}} 1452 }; 1453 1454 static void show_expflags(struct seq_file *m, int flags, int mask) 1455 { 1456 struct flags *flg; 1457 int state, first = 0; 1458 1459 for (flg = expflags; flg->flag; flg++) { 1460 if (flg->flag & ~mask) 1461 continue; 1462 state = (flg->flag & flags) ? 0 : 1; 1463 if (*flg->name[state]) 1464 seq_printf(m, "%s%s", first++?",":"", flg->name[state]); 1465 } 1466 } 1467 1468 static void show_secinfo_flags(struct seq_file *m, int flags) 1469 { 1470 seq_printf(m, ","); 1471 show_expflags(m, flags, NFSEXP_SECINFO_FLAGS); 1472 } 1473 1474 static void show_secinfo(struct seq_file *m, struct svc_export *exp) 1475 { 1476 struct exp_flavor_info *f; 1477 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; 1478 int lastflags = 0, first = 0; 1479 1480 if (exp->ex_nflavors == 0) 1481 return; 1482 for (f = exp->ex_flavors; f < end; f++) { 1483 if (first || f->flags != lastflags) { 1484 if (!first) 1485 show_secinfo_flags(m, lastflags); 1486 seq_printf(m, ",sec=%d", f->pseudoflavor); 1487 lastflags = f->flags; 1488 } else { 1489 seq_printf(m, ":%d", f->pseudoflavor); 1490 } 1491 } 1492 show_secinfo_flags(m, lastflags); 1493 } 1494 1495 static void exp_flags(struct seq_file *m, int flag, int fsid, 1496 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc) 1497 { 1498 show_expflags(m, flag, NFSEXP_ALLFLAGS); 1499 if (flag & NFSEXP_FSID) 1500 seq_printf(m, ",fsid=%d", fsid); 1501 if (anonu != (uid_t)-2 && anonu != (0x10000-2)) 1502 seq_printf(m, ",anonuid=%u", anonu); 1503 if (anong != (gid_t)-2 && anong != (0x10000-2)) 1504 seq_printf(m, ",anongid=%u", anong); 1505 if (fsloc && fsloc->locations_count > 0) { 1506 char *loctype = (fsloc->migrated) ? "refer" : "replicas"; 1507 int i; 1508 1509 seq_printf(m, ",%s=", loctype); 1510 seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\"); 1511 seq_putc(m, '@'); 1512 seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\"); 1513 for (i = 1; i < fsloc->locations_count; i++) { 1514 seq_putc(m, ';'); 1515 seq_escape(m, fsloc->locations[i].path, ",;@ \t\n\\"); 1516 seq_putc(m, '@'); 1517 seq_escape(m, fsloc->locations[i].hosts, ",;@ \t\n\\"); 1518 } 1519 } 1520 } 1521 1522 static int e_show(struct seq_file *m, void *p) 1523 { 1524 struct cache_head *cp = p; 1525 struct svc_export *exp = container_of(cp, struct svc_export, h); 1526 1527 if (p == SEQ_START_TOKEN) { 1528 seq_puts(m, "# Version 1.1\n"); 1529 seq_puts(m, "# Path Client(Flags) # IPs\n"); 1530 return 0; 1531 } 1532 1533 cache_get(&exp->h); 1534 if (cache_check(&svc_export_cache, &exp->h, NULL)) 1535 return 0; 1536 cache_put(&exp->h, &svc_export_cache); 1537 return svc_export_show(m, &svc_export_cache, cp); 1538 } 1539 1540 struct seq_operations nfs_exports_op = { 1541 .start = e_start, 1542 .next = e_next, 1543 .stop = e_stop, 1544 .show = e_show, 1545 }; 1546 1547 /* 1548 * Add or modify a client. 1549 * Change requests may involve the list of host addresses. The list of 1550 * exports and possibly existing uid maps are left untouched. 1551 */ 1552 int 1553 exp_addclient(struct nfsctl_client *ncp) 1554 { 1555 struct auth_domain *dom; 1556 int i, err; 1557 1558 /* First, consistency check. */ 1559 err = -EINVAL; 1560 if (! exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX)) 1561 goto out; 1562 if (ncp->cl_naddr > NFSCLNT_ADDRMAX) 1563 goto out; 1564 1565 /* Lock the hashtable */ 1566 exp_writelock(); 1567 1568 dom = unix_domain_find(ncp->cl_ident); 1569 1570 err = -ENOMEM; 1571 if (!dom) 1572 goto out_unlock; 1573 1574 /* Insert client into hashtable. */ 1575 for (i = 0; i < ncp->cl_naddr; i++) 1576 auth_unix_add_addr(ncp->cl_addrlist[i], dom); 1577 1578 auth_unix_forget_old(dom); 1579 auth_domain_put(dom); 1580 1581 err = 0; 1582 1583 out_unlock: 1584 exp_writeunlock(); 1585 out: 1586 return err; 1587 } 1588 1589 /* 1590 * Delete a client given an identifier. 1591 */ 1592 int 1593 exp_delclient(struct nfsctl_client *ncp) 1594 { 1595 int err; 1596 struct auth_domain *dom; 1597 1598 err = -EINVAL; 1599 if (!exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX)) 1600 goto out; 1601 1602 /* Lock the hashtable */ 1603 exp_writelock(); 1604 1605 dom = auth_domain_find(ncp->cl_ident); 1606 /* just make sure that no addresses work 1607 * and that it will expire soon 1608 */ 1609 if (dom) { 1610 err = auth_unix_forget_old(dom); 1611 auth_domain_put(dom); 1612 } 1613 1614 exp_writeunlock(); 1615 out: 1616 return err; 1617 } 1618 1619 /* 1620 * Verify that string is non-empty and does not exceed max length. 1621 */ 1622 static int 1623 exp_verify_string(char *cp, int max) 1624 { 1625 int i; 1626 1627 for (i = 0; i < max; i++) 1628 if (!cp[i]) 1629 return i; 1630 cp[i] = 0; 1631 printk(KERN_NOTICE "nfsd: couldn't validate string %s\n", cp); 1632 return 0; 1633 } 1634 1635 /* 1636 * Initialize the exports module. 1637 */ 1638 int 1639 nfsd_export_init(void) 1640 { 1641 int rv; 1642 dprintk("nfsd: initializing export module.\n"); 1643 1644 rv = cache_register(&svc_export_cache); 1645 if (rv) 1646 return rv; 1647 rv = cache_register(&svc_expkey_cache); 1648 if (rv) 1649 cache_unregister(&svc_export_cache); 1650 return rv; 1651 1652 } 1653 1654 /* 1655 * Flush exports table - called when last nfsd thread is killed 1656 */ 1657 void 1658 nfsd_export_flush(void) 1659 { 1660 exp_writelock(); 1661 cache_purge(&svc_expkey_cache); 1662 cache_purge(&svc_export_cache); 1663 exp_writeunlock(); 1664 } 1665 1666 /* 1667 * Shutdown the exports module. 1668 */ 1669 void 1670 nfsd_export_shutdown(void) 1671 { 1672 1673 dprintk("nfsd: shutting down export module.\n"); 1674 1675 exp_writelock(); 1676 1677 cache_unregister(&svc_expkey_cache); 1678 cache_unregister(&svc_export_cache); 1679 svcauth_unix_purge(); 1680 1681 exp_writeunlock(); 1682 dprintk("nfsd: export shutdown complete.\n"); 1683 } 1684